Commit Graph

2845 Commits

Author SHA1 Message Date
Doron Behar
a17c7a9973
Merge pull request #100271 from berbiche/cagebreak-1.4.3 2020-10-13 19:07:18 +03:00
WORLDofPEACE
99d5111246 nixos/tools: add desktopConfiguration option
We now have a GNOME ISO so it would be nice to seed that one
with configuration on how to enable it.
2020-10-12 22:03:16 -04:00
Nicolas Berbiche
f103463d68
cagebreak: use wayinfo for Wayland test 2020-10-12 20:31:53 -04:00
Dominik Xaver Hörl
0a42b8cac6 nixosTests.xmonad: don't rely on xmonad being "vanilla" after restart
The old (slightly broken) behavior of the xmonad module was to put the vanilla xmonad binary into PATH. This was changed to put the users xmonad into PATH instead.

But since the config for the xmonad test uses `launch` (to avoid xmonads self-recompilation logic), it now can't handle the `--restart` flag anymore. So instead use a key binding for restarting, and let xmonad spawn a new xterm on restart.

The key binding has to be explicitly added because the default binding
will shell out to `xmonad --restart` and therefore not work with the `launch` entrypoint.
2020-10-12 14:48:07 +02:00
Timo Kaufmann
787ec15440
Merge pull request #94187 from fgaz/ft2-clone/1.27
ft2-clone: add a test
2020-10-12 11:06:04 +02:00
Florian Klink
a1cb02148b
Merge pull request #99912 from m1cr0man/ocspfix
nixos/acme: Fix ocspMustStaple option and add test
2020-10-11 23:44:33 +02:00
Florian Klink
a61ca0373b nixosTests.avahi: add avahi-with-resolved
This allows testing avahi works with resolved being enabled, as a
regression test for https://github.com/NixOS/nixpkgs/pull/99530.
2020-10-11 20:46:21 +02:00
Kevin Cox
8b33d575e4
Merge pull request #98084 from turion/patch-5
agda.section.md: Fix header and enumeration
2020-10-11 07:29:58 -04:00
Timo Kaufmann
19ac436cf5
Merge pull request #93450 from ardumont/gerbera-service
mediatomb: Improve service + add gerbera support and tests
2020-10-08 14:20:07 +02:00
Antoine R. Dumont (@ardumont)
3248506a00
mediatomb/gerbera: Improve firewall rules and open firewall option
This changes the default behavior which opened by default the firewall rules.
The users now need to declare explicitely they want to open the firewall.
2020-10-08 08:59:49 +02:00
Antoine R. Dumont (@ardumont)
9fdd11c6a8
mediatomb/gerbera: Bootstrap tests on service
This exposes 2 scenario running the mediatomb service:
- one running with the unmaintained mediatomb package
- one running with the new maintained gerbera package
2020-10-08 08:59:49 +02:00
Anderson Torres
8aeaba64d7
Merge pull request #99604 from berbiche/cagebreak
cagebreak: init at 1.4.2
2020-10-08 00:05:57 -03:00
elseym
533560de5b
nixos/murmur: add option environmentFile for injecting secrets
Secrets are injected from the environment into the rendered
configuration before each startup using envsubst.
The test now makes use of this feature for the server password.
2020-10-07 13:35:50 +02:00
Lucas Savva
1edd91ca09
nixos/acme: Fix ocspMustStaple option and add test
Some of the testing setup for OCSP checking was wrong and
has been fixed too.
2020-10-07 00:18:13 +01:00
Nicolas Berbiche
c9cea8264e
cagebreak: init at 1.4.2 2020-10-05 22:18:44 -04:00
Tim Steinbach
03197f94ce
tests/hardened: Fix usage with 5.8
Linux >= 5.8 improved /proc mount options. `hidepid=2` is now
displayed as `hidepid=invisible`
2020-10-05 09:07:21 -04:00
