diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 6 | ||||
-rw-r--r-- | nixos/modules/services/continuous-integration/hydra/default.nix | 20 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 27 | ||||
-rwxr-xr-x | nixos/tests/hydra/create-trivial-project.sh | 2 | ||||
-rw-r--r-- | nixos/tests/hydra/default.nix | 23 | ||||
-rw-r--r-- | nixos/tests/mumble.nix | 4 | ||||
-rw-r--r-- | nixos/tests/xmonad.nix | 2 |
8 files changed, 65 insertions, 25 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index f9cea242c15..58ab7207f53 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -478,6 +478,12 @@ Prometheus 2 is now configured with <literal>services.prometheus</literal>. </para> </listitem> + <listitem> + <para> + Citrix Receiver (<literal>citrix_receiver</literal>) has been dropped in favor of Citrix Workspace + (<literal>citrix_workspace</literal>). + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/services/continuous-integration/hydra/default.nix b/nixos/modules/services/continuous-integration/hydra/default.nix index 500acb48562..2da10a9a5e2 100644 --- a/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixos/modules/services/continuous-integration/hydra/default.nix @@ -275,6 +275,7 @@ in ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O hydra hydra touch ${baseDir}/.db-created fi + echo "create extension if not exists pg_trgm" | ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra ''} if [ ! -e ${cfg.gcRootsDir} ]; then @@ -379,6 +380,23 @@ in }; }; + systemd.services.hydra-notify = + { wantedBy = [ "multi-user.target" ]; + requires = [ "hydra-init.service" ]; + after = [ "hydra-init.service" ]; + restartTriggers = [ hydraConf ]; + environment = env // { + PGPASSFILE = "${baseDir}/pgpass-queue-runner"; + }; + serviceConfig = + { ExecStart = "@${cfg.package}/bin/hydra-notify hydra-notify"; + # FIXME: run this under a less privileged user? + User = "hydra-queue-runner"; + Restart = "always"; + RestartSec = 5; + }; + }; + # If there is less than a certain amount of free disk space, stop # the queue/evaluator to prevent builds from failing or aborting. systemd.services.hydra-check-space = @@ -416,6 +434,8 @@ in hydra-users hydra-queue-runner hydra hydra-users hydra-www hydra hydra-users root hydra + # The postgres user is used to create the pg_trgm extension for the hydra database + hydra-users postgres postgres ''; services.postgresql.authentication = optionalString haveLocalDB diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index caef4ad4ea8..66da6864fca 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, utils, ... }: -# TODO: support non-postgresql - with lib; let @@ -806,8 +804,8 @@ in { export otp="$(<'${cfg.secrets.otpFile}')" export jws="$(<'${cfg.secrets.jwsFile}')" ${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret, - otp_key_base: $ENV.db, - db_key_base: $ENV.otp, + otp_key_base: $ENV.otp, + db_key_base: $ENV.db, openid_connect_signing_key: $ENV.jws}}' \ > '${cfg.statePath}/config/secrets.yml' ) diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index bef0ff36567..db047e6d0b8 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -8,6 +8,8 @@ let dynamicHostsEnabled = cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {}; + delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; + # /var/lib/misc is for dnsmasq.leases. stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; @@ -177,10 +179,11 @@ in { basePackages = mkOption { type = types.attrsOf types.package; default = { inherit (pkgs) - networkmanager modemmanager wpa_supplicant crda + networkmanager modemmanager crda networkmanager-openvpn networkmanager-vpnc networkmanager-openconnect networkmanager-fortisslvpn - networkmanager-l2tp networkmanager-iodine; }; + networkmanager-l2tp networkmanager-iodine; } + // optionalAttrs (!delegateWireless) { inherit (pkgs) wpa_supplicant; }; internal = true; }; @@ -377,8 +380,11 @@ in { config = mkIf cfg.enable { assertions = [ - { assertion = config.networking.wireless.enable == false; - message = "You can not use networking.networkmanager with networking.wireless"; + { assertion = config.networking.wireless.enable == true -> cfg.unmanaged != []; + message = '' + You can not use networking.networkmanager with networking.wireless. + Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager. + ''; } { assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq"); message = '' @@ -496,18 +502,17 @@ in { aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ]; }; - # Turn off NixOS' network management - networking = { + # Turn off NixOS' network management when networking is managed entirely by NetworkManager + networking = (mkIf (!delegateWireless) { useDHCP = false; - # use mkDefault to trigger the assertion about the conflict above + # Use mkDefault to trigger the assertion about the conflict above wireless.enable = mkDefault false; - }; + }) // (mkIf cfg.enableStrongSwan { + networkmanager.packages = [ pkgs.networkmanager_strongswan ]; + }); security.polkit.extraConfig = polkitConf; - networking.networkmanager.packages = - mkIf cfg.enableStrongSwan [ pkgs.networkmanager_strongswan ]; - services.dbus.packages = optional cfg.enableStrongSwan pkgs.strongswanNM ++ cfg.packages; diff --git a/nixos/tests/hydra/create-trivial-project.sh b/nixos/tests/hydra/create-trivial-project.sh index 39122c9b473..5aae2d5bf90 100755 --- a/nixos/tests/hydra/create-trivial-project.sh +++ b/nixos/tests/hydra/create-trivial-project.sh @@ -44,6 +44,8 @@ cat >data.json <<EOF "enabled": "1", "visible": "1", "keepnr": "1", + "enableemail": true, + "emailoverride": "hydra@localhost", "nixexprinput": "trivial", "nixexprpath": "trivial.nix", "inputs": { diff --git a/nixos/tests/hydra/default.nix b/nixos/tests/hydra/default.nix index f99b367ac9b..6ca05a2c779 100644 --- a/nixos/tests/hydra/default.nix +++ b/nixos/tests/hydra/default.nix @@ -8,8 +8,10 @@ let trivialJob = pkgs.writeTextDir "trivial.nix" '' { trivial = builtins.derivation { name = "trivial"; - system = "x86_64-linux"; + system = "${system}"; builder = "/bin/sh"; + allowSubstitutes = false; + preferLocalBuild = true; args = ["-c" "echo success > $out; exit 0"]; }; } @@ -53,11 +55,16 @@ let notificationSender = "example@example.com"; package = pkgs.hydra.override { inherit nix; }; + + extraConfig = '' + email_notification = 1 + ''; }; + services.postfix.enable = true; nix = { buildMachines = [{ hostName = "localhost"; - systems = [ "x86_64-linux" ]; + systems = [ system ]; }]; binaryCaches = []; @@ -68,12 +75,12 @@ let # let the system boot up $machine->waitForUnit("multi-user.target"); # test whether the database is running - $machine->succeed("systemctl status postgresql.service"); + $machine->waitForUnit("postgresql.service"); # test whether the actual hydra daemons are running - $machine->succeed("systemctl status hydra-queue-runner.service"); - $machine->succeed("systemctl status hydra-init.service"); - $machine->succeed("systemctl status hydra-evaluator.service"); - $machine->succeed("systemctl status hydra-send-stats.service"); + $machine->waitForUnit("hydra-init.service"); + $machine->requireActiveUnit("hydra-queue-runner.service"); + $machine->requireActiveUnit("hydra-evaluator.service"); + $machine->requireActiveUnit("hydra-notify.service"); $machine->succeed("hydra-create-user admin --role admin --password admin"); @@ -84,6 +91,8 @@ let $machine->succeed("create-trivial-project.sh"); $machine->waitUntilSucceeds('curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'); + + $machine->waitUntilSucceeds('journalctl -eu hydra-notify.service -o cat | grep -q "sending mail notification to hydra@localhost"'); ''; }))); diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index dadd16fd9a0..652d49a24b1 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -63,8 +63,8 @@ in $client2->sendChars("y"); # Find clients in logs - $server->waitUntilSucceeds("grep -q 'client1' /var/log/murmur/murmurd.log"); - $server->waitUntilSucceeds("grep -q 'client2' /var/log/murmur/murmurd.log"); + $server->waitUntilSucceeds("journalctl -eu murmur -o cat | grep -q client1"); + $server->waitUntilSucceeds("journalctl -eu murmur -o cat | grep -q client2"); $server->sleep(5); # wait to get screenshot $client1->screenshot("screen1"); diff --git a/nixos/tests/xmonad.nix b/nixos/tests/xmonad.nix index 4d3bc28cd34..79c15ccffec 100644 --- a/nixos/tests/xmonad.nix +++ b/nixos/tests/xmonad.nix @@ -26,7 +26,7 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->sendKeys("alt-ctrl-x"); - $machine->waitForWindow(qr/machine.*alice/); + $machine->waitForWindow(qr/alice.*machine/); $machine->sleep(1); $machine->screenshot("terminal"); $machine->waitUntilSucceeds("xmonad --restart"); |