3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

3862 commits

Author SHA1 Message Date
Guillaume Girol 25b4e3c741
Merge pull request #133098 from erdnaxe/nitter-hardening
nixos/nitter: systemd unit hardening
2021-08-08 14:33:23 +00:00
Martin Weinelt f49b03c40b
Merge pull request #123258 from mweinelt/acme-hardening 2021-08-08 15:50:24 +02:00
Alexandre Iooss 2e8e8f2c92
nixos/nitter: test with CAP_NET_BIND_SERVICE 2021-08-08 15:29:33 +02:00
Félix Baylac-Jacqué 6325d15e90
nixosTests.prosody: extend- self-signed cert expiration date
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.

See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
2021-08-06 23:46:17 +02:00
Maximilian Bosch 67a5d63b33
Merge pull request #131867 from maxeaubrey/traefik_2.4.12
traefik: 2.4.8 -> 2.4.13
2021-08-06 18:55:07 +02:00
Michael Weiss c4c087da21
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:26:59 +02:00
Robert Hensing c5373ce006
Merge pull request #132593 from rycee/postgresql-backup-compression
nixos postgresql-backup: add `compression` option
2021-08-05 13:20:40 +02:00
Benjamin Smith 45c4b6b9e4
Apache Kafka: add 2.7.1 and 2.8.0 (#128043) 2021-08-05 13:01:59 +02:00
Robert Helgesson bcc7a902d5
nixos postgresql-backup: add compression option
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
2021-08-05 00:42:16 +02:00
Maxine Aubrey 34add8ca59
nixos/traefik: wait for first success
possible fix for #115418
2021-08-04 23:55:56 +02:00
Guillaume Girol 2eb2a255b9
Merge pull request #131255 from erdnaxe/nitter
nitter: init at unstable-2021-07-18
2021-08-04 20:25:22 +00:00
Florian Klink 50e3b159e3
Merge pull request #131952 from yu-re-ka/feature/gitlab-14-1-1
gitlab: 14.1.0 -> 14.1.1
2021-08-03 00:13:52 +02:00
Robert Hensing 48ea8eb813
Merge pull request #132416 from turion/dev_rabbitmq-server_1.8_1.9
rabbitmq-server: 3.8.9 -> 3.9.1
2021-08-02 22:08:30 +02:00
Yureka 6b021012c5 nixos/tests/gitlab: disable gitlab-pages tests 2021-08-02 18:04:54 +02:00
Manuel Bärenz b0f33d7c2e rabbitmq-server: 3.8.9 -> 3.9.1 2021-08-02 16:19:30 +02:00
Ben Siraphob c8a731593b
Merge pull request #113185 from fabaff/libreddit
libreddit: init at 0.10.1
2021-08-02 17:05:00 +07:00
Benjamin Asbach f22a7ae1a8
soapui: 5.5.0 -> 5.6.0 (#131307)
Co-authored-by: Benjamin Asbach <asbachb@users.noreply.github.com>
2021-08-01 20:11:12 +02:00
Ben Siraphob 44db812a14
Merge pull request #132257 from Zopieux/simple-mpv-webui
mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
2021-08-01 12:10:12 +07:00
Aaron Andersen 404cd360c2
Merge pull request #129468 from jwygoda/litestream-service
nixos/litestream: init
2021-07-31 22:58:48 -04:00
Aaron Andersen 099015b2ed
Merge pull request #116578 from MatthewCroughan/node-red-service
nixos/node-red: add module
2021-07-31 22:57:26 -04:00
Alexandre Macabies c9e991bd64 mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
This also adds a test. The current packaged version (1.0.0) is broken,
it cannot find relevant files.
2021-08-01 00:47:55 +02:00
Jarosław Wygoda 1dcfd1e329 nixos/litestream: init 2021-07-30 17:41:54 +02:00
Alexandre Iooss 534dbcb28f
nixos/nitter: init module and test 2021-07-30 15:19:49 +02:00
Lassulus 729042fae8
Merge pull request #131794 from ncfavier/syncthing-collapse-declarative
nixos/syncthing: move declarative options to the top level
2021-07-29 15:42:33 +02:00
github-actions[bot] 6fcda9f1ec
Merge master into staging-next 2021-07-28 18:01:16 +00:00
Franz Pletz 8f40f574f8
Merge pull request #131578 from mweinelt/influxdb-exporter
prometheus-influxdb-exporter: init at 0.8.0
2021-07-28 19:47:06 +02:00
matthewcroughan b9c9d52aec nixos/node-red: add test 2021-07-28 17:32:45 +01:00
github-actions[bot] a1d3be1d42
Merge master into staging-next 2021-07-28 12:01:16 +00:00
Naïm Favier e9b01c5c8e
nixos/syncthing: move declarative options to the top level 2021-07-28 11:30:30 +02:00
Naïm Favier 6416b3a941
nixos/syncthing: add declarative.extraOptions
Allows setting arbitrary config options through the REST API.

