1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-17 18:34:41 +00:00
Commit graph

3672 commits

Author SHA1 Message Date
Matt Christ a9b7300f6f brscan5: init at 1.2.6-0 2021-05-21 12:59:30 -05:00
talyz 2d8a870813
keycloak.tests: Test HTTPS support 2021-05-21 13:09:43 +02:00
talyz dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.*
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
2021-05-21 13:09:32 +02:00
Jonas Chevalier 30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel
ghostunnel: init
2021-05-20 20:58:41 +02:00
Robert Hensing dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka 57acb6f9f7
Merge pull request #123598 from pschyska/master
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
2021-05-20 10:41:30 +02:00
Maximilian Bosch 3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
2021-05-19 14:08:46 -07:00
Sebastian Neubauer 68c618cba3
opensmtpd-filter-rspamd: init at 0.1.7 (#122823) 2021-05-19 22:37:49 +02:00
Paul Schyska 69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Michael Weiss c21dd33953
Merge pull request #123609 from berbiche/cagebreak-use-waylands-utils-in-test
nixos/tests/cagebreak: use wayland-info instead of wallutils
2021-05-19 14:50:55 +02:00
Michele Guerini Rocco 376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec
libreswan: 3.2 -> 4.4
2021-05-19 13:36:04 +02:00
Nicolas Berbiche 5e2cedfae3
nixos/tests/cagebreak: use wayland-info instead of wallutils
wayland-info from wayland-utils is already used in other Wayland
tests whereas wallutils' wayinfo is not.
2021-05-18 22:02:24 -04:00
Michael Weiss 1b114586e8
Merge pull request #123381 from primeos/nixos-tests-cagebreak
nixos/tests/cagebreak: Fix the test
2021-05-18 16:01:37 +02:00
Michael Raskin 02ba3238d2
Merge pull request #123053 from pschyska/master
atop, netatop, nixos/atop: improve packaging and options
2021-05-18 10:54:13 +00:00
rnhmjoj 3a46314455
nixos/tests/libreswan: add test 2021-05-18 08:13:36 +02:00
Sandro 4fc08dd955
Merge pull request #121500 from servalcatty/v2ray
v2ray: 4.37.3 -> 4.38.3
2021-05-17 19:18:56 +02:00
Michael Weiss f691e6c074
nixos/tests/cagebreak: Simplify the startup 2021-05-17 18:41:27 +02:00
Michael Weiss 81b2ce96c6
nixos/tests/cagebreak: Fix the test
Starting Cagebreak as X11 client doesn't work anymore as wlroots 0.13
started to require the DRI3 extension which isn't supported by LLVMpipe:
machine # [   13.508284] xsession[938]: 00:00:00.003 [ERROR] [backend/x11/backend.c:433] X11 does not support DRI3 extension
machine # [   13.666989] show_signal_msg: 62 callbacks suppressed
machine # [   13.666993] .cagebreak-wrap[938]: segfault at 8 ip 0000000000408574 sp 00007ffef76f2440 error 4 in .cagebreak-wrapped[407000+d000]
machine # [   13.670483] Code: f4 ff ff 4c 8b 84 24 70 01 00 00 8d 45 01 48 89 c5 49 8b 3c c0 48 85 ff 75 e4 4c 89 c7 e8 84 f4 ff ff 48 8b bc 24 18 01 00 00 <48> 8b 47 08 4c 8d 6f d8 48 8d 68 d8 48 39 df 75 0e eb 36 66 0f 1f
machine # [   13.518274] xsession[938]: 00:00:00.006 [ERROR] [../cagebreak.c:313] Unable to create the wlroots backend

The test broke after updating Cagebreak in #121652 (bf8679ba94).

XWayland still fails for unknown reasons:
Modifiers specified, but DRI is too old
libEGL warning: DRI2: failed to create dri screen
libEGL warning: NEEDS EXTENSION: falling back to kms_swrast
glamor: No eglstream capable devices found
glamor: 'wl_drm' not supported
Missing Wayland requirements for glamor GBM backend
Missing Wayland requirements for glamor EGLStream backend
Failed to initialize glamor, falling back to sw
00:00:03.534 [ERROR] [xwayland/server.c:252] waitpid for Xwayland fork
failed: No child processes
(EE) failed to write to XWayland fd: Broken pipe
/nix/store/kcm3x8695fgycf31grzl9fy5gggwpram-xterm-367/bin/xterm: Xt
error: Can't open display: :0

The fallback to software rendering is to be expected but it looks like
XWayland is crashing with "failed to write to XWayland fd: Broken pipe".
2021-05-17 18:41:12 +02:00
Michael Weiss aa2537b554
Merge pull request #122926 from primeos/signal-desktop-fix-db-encryption
signal-desktop: Fix the database encryption by preloading SQLCipher
2021-05-17 16:06:52 +02:00
Martin Weinelt 7bd65d54f7 treewide: remove nand0p as maintainer
While looking at the sphinx package I noticed it was heavily
undermaintained, which is when we noticed nand0p has been inactive for
roughly 18 months. It is therefore prudent to assume they will not be
maintaining their packages, modules and tests.

