diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/lib/test-driver/Machine.pm | 11 | ||||
| -rw-r--r-- | nixos/modules/config/system-path.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/programs/sway.nix | 19 | ||||
| -rw-r--r-- | nixos/modules/services/continuous-integration/jenkins/default.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitea.nix | 270 | ||||
| -rw-r--r-- | nixos/modules/services/misc/tzupdate.nix | 45 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/graphite.nix | 54 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/x11/display-managers/default.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/services/x11/display-managers/sddm.nix | 11 | ||||
| -rw-r--r-- | nixos/modules/system/boot/resolved.nix | 72 | ||||
| -rw-r--r-- | nixos/release.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/graphite.nix | 26 |
14 files changed, 507 insertions, 26 deletions
diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm index cd375352c4ca..a7ed5d1faa38 100644 --- a/nixos/lib/test-driver/Machine.pm +++ b/nixos/lib/test-driver/Machine.pm @@ -372,6 +372,17 @@ sub getUnitInfo { return $info; } +# Fail if the given systemd unit is not in the "active" state. +sub requireActiveUnit { + my ($self, $unit) = @_; + $self->nest("checking if unit ‘$unit’ has reached state 'active'", sub { + my $info = $self->getUnitInfo($unit); + my $state = $info->{ActiveState}; + if ($state ne "active") { + die "Expected unit ‘$unit’ to to be in state 'active' but it is in state ‘$state’\n"; + }; + }); +} # Wait for a systemd unit to reach the "active" state. sub waitForUnit { diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 5d339eaea485..d3212d931605 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -31,6 +31,7 @@ let pkgs.nano pkgs.ncurses pkgs.netcat + pkgs.nix-info config.programs.ssh.package pkgs.perl pkgs.procps diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a8cb957ffe21..e67e6ae32b9a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -99,6 +99,7 @@ ./programs/ssh.nix ./programs/ssmtp.nix ./programs/sysdig.nix + ./programs/sway.nix ./programs/thefuck.nix ./programs/tmux.nix ./programs/venus.nix @@ -296,6 +297,7 @@ ./services/misc/fstrim.nix ./services/misc/gammu-smsd.nix ./services/misc/geoip-updater.nix + ./services/misc/gitea.nix #./services/misc/gitit.nix ./services/misc/gitlab.nix ./services/misc/gitolite.nix @@ -343,6 +345,7 @@ ./services/misc/svnserve.nix ./services/misc/synergy.nix ./services/misc/taskserver + ./services/misc/tzupdate.nix ./services/misc/uhub.nix ./services/misc/zookeeper.nix ./services/monitoring/apcupsd.nix diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix new file mode 100644 index 000000000000..fc8a06d106ae --- /dev/null +++ b/nixos/modules/programs/sway.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +with lib; +{ + options.programs.sway.enable = mkEnableOption "sway"; + + config = mkIf config.programs.sway.enable { + environment.systemPackages = [ pkgs.sway pkgs.xwayland ]; + security.wrappers.sway = { + source = "${pkgs.sway}/bin/sway"; + capabilities = "cap_sys_ptrace,cap_sys_tty_config=eip"; + owner = "root"; + group = "sway"; + permissions = "u+rx,g+rx"; + }; + + users.extraGroups.sway = {}; + }; +} diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index c14aa4167231..0dd59e4fb444 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -78,6 +78,13 @@ in { ''; }; + package = mkOption { + default = pkgs.jenkins; + defaultText = "pkgs.jenkins"; + type = types.package; + description = "Jenkins package to use."; + }; + packages = mkOption { default = [ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ]; defaultText = "[ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ]"; @@ -194,7 +201,7 @@ in { ''; script = '' - ${pkgs.jdk}/bin/java ${concatStringsSep " " cfg.extraJavaOptions} -jar ${pkgs.jenkins}/webapps/jenkins.war --httpListenAddress=${cfg.listenAddress} \ + ${pkgs.jdk}/bin/java ${concatStringsSep " " cfg.extraJavaOptions} -jar ${cfg.package}/webapps/jenkins.war --httpListenAddress=${cfg.listenAddress} \ --httpPort=${toString cfg.port} \ --prefix=${cfg.prefix} \ ${concatStringsSep " " cfg.extraOptions} diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix new file mode 100644 index 000000000000..f0b44b7bedeb --- /dev/null +++ b/nixos/modules/services/misc/gitea.nix @@ -0,0 +1,270 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.gitea; + configFile = pkgs.writeText "app.ini" '' + APP_NAME = ${cfg.appName} + RUN_USER = ${cfg.user} + RUN_MODE = prod + + [database] + DB_TYPE = ${cfg.database.type} + HOST = ${cfg.database.host}:${toString cfg.database.port} + NAME = ${cfg.database.name} + USER = ${cfg.database.user} + PASSWD = #dbpass# + PATH = ${cfg.database.path} + + [repository] + ROOT = ${cfg.repositoryRoot} + + [server] + DOMAIN = ${cfg.domain} + HTTP_ADDR = ${cfg.httpAddress} + HTTP_PORT = ${toString cfg.httpPort} + ROOT_URL = ${cfg.rootUrl} + STATIC_ROOT_PATH = ${cfg.staticRootPath} + + [session] + COOKIE_NAME = session + COOKIE_SECURE = ${boolToString cfg.cookieSecure} + + [security] + SECRET_KEY = #secretkey# + INSTALL_LOCK = true + + ${cfg.extraConfig} + ''; +in + +{ + options = { + services.gitea = { + enable = mkOption { + default = false; + type = types.bool; + description = "Enable Gitea Service."; + }; + + useWizard = mkOption { + default = false; + type = types.bool; + description = "Do not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator."; + }; + + stateDir = mkOption { + default = "/var/lib/gitea"; + type = types.str; + description = "gitea data directory."; + }; + + user = mkOption { + type = types.str; + default = "gitea"; + description = "User account under which gitea runs."; + }; + + database = { + type = mkOption { + type = types.enum [ "sqlite3" "mysql" "postgres" ]; + example = "mysql"; + default = "sqlite3"; + description = "Database engine to use."; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Database host address."; + }; + + port = mkOption { + type = types.int; + default = 3306; + description = "Database host port."; + }; + + name = mkOption { + type = types.str; + default = "gitea"; + description = "Database name."; + }; + + user = mkOption { + type = types.str; + default = "gitea"; + description = "Database user."; + }; + + password = mkOption { + type = types.str; + default = ""; + description = '' + The password corresponding to <option>database.user</option>. + Warning: this is stored in cleartext in the Nix store! + Use <option>database.passwordFile</option> instead. + ''; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/gitea-dbpassword"; + description = '' + A file containing the password corresponding to + <option>database.user</option>. + ''; + }; + + path = mkOption { + type = types.str; + default = "${cfg.stateDir}/data/gitea.db"; + description = "Path to the sqlite3 database file."; + }; + }; + + appName = mkOption { + type = types.str; + default = "gitea: Gitea Service"; + description = "Application name."; + }; + + repositoryRoot = mkOption { + type = types.str; + default = "${cfg.stateDir}/repositories"; + description = "Path to the git repositories."; + }; + + domain = mkOption { + type = types.str; + default = "localhost"; + description = "Domain name of your server."; + }; + + rootUrl = mkOption { + type = types.str; + default = "http://localhost:3000/"; + description = "Full public URL of gitea server."; + }; + + httpAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "HTTP listen address."; + }; + + httpPort = mkOption { + type = types.int; + default = 3000; + description = "HTTP listen port."; + }; + + cookieSecure = mkOption { + type = types.bool; + default = false; + description = '' + Marks session cookies as "secure" as a hint for browsers to only send + them via HTTPS. This option is recommend, if gitea is being served over HTTPS. + ''; + }; + + staticRootPath = mkOption { + type = types.str; + default = "${pkgs.gitea.data}"; + example = "/var/lib/gitea/data"; + description = "Upper level of template and static files path."; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Configuration lines appended to the generated gitea configuration file."; + }; + }; + }; + + config = mkIf cfg.enable { + + systemd.services.gitea = { + description = "gitea"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.gitea.bin ]; + + preStart = let + runConfig = "${cfg.stateDir}/custom/conf/app.ini"; + secretKey = "${cfg.stateDir}/custom/conf/secret_key"; + in '' + mkdir -p ${cfg.stateDir} + + # copy custom configuration and generate a random secret key if needed + ${optionalString (cfg.useWizard == false) '' + mkdir -p ${cfg.stateDir}/custom/conf + cp -f ${configFile} ${runConfig} + + if [ ! -e ${secretKey} ]; then + head -c 16 /dev/urandom | base64 > ${secretKey} + fi + + KEY=$(head -n1 ${secretKey}) + DBPASS=$(head -n1 ${cfg.database.passwordFile}) + sed -e "s,#secretkey#,$KEY,g" \ + -e "s,#dbpass#,$DBPASS,g" \ + -i ${runConfig} + chmod 640 ${runConfig} ${secretKey} + ''} + + mkdir -p ${cfg.repositoryRoot} + # update all hooks' binary paths + HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 4 -type f -wholename "*git/hooks/*") + if [ "$HOOKS" ] + then + sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${pkgs.gitea.bin}/bin/gitea,g' $HOOKS + sed -ri 's,/nix/store/[a-z0-9.