freezeboy
ee0e1e0bcb
nixos(freepops): remove module
2020-11-03 10:45:29 +01:00
Silvan Mosberger
8a7ea52173
Merge pull request #99019 from sumnerevans/master
...
Add ability to configure executable for redshift service
2020-11-03 01:00:40 +01:00
Silvan Mosberger
aeaf78adb8
Merge pull request #102204 from danderson/danderson/transmission-dir
...
nixos/transmission: point at the settings dir in cfg.home.
2020-11-03 00:45:04 +01:00
Ricardo M. Correia
48f8b85e1c
nixos/chrony: fix owner of chrony drift file
...
It had become owned by root due to #97546 .
2020-11-02 21:41:49 +01:00
Maximilian Bosch
819b0f4bb8
nixos/initrd-network-ssh: fix test
...
The test relied on moving `initrd` secrets from the store into the
`initrd` which was fine here as it's only an integration test and not a
production environment.
However, this broke in 20.09 when support for this was dropped[1]. To make
sure that the snakeoil key used as hostkey for `sshd` here actually gets
copied into the VM, I added a small script for this that takes care of
this process while building the initial ramdisk.
[1] d930466b77
2020-11-02 21:18:57 +01:00
Graham Christensen
75a2bc94fa
Merge pull request #101192 from grahamc/nixpkgs-location-basic-auth
...
nginx: support basic auth in location blocks
2020-11-02 09:44:54 -05:00
Graham Christensen
3361a037b9
nginx: add a warning that nginx's basic auth isn't very good.
2020-11-02 08:16:01 -05:00
Graham Christensen
a4b86b2bf5
nginx: test basic auth
2020-11-02 08:16:01 -05:00
Graham Christensen
c7bf3828f0
nginx: add basic auth support for locations
2020-11-02 08:16:00 -05:00
Graham Christensen
33cf4f0e8e
nginx: factor out the generation of basic auth generation
2020-11-02 08:16:00 -05:00
Dominique Martinet
1fb299064b
stunnel: make servers accept more lenient
...
stunnel config's accept syntax is [host:]port -- this is required to e.g. listen on ipv6
where one would set :::port
2020-11-02 10:51:00 +01:00
Antoine Eiche
81063ee414
nixos.tests.systemd-journal: add basic systemd-journal-gatewayd test
...
This test allows to ensure the systemd-journal-gatewayd service is
responding correcly when the NixOS option `enableHttpGateway` is set.
The test has not been added into the main systemd test because a
graphical stack is not required (and rebuilding the graphical stack on
systemd change is huge).
2020-11-02 09:07:52 +01:00
Andreas Rammhold
2ba1c007f6
Merge pull request #102350 from andir/nixos-test-prometheus
...
nixos/tests/prometheus: remove invalid thanos config flag
2020-11-01 19:45:00 +01:00
Dominique Martinet
05eef8051b
stunnel service: fix servers example
...
examples incorrectly had 'enable' set, the option is not defined
and reproducing would error out
2020-11-01 18:17:57 +01:00
Maximilian Bosch
4f3f06d070
Merge pull request #101553 from Mic92/nextcloud
...
Nextcloud: fix ldap integration
2020-11-01 16:10:18 +01:00
Arnout Engelen
c9b669a283
nixos.manual: introduce Wayland section
...
Co-Authored-By: Nicolas Berbiche <nicolas@normie.dev>
2020-11-01 15:47:10 +01:00
Andreas Rammhold
e4865130cf
nixos/tests/prometheus: remove invalid thanos config flag
...
Upstream has apparently changed the configuration format and is now
throwing an error when the `encrypt_sse` option is set. According to the
current version of the documentation encryption moved to the
`sse_config` option that (is optional and) offers all the features we do
not use or care about for this test.
2020-11-01 14:33:11 +01:00
Jörg Thalheim
7b5cebfa71
Merge pull request #102237 from oxzi/tlp-deprecation-note
...
nixos/tlp: Fix deprecation hint
2020-11-01 11:46:11 +01:00
Frederik Rietdijk
409ca6f1f9
Merge staging-next into staging
2020-11-01 11:06:35 +01:00
Frederik Rietdijk
54f7498601
Merge pull request #101369 from doronbehar/pkg/kdeApplications/qt515
...
kdeApplications: Use latest qt515 by default
2020-11-01 11:05:05 +01:00
Frederik Rietdijk
83dde6c52c
Merge staging-next into staging
2020-11-01 10:11:12 +01:00
rnhmjoj
497b7018e4
nixos/bluetooth: disable restart on unit changes
2020-10-31 21:46:42 +01:00
Andreas Rammhold
fd0b3839b2
Merge pull request #102249 from rnhmjoj/firefox-audio
...
nixos/tests/firefox: add audio subtest
2020-10-31 21:23:10 +01:00
zimbatm
7d834eff6c
nixos/manual: make reproducible ( #102234 )
2020-10-31 21:18:16 +01:00
rnhmjoj
f7904ca45b
nixos/tests/firefox: add audio subtest
2020-10-31 20:53:15 +01:00
Philipp Kern
ec6b0950ef
nixos/prometheus: Support environmentFile ( #97933 )
...
For the same reason Alertmanager supports environmentFile to pass
secrets along, it is useful to support the same for Prometheus'
configuration to store bearer tokens outside the Nix store.
2020-10-31 20:52:13 +01:00
WORLDofPEACE
eaaf9254aa
Merge pull request #100520 from hyperfekt/patch-3
...
nixos-install: add passthrough --keep-going flag
2020-10-31 15:19:51 -04:00
Niklas Hambüchen
441abe9949
release notes: Document deprecation warning for StartLimitInterval in [Service]
2020-10-31 18:11:03 +01:00
hyperfekt
1338647a8c
nixos-install: pass through keep-going flag
2020-10-31 17:13:45 +01:00
lf-
644079e707
nixos/modules: deprecation warning for StartLimitInterval in [Service]
...
This implements
https://github.com/NixOS/nixpkgs/issues/45786#issuecomment-440091879
2020-10-31 16:50:35 +01:00
Niklas Hambüchen
c178fe4bbb
nixos/modules: Reformat warnings
section
2020-10-31 16:50:25 +01:00
Alvar Penning
0ad1519ad9
nixos/tlp: Fix deprecation hint
...
The deprecated extraConfig option refers to the config option, which
does not exists. The settings option should be used.
2020-10-31 16:33:45 +01:00
lf-
b37bbca521
nixos/modules: fix systemd start rate-limits
...
These were broken since 2016:
f0367da7d1
since StartLimitIntervalSec got moved into [Unit] from [Service].
StartLimitBurst has also been moved accordingly, so let's fix that one
too.
NixOS systems have been producing logs such as:
/nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31:
Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring.
I have also removed some unnecessary duplication in units disabling
rate limiting since setting either interval or burst to zero disables it
(ad16158c10/src/basic/ratelimit.c (L16)
)
2020-10-31 01:35:56 -07:00
Jade
2df221ec8a
nixos/postgresql: fix inaccurate docs for authentication ( #97622 )
...
* nixos/postgresql: fix inaccurate docs for authentication
We actually use peer authentication, then md5 based authentication.
trust is not used.
* Use a link for mkForce docs
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
Co-authored-by: lf- <lf-@users.noreply.github.com>
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
2020-10-31 03:35:19 -04:00
WORLDofPEACE
7b3b82f7af
Merge pull request #100136 from xaverdh/nixos-install-support-impure
...
nixos-install: pass through impure flag
2020-10-31 01:17:07 -04:00
David Anderson
43effbbc59
nixos/transmission: point at the settings dir in cfg.home.
