colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/staging' into dnicponski/scratch/update_darwin_cctools

Browse Source
This commit is contained in:
Matthew Bauer 2019-11-25 22:00:13 -05:00
commit 08d6c4019d
893 changed files with 10352 additions and 7435 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/CODEOWNERS vendored
View File

@ -47,6 +47,9 @@
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
# NixOS integration test driver
/nixos/lib/test-driver @tfc
# New NixOS modules
/nixos/modules/module-list.nix @Infinisil
@ -167,3 +170,8 @@
/nixos/modules/services/monitoring/prometheus/exporters.nix @WilliButz
/nixos/modules/services/monitoring/prometheus/exporters.xml @WilliButz
/nixos/tests/prometheus-exporters.nix @WilliButz
# PHP
/pkgs/development/interpreters/php @etu
/pkgs/top-level/php-packages.nix @etu
/pkgs/build-support/build-pecl.nix @etu

11
doc/using/configuration.xml
View File

@ -141,11 +141,10 @@
For a more useful example, try the following. This configuration only allows unfree packages named flash player and visual studio code:
<programlisting>
{
allowUnfreePredicate = (pkg: builtins.elem
(pkg.pname or (builtins.parseDrvName pkg.name).name) [
"flashplayer"
"vscode"
]);
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"flashplayer"
"vscode"
];
}
</programlisting>
</para>
@ -217,7 +216,7 @@
The following configuration example only allows insecure packages with very short names:
<programlisting>
{
allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) &lt;= 5);
allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) &lt;= 5;
}
</programlisting>
</para>

3
lib/default.nix
View File

@ -84,7 +84,8 @@ let
hasInfix hasPrefix hasSuffix stringToCharacters stringAsChars escape
escapeShellArg escapeShellArgs replaceChars lowerChars
upperChars toLower toUpper addContextFrom splitString
removePrefix removeSuffix versionOlder versionAtLeast getVersion
removePrefix removeSuffix versionOlder versionAtLeast
getName getVersion
nameFromURL enableFeature enableFeatureAs withFeature
withFeatureAs fixedWidthString fixedWidthNumber isStorePath
toInt readPathsFromFile fileContents;

17
lib/strings.nix
View File

@ -472,6 +472,23 @@ rec {
*/
versionAtLeast = v1: v2: !versionOlder v1 v2;
/* This function takes an argument that's either a derivation or a
derivation's "name" attribute and extracts the name part from that
argument.
Example:
getName "youtube-dl-2016.01.01"
=> "youtube-dl"
getName pkgs.youtube-dl
=> "youtube-dl"
*/
getName = x:
let
parse = drv: (builtins.parseDrvName drv).name;
in if isString x
then parse x
else x.pname or (parse x.name);
/* This function takes an argument that's either a derivation or a
derivation's "name" attribute and extracts the version part from that
argument.

1
lib/systems/default.nix
View File

@ -37,6 +37,7 @@ rec {
else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
else if final.isMsp430 then "newlib"
else if final.isVc4 then "newlib"
else if final.isAvr then "avrlibc"
else if final.isNetBSD then "nblibc"
# TODO(@Ericson2314) think more about other operating systems

3
lib/systems/doubles.nix
View File

@ -26,7 +26,7 @@ let
"riscv32-linux" "riscv64-linux"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none" "vc4-none"
];
allParsed = map parse.mkSystemFromString all;
@ -45,6 +45,7 @@ in {
x86_64 = filterDoubles predicates.isx86_64;
mips = filterDoubles predicates.isMips;
riscv = filterDoubles predicates.isRiscV;
vc4 = filterDoubles predicates.isVc4;
cygwin = filterDoubles predicates.isCygwin;
darwin = filterDoubles predicates.isDarwin;

6
lib/systems/examples.nix
View File

@ -118,6 +118,12 @@ rec {
config = "avr";
};
vc4 = {
config = "vc4-elf";
libc = "newlib";
platform = {};
};
arm-embedded = {
config = "arm-none-eabi";
libc = "newlib";

1
lib/systems/inspect.nix
View File

@ -21,6 +21,7 @@ rec {
isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; };
isMsp430 = { cpu = { family = "msp430"; }; };
isVc4 = { cpu = { family = "vc4"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isJavaScript = { cpu = cpuTypes.js; };

2
lib/systems/parse.nix
View File

@ -112,6 +112,8 @@ rec {
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
vc4 = { bits = 32; significantByte = littleEndian; family = "vc4"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};

39
maintainers/maintainer-list.nix
View File

@ -1780,6 +1780,12 @@
githubId = 875324;
name = "David Johnson";
};
dmrauh = {
email = "dmrauh@posteo.de";
github = "dmrauh";
githubId = 37698547;
name = "Dominik Michael Rauh";
};
dmvianna = {
email = "dmlvianna@gmail.com";
github = "dmvianna";
@ -2515,6 +2521,7 @@
gazally = {
email = "gazally@runbox.com";
github = "gazally";
githubId = 16470252;
name = "Gemini Lasswell";
};
gebner = {
@ -3594,6 +3601,12 @@
github = "klntsky";
githubId = 18447310;
};
kmcopper = {
email = "kmcopper@danwin1210.me";
name = "Kyle Copperfield";
github = "kmcopper";
githubId = 57132115;
};
kmeakin = {
email = "karlwfmeakin@gmail.com";
name = "Karl Meakin";
@ -3700,6 +3713,18 @@
githubId = 449813;
name = "Roman Kuznetsov";
};
kylesferrazza = {
name = "Kyle Sferrazza";
email = "kyle.sferrazza@gmail.com";
github = "kylesferrazza";
githubId = 6677292;
keys = [{
longkeyid = "rsa4096/81A1540948162372";
fingerprint = "5A9A 1C9B 2369 8049 3B48 CF5B 81A1 5409 4816 2372";
}];
};
kylewlacy = {
email = "kylelacy+nix@pm.me";
github = "kylewlacy";
@ -4505,6 +4530,12 @@
githubId = 117842;
name = "Henri Bourcereau";
};
mmilata = {
email = "martin@martinmilata.cz";
github = "mmilata";
gitHubId = 85857;
name = "Martin Milata";
};
mmlb = {
email = "me.mmlb@mmlb.me";
github = "mmlb";
@ -6087,7 +6118,7 @@
name = "Shahrukh Khan";
};
shanemikel = {
email = "shanemikel1@gmail.com";
email = "shanepearlman@pm.me";
github = "shanemikel";
githubId = 6720672;
name = "Shane Pearlman";
@ -6708,6 +6739,12 @@
githubId = 42933;
name = "Andrew Childs";
};
thefenriswolf = {
email = "stefan.rohrbacher97@gmail.com";
github = "thefenriswolf";
githubId = "8547242";
name = "Stefan Rohrbacher";
};
thesola10 = {
email = "thesola10@bobile.fr";
github = "thesola10";

2
maintainers/scripts/update.nix
View File

@ -126,7 +126,7 @@ let
packageData = package: {
name = package.name;
pname = (builtins.parseDrvName package.name).name;
pname = pkgs.lib.getName package;
updateScript = map builtins.toString (pkgs.lib.toList package.updateScript);
};

4
nixos/doc/manual/configuration/profiles/graphical.xml
View File

@ -13,9 +13,7 @@
<para>
It sets <xref linkend="opt-services.xserver.enable"/>,
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/>,
<xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> (
<link linkend="opt-services.xserver.desktopManager.plasma5.enableQt4Support">
without Qt4 Support</link>), and
<xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/>, and
<xref linkend="opt-services.xserver.libinput.enable"/> to true. It also
includes glxinfo and firefox in the system packages list.
</para>

21
nixos/doc/manual/development/releases.xml
View File

@ -45,12 +45,12 @@
<listitem>
<para>
<literal>git tag -a -s -m &quot;Release 17.09-beta&quot; 17.09-beta
&amp;&amp; git push --tags</literal>
&amp;&amp; git push origin 17.09-beta</literal>
</para>
</listitem>
<listitem>
<para>
From the master branch run <literal>git checkout -B
From the master branch run <literal>git checkout -b
release-17.09</literal>.
</para>
</listitem>
@ -157,7 +157,7 @@
<listitem>
<para>
Release Nix (currently only Eelco Dolstra can do that).
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/53710c752a85f00658882531bc90a23a3d1287e4">
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nix-fallback-paths.nix">
Make sure fallback is updated. </link>
</para>
</listitem>
@ -169,8 +169,8 @@
</listitem>
<listitem>
<para>
Change <literal>stableBranch</literal> to true and wait for channel to
update.
Change <literal>stableBranch</literal> to <literal>true</literal> in Hydra and wait for
the channel to update.
</para>
</listitem>
</itemizedlist>
@ -193,9 +193,11 @@
</listitem>
<listitem>
<para>
Update http://nixos.org/nixos/download.html and
http://nixos.org/nixos/manual in
https://github.com/NixOS/nixos-org-configurations
Update the
<link xlink:href="https://github.com/NixOS/nixos-homepage/commit/2a37975d5a617ecdfca94696242b6f32ffcba9f1"><code>NIXOS_SERIES</code></link>
in the
<link xlink:href="https://github.com/NixOS/nixos-homepage">nixos-homepage</link>
repository.
</para>
</listitem>
<listitem>
@ -212,7 +214,8 @@
</listitem>
<listitem>
<para>
Send an email to nix-dev to announce the release with above information.
Create a new topic on <link xlink:href="https://discourse.nixos.org/">the
Discourse instance</link> to announce the release with the above information.
Best to check how previous email was formulated to see what needs to be
included.
</para>

14
nixos/doc/manual/installation/installing.xml
View File

@ -392,11 +392,11 @@
<filename>hardware-configuration.nix</filename> is included from
<filename>configuration.nix</filename> and will be overwritten by future
invocations of <command>nixos-generate-config</command>; thus, you
generally should not modify it.) Additionally, you may want to look at
generally should not modify it.) Additionally, you may want to look at
<link xlink:href="https://github.com/NixOS/nixos-hardware">Hardware
configuration for known-hardware</link> at this point or after
installation.
</para>
<note>
<para>
@ -418,11 +418,11 @@
Do the installation:
<screen>
<prompt># </prompt>nixos-install</screen>
Cross fingers. If this fails due to a temporary problem (such as a network
issue while downloading binaries from the NixOS binary cache), you can
just re-run <command>nixos-install</command>. Otherwise, fix your
<filename>configuration.nix</filename> and then re-run
<command>nixos-install</command>.
This will install your system based on the configuration you provided.
If anything fails due to a configuration problem or any other issue
(such as a network outage while downloading binaries from the NixOS
binary cache), you can re-run <command>nixos-install</command> after
fixing your <filename>configuration.nix</filename>.
</para>
<para>
As the last step, <command>nixos-install</command> will ask you to set the

31
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -155,6 +155,37 @@
You should now use the different build tools coming with the languages with sandbox mode disabled.
</para>
</listitem>
<listitem>
<para>
There is now only one Xfce package-set and module. This means attributes, <literal>xfce4-14</literal>
<literal>xfce4-12</literal>, and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in future NixOS releases will be the latest released version of Xfce available at the
time during the releases development (if viable).
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.phpfpm.pools">phpfpm</link> module now sets
<literal>PrivateTmp=true</literal> in its systemd units for better process isolation.
If you rely on <literal>/tmp</literal> being shared with other services, explicitly override this by
setting <literal>serviceConfig.PrivateTmp</literal> to <literal>false</literal> for each phpfpm unit.
</para>
</listitem>
<listitem>
<para>
KDEs old multimedia framework Phonon no longer supports Qt 4. For that reason, Plasma desktop also does not have <option>enableQt4Support</option> option any more.
</para>
</listitem>
<listitem>
<para>
The BeeGFS module has been removed.
</para>
</listitem>
<listitem>
<para>
The osquery module has been removed.
</para>
</listitem>
</itemizedlist>
</section>

2
nixos/lib/make-options-doc/default.nix
View File

@ -86,7 +86,7 @@ let
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsXML = pkgs.writeText "options.xml" (builtins.toXML optionsList);
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);

33
nixos/lib/test-driver/test-driver.py
View File

@ -3,7 +3,6 @@ from contextlib import contextmanager, _GeneratorContextManager
from xml.sax.saxutils import XMLGenerator
import _thread
import atexit
import json
import os
import ptpython.repl
import pty
@ -16,7 +15,7 @@ import sys
import tempfile
import time
import unicodedata
from typing import Tuple, TextIO, Any, Callable, Dict, Iterator, Optional, List
from typing import Tuple, Any, Callable, Dict, Iterator, Optional, List
CHAR_TO_KEY = {
"A": "shift-a",
@ -290,10 +289,15 @@ class Machine:
def wait_for_monitor_prompt(self) -> str:
assert self.monitor is not None
answer = ""
while True:
answer = self.monitor.recv(1024).decode()
undecoded_answer = self.monitor.recv(1024)
if not undecoded_answer:
break
answer += undecoded_answer.decode()
if answer.endswith("(qemu) "):
return answer
break
return answer
def send_monitor_command(self, command: str) -> str:
message = ("{}\n".format(command)).encode()
@ -606,12 +610,15 @@ class Machine:
+ os.environ.get("QEMU_OPTS", "")
)
environment = {
"QEMU_OPTS": qemu_options,
"SHARED_DIR": self.shared_dir,
"USE_TMPDIR": "1",
}
environment.update(dict(os.environ))
environment = dict(os.environ)
environment.update(
{
"TMPDIR": self.state_dir,
"SHARED_DIR": self.shared_dir,
"USE_TMPDIR": "1",
"QEMU_OPTS": qemu_options,
}
)
self.process = subprocess.Popen(
self.script,
@ -749,7 +756,7 @@ def run_tests() -> None:
if tests is not None:
with log.nested("running the VM test script"):
try:
exec(tests)
exec(tests, globals())
except Exception as e:
eprint("error: {}".format(str(e)))
sys.exit(1)
@ -763,7 +770,9 @@ def run_tests() -> None:
machine.execute("sync")
if nr_tests != 0:
log.log("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
eprint("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
if nr_tests > nr_succeeded:
sys.exit(1)
@contextmanager

4
nixos/maintainers/scripts/ec2/create-amis.sh
View File

@ -211,11 +211,11 @@ upload_image() {
log "Registering snapshot $snapshot_id as AMI"
local block_device_mappings=(
"DeviceName=/dev/sda1,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp2}"
"DeviceName=/dev/xvda,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp2}"
)
local extra_flags=(
--root-device-name /dev/sda1
--root-device-name /dev/xvda
--sriov-net-support simple
--ena-support
--virtualization-type hvm

2
nixos/modules/config/qt5.nix
View File

@ -10,7 +10,7 @@ let
isQtStyle = cfg.platformTheme == "gtk2" && cfg.style != "adwaita";
packages = if isQGnome then [ pkgs.qgnomeplatform pkgs.adwaita-qt ]
else if isQtStyle then [ pkgs.qtstyleplugins ]
else if isQtStyle then [ pkgs.libsForQt5.qtstyleplugins ]
else throw "`qt5.platformTheme` ${cfg.platformTheme} and `qt5.style` ${cfg.style} are not compatible.";
in

41
nixos/modules/config/vpnc.nix
View File

@ -1,41 +0,0 @@
{ config, lib, ... }:
with lib;
let
cfg = config.networking.vpnc;
mkServiceDef = name: value:
{
name = "vpnc/${name}.conf";
value = { text = value; };
};
in
{
options = {
networking.vpnc = {
services = mkOption {
type = types.attrsOf types.str;
default = {};
example = literalExample ''
{ test = '''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
''';
}
'';
description =
''
The names of cisco VPNs and their associated definitions
'';
};
};
};
config.environment.etc = mapAttrs' mkServiceDef cfg.services;
}

1
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -11,7 +11,6 @@ with lib;
services.xserver = {
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
# Automatically login as nixos.

