Project import generated by Copybara.

GitOrigin-RevId: 1dc37370c489b610f8b91d7fdd40633163ffbafd
This commit is contained in:
Default email 2020-10-27 01:29:36 +01:00
parent 1c1152c874
commit ae1b531433
726 changed files with 11112 additions and 7020 deletions

View file

@ -96,8 +96,8 @@
/pkgs/development/ruby-modules @alyssais
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7
/pkgs/build-support/rust @andir
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
/pkgs/build-support/rust @andir @zowoq
# Darwin-related
/pkgs/stdenv/darwin @NixOS/darwin-maintainers

View file

@ -53,10 +53,10 @@ For package version upgrades and such a one-line commit message is usually suffi
Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches).
1. Take note of the commits in which the change was introduced into `master` branch.
2. Check out the target _release branch_, e.g. `release-20.03`. Do not use a _channel branch_ like `nixos-20.03` or `nixpkgs-20.03`.
2. Check out the target _release branch_, e.g. `release-20.09`. Do not use a _channel branch_ like `nixos-20.09` or `nixpkgs-20.09`.
3. Create a branch for your change, e.g. `git checkout -b backport`.
4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.03`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.03]`.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`.
## Reviewing contributions

View file

@ -0,0 +1,34 @@
# Stale bot information
- Thanks for your contribution!
- To remove the stale label, just leave a new comment.
- _How to find the right people to ping?_ &rarr; [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on the [#nixos IRC channel](https://webchat.freenode.net/#nixos).
## Suggestions for PRs
1. If it is unfinished but you plan to finish it, please mark it as a draft.
2. If you don't expect to work on it any time soon, closing it with a short comment may encourage someone else to pick up your work.
3. To get things rolling again, rebase the PR against the target branch and address valid comments.
4. If you need a review to move forward, ask in [the Discourse thread for PRs that need help](https://discourse.nixos.org/t/prs-in-distress/3604).
5. If all you need is a merge, check the git history to find and [request reviews](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review) from people who usually merge related contributions.
## Suggestions for issues
1. If it is resolved (either for you personally, or in general), please consider closing it.
2. If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
3. If you still have interest in resolving it, try to ping somebody who you believe might have an interest in the topic. Consider discussing the problem in [our Discourse Forum](https://discourse.nixos.org/).
4. As with all open source projects, your best option is to submit a Pull Request that addresses this issue. We :heart: this attitude!
**Memorandum on closing issues**
Don't be afraid to close an issue that holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen--nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
## Useful GitHub search queries
- [Open PRs with any stale-bot interaction](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+)
- [Open PRs with any stale-bot interaction and `2.status: stale`](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%222.status%3A+stale%22)
- [Open PRs with any stale-bot interaction and NOT `2.status: stale`](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%222.status%3A+stale%22+)
- [Open Issues with any stale-bot interaction](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+)
- [Open Issues with any stale-bot interaction and `2.status: stale`](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%222.status%3A+stale%22+)
- [Open Issues with any stale-bot interaction and NOT `2.status: stale`](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%222.status%3A+stale%22+)

View file

@ -1,41 +1,10 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 180
# Number of days of inactivity before a stale issue is closed
daysUntilClose: false
# Issues with these labels will never be considered stale
exemptLabels:
- "1.severity: security"
# Label to use when marking an issue as stale
- "2.status: never-stale"
staleLabel: "2.status: stale"
# Comment to post when marking an issue as stale. Set to `false` to disable
pulls:
markComment: |
Hello, I'm a bot and I thank you in the name of the community for your contributions.
Nixpkgs is a busy repository, and unfortunately sometimes PRs get left behind for too long. Nevertheless, we'd like to help committers reach the PRs that are still important. This PR has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.
If this is still important to you and you'd like to remove the stale label, we ask that you leave a comment. Your comment can be as simple as "still important to me". But there's a bit more you can do:
If you received an approval by an unprivileged maintainer and you are just waiting for a merge, you can @ mention someone with merge permissions and ask them to help. You might be able to find someone relevant by using [Git blame](https://git-scm.com/docs/git-blame) on the relevant files, or via [GitHub's web interface](https://docs.github.com/en/github/managing-files-in-a-repository/tracking-changes-in-a-file). You can see if someone's a member of the [nixpkgs-committers](https://github.com/orgs/NixOS/teams/nixpkgs-committers) team, by hovering with the mouse over their username on the web interface, or by searching them directly on [the list](https://github.com/orgs/NixOS/teams/nixpkgs-committers).
If your PR wasn't reviewed at all, it might help to find someone who's perhaps a user of the package or module you are changing, or alternatively, ask once more for a review by the maintainer of the package/module this is about. If you don't know any, you can use [Git blame](https://git-scm.com/docs/git-blame) on the relevant files, or [GitHub's web interface](https://docs.github.com/en/github/managing-files-in-a-repository/tracking-changes-in-a-file) to find someone who touched the relevant files in the past.
If your PR has had reviews and nevertheless got stale, make sure you've responded to all of the reviewer's requests / questions. Usually when PR authors show responsibility and dedication, reviewers (privileged or not) show dedication as well. If you've pushed a change, it's possible the reviewer wasn't notified about your push via email, so you can always [officially request them for a review](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review), or just @ mention them and say you've addressed their comments.
Lastly, you can always ask for help at [our Discourse Forum](https://discourse.nixos.org/), or more specifically, [at this thread](https://discourse.nixos.org/t/prs-in-distress/3604) or at [#nixos' IRC channel](https://webchat.freenode.net/#nixos).
issues:
markComment: |
Hello, I'm a bot and I thank you in the name of the community for opening this issue.
To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.
The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.
If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use [Git blame](https://git-scm.com/docs/git-blame) or [GitHub's web interface](https://docs.github.com/en/github/managing-files-in-a-repository/tracking-changes-in-a-file) on the relevant files to find them.
Lastly, you can always ask for help at [our Discourse Forum](https://discourse.nixos.org/) or at [#nixos' IRC channel](https://webchat.freenode.net/#nixos).
# Comment to post when closing a stale issue. Set to `false` to disable
markComment: |
I marked this as stale due to inactivity. &rarr; [More info](https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md)
closeComment: false

View file

@ -46,9 +46,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 20.03 release](https://hydra.nixos.org/jobset/nixos/release-20.03)
* [Continuous package builds for the NixOS 20.09 release](https://hydra.nixos.org/jobset/nixos/release-20.09)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 20.03 release](https://hydra.nixos.org/job/nixos/release-20.03/tested#tabs-constituents)
* [Tests for the NixOS 20.09 release](https://hydra.nixos.org/job/nixos/release-20.09/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are

File diff suppressed because it is too large Load diff

View file

@ -14,9 +14,25 @@
*/
{ lib }:
let
inherit (builtins) trace isAttrs isList isInt
head substring attrNames;
inherit (lib) id elem isFunction;
inherit (lib)
isInt
attrNames
isList
isAttrs
substring
addErrorContext
attrValues
concatLists
concatStringsSep
const
elem
generators
head
id
isDerivation
isFunction
mapAttrs
trace;
in
rec {
@ -94,7 +110,7 @@ rec {
trace: { a = { b = {}; }; }
=> null
*/
traceSeqN = depth: x: y: with lib;
traceSeqN = depth: x: y:
let snip = v: if isList v then noQuotes "[]" v
else if isAttrs v then noQuotes "{}" v
else v;
@ -149,7 +165,7 @@ rec {
*/
runTests =
# Tests to run
tests: lib.concatLists (lib.attrValues (lib.mapAttrs (name: test:
tests: concatLists (attrValues (mapAttrs (name: test:
let testsToRun = if tests ? tests then tests.tests else [];
in if (substring 0 4 name == "test" || elem name testsToRun)
&& ((testsToRun == []) || elem name tests.tests)
@ -176,9 +192,9 @@ rec {
+ "and will be removed in the next release. "
+ "Please use more specific concatenation "
+ "for your uses (`lib.concat(Map)StringsSep`)." )
(lib.concatStringsSep "; " (map (x: "${x}=") (attrNames a)));
(concatStringsSep "; " (map (x: "${x}=") (attrNames a)));
showVal = with lib;
showVal =
trace ( "Warning: `showVal` is deprecated "
+ "and will be removed in the next release, "
+ "please use `traceSeqN`" )
@ -226,7 +242,7 @@ rec {
trace ( "Warning: `addErrorContextToAttrs` is deprecated "
+ "and will be removed in the next release. "
+ "Please use `builtins.addErrorContext` directly." )
(lib.mapAttrs (a: v: lib.addErrorContext "while evaluating ${a}" v) attrs);
(mapAttrs (a: v: addErrorContext "while evaluating ${a}" v) attrs);
# example: (traceCallXml "myfun" id 3) will output something like
# calling myfun arg 1: 3 result: 3

View file

@ -9,7 +9,7 @@ let
lib = makeExtensible (self: let
callLibs = file: import file { lib = self; };
in with self; {
in {
# often used, or depending on very little
trivial = callLibs ./trivial.nix;
@ -54,7 +54,7 @@ let
filesystem = callLibs ./filesystem.nix;
# back-compat aliases
platforms = systems.doubles;
platforms = self.systems.doubles;
# linux kernel configuration
kernel = callLibs ./kernel.nix;
@ -63,14 +63,14 @@ let
deepSeq elem elemAt filter genericClosure genList getAttr
hasAttr head isAttrs isBool isInt isList isString length
lessThan listToAttrs pathExists readFile replaceStrings seq
stringLength sub substring tail;
inherit (trivial) id const pipe concat or and bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell min max
stringLength sub substring tail trace;
inherit (self.trivial) id const pipe concat or and bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell isFloat min max
importJSON importTOML warn info showWarnings nixpkgsVersion version mod compare
splitByAndCompare functionArgs setFunctionArgs isFunction toHexString toBaseDigits;
inherit (fixedPoints) fix fix' converge extends composeExtensions
inherit (self.fixedPoints) fix fix' converge extends composeExtensions
makeExtensible makeExtensibleWithCustomName;
inherit (attrsets) attrByPath hasAttrByPath setAttrByPath
inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
getAttrFromPath attrVals attrValues getAttrs catAttrs filterAttrs
filterAttrsRecursive foldAttrs collect nameValuePair mapAttrs
mapAttrs' mapAttrsToList mapAttrsRecursive mapAttrsRecursiveCond
@ -79,13 +79,13 @@ let
recursiveUpdate matchAttrs overrideExisting getOutput getBin
getLib getDev getMan chooseDevOutputs zipWithNames zip
recurseIntoAttrs dontRecurseIntoAttrs;
inherit (lists) singleton forEach foldr fold foldl foldl' imap0 imap1
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count
optional optionals toList range partition zipListsWith zipLists
reverseList listDfs toposort sort naturalSort compareLists take
drop sublist last init crossLists unique intersectLists
subtractLists mutuallyExclusive groupBy groupBy';
inherit (strings) concatStrings concatMapStrings concatImapStrings
inherit (self.strings) concatStrings concatMapStrings concatImapStrings
intersperse concatStringsSep concatMapStringsSep
concatImapStringsSep makeSearchPath makeSearchPathOutput
makeLibraryPath makeBinPath optionalString
@ -97,19 +97,19 @@ let
nameFromURL enableFeature enableFeatureAs withFeature
withFeatureAs fixedWidthString fixedWidthNumber isStorePath
toInt readPathsFromFile fileContents;
inherit (stringsWithDeps) textClosureList textClosureMap
inherit (self.stringsWithDeps) textClosureList textClosureMap
noDepEntry fullDepEntry packEntry stringAfter;
inherit (customisation) overrideDerivation makeOverridable
inherit (self.customisation) overrideDerivation makeOverridable
callPackageWith callPackagesWith extendDerivation hydraJob
makeScope;
inherit (meta) addMetaAttrs dontDistribute setName updateName
inherit (self.meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
hiPrioSet;
inherit (sources) pathType pathIsDirectory cleanSourceFilter
inherit (self.sources) pathType pathIsDirectory cleanSourceFilter
cleanSource sourceByRegex sourceFilesBySuffices
commitIdFromGitRepo cleanSourceWith pathHasContext
canCleanSource pathIsRegularFile pathIsGitRepo;
inherit (modules) evalModules unifyModuleSyntax
inherit (self.modules) evalModules unifyModuleSyntax
applyIfFunction mergeModules
mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions
pushDownProperties dischargeProperties filterOverrides
@ -119,21 +119,21 @@ let
mkAliasAndWrapDefinitions fixMergeModules mkRemovedOptionModule
mkRenamedOptionModule mkMergedOptionModule mkChangedOptionModule
mkAliasOptionModule doRename;
inherit (options) isOption mkEnableOption mkSinkUndeclaredOptions
inherit (self.options) isOption mkEnableOption mkSinkUndeclaredOptions
mergeDefaultOption mergeOneOption mergeEqualOption getValues
getFiles optionAttrSetToDocList optionAttrSetToDocList'
scrubOptionValue literalExample showOption showFiles
unknownModule mkOption;
inherit (types) isType setType defaultTypeMerge defaultFunctor
inherit (self.types) isType setType defaultTypeMerge defaultFunctor
isOptionType mkOptionType;
inherit (asserts)
inherit (self.asserts)
assertMsg assertOneOf;
inherit (debug) addErrorContextToAttrs traceIf traceVal traceValFn
inherit (self.debug) addErrorContextToAttrs traceIf traceVal traceValFn
traceXMLVal traceXMLValMarked traceSeq traceSeqN traceValSeq
traceValSeqFn traceValSeqN traceValSeqNFn traceShowVal
traceShowValMarked showVal traceCall traceCall2 traceCall3
traceValIfNot runTests testAllTrue traceCallXml attrNamesToStr;
inherit (misc) maybeEnv defaultMergeArg defaultMerge foldArgs
inherit (self.misc) maybeEnv defaultMergeArg defaultMerge foldArgs
maybeAttrNullable maybeAttr ifEnable checkFlag getValue
checkReqs uniqList uniqListExt condConcat lazyGenericClosure
innerModifySumArgs modifySumArgs innerClosePropagation
@ -143,7 +143,7 @@ let
mergeAttrsByFuncDefaultsClean mergeAttrBy
fakeHash fakeSha256 fakeSha512
nixType imap;
inherit (versions)
inherit (self.versions)
splitVersion;
});
in lib

