diff options
Diffstat (limited to 'nixos')
29 files changed, 760 insertions, 286 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 58b7c1e802d..a11baa91dea 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -26,8 +26,26 @@ </listitem> <listitem> <para> - <literal>iptables</literal> now uses - <literal>nf_tables</literal> backend. + <literal>iptables</literal> is now using + <literal>nf_tables</literal> under the hood, by using + <literal>iptables-nft</literal>, similar to + <link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link> + and + <link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>. + This means, <literal>ip[6]tables</literal>, + <literal>arptables</literal> and <literal>ebtables</literal> + commands will actually show rules from some specific tables in + the <literal>nf_tables</literal> kernel subsystem. + </para> + </listitem> + <listitem> + <para> + systemd got an <literal>nftables</literal> backend, and + configures (networkd) rules in their own + <literal>io.systemd.*</literal> tables. Check + <literal>nft list ruleset</literal> to see these rules, not + <literal>iptables-save</literal> (which only shows + <literal>iptables</literal>-created rules. </para> </listitem> <listitem> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index a6c3fdd1ed2..a6bd453b35d 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -98,7 +98,7 @@ <link xlink:href="https://frrouting.org/">FRRouting</link>, a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as - <link linkend="opt-services.ffr.babel.enable">services.frr</link> + <link linkend="opt-services.frr.babel.enable">services.frr</link> </para> </listitem> <listitem> @@ -124,6 +124,13 @@ </listitem> <listitem> <para> + <link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>, + an admin interface for the PostgreSQL database. Available at + <link xlink:href="options.html#opt-services.pgadmin.enable">services.pgadmin</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>, an easy to use tool to change the mapping of your input device buttons. Available at @@ -147,6 +154,15 @@ </listitem> <listitem> <para> + <link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>, + a program to control cheap Chinese laser cutters. Available as + <link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>. + Users must add themselves to the <literal>k40</literal> group + to be able to access the device. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>, a Prometheus exporter for mtr metrics. Available as <link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>. @@ -196,7 +212,7 @@ <para> <link xlink:href="https://moosefs.com">moosefs</link>, fault tolerant petabyte distributed file system. Available as - <link linkend="opt-services.moosefs">moosefs</link>. + <link linkend="opt-services.moosefs.client.enable">moosefs</link>. </para> </listitem> <listitem> @@ -539,6 +555,14 @@ </listitem> <listitem> <para> + <literal>bird1</literal> and its modules + <literal>services.bird</literal> as well as + <literal>services.bird6</literal> have been removed. Upgrade + to <literal>services.bird2</literal>. + </para> + </listitem> + <listitem> + <para> The options <literal>networking.interfaces.<name>.ipv4.routes</literal> and @@ -608,6 +632,13 @@ </listitem> <listitem> <para> + <literal>pkgs.pgadmin</literal> now refers to + <literal>pkgs.pgadmin4</literal>. If you still need pgadmin3, + use <literal>pkgs.pgadmin3</literal>. + </para> + </listitem> + <listitem> + <para> <literal>pkgs.noto-fonts-cjk</literal> is now deprecated in favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and <literal>pkgs.noto-fonts-cjk-serif</literal> because they each @@ -729,6 +760,70 @@ <literal>false</literal>. </para> </listitem> + <listitem> + <para> + <literal>pkgs.makeDesktopItem</literal> has been refactored to + provide a more idiomatic API. Specifically: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + All valid options as of FDO Desktop Entry specification + version 1.4 can now be passed in as explicit arguments + </para> + </listitem> + <listitem> + <para> + <literal>exec</literal> can now be null, for entries that + are not of type Application + </para> + </listitem> + <listitem> + <para> + <literal>mimeType</literal> argument is renamed to + <literal>mimeTypes</literal> for consistency + </para> + </listitem> + <listitem> + <para> + <literal>mimeTypes</literal>, + <literal>categories</literal>, + <literal>implements</literal>, + <literal>keywords</literal>, <literal>onlyShowIn</literal> + and <literal>notShowIn</literal> take lists of strings + instead of one string with semicolon separators + </para> + </listitem> + <listitem> + <para> + <literal>extraDesktopEntries</literal> renamed to + <literal>extraConfig</literal> for consistency + </para> + </listitem> + <listitem> + <para> + Actions should now be provided as an attrset + <literal>actions</literal>, the <literal>Actions</literal> + line will be autogenerated. + </para> + </listitem> + <listitem> + <para> + <literal>extraEntries</literal> is removed. + </para> + </listitem> + <listitem> + <para> + Additional validation is added both at eval time and at + build time. + </para> + </listitem> + </itemizedlist> + <para> + See the <literal>vscode</literal> package for a more detailed + example. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-notable-changes"> @@ -932,6 +1027,16 @@ </listitem> <listitem> <para> + The <literal>element-desktop</literal> package now has an + <literal>useKeytar</literal> option (defaults to + <literal>true</literal>), which allows disabling + <literal>keytar</literal> and in turn + <literal>libsecret</literal> usage (which binds to native + credential managers / keychain libraries). + </para> + </listitem> + <listitem> + <para> The option <literal>services.thelounge.plugins</literal> has been added to allow installing plugins for The Lounge. Plugins can be found in @@ -1037,7 +1142,7 @@ <listitem> <para> The option - <link linkend="opt-services.networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link> + <link linkend="opt-networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link> was added to support FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. See diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 74ca57850ea..216fea67775 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -8,6 +8,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. </para> + <xi:include href="../from_md/release-notes/rl-2205.section.xml" /> <xi:include href="../from_md/release-notes/rl-2111.section.xml" /> <xi:include href="../from_md/release-notes/rl-2105.section.xml" /> <xi:include href="../from_md/release-notes/rl-2009.section.xml" /> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 6fe838d1e7a..f3644c32832 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -8,7 +8,15 @@ In addition to numerous new and upgraded packages, this release has the followin - Nix has been updated to version 2.4, reference its [release notes](https://discourse.nixos.org/t/nix-2-4-released/15822) for more information on what has changed. The previous version of Nix, 2.3.16, remains available for the time being in the `nix_2_3` package. -- `iptables` now uses `nf_tables` backend. +- `iptables` is now using `nf_tables` under the hood, by using `iptables-nft`, + similar to [Debian](https://wiki.debian.org/nftables#Current_status) and + [Fedora](https://fedoraproject.org/wiki/Changes/iptables-nft-default). + This means, `ip[6]tables`, `arptables` and `ebtables` commands will actually + show rules from some specific tables in the `nf_tables` kernel subsystem. + +- systemd got an `nftables` backend, and configures (networkd) rules in their + own `io.systemd.*` tables. Check `nft list ruleset` to see these rules, not + `iptables-save` (which only shows `iptables`-created rules. - PHP now defaults to PHP 8.0, updated from 7.4. diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index d55a45f8b2b..8f5b4789a42 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -31,7 +31,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS). -- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as [services.frr](#opt-services.ffr.babel.enable) +- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as [services.frr](#opt-services.frr.babel.enable) - [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable). @@ -39,12 +39,16 @@ In addition to numerous new and upgraded packages, this release has the followin - [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable). +- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](options.html#opt-services.pgadmin.enable). + - [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable). - [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable). - [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). +- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](options.html#opt-programs.k4-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device. + - [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](options.html#opt-services.mtr-exporter.enable). - [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable). @@ -58,7 +62,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable). - [moosefs](https://moosefs.com), fault tolerant petabyte distributed file system. - Available as [moosefs](#opt-services.moosefs). + Available as [moosefs](#opt-services.moosefs.client.enable). - [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable). @@ -176,6 +180,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `tilp2` was removed together with its module +- `bird1` and its modules `services.bird` as well as `services.bird6` have been removed. Upgrade to `services.bird2`. + - The options `networking.interfaces.<name>.ipv4.routes` and `networking.interfaces.<name>.ipv6.routes` are no longer ignored when using networkd instead of the default scripted network backend by setting `networking.useNetworkd` to `true`. - MultiMC has been replaced with the fork PolyMC due to upstream developers being hostile to 3rd party package maintainers. PolyMC removes all MultiMC branding and is aimed at providing proper 3rd party packages like the one contained in Nixpkgs. This change affects the data folder where game instances and other save and configuration files are stored. Users with existing installations should rename `~/.local/share/multimc` to `~/.local/share/polymc`. The main config file's path has also moved from `~/.local/share/multimc/multimc.cfg` to `~/.local/share/polymc/polymc.cfg`. @@ -194,6 +200,8 @@ In addition to numerous new and upgraded packages, this release has the followin you should change the package you refer to. If you don't need them update your commands from `otelcontribcol` to `otelcorecol` and enjoy a 7x smaller binary. +- `pkgs.pgadmin` now refers to `pkgs.pgadmin4`. + If you still need pgadmin3, use `pkgs.pgadmin3`. - `pkgs.noto-fonts-cjk` is now deprecated in favor of `pkgs.noto-fonts-cjk-sans` and `pkgs.noto-fonts-cjk-serif` because they each have different release @@ -227,6 +235,18 @@ In addition to numerous new and upgraded packages, this release has the followin pipewire-media-session is deprecated by upstream and not recommended, but can still be manually enabled by setting `services.pipewire.media-session.enable` to `true` and `services.pipewire.wireplumber.enable` to `false`. +- `pkgs.makeDesktopItem` has been refactored to provide a more idiomatic API. Specifically: + - All valid options as of FDO Desktop Entry specification version 1.4 can now be passed in as explicit arguments + - `exec` can now be null, for entries that are not of type Application + - `mimeType` argument is renamed to `mimeTypes` for consistency + - `mimeTypes`, `categories`, `implements`, `keywords`, `onlyShowIn` and `notShowIn` take lists of strings instead of one string with semicolon separators + - `extraDesktopEntries` renamed to `extraConfig` for consistency + - Actions should now be provided as an attrset `actions`, the `Actions` line will be autogenerated. + - `extraEntries` is removed. + - Additional validation is