3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

3908 commits

Author SHA1 Message Date
rnhmjoj 1bd7260adb
nixos/lock-kernel-modules: reorder before/after
Moving the service before multi-user.target (so the `hardened` test
continue to work the way it did before) can result in locking the kernel
too early. It's better to lock it a bit later and changing the test to
wait specifically for the disable-kernel-module-loading.service.
2021-09-19 12:06:00 +02:00
davidak dfa2dd95c2
Merge pull request from bobby285271/pantheon-team
treewide: switch from pantheon.maintainers to lib.teams.pantheon
2021-09-19 02:58:11 +02:00
Bobby Rong 0fd8cc3908
treewide: switch from pantheon.maintainers to lib.teams.pantheon 2021-09-18 23:07:00 +08:00
rnhmjoj b29c2f97c3
nixos/lib/qemu-flags: rename to qemu-common
The current name is misleading: it doesn't contain cli arguments,
but several constants and utility functions related to qemu.
This commit also removes the use of `with import ...` for clarity.
2021-09-18 16:58:16 +02:00
Jonas Heinrich 0dcac759f2 nixos/dokuwiki: Add support for Caddy web server 2021-09-18 23:09:21 +09:00
Raphael Megzari 62468d6ff7
Merge branch 'master' into staging-next 2021-09-18 22:46:18 +09:00
github-actions[bot] 7da057ad4e
Merge master into staging-next 2021-09-18 12:01:25 +00:00
Bobby Rong a66bcfe997
nixos/pantheon: fix test command for wingpanel 2021-09-18 19:33:40 +08:00
Aaron Andersen 4ec195a9c1
Merge pull request from illustris/spark3
Spark: init module
2021-09-18 07:28:19 -04:00
github-actions[bot] 263bdbdad4
Merge master into staging-next 2021-09-18 06:01:19 +00:00
Artturi e7b6d118f2
Merge pull request from chkno/user-activation-scripts
Run userActivationScripts at login
2021-09-18 05:25:06 +03:00
github-actions[bot] a21275cdae
Merge master into staging-next 2021-09-17 18:01:14 +00:00
illustris 13839b0022 nixos/spark: add test 2021-09-17 22:40:06 +05:30
Robert Hensing f023c47101
Merge pull request from i-do-cpp/add-disableInstallerTools-test
installers/tools: add test for system.disableInstallerTools option
2021-09-17 17:09:39 +02:00
Luke Granger-Brown 65b8408ce8 Merge remote-tracking branch 'upstream/staging' into staging-next 2021-09-17 12:18:44 +00:00
Jonas Heinrich 38431cf21c nixos/wordpress: caddy support 2021-09-17 19:12:21 +09:00
github-actions[bot] 2ad7b248e6
Merge staging-next into staging 2021-09-17 00:02:15 +00:00
Robert Hensing 70b9016e94
Merge pull request from mkenigs/rm-runInMachine
nixos/testing: remove unused function runInMachine
2021-09-16 20:04:35 +02:00
i-do-cpp 92139c2045 installers/tools: add test for system.disableInstallerTools option
This test ensures the installer tools are actually unavailable
with the option set to true.
2021-09-15 09:18:35 +02:00
github-actions[bot] 79a728d821
Merge staging-next into staging 2021-09-14 00:01:57 +00:00
Guillaume Girol 3592034595
Merge pull request from symphorien/nonogroup
Don't default to nogroup for the primary group of users.
2021-09-13 18:29:21 +00:00
github-actions[bot] 04e48fbe4f
Merge staging-next into staging 2021-09-13 18:01:51 +00:00
talyz d46e78fd76
nixos/parsedmarc: Add test 2021-09-13 13:57:11 +02:00
Florian Klink 8019c95b55
Merge pull request from andir/systemdv249
systemd v249
2021-09-13 09:39:49 +02:00
Andreas Rammhold 92442b1f99
nixos/tests/prometheus: wait for influxdb exporter before quering
Previously the influxdb exporter test was flaky as even after the
service has started there is still a race before the service is actually
listening and accepting connection on port 9122.

