mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-03-21 11:33:24 +00:00
Code Issues Wiki Activity

Merge commit 'afa48f16f265fd3e88073bca7929e1e103bd3dc3' into bash-no-undef-vars

Browse source
This commit is contained in:
John Ericson 2019-11-08 13:58:27 -05:00
parent 784c3dc0f9 afa48f16f2
commit f7fdc997bf
601 changed files with 11226 additions and 5414 deletions
doc/languages-frameworks
rust.section.md
lib
modules.nix
systems
default.nixparse.nix
maintainers
maintainer-list.nix
nixos
doc/manual
development
running-nixos-tests-interactively.xmlwriting-nixos-tests.xml
man-nixos-option.xml
release-notes
rl-2003.xml
lib
test-driver
test-driver.py
testing-python.nix
modules
config
shells-environment.nix
hardware
brillo.nix
video
displaylink.nix
installer/tools
nixos-option.sh
nixos-option
CMakeLists.txtdefault.nixlibnix-copy-paste.cclibnix-copy-paste.hhnixos-option.cc
tools.nix
module-list.nix
programs
gnupg.nixssh.nixx2goserver.nix
security
pam_mount.nix
services
admin
oxidized.nix
audio
jack.nixmpd.nix
backup
automysqlbackup.nix
continuous-integration
buildkite-agent.nix
databases
redis.nixrethinkdb.nix
editors
infinoted.nix
hardware
trezord.nixusbmuxd.nixvdr.nix
mail
mailhog.nix
misc
airsonic.nixdocker-registry.nixerrbot.nixgitea.nixgollum.nixjellyfin.nixmatrix-synapse.nixosrm.nix
monitoring
collectd.nixfusion-inventory.nixnetdata.nixzabbix-agent.nix
networking
bitcoind.nixdnscache.nixdnscrypt-wrapper.nixhans.nixjormungandr.nixmatterbridge.nixmorty.nixnat.nix
nghttpx
default.nix
owamp.nixthelounge.nixtinydns.nixtrickster.nix
scheduling
marathon.nix
security
bitwarden_rs
default.nix
oauth2_proxy.nixvault.nix
torrent
magnetico.nix
web-apps
codimd.nixfrab.nixlimesurvey.nixmediawiki.nixmoinmoin.nixmoodle.nixnexus.nixtrac.nixvirtlyst.nixwordpress.nix
web-servers
hitch
default.nix
traefik.nix
unit
default.nix
x11/hardware
digimend.nixlibinput.nix
virtualisation
amazon-image.nixqemu-vm.nix
tests
acme.nixall-tests.nixammonite.nixatd.nixautomysqlbackup.nixavahi.nixbabeld.nixbcachefs.nixbeanstalkd.nixbind.nixbittorrent.nixboot-stage1.nixboot.nixborgbackup.nixceph-multi-node.nix
Show more

11
doc/languages-frameworks/rust.section.md
View file

@ -68,6 +68,17 @@ build-time.
When `verifyCargoDeps` is set to `true`, the build will also verify that the
`cargoSha256` is not out of date by comparing the `Cargo.lock` file in both the `cargoDeps` and `src`. Note that this option changes the value of `cargoSha256` since it also copies the `Cargo.lock` in it. To avoid breaking backward-compatibility this option is not enabled by default but hopefully will be in the future.
### Building a crate for a different target
To build your crate with a different cargo `--target` simply specify the `target` attribute:
```nix
pkgs.rustPlatform.buildRustPackage {
(...)
target = "x86_64-fortanix-unknown-sgx";
}
```
## Compiling Rust crates using Nix instead of Cargo
### Simple operation

2
lib/modules.nix
View file

@ -326,6 +326,8 @@ rec {
# The value with a check that it is defined
valueDefined = if res.isDefined then res.mergedValue else
# (nixos-option detects this specific error message and gives it special
# handling. If changed here, please change it there too.)
throw "The option `${showOption loc}' is used but not defined.";
# Apply the 'apply' function to the merged value. This allows options to

1
lib/systems/default.nix
View file

@ -79,6 +79,7 @@ rec {
else if final.isAarch64 then "arm64"
else if final.isx86_32 then "x86"
else if final.isx86_64 then "ia64"
else if final.isMips then "mips"
else final.parsed.cpu.name;
qemuArch =

1
lib/systems/parse.nix
View file

@ -327,6 +327,7 @@ rec {
}
];
};
gnuabi64 = { abi = "64"; };
musleabi = { float = "soft"; };
musleabihf = { float = "hard"; };

40
maintainers/maintainer-list.nix
View file

@ -1194,6 +1194,12 @@
githubId = 30435868;
name = "Okina Matara";
};
chkno = {
email = "chuck@intelligence.org";
github = "chkno";
githubId = 1118859;
name = "Scott Worley";
};
choochootrain = {
email = "hurshal@imap.cc";
github = "choochootrain";
@ -1563,6 +1569,12 @@
githubId = 14032;
name = "Daniel Brockman";
};
dduan = {
email = "daniel@duan.ca";
github = "dduan";
githubId = 75067;
name = "Daniel Duan";
};
deepfire = {
email = "_deepfire@feelingofgreen.ru";
github = "deepfire";
@ -2030,6 +2042,12 @@
github = "ericnorris";
githubId = 1906605;
};
Enteee = {
email = "nix@duckpond.ch";
github = "Enteee";
githubid = 5493775;
name = "Ente";
};
enzime = {
email = "enzime@users.noreply.github.com";
github = "enzime";
@ -5117,6 +5135,16 @@
githubId = 1179566;
name = "Nicolas B. Pierron";
};
pingiun = {
email = "nixos@pingiun.com";
github = "pingiun";
githubId = 1576660;
name = "Jelle Besseling";
keys = [{
longkeyid = "rsa4096/0x9712452E8BE3372E";
fingerprint = "A3A3 65AE 16ED A7A0 C29C 88F1 9712 452E 8BE3 372E";
}];
};
piotr = {
email = "ppietrasa@gmail.com";
name = "Piotr Pietraszkiewicz";
@ -6340,6 +6368,12 @@
githubId = 120188;
name = "Scott W. Dunlop";
};
sweber = {
email = "sweber2342+nixpkgs@gmail.com";
github = "sweber83";
githubId = 19905904;
name = "Simon Weber";
};
swflint = {
email = "swflint@flintfam.org";
github = "swflint";
@ -7059,6 +7093,12 @@
email = "kirill.wedens@gmail.com";
name = "wedens";
};
WhittlesJr = {
email = "alex.joseph.whitt@gmail.com";
github = "WhittlesJr";
githubId = 19174984;
name = "Alex Whitt";
};
willibutz = {
email = "willibutz@posteo.de";
github = "willibutz";

12
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View file

@ -14,14 +14,14 @@
starting VDE switch for network 1
<prompt>&gt;</prompt>
</screen>
You can then take any Perl statement, e.g.
You can then take any Python statement, e.g.
<screen>
<prompt>&gt;</prompt> startAll
<prompt>&gt;</prompt> testScript
<prompt>&gt;</prompt> $machine->succeed("touch /tmp/foo")
<prompt>&gt;</prompt> print($machine->succeed("pwd")) # Show stdout of command
<prompt>&gt;</prompt> start_all()
<prompt>&gt;</prompt> test_script()
<prompt>&gt;</prompt> machine.succeed("touch /tmp/foo")
<prompt>&gt;</prompt> print(machine.succeed("pwd")) # Show stdout of command
</screen>
The function <command>testScript</command> executes the entire test script
The function <command>test_script</command> executes the entire test script
and drops you back into the test driver command line upon its completion.
This allows you to inspect the state of the VMs after the test (e.g. to debug
the test script).

87
nixos/doc/manual/development/writing-nixos-tests.xml
View file

@ -8,7 +8,7 @@
<para>
A NixOS test is a Nix expression that has the following structure:
<programlisting>
import ./make-test.nix {
import ./make-test-python.nix {
# Either the configuration of a single machine:
machine =
@ -27,11 +27,11 @@ import ./make-test.nix {
testScript =
''
<replaceable>Perl code…</replaceable>
<replaceable>Python code…</replaceable>
'';
}
</programlisting>
The attribute <literal>testScript</literal> is a bit of Perl code that
The attribute <literal>testScript</literal> is a bit of Python code that
executes the test (described below). During the test, it will start one or
more virtual machines, the configuration of which is described by the
attribute <literal>machine</literal> (if you need only one machine in your
@ -96,26 +96,27 @@ xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualis
</para>
<para>
The test script is a sequence of Perl statements that perform various
The test script is a sequence of Python statements that perform various
actions, such as starting VMs, executing commands in the VMs, and so on. Each
virtual machine is represented as an object stored in the variable
<literal>$<replaceable>name</replaceable></literal>, where
<replaceable>name</replaceable> is the identifier of the machine (which is
just <literal>machine</literal> if you didnt specify multiple machines
using the <literal>nodes</literal> attribute). For instance, the following
starts the machine, waits until it has finished booting, then executes a
command and checks that the output is more-or-less correct:
<literal><replaceable>name</replaceable></literal> if this is also the
identifier of the machine in the declarative config.
If you didn't specify multiple machines using the <literal>nodes</literal>
attribute, it is just <literal>machine</literal>.
The following example starts the machine, waits until it has finished booting,
then executes a command and checks that the output is more-or-less correct:
<programlisting>
$machine->start;
$machine->waitForUnit("default.target");
$machine->succeed("uname") =~ /Linux/ or die;
machine.start()
machine.wait_for_unit("default.target")
if not "Linux" in machine.succeed("uname"):
raise Exception("Wrong OS")
</programlisting>
The first line is actually unnecessary; machines are implicitly started when
you first execute an action on them (such as <literal>waitForUnit</literal>
you first execute an action on them (such as <literal>wait_for_unit</literal>
or <literal>succeed</literal>). If you have multiple machines, you can speed
up the test by starting them in parallel:
<programlisting>
startAll;
start_all()
</programlisting>
</para>
@ -187,7 +188,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>getScreenText</methodname>
<methodname>get_screen_text</methodname>
</term>
<listitem>
<para>
@ -204,7 +205,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>sendMonitorCommand</methodname>
<methodname>send_monitor_command</methodname>
</term>
<listitem>
<para>
@ -215,23 +216,23 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>sendKeys</methodname>
<methodname>send_keys</methodname>
</term>
<listitem>
<para>
Simulate pressing keys on the virtual keyboard, e.g.,
<literal>sendKeys("ctrl-alt-delete")</literal>.
<literal>send_keys("ctrl-alt-delete")</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<methodname>sendChars</methodname>
<methodname>send_chars</methodname>
</term>
<listitem>
<para>
Simulate typing a sequence of characters on the virtual keyboard, e.g.,
<literal>sendKeys("foobar\n")</literal> will type the string
<literal>send_keys("foobar\n")</literal> will type the string
<literal>foobar</literal> followed by the Enter key.
</para>
</listitem>
@ -272,7 +273,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitUntilSucceeds</methodname>
<methodname>wait_until_succeeds</methodname>
</term>
<listitem>
<para>
@ -282,7 +283,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitUntilFails</methodname>
<methodname>wait_until_fails</methodname>
</term>
<listitem>
<para>
@ -292,7 +293,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForUnit</methodname>
<methodname>wait_for_unit</methodname>
</term>
<listitem>
<para>
@ -302,7 +303,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForFile</methodname>
<methodname>wait_for_file</methodname>
</term>
<listitem>
<para>
@ -312,7 +313,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForOpenPort</methodname>
<methodname>wait_for_open_port</methodname>
</term>
<listitem>
<para>
@ -323,7 +324,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForClosedPort</methodname>
<methodname>wait_for_closed_port</methodname>
</term>
<listitem>
<para>
@ -333,7 +334,7 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForX</methodname>
<methodname>wait_for_x</methodname>
</term>
<listitem>
<para>
@ -343,13 +344,13 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForText</methodname>
<methodname>wait_for_text</methodname>
</term>
<listitem>
<para>
Wait until the supplied regular expressions matches the textual contents
of the screen by using optical character recognition (see
<methodname>getScreenText</methodname>).
<methodname>get_screen_text</methodname>).
</para>
<note>
<para>
@ -361,23 +362,23 @@ startAll;
</varlistentry>
<varlistentry>
<term>
<methodname>waitForWindow</methodname>
<methodname>wait_for_window</methodname>
</term>
<listitem>
<para>
Wait until an X11 window has appeared whose name matches the given
regular expression, e.g., <literal>waitForWindow(qr/Terminal/)</literal>.
regular expression, e.g., <literal>wait_for_window("Terminal")</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<methodname>copyFileFromHost</methodname>
<methodname>copy_file_from_host</methodname>
</term>
<listitem>
<para>
Copies a file from host to machine, e.g.,
<literal>copyFileFromHost("myfile", "/etc/my/important/file")</literal>.
<literal>copy_file_from_host("myfile", "/etc/my/important/file")</literal>.
</para>
<para>
The first argument is the file on the host. The file needs to be
@ -397,8 +398,8 @@ startAll;
</para>
<para>
<programlisting>
$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager`
$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
machine.systemctl("list-jobs --no-pager") # runs `systemctl list-jobs --no-pager`
machine.systemctl("list-jobs --no-pager", "any-user") # spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
</programlisting>
</para>
</listitem>
@ -408,14 +409,14 @@ $machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `
<para>
To test user units declared by <literal>systemd.user.services</literal> the
optional <literal>$user</literal> argument can be used:
optional <literal>user</literal> argument can be used:
<programlisting>
$machine->start;
$machine->waitForX;
$machine->waitForUnit("xautolock.service", "x-session-user");
machine.start()
machine.wait_for_x()
machine.wait_for_unit("xautolock.service", "x-session-user")
</programlisting>
This applies to <literal>systemctl</literal>, <literal>getUnitInfo</literal>,
<literal>waitForUnit</literal>, <literal>startJob</literal> and
<literal>stopJob</literal>.
This applies to <literal>systemctl</literal>, <literal>get_unit_info</literal>,
<literal>wait_for_unit</literal>, <literal>start_job</literal> and
<literal>stop_job</literal>.
</para>
</section>

21
nixos/doc/manual/man-nixos-option.xml
View file

@ -19,14 +19,10 @@
</arg>
<arg>
<option>--verbose</option>
<option>--all</option>
</arg>
<arg>
<option>--xml</option>
</arg>
<arg choice="plain">
<replaceable>option.name</replaceable>
</arg>
</cmdsynopsis>
@ -62,22 +58,11 @@
</varlistentry>
<varlistentry>
<term>
<option>--verbose</option>
<option>--all</option>
</term>
<listitem>
<para>
This option enables verbose mode, which currently is just the Bash
<command>set</command> <option>-x</option> debug mode.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--xml</option>
</term>
<listitem>
<para>
This option causes the output to be rendered as XML.
Print the values of all options.
</para>
</listitem>
</varlistentry>

6
nixos/doc/manual/release-notes/rl-2003.xml
View file

@ -49,6 +49,12 @@
zfs as soon as any zfs mountpoint is configured in <varname>fileSystems</varname>.
</para>
</listitem>
<listitem>
<para>
<command>nixos-option</command> has been rewritten in C++, speeding it up, improving correctness,
and adding a <option>--all</option> option which prints all options and their values.
</para>
</listitem>
</itemizedlist>
</section>

