diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2017-08-06 10:03:25 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2017-08-06 10:03:25 +0200 |
commit | f779df87b1aa3c7f55258bbe93fc450ffd00296a (patch) | |
tree | 8f99b674d689f483981d4ef49643f9056732707a /nixos | |
parent | 8fcb0703634aae35501e0e21315fd18ae18da673 (diff) | |
parent | e619ace733fee725da5a1b84e5cce68d610ba35e (diff) | |
download | nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.tar nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.tar.gz nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.tar.bz2 nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.tar.lz nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.tar.xz nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.tar.zst nixpkgs-f779df87b1aa3c7f55258bbe93fc450ffd00296a.zip |
Merge branch 'master' into staging
Let's drop i686-linux here as well.
Diffstat (limited to 'nixos')
21 files changed, 345 insertions, 252 deletions
diff --git a/nixos/doc/manual/man-nixos-option.xml b/nixos/doc/manual/man-nixos-option.xml index 6be8bc780f1..d2b2d5b7965 100644 --- a/nixos/doc/manual/man-nixos-option.xml +++ b/nixos/doc/manual/man-nixos-option.xml @@ -17,11 +17,16 @@ <refsynopsisdiv> <cmdsynopsis> <command>nixos-option</command> - <arg choice='plain'><replaceable>option.name</replaceable></arg> + <arg> + <option>-I</option> + <replaceable>path</replaceable> + </arg> + <arg><option>--verbose</option></arg> + <arg><option>--xml</option></arg> + <arg choice="plain"><replaceable>option.name</replaceable></arg> </cmdsynopsis> </refsynopsisdiv> - <refsection><title>Description</title> <para>This command evaluates the configuration specified in @@ -33,6 +38,45 @@ attributes contained in the attribute set.</para> </refsection> +<refsection><title>Options</title> + +<para>This command accepts the following options:</para> + +<variablelist> + + <varlistentry> + <term><option>-I</option> <replaceable>path</replaceable></term> + <listitem> + <para> + This option is passed to the underlying + <command>nix-instantiate</command> invocation. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>--verbose</option></term> + <listitem> + <para> + This option enables verbose mode, which currently is just + the Bash <command>set</command> <option>-x</option> debug mode. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>--xml</option></term> + <listitem> + <para> + This option causes the output to be rendered as XML. + </para> + </listitem> + </varlistentry> + +</variablelist> + +</refsection> + <refsection><title>Environment</title> <variablelist> diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index 77ee9052fe5..2046081cc2f 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -130,6 +130,30 @@ rmdir /var/lib/ipfs/.ipfs instead. Refer to the description of the options for more details. </para> </listitem> + <listitem> + <para> + <literal>tlsdate</literal> package and module were removed. This is due to the project + being dead and not building with openssl 1.1. + </para> + </listitem> + <listitem> + <para> + <literal>wvdial</literal> package and module were removed. This is due to the project + being dead and not building with openssl 1.1. + </para> + </listitem> + <listitem> + <para> + <literal>cc-wrapper</literal>'s setup-hook now exports a number of + environment variables corresponding to binutils binaries, + (e.g. <envar>LD</envar>, <envar>STRIP</envar>, <envar>RANLIB</envar>, + etc). This is done to prevent packages' build systems guessing, which is + harder to predict, especially when cross-compiling. However, some packages + have broken due to this—their build systems either not supporting, or + claiming to support without adequate testing, taking such environment + variables as parameters. + </para> + </listitem> </itemizedlist> <para>Other notable improvements:</para> diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index 16c43a99ad5..97278238dcd 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -28,7 +28,8 @@ let passwdArray = [ "files" ] ++ optional sssd "sss" ++ optionals ldap [ "ldap" ] - ++ optionals mymachines [ "mymachines" ]; + ++ optionals mymachines [ "mymachines" ] + ++ [ "systemd" ]; shadowArray = [ "files" ] ++ optional sssd "sss" diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index b12ef2fe861..8b9c3570476 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -224,7 +224,7 @@ in { # Allow PulseAudio to get realtime priority using rtkit. security.rtkit.enable = true; - systemd.packages = [ cfg.package ]; + systemd.packages = [ overriddenPackage ]; }) (mkIf hasZeroconf { diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e7dea5cb9da..6062bf623e7 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -105,7 +105,6 @@ ./programs/venus.nix ./programs/vim.nix ./programs/wireshark.nix - ./programs/wvdial.nix ./programs/xfs_quota.nix ./programs/xonsh.nix ./programs/zsh/oh-my-zsh.nix @@ -517,7 +516,6 @@ ./services/networking/teamspeak3.nix ./services/networking/tinc.nix ./services/networking/tftpd.nix - ./services/networking/tlsdated.nix ./services/networking/tox-bootstrapd.nix ./services/networking/toxvpn.nix ./services/networking/tvheadend.nix diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index 8af55f38992..addc9dcca87 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -92,7 +92,7 @@ in ''); assertions = [ - { assertion = cfg.agent.enableSSHSupport && !config.programs.ssh.startAgent; + { assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent; message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!"; } ]; diff --git a/nixos/modules/programs/wvdial.nix b/nixos/modules/programs/wvdial.nix deleted file mode 100644 index 1ed929ed4af..00000000000 --- a/nixos/modules/programs/wvdial.nix +++ /dev/null @@ -1,71 +0,0 @@ -# Global configuration for wvdial. - -{ config, lib, pkgs, ... }: - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - <filename>/etc/wvdial.conf</filename>. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index f4d0fc822de..9ccdacb20e9 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -22,6 +22,7 @@ let ${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"} ${optionalString (domainName!=null) "domain-name=${domainName}"} allow-point-to-point=${yesNo allowPointToPoint} + ${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} [wide-area] enable-wide-area=${yesNo wideArea} @@ -166,6 +167,15 @@ in ''; }; + cacheEntriesMax = mkOption { + default = null; + type = types.nullOr types.int; + description = '' + Number of resource records to be cached per interface. Use 0 to + disable caching. Avahi daemon defaults to 4096 if not set. + ''; + }; + }; }; diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 08ba2fdb164..366bb2ed7a8 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -48,7 +48,7 @@ let # NAT from external ports to internal ports. ${concatMapStrings (fwd: '' iptables -w -t nat -A nixos-nat-pre \ - -i ${cfg.externalInterface} -p tcp \ + -i ${cfg.externalInterface} -p ${fwd.proto} \ --dport ${builtins.toString fwd.sourcePort} \ -j DNAT --to-destination ${fwd.destination} '') cfg.forwardPorts} @@ -133,12 +133,19 @@ in destination = mkOption { type = types.str; example = "10.0.0.1:80"; - description = "Forward tcp connection to destination ip:port"; + description = "Forward connection to destination ip:port"; + }; + + proto = mkOption { + type = types.str; + default = "tcp"; + example = "udp"; + description = "Protocol of forwarded connection"; }; }; }); default = []; - example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; } ]; + example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; } ]; description = '' List of forwarded ports from the external interface to @@ -151,38 +158,41 @@ in ###### implementation - config = mkIf config.networking.nat.enable { + config = mkMerge [ + { networking.firewall.extraCommands = mkBefore flushNat; } + (mkIf config.networking.nat.enable { - environment.systemPackages = [ pkgs.iptables ]; + environment.systemPackages = [ pkgs.iptables ]; - boot = { - kernelModules = [ "nf_nat_ftp" ]; - kernel.sysctl = { - "net.ipv4.conf.all.forwarding" = mkOverride 99 true; - "net.ipv4.conf.default.forwarding" = mkOverride 99 true; + boot = { + kernelModules = [ "nf_nat_ftp" ]; + kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = mkOverride 99 true; + "net.ipv4.conf.default.forwarding" = mkOverride 99 true; + }; }; - }; - networking.firewall = mkIf config.networking.firewall.enable { - extraCommands = mkMerge [ (mkBefore flushNat) setupNat ]; - extraStopCommands = flushNat; - }; + networking.firewall = mkIf config.networking.firewall.enable { + extraCommands = setupNat; + extraStopCommands = flushNat; + }; - systemd.services = mkIf (!config.networking.firewall.enable) { nat = { - description = "Network Address Translation"; - wantedBy = [ "network.target" ]; - after = [ "network-pre.target" "systemd-modules-load.service" ]; - path = [ pkgs.iptables ]; - unitConfig.ConditionCapability = "CAP_NET_ADMIN"; + systemd.services = mkIf (!config.networking.firewall.enable) { nat = { + description = "Network Address Translation"; + wantedBy = [ "network.target" ]; + after = [ "network-pre.target" "systemd-modules-load.service" ]; + path = [ pkgs.iptables ]; + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; - script = flushNat + setupNat; + script = flushNat + setupNat; - postStop = flushNat; - }; }; - }; + postStop = flushNat; + }; }; + }) + ]; } diff --git a/nixos/modules/services/networking/tlsdated.nix b/nixos/modules/services/networking/tlsdated.nix deleted file mode 100644 index 757cce28760..00000000000 --- a/nixos/modules/services/networking/tlsdated.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - inherit (pkgs) coreutils tlsdate; - - cfg = config.services.tlsdated; -in - -{ - - ###### interface - - options = { - - services.tlsdated = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - Enable tlsdated daemon. - ''; - }; - - extraOptions = mkOption { - type = types.string; - default = ""; - description = '' - Additional command line arguments to pass to tlsdated. - ''; - }; - - sources = mkOption { - type = types.listOf (types.submodule { - options = { - host = mkOption { - type = types.string; - description = '' - Remote hostname. - ''; - }; - port = mkOption { - type = types.int; - description = '' - Remote port. - ''; - }; - proxy = mkOption { - type = types.nullOr types.string; - default = null; - description = '' - The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: - - http://127.0.0.1:8118 - socks4a://127.0.0.1:9050 - socks5://127.0.0.1:9050 - - The proxy support should not leak DNS requests and is suitable for use with Tor. - ''; - }; - }; - }); - default = [ - { - host = "encrypted.google.com"; - port = 443; - proxy = null; - } - ]; - description = '' - You can list one or more sources to fetch time from. - ''; - }; - - }; - - }; - - ###### implementation - - config = mkIf cfg.enable { - - # Make tools such as tlsdate available in the system path - environment.systemPackages = [ tlsdate ]; - - systemd.services.tlsdated = { - description = "tlsdated daemon"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - # XXX because pkgs.tlsdate is compiled to run as nobody:nogroup, we - # hard-code base-path to /tmp and use PrivateTmp. - ExecStart = "${tlsdate}/bin/tlsdated -f ${pkgs.writeText "tlsdated.confg" '' - base-path /tmp - - ${concatMapStrings (src: '' - source - host ${src.host} - port ${toString src.port} - proxy ${if src.proxy == null then "none" else src.proxy} - end - '') cfg.sources} - ''} ${cfg.extraOptions}"; - PrivateTmp = "yes"; - }; - }; - - }; - -} diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index a8cff638d3b..8e5f0bfc070 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -3,7 +3,12 @@ with lib; let cfg = config.services.unifi; stateDir = "/var/lib/unifi"; - cmd = "@${pkgs.jre}/bin/java java -jar ${stateDir}/lib/ace.jar"; + cmd = '' + @${pkgs.jre}/bin/java java \ + ${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \ + ${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \ + -jar ${stateDir}/lib/ace.jar + ''; mountPoints = [ { what = "${pkgs.unifi}/dl"; @@ -58,6 +63,26 @@ in ''; }; + services.unifi.initialJavaHeapSize = mkOption { + type = types.nullOr types.int; + default = null; + example = 1024; + description = '' + Set the initial heap size for the JVM in MB. If this