Vladimír Čunát
30e98a4fd6
nixosTests.ec2-config: avoid an evaluation problem
The problem was introduced by commit 97a32bc (within PR #79696).
nixos/tests/common/ec2.nix:6:17 called with unexpected argument 'meta'
2020-10-03 20:06:26 +02:00
Maximilian Bosch
6148b0e59f
Merge pull request #99079 from mayflower/openvpn-exporter-upstream
nixos/prometheus-exporters/openvpn: init
2020-09-30 15:37:03 +02:00
Linus Heckemann
a560936cab nixos/prometheus-exporters/openvpn: init
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
Co-Authored-By: Robin Gloster <mail@glob.in>
2020-09-29 10:53:04 +02:00
Emery Hemingway
e7d0500cb3 nixos/rsyncd: convert module to an INI generator 2020-09-29 08:07:53 +02:00
WilliButz
e736a990c1
Merge pull request #98746 from mayflower/postfix-exporter-group
prometheus postfix exporter: misc
2020-09-27 22:37:38 +02:00
rnhmjoj
d7ae8ab35f
nixos/tests/ncdns: more tests and disable DNSSEC
- DNSSEC is currently disable because it's failing
- Separately test .bit domain on ncdns and pdns-recursor
- Test for the SOA record of the bit. zone
2020-09-25 20:56:15 +02:00
Linus Heckemann
0e3f631831 prometheus postfix exporter test: check showq 2020-09-25 14:27:29 +02:00
WilliButz
403c215bdd
nixos/codimd: add option environmentFile for injecting secrets
Secrets are injected from the environment into the rendered
configuration before each startup using envsubst.
The test now makes use of this feature for the db password.
2020-09-23 11:59:44 +02:00
Martin Weinelt
76aeb20d91 nixosTests.magnetico: wait for open port and make curl actually fail 2020-09-22 23:27:12 -07:00
Vladimír Čunát
cf09899749
Merge #97922: nixosTests.signal-desktop: fix 2020-09-21 17:31:19 +02:00
Sarah Brofeldt
44289eb20c
Merge pull request #91170 from DianaOlympos/update/apache-kafka
apache-kafka: 2.4.0 -> 2.4.1/2.5.0
2020-09-21 15:42:26 +02:00
Nathaniel Glen
e879eb6db6 pipewire: add testing
This adds two tests. One is for whether the paths used by the module are
present, while the other is for testing functionality of PipeWire
itself. This is done with the recent addition of installed tests by
upstream.
2020-09-19 16:33:01 -04:00
Manuel Bärenz
4336f9f7bb tests/agda: Fix comment 2020-09-18 12:42:23 +02:00
Henri Menke
9d60354fae nixos/shadowsocks: add test without plugin 2020-09-14 22:35:05 +02:00
Anderson Torres
a5931fa6e3
Merge pull request #95409 from utdemir/stream_layered_image_fix
dockerTools.streamLayeredImage: Store the customisation layer as a tarball
2020-09-14 11:05:48 -03:00
Kai Harries
ddd23d6790 signal-desktop: fix test
Test was broken because network is not available during sandboxed test
run and therefore the expected text was never shown.

ZHF: #97479
2020-09-13 19:28:51 +02:00
Maximilian Bosch
4a559f8fee
gotify-server: fix UI
In version 2.0.15 `gotify` switched to `packr` at 2.x which is why the
UI can't be served properly via HTTP and causes an empty 500 response and
the following errors in `journald`:

```
2020/09/12 19:18:33 [Recovery] 2020/09/12 - 19:18:33 panic recovered:
GET / HTTP/1.1
Host: localhost:8080
Accept: */*
User-Agent: curl/7.72.0

stat /home/ma27/Projects/ui/build/index.html: no such file or directory
```

This wasn't caught by the VM-test as it only tested the REST and push
APIs. Using their internal `packr.go` script in our build as it's the
case in the upstream build-system[1] fixes the issue.

