Project import generated by Copybara.

GitOrigin-RevId: 10ecda252ce1b3b1d6403caeadbcc8f30d5ab796
This commit is contained in:
Default email 2022-09-30 06:47:45 -05:00
parent 96a430125b
commit 5083ee08a2
1785 changed files with 42125 additions and 26113 deletions

View file

@ -37,6 +37,7 @@
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer
/pkgs/stdenv/generic/check-meta.nix @Ericson2314 @matthewbauer @piegamesde
/pkgs/stdenv/cross @Ericson2314 @matthewbauer
/pkgs/build-support/cc-wrapper @Ericson2314
/pkgs/build-support/bintools-wrapper @Ericson2314

View file

@ -26,14 +26,11 @@ jobs:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Create backport PRs
# should be kept in sync with `version`
uses: zeebe-io/backport-action@v0.0.5
uses: zeebe-io/backport-action@v0.0.8
with:
# Config README: https://github.com/zeebe-io/backport-action#backport-action
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}
# should be kept in sync with `uses`
version: v0.0.5
pull_description: |-
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.

1
third_party/nixpkgs/.mailmap vendored Normal file
View file

@ -0,0 +1 @@
Daniel Løvbrøtte Olsen <me@dandellion.xyz> <daniel.olsen99@gmail.com>

View file

@ -71,7 +71,7 @@ The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given
To package Dotnet applications, you can use `buildDotnetModule`. This has similar arguments to `stdenv.mkDerivation`, with the following additions:
* `projectFile` has to be used for specifying the dotnet project file relative to the source root. These usually have `.sln` or `.csproj` file extensions. This can be an array of multiple projects as well.
* `projectFile` is used for specifying the dotnet project file, relative to the source root. These usually have `.sln` or `.csproj` file extensions. This can be a list of multiple projects as well. Most of the time dotnet can figure this location out by itself, so this should only be set if necessary.
* `nugetDeps` takes either a path to a `deps.nix` file, or a derivation. The `deps.nix` file can be generated using the script attached to `passthru.fetch-deps`. This file can also be generated manually using `nuget-to-nix` tool, which is available in nixpkgs. If the argument is a derivation, it will be used directly and assume it has the same output as `mkNugetDeps`.
* `packNupkg` is used to pack project as a `nupkg`, and installs it to `$out/share`. If set to `true`, the derivation can be used as a dependency for another dotnet project by adding it to `projectReferences`.
* `projectReferences` can be used to resolve `ProjectReference` project items. Referenced projects can be packed with `buildDotnetModule` by setting the `packNupkg = true` attribute and passing a list of derivations to `projectReferences`. Since we are sharing referenced projects as NuGets they must be added to csproj/fsproj files as `PackageReference` as well.
@ -100,7 +100,7 @@ To package Dotnet applications, you can use `buildDotnetModule`. This has simila
* `dotnetPackFlags` can be used to pass flags to `dotnet pack`. Used only if `packNupkg` is set to `true`.
* `dotnetFlags` can be used to pass flags to all of the above phases.
When packaging a new application, you need to fetch it's dependencies. You can set `nugetDeps` to an empty string to make the derivation temporarily evaluate, and then run `nix-build -A package.passthru.fetch-deps` to generate it's dependency fetching script. After running the script, you should have the location of the generated lockfile printed to the console. This can be copied to a stable directory. Note that if either `projectFile` or `nugetDeps` are unset, this script cannot be generated!
When packaging a new application, you need to fetch its dependencies. You can run `nix-build -A package.fetch-deps` to generate a script that will build a lockfile for you. After running the script you should have the location of the generated lockfile printed to the console, which can be copied to a stable directory. Then set `nugetDeps = ./deps.nix` and you're ready to build the derivation.
Here is an example `default.nix`, using some of the previously discussed arguments:
```nix

View file

@ -213,6 +213,10 @@ runCommand "my-package-test" {
A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, it can fail due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`.
`meta` attributes are not stored in the instantiated derivation.
Therefore, this setting may be lost when the package is used as a dependency.
To be effective, it must be presented directly to an evaluation process that handles the `meta.timeout` attribute.
### `hydraPlatforms` {#var-meta-hydraPlatforms}
The list of Nix platform types for which the Hydra instance at `hydra.nixos.org` will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g.

View file

@ -309,7 +309,7 @@ The attribute can also contain a list, a script followed by arguments to be pass
passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ];
```
The script will be run with `UPDATE_NIX_ATTR_PATH` environment variable set to the attribute path it is supposed to update.
The script will be run with the `UPDATE_NIX_NAME`, `UPDATE_NIX_PNAME`, `UPDATE_NIX_OLD_VERSION` and `UPDATE_NIX_ATTR_PATH` environment variables set respectively to the name, pname, old version and attribute path of the package it is supposed to update.
::: {.note}
The script will be usually run from the root of the Nixpkgs repository but you should not rely on that. Also note that the update scripts will be run in parallel by default; you should avoid running `git commit` or any other commands that cannot handle that.

View file

@ -23,6 +23,7 @@ let
# packaging
customisation = callLibs ./customisation.nix;
derivations = callLibs ./derivations.nix;
maintainers = import ../maintainers/maintainer-list.nix;
teams = callLibs ../maintainers/team-list.nix;
meta = callLibs ./meta.nix;
@ -108,6 +109,7 @@ let
inherit (self.customisation) overrideDerivation makeOverridable
callPackageWith callPackagesWith extendDerivation hydraJob
makeScope makeScopeWithSplicing;
inherit (self.derivations) lazyDerivation;
inherit (self.meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
hiPrioSet getLicenseFromSpdxId getExe;

101
third_party/nixpkgs/lib/derivations.nix vendored Normal file
View file

@ -0,0 +1,101 @@
{ lib }:
let
inherit (lib) throwIfNot;
in
{
/*
Restrict a derivation to a predictable set of attribute names, so
that the returned attrset is not strict in the actual derivation,
saving a lot of computation when the derivation is non-trivial.
This is useful in situations where a derivation might only be used for its
passthru attributes, improving evaluation performance.
The returned attribute set is lazy in `derivation`. Specifically, this
means that the derivation will not be evaluated in at least the
situations below.
For illustration and/or testing, we define derivation such that its
evaluation is very noticable.
let derivation = throw "This won't be evaluated.";
In the following expressions, `derivation` will _not_ be evaluated:
(lazyDerivation { inherit derivation; }).type
attrNames (lazyDerivation { inherit derivation; })
(lazyDerivation { inherit derivation; } // { foo = true; }).foo
(lazyDerivation { inherit derivation; meta.foo = true; }).meta
In these expressions, it `derivation` _will_ be evaluated:
"${lazyDerivation { inherit derivation }}"
(lazyDerivation { inherit derivation }).outPath
(lazyDerivation { inherit derivation }).meta
And the following expressions are not valid, because the refer to
implementation details and/or attributes that may not be present on
some derivations:
(lazyDerivation { inherit derivation }).buildInputs
(lazyDerivation { inherit derivation }).passthru
(lazyDerivation { inherit derivation }).pythonPath
*/
lazyDerivation =
args@{
# The derivation to be wrapped.
derivation
, # Optional meta attribute.
#
# While this function is primarily about derivations, it can improve
# the `meta` package attribute, which is usually specified through
# `mkDerivation`.
meta ? null
, # Optional extra values to add to the returned attrset.
#
# This can be used for adding package attributes, such as `tests`.
passthru ? { }
}:
let
# These checks are strict in `drv` and some `drv` attributes, but the
# attrset spine returned by lazyDerivation does not depend on it.
# Instead, the individual derivation attributes do depend on it.
checked =
throwIfNot (derivation.type or null == "derivation")
"lazySimpleDerivation: input must be a derivation."
throwIfNot
(derivation.outputs == [ "out" ])
# Supporting multiple outputs should be a matter of inheriting more attrs.
"The derivation ${derivation.name or "<unknown>"} has multiple outputs. This is not supported by lazySimpleDerivation yet. Support could be added, and be useful as long as the set of outputs is known in advance, without evaluating the actual derivation."
derivation;
in
{
# Hardcoded `type`
#
# `lazyDerivation` requires its `derivation` argument to be a derivation,
# so if it is not, that is a programming error by the caller and not
# something that `lazyDerivation` consumers should be able to correct
# for after the fact.
# So, to improve laziness, we assume correctness here and check it only
# when actual derivation values are accessed later.
type = "derivation";
# A fixed set of derivation values, so that `lazyDerivation` can return
# its attrset before evaluating `derivation`.
# This must only list attributes that are available on _all_ derivations.
inherit (checked) outputs out outPath outputName drvPath name system;
# The meta attribute can either be taken from the derivation, or if the
# `lazyDerivation` caller knew a shortcut, be taken from there.
meta = args.meta or checked.meta;
} // passthru;
}

View file

@ -103,6 +103,11 @@ in mkLicense lset) ({
fullName = "Apache License 2.0";
};
bola11 = {
url = "https://blitiri.com.ar/p/bola/";
fullName = "Buena Onda License Agreement 1.1";
};
boost = {
spdxId = "BSL-1.0";
fullName = "Boost Software License 1.0";

View file

@ -440,13 +440,14 @@ rec {
config = addFreeformType (addMeta (m.config or {}));
}
else
# shorthand syntax
lib.throwIfNot (isAttrs m) "module ${file} (${key}) does not look like a module."
{ _file = toString m._file or file;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.require or [] ++ m.imports or [];
options = {};
config = addFreeformType (addMeta (removeAttrs m ["_file" "key" "disabledModules" "require" "imports" "freeformType"]));
config = addFreeformType (removeAttrs m ["_file" "key" "disabledModules" "require" "imports" "freeformType"]);
};
applyModuleArgsIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
@ -720,6 +721,7 @@ rec {
inherit (res.defsFinal') highestPrio;
definitions = map (def: def.value) res.defsFinal;
files = map (def: def.file) res.defsFinal;
definitionsWithLocations = res.defsFinal;
inherit (res) isDefined;
# This allows options to be correctly displayed using `${options.path.to.it}`
__toString = _: showOption loc;

View file

@ -141,6 +141,14 @@ rec {
powerpc64le = "ppc64le";
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
# Name used by UEFI for architectures.
efiArch =
if final.isx86_32 then "ia32"
else if final.isx86_64 then "x64"
else if final.isAarch32 then "arm"
else if final.isAarch64 then "aa64"
else final.parsed.cpu.name;
darwinArch = {
armv7a = "armv7";
aarch64 = "arm64";

View file

@ -1207,6 +1207,59 @@ runTests {
expected = true;
};
# lazyDerivation
testLazyDerivationIsLazyInDerivationForAttrNames = {
expr = attrNames (lazyDerivation {
derivation = throw "not lazy enough";
});
# It's ok to add attribute names here when lazyDerivation is improved
# in accordance with its inline comments.
expected = [ "drvPath" "meta" "name" "out" "outPath" "outputName" "outputs" "system" "type" ];
};
testLazyDerivationIsLazyInDerivationForPassthruAttr = {
expr = (lazyDerivation {
derivation = throw "not lazy enough";
passthru.tests = "whatever is in tests";
}).tests;
expected = "whatever is in tests";
};
testLazyDerivationIsLazyInDerivationForPassthruAttr2 = {
# passthru.tests is not a special case. It works for any attr.
expr = (lazyDerivation {
derivation = throw "not lazy enough";
passthru.foo = "whatever is in foo";
}).foo;
expected = "whatever is in foo";
};
testLazyDerivationIsLazyInDerivationForMeta = {
expr = (lazyDerivation {
derivation = throw "not lazy enough";
meta = "whatever is in meta";
}).meta;
expected = "whatever is in meta";
};
testLazyDerivationReturnsDerivationAttrs = let
derivation = {
type = "derivation";
outputs = ["out"];
out = "test out";
outPath = "test outPath";
outputName = "out";
drvPath = "test drvPath";
name = "test name";
system = "test system";
meta = "test meta";
};
in {
expr = lazyDerivation { inherit derivation; };
expected = derivation;
};
testTypeDescriptionInt = {
expr = (with types; int).description;
expected = "signed integer";

View file

@ -58,6 +58,9 @@ checkConfigError() {
fi
}
# Shorthand meta attribute does not duplicate the config
checkConfigOutput '^"one two"$' config.result ./shorthand-meta.nix
# Check boolean option.
checkConfigOutput '^false$' config.enable ./declare-enable.nix
checkConfigError 'The option .* does not exist. Definition values:\n\s*- In .*: true' config.enable ./define-enable.nix

View file

@ -0,0 +1,19 @@
{ lib, ... }:
let
inherit (lib) types mkOption;
in
{
imports = [
({ config, ... }: {
options = {
meta.foo = mkOption {
type = types.listOf types.str;
};
result = mkOption { default = lib.concatStringsSep " " config.meta.foo; };
};
})
{
meta.foo = [ "one" "two" ];
}
];
}

View file

@ -119,8 +119,22 @@ rec {
# - "composite": a phrase with an "of" connective
# See the `optionDescriptionPhrase` function.
, descriptionClass ? null
, # Function applied to each definition that should return true if
# its type-correct, false otherwise.
, # DO NOT USE WITHOUT KNOWING WHAT YOU ARE DOING!
# Function applied to each definition that must return false when a definition
# does not match the type. It should not check more than the root of the value,
# because checking nested values reduces laziness, leading to unnecessary
# infinite recursions in the module system.
# Further checks of nested values should be performed by throwing in
# the merge function.
# Strict and deep type checking can be performed by calling lib.deepSeq on
# the merged value.
#
# See https://github.com/NixOS/nixpkgs/pull/6794 that introduced this change,
# https://github.com/NixOS/nixpkgs/pull/173568 and
# https://github.com/NixOS/nixpkgs/pull/168295 that attempted to revert this,
# https://github.com/NixOS/nixpkgs/issues/191124 and
# https://github.com/NixOS/nixos-search/issues/391 for what happens if you ignore
# this disclaimer.
check ? (x: true)
, # Merge a list of definitions together into a single value.
# This function is called with two arguments: the location of

View file

@ -641,7 +641,7 @@
};
alkeryn = {
email = "plbraundev@gmail.com";
github = "Alkeryn";
github = "alkeryn";
githubId = 11599075;
name = "Pierre-Louis Braun";
};
@ -1071,7 +1071,7 @@
};
arcticlimer = {
email = "vinigm.nho@gmail.com";
github = "arcticlimer";
github = "viniciusmuller";
githubId = 59743220;
name = "Vinícius Müller";
};
@ -2038,6 +2038,12 @@
githubId = 157330;
name = "Ben Burdette";
};
bwlang = {
email = "brad@langhorst.com";
github = "bwlang";
githubId = 61636;
name = "Brad Langhorst";
};
bzizou = {
email = "Bruno@bzizou.net";
github = "bzizou";
@ -2137,6 +2143,12 @@
githubId = 91694;
name = "Javier Candeira";
};
candyc1oud = {
email = "candyc1oud@outlook.com";
github = "candyc1oud";
githubId = 113157395;
name = "Candy Cloud";
};
canndrew = {
email = "shum@canndrew.org";
github = "canndrew";
@ -4107,7 +4119,7 @@
};
ersin = {
email = "me@ersinakinci.com";
github = "DesertDevErsin";
github = "ersinakinci";
githubId = 5427394;
name = "Ersin Akinci";
};
@ -5223,6 +5235,12 @@
fingerprint = "3F35 E4CA CBF4 2DE1 2E90 53E5 03A6 E6F7 8693 6619";
}];
};
harvidsen = {
email = "harvidsen@gmail.com";
github = "harvidsen";
githubId = 62279738;
name = "Håkon Arvidsen";
};
haslersn = {
email = "haslersn@fius.informatik.uni-stuttgart.de";
github = "haslersn";
@ -5476,6 +5494,13 @@
githubId = 25618740;
name = "Vincent Cui";
};
houstdav000 = {
email = "houstdav000@gmail.com";
github = "houstdav000";
githubId = 17628961;
matrix = "@houstdav000:gh0st.ems.host";
name = "David Houston";
};
hoverbear = {
email = "operator+nix@hoverbear.org";
matrix = "@hoverbear:matrix.org";
@ -6042,7 +6067,7 @@
jayesh-bhoot = {
name = "Jayesh Bhoot";
email = "jayesh@bhoot.sh";
github = "jayesh-bhoot";
github = "jayeshbhoot";
githubId = 1915507;
};
jb55 = {
@ -6533,7 +6558,7 @@
name = "Jona Enzinger";
email = "5xt3zyy5l@mozmail.com";
matrix = "@jona:matrix.jonaenz.de";
github = "jonaenz";
github = "JonaEnz";
githubId = 57130301;
keys = [{
fingerprint = "1CC5 B67C EB9A 13A5 EDF6 F10E 0B4A 3662 FC58 9202";
@ -6590,7 +6615,7 @@
};
joshvanl = {
email = " me@joshvanl.dev ";
github = "joshvanl";
github = "JoshVanL";
githubId = 15893072;
name = "Josh van Leeuwen";
};
@ -6825,9 +6850,6 @@
github = "jyooru";
githubId = 63786778;
name = "Joel";
keys = [{
fingerprint = "9148 DC9E F4D5 3EB6 A30E 8EF0 1855 0BD2 05E9 EF64";
}];
};
jyp = {
email = "jeanphilippe.bernardy@gmail.com";
@ -6847,12 +6869,6 @@
github = "k3a";
githubId = 966992;
};
k4leg = {
name = "k4leg";
email = "python.bogdan@gmail.com";
github = "k4leg";
githubId = 39882583;
};
k900 = {
name = "Ilya K.";
email = "me@0upti.me";
@ -8110,6 +8126,12 @@
githubId = 42545625;
name = "Maas Lalani";
};
maddiethecafebabe = {
email = "maddie@cafebabe.date";
github = "maddiethecafebabe";
githubId = 75337286;
name = "Madeline S.";
};
madjar = {
email = "georges.dubus@compiletoi.net";
github = "madjar";
@ -8283,7 +8305,7 @@
};
marsupialgutz = {
email = "mars@possums.xyz";
github = "marsupialgutz";
github = "pupbrained";
githubId = 33522919;
name = "Marshall Arruda";
};
@ -8594,6 +8616,13 @@
fingerprint = "D709 03C8 0BE9 ACDC 14F0 3BFB 77BF E531 397E DE94";
}];
};
meain = {
email = "mail@meain.io";
matrix = "@meain:matrix.org";
github = "meain";
githubId = 14259816;
name = "Abin Simon";
};
meatcar = {
email = "nixpkgs@denys.me";
github = "meatcar";
@ -9170,6 +9199,12 @@
githubId = 15896005;
name = "Vladyslav Burzakovskyy";
};
mrtarantoga = {
email = "goetz-dev@web.de";
name = "Götz Grimmer";
github = "MrTarantoga";
githubId = 53876219;
};
mrVanDalo = {
email = "contact@ingolf-wagner.de";
github = "mrVanDalo";
@ -9610,7 +9645,7 @@
};
NieDzejkob = {
email = "kuba@kadziolka.net";
github = "NieDzejkob";
github = "meithecatte";
githubId = 23580910;
name = "Jakub Kądziołka";
keys = [{
@ -10559,6 +10594,12 @@
githubId = 3737;
name = "Peter Jones";
};
pkharvey = {
email = "kayharvey@protonmail.com";
github = "pkharvey";
githubId = 50750875;
name = "Paul Harvey";
};
pkmx = {
email = "pkmx.tw@gmail.com";
github = "PkmX";
@ -11079,7 +11120,7 @@
};
ratsclub = {
email = "victor@freire.dev.br";
github = "ratsclub";
github = "vtrf";
githubId = 25647735;
name = "Victor Freire";
};
@ -13273,6 +13314,12 @@
githubId = 57180880;
name = "Ansh Tyagi";
};
therishidesai = {
email = "desai.rishi1@gmail.com";
github = "therishidesai";
githubId = 5409166;
name = "Rishi Desai";
};
thesola10 = {
email = "me@thesola.io";
github = "Thesola10";
@ -13284,7 +13331,7 @@
};
thetallestjj = {
email = "me+nixpkgs@jeroen-jetten.com";
github = "thetallestjj";
github = "TheTallestJJ";
githubId = 6579555;
name = "Jeroen Jetten";
};
@ -13636,6 +13683,12 @@
githubId = 9870613;
name = "Hubert Mühlhans";
};
trobert = {
email = "thibaut.robert@gmail.com";
github = "trobert";
githubId = 504580;
name = "Thibaut Robert";
};
troydm = {
email = "d.geurkov@gmail.com";
github = "troydm";
@ -13814,7 +13867,7 @@
};
urandom = {
email = "colin@urandom.co.uk";
github = "arnottcr";
github = "urandom2";
githubId = 2526260;
keys = [{
fingerprint = "04A3 A2C6 0042 784A AEA7 D051 0447 A663 F7F3 E236";
@ -13845,6 +13898,12 @@
githubId = 120451;
name = "Urban Skudnik";
};
usrfriendly = {
name = "Arin Lares";
email = "arinlares@gmail.com";
github = "usrfriendly";
githubId = 2502060;
};
utdemir = {
email = "me@utdemir.com";
github = "utdemir";
@ -13991,7 +14050,7 @@
name = "Dmitry Kalinkin";
};
victormignot = {
email = "victor.mignot@protonmail.com";
email = "root@victormignot.fr";
github = "victormignot";
githubId = 58660971;
name = "Victor Mignot";
@ -14418,7 +14477,7 @@
wrmilling = {
name = "Winston R. Milling";
email = "Winston@Milli.ng";
github = "WRMilling";
github = "wrmilling";
githubId = 6162814;
keys = [{
fingerprint = "21E1 6B8D 2EE8 7530 6A6C 9968 D830 77B9 9F8C 6643";
@ -14473,6 +14532,12 @@
github = "x3rAx";
githubId = 2268851;
};
xanderio = {
name = "Alexander Sieg";
email = "alex@xanderio.de";
github = "xanderio";
githubId = 6298052;
};
xaverdh = {
email = "hoe.dom@gmx.de";
github = "xaverdh";
@ -14585,7 +14650,7 @@
};
yana = {
email = "yana@riseup.net";
github = "sowelisuwi";
github = "yanalunaterra";
githubId = 1643293;
name = "Yana Timoshenko";
};
@ -15352,7 +15417,7 @@
yisuidenghua = {
email = "bileiner@gmail.com";
name = "Milena Yisui";
github = "yisuidenghua";
github = "YisuiDenghua";
githubId = 102890144;
};
macalinao = {

