This fixes an eval error that occurred on hydra with the small channel
and the `nixos.tests.boot.biosCdrom.x86_64-linux` attribute:
> $ nix-instantiate nixos/release-small.nix -A nixos.tests.boot.biosCdrom.x86_64-linux
> warning: unknown setting 'experimental-features'
> error: The option `virtualisation.qemu' does not exist. Definition values:
> - In `/home/andi/dev/nixos/nixpkgs/nixos/modules/testing/test-instrumentation.nix':
> {
> consoles = [ ];
> package = {
> _type = "override";
> content = <derivation /nix/store/q72h2cdcb9zjgiay5gdgzwddjkbjr7xq-qemu-host-cpu-only-for-vm-tests-5.1.0.drv>;
> ...
> (use '--show-trace' to show detailed location information)
In bc2188b we changed test test-instrumentation to also set the QEMU
package that is being used. That change unfortunately caused us to
always assing values to the virtualisation.qemu.package option even when
the option is not defined. The original code was explicitly testing for
the consoles case but the then newly extended version did not adjust the
check as the intention was probably not clear.
With this commit we are always ensuring the entire virtualisation.qemu
section exists and can thus drop the individual tests for each of the
sections since the QEMU module always defines both the package and the
consoles option when it's root is defined..
The test now check the following things:
- Configuring a MySQL server to hold the records
- Loading the PowerDNS schema from file
- Adding records through pdnsutil
In https://github.com/NixOS/nixpkgs/issues/100119 pantheon's greeter
has g-s-d running which allows brightness controls via pkexec.
This is changed in newer versions of g-s-d (pantheon uses a fork currently),
but whenever brightness is changed with a shell of `shadow` we get
```
Oct 10 23:51:44 kirXps pkexec[18722]: lightdm: Executing command [USER=root] [TTY=unknown] [CWD=/var/lib/lightdm] [COMMAND=/run/current-system/sw/bin/elementary-settings-daemon/gsd-backlight-helper /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1/intel_backlight 65587]
```
I'm not sure this should be strictly needed, so we should try to
revert later on when pantheon's g-s-d is updated.
This adds basically an indirection to systemPackages
to automatically install an interface for flatpak for their respective
environments. e.g if I enable pantheon and flatpak you'll get appcenter,
and on gnome you'll see gnome-software.
https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
Nginx fails to start, because it can't read the certificate file. This
happens because PrivateTmp is set for the service, which makes the
system wide /tmp inaccessible.
When we redid the default apps we didn't add gnome-boxes for
rdp/vnc. (plus it doesn't really work well in nixos). With gnome-connections
we can now have this functionality, as file sharing is a default function
in g-c-c Sharing.
When I test a change e.g. in the module system manually, I usually use
`nixos-build-vms(8)` which also gives me a QEMU window where I can play
around in the freshly built VM.
It seems as this has changed recently when the default package for
non-interactive VM tests using the same framework was switched to
`pkgs.qemu_test` to reduce the closure size. While this is a reasonable
decision for our CI tests, I think that you really want a QEMU window of
the VM by default when using `nixos-build-vms(8)`.
[1] bc2188b083
Instead of putting a README in the directory where the manual is
written, put the information from it straight in the docs themselves.
It's a bit untrivial to guess the manual is located exactly there for
contributers.
This should NOT be backported to 20.09!
When 21.03 is released, the DB changes are about a year old and
operators had two release cycles for the upgrade. At this point it
should be fair to remove the compat layer to reduce the complexity of
the module itself.
The `curve25519-sha256` key exchange method is defined in RFC 8731 that
is identical to curve25519-sha256@libssh.org. OpenSSH supports the
method since version 7.4, released on 2016-12-19. It is literally a
violation of the "both in Secure Secure Shell and Mozilla guidelines"
rule, but it provides essentially the same but a future-proof default.
Also, links to the Mozilla OpenSSH guidelines are updated to refer to
the current place.
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
In commit a61ca0373b (#100267), the avahi
test expression got an additional attribute, but instead of wrapping the
function, the attributes were introduced by nesting the function one
level deeper.
To illustrate this:
Before: attrs: <testdrv>
After: newattrs: attrs: <testdrv>
So when instantiating tests.avahi.x86_64-linux from nixos/release.nix we
get "value is a function while a set was expected" instead of the
derivation.
I simply re-passed the attributes to make-test-python.nix, since the
function already allows (via "...") arbitrary attributes to be passed.
