diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/xdg/sounds.nix | 6 | ||||
-rw-r--r-- | nixos/modules/installer/cd-dvd/sd-image.nix | 6 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/databases/redis.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/samba.nix | 20 | ||||
-rw-r--r-- | nixos/modules/services/networking/dnsdist.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/haproxy.nix | 36 | ||||
-rw-r--r-- | nixos/modules/services/networking/tinydns.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/gnome3.nix | 6 | ||||
-rw-r--r-- | nixos/modules/system/boot/plymouth.nix | 10 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/haproxy.nix | 4 | ||||
-rw-r--r-- | nixos/tests/lightdm.nix | 16 | ||||
-rw-r--r-- | nixos/tests/powerdns.nix | 7 | ||||
-rw-r--r-- | nixos/tests/pppd.nix | 12 | ||||
-rw-r--r-- | nixos/tests/samba.nix | 14 | ||||
-rw-r--r-- | nixos/tests/shiori.nix | 76 | ||||
-rw-r--r-- | nixos/tests/smokeping.nix | 16 | ||||
-rw-r--r-- | nixos/tests/tinydns.nix | 8 |
20 files changed, 176 insertions, 83 deletions
diff --git a/nixos/modules/config/xdg/sounds.nix b/nixos/modules/config/xdg/sounds.nix index 148240d631cf..14d6340fc33b 100644 --- a/nixos/modules/config/xdg/sounds.nix +++ b/nixos/modules/config/xdg/sounds.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; { @@ -14,6 +14,10 @@ with lib; }; config = mkIf config.xdg.sounds.enable { + environment.systemPackages = [ + pkgs.sound-theme-freedesktop + ]; + environment.pathsToLink = [ "/share/sounds" ]; diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index d510f3b2daf2..7865b767f0b7 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -140,7 +140,11 @@ in export img=$out/sd-image/${config.sdImage.imageName} echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system - echo "file sd-image $img" >> $out/nix-support/hydra-build-products + if test -n "$compressImage"; then + echo "file sd-image $img.bz2" >> $out/nix-support/hydra-build-products + else + echo "file sd-image $img" >> $out/nix-support/hydra-build-products + fi # Gap in front of the first partition, in MiB gap=8 diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 3e8a5b07a5ed..a4db2c9d1d87 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -128,7 +128,7 @@ tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. firebird = 95; #keys = 96; # unused - haproxy = 97; + #haproxy = 97; # DynamicUser as of 2019-11-08 mongodb = 98; openldap = 99; #users = 100; # unused @@ -443,7 +443,7 @@ #tcpcryptd = 93; # unused firebird = 95; keys = 96; - haproxy = 97; + #haproxy = 97; # DynamicUser as of 2019-11-08 #mongodb = 98; # unused openldap = 99; munin = 102; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 5695eeaf74cb..95128a641d94 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -185,10 +185,10 @@ in ###### implementation config = mkIf config.services.redis.enable { - - boot.kernel.sysctl = { - "vm.nr_hugepages" = "0"; - } // mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; }; + boot.kernel.sysctl = (mkMerge [ + { "vm.nr_hugepages" = "0"; } + ( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } ) + ]); networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index ce565dbaab81..83995d281792 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -12,11 +12,6 @@ let samba = cfg.package; - setupScript = - '' - mkdir -p /var/lock/samba /var/log/samba /var/cache/samba /var/lib/samba/private - ''; - shareConfig = name: let share = getAttr name cfg.shares; in "[${name}]\n " + (smbToString ( @@ -62,6 +57,7 @@ let Type = "notify"; NotifyAccess = "all"; #may not do anything... }; + unitConfig.RequiresMountsFor = "/var/lib/samba"; restartTriggers = [ configFile ]; }; @@ -228,8 +224,7 @@ in systemd = { targets.samba = { description = "Samba Server"; - requires = [ "samba-setup.service" ]; - after = [ "samba-setup.service" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; }; # Refer to https://github.com/samba-team/samba/tree/master/packaging/systemd @@ -238,12 +233,13 @@ in samba-smbd = daemonService "smbd" ""; samba-nmbd = mkIf cfg.enableNmbd (daemonService "nmbd" ""); samba-winbindd = mkIf cfg.enableWinbindd (daemonService "winbindd" ""); - samba-setup = { - description = "Samba Setup Task"; - script = setupScript; - unitConfig.RequiresMountsFor = "/var/lib/samba"; - }; }; + tmpfiles.rules = [ + "d /var/lock/samba - - - - -" + "d /var/log/samba - - - - -" + "d /var/cache/samba - - - - -" + "d /var/lib/samba/private - - - - -" + ]; }; security.pam.services.samba = {}; diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index 12eee136e639..8249da69bc1a 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -46,11 +46,10 @@ in { RestartSec="1"; DynamicUser = true; StartLimitInterval="0"; - PrivateTmp=true; PrivateDevices=true; - CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID"; + AmbientCapabilities="CAP_NET_BIND_SERVICE"; + CapabilityBoundingSet="CAP_NET_BIND_SERVICE"; ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; - ProtectSystem="full"; ProtectHome=true; RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; LimitNOFILE="16384"; diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix index 0438d0bf8d86..aff71e5e97da 100644 --- a/nixos/modules/services/networking/haproxy.nix +++ b/nixos/modules/services/networking/haproxy.nix @@ -1,7 +1,16 @@ { config, lib, pkgs, ... }: + let cfg = config.services.haproxy; - haproxyCfg = pkgs.writeText "haproxy.conf" cfg.config; + + haproxyCfg = pkgs.writeText "haproxy.conf" '' + global + # needed for hot-reload to work without dropping packets in multi-worker mode + stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level user + + ${cfg.config} + ''; + in with lib; { @@ -25,9 +34,7 @@ with lib; <filename>haproxy.conf</filename>. ''; }; - }; - }; config = mkIf cfg.enable { @@ -42,21 +49,16 @@ with lib; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - Type = "forking"; - PIDFile = "/run/haproxy.pid"; - ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -q -f ${haproxyCfg}"; - ExecStart = "${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /run/haproxy.pid"; - ExecReload = "-${pkgs.bash}/bin/bash -c \"exec ${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /run/haproxy.pid -sf $MAINPID\""; + DynamicUser = true; + Type = "notify"; + # when running the config test, don't be quiet so we can see what goes wrong + ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -f ${haproxyCfg}"; + ExecStart = "${pkgs.haproxy}/sbin/haproxy -Ws -f ${haproxyCfg}"; + Restart = "on-failure"; + RuntimeDirectory = "haproxy"; + # needed in case we bind to port < 1024 + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; }; - - environment.systemPackages = [ pkgs.haproxy ]; - - users.users.haproxy = { - group = "haproxy"; - uid = config.ids.uids.haproxy; - }; - - users.groups.haproxy.gid = config.ids.uids.haproxy; }; } diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix index 7b2c464ab46b..79507b2ebcdd 100644 --- a/nixos/modules/services/networking/tinydns.nix +++ b/nixos/modules/services/networking/tinydns.nix @@ -37,6 +37,7 @@ with lib; systemd.services.tinydns = { description = "djbdns tinydns server"; wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; path = with pkgs; [ daemontools djbdns ]; preStart = '' rm -rf /var/lib/tinydns diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 3c5918baa533..f5a6051b4b5f 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -33,6 +33,8 @@ let enableSSL = any (vhost: vhost.enableSSL) allHosts; + enableUserDir = any (vhost: vhost.enableUserDir) allHosts; + # NOTE: generally speaking order of modules is very important modules = [ # required apache modules our httpd service cannot run without @@ -45,6 +47,7 @@ let ] ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ]) ++ optional enableSSL "ssl" + ++ optional enableUserDir "userdir" ++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; } ++ optional mainCfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; } ++ optional mainCfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 5ad31e5b9d00..0aae25662c64 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -217,6 +217,12 @@ in services.xserver.updateDbusEnvironment = true; + # gnome has a custom alert theme but it still + # inherits from the freedesktop theme. + environment.systemPackages = with pkgs; [ + sound-theme-freedesktop + ]; + # Needed for themes and backgrounds environment.pathsToLink = [ "/share" # TODO: https://github.com/NixOS/nixpkgs/issues/47173 diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix index adca3c3f66e7..23fce22366d8 100644 --- a/nixos/modules/system/boot/plymouth.nix +++ b/nixos/modules/system/boot/plymouth.nix @@ -25,6 +25,7 @@ let [Daemon] ShowDelay=0 Theme=${cfg.theme} + ${cfg.extraConfig} ''; in @@ -65,6 +66,15 @@ in ''; }; + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Literal