From 5a35c971bf2e9e079673c0bc551c5841ea4bce79 Mon Sep 17 00:00:00 2001 From: Eric Bailey Date: Mon, 19 Sep 2022 17:25:27 -0500 Subject: kops: 1.24.3 -> 1.25.1 - Drop kops_1_22 - kops_1_23: 1.23.2 -> 1.23.4 - Update 22.11 release notes --- nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 6 ++++++ nixos/doc/manual/release-notes/rl-2211.section.md | 2 ++ 2 files changed, 8 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 8494b62e6ff0..d7e903c13b22 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -588,6 +588,12 @@ for vim). + + + The default kops version is now 1.25.1 and + support for 1.22 and older has been dropped. + + k3s no longer supports docker as runtime diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index a5ba4841f549..4cd476e3c9ef 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -199,6 +199,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). Use `configure.packages` instead. - Neovim can not be configured with plug anymore (still works for vim). +- The default `kops` version is now 1.25.1 and support for 1.22 and older has been dropped. + - `k3s` no longer supports docker as runtime due to upstream dropping support. - `k3s` supports `clusterInit` option, and it is enabled by default, for servers. -- cgit 1.4.1 From 1a90756aa752aef6d6910eaac29b8e8d7e0f99de Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Sun, 2 Oct 2022 11:43:54 +0100 Subject: tracee: 0.7.0 -> 0.8.3 Also simplified the package since after #176152 the tracee build process can now pass in a -target of bpf without weird overrides --- nixos/tests/all-tests.nix | 2 + nixos/tests/tracee.nix | 46 +++++++++++++++ .../tools/security/tracee/bpf-core-clang-bpf.patch | 13 ---- pkgs/tools/security/tracee/default.nix | 69 +++++++++++----------- .../security/tracee/disable-go-symbol-table.patch | 22 ------- pkgs/tools/security/tracee/skip-init-test.patch | 12 ---- .../security/tracee/skip-magic_write-test.patch | 12 ---- .../test-EventFilters-magic_write-skip.patch | 16 +++++ .../test-EventFilters-prefix-nix-friendly.patch | 15 +++++ pkgs/tools/security/tracee/test.nix | 41 ------------- 10 files changed, 115 insertions(+), 133 deletions(-) create mode 100644 nixos/tests/tracee.nix delete mode 100644 pkgs/tools/security/tracee/bpf-core-clang-bpf.patch delete mode 100644 pkgs/tools/security/tracee/disable-go-symbol-table.patch delete mode 100644 pkgs/tools/security/tracee/skip-init-test.patch delete mode 100644 pkgs/tools/security/tracee/skip-magic_write-test.patch create mode 100644 pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch create mode 100644 pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch delete mode 100644 pkgs/tools/security/tracee/test.nix (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 36c51b573100..b0886cab5624 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -630,6 +630,8 @@ in { traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {}; trafficserver = handleTest ./trafficserver.nix {}; transmission = handleTest ./transmission.nix {}; + # tracee requires bpf + tracee = handleTestOn ["x86_64-linux"] ./tracee.nix {}; trezord = handleTest ./trezord.nix {}; trickster = handleTest ./trickster.nix {}; trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {}; diff --git a/nixos/tests/tracee.nix b/nixos/tests/tracee.nix new file mode 100644 index 000000000000..26d0ada931b1 --- /dev/null +++ b/nixos/tests/tracee.nix @@ -0,0 +1,46 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "tracee-integration"; + nodes = { + machine = { config, pkgs, ... }: { + # EventFilters/trace_only_events_from_new_containers requires docker + # podman with docker compat will suffice + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + + environment.systemPackages = [ + # build the go integration tests as a binary + (pkgs.tracee.overrideAttrs (oa: { + pname = oa.pname + "-integration"; + patches = oa.patches or [] ++ [ + # change the prefix from /usr/bin to /run to find nix processes + ../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch + # skip magic_write test that currently fails + ../../pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch + ]; + buildPhase = '' + runHook preBuild + # just build the static lib we need for the go test binary + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core ./dist/btfhub ./dist/libbpf/libbpf.a + # then compile the tests to be ran later + CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... + runHook postBuild + ''; + doCheck = false; + installPhase = '' + mkdir -p $out/bin + cp $GOPATH/tracee-integration $out/bin + ''; + doInstallCheck = false; + })) + ]; + }; + }; + + testScript = '' + with subtest("run integration tests"): + # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine" + machine.succeed('tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - alpine --change ENTRYPOINT=sleep') + + print(machine.succeed('TRC_BIN="${pkgs.tracee}" tracee-integration -test.v')) + ''; +}) diff --git a/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch b/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch deleted file mode 100644 index f73e52841d3e..000000000000 --- a/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Makefile b/Makefile -index d5cd754..db1c1d3 100644 ---- a/Makefile -+++ b/Makefile -@@ -411,7 +411,7 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \ - $(TRACEE_EBPF_OBJ_CORE_HEADERS) - # - $(MAKE) $(OUTPUT_DIR)/tracee.bpf -- $(CMD_CLANG) \ -+ $(CMD_CLANG_BPF) \ - -D__TARGET_ARCH_$(LINUX_ARCH) \ - -D__BPF_TRACING__ \ - -DCORE \ diff --git a/pkgs/tools/security/tracee/default.nix b/pkgs/tools/security/tracee/default.nix index 48d102e619d4..debbd5925f3a 100644 --- a/pkgs/tools/security/tracee/default.nix +++ b/pkgs/tools/security/tracee/default.nix @@ -6,67 +6,61 @@ , pkg-config , zlib -, libelf +, elfutils +, libbpf + +, nixosTests +, testers +, tracee }: let inherit (llvmPackages_13) clang; - clang-with-bpf = - (clang.overrideAttrs (o: { pname = o.pname + "-with-bpf"; })).override (o: { - extraBuildCommands = o.extraBuildCommands + '' - # make a separate wrapped clang we can target at bpf - cp $out/bin/clang $out/bin/clang-bpf - # extra flags to append after the cc-cflags - echo '-target bpf -fno-stack-protector' > $out/nix-support/cc-cflags-bpf - # use sed to attach the cc-cflags-bpf after cc-cflags - sed -i -E "s@^(extraAfter=\(\\$\NIX_CFLAGS_COMPILE_.*)(\))\$@\1 $(cat $out/nix-support/cc-cflags-bpf)\2@" $out/bin/clang-bpf - ''; - }); in buildGoModule rec { pname = "tracee"; - version = "0.7.0"; + version = "0.8.3"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Y++FWxADnj1W5S3VrAlJAnotFYb6biCPJ6dpQ0Nin8o="; - # Once libbpf hits 1.0 we will migrate to the nixpkgs libbpf rather than the - # pinned copy in submodules - fetchSubmodules = true; + sha256 = "sha256-VxTJcl7gHRZEXpFbxU4iMwqxuR1r0BNSseWQ5ijWHU4="; }; - vendorSha256 = "sha256-C2RExp67qax8+zJIgyMJ18sBtn/xEYj4tAvGCCpBssQ="; - - patches = [ - # bpf-core can't be compiled with wrapped clang since it forces the target - # we need to be able to replace it with another wrapped clang that has - # it's target as bpf - ./bpf-core-clang-bpf.patch - # add -s to ldflags for smaller binaries - ./disable-go-symbol-table.patch - ]; - + vendorSha256 = "sha256-szPoJUtzya3+8dOnkDxHEs3+a1LTVoMMLjUSrUlfiGg="; enableParallelBuilding = true; + # needed to build bpf libs + hardeningDisable = [ "stackprotector" ]; - strictDeps = true; - nativeBuildInputs = [ pkg-config clang-with-bpf ]; - buildInputs = [ zlib libelf ]; + nativeBuildInputs = [ pkg-config clang ]; + # ensure libbpf version exactly matches the version added as a