View file

@ -14,6 +14,7 @@ cqueues,,,,,,vcunat
cyrussasl,https://github.com/JorjBauer/lua-cyrussasl.git,,,,,
digestif,https://github.com/astoff/digestif.git,,,0.2-1,5.3,
dkjson,,,,,,
fennel,,,,,,misterio77
fifo,,,,,,
fluent,,,,,,alerque
gitsigns.nvim,https://github.com/lewis6991/gitsigns.nvim.git,,,,5.1,

1 name src ref server version luaversion maintainers
14 cyrussasl https://github.com/JorjBauer/lua-cyrussasl.git
15 digestif https://github.com/astoff/digestif.git 0.2-1 5.3
16 dkjson
17 fennel misterio77
18 fifo
19 fluent alerque
20 gitsigns.nvim https://github.com/lewis6991/gitsigns.nvim.git 5.1

View file

@ -52,7 +52,17 @@ async def run_update_script(nixpkgs_root: str, merge_lock: asyncio.Lock, temp_di
eprint(f" - {package['name']}: UPDATING ...")
try:
update_process = await check_subprocess('env', f"UPDATE_NIX_ATTR_PATH={package['attrPath']}", *update_script_command, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, cwd=worktree)
update_process = await check_subprocess(
'env',
f"UPDATE_NIX_NAME={package['name']}",
f"UPDATE_NIX_PNAME={package['pname']}",
f"UPDATE_NIX_OLD_VERSION={package['oldVersion']}",
f"UPDATE_NIX_ATTR_PATH={package['attrPath']}",
*update_script_command,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE,
cwd=worktree,
)
update_info = await update_process.stdout.read()
await merge_changes(merge_lock, package, update_info, temp_dir)

View file

@ -13,6 +13,8 @@
with pkgs;
let
inherit (lib) hasPrefix removePrefix;
lib = pkgs.lib;
docbook_xsl_ns = pkgs.docbook-xsl-ns.override {
@ -36,6 +38,33 @@ let
};
};
nixos-lib = import ../../lib { };
testOptionsDoc = let
eval = nixos-lib.evalTest {
# Avoid evaluating a NixOS config prototype.
config.node.type = lib.types.deferredModule;
options._module.args = lib.mkOption { internal = true; };
};
in buildPackages.nixosOptionsDoc {
inherit (eval) options;
inherit (revision);
transformOptions = opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree.
declarations =
map
(decl:
if hasPrefix (toString ../../..) (toString decl)
then
let subpath = removePrefix "/" (removePrefix (toString ../../..) (toString decl));
in { url = "https://github.com/NixOS/nixpkgs/blob/master/${subpath}"; name = subpath; }
else decl)
opt.declarations;
};
documentType = "none";
variablelistId = "test-options-list";
};
sources = lib.sourceFilesBySuffices ./. [".xml"];
modulesDoc = builtins.toFile "modules.xml" ''
@ -50,6 +79,7 @@ let
mkdir $out
ln -s ${modulesDoc} $out/modules.xml
ln -s ${optionsDoc.optionsDocBook} $out/options-db.xml
ln -s ${testOptionsDoc.optionsDocBook} $out/test-options-db.xml
printf "%s" "${version}" > $out/version
'';

View file

@ -24,6 +24,8 @@ back into the test driver command line upon its completion. This allows
you to inspect the state of the VMs after the test (e.g. to debug the
test script).
## Reuse VM state {#sec-nixos-test-reuse-vm-state}
You can re-use the VM states coming from a previous run by setting the
`--keep-vm-state` flag.
@ -33,3 +35,15 @@ $ ./result/bin/nixos-test-driver --keep-vm-state
The machine state is stored in the `$TMPDIR/vm-state-machinename`
directory.
## Interactive-only test configuration {#sec-nixos-test-interactive-configuration}
The `.driverInteractive` attribute combines the regular test configuration with
definitions from the [`interactive` submodule](#opt-interactive). This gives you
a more usable, graphical, but slightly different configuration.
You can add your own interactive-only test configuration by adding extra
configuration to the [`interactive` submodule](#opt-interactive).
To interactively run only the regular configuration, build the `<test>.driver` attribute
instead, and call it with the flag `result/bin/nixos-test-driver --interactive`.

View file

@ -2,22 +2,11 @@
You can run tests using `nix-build`. For example, to run the test
[`login.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix),
you just do:
you do:
```ShellSession
$ nix-build '<nixpkgs/nixos/tests/login.nix>'
```
or, if you don't want to rely on `NIX_PATH`:
```ShellSession
$ cd /my/nixpkgs/nixos/tests
$ nix-build login.nix
running the VM test script
machine: QEMU running (pid 8841)
6 out of 6 tests succeeded
$ cd /my/git/clone/of/nixpkgs
$ nix-build -A nixosTests.login
```
After building/downloading all required dependencies, this will perform

View file

@ -1,9 +1,9 @@
# Writing Tests {#sec-writing-nixos-tests}
A NixOS test is a Nix expression that has the following structure:
A NixOS test is a module that has the following structure:
```nix
import ./make-test-python.nix {
{
# One or more machines:
nodes =
@ -21,10 +21,13 @@ import ./make-test-python.nix {
}
```
The attribute `testScript` is a bit of Python code that executes the
We refer to the whole test above as a test module, whereas the values
in [`nodes.<name>`](#opt-nodes) are NixOS modules themselves.
The option [`testScript`](#opt-testScript) is a piece of Python code that executes the
test (described below). During the test, it will start one or more
virtual machines, the configuration of which is described by
the attribute `nodes`.
the option [`nodes`](#opt-nodes).
An example of a single-node test is
[`login.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix).
@ -34,7 +37,54 @@ when switching between consoles, and so on. An interesting multi-node test is
[`nfs/simple.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs/simple.nix).
It uses two client nodes to test correct locking across server crashes.
There are a few special NixOS configuration options for test VMs:
## Calling a test {#sec-calling-nixos-tests}
Tests are invoked differently depending on whether the test is part of NixOS or lives in a different project.
### Testing within NixOS {#sec-call-nixos-test-in-nixos}
Tests that are part of NixOS are added to [`nixos/tests/all-tests.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/all-tests.nix).
```nix
hostname = runTest ./hostname.nix;
```
Overrides can be added by defining an anonymous module in `all-tests.nix`.
```nix
hostname = runTest {
imports = [ ./hostname.nix ];
defaults.networking.firewall.enable = false;
};
```
You can run a test with attribute name `hostname` in `nixos/tests/all-tests.nix` by invoking:
```shell
cd /my/git/clone/of/nixpkgs
nix-build -A nixosTests.hostname
```
### Testing outside the NixOS project {#sec-call-nixos-test-outside-nixos}
Outside the `nixpkgs` repository, you can instantiate the test by first importing the NixOS library,
```nix
let nixos-lib = import (nixpkgs + "/nixos/lib") { };
in
nixos-lib.runTest {
imports = [ ./test.nix ];
hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
defaults.services.foo.package = mypkg;
}
```
`runTest` returns a derivation that runs the test.
## Configuring the nodes {#sec-nixos-test-nodes}
There are a few special NixOS options for test VMs:
`virtualisation.memorySize`
@ -121,7 +171,7 @@ The following methods are available on machine objects:
least one will be returned.
::: {.note}
This requires passing `enableOCR` to the test attribute set.
This requires [`enableOCR`](#opt-enableOCR) to be set to `true`.
:::
`get_screen_text`
@ -130,7 +180,7 @@ The following methods are available on machine objects:
machine\'s screen using optical character recognition.
::: {.note}
This requires passing `enableOCR` to the test attribute set.
This requires [`enableOCR`](#opt-enableOCR) to be set to `true`.
:::
`send_monitor_command`
@ -241,7 +291,7 @@ The following methods are available on machine objects:
`get_screen_text` and `get_screen_text_variants`).
::: {.note}
This requires passing `enableOCR` to the test attribute set.
This requires [`enableOCR`](#opt-enableOCR) to be set to `true`.
:::
`wait_for_console_text`
@ -304,7 +354,7 @@ For faster dev cycles it\'s also possible to disable the code-linters
(this shouldn\'t be commited though):
```nix
import ./make-test-python.nix {
{
skipLint = true;
nodes.machine =
{ config, pkgs, ... }:
@ -336,7 +386,7 @@ Similarly, the type checking of test scripts can be disabled in the following
way:
```nix
import ./make-test-python.nix {
{
skipTypeCheck = true;
nodes.machine =
{ config, pkgs, ... }:
@ -400,7 +450,6 @@ added using the parameter `extraPythonPackages`. For example, you could add
`numpy` like this:
```nix
import ./make-test-python.nix
{
extraPythonPackages = p: [ p.numpy ];
@ -417,3 +466,11 @@ import ./make-test-python.nix
```
In that case, `numpy` is chosen from the generic `python3Packages`.
## Test Options Reference {#sec-test-options-reference}
The following options can be used when writing tests.
```{=docbook}
<xi:include href="../../generated/test-options-db.xml" xpointer="test-options-list"/>
```

View file

@ -25,15 +25,40 @@ $ ./result/bin/nixos-test-driver
completion. This allows you to inspect the state of the VMs after
the test (e.g. to debug the test script).
</para>
<para>
You can re-use the VM states coming from a previous run by setting
the <literal>--keep-vm-state</literal> flag.
</para>
<programlisting>
<section xml:id="sec-nixos-test-reuse-vm-state">
<title>Reuse VM state</title>
<para>
You can re-use the VM states coming from a previous run by setting
the <literal>--keep-vm-state</literal> flag.
</para>
<programlisting>
$ ./result/bin/nixos-test-driver --keep-vm-state
</programlisting>
<para>
The machine state is stored in the
<literal>$TMPDIR/vm-state-machinename</literal> directory.
</para>
<para>
The machine state is stored in the
<literal>$TMPDIR/vm-state-machinename</literal> directory.
</para>
</section>
<section xml:id="sec-nixos-test-interactive-configuration">
<title>Interactive-only test configuration</title>
<para>
The <literal>.driverInteractive</literal> attribute combines the
regular test configuration with definitions from the
<link linkend="opt-interactive"><literal>interactive</literal>
submodule</link>. This gives you a more usable, graphical, but
slightly different configuration.
</para>
<para>
You can add your own interactive-only test configuration by adding
extra configuration to the
<link linkend="opt-interactive"><literal>interactive</literal>
submodule</link>.
</para>
<para>
To interactively run only the regular configuration, build the
<literal>&lt;test&gt;.driver</literal> attribute instead, and call
it with the flag
<literal>result/bin/nixos-test-driver --interactive</literal>.
</para>
</section>
</section>

View file

@ -4,22 +4,11 @@
You can run tests using <literal>nix-build</literal>. For example,
to run the test
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix"><literal>login.nix</literal></link>,
you just do:
you do:
</para>
<programlisting>
$ nix-build '&lt;nixpkgs/nixos/tests/login.nix&gt;'
</programlisting>
<para>
or, if you dont want to rely on <literal>NIX_PATH</literal>:
</para>
<programlisting>
$ cd /my/nixpkgs/nixos/tests
$ nix-build login.nix
running the VM test script
machine: QEMU running (pid 8841)
6 out of 6 tests succeeded
$ cd /my/git/clone/of/nixpkgs
$ nix-build -A nixosTests.login
</programlisting>
<para>
After building/downloading all required dependencies, this will