...
Without this, transmission starts with an empty config when using
a custom home location.
Signed-off-by: David Anderson <dave@natulte.net>
2020-10-30 19:03:42 -07:00
David Anderson
9a8d6011aa
nixos/tailscale: add tailscale to environment.systemPackages.
...
Use of Tailscale requires using the `tailscale` CLI to talk to the
daemon. If the CLI isn't in systemPackages, the resulting user experience
is confusing as the Tailscale daemon does nothing.
Signed-off-by: David Anderson <dave@natulte.net>
2020-10-30 17:58:14 -07:00
Mira Ressel
a7de454a76
nixos/qemu-vm: Update system.requiredKernelConfig
...
Verify that all kernel modules which are required for mounting
/nix/store in the VM are present.
2020-10-30 22:22:58 +01:00
Mira Ressel
8ee970442b
nixos/qemu-vm: Don't require CONFIG_EXPERIMENTAL
...
The kernel stopped using this config option with version 3.9 (back in
2013!).
2020-10-30 22:22:57 +01:00
Mira Ressel
ef5268bcab
nixos/qemu-vm: Fix condition in requiredKernelConfig
...
'optional' just takes a single item rather than a list
2020-10-30 22:22:13 +01:00
Graham Christensen
38a394bdee
Merge pull request #102174 from grahamc/ami-root-use-gpt
...
AMI root partition table: use GPT to support >2T partitions
2020-10-30 16:14:37 -04:00
Graham Christensen
860a3a23c6
Merge pull request #102175 from grahamc/ami-random
...
amazon-image: random.trust_cpu=on to cut 10s from boot
2020-10-30 16:13:41 -04:00
Graham Christensen
c06b97175b
Merge pull request #102173 from grahamc/create-amis
...
create-amis.sh: fixup shellcheck issues, improve error logging, and add configurable service names
2020-10-30 16:13:18 -04:00
Graham Christensen
82578fc725
Merge pull request #102172 from grahamc/stage-1-datestamps
...
stage-1: add datestamps to logs
2020-10-30 16:13:02 -04:00
Graham Christensen
b34cf366aa
Merge pull request #102171 from grahamc/faster-ext-resize
...
stage-1: modprobe ext{2,3,4} before resizing (so resizing takes less than 45 minutes)
2020-10-30 16:12:50 -04:00
WORLDofPEACE
214af51225
Merge pull request #101067 from deviant/remove-caddy-agree
...
nixos/caddy: remove services.caddy.agree
2020-10-30 16:02:44 -04:00
Graham Christensen
d77ddf2a40
nixos.amazonAmi: use legacy+gpt disk images to support partitions >2T
2020-10-30 15:50:25 -04:00
Graham Christensen
d78aa080f5
make-disk-image: support legacy+gpt
2020-10-30 15:50:24 -04:00
Doron Behar
77e081bb2b
nixos/sddm: Use libsForQt514.sddm if needed (for lxqt)
...
Currently lxqt is a desktop environment that's compiled against qt514.
To avoid possible issues (#101369 ), we (hopefully) use the same qt
version as the desktop environment at hand. LXQT should move to qt515,
and for the long term the correct qt version should be inherited by the
sddm module.
2020-10-30 20:37:59 +02:00
Doron Behar
e681f442c9
nixos/plasma: Fix attribute path to kinit
2020-10-30 20:37:58 +02:00
Graham Christensen
c851030763
amazon-image: random.trust_cpu=on to cut 10s from boot
...
Ubuntu and other distros already have this set via kernel config.
2020-10-30 13:45:19 -04:00
Graham Christensen
74a577b293
create-amis: improve wording around the service name's IAM role
...
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2020-10-30 12:40:17 -04:00
Graham Christensen
ece5c0f304
stage-1: modprobe ext{2,3,4} before resizing
...
I noticed booting a system with an ext4 root which expanded to 5T took
quite a long time (12 minutes in some cases, 43(!) in others.)
I changed stage-1 to run `resize2fs -d 62` for extra debug output and
timing information. It revealed the adjust_superblock step taking
almost all of the time:
[Fri Oct 30 11:10:15 UTC 2020] zero_high_bits_in_metadata: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
[Fri Oct 30 11:21:09 UTC 2020] adjust_superblock: Memory used: 396k/4556k (295k/102k), time: 654.21/ 0.59/ 5.13
but when I ran resize2fs on a disk with the identical content growing
to the identical target size, it would only take about 30 seconds. I
looked at what happened between those two steps in the fast case with
strace and found:
```
235 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1795}, ru_stime={tv_sec=0, tv_usec=3590}, ...}) = 0
236 write(1, "zero_high_bits_in_metadata: Memo"..., 84zero_high_bits_in_metadata: Memory used: 132k/0k (72k/61k), time: 0.00/ 0.00/ 0.00
237 ) = 84
238 gettimeofday({tv_sec=1604061278, tv_usec=480147}, NULL) = 0
239 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1802}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
240 gettimeofday({tv_sec=1604061278, tv_usec=480192}, NULL) = 0
241 mmap(NULL, 2564096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3c7355000
242 access("/sys/fs/ext4/features/lazy_itable_init", F_OK) = 0
243 brk(0xf85000) = 0xf85000
244 brk(0xfa6000) = 0xfa6000
245 gettimeofday({tv_sec=1604061278, tv_usec=538828}, NULL) = 0
246 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58720}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
247 write(1, "adjust_superblock: Memory used: "..., 79adjust_superblock: Memory used: 396k/2504k (305k/92k), time: 0.06/ 0.06/ 0.00
248 ) = 79
249 gettimeofday({tv_sec=1604061278, tv_usec=539119}, NULL) = 0
250 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58812}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
251 gettimeofday({tv_sec=1604061279, tv_usec=939}, NULL) = 0
252 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=520411}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
253 write(1, "fix_uninit_block_bitmaps 2: Memo"..., 88fix_uninit_block_bitmaps 2: Memory used: 396k/2504k (305k/92k), time: 0.46/ 0.46/ 0.00
254 ) = 88
```
In particular the access to /sys/fs seemed interesting. Looking
at the source of resize2fs:
```
[root@ip-172-31-22-182:~/e2fsprogs-1.45.5]# rg -B2 -A1 /sys/fs/ext4/features/lazy_itable_init .
./resize/resize2fs.c
923- if (getenv("RESIZE2FS_FORCE_LAZY_ITABLE_INIT") ||
924- (!getenv("RESIZE2FS_FORCE_ITABLE_INIT") &&
925: access("/sys/fs/ext4/features/lazy_itable_init", F_OK) == 0))
926- lazy_itable_init = 1;
```
I confirmed /sys is mounted, and then found a bug suggesting the
ext4 module is maybe not loaded:
https://bugzilla.redhat.com/show_bug.cgi?id=1071909
My home server doesn't have ext4 loaded and had 3T to play with, so
I tried (and succeeded with) replicating the issue locally:
```
[root@kif:/scratch]# lsmod | grep -i ext
[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4
[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 560a4a8f-93dc-40cc-97a5-f10049bf801f
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
real 0m2.261s
user 0m0.000s
sys 0m0.025s
[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4
[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3802.28MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
```
here it got stuck for quite some time ... straceing this 20 minutes in revealed this in a tight loop:
```
getuid() = 0
geteuid() = 0
getgid() = 0
getegid() = 0
prctl(PR_GET_DUMPABLE) = 1 (SUID_DUMP_USER)
fallocate(3, FALLOC_FL_ZERO_RANGE, 2222649901056, 2097152) = 0
fsync(3) = 0
```
it finally ended 43(!) minutes later:
```
adjust_superblock: Memory used: 264k/3592k (210k/55k), time: 2554.03/ 0.16/15.07
fix_uninit_block_bitmaps 2: Memory used: 264k/3592k (210k/55k), time: 0.16/ 0.16/ 0.00
blocks_to_move: Memory used: 264k/3592k (211k/54k), time: 0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time: 0.05/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 18.68MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.35/16.35/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time: 0.04/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 22.80MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time: 0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 2570.90/16.68/15.07
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.00MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.
