Commit Graph

21539 Commits

Author SHA1 Message Date
Luke Granger-Brown
491216df02
Merge pull request #122099 from alekna/fix/docker
nixos/docker: ensure ipv4 forwarding is enabled
2021-05-09 12:15:16 +01:00
Michele Guerini Rocco
e5452226af
Merge pull request #121791 from dotlambda/sudo-execWheelOnly
nixos/sudo: add option execWheelOnly
2021-05-09 10:04:15 +02:00
Vladimír Čunát
5663b2b2d3
Merge branch 'master' into staging-next
(a trivial conflict in transmission)
2021-05-09 09:31:55 +02:00
Izorkin
506646e48b
nixos/tests/unit-php: require one of users.users.name.{isSystemUser,isNormalUser} 2021-05-09 07:42:02 +03:00
Robert Hensing
e312fc23c4
Merge pull request #122282 from roberth/docker-tools-reenable-lint
nixos/tests/docker-tools*: enable linting
2021-05-09 03:33:42 +02:00
Robert Hensing
75c4fc1c8b nixos/testing-python.nix: Move makeWrapper to nativeBuildInputs 2021-05-09 03:04:03 +02:00
Robert Hensing
8c868f47a8 Revert "nixos/tests/docker-tools*: remove useless formatter"
Annoyed with the interference of the python formatting of
generated code (see #72964), I took matters into my own hands
as maintainer of dockerTools.

Afterwards, I've created a PR, hoping to unstuck the discussion.

@aszlig took notice and thanks to his python ecosystem knowledge,
the testing efforts of @blaggacao and @Ma27, and a sense of
shared suffering and comraderie we were able to change the
situation for the better in #122201.

Now, we have a proper linter that actually helps contributors,
so it's time to turn it back on again.

I'm glad we could make it happen this quickly!

Thanks!

This reverts commit 4035049af3.
2021-05-09 02:57:17 +02:00
aszlig
54bc69637b
nixos/test/virtualbox: Fix linting errors
There were a bunch of unnecessary f-strings in there and I also removed
the "# fmt: on/off" comments, because we no longer use Black and thus
won't need those comments anymore.

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:32 +02:00
aszlig
74bff4e667
nixos/tests/unbound: Remove unused 'json' import
Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:30 +02:00
David Arnold
6ad2e41269
nixos/testing: lint jellyfin test 2021-05-09 02:28:28 +02:00
aszlig
6c0ec527b9
nixos/tests/shadow: Fix linting errors
Linter errors reported:

  6:32 f-string is missing placeholders
  7:26 f-string is missing placeholders
  8:32 f-string is missing placeholders
  30:32 f-string is missing placeholders
  31:26 f-string is missing placeholders
  32:32 f-string is missing placeholders
  48:32 f-string is missing placeholders
  49:26 f-string is missing placeholders
  50:32 f-string is missing placeholders
  76:32 f-string is missing placeholders
  77:26 f-string is missing placeholders
  78:32 f-string is missing placeholders

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:26 +02:00
aszlig
e157ad41cb
nixos/tests/printing: Remove unused 'sys' import
Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:23 +02:00
aszlig
c066cc3c0b
nixos/tests/networking: Fix str literal comparison
Linter error:

  use ==/!= to compare constant literals (str, bytes, int, float, tuple)

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:20 +02:00
aszlig
62a518b904
nixos/tests/yggdrasil: Fix linting error
Linter error was: f-string is missing placeholders

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:18 +02:00
Maximilian Bosch
b782440a62
nixosTests.custom-ca: lint 2021-05-09 02:28:16 +02:00
Maximilian Bosch
b4b5dcb669
nixosTests.containers-imperative: lint 2021-05-09 02:28:14 +02:00
Maximilian Bosch
fc76a44d0f
nixosTests.containers-custom-pkgs: lint
The new linter basically does

   def testScript
      # ...

before calling `pyflakes`. As this test-script is empty, it would lead
to a syntax-error unless `pass` is added.
2021-05-09 02:28:11 +02:00
Maximilian Bosch
774aba102a
nixosTests.chromium: lint
Note: I didn't execute it entirely because I'd have to build chromium
for this, but the diff appears fine.
2021-05-09 02:28:09 +02:00
Robert Hensing
b9e7fb14e2
nixos/tests/nfs: lint 2021-05-09 02:28:07 +02:00
Robert Hensing
06b070ffe7
nixosTests.acme: lint 2021-05-09 02:28:04 +02:00
Robert Hensing
56d9637119
nixos/testing: Set up scope for testScript linter
Our test driver exposes a bunch of variables and functions, which
pyflakes doesn't recognise by default because it assumes that the test
script is executed standalone. In reality however the test driver script
is using exec() on the testScript.

Fortunately pyflakes has $PYFLAKES_BUILTINS, which are the attributes
that are globally available on all modules to be checked. Since we only
have one module, using this environment variable is fine as opposed to
my first approach to this, which tried to use the unstable internal API
of pyflakes.

The attributes are gathered by the main derivation of the test driver,
because we don't want to end up defining a new attribute in the test
driver module just to being confused why using it in a test will result
in an error.

Another way we could have gathered these attributes would be in
mkDriver, which is where the linting takes place. However, we do have a
different set of Python dependencies in scope and duplicating these will
again just cause confusion over having it at one location only.