View file

@ -1,9 +1,9 @@
# General list operations.
{ lib }:
with lib.trivial;
let
inherit (lib.strings) toInt;
inherit (lib.trivial) compare min;
in
rec {

View file

@ -1,12 +1,53 @@
{ lib }:
with lib.lists;
with lib.strings;
with lib.trivial;
with lib.attrsets;
with lib.options;
with lib.debug;
with lib.types;
let
inherit (lib)
all
any
attrByPath
attrNames
catAttrs
concatLists
concatMap
count
elem
filter
findFirst
flip
foldl
foldl'
getAttrFromPath
head
id
imap1
isAttrs
isBool
isFunction
isString
length
mapAttrs
mapAttrsToList
mapAttrsRecursiveCond
min
optional
optionalAttrs
optionalString
recursiveUpdate
reverseList sort
setAttrByPath
toList
types
warn
;
inherit (lib.options)
isOption
mkOption
showDefs
showFiles
showOption
unknownModule
;
in
rec {
@ -616,7 +657,7 @@ rec {
fixupOptionType = loc: opt:
let
options = opt.options or
(throw "Option `${showOption loc'}' has type optionSet but has no option attribute, in ${showFiles opt.declarations}.");
(throw "Option `${showOption loc}' has type optionSet but has no option attribute, in ${showFiles opt.declarations}.");
f = tp:
let optionSetIn = type: (tp.name == type) && (tp.functor.wrapped.name == "optionSet");
in
@ -719,7 +760,7 @@ rec {
mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "<replacement instructions>"
causes a warning if the user defines boot.loader.grub.bootDevice.
causes a assertion if the user defines boot.loader.grub.bootDevice.
replacementInstructions is a string that provides instructions on
how to achieve the same functionality without the removed option,

View file

@ -1,11 +1,40 @@
# Nixpkgs/NixOS option handling.
{ lib }:
with lib.trivial;
with lib.lists;
with lib.attrsets;
with lib.strings;
let
inherit (lib)
all
collect
concatLists
concatMap
elemAt
filter
foldl'
head
isAttrs
isBool
isDerivation
isFunction
isInt
isList
isString
length
mapAttrs
optional
optionals
take
;
inherit (lib.attrsets)
optionalAttrs
;
inherit (lib.strings)
concatMapStrings
concatStringsSep
;
inherit (lib.types)
mkOptionType
;
in
rec {
/* Returns true when the given argument is an option
@ -110,7 +139,7 @@ rec {
# Return early if we only have one element
# This also makes it work for functions, because the foldl' below would try
# to compare the first element with itself, which is false for functions
else if length defs == 1 then (elemAt defs 0).value
else if length defs == 1 then (head defs).value
else (foldl' (first: def:
if def.value != first.value then
throw "The option `${showOption loc}' has conflicting definition values:${showDefs [ first def ]}"

View file

@ -1,16 +1,33 @@
# Functions for copying sources to the Nix store.
{ lib }:
let
inherit (builtins)
hasContext
match
readDir
storeDir
tryEval
;
inherit (lib)
filter
getAttr
isString
pathExists
readFile
split
;
in
rec {
# Returns the type of a path: regular (for file), symlink, or directory
pathType = p: with builtins; getAttr (baseNameOf p) (readDir (dirOf p));
pathType = p: getAttr (baseNameOf p) (readDir (dirOf p));
# Returns true if the path exists and is a directory, false otherwise
pathIsDirectory = p: if builtins.pathExists p then (pathType p) == "directory" else false;
pathIsDirectory = p: if pathExists p then (pathType p) == "directory" else false;
# Returns true if the path exists and is a regular file, false otherwise
pathIsRegularFile = p: if builtins.pathExists p then (pathType p) == "regular" else false;
pathIsRegularFile = p: if pathExists p then (pathType p) == "regular" else false;
# Bring in a path as a source, filtering out all Subversion and CVS
# directories, as well as backup files (*~).
@ -19,8 +36,8 @@ rec {
(baseName == ".git" || type == "directory" && (baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
# Filter out editor backup / swap files.
lib.hasSuffix "~" baseName ||
builtins.match "^\\.sw[a-z]$" baseName != null ||
builtins.match "^\\..*\\.sw[a-z]$" baseName != null ||
match "^\\.sw[a-z]$" baseName != null ||
match "^\\..*\\.sw[a-z]$" baseName != null ||
# Filter out generates files.
lib.hasSuffix ".o" baseName ||
@ -89,7 +106,7 @@ rec {
in lib.cleanSourceWith {
filter = (path: type:
let relPath = lib.removePrefix (toString origSrc + "/") (toString path);
in lib.any (re: builtins.match re relPath != null) regexes);
in lib.any (re: match re relPath != null) regexes);
inherit src;
};
@ -102,13 +119,12 @@ rec {
in type == "directory" || lib.any (ext: lib.hasSuffix ext base) exts;
in cleanSourceWith { inherit filter; src = path; };
pathIsGitRepo = path: (builtins.tryEval (commitIdFromGitRepo path)).success;
pathIsGitRepo = path: (tryEval (commitIdFromGitRepo path)).success;
# Get the commit id of a git repo
# Example: commitIdFromGitRepo <nixpkgs/.git>
commitIdFromGitRepo =
let readCommitFromFile = file: path:
with builtins;
let fileName = toString path + "/" + file;
packedRefsName = toString path + "/packed-refs";
absolutePath = base: path:
@ -145,11 +161,11 @@ rec {
# packed-refs file, so we have to grep through it:
then
let fileContent = readFile packedRefsName;
matchRef = builtins.match "([a-z0-9]+) ${file}";
isRef = s: builtins.isString s && (matchRef s) != null;
matchRef = match "([a-z0-9]+) ${file}";
isRef = s: isString s && (matchRef s) != null;
# there is a bug in libstdc++ leading to stackoverflow for long strings:
# https://github.com/NixOS/nix/issues/2147#issuecomment-659868795
refs = builtins.filter isRef (builtins.split "\n" fileContent);
refs = filter isRef (split "\n" fileContent);
in if refs == []
then throw ("Could not find " + file + " in " + packedRefsName)
else lib.head (matchRef (lib.head refs))
@ -157,7 +173,7 @@ rec {
else throw ("Not a .git directory: " + path);
in readCommitFromFile "HEAD";
pathHasContext = builtins.hasContext or (lib.hasPrefix builtins.storeDir);
pathHasContext = builtins.hasContext or (lib.hasPrefix storeDir);
canCleanSource = src: src ? _isLibCleanSourceWith || !(pathHasContext (toString src));
}

View file

@ -41,10 +41,15 @@ Usage:
[1] maybe this behaviour should be removed to keep things simple (?)
*/
with lib.lists;
with lib.attrsets;
with lib.strings;
let
inherit (lib)
concatStringsSep
head
isAttrs
listToAttrs
tail
;
in
rec {
/* !!! The interface of this function is kind of messed up, since

View file

@ -8,7 +8,29 @@ in
rec {
inherit (builtins) stringLength substring head tail isString replaceStrings;
inherit (builtins)
compareVersions
elem
elemAt
filter
fromJSON
head
isInt
isList
isString
match
parseDrvName
readFile
replaceStrings
split
storeDir
stringLength
substring
tail
toJSON
typeOf
unsafeDiscardStringContext
;
/* Concatenate a list of strings.
@ -120,7 +142,7 @@ rec {
subDir:
# List of base paths
paths:
concatStringsSep ":" (map (path: path + "/" + subDir) (builtins.filter (x: x != null) paths));
concatStringsSep ":" (map (path: path + "/" + subDir) (filter (x: x != null) paths));
/* Construct a Unix-style search path by appending the given
`subDir` to the specified `output` of each of the packages. If no
@ -313,7 +335,7 @@ rec {
escapeNixString "hello\${}\n"
=> "\"hello\\\${}\\n\""
*/
escapeNixString = s: escape ["$"] (builtins.toJSON s);
escapeNixString = s: escape ["$"] (toJSON s);
/* Turn a string into an exact regular expression
@ -337,7 +359,7 @@ rec {
*/
escapeNixIdentifier = s:
# Regex from https://github.com/NixOS/nix/blob/d048577909e383439c2549e849c5c2f2016c997e/src/libexpr/lexer.l#L91
if builtins.match "[a-zA-Z_][a-zA-Z0-9_'-]*" s != null
if match "[a-zA-Z_][a-zA-Z0-9_'-]*" s != null
then s else escapeNixString s;
# Obsolete - use replaceStrings instead.
@ -466,7 +488,7 @@ rec {
versionOlder "1.1" "1.1"
=> false
*/
versionOlder = v1: v2: builtins.compareVersions v2 v1 == 1;
versionOlder = v1: v2: compareVersions v2 v1 == 1;
/* Return true if string v1 denotes a version equal to or newer than v2.
@ -492,7 +514,7 @@ rec {
*/
getName = x:
let
parse = drv: (builtins.parseDrvName drv).name;
parse = drv: (parseDrvName drv).name;
in if isString x
then parse x
else x.pname or (parse x.name);
@ -509,7 +531,7 @@ rec {
*/
getVersion = x:
let
parse = drv: (builtins.parseDrvName drv).version;
parse = drv: (parseDrvName drv).version;
in if isString x
then parse x
else x.version or (parse x.name);
@ -527,7 +549,7 @@ rec {
let
components = splitString "/" url;
filename = lib.last components;
name = builtins.head (splitString sep filename);
name = head (splitString sep filename);
in assert name != filename; name;
/* Create an --{enable,disable}-<feat> string that can be passed to
@ -617,14 +639,14 @@ rec {
*/
floatToString = float: let
result = toString float;
precise = float == builtins.fromJSON result;
precise = float == fromJSON result;
in if precise then result
else lib.warn "Imprecise conversion from float to string ${result}" result;
/* Check whether a value can be coerced to a string */
isCoercibleToString = x:
builtins.elem (builtins.typeOf x) [ "path" "string" "null" "int" "float" "bool" ] ||
(builtins.isList x && lib.all isCoercibleToString x) ||
elem (typeOf x) [ "path" "string" "null" "int" "float" "bool" ] ||
(isList x && lib.all isCoercibleToString x) ||
x ? outPath ||
x ? __toString;
@ -643,8 +665,8 @@ rec {
isStorePath = x:
if isCoercibleToString x then
let str = toString x; in
builtins.substring 0 1 str == "/"
&& dirOf str == builtins.storeDir
substring 0 1 str == "/"
&& dirOf str == storeDir
else
false;
@ -662,8 +684,8 @@ rec {
*/
# Obviously, it is a bit hacky to use fromJSON this way.
toInt = str:
let may_be_int = builtins.fromJSON str; in
if builtins.isInt may_be_int
let may_be_int = fromJSON str; in
if isInt may_be_int
then may_be_int
else throw "Could not convert ${str} to int.";
@ -685,10 +707,10 @@ rec {
readPathsFromFile = lib.warn "lib.readPathsFromFile is deprecated, use a list instead"
(rootPath: file:
let
lines = lib.splitString "\n" (builtins.readFile file);
lines = lib.splitString "\n" (readFile file);
removeComments = lib.filter (line: line != "" && !(lib.hasPrefix "#" line));
relativePaths = removeComments lines;
absolutePaths = builtins.map (path: rootPath + "/${path}") relativePaths;
absolutePaths = map (path: rootPath + "/${path}") relativePaths;
in
absolutePaths);
@ -702,7 +724,7 @@ rec {
fileContents ./version
=> "1.0"
*/
fileContents = file: removeSuffix "\n" (builtins.readFile file);
fileContents = file: removeSuffix "\n" (readFile file);
/* Creates a valid derivation name from a potentially invalid one.
@ -720,13 +742,13 @@ rec {
sanitizeDerivationName = string: lib.pipe string [
# Get rid of string context. This is safe under the assumption that the
# resulting string is only used as a derivation name
builtins.unsafeDiscardStringContext
unsafeDiscardStringContext
# Strip all leading "."
(x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0)
(x: elemAt (match "\\.*(.*)" x) 0)
# Split out all invalid characters
# https://github.com/NixOS/nix/blob/2.3.2/src/libstore/store-api.cc#L85-L112
# https://github.com/NixOS/nix/blob/2242be83c61788b9c0736a92bb0b5c7bbfc40803/nix-rust/src/store/path.rs#L100-L125
(builtins.split "[^[:alnum:]+._?=-]+")
(split "[^[:alnum:]+._?=-]+")
# Replace invalid character ranges with a "-"
(concatMapStrings (s: if lib.isList s then "-" else s))
# Limit to 211 characters (minus 4 chars for ".drv")

