Commit Graph

9496 Commits

Author SHA1 Message Date
Maximilian Bosch
0bd7e8585f nixos/tests/postgresql: test plv8 hardening on non-JIT variants only
PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.

This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.

(cherry picked from commit 68d9643388)
2024-11-16 21:30:02 +00:00
Martin Weinelt
830116313f nixosTests.postgresql: test hardening gets relaxed
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.

Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
(cherry picked from commit e198536d26)
2024-11-16 21:30:02 +00:00
Martin Weinelt
7d07116532 nixos/postgresql: rename extraPlugins to extensions
This is the upstream lingo, and it makes everything slightly less
confusing.

(cherry picked from commit 223a6c6ed0)
2024-11-16 21:30:02 +00:00
Maximilian Bosch
022c3e8ad0 postgresql_12: remove
This will be EOL at the end of November, so there's little reason to
keep it in 24.11[1]. As discussed, we'd like to keep it for as long as
possible to make sure there's a state in nixpkgs that has the latest
minor of postgresql_12 available with the most recent CVEs fixed for
people who cannot upgrade[2].

This aspect has been made explicit in the manual now for the next .11
release.

During the discussions it has been brought up that if people just do
`services.postgresql.enable = true;` and let the code decide the
postgresql version based on `system.stateVersion`, there's a chance that
such EOL dates will be missed. To make this harder, a warning will now
be raised when using the stateVersion-condition and the oldest still
available major is selected.

Additionally regrouped the postgresql things in the release notes to
make sure these are all shown consecutively. Otherwise it's a little
hard to keep track of all the changes made to postgresql in 24.11.

[1] https://endoflife.date/postgresql
[2] https://github.com/NixOS/nixpkgs/pull/353158#issuecomment-2453056692

(cherry picked from commit 0b3eef7441)
2024-11-15 11:07:42 +00:00
Weijia Wang
9c631cfd4a
nixos/nixosTests.kerberos: add test suite for LDAP backend (#337719) 2024-11-14 17:26:05 +01:00
Pol Dellaiera
cf69fc271d
nixos/glances: init (#303320) 2024-11-14 05:47:04 +01:00
Yorick
97dfe7efe4
maintainers: Remove mkaito (#355650) 2024-11-13 19:57:30 +01:00
Maximilian Bosch
0524f3b302
Merge: nixosTests.postgresql: run tests with JIT as well (#355502) 2024-11-13 16:13:01 +01:00
Nessdoor
005ec27097 nixos/nixosTests.kerberos: add test suite for LDAP backend 2024-11-13 14:42:06 +01:00
Christian Höppner
8feba149a0
mkaito: Remove 2024-11-13 12:03:00 +00:00
Claes Hallström
d174bf438b nixos/glances: init module 2024-11-13 00:06:47 +01:00
Wolfgang Walther
9486472352
nixosTests.postgresql: run tests with JIT as well
This was intended for quite some time already, but ever since enableJIT
was changed to be the source of truth of JIT-iness for the PostgreSQL
module, this hasn't worked for the tests anymore.
2024-11-12 21:04:41 +01:00
Maximilian Bosch
dbd8326b7f
Merge: wordpress: drop unmaintained release (#355291) 2024-11-12 19:20:25 +01:00
Weijia Wang
40d6aaaeb1 wordpress: drop unmaintained release 2024-11-11 23:26:22 +01:00
Cosima Neidahl
e1b70fb061
nixos/lomiri: Better support stand-alone greeter usage (#352425) 2024-11-11 20:00:29 +01:00
Weijia Wang
99ad7da9e3
nixosTests.frr: fix node.router.config warning (#354710) 2024-11-11 00:54:13 +01:00
Maximilian Bosch
9a333460f5
Merge: postgresql: improve passthru.tests (#352966) 2024-11-10 15:34:04 +01:00
Sefa Eyeoglu
e9c53bdf9a
nixos/localsend: add package option & allow udp port (#333485) 2024-11-10 12:47:30 +01:00
Robert Schütz
06be8564e5
immich: 1.119.1 -> 1.120.1 (#354083) 2024-11-09 14:53:47 -08:00
Robert Schütz
ee1cffa25c immich: 1.119.1 -> 1.120.1
Changelog: https://github.com/immich-app/immich/releases/tag/v1.120.0
           https://github.com/immich-app/immich/releases/tag/v1.120.1
2024-11-09 14:44:21 -08:00
Wolfgang Walther
45cef36e39
nixosTests.postgresql: run nixfmt
Because with as many changes as in here anybody working on those test
files will have merge conflicts anyway.
2024-11-09 18:24:52 +01:00
Wolfgang Walther
128244b598
nixosTests.postgresql: use a common pattern throughout all tests
Avoiding "with", using the same names and basic structure in each test.