With this commit the test will wait for the port to be open before
proceeding.
2021-09-12 23:45:55 +02:00
Andreas Rammhold 72197a5c79
nixos/tests/herbstluftwm: fix timeout that was given in seconds
Hydra accepts timeouts as value of seconds after which the test is
terminated / considered failed. Using the value 30 here has the effect
that the test was terminate after 30 seconds. That time might be
sufficient for the test execution itself but it has another downside:

Jobs on hydra inherit the timeout of their parent. In this case all the
builds that are a dependency of the herbstluftwm test *must* finish
(each) within 30s. And since not all of the dependencies are cached in
the binary cache this could lead to an issue with pacakges that take
longer than 30s to build at the time when the herbstluftwm test is built
by hydra.

It is best to not set the timeout here and let hydra deal with it.  Our
default timeout for builds is two hours which is more than sufficient
for most builds and tests. If the test fails we will spent ~2h doing
something or nothing at worst but at least we wont kill the build just
because a dependency wasn't fullfilled already.
2021-09-12 23:45:55 +02:00
Andreas Rammhold 64556974b6
systemd: 247.6 -> 249.4
This updates systemd to version v249.4 from version v247.6.

Besides the many new features that can be found in the upstream
repository they also introduced a bunch of cleanup which ended up
requiring a few more patches on our side.

a) 0022-core-Handle-lookup-paths-being-symlinks.patch:
  The way symlinked units were handled was changed in such that the last
  name of a unit file within one of the unit directories
  (/run/systemd/system, /etc/systemd/system, ...) is used as the name
  for the unit. Unfortunately that code didn't take into account that
  the unit directories themselves could already be symlinks and thus
  caused all our units to be recognized slightly different.

  There is an upstream PR for this new patch:
    https://github.com/systemd/systemd/pull/20479

b) The way the APIVFS is setup has been changed in such a way that we
   now always have /run. This required a few changes to the
   confinement tests which did assert that they didn't exist. Instead of
   adding another patch we can just adopt the upstream behavior. An
   empty /run doesn't seem harmful.

   As part of this work I refactored the confinement test just a little
   bit to allow better debugging of test failures. Previously it would
   just fail at some point and it wasn't obvious which of the many
   commands failed or what the unexpected string was. This should now be
   more obvious.

c) Again related to the confinement tests the way a file was tested for
   being accessible was optimized. Previously systemd would in some
   situations open a file twice during that check. This was reduced to
   one operation but required the procfs to be mounted in a units
   namespace.

   An upstream bug was filed and fixed. We are now carrying the
   essential patch to fix that issue until it is backported to a new
   release (likely only version 250). The good part about this story is
   that upstream systemd now has a test case that looks very similar to
   one of our confinement tests. Hopefully that will lead to less
   friction in the long run.

   https://github.com/systemd/systemd/issues/20514
   https://github.com/systemd/systemd/pull/20515

d) Previously we could grep for dlopen( somewhat reliably but now
   upstream started using a wrapper around dlopen that is most of the
   time used with linebreaks. This makes using grep not ergonomic
   anymore.

   With this bump we are grepping for anything that looks like a
   dynamic library name (in contrast to a dlopen(3) call) and replace
   those instead. That seems more robust. Time will tell if this holds.

   I tried using coccinelle to patch all those call sites using its
   tooling but unfornately it does stumble upon the _cleanup_
   annotations that are very common in the systemd code.

e) We now have some machinery for libbpf support in our systemd build.
   That being said it doesn't actually work as generating some skeletons
   doesn't work just yet. It fails with the below error message and is
   disabled by default (in both minimal and the regular build).