-]+/bin/env,${pkgs.coreutils}/bin/env,g' $HOOKS + sed -ri 's,/nix/store/[a-z0-9.-]+/bin/bash,${pkgs.bash}/bin/bash,g' $HOOKS + sed -ri 's,/nix/store/[a-z0-9.-]+/bin/perl,${pkgs.perl}/bin/perl,g' $HOOKS + fi + if [ ! -d ${cfg.stateDir}/conf/locale ] + then + mkdir -p ${cfg.stateDir}/conf + cp -r ${pkgs.gitea.out}/locale ${cfg.stateDir}/conf/locale + fi + ''; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + WorkingDirectory = cfg.stateDir; + ExecStart = "${pkgs.gitea.bin}/bin/gitea web"; + Restart = "always"; + }; + + environment = { + USER = cfg.user; + HOME = cfg.stateDir; + GITEA_WORK_DIR = cfg.stateDir; + }; + }; + + users = mkIf (cfg.user == "gitea") { + extraUsers.gitea = { + description = "Gitea Service"; + home = cfg.stateDir; + createHome = true; + }; + }; + + warnings = optional (cfg.database.password != "") + ''config.services.gitea.database.password will be stored as plaintext + in the Nix store. Use database.passwordFile instead.''; + + # Create database passwordFile default when password is configured. + services.gitea.database.passwordFile = + (mkDefault (toString (pkgs.writeTextFile { + name = "gitea-database-password"; + text = cfg.database.password; + }))); + }; +} diff --git a/nixos/modules/services/misc/tzupdate.nix b/nixos/modules/services/misc/tzupdate.nix new file mode 100644 index 000000000000..570982ced29a --- /dev/null +++ b/nixos/modules/services/misc/tzupdate.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.tzupdate; +in { + options.services.tzupdate = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable the tzupdate timezone updating service. This provides + a one-shot service which can be activated with systemctl to + update the timezone. + ''; + }; + }; + + config = mkIf cfg.enable { + # We need to have imperative time zone management for this to work. + # This will give users an error if they have set an explicit time + # zone, which is better than silently overriding it. + time.timeZone = null; + + # We provide a one-shot service which can be manually run. We could + # provide a service that runs on startup, but it's tricky to get + # a service to run after you have *internet* access. + systemd.services.tzupdate = { + description = "tzupdate timezone update service"; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + serviceConfig = { + Type = "oneshot"; + # We could link directly into pkgs.tzdata, but at least timedatectl seems + # to expect the symlink to point directly to a file in etc. + # Setting the "debian timezone file" to point at /dev/null stops it doing anything. + ExecStart = "${pkgs.tzupdate}/bin/tzupdate -z /etc/zoneinfo -d /dev/null"; + }; + }; + }; + + meta.maintainers = [ maintainers.michaelpj ]; +} diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index 332a04634d06..01b4aca91731 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -7,6 +7,19 @@ let writeTextOrNull = f: t: mapNullable (pkgs.writeTextDir f) t; dataDir = cfg.dataDir; + staticDir = cfg.dataDir + "/static"; + + graphiteLocalSettingsDir = pkgs.runCommand "graphite_local_settings" + {inherit graphiteLocalSettings;} '' + mkdir -p $out + ln -s $graphiteLocalSettings $out/graphite_local_settings.py + ''; + + graphiteLocalSettings = pkgs.writeText "graphite_local_settings.py" ( + "STATIC_ROOT = '${staticDir}'\n" + + optionalString (! isNull config.time.timeZone) "TIME_ZONE = '${config.time.timeZone}'\n" + + cfg.web.extraConfig + ); graphiteApiConfig = pkgs.writeText "graphite-api.yaml" '' time_zone: ${config.time.timeZone} @@ -94,6 +107,15 @@ in { default = 8080; type = types.int; }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = '' + Graphite webapp settings. See: + <link