[1] https://github.com/gotify/server/pull/277/files#diff-b67911656ef5d18c4ae36cb6741b7965R48
2020-09-12 19:30:17 +02:00
Damien Cassou
607f5a6755
Merge pull request #84246 from lostnet/couchdbpr
couchdb: add support for version 3.0.0
2020-09-11 17:47:47 +02:00
Will Young
0ef1be0aa1 couchdb: add support for version 3.1.0 2020-09-11 14:03:16 +02:00
Florian Klink
484632983f
Merge pull request #97631 from Izorkin/nginx-sandboxing
nixos/nginx: remove option enableSandbox
2020-09-10 20:33:25 +02:00
Félix Baylac-Jacqué
a4a1c016a3
Merge pull request #97526 from immae/fix_ejabberd
nixos/ejabberd: Fix tests
2020-09-10 10:21:11 +02:00
Izorkin
535896671b
nixos/nginx: remove option enableSandbox 2020-09-10 08:19:20 +03:00
Ismaël Bouya
cdaec7e9ed
ejabberd: fix failing tests
This commit fixes the ejabberd tests for hydra:

mod_http_upload and mod_disco need to be explicitly enabled, and a
handler needs to be setup to make it work. Also, the client needs to be
able to contact the server.

The commit also fixes the situation where http upload failed: in that
case the client would wait forever because nothing catched the error.

Finally, there remains a non-reproducible error where ejabberd server
fails to start with an error like:
format: "Failed to create cookie file '/var/lib/ejabberd/.erlang.cookie': eacces"
(happens ~15%) I tried to check existence of /var/lib/ejabberd/ in
pre-start script and saw nothing that would explain this error, so I
gave up about this error in particular.
2020-09-10 01:08:22 +02:00
Patryk Wychowaniec
183d9abdaf
lxd: s/sha256/hash 2020-09-09 20:07:17 +02:00
Patryk Wychowaniec
93b8435915
lxd: add wait_for_file() to ensure LXD is actually running 2020-09-09 19:46:21 +02:00
Patryk Wychowaniec
04111cb356
lxd: use stable URL for Alpine's image 2020-09-09 19:30:02 +02:00
Ryan Mulligan
a38ffcc20e
Merge pull request #95752 from misuzu/3proxy-test-fix
nixosTests.3proxy: fix flakiness
2020-09-08 20:33:20 -07:00
Oleksii Filonenko
45d7f59da8
Merge pull request #97217 from sephii/nixos-caddy-v2-migration 2020-09-08 11:17:55 +03:00
Linus Heckemann
ef4e81d756
Merge pull request #96830 from mayflower/unifi-poller
unifi-poller: add service and prometheus-exporter
2020-09-08 09:53:07 +02:00
Sylvain Fankhauser
b8bfe941fa
caddy: address remaining MR comments for v2 2020-09-08 09:29:04 +02:00
Robert Scott
61525137fd
Merge pull request #96958 from servalcatty/v2ray
v2ray: 4.26.0 -> 4.27.5 and add tests
2020-09-07 21:29:51 +01:00
Vladimír Čunát
85afe9cbe9
nixos/tests/installer: increase RAM in the VM
1G apparently isn't sufficient anymore, at least in swraid case:
https://hydra.nixos.org/build/126561574
2020-09-07 15:43:37 +02:00
Vladimír Čunát
c1c85b9bad
Merge #97146: 'staging-next' branch
This is the last planned iteration before forking 20.09.
2020-09-07 15:43:36 +02:00
Francesco Gazzetta
e158d19618 ft2-clone: add nixos test 2020-09-07 11:21:26 +02:00
Jörg Thalheim
d9ccdd860c
Merge pull request #96885 from bbigras/sssd-ldap
nixos/tests/sssd-ldap: init
2020-09-06 20:29:36 +01:00
Florian Klink
d7046947e5
Merge pull request #91121 from m1cr0man/master
Restructure acme module
2020-09-06 18:26:22 +02:00
elseym
aaf0002f68
prometheus-unifi-poller-exporter: init module 2020-09-06 17:48:19 +02:00
elseym
8c49e5a78c
tests/prometheus-exporters: allow overriding test-node-name
allows the prometheus-exporters test abstraction to work with e.g. hyphenated exporter-names
2020-09-06 17:48:00 +02:00
Lucas Savva
34b5c5c1a4
nixos/acme: More features and fixes
- Allow for key reuse when domains are the only thing that
  were changed.
- Fixed systemd service failure when preliminarySelfsigned
  was set to false
2020-09-06 01:28:19 +01:00
Vladimír Čunát
6eea644749
nixos/tests/installer swraid: increase partition size
We apparently didn't fit anymore.  I don't think this test is meant
to (also) check closure size.

