nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-05 20:43:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2024-09-10 06:04:42 +00:00 committed by GitHub
commit c805e13f1c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
34 changed files with 1672 additions and 2050 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -400,6 +400,12 @@
- The `services.trust-dns` module has been renamed to `services.hickory-dns`.
- The option `services.prometheus.exporters.pgbouncer.connectionStringFile` has been removed since
it leaked the connection string (and thus potentially the DB password) into the cmdline
of process making it effectively world-readable.
Use [`services.prometheus.exporters.pgbouncer.connectionEnvFile`](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) instead.
- The `lsh` package and the `services.lshd` module have been removed as they had no maintainer in Nixpkgs and hadnt seen an upstream release in over a decade. It is recommended to migrate to `openssh` and `services.openssh`.
- `opencv2` and `opencv3` have been removed, as they are obsolete and

229
nixos/maintainers/scripts/ec2/amazon-image.nix
View File

@ -1,50 +1,24 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkOption
optionalString
types
versionAtLeast
;
inherit (lib) mkOption optionalString types versionAtLeast;
inherit (lib.options) literalExpression;
cfg = config.amazonImage;
amiBootMode = if config.ec2.efi then "uefi" else "legacy-bios";
virtualisationOptions = import ../../../modules/virtualisation/virtualisation-options.nix;
in
{
imports = [
../../../modules/virtualisation/amazon-image.nix
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"amazonImage"
"sizeMB"
];
to = [
"virtualisation"
"diskSize"
];
})
];
in {
imports = [ ../../../modules/virtualisation/amazon-image.nix ];
# Amazon recommends setting this to the highest possible value for a good EBS
# experience, which prior to 4.15 was 255.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes
config.boot.kernelParams =
let
timeout =
if versionAtLeast config.boot.kernelPackages.kernel.version "4.15" then "4294967295" else "255";
in
[ "nvme_core.io_timeout=${timeout}" ];
let timeout =
if versionAtLeast config.boot.kernelPackages.kernel.version "4.15"
then "4294967295"
else "255";
in [ "nvme_core.io_timeout=${timeout}" ];
options.amazonImage = {
name = mkOption {
@ -60,30 +34,30 @@ in
}
]
'';
default = [ ];
default = [];
description = ''
This option lists files to be copied to fixed locations in the
generated image. Glob patterns work.
'';
};
sizeMB = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = 3072;
example = 8192;
description = "The size in MB of the image";
};
format = mkOption {
type = types.enum [
"raw"
"qcow2"
"vpc"
];
type = types.enum [ "raw" "qcow2" "vpc" ];
default = "vpc";
description = "The image format to output";
};
};
config.virtualisation.diskSize = lib.mkDefault (3 * 1024);
config.virtualisation.diskSizeAutoSupported = !config.ec2.zfs.enable;
config.system.build.amazonImage =
let
configFile = pkgs.writeText "configuration.nix" ''
config.system.build.amazonImage = let
configFile = pkgs.writeText "configuration.nix"
''
{ modulesPath, ... }: {
imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ];
${optionalString config.ec2.efi ''
@ -96,102 +70,91 @@ in
}
'';
zfsBuilder = import ../../../lib/make-multi-disk-zfs-image.nix {
inherit
lib
config
configFile
pkgs
;
inherit (cfg) contents format name;
zfsBuilder = import ../../../lib/make-multi-disk-zfs-image.nix {
inherit lib config configFile pkgs;
inherit (cfg) contents format name;
includeChannel = true;
includeChannel = true;
bootSize = 1000; # 1G is the minimum EBS volume
bootSize = 1000; # 1G is the minimum EBS volume
rootSize = config.virtualisation.diskSize;
rootPoolProperties = {
ashift = 12;
autoexpand = "on";
};
datasets = config.ec2.zfs.datasets;
postVM = ''
extension=''${rootDiskImage##*.}
friendlyName=$out/${cfg.name}
rootDisk="$friendlyName.root.$extension"
bootDisk="$friendlyName.boot.$extension"
mv "$rootDiskImage" "$rootDisk"
mv "$bootDiskImage" "$bootDisk"
mkdir -p $out/nix-support
echo "file ${cfg.format} $bootDisk" >> $out/nix-support/hydra-build-products
echo "file ${cfg.format} $rootDisk" >> $out/nix-support/hydra-build-products
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \
--arg root "$rootDisk" \
--arg boot "$bootDisk" \
'{}
| .label = $system_label
| .boot_mode = $boot_mode
| .system = $system
| .disks.boot.logical_bytes = $boot_logical_bytes
| .disks.boot.file = $boot
| .disks.root.logical_bytes = $root_logical_bytes
| .disks.root.file = $root
' > $out/nix-support/image-info.json
'';
rootSize = cfg.sizeMB;
rootPoolProperties = {
ashift = 12;
autoexpand = "on";
};
extBuilder = import ../../../lib/make-disk-image.nix {
inherit
lib
config
configFile
pkgs
;
datasets = config.ec2.zfs.datasets;
inherit (cfg) contents format name;
postVM = ''
extension=''${rootDiskImage##*.}
friendlyName=$out/${cfg.name}
rootDisk="$friendlyName.root.$extension"
bootDisk="$friendlyName.boot.$extension"
mv "$rootDiskImage" "$rootDisk"
mv "$bootDiskImage" "$bootDisk"
fsType = "ext4";
partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt";
mkdir -p $out/nix-support
echo "file ${cfg.format} $bootDisk" >> $out/nix-support/hydra-build-products
echo "file ${cfg.format} $rootDisk" >> $out/nix-support/hydra-build-products
inherit (config.virtualisation) diskSize;
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \
--arg root "$rootDisk" \
--arg boot "$bootDisk" \
'{}
| .label = $system_label
| .boot_mode = $boot_mode
| .system = $system
| .disks.boot.logical_bytes = $boot_logical_bytes
| .disks.boot.file = $boot
| .disks.root.logical_bytes = $root_logical_bytes
| .disks.root.file = $root
' > $out/nix-support/image-info.json
'';
};
postVM = ''
extension=''${diskImage##*.}
friendlyName=$out/${cfg.name}.$extension
mv "$diskImage" "$friendlyName"
diskImage=$friendlyName
extBuilder = import ../../../lib/make-disk-image.nix {
inherit lib config configFile pkgs;
mkdir -p $out/nix-support
echo "file ${cfg.format} $diskImage" >> $out/nix-support/hydra-build-products
inherit (cfg) contents format name;
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \
--arg file "$diskImage" \
'{}
| .label = $system_label
| .boot_mode = $boot_mode
| .system = $system
| .logical_bytes = $logical_bytes
| .file = $file
| .disks.root.logical_bytes = $logical_bytes
| .disks.root.file = $file
' > $out/nix-support/image-info.json
'';
};
in
if config.ec2.zfs.enable then zfsBuilder else extBuilder;
fsType = "ext4";
partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt";
diskSize = cfg.sizeMB;
postVM = ''
extension=''${diskImage##*.}
friendlyName=$out/${cfg.name}.$extension
mv "$diskImage" "$friendlyName"
diskImage=$friendlyName
mkdir -p $out/nix-support
echo "file ${cfg.format} $diskImage" >> $out/nix-support/hydra-build-products
${pkgs.jq}/bin/jq -n \
--arg system_label ${lib.escapeShellArg config.system.nixos.label} \
--arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \
--arg logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \
--arg boot_mode "${amiBootMode}" \
--arg file "$diskImage" \
'{}
| .label = $system_label
| .boot_mode = $boot_mode
| .system = $system
| .logical_bytes = $logical_bytes
| .file = $file
| .disks.root.logical_bytes = $logical_bytes
| .disks.root.file = $file
' > $out/nix-support/image-info.json
'';
};
in if config.ec2.zfs.enable then zfsBuilder else extBuilder;
meta.maintainers = with lib.maintainers; [ arianvp ];
}