Also switches to the [new](https://docs.syncthing.net/rest/config.html)
config endpoints.
2021-07-28 10:56:06 +02:00
Martin Weinelt f77710c6ba nixos/tests/prometheus-exporters/influxdb: init 2021-07-26 16:00:01 +02:00
Frederik Rietdijk 18347a1caf Merge master into staging-next 2021-07-26 12:40:04 +02:00
Elis Hirwing 699ea65439
Merge pull request #131118 from etu/sanoid-syncoid-improvements
nixos/{syncoid,sanoid}: Improve ZFS permission delegation
2021-07-26 11:40:51 +02:00
Elis Hirwing 764e4acee1
nixos/tests/sanoid: Improve tests by checking that no permissions are left behind 2021-07-26 11:05:52 +02:00
Frederik Rietdijk 62370fb59a Merge remote-tracking branch 'upstream/master' into staging-next 2021-07-26 09:19:44 +02:00
Michael Weiss 4ec2b24603
nixos/tests/chromium: Drop the workaround for Chrome GPU crashes
This regression was fixed by 51d83077ff.
2021-07-25 12:39:45 +02:00
Michael Weiss 7b3c054514
nixos/tests/chromium: Check the version and that it's an official build
This also prints and screenshots the output of chrome://version which
contains useful information.

Outputs (stable, beta, ungoogled, chrome-stable, chrome-beta, chrome-dev):
Chromium	92.0.4515.107 (Official Build) (64-bit)
Chromium        92.0.4515.107 (Official Build) (64-bit)
Chromium        91.0.4472.164 (Official Build, ungoogled-chromium) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) beta (64-bit)
Google Chrome   93.0.4577.8 (Official Build) dev (64-bit)
2021-07-25 12:35:21 +02:00
github-actions[bot] a37fbac53b
Merge master into staging-next 2021-07-25 00:01:35 +00:00
Elis Hirwing 6984e68c51
Merge pull request #98455 from ju1m/syncoid-split
nixos/syncoid: split in multiple systemd services and harden them
2021-07-24 22:08:42 +02:00
Julien Moutinho d05a1ab1e4 nixos/syncoid: split in multiple systemd services 2021-07-24 11:26:28 +02:00
github-actions[bot] cb1426e30a
Merge staging-next into staging 2021-07-23 18:01:46 +00:00
Sandro 42c7bd28e3
Merge pull request #131215 from Ma27/bump-grocy
grocy: 3.0.1 -> 3.1.0
2021-07-23 17:53:35 +02:00
Benjamin Asbach 9fd41a9a5b
tuxguitar: 125945 (#131028)
* tuxguitar: Ensure that tuxguitar is launched with java 8 comtabilbe jre and libraries as greate java version is not supported

* tuxguitar: Added test to verify application starts without problems

* tuxguitar: 1.5.2 -> 1.5.4
2021-07-23 10:02:20 -04:00
github-actions[bot] 3bc17773a5
Merge staging-next into staging 2021-07-23 12:02:01 +00:00
Maximilian Bosch 07b51f58df
grocy: 3.0.1 -> 3.1.0
ChangeLog: https://github.com/grocy/grocy/releases/tag/v3.1.0
2021-07-23 11:45:31 +02:00
Michael Weiss 11400dcd65
chromium: Check the text rendering
This should catch regressions like #131074 in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
2021-07-23 10:15:25 +02:00
Michele Guerini Rocco 75c433e911
Merge pull request #125704 from zanculmarktum/fix/kbd-search-paths
kbd: update search-paths.patch
2021-07-23 08:14:53 +02:00
Michael Weiss 97570d30c7
chromium: 91.0.4472.164 -> 92.0.4515.107
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html

This update includes 35 security fixes.

CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589

Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
2021-07-21 11:20:38 +02:00
Maximilian Bosch 72d1d4cb20
Merge pull request #130778 from mayflower/tigervnc-tests-and-no-proprietary-fonts
Tigervnc tests and no proprietary fonts
2021-07-20 17:00:09 +02:00
Ingo Blechschmidt 5143ab9f74 tigervnc, tightvnc: add basic tests
Co-Authored-By: Ingo Blechschmidt <iblech@web.de>
2021-07-20 15:22:31 +02:00
Azure Zanculmarktum 88fbddc149 nixos/tests: add kbd-update-search-paths-patch 2021-07-20 03:30:59 +07:00
Elis Hirwing f8b6ba005e
nixos/tests: Init hockeypuck tests 2021-07-19 07:33:03 +02:00
Jörg Thalheim 0839cf1d45
Merge pull request #106721 from Mic92/nix-serve
nixos/nix-serve: don't run as nogroup
2021-07-18 07:53:32 +01:00
Jörg Thalheim ac7b8724b5 nixos/nix-serve: don't run as nogroup
nogroup is insecure if shared
2021-07-18 08:51:17 +02:00
Martin Weinelt d9a3a54b73
Merge pull request #129980 from mweinelt/nixos/kea 2021-07-18 00:26:35 +02:00
github-actions[bot] e9ca8c2796
Merge master into haskell-updates 2021-07-17 00:05:09 +00:00
Jean-Philippe Braun d4eca42de4 nixos/wordpress: nginx support 2021-07-16 08:51:08 +02:00
Manuel Bärenz 65fcd698bb nixosTests.agda: Adapt to --guardedness requirements
The one-line test is hard to fix in a readable manner
and doesn't really add value above the hello-world test.
So rather simplify to reduce maintenance.
2021-07-15 10:25:44 +02:00
misuzu 930daac345 nixos/boot: test on aarch64 2021-07-14 12:47:12 +03:00
Martin Weinelt 2a93d57ebb
nixos/tests/kea: init
A simple DHCPv4 test case, with borrowed structure from the
systemd-networkd-dhcpserver test.
2021-07-14 01:36:04 +02:00
Martin Weinelt cf139f7203
nixos/tests/prometheus-exporters/kea: migrate to kea nixos module 2021-07-14 01:36:04 +02:00
Pavol Rusnak 92c7c2dea0
Merge pull request #118630 from mmilata/lndmon-210326
prometheus-lnd-exporter: unstable-2020-12-04 -> unstable-2021-03-26, fix test
2021-07-12 01:35:02 +02:00
Martin Milata eab071ae54 nixos/prometheus-lnd-exporter: fix test
The bitcoin module options have changed, reflect this. Also switch to
regtest which is more suitable for testing.
2021-07-12 01:00:00 +02:00
Michael Weiss c33015a0c9
nixos/tests/chromium: Print the content of chrome://{sandbox,gpu}
This can be very useful when running the test headless or e.g. when
looking at Hydra logs. Especially the chrome://gpu content contains a
lot of interesting information.
I also decided to refactor the test_new_win() function to avoid
duplicate code and rely less on xdo.
2021-07-10 10:35:29 +02:00
Michael Weiss 8c52061b1f
nixos/tests/chromium: Refactor launching the browser process
It should now be more flexible and less error-prone.
2021-07-10 10:35:27 +02:00
Maciej Krüger e4e05cd813
Merge pull request #129693 from helsinki-systems/upd/nginxQuic 2021-07-09 12:20:06 +02:00
Michael Weiss f9645002a2
nixos/tests/chromium: Fix the test for M92+
Unfortunately there are some regressions in the GPU code that cause
Chromium and Google Chrome to crash, e.g.:
machine # [0709/084047.890436:ERROR:process_memory_range.cc(75)] read out of range[   30.153484] show_signal: 20 callbacks suppressed
machine # [   30.153490] traps: chrome[1036] trap invalid opcode ip:55af03357b29 sp:7ffeaa69ad10 error:0 in chrome[55aefe7a4000+81ec000]
machine #
machine # [0709/084047.955039:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
machine # [0709/084047.955078:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
machine # [   30.126905] systemd[1]: Created slice system-systemd\x2dcoredump.slice.
machine # [   30.137012] systemd[1]: Started Process Core Dump (PID 1038/UID 0).
machine # [   30.571987] systemd-coredump[1039]: Process 1036 (chrome) of user 1000 dumped core.
machine # [992:1021:0709/084048.501937:ERROR:gpu_process_host.cc(995)] GPU process exited unexpectedly: exit_code=132
machine # [   30.594747] systemd[1]: systemd-coredump@0-1038-0.service: Succeeded.

Hopefully this'll be fixed upstream before the final release (there are
bug reports for it) but for the meantime we have to launch the beta and
dev versions with "--use-gl=angle --use-angle=swiftshader".
2021-07-09 11:30:04 +02:00
ajs124 68a240b46a nixosTests.nginx-variants: also test nginxQuic 2021-07-08 23:44:27 +02:00
Leo Maroni 6ed56b865f nixos/vikunja: add nixos test 2021-07-08 22:17:57 +02:00
Mario Rodas bb1ff7da54
Merge pull request #125696 from hercules-ci/postgresql-backup-only-replace-if-successful
nixos/postgresqlBackup: only replace if successful
2021-07-07 18:41:57 -05:00
Franz Pletz f73efb9fb3
Merge pull request #121841 from Pamplemousse/jenkins-cli
jenkins: Create the `jenkins-cli` command
2021-07-06 14:45:29 +00:00
Lucas Savva eba6713e8f
nixos/tests/acme: test access to files outside /var/lib/acme in postRun 2021-07-06 15:16:24 +02:00
Martin Weinelt dc940ecdb3
Merge pull request #121750 from m1cr0man/master
nixos/acme: Ensure certs are always protected
2021-07-06 15:10:54 +02:00
Sandro ed79adc782
Merge pull request #129269 from Izorkin/mariadb-fix 2021-07-05 18:19:13 +02:00
Sandro 0928f8b0d3
Merge pull request #129239 from LeSuisse/trafficserver-9.0.2
trafficserver: 9.0.1 -> 9.0.2
2021-07-05 18:04:15 +02:00
Thomas Gerbet d41e86c67f trafficserver: 9.0.1 -> 9.0.2
Fixes CVE-2021-32566 and CVE-2021-32567.
2021-07-05 15:16:06 +02:00
Bruno Bigras 7265334f1a yggdrasil: 0.3.16 -> 0.4.0 2021-07-05 12:21:37 +02:00
Pamplemousse 4f093b8fdb nixos/modules/jenkins: Test the CLI
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
2021-07-04 14:49:39 -07:00
Izorkin a87a078dbc
nixos/tests/mariadb: add check Mroonga storage 2021-07-04 22:53:15 +03:00
Léo Gaspard 5bcb49475f
Merge pull request #127479 from symphorien/btrbk-module
nixos/btrbk: add module and test
2021-07-03 21:55:01 +02:00
Guillaume Girol 72894352b8 nixos/btrbk: add module and test 2021-07-03 17:18:20 +02:00
Jörg Thalheim a47ace80e5
Merge pull request #126187 from K900/vaultwarden
vaultwarden: update to 1.21.0, rename from bitwarden_rs
2021-07-03 11:15:22 +01:00
Christian Kampka 971e37dc07 nixos/tests/coturn: init
Co-authored-by: MatthewCroughan <matt@croughan.sh>
2021-07-03 08:32:03 +01:00
aszlig 3895ec33ad
nixos/tests/zsh-history: Fix matching prompt
In commit fbbaa4d40f, the Zsh default
prompt has changed from "walters" to "suse". So instead of:

  root@default>

... we now have:

  root@default:~/ >

However, in the NixOS VM test, we are matching "root@default>", which
doesn't include the current working directory and thus eventually leads
to a test failure after timing out.

To fix this, I changed the regex to include a newline at the beginning
and made sure that the hostname ends with a word boundary. This way it
doesn't matter whether the prompt is "walters" or "suse", because after
all the test is not about the prompt but about whether the history
mechanism works (or not).

Signed-off-by: aszlig <aszlig@nix.build>
2021-07-02 21:01:49 +02:00
K900 dc1b56c714 vaultwarden: update to 1.22.1, rename from bitwarden_rs
I tried to make this as non-breaking as possible, but it will still
break things slightly for people expecting certain file names in the
packages themselves.
2021-07-01 12:31:20 +03:00
Jonathan Ringer cd687af9f4 nixos/test/vault: fix assertion logic
"vault status" now returns exit code 2 when the
vault is still unsealed.
2021-06-30 22:50:01 -07:00
Sandro 30e2735f5d
Merge pull request #83904 from ju1m/sanoid
sanoid: fix sanoid.conf generation
2021-06-30 23:55:26 +02:00
Sandro 3a0d1ab3e2
Merge pull request #128546 from scvalex/fix-kubernetes-tests
kubernetes: make tests pass by fixing a conntrack-tools dep and a missing dir
2021-06-30 01:49:58 +02:00
Luke Granger-Brown 0dccbe2729 nixos/tests/kernel-generic: fix evaluation
This is breaking the tarball build, because #128502 depends on this test
existing. After this commit, nixpkgs.tarball once again evaluates.
2021-06-28 22:41:56 +00:00
Alexandru Scvortov ab1567e812 kubernetes: fix conntrack-tools package name, missing dir, and tests 2021-06-28 20:33:17 +01:00
Robert Schütz a3d043387f nixos/tests/home-assistant: don't test package
The modules overrides extraComponents which leads to a costly rebuild of
the home-assistant package with all tests.  Make it less costly by not
running the tests, as does the default for the package option.  The
package's tests are already run by ofborg on every pull request as well
as by Hydra when building home-assistant.
2021-06-28 14:34:18 +02:00
Elis Hirwing 94d07b7492
php: Run nixpkgs-fmt on all php related files 2021-06-26 20:07:56 +02:00
github-actions[bot] 45003ba5f9
Merge master into staging-next 2021-06-26 12:06:25 +00:00
Martin Weinelt ef2ce48d8b
Merge pull request #127767 from Mic92/go-neb 2021-06-26 12:23:16 +02:00
Jörg Thalheim 34d1c55580
nixos/go-neb: secret support 2021-06-26 11:59:50 +02:00
github-actions[bot] bae6b2055f
Merge master into staging-next 2021-06-25 12:06:04 +00:00
Michael Weiss 370a10c27f
Merge pull request #128055 from Synthetica9/sway-check-quit
nixos/tests/sway: add check that sway quits
2021-06-25 13:23:39 +02:00
Maximilian Bosch eb5013d20d
Merge pull request #128048 from dali99/add-txredisapi-synapse
Add txredisapi to matrix-synapse dependencies
2021-06-25 10:40:11 +02:00
Robert Schütz c1dca92daf Merge branch 'master' into staging-next 2021-06-25 10:02:10 +02:00
Patrick Hilhorst ad1141b528
nixos/tests/sway: add check that sway quits
We used to check that sway quits _succesfully_.
However, since 73d7f08b4d
disabled this, we'll add another check to see it quits _at all_.

cc @primeos
2021-06-25 02:06:00 +02:00
Daniel Olsen f7f52a4fbf pythonPackages.txredisapi: Add unit test 2021-06-24 23:34:03 +02:00
Michael Weiss 73d7f08b4d
sway: 1.6 -> 1.6.1
Since wlroots 0.14 setting WLR_RENDERER_ALLOW_SOFTWARE=1 to allow
software rendering is now enforced [0].

