diff options
Diffstat (limited to 'nixos')
40 files changed, 401 insertions, 257 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 67e042206812..9221c2951ed2 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -4,7 +4,7 @@ version="5.0" xml:id="sec-release-18.03"> -<title>Release 18.03 (“Impala”, 2018/03/??)</title> +<title>Release 18.03 (“Impala”, 2018/04/04)</title> <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" @@ -18,6 +18,20 @@ has the following highlights: </para> <itemizedlist> + + <listitem> + <para> + End of support is planned for end of October 2018, handing over to 18.09. + </para> + </listitem> + + <listitem> + <para> + Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really). + Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc. + </para> + </listitem> + <listitem> <para> Nix now defaults to 2.0; see its @@ -27,13 +41,13 @@ has the following highlights: </para> <listitem> <para> - Linux kernel defaults to the 4.14 branch (it was 4.9). + Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237. </para> </listitem> <listitem> <para> - GCC defaults to 7.x (it was 6.x). + Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12. </para> </listitem> @@ -59,13 +73,7 @@ has the following highlights: </para> </listitem> <listitem> - <para> - The GNOME version is now 3.26. - </para> - </listitem> - - <listitem> - <para>PHP now defaults to PHP 7.2</para> + <para>PHP now defaults to PHP 7.2, updated from 7.1.</para> </listitem> </itemizedlist> @@ -81,9 +89,66 @@ has the following highlights: </para> <para>The following new services were added since the last release:</para> <itemizedlist> - <listitem> - <para></para> - </listitem> + <listitem><para><literal>./config/krb5/default.nix</literal></para></listitem> + <listitem><para><literal>./hardware/digitalbitbox.nix</literal></para></listitem> + <listitem><para><literal>./misc/label.nix</literal></para></listitem> + <listitem><para><literal>./programs/ccache.nix</literal></para></listitem> + <listitem><para><literal>./programs/criu.nix</literal></para></listitem> + <listitem><para><literal>./programs/digitalbitbox/default.nix</literal></para></listitem> + <listitem><para><literal>./programs/less.nix</literal></para></listitem> + <listitem><para><literal>./programs/npm.nix</literal></para></listitem> + <listitem><para><literal>./programs/plotinus.nix</literal></para></listitem> + <listitem><para><literal>./programs/rootston.nix</literal></para></listitem> + <listitem><para><literal>./programs/systemtap.nix</literal></para></listitem> + <listitem><para><literal>./programs/sway.nix</literal></para></listitem> + <listitem><para><literal>./programs/udevil.nix</literal></para></listitem> + <listitem><para><literal>./programs/way-cooler.nix</literal></para></listitem> + <listitem><para><literal>./programs/yabar.nix</literal></para></listitem> + <listitem><para><literal>./programs/zsh/zsh-autoenv.nix</literal></para></listitem> + <listitem><para><literal>./services/backup/borgbackup.nix</literal></para></listitem> + <listitem><para><literal>./services/backup/crashplan-small-business.nix</literal></para></listitem> + <listitem><para><literal>./services/desktops/dleyna-renderer.nix</literal></para></listitem> + <listitem><para><literal>./services/desktops/dleyna-server.nix</literal></para></listitem> + <listitem><para><literal>./services/desktops/pipewire.nix</literal></para></listitem> + <listitem><para><literal>./services/desktops/gnome3/chrome-gnome-shell.nix</literal></para></listitem> + <listitem><para><literal>./services/desktops/gnome3/tracker-miners.nix</literal></para></listitem> + <listitem><para><literal>./services/hardware/fwupd.nix</literal></para></listitem> + <listitem><para><literal>./services/hardware/interception-tools.nix</literal></para></listitem> + <listitem><para><literal>./services/hardware/u2f.nix</literal></para></listitem> + <listitem><para><literal>./services/hardware/usbmuxd.nix</literal></para></listitem> + <listitem><para><literal>./services/mail/clamsmtp.nix</literal></para></listitem> + <listitem><para><literal>./services/mail/dkimproxy-out.nix</literal></para></listitem> + <listitem><para><literal>./services/mail/pfix-srsd.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/gitea.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/home-assistant.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/ihaskell.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/logkeys.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/novacomd.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/osrm.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/plexpy.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/pykms.nix</literal></para></listitem> + <listitem><para><literal>./services/misc/tzupdate.nix</literal></para></listitem> + <listitem><para><literal>./services/monitoring/fusion-inventory.nix</literal></para></listitem> + <listitem><para><literal>./services/monitoring/prometheus/exporters.nix</literal></para></listitem> + <listitem><para><literal>./services/network-filesystems/beegfs.nix</literal></para></listitem> + <listitem><para><literal>./services/network-filesystems/davfs2.nix</literal></para></listitem> + <listitem><para><literal>./services/network-filesystems/openafs/client.nix</literal></para></listitem> + <listitem><para><literal>./services/network-filesystems/openafs/server.nix</literal></para></listitem> + <listitem><para><literal>./services/network-filesystems/ceph.nix</literal></para></listitem> + <listitem><para><literal>./services/networking/aria2.nix</literal></para></listitem> + <listitem><para><literal>./services/networking/