5
nixos/modules/misc/ids.nix
View File

@ -11,6 +11,9 @@
{ lib, ... }:
let
inherit (lib) types;
in
{
options = {
@ -19,6 +22,7 @@
description = ''
The user IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
ids.gids = lib.mkOption {
@ -26,6 +30,7 @@
description = ''
The group IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
};

3
nixos/modules/module-list.nix
View File

@ -35,7 +35,6 @@
./config/terminfo.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/vpnc.nix
./config/vte.nix
./config/zram.nix
./hardware/acpilight.nix
@ -519,7 +518,6 @@
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
./services/monitoring/netdata.nix
./services/monitoring/osquery.nix
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/exporters.nix
@ -539,7 +537,6 @@
./services/monitoring/zabbix-agent.nix
./services/monitoring/zabbix-proxy.nix
./services/monitoring/zabbix-server.nix
./services/network-filesystems/beegfs.nix
./services/network-filesystems/cachefilesd.nix
./services/network-filesystems/davfs2.nix
./services/network-filesystems/drbd.nix

1
nixos/modules/profiles/graphical.nix
View File

@ -9,7 +9,6 @@
displayManager.sddm.enable = true;
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
libinput.enable = true; # for touchpad support on many laptops
};

3
nixos/modules/programs/adb.nix
View File

@ -23,7 +23,8 @@ with lib;
###### implementation
config = mkIf config.programs.adb.enable {
services.udev.packages = [ pkgs.android-udev-rules ];
environment.systemPackages = [ pkgs.androidenv.androidPkgs_9_0.platform-tools ];
# Give platform-tools lower priority so mke2fs+friends are taken from other packages first
environment.systemPackages = [ (lowPrio pkgs.androidenv.androidPkgs_9_0.platform-tools) ];
users.groups.adbusers = {};
};
}

9
nixos/modules/rename.nix
View File

@ -10,6 +10,7 @@ with lib;
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkRenamedOptionModule [ "networking" "connman" ] [ "services" "connman" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
@ -235,6 +236,7 @@ with lib;
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
(mkRemovedOptionModule [ "fonts" "enableCoreFonts" ] "Use fonts.fonts = [ pkgs.corefonts ]; instead.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
@ -279,6 +281,13 @@ with lib;
# BLCR
(mkRemovedOptionModule [ "environment.blcr.enable" ] "The BLCR module has been removed")
# beegfs
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
# osquery
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")

12
nixos/modules/services/databases/mysql.nix
View File

@ -8,15 +8,11 @@ let
mysql = cfg.package;
isMariaDB =
let
pName = _p: (builtins.parseDrvName (_p.name)).name;
in pName mysql == pName pkgs.mariadb;
isMariaDB = lib.getName mysql == lib.getName pkgs.mariadb;
isMysqlAtLeast57 =
let
pName = _p: (builtins.parseDrvName (_p.name)).name;
in (pName mysql == pName pkgs.mysql57)
&& ((builtins.compareVersions mysql.version "5.7") >= 0);
(lib.getName mysql == lib.getName pkgs.mysql57)
&& (builtins.compareVersions mysql.version "5.7" >= 0);
mysqldOptions =
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";

18
nixos/modules/services/desktops/tumbler.nix
View File

@ -7,12 +7,17 @@ with lib;
let
cfg = config.services.tumbler;
tumbler = cfg.package;
in
{
imports = [
(mkRemovedOptionModule
[ "services" "tumbler" "package" ]
"")
];
###### interface
options = {
@ -21,13 +26,6 @@ in
enable = mkEnableOption "Tumbler, A D-Bus thumbnailer service";
package = mkOption {
type = types.package;
default = pkgs.xfce4-14.tumbler;
description = "Which tumbler package to use";
example = pkgs.xfce4-12.tumbler;
};
};
};
@ -37,11 +35,11 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [
environment.systemPackages = with pkgs.xfce; [
tumbler
];
services.dbus.packages = [
services.dbus.packages = with pkgs.xfce; [
tumbler
];

2
nixos/modules/services/games/openarena.nix
View File

@ -43,7 +43,7 @@ in
serviceConfig = {
DynamicUser = true;
StateDirectory = "openarena";
ExecStart = "${pkgs.openarena}/bin/openarena-server +set fs_basepath ${pkgs.openarena}/openarena-0.8.8 +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
ExecStart = "${pkgs.openarena}/bin/oa_ded +set fs_basepath ${pkgs.openarena}/openarena-0.8.8 +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
Restart = "on-failure";
# Hardening

6
nixos/modules/services/hardware/fwupd.nix
View File

@ -74,7 +74,7 @@ in {
default = false;
description = ''
Whether to enable test remote. This is used by
<link xlink:href="https://github.com/hughsie/fwupd/blob/master/data/installed-tests/README.md">installed tests</link>.
<link xlink:href="https://github.com/fwupd/fwupd/blob/master/data/installed-tests/README.md">installed tests</link>.
'';
};
@ -115,10 +115,6 @@ in {
services.udev.packages = [ cfg.package ];
systemd.packages = [ cfg.package ];
systemd.tmpfiles.rules = [
"d /var/lib/fwupd 0755 root root -"
];
};
meta = {

2
nixos/modules/services/hardware/tlp.nix
View File

@ -37,7 +37,7 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the TLP daemon.";
description = "Whether to enable the TLP power management daemon.";
};
extraConfig = mkOption {

9
nixos/modules/services/mail/mailcatcher.nix
View File

@ -25,6 +25,13 @@ in
description = "The port address of the http server.";
};
http.path = mkOption {
type = with types; nullOr str;
default = null;
description = "Prefix to all HTTP paths.";
example = "/mailcatcher";
};
smtp.ip = mkOption {
type = types.str;
default = "127.0.0.1";
@ -53,7 +60,7 @@ in
serviceConfig = {
DynamicUser = true;
Restart = "always";
ExecStart = "${pkgs.mailcatcher}/bin/mailcatcher --foreground --no-quit --http-ip ${cfg.http.ip} --http-port ${toString cfg.http.port} --smtp-ip ${cfg.smtp.ip} --smtp-port ${toString cfg.smtp.port}";
ExecStart = "${pkgs.mailcatcher}/bin/mailcatcher --foreground --no-quit --http-ip ${cfg.http.ip} --http-port ${toString cfg.http.port} --smtp-ip ${cfg.smtp.ip} --smtp-port ${toString cfg.smtp.port}" + optionalString (cfg.http.path != null) " --http-path ${cfg.http.path}";
AmbientCapabilities = optionalString (cfg.http.port < 1024 || cfg.smtp.port < 1024) "cap_net_bind_service";
};
};

2
nixos/modules/services/mail/roundcube.nix
View File

@ -160,7 +160,7 @@ in
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create role ${cfg.database.username} with login password '${cfg.database.password}'";
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create database ${cfg.database.dbname} with owner ${cfg.database.username}";
fi
PGPASSWORD=${cfg.database.password} ${pkgs.postgresql}/bin/psql -U ${cfg.database.username} \
PGPASSWORD="${cfg.database.password}" ${pkgs.postgresql}/bin/psql -U ${cfg.database.username} \
-f ${cfg.package}/SQL/postgres.initial.sql \
-h ${cfg.database.host} ${cfg.database.dbname}
touch /var/lib/roundcube/db-created

2
nixos/modules/services/mail/rspamd.nix
View File

@ -60,7 +60,7 @@ let
};
type = mkOption {
type = types.nullOr (types.enum [
"normal" "controller" "fuzzy_storage" "rspamd_proxy" "lua" "proxy"
"normal" "controller" "fuzzy" "rspamd_proxy" "lua" "proxy"
]);
description = ''
The type of this worker. The type <literal>proxy</literal> is

3
nixos/modules/services/misc/beanstalkd.nix
View File

@ -44,7 +44,8 @@ in
serviceConfig = {
DynamicUser = true;
Restart = "always";
ExecStart = "${pkg}/bin/beanstalkd -l ${cfg.listen.address} -p ${toString cfg.listen.port}";
ExecStart = "${pkg}/bin/beanstalkd -l ${cfg.listen.address} -p ${toString cfg.listen.port} -b $STATE_DIRECTORY";
StateDirectory = "beanstalkd";
};
};

91
nixos/modules/services/monitoring/osquery.nix
View File

@ -1,91 +0,0 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.services.osquery;
in
{
options = {
services.osquery = {
enable = mkEnableOption "osquery";
loggerPath = mkOption {
type = types.path;
description = "Base directory used for logging.";
default = "/var/log/osquery";
};
pidfile = mkOption {
type = types.path;
description = "Path used for pid file.";
default = "/var/osquery/osqueryd.pidfile";
};
utc = mkOption {
type = types.bool;
description = "Attempt to convert all UNIX calendar times to UTC.";
default = true;
};
databasePath = mkOption {
type = types.path;
description = "Path used for database file.";
default = "/var/osquery/osquery.db";
};
extraConfig = mkOption {
type = types.attrs // {
merge = loc: foldl' (res: def: recursiveUpdate res def.value) {};
};
description = "Extra config to be recursively merged into the JSON config file.";
default = { };
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.osquery ];
environment.etc."osquery/osquery.conf".text = toJSON (
recursiveUpdate {
options = {
config_plugin = "filesystem";
logger_plugin = "filesystem";
logger_path = cfg.loggerPath;
database_path = cfg.databasePath;
utc = cfg.utc;
};
} cfg.extraConfig
);
systemd.services.osqueryd = {
description = "The osquery Daemon";
after = [ "network.target" "syslog.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.osquery ];
preStart = ''
mkdir -p ${escapeShellArg cfg.loggerPath}
mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})"
mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})"
'';
serviceConfig = {
TimeoutStartSec = "infinity";
ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}";
KillMode = "process";
KillSignal = "SIGTERM";
Restart = "on-failure";
};
};
};
}

357
nixos/modules/services/network-filesystems/beegfs.nix
View File

@ -1,357 +0,0 @@
{ config, lib, pkgs, ...} :
with lib;
let
cfg = config.services.beegfs;
# functions for the generations of config files
configMgmtd = name: cfg: pkgs.writeText "mgmt-${name}.conf" ''
storeMgmtdDirectory = ${cfg.mgmtd.storeDir}
storeAllowFirstRunInit = false
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
${cfg.mgmtd.extraConfig}
'';
configAdmon = name: cfg: pkgs.writeText "admon-${name}.conf" ''
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
${cfg.admon.extraConfig}
'';
configMeta = name: cfg: pkgs.writeText "meta-${name}.conf" ''
storeMetaDirectory = ${cfg.meta.storeDir}
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
storeAllowFirstRunInit = false
${cfg.meta.extraConfig}
'';
configStorage = name: cfg: pkgs.writeText "storage-${name}.conf" ''
storeStorageDirectory = ${cfg.storage.storeDir}
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
storeAllowFirstRunInit = false
${cfg.storage.extraConfig}
'';
configHelperd = name: cfg: pkgs.writeText "helperd-${name}.conf" ''
connAuthFile = ${cfg.connAuthFile}
${cfg.helperd.extraConfig}
'';
configClientFilename = name : "/etc/beegfs/client-${name}.conf";
configClient = name: cfg: ''
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
${cfg.client.extraConfig}
'';
serviceList = [
{ service = "admon"; cfgFile = configAdmon; }
{ service = "meta"; cfgFile = configMeta; }
{ service = "mgmtd"; cfgFile = configMgmtd; }
{ service = "storage"; cfgFile = configStorage; }
];
# functions to generate systemd.service entries
systemdEntry = service: cfgFile: (mapAttrs' ( name: cfg:
(nameValuePair "beegfs-${service}-${name}" (mkIf cfg.${service}.enable {
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = rec {
ExecStart = ''
${pkgs.beegfs}/bin/beegfs-${service} \
cfgFile=${cfgFile name cfg} \
pidFile=${PIDFile}
'';
PIDFile = "/run/beegfs-${service}-${name}.pid";
TimeoutStopSec = "300";
};
}))) cfg);
systemdHelperd = mapAttrs' ( name: cfg:
(nameValuePair "beegfs-helperd-${name}" (mkIf cfg.client.enable {
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = rec {
ExecStart = ''
${pkgs.beegfs}/bin/beegfs-helperd \
cfgFile=${configHelperd name cfg} \
pidFile=${PIDFile}
'';
PIDFile = "/run/beegfs-helperd-${name}.pid";
TimeoutStopSec = "300";
};
}))) cfg;
# wrappers to beegfs tools. Avoid typing path of config files
utilWrappers = mapAttrsToList ( name: cfg:
( pkgs.runCommand "beegfs-utils-${name}" {
nativeBuildInputs = [ pkgs.makeWrapper ];
preferLocalBuild = true;
} ''
mkdir -p $out/bin
makeWrapper ${pkgs.beegfs}/bin/beegfs-check-servers \
$out/bin/beegfs-check-servers-${name} \
--add-flags "-c ${configClientFilename name}" \
--prefix PATH : ${lib.makeBinPath [ pkgs.beegfs ]}
makeWrapper ${pkgs.beegfs}/bin/beegfs-ctl \
$out/bin/beegfs-ctl-${name} \
--add-flags "--cfgFile=${configClientFilename name}"
makeWrapper ${pkgs.beegfs}/bin/beegfs-ctl \
$out/bin/beegfs-df-${name} \
--add-flags "--cfgFile=${configClientFilename name}" \
--add-flags --listtargets \
--add-flags --hidenodeid \
--add-flags --pools \
--add-flags --spaceinfo
makeWrapper ${pkgs.beegfs}/bin/beegfs-fsck \
$out/bin/beegfs-fsck-${name} \
--add-flags "--cfgFile=${configClientFilename name}"
''
)) cfg;
in
{
###### interface
options = {
services.beegfsEnable = mkEnableOption "BeeGFS";
services.beegfs = mkOption {
default = {};
description = ''
BeeGFS configurations. Every mount point requires a separate configuration.
'';
type = with types; attrsOf (submodule ({ ... } : {
options = {
mgmtdHost = mkOption {
type = types.str;
default = null;
example = "master";
description = ''Hostname of managament host.'';
};
connAuthFile = mkOption {
type = types.str;
default = "";
example = "/etc/my.key";
description = "File containing shared secret authentication.";
};
connPortShift = mkOption {
type = types.int;
default = 0;
example = 5;
description = ''
For each additional beegfs configuration shift all
service TCP/UDP ports by at least 5.
'';
};
client = {
enable = mkEnableOption "BeeGFS client";
mount = mkOption {
type = types.bool;
default = true;
description = "Create fstab entry automatically";
};
mountPoint = mkOption {
type = types.str;
default = "/run/beegfs";
description = ''
Mount point under which the beegfs filesytem should be mounted.
If mounted manually the mount option specifing the config file is needed:
cfgFile=/etc/beegfs/beegfs-client-&lt;name&gt;.conf
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-client.conf.
See documentation for further details.
'';
};
};
helperd = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Enable the BeeGFS helperd.
The helpered is need for logging purposes on the client.
Disabling <literal>helperd</literal> allows for runing the client
with <literal>allowUnfree = false</literal>.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-helperd.conf. See documentation
for further details.
'';
};
};
mgmtd = {
enable = mkEnableOption "BeeGFS mgmtd daemon";
storeDir = mkOption {
type = types.path;
default = null;
example = "/data/beegfs-mgmtd";
description = ''
Data directory for mgmtd.
Must not be shared with other beegfs daemons.
This directory must exist and it must be initialized
with beegfs-setup-mgmtd, e.g. "beegfs-setup-mgmtd -C -p &lt;storeDir&gt;"
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-mgmtd.conf. See documentation
for further details.
'';
};
};
admon = {
enable = mkEnableOption "BeeGFS admon daemon";
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-admon.conf. See documentation
for further details.
'';
};
};
meta = {
enable = mkEnableOption "BeeGFS meta data daemon";
storeDir = mkOption {
type = types.path;
default = null;
example = "/data/beegfs-meta";
description = ''
Data directory for meta data service.
Must not be shared with other beegfs daemons.
The underlying filesystem must be mounted with xattr turned on.
This directory must exist and it must be initialized
with beegfs-setup-meta, e.g.
"beegfs-setup-meta -C -s &lt;serviceID&gt; -p &lt;storeDir&gt;"
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Additional lines for beegfs-meta.conf. See documentation
for further details.
'';
};
};
storage = {
enable = mkEnableOption "BeeGFS storage daemon";
storeDir = mkOption {
type = types.path;
default = null;
example = "/data/beegfs-storage";
description = ''
Data directories for storage service.
Must not be shared with other beegfs daemons.
The underlying filesystem must be mounted with xattr turned on.
This directory must exist and it must be initialized
with beegfs-setup-storage, e.g.
"beegfs-setup-storage -C -s &lt;serviceID&gt; -i &lt;storageTargetID&gt; -p &lt;storeDir&gt;"
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Addional lines for beegfs-storage.conf. See documentation
for further details.
'';
};
};
};
}));
};
};
###### implementation
config =
mkIf config.services.beegfsEnable {
environment.systemPackages = utilWrappers;
# Put the client.conf files in /etc since they are needed
# by the commandline tools
environment.etc = mapAttrs' ( name: cfg:
(nameValuePair "beegfs/client-${name}.conf" (mkIf (cfg.client.enable)
{
enable = true;
text = configClient name cfg;
}))) cfg;
# Kernel module, we need it only once per host.
boot = mkIf (
foldr (a: b: a || b) false
(map (x: x.client.enable) (collect (x: x ? client) cfg)))
{
kernelModules = [ "beegfs" ];
extraModulePackages = [ pkgs.linuxPackages.beegfs-module ];
};
# generate fstab entries
fileSystems = mapAttrs' (name: cfg:
(nameValuePair cfg.client.mountPoint (optionalAttrs cfg.client.mount (mkIf cfg.client.enable {
device = "beegfs_nodev";
fsType = "beegfs";
mountPoint = cfg.client.mountPoint;
options = [ "cfgFile=${configClientFilename name}" "_netdev" ];
})))) cfg;
# generate systemd services
systemd.services = systemdHelperd //
foldr (a: b: a // b) {}
(map (x: systemdEntry x.service x.cfgFile) serviceList);
};
}

6
nixos/modules/services/networking/bind.nix
View File

@ -78,7 +78,11 @@ in
cacheNetworks = mkOption {
default = ["127.0.0.0/24"];
description = "
What networks are allowed to use us as a resolver.
What networks are allowed to use us as a resolver. Note
that this is for recursive queries -- all networks are
allowed to query zones configured with the `zones` option.
It is recommended that you limit cacheNetworks to avoid your
server being used for DNS amplification attacks.
";
};

