diff options
Diffstat (limited to 'nixos')
115 files changed, 554 insertions, 838 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index a64379b19ef..b0ebcb426ed 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -172,6 +172,41 @@ </listitem> </itemizedlist> </listitem> + <listitem> + <para> + ORY Kratos was updated to version 0.8.0-alpha.3 + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + This release requires you to run SQL migrations. Please, + as always, create a backup of your database first! + </para> + </listitem> + <listitem> + <para> + The SDKs are now generated with tag v0alpha2 to reflect + that some signatures have changed in a breaking fashion. + Please update your imports from v0alpha1 to v0alpha2. + </para> + </listitem> + <listitem> + <para> + The SMTPS scheme used in courier config URL with + cleartext/StartTLS/TLS SMTP connection types is now only + supporting implicit TLS. For StartTLS and cleartext SMTP, + please use the SMTP scheme instead. + </para> + </listitem> + <listitem> + <para> + for more details, see + <link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1">Release + Notes</link>. + </para> + </listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-new-services"> @@ -1365,6 +1400,17 @@ Superuser created successfully. <literal>gnat11</literal> instead of <literal>gnat9</literal>. </para> </listitem> + <listitem> + <para> + <literal>retroArchCores</literal> has been removed. This means + that using <literal>nixpkgs.config.retroarch</literal> to + customize RetroArch cores is not supported anymore. Instead, + use package overrides, for example: + <literal>retroarch.override { cores = with libretro; [ citra snes9x ]; };</literal>. + Also, <literal>retroarchFull</literal> derivation is available + for those who want to have all RetroArch cores available. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-notable-changes"> @@ -1816,15 +1862,6 @@ Superuser created successfully. </listitem> <listitem> <para> - Changing systemd <literal>.socket</literal> units now restarts - them and stops the service that is activated by them. - Additionally, services with - <literal>stopOnChange = false</literal> don’t break anymore - when they are socket-activated. - </para> - </listitem> - <listitem> - <para> The <literal>virtualisation.libvirtd</literal> module has been refactored and updated with new options: </para> @@ -1966,6 +2003,26 @@ Superuser created successfully. <literal>1.5.4</literal>. </para> </listitem> + <listitem> + <para> + RetroArch has been upgraded from version + <literal>1.8.5</literal> to <literal>1.9.13.2</literal>. Since + the previous release was quite old, if you’re having issues + after the upgrade, please delete your + <literal>$XDG_CONFIG_HOME/retroarch/retroarch.cfg</literal> + file. + </para> + </listitem> + <listitem> + <para> + hydrus has been upgraded from version <literal>438</literal> + to <literal>463</literal>. Since upgrading between releases + this old is advised against, be sure to have a backup of your + data before upgrading. For details, see + <link xlink:href="https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates">the + hydrus manual</link>. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml new file mode 100644 index 00000000000..baefa0d369e --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -0,0 +1,56 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05"> + <title>Release 22.05 (“Quokka”, 2022.05/??)</title> + <para> + In addition to numerous new and upgraded packages, this release has + the following highlights: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + Support is planned until the end of December 2022, handing over + to 22.11. + </para> + </listitem> + </itemizedlist> + <section xml:id="sec-release-22.05-highlights"> + <title>Highlights</title> + <para> + </para> + </section> + <section xml:id="sec-release-22.05-new-services"> + <title>New Services</title> + <para> + </para> + </section> + <section xml:id="sec-release-22.05-incompatibilities"> + <title>Backward Incompatibilities</title> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>pkgs.ghc</literal> now refers to + <literal>pkgs.targetPackages.haskellPackages.ghc</literal>. + This <emphasis>only</emphasis> makes a difference if you are + cross-compiling and will ensure that + <literal>pkgs.ghc</literal> always runs on the host platform + and compiles for the target platform (similar to + <literal>pkgs.gcc</literal> for example). + <literal>haskellPackages.ghc</literal> still behaves as + before, running on the build platform and compiling for the + host platform (similar to <literal>stdenv.cc</literal>). This + means you don’t have to adjust your derivations if you use + <literal>haskellPackages.callPackage</literal>, but when using + <literal>pkgs.callPackage</literal> and taking + <literal>ghc</literal> as an input, you should now use + <literal>buildPackages.ghc</literal> instead to ensure cross + compilation keeps working (or switch to + <literal>haskellPackages.callPackage</literal>). + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.05-notable-changes"> + <title>Other Notable Changes</title> + <para> + </para> + </section> +</section> diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml index 91542d37cbd..eb6680b6567 100644 --- a/nixos/doc/manual/man-nixos-install.xml +++ b/nixos/doc/manual/man-nixos-install.xml @@ -69,9 +69,14 @@ </arg> <arg> - <arg choice='plain'> - <option>--no-root-passwd</option> - </arg> + <group choice='req'> + <arg choice='plain'> + <option>--no-root-password</option> + </arg> + <arg choice='plain'> + <option>--no-root-passwd</option> + </arg> + </group> </arg> <arg> @@ -157,7 +162,7 @@ <listitem> <para> It prompts you for a password for the root account (unless - <option>--no-root-passwd</option> is specified). + <option>--no-root-password</option> is specified). </para> </listitem> </itemizedlist> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 9a76b4cca44..f8a64f4cca3 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -50,6 +50,12 @@ In addition to numerous new and upgraded packages, this release has the followin - This breaks connections to old SSH daemons as ssh-rsa host keys and ssh-rsa public keys that were signed with SHA-1 are disabled by default now - These can be re-enabled, see the [OpenSSH changelog](https://www.openssh.com/txt/release-8.8) for details +- ORY Kratos was updated to version 0.8.0-alpha.3 + - This release requires you to run SQL migrations. Please, as always, create a backup of your database first! + - The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2. + - The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. + - for more details, see [Release Notes](https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1). + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). @@ -407,6 +413,8 @@ In addition to numerous new and upgraded packages, this release has the followin - The default GNAT version has been changed: The `gnat` attribute now points to `gnat11` instead of `gnat9`. +- `retroArchCores` has been removed. This means that using `nixpkgs.config.retroarch` to customize RetroArch cores is not supported anymore. Instead, use package overrides, for example: `retroarch.override { cores = with libretro; [ citra snes9x ]; };`. Also, `retroarchFull` derivation is available for those who want to have all RetroArch cores available. + ## Other Notable Changes {#sec-release-21.11-notable-changes} @@ -512,8 +520,6 @@ In addition to numerous new and upgraded packages, this release has the followin - `networking.sits` now supports Foo-over-UDP encapsulation. -- Changing systemd `.socket` units now restarts them and stops the service that is activated by them. Additionally, services with `stopOnChange = false` don't break anymore when they are socket-activated. - - The `virtualisation.libvirtd` module has been refactored and updated with new options: - `virtualisation.libvirtd.qemu*` options (e.g.: `virtualisation.libvirtd.qemuRunAsRoot`) were moved to [`virtualisation.libvirtd.qemu`](options.html#opt-virtualisation.libvirtd.qemu) submodule, - software TPM1/TPM2 support (e.g.: Windows 11 guests) ([`virtualisation.libvirtd.qemu.swtpm`](options.html#opt-virtualisation.libvirtd.qemu.swtpm)), @@ -539,3 +545,7 @@ In addition to numerous new and upgraded packages, this release has the followin - Loki has had another release. Some default values have been changed for the configuration and some configuration options have been renamed. For more details, please check [the upgrade guide](https://grafana.com/docs/loki/latest/upgrading/#240). - `julia` now refers to `julia-stable` instead of `julia-lts`. In practice this means it has been upgraded from `1.0.4` to `1.5.4`. + +- RetroArch has been upgraded from version `1.8.5` to `1.9.13.2`. Since the previous release was quite old, if you're having issues after the upgrade, please delete your `$XDG_CONFIG_HOME/retroarch/retroarch.cfg` file. + +- hydrus has been upgraded from version `438` to `463`. Since upgrading between releases this old is advised against, be sure to have a backup of your data before upgrading. For details, see [the hydrus manual](https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates). diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md new file mode 100644 index 00000000000..a66e29bdb5f --- /dev/null +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -0,0 +1,25 @@ +# Release 22.05 (“Quokka”, 2022.05/??) {#sec-release-22.05} + +In addition to numerous new and upgraded packages, this release has the following highlights: + +- Support is planned until the end of December 2022, handing over to 22.11. + +## Highlights {#sec-release-22.05-highlights} + +## New Services {#sec-release-22.05-new-services} + +## Backward Incompatibilities {#sec-release-22.05-incompatibilities} + +* `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`. + This *only* makes a difference if you are cross-compiling and will + ensure that `pkgs.ghc` always runs on the host platform and compiles + for the target platform (similar to `pkgs.gcc` for example). + `haskellPackages.ghc` still behaves as before, running on the build + platform and compiling for the host platform (similar to `stdenv.cc`). + This means you don't have to adjust your derivations if you use + `haskellPackages.callPackage`, but when using `pkgs.callPackage` and + taking `ghc` as an input, you should now use `buildPackages.ghc` + instead to ensure cross compilation keeps working (or switch to + `haskellPackages.callPackage`). + +## Other Notable Changes {#sec-release-22.05-notable-changes} diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index 0a4a71fadc4..15302ae8241 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -281,7 +281,7 @@ let format' = format; in let --substituters "" ${optionalString (additionalPaths' != []) '' - nix copy --to $root --no-check-sigs ${concatStringsSep " " additionalPaths'} + nix --extra-experimental-features nix-command copy --to $root --no-check-sigs ${concatStringsSep " " additionalPaths'} ''} diskImage=nixos.raw diff --git a/nixos/lib/make-zfs-image.nix b/nixos/lib/make-zfs-image.nix index 40648ca24d4..a84732aa117 100644 --- a/nixos/lib/make-zfs-image.nix +++ b/nixos/lib/make-zfs-image.nix @@ -241,7 +241,7 @@ let pkgs.vmTools.override { rootModules = [ "zfs" "9p" "9pnet_virtio" "virtio_pci" "virtio_blk" ] ++ - (pkgs.lib.optional (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) "rtc_cmos"); + (pkgs.lib.optional pkgs.stdenv.hostPlatform.isx86 "rtc_cmos"); kernel = modulesTree; } ).runInLinuxVM ( diff --git a/nixos/lib/qemu-common.nix b/nixos/lib/qemu-common.nix index 84f9060acd6..1a1f7531feb 100644 --- a/nixos/lib/qemu-common.nix +++ b/nixos/lib/qemu-common.nix @@ -17,7 +17,7 @@ rec { ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"'' ]; - qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" + qemuSerialDevice = if pkgs.stdenv.hostPlatform.isx86 then "ttyS0" else if (with pkgs.stdenv.hostPlatform; isAarch32 || isAarch64 || isPower) then "ttyAMA0" else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'"; diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix index bdf90816740..ce87f9e8be8 100644 --- a/nixos/modules/hardware/all-firmware.nix +++ b/nixos/modules/hardware/all-firmware.nix @@ -83,7 +83,7 @@ in { b43Firmware_5_1_138 b43Firmware_6_30_163_46 b43FirmwareCutter - ] ++ optional (pkgs.stdenv.hostPlatform.isi686 || pkgs.stdenv.hostPlatform.isx86_64) facetimehd-firmware; + ] ++ optional pkgs.stdenv.hostPlatform.isx86 facetimehd-firmware; }) (mkIf cfg.wirelessRegulatoryDatabase { hardware.firmware = [ pkgs.wireless-regdb ]; diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index 4812cacabaf..30610b4f426 