monero.nix</literal></para></listitem> + <listitem><para><literal>./services/networking/nghttpx/default.nix</literal></para></listitem> + <listitem><para><literal>./services/networking/nixops-dns.nix</literal></para></listitem> + <listitem><para><literal>./services/networking/rxe.nix</literal></para></listitem> + <listitem><para><literal>./services/networking/stunnel.nix</literal></para></listitem> + <listitem><para><literal>./services/web-apps/matomo.nix</literal></para></listitem> + <listitem><para><literal>./services/web-apps/restya-board.nix</literal></para></listitem> + <listitem><para><literal>./services/web-servers/mighttpd2.nix</literal></para></listitem> + <listitem><para><literal>./services/x11/fractalart.nix</literal></para></listitem> + <listitem><para><literal>./system/boot/binfmt.nix</literal></para></listitem> + <listitem><para><literal>./system/boot/grow-partition.nix</literal></para></listitem> + <listitem><para><literal>./tasks/filesystems/ecryptfs.nix</literal></para></listitem> + <listitem><para><literal>./virtualisation/hyperv-guest.nix</literal></para></listitem> </itemizedlist> </section> @@ -174,7 +239,7 @@ following incompatible changes:</para> the <literal>openssh_with_kerberos</literal> package is now a deprecated alias. If you do not want Kerberos support, - you can do <literal>openssh.override { withKerboros = false; }</literal>. + you can do <literal>openssh.override { withKerberos = false; }</literal>. Note, this also applies to the <literal>openssh_hpn</literal> package. </para> </listitem> diff --git a/nixos/lib/make-system-tarball.nix b/nixos/lib/make-system-tarball.nix index a2a0340a6bd3..92539235be75 100644 --- a/nixos/lib/make-system-tarball.nix +++ b/nixos/lib/make-system-tarball.nix @@ -1,4 +1,4 @@ -{ stdenv, perl, xz, pathsFromGraph +{ stdenv, perl, pixz, pathsFromGraph , # The file name of the resulting tarball fileName ? "nixos-system-${stdenv.system}" @@ -21,14 +21,20 @@ # Extra tar arguments , extraArgs ? "" + # Command used for compression +, compressCommand ? "pixz" + # Extension for the compressed tarball +, compressionExtension ? ".xz" + # extra inputs, like the compressor to use +, extraInputs ? [ pixz ] }: stdenv.mkDerivation { name = "tarball"; builder = ./make-system-tarball.sh; - buildInputs = [perl xz]; + buildInputs = [ perl ] ++ extraInputs; - inherit fileName pathsFromGraph extraArgs extraCommands; + inherit fileName pathsFromGraph extraArgs extraCommands compressCommand; # !!! should use XML. sources = map (x: x.source) contents; @@ -41,4 +47,6 @@ stdenv.mkDerivation { # For obtaining the closure of `storeContents'. exportReferencesGraph = map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents; + + extension = compressionExtension; } diff --git a/nixos/lib/make-system-tarball.sh b/nixos/lib/make-system-tarball.sh index 73a009d8488a..1a52a284a257 100644 --- a/nixos/lib/make-system-tarball.sh +++ b/nixos/lib/make-system-tarball.sh @@ -1,5 +1,4 @@ source $stdenv/setup -set -x sources_=($sources) targets_=($targets) @@ -54,8 +53,8 @@ mkdir -p $out/tarball rm env-vars -tar --sort=name --mtime='@1' --owner=0 --group=0 --numeric-owner -cvJf $out/tarball/$fileName.tar.xz * $extraArgs +time tar --sort=name --mtime='@1' --owner=0 --group=0 --numeric-owner -c * $extraArgs | $compressCommand > $out/tarball/$fileName.tar${extension} mkdir -p $out/nix-support echo $system > $out/nix-support/system -echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products +echo "file system-tarball $out/tarball/$fileName.tar${extension}" > $out/nix-support/hydra-build-products diff --git a/nixos/maintainers/option-usages.nix b/nixos/maintainers/option-usages.nix index 7be0255b35ac..371ee7d91808 100644 --- a/nixos/maintainers/option-usages.nix +++ b/nixos/maintainers/option-usages.nix @@ -15,7 +15,7 @@ # # $ nix-build ./option-usage.nix --argstr testOption service.xserver.enable -A txt -o service.xserver.enable._txt # -# otther target exists such as, `dotContent`, `dot`, and `pdf`. If you are +# Other targets exists such as `dotContent`, `dot`, and `pdf`. If you are # looking for the option usage of multiple options, you can provide a list # as argument. # @@ -35,7 +35,7 @@ # value is replaced by a `throw` statement which is caught by the `tryEval` # evaluation of each option value. # -# We then compare the result of the evluation of the original module, with +# We then compare the result of the evaluation of the original module, with # the result of the second evaluation, and consider that the new failures are # caused by our mutation of the `config` argument. # @@ -62,7 +62,7 @@ let "_module.args" # For some reasons which we yet have to investigate, some options cannot - # be replaced by a throw without cuasing a non-catchable failure. + # be replaced by a throw without causing a non-catchable failure. "networking.bonds" "networking.bridges" "networking.interfaces" diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index 7b36d4f1cbdf..c595c6932946 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -17,23 +17,23 @@ let resolved = canLoadExternalModules && config.services.resolved.enable; hostArray = [ "files" ] - ++ optionals mymachines [ "mymachines" ] - ++ optionals nssmdns [ "mdns_minimal [NOTFOUND=return]" ] - ++ optionals nsswins [ "wins" ] - ++ optionals resolved ["resolve [!UNAVAIL=return]"] + ++ optional mymachines "mymachines" + ++ optional nssmdns "mdns_minimal [NOTFOUND=return]" + ++ optional nsswins "wins" + ++ optional resolved "resolve [!UNAVAIL=return]" ++ [ "dns" ] - ++ optionals nssmdns [ "mdns" ] - ++ optionals myhostname ["myhostname" ]; + ++ optional nssmdns "mdns" + ++ optional myhostname "myhostname"; passwdArray = [ "files" ] ++ optional sssd "sss" - ++ optionals ldap [ "ldap" ] - ++ optionals mymachines [ "mymachines" ] + ++ optional ldap "ldap" + ++ optional mymachines "mymachines" ++ [ "systemd" ]; shadowArray = [ "files" ] ++ optional sssd "sss" - ++ optionals ldap [ "ldap" ]; + ++ optional ldap "ldap"; servicesArray = [ "files" ] ++ optional sssd "sss"; diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index d3212d931605..361151665018 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -109,7 +109,6 @@ in "/sbin" "/share/applications" "/share/desktop-directories" - "/share/doc" "/share/emacs" "/share/icons" "/share/menus" diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 11e969b760e0..42d5d233f1c1 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -35,6 +35,7 @@ let name = mkOption { type = types.str; + apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x; description = '' The name of the user account. If undefined, the name of the attribute set will be used. @@ -91,6 +92,7 @@ let group = mkOption { type = types.str; + apply = x: assert (builtins.stringLength x < 17 || abort "Group name '${x}' is longer than 16 characters which is not allowed!"); x; default = "nogroup"; description = "The user's primary group."; }; @@ -502,9 +504,6 @@ in { }; }; - # Install all the user shells - environment.systemPackages = systemShells; - users.groups = { root.gid = ids.gids.root; wheel.gid = ids.gids.wheel; @@ -541,14 +540,29 @@ in { # for backwards compatibility system.activationScripts.groups = stringAfter [ "users" ] ""; - environment.etc."subuid" = { - text = subuidFile; - mode = "0644"; - }; - environment.etc."subgid" = { - text = subgidFile; - mode = "0644"; - }; + # Install all the user shells + environment.systemPackages = systemShells; + + environment.etc = { + "subuid" = { + text = subuidFile; + mode = "0644"; + }; + "subgid" = { + text = subgidFile; + mode = "0644"; + }; + } // (mapAttrs' (name: { packages, ... }: { + name = "profiles/per-user/${name}"; + value.source = pkgs.buildEnv { + name = "user-environment"; + paths = packages; + inherit (config.environment) pathsToLink extraOutputsToInstall; + inherit (config.system.path) ignoreCollisions postBuild; + }; + }) (filterAttrs (_: u: u.packages != []) cfg.users)); + + environment.profiles = [ "/etc/profiles/per-user/$USER" ]; assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); @@ -579,22 +593,4 @@ in { }; - imports = - [ (mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ]) - (mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ]) - { - environment = { - etc = mapAttrs' (name: { packages, ... }: { - name = "profiles/per-user/${name}"; - value.source = pkgs.buildEnv { - name = "user-environment"; - paths = packages; - inherit (config.environment) pathsToLink extraOutputsToInstall; - inherit (config.system.path) ignoreCollisions postBuild; - }; - }) (filterAttrs (_: { packages, ... }: packages != []) cfg.users); - profiles = ["/etc/profiles/per-user/$USER"]; - }; - } - ]; } diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix index 3306846b7fa7..ddf91a5656c7 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix @@ -21,9 +21,6 @@ in "it cannot be cross compiled"; }; - # Needed by RPi firmware - nixpkgs.config.allowUnfree = true; - boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix index 08903ba397a1..891923234dda 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix @@ -21,9 +21,6 @@ in "it cannot be cross compiled"; }; - # Needed by RPi firmware - nixpkgs.config.allowUnfree = true; - boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix index 2833b75b84d8..212013b5e289 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix @@ -21,9 +21,6 @@ in "it cannot be cross compiled"; }; - # Needed by RPi firmware - nixpkgs.config.allowUnfree = true; - boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 23312c073d56..c091923de60f 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -20,6 +20,20 @@ let in { options.sdImage = { + imageName = mkOption { + default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.system}.img"; + description = '' + Name of the generated image file. + ''; + }; + + imageBaseName = mkOption { + default = "nixos-sd-image"; + description = '' + Prefix of the name of the generated image file. + ''; + }; + storePaths = mkOption { type = with types; listOf package; example = literalExample "[ pkgs.stdenv ]"; @@ -61,19 +75,25 @@ in sdImage.storePaths = [ config.system.build.toplevel ]; system.build.sdImage = pkgs.stdenv.mkDerivation { - name = "sd-image-${pkgs.stdenv.system}.img"; + name = config.sdImage.imageName; buildInputs = with pkgs; [ dosfstools e2fsprogs mtools libfaketime utillinux ]; buildCommand = '' + mkdir -p $out/nix-support $out/sd-image + export img=$out/sd-image/${config.sdImage.imageName} + + echo "${pkgs.stdenv.system}" > $out/nix-support/system + echo "file sd-image $img" >> $out/nix-support/hydra-build-products + # Create the image file sized to fit /boot and /, plus 20M of slack rootSizeBlocks=$(du -B 512 --apparent-size ${rootfsImage} | awk '{ print $1 }') bootSizeBlocks=$((${toString config.sdImage.bootSize} * 1024 * 1024 / 512)) imageSize=$((rootSizeBlocks * 512 + bootSizeBlocks * 512 + 20 * 1024 * 1024)) - truncate -s $imageSize $out + truncate -s $imageSize $img # type=b is 'W95 FAT32', type=83 is 'Linux'. - sfdisk $out <<EOF + sfdisk $img <<EOF label: dos label-id: 0x2178694e @@ -82,11 +102,11 @@ in EOF # Copy the rootfs into the SD image - eval $(partx $out -o START,SECTORS --nr 2 --pairs) - dd conv=notrunc if=${rootfsImage} of=$out seek=$START