diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1809.xml | 44 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 60 | ||||
| -rw-r--r-- | nixos/modules/profiles/graphical.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/hardware/trezord.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 5 | ||||
| -rw-r--r-- | nixos/modules/services/misc/emby.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 15 | ||||
| -rw-r--r-- | nixos/modules/services/networking/chrony.nix | 52 | ||||
| -rw-r--r-- | nixos/modules/services/networking/iwd.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/teamspeak3.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 15 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 44 | ||||
| -rw-r--r-- | nixos/tests/acme.nix | 29 | ||||
| -rw-r--r-- | nixos/tests/common/letsencrypt/common.nix | 27 | ||||
| -rw-r--r-- | nixos/tests/hound.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/installer.nix | 86 | ||||
| -rw-r--r-- | nixos/tests/prosody.nix | 3 |
18 files changed, 238 insertions, 190 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 21ea98d012b8..5a565f08b2cb 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -141,50 +141,6 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' </listitem> <listitem> <para> - The minimum version of Nix required to evaluate Nixpkgs is now 2.0. - </para> - <itemizedlist> - <listitem> - <para> - For users of NixOS 18.03, NixOS 18.03 defaulted to Nix 2.0, but - supported using Nix 1.11 by setting <literal>nix.package = - pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you - will need to either unset the option or upgrade it to Nix 2.0. - </para> - </listitem> - <listitem> - <para> - For users of NixOS 17.09, you will first need to upgrade Nix by setting - <literal>nix.package = pkgs.nixStable2;</literal> and run - <command>nixos-rebuild switch</command> as the <literal>root</literal> - user. - </para> - </listitem> - <listitem> - <para> - For users of a daemon-less Nix installation on Linux or macOS, you can - upgrade Nix by running <command>curl https://nixos.org/nix/install | - sh</command>, or prior to doing a channel update, running - <command>nix-env -iA nix</command>. - </para> - <para> - If you have already run a channel update and Nix is no longer able to - evaluate Nixpkgs, the error message printed should provide adequate - directions for upgrading Nix. - </para> - </listitem> - <listitem> - <para> - For users of the Nix daemon on macOS, you can upgrade Nix by running - <command>sudo -i sh -c 'nix-channel --update && nix-env -iA - nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl - start org.nixos.nix-daemon</command>. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> <literal>lib.strict</literal> is removed. Use <literal>builtins.seq</literal> instead. </para> diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 9ae34dd58ab0..8c8237e6371e 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -46,6 +46,66 @@ xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" + xml:id="sec-release-19.03-incompatibilities"> + <title>Backward Incompatibilities</title> + + <para> + When upgrading from a previous release, please be aware of the following + incompatible changes: + </para> + + <itemizedlist> + <listitem> + <para> + The minimum version of Nix required to evaluate Nixpkgs is now 2.0. + </para> + <itemizedlist> + <listitem> + <para> + For users of NixOS 18.03 and 19.03, NixOS defaults to Nix 2.0, but + supports using Nix 1.11 by setting <literal>nix.package = + pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you + will need to either unset the option or upgrade it to Nix 2.0. + </para> + </listitem> + <listitem> + <para> + For users of NixOS 17.09, you will first need to upgrade Nix by setting + <literal>nix.package = pkgs.nixStable2;</literal> and run + <command>nixos-rebuild switch</command> as the <literal>root</literal> + user. + </para> + </listitem> + <listitem> + <para> + For users of a daemon-less Nix installation on Linux or macOS, you can + upgrade Nix by running <command>curl https://nixos.org/nix/install | + sh</command>, or prior to doing a channel update, running + <command>nix-env -iA nix</command>. + </para> + <para> + If you have already run a channel update and Nix is no longer able to + evaluate