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -467,7 +467,7 @@ let throw "Unsupported architecture"; # Syslinux (and isolinux) only supports x86-based architectures. - canx86BiosBoot = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + canx86BiosBoot = pkgs.stdenv.hostPlatform.isx86; in diff --git a/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh b/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh index 2a6c3ab1149..490ede04e6b 100644 --- a/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh +++ b/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh @@ -1,4 +1,5 @@ #! @runtimeShell@ -e +# shellcheck shell=bash # Shows the usage of this command to the user @@ -29,12 +30,12 @@ while [ $# -gt 0 ]; do nixBuildArgs+=("--option" "$1" "$2"); shift ;; *) - if [ ! -z "$networkExpr" ]; then + if [ -n "$networkExpr" ]; then echo "Network expression already set!" showUsage exit 1 fi - networkExpr="$(readlink -f $1)" + networkExpr="$(readlink -f "$1")" ;; esac @@ -49,4 +50,4 @@ fi # Build a network of VMs nix-build '<nixpkgs/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix>' \ - --argstr networkExpr $networkExpr "${nixBuildArgs[@]}" + --argstr networkExpr "$networkExpr" "${nixBuildArgs[@]}" diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index 00883205e8b..6469d9faa03 100644 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -1,4 +1,5 @@ #! @runtimeShell@ +# shellcheck shell=bash set -e diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index ea9667995e1..fc4a69aa17d 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -1,4 +1,5 @@ #! @runtimeShell@ +# shellcheck shell=bash set -e shopt -s nullglob @@ -58,7 +59,7 @@ while [ "$#" -gt 0 ]; do --no-channel-copy) noChannelCopy=1 ;; - --no-root-passwd) + --no-root-password|--no-root-passwd) noRootPasswd=1 ;; --no-bootloader) diff --git a/nixos/modules/installer/tools/nixos-version.sh b/nixos/modules/installer/tools/nixos-version.sh index f5e3f32b3c6..59a9c572b41 100644 --- a/nixos/modules/installer/tools/nixos-version.sh +++ b/nixos/modules/installer/tools/nixos-version.sh @@ -1,4 +1,5 @@ #! @runtimeShell@ +# shellcheck shell=bash case "$1" in -h|--help) diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index c3ded4f1ea3..1f837f9efa2 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -80,6 +80,10 @@ let ]; }; + # list of man outputs currently active intended for use as default values + # for man-related options, thus "man" is included unconditionally. + activeManOutputs = [ "man" ] ++ lib.optionals cfg.dev.enable [ "devman" ]; + in { @@ -130,7 +134,7 @@ in name = "man-paths"; paths = config.environment.systemPackages; pathsToLink = [ "/share/man" ]; - extraOutputsToInstall = ["man"]; + extraOutputsToInstall = activeManOutputs; ignoreCollisions = true; }; defaultText = literalDocBook "all man pages in <option>config.environment.systemPackages</option>"; @@ -226,7 +230,7 @@ in (mkIf cfg.man.enable { environment.systemPackages = [ pkgs.man-db ]; environment.pathsToLink = [ "/share/man" ]; - environment.extraOutputsToInstall = [ "man" ] ++ optional cfg.dev.enable "devman"; + environment.extraOutputsToInstall = activeManOutputs; environment.etc."man_db.conf".text = let manualCache = pkgs.runCommandLocal "man-cache" { } '' diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix index caf329c2536..c64e01a20cb 100644 --- a/nixos/modules/programs/sway.nix +++ b/nixos/modules/programs/sway.nix @@ -123,6 +123,8 @@ in { ]; environment = { systemPackages = [ swayPackage ] ++ cfg.extraPackages; + # Needed for the default wallpaper: + pathsToLink = [ "/share/backgrounds/sway" ]; etc = { "sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config"; "sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" '' diff --git a/nixos/modules/programs/zsh/zsh-autosuggestions.nix b/nixos/modules/programs/zsh/zsh-autosuggestions.nix index a8fcfff95e5..fee324cc732 100644 --- a/nixos/modules/programs/zsh/zsh-autosuggestions.nix +++ b/nixos/modules/programs/zsh/zsh-autosuggestions.nix @@ -36,6 +36,13 @@ in ''; }; + async = mkOption { + type = types.bool; + default = true; + description = "Whether to fetch suggestions asynchronously"; + example = false; + }; + extraConfig = mkOption { type = with types; attrsOf str; default = {}; @@ -56,6 +63,7 @@ in export ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="${cfg.highlightStyle}" export ZSH_AUTOSUGGEST_STRATEGY=("${cfg.strategy}") + ${optionalString (!cfg.async) "unset ZSH_AUTOSUGGEST_USE_ASYNC"} ${concatStringsSep "\n" (mapAttrsToList (key: value: ''export ${key}="${value}"'') cfg.extraConfig)} ''; diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index cfbc8e91903..2815e2593b2 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -77,6 +77,7 @@ let unitConfig = { ConditionPathExists = "!/var/lib/acme/.minica/key.pem"; + StartLimitIntervalSec = 0; }; serviceConfig = commonServiceConfig // { @@ -235,6 +236,7 @@ let unitConfig = { ConditionPathExists = "!/var/lib/acme/${cert}/key.pem"; + StartLimitIntervalSec = 0; }; serviceConfig = commonServiceConfig // { @@ -314,6 +316,9 @@ let if [ -e renewed ]; then rm renewed ${data.postRun} + ${optionalString (data.reloadServices != []) + "systemctl --no-block try-reload-or-restart ${escapeShellArgs data.reloadServices}" + } fi ''); }; @@ -474,6 +479,15 @@ let description = "Group running the ACME client."; }; + reloadServices = mkOption { + type = types.listOf types.str; + default = []; + description = '' + The list of systemd services to call <code>systemctl try-reload-or-restart</code> + on. + ''; + }; + postRun = mkOption { type = types.lines; default = ""; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 70bce783a90..b03bf290fd2 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -401,6 +401,9 @@ let }; + # The resulting /etc/pam.d/* file contents are verified in + # nixos/tests/pam/pam-file-contents.nix. Please update tests there when + # changing the derivation. config = { name = mkDefault name; setLoginUid = mkDefault cfg.startSession; diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 220c571b927..b2147c1bbfc 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -152,6 +152,7 @@ let serviceConfig = { # The service's only task is to ensure that the specified path exists Type = "oneshot"; + WorkingDirectory = cfg.path; }; wantedBy = [ "multi-user.target" ]; }; diff --git a/nixos/modules/services/databases/clickhouse.nix b/nixos/modules/services/databases/clickhouse.nix index f2f4e9d2554..3a161d56107 100644 --- a/nixos/modules/services/databases/clickhouse.nix +++ b/nixos/modules/services/databases/clickhouse.nix @@ -13,6 +13,15 @@ with lib; enable = mkEnableOption "ClickHouse database server"; + package = mkOption { + type = types.package; + default = pkgs.clickhouse; + defaultText = "pkgs.clickhouse"; + description = '' + ClickHouse package to use. + ''; + }; + }; }; @@ -45,21 +54,21 @@ with lib; AmbientCapabilities = "CAP_SYS_NICE"; StateDirectory = "clickhouse"; LogsDirectory = "clickhouse"; - ExecStart = "${pkgs.clickhouse}/bin/clickhouse-server --config-file=${pkgs.clickhouse}/etc/clickhouse-server/config.xml"; + ExecStart = "${cfg.package}/bin/clickhouse-server --config-file=${cfg.package}/etc/clickhouse-server/config.xml"; }; }; environment.etc = { "clickhouse-server/config.xml" = { - source = "${pkgs.clickhouse}/etc/clickhouse-server/config.xml"; + source = "${cfg.package}/etc/clickhouse-server/config.xml"; }; "clickhouse-server/users.xml" = { - source = "${pkgs.clickhouse}/etc/clickhouse-server/users.xml"; + source = "${cfg.package}/etc/clickhouse-server/users.xml"; }; }; - environment.systemPackages = [ pkgs.clickhouse ]; + environment.systemPackages = [ cfg.package ]; # startup requires a `/etc/localtime` which only if exists if `time.timeZone != null` time.timeZone = mkDefault "UTC"; diff --git a/nixos/modules/services/databases/hbase.nix b/nixos/modules/services/databases/hbase.nix index 183c8a2f46d..181be2d6b0b 100644 --- a/nixos/modules/services/databases/hbase.nix +++ b/nixos/modules/services/databases/hbase.nix @@ -22,7 +22,10 @@ let configAttr)); configFile = pkgs.writeText "hbase-site.xml" - (buildProperty (defaultConfig // cfg.settings)); + ''<configuration> + ${buildProperty (defaultConfig // cfg.settings)} + </configuration> + ''; configDir = pkgs.runCommand "hbase-config-dir" { preferLocalBuild = true; } '' mkdir -p $out diff --git a/nixos/modules/services/hardware/bluetooth.nix b/nixos/modules/services/hardware/bluetooth.nix index 7f75ac272d4..69a66723e76 100644 --- a/nixos/modules/services/hardware/bluetooth.nix +++ b/nixos/modules/services/hardware/bluetooth.nix @@ -11,12 +11,8 @@ let cfgFmt = pkgs.formats.ini { }; - # bluez will complain if some of the sections are not found, so just make them - # empty (but present in the file) for now defaults = { General.ControllerMode = "dual"; - Controller = { }; - GATT = { }; Policy.AutoEnable = cfg.powerOnBoot; }; diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix index 624b6cfb121..ba5d6e29d0b 100644 --- a/nixos/modules/services/logging/logrotate.nix +++ b/nixos/modules/services/logging/logrotate.nix @@ -40,7 +40,7 @@ let }; frequency = mkOption { - type = types.enum [ "daily" "weekly" "monthly" "yearly" ]; + type = types.enum [ "hourly" "daily" "weekly" "monthly" "yearly" ]; default = "daily"; description = '' How often to rotate the logs. @@ -155,7 +155,7 @@ in systemd.services.logrotate = { description = "Logrotate Service"; wantedBy = [ "multi-user.target" ]; - startAt = "*-*-* *:05:00"; + startAt = "hourly"; script = '' exec ${pkgs.logrotate}/sbin/logrotate ${configFile} ''; diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 223f3bef77d..c39827c5b86 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -103,11 +103,12 @@ let plugin { quota_rule = *:storage=${cfg.quotaGlobalPerUser} - quota = maildir:User quota # per virtual mail user quota # BUG/FIXME broken, we couldn't get this working + quota = count:User quota # per virtual mail user quota quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" quota_grace = 10%% + quota_vsizes = yes } '' ) diff --git a/nixos/modules/services/misc/gollum.nix b/nixos/modules/services/misc/gollum.nix index 4053afa69be..cad73a871ba 100644 --- a/nixos/modules/services/misc/gollum.nix +++ b/nixos/modules/services/misc/gollum.nix @@ -100,6 +100,7 @@ in serviceConfig = { User = config.users.users.gollum.name; Group = config.users.groups.gollum.name; + WorkingDirectory = cfg.stateDir; ExecStart = '' ${pkgs.gollum}/bin/gollum \ --port ${toString cfg.port} \ diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 4ea45888e5f..fb643e7a66e 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -74,6 +74,8 @@ in imports = [ (mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ]) (mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ]) + (mkRenamedOptionModule [ "nix" "daemonIONiceLevel" ] [ "nix" "daemonIOSchedPriority" ]) + (mkRemovedOptionModule [ "nix" "daemonNiceLevel" ] "Consider nix.daemonCPUSchedPolicy instead.") ]; ###### interface @@ -546,7 +548,7 @@ in [ nix pkgs.nix-info ] - ++ optional (config.programs.bash.enableCompletion && !versionAtLeast nixVersion "2.4pre") pkgs.nix-bash-completions; + ++ optional (config.programs.bash.enableCompletion) pkgs.nix-bash-completions; environment.etc."nix/nix.conf".source = nixConf; diff --git a/nixos/modules/services/networking/monero.nix b/nixos/modules/services/networking/monero.nix index 9a9084e4ce1..8bed89917c8 100644 --- a/nixos/modules/services/networking/monero.nix +++ b/nixos/modules/services/networking/monero.nix @@ -222,7 +222,7 @@ in serviceConfig = { User = "monero"; Group = "monero"; - ExecStart = "${pkgs.monero}/bin/monerod --config-file=${configFile} --non-interactive"; + ExecStart = "${pkgs.monero-cli}/bin/monerod --config-file=${configFile} --non-interactive"; Restart = "always"; SuccessExitStatus = [ 0 1 ]; }; diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix index 3bd15bd5c80..43333af5e2f 100644 --- a/nixos/modules/services/networking/nomad.nix +++ b/nixos/modules/services/networking/nomad.nix @@ -51,7 +51,7 @@ in extraSettingsPaths = mkOption { type = types.listOf types.path; - default = []; + default = [ ]; description = '' Additional settings paths used to configure nomad. These can be files or directories. ''; @@ -60,9 +60,21 @@ in ''; }; + extraSettingsPlugins = mkOption { + type = types.listOf (types.either types.package types.path); + default = [ ]; + description = '' + Additional plugins dir used to configure nomad. + ''; + example = literalExpression '' + [ "<pluginDir>" "pkgs.