submodule + buildInputs = [ libbpf zlib elfutils ]; makeFlags = [ "VERSION=v${version}" - "CMD_CLANG_BPF=clang-bpf" + "GO_DEBUG_FLAG=-s -w" # don't actually need git but the Makefile checks for it "CMD_GIT=echo" ]; + # TODO: patch tracee to take libbpf.a and headers via include path + preBuild = '' + mkdir -p 3rdparty/libbpf/src + mkdir -p ./dist + cp -r ${libbpf}/lib ./dist/libbpf + chmod +w ./dist/libbpf + cp -r ${libbpf}/include/bpf ./dist/libbpf/ + ''; buildPhase = '' runHook preBuild - make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core all runHook postBuild ''; + # tests require a separate go module + # integration tests are ran within a nixos vm + # see passthru.tests.integration doCheck = false; installPhase = '' @@ -95,6 +89,15 @@ buildGoModule rec { runHook postInstallCheck ''; + passthru.tests = { + integration = nixosTests.tracee; + version = testers.testVersion { + package = tracee; + version = "v${version}"; + command = "tracee-ebpf --version"; + }; + }; + meta = with lib; { homepage = "https://aquasecurity.github.io/tracee/latest/"; changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}"; diff --git a/pkgs/tools/security/tracee/disable-go-symbol-table.patch b/pkgs/tools/security/tracee/disable-go-symbol-table.patch deleted file mode 100644 index 2aba5f5c338f..000000000000 --- a/pkgs/tools/security/tracee/disable-go-symbol-table.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/Makefile b/Makefile -index d5cd754..0b74a79 100644 ---- a/Makefile -+++ b/Makefile -@@ -471,7 +471,7 @@ ifeq ($(BTFHUB), 1) - endif - $(GO_ENV_EBPF) $(CMD_GO) build \ - -tags $(GO_TAGS_EBPF) \ -- -ldflags="-w \ -+ -ldflags="-s -w \ - -extldflags \"$(CGO_EXT_LDFLAGS_EBPF)\" \ - -X main.version=\"$(VERSION)\" \ - " \ -@@ -552,7 +552,7 @@ $(OUTPUT_DIR)/tracee-rules: \ - # - $(GO_ENV_RULES) $(CMD_GO) build \ - -tags $(GO_TAGS_RULES) \ -- -ldflags="-w \ -+ -ldflags="-s -w \ - -extldflags \"$(CGO_EXT_LDFLAGS_RULES)\" \ - " \ - -v -o $@ \ diff --git a/pkgs/tools/security/tracee/skip-init-test.patch b/pkgs/tools/security/tracee/skip-init-test.patch deleted file mode 100644 index 612e56e4446f..000000000000 --- a/pkgs/tools/security/tracee/skip-init-test.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go -index 8601eb9..57088d2 100644 ---- a/tests/integration/integration_test.go -+++ b/tests/integration/integration_test.go -@@ -149,6 +149,7 @@ func checkUidzero(t *testing.T, gotOutput *bytes.Buffer) { - - // only capture pids of 1 - func checkPidOne(t *testing.T, gotOutput *bytes.Buffer) { -+ t.Skip("Not compatible with systemd init") - _, _ = exec.Command("init", "q").CombinedOutput() - - waitForTraceeOutput(gotOutput, time.Now()) diff --git a/pkgs/tools/security/tracee/skip-magic_write-test.patch b/pkgs/tools/security/tracee/skip-magic_write-test.patch deleted file mode 100644 index 99869a18f0e8..000000000000 --- a/pkgs/tools/security/tracee/skip-magic_write-test.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go -index 8601eb9..a8a3eed 100644 ---- a/tests/integration/integration_test.go -+++ b/tests/integration/integration_test.go -@@ -75,6 +75,7 @@ func waitForTraceeOutput(gotOutput *bytes.Buffer, now time.Time) { - - // small set of actions to trigger a magic write event - func checkMagicwrite(t *testing.T, gotOutput *bytes.Buffer) { -+ t.Skip() - // create a temp dir for testing - d, err := ioutil.TempDir("", "Test_MagicWrite-dir-*") - require.NoError(t, err) diff --git a/pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch b/pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch new file mode 100644 index 000000000000..878327efd492 --- /dev/null +++ b/pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch @@ -0,0 +1,16 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index afbc5330..3b38a1b8 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -205,11 +205,6 @@ func Test_EventFilters(t *testing.T) { + filterArgs []string + eventFunc func(*testing.T, *[]trace.Event) + }{ +- { +- name: "do a file write", +- filterArgs: []string{"event=magic_write"}, +- eventFunc: checkMagicwrite, +- }, + { + name: "execute a command", + filterArgs: []string{"comm=ls"}, diff --git a/pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch b/pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch new file mode 100644 index 000000000000..88a3e4972507 --- /dev/null +++ b/pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch @@ -0,0 +1,15 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index afbc5330..13745c70 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -246,8 +246,8 @@ func Test_EventFilters(t *testing.T) { + eventFunc: checkExecve, + }, + { +- name: "trace only execve events that starts with /usr/bin", +- filterArgs: []string{"event=execve", "execve.pathname=/usr/bin*"}, ++ name: "trace only execve events that starts with /run", ++ filterArgs: []string{"event=execve", "execve.pathname=/run*"}, + eventFunc: checkExecve, + }, + { diff --git a/pkgs/tools/security/tracee/test.nix b/pkgs/tools/security/tracee/test.nix deleted file mode 100644 index cb639ed03173..000000000000 --- a/pkgs/tools/security/tracee/test.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs ? import ../../../../. { } }: - -# manually run `nix-build ./pkgs/tools/security/tracee/test.nix` to test -pkgs.nixosTest ({ - name = "tracee-test"; - nodes = { - machine = { config, pkgs, ... }: { - environment.systemPackages = [ - pkgs.tracee - # build the go integration tests as a binary - (pkgs.tracee.overrideAttrs (oa: { - pname = oa.pname + "-integration"; - patches = oa.patches or [] ++ [ - # skip test that runs `init -q` which is incompatible with systemd init - ./skip-init-test.patch - # skip magic_write test that currently fails - ./skip-magic_write-test.patch - ]; - # just build the static lib we need for the go test binary - makeFlags = oa.makeFlags ++ [ "./dist/libbpf/libbpf.a" ]; - postBuild = '' - # by default the tests are disabled and this is intended to be commented out - sed -i '/t.Skip("This test requires root privileges")/d' ./tests/integration/integration_test.go - CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags ebpf,integration -c -o $GOPATH/tracee-integration ./tests/integration - ''; - doCheck = false; - installPhase = '' - mkdir -p $out/bin - cp $GOPATH/tracee-integration $out/bin - ''; - doInstallCheck = false; - })) - ]; - }; - }; - - testScript = '' - with subtest("run integration tests"): - print(machine.succeed('TRC_BIN="$(which tracee-ebpf)" tracee-integration -test.v -test.run "Test_Events"')) - ''; -}) -- cgit 1.4.1 From 3d5d6fc78c0f529d4d8c62fa5e9975877d96ec75 Mon Sep 17 00:00:00 2001 From: Cole Mickens Date: Tue, 4 Oct 2022 20:11:12 -0700 Subject: nixos: luksroot: toString-ify keyFileSize usage --- nixos/modules/system/boot/luksroot.