3
nixos/modules/services/networking/bitcoind.nix
View File

@ -177,9 +177,6 @@ in {
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
# Permission for preStart
PermissionsStartOnly = "true";
};
};
users.users.${cfg.user} = {

10
nixos/modules/services/networking/connman.nix
View File

@ -4,7 +4,7 @@ with pkgs;
with lib;
let
cfg = config.networking.connman;
cfg = config.services.connman;
configFile = pkgs.writeText "connman.conf" ''
[General]
NetworkInterfaceBlacklist=${concatStringsSep "," cfg.networkInterfaceBlacklist}
@ -17,7 +17,7 @@ in {
options = {
networking.connman = {
services.connman = {
enable = mkOption {
type = types.bool;
@ -71,13 +71,13 @@ in {
assertions = [{
assertion = !config.networking.useDHCP;
message = "You can not use services.networking.connman with services.networking.useDHCP";
message = "You can not use services.connman with networking.useDHCP";
}{
assertion = config.networking.wireless.enable;
message = "You must use services.networking.connman with services.networking.wireless";
message = "You must use services.connman with networking.wireless";
}{
assertion = !config.networking.networkmanager.enable;
message = "You can not use services.networking.connman with services.networking.networkmanager";
message = "You can not use services.connman with networking.networkmanager";
}];
environment.systemPackages = [ connman ];

6
nixos/modules/services/networking/eternal-terminal.nix
View File

@ -23,6 +23,8 @@ in
type = types.int;
description = ''
The port the server should listen on. Will use the server's default (2022) if not specified.
Make sure to open this port in the firewall if necessary.
'';
};
@ -86,4 +88,8 @@ in
};
};
};
meta = {
maintainers = with lib.maintainers; [ pingiun ];
};
}

64
nixos/modules/services/networking/syncthing.nix
View File

@ -18,6 +18,7 @@ let
fsWatcherEnabled = folder.watch;
fsWatcherDelayS = folder.watchDelay;
ignorePerms = folder.ignorePerms;
versioning = folder.versioning;
}) (filterAttrs (
_: folder:
folder.enable
@ -220,6 +221,69 @@ in {
'';
};
versioning = mkOption {
default = null;
description = ''
How to keep changed/deleted files with syncthing.
There are 4 different types of versioning with different parameters.
See https://docs.syncthing.net/users/versioning.html
'';
example = [
{
versioning = {
type = "simple";
params.keep = "10";
};
}
{
versioning = {
type = "trashcan";
params.cleanoutDays = "1000";
};
}
{
versioning = {
type = "staggered";
params = {
cleanInterval = "3600";
maxAge = "31536000";
versionsPath = "/syncthing/backup";
};
};
}
{
versioning = {
type = "external";
params.versionsPath = pkgs.writers.writeBash "backup" ''
folderpath="$1"
filepath="$2"
rm -rf "$folderpath/$filepath"
'';
};
}
];
type = with types; nullOr (submodule {
options = {
type = mkOption {
type = enum [ "external" "simple" "staggered" "trashcan" ];
description = ''
Type of versioning.
See https://docs.syncthing.net/users/versioning.html
'';
};
params = mkOption {
type = attrsOf (either str path);
description = ''
Parameters for versioning. Structure depends on versioning.type.
See https://docs.syncthing.net/users/versioning.html
'';
};
};
});
};
rescanInterval = mkOption {
type = types.int;
default = 3600;

2
nixos/modules/services/networking/znc/default.nix
View File

@ -239,7 +239,7 @@ in
services.znc = {
configFile = mkDefault (pkgs.writeText "znc-generated.conf" semanticString);
config = {
Version = (builtins.parseDrvName pkgs.znc.name).version;
Version = lib.getVersion pkgs.znc;
Listener.l.Port = mkDefault 5000;
Listener.l.SSL = mkDefault true;
};

1
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -390,6 +390,7 @@ in {
in {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ];
path = [ occ ];
script = ''
chmod og+x ${cfg.home}
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/

3
nixos/modules/services/web-servers/nginx/location-options.nix
View File

@ -1,4 +1,4 @@
# This file defines the options that can be used both for the Apache
# This file defines the options that can be used both for the Nginx
# main server configuration, and for the virtual hosts. (The latter
# has additional options that affect the web server as a whole, like
# the user/group to run under.)
@ -92,4 +92,3 @@ with lib;
};
};
}

2
nixos/modules/services/web-servers/nginx/vhost-options.nix
View File

@ -1,4 +1,4 @@
# This file defines the options that can be used both for the Apache
# This file defines the options that can be used both for the Nginx
# main server configuration, and for the virtual hosts. (The latter
# has additional options that affect the web server as a whole, like
# the user/group to run under.)

1
nixos/modules/services/web-servers/phpfpm/default.nix
View File

@ -262,6 +262,7 @@ in {
in {
Slice = "phpfpm.slice";
PrivateDevices = true;
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
# XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work

2
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -18,7 +18,7 @@ in
# determines the default: later modules (if enabled) are preferred.
# E.g., if Plasma 5 is enabled, it supersedes xterm.
imports = [
./none.nix ./xterm.nix ./xfce.nix ./xfce4-14.nix ./plasma5.nix ./lumina.nix
./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix
./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix ./maxx.nix
./mate.nix ./pantheon.nix ./surf-display.nix
];

2
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -309,7 +309,7 @@ in
gnome-shell
gnome-shell-extensions
gnome-themes-extra
gnome-user-docs
pkgs.gnome-user-docs
pkgs.orca
pkgs.glib # for gsettings
pkgs.gnome-menus

15
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -27,20 +27,13 @@ in
example = "vlc";
description = "Phonon audio backend to install.";
};
enableQt4Support = mkOption {
type = types.bool;
default = true;
description = ''
Enable support for Qt 4-based applications. Particularly, install a
default backend for Phonon.
'';
};
};
};
imports = [
(mkRemovedOptionModule [ "services" "xserver" "desktopManager" "plasma5" "enableQt4Support" ] "Phonon no longer supports Qt 4.")
];
config = mkMerge [
(mkIf cfg.enable {
@ -173,9 +166,7 @@ in
# Phonon audio backend
++ lib.optional (cfg.phononBackend == "gstreamer") libsForQt5.phonon-backend-gstreamer
++ lib.optional (cfg.phononBackend == "gstreamer" && cfg.enableQt4Support) pkgs.phonon-backend-gstreamer
++ lib.optional (cfg.phononBackend == "vlc") libsForQt5.phonon-backend-vlc
++ lib.optional (cfg.phononBackend == "vlc" && cfg.enableQt4Support) pkgs.phonon-backend-vlc
# Optional hardware support features
++ lib.optionals config.hardware.bluetooth.enable [ bluedevil bluez-qt ]

111
nixos/modules/services/x11/desktop-managers/xfce.nix
View File

@ -7,6 +7,32 @@ let
in
{
imports = [
# added 2019-08-18
# needed to preserve some semblance of UI familarity
# with original XFCE module
(mkRenamedOptionModule
[ "services" "xserver" "desktopManager" "xfce4-14" "extraSessionCommands" ]
[ "services" "xserver" "displayManager" "sessionCommands" ])
# added 2019-11-04
# xfce4-14 module removed and promoted to xfce.
# Needed for configs that used xfce4-14 module to migrate to this one.
(mkRenamedOptionModule
[ "services" "xserver" "desktopManager" "xfce4-14" "enable" ]
[ "services" "xserver" "desktopManager" "xfce" "enable" ])
(mkRenamedOptionModule
[ "services" "xserver" "desktopManager" "xfce4-14" "noDesktop" ]
[ "services" "xserver" "desktopManager" "xfce" "noDesktop" ])
(mkRenamedOptionModule
[ "services" "xserver" "desktopManager" "xfce4-14" "enableXfwm" ]
[ "services" "xserver" "desktopManager" "xfce" "enableXfwm" ])
(mkRenamedOptionModule
[ "services" "xserver" "desktopManager" "xfce" "extraSessionCommands" ]
[ "services" "xserver" "displayManager" "sessionCommands" ])
];
options = {
services.xserver.desktopManager.xfce = {
enable = mkOption {
@ -30,14 +56,6 @@ in
description = "Don't install XFCE desktop components (xfdesktop, panel and notification daemon).";
};
extraSessionCommands = mkOption {
default = "";
type = types.lines;
description = ''
Shell commands executed just before XFCE is started.
'';
};
enableXfwm = mkOption {
type = types.bool;
default = true;
@ -48,76 +66,101 @@ in
config = mkIf cfg.enable {
environment.systemPackages = with pkgs.xfce // pkgs; [
# Get GTK themes and gtk-update-icon-cache
gtk2.out
glib # for gsettings
gtk3.out # gtk-update-icon-cache
# Supplies some abstract icons such as:
# utilities-terminal, accessories-text-editor
gnome3.gnome-themes-extra
gnome3.adwaita-icon-theme
hicolor-icon-theme
tango-icon-theme
xfce4-icon-theme
desktop-file-utils
shared-mime-info # for update-mime-database
# For a polkit authentication agent
polkit_gnome
# Needed by Xfce's xinitrc script
# TODO: replace with command -v
which
xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/
exo
garcon
gtk-xfce-engine
libxfce4ui
tumbler
xfconf
mousepad
parole
ristretto
xfce4-appfinder
xfce4-screenshooter
xfce4-session
xfce4-settings
xfce4-taskmanager
xfce4-terminal
(thunar.override { thunarPlugins = cfg.thunarPlugins; })
thunar-volman # TODO: drop
] ++ (if config.hardware.pulseaudio.enable
then [ xfce4-mixer-pulse xfce4-volumed-pulse ]
else [ xfce4-mixer xfce4-volumed ])
# TODO: NetworkManager doesn't belong here
++ optionals config.networking.networkmanager.enable [ networkmanagerapplet ]
++ optionals config.powerManagement.enable [ xfce4-power-manager ]
++ optionals cfg.enableXfwm [ xfwm4 ]
++ optionals (!cfg.noDesktop) [
xfce4-panel
] # TODO: NetworkManager doesn't belong here
++ optional config.networking.networkmanager.enable networkmanagerapplet
++ optional config.powerManagement.enable xfce4-power-manager
++ optionals config.hardware.pulseaudio.enable [
pavucontrol
# volume up/down keys support:
# xfce4-pulseaudio-plugin includes all the functionalities of xfce4-volumed-pulse
# but can only be used with xfce4-panel, so for no-desktop usage we still include
# xfce4-volumed-pulse
(if cfg.noDesktop then xfce4-volumed-pulse else xfce4-pulseaudio-plugin)
] ++ optionals cfg.enableXfwm [
xfwm4
xfwm4-themes
] ++ optionals (!cfg.noDesktop) [
xfce4-notifyd
xfce4-panel
xfdesktop
];
environment.pathsToLink = [
"/share/xfce4"
"/share/themes"
"/share/gtksourceview-2.0"
"/lib/xfce4"
"/share/gtksourceview-3.0"
"/share/gtksourceview-4.0"
];
services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ];
services.xserver.desktopManager.session = [{
name = "xfce";
bgSupport = true;
start = ''
${cfg.extraSessionCommands}
${pkgs.runtimeShell} ${pkgs.xfce.xinitrc} &
${pkgs.runtimeShell} ${pkgs.xfce.xfce4-session.xinitrc} &
waitPID=$!
'';
}];
services.xserver.updateDbusEnvironment = true;
services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ];
# Enable helpful DBus services.
services.udisks2.enable = true;
security.polkit.enable = true;
services.accounts-daemon.enable = true;
services.upower.enable = config.powerManagement.enable;
services.gnome3.glib-networking.enable = true;
services.gvfs.enable = true;
services.gvfs.package = pkgs.xfce.gvfs;
services.tumbler.enable = true;
services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
services.xserver.libinput.enable = mkDefault true; # used in xfce4-settings-manager
# Enable default programs
programs.dconf.enable = true;
# Shell integration for VTE terminals
programs.bash.vteIntegration = mkDefault true;
programs.zsh.vteIntegration = mkDefault true;
# Systemd services
systemd.packages = with pkgs.xfce; [
(thunar.override { thunarPlugins = cfg.thunarPlugins; })
] ++ optional (!cfg.noDesktop) xfce4-notifyd;
};
}

152
nixos/modules/services/x11/desktop-managers/xfce4-14.nix
View File

@ -1,152 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.desktopManager.xfce4-14;
in
{
# added 2019-08-18
# needed to preserve some semblance of UI familarity
# with original XFCE module
imports = [
(mkRenamedOptionModule
[ "services" "xserver" "desktopManager" "xfce4-14" "extraSessionCommands" ]
[ "services" "xserver" "displayManager" "sessionCommands" ])
];
options = {
services.xserver.desktopManager.xfce4-14 = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable the Xfce desktop environment.";
};
# TODO: support thunar plugins
# thunarPlugins = mkOption {
# default = [];
# type = types.listOf types.package;
# example = literalExample "[ pkgs.xfce4-14.thunar-archive-plugin ]";
# description = ''
# A list of plugin that should be installed with Thunar.
# '';
# };
noDesktop = mkOption {
type = types.bool;
default = false;
description = "Don't install XFCE desktop components (xfdesktop, panel and notification daemon).";
};
enableXfwm = mkOption {
type = types.bool;
default = true;
description = "Enable the XFWM (default) window manager.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs.xfce4-14 // pkgs; [
glib # for gsettings
gtk3.out # gtk-update-icon-cache
gnome3.gnome-themes-extra
gnome3.adwaita-icon-theme
hicolor-icon-theme
tango-icon-theme
xfce4-icon-theme
desktop-file-utils
shared-mime-info # for update-mime-database
# For a polkit authentication agent
polkit_gnome
# Needed by Xfce's xinitrc script
xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/
exo
garcon
libxfce4ui
xfconf
mousepad
parole
ristretto
xfce4-appfinder
xfce4-screenshooter
xfce4-session
xfce4-settings
xfce4-taskmanager
xfce4-terminal
# TODO: resync patch for plugins
#(thunar.override { thunarPlugins = cfg.thunarPlugins; })
thunar
] # TODO: NetworkManager doesn't belong here
++ optional config.networking.networkmanager.enable networkmanagerapplet
++ optional config.powerManagement.enable xfce4-power-manager
++ optionals config.hardware.pulseaudio.enable [
pavucontrol
# volume up/down keys support:
# xfce4-pulseaudio-plugin includes all the functionalities of xfce4-volumed-pulse
# but can only be used with xfce4-panel, so for no-desktop usage we still include
# xfce4-volumed-pulse
(if cfg.noDesktop then xfce4-volumed-pulse else xfce4-pulseaudio-plugin)
] ++ optionals cfg.enableXfwm [
xfwm4
xfwm4-themes
] ++ optionals (!cfg.noDesktop) [
xfce4-notifyd
xfce4-panel
xfdesktop
];
environment.pathsToLink = [
"/share/xfce4"
"/lib/xfce4"
"/share/gtksourceview-3.0"
"/share/gtksourceview-4.0"
];
services.xserver.desktopManager.session = [{
name = "xfce4-14";
bgSupport = true;
start = ''
${pkgs.runtimeShell} ${pkgs.xfce4-14.xinitrc} &
waitPID=$!
'';
}];
services.xserver.updateDbusEnvironment = true;
services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ];
# Enable helpful DBus services.
services.udisks2.enable = true;
security.polkit.enable = true;
services.accounts-daemon.enable = true;
services.upower.enable = config.powerManagement.enable;
services.gnome3.glib-networking.enable = true;
services.gvfs.enable = true;
services.gvfs.package = pkgs.xfce.gvfs;
services.tumbler.enable = true;
services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
services.xserver.libinput.enable = mkDefault true; # used in xfce4-settings-manager
# Enable default programs
programs.dconf.enable = true;
# Shell integration for VTE terminals
programs.bash.vteIntegration = mkDefault true;
programs.zsh.vteIntegration = mkDefault true;
# Systemd services
systemd.packages = with pkgs.xfce4-14; [
thunar
] ++ optional (!cfg.noDesktop) xfce4-notifyd;
};
}

40
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -31,6 +31,44 @@ let
load-module module-position-event-sounds
'';
dmDefault = config.services.xserver.desktopManager.default;
wmDefault = config.services.xserver.windowManager.default;
hasDefaultUserSession = dmDefault != "none" || wmDefault != "none";
defaultSessionName = dmDefault + optionalString (wmDefault != "none") ("+" + wmDefault);
setSessionScript = pkgs.python3.pkgs.buildPythonApplication {
name = "set-session";
format = "other";
src = ./set-session.py;
dontUnpack = true;
strictDeps = false;
nativeBuildInputs = with pkgs; [
wrapGAppsHook
gobject-introspection
];
buildInputs = with pkgs; [
accountsservice
glib
];
propagatedBuildInputs = with pkgs.python3.pkgs; [
pygobject3
ordered-set
];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/set-session
chmod +x $out/bin/set-session
'';
};
in
{
@ -156,6 +194,8 @@ in
cat - > /run/gdm/.config/gnome-initial-setup-done <<- EOF
yes
EOF
'' + optionalString hasDefaultUserSession ''
${setSessionScript}/bin/set-session ${defaultSessionName}
'';
};