758
nixos/lib/test-driver/test-driver.py Normal file
View file

@ -0,0 +1,758 @@
#! /somewhere/python3
from contextlib import contextmanager
from xml.sax.saxutils import XMLGenerator
import _thread
import atexit
import os
import pty
import queue
import re
import shutil
import socket
import subprocess
import sys
import tempfile
import time
import unicodedata
import ptpython.repl
CHAR_TO_KEY = {
"A": "shift-a",
"N": "shift-n",
"-": "0x0C",
"_": "shift-0x0C",
"B": "shift-b",
"O": "shift-o",
"=": "0x0D",
"+": "shift-0x0D",
"C": "shift-c",
"P": "shift-p",
"[": "0x1A",
"{": "shift-0x1A",
"D": "shift-d",
"Q": "shift-q",
"]": "0x1B",
"}": "shift-0x1B",
"E": "shift-e",
"R": "shift-r",
";": "0x27",
":": "shift-0x27",
"F": "shift-f",
"S": "shift-s",
"'": "0x28",
'"': "shift-0x28",
"G": "shift-g",
"T": "shift-t",
"`": "0x29",
"~": "shift-0x29",
"H": "shift-h",
"U": "shift-u",
"\\": "0x2B",
"|": "shift-0x2B",
"I": "shift-i",
"V": "shift-v",
",": "0x33",
"<": "shift-0x33",
"J": "shift-j",
"W": "shift-w",
".": "0x34",
">": "shift-0x34",
"K": "shift-k",
"X": "shift-x",
"/": "0x35",
"?": "shift-0x35",
"L": "shift-l",
"Y": "shift-y",
" ": "spc",
"M": "shift-m",
"Z": "shift-z",
"\n": "ret",
"!": "shift-0x02",
"@": "shift-0x03",
"#": "shift-0x04",
"$": "shift-0x05",
"%": "shift-0x06",
"^": "shift-0x07",
"&": "shift-0x08",
"*": "shift-0x09",
"(": "shift-0x0A",
")": "shift-0x0B",
}
def eprint(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs)
def create_vlan(vlan_nr):
global log
log.log("starting VDE switch for network {}".format(vlan_nr))
vde_socket = os.path.abspath("./vde{}.ctl".format(vlan_nr))
pty_master, pty_slave = pty.openpty()
vde_process = subprocess.Popen(
["vde_switch", "-s", vde_socket, "--dirmode", "0777"],
bufsize=1,
stdin=pty_slave,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=False,
)
fd = os.fdopen(pty_master, "w")
fd.write("version\n")
# TODO: perl version checks if this can be read from
# an if not, dies. we could hang here forever. Fix it.
vde_process.stdout.readline()
if not os.path.exists(os.path.join(vde_socket, "ctl")):
raise Exception("cannot start vde_switch")
return (vlan_nr, vde_socket, vde_process, fd)
def retry(fn):
"""Call the given function repeatedly, with 1 second intervals,
until it returns True or a timeout is reached.
"""
for _ in range(900):
if fn(False):
return
time.sleep(1)
if not fn(True):
raise Exception("action timed out")
class Logger:
def __init__(self):
self.logfile = os.environ.get("LOGFILE", "/dev/null")
self.logfile_handle = open(self.logfile, "wb")
self.xml = XMLGenerator(self.logfile_handle, encoding="utf-8")
self.queue = queue.Queue(1000)
self.xml.startDocument()
self.xml.startElement("logfile", attrs={})
def close(self):
self.xml.endElement("logfile")
self.xml.endDocument()
self.logfile_handle.close()
def sanitise(self, message):
return "".join(ch for ch in message if unicodedata.category(ch)[0] != "C")
def maybe_prefix(self, message, attributes):
if "machine" in attributes:
return "{}: {}".format(attributes["machine"], message)
return message
def log_line(self, message, attributes):
self.xml.startElement("line", attributes)
self.xml.characters(message)
self.xml.endElement("line")
def log(self, message, attributes={}):
eprint(self.maybe_prefix(message, attributes))
self.drain_log_queue()
self.log_line(message, attributes)
def enqueue(self, message):
self.queue.put(message)
def drain_log_queue(self):
try:
while True:
item = self.queue.get_nowait()
attributes = {"machine": item["machine"], "type": "serial"}
self.log_line(self.sanitise(item["msg"]), attributes)
except queue.Empty:
pass
@contextmanager
def nested(self, message, attributes={}):
eprint(self.maybe_prefix(message, attributes))
self.xml.startElement("nest", attrs={})
self.xml.startElement("head", attributes)
self.xml.characters(message)
self.xml.endElement("head")
tic = time.time()
self.drain_log_queue()
yield
self.drain_log_queue()
toc = time.time()
self.log("({:.2f} seconds)".format(toc - tic))
self.xml.endElement("nest")
class Machine:
def __init__(self, args):
if "name" in args:
self.name = args["name"]
else:
self.name = "machine"
try:
cmd = args["startCommand"]
self.name = re.search("run-(.+)-vm$", cmd).group(1)
except KeyError:
pass
except AttributeError:
pass
self.script = args.get("startCommand", self.create_startcommand(args))
tmp_dir = os.environ.get("TMPDIR", tempfile.gettempdir())
def create_dir(name):
path = os.path.join(tmp_dir, name)
os.makedirs(path, mode=0o700, exist_ok=True)
return path
self.state_dir = create_dir("vm-state-{}".format(self.name))
self.shared_dir = create_dir("xchg-shared")
self.booted = False
self.connected = False
self.pid = None
self.socket = None
self.monitor = None
self.logger = args["log"]
self.allow_reboot = args.get("allowReboot", False)
@staticmethod
def create_startcommand(args):
net_backend = "-netdev user,id=net0"
net_frontend = "-device virtio-net-pci,netdev=net0"
if "netBackendArgs" in args:
net_backend += "," + args["netBackendArgs"]
if "netFrontendArgs" in args:
net_frontend += "," + args["netFrontendArgs"]
start_command = (
"qemu-kvm -m 384 " + net_backend + " " + net_frontend + " $QEMU_OPTS "
)
if "hda" in args:
hda_path = os.path.abspath(args["hda"])
if args.get("hdaInterface", "") == "scsi":
start_command += (
"-drive id=hda,file="
+ hda_path
+ ",werror=report,if=none "
+ "-device scsi-hd,drive=hda "
)
else:
start_command += (
"-drive file="
+ hda_path
+ ",if="
+ args["hdaInterface"]
+ ",werror=report "
)
if "cdrom" in args:
start_command += "-cdrom " + args["cdrom"] + " "
if "usb" in args:
start_command += (
"-device piix3-usb-uhci -drive "
+ "id=usbdisk,file="
+ args["usb"]
+ ",if=none,readonly "
+ "-device usb-storage,drive=usbdisk "
)
if "bios" in args:
start_command += "-bios " + args["bios"] + " "
start_command += args.get("qemuFlags", "")
return start_command
def is_up(self):
return self.booted and self.connected
def log(self, msg):
self.logger.log(msg, {"machine": self.name})
def nested(self, msg, attrs={}):
my_attrs = {"machine": self.name}
my_attrs.update(attrs)
return self.logger.nested(msg, my_attrs)
def wait_for_monitor_prompt(self):
while True:
answer = self.monitor.recv(1024).decode()
if answer.endswith("(qemu) "):
return answer
def send_monitor_command(self, command):
message = ("{}\n".format(command)).encode()
self.log("sending monitor command: {}".format(command))
self.monitor.send(message)
return self.wait_for_monitor_prompt()
def wait_for_unit(self, unit, user=None):
while True:
info = self.get_unit_info(unit, user)
state = info["ActiveState"]
if state == "failed":
raise Exception('unit "{}" reached state "{}"'.format(unit, state))
if state == "inactive":
status, jobs = self.systemctl("list-jobs --full 2>&1", user)
if "No jobs" in jobs:
info = self.get_unit_info(unit)
if info["ActiveState"] == state:
raise Exception(
(
'unit "{}" is inactive and there ' "are no pending jobs"
).format(unit)
)
if state == "active":
return True
def get_unit_info(self, unit, user=None):
status, lines = self.systemctl('--no-pager show "{}"'.format(unit), user)
if status != 0:
return None
line_pattern = re.compile(r"^([^=]+)=(.*)$")
def tuple_from_line(line):
match = line_pattern.match(line)
return match[1], match[2]
return dict(
tuple_from_line(line)
for line in lines.split("\n")
if line_pattern.match(line)
)
def systemctl(self, q, user=None):
if user is not None:
q = q.replace("'", "\\'")
return self.execute(
(
"su -l {} -c "
"$'XDG_RUNTIME_DIR=/run/user/`id -u` "
"systemctl --user {}'"
).format(user, q)
)
return self.execute("systemctl {}".format(q))
def execute(self, command):
self.connect()
out_command = "( {} ); echo '|!EOF' $?\n".format(command)
self.shell.send(out_command.encode())
output = ""
status_code_pattern = re.compile(r"(.*)\|\!EOF\s+(\d+)")
while True:
chunk = self.shell.recv(4096).decode()
match = status_code_pattern.match(chunk)
if match:
output += match[1]
status_code = int(match[2])
return (status_code, output)
output += chunk
def succeed(self, *commands):
"""Execute each command and check that it succeeds."""
for command in commands:
with self.nested("must succeed: {}".format(command)):
status, output = self.execute(command)
if status != 0:
self.log("output: {}".format(output))
raise Exception(
"command `{}` failed (exit code {})".format(command, status)
)
return output
def fail(self, *commands):
"""Execute each command and check that it fails."""
for command in commands:
with self.nested("must fail: {}".format(command)):
status, output = self.execute(command)
if status == 0:
raise Exception(
"command `{}` unexpectedly succeeded".format(command)
)
def wait_until_succeeds(self, command):
with self.nested("waiting for success: {}".format(command)):
while True:
status, output = self.execute(command)
if status == 0:
return output
def wait_until_fails(self, command):
with self.nested("waiting for failure: {}".format(command)):
while True:
status, output = self.execute(command)
if status != 0:
return output
def wait_for_shutdown(self):
if not self.booted:
return
with self.nested("waiting for the VM to power off"):
sys.stdout.flush()
self.process.wait()
self.pid = None
self.booted = False
self.connected = False
def get_tty_text(self, tty):
status, output = self.execute(
"fold -w$(stty -F /dev/tty{0} size | "
"awk '{{print $2}}') /dev/vcs{0}".format(tty)
)
return output
def wait_until_tty_matches(self, tty, regexp):
matcher = re.compile(regexp)
with self.nested("waiting for {} to appear on tty {}".format(regexp, tty)):
while True:
text = self.get_tty_text(tty)
if len(matcher.findall(text)) > 0:
return True
def send_chars(self, chars):
with self.nested("sending keys {}".format(chars)):
for char in chars:
self.send_key(char)
def wait_for_file(self, filename):
with self.nested("waiting for file {}".format(filename)):
while True:
status, _ = self.execute("test -e {}".format(filename))
if status == 0:
return True
def wait_for_open_port(self, port):
def port_is_open(_):
status, _ = self.execute("nc -z localhost {}".format(port))
return status == 0
with self.nested("waiting for TCP port {}".format(port)):
retry(port_is_open)
def wait_for_closed_port(self, port):
def port_is_closed(_):
status, _ = self.execute("nc -z localhost {}".format(port))
return status != 0
retry(port_is_closed)
def start_job(self, jobname, user=None):
return self.systemctl("start {}".format(jobname), user)
def stop_job(self, jobname, user=None):
return self.systemctl("stop {}".format(jobname), user)
def wait_for_job(self, jobname):
return self.wait_for_unit(jobname)
def connect(self):
if self.connected:
return
with self.nested("waiting for the VM to finish booting"):
self.start()
tic = time.time()
self.shell.recv(1024)
# TODO: Timeout
toc = time.time()
self.log("connected to guest root shell")
self.log("(connecting took {:.2f} seconds)".format(toc - tic))
self.connected = True
def screenshot(self, filename):
out_dir = os.environ.get("out", os.getcwd())
word_pattern = re.compile(r"^\w+$")
if word_pattern.match(filename):
filename = os.path.join(out_dir, "{}.png".format(filename))
tmp = "{}.ppm".format(filename)
with self.nested(
"making screenshot {}".format(filename),
{"image": os.path.basename(filename)},
):
self.send_monitor_command("screendump {}".format(tmp))
ret = subprocess.run("pnmtopng {} > {}".format(tmp, filename), shell=True)
os.unlink(tmp)
if ret.returncode != 0:
raise Exception("Cannot convert screenshot")
def get_screen_text(self):
if shutil.which("tesseract") is None:
raise Exception("get_screen_text used but enableOCR is false")
magick_args = (
"-filter Catrom -density 72 -resample 300 "
+ "-contrast -normalize -despeckle -type grayscale "
+ "-sharpen 1 -posterize 3 -negate -gamma 100 "
+ "-blur 1x65535"
)
tess_args = "-c debug_file=/dev/null --psm 11 --oem 2"
with self.nested("performing optical character recognition"):
with tempfile.NamedTemporaryFile() as tmpin:
self.send_monitor_command("screendump {}".format(tmpin.name))
cmd = "convert {} {} tiff:- | tesseract - - {}".format(
magick_args, tmpin.name, tess_args
)
ret = subprocess.run(cmd, shell=True, capture_output=True)
if ret.returncode != 0:
raise Exception(
"OCR failed with exit code {}".format(ret.returncode)
)
return ret.stdout.decode("utf-8")
def wait_for_text(self, regex):
def screen_matches(last):
text = self.get_screen_text()
m = re.search(regex, text)
if last and not m:
self.log("Last OCR attempt failed. Text was: {}".format(text))
return m
with self.nested("waiting for {} to appear on screen".format(regex)):
retry(screen_matches)
def send_key(self, key):
key = CHAR_TO_KEY.get(key, key)
self.send_monitor_command("sendkey {}".format(key))
def start(self):
if self.booted:
return
self.log("starting vm")
def create_socket(path):
if os.path.exists(path):
os.unlink(path)
s = socket.socket(family=socket.AF_UNIX, type=socket.SOCK_STREAM)
s.bind(path)
s.listen(1)
return s
monitor_path = os.path.join(self.state_dir, "monitor")
self.monitor_socket = create_socket(monitor_path)
shell_path = os.path.join(self.state_dir, "shell")
self.shell_socket = create_socket(shell_path)
qemu_options = (
" ".join(
[
"" if self.allow_reboot else "-no-reboot",
"-monitor unix:{}".format(monitor_path),
"-chardev socket,id=shell,path={}".format(shell_path),
"-device virtio-serial",
"-device virtconsole,chardev=shell",
"-device virtio-rng-pci",
"-serial stdio" if "DISPLAY" in os.environ else "-nographic",
]
)
+ " "
+ os.environ.get("QEMU_OPTS", "")
)
environment = {
"QEMU_OPTS": qemu_options,
"SHARED_DIR": self.shared_dir,
"USE_TMPDIR": "1",
}
environment.update(dict(os.environ))
self.process = subprocess.Popen(
self.script,
bufsize=1,
stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
shell=False,
cwd=self.state_dir,
env=environment,
)
self.monitor, _ = self.monitor_socket.accept()
self.shell, _ = self.shell_socket.accept()
def process_serial_output():
for line in self.process.stdout:
line = line.decode().replace("\r", "").rstrip()
eprint("{} # {}".format(self.name, line))
self.logger.enqueue({"msg": line, "machine": self.name})
_thread.start_new_thread(process_serial_output, ())
self.wait_for_monitor_prompt()
self.pid = self.process.pid
self.booted = True
self.log("QEMU running (pid {})".format(self.pid))
def shutdown(self):
if self.booted:
return
self.shell.send("poweroff\n".encode())
self.wait_for_shutdown()
def crash(self):
if self.booted:
return
self.log("forced crash")
self.send_monitor_command("quit")
self.wait_for_shutdown()
def wait_for_x(self):
"""Wait until it is possible to connect to the X server. Note that
testing the existence of /tmp/.X11-unix/X0 is insufficient.
"""
with self.nested("waiting for the X11 server"):
while True:
cmd = (
"journalctl -b SYSLOG_IDENTIFIER=systemd | "
+ 'grep "Reached target Current graphical"'
)
status, _ = self.execute(cmd)
if status != 0:
continue
status, _ = self.execute("[ -e /tmp/.X11-unix/X0 ]")
if status == 0:
return
def sleep(self, secs):
time.sleep(secs)
def block(self):
"""Make the machine unreachable by shutting down eth1 (the multicast
interface used to talk to the other VMs). We keep eth0 up so that
the test driver can continue to talk to the machine.
"""
self.send_monitor_command("set_link virtio-net-pci.1 off")
def unblock(self):
"""Make the machine reachable.
"""
self.send_monitor_command("set_link virtio-net-pci.1 on")
def create_machine(args):
global log
args["log"] = log
args["redirectSerial"] = os.environ.get("USE_SERIAL", "0") == "1"
return Machine(args)
def start_all():
with log.nested("starting all VMs"):
for machine in machines:
machine.start()
def join_all():
with log.nested("waiting for all VMs to finish"):
for machine in machines:
machine.wait_for_shutdown()
def test_script():
exec(os.environ["testScript"])
def run_tests():
tests = os.environ.get("tests", None)
if tests is not None:
with log.nested("running the VM test script"):
try:
exec(tests)
except Exception as e:
eprint("error: {}".format(str(e)))
sys.exit(1)
else:
ptpython.repl.embed(locals(), globals())
# TODO: Collect coverage data
for machine in machines:
if machine.is_up():
machine.execute("sync")
if nr_tests != 0:
log.log("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
@contextmanager
def subtest(name):
global nr_tests
global nr_succeeded
with log.nested(name):
nr_tests += 1
try:
yield
nr_succeeded += 1
return True
except Exception as e:
log.log("error: {}".format(str(e)))
return False
if __name__ == "__main__":
global log
log = Logger()
vlan_nrs = list(dict.fromkeys(os.environ["VLANS"].split()))
vde_sockets = [create_vlan(v) for v in vlan_nrs]
for nr, vde_socket, _, _ in vde_sockets:
os.environ["QEMU_VDE_SOCKET_{}".format(nr)] = vde_socket
vm_scripts = sys.argv[1:]
machines = [create_machine({"startCommand": s}) for s in vm_scripts]
machine_eval = [
"{0} = machines[{1}]".format(m.name, idx) for idx, m in enumerate(machines)
]
exec("\n".join(machine_eval))
nr_tests = 0
nr_succeeded = 0
@atexit.register
def clean_up():
with log.nested("cleaning up"):
for machine in machines:
if machine.pid is None:
continue
log.log("killing {} (pid {})".format(machine.name, machine.pid))
machine.process.kill()
for _, _, process, _ in vde_sockets:
process.kill()
log.close()
tic = time.time()
run_tests()
toc = time.time()
print("test script finished in {:.2f}s".format(toc - tic))