added both at eval time and at build time. + + See the `vscode` package for a more detailed example. + <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> ## Other Notable Changes {#sec-release-22.05-notable-changes} @@ -311,6 +331,10 @@ In addition to numerous new and upgraded packages, this release has the followin using `fetchgit` or `fetchhg` if the argument `fetchSubmodules` is set to `true`. +- The `element-desktop` package now has an `useKeytar` option (defaults to `true`), + which allows disabling `keytar` and in turn `libsecret` usage + (which binds to native credential managers / keychain libraries). + - The option `services.thelounge.plugins` has been added to allow installing plugins for The Lounge. Plugins can be found in `pkgs.theLoungePlugins.plugins` and `pkgs.theLoungePlugins.themes`. - The `firmwareLinuxNonfree` package has been renamed to `linux-firmware`. @@ -342,7 +366,7 @@ In addition to numerous new and upgraded packages, this release has the followin Using the old option name will still work, but produce a warning. - The option - [services.networking.networkmanager.enableFccUnlock](#opt-services.networking.networkmanager.enableFccUnlock) + [services.networking.networkmanager.enableFccUnlock](#opt-networking.networkmanager.enableFccUnlock) was added to support FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. See [the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) for more details. diff --git a/nixos/modules/installer/sd-card/sd-image-aarch64.nix b/nixos/modules/installer/sd-card/sd-image-aarch64.nix index 165e2aac27b..321793882f4 100644 --- a/nixos/modules/installer/sd-card/sd-image-aarch64.nix +++ b/nixos/modules/installer/sd-card/sd-image-aarch64.nix @@ -24,6 +24,9 @@ [pi3] kernel=u-boot-rpi3.bin + [pi02] + kernel=u-boot-rpi3.bin + [pi4] kernel=u-boot-rpi4.bin enable_gic=1 @@ -33,6 +36,9 @@ # what the pi3 firmware does by default. disable_overscan=1 + # Supported in newer board revisions + arm_boost=1 + [all] # Boot in 64-bit mode. arm_64bit=1 diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index b7746ddc211..9304c307af2 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -129,7 +129,7 @@ let genericName = "View NixOS documentation in a web browser"; icon = "nix-snowflake"; exec = "nixos-help"; - categories = "System"; + categories = ["System"]; }; in pkgs.symlinkJoin { diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 351fcf7cdbb..29fcc920f42 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -167,6 +167,7 @@ ./programs/iftop.nix ./programs/iotop.nix ./programs/java.nix + ./programs/k40-whisperer.nix ./programs/kdeconnect.nix ./programs/kbdlight.nix ./programs/less.nix @@ -253,6 +254,7 @@ ./security/tpm2.nix ./services/admin/meshcentral.nix ./services/admin/oxidized.nix + ./services/admin/pgadmin.nix ./services/admin/salt/master.nix ./services/admin/salt/minion.nix ./services/amqp/activemq/default.nix @@ -897,6 +899,7 @@ ./services/networking/tcpcrypt.nix ./services/networking/teamspeak3.nix ./services/networking/tedicross.nix + ./services/networking/tetrd.nix ./services/networking/teleport.nix ./services/networking/thelounge.nix ./services/networking/tinc.nix diff --git a/nixos/modules/programs/k40-whisperer.nix b/nixos/modules/programs/k40-whisperer.nix new file mode 100644 index 00000000000..3163e45f57e --- /dev/null +++ b/nixos/modules/programs/k40-whisperer.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.k40-whisperer; + pkg = cfg.package.override { + udevGroup = cfg.group; + }; +in +{ + options.programs.k40-whisperer = { + enable = mkEnableOption "K40-Whisperer"; + + group = mkOption { + type = types.str; + description = '' + Group assigned to the device when connected. + ''; + default = "k40"; + }; + + package = mkOption { + type = types.package; + default = pkgs.k40-whisperer; + defaultText = literalExpression "pkgs.k40-whisperer"; + example = literalExpression "pkgs.k40-whisperer"; + description = '' + K40 Whisperer package to use. + ''; + }; + }; + + config = mkIf cfg.enable { + users.groups.${cfg.group} = {}; + + environment.systemPackages = [ pkg ]; + services.udev.packages = [ pkg ]; + }; +} diff --git a/nixos/modules/programs/phosh.nix b/nixos/modules/programs/phosh.nix index cba3f73768e..ad875616ac9 100644 --- a/nixos/modules/programs/phosh.nix +++ b/nixos/modules/programs/phosh.nix @@ -8,18 +8,17 @@ let # Based on https://source.puri.sm/Librem5/librem5-base/-/blob/4596c1056dd75ac7f043aede07887990fd46f572/default/sm.puri.OSK0.desktop oskItem = pkgs.makeDesktopItem { name = "sm.puri.OSK0"; - type = "Application"; desktopName = "On-screen keyboard"; exec = "${pkgs.squeekboard}/bin/squeekboard"; - categories = "GNOME;Core;"; - extraEntries = '' - OnlyShowIn=GNOME; - NoDisplay=true - X-GNOME-Autostart-Phase=Panel - X-GNOME-Provides=inputmethod - X-GNOME-Autostart-Notify=true - X-GNOME-AutoRestart=true - ''; + categories = [ "GNOME" "Core" ]; + onlyShowIn = [ "GNOME" ]; + noDisplay = true; + extraConfig = { + X-GNOME-Autostart-Phase = "Panel"; + X-GNOME-Provides = "inputmethod"; + X-GNOME-Autostart-Notify = "true"; + X-GNOME-AutoRestart = "true"; + }; }; phocConfigType = types.submodule { diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix new file mode 100644 index 00000000000..80b68145410 --- /dev/null +++ b/nixos/modules/services/admin/pgadmin.nix @@ -0,0 +1,127 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + pkg = pkgs.pgadmin4; + cfg = config.services.pgadmin; + + _base = with types; [ int bool str ]; + base = with types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); + + formatAttrset = attr: + "{${concatStringsSep "\n" (mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; + + formatPyValue = value: + if builtins.isString value then builtins.toJSON value + else if value ? _expr then value._expr + else if builtins.isInt value then toString value + else if builtins.isBool value then (if value then "True" else "False") + else if builtins.isAttrs value then (formatAttrset value) + else if builtins.isList value then "[${concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" + else throw "Unrecognized type"; + + formatPy = attrs: + concatStringsSep "\n" (mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); + + pyType = with types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); +in +{ + options.services.pgadmin = { + enable = mkEnableOption "PostgreSQL Admin 4"; + + port = mkOption { + description = "Port for pgadmin4 to run on"; + type = types.port; + default = 5050; + }; + + initialEmail = mkOption { + description = "Initial email for the pgAdmin account."; + type = types.str; + }; + + initialPasswordFile = mkOption { + description = '' + Initial password file for the pgAdmin account. + NOTE: Should be string not a store path, to prevent the password from being world readable. + ''; + type = types.path; + }; + + openFirewall = mkEnableOption "firewall passthrough for pgadmin4"; + + settings = mkOption { + description = '' + Settings for pgadmin4. + <link xlink:href="https://www.pgadmin.org/docs/pgadmin4/development/config_py.html">Documentation</link>. + ''; + type = pyType; + default= {}; + }; + }; + + config = mkIf (cfg.enable) { + networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ]; + + services.pgadmin.settings = { + DEFAULT_SERVER_PORT = cfg.port; + SERVER_MODE = true; + } // (optionalAttrs cfg.openFirewall { + DEFAULT_SERVER = mkDefault "::"; + }); + + systemd.services.pgadmin = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + requires = [ "network.target" ]; + # we're adding this optionally so just in case there's any race it'll be caught + # in case postgres doesn't start, pgadmin will just start normally + wants = [ "postgresql.service" ]; + + path = [ config.services.postgresql.package pkgs.coreutils pkgs.bash ]; + + preStart = '' + # NOTE: this is idempotent (aka running it twice has no effect) + ( + # Email address: + echo ${escapeShellArg cfg.initialEmail} + + # file might not contain newline. echo hack fixes that. + PW=$(cat ${escapeShellArg cfg.initialPasswordFile}) + + # Password: + echo "$PW" + # Retype password: + echo "$PW" + ) | ${pkg}/bin/pgadmin4-setup + ''; + + restartTriggers = [ + "/etc/pgadmin/config_system.py" + ]; + + serviceConfig = { + User = "pgadmin"; + DynamicUser = true; + LogsDirectory = "pgadmin"; + StateDirectory = "pgadmin"; + ExecStart = "${pkg}/bin/pgadmin4"; + }; + }; + + users.users.pgadmin = { + isSystemUser = true; + group = "pgadmin"; + }; + + users.groups.pgadmin = {}; + + environment.etc."pgadmin/config_system.py" = { + text = formatPy cfg.settings; + mode = "0600"; + user = "pgadmin"; + group = "pgadmin"; + }; + }; +} diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix index b82aca3976f..6d5ce98df89 100644 --- a/nixos/modules/services/audio/snapserver.nix +++ b/nixos/modules/services/audio/snapserver.nix @@ -44,24 +44,24 @@ let optionString = concatStringsSep " " (mapAttrsToList streamToOption cfg.streams # global options - ++ [ "--stream.bind_to_address ${cfg.listenAddress}" ] - ++ [ "--stream.port ${toString cfg.port}" ] - ++ optionalNull cfg.sampleFormat "--stream.sampleformat ${cfg.sampleFormat}" - ++ optionalNull cfg.codec "--stream.codec ${cfg.codec}" - ++ optionalNull cfg.streamBuffer "--stream.stream_buffer ${toString cfg.streamBuffer}" - ++ optionalNull cfg.buffer "--stream.buffer ${toString cfg.buffer}" + ++ [ "--stream.bind_to_address=${cfg.listenAddress}" ] + ++ [ "--stream.port=${toString cfg.port}" ] + ++ optionalNull cfg.sampleFormat "--stream.sampleformat=${cfg.sampleFormat}" + ++ optionalNull cfg.codec "--stream.codec=${cfg.codec}" + ++ optionalNull cfg.streamBuffer "--stream.stream_buffer=${toString cfg.streamBuffer}" + ++ optionalNull cfg.buffer "--stream.buffer=${toString cfg.buffer}" ++ optional cfg.sendToMuted "--stream.send_to_muted" # tcp json rpc - ++ [ "--tcp.enabled ${toString cfg.tcp.enable}" ] + ++ [ "--tcp.enabled=${toString cfg.tcp.enable}" ] ++ optionals cfg.tcp.enable [ - "--tcp.bind_to_address ${cfg.tcp.listenAddress}" - "--tcp.port ${toString cfg.tcp.port}" ] + "--tcp.bind_to_address=${cfg.tcp.listenAddress}" + "--tcp.port=${toString cfg.tcp.port}" ] # http json rpc - ++ [ "--http.enabled ${toString cfg.http.enable}" ] + ++ [ "--http.enabled=${toString cfg.http.enable}" ] ++ optionals cfg.http.enable [ - "--http.bind_to_address ${cfg.http.listenAddress}" - "--http.port ${toString cfg.http.port}" - ] ++ optional (cfg.http.docRoot != null) "--http.doc_root \"${toString cfg.http.docRoot}\""); + "--http.bind_to_address=${cfg.http.listenAddress}" + "--http.port=${toString cfg.http.port}" + ] ++ optional (cfg.http.docRoot != null) "--http.doc_root=\"${toString cfg.http.docRoot}\""); in { imports = [ diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 88bde4e9155..7d9198d20e8 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -266,7 +266,7 @@ in in '' export KUBECONFIG=${clusterAdminKubeconfig} - ${kubectl}/bin/kubectl apply -f ${concatStringsSep " \\\n -f " files} + ${kubernetes}/bin/kubectl apply -f ${concatStringsSep " \\\n -f " files} ''; })]); diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix index b311b91b4a0..17da020bf3e 100644 --- a/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixos/modules/services/network-filesystems/ipfs.nix @@ -259,7 +259,7 @@ in ipfs --offline config Mounts.IPFS ${cfg.ipfsMountDir} ipfs --offline config Mounts.IPNS ${cfg.ipnsMountDir} '' + optionalString cfg.autoMigrate '' - ${pkgs.ipfs-migrator}/bin/fs-repo-migrations -y + ${pkgs.ipfs-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y '' + '' ipfs --offline config show \ | ${pkgs.jq}/bin/jq '. * $extraConfig' --argjson extraConfig ${ diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix index fc06cdaa6e5..4a519242481 100644 --- a/nixos/modules/services/networking/bird.nix +++ b/nixos/modules/services/networking/bird.nix @@ -3,103 +3,107 @@ let inherit (lib) mkEnableOption mkIf mkOption optionalString types; - generic = variant: - let - cfg = config.services.${variant}; - pkg = pkgs.