54
nixos/maintainers/scripts/openstack/openstack-image-zfs.nix
View File

@ -1,37 +1,18 @@
# nix-build '<nixpkgs/nixos>' -A config.system.build.openstackImage --arg configuration "{ imports = [ ./nixos/maintainers/scripts/openstack/openstack-image.nix ]; }"
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
let
inherit (lib) mkOption types;
copyChannel = true;
cfg = config.openstackImage;
imageBootMode = if config.openstack.efi then "uefi" else "legacy-bios";
virtualisationOptions = import ../../../modules/virtualisation/virtualisation-options.nix;
in
{
imports = [
../../../modules/virtualisation/openstack-config.nix
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"openstackImage"
"sizeMB"
];
to = [
"virtualisation"
"diskSize"
];
})
] ++ (lib.optional copyChannel ../../../modules/installer/cd-dvd/channel.nix);
options.openstackImage = {
name = mkOption {
type = types.str;
@ -41,15 +22,18 @@ in
ramMB = mkOption {
type = types.int;
default = (3 * 1024);
default = 1024;
description = "RAM allocation for build VM";
};
sizeMB = mkOption {
type = types.int;
default = 8192;
description = "The size in MB of the image";
};
format = mkOption {
type = types.enum [
"raw"
"qcow2"
];
type = types.enum [ "raw" "qcow2" ];
default = "qcow2";
description = "The image format to output";
};
@ -70,26 +54,24 @@ in
};
};
virtualisation.diskSize = lib.mkDefault (8 * 1024);
virtualisation.diskSizeAutoSupported = false;
system.build.openstackImage = import ../../../lib/make-single-disk-zfs-image.nix {
inherit lib config;
inherit (cfg) contents format name;
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
configFile = pkgs.writeText "configuration.nix" ''
{ modulesPath, ... }: {
imports = [ "''${modulesPath}/virtualisation/openstack-config.nix" ];
openstack.zfs.enable = true;
}
'';
configFile = pkgs.writeText "configuration.nix"
''
{ modulesPath, ... }: {
imports = [ "''${modulesPath}/virtualisation/openstack-config.nix" ];
openstack.zfs.enable = true;
}
'';
includeChannel = copyChannel;
bootSize = 1000;
memSize = cfg.ramMB;
rootSize = config.virtualisation.diskSize;
rootSize = cfg.sizeMB;
rootPoolProperties = {
ashift = 12;
autoexpand = "on";

103
nixos/modules/profiles/macos-builder.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
options,
...
}:
{ config, lib, options, ... }:
let
keysDirectory = "/var/keys";
@ -20,19 +15,6 @@ in
imports = [
../virtualisation/qemu-vm.nix
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"darwin-builder"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
# Avoid a dependency on stateVersion
{
disabledModules = [
@ -41,16 +23,17 @@ in
];
# swraid's default depends on stateVersion
config.boot.swraid.enable = false;
options.boot.isContainer = lib.mkOption {
default = false;
internal = true;
};
options.boot.isContainer = lib.mkOption { default = false; internal = true; };
}
];
options.virtualisation.description = "The maximum disk space allocated to the runner in megabytes";
options.virtualisation.darwin-builder = with lib; {
diskSize = mkOption {
default = 20 * 1024;
type = types.int;
example = 30720;
description = "The maximum disk space allocated to the runner in MB";
};
memorySize = mkOption {
default = 3 * 1024;
type = types.int;
@ -76,13 +59,13 @@ in
'';
};
workingDirectory = mkOption {
default = ".";
type = types.str;
example = "/var/lib/darwin-builder";
description = ''
The working directory to use to run the script. When running
as part of a flake will need to be set to a non read-only filesystem.
'';
default = ".";
type = types.str;
example = "/var/lib/darwin-builder";
description = ''
The working directory to use to run the script. When running
as part of a flake will need to be set to a non read-only filesystem.
'';
};
hostPort = mkOption {
default = 31022;
@ -175,34 +158,26 @@ in
script = hostPkgs.writeShellScriptBin "create-builder" (
''
set -euo pipefail
''
+
# When running as non-interactively as part of a DarwinConfiguration the working directory
# must be set to a writeable directory.
(
if cfg.workingDirectory != "." then
''
${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}"
cd "${cfg.workingDirectory}"
''
else
""
)
+ ''
KEYS="''${KEYS:-./keys}"
${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}"
PRIVATE_KEY="''${KEYS}/${user}_${keyType}"
PUBLIC_KEY="''${PRIVATE_KEY}.pub"
if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then
${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}"
${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost'
fi
if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then
(set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}")
fi
KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
''
);
'' +
# When running as non-interactively as part of a DarwinConfiguration the working directory
# must be set to a writeable directory.
(if cfg.workingDirectory != "." then ''
${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}"
cd "${cfg.workingDirectory}"
'' else "") + ''
KEYS="''${KEYS:-./keys}"
${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}"
PRIVATE_KEY="''${KEYS}/${user}_${keyType}"
PUBLIC_KEY="''${PRIVATE_KEY}.pub"
if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then
${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}"
${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost'
fi
if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then
(set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}")
fi
KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
'');
in
script.overrideAttrs (old: {
@ -248,16 +223,12 @@ in
'';
virtualisation = {
diskSize = lib.mkDefault (20 * 1024);
diskSize = cfg.diskSize;
memorySize = cfg.memorySize;
forwardPorts = [
{
from = "host";
guest.port = 22;
host.port = cfg.hostPort;
}
{ from = "host"; guest.port = 22; host.port = cfg.hostPort; }
];
# Disable graphics for the builder since users will likely want to run it

25
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -3,7 +3,7 @@
let
inherit (lib) concatStrings foldl foldl' genAttrs literalExpression maintainers
mapAttrs mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption
optional types mkOptionDefault flip attrNames;
optional types mkOptionDefault flip attrNames xor;
cfg = config.services.prometheus.exporters;
@ -230,6 +230,7 @@ let
in
mkIf conf.enable {
warnings = conf.warnings or [];
assertions = conf.assertions or [];
users.users."${name}-exporter" = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) {
description = "Prometheus ${name} exporter service user";
isSystemUser = true;
@ -359,13 +360,6 @@ in
Please specify either 'services.prometheus.exporters.nextcloud.passwordFile' or
'services.prometheus.exporters.nextcloud.tokenFile'
'';
} {
assertion = cfg.pgbouncer.enable -> (
(cfg.pgbouncer.connectionStringFile != null || cfg.pgbouncer.connectionString != "")
);
message = ''
PgBouncer exporter needs either connectionStringFile or connectionString configured"
'';
} {
assertion = cfg.sql.enable -> (
(cfg.sql.configFile == null) != (cfg.sql.configuration == null)
@ -405,7 +399,15 @@ in
Please ensure you have either `services.prometheus.exporters.deluge.delugePassword'
or `services.prometheus.exporters.deluge.delugePasswordFile' set!
'';
} ] ++ (flip map (attrNames exporterOpts) (exporter: {
} {
assertion = cfg.pgbouncer.enable -> (
xor (cfg.pgbouncer.connectionEnvFile == null) (cfg.pgbouncer.connectionString == null)
);
message = ''
Options `services.prometheus.exporters.pgbouncer.connectionEnvFile` and
`services.prometheus.exporters.pgbouncer.connectionString` are mutually exclusive!
'';
}] ++ (flip map (attrNames exporterOpts) (exporter: {
assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall;
message = ''
The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless
@ -419,11 +421,6 @@ in
Consider using `services.prometheus.exporters.idrac.configuration` instead.
''
)
(mkIf
(cfg.pgbouncer.enable && cfg.pgbouncer.connectionString != "") ''
config.services.prometheus.exporters.pgbouncer.connectionString is insecure. Use connectionStringFile instead.
''
)
] ++ config.services.prometheus.exporters.warnings;
}] ++ [(mkIf config.services.prometheus.exporters.rtl_433.enable {
hardware.rtl-sdr.enable = mkDefault true;