Consistency is key!
2024-11-09 18:24:52 +01:00
Wolfgang Walther
9035573855
nixosTests.postgresql: move all postgresql related nixosTests into one folder
This makes it possible to run all those tests at once by building
nixosTests.postgresql and allow a simple entry to ci/OWNERS for all
tests.
2024-11-09 18:24:52 +01:00
Wolfgang Walther
db2d6a00ab
postgresqlPackages.anonymizer: make passthru.tests work with correct package
Same reasoning as commit before.
2024-11-09 18:24:52 +01:00
Wolfgang Walther
23c19a255f
postgresqlPackages.timescaledb: make passthru.tests work with correct package
Same reasoning as commit before.
2024-11-09 18:24:52 +01:00
Wolfgang Walther
6d7da20a90
postgresqlPackages.tsja: make passthru.tests work with correct package
Same reasoning as commit before.
2024-11-09 18:24:52 +01:00
Wolfgang Walther
a5c41ae80a
postgresqlPackages.pgvecto-rs: make passthru.tests work with correct package
Same reasoning as commit before.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
0af934adf7
postgresqlPackages.pgjwt: make passthru.tests work with correct package
Same reasoning as commit before.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
ecffab1fda
postgresqlPackages.postgis: move nixosTests.postgis into package
Same reasoning as commit before.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
aded718a98
postgresqlPackages.apache_datasketches: move nixosTests.apache_datasketches into package
There is no need to fire up a whole VM just to run a two line test of
creating the extension. We can use postgresqlTestExtension for that.
This has the advantage that it runs with postgresqlTestHook, so without
a VM, making it more portable.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
139c546676
postgresql: add passthru.tests.postgresql-tls-client-cert
Same reasoning as commit before.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
f6c2de9262
postgresql: add passthru.tests.postgresql
Restructuring the nixosTests.postgresql test a little bit to allow
calling it with the specific versioned package from generic.nix.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
319d82d5c2
nixosTests.postgresql-wal2json: avoid manual imports
Same reasoning as commit before.
2024-11-09 18:24:51 +01:00
Wolfgang Walther
65ef7381c8
nixosTests.postgresql-jit: avoid manual imports
Same reasoning as commit before.
2024-11-09 18:24:50 +01:00
Wolfgang Walther
a1ae4377e0
nixosTests.postgresql-wal-receiver: avoid manual imports
Manually importing postgresql packages from the /pkgs/ folder or
manually importing the test from /nixos/tests/ in generic.nix is not
only ugly, but also forbidden should we ever move to pkgs/by-name.

We can achieve almost the same with a slightly different setup. We allow
overriding the postgresql package for the test via passthru.override, to
make sure that each postgresql_xx.tests.postgresql-wal-receiver is
properly teted with the right version.
2024-11-09 18:24:50 +01:00
Wolfgang Walther
d3feaaebea
nixosTests.pgjwt: fix test
This seems to have broken years ago, because "CREATE EXTENSION
pgcrypto;" etc. were added to the upstream file about 6 years ago.
2024-11-09 18:23:58 +01:00
Noa Aarts
1cc81439e7
nixosTests.frr: fix warning, use nodes.router instead of nodes.router.config 2024-11-09 09:28:11 +01:00
Noa Aarts
f93219dfa0
nixosTests.frr: format using nixfmt 2024-11-09 09:27:24 +01:00
K900
58626b7634
nixos/tests/acme: explicitly start the targets we wait for (#354629) 2024-11-09 09:58:58 +03:00
K900
c8fd06c3b2 nixos/tests/acme: wait for server to run before starting the target
This is really an ordering issue in the ACME module itself,
but while we think of how to fix it, this should at least unflake
the tests.
2024-11-09 09:40:38 +03:00
Weijia Wang
da5252dd31
nixosTests.retroarch: fix test by changing window title (#354067) 2024-11-09 01:03:07 +01:00
Peder Bergebakken Sundt
dcc6e1558c
nixos/keepassxc: fix test (#353938) 2024-11-09 00:10:04 +01:00
K900
ee6df93fe2 nixos/tests/acme: explicitly start the targets we wait for
This should address the other source of flakiness in the test.
2024-11-09 01:57:35 +03:00
K900
0453fe2395
{apache,caddy,nginx}: not "before" ACME certs using DNS validation (#336412) 2024-11-08 18:50:28 +03:00
ThinkChaos
b432e86caf
nixos/acme: remove unused binding in tests 2024-11-07 20:19:12 -05:00
Emily
3a6d4d006a
treewide: use getLib when accessing clang / libclang / stdenv.cc.cc (#354197) 2024-11-07 18:16:05 +00:00
Reno Dakota
52bf1163fa
treewide: use getLib when accessing clang / libclang / stdenv.cc.cc
In preparation to eliminate the lib output for the unwrapped clang, use
`lib.getLib` to access the `lib` output.
2024-11-07 10:27:41 +00:00
Fabián Heredia Montiel
2f31bf4c47 linux/hardened/patches/6.11: init at v6.11.6-hardened1 2024-11-06 18:15:54 -06:00
Noa Aarts
5d0cd804a5
nixosTests.retroarch: fix test by changing expected window title 2024-11-06 20:09:10 +01:00
Noa Aarts
dd4d691d9b
nixosTests.retroarch: format using nixfmt 2024-11-06 20:08:39 +01:00