86
nixos/modules/services/x11/display-managers/set-session.py Executable file
View File

@ -0,0 +1,86 @@
#!/usr/bin/env python
import gi, argparse, os, logging, sys
gi.require_version("AccountsService", "1.0")
from gi.repository import AccountsService, GLib
from ordered_set import OrderedSet
def get_session_file(session):
system_data_dirs = GLib.get_system_data_dirs()
session_dirs = OrderedSet(
os.path.join(data_dir, session)
for data_dir in system_data_dirs
for session in {"wayland-sessions", "xsessions"}
)
session_files = OrderedSet(
os.path.join(dir, session + ".desktop")
for dir in session_dirs
if os.path.exists(os.path.join(dir, session + ".desktop"))
)
# Deal with duplicate wayland-sessions and xsessions.
# Needed for the situation in gnome-session, where there's
# a xsession named the same as a wayland session.
if any(map(is_session_wayland, session_files)):
session_files = OrderedSet(
session for session in session_files if is_session_wayland(session)
)
else:
session_files = OrderedSet(
session for session in session_files if is_session_xsession(session)
)
if len(session_files) == 0:
logging.warning("No session files are found.")
sys.exit(0)
else:
return session_files[0]
def is_session_xsession(session_file):
return "/xsessions/" in session_file
def is_session_wayland(session_file):
return "/wayland-sessions/" in session_file
def main():
parser = argparse.ArgumentParser(
description="Set session type for all normal users."
)
parser.add_argument("session", help="Name of session to set.")
args = parser.parse_args()
session = getattr(args, "session")
session_file = get_session_file(session)
user_manager = AccountsService.UserManager.get_default()
users = user_manager.list_users()
for user in users:
if user.is_system_account():
continue
else:
if is_session_wayland(session_file):
logging.debug(
f"Setting session name: {session}, as we found the existing wayland-session: {session_file}"
)
user.set_session(session)
elif is_session_xsession(session_file):
logging.debug(
f"Setting session name: {session}, as we found the existing xsession: {session_file}"
)
user.set_x_session(session)
else:
logging.error(f"Couldn't figure out session type for {session_file}")
sys.exit(1)
if __name__ == "__main__":
main()

6
nixos/modules/services/x11/hardware/libinput.nix
View File

@ -209,12 +209,12 @@ in {
services.xserver.config =
''
# Automatically enable the libinput driver for all touchpads.
# General libinput configuration.
# See CONFIGURATION DETAILS section of man:libinput(4).
Section "InputClass"
Identifier "libinputConfiguration"
MatchIsTouchpad "on"
MatchDriver "libinput"
${optionalString (cfg.dev != null) ''MatchDevicePath "${cfg.dev}"''}
Driver "libinput"
Option "AccelProfile" "${cfg.accelProfile}"
${optionalString (cfg.accelSpeed != null) ''Option "AccelSpeed" "${cfg.accelSpeed}"''}
${optionalString (cfg.buttonMapping != null) ''Option "ButtonMapping" "${cfg.buttonMapping}"''}

4
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -47,8 +47,8 @@ let
grub = f grub;
grubTarget = f (grub.grubTarget or "");
shell = "${pkgs.runtimeShell}";
fullName = (builtins.parseDrvName realGrub.name).name;
fullVersion = (builtins.parseDrvName realGrub.name).version;
fullName = lib.getName realGrub;
fullVersion = lib.getVersion realGrub;
grubEfi = f grubEfi;
grubTargetEfi = if cfg.efiSupport && (cfg.version == 2) then f (grubEfi.grubTarget or "") else "";
bootPath = args.path;

6
nixos/modules/system/boot/networkd.nix
View File

@ -10,7 +10,7 @@ let
checkLink = checkUnitConfig "Link" [
(assertOnlyFields [
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "OriginalName"
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "Name" "OriginalName"
"MTUBytes" "BitsPerSecond" "Duplex" "AutoNegotiation" "WakeOnLan" "Port"
"TCPSegmentationOffload" "TCP6SegmentationOffload" "GenericSegmentationOffload"
"GenericReceiveOffload" "LargeReceiveOffload" "RxChannels" "TxChannels"
@ -201,7 +201,7 @@ let
(assertValueOneOf "IPv6AcceptRA" boolValues)
(assertValueOneOf "IPv4ProxyARP" boolValues)
(assertValueOneOf "IPv6ProxyNDP" boolValues)
(assertValueOneOf "IPv6PrefixDelegation" boolValues)
(assertValueOneOf "IPv6PrefixDelegation" (boolValues ++ [ "dhcpv6" "static" ]))
(assertValueOneOf "ActiveSlave" boolValues)
(assertValueOneOf "PrimarySlave" boolValues)
(assertValueOneOf "ConfigureWithoutCarrier" boolValues)
@ -924,6 +924,8 @@ in
config = mkIf config.systemd.network.enable {
users.users.systemd-network.group = "systemd-network";
systemd.additionalUpstreamSystemUnits = [
"systemd-networkd.service" "systemd-networkd-wait-online.service"
];

2
nixos/modules/system/boot/resolved.nix
View File

@ -136,6 +136,8 @@ in
}
];
users.users.resolved.group = "systemd-resolve";
systemd.additionalUpstreamSystemUnits = [
"systemd-resolved.service"
];

18
nixos/modules/system/boot/timesyncd.nix
View File

@ -20,6 +20,18 @@ with lib;
The set of NTP servers from which to synchronise.
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
example = ''
PollIntervalMaxSec=180
'';
description = ''
Extra config options for systemd-timesyncd. See
<link xlink:href="https://www.freedesktop.org/software/systemd/man/timesyncd.conf.html">
timesyncd.conf(5)</link> for available options.
'';
};
};
};
@ -35,9 +47,13 @@ with lib;
environment.etc."systemd/timesyncd.conf".text = ''
[Time]
NTP=${concatStringsSep " " config.services.timesyncd.servers}
${config.services.timesyncd.extraConfig}
'';
users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.users.systemd-timesync = {
uid = config.ids.uids.systemd-timesync;
group = "systemd-timesync";
};
users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") ''

2
nixos/modules/virtualisation/containers.nix
View File

@ -149,7 +149,7 @@ let
--setenv PATH="$PATH" \
${optionalString cfg.ephemeral "--ephemeral"} \
${if cfg.additionalCapabilities != null && cfg.additionalCapabilities != [] then
''--capability="${concatStringsSep " " cfg.additionalCapabilities}"'' else ""
''--capability="${concatStringsSep "," cfg.additionalCapabilities}"'' else ""
} \
${if cfg.tmpfs != null && cfg.tmpfs != [] then
''--tmpfs=${concatStringsSep " --tmpfs=" cfg.tmpfs}'' else ""

197
nixos/modules/virtualisation/digital-ocean-config.nix Normal file
View File

@ -0,0 +1,197 @@
{ config, pkgs, lib, modulesPath, ... }:
with lib;
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/virtualisation/digital-ocean-init.nix")
];
options.virtualisation.digitalOcean = with types; {
setRootPassword = mkOption {
type = bool;
default = false;
example = true;
description = "Whether to set the root password from the Digital Ocean metadata";
};
setSshKeys = mkOption {
type = bool;
default = true;
example = true;
description = "Whether to fetch ssh keys from Digital Ocean";
};
seedEntropy = mkOption {
type = bool;
default = true;
example = true;
description = "Whether to run the kernel RNG entropy seeding script from the Digital Ocean vendor data";
};
};
config =
let
cfg = config.virtualisation.digitalOcean;
hostName = config.networking.hostName;
doMetadataFile = "/run/do-metadata/v1.json";
in mkMerge [{
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
boot = {
growPartition = true;
kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
initrd.kernelModules = [ "virtio_scsi" ];
kernelModules = [ "virtio_pci" "virtio_net" ];
loader = {
grub.device = "/dev/vda";
timeout = 0;
grub.configurationLimit = 0;
};
};
services.openssh = {
enable = mkDefault true;
passwordAuthentication = mkDefault false;
};
services.do-agent.enable = mkDefault true;
networking = {
hostName = mkDefault ""; # use Digital Ocean metadata server
};
/* Check for and wait for the metadata server to become reachable.
* This serves as a dependency for all the other metadata services. */
systemd.services.digitalocean-metadata = {
path = [ pkgs.curl ];
description = "Get host metadata provided by Digitalocean";
script = ''
set -eu
DO_DELAY_ATTEMPTS=0
while ! curl -fsSL -o $RUNTIME_DIRECTORY/v1.json http://169.254.169.254/metadata/v1.json; do
DO_DELAY_ATTEMPTS=$((DO_DELAY_ATTEMPTS + 1))
if (( $DO_DELAY_ATTEMPTS >= $DO_DELAY_ATTEMPTS_MAX )); then
echo "giving up"
exit 1
fi
echo "metadata unavailable, trying again in 1s..."
sleep 1
done
chmod 600 $RUNTIME_DIRECTORY/v1.json
'';
environment = {
DO_DELAY_ATTEMPTS_MAX = "10";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
RuntimeDirectory = "do-metadata";
RuntimeDirectoryPreserve = "yes";
};
unitConfig = {
ConditionPathExists = "!${doMetadataFile}";
After = [ "network-pre.target" ] ++
optional config.networking.dhcpcd.enable "dhcpcd.service" ++
optional config.systemd.network.enable "systemd-networkd.service";
};
};
/* Fetch the root password from the digital ocean metadata.
* There is no specific route for this, so we use jq to get
* it from the One Big JSON metadata blob */
systemd.services.digitalocean-set-root-password = mkIf cfg.setRootPassword {
path = [ pkgs.shadow pkgs.jq ];
description = "Set root password provided by Digitalocean";
wantedBy = [ "multi-user.target" ];
script = ''
set -eo pipefail
ROOT_PASSWORD=$(jq -er '.auth_key' ${doMetadataFile})
echo "root:$ROOT_PASSWORD" | chpasswd
mkdir -p /etc/do-metadata/set-root-password
'';
unitConfig = {
ConditionPathExists = "!/etc/do-metadata/set-root-password";
Before = optional config.services.openssh.enable "sshd.service";
After = [ "digitalocean-metadata.service" ];
Requires = [ "digitalocean-metadata.service" ];
};
serviceConfig = {
Type = "oneshot";
};
};
/* Set the hostname from Digital Ocean, unless the user configured it in
* the NixOS configuration. The cached metadata file isn't used here
* because the hostname is a mutable part of the droplet. */
systemd.services.digitalocean-set-hostname = mkIf (hostName == "") {
path = [ pkgs.curl pkgs.nettools ];
description = "Set hostname provided by Digitalocean";
wantedBy = [ "network.target" ];
script = ''
set -e
DIGITALOCEAN_HOSTNAME=$(curl -fsSL http://169.254.169.254/metadata/v1/hostname)
hostname "$DIGITALOCEAN_HOSTNAME"
if [[ ! -e /etc/hostname || -w /etc/hostname ]]; then
printf "%s\n" "$DIGITALOCEAN_HOSTNAME" > /etc/hostname
fi
'';
unitConfig = {
Before = [ "network.target" ];
After = [ "digitalocean-metadata.service" ];
Wants = [ "digitalocean-metadata.service" ];
};
serviceConfig = {
Type = "oneshot";
};
};
/* Fetch the ssh keys for root from Digital Ocean */
systemd.services.digitalocean-ssh-keys = mkIf cfg.setSshKeys {
description = "Set root ssh keys provided by Digital Ocean";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.jq ];
script = ''
set -e
mkdir -m 0700 -p /root/.ssh
jq -er '.public_keys[]' ${doMetadataFile} > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
unitConfig = {
ConditionPathExists = "!/root/.ssh/authorized_keys";
Before = optional config.services.openssh.enable "sshd.service";
After = [ "digitalocean-metadata.service" ];
Requires = [ "digitalocean-metadata.service" ];
};
};
/* Initialize the RNG by running the entropy-seed script from the
* Digital Ocean metadata
*/
systemd.services.digitalocean-entropy-seed = mkIf cfg.seedEntropy {
description = "Run the kernel RNG entropy seeding script from the Digital Ocean vendor data";
wantedBy = [ "network.target" ];
path = [ pkgs.jq pkgs.mpack ];
script = ''
set -eo pipefail
TEMPDIR=$(mktemp -d)
jq -er '.vendor_data' ${doMetadataFile} | munpack -tC $TEMPDIR
ENTROPY_SEED=$(grep -rl "DigitalOcean Entropy Seed script" $TEMPDIR)
${pkgs.runtimeShell} $ENTROPY_SEED
rm -rf $TEMPDIR
'';
unitConfig = {
Before = [ "network.target" ];
After = [ "digitalocean-metadata.service" ];
Requires = [ "digitalocean-metadata.service" ];
};
serviceConfig = {
Type = "oneshot";
};
};
}
];
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

69
nixos/modules/virtualisation/digital-ocean-image.nix Normal file
View File

@ -0,0 +1,69 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.digitalOceanImage;
in
{
imports = [ ./digital-ocean-config.nix ];
options = {
virtualisation.digitalOceanImage.diskSize = mkOption {
type = with types; int;
default = 4096;
description = ''
Size of disk image. Unit is MB.
'';
};
virtualisation.digitalOceanImage.configFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
A path to a configuration file which will be placed at
<literal>/etc/nixos/configuration.nix</literal> and be used when switching
to a new configuration. If set to <literal>null</literal>, a default
configuration is used that imports
<literal>(modulesPath + "/virtualisation/digital-ocean-config.nix")</literal>.
'';
};
virtualisation.digitalOceanImage.compressionMethod = mkOption {
type = types.enum [ "gzip" "bzip2" ];
default = "gzip";
example = "bzip2";
description = ''
Disk image compression method. Choose bzip2 to generate smaller images that
take longer to generate but will consume less metered storage space on your
Digital Ocean account.
'';
};
};
#### implementation
config = {
system.build.digitalOceanImage = import ../../lib/make-disk-image.nix {
name = "digital-ocean-image";
format = "qcow2";
postVM = let
compress = {
"gzip" = "${pkgs.gzip}/bin/gzip";
"bzip2" = "${pkgs.bzip2}/bin/bzip2";
}.${cfg.compressionMethod};
in ''
${compress} $diskImage
'';
configFile = if cfg.configFile == null
then config.virtualisation.digitalOcean.defaultConfigFile
else cfg.configFile;
inherit (cfg) diskSize;
inherit config lib pkgs;
};
};
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

95
nixos/modules/virtualisation/digital-ocean-init.nix Normal file
View File

@ -0,0 +1,95 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.virtualisation.digitalOcean;
defaultConfigFile = pkgs.writeText "digitalocean-configuration.nix" ''
{ modulesPath, lib, ... }:
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
];
}
'';
in {
options.virtualisation.digitalOcean.rebuildFromUserData = mkOption {
type = types.bool;
default = true;
example = true;
description = "Whether to reconfigure the system from Digital Ocean user data";
};
options.virtualisation.digitalOcean.defaultConfigFile = mkOption {
type = types.path;
default = defaultConfigFile;
defaultText = ''
The default configuration imports user-data if applicable and
<literal>(modulesPath + "/virtualisation/digital-ocean-config.nix")</literal>.
'';
description = ''
A path to a configuration file which will be placed at
<literal>/etc/nixos/configuration.nix</literal> and be used when switching to
a new configuration.
'';
};
config = {
systemd.services.digitalocean-init = mkIf cfg.rebuildFromUserData {
description = "Reconfigure the system from Digital Ocean userdata on startup";
wantedBy = [ "network-online.target" ];
unitConfig = {
ConditionPathExists = "!/etc/nixos/do-userdata.nix";
After = [ "digitalocean-metadata.service" "network-online.target" ];
Requires = [ "digitalocean-metadata.service" ];
X-StopOnRemoval = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
restartIfChanged = false;
path = [ pkgs.jq pkgs.gnused pkgs.gnugrep pkgs.systemd config.nix.package config.system.build.nixos-rebuild ];
environment = {
HOME = "/root";
NIX_PATH = concatStringsSep ":" [
"/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
script = ''
set -e
echo "attempting to fetch configuration from Digital Ocean user data..."
userData=$(mktemp)
if jq -er '.user_data' /run/do-metadata/v1.json > $userData; then
# If the user-data looks like it could be a nix expression,
# copy it over. Also, look for a magic three-hash comment and set
# that as the channel.
if nix-instantiate --parse $userData > /dev/null; then
channels="$(grep '^###' "$userData" | sed 's|###\s*||')"
printf "%s" "$channels" | while read channel; do
echo "writing channel: $channel"
done
if [[ -n "$channels" ]]; then
printf "%s" "$channels" > /root/.nix-channels
nix-channel --update
fi
echo "setting configuration from Digital Ocean user data"
cp "$userData" /etc/nixos/do-userdata.nix
if [[ ! -e /etc/nixos/configuration.nix ]]; then
install -m0644 ${cfg.defaultConfigFile} /etc/nixos/configuration.nix
fi
else
echo "user data does not appear to be a Nix expression; ignoring"
exit
fi
nixos-rebuild switch
else
echo "no user data is available"
fi
'';
};
};
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