[0]: https://github.com/swaywm/wlroots/pull/2810
2021-06-24 22:59:06 +02:00
Martin Weinelt eef9694ebc
Merge branch 'master' into staging-next 2021-06-22 00:58:31 +02:00
Jörg Thalheim 7c2d15627a
Merge pull request #92378 from jnetod/zfs-smb-share-fix
zfs: patch client path used in smb share
2021-06-21 07:11:43 +02:00
github-actions[bot] 9c8cef37d2
Merge master into staging-next 2021-06-20 12:04:37 +00:00
illustris 85aa4bf92b nixos/jitsi-meet: update nixos tests
- remove check for `connected .JID: focus@auth.server` because
	- log format was changed in c1945ea6cb
	- connection.getUser() in jicofo also appears to be broken, returning null instead of username
	- testing for this log line shouldn't be necessary, as we also test for "Authenticated as focus@auth.server"

- remove check for `External component successfully authenticated` because
	- [JVB no longer uses component](https://community.jitsi.org/t/jvb-not-connecting/91157/2)

- increase VM memory
2021-06-20 12:36:51 +02:00
github-actions[bot] d0cc21f4bd
Merge master into staging-next 2021-06-19 00:08:37 +00:00
Jörg Thalheim a4cb90bdbd
Update nixos/tests/zfs.nix
Co-authored-by: jnetod <49963580+jnetod@users.noreply.github.com>
2021-06-18 22:19:16 +02:00
Martin Weinelt af664bf942
Merge pull request #127127 from mweinelt/home-assistant
nixos/home-assistant: update hardening
2021-06-18 20:15:05 +02:00
github-actions[bot] 4ea74538ce
Merge master into staging-next 2021-06-18 18:04:25 +00:00
adisbladis 1394a33858
Merge pull request #125598 from zowoq/podman
podman: 3.1.2 -> 3.2.1
2021-06-18 09:59:48 -05:00
zowoq 9edf2e0ffd nixos/podman/tests: add workaround for broken import 2021-06-18 15:43:24 +10:00
Martin Weinelt 36659d1efa
nixos/home-assistant: update hardening
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
2021-06-16 21:31:24 +02:00
Jan Tojnar e3dfa79441
Merge branch 'staging-next' into staging
Regenerated pkgs/servers/x11/xorg/default.nix to resolve the conflict.
2021-06-16 19:59:05 +02:00
markuskowa 5ad54b5bc9
Merge pull request #126785 from oxzi/ucarp-1.5.2
ucarp: init at 1.5.2 / nixos/ucarp: init / nixos/test/ucarp: init
2021-06-16 10:54:23 +02:00
aszlig c55e00d8ff
nixos/tests/overlayfs: Use individual commands
This reverts the test to be similar to its original Perl version, where
the test steps were performed as individual commands instead of what we
have now, where commands are sent to the machine as one giant string.

While this change doesn't seem like it would make a big difference, it
makes a huge difference if the test fails because you then get an error
about which command has failed exactly instead of just knowing that
"something in there" has failed.

I also switched 2 spaces indentation, because it is more in line with
Nix coding conventions.

Signed-off-by: aszlig <aszlig@nix.build>
2021-06-16 04:12:18 +02:00
aszlig 9ecde9d165
nixos/tests/overlayfs: Fix erroneous backslashes
Since commit b7749c7671, commands run as
part of VM tests are exiting immediately if an error happens.

When converting the overlayfs test to Python in commit
5ae92144ba, the individual test commands
were crammed into one big string instead of using a series of test
commands like done in the Perl version.

Additionally, the backslash-escaped dollar signs were necessary in
Perl's double-quoted strings to avoid variable interpolation, for Python
however, this results in an actual backslash being inserted into the
command.

While this obviously results in an exit code of 1 (without an error
message, since it's using bash's expression evaluation command), the
test didn't fail because putting all these commands in one string will
result in only the last error code being relevant.

With the change to "set -e" for commands sent to test machines, this has
changed and with the exit code of all commands now relevant, the test
now fails because the errors from individual command substitutions that
were prevented by escaping the dollar sign are now actually visible.

This in turn also means that until now, we wouldn't have noticed if the
overlayfs test would have failed for real.

Signed-off-by: aszlig <aszlig@nix.build>
2021-06-16 04:12:04 +02:00
Martin Weinelt ff06400b7d
Merge pull request #125011 from Xe/Xe/solanum-motd
solanum: fix MOTD
2021-06-16 00:01:24 +02:00
Alvar Penning 95ca79092e nixos/test/ucarp: init 2021-06-15 18:31:57 +02:00
Jörg Thalheim 86b1feefbd
nixos/zfs: add tests for samba 2021-06-11 08:24:56 +02:00
github-actions[bot] f023076314
Merge staging-next into staging 2021-06-10 18:14:20 +00:00
Bjørn Forsman a655b71201 nixos/jenkins: test declarative jobs 2021-06-10 19:23:28 +02:00
Jan Tojnar ba733d435b
Merge branch 'staging-next' into staging 2021-06-10 14:07:45 +02:00
Vladimír Čunát 2ee781417e
nixos/*: replace alsa* aliases
The attributes got renamed in PR #126440 and in some places this caused
evaluation errors, e.g. the tarball job was saying (locally)
> attribute 'alsaUtils' missing, at /build/source/nixos/modules/services/audio/alsa.nix:6:4
and I suspect that trunk-combined jobset's failure to evaluate was also caused.
2021-06-10 09:46:55 +02:00
talyz b4fd0a9118
nixos/tests/printing: fix after setting pipefail
It failed since pipefail (b7749c7, PR #125683), due to `systemctl status`
not exiting with code=0 for inactive units (apparently).
That command is meant for humans anyway.
2021-06-10 08:01:53 +02:00
github-actions[bot] cf8441dd85
Merge staging-next into staging 2021-06-09 18:14:53 +00:00
Martin Weinelt e2701c3115
Merge pull request #126271 from mweinelt/firefox 2021-06-09 14:51:21 +02:00
Maximilian Bosch 10eab5b6b3
nixos/tests/kernel-generic: fix evaluation
The test doesn't evaluate since #125469 because Linux 5.11 got removed
as it's EOL.

