1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 13:41:26 +00:00
Commit graph

2833 commits

Author SHA1 Message Date
Peter Simons 86d299bc6e nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH
The man page for ssh-keygen(1) has a section "MODULI GENERATION" that describes
how to generate your own moduli file. The following script might also be helpful:

 | #! /usr/bin/env bash
 |
 | moduliFiles=()
 |
 | generateModuli()
 | {
 |   ssh-keygen -G "moduli-$1.candidates" -b "$1"
 |   ssh-keygen -T "moduli-$1" -f "moduli-$1.candidates"
 |   rm "moduli-$1.candidates"
 | }
 |
 | for (( i=0 ; i <= 16 ; ++i )); do
 |   let bitSize="2048 + i * 128"
 |   generateModuli "$bitSize" &
 |   moduliFiles+=( "moduli-$bitSize" )
 | done
 | wait
 |
 | echo >moduli "# Time Type Tests Tries Size Generator Modulus"
 | cat >>moduli "${moduliFiles[@]}"
 | rm "${moduliFiles[@]}"

Note that generating moduli takes a long time, i.e. several hours on a fast
machine!

This patch resolves https://github.com/NixOS/nixpkgs/pull/5870.
2015-05-22 16:28:45 +02:00
aszlig 7808efe5b7
nixos/release: Add luksroot test to "tested" job.
We want to avoid getting broken LUKS systems into the latest channel, so
let's ensure that the channel update won't happen if LUKS support is
broken again.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-05-21 13:21:41 +02:00
aszlig 1f34503010
nixos/tests/installer: Add test for LUKS rootfs.
This serves as a regression test for #7859.

It's pretty straightforward, except from the fact that nixos-generate-
config doesn't detect LUKS devices and the "sleep 60".

As for the former, I have tried to add support for LUKS devices for
nixos-generate-config, but it's not so easy as it sounds, because we
need to create a device tree across all possible mappers and/or LVM up
to the "real" device and then decide whether it is relevant to what is
currently mounted. So I guess this is something for the nixpart branch
(see #2079).

And the latter isn't very trivial as well, because the LUKS passphrase
prompt is issued on /dev/console, which is the last "console=..." kernel
parameter (thus the `mkAfter`). So we can't simply grep the log, because
the prompt ends up being on one terminal only (tty0) and using select()
on $machine->{socket} doesn't work very well, because the FD is always
"ready for read". If we would read the FD, we would conflict with
$machine->connect and end up having an inconsistent state. Another idea
would be to use multithreading to do $machine->connect while feeding the
passphrase prompt in a loop and stop the thread once $machine->connect
is done. Turns out that this is not so easy as well, because the threads
need to share the $machine object and of course need to do properly
locking.

In the end I decided to use the "blindly hope that 60 seconds is enough"
approach for now and come up with a better solution later. Other VM
tests surely use sleep as well, but it's $machine->sleep, which is bound
to the clock of the VM, so if the build machine is on high load, a
$machine->sleep gets properly delayed but the timer outside the VM won't
get that delay, so the test is not deterministic.

Tested against the following revisions:

5e3fe39: Before the libgcrypt cleanup (a71f78a) that broke cryptsetup.
69a6848: While cryptsetup was broken (obviously the test failed).
15faa43: After cryptsetup has been switched to OpenSSL (fd588f9).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-05-21 13:21:41 +02:00
aszlig 3b396701fd
nixos/tests/installer: Allow pre-boot commands.
These commands will be executed directly after the machine is created,
so it gives us the chance to for example type in passphrases using the
virtual keyboard.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-05-21 13:21:41 +02:00
aszlig 5d2c6f0353
nixos/tests/installer: Allow to pass extra config.
We're going to need it for installer tests where nixos-generate-config
isn't yet able to fully detect the filesystems/hardware. for example for
device mapper configurations other than LVM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-05-21 13:21:40 +02:00
William A. Kennington III 4ed8cdc3d4 nixos/bird: Fix doc compilation 2015-05-20 18:53:54 -07:00
William A. Kennington III acdc3e6c9a nixos/lightdm: Some fixups 2015-05-20 18:32:12 -07:00
Arseniy Seroka a9171953c6 Merge pull request #7860 from Lassulus/bird
nixos: add bird module
2015-05-21 03:24:20 +03:00
Eelco Dolstra 10ce7ae769 Document the nixpkgs-channels repo
This replaces update-channel-branches.sh with standard Git
invocations.
2015-05-20 14:20:53 +02:00
Eelco Dolstra e98da673e4 nixos-checkout: Add nixpkgs-channels as a remote
This way, you can do things like