count=$SECTORS + eval $(partx $img -o START,SECTORS --nr 2 --pairs) + dd conv=notrunc if=${rootfsImage} of=$img seek=$START count=$SECTORS # Create a FAT32 /boot partition of suitable size into bootpart.img - eval $(partx $out -o START,SECTORS --nr 1 --pairs) + eval $(partx $img -o START,SECTORS --nr 1 --pairs) truncate -s $((SECTORS * 512)) bootpart.img faketime "1970-01-01 00:00:00" mkfs.vfat -i 0x2178694e -n NIXOS_BOOT bootpart.img @@ -96,7 +116,7 @@ in # Copy the populated /boot into the SD image (cd boot; mcopy -bpsvm -i ../bootpart.img ./* ::) - dd conv=notrunc if=bootpart.img of=$out seek=$START count=$SECTORS + dd conv=notrunc if=bootpart.img of=$img seek=$START count=$SECTORS ''; }; diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix new file mode 100644 index 000000000000..cea8981370bb --- /dev/null +++ b/nixos/modules/misc/documentation.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let cfg = config.documentation; in + +{ + + options = { + + documentation = { + + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install documentation of packages from + <option>environment.systemPackages</option> into the generated system path. + ''; + }; + + man.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install manual pages and the <command>man</command> command. + This also includes "man" outputs. + ''; + }; + + doc.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install documentation distributed in packages' <literal>/share/doc</literal>. + Usually plain text and/or HTML. + This also includes "doc" outputs. + ''; + }; + + info.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install info pages and the <command>info</command> command. + This also includes "info" outputs. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable (mkMerge [ + + (mkIf cfg.man.enable { + environment.systemPackages = [ pkgs.man-db ]; + environment.pathsToLink = [ "/share/man" ]; + environment.extraOutputsToInstall = [ "man" ]; + }) + + (mkIf cfg.doc.enable { + # TODO(@oxij): put it here and remove from profiles? + # environment.systemPackages = [ pkgs.w3m ]; # w3m-nox? + environment.pathsToLink = [ "/share/doc" ]; + environment.extraOutputsToInstall = [ "doc" ]; + }) + + (mkIf cfg.info.enable { + environment.systemPackages = [ pkgs.texinfoInteractive ]; + environment.pathsToLink = [ "/share/info" ]; + environment.extraOutputsToInstall = [ "info" ]; + }) + + ]); + +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f23ecc1e99d8..3a8b1014553c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -58,6 +58,7 @@ ./installer/tools/tools.nix ./misc/assertions.nix ./misc/crashdump.nix + ./misc/documentation.nix ./misc/extra-arguments.nix ./misc/ids.nix ./misc/lib.nix @@ -85,12 +86,10 @@ ./programs/freetds.nix ./programs/gnupg.nix ./programs/gphoto2.nix - ./programs/info.nix ./programs/java.nix ./programs/kbdlight.nix ./programs/less.nix ./programs/light.nix - ./programs/man.nix ./programs/mosh.nix ./programs/mtr.nix ./programs/nano.nix diff --git a/nixos/modules/profiles/docker-container.nix b/nixos/modules/profiles/docker-container.nix index 433492b96137..7031d7d1d593 100644 --- a/nixos/modules/profiles/docker-container.nix +++ b/nixos/modules/profiles/docker-container.nix @@ -14,9 +14,7 @@ in { ]; # Create the tarball - system.build.tarball = import ../../lib/make-system-tarball.nix { - inherit (pkgs) stdenv perl xz pathsFromGraph; - + system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { contents = []; extraArgs = "--owner=0"; diff --git a/nixos/modules/profiles/minimal.nix b/nixos/modules/profiles/minimal.nix index e2497d04252e..40df7063a9bf 100644 --- a/nixos/modules/profiles/minimal.nix +++ b/nixos/modules/profiles/minimal.nix @@ -10,10 +10,9 @@ with lib; # This isn't perfect, but let's expect the user specifies an UTF-8 defaultLocale i18n.supportedLocales = [ (config.i18n.defaultLocale + "/UTF-8") ]; - services.nixosManual.enable = mkDefault false; - programs.man.enable = mkDefault false; - programs.info.enable = mkDefault false; + documentation.enable = mkDefault false; + services.nixosManual.enable = mkDefault false; sound.enable = mkDefault false; } diff --git a/nixos/modules/programs/info.nix b/nixos/modules/programs/info.nix deleted file mode 100644 index be6439dca5ad..000000000000 --- a/nixos/modules/programs/info.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - - options = { - - programs.info.enable = mkOption { - type = types.bool; - default = true; - description = '' - Whether to enable info pages and the <command>info</command> command. - ''; - }; - - }; - - - config = mkIf config.programs.info.enable { - - environment.systemPackages = [ pkgs.texinfoInteractive ]; - - environment.pathsToLink = [ "/info" "/share/info" ]; - - environment.extraOutputsToInstall = [ "info" ]; - - }; - -} diff --git a/nixos/modules/programs/man.nix b/nixos/modules/programs/man.nix deleted file mode 100644 index 5b20a38d8856..000000000000 --- a/nixos/modules/programs/man.