Note: as of this commit, the test is blocked by a fontconfig problem,
so I tested with that merge temporarily reverted.
2020-09-05 19:29:38 +02:00
Oleksii Filonenko
06d2d84519
nixosTests.caddy: update to v2
- Update configuration syntax
- Add filalex77 as a maintainer
2020-09-05 14:09:17 +02:00
Lucas Savva
f57824c915
nixos/acme: Update docs, use assert more effectively 2020-09-05 01:06:29 +01:00
Lucas Savva
67a5d660cb
nixos/acme: Run postRun script as root 2020-09-04 19:34:10 +01:00
Bruno Bigras
64ce52713c nixos/tests/sssd-ldap: init 2020-09-04 01:51:42 -04:00
Utku Demir
ae82f81bfa
dockerTools.streamLayeredImage: Store the customisation layer as a tarball
This fixes as issue described here[1], where permissions set by 'extraCommands'
were ignored by Nix.

[1] https://github.com/NixOS/nixpkgs/pull/91084#issuecomment-669834938
2020-09-04 16:53:23 +12:00
Lucas Savva
1b6cfd9796
nixos/acme: Fix race condition, dont be smart with keys
Attempting to reuse keys on a basis different to the cert (AKA,
storing the key in a directory with a hashed name different to
the cert it is associated with) was ineffective since when
"lego run" is used it will ALWAYS generate a new key. This causes
issues when you revert changes since your "reused" key will not
be the one associated with the old cert. As such, I tore out the
whole keyDir implementation.

As for the race condition, checking the mtime of the cert file
was not sufficient to detect changes. In testing, selfsigned
and full certs could be generated/installed within 1 second of
each other. cmp is now used instead.

Also, I removed the nginx/httpd reload waiters in favour of
simple retry logic for the curl-based tests
2020-09-04 01:09:43 +01:00
Anders Kaseorg
f4b2c9dfe7 cryptsetup, lvm2, systemd: Break cyclic dependency at a different point
The cyclic dependency of systemd → cryptsetup → lvm2 → udev=systemd
needs to be broken somewhere.  The previous strategy of building
cryptsetup with an lvm2 built without udev (#66856) caused the
installer.luksroot test to fail.  Instead, build lvm2 with a udev built
without cryptsetup.