<plugins-name>"] + ''; + }; + + settings = mkOption { type = format.type; - default = {}; + default = { }; description = '' Configuration for Nomad. See the <link xlink:href="https://www.nomadproject.io/docs/configuration">documentation</link> for supported values. @@ -128,7 +140,8 @@ in DynamicUser = cfg.dropPrivileges; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json" + - concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths; + concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths + + concatMapStrings (path: " -plugin-dir=${path}/bin") cfg.extraSettingsPlugins; KillMode = "process"; KillSignal = "SIGINT"; LimitNOFILE = 65536; diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index c121008d529..c6c40777ed7 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -195,6 +195,7 @@ in { SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; UMask = "0027"; + WorkingDirectory = "/var/lib/radicale"; }; }; }; diff --git a/nixos/modules/services/networking/sabnzbd.nix b/nixos/modules/services/networking/sabnzbd.nix index 43566dfd25c..54eeba1a9ec 100644 --- a/nixos/modules/services/networking/sabnzbd.nix +++ b/nixos/modules/services/networking/sabnzbd.nix @@ -17,6 +17,13 @@ in services.sabnzbd = { enable = mkEnableOption "the sabnzbd server"; + package = mkOption { + type = types.package; + default = pkgs.sabnzbd; + defaultText = "pkgs.sabnzbd"; + description = "The sabnzbd executable package run by the service."; + }; + configFile = mkOption { type = types.path; default = "/var/lib/sabnzbd/sabnzbd.ini"; @@ -63,7 +70,7 @@ in GuessMainPID = "no"; User = "${cfg.user}"; Group = "${cfg.group}"; - ExecStart = "${sabnzbd}/bin/sabnzbd -d -f ${cfg.configFile}"; + ExecStart = "${lib.getBin cfg.package}/bin/sabnzbd -d -f ${cfg.configFile}"; }; }; }; diff --git a/nixos/modules/services/web-apps/moodle.nix b/nixos/modules/services/web-apps/moodle.nix index 6f5cfa2e348..19f3e754691 100644 --- a/nixos/modules/services/web-apps/moodle.nix +++ b/nixos/modules/services/web-apps/moodle.nix @@ -57,7 +57,7 @@ let pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql"; phpExt = pkgs.php74.withExtensions - ({ enabled, all }: with all; [ iconv mbstring curl openssl tokenizer xmlrpc soap ctype zip gd simplexml dom intl json sqlite3 pgsql pdo_sqlite pdo_pgsql pdo_odbc pdo_mysql pdo mysqli session zlib xmlreader fileinfo filter ]); + ({ enabled, all }: with all; [ iconv mbstring curl openssl tokenizer xmlrpc soap ctype zip gd simplexml dom intl json sqlite3 pgsql pdo_sqlite pdo_pgsql pdo_odbc pdo_mysql pdo mysqli session zlib xmlreader fileinfo filter opcache ]); in { # interface diff --git a/nixos/modules/services/web-servers/caddy/default.nix b/nixos/modules/services/web-servers/caddy/default.nix index cef27e2e59f..ed27dd375c8 100644 --- a/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixos/modules/services/web-servers/caddy/default.nix @@ -171,34 +171,27 @@ in }; config = mkIf cfg.enable { + systemd.packages = [ cfg.package ]; systemd.services.caddy = { - description = "Caddy web server"; - # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; startLimitIntervalSec = 14400; startLimitBurst = 10; + serviceConfig = { - ExecStart = "${cfg.package}/bin/caddy run ${optionalString cfg.resume "--resume"} --config ${configJSON}"; - ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}"; - Type = "simple"; + # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= + # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. + ExecStart = [ "" "${cfg.package}/bin/caddy run ${optionalString cfg.resume "--resume"} --config ${configJSON}" ]; + ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${configJSON}" ]; + User = cfg.user; Group = cfg.group; + ReadWriteDirectories = cfg.dataDir; Restart = "on-abnormal"; - AmbientCapabilities = "cap_net_bind_service"; - CapabilityBoundingSet = "cap_net_bind_service"; + + # TODO: attempt to upstream these options NoNewPrivileges = true; - LimitNPROC = 512; - LimitNOFILE = 1048576; - PrivateTmp = true; PrivateDevices = true; ProtectHome = true; - ProtectSystem = "full"; - ReadWriteDirectories = cfg.dataDir; - KillMode = "mixed"; - KillSignal = "SIGQUIT"; - TimeoutStopSec = "5s"; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/cinnamon.nix b/nixos/modules/services/x11/desktop-managers/cinnamon.nix index a0a5873f72f..82b07206a8b 100644 --- a/nixos/modules/services/x11/desktop-managers/cinnamon.nix +++ b/nixos/modules/services/x11/desktop-managers/cinnamon.nix @@ -202,6 +202,13 @@ in blueberry warpinator + # cinnamon xapps + xviewer + xreader + xed + xplayer + pix + # external apps shipped with linux-mint hexchat gnome-calculator diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index e036c684c88..6f0d645725e 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -83,14 +83,14 @@ in default = true; description = '' Allow GDM to run on Wayland instead of Xserver. - Note to enable Wayland with Nvidia you need to - enable the <option>nvidiaWayland</option>. + Note to enable Wayland with Nvidia the <option>nvidiaWayland</option> + must not be disabled. ''; }; nvidiaWayland = mkOption { type = types.bool; - default = false; + default = true; description = '' Whether to allow wayland to be used with the proprietary NVidia graphics driver. diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix index 6aa0d5f76f2..a8f38046137 100644 --- a/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixos/modules/services/x11/window-managers/xmonad.nix @@ -29,7 +29,6 @@ let } '' install -D ${xmonadEnv}/share/man/man1/xmonad.1.gz $out/share/man/man1/xmonad.1.gz makeWrapper ${configured}/bin/xmonad $out/bin/xmonad \ - --set NIX_GHC "${xmonadEnv}/bin/ghc" \ --set XMONAD_XMESSAGE "${pkgs.xorg.xmessage}/bin/xmessage" ''; @@ -93,6 +92,8 @@ in { <literal>(restart "xmonad" True)</literal> instead, which will just restart xmonad from PATH. This allows e.g. switching to the new xmonad binary after rebuilding your system with nixos-rebuild. + For the same reason, ghc is not added to the environment when this + option is set. If you actually want to run xmonad with a config specified here, but also be able to recompile and restart it from a copy of that source in diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index e105502cf3a..053496441d8 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -11,6 +11,7 @@ use Cwd 'abs_path'; my $out = "@out@"; +# FIXME: maybe we should use /proc/1/exe to get the current systemd. my $curSystemd = abs_path("/run/current-system/sw/bin"); # To be robust against interruption, record what units need to be started etc. @@ -18,16 +19,13 @@ my $startListFile = "/run/nixos/start-list"; my $restartListFile = "/run/nixos/restart-list"; my $reloadListFile = "/run/nixos/reload-list"; -# Parse restart/reload requests by the activation script. -# Activation scripts may write newline-separated units to this -# file and switch-to-configuration will handle them. While -# `stopIfChanged = true` is ignored, switch-to-configuration will -# handle `restartIfChanged = false` and `reloadIfChanged = true`. -# This also works for socket-activated units. +# Parse restart/reload requests by the activation script my $restartByActivationFile = "/run/nixos/activation-restart-list"; +my $reloadByActivationFile = "/run/nixos/activation-reload-list"; my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list"; +my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list"; -make_path("/run/nixos", { mode => oct(755) }); +make_path("/run/nixos", { mode => 0755 }); my $action = shift @ARGV; @@ -149,92 +147,6 @@ sub fingerprintUnit { return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : ""); } -sub handleModifiedUnit { - my ($unit, $baseName, $newUnitFile, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_; - - if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.slice$/ || $unit =~ /\.path$/) { - # Do nothing. These cannot be restarted directly. - # Slices and Paths don't have to be restarted since - # properties (resource limits and inotify watches) - # seem to get applied on daemon-reload. - } elsif ($unit =~ /\.mount$/) { - # Reload the changed mount unit to force a remount. - $unitsToReload->{$unit} = 1; - recordUnit($reloadListFile, $unit); - } else { - my $unitInfo = parseUnit($newUnitFile); - if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) { - $unitsToReload->{$unit} = 1; - recordUnit($reloadListFile, $unit); - } - elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) { - $unitsToSkip->{$unit} = 1; - } else { - # If this unit is socket-activated, then stop it instead - # of restarting it to make sure the new version of it is - # socket-activated. - my $socketActivated = 0; - if ($unit =~ /\.service$/) { - my @sockets = split / /, ($unitInfo->{Sockets} // ""); - if (scalar @sockets == 0) { - @sockets = ("$baseName.socket"); - } - foreach my $socket (@sockets) { - if (-e "$out/etc/systemd/system/$socket") { - $socketActivated = 1; - $unitsToStop->{$unit} = 1; - # If the socket was not running previously, - # start it now. - if (not defined $activePrev->{$socket}) { - $unitsToStart->{$socket} = 1; - } - } - } - } - - # Don't do the rest of this for socket-activated units - # because we handled these above where we stop the unit. - # Since only services can be socket-activated, the - # following condition always evaluates to `true` for - # non-service units. - if ($socketActivated) { - return; - } - - # If we are restarting a socket, also stop the corresponding - # service. This is required because restarting a socket - # when the service is already activated fails. - if ($unit =~ /\.socket$/) { - my $service = $unitInfo->{Service} // ""; - if ($service eq "") { - $service = "$baseName.service"; - } - if (defined $activePrev->{$service}) { - $unitsToStop->{$service} = 1; - } - $unitsToRestart->{$unit} = 1; - recordUnit($restartListFile, $unit); - } else { - # Always restart non-services instead of stopping and starting them - # because it doesn't make sense to stop them with a config from - # the old evaluation. - if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) { - # This unit should be restarted instead of - # stopped and started. - $unitsToRestart->{$unit} = 1; - recordUnit($restartListFile, $unit); - } else { - # We write to a file to ensure that the - # service gets restarted if we're interrupted. - $unitsToStart->{$unit} = 1; - recordUnit($startListFile, $unit); - $unitsToStop->{$unit} = 1; - } - } - } - } -} - # Figure out what units need to be stopped, started, restarted or reloaded. my (%unitsToStop, %unitsToSkip, %unitsToStart, %unitsToRestart, %unitsToReload); @@ -307,7 +219,65 @@ while (my ($unit, $state) = each %{$activePrev}) { } elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) { - handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToSkip); + if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") { + # Do nothing. These cannot be restarted directly. + } elsif ($unit =~ /\.mount$/) { + # Reload the changed mount unit to force a remount. + $unitsToReload{$unit} = 1; + recordUnit($reloadListFile, $unit); + } elsif ($unit =~ /\.socket$/ || $unit =~ /\.path$/ || $unit =~ /\.slice$/) { + # FIXME: do something? + } else { + my $unitInfo = parseUnit($newUnitFile); + if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) { + $unitsToReload{$unit} = 1; + recordUnit($reloadListFile, $unit); + } + elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) { + $unitsToSkip{$unit} = 1; + } else { + if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes")) { + # This unit should be restarted instead of + # stopped and started. + $unitsToRestart{$unit} = 1; + recordUnit($restartListFile, $unit); + } else { + # If this unit is socket-activated, then stop the + # socket unit(s) as well, and restart the + # socket(s) instead of the service. + my $socketActivated = 0; + if ($unit =~ /\.service$/) { + my @sockets = split / /, ($unitInfo->{Sockets} // ""); + if (scalar @sockets == 0) { + @sockets = ("$baseName.socket"); + } + foreach my $socket (@sockets) { + if (defined $activePrev->{$socket}) { + $unitsToStop{$socket} = 1; + # Only restart sockets that actually + # exist in new configuration: + if (-e "$out/etc/systemd/system/$socket") { + $unitsToStart{$socket} = 1; + recordUnit($startListFile, $socket); + $socketActivated = 1; + } + } + } + } + + # If the unit is not socket-activated, record + # that this unit needs to be started below. + # We write this to a file to ensure that the + # service gets restarted if we're interrupted. + if (!$socketActivated) { + $unitsToStart{$unit} = 1; + recordUnit($startListFile, $unit); + } + + $unitsToStop{$unit} = 1; + } + } + } } } } @@ -392,6 +362,8 @@ sub filterUnits { } my @unitsToStopFiltered = filterUnits(\%unitsToStop); +my @unitsToStartFiltered = filterUnits(\%unitsToStart); + # Show dry-run actions. if ($action eq "dry-activate") { @@ -403,44 +375,21 @@ if ($action eq "dry-activate") { print STDERR "would activate the configuration...