279
nixos/lib/testing-python.nix Normal file
View file

@ -0,0 +1,279 @@
{ system
, pkgs ? import ../.. { inherit system config; }
# Use a minimal kernel?
, minimal ? false
# Ignored
, config ? {}
# Modules to add to each VM
, extraConfigurations ? [] }:
with import ./build-vms.nix { inherit system pkgs minimal extraConfigurations; };
with pkgs;
let
jquery-ui = callPackage ./testing/jquery-ui.nix { };
jquery = callPackage ./testing/jquery.nix { };
in rec {
inherit pkgs;
testDriver = let
testDriverScript = ./test-driver/test-driver.py;
in stdenv.mkDerivation {
name = "nixos-test-driver";
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ (python3.withPackages (p: [ p.ptpython ])) ];
checkInputs = with python3Packages; [ pylint black ];
dontUnpack = true;
preferLocalBuild = true;
doCheck = true;
checkPhase = ''
pylint --errors-only ${testDriverScript}
black --check --diff ${testDriverScript}
'';
installPhase =
''
mkdir -p $out/bin
cp ${testDriverScript} $out/bin/nixos-test-driver
chmod u+x $out/bin/nixos-test-driver
# TODO: copy user script part into this file (append)
wrapProgram $out/bin/nixos-test-driver \
--prefix PATH : "${lib.makeBinPath [ qemu_test vde2 netpbm coreutils ]}" \
'';
};
# Run an automated test suite in the given virtual network.
# `driver' is the script that runs the network.
runTests = driver:
stdenv.mkDerivation {
name = "vm-test-run-${driver.testName}";
requiredSystemFeatures = [ "kvm" "nixos-test" ];
buildInputs = [ libxslt ];
buildCommand =
''
mkdir -p $out/nix-support
LOGFILE=$out/log.xml tests='exec(os.environ["testScript"])' ${driver}/bin/nixos-test-driver
# Generate a pretty-printed log.
xsltproc --output $out/log.html ${./test-driver/log2html.xsl} $out/log.xml
ln -s ${./test-driver/logfile.css} $out/logfile.css
ln -s ${./test-driver/treebits.js} $out/treebits.js
ln -s ${jquery}/js/jquery.min.js $out/
ln -s ${jquery}/js/jquery.js $out/
ln -s ${jquery-ui}/js/jquery-ui.min.js $out/
ln -s ${jquery-ui}/js/jquery-ui.js $out/
touch $out/nix-support/hydra-build-products
echo "report testlog $out log.html" >> $out/nix-support/hydra-build-products
for i in */xchg/coverage-data; do
mkdir -p $out/coverage-data
mv $i $out/coverage-data/$(dirname $(dirname $i))
done
'';
};
makeTest =
{ testScript
, makeCoverageReport ? false
, enableOCR ? false
, name ? "unnamed"
, ...
} @ t:
let
# A standard store path to the vm monitor is built like this:
# /tmp/nix-build-vm-test-run-$name.drv-0/vm-state-machine/monitor
# The max filename length of a unix domain socket is 108 bytes.
# This means $name can at most be 50 bytes long.
maxTestNameLen = 50;
testNameLen = builtins.stringLength name;
testDriverName = with builtins;
if testNameLen > maxTestNameLen then
abort ("The name of the test '${name}' must not be longer than ${toString maxTestNameLen} " +
"it's currently ${toString testNameLen} characters long.")
else
"nixos-test-driver-${name}";
nodes = buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
ocrProg = tesseract4.override { enableLanguages = [ "eng" ]; };
imagemagick_tiff = imagemagick_light.override { inherit libtiff; };
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand testDriverName
{ buildInputs = [ makeWrapper];
testScript = testScript';
preferLocalBuild = true;
testName = name;
}
''
mkdir -p $out/bin
echo -n "$testScript" > $out/test-script
${python3Packages.black}/bin/black --check --diff $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
wrapProgram $out/bin/nixos-test-driver \
--add-flags "''${vms[*]}" \
${lib.optionalString enableOCR
"--prefix PATH : '${ocrProg}/bin:${imagemagick_tiff}/bin'"} \
--run "export testScript=\"\$(cat $out/test-script)\"" \
--set VLANS '${toString vlans}'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-run-vms \
--add-flags "''${vms[*]}" \
${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \
--set tests 'start_all(); join_all();' \
--set VLANS '${toString vlans}' \
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
''; # "
passMeta = drv: drv // lib.optionalAttrs (t ? meta) {
meta = (drv.meta or {}) // t.meta;
};
test = passMeta (runTests driver);
report = passMeta (releaseTools.gcovReport { coverageRuns = [ test ]; });
nodeNames = builtins.attrNames nodes;
invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_][A-z0-9_]+$" node == null) nodeNames;
in
if lib.length invalidNodeNames > 0 then
throw ''
Cannot create machines out of (${lib.concatStringsSep ", " invalidNodeNames})!
All machines are referenced as perl variables in the testing framework which will break the
script when special characters are used.
Please stick to alphanumeric chars and underscores as separation.
''
else
(if makeCoverageReport then report else test) // {
inherit nodes driver test;
};
runInMachine =
{ drv
, machine
, preBuild ? ""
, postBuild ? ""
, ... # ???
}:
let
vm = buildVM { }
[ machine
{ key = "run-in-machine";
networking.hostName = "client";
nix.readOnlyStore = false;
virtualisation.writableStore = false;
}
];
buildrunner = writeText "vm-build" ''
source $1
${coreutils}/bin/mkdir -p $TMPDIR
cd $TMPDIR
exec $origBuilder $origArgs
'';
testScript = ''
startAll;
$client->waitForUnit("multi-user.target");
${preBuild}
$client->succeed("env -i ${bash}/bin/bash ${buildrunner} /tmp/xchg/saved-env >&2");
${postBuild}
$client->succeed("sync"); # flush all data before pulling the plug
'';
vmRunCommand = writeText "vm-run" ''
xchg=vm-state-client/xchg
${coreutils}/bin/mkdir $out
${coreutils}/bin/mkdir -p $xchg
for i in $passAsFile; do
i2=''${i}Path
_basename=$(${coreutils}/bin/basename ''${!i2})
${coreutils}/bin/cp ''${!i2} $xchg/$_basename
eval $i2=/tmp/xchg/$_basename
${coreutils}/bin/ls -la $xchg
done
unset i i2 _basename
export | ${gnugrep}/bin/grep -v '^xchg=' > $xchg/saved-env
unset xchg
export tests='${testScript}'
${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
''; # */
in
lib.overrideDerivation drv (attrs: {
requiredSystemFeatures = [ "kvm" ];
builder = "${bash}/bin/sh";
args = ["-e" vmRunCommand];
origArgs = attrs.args;
origBuilder = attrs.builder;
});
runInMachineWithX = { require ? [], ... } @ args:
let
client =
{ ... }:
{
inherit require;
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.slim.enable = false;
services.xserver.displayManager.auto.enable = true;
services.xserver.windowManager.default = "icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
};
in
runInMachine ({
machine = client;
preBuild =
''
$client->waitForX;
'';
} // args);
simpleTest = as: (makeTest as).test;
}

14
nixos/modules/config/shells-environment.nix
View file

@ -118,6 +118,14 @@ in
type = with types; attrsOf (nullOr (either str path));
};
environment.homeBinInPath = mkOption {
description = ''
Include ~/bin/ in $PATH.
'';
default = true;
type = types.bool;
};
environment.binsh = mkOption {
default = "${config.system.build.binsh}/bin/sh";
defaultText = "\${config.system.build.binsh}/bin/sh";
@ -186,8 +194,10 @@ in
${cfg.extraInit}
# ~/bin if it exists overrides other bin directories.
export PATH="$HOME/bin:$PATH"
${optionalString cfg.homeBinInPath ''
# ~/bin if it exists overrides other bin directories.
export PATH="$HOME/bin:$PATH"
''}
'';
system.activationScripts.binsh = stringAfter [ "stdio" ]

22
nixos/modules/hardware/brillo.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.brillo;
in
{
options = {
hardware.brillo = {
enable = mkEnableOption ''
Enable brillo in userspace.
This will allow brightness control from users in the video group.
'';
};
};
config = mkIf cfg.enable {
services.udev.packages = [ pkgs.brillo ];
environment.systemPackages = [ pkgs.brillo ];
};
}

22
nixos/modules/hardware/video/displaylink.nix
View file

@ -19,6 +19,21 @@ in
config = mkIf enabled {
boot.extraModulePackages = [ evdi ];
boot.kernelModules = [ "evdi" ];
environment.etc."X11/xorg.conf.d/40-displaylink.conf".text = ''
Section "OutputClass"
Identifier "DisplayLink"
MatchDriver "evdi"
Driver "modesetting"
Option "AccelMethod" "none"
EndSection
'';
# make the device available
services.xserver.displayManager.sessionCommands = ''
${lib.getBin pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource 1 0
'';
# Those are taken from displaylink-installer.sh and from Arch Linux AUR package.
@ -47,18 +62,13 @@ in
description = "DisplayLink Manager Service";
after = [ "display-manager.service" ];
conflicts = [ "getty@tty7.service" ];
path = [ pkgs.kmod ];
serviceConfig = {
ExecStart = "${displaylink}/bin/DisplayLinkManager";
Restart = "always";
RestartSec = 5;
LogsDirectory = "displaylink";
};
preStart = ''
mkdir -p /var/log/displaylink
modprobe evdi
'';
};
};

327
nixos/modules/installer/tools/nixos-option.sh
View file

@ -1,327 +0,0 @@
#! @shell@ -e
# FIXME: rewrite this in a more suitable language.
usage () {
exec man nixos-option
exit 1
}
#####################
# Process Arguments #
#####################
xml=false
verbose=false
nixPath=""
option=""
exit_code=0
argfun=""
for arg; do
if test -z "$argfun"; then
case $arg in
-*)
sarg="$arg"
longarg=""
while test "$sarg" != "-"; do
case $sarg in
--*) longarg=$arg; sarg="--";;
-I) argfun="include_nixpath";;
-*) usage;;
esac
# remove the first letter option
sarg="-${sarg#??}"
done
;;
*) longarg=$arg;;
esac
for larg in $longarg; do
case $larg in
--xml) xml=true;;
--verbose) verbose=true;;
--help) usage;;
-*) usage;;
*) if test -z "$option"; then
option="$larg"
else
usage
fi;;
esac
done
else
case $argfun in
set_*)
var=$(echo $argfun | sed 's,^set_,,')
eval $var=$arg
;;
include_nixpath)
nixPath="-I $arg $nixPath"
;;
esac
argfun=""
fi
done
if $verbose; then
set -x
else
set +x
fi
#############################
# Process the configuration #
#############################
evalNix(){
# disable `-e` flag, it's possible that the evaluation of `nix-instantiate` fails (e.g. due to broken pkgs)
set +e
result=$(nix-instantiate ${nixPath:+$nixPath} - --eval-only "$@" 2>&1)
exit_code=$?
set -e
if test $exit_code -eq 0; then
sed '/^warning: Nix search path/d' <<EOF
$result
EOF
return 0;
else
sed -n '
/^error/ { s/, at (string):[0-9]*:[0-9]*//; p; };
/^warning: Nix search path/ { p; };
' >&2 <<EOF
$result
EOF
exit_code=1
fi
}
header="let
nixos = import <nixpkgs/nixos> {};
nixpkgs = import <nixpkgs> {};
in with nixpkgs.lib;
"
# This function is used for converting the option definition path given by
# the user into accessors for reaching the definition and the declaration
# corresponding to this option.
generateAccessors(){
if result=$(evalNix --strict --show-trace <<EOF
$header
let
path = "${option:+$option}";
pathList = splitString "." path;
walkOptions = attrsNames: result:
if attrsNames == [] then
result
else
let name = head attrsNames; rest = tail attrsNames; in
if isOption result.options then
walkOptions rest {
options = result.options.type.getSubOptions "";
opt = ''(\${result.opt}.type.getSubOptions "")'';
cfg = ''\${result.cfg}."\${name}"'';
}
else
walkOptions rest {
options = result.options.\${name};
opt = ''\${result.opt}."\${name}"'';
cfg = ''\${result.cfg}."\${name}"'';
}
;
walkResult = (if path == "" then x: x else walkOptions pathList) {
options = nixos.options;
opt = ''nixos.options'';
cfg = ''nixos.config'';
};
in
''let option = \${walkResult.opt}; config = \${walkResult.cfg}; in''
EOF
)
then
echo $result
else
# In case of error we want to ignore the error message roduced by the
# script above, as it is iterating over each attribute, which does not
# produce a nice error message. The following code is a fallback
# solution which is cause a nicer error message in the next
# evaluation.
echo "\"let option = nixos.options${option:+.$option}; config = nixos.config${option:+.$option}; in\""
fi
}
header="$header
$(eval echo $(generateAccessors))
"
evalAttr(){
local prefix="$1"
local strict="$2"
local suffix="$3"
# If strict is set, then set it to "true".
test -n "$strict" && strict=true
evalNix ${strict:+--strict} <<EOF
$header
let
value = $prefix${suffix:+.$suffix};
strict = ${strict:-false};
cleanOutput = x: with nixpkgs.lib;
if isDerivation x then x.outPath
else if isFunction x then "<CODE>"
else if strict then
if isAttrs x then mapAttrs (n: cleanOutput) x
else if isList x then map cleanOutput x
else x
else x;
in
cleanOutput value
EOF
}
evalOpt(){
evalAttr "option" "" "$@"
}
evalCfg(){
local strict="$1"
evalAttr "config" "$strict"
}
findSources(){
local suffix=$1
evalNix --strict <<EOF
$header
option.$suffix
EOF
}
# Given a result from nix-instantiate, recover the list of attributes it
# contains.
attrNames() {
local attributeset=$1
# sed is used to replace un-printable subset by 0s, and to remove most of
# the inner-attribute set, which reduce the likelyhood to encounter badly
# pre-processed input.
echo "builtins.attrNames $attributeset" | \
sed 's,<[A-Z]*>,0,g; :inner; s/{[^\{\}]*};/0;/g; t inner;' | \
evalNix --strict
}
# map a simple list which contains strings or paths.
nixMap() {
local fun="$1"
local list="$2"
local elem
for elem in $list; do
test $elem = '[' -o $elem = ']' && continue;
$fun $elem
done
}
# This duplicates the work made below, but it is useful for processing
# the output of nixos-option with other tools such as nixos-gui.
if $xml; then
evalNix --xml --no-location <<EOF
$header
let
sources = builtins.map (f: f.source);
opt = option;
cfg = config;
in
with nixpkgs.lib;
let
optStrict = v:
let
traverse = x :
if isAttrs x then
if x ? outPath then true
else all id (mapAttrsFlatten (n: traverseNoAttrs) x)
else traverseNoAttrs x;
traverseNoAttrs = x:
# do not continue in attribute sets
if isAttrs x then true
else if isList x then all id (map traverse x)
else true;
in assert traverse v; v;
in
if isOption opt then
optStrict ({}
// optionalAttrs (opt ? default) { inherit (opt) default; }
// optionalAttrs (opt ? example) { inherit (opt) example; }
// optionalAttrs (opt ? description) { inherit (opt) description; }
// optionalAttrs (opt ? type) { typename = opt.type.description; }
// optionalAttrs (opt ? options) { inherit (opt) options; }
// {
# to disambiguate the xml output.
_isOption = true;
declarations = sources opt.declarations;
definitions = sources opt.definitions;
value = cfg;
})
else
opt
EOF
exit $?
fi
if test "$(evalOpt "_type" 2> /dev/null)" = '"option"'; then
echo "Value:"
evalCfg 1
echo
echo "Default:"
if default=$(evalOpt "default" - 2> /dev/null); then
echo "$default"
else
echo "<None>"
fi
echo
if example=$(evalOpt "example" - 2> /dev/null); then
echo "Example:"
echo "$example"
echo
fi
echo "Description:"
echo
echo $(evalOpt "description")
echo $desc;
printPath () { echo " $1"; }
echo "Declared by:"
nixMap printPath "$(findSources "declarations")"
echo
echo "Defined by:"
nixMap printPath "$(findSources "files")"
echo
else
# echo 1>&2 "Warning: This value is not an option."
result=$(evalCfg "")
if [ ! -z "$result" ]; then
names=$(attrNames "$result" 2> /dev/null)
echo 1>&2 "This attribute set contains:"
escapeQuotes () { eval echo "$1"; }
nixMap escapeQuotes "$names"
else
echo 1>&2 "An error occurred while looking for attribute names. Are you sure that '$option' exists?"
fi
fi
exit $exit_code

8
nixos/modules/installer/tools/nixos-option/CMakeLists.txt Normal file
View file

@ -0,0 +1,8 @@
cmake_minimum_required (VERSION 2.6)
project (nixos-option)
add_executable(nixos-option nixos-option.cc libnix-copy-paste.cc)
target_link_libraries(nixos-option PRIVATE -lnixmain -lnixexpr -lnixstore -lnixutil)
target_compile_features(nixos-option PRIVATE cxx_std_17)
install (TARGETS nixos-option DESTINATION bin)

11
nixos/modules/installer/tools/nixos-option/default.nix Normal file
View file

@ -0,0 +1,11 @@
{lib, stdenv, boost, cmake, pkgconfig, nix, ... }:
stdenv.mkDerivation rec {
name = "nixos-option";
src = ./.;
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ boost nix ];
meta = {
license = stdenv.lib.licenses.lgpl2Plus;
maintainers = with lib.maintainers; [ chkno ];
};
}

83
nixos/modules/installer/tools/nixos-option/libnix-copy-paste.cc Normal file
View file

@ -0,0 +1,83 @@
// These are useful methods inside the nix library that ought to be exported.
// Since they are not, copy/paste them here.
// TODO: Delete these and use the ones in the library as they become available.
#include <nix/config.h> // for nix/globals.hh's reference to SYSTEM
#include "libnix-copy-paste.hh"
#include <boost/format/alt_sstream.hpp> // for basic_altstringbuf...
#include <boost/format/alt_sstream_impl.hpp> // for basic_altstringbuf...
#include <boost/format/format_class.hpp> // for basic_format
#include <boost/format/format_fwd.hpp> // for format
#include <boost/format/format_implementation.hpp> // for basic_format::basi...
#include <boost/optional/optional.hpp> // for get_pointer
#include <iostream> // for operator<<, basic_...
#include <nix/types.hh> // for Strings, Error
#include <string> // for string, basic_string
using boost::format;
using nix::Error;
using nix::Strings;
using std::string;
// From nix/src/libexpr/attr-path.cc
Strings parseAttrPath(const string & s)
{
Strings res;
string cur;
string::const_iterator i = s.begin();
while (i != s.end()) {
if (*i == '.') {
res.push_back(cur);
cur.clear();
} else if (*i == '"') {
++i;
while (1) {
if (i == s.end())
throw Error(format("missing closing quote in selection path '%1%'") % s);
if (*i == '"')
break;
cur.push_back(*i++);
}
} else
cur.push_back(*i);
++i;
}
if (!cur.empty())
res.push_back(cur);
return res;
}
// From nix/src/nix/repl.cc
bool isVarName(const string & s)
{
if (s.size() == 0)
return false;
char c = s[0];
if ((c >= '0' && c <= '9') || c == '-' || c == '\'')
return false;
for (auto & i : s)
if (!((i >= 'a' && i <= 'z') || (i >= 'A' && i <= 'Z') || (i >= '0' && i <= '9') || i == '_' || i == '-' ||
i == '\''))
return false;
return true;
}
// From nix/src/nix/repl.cc
std::ostream & printStringValue(std::ostream & str, const char * string)
{
str << "\"";
for (const char * i = string; *i; i++)
if (*i == '\"' || *i == '\\')
str << "\\" << *i;
else if (*i == '\n')
str << "\\n";
else if (*i == '\r')
str << "\\r";
else if (*i == '\t')
str << "\\t";
else
str << *i;
str << "\"";
return str;
}

9
nixos/modules/installer/tools/nixos-option/libnix-copy-paste.hh Normal file
View file

@ -0,0 +1,9 @@
#pragma once
#include <iostream>
#include <nix/types.hh>
#include <string>
nix::Strings parseAttrPath(const std::string & s);
bool isVarName(const std::string & s);
std::ostream & printStringValue(std::ostream & str, const char * string);

618
nixos/modules/installer/tools/nixos-option/nixos-option.cc Normal file
View file

