diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2020-03-31 21:32:15 +0200 |
---|---|---|
committer | Jan Tojnar <jtojnar@gmail.com> | 2020-03-31 21:32:15 +0200 |
commit | 3e0f4e202f4221d5a05a9664fd46e492de711fa2 (patch) | |
tree | 5f62c67bff9ccc643621e80b04cf43e3959d723d /nixos | |
parent | a803f716bdf756edaedbdd99d66cf04f27496682 (diff) | |
parent | a8811cb82bab25aa835a09dc48a2d9450448d6d5 (diff) | |
download | nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.tar nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.tar.gz nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.tar.bz2 nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.tar.lz nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.tar.xz nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.tar.zst nixpkgs-3e0f4e202f4221d5a05a9664fd46e492de711fa2.zip |
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos')
31 files changed, 505 insertions, 101 deletions
diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py index 7825025893d..744fadb1a4f 100644 --- a/nixos/lib/test-driver/test-driver.py +++ b/nixos/lib/test-driver/test-driver.py @@ -102,10 +102,12 @@ def make_command(args: list) -> str: def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]: global log log.log("starting VDE switch for network {}".format(vlan_nr)) - vde_socket = os.path.abspath("./vde{}.ctl".format(vlan_nr)) + vde_socket = tempfile.mkdtemp( + prefix="nixos-test-vde-", suffix="-vde{}.ctl".format(vlan_nr) + ) pty_master, pty_slave = pty.openpty() vde_process = subprocess.Popen( - ["vde_switch", "-s", vde_socket, "--dirmode", "0777"], + ["vde_switch", "-s", vde_socket, "--dirmode", "0700"], bufsize=1, stdin=pty_slave, stdout=subprocess.PIPE, @@ -939,7 +941,7 @@ if __name__ == "__main__": machine.process.kill() for _, _, process, _ in vde_sockets: - process.kill() + process.terminate() log.close() tic = time.time() diff --git a/nixos/maintainers/scripts/azure-new/.gitignore b/nixos/maintainers/scripts/azure-new/.gitignore new file mode 100644 index 00000000000..26905a86234 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/.gitignore @@ -0,0 +1 @@ +azure \ No newline at end of file diff --git a/nixos/maintainers/scripts/azure-new/README.md b/nixos/maintainers/scripts/azure-new/README.md new file mode 100644 index 00000000000..20e81c44ce5 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/README.md @@ -0,0 +1,42 @@ +# azure + +## Demo + +Here's a demo of this being used: https://asciinema.org/a/euXb9dIeUybE3VkstLWLbvhmp + +## Usage + +This is meant to be an example image that you can copy into your own +project and modify to your own needs. Notice that the example image +includes a built-in test user account, which by default uses your +`~/.ssh/id_ed25519.pub` as an `authorized_key`. + +Build and upload the image +```shell +$ ./upload-image.sh ./examples/basic/image.nix + +... ++ attr=azbasic ++ nix-build ./examples/basic/image.nix --out-link azure +/nix/store/qdpzknpskzw30vba92mb24xzll1dqsmd-azure-image +... +95.5 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 932.9565 +... +/subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/nixos-images/providers/Microsoft.Compute/images/azure-image-todo-makethisbetter +``` + +Take the output, boot an Azure VM: + +``` +img="/subscriptions/.../..." # use output from last command +./boot-vm.sh "${img}" +... +=> booted +``` + +## Future Work + +1. If the user specifies a hard-coded user, then the agent could be removed. + Probably has security benefits; definitely has closure-size benefits. + (It's likely the VM will need to be booted with a special flag. See: + https://github.com/Azure/azure-cli/issues/12775 for details.) diff --git a/nixos/maintainers/scripts/azure-new/boot-vm.sh b/nixos/maintainers/scripts/azure-new/boot-vm.sh new file mode 100755 index 00000000000..1ce3a5f9db1 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/boot-vm.