| Commit message (Collapse) | Author | Age |
... | |
|\ \
| | |
| | | |
nixos/hadoop: add hadoop module (hdfs, yarn)
|
| | | |
|
|\ \ \
| |/ /
|/| | |
opensmtpd package and module: add nixos test
|
| | | |
|
| | |
| | |
| | |
| | | |
Update, clean-up dependencies and add installed tests.
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
For now check that the default client config boots.
Ideas for the future:
- Expand on control via netcat
- Configure a circuit of nodes exercise various configs (e.g., check
that a client node can access a hidden www service). Needs setting up
authoritative directory servers &c.
|
| |
| |
| |
| | |
The test ensures that the services comes up and accepts/provides values.
|
|\ \
| | |
| | | |
Haproxy 1.8.9
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
morty: init -> 0.2.0
|
| | | |
|
| | |
| | |
| | |
| | | |
This reverts commit 218ada1ba7ecb0a3b1d9e7aed9147ba35d484faa.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The test currently relies on installedTests output which was reverted
in 85ae7137ac6a1623be90c8f0897566367d300c12.
See
https://github.com/NixOS/nixpkgs/commit/85ae7137ac6a1623be90c8f0897566367d300c12
for discussion.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
BIND doesn't allow the options section (or any section I'd guess) to be
defined more than once, so whenever you want to set an additional option
you're stuck using weird hacks like this:
services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ];
This basically exploits the fact that values coming from the module
options aren't escaped and thus works in a similar vain to how SQL
injection works.
Another option would be to just set configFile to a file that includes
all the options, including zones. That obviously makes the configuration
way less extensible and more awkward to use with the module system.
To make sure this change does work correctly I added a small test just
for that. The test could use some improvements, but better to have a
test rather than none at all. For a future improvement the test could be
merged with the NSD test, because both use the same zone file format.
This change has been reviewed in #40053 and after not getting any
opposition, I'm hereby adding this to master.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @peti, @edolstra
Closes: #40053
|
|\| |
| | |
| | |
| | |
| | |
| | | |
Fixed conflicts:
- lib/systems/for-meta.nix: in favor of staging
- pkgs/os-specific/darwin/xcode/default.nix: in favor of master
|
| | | |
|
|\| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`xsslock` (which was originally packaged in 6cb1d1aaaf02a72329bedf9c6960e54fea6f5c6e)
is a simple screensaver which connects a given screen locker (e.g.
`i3lock`) with `logind`. Whenever `loginctl lock-sessions` is invoked
the locker will be used to lock the screen. This works with its power
management features (e.g. `lid switch`) as well, so the PC can be locked
automatically when the lid is closed.
The module can be used like this:
```
{
services.xserver.enable = true;
programs.xss-lock.enable = true;
programs.xss-lock.lockerCommand = "i3lock";
}
```
|
|\| |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
pkgs/tools/networking/telnet/default.nix
pkgs/top-level/aliases.nix
|
| |\ \
| | | |
| | | | |
Flatpak
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The original `nexus` derivation required `/run/sonatype-work/nexus3`
which explicitly depended on the NixOS path structure.
This would break `nexus` for everyone using `nixpkgs` on a non-NixOS
system, additionally the module never created `/run/sonatype-work`, so
the systemd unit created in `services.nexus` fails as well. The issue
wasn't actively known as the `nixos/nexus` test wasn't registered in
Hydra (see #40257).
This patch contains the following changes:
* Adds `tests.nexus` to `release.nix` to run the test on Hydra.
* Makes JVM parameters configurable: by default all JVM options were located
in `result/bin/nexus.vmoptions` which made it quite hard to patch
these parameters. Now it's possible to override all parameters by
running `VM_OPTS_FILE=custom-nexus.vmoptions ./result/bin/nexus run`
(after patching the `nexus` shell script), additionally it's possible
to override these parameters with `services.nexus.vmoptions`.
* Bumped Nexus from 3.5.1 to 3.11.0
* Run the `nexus` test on Hydra with `callTest` in `nixos/release.nix`,
furthermore the test checks if the UI is available on the specified
port.
* Added myself as maintainer for the NixOS test and the package to have
some more people in case of further breakage.
* Added sufficient disk space to the `nexus` test, otherwise the service
fails with the following errors:
```
com.orientechnologies.orient.core.exception.ODatabaseException: Cannot create database 'accesslog'
com.orientechnologies.orient.core.exception.OLowDiskSpaceException: Error occurred while executing
a write operation to database 'accesslog' due to limited free space on the disk (242 MB). The database
is now working in read-only mode. Please close the database (or stop OrientDB), make room on your hard
drive and then reopen the database. The minimal required space is 256 MB. Required space is now set to
256MB (you can change it by setting parameter storage.diskCache.diskFreeSpaceLimit) .