As this fixes the evaluation of the test and it only removes a
declaration that was apparently forgotten, I figured that a push to
unbreak the test is fine.
2021-06-09 13:00:43 +02:00
Julien Moutinho b62a093a58 sanoid: fix sanoid.conf generation 2021-06-09 03:25:04 +02:00
Martin Weinelt 2d4ed9bae6
nixos/tests/custom-ca: disable firefox test integration
Firefox has been decoupled from the system certificate store since the
nss p11-kit integration in combination with our cacert package does not
expose CKA_NSS_MOZILLA_CA_POLICY, which among other things is required
for addon updates.
2021-06-09 01:52:27 +02:00
github-actions[bot] fde4df19f2
Merge staging-next into staging 2021-06-08 12:04:39 +00:00
Robert Hensing 843248d39f
Merge pull request #117379 from hercules-ci/nixos-metricbeat
nixos/metricbeat: init
2021-06-08 13:53:20 +02:00
github-actions[bot] e218376e4a
Merge staging-next into staging 2021-06-07 06:37:31 +00:00
Luke Granger-Brown 91fb672b21
Merge pull request #125573 from Flakebi/prometheus-script-exporter
prometheus-script-exporter: init at 1.2.0
2021-06-07 01:59:41 +01:00
Flakebi 3bcf4e31ef
nixos/prometheus: add script exporter 2021-06-06 22:42:46 +02:00
github-actions[bot] a1f68141f3
Merge staging-next into staging 2021-06-06 18:30:36 +00:00
Luke Granger-Brown b45f157f03
Merge pull request #125770 from Mewp/acme-fix-tests
nixos/acme: Remove an incorrect assertion from tests
2021-06-06 19:11:04 +01:00
github-actions[bot] 385224957b
Merge staging-next into staging 2021-06-06 12:14:34 +00:00
Robert Hensing c177b49d39
Merge pull request #125683 from talyz/test-driver-pipefail
nixos/test-driver: Run commands with pipefail set
2021-06-06 10:42:54 +02:00
github-actions[bot] 500db2661d
Merge staging-next into staging 2021-06-06 00:15:23 +00:00
Flakebi 5e5a3c39ed nixos/prometheus: add process exporter 2021-06-06 08:17:25 +09:00
Léo Gaspard 925ee864fe
rss2email test: fix name (#125863) 2021-06-06 01:05:39 +02:00
tomberek 157aee00a5
nixos/sourcehut: init (#113244)
* nixos/sourcehut: init

* sourcehut: default nginx setup

* sourcehut: documentation

* sourcehut: re-structure settings

* sourcehut: tests

* nixos/sourcehut: adopt StateDirectory

* Apply suggestions from code review

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Thibaut Marty <github@thibautmarty.fr>
Co-authored-by: malte-v <34393802+malte-v@users.noreply.github.com>

* nixos/sourcehut: PR suggestions

* nixos/sourcehut: malte-v patch

* nixos/sourcehut: add base virtualhost

* nixos/sourcehut: remove superfluous key

* nixos/sourcehut: use default from cfg

* nixos/sourcehut: use originBase for logs

* nixos/sourcehut: use toPythonApplication in systemPackages

* nixos/sourcehut: directly use ExecStart

* nixos/sourcehut: update docs

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Thibaut Marty <github@thibautmarty.fr>
Co-authored-by: malte-v <34393802+malte-v@users.noreply.github.com>
2021-06-05 14:42:51 -04:00
github-actions[bot] 0397e518b7
Merge staging-next into staging 2021-06-05 18:30:31 +00:00
Kim Lindberger 0dda2a708f
Merge pull request #125699 from talyz/fix-mysql-alias
treewide: Fix mysql alias deprecation breakage
2021-06-05 19:07:35 +02:00
talyz 3d9c3e5cfd
nixosTests.*: Don't use the -q flag with grep when used with curl
The `-q` flag makes grep close the pipe early, which curl doesn't
handle gracefully, but exits with an error like "(23) Failed writing
body".
2021-06-05 18:44:54 +02:00
talyz a86853501a
nixosTests.nginx*: nginxUnstable -> nginxMainline
Stop using the old `nginxUnstable` alias, which is invalid in tests
since 3edde6562e.
2021-06-05 18:44:48 +02:00
talyz b7749c7671
nixos/test-driver: Run commands with error handling
Bash's standard behavior of not propagating non-zero exit codes
through a pipeline is unexpected and almost universally
unwanted. Default to setting `pipefail` for the command being run;
it can still be turned off by prefixing the pipeline with
`set +o pipefail` if needed.