13
nixos/modules/virtualisation/openvswitch.nix
View File

@ -42,6 +42,9 @@ in {
default = false;
description = ''
Whether to start racoon service for openvswitch.
Supported only if openvswitch version is less than 2.6.0.
Use <literal>virtualisation.vswitch.package = pkgs.openvswitch-lts</literal>
for a version that supports ipsec over GRE.
'';
};
};
@ -89,6 +92,13 @@ in {
"${cfg.package}/share/openvswitch/vswitch.ovsschema"
fi
chmod -R +w /var/db/openvswitch
if ${cfg.package}/bin/ovsdb-tool needs-conversion /var/db/openvswitch/conf.db | grep -q "yes"
then
echo "Performing database upgrade"
${cfg.package}/bin/ovsdb-tool convert /var/db/openvswitch/conf.db
else
echo "Database already up to date"
fi
'';
serviceConfig = {
ExecStart =
@ -133,7 +143,7 @@ in {
};
}
(mkIf cfg.ipsec {
(mkIf (cfg.ipsec && (versionOlder cfg.package.version "2.6.0")) {
services.racoon.enable = true;
services.racoon.configPath = "${runDir}/ipsec/etc/racoon/racoon.conf";
@ -172,5 +182,4 @@ in {
'';
};
})]));
}

2
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -620,7 +620,7 @@ in
# Wireless won't work in the VM.
networking.wireless.enable = mkVMOverride false;
networking.connman.enable = mkVMOverride false;
services.connman.enable = mkVMOverride false;
# Speed up booting by not waiting for ARP.
networking.dhcpcd.extraConfig = "noarp";

1
nixos/release-combined.nix
View File

@ -136,7 +136,6 @@ in rec {
(all nixos.tests.switchTest)
(all nixos.tests.udisks2)
(all nixos.tests.xfce)
(all nixos.tests.xfce4-14)
nixpkgs.tarball
(all allSupportedNixpkgs.emacs)

4
nixos/tests/all-tests.nix
View File

@ -28,7 +28,7 @@ in
babeld = handleTest ./babeld.nix {};
bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64
beanstalkd = handleTest ./beanstalkd.nix {};
beegfs = handleTestOn ["x86_64-linux"] ./beegfs.nix {}; # beegfs is unsupported on aarch64
bees = handleTest ./bees.nix {};
bind = handleTest ./bind.nix {};
bittorrent = handleTest ./bittorrent.nix {};
#blivet = handleTest ./blivet.nix {}; # broken since 2017-07024
@ -206,7 +206,6 @@ in
openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};
orangefs = handleTest ./orangefs.nix {};
os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {};
osquery = handleTest ./osquery.nix {};
osrm-backend = handleTest ./osrm-backend.nix {};
overlayfs = handleTest ./overlayfs.nix {};
packagekit = handleTest ./packagekit.nix {};
@ -285,7 +284,6 @@ in
wordpress = handleTest ./wordpress.nix {};
xautolock = handleTest ./xautolock.nix {};
xfce = handleTest ./xfce.nix {};
xfce4-14 = handleTest ./xfce4-14.nix {};
xmonad = handleTest ./xmonad.nix {};
xrdp = handleTest ./xrdp.nix {};
xss-lock = handleTest ./xss-lock.nix {};

115
nixos/tests/beegfs.nix
View File

@ -1,115 +0,0 @@
import ./make-test.nix ({ ... } :
let
connAuthFile="beegfs/auth-def.key";
client = { pkgs, ... } : {
networking.firewall.enable = false;
services.beegfsEnable = true;
services.beegfs.default = {
mgmtdHost = "mgmt";
connAuthFile = "/etc/${connAuthFile}";
client = {
mount = false;
enable = true;
};
};
fileSystems = pkgs.lib.mkVMOverride # FIXME: this should be creatd by the module
[ { mountPoint = "/beegfs";
device = "default";
fsType = "beegfs";
options = [ "cfgFile=/etc/beegfs/client-default.conf" "_netdev" ];
}
];
environment.etc.${connAuthFile} = {
enable = true;
text = "ThisIsALousySecret";
mode = "0600";
};
};
server = service : { pkgs, ... } : {
networking.firewall.enable = false;
boot.initrd.postDeviceCommands = ''
${pkgs.e2fsprogs}/bin/mkfs.ext4 -L data /dev/vdb
'';
virtualisation.emptyDiskImages = [ 4096 ];
fileSystems = pkgs.lib.mkVMOverride
[ { mountPoint = "/data";
device = "/dev/disk/by-label/data";
fsType = "ext4";
}
];
environment.systemPackages = with pkgs; [ beegfs ];
environment.etc.${connAuthFile} = {
enable = true;
text = "ThisIsALousySecret";
mode = "0600";
};
services.beegfsEnable = true;
services.beegfs.default = {
mgmtdHost = "mgmt";
connAuthFile = "/etc/${connAuthFile}";
${service} = {
enable = true;
storeDir = "/data";
};
};
};
in
{
name = "beegfs";
nodes = {
meta = server "meta";
mgmt = server "mgmtd";
storage1 = server "storage";
storage2 = server "storage";
client1 = client;
client2 = client;
};
testScript = ''
# Initalize the data directories
$mgmt->waitForUnit("default.target");
$mgmt->succeed("beegfs-setup-mgmtd -C -f -p /data");
$mgmt->succeed("systemctl start beegfs-mgmtd-default");
$meta->waitForUnit("default.target");
$meta->succeed("beegfs-setup-meta -C -f -s 1 -p /data");
$meta->succeed("systemctl start beegfs-meta-default");
$storage1->waitForUnit("default.target");
$storage1->succeed("beegfs-setup-storage -C -f -s 1 -i 1 -p /data");
$storage1->succeed("systemctl start beegfs-storage-default");
$storage2->waitForUnit("default.target");
$storage2->succeed("beegfs-setup-storage -C -f -s 2 -i 2 -p /data");
$storage2->succeed("systemctl start beegfs-storage-default");
#
# Basic test
$client1->waitForUnit("beegfs.mount");
$client1->succeed("beegfs-check-servers-default");
$client1->succeed("echo test > /beegfs/test");
$client2->waitForUnit("beegfs.mount");
$client2->succeed("test -e /beegfs/test");
$client2->succeed("cat /beegfs/test | grep test");
# test raid0/stripping
$client1->succeed("dd if=/dev/urandom bs=1M count=10 of=/beegfs/striped");
$client2->succeed("cat /beegfs/striped > /dev/null");
# check if fs is still healthy
$client1->succeed("beegfs-fsck-default --checkfs");
'';
})

37
nixos/tests/bees.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ lib, ... }:
import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "bees";
@ -29,27 +29,34 @@ import ./make-test.nix ({ lib, ... }:
testScript =
let
withRetry = content: maxTests: sleepTime: ''
max_tests=${lib.escapeShellArg maxTests}; sleep_time=${lib.escapeShellArg sleepTime}; for ((i=0; i<max_tests; i++)); do ${content} && exit 0; sleep "$sleep_time"; done; exit 1;
someContentIsShared = loc: pkgs.writeShellScript "some-content-is-shared" ''
[[ $(btrfs fi du -s --raw ${lib.escapeShellArg loc}/dedup-me-{1,2} | awk 'BEGIN { count=0; } NR>1 && $3 == 0 { count++ } END { print count }') -eq 0 ]]
'';
someContentIsShared = loc: ''[[ $(btrfs fi du -s --raw ${lib.escapeShellArg loc}/dedup-me-{1,2} | awk 'BEGIN { count=0; } NR>1 && $3 == 0 { count++ } END { print count }') -eq 0 ]]'';
in ''
# shut down the instance started by systemd at boot, so we can test our test procedure
$machine->succeed("systemctl stop beesd\@aux1.service");
machine.succeed("systemctl stop beesd@aux1.service")
$machine->succeed("dd if=/dev/urandom of=/aux1/dedup-me-1 bs=1M count=8");
$machine->succeed("cp --reflink=never /aux1/dedup-me-1 /aux1/dedup-me-2");
$machine->succeed("cp --reflink=never /aux1/* /aux2/");
$machine->succeed("sync");
$machine->fail(q(${someContentIsShared "/aux1"}));
$machine->fail(q(${someContentIsShared "/aux2"}));
$machine->succeed("systemctl start beesd\@aux1.service");
machine.succeed(
"dd if=/dev/urandom of=/aux1/dedup-me-1 bs=1M count=8",
"cp --reflink=never /aux1/dedup-me-1 /aux1/dedup-me-2",
"cp --reflink=never /aux1/* /aux2/",
"sync",
)
machine.fail(
"${someContentIsShared "/aux1"}",
"${someContentIsShared "/aux2"}",
)
machine.succeed("systemctl start beesd@aux1.service")
# assert that "Set Shared" column is nonzero
$machine->succeed(q(${withRetry (someContentIsShared "/aux1") 20 2}));
$machine->fail(q(${someContentIsShared "/aux2"}));
machine.wait_until_succeeds(
"${someContentIsShared "/aux1"}",
)
machine.fail("${someContentIsShared "/aux2"}")
# assert that 16MB hash table size requested was honored
$machine->succeed(q([[ $(stat -c %s /aux1/.beeshome/beeshash.dat) = $(( 16 * 1024 * 1024)) ]]))
machine.succeed(
"[[ $(stat -c %s /aux1/.beeshome/beeshash.dat) = $(( 16 * 1024 * 1024)) ]]"
)
'';
})

160
nixos/tests/ceph-multi-node.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({pkgs, lib, ...}:
import ./make-test-python.nix ({pkgs, lib, ...}:
let
cfg = {
@ -109,105 +109,105 @@ let
# For other ways to deploy a ceph cluster, look at the documentation at
# https://docs.ceph.com/docs/master/
testscript = { ... }: ''
startAll;
start_all()
$monA->waitForUnit("network.target");
$osd0->waitForUnit("network.target");
$osd1->waitForUnit("network.target");
monA.wait_for_unit("network.target")
osd0.wait_for_unit("network.target")
osd1.wait_for_unit("network.target")
# Bootstrap ceph-mon daemon
$monA->mustSucceed(
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"sudo -u ceph ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"sudo -u ceph ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add ${cfg.monA.name} ${cfg.monA.ip} --fsid ${cfg.clusterId} /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i ${cfg.monA.name} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"sudo -u ceph mkdir -p /var/lib/ceph/mgr/ceph-${cfg.monA.name}/",
"sudo -u ceph touch /var/lib/ceph/mon/ceph-${cfg.monA.name}/done",
"systemctl start ceph-mon-${cfg.monA.name}"
);
$monA->waitForUnit("ceph-mon-${cfg.monA.name}");
$monA->mustSucceed("ceph mon enable-msgr2");
monA.succeed(
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"sudo -u ceph ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"sudo -u ceph ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add ${cfg.monA.name} ${cfg.monA.ip} --fsid ${cfg.clusterId} /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i ${cfg.monA.name} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"sudo -u ceph mkdir -p /var/lib/ceph/mgr/ceph-${cfg.monA.name}/",
"sudo -u ceph touch /var/lib/ceph/mon/ceph-${cfg.monA.name}/done",
"systemctl start ceph-mon-${cfg.monA.name}",
)
monA.wait_for_unit("ceph-mon-${cfg.monA.name}")
monA.succeed("ceph mon enable-msgr2")
# Can't check ceph status until a mon is up
$monA->succeed("ceph -s | grep 'mon: 1 daemons'");
monA.succeed("ceph -s | grep 'mon: 1 daemons'")
# Start the ceph-mgr daemon, it has no deps and hardly any setup
$monA->mustSucceed(
"ceph auth get-or-create mgr.${cfg.monA.name} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-${cfg.monA.name}/keyring",
"systemctl start ceph-mgr-${cfg.monA.name}"
);
$monA->waitForUnit("ceph-mgr-a");
$monA->waitUntilSucceeds("ceph -s | grep 'quorum ${cfg.monA.name}'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
monA.succeed(
"ceph auth get-or-create mgr.${cfg.monA.name} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-${cfg.monA.name}/keyring",
"systemctl start ceph-mgr-${cfg.monA.name}",
)
monA.wait_for_unit("ceph-mgr-a")
monA.wait_until_succeeds("ceph -s | grep 'quorum ${cfg.monA.name}'")
monA.wait_until_succeeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'")
# Send the admin keyring to the OSD machines
$monA->mustSucceed("cp /etc/ceph/ceph.client.admin.keyring /tmp/shared");
$osd0->mustSucceed("cp /tmp/shared/ceph.client.admin.keyring /etc/ceph");
$osd1->mustSucceed("cp /tmp/shared/ceph.client.admin.keyring /etc/ceph");
monA.succeed("cp /etc/ceph/ceph.client.admin.keyring /tmp/shared")
osd0.succeed("cp /tmp/shared/ceph.client.admin.keyring /etc/ceph")
osd1.succeed("cp /tmp/shared/ceph.client.admin.keyring /etc/ceph")
# Bootstrap both OSDs
$osd0->mustSucceed(
"mkfs.xfs /dev/vdb",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd0.name}/keyring --name osd.${cfg.osd0.name} --add-key ${cfg.osd0.key}",
"echo '{\"cephx_secret\": \"${cfg.osd0.key}\"}' | ceph osd new ${cfg.osd0.uuid} -i -",
);
$osd1->mustSucceed(
"mkfs.xfs /dev/vdb",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd1.name}/keyring --name osd.${cfg.osd1.name} --add-key ${cfg.osd1.key}",
"echo '{\"cephx_secret\": \"${cfg.osd1.key}\"}' | ceph osd new ${cfg.osd1.uuid} -i -"
);
osd0.succeed(
"mkfs.xfs /dev/vdb",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd0.name}/keyring --name osd.${cfg.osd0.name} --add-key ${cfg.osd0.key}",
'echo \'{"cephx_secret": "${cfg.osd0.key}"}\' | ceph osd new ${cfg.osd0.uuid} -i -',
)
osd1.succeed(
"mkfs.xfs /dev/vdb",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd1.name}/keyring --name osd.${cfg.osd1.name} --add-key ${cfg.osd1.key}",
'echo \'{"cephx_secret": "${cfg.osd1.key}"}\' | ceph osd new ${cfg.osd1.uuid} -i -',
)
# Initialize the OSDs with regular filestore
$osd0->mustSucceed(
"ceph-osd -i ${cfg.osd0.name} --mkfs --osd-uuid ${cfg.osd0.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd0.name}",
);
$osd1->mustSucceed(
"ceph-osd -i ${cfg.osd1.name} --mkfs --osd-uuid ${cfg.osd1.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd1.name}"
);
$monA->waitUntilSucceeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
osd0.succeed(
"ceph-osd -i ${cfg.osd0.name} --mkfs --osd-uuid ${cfg.osd0.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd0.name}",
)
osd1.succeed(
"ceph-osd -i ${cfg.osd1.name} --mkfs --osd-uuid ${cfg.osd1.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd1.name}",
)
monA.wait_until_succeeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'")
monA.wait_until_succeeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'")
monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'")
$monA->mustSucceed(
"ceph osd pool create multi-node-test 100 100",
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool rename multi-node-test multi-node-other-test",
"ceph osd pool ls | grep 'multi-node-other-test'"
);
$monA->waitUntilSucceeds("ceph -s | grep '1 pools, 100 pgs'");
$monA->mustSucceed("ceph osd pool set multi-node-other-test size 2");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$monA->waitUntilSucceeds("ceph -s | grep '100 active+clean'");
$monA->mustFail(
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool delete multi-node-other-test multi-node-other-test --yes-i-really-really-mean-it"
);
monA.succeed(
"ceph osd pool create multi-node-test 100 100",
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool rename multi-node-test multi-node-other-test",
"ceph osd pool ls | grep 'multi-node-other-test'",
)
monA.wait_until_succeeds("ceph -s | grep '1 pools, 100 pgs'")
monA.succeed("ceph osd pool set multi-node-other-test size 2")
monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'")
monA.wait_until_succeeds("ceph -s | grep '100 active+clean'")
monA.fail(
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool delete multi-node-other-test multi-node-other-test --yes-i-really-really-mean-it",
)
# Shut down ceph on all machines in a very unpolite way
$monA->crash;
$osd0->crash;
$osd1->crash;
monA.crash()
osd0.crash()
osd1.crash()
# Start it up
$osd0->start;
$osd1->start;
$monA->start;
osd0.start()
osd1.start()
monA.start()
# Ensure the cluster comes back up again
$monA->succeed("ceph -s | grep 'mon: 1 daemons'");
$monA->waitUntilSucceeds("ceph -s | grep 'quorum ${cfg.monA.name}'");
$monA->waitUntilSucceeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
monA.succeed("ceph -s | grep 'mon: 1 daemons'")
monA.wait_until_succeeds("ceph -s | grep 'quorum ${cfg.monA.name}'")
monA.wait_until_succeeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'")
monA.wait_until_succeeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'")
monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'")
'';
in {
name = "basic-multi-node-ceph-cluster";