- Their last contribution to nixpkgs was in 2019/12
- On 2021/05/08 I wrote them an email to the address listed in the
  maintainer-list, which they didn't reply to.
2021-05-17 01:50:49 +02:00
Robert Hensing 338baef861
Merge pull request #122458 from serokell/team-serokell
maintainers: add serokell team, move various packages to it
2021-05-16 22:37:50 +02:00
Paul Schyska fb90a9c552
nixos/atop: Rework the test
- use "with subtest" everywhere
- do more in nix and less in python
- use makeTest directly to define multiple tests instead of one with
  multiple nodes -> this enables them to run in parallel
2021-05-16 18:22:03 +02:00
Paul Schyska 8f3d2e5c3b
nixos/atop: Add configuration for atop services, allow to enable netatop, gpuatop, allow setuid wrapper 2021-05-16 18:22:03 +02:00
Jan Tojnar 684991c696
Merge branch 'master' into staging-next
- Thunderbird 68 has been dropped on master.
- gccCrossLibcStdenv has been factored out on staging-next in all-packages.nix, while the file has been re-formatted on master.
2021-05-16 15:34:51 +02:00
Lucas Savva 083aba4f83 nixos/acme: Ensure certs are always protected
As per #121293, I ensured the UMask is set correctly
and removed any unnecessary chmod/chown/chgrp commands.
The test suite already partially covered permissions
checking but I added an extra check for the selfsigned
cert permissions.
2021-05-15 12:41:33 +01:00
Milan Pässler 827f69cf0d
nixos/tests/minecraft-server: fix build on i686
"at most 2047 MB RAM can be simulated"
2021-05-15 01:17:51 +02:00
Vladimír Čunát c48eaa70e3
Merge branch 'master' into staging-next 2021-05-14 22:27:34 +02:00
Robert Schütz e611d663f4
Merge pull request #120440 from dotlambda/radicale-settings
nixos/radicale: add settings option
2021-05-14 15:37:26 +02:00
Michael Weiss 89cc391728
Merge pull request #122877 from primeos/nixos-tests-sway-gpg-agent-pinentry
nixos/tests/sway: test GPG's pinentry pop-up
2021-05-14 14:45:56 +02:00
WilliButz 94b2848559
Merge pull request #91663 from mweinelt/kea-exporter
prometheus-kea-exporter: init at 0.4.1
2021-05-14 14:38:08 +02:00
Martin Weinelt dd7e1834ca
nixos/tests/prometheus-exporters.kea: init 2021-05-14 14:09:19 +02:00
Michael Lingelbach 46284492f4
nixos/tests/dendrite: init (#121777) 2021-05-14 13:11:22 +02:00
github-actions[bot] bf5d8bb531
Merge master into staging-next 2021-05-14 00:58:11 +00:00
Michael Weiss 940dfa9940
signal-desktop: Fix the database encryption by preloading SQLCipher
AFAIK this is the only reliable way for us to ensure SQLCipher will be
loaded instead of SQLite. It feels like a hack/workaround but according
to the SQLCipher developers [0] "this issue can and should be handled
downstream at the application level: 1. While it may feel like a
workaround, using LD_PRELOAD is a legitimate approach here because it
will substitute the system SQLite with SQLCipher which is the intended
usage model;".

This fixes #108772 for NixOS 20.09 users who upgrade to NixOS 21.05 and
replaces #117555.

For nixos-unstable users this will unfortunately break everything again
so we should add a script to ease the transition (in a separate commit
so that we can revert it for NixOS 21.05).

[0]: https://github.com/sqlcipher/sqlcipher/issues/385#issuecomment-802874340
2021-05-14 02:33:42 +02:00
Maximilian Bosch bfd4c121ff
Merge pull request #122637 from mayflower/prometheus-2.26.0
Prometheus 2.26.0 + exporter updates
2021-05-13 23:05:29 +02:00
Michael Weiss 28a1e9516d
Merge pull request #122627 from primeos/nixos-tests-signal-desktop-db-encryption
nixos/tests/signal-desktop: test if the SQLite DB is (un)encrypted
2021-05-13 21:40:07 +02:00
Michael Weiss 217f268534
nixos/tests/signal-desktop: test if the SQLite DB is (un)encrypted
Well, this should test if the database is encrypted but currently it is
still unencrypted and we need to notice if this behaviour changes in the
future (as it will cause data loss, see e.g. #108772).
Anyway, this doesn't really matter for security reasons but we need this
test to prevent data loss (unfortunately Signal-Desktop and SQLCipher
handle this badly... :o).
2021-05-13 21:18:28 +02:00
Michael Weiss 03808546e5
nixos/tests/sway: test GPG's pinentry pop-up
This test is important to confirm that $WAYLAND_DISPLAY is correctly
imported via "dbus-update-activation-environment --systemd" which is
done by default since #122605 (00e8e5b123).
It ensures that the gnome3-pinentry pop-ups work as expected to avoid
regressions like #119445 (which also broke screen sharing).
2021-05-13 20:51:31 +02:00
github-actions[bot] d8fb37f470
Merge master into staging-next 2021-05-12 06:21:33 +00:00
Robin Gloster b3d30fac67
prometheus-exporter tests: fix eval/deprecation
lnd exporter test still fails but evaluates now
2021-05-11 17:57:47 -05:00
Robin Gloster b3c592bf08
prometheus-json-exporter: 0.2.0 -> 0.3.0 2021-05-10 23:36:39 -05:00
Dominik Xaver Hörl db0294aa60 linux_5_12: init at 5.12.2 2021-05-10 11:43:23 +02:00
github-actions[bot] 1e3d91bd19
Merge master into staging-next 2021-05-10 00:48:32 +00:00
Guillaume Girol fe50cb0ee1
Merge pull request #122301 from Izorkin/update-test-unit-php
nixos/tests/unit-php: require one of users.users.name.{isSystemUser,isNormalUser}
2021-05-09 20:09:29 +00:00
github-actions[bot] 450e66080b
Merge master into staging-next 2021-05-09 18:23:01 +00:00
Félix Baylac-Jacqué 524ff40291
nixosTests.systemd-networkd: remove wireguard kernel module
config.boot.kernelPackages.wireguard evaluates to null on machine
closure having a > 5.6 Linux kernels, hence making the evaluation of
this test fail.

