diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-10-28 18:01:29 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-28 18:01:29 +0000 |
commit | 6e5f43a5bd212b24f777dcda49875fb72b73401c (patch) | |
tree | a8297871f7aa4b92034829cad9dc41663481d768 /nixos | |
parent | 44026c97c35bd7d5b507d49d3d580594c83d189f (diff) | |
parent | 2dad0f86ada2f90bcec2b33be655d25f84c45416 (diff) | |
download | nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.tar nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.tar.gz nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.tar.bz2 nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.tar.lz nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.tar.xz nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.tar.zst nixpkgs-6e5f43a5bd212b24f777dcda49875fb72b73401c.zip |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/lib/systemd-lib.nix | 35 | ||||
-rw-r--r-- | nixos/lib/systemd-unit-options.nix | 16 | ||||
-rw-r--r-- | nixos/modules/services/networking/mosquitto.nix | 11 | ||||
-rw-r--r-- | nixos/tests/mosquitto.nix | 12 | ||||
-rw-r--r-- | nixos/tests/systemd-machinectl.nix | 11 |
5 files changed, 66 insertions, 19 deletions
diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix index 65356634655..4c52643446e 100644 --- a/nixos/lib/systemd-lib.nix +++ b/nixos/lib/systemd-lib.nix @@ -187,11 +187,14 @@ in rec { done done - # Symlink all units defined by systemd.units. If these are also - # provided by systemd or systemd.packages, then add them as + # Symlink units defined by systemd.units where override strategy + # shall be automatically detected. If these are also provided by + # systemd or systemd.packages, then add them as # <unit-name>.d/overrides.conf, which makes them extend the # upstream unit. - for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do + for i in ${toString (mapAttrsToList + (n: v: v.unit) + (lib.filterAttrs (n: v: (attrByPath [ "overrideStrategy" ] "asDropinIfExists" v) == "asDropinIfExists") units))}; do fn=$(basename $i/*) if [ -e $out/$fn ]; then if [ "$(readlink -f $i/$fn)" = /dev/null ]; then @@ -210,6 +213,16 @@ in rec { fi done + # Symlink units defined by systemd.units which shall be + # treated as drop-in file. + for i in ${toString (mapAttrsToList + (n: v: v.unit) + (lib.filterAttrs (n: v: v ? overrideStrategy && v.overrideStrategy == "asDropin") units))}; do + fn=$(basename $i/*) + mkdir -p $out/$fn.d + ln -s $i/$fn $out/$fn.d/overrides.conf + done + # Create service aliases from aliases option. ${concatStrings (mapAttrsToList (name: unit: concatMapStrings (name2: '' @@ -340,7 +353,7 @@ in rec { ''; targetToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = '' [Unit] @@ -349,7 +362,7 @@ in rec { }; serviceToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Service] @@ -371,7 +384,7 @@ in rec { }; socketToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Socket] @@ -382,7 +395,7 @@ in rec { }; timerToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Timer] @@ -391,7 +404,7 @@ in rec { }; pathToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Path] @@ -400,7 +413,7 @@ in rec { }; mountToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Mount] @@ -409,7 +422,7 @@ in rec { }; automountToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Automount] @@ -418,7 +431,7 @@ in rec { }; sliceToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy enable; + { inherit (def) aliases wantedBy requiredBy enable overrideStrategy; text = commonUnitText def + '' [Slice] diff --git a/nixos/lib/systemd-unit-options.nix b/nixos/lib/systemd-unit-options.nix index 1c56b1b9aa0..79c01921781 100644 --- a/nixos/lib/systemd-unit-options.nix +++ b/nixos/lib/systemd-unit-options.nix @@ -48,6 +48,22 @@ in rec { ''; }; + overrideStrategy = mkOption { + default = "asDropinIfExists"; + type = types.enum [ "asDropinIfExists" "asDropin" ]; + description = lib.mdDoc '' + Defines how unit configuration is provided for systemd: + + `asDropinIfExists` creates a unit file when no unit file is provided by the package + otherwise a drop-in file name `overrides.conf`. + + `asDropin` creates a drop-in file named `overrides.conf`. + Mainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`). + + See also systemd.unit(1). + ''; + }; + requiredBy = mkOption { default = []; type = types.listOf unitNameType; diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 5ada92adc9b..6543eb34b4b 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -56,8 +56,10 @@ let default = null; description = mdDoc '' Specifies the hashed password for the MQTT User. - To generate hashed password install `mosquitto` - package and use `mosquitto_passwd`. + To generate hashed password install the `mosquitto` + package and use `mosquitto_passwd`, then extract + the second field (after the `:`) from the generated + file. ''; }; @@ -68,8 +70,9 @@ let description = mdDoc '' Specifies the path to a file containing the hashed password for the MQTT user. - To generate hashed password install `mosquitto` - package and use `mosquitto_passwd`. + To generate hashed password install the `mosquitto` + package and use `mosquitto_passwd`, then remove the + `username:` prefix from the generated file. ''; }; diff --git a/nixos/tests/mosquitto.nix b/nixos/tests/mosquitto.nix index d516d3373d9..70eecc89278 100644 --- a/nixos/tests/mosquitto.nix +++ b/nixos/tests/mosquitto.nix @@ -4,7 +4,7 @@ let port = 1888; tlsPort = 1889; anonPort = 1890; - bindTestPort = 1891; + bindTestPort = 18910; password = "VERY_secret"; hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw=="; topic = "test/foo"; @@ -165,6 +165,10 @@ in { for t in threads: t.start() for t in threads: t.join() + def wait_uuid(uuid): + server.wait_for_console_text(uuid) + return None + start_all() server.wait_for_unit("mosquitto.service") @@ -203,14 +207,14 @@ in { parallel( lambda: client1.succeed(subscribe("-i 3688cdd7-aa07-42a4-be22-cb9352917e40", "reader")), lambda: [ - server.wait_for_console_text("3688cdd7-aa07-42a4-be22-cb9352917e40"), + wait_uuid("3688cdd7-aa07-42a4-be22-cb9352917e40"), client2.succeed(publish("-m test", "writer")) ]) parallel( lambda: client1.fail(subscribe("-i 24ff16a2-ae33-4a51-9098-1b417153c712", "reader")), lambda: [ - server.wait_for_console_text("24ff16a2-ae33-4a51-9098-1b417153c712"), + wait_uuid("24ff16a2-ae33-4a51-9098-1b417153c712"), client2.succeed(publish("-m test", "reader")) ]) @@ -229,7 +233,7 @@ in { lambda: client1.succeed(subscribe("-i fd56032c-d9cb-4813-a3b4-6be0e04c8fc3", "anonReader", port=${toString anonPort})), lambda: [ - server.wait_for_console_text("fd56032c-d9cb-4813-a3b4-6be0e04c8fc3"), + wait_uuid("fd56032c-d9cb-4813-a3b4-6be0e04c8fc3"), client2.succeed(publish("-m test", "anonWriter", port=${toString anonPort})) ]) ''; diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix index fa5c81599eb..b8ed0c33e8e 100644 --- a/nixos/tests/systemd-machinectl.nix +++ b/nixos/tests/systemd-machinectl.nix @@ -44,6 +44,14 @@ import ./make-test-python.nix ({ pkgs, ... }: # not needed, but we want to test the nspawn file generation systemd.nspawn.${containerName} = { }; + + systemd.services."systemd-nspawn@${containerName}" = { + serviceConfig.Environment = [ + # Disable tmpfs for /tmp + "SYSTEMD_NSPAWN_TMPFS_TMP=0" + ]; + overrideStrategy = "asDropin"; + }; }; testScript = '' @@ -95,6 +103,9 @@ import ./make-test-python.nix ({ pkgs, ... }: machine.succeed("machinectl stop ${containerName}"); machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive"); + # Test tmpfs for /tmp + machine.fail("mountpoint /tmp"); + # Show to to delete the container machine.succeed("chattr -i ${containerRoot}/var/empty"); machine.succeed("rm -rf ${containerRoot}"); |