diff options
author | Ryan Burns <rtburns@protonmail.com> | 2021-09-23 18:43:00 -0700 |
---|---|---|
committer | Ryan Burns <rtburns@protonmail.com> | 2021-09-23 18:43:00 -0700 |
commit | 40299257cca9008c8f676f92b948cd53e02de90a (patch) | |
tree | f76fcd94132cffdc543de4a6eb832a29076db522 /nixos | |
parent | 2a102ddcd7f53364d09d2fb5d7448ca8a74653f0 (diff) | |
parent | 188dad47cacac62e9404dd9738722ae824189fe6 (diff) | |
download | nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.tar nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.tar.gz nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.tar.bz2 nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.tar.lz nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.tar.xz nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.tar.zst nixpkgs-40299257cca9008c8f676f92b948cd53e02de90a.zip |
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 9 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/discourse.nix | 26 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/trafficserver/default.nix (renamed from nixos/modules/services/web-servers/trafficserver.nix) | 16 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/trafficserver/ip_allow.json | 36 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/trafficserver/logging.json | 37 | ||||
-rw-r--r-- | nixos/modules/virtualisation/containerd.nix | 7 |
9 files changed, 113 insertions, 24 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 7aaf9bd37ef..0f768fbe7a8 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -72,6 +72,15 @@ <literal>gsettings set org.gnome.desktop.lockdown disable-lock-screen false</literal>. </para> </listitem> + <listitem> + <para> + <literal>kubernetes-helm</literal> now defaults to 3.7.0, + which introduced some breaking changes to the experimental OCI + manifest format. See + <link xlink:href="https://github.com/helm/community/blob/main/hips/hip-0006.md">HIP + 6</link> for more details. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-new-services"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 8719f7871d5..e169c0a5b8d 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -26,6 +26,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Pantheon desktop has been updated to version 6. Due to changes of screen locker, if locking doesn't work for you, please try `gsettings set org.gnome.desktop.lockdown disable-lock-screen false`. +- `kubernetes-helm` now defaults to 3.7.0, which introduced some breaking changes to the experimental OCI manifest format. See [HIP 6](https://github.com/helm/community/blob/main/hips/hip-0006.md) for more details. + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 19e9f5a27be..a7decf88987 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1031,7 +1031,7 @@ ./services/web-servers/shellinabox.nix ./services/web-servers/tomcat.nix ./services/web-servers/traefik.nix - ./services/web-servers/trafficserver.nix + ./services/web-servers/trafficserver/default.nix ./services/web-servers/ttyd.nix ./services/web-servers/uwsgi.nix ./services/web-servers/varnish/default.nix diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index f2c76a56d8d..08b21418180 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -253,7 +253,7 @@ in { (mkIf cfg.kubelet.enable { virtualisation.containerd = { enable = mkDefault true; - settings = mkDefault defaultContainerdSettings; + settings = mapAttrsRecursive (name: mkDefault) defaultContainerdSettings; }; }) diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index 050e4ee3d32..93298af2e3e 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -172,6 +172,15 @@ in }; admin = { + skipCreate = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Do not create the admin account, instead rely on other + existing admin accounts. + ''; + }; + email = lib.mkOption { type = lib.types.str; example = "admin@example.com"; @@ -721,6 +730,16 @@ in lib.optionalString (file != null) '' replace-secret '${file}' '${file}' /run/discourse/config/discourse.conf ''; + + mkAdmin = '' + export ADMIN_EMAIL="${cfg.admin.email}" + export ADMIN_NAME="${cfg.admin.fullName}" + export ADMIN_USERNAME="${cfg.admin.username}" + ADMIN_PASSWORD="$(<${cfg.admin.passwordFile})" + export ADMIN_PASSWORD + discourse-rake admin:create_noninteractively + ''; + in '' set -o errexit -o pipefail -o nounset -o errtrace shopt -s inherit_errexit @@ -750,12 +769,7 @@ in discourse-rake db:migrate >>/var/log/discourse/db_migration.log chmod -R u+w /run/discourse/tmp/ - export ADMIN_EMAIL="${cfg.admin.email}" - export ADMIN_NAME="${cfg.admin.fullName}" - export ADMIN_USERNAME="${cfg.admin.username}" - ADMIN_PASSWORD="$(<${cfg.admin.passwordFile})" - export ADMIN_PASSWORD - discourse-rake admin:create_noninteractively + ${lib.optionalString (!cfg.admin.skipCreate) mkAdmin} discourse-rake themes:update discourse-rake uploads:regenerate_missing_optimized diff --git a/nixos/modules/services/web-servers/trafficserver.nix b/nixos/modules/services/web-servers/trafficserver/default.nix index db0e2ac0bd0..341e8b13976 100644 --- a/nixos/modules/services/web-servers/trafficserver.nix +++ b/nixos/modules/services/web-servers/trafficserver/default.nix @@ -8,21 +8,9 @@ let group = config.users.groups.trafficserver.name; getManualUrl = name: "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/${name}.en.html"; - getConfPath = name: "${pkgs.trafficserver}/etc/trafficserver/${name}"; yaml = pkgs.formats.yaml { }; - fromYAML = f: - let - jsonFile = pkgs.runCommand "in.json" - { - nativeBuildInputs = [ pkgs.remarshal ]; - } '' - yaml2json < "${f}" > "$out" - ''; - in - builtins.fromJSON (builtins.readFile jsonFile); - mkYamlConf = name: cfg: if cfg != null then { "trafficserver/${name}.yaml".source = yaml.generate "${name}.yaml" cfg; @@ -73,7 +61,7 @@ in ipAllow = mkOption { type = types.nullOr yaml.type; - default = fromYAML (getConfPath "ip_allow.yaml"); + default = builtins.fromJSON (builtins.readFile ./ip_allow.json); defaultText = "upstream defaults"; example = literalExample { ip_allow = [{ @@ -94,7 +82,7 @@ in logging = mkOption { type = types.nullOr yaml.type; - default = fromYAML (getConfPath "logging.yaml"); + default = builtins.fromJSON (builtins.readFile ./logging.json); defaultText = "upstream defaults"; example = literalExample { }; description = '' diff --git a/nixos/modules/services/web-servers/trafficserver/ip_allow.json b/nixos/modules/services/web-servers/trafficserver/ip_allow.json new file mode 100644 index 00000000000..fc2db803728 --- /dev/null +++ b/nixos/modules/services/web-servers/trafficserver/ip_allow.json @@ -0,0 +1,36 @@ +{ + "ip_allow": [ + { + "apply": "in", + "ip_addrs": "127.0.0.1", + "action": "allow", + "methods": "ALL" + }, + { + "apply": "in", + "ip_addrs": "::1", + "action": "allow", + "methods": "ALL" + }, + { + "apply": "in", + "ip_addrs": "0/0", + "action": "deny", + "methods": [ + "PURGE", + "PUSH", + "DELETE" + ] + }, + { + "apply": "in", + "ip_addrs": "::/0", + "action": "deny", + "methods": [ + "PURGE", + "PUSH", + "DELETE" + ] + } + ] +} diff --git a/nixos/modules/services/web-servers/trafficserver/logging.json b/nixos/modules/services/web-servers/trafficserver/logging.json new file mode 100644 index 00000000000..81e7ba0186c --- /dev/null +++ b/nixos/modules/services/web-servers/trafficserver/logging.json @@ -0,0 +1,37 @@ +{ + "logging": { + "formats": [ + { + "name": "welf", + "format": "id=firewall time=\"%<cqtd> %<cqtt>\" fw=%<phn> pri=6 proto=%<cqus> duration=%<ttmsf> sent=%<psql> rcvd=%<cqhl> src=%<chi> dst=%<shi> dstname=%<shn> user=%<caun> op=%<cqhm> arg=\"%<cqup>\" result=%<pssc> ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%<crc>" + }, + { + "name": "squid_seconds_only_timestamp", + "format": "%<cqts> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>" + }, + { + "name": "squid", + "format": "%<cqtq> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>" + }, + { + "name": "common", + "format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl>" + }, + { + "name": "extended", + "format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts>" + }, + { + "name": "extended2", + "format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts> %<phr> %<cfsc> %<pfsc> %<crc>" + } + ], + "logs": [ + { + "filename": "squid", + "format": "squid", + "mode": "binary" + } + ] + } +} diff --git a/nixos/modules/virtualisation/containerd.nix b/nixos/modules/virtualisation/containerd.nix index 43cb6273f25..898a66e7b04 100644 --- a/nixos/modules/virtualisation/containerd.nix +++ b/nixos/modules/virtualisation/containerd.nix @@ -53,8 +53,11 @@ in virtualisation.containerd = { args.config = toString containerdConfigChecked; settings = { - plugins.cri.containerd.snapshotter = lib.mkIf config.boot.zfs.enabled "zfs"; - plugins.cri.cni.bin_dir = lib.mkDefault "${pkgs.cni-plugins}/bin"; + plugins."io.containerd.grpc.v1.cri" = { + containerd.snapshotter = + lib.mkIf config.boot.zfs.enabled (lib.mkOptionDefault "zfs"); + cni.bin_dir = lib.mkOptionDefault "${pkgs.cni-plugins}/bin"; + }; }; }; |