diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 6 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2211.section.md | 3 | ||||
-rw-r--r-- | nixos/modules/security/wrappers/default.nix | 9 | ||||
-rw-r--r-- | nixos/modules/services/misc/mediatomb.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/system/cachix-agent/default.nix | 2 | ||||
-rw-r--r-- | nixos/tests/mediatomb.nix | 101 |
7 files changed, 52 insertions, 77 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 18cc45493c50..590141c935b4 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -494,6 +494,12 @@ </listitem> <listitem> <para> + Neovim can not be configured with plug anymore (still works + for vim). + </para> + </listitem> + <listitem> + <para> <literal>k3s</literal> no longer supports docker as runtime due to upstream dropping support. </para> diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index ae12a16ebca2..3992dec20476 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -170,7 +170,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The `paperless` module now defaults `PAPERLESS_TIME_ZONE` to your configured system timezone. - (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden. -Use `configure.packages` instead. + Use `configure.packages` instead. +- Neovim can not be configured with plug anymore (still works for vim). - `k3s` no longer supports docker as runtime due to upstream dropping support. diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 45aee7c97339..a58c792d8c5f 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -52,10 +52,11 @@ let { type = lib.types.commas; default = ""; description = lib.mdDoc '' - A comma-separated list of capabilities to be given to the wrapper - program. For capabilities supported by the system check the - {manpage}`capabilities(7)` - manual page. + A comma-separated list of capability clauses to be given to the + wrapper program. The format for capability clauses is described in the + “TEXTUAL REPRESENTATION” section of the {manpage}`cap_from_text(3)` + manual page. For a list of capabilities supported by the system, check + the {manpage}`capabilities(7)` manual page. ::: {.note} `cap_setpcap`, which is required for the wrapper diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index 8cac87f53266..3f0bd585371f 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -362,7 +362,9 @@ in { in mkIf cfg.enable { systemd.services.mediatomb = { description = "${cfg.serverName} media Server"; - after = [ "network.target" ]; + # Gerbera might fail if the network interface is not available on startup + # https://github.com/gerbera/gerbera/issues/1324 + after = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${binaryCommand} --port ${toString cfg.port} ${interfaceFlag} ${configFlag} --home ${cfg.dataDir}"; serviceConfig.User = cfg.user; diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 16ed34515c67..0876007a6e73 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -529,6 +529,8 @@ in { }; systemd.services = { + # upstream reference: + # https://github.com/syncthing/syncthing/blob/main/etc/linux-systemd/system/syncthing%40.service syncthing = mkIf cfg.systemService { description = "Syncthing service"; after = [ "network.target" ]; @@ -540,7 +542,7 @@ in { wantedBy = [ "multi-user.target" ]; serviceConfig = { Restart = "on-failure"; - SuccessExitStatus = "2 3 4"; + SuccessExitStatus = "3 4"; RestartForceExitStatus="3 4"; User = cfg.user; Group = cfg.group; diff --git a/nixos/modules/services/system/cachix-agent/default.nix b/nixos/modules/services/system/cachix-agent/default.nix index 2972e02b46cf..64b31b3b01c6 100644 --- a/nixos/modules/services/system/cachix-agent/default.nix +++ b/nixos/modules/services/system/cachix-agent/default.nix @@ -63,7 +63,7 @@ in { KillMode = "process"; Restart = "on-failure"; EnvironmentFile = cfg.credentialsFile; - ExecStart = "${cfg.package}/bin/cachix ${lib.optionalString cfg.verbose "--verbose"} deploy agent ${cfg.name} ${if cfg.profile != null then profile else ""}"; + ExecStart = "${cfg.package}/bin/cachix ${lib.optionalString cfg.verbose "--verbose"} deploy agent ${cfg.name} ${if cfg.profile != null then cfg.profile else ""}"; }; }; }; diff --git a/nixos/tests/mediatomb.nix b/nixos/tests/mediatomb.nix index b7a126a01ad5..9c84aa3e92a5 100644 --- a/nixos/tests/mediatomb.nix +++ b/nixos/tests/mediatomb.nix @@ -1,81 +1,44 @@ -import ./make-test-python.nix ({ pkgs, ... }: - -{ +import ./make-test-python.nix { name = "mediatomb"; nodes = { - serverGerbera = - { ... }: - let port = 49152; - in { - imports = [ ../modules/profiles/minimal.nix ]; - services.mediatomb = { - enable = true; - serverName = "Gerbera"; - package = pkgs.gerbera; - interface = "eth1"; # accessible from test - openFirewall = true; - mediaDirectories = [ - { path = "/var/lib/gerbera/pictures"; recursive = false; hidden-files = false; } - { path = "/var/lib/gerbera/audio"; recursive = true; hidden-files = false; } - ]; - }; - }; - - serverMediatomb = - { ... }: - let port = 49151; - in { - imports = [ ../modules/profiles/minimal.nix ]; - services.mediatomb = { - enable = true; - serverName = "Mediatomb"; - package = pkgs.mediatomb; - interface = "eth1"; - inherit port; - mediaDirectories = [ - { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } - { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } - ]; - }; - networking.firewall.interfaces.eth1 = { - allowedUDPPorts = [ 1900 port ]; - allowedTCPPorts = [ port ]; - }; + server = { + services.mediatomb = { + enable = true; + serverName = "Gerbera"; + interface = "eth1"; + openFirewall = true; + mediaDirectories = [ + { + path = "/var/lib/gerbera/pictures"; + recursive = false; + hidden-files = false; + } + { + path = "/var/lib/gerbera/audio"; + recursive = true; + hidden-files = false; + } + ]; }; + systemd.tmpfiles.rules = [ + "d /var/lib/gerbera/pictures 0770 mediatomb mediatomb" + "d /var/lib/gerbera/audio 0770 mediatomb mediatomb" + ]; + }; - client = { ... }: { }; + client = {}; }; - testScript = - '' + testScript = '' start_all() - port = 49151 - serverMediatomb.succeed("mkdir -p /var/lib/mediatomb/{pictures,audio}") - serverMediatomb.succeed("chown -R mediatomb:mediatomb /var/lib/mediatomb") - serverMediatomb.wait_for_unit("mediatomb") - serverMediatomb.wait_for_open_port(port) - serverMediatomb.succeed(f"curl --fail http://serverMediatomb:{port}/") - page = client.succeed(f"curl --fail http://serverMediatomb:{port}/") - assert "MediaTomb" in page and "Gerbera" not in page - serverMediatomb.shutdown() + server.wait_for_unit("mediatomb") + server.wait_until_succeeds("nc -z 192.168.1.2 49152") + server.succeed("curl -v --fail http://server:49152/") - port = 49152 - serverGerbera.succeed("mkdir -p /var/lib/mediatomb/{pictures,audio}") - serverGerbera.succeed("chown -R mediatomb:mediatomb /var/lib/mediatomb") - # service running gerbera fails the first time claiming something is already bound - # gerbera[715]: 2020-07-18 23:52:14 info: Please check if another instance of Gerbera or - # gerbera[715]: 2020-07-18 23:52:14 info: another application is running on port TCP 49152 or UDP 1900. - # I did not find anything so here I work around this - serverGerbera.succeed("sleep 2") - serverGerbera.wait_until_succeeds("systemctl restart mediatomb") - serverGerbera.wait_for_unit("mediatomb") - serverGerbera.succeed(f"curl --fail http://serverGerbera:{port}/") - page = client.succeed(f"curl --fail http://serverGerbera:{port}/") + client.wait_for_unit("multi-user.target") + page = client.succeed("curl -v --fail http://server:49152/") assert "Gerbera" in page and "MediaTomb" not in page - - serverGerbera.shutdown() - client.shutdown() ''; -}) +} |