   > FAILED: src/core/bpf/socket_bind/socket-bind.skel.h
   > /build/source/tools/build-bpf-skel.py --clang_exec /nix/store/x1bi2mkapk1m0zq2g02nr018qyjkdn7a-clang-wrapper-12.0.1/bin/clang --llvm_strip_exec /nix/store/zm0kqan9qc77x219yihmmisi9g3sg8ns-llvm-12.0.1/bin/llvm-strip --bpftool_exec /nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool --arch x86_64 ../src/core/bpf/socket_bind/socket-bind.bpf.c src/core/bpf/socket_bind/socket-bind.skel.h
   > libbpf: elf: socket_bind_bpf is not a valid eBPF object file
   > Error: failed to open BPF object file: BPF object format invalid
   > Traceback (most recent call last):
   >   File "/build/source/tools/build-bpf-skel.py", line 128, in <module>
   >     bpf_build(args)
   >   File "/build/source/tools/build-bpf-skel.py", line 92, in bpf_build
   >     gen_bpf_skeleton(bpftool_exec=args.bpftool_exec,
   >   File "/build/source/tools/build-bpf-skel.py", line 63, in gen_bpf_skeleton
   >     skel = subprocess.check_output(bpftool_args, universal_newlines=True)
   >   File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 424, in check_output
   >     return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
   >   File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 528, in run
   >     raise CalledProcessError(retcode, process.args,
   > subprocess.CalledProcessError: Command '['/nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool', 'g', 's', '../src/core/bpf/socket_bind/socket-bind.bpf.o']' returned non-zero exit status 255.
   > [102/1457] Compiling C object src/journal/libjournal-core.a.p/journald-server.c.oapture output)put)ut)
   > ninja: build stopped: subcommand failed.

  f) We do now have support for TPM2 based disk encryption in our
     systemd build. The actual bits and pieces to make use of that are
     missing but there are various ongoing efforts in that direction.
     There is also the story about systemd in our initrd to enable this
     being used for root volumes. None of this will yet work out of the
     box but we can start improving on that front.

  g) FIDO2 support was added systemd and consequently we can now use
     that. Just with TPM2 there hasn't been any integration work with
     NixOS and instead this just adds that capability to work on that.

Co-Authored-By: Jörg Thalheim <joerg@thalheim.io>
2021-09-12 23:45:49 +02:00
Maximilian Bosch 2444c11431
nixos/kernel: add 5.14 to kernel test-suite
I guess that this was just forgotten in  and I realized while
running these tests for the latest kernel updates.
2021-09-12 22:43:46 +02:00
Daniël de Kok 6f2ce2a65e treewide: remove danieldk as maintainer from a set of packages
I currently do not have much time to work on nixpkgs. Remove
myself as a maintainer from a bunch of packages to avoid that
people are waiting on me for a review.
2021-09-12 14:42:12 +00:00
Guillaume Girol 27f0f8965b nixos/tests/caddy.nix: fix eval 2021-09-12 14:59:30 +02:00
Guillaume Girol bc3bca822a nixos: define the primary group of users where needed 2021-09-12 14:59:30 +02:00
Janne Heß e8388f8574
nixos/switch-to-configuration: Allow activation scripts to restart units
The primary use case is tools like sops-nix and agenix to restart units
when secrets change. There's probably other reasons to restart units as
well and a nice thing to have in general.
2021-09-09 13:11:52 +02:00
Pavol Rusnak 9ceefd7e37
Merge pull request from bricewge/master
maintainers: remove bricewge
2021-09-08 20:15:52 +02:00
Matthew Kenigsberg b00d2a8f3e
nixos/testing: remove unused function runInMachine
runInMachine and runInMachineWithX are not used for any tests and can be
removed
2021-09-08 06:25:20 -05:00
Brice Waegeneire a49177e0ce maintainers: remove bricewge
So long, and thanks for all the fish!
2021-09-08 11:56:00 +02:00
Janne Heß a851b4d20e
nixos/users-groups: Add dry mode 2021-09-07 10:30:42 +02:00
Michele Guerini Rocco 052009bf2b
Merge pull request from johnjameswhitman/johnjameswhitman/fix-wlan-sub-interfaces
nixos/tasks/network-interfaces: Assign mac to new wlan interface instead of underlying one
2021-09-02 09:37:04 +02:00
John Whitman 8d3527aa88 nixos/network-interfaces: Fix wlan interface mac 2021-09-01 21:46:26 -04:00
Nick Cao 83b48cc589
caddy: build with default go and fix tests 2021-09-01 15:15:50 +08:00
happysalada f091420c1d rabbitmq: add option to enable management plugin 2021-08-30 18:43:09 +09:00
Aaron Andersen 515ad99467
Merge pull request from aanderse/nixos/nzbget
nixos/nzbget: add settings option
2021-08-29 12:25:37 -04:00
Maximilian Bosch 6f8cfa08fe
Merge pull request from Ma27/nextcloud-tableprefix
nixos/nextcloud: remove invalid `--database-table-prefix` option
2021-08-29 00:00:25 +02:00
Andreas Rammhold 137147c826
Merge pull request from em0lar/paperless-ng-fix-web-file-upload
nixos/paperless-ng: fix web file upload
2021-08-28 12:50:34 +02:00
Leo Maroni 2148272432
nixos/paperless-ng: fix web file upload 2021-08-28 12:22:52 +02:00
Sandro a5237b5614
Merge pull request from Ma27/ma27-unmaintain
treewide: remove ma27 from the maintainer-list of a few packages
2021-08-28 01:46:03 +02:00
Maximilian Bosch 3da886bf41
treewide: remove ma27 from the maintainer-list of a few packages
These are all packages that I stopped using and hence just create noise
in my inbox for each change affecting them and let's face it, while I
still enjoy contributing to nixpkgs, it doesn't really make sense to be
listed there if I can't do much anyways.