real 43m1.943s
user 0m16.761s
sys 0m15.069s
```
I then cleaned up and recreated the zvol, loaded the ext4 module, created the ext4 fs,
resized the volume, and resize2fs'd and it went quite quickly:
```
[root@kif:/scratch]# zfs destroy rpool/scratch/ext4
[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4
[root@kif:/scratch]# modprobe ext4
[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 5b415f2f-a8c4-4ba0-ac1d-78860de77610
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
real 0m1.013s
user 0m0.001s
sys 0m0.023s
[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4
[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3389.83MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
adjust_superblock: Memory used: 264k/1540k (210k/55k), time: 0.02/ 0.02/ 0.00
fix_uninit_block_bitmaps 2: Memory used: 264k/1540k (210k/55k), time: 0.15/ 0.15/ 0.00
blocks_to_move: Memory used: 264k/1540k (211k/54k), time: 0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time: 0.01/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 157.11MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.20/16.20/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time: 0.00/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 5319.15MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time: 0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 16.45/16.38/ 0.00
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.06MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.
real 0m17.908s
user 0m16.386s
sys 0m0.079s
```
Success!
2020-10-30 12:18:23 -04:00
Graham Christensen
a179781696
stage-1: add datestamps to logs
...
When the stage-1 logs get imported in to the journal, they all get
loaded with the same timestamp. This makes it difficult to identify
what might be taking a long time in early boot.
2020-10-30 12:16:35 -04:00
Graham Christensen
2bf1fc0345
create-amis: allow customizing the service role name
...
The complete setup on the AWS end can be configured
with the following Terraform configuration. It generates
a ./credentials.sh which I just copy/pasted in to the
create-amis.sh script near the top. Note: the entire stack
of users and bucket can be destroyed at the end of the
import.
variable "region" {
type = string
}
variable "availability_zone" {
type = string
}
provider "aws" {
region = var.region
}
resource "aws_s3_bucket" "nixos-amis" {
bucket_prefix = "nixos-amis-"
lifecycle_rule {
enabled = true
abort_incomplete_multipart_upload_days = 1
expiration {
days = 7
}
}
}
resource "local_file" "credential-file" {
file_permission = "0700"
filename = "${path.module}/credentials.sh"
sensitive_content = <<SCRIPT
export service_role_name="${aws_iam_role.vmimport.name}"
export bucket="${aws_s3_bucket.nixos-amis.bucket}"
export AWS_ACCESS_KEY_ID="${aws_iam_access_key.uploader.id}"
export AWS_SECRET_ACCESS_KEY="${aws_iam_access_key.uploader.secret}"
SCRIPT
}
# The following resources are for the *uploader*
resource "aws_iam_user" "uploader" {
name = "nixos-amis-uploader"
}
resource "aws_iam_access_key" "uploader" {
user = aws_iam_user.uploader.name
}
resource "aws_iam_user_policy" "upload-to-nixos-amis" {
user = aws_iam_user.uploader.name
policy = data.aws_iam_policy_document.upload-policy-document.json
}
data "aws_iam_policy_document" "upload-policy-document" {
statement {
effect = "Allow"
actions = [
"s3:ListBucket",
"s3:GetBucketLocation",
]
resources = [
aws_s3_bucket.nixos-amis.arn
]
}
statement {
effect = "Allow"
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
]
resources = [
"${aws_s3_bucket.nixos-amis.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ec2:ImportSnapshot",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeImportSnapshotTasks",
"ec2:RegisterImage",
"ec2:DescribeImages"
]
resources = [
"*"
]
}
}
# The following resources are for the *vmimport service user*
# See: https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role
resource "aws_iam_role" "vmimport" {
assume_role_policy = data.aws_iam_policy_document.vmimport-trust.json
}
resource "aws_iam_role_policy" "vmimport-access" {
role = aws_iam_role.vmimport.id
policy = data.aws_iam_policy_document.vmimport-access.json
}
data "aws_iam_policy_document" "vmimport-access" {
statement {
effect = "Allow"
actions = [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.nixos-amis.arn,
"${aws_s3_bucket.nixos-amis.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
]
resources = [
"*"
]
}
}
data "aws_iam_policy_document" "vmimport-trust" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = [ "vmie.amazonaws.com" ]
}
actions = [
"sts:AssumeRole"
]
condition {
test = "StringEquals"
variable = "sts:ExternalId"
values = [ "vmimport" ]
}
}
}
2020-10-30 12:12:08 -04:00
Graham Christensen
e253de8a77
create-amis.sh: log the full response if describing the import snapshot tasks fails
2020-10-30 12:08:01 -04:00
Graham Christensen
f92a883ddb
nixos ec2/create-amis.sh: shellcheck: $ is not needed in arithmetic
2020-10-30 12:08:01 -04:00
Graham Christensen
7dac8470cf
nixos ec2/create-amis.sh: shellcheck: explicitly make the additions to block_device_mappings single strings
2020-10-30 12:08:00 -04:00
Graham Christensen
a66a22ca54
nixos ec2/create-amis.sh: shellcheck: read without -r mangles backslashes
2020-10-30 12:08:00 -04:00
Graham Christensen
baf7ed3f24
nixos ec2/create-amis.sh: shellcheck: SC2155: Declare and assign separately to avoid masking return values.
2020-10-30 12:07:59 -04:00
Graham Christensen
f5994c208d
nixos ec2/create-amis.sh: shellcheck: quote state_dir reference
2020-10-30 12:07:59 -04:00
Graham Christensen
c76692192a
nixos ec2/create-amis.sh: shellcheck: quote region references
2020-10-30 12:07:49 -04:00
Timo Kaufmann
83f48e8348
Merge pull request #95011 from Atemu/undervolt-pl
...
undervolt: expose power limits as Nixopts
2020-10-30 09:32:50 +01:00
Michele Guerini Rocco
1102a46ffe
Merge pull request #101724 from pickfire/patch-3
...
fontdir: add ttc to font regex
2020-10-30 08:41:34 +01:00
Benjamin Hipple
e00752079e
Merge pull request #102018 from 1000101/blockbook-frontend
...
blockbook-frontend: fix&update extraConfig example
2020-10-29 22:30:07 -04:00
Florian Klink
b8d59e93c8
nixos/networkd: allow RouteMetric= in [DHCPv6] section
2020-10-29 19:47:42 +01:00
talyz
89e83833af
nixos/keycloak: Add support for MySQL and external DBs with SSL
...
- Add support for using MySQL as an option to PostgreSQL.