Nixpkgs, the error message printed should provide adequate + directions for upgrading Nix. + </para> + </listitem> + <listitem> + <para> + For users of the Nix daemon on macOS, you can upgrade Nix by running + <command>sudo -i sh -c 'nix-channel --update && nix-env -iA + nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl + start org.nixos.nix-daemon</command>. + </para> + </listitem> + </itemizedlist> + </listitem> + </itemizedlist> + </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" xml:id="sec-release-19.03-notable-changes"> <title>Other Notable Changes</title> diff --git a/nixos/modules/profiles/graphical.nix b/nixos/modules/profiles/graphical.nix index 332cf58aa538..fba756391b11 100644 --- a/nixos/modules/profiles/graphical.nix +++ b/nixos/modules/profiles/graphical.nix @@ -7,9 +7,12 @@ services.xserver = { enable = true; displayManager.sddm.enable = true; - desktopManager.plasma5.enable = true; + desktopManager.plasma5 = { + enable = true; + enableQt4Support = false; + }; libinput.enable = true; # for touchpad support on many laptops }; - environment.systemPackages = [ pkgs.glxinfo ]; + environment.systemPackages = [ pkgs.glxinfo pkgs.firefox ]; } diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index f2ec00a7d3e1..dfefc1171e62 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -26,15 +26,14 @@ in { name = "trezord-udev-rules"; destination = "/etc/udev/rules.d/51-trezor.rules"; text = '' - # Trezor 1 - SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", SYMLINK+="trezor%n" - KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout" - - # Trezor 2 (Model-T) - SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0661", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" - SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" - KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl" - ]; + # TREZOR v1 (One) + SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" + KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl" + + # TREZOR v2 (T) + SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0661", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" + SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" + KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl" ''; }); diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index 7f38d7570132..0d91b247cd34 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -89,7 +89,7 @@ in bindSocket.path = mkOption { type = types.str; - default = "/run/rmilter/rmilter.sock"; + default = "/run/rmilter.sock"; description = '' Path to Unix domain socket to listen on. ''; @@ -193,6 +193,9 @@ in config = mkMerge [ (mkIf cfg.enable { + warnings = [ + ''`config.services.rmilter' is deprecated, `rmilter' deprecated and unsupported by upstream, and will be removed from next releases. Use built-in rspamd milter instead.'' + ]; users.users = singleton { name = cfg.user; diff --git a/nixos/modules/services/misc/emby.nix b/nixos/modules/services/misc/emby.nix index 64cc9c610ac3..ff68b850cd91 100644 --- a/nixos/modules/services/misc/emby.nix +++ b/nixos/modules/services/misc/emby.nix @@ -36,11 +36,18 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - test -d ${cfg.dataDir} || { - echo "Creating initial Emby data directory in ${cfg.dataDir}" - mkdir -p ${cfg.dataDir} - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} - } + if [ -d ${cfg.dataDir} ] + then + for plugin in ${cfg.dataDir}/plugins/* + do + echo "Correcting permissions of plugin: $plugin" + chmod u+w $plugin + done + else + echo "Creating initial Emby data directory in ${cfg.dataDir}" + mkdir -p ${cfg.dataDir} + chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} + fi ''; serviceConfig = { diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 5bf66354f487..d81aa5643e53 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -162,7 +162,7 @@ let makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ - --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package ]}:$PATH' \ + --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --run 'cd ${cfg.packages.gitlab}/share/gitlab' ''; @@ -203,6 +203,7 @@ in { default = pkgs.gitlab; defaultText = "pkgs.gitlab"; description = "Reference to the gitlab package"; + example = "pkgs.gitlab-ee"; }; packages.gitlab-shell = mkOption { @@ -501,7 +502,7 @@ in { }; systemd.services.gitlab-workhorse = { - after = [ "network.target" "gitlab.service" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment.HOME = gitlabEnv.HOME; environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; @@ -569,9 +570,9 @@ in { mkdir -p /run/gitlab mkdir -p ${cfg.statePath}/log - ln -sf ${cfg.statePath}/log /run/gitlab/log - ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp - ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads + [ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log + [ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp + [ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml chown -R ${cfg.user}:${cfg.group} /run/gitlab @@ -629,6 +630,10 @@ in { touch "${cfg.statePath}/db-seeded" fi + # The gitlab:shell:setup regenerates the authorized_keys file so that + # the store path to the gitlab-shell in it gets updated + ${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production + # The gitlab:shell:create_hooks task seems broken for fixing links # so we instead delete all the hooks and create them anew rm -f ${cfg.statePath}/repositories/**/*.git/hooks diff --git a/nixos/modules/services/networking/chrony.nix b/nixos/modules/services/networking/chrony.nix index cef30661cc33..a363b545d649 100644 --- a/nixos/modules/services/networking/chrony.nix +++ b/nixos/modules/services/networking/chrony.nix @@ -3,12 +3,10 @@ with lib; let + cfg = config.services.chrony; stateDir = "/var/lib/chrony"; - - keyFile = "/etc/chrony.keys"; - - cfg = config.services.chrony; + keyFile = "${stateDir}/chrony.keys"; configFile = pkgs.writeText "chrony.conf" '' ${concatMapStringsSep "\n" (server: "server " + server) cfg.servers} @@ -19,7 +17,6 @@ let } driftfile ${stateDir}/chrony.drift - keyfile ${keyFile} ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} @@ -27,18 +24,11 @@ let ${cfg.extraConfig} ''; - chronyFlags = "-n -m -u chrony -f ${configFile} ${toString cfg.extraFlags}"; - + chronyFlags = "-m -u chrony -f ${configFile} ${toString cfg.extraFlags}"; in - { - - ###### interface - options = { - services.chrony = { - enable = mkOption { default = false; description = '' @@ -83,15 +73,9 @@ in description = "Extra flags passed to the chronyd command."; }; }; - }; - - ###### implementation - config = mkIf cfg.enable { - - # Make chronyc available in the system path environment.systemPackages = [ pkgs.chrony ]; users.groups = singleton @@ -113,26 +97,30 @@ in { description = "chrony NTP daemon"; wantedBy = [ "multi-user.target" ]; - wants = [ "time-sync.target" ]; - before = [ "time-sync.target" ]; - after = [ "network.target" ]; + wants = [ "time-sync.target" ]; + before = [ "time-sync.target" ]; + after = [ "network.target" ]; conflicts = [ "ntpd.service" "systemd-timesyncd.service" ]; path = [ pkgs.chrony ]; - preStart = - '' - mkdir -m 0755 -p ${stateDir} - touch ${keyFile} - chmod 0640 ${keyFile} - chown chrony:chrony ${stateDir} ${keyFile} - ''; + preStart = '' + mkdir -m 0755 -p ${stateDir} + touch ${keyFile} + chmod 0640 ${keyFile} + chown chrony:chrony ${stateDir} ${keyFile} + ''; serviceConfig = - { ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}"; + { Type = "forking"; + ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}"; + + ProtectHome = "yes"; + ProtectSystem = "full"; + PrivateTmp = "yes"; + + ConditionCapability = "CAP_SYS_TIME"; }; }; - }; - } diff --git a/nixos/modules/services/networking/iwd.nix b/nixos/modules/services/networking/iwd.nix index eb03d2e1d632..18ed20e28886 100644 --- a/nixos/modules/services/networking/iwd.nix +++ b/nixos/modules/services/networking/iwd.nix @@ -22,6 +22,8 @@ in { systemd.packages = [ pkgs.iwd ]; + systemd.services.iwd.wantedBy = [ "multi-user.target" ]; + systemd.tmpfiles.rules = [ "d /var/lib/iwd 0700 root root -" ]; diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index 3703921ff703..410d650b1f64 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -124,7 +124,7 @@ in dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \ voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \ filetransfer_ip=${cfg.fileTransferIP} filetransfer_port=${toString cfg.fileTransferPort} \ - query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} + query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} license_accepted=1 ''; WorkingDirectory = cfg.dataDir; User = user; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index d1cb962f6ff8..e759f69db897 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -81,6 +81,7 @@ in kconfig kconfigwidgets kcoreaddons + kdoctools kdbusaddons kdeclarative kded diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index ed8b9f01e275..1079089bc5a8 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -11,19 +11,30 @@ let exit 1 } + dev_exist() { + local target="$1" + if [ -e $target ]; then + return 0 + else + local uuid=$(echo -n $target | sed -e 's,UUID=\(.