60
nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix
View File

@ -7,11 +7,8 @@ let
mkPackageOption
types
optionals
optionalString
getExe
getExe'
escapeShellArg
escapeShellArgs
concatStringsSep
;
in
@ -29,8 +26,8 @@ in
};
connectionString = mkOption {
type = types.str;
default = "";
type = types.nullOr types.str;
default = null;
example = "postgres://admin:@localhost:6432/pgbouncer?sslmode=require";
description = ''
Connection string for accessing pgBouncer.
@ -43,26 +40,28 @@ in
auth_file if auth_type other than "any" is used.
WARNING: this secret is stored in the world-readable Nix store!
Use {option}`connectionStringFile` instead.
Use [](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) if the
URL contains a secret.
'';
};
connectionStringFile = mkOption {
type = types.nullOr types.path;
connectionEnvFile = mkOption {
type = types.nullOr types.str;
default = null;
example = "/run/keys/pgBouncer-connection-string";
description = ''
File that contains pgBouncer connection string in format:
postgres://admin:@localhost:6432/pgbouncer?sslmode=require
File that must contain the environment variable
`PGBOUNCER_EXPORTER_CONNECTION_STRING` which is set to the connection
string used by pgbouncer. I.e. the format is supposed to look like this:
NOTE: You MUST keep pgbouncer as database name (special internal db)!!!
```
PGBOUNCER_EXPORTER_CONNECTION_STRING="postgres://admin@localhost:6432/pgbouncer?sslmode=require"
```
NOTE: ignore_startup_parameters MUST contain "extra_float_digits".
NOTE: You MUST keep pgbouncer as database name (special internal db)!
NOTE: `services.pgbouncer.settings.pgbouncer.ignore_startup_parameters`
MUST contain "extra_float_digits".
NOTE: Admin user (with password or passwordless) MUST exist in the
auth_file if auth_type other than "any" is used.
{option}`connectionStringFile` takes precedence over {option}`connectionString`
Mutually exclusive with [](#opt-services.prometheus.exporters.pgbouncer.connectionString).
'';
};
@ -126,16 +125,11 @@ in
serviceOpts = {
after = [ "pgbouncer.service" ];
script = optionalString (cfg.connectionStringFile != null) ''
connectionString=$(${escapeShellArgs [
(getExe' pkgs.coreutils "cat") "--" cfg.connectionStringFile
]})
'' + concatStringsSep " " ([
script = concatStringsSep " " ([
"exec -- ${escapeShellArg (getExe cfg.package)}"
"--web.listen-address ${cfg.listenAddress}:${toString cfg.port}"
"--pgBouncer.connectionString ${if cfg.connectionStringFile != null
then "\"$connectionString\""
else "${escapeShellArg cfg.connectionString}"}"
] ++ optionals (cfg.connectionString != null) [
"--pgBouncer.connectionString ${escapeShellArg cfg.connectionString}"
] ++ optionals (cfg.telemetryPath != null) [
"--web.telemetry-path ${escapeShellArg cfg.telemetryPath}"
] ++ optionals (cfg.pidFile != null) [
@ -151,5 +145,21 @@ in
] ++ cfg.extraFlags);
serviceConfig.RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
serviceConfig.EnvironmentFile = lib.mkIf (cfg.connectionEnvFile != null) [
cfg.connectionEnvFile
];
};
imports = [
(lib.mkRemovedOptionModule [ "connectionStringFile" ] ''
As replacement, the option `services.prometheus.exporters.pgbouncer.connectionEnvFile`
has been added. In contrast to `connectionStringFile` it must be an environment file
with the connection string being set to `PGBOUNCER_EXPORTER_CONNECTION_STRING`.
The change was necessary since the former option wrote the contents of the file
into the cmdline of the exporter making the connection string effectively
world-readable.
'')
({ options.warnings = options.warnings; options.assertions = options.assertions; })
];
}

44
nixos/modules/virtualisation/azure-image.nix
View File

@ -1,34 +1,22 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.azureImage;
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
./azure-common.nix
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"azureImage"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
imports = [ ./azure-common.nix ];
options.virtualisation.azureImage = {
diskSize = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = "auto";
example = 2048;
description = ''
Size of disk image. Unit is MB.
'';
};
bootSize = mkOption {
type = types.int;
default = 256;
@ -47,12 +35,7 @@ in
};
vmGeneration = mkOption {
type =
with types;
enum [
"v1"
"v2"
];
type = with types; enum [ "v1" "v2" ];
default = "v1";
description = ''
VM Generation to use.
@ -74,8 +57,7 @@ in
bootSize = "${toString cfg.bootSize}M";
partitionTableType = if cfg.vmGeneration == "v2" then "efi" else "legacy";
inherit (cfg) contents;
inherit (config.virtualisation) diskSize;
inherit (cfg) diskSize contents;
inherit config lib pkgs;
};
};

75
nixos/modules/virtualisation/digital-ocean-image.nix
View File

@ -1,35 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.digitalOceanImage;
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
./digital-ocean-config.nix
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"digitialOceanImage"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
imports = [ ./digital-ocean-config.nix ];
options = {
virtualisation.digitalOceanImage.diskSize = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = "auto";
example = 4096;
description = ''
Size of disk image. Unit is MB.
'';
};
virtualisation.digitalOceanImage.configFile = mkOption {
type = with types; nullOr path;
default = null;
@ -43,10 +31,7 @@ in
};
virtualisation.digitalOceanImage.compressionMethod = mkOption {
type = types.enum [
"gzip"
"bzip2"
];
type = types.enum [ "gzip" "bzip2" ];
default = "gzip";
example = "bzip2";
description = ''
@ -59,35 +44,27 @@ in
#### implementation
config = {
system.build.digitalOceanImage = import ../../lib/make-disk-image.nix {
name = "digital-ocean-image";
format = "qcow2";
postVM =
let
compress =
{
"gzip" = "${pkgs.gzip}/bin/gzip";
"bzip2" = "${pkgs.bzip2}/bin/bzip2";
}
.${cfg.compressionMethod};
in
''
${compress} $diskImage
'';
configFile =
if cfg.configFile == null then
config.virtualisation.digitalOcean.defaultConfigFile
else
cfg.configFile;
inherit (config.virtualisation) diskSize;
postVM = let
compress = {
"gzip" = "${pkgs.gzip}/bin/gzip";
"bzip2" = "${pkgs.bzip2}/bin/bzip2";
}.${cfg.compressionMethod};
in ''
${compress} $diskImage
'';
configFile = if cfg.configFile == null
then config.virtualisation.digitalOcean.defaultConfigFile
else cfg.configFile;
inherit (cfg) diskSize;
inherit config lib pkgs;
};
};
meta.maintainers = with maintainers; [
arianvp
eamsden
];
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