@ -0,0 +1,618 @@
#include <nix/config.h> // for nix/globals.hh's reference to SYSTEM
#include <exception> // for exception_ptr, current_exception
#include <functional> // for function
#include <iostream> // for operator<<, basic_ostream, ostrin...
#include <iterator> // for next
#include <list> // for _List_iterator
#include <memory> // for allocator, unique_ptr, make_unique
#include <new> // for operator new
#include <nix/args.hh> // for argvToStrings, UsageError
#include <nix/attr-path.hh> // for findAlongAttrPath
#include <nix/attr-set.hh> // for Attr, Bindings, Bindings::iterator
#include <nix/common-eval-args.hh> // for MixEvalArgs
#include <nix/eval-inline.hh> // for EvalState::forceValue
#include <nix/eval.hh> // for EvalState, initGC, operator<<
#include <nix/globals.hh> // for initPlugins, Settings, settings
#include <nix/nixexpr.hh> // for Pos
#include <nix/shared.hh> // for getArg, LegacyArgs, printVersion
#include <nix/store-api.hh> // for openStore
#include <nix/symbol-table.hh> // for Symbol, SymbolTable
#include <nix/types.hh> // for Error, Path, Strings, PathSet
#include <nix/util.hh> // for absPath, baseNameOf
#include <nix/value.hh> // for Value, Value::(anonymous), Value:...
#include <string> // for string, operator+, operator==
#include <utility> // for move
#include <variant> // for get, holds_alternative, variant
#include <vector> // for vector<>::iterator, vector
#include "libnix-copy-paste.hh"
using nix::absPath;
using nix::Bindings;
using nix::Error;
using nix::EvalError;
using nix::EvalState;
using nix::Path;
using nix::PathSet;
using nix::Strings;
using nix::Symbol;
using nix::tAttrs;
using nix::ThrownError;
using nix::tLambda;
using nix::tString;
using nix::UsageError;
using nix::Value;
// An ostream wrapper to handle nested indentation
class Out
{
public:
class Separator
{};
const static Separator sep;
enum LinePolicy
{
ONE_LINE,
MULTI_LINE
};
explicit Out(std::ostream & ostream) : ostream(ostream), policy(ONE_LINE), writeSinceSep(true) {}
Out(Out & o, const std::string & start, const std::string & end, LinePolicy policy);
Out(Out & o, const std::string & start, const std::string & end, int count)
: Out(o, start, end, count < 2 ? ONE_LINE : MULTI_LINE)
{}
Out(const Out &) = delete;
Out(Out &&) = default;
Out & operator=(const Out &) = delete;
Out & operator=(Out &&) = delete;
~Out() { ostream << end; }
private:
std::ostream & ostream;
std::string indentation;
std::string end;
LinePolicy policy;
bool writeSinceSep;
template <typename T> friend Out & operator<<(Out & o, T thing);
};
template <typename T> Out & operator<<(Out & o, T thing)
{
if (!o.writeSinceSep && o.policy == Out::MULTI_LINE) {
o.ostream << o.indentation;
}
o.writeSinceSep = true;
o.ostream << thing;
return o;
}
template <> Out & operator<<<Out::Separator>(Out & o, Out::Separator /* thing */)
{
o.ostream << (o.policy == Out::ONE_LINE ? " " : "\n");
o.writeSinceSep = false;
return o;
}
Out::Out(Out & o, const std::string & start, const std::string & end, LinePolicy policy)
: ostream(o.ostream), indentation(policy == ONE_LINE ? o.indentation : o.indentation + " "),
end(policy == ONE_LINE ? end : o.indentation + end), policy(policy), writeSinceSep(true)
{
o << start;
*this << Out::sep;
}
// Stuff needed for evaluation
struct Context
{
Context(EvalState & state, Bindings & autoArgs, Value optionsRoot, Value configRoot)
: state(state), autoArgs(autoArgs), optionsRoot(optionsRoot), configRoot(configRoot),
underscoreType(state.symbols.create("_type"))
{}
EvalState & state;
Bindings & autoArgs;
Value optionsRoot;
Value configRoot;
Symbol underscoreType;
};
Value evaluateValue(Context & ctx, Value & v)
{
ctx.state.forceValue(v);
if (ctx.autoArgs.empty()) {
return v;
}
Value called{};
ctx.state.autoCallFunction(ctx.autoArgs, v, called);
return called;
}
bool isOption(Context & ctx, const Value & v)
{
if (v.type != tAttrs) {
return false;
}
const auto & atualType = v.attrs->find(ctx.underscoreType);
if (atualType == v.attrs->end()) {
return false;
}
try {
Value evaluatedType = evaluateValue(ctx, *atualType->value);
if (evaluatedType.type != tString) {
return false;
}
return static_cast<std::string>(evaluatedType.string.s) == "option";
} catch (Error &) {
return false;
}
}
// Add quotes to a component of a path.
// These are needed for paths like:
// fileSystems."/".fsType
// systemd.units."dbus.service".text
std::string quoteAttribute(const std::string & attribute)
{
if (isVarName(attribute)) {
return attribute;
}
std::ostringstream buf;
printStringValue(buf, attribute.c_str());
return buf.str();
}
const std::string appendPath(const std::string & prefix, const std::string & suffix)
{
if (prefix.empty()) {
return quoteAttribute(suffix);
}
return prefix + "." + quoteAttribute(suffix);
}
bool forbiddenRecursionName(std::string name) { return (!name.empty() && name[0] == '_') || name == "haskellPackages"; }
void recurse(const std::function<bool(const std::string & path, std::variant<Value, std::exception_ptr>)> & f,
Context & ctx, Value v, const std::string & path)
{
std::variant<Value, std::exception_ptr> evaluated;
try {
evaluated = evaluateValue(ctx, v);
} catch (Error &) {
evaluated = std::current_exception();
}
if (!f(path, evaluated)) {
return;
}
if (std::holds_alternative<std::exception_ptr>(evaluated)) {
return;
}
const Value & evaluated_value = std::get<Value>(evaluated);
if (evaluated_value.type != tAttrs) {
return;
}
for (const auto & child : evaluated_value.attrs->lexicographicOrder()) {
if (forbiddenRecursionName(child->name)) {
continue;
}
recurse(f, ctx, *child->value, appendPath(path, child->name));
}
}
// Calls f on all the option names
void mapOptions(const std::function<void(const std::string & path)> & f, Context & ctx, Value root)
{
recurse(
[f, &ctx](const std::string & path, std::variant<Value, std::exception_ptr> v) {
bool isOpt = std::holds_alternative<std::exception_ptr>(v) || isOption(ctx, std::get<Value>(v));
if (isOpt) {
f(path);
}
return !isOpt;
},
ctx, root, "");
}
// Calls f on all the config values inside one option.
// Simple options have one config value inside, like sound.enable = true.
// Compound options have multiple config values. For example, the option
// "users.users" has about 1000 config values inside it:
// users.users.avahi.createHome = false;
// users.users.avahi.cryptHomeLuks = null;
// users.users.avahi.description = "`avahi-daemon' privilege separation user";
// ...
// users.users.avahi.openssh.authorizedKeys.keyFiles = [ ];
// users.users.avahi.openssh.authorizedKeys.keys = [ ];
// ...
// users.users.avahi.uid = 10;
// users.users.avahi.useDefaultShell = false;
// users.users.cups.createHome = false;
// ...
// users.users.cups.useDefaultShell = false;
// users.users.gdm = ... ... ...
// users.users.messagebus = ... .. ...
// users.users.nixbld1 = ... .. ...
// ...
// users.users.systemd-timesync = ... .. ...
void mapConfigValuesInOption(
const std::function<void(const std::string & path, std::variant<Value, std::exception_ptr> v)> & f,
const std::string & path, Context & ctx)
{
Value * option;
try {
option = findAlongAttrPath(ctx.state, path, ctx.autoArgs, ctx.configRoot);
} catch (Error &) {
f(path, std::current_exception());
return;
}
recurse(
[f, ctx](const std::string & path, std::variant<Value, std::exception_ptr> v) {
bool leaf = std::holds_alternative<std::exception_ptr>(v) || std::get<Value>(v).type != tAttrs ||
ctx.state.isDerivation(std::get<Value>(v));
if (!leaf) {
return true; // Keep digging
}
f(path, v);
return false;
},
ctx, *option, path);
}
std::string describeError(const Error & e) { return "«error: " + e.msg() + "»"; }
void describeDerivation(Context & ctx, Out & out, Value v)
{
// Copy-pasted from nix/src/nix/repl.cc :(
Bindings::iterator i = v.attrs->find(ctx.state.sDrvPath);
PathSet pathset;
try {
Path drvPath = i != v.attrs->end() ? ctx.state.coerceToPath(*i->pos, *i->value, pathset) : "???";
out << "«derivation " << drvPath << "»";
} catch (Error & e) {
out << describeError(e);
}
}
Value parseAndEval(EvalState & state, const std::string & expression, const std::string & path)
{
Value v{};
state.eval(state.parseExprFromString(expression, absPath(path)), v);
return v;
}
void printValue(Context & ctx, Out & out, std::variant<Value, std::exception_ptr> maybeValue, const std::string & path);
void printList(Context & ctx, Out & out, Value & v)
{
Out listOut(out, "[", "]", v.listSize());
for (unsigned int n = 0; n < v.listSize(); ++n) {
printValue(ctx, listOut, *v.listElems()[n], "");
listOut << Out::sep;
}
}
void printAttrs(Context & ctx, Out & out, Value & v, const std::string & path)
{
Out attrsOut(out, "{", "}", v.attrs->size());
for (const auto & a : v.attrs->lexicographicOrder()) {
std::string name = a->name;
attrsOut << name << " = ";
printValue(ctx, attrsOut, *a->value, appendPath(path, name));
attrsOut << ";" << Out::sep;
}
}
void multiLineStringEscape(Out & out, const std::string & s)
{
int i;
for (i = 1; i < s.size(); i++) {
if (s[i - 1] == '$' && s[i] == '{') {
out << "''${";
i++;
} else if (s[i - 1] == '\'' && s[i] == '\'') {
out << "'''";
i++;
} else {
out << s[i - 1];
}
}
if (i == s.size()) {
out << s[i - 1];
}
}
void printMultiLineString(Out & out, const Value & v)
{
std::string s = v.string.s;
Out strOut(out, "''", "''", Out::MULTI_LINE);
std::string::size_type begin = 0;
while (begin < s.size()) {
std::string::size_type end = s.find('\n', begin);
if (end == std::string::npos) {
multiLineStringEscape(strOut, s.substr(begin, s.size() - begin));
break;
}
multiLineStringEscape(strOut, s.substr(begin, end - begin));
strOut << Out::sep;
begin = end + 1;
}
}
void printValue(Context & ctx, Out & out, std::variant<Value, std::exception_ptr> maybeValue, const std::string & path)
{
try {
if (auto ex = std::get_if<std::exception_ptr>(&maybeValue)) {
std::rethrow_exception(*ex);
}
Value v = evaluateValue(ctx, std::get<Value>(maybeValue));
if (ctx.state.isDerivation(v)) {
describeDerivation(ctx, out, v);
} else if (v.isList()) {
printList(ctx, out, v);
} else if (v.type == tAttrs) {
printAttrs(ctx, out, v, path);
} else if (v.type == tString && std::string(v.string.s).find('\n') != std::string::npos) {
printMultiLineString(out, v);
} else {
ctx.state.forceValueDeep(v);
out << v;
}
} catch (ThrownError & e) {
if (e.msg() == "The option `" + path + "' is used but not defined.") {
// 93% of errors are this, and just letting this message through would be
// misleading. These values may or may not actually be "used" in the
// config. The thing throwing the error message assumes that if anything
// ever looks at this value, it is a "use" of this value. But here in
// nixos-option, we are looking at this value only to print it.
// In order to avoid implying that this undefined value is actually
// referenced, eat the underlying error message and emit "«not defined»".
out << "«not defined»";
} else {
out << describeError(e);
}
} catch (Error & e) {
out << describeError(e);
}
}
void printConfigValue(Context & ctx, Out & out, const std::string & path, std::variant<Value, std::exception_ptr> v)
{
out << path << " = ";
printValue(ctx, out, std::move(v), path);
out << ";\n";
}
void printAll(Context & ctx, Out & out)
{
mapOptions(
[&ctx, &out](const std::string & optionPath) {
mapConfigValuesInOption(
[&ctx, &out](const std::string & configPath, std::variant<Value, std::exception_ptr> v) {
printConfigValue(ctx, out, configPath, v);
},
optionPath, ctx);
},
ctx, ctx.optionsRoot);
}
void printAttr(Context & ctx, Out & out, const std::string & path, Value & root)
{
try {
printValue(ctx, out, *findAlongAttrPath(ctx.state, path, ctx.autoArgs, root), path);
} catch (Error & e) {
out << describeError(e);
}
}
bool hasExample(Context & ctx, Value & option)
{
try {
findAlongAttrPath(ctx.state, "example", ctx.autoArgs, option);
return true;
} catch (Error &) {
return false;
}
}
void printOption(Context & ctx, Out & out, const std::string & path, Value & option)
{
out << "Value:\n";
printAttr(ctx, out, path, ctx.configRoot);
out << "\n\nDefault:\n";
printAttr(ctx, out, "default", option);
out << "\n\nType:\n";
printAttr(ctx, out, "type.description", option);
if (hasExample(ctx, option)) {
out << "\n\nExample:\n";
printAttr(ctx, out, "example", option);
}
out << "\n\nDescription:\n";
printAttr(ctx, out, "description", option);
out << "\n\nDeclared by:\n";
printAttr(ctx, out, "declarations", option);
out << "\n\nDefined by:\n";
printAttr(ctx, out, "files", option);
out << "\n";
}
void printListing(Out & out, Value & v)
{
out << "This attribute set contains:\n";
for (const auto & a : v.attrs->lexicographicOrder()) {
std::string name = a->name;
if (!name.empty() && name[0] != '_') {
out << name << "\n";
}
}
}
bool optionTypeIs(Context & ctx, Value & v, const std::string & soughtType)
{
try {
const auto & typeLookup = v.attrs->find(ctx.state.sType);
if (typeLookup == v.attrs->end()) {
return false;
}
Value type = evaluateValue(ctx, *typeLookup->value);
if (type.type != tAttrs) {
return false;
}
const auto & nameLookup = type.attrs->find(ctx.state.sName);
if (nameLookup == type.attrs->end()) {
return false;
}
Value name = evaluateValue(ctx, *nameLookup->value);
if (name.type != tString) {
return false;
}
return name.string.s == soughtType;
} catch (Error &) {
return false;
}
}
bool isAggregateOptionType(Context & ctx, Value & v)
{
return optionTypeIs(ctx, v, "attrsOf") || optionTypeIs(ctx, v, "listOf") || optionTypeIs(ctx, v, "loaOf");
}
MakeError(OptionPathError, EvalError);
Value getSubOptions(Context & ctx, Value & option)
{
Value getSubOptions = evaluateValue(ctx, *findAlongAttrPath(ctx.state, "type.getSubOptions", ctx.autoArgs, option));
if (getSubOptions.type != tLambda) {
throw OptionPathError("Option's type.getSubOptions isn't a function");
}
Value emptyString{};
nix::mkString(emptyString, "");
Value v;
ctx.state.callFunction(getSubOptions, emptyString, v, nix::Pos{});
return v;
}
// Carefully walk an option path, looking for sub-options when a path walks past
// an option value.
Value findAlongOptionPath(Context & ctx, const std::string & path)
{
Strings tokens = parseAttrPath(path);
Value v = ctx.optionsRoot;
for (auto i = tokens.begin(); i != tokens.end(); i++) {
const auto & attr = *i;
try {
bool lastAttribute = std::next(i) == tokens.end();
v = evaluateValue(ctx, v);
if (attr.empty()) {
throw OptionPathError("empty attribute name");
}
if (isOption(ctx, v) && optionTypeIs(ctx, v, "submodule")) {
v = getSubOptions(ctx, v);
}
if (isOption(ctx, v) && isAggregateOptionType(ctx, v) && !lastAttribute) {
v = getSubOptions(ctx, v);
// Note that we've consumed attr, but didn't actually use it. This is the path component that's looked
// up in the list or attribute set that doesn't name an option -- the "root" in "users.users.root.name".
} else if (v.type != tAttrs) {
throw OptionPathError("Value is %s while a set was expected", showType(v));
} else {
const auto & next = v.attrs->find(ctx.state.symbols.create(attr));
if (next == v.attrs->end()) {
throw OptionPathError("Attribute not found", attr, path);
}
v = *next->value;
}
} catch (OptionPathError & e) {
throw OptionPathError("At '%s' in path '%s': %s", attr, path, e.msg());
}
}
return v;
}
void printOne(Context & ctx, Out & out, const std::string & path)
{
try {
Value option = findAlongOptionPath(ctx, path);
option = evaluateValue(ctx, option);
if (isOption(ctx, option)) {
printOption(ctx, out, path, option);
} else {
printListing(out, option);
}
} catch (Error & e) {
std::cerr << "error: " << e.msg()
<< "\nAn error occurred while looking for attribute names. Are "
"you sure that '"
<< path << "' exists?\n";
}
}
int main(int argc, char ** argv)
{
bool all = false;
std::string path = ".";
std::string optionsExpr = "(import <nixpkgs/nixos> {}).options";
std::string configExpr = "(import <nixpkgs/nixos> {}).config";
std::vector<std::string> args;
struct MyArgs : nix::LegacyArgs, nix::MixEvalArgs
{
using nix::LegacyArgs::LegacyArgs;
};
MyArgs myArgs(nix::baseNameOf(argv[0]), [&](Strings::iterator & arg, const Strings::iterator & end) {
if (*arg == "--help") {
nix::showManPage("nixos-option");
} else if (*arg == "--version") {
nix::printVersion("nixos-option");
} else if (*arg == "--all") {
all = true;
} else if (*arg == "--path") {
path = nix::getArg(*arg, arg, end);
} else if (*arg == "--options_expr") {
optionsExpr = nix::getArg(*arg, arg, end);
} else if (*arg == "--config_expr") {
configExpr = nix::getArg(*arg, arg, end);
} else if (!arg->empty() && arg->at(0) == '-') {
return false;
} else {
args.push_back(*arg);
}
return true;
});
myArgs.parseCmdline(nix::argvToStrings(argc, argv));
nix::initPlugins();
nix::initGC();
nix::settings.readOnlyMode = true;
auto store = nix::openStore();
auto state = std::make_unique<EvalState>(myArgs.searchPath, store);
Value optionsRoot = parseAndEval(*state, optionsExpr, path);
Value configRoot = parseAndEval(*state, configExpr, path);
Context ctx{*state, *myArgs.getAutoArgs(*state), optionsRoot, configRoot};
Out out(std::cout);
if (all) {
if (!args.empty()) {
throw UsageError("--all cannot be used with arguments");
}
printAll(ctx, out);
} else {
if (args.empty()) {
printOne(ctx, out, "");
}
for (const auto & arg : args) {
printOne(ctx, out, arg);
}
}
ctx.state.printStats();
return 0;
}

7
nixos/modules/installer/tools/tools.nix
View file

@ -41,10 +41,7 @@ let
inherit (config.system.nixos-generate-config) configuration;
};
nixos-option = makeProg {
name = "nixos-option";
src = ./nixos-option.sh;
};
nixos-option = pkgs.callPackage ./nixos-option { };
nixos-version = makeProg {
name = "nixos-version";
@ -123,7 +120,7 @@ in
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# flavour = "gnome3";
# pinentryFlavor = "gnome3";
# };
# List services that you want to enable:

6
nixos/modules/module-list.nix
View file

@ -44,6 +44,7 @@
./hardware/all-firmware.nix
./hardware/bladeRF.nix
./hardware/brightnessctl.nix
./hardware/brillo.nix
./hardware/ckb-next.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
@ -619,7 +620,6 @@
./services/networking/iodine.nix
./services/networking/iperf3.nix
./services/networking/ircd-hybrid/default.nix
./services/networking/jormungandr.nix
./services/networking/iwd.nix
./services/networking/keepalived/default.nix
./services/networking/keybase.nix
@ -718,6 +718,7 @@
./services/networking/tinc.nix
./services/networking/tinydns.nix
./services/networking/tftpd.nix
./services/networking/trickster.nix
./services/networking/tox-bootstrapd.nix
./services/networking/tox-node.nix
./services/networking/toxvpn.nix
@ -811,8 +812,10 @@
./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
@ -863,6 +866,7 @@
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/hardware/digimend.nix
./services/x11/hardware/cmt.nix
./services/x11/gdk-pixbuf.nix
./services/x11/redshift.nix