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -euo pipefail +set -x + +image="${1}" +location="westus2" +group="nixos-test-vm" +vm_size="Standard_D2s_v3"; os_size=42; + +# ensure group +az group create --location "westus2" --name "${group}" +group_id="$(az group show --name "${group}" -o tsv --query "[id]")" + +# (optional) identity +if ! az identity show -n "${group}-identity" -g "${group}" &>/dev/stderr; then + az identity create --name "${group}-identity" --resource-group "${group}" +fi + +# (optional) role assignment, to the resource group, bad but not really great alternatives +identity_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[id]")" +principal_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[principalId]")" +until az role assignment create --assignee "${principal_id}" --role "Owner" --scope "${group_id}"; do sleep 1; done + +# boot vm +az vm create \ + --name "${group}-vm" \ + --resource-group "${group}" \ + --assign-identity "${identity_id}" \ + --size "${vm_size}" \ + --os-disk-size-gb "${os_size}" \ + --image "${image}" \ + --admin-username "${USER}" \ + --location "westus2" \ + --storage-sku "Premium_LRS" \ + --ssh-key-values "$(ssh-add -L)" + diff --git a/nixos/maintainers/scripts/azure-new/common.sh b/nixos/maintainers/scripts/azure-new/common.sh new file mode 100644 index 00000000000..eb87c3e0650 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/common.sh @@ -0,0 +1,7 @@ +export group="${AZURE_RESOURCE_GROUP:-"azure"}" +export location="${AZURE_LOCATION:-"westus2"}" + +img_file=$(echo azure/*.vhd) +img_name="$(basename "${img_file}")" +img_name="${img_name%".vhd"}" +export img_name="${img_name//[._]/-}" diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/image.nix b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix new file mode 100644 index 00000000000..74b12815158 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix @@ -0,0 +1,10 @@ +let + pkgs = (import <nixpkgs> {}); + machine = import "${pkgs.path}/nixos/lib/eval-config.nix" { + system = "x86_64-linux"; + modules = [ + ({config, ...}: { imports = [ ./system.nix ]; }) + ]; + }; +in + machine.config.system.build.azureImage diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/system.nix b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix new file mode 100644 index 00000000000..855bd3bab71 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix @@ -0,0 +1,34 @@ +{ pkgs, modulesPath, ... }: + +let username = "azurenixosuser"; +in +{ + imports = [ + "${modulesPath}/virtualisation/azure-common.nix" + "${modulesPath}/virtualisation/azure-image.nix" + ]; + + ## NOTE: This is just an example of how to hard-code a user. + ## The normal Azure agent IS included and DOES provision a user based + ## on the information passed at VM creation time. + users.users."${username}" = { + isNormalUser = true; + home = "/home/${username}"; + description = "Azure NixOS Test User"; + openssh.authorizedKeys.keys = [ (builtins.readFile ~/.ssh/id_ed25519.pub) ]; + }; + nix.trustedUsers = [ username ]; + + virtualisation.azureImage.diskSize = 2500; + + system.stateVersion = "20.03"; + boot.kernelPackages = pkgs.linuxPackages_latest; + + # test user doesn't have a password + services.openssh.passwordAuthentication = false; + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + git file htop wget curl + ]; +} diff --git a/nixos/maintainers/scripts/azure-new/shell.nix b/nixos/maintainers/scripts/azure-new/shell.nix new file mode 100644 index 00000000000..592f1bf9056 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/shell.nix @@ -0,0 +1,13 @@ +with (import ../../../../default.nix {}); +stdenv.mkDerivation { + name = "nixcfg-azure-devenv"; + + nativeBuildInputs = [ + azure-cli + bash + cacert + azure-storage-azcopy + ]; + + AZURE_CONFIG_DIR="/tmp/azure-cli/.azure"; +} diff --git a/nixos/maintainers/scripts/azure-new/upload-image.sh b/nixos/maintainers/scripts/azure-new/upload-image.sh new file mode 100755 index 00000000000..1466dcd1f0a --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/upload-image.