1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00
Commit graph

377 commits

Author SHA1 Message Date
aszlig 9ed9e268a2
Merge pull request #14476 (taskserver)
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.

Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.

The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.

Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.

I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
2016-04-15 00:21:49 +02:00
Vladimír Čunát 39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Eelco Dolstra a42698d2a4 Add a regression test for #14623 2016-04-12 19:13:52 +02:00
Eelco Dolstra 9153d8ed64 Fix X11 tests broken by the removal of -ac
Probably missed a few. Also adding xauth to the system path (it was
already in the closure).
2016-04-12 19:13:47 +02:00
Tuomas Tynkkynen 87b49397bf installer tests: Use different package for testing nix-env -iA
Coreutils is multi-output and the `info` output doesn't seem to be
included on the install disk, failing like this (because now nix-env
wants to build coreutils):

````
machine# these derivations will be built:
machine#   /nix/store/0jk4wzg11sa6cqyw8g7w5lb35axji969-bison-3.0.4.tar.gz.drv
...
machine#   /nix/store/ybjgqwxx63l8cj1s7b8axx09wz06kxbv-coreutils-8.25.drv
machine# building path(s) ‘/nix/store/4xvdi5740vq8vlsi48lik3saz0v5jsx0-coreutils-8.25.tar.xz’
machine# downloading ‘http://ftpmirror.gnu.org/coreutils/coreutils-8.25.tar.xz’...
machine# error: unable to download ‘http://ftpmirror.gnu.org/coreutils/coreutils-8.25.tar.xz’: Couldn't resolve host name (6)
machine# builder for ‘/nix/store/5j3bc5sjr6271fnjh9gk9hrid8kgbpx3-coreutils-8.25.tar.xz.drv’ failed with exit code 1
machine# cannot build derivation ‘/nix/store/ybjgqwxx63l8cj1s7b8axx09wz06kxbv-coreutils-8.25.drv’: 1 dependencies couldn't be built
machine# error: build of ‘/nix/store/ybjgqwxx63l8cj1s7b8axx09wz06kxbv-coreutils-8.25.drv’ failed
````
2016-04-12 17:29:15 +03:00
aszlig e2383b84f8
nixos/taskserver/helper: Improve CLI subcommands
Try to match the subcommands to act more like the subcommands from the
taskd binary and also add a subcommand to list groups.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:38:37 +02:00
aszlig ce0954020c
nixos/taskserver: Set allowedTCPPorts accordingly
As suggested by @matthiasbeyer:

"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"

This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".

In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:16:15 +02:00
aszlig a41b109bc1
nixos/taskserver: Don't change imperative users
Whenever the nixos-taskserver tool was invoked manually for creating an
organisation/group/user we now add an empty file called .imperative to
the data directory.

During the preStart of the Taskserver service, we use process-json which
in turn now checks whether those .imperative files exist and if so, it
doesn't do anything with it.

This should now ensure that whenever there is a manually created user,
it doesn't get killed off by the declarative configuration in case it
shouldn't exist within that configuration.

In addition, we also add a small subtest to check whether this is
happening or not and fail if the imperatively created user got deleted
by process-json.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 03:42:13 +02:00
aszlig cfb6ce2abe
nixos/tests/taskserver: Make tests less noisy
We were putting the whole output of "nixos-taskserver export-user" from
the server to the respective client and on every such operation the
whole output was shown again in the test log.

Now we're *only* showing these details whenever a user import fails on
the client.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:49:47 +02:00
aszlig 7889fcfa41
nixos/taskserver/helper: Implement deletion
Now we finally can delete organisations, groups and users along with
certificate revocation. The new subtests now make sure that the client
certificate is also revoked (both when removing the whole organisation
and just a single user).

If we use the imperative way to add and delete users, we have to restart
the Taskserver in order for the CRL to be effective.

However, by using the declarative configuration we now get this for
free, because removing a user will also restart the service and thus its
client certificate will end up in the CRL.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:41:41 +02:00
aszlig 3affead91b
nixos/taskserver: Move .pki.fqdn to .fqdn
It's not necessarily related to the PKI options, because this is also
used for setting the server address on the Taskwarrior client.

So if someone doesn't have his/her own certificates from another CA, all
options that need to be adjusted are in .pki. And if someone doesn't
want to bother with getting certificates from another CA, (s)he just
doesn't set anything in .pki.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:42:20 +02:00
aszlig 6de94e7d24
nixos/taskserver: Rename .server options to .pki
After moving out the PKI-unrelated options, let's name this a bit more
appropriate, so we can finally get rid of the taskserver.server thing.