- Enable connecting to external DBs with SSL
- Add a database port config option
2020-10-29 12:47:10 +01:00
talyz
d1d3c86c70
rl-2103: Note the addition of the Keycloak service
2020-10-29 12:08:06 +01:00
talyz
c6e4388449
nixos/keycloak: Add documentation
2020-10-29 12:08:01 +01:00
talyz
fe5a16aee6
nixos/keycloak: Document internal functions
2020-10-29 12:07:55 +01:00
talyz
31fe90d6ef
nixos/keycloak: Add test
2020-10-29 12:07:49 +01:00
1000101
4b8611c959
blockbook-frontend: fix&update extraConfig example
2020-10-29 11:41:41 +01:00
Philipp
fc856b89e5
nixos/murmur: add murmur group, don't run as nogroup
...
fixes #101980
2020-10-29 10:32:04 +01:00
Martin Weinelt
55746e0a4b
Merge pull request #98187 from mweinelt/nixos/babeld
...
nixos/babeld: lock down service
2020-10-29 01:24:11 +01:00
Minijackson
3fce272478
nixos/shiori: harden service with systemd
2020-10-28 20:46:30 +01:00
Maximilian Bosch
ca45bb574d
nixos/rl-2009: minor typo fix
2020-10-28 19:38:28 +01:00
Thomas Depierre
63caecee7d
riak-cs: delete
2020-10-28 19:31:33 +01:00
Vladimír Čunát
0b32140b34
Merge branch 'staging-next' into staging
2020-10-28 18:48:56 +01:00
Linus Heckemann
2b06415ca1
Merge pull request #101370 from m1cr0man/ssl-test-certs
...
nixos/acme: Permissions and tests fixes
2020-10-28 17:21:57 +01:00
Andreas Rammhold
db0fe5c3eb
Merge branch master into staging to fix eval error
...
This fixes the eval error of the small (and "big"?) NixOS test set that
was fixed in 1088f05
& eba8f542
.
2020-10-28 03:03:27 +01:00
Andreas Rammhold
c127653b72
Merge pull request #101887 from jonringer/minor-release-notes-adjustment
...
nixos/docs/rl-2009.xml: grafana: description, example agreement
2020-10-28 02:38:55 +01:00
Jonathan Ringer
3963954fc8
nixos/docs/rl-2009.xml: grafana: description, example agreement
2020-10-27 17:50:39 -07:00
Markus S. Wamser
a0cc1243cc
doc: 20.09 release notes: remove duplicate service list entry
...
opt-services.foldingathome.enable was listed twice
2020-10-27 13:43:44 -07:00
davidak
4166a767de
doc: improve 20.09 release notes
2020-10-27 21:11:22 +01:00
talyz
513599a6d7
nixos/keycloak: Init
2020-10-27 19:01:26 +01:00
AmineChikhaoui
8cae6703ef
ec2-amis: add stable NixOS 20.09 AMIs
...
Fixes #101694
2020-10-27 08:52:15 -04:00
WORLDofPEACE
5a08ab936b
rl-2009: release on a Tuesday
...
Because hydra took it's good old time
2020-10-27 03:03:43 -04:00
Ryan Mulligan
178d373a8a
Merge pull request #83687 from primeos/wshowkeys
...
wshowkeys: init at 2020-03-29
2020-10-26 18:55:16 -07:00
WORLDofPEACE
d1b239703c
Merge pull request #101811 from jonringer/rl-2009-contributions
...
release-notes-2009: add contributions section
2020-10-26 21:49:20 -04:00
Jonathan Ringer
51ca426eb5
release-notes-2009: add contributions section
2020-10-26 18:36:12 -07:00
Andreas Rammhold
1dc37370c4
Merge pull request #101805 from andir/unbreak-tarball-job
...
nixos/tests: fix wrong inherit that passes on the nodes attrs
2020-10-27 01:29:36 +01:00
Jonathan Ringer
366bebd53a
README.md: update stable release links
2020-10-26 20:10:29 -04:00
Andreas Rammhold
eba8f5425f
nixos/tests: fix wrong inherit that passes on the nodes attrs
...
The hydra tarball step would fail due to the nodes attribute not being
properly inherited. Since we can't execute all the tests and release
steps locally anymore (thanks to the JSONification and faster hydra
eval) these errors will probably keep in appearing.
This is hopefully the last of those introduced by me test runner
refactoring.
Error was seen on hydra (https://hydra.nixos.org/build/129282411 ):
> unpacking sources
> unpacking source archive /nix/store/bp95x52h6nv3j8apxrryyj2rviw682k1-source
> source root is source
> patching sources
> autoconfPhase
> No bootstrap, bootstrap.sh, configure.in or configure.ac. Assuming this is not an GNU Autotools package.
> configuring
> release name is nixpkgs-21.03pre249116.1088f059401
> git-revision is 1088f05940
> building
> no Makefile, doing nothing
> running tests
> warning: you did not specify '--add-root'; the result might be removed by the garbage collector
> warning: you did not specify '--add-root'; the result might be removed by the garbage collector
> checking Nixpkgs on i686-linux
> checking Nixpkgs on x86_64-linux
> checking Nixpkgs on x86_64-darwin
> checking eval-release.nix
> trace: `mkStrict' is obsolete; use `mkOverride 0' instead.
> trace: `lib.nixpkgsVersion` is deprecated, use `lib.version` instead!
> trace: warning: lib.readPathsFromFile is deprecated, use a list instead
> trace: Warning: `showVal` is deprecated and will be removed in the next release, please use `traceSeqN`
> trace: lib.zip is deprecated, use lib.zipAttrsWith instead
> checking find-tarballs.nix
> trace: `mkStrict' is obsolete; use `mkOverride 0' instead.
> trace: `lib.nixpkgsVersion` is deprecated, use `lib.version` instead!
> trace: warning: lib.readPathsFromFile is deprecated, use a list instead
> trace: Warning: `showVal` is deprecated and will be removed in the next release, please use `traceSeqN`
> trace: lib.zip is deprecated, use lib.zipAttrsWith instead
> error: while evaluating anonymous function at /build/source/maintainers/scripts/find-tarballs.nix:6:1, called from undefined position:
> while evaluating 'operator' at /build/source/maintainers/scripts/find-tarballs.nix:27:16, called from undefined position:
> while evaluating 'immediateDependenciesOf' at /build/source/maintainers/scripts/find-tarballs.nix:39:29, called from /build/source/maintainers/scripts/find-tarballs.nix:27:44:
> while evaluating anonymous function at /build/source/lib/attrsets.nix:234:10, called from undefined position:
> while evaluating anonymous function at /build/source/maintainers/scripts/find-tarballs.nix:40:37, called from /build/source/lib/attrsets.nix:234:16:
> while evaluating 'derivationsIn' at /build/source/maintainers/scripts/find-tarballs.nix:42:19, called from /build/source/maintainers/scripts/find-tarballs.nix:40:40:
> while evaluating 'canEval' at /build/source/maintainers/scripts/find-tarballs.nix:48:13, called from /build/source/maintainers/scripts/find-tarballs.nix:43:9:
> while evaluating the attribute 'nodes' at /build/source/nixos/lib/testing-python.nix:195:23:
> attribute 'nodes' missing, at /build/source/nixos/lib/testing-python.nix:193:16
> build time elapsed: 0m0.122s 0m0.043s 17m51.526s 0m56.668s
> builder for '/nix/store/96rk3c74vrk6m3snm7n6jhis3j640pn4-nixpkgs-tarball-21.03pre249116.1088f059401.drv' failed with exit code 1
2020-10-27 00:10:31 +01:00
Tim Steinbach
c851af868f
docker-edge: Fix test
2020-10-26 16:25:37 -04:00
WORLDofPEACE
ace69f768b
Revert "nixos/pantheon: install nixos wallpaper"
...
This reverts commit 5100e4f250
.