\n"; system("$out/dry-activate", "$out"); - # Handle the activation script requesting the restart or reload of a unit. - my %unitsToAlsoStop; - my %unitsToAlsoSkip; - foreach (split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "")) { - my $unit = $_; - my $baseUnit = $unit; - my $newUnitFile = "$out/etc/systemd/system/$baseUnit"; - - # Detect template instances. - if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) { - $baseUnit = "$1\@.$2"; - $newUnitFile = "$out/etc/systemd/system/$baseUnit"; - } - - my $baseName = $baseUnit; - $baseName =~ s/\.[a-z]*$//; + $unitsToRestart{$_} = 1 foreach + split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // ""); - handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToAlsoStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToAlsoSkip); - } - unlink($dryRestartByActivationFile); - - my @unitsToAlsoStopFiltered = filterUnits(\%unitsToAlsoStop); - if (scalar(keys %unitsToAlsoStop) > 0) { - print STDERR "would stop the following units as well: ", join(", ", @unitsToAlsoStopFiltered), "\n" - if scalar @unitsToAlsoStopFiltered; - } - - print STDERR "would NOT restart the following changed units as well: ", join(", ", sort(keys %unitsToAlsoSkip)), "\n" - if scalar(keys %unitsToAlsoSkip) > 0; + $unitsToReload{$_} = 1 foreach + split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // ""); print STDERR "would restart systemd\n" if $restartSystemd; - print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" - if scalar(keys %unitsToReload) > 0; print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n" if scalar(keys %unitsToRestart) > 0; - my @unitsToStartFiltered = filterUnits(\%unitsToStart); print STDERR "would start the following units: ", join(", ", @unitsToStartFiltered), "\n" if scalar @unitsToStartFiltered; + print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" + if scalar(keys %unitsToReload) > 0; + unlink($dryRestartByActivationFile); + unlink($dryReloadByActivationFile); exit 0; } @@ -451,7 +400,7 @@ if (scalar (keys %unitsToStop) > 0) { print STDERR "stopping the following units: ", join(", ", @unitsToStopFiltered), "\n" if scalar @unitsToStopFiltered; # Use current version of systemctl binary before daemon is reexeced. - system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToStop)); + system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToStop)); # FIXME: ignore errors? } print STDERR "NOT restarting the following changed units: ", join(", ", sort(keys %unitsToSkip)), "\n" @@ -465,38 +414,12 @@ system("$out/activate", "$out") == 0 or $res = 2; # Handle the activation script requesting the restart or reload of a unit. # We can only restart and reload (not stop/start) because the units to be -# stopped are already stopped before the activation script is run. We do however -# make an exception for services that are socket-activated and that have to be stopped -# instead of being restarted. -my %unitsToAlsoStop; -my %unitsToAlsoSkip; -foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "")) { - my $unit = $_; - my $baseUnit = $unit; - my $newUnitFile = "$out/etc/systemd/system/$baseUnit"; - - # Detect template instances. - if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) { - $baseUnit = "$1\@.$2"; - $newUnitFile = "$out/etc/systemd/system/$baseUnit"; - } - - my $baseName = $baseUnit; - $baseName =~ s/\.[a-z]*$//; - - handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToAlsoStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToAlsoSkip); -} -unlink($restartByActivationFile); - -my @unitsToAlsoStopFiltered = filterUnits(\%unitsToAlsoStop); -if (scalar(keys %unitsToAlsoStop) > 0) { - print STDERR "stopping the following units as well: ", join(", ", @unitsToAlsoStopFiltered), "\n" - if scalar @unitsToAlsoStopFiltered; - system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToAlsoStop)); -} +# stopped are already stopped before the activation script is run. +$unitsToRestart{$_} = 1 foreach + split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // ""); -print STDERR "NOT restarting the following changed units as well: ", join(", ", sort(keys %unitsToAlsoSkip)), "\n" - if scalar(keys %unitsToAlsoSkip) > 0; +$unitsToReload{$_} = 1 foreach + split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // ""); # Restart systemd if necessary. Note that this is done using the # current version of systemd, just in case the new one has trouble @@ -537,40 +460,14 @@ if (scalar(keys %unitsToReload) > 0) { print STDERR "reloading the following units: ", join(", ", sort(keys %unitsToReload)), "\n"; system("@systemd@/bin/systemctl", "reload", "--", sort(keys %unitsToReload)) == 0 or $res = 4; unlink($reloadListFile); + unlink($reloadByActivationFile); } # Restart changed services (those that have to be restarted rather # than stopped and started). if (scalar(keys %unitsToRestart) > 0) { print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"; - - # We split the units to be restarted into sockets and non-sockets. - # This is because restarting sockets may fail which is not bad by - # itself but which will prevent changes on the sockets. We usually - # restart the socket and stop the service before that. Restarting - # the socket will fail however when the service was re-activated - # in the meantime. There is no proper way to prevent that from happening. - my @unitsWithErrorHandling = grep { $_ !~ /\.socket$/ } sort(keys %unitsToRestart); - my @unitsWithoutErrorHandling = grep { $_ =~ /\.socket$/ } sort(keys %unitsToRestart); - - if (scalar(@unitsWithErrorHandling) > 0) { - system("@systemd@/bin/systemctl", "restart", "--", @unitsWithErrorHandling) == 0 or $res = 4; - } - if (scalar(@unitsWithoutErrorHandling) > 0) { - # Don't print warnings from systemctl - no warnings 'once'; - open(OLDERR, ">&", \*STDERR); - close(STDERR); - - my $ret = system("@systemd@/bin/systemctl", "restart", "--", @unitsWithoutErrorHandling); - - # Print stderr again - open(STDERR, ">&OLDERR"); - - if ($ret ne 0) { - print STDERR "warning: some sockets failed to restart. Please check your journal (journalctl -eb) and act accordingly.\n"; - } - } + system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4; unlink($restartListFile); unlink($restartByActivationFile); } @@ -581,7 +478,6 @@ if (scalar(keys %unitsToRestart) > 0) { # that are symlinks to other units. We shouldn't start both at the # same time because we'll get a "Failed to add path to set" error from # systemd. -my @unitsToStartFiltered = filterUnits(\%unitsToStart); print STDERR "starting the following units: ", join(", ", @unitsToStartFiltered), "\n" if scalar @unitsToStartFiltered; system("@systemd@/bin/systemctl", "start", "--", sort(keys %unitsToStart)) == 0 or $res = 4; @@ -589,7 +485,7 @@ unlink($startListFile); # Print failed and new units. -my (@failed, @new); +my (@failed, @new, @restarting); my $activeNew = getActiveUnits; while (my ($unit, $state) = each %{$activeNew}) { if ($state->{state} eq "failed") { @@ -605,9 +501,7 @@ while (my ($unit, $state) = each %{$activeNew}) { push @failed, $unit; } } - # Ignore scopes since they are not managed by this script but rather - # created and managed by third-party services via the systemd dbus API. - elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/) { + elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit}) { push @new, $unit; } } diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 68da910d29c..026fd1791d3 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -84,13 +84,6 @@ let export localeArchive="${config.i18n.glibcLocales}/lib/locale/locale-archive" substituteAll ${./switch-to-configuration.pl} $out/bin/switch-to-configuration chmod +x $out/bin/switch-to-configuration - ${optionalString (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) '' - if ! output=$($perl/bin/perl -c $out/bin/switch-to-configuration 2>&1); then - echo "switch-to-configuration syntax is not valid:" - echo "$output" - exit 1 - fi - ''} echo -n "${toString config.system.extraDependencies}" > $out/extra-dependencies diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index 4a9da939451..d147155d796 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -243,7 +243,7 @@ in "hid_generic" "hid_lenovo" "hid_apple" "hid_roccat" "hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft" - ] ++ optionals (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ + ] ++ optionals pkgs.stdenv.hostPlatform.isx86 [ # Misc. x86 keyboard stuff. "pcips2" "atkbd" "i8042" diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index 4d8537d4c32..0c93b288fc6 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -103,10 +103,10 @@ if (stat($bootPath)->dev != stat("/nix/store")->dev) { # Discover information about the location of the bootPath struct(Fs => { - device => '$', - type => '$', - mount => '$', - }); + device => '$', + type => '$', + mount => '$', +}); sub PathInMount { my ($path, $mount) = @_; my @splitMount = split /\//, $mount; @@ -155,9 +155,9 @@ sub GetFs { return $bestFs; } struct (Grub => { - path => '$', - search => '$', - }); + path => '$', + search => '$', +}); my $driveid = 1; sub GrubFs { my ($dir) = @_; @@ -254,8 +254,8 @@ if ($grubVersion == 1) { # $defaultEntry might be "saved", indicating that we want to use the last selected configuration as default. # Incidentally this is already the correct value for the grub 1 config to achieve this behaviour. $conf .= " - default $defaultEntry - timeout $timeout + default $defaultEntry + timeout $timeout "; if ($splashImage) { copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath: $!\n"; @@ -305,7 +305,7 @@ else { if ($copyKernels == 0) { $conf .= " - " . $grubStore->search; + " . $grubStore->search; } # FIXME: should use grub-mkconfig. my $defaultEntryText = $defaultEntry; @@ -313,55 +313,55 @@ else { $defaultEntryText = "\"\${saved_entry}\""; } $conf .= " - " . $grubBoot->search . " - if [ -s \$prefix/grubenv ]; then - load_env - fi - - # ‘grub-reboot’ sets a one-time saved entry, which we process here and - # then delete. - if [ \"\${next_entry}\" ]; then - set default=\"\${next_entry}\" - set next_entry= - save_env next_entry - set timeout=1 - set boot_once=true - else - set default=$defaultEntryText - set timeout=$timeout - fi - - function savedefault { - if [ -z \"\${boot_once}\"]; then - saved_entry=\"\${chosen}\" - save_env saved_entry + " . $grubBoot->search . " + if [ -s \$prefix/grubenv ]; then + load_env fi - } - # Setup the graphics stack for bios and efi systems - if [ \"\${grub_platform}\" = \"efi\" ]; then - insmod efi_gop - insmod efi_uga - else - insmod vbe - fi + # ‘grub-reboot’ sets a one-time saved entry, which we process here and + # then delete. + if [ \"\${next_entry}\" ]; then + set default=\"\${next_entry}\" + set next_entry= + save_env next_entry + set timeout=1 + set boot_once=true + else + set default=$defaultEntryText + set timeout=$timeout + fi + + function savedefault { + if [ -z \"\${boot_once}\"]; then + saved_entry=\"\${chosen}\" + save_env saved_entry + fi + } + + # Setup the graphics stack for bios and efi systems + if [ \"\${grub_platform}\" = \"efi\" ]; then + insmod efi_gop + insmod efi_uga + else + insmod vbe + fi "; if ($font) { copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath: $!\n"; $conf .= " - insmod font - if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then - insmod gfxterm - if [ \"\${grub_platform}\" = \"efi\" ]; then - set gfxmode=$gfxmodeEfi - set gfxpayload=$gfxpayloadEfi - else - set gfxmode=$gfxmodeBios - set gfxpayload=$gfxpayloadBios - fi - terminal_output gfxterm - fi + insmod font + if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then + insmod gfxterm + if [ \"\${grub_platform}\" = \"efi\" ]; then + set gfxmode=$gfxmodeEfi + set gfxpayload=$gfxpayloadEfi + else + set gfxmode=$gfxmodeBios + set gfxpayload=$gfxpayloadBios + fi + terminal_output gfxterm + fi "; } if ($splashImage) { @@ -378,14 +378,14 @@ else { } copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath: $!\n"; $conf .= " - insmod " . substr($suffix, 1) . " - if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then - set color_normal=white/black - set color_highlight=black/white - else - set menu_color_normal=cyan/blue - set menu_color_highlight=white/blue - fi + insmod " . substr($suffix, 1) . " + if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then + set color_normal=white/black + set color_highlight=black/white + else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + fi "; } @@ -395,20 +395,20 @@ else { # Copy theme rcopy($theme, "$bootPath/theme") or die "cannot copy $theme to $bootPath\n"; $conf .