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 38f8b6fd87c2..02b020b61eb6 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -481,8 +481,8 @@ let ++ optional v.allowDiscards "discard" ++ optionals v.bypassWorkqueues [ "no-read-workqueue" "no-write-workqueue" ] ++ optional (v.header != null) "header=${v.header}" - ++ optional (v.keyFileOffset != null) "keyfile-offset=${v.keyFileOffset}" - ++ optional (v.keyFileSize != null) "keyfile-size=${v.keyFileSize}" + ++ optional (v.keyFileOffset != null) "keyfile-offset=${toString v.keyFileOffset}" + ++ optional (v.keyFileSize != null) "keyfile-size=${toString v.keyFileSize}" ; in "${n} ${v.device} ${if v.keyFile == null then "-" else v.keyFile} ${lib.concatStringsSep "," opts}") luks.devices)); -- cgit 1.4.1 From d34cf47881fe1d1cd46b96df1f73e991332b2973 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Sun, 9 Oct 2022 11:45:29 +0200 Subject: guake: update release notes --- nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 8 ++++++++ nixos/doc/manual/release-notes/rl-2211.section.md | 2 ++ 2 files changed, 10 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 78bd6c6a22d8..44c820411baa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -703,6 +703,14 @@ release notes for more details. + + + The guake package has been updated from + 3.6.3 to 3.9.0, see the + changelog + for more details. + + dockerTools.buildImage deprecates the diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 37b0db8a8ce1..a65877f359f9 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -230,6 +230,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The `diamond` package has been update from 0.8.36 to 2.0.15. See the [upstream release notes](https://github.com/bbuchfink/diamond/releases) for more details. +- The `guake` package has been updated from 3.6.3 to 3.9.0, see the [changelog](https://github.com/Guake/guake/releases) for more details. + - `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`. Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`. -- cgit 1.4.1 From c8eae7a5261a0d2ceaf0ad8a8b08050ec5bf40f2 Mon Sep 17 00:00:00 2001 From: Robert Kovacsics Date: Thu, 29 Sep 2022 11:44:40 +0100 Subject: nixos/gitlab-runner: Add `gitlab-runner.clear-docker-cache` service --- .../continuous-integration/gitlab-runner.nix | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixos/modules/services/continuous-integration/gitlab-runner.nix index fb148e7cffb5..2050e04d55cd 100644 --- a/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -453,6 +453,43 @@ in }; }); }; + clear-docker-cache = { + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to periodically prune gitlab runner's Docker resources. If + enabled, a systemd timer will run {command}`clear-docker-cache` as + specified by the `dates` option. + ''; + }; + + flags = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "prune" ]; + description = lib.mdDoc '' + Any additional flags passed to {command}`clear-docker-cache`. + ''; + }; + + dates = mkOption { + default = "weekly"; + type = types.str; + description = lib.mdDoc '' + Specification (in the format described by + {manpage}`systemd.time(7)`) of the time at + which the prune will occur. + ''; + }; + + package = mkOption { + default = config.virtualisation.docker.package; + defaultText = literalExpression "config.virtualisation.docker.package"; + example = literalExpression "pkgs.docker"; + description = lib.mdDoc "Docker package to use for clearing up docker cache."; + }; + }; }; config = mkIf cfg.enable { warnings = (mapAttrsToList @@ -497,6 +534,22 @@ in KillMode = "process"; }; }; + # Enable periodic clear-docker-cache script + systemd.services.gitlab-runner-clear-docker-cache = { + description = "Prune gitlab-runner docker resources"; + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; + + serviceConfig.Type = "oneshot"; + + path = [ cfg.clear-docker-cache.package pkgs.gawk ]; + + script = '' + ${pkgs.gitlab-runner}/bin/clear-docker-cache ${toString cfg.clear-docker-cache.flags} + ''; + + startAt = optional cfg.clear-docker-cache.enable cfg.clear-docker-cache.dates; + }; # Enable docker if `docker` executor is used in any service virtualisation.docker.enable = mkIf ( any (s: s.executor == "docker") (attrValues cfg.services) -- cgit 1.4.1 From 5f20362a4ab5caab81abad55b485056d316bca06 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 10 Oct 2022 00:43:49 +0200 Subject: nixos/tests: Use kea in networkd prefix-delegation test With the announced EOL of the venerable ISC DHCP Server it is time to migrate this test to Kea, it's successor. The ISP has also received an upgrade to its interface configuration, which now happens completely through networkd. https://www.isc.org/blogs/isc-dhcp-eol/ --- .../systemd-networkd-ipv6-prefix-delegation.nix | 123 +++++++++++++++------ 1 file changed, 87 insertions(+), 36 deletions(-) (limited to 'nixos') diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix index 37a89fc21e44..bf5049251c72 100644 --- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix +++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix @@ -7,10 +7,10 @@ # - VLAN 1 is the connection between the ISP and the router # - VLAN 2 is the connection between the router and the client -import ./make-test-python.nix ({pkgs, ...}: { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "systemd-networkd-ipv6-prefix-delegation"; - meta = with pkgs.lib.maintainers; { - maintainers = [ andir ]; + meta = with lib.maintainers; { + maintainers = [ andir hexa ]; }; nodes = { @@ -22,26 +22,38 @@ import ./make-test-python.nix ({pkgs, ...}: { # # Note: On the ISPs device we don't really care if we are using networkd in # this example. That being said we can't use it (yet) as networkd doesn't - # implement the serving side of DHCPv6. We will use ISC's well aged dhcpd6 - # for that task. + # implement the serving side of DHCPv6. We will use ISC Kea for that task. isp = { lib, pkgs, ... }: { virtualisation.vlans = [ 1 ]; networking = { useDHCP = false; firewall.enable = false; - interfaces.eth1.ipv4.addresses = lib.mkForce []; # no need for legacy IP - interfaces.eth1.ipv6.addresses = lib.mkForce [ - { address = "2001:DB8::1"; prefixLength = 64; } - ]; + interfaces.eth1 = lib.mkForce {}; # Don't use scripted networking + }; + + systemd.network = { + enable = true; + + networks = { + "eth1" = { + matchConfig.Name = "eth1"; + address = [ + "2001:DB8::1/64" + ]; + networkConfig.IPForward = true; + }; + }; }; # Since we want to program the routes that we delegate to the "customer" - # into our routing table we must give dhcpd the required privs. - systemd.services.dhcpd6.serviceConfig.AmbientCapabilities = - [ "CAP_NET_ADMIN" ]; + # into our routing table we must provide kea with the required capability. + systemd.services.kea-dhcp6-server.serviceConfig = { + AmbientCapabilities = [ "CAP_NET_ADMIN" ]; + CapabilityBoundingSet = [ "CAP_NET_ADMIN" ]; + }; services = { - # Configure the DHCPv6 server + # Configure the DHCPv6 server to hand out both IA_NA and IA_PD. # # We will hand out /48 prefixes from the subnet 2001:DB8:F000::/36. # That gives us ~8k prefixes. That should be enough for this test. @@ -49,31 +61,70 @@ import ./make-test-python.nix ({pkgs, ...}: { # Since (usually) you will not receive a prefix with the router # advertisements we also hand out /128 leases from the range # 2001:DB8:0000:0000:FFFF::/112. - dhcpd6 = { + kea.dhcp6 = { enable = true; - interfaces = [ "eth1" ]; - extraConfig = '' - subnet6 2001:DB8::/36 { - range6 2001:DB8:0000:0000:FFFF:: 2001:DB8:0000:0000:FFFF::FFFF; - prefix6 2001:DB8:F000:: 2001:DB8:FFFF:: /48; - } - - # This is the secret sauce. We have to extract the prefix and the - # next hop when commiting the lease to the database. dhcpd6 - # (rightfully) has not concept of adding routes to the systems - # routing table. It really depends on the setup. + settings = { + interfaces-config.interfaces = [ "eth1" ]; + subnet6 = [ { + interface = "eth1"; + subnet = "2001:DB8:F::/36"; + pd-pools = [ { + prefix = "2001:DB8:F::"; + prefix-len = 36; + delegated-len = 48; + } ]; + pools = [ { + pool = "2001:DB8:0000:0000:FFFF::-2001:DB8:0000:0000:FFFF::FFFF"; + } ]; + } ]; + + # This is the glue between Kea and the Kernel FIB. DHCPv6 + # rightfully has no concept of setting up a route in your + # FIB. This step really depends on your setup. # - # In a production environment your DHCPv6 server is likely