View file

@ -1,12 +1,65 @@
# Definitions related to run-time type checking. Used in particular
# to type-check NixOS configurations.
{ lib }:
with lib.lists;
with lib.attrsets;
with lib.options;
with lib.trivial;
with lib.strings;
let
inherit (lib)
elem
flip
functionArgs
isAttrs
isBool
isDerivation
isFloat
isFunction
isInt
isList
isString
isStorePath
setFunctionArgs
toDerivation
toList
;
inherit (lib.lists)
all
concatLists
count
elemAt
filter
foldl'
head
imap1
last
length
tail
unique
;
inherit (lib.attrsets)
attrNames
filterAttrs
hasAttr
mapAttrs
optionalAttrs
zipAttrsWith
;
inherit (lib.options)
getFiles
getValues
mergeDefaultOption
mergeEqualOption
mergeOneOption
showFiles
showOption
;
inherit (lib.strings)
concatMapStringsSep
concatStringsSep
escapeNixString
isCoercibleToString
;
inherit (lib.trivial)
boolToString
;
inherit (lib.modules) mergeDefinitions;
outer_types =
@ -270,7 +323,7 @@ rec {
name = "attrs";
description = "attribute set";
check = isAttrs;
merge = loc: foldl' (res: def: mergeAttrs res def.value) {};
merge = loc: foldl' (res: def: res // def.value) {};
emptyValue = { value = {}; };
};
@ -499,7 +552,7 @@ rec {
show = v:
if builtins.isString v then ''"${v}"''
else if builtins.isInt v then builtins.toString v
else if builtins.isBool v then if v then "true" else "false"
else if builtins.isBool v then boolToString v
else ''<${builtins.typeOf v}>'';
in
mkOptionType rec {

View file

@ -2169,6 +2169,12 @@
githubId = 8852888;
name = "David Izquierdo";
};
djanatyn = {
email = "djanatyn@gmail.com";
github = "djanatyn";
githubId = 523628;
name = "Jonathan Strickland";
};
Dje4321 = {
email = "dje4321@gmail.com";
github = "dje4321";
@ -3437,6 +3443,12 @@
githubId = 2405974;
name = "Sébastian Méric de Bellefon";
};
henrikolsson = {
email = "henrik@fixme.se";
github = "henrikolsson";
githubId = 982322;
name = "Henrik Olsson";
};
henrytill = {
email = "henrytill@gmail.com";
github = "henrytill";
@ -3945,6 +3957,16 @@
githubId = 2736480;
name = "Johannes Frankenau";
};
jfroche = {
name = "Jean-François Roche";
email = "jfroche@pyxel.be";
github = "jfroche";
githubId = 207369;
keys = [{
longkeyid = "dsa1024/0xD1D09DE169EA19A0";
fingerprint = "7EB1 C02A B62B B464 6D7C E4AE D1D0 9DE1 69EA 19A0";
}];
};
jgeerds = {
email = "jascha@geerds.org";
github = "jgeerds";
@ -6003,6 +6025,12 @@
githubId = 788953;
name = "Matthijs Steen";
};
mstrangfeld = {
email = "marvin@strangfeld.io";
github = "mstrangfeld";
githubId = 36842980;
name = "Marvin Strangfeld";
};
mt-caret = {
email = "mtakeda.enigsol@gmail.com";
github = "mt-caret";
@ -6407,6 +6435,12 @@
githubId = 4728903;
name = "Owen Lynch";
};
omasanori = {
email = "167209+omasanori@users.noreply.github.com";
github = "omasanori";
githubId = 167209;
name = "Masanori Ogino";
};
omnipotententity = {
email = "omnipotententity@gmail.com";
github = "omnipotententity";
@ -9618,6 +9652,12 @@
githubId = 1069303;
name = "Kim Simmons";
};
zopieux = {
email = "zopieux@gmail.com";
github = "zopieux";
githubId = 81353;
name = "Alexandre Macabies";
};
zowoq = {
email = "59103226+zowoq@users.noreply.github.com";
github = "zowoq";
@ -9834,4 +9874,10 @@
github = "hloeffler";
githubId = 6627191;
};
wilsonehusin = {
name = "Wilson E. Husin";
email = "wilsonehusin@gmail.com";
github = "wilsonehusin";
githubId = 14004487;
};
}

View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
#!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ requests pyquery click ])"
# To use, just execute this script with --help to display help.

View file

@ -1,12 +1,3 @@
To build the manual, you need Nix installed on your system (no need
for NixOS). To install Nix, follow the instructions at
Moved to: ./contributing-to-this-manual.xml. Link:
https://nixos.org/nix/download.html
When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:
nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated.
https://nixos.org/manual/nixos/unstable/#chap-contributing

View file

@ -38,7 +38,7 @@
assigned by setting the user's
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
option. A hashed password can be generated using <command>mkpasswd -m
sha-512</command> after installing the <literal>mkpasswd</literal> package.
sha-512</command>.
</para>
<para>
A user ID (uid) is assigned automatically. You can also specify a uid

View file

@ -0,0 +1,22 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-contributing">
<title>Contributing to this documentation</title>
<para>
The DocBook sources of NixOS' manual are in the <filename
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual">
nixos/doc/manual</filename> subdirectory of the <link
xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository.
</para>
<para>
You can quickly check your edits with the following:
</para>
<screen>
<prompt>$ </prompt>cd /path/to/nixpkgs/nixos/doc/manual
<prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux
</screen>
<para>
If the build succeeds, the manual will be in
<filename>./result/share/doc/nixos/index.html</filename>.
</para>
</chapter>

View file

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-20.03">nixos-20.03</literal>.
xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-20.03-small">nixos-20.03-small</literal>
xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 20.03 ISO, you will be subscribed to the
<literal>nixos-20.03</literal> channel. To see which NixOS channel youre
installed from a 20.09 ISO, you will be subscribed to the
<literal>nixos-20.09</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
<prompt># </prompt>nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
<prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 20.03 stable channel:
instance, to use the NixOS 20.09 stable channel:
<screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.03 nixos
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.03-small nixos
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.03;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09;
</programlisting>
</para>
</section>

View file

@ -19,5 +19,6 @@
<xi:include href="./generated/options-db.xml"
xpointer="configuration-variable-list" />
</appendix>
<xi:include href="contributing-to-this-manual.xml" />
<xi:include href="release-notes/release-notes.xml" />
</book>