xlink:href="http://graphite.readthedocs.io/en/latest/config-local-settings.html"/> + ''; + }; }; api = { @@ -460,9 +482,13 @@ in { ]; }; penvPack = "${penv}/${pkgs.python.sitePackages}"; - # opt/graphite/webapp contains graphite/settings.py - # explicitly adding pycairo in path because it cannot be imported via buildEnv - in "${penvPack}/opt/graphite/webapp:${penvPack}:${pkgs.pythonPackages.pycairo}/${pkgs.python.sitePackages}"; + in concatStringsSep ":" [ + "${graphiteLocalSettingsDir}" + "${penvPack}/opt/graphite/webapp" + "${penvPack}" + # explicitly adding pycairo in path because it cannot be imported via buildEnv + "${pkgs.pythonPackages.pycairo}/${pkgs.python.sitePackages}" + ]; DJANGO_SETTINGS_MODULE = "graphite.settings"; GRAPHITE_CONF_DIR = configDir; GRAPHITE_STORAGE_DIR = dataDir; @@ -470,9 +496,9 @@ in { }; serviceConfig = { ExecStart = '' - ${pkgs.python27Packages.waitress}/bin/waitress-serve \ - --host=${cfg.web.listenAddress} --port=${toString cfg.web.port} \ - --call django.core.handlers.wsgi:WSGIHandler''; + ${pkgs.python27Packages.waitress-django}/bin/waitress-serve-django \ + --host=${cfg.web.listenAddress} --port=${toString cfg.web.port} + ''; User = "graphite"; Group = "graphite"; PermissionsStartOnly = true; @@ -482,16 +508,20 @@ in { mkdir -p ${dataDir}/{whisper/,log/webapp/} chmod 0700 ${dataDir}/{whisper/,log/webapp/} - # populate database - ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput + ${pkgs.pythonPackages.django_1_8}/bin/django-admin.py migrate --noinput - # create index - ${pkgs.python27Packages.graphite_web}/bin/build-index.sh - - chown -R graphite:graphite ${cfg.dataDir} + chown -R graphite:graphite ${dataDir} touch ${dataDir}/db-created fi + + # Only collect static files when graphite_web changes. + if ! [ "${dataDir}/current_graphite_web" -ef "${pkgs.python27Packages.graphite_web}" ]; then + mkdir -p ${staticDir} + ${pkgs.pythonPackages.django_1_8}/bin/django-admin.py collectstatic --noinput --clear + chown -R graphite:graphite ${staticDir} + ln -sfT "${pkgs.python27Packages.graphite_web}" "${dataDir}/current_graphite_web" + fi ''; }; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index d7e72c4a7aec..b9498b1627fb 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -47,7 +47,7 @@ in ${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} - exec "${plasma5.startkde}" + exec "${getBin plasma5.plasma-workspace}/bin/startkde" ''; }; diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 58773685ec1f..3fa482fb6722 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -92,9 +92,12 @@ let ${config.hardware.pulseaudio.package.out}/bin/pactl load-module module-x11-publish "display=$DISPLAY" ''} - # Tell systemd about our $DISPLAY. This is needed by the - # ssh-agent unit. - ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY + # Tell systemd about our $DISPLAY and $XAUTHORITY. + # This is needed by the ssh-agent unit. + # + # Also tell systemd about the dbus session bus address. + # This is required by user units using the session bus. + ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY XAUTHORITY DBUS_SESSION_BUS_ADDRESS # Load X defaults. ${xorg.xrdb}/bin/xrdb -merge ${xresourcesXft} diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index e6cc02e4d491..facaea131ae5 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -19,6 +19,17 @@ let Xsetup = pkgs.writeScript "Xsetup" '' #!/bin/sh + + # Prior to Qt 5.9.2, there is a QML cache invalidation bug which sometimes + # strikes new Plasma 5 releases. If the QML cache is not invalidated, SDDM + # will segfault without explanation. We really tore our hair out for awhile + # before finding the bug: + # https://bugreports.qt.io/browse/QTBUG-62302 + # We work around the problem by deleting the QML cache before startup. It + # will be regenerated, causing a small but perceptible delay when SDDM + # starts. + rm -fr /var/lib/sddm/.cache/sddm-greeter/qmlcache + ${cfg.setupScript} ''; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index a3fb733c289d..2147d43c4f19 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -31,8 +31,15 @@ in example = [ "example.com" ]; type = types.listOf types.str; description = '' - A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified domain names (FQDNs). - For compatibility reasons, if this setting is not specified, the search domains listed