= " - # Sets theme. - set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt - export theme - # Load theme fonts, if any + # Sets theme. + set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt + export theme + # Load theme fonts, if any "; find( { wanted => sub { - if ($_ =~ /\.pf2$/i) { - $font = File::Spec->abs2rel($File::Find::name, $theme); - $conf .= " - loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font - "; - } - }, no_chdir => 1 }, $theme ); + if ($_ =~ /\.pf2$/i) { + $font = File::Spec->abs2rel($File::Find::name, $theme); + $conf .= " + loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font + "; + } + }, no_chdir => 1 }, $theme ); } } @@ -474,8 +474,8 @@ sub addEntry { # FIXME: $confName my $kernelParams = - "init=" . Cwd::abs_path("$path/init") . " " . - readFile("$path/kernel-params"); + "init=" . Cwd::abs_path("$path/init") . " " . + readFile("$path/kernel-params"); my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : ""; if ($grubVersion == 1) { @@ -524,9 +524,9 @@ foreach my $link (@links) { my $date = strftime("%F", localtime(lstat($link)->mtime)); my $version = - -e "$link/nixos-version" - ? readFile("$link/nixos-version") - : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); + -e "$link/nixos-version" + ? readFile("$link/nixos-version") + : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); if ($cfgName) { $entryName = $cfgName; @@ -551,8 +551,8 @@ sub addProfile { sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; } my @links = sort - { nrFromGen($b) <=> nrFromGen($a) } - (glob "$profile-*-link"); + { nrFromGen($b) <=> nrFromGen($a) } + (glob "$profile-*-link"); my $curEntry = 0; foreach my $link (@links) { @@ -563,9 +563,9 @@ sub addProfile { } my $date = strftime("%F", localtime(lstat($link)->mtime)); my $version = - -e "$link/nixos-version" - ? readFile("$link/nixos-version") - : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); + -e "$link/nixos-version" + ? readFile("$link/nixos-version") + : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link); } @@ -653,13 +653,13 @@ foreach my $fn (glob "$bootPath/kernels/*") { # struct(GrubState => { - name => '$', - version => '$', - efi => '$', - devices => '$', - efiMountPoint => '$', - extraGrubInstallArgs => '@', - }); + name => '$', + version => '$', + efi => '$', + devices => '$', + efiMountPoint => '$', + extraGrubInstallArgs => '@', +}); # If you add something to the state file, only add it to the end # because it is read line-by-line. sub readGrubState { diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py index c38bef9d6d4..e9697b5f0e6 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -244,19 +244,27 @@ def main() -> None: subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@"] + flags + ["install"]) else: # Update bootloader to latest if needed - systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1] + systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[2] sdboot_status = subprocess.check_output(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "status"], universal_newlines=True) # See status_binaries() in systemd bootctl.c for code which generates this - m = re.search("^\W+File:.*/EFI/(BOOT|systemd)/.*\.efi \(systemd-boot (\d+)\)$", + m = re.search("^\W+File:.*/EFI/(BOOT|systemd)/.*\.efi \(systemd-boot ([\d.]+[^)]*)\)$", sdboot_status, re.IGNORECASE | re.MULTILINE) + + needs_install = False + if m is None: - print("could not find any previously installed systemd-boot") + print("could not find any previously installed systemd-boot, installing.") + # Let systemd-boot attempt an installation if a previous one wasn't found + needs_install = True else: - sdboot_version = m.group(2) - if systemd_version > sdboot_version: + sdboot_version = f'({m.group(2)})' + if systemd_version != sdboot_version: print("updating systemd-boot from %s to %s" % (sdboot_version, systemd_version)) - subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "update"]) + needs_install = True + + if needs_install: + subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "update"]) mkdir_p("@efiSysMountPoint@/efi/nixos") mkdir_p("@efiSysMountPoint@/loader/entries") diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 8fcf62d7fbf..6e0ee437d91 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -67,6 +67,7 @@ let "systemd-user-sessions.service" "dbus-org.freedesktop.import1.service" "dbus-org.freedesktop.machine1.service" + "dbus-org.freedesktop.login1.service" "user@.service" "user-runtime-dir@.service" diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 75fc5a14a80..49901cda848 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -417,7 +417,11 @@ in network node hostname (uname --nodename) the option boot.kernel.sysctl."kernel.hostname" can be used as a workaround (but the 64 character limit still applies). + + WARNING: Do not use underscores (_) or you may run into unexpected issues. ''; + # warning until the issues in https://github.com/NixOS/nixpkgs/pull/138978 + # are resolved }; networking.fqdn = mkOption { diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 41f3fa0e664..bd8c7f8c1ee 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -76,7 +76,7 @@ in config = mkIf cfg.enable { assertions = [ { - assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + assertion = pkgs.stdenv.hostPlatform.isx86; message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}"; } { assertion = config.networking.networkmanager.enable == false; diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 0c2782d3e02..91356ac1d98 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -97,7 +97,7 @@ let imap1 (idx: drive: drive // { device = driveDeviceName idx; }); efiPrefix = - if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then "${pkgs.OVMF.fd}/FV/OVMF" + if pkgs.stdenv.hostPlatform.isx86 then "${pkgs.OVMF.fd}/FV/OVMF" else if pkgs.stdenv.isAarch64 then "${pkgs.OVMF.fd}/FV/AAVMF" else throw "No EFI firmware available for platform"; efiFirmware = "${efiPrefix}_CODE.fd"; @@ -296,7 +296,7 @@ in virtualisation.memorySize = mkOption { type = types.ints.positive; - default = 384; + default = 1024; description = '' The memory size in megabytes of the virtual machine. @@ -306,7 +306,7 @@ in virtualisation.msize = mkOption { type = types.ints.positive; - default = pkgs.vmTools.default9PMsizeBytes; + default = 16384; description = '' The msize (maximum packet size) option passed to 9p file systems, in @@ -833,7 +833,7 @@ in # FIXME: Consolidate this one day. virtualisation.qemu.options = mkMerge [ - (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ + (mkIf pkgs.stdenv.hostPlatform.isx86 [ "-usb" "-device usb-tablet,bus=usb-bus.0" ]) (mkIf (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) [ diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index 486951983d3..f702fb4e525 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -33,7 +33,7 @@ in config = mkIf cfg.enable (mkMerge [{ assertions = [{ - assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + assertion = pkgs.stdenv.hostPlatform.isx86; message = "Virtualbox not currently supported on ${pkgs.stdenv.hostPlatform.system}"; }]; diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix index 480a9703cef..481dedf8405 100644 --- a/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -23,7 +23,7 @@ in config = mkIf cfg.enable { assertions = [ { - assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + assertion = pkgs.stdenv.hostPlatform.isx86; message = "VMWare guest is not currently supported on ${pkgs.stdenv.hostPlatform.system}"; } ]; @@ -34,6 +34,8 @@ in systemd.services.vmware = { description = "VMWare Guest Service"; wantedBy = [ "multi-user.target" ]; + after = [ "display-manager.service" ]; + unitConfig.ConditionVirtualization = "vmware"; serviceConfig.ExecStart = "${open-vm-tools}/bin/vmtoolsd"; }; @@ -42,8 +44,7 @@ in { description = "VMware vmblock fuse mount"; documentation = [ "https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/vmblock-fuse/design.txt" ]; - before = [ "vmware.service" ]; - wants = [ "vmware.service" ]; + unitConfig.ConditionVirtualization = "vmware"; what = "${open-vm-tools}/bin/vmware-vmblock-fuse"; where = "/run/vmblock-fuse"; type = "fuse"; diff --git a/nixos/tests/airsonic.nix b/nixos/tests/airsonic.nix index 59bd84877c6..d8df092c2ec 100644 --- a/nixos/tests/airsonic.nix +++ b/nixos/tests/airsonic.nix @@ -11,10 +11,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { enable = true; maxMemory = 800; }; - - # Airsonic is a Java application, and unfortunately requires a significant - # amount of memory. - virtualisation.memorySize = 1024; }; testScript = '' diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ab107dfdcff..e2b9c868bc8 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -343,8 +343,9 @@ in osrm-backend = handleTest ./osrm-backend.nix {}; overlayfs = handleTest ./overlayfs.nix {}; packagekit = handleTest ./packagekit.nix {}; - pam-oath-login = handleTest ./pam-oath-login.nix {}; - pam-u2f = handleTest ./pam-u2f.nix {}; + pam-file-contents = handleTest ./pam/pam-file-contents.nix {}; + pam-oath-login = handleTest ./pam/pam-oath-login.nix {}; + pam-u2f = handleTest ./pam/pam-u2f.nix {}; pantalaimon = handleTest ./matrix/pantalaimon.nix {}; pantheon = handleTest ./pantheon.nix {}; paperless-ng = handleTest ./paperless-ng.nix {}; diff --git a/nixos/tests/cage.nix b/nixos/tests/cage.nix index e6bef374d30..83bae3deeea 100644 --- a/nixos/tests/cage.nix +++ b/nixos/tests/cage.nix @@ -17,7 +17,6 @@ import ./make-test-python.nix ({ pkgs, ...} : program = "${pkgs.xterm}/bin/xterm -cm -pc -fa Monospace -fs 24"; }; - virtualisation.memorySize = 1024; # Need to switch to a different GPU driver than the default one (-vga std) so that Cage can launch: virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ]; }; diff --git a/nixos/tests/cagebreak.nix b/nixos/tests/cagebreak.nix index 242e59f5d7a..c6c2c632b61 100644 --- a/nixos/tests/cagebreak.nix +++ b/nixos/tests/cagebreak.nix @@ -35,7 +35,6 @@ in programs.xwayland.enable = true; environment.systemPackages = [ pkgs.cagebreak pkgs.wayland-utils ]; - virtualisation.memorySize = 1024; # Need to switch to a different GPU driver than the default one (-vga std) so that Cagebreak can launch: virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ]; }; diff --git a/nixos/tests/cassandra.nix b/nixos/tests/cassandra.nix index bef3105f0a9..a19d525c343 100644 --- a/nixos/tests/cassandra.nix +++ b/nixos/tests/cassandra.nix @@ -41,7 +41,6 @@ let ]; }; services.cassandra = cassandraCfg ipAddress // extra; - virtualisation.memorySize = 1024; }; in { diff --git a/nixos/tests/ceph-multi-node.nix b/nixos/tests/ceph-multi-node.nix index 33736e27b98..29e7c279d69 100644 --- a/nixos/tests/ceph-multi-node.nix +++ b/nixos/tests/ceph-multi-node.nix @@ -37,7 +37,6 @@ let generateHost = { pkgs, cephConfig, networkConfig, ... }: { virtualisation = { - memorySize = 1024; emptyDiskImages = [ 20480 ]; vlans = [ 1 ]; }; diff --git a/nixos/tests/ceph-single-node-bluestore.nix b/nixos/tests/ceph-single-node-bluestore.nix index f706d4d56fc..acaae4cf300 100644 --- a/nixos/tests/ceph-single-node-bluestore.nix +++ b/nixos/tests/ceph-single-node-bluestore.nix @@ -34,7 +34,6 @@ let generateHost = { pkgs, cephConfig, networkConfig, ... }: { virtualisation = { - memorySize = 1024; emptyDiskImages = [ 20480 20480 20480 ]; vlans = [ 1 ]; }; diff --git a/nixos/tests/ceph-single-node.nix b/nixos/tests/ceph-single-node.nix index d1d56ea6708..4fe5dc59ff8 100644 --- a/nixos/tests/ceph-single-node.nix +++ b/nixos/tests/ceph-single-node.nix @@ -34,7 +34,6 @@ let generateHost = { pkgs, cephConfig, networkConfig, ... }: { virtualisation = { - memorySize = 1024; emptyDiskImages = [ 20480 20480 20480 ]; vlans = [ 1 ]; }; diff --git a/nixos/tests/common/wayland-cage.nix b/nixos/tests/common/wayland-cage.nix index 55aeb858d7a..fd070094139 100644 --- a/nixos/tests/common/wayland-cage.nix +++ b/nixos/tests/common/wayland-cage.nix @@ -8,7 +8,6 @@ }; virtualisation = { - memorySize = 1024; qemu.options = [ "-vga virtio" ]; }; } diff --git a/nixos/tests/containers-bridge.nix b/nixos/tests/containers-bridge.nix index a1b0c9469d8..b8661fd7997 100644 --- a/nixos/tests/containers-bridge.nix +++ b/nixos/tests/containers-bridge.nix @@ -15,7 +15,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; - virtualisation.memorySize = 768; networking.bridges = { br0 = { diff --git a/nixos/tests/containers-ephemeral.nix b/nixos/tests/containers-ephemeral.nix index fabf0593f23..db1631cf5b5 100644 --- a/nixos/tests/containers-ephemeral.nix +++ b/nixos/tests/containers-ephemeral.nix @@ -5,7 +5,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; machine = { pkgs, ... }: { - virtualisation.memorySize = 768; virtualisation.writableStore = true; containers.webserver = { diff --git a/nixos/tests/containers-extra_veth.nix b/nixos/tests/containers-extra_veth.nix index 172409f56e8..b8f3d984406 100644 --- a/nixos/tests/containers-extra_veth.nix +++ b/nixos/tests/containers-extra_veth.