Fixes https://github.com/NixOS/nixpkgs/issues/100293
Though it's only a workaround for now.
See https://github.com/elementary/switchboard-plug-pantheon-shell/issues/246#issuecomment-716713218
We trigger the broken scenario where we have two subdirectories. Reverting
that commit undoes this.
2020-10-26 13:45:19 -04:00
Nick Hu
921287e7f0
Merge pull request #97726 from NickHu/pam_gnupg
...
pam: add support for pam_gnupg
2020-10-26 15:27:13 +00:00
Andreas Rammhold
1088f05940
Merge pull request #101598 from andir/nixos-build-vms-qemu
...
nixos/tests: follow-up to the closure reduction PR
2020-10-26 14:19:45 +01:00
rnhmjoj
bc35565463
nixos/activation-script: make scripts well-typed
2020-10-26 13:33:12 +01:00
rnhmjoj
9e04bba0af
nixos/dnscrypt-wrapper: fix key rotation script
...
Fix an error in the validation code when the public key is in a
nonstandard location. The check command fails and the key is
incorrectly assumed to be expiring.
2020-10-26 13:07:49 +01:00
Jörg Thalheim
dfaa313d43
Merge pull request #101737 from aneeshusa/nginx-allow-unsetting-ssl_ciphers
...
nixos/nginx: Allow unsetting ssl_ciphers
2020-10-26 06:41:19 +01:00
Aneesh Agrawal
924035bb97
nixos/nginx: Allow unsetting ssl_ciphers
...
When using the Modern config from the Mozilla SSL config generator,
the `ssl_ciphers` parameter does not need to be set
as only TLSv1.3 is permitted and all of its ciphers are reasonable.
2020-10-26 00:35:29 -04:00
Jörg Thalheim
b7a2a5f967
nixos/nextcloud: fix several php endpoints
2020-10-26 05:06:43 +01:00
Klemens Nanni
0b8a6e787c
nixos/avahi: Enable IPv6 by default
...
Treat it the same as IPv4 (I'm tempted to disable IPv4 by default);
this is the only option I still need to set manually to enjoy IPv6-only
networks including printer discovery!
2020-10-26 04:06:26 +01:00
Ivan Tham
f6136d06ff
fontdir: add ttc to font regex
...
.ttc fonts are used by noto-fonts-cjk
2020-10-26 10:45:22 +08:00
Klemens Nanni
3216b85713
nixos/system-path: Add mkpasswd(1)
...
Generating password hashes, e.g. when adding new users to the system
configuration, should work out-of-the-box and offline.
2020-10-26 03:40:11 +01:00
Jonathan Ringer
37236c2a23
nixos/doc/rl-20.09: normalize highlights, reorder entries
2020-10-25 17:40:47 -07:00
WORLDofPEACE
4d71306596
Merge pull request #101516 from worldofpeace/gnome-polishing
...
GNOME polishing from Q.A findings
2020-10-25 18:41:34 -04:00
Andreas Rammhold
d4fb7daafd
nixos-build-vms: use the driverInteractive attribute instead
...
This reverts commit aab534b894
& uses the
driverInteractive attribute for the test driver instead.
This has the same effect but removes the extra module in the
nixos-build-vms code.
2020-10-25 20:14:53 +01:00
Andreas Rammhold
73635b859d
nixos/tests: fix runInMachine
...
In 5500dc8
we introduced the --keep-vm-state flag and defaulted to that
flag not being set. This lead to the `runInMachine` tests not longer
working and that going unnoticed for quite some time now.
2020-10-25 20:09:33 +01:00
Andreas Rammhold
fa25d84d13
nixos/tests: fix testDriver reference in runInMachine function
...
In a previous commit I broke this as there is no longer one testDriver
but only a function to generate one based on some QEMU inputs.
2020-10-25 20:09:33 +01:00
Andreas Rammhold
61b09f552c
nixos/tests: format the testing-python.nix file more consistenly
2020-10-25 20:09:33 +01:00
Andreas Rammhold
04100cd281
nixos/tests: restructure test driver so that QEMU is actually overriden
...
Previously you would be able to override only the QEMU package to be
used in the test runner. Frankly that doesn't help a lot if you are
trying to get a graphical session. The graphical session requires the
option in the NixOS module system to bet set to the correct QEMU
package.
In this commit I moved most of the test node configuration and
transformations into the `mkDriver` function (previously called
`driver`). The motivation was to be able to create a `driver` instance
with a given QEMU package that will be used consistently througout the
test expression.
2020-10-25 20:09:33 +01:00
Maximilian Bosch
a3041ab124
Merge pull request #101645 from andir/qemu-tests-fixup
...
nixos/tests: only apply qemu parameters if the options are defined
2020-10-25 19:25:50 +01:00
Konrad Borowski
254d30d4c9
test-driver.py: remove bufsize=1 from Popen calls
...
According to Python documentation [0], `bufsize=1` is only meaningful in
text mode. As we don't pass in an argument called `universal_newlines`,
`encoding`, `errors` or `text` the file objects aren't opened in text
mode, which means the argument is ignored with a warning in Python 3.8.
line buffering (buffering=1) isn't supported in binary mode,
the default buffer size will be used
This commit removes this warning that appared when using
interactive test driver built with `-A driver`. This is done by
removing `bufsize=1` from Popen calls.
The default parameter when unspecified for `bufsize` is `-1` which
according to the documentation will be interpreted as
`io.DEFAULT_BUFFER_SIZE`. As mentioned by a warning, Python already
uses default buffer size when providing `buffering=1` parameter for
file objects not opened in text mode.
[0]: https://docs.python.org/3/library/subprocess.html#subprocess.Popen
2020-10-25 16:22:07 +01:00
Benjamin Hipple
f98312fcb5
Merge pull request #79759 from lopsided98/syncoid-no-root
...
nixos/syncoid: automatically setup privilege delegation
2020-10-25 10:40:33 -04:00
Andreas Rammhold
f4d7493162
nixos/tests: only apply qemu parameters if the options are defined
...
This fixes an eval error that occurred on hydra with the small channel
and the `nixos.tests.boot.biosCdrom.x86_64-linux` attribute:
> $ nix-instantiate nixos/release-small.nix -A nixos.tests.boot.biosCdrom.x86_64-linux
> warning: unknown setting 'experimental-features'
> error: The option `virtualisation.qemu' does not exist. Definition values:
> - In `/home/andi/dev/nixos/nixpkgs/nixos/modules/testing/test-instrumentation.nix':
> {
> consoles = [ ];
> package = {
> _type = "override";
> content = <derivation /nix/store/q72h2cdcb9zjgiay5gdgzwddjkbjr7xq-qemu-host-cpu-only-for-vm-tests-5.1.0.drv>;
> ...
> (use '--show-trace' to show detailed location information)
In bc2188b
we changed test test-instrumentation to also set the QEMU
package that is being used. That change unfortunately caused us to
always assing values to the virtualisation.qemu.package option even when
the option is not defined. The original code was explicitly testing for
the consoles case but the then newly extended version did not adjust the
check as the intention was probably not clear.
With this commit we are always ensuring the entire virtualisation.qemu
section exists and can thus drop the individual tests for each of the
sections since the QEMU module always defines both the package and the
consoles option when it's root is defined..