Also, set `errexit` and `nonunset` options to make the first command
of consecutive commands separated by `;` fail, and disallow
dereferencing unset variables respectively.
2021-06-05 18:44:42 +02:00
Robert Hensing 81c8189a84 nixos/postgresqlBackup: Only replace backup when successful
Previously, a failed backup would always overwrite ${db}.sql.gz,
because the bash `>` redirect truncates the file; even if the
backup was going to fail.
On the next run, the ${db}.prev.sql.gz backup would be
overwritten by the bad ${db}.sql.gz.

Now, if the backup fails, the ${db}.in-progress.sql.gz is in an
unknown state, but ${db}.sql.gz will not be written.
On the next run, ${db}.prev.sql.gz (our only good backup) will
not be overwritten because ${db}.sql.gz does not exist.
2021-06-05 15:09:27 +02:00
Mewp b00bcf21ab nixos/acme: Remove an incorrect assertion from tests
Commit 3a2e0c36e7 has removed
`--reuse-key` from default renew options, yet the tests still expected
keys not to change. This assertion is now removed, as they are supposed
to change on each renew/change.
2021-06-05 10:38:46 +02:00
github-actions[bot] 8d96bfd409
Merge staging-next into staging 2021-06-05 00:20:36 +00:00
Maciej Krüger 26b3751de7
Merge pull request #97692 from ryneeverett/lockkernelmodules-lxd 2021-06-05 01:27:27 +02:00
talyz 59e0120aa5
treewide: Fix mysql alias deprecation breakage
62733b37b4 broke evaluation in all
places `pkgs.mysql` was used. Fix this by changing all occurrences to
`pkgs.mariadb`.
2021-06-04 21:42:08 +02:00
github-actions[bot] c06baac6ff
Merge staging-next into staging 2021-06-04 19:41:02 +00:00
Elis Hirwing c76bebc549
unit: Add php80 and use it as default 2021-06-04 09:27:07 +02:00
Elis Hirwing 68eb5305ac
php: Drop PHP 7.3 support
PHP 7.3 won't be supported by upstream for the entire life cycle of
the 21.11 release.

Also drop the pcre' alias since it isn't needed anymore since we don't
need different pcre versions anymore.
2021-06-04 09:26:54 +02:00
github-actions[bot] b511c637c8
Merge staging-next into staging 2021-06-03 19:52:05 +00:00
Martin Weinelt 64f1254248
Merge pull request #125532 from petabyteboy/feature/snapcast-0-25 2021-06-03 20:41:53 +02:00
Martin Weinelt 6d27068d7c
nixos/tests/snapcast: minor polish to make the tests more expressive 2021-06-03 20:29:02 +02:00
Frederik Rietdijk 3edde6562e make-test-python: disallow aliases
When importing Nixpkgs within Nixpkgs, we should not consider aliases
to ensure we don't rely on them internally.

There are probably more places that need to be converted.
2021-06-03 11:03:31 -07:00
github-actions[bot] a261aaf9c2
Merge staging-next into staging 2021-06-02 13:08:16 +00:00
Maximilian Bosch cc88797ce0 plausible: minor polishing 2021-06-02 19:21:31 +09:00
Maximilian Bosch b06ea1146c plausible: init at 1.3.0 2021-06-02 19:21:31 +09:00
github-actions[bot] 632c65fbd4
Merge staging-next into staging 2021-06-02 07:51:55 +00:00
Robert Hensing d9e4512443
Merge pull request #124589 from hercules-ci/containers-dnsname
nixos/podman-dnsname: init
2021-06-02 08:18:48 +02:00
davidak 26648d29d4
Merge pull request #124971 from oxalica/fix/kbd-paths
kbd: patch paths to decompressors
2021-06-01 01:53:45 +02:00
Maciej Krüger ef555f6a0b
Merge pull request #123426 from mattchrist/brscan5 2021-05-31 17:52:16 +02:00
Robert Hensing 54f2f1e5f1 nixos/podman-dnsname: init 2021-05-31 14:31:09 +02:00
Robert Hensing 5699d027ec nixos/metricbeat: init 2021-05-31 10:42:08 +02:00
Christine Dodrill b1fe9fab6f solanum: fix MOTD
Previously this defaulted to the default MOTD in the solanum source
tree, and I don't want my friends to laugh at me. Includes a patch to
the tests to ensure that the MOTD is actually set.

This replicates the fix done in #109705 (solanum is a fork of charybdis,
so they share fundamental logic for this).

Signed-off-by: Christine Dodrill <me@christine.website>
2021-05-30 20:27:08 -04:00
oxalica 7fb927c9e5
nixos/tests/kbd-setfont-decompress: init 2021-05-31 02:45:15 +08:00
Robert Hensing db31d8354d podman: Add iproute2, fixing docker network rm 2021-05-30 11:23:25 +02:00
Robert Hensing b6570e7238 nixos/podman-network-socket-ghostunnel: init 2021-05-30 11:23:24 +02:00
Robert Hensing ff4d83a667 nixos/podman: Add dockerSocket.enable 2021-05-30 11:21:05 +02:00
talyz cb80b67993 nixos/discourse: Assert deployed PostgreSQL version
Assert that the PostgreSQL version being deployed is the one used
upstream. Allow the user to override this assertion, since it's not
always possible or preferable to use the recommended one.
2021-05-28 17:43:02 -07:00
Robert Hensing 490aeb3cfa
Merge pull request #124494 from hercules-ci/dockerTools-omit-store
dockerTools: Allow omitting all store paths
2021-05-28 08:55:33 +02:00
Michael Weiss 2f671ccc7a
nixos/tests/{sway,cage,cagebreak}: Fix the tests on aarch64-linux
Since the update to wlroots 0.13 (e03dde82a7) the default VGA card
isn't supported anymore and we needed to switch to virtio (qxl didn't
work either). However, as it turned out "-vga virtio" (28b8cff301)
broke the test on AArch64. Luckily there's a third option that works on
all three supported platforms: virtio-gpu-pci