View file

@ -1,10 +1,10 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-writing-nixos-tests">
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="sec-writing-nixos-tests">
<title>Writing Tests</title>
<para>
A NixOS test is a Nix expression that has the following structure:
A NixOS test is a module that has the following structure:
</para>
<programlisting language="bash">
import ./make-test-python.nix {
{
# One or more machines:
nodes =
@ -22,10 +22,18 @@ import ./make-test-python.nix {
}
</programlisting>
<para>
The attribute <literal>testScript</literal> is a bit of Python code
that executes the test (described below). During the test, it will
start one or more virtual machines, the configuration of which is
described by the attribute <literal>nodes</literal>.
We refer to the whole test above as a test module, whereas the
values in
<link linkend="opt-nodes"><literal>nodes.&lt;name&gt;</literal></link>
are NixOS modules themselves.
</para>
<para>
The option
<link linkend="opt-testScript"><literal>testScript</literal></link>
is a piece of Python code that executes the test (described below).
During the test, it will start one or more virtual machines, the
configuration of which is described by the option
<link linkend="opt-nodes"><literal>nodes</literal></link>.
</para>
<para>
An example of a single-node test is
@ -38,78 +46,138 @@ import ./make-test-python.nix {
It uses two client nodes to test correct locking across server
crashes.
</para>
<para>
There are a few special NixOS configuration options for test VMs:
</para>
<variablelist>
<varlistentry>
<term>
<literal>virtualisation.memorySize</literal>
</term>
<listitem>
<para>
The memory of the VM in megabytes.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>virtualisation.vlans</literal>
</term>
<listitem>
<para>
The virtual networks to which the VM is connected. See
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nat.nix"><literal>nat.nix</literal></link>
for an example.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>virtualisation.writableStore</literal>
</term>
<listitem>
<para>
By default, the Nix store in the VM is not writable. If you
enable this option, a writable union file system is mounted on
top of the Nix store to make it appear writable. This is
necessary for tests that run Nix operations that modify the
store.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
For more options, see the module
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix"><literal>qemu-vm.nix</literal></link>.
</para>
<para>
The test script is a sequence of Python statements that perform
various actions, such as starting VMs, executing commands in the
VMs, and so on. Each virtual machine is represented as an object
stored in the variable <literal>name</literal> if this is also the
identifier of the machine in the declarative config. If you
specified a node <literal>nodes.machine</literal>, the following
example starts the machine, waits until it has finished booting,
then executes a command and checks that the output is more-or-less
correct:
</para>
<programlisting language="python">
<section xml:id="sec-calling-nixos-tests">
<title>Calling a test</title>
<para>
Tests are invoked differently depending on whether the test is
part of NixOS or lives in a different project.
</para>
<section xml:id="sec-call-nixos-test-in-nixos">
<title>Testing within NixOS</title>
<para>
Tests that are part of NixOS are added to
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/all-tests.nix"><literal>nixos/tests/all-tests.nix</literal></link>.
</para>
<programlisting language="bash">
hostname = runTest ./hostname.nix;
</programlisting>
<para>
Overrides can be added by defining an anonymous module in
<literal>all-tests.nix</literal>.
</para>
<programlisting language="bash">
hostname = runTest {
imports = [ ./hostname.nix ];
defaults.networking.firewall.enable = false;
};
</programlisting>
<para>
You can run a test with attribute name
<literal>hostname</literal> in
<literal>nixos/tests/all-tests.nix</literal> by invoking:
</para>
<programlisting>
cd /my/git/clone/of/nixpkgs
nix-build -A nixosTests.hostname
</programlisting>
</section>
<section xml:id="sec-call-nixos-test-outside-nixos">
<title>Testing outside the NixOS project</title>
<para>
Outside the <literal>nixpkgs</literal> repository, you can
instantiate the test by first importing the NixOS library,
</para>
<programlisting language="bash">
let nixos-lib = import (nixpkgs + &quot;/nixos/lib&quot;) { };
in
nixos-lib.runTest {
imports = [ ./test.nix ];
hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
defaults.services.foo.package = mypkg;
}
</programlisting>
<para>
<literal>runTest</literal> returns a derivation that runs the
test.
</para>
</section>
</section>
<section xml:id="sec-nixos-test-nodes">
<title>Configuring the nodes</title>
<para>
There are a few special NixOS options for test VMs:
</para>
<variablelist>
<varlistentry>
<term>
<literal>virtualisation.memorySize</literal>
</term>
<listitem>
<para>
The memory of the VM in megabytes.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>virtualisation.vlans</literal>
</term>
<listitem>
<para>
The virtual networks to which the VM is connected. See
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nat.nix"><literal>nat.nix</literal></link>
for an example.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>virtualisation.writableStore</literal>
</term>
<listitem>
<para>
By default, the Nix store in the VM is not writable. If you
enable this option, a writable union file system is mounted
on top of the Nix store to make it appear writable. This is
necessary for tests that run Nix operations that modify the
store.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
For more options, see the module
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix"><literal>qemu-vm.nix</literal></link>.
</para>
<para>
The test script is a sequence of Python statements that perform
various actions, such as starting VMs, executing commands in the
VMs, and so on. Each virtual machine is represented as an object
stored in the variable <literal>name</literal> if this is also the
identifier of the machine in the declarative config. If you
specified a node <literal>nodes.machine</literal>, the following
example starts the machine, waits until it has finished booting,
then executes a command and checks that the output is more-or-less
correct:
</para>
<programlisting language="python">
machine.start()
machine.wait_for_unit(&quot;default.target&quot;)
if not &quot;Linux&quot; in machine.succeed(&quot;uname&quot;):
raise Exception(&quot;Wrong OS&quot;)
</programlisting>
<para>
The first line is technically unnecessary; machines are implicitly
started when you first execute an action on them (such as
<literal>wait_for_unit</literal> or <literal>succeed</literal>). If
you have multiple machines, you can speed up the test by starting
them in parallel:
</para>
<programlisting language="python">
<para>
The first line is technically unnecessary; machines are implicitly
started when you first execute an action on them (such as
<literal>wait_for_unit</literal> or <literal>succeed</literal>).
If you have multiple machines, you can speed up the test by
starting them in parallel:
</para>
<programlisting language="python">
start_all()
</programlisting>
</section>
<section xml:id="ssec-machine-objects">
<title>Machine objects</title>
<para>
@ -194,8 +262,9 @@ start_all()
</para>
<note>
<para>
This requires passing <literal>enableOCR</literal> to the
test attribute set.
This requires
<link linkend="opt-enableOCR"><literal>enableOCR</literal></link>
to be set to <literal>true</literal>.
</para>
</note>
</listitem>
@ -211,8 +280,9 @@ start_all()
</para>
<note>
<para>
This requires passing <literal>enableOCR</literal> to the
test attribute set.
This requires
<link linkend="opt-enableOCR"><literal>enableOCR</literal></link>
to be set to <literal>true</literal>.
</para>
</note>
</listitem>
@ -451,8 +521,9 @@ start_all()
</para>
<note>
<para>
This requires passing <literal>enableOCR</literal> to the
test attribute set.
This requires
<link linkend="opt-enableOCR"><literal>enableOCR</literal></link>
to be set to <literal>true</literal>.
</para>
</note>
</listitem>
@ -563,7 +634,7 @@ machine.wait_for_unit(&quot;xautolock.service&quot;, &quot;x-session-user&quot;)
code-linters (this shouldn't be commited though):
</para>
<programlisting language="bash">
import ./make-test-python.nix {
{
skipLint = true;
nodes.machine =
{ config, pkgs, ... }:
@ -595,7 +666,7 @@ import ./make-test-python.nix {
the following way:
</para>
<programlisting language="bash">
import ./make-test-python.nix {
{
skipTypeCheck = true;
nodes.machine =
{ config, pkgs, ... }:
@ -669,7 +740,6 @@ def foo_running():
<literal>numpy</literal> like this:
</para>
<programlisting language="bash">
import ./make-test-python.nix
{
extraPythonPackages = p: [ p.numpy ];
@ -689,4 +759,11 @@ import ./make-test-python.nix
<literal>python3Packages</literal>.
</para>
</section>
<section xml:id="sec-test-options-reference">
<title>Test Options Reference</title>
<para>
The following options can be used when writing tests.
</para>
<xi:include href="../../generated/test-options-db.xml" xpointer="test-options-list"/>
</section>
</section>

View file

@ -142,6 +142,13 @@
OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
</para>
</listitem>
<listitem>
<para>
An image configuration and generator has been added for Linode
images, largely based on the present GCE configuration and
image.
</para>
</listitem>
<listitem>
<para>
<literal>hardware.nvidia</literal> has a new option
@ -210,6 +217,14 @@
<link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/prymitive/kthxbye">kthxbye</link>,
an alert acknowledgement management daemon for Prometheus
Alertmanager. Available as
<link xlink:href="options.html#opt-services.kthxbye.enable">services.kthxbye</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/jtroo/kanata">kanata</link>,
@ -225,6 +240,13 @@
<link xlink:href="options.html#opt-services.languagetool.enable">services.languagetool</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master">OpenRGB</link>,
a FOSS tool for controlling RGB lighting. Available as
<link xlink:href="options.html#opt-services-hardware-openrgb-enable">services.hardware.openrgb.enable</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.getoutline.com/">Outline</link>,
@ -270,6 +292,13 @@
<link linkend="opt-services.dolibarr.enable">services.dolibarr</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://freshrss.org/">FreshRSS</link>, a
free, self-hostable RSS feed aggregator. Available as
<link linkend="opt-services.freshrss.enable">services.freshrss</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.expressvpn.com">expressvpn</link>,
@ -474,6 +503,14 @@
maintainer to update the package.
</para>
</listitem>
<listitem>
<para>
The (previously undocumented) Nixpkgs configuration option
<literal>checkMeta</literal> now defaults to
<literal>true</literal>. This may cause evaluation failures
for packages with incorrect <literal>meta</literal> attribute.
</para>
</listitem>
<listitem>
<para>
xow package removed along with the
@ -617,6 +654,12 @@
guide</link> on how to migrate your Neo4j instance.
</para>
</listitem>
<listitem>
<para>
The <literal>networking.wireguard</literal> module now can set
the mtu on interfaces and tag its packets with an fwmark.
</para>
</listitem>
<listitem>
<para>
The <literal>services.matrix-synapse</literal> systemd unit
@ -694,6 +737,21 @@
Add udev rules for the Teensy family of microcontrollers.
</para>
</listitem>
<listitem>
<para>
systemd-oomd is enabled by default. Depending on which systemd
units have <literal>ManagedOOMSwap=kill</literal> or
<literal>ManagedOOMMemoryPressure=kill</literal>, systemd-oomd
will SIGKILL all the processes under the appropriate
descendant cgroups when the configured limits are exceeded.
NixOS does currently not configure cgroups with oomd by
default, this can be enabled using
<link xlink:href="options.html#opt-systemd.oomd.enableRootSlice">systemd.oomd.enableRootSlice</link>,
<link xlink:href="options.html#opt-systemd.oomd.enableSystemSlice">systemd.oomd.enableSystemSlice</link>,
and
<link xlink:href="options.html#opt-systemd.oomd.enableUserServices">systemd.oomd.enableUserServices</link>.
</para>
</listitem>
<listitem>
<para>
The <literal>pass-secret-service</literal> package now
@ -734,6 +792,18 @@
which no longer has a downgrade path to releases 1.2 or older.
</para>
</listitem>
<listitem>
<para>
The <literal>nodePackages</literal> package set now defaults
to the LTS release in the <literal>nodejs</literal> package
again, instead of being pinned to
<literal>nodejs-14_x</literal>. Several updates to node2nix
have been made for compatibility with newer Node.js and npm
versions and a new <literal>postRebuild</literal> hook has
been added for packages to perform extra build steps before
the npm install step prunes dev dependencies.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -57,6 +57,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
- An image configuration and generator has been added for Linode images, largely based on the present GCE configuration and image.
- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -77,12 +79,16 @@ In addition to numerous new and upgraded packages, this release has the followin
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
Available as [services.infnoise](options.html#opt-services.infnoise.enable).
- [kthxbye](https://github.com/prymitive/kthxbye), an alert acknowledgement management daemon for Prometheus Alertmanager. Available as [services.kthxbye](options.html#opt-services.kthxbye.enable)
- [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization.
Available as [services.kanata](options.html#opt-services.kanata.enable).
- [languagetool](https://languagetool.org/), a multilingual grammar, style, and spell checker.
Available as [services.languagetool](options.html#opt-services.languagetool.enable).
- [OpenRGB](https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master), a FOSS tool for controlling RGB lighting. Available as [services.hardware.openrgb.enable](options.html#opt-services-hardware-openrgb-enable).
- [Outline](https://www.getoutline.com/), a wiki and knowledge base similar to Notion. Available as [services.outline](#opt-services.outline.enable).
- [alps](https://git.sr.ht/~migadu/alps), a simple and extensible webmail. Available as [services.alps](#opt-services.alps.enable).
@ -96,6 +102,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Dolibarr](https://www.dolibarr.org/), an enterprise resource planning and customer relationship manager. Enable using [services.dolibarr](#opt-services.dolibarr.enable).
- [FreshRSS](https://freshrss.org/), a free, self-hostable RSS feed aggregator. Available as [services.freshrss](#opt-services.freshrss.enable).
- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
- [go-autoconfig](https://github.com/L11R/go-autoconfig), IMAP/SMTP autodiscover server. Available as [services.go-autoconfig](#opt-services.go-autoconfig.enable).
@ -164,6 +172,9 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- riak package removed along with `services.riak` module, due to lack of maintainer to update the package.
- The (previously undocumented) Nixpkgs configuration option `checkMeta` now defaults to `true`. This may cause evaluation
failures for packages with incorrect `meta` attribute.
- xow package removed along with the `hardware.xow` module, due to the project being deprecated in favor of `xone`, which is available via the `hardware.xone` module.
- dd-agent package removed along with the `services.dd-agent` module, due to the project being deprecated in favor of `datadog-agent`, which is available via the `services.datadog-agent` module.
@ -208,6 +219,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.
- The `networking.wireguard` module now can set the mtu on interfaces and tag its packets with an fwmark.
- The `services.matrix-synapse` systemd unit has been hardened.
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
@ -228,6 +241,15 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- Add udev rules for the Teensy family of microcontrollers.
- systemd-oomd is enabled by default. Depending on which systemd units have
`ManagedOOMSwap=kill` or `ManagedOOMMemoryPressure=kill`, systemd-oomd will
SIGKILL all the processes under the appropriate descendant cgroups when the
configured limits are exceeded. NixOS does currently not configure cgroups
with oomd by default, this can be enabled using
[systemd.oomd.enableRootSlice](options.html#opt-systemd.oomd.enableRootSlice),
[systemd.oomd.enableSystemSlice](options.html#opt-systemd.oomd.enableSystemSlice),
and [systemd.oomd.enableUserServices](options.html#opt-systemd.oomd.enableUserServices).
- The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.
- There is a new module for AMD SEV CPU functionality, which grants access to the hardware.
@ -238,4 +260,6 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `nomad` package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older.
- The `nodePackages` package set now defaults to the LTS release in the `nodejs` package again, instead of being pinned to `nodejs-14_x`. Several updates to node2nix have been made for compatibility with newer Node.js and npm versions and a new `postRebuild` hook has been added for packages to perform extra build steps before the npm install step prunes dev dependencies.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -1,113 +0,0 @@
{ system
, # Use a minimal kernel?
minimal ? false
, # Ignored
config ? null
, # Nixpkgs, for qemu, lib and more
pkgs, lib
, # !!! See comment about args in lib/modules.nix
specialArgs ? {}
, # NixOS configuration to add to the VMs
extraConfigurations ? []
}:
with lib;
rec {
inherit pkgs;
# Build a virtual network from an attribute set `{ machine1 =
# config1; ... machineN = configN; }', where `machineX' is the
# hostname and `configX' is a NixOS system configuration. Each
# machine is given an arbitrary IP address in the virtual network.
buildVirtualNetwork =
nodes: let nodesOut = mapAttrs (n: buildVM nodesOut) (assignIPAddresses nodes); in nodesOut;
buildVM =
nodes: configurations:
import ./eval-config.nix {
inherit system specialArgs;
modules = configurations ++ extraConfigurations;
baseModules = (import ../modules/module-list.nix) ++
[ ../modules/virtualisation/qemu-vm.nix
../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
{ key = "no-manual"; documentation.nixos.enable = false; }
{ key = "no-revision";
# Make the revision metadata constant, in order to avoid needless retesting.
# The human version (e.g. 21.05-pre) is left as is, because it is useful
# for external modules that test with e.g. testers.nixosTest and rely on that
# version number.
config.system.nixos.revision = mkForce "constant-nixos-revision";
}
{ key = "nodes"; _module.args.nodes = nodes; }
] ++ optional minimal ../modules/testing/minimal-kernel.nix;
};
# Given an attribute set { machine1 = config1; ... machineN =
# configN; }, sequentially assign IP addresses in the 192.168.1.0/24
# range to each machine, and set the hostname to the attribute name.
assignIPAddresses = nodes:
let
machines = attrNames nodes;
machinesNumbered = zipLists machines (range 1 254);
nodes_ = forEach machinesNumbered (m: nameValuePair m.fst
[ ( { config, nodes, ... }:
let
interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255);
interfaces = forEach interfacesNumbered ({ fst, snd }:
nameValuePair "eth${toString snd}" { ipv4.addresses =
[ { address = "192.168.${toString fst}.${toString m.snd}";
prefixLength = 24;
} ];
});
networkConfig =
{ networking.hostName = mkDefault m.fst;
networking.interfaces = listToAttrs interfaces;
networking.primaryIPAddress =
optionalString (interfaces != []) (head (head interfaces).value.ipv4.addresses).address;
# Put the IP addresses of all VMs in this machine's
# /etc/hosts file. If a machine has multiple
# interfaces, use the IP address corresponding to
# the first interface (i.e. the first network in its
# virtualisation.vlans option).
networking.extraHosts = flip concatMapStrings machines
(m': let config = (getAttr m' nodes).config; in
optionalString (config.networking.primaryIPAddress != "")
("${config.networking.primaryIPAddress} " +
optionalString (config.networking.domain != null)
"${config.networking.hostName}.${config.networking.domain} " +
"${config.networking.hostName}\n"));
virtualisation.qemu.options =
let qemu-common = import ../lib/qemu-common.nix { inherit lib pkgs; };
in flip concatMap interfacesNumbered
({ fst, snd }: qemu-common.qemuNICFlags snd fst m.snd);
};
in
{ key = "ip-address";
config = networkConfig // {
# Expose the networkConfig items for tests like nixops
# that need to recreate the network config.
system.build.networkConfig = networkConfig;
};
}
)
(getAttr m.fst nodes)
] );
in listToAttrs nodes_;
}

View file

@ -21,6 +21,8 @@ let
seqAttrsIf = cond: a: lib.mapAttrs (_: v: seqIf cond a v);
eval-config-minimal = import ./eval-config-minimal.nix { inherit lib; };
testing-lib = import ./testing/default.nix { inherit lib; };
in
/*
This attribute set appears as lib.nixos in the flake, or can be imported
@ -30,4 +32,10 @@ in
inherit (seqAttrsIf (!featureFlags?minimalModules) minimalModulesWarning eval-config-minimal)
evalModules
;
inherit (testing-lib)
evalTest
runTest
;
}

View file

@ -17,6 +17,8 @@ evalConfigArgs@
# be set modularly anyway.
pkgs ? null
, # !!! what do we gain by making this configurable?
# we can add modules that are included in specialisations, regardless
# of inheritParentConfig.
baseModules ? import ../modules/module-list.nix
, # !!! See comment about args in lib/modules.nix
extraArgs ? {}

View file

@ -259,20 +259,24 @@ def is_docbook(o, key):
# check that every option has a description
hasWarnings = False
hasErrors = False
hasDocBookErrors = False
for (k, v) in options.items():
if errorOnDocbook:
if isinstance(v.value.get('description', {}), str):
hasErrors = True
hasDocBookErrors = True
print(
f"\x1b[1;31merror: option {v.name} description uses DocBook\x1b[0m",
file=sys.stderr)
elif is_docbook(v.value, 'defaultText'):
hasErrors = True
hasDocBookErrors = True
print(
f"\x1b[1;31merror: option {v.name} default uses DocBook\x1b[0m",
file=sys.stderr)
elif is_docbook(v.value, 'example'):
hasErrors = True
hasDocBookErrors = True
print(
f"\x1b[1;31merror: option {v.name} example uses DocBook\x1b[0m",
file=sys.stderr)
@ -287,6 +291,20 @@ for (k, v) in options.items():
f"\x1b[1;31m{severity}: option {v.name} has no type. Please specify a valid type, see " +
"https://nixos.org/manual/nixos/stable/index.html#sec-option-types\x1b[0m", file=sys.stderr)
if hasDocBookErrors:
print("Explanation: The documentation contains descriptions, examples, or defaults written in DocBook. " +
"NixOS is in the process of migrating from DocBook to Markdown, and " +
"DocBook is disallowed for in-tree modules. To change your contribution to "+
"use Markdown, apply mdDoc and literalMD. For example:\n" +
"\n" +
" example.foo = mkOption {\n" +
" description = lib.mdDoc ''your description'';\n" +
" defaultText = lib.literalMD ''your description of default'';\n" +
" }\n" +
"\n" +
" example.enable = mkEnableOption (lib.mdDoc ''your thing'');",
file = sys.stderr)
if hasErrors:
sys.exit(1)
if hasWarnings and warningsAreErrors:

View file

@ -22,7 +22,7 @@
# Extra tar arguments
, extraArgs ? ""
# Command used for compression
, compressCommand ? "pixz"
, compressCommand ? "pixz -t"
# Extension for the compressed tarball
, compressionExtension ? ".xz"
# extra inputs, like the compressor to use

View file

@ -12,159 +12,22 @@
with pkgs;
let
nixos-lib = import ./default.nix { inherit (pkgs) lib; };
in
rec {
inherit pkgs;
# Run an automated test suite in the given virtual network.
runTests = { driver, driverInteractive, pos }:
stdenv.mkDerivation {
name = "vm-test-run-${driver.testName}";
evalTest = module: nixos-lib.evalTest { imports = [ extraTestModule module ]; };
runTest = module: nixos-lib.runTest { imports = [ extraTestModule module ]; };
requiredSystemFeatures = [ "kvm" "nixos-test" ];
buildCommand =
''
mkdir -p $out
# effectively mute the XMLLogger
export LOGFILE=/dev/null
${driver}/bin/nixos-test-driver -o $out
'';
passthru = driver.passthru // {
inherit driver driverInteractive;
};
inherit pos; # for better debugging
extraTestModule = {
config = {
hostPkgs = pkgs;
};
# Generate convenience wrappers for running the test driver
# has vlans, vms and test script defaulted through env variables
# also instantiates test script with nodes, if it's a function (contract)
setupDriverForTest = {
testScript
, testName
, nodes
, qemu_pkg ? pkgs.qemu_test
, enableOCR ? false
, skipLint ? false
, skipTypeCheck ? false
, passthru ? {}
, interactive ? false
, extraPythonPackages ? (_ :[])
}:
let
# Reifies and correctly wraps the python test driver for
# the respective qemu version and with or without ocr support
testDriver = pkgs.callPackage ./test-driver {
inherit enableOCR extraPythonPackages;
qemu_pkg = qemu_test;
imagemagick_light = imagemagick_light.override { inherit libtiff; };
tesseract4 = tesseract4.override { enableLanguages = [ "eng" ]; };
};
testDriverName =
let
# A standard store path to the vm monitor is built like this:
# /tmp/nix-build-vm-test-run-$name.drv-0/vm-state-machine/monitor
# The max filename length of a unix domain socket is 108 bytes.
# This means $name can at most be 50 bytes long.
maxTestNameLen = 50;
testNameLen = builtins.stringLength testName;
in with builtins;
if testNameLen > maxTestNameLen then
abort
("The name of the test '${testName}' must not be longer than ${toString maxTestNameLen} " +
"it's currently ${toString testNameLen} characters long.")
else
"nixos-test-driver-${testName}";
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
nodeHostNames = let
nodesList = map (c: c.config.system.name) (lib.attrValues nodes);
in nodesList ++ lib.optional (lib.length nodesList == 1 && !lib.elem "machine" nodesList) "machine";
# TODO: This is an implementation error and needs fixing
# the testing famework cannot legitimately restrict hostnames further
# beyond RFC1035
invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null)
nodeHostNames;
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;
uniqueVlans = lib.unique (builtins.concatLists vlans);
vlanNames = map (i: "vlan${toString i}: VLan;") uniqueVlans;
machineNames = map (name: "${name}: Machine;") nodeHostNames;
in
if lib.length invalidNodeNames > 0 then
throw ''
Cannot create machines out of (${lib.concatStringsSep ", " invalidNodeNames})!
All machines are referenced as python variables in the testing framework which will break the
script when special characters are used.
This is an IMPLEMENTATION ERROR and needs to be fixed. Meanwhile,
please stick to alphanumeric chars and underscores as separation.
''
else lib.warnIf skipLint "Linting is disabled" (runCommand testDriverName
{
inherit testName;
nativeBuildInputs = [ makeWrapper mypy ];
buildInputs = [ testDriver ];
testScript = testScript';
preferLocalBuild = true;
passthru = passthru // {
inherit nodes;
};
meta.mainProgram = "nixos-test-driver";
}
''
mkdir -p $out/bin
vmStartScripts=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
${lib.optionalString (!skipTypeCheck) ''
# prepend type hints so the test script can be type checked with mypy
cat "${./test-script-prepend.py}" >> testScriptWithTypes
echo "${builtins.toString machineNames}" >> testScriptWithTypes
echo "${builtins.toString vlanNames}" >> testScriptWithTypes
echo -n "$testScript" >> testScriptWithTypes
mypy --no-implicit-optional \
--pretty \
--no-color-output \
testScriptWithTypes
''}
echo -n "$testScript" >> $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-test-driver
${testDriver}/bin/generate-driver-symbols
${lib.optionalString (!skipLint) ''
PYFLAKES_BUILTINS="$(
echo -n ${lib.escapeShellArg (lib.concatStringsSep "," nodeHostNames)},
< ${lib.escapeShellArg "driver-symbols"}
)" ${python3Packages.pyflakes}/bin/pyflakes $out/test-script
''}
# set defaults through environment
# see: ./test-driver/test-driver.py argparse implementation
wrapProgram $out/bin/nixos-test-driver \
--set startScripts "''${vmStartScripts[*]}" \
--set testScript "$out/test-script" \
--set vlans '${toString vlans}' \
${lib.optionalString (interactive) "--add-flags --interactive"}
'');
};
# Make a full-blown test
makeTest =
@ -184,90 +47,19 @@ rec {
then builtins.unsafeGetAttrPos "description" meta
else builtins.unsafeGetAttrPos "testScript" t)
, extraPythonPackages ? (_ : [])
, interactive ? {}
} @ t:
let
mkNodes = qemu_pkg:
let
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { nodes = mkNodes qemu_pkg; }
else testScript;
build-vms = import ./build-vms.nix {
inherit system lib pkgs minimal specialArgs;
extraConfigurations = extraConfigurations ++ [(
{ config, ... }:
{
virtualisation.qemu.package = qemu_pkg;
# Make sure all derivations referenced by the test
# script are available on the nodes. When the store is
# accessed through 9p, this isn't important, since
# everything in the store is available to the guest,
# but when building a root image it is, as all paths
# that should be available to the guest has to be
# copied to the image.
virtualisation.additionalPaths =
lib.optional
# A testScript may evaluate nodes, which has caused
# infinite recursions. The demand cycle involves:
# testScript -->
# nodes -->
# toplevel -->
# additionalPaths -->
# hasContext testScript' -->
# testScript (ad infinitum)
# If we don't need to build an image, we can break this
# cycle by short-circuiting when useNixStoreImage is false.
(config.virtualisation.useNixStoreImage && builtins.hasContext testScript')
(pkgs.writeStringReferencesToFile testScript');
# Ensure we do not use aliases. Ideally this is only set
# when the test framework is used by Nixpkgs NixOS tests.
nixpkgs.config.allowAliases = false;
}
)];
};
in
lib.warnIf (t?machine) "In test `${name}': The `machine' attribute in NixOS tests (pkgs.nixosTest / make-test-python.nix / testing-python.nix / makeTest) is deprecated. Please use the equivalent `nodes.machine'."
build-vms.buildVirtualNetwork (
nodes // lib.optionalAttrs (machine != null) { inherit machine; }
);
driver = setupDriverForTest {
inherit testScript enableOCR skipTypeCheck skipLint passthru extraPythonPackages;
testName = name;
qemu_pkg = pkgs.qemu_test;
nodes = mkNodes pkgs.qemu_test;
};
driverInteractive = setupDriverForTest {
inherit testScript enableOCR skipTypeCheck skipLint passthru extraPythonPackages;
testName = name;
qemu_pkg = pkgs.qemu;
nodes = mkNodes pkgs.qemu;
interactive = true;
};
test = lib.addMetaAttrs meta (runTests { inherit driver pos driverInteractive; });
in
test // {
inherit test driver driverInteractive;
inherit (driver) nodes;
};
abortForFunction = functionName: abort ''The ${functionName} function was
removed because it is not an essential part of the NixOS testing
infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated
maintainer. You are free to reintroduce it by documenting it in the manual
and adding yourself as maintainer. It was removed in
https://github.com/NixOS/nixpkgs/pull/137013
'';
runInMachine = abortForFunction "runInMachine";
runInMachineWithX = abortForFunction "runInMachineWithX";
(evalTest {
imports = [
{ _file = "makeTest parameters"; config = t; }
{
defaults = {
_file = "makeTest: extraConfigurations";
imports = extraConfigurations;
};
}
];
}).config;
simpleTest = as: (makeTest as).test;

View file

@ -0,0 +1,12 @@
{ config, lib, ... }:
let
inherit (lib) mkOption types;
in
{
options = {
result = mkOption {
internal = true;
default = config;
};
};
}

View file

@ -0,0 +1,24 @@
{ lib }:
let
evalTest = module: lib.evalModules { modules = testModules ++ [ module ]; };
runTest = module: (evalTest ({ config, ... }: { imports = [ module ]; result = config.test; })).config.result;
testModules = [
./call-test.nix
./driver.nix
./interactive.nix
./legacy.nix
./meta.nix
./name.nix
./network.nix
./nodes.nix
./pkgs.nix
./run.nix
./testScript.nix
];
in
{
inherit evalTest runTest testModules;
}

View file

@ -0,0 +1,188 @@
{ config, lib, hostPkgs, ... }:
let
inherit (lib) mkOption types literalMD mdDoc;
# Reifies and correctly wraps the python test driver for
# the respective qemu version and with or without ocr support
testDriver = hostPkgs.callPackage ../test-driver {
inherit (config) enableOCR extraPythonPackages;
qemu_pkg = config.qemu.package;
imagemagick_light = hostPkgs.imagemagick_light.override { inherit (hostPkgs) libtiff; };
tesseract4 = hostPkgs.tesseract4.override { enableLanguages = [ "eng" ]; };
};
vlans = map (m: m.virtualisation.vlans) (lib.attrValues config.nodes);
vms = map (m: m.system.build.vm) (lib.attrValues config.nodes);
nodeHostNames =
let
nodesList = map (c: c.system.name) (lib.attrValues config.nodes);
in
nodesList ++ lib.optional (lib.length nodesList == 1 && !lib.elem "machine" nodesList) "machine";
# TODO: This is an implementation error and needs fixing
# the testing famework cannot legitimately restrict hostnames further
# beyond RFC1035
invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null)
nodeHostNames;
uniqueVlans = lib.unique (builtins.concatLists vlans);
vlanNames = map (i: "vlan${toString i}: VLan;") uniqueVlans;
machineNames = map (name: "${name}: Machine;") nodeHostNames;
withChecks =
if lib.length invalidNodeNames > 0 then
throw ''
Cannot create machines out of (${lib.concatStringsSep ", " invalidNodeNames})!
All machines are referenced as python variables in the testing framework which will break the
script when special characters are used.
This is an IMPLEMENTATION ERROR and needs to be fixed. Meanwhile,
please stick to alphanumeric chars and underscores as separation.
''
else
lib.warnIf config.skipLint "Linting is disabled";
driver =
hostPkgs.runCommand "nixos-test-driver-${config.name}"
{
# inherit testName; TODO (roberth): need this?
nativeBuildInputs = [
hostPkgs.makeWrapper
] ++ lib.optionals (!config.skipTypeCheck) [ hostPkgs.mypy ];
buildInputs = [ testDriver ];
testScript = config.testScriptString;
preferLocalBuild = true;
passthru = config.passthru;
meta = config.meta // {
mainProgram = "nixos-test-driver";
};
}
''
mkdir -p $out/bin
vmStartScripts=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
${lib.optionalString (!config.skipTypeCheck) ''
# prepend type hints so the test script can be type checked with mypy
cat "${../test-script-prepend.py}" >> testScriptWithTypes
echo "${builtins.toString machineNames}" >> testScriptWithTypes
echo "${builtins.toString vlanNames}" >> testScriptWithTypes
echo -n "$testScript" >> testScriptWithTypes
cat -n testScriptWithTypes
mypy --no-implicit-optional \
--pretty \
--no-color-output \
testScriptWithTypes
''}
echo -n "$testScript" >> $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-test-driver
${testDriver}/bin/generate-driver-symbols
${lib.optionalString (!config.skipLint) ''
PYFLAKES_BUILTINS="$(
echo -n ${lib.escapeShellArg (lib.concatStringsSep "," nodeHostNames)},
< ${lib.escapeShellArg "driver-symbols"}
)" ${hostPkgs.python3Packages.pyflakes}/bin/pyflakes $out/test-script
''}
# set defaults through environment
# see: ./test-driver/test-driver.py argparse implementation
wrapProgram $out/bin/nixos-test-driver \
--set startScripts "''${vmStartScripts[*]}" \
--set testScript "$out/test-script" \
--set vlans '${toString vlans}' \
${lib.escapeShellArgs (lib.concatMap (arg: ["--add-flags" arg]) config.extraDriverArgs)}
'';
in
{
options = {
driver = mkOption {
description = mdDoc "Package containing a script that runs the test.";
type = types.package;
defaultText = literalMD "set by the test framework";
};
hostPkgs = mkOption {
description = mdDoc "Nixpkgs attrset used outside the nodes.";
type = types.raw;
example = lib.literalExpression ''
import nixpkgs { inherit system config overlays; }
'';
};
qemu.package = mkOption {
description = mdDoc "Which qemu package to use for the virtualisation of [{option}`nodes`](#opt-nodes).";
type = types.package;
default = hostPkgs.qemu_test;
defaultText = "hostPkgs.qemu_test";
};
enableOCR = mkOption {
description = mdDoc ''
Whether to enable Optical Character Recognition functionality for
testing graphical programs. See [Machine objects](`ssec-machine-objects`).
'';
type = types.bool;
default = false;
};
extraPythonPackages = mkOption {
description = mdDoc ''
Python packages to add to the test driver.
The argument is a Python package set, similar to `pkgs.pythonPackages`.
'';
example = lib.literalExpression ''
p: [ p.numpy ]
'';
type = types.functionTo (types.listOf types.package);
default = ps: [ ];
};
extraDriverArgs = mkOption {
description = mdDoc ''
Extra arguments to pass to the test driver.
They become part of [{option}`driver`](#opt-driver) via `wrapProgram`.
'';
type = types.listOf types.str;
default = [];
};
skipLint = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Do not run the linters. This may speed up your iteration cycle, but it is not something you should commit.
'';
};
skipTypeCheck = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Disable type checking. This must not be enabled for new NixOS tests.
This may speed up your iteration cycle, unless you're working on the [{option}`testScript`](#opt-testScript).
'';
};
};
config = {
_module.args.hostPkgs = config.hostPkgs;
driver = withChecks driver;
# make available on the test runner
passthru.driver = config.driver;
};
}

View file

@ -0,0 +1,45 @@
{ config, lib, moduleType, hostPkgs, ... }:
let
inherit (lib) mkOption types mdDoc;
in
{
options = {
interactive = mkOption {
description = mdDoc ''
Tests [can be run interactively](#sec-running-nixos-tests-interactively)
using the program in the test derivation's `.driverInteractive` attribute.
When they are, the configuration will include anything set in this submodule.
You can set any top-level test option here.
Example test module:
```nix
{ config, lib, ... }: {
nodes.rabbitmq = {
services.rabbitmq.enable = true;
};
# When running interactively ...
interactive.nodes.rabbitmq = {
# ... enable the web ui.
services.rabbitmq.managementPlugin.enable = true;
};
}
```
For details, see the section about [running tests interactively](#sec-running-nixos-tests-interactively).
'';
type = moduleType;
visible = "shallow";
};
};
config = {
interactive.qemu.package = hostPkgs.qemu;
interactive.extraDriverArgs = [ "--interactive" ];
passthru.driverInteractive = config.interactive.driver;
};
}

View file

@ -0,0 +1,25 @@
{ config, options, lib, ... }:
let
inherit (lib) mkIf mkOption types;
in
{
# This needs options.warnings, which we don't have (yet?).
# imports = [
# (lib.mkRenamedOptionModule [ "machine" ] [ "nodes" "machine" ])
# ];
options = {
machine = mkOption {
internal = true;
type = types.raw;
};
};
config = {
nodes = mkIf options.machine.isDefined (
lib.warn
"In test `${config.name}': The `machine' attribute in NixOS tests (pkgs.nixosTest / make-test-python.nix / testing-python.nix / makeTest) is deprecated. Please set the equivalent `nodes.machine'."
{ inherit (config) machine; }
);
};
}

View file

@ -0,0 +1,42 @@
{ lib, ... }:
let
inherit (lib) types mkOption mdDoc;
in
{
options = {
meta = lib.mkOption {
description = mdDoc ''
The [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes that will be set on the returned derivations.
Not all [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes are supported, but more can be added as desired.
'';
apply = lib.filterAttrs (k: v: v != null);
type = types.submodule {
options = {
maintainers = lib.mkOption {
type = types.listOf types.raw;
default = [];
description = mdDoc ''
The [list of maintainers](https://nixos.org/manual/nixpkgs/stable/#var-meta-maintainers) for this test.
'';
};
timeout = lib.mkOption {
type = types.nullOr types.int;
default = null; # NOTE: null values are filtered out by `meta`.
description = mdDoc ''
The [{option}`test`](#opt-test)'s [`meta.timeout`](https://nixos.org/manual/nixpkgs/stable/#var-meta-timeout) in seconds.
'';
};
broken = lib.mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Sets the [`meta.broken`](https://nixos.org/manual/nixpkgs/stable/#var-meta-broken) attribute on the [{option}`test`](#opt-test) derivation.
'';
};
};
};
default = {};
};
};
}

View file

@ -0,0 +1,14 @@
{ lib, ... }:
let
inherit (lib) mkOption types mdDoc;
in
{
options.name = mkOption {
description = mdDoc ''
The name of the test.
This is used in the derivation names of the [{option}`driver`](#opt-driver) and [{option}`test`](#opt-test) runner.
'';
type = types.str;
};
}