2
nixos/modules/programs/gnupg.nix
View file

@ -121,6 +121,8 @@ in
wantedBy = [ "sockets.target" ];
};
services.dbus.packages = mkIf (cfg.agent.pinentryFlavor == "gnome3") [ pkgs.gcr ];
environment.systemPackages = with pkgs; [ cfg.package ];
systemd.packages = [ cfg.package ];

11
nixos/modules/programs/ssh.nix
View file

@ -115,6 +115,16 @@ in
'';
};
agentPKCS11Whitelist = mkOption {
type = types.nullOr types.str;
default = null;
example = "\${pkgs.opensc}/lib/opensc-pkcs11.so";
description = ''
A pattern-list of acceptable paths for PKCS#11 shared libraries
that may be used with the -s option to ssh-add.
'';
};
package = mkOption {
type = types.package;
default = pkgs.openssh;
@ -241,6 +251,7 @@ in
ExecStart =
"${cfg.package}/bin/ssh-agent " +
optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") +
optionalString (cfg.agentPKCS11Whitelist != null) ("-P ${cfg.agentPKCS11Whitelist} ")
"-a %t/ssh-agent";
StandardOutput = "null";
Type = "forking";

1
nixos/modules/programs/x2goserver.nix
View file

@ -69,6 +69,7 @@ in {
users.users.x2go = {
home = "/var/lib/x2go/db";
group = "x2go";
isSystemUser = true;
};
security.wrappers.x2gosqliteWrapper = {

6
nixos/modules/security/pam_mount.nix
View file

@ -50,9 +50,6 @@ in
<pam_mount>
<debug enable="0" />
${concatStrings (map userVolumeEntry (attrValues extraUserVolumes))}
${concatStringsSep "\n" cfg.extraVolumes}
<!-- if activated, requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" />
<!-- set PATH variable for pam_mount module -->
@ -64,6 +61,9 @@ in
<cryptmount>${pkgs.pam_mount}/bin/mount.crypt %(VOLUME) %(MNTPT)</cryptmount>
<cryptumount>${pkgs.pam_mount}/bin/umount.crypt %(MNTPT)</cryptumount>
<pmvarrun>${pkgs.pam_mount}/bin/pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun>
${concatStrings (map userVolumeEntry (attrValues extraUserVolumes))}
${concatStringsSep "\n" cfg.extraVolumes}
</pam_mount>
'';
}];

1
nixos/modules/services/admin/oxidized.nix
View file

@ -89,6 +89,7 @@ in
group = cfg.group;
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
};
systemd.services.oxidized = {

1
nixos/modules/services/audio/jack.nix
View file

@ -223,6 +223,7 @@ in {
group = "jackaudio";
extraGroups = [ "audio" ];
description = "JACK Audio system service user";
isSystemUser = true;
};
# http://jackaudio.org/faq/linux_rt_config.html
security.pam.loginLimits = [

1
nixos/modules/services/audio/mpd.nix
View file

@ -181,6 +181,7 @@ in {
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
};
};

5
nixos/modules/services/backup/automysqlbackup.nix
View file

@ -99,7 +99,10 @@ in
environment.systemPackages = [ pkg ];
users.users.${user}.group = group;
users.users.${user} = {
group = group;
isSystemUser = true;
};
users.groups.${group} = { };
systemd.tmpfiles.rules = [

1
nixos/modules/services/continuous-integration/buildkite-agent.nix
View file

@ -191,6 +191,7 @@ in
createHome = true;
description = "Buildkite agent user";
extraGroups = [ "keys" ];
isSystemUser = true;
};
environment.systemPackages = [ cfg.package ];

5
nixos/modules/services/databases/redis.nix
View file

@ -194,7 +194,10 @@ in
allowedTCPPorts = [ cfg.port ];
};
users.users.redis.description = "Redis database user";
users.users.redis = {
description = "Redis database user";
isSystemUser = true;
};
environment.systemPackages = [ cfg.package ];

1
nixos/modules/services/databases/rethinkdb.nix
View file

@ -99,6 +99,7 @@ in
users.users.rethinkdb = mkIf (cfg.user == "rethinkdb")
{ name = "rethinkdb";
description = "RethinkDB server user";
isSystemUser = true;
};
users.groups = optionalAttrs (cfg.group == "rethinkdb") (singleton

1
nixos/modules/services/editors/infinoted.nix
View file

@ -115,6 +115,7 @@ in {
{ name = "infinoted";
description = "Infinoted user";
group = cfg.group;
isSystemUser = true;
};
users.groups = optional (cfg.group == "infinoted")
{ name = "infinoted";

1
nixos/modules/services/hardware/trezord.nix
View file

@ -61,6 +61,7 @@ in {
users.users.trezord = {
group = "trezord";
description = "Trezor bridge daemon user";
isSystemUser = true;
};
users.groups.trezord = {};

1
nixos/modules/services/hardware/usbmuxd.nix
View file

@ -47,6 +47,7 @@ in
name = cfg.user;
description = "usbmuxd user";
group = cfg.group;
isSystemUser = true;
};
users.groups = optional (cfg.group == defaultUserGroup) {

1
nixos/modules/services/hardware/vdr.nix
View file

@ -66,6 +66,7 @@ in {
users.users.vdr = {
group = "vdr";
home = libDir;
isSystemUser = true;
};
users.groups.vdr = {};

1
nixos/modules/services/mail/mailhog.nix
View file

@ -27,6 +27,7 @@ in {
users.users.mailhog = {
name = cfg.user;
description = "MailHog service user";
isSystemUser = true;
};
systemd.services.mailhog = {

1
nixos/modules/services/misc/airsonic.nix
View file

@ -148,6 +148,7 @@ in {
name = cfg.user;
home = cfg.home;
createHome = true;
isSystemUser = true;
};
};
}

6
nixos/modules/services/misc/docker-registry.nix
View file

@ -145,11 +145,13 @@ in {
};
users.users.docker-registry =
if cfg.storagePath != null
(if cfg.storagePath != null
then {
createHome = true;
home = cfg.storagePath;
}
else {};
else {}) // {
isSystemUser = true;
};
};
}

5
nixos/modules/services/misc/errbot.nix
View file

@ -76,7 +76,10 @@ in {
};
config = mkIf (cfg.instances != {}) {
users.users.errbot.group = "errbot";
users.users.errbot = {
group = "errbot";
isSystemUser = true;
};
users.groups.errbot = {};
systemd.services = mapAttrs' (name: instanceCfg: nameValuePair "errbot-${name}" (

1
nixos/modules/services/misc/gitea.nix
View file

@ -409,6 +409,7 @@ in
home = cfg.stateDir;
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
};

1
nixos/modules/services/misc/gollum.nix
View file

@ -71,6 +71,7 @@ in
group = config.users.users.gollum.name;
description = "Gollum user";
createHome = false;
isSystemUser = true;
};
users.groups.gollum = { };

5
nixos/modules/services/misc/jellyfin.nix
View file

@ -41,7 +41,10 @@ in
};
users.users = mkIf (cfg.user == "jellyfin") {
jellyfin.group = cfg.group;
jellyfin = {
group = cfg.group;
isSystemUser = true;
};
};
users.groups = mkIf (cfg.group == "jellyfin") {

3
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -407,6 +407,9 @@ in {
"192.168.0.0/16"
"100.64.0.0/10"
"169.254.0.0/16"
"::1/128"
"fe80::/64"
"fc00::/7"
];
description = ''
List of IP address CIDR ranges that the URL preview spider is denied

1
nixos/modules/services/misc/osrm.nix
View file

@ -59,6 +59,7 @@ in
group = config.users.users.osrm.name;
description = "OSRM user";
createHome = false;
isSystemUser = true;
};
users.groups.osrm = { };

1
nixos/modules/services/monitoring/collectd.nix
View file

@ -131,6 +131,7 @@ in {
users.users = optional (cfg.user == "collectd") {
name = "collectd";
isSystemUser = true;
};
};
}

1
nixos/modules/services/monitoring/fusion-inventory.nix
View file

@ -49,6 +49,7 @@ in {
users.users = singleton {
name = "fusion-inventory";
description = "FusionInventory user";
isSystemUser = true;
};
systemd.services.fusion-inventory = {

3
nixos/modules/services/monitoring/netdata.nix
View file

@ -138,7 +138,7 @@ in {
description = "Real time performance monitoring";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = (with pkgs; [ gawk curl ]) ++ lib.optional cfg.python.enable
path = (with pkgs; [ curl gawk which ]) ++ lib.optional cfg.python.enable
(pkgs.python3.withPackages cfg.python.extraPackages);
serviceConfig = {
Environment="PYTHONPATH=${pkgs.netdata}/libexec/netdata/python.d/python_modules";
@ -181,6 +181,7 @@ in {
users.users = optional (cfg.user == defaultUser) {
name = defaultUser;
isSystemUser = true;
};
users.groups = optional (cfg.group == defaultUser) {

1
nixos/modules/services/monitoring/zabbix-agent.nix
View file

@ -131,6 +131,7 @@ in
users.users.${user} = {
description = "Zabbix Agent daemon user";
inherit group;
isSystemUser = true;
};
users.groups.${group} = { };

1
nixos/modules/services/networking/bitcoind.nix
View file

@ -187,6 +187,7 @@ in {
group = cfg.group;
description = "Bitcoin daemon user";
home = cfg.dataDir;
isSystemUser = true;
};
users.groups.${cfg.group} = {
name = cfg.group;

2
nixos/modules/services/networking/dnscache.nix
View file

@ -84,7 +84,7 @@ in {
config = mkIf config.services.dnscache.enable {
environment.systemPackages = [ pkgs.djbdns ];
users.users.dnscache = {};
users.users.dnscache.isSystemUser = true;
systemd.services.dnscache = {
description = "djbdns dnscache server";

1
nixos/modules/services/networking/dnscrypt-wrapper.nix
View file

@ -142,6 +142,7 @@ in {
description = "dnscrypt-wrapper daemon user";
home = "${dataDir}";
createHome = true;
isSystemUser = true;
};
users.groups.dnscrypt-wrapper = { };

1
nixos/modules/services/networking/hans.nix
View file

@ -138,6 +138,7 @@ in
users.users = singleton {
name = hansUser;
description = "Hans daemon user";
isSystemUser = true;
};
};

102
nixos/modules/services/networking/jormungandr.nix
View file

@ -1,102 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.jormungandr;
inherit (lib) mkEnableOption mkIf mkOption;
inherit (lib) optionalString types;
dataDir = "/var/lib/jormungandr";
# Default settings so far, as the service matures we will
# move these out as separate settings
configSettings = {
storage = dataDir;
p2p = {
public_address = "/ip4/127.0.0.1/tcp/8299";
topics_of_interest = {
messages = "high";
blocks = "high";
};
};
rest = {
listen = "127.0.0.1:8607";
};
};
configFile = if cfg.configFile == null then
pkgs.writeText "jormungandr.yaml" (builtins.toJSON configSettings)
else cfg.configFile;
in {
options = {
services.jormungandr = {
enable = mkEnableOption "jormungandr service";
configFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/lib/jormungandr/node.yaml";
description = ''
The path of the jormungandr blockchain configuration file in YAML format.
If no file is specified, a file is generated using the other options.
'';
};
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/etc/secret/jormungandr.yaml";
description = ''
The path of the jormungandr blockchain secret node configuration file in
YAML format. Do not store this in nix store!
'';
};
genesisBlockHash = mkOption {
type = types.nullOr types.str;
default = null;
example = "d70495af81ae8600aca3e642b2427327cb6001ec4d7a0037e96a00dabed163f9";
description = ''
Set the genesis block hash (the hash of the block0) so we can retrieve
the genesis block (and the blockchain configuration) from the existing
storage or from the network.
'';
};
genesisBlockFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/lib/jormungandr/block-0.bin";
description = ''
The path of the genesis block file if we are hosting it locally.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.jormungandr = {
description = "jormungandr server";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
environment = {
RUST_BACKTRACE = "full";
};
serviceConfig = {
DynamicUser = true;
StateDirectory = baseNameOf dataDir;
ExecStart = ''
${pkgs.jormungandr}/bin/jormungandr --config ${configFile} \
${optionalString (cfg.secretFile != null) " --secret ${cfg.secretFile}"} \
${optionalString (cfg.genesisBlockHash != null) " --genesis-block-hash ${cfg.genesisBlockHash}"} \
${optionalString (cfg.genesisBlockFile != null) " --genesis-block ${cfg.genesisBlockFile}"}
'';
};
};
};
}

1
nixos/modules/services/networking/matterbridge.nix
View file

@ -95,6 +95,7 @@ in
users.users = optional (cfg.user == "matterbridge")
{ name = "matterbridge";
group = "matterbridge";
isSystemUser = true;
};
users.groups = optional (cfg.group == "matterbridge")

1
nixos/modules/services/networking/morty.nix
View file

@ -74,6 +74,7 @@ in
{ description = "Morty user";
createHome = true;
home = "/var/lib/morty";
isSystemUser = true;
};
systemd.services.morty =

2
nixos/modules/services/networking/nat.nix
View file

@ -29,7 +29,7 @@ let
iptables -w -t nat -N nixos-nat-post
# We can't match on incoming interface in POSTROUTING, so
# mark packets coming from the external interfaces.
# mark packets coming from the internal interfaces.
${concatMapStrings (iface: ''
iptables -w -t nat -A nixos-nat-pre \
-i '${iface}' -j MARK --set-mark 1

1
nixos/modules/services/networking/nghttpx/default.nix
View file

@ -96,6 +96,7 @@ in
users.groups.nghttpx = { };
users.users.nghttpx = {
group = config.users.groups.nghttpx.name;
isSystemUser = true;
};

1
nixos/modules/services/networking/owamp.nix
View file

@ -21,6 +21,7 @@ in
name = "owamp";
group = "owamp";
description = "Owamp daemon";
isSystemUser = true;
};
users.groups = singleton {

1
nixos/modules/services/networking/thelounge.nix
View file

@ -56,6 +56,7 @@ in {
users.users.thelounge = {
description = "thelounge service user";
group = "thelounge";
isSystemUser = true;
};
users.groups.thelounge = {};
systemd.services.thelounge = {

2
nixos/modules/services/networking/tinydns.nix
View file

@ -32,7 +32,7 @@ with lib;
config = mkIf config.services.tinydns.enable {
environment.systemPackages = [ pkgs.djbdns ];
users.users.tinydns = {};
users.users.tinydns.isSystemUser = true;
systemd.services.tinydns = {
description = "djbdns tinydns server";

112
nixos/modules/services/networking/trickster.nix Normal file
View file

@ -0,0 +1,112 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.trickster;
in
{
options = {
services.trickster = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable Trickster.
'';
};
package = mkOption {
type = types.package;
default = pkgs.trickster;
defaultText = "pkgs.trickster";
description = ''
Package that should be used for trickster.
'';
};
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to configuration file.
'';
};
instance-id = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
Instance ID for when running multiple processes (default null).
'';
};
log-level = mkOption {
type = types.str;
default = "info";
description = ''
Level of Logging to use (debug, info, warn, error) (default "info").
'';
};
metrics-port = mkOption {
type = types.port;
default = 8082;
description = ''
Port that the /metrics endpoint will listen on.
'';
};
origin = mkOption {
type = types.str;
default = "http://prometheus:9090";
description = ''
URL to the Prometheus Origin. Enter it like you would in grafana, e.g., http://prometheus:9090 (default http://prometheus:9090).
'';
};
profiler-port = mkOption {
type = types.nullOr types.port;
default = null;
description = ''
Port that the /debug/pprof endpoint will listen on.
'';
};
proxy-port = mkOption {
type = types.port;
default = 9090;
description = ''
Port that the Proxy server will listen on.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.trickster = {
description = "Dashboard Accelerator for Prometheus";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${cfg.package}/bin/trickster \
-log-level ${cfg.log-level} \
-metrics-port ${toString cfg.metrics-port} \
-origin ${cfg.origin} \
-proxy-port ${toString cfg.proxy-port} \
${optionalString (cfg.configFile != null) "-config ${cfg.configFile}"} \
${optionalString (cfg.profiler-port != null) "-profiler-port ${cfg.profiler-port}"} \
${optionalString (cfg.instance-id != null) "-instance-id ${cfg.instance-id}"}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always";
};
};
};
}

2
nixos/modules/services/scheduling/marathon.nix
View file

@ -93,6 +93,6 @@ in {
};
};
users.users.${cfg.user} = { };
users.users.${cfg.user}.isSystemUser = true;
};
}

5
nixos/modules/services/security/bitwarden_rs/default.nix
View file

@ -74,7 +74,10 @@ in {
webVaultEnabled = mkDefault true;
};
users.users.bitwarden_rs = { inherit group; };
users.users.bitwarden_rs = {
inherit group;
isSystemUser = true;
};
users.groups.bitwarden_rs = { };
systemd.services.bitwarden_rs = {

1
nixos/modules/services/security/oauth2_proxy.nix
View file

@ -546,6 +546,7 @@ in
users.users.oauth2_proxy = {
description = "OAuth2 Proxy";
isSystemUser = true;
};
systemd.services.oauth2_proxy = {

5
nixos/modules/services/security/vault.nix
View file

@ -119,9 +119,8 @@ in
};
users.groups.vault.gid = config.ids.gids.vault;
systemd.tmpfiles.rules = optional (cfg.storagePath != null) [
"d '${cfg.storagePath}' 0700 vault vault - -"
];
systemd.tmpfiles.rules = optional (cfg.storagePath != null)
"d '${cfg.storagePath}' 0700 vault vault - -";
systemd.services.vault = {
description = "Vault server daemon";

1
nixos/modules/services/torrent/magnetico.nix
View file

@ -171,6 +171,7 @@ in {
users.users.magnetico = {
description = "Magnetico daemons user";
isSystemUser = true;
};
systemd.services.magneticod = {

1
nixos/modules/services/web-apps/codimd.nix
View file

@ -893,6 +893,7 @@ in
extraGroups = cfg.groups;
home = cfg.workDir;
createHome = true;
isSystemUser = true;
};
systemd.services.codimd = {

1
nixos/modules/services/web-apps/frab.nix
View file

@ -177,6 +177,7 @@ in
{ name = cfg.user;
group = cfg.group;
home = "${cfg.statePath}";
isSystemUser = true;
}
];

5
nixos/modules/services/web-apps/limesurvey.nix
View file

@ -277,7 +277,10 @@ in
systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
users.users.${user}.group = group;
users.users.${user} = {
group = group;
isSystemUser = true;
};
};
}

5
nixos/modules/services/web-apps/mediawiki.nix
View file

@ -461,7 +461,10 @@ in
systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service";
users.users.${user}.group = group;
users.users.${user} = {
group = group;
isSystemUser = true;
};
environment.systemPackages = [ mediawikiScripts ];
};