not the - # router. You might want to consider BGP, custom NetConf calls, … - # in those cases. - on commit { - set IP = pick-first-value(binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-na, 16, 16)), "n/a"); - set Prefix = pick-first-value(binary-to-ascii(16, 16, ":", suffix(option dhcp6.ia-pd, 16)), "n/a"); - set PrefixLength = pick-first-value(binary-to-ascii(10, 8, ":", substring(suffix(option dhcp6.ia-pd, 17), 0, 1)), "n/a"); - log(concat(IP, " ", Prefix, " ", PrefixLength)); - execute("${pkgs.iproute2}/bin/ip", "-6", "route", "replace", concat(Prefix,"/",PrefixLength), "via", IP); - } - ''; + # In a production environment your DHCPv6 server is likely + # not the router. You might want to consider BGP, NETCONF + # calls, … in those cases. + # + # In this example we use the run script hook, that lets use + # execute anything and passes information via the environment. + # https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html#run-script-run-script-support-for-external-hook-scripts + hooks-libraries = [ { + library = "${pkgs.kea}/lib/kea/hooks/libdhcp_run_script.so"; + parameters = { + name = pkgs.writeShellScript "kea-run-hooks" '' + export PATH="${lib.makeBinPath (with pkgs; [ coreutils iproute2 ])}" + + set -euxo pipefail + + leases6_committed() { + for i in $(seq $LEASES6_SIZE); do + idx=$((i-1)) + prefix_var="LEASES6_AT''${idx}_ADDRESS" + plen_var="LEASES6_AT''${idx}_PREFIX_LEN" + + ip -6 route replace ''${!prefix_var}/''${!plen_var} via $QUERY6_REMOTE_ADDR dev $QUERY6_IFACE_NAME + done + } + + unknown_handler() { + echo "Unhandled function call ''${*}" + exit 123 + } + + case "$1" in + "leases6_committed") + leases6_committed + ;; + *) + unknown_handler "''${@}" + ;; + esac + ''; + sync = false; + }; + } ]; + }; }; # Finally we have to set up the router advertisements. While we could be -- cgit 1.4.1 From 534a2fd13ae96ab8052741f0548155aaf3818d29 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 30 Sep 2022 00:59:15 +0200 Subject: nixos/release-small: Add aarch64-linux to supportedSystems The aarch64-linux builders on hydra have had a good track in the last year or so and I think it's a good idea to include them in the default -small jobset. This happens in preparation of improving the distribution of the installer ISOs for aarch64-linux systems and advertise them more prominently on the homepage. --- nixos/release-small.nix | 78 ++++++++++++++++++++++++++++--------------------- 1 file changed, 44 insertions(+), 34 deletions(-) (limited to 'nixos') diff --git a/nixos/release-small.nix b/nixos/release-small.nix index 8367610fb7f7..0c4e8ec7c799 100644 --- a/nixos/release-small.nix +++ b/nixos/release-small.nix @@ -4,7 +4,7 @@ { nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 56789; shortRev = "gfedcba"; } , stableBranch ? false -, supportedSystems ? [ "x86_64-linux" ] # no i686-linux +, supportedSystems ? [ "aarch64-linux" "x86_64-linux" ] # no i686-linux }: let @@ -83,45 +83,55 @@ in rec { vim; }; - tested = pkgs.releaseTools.aggregate { + tested = let + onSupported = x: map (system: "${x}.${system}") supportedSystems; + onSystems = systems: x: map (system: "${x}.${system}") + (pkgs.lib.intersectLists systems supportedSystems); + in pkgs.releaseTools.aggregate { name = "nixos-${nixos.channel.version}"; meta = { description = "Release-critical builds for the NixOS channel"; maintainers = [ lib.maintainers.eelco ]; }; - constituents = - [ "nixos.channel" - "nixos.dummy.x86_64-linux" - "nixos.iso_minimal.x86_64-linux" - "nixos.amazonImage.x86_64-linux" - "nixos.manual.x86_64-linux" - "nixos.tests.boot.biosCdrom.x86_64-linux" - "nixos.tests.containers-imperative.x86_64-linux" - "nixos.tests.containers-ip.x86_64-linux" - "nixos.tests.firewall.x86_64-linux" - "nixos.tests.installer.lvm.x86_64-linux" - "nixos.tests.installer.separateBoot.x86_64-linux" - "nixos.tests.installer.simple.x86_64-linux" - "nixos.tests.ipv6.x86_64-linux" - "nixos.tests.login.x86_64-linux" - "nixos.tests.misc.x86_64-linux" - "nixos.tests.nat.firewall-conntrack.x86_64-linux" - "nixos.tests.nat.firewall.x86_64-linux" - "nixos.tests.nat.standalone.x86_64-linux" - # fails with kernel >= 5.15 https://github.com/NixOS/nixpkgs/pull/152505#issuecomment-1005049314 - #"nixos.tests.nfs3.simple.x86_64-linux" - "nixos.tests.openssh.x86_64-linux" - "nixos.tests.php.fpm.x86_64-linux" - "nixos.tests.php.pcre.x86_64-linux" - "nixos.tests.predictable-interface-names.predictable.x86_64-linux" - "nixos.tests.predictable-interface-names.predictableNetworkd.x86_64-linux" - "nixos.tests.predictable-interface-names.unpredictable.x86_64-linux" - "nixos.tests.predictable-interface-names.unpredictableNetworkd.x86_64-linux" - "nixos.tests.proxy.x86_64-linux" - "nixos.tests.simple.x86_64-linux" - "nixpkgs.jdk.x86_64-linux" + constituents = lib.flatten [ + [ + "nixos.channel" "nixpkgs.tarball" - ]; + ] + (map (onSystems [ "x86_64-linux" ]) [ + "nixos.tests.boot.biosCdrom" + "nixos.tests.installer.lvm" + "nixos.tests.installer.separateBoot" + "nixos.tests.installer.simple" + ]) + (map onSupported [ + "nixos.dummy" + "nixos.iso_minimal" + "nixos.amazonImage" + "nixos.manual" + "nixos.tests.containers-imperative" + "nixos.tests.containers-ip" + "nixos.tests.firewall" + "nixos.tests.ipv6" + "nixos.tests.login" + "nixos.tests.misc" + "nixos.tests.nat.firewall-conntrack" + "nixos.tests.nat.firewall" + "nixos.tests.nat.standalone" + # fails with kernel >= 5.15 https://github.com/NixOS/nixpkgs/pull/152505#issuecomment-1005049314 + #"nixos.tests.nfs3.simple" + "nixos.tests.openssh" + "nixos.tests.php.fpm" + "nixos.tests.php.pcre" + "nixos.tests.predictable-interface-names.predictable" + "nixos.tests.predictable-interface-names.predictableNetworkd" + "nixos.tests.predictable-interface-names.unpredictable" + "nixos.tests.predictable-interface-names.unpredictableNetworkd" + "nixos.tests.proxy" + "nixos.tests.simple" + "nixpkgs.jdk" + ]) + ]; }; } -- cgit 1.4.1 From cd5cc11918cd56ae077ed098a8b6bbd2aa77ccdb Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 30 Sep 2022 01:20:08 +0200 Subject: nixos/release-combined: Move aarch64-linux to supportedSystems The builders have had a good track record in the last year so this is worth a try. --- nixos/release-combined.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index e8677f7e1e97..7be47a4c3e57 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -4,8 +4,8 @@ { nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 56789; shortRev = "gfedcba"; } , stableBranch ? false -, supportedSystems ? [ "x86_64-linux" ] -, limitedSupportedSystems ? [ "i686-linux" "aarch64-linux" ] +, supportedSystems ? [ "aarch64-linux" "x86_64-linux" ] +, limitedSupportedSystems ? [ "i686-linux" ] }: let -- cgit 1.4.1 From 9328b7eebf6afbd345f20f5d76b6357f85037506 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 30 Sep 2022 01:42:19 +0200 Subject: nixos/release-combined: Build graphical ISOs for aarch64-linux --- nixos/release-combined.nix | 4 ++-- nixos/release.