View file

@ -0,0 +1,117 @@
{ lib, nodes, ... }:
let
inherit (lib)
attrNames concatMap concatMapStrings flip forEach head
listToAttrs mkDefault mkOption nameValuePair optionalString
range types zipListsWith zipLists
mdDoc
;
nodeNumbers =
listToAttrs
(zipListsWith
nameValuePair
(attrNames nodes)
(range 1 254)
);
networkModule = { config, nodes, pkgs, ... }:
let
interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255);
interfaces = forEach interfacesNumbered ({ fst, snd }:
nameValuePair "eth${toString snd}" {
ipv4.addresses =
[{
address = "192.168.${toString fst}.${toString config.virtualisation.test.nodeNumber}";
prefixLength = 24;
}];
});
networkConfig =
{
networking.hostName = mkDefault config.virtualisation.test.nodeName;
networking.interfaces = listToAttrs interfaces;
networking.primaryIPAddress =
optionalString (interfaces != [ ]) (head (head interfaces).value.ipv4.addresses).address;
# Put the IP addresses of all VMs in this machine's
# /etc/hosts file. If a machine has multiple
# interfaces, use the IP address corresponding to
# the first interface (i.e. the first network in its
# virtualisation.vlans option).
networking.extraHosts = flip concatMapStrings (attrNames nodes)
(m':
let config = nodes.${m'}; in
optionalString (config.networking.primaryIPAddress != "")
("${config.networking.primaryIPAddress} " +
optionalString (config.networking.domain != null)
"${config.networking.hostName}.${config.networking.domain} " +
"${config.networking.hostName}\n"));
virtualisation.qemu.options =
let qemu-common = import ../qemu-common.nix { inherit lib pkgs; };
in
flip concatMap interfacesNumbered
({ fst, snd }: qemu-common.qemuNICFlags snd fst config.virtualisation.test.nodeNumber);
};
in
{
key = "ip-address";
config = networkConfig // {
# Expose the networkConfig items for tests like nixops
# that need to recreate the network config.
system.build.networkConfig = networkConfig;
};
};
nodeNumberModule = (regular@{ config, name, ... }: {
options = {
virtualisation.test.nodeName = mkOption {
internal = true;
default = name;
# We need to force this in specilisations, otherwise it'd be
# readOnly = true;
description = mdDoc ''
The `name` in `nodes.<name>`; stable across `specialisations`.
'';
};
virtualisation.test.nodeNumber = mkOption {
internal = true;
type = types.int;
readOnly = true;
default = nodeNumbers.${config.virtualisation.test.nodeName};
description = mdDoc ''
A unique number assigned for each node in `nodes`.
'';
};
# specialisations override the `name` module argument,
# so we push the real `virtualisation.test.nodeName`.
specialisation = mkOption {
type = types.attrsOf (types.submodule {
options.configuration = mkOption {
type = types.submoduleWith {
modules = [
{
config.virtualisation.test.nodeName =
# assert regular.config.virtualisation.test.nodeName != "configuration";
regular.config.virtualisation.test.nodeName;
}
];
};
};
});
};
};
});
in
{
config = {
extraBaseModules = { imports = [ networkModule nodeNumberModule ]; };
};
}

View file

@ -0,0 +1,23 @@
# A module containing the base imports and overrides that
# are always applied in NixOS VM tests, unconditionally,
# even in `inheritParentConfig = false` specialisations.
{ lib, ... }:
let
inherit (lib) mkForce;
in
{
imports = [
../../modules/virtualisation/qemu-vm.nix
../../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
{ key = "no-manual"; documentation.nixos.enable = false; }
{
key = "no-revision";
# Make the revision metadata constant, in order to avoid needless retesting.
# The human version (e.g. 21.05-pre) is left as is, because it is useful
# for external modules that test with e.g. testers.nixosTest and rely on that
# version number.
config.system.nixos.revision = mkForce "constant-nixos-revision";
}
];
}

View file

@ -0,0 +1,112 @@
testModuleArgs@{ config, lib, hostPkgs, nodes, ... }:
let
inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc;
system = hostPkgs.stdenv.hostPlatform.system;
baseOS =
import ../eval-config.nix {
inherit system;
inherit (config.node) specialArgs;
modules = [ config.defaults ];
baseModules = (import ../../modules/module-list.nix) ++
[
./nixos-test-base.nix
{ key = "nodes"; _module.args.nodes = config.nodesCompat; }
({ config, ... }:
{
virtualisation.qemu.package = testModuleArgs.config.qemu.package;
# Ensure we do not use aliases. Ideally this is only set
# when the test framework is used by Nixpkgs NixOS tests.
nixpkgs.config.allowAliases = false;
})
testModuleArgs.config.extraBaseModules
] ++ optional config.minimal ../../modules/testing/minimal-kernel.nix;
};
in
{
options = {
node.type = mkOption {
type = types.raw;
default = baseOS.type;
internal = true;
};
nodes = mkOption {
type = types.lazyAttrsOf config.node.type;
visible = "shallow";
description = mdDoc ''
An attribute set of NixOS configuration modules.
The configurations are augmented by the [`defaults`](#opt-defaults) option.
They are assigned network addresses according to the `nixos/lib/testing/network.nix` module.
A few special options are available, that aren't in a plain NixOS configuration. See [Configuring the nodes](#sec-nixos-test-nodes)
'';
};
defaults = mkOption {
description = mdDoc ''
NixOS configuration that is applied to all [{option}`nodes`](#opt-nodes).
'';
type = types.deferredModule;
default = { };
};
extraBaseModules = mkOption {
description = mdDoc ''
NixOS configuration that, like [{option}`defaults`](#opt-defaults), is applied to all [{option}`nodes`](#opt-nodes) and can not be undone with [`specialisation.<name>.inheritParentConfig`](https://search.nixos.org/options?show=specialisation.%3Cname%3E.inheritParentConfig&from=0&size=50&sort=relevance&type=packages&query=specialisation).
'';
type = types.deferredModule;
default = { };
};
node.specialArgs = mkOption {
type = types.lazyAttrsOf types.raw;
default = { };
description = mdDoc ''
An attribute set of arbitrary values that will be made available as module arguments during the resolution of module `imports`.
Note that it is not possible to override these from within the NixOS configurations. If you argument is not relevant to `imports`, consider setting {option}`defaults._module.args.<name>` instead.
'';
};
minimal = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Enable to configure all [{option}`nodes`](#opt-nodes) to run with a minimal kernel.
'';
};
nodesCompat = mkOption {
internal = true;
description = mdDoc ''
Basically `_module.args.nodes`, but with backcompat and warnings added.
This will go away.
'';
};
};
config = {
_module.args.nodes = config.nodesCompat;
nodesCompat =
mapAttrs
(name: config: config // {
config = lib.warn
"Module argument `nodes.${name}.config` is deprecated. Use `nodes.${name}` instead."
config;
})
config.nodes;
passthru.nodes = config.nodesCompat;
};
}

View file

@ -0,0 +1,11 @@
{ config, lib, hostPkgs, ... }:
{
config = {
# default pkgs for use in VMs
_module.args.pkgs = hostPkgs;
defaults = {
# TODO: a module to set a shared pkgs, if options.nixpkgs.* is untouched by user (highestPrio) */
};
};
}

View file

@ -0,0 +1,57 @@
{ config, hostPkgs, lib, ... }:
let
inherit (lib) types mkOption mdDoc;
in
{
options = {
passthru = mkOption {
type = types.lazyAttrsOf types.raw;
description = mdDoc ''
Attributes to add to the returned derivations,
which are not necessarily part of the build.
This is a bit like doing `drv // { myAttr = true; }` (which would be lost by `overrideAttrs`).
It does not change the actual derivation, but adds the attribute nonetheless, so that
consumers of what would be `drv` have more information.
'';
};
test = mkOption {
type = types.package;
# TODO: can the interactive driver be configured to access the network?
description = mdDoc ''
Derivation that runs the test as its "build" process.
This implies that NixOS tests run isolated from the network, making them
more dependable.
'';
};
};
config = {
test = lib.lazyDerivation { # lazyDerivation improves performance when only passthru items and/or meta are used.
derivation = hostPkgs.stdenv.mkDerivation {
name = "vm-test-run-${config.name}";
requiredSystemFeatures = [ "kvm" "nixos-test" ];
buildCommand = ''
mkdir -p $out
# effectively mute the XMLLogger
export LOGFILE=/dev/null
${config.driver}/bin/nixos-test-driver -o $out
'';
passthru = config.passthru;
meta = config.meta;
};
inherit (config) passthru meta;
};
# useful for inspection (debugging / exploration)
passthru.config = config;
};
}

View file

@ -0,0 +1,84 @@
testModuleArgs@{ config, lib, hostPkgs, nodes, moduleType, ... }:
let
inherit (lib) mkOption types mdDoc;
inherit (types) either str functionTo;
in
{
options = {
testScript = mkOption {
type = either str (functionTo str);
description = ''
A series of python declarations and statements that you write to perform
the test.
'';
};
testScriptString = mkOption {
type = str;
readOnly = true;
internal = true;
};
includeTestScriptReferences = mkOption {
type = types.bool;
default = true;
internal = true;
};
withoutTestScriptReferences = mkOption {
type = moduleType;
description = mdDoc ''
A parallel universe where the testScript is invalid and has no references.
'';
internal = true;
visible = false;
};
};
config = {
withoutTestScriptReferences.includeTestScriptReferences = false;
withoutTestScriptReferences.testScript = lib.mkForce "testscript omitted";
testScriptString =
if lib.isFunction config.testScript
then
config.testScript
{
nodes =
lib.mapAttrs
(k: v:
if v.virtualisation.useNixStoreImage
then
# prevent infinite recursion when testScript would
# reference v's toplevel
config.withoutTestScriptReferences.nodesCompat.${k}
else
# reuse memoized config
v
)
config.nodesCompat;
}
else config.testScript;
defaults = { config, name, ... }: {
# Make sure all derivations referenced by the test
# script are available on the nodes. When the store is
# accessed through 9p, this isn't important, since
# everything in the store is available to the guest,
# but when building a root image it is, as all paths
# that should be available to the guest has to be
# copied to the image.
virtualisation.additionalPaths =
lib.optional
# A testScript may evaluate nodes, which has caused
# infinite recursions. The demand cycle involves:
# testScript -->
# nodes -->
# toplevel -->
# additionalPaths -->
# hasContext testScript' -->
# testScript (ad infinitum)
# If we don't need to build an image, we can break this
# cycle by short-circuiting when useNixStoreImage is false.
(config.virtualisation.useNixStoreImage && builtins.hasContext testModuleArgs.config.testScriptString && testModuleArgs.config.includeTestScriptReferences)
(hostPkgs.writeStringReferencesToFile testModuleArgs.config.testScriptString);
};
};
}

View file

@ -10,12 +10,12 @@ with lib;
i18n = {
glibcLocales = mkOption {
type = types.path;
default = pkgs.buildPackages.glibcLocales.override {
default = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
defaultText = literalExpression ''
pkgs.buildPackages.glibcLocales.override {
pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
}

View file

@ -35,17 +35,21 @@ let
;
/**
* Given a `config`, builds the default options.
* Builds the default options.
*/
buildMenuGrub2 = config:
buildMenuAdditionalParamsGrub2 config ""
;
buildMenuGrub2 = buildMenuAdditionalParamsGrub2 "";
targetArch =
if config.boot.loader.grub.forcei686 then
"ia32"
else
pkgs.stdenv.hostPlatform.efiArch;
/**
* Given a `config` and params to add to `params`, build a set of default options.
* Given params to add to `params`, build a set of default options.
* Use this one when creating a variant (e.g. hidpi)
*/
buildMenuAdditionalParamsGrub2 = config: additional:
buildMenuAdditionalParamsGrub2 = additional:
let
finalCfg = {
name = "NixOS ${config.system.nixos.label}${config.isoImage.appendToMenuLabel}";
@ -53,6 +57,7 @@ let
image = "/boot/${config.system.boot.loader.kernelFile}";
initrd = "/boot/initrd";
};
in
menuBuilderGrub2
finalCfg
@ -314,16 +319,16 @@ let
# Menu entries
#
${buildMenuGrub2 config}
${buildMenuGrub2}
submenu "HiDPI, Quirks and Accessibility" --class hidpi --class submenu {
${grubMenuCfg}
submenu "Suggests resolution @720p" --class hidpi-720p {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "video=1280x720@60"}
${buildMenuAdditionalParamsGrub2 "video=1280x720@60"}
}
submenu "Suggests resolution @1080p" --class hidpi-1080p {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "video=1920x1080@60"}
${buildMenuAdditionalParamsGrub2 "video=1920x1080@60"}
}
# If we boot into a graphical environment where X is autoran
@ -331,7 +336,7 @@ let
# to disable this.
submenu "Disable display-manager" --class quirk-disable-displaymanager {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "systemd.mask=display-manager.service"}
${buildMenuAdditionalParamsGrub2 "systemd.mask=display-manager.service"}
}
# Some laptop and convertibles have the panel installed in an
@ -340,29 +345,29 @@ let
submenu "" {return}
submenu "Rotate framebuffer Clockwise" --class rotate-90cw {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "fbcon=rotate:1"}
${buildMenuAdditionalParamsGrub2 "fbcon=rotate:1"}
}
submenu "Rotate framebuffer Upside-Down" --class rotate-180 {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "fbcon=rotate:2"}
${buildMenuAdditionalParamsGrub2 "fbcon=rotate:2"}
}
submenu "Rotate framebuffer Counter-Clockwise" --class rotate-90ccw {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "fbcon=rotate:3"}
${buildMenuAdditionalParamsGrub2 "fbcon=rotate:3"}
}
# As a proof of concept, mainly. (Not sure it has accessibility merits.)
submenu "" {return}
submenu "Use black on white" --class accessibility-blakconwhite {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "vt.default_red=0xFF,0xBC,0x4F,0xB4,0x56,0xBC,0x4F,0x00,0xA1,0xCF,0x84,0xCA,0x8D,0xB4,0x84,0x68 vt.default_grn=0xFF,0x55,0xBA,0xBA,0x4D,0x4D,0xB3,0x00,0xA0,0x8F,0xB3,0xCA,0x88,0x93,0xA4,0x68 vt.default_blu=0xFF,0x58,0x5F,0x58,0xC5,0xBD,0xC5,0x00,0xA8,0xBB,0xAB,0x97,0xBD,0xC7,0xC5,0x68"}
${buildMenuAdditionalParamsGrub2 "vt.default_red=0xFF,0xBC,0x4F,0xB4,0x56,0xBC,0x4F,0x00,0xA1,0xCF,0x84,0xCA,0x8D,0xB4,0x84,0x68 vt.default_grn=0xFF,0x55,0xBA,0xBA,0x4D,0x4D,0xB3,0x00,0xA0,0x8F,0xB3,0xCA,0x88,0x93,0xA4,0x68 vt.default_blu=0xFF,0x58,0x5F,0x58,0xC5,0xBD,0xC5,0x00,0xA8,0xBB,0xAB,0x97,0xBD,0xC7,0xC5,0x68"}
}
# Serial access is a must!
submenu "" {return}
submenu "Serial console=ttyS0,115200n8" --class serial {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "console=ttyS0,115200n8"}
${buildMenuAdditionalParamsGrub2 "console=ttyS0,115200n8"}
}
}
@ -431,19 +436,6 @@ let
fsck.vfat -vn "$out"
''; # */
# Name used by UEFI for architectures.
targetArch =
if pkgs.stdenv.isi686 || config.boot.loader.grub.forcei686 then
"ia32"
else if pkgs.stdenv.isx86_64 then
"x64"
else if pkgs.stdenv.isAarch32 then
"arm"
else if pkgs.stdenv.isAarch64 then
"aa64"
else
throw "Unsupported architecture";
# Syslinux (and isolinux) only supports x86-based architectures.
canx86BiosBoot = pkgs.stdenv.hostPlatform.isx86;

View file

@ -15,7 +15,7 @@ let
inherit system pkgs;
};
interactiveDriver = (testing.makeTest { inherit nodes; testScript = "start_all(); join_all();"; }).driverInteractive;
interactiveDriver = (testing.makeTest { inherit nodes; name = "network"; testScript = "start_all(); join_all();"; }).driverInteractive;
in

View file

@ -455,6 +455,7 @@
./services/hardware/lcd.nix
./services/hardware/lirc.nix
./services/hardware/nvidia-optimus.nix
./services/hardware/openrgb.nix
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
./services/hardware/power-profiles-daemon.nix
@ -681,6 +682,7 @@
./services/monitoring/heapster.nix
./services/monitoring/incron.nix
./services/monitoring/kapacitor.nix
./services/monitoring/kthxbye.nix
./services/monitoring/loki.nix
./services/monitoring/longview.nix
./services/monitoring/mackerel-agent.nix
@ -1072,6 +1074,7 @@
./services/web-apps/engelsystem.nix
./services/web-apps/ethercalc.nix
./services/web-apps/fluidd.nix
./services/web-apps/freshrss.nix
./services/web-apps/galene.nix
./services/web-apps/gerrit.nix
./services/web-apps/gotify-server.nix
@ -1234,6 +1237,7 @@
./system/boot/systemd/journald.nix
./system/boot/systemd/logind.nix
./system/boot/systemd/nspawn.nix
./system/boot/systemd/oomd.nix
./system/boot/systemd/shutdown.nix
./system/boot/systemd/tmpfiles.nix
./system/boot/systemd/user.nix

View file

@ -1279,7 +1279,7 @@ in
mr ${pkgs.pam_mount}/lib/security/pam_mount.so,
'' +
optionalString (isEnabled (cfg: cfg.enableGnomeKeyring)) ''
mr ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so,
mr ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so,
'' +
optionalString (isEnabled (cfg: cfg.startSession)) ''
mr ${config.systemd.package}/lib/security/pam_systemd.so,