${variant}; - birdBin = if variant == "bird6" then "bird6" else "bird"; - birdc = if variant == "bird6" then "birdc6" else "birdc"; - descr = - { bird = "1.6.x with IPv4 support"; - bird6 = "1.6.x with IPv6 support"; - bird2 = "2.x"; - }.${variant}; - in { - ###### interface - options = { - services.${variant} = { - enable = mkEnableOption "BIRD Internet Routing Daemon (${descr})"; - config = mkOption { - type = types.lines; - description = '' - BIRD Internet Routing Daemon configuration file. - <link xlink:href='http://bird.network.cz/'/> - ''; - }; - checkConfig = mkOption { - type = types.bool; - default = true; - description = '' - Whether the config should be checked at build time. - When the config can't be checked during build time, for example when it includes - other files, either disable this option or use <code>preCheckConfig</code> to create - the included files before checking. - ''; - }; - preCheckConfig = mkOption { - type = types.lines; - default = ""; - example = '' - echo "cost 100;" > include.conf - ''; - description = '' - Commands to execute before the config file check. The file to be checked will be - available as <code>${variant}.conf</code> in the current directory. + cfg = config.services.bird2; +in +{ + ###### interface + options = { + services.bird2 = { + enable = mkEnableOption "BIRD Internet Routing Daemon"; + config = mkOption { + type = types.lines; + description = '' + BIRD Internet Routing Daemon configuration file. + <link xlink:href='http://bird.network.cz/'/> + ''; + }; + checkConfig = mkOption { + type = types.bool; + default = true; + description = '' + Whether the config should be checked at build time. + When the config can't be checked during build time, for example when it includes + other files, either disable this option or use <code>preCheckConfig</code> to create + the included files before checking. + ''; + }; + preCheckConfig = mkOption { + type = types.lines; + default = ""; + example = '' + echo "cost 100;" > include.conf + ''; + description = '' + Commands to execute before the config file check. The file to be checked will be + available as <code>bird2.conf</code> in the current directory. - Files created with this option will not be available at service runtime, only during - build time checking. - ''; - }; - }; + Files created with this option will not be available at service runtime, only during + build time checking. + ''; }; + }; + }; - ###### implementation - config = mkIf cfg.enable { - environment.systemPackages = [ pkg ]; - environment.etc."bird/${variant}.conf".source = pkgs.writeTextFile { - name = "${variant}.conf"; - text = cfg.config; - checkPhase = optionalString cfg.checkConfig '' - ln -s $out ${variant}.conf - ${cfg.preCheckConfig} - ${pkg}/bin/${birdBin} -d -p -c ${variant}.conf - ''; - }; + imports = [ + (lib.mkRemovedOptionModule [ "services" "bird" ] "Use services.bird2 instead") + (lib.mkRemovedOptionModule [ "services" "bird6" ] "Use services.bird2 instead") + ]; - systemd.services.${variant} = { - description = "BIRD Internet Routing Daemon (${descr})"; - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - restartTriggers = [ config.environment.etc."bird/${variant}.conf".source ]; - serviceConfig = { - Type = "forking"; - Restart = "on-failure"; - ExecStart = "${pkg}/bin/${birdBin} -c /etc/bird/${variant}.conf -u ${variant} -g ${variant}"; - ExecReload = "/bin/sh -c '${pkg}/bin/${birdBin} -c /etc/bird/${variant}.conf -p && ${pkg}/bin/${birdc} configure'"; - ExecStop = "${pkg}/bin/${birdc} down"; - CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_SETUID" "CAP_SETGID" - # see bird/sysdep/linux/syspriv.h - "CAP_NET_BIND_SERVICE" "CAP_NET_BROADCAST" "CAP_NET_ADMIN" "CAP_NET_RAW" ]; - ProtectSystem = "full"; - ProtectHome = "yes"; - SystemCallFilter="~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io"; - MemoryDenyWriteExecute = "yes"; - }; - }; - users = { - users.${variant} = { - description = "BIRD Internet Routing Daemon user"; - group = variant; - isSystemUser = true; - }; - groups.${variant} = {}; - }; - }; - }; + ###### implementation + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.bird ]; -in + environment.etc."bird/bird2.conf".source = pkgs.writeTextFile { + name = "bird2"; + text = cfg.config; + checkPhase = optionalString cfg.checkConfig '' + ln -s $out bird2.conf + ${cfg.preCheckConfig} + ${pkgs.bird}/bin/bird -d -p -c bird2.conf + ''; + }; -{ - imports = map generic [ "bird" "bird6" "bird2" ]; + systemd.services.bird2 = { + description = "BIRD Internet Routing Daemon"; + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ config.environment.etc."bird/bird2.conf".source ]; + serviceConfig = { + Type = "forking"; + Restart = "on-failure"; + # We need to start as root so bird can open netlink sockets i.e. for ospf + ExecStart = "${pkgs.bird}/bin/bird -c /etc/bird/bird2.conf -u bird2 -g bird2"; + ExecReload = "/bin/sh -c '${pkgs.bird}/bin/bird -c /etc/bird/bird2.conf -p && ${pkgs.bird}/bin/birdc configure'"; + ExecStop = "${pkgs.bird}/bin/birdc down"; + RuntimeDirectory = "bird"; + CapabilityBoundingSet = [ + "CAP_CHOWN" + "CAP_FOWNER" + "CAP_SETUID" + "CAP_SETGID" + "CAP_NET_ADMIN" + "CAP_NET_BROADCAST" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; + ProtectSystem = "full"; + ProtectHome = "yes"; + ProtectKernelTunables = true; + ProtectControlGroups = true; + PrivateTmp = true; + PrivateDevices = true; + SystemCallFilter = "~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io"; + MemoryDenyWriteExecute = "yes"; + }; + }; + users = { + users.bird2 = { + description = "BIRD Internet Routing Daemon user"; + group = "bird2"; + isSystemUser = true; + }; + groups.bird2 = { }; + }; + }; } diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix index 992678c43eb..06ec04dbbf1 100644 --- a/nixos/modules/services/networking/murmur.nix +++ b/nixos/modules/services/networking/murmur.nix @@ -306,7 +306,7 @@ in Type = if forking then "forking" else "simple"; PIDFile = mkIf forking "/run/murmur/murmurd.pid"; EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; - ExecStart = "${cfg.package}/bin/murmurd -ini /run/murmur/murmurd.ini"; + ExecStart = "${cfg.package}/bin/mumble-server -ini /run/murmur/murmurd.ini"; Restart = "always"; RuntimeDirectory = "murmur"; RuntimeDirectoryMode = "0700"; diff --git a/nixos/modules/services/networking/tetrd.nix b/nixos/modules/services/networking/tetrd.nix index ead73c49776..0801ce12924 100644 --- a/nixos/modules/services/networking/tetrd.nix +++ b/nixos/modules/services/networking/tetrd.