Wireguard is now part of the mainline Linux kernel, we do not need to
to add it via a additional kernel module anymore for this test.
2021-05-09 15:40:19 +02:00
github-actions[bot] bc1f4b790e
Merge master into staging-next 2021-05-09 12:23:16 +00:00
Luke Granger-Brown 491216df02
Merge pull request #122099 from alekna/fix/docker
nixos/docker: ensure ipv4 forwarding is enabled
2021-05-09 12:15:16 +01:00
Michele Guerini Rocco e5452226af
Merge pull request #121791 from dotlambda/sudo-execWheelOnly
nixos/sudo: add option execWheelOnly
2021-05-09 10:04:15 +02:00
Vladimír Čunát 5663b2b2d3
Merge branch 'master' into staging-next
(a trivial conflict in transmission)
2021-05-09 09:31:55 +02:00
Izorkin 506646e48b
nixos/tests/unit-php: require one of users.users.name.{isSystemUser,isNormalUser} 2021-05-09 07:42:02 +03:00
Robert Hensing 8c868f47a8 Revert "nixos/tests/docker-tools*: remove useless formatter"
Annoyed with the interference of the python formatting of
generated code (see #72964), I took matters into my own hands
as maintainer of dockerTools.

Afterwards, I've created a PR, hoping to unstuck the discussion.

@aszlig took notice and thanks to his python ecosystem knowledge,
the testing efforts of @blaggacao and @Ma27, and a sense of
shared suffering and comraderie we were able to change the
situation for the better in #122201.

Now, we have a proper linter that actually helps contributors,
so it's time to turn it back on again.

I'm glad we could make it happen this quickly!

Thanks!

This reverts commit 4035049af3.
2021-05-09 02:57:17 +02:00
aszlig 54bc69637b
nixos/test/virtualbox: Fix linting errors
There were a bunch of unnecessary f-strings in there and I also removed
the "# fmt: on/off" comments, because we no longer use Black and thus
won't need those comments anymore.

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:32 +02:00
aszlig 74bff4e667
nixos/tests/unbound: Remove unused 'json' import
Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:30 +02:00
David Arnold 6ad2e41269
nixos/testing: lint jellyfin test 2021-05-09 02:28:28 +02:00
aszlig 6c0ec527b9
nixos/tests/shadow: Fix linting errors
Linter errors reported:

  6:32 f-string is missing placeholders
  7:26 f-string is missing placeholders
  8:32 f-string is missing placeholders
  30:32 f-string is missing placeholders
  31:26 f-string is missing placeholders
  32:32 f-string is missing placeholders
  48:32 f-string is missing placeholders
  49:26 f-string is missing placeholders
  50:32 f-string is missing placeholders
  76:32 f-string is missing placeholders
  77:26 f-string is missing placeholders
  78:32 f-string is missing placeholders

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:26 +02:00
aszlig e157ad41cb
nixos/tests/printing: Remove unused 'sys' import
Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:23 +02:00
aszlig c066cc3c0b
nixos/tests/networking: Fix str literal comparison
Linter error:

  use ==/!= to compare constant literals (str, bytes, int, float, tuple)

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:20 +02:00
aszlig 62a518b904
nixos/tests/yggdrasil: Fix linting error
Linter error was: f-string is missing placeholders

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:18 +02:00
Maximilian Bosch b782440a62
nixosTests.custom-ca: lint 2021-05-09 02:28:16 +02:00
Maximilian Bosch b4b5dcb669
nixosTests.containers-imperative: lint 2021-05-09 02:28:14 +02:00
Maximilian Bosch fc76a44d0f
nixosTests.containers-custom-pkgs: lint
The new linter basically does

   def testScript
      # ...

before calling `pyflakes`. As this test-script is empty, it would lead
to a syntax-error unless `pass` is added.
2021-05-09 02:28:11 +02:00
Maximilian Bosch 774aba102a
nixosTests.chromium: lint
Note: I didn't execute it entirely because I'd have to build chromium
for this, but the diff appears fine.
2021-05-09 02:28:09 +02:00
Robert Hensing b9e7fb14e2
nixos/tests/nfs: lint 2021-05-09 02:28:07 +02:00
Robert Hensing 06b070ffe7
nixosTests.acme: lint 2021-05-09 02:28:04 +02:00
Robert Schütz 5624aa9f81 nixos/sudo: add option execWheelOnly
By setting the executable's group to wheel and permissions to 4510, we
make sure that only members of the wheel group can execute sudo.
2021-05-08 23:48:00 +02:00
github-actions[bot] 6d46d8a9b9
Merge master into staging-next 2021-05-08 18:22:46 +00:00
Laurynas Alekna 9317570735 nixos/docker: ensure ipv4 forwarding is enabled
Fixes #118656
2021-05-08 18:58:24 +01:00
divanorama b7dea9e494 nixosTests.systemd-confinement: fix script format
https://hydra.nixos.org/build/142591177/nixlog/30