View file

@ -37,27 +37,76 @@ in
};
initialEmail = mkOption {
description = lib.mdDoc "Initial email for the pgAdmin account.";
description = lib.mdDoc "Initial email for the pgAdmin account";
type = types.str;
};
initialPasswordFile = mkOption {
description = lib.mdDoc ''
Initial password file for the pgAdmin account.
NOTE: Should be string not a store path, to prevent the password from being world readable.
NOTE: Should be string not a store path, to prevent the password from being world readable
'';
type = types.path;
};
emailServer = {
enable = mkOption {
description = lib.mdDoc ''
Enable SMTP email server. This is necessary, if you want to use password recovery or change your own password
'';
type = types.bool;
default = false;
};
address = mkOption {
description = lib.mdDoc "SMTP server for email delivery";
type = types.str;
default = "localhost";
};
port = mkOption {
description = lib.mdDoc "SMTP server port for email delivery";
type = types.port;
default = 25;
};
useSSL = mkOption {
description = lib.mdDoc "SMTP server should use SSL";
type = types.bool;
default = false;
};
useTLS = mkOption {
description = lib.mdDoc "SMTP server should use TLS";
type = types.bool;
default = false;
};
username = mkOption {
description = lib.mdDoc "SMTP server username for email delivery";
type = types.nullOr types.str;
default = null;
};
sender = mkOption {
description = lib.mdDoc ''
SMTP server sender email for email delivery. Some servers require this to be a valid email address from that server
'';
type = types.str;
example = "noreply@example.com";
};
passwordFile = mkOption {
description = lib.mdDoc ''
Password for SMTP email account.
NOTE: Should be string not a store path, to prevent the password from being world readable
'';
type = types.path;
};
};
openFirewall = mkEnableOption (lib.mdDoc "firewall passthrough for pgadmin4");
settings = mkOption {
description = lib.mdDoc ''
Settings for pgadmin4.
[Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html).
[Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html)
'';
type = pyType;
default= {};
default = { };
};
};
@ -69,6 +118,13 @@ in
SERVER_MODE = true;
} // (optionalAttrs cfg.openFirewall {
DEFAULT_SERVER = mkDefault "::";
}) // (optionalAttrs cfg.emailServer.enable {
MAIL_SERVER = cfg.emailServer.address;
MAIL_PORT = cfg.emailServer.port;
MAIL_USE_SSL = cfg.emailServer.useSSL;
MAIL_USE_TLS = cfg.emailServer.useTLS;
MAIL_USERNAME = cfg.emailServer.username;
SECURITY_EMAIL_SENDER = cfg.emailServer.sender;
});
systemd.services.pgadmin = {
@ -115,10 +171,14 @@ in
group = "pgadmin";
};
users.groups.pgadmin = {};
users.groups.pgadmin = { };
environment.etc."pgadmin/config_system.py" = {
text = formatPy cfg.settings;
text = lib.optionalString cfg.emailServer.enable ''
with open("${cfg.emailServer.passwordFile}") as f:
pw = f.read()
MAIL_PASSWORD = pw
'' + formatPy cfg.settings;
mode = "0600";
user = "pgadmin";
group = "pgadmin";

View file

@ -0,0 +1,52 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.services.hardware.openrgb;
in {
options.services.hardware.openrgb = {
enable = mkEnableOption (lib.mdDoc "OpenRGB server");
package = mkOption {
type = types.package;
default = pkgs.openrgb;
defaultText = literalMD "pkgs.openrgb";
description = lib.mdDoc "Set version of openrgb package to use.";
};
motherboard = mkOption {
type = types.nullOr (types.enum [ "amd" "intel" ]);
default = null;
description = lib.mdDoc "CPU family of motherboard. Allows for addition motherboard i2c support.";
};
server.port = mkOption {
type = types.port;
default = 6742;
description = lib.mdDoc "Set server port of openrgb.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
services.udev.packages = [ cfg.package ];
boot.kernelModules = [ "i2c-dev" ]
++ lib.optionals (cfg.motherboard == "amd") [ "i2c-piix" ]
++ lib.optionals (cfg.motherboard == "intel") [ "i2c-i801" ];
systemd.services.openrgb = {
description = "OpenRGB server daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/openrgb --server --server-port ${toString cfg.server.port}";
Restart = "always";
};
};
};
meta.maintainers = with lib.maintainers; [ jonringer ];
}

View file

@ -35,6 +35,30 @@ in
description = lib.mdDoc "Path of the API socket to create.";
};
mutableConfig = mkOption {
type = types.bool;
default = false;
example = true;
description = lib.mdDoc ''
Whether to copy the config to a mutable directory instead of using the one directly from the nix store.
This will only copy the config if the file at `services.klipper.mutableConfigPath` doesn't exist.
'';
};
mutableConfigFolder = mkOption {
type = types.path;
default = "/var/lib/klipper";
description = lib.mdDoc "Path to mutable Klipper config file.";
};
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
Path to default Klipper config.
'';
};
octoprintIntegration = mkOption {
type = types.bool;
default = false;
@ -62,8 +86,8 @@ in
};
settings = mkOption {
type = format.type;
default = { };
type = types.nullOr format.type;
default = null;
description = lib.mdDoc ''
Configuration for Klipper. See the [documentation](https://www.klipper3d.org/Overview.html#configuration-and-tuning-guides)
for supported values.
@ -80,6 +104,10 @@ in
building of firmware and addition of klipper-flash tools for manual flashing.
This will add `klipper-flash-$mcu` scripts to your environment which can be called to flash the firmware.
'');
serial = mkOption {
type = types.nullOr path;
description = lib.mdDoc "Path to serial port this printer is connected to. Leave `null` to derive it from `service.klipper.settings`.";
};
configFile = mkOption {
type = path;
description = lib.mdDoc "Path to firmware config which is generated using `klipper-genconf`";
@ -95,19 +123,25 @@ in
assertions = [
{
assertion = cfg.octoprintIntegration -> config.services.octoprint.enable;
message = "Option klipper.octoprintIntegration requires Octoprint to be enabled on this system. Please enable services.octoprint to use it.";
message = "Option services.klipper.octoprintIntegration requires Octoprint to be enabled on this system. Please enable services.octoprint to use it.";
}
{
assertion = cfg.user != null -> cfg.group != null;
message = "Option klipper.group is not set when a user is specified.";
message = "Option services.klipper.group is not set when services.klipper.user is specified.";
}
{
assertion = foldl (a: b: a && b) true (mapAttrsToList (mcu: _: mcu != null -> (hasAttrByPath [ "${mcu}" "serial" ] cfg.settings)) cfg.firmwares);
message = "Option klipper.settings.$mcu.serial must be set when klipper.firmware.$mcu is specified";
assertion = cfg.settings != null -> foldl (a: b: a && b) true (mapAttrsToList (mcu: _: mcu != null -> (hasAttrByPath [ "${mcu}" "serial" ] cfg.settings)) cfg.firmwares);
message = "Option services.klipper.settings.$mcu.serial must be set when settings.klipper.firmware.$mcu is specified";
}
{
assertion = (cfg.configFile != null) != (cfg.settings != null);
message = "You need to either specify services.klipper.settings or services.klipper.defaultConfig.";
}
];
environment.etc."klipper.cfg".source = format.generate "klipper.cfg" cfg.settings;
environment.etc = mkIf (!cfg.mutableConfig) {
"klipper.cfg".source = if cfg.settings != null then format.generate "klipper.cfg" cfg.settings else cfg.configFile;
};
services.klipper = mkIf cfg.octoprintIntegration {
user = config.services.octoprint.user;
@ -118,15 +152,34 @@ in
let
klippyArgs = "--input-tty=${cfg.inputTTY}"
+ optionalString (cfg.apiSocket != null) " --api-server=${cfg.apiSocket}";
printerConfigPath =
if cfg.mutableConfig
then cfg.mutableConfigFolder + "/printer.cfg"
else "/etc/klipper.cfg";
printerConfigFile =
if cfg.settings != null
then format.generate "klipper.cfg" cfg.settings
else cfg.configFile;
in
{
description = "Klipper 3D Printer Firmware";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${cfg.mutableConfigFolder}
${lib.optionalString (cfg.mutableConfig) ''
[ -e ${printerConfigPath} ] || {
cp ${printerConfigFile} ${printerConfigPath}
chmod +w ${printerConfigPath}
}
''}
mkdir -p ${cfg.mutableConfigFolder}/gcodes
'';
serviceConfig = {
ExecStart = "${cfg.package}/lib/klipper/klippy.py ${klippyArgs} /etc/klipper.cfg";
ExecStart = "${cfg.package}/lib/klipper/klippy.py ${klippyArgs} ${printerConfigPath}";
RuntimeDirectory = "klipper";
StateDirectory = "klipper";
SupplementaryGroups = [ "dialout" ];
WorkingDirectory = "${cfg.package}/lib";
OOMScoreAdjust = "-999";
@ -134,6 +187,7 @@ in
CPUSchedulingPriority = 99;
IOSchedulingClass = "realtime";
IOSchedulingPriority = 0;
UMask = "0002";
} // (if cfg.user != null then {
Group = cfg.group;
User = cfg.user;
@ -146,8 +200,9 @@ in
environment.systemPackages =
with pkgs;
let
default = a: b: if a != null then a else b;
firmwares = filterAttrs (n: v: v!= null) (mapAttrs
(mcu: { enable, configFile }: if enable then pkgs.klipper-firmware.override {
(mcu: { enable, configFile, serial }: if enable then pkgs.klipper-firmware.override {
mcu = lib.strings.sanitizeDerivationName mcu;
firmwareConfig = configFile;
} else null)
@ -156,11 +211,14 @@ in
(mcu: firmware: pkgs.klipper-flash.override {
mcu = lib.strings.sanitizeDerivationName mcu;
klipper-firmware = firmware;
flashDevice = cfg.settings."${mcu}".serial;
flashDevice = default cfg.firmwares."${mcu}".serial cfg.settings."${mcu}".serial;
firmwareConfig = cfg.firmwares."${mcu}".configFile;
})
firmwares;
in
[ klipper-genconf ] ++ firmwareFlasher ++ attrValues firmwares;
};
meta.maintainers = [
maintainers.cab404
];
}

View file

@ -123,7 +123,11 @@ in {
host = cfg.address;
port = cfg.port;
klippy_uds_address = cfg.klipperSocket;
};
file_manager = {
config_path = cfg.configDir;
};
database = {
database_path = "${cfg.stateDir}/database";
};
};
@ -153,6 +157,7 @@ in {
serviceConfig = {
WorkingDirectory = cfg.stateDir;
PrivateTmp = true;
Group = cfg.group;
User = cfg.user;
};
@ -175,4 +180,9 @@ in {
});
'';
};
meta.maintainers = with maintainers; [
cab404
vtuan10
];
}

View file

@ -228,13 +228,16 @@ in
'';
};
protocol = mkOption {
type = types.enum [ "ssh" "ssh-ng" ];
type = types.enum [ null "ssh" "ssh-ng" ];
default = "ssh";
example = "ssh-ng";
description = lib.mdDoc ''
The protocol used for communicating with the build machine.
Use `ssh-ng` if your remote builder and your
local Nix version support that improved protocol.
Use `null` when trying to change the special localhost builder
without a protocol which is for example used by hydra.
'';
};
system = mkOption {
@ -680,13 +683,15 @@ in
concatMapStrings
(machine:
(concatStringsSep " " ([
"${machine.protocol}://${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}"
"${optionalString (machine.protocol != null) "${machine.protocol}://"}${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}"
(if machine.system != null then machine.system else if machine.systems != [ ] then concatStringsSep "," machine.systems else "-")
(if machine.sshKey != null then machine.sshKey else "-")
(toString machine.maxJobs)
(toString machine.speedFactor)
(concatStringsSep "," (machine.supportedFeatures ++ machine.mandatoryFeatures))
(concatStringsSep "," machine.mandatoryFeatures)
(let res = (machine.supportedFeatures ++ machine.mandatoryFeatures);
in if (res == []) then "-" else (concatStringsSep "," res))
(let res = machine.mandatoryFeatures;
in if (res == []) then "-" else (concatStringsSep "," machine.mandatoryFeatures))
]
++ optional (isNixAtLeast "2.4pre") (if machine.publicHostKey != null then machine.publicHostKey else "-")))
+ "\n"

View file

@ -80,7 +80,7 @@ let
RestrictSUIDSGID = true;
SupplementaryGroups = optional enableRedis redisServer.user;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
# Does not work well with the temporary root
#UMask = "0066";
};

View file

@ -0,0 +1,166 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.kthxbye;
in
{
options.services.kthxbye = {
enable = mkEnableOption (mdDoc "kthxbye alert acknowledgement management daemon");
package = mkOption {
type = types.package;
default = pkgs.kthxbye;
defaultText = literalExpression "pkgs.kthxbye";
description = mdDoc ''
The kthxbye package that should be used.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Whether to open ports in the firewall needed for the daemon to function.
'';
};
extraOptions = mkOption {
type = with types; listOf str;
default = [];
description = mdDoc ''
Extra command line options.
Documentation can be found [here](https://github.com/prymitive/kthxbye/blob/main/README.md).
'';
example = literalExpression ''
[
"-extend-with-prefix 'ACK!'"
];
'';
};
alertmanager = {
timeout = mkOption {
type = types.str;
default = "1m0s";
description = mdDoc ''
Alertmanager request timeout duration in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.
'';
example = "30s";
};
uri = mkOption {
type = types.str;
default = "http://localhost:9093";
description = mdDoc ''
Alertmanager URI to use.
'';
example = "https://alertmanager.example.com";
};
};
extendBy = mkOption {
type = types.str;
default = "15m0s";
description = mdDoc ''
Extend silences by adding DURATION seconds.
DURATION should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.
'';
example = "6h0m0s";
};
extendIfExpiringIn = mkOption {
type = types.str;
default = "5m0s";
description = mdDoc ''
Extend silences that are about to expire in the next DURATION seconds.
DURATION should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.
'';
example = "1m0s";
};
extendWithPrefix = mkOption {
type = types.str;
default = "ACK!";
description = mdDoc ''
Extend silences with comment starting with PREFIX string.
'';
example = "!perma-silence";
};
interval = mkOption {
type = types.str;
default = "45s";
description = mdDoc ''
Silence check interval duration in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.
'';
example = "30s";
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = mdDoc ''
The address to listen on for HTTP requests.
'';
example = "127.0.0.1";
};
port = mkOption {
type = types.port;
default = 8080;
description = mdDoc ''
The port to listen on for HTTP requests.
'';
};
logJSON = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Format logged messages as JSON.
'';
};
maxDuration = mkOption {
type = with types; nullOr str;
default = null;
description = mdDoc ''
Maximum duration of a silence, it won't be extended anymore after reaching it.
Duration should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.
'';
example = "30d";
};
};
config = mkIf cfg.enable {
systemd.services.kthxbye = {
description = "kthxbye Alertmanager ack management daemon";
wantedBy = [ "multi-user.target" ];
script = ''
${cfg.package}/bin/kthxbye \
-alertmanager.timeout ${cfg.alertmanager.timeout} \
-alertmanager.uri ${cfg.alertmanager.uri} \
-extend-by ${cfg.extendBy} \
-extend-if-expiring-in ${cfg.extendIfExpiringIn} \
-extend-with-prefix ${cfg.extendWithPrefix} \
-interval ${cfg.interval} \
-listen ${cfg.listenAddress}:${toString cfg.port} \
${optionalString cfg.logJSON "-log-json"} \
${optionalString (cfg.maxDuration != null) "-max-duration ${cfg.maxDuration}"} \
${concatStringsSep " " cfg.extraOptions}
'';
serviceConfig = {
Type = "simple";
DynamicUser = true;
Restart = "on-failure";
};
};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
};
}

View file

@ -14,7 +14,7 @@ in
configuration = mkOption {
type = types.nullOr types.attrs;
default = null;
example = literalExample ''
example = literalExpression ''
{
providers = {
twilio = {

View file

@ -34,7 +34,7 @@ with lib;
Either `configFile` or `config` must be specified.
See <https://www.v2fly.org/en_US/config/overview.html>.
See <https://www.v2fly.org/en_US/v5/config/overview.html>.
'';
};
@ -56,7 +56,7 @@ with lib;
Either `configFile` or `config` must be specified.
See <https://www.v2fly.org/en_US/config/overview.html>.
See <https://www.v2fly.org/en_US/v5/config/overview.html>.
'';
};
};
@ -71,7 +71,7 @@ with lib;
name = "v2ray.json";
text = builtins.toJSON cfg.config;
checkPhase = ''
${cfg.package}/bin/v2ray -test -config $out
${cfg.package}/bin/v2ray test -c $out
'';
};
@ -83,13 +83,15 @@ with lib;
}
];
environment.etc."v2ray/config.json".source = configFile;
systemd.packages = [ cfg.package ];
systemd.services.v2ray = {
description = "v2ray Daemon";
after = [ "network.target" ];
restartTriggers = [ config.environment.etc."v2ray/config.json".source ];
# Workaround: https://github.com/NixOS/nixpkgs/issues/81138
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/v2ray -config ${configFile}";
};
};
};
}

View file

@ -137,6 +137,33 @@ let
See [documentation](https://www.wireguard.com/netns/).
'';
};
fwMark = mkOption {
default = null;
type = with types; nullOr str;
example = "0x6e6978";
description = lib.mdDoc ''
Mark all wireguard packets originating from
this interface with the given firewall mark. The firewall mark can be
used in firewalls or policy routing to filter the wireguard packets.
This can be useful for setup where all traffic goes through the
wireguard tunnel, because the wireguard packets need to be routed
differently.
'';
};
mtu = mkOption {
default = null;
type = with types; nullOr int;
example = 1280;
description = lib.mdDoc ''
Set the maximum transmission unit in bytes for the wireguard
interface. Beware that the wireguard packets have a header that may
add up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) =
1420. However, if the MTU of the upstream network is lower, the MTU
of the wireguard network has to be adjusted as well.
'';
};
};
};
@ -398,6 +425,7 @@ let
${ipPreMove} link add dev "${name}" type wireguard
${optionalString (values.interfaceNamespace != null && values.interfaceNamespace != values.socketNamespace) ''${ipPreMove} link set "${name}" netns "${ns}"''}
${optionalString (values.mtu != null) ''${ipPreMove} link set "${name}" mtu ${toString values.mtu}''}
${concatMapStringsSep "\n" (ip:
''${ipPostMove} address add "${ip}" dev "${name}"''
@ -406,6 +434,7 @@ let
${concatStringsSep " " (
[ ''${wg} set "${name}" private-key "${privKey}"'' ]
++ optional (values.listenPort != null) ''listen-port "${toString values.listenPort}"''
++ optional (values.fwMark != null) ''fwmark "${values.fwMark}"''
)}
${ipPostMove} link set up dev "${name}"

View file

@ -40,14 +40,14 @@ in {
If the {option}`persistentKeys` is enabled then the
keys that are generated during activation will override
those in {option}`config` or
those in {option}`settings` or
{option}`configFile`.
If no keys are specified then ephemeral keys are generated
and the Yggdrasil interface will have a random IPv6 address
each time the service is started, this is the default.
If both {option}`configFile` and {option}`config`
If both {option}`configFile` and {option}`settings`
are supplied, they will be combined, with values from
{option}`configFile` taking precedence.
@ -62,7 +62,7 @@ in {
example = "/run/keys/yggdrasil.conf";
description = lib.mdDoc ''
A file which contains JSON configuration for yggdrasil.
See the {option}`config` option for more information.
See the {option}`settings` option for more information.
'';
};
@ -81,7 +81,7 @@ in {
discovery. The NixOS firewall blocks link-local
communication, so in order to make local peering work you
will also need to set `LinkLocalTCPPort` in your
yggdrasil configuration ({option}`config` or
yggdrasil configuration ({option}`settings` or
{option}`configFile`) to a port number other than 0,
and then add that port to
{option}`networking.firewall.allowedTCPPorts`.