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - - options = { - - programs.man.enable = mkOption { - type = types.bool; - default = true; - description = '' - Whether to enable manual pages and the <command>man</command> command. - This also includes "man" outputs of all <literal>systemPackages</literal>. - ''; - }; - - }; - - - config = mkIf config.programs.man.enable { - - environment.systemPackages = [ pkgs.man-db ]; - - environment.pathsToLink = [ "/share/man" ]; - - environment.extraOutputsToInstall = [ "man" ]; - - }; - -} diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 288634343750..0c3ac054292d 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -4,6 +4,7 @@ with lib; { imports = [ + (mkRenamedOptionModule [ "dysnomia" ] [ "services" "dysnomia" ]) (mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]) (mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]) (mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ]) @@ -203,6 +204,10 @@ with lib; (mkRenamedOptionModule [ "config" "system" "nixosCodeName" ] [ "config" "system" "nixos" "codeName" ]) (mkRenamedOptionModule [ "config" "system" "nixosLabel" ] [ "config" "system" "nixos" "label" ]) + # Users + (mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ]) + (mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ]) + # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") (mkRemovedOptionModule [ "programs" "bash" "enable" ] "") @@ -240,6 +245,10 @@ with lib; # Xen (mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ]) + + (mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ]) + (mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ]) + ] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "snmpExporter" "unifiExporter" "varnishExporter" ] diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 39c5d78d4191..aeb0a0d2432d 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -766,7 +766,7 @@ in { rm /opt/cni/bin/* || true ${concatMapStrings (package: '' echo "Linking cni package: ${package}" - ln -fs ${package.plugins}/* /opt/cni/bin + ln -fs ${package}/bin/* /opt/cni/bin '') cfg.kubelet.cni.packages} ''; serviceConfig = { @@ -828,7 +828,7 @@ in { }; # Allways include cni plugins - services.kubernetes.kubelet.cni.packages = [pkgs.cni]; + services.kubernetes.kubelet.cni.packages = [pkgs.cni-plugins]; boot.kernelModules = ["br_netfilter"]; diff --git a/nixos/modules/services/misc/disnix.nix b/nixos/modules/services/misc/disnix.nix index 39d23610b064..e4517c636e88 100644 --- a/nixos/modules/services/misc/disnix.nix +++ b/nixos/modules/services/misc/disnix.nix @@ -57,7 +57,7 @@ in ###### implementation config = mkIf cfg.enable { - dysnomia.enable = true; + services.dysnomia.enable = true; environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService; diff --git a/nixos/modules/services/misc/dysnomia.nix b/nixos/modules/services/misc/dysnomia.nix index c5c41ad296da..25cd0038e36d 100644 --- a/nixos/modules/services/misc/dysnomia.nix +++ b/nixos/modules/services/misc/dysnomia.nix @@ -3,8 +3,8 @@ with lib; let - cfg = config.dysnomia; - + cfg = config.services.dysnomia; + printProperties = properties: concatMapStrings (propertyName: let @@ -13,7 +13,7 @@ let if isList property then "${propertyName}=(${lib.concatMapStrings (elem: "\"${toString elem}\" ") (properties."${propertyName}")})\n" else "${propertyName}=\"${toString property}\"\n" ) (builtins.attrNames properties); - + properties = pkgs.stdenv.mkDerivation { name = "dysnomia-properties"; buildCommand = '' @@ -22,13 +22,13 @@ let EOF ''; }; - + containersDir = pkgs.stdenv.mkDerivation { name = "dysnomia-containers"; buildCommand = '' mkdir -p $out cd $out - + ${concatMapStrings (containerName: let containerProperties = cfg.containers."${containerName}"; @@ -42,11 +42,11 @@ let ) (builtins.attrNames cfg.containers)} ''; }; - + linkMutableComponents = {containerName}: '' mkdir ${containerName} - + ${concatMapStrings (componentName: let component = cfg.components."${containerName}"."${componentName}"; @@ -54,13 +54,13 @@ let "ln -s ${component} ${containerName}/${componentName}\n" ) (builtins.attrNames (cfg.components."${containerName}" or {}))} ''; - + componentsDir = pkgs.stdenv.mkDerivation { name = "dysnomia-components"; buildCommand = '' mkdir -p $out cd $out - + ${concatMapStrings (containerName: let components = cfg.components."${containerName}"; @@ -72,59 +72,59 @@ let in { options = { - dysnomia = { - + services.dysnomia = { + enable = mkOption { type = types.bool; default = false; description = "Whether to enable Dysnomia"; }; - + enableAuthentication = mkOption { type = types.bool; default = false; description = "Whether to publish privacy-sensitive authentication credentials"; }; - + package = mkOption { type = types.path; description = "The Dysnomia package"; }; - + properties = mkOption { description = "An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions."; default = {}; }; - + containers = mkOption { description = "An attribute set in which each key represents a container and each value an attribute set providing its configuration properties"; default = {}; }; - + components = mkOption { description = "An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state"; default = {}; }; - + extraContainerProperties = mkOption { description = "An attribute set providing additional container settings in addition to the default properties"; default = {}; }; - + extraContainerPaths = mkOption { description = "A list of paths containing additional container configurations that are added to the search folders"; default = []; }; - + extraModulePaths = mkOption { description = "A list of paths containing additional modules that are added to the search folders"; default = []; }; }; }; - + config = mkIf cfg.enable { - + environment.etc = { "dysnomia/containers" = { source = containersDir; @@ -136,16 +136,16 @@ in source = properties; }; }; - + environment.variables = { DYSNOMIA_STATEDIR = "/var/state/dysnomia-nixos"; DYSNOMIA_CONTAINERS_PATH = "${lib.concatMapStrings (containerPath: "${containerPath}:") cfg.extraContainerPaths}/etc/dysnomia/containers"; DYSNOMIA_MODULES_PATH = "${lib.concatMapStrings (modulePath: "${modulePath}:") cfg.extraModulePaths}/etc/dysnomia/modules"; }; - + environment.systemPackages = [ cfg.package ]; - - dysnomia.package = pkgs.dysnomia.override (origArgs: { + + services.dysnomia.package = pkgs.dysnomia.override (origArgs: { enableApacheWebApplication = config.services.httpd.enable; enableAxis2WebService = config.services.tomcat.axis2.enable; enableEjabberdDump = config.services.ejabberd.enable; @@ -155,8 +155,8 @@ in enableTomcatWebApplication = config.services.tomcat.enable; enableMongoDatabase = config.services.mongodb.enable; }); - - dysnomia.properties = { + + services.dysnomia.properties = { hostname = config.networking.hostName; system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system; @@ -173,8 +173,8 @@ in ''; }}"); }; - - dysnomia.containers = lib.recursiveUpdate ({ + + services.dysnomia.containers = lib.recursiveUpdate ({ process = {}; wrapper = {}; } diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix index f6d326e43d94..ba744d37e71c 100644 --- a/nixos/modules/services/misc/gogs.nix +++ b/nixos/modules/services/misc/gogs.nix @@ -35,6 +35,9 @@ let SECRET_KEY = #secretkey# INSTALL_LOCK = true + [log] + ROOT_PATH = ${cfg.stateDir}/log + ${cfg.extraConfig} ''; in diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index ea964fd68e43..f2d34560a718 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -439,17 +439,18 @@ in services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers; + # FIXME: use systemd-tmpfiles to create Nix directories. system.activationScripts.nix = stringAfter [ "etc" "users" ] '' # Nix initialisation. - mkdir -m 0755 -p \ + install -m 0755 -d \ /nix/var/nix/gcroots \ /nix/var/nix/temproots \ /nix/var/nix/userpool \ /nix/var/nix/profiles \ /nix/var/nix/db \ /nix/var/log/nix/drvs - mkdir -m 1777 -p \ + install -m 1777 -d \ /nix/var/nix/gcroots/per-user \ /nix/var/nix/profiles/per-user \ /nix/var/nix/gcroots/tmp diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index b8253956d54f..abf506ea7c67 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -112,10 +112,10 @@ in system.build.manual = manual; - environment.systemPackages = - [ manual.manual helpScript ] - ++ optionals config.services.xserver.enable [desktopItem pkgs.nixos-icons] - ++ optional config.programs.man.enable manual.manpages; + environment.systemPackages = [] + ++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ] + ++ optional config.documentation.man.enable manual.manpages + ++ optionals config.documentation.doc.enable [ manual.manual helpScript ]; boot.extraTTYs = mkIf cfg.showManual ["tty${toString cfg.ttyNumber}"]; diff --git a/nixos/modules/services/misc/parsoid.nix b/nixos/modules/services/misc/parsoid.nix index ae3f84333d2d..c757093e5c1b 100644 --- a/nixos/modules/services/misc/parsoid.nix +++ b/nixos/modules/services/misc/parsoid.nix @@ -6,6 +6,8 @@ let cfg = config.services.parsoid; + parsoid = pkgs.nodePackages."parsoid-git://github.com/abbradar/parsoid#stable"; + confTree = { worker_heartbeat_timeout = 300000; logging = { level = "info"; }; @@ -93,7 +95,7 @@ in after = [ "network.target" ]; serviceConfig = { User = "nobody"; - ExecStart = "${pkgs.nodePackages.parsoid}/lib/node_modules/parsoid/bin/server.js -c ${confFile} -n ${toString cfg.workers}"; + ExecStart = "${parsoid}/lib/node_modules/parsoid/bin/server.js -c ${confFile} -n ${toString cfg.workers}"; }; }; diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix index 2eac6dfec5b7..fd7e317eee95 100644 --- a/nixos/modules/services/networking/dhcpd.nix +++ b/nixos/modules/services/networking/dhcpd.nix @@ -36,6 +36,7 @@ let preStart = '' mkdir -m 755 -p ${cfg.stateDir} + chown dhcpd:nogroup ${cfg.stateDir} touch ${cfg.stateDir}/dhcpd.leases ''; diff --git a/nixos/modules/services/networking/tcpcrypt.nix b/nixos/modules/services/networking/tcpcrypt.nix index 2f304165eb4b..ee005e11aa32 100644 --- a/nixos/modules/services/networking/tcpcrypt.nix +++ b/nixos/modules/services/networking/tcpcrypt.nix @@ -44,9 +44,9 @@ in path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ]; preStart = '' - mkdir -p /var/run/tcpcryptd - chown tcpcryptd /var/run/tcpcryptd - sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state + mkdir -p /run/tcpcryptd + chown tcpcryptd /run/tcpcryptd + sysctl -n net.ipv4.tcp_ecn > /run/tcpcryptd/pre-tcpcrypt-ecn-state sysctl -w net.ipv4.tcp_ecn=0 iptables -t raw -N nixos-tcpcrypt @@ -61,8 +61,8 @@ in script = "tcpcryptd -x 0x10"; postStop = '' - if [ -f /run/pre-tcpcrypt-ecn-state ]; then - sysctl -w net.ipv4.tcp_ecn=$(cat /run/pre-tcpcrypt-ecn-state) + if [ -f /run/tcpcryptd/pre-tcpcrypt-ecn-state ]; then + sysctl -w net.ipv4.tcp_ecn=$(cat /run/tcpcryptd/pre-tcpcrypt-ecn-state) fi iptables -t mangle -D POSTROUTING -j nixos-tcpcrypt || true diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 545ee327d596..f069a9883a7f 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -112,7 +112,7 @@ in mkdir -m 0755 -p ${stateDir}/dev/ cp ${confFile} ${stateDir}/unbound.conf ${optionalString cfg.enableRootTrustAnchor '' - ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} + ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!" chown unbound ${stateDir} ${rootTrustAnchorFile} ''} touch ${stateDir}/dev/random diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 4911a64c95d0..1cf85af2a06c 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -59,8 +59,8 @@ in time the service starts). String values must be quoted, integer and boolean values must not. - See https://trac.transmissionbt.com/wiki/EditConfigFiles for - documentation. + See https://github.com/transmission/transmission/wiki/Editing-Configuration-Files + for documentation. ''; }; diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 9d2c580d62a7..b83012dfda7e 