303
nixos/modules/services/web-apps/moinmoin.nix Normal file
View file

@ -0,0 +1,303 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.moinmoin;
python = pkgs.python27;
pkg = python.pkgs.moinmoin;
dataDir = "/var/lib/moin";
usingGunicorn = cfg.webServer == "nginx-gunicorn" || cfg.webServer == "gunicorn";
usingNginx = cfg.webServer == "nginx-gunicorn";
user = "moin";
group = "moin";
uLit = s: ''u"${s}"'';
indentLines = n: str: concatMapStrings (line: "${fixedWidthString n " " " "}${line}\n") (splitString "\n" str);
moinCliWrapper = wikiIdent: pkgs.writeShellScriptBin "moin-${wikiIdent}" ''
${pkgs.su}/bin/su -s ${pkgs.runtimeShell} -c "${pkg}/bin/moin --config-dir=/var/lib/moin/${wikiIdent}/config $*" ${user}
'';
wikiConfig = wikiIdent: w: ''
# -*- coding: utf-8 -*-
from MoinMoin.config import multiconfig, url_prefix_static
class Config(multiconfig.DefaultConfig):
${optionalString (w.webLocation != "/") ''
url_prefix_static = '${w.webLocation}' + url_prefix_static
''}
sitename = u'${w.siteName}'
page_front_page = u'${w.frontPage}'
data_dir = '${dataDir}/${wikiIdent}/data'
data_underlay_dir = '${dataDir}/${wikiIdent}/underlay'
language_default = u'${w.languageDefault}'
${optionalString (w.superUsers != []) ''
superuser = [${concatMapStringsSep ", " uLit w.superUsers}]
''}
${indentLines 4 w.extraConfig}
'';
wikiConfigFile = name: wiki: pkgs.writeText "${name}.py" (wikiConfig name wiki);
in
{
options.services.moinmoin = with types; {
enable = mkEnableOption "MoinMoin Wiki Engine";
webServer = mkOption {
type = enum [ "nginx-gunicorn" "gunicorn" "none" ];
default = "nginx-gunicorn";
example = "none";
description = ''
Which web server to use to serve the wiki.
Use <literal>none</literal> if you want to configure this yourself.
'';
};
gunicorn.workers = mkOption {
type = ints.positive;
default = 3;
example = 10;
description = ''
The number of worker processes for handling requests.
'';
};
wikis = mkOption {
type = attrsOf (submodule ({ name, ... }: {
options = {
siteName = mkOption {
type = str;
default = "Untitled Wiki";
example = "ExampleWiki";
description = ''
Short description of your wiki site, displayed below the logo on each page, and
used in RSS documents as the channel title.
'';
};
webHost = mkOption {
type = str;
description = "Host part of the wiki URL. If undefined, the name of the attribute set will be used.";
example = "wiki.example.org";
};
webLocation = mkOption {
type = str;
default = "/";
example = "/moin";
description = "Location part of the wiki URL.";
};
frontPage = mkOption {
type = str;
default = "LanguageSetup";
example = "FrontPage";
description = ''
Front page name. Set this to something like <literal>FrontPage</literal> once languages are
configured.
'';
};
superUsers = mkOption {
type = listOf str;
default = [];
example = [ "elvis" ];
description = ''
List of trusted user names with wiki system administration super powers.
Please note that accounts for these users need to be created using the <command>moin</command> command-line utility, e.g.:
<command>moin-<replaceable>WIKINAME</replaceable> account create --name=<replaceable>NAME</replaceable> --email=<replaceable>EMAIL</replaceable> --password=<replaceable>PASSWORD</replaceable></command>.
'';
};
languageDefault = mkOption {
type = str;
default = "en";
example = "de";
description = "The ISO-639-1 name of the main wiki language. Languages that MoinMoin does not support are ignored.";
};
extraConfig = mkOption {
type = lines;
default = "";
example = ''
show_hosts = True
search_results_per_page = 100
acl_rights_default = u"Known:read,write,delete,revert All:read"
logo_string = u"<h2>\U0001f639</h2>"
theme_default = u"modernized"
user_checkbox_defaults = {'show_page_trail': 0, 'edit_on_doubleclick': 0}
navi_bar = [u'SomePage'] + multiconfig.DefaultConfig.navi_bar
actions_excluded = multiconfig.DefaultConfig.actions_excluded + ['newaccount']
mail_smarthost = "mail.example.org"
mail_from = u"Example.Org Wiki <wiki@example.org>"
'';
description = ''
Additional configuration to be appended verbatim to this wiki's config.
See <link xlink:href='http://moinmo.in/HelpOnConfiguration' /> for documentation.
'';
};
};
config = {
webHost = mkDefault name;
};
}));
example = literalExample ''
{
"mywiki" = {
siteName = "Example Wiki";
webHost = "wiki.example.org";
superUsers = [ "admin" ];
frontPage = "Index";
extraConfig = "page_category_regex = ur'(?P<all>(Category|Kategorie)(?P<key>(?!Template)\S+))'"
};
}
'';
description = ''
Configurations of the individual wikis. Attribute names must be valid Python
identifiers of the form <literal>[A-Za-z_][A-Za-z0-9_]*</literal>.
For every attribute <replaceable>WIKINAME</replaceable>, a helper script
moin-<replaceable>WIKINAME</replaceable> is created which runs the
<command>moin</command> command under the <literal>moin</literal> user (to avoid
file ownership issues) and with the right configuration directory passed to it.
'';
};
};
config = mkIf cfg.enable {
assertions = forEach (attrNames cfg.wikis) (wname:
{ assertion = builtins.match "[A-Za-z_][A-Za-z0-9_]*" wname != null;
message = "${wname} is not valid Python identifier";
}
);
users.users = {
moin = {
description = "MoinMoin wiki";
home = dataDir;
group = group;
isSystemUser = true;
};
};
users.groups = {
moin = {
members = mkIf usingNginx [ config.services.nginx.user ];
};
};
environment.systemPackages = [ pkg ] ++ map moinCliWrapper (attrNames cfg.wikis);
systemd.services = mkIf usingGunicorn
(flip mapAttrs' cfg.wikis (wikiIdent: wiki:
nameValuePair "moin-${wikiIdent}"
{
description = "MoinMoin wiki ${wikiIdent} - gunicorn process";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
restartTriggers = [ (wikiConfigFile wikiIdent wiki) ];
environment = let
penv = python.buildEnv.override {
# setuptools: https://github.com/benoitc/gunicorn/issues/1716
extraLibs = [ python.pkgs.gevent python.pkgs.setuptools pkg ];
};
in {
PYTHONPATH = "${dataDir}/${wikiIdent}/config:${penv}/${python.sitePackages}";
};
preStart = ''
umask 0007
rm -rf ${dataDir}/${wikiIdent}/underlay
cp -r ${pkg}/share/moin/underlay ${dataDir}/${wikiIdent}/
chmod -R u+w ${dataDir}/${wikiIdent}/underlay
'';
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = "${dataDir}/${wikiIdent}";
ExecStart = ''${python.pkgs.gunicorn}/bin/gunicorn moin_wsgi \
--name gunicorn-${wikiIdent} \
--workers ${toString cfg.gunicorn.workers} \
--worker-class gevent \
--bind unix:/run/moin/${wikiIdent}/gunicorn.sock
'';
Restart = "on-failure";
RestartSec = "2s";
StartLimitIntervalSec = "30s";
StateDirectory = "moin/${wikiIdent}";
StateDirectoryMode = "0750";
RuntimeDirectory = "moin/${wikiIdent}";
RuntimeDirectoryMode = "0750";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateNetwork = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
};
}
));
services.nginx = mkIf usingNginx {
enable = true;
virtualHosts = flip mapAttrs' cfg.wikis (name: w: nameValuePair w.webHost {
forceSSL = mkDefault true;
enableACME = mkDefault true;
locations."${w.webLocation}" = {
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://unix:/run/moin/${name}/gunicorn.sock;
'';
};
});
};
systemd.tmpfiles.rules = [
"d /run/moin 0750 ${user} ${group} - -"
"d ${dataDir} 0550 ${user} ${group} - -"
]
++ (concatLists (flip mapAttrsToList cfg.wikis (wikiIdent: wiki: [
"d ${dataDir}/${wikiIdent} 0750 ${user} ${group} - -"
"d ${dataDir}/${wikiIdent}/config 0550 ${user} ${group} - -"
"L+ ${dataDir}/${wikiIdent}/config/wikiconfig.py - - - - ${wikiConfigFile wikiIdent wiki}"
# needed in order to pass module name to gunicorn
"L+ ${dataDir}/${wikiIdent}/config/moin_wsgi.py - - - - ${pkg}/share/moin/server/moin.wsgi"
# seed data files
"C ${dataDir}/${wikiIdent}/data 0770 ${user} ${group} - ${pkg}/share/moin/data"
# fix nix store permissions
"Z ${dataDir}/${wikiIdent}/data 0770 ${user} ${group} - -"
])));
};
meta.maintainers = with lib.maintainers; [ b42 ];
}

6
nixos/modules/services/web-apps/moodle.nix
View file

@ -309,7 +309,9 @@ in
systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
users.users.${user}.group = group;
users.users.${user} = {
group = group;
isSystemUser = true;
};
};
}

1
nixos/modules/services/web-apps/nexus.nix
View file

@ -68,6 +68,7 @@ in
-Dkaraf.data=${cfg.home}/nexus3
-Djava.io.tmpdir=${cfg.home}/nexus3/tmp
-Dkaraf.startLocalConsole=false
-Djava.endorsed.dirs=${cfg.package}/lib/endorsed
'';
description = ''

79
nixos/modules/services/web-apps/trac.nix Normal file
View file

@ -0,0 +1,79 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.trac;
inherit (lib) mkEnableOption mkIf mkOption types;
in {
options = {
services.trac = {
enable = mkEnableOption "Trac service";
listen = {
ip = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
IP address that Trac should listen on.
'';
};
port = mkOption {
type = types.port;
default = 8000;
description = ''
Listen port for Trac.
'';
};
};
dataDir = mkOption {
default = "/var/lib/trac";
type = types.path;
description = ''
The directory for storing the Trac data.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for Trac.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.trac = {
description = "Trac server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = baseNameOf cfg.dataDir;
ExecStart = ''
${pkgs.trac}/bin/tracd -s \
-b ${toString cfg.listen.ip} \
-p ${toString cfg.listen.port} \
${cfg.dataDir}
'';
};
preStart = ''
if [ ! -e ${cfg.dataDir}/VERSION ]; then
${pkgs.trac}/bin/trac-admin ${cfg.dataDir} initenv Trac "sqlite:db/trac.db"
fi
'';
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listen.port ];
};
};
}

1
nixos/modules/services/web-apps/virtlyst.nix
View file

@ -54,6 +54,7 @@ in
home = stateDir;
createHome = true;
group = mkIf config.virtualisation.libvirtd.enable "libvirtd";
isSystemUser = true;
};
systemd.services.virtlyst = {

5
nixos/modules/services/web-apps/wordpress.nix
View file

@ -367,7 +367,10 @@ in
})
];
users.users.${user}.group = group;
users.users.${user} = {
group = group;
isSystemUser = true;
};
};
}

5
nixos/modules/services/web-servers/hitch/default.nix
View file

@ -102,7 +102,10 @@ with lib;
environment.systemPackages = [ pkgs.hitch ];
users.users.hitch.group = "hitch";
users.users.hitch = {
group = "hitch";
isSystemUser = true;
};
users.groups.hitch = {};
};
}

1
nixos/modules/services/web-servers/traefik.nix
View file

@ -117,6 +117,7 @@ in {
group = "traefik";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
};
users.groups.traefik = {};

1
nixos/modules/services/web-servers/unit/default.nix
View file

@ -116,6 +116,7 @@ in {
users.users = optionalAttrs (cfg.user == "unit") (singleton {
name = "unit";
group = cfg.group;
isSystemUser = true;
});
users.groups = optionalAttrs (cfg.group == "unit") (singleton {

43
nixos/modules/services/x11/hardware/digimend.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.digimend;
pkg = config.boot.kernelPackages.digimend;
in
{
options = {
services.xserver.digimend = {
enable = mkOption {
default = false;
description = ''
Whether to enable the digimend drivers for Huion/XP-Pen/etc. tablets.
'';
};
};
};
config = mkIf cfg.enable {
# digimend drivers use xsetwacom and wacom X11 drivers
services.xserver.wacom.enable = true;
boot.extraModulePackages = [ pkg ];
environment.etc."X11/xorg.conf.d/50-digimend.conf".source =
"${pkg}/usr/share/X11/xorg.conf.d/50-digimend.conf";
};
}

2
nixos/modules/services/x11/hardware/libinput.nix
View file

@ -122,7 +122,7 @@ in {
description =
''
Specify the scrolling method: <literal>twofinger</literal>, <literal>edge</literal>,
or <literal>none</literal>
<literal>button</literal>, or <literal>none</literal>
'';
};

3
nixos/modules/virtualisation/amazon-image.nix
View file

@ -135,6 +135,9 @@ in
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
# Creates symlinks for block device names.
services.udev.packages = [ pkgs.ec2-utils ];
# Force getting the hostname from EC2.
networking.hostName = mkDefault "";

135
nixos/modules/virtualisation/qemu-vm.nix
View file

@ -23,24 +23,56 @@ let
cfg = config.virtualisation;
qemuGraphics = lib.optionalString (!cfg.graphics) "-nographic";
consoles = lib.concatMapStringsSep " " (c: "console=${c}") cfg.qemu.consoles;
# XXX: This is very ugly and in the future we really should use attribute
# sets to build ALL of the QEMU flags instead of this mixed mess of Nix
# expressions and shell script stuff.
mkDiskIfaceDriveFlag = idx: driveArgs: let
inherit (cfg.qemu) diskInterface;
# The drive identifier created by incrementing the index by one using the
# shell.
drvId = "drive$((${idx} + 1))";
# NOTE: DO NOT shell escape, because this may contain shell variables.
commonArgs = "index=${idx},id=${drvId},${driveArgs}";
isSCSI = diskInterface == "scsi";
devArgs = "${diskInterface}-hd,drive=${drvId}";
args = "-drive ${commonArgs},if=none -device lsi53c895a -device ${devArgs}";
in if isSCSI then args else "-drive ${commonArgs},if=${diskInterface}";
driveOpts = { ... }: {
options = {
file = mkOption {
type = types.str;
description = "The file image used for this drive.";
};
driveExtraOpts = mkOption {
type = types.attrsOf types.str;
default = {};
description = "Extra options passed to drive flag.";
};
deviceExtraOpts = mkOption {
type = types.attrsOf types.str;
default = {};
description = "Extra options passed to device flag.";
};
};
};
driveCmdline = idx: { file, driveExtraOpts, deviceExtraOpts, ... }:
let
drvId = "drive${toString idx}";
mkKeyValue = generators.mkKeyValueDefault {} "=";
mkOpts = opts: concatStringsSep "," (mapAttrsToList mkKeyValue opts);
driveOpts = mkOpts (driveExtraOpts // {
index = idx;
id = drvId;
"if" = "none";
inherit file;
});
deviceOpts = mkOpts (deviceExtraOpts // {
drive = drvId;
});
device =
if cfg.qemu.diskInterface == "scsi" then
"-device lsi53c895a -device scsi-hd,${deviceOpts}"
else
"-device virtio-blk-pci,${deviceOpts}";
in
"-drive ${driveOpts} ${device}";
drivesCmdLine = drives: concatStringsSep " " (imap1 driveCmdline drives);
# Shell script to start the VM.
startVM =
@ -77,13 +109,11 @@ let
''}
cd $TMPDIR
idx=2
extraDisks=""
idx=0
${flip concatMapStrings cfg.emptyDiskImages (size: ''
if ! test -e "empty$idx.qcow2"; then
${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M"
fi
extraDisks="$extraDisks ${mkDiskIfaceDriveFlag "$idx" "file=$(pwd)/empty$idx.qcow2,werror=report"}"
idx=$((idx + 1))
'')}
@ -97,21 +127,7 @@ let
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
${if cfg.useBootLoader then ''
${mkDiskIfaceDriveFlag "0" "file=$NIX_DISK_IMAGE,cache=writeback,werror=report"} \
${mkDiskIfaceDriveFlag "1" "file=$TMPDIR/disk.img,media=disk"} \
${if cfg.useEFIBoot then ''
-pflash $TMPDIR/bios.bin \
'' else ''
''}
'' else ''
${mkDiskIfaceDriveFlag "0" "file=$NIX_DISK_IMAGE,cache=writeback,werror=report"} \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS" \
''} \
$extraDisks \
${qemuGraphics} \
${drivesCmdLine config.virtualisation.qemu.drives} \
${toString config.virtualisation.qemu.options} \
$QEMU_OPTS \
"$@"
@ -367,6 +383,12 @@ in
'';
};
drives =
mkOption {
type = types.listOf (types.submodule driveOpts);
description = "Drives passed to qemu.";
};
diskInterface =
mkOption {
default = "virtio";
@ -476,8 +498,49 @@ in
# FIXME: Consolidate this one day.
virtualisation.qemu.options = mkMerge [
(mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ "-vga std" "-usb" "-device usb-tablet,bus=usb-bus.0" ])
(mkIf (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) [ "-device virtio-gpu-pci" "-device usb-ehci,id=usb0" "-device usb-kbd" "-device usb-tablet" ])
(mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
"-vga std" "-usb" "-device usb-tablet,bus=usb-bus.0"
])
(mkIf (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) [
"-device virtio-gpu-pci" "-device usb-ehci,id=usb0" "-device usb-kbd" "-device usb-tablet"
])
(mkIf (!cfg.useBootLoader) [
"-kernel ${config.system.build.toplevel}/kernel"
"-initrd ${config.system.build.toplevel}/initrd"
''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"''
])
(mkIf cfg.useEFIBoot [
"-pflash $TMPDIR/bios.bin"
])
(mkIf (!cfg.graphics) [
"-nographic"
])
];
virtualisation.qemu.drives = mkMerge [
(mkIf cfg.useBootLoader [
{
file = "$NIX_DISK_IMAGE";
driveExtraOpts.cache = "writeback";
driveExtraOpts.werror = "report";
}
{
file = "$TMPDIR/disk.img";
driveExtraOpts.media = "disk";
deviceExtraOpts.bootindex = "1";
}
])
(mkIf (!cfg.useBootLoader) [
{
file = "$NIX_DISK_IMAGE";
driveExtraOpts.cache = "writeback";
driveExtraOpts.werror = "report";
}
])
(imap0 (idx: _: {
file = "$(pwd)/empty${toString idx}.qcow2";
driveExtraOpts.werror = "report";
}) cfg.emptyDiskImages)
];
# Mount the host filesystem via 9P, and bind-mount the Nix store