View file

@ -27,7 +27,7 @@ An annotated example of a simple configuration:
# The NixOS module will generate new keys and a new IPv6 address each time
# it is started if persistentKeys is not enabled.
config = {
settings = {
Peers = [
# Yggdrasil will automatically connect and "peer" with other nodes it
# discovers via link-local multicast annoucements. Unless this is the
@ -58,7 +58,7 @@ in {
services.yggdrasil = {
enable = true;
persistentKeys = true; # Maintain a fixed public key and IPv6 address.
config = {
settings = {
Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ];
NodeInfo = {
# This information is visible to the network.

View file

@ -0,0 +1,274 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.freshrss;
poolName = "freshrss";
in
{
meta.maintainers = with maintainers; [ etu stunkymonkey ];
options.services.freshrss = {
enable = mkEnableOption (mdDoc "FreshRSS feed reader");
package = mkOption {
type = types.package;
default = pkgs.freshrss;
defaultText = lib.literalExpression "pkgs.freshrss";
description = mdDoc "Which FreshRSS package to use.";
};
defaultUser = mkOption {
type = types.str;
default = "admin";
description = mdDoc "Default username for FreshRSS.";
example = "eva";
};
passwordFile = mkOption {
type = types.path;
description = mdDoc "Password for the defaultUser for FreshRSS.";
example = "/run/secrets/freshrss";
};
baseUrl = mkOption {
type = types.str;
description = mdDoc "Default URL for FreshRSS.";
example = "https://freshrss.example.com";
};
language = mkOption {
type = types.str;
default = "en";
description = mdDoc "Default language for FreshRSS.";
example = "de";
};
database = {
type = mkOption {
type = types.enum [ "sqlite" "pgsql" "mysql" ];
default = "sqlite";
description = mdDoc "Database type.";
example = "pgsql";
};
host = mkOption {
type = types.nullOr types.str;
default = "localhost";
description = mdDoc "Database host for FreshRSS.";
};
port = mkOption {
type = with types; nullOr port;
default = null;
description = mdDoc "Database port for FreshRSS.";
example = 3306;
};
user = mkOption {
type = types.nullOr types.str;
default = "freshrss";
description = mdDoc "Database user for FreshRSS.";
};
passFile = mkOption {
type = types.nullOr types.str;
default = null;
description = mdDoc "Database password file for FreshRSS.";
example = "/run/secrets/freshrss";
};
name = mkOption {
type = types.nullOr types.str;
default = "freshrss";
description = mdDoc "Database name for FreshRSS.";
};
tableprefix = mkOption {
type = types.nullOr types.str;
default = null;
description = mdDoc "Database table prefix for FreshRSS.";
example = "freshrss";
};
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/freshrss";
description = mdDoc "Default data folder for FreshRSS.";
example = "/mnt/freshrss";
};
virtualHost = mkOption {
type = types.nullOr types.str;
default = "freshrss";
description = mdDoc ''
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
'';
};
pool = mkOption {
type = types.str;
default = poolName;
description = mdDoc ''
Name of the phpfpm pool to use and setup. If not specified, a pool will be created
with default values.
'';
};
};
config =
let
systemd-hardening = {
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
DeviceAllow = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
UMask = "0007";
};
in
mkIf cfg.enable {
# Set up a Nginx virtual host.
services.nginx = mkIf (cfg.virtualHost != null) {
enable = true;
virtualHosts.${cfg.virtualHost} = {
root = "${cfg.package}/p";
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
locations."/" = {
tryFiles = "$uri $uri/ index.php";
index = "index.php index.html index.htm";
};
};
};
# Set up phpfpm pool
services.phpfpm.pools = mkIf (cfg.pool == poolName) {
${poolName} = {
user = "freshrss";
settings = {
"listen.owner" = "nginx";
"listen.group" = "nginx";
"listen.mode" = "0600";
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"catch_workers_output" = true;
};
phpEnv = {
FRESHRSS_DATA_PATH = "${cfg.dataDir}";
};
};
};
users.users.freshrss = {
description = "FreshRSS service user";
isSystemUser = true;
group = "freshrss";
};
users.groups.freshrss = { };
systemd.services.freshrss-config =
let
settingsFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") {
"--default_user" = ''"${cfg.defaultUser}"'';
"--auth_type" = ''"form"'';
"--base_url" = ''"${cfg.baseUrl}"'';
"--language" = ''"${cfg.language}"'';
"--db-type" = ''"${cfg.database.type}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${if cfg.database.name != null then "--db-base" else null} = ''"${cfg.database.name}"'';
${if cfg.database.passFile != null then "--db-password" else null} = ''"$(cat ${cfg.database.passFile})"'';
${if cfg.database.user != null then "--db-user" else null} = ''"${cfg.database.user}"'';
${if cfg.database.tableprefix != null then "--db-prefix" else null} = ''"${cfg.database.tableprefix}"'';
${if cfg.database.host != null && cfg.database.port != null then "--db-host" else null} = ''"${cfg.database.host}:${toString cfg.database.port}"'';
});
in
{
description = "Set up the state directory for FreshRSS before use";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = "freshrss";
Group = "freshrss";
StateDirectory = "freshrss";
WorkingDirectory = cfg.package;
} // systemd-hardening;
environment = {
FRESHRSS_DATA_PATH = cfg.dataDir;
};
script = ''
# create files with correct permissions
mkdir -m 755 -p ${cfg.dataDir}
# do installation or reconfigure
if test -f ${cfg.dataDir}/config.php; then
# reconfigure with settings
${pkgs.php}/bin/php ./cli/reconfigure.php ${settingsFlags}
${pkgs.php}/bin/php ./cli/update-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
else
# Copy the user data template directory
cp -r ./data ${cfg.dataDir}
# check correct folders in data folder
${pkgs.php}/bin/php ./cli/prepare.php
# install with settings
${pkgs.php}/bin/php ./cli/do-install.php ${settingsFlags}
${pkgs.php}/bin/php ./cli/create-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
fi
'';
};
systemd.services.freshrss-updater = {
description = "FreshRSS feed updater";
after = [ "freshrss-config.service" ];
wantedBy = [ "multi-user.target" ];
startAt = "*:0/5";
environment = {
FRESHRSS_DATA_PATH = cfg.dataDir;
};
serviceConfig = {
Type = "oneshot";
User = "freshrss";
Group = "freshrss";
StateDirectory = "freshrss";
WorkingDirectory = cfg.package;
ExecStart = "${pkgs.php}/bin/php ./app/actualize_script.php";
} // systemd-hardening;
};
};
}

View file

@ -252,7 +252,10 @@ in
.rabbitmq.url = "${cfg.rabbitmqUrl}"
' /run/onlyoffice/config/default.json | sponge /run/onlyoffice/config/default.json
if ! psql -d onlyoffice -c "SELECT 'task_result'::regclass;" >/dev/null; then
if psql -d onlyoffice -c "SELECT 'task_result'::regclass;" >/dev/null; then
psql -f ${cfg.package}/var/www/onlyoffice/documentserver/server/schema/postgresql/removetbl.sql
psql -f ${cfg.package}/var/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
else
psql -f ${cfg.package}/var/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
fi
'';

View file

@ -26,7 +26,7 @@ let
configFile =
let
Caddyfile = pkgs.writeText "Caddyfile" ''
Caddyfile = pkgs.writeTextDir "Caddyfile" ''
{
${cfg.globalConfig}
}
@ -34,10 +34,11 @@ let
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
mkdir -p $out
${cfg.package}/bin/caddy fmt ${Caddyfile}/Caddyfile > $out/Caddyfile
'';
in
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile;
"${if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile}/Caddyfile";
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
@ -142,7 +143,7 @@ in
default = configFile;
defaultText = "A Caddyfile automatically generated by values from services.caddy.*";
example = literalExpression ''
pkgs.writeText "Caddyfile" '''
pkgs.writeTextDir "Caddyfile" '''
example.com
root * /var/www/wordpress
@ -157,17 +158,24 @@ in
};
adapter = mkOption {
default = "caddyfile";
example = "nginx";
type = types.str;
default = null;
example = literalExpression "nginx";
type = with types; nullOr str;
description = lib.mdDoc ''
Name of the config adapter to use.
See <https://caddyserver.com/docs/config-adapters>
for the full list.
If `null` is specified, the `--adapter` argument is omitted when
starting or restarting Caddy. Notably, this allows specification of a
configuration file in Caddy's native JSON format, as long as the
filename does not start with `Caddyfile` (in which case the `caddyfile`
adapter is implicitly enabled). See
<https://caddyserver.com/docs/command-line#caddy-run> for details.
::: {.note}
Any value other than `caddyfile` is only valid when
providing your own {option}`configFile`.
Any value other than `null` or `caddyfile` is only valid when providing
your own `configFile`.
:::
'';
};
@ -264,8 +272,8 @@ in
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
{ assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
}
] ++ map (name: mkCertOwnershipAssertion {
inherit (cfg) group user;
@ -295,10 +303,9 @@ in
serviceConfig = {
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
ExecStart = [ "" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}" ];
ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter} --force" ];
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
ExecStart = [ "" ''${cfg.package}/bin/caddy run --config ${cfg.configFile} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"} ${optionalString cfg.resume "--resume"}'' ];
ExecReload = [ "" ''${cfg.package}/bin/caddy reload --config ${cfg.configFile} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"} --force'' ];
ExecStartPre = ''${cfg.package}/bin/caddy validate --config ${cfg.configFile} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"}'';
User = cfg.user;
Group = cfg.group;
ReadWriteDirectories = cfg.dataDir;

View file

@ -444,11 +444,14 @@ in
services.xserver.displayManager.setupCommands = startplasma;
nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
})
environment.etc = {
"xdg/kwinrc".text = lib.generators.toINI {} cfg.kwinrc;
"xdg/kdeglobals".text = lib.generators.toINI {} cfg.kdeglobals;
};
(mkIf (cfg.kwinrc != {}) {
environment.etc."xdg/kwinrc".text = lib.generators.toINI {} cfg.kwinrc;
})
(mkIf (cfg.kdeglobals != {}) {
environment.etc."xdg/kdeglobals".text = lib.generators.toINI {} cfg.kdeglobals;
})
# Plasma Desktop

View file

@ -555,6 +555,9 @@ while read -u 3 mountPoint; do
umount /tmp-iso
rmdir /tmp-iso
if [ -n "$isoPath" ] && [ $fsType = "iso9660" ] && mountpoint -q /findiso; then
umount /findiso
fi
continue
fi

View file

@ -0,0 +1,57 @@
{ config, lib, ... }: let
cfg = config.systemd.oomd;
in {
options.systemd.oomd = {
enable = lib.mkEnableOption (lib.mdDoc "the `systemd-oomd` OOM killer") // { default = true; };
# Fedora enables the first and third option by default. See the 10-oomd-* files here:
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac351025597
enableRootSlice = lib.mkEnableOption (lib.mdDoc "oomd on the root slice (`-.slice`)");
enableSystemSlice = lib.mkEnableOption (lib.mdDoc "oomd on the system slice (`system.slice`)");
enableUserServices = lib.mkEnableOption (lib.mdDoc "oomd on all user services (`user@.service`)");
extraConfig = lib.mkOption {
type = with lib.types; attrsOf (oneOf [ str int bool ]);
default = {};
example = lib.literalExpression ''{ DefaultMemoryPressureDurationSec = "20s"; }'';
description = lib.mdDoc ''
Extra config options for `systemd-oomd`. See {command}`man oomd.conf`
for available options.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.additionalUpstreamSystemUnits = [
"systemd-oomd.service"
"systemd-oomd.socket"
];
systemd.services.systemd-oomd.wantedBy = [ "multi-user.target" ];
environment.etc."systemd/oomd.conf".text = lib.generators.toINI {} {
OOM = cfg.extraConfig;
};
systemd.oomd.extraConfig.DefaultMemoryPressureDurationSec = lib.mkDefault "20s"; # Fedora default
users.users.systemd-oom = {
description = "systemd-oomd service user";
group = "systemd-oom";
isSystemUser = true;
};
users.groups.systemd-oom = { };
systemd.slices."-".sliceConfig = lib.mkIf cfg.enableRootSlice {
ManagedOOMSwap = "kill";
};
systemd.slices."system".sliceConfig = lib.mkIf cfg.enableSystemSlice {
ManagedOOMSwap = "kill";
};
systemd.services."user@".serviceConfig = lib.mkIf cfg.enableUserServices {
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "50%";
};
};
}

View file

@ -221,6 +221,8 @@ in
'';
startAt = optional cfg.autoPrune.enable cfg.autoPrune.dates;
after = [ "docker.service" ];
requires = [ "docker.service" ];
};
assertions = [

View file

@ -0,0 +1,75 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ../profiles/qemu-guest.nix ];
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = mkDefault false;
};
networking = {
usePredictableInterfaceNames = false;
useDHCP = false;
interfaces.eth0 = {
useDHCP = true;
# Linode expects IPv6 privacy extensions to be disabled, so disable them
# See: https://www.linode.com/docs/guides/manual-network-configuration/#static-vs-dynamic-addressing
tempAddress = "disabled";
};
};
# Install diagnostic tools for Linode support
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
fileSystems."/" = {
fsType = "ext4";
device = "/dev/sda";
autoResize = true;
};
swapDevices = mkDefault [{ device = "/dev/sdb"; }];
# Enable LISH and Linode Booting w/ GRUB
boot = {
# Add Required Kernel Modules
# NOTE: These are not documented in the install guide
initrd.availableKernelModules = [
"virtio_pci"
"virtio_scsi"
"ahci"
"sd_mod"
];
# Set Up LISH Serial Connection
kernelParams = [ "console=ttyS0,19200n8" ];
kernelModules = [ "virtio_net" ];
loader = {
# Increase Timeout to Allow LISH Connection
# NOTE: The image generator tries to set a timeout of 0, so we must force
timeout = lib.mkForce 10;
grub = {
enable = true;
version = 2;
forceInstall = true;
device = "nodev";
# Allow serial connection for GRUB to be able to use LISH
extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
};
};
};
}

View file

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.linodeImage;
defaultConfigFile = pkgs.writeText "configuration.nix" ''
_: {
imports = [
<nixpkgs/nixos/modules/virtualisation/linode-image.nix>
];
}
'';
in
{
imports = [ ./linode-config.nix ];
options = {
virtualisation.linodeImage.diskSize = mkOption {
type = with types; either (enum (singleton "auto")) ints.positive;
default = "auto";
example = 1536;
description = ''
Size of disk image in MB.
'';
};
virtualisation.linodeImage.configFile = mkOption {
type = with types; nullOr str;
default = null;
description = ''
A path to a configuration file which will be placed at `/etc/nixos/configuration.nix`
and be used when switching to a new configuration.
If set to `null`, a default configuration is used, where the only import is
`<nixpkgs/nixos/modules/virtualisation/linode-image.nix>`
'';
};
virtualisation.linodeImage.compressionLevel = mkOption {
type = types.ints.between 1 9;
default = 6;
description = ''
GZIP compression level of the resulting disk image (1-9).
'';
};
};
config = {
system.build.linodeImage = import ../../lib/make-disk-image.nix {
name = "linode-image";
# NOTE: Linode specifically requires images to be `gzip`-ed prior to upload
# See: https://www.linode.com/docs/products/tools/images/guides/upload-an-image/#requirements-and-considerations
postVM = ''
${pkgs.gzip}/bin/gzip -${toString cfg.compressionLevel} -c -- $diskImage > \
$out/nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img.gz
rm $diskImage
'';
format = "raw";
partitionTableType = "none";
configFile = if cfg.configFile == null then defaultConfigFile else cfg.configFile;
inherit (cfg) diskSize;
inherit config lib pkgs;
};
};
meta.maintainers = with maintainers; [ houstdav000 ];
}

View file

@ -69,7 +69,7 @@ in rec {
imagemagick
jdk
linux
mysql
mariadb
nginx
nodejs
openssh

View file

@ -22,8 +22,8 @@ let
import ./tests/all-tests.nix {
inherit system;
pkgs = import ./.. { inherit system; };
callTest = t: {
${system} = hydraJob t.test;
callTest = config: {
${system} = hydraJob config.test;
};
} // {
# for typechecking of the scripts and evaluation of
@ -32,8 +32,8 @@ let
import ./tests/all-tests.nix {
inherit system;
pkgs = import ./.. { inherit system; };
callTest = t: {
${system} = hydraJob t.test.driver;
callTest = config: {
${system} = hydraJob config.driver;
};
};
};

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ...} : {
{ lib, pkgs, ... }: {
name = "3proxy";
meta = with pkgs.lib.maintainers; {
meta = with lib.maintainers; {
maintainers = [ misuzu ];
};
@ -92,7 +92,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
networking.firewall.allowedTCPPorts = [ 3128 9999 ];
};
peer3 = { lib, ... }: {
peer3 = { lib, pkgs, ... }: {
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = [
@ -186,4 +186,4 @@ import ./make-test-python.nix ({ pkgs, ...} : {
"${pkgs.wget}/bin/wget -e use_proxy=yes -e http_proxy=http://192.168.0.4:3128 -S -O /dev/null http://127.0.0.1:9999"
)
'';
})
}

View file

@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: let
{ pkgs, lib, ... }: let
commonConfig = ./common/acme/client;
dnsServerIP = nodes: nodes.dnsserver.config.networking.primaryIPAddress;
dnsServerIP = nodes: nodes.dnsserver.networking.primaryIPAddress;
dnsScript = nodes: let
dnsAddress = dnsServerIP nodes;
@ -153,7 +153,7 @@ in {
description = "Pebble ACME challenge test server";
wantedBy = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.config.networking.primaryIPAddress}'";
ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.networking.primaryIPAddress}'";
# Required to bind on privileged ports.
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
@ -175,7 +175,7 @@ in {
specialisation = {
# First derivation used to test general ACME features
general.configuration = { ... }: let
caDomain = nodes.acme.config.test-support.acme.caDomain;
caDomain = nodes.acme.test-support.acme.caDomain;
email = config.security.acme.defaults.email;
# Exit 99 to make it easier to track if this is the reason a renew failed
accountCreateTester = ''
@ -316,7 +316,7 @@ in {
testScript = { nodes, ... }:
let
caDomain = nodes.acme.config.test-support.acme.caDomain;
caDomain = nodes.acme.test-support.acme.caDomain;
newServerSystem = nodes.webserver.config.system.build.toplevel;
switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
in
@ -438,7 +438,7 @@ in {
client.wait_for_unit("default.target")
client.succeed(
'curl --data \'{"host": "${caDomain}", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a'
'curl --data \'{"host": "${caDomain}", "addresses": ["${nodes.acme.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a'
)
acme.wait_for_unit("network-online.target")
@ -594,4 +594,4 @@ in {
wait_for_server()
check_connection_key_bits(client, test_domain, "384")
'';
})
}