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { - options.services.tetrd.enable = lib.mkEnableOption pkgs.tetrd.meta.description; + options.services.tetrd.enable = lib.mkEnableOption "tetrd"; config = lib.mkIf config.services.tetrd.enable { environment = { diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix index a6542801826..e195e6e6e82 100644 --- a/nixos/modules/services/web-apps/peertube.nix +++ b/nixos/modules/services/web-apps/peertube.nix @@ -320,6 +320,7 @@ in { }; storage = { tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/"; + bin = lib.mkDefault "/var/lib/peertube/storage/bin/"; avatars = lib.mkDefault "/var/lib/peertube/storage/avatars/"; videos = lib.mkDefault "/var/lib/peertube/storage/videos/"; streaming_playlists = lib.mkDefault "/var/lib/peertube/storage/streaming-playlists/"; @@ -333,6 +334,15 @@ in { plugins = lib.mkDefault "/var/lib/peertube/storage/plugins/"; client_overrides = lib.mkDefault "/var/lib/peertube/storage/client-overrides/"; }; + import = { + videos = { + http = { + youtube_dl_release = { + python_path = "${pkgs.python3}/bin/python"; + }; + }; + }; + }; } (lib.mkIf cfg.redis.enableUnixSocket { redis = { socket = "/run/redis/redis.sock"; }; }) ]; @@ -380,7 +390,7 @@ in { environment = env; - path = with pkgs; [ bashInteractive ffmpeg nodejs-16_x openssl yarn youtube-dl ]; + path = with pkgs; [ bashInteractive ffmpeg nodejs-16_x openssl yarn python3 ]; script = '' #!/bin/sh diff --git a/nixos/modules/virtualisation/proxmox-lxc.nix b/nixos/modules/virtualisation/proxmox-lxc.nix new file mode 100644 index 00000000000..3913b474afb --- /dev/null +++ b/nixos/modules/virtualisation/proxmox-lxc.nix @@ -0,0 +1,64 @@ +{ config, pkgs, lib, ... }: + +with lib; + +{ + options.proxmoxLXC = { + privileged = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable privileged mounts + ''; + }; + manageNetwork = mkOption { + type = types.bool; + default = false; + description = '' + Whether to manage network interfaces through nix options + When false, systemd-networkd is enabled to accept network + configuration from proxmox. + ''; + }; + }; + + config = + let + cfg = config.proxmoxLXC; + in + { + system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { + storeContents = [{ + object = config.system.build.toplevel; + symlink = "none"; + }]; + + contents = [{ + source = config.system.build.toplevel + "/init"; + target = "/sbin/init"; + }]; + + extraCommands = "mkdir -p root etc/systemd/network"; + }; + + boot = { + isContainer = true; + loader.initScript.enable = true; + }; + + networking = mkIf (!cfg.manageNetwork) { + useDHCP = false; + useHostResolvConf = false; + useNetworkd = true; + }; + + services.openssh = { + enable = mkDefault true; + startWhenNeeded = mkDefault true; + }; + + systemd.mounts = mkIf (!cfg.privileged) + [{ where = "/sys/kernel/debug"; enable = false; }]; + + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index c9c39e79251..da94fc6d042 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -322,7 +322,6 @@ in mysql-replication = handleTest ./mysql/mysql-replication.nix {}; n8n = handleTest ./n8n.nix {}; nagios = handleTest ./nagios.nix {}; - nano = handleTest ./nano.nix {}; nar-serve = handleTest ./nar-serve.nix {}; nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; @@ -394,6 +393,8 @@ in pdns-recursor = handleTest ./pdns-recursor.nix {}; peerflix = handleTest ./peerflix.nix {}; peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; + pgadmin4 = handleTest ./pgadmin4.nix {}; + pgadmin4-standalone = handleTest ./pgadmin4-standalone.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; php = handleTest ./php {}; diff --git a/nixos/tests/bird.nix b/nixos/tests/bird.nix index 50d397be14e..befcf4fb8ac 100644 --- a/nixos/tests/bird.nix +++ b/nixos/tests/bird.nix @@ -9,7 +9,7 @@ let inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; inherit (pkgs.lib) optionalString; - hostShared = hostId: { pkgs, ... }: { + makeBird2Host = hostId: { pkgs, ... }: { virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ jq ]; @@ -24,105 +24,6 @@ let name = "eth1"; networkConfig.Address = "10.0.0.${hostId}/24"; }; - }; - - birdTest = v4: - let variant = "bird${optionalString (!v4) "6"}"; in - makeTest { - name = variant; - - nodes.host1 = makeBirdHost variant "1"; - nodes.host2 = makeBirdHost variant "2"; - - testScript = makeTestScript variant v4 (!v4); - }; - - bird2Test = makeTest { - name = "bird2"; - - nodes.host1 = makeBird2Host "1"; - nodes.host2 = makeBird2Host "2"; - - testScript = makeTestScript "bird2" true true; - }; - - makeTestScript = variant: v4: v6: '' - start_all() - - host1.wait_for_unit("${variant}.service") - host2.wait_for_unit("${variant}.service") - - ${optionalString v4 '' - with subtest("Waiting for advertised IPv4 routes"): - host1.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.2\")) | any'") - host2.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.1\")) | any'") - ''} - ${optionalString v6 '' - with subtest("Waiting for advertised IPv6 routes"): - host1.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::2\")) | any'") - host2.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::1\")) | any'") - ''} - - with subtest("Check fake routes in preCheckConfig do not exists"): - ${optionalString v4 ''host1.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'")''} - ${optionalString v4 ''host2.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'")''} - - ${optionalString v6 ''host1.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'")''} - ${optionalString v6 ''host2.