Fixes #96479.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-09-03 12:35:56 -07:00
Jörg Thalheim
02a2649220
Merge pull request #89748 from heinic/krb5-lists 2020-09-03 07:31:22 +01:00
Lucas Savva
61dbf4bf89
nixos/acme: Add proper nginx/httpd config reload checks
Testing of certs failed randomly when the web server was still
returning old certs even after the reload was "complete". This was
because the reload commands send process signals and do not wait
for the worker processes to restart. This commit adds log watchers
which wait for the worker processes to be restarted.
2020-09-02 19:25:30 +01:00
Lucas Savva
982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
Serval
4ac99e76bc
nixos/tests/v2ray: init 2020-09-02 22:18:52 +08:00
misuzu
0c688868e7 nixosTests.3proxy: fix flakiness 2020-09-01 14:31:52 +03:00
Lassulus
a081e99e41
Merge pull request #83780 from hax404/robustirc-bridge
robustirc-bridge: init at 1.8
2020-08-31 18:14:45 +02:00
Georg Haas
2bd6f0744f
nixos/tests/robustirc-bridge: init 2020-08-31 15:22:50 +02:00
Arian van Putten
882ed6759a
Merge pull request #96149 from JJJollyjim/acme-test-go-15
nixos/acme: fix subjectAltName in test snakeoil certs
2020-08-31 13:54:19 +02:00
Félix Baylac-Jacqué
f63c842f1e
nixosTests.systemd-networkd: fix test flakiness
The original idea for this test was, on top of providing a networkd
test, to provide newcomers with a sample configuration they could use
to get started with networkd.

That's precisely why we were doing this systemd tmpfile dance in the
first place. It was a convenient way to create a runtime file with a
specific mode and owner.

Sadly, this tmpfile rule made the test flaky. There's a race condition
between the wireguard interface configured by systemd-networkd and
systemd-tmpfiles-setup.

Sometimes, networkd is going to try loading the wireguard private key
file *before* the said file gets created by systemd-tmpfiles.

A perfect solution here would be to create a "After" dependency
between wg0.netdev and systemd-tmpfiles-setup.service. Sadly, it is
currently impossible to create such a dependency between a
networkd-specific unit and a service.

We're removing this tmp file in favor of pointing networkd directly to
the Nix store. This is clearly something that shouldn't be done in the
real world for a private file: the store is world-readable. However,
this is the only way I found to fix this test flakiness for now.
2020-08-30 21:03:27 +02:00
Maximilian Bosch
d416facd39
nixos/tests/systemd-networkd: fix eval
In `systemd-243` the option `FwMark` in the `[WireGuard]` section of
a `.netdev`-unit has been renamed to `FirewallMark`[1]. Due to the
removal of deprecated options in our `networkd` module[2] the evaluation
of this test doesn't work.

Renaming the option to its new name fixes the issue.

[1] 1c30b174ed
[2] e9d13d3751
2020-08-29 22:51:30 +02:00
Aaron Andersen
bcdcd5d9fc
Merge pull request #95880 from aanderse/postgresql-settings
nixos/postgresql: replace extraConfig option with settings option
2020-08-29 09:12:54 -04:00
Frederik Rietdijk
7b56d26ae3 Merge master into staging-next 2020-08-29 13:30:25 +02:00
worldofpeace
f2d0a68c21
Merge pull request #96396 from flokli/remove-perl-test-driver
nixos/lib/test*: remove perl test driver
2020-08-28 11:30:18 -04:00
Daniël de Kok
192ed0a00e
Merge pull request #95888 from bzizou/charliecloud18
charliecloud: 0.12 -> 0.18
2020-08-28 16:34:57 +02:00
Bruno Bzeznik
1601ff7dd4 charliecloud: 0.12 -> 0.18 (docker + ch-grow support) 2020-08-28 14:39:21 +02:00
Florian Klink
0620184f3f nixos/lib/test*: remove perl test driver
This has been deprecated in 20.03, and all tests have been migrated to
the python framework, effectively making this dead code.
2020-08-27 19:45:38 +02:00
Matthew Bauer
25ac498482
Merge pull request #96404 from matthewbauer/gcc-cross
Fix cycle detected in Darwin->Linux cross GCC
2020-08-26 16:17:14 -05:00
Aaron Andersen
2a44265608 nixos/postgresql: replace extraConfig option with settings option 2020-08-26 17:06:48 -04:00
Florian Klink
36e4ec8568
Merge pull request #96349 from helsinki-systems/feat/postgresql-wal-python
tests/postgresql-wal-receiver: Port to Python
2020-08-26 21:08:15 +02:00
Matthew Bauer
ca3fa9c32a
Merge pull request #95956 from matthewbauer/qemu-cpu-max
runInLinuxVM, test-driver: use -cpu max instead of -cpu host
2020-08-26 12:59:57 -05:00
Vladimír Čunát
e02793de2f
nixos installer tests: add a missing package
Tested it locally fixes #96361
nix-build nixos/release-combined.nix -A nixos.tests.installer.lvm.x86_64-linux -Q
2020-08-26 18:14:34 +02:00
Lassulus
12baef56e4
Merge pull request #96127 from hmenke/shadowsocks
shadowsocks service: support plugins
2020-08-26 16:49:55 +02:00
Janne Heß
ead6de5d3d
tests/postgresql-wal-receiver: Port to Python
... and remove some weirdnesses.