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 7be47a4c3e57..fa6c87b52228 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -50,8 +50,8 @@ in rec { (onFullSupported "nixos.dummy") (onAllSupported "nixos.iso_minimal") (onSystems ["x86_64-linux" "aarch64-linux"] "nixos.amazonImage") - (onSystems ["x86_64-linux"] "nixos.iso_plasma5") - (onSystems ["x86_64-linux"] "nixos.iso_gnome") + (onFullSupported "nixos.iso_plasma5") + (onFullSupported "nixos.iso_gnome") (onFullSupported "nixos.manual") (onSystems ["x86_64-linux"] "nixos.ova") (onSystems ["aarch64-linux"] "nixos.sd_image") diff --git a/nixos/release.nix b/nixos/release.nix index 4f27e5dbb215..919aa86a2d63 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -169,13 +169,13 @@ in rec { inherit system; }); - iso_plasma5 = forMatchingSystems [ "x86_64-linux" ] (system: makeIso { + iso_plasma5 = forMatchingSystems supportedSystems (system: makeIso { module = ./modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix; type = "plasma5"; inherit system; }); - iso_gnome = forMatchingSystems [ "x86_64-linux" ] (system: makeIso { + iso_gnome = forMatchingSystems supportedSystems (system: makeIso { module = ./modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix; type = "gnome"; inherit system; -- cgit 1.4.1 From 8f366cbfcc62871f481e035984e5932e30d8b0ed Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 30 Sep 2022 01:59:06 +0200 Subject: installer: enable vmware guest support on x86 only The vmware guest module asserts on this exact condition, so let's only enable it on that condition. --- nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix index c5976166fb31..b2a0ebb9e404 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix @@ -38,7 +38,7 @@ with lib; # VM guest additions to improve host-guest interaction services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - virtualisation.vmware.guest.enable = true; + virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86; virtualisation.hypervGuest.enable = true; services.xe-guest-utilities.enable = true; # The VirtualBox guest additions rely on an out-of-tree kernel module -- cgit 1.4.1 From 373c1a8e4322ef86f659c29e828b0a82e7df3777 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 30 Sep 2022 02:06:46 +0200 Subject: installer: enable xe-guest-utilities only on x86 Tries to find a target specific makefile for aarch64 which does not exist. --- nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix index b2a0ebb9e404..4a00c52916f6 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix @@ -40,7 +40,7 @@ with lib; services.qemuGuest.enable = true; virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86; virtualisation.hypervGuest.enable = true; - services.xe-guest-utilities.enable = true; + services.xe-guest-utilities.enable = pkgs.stdenv.hostPlatform.isx86; # The VirtualBox guest additions rely on an out-of-tree kernel module # which lags behind kernel releases, potentially causing broken builds. virtualisation.virtualbox.guest.enable = false; -- cgit 1.4.1 From 4b6758f83e33f55da6c67868c820461f453565d4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 8 Oct 2022 22:31:52 +0200 Subject: nixos/release-combined: Enable more jobs on aarch64-linux --- nixos/release-combined.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index fa6c87b52228..a11ee31ab8d0 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -58,9 +58,9 @@ in rec { (onSystems ["x86_64-linux"] "nixos.tests.boot.biosCdrom") (onSystems ["x86_64-linux"] "nixos.tests.boot.biosUsb") (onFullSupported "nixos.tests.boot-stage1") - (onSystems ["x86_64-linux"] "nixos.tests.boot.uefiCdrom") - (onSystems ["x86_64-linux"] "nixos.tests.boot.uefiUsb") - (onSystems ["x86_64-linux"] "nixos.tests.chromium") + (onFullSupported "nixos.tests.boot.uefiCdrom") + (onFullSupported "nixos.tests.boot.uefiUsb") + (onFullSupported "nixos.tests.chromium") (onFullSupported "nixos.tests.containers-imperative") (onFullSupported "nixos.tests.containers-ip") (onSystems ["x86_64-linux"] "nixos.tests.docker") -- cgit 1.4.1 From 08991fc87a784501c48499d238e6ed816e91df40 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 8 Oct 2022 22:33:53 +0200 Subject: nixos/release-small: Test uefi cdrom --- nixos/release-small.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/release-small.nix b/nixos/release-small.nix index 0c4e8ec7c799..1719d6738c5c 100644 --- a/nixos/release-small.nix +++ b/nixos/release-small.nix @@ -53,7 +53,8 @@ in rec { }; boot = { inherit (nixos'.tests.boot) - biosCdrom; + biosCdrom + uefiCdrom; }; }; }; @@ -109,6 +110,7 @@ in rec { "nixos.iso_minimal" "nixos.amazonImage" "nixos.manual" + "nixos.tests.boot.uefiCdrom" "nixos.tests.containers-imperative" "nixos.tests.containers-ip" "nixos.tests.firewall" -- cgit 1.4.1 From d97e915fafdeab433168b7bf1309c9634fba7dc9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 9 Oct 2022 23:29:45 +0200 Subject: nixos/tests/chromium: Enable on aarch64-linux --- nixos/tests/all-tests.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 643f1181eb5d..3b697139dc84 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -119,7 +119,7 @@ in { certmgr = handleTest ./certmgr.nix {}; cfssl = handleTestOn ["x86_64-linux"] ./cfssl.nix {}; charliecloud = handleTest ./charliecloud.nix {}; - chromium = (handleTestOn ["x86_64-linux"] ./chromium.nix {}).stable or {}; + chromium = (handleTestOn ["aarch64-linux" "x86_64-linux"] ./chromium.nix {}).stable or {}; cinnamon = handleTest ./cinnamon.nix {}; cjdns = handleTest ./cjdns.nix {}; clickhouse = handleTest ./clickhouse.nix {}; -- cgit 1.4.1 From 50c6895e772b76a9bb5d7be7158a60ea1fb02bea Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Wed, 27 Jul 2022 00:23:44 +0200 Subject: gnome-browser-connector: 10.1 → 42.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://discourse.gnome.org/t/split-and-rename-of-chrome-gnome-shell/11075 https://gitlab.gnome.org/nE0sIghT/gnome-browser-connector/-/compare/815ec9e1afa52bd3af5047e176a4ea9c1bfa2514...v42.0 - Renamed and split into a separate repo from the extensions. - CMake build replaced with Meson (jq also not needed) - requests Python module not needed since updates are now solely handled by GNOME Shell itself Also - Corrected license - Cleaned up the module - Replaced PYTHONPATH in a wrapper by Python environment Changelog-Reviewed-By: Jan Tojnar --- nixos/modules/module-list.nix | 2 +- .../services/desktops/gnome/chrome-gnome-shell.nix | 41 ------------- .../desktops/gnome/gnome-browser-connector.nix | 47 ++++++++++++++ .../services/x11/desktop-managers/gnome.nix | 2 +- .../networking/browsers/firefox/wrapper.nix | 4 +- .../extensions/chrome-gnome-shell/default.nix | 71 ---------------------- .../extensions/gnome-browser-connector/default.nix | 66 ++++++++++++++++++++ pkgs/top-level/aliases.nix | 2 + pkgs/top-level/all-packages.nix | 2 +- 9 files changed, 120 insertions(+), 117 deletions(-) delete mode 100644 nixos/modules/services/desktops/gnome/chrome-gnome-shell.nix create mode 100644 nixos/modules/services/desktops/gnome/gnome-browser-connector.nix delete mode 100644 pkgs/desktops/gnome/extensions/chrome-gnome-shell/default.nix create mode 100644 pkgs/desktops/gnome/extensions/gnome-browser-connector/default.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 494df03e3a36..9fc3af4b1ce6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -391,9 +391,9 @@ ./services/desktops/pipewire/pipewire-media-session.nix ./services/desktops/pipewire/wireplumber.nix ./services/desktops/gnome/at-spi2-core.nix - ./services/desktops/gnome/chrome-gnome-shell.nix ./services/desktops/gnome/evolution-data-server.nix ./services/desktops/gnome/glib-networking.nix + ./services/desktops/gnome/gnome-browser-connector.nix ./services/desktops/gnome/gnome-initial-setup.nix ./services/desktops/gnome/gnome-keyring.nix ./services/desktops/gnome/gnome-online-accounts.nix diff --git a/nixos/modules/services/desktops/gnome/chrome-gnome-shell.nix b/nixos/modules/services/desktops/gnome/chrome-gnome-shell.nix deleted file mode 100644 index 7d0ee9ed0221..000000000000 --- a/nixos/modules/services/desktops/gnome/chrome-gnome-shell.