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; - virtualisation.memorySize = 768; virtualisation.vlans = []; networking.useDHCP = false; diff --git a/nixos/tests/containers-hosts.nix b/nixos/tests/containers-hosts.nix index 1f24ed1f3c2..3c6a1571002 100644 --- a/nixos/tests/containers-hosts.nix +++ b/nixos/tests/containers-hosts.nix @@ -7,7 +7,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine = { lib, ... }: { - virtualisation.memorySize = 256; virtualisation.vlans = []; networking.bridges.br0.interfaces = []; diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix index 34103ef7586..a126a5480c0 100644 --- a/nixos/tests/containers-imperative.nix +++ b/nixos/tests/containers-imperative.nix @@ -14,7 +14,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { nix.binaryCaches = []; # don't try to access cache.nixos.org virtualisation.writableStore = true; - virtualisation.memorySize = 1024; # Make sure we always have all the required dependencies for creating a # container available within the VM, because we don't have network access. virtualisation.additionalPaths = let diff --git a/nixos/tests/containers-ip.nix b/nixos/tests/containers-ip.nix index 8fc42dab624..91fdda0392a 100644 --- a/nixos/tests/containers-ip.nix +++ b/nixos/tests/containers-ip.nix @@ -22,7 +22,6 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation = { writableStore = true; - memorySize = 768; }; containers.webserver4 = webserverFor "10.231.136.1" "10.231.136.2"; diff --git a/nixos/tests/containers-macvlans.nix b/nixos/tests/containers-macvlans.nix index d0f41be8c12..a0cea8db4a1 100644 --- a/nixos/tests/containers-macvlans.nix +++ b/nixos/tests/containers-macvlans.nix @@ -15,7 +15,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine1 = { lib, ... }: { - virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; # To be able to ping containers from the host, it is necessary @@ -55,7 +54,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine2 = { ... }: { - virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; }; diff --git a/nixos/tests/containers-physical_interfaces.nix b/nixos/tests/containers-physical_interfaces.nix index 57bd0eedcc3..e203f88786a 100644 --- a/nixos/tests/containers-physical_interfaces.nix +++ b/nixos/tests/containers-physical_interfaces.nix @@ -7,7 +7,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { nodes = { server = { ... }: { - virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; containers.server = { @@ -23,7 +22,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; }; bridged = { ... }: { - virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; containers.bridged = { @@ -41,7 +39,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; bonded = { ... }: { - virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; containers.bonded = { @@ -62,7 +59,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; bridgedbond = { ... }: { - virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; containers.bridgedbond = { diff --git a/nixos/tests/containers-portforward.nix b/nixos/tests/containers-portforward.nix index e21f6cee76a..6cecd72f1bd 100644 --- a/nixos/tests/containers-portforward.nix +++ b/nixos/tests/containers-portforward.nix @@ -15,7 +15,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; - virtualisation.memorySize = 768; containers.webserver = { privateNetwork = true; diff --git a/nixos/tests/containers-tmpfs.nix b/nixos/tests/containers-tmpfs.nix index 0185c2d91f2..d95178d1ff5 100644 --- a/nixos/tests/containers-tmpfs.nix +++ b/nixos/tests/containers-tmpfs.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; - virtualisation.memorySize = 768; containers.tmpfs = { diff --git a/nixos/tests/custom-ca.nix b/nixos/tests/custom-ca.nix index 4480519c7ed..0ab49f3b343 100644 --- a/nixos/tests/custom-ca.nix +++ b/nixos/tests/custom-ca.nix @@ -81,8 +81,6 @@ in # chromium-based browsers refuse to run as root test-support.displayManager.auto.user = "alice"; - # browsers may hang with the default memory - virtualisation.memorySize = 500; networking.hosts."127.0.0.1" = [ "good.example.com" "bad.example.com" ]; security.pki.certificateFiles = [ "${example-good-cert}/ca.crt" ]; diff --git a/nixos/tests/enlightenment.nix b/nixos/tests/enlightenment.nix index c5f0e208906..8506c348246 100644 --- a/nixos/tests/enlightenment.nix +++ b/nixos/tests/enlightenment.nix @@ -19,7 +19,6 @@ import ./make-test-python.nix ({ pkgs, ...} : }; }; hardware.pulseaudio.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then - virtualisation.memorySize = 1024; environment.systemPackages = [ pkgs.xdotool ]; services.acpid.enable = true; services.connman.enable = true; diff --git a/nixos/tests/fcitx/default.nix b/nixos/tests/fcitx/default.nix index cbeb95d33b0..a243be8dc19 100644 --- a/nixos/tests/fcitx/default.nix +++ b/nixos/tests/fcitx/default.nix @@ -11,7 +11,6 @@ import ../make-test-python.nix ( ... }: { - virtualisation.memorySize = 1024; imports = [ ../common/user-account.nix diff --git a/nixos/tests/fenics.nix b/nixos/tests/fenics.nix index 56f09d6a27e..f0a8c32c7cd 100644 --- a/nixos/tests/fenics.nix +++ b/nixos/tests/fenics.nix @@ -38,7 +38,6 @@ in gcc (python3.withPackages (ps: with ps; [ fenics ])) ]; - virtualisation.memorySize = 512; }; }; testScript = diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index 7216ad43b8e..6101fc97356 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -13,9 +13,6 @@ import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }: { pkgs.xdotool ]; - # Need some more memory to record audio. - virtualisation.memorySize = 500; - # Create a virtual sound device, with mixing # and all, for recording audio. boot.kernelModules = [ "snd-aloop" ]; diff --git a/nixos/tests/gerrit.nix b/nixos/tests/gerrit.nix index b6b6486fae8..8ae9e89cf6b 100644 --- a/nixos/tests/gerrit.nix +++ b/nixos/tests/gerrit.nix @@ -18,7 +18,6 @@ in { { config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 80 2222 ]; - virtualisation.memorySize = 1024; services.gerrit = { enable = true; diff --git a/nixos/tests/gnome-xorg.nix b/nixos/tests/gnome-xorg.nix index b9ff5e68287..6264b87af4e 100644 --- a/nixos/tests/gnome-xorg.nix +++ b/nixos/tests/gnome-xorg.nix @@ -40,7 +40,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { }; }; - virtualisation.memorySize = 1024; }; testScript = { nodes, ... }: let diff --git a/nixos/tests/gnome.nix b/nixos/tests/gnome.nix index 1da97f733cf..06f387ecad6 100644 --- a/nixos/tests/gnome.nix +++ b/nixos/tests/gnome.nix @@ -45,7 +45,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { }; }; - virtualisation.memorySize = 1024; }; testScript = { nodes, ... }: let diff --git a/nixos/tests/graphite.nix b/nixos/tests/graphite.nix index 137be2d89c8..496f16846ea 100644 --- a/nixos/tests/graphite.nix +++ b/nixos/tests/graphite.nix @@ -4,7 +4,6 @@ import ./make-test-python.nix ({ pkgs, ... } : nodes = { one = { ... }: { - virtualisation.memorySize = 1024; time.timeZone = "UTC"; services.graphite = { web = { diff --git a/nixos/tests/hadoop/hadoop.nix b/nixos/tests/hadoop/hadoop.nix index b4ed0e17a85..48737debab5 100644 --- a/nixos/tests/hadoop/hadoop.nix +++ b/nixos/tests/hadoop/hadoop.nix @@ -95,7 +95,6 @@ import ../make-test-python.nix ({pkgs, ...}: { # YARN cluster rm1 = {pkgs, options, ...}: { - virtualisation.memorySize = 1024; services.hadoop = { inherit package coreSite hdfsSite; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; @@ -103,7 +102,6 @@ import ../make-test-python.nix ({pkgs, ...}: { }; }; rm2 = {pkgs, options, ...}: { - virtualisation.memorySize = 1024; services.hadoop = { inherit package coreSite hdfsSite; yarnSite = options.services.hadoop.yarnSite.default // yarnSiteHA; diff --git a/nixos/tests/hadoop/hdfs.nix b/nixos/tests/hadoop/hdfs.nix index 360dbd60ed2..b63cbf48032 100644 --- a/nixos/tests/hadoop/hdfs.nix +++ b/nixos/tests/hadoop/hdfs.nix @@ -2,7 +2,6 @@ import ../make-test-python.nix ({...}: { nodes = { namenode = {pkgs, ...}: { - virtualisation.memorySize = 1024; services.hadoop = { package = pkgs.hadoop; hdfs = { diff --git a/nixos/tests/installed-tests/fwupd.nix b/nixos/tests/installed-tests/fwupd.nix index a8a683a1af7..65614e2689d 100644 --- a/nixos/tests/installed-tests/fwupd.nix +++ b/nixos/tests/installed-tests/fwupd.nix @@ -7,6 +7,5 @@ makeInstalledTest { services.fwupd.enable = true; services.fwupd.disabledPlugins = lib.mkForce []; # don't disable test plugin services.fwupd.enableTestRemote = true; - virtualisation.memorySize = 768; }; } diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 73dc676ca32..513d2506e94 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -70,7 +70,7 @@ let let iface = if grubVersion == 1 then "ide" else "virtio"; isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi); bios = if pkgs.stdenv.isAarch64 then "QEMU_EFI.fd" else "OVMF.fd"; - in if !isEfi && !(pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then + in if !isEfi && !pkgs.stdenv.hostPlatform.isx86 then throw "Non-EFI boot methods are only supported on i686 / x86_64" else '' def assemble_qemu_flags(): diff --git a/nixos/tests/jitsi-meet.nix b/nixos/tests/jitsi-meet.nix index f9a0b121a2b..d95f7c2ea9e 100644 --- a/nixos/tests/jitsi-meet.nix +++ b/nixos/tests/jitsi-meet.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { client = { nodes, pkgs, ... }: { }; server = { config, pkgs, ... }: { - virtualisation.memorySize = 512; services.jitsi-meet = { enable = true; hostName = "server"; diff --git a/nixos/tests/kafka.nix b/nixos/tests/kafka.nix index 95711808a2c..5def759ca24 100644 --- a/nixos/tests/kafka.nix +++ b/nixos/tests/kafka.nix @@ -19,7 +19,6 @@ let }; networking.firewall.allowedTCPPorts = [ 2181 ]; - virtualisation.memorySize = 1024; }; kafka = { ... }: { services.apache-kafka = { diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index fc321b8902f..1be3fed6acc 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -17,7 +17,6 @@ let nodes = { keycloak = { ... }: { - virtualisation.memorySize = 1024; security.pki.certificateFiles = [ certs.ca.cert diff --git a/nixos/tests/lxd-image.nix b/nixos/tests/lxd-image.nix index bc8274eebed..096b9d9aba9 100644 --- a/nixos/tests/lxd-image.nix +++ b/nixos/tests/lxd-image.nix @@ -46,8 +46,6 @@ in { machine = { lib, ... }: { virtualisation = { - # OOMs otherwise - memorySize = 1024; # disk full otherwise diskSize = 2048; diff --git a/nixos/tests/metabase.nix b/nixos/tests/metabase.nix index 370114e9222..1b25071902e 100644 --- a/nixos/tests/metabase.nix +++ b/nixos/tests/metabase.nix @@ -7,7 +7,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { nodes = { machine = { ... }: { services.metabase.enable = true; - virtualisation.memorySize = 1024; }; }; diff --git a/nixos/tests/mysql/mysql.nix b/nixos/tests/mysql/mysql.nix index dce5fa26acf..2ac2b34a18e 100644 --- a/nixos/tests/mysql/mysql.nix +++ b/nixos/tests/mysql/mysql.nix @@ -64,10 +64,6 @@ in { imports = [ users ]; - # prevent oom: - # Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled - virtualisation.memorySize = 1024; - services.mysql.enable = true; services.mysql.initialDatabases = [ { name = "testdb3"; schema = ./testdb.sql; } diff --git a/nixos/tests/networking-proxy.nix b/nixos/tests/networking-proxy.nix index 62b5e690f6d..fcb2558cf3b 100644 --- a/nixos/tests/networking-proxy.nix +++ b/nixos/tests/networking-proxy.nix @@ -8,7 +8,6 @@ let default-config = { services.xserver.enable = false; - virtualisation.memorySize = 128; }; in import ./make-test-python.nix ({ pkgs, ...} : { name = "networking-proxy"; diff --git a/nixos/tests/nginx-etag.nix b/nixos/tests/nginx-etag.nix index a7bfc0d2695..b69511d081d 100644 --- a/nixos/tests/nginx-etag.nix +++ b/nixos/tests/nginx-etag.nix @@ -37,7 +37,6 @@ import ./make-test-python.nix { }; client = { pkgs, lib, ... }: { - virtualisation.memorySize = 512; environment.systemPackages = let testRunner = pkgs.writers.writePython3Bin "test-runner" { libraries = [ pkgs.python3Packages.selenium ]; diff --git a/nixos/tests/nixops/default.nix b/nixos/tests/nixops/default.nix index 3fb81906a52..ec3d028aaba 100644 --- a/nixos/tests/nixops/default.nix +++ b/nixos/tests/nixops/default.nix @@ -26,7 +26,6 @@ let nix.binaryCaches = lib.mkForce [ ]; users.users.person.isNormalUser = true; virtualisation.writableStore = true; - virtualisation.memorySize = 1024 /*MiB*/; virtualisation.additionalPaths = [ pkgs.hello pkgs.figlet diff --git a/nixos/tests/opensmtpd-rspamd.nix b/nixos/tests/opensmtpd-rspamd.nix index 9cb2624e6c4..19969a7b47d 100644 --- a/nixos/tests/opensmtpd-rspamd.nix +++ b/nixos/tests/opensmtpd-rspamd.nix @@ -39,7 +39,6 @@ import ./make-test-python.nix { smtp2 = { pkgs, ... }: { imports = [ common/user-account.nix ]; - virtualisation.memorySize = 512; networking = { firewall.allowedTCPPorts = [ 25 143 ]; useDHCP = false; diff --git a/nixos/tests/pam/pam-file-contents.nix b/nixos/tests/pam/pam-file-contents.nix new file mode 100644 index 00000000000..86c61003aeb --- /dev/null +++ b/nixos/tests/pam/pam-file-contents.nix @@ -0,0 +1,25 @@ +let + name = "pam"; +in +import ../make-test-python.nix ({ pkgs, ... }: { + + nodes.machine = { ... }: { + imports = [ ../../modules/profiles/minimal.nix ]; + + krb5.enable = true; + + users = { + mutableUsers = false; + users = { + user = { + isNormalUser = true; + }; + }; + }; + }; + + testScript = builtins.replaceStrings + [ "@@pam_ccreds@@" "@@pam_krb5@@" ] + [ pkgs.pam_ccreds.outPath pkgs.pam_krb5.outPath ] + (builtins.readFile ./test_chfn.py); +}) diff --git a/nixos/tests/pam-oath-login.nix b/nixos/tests/pam/pam-oath-login.nix index 6d48199eda9..597596b211b 100644 --- a/nixos/tests/pam-oath-login.nix +++ b/nixos/tests/pam/pam-oath-login.