  git checkout channels/nixos-14.12

to get the latest tested and built version of NixOS.
2015-05-20 14:16:36 +02:00
Evgeny Egorochkin 8ed3ab50ea azure-image: common: add sg3_utils 2015-05-20 13:25:01 +03:00
Evgeny Egorochkin 2fe9084397 azure-image: fix, split into bootstrap and regular configurations
Conflicts:
	nixos/modules/virtualisation/azure-image.nix
2015-05-20 13:24:38 +03:00
Bjørn Forsman db991a4024 nixos/libvirtd: remove --verbose flag
Because it spams the log:

  .libvirtd-wrapp[1950]: OBJECT_UNREF: obj=0x7f5d900b4200
  .libvirtd-wrapp[1950]: EVENT_POLL_UPDATE_HANDLE: watch=874 events=13
  .libvirtd-wrapp[1950]: OBJECT_UNREF: obj=0x7f5d900b4200
  .libvirtd-wrapp[1950]: EVENT_POLL_RUN: nhandles=24 timeout=-1
  .libvirtd-wrapp[1950]: EVENT_POLL_DISPATCH_HANDLE: watch=874 events=1
  .libvirtd-wrapp[1950]: OBJECT_REF: obj=0x7f5d900b4200
  .libvirtd-wrapp[1950]: [137B blob data]
2015-05-20 12:14:18 +02:00
Bjørn Forsman 3d2d78cb39 nixos/libvirtd: add 'extraOptions' option
And move the '--verbose' flag to extraOptions, so that users can easily
disable it.
2015-05-20 12:14:18 +02:00
Nikolay Amiantov 3e35ea305f postgresql-backup: cleanup 2015-05-19 18:35:22 +03:00
lassulus 9d07c54fa1 nixos: add bird module
patch bird to look in /var/run for birc.ctl
2015-05-19 15:42:24 +02:00
Luca Bruno 25f9555599 Drop GNOME 3.12 2015-05-18 12:24:08 +02:00
Thomas Tuegel c59c20ca0f Update HPLIP to 3.15.4 2015-05-16 14:12:11 -05:00
Arseniy Seroka 0b3e2becca Merge pull request #7829 from joamaki/vmware_guest
VMWare guest support and open-vm-tools package
2015-05-15 15:13:30 +03:00
Jussi Maki 6a0d21eb86 VMWare guest support and open-vm-tools package 2015-05-15 12:43:21 +02:00
Arseniy Seroka 946e7dca61 Merge pull request #7842 from dezgeg/pr-nix-serve
nix-serve: Add nixos module
2015-05-14 22:44:43 +03:00
Jascha Geerds 779b65f019 cups: Second attempt to fix our printing tests; add more sleep statements 2015-05-14 17:46:32 +02:00
lethalman 1103392dd9 Merge pull request #7794 from womfoo/kbdlight
Add kbdlight package and setuid wrapper
2015-05-14 17:09:28 +02:00
Tuomas Tynkkynen fd8cb1ff2d nix-serve: Add nixos module
This allows sharing the Nix store of the machine as a binary cache
simply by setting 'services.nix-serve.enable = true'.
2015-05-14 12:27:28 +03:00
Eelco Dolstra 15ffb9ad88 Remove fixed uid in tests 2015-05-13 16:23:57 +02:00
Eelco Dolstra fc8011ad8d Ensure that nscd, sshd are created as system users
c0f70b4694 removed the fixed uid
assignment, but then it becomes necessary to set isSystemUser.