ZHF: #122042
2021-05-08 10:05:15 -07:00
Robert Hensing 3cfb002b07
Merge pull request #122192 from roberth/docker-tools-stimulate-testing
dockerTools testing update
2021-05-08 15:53:17 +02:00
Robert Hensing 4035049af3 nixos/tests/docker-tools*: remove useless formatter 2021-05-08 15:03:20 +02:00
Robert Hensing a67c97a5eb nixos/tests/docker-tools*: Add myself as maintainer where missing
I should have done this when I became maintainer for dockerTools,
but it's the PR reviews that matter.
2021-05-08 15:00:19 +02:00
Martin Weinelt 9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Yorick van Pelt 87f11f84b2
maintainers: add serokell team, move various packages to it 2021-05-08 12:11:48 +02:00
Vladimír Čunát 080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Jan Tojnar 468cb5980b gnome: rename from gnome3
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
2021-05-08 09:47:42 +02:00
github-actions[bot] b4416b52c5
Merge master into staging-next 2021-05-08 00:46:50 +00:00
Evils 3d043c6939 nixosTests.fancontrol: fix test
and set myself (module author) as maintainer
2021-05-07 11:46:40 -07:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Robin Gloster 29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable
nixos/network: allow configuring tempaddr for undeclared interfaces
2021-05-07 13:01:29 -05:00
ajs124 cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5
spidermonkey_1_8_5: drop
2021-05-07 18:55:49 +02:00
Vladimír Čunát 9f054b5e1a
treewide: remove worldofpeace from meta.maintainers
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
2021-05-07 15:36:40 +02:00
github-actions[bot] 12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Jan Tojnar 941b15b003
librsvg: register installed tests 2021-05-05 22:20:22 +02:00
github-actions[bot] af9d9374fa
Merge staging-next into staging 2021-05-05 12:23:47 +00:00
Michael Weiss ff5fdec093
Merge pull request #121437 from primeos/nixos-tests-sway
nixos/tests/sway: init
2021-05-05 13:52:51 +02:00
github-actions[bot] dbc1478d23
Merge staging-next into staging 2021-05-05 06:21:29 +00:00
Ben Siraphob a913f3ff49 nixos/tests/wmderland: remove stdenv.lib 2021-05-05 01:43:05 -04:00
github-actions[bot] 4cbb35eba8
Merge staging-next into staging 2021-05-04 18:21:27 +00:00
talyz 8f83860a0a keycloak.tests: Make sure databaseUsername is either ignored...
...or used correctly.
2021-05-04 19:27:08 +02:00
Robert Schütz 762be5c86d nixos/radicale: harden systemd unit 2021-05-04 17:43:26 +02:00
Michael Weiss 957b7a476e
nixos/tests/sway: init
This adds a basic test for Sway. Because Sway is an important part of
the Wayland ecosystem, is stable, and has few dependencies this test
should also be suitable for testing core packages it depends on (e.g.
wayland, wayland-protocols, wlroots, xwayland, mesa, libglvnd, libdrm,
and soon libseat).

The test is modeled after the suggested way of using Sway, i.e. logging
in via a virtual console (tty1) and copying the configuration from
/etc/sway/config (we replace Mod4 (the GNU/Tux key - you've replaced
that evil logo, right? :D) with Mod1 (Alt key) because QEMU monitor's
sendkey command doesn't support the former).

The shell aliases are used to make the sendkey log output shorter.

Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
2021-05-04 16:52:36 +02:00
Robert Schütz 022c5b0922 nixos/radicale: add settings option
The radicale version is no longer chosen automatically based on
system.stateVersion because that gave the impression that old versions
are still supported.
2021-05-04 10:22:05 +02:00
github-actions[bot] 98d7aac597
Merge staging-next into staging 2021-05-04 00:49:43 +00:00
WilliButz a2adfae036
Merge pull request #121599 from Ma27/knot-exporter-patch
prometheus-knot-exporter: add patch to fix stats
2021-05-04 01:02:28 +02:00
Andreas Rammhold 3ec6977d30
Merge pull request #89572 from rissson/nixos/unbound
nixos/unbound: add settings option, deprecate extraConfig
2021-05-03 21:49:24 +02:00
Luke Granger-Brown 62f675eff6
Merge pull request #121558 from sumnerevans/fix-airsonic-service
airsonic: force use of jre8
2021-05-03 20:43:00 +01:00
Luke Granger-Brown 4e98ae6418
Merge pull request #120548 from minijackson/jellyfin-enhanced-test
nixos/tests/jellyfin: enhanced test
2021-05-03 20:38:22 +01:00
Sumner Evans 1ce3067c42
airsonic: add test for module 2021-05-03 13:27:23 -06:00
Marc 'risson' Schmitt 52f6733203
nixos/unbound: deprecate extraConfig in favor of settings
Follow RFC 42 by having a settings option that is
then converted into an unbound configuration file
instead of having an extraConfig option.

Existing options have been renamed or kept if
possible.