Each of these packages can be taken over by someone or removed if
people think that's reasonable.

Of course, if other maintainers face issues, I can answer some questions
if needed & possible.
2021-08-27 22:28:49 +02:00
Maximilian Bosch eaeb4fe04e
nixos/nextcloud: remove invalid --database-table-prefix option
This doesn't work anymore and thus breaks the installation leaving a
broken `/var/lib/nextcloud`.

It isn't a big deal since we set this value in the override config
before, so the correct table-prefix is still used. In order to confirm
that, I decided to add a custom prefix to the basic test.
2021-08-27 20:21:25 +02:00
talyz 99387372d5
gitlab: 14.1.2 -> 14.2.1 2021-08-26 19:01:22 +02:00
Robin Gloster 0eafc74d50
postfixadmin: init at 3.3.9 2021-08-24 23:46:06 +02:00
Maximilian Bosch 23e1e165cd
Merge pull request from mguentner/matrix-synapse-modern-twisted
matrix-synapse: add e-mail delivery regression test
2021-08-23 23:19:10 +02:00
Kevin Cox c3df8057da
Merge pull request from Atemu/automatic-kernelTests
kernel/generic: add kernelTests automatically
2021-08-23 18:23:32 +00:00
Atemu a3f6ff6d48 nixosTests.kernel-generic: add myself as maintainer 2021-08-23 19:57:49 +02:00
Atemu 457653d99c nixosTests.kernel-generic: expose test-making functions
Changed the name to be clearer, 'makeKernelTest' could imply that it wants a
kernel pkg as its arg while it actually needs a set of linuxPackages.
2021-08-23 19:57:49 +02:00
Atemu 2b52f2b762 nixosTests.kernel-generic: simplify 2021-08-23 19:57:46 +02:00
Jörg Thalheim b7802cf399
Merge pull request from scvalex/improve-kubernetes-tests
kubernetes: fix flaky test and run tests as group
2021-08-22 19:25:50 +01:00
Maximilian Güntner 076074a8b4
nixos/tests/matrix-synapse: add email regression test case
twisted is used in matrix-synapse for smtp handling.
Mostly this is used for password resets, but also notifications
are delivered that way.

older versions of twisted require the e-mail server to
have TLS1.0 enabled.

Obviously, quite a lot of servers have this disabled which means
synapse won't be able to deliver mails using such servers.

matrix-synapse issue:

https://github.com/matrix-org/synapse/issues/6211
2021-08-22 16:47:25 +02:00
lewo 79e5ee0c76
Merge pull request from nlewo/kdb-update
nixos/tests/kbd-update-search-paths: explicitly import re
2021-08-22 16:04:35 +02:00
Van Tuan Vo c8e3441961
nixos/fluidd: init fluidd service at 1.16.2 2021-08-21 23:32:52 +02:00
Antoine Eiche 07f85e36e9 nixos/tests/kbd-update-search-paths: explicitly import re 2021-08-21 18:56:03 +02:00
Jacek Galowicz 6a29f7f504
Merge pull request from blaggacao/fix-125992-2
fix 125992 2
2021-08-20 22:06:53 +02:00
Sandro d4eb822028
Merge pull request from c0deaddict/feature/nats-service
nixos/nats: init
2021-08-20 22:00:59 +02:00
David Arnold bd2cfa771e
nixos/test: some test fixes in succession of 2021-08-20 14:36:52 -05:00
David Arnold c1fcae3e88
nixos/test: some test fixes in succession of 2021-08-20 14:36:48 -05:00
David Arnold 2832896c5b
nixos/test: some test fixes in succession of 2021-08-20 13:38:22 -05:00
happysalada abeef13d12 caddy: add virtualHosts stub 2021-08-20 12:21:19 +09:00
Sandro 6cbfbcda92
Merge pull request from fgaz/shattered-pixel-dungeon/1.0.0
shattered-pixel-dungeon: 0.9.3 -> 1.0.0
2021-08-19 21:37:45 +02:00
Jean-Paul Calderone 808125fff6
deluge-1_x: Remove older version of Deluge ()
Deluge 1.x requires Python 2 which upstream has end-of-lifed.  Deluge depends
on pythonPackages.twisted, Python 2 support for which upstream has
nowdropped.  If pythonPackages.twisted is upgraded then Deluge 1.x breaks.
So, remove it instead of leaving it broken.