154
nixos/tests/ceph-single-node.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({pkgs, lib, ...}:
import ./make-test-python.nix ({pkgs, lib, ...}:
let
cfg = {
@ -74,100 +74,100 @@ let
# For other ways to deploy a ceph cluster, look at the documentation at
# https://docs.ceph.com/docs/master/
testscript = { ... }: ''
startAll;
start_all()
$monA->waitForUnit("network.target");
monA.wait_for_unit("network.target")
# Bootstrap ceph-mon daemon
$monA->mustSucceed(
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"sudo -u ceph ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"sudo -u ceph ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add ${cfg.monA.name} ${cfg.monA.ip} --fsid ${cfg.clusterId} /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i ${cfg.monA.name} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"sudo -u ceph touch /var/lib/ceph/mon/ceph-${cfg.monA.name}/done",
"systemctl start ceph-mon-${cfg.monA.name}"
);
$monA->waitForUnit("ceph-mon-${cfg.monA.name}");
$monA->mustSucceed("ceph mon enable-msgr2");
monA.succeed(
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"sudo -u ceph ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"sudo -u ceph ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add ${cfg.monA.name} ${cfg.monA.ip} --fsid ${cfg.clusterId} /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i ${cfg.monA.name} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"sudo -u ceph touch /var/lib/ceph/mon/ceph-${cfg.monA.name}/done",
"systemctl start ceph-mon-${cfg.monA.name}",
)
monA.wait_for_unit("ceph-mon-${cfg.monA.name}")
monA.succeed("ceph mon enable-msgr2")
# Can't check ceph status until a mon is up
$monA->succeed("ceph -s | grep 'mon: 1 daemons'");
monA.succeed("ceph -s | grep 'mon: 1 daemons'")
# Start the ceph-mgr daemon, after copying in the keyring
$monA->mustSucceed(
"sudo -u ceph mkdir -p /var/lib/ceph/mgr/ceph-${cfg.monA.name}/",
"ceph auth get-or-create mgr.${cfg.monA.name} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-${cfg.monA.name}/keyring",
"systemctl start ceph-mgr-${cfg.monA.name}"
);
$monA->waitForUnit("ceph-mgr-a");
$monA->waitUntilSucceeds("ceph -s | grep 'quorum ${cfg.monA.name}'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
monA.succeed(
"sudo -u ceph mkdir -p /var/lib/ceph/mgr/ceph-${cfg.monA.name}/",
"ceph auth get-or-create mgr.${cfg.monA.name} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-${cfg.monA.name}/keyring",
"systemctl start ceph-mgr-${cfg.monA.name}",
)
monA.wait_for_unit("ceph-mgr-a")
monA.wait_until_succeeds("ceph -s | grep 'quorum ${cfg.monA.name}'")
monA.wait_until_succeeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'")
# Bootstrap both OSDs
$monA->mustSucceed(
"mkfs.xfs /dev/vdb",
"mkfs.xfs /dev/vdc",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"mount /dev/vdc /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd0.name}/keyring --name osd.${cfg.osd0.name} --add-key ${cfg.osd0.key}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd1.name}/keyring --name osd.${cfg.osd1.name} --add-key ${cfg.osd1.key}",
"echo '{\"cephx_secret\": \"${cfg.osd0.key}\"}' | ceph osd new ${cfg.osd0.uuid} -i -",
"echo '{\"cephx_secret\": \"${cfg.osd1.key}\"}' | ceph osd new ${cfg.osd1.uuid} -i -"
);
monA.succeed(
"mkfs.xfs /dev/vdb",
"mkfs.xfs /dev/vdc",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"mount /dev/vdc /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd0.name}/keyring --name osd.${cfg.osd0.name} --add-key ${cfg.osd0.key}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd1.name}/keyring --name osd.${cfg.osd1.name} --add-key ${cfg.osd1.key}",
'echo \'{"cephx_secret": "${cfg.osd0.key}"}\' | ceph osd new ${cfg.osd0.uuid} -i -',
'echo \'{"cephx_secret": "${cfg.osd1.key}"}\' | ceph osd new ${cfg.osd1.uuid} -i -',
)
# Initialize the OSDs with regular filestore
$monA->mustSucceed(
"ceph-osd -i ${cfg.osd0.name} --mkfs --osd-uuid ${cfg.osd0.uuid}",
"ceph-osd -i ${cfg.osd1.name} --mkfs --osd-uuid ${cfg.osd1.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd0.name}",
"systemctl start ceph-osd-${cfg.osd1.name}"
);
$monA->waitUntilSucceeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
monA.succeed(
"ceph-osd -i ${cfg.osd0.name} --mkfs --osd-uuid ${cfg.osd0.uuid}",
"ceph-osd -i ${cfg.osd1.name} --mkfs --osd-uuid ${cfg.osd1.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd0.name}",
"systemctl start ceph-osd-${cfg.osd1.name}",
)
monA.wait_until_succeeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'")
monA.wait_until_succeeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'")
monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'")
$monA->mustSucceed(
"ceph osd pool create single-node-test 100 100",
"ceph osd pool ls | grep 'single-node-test'",
"ceph osd pool rename single-node-test single-node-other-test",
"ceph osd pool ls | grep 'single-node-other-test'"
);
$monA->waitUntilSucceeds("ceph -s | grep '1 pools, 100 pgs'");
$monA->mustSucceed(
"ceph osd getcrushmap -o crush",
"crushtool -d crush -o decrushed",
"sed 's/step chooseleaf firstn 0 type host/step chooseleaf firstn 0 type osd/' decrushed > modcrush",
"crushtool -c modcrush -o recrushed",
"ceph osd setcrushmap -i recrushed",
"ceph osd pool set single-node-other-test size 2"
);
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$monA->waitUntilSucceeds("ceph -s | grep '100 active+clean'");
$monA->mustFail(
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool delete single-node-other-test single-node-other-test --yes-i-really-really-mean-it"
);
monA.succeed(
"ceph osd pool create single-node-test 100 100",
"ceph osd pool ls | grep 'single-node-test'",
"ceph osd pool rename single-node-test single-node-other-test",
"ceph osd pool ls | grep 'single-node-other-test'",
)
monA.wait_until_succeeds("ceph -s | grep '1 pools, 100 pgs'")
monA.succeed(
"ceph osd getcrushmap -o crush",
"crushtool -d crush -o decrushed",
"sed 's/step chooseleaf firstn 0 type host/step chooseleaf firstn 0 type osd/' decrushed > modcrush",
"crushtool -c modcrush -o recrushed",
"ceph osd setcrushmap -i recrushed",
"ceph osd pool set single-node-other-test size 2",
)
monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'")
monA.wait_until_succeeds("ceph -s | grep '100 active+clean'")
monA.fail(
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool delete single-node-other-test single-node-other-test --yes-i-really-really-mean-it",
)
# Shut down ceph by stopping ceph.target.
$monA->mustSucceed("systemctl stop ceph.target");
monA.succeed("systemctl stop ceph.target")
# Start it up
$monA->succeed("systemctl start ceph.target");
$monA->waitForUnit("ceph-mon-${cfg.monA.name}");
$monA->waitForUnit("ceph-mgr-${cfg.monA.name}");
$monA->waitForUnit("ceph-osd-${cfg.osd0.name}");
$monA->waitForUnit("ceph-osd-${cfg.osd1.name}");
monA.succeed("systemctl start ceph.target")
monA.wait_for_unit("ceph-mon-${cfg.monA.name}")
monA.wait_for_unit("ceph-mgr-${cfg.monA.name}")
monA.wait_for_unit("ceph-osd-${cfg.osd0.name}")
monA.wait_for_unit("ceph-osd-${cfg.osd1.name}")
# Ensure the cluster comes back up again
$monA->succeed("ceph -s | grep 'mon: 1 daemons'");
$monA->waitUntilSucceeds("ceph -s | grep 'quorum ${cfg.monA.name}'");
$monA->waitUntilSucceeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
monA.succeed("ceph -s | grep 'mon: 1 daemons'")
monA.wait_until_succeeds("ceph -s | grep 'quorum ${cfg.monA.name}'")
monA.wait_until_succeeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'")
monA.wait_until_succeeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'")
monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'")
'';
in {
name = "basic-single-node-ceph-cluster";

20
nixos/tests/clickhouse.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "clickhouse";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
@ -14,12 +14,18 @@ import ./make-test.nix ({ pkgs, ... }: {
selectQuery = pkgs.writeText "select.sql" "SELECT * from `demo`";
in
''
$machine->start();
$machine->waitForUnit("clickhouse.service");
$machine->waitForOpenPort(9000);
machine.start()
machine.wait_for_unit("clickhouse.service")
machine.wait_for_open_port(9000)
$machine->succeed("cat ${tableDDL} | clickhouse-client");
$machine->succeed("cat ${insertQuery} | clickhouse-client");
$machine->succeed("cat ${selectQuery} | clickhouse-client | grep foo");
machine.succeed(
"cat ${tableDDL} | clickhouse-client"
)
machine.succeed(
"cat ${insertQuery} | clickhouse-client"
)
machine.succeed(
"cat ${selectQuery} | clickhouse-client | grep foo"
)
'';
})

26
nixos/tests/codimd.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "codimd";
@ -35,20 +35,18 @@ import ./make-test.nix ({ pkgs, lib, ... }:
};
testScript = ''
startAll();
start_all()
subtest "CodiMD sqlite", sub {
$codimdSqlite->waitForUnit("codimd.service");
$codimdSqlite->waitForOpenPort(3000);
$codimdSqlite->waitUntilSucceeds("curl -sSf http://localhost:3000/new");
};
with subtest("CodiMD sqlite"):
codimdSqlite.wait_for_unit("codimd.service")
codimdSqlite.wait_for_open_port(3000)
codimdSqlite.wait_until_succeeds("curl -sSf http://localhost:3000/new")
subtest "CodiMD postgres", sub {
$codimdPostgres->waitForUnit("postgresql.service");
$codimdPostgres->waitForUnit("codimd.service");
$codimdPostgres->waitForOpenPort(5432);
$codimdPostgres->waitForOpenPort(3000);
$codimdPostgres->waitUntilSucceeds("curl -sSf http://localhost:3000/new");
};
with subtest("CodiMD postgres"):
codimdPostgres.wait_for_unit("postgresql.service")
codimdPostgres.wait_for_unit("codimd.service")
codimdPostgres.wait_for_open_port(5432)
codimdPostgres.wait_for_open_port(3000)
codimdPostgres.wait_until_succeeds("curl -sSf http://localhost:3000/new")
'';
})

26
nixos/tests/deluge.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "deluge";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ flokli ];
@ -45,18 +45,20 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all()
$simple->waitForUnit("deluged");
$simple->waitForUnit("delugeweb");
$simple->waitForOpenPort("8112");
$declarative->waitForUnit("network.target");
$declarative->waitUntilSucceeds("curl --fail http://simple:8112");
simple.wait_for_unit("deluged")
simple.wait_for_unit("delugeweb")
simple.wait_for_open_port("8112")
declarative.wait_for_unit("network.target")
declarative.wait_until_succeeds("curl --fail http://simple:8112")
$declarative->waitForUnit("deluged");
$declarative->waitForUnit("delugeweb");
$declarative->waitUntilSucceeds("curl --fail http://declarative:3142");
$declarative->succeed("deluge-console 'help' | grep -q 'rm - Remove a torrent'");
$declarative->succeed("deluge-console 'connect 127.0.0.1:58846 andrew password; help' | grep -q 'rm - Remove a torrent'");
declarative.wait_for_unit("deluged")
declarative.wait_for_unit("delugeweb")
declarative.wait_until_succeeds("curl --fail http://declarative:3142")
declarative.succeed("deluge-console 'help' | grep -q 'rm - Remove a torrent'")
declarative.succeed(
"deluge-console 'connect 127.0.0.1:58846 andrew password; help' | grep -q 'rm - Remove a torrent'"
)
'';
})

50
nixos/tests/docker-registry.nix
View File

@ -1,6 +1,6 @@
# This test runs docker-registry and check if it works
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "docker-registry";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ globin ma27 ironpinguin ];
@ -28,36 +28,34 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
$client1->start();
$client1->waitForUnit("docker.service");
$client1->succeed("tar cv --files-from /dev/null | docker import - scratch");
$client1->succeed("docker tag scratch registry:8080/scratch");
client1.start()
client1.wait_for_unit("docker.service")
client1.succeed("tar cv --files-from /dev/null | docker import - scratch")
client1.succeed("docker tag scratch registry:8080/scratch")
$registry->start();
$registry->waitForUnit("docker-registry.service");
$registry->waitForOpenPort("8080");
$client1->succeed("docker push registry:8080/scratch");
registry.start()
registry.wait_for_unit("docker-registry.service")
registry.wait_for_open_port("8080")
client1.succeed("docker push registry:8080/scratch")
$client2->start();
$client2->waitForUnit("docker.service");
$client2->succeed("docker pull registry:8080/scratch");
$client2->succeed("docker images | grep scratch");
client2.start()
client2.wait_for_unit("docker.service")
client2.succeed("docker pull registry:8080/scratch")
client2.succeed("docker images | grep scratch")
$client2->succeed(
'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')'
);
client2.succeed(
"curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H\"Accept: application/vnd.docker.distribution.manifest.v2+json\" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e 's/Docker-Content-Digest: //' | tr -d '\\r')"
)
$registry->systemctl("start docker-registry-garbage-collect.service");
$registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service");
$registry->waitForUnit("docker-registry.service");
registry.systemctl("start docker-registry-garbage-collect.service")
registry.wait_until_fails("systemctl status docker-registry-garbage-collect.service")
registry.wait_for_unit("docker-registry.service")
$registry->fail(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
registry.fail("ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data")
$client1->succeed("docker push registry:8080/scratch");
$registry->succeed(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
client1.succeed("docker push registry:8080/scratch")
registry.succeed(
"ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data"
)
'';
})

16
nixos/tests/dovecot.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix {
import ./make-test-python.nix {
name = "dovecot";
machine = { pkgs, ... }: {
@ -66,12 +66,12 @@ import ./make-test.nix {
};
testScript = ''
$machine->waitForUnit('postfix.service');
$machine->waitForUnit('dovecot2.service');
$machine->succeed('send-testmail');
$machine->succeed('send-lda');
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
$machine->succeed('test-imap');
$machine->succeed('test-pop');
machine.wait_for_unit("postfix.service")
machine.wait_for_unit("dovecot2.service")
machine.succeed("send-testmail")
machine.succeed("send-lda")
machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
machine.succeed("test-imap")
machine.succeed("test-pop")
'';
}

43
nixos/tests/etcd-cluster.nix
View File

@ -1,6 +1,6 @@
# This test runs simple etcd cluster
import ./make-test.nix ({ pkgs, ... } : let
import ./make-test-python.nix ({ pkgs, ... } : let
runWithOpenSSL = file: cmd: pkgs.runCommand file {
buildInputs = [ pkgs.openssl ];
@ -129,29 +129,26 @@ in {
};
testScript = ''
subtest "should start etcd cluster", sub {
$node1->start();
$node2->start();
$node1->waitForUnit("etcd.service");
$node2->waitForUnit("etcd.service");
$node2->waitUntilSucceeds("etcdctl cluster-health");
$node1->succeed("etcdctl set /foo/bar 'Hello world'");
$node2->succeed("etcdctl get /foo/bar | grep 'Hello world'");
};
with subtest("should start etcd cluster"):
node1.start()
node2.start()
node1.wait_for_unit("etcd.service")
node2.wait_for_unit("etcd.service")
node2.wait_until_succeeds("etcdctl cluster-health")
node1.succeed("etcdctl set /foo/bar 'Hello world'")
node2.succeed("etcdctl get /foo/bar | grep 'Hello world'")
subtest "should add another member", sub {
$node1->waitUntilSucceeds("etcdctl member add node3 https://node3:2380");
$node3->start();
$node3->waitForUnit("etcd.service");
$node3->waitUntilSucceeds("etcdctl member list | grep 'node3'");
$node3->succeed("etcdctl cluster-health");
};
with subtest("should add another member"):
node1.wait_until_succeeds("etcdctl member add node3 https://node3:2380")
node3.start()
node3.wait_for_unit("etcd.service")
node3.wait_until_succeeds("etcdctl member list | grep 'node3'")
node3.succeed("etcdctl cluster-health")
subtest "should survive member crash", sub {
$node3->crash;
$node1->succeed("etcdctl cluster-health");
$node1->succeed("etcdctl set /foo/bar 'Hello degraded world'");
$node1->succeed("etcdctl get /foo/bar | grep 'Hello degraded world'");
};
with subtest("should survive member crash"):
node3.crash()
node1.succeed("etcdctl cluster-health")
node1.succeed("etcdctl set /foo/bar 'Hello degraded world'")
node1.succeed("etcdctl get /foo/bar | grep 'Hello degraded world'")
'';
})