View file

@ -3,8 +3,11 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09">
<title>Release 20.09 (“Nightingale”, 2020.09/??)</title>
<title>Release 20.09 (“Nightingale”, 2020.10/26)</title>
<para>
Support is planned until the end of April 2021, handing over to 21.03.
</para>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
@ -13,40 +16,80 @@
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release has the
In addition to 7349 new, 14442 updated, and 8181 removed packages, this release has the
following highlights:
</para>
<itemizedlist>
<listitem>
<para>
Support is planned until the end of April 2021, handing over to 21.03.
Core version changes:
</para>
</listitem>
<listitem>
<para>GNOME desktop environment was upgraded to 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.</para>
</listitem>
<itemizedlist>
<listitem>
<para>
The Cinnamon desktop environment (v4.6) has been added. <varname>services.xserver.desktopManager.cinnamon.enable = true;</varname> to try it out!
Remember that, with any new feature it's possible you could run into issues, so please send all support requests to <link xlink:href="https://github.com/NixOS/nixpkgs/issues">github.com/NixOS/nixpkgs</link> to notify the maintainers.
gcc: 9.2.0 -> 9.3.0
</para>
</listitem>
<listitem>
<para>
Quickly configure a complete, private, self-hosted video
conferencing solution with the new Jitsi Meet module.
glibc: 2.30 -> 2.31
</para>
</listitem>
<listitem>
<para>
<package>maxx</package> package removed along with <varname>services.xserver.desktopManager.maxx</varname> module.
Please migrate to <package>cdesktopenv</package> and <varname>services.xserver.desktopManager.cde</varname> module.
linux: still defaults to 5.4.x, all supported kernels available
</para>
</listitem>
<listitem>
<para>
We now distribute a GNOME ISO.
mesa: 19.3.5 -> 20.1.7
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Desktop Enironments:
</para>
<itemizedlist>
<listitem>
<para>
plasma5: 5.17.5 -> 5.18.5
</para>
</listitem>
<listitem>
<para>
kdeApplications: 19.12.3 -> 20.08.1
</para>
</listitem>
<listitem>
<para>
gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.
</para>
</listitem>
<listitem>
<para>
cinnamon: added at 4.6
</para>
</listitem>
<listitem>
<para>
NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Programming Languages and Frameworks:
</para>
<itemizedlist>
<listitem>
<para>
Agda ecosystem was heavily reworked (see more details below).
</para>
</listitem>
<listitem>
@ -70,6 +113,38 @@
has been removed from the list of available packages.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Databases and Service Monitoring:
</para>
<itemizedlist>
<listitem>
<para>
MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Please read the related upgrade instructions under <link linkend="sec-release-20.09-incompatibilities">backwards incompatibilities</link> before upgrading.
</para>
</listitem>
<listitem>
<para>
Zabbix now defaults to 5.0, updated from 4.4. Please read related sections under <link linkend="sec-release-20.09-incompatibilities">backwards compatibilities</link> before upgrading.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Major module changes:
</para>
<itemizedlist>
<listitem>
<para>
Quickly configure a complete, private, self-hosted video
conferencing solution with the new Jitsi Meet module.
</para>
</listitem>
<listitem>
<para>
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
@ -95,6 +170,452 @@
This is to make it possible to use <literal>podman</literal> instead of <literal>docker</literal>.
</para>
</listitem>
<listitem>
<para>
The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities
like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of
the NixOS configuration: since this can be expensive when a large number of packages are installed, the
feature is disabled by default.
</para>
</listitem>
<listitem>
<para>
<varname>services.postfix.sslCACert</varname> was replaced by <varname>services.postfix.tlsTrustedAuthorities</varname> which now defaults to system certificate authorities.
</para>
</listitem>
<listitem>
<para>
The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds.
</para>
</listitem>
<listitem>
<para>
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project.
</para>
</listitem>
<listitem>
<para>
The GRUB module gained support for basic password protection, which
allows to restrict non-default entries in the boot menu to one or more
users. The users and passwords are defined via the option
<option>boot.loader.grub.users</option>.
Note: Password support is only avaiable in GRUB version 2.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
NixOS module changes:
</para>
<itemizedlist>
<listitem>
<para>
The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them.
</para>
</listitem>
<listitem>
<para>
Following its deprecation in 20.03, the Perl NixOS test driver has been removed.
All remaining tests have been ported to the Python test framework.
Code outside nixpkgs using <filename>make-test.nix</filename> or
<filename>testing.nix</filename> needs to be ported to
<filename>make-test-python.nix</filename> and
<filename>testing-python.nix</filename> respectively.
</para>
</listitem>
<listitem>
<para>
Subordinate GID and UID mappings are now set up automatically for all normal users.
This will make container tools like Podman work as non-root users out of the box.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-new-services">
<title>New Services</title>
<para>
In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
Hardware:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Programs:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Security:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
System:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-boot.initrd.network.openvpn.enable" /> Start an OpenVPN client during initrd boot.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Virtualization:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-boot.enableContainers" /> Use nixos-containers.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-virtualisation.oci-containers.containers" /> Run OCI (Docker) containers.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-virtualisation.podman.enable" /> Daemonless container engine.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Services:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-services.ankisyncd.enable" /> Anki sync server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.bazarr.enable" /> subtitle manager for Sonarr and Radarr.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.cage.enable" /> Wayland cage service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating helpers and shifts on large events.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.espanso.enable" /> text-expander written in rust.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.go-neb.enable" /> Matrix bot.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jirafeau.enable" /> a web file repository.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jitsi-meet.enable" /> secure, simple and scalable video conferences.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.k3s.enable" /> lightweight kubernetes distribution.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.malcontent.enable" /> parental control support.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.nix-store-gcs-proxy" /> Enable a Google storage bucket to be used as a nix store.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.onedrive.enable" /> OneDrive sync service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.pixiecore.enable" /> manage network booting of machines.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.rss-bridge.enable" /> generate RSS and Atom feeds.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.rtorrent.enable" /> rTorrent service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.sogo.enable" /> SOGo groupware.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.torque.mom.enable" /> torque computing node.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.torque.server.enable" /> enable torque server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.tuptime.enable" /> a total uptime service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.urserver.enable" /> X11 remote server.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
MariaDB has been updated to 10.4, MariaDB Galera to 26.4.
@ -144,36 +665,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
from the default of <literal>mysql</literal> to a different user please change <literal>'mysql'@'localhost'</literal> to the corresponding user instead.
</para>
</listitem>
<listitem>
<para>
The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities
like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of
the NixOS configuration: since this can be expensive when a large number of packages are installed, the
feature is disabled by default.
</para>
</listitem>
<listitem>
<para>
<varname>services.postfix.sslCACert</varname> was replaced by <varname>services.postfix.tlsTrustedAuthorities</varname> which now defaults to system certificate authorities.
</para>
</listitem>
<listitem>
<para>
Subordinate GID and UID mappings are now set up automatically for all normal users.
This will make container tools like Podman work as non-root users out of the box.
</para>
</listitem>
<listitem>
<para>
The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds.
</para>
</listitem>
<listitem>
<para>
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project.
</para>
</listitem>
<listitem>
<para>
Zabbix now defaults to 5.0, updated from 4.4. Please carefully read through
@ -208,72 +700,13 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
</programlisting>
</para>
</listitem>
<listitem>
<para>
The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them.
<package>maxx</package> package removed along with <varname>services.xserver.desktopManager.maxx</varname> module.
Please migrate to <package>cdesktopenv</package> and <varname>services.xserver.desktopManager.cde</varname> module.
</para>
</listitem>
<listitem>
<para>
The GRUB module gained support for basic password protection, which
allows to restrict non-default entries in the boot menu to one or more
users. The users and passwords are defined via the option
<option>boot.loader.grub.users</option>.
Note: Password support is only avaiable in GRUB version 2.
</para>
</listitem>
<listitem>
<para>
Following its deprecation in 20.03, the Perl NixOS test driver has been removed.
All remaining tests have been ported to the Python test framework.
Code outside nixpkgs using <filename>make-test.nix</filename> or
<filename>testing.nix</filename> needs to be ported to
<filename>make-test-python.nix</filename> and
<filename>testing-python.nix</filename> respectively.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-new-services">
<title>New Services</title>
<para>
The following new services were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
There is a new <xref linkend="opt-security.doas.enable"/> module that provides <command>doas</command>, a lighter alternative to <command>sudo</command> with many of the same features.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://hercules-ci.com">Hercules CI</link> Agent is a specialized build agent for projects built with Nix. See the <link xlink:href="https://nixos.org/nixos/options.html#services.hercules-ci-agent">options</link> and <link xlink:href="https://docs.hercules-ci.com/hercules-ci/getting-started/#deploy-agent">setup</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
The <link linkend="opt-services.matrix-synapse.enable">matrix-synapse</link> module no longer includes optional dependencies by default, they have to be added through the <link linkend="opt-services.matrix-synapse.plugins">plugins</link> option.
@ -642,6 +1075,13 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
<para>
In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>sslh</literal> has been updated to version
<literal>1.21</literal>. The <literal>ssl</literal> probe must be
renamed to <literal>tls</literal> in <xref linkend="opt-services.sslh.appendConfig"/>.
</para>
</listitem>
<listitem>
<para>

View file

@ -99,6 +99,16 @@
to <literal>/run/pdns-recursor</literal> to match upstream.
</para>
</listitem>
<listitem>
<para>
PowerDNS has been updated from <literal>4.2.x</literal> to <literal>4.3.x</literal>. Please
be sure to review the <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0">Upgrade Notes</link>
provided by upstream before upgrading. Worth specifically noting is that the service now runs
entirely as a dedicated <literal>pdns</literal> user, instead of starting as <literal>root</literal>
and dropping privileges, as well as the default <literal>socket-dir</literal> location changing from
<literal>/var/lib/powerdns</literal> to <literal>/run/pdns</literal>.
</para>
</listitem>
</itemizedlist>
</section>

View file

@ -18,9 +18,6 @@ rec {
inherit pkgs;
qemu = pkgs.qemu_test;
# Build a virtual network from an attribute set `{ machine1 =
# config1; ... machineN = configN; }', where `machineX' is the
# hostname and `configX' is a NixOS system configuration. Each
@ -39,7 +36,6 @@ rec {
[ ../modules/virtualisation/qemu-vm.nix
../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
{ key = "no-manual"; documentation.nixos.enable = false; }
{ key = "qemu"; system.build.qemu = qemu; }
{ key = "nodes"; _module.args.nodes = nodes; }
] ++ optional minimal ../modules/testing/minimal-kernel.nix;
};

View file

@ -110,7 +110,6 @@ def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]
pty_master, pty_slave = pty.openpty()
vde_process = subprocess.Popen(
["vde_switch", "-s", vde_socket, "--dirmode", "0700"],
bufsize=1,
stdin=pty_slave,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
@ -748,7 +747,6 @@ class Machine:
self.process = subprocess.Popen(
self.script,
bufsize=1,
stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,

View file

@ -3,13 +3,13 @@
# Use a minimal kernel?
, minimal ? false
# Ignored
, config ? {}
, config ? { }
# !!! See comment about args in lib/modules.nix
, specialArgs ? {}
, specialArgs ? { }
# Modules to add to each VM
, extraConfigurations ? [] }:
, extraConfigurations ? [ ]
}:
with import ./build-vms.nix { inherit system pkgs minimal specialArgs extraConfigurations; };
with pkgs;
rec {
@ -17,9 +17,11 @@ rec {
inherit pkgs;
mkTestDriver = let
mkTestDriver =
let
testDriverScript = ./test-driver/test-driver.py;
in qemu_pkg: stdenv.mkDerivation {
in
qemu_pkg: stdenv.mkDerivation {
name = "nixos-test-driver";
nativeBuildInputs = [ makeWrapper ];
@ -51,9 +53,6 @@ rec {
'';
};
testDriver = mkTestDriver qemu_test;
testDriverInteractive = mkTestDriver qemu_kvm;
# Run an automated test suite in the given virtual network.
# `driver' is the script that runs the network.
runTests = driver:
@ -79,7 +78,6 @@ rec {
, skipLint ? false
, ...
} @ t:
let
# A standard store path to the vm monitor is built like this:
# /tmp/nix-build-vm-test-run-$name.drv-0/vm-state-machine/monitor
@ -88,25 +86,7 @@ rec {
maxTestNameLen = 50;
testNameLen = builtins.stringLength name;
testDriverName = with builtins;
if testNameLen > maxTestNameLen then
abort ("The name of the test '${name}' must not be longer than ${toString maxTestNameLen} " +
"it's currently ${toString testNameLen} characters long.")
else
"nixos-test-driver-${name}";
nodes = buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
ocrProg = tesseract4.override { enableLanguages = [ "eng" ]; };
@ -115,15 +95,51 @@ rec {
# Generate convenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = testDriver:
mkDriver = qemu_pkg:
let
build-vms = import ./build-vms.nix {
inherit system pkgs minimal specialArgs;
extraConfigurations = extraConfigurations ++ (pkgs.lib.optional (qemu_pkg != null)
{
virtualisation.qemu.package = qemu_pkg;
}
);
};
# FIXME: get this pkg from the module system
testDriver = mkTestDriver (if qemu_pkg == null then pkgs.qemu_test else qemu_pkg);
nodes = build-vms.buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { })
);
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;
testDriverName = with builtins;
if testNameLen > maxTestNameLen then
abort
("The name of the test '${name}' must not be longer than ${toString maxTestNameLen} " +
"it's currently ${toString testNameLen} characters long.")
else
"nixos-test-driver-${name}";
warn = if skipLint then lib.warn "Linting is disabled!" else lib.id;
in
warn (runCommand testDriverName
{ buildInputs = [ makeWrapper];
{
buildInputs = [ makeWrapper ];
testScript = testScript';
preferLocalBuild = true;
testName = name;
passthru = {
inherit nodes;
};
}
''
mkdir -p $out/bin
@ -151,14 +167,18 @@ rec {
''); # "
passMeta = drv: drv // lib.optionalAttrs (t ? meta) {
meta = (drv.meta or {}) // t.meta;
meta = (drv.meta or { }) // t.meta;
};
test = passMeta (runTests (driver testDriver));
driver = mkDriver null;
driverInteractive = mkDriver pkgs.qemu;
nodeNames = builtins.attrNames nodes;
test = passMeta (runTests driver);
nodeNames = builtins.attrNames driver.nodes;
invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null) nodeNames;
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null)
nodeNames;
in
if lib.length invalidNodeNames > 0 then
@ -171,9 +191,8 @@ rec {
''
else
test // {
inherit nodes test;
driver = driver testDriver;
driverInteractive = driver testDriverInteractive;
inherit test driver driverInteractive;
inherit (driver) nodes;
};
runInMachine =
@ -181,12 +200,19 @@ rec {
, machine
, preBuild ? ""
, postBuild ? ""
, qemu ? pkgs.qemu_test
, ... # ???
}:
let
vm = buildVM { }
[ machine
{ key = "run-in-machine";
build-vms = import ./build-vms.nix {
inherit system pkgs minimal specialArgs extraConfigurations;
};
vm = build-vms.buildVM { }
[
machine
{
key = "run-in-machine";
networking.hostName = "client";
nix.readOnlyStore = false;
virtualisation.writableStore = false;
@ -229,20 +255,20 @@ rec {
unset xchg
export tests='${testScript}'
${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
${mkTestDriver qemu}/bin/nixos-test-driver --keep-vm-state ${vm.config.system.build.vm}/bin/run-*-vm
''; # */
in
lib.overrideDerivation drv (attrs: {
requiredSystemFeatures = [ "kvm" ];
builder = "${bash}/bin/sh";
args = ["-e" vmRunCommand];
args = [ "-e" vmRunCommand ];
origArgs = attrs.args;
origBuilder = attrs.builder;
});
runInMachineWithX = { require ? [], ... } @ args:
runInMachineWithX = { require ? [ ], ... } @ args:
let
client =
{ ... }:

View file

@ -33,6 +33,7 @@ let
pkgs.ncurses
pkgs.netcat
config.programs.ssh.package
pkgs.mkpasswd
pkgs.procps
pkgs.su
pkgs.time

View file

@ -35,8 +35,7 @@ let
'';
hashedPasswordDescription = ''
To generate a hashed password install the <literal>mkpasswd</literal>
package and run <literal>mkpasswd -m sha-512</literal>.
To generate a hashed password run <literal>mkpasswd -m sha-512</literal>.
If set to an empty string (<literal>""</literal>), this user will
be able to log in without being asked for a password (but not via remote