Deluge 2.x (deluge-2_x) is available and continues to work.
2021-08-19 09:18:18 +02:00
Jos van Bakel 1002ce25a0
nixos/nats: init 2021-08-18 20:18:08 +02:00
Andreas Rammhold ae61a14242
Merge pull request from Flakebi/paperless
paperless-ng: init at 1.4.5
2021-08-18 14:39:03 +02:00
Kim Lindberger 7f857f1c32
Merge pull request from talyz/discourse-2.7.7
discourse: 2.7.5 -> 2.7.7, plugin updates and fixes
2021-08-17 22:56:55 +02:00
Francesco Gazzetta ea300d1e2d shattered-pixel-dungeon: 0.9.3 -> 1.0.0 2021-08-17 22:40:48 +02:00
nyanloutre c9fc751673 nixos/navidrome: init module and test
Co-authored-by: aciceri <andrea.ciceri@autistici.org>
Co-authored-by: nyanloutre <paul@nyanlout.re>
2021-08-17 10:32:25 -07:00
talyz 6fd5a40cca
discourse.tests: Test the appropriate discourse package
Perform the tests on the package that the `tests` attribute is a child
of, i.e. if `discourseAllPlugins.tests` is built, the tests will run
with the `discourseAllPlugins` package, not the `discourse` package as
previously.
2021-08-17 18:20:55 +02:00
Aaron Andersen 0798ed1abf nixos/nzbget: add settings option 2021-08-17 09:19:22 -04:00
Maximilian Bosch a5341beb78
linux: drop *_latest_hardened-attributes in favor of versioned attributes
The problem behind this is that the hardened patchset[1]. Quite recently
this led to a weird problem when Linux 5.12 was dropped (and thus had to
be removed from `nixpkgs`), there were no patches for 5.13, so
`linuxPackages_hardened_latest` had to be downgraded to 5.10 as base[2]
which may be rather unintuitive and unexpected.

To avoid these kind of "silent downgrades" in the future, it makes sense
to drop the attribute entirely. If somebody wants to use a hardened
kernel, it's better to explicitly pin it using the newly introduced
versioned attributes, e.g. `linuxPackages_4_14_hardened`.

[1] https://github.com/anthraxx/linux-hardened/
[2] https://github.com/NixOS/nixpkgs/pull/133587
2021-08-16 20:45:58 +02:00
Robert Scott 23485f23ff
Merge pull request from risicle/ris-graphene-hardened-malloc-8
graphene-hardened-malloc: 2 -> 8, overhaul tests
2021-08-16 19:04:18 +01:00
Alexandru Scvortov 8afd31c625 kubernetes: fix flaky test and run tests as group 2021-08-16 14:59:58 +01:00
Stig 7d5b6f0fa2
Merge pull request from stigtsp/package/perl-mod_perl2-2.0.11-patch1
perlPackages.mod_perl2: fix build on perl-5.34.0, add nixos test
2021-08-16 12:20:59 +02:00
Maximilian Bosch e55554491d
Merge pull request from TredwellGit/linux_5_12
linux_5_12: remove
2021-08-16 11:08:42 +02:00
Robert Hensing fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
Robert Scott dca4f32819 graphene-hardened-malloc: 2 -> 8
significantly overhaul tests to cover build-time-linking and
LD_PRELOAD use, simplifying the hardened nixos test to allow
it to reuse this test setup.
2021-08-14 11:52:11 +01:00
Andreas Rammhold 6e1421013a
paperless: remove package & module as it has been superseded by paperless-ng
The paperless project has moved on to paperless-ng and the original
paperless package in Nixpkgs has stopped working recently (due to
version incompatibility with the providede Django package).