Signed-off-by: aszlig <aszlig@nix.build>
Co-Authored-By: aszlig <aszlig@nix.build>
2021-05-09 02:26:51 +02:00
Robert Hensing
71087b2bc4
nixos/testing-python.nix: Expose driver
(cherry picked from commit a2c9220568648b4528154ebd8e657add243ed0b4)
2021-05-09 02:26:40 +02:00
aszlig
c362a28fcf
nixos/testing: Switch from black to pyflakes
So far, we have used "black" for formatting the test code, which is
rather strict and opinionated and when used inline in Nix expressions it
creates all sorts of trouble.

One of the main annoyances is that when using strings coming from Nix
expressions (eg. store paths or option definitions from NixOS modules),
completely unrelated changes could cause tests to fail, since eg. black
wants lines to be broken.

Another downside of enforcing a certain kind of formatting is that it
makes the Nix expression code inconsistent because we're mixing two
spaces of indentation (common in nixpkgs) with four spaces of
indentation as defined in PEP-8. While this is perfectly fine for
standalone Python files, it really looks ugly and inconsistent IMO when
used within Nix strings.

What we actually want though is a linter that catches problems early on
before actually running the test, because this is *actually* helping in
development because running the actual VM test takes much longer.

This is the reason why I switched from black to pyflakes, because the
latter actually has useful checks, eg. usage of undefined variables,
invalid format arguments, duplicate arguments, shadowed loop vars and
more.

Signed-off-by: aszlig <aszlig@nix.build>
Closes: https://github.com/NixOS/nixpkgs/issues/72964
2021-05-09 02:26:37 +02:00
Robert Schütz
5624aa9f81 nixos/sudo: add option execWheelOnly
By setting the executable's group to wheel and permissions to 4510, we
make sure that only members of the wheel group can execute sudo.
2021-05-08 23:48:00 +02:00
paumr
5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Hensing
4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include
nixos/unbound: allow list of strings in top-level settings option type
2021-05-08 22:00:57 +02:00
github-actions[bot]
6d46d8a9b9
Merge master into staging-next 2021-05-08 18:22:46 +00:00
Laurynas Alekna
9317570735 nixos/docker: ensure ipv4 forwarding is enabled
Fixes #118656
2021-05-08 18:58:24 +01:00
Marc 'risson' Schmitt
0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2021-05-08 19:55:17 +02:00
divanorama
b7dea9e494 nixosTests.systemd-confinement: fix script format
https://hydra.nixos.org/build/142591177/nixlog/30

ZHF: #122042
2021-05-08 10:05:15 -07:00
Aaron Andersen
9254b82706
Merge pull request #121746 from j0hax/monero-options
nixos/monero: add dataDir option
2021-05-08 11:43:49 -04:00
Robert Hensing
3cfb002b07
Merge pull request #122192 from roberth/docker-tools-stimulate-testing
dockerTools testing update
2021-05-08 15:53:17 +02:00
Robert Hensing
4035049af3 nixos/tests/docker-tools*: remove useless formatter 2021-05-08 15:03:20 +02:00
Robert Hensing
a67c97a5eb nixos/tests/docker-tools*: Add myself as maintainer where missing
I should have done this when I became maintainer for dockerTools,
but it's the PR reviews that matter.
2021-05-08 15:00:19 +02:00
Martin Weinelt
9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Vladimír Čunát
080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Gemini Lasswell
28f51d7757 nixos/yggdrasil: set directory permissions before writing keys
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
2021-05-08 09:49:19 +02:00
Jan Tojnar
468cb5980b gnome: rename from gnome3
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
2021-05-08 09:47:42 +02:00
github-actions[bot]
e21fb16f9a
Merge master into staging-next 2021-05-08 06:20:05 +00:00
Silvan Mosberger
08d94fd2b0
Merge pull request #114374 from oxalica/lib/platform-support-check
lib.meta: introduce `availableOn` to check package availability on given platform
2021-05-08 03:54:36 +02:00
github-actions[bot]
b4416b52c5
Merge master into staging-next 2021-05-08 00:46:50 +00:00
Johannes Arnold
c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Michele Guerini Rocco
4e4869b92b
Merge pull request #114745 from rnhmjoj/brltty
brltty: 6.1 -> 6.3; nixos/brltty: use upstream units
2021-05-07 23:35:57 +02:00
Domen Kožar
8ecb0344a0
Merge pull request #121720 from samueldr/feature/arm-stage-1-modules
installer images: Add available modules to stage-1 on ARM platforms
2021-05-07 22:01:09 +02:00
Evils
5ae90276c3 nixos/fancontrol: clean up module
set a group and user for the service
remove default null config
  it's required, now it throws an error pointing to the option

set myself (module author) as maintainer
2021-05-07 11:46:40 -07:00
Evils
3d043c6939 nixosTests.fancontrol: fix test
and set myself (module author) as maintainer
2021-05-07 11:46:40 -07:00
github-actions[bot]
1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Robin Gloster
29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable
nixos/network: allow configuring tempaddr for undeclared interfaces
2021-05-07 13:01:29 -05:00
ajs124
cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5
spidermonkey_1_8_5: drop
2021-05-07 18:55:49 +02:00
Robert Hensing
316b82563a
Merge pull request #121702 from hercules-ci/nixos-hercules-ci-agent-update
nixos/hercules-ci-agent: updates
2021-05-07 15:48:33 +02:00
Vladimír Čunát
9f054b5e1a
treewide: remove worldofpeace from meta.maintainers
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
2021-05-07 15:36:40 +02:00
github-actions[bot]
12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Linus Heckemann
47828e7dc0 nixos/manual: document IPv6 Privacy Extensions options 2021-05-07