2020-10-25 13:42:01 +01:00
Scott Worley
f99b6369b1
nixos/tests/hadoop: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
c25ccf6b4b
nixos/tests/docker-tools: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
f6ecfdac39
nixos/tests/bitcoind: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
0812bb843d
nixos/tests/corerad: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
ad96a2e52b
nixos/tests/cfssl: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
8adaa71b52
nixos/tests/caddy: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
ecbd2a8bc1
nixos/tests/cadvisor: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
eff7338d98
nixos/tests/convos: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
1abfb504b1
nixos/tests/hitch: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
19034ed7a4
nixos/tests/metabase: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
d16e547f2e
nixos/tests/wordpress: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
6e46a88dfb
nixos/tests/unit-php: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
726950775d
nixos/tests/sympa: Use curl --fail
2020-10-25 11:01:31 +01:00
Scott Worley
238dbb4517
nixos/tests/limesurvey: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
1d5130a97f
nixos/tests/leaps: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
22f52cdb79
nixos/tests/osrm-backend: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
1332215d59
nixos/tests/php: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
8bf2635afc
nixos/tests/oci-containers: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
7b51945dcb
nixos/tests/trickster: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
ebeb8d7287
nixos/tests/sslh: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
8a9554bf9b
nixos/tests/service-runner: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
a6a9e3188d
nixos/tests/spacecookie: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
1959ab707c
nixos/tests/victoriametrics: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
c69d4eda3d
nixos/tests/uwsgi: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
ba0eda6cc5
nixos/tests/trezord: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
47fd1c5356
nixos/tests/morty: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
4fc64f27c7
nixos/tests/paperless: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
bbd1f02b16
nixos/tests/hound: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
bc4f47c19a
nixos/tests/go-neb: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
d58ef9d20b
nixos/tests/peerflix: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
7fbe33fde3
nixos/tests/nzbget: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
e9c61e813a
nixos/tests/mailcatcher: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
e90e600ebb
nixos/tests/upnp: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
416d9af81b
nixos/tests/neo4j: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
6cd28e4f07
nixos/tests/mediawiki: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
0cb41a253f
nixos/tests/trac: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
5e6dfb17f9
nixos/tests/haproxy: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
d2eec4bb11
nixos/tests/prometheus: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
a91aa489a6
nixos/tests/matrix-synapse: Use curl --fail
2020-10-25 11:01:30 +01:00
Scott Worley
3313487997
nixos/tests/syncthing: Use curl --fail
2020-10-25 11:01:29 +01:00
Felix Tenley
542f75079b
nixos/mosquitto: add passwordFile and hashedPasswordFile options
2020-10-25 10:53:38 +01:00
Vladimír Čunát
2f6b00b15e
Merge branch 'staging-next' into staging
2020-10-25 09:47:04 +01:00
Gabriel Ebner
a8a018ddc0
Merge pull request #101409 from rycee/dbus-warning
2020-10-25 09:16:28 +01:00
Aaron Andersen
a160fa008d
Merge pull request #100063 from aanderse/nixos/powerdns
...
nixos/powerdns: use upstream systemd unit
2020-10-24 18:47:43 -04:00
Andreas Rammhold
250fb4611f
Merge pull request #100456 from maralorn/boolToString
...
treewide: De-inline uses of lib.boolToString
2020-10-25 00:45:11 +02:00
Robert Helgesson
94819fdb5f
nixos/dbus: re-add a dummy socketActivated option
...
If set, then issue a warning instead of an error as previously.
2020-10-24 23:01:00 +02:00
rnhmjoj
d5d6f619d4
nixosTests.powerdns: test a complete setup
...
The test now check the following things:
- Configuring a MySQL server to hold the records
- Loading the PowerDNS schema from file
- Adding records through pdnsutil
2020-10-24 16:41:34 -04:00
Aaron Andersen
6393835b8d
nixos/powerdns: update release notes
2020-10-24 16:41:32 -04:00
Aaron Andersen
4f5d3794d3
nixos/powerdns: use upstream systemd unit
2020-10-24 16:40:20 -04:00
WORLDofPEACE
6bc94d149b
Merge pull request #101563 from worldofpeace/fix-pantheon-greeter-brightness
...
nixos/lightdm: make lightdm user shell bash
2020-10-24 11:56:34 -04:00
WORLDofPEACE
ef803ab1bb
Merge pull request #100199 from worldofpeace/seeded-config
...
nixos/tools: add desktopConfiguration option (to seed configuration into configuration.nix)
2020-10-24 11:35:33 -04:00
WORLDofPEACE
c134f6443a
nixos/lightdm: make lightdm user shell bash
...
In https://github.com/NixOS/nixpkgs/issues/100119 pantheon's greeter
has g-s-d running which allows brightness controls via pkexec.
This is changed in newer versions of g-s-d (pantheon uses a fork currently),
but whenever brightness is changed with a shell of `shadow` we get
```
Oct 10 23:51:44 kirXps pkexec[18722]: lightdm: Executing command [USER=root] [TTY=unknown] [CWD=/var/lib/lightdm] [COMMAND=/run/current-system/sw/bin/elementary-settings-daemon/gsd-backlight-helper /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1/intel_backlight 65587]
```
I'm not sure this should be strictly needed, so we should try to
revert later on when pantheon's g-s-d is updated.
2020-10-24 11:28:18 -04:00
WORLDofPEACE
39d1599767
installation-cd-graphical-gnome: add firefox to favorite-apps
2020-10-24 11:14:44 -04:00
WORLDofPEACE
7df6af303e
nixos/gnome3: add gnome-calendar to favorites
2020-10-24 11:14:41 -04:00
WORLDofPEACE
9cee7772e6
nixos/gnome3: add favoriteAppsOverride option
...
Rather messy and only needed for the installation cd, so it's
an internal option.
2020-10-24 11:14:22 -04:00
WORLDofPEACE
d89deddd5d
nixos/flatpak: introduce guiPackages
...
This adds basically an indirection to systemPackages
to automatically install an interface for flatpak for their respective
environments. e.g if I enable pantheon and flatpak you'll get appcenter,
and on gnome you'll see gnome-software.
https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
2020-10-24 11:14:02 -04:00
WORLDofPEACE
b1587f9e19
nixos/gnome3: don't ship gnome-software
...
This serves no purpose without flatpak https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
2020-10-24 11:14:01 -04:00
Maximilian Bosch
48612c79b1
Merge pull request #101473 from Ma27/nixos-build-vms-qemu
...
nixos/nixos-build-vms: use `pkgs.qemu` for virtualisation
2020-10-24 14:43:52 +02:00
Fabian Möller
253954232e
nixosTests.ferm: fix network timeout
...
The subtests could start before the server has configured it's IP
addresses and therefore timeout.
2020-10-23 18:12:45 -07:00
Fabian Möller
e83bd25aec
nixosTests.certmgr: fix systemd test
...
Nginx fails to start, because it can't read the certificate file. This
happens because PrivateTmp is set for the service, which makes the
system wide /tmp inaccessible.
2020-10-23 18:09:50 -07:00
WORLDofPEACE
70dc25abd9
nixos/gnome3: don't put epiphany in favorite apps
2020-10-23 20:20:07 -04:00
Jan Tojnar
61afd7f80e
tracker_2: drop
...
It does not seem to work and only semi-broken apps like Books and Documents depend on it.
2020-10-24 01:18:49 +02:00
Jan Tojnar
4dd2437068
gnome-photos: use Tracker 3
2020-10-24 01:18:48 +02:00
Jan Tojnar
20e21721c8
gnome3: do not use alias for gnome-photos
2020-10-24 01:18:48 +02:00
Jan Tojnar
87e3d553cf
gnome-photos: 3.37.2 → 3.38.0
...