An enableRemoteAccess has been added. It sets remote-control setting to
true in unbound.conf which in turn enables the new wrapping of
unbound-control to access the server locally.  Also includes options
'remoteAccessInterfaces' and 'remoteAccessPort' for remote access.

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2021-05-03 21:27:15 +02:00
Minijackson 2ab88a31fe
nixos/tests/jellyfin: enhanced test 2021-05-03 20:48:13 +02:00
github-actions[bot] 5e177b16b1
Merge staging-next into staging 2021-05-03 18:25:49 +00:00
Luke Granger-Brown 049850341e
Merge pull request #121540 from lukegb/postfix-compat
nixos/tests/rspamd: fix OOM flakyness
2021-05-03 17:36:46 +01:00
Luke Granger-Brown 4e06e6e005
Merge pull request #121541 from lukegb/git-test
nixos/tests/gitdaemon: deflake by using systemd-tmpfiles
2021-05-03 17:36:01 +01:00
Luke Granger-Brown 4f9fe889b8
Merge pull request #121548 from lukegb/bios-usb-better
nixos/tests/installer: fix for i686-linux
2021-05-03 17:35:24 +01:00
Martin Weinelt d23610ae65
Merge pull request #121209 from mweinelt/pinnwand 2021-05-03 18:24:45 +02:00
Maximilian Bosch 75c5a703ab
prometheus-knot-exporter: add patch to fix stats
This is a patch I filed against upstream[1] a while ago. As it isn't
merged yet and fixes configurations with all stats enabled in knot
(otherwise it'd crash when sending a request to `localhost:9433`), I
decided that it makes sense to add it to the package directly.

I extended the test to make sure that it only passes with this patch.

[1] https://github.com/ghedo/knot_exporter/pull/6
2021-05-03 17:27:36 +02:00
Florian Klink 9071cb3001
Merge pull request #121416 from primeos/nixos-tests-replace-QEMU_OPTS
nixos/tests: Replace QEMU_OPTS usages with virtualisation.qemu.options
2021-05-03 17:23:49 +02:00
Luke Granger-Brown a0da004326
Merge pull request #121376 from urbas/amazon-init-shell-script-support
nixos/amazon-init: add user-data shell script support
2021-05-03 16:01:26 +01:00
Martin Weinelt b208338c36
nixos/tests/pinnwand: use wait_for_open_port instead of direct sockstat call 2021-05-03 16:52:06 +02:00
Martin Weinelt 7b2bc43dba
nixos/tests/pinnwand: add negative-test for the reaper
The reaper, at this point, should not delete a freshly created paste.
2021-05-03 16:52:05 +02:00
Martin Weinelt f1c32c2809
nixos/tests/pinnwand: show systemd-analyze security
Easy way to revisit the hardening setup of the systemd unit.
2021-05-03 16:52:05 +02:00
ajs124 891a83d948 nixosTests.couchdb: clean up 2021-05-03 15:42:36 +02:00
ajs124 29bcaf04cb couchdb2: drop 2021-05-03 15:41:42 +02:00
github-actions[bot] a4c3a2d732
Merge staging-next into staging 2021-05-03 12:26:48 +00:00
Michele Guerini Rocco e5bbb1cf33
Merge pull request #121539 from lukegb/custom-ca-debug
nixos/tests/custom-ca: fix by setting Content-Type
2021-05-03 10:49:57 +02:00
Luke Granger-Brown d922cad4d6
Merge pull request #119172 from midchildan/package/trafficserver
nixos/trafficserver: init
2021-05-03 09:48:07 +01:00
Luke Granger-Brown b942e0f650 nixos/tests/installer: don't break under i686
Currently, the installer tests just hang after the initial install phase
on i686 because qemu just quits because of the gic parameter.

Fix this by doing x86 things for both x86-64 and i686.
2021-05-03 01:44:54 +00:00
github-actions[bot] afe3fd192f
Merge staging-next into staging 2021-05-03 00:53:51 +00:00
Martin Weinelt d67fc76603
Merge pull request #120536 from mweinelt/mosquitto 2021-05-03 00:41:21 +02:00
Martin Weinelt 1dbb60f562
nixos/tests/home-assistant: update maintainership to home-assistant team 2021-05-03 00:21:25 +02:00
Martin Weinelt 8ab7fc1107
nixos/tests/home-assistant: test capability passing
Configures the emulated_hue component and expects CAP_NET_BIND_SERVICE
to be passed in order to be able to bind to 80/tcp.

Also print the systemd security analysis, so we can spot changes more
quickly.
2021-05-03 00:21:25 +02:00
Luke Granger-Brown f2a91ec2b7 nixos/tests/gitdaemon: deflake by using systemd-tmpfiles
git-daemon won't start up if its project directory (here /git) doesn't
exist. If we try to create it using the test harness, then we're racing
whether we manage to connect to the backdoor vs. the startup speed of
git-daemon.

Instead, use systemd-tmpfiles, which is guaranteed(?) to run before
network.target and thus before git-daemon.service starts.
2021-05-02 21:58:43 +00:00
Luke Granger-Brown a6fb22a689 nixos/tests/rspamd: increase memory
rspamd seems to be consuming more memory now sometimes, causing OOMs in
the test.

Increase the memory given to these VMs to make the tests pass more
reliably.
2021-05-02 21:50:17 +00:00
Luke Granger-Brown da000ae239 nixos/tests/custom-ca: fix by setting Content-Type
This test was failing because Firefox was displaying a download prompt
rather than the page content, presumably because mumble mumble
content-type sniffing.