http://hydra.nixos.org/build/22182588
2015-05-13 16:23:36 +02:00
Nikolay Amiantov e9679ce32a postgresql-backup: use system postgresql package 2015-05-13 16:06:50 +03:00
Jascha Geerds 92317259ef cups: First attempt to fix our printing tests; wait until cups is fully initialized 2015-05-13 14:22:30 +02:00
William A. Kennington III 2806491cc4 nixos/consul: Add shell for health checks 2015-05-11 17:44:07 -07:00
William A. Kennington III b6e26aa8df nixos/consul: Support a config directory for health checks 2015-05-11 16:45:04 -07:00
William A. Kennington III 1938dc9b54 nixos/consul: Remove the joinNodes and joinRetries options as they are now built in consul options 2015-05-11 16:27:53 -07:00
Arseniy Seroka 26492cdba3 Merge pull request #7434 from Forkk/plex-media-server
plex: add support for managing plugins via Nix
2015-05-11 14:48:30 +03:00
Eelco Dolstra 492471b453 Apply some overrides to upstream systemd units
This removes the need for the following patches:

9a6cade993
9f7e832c90
2015-05-11 12:43:35 +02:00
Arseniy Seroka c0727fb751 Merge pull request #7788 from Lassulus/charybdis
add charybdis nixos module
2015-05-11 12:57:58 +03:00
lassulus 304cab2b46 add charybdis nixos module 2015-05-11 11:38:53 +02:00
Domen Kožar bb4d658f64 Merge branch 'master' into staging
Conflicts:
	nixos/doc/manual/release-notes/rl-unstable.xml
	nixos/modules/services/printing/cupsd.nix
	pkgs/applications/misc/calibre/default.nix
	pkgs/development/haskell-modules/hackage-packages.nix
	pkgs/development/libraries/libsodium/default.nix
	pkgs/misc/emulators/wine/unstable.nix
	pkgs/top-level/all-packages.nix
2015-05-11 10:05:23 +02:00
Kranium Gikos Mendoza 6f634e3c3a Add kbdlight package and setuid wrapper
update nixos/modules/programs/kbdlight.nix to use mkEnableOption
2015-05-11 13:23:01 +08:00
Ricardo M. Correia aa75bb25d8 grsecurity: Update stable and test patches
stable: 3.1-3.14.41-201505072056 -> 3.1-3.14.41-201505101121
test:   3.1-4.0.2-201505072057   -> 3.1-4.0.2-201505101122
2015-05-11 02:45:38 +02:00
Charles Strahan ba186ec4b9 mesos service: only pass --zk if quorum > 0
The ZooKeeper URL is not necessary when using in-memory slave
registration.
2015-05-10 19:36:20 -04:00
Charles Strahan 760169663e mesos: fix indentation in service definition 2015-05-10 17:23:33 -04:00
Jascha Geerds 19dbe42aeb Revert "cups: Rename "browsing" config option to "advertise""
This reverts commit 48e65cec4e.
2015-05-10 20:47:50 +02:00
Jascha Geerds 652d06207d cups: Rename "browsing" config option to "advertise" 2015-05-10 13:46:32 +02:00
Jascha Geerds c4c0ec0581 cups: Add changelog for the upcoming NixOS release 2015-05-10 13:46:32 +02:00
Jascha Geerds 6f69dd46d7 cups: Add defaultShared, browsing and webInterace config option 2015-05-10 13:46:32 +02:00
Jascha Geerds 65e2b83b36 cups: Fix printing tests
It seems like there's an upstream bug in the "lpstat" command. We need
to specify the server's port.

Further information: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711327

[root@client:~]# lpstat -H
/var/run/cups/cups.sock

[root@client:~]# lpstat -h server -H
/var/run/cups/cups.sock:631

[root@client:~]# CUPS_SERVER=server lpstat -H
server:631

[root@client:~]# lpstat -h server:631 -H
server:631
2015-05-10 13:46:32 +02:00
Jascha Geerds f4d9c9043c cups: Remove deprecated config options from cupsd.conf 2015-05-10 13:46:32 +02:00
Jascha Geerds e9cf6cd34f cups: Use systemd files provided by CUPS 2015-05-10 13:46:32 +02:00
Jascha Geerds 48e65cec4e cups: Rename "browsing" config option to "advertise" 2015-05-10 12:41:21 +02:00
Jascha Geerds 116006702b cups: Add changelog for the upcoming NixOS release 2015-05-10 12:41:21 +02:00
Jascha Geerds 2cc8d15653 cups: Add defaultShared, browsing and webInterace config option 2015-05-10 12:41:21 +02:00