Instead of investing more time into the old module we should migrate all
users to the new module instead.
2021-08-14 10:10:44 +02:00
Flakebi 95f2dc650d
paperless-ng: init at 1.4.5 2021-08-14 10:10:43 +02:00
Stig Palmquist 5e13c58f78 nixos/mod_perl: add test 2021-08-13 21:03:15 +02:00
Erik Arvstedt 781ab443c2
nixos/doas: fix recursive calls to doas
Previously, for processes launched by doas the unwrapped doas binary preceded the
setuid-wrapped doas binary in PATH.

This caused error `doas: not installed setuid` when running doas from
processes launched by doas.

doas seems to short-circuit the PATH lookup when called like
`doas -u myuser doas -u myuser ...` so the error doesn't appear in this case.
2021-08-12 14:40:22 +02:00
TredwellGit 957f0485da linux_5_12: remove
https://lwn.net/ml/linux-kernel/1626791065147152@kroah.com/
2021-08-12 05:30:46 +00:00
DavHau df0f76b39f cryptpad: add test for nixos module 2021-08-11 11:04:39 +09:00
Vladimír Čunát c0097aa84a
nixos/tests: unbreak the tested job
I expect it suffices that the channel only blocks on one firefox ESR
test - the one for the default ESR.  I didn't want to have the
information about the default in two places, so either of the tests will
be evaluated twice (but to the same *.drv I hope).
2021-08-10 16:15:57 +02:00
Benjamin Asbach 86296623c6 isso: added NixOS module to configure isso in NixOS 2021-08-09 17:42:54 -06:00
Benjamin Asbach c1a7bbc38f isso: added a test to verify that the server is able to start and a generated javascript file is available 2021-08-09 17:41:35 -06:00
Martin Weinelt afb0e73ebc firefox-esr-91: init at 91.0esr 2021-08-10 07:43:50 +09:00
Félix Baylac-Jacqué 7b554c9477 nixosTests.pleroma: increase server memory size
The server VM machine is sometimes OOMing, making the test flaky.
Increasing the memory size to 512MB fixes the issue.
2021-08-09 21:30:42 +02:00
Félix Baylac-Jacqué 885ab9286e nixosTests.pleroma: increase certificate validity duration
Analogous to 6325d15e90.

The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.
2021-08-09 21:30:42 +02:00
Doron Behar 3d72b0b6b0
Merge pull request from sorki/tests/cntr 2021-08-09 05:40:37 +00:00
Martin Weinelt b00dd3ac1f
nixos/tests/prometheus-exporters/kea: drop enable option
There is no generic services.kea.enable option. Instead kea consists of
four daemons (dhcp4, dhcp6, ddns, ctrlagent) that can be enabled
individually. In this test we're just looking at dhcp6.
2021-08-09 01:49:54 +02:00
David Terry c1186b572f
maintainers: xwvvvvwx -> d-xo 2021-08-08 19:11:45 +02:00
Guillaume Girol 25b4e3c741
Merge pull request from erdnaxe/nitter-hardening
nixos/nitter: systemd unit hardening
2021-08-08 14:33:23 +00:00
Martin Weinelt f49b03c40b
Merge pull request from mweinelt/acme-hardening 2021-08-08 15:50:24 +02:00
Alexandre Iooss 2e8e8f2c92
nixos/nitter: test with CAP_NET_BIND_SERVICE 2021-08-08 15:29:33 +02:00
Félix Baylac-Jacqué 6325d15e90
nixosTests.prosody: extend- self-signed cert expiration date
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.