in /etc/resolv.conf are used instead, if that file exists and any domains are configured in it. + A list of domains. These domains are used as search suffixes + when resolving single-label host names (domain names which + contain no dot), in order to qualify them into fully-qualified + domain names (FQDNs). + </para><para> + For compatibility reasons, if this setting is not specified, + the search domains listed in + <filename>/etc/resolv.conf</filename> are used instead, if + that file exists and any domains are configured in it. ''; }; @@ -41,10 +48,30 @@ in example = "false"; type = types.enum [ "true" "resolve" "false" ]; description = '' - Controls Link-Local Multicast Name Resolution support (RFC 4794) on the local host. - If true, enables full LLMNR responder and resolver support. - If false, disables both. - If set to "resolve", only resolution support is enabled, but responding is disabled. + Controls Link-Local Multicast Name Resolution support + (RFC 4795) on the local host. + </para><para> + If set to + <variablelist> + <varlistentry> + <term><literal>"true"</literal></term> + <listitem><para> + Enables full LLMNR responder and resolver support. + </para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"false"</literal></term> + <listitem><para> + Disables both. + </para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"resolve"</literal></term> + <listitem><para> + Only resolution support is enabled, but responding is disabled. + </para></listitem> + </varlistentry> + </variablelist> ''; }; @@ -53,9 +80,36 @@ in example = "true"; type = types.enum [ "true" "allow-downgrade" "false" ]; description = '' - If true all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations will fail. - If set to "allow-downgrade" DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation vulnerable to "downgrade" attacks, where an attacker might be able to trigger a downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not supported. - If set to false, DNS lookups are not DNSSEC validated. + If set to + <variablelist> + <varlistentry> + <term><literal>"true"</literal></term> + <listitem><para> + all DNS lookups are DNSSEC-validated locally (excluding + LLMNR and Multicast DNS). Note that this mode requires a + DNS server that supports DNSSEC. If the DNS server does + not properly support DNSSEC all validations will fail. + </para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"allow-downgrade"</literal></term> + <listitem><para> + DNSSEC validation is attempted, but if the server does not + support DNSSEC properly, DNSSEC mode is automatically + disabled. Note that this mode makes DNSSEC validation + vulnerable to "downgrade" attacks, where an attacker might + be able to trigger a downgrade to non-DNSSEC mode by + synthesizing a DNS response that suggests DNSSEC was not + supported. + </para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"false"</literal></term> + <listitem><para> + DNS lookups are not DNSSEC validated. + </para></listitem> + </varlistentry> + </variablelist> ''; }; diff --git a/nixos/release.nix b/nixos/release.nix index 63f739e8e896..3016b1ef9442 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -257,6 +257,7 @@ in rec { tests.gnome3 = callTest tests/gnome3.nix {}; tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {}; tests.grafama = callTest tests/grafana.nix {}; + tests.graphite = callTest tests/graphite.nix {}; tests.hardened = callTest tests/hardened.nix { }; tests.hibernate = callTest tests/hibernate.nix {}; tests.hound = callTest tests/hound.nix {}; diff --git a/nixos/tests/graphite.nix b/nixos/tests/graphite.nix new file mode 100644 index 000000000000..4fd7de192d55 --- /dev/null +++ b/nixos/tests/graphite.nix @@ -0,0 +1,26 @@ +import ./make-test.nix ({ pkgs, ...} : +{ + name = "graphite"; + nodes = { + one = + { config, pkgs, ... }: { + services.graphite = { + web = { + enable = true; + }; + carbon = { + enableCache = true; + }; + }; + }; + }; + + testScript = '' + startAll; + $one->waitForUnit("default.target"); + $one->requireActiveUnit("graphiteWeb.service"); + $one->requireActiveUnit("carbonCache.service"); + $one->succeed("echo \"foo 1 `date +%s`\" | nc -q0 localhost 2003"); + $one->waitUntilSucceeds("curl 'http://localhost:8080/metrics/find/?query=foo&format=treejson' --silent | grep foo") + ''; +}) |