By explicitly setting a content-type, the test now passes.
2021-05-02 21:38:56 +00:00
Serval 2dfa311e56
v2ray: 4.37.3 -> 4.38.3 2021-05-02 19:39:24 +08:00
Michael Weiss c6325c8325
nixos/tests: Replace QEMU_OPTS usages with virtualisation.qemu.options
See [0]: "QEMU_OPTS is something that should be set by people running VM
tests interactively, to do port forwardings etc.
We really should not poke with it from the test script - that's what
virtualisation.qemu.options is for."

[0]: https://github.com/NixOS/nixpkgs/pull/119615#discussion_r624145020

Co-authored-by: Florian Klink <flokli@flokli.de>
2021-05-01 20:20:29 +02:00
Martin Weinelt 33e867620e
nixos/mosquitto: harden systemd unit
It can still network, it can only access the ssl related files if ssl is
enabled.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                  0.1

→ Overall exposure level for mosquitto.service: 1.1 OK 🙂
2021-05-01 19:46:48 +02:00
github-actions[bot] ef6416a6ba
Merge staging-next into staging 2021-05-01 00:54:32 +00:00
Martin Weinelt efb30a191e
Merge pull request #120529 from mweinelt/zigbee2mqtt 2021-04-30 21:59:22 +02:00
Florian Klink 44a0debca7
Merge pull request #121021 from pennae/container-sigterm
nixos/nix-containers: use SIGTERM to stop containers
2021-04-30 21:35:16 +02:00
github-actions[bot] 20ebbe6b59
Merge staging-next into staging 2021-04-30 18:26:34 +00:00
Martin Weinelt f1e7183f69
nixos/tests/zigbee2mqtt: relax DevicePolicy and log systemd-analye security 2021-04-30 19:42:26 +02:00
Michael Weiss 28b8cff301
nixos/tests/cage: Fix the test with wlroots 0.13
See #119615 for more details. The aarch64-linux test failed with
"qemu-system-aarch64: Virtio VGA not available" so I've restricted the
test to x86_64-linux (the virtio paravirtualized 3D graphics driver is
likely only available on very few platforms).
2021-04-30 15:57:04 +02:00
pennae 317a2c9f26 nixos/nix-containers: add tests for early/no-machined container stop 2021-04-30 15:43:27 +02:00
github-actions[bot] b4766e97ee
Merge staging-next into staging 2021-04-30 00:52:06 +00:00
Michael Weiss af99194379
nixos/tests/cage: Increase the xterm font size to fix the test
The result still looks far from ideal but at least it gets recognized
now. "-fa Monospace" is required to switch to a font from the FreeType
library so that "-fs 24" works.

Note: Using linuxPackages_latest is not required anymore.
2021-04-29 21:08:10 +02:00
github-actions[bot] 3ad64733d9
Merge staging-next into staging 2021-04-29 18:28:08 +00:00
Kim Lindberger abecdfea73
Merge pull request #120833 from talyz/pipewire-0.3.26
pipewire: 0.3.25 -> 0.3.26
2021-04-29 18:46:35 +02:00
Florian Klink 7f9a5ad257
cage: drop maintainership (#121174)
I cannot currently maintain this, as I don't have access to the hardware
running it anymore.
2021-04-29 18:07:13 +02:00
github-actions[bot] 54e69b71cd
Merge staging-next into staging 2021-04-29 12:26:05 +00:00
Jörg Thalheim 243521f52f
nixos/lxd: fix race condition in test 2021-04-29 11:40:00 +02:00
WilliButz 674cea17a7
Merge pull request #120492 from SuperSandro2000/prometheus-unbound-exporter
Prometheus unbound exporter
2021-04-29 10:54:22 +02:00
Sandro Jäckel d3fe53a8a6
nixos/tests/prometheus-exporters: nixpkgs-fmt 2021-04-29 06:19:31 +02:00
Sandro Jäckel da858b16b8
nixos/tests/prometheus-exporters: add unbound test
Author: WilliButz <willibutz@posteo.de>
2021-04-29 06:19:30 +02:00
Jan Tojnar 76c3a6aafd
Merge branch 'staging-next' into staging 2021-04-29 02:35:54 +02:00
Luke Granger-Brown f64e68e09b
Merge pull request #120071 from johanot/ceph-16
ceph: 15.2.10 -> 16.2.1
2021-04-29 00:03:45 +01:00
github-actions[bot] 655989d7b3
Merge staging-next into staging 2021-04-28 00:15:29 +00:00
Samuel Dionne-Riel 1f4dedfa64
Merge pull request #120667 from samueldr/fix/grub1-test
nixosTests.installer: Fix grub1 test being unreliable
2021-04-27 19:32:13 -04:00
github-actions[bot] 97889a52e1
Merge staging-next into staging 2021-04-27 18:14:28 +00:00
talyz 1215bd4ea9
Revert "nixos/tests/gitlab: add 32 byte secrets"
This reverts commit d6e0d38b84.

