Commit Graph

1368 Commits

Author SHA1 Message Date
Bas van Dijk
71fdb69314 nixos: add test for tinydns 2019-05-16 23:46:17 +02:00
lewo
42ee7cdf9d
Merge pull request #61089 from nlewo/pr-fix-layer-order
dockerTools: Fix Docker layers order
2019-05-13 15:27:43 +02:00
Joachim F
b4a43a278b
Merge pull request #60187 from joachifm/feat/configurable-malloc
nixos: configurable system-wide malloc
2019-05-12 15:18:07 +00:00
Joachim F
428ddf0619
Merge pull request #61306 from joachifm/feat/fix-apparmor-boot-linux_5_1
Fix apparmor boot on linux 5.1
2019-05-12 15:17:38 +00:00
Maximilian Bosch
fa2c6dc3c2
Merge pull request #61311 from turboMaCk/xss-lock-locker-options
xss-lock: improve locker options passing
2019-05-12 11:07:54 +02:00
Maximilian Bosch
d27431b362
nixos/xss-lock: add testcase for lockerCommand with several CLI options. 2019-05-12 03:22:29 +02:00
Joachim Fasting
92d41f83fd
nixos/tests/hardened: check that apparmor is properly loaded 2019-05-11 18:21:44 +02:00
kolaente
29d35a9ddb maintainers: add kolaente 2019-05-11 02:01:08 +02:00
Bas van Dijk
4b7aea9e8c
Merge pull request #61237 from basvandijk/journalbeat-fixes
NixOS: support journalbeat >= 6
2019-05-10 18:44:44 +02:00
Bas van Dijk
477c552c7d nixos/journalbeat: support journalbeat >= 6 & add test 2019-05-10 15:41:41 +02:00
Ambroz Bizjak
5bec9dc65b virtualbox: 5.2.28 -> 6.0.6
Quite some fixing was needed to get this to work.

Changes in VirtualBox and additions:

- VirtualBox is no longer officially supported on 32-bit hosts so i686-linux is removed from platforms
  for VirtualBox and the extension pack. 32-bit additions still work.

- There was a refactoring of kernel module makefiles and two resulting bugs affected us which had to be patched.
  These bugs were reported to the bug tracker (see comments near patches).

- The Qt5X11Extras makefile patch broke. Fixed it to apply again, making the libraries logic simpler
  and more correct (it just uses a different base path instead of always linking to Qt5X11Extras).

- Added a patch to remove "test1" and "test2" kernel messages due to forgotten debugging code.

- virtualbox-host NixOS module: the VirtualBoxVM executable should be setuid not VirtualBox.
  This matches how the official installer sets it up.

- Additions: replaced a for loop for installing kernel modules with just a "make install",
  which seems to work without any of the things done in the previous code.

- Additions: The package defined buildCommand which resulted in phases not running, including RUNPATH
  stripping in fixupPhase, and installPhase was defined which was not even run. Fixed this by
  refactoring using phases. Had to set dontStrip otherwise binaries were broken by stripping.
  The libdbus path had to be added later in fixupPhase because it is used via dlopen not directly linked.

- Additions: Added zlib and libc to patchelf, otherwise runtime library errors result from some binaries.
  For some reason the missing libc only manifested itself for mount.vboxsf when included in the initrd.

Changes in nixos/tests/virtualbox:

- Update the simple-gui test to send the right keys to start the VM. With VirtualBox 5
  it was enough to just send "return", but with 6 the Tools thing may be selected by
  default. Send "home" to reliably select Tools, "down" to move to the VM and "return"
  to start it.

- Disable the VirtualBox UART by default because it causes a crash due to a regression
  in VirtualBox (specific to software virtualization and serial port usage). It can
  still be enabled using an option but there is an assert that KVM nested virtualization
  is enabled, which works around the problem (see below).

- Add an option to enable nested KVM virtualization, allowing VirtualBox to use hardware
  virtualization. This works around the UART problem and also allows using 64-bit
  guests, but requires a kernel module parameter.