44
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
let
@ -16,28 +11,21 @@ let
];
}
'';
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
./google-compute-config.nix
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"googleComputeImage"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
imports = [ ./google-compute-config.nix ];
options = {
virtualisation.googleComputeImage.diskSize = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = "auto";
example = 1536;
description = ''
Size of disk image. Unit is MB.
'';
};
virtualisation.googleComputeImage.configFile = mkOption {
type = with types; nullOr str;
default = null;
@ -76,13 +64,7 @@ in
system.build.googleComputeImage = import ../../lib/make-disk-image.nix {
name = "google-compute-image";
postVM = ''
PATH=$PATH:${
with pkgs;
lib.makeBinPath [
gnutar
gzip
]
}
PATH=$PATH:${with pkgs; lib.makeBinPath [ gnutar gzip ]}
pushd $out
mv $diskImage disk.raw
tar -Sc disk.raw | gzip -${toString cfg.compressionLevel} > \
@ -93,7 +75,7 @@ in
format = "raw";
configFile = if cfg.configFile == null then defaultConfigFile else cfg.configFile;
partitionTableType = if cfg.efi then "efi" else "legacy";
inherit (config.virtualisation) diskSize;
inherit (cfg) diskSize;
inherit config lib pkgs;
};

40
nixos/modules/virtualisation/hyperv-image.nix
View File

@ -1,37 +1,21 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.hyperv;
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"hyperv"
"baseImageSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
in {
options = {
hyperv = {
baseImageSize = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = "auto";
example = 2048;
description = ''
The size of the hyper-v base image in MiB.
'';
};
vmDerivationName = mkOption {
type = types.str;
default = "nixos-hyperv-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}";
@ -50,8 +34,6 @@ in
};
config = {
virtualisation.diskSize = lib.mkDefault (4 * 1024);
system.build.hypervImage = import ../../lib/make-disk-image.nix {
name = cfg.vmDerivationName;
postVM = ''
@ -59,7 +41,7 @@ in
rm $diskImage
'';
format = "raw";
inherit (config.virtualisation) diskSize;
diskSize = cfg.baseImageSize;
partitionTableType = "efi";
inherit config lib pkgs;
};

35
nixos/modules/virtualisation/linode-image.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
let
@ -15,27 +10,19 @@ let
];
}
'';
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
./linode-config.nix
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"linodeImage"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
imports = [ ./linode-config.nix ];
options = {
virtualisation.linodeImage.diskSize = mkOption {
type = with types; either (enum (singleton "auto")) ints.positive;
default = "auto";
example = 1536;
description = ''
Size of disk image in MB.
'';
};
virtualisation.linodeImage.configFile = mkOption {
type = with types; nullOr str;
@ -70,7 +57,7 @@ in
format = "raw";
partitionTableType = "none";
configFile = if cfg.configFile == null then defaultConfigFile else cfg.configFile;
inherit (config.virtualisation) diskSize;
inherit (cfg) diskSize;
inherit config lib pkgs;
};
};

17
nixos/modules/virtualisation/oci-image.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
let
cfg = config.oci;
@ -12,12 +7,9 @@ in
imports = [ ./oci-common.nix ];
config = {
virtualisation.diskSize = lib.mkDefault (8 * 1024);
virtualisation.diskSizeAutoSupported = false;
system.build.OCIImage = import ../../lib/make-disk-image.nix {
inherit config lib pkgs;
inherit (config.virtualisation) diskSize;
inherit (cfg) diskSize;
name = "oci-image";
configFile = ./oci-config-user.nix;
format = "qcow2";
@ -33,10 +25,7 @@ in
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [
pkgs.coreutils
pkgs.curl
];
path = [ pkgs.coreutils pkgs.curl ];
script = ''
mkdir -m 0700 -p /root/.ssh
if [ -f /root/.ssh/authorized_keys ]; then

30
nixos/modules/virtualisation/oci-options.nix
View File

@ -1,27 +1,5 @@
{ config, lib, pkgs, ... }:
{
lib,
...
}:
let
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"oci"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
options = {
oci = {
efi = lib.mkOption {
@ -31,6 +9,12 @@ in
Whether the OCI instance is using EFI.
'';
};
diskSize = lib.mkOption {
type = lib.types.int;
default = 8192;
description = "Size of the disk image created in MB.";
example = "diskSize = 12 * 1024; # 12GiB";
};
};
};
}