16
nixos/tests/etcd.nix
View File

@ -1,6 +1,6 @@
# This test runs simple etcd node
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "etcd";
meta = with pkgs.stdenv.lib.maintainers; {
@ -14,14 +14,12 @@ import ./make-test.nix ({ pkgs, ... } : {
};
testScript = ''
subtest "should start etcd node", sub {
$node->start();
$node->waitForUnit("etcd.service");
};
with subtest("should start etcd node"):
node.start()
node.wait_for_unit("etcd.service")
subtest "should write and read some values to etcd", sub {
$node->succeed("etcdctl set /foo/bar 'Hello world'");
$node->succeed("etcdctl get /foo/bar | grep 'Hello world'");
}
with subtest("should write and read some values to etcd"):
node.succeed("etcdctl set /foo/bar 'Hello world'")
node.succeed("etcdctl get /foo/bar | grep 'Hello world'")
'';
})

9
nixos/tests/fancontrol.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "fancontrol";
machine =
@ -19,7 +19,10 @@ import ./make-test.nix ({ pkgs, ... } : {
# This configuration cannot be valid for the test VM, so it's expected to get an 'outdated' error.
testScript = ''
$machine->waitForUnit("fancontrol.service");
$machine->waitUntilSucceeds("journalctl -eu fancontrol | grep 'Configuration appears to be outdated'");
start_all()
machine.wait_for_unit("fancontrol.service")
machine.wait_until_succeeds(
"journalctl -eu fancontrol | grep 'Configuration appears to be outdated'"
)
'';
})

30
nixos/tests/firewall.nix
View File

@ -1,6 +1,6 @@
# Test the firewall module.
import ./make-test.nix ( { pkgs, ... } : {
import ./make-test-python.nix ( { pkgs, ... } : {
name = "firewall";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eelco ];
@ -36,30 +36,30 @@ import ./make-test.nix ( { pkgs, ... } : {
testScript = { nodes, ... }: let
newSystem = nodes.walled2.config.system.build.toplevel;
in ''
$walled->start;
$attacker->start;
start_all()
$walled->waitForUnit("firewall");
$walled->waitForUnit("httpd");
$attacker->waitForUnit("network.target");
walled.wait_for_unit("firewall")
walled.wait_for_unit("httpd")
attacker.wait_for_unit("network.target")
# Local connections should still work.
$walled->succeed("curl -v http://localhost/ >&2");
walled.succeed("curl -v http://localhost/ >&2")
# Connections to the firewalled machine should fail, but ping should succeed.
$attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2");
$attacker->succeed("ping -c 1 walled >&2");
attacker.fail("curl --fail --connect-timeout 2 http://walled/ >&2")
attacker.succeed("ping -c 1 walled >&2")
# Outgoing connections/pings should still work.
$walled->succeed("curl -v http://attacker/ >&2");
$walled->succeed("ping -c 1 attacker >&2");
walled.succeed("curl -v http://attacker/ >&2")
walled.succeed("ping -c 1 attacker >&2")
# If we stop the firewall, then connections should succeed.
$walled->stopJob("firewall");
$attacker->succeed("curl -v http://walled/ >&2");
walled.stop_job("firewall")
attacker.succeed("curl -v http://walled/ >&2")
# Check whether activation of a new configuration reloads the firewall.
$walled->succeed("${newSystem}/bin/switch-to-configuration test 2>&1" .
" | grep -qF firewall.service");
walled.succeed(
"${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF firewall.service"
)
'';
})

11
nixos/tests/fish.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "fish";
machine =
@ -14,8 +14,11 @@ import ./make-test.nix ({ pkgs, ... }: {
testScript =
''
$machine->waitForFile("/etc/fish/generated_completions/coreutils.fish");
$machine->waitForFile("/etc/fish/generated_completions/kill.fish");
$machine->succeed("fish -ic 'echo \$fish_complete_path' | grep -q '/share/fish/completions /etc/fish/generated_completions /root/.local/share/fish/generated_completions\$'");
start_all()
machine.wait_for_file("/etc/fish/generated_completions/coreutils.fish")
machine.wait_for_file("/etc/fish/generated_completions/kill.fish")
machine.succeed(
"fish -ic 'echo $fish_complete_path' | grep -q '/share/fish/completions /etc/fish/generated_completions /root/.local/share/fish/generated_completions$'"
)
'';
})

17
nixos/tests/fluentd.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }: {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "fluentd";
machine = { pkgs, ... }: {
@ -33,14 +33,17 @@ import ./make-test.nix ({ pkgs, lib, ... }: {
inherit testMessage;
});
in ''
$machine->start;
$machine->waitForUnit('fluentd.service');
$machine->waitForOpenPort(9880);
machine.start()
machine.wait_for_unit("fluentd.service")
machine.wait_for_open_port(9880)
$machine->succeed("curl -fsSL -X POST -H 'Content-type: application/json' -d @${payload} http://localhost:9880/test.tag");
machine.succeed(
"curl -fsSL -X POST -H 'Content-type: application/json' -d @${payload} http://localhost:9880/test.tag"
)
$machine->succeed("systemctl stop fluentd"); # blocking flush
# blocking flush
machine.succeed("systemctl stop fluentd")
$machine->succeed("grep '${testMessage}' /tmp/current-log");
machine.succeed("grep '${testMessage}' /tmp/current-log")
'';
})

48
nixos/tests/gitlab.nix
View File

@ -3,7 +3,7 @@
let
initialRootPassword = "notproduction";
in
import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
name = "gitlab";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ globin ];
@ -63,21 +63,35 @@ import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
});
in
''
$gitlab->start();
$gitlab->waitForUnit("gitaly.service");
$gitlab->waitForUnit("gitlab-workhorse.service");
$gitlab->waitForUnit("gitlab.service");
$gitlab->waitForUnit("gitlab-sidekiq.service");
$gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket");
$gitlab->waitUntilSucceeds("curl -sSf http://gitlab/users/sign_in");
$gitlab->succeed("curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in");
$gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2");
$gitlab->succeed("echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers");
$gitlab->succeed("curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects");
$gitlab->succeed("curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt");
$gitlab->succeed("curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz");
$gitlab->succeed("curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2");
$gitlab->succeed("test -s /tmp/archive.tar.gz");
$gitlab->succeed("test -s /tmp/archive.tar.bz2");
gitlab.start()
gitlab.wait_for_unit("gitaly.service")
gitlab.wait_for_unit("gitlab-workhorse.service")
gitlab.wait_for_unit("gitlab.service")
gitlab.wait_for_unit("gitlab-sidekiq.service")
gitlab.wait_for_file("/var/gitlab/state/tmp/sockets/gitlab.socket")
gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in")
gitlab.succeed(
"curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in"
)
gitlab.succeed(
"${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2"
)
gitlab.succeed(
"echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers"
)
gitlab.succeed(
"curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects"
)
gitlab.succeed(
"curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt"
)
gitlab.succeed(
"curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz"
)
gitlab.succeed(
"curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2"
)
gitlab.succeed("test -s /tmp/archive.tar.gz")
gitlab.succeed("test -s /tmp/archive.tar.bz2")
'';
})

89
nixos/tests/gitolite.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...}:
import ./make-test-python.nix ({ pkgs, ...}:
let
adminPrivateKey = pkgs.writeText "id_ed25519" ''
@ -43,7 +43,7 @@ let
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
'';
gitoliteAdminConfSnippet = ''
gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
repo alice-project
RW+ = alice
'';
@ -85,55 +85,54 @@ in
};
testScript = ''
startAll;
start_all()
subtest "can setup ssh keys on system", sub {
$client->mustSucceed("mkdir -p ~root/.ssh");
$client->mustSucceed("cp ${adminPrivateKey} ~root/.ssh/id_ed25519");
$client->mustSucceed("chmod 600 ~root/.ssh/id_ed25519");
with subtest("can setup ssh keys on system"):
client.succeed(
"mkdir -p ~root/.ssh",
"cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
"chmod 600 ~root/.ssh/id_ed25519",
)
client.succeed(
"sudo -u alice mkdir -p ~alice/.ssh",
"sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
"sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
)
client.succeed(
"sudo -u bob mkdir -p ~bob/.ssh",
"sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
"sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
)
$client->mustSucceed("sudo -u alice mkdir -p ~alice/.ssh");
$client->mustSucceed("sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519");
$client->mustSucceed("sudo -u alice chmod 600 ~alice/.ssh/id_ed25519");
with subtest("gitolite server starts"):
server.wait_for_unit("gitolite-init.service")
server.wait_for_unit("sshd.service")
client.succeed("ssh gitolite@server info")
$client->mustSucceed("sudo -u bob mkdir -p ~bob/.ssh");
$client->mustSucceed("sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519");
$client->mustSucceed("sudo -u bob chmod 600 ~bob/.ssh/id_ed25519");
};
with subtest("admin can clone and configure gitolite-admin.git"):
client.succeed(
"git clone gitolite@server:gitolite-admin.git",
"git config --global user.name 'System Administrator'",
"git config --global user.email root\@domain.example",
"cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
"cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
"(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
"cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
"(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
)
subtest "gitolite server starts", sub {
$server->waitForUnit("gitolite-init.service");
$server->waitForUnit("sshd.service");
$client->mustSucceed('ssh gitolite@server info');
};
with subtest("non-admins cannot clone gitolite-admin.git"):
client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
subtest "admin can clone and configure gitolite-admin.git", sub {
$client->mustSucceed('git clone gitolite@server:gitolite-admin.git');
$client->mustSucceed("git config --global user.name 'System Administrator'");
$client->mustSucceed("git config --global user.email root\@domain.example");
$client->mustSucceed("cp ${alicePublicKey} gitolite-admin/keydir/alice.pub");
$client->mustSucceed("cp ${bobPublicKey} gitolite-admin/keydir/bob.pub");
$client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add keys for alice, bob" && git push)');
$client->mustSucceed("printf '${gitoliteAdminConfSnippet}' >> gitolite-admin/conf/gitolite.conf");
$client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add repo for alice" && git push)');
};
with subtest("non-admins can clone testing.git"):
client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
subtest "non-admins cannot clone gitolite-admin.git", sub {
$client->mustFail('sudo -i -u alice git clone gitolite@server:gitolite-admin.git');
$client->mustFail('sudo -i -u bob git clone gitolite@server:gitolite-admin.git');
};
with subtest("alice can clone alice-project.git"):
client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
subtest "non-admins can clone testing.git", sub {
$client->mustSucceed('sudo -i -u alice git clone gitolite@server:testing.git');
$client->mustSucceed('sudo -i -u bob git clone gitolite@server:testing.git');
};
subtest "alice can clone alice-project.git", sub {
$client->mustSucceed('sudo -i -u alice git clone gitolite@server:alice-project.git');
};
subtest "bob cannot clone alice-project.git", sub {
$client->mustFail('sudo -i -u bob git clone gitolite@server:alice-project.git');
};
with subtest("bob cannot clone alice-project.git"):
client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
'';
})

32
nixos/tests/glusterfs.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ ... } :
import ./make-test-python.nix ({pkgs, lib, ...}:
let
client = { pkgs, ... } : {
@ -39,27 +39,29 @@ in {
};
testScript = ''
$server1->waitForUnit("glusterd.service");
$server2->waitForUnit("glusterd.service");
server1.wait_for_unit("glusterd.service")
server2.wait_for_unit("glusterd.service")
server1.wait_until_succeeds("gluster peer status")
server2.wait_until_succeeds("gluster peer status")
# establish initial contact
$server1->succeed("sleep 2");
$server1->succeed("gluster peer probe server2");
$server1->succeed("gluster peer probe server1");
server1.succeed("gluster peer probe server2")
server1.succeed("gluster peer probe server1")
$server1->succeed("gluster peer status | grep Connected");
server1.succeed("gluster peer status | grep Connected")
# create volumes
$server1->succeed("mkdir -p /data/vg0");
$server2->succeed("mkdir -p /data/vg0");
$server1->succeed("gluster volume create gv0 server1:/data/vg0 server2:/data/vg0");
$server1->succeed("gluster volume start gv0");
server1.succeed("mkdir -p /data/vg0")
server2.succeed("mkdir -p /data/vg0")
server1.succeed("gluster volume create gv0 server1:/data/vg0 server2:/data/vg0")
server1.succeed("gluster volume start gv0")
# test clients
$client1->waitForUnit("gluster.mount");
$client2->waitForUnit("gluster.mount");
client1.wait_for_unit("gluster.mount")
client2.wait_for_unit("gluster.mount")
$client1->succeed("echo test > /gluster/file1");
$client2->succeed("grep test /gluster/file1");
client1.succeed("echo test > /gluster/file1")
client2.succeed("grep test /gluster/file1")
'';
})

54
nixos/tests/google-oslogin/default.nix
View File

@ -1,7 +1,14 @@
import ../make-test.nix ({ pkgs, ... } :
import ../make-test-python.nix ({ pkgs, ... } :
let
inherit (import ./../ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
# don't check host keys or known hosts, use the snakeoil ssh key
ssh-config = builtins.toFile "ssh.conf" ''
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
IdentityFile=~/.ssh/id_snakeoil
'';
in {
name = "google-oslogin";
meta = with pkgs.stdenv.lib.maintainers; {
@ -15,38 +22,49 @@ in {
client = { ... }: {};
};
testScript = ''
startAll;
start_all()
$server->waitForUnit("mock-google-metadata.service");
$server->waitForOpenPort(80);
server.wait_for_unit("mock-google-metadata.service")
server.wait_for_open_port(80)
# mockserver should return a non-expired ssh key for both mockuser and mockadmin
$server->succeed('${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockuser | grep -q "${snakeOilPublicKey}"');
$server->succeed('${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockadmin | grep -q "${snakeOilPublicKey}"');
server.succeed(
'${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockuser | grep -q "${snakeOilPublicKey}"'
)
server.succeed(
'${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockadmin | grep -q "${snakeOilPublicKey}"'
)
# install snakeoil ssh key on the client
$client->succeed("mkdir -p ~/.ssh");
$client->succeed("cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil");
$client->succeed("chmod 600 ~/.ssh/id_snakeoil");
# install snakeoil ssh key on the client, and provision .ssh/config file
client.succeed("mkdir -p ~/.ssh")
client.succeed(
"cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil"
)
client.succeed("chmod 600 ~/.ssh/id_snakeoil")
client.succeed("cp ${ssh-config} ~/.ssh/config")
$client->waitForUnit("network.target");
$server->waitForUnit("sshd.service");
client.wait_for_unit("network.target")
server.wait_for_unit("sshd.service")
# we should not be able to connect as non-existing user
$client->fail("ssh -o User=ghost -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil 'true'");
client.fail("ssh ghost@server 'true'")
# we should be able to connect as mockuser
$client->succeed("ssh -o User=mockuser -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil 'true'");
client.succeed("ssh mockuser@server 'true'")
# but we shouldn't be able to sudo
$client->fail("ssh -o User=mockuser -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'");
client.fail(
"ssh mockuser@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'"
)
# we should also be able to log in as mockadmin
$client->succeed("ssh -o User=mockadmin -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil 'true'");
client.succeed("ssh mockadmin@server 'true'")
# pam_oslogin_admin.so should now have generated a sudoers file
$server->succeed("find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/mockadmin'");
server.succeed("find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/mockadmin'")
# and we should be able to sudo
$client->succeed("ssh -o User=mockadmin -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'");
client.succeed(
"ssh mockadmin@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'"
)
'';
})

44
nixos/tests/gotify-server.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ...} : {
name = "gotify-server";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
@ -14,32 +14,32 @@ import ./make-test.nix ({ pkgs, lib, ...} : {
};
testScript = ''
startAll;
machine.start()
$machine->waitForUnit("gotify-server");
$machine->waitForOpenPort(3000);
machine.wait_for_unit("gotify-server.service")
machine.wait_for_open_port(3000)
my $token = $machine->succeed(
"curl --fail -sS -X POST localhost:3000/application -F name=nixos " .
'-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" ' .
'| jq .token | xargs echo -n'
);
token = machine.succeed(
"curl --fail -sS -X POST localhost:3000/application -F name=nixos "
+ '-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" '
+ "| jq .token | xargs echo -n"
)
my $usertoken = $machine->succeed(
"curl --fail -sS -X POST localhost:3000/client -F name=nixos " .
'-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" ' .
'| jq .token | xargs echo -n'
);
usertoken = machine.succeed(
"curl --fail -sS -X POST localhost:3000/client -F name=nixos "
+ '-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" '
+ "| jq .token | xargs echo -n"
)
$machine->succeed(
"curl --fail -sS -X POST 'localhost:3000/message?token=$token' -H 'Accept: application/json' " .
'-F title=Gotify -F message=Works'
);
machine.succeed(
f"curl --fail -sS -X POST 'localhost:3000/message?token={token}' -H 'Accept: application/json' "
+ "-F title=Gotify -F message=Works"
)
my $title = $machine->succeed(
"curl --fail -sS 'localhost:3000/message?since=0&token=$usertoken' | jq '.messages|.[0]|.title' | xargs echo -n"
);
title = machine.succeed(
f"curl --fail -sS 'localhost:3000/message?since=0&token={usertoken}' | jq '.messages|.[0]|.title' | xargs echo -n"
)
$title eq "Gotify" or die "Wrong title ($title), expected 'Gotify'!";
assert title == "Gotify"
'';
})