- Add an option to run 64-bit guests. Tested that the tests pass with that. As mentioned
  this requires KVM nested virtualization.
2019-05-09 23:36:57 +02:00
worldofpeace
bb7e5566c7
Merge pull request #44086 from erikarvstedt/paperless
paperless: add package and service
2019-05-08 17:17:49 -04:00
Erik Arvstedt
80c3ddbad8
paperless service: init 2019-05-08 09:26:32 +02:00
Antoine Eiche
5ef1223f30 nixos/tests/docker-tools: verify order of layers in stacked images 2019-05-07 16:52:13 +02:00
Joachim Fasting
10d3a0e10b
nixos/tests/hardened: test hardened malloc 2019-05-07 13:45:42 +02:00
nyanloutre
f82bfd5e80
nixos/jellyfin: add test to all-tests.nix 2019-05-01 11:57:34 +02:00
Minijackson
ab9378980a
nixos/jellyfin: add simple test 2019-04-28 11:03:51 +02:00
Silvan Mosberger
77fb90d27e
Merge pull request #59731 from ajs124/ejabberd_test
ejabberd: refactor module, add test
2019-04-27 23:36:52 +02:00
Florian Klink
033882e0b7
Merge pull request #60019 from aanderse/nzbget
nzbget: fix broken service, as well as some improvements
2019-04-27 18:26:50 +02:00
Peter Hoeg
eb6ce1c8a9
Merge pull request #60146 from peterhoeg/f/packagekit
nixos/packagekit: make it not error out + test
2019-04-26 14:19:46 +08:00
Aaron Andersen
5b76046db3 nixos/nzbget: fix broken service, add a nixos test, as well as some general improvements 2019-04-25 20:28:39 -04:00
Peter Hoeg
ab15949f81 nixos/packagekit: add test 2019-04-24 22:31:36 +08:00
Peter Hoeg
f81ddbf8e7
Merge pull request #60149 from peterhoeg/u/mosquitto_160
mosquitto: 1.5.8 -> 1.6 + nixos tests
2019-04-24 22:29:08 +08:00
Graham Christensen
f57fc6c881
wireguard: add generatePrivateKeyFile option + test
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
2019-04-24 07:46:01 -04:00
Peter Hoeg
c5af9fd4dd nixos/mosquitto: add test 2019-04-24 17:02:20 +08:00
Aaron Andersen
c3f69d1373
Merge pull request #59381 from aanderse/automysqlbackup
automysqlinit: init at 3.0_rc6
2019-04-22 08:30:23 -04:00
ajs124
2b84c8d560 nixos/ejabberd: add basic test 2019-04-19 12:44:43 +02:00
Domen Kožar
9bc23f31d2
Merge pull request #48337 from transumption/201810/nginx-etag
nginx: if root is in Nix store, use path's hash as ETag
2019-04-18 16:41:49 +07:00
aszlig
d533285224
nixos/tests/nginx: Add subtest for Nix ETag patch
This is to make sure that we get different ETag values whenever we
switch to a different store path but with the same file contents.

I've checked this against the old behaviour without the patch and it
fails as expected.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:41:13 +02:00
ajs124
e03932bbca xmpp-sendmessage: init script file, use in prosody test 2019-04-17 23:36:07 +02:00
Robin Gloster
7dc6e77bc2
Merge pull request #56789 from mayflower/upstream-k8s-refactor
nixos/kubernetes: stabilize cluster deployment/startup across machines
2019-04-17 16:37:58 +00:00
Bas van Dijk
d1940beb3a nixos/prometheus/pushgateway: add module and test 2019-04-16 08:09:38 +02:00
Aaron Andersen
5f4df8e509 automysqlinit: init at 3.0_rc6 2019-04-15 21:51:55 -04:00
Bas van Dijk
e5724e8e66
Merge pull request #59514 from basvandijk/elk-7.0.0
elk7: init at 7.0.0
2019-04-15 07:05:13 +02:00
Bas van Dijk
13352f28d2 elk7: init at 7.0.0
This adds the following new packages:

+ elasticsearch7
+ elasticsearch7-oss
+ logstash7
+ logstash7-oss
+ kibana7
+ kibana7-oss
+ filebeat7
+ heartbeat7
+ metricbeat7
+ packetbeat7
+ journalbeat7

The default major version of the ELK stack stays at 6. We should
probably set it to 7 in a next commit.
2019-04-14 21:39:46 +02:00
Sarah Brofeldt
f839011719
Merge pull request #58512 from aanderse/solr
solr: init at 8.0.0
2019-04-14 11:16:28 +02:00
Joachim F
5dafbb2cb1
Merge pull request #56719 from bricewge/miniflux-service
miniflux: add service
2019-04-12 09:57:30 +00:00
Aaron Andersen
ee7565af9d solr: init at 8.0.0 2019-04-10 20:12:41 -04:00
Jörg Thalheim
4d4f110ca5
Merge pull request #59181 from Izorkin/nginx-format
nixos/nginx: fix error in writeNginxConfig
2019-04-10 19:23:34 +01:00
Bas van Dijk
2f2e2971d6
Merge pull request #58255 from jbgi/prometheus2
Add Prometheus 2 service in parallel with 1.x version (continuation)
2019-04-09 14:14:18 +02:00
Bas van Dijk
7062a073e8 elk: 6.5.1 -> 6.7.1 2019-04-09 12:34:01 +02:00
Robin Gloster
a58ab8fc05
Merge pull request #58398 from Ma27/package-documize
documize-community: init at 2.2.1
2019-04-08 22:34:11 +00:00
Maximilian Bosch
acbb74ed18
documize-community: init at 2.2.1
Documize is an open-source alternative for wiki software like Confluence
based on Go and EmberJS. This patch adds the sources for the community
edition[1], for commercial their paid-plan[2] needs to be used.

For commercial use a derivation that bundles the commercial package and
contains a `$out/bin/documize` can be passed to
`services.documize.enable`.

The package compiles the Go sources, the build process also bundles the
pre-built frontend from `gui/public` into the binary.

The NixOS module generates a simple `systemd` unit which starts the
service as a dynamic user, database and a reverse proxy won't be
configured.

[1] https://www.documize.com/get-started/
[2] https://www.documize.com/pricing/
2019-04-08 23:54:57 +02:00
Izorkin
496a73d46d nixos/nginx: fix error in writeNginxConfig 2019-04-08 16:44:23 +03:00
Bas van Dijk
394970047e nixos/tests: register the prometheus2 test 2019-04-08 15:24:23 +02:00
Florian Klink
2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
aszlig
6fe989eaed
nixos/tests/acme: Use exact match in TOS location
Since the switch to check the nginx config with gixy in
59fac1a6d7, the ACME test doesn't build
anymore, because gixy reports the following false-positive (reindented):

  >> Problem: [alias_traversal] Path traversal via misconfigured alias.
  Severity: MEDIUM
  Description: Using alias in a prefixed location that doesn't ends with
               directory separator could lead to path traversal
               vulnerability.
  Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
  Pseudo config:

  server {
    server_name letsencrypt.org;

    location /documents/2017.11.15-LE-SA-v1.2.pdf {
      alias /nix/store/y4h5ryvnvxkajkmqxyxsk7qpv7bl3vq7-2017.11.15-LE-SA-v1.2.pdf;
    }
  }

The reason this is a false-positive is because the destination is not a
directory, so something like "/foo.pdf../other.txt" won't work here,
because the resulting path would be ".../destfile.pdf../other.txt".

Nevertheless it's a good idea to use the exact match operator (=), to
not only shut up gixy but also gain a bit of performance in lookup (not
that it would matter in our test).

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-06 12:51:56 +02:00
Jeremy Apthorp
e8b68dd4f4 miniflux: add service 2019-04-06 03:52:15 +02:00
Jörg Thalheim
4aeafc6b63
tests/pdns-recursor: use waitForOpenPort as port check
This should be safer w.r.t. race conditions.
2019-04-05 02:30:28 +01:00
Jörg Thalheim
d8445c9925
tests/pdns-recursor: add 2019-04-04 19:42:49 +01:00