View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.rtl-sdr;
in {
options.hardware.rtl-sdr = {
enable = lib.mkEnableOption ''
Enables rtl-sdr udev rules and ensures 'plugdev' group exists.
This is a prerequisite to using devices supported by rtl-sdr without
being root, since rtl-sdr USB descriptors will be owned by plugdev
through udev.
'';
};
config = lib.mkIf cfg.enable {
services.udev.packages = [ pkgs.rtl-sdr ];
users.groups.plugdev = {};
};
}

View file

@ -9,7 +9,14 @@ with lib;
isoImage.edition = "gnome";
services.xserver.desktopManager.gnome3.enable = true;
services.xserver.desktopManager.gnome3 = {
# Add firefox to favorite-apps
favoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
'';
enable = true;
};
services.xserver.displayManager = {
gdm = {

View file

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/4vz8sh9ngx34ivi0bw5hlycxdhvy5hvz-nix-2.3.7";
i686-linux = "/nix/store/dzxkg9lpp60bjmzvagns42vqlz3yq5kx-nix-2.3.7";
aarch64-linux = "/nix/store/cfvf8nl8mwyw817by5y8zd3s8pnf5m9f-nix-2.3.7";
x86_64-darwin = "/nix/store/5ira7xgs92inqz1x8l0n1wci4r79hnd0-nix-2.3.7";
x86_64-linux = "/nix/store/qxayqjmlpqnmwg5yfsjjayw220ls8i2r-nix-2.3.8";
i686-linux = "/nix/store/5834psaay75048jp6d07liqh4j0v1swd-nix-2.3.8";
aarch64-linux = "/nix/store/pic90a5fxvifz05jzkd0zak21f9mjin6-nix-2.3.8";
x86_64-darwin = "/nix/store/cjx3f8z12wlayp5983kli2a52ipi8jz2-nix-2.3.8";
}

View file

@ -15,4 +15,4 @@ with import ../../../../lib/testing-python.nix {
pkgs = import ../../../../.. { inherit system config; };
};
(makeTest { inherit nodes; testScript = ""; }).driver
(makeTest { inherit nodes; testScript = ""; }).driverInteractive

View file

@ -625,6 +625,10 @@ EOF
my $networkingDhcpConfig = generateNetworkingDhcpConfig();
(my $desktopConfiguration = <<EOF)=~s/^/ /gm;
@desktopConfiguration@
EOF
write_file($fn, <<EOF);
@configuration@
EOF

View file

@ -45,7 +45,7 @@ let
src = ./nixos-generate-config.pl;
path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ];
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/${pkgs.perl.libPrefix}";
inherit (config.system.nixos-generate-config) configuration;
inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
};
nixos-option =
@ -78,7 +78,8 @@ in
{
options.system.nixos-generate-config.configuration = mkOption {
options.system.nixos-generate-config = {
configuration = mkOption {
internal = true;
type = types.str;
description = ''
@ -94,8 +95,25 @@ in
'';
};
config = {
desktopConfiguration = mkOption {
internal = true;
type = types.str;
default = "";
description = ''
Text to preseed the desktop configuration that <literal>nixos-generate-config</literal>
saves to <literal>/etc/nixos/configuration.nix</literal>.
This is an internal option. No backward compatibility is guaranteed.
Use at your own risk!
Note that this string gets spliced into a Perl script. The perl
variable <literal>$bootLoaderConfig</literal> can be used to
splice in the boot loader configuration.
'';
};
};
config = {
system.nixos-generate-config.configuration = mkDefault ''
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
@ -113,6 +131,9 @@ in
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
$networkingDhcpConfig
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
@ -125,13 +146,32 @@ in
# keyMap = "us";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
$desktopConfiguration
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run:
# \$ nix search wget
# environment.systemPackages = with pkgs; [
# wget vim
# firefox
# ];
# Some programs need SUID wrappers, can be configured further or are
@ -140,7 +180,6 @@ in
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# pinentryFlavor = "gnome3";
# };
# List services that you want to enable:
@ -154,31 +193,6 @@ in
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

View file

@ -59,6 +59,7 @@
./hardware/pcmcia.nix
./hardware/printers.nix
./hardware/raid/hpsa.nix
./hardware/rtl-sdr.nix
./hardware/steam-hardware.nix
./hardware/system-76.nix
./hardware/tuxedo-keyboard.nix

View file

@ -1,6 +1,6 @@
# Configuration for `ssmtp', a trivial mail transfer agent that can
# replace sendmail/postfix on simple systems. It delivers email
# directly to an SMTP server defined in its configuration file, wihout
# directly to an SMTP server defined in its configuration file, without
# queueing mail locally.
{ config, lib, pkgs, ... }:

View file

@ -318,6 +318,42 @@ let
'';
};
gnupg = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
<command>gpg-agent</command>. The keygrips of all keys to be
unlocked should be written to <filename>~/.pam-gnupg</filename>,
and can be queried with <command>gpg -K --with-keygrip</command>.
Presetting passphrases must be enabled by adding
<literal>allow-preset-passphrase</literal> in
<filename>~/.gnupg/gpg-agent.conf</filename>.
'';
};
noAutostart = mkOption {
type = types.bool;
default = false;
description = ''
Don't start <command>gpg-agent</command> if it is not running.
Useful in conjunction with starting <command>gpg-agent</command> as
a systemd user service.
'';
};
storeOnly = mkOption {
type = types.bool;
default = false;
description = ''
Don't send the password immediately after login, but store for PAM
<literal>session</literal>.
'';
};
};
text = mkOption {
type = types.nullOr types.lines;
description = "Contents of the PAM service file.";
@ -386,6 +422,7 @@ let
|| cfg.enableKwallet
|| cfg.enableGnomeKeyring
|| cfg.googleAuthenticator.enable
|| cfg.gnupg.enable
|| cfg.duoSecurity.enable)) ''
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
${optionalString config.security.pam.enableEcryptfs
@ -397,6 +434,10 @@ let
" kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring
"auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so"}
${optionalString cfg.gnupg.enable
"auth optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"
+ optionalString cfg.gnupg.storeOnly " store-only"
}
${optionalString cfg.googleAuthenticator.enable
"auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"}
${optionalString cfg.duoSecurity.enable
@ -472,6 +513,10 @@ let
" kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")}
${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString cfg.gnupg.enable
"session optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"
+ optionalString cfg.gnupg.noAutostart " no-autostart"
}
${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"}
'');

View file

@ -59,5 +59,5 @@ in
};
};
meta.maintainers = with lib.maintainers; [ aneeshusa ];
meta.maintainers = with lib.maintainers; [ Flakebi ];
}

View file

@ -4,6 +4,15 @@ with lib;
let
cfg = config.services.syncoid;
# Extract pool names of local datasets (ones that don't contain "@") that
# have the specified type (either "source" or "target")
getPools = type: unique (map (d: head (builtins.match "([^/]+).*" d)) (
# Filter local datasets
filter (d: !hasInfix "@" d)
# Get datasets of the specified type
(catAttrs type (attrValues cfg.commands))
));
in {
# Interface
@ -26,14 +35,25 @@ in {
user = mkOption {
type = types.str;
default = "root";
default = "syncoid";
example = "backup";
description = ''
The user for the service. Sudo or ZFS privilege delegation must be
configured to use a user other than root.
The user for the service. ZFS privilege delegation will be
automatically configured for any local pools used by syncoid if this
option is set to a user other than root. The user will be given the
"hold" and "send" privileges on any pool that has datasets being sent
and the "create", "mount", "receive", and "rollback" privileges on
any pool that has datasets being received.
'';
};
group = mkOption {
type = types.str;
default = "syncoid";
example = "backup";
description = "The group for the service.";
};
sshKey = mkOption {
type = types.nullOr types.path;
# Prevent key from being copied to store
@ -150,6 +170,18 @@ in {
# Implementation
config = mkIf cfg.enable {
users = {
users = mkIf (cfg.user == "syncoid") {
syncoid = {
group = cfg.group;
isSystemUser = true;
};
};
groups = mkIf (cfg.group == "syncoid") {
syncoid = {};
};
};
systemd.services.syncoid = {
description = "Syncoid ZFS synchronization service";
script = concatMapStringsSep "\n" (c: lib.escapeShellArgs
@ -160,10 +192,22 @@ in {
++ c.extraArgs
++ [ "--sendoptions" c.sendOptions
"--recvoptions" c.recvOptions
"--no-privilege-elevation"
c.source c.target
])) (attrValues cfg.commands);
after = [ "zfs.target" ];
serviceConfig.User = cfg.user;
serviceConfig = {
ExecStartPre = (map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user "hold,send" pool
]) (getPools "source")) ++
(map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user "create,mount,receive,rollback" pool
]) (getPools "target"));
User = cfg.user;
Group = cfg.group;
};
startAt = cfg.interval;
};
};

View file

@ -37,8 +37,6 @@ let
haveLocalDB = cfg.dbi == localDB;
inherit (config.system) stateVersion;
hydra-package =
let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set \"${key}\" \"${value}\"") hydraEnv);
@ -96,7 +94,8 @@ in
package = mkOption {
type = types.package;
defaultText = "pkgs.hydra";
default = pkgs.hydra-unstable;
defaultText = "pkgs.hydra-unstable";
description = "The Hydra package.";
};
@ -225,34 +224,6 @@ in
config = mkIf cfg.enable {
warnings = optional (cfg.package.migration or false) ''
You're currently deploying an older version of Hydra which is needed to
make some required database changes[1]. As soon as this is done, it's recommended
to run `hydra-backfill-ids` and set `services.hydra.package` to `pkgs.hydra-unstable`
after that.
[1] https://github.com/NixOS/hydra/pull/711
'';
services.hydra.package = with pkgs;
mkDefault (
if pkgs ? hydra
then throw ''
The Hydra package doesn't exist anymore in `nixpkgs`! It probably exists
due to an overlay. To upgrade Hydra, you need to take two steps as some
bigger changes in the database schema were implemented recently[1]. You first
need to deploy `pkgs.hydra-migration`, run `hydra-backfill-ids` on the server
and then deploy `pkgs.hydra-unstable`.
If you want to use `pkgs.hydra` from your overlay, please set `services.hydra.package`
explicitly to `pkgs.hydra` and make sure you know what you're doing.
[1] https://github.com/NixOS/hydra/pull/711
''
else if versionOlder stateVersion "20.03" then hydra-migration
else hydra-unstable
);
users.groups.hydra = {
gid = config.ids.gids.hydra;
};

View file

@ -15,6 +15,18 @@ in {
options = {
services.flatpak = {
enable = mkEnableOption "flatpak";
guiPackages = mkOption {
internal = true;
type = types.listOf types.package;
default = [];
example = literalExample "[ pkgs.gnome3.gnome-software ]";
description = ''
Packages that provide an interface for flatpak
(like gnome-software) that will be automatically available
to all users when flatpak is enabled.
'';
};
};
};
@ -28,7 +40,7 @@ in {
}
];
environment.systemPackages = [ pkgs.flatpak ];
environment.systemPackages = [ pkgs.flatpak ] ++ cfg.guiPackages;
services.dbus.packages = [ pkgs.flatpak ];