See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
2021-08-06 23:46:17 +02:00
Maximilian Bosch 67a5d63b33
Merge pull request from maxeaubrey/traefik_2.4.12
traefik: 2.4.8 -> 2.4.13
2021-08-06 18:55:07 +02:00
Michael Weiss c4c087da21
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:26:59 +02:00
Robert Hensing c5373ce006
Merge pull request from rycee/postgresql-backup-compression
nixos postgresql-backup: add `compression` option
2021-08-05 13:20:40 +02:00
Benjamin Smith 45c4b6b9e4
Apache Kafka: add 2.7.1 and 2.8.0 () 2021-08-05 13:01:59 +02:00
Robert Helgesson bcc7a902d5
nixos postgresql-backup: add compression option
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
2021-08-05 00:42:16 +02:00
Maxine Aubrey 34add8ca59
nixos/traefik: wait for first success
possible fix for 
2021-08-04 23:55:56 +02:00
Guillaume Girol 2eb2a255b9
Merge pull request from erdnaxe/nitter
nitter: init at unstable-2021-07-18
2021-08-04 20:25:22 +00:00
Florian Klink 50e3b159e3
Merge pull request from yu-re-ka/feature/gitlab-14-1-1
gitlab: 14.1.0 -> 14.1.1
2021-08-03 00:13:52 +02:00
Robert Hensing 48ea8eb813
Merge pull request from turion/dev_rabbitmq-server_1.8_1.9
rabbitmq-server: 3.8.9 -> 3.9.1
2021-08-02 22:08:30 +02:00
Yureka 6b021012c5 nixos/tests/gitlab: disable gitlab-pages tests 2021-08-02 18:04:54 +02:00
Manuel Bärenz b0f33d7c2e rabbitmq-server: 3.8.9 -> 3.9.1 2021-08-02 16:19:30 +02:00
Ben Siraphob c8a731593b
Merge pull request from fabaff/libreddit
libreddit: init at 0.10.1
2021-08-02 17:05:00 +07:00
Benjamin Asbach f22a7ae1a8
soapui: 5.5.0 -> 5.6.0 ()
Co-authored-by: Benjamin Asbach <asbachb@users.noreply.github.com>
2021-08-01 20:11:12 +02:00
Ben Siraphob 44db812a14
Merge pull request from Zopieux/simple-mpv-webui
mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
2021-08-01 12:10:12 +07:00
Aaron Andersen 404cd360c2
Merge pull request from jwygoda/litestream-service
nixos/litestream: init
2021-07-31 22:58:48 -04:00
Aaron Andersen 099015b2ed
Merge pull request from MatthewCroughan/node-red-service
nixos/node-red: add module
2021-07-31 22:57:26 -04:00
Alexandre Macabies c9e991bd64 mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
This also adds a test. The current packaged version (1.0.0) is broken,
it cannot find relevant files.
2021-08-01 00:47:55 +02:00
Jarosław Wygoda 1dcfd1e329 nixos/litestream: init 2021-07-30 17:41:54 +02:00
Alexandre Iooss 534dbcb28f
nixos/nitter: init module and test 2021-07-30 15:19:49 +02:00
Lassulus 729042fae8
Merge pull request from ncfavier/syncthing-collapse-declarative
nixos/syncthing: move declarative options to the top level
2021-07-29 15:42:33 +02:00
github-actions[bot] 6fcda9f1ec
Merge master into staging-next 2021-07-28 18:01:16 +00:00
Franz Pletz 8f40f574f8
Merge pull request from mweinelt/influxdb-exporter
prometheus-influxdb-exporter: init at 0.8.0
2021-07-28 19:47:06 +02:00
matthewcroughan b9c9d52aec nixos/node-red: add test 2021-07-28 17:32:45 +01:00
github-actions[bot] a1d3be1d42
Merge master into staging-next 2021-07-28 12:01:16 +00:00
Naïm Favier e9b01c5c8e
nixos/syncthing: move declarative options to the top level 2021-07-28 11:30:30 +02:00
Naïm Favier 6416b3a941
nixos/syncthing: add declarative.extraOptions
Allows setting arbitrary config options through the REST API.