```
/cc @ironpinguin @xeji
|
|\| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
... introduced by 1f0b6922d3c
continuation of 88fa50c2f2bbc472fe7169eac8f2a1b2312ef03b
|
|\| | | |
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
- refactor into single file for all versions
- improve timing, prevent non-deterministic failures
- fix tests for i686-linux
|
|\| | |
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This introduces an option that allows us to turn off stateful generation
of Diffie-Hellman parameters, which in some way is still "stateful" as
the generated DH params file is non-deterministic.
However what we can avoid with this is to have an increased surface for
failures during system startup, because generation of the parameters is
done during build-time.
Aside from adding a NixOS VM test it also restructures the type of the
security.dhparams.params option, so that it's a submodule.
A new defaultBitSize option is also there to allow users to set a
system-wide default.
I added a release notes entry that described what has changed and also
included a few notes for module developers using this module, as the
first usage already popped up in NixOS/nixpkgs#39507.
Thanks to @Ekleog and @abbradar for reviewing.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We're going to make changes to the dhparams module so we really want to
make sure we don't break it, so having a NixOS VM test is to make sure
we don't blow things up and can iterate on it.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
|
| | | |
| | | |
| | | |
| | | | |
deprecated and unmaintained upstream
|
| | | |
| | | |
| | | |
| | | |
| | | | |
was broken and depends on (deprecated) fleet
packages: panamax_api, panamax_ui
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Add the Hitch TLS reverse proxy as an option for TLS termination.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some time ago I fixed the broken package `osquery` (see #39336).
I had to test the package manually by starting the daemon locally,
however this doesn't ensure that the module is still functional.
In order to cover the package *and* the integration with the NixOS
module I thought that adding a testcase might be the best idea.
The current testcase does the following things:
* Starts an `osqueryd` service in a test machine with customized logger
path and PID file
* Ensures that the `osqueryd.service` unit is running
* Checks if the customized flags (`pidfile`, `logger_path`) are applied
to `osquery`.
* Performs a simple test query against the `etc_hosts` database to check
if the basic funcitonality of `osquery` (storing system information into
a database) works fine.
|
| |/ /
|/| | |
|
|\ \ \
| |/ /
|/| | |
Deluge: use mkEnableOption, add test
|
| | | |
|
|\ \ \
| | | |
| | | | |
nixos: add the strongswan-swanctl service
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon
very similar to charon, but it's specifically designed for use with systemd. It uses the
systemd libraries for a native integration.
Instead of using starter and an ipsec.conf based configuration, the daemon is directly
managed by systemd and configured with the swanctl configuration backend.
See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
Note that the strongswan.conf and swantctl.conf configuration files are automatically
generated based on NixOS options under services.strongswan-swanctl.strongswan and
services.strongswan-swanctl.swanctl respectively.
|
|\ \ \ \
| | | | |
| | | | | |
quagga service: fix service and re-enable test
|
| | |_|/
| |/| |
| | | |
| | | |
| | | | |
adding quagga to quaggavty
reverting 8a18e1f
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These don't have affect the default Hydra setup (you need to pass
the relevant system in the supportedSystem list) but let's add it for
completeness and convenience.
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
docker# [ 11.054736] d24d6cdd57c9[763]: /bin/bash: error while loading
shared libraries: libreadline.so.7: cannot open shared object file:
Permission denied
docker# /bin/bash: error while loading shared libraries:
libreadline.so.7: cannot open shared object file: Permission denied
docker: exit status 127
docker: output:
error: command `docker run --rm -u 1000:1000 bash /bin/bash --version'
did not succeed (exit code 127)
command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not
succeed (exit code 127)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch is heavily inspired by bd0d8ed807d29faa3deee96bafcbbd76c8fa4060 which added
a setcap wrapper for `mtr` in order to allow running `mtr` without
`sudo`. The need for the capability `cap_net_raw` that can be registered using
`setcap` has been documented in the Arch Wiki: https://wiki.archlinux.org/index.php/Capabilities#iftop
A simple testcase has been added which starts two machines, one with a
setcap wrapper for `iftop`, one without. Both testcases monitor the
bandwidth usage of the machine using the options `-t -s 1` once, the
machine with setcap wrapper is expected to succeed, the `iftop` on the
machine without setcap wrapper is expected to return a non-zero exit
code.
|
| | | |
|
|\ \ \
| | | |
| | | | |
nixos: kubernetes fixes
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Fix reference CNI plugins
* The plugins were split out of the upstream cni repo around version
0.6.0
* Fix RBAC and DNS tests
* Fix broken apiVersion fields
* Change plugin linking to look in ${package}/bin rather than
${package.plugins}
* Initial work towards a working e2e test
* Test still fails, but at least the expression evaluates now
Continues @srhb's work in #37199
Fixes #37199
|