View file

@ -5,8 +5,22 @@ with lib;
let
cfg = config.services.pipewire;
packages = with pkgs; [ pipewire ];
enable32BitAlsaPlugins = cfg.alsa.support32Bit
&& pkgs.stdenv.isx86_64
&& pkgs.pkgsi686Linux.pipewire != null;
# The package doesn't output to $out/lib/pipewire directly so that the
# overlays can use the outputs to replace the originals in FHS environments.
#
# This doesn't work in general because of missing development information.
jack-libs = pkgs.runCommand "jack-libs" {} ''
mkdir -p "$out/lib"
ln -s "${pkgs.pipewire.jack}/lib" "$out/lib/pipewire"
'';
pulse-libs = pkgs.runCommand "pulse-libs" {} ''
mkdir -p "$out/lib"
ln -s "${pkgs.pipewire.pulse}/lib" "$out/lib/pipewire"
'';
in {
meta = {
@ -25,17 +39,67 @@ in {
Automatically run pipewire when connections are made to the pipewire socket.
'';
};
alsa = {
enable = mkEnableOption "ALSA support";
support32Bit = mkEnableOption "32-bit ALSA support on 64-bit systems";
};
jack = {
enable = mkEnableOption "JACK audio emulation";
};
pulse = {
enable = mkEnableOption "PulseAudio emulation";
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = packages;
assertions = [
{
assertion = cfg.pulse.enable -> !config.hardware.pulseaudio.enable;
message = "PipeWire based PulseAudio emulation doesn't use the PulseAudio service";
}
{
assertion = cfg.jack.enable -> !config.services.jack.jackd.enable;
message = "PIpeWire based JACK emulation doesn't use the JACK service";
}
];
systemd.packages = packages;
environment.systemPackages = [ pkgs.pipewire ]
++ lib.optional cfg.jack.enable jack-libs
++ lib.optional cfg.pulse.enable pulse-libs;
systemd.packages = [ pkgs.pipewire ];
# PipeWire depends on DBUS but doesn't list it. Without this booting
# into a terminal results in the service crashing with an error.
systemd.user.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
};
systemd.user.services.pipewire.bindsTo = [ "dbus.service" ];
services.udev.packages = [ pkgs.pipewire ];
# If any paths are updated here they must also be updated in the package test.
sound.extraConfig = mkIf cfg.alsa.enable ''
pcm_type.pipewire {
libs.native = ${pkgs.pipewire.lib}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;
${optionalString enable32BitAlsaPlugins
"libs.32Bit = ${pkgs.pkgsi686Linux.pipewire.lib}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;"}
}
pcm.!default {
@func getenv
vars [ PCM ]
default "plug:pipewire"
playback_mode "-1"
capture_mode "-1"
}
'';
environment.etc."alsa/conf.d/50-pipewire.conf" = mkIf cfg.alsa.enable {
source = "${pkgs.pipewire}/share/alsa/alsa.conf.d/50-pipewire.conf";
};
environment.sessionVariables.LD_LIBRARY_PATH =
lib.optional (cfg.jack.enable || cfg.pulse.enable) "/run/current-system/sw/lib/pipewire";
};
}

View file

@ -153,7 +153,7 @@ let
${concatStringsSep "\n" (mapAttrsToList (name: value: let
includeName = if name == "rspamd_proxy" then "proxy" else name;
tryOverride = if value.extraConfig == "" then "true" else "false";
tryOverride = boolToString (value.extraConfig == "");
in ''
worker "${value.type}" {
type = "${value.type}";

View file

@ -45,7 +45,7 @@ let
trusted-substituters = ${toString cfg.trustedBinaryCaches}
trusted-public-keys = ${toString cfg.binaryCachePublicKeys}
auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
require-sigs = ${boolToString cfg.requireSignedBinaryCaches}
trusted-users = ${toString cfg.trustedUsers}
allowed-users = ${toString cfg.allowedUsers}
${optionalString (!cfg.distributedBuilds) ''

View file

@ -43,6 +43,7 @@ let
"postgres"
"redis"
"rspamd"
"rtl_433"
"snmp"
"surfboard"
"tor"
@ -224,6 +225,8 @@ in
services.prometheus.exporters.minio.minioAccessSecret = mkDefault config.services.minio.secretKey;
})] ++ [(mkIf config.services.rspamd.enable {
services.prometheus.exporters.rspamd.url = mkDefault "http://localhost:11334/stat";
})] ++ [(mkIf config.services.prometheus.exporters.rtl_433.enable {
hardware.rtl-sdr.enable = mkDefault true;
})] ++ [(mkIf config.services.nginx.enable {
systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ];
systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ];

View file

@ -0,0 +1,78 @@
{ config, lib, pkgs, options }:
let
cfg = config.services.prometheus.exporters.rtl_433;
in
{
port = 9550;
extraOpts = let
mkMatcherOptionType = field: description: with lib.types;
listOf (submodule {
options = {
name = lib.mkOption {
type = str;
description = "Name to match.";
};
"${field}" = lib.mkOption {
type = int;
inherit description;
};
location = lib.mkOption {
type = str;
description = "Location to match.";
};
};
});
in
{
rtl433Flags = lib.mkOption {
type = lib.types.str;
default = "-C si";
example = "-C si -R 19";
description = ''
Flags passed verbatim to rtl_433 binary.
Having <literal>-C si</literal> (the default) is recommended since only Celsius temperatures are parsed.
'';
};
channels = lib.mkOption {
type = mkMatcherOptionType "channel" "Channel to match.";
default = [];
example = [
{ name = "Acurite"; channel = 6543; location = "Kitchen"; }
];
description = ''
List of channel matchers to export.
'';
};
ids = lib.mkOption {
type = mkMatcherOptionType "id" "ID to match.";
default = [];
example = [
{ name = "Nexus"; id = 1; location = "Bedroom"; }
];
description = ''
List of ID matchers to export.
'';
};
};
serviceOpts = {
serviceConfig = {
# rtl-sdr udev rules make supported USB devices +rw by plugdev.
SupplementaryGroups = "plugdev";
ExecStart = let
matchers = (map (m:
"--channel_matcher '${m.name},${toString m.channel},${m.location}'"
) cfg.channels) ++ (map (m:
"--id_matcher '${m.name},${toString m.id},${m.location}'"
) cfg.ids); in ''
${pkgs.prometheus-rtl_433-exporter}/bin/rtl_433_prometheus \
-listen ${cfg.listenAddress}:${toString cfg.port} \
-subprocess "${pkgs.rtl_433}/bin/rtl_433 -F json ${cfg.rtl433Flags}" \
${lib.concatStringsSep " \\\n " matchers} \
${lib.concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

View file

@ -86,7 +86,8 @@ in
ipv6 = mkOption {
type = types.bool;
default = false;
default = config.networking.enableIPv6;
defaultText = "config.networking.enableIPv6";
description = "Whether to use IPv6.";
};

View file

@ -55,7 +55,10 @@ let
rotateKeys = ''
# check if keys are not expired
keyValid() {
fingerprint=$(dnscrypt-wrapper --show-provider-publickey | awk '{print $(NF)}')
fingerprint=$(dnscrypt-wrapper \
--show-provider-publickey \
--provider-publickey-file=${publicKey} \
| awk '{print $(NF)}')
dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \
--resolver-address=127.0.0.1:${toString cfg.port} \
--provider-name=${cfg.providerName} \

View file

@ -123,12 +123,33 @@ in
'';
};
passwordFile = mkOption {
type = with types; uniq (nullOr str);
example = "/path/to/file";
default = null;
description = ''
Specifies the path to a file containing the
clear text password for the MQTT user.
'';
};
hashedPassword = mkOption {
type = with types; uniq (nullOr str);
default = null;
description = ''
Specifies the hashed password for the MQTT User.
<option>hashedPassword</option> overrides <option>password</option>.
To generate hashed password install <literal>mosquitto</literal>
package and use <literal>mosquitto_passwd</literal>.
'';
};
hashedPasswordFile = mkOption {
type = with types; uniq (nullOr str);
example = "/path/to/file";
default = null;
description = ''
Specifies the path to a file containing the
hashed password for the MQTT user.
To generate hashed password install <literal>mosquitto</literal>
package and use <literal>mosquitto_passwd</literal>.
'';
@ -190,6 +211,13 @@ in
config = mkIf cfg.enable {
assertions = mapAttrsToList (name: cfg: {
assertion = length (filter (s: s != null) (with cfg; [
password passwordFile hashedPassword hashedPasswordFile
])) <= 1;
message = "Cannot set more than one password option";
}) cfg.users;
systemd.services.mosquitto = {
description = "Mosquitto MQTT Broker Daemon";
wantedBy = [ "multi-user.target" ];
@ -210,7 +238,11 @@ in
touch ${cfg.dataDir}/passwd
'' + concatStringsSep "\n" (
mapAttrsToList (n: c:
if c.hashedPassword != null then
if c.hashedPasswordFile != null then
"echo '${n}:'$(cat '${c.hashedPasswordFile}') >> ${cfg.dataDir}/passwd"
else if c.passwordFile != null then
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} $(cat '${c.passwordFile}')"
else if c.hashedPassword != null then
"echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd"
else optionalString (c.password != null)
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'"

View file

@ -8,42 +8,40 @@ let
in {
options = {
services.powerdns = {
enable = mkEnableOption "Powerdns domain name server";
enable = mkEnableOption "PowerDNS domain name server";
extraConfig = mkOption {
type = types.lines;
default = "launch=bind";
description = ''
Extra lines to be added verbatim to pdns.conf.
Powerdns will chroot to /var/lib/powerdns.
So any file, powerdns is supposed to be read,
should be in /var/lib/powerdns and needs to specified
relative to the chroot.
PowerDNS configuration. Refer to
<link xlink:href="https://doc.powerdns.com/authoritative/settings.html"/>
for details on supported values.
'';
};
};
};
config = mkIf config.services.powerdns.enable {
config = mkIf cfg.enable {
systemd.packages = [ pkgs.powerdns ];
systemd.services.pdns = {
unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
description = "Powerdns name server";
wantedBy = [ "multi-user.target" ];
after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
after = [ "network.target" "mysql.service" "postgresql.service" "openldap.service" ];
serviceConfig = {
Restart="on-failure";
RestartSec="1";
StartLimitInterval="0";
PrivateDevices=true;
CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
NoNewPrivileges=true;
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
ProtectSystem="full";
ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
ExecStart = [ "" "${pkgs.powerdns}/bin/pdns_server --config-dir=${configDir} --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no" ];
};
};
users.users.pdns = {
isSystemUser = true;
group = "pdns";
description = "PowerDNS";
};
users.groups.pdns = {};
};
}

View file

@ -261,7 +261,7 @@ let
toLua = x:
if builtins.isString x then ''"${x}"''
else if builtins.isBool x then (if x == true then "true" else "false")
else if builtins.isBool x then boolToString x
else if builtins.isInt x then toString x
else if builtins.isList x then ''{ ${lib.concatStringsSep ", " (map (n: toLua n) x) } }''
else throw "Invalid Lua value";

View file

@ -269,6 +269,7 @@ in
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
@ -279,7 +280,7 @@ in
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
'';
};
@ -300,7 +301,7 @@ in
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
'';
};
@ -321,7 +322,7 @@ in
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
'';
};

View file

@ -31,7 +31,7 @@ let
{ name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
{ name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
{ name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
{ name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; },
{ name: "tls"; host: "localhost"; port: "443"; probe: "builtin"; },
{ name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; }
);
'';

View file

@ -282,12 +282,12 @@ in
services.fail2ban.jails.DEFAULT = ''
${optionalString cfg.bantime-increment.enable ''
# Bantime incremental
bantime.increment = ${if cfg.bantime-increment.enable then "true" else "false"}
bantime.increment = ${boolToString cfg.bantime-increment.enable}
bantime.maxtime = ${cfg.bantime-increment.maxtime}
bantime.factor = ${cfg.bantime-increment.factor}
bantime.formula = ${cfg.bantime-increment.formula}
bantime.multipliers = ${cfg.bantime-increment.multipliers}
bantime.overalljails = ${if cfg.bantime-increment.overalljails then "true" else "false"}
bantime.overalljails = ${boolToString cfg.bantime-increment.overalljails}
''}
# Miscellaneous options
ignoreip = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP}

View file

@ -19,13 +19,13 @@ let
PresentDevicePolicy=${cfg.presentDevicePolicy}
PresentControllerPolicy=${cfg.presentControllerPolicy}
InsertedDevicePolicy=${cfg.insertedDevicePolicy}
RestoreControllerDeviceState=${if cfg.restoreControllerDeviceState then "true" else "false"}
RestoreControllerDeviceState=${boolToString cfg.restoreControllerDeviceState}
# this does not seem useful for endusers to change
DeviceManagerBackend=uevent
IPCAllowedUsers=${concatStringsSep " " cfg.IPCAllowedUsers}
IPCAllowedGroups=${concatStringsSep " " cfg.IPCAllowedGroups}
IPCAccessControlFiles=/var/lib/usbguard/IPCAccessControl.d/
DeviceRulesWithPort=${if cfg.deviceRulesWithPort then "true" else "false"}
DeviceRulesWithPort=${boolToString cfg.deviceRulesWithPort}
# HACK: that way audit logs still land in the journal
AuditFilePath=/dev/null
'';