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ ... }: +import ../make-test-python.nix ({ ... }: let oathSnakeoilSecret = "cdd4083ef8ff1fa9178c6d46bfb1a3"; diff --git a/nixos/tests/pam-u2f.nix b/nixos/tests/pam/pam-u2f.nix index f492baa9e13..0ac6ac17be8 100644 --- a/nixos/tests/pam-u2f.nix +++ b/nixos/tests/pam/pam-u2f.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ ... }: +import ../make-test-python.nix ({ ... }: { name = "pam-u2f"; diff --git a/nixos/tests/pam/test_chfn.py b/nixos/tests/pam/test_chfn.py new file mode 100644 index 00000000000..b108a9423ca --- /dev/null +++ b/nixos/tests/pam/test_chfn.py @@ -0,0 +1,27 @@ +expected_lines = { + "account required pam_unix.so", + "account sufficient @@pam_krb5@@/lib/security/pam_krb5.so", + "auth [default=die success=done] @@pam_ccreds@@/lib/security/pam_ccreds.so action=validate use_first_pass", + "auth [default=ignore success=1 service_err=reset] @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", + "auth required pam_deny.so", + "auth sufficient @@pam_ccreds@@/lib/security/pam_ccreds.so action=store use_first_pass", + "auth sufficient pam_rootok.so", + "auth sufficient pam_unix.so likeauth try_first_pass", + "password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", + "password sufficient pam_unix.so nullok sha512", + "session optional @@pam_krb5@@/lib/security/pam_krb5.so", + "session required pam_env.so conffile=/etc/pam/environment readenv=0", + "session required pam_unix.so", +} +actual_lines = set(machine.succeed("cat /etc/pam.d/chfn").splitlines()) + +missing_lines = expected_lines - actual_lines +extra_lines = actual_lines - expected_lines +non_functional_lines = set([line for line in extra_lines if (line == "" or line.startswith("#"))]) +unexpected_functional_lines = extra_lines - non_functional_lines + +with subtest("All expected lines are in the file"): + assert not missing_lines, f"Missing lines: {missing_lines}" + +with subtest("All remaining lines are empty or comments"): + assert not unexpected_functional_lines, f"Unexpected lines: {unexpected_functional_lines}" diff --git a/nixos/tests/pantheon.nix b/nixos/tests/pantheon.nix index aebf6b53447..989d29a966d 100644 --- a/nixos/tests/pantheon.nix +++ b/nixos/tests/pantheon.nix @@ -15,7 +15,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : services.xserver.enable = true; services.xserver.desktopManager.pantheon.enable = true; - virtualisation.memorySize = 1024; }; enableOCR = true; diff --git a/nixos/tests/paperless-ng.nix b/nixos/tests/paperless-ng.nix index a4b2f348ec3..618eeec6b12 100644 --- a/nixos/tests/paperless-ng.nix +++ b/nixos/tests/paperless-ng.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ lib, ... }: { enable = true; passwordFile = builtins.toFile "password" "admin"; }; - virtualisation.memorySize = 1024; }; testScript = '' diff --git a/nixos/tests/plasma5-systemd-start.nix b/nixos/tests/plasma5-systemd-start.nix index ac6fad7da6c..72de19af70c 100644 --- a/nixos/tests/plasma5-systemd-start.nix +++ b/nixos/tests/plasma5-systemd-start.nix @@ -21,7 +21,6 @@ import ./make-test-python.nix ({ pkgs, ...} : user = "alice"; }; }; - virtualisation.memorySize = 1024; }; testScript = { nodes, ... }: let diff --git a/nixos/tests/plasma5.nix b/nixos/tests/plasma5.nix index 281c9843e90..5c7ea602f79 100644 --- a/nixos/tests/plasma5.nix +++ b/nixos/tests/plasma5.nix @@ -19,7 +19,6 @@ import ./make-test-python.nix ({ pkgs, ...} : user = "alice"; }; hardware.pulseaudio.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then - virtualisation.memorySize = 1024; }; testScript = { nodes, ... }: let diff --git a/nixos/tests/pleroma.nix b/nixos/tests/pleroma.nix index d0ae1488d13..bf3623fce38 100644 --- a/nixos/tests/pleroma.nix +++ b/nixos/tests/pleroma.nix @@ -202,7 +202,6 @@ import ./make-test-python.nix ({ pkgs, ... }: security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ]; networking.extraHosts = hosts nodes; networking.firewall.enable = false; - virtualisation.memorySize = 512; environment.systemPackages = with pkgs; [ provision-db provision-secrets diff --git a/nixos/tests/privacyidea.nix b/nixos/tests/privacyidea.nix index 4a94f072794..c1141465ec2 100644 --- a/nixos/tests/privacyidea.nix +++ b/nixos/tests/privacyidea.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, ...} : rec { machine = { ... }: { virtualisation.cores = 2; - virtualisation.memorySize = 512; services.privacyidea = { enable = true; diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 38b93c4087c..d069854328a 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -464,7 +464,6 @@ let extraFlags = [ "--lnd.network=regtest" ]; }; metricProvider = { - virtualisation.memorySize = 1024; systemd.services.prometheus-lnd-exporter.serviceConfig.RestartSec = 15; systemd.services.prometheus-lnd-exporter.after = [ "lnd.service" ]; services.bitcoind.regtest = { @@ -953,7 +952,6 @@ let }; metricProvider = { services.rspamd.enable = true; - virtualisation.memorySize = 1024; }; exporterTest = '' wait_for_unit("rspamd.service") diff --git a/nixos/tests/prometheus.nix b/nixos/tests/prometheus.nix index 20f8c4459e1..a075cfc1f1b 100644 --- a/nixos/tests/prometheus.nix +++ b/nixos/tests/prometheus.nix @@ -188,7 +188,6 @@ in import ./make-test-python.nix { # Minio requires at least 1GiB of free disk space to run. virtualisation = { diskSize = 2 * 1024; - memorySize = 1024; }; networking.firewall.allowedTCPPorts = [ minioPort ]; diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix index 3fd55444fd8..f0ccfe7ea0e 100644 --- a/nixos/tests/rspamd.nix +++ b/nixos/tests/rspamd.nix @@ -25,7 +25,6 @@ let machine = { services.rspamd.enable = true; networking.enableIPv6 = enableIPv6; - virtualisation.memorySize = 1024; }; testScript = '' start_all() @@ -69,7 +68,6 @@ in group = "rspamd"; }]; }; - virtualisation.memorySize = 1024; }; testScript = '' @@ -118,7 +116,6 @@ in ''; }; }; - virtualisation.memorySize = 1024; }; testScript = '' @@ -224,7 +221,6 @@ in rspamd_logger.infox(rspamd_config, 'Work dammit!!!') ''; }; - virtualisation.memorySize = 1024; }; testScript = '' ${initMachine} @@ -291,7 +287,6 @@ in postfix.enable = true; workers.rspamd_proxy.type = "rspamd_proxy"; }; - virtualisation.memorySize = 1024; }; testScript = '' ${initMachine} diff --git a/nixos/tests/seafile.nix b/nixos/tests/seafile.nix index 70b9ba55457..6eec8b1fbe5 100644 --- a/nixos/tests/seafile.nix +++ b/nixos/tests/seafile.nix @@ -1,7 +1,6 @@ import ./make-test-python.nix ({ pkgs, ... }: let client = { config, pkgs, ... }: { - virtualisation.memorySize = 256; environment.systemPackages = [ pkgs.seafile-shared pkgs.curl ]; }; in { @@ -12,7 +11,6 @@ import ./make-test-python.nix ({ pkgs, ... }: nodes = { server = { config, pkgs, ... }: { - virtualisation.memorySize = 512; services.seafile = { enable = true; ccnetSettings.General.SERVICE_URL = "http://server"; diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index 7bc7cfe18cf..8c723062992 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -29,7 +29,6 @@ in { environment.systemPackages = with pkgs; [ signal-desktop file sqlite sqlcipher-signal ]; - virtualisation.memorySize = 1024; }; enableOCR = true; diff --git a/nixos/tests/spark/default.nix b/nixos/tests/spark/default.nix index 254cdec6e6b..025c5a5222e 100644 --- a/nixos/tests/spark/default.nix +++ b/nixos/tests/spark/default.nix @@ -3,7 +3,6 @@ import ../make-test-python.nix ({...}: { nodes = { worker = { nodes, pkgs, ... }: { - virtualisation.memorySize = 1024; services.spark.worker = { enable = true; master = "master:7077"; diff --git a/nixos/tests/sway.nix b/nixos/tests/sway.nix index 01240ef572a..3476ebab3e2 100644 --- a/nixos/tests/sway.nix +++ b/nixos/tests/sway.nix @@ -44,7 +44,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : # To test pinentry via gpg-agent: programs.gnupg.agent.enable = true; - virtualisation.memorySize = 1024; # Need to switch to a different GPU driver than the default one (-vga std) so that Sway can launch: virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ]; }; diff --git a/nixos/tests/switch-test.nix b/nixos/tests/switch-test.nix index 7ea07a390b8..78adf7ffa7d 100644 --- a/nixos/tests/switch-test.nix +++ b/nixos/tests/switch-test.nix @@ -7,224 +7,15 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; nodes = { - machine = { config, pkgs, lib, ... }: { - environment.systemPackages = [ pkgs.socat ]; # for the socket activation stuff + machine = { ... }: { users.mutableUsers = false; - - specialisation = { - # A system with a simple socket-activated unit - simple-socket.configuration = { - systemd.services.socket-activated.serviceConfig = { - ExecStart = pkgs.writeScript "socket-test.py" /* python */ '' - #!${pkgs.python3}/bin/python3 - - from socketserver import TCPServer, StreamRequestHandler - import socket - - class Handler(StreamRequestHandler): - def handle(self): - self.wfile.write("hello".encode("utf-8")) - - class Server(TCPServer): - def __init__(self, server_address, handler_cls): - # Invoke base but omit bind/listen steps (performed by systemd activation!) - TCPServer.__init__( - self, server_address, handler_cls, bind_and_activate=False) - # Override socket - self.socket = socket.fromfd(3, self.address_family, self.socket_type) - - if __name__ == "__main__": - server = Server(("localhost", 1234), Handler) - server.serve_forever() - ''; - }; - systemd.sockets.socket-activated = { - wantedBy = [ "sockets.target" ]; - listenStreams = [ "/run/test.sock" ]; - socketConfig.SocketMode = lib.mkDefault "0777"; - }; - }; - - # The same system but the socket is modified - modified-socket.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.sockets.socket-activated.socketConfig.SocketMode = "0666"; - }; - - # The same system but the service is modified - modified-service.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.services.socket-activated.serviceConfig.X-Test = "test"; - }; - - # The same system but both service and socket are modified - modified-service-and-socket.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.services.socket-activated.serviceConfig.X-Test = "some_value"; - systemd.sockets.socket-activated.socketConfig.SocketMode = "0444"; - }; - - # A system with a socket-activated service and some simple services - service-and-socket.