option isn't set, the + JVM will decide this value at runtime. + ''; + }; + + services.unifi.maximumJavaHeapSize = mkOption { + type = types.nullOr types.int; + default = null; + example = 4096; + description = '' + Set the maximimum heap size for the JVM in MB. If this option isn't set, the + JVM will decide this value at runtime. + ''; + }; + }; config = mkIf cfg.enable { @@ -121,8 +146,8 @@ in serviceConfig = { Type = "simple"; - ExecStart = "${cmd} start"; - ExecStop = "${cmd} stop"; + ExecStart = "${(removeSuffix "\n" cmd)} start"; + ExecStop = "${(removeSuffix "\n" cmd)} stop"; User = "unifi"; PermissionsStartOnly = true; UMask = "0077"; diff --git a/nixos/modules/services/web-apps/atlassian/confluence.nix b/nixos/modules/services/web-apps/atlassian/confluence.nix index c1d7d4ea06d..2344b9922d0 100644 --- a/nixos/modules/services/web-apps/atlassian/confluence.nix +++ b/nixos/modules/services/web-apps/atlassian/confluence.nix @@ -6,7 +6,22 @@ let cfg = config.services.confluence; - pkg = pkgs.atlassian-confluence; + pkg = pkgs.atlassian-confluence.override (optionalAttrs cfg.sso.enable { + enableSSO = cfg.sso.enable; + crowdProperties = '' + application.name ${cfg.sso.applicationName} + application.password ${cfg.sso.applicationPassword} + application.login.url ${cfg.sso.crowd}/console/ + + crowd.server.url ${cfg.sso.crowd}/services/ + crowd.base.url ${cfg.sso.crowd}/ + + session.isauthenticated session.isauthenticated + session.tokenkey session.tokenkey + session.validationinterval ${toString cfg.sso.validationInterval} + session.lastvalidation session.lastvalidation + ''; + }); in @@ -76,6 +91,42 @@ in }; }; + sso = { + enable = mkEnableOption "SSO with Atlassian Crowd"; + + crowd = mkOption { + type = types.str; + example = "http://localhost:8095/crowd"; + description = "Crowd Base URL without trailing slash"; + }; + + applicationName = mkOption { + type = types.str; + example = "jira"; + description = "Exact name of this Confluence instance in Crowd"; + }; + + applicationPassword = mkOption { + type = types.str; + description = "Application password of this Confluence instance in Crowd"; + }; + + validationInterval = mkOption { + type = types.int; + default = 2; + example = 0; + description = '' + Set to 0, if you want authentication checks to occur on each + request. Otherwise set to the number of minutes between request + to validate if the user is logged in or out of the Crowd SSO + server. Setting this value to 1 or higher will increase the + performance of Crowd's integration. + ''; + }; + }; + + + jrePackage = let jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; in mkOption { diff --git a/nixos/modules/services/web-apps/atlassian/jira.nix b/nixos/modules/services/web-apps/atlassian/jira.nix index 0ab94d95eee..19b6a8d3085 100644 --- a/nixos/modules/services/web-apps/atlassian/jira.nix +++ b/nixos/modules/services/web-apps/atlassian/jira.nix @@ -6,7 +6,22 @@ let cfg = config.services.jira; - pkg = pkgs.atlassian-jira; + pkg = pkgs.atlassian-jira.override { + enableSSO = cfg.sso.enable; + crowdProperties = '' + application.name ${cfg.sso.applicationName} + application.password ${cfg.sso.applicationPassword} + application.login.url ${cfg.sso.crowd}/console/ + + crowd.server.url ${cfg.sso.crowd}/services/ + crowd.base.url ${cfg.sso.crowd}/ + + session.isauthenticated session.isauthenticated + session.tokenkey session.tokenkey + session.validationinterval ${toString cfg.sso.validationInterval} + session.lastvalidation session.lastvalidation + ''; + }; in @@ -82,6 +97,40 @@ in }; }; + sso = { + enable = mkEnableOption "SSO with Atlassian Crowd"; + + crowd = mkOption { + type = types.str; + example = "http://localhost:8095/crowd"; + description = "Crowd Base URL without trailing slash"; + }; + + applicationName = mkOption { + type = types.str; + example = "jira"; + description = "Exact name of this JIRA instance in Crowd"; + }; + + applicationPassword = mkOption { + type = types.str; + description = "Application password of this JIRA instance in Crowd"; + }; + + validationInterval = mkOption { + type = types.int; + default = 2; + example = 