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.37/gnome-photos-3.37.91.news
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.37/gnome-photos-3.37.91.1.news
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.38/gnome-photos-3.38.0.news
2020-10-24 01:18:48 +02:00
Jan Tojnar
ea1923841a
nixos/gnome3: re-add tracker 2 dbus services
...
They are still needed by Photos, Books and Documents.
2020-10-24 01:18:48 +02:00
Jan Tojnar
346e1f020e
release-notes: Mention GNOME 3.38
2020-10-24 01:18:46 +02:00
Jan Tojnar
0703985bef
gnomeExtensions.gsconnect: 41 → 43
...
https://github.com/andyholmes/gnome-shell-extension-gsconnect/releases/tag/v42
https://github.com/andyholmes/gnome-shell-extension-gsconnect/releases/tag/v43
- Added installed tests.
- Corrected license.
2020-10-24 01:18:44 +02:00
Jan Tojnar
d1eeb643e2
gnome3.mutter: 3.38.0 → 3.38.1
...
https://ftp.gnome.org/pub/GNOME/sources/mutter/3.38/mutter-3.38.1.news
It requires some udev rules on some devices.
2020-10-24 01:18:01 +02:00
WORLDofPEACE
e1317b8b7b
nixos/telepathy: add sessionPath
2020-10-24 01:17:29 +02:00
WORLDofPEACE
9c9e519318
nixos/gnome3: add core-developer-tools
...
See these issues/PRs in gnome-build-meta:
https://gitlab.gnome.org/GNOME/gnome-build-meta/-/merge_requests/588
https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/143
I'm unsure if devhelp gets API docs in a straightforward way in NixOS.
2020-10-24 01:17:29 +02:00
WORLDofPEACE
11d6c2fb35
nixos/gnome3: long lists
2020-10-24 01:17:28 +02:00
WORLDofPEACE
cd48c50e35
nixos/gnome3: update links
2020-10-24 01:17:28 +02:00
WORLDofPEACE
0b767c8b3d
nixos/gnome3: add gnome-connections to core-utilities
...
When we redid the default apps we didn't add gnome-boxes for
rdp/vnc. (plus it doesn't really work well in nixos). With gnome-connections
we can now have this functionality, as file sharing is a default function
in g-c-c Sharing.
2020-10-24 01:17:27 +02:00
Piotr Bogdan
f1f85419d2
nixos/gdm: add gdm to systemd.packages
...
GDM now provides gnome-session@gnome-login.target.d/session.conf though I'm not even sure if it's needed.
2020-10-24 01:15:14 +02:00
Doron Behar
c90450014f
Merge pull request #101480 from Flakebi/salt
2020-10-24 01:31:41 +03:00
Jan Tojnar
3a73543401
Merge pull request #93725 from nglen/pipewire
2020-10-24 00:05:33 +02:00
WilliButz
993437d0d6
Merge pull request #96511 from Zopieux/rtl_433_prom
...
Add rtl_433 Prometheus exporter
2020-10-23 23:24:38 +02:00
Nathaniel Glen
57510bf522
pipewire: cleanup path testing
2020-10-23 16:35:48 -04:00
Alexandre Macabies
121bc17ab9
nixos/prometheus-rtl_433-exporter: new module
2020-10-23 20:33:42 +02:00
Nathaniel Glen
f6745d06f5
nixos/pipewire: cleanup module
2020-10-23 13:51:41 -04:00
Flakebi
e0ea4826f4
salt: remove aneeshusa and add Flakebi as maintainer
2020-10-23 19:48:48 +02:00
Doron Behar
649a0560e0
Merge pull request #101364 from doronbehar/doc/nixos/manual-contrib
...
nixos/doc: Mention how to contribute to it
2020-10-23 19:48:56 +03:00
WORLDofPEACE
b44e32988c
Merge pull request #101274 from worldofpeace/gnome-logout-button
...
nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS
2020-10-23 11:46:46 -04:00
Maximilian Bosch
aab534b894
nixos/nixos-build-vms: use pkgs.qemu
for virtualisation
...
When I test a change e.g. in the module system manually, I usually use
`nixos-build-vms(8)` which also gives me a QEMU window where I can play
around in the freshly built VM.
It seems as this has changed recently when the default package for
non-interactive VM tests using the same framework was switched to
`pkgs.qemu_test` to reduce the closure size. While this is a reasonable
decision for our CI tests, I think that you really want a QEMU window of
the VM by default when using `nixos-build-vms(8)`.
[1] bc2188b083
2020-10-23 17:37:57 +02:00
Anton Plotnikov
1321ae850c
fido2luks: 0.2.3 -> 0.2.15
...
Also remove interactive flag from initrd, because of broken io.
2020-10-23 11:03:31 +03:00
Joe Edmonds
1d420c8115
nixos/ssmtp: minor typo fix
2020-10-22 09:34:21 -07:00
Doron Behar
7fb1e3af77
nixos/doc: Mention how to contribute to it
...
Instead of putting a README in the directory where the manual is
written, put the information from it straight in the docs themselves.
It's a bit untrivial to guess the manual is located exactly there for
contributers.
2020-10-22 17:40:48 +03:00
Lucas Savva
dad06fb922
nixos/tests/acme: Hard code test certificates
...
The added README.md explains why this has been done.
2020-10-22 14:06:19 +01:00
Lucas Savva
89d134b3fd
nixos/acme: Use more secure chmods
...
Previous settings would make files executable in
the certs directories.
2020-10-22 14:04:31 +01:00
Eelco Dolstra
d28565a1c6
nix: 2.3.7 -> 2.3.8
2020-10-22 14:47:55 +02:00
Maximilian Bosch
98170761a8
Merge pull request #101222 from omasanori/ssh-kex
...
nixos/sshd: update kexAlgorithms, fix links
2020-10-22 13:27:47 +02:00
Eelco Dolstra
05bdfd6f2f
Merge pull request #98973 from Ma27/bump-hydra
...
hydra-unstable: 2020-09-02 -> 2020-10-20
2020-10-22 12:01:13 +02:00
Andreas Rammhold
89351525fa
Merge pull request #101246 from rnhmjoj/vm-fix
...
nixos: fix qemu_test being used in normal VMs
2020-10-22 11:09:05 +02:00
symphorien
9e8eaea484
nixos/sslh: fix usage of the now removed ssl probe ( #101087 )
...
and document
2020-10-21 21:34:35 +02:00
WORLDofPEACE
755ba171c7
nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS
...
Fixes #100108
Alternative to https://github.com/NixOS/nixpkgs/pull/100112 which doesn't break stuff.
2020-10-21 14:39:39 -04:00
Maximilian Bosch
1308817e05
nixos/hydra: remove hydra-migration upgrade path
...
This should NOT be backported to 20.09!
When 21.03 is released, the DB changes are about a year old and
operators had two release cycles for the upgrade. At this point it
should be fair to remove the compat layer to reduce the complexity of
the module itself.
2020-10-21 18:03:04 +02:00
rnhmjoj
bc2188b083
nixos: fix qemu_test being used in normal VMs
...
This is an attempt to fixup PR #49403 .
2020-10-21 16:38:04 +02:00
Izorkin
d59bfded58
nixos/dhcpcd: if disabled IPv6 don't solicit or accept IPv6
2020-10-21 14:56:08 +03:00
Martin Weinelt
c821e0d4be
nixos/babeld: lock down service
...
→ Overall exposure level for babeld.service: 2.2 OK 🙂
2020-10-21 12:26:02 +02:00
Justin Lovinger
1168e13bb0
nixos/nfs: add idmapd.settings option
...