View file

@ -1,6 +1,6 @@
# D-Bus configuration and system bus daemon.
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -18,13 +18,6 @@ let
in
{
imports = [
(mkRemovedOptionModule
[ "services" "dbus" "socketActivated" ]
"The user D-Bus session is now always socket activated and this option can safely be removed.")
];
###### interface
options = {
@ -57,12 +50,29 @@ in
<filename><replaceable>pkg</replaceable>/share/dbus-1/services</filename>
'';
};
socketActivated = mkOption {
type = types.nullOr types.bool;
default = null;
visible = false;
description = ''
Removed option, do not use.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
warnings = optional (cfg.socketActivated != null) (
let
files = showFiles options.services.dbus.socketActivated.files;
in
"The option 'services.dbus.socketActivated' in ${files} no longer has"
+ " any effect and can be safely removed: the user D-Bus session is"
+ " now always socket activated."
);
environment.systemPackages = [ pkgs.dbus.daemon pkgs.dbus ];

View file

@ -86,7 +86,7 @@ let
''}
ssl_protocols ${cfg.sslProtocols};
ssl_ciphers ${cfg.sslCiphers};
${optionalString (cfg.sslCiphers != null) "ssl_ciphers ${cfg.sslCiphers};"}
${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"}
${optionalString (cfg.recommendedTlsSettings) ''
@ -487,7 +487,7 @@ in
};
sslCiphers = mkOption {
type = types.str;
type = types.nullOr types.str;
# Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
description = "Ciphers to choose from when negotiating TLS handshakes.";

View file

@ -17,6 +17,11 @@ let
'';
};
defaultFavoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
'';
nixos-gsettings-desktop-schemas = let
defaultPackages = with pkgs; [ gsettings-desktop-schemas gnome3.gnome-shell ];
in
@ -42,8 +47,7 @@ let
[org.gnome.desktop.screensaver]
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath}'
[org.gnome.shell]
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ]
${cfg.favoriteAppsOverride}
${cfg.extraGSettingsOverrides}
EOF
@ -123,6 +127,17 @@ in
apply = list: list ++ [ pkgs.gnome3.gnome-shell pkgs.gnome3.gnome-shell-extensions ];
};
favoriteAppsOverride = mkOption {
internal = true; # this is messy
default = defaultFavoriteAppsOverride;
type = types.lines;
example = literalExample ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'org.gnome.Calendar.desktop' ]
'';
description = "List of desktop files to put as favorite apps into gnome-shell. These need to be installed somehow globally.";
};
extraGSettingsOverrides = mkOption {
default = "";
type = types.lines;
@ -179,6 +194,14 @@ in
config = mkMerge [
(mkIf (cfg.enable || flashbackEnabled) {
# Seed our configuration into nixos-generate-config
system.nixos-generate-config.desktopConfiguration = ''
# Enable the GNOME 3 Desktop Environment.
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
'';
services.gnome3.core-os-services.enable = true;
services.gnome3.core-shell.enable = true;
services.gnome3.core-utilities.enable = mkDefault true;
@ -207,6 +230,11 @@ in
# If gnome3 is installed, build vim for gtk3 too.
nixpkgs.config.vim.gui = "gtk3";
# Install gnome-software if flatpak is enabled
services.flatpak.guiPackages = [
pkgs.gnome3.gnome-software
];
})
(mkIf flashbackEnabled {
@ -389,7 +417,6 @@ in
gnome-music
gnome-photos
gnome-screenshot
gnome-software
gnome-system-monitor
gnome-weather
nautilus

View file

@ -180,7 +180,6 @@ in
gtk3.out
hicolor-icon-theme
lightlocker
nixos-artwork.wallpapers.simple-dark-gray
onboard
qgnomeplatform
shared-mime-info

View file

@ -184,6 +184,14 @@ in
config = mkMerge [
(mkIf cfg.enable {
# Seed our configuration into nixos-generate-config
system.nixos-generate-config.desktopConfiguration = ''
# Enable the Plasma 5 Desktop Environment.
services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
'';
services.xserver.desktopManager.session = singleton {
name = "plasma5";
bgSupport = true;

View file

@ -474,6 +474,12 @@ in
)
[dms wms]
);
# Make xsessions and wayland sessions available in XDG_DATA_DIRS
# as some programs have behavior that depends on them being present
environment.sessionVariables.XDG_DATA_DIRS = [
"${cfg.displayManager.sessionData.desktops}/share"
];
};
imports = [

View file

@ -264,7 +264,7 @@ in
# presented and there's a little delay.
environment.etc."gdm/custom.conf".text = ''
[daemon]
WaylandEnable=${if cfg.gdm.wayland then "true" else "false"}
WaylandEnable=${boolToString cfg.gdm.wayland}
${optionalString cfg.autoLogin.enable (
if cfg.gdm.autoLogin.delay > 0 then ''
TimedLoginEnable=true

View file

@ -308,6 +308,7 @@ in
home = "/var/lib/lightdm";
group = "lightdm";
uid = config.ids.uids.lightdm;
shell = pkgs.bash;
};
systemd.tmpfiles.rules = [

View file

@ -55,10 +55,10 @@ let
XauthPath=${pkgs.xorg.xauth}/bin/xauth
DisplayCommand=${Xsetup}
DisplayStopCommand=${Xstop}
EnableHidpi=${if cfg.enableHidpi then "true" else "false"}
EnableHidpi=${boolToString cfg.enableHidpi}
[Wayland]
EnableHidpi=${if cfg.enableHidpi then "true" else "false"}
EnableHidpi=${boolToString cfg.enableHidpi}
SessionDir=${dmcfg.sessionData.desktops}/share/wayland-sessions
${optionalString dmcfg.autoLogin.enable ''

View file

@ -45,13 +45,22 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
systemd.services."serial-getty@${qemuSerialDevice}".enable = false;
systemd.services."serial-getty@hvc0".enable = false;
# Only set these settings when the options exist. Some tests (e.g. those
# that do not specify any nodes, or an empty attr set as nodes) will not
# have the QEMU module loaded and thuse these options can't and should not
# be set.
virtualisation = lib.optionalAttrs (options ? virtualisation.qemu) {
qemu = {
# Only use a serial console, no TTY.
# NOTE: optionalAttrs
# test-instrumentation.nix appears to be used without qemu-vm.nix, so
# we avoid defining consoles if not possible.
# TODO: refactor such that test-instrumentation can import qemu-vm
# or declare virtualisation.qemu.console option in a module that's always imported
virtualisation = lib.optionalAttrs (options ? virtualisation.qemu.consoles) { qemu.consoles = [ qemuSerialDevice ]; };
consoles = [ qemuSerialDevice ];
package = lib.mkDefault pkgs.qemu_test;
};
};
boot.initrd.preDeviceCommands =
''

View file

@ -14,10 +14,11 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
let
qemu = config.system.build.qemu or pkgs.qemu_test;
cfg = config.virtualisation;
qemu = cfg.qemu.package;
consoles = lib.concatMapStringsSep " " (c: "console=${c}") cfg.qemu.consoles;
driveOpts = { ... }: {
@ -401,6 +402,14 @@ in
};
virtualisation.qemu = {
package =
mkOption {
type = types.package;
default = pkgs.qemu;
example = "pkgs.qemu_test";
description = "QEMU package to use.";
};
options =
mkOption {
type = types.listOf types.unspecified;

View file

@ -150,7 +150,6 @@ in
hostname = handleTest ./hostname.nix {};
hound = handleTest ./hound.nix {};
hydra = handleTest ./hydra {};
hydra-db-migration = handleTest ./hydra/db-migration.nix {};
i3wm = handleTest ./i3wm.nix {};
icingaweb2 = handleTest ./icingaweb2.nix {};
iftop = handleTest ./iftop.nix {};

View file

@ -31,16 +31,16 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.wait_for_unit("bitcoind-testnet.service")
machine.wait_until_succeeds(
'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
'curl --fail --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
)
machine.wait_until_succeeds(
'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
'curl --fail --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
)
machine.wait_until_succeeds(
'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
'curl --fail --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
)
machine.wait_until_succeeds(
'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
'curl --fail --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
)
'';
})

View file

@ -57,11 +57,13 @@ import ./make-test-python.nix ({ pkgs, ... }: {
def check_etag(url):
etag = webserver.succeed(
"curl -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format(url)
"curl --fail -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format(
url
)
)
etag = etag.replace("\r\n", " ")
http_code = webserver.succeed(
"curl --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format(
"curl --fail --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format(
etag, url
)
)

View file

@ -19,16 +19,16 @@ import ./make-test-python.nix ({ pkgs, ... } : {
testScript = ''
start_all()
machine.wait_for_unit("cadvisor.service")
machine.succeed("curl http://localhost:8080/containers/")
machine.succeed("curl -f http://localhost:8080/containers/")
influxdb.wait_for_unit("influxdb.service")
# create influxdb database
influxdb.succeed(
'curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE root"'
'curl -f -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE root"'
)
influxdb.wait_for_unit("cadvisor.service")
influxdb.succeed("curl http://localhost:8080/containers/")
influxdb.succeed("curl -f http://localhost:8080/containers/")
'';
})

View file

@ -11,7 +11,7 @@ let
file = {
group = "nginx";
owner = "nginx";
path = "/tmp/${host}-ca.pem";
path = "/var/ssl/${host}-ca.pem";
};
label = "www_ca";
profile = "three-month";
@ -20,13 +20,13 @@ let
certificate = {
group = "nginx";
owner = "nginx";
path = "/tmp/${host}-cert.pem";
path = "/var/ssl/${host}-cert.pem";
};
private_key = {
group = "nginx";
mode = "0600";
owner = "nginx";
path = "/tmp/${host}-key.pem";
path = "/var/ssl/${host}-key.pem";
};
request = {
CN = host;
@ -57,6 +57,8 @@ let
services.cfssl.enable = true;
systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" ];
systemd.tmpfiles.rules = [ "d /var/ssl 777 root root" ];
systemd.services.cfssl-init = {
description = "Initialize the cfssl CA";
wantedBy = [ "multi-user.target" ];
@ -87,8 +89,8 @@ let
enable = true;
virtualHosts = lib.mkMerge (map (host: {
${host} = {
sslCertificate = "/tmp/${host}-cert.pem";
sslCertificateKey = "/tmp/${host}-key.pem";
sslCertificate = "/var/ssl/${host}-cert.pem";
sslCertificateKey = "/var/ssl/${host}-key.pem";
extraConfig = ''
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
'';
@ -124,16 +126,18 @@ in
};
testScript = ''
machine.wait_for_unit("cfssl.service")
machine.wait_until_succeeds("ls /tmp/decl.example.org-ca.pem")
machine.wait_until_succeeds("ls /tmp/decl.example.org-key.pem")
machine.wait_until_succeeds("ls /tmp/decl.example.org-cert.pem")
machine.wait_until_succeeds("ls /tmp/imp.example.org-ca.pem")
machine.wait_until_succeeds("ls /tmp/imp.example.org-key.pem")
machine.wait_until_succeeds("ls /tmp/imp.example.org-cert.pem")
machine.wait_until_succeeds("ls /var/ssl/decl.example.org-ca.pem")
machine.wait_until_succeeds("ls /var/ssl/decl.example.org-key.pem")
machine.wait_until_succeeds("ls /var/ssl/decl.example.org-cert.pem")
machine.wait_until_succeeds("ls /var/ssl/imp.example.org-ca.pem")
machine.wait_until_succeeds("ls /var/ssl/imp.example.org-key.pem")
machine.wait_until_succeeds("ls /var/ssl/imp.example.org-cert.pem")
machine.wait_for_unit("nginx.service")
assert 1 < int(machine.succeed('journalctl -u nginx | grep "Starting Nginx" | wc -l'))
machine.succeed("curl --cacert /tmp/imp.example.org-ca.pem https://imp.example.org")
machine.succeed("curl --cacert /tmp/decl.example.org-ca.pem https://decl.example.org")
machine.succeed("curl --cacert /var/ssl/imp.example.org-ca.pem https://imp.example.org")
machine.succeed(
"curl --cacert /var/ssl/decl.example.org-ca.pem https://decl.example.org"
)
'';
};

View file

@ -38,7 +38,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
testScript =
let
cfsslrequest = with pkgs; writeScript "cfsslrequest" ''
curl -X POST -H "Content-Type: application/json" -d @${csr} \
curl -f -X POST -H "Content-Type: application/json" -d @${csr} \
http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate
'';
csr = pkgs.writeText "csr.json" (builtins.toJSON {

View file

@ -25,6 +25,6 @@ in
machine.wait_for_unit("convos")
machine.wait_for_open_port("${toString port}")
machine.succeed("journalctl -u convos | grep -q 'Listening at.*${toString port}'")
machine.succeed("curl http://localhost:${toString port}/")
machine.succeed("curl -f http://localhost:${toString port}/")
'';
})