82
nixos/tests/graylog.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }: {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "graylog";
meta.maintainers = with lib.maintainers; [ ma27 ];
@ -64,48 +64,52 @@ import ./make-test.nix ({ pkgs, lib, ... }: {
facility = "Test";
});
in ''
$machine->start;
$machine->waitForUnit("graylog.service");
$machine->waitForOpenPort(9000);
$machine->succeed("curl -sSfL http://127.0.0.1:9000/");
machine.start()
machine.wait_for_unit("graylog.service")
machine.wait_for_open_port(9000)
machine.succeed("curl -sSfL http://127.0.0.1:9000/")
my $session = $machine->succeed("curl -X POST "
. "-sSfL http://127.0.0.1:9000/api/system/sessions "
. "-d \$(cat ${payloads.login}) "
. "-H 'Content-Type: application/json' "
. "-H 'Accept: application/json' "
. "-H 'x-requested-by: cli' "
. "| jq .session_id | xargs echo"
);
session = machine.succeed(
"curl -X POST "
+ "-sSfL http://127.0.0.1:9000/api/system/sessions "
+ "-d $(cat ${payloads.login}) "
+ "-H 'Content-Type: application/json' "
+ "-H 'Accept: application/json' "
+ "-H 'x-requested-by: cli' "
+ "| jq .session_id | xargs echo"
).rstrip()
chomp($session);
machine.succeed(
"curl -X POST "
+ f"-sSfL http://127.0.0.1:9000/api/system/inputs -u {session}:session "
+ '-d $(cat ${payloads.input} | sed -e "s,@node@,$(cat /var/lib/graylog/server/node-id),") '
+ "-H 'Accept: application/json' "
+ "-H 'Content-Type: application/json' "
+ "-H 'x-requested-by: cli' "
)
$machine->succeed("curl -X POST "
. "-sSfL http://127.0.0.1:9000/api/system/inputs -u $session:session "
. "-d \$(cat ${payloads.input} | sed -e \"s,\@node\@,\$(cat /var/lib/graylog/server/node-id),\") "
. "-H 'Accept: application/json' "
. "-H 'Content-Type: application/json' "
. "-H 'x-requested-by: cli' "
);
machine.wait_until_succeeds(
"test \"$(curl -sSfL 'http://127.0.0.1:9000/api/cluster/inputstates' "
+ f"-u {session}:session "
+ "-H 'Accept: application/json' "
+ "-H 'Content-Type: application/json' "
+ "-H 'x-requested-by: cli'"
+ "| jq 'to_entries[]|.value|.[0]|.state' | xargs echo"
+ ')" = "RUNNING"'
)
$machine->waitUntilSucceeds("test \"\$(curl -sSfL 'http://127.0.0.1:9000/api/cluster/inputstates' "
. "-u $session:session "
. "-H 'Accept: application/json' "
. "-H 'Content-Type: application/json' "
. "-H 'x-requested-by: cli'"
. "| jq 'to_entries[]|.value|.[0]|.state' | xargs echo"
. ")\" = \"RUNNING\""
);
machine.succeed(
"echo -n $(cat ${payloads.gelf_message}) | nc -w10 -u 127.0.0.1 12201"
)
$machine->succeed("echo -n \$(cat ${payloads.gelf_message}) | nc -w10 -u 127.0.0.1 12201");
$machine->succeed("test \"\$(curl -X GET "
. "-sSfL 'http://127.0.0.1:9000/api/search/universal/relative?query=*' "
. "-u $session:session "
. "-H 'Accept: application/json' "
. "-H 'Content-Type: application/json' "
. "-H 'x-requested-by: cli'"
. " | jq '.total_results' | xargs echo)\" = \"1\""
);
machine.succeed(
'test "$(curl -X GET '
+ "-sSfL 'http://127.0.0.1:9000/api/search/universal/relative?query=*' "
+ f"-u {session}:session "
+ "-H 'Accept: application/json' "
+ "-H 'Content-Type: application/json' "
+ "-H 'x-requested-by: cli'"
+ ' | jq \'.total_results\' | xargs echo)" = "1"'
)
'';
})

12
nixos/tests/handbrake.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
let
# Download Big Buck Bunny example, licensed under CC Attribution 3.0.
testMkv = pkgs.fetchurl {
@ -19,7 +19,13 @@ in {
testScript = ''
# Test MP4 and MKV transcoding. Since this is a short clip, transcoding typically
# only takes a few seconds.
$machine->succeed("HandBrakeCLI -i ${testMkv} -o test.mp4 -e x264 -q 20 -B 160");
$machine->succeed("HandBrakeCLI -i ${testMkv} -o test.mkv -e x264 -q 20 -B 160");
start_all()
machine.succeed(
"HandBrakeCLI -i ${testMkv} -o test.mp4 -e x264 -q 20 -B 160"
)
machine.succeed(
"HandBrakeCLI -i ${testMkv} -o test.mkv -e x264 -q 20 -B 160"
)
'';
})

23
nixos/tests/hibernate.nix
View File

@ -1,6 +1,6 @@
# Test whether hibernation from partition works.
import ./make-test.nix (pkgs: {
import ./make-test-python.nix (pkgs: {
name = "hibernate";
nodes = {
@ -28,16 +28,17 @@ import ./make-test.nix (pkgs: {
testScript =
''
$machine->waitForUnit("multi-user.target");
$machine->succeed("mkswap /dev/vdb");
$machine->succeed("swapon -a");
$machine->startJob("listener");
$machine->waitForOpenPort(4444);
$machine->succeed("systemctl hibernate &");
$machine->waitForShutdown;
$probe->waitForUnit("multi-user.target");
$machine->start;
$probe->waitUntilSucceeds("echo test | nc machine 4444 -N");
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("mkswap /dev/vdb")
machine.succeed("swapon -a")
machine.start_job("listener")
machine.wait_for_open_port(4444)
machine.succeed("systemctl hibernate &")
machine.wait_for_shutdown()
probe.wait_for_unit("multi-user.target")
machine.start()
probe.wait_until_succeeds("echo test | nc machine 4444 -N")
'';
})

19
nixos/tests/hound.nix
View File

@ -1,5 +1,5 @@
# Test whether `houndd` indexes nixpkgs
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "hound";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ grahamc ];
@ -46,13 +46,14 @@ import ./make-test.nix ({ pkgs, ... } : {
};
};
testScript =
'' startAll;
testScript = ''
start_all()
$machine->waitForUnit("network.target");
$machine->waitForUnit("hound.service");
$machine->waitForOpenPort(6080);
$machine->waitUntilSucceeds('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"');
'';
machine.wait_for_unit("network.target")
machine.wait_for_unit("hound.service")
machine.wait_for_open_port(6080)
machine.wait_until_succeeds(
"curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'"
)
'';
})

8
nixos/tests/icingaweb2.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "icingaweb2";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ das_j ];
@ -64,8 +64,8 @@ import ./make-test.nix ({ pkgs, ... }: {
};
testScript = ''
startAll();
$icingaweb2->waitForUnit("multi-user.target");
$icingaweb2->succeed("curl -sSf http://icingaweb2/authentication/login");
start_all()
icingaweb2.wait_for_unit("multi-user.target")
icingaweb2.succeed("curl -sSf http://icingaweb2/authentication/login")
'';
})

32
nixos/tests/incron.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "incron";
@ -19,34 +19,34 @@ import ./make-test.nix ({ pkgs, lib, ... }:
};
testScript = ''
startAll;
start_all()
$machine->waitForUnit("multi-user.target");
$machine->waitForUnit("incron.service");
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("incron.service")
$machine->succeed("test -d /test");
machine.succeed("test -d /test")
# create some activity for incron to monitor
$machine->succeed("touch /test/file");
$machine->succeed("echo foo >> /test/file");
$machine->succeed("mv /test/file /root");
$machine->succeed("mv /root/file /test");
machine.succeed("touch /test/file")
machine.succeed("echo foo >> /test/file")
machine.succeed("mv /test/file /root")
machine.succeed("mv /root/file /test")
$machine->sleep(1);
machine.sleep(1)
# touch /test/file
$machine->succeed("grep '/test/file IN_CREATE' /root/incron.log");
machine.succeed("grep '/test/file IN_CREATE' /root/incron.log")
# echo foo >> /test/file
$machine->succeed("grep '/test/file IN_MODIFY' /root/incron.log");
$machine->succeed("grep '/test/file IN_CLOSE_WRITE' /root/incron.log");
machine.succeed("grep '/test/file IN_MODIFY' /root/incron.log")
machine.succeed("grep '/test/file IN_CLOSE_WRITE' /root/incron.log")
# mv /test/file /root
$machine->succeed("grep '/test/file IN_MOVED_FROM' /root/incron.log");
machine.succeed("grep '/test/file IN_MOVED_FROM' /root/incron.log")
# mv /root/file /test
$machine->succeed("grep '/test/file IN_MOVED_TO' /root/incron.log");
machine.succeed("grep '/test/file IN_MOVED_TO' /root/incron.log")
# ensure something unexpected is not present
$machine->fail("grep 'IN_OPEN' /root/incron.log");
machine.fail("grep 'IN_OPEN' /root/incron.log")
'';
})

33
nixos/tests/influxdb.nix
View File

@ -1,6 +1,6 @@
# This test runs influxdb and checks if influxdb is up and running
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "influxdb";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ offline ];
@ -9,25 +9,32 @@ import ./make-test.nix ({ pkgs, ...} : {
nodes = {
one = { ... }: {
services.influxdb.enable = true;
environment.systemPackages = [ pkgs.httpie ];
};
};
testScript = ''
startAll;
$one->waitForUnit("influxdb.service");
import shlex
start_all()
one.wait_for_unit("influxdb.service")
# create database
$one->succeed(q~
curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE test"
~);
one.succeed(
"curl -XPOST http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE test'"
)
# write some points and run simple query
$one->succeed(q~
curl -XPOST 'http://localhost:8086/write?db=test' --data-binary 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'
~);
$one->succeed(q~
curl -GET 'http://localhost:8086/query' --data-urlencode "db=test" --data-urlencode "q=SELECT \"value\" FROM \"cpu_load_short\" WHERE \"region\"='us-west'" | grep "0\.64"
~);
out = one.succeed(
"curl -XPOST 'http://localhost:8086/write?db=test' --data-binary 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'"
)
qv = "SELECT value FROM cpu_load_short WHERE region='us-west'"
cmd = f'curl -GET "http://localhost:8086/query?db=test" --data-urlencode {shlex.quote("q="+ qv)}'
out = one.succeed(cmd)
assert "2015-06-11T20:46:02Z" in out
assert "0.64" in out
'';
})

9
nixos/tests/jackett.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ lib, ... }:
import ./make-test-python.nix ({ lib, ... }:
with lib;
@ -11,8 +11,9 @@ with lib;
{ services.jackett.enable = true; };
testScript = ''
$machine->waitForUnit('jackett.service');
$machine->waitForOpenPort('9117');
$machine->succeed("curl --fail http://localhost:9117/");
machine.start()
machine.wait_for_unit("jackett.service")
machine.wait_for_open_port(9117)
machine.succeed("curl --fail http://localhost:9117/")
'';
})

19
nixos/tests/jenkins.nix
View File

@ -3,7 +3,7 @@
# 2. jenkins user can be extended on both master and slave
# 3. jenkins service not started on slave node
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "jenkins";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bjornfor coconnor domenkozar eelco ];
@ -33,18 +33,17 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all()
$master->waitForUnit("jenkins");
master.wait_for_unit("jenkins")
$master->mustSucceed("curl http://localhost:8080 | grep 'Authentication required'");
assert "Authentication required" in master.succeed("curl http://localhost:8080")
print $master->execute("sudo -u jenkins groups");
$master->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users");
for host in master, slave:
groups = host.succeed("sudo -u jenkins groups")
assert "jenkins" in groups
assert "users" in groups
print $slave->execute("sudo -u jenkins groups");
$slave->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users");
$slave->mustFail("systemctl is-enabled jenkins.service");
slave.fail("systemctl is-enabled jenkins.service")
'';
})

39
nixos/tests/kerberos/heimdal.nix
View File

@ -1,4 +1,4 @@
import ../make-test.nix ({pkgs, ...}: {
import ../make-test-python.nix ({pkgs, ...}: {
name = "kerberos_server-heimdal";
machine = { config, libs, pkgs, ...}:
{ services.kerberos_server =
@ -23,31 +23,20 @@ import ../make-test.nix ({pkgs, ...}: {
};
testScript = ''
$machine->start;
machine.succeed(
"kadmin -l init --realm-max-ticket-life='8 day' --realm-max-renewable-life='10 day' FOO.BAR",
"systemctl restart kadmind.service kdc.service",
)
$machine->succeed(
"kadmin -l init --realm-max-ticket-life='8 day' \\
--realm-max-renewable-life='10 day' FOO.BAR"
);
for unit in ["kadmind", "kdc", "kpasswdd"]:
machine.wait_for_unit(f"{unit}.service")
$machine->succeed("systemctl restart kadmind.service kdc.service");
$machine->waitForUnit("kadmind.service");
$machine->waitForUnit("kdc.service");
$machine->waitForUnit("kpasswdd.service");
$machine->succeed(
"kadmin -l add --password=admin_pw --use-defaults admin"
);
$machine->succeed(
"kadmin -l ext_keytab --keytab=admin.keytab admin"
);
$machine->succeed(
"kadmin -p admin -K admin.keytab add --password=alice_pw --use-defaults \\
alice"
);
$machine->succeed(
"kadmin -l ext_keytab --keytab=alice.keytab alice"
);
$machine->succeed("kinit -kt alice.keytab alice");
machine.succeed(
"kadmin -l add --password=admin_pw --use-defaults admin",
"kadmin -l ext_keytab --keytab=admin.keytab admin",
"kadmin -p admin -K admin.keytab add --password=alice_pw --use-defaults alice",
"kadmin -l ext_keytab --keytab=alice.keytab alice",
"kinit -kt alice.keytab alice",
)
'';
})

28
nixos/tests/kerberos/mit.nix
View File

@ -1,4 +1,4 @@
import ../make-test.nix ({pkgs, ...}: {
import ../make-test-python.nix ({pkgs, ...}: {
name = "kerberos_server-mit";
machine = { config, libs, pkgs, ...}:
{ services.kerberos_server =
@ -24,22 +24,18 @@ import ../make-test.nix ({pkgs, ...}: {
};
testScript = ''
$machine->start;
machine.succeed(
"kdb5_util create -s -r FOO.BAR -P master_key",
"systemctl restart kadmind.service kdc.service",
)
$machine->succeed(
"kdb5_util create -s -r FOO.BAR -P master_key"
);
for unit in ["kadmind", "kdc"]:
machine.wait_for_unit(f"{unit}.service")
$machine->succeed("systemctl restart kadmind.service kdc.service");
$machine->waitForUnit("kadmind.service");
$machine->waitForUnit("kdc.service");
$machine->succeed(
"kadmin.local add_principal -pw admin_pw admin"
);
$machine->succeed(
"kadmin -p admin -w admin_pw addprinc -pw alice_pw alice"
);
$machine->succeed("echo alice_pw | sudo -u alice kinit");
machine.succeed(
"kadmin.local add_principal -pw admin_pw admin",
"kadmin -p admin -w admin_pw addprinc -pw alice_pw alice",
"echo alice_pw | sudo -u alice kinit",
)
'';
})

14
nixos/tests/minidlna.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "minidlna";
nodes = {
@ -29,11 +29,11 @@ import ./make-test.nix ({ pkgs, ... }: {
testScript =
''
startAll;
$server->succeed("mkdir -p /tmp/stuff && chown minidlna: /tmp/stuff");
$server->waitForUnit("minidlna");
$server->waitForOpenPort("8200");
$server->succeed("curl --fail http://localhost:8200/");
$client->succeed("curl --fail http://server:8200/");
start_all()
server.succeed("mkdir -p /tmp/stuff && chown minidlna: /tmp/stuff")
server.wait_for_unit("minidlna")
server.wait_for_open_port("8200")
server.succeed("curl --fail http://localhost:8200/")
client.succeed("curl --fail http://server:8200/")
'';
})

24
nixos/tests/miniflux.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
port = 3142;
@ -37,16 +37,20 @@ with lib;
};
};
testScript = ''
startAll;
start_all()
$default->waitForUnit('miniflux.service');
$default->waitForOpenPort(${toString defaultPort});
$default->succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep -q OK");
$default->succeed("curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'");
default.wait_for_unit("miniflux.service")
default.wait_for_open_port(${toString defaultPort})
default.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep -q OK")
default.succeed(
"curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
)
$customized->waitForUnit('miniflux.service');
$customized->waitForOpenPort(${toString port});
$customized->succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep -q OK");
$customized->succeed("curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep -q '\"is_admin\":true'");
customized.wait_for_unit("miniflux.service")
customized.wait_for_open_port(${toString port})
customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep -q OK")
customized.succeed(
"curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
)
'';
})

Some files were not shown because too many files have changed in this diff Show More