string to append to <literal>configFile</literal> + and the config file generated by the plymouth module. + ''; + }; + }; }; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 636c4e93e9b3..9db505a27d41 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -244,6 +244,7 @@ in rxe = handleTest ./rxe.nix {}; samba = handleTest ./samba.nix {}; sddm = handleTest ./sddm.nix {}; + shiori = handleTest ./shiori.nix {}; signal-desktop = handleTest ./signal-desktop.nix {}; simple = handleTest ./simple.nix {}; slim = handleTest ./slim.nix {}; diff --git a/nixos/tests/haproxy.nix b/nixos/tests/haproxy.nix index 22a83e9d1eab..72e77a68193e 100644 --- a/nixos/tests/haproxy.nix +++ b/nixos/tests/haproxy.nix @@ -16,6 +16,8 @@ import ./make-test.nix ({ pkgs, ...}: { frontend http bind *:80 mode http + option http-use-htx + http-request use-service prometheus-exporter if { path /metrics } use_backend http_server ''; }; @@ -36,6 +38,6 @@ import ./make-test.nix ({ pkgs, ...}: { $machine->waitForUnit('haproxy.service'); $machine->waitForUnit('httpd.service'); $machine->succeed('curl -k http://localhost:80/index.txt | grep "We are all good!"'); - + $machine->succeed('curl -k http://localhost:80/metrics | grep haproxy_process_pool_allocated_bytes'); ''; }) diff --git a/nixos/tests/lightdm.nix b/nixos/tests/lightdm.nix index c805f1ed9f3c..ef30f7741e23 100644 --- a/nixos/tests/lightdm.nix +++ b/nixos/tests/lightdm.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, ...} : { name = "lightdm"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ aszlig worldofpeace ]; @@ -18,12 +18,12 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = { nodes, ... }: let user = nodes.machine.config.users.users.alice; in '' - startAll; - $machine->waitForText(qr/${user.description}/); - $machine->screenshot("lightdm"); - $machine->sendChars("${user.password}\n"); - $machine->waitForFile("/home/alice/.Xauthority"); - $machine->succeed("xauth merge ~alice/.Xauthority"); - $machine->waitForWindow("^IceWM "); + start_all() + machine.wait_for_text("${user.description}") + machine.screenshot("lightdm") + machine.send_chars("${user.password}\n") + machine.wait_for_file("${user.home}/.Xauthority") + machine.succeed("xauth merge ${user.home}/.Xauthority") + machine.wait_for_window("^IceWM ") ''; }) diff --git a/nixos/tests/powerdns.nix b/nixos/tests/powerdns.nix index 8addcc784012..75d71315e644 100644 --- a/nixos/tests/powerdns.nix +++ b/nixos/tests/powerdns.nix @@ -1,12 +1,13 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test-python.nix ({ pkgs, ... }: { name = "powerdns"; nodes.server = { ... }: { services.powerdns.enable = true; + environment.systemPackages = [ pkgs.dnsutils ]; }; testScript = '' - $server->waitForUnit("pdns"); - $server->succeed("${pkgs.dnsutils}/bin/dig version.bind txt chaos \@127.0.0.1"); + server.wait_for_unit("pdns") + server.succeed("dig version.bind txt chaos \@127.0.0.1") ''; }) diff --git a/nixos/tests/pppd.nix b/nixos/tests/pppd.nix index 91f811859093..bda0aa75bb50 100644 --- a/nixos/tests/pppd.nix +++ b/nixos/tests/pppd.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ( +import ./make-test-python.nix ( let chap-secrets = { text = ''"flynn" * "reindeerflotilla" *''; @@ -53,10 +53,10 @@ import ./make-test.nix ( environment.etc."ppp/chap-secrets" = chap-secrets; }; }; - + testScript = '' - startAll; - $client->waitUntilSucceeds("ping -c1 -W1 192.0.2.1"); - $server->waitUntilSucceeds("ping -c1 -W1 192.0.2.2"); + start_all() + client.wait_until_succeeds("ping -c1 -W1 192.0.2.1") + server.wait_until_succeeds("ping -c1 -W1 192.0.2.2") ''; - }) + }) diff --git a/nixos/tests/samba.nix b/nixos/tests/samba.nix index 2802e00a5b1a..142269752b34 100644 --- a/nixos/tests/samba.nix +++ b/nixos/tests/samba.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ... }: +import ./make-test-python.nix ({ pkgs, ... }: { name = "samba"; @@ -36,12 +36,12 @@ import ./make-test.nix ({ pkgs, ... }: testScript = '' - $server->start; - $server->waitForUnit("samba.target"); - $server->succeed("mkdir -p /public; echo bar > /public/foo"); + server.start() + server.wait_for_unit("samba.target") + server.succeed("mkdir -p /public; echo bar > /public/foo") - $client->start; - $client->waitForUnit("remote-fs.target"); - $client->succeed("[[ \$(cat /public/foo) = bar ]]"); + client.start() + client.wait_for_unit("remote-fs.target") + client.succeed("[[ $(cat /public/foo) = bar ]]") ''; }) diff --git a/nixos/tests/shiori.nix b/nixos/tests/shiori.nix index 0022a7220fe2..a5771262c6f2 100644 --- a/nixos/tests/shiori.nix +++ b/nixos/tests/shiori.