We need shorter secrets to continue working, since the earlier
recommendation was too short and there's no way to rotate the them.
2021-04-27 18:08:59 +02:00
Linus Heckemann 4c4ac4bb20 nixos/network: allow configuring tempaddr for undeclared interfaces 2021-04-27 16:43:30 +02:00
talyz 6edd102013
pipewire: Fix tests 2021-04-27 12:41:35 +02:00
github-actions[bot] f0290a5d27
Merge staging-next into staging 2021-04-26 18:14:28 +00:00
Luke Granger-Brown 825a9ad1f9
Merge pull request #120286 from lukegb/hibernate-install
nixos/tests/hibernate: install a system instead
2021-04-26 18:00:41 +01:00
midchildan 5bfb427b15
nixos/tests/trafficserver: init 2021-04-27 00:02:19 +09:00
Samuel Dionne-Riel 7d112134de nixosTests.installer: Fix grub1 test being unreliable
The kernel sometimes assigns `/dev/sdb` to the 8GiB disk. This, in turn,
means the test will fail because we're targeting the wrong disk.

```
machine # [    0.000000] sd 2:0:0:0: [sda] 16777216 512-byte logical blocks: (8.59 GB/8.00 GiB)
machine # [    0.000000] sd 3:0:0:0: [sdb] 1048576 512-byte logical blocks: (537 MB/512 MiB)
```

```
machine # [    0.000000] sd 2:0:0:0: [sdb] 16777216 512-byte logical blocks: (8.59 GB/8.00 GiB)
machine # [    0.000000] sd 3:0:0:0: [sda] 1048576 512-byte logical blocks: (537 MB/512 MiB)
```

Note how the "sd x:0:0:0:` ID is stable. That is because QEMU **is**
told to give specific identifiers to the disks. So using the
dev/disk/by-id/ identifiers is stable.

* * *

Tested by forcing the sda/sdb swap this way:

    diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
    index 24c55081f9a..2eee224351b 100644
    --- a/nixos/tests/installer.nix
    +++ b/nixos/tests/installer.nix
    @@ -702,12 +702,19 @@ in {
               + " mkpart primary linux-swap 1M 1024M"
               + " mkpart primary ext2 1024M -1s",
               "udevadm settle",
    +      )
    +      print(machine.succeed("find /dev/disk/ '!' -type d -printf '%p → %l\n' | sort"))
    +      machine.succeed(
               "mkswap ${grubDevice}-part1 -L swap",
               "swapon -L swap",
               "mkfs.ext3 -L nixos ${grubDevice}-part2",
               "mount LABEL=nixos /mnt",
               "mkdir -p /mnt/tmp",
           )
    +      machine.succeed("echo success")
    +      machine.succeed(
    +          'if [[ "$(find ${grubDevice} -printf \'%l\')" != "../../sdb" ]]; then exit 22; else true; fi'
    +      )
         '';
         grubVersion = 1;
         # /dev/sda is not stable, even when the SCSI disk number is.

And ran this way:

     $ until (clear; tmux clear ; time env -i nix-build nixos/release-combined.nix -A nixos.tests.installer.grub1.x86_64-linux); do echo derp; done
2021-04-25 19:59:29 -04:00
github-actions[bot] 9a945aac72
Merge staging-next into staging 2021-04-25 18:14:18 +00:00
Luke Granger-Brown ed83f6455c
Merge pull request #119443 from ambroisie/add-podgrab
Add podgrab package and module
2021-04-25 14:12:40 +01:00
github-actions[bot] 1626c4772a
Merge staging-next into staging 2021-04-25 12:06:12 +00:00
Frederik Rietdijk c648f7ee2a Merge master into staging-next 2021-04-25 13:54:29 +02:00
Luke Granger-Brown 0cc25061b0
Merge pull request #114240 from sorki/containers/nested
nixos/nixos-containers: default boot.enableContainers to true
2021-04-25 11:37:01 +01:00
Jan Tojnar c1f851b2ee
Merge branch 'staging-next' into staging 2021-04-25 08:22:13 +02:00
github-actions[bot] a956f62ea4
Merge master into staging-next 2021-04-25 06:05:34 +00:00
Jan Tojnar 0f1c4558d3
Merge branch 'master' into staging-next
Choose binwalk 2.3.1, 27 is legacy version for Python 2.
2021-04-25 02:50:48 +02:00
Martin Weinelt ceb26b53d8 nixos/tests/babeld: drop forwarding sysctls
They are now set as part of the babeld module.
2021-04-25 00:55:05 +02:00
Maximilian Bosch 7b2982e22e
Merge pull request #119498 from mweinelt/tests-bird
nixos/test/prometheus-exporters/bird: fix race condition
2021-04-24 21:13:09 +02:00
Michael Raskin d04f1c4314
Merge pull request #101071 from ju1m/apparmor
apparmor: try again to fix and improve
2021-04-24 11:24:26 +00:00
github-actions[bot] 944e32775d
Merge staging-next into staging 2021-04-24 00:16:20 +00:00
github-actions[bot] 6e7c70d02d
Merge master into staging-next 2021-04-24 00:16:17 +00:00
Martin Weinelt fc55a1bdd4
nixos/tests/prometheus-exporters/bird: set router id
Previously bird would refuse to start up because the router id wasn't
set.