View file

@ -80,7 +80,7 @@ import ./make-test-python.nix (
), "SLAAC temporary address was not configured on client after router advertisement"
with subtest("Verify HTTP debug server is configured"):
out = router.succeed("curl localhost:9430/metrics")
out = router.succeed("curl -f localhost:9430/metrics")
assert (
"corerad_build_info" in out

View file

@ -43,7 +43,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
docker.fail("sudo -u noprivs docker ps")
docker.succeed("docker stop sleeping")
# Must match version twice to ensure client and server versions are correct
docker.succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "2" ]')
# Must match version 4 times to ensure client and server git commits and versions are correct
docker.succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "4" ]')
'';
})

View file

@ -115,7 +115,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
"docker load --input='${examples.nginx}'",
"docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}",
)
docker.wait_until_succeeds("curl http://localhost:8000/")
docker.wait_until_succeeds("curl -f http://localhost:8000/")
docker.succeed(
"docker rm --force nginx", "docker rmi '${examples.nginx.imageName}'",
)

View file

@ -56,6 +56,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
start_all()
client.wait_for_unit("network-online.target")
server.wait_for_unit("network-online.target")
server.wait_for_unit("ferm.service")
server.wait_for_unit("nginx.service")
server.wait_until_succeeds("ss -ntl | grep -q 80")

View file

@ -34,7 +34,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
start_all()
server.wait_for_unit("go-neb.service")
server.wait_until_succeeds(
"curl -L http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U"
"curl -fL http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U"
)
server.wait_until_succeeds(
"journalctl -eu go-neb -o cat | grep -q service_id=wikipedia_service"

View file

@ -48,7 +48,7 @@ import ../make-test-python.nix ({...}: {
datanode.wait_for_open_port(9866)
datanode.wait_for_open_port(9867)
namenode.succeed("curl http://namenode:9870")
datanode.succeed("curl http://datanode:9864")
namenode.succeed("curl -f http://namenode:9870")
datanode.succeed("curl -f http://datanode:9864")
'';
})

View file

@ -40,7 +40,7 @@ import ../make-test-python.nix ({...}: {
nodemanager.wait_for_open_port(8042)
nodemanager.wait_for_open_port(8041)
resourcemanager.succeed("curl http://localhost:8088")
nodemanager.succeed("curl http://localhost:8042")
resourcemanager.succeed("curl -f http://localhost:8088")
nodemanager.succeed("curl -f http://localhost:8042")
'';
})

View file

@ -39,9 +39,9 @@ import ./make-test-python.nix ({ pkgs, ...}: {
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("haproxy.service")
machine.wait_for_unit("httpd.service")
assert "We are all good!" in machine.succeed("curl -k http://localhost:80/index.txt")
assert "We are all good!" in machine.succeed("curl -fk http://localhost:80/index.txt")
assert "haproxy_process_pool_allocated_bytes" in machine.succeed(
"curl -k http://localhost:80/metrics"
"curl -fk http://localhost:80/metrics"
)
with subtest("reload"):
@ -49,7 +49,7 @@ import ./make-test-python.nix ({ pkgs, ...}: {
# wait some time to ensure the following request hits the reloaded haproxy
machine.sleep(5)
assert "We are all good!" in machine.succeed(
"curl -k http://localhost:80/index.txt"
"curl -fk http://localhost:80/index.txt"
)
'';
})

View file

@ -28,6 +28,6 @@ import ../make-test-python.nix ({ pkgs, ... }:
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("hitch.service")
machine.wait_for_open_port(443)
assert "We are all good!" in machine.succeed("curl -k https://localhost:443/index.txt")
assert "We are all good!" in machine.succeed("curl -fk https://localhost:443/index.txt")
'';
})

View file

@ -53,7 +53,7 @@ import ./make-test-python.nix ({ pkgs, ... } : {
machine.wait_for_unit("hound.service")
machine.wait_for_open_port(6080)
machine.wait_until_succeeds(
"curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'"
"curl -f http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'"
)
'';
})

View file

@ -1,92 +0,0 @@
{ system ? builtins.currentSystem
, pkgs ? import ../../.. { inherit system; }
, ...
}:
let inherit (import ./common.nix { inherit system; }) baseConfig; in
with import ../../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
{ mig = makeTest {
name = "hydra-db-migration";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes = {
original = { pkgs, lib, ... }: {
imports = [ baseConfig ];
# An older version of Hydra before the db change
# for testing purposes.
services.hydra.package = pkgs.hydra-migration.overrideAttrs (old: {
inherit (old) pname;
version = "2020-02-06";
src = pkgs.fetchFromGitHub {
owner = "NixOS";
repo = "hydra";
rev = "2b4f14963b16b21ebfcd6b6bfa7832842e9b2afc";
sha256 = "16q0cffcsfx5pqd91n9k19850c1nbh4vvbd9h8yi64ihn7v8bick";
};
});
};
migration_phase1 = { pkgs, lib, ... }: {
imports = [ baseConfig ];
services.hydra.package = pkgs.hydra-migration;
};
finished = { pkgs, lib, ... }: {
imports = [ baseConfig ];
services.hydra.package = pkgs.hydra-unstable;
};
};
testScript = { nodes, ... }: let
next = nodes.migration_phase1.config.system.build.toplevel;
finished = nodes.finished.config.system.build.toplevel;
in ''
original.start()
original.wait_for_unit("multi-user.target")
original.wait_for_unit("postgresql.service")
original.wait_for_unit("hydra-init.service")
original.require_unit_state("hydra-queue-runner.service")
original.require_unit_state("hydra-evaluator.service")
original.require_unit_state("hydra-notify.service")
original.succeed("hydra-create-user admin --role admin --password admin")
original.wait_for_open_port(3000)
original.succeed("create-trivial-project.sh")
original.wait_until_succeeds(
'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'
)
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
assert "jobset_id" not in out
original.succeed(
"${next}/bin/switch-to-configuration test >&2"
)
original.wait_for_unit("hydra-init.service")
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
assert "jobset_id|integer|||" in out
original.succeed("hydra-backfill-ids")
original.succeed(
"${finished}/bin/switch-to-configuration test >&2"
)
original.wait_for_unit("hydra-init.service")
out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'")
assert "jobset_id|integer||not null|" in out
original.wait_until_succeeds(
'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'
)
original.shutdown()
'';
};
}

View file

@ -11,7 +11,7 @@ let
inherit (import ./common.nix { inherit system; }) baseConfig;
hydraPkgs = {
inherit (pkgs) hydra-migration hydra-unstable;
inherit (pkgs) hydra-unstable;
};
makeHydraTest = with pkgs.lib; name: package: makeTest {

View file

@ -101,5 +101,6 @@ in
libxmlb = callInstalledTest ./libxmlb.nix {};
malcontent = callInstalledTest ./malcontent.nix {};
ostree = callInstalledTest ./ostree.nix {};
pipewire = callInstalledTest ./pipewire.nix {};
xdg-desktop-portal = callInstalledTest ./xdg-desktop-portal.nix {};
}

View file

@ -0,0 +1,5 @@
{ pkgs, lib, makeInstalledTest, ... }:
makeInstalledTest {
tested = pkgs.pipewire;
}

View file

@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
server.wait_for_open_port(6666)
client.wait_for_unit("network.target")
assert "leaps" in client.succeed(
"${pkgs.curl}/bin/curl http://server:6666/leaps/"
"${pkgs.curl}/bin/curl -f http://server:6666/leaps/"
)
'';
})

View file

@ -20,7 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.wait_for_unit("phpfpm-limesurvey.service")
assert "The following surveys are available" in machine.succeed(
"curl http://example.local/"
"curl -f http://example.local/"
)
'';
})

View file

@ -24,7 +24,7 @@ import ./make-test-python.nix ({ lib, ... }:
'echo "this is the body of the email" | mail -s "subject" root@example.org'
)
assert "this is the body of the email" in machine.succeed(
"curl http://localhost:1080/messages/1.source"
"curl -f http://localhost:1080/messages/1.source"
)
'';
})

View file

@ -77,12 +77,12 @@ in {
start_all()
serverpostgres.wait_for_unit("matrix-synapse.service")
serverpostgres.wait_until_succeeds(
"curl -L --cacert ${ca_pem} https://localhost:8448/"
"curl --fail -L --cacert ${ca_pem} https://localhost:8448/"
)
serverpostgres.require_unit_state("postgresql.service")
serversqlite.wait_for_unit("matrix-synapse.service")
serversqlite.wait_until_succeeds(
"curl -L --cacert ${ca_pem} https://localhost:8448/"
"curl --fail -L --cacert ${ca_pem} https://localhost:8448/"
)
serversqlite.succeed("[ -e /var/lib/matrix-synapse/homeserver.db ]")
'';

View file

@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
machine.wait_for_unit("phpfpm-mediawiki.service")
page = machine.succeed("curl -L http://localhost/")
page = machine.succeed("curl -fL http://localhost/")
assert "MediaWiki has been installed" in page
'';
})

View file

@ -15,6 +15,6 @@ import ./make-test-python.nix ({ pkgs, ... }: {
start_all()
machine.wait_for_unit("metabase.service")
machine.wait_for_open_port(3000)
machine.wait_until_succeeds("curl -L http://localhost:3000/setup | grep Metabase")
machine.wait_until_succeeds("curl -fL http://localhost:3000/setup | grep Metabase")
'';
})

View file

@ -24,7 +24,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
''
mortyProxyWithKey.wait_for_unit("default.target")
mortyProxyWithKey.wait_for_open_port(3001)
mortyProxyWithKey.succeed("curl -L 127.0.0.1:3001 | grep MortyProxy")
mortyProxyWithKey.succeed("curl -fL 127.0.0.1:3001 | grep MortyProxy")
'';
})

View file

@ -15,6 +15,6 @@ import ./make-test-python.nix {
master.wait_for_unit("neo4j")
master.wait_for_open_port(7474)
master.succeed("curl http://localhost:7474/")
master.succeed("curl -f http://localhost:7474/")
'';
}

View file

@ -7,8 +7,16 @@ import ./make-test-python.nix ({ lib, ... } : {
{ config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ];
$bootLoaderConfig
$desktopConfiguration
}
'';
system.nixos-generate-config.desktopConfiguration = ''
# DESKTOP
# services.xserver.enable = true;
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome3.enable = true;
'';
};
testScript = ''
start_all()
@ -18,9 +26,17 @@ import ./make-test-python.nix ({ lib, ... } : {
# Test if the configuration really is overridden
machine.succeed("grep 'OVERRIDDEN' /etc/nixos/configuration.nix")
# Test if desktop configuration really is overridden
machine.succeed("grep 'DESKTOP' /etc/nixos/configuration.nix")
# Test of if the Perl variable $bootLoaderConfig is spliced correctly:
machine.succeed(
"grep 'boot\\.loader\\.grub\\.enable = true;' /etc/nixos/configuration.nix"
)
# Test if the Perl variable $desktopConfiguration is spliced correctly
machine.succeed(
"grep 'services\\.xserver\\.desktopManager\\.gnome3\\.enable = true;' /etc/nixos/configuration.nix"
)
'';
})

View file

@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
server.wait_for_unit("network.target")
server.wait_for_open_port(6789)
assert "This file is part of nzbget" in server.succeed(
"curl -s -u nzbget:tegbzn6789 http://127.0.0.1:6789"
"curl -f -s -u nzbget:tegbzn6789 http://127.0.0.1:6789"
)
server.succeed(
"${pkgs.nzbget}/bin/nzbget -n -o Control_iP=127.0.0.1 -o Control_port=6789 -o Control_password=tegbzn6789 -V"

View file

@ -32,7 +32,7 @@ let
start_all()
${backend}.wait_for_unit("${backend}-nginx.service")
${backend}.wait_for_open_port(8181)
${backend}.wait_until_succeeds("curl http://localhost:8181 | grep Hello")
${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello")
'';
};

View file

@ -48,10 +48,10 @@ in {
machine.wait_for_unit("osrm.service")
machine.wait_for_open_port(${toString port})
assert "Boulevard Rainier III" in machine.succeed(
"curl --silent '${query}' | jq .waypoints[0].name"
"curl --fail --silent '${query}' | jq .waypoints[0].name"
)
assert "Avenue de la Costa" in machine.succeed(
"curl --silent '${query}' | jq .waypoints[1].name"
"curl --fail --silent '${query}' | jq .waypoints[1].name"
)
'';
})

Some files were not shown because too many files have changed in this diff Show more