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -43,7 +43,7 @@ if [ ! -e /proc/1 ]; then local options="$3" local fsType="$4" - mkdir -m 0755 -p "$mountPoint" + install -m 0755 -d "$mountPoint" mount -n -t "$fsType" -o "$options" "$device" "$mountPoint" } source @earlyMountScript@ @@ -71,7 +71,7 @@ fi # Provide a /etc/mtab. -mkdir -m 0755 -p /etc +install -m 0755 -d /etc test -e /etc/fstab || touch /etc/fstab # to shut up mount rm -f /etc/mtab* # not that we care about stale locks ln -s /proc/mounts /etc/mtab @@ -79,8 +79,8 @@ ln -s /proc/mounts /etc/mtab # More special file systems, initialise required directories. [ -e /proc/bus/usb ] && mount -t usbfs usbfs /proc/bus/usb # UML doesn't have USB by default -mkdir -m 01777 -p /tmp -mkdir -m 0755 -p /var/{log,lib,db} /nix/var /etc/nixos/ \ +install -m 01777 -d /tmp +install -m 0755 -d /var/{log,lib,db} /nix/var /etc/nixos/ \ /run/lock /home /bin # for the /bin/sh symlink diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 630fe6d114ce..c7d56790fa0c 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -68,8 +68,7 @@ let (hasAttr dev cfg.macvlans) || (hasAttr dev cfg.sits) || (hasAttr dev cfg.vlans) || - (hasAttr dev cfg.vswitches) || - (hasAttr dev cfg.wlanInterfaces) + (hasAttr dev cfg.vswitches) then [ "${dev}-netdev.service" ] else optional (dev != null && dev != "lo" && !config.boot.isContainer) (subsystemDevice dev); diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index a2d2eb1c3119..14f9b9567515 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -62,35 +62,6 @@ let then mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n==device) interfaces) ++ mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n!=device) interfaces) else mapAttrsToList (n: v: v // {_iName = n;}) interfaces; - # udev script that configures a physical wlan device and adds virtual interfaces - wlanDeviceUdevScript = device: interfaceList: pkgs.writeScript "wlan-${device}-udev-script" '' - #!${pkgs.runtimeShell} - - # Change the wireless phy device to a predictable name. - if [ -e "/sys/class/net/${device}/phy80211/name" ]; then - ${pkgs.iw}/bin/iw phy `${pkgs.coreutils}/bin/cat /sys/class/net/${device}/phy80211/name` set name ${device} || true - fi - - # Crate new, virtual interfaces and configure them at the same time - ${flip concatMapStrings (drop 1 interfaceList) (i: '' - ${pkgs.iw}/bin/iw dev ${device} interface add ${i._iName} type ${i.type} \ - ${optionalString (i.type == "mesh" && i.meshID != null) "mesh_id ${i.meshID}"} \ - ${optionalString (i.type == "monitor" && i.flags != null) "flags ${i.flags}"} \ - ${optionalString (i.type == "managed" && i.fourAddr != null) "4addr ${if i.fourAddr then "on" else "off"}"} \ - ${optionalString (i.mac != null) "addr ${i.mac}"} - '')} - - # Reconfigure and rename the default interface that already exists - ${flip concatMapStrings (take 1 interfaceList) (i: '' - ${pkgs.iw}/bin/iw dev ${device} set type ${i.type} - ${optionalString (i.type == "mesh" && i.meshID != null) "${pkgs.iw}/bin/iw dev ${device} set meshid ${i.meshID}"} - ${optionalString (i.type == "monitor" && i.flags != null) "${pkgs.iw}/bin/iw dev ${device} set monitor ${i.flags}"} - ${optionalString (i.type == "managed" && i.fourAddr != null) "${pkgs.iw}/bin/iw dev ${device} set 4addr ${if i.fourAddr then "on" else "off"}"} - ${optionalString (i.mac != null) "${pkgs.iproute}/bin/ip link set dev ${device} address ${i.mac}"} - ${optionalString (device != i._iName) "${pkgs.iproute}/bin/ip link set dev ${device} name ${i._iName}"} - '')} - ''; - # We must escape interfaces due to the systemd interpretation subsystemDevice = interface: "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; diff --git a/nixos/modules/virtualisation/ec2-amis.nix b/nixos/modules/virtualisation/ec2-amis.nix index 01512911a057..baffad79b001 100644 --- a/nixos/modules/virtualisation/ec2-amis.nix +++ b/nixos/modules/virtualisation/ec2-amis.nix @@ -240,5 +240,22 @@ let self = { "17.09".sa-east-1.hvm-ebs = "ami-4762202b"; "17.09".ap-south-1.hvm-ebs = "ami-4e376021"; - latest = self."17.09"; + # 18.03.131792.becbe4dbe16 + "18.03".eu-west-1.hvm-ebs = "ami-cda4fab4"; + "18.03".eu-west-2.hvm-ebs = "ami-d96786be"; + "18.03".eu-west-3.hvm-ebs = "ami-6b0cba16"; + "18.03".eu-central-1.hvm-ebs = "ami-5e2b75b5"; + "18.03".us-east-1.hvm-ebs = "ami-d464cba9"; + "18.03".us-east-2.hvm-ebs = "ami-fd221298"; + "18.03".us-west-1.hvm-ebs = "ami-ff0d1d9f"; + "18.03".us-west-2.hvm-ebs = "ami-c05c3bb8"; + "18.03".ca-central-1.hvm-ebs = "ami-cc72f4a8"; + "18.03".ap-southeast-1.hvm-ebs = "ami-b61633ca"; + "18.03".ap-southeast-2.hvm-ebs = "ami-530fc131"; + "18.03".ap-northeast-1.hvm-ebs = "ami-90d6c0ec"; + "18.03".ap-northeast-2.hvm-ebs = "ami-a1248bcf"; + "18.03".sa-east-1.hvm-ebs = "ami-b090c6dc"; + "18.03".ap-south-1.hvm-ebs = "ami-32c9ec5d"; + + latest = self."18.03"; }; in self diff --git a/nixos/release.nix b/nixos/release.nix index 9b4aa4b0399d..22deea6fee05 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -55,6 +55,17 @@ let }).config.system.build.isoImage); + makeSdImage = + { module, maintainers ? ["dezgeg"], system }: + + with import nixpkgs { inherit system; }; + + hydraJob ((import lib/eval-config.nix { + inherit system; + modules = [ module versionModule ]; + }).config.system.build.sdImage); + + makeSystemTarball = { module, maintainers ? ["viric"], system }: @@ -155,6 +166,10 @@ in rec { inherit system; }); + sd_image = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage { + module = ./modules/installer/cd-dvd/sd-image-aarch64.nix; + inherit system; + }); # A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF). ova = forMatchingSystems [ "x86_64-linux" ] (system: @@ -296,7 +311,10 @@ in rec { tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {}; tests.kernel-latest = callTest tests/kernel-latest.nix {}; tests.kernel-lts = callTest tests/kernel-lts.nix {}; - tests.kubernetes = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/default.nix {}; + tests.kubernetes.dns = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/dns.nix {}; + ## kubernetes.e2e should eventually replace kubernetes.rbac when it works + #tests.kubernetes.e2e = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/e2e.nix {}; + tests.kubernetes.rbac = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/rbac.nix {}; tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; }; tests.ldap = callTest tests/ldap.nix {}; #tests.lightdm = callTest tests/lightdm.nix {}; diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix index 7e2a54976387..20902913e9a7 100644 --- a/nixos/tests/containers-imperative.nix +++ b/nixos/tests/containers-imperative.nix @@ -20,7 +20,7 @@ import ./make-test.nix ({ pkgs, ...} : { containers.foo.config = {}; }; }; - in [ pkgs.stdenv emptyContainer.config.containers.foo.path ]; + in [ pkgs.stdenv emptyContainer.config.containers.foo.path pkgs.libxslt ]; }; testScript = diff --git a/nixos/tests/containers-physical_interfaces.nix b/nixos/tests/containers-physical_interfaces.nix index bd1228b8e37d..bde8e175f953 100644 --- a/nixos/tests/containers-physical_interfaces.nix +++ b/nixos/tests/containers-physical_interfaces.nix @@ -52,7 +52,7 @@ import ./make-test.nix ({ pkgs, ...} : { config = { networking.bonds.bond0 = { interfaces = [ "eth1" ]; - mode = "active-backup"; + driverOptions.mode = "active-backup"; }; networking.interfaces.bond0.ipv4.addresses = [ { address = "10.10.0.3"; prefixLength = 24; } @@ -73,7 +73,7 @@ import ./make-test.nix ({ pkgs, ...} : { config = { networking.bonds.bond0 = { interfaces = [ "eth1" ]; - mode = "active-backup"; + driverOptions.mode = "active-backup"; }; networking.bridges.br0.interfaces = [ "bond0" ]; networking.interfaces.br0.ipv4.addresses = [ diff --git a/nixos/tests/kubernetes/certs.nix b/nixos/tests/kubernetes/certs.nix index d3eff910c467..520c728b65ee 100644 --- a/nixos/tests/kubernetes/certs.nix +++ b/nixos/tests/kubernetes/certs.nix @@ -6,29 +6,62 @@ kubelets }: let - runWithCFSSL = name: cmd: - builtins.fromJSON (builtins.readFile ( - pkgs.runCommand "${name}-cfss.json" { - buildInputs = [ pkgs.cfssl ]; - } "cfssl ${cmd} > $out" - )); - - writeCFSSL = content: - pkgs.runCommand content.name { - buildInputs = [ pkgs.cfssl ]; - } '' - mkdir -p $out - cd $out - cat ${writeFile content} | cfssljson -bare ${content.name} - ''; + runWithCFSSL = name: cmd: + let secrets = pkgs.runCommand "${name}-cfss.json" { + buildInputs = [ pkgs.cfssl pkgs.jq ]; + outputs = [ "out" "cert" "key" "csr" ]; + } + '' + ( + echo "${cmd}" + cfssl ${cmd} > tmp + cat tmp | jq -r .key > $key + cat tmp | jq -r .cert > $cert + cat tmp | jq -r .csr > $csr + + touch $out + ) 2>&1 | fold -w 80 -s + ''; + in { + key = secrets.key; + cert = secrets.cert; + csr = secrets.csr; + }; + + writeCFSSL = content: + pkgs.runCommand content.name { + buildInputs = [ pkgs.cfssl pkgs.jq ]; + } '' + mkdir -p $out + cd $out + + json=${pkgs.lib.escapeShellArg (builtins.toJSON content)} + + # for a given $field in the $json, treat the associated value as a + # file path and substitute the contents thereof into the $json + # object. + expandFileField() { + local field=$1 + if jq -e --arg field "$field" 'has($field)'; then + local path="$(echo "$json" | jq -r ".$field")" + json="$(echo "$json" | jq --arg val "$(cat "$path")" ".$field = \$val")" + fi + } + + expandFileField key + expandFileField ca + expandFileField cert + + echo "$json" | cfssljson -bare ${content.name} + ''; noCSR = content: pkgs.lib.filterAttrs (n: v: n != "csr") content; noKey = content: pkgs.lib.filterAttrs (n: v: n != "key") content; - writeFile = content: pkgs.writeText "content" ( - if pkgs.lib.isAttrs content then builtins.toJSON content - else toString content - ); + writeFile = content: + if pkgs.lib.isDerivation content + then content + else pkgs.writeText "content" (builtins.toJSON content); createServingCertKey = { ca, cn, hosts? [], size ? 2048, name ? cn }: noCSR ( diff --git a/nixos/tests/kubernetes/e2e.nix b/nixos/tests/kubernetes/e2e.nix index d9d7ba9bb2cc..175d8413045e 100644 --- a/nixos/tests/kubernetes/e2e.nix +++ b/nixos/tests/kubernetes/e2e.nix @@ -2,7 +2,7 @@ with import ./base.nix { inherit system; }; let domain = "my.zyx"; - certs = import ./certs.nix { externalDomain = domain; }; + certs = import ./certs.nix { externalDomain = domain; kubelets = ["machine1" "machine2"]; }; kubeconfig = pkgs.writeText "kubeconfig.json" (builtins.toJSON { apiVersion = "v1"; kind = "Config"; diff --git a/nixos/tests/kubernetes/rbac.nix b/nixos/tests/kubernetes/rbac.nix index 1966fed3a5fb..226808c4b263 100644 --- a/nixos/tests/kubernetes/rbac.nix +++ b/nixos/tests/kubernetes/rbac.nix @@ -12,7 +12,7 @@ let }); roRoleBinding = pkgs.writeText "ro-role-binding.json" (builtins.toJSON { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "RoleBinding"; metadata = { name = "read-pods"; @@ -31,7 +31,7 @@ let }); roRole = pkgs.writeText "ro-role.json" (builtins.toJSON { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "Role"; metadata = { name = "pod-reader"; diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index 1bef867c57b7..1eaf87a8eaa8 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -1,5 +1,5 @@ import ./make-test.nix { - name = "dovecot"; + name = "openldap"; machine = { pkgs, ... }: { services.openldap = { |