This also moves taskserver.caCert to taskserver.pki.caCert, because that
clearly belongs to the PKI options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:38:16 +02:00
aszlig d6bd457d1f
nixos/taskserver: Rename server.{host,port}
Having an option called services.taskserver.server.host is quite
confusing because we already have "server" in the service name, so let's
first get rid of the listening options before we rename the rest of the
options in that .server attribute.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:26:34 +02:00
aszlig 636e0e552d
nixos/tests/taskserver: Test imperative users
As the nixos-taskserver command can also be used to imperatively manage
users, we need to test this as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:03:16 +02:00
Joachim Fasting cef2814a4f nixos: add optional process information hiding
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner.  The module adds a static group "proc"
whose members are exempt from process information hiding.

Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.

To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.

Thanks to @abbradar for feedback and suggestions.
2016-04-10 12:27:06 +02:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
aszlig 2d89617052
nixos/taskserver: Rename nixos-taskdctl
Using nixos-taskserver is more verbose but less cryptic and I think it
fits the purpose better because it can't be confused to be a wrapper
around the taskdctl command from the upstream project as
nixos-taskserver shares no commonalities with it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 61b8d9ebe0
nixos/tests: Add a test for the Taskserver service
A small test which checks whether tasks can be synced using the
Taskserver.

It doesn't test group functionality because I suspect that they're not
yet implemented upstream. I haven't done an in-depth check on that but I
couldn't find a method of linking groups to users yet so I guess this
will get in with one of the text releases of Taskwarrior/Taskserver.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
aszlig a3ac630092
nixos/tests: Add a test for keyboard layouts
I had the basic version of this laying around for some while but didn't
continue on it. Originally it was for testing support for the Neo layout
introduced back then (8cd6d53).

We only test the first three Neo layers, because the last three layers
are largely comprised of special characters and in addition to that the
support for the VT keymap seems to be limited compared to the Xorg
keymap.

Yesterday @NicolasPetton on IRC had troubles with the Colemak layout
(IRC logs: http://nixos.org/irc/logs/log.20160330, starting at 16:08)
and I found that test again, so I went for improving and adding to
<nixpkgs>.

While the original problem seemed to be related to GDM, we can still add
another subtest that checks whether GDM correctly applies the keyboard
layout. However I don't have a clue how to properly configure the
keyboard layout on GDM, at least not within the NixOS configuration.

The main goal of this test is not to test a complete set of all key
mappings but to check whether the keymap is loaded and working at all.

It also serves as an example for NixOS keyboard configurations.

The list of keyboard layouts is by no means complete, so everybody is
free to add their own to the test or improve the existing ones.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-31 09:49:08 +02:00
Eelco Dolstra 1783e33b06 Fix the boot-ec2-config test 2016-03-30 22:22:40 +02:00
Eelco Dolstra 0d3738cdcc Fix the EC2 test
We now generate a qcow2 image to prevent hitting Hydra's output size
limit. Also updated /root/user-data -> /etc/ec2-metadata/user-data.

http://hydra.nixos.org/build/33843133
2016-03-30 21:50:23 +02:00
Graham Christensen 37617a2c45 nixos.tests.installer.swraid: mdadm verbosity
These two steps seem to fail intermittently with exit code 1. It isn't clear to me why, or what the issue is. Adding the `--verbose` option, hoping to capture some debugging information which might aid stabilization. Also: I was unable to replicate the failure locally.
2016-03-28 14:00:00 -05:00
Joachim Fasting ea443d719c nixos/tests: implement a trivial test for sudo
This is an alternative to NixOS/nixpkgs#6721, with
improvements suggested by @edolstra
2016-03-25 06:33:11 +01:00
Joachim Fasting 2438c61255 dnscrypt-proxy vmtest: more specific waitForUnit
The test sometimes times out waiting for multi-user.target; this
should be more robust.
2016-03-24 17:14:22 +01:00
Domen Kožar ba78130c21 remove elrangR15 and riak 1.3.0 as they're outdated
(cherry picked from commit 4452a68425)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-22 21:40:07 +00:00
aszlig e047d79279
nixos/tests/chromium: Propagate "system" to pkgs
Assigning the channelMap by the function attrset argument at the
top-level of the test expression file may reference a different
architecture than we need for the tests.

So if we get the pkgs attribute by auto-calling, this will lead to test
failure because we have a different architecture for the test than for
the browser.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-21 03:50:38 +01:00
aszlig 3bd71b135b
nixos/tests/chromium: Allow overriding channel map
This has been the case before e45c211, but it turns out that it's very
useful to override the channel packages so we can run tests with
different Chromium build options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 22:20:39 +01:00
Joachim Fasting ece457c62f nixos/tests: fix docker test
The docker service is socket activated by default; thus,
`waitForUnit("docker.service")` before any docker command causes the
unit test to time out.