- Port to Python
- Drop the extra pkgs, config, system args
- Drop all `with`
- Don't override the standard PostgreSQL directory
- Use pkgs and lib from the test runner

Tested with:
- postgresql_12
- postgresql_11
- postgresql_10
- postgresql_9_6
- postgresql_9_5

Closes #96347
cc @flokli
2020-08-26 16:37:24 +02:00
Florian Klink
df2f22daa8
Merge pull request #94858 from liff/virtualbox-python-test
nixosTests.virtualbox: Port to python
2020-08-26 10:00:04 +02:00
Frederik Rietdijk
081bd762e5 Merge staging-next into staging 2020-08-26 08:43:29 +02:00
Henri Menke
27f281bc50
nixos/shadowsocks: add test 2020-08-26 15:15:27 +12:00
Rouven Czerwinski
7db58b93d0
nixos/tests: use ::1 instead of anycast address (#96250)
According to RFC4291[1], 2001:db8:: is the anycast address for the
prefix and will be answered by all routers responsible for this prefix.
This means that before the iputils bump, the ping from client to isp was
answered by the router and not by the ISP machine. Switching away from
the anycast address fixes this issue.

Credits for finding this go to @primeos.

[1]: https://tools.ietf.org/html/rfc4291#section-2.6.1

Fixes #96188
2020-08-25 22:29:22 +02:00
Anderson Torres
fffabfaefd
Merge pull request #96179 from bbigras/sssd
nixos/sssd: fix the module
2020-08-25 16:59:11 -03:00
Nico Heitmann
0bee87c400 nixos/krb5: add list to example configuration
Updated the relevant nixos test to match the example configuration.
2020-08-25 17:18:56 +02:00
Florian Klink
c4ef188cae
Merge pull request #96187 from helsinki-systems/os-prober-python
nixos/tests/os-prober.nix: port to python
2020-08-24 21:46:50 +02:00
Symphorien Gibol
ddbd436dc4 nixos/tests/os-prober.nix: port to python 2020-08-24 17:49:20 +02:00
Bruno Bigras
5d36e00b7d nixos/sssd: fix the module
'system.nssModules' was not set correctly

fix #91242
2020-08-24 10:10:47 -04:00
Florian Klink
40d2968ebf
Merge pull request #94354 from flokli/systemd-246
systemd: 245.6 -> 246
2020-08-24 12:42:24 +02:00
Florian Klink
618e273861 nixosTests.systemd: disable RuntimeWatchdogUSec=30s assertion
For some reason, this value isn't updated, at least not inside the VM.

Uncomment it, so we still test the rest. Needs to be investigated
further.
2020-08-24 12:40:02 +02:00
Frederik Rietdijk
0a874ff2a6 Merge master into staging-next 2020-08-24 11:50:58 +02:00
Sascha Grunert
1c551f9778 cri-o: add NixOS test via critest
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-24 18:34:19 +10:00
Jamie McClymont
fb0e3ca40e nixos/acme: fix subjectAltName in test snakeoil certs 2020-08-24 19:49:24 +12:00