> bird[682]: Cannot determine router ID, please configure it manually
2021-04-23 23:34:26 +02:00
Maximilian Bosch f62b42f405
Merge pull request #120125 from BBBSnowball/pr-add-config-nextcloud-imagick-rename-option
nixos/nextcloud: Rename option disableImagemagick to enableImagemagick
2021-04-23 23:27:34 +02:00
davidak 513143fe4e kbd: add tests and update them 2021-04-23 16:41:11 +02:00
Julien Moutinho 76887d750b nixos/apparmor: add test for apparmorRulesFromClosure 2021-04-23 07:20:20 +02:00
Luke Granger-Brown 32d80aaaa5 nixos/tests/hibernate: install a system instead
Rather than relying on carefully avoiding touching the 9P-mounted
/nix/store, we instead install a small NixOS system, similar to
the installer tests, and boot from that.

This avoids the various pitfalls associated with trying to unsuspend
properly and trades off a bunch of boilerplate for what will hopefully
be a more reliable test.

Additionally, this test now actually tests booting the system using a
bootloader, rather than the previous method of just booting the kernel
directly.
2021-04-23 01:30:38 +00:00
github-actions[bot] b95da5efb6
Merge master into staging-next 2021-04-22 18:14:27 +00:00
github-actions[bot] 120744d620
Merge master into staging-next 2021-04-22 12:06:24 +00:00
Johan Thomsen 8a6e130c71 nixos/ceph: fix tests
- 512 -> 1024MB vm memory (had sporadic oom-failures with the lower setting)

- set "auth_allow_insecure_global_id_reclaim=false" as described here: https://docs.ceph.com/en/latest/security/CVE-2021-20288/
2021-04-22 13:17:57 +02:00
Jörg Thalheim 40945d399d
quagga: remove
Upstream repositories do no longer exists. There has been no release in
a while. - Not a good combination for a network daemon running as root
in C that parses network packets...
2021-04-22 12:48:48 +02:00
Michael Weiss 3e01d42024
maintainers: remove tavyc
Their last commit was dcc84d8 from 2017.
Thank you for your contributions.
2021-04-22 11:34:25 +02:00
Benjamin Koch 8122221c9b nixos/nextcloud: Rename services.nextcloud.nginx.disableImagemagick to services.nextcloud.nginx.enableImagemagick
Enable options are preferred. Suggested here:
https://github.com/NixOS/nixpkgs/pull/115372#issuecomment-821900334
2021-04-22 02:17:12 +02:00
github-actions[bot] 9b3e698b14
Merge master into staging-next 2021-04-21 12:06:23 +00:00
Oleksii Filonenko c2900f685f
Merge pull request #111518 from Jaculabilis/nebula
nixos/nebula: add basic module
2021-04-21 11:17:30 +03:00
github-actions[bot] 6ef7c23763
Merge master into staging-next 2021-04-19 18:11:51 +00:00
Lorenz Leutgeb 0b0cd3f6aa
mxisd: remove (#119372)
* mxisd: remove

See EOL notice at https://github.com/kamax-matrix/mxisd/blob/master/EOL.md#end-of-life-notice

* mxisd: Add throwing EOL notice
2021-04-19 11:26:08 -04:00
github-actions[bot] a28d31ed86
Merge master into staging-next 2021-04-19 00:15:22 +00:00
Michele Guerini Rocco 27b95afbb8
Merge pull request #119529 from Lassulus/searx_1.0.0
searx: 0.18.0 -> 1.0.0
2021-04-19 00:38:09 +02:00
rnhmjoj d0d77ec032
nixos/tests/searx: fix for 1.0 update 2021-04-19 00:13:05 +02:00
github-actions[bot] b57b2b362c
Merge master into staging-next 2021-04-18 18:10:37 +00:00
sternenseemann f85086f6c3 nixos/tests/packagekit: fix test machine evaluation
aa22be179a dropped the backend setting
which was used in the test, breaking evaluation of the test in the
process. Kind of defeats the purpose of a test if it isn't executed
before merging a change to a module…
2021-04-18 18:40:06 +02:00
Matej Urbas db5b547b25 nixos/amazon-init: add user-data shell script support 2021-04-18 10:19:06 +01:00
Morgan Jones 064e0af80b nixos/nebula: Add enable option defaulting to true to Nebula networks 2021-04-16 19:57:02 -07:00
github-actions[bot] d4f421cad9
Merge master into staging-next 2021-04-16 12:06:14 +00:00
Robert Hensing 578acc7a42
Merge pull request #118018 from considerate/master
dockerTools: Implement merging of image tarballs
2021-04-16 09:17:44 +02:00
ajs124 90f6033984 nixos/tests/dovecot: set mailUser and mailGroup 2021-04-16 00:43:11 +02:00
Bruno BELANYI 1144486f3a nixos/tests/podgrab: init 2021-04-15 20:57:22 +00:00
Martin Weinelt 65234f0911
nixos/test/prometheus-exporters/bird: fix race condition
The bird socket would not always be instantly present, when the exporter
was queried, leading to the test sometimes failing in its entirety.
2021-04-15 03:18:07 +02:00
Martin Weinelt 7cf67850c0
Merge branch 'master' into staging-next 2021-04-15 01:01:26 +02:00
Guillaume Girol f1a2ab6818
Merge pull request #115332 from symphorien/usertype
nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
2021-04-14 19:38:26 +00:00
Symphorien Gibol 7a87973b4c nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
As the only consequence of isSystemUser is that if the uid is null then
it's allocated below 500, if a user has uid = something below 500 then
we don't require isSystemUser to be set.

Motivation: https://github.com/NixOS/nixpkgs/issues/112647
2021-04-14 20:40:00 +02:00