Also switches to the [new](https://docs.syncthing.net/rest/config.html)
config endpoints.
2021-07-28 10:56:06 +02:00
Martin Weinelt f77710c6ba nixos/tests/prometheus-exporters/influxdb: init 2021-07-26 16:00:01 +02:00
Frederik Rietdijk 18347a1caf Merge master into staging-next 2021-07-26 12:40:04 +02:00
Elis Hirwing 699ea65439
Merge pull request from etu/sanoid-syncoid-improvements
nixos/{syncoid,sanoid}: Improve ZFS permission delegation
2021-07-26 11:40:51 +02:00
Elis Hirwing 764e4acee1
nixos/tests/sanoid: Improve tests by checking that no permissions are left behind 2021-07-26 11:05:52 +02:00
Frederik Rietdijk 62370fb59a Merge remote-tracking branch 'upstream/master' into staging-next 2021-07-26 09:19:44 +02:00
Michael Weiss 4ec2b24603
nixos/tests/chromium: Drop the workaround for Chrome GPU crashes
This regression was fixed by 51d83077ff.
2021-07-25 12:39:45 +02:00
Michael Weiss 7b3c054514
nixos/tests/chromium: Check the version and that it's an official build
This also prints and screenshots the output of chrome://version which
contains useful information.

Outputs (stable, beta, ungoogled, chrome-stable, chrome-beta, chrome-dev):
Chromium	92.0.4515.107 (Official Build) (64-bit)
Chromium        92.0.4515.107 (Official Build) (64-bit)
Chromium        91.0.4472.164 (Official Build, ungoogled-chromium) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) beta (64-bit)
Google Chrome   93.0.4577.8 (Official Build) dev (64-bit)
2021-07-25 12:35:21 +02:00
github-actions[bot] a37fbac53b
Merge master into staging-next 2021-07-25 00:01:35 +00:00
Elis Hirwing 6984e68c51
Merge pull request from ju1m/syncoid-split
nixos/syncoid: split in multiple systemd services and harden them
2021-07-24 22:08:42 +02:00
Julien Moutinho d05a1ab1e4 nixos/syncoid: split in multiple systemd services 2021-07-24 11:26:28 +02:00
github-actions[bot] cb1426e30a
Merge staging-next into staging 2021-07-23 18:01:46 +00:00
Sandro 42c7bd28e3
Merge pull request from Ma27/bump-grocy
grocy: 3.0.1 -> 3.1.0
2021-07-23 17:53:35 +02:00
Benjamin Asbach 9fd41a9a5b
tuxguitar: 125945 ()
* tuxguitar: Ensure that tuxguitar is launched with java 8 comtabilbe jre and libraries as greate java version is not supported

* tuxguitar: Added test to verify application starts without problems

* tuxguitar: 1.5.2 -> 1.5.4
2021-07-23 10:02:20 -04:00
github-actions[bot] 3bc17773a5
Merge staging-next into staging 2021-07-23 12:02:01 +00:00
Maximilian Bosch 07b51f58df
grocy: 3.0.1 -> 3.1.0
ChangeLog: https://github.com/grocy/grocy/releases/tag/v3.1.0
2021-07-23 11:45:31 +02:00
Michael Weiss 11400dcd65
chromium: Check the text rendering
This should catch regressions like  in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
2021-07-23 10:15:25 +02:00
Michele Guerini Rocco 75c433e911
Merge pull request from zanculmarktum/fix/kbd-search-paths
kbd: update search-paths.patch
2021-07-23 08:14:53 +02:00
Michael Weiss 97570d30c7
chromium: 91.0.4472.164 -> 92.0.4515.107
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html

This update includes 35 security fixes.

CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589

Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
2021-07-21 11:20:38 +02:00
Maximilian Bosch 72d1d4cb20
Merge pull request from mayflower/tigervnc-tests-and-no-proprietary-fonts
Tigervnc tests and no proprietary fonts
2021-07-20 17:00:09 +02:00
Ingo Blechschmidt 5143ab9f74 tigervnc, tightvnc: add basic tests
Co-Authored-By: Ingo Blechschmidt <iblech@web.de>
2021-07-20 15:22:31 +02:00
Azure Zanculmarktum 88fbddc149 nixos/tests: add kbd-update-search-paths-patch 2021-07-20 03:30:59 +07:00
Elis Hirwing f8b6ba005e
nixos/tests: Init hockeypuck tests 2021-07-19 07:33:03 +02:00
Jörg Thalheim 0839cf1d45
Merge pull request from Mic92/nix-serve
nixos/nix-serve: don't run as nogroup
2021-07-18 07:53:32 +01:00
Jörg Thalheim ac7b8724b5 nixos/nix-serve: don't run as nogroup
nogroup is insecure if shared
2021-07-18 08:51:17 +02:00