The reason why I'm pushing this directly to master is because evaluation
for the test is already broken and the worst that could happen here is
that things are *still* broken.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @doronbehar
For a lot of the work the non-interactive drivers are enough and it is
probably a good idea to keep it accessible for debugging without
touching the Nix expression.
Since we previously stripped down the features of `qemu_test` some of
the features users are used to while running tests through the (impure)
driver didn't work anymore. Most notably we lost support for graphical
output and audio. With this change the `driver` attribute uses are more
feature complete version of QEmu compared to the one used in the pure
Nix builds.
This gives us the best of both worlds. Users are able to see the
graphical windows of VMs while CI and regular nix builds do not have to
download all the (unnecessary) dependencies.
Removing the `Accept-Encoding` header breaks applications which may
produce already compressed content.
Removing this header is staded in the nginx docs but is ment as an
example, not as an recomendation.
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
This reverts commit 3cd2b59b8c.
It created infinite recursion when using LXQt, since lxqt module
uses `config.system.path` in `services.xserver.desktopManager.session`.
`config.system.path` is a `buildEnv` that depends on `environment.systemPackages`.
This one occurrence wasn't updated:
$ git grep "nix-build nixos/release.nix -A manual"
nixos/doc/manual/README: nix-build nixos/release.nix -A manual.x86_64-linux
nixos/doc/manual/development/meta-attributes.xml:<screen><prompt>$ </prompt>nix-build nixos/release.nix -A manual</screen>
nixos/doc/manual/development/writing-documentation.xml:<screen>nix-build nixos/release.nix -A manual.x86_64-linux</screen>
serviceConfig.ProtectSystem is usually a string so if set, the assert
itself would error out leaving no useable trace:
# nixos-rebuild switch --show-trace
building Nix...
building the system configuration...
error: while evaluating the attribute 'config.system.build.toplevel' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:293:5:
while evaluating 'foldr' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:52:20, called from /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:128:12:
while evaluating 'fold'' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:55:15, called from /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:59:8:
while evaluating anonymous function at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:121:50, called from undefined position:
while evaluating the attribute 'assertion' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/security/systemd-confinement.nix:163:7:
value is a string while a Boolean was expected
Fix the check to give a sensible assert message instead; the attribute
should either be not set or false bool to pass.
Closes: #99000
The old (slightly broken) behavior of the xmonad module was to put the vanilla xmonad binary into PATH. This was changed to put the users xmonad into PATH instead.
But since the config for the xmonad test uses `launch` (to avoid xmonads self-recompilation logic), it now can't handle the `--restart` flag anymore. So instead use a key binding for restarting, and let xmonad spawn a new xterm on restart.
The key binding has to be explicitly added because the default binding
will shell out to `xmonad --restart` and therefore not work with the `launch` entrypoint.
xserver uses the wrong version of xkbvalidate, the one from
buildPackages should be used or else the resulting xkbvalidate binary is
compiled for the target architecture.
Note that it made into 2 entries, one about new options in the first section.
Another in the breaking compatibility section due to the openFirewall option
which changes the behavior.
This changes the default behavior which opened by default the firewall rules.
The users now need to declare explicitely they want to open the firewall.
This exposes 2 scenario running the mediatomb service:
- one running with the unmaintained mediatomb package
- one running with the new maintained gerbera package
This also fixes some various small limitations:
- Drop unnecessary quoting
- Drop duplicated gerbera interface definition
- Fix configuration indentation
In the sense that the pkgs dependency will be pulled if the service is
transcoding enabled. Otherwise, the transcoding part is completely dropped from
the generated configuration.
Secrets are injected from the environment into the rendered
configuration before each startup using envsubst.
The test now makes use of this feature for the server password.
When using the ACME DNS-01 challenge, there is a possibility of a
failure to resolve the challenge if the record is not propagated
fast enough. To circumvent this generic DNS problem, this adds
a setting to explicitly tell the ACME provider to use a certain DNS
resolver to lookup the challenge.
Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
This reverts commit fb6d63f3fd.
I really hope this finally fixes#99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011
Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
Please note that this is only for 21.03 since `nextcloud19` is intended
to be the default for the already feature-frozen 20.09 (the bump itself
is supposed to get backported however).
This should hopefully solve races with DNS servers (such as unbound)
during the activation of a new generation. Previously unbound could
still be unavailable and thus the acme script would fail.
The only nix version available in the installer should be the version
configure in the module system. If someone needs `nixUnstable` in their
`nixos-install` they should probably set the module option and not just
add it to the closure.
9544c6078e / #96672 removed the samba option
`syncPasswordsByPam`.
Need to remove this option from the pam module, otherwise it will cause build errors