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash +set -euo pipefail +set -x + +image_nix="${1:-"./examples/basic/image.nix"}" + +nix-build "${image_nix}" --out-link "azure" + +group="nixos-images" +location="westus2" +img_name="nixos-image" +img_file="$(readlink -f ./azure/disk.vhd)" + +if ! az group show -n "${group}" &>/dev/null; then + az group create --name "${group}" --location "${location}" +fi + +# note: the disk access token song/dance is tedious +# but allows us to upload direct to a disk image +# thereby avoid storage accounts (and naming them) entirely! +if ! az disk show -g "${group}" -n "${img_name}" &>/dev/null; then + bytes="$(stat -c %s ${img_file})" + size="30" + az disk create \ + --resource-group "${group}" \ + --name "${img_name}" \ + --for-upload true --upload-size-bytes "${bytes}" + + timeout=$(( 60 * 60 )) # disk access token timeout + sasurl="$(\ + az disk grant-access \ + --access-level Write \ + --resource-group "${group}" \ + --name "${img_name}" \ + --duration-in-seconds ${timeout} \ + | jq -r '.accessSas' + )" + + azcopy copy "${img_file}" "${sasurl}" \ + --blob-type PageBlob + + az disk revoke-access \ + --resource-group "${group}" \ + --name "${img_name}" +fi + +if ! az image show -g "${group}" -n "${img_name}" &>/dev/null; then + diskid="$(az disk show -g "${group}" -n "${img_name}" -o json | jq -r .id)" + + az image create \ + --resource-group "${group}" \ + --name "${img_name}" \ + --source "${diskid}" \ + --os-type "linux" >/dev/null +fi + +imageid="$(az image show -g "${group}" -n "${img_name}" -o json | jq -r .id)" +echo "${imageid}" diff --git a/nixos/modules/hardware/uinput.nix b/nixos/modules/hardware/uinput.nix new file mode 100644 index 00000000000..55e86bfa6bd --- /dev/null +++ b/nixos/modules/hardware/uinput.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.hardware.uinput; +in { + options.hardware.uinput = { + enable = lib.mkEnableOption "uinput support"; + }; + + config = lib.mkIf cfg.enable { + boot.kernelModules = [ "uinput" ]; + + users.groups.uinput = {}; + + services.udev.extraRules = '' + SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput" + ''; + }; +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index c2a96c72d16..7633f1ca0ad 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -65,6 +65,7 @@ ./hardware/usb-wwan.nix ./hardware/onlykey.nix ./hardware/wooting.nix + ./hardware/uinput.nix ./hardware/video/amdgpu.nix ./hardware/video/amdgpu-pro.nix ./hardware/video/ati.nix @@ -368,6 +369,7 @@ ./services/hardware/thermald.nix ./services/hardware/undervolt.nix ./services/hardware/vdr.nix + ./services/hardware/xow.nix ./services/logging/SystemdJournal2Gelf.nix ./services/logging/awstats.nix ./services/logging/fluentd.nix @@ -394,6 +396,7 @@ ./services/mail/mailcatcher.nix ./services/mail/mailhog.nix ./services/mail/mailman.nix + ./services/mail/magic-wormhole-mailbox-server.nix ./services/mail/mlmmj.nix ./services/mail/offlineimap.nix ./services/mail/opendkim.nix diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index b787a767539..87217f1e3b9 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -318,7 +318,7 @@ in description = "Renew ACME Certificate for ${cert}"; after = [ "network.target" "network-online.target" ]; wants = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; + wantedBy = mkIf (!config.boot.isContainer) [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; # With RemainAfterExit the service is considered active even diff --git a/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixos/modules/services/continuous-integration/gitlab-runner.nix index 3d307b1abcf..bd4cf6a37ba 100644 --- a/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -120,10 +120,16 @@ in ++ optional hasDocker "docker.service"; requires = optional hasDocker "docker.service"; wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ + config.environment.etc."gitlab-runner/config.toml".source + ]; serviceConfig = { + StateDirectory = "gitlab-runner"; + ExecReload= "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecStart = ''${cfg.package.bin}/bin/gitlab-runner run \ --working-directory ${cfg.workDir} \ - --config ${configFile} \ + --config /etc/gitlab-runner/config.toml \ --service gitlab-runner \ --user gitlab-runner \ ''; @@ -138,6 +144,9 @@ in # Make the gitlab-runner command availabe so users can query the runner environment.systemPackages = [ cfg.package ]; + # Make sure the config can be reloaded on change + environment.etc."gitlab-runner/config.toml".source = configFile; + users.users.gitlab-runner = { group = "gitlab-runner"; extraGroups = optional hasDocker "docker"; diff --git a/nixos/modules/services/games/factorio.nix b/nixos/modules/services/games/factorio.nix index f3831156f45..4b2e1a3c07f 100644 --- a/nixos/modules/services/games/factorio.nix +++ b/nixos/modules/services/games/factorio.nix @@ -4,14 +4,13 @@ with lib; let cfg = config.services.factorio; - factorio = pkgs.factorio-headless; name = "Factorio"; stateDir = "/var/lib/${cfg.stateDirName}"; mkSavePath = name: "${stateDir}/saves/${name}.zip"; configFile = pkgs.writeText "factorio.conf" '' use-system-read-write-data-directories=true [path] - read-data=${factorio}/share/factorio/data + read-data=${cfg.package}/share/factorio/data write-data=${stateDir} ''; serverSettings = { @@ -37,7 +36,7 @@ let only_admins_can_pause_the_game = true; autosave_only_on_server = true; admins = []; - }; + } // cfg.extraSettings; serverSettingsFile = pkgs.writeText "server-settings.json" (builtins.toJSON (filterAttrsRecursive (n: v: v != null) serverSettings)); modDir = pkgs.factorio-utils.mkModDirDrv cfg.mods; in @@ -115,6 +114,14 @@ in Description of the game that will appear in the listing. ''; }; + extraSettings = mkOption { + type = types.attrs; + default = {}; + example = { admins = [ "username" ];}; + description = '' + Extra game configuration that will go into server-settings.json + ''; + }; public = mkOption { type = types.bool; default = false; @@ -136,6 +143,15 @@ in Your factorio.com login credentials. Required for games with visibility public. ''; }; + package = mkOption { + type = types.package; + default = pkgs.factorio-headless; + defaultText = "pkgs.factorio-headless"; + example = "pkgs.factorio-headless-experimental"; + description = '' + Factorio version to use. This defaults to the stable channel. + ''; + }; password = mkOption { type = types.nullOr types.str; default = null; @@ -184,7 +200,7 @@ in preStart = toString [ "test -e ${stateDir}/saves/${cfg.saveName}.zip" "||" - "${factorio}/bin/factorio" + "${cfg.package}/bin/factorio" "--config=${cfg.configFile}" "--create=${mkSavePath cfg.saveName}" (optionalString (cfg.mods != []) "--mod-directory=${modDir}") @@ -197,7 +213,7 @@ in StateDirectory = cfg.stateDirName; UMask = "0007"; ExecStart = toString [ - "${factorio}/bin/factorio" + "${cfg.package}/bin/factorio" "--config=${cfg.configFile}" "--port=${toString cfg.port}" "--start-server=${mkSavePath cfg.saveName}" diff --git a/nixos/modules/services/hardware/xow.nix b/nixos/modules/services/hardware/xow.nix new file mode 100644 index 00000000000..a18d60ad83b --- /dev/null +++ b/nixos/modules/services/hardware/xow.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.hardware.xow; +in { + options.services.hardware.xow = { + enable = lib.mkEnableOption "xow as a systemd service"; + }; + + config = lib.mkIf cfg.enable { + hardware.uinput.enable = true; + + systemd.packages = [ pkgs.xow ]; + + services.udev.packages = [ pkgs.xow ]; + }; +} diff --git a/nixos/modules/services/mail/magic-wormhole-mailbox-server.nix b/nixos/modules/services/mail/magic-wormhole-mailbox-server.nix new file mode 100644 index 00000000000..09d357cd2b6 --- /dev/null +++ b/nixos/modules/services/mail/magic-wormhole-mailbox-server.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.magic-wormhole-mailbox-server; + dataDir = "/var/lib/magic-wormhole-mailbox-server;"; + python = pkgs.python3.withPackages (py: [ py.magic-wormhole-mailbox-server py.twisted ]); +in +{ + options.services.magic-wormhole-mailbox-server = { + enable = mkEnableOption "Enable Magic Wormhole Mailbox Server"; + }; + + config = mkIf cfg.enable { + systemd.services.magic-wormhole-mailbox-server = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + ExecStart = "${python}/bin/twistd --nodaemon wormhole-mailbox"; + WorkingDirectory = dataDir; + StateDirectory = baseNameOf dataDir; + }; + }; + + }; +} diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 087bd0e5df3..1069b71f74c 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -565,7 +565,7 @@ in { add_header Referrer-Policy no-referrer; access_log off; ''; - "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' + "~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = '' try_files $uri /index.php$request_uri; access_log off; ''; diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 2c73da10394..3db19c781d0 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -47,6 +47,7 @@ let Path to the unix socket file on which to accept FastCGI requests. <note><para>This option is read-only and managed by NixOS.</para></note> ''; + example = "${runtimeDir}/<name>.sock"; }; listen = mkOption { diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index a08b1947f65..4ff7b05ae9a 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -129,6 +129,7 @@ in services.xserver.desktopManager.session = [{ name = "xfce"; + desktopNames = [ "XFCE" ]; bgSupport = true; start = '' ${pkgs.runtimeShell} ${pkgs.xfce.xfce4-session.xinitrc} & diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 5d49ca94387..428ca191fd8 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -412,6 +412,9 @@ in (dm: wm: let sessionName = "${dm.name}${optionalString (wm.name != "none") ("+" + wm.name)}"; script = xsession dm wm; + desktopNames = if dm ? desktopNames + then concatStringsSep ";" dm.desktopNames + else sessionName; in optional (dm.name != "none" || wm.name != "none") (pkgs.writeTextFile { @@ -427,7 +430,7 @@ in TryExec=${script} Exec=${script} Name=${sessionName} - DesktopNames=${sessionName} + DesktopNames=${desktopNames} ''; } // { providedSessions = [ sessionName ]; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index cdc9d237939..7f207e6c7ef 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -842,7 +842,6 @@ in [Manager] ${optionalString config.systemd.enableCgroupAccounting '' DefaultCPUAccounting=yes - DefaultBlockIOAccounting=yes DefaultIOAccounting=yes DefaultBlockIOAccounting=yes DefaultIPAccounting=yes diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 4d25137c5df..98bae444df0 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -291,13 +291,19 @@ let ${optionalString config.virtualisation.libvirtd.enable '' # Enslave dynamically added interfaces which may be lost on nixos-rebuild - for uri in qemu:///system lxc:///; do - for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do - ${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \ - ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "//domain/devices/interface[@type='bridge'][source/@bridge='${n}'][target/@dev]" -v "concat('ip link set ',target/@dev,' master ',source/@bridge,';')" | \ - ${pkgs.bash}/bin/bash + # + # if `libvirtd.service` is not running, do not use `virsh` which would try activate it via 'libvirtd.socket' and thus start it out-of-order. + # `libvirtd.service` will set up bridge interfaces when it will start normally. + # + if ${pkgs.systemd}/bin/systemctl --quiet is-active 'libvirtd.service'; then + for uri in qemu:///system lxc:///; do + for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do + ${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \ + ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "//domain/devices/interface[@type='bridge'][source/@bridge='${n}'][target/@dev]" -v "concat('ip link set ',target/@dev,' master ',source/@bridge,';')" | \ + ${pkgs.bash}/bin/bash + done done - done + fi ''} # Enable stp on the interface diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 9542a60beee..63a79abd4eb 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -634,19 +634,23 @@ in networking.bonds = let - driverOptionsExample = { - miimon = "100"; - mode = "active-backup"; - }; + driverOptionsExample = '' + { + miimon = "100"; + mode = "active-backup"; + } + ''; in mkOption { default = { }; - example = literalExample { - bond0 = { - interfaces = [ "eth0" "wlan0" ]; - driverOptions = driverOptionsExample; - }; - anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ]; - }; + example = literalExample '' + { + bond0 = { + interfaces = [ "eth0" "wlan0" ]; + driverOptions = ${driverOptionsExample}; + }; + anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ]; + } + ''; description = '' This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is @@ -731,12 +735,14 @@ in networking.macvlans = mkOption { default = { }; - example = literalExample { - wan = { - interface = "enp2s0"; - mode = "vepa"; - }; - }; + example = literalExample '' + { + wan = { + interface = "enp2s0"; + mode = "vepa"; + }; + } + ''; description = '' This option allows you to define macvlan interfaces which should be automatically created. @@ -764,18 +770,20 @@ in networking.sits = mkOption { default = { }; - example = literalExample { - hurricane = { - remote = "10.0.0.1"; - local = "10.0.0.22"; - ttl = 255; - }; - msipv6 = { - remote = "192.168.0.1"; - dev = "enp3s0"; - ttl = 127; - }; - }; + example = literalExample '' + { + hurricane = { + remote = "10.0.0.1"; + local = "10.0.0.22"; + ttl = 255; + }; + msipv6 = { + remote = "192.168.0.1"; + dev = "enp3s0"; + ttl = 127; + }; + } + ''; description = '' This option allows you to define 6-to-4 interfaces which should be automatically created. ''; @@ -826,16 +834,18 @@ in networking.vlans = mkOption { default = { }; - example = literalExample { - vlan0 = { - id = 3; - interface = "enp3s0"; - }; - vlan1 = { - id = 1; - interface = "wlan0"; - }; - }; + example = literalExample '' + { + vlan0 = { + id = 3; + interface = "enp3s0"; + }; + vlan1 = { + id = 1; + interface = "wlan0"; + }; + } + ''; description = '' This option allows you to define vlan devices that tag packets @@ -868,24 +878,26 @@ in networking.wlanInterfaces = mkOption { default = { }; - example = literalExample { - wlan-station0 = { - device = "wlp6s0"; - }; - wlan-adhoc0 = { - type = "ibss"; - device = "wlp6s0"; - mac = "02:00:00:00:00:01"; - }; - wlan-p2p0 = { - device = "wlp6s0"; - mac = "02:00:00:00:00:02"; - }; - wlan-ap0 = { - device = "wlp6s0"; - mac = "02:00:00:00:00:03"; - }; - }; + example = literalExample '' + { + wlan-station0 = { + device = "wlp6s0"; + }; + wlan-adhoc0 = { + type = "ibss"; + device = "wlp6s0"; + mac = "02:00:00:00:00:01"; + }; + wlan-p2p0 = { + device = "wlp6s0"; + mac = "02:00:00:00:00:02"; + }; + wlan-ap0 = { + device = "wlp6s0"; + mac = "02:00:00:00:00:03"; + }; + } + ''; description = '' Creating multiple WLAN interfaces on top of one physical WLAN device (NIC). diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix index 03239991b95..8efa177e30d 100644 --- a/nixos/modules/virtualisation/azure-common.nix +++ b/nixos/modules/virtualisation/azure-common.nix @@ -15,6 +15,8 @@ with lib; boot.loader.grub.version = 2; boot.loader.timeout = 0; + boot.growPartition = true; + # Don't put old configurations in the GRUB menu. The user has no # way to select them anyway. boot.loader.grub.configurationLimit = 0; diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index e91dd72ff5d..21fd58e5c90 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -2,27 +2,38 @@ with lib; let - diskSize = 2048; + cfg = config.virtualisation.azureImage; in { - system.build.azureImage = import ../../lib/make-disk-image.nix { - name = "azure-image"; - postVM = '' - ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd - ''; - configFile = ./azure-config-user.nix; - format = "raw"; - inherit diskSize; - inherit config lib pkgs; - }; - imports = [ ./azure-common.nix ]; + + options = { + virtualisation.azureImage.diskSize = mkOption { + type = with types; int; + default = 2048; + description = '' + Size of disk image. Unit is MB. + ''; + }; + }; + config = { + system.build.azureImage = import ../../lib/make-disk-image.nix { + name = "azure-image"; + postVM = '' + ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd + rm $diskImage + ''; + configFile = ./azure-config-user.nix; + format = "raw"; + inherit (cfg) diskSize; + inherit config lib pkgs; + }; - # Azure metadata is available as a CD-ROM drive. - fileSystems."/metadata".device = "/dev/sr0"; + # Azure metadata is available as a CD-ROM drive. + fileSystems."/metadata".device = "/dev/sr0"; - systemd.services.fetch-ssh-keys = - { description = "Fetch host keys and authorized_keys for root user"; + systemd.services.fetch-ssh-keys = { + description = "Fetch host keys and authorized_keys for root user"; wantedBy = [ "sshd.service" "waagent.service" ]; before = [ "sshd.service" "waagent.service" ]; @@ -54,6 +65,6 @@ in serviceConfig.RemainAfterExit = true; serviceConfig.StandardError = "journal+console"; serviceConfig.StandardOutput = "journal+console"; - }; - + }; + }; } diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 9f7bac480e3..4f22099443f 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -214,14 +214,14 @@ in { }; systemd.services.libvirtd = { - description = "Libvirt Virtual Machine Management Daemon"; - - wantedBy = [ "multi-user.target" ]; requires = [ "libvirtd-config.service" ]; after = [ "systemd-udev-settle.service" "libvirtd-config.service" ] ++ optional vswitch.enable "ovs-vswitchd.service"; - environment.LIBVIRTD_ARGS = ''--config "${configFile}" ${concatStringsSep " " cfg.extraOptions}''; + environment.LIBVIRTD_ARGS = escapeShellArgs ( + [ "--config" configFile + "--timeout" "120" # from ${libvirt}/var/lib/sysconfig/libvirtd + ] ++ cfg.extraOptions); path = [ cfg.qemuPackage ] # libvirtd requires qemu-img to manage disk images ++ optional vswitch.enable vswitch.package; @@ -266,5 +266,8 @@ in { serviceConfig.ExecStart = "@${pkgs.libvirt}/sbin/virtlockd virtlockd"; restartIfChanged = false; }; + + systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ]; + systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ]; }; } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index a84f2c5d261..2bdced6a3cc 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -170,6 +170,7 @@ in #logstash = handleTest ./logstash.nix {}; lorri = handleTest ./lorri/default.nix {}; magnetico = handleTest ./magnetico.nix {}; + magic-wormhole-mailbox-server = handleTest ./magic-wormhole-mailbox-server.nix {}; mailcatcher = handleTest ./mailcatcher.nix {}; mathics = handleTest ./mathics.nix {}; matomo = handleTest ./matomo.nix {}; diff --git a/nixos/tests/gerrit.nix b/nixos/tests/gerrit.nix index e8b5cb4c4fe..6cee64a2009 100644 --- a/nixos/tests/gerrit.nix +++ b/nixos/tests/gerrit.nix @@ -24,7 +24,6 @@ in { enable = true; serverId = "aa76c84b-50b0-4711-a0a0-1ee30e45bbd0"; listenAddress = "[::]:80"; - jvmPackage = pkgs.jdk12_headless; jvmHeapLimit = "1g"; plugins = [ lfs ]; diff --git a/nixos/tests/magic-wormhole-mailbox-server.nix b/nixos/tests/magic-wormhole-mailbox-server.nix new file mode 100644 index 00000000000..144a07e1349 --- /dev/null +++ b/nixos/tests/magic-wormhole-mailbox-server.nix @@ -0,0 +1,38 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "magic-wormhole-mailbox-server"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + server = { ... }: { + networking.firewall.allowedTCPPorts = [ 4000 ]; + services.magic-wormhole-mailbox-server.enable = true; + }; + + client_alice = { ... }: { + networking.firewall.enable = false; + environment.systemPackages = [ pkgs.magic-wormhole ]; + }; + + client_bob = { ... }: { + environment.systemPackages = [ pkgs.magic-wormhole ]; + }; + }; + + testScript = '' + start_all() + + # Start the wormhole relay server + server.wait_for_unit("magic-wormhole-mailbox-server.service") + server.wait_for_open_port(4000) + + # Create a secret file and send it to Bob + client_alice.succeed("echo mysecret > secretfile") + client_alice.succeed("wormhole --relay-url=ws://server:4000/v1 send -0 secretfile &") + + # Retrieve a secret file from Alice and check its content + client_bob.succeed("wormhole --relay-url=ws://server:4000/v1 receive -0 --accept-file") + client_bob.succeed("grep mysecret secretfile") + ''; +}) diff --git a/nixos/tests/mongodb.nix b/nixos/tests/mongodb.nix index ee7fc50f7ec..a637ec4bfc0 100644 --- a/nixos/tests/mongodb.nix +++ b/nixos/tests/mongodb.nix @@ -33,7 +33,7 @@ import ./make-test-python.nix ({ pkgs, ... }: nodes = { node = {...}: { environment.systemPackages = with pkgs; [ -# mongodb-3_4 + mongodb-3_4 mongodb-3_6 mongodb-4_0 ]; @@ -43,7 +43,7 @@ import ./make-test-python.nix ({ pkgs, ... }: testScript = '' node.start() '' -# + runMongoDBTest pkgs.mongodb-3_4 + + runMongoDBTest pkgs.mongodb-3_4 + runMongoDBTest pkgs.mongodb-3_6 + runMongoDBTest pkgs.mongodb-4_0 + '' diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index 84673181e1a..11c1dabf936 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -68,6 +68,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { "testdb2.*" = "ALL PRIVILEGES"; }; }]; + services.mysql.settings = { + mysqld = { + plugin-load-add = [ "ha_tokudb.so" "ha_rocksdb.so" ]; + }; + }; services.mysql.package = pkgs.mariadb; }; @@ -106,5 +111,33 @@ import ./make-test-python.nix ({ pkgs, ...} : { mariadb.succeed( "echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42" ) + + # Check if TokuDB plugin works + mariadb.succeed( + "echo 'use testdb; create table tokudb (test_id INT, PRIMARY KEY (test_id)) ENGINE = TokuDB;' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; insert into tokudb values (25);' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; select test_id from tokudb;' | sudo -u testuser mysql -u testuser -N | grep 25" + ) + mariadb.succeed( + "echo 'use testdb; drop table tokudb;' | sudo -u testuser mysql -u testuser" + ) + + # Check if RocksDB plugin works + mariadb.succeed( + "echo 'use testdb; create table rocksdb (test_id INT, PRIMARY KEY (test_id)) ENGINE = RocksDB;' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; insert into rocksdb values (28);' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; select test_id from rocksdb;' | sudo -u testuser mysql -u testuser -N | grep 28" + ) + mariadb.succeed( + "echo 'use testdb; drop table rocksdb;' | sudo -u testuser mysql -u testuser" + ) ''; }) |