View file

@ -1,4 +1,4 @@
import ./make-test-python.nix {
{
name = "adguardhome";
nodes = {

View file

@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
{ pkgs, lib, ... }: {
name = "aesmd";
meta = {
maintainers = with lib.maintainers; [ veehaitch ];
@ -59,4 +59,4 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
assert aesmd_config == "whitelist url = http://nixos.org\nproxy type = direct\ndefault quoting type = ecdsa_256\n", "aesmd.conf differs"
'';
})
}

View file

@ -1,4 +1,11 @@
{ system, pkgs, callTest }:
{ system,
pkgs,
# Projects the test configuration into a the desired value; usually
# the test runner: `config: config.test`.
callTest,
}:
# The return value of this function will be an attrset with arbitrary depth and
# the `anything` returned by callTest at its test leafs.
# The tests not supported by `system` will be replaced with `{}`, so that
@ -11,9 +18,18 @@ with pkgs.lib;
let
discoverTests = val:
if !isAttrs val then val
else if hasAttr "test" val then callTest val
else mapAttrs (n: s: discoverTests s) val;
if isAttrs val
then
if hasAttr "test" val then callTest val
else mapAttrs (n: s: discoverTests s) val
else if isFunction val
then
# Tests based on make-test-python.nix will return the second lambda
# in that file, which are then forwarded to the test definition
# following the `import make-test-python.nix` expression
# (if it is a function).
discoverTests (val { inherit system pkgs; })
else val;
handleTest = path: args:
discoverTests (import path ({ inherit system pkgs; } // args));
handleTestOn = systems: path: args:
@ -27,12 +43,34 @@ let
};
evalMinimalConfig = module: nixosLib.evalModules { modules = [ module ]; };
inherit
(rec {
doRunTest = arg: ((import ../lib/testing-python.nix { inherit system pkgs; }).evalTest {
imports = [ arg ];
}).config.result;
findTests = tree:
if tree?recurseForDerivations && tree.recurseForDerivations
then
mapAttrs
(k: findTests)
(builtins.removeAttrs tree ["recurseForDerivations"])
else callTest tree;
runTest = arg: let r = doRunTest arg; in findTests r;
runTestOn = systems: arg:
if elem system systems then runTest arg
else {};
})
runTest
runTestOn
;
in {
_3proxy = handleTest ./3proxy.nix {};
acme = handleTest ./acme.nix {};
adguardhome = handleTest ./adguardhome.nix {};
aesmd = handleTest ./aesmd.nix {};
agate = handleTest ./web-servers/agate.nix {};
_3proxy = runTest ./3proxy.nix;
acme = runTest ./acme.nix;
adguardhome = runTest ./adguardhome.nix;
aesmd = runTest ./aesmd.nix;
agate = runTest ./web-servers/agate.nix;
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
allTerminfo = handleTest ./all-terminfo.nix {};
@ -86,7 +124,7 @@ in {
cjdns = handleTest ./cjdns.nix {};
clickhouse = handleTest ./clickhouse.nix {};
cloud-init = handleTest ./cloud-init.nix {};
cntr = handleTest ./cntr.nix {};
cntr = handleTestOn ["aarch64-linux" "x86_64-linux"] ./cntr.nix {};
cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {};
collectd = handleTest ./collectd.nix {};
consul = handleTest ./consul.nix {};
@ -160,7 +198,6 @@ in {
ferm = handleTest ./ferm.nix {};
firefox = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox; };
firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job
firefox-esr-91 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-91; };
firefox-esr-102 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-102; };
firejail = handleTest ./firejail.nix {};
firewall = handleTest ./firewall.nix {};
@ -170,6 +207,7 @@ in {
fluidd = handleTest ./fluidd.nix {};
fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {};
freeswitch = handleTest ./freeswitch.nix {};
freshrss = handleTest ./freshrss.nix {};
frr = handleTest ./frr.nix {};
fsck = handleTest ./fsck.nix {};
ft2-clone = handleTest ./ft2-clone.nix {};
@ -277,6 +315,7 @@ in {
komga = handleTest ./komga.nix {};
krb5 = discoverTests (import ./krb5 {});
ksm = handleTest ./ksm.nix {};
kthxbye = handleTest ./kthxbye.nix {};
kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {};
languagetool = handleTest ./languagetool.nix {};
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
@ -568,6 +607,7 @@ in {
systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {};
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
systemd-nspawn = handleTest ./systemd-nspawn.nix {};
systemd-oomd = handleTest ./systemd-oomd.nix {};
systemd-shutdown = handleTest ./systemd-shutdown.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-misc = handleTest ./systemd-misc.nix {};
@ -609,6 +649,9 @@ in {
user-home-mode = handleTest ./user-home-mode.nix {};
uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {};
varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; };
varnish71 = handleTest ./varnish.nix { package = pkgs.varnish71; };
varnish72 = handleTest ./varnish.nix { package = pkgs.varnish72; };
vault = handleTest ./vault.nix {};
vault-dev = handleTest ./vault-dev.nix {};
vault-postgresql = handleTest ./vault-postgresql.nix {};

View file

@ -1,7 +1,7 @@
{ lib, nodes, pkgs, ... }:
let
caCert = nodes.acme.config.test-support.acme.caCert;
caDomain = nodes.acme.config.test-support.acme.caDomain;
caCert = nodes.acme.test-support.acme.caCert;
caDomain = nodes.acme.test-support.acme.caDomain;
in {
security.acme = {

View file

@ -18,10 +18,10 @@
#
# example = { nodes, ... }: {
# networking.nameservers = [
# nodes.acme.config.networking.primaryIPAddress
# nodes.acme.networking.primaryIPAddress
# ];
# security.pki.certificateFiles = [
# nodes.acme.config.test-support.acme.caCert
# nodes.acme.test-support.acme.caCert
# ];
# };
# }
@ -36,7 +36,7 @@
# acme = { nodes, lib, ... }: {
# imports = [ ./common/acme/server ];
# networking.nameservers = lib.mkForce [
# nodes.myresolver.config.networking.primaryIPAddress
# nodes.myresolver.networking.primaryIPAddress
# ];
# };
#

View file

@ -1,5 +1,6 @@
import ./make-test-python.nix (
{
name = "corerad";
nodes = {
router = {config, pkgs, ...}: {
config = {

View file

@ -1,7 +1,7 @@
# This test runs CRI-O and verifies via critest
import ./make-test-python.nix ({ pkgs, ... }: {
name = "cri-o";
meta.maintainers = with pkgs.lib.maintainers; teams.podman.members;
meta.maintainers = with pkgs.lib; teams.podman.members;
nodes = {
crio = {

View file

@ -11,6 +11,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
{ pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
virtualisation.docker.package = pkgs.docker;
users.users = {

View file

@ -0,0 +1,19 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "freshrss";
meta.maintainers = with lib.maintainers; [ etu stunkymonkey ];
nodes.machine = { pkgs, ... }: {
services.freshrss = {
enable = true;
baseUrl = "http://localhost";
passwordFile = pkgs.writeText "password" "secret";
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.wait_for_open_port(80)
response = machine.succeed("curl -vvv -s -H 'Host: freshrss' http://127.0.0.1:80/i/")
assert '<title>Login · FreshRSS</title>' in response, "Login page didn't load successfully"
'';
})

View file

@ -1,4 +1,5 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "ghostunnel";
nodes = {
backend = { pkgs, ... }: {
services.nginx.enable = true;

View file

@ -40,7 +40,7 @@ let
name = tested.name;
meta = {
maintainers = tested.meta.maintainers;
maintainers = tested.meta.maintainers or [];
};
nodes.machine = { ... }: {

View file

@ -324,6 +324,9 @@ let
desktop-file-utils
docbook5
docbook_xsl_ns
(docbook-xsl-ns.override {
withManOptDedupPatch = true;
})
kmod.dev
libarchive.dev
libxml2.bin
@ -333,6 +336,13 @@ let
perlPackages.ListCompare
perlPackages.XMLLibXML
python3Minimal
# make-options-doc/default.nix
(let
self = (pkgs.python3Minimal.override {
inherit self;
includeSiteCustomize = true;
});
in self.withPackages (p: [ p.mistune ]))
shared-mime-info
sudo
texinfo

View file

@ -0,0 +1,110 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "kthxbye";
meta = with lib.maintainers; {
maintainers = [ nukaduka ];
};
nodes.server = { ... }: {
environment.systemPackages = with pkgs; [ prometheus-alertmanager ];
services.prometheus = {
enable = true;
globalConfig = {
scrape_interval = "5s";
scrape_timeout = "5s";
evaluation_interval = "5s";
};
scrapeConfigs = [
{
job_name = "prometheus";
scrape_interval = "5s";
static_configs = [
{
targets = [ "localhost:9090" ];
}
];
}
];
rules = [
''
groups:
- name: test
rules:
- alert: node_up
expr: up != 0
for: 5s
labels:
severity: bottom of the barrel
annotations:
summary: node is fine
''
];
alertmanagers = [
{
static_configs = [
{
targets = [
"localhost:9093"
];
}
];
}
];
alertmanager = {
enable = true;
openFirewall = true;
configuration.route = {
receiver = "test";
group_wait = "5s";
group_interval = "5s";
group_by = [ "..." ];
};
configuration.receivers = [
{
name = "test";
webhook_configs = [
{
url = "http://localhost:1234";
}
];
}
];
};
};
services.kthxbye = {
enable = true;
openFirewall = true;
extendIfExpiringIn = "30s";
logJSON = true;
maxDuration = "15m";
interval = "5s";
};
};
testScript = ''
with subtest("start the server"):
start_all()
server.wait_for_unit("prometheus.service")
server.wait_for_unit("alertmanager.service")
server.wait_for_unit("kthxbye.service")
server.sleep(2) # wait for units to settle
server.systemctl("restart kthxbye.service") # make sure kthxbye comes up after alertmanager
server.sleep(2)
with subtest("set up test silence which expires in 20s"):
server.succeed('amtool --alertmanager.url "http://localhost:9093" silence add alertname="node_up" -a "nixosTest" -d "20s" -c "ACK! this server is fine!!"')
with subtest("wait for 21 seconds and check if the silence is still active"):
server.sleep(21)
server.systemctl("status kthxbye.service")
server.succeed("amtool --alertmanager.url 'http://localhost:9093' silence | grep 'ACK'")
'';
})

View file

@ -1,4 +1,6 @@
import ../make-test-python.nix {
name = "lorri";
nodes.machine = { pkgs, ... }: {
imports = [ ../../modules/profiles/minimal.nix ];
environment.systemPackages = [ pkgs.lorri ];

View file

@ -7,6 +7,8 @@ with pkgs.lib;
let
matomoTest = package:
makeTest {
name = "matomo";
nodes.machine = { config, pkgs, ... }: {
services.matomo = {
package = package;

View file

@ -3,6 +3,8 @@ import ../make-test-python.nix ({ pkgs, ... }:
name = "conduit";
in
{
name = "matrix-conduit";
nodes = {
conduit = args: {
services.matrix-conduit = {

View file

@ -19,6 +19,7 @@ let
});
testLegacyNetwork = { nixopsPkg }: pkgs.nixosTest ({
name = "nixops-legacy-network";
nodes = {
deployer = { config, lib, nodes, pkgs, ... }: {
imports = [ ../../modules/installer/cd-dvd/channel.nix ];

View file

@ -2,6 +2,7 @@ let
name = "pam";
in
import ../make-test-python.nix ({ pkgs, ... }: {
name = "pam-file-contents";
nodes.machine = { ... }: {
imports = [ ../../modules/profiles/minimal.nix ];

View file

@ -106,15 +106,15 @@ import ./make-test-python.nix ({ pkgs, lib, buildDeps ? [ ], pythonEnv ? [ ], ..
&& sed -i 's|driver_local.maximize_window()||' web/regression/runtests.py"
)
# don't bother to test LDAP authentification
# exclude resql test due to recent postgres 14.4 update
# see bugreport here https://redmine.postgresql.org/issues/7527
# Don't bother to test LDAP or kerberos authentification
# For now deactivate change_password API test. Current bug report at https://redmine.postgresql.org/issues/7648
# Password change works from the UI, if email SMTP is configured.
with subtest("run browser test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& python regression/runtests.py \
--pkg browser \
--exclude browser.tests.test_ldap_login.LDAPLoginTestCase,browser.tests.test_ldap_login,resql'
--exclude browser.tests.test_ldap_login.LDAPLoginTestCase,browser.tests.test_ldap_login,browser.tests.test_kerberos_with_mocking,browser.tests.test_change_password'
)
# fontconfig is necessary for chromium to run
@ -126,11 +126,10 @@ import ./make-test-python.nix ({ pkgs, lib, buildDeps ? [ ], pythonEnv ? [ ], ..
&& python regression/runtests.py --pkg feature_tests'
)
# reactivate this test again, when the postgres 14.4 test has been fixed
# with subtest("run resql test"):
# machine.succeed(
# 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
# && python regression/runtests.py --pkg resql'
# )
with subtest("run resql test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& python regression/runtests.py --pkg resql'
)
'';
})

View file

@ -5,6 +5,8 @@ import ./make-test-python.nix (
mode = "0640";
};
in {
name = "pppd";
nodes = {
server = {config, pkgs, ...}: {
config = {

View file

@ -1,6 +1,12 @@
# This test runs rabbitmq and checks if rabbitmq is up and running.
import ./make-test-python.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }:
let
# in real life, you would keep this out of your repo and deploy it to a safe
# location using safe means.
configKeyPath = pkgs.writeText "fake-config-key" "hOjWzSEn2Z7cHzKOcf6i183O2NdjurSuoMDIIv01";
in
{
name = "rabbitmq";
meta = with pkgs.lib.maintainers; {
maintainers = [ eelco offline ];
@ -10,6 +16,29 @@ import ./make-test-python.nix ({ pkgs, ... }: {
services.rabbitmq = {
enable = true;
managementPlugin.enable = true;
# To encrypt:
# rabbitmqctl --quiet encode --cipher blowfish_cfb64 --hash sha256 \
# --iterations 10000 '<<"dJT8isYu6t0Xb6u56rPglSj1vK51SlNVlXfwsRxw">>' \
# "hOjWzSEn2Z7cHzKOcf6i183O2NdjurSuoMDIIv01" ;
config = ''
[ { rabbit
, [ {default_user, <<"alice">>}
, { default_pass
, {encrypted,<<"oKKxyTze9PYmsEfl6FG1MxIUhxY7WPQL7HBoMPRC/1ZOdOZbtr9+DxjWW3e1D5SL48n3D9QOsGD0cOgYG7Qdvb7Txrepw8w=">>}
}
, {config_entry_decoder
, [ {passphrase, {file, <<"${configKeyPath}">>}}
, {cipher, blowfish_cfb64}
, {hash, sha256}
, {iterations, 10000}
]
}
% , {rabbitmq_management, [{path_prefix, "/_queues"}]}
]
}
].
'';
};
# Ensure there is sufficient extra disk space for rabbitmq to be happy
virtualisation.diskSize = 1024;
@ -23,5 +52,10 @@ import ./make-test-python.nix ({ pkgs, ... }: {
'su -s ${pkgs.runtimeShell} rabbitmq -c "rabbitmqctl status"'
)
machine.wait_for_open_port(15672)
# The password is the plaintext that was encrypted with rabbitmqctl encode above.
machine.wait_until_succeeds(
'${pkgs.rabbitmq-java-client}/bin/PerfTest --time 10 --uri amqp://alice:dJT8isYu6t0Xb6u56rPglSj1vK51SlNVlXfwsRxw@localhost'
)
'';
})

View file

@ -0,0 +1,37 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "systemd-oomd";
nodes.machine = { pkgs, ... }: {
systemd.oomd.extraConfig.DefaultMemoryPressureDurationSec = "1s"; # makes the test faster
# Kill cgroups when more than 1% pressure is encountered
systemd.slices."-".sliceConfig = {
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "1%";
};
# A service to bring the system under memory pressure
systemd.services.testservice = {
serviceConfig.ExecStart = "${pkgs.coreutils}/bin/tail /dev/zero";
};
# Do not kill the backdoor
systemd.services.backdoor.serviceConfig.ManagedOOMMemoryPressure = "auto";
virtualisation.memorySize = 1024;
};
testScript = ''
# Start the system
machine.wait_for_unit("multi-user.target")
machine.succeed("oomctl")
# Bring the system into memory pressure
machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # NixOS tests kill the VM when the OOM killer is invoked - override this
machine.succeed("systemctl start testservice")
# Wait for oomd to kill something
# Matches these lines:
# systemd-oomd[508]: Killed /system.slice/systemd-udevd.service due to memory pressure for / being 3.26% > 1.00% for > 1s with reclaim activity
machine.wait_until_succeeds("journalctl -b | grep -q 'due to memory pressure for'")
'';
})

View file

@ -1,4 +1,6 @@
import ./make-test-python.nix {
name = "thelounge";
nodes = {
private = { config, pkgs, ... }: {
services.thelounge = {

View file

@ -20,7 +20,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: let
port = 1081;
listen = "127.0.0.1";
protocol = "vmess";
settings.clients = [v2rayUser];
settings.clients = [ v2rayUser ];
}
];
outbounds = [
@ -30,7 +30,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: let
settings.vnext = [{
address = "127.0.0.1";
port = 1081;
users = [v2rayUser];
users = [ v2rayUser ];
}];
}
{
@ -49,6 +49,14 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: let
inboundTag = "vmess_in";
outboundTag = "direct";
}
# Assert assets "geoip" and "geosite" are accessible.
{
type = "field";
ip = [ "geoip:private" ];
domain = [ "geosite:category-ads" ];
outboundTag = "direct";
}
];
};

Some files were not shown because too many files have changed in this diff Show more