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Chrome GNOME Shell native host connector. -{ config, lib, pkgs, ... }: - -with lib; - -{ - meta = { - maintainers = teams.gnome.members; - }; - - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "chrome-gnome-shell" "enable" ] - [ "services" "gnome" "chrome-gnome-shell" "enable" ] - ) - ]; - - ###### interface - options = { - services.gnome.chrome-gnome-shell.enable = mkEnableOption (lib.mdDoc '' - Chrome GNOME Shell native host connector, a DBus service - allowing to install GNOME Shell extensions from a web browser. - ''); - }; - - - ###### implementation - config = mkIf config.services.gnome.chrome-gnome-shell.enable { - environment.etc = { - "chromium/native-messaging-hosts/org.gnome.chrome_gnome_shell.json".source = "${pkgs.chrome-gnome-shell}/etc/chromium/native-messaging-hosts/org.gnome.chrome_gnome_shell.json"; - "opt/chrome/native-messaging-hosts/org.gnome.chrome_gnome_shell.json".source = "${pkgs.chrome-gnome-shell}/etc/opt/chrome/native-messaging-hosts/org.gnome.chrome_gnome_shell.json"; - }; - - environment.systemPackages = [ pkgs.chrome-gnome-shell ]; - - services.dbus.packages = [ pkgs.chrome-gnome-shell ]; - - nixpkgs.config.firefox.enableGnomeExtensions = true; - }; -} diff --git a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix new file mode 100644 index 000000000000..5d4ddce94220 --- /dev/null +++ b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mdDoc mkEnableOption mkIf mkRenamedOptionModule teams; +in + +{ + meta = { + maintainers = teams.gnome.members; + }; + + imports = [ + # Added 2021-05-07 + (mkRenamedOptionModule + [ "services" "gnome3" "chrome-gnome-shell" "enable" ] + [ "services" "gnome" "gnome-browser-connector" "enable" ] + ) + # Added 2022-07-25 + (mkRenamedOptionModule + [ "services" "gnome" "chrome-gnome-shell" "enable" ] + [ "services" "gnome" "gnome-browser-connector" "enable" ] + ) + ]; + + options = { + services.gnome.gnome-browser-connector.enable = mkEnableOption (mdDoc '' + Native host connector for the GNOME Shell browser extension, a DBus service + allowing to install GNOME Shell extensions from a web browser. + ''); + }; + + config = mkIf config.services.gnome.gnome-browser-connector.enable { + environment.etc = { + "chromium/native-messaging-hosts/org.gnome.browser_connector.json".source = "${pkgs.gnome-browser-connector}/etc/chromium/native-messaging-hosts/org.gnome.browser_connector.json"; + "opt/chrome/native-messaging-hosts/org.gnome.browser_connector.json".source = "${pkgs.gnome-browser-connector}/etc/opt/chrome/native-messaging-hosts/org.gnome.browser_connector.json"; + # Legacy paths. + "chromium/native-messaging-hosts/org.gnome.chrome_gnome_shell.json".source = "${pkgs.gnome-browser-connector}/etc/chromium/native-messaging-hosts/org.gnome.chrome_gnome_shell.json"; + "opt/chrome/native-messaging-hosts/org.gnome.chrome_gnome_shell.json".source = "${pkgs.gnome-browser-connector}/etc/opt/chrome/native-messaging-hosts/org.gnome.chrome_gnome_shell.json"; + }; + + environment.systemPackages = [ pkgs.gnome-browser-connector ]; + + services.dbus.packages = [ pkgs.gnome-browser-connector ]; + + nixpkgs.config.firefox.enableGnomeExtensions = true; + }; +} diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index d3db98cb4e2a..c91181491fa1 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -389,8 +389,8 @@ in ++ utils.removePackagesByName optionalPackages config.environment.gnome.excludePackages; services.colord.enable = mkDefault true; - services.gnome.chrome-gnome-shell.enable = mkDefault true; services.gnome.glib-networking.enable = true; + services.gnome.gnome-browser-connector.enable = mkDefault true; services.gnome.gnome-initial-setup.enable = mkDefault true; services.gnome.gnome-remote-desktop.enable = mkDefault true; services.gnome.gnome-settings-daemon.enable = true; diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index e09bbef871b5..eeb72590df23 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -4,7 +4,7 @@ ## various stuff that can be plugged in , ffmpeg_5, xorg, alsa-lib, libpulseaudio, libcanberra-gtk3, libglvnd, libnotify, opensc , gnome/*.gnome-shell*/ -, browserpass, chrome-gnome-shell, uget-integrator, plasma5Packages, bukubrow, pipewire +, browserpass, gnome-browser-connector, uget-integrator, plasma5Packages, bukubrow, pipewire , tridactyl-native , fx_cast_bridge , udev @@ -65,7 +65,7 @@ let ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) ++ lib.optional (cfg.enableBukubrow or false) bukubrow ++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native - ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell + ++ lib.optional (cfg.enableGnomeExtensions or false) gnome-browser-connector ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration ++ lib.optional (cfg.enableFXCastBridge or false) fx_cast_bridge diff --git a/pkgs/desktops/gnome/extensions/chrome-gnome-shell/default.nix b/pkgs/desktops/gnome/extensions/chrome-gnome-shell/default.nix deleted file mode 100644 index 779d7506abf5..000000000000 --- a/pkgs/desktops/gnome/extensions/chrome-gnome-shell/default.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ lib, stdenv -, fetchurl -, cmake -, ninja -, jq -, python3 -, gnome -, wrapGAppsHook -, gobject-introspection -}: - -let - inherit (python3.pkgs) python pygobject3 requests; -in -stdenv.mkDerivation rec { - pname = "chrome-gnome-shell"; - version = "10.1"; - - src = fetchurl { - url = "mirror://gnome/sources/chrome-gnome-shell/${version}/${pname}-${version}.tar.xz"; - sha256 = "0f54xyamm383ypbh0ndkza0pif6ljddg2f947p265fkqj3p4zban"; - }; - - nativeBuildInputs = [ - cmake - ninja - jq - wrapGAppsHook - gobject-introspection # for setup-hook - ]; - - buildInputs = [ - gnome.gnome-shell - python - pygobject3 - requests - gobject-introspection # for Gio typelib - ]; - - cmakeFlags = [ - "-DBUILD_EXTENSION=OFF" - ]; - - wrapPrefixVariables = [ - "PYTHONPATH" - ]; - - # cmake setup hook changes /etc/opt into /var/empty - dontFixCmake = true; - - preConfigure = '' - substituteInPlace CMakeLists.txt --replace "/etc" "$out/etc" - ''; - - passthru = { - updateScript = gnome.updateScript { - packageName = "chrome-gnome-shell"; - }; - }; - - meta = with lib; { - description = "GNOME Shell integration for Chrome"; - homepage = "https://wiki.gnome.org/Projects/GnomeShellIntegrationForChrome"; - longDescription = '' - To use the integration, install the browser extension, and then set to true. - ''; - license = licenses.gpl3; - maintainers = teams.gnome.members; - platforms = platforms.linux; - }; -} diff --git a/pkgs/desktops/gnome/extensions/gnome-browser-connector/default.nix b/pkgs/desktops/gnome/extensions/gnome-browser-connector/default.nix new file mode 100644 index 000000000000..57052ddf3c56 --- /dev/null +++ b/pkgs/desktops/gnome/extensions/gnome-browser-connector/default.nix @@ -0,0 +1,66 @@ +{ stdenv +, lib +, fetchFromGitLab +, meson +, ninja +, python3 +, gnome +, wrapGAppsNoGuiHook +, gobject-introspection +}: + +let + inherit (python3.pkgs) buildPythonApplication pygobject3; +in +buildPythonApplication rec { + pname = "gnome-browser-connector"; + version = "42.0"; + + format = "other"; + + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; + owner = "nE0sIghT"; + repo = "gnome-browser-connector"; + rev = "v${version}"; + sha256 = "pYbV/qCmSrM2nrrKxbxHnJYMDOiW0aeNbFlsm5kKWdk="; + }; + + nativeBuildInputs = [ + meson + ninja + wrapGAppsNoGuiHook + gobject-introspection # for setup-hook + ]; + + buildInputs = [ + gnome.gnome-shell + gobject-introspection # for Gio typelib + ]; + + pythonPath = [ + pygobject3 + ]; + + postPatch = '' + patchShebangs contrib/merge_json.py + ''; + + dontWrapGApps = true; + + # Arguments to be passed to `makeWrapper`, only used by buildPython* + preFixup = '' + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + ''; + + meta = with lib; { + description = "Native host connector for the GNOME Shell browser extension"; + homepage = "https://wiki.gnome.org/Projects/GnomeShellIntegration"; + longDescription = '' + To use the integration, install the browser extension, and then set to true. + ''; + license = licenses.gpl3Plus; + maintainers = teams.gnome.members; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 2e2e4bf5c79e..5b2dcc492f6d 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -153,6 +153,8 @@ mapAliases ({ catfish = throw "'catfish' has been renamed to/replaced by 'xfce.catfish'"; # Converted to throw 2022-09-24 cde-gtk-theme = throw "cde-gtk-theme has been removed from nixpkgs as it shipped with python2 scripts that didn't work anymore"; # Added 2022-01-12 checkbashism = throw "'checkbashism' has been renamed to/replaced by 'checkbashisms'"; # Converted to throw 2022-02-22 + chrome-gnome-shell = gnome-browser-connector; # Added 2022-07-27 + chronos = throw "chronos has been removed from nixpkgs, as it was unmaintained"; # Added 2020-08-15 chunkwm = throw "chunkwm has been removed: abandoned by upstream"; # Added 2022-01-07 cifs_utils = throw "'cifs_utils' has been renamed to/replaced by 'cifs-utils'"; # Converted to throw 2022-02-22 cipherscan = throw "cipherscan was removed from nixpkgs, as it was unmaintained"; # added 2021-12-11 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b38c9c6ec07e..04be96e82960 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -34564,7 +34564,7 @@ with pkgs; gnome-tour = callPackage ../desktops/gnome/core/gnome-tour { }; - chrome-gnome-shell = callPackage ../desktops/gnome/extensions/chrome-gnome-shell { }; + gnome-browser-connector = callPackage ../desktops/gnome/extensions/gnome-browser-connector { }; gnome-2048 = callPackage ../desktops/gnome/games/gnome-2048 { }; -- cgit 1.4.1 From b8e21f065b9eb4dbd3c9932dcfc4d6e76c467245 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Wed, 7 Sep 2022 23:50:58 +0200 Subject: librsvg: remove installed tests Build will start failing with the following error in 2.55.1 due to `/build/librsvg-2.55.1/.libs` ending up in rpath: RPATH of binary /nix/store/78k70limslvxs6y98hdirbcixl3car1q-librsvg-2.55.1-installedTests/libexec/installed-tests/RSVG/api contains a forbidden reference to /build/ --- nixos/tests/installed-tests/default.nix | 1 - nixos/tests/installed-tests/librsvg.nix | 9 --------- pkgs/development/libraries/librsvg/default.nix | 13 +------------ 3 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 nixos/tests/installed-tests/librsvg.nix (limited to 'nixos') diff --git a/nixos/tests/installed-tests/default.nix b/nixos/tests/installed-tests/default.nix index b2c1b43f90ee..2e38cd389c74 100644 --- a/nixos/tests/installed-tests/default.nix +++ b/nixos/tests/installed-tests/default.nix @@ -101,7 +101,6 @@ in json-glib = callInstalledTest ./json-glib.nix {}; ibus = callInstalledTest ./ibus.nix {}; libgdata = callInstalledTest ./libgdata.nix {}; - librsvg = callInstalledTest ./librsvg.nix {}; glib-testing = callInstalledTest ./glib-testing.nix {}; libjcat = callInstalledTest ./libjcat.nix {}; libxmlb = callInstalledTest ./libxmlb.nix {}; diff --git a/nixos/tests/installed-tests/librsvg.nix b/nixos/tests/installed-tests/librsvg.nix deleted file mode 100644 index 378e7cce3ff4..000000000000 --- a/nixos/tests/installed-tests/librsvg.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, makeInstalledTest, ... }: - -makeInstalledTest { - tested = pkgs.librsvg; - - testConfig = { - virtualisation.memorySize = 2047; - }; -} diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix index 19f75110c13b..0d3d5a2a1eb5 100644 --- a/pkgs/development/libraries/librsvg/default.nix +++ b/pkgs/development/libraries/librsvg/default.nix @@ -22,7 +22,6 @@ , vala , withIntrospection ? stdenv.hostPlatform == stdenv.buildPlatform , gobject-introspection -, nixosTests , _experimental-update-script-combinators , common-updater-scripts , jq @@ -33,7 +32,7 @@ stdenv.mkDerivation rec { pname = "librsvg"; version = "2.55.0"; - outputs = [ "out" "dev" "installedTests" ] ++ lib.optionals withIntrospection [ + outputs = [ "out" "dev" ] ++ lib.optionals withIntrospection [ "devdoc" ]; @@ -93,16 +92,10 @@ stdenv.mkDerivation rec { # https://github.com/NixOS/nixpkgs/pull/117081#issuecomment-827782004 (lib.enableFeature (withIntrospection && !stdenv.isDarwin) "vala") - "--enable-installed-tests" "--enable-always-build-tests" ] ++ lib.optional stdenv.isDarwin "--disable-Bsymbolic" ++ lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) "RUST_TARGET=${rust.toRustTarget stdenv.hostPlatform}"; - makeFlags = [ - "installed_test_metadir=${placeholder "installedTests"}/share/installed-tests/RSVG" - "installed_testdir=${placeholder "installedTests"}/libexec/installed-tests/RSVG" - ]; - doCheck = false; # all tests fail on libtool-generated rsvg-convert not being able to find coreutils # It wants to add loaders and update the loaders.cache in gdk-pixbuf @@ -176,10 +169,6 @@ stdenv.mkDerivation rec { updateSource updateLockfile ]; - - tests = { - installedTests = nixosTests.installed-tests.librsvg; - }; }; meta = with lib; { -- cgit 1.4.1 From 0e989a5bd96ee67ad435b3b548c5ab85ec514b23 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sun, 7 Aug 2022 17:11:53 +0000 Subject: gnome.nautilus: 43.alpha → 43.beta MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/nautilus/-/compare/43.alpha...43.beta Also change the environment variable name to prevent crashes when running in an old environment. Changelog-Reviewed-By: Jan Tojnar --- nixos/modules/services/x11/desktop-managers/gnome.nix | 2 +- pkgs/desktops/gnome/apps/file-roller/default.nix | 2 +- pkgs/desktops/gnome/core/nautilus/default.nix | 9 +++++++-- pkgs/desktops/gnome/core/nautilus/extension_dir.patch | 2 +- pkgs/desktops/gnome/misc/nautilus-python/default.nix | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index c91181491fa1..9c1978e362bc 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -520,7 +520,7 @@ in # Let nautilus find extensions # TODO: Create nautilus-with-extensions package - environment.sessionVariables.NAUTILUS_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-3.0"; + environment.sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4"; # Override default mimeapps for nautilus environment.sessionVariables.XDG_DATA_DIRS = [ "${mimeAppsList}/share" ]; diff --git a/pkgs/desktops/gnome/apps/file-roller/default.nix b/pkgs/desktops/gnome/apps/file-roller/default.nix index 12cb3a223fab..a39df566c9c2 100644 --- a/pkgs/desktops/gnome/apps/file-roller/default.nix +++ b/pkgs/desktops/gnome/apps/file-roller/default.nix @@ -74,7 +74,7 @@ stdenv.mkDerivation rec { nautilus ]; - PKG_CONFIG_LIBNAUTILUS_EXTENSION_EXTENSIONDIR = "${placeholder "out"}/lib/nautilus/extensions-3.0"; + PKG_CONFIG_LIBNAUTILUS_EXTENSION_EXTENSIONDIR = "${placeholder "out"}/lib/nautilus/extensions-4"; postPatch = '' chmod +x postinstall.py # patchShebangs requires executable file diff --git a/pkgs/desktops/gnome/core/nautilus/default.nix b/pkgs/desktops/gnome/core/nautilus/default.nix index 37c5ac2aa724..95f4f0b671cf 100644 --- a/pkgs/desktops/gnome/core/nautilus/default.nix +++ b/pkgs/desktops/gnome/core/nautilus/default.nix @@ -23,23 +23,25 @@ , tracker-miners , gexiv2 , libselinux +, libcloudproviders , gdk-pixbuf , substituteAll , gnome-desktop , gst_all_1 , gsettings-desktop-schemas +, gnome-user-share , gobject-introspection }: stdenv.mkDerivation rec { pname = "nautilus"; - version = "43.alpha"; + version = "43.beta"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "hjVoot3dHPgTNmbDe4Cwf4AN6Wbomh0l4QM0mP+iw5k="; + sha256 = "5SEptSc/ZBb///prJr00pWrLfUXltuCVU1UpOhZXkfU="; }; patches = [ @@ -70,6 +72,7 @@ stdenv.mkDerivation rec { gnome-desktop gnome.adwaita-icon-theme gsettings-desktop-schemas + gnome-user-share gst_all_1.gst-plugins-base gtk4 libadwaita @@ -78,6 +81,8 @@ stdenv.mkDerivation rec { libnotify libseccomp libselinux + gdk-pixbuf + libcloudproviders shared-mime-info tracker tracker-miners diff --git a/pkgs/desktops/gnome/core/nautilus/extension_dir.patch b/pkgs/desktops/gnome/core/nautilus/extension_dir.patch index e1313999675d..344a50fa45b9 100644 --- a/pkgs/desktops/gnome/core/nautilus/extension_dir.patch +++ b/pkgs/desktops/gnome/core/nautilus/extension_dir.patch @@ -13,7 +13,7 @@ index 6273a76..4adcc8a 100644 initialized = TRUE; - load_module_dir (NAUTILUS_EXTENSIONDIR); -+ extensiondir = g_getenv ("NAUTILUS_EXTENSION_DIR"); ++ extensiondir = g_getenv ("NAUTILUS_4_EXTENSION_DIR"); + if (extensiondir == NULL) { + extensiondir = NAUTILUS_EXTENSIONDIR; + } diff --git a/pkgs/desktops/gnome/misc/nautilus-python/default.nix b/pkgs/desktops/gnome/misc/nautilus-python/default.nix index db304bcf5859..7bc446a29de0 100644 --- a/pkgs/desktops/gnome/misc/nautilus-python/default.nix +++ b/pkgs/desktops/gnome/misc/nautilus-python/default.nix @@ -72,7 +72,7 @@ stdenv.mkDerivation rec { "PYTHON_LIB_LOC=${python3}/lib" ]; - PKG_CONFIG_LIBNAUTILUS_EXTENSION_EXTENSIONDIR = "${placeholder "out"}/lib/nautilus/extensions-3.0"; + PKG_CONFIG_LIBNAUTILUS_EXTENSION_EXTENSIONDIR = "${placeholder "out"}/lib/nautilus/extensions-4"; passthru = { updateScript = gnome.updateScript { -- cgit 1.4.1 From fed9f9420e6d4e99ba1365cb7553f75795179206 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 20 Sep 2022 15:41:55 +0200 Subject: release-notes: Mention GNOME 43 --- nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 7 +++++++ nixos/doc/manual/release-notes/rl-2211.section.md | 3 +++ 2 files changed, 10 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 9e5d4bfd20d9..ef913cc95436 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -11,6 +11,13 @@ has the following highlights: + + + GNOME has been upgraded to 43. Please take a look at their + Release + Notes for details. + + During cross-compilation, tests are now executed if the test diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 47f3da3a435a..33065c90dd21 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -6,6 +6,9 @@ Support is planned until the end of June 2023, handing over to 23.05. In addition to numerous new and upgraded packages, this release has the following highlights: +- GNOME has been upgraded to 43. Please take a look at their [Release + Notes](https://release.gnome.org/43/) for details. + - During cross-compilation, tests are now executed if the test suite can be executed by the build platform. This is the case when doing “native” cross-compilation where the build and host platforms are largely the same, but the nixpkgs' cross -- cgit 1.4.1 From 35dffb9f9362de07619bc6a560d0c391e3be54f1 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Wed, 21 Sep 2022 10:27:09 +0800 Subject: pantheon.elementary-tasks: Mark as broken Does not build with e-d-s 3.45+ / libsoup 3 and porting is likely not easy. --- nixos/modules/services/x11/desktop-managers/pantheon.nix | 2 +- pkgs/desktops/pantheon/apps/elementary-tasks/default.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index 90a8787ed227..5c0203224e13 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -285,7 +285,7 @@ in elementary-music elementary-photos elementary-screenshot - elementary-tasks + # elementary-tasks elementary-terminal elementary-videos epiphany diff --git a/pkgs/desktops/pantheon/apps/elementary-tasks/default.nix b/pkgs/desktops/pantheon/apps/elementary-tasks/default.nix index 7efd7e99da28..cd82dba99bfe 100644 --- a/pkgs/desktops/pantheon/apps/elementary-tasks/default.nix +++ b/pkgs/desktops/pantheon/apps/elementary-tasks/default.nix @@ -73,5 +73,6 @@ stdenv.mkDerivation rec { platforms = platforms.linux; maintainers = teams.pantheon.members; mainProgram = "io.elementary.tasks"; + broken = true; # https://github.com/elementary/tasks/issues/340 }; } -- cgit 1.4.1 From 4c6984346080dca83083bc7063df8fe820a025bc Mon Sep 17 00:00:00 2001 From: Patrick Jackson Date: Mon, 12 Sep 2022 13:42:34 -0700 Subject: nixos/mullvad-vpn: change dependency for the daemon to pkg mullvad --- nixos/modules/services/networking/mullvad-vpn.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/mullvad-vpn.nix b/nixos/modules/services/networking/mullvad-vpn.nix index ca60682b4b8b..42d55056084d 100644 --- a/nixos/modules/services/networking/mullvad-vpn.nix +++ b/nixos/modules/services/networking/mullvad-vpn.nix @@ -39,7 +39,7 @@ with lib; startLimitBurst = 5; startLimitIntervalSec = 20; serviceConfig = { - ExecStart = "${pkgs.mullvad-vpn}/bin/mullvad-daemon -v --disable-stdout-timestamps"; + ExecStart = "${pkgs.mullvad}/bin/mullvad-daemon -v --disable-stdout-timestamps"; Restart = "always"; RestartSec = 1; }; -- cgit 1.4.1 From dd34f474ed6c719c094085e24108888761ab2b67 Mon Sep 17 00:00:00 2001 From: Shadaj Laddad Date: Mon, 29 Aug 2022 16:40:28 -0700 Subject: nixos/restic: make it possible to use the existing backup cache for prune/check Configures the `--cache-dir` parameter for the prune and check commands run after backing up. For `check`, also adds a `checkOpts` flag to enable using the cache, since that is disabled by default. --- nixos/modules/services/backup/restic.nix | 16 ++++++++++++++-- nixos/tests/restic.nix | 4 ++++ 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 2b0dcb16344c..6fde11927c03 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -196,6 +196,18 @@ in ]; }; + checkOpts = mkOption { + type = types.listOf types.str; + default = [ ]; + description = lib.mdDoc '' + A list of options for 'restic check', which is run after + pruning. + ''; + example = [ + "--with-cache" + ]; + }; + dynamicFilesFrom = mkOption { type = with types; nullOr str; default = null; @@ -270,8 +282,8 @@ in then if (backup.paths != null) then concatStringsSep " " backup.paths else "" else "--files-from ${filesFromTmpFile}"; pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ - (resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts)) - (resticCmd + " check") + (resticCmd + " forget --prune --cache-dir=%C/restic-backups-${name} " + (concatStringsSep " " backup.pruneOpts)) + (resticCmd + " check --cache-dir=%C/restic-backups-${name} " + (concatStringsSep " " backup.checkOpts)) ]; # Helper functions for rclone remotes rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1; diff --git a/nixos/tests/restic.nix b/nixos/tests/restic.nix index 75fffe9d9a84..16dd5f8c5c8a 100644 --- a/nixos/tests/restic.nix +++ b/nixos/tests/restic.nix @@ -68,6 +68,9 @@ import ./make-test-python.nix ( package = pkgs.writeShellScriptBin "restic" '' echo "$@" >> /tmp/fake-restic.log; ''; + + pruneOpts = [ "--keep-last 1" ]; + checkOpts = [ "--some-check-option" ]; }; }; @@ -98,6 +101,7 @@ import ./make-test-python.nix ( '${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"', "systemctl start restic-backups-custompackage.service", "grep 'backup .* /opt' /tmp/fake-restic.log", + "grep 'check .* --some-check-option' /tmp/fake-restic.log", "timedatectl set-time '2017-12-13 13:45'", "systemctl start restic-backups-remotebackup.service", "rm /opt/backupCleanupCommand", -- cgit 1.4.1