345
nixos/modules/virtualisation/proxmox-image.nix
View File

@ -1,31 +1,8 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"proxmoxImage"
"diskSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
{
options.proxmox = {
qemuConf = {
# essential configs
@ -77,10 +54,7 @@ in
'';
};
bios = mkOption {
type = types.enum [
"seabios"
"ovmf"
];
type = types.enum [ "seabios" "ovmf" ];
default = "seabios";
description = ''
Select BIOS implementation (seabios = Legacy BIOS, ovmf = UEFI).
@ -113,6 +87,16 @@ in
either "efi" or "hybrid".
'';
};
diskSize = mkOption {
type = types.str;
default = "auto";
example = "20480";
description = ''
The size of the disk, in megabytes.
if "auto" size is calculated based on the contents copied to it and
additionalSpace is taken into account.
'';
};
net0 = mkOption {
type = types.commas;
default = "virtio=00:00:00:00:00:00,bridge=vmbr0,firewall=1";
@ -140,13 +124,8 @@ in
};
};
qemuExtraConf = mkOption {
type =
with types;
attrsOf (oneOf [
str
int
]);
default = { };
type = with types; attrsOf (oneOf [ str int ]);
default = {};
example = literalExpression ''
{
cpu = "host";
@ -158,12 +137,7 @@ in
'';
};
partitionTableType = mkOption {
type = types.enum [
"efi"
"hybrid"
"legacy"
"legacy+gpt"
];
type = types.enum [ "efi" "hybrid" "legacy" "legacy+gpt" ];
description = ''
Partition table type to use. See make-disk-image.nix partitionTableType for details.
Defaults to 'legacy' for 'proxmox.qemuConf.bios="seabios"' (default), other bios values defaults to 'efi'.
@ -211,163 +185,142 @@ in
};
};
config =
let
cfg = config.proxmox;
cfgLine = name: value: ''
${name}: ${builtins.toString value}
'';
virtio0Storage = builtins.head (builtins.split ":" cfg.qemuConf.virtio0);
cfgFile =
fileName: properties:
pkgs.writeTextDir fileName ''
# generated by NixOS
${lib.concatStrings (lib.mapAttrsToList cfgLine properties)}
#qmdump#map:virtio0:drive-virtio0:${virtio0Storage}:raw:
'';
config = let
cfg = config.proxmox;
cfgLine = name: value: ''
${name}: ${builtins.toString value}
'';
virtio0Storage = builtins.head (builtins.split ":" cfg.qemuConf.virtio0);
cfgFile = fileName: properties: pkgs.writeTextDir fileName ''
# generated by NixOS
${lib.concatStrings (lib.mapAttrsToList cfgLine properties)}
#qmdump#map:virtio0:drive-virtio0:${virtio0Storage}:raw:
'';
inherit (cfg) partitionTableType;
supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid";
supportBios = partitionTableType == "legacy" || partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid";
hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
in {
assertions = [
{
assertion = config.boot.loader.systemd-boot.enable -> config.proxmox.qemuConf.bios == "ovmf";
message = "systemd-boot requires 'ovmf' bios";
}
{
assertion = partitionTableType == "efi" -> config.proxmox.qemuConf.bios == "ovmf";
message = "'efi' disk partitioning requires 'ovmf' bios";
}
{
assertion = partitionTableType == "legacy" -> config.proxmox.qemuConf.bios == "seabios";
message = "'legacy' disk partitioning requires 'seabios' bios";
}
{
assertion = partitionTableType == "legacy+gpt" -> config.proxmox.qemuConf.bios == "seabios";
message = "'legacy+gpt' disk partitioning requires 'seabios' bios";
}
];
system.build.VMA = import ../../lib/make-disk-image.nix {
name = "proxmox-${cfg.filenameSuffix}";
inherit (cfg) partitionTableType;
supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid";
supportBios =
partitionTableType == "legacy"
|| partitionTableType == "hybrid"
|| partitionTableType == "legacy+gpt";
hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid";
hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
in
{
assertions = [
{
assertion = config.boot.loader.systemd-boot.enable -> config.proxmox.qemuConf.bios == "ovmf";
message = "systemd-boot requires 'ovmf' bios";
}
{
assertion = partitionTableType == "efi" -> config.proxmox.qemuConf.bios == "ovmf";
message = "'efi' disk partitioning requires 'ovmf' bios";
}
{
assertion = partitionTableType == "legacy" -> config.proxmox.qemuConf.bios == "seabios";
message = "'legacy' disk partitioning requires 'seabios' bios";
}
{
assertion = partitionTableType == "legacy+gpt" -> config.proxmox.qemuConf.bios == "seabios";
message = "'legacy+gpt' disk partitioning requires 'seabios' bios";
}
];
system.build.VMA = import ../../lib/make-disk-image.nix {
name = "proxmox-${cfg.filenameSuffix}";
inherit (cfg) partitionTableType;
postVM =
let
# Build qemu with PVE's patch that adds support for the VMA format
vma =
(pkgs.qemu_kvm.override {
alsaSupport = false;
pulseSupport = false;
sdlSupport = false;
jackSupport = false;
gtkSupport = false;
vncSupport = false;
smartcardSupport = false;
spiceSupport = false;
ncursesSupport = false;
libiscsiSupport = false;
tpmSupport = false;
numaSupport = false;
seccompSupport = false;
guestAgentSupport = false;
}).overrideAttrs
(super: rec {
# Check https://github.com/proxmox/pve-qemu/tree/master for the version
# of qemu and patch to use
version = "9.0.0";
src = pkgs.fetchurl {
url = "https://download.qemu.org/qemu-${version}.tar.xz";
hash = "sha256-MnCKxmww2MiSYz6paMdxwcdtWX1w3erSGg0izPOG2mk=";
};
patches = [
# Proxmox' VMA tool is published as a particular patch upon QEMU
"${
pkgs.fetchFromGitHub {
owner = "proxmox";
repo = "pve-qemu";
rev = "14afbdd55f04d250bd679ca1ad55d3f47cd9d4c8";
hash = "sha256-lSJQA5SHIHfxJvMLIID2drv2H43crTPMNIlIT37w9Nc=";
}
}/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch"
];
postVM = let
# Build qemu with PVE's patch that adds support for the VMA format
vma = (pkgs.qemu_kvm.override {
alsaSupport = false;
pulseSupport = false;
sdlSupport = false;
jackSupport = false;
gtkSupport = false;
vncSupport = false;
smartcardSupport = false;
spiceSupport = false;
ncursesSupport = false;
libiscsiSupport = false;
tpmSupport = false;
numaSupport = false;
seccompSupport = false;
guestAgentSupport = false;
}).overrideAttrs ( super: rec {
# Check https://github.com/proxmox/pve-qemu/tree/master for the version
# of qemu and patch to use
version = "9.0.0";
src = pkgs.fetchurl {
url = "https://download.qemu.org/qemu-${version}.tar.xz";
hash = "sha256-MnCKxmww2MiSYz6paMdxwcdtWX1w3erSGg0izPOG2mk=";
};
patches = [
# Proxmox' VMA tool is published as a particular patch upon QEMU
"${pkgs.fetchFromGitHub {
owner = "proxmox";
repo = "pve-qemu";
rev = "14afbdd55f04d250bd679ca1ad55d3f47cd9d4c8";
hash = "sha256-lSJQA5SHIHfxJvMLIID2drv2H43crTPMNIlIT37w9Nc=";
}}/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch"
];
buildInputs = super.buildInputs ++ [ pkgs.libuuid ];
nativeBuildInputs = super.nativeBuildInputs ++ [ pkgs.perl ];
buildInputs = super.buildInputs ++ [ pkgs.libuuid ];
nativeBuildInputs = super.nativeBuildInputs ++ [ pkgs.perl ];
});
in
''
${vma}/bin/vma create "vzdump-qemu-${cfg.filenameSuffix}.vma" \
-c ${
cfgFile "qemu-server.conf" (cfg.qemuConf // cfg.qemuExtraConf)
}/qemu-server.conf drive-virtio0=$diskImage
rm $diskImage
${pkgs.zstd}/bin/zstd "vzdump-qemu-${cfg.filenameSuffix}.vma"
mv "vzdump-qemu-${cfg.filenameSuffix}.vma.zst" $out/
});
in
''
${vma}/bin/vma create "vzdump-qemu-${cfg.filenameSuffix}.vma" \
-c ${cfgFile "qemu-server.conf" (cfg.qemuConf // cfg.qemuExtraConf)}/qemu-server.conf drive-virtio0=$diskImage
rm $diskImage
${pkgs.zstd}/bin/zstd "vzdump-qemu-${cfg.filenameSuffix}.vma"
mv "vzdump-qemu-${cfg.filenameSuffix}.vma.zst" $out/
mkdir -p $out/nix-support
echo "file vma $out/vzdump-qemu-${cfg.filenameSuffix}.vma.zst" > $out/nix-support/hydra-build-products
'';
inherit (cfg.qemuConf) additionalSpace bootSize;
inherit (config.virtualisation) diskSize;
format = "raw";
inherit config lib pkgs;
};
boot = {
growPartition = true;
kernelParams = [ "console=ttyS0" ];
loader.grub = {
device = lib.mkDefault (
if (hasNoFsPartition || supportBios) then
# Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"),
# which will be used the bootloader, do not set it as loader.grub.device.
# GRUB installation fails, unless the whole disk is selected.
"/dev/vda"
else
"nodev"
);
efiSupport = lib.mkDefault supportEfi;
efiInstallAsRemovable = lib.mkDefault supportEfi;
};
loader.timeout = 0;
initrd.availableKernelModules = [
"uas"
"virtio_blk"
"virtio_pci"
];
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
fileSystems."/boot" = lib.mkIf hasBootPartition {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
networking = mkIf cfg.cloudInit.enable {
hostName = mkForce "";
useDHCP = false;
};
services = {
cloud-init = mkIf cfg.cloudInit.enable {
enable = true;
network.enable = true;
};
sshd.enable = mkDefault true;
qemuGuest.enable = true;
};
proxmox.qemuExtraConf.${cfg.cloudInit.device} = "${cfg.cloudInit.defaultStorage}:vm-9999-cloudinit,media=cdrom";
mkdir -p $out/nix-support
echo "file vma $out/vzdump-qemu-${cfg.filenameSuffix}.vma.zst" > $out/nix-support/hydra-build-products
'';
inherit (cfg.qemuConf) additionalSpace diskSize bootSize;
format = "raw";
inherit config lib pkgs;
};
boot = {
growPartition = true;
kernelParams = [ "console=ttyS0" ];
loader.grub = {
device = lib.mkDefault (if (hasNoFsPartition || supportBios) then
# Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"),
# which will be used the bootloader, do not set it as loader.grub.device.
# GRUB installation fails, unless the whole disk is selected.
"/dev/vda"
else
"nodev");
efiSupport = lib.mkDefault supportEfi;
efiInstallAsRemovable = lib.mkDefault supportEfi;
};
loader.timeout = 0;
initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
fileSystems."/boot" = lib.mkIf hasBootPartition {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
networking = mkIf cfg.cloudInit.enable {
hostName = mkForce "";
useDHCP = false;
};
services = {
cloud-init = mkIf cfg.cloudInit.enable {
enable = true;
network.enable = true;
};
sshd.enable = mkDefault true;
qemuGuest.enable = true;
};
proxmox.qemuExtraConf.${cfg.cloudInit.device} = "${cfg.cloudInit.defaultStorage}:vm-9999-cloudinit,media=cdrom";
};
}