*\),\1,g') + local dev=$(blkid --uuid $uuid) + return $? + fi + } + wait_target() { local name="$1" local target="$2" local secs="''${3:-10}" local desc="''${4:-$name $target to appear}" - if [ ! -e $target ]; then + if ! dev_exist $target; then echo -n "Waiting $secs seconds for $desc..." local success=false; for try in $(seq $secs); do echo -n "." sleep 1 - if [ -e $target ]; then + if dev_exist $target; then success=true break fi diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 4e9c87222d0a..eec1a85162b5 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -32,15 +32,21 @@ let # expressions and shell script stuff. mkDiskIfaceDriveFlag = idx: driveArgs: let inherit (cfg.qemu) diskInterface; + isSCSI = diskInterface == "scsi"; # The drive identifier created by incrementing the index by one using the # shell. drvId = "drive$((${idx} + 1))"; + dvcId = "${diskInterface}$((${idx} + 1))"; # NOTE: DO NOT shell escape, because this may contain shell variables. - commonArgs = "index=${idx},id=${drvId},${driveArgs}"; - isSCSI = diskInterface == "scsi"; - devArgs = "${diskInterface}-hd,drive=${drvId}"; - args = "-drive ${commonArgs},if=none -device lsi53c895a -device ${devArgs}"; - in if isSCSI then args else "-drive ${commonArgs},if=${diskInterface}"; + commonDriveArgs = "media=disk,id=${drvId},${driveArgs}"; + commonInterfaceArgs = "drive=${drvId},id=${dvcId},bootindex=${idx}"; + in lib.concatStrings [ + "-drive ${commonDriveArgs},if=none " + ''${if isSCSI then + "-device lsi53c895a -device ${diskInterface}-hd,${commonInterfaceArgs}" + else + "-device virtio-blk-pci,scsi=off,${commonInterfaceArgs}"} '' + ]; # Shell script to start the VM. startVM = @@ -97,15 +103,15 @@ let -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ + ${mkDiskIfaceDriveFlag "1" "file=$NIX_DISK_IMAGE,media=disk,cache=writeback,werror=report"} \ ${if cfg.useBootLoader then '' - ${mkDiskIfaceDriveFlag "0" "file=$NIX_DISK_IMAGE,cache=writeback,werror=report"} \ - ${mkDiskIfaceDriveFlag "1" "file=$TMPDIR/disk.img,media=disk"} \ + -boot menu=on \ + ${mkDiskIfaceDriveFlag "0" "file=$TMPDIR/disk.img,media=disk"} \ ${if cfg.useEFIBoot then '' -pflash $TMPDIR/bios.bin \ '' else '' - ''} - '' else '' - ${mkDiskIfaceDriveFlag "0" "file=$NIX_DISK_IMAGE,cache=writeback,werror=report"} \ + \''} + '' else '' \ -kernel ${config.system.build.toplevel}/kernel \ -initrd ${config.system.build.toplevel}/initrd \ -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS" \ @@ -141,8 +147,9 @@ let ''; buildInputs = [ pkgs.utillinux ]; QEMU_OPTS = if cfg.useEFIBoot - then "-pflash $out/bios.bin -nographic -serial pty" - else "-nographic -serial pty"; + then "-pflash $out/bios.bin -nographic" + else "-nographic"; + diskInterface = cfg.qemu.diskInterface; } '' # Create a /boot EFI partition with 40M and arbitrary but fixed GUIDs for reproducibility @@ -155,10 +162,10 @@ let --partition-guid=1:1C06F03B-704E-4657-B9CD-681A087A2FDC \ --partition-guid=2:970C694F-AFD0-4B99-B750-CDB7A329AB6F \ --hybrid 2 \ - --recompute-chs /dev/vda - ${pkgs.dosfstools}/bin/mkfs.fat -F16 /dev/vda2 + --recompute-chs ${config.virtualisation.bootDevice} + ${pkgs.dosfstools}/bin/mkfs.fat -F16 ${config.virtualisation.bootDevice}2 export MTOOLS_SKIP_CHECK=1 - ${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot + ${pkgs.mtools}/bin/mlabel -i ${config.virtualisation.bootDevice}2 ::boot # Mount /boot; load necessary modules first. ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true @@ -167,11 +174,11 @@ let ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true mkdir /boot - mount /dev/vda2 /boot + mount ${config.virtualisation.bootDevice}2 /boot # This is needed for GRUB 0.97, which doesn't know about virtio devices. mkdir /boot/grub - echo '(hd0) /dev/vda' > /boot/grub/device.map + echo '(hd0) ${config.virtualisation.bootDevice}' > /boot/grub/device.map # Install GRUB and generate the GRUB boot menu. touch /etc/NIXOS @@ -464,7 +471,8 @@ in boot.initrd.availableKernelModules = optional cfg.writableStore "overlay" - ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx"; + ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx" + ++ optional (cfg.qemu.diskInterface == "scsi") "virtio_scsi"; virtualisation.bootDevice = mkDefault (if cfg.qemu.diskInterface == "scsi" then "/dev/sda" else "/dev/vda"); diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index c7fd4910e072..4669a092433e 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -1,32 +1,5 @@ let - commonConfig = { lib, nodes, ... }: { - networking.nameservers = [ - nodes.letsencrypt.config.networking.primaryIPAddress - ]; - - nixpkgs.overlays = lib.singleton (self: super: { - cacert = super.cacert.overrideDerivation (drv: { - installPhase = (drv.installPhase or "") + '' - cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \ - >> "$out/etc/ssl/certs/ca-bundle.crt" - ''; - }); - - # Override certifi so that it accepts fake certificate for Let's Encrypt - # Need to override the attribute used by simp_le, which is python3Packages - python3Packages = (super.python3.override { - packageOverrides = lib.const (pysuper: { - certifi = pysuper.certifi.overridePythonAttrs (attrs: { - postPatch = (attrs.postPatch or "") + '' - cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \ - > certifi/cacert.pem - ''; - }); - }); - }).pkgs; - }); - }; - + commonConfig = ./common/letsencrypt/common.nix; in import ./make-test.nix { name = "acme"; diff --git a/nixos/tests/common/letsencrypt/common.nix b/nixos/tests/common/letsencrypt/common.nix new file mode 100644 index 000000000000..798a749f7f9b --- /dev/null +++ b/nixos/tests/common/letsencrypt/common.nix @@ -0,0 +1,27 @@ +{ lib, nodes, ... }: { + networking.nameservers = [ + nodes.letsencrypt.config.networking.primaryIPAddress + ]; + + nixpkgs.overlays = lib.singleton (self: super: { + cacert = super.cacert.overrideDerivation (drv: { + installPhase = (drv.installPhase or "") + '' + cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \ + >> "$out/etc/ssl/certs/ca-bundle.crt" + ''; + }); + + # Override certifi so that it accepts fake certificate for Let's Encrypt + # Need to override the attribute used by simp_le, which is python3Packages + python3Packages = (super.python3.override { + packageOverrides = lib.const (pysuper: { + certifi = pysuper.certifi.overridePythonAttrs (attrs: { + postPatch = (attrs.postPatch or "") + '' + cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \ + > certifi/cacert.pem + ''; + }); + }); + }).pkgs; + }); +} diff --git a/nixos/tests/hound.nix b/nixos/tests/hound.nix index f21c0ad58a85..cb8e25332c07 100644 --- a/nixos/tests/hound.nix +++ b/nixos/tests/hound.nix @@ -52,7 +52,7 @@ import ./make-test.nix ({ pkgs, ... } : { $machine->waitForUnit("network.target"); $machine->waitForUnit("hound.service"); $machine->waitForOpenPort(6080); - $machine->succeed('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"'); + $machine->waitUntilSucceeds('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"'); ''; }) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 610444f90e47..3f9fa0e6016c 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -282,9 +282,9 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", - "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary linux-swap 1M 1024M" + . " mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", "swapon -L swap", @@ -299,11 +299,11 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel gpt", - "parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot - "parted --script /dev/vda -- set 1 boot on", - "parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", - "parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / + "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + . " mkpart ESP fat32 1M 50MiB" # /boot + . " set 1 boot on" + . " mkpart primary linux-swap 50MiB 1024MiB" + . " mkpart primary ext2 1024MiB -1MiB", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -321,11 +321,11 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel gpt", - "parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot - "parted --script /dev/vda -- set 1 boot on", - "parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", - "parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / + "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + . " mkpart ESP fat32 1M 50MiB" # /boot + . " set 1 boot on" + . " mkpart primary linux-swap 50MiB 1024MiB" + . " mkpart primary ext2 1024MiB -1MiB", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -345,10 +345,10 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", - "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary ext2 1M 50MB" # /boot + . " mkpart primary linux-swap 50MB 1024M" + . " mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -366,10 +366,10 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", - "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary ext2 1M 50MB" # /boot + . " mkpart primary linux-swap 50MB 1024M" + . " mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -402,9 +402,9 @@ in { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", - "parted --script /dev/vda -- mkpart primary 1024M -1s", + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary linux-swap 1M 1024M" + . " mkpart primary 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", @@ -425,11 +425,11 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary 1M 2048M", # PV1 - "parted --script /dev/vda -- set 1 lvm on", - "parted --script /dev/vda -- mkpart primary 2048M -1s", # PV2 - "parted --script /dev/vda -- set 2 lvm on", + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary 1M 2048M" # PV1 + . " set 1 lvm on" + . " mkpart primary 2048M -1s" # PV2 + . " set 2 lvm on", "udevadm settle", "pvcreate /dev/vda1 /dev/vda2", "vgcreate MyVolGroup /dev/vda1 /dev/vda2", @@ -447,10 +447,10 @@ in { luksroot = makeInstallerTest "luksroot" { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M", - "parted --script /dev/vda -- mkpart primary 1024M -1s", # LUKS + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary ext2 1M 50MB" # /boot + . " mkpart primary linux-swap 50M 1024M" + . " mkpart primary 1024M -1s", # LUKS "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -481,11 +481,11 @@ in { filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile" { createPartitions = '' $machine->succeed( - "parted --script /dev/vda mklabel msdos", - "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M", - "parted --script /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile - "parted --script /dev/vda -- mkpart primary 1280M -1s", + "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + . " mkpart primary ext2 1M 50MB" # /boot + . " mkpart primary linux-swap 50M 1024M" + . " mkpart primary 1024M 1280M" # LUKS with keyfile + . " mkpart primary 1280M -1s", "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -520,7 +520,7 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/vda --" + "flock /dev/vda parted --script /dev/vda --" . " mklabel msdos" . " mkpart primary ext2 1M 100MB" # /boot . " mkpart extended 100M -1s" @@ -531,8 +531,10 @@ in { "udevadm settle", "ls -l /dev/vda* >&2", "cat /proc/partitions >&2", + "udevadm control --stop-exec-queue", "mdadm --create --force /dev/md0 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda5 /dev/vda6", "mdadm --create --force /dev/md1 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda7 /dev/vda8", + "udevadm control --start-exec-queue", "udevadm settle", "mkswap -f /dev/md1 -L swap", "swapon -L swap", @@ -555,9 +557,9 @@ in { { createPartitions = '' $machine->succeed( - "parted --script /dev/sda mklabel msdos", - "parted --script /dev/sda -- mkpart primary linux-swap 1M 1024M", - "parted --script /dev/sda -- mkpart primary ext2 1024M -1s", + "flock /dev/sda parted --script /dev/sda -- mklabel msdos" + . " mkpart primary linux-swap 1M 1024M" + . " mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/sda1 -L swap", "swapon -L swap", diff --git a/nixos/tests/prosody.nix b/nixos/tests/prosody.nix index 5d33aaf8d65d..61ae5bb38ed9 100644 --- a/nixos/tests/prosody.nix +++ b/nixos/tests/prosody.nix @@ -6,6 +6,9 @@ import ./make-test.nix { enable = true; # TODO: use a self-signed certificate c2sRequireEncryption = false; + extraConfig = '' + storage = "sql" + ''; }; environment.systemPackages = let sendMessage = pkgs.writeScriptBin "send-message" '' |