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2020-10-20 22:10:02 -04:00
Andreas Rammhold
f6cd17269e
Merge pull request #49403 from andir/qemu_test_reduce_closure
...
qemu_test: disable features that are not needed for tests (closure 641 -> 335.3M)
2020-10-21 00:41:01 +02:00
Masanori Ogino
8875db4976
nixos/sshd: update kexAlgorithms, fix links
...
The `curve25519-sha256` key exchange method is defined in RFC 8731 that
is identical to curve25519-sha256@libssh.org . OpenSSH supports the
method since version 7.4, released on 2016-12-19. It is literally a
violation of the "both in Secure Secure Shell and Mozilla guidelines"
rule, but it provides essentially the same but a future-proof default.
Also, links to the Mozilla OpenSSH guidelines are updated to refer to
the current place.
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
2020-10-21 07:39:50 +09:00
Florian Klink
6e5ccaa34f
Merge pull request #100657 from flokli/network-manager-sstp
...
networkmanager-sstp: init at unstable-2020-04-20, bump sstp from 1.0.12 to 1.0.13
2020-10-21 00:33:13 +02:00
Florian Klink
e992089137
nixos/no-x-libs: add networkmanager-sstp
2020-10-21 00:04:02 +02:00
Florian Klink
72cd3086cc
networkmanager-sstp: init at unstable-2020-04-20
2020-10-21 00:02:18 +02:00
Kevin Cox
e25cd7827e
Merge pull request #98176 from minijackson/jellyfin-systemd-security
...
nixos/jellyfin: add some systemd security options
2020-10-20 16:44:32 -04:00
Minijackson
4e51247318
nixos/jellyfin: add some systemd security options
2020-10-20 21:09:28 +02:00
aszlig
8ea168db1f
nixos/tests/avahi: Fix evaluation
...
In commit a61ca0373b
(#100267 ), the avahi
test expression got an additional attribute, but instead of wrapping the
function, the attributes were introduced by nesting the function one
level deeper.
To illustrate this:
Before: attrs: <testdrv>
After: newattrs: attrs: <testdrv>
So when instantiating tests.avahi.x86_64-linux from nixos/release.nix we
get "value is a function while a set was expected" instead of the
derivation.
I simply re-passed the attributes to make-test-python.nix, since the
function already allows (via "...") arbitrary attributes to be passed.
The reason why I'm pushing this directly to master is because evaluation
for the test is already broken and the worst that could happen here is
that things are *still* broken.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @doronbehar
2020-10-20 17:38:20 +02:00
midchildan
e2a3a02b9b
epgstation: 1.7.4 -> 1.7.5
2020-10-21 00:05:48 +09:00
midchildan
323b47d96e
epgstation: add updateScript
2020-10-20 23:18:03 +09:00
Joseph D. Long
a2ee5cbb05
nixos/vagrant-virtualbox-image: init ( #101120 )
...
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-10-20 11:09:46 +02:00
Jörg Thalheim
1a9e02dec6
Merge pull request #100554 from dnr/feature/pamMount
...
nixos/pam_mount: add pamMount attribute to users
2020-10-20 10:40:12 +02:00
Marc 'risson' Schmitt
9e6bede5ab
nixos/initrd-network: fix /etc/resolv.conf when multiple dns servers from DHCP
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2020-10-19 21:32:58 -07:00
Maximilian Bosch
6317616bee
Merge pull request #101061 from AluisioASG/aasg/doc-fix-20.09-relnote-itemization
...
nixos/doc: fix itemization in the 20.09 release notes
2020-10-19 22:26:35 +02:00
Jörg Thalheim
46bd18fff6
Merge pull request #99541 from acelpb/jenkins
...
nixos/jenkins: switch to openjdk11 as openjdk14 is not supported
2020-10-19 19:50:20 +02:00
Andreas Rammhold
8ed57ac916
nixos/tests: make sure we use the qemu_test package to provide the Guest Agent
...
This reduces the closure size for the minimal test by a lot since we no
longer have to build the regular QEMU for even the simplest test.
2020-10-19 18:03:01 +02:00
Andreas Rammhold
e127ba7873
nixos/qemu-guest-agent: make the QEMU guest agent package configurable
2020-10-19 17:58:10 +02:00
Andreas Rammhold
20893b3a70
nixos/tests: expose both the interactive and non-interactive driver
...
For a lot of the work the non-interactive drivers are enough and it is
probably a good idea to keep it accessible for debugging without
touching the Nix expression.
2020-10-19 17:39:48 +02:00
Andreas Rammhold
c096880d46
nixos/tests: make the driver
attribute use a rich qemu
...
Since we previously stripped down the features of `qemu_test` some of
the features users are used to while running tests through the (impure)
driver didn't work anymore. Most notably we lost support for graphical
output and audio. With this change the `driver` attribute uses are more
feature complete version of QEmu compared to the one used in the pure
Nix builds.
This gives us the best of both worlds. Users are able to see the
graphical windows of VMs while CI and regular nix builds do not have to
download all the (unnecessary) dependencies.
2020-10-19 17:39:48 +02:00
V
580f0faa75
nixos/caddy: remove services.caddy.agree
...
This option is no longer referenced anywhere as of #99371 .
2020-10-19 14:29:48 +02:00
Aluísio Augusto Silva Gonçalves
cba9843aa0
nixos/doc: fix itemization in the 20.09 release notes
2020-10-19 07:11:48 -03:00
Aaron Andersen
5265d49a36
Merge pull request #100892 from aanderse/pdns-recursor
...
nixos/pdns-recursor: use upstream systemd unit
2020-10-18 20:13:06 -04:00
Jonathan Ringer
5e67d80a8b
nixos/nvidia: fix optionals usage
2020-10-18 11:47:34 -07:00
Edmund Wu
2e67196d79
nixos/nvidia: decouple nvidia_x11.persistenced
2020-10-18 11:24:20 -07:00
Martin Weinelt
4baba17252
Merge pull request #100708 from fooker/nginx-encoding
...
nixos/nginx: Do not remove headers while proxying
2020-10-18 15:52:50 +02:00
Aaron Andersen
dc790c104c
nixos/pdns-recursor: add release notes
2020-10-18 08:26:35 -04:00
Aaron Andersen
6c39180b37
nixos/pdns-recursor: declare module user as system user
2020-10-18 08:15:29 -04:00
Aaron Andersen
1627bef9c1
nixos/pdns-recursor: use upstream systemd unit
2020-10-18 08:15:29 -04:00
Michael Weiss
7c676c6429
wshowkeys: init at 2019-09-26
2020-10-18 14:09:49 +02:00
Mario Rodas
2a58362f8f
Merge pull request #100213 from yanganto/hotfix-hime
...
hime: fix enable hime, remove hime-all package
2020-10-16 23:51:24 -05:00
Antonio Yang
52b903b3c4
hime: fix enable hime, remove hime-all package
...
- fix inputMethod.enable hime by adding module list
- rm hime-all package, because chewing, anthy modules does not work well
2020-10-17 10:48:31 +08:00
tnias
0da7593dce
nixos/chromium: update link in docs ( #93794 )
2020-10-16 23:04:06 +02:00
Dustin Frisch
762ca640c4
nixos/nginx: Do not remove headers while proxying
...
Removing the `Accept-Encoding` header breaks applications which may
produce already compressed content.
Removing this header is staded in the nginx docs but is ment as an
example, not as an recomendation.
2020-10-16 12:50:52 +02:00