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.services.simple-service = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - - systemd.services.simple-restart-service = { - stopIfChanged = false; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - - systemd.services.simple-reload-service = { - reloadIfChanged = true; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - ExecReload = "${pkgs.coreutils}/bin/true"; - }; - }; - - systemd.services.no-restart-service = { - restartIfChanged = false; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - }; - - # The same system but with an activation script that restarts all services - restart-and-reload-by-activation-script.configuration = { - imports = [ config.specialisation.service-and-socket.configuration ]; - system.activationScripts.restart-and-reload-test = { - supportsDryActivation = true; - deps = []; - text = '' - if [ "$NIXOS_ACTION" = dry-activate ]; then - f=/run/nixos/dry-activation-restart-list - else - f=/run/nixos/activation-restart-list - fi - cat <<EOF >> "$f" - simple-service.service - simple-restart-service.service - simple-reload-service.service - no-restart-service.service - socket-activated.service - EOF - ''; - }; - }; - - # A system with a timer - with-timer.configuration = { - systemd.timers.test-timer = { - wantedBy = [ "timers.target" ]; - timerConfig.OnCalendar = "@1395716396"; # chosen by fair dice roll - }; - systemd.services.test-timer = { - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - }; - - # The same system but with another time - with-timer-modified.configuration = { - imports = [ config.specialisation.with-timer.configuration ]; - systemd.timers.test-timer.timerConfig.OnCalendar = lib.mkForce "Fri 2012-11-23 16:00:00"; - }; - - # A system with a systemd mount - with-mount.configuration = { - systemd.mounts = [ - { - description = "Testmount"; - what = "tmpfs"; - type = "tmpfs"; - where = "/testmount"; - options = "size=1M"; - wantedBy = [ "local-fs.target" ]; - } - ]; - }; - - # The same system but with another time - with-mount-modified.configuration = { - systemd.mounts = [ - { - description = "Testmount"; - what = "tmpfs"; - type = "tmpfs"; - where = "/testmount"; - options = "size=10M"; - wantedBy = [ "local-fs.target" ]; - } - ]; - }; - - # A system with a path unit - with-path.configuration = { - systemd.paths.test-watch = { - wantedBy = [ "paths.target" ]; - pathConfig.PathExists = "/testpath"; - }; - systemd.services.test-watch = { - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.coreutils}/bin/touch /testpath-modified"; - }; - }; - }; - - # The same system but watching another file - with-path-modified.configuration = { - imports = [ config.specialisation.with-path.configuration ]; - systemd.paths.test-watch.pathConfig.PathExists = lib.mkForce "/testpath2"; - }; - - # A system with a slice - with-slice.configuration = { - systemd.slices.testslice.sliceConfig.MemoryMax = "1"; # don't allow memory allocation - systemd.services.testservice = { - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - Slice = "testslice.slice"; - }; - }; - }; - - # The same system but the slice allows to allocate memory - with-slice-non-crashing.configuration = { - imports = [ config.specialisation.with-slice.configuration ]; - systemd.slices.testslice.sliceConfig.MemoryMax = lib.mkForce null; - }; - }; }; other = { ... }: { users.mutableUsers = true; }; }; - testScript = { nodes, ... }: let + testScript = {nodes, ...}: let originalSystem = nodes.machine.config.system.build.toplevel; otherSystem = nodes.other.config.system.build.toplevel; @@ -236,183 +27,12 @@ import ./make-test-python.nix ({ pkgs, ...} : { set -o pipefail exec env -i "$@" | tee /dev/stderr ''; - in /* python */ '' - def switch_to_specialisation(name, action="test"): - out = machine.succeed(f"${originalSystem}/specialisation/{name}/bin/switch-to-configuration {action} 2>&1") - assert_lacks(out, "switch-to-configuration line") # Perl warnings - return out - - def assert_contains(haystack, needle): - if needle not in haystack: - print("The haystack that will cause the following exception is:") - print("---") - print(haystack) - print("---") - raise Exception(f"Expected string '{needle}' was not found") - - def assert_lacks(haystack, needle): - if needle in haystack: - print("The haystack that will cause the following exception is:") - print("---") - print(haystack, end="") - print("---") - raise Exception(f"Unexpected string '{needle}' was found") - - + in '' machine.succeed( "${stderrRunner} ${originalSystem}/bin/switch-to-configuration test" ) machine.succeed( "${stderrRunner} ${otherSystem}/bin/switch-to-configuration test" ) - - with subtest("systemd sockets"): - machine.succeed("${originalSystem}/bin/switch-to-configuration test") - - # Simple socket is created - out = switch_to_specialisation("simple-socket") - assert_lacks(out, "stopping the following units:") - # not checking for reload because dbus gets reloaded - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_contains(out, "the following new units were started: socket-activated.socket\n") - assert_lacks(out, "as well:") - machine.succeed("[ $(stat -c%a /run/test.sock) = 777 ]") - - # Changing the socket restarts it - out = switch_to_specialisation("modified-socket") - assert_lacks(out, "stopping the following units:") - #assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: socket-activated.socket\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - machine.succeed("[ $(stat -c%a /run/test.sock) = 666 ]") # change was applied - - # The unit is properly activated when the socket is accessed - if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": - raise Exception("Socket was not properly activated") - - # Changing the socket restarts it and ignores the active service - out = switch_to_specialisation("simple-socket") - assert_contains(out, "stopping the following units: socket-activated.service\n") - assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: socket-activated.socket\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - machine.succeed("[ $(stat -c%a /run/test.sock) = 777 ]") # change was applied - - # Changing the service does nothing when the service is not active - out = switch_to_specialisation("modified-service") - assert_lacks(out, "stopping the following units:") - assert_lacks(out, "reloading the following units:") - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - - # Activating the service and modifying it stops it but leaves the socket untouched - machine.succeed("socat - UNIX-CONNECT:/run/test.sock") - out = switch_to_specialisation("simple-socket") - assert_contains(out, "stopping the following units: socket-activated.service\n") - assert_lacks(out, "reloading the following units:") - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - - # Activating the service and both the service and the socket stops the service and restarts the socket - machine.succeed("socat - UNIX-CONNECT:/run/test.sock") - out = switch_to_specialisation("modified-service-and-socket") - assert_contains(out, "stopping the following units: socket-activated.service\n") - assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: socket-activated.socket\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - - with subtest("restart and reload by activation file"): - out = switch_to_specialisation("service-and-socket") - # Switch to a system where the example services get restarted - # by the activation script - out = switch_to_specialisation("restart-and-reload-by-activation-script") - assert_lacks(out, "stopping the following units:") - assert_contains(out, "stopping the following units as well: simple-service.service, socket-activated.service\n") - assert_contains(out, "reloading the following units: simple-reload-service.service\n") - assert_contains(out, "restarting the following units: simple-restart-service.service\n") - assert_contains(out, "\nstarting the following units: simple-service.service") - - # The same, but in dry mode - switch_to_specialisation("service-and-socket") - out = switch_to_specialisation("restart-and-reload-by-activation-script", action="dry-activate") - assert_lacks(out, "would stop the following units:") - assert_contains(out, "would stop the following units as well: simple-service.service, socket-activated.service\n") - assert_contains(out, "would reload the following units: simple-reload-service.service\n") - assert_contains(out, "would restart the following units: simple-restart-service.service\n") - assert_contains(out, "\nwould start the following units: simple-service.service") - - with subtest("mounts"): - switch_to_specialisation("with-mount") - out = machine.succeed("mount | grep 'on /testmount'") - assert_contains(out, "size=1024k") - - out = switch_to_specialisation("with-mount-modified") - assert_lacks(out, "stopping the following units:") - assert_contains(out, "reloading the following units: testmount.mount\n") - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - # It changed - out = machine.succeed("mount | grep 'on /testmount'") - assert_contains(out, "size=10240k") - - with subtest("timers"): - switch_to_specialisation("with-timer") - out = machine.succeed("systemctl show test-timer.timer") - assert_contains(out, "OnCalendar=2014-03-25 02:59:56 UTC") - - out = switch_to_specialisation("with-timer-modified") - assert_lacks(out, "stopping the following units:") - assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: test-timer.timer\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - # It changed - out = machine.succeed("systemctl show test-timer.timer") - assert_contains(out, "OnCalendar=Fri 2012-11-23 16:00:00") - - with subtest("paths"): - switch_to_specialisation("with-path") - machine.fail("test -f /testpath-modified") - - # touch the file, unit should be triggered - machine.succeed("touch /testpath") - machine.wait_until_succeeds("test -f /testpath-modified") - - machine.succeed("rm /testpath") - machine.succeed("rm /testpath-modified") - switch_to_specialisation("with-path-modified") - - machine.succeed("touch /testpath") - machine.fail("test -f /testpath-modified") - machine.succeed("touch /testpath2") - machine.wait_until_succeeds("test -f /testpath-modified") - - # This test ensures that changes to slice configuration get applied. - # We test this by having a slice that allows no memory allocation at - # all and starting a service within it. If the service crashes, the slice - # is applied and if we modify the slice to allow memory allocation, the - # service should successfully start. - with subtest("slices"): - machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # allow OOMing - out = switch_to_specialisation("with-slice") - machine.fail("systemctl start testservice.service") - out = switch_to_specialisation("with-slice-non-crashing") - machine.succeed("systemctl start testservice.service") - machine.succeed("echo 1 > /proc/sys/vm/panic_on_oom") # disallow OOMing - ''; }) diff --git a/nixos/tests/sympa.nix b/nixos/tests/sympa.nix index eb38df180a7..aad7c95b6c9 100644 --- a/nixos/tests/sympa.nix +++ b/nixos/tests/sympa.nix @@ -5,7 +5,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine = { ... }: { - virtualisation.memorySize = 1024; services.sympa = { enable = true; diff --git a/nixos/tests/systemd-boot.nix b/nixos/tests/systemd-boot.nix index a6742606dbe..c3899b58d6b 100644 --- a/nixos/tests/systemd-boot.nix +++ b/nixos/tests/systemd-boot.nix @@ -102,12 +102,12 @@ in machine.succeed( """ find /boot -iname '*.efi' -print0 | \ - xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 001 ####/' '{}' + xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 000.0-1-notnixos ####/' '{}' """ ) output = machine.succeed("/run/current-system/bin/switch-to-configuration boot") - assert "updating systemd-boot from 001 to " in output + assert "updating systemd-boot from (000.0-1-notnixos) to " in output ''; }; } diff --git a/nixos/tests/systemd-cryptenroll.nix b/nixos/tests/systemd-cryptenroll.nix index 2c436f2de89..49634ef6567 100644 --- a/nixos/tests/systemd-cryptenroll.nix +++ b/nixos/tests/systemd-cryptenroll.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { environment.systemPackages = [ pkgs.cryptsetup ]; virtualisation = { emptyDiskImages = [ 512 ]; - memorySize = 1024; qemu.options = [ "-chardev socket,id=chrtpm,path=/tmp/swtpm-sock" "-tpmdev emulator,id=tpm0,chardev=chrtpm" diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index e0685f53a94..6561f7efe1a 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -5,7 +5,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { imports = [ common/user-account.nix common/x11.nix ]; virtualisation.emptyDiskImages = [ 512 512 ]; - virtualisation.memorySize = 1024; environment.systemPackages = [ pkgs.cryptsetup ]; diff --git a/nixos/tests/vault-postgresql.nix b/nixos/tests/vault-postgresql.nix index a563aead22a..071cfd106ff 100644 --- a/nixos/tests/vault-postgresql.nix +++ b/nixos/tests/vault-postgresql.nix @@ -12,7 +12,6 @@ import ./make-test-python.nix ({ pkgs, ... }: maintainers = [ lnl7 roberth ]; }; machine = { lib, pkgs, ... }: { - virtualisation.memorySize = 512; environment.systemPackages = [ pkgs.vault ]; environment.variables.VAULT_ADDR = "http://127.0.0.1:8200"; services.vault.enable = true; diff --git a/nixos/tests/vault.nix b/nixos/tests/vault.nix index c3b28b62695..e86acd5b593 100644 --- a/nixos/tests/vault.nix +++ b/nixos/tests/vault.nix @@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, ... }: environment.systemPackages = [ pkgs.vault ]; environment.variables.VAULT_ADDR = "http://127.0.0.1:8200"; services.vault.enable = true; - virtualisation.memorySize = 512; }; testScript = diff --git a/nixos/tests/vaultwarden.nix b/nixos/tests/vaultwarden.nix index b5343f5cad2..56f1d245d50 100644 --- a/nixos/tests/vaultwarden.nix +++ b/nixos/tests/vaultwarden.nix @@ -140,7 +140,6 @@ let in [ pkgs.firefox-unwrapped pkgs.geckodriver testRunner ]; - virtualisation.memorySize = 768; } ]; diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index 148eccdbe30..9051deebae7 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -23,7 +23,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { hardware.pulseaudio.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then - virtualisation.memorySize = 1024; }; testScript = { nodes, ... }: let |