Instead, do `waitForUnit("sockets.target")` to ensure that sockets are
setup before running docker commands.
2016-03-19 03:18:17 +01:00
Peter Simons c523aeffde nixos/tests/firewall.nix: ping now succeeds in the firewall's default configuration 2016-03-18 11:44:07 +01:00
Joachim Fasting 19492185fa nixos/tests: implement dnscrypt-proxy test
This test verifies that the daemon actually activates upon a
user-initiated ping, when using the recommended configuration.
2016-03-11 11:35:09 +01:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
joachifm 4fa37759be Merge pull request #13548 from joelmo/nixos-unstable
avahi: fix test
2016-03-02 20:55:42 +00:00
Domen Kožar ba05826707 Attempt to fix transient grub1 test kernel panics
Example: http://hydra.nixos.org/build/32469819/nixlog/26/raw
2016-03-02 17:31:57 +00:00
aszlig 1f89aa6c7f
nixos/tests: Remove tests.boot.boot* prefixes
As @bobvanderlinden suggests in #13585:

"Looks like that cleans things up quite a bit! Just one aesthetics note,
the boot tests could now be renamed from boot.bootBiosCdrom to
boot.biosCdrom in nixos/tests/boot.nix:L33.

That makes them more consistent with the other tests."

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-01 19:02:36 +01:00
aszlig e45c211b50
nixos/tests/chromium: Split up into subtests
This makes it easier to test just a specific channel rather than to
force testing all builds down the users/testers throat. Especially this
makes it easier to test NixOS channel upgrades only against the Chromium
stable channel instead of just removing the beta/dev channels from the
tests entirely (as done in 69ec09f38a).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-01 01:04:51 +01:00
aszlig 2f2536b935
nixos/tests/networking: Expose subtests via attrs
So far the networking test expression only generated a single test
depending on the passed "test" attribute. This makes it difficult to
autodiscover the subtests with our shiny new callSubTests function.

This change essentially doesn't change the behaviour of the subtests but
rather exposes them as an attribute set instead of relying on a
particular input argument.

The useNetworkd argument still exists however.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @wkennington
2016-03-01 01:04:42 +01:00
aszlig 5bab623fb9
nixos/tests/virtualbox: Split up subtests
Now subtests are separate derivations, because the individual tests do
not depend on state from previous test runs.

This has the advantage that it's easier to run individiual tests and
it's also easier to pinpoint individual tests that randomly fail.

I ran all of these tests locally and they still succeed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-29 20:15:31 +01:00
Joel Moberg 75e96d2c30 avahi: fix test
Reflects module changes made by cdd7310a50
2016-02-28 16:18:39 +01:00
Eelco Dolstra d4636fa254 Revert "Add a way to pin a NixOS version within the module system."
This reverts commit a5992ad61b. Motivation:

a5992ad61b (commitcomment-14986820)
2016-02-27 20:48:12 +01:00
Nikolay Amiantov 8b124b7521 nixos.tests.printing: fix for new CUPS version
It looks like now queue is not immediately cleared from cancelled jobs.
Instead, files like "c00001" are left alongside "d00001-001", and
cleanup happens at some later point of time. Also, all new jobs are
assigned consecutive numbers now (00002, 00003 etc.). So when
original d00001 file is finally cleaned, it breaks the test. Fixed
by checking for any "d*" file inside the queue and cleaning it by
ourselves to ensure that each job works correctly.
2016-02-22 12:42:06 +03:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Eelco Dolstra abdbdbebf6 nixos/tests/simple.nix: Include minimal.nix
This reduces the amount of rebuilds (particularly some X11 stuff)
after changing some dependencies like systemd.
2016-02-12 14:35:41 +01:00
Aneesh Agrawal 3c5fca9618 filesystems: use list of strings for fs options
Allow usage of list of strings instead of a comma-separated string
for filesystem options. Deprecate the comma-separated string style
with a warning message; convert this to a hard error after 16.09.
15.09 was just released, so this provides a deprecation period during
the 16.03 release.

closes #10518

Signed-off-by: Robin Gloster <mail@glob.in>
2016-02-06 19:48:30 +00:00
Robin Gloster f7aa921773 Merge pull request #12560 from tvestelind/haka
Haka: new package
2016-02-06 20:32:39 +01:00
Vladimír Čunát ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Eelco Dolstra 69ec09f38a Don't make chromium-beta/dev release blockers
Generally we shouldn't ship pre-release versions anyway, and we
certainly don't want them to be release blockers. Also, chromium
builds are just too slow to have them blocking the channel (see
https://github.com/NixOS/nixpkgs/issues/12794).
2016-02-03 11:49:50 +01:00
Eelco Dolstra cc925d0506 boot.initrd.network: Support DHCP
This allows us to use it for EC2 instances.
2016-02-02 19:59:27 +01:00
Dan Peebles dd18447055 grsecurity: add NixOS VM test 2016-01-24 04:06:19 +00:00
Tomas Vestelind 198c03bffe haka: very basic testing 2016-01-23 01:20:14 +01:00