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ lib, ...}: +import ./make-test-python.nix ({ pkgs, lib, ...}: { name = "shiori"; @@ -8,10 +8,74 @@ import ./make-test.nix ({ lib, ...}: { ... }: { services.shiori.enable = true; }; - testScript = '' - $machine->waitForUnit('shiori.service'); - $machine->waitForOpenPort('8080'); - $machine->succeed("curl --fail http://localhost:8080/"); - $machine->succeed("curl --fail --location http://localhost:8080/ | grep -qi shiori"); + testScript = let + authJSON = pkgs.writeText "auth.json" (builtins.toJSON { + username = "shiori"; + password = "gopher"; + remember = 1; # hour + owner = true; + }); + + insertBookmark = { + url = "http://example.org"; + title = "Example Bookmark"; + }; + + insertBookmarkJSON = pkgs.writeText "insertBookmark.json" (builtins.toJSON insertBookmark); + in '' + import json + + machine.wait_for_unit("shiori.service") + machine.wait_for_open_port(8080) + machine.succeed("curl --fail http://localhost:8080/") + machine.succeed("curl --fail --location http://localhost:8080/ | grep -qi shiori") + + with subtest("login"): + auth_json = machine.succeed( + "curl --fail --location http://localhost:8080/api/login " + "-X POST -H 'Content-Type:application/json' -d @${authJSON}" + ) + auth_ret = json.loads(auth_json) + session_id = auth_ret["session"] + + with subtest("bookmarks"): + with subtest("first use no bookmarks"): + bookmarks_json = machine.succeed( + ( + "curl --fail --location http://localhost:8080/api/bookmarks " + "-H 'X-Session-Id:{}'" + ).format(session_id) + ) + + if json.loads(bookmarks_json)["bookmarks"] != []: + raise Exception("Shiori have a bookmark on first use") + + with subtest("insert bookmark"): + machine.succeed( + ( + "curl --fail --location http://localhost:8080/api/bookmarks " + "-X POST -H 'X-Session-Id:{}' " + "-H 'Content-Type:application/json' -d @${insertBookmarkJSON}" + ).format(session_id) + ) + + with subtest("get inserted bookmark"): + bookmarks_json = machine.succeed( + ( + "curl --fail --location http://localhost:8080/api/bookmarks " + "-H 'X-Session-Id:{}'" + ).format(session_id) + ) + + bookmarks = json.loads(bookmarks_json)["bookmarks"] + if len(bookmarks) != 1: + raise Exception("Shiori didn't save the bookmark") + + bookmark = bookmarks[0] + if ( + bookmark["url"] != "${insertBookmark.url}" + or bookmark["title"] != "${insertBookmark.title}" + ): + raise Exception("Inserted bookmark doesn't have same URL or title") ''; }) diff --git a/nixos/tests/smokeping.nix b/nixos/tests/smokeping.nix index 07d228051127..4f8f0fcc9fe2 100644 --- a/nixos/tests/smokeping.nix +++ b/nixos/tests/smokeping.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, ...} : { name = "smokeping"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ cransom ]; @@ -22,12 +22,12 @@ import ./make-test.nix ({ pkgs, ...} : { }; testScript = '' - startAll; - $sm->waitForUnit("smokeping"); - $sm->waitForUnit("thttpd"); - $sm->waitForFile("/var/lib/smokeping/data/Local/LocalMachine.rrd"); - $sm->succeed("curl -s -f localhost:8081/smokeping.fcgi?target=Local"); - $sm->succeed("ls /var/lib/smokeping/cache/Local/LocalMachine_mini.png"); - $sm->succeed("ls /var/lib/smokeping/cache/index.html"); + start_all() + sm.wait_for_unit("smokeping") + sm.wait_for_unit("thttpd") + sm.wait_for_file("/var/lib/smokeping/data/Local/LocalMachine.rrd") + sm.succeed("curl -s -f localhost:8081/smokeping.fcgi?target=Local") + sm.succeed("ls /var/lib/smokeping/cache/Local/LocalMachine_mini.png") + sm.succeed("ls /var/lib/smokeping/cache/index.html") ''; }) diff --git a/nixos/tests/tinydns.nix b/nixos/tests/tinydns.nix index cb7ee0c5fb5e..c7740d5ade35 100644 --- a/nixos/tests/tinydns.nix +++ b/nixos/tests/tinydns.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ lib, ...} : { +import ./make-test-python.nix ({ lib, ...} : { name = "tinydns"; meta = { maintainers = with lib.maintainers; [ basvandijk ]; @@ -19,8 +19,8 @@ import ./make-test.nix ({ lib, ...} : { }; }; testScript = '' - $nameserver->start; - $nameserver->waitForUnit("tinydns.service"); - $nameserver->succeed("host bla.foo.bar | grep '1\.2\.3\.4'"); + nameserver.start() + nameserver.wait_for_unit("tinydns.service") + nameserver.succeed("host bla.foo.bar | grep '1\.2\.3\.4'") ''; }) |