1749
nixos/modules/virtualisation/qemu-vm.nix
View File

File diff suppressed because it is too large Load Diff

225
nixos/modules/virtualisation/virtualbox-image.nix
View File

@ -1,37 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualbox;
virtualisationOptions = import ./virtualisation-options.nix;
in
{
imports = [
virtualisationOptions.diskSize
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2411;
from = [
"virtualisation"
"virtualbox"
"baseImageSize"
];
to = [
"virtualisation"
"diskSize"
];
})
];
in {
options = {
virtualbox = {
baseImageSize = mkOption {
type = with types; either (enum [ "auto" ]) int;
default = "auto";
example = 50 * 1024;
description = ''
The size of the VirtualBox base image in MiB.
'';
};
baseImageFreeSpace = mkOption {
type = with types; int;
default = 30 * 1024;
@ -68,14 +54,7 @@ in
'';
};
params = mkOption {
type =
with types;
attrsOf (oneOf [
str
int
bool
(listOf str)
]);
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
example = {
audio = "alsa";
rtcuseutc = "on";
@ -88,21 +67,11 @@ in
'';
};
exportParams = mkOption {
type =
with types;
listOf (oneOf [
str
int
bool
(listOf str)
]);
type = with types; listOf (oneOf [ str int bool (listOf str) ]);
example = [
"--vsys"
"0"
"--vendor"
"ACME Inc."
"--vsys" "0" "--vendor" "ACME Inc."
];
default = [ ];
default = [];
description = ''
Parameters passed to the Virtualbox export command.
@ -120,25 +89,23 @@ in
mountPoint = "/home/demo/storage";
size = 100 * 1024;
};
type = types.nullOr (
types.submodule {
options = {
size = mkOption {
type = types.int;
description = "Size in MiB";
};
label = mkOption {
type = types.str;
default = "vm-extra-storage";
description = "Label for the disk partition";
};
mountPoint = mkOption {
type = types.str;
description = "Path where to mount this disk.";
};
type = types.nullOr (types.submodule {
options = {
size = mkOption {
type = types.int;
description = "Size in MiB";
};
}
);
label = mkOption {
type = types.str;
default = "vm-extra-storage";
description = "Label for the disk partition";
};
mountPoint = mkOption {
type = types.str;
description = "Path where to mount this disk.";
};
};
});
};
postExportCommands = mkOption {
type = types.lines;
@ -158,14 +125,7 @@ in
'';
};
storageController = mkOption {
type =
with types;
attrsOf (oneOf [
str
int
bool
(listOf str)
]);
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
example = {
name = "SCSI";
add = "scsi";
@ -192,8 +152,6 @@ in
config = {
virtualisation.diskSize = lib.mkDefault (50 * 1024);
virtualbox.params = mkMerge [
(mapAttrs (name: mkDefault) {
acpi = "on";
@ -217,83 +175,80 @@ in
inherit pkgs lib config;
partitionTableType = "legacy";
inherit (config.virtualisation) diskSize;
diskSize = cfg.baseImageSize;
additionalSpace = "${toString cfg.baseImageFreeSpace}M";
postVM = ''
export HOME=$PWD
export PATH=${pkgs.virtualbox}/bin:$PATH
postVM =
''
export HOME=$PWD
export PATH=${pkgs.virtualbox}/bin:$PATH
echo "converting image to VirtualBox format..."
VBoxManage convertfromraw $diskImage disk.vdi
echo "converting image to VirtualBox format..."
VBoxManage convertfromraw $diskImage disk.vdi
${optionalString (cfg.extraDisk != null) ''
echo "creating extra disk: data-disk.raw"
dataDiskImage=data-disk.raw
truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage
${optionalString (cfg.extraDisk != null) ''
echo "creating extra disk: data-disk.raw"
dataDiskImage=data-disk.raw
truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage
parted --script $dataDiskImage -- \
mklabel msdos \
mkpart primary ext4 1MiB -1
eval $(partx $dataDiskImage -o START,SECTORS --nr 1 --pairs)
mkfs.ext4 -F -L ${cfg.extraDisk.label} $dataDiskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
echo "creating extra disk: data-disk.vdi"
VBoxManage convertfromraw $dataDiskImage data-disk.vdi
''}
parted --script $dataDiskImage -- \
mklabel msdos \
mkpart primary ext4 1MiB -1
eval $(partx $dataDiskImage -o START,SECTORS --nr 1 --pairs)
mkfs.ext4 -F -L ${cfg.extraDisk.label} $dataDiskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
echo "creating extra disk: data-disk.vdi"
VBoxManage convertfromraw $dataDiskImage data-disk.vdi
''}
echo "creating VirtualBox VM..."
vmName="${cfg.vmName}";
VBoxManage createvm --name "$vmName" --register \
--ostype ${if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
VBoxManage modifyvm "$vmName" \
--memory ${toString cfg.memorySize} \
${lib.cli.toGNUCommandLineShell { } cfg.params}
VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController}
VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \
--medium disk.vdi
${optionalString (cfg.extraDisk != null) ''
VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \
--medium data-disk.vdi
''}
echo "creating VirtualBox VM..."
vmName="${cfg.vmName}";
VBoxManage createvm --name "$vmName" --register \
--ostype ${if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
VBoxManage modifyvm "$vmName" \
--memory ${toString cfg.memorySize} \
${lib.cli.toGNUCommandLineShell { } cfg.params}
VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController}
VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \
--medium disk.vdi
${optionalString (cfg.extraDisk != null) ''
VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \
--medium data-disk.vdi
''}
echo "exporting VirtualBox VM..."
mkdir -p $out
fn="$out/${cfg.vmFileName}"
VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams}
${cfg.postExportCommands}
echo "exporting VirtualBox VM..."
mkdir -p $out
fn="$out/${cfg.vmFileName}"
VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams}
${cfg.postExportCommands}
rm -v $diskImage
rm -v $diskImage
mkdir -p $out/nix-support
echo "file ova $fn" >> $out/nix-support/hydra-build-products
'';
mkdir -p $out/nix-support
echo "file ova $fn" >> $out/nix-support/hydra-build-products
'';
};
fileSystems =
{
"/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
}
// (lib.optionalAttrs (cfg.extraDisk != null) {
${cfg.extraDisk.mountPoint} = {
device = "/dev/disk/by-label/" + cfg.extraDisk.label;
autoResize = true;
fsType = "ext4";
};
});
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
} // (lib.optionalAttrs (cfg.extraDisk != null) {
${cfg.extraDisk.mountPoint} = {
device = "/dev/disk/by-label/" + cfg.extraDisk.label;
autoResize = true;
fsType = "ext4";
};
});
boot.growPartition = true;
boot.loader.grub.device = "/dev/sda";
swapDevices = [
{
device = "/var/swap";
size = 2048;
}
];
swapDevices = [{
device = "/var/swap";
size = 2048;
}];
virtualisation.virtualbox.guest.enable = true;