According to [0] "This device lacks VGA compatibility mode but is
otherwise identical to the virtio vga device. UEFI firmware can handle
this, and if your guests has drivers too you can use this instead of
virtio-vga. This will reduce the attack surface (no complex VGA
emulation support) and reduce the memory footprint by 8 MB (no pci
memory bar for VGA compatibility). This device can be placed in a PCI
Express slot."
So in the end this seems like the ideal choice :)
See also [1].

[0]: https://www.kraxel.org/blog/2019/09/display-devices-in-qemu/#virtio-gpu-pci
[1]: https://patches.openembedded.org/patch/164351/
2021-05-27 21:29:54 +02:00
Michael Weiss abb9ea73f7
nixos/tests/{sway,cagebreak}: Disable on aarch64-linux
The tests timeout on AArch64 (e.g. [0] and [1]), likely because the QEMU
option "-vga virtio" isn't supported there (unfortunately I currently
lack access to an AArch64 system with NixOS to investigate).

This also affects the test for Cage but that one is already limited to
x86_64-linux.

[0]: https://hydra.nixos.org/build/144148809
[1]: https://hydra.nixos.org/build/144103034
2021-05-27 14:14:49 +02:00
Robert Hensing 5259d66b74 dockerTools: Allow omitting all store paths
Adds includeStorePaths, allowing the omission of the store paths.
You generally want to leave it on, but tooling may disable this
to insert the store paths more efficiently via other means, such
as bind mounting the host store.
2021-05-26 15:11:42 +02:00
Michael Raskin ab51a2dbd6
Merge pull request #123926 from pschyska/master
nixos/atop: Add defaultText to types.package options, Fix timing-related test failures.
2021-05-23 18:08:46 +00:00
Matt Christ 14bf8f109b fix brscan5 config generation
before this, the config utility was unable to locate the models folder
update tests to use a compatible model
2021-05-23 08:08:31 -05:00
Martin Weinelt d210ed99c4
nixos/tests/botamusique: init 2021-05-23 01:01:52 +02:00
Sandro 7be85b5090
Merge pull request #104420 from danielfullmer/syncoid-perm-fix 2021-05-22 17:57:56 +02:00
Paul Schyska e1a8e85631
nixos/atop: Wait for conditions
I had intermittent test failures due to timing issues.
This patch seems to have fixed them.
2021-05-22 14:11:45 +02:00
Martin Weinelt 71fb79ee6b
Merge pull request #123828 from Lassulus/solanum2
nixos/solanum: init
2021-05-21 23:23:01 +02:00
lassulus 48c16e48aa nixos/solanum: init 2021-05-21 23:06:38 +02:00
Matt Christ a9b7300f6f brscan5: init at 1.2.6-0 2021-05-21 12:59:30 -05:00
talyz 2d8a870813
keycloak.tests: Test HTTPS support 2021-05-21 13:09:43 +02:00
talyz dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.*
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
2021-05-21 13:09:32 +02:00
Jonas Chevalier 30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel
ghostunnel: init
2021-05-20 20:58:41 +02:00
Robert Hensing dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka 57acb6f9f7
Merge pull request #123598 from pschyska/master
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
2021-05-20 10:41:30 +02:00
Maximilian Bosch 3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
2021-05-19 14:08:46 -07:00
Sebastian Neubauer 68c618cba3
opensmtpd-filter-rspamd: init at 0.1.7 (#122823) 2021-05-19 22:37:49 +02:00
Paul Schyska 69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Michael Weiss c21dd33953
Merge pull request #123609 from berbiche/cagebreak-use-waylands-utils-in-test
nixos/tests/cagebreak: use wayland-info instead of wallutils
2021-05-19 14:50:55 +02:00
Michele Guerini Rocco 376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec
libreswan: 3.2 -> 4.4
2021-05-19 13:36:04 +02:00
Nicolas Berbiche 5e2cedfae3
nixos/tests/cagebreak: use wayland-info instead of wallutils
wayland-info from wayland-utils is already used in other Wayland
tests whereas wallutils' wayinfo is not.
2021-05-18 22:02:24 -04:00
Michael Weiss 1b114586e8
Merge pull request #123381 from primeos/nixos-tests-cagebreak
nixos/tests/cagebreak: Fix the test
2021-05-18 16:01:37 +02:00
Michael Raskin 02ba3238d2
Merge pull request #123053 from pschyska/master
atop, netatop, nixos/atop: improve packaging and options
2021-05-18 10:54:13 +00:00