53
nixos/tests/acme.nix
View file

@ -1,6 +1,6 @@
let
commonConfig = ./common/letsencrypt/common.nix;
in import ./make-test.nix {
in import ./make-test-python.nix {
name = "acme";
nodes = rec {
@ -90,39 +90,44 @@ in import ./make-test.nix {
newServerSystem = nodes.webserver2.config.system.build.toplevel;
switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
in
# Note, waitForUnit does not work for oneshot services that do not have RemainAfterExit=true,
# Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true,
# this is because a oneshot goes from inactive => activating => inactive, and never
# reaches the active state. To work around this, we create some mock target units which
# get pulled in by the oneshot units. The target units linger after activation, and hence we
# can use them to probe that a oneshot fired. It is a bit ugly, but it is the best we can do
''
$client->start;
$letsencrypt->start;
$acmeStandalone->start;
client.start()
letsencrypt.start()
acmeStandalone.start()
$letsencrypt->waitForUnit("default.target");
$letsencrypt->waitForUnit("pebble.service");
letsencrypt.wait_for_unit("default.target")
letsencrypt.wait_for_unit("pebble.service")
subtest "can request certificate with HTTPS-01 challenge", sub {
$acmeStandalone->waitForUnit("default.target");
$acmeStandalone->succeed("systemctl start acme-standalone.com.service");
$acmeStandalone->waitForUnit("acme-finished-standalone.com.target");
};
with subtest("can request certificate with HTTPS-01 challenge"):
acmeStandalone.wait_for_unit("default.target")
acmeStandalone.succeed("systemctl start acme-standalone.com.service")
acmeStandalone.wait_for_unit("acme-finished-standalone.com.target")
$client->waitForUnit("default.target");
client.wait_for_unit("default.target")
$client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt');
$client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt');
client.succeed("curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt")
client.succeed(
"curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt"
)
subtest "Can request certificate for nginx service", sub {
$webserver->waitForUnit("acme-finished-a.example.com.target");
$client->succeed('curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF "hello world"');
};
with subtest("Can request certificate for nginx service"):
webserver.wait_for_unit("acme-finished-a.example.com.target")
client.succeed(
"curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF 'hello world'"
)
subtest "Can add another certificate for nginx service", sub {
$webserver->succeed("/run/current-system/fine-tune/child-1/bin/switch-to-configuration test");
$webserver->waitForUnit("acme-finished-b.example.com.target");
$client->succeed('curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF "hello world"');
};
with subtest("Can add another certificate for nginx service"):
webserver.succeed(
"/run/current-system/fine-tune/child-1/bin/switch-to-configuration test"
)
webserver.wait_for_unit("acme-finished-b.example.com.target")
client.succeed(
"curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'"
)
'';
}

8
nixos/tests/all-tests.nix
View file

@ -39,7 +39,8 @@ in
caddy = handleTest ./caddy.nix {};
cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {};
cassandra = handleTest ./cassandra.nix {};
ceph = handleTestOn ["x86_64-linux"] ./ceph.nix {};
ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {};
ceph-multi-node = handleTestOn ["x86_64-linux"] ./ceph-multi-node.nix {};
certmgr = handleTest ./certmgr.nix {};
cfssl = handleTestOn ["x86_64-linux"] ./cfssl.nix {};
chromium = (handleTestOn ["x86_64-linux"] ./chromium.nix {}).stable or {};
@ -134,7 +135,6 @@ in
jackett = handleTest ./jackett.nix {};
jellyfin = handleTest ./jellyfin.nix {};
jenkins = handleTest ./jenkins.nix {};
jormungandr = handleTest ./jormungandr.nix {};
kafka = handleTest ./kafka.nix {};
kerberos = handleTest ./kerberos/default.nix {};
kernel-latest = handleTest ./kernel-latest.nix {};
@ -169,6 +169,7 @@ in
minio = handleTest ./minio.nix {};
minidlna = handleTest ./minidlna.nix {};
misc = handleTest ./misc.nix {};
moinmoin = handleTest ./moinmoin.nix {};
mongodb = handleTest ./mongodb.nix {};
moodle = handleTest ./moodle.nix {};
morty = handleTest ./morty.nix {};
@ -241,7 +242,6 @@ in
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
proxy = handleTest ./proxy.nix {};
quagga = handleTest ./quagga.nix {};
quake3 = handleTest ./quake3.nix {};
rabbitmq = handleTest ./rabbitmq.nix {};
radarr = handleTest ./radarr.nix {};
radicale = handleTest ./radicale.nix {};
@ -279,7 +279,9 @@ in
tinydns = handleTest ./tinydns.nix {};
tor = handleTest ./tor.nix {};
transmission = handleTest ./transmission.nix {};
trac = handleTest ./trac.nix {};
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
udisks2 = handleTest ./udisks2.nix {};
upnp = handleTest ./upnp.nix {};
uwsgi = handleTest ./uwsgi.nix {};

6
nixos/tests/ammonite.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "ammonite";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ nequissimus ];
@ -13,8 +13,8 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all()
$amm->succeed("amm -c 'val foo = 21; println(foo * 2)' | grep 42")
amm.succeed("amm -c 'val foo = 21; println(foo * 2)' | grep 42")
'';
})

20
nixos/tests/atd.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "atd";
@ -14,18 +14,18 @@ import ./make-test.nix ({ pkgs, ... }:
# "at" has a resolution of 1 minute
testScript = ''
startAll;
start_all()
$machine->waitForUnit('atd.service'); # wait for atd to start
$machine->fail("test -f ~root/at-1");
$machine->fail("test -f ~alice/at-1");
machine.wait_for_unit("atd.service") # wait for atd to start
machine.fail("test -f ~root/at-1")
machine.fail("test -f ~alice/at-1")
$machine->succeed("echo 'touch ~root/at-1' | at now+1min");
$machine->succeed("su - alice -c \"echo 'touch at-1' | at now+1min\"");
machine.succeed("echo 'touch ~root/at-1' | at now+1min")
machine.succeed("su - alice -c \"echo 'touch at-1' | at now+1min\"")
$machine->succeed("sleep 1.5m");
machine.succeed("sleep 1.5m")
$machine->succeed("test -f ~root/at-1");
$machine->succeed("test -f ~alice/at-1");
machine.succeed("test -f ~root/at-1")
machine.succeed("test -f ~alice/at-1")
'';
})

26
nixos/tests/automysqlbackup.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "automysqlbackup";
@ -15,20 +15,24 @@ import ./make-test.nix ({ pkgs, lib, ... }:
};
testScript = ''
startAll;
start_all()
# Need to have mysql started so that it can be populated with data.
$machine->waitForUnit("mysql.service");
machine.wait_for_unit("mysql.service")
# Wait for testdb to be fully populated (5 rows).
$machine->waitUntilSucceeds("mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5");
with subtest("Wait for testdb to be fully populated (5 rows)."):
machine.wait_until_succeeds(
"mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5"
)
# Do a backup and wait for it to start
$machine->startJob("automysqlbackup.service");
$machine->waitForJob("automysqlbackup.service");
with subtest("Do a backup and wait for it to start"):
machine.start_job("automysqlbackup.service")
machine.wait_for_job("automysqlbackup.service")
# wait for backup file and check that data appears in backup
$machine->waitForFile("/var/backup/mysql/daily/testdb");
$machine->succeed("${pkgs.gzip}/bin/zcat /var/backup/mysql/daily/testdb/daily_testdb_*.sql.gz | grep hello");
with subtest("wait for backup file and check that data appears in backup"):
machine.wait_for_file("/var/backup/mysql/daily/testdb")
machine.succeed(
"${pkgs.gzip}/bin/zcat /var/backup/mysql/daily/testdb/daily_testdb_*.sql.gz | grep hello"
)
'';
})

70
nixos/tests/avahi.nix
View file

@ -1,5 +1,5 @@
# Test whether `avahi-daemon' and `libnss-mdns' work as expected.
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "avahi";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eelco ];
@ -23,45 +23,45 @@ import ./make-test.nix ({ pkgs, ... } : {
two = cfg;
};
testScript =
'' startAll;
testScript = ''
start_all()
# mDNS.
$one->waitForUnit("network.target");
$two->waitForUnit("network.target");
# mDNS.
one.wait_for_unit("network.target")
two.wait_for_unit("network.target")
$one->succeed("avahi-resolve-host-name one.local | tee out >&2");
$one->succeed("test \"`cut -f1 < out`\" = one.local");
$one->succeed("avahi-resolve-host-name two.local | tee out >&2");
$one->succeed("test \"`cut -f1 < out`\" = two.local");
one.succeed("avahi-resolve-host-name one.local | tee out >&2")
one.succeed('test "`cut -f1 < out`" = one.local')
one.succeed("avahi-resolve-host-name two.local | tee out >&2")
one.succeed('test "`cut -f1 < out`" = two.local')
$two->succeed("avahi-resolve-host-name one.local | tee out >&2");
$two->succeed("test \"`cut -f1 < out`\" = one.local");
$two->succeed("avahi-resolve-host-name two.local | tee out >&2");
$two->succeed("test \"`cut -f1 < out`\" = two.local");
two.succeed("avahi-resolve-host-name one.local | tee out >&2")
two.succeed('test "`cut -f1 < out`" = one.local')
two.succeed("avahi-resolve-host-name two.local | tee out >&2")
two.succeed('test "`cut -f1 < out`" = two.local')
# Basic DNS-SD.
$one->succeed("avahi-browse -r -t _workstation._tcp | tee out >&2");
$one->succeed("test `wc -l < out` -gt 0");
$two->succeed("avahi-browse -r -t _workstation._tcp | tee out >&2");
$two->succeed("test `wc -l < out` -gt 0");
# Basic DNS-SD.
one.succeed("avahi-browse -r -t _workstation._tcp | tee out >&2")
one.succeed("test `wc -l < out` -gt 0")
two.succeed("avahi-browse -r -t _workstation._tcp | tee out >&2")
two.succeed("test `wc -l < out` -gt 0")
# More DNS-SD.
$one->execute("avahi-publish -s \"This is a test\" _test._tcp 123 one=1 &");
$one->sleep(5);
$two->succeed("avahi-browse -r -t _test._tcp | tee out >&2");
$two->succeed("test `wc -l < out` -gt 0");
# More DNS-SD.
one.execute('avahi-publish -s "This is a test" _test._tcp 123 one=1 &')
one.sleep(5)
two.succeed("avahi-browse -r -t _test._tcp | tee out >&2")
two.succeed("test `wc -l < out` -gt 0")
# NSS-mDNS.
$one->succeed("getent hosts one.local >&2");
$one->succeed("getent hosts two.local >&2");
$two->succeed("getent hosts one.local >&2");
$two->succeed("getent hosts two.local >&2");
# NSS-mDNS.
one.succeed("getent hosts one.local >&2")
one.succeed("getent hosts two.local >&2")
two.succeed("getent hosts one.local >&2")
two.succeed("getent hosts two.local >&2")
# extra service definitions
$one->succeed("avahi-browse -r -t _ssh._tcp | tee out >&2");
$one->succeed("test `wc -l < out` -gt 0");
$two->succeed("avahi-browse -r -t _ssh._tcp | tee out >&2");
$two->succeed("test `wc -l < out` -gt 0");
'';
# extra service definitions
one.succeed("avahi-browse -r -t _ssh._tcp | tee out >&2")
one.succeed("test `wc -l < out` -gt 0")
two.succeed("avahi-browse -r -t _ssh._tcp | tee out >&2")
two.succeed("test `wc -l < out` -gt 0")
'';
})

34
nixos/tests/babeld.nix
View file

@ -1,5 +1,5 @@
import ./make-test.nix ({ pkgs, lib, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ...} : {
name = "babeld";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ hexa ];
@ -21,7 +21,7 @@ import ./make-test.nix ({ pkgs, lib, ...} : {
};
};
localRouter = { pkgs, lib, ... }:
local_router = { pkgs, lib, ... }:
{
virtualisation.vlans = [ 10 20 ];
@ -70,7 +70,7 @@ import ./make-test.nix ({ pkgs, lib, ...} : {
'';
};
};
remoteRouter = { pkgs, lib, ... }:
remote_router = { pkgs, lib, ... }:
{
virtualisation.vlans = [ 20 30 ];
@ -124,25 +124,25 @@ import ./make-test.nix ({ pkgs, lib, ...} : {
testScript =
''
startAll;
start_all()
$client->waitForUnit("network-online.target");
$localRouter->waitForUnit("network-online.target");
$remoteRouter->waitForUnit("network-online.target");
client.wait_for_unit("network-online.target")
local_router.wait_for_unit("network-online.target")
remote_router.wait_for_unit("network-online.target")
$localRouter->waitForUnit("babeld.service");
$remoteRouter->waitForUnit("babeld.service");
local_router.wait_for_unit("babeld.service")
remote_router.wait_for_unit("babeld.service")
$localRouter->waitUntilSucceeds("ip route get 192.168.30.1");
$localRouter->waitUntilSucceeds("ip route get 2001:db8:30::1");
local_router.wait_until_succeeds("ip route get 192.168.30.1")
local_router.wait_until_succeeds("ip route get 2001:db8:30::1")
$remoteRouter->waitUntilSucceeds("ip route get 192.168.10.1");
$remoteRouter->waitUntilSucceeds("ip route get 2001:db8:10::1");
remote_router.wait_until_succeeds("ip route get 192.168.10.1")
remote_router.wait_until_succeeds("ip route get 2001:db8:10::1")
$client->succeed("ping -c1 192.168.30.1");
$client->succeed("ping -c1 2001:db8:30::1");
client.succeed("ping -c1 192.168.30.1")
client.succeed("ping -c1 2001:db8:30::1")
$remoteRouter->succeed("ping -c1 192.168.10.2");
$remoteRouter->succeed("ping -c1 2001:db8:10::2");
remote_router.succeed("ping -c1 192.168.10.2")
remote_router.succeed("ping -c1 2001:db8:10::2")
'';
})

44
nixos/tests/bcachefs.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "bcachefs";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chiiruno ];
@ -10,29 +10,25 @@ import ./make-test.nix ({ pkgs, ... }: {
};
testScript = ''
$machine->succeed("modprobe bcachefs");
$machine->succeed("bcachefs version");
$machine->succeed("ls /dev");
machine.succeed("modprobe bcachefs")
machine.succeed("bcachefs version")
machine.succeed("ls /dev")
$machine->succeed(
"mkdir /tmp/mnt",
"udevadm settle",
"parted --script /dev/vdb mklabel msdos",
"parted --script /dev/vdb -- mkpart primary 1024M -1s",
"udevadm settle",
# Due to #32279, we cannot use encryption for this test yet
# "echo password | bcachefs format --encrypted /dev/vdb1",
# "echo password | bcachefs unlock /dev/vdb1",
"bcachefs format /dev/vdb1",
"mount -t bcachefs /dev/vdb1 /tmp/mnt",
"udevadm settle",
"bcachefs fs usage /tmp/mnt",
"umount /tmp/mnt",
"udevadm settle"
);
machine.succeed(
"mkdir /tmp/mnt",
"udevadm settle",
"parted --script /dev/vdb mklabel msdos",
"parted --script /dev/vdb -- mkpart primary 1024M -1s",
"udevadm settle",
# Due to #32279, we cannot use encryption for this test yet
# "echo password | bcachefs format --encrypted /dev/vdb1",
# "echo password | bcachefs unlock /dev/vdb1",
"bcachefs format /dev/vdb1",
"mount -t bcachefs /dev/vdb1 /tmp/mnt",
"udevadm settle",
"bcachefs fs usage /tmp/mnt",
"umount /tmp/mnt",
"udevadm settle",
)
'';
})

16
nixos/tests/beanstalkd.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
pythonEnv = pkgs.python3.withPackages (p: [p.beanstalkc]);
@ -34,12 +34,16 @@ in
};
testScript = ''
startAll;
start_all()
$machine->waitForUnit('beanstalkd.service');
machine.wait_for_unit("beanstalkd.service")
$machine->succeed("${produce}");
$machine->succeed("${consume}") eq "this is a job\n" or die;
$machine->succeed("${consume}") eq "this is another job\n" or die;
machine.succeed("${produce}")
assert "this is a job\n" == machine.succeed(
"${consume}"
)
assert "this is another job\n" == machine.succeed(
"${consume}"
)
'';
})

8
nixos/tests/bind.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix {
import ./make-test-python.nix {
name = "bind";
machine = { pkgs, lib, ... }: {
@ -20,8 +20,8 @@ import ./make-test.nix {
};
testScript = ''
$machine->waitForUnit('bind.service');
$machine->waitForOpenPort(53);
$machine->succeed('host 192.168.0.1 127.0.0.1 | grep -qF ns.example.org');
machine.wait_for_unit("bind.service")
machine.wait_for_open_port(53)
machine.succeed("host 192.168.0.1 127.0.0.1 | grep -qF ns.example.org")
'';
}

58
nixos/tests/bittorrent.nix
View file

@ -6,7 +6,7 @@
# which only works if the first client successfully uses the UPnP-IGD
# protocol to poke a hole in the NAT.
import ./make-test.nix ({ pkgs, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
let
@ -108,42 +108,56 @@ in
testScript =
{ nodes, ... }:
''
startAll;
start_all()
# Wait for network and miniupnpd.
$router->waitForUnit("network-online.target");
$router->waitForUnit("miniupnpd");
router.wait_for_unit("network-online.target")
router.wait_for_unit("miniupnpd")
# Create the torrent.
$tracker->succeed("mkdir /tmp/data");
$tracker->succeed("cp ${file} /tmp/data/test.tar.bz2");
$tracker->succeed("transmission-create /tmp/data/test.tar.bz2 --private --tracker http://${externalTrackerAddress}:6969/announce --outfile /tmp/test.torrent");
$tracker->succeed("chmod 644 /tmp/test.torrent");
tracker.succeed("mkdir /tmp/data")
tracker.succeed(
"cp ${file} /tmp/data/test.tar.bz2"
)
tracker.succeed(
"transmission-create /tmp/data/test.tar.bz2 --private --tracker http://${externalTrackerAddress}:6969/announce --outfile /tmp/test.torrent"
)
tracker.succeed("chmod 644 /tmp/test.torrent")
# Start the tracker. !!! use a less crappy tracker
$tracker->waitForUnit("network-online.target");
$tracker->waitForUnit("opentracker.service");
$tracker->waitForOpenPort(6969);
tracker.wait_for_unit("network-online.target")
tracker.wait_for_unit("opentracker.service")
tracker.wait_for_open_port(6969)
# Start the initial seeder.
$tracker->succeed("transmission-remote --add /tmp/test.torrent --no-portmap --no-dht --download-dir /tmp/data");
tracker.succeed(
"transmission-remote --add /tmp/test.torrent --no-portmap --no-dht --download-dir /tmp/data"
)
# Now we should be able to download from the client behind the NAT.
$tracker->waitForUnit("httpd");
$client1->waitForUnit("network-online.target");
$client1->succeed("transmission-remote --add http://${externalTrackerAddress}/test.torrent --download-dir /tmp >&2 &");
$client1->waitForFile("/tmp/test.tar.bz2");
$client1->succeed("cmp /tmp/test.tar.bz2 ${file}");
tracker.wait_for_unit("httpd")
client1.wait_for_unit("network-online.target")
client1.succeed(
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --download-dir /tmp >&2 &"
)
client1.wait_for_file("/tmp/test.tar.bz2")
client1.succeed(
"cmp /tmp/test.tar.bz2 ${file}"
)
# Bring down the initial seeder.
# $tracker->stopJob("transmission");
# tracker.stop_job("transmission")
# Now download from the second client. This can only succeed if
# the first client created a NAT hole in the router.
$client2->waitForUnit("network-online.target");
$client2->succeed("transmission-remote --add http://${externalTrackerAddress}/test.torrent --no-portmap --no-dht --download-dir /tmp >&2 &");
$client2->waitForFile("/tmp/test.tar.bz2");
$client2->succeed("cmp /tmp/test.tar.bz2 ${file}");
client2.wait_for_unit("network-online.target")
client2.succeed(
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --no-portmap --no-dht --download-dir /tmp >&2 &"
)
client2.wait_for_file("/tmp/test.tar.bz2")
client2.succeed(
"cmp /tmp/test.tar.bz2 ${file}"
)
'';
})