60
nixos/modules/virtualisation/virtualisation-options.nix
View File

@ -1,60 +0,0 @@
# This modules declares shared options for virtual machines,
# containers and anything else in `virtualisation`.
#
# This is useful to declare e.g. defaults for
# `virtualisation.diskSize` once, while building multiple
# different image formats of a NixOS configuration.
#
# Additional options can be migrated over time from
# `modules/virtualisation/qemu-vm.nix` and others.
# Please keep defaults and descriptions here generic
# and independent of i.e. hypervisor-specific notes
# and defaults where.
# Those can be added in the consuming modules where needed.
# needed.
let
_file = ./virtualisation-options.nix;
key = _file;
in
{
diskSize =
{ lib, config, ... }:
let
t = lib.types;
in
{
inherit _file key;
options = {
virtualisation.diskSizeAutoSupported = lib.mkOption {
type = t.bool;
default = true;
description = ''
Whether the current image builder or vm runner supports `virtualisation.diskSize = "auto".`
'';
internal = true;
};
virtualisation.diskSize = lib.mkOption {
type = t.either (t.enum [ "auto" ]) t.ints.positive;
default = "auto";
description = ''
The disk size in megabytes of the virtual machine.
'';
};
};
config =
let
inherit (config.virtualisation) diskSize diskSizeAutoSupported;
in
{
assertions = [
{
assertion = diskSize != "auto" || diskSizeAutoSupported;
message = "Setting virtualisation.diskSize to `auto` is not supported by the current image build or vm runner; use an explicit size.";
}
];
};
};
}

2
nixos/release.nix
View File

@ -312,7 +312,7 @@ in rec {
[ configuration
versionModule
./maintainers/scripts/ec2/amazon-image.nix
({ ... }: { amazonImage.virtualisation.diskSize = "auto"; })
({ ... }: { amazonImage.sizeMB = "auto"; })
];
}).config.system.build.amazonImage)

5
nixos/tests/prometheus-exporters.nix
View File

@ -482,7 +482,6 @@ let
json = {
exporterConfig = {
enable = true;
url = "http://localhost";
configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON {
modules = {
default = {
@ -932,7 +931,9 @@ let
pgbouncer = {
exporterConfig = {
enable = true;
connectionStringFile = pkgs.writeText "connection.conf" "postgres://admin:@localhost:6432/pgbouncer?sslmode=disable";
connectionEnvFile = "${pkgs.writeText "connstr-env" ''
PGBOUNCER_EXPORTER_CONNECTION_STRING=postgres://admin@localhost:6432/pgbouncer?sslmode=disable
''}";
};
metricProvider = {

6
pkgs/applications/networking/browsers/vivaldi/default.nix
View File

@ -24,7 +24,7 @@ let
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec {
pname = "vivaldi";
version = "6.9.3447.37";
version = "6.9.3447.41";
suffix = {
aarch64-linux = "arm64";
@ -34,8 +34,8 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
hash = {
aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
aarch64-linux = "sha256-Up2n7G3vatsQC9JKF1A1jAIBbdWm9UhL/75AXuxDCsg=";
x86_64-linux = "sha256-Hcd8W8bDlRUT/zPYP+aiJnUmepS38KuK0wRFYB3uW1Y=";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};

3
pkgs/applications/networking/cluster/terraform-providers/default.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, buildGoModule
, buildGo123Module
, fetchFromGitHub
, fetchFromGitLab
, callPackage
@ -24,7 +25,7 @@ let
, deleteVendor ? false
, proxyVendor ? false
, mkProviderFetcher ? fetchFromGitHub
, mkProviderGoModule ? buildGoModule
, mkProviderGoModule ? buildGo123Module
# "https://registry.terraform.io/providers/vancluever/acme"
, homepage ? ""
# "registry.terraform.io/vancluever/acme"

434
pkgs/applications/networking/cluster/terraform-providers/providers.json
View File

File diff suppressed because it is too large Load Diff

6
pkgs/by-name/do/dotenvx/package.nix
View File

@ -8,16 +8,16 @@
buildNpmPackage rec {
pname = "dotenvx";
version = "1.8.0";
version = "1.14.0";
src = fetchFromGitHub {
owner = "dotenvx";
repo = "dotenvx";
rev = "refs/tags/v${version}";
hash = "sha256-j30ZEYO8OBMhEPn+LDipZ/aciWrI9QWStz6tHq0uX7E=";
hash = "sha256-UVev21LZ2y0C8BCSm6I8BTQziSDZUXP3A/ThOpKtsrQ=";
};
npmDepsHash = "sha256-ZSnrV1C9NX/Wq7cjKlM1w/m6T7snfnPru5g0pqFTGis=";
npmDepsHash = "sha256-ehWHIKYkSAkdTLGpBOU7lJoWNa5uv9Zy0+2qwnCv0m8=";
dontNpmBuild = true;

6
pkgs/by-name/ki/kitex/package.nix
View File

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "kitex";
version = "0.10.3";
version = "0.11.0";
src = fetchFromGitHub {
owner = "cloudwego";
repo = "kitex";
rev = "v${version}";
hash = "sha256-aSvN8yjCHxhzLHwQovWFMaoD6ljy8aikxI7jUoeRvDs=";
hash = "sha256-SD898LbygIHL0X5YVSoJRdP1GQiB8NGfIAFAlx4Gfe8=";
};
vendorHash = "sha256-nscMcJGFZ1YPPynTV+Mp8tXndtlIcszDZm36zMbNBYs=";
vendorHash = "sha256-tdtiG0jf7Ilvs1KZWggGyqBOQXAWs+zlF09AN80AoC0=";
subPackages = [ "tool/cmd/kitex" ];

14
pkgs/applications/networking/cluster/kubectl-gadget/default.nix → pkgs/by-name/ku/kubectl-gadget/package.nix
View File

@ -1,17 +1,17 @@
{ lib, buildGoModule, fetchFromGitHub }:
{ lib, buildGoModule, fetchFromGitHub, kubectl-gadget, testers }:
buildGoModule rec {
pname = "kubectl-gadget";
version = "0.31.0";
version = "0.32.0";
src = fetchFromGitHub {
owner = "inspektor-gadget";
repo = "inspektor-gadget";
rev = "v${version}";
hash = "sha256-f93PdSA3OGiUUXSQn0aUP3o5xfvjiq/3L3Bz9k4OigI=";
hash = "sha256-c6hy7B8zaU/LnTMAohc9KPzu1ocOVFJ9wL4GOIwxqkw=";
};
vendorHash = "sha256-lBfz0tzCWKEAAmpvjB2kUJ3aLjlzAjniIu/1aNE80Xg=";
vendorHash = "sha256-7HfYCHxQUapDo33IAzxCp2iaL4G7oOqK0KyjqbmbR/w=";
CGO_ENABLED = 0;
@ -28,6 +28,12 @@ buildGoModule rec {
subPackages = [ "cmd/kubectl-gadget" ];
passthru.tests.version = testers.testVersion {
package = kubectl-gadget;
command = "kubectl-gadget version || true"; # mask non-zero return code if no kubeconfig present
version = "v${version}";
};
meta = with lib; {
description = "Collection of gadgets for troubleshooting Kubernetes applications using eBPF";
mainProgram = "kubectl-gadget";