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'")''} - ''; - - makeBirdHost = variant: hostId: { pkgs, ... }: { - imports = [ (hostShared hostId) ]; - - services.${variant} = { - enable = true; - - config = '' - log syslog all; - - debug protocols all; - - router id 10.0.0.${hostId}; - - protocol device { - } - - protocol kernel { - import none; - export all; - } - - protocol static { - include "static.conf"; - } - - protocol ospf { - export all; - area 0 { - interface "eth1" { - hello 5; - wait 5; - }; - }; - } - ''; - - preCheckConfig = - let - route = { bird = "1.2.3.4/32"; bird6 = "fd00::/128"; }.${variant}; - in - ''echo "route ${route} blackhole;" > static.conf''; - }; - - systemd.tmpfiles.rules = - let - route = { bird = "10.10.0.${hostId}/32"; bird6 = "fdff::${hostId}/128"; }.${variant}; - in - [ "f /etc/bird/static.conf - - - - route ${route} blackhole;" ]; - }; - - makeBird2Host = hostId: { pkgs, ... }: { - imports = [ (hostShared hostId) ]; services.bird2 = { enable = true; @@ -198,8 +99,30 @@ let ]; }; in -{ - bird = birdTest true; - bird6 = birdTest false; - bird2 = bird2Test; +makeTest { + name = "bird2"; + + nodes.host1 = makeBird2Host "1"; + nodes.host2 = makeBird2Host "2"; + + testScript = '' + start_all() + + host1.wait_for_unit("bird2.service") + host2.wait_for_unit("bird2.service") + + with subtest("Waiting for advertised IPv4 routes"): + host1.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.2\")) | any'") + host2.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.1\")) | any'") + with subtest("Waiting for advertised IPv6 routes"): + host1.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::2\")) | any'") + host2.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::1\")) | any'") + + with subtest("Check fake routes in preCheckConfig do not exists"): + host1.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'") + host2.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'") + + host1.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'") + host2.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'") + ''; } diff --git a/nixos/tests/kubernetes/base.nix b/nixos/tests/kubernetes/base.nix index f0c72084be5..d4410beb937 100644 --- a/nixos/tests/kubernetes/base.nix +++ b/nixos/tests/kubernetes/base.nix @@ -18,7 +18,7 @@ let ${master.ip} api.${domain} ${concatMapStringsSep "\n" (machineName: "${machines.${machineName}.ip} ${machineName}.${domain}") (attrNames machines)} ''; - kubectl = with pkgs; runCommand "wrap-kubectl" { buildInputs = [ makeWrapper ]; } '' + wrapKubectl = with pkgs; runCommand "wrap-kubectl" { buildInputs = [ makeWrapper ]; } '' mkdir -p $out/bin makeWrapper ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl --set KUBECONFIG "/etc/kubernetes/cluster-admin.kubeconfig" ''; @@ -48,7 +48,7 @@ let }; }; programs.bash.enableCompletion = true; - environment.systemPackages = [ kubectl ]; + environment.systemPackages = [ wrapKubectl ]; services.flannel.iface = "eth1"; services.kubernetes = { proxy.hostname = "${masterName}.${domain}"; diff --git a/nixos/tests/kubernetes/rbac.nix b/nixos/tests/kubernetes/rbac.nix index ca73562256e..9e73fbbd32a 100644 --- a/nixos/tests/kubernetes/rbac.nix +++ b/nixos/tests/kubernetes/rbac.nix @@ -76,7 +76,7 @@ let }]; }); - kubectl = pkgs.runCommand "copy-kubectl" { buildInputs = [ pkgs.kubernetes ]; } '' + copyKubectl = pkgs.runCommand "copy-kubectl" { } '' mkdir -p $out/bin cp ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl ''; @@ -84,7 +84,7 @@ let kubectlImage = pkgs.dockerTools.buildImage { name = "kubectl"; tag = "latest"; - contents = [ kubectl pkgs.busybox kubectlPod2 ]; + contents = [ copyKubectl pkgs.busybox kubectlPod2 ]; config.Entrypoint = ["/bin/sh"]; }; diff --git a/nixos/tests/nano.nix b/nixos/tests/nano.nix deleted file mode 100644 index 6585a6842e8..00000000000 --- a/nixos/tests/nano.nix +++ /dev/null @@ -1,44 +0,0 @@ -import ./make-test-python.nix ({ pkgs, ...} : { - name = "nano"; - meta = with pkgs.lib.maintainers; { - maintainers = [ nequissimus ]; - }; - - machine = { lib, ... }: { - environment.systemPackages = [ pkgs.nano ]; - }; - - testScript = { ... }: '' - start_all() - - with subtest("Create user and log in"): - machine.wait_for_unit("multi-user.target") - machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") - machine.succeed("useradd -m alice") - machine.succeed("(echo foobar; echo foobar) | passwd alice") - machine.wait_until_tty_matches(1, "login: ") - machine.send_chars("alice\n") - machine.wait_until_tty_matches(1, "login: alice") - machine.wait_until_succeeds("pgrep login") - machine.wait_until_tty_matches(1, "Password: ") - machine.send_chars("foobar\n") - machine.wait_until_succeeds("pgrep -u alice bash") - machine.screenshot("prompt") - - with subtest("Use nano"): - machine.send_chars("nano /tmp/foo") - machine.send_key("ret") - machine.sleep(2) - machine.send_chars("42") - machine.sleep(1) - machine.send_key("ctrl-x") - machine.sleep(1) - machine.send_key("y") - machine.sleep(1) - machine.screenshot("nano") - machine.sleep(1) - machine.send_key("ret") - machine.wait_for_file("/tmp/foo") - assert "42" in machine.succeed("cat /tmp/foo") - ''; -}) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 2d68bc859df..8c9df19f2d5 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -868,7 +868,7 @@ let print(client.succeed("ip l add name foo type dummy")) print(client.succeed("stat /etc/systemd/network/50-foo.link")) client.succeed("udevadm settle") - assert "mtu 1442" in client.succeed("ip l show dummy0") + assert "mtu 1442" in client.succeed("ip l show dev foo") ''; }; wlanInterface = let diff --git a/nixos/tests/pgadmin4-standalone.nix b/nixos/tests/pgadmin4-standalone.nix new file mode 100644 index 00000000000..442570c5306 --- /dev/null +++ b/nixos/tests/pgadmin4-standalone.nix @@ -0,0 +1,43 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + # This is seperate from pgadmin4 since we don't want both running at once + + { + name = "pgadmin4-standalone"; + meta.maintainers = with lib.maintainers; [ mkg20001 ]; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + curl + ]; + + services.postgresql = { + enable = true; + + authentication = '' + host all all localhost trust + ''; + + ensureUsers = [ + { + name = "postgres"; + ensurePermissions = { + "DATABASE \"postgres\"" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.pgadmin = { + enable = true; + initialEmail = "bruh@localhost.de"; + initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; + }; + }; + + testScript = '' + machine.wait_for_unit("postgresql") + machine.wait_for_unit("pgadmin") + + machine.wait_until_succeeds("curl -s localhost:5050") + ''; + }) diff --git a/nixos/tests/pgadmin4.nix b/nixos/tests/pgadmin4.nix new file mode 100644 index 00000000000..658315d3ac0 --- /dev/null +++ b/nixos/tests/pgadmin4.nix @@ -0,0 +1,142 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + + let + pgadmin4SrcDir = "/pgadmin"; + pgadmin4Dir = "/var/lib/pgadmin"; + pgadmin4LogDir = "/var/log/pgadmin"; + + python-with-needed-packages = pkgs.python3.withPackages (ps: with ps; [ + selenium + testtools + testscenarios + flask + flask-babelex + flask-babel + flask-gravatar + flask_login + flask_mail + flask_migrate + flask_sqlalchemy + flask_wtf + flask-compress + passlib + pytz + simplejson + six + sqlparse + wtforms + flask-paranoid + psutil + psycopg2 + python-dateutil + sqlalchemy + itsdangerous + flask-security-too + bcrypt + cryptography + sshtunnel + ldap3 + gssapi + flask-socketio + eventlet + httpagentparser + user-agents + wheel + authlib + qrcode + pillow + pyotp + ]); + in + { + name = "pgadmin4"; + meta.maintainers = with lib.maintainers; [ gador ]; + + nodes.machine = { pkgs, ... }: { + imports = [ ./common/x11.nix ]; + environment.systemPackages = with pkgs; [ + pgadmin4 + postgresql + python-with-needed-packages + chromedriver + chromium + ]; + services.postgresql = { + enable = true; + authentication = '' + host all all localhost trust + ''; + ensureUsers = [ + { + name = "postgres"; + ensurePermissions = { + "DATABASE \"postgres\"" = "ALL PRIVILEGES"; + }; + } + ]; + }; + }; + + testScript = '' + machine.wait_for_unit("postgresql") + + # pgadmin4 needs its data and log directories + machine.succeed( + "mkdir -p ${pgadmin4Dir} \ + && mkdir -p ${pgadmin4LogDir} \ + && mkdir -p ${pgadmin4SrcDir}" + ) + + machine.succeed( + "tar xvzf ${pkgs.pgadmin4.src} -C ${pgadmin4SrcDir}" + ) + + machine.wait_for_file("${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/README.md") + + # set paths and config for tests + machine.succeed( + "cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \ + && cp -v web/regression/test_config.json.in web/regression/test_config.json \ + && sed -i 's|PostgreSQL 9.4|PostgreSQL|' web/regression/test_config.json \ + && sed -i 's|/opt/PostgreSQL/9.4/bin/|${pkgs.postgresql}/bin|' web/regression/test_config.json \ + && sed -i 's|\"headless_chrome\": false|\"headless_chrome\": true|' web/regression/test_config.json" + ) + + # adapt chrome config to run within a sandbox without GUI + # see https://stackoverflow.com/questions/50642308/webdriverexception-unknown-error-devtoolsactiveport-file-doesnt-exist-while-t#50642913 + # add chrome binary path. use spaces to satisfy python indention (tabs throw an error) + # this works for selenium 3 (currently used), but will need to be updated + # to work with "from selenium.webdriver.chrome.service import Service" in selenium 4 + machine.succeed( + "cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \ + && sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.binary_location = \"${pkgs.chromium}/bin/chromium\"' web/regression/runtests.py \ + && sed -i '\|options.add_argument(\"--no-sandbox\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--headless\")' web/regression/runtests.py \ + && sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--disable-dev-shm-usage\")' web/regression/runtests.py \ + && sed -i 's|(chrome_options=options)|(executable_path=\"${pkgs.chromedriver}/bin/chromedriver\", chrome_options=options)|' web/regression/runtests.py \ + && sed -i 's|driver_local.maximize_window()||' web/regression/runtests.py" + ) + + # don't bother to test LDAP authentification + with subtest("run browser test"): + machine.succeed( + 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \ + && ${python-with-needed-packages.interpreter} regression/runtests.py --pkg browser --exclude \ + browser.tests.test_ldap_login.LDAPLoginTestCase,browser.tests.test_ldap_login' + ) + + # fontconfig is necessary for chromium to run + # https://github.com/NixOS/nixpkgs/issues/136207 + with subtest("run feature test"): + machine.succeed( + 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \ + && export FONTCONFIG_FILE=${pkgs.makeFontsConf { fontDirectories = [];}} \ + && ${python-with-needed-packages.interpreter} regression/runtests.py --pkg feature_tests' + ) + + with subtest("run resql test"): + machine.succeed( + 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \ + && ${python-with-needed-packages.interpreter} regression/runtests.py --pkg resql' + ) + ''; + }) diff --git a/nixos/tests/podman/default.nix b/nixos/tests/podman/default.nix index b52a7f060ad..67c7823c5a3 100644 --- a/nixos/tests/podman/default.nix +++ b/nixos/tests/podman/default.nix @@ -126,7 +126,7 @@ import ../make-test-python.nix ( podman.succeed("docker network create default") podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") podman.succeed( - "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10" ) podman.succeed("docker ps | grep sleeping") podman.succeed("podman ps | grep sleeping") diff --git a/nixos/tests/podman/tls-ghostunnel.nix b/nixos/tests/podman/tls-ghostunnel.nix index c0bc47cc40b..268a55701cc 100644 --- a/nixos/tests/podman/tls-ghostunnel.nix +++ b/nixos/tests/podman/tls-ghostunnel.nix @@ -129,7 +129,7 @@ import ../make-test-python.nix ( podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") client.succeed( - "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10" ) client.succeed("docker ps | grep sleeping") podman.succeed("docker ps | grep sleeping") |