14
nixos/tests/boot-stage1.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "boot-stage1";
machine = { config, pkgs, lib, ... }: {
@ -150,12 +150,12 @@ import ./make-test.nix ({ pkgs, ... }: {
};
testScript = ''
$machine->waitForUnit("multi-user.target");
$machine->succeed('test -s /run/canary2.pid');
$machine->fail('pgrep -a canary1');
$machine->fail('kill -0 $(< /run/canary2.pid)');
$machine->succeed('pgrep -a -f \'^@canary3$\''');
$machine->succeed('pgrep -a -f \'^kcanary$\''');
machine.wait_for_unit("multi-user.target")
machine.succeed("test -s /run/canary2.pid")
machine.fail("pgrep -a canary1")
machine.fail("kill -0 $(< /run/canary2.pid)")
machine.succeed('pgrep -a -f "^@canary3$"')
machine.succeed('pgrep -a -f "^kcanary$"')
'';
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ aszlig ];

35
nixos/tests/boot.nix
View file

@ -3,7 +3,7 @@
pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing.nix { inherit system pkgs; };
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let
@ -17,11 +17,11 @@ let
];
}).config.system.build.isoImage;
perlAttrs = params: "{ ${concatStringsSep ", " (mapAttrsToList (name: param: "${name} => ${builtins.toJSON param}") params)} }";
pythonDict = params: "\n {\n ${concatStringsSep ",\n " (mapAttrsToList (name: param: "\"${name}\": \"${param}\"") params)},\n }\n";
makeBootTest = name: extraConfig:
let
machineConfig = perlAttrs ({ qemuFlags = "-m 768"; } // extraConfig);
machineConfig = pythonDict ({ qemuFlags = "-m 768"; } // extraConfig);
in
makeTest {
inherit iso;
@ -29,16 +29,16 @@ let
nodes = { };
testScript =
''
my $machine = createMachine(${machineConfig});
$machine->start;
$machine->waitForUnit("multi-user.target");
$machine->succeed("nix verify -r --no-trust /run/current-system");
machine = create_machine(${machineConfig})
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("nix verify -r --no-trust /run/current-system")
# Test whether the channel got installed correctly.
$machine->succeed("nix-instantiate --dry-run '<nixpkgs>' -A hello");
$machine->succeed("nix-env --dry-run -iA nixos.procps");
with subtest("Check whether the channel got installed correctly"):
machine.succeed("nix-instantiate --dry-run '<nixpkgs>' -A hello")
machine.succeed("nix-env --dry-run -iA nixos.procps")
$machine->shutdown;
machine.shutdown()
'';
};
@ -60,7 +60,7 @@ let
config.system.build.netbootIpxeScript
];
};
machineConfig = perlAttrs ({
machineConfig = pythonDict ({
qemuFlags = "-boot order=n -m 2000";
netBackendArgs = "tftp=${ipxeBootDir},bootfile=netboot.ipxe";
} // extraConfig);
@ -68,12 +68,11 @@ let
makeTest {
name = "boot-netboot-" + name;
nodes = { };
testScript =
''
my $machine = createMachine(${machineConfig});
$machine->start;
$machine->waitForUnit("multi-user.target");
$machine->shutdown;
testScript = ''
machine = create_machine(${machineConfig})
machine.start()
machine.wait_for_unit("multi-user.target")
machine.shutdown()
'';
};
in {

102
nixos/tests/borgbackup.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
let
passphrase = "supersecret";
@ -106,60 +106,70 @@ in {
};
testScript = ''
startAll;
start_all()
$client->fail('test -d "${remoteRepo}"');
client.fail('test -d "${remoteRepo}"')
$client->succeed("cp ${privateKey} /root/id_ed25519");
$client->succeed("chmod 0600 /root/id_ed25519");
$client->succeed("cp ${privateKeyAppendOnly} /root/id_ed25519.appendOnly");
$client->succeed("chmod 0600 /root/id_ed25519.appendOnly");
client.succeed(
"cp ${privateKey} /root/id_ed25519"
)
client.succeed("chmod 0600 /root/id_ed25519")
client.succeed(
"cp ${privateKeyAppendOnly} /root/id_ed25519.appendOnly"
)
client.succeed("chmod 0600 /root/id_ed25519.appendOnly")
$client->succeed("mkdir -p ${dataDir}");
$client->succeed("touch ${dataDir}/${excludeFile}");
$client->succeed("echo '${keepFileData}' > ${dataDir}/${keepFile}");
client.succeed("mkdir -p ${dataDir}")
client.succeed("touch ${dataDir}/${excludeFile}")
client.succeed("echo '${keepFileData}' > ${dataDir}/${keepFile}")
subtest "local", sub {
my $borg = "BORG_PASSPHRASE='${passphrase}' borg";
$client->systemctl("start --wait borgbackup-job-local");
$client->fail("systemctl is-failed borgbackup-job-local");
# Make sure exactly one archive has been created
$client->succeed("c=\$($borg list '${localRepo}' | wc -l) && [[ \$c == '1' ]]");
# Make sure excludeFile has been excluded
$client->fail("$borg list '${localRepo}::${archiveName}' | grep -qF '${excludeFile}'");
# Make sure keepFile has the correct content
$client->succeed("$borg extract '${localRepo}::${archiveName}'");
$client->succeed('c=$(cat ${dataDir}/${keepFile}) && [[ "$c" == "${keepFileData}" ]]');
# Make sure the same is true when using `borg mount`
$client->succeed("mkdir -p /mnt/borg && $borg mount '${localRepo}::${archiveName}' /mnt/borg");
$client->succeed('c=$(cat /mnt/borg/${dataDir}/${keepFile}) && [[ "$c" == "${keepFileData}" ]]');
};
with subtest("local"):
borg = "BORG_PASSPHRASE='${passphrase}' borg"
client.systemctl("start --wait borgbackup-job-local")
client.fail("systemctl is-failed borgbackup-job-local")
# Make sure exactly one archive has been created
assert int(client.succeed("{} list '${localRepo}' | wc -l".format(borg))) > 0
# Make sure excludeFile has been excluded
client.fail(
"{} list '${localRepo}::${archiveName}' | grep -qF '${excludeFile}'".format(borg)
)
# Make sure keepFile has the correct content
client.succeed("{} extract '${localRepo}::${archiveName}'".format(borg))
assert "${keepFileData}" in client.succeed("cat ${dataDir}/${keepFile}")
# Make sure the same is true when using `borg mount`
client.succeed(
"mkdir -p /mnt/borg && {} mount '${localRepo}::${archiveName}' /mnt/borg".format(
borg
)
)
assert "${keepFileData}" in client.succeed(
"cat /mnt/borg/${dataDir}/${keepFile}"
)
subtest "remote", sub {
my $borg = "BORG_RSH='ssh -oStrictHostKeyChecking=no -i /root/id_ed25519' borg";
$server->waitForUnit("sshd.service");
$client->waitForUnit("network.target");
$client->systemctl("start --wait borgbackup-job-remote");
$client->fail("systemctl is-failed borgbackup-job-remote");
with subtest("remote"):
borg = "BORG_RSH='ssh -oStrictHostKeyChecking=no -i /root/id_ed25519' borg"
server.wait_for_unit("sshd.service")
client.wait_for_unit("network.target")
client.systemctl("start --wait borgbackup-job-remote")
client.fail("systemctl is-failed borgbackup-job-remote")
# Make sure we can't access repos other than the specified one
$client->fail("$borg list borg\@server:wrong");
# Make sure we can't access repos other than the specified one
client.fail("{} list borg\@server:wrong".format(borg))
#TODO: Make sure that data is actually deleted
};
# TODO: Make sure that data is actually deleted
subtest "remoteAppendOnly", sub {
my $borg = "BORG_RSH='ssh -oStrictHostKeyChecking=no -i /root/id_ed25519.appendOnly' borg";
$server->waitForUnit("sshd.service");
$client->waitForUnit("network.target");
$client->systemctl("start --wait borgbackup-job-remoteAppendOnly");
$client->fail("systemctl is-failed borgbackup-job-remoteAppendOnly");
with subtest("remoteAppendOnly"):
borg = (
"BORG_RSH='ssh -oStrictHostKeyChecking=no -i /root/id_ed25519.appendOnly' borg"
)
server.wait_for_unit("sshd.service")
client.wait_for_unit("network.target")
client.systemctl("start --wait borgbackup-job-remoteAppendOnly")
client.fail("systemctl is-failed borgbackup-job-remoteAppendOnly")
# Make sure we can't access repos other than the specified one
$client->fail("$borg list borg\@server:wrong");
#TODO: Make sure that data is not actually deleted
};
# Make sure we can't access repos other than the specified one
client.fail("{} list borg\@server:wrong".format(borg))
# TODO: Make sure that data is not actually deleted
'';
})

247
nixos/tests/ceph-multi-node.nix Normal file
View file

@ -0,0 +1,247 @@
import ./make-test.nix ({pkgs, lib, ...}:
let
cfg = {
clusterId = "066ae264-2a5d-4729-8001-6ad265f50b03";
monA = {
name = "a";
ip = "192.168.1.1";
};
osd0 = {
name = "0";
ip = "192.168.1.2";
key = "AQBCEJNa3s8nHRAANvdsr93KqzBznuIWm2gOGg==";
uuid = "55ba2294-3e24-478f-bee0-9dca4c231dd9";
};
osd1 = {
name = "1";
ip = "192.168.1.3";
key = "AQBEEJNac00kExAAXEgy943BGyOpVH1LLlHafQ==";
uuid = "5e97a838-85b6-43b0-8950-cb56d554d1e5";
};
};
generateCephConfig = { daemonConfig }: {
enable = true;
global = {
fsid = cfg.clusterId;
monHost = cfg.monA.ip;
monInitialMembers = cfg.monA.name;
};
} // daemonConfig;
generateHost = { pkgs, cephConfig, networkConfig, ... }: {
virtualisation = {
memorySize = 512;
emptyDiskImages = [ 20480 ];
vlans = [ 1 ];
};
networking = networkConfig;
environment.systemPackages = with pkgs; [
bash
sudo
ceph
xfsprogs
netcat-openbsd
];
boot.kernelModules = [ "xfs" ];
services.ceph = cephConfig;
# So that we don't have to battle systemd when bootstraping
systemd.targets.ceph.wantedBy = lib.mkForce [];
};
networkMonA = {
dhcpcd.enable = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = cfg.monA.ip; prefixLength = 24; }
];
firewall = {
allowedTCPPorts = [ 6789 3300 ];
allowedTCPPortRanges = [ { from = 6800; to = 7300; } ];
};
};
cephConfigMonA = generateCephConfig { daemonConfig = {
mon = {
enable = true;
daemons = [ cfg.monA.name ];
};
mgr = {
enable = true;
daemons = [ cfg.monA.name ];
};
}; };
networkOsd0 = {
dhcpcd.enable = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = cfg.osd0.ip; prefixLength = 24; }
];
firewall = {
allowedTCPPortRanges = [ { from = 6800; to = 7300; } ];
};
};
cephConfigOsd0 = generateCephConfig { daemonConfig = {
osd = {
enable = true;
daemons = [ cfg.osd0.name ];
};
}; };
networkOsd1 = {
dhcpcd.enable = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = cfg.osd1.ip; prefixLength = 24; }
];
firewall = {
allowedTCPPortRanges = [ { from = 6800; to = 7300; } ];
};
};
cephConfigOsd1 = generateCephConfig { daemonConfig = {
osd = {
enable = true;
daemons = [ cfg.osd1.name ];
};
}; };
testscript = { ... }: ''
startAll;
$monA->waitForUnit("network.target");
$osd0->waitForUnit("network.target");
$osd1->waitForUnit("network.target");
# Create the ceph-related directories
$monA->mustSucceed(
"mkdir -p /var/lib/ceph/mgr/ceph-${cfg.monA.name}",
"mkdir -p /var/lib/ceph/mon/ceph-${cfg.monA.name}",
"chown ceph:ceph -R /var/lib/ceph/",
"mkdir -p /etc/ceph",
"chown ceph:ceph -R /etc/ceph"
);
$osd0->mustSucceed(
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"chown ceph:ceph -R /var/lib/ceph/",
"mkdir -p /etc/ceph",
"chown ceph:ceph -R /etc/ceph"
);
$osd1->mustSucceed(
"mkdir -p /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"chown ceph:ceph -R /var/lib/ceph/",
"mkdir -p /etc/ceph",
"chown ceph:ceph -R /etc/ceph"
);
# Bootstrap ceph-mon daemon
$monA->mustSucceed(
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"sudo -u ceph ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"sudo -u ceph ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add ${cfg.monA.name} ${cfg.monA.ip} --fsid ${cfg.clusterId} /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i ${cfg.monA.name} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"sudo -u ceph touch /var/lib/ceph/mon/ceph-${cfg.monA.name}/done",
"systemctl start ceph-mon-${cfg.monA.name}"
);
$monA->waitForUnit("ceph-mon-${cfg.monA.name}");
$monA->mustSucceed("ceph mon enable-msgr2");
# Can't check ceph status until a mon is up
$monA->succeed("ceph -s | grep 'mon: 1 daemons'");
# Start the ceph-mgr daemon, it has no deps and hardly any setup
$monA->mustSucceed(
"ceph auth get-or-create mgr.${cfg.monA.name} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-${cfg.monA.name}/keyring",
"systemctl start ceph-mgr-${cfg.monA.name}"
);
$monA->waitForUnit("ceph-mgr-a");
$monA->waitUntilSucceeds("ceph -s | grep 'quorum ${cfg.monA.name}'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
# Send the admin keyring to the OSD machines
$monA->mustSucceed("cp /etc/ceph/ceph.client.admin.keyring /tmp/shared");
$osd0->mustSucceed("cp /tmp/shared/ceph.client.admin.keyring /etc/ceph");
$osd1->mustSucceed("cp /tmp/shared/ceph.client.admin.keyring /etc/ceph");
# Bootstrap both OSDs
$osd0->mustSucceed(
"mkfs.xfs /dev/vdb",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd0.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd0.name}/keyring --name osd.${cfg.osd0.name} --add-key ${cfg.osd0.key}",
"echo '{\"cephx_secret\": \"${cfg.osd0.key}\"}' | ceph osd new ${cfg.osd0.uuid} -i -",
);
$osd1->mustSucceed(
"mkfs.xfs /dev/vdb",
"mount /dev/vdb /var/lib/ceph/osd/ceph-${cfg.osd1.name}",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-${cfg.osd1.name}/keyring --name osd.${cfg.osd1.name} --add-key ${cfg.osd1.key}",
"echo '{\"cephx_secret\": \"${cfg.osd1.key}\"}' | ceph osd new ${cfg.osd1.uuid} -i -"
);
# Initialize the OSDs with regular filestore
$osd0->mustSucceed(
"ceph-osd -i ${cfg.osd0.name} --mkfs --osd-uuid ${cfg.osd0.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd0.name}",
);
$osd1->mustSucceed(
"ceph-osd -i ${cfg.osd1.name} --mkfs --osd-uuid ${cfg.osd1.uuid}",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-${cfg.osd1.name}"
);
$monA->waitUntilSucceeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$monA->mustSucceed(
"ceph osd pool create multi-node-test 100 100",
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool rename multi-node-test multi-node-other-test",
"ceph osd pool ls | grep 'multi-node-other-test'"
);
$monA->waitUntilSucceeds("ceph -s | grep '1 pools, 100 pgs'");
$monA->mustSucceed("ceph osd pool set multi-node-other-test size 2");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$monA->waitUntilSucceeds("ceph -s | grep '100 active+clean'");
$monA->mustFail(
"ceph osd pool ls | grep 'multi-node-test'",
"ceph osd pool delete multi-node-other-test multi-node-other-test --yes-i-really-really-mean-it"
);
# As we disable the target in the config, we still want to test that it works as intended
$osd0->mustSucceed("systemctl stop ceph-osd-${cfg.osd0.name}");
$osd1->mustSucceed("systemctl stop ceph-osd-${cfg.osd1.name}");
$monA->mustSucceed(
"systemctl stop ceph-mgr-${cfg.monA.name}",
"systemctl stop ceph-mon-${cfg.monA.name}"
);
$monA->succeed("systemctl start ceph.target");
$monA->waitForUnit("ceph-mon-${cfg.monA.name}");
$monA->waitForUnit("ceph-mgr-${cfg.monA.name}");
$osd0->succeed("systemctl start ceph.target");
$osd0->waitForUnit("ceph-osd-${cfg.osd0.name}");
$osd1->succeed("systemctl start ceph.target");
$osd1->waitForUnit("ceph-osd-${cfg.osd1.name}");
$monA->succeed("ceph -s | grep 'mon: 1 daemons'");
$monA->waitUntilSucceeds("ceph -s | grep 'quorum ${cfg.monA.name}'");
$monA->waitUntilSucceeds("ceph osd stat | grep -e '2 osds: 2 up[^,]*, 2 in'");
$monA->waitUntilSucceeds("ceph -s | grep 'mgr: ${cfg.monA.name}(active,'");
$monA->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
'';
in {
name = "basic-multi-node-ceph-cluster";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lejonet ];
};
nodes = {
monA = generateHost { pkgs = pkgs; cephConfig = cephConfigMonA; networkConfig = networkMonA; };
osd0 = generateHost { pkgs = pkgs; cephConfig = cephConfigOsd0; networkConfig = networkOsd0; };
osd1 = generateHost { pkgs = pkgs; cephConfig = cephConfigOsd1; networkConfig = networkOsd1; };
};
testScript = testscript;
})

Some files were not shown because too many files have changed in this diff Show more