61
pkgs/by-name/mo/monitorets/package.nix Normal file
View File

@ -0,0 +1,61 @@
{
lib,
python3Packages,
fetchFromGitHub,
meson,
ninja,
pkg-config,
gobject-introspection,
wrapGAppsHook4,
desktop-file-utils,
libadwaita,
}:
python3Packages.buildPythonApplication rec {
pname = "monitorets";
version = "0.10.1";
# built with meson, not a python format
pyproject = false;
src = fetchFromGitHub {
owner = "jorchube";
repo = "monitorets";
rev = "refs/tags/${version}";
hash = "sha256-Y6cd9Wf2IzHwdxzLUP/U4rervlPUr8s2gKSW8y5I7bg=";
};
nativeBuildInputs = [
meson
ninja
pkg-config
gobject-introspection
wrapGAppsHook4
desktop-file-utils
];
buildInputs = [ libadwaita ];
dependencies = with python3Packages; [
pygobject3
xdg
psutil
];
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = {
description = "Simple and quick view at the usage of your computer resources";
homepage = "https://github.com/jorchube/monitorets";
license = with lib.licenses; [
gpl3Plus
cc0
];
mainProgram = "monitorets";
maintainers = with lib.maintainers; [ aleksana ];
platforms = lib.platforms.linux;
};
}

4
pkgs/development/python-modules/ansible-compat/default.nix
View File

@ -16,7 +16,7 @@
buildPythonPackage rec {
pname = "ansible-compat";
version = "24.8.0";
version = "24.9.0";
pyproject = true;
disabled = pythonOlder "3.10";
@ -24,7 +24,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "ansible_compat";
inherit version;
hash = "sha256-z6rcY/TYXcv0eI97zsLKhWPntcn9MFgAXv15iPHBciw=";
hash = "sha256-xaQqVt0hJiXPyx0x5RpuD1JZNpG94f5KeIgeixt4prg=";
};
nativeBuildInputs = [

4
pkgs/development/python-modules/etils/default.nix
View File

@ -29,14 +29,14 @@
buildPythonPackage rec {
pname = "etils";
version = "1.9.3";
version = "1.9.4";
pyproject = true;
disabled = pythonOlder "3.10";
src = fetchPypi {
inherit pname version;
hash = "sha256-qjt6hF3jwbabMMoHBG6MT9LoXsvmBKpL8Y6pPnsxhPA=";
hash = "sha256-+tlQQU8KHKWMcMcJFbABT5lT3ZvPiqlRoPdf+b7L6yQ=";
};
nativeBuildInputs = [ flit-core ];

4
pkgs/development/python-modules/pytest-textual-snapshot/default.nix
View File

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "pytest-textual-snapshot";
version = "0.4.0";
version = "1.0.0";
pyproject = true;
disabled = pythonOlder "3.8";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "Textualize";
repo = "pytest-textual-snapshot";
rev = "refs/tags/v${version}";
hash = "sha256-XkXeyodRdwWqCP63Onx82Z3IbNLDDR/Lvaw8xUY7fAg=";
hash = "sha256-C8vL2kLOvVcDlTtNiG/pf7PwHzb/F0sWdkEcLvdGrd8=";
};
nativeBuildInputs = [ poetry-core ];

4
pkgs/development/python-modules/rns/default.nix
View File

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "rns";
version = "0.7.6";
version = "0.7.7";
pyproject = true;
disabled = pythonOlder "3.7";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "markqvist";
repo = "Reticulum";
rev = "refs/tags/${version}";
hash = "sha256-YSaabiCsSoG3BZ/0gM/fRIKQKdQ9MRtlHe+tPnzFJSw=";
hash = "sha256-cNOVk7JCu4kMevH9MAWWvtLIzfbBBy+h7bhTBhkfrvI=";
};
patches = [

6
pkgs/servers/monitoring/prometheus/pgbouncer-exporter.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "pgbouncer-exporter";
version = "0.8.0";
version = "0.9.0";
src = fetchFromGitHub {
owner = "prometheus-community";
repo = "pgbouncer_exporter";
rev = "v${version}";
hash = "sha256-QnA9H4qedCPZKqJQ1I2OJO42mCWcWqYxLmeF3+JXzTw=";
hash = "sha256-fKoyRHYLwVefsZ014eazVCD5B9eV8/CUkuHE4mbUqVo=";
};
vendorHash = "sha256-NYiVW+CNrxFrEUl1nsTeNNgy7SmTYgqs1d50rCvyBcw=";
vendorHash = "sha256-IxmxfF9WsF0Hbym4G0UecyW8hAvucoaCFUE1kXUljJs=";
meta = with lib; {
description = "Prometheus exporter for PgBouncer";

6
pkgs/tools/networking/nebula/default.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "nebula";
version = "1.9.3";
version = "1.9.4";
src = fetchFromGitHub {
owner = "slackhq";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-+RferzOPlx7UuqpckQBY/RDO9gptknhuan+Es0Vf/yM=";
hash = "sha256-Y8BTbvdSJ+xlxHuy0TzQEGiymJzAqlHe3PiXAlUddPs=";
};
vendorHash = "sha256-4BnFvA0dxsEK7ictDUZ6nol6PtM54kk9dwKPTQbRUR0=";
vendorHash = "sha256-oXhq+s5gDKPVClZpOzYi7BaYwcDqbCLBEO5BNGy9LJA=";
subPackages = [ "cmd/nebula" "cmd/nebula-cert" ];

14
pkgs/tools/package-management/nix/default.nix
View File

@ -184,7 +184,7 @@ in lib.makeExtensible (self: ({
self_attribute_name = "nix_2_23";
};
nix_2_24 = (common {
nix_2_24 = ((common {
version = "2.24.5";
hash = "sha256-mYvdPwl4gcc17UAomkbbOJEgxBQpowmJDrRMWtlYzFY=";
self_attribute_name = "nix_2_24";
@ -197,9 +197,13 @@ in lib.makeExtensible (self: ({
# allocation function Clang uses with this setting actually works
# all the way back to 10.6.
stdenv = overrideSDK stdenv { darwinMinVersion = "10.13"; };
})).overrideAttrs (o: {
meta.knownVulnerabilities = [
"Nix >= 2.24.0 and master have a vulnerability. Please downgrade from nix_2_24 to nix_2_23"
];
});
git = (common rec {
git = ((common rec {
version = "2.25.0";
suffix = "pre20240807_${lib.substring 0 8 src.rev}";
src = fetchFromGitHub {
@ -218,9 +222,13 @@ in lib.makeExtensible (self: ({
# allocation function Clang uses with this setting actually works
# all the way back to 10.6.
stdenv = overrideSDK stdenv { darwinMinVersion = "10.13"; };
})).overrideAttrs (o: {
meta.knownVulnerabilities = [
"Nix >= 2.24.0 and master have a vulnerability. Please downgrade from nixVersions.git to nixVersions.nix_2_23"
];
});
latest = self.nix_2_24;
latest = self.nix_2_23;
# The minimum Nix version supported by Nixpkgs
# Note that some functionality *might* have been backported into this Nix version,

2
pkgs/top-level/all-packages.nix
View File

@ -31192,8 +31192,6 @@ with pkgs;
kubectl-explore = callPackage ../applications/networking/cluster/kubectl-explore { };
kubectl-gadget = callPackage ../applications/networking/cluster/kubectl-gadget { };
kubectl-images = callPackage ../applications/networking/cluster/kubectl-images { };
kubectl-klock = callPackage ../applications/networking/cluster/kubectl-klock { };