0; + description = '' + Set to 0, if you want authentication checks to occur on each + request. Otherwise set to the number of minutes between request + to validate if the user is logged in or out of the Crowd SSO + server. Setting this value to 1 or higher will increase the + performance of Crowd's integration. + ''; + }; + }; + jrePackage = let jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; in mkOption { diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 2310912d0fd..2f691b0e9df 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -36,6 +36,11 @@ let http { include ${cfg.package}/conf/mime.types; include ${cfg.package}/conf/fastcgi.conf; + include ${cfg.package}/conf/uwsgi_params; + + ${optionalString (cfg.resolver.addresses != []) '' + resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"}; + ''} ${optionalString (cfg.recommendedOptimisation) '' # optimisation @@ -116,6 +121,7 @@ let http { include ${cfg.package}/conf/mime.types; include ${cfg.package}/conf/fastcgi.conf; + include ${cfg.package}/conf/uwsgi_params; ${cfg.httpConfig} }''} @@ -383,6 +389,32 @@ in description = "Path to DH parameters file."; }; + resolver = mkOption { + type = types.submodule { + options = { + addresses = mkOption { + type = types.listOf types.str; + default = []; + example = literalExample ''[ "[::1]" "127.0.0.1:5353" ]''; + description = "List of resolvers to use"; + }; + valid = mkOption { + type = types.str; + default = ""; + example = "30s"; + description = '' + By default, nginx caches answers using the TTL value of a response. + An optional valid parameter allows overriding it + ''; + }; + }; + }; + description = '' + Configures name servers used to resolve names of upstream servers into addresses + ''; + default = {}; + }; + virtualHosts = mkOption { type = types.attrsOf (types.submodule (import ./vhost-options.nix { inherit config lib; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index c043884f8e0..2434aa1654a 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -176,7 +176,7 @@ in { services.xserver.updateDbusEnvironment = true; - environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules" + environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib gnome3.dconf}/lib/gio/modules" "${gnome3.glib_networking.out}/lib/gio/modules" "${gnome3.gvfs}/lib/gio/modules" ]; environment.systemPackages = gnome3.corePackages ++ cfg.sessionPath diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index e9897cc01b6..67cb2264e3f 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -141,6 +141,7 @@ in system.build = mkOption { internal = true; default = {}; + type = types.attrs; description = '' Attribute set of derivations used to setup the system. ''; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 46761fdc0e9..d12d0a06f44 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -593,7 +593,7 @@ in services.logind.extraConfig = mkOption { default = ""; type = types.lines; - example = "HandleLidSwitch=ignore"; + example = "IdleAction=lock"; description = '' Extra config options for systemd-logind. See man logind.conf for available options. diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index 5239652d407..c7656bc309c 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -16,6 +16,7 @@ in virtualisation.xen.enable = mkOption { default = false; + type = types.bool; description = '' Setting this option enables the Xen hypervisor, a diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index ecbd317cb9a..26e689a7c92 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -4,7 +4,8 @@ { nixpkgs ? { outPath = ./..; revCount = 56789; shortRev = "gfedcba"; } , stableBranch ? false -, supportedSystems ? [ "x86_64-linux" "i686-linux" ] +, supportedSystems ? [ "x86_64-linux" ] +, limitedSupportedSystems ? [ "i686-linux" ] }: let @@ -19,10 +20,16 @@ let else pkgs.lib.mapAttrs (n: v: removeMaintainers v) set else set; + allSupportedNixpkgs = builtins.removeAttrs (removeMaintainers (import ../pkgs/top-level/release.nix { + supportedSystems = supportedSystems ++ limitedSupportedSystems; + nixpkgs = nixpkgsSrc; + })) [ "unstable" ]; + in rec { nixos = removeMaintainers (import ./release.nix { - inherit stableBranch supportedSystems; + inherit stableBranch; + supportedSystems = supportedSystems ++ limitedSupportedSystems; nixpkgs = nixpkgsSrc; }); @@ -38,8 +45,11 @@ in rec { maintainers = [ pkgs.lib.maintainers.eelco ]; }; constituents = - let all = x: map (system: x.${system}) supportedSystems; in - [ nixos.channel + let + all = x: map (system: x.${system}) + (supportedSystems ++ limitedSupportedSystems); + in [ + nixos.channel (all nixos.dummy) (all nixos.manual) @@ -106,8 +116,8 @@ in rec { (all nixos.tests.xfce) nixpkgs.tarball - (all nixpkgs.emacs) - (all nixpkgs.jdk) + (all allSupportedNixpkgs.emacs) + (all allSupportedNixpkgs.jdk) ]; }); diff --git a/nixos/release.nix b/nixos/release.nix index 0dbdadf9781..9604da5a4d7 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -1,6 +1,6 @@ { nixpkgs ? { outPath = ./..; revCount = 56789; shortRev = "gfedcba"; } , stableBranch ? false -, supportedSystems ? [ "x86_64-linux" "i686-linux" ] +, supportedSystems ? [ "x86_64-linux" ] }: with import ../lib; diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 74e20bff8d8..a12b7645bc2 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -6,6 +6,20 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ... }: let unit = if withFirewall then "firewall" else "nat"; + + routerBase = + lib.mkMerge [ + { virtualisation.vlans = [ 2 1 ]; + networking.firewall.enable = withFirewall; + networking.firewall.allowPing = true; + networking.nat.internalIPs = [ "192.168.1.0/24" ]; + networking.nat.externalInterface = "eth1"; + } + (lib.optionalAttrs withConntrackHelpers { + networking.firewall.connectionTrackingModules = [ "ftp" ]; + networking.firewall.autoLoadConntrackHelpers = true; + }) + ]; in { name = "nat" + (if withFirewall then "WithFirewall" else "Standalone") @@ -30,20 +44,16 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ]; router = - { config, pkgs, ... }: - lib.mkMerge [ - { virtualisation.vlans = [ 2 1 ]; - networking.firewall.enable = withFirewall; - networking.firewall.allowPing = true; - networking.nat.enable = true; - networking.nat.internalIPs = [ "192.168.1.0/24" ]; - networking.nat.externalInterface = "eth1"; - } - (lib.optionalAttrs withConntrackHelpers { - networking.firewall.connectionTrackingModules = [ "ftp" ]; - networking.firewall.autoLoadConntrackHelpers = true; - }) - ]; + { config, pkgs, ... }: lib.mkMerge [ + routerBase + { networking.nat.enable = true; } + ]; + + routerDummyNoNat = + { config, pkgs, ... }: lib.mkMerge [ + routerBase + { networking.nat.enable = false; } + ]; server = { config, pkgs, ... }: @@ -57,9 +67,13 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, }; testScript = - { nodes, ... }: - '' - startAll; + { nodes, ... }: let + routerDummyNoNatClosure = nodes.routerDummyNoNat.config.system.build.toplevel; + routerClosure = nodes.router.config.system.build.toplevel; + in '' + $client->start; + $router->start; + $server->start; # The router should have access to the server. $server->waitForUnit("network.target"); @@ -87,13 +101,18 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, $router->succeed("ping -c 1 client >&2"); # If we turn off NAT, the client shouldn't be able to reach the server. - $router->succeed("iptables -t nat -D PREROUTING -j nixos-nat-pre"); - $router->succeed("iptables -t nat -D POSTROUTING -j nixos-nat-post"); + $router->succeed("${routerDummyNoNatClosure}/bin/switch-to-configuration test 2>&1"); $client->fail("curl --fail --connect-timeout 5 http://server/ >&2"); $client->fail("ping -c 1 server >&2"); # And make sure that reloading the NAT job works. - $router->succeed("systemctl restart ${unit}"); + $router->succeed("${routerClosure}/bin/switch-to-configuration test 2>&1"); + # FIXME: this should not be necessary, but nat.service is not started because + # network.target is not triggered + # (https://github.com/NixOS/nixpkgs/issues/16230#issuecomment-226408359) + ${lib.optionalString (!withFirewall) '' + $router->succeed("systemctl start nat.service"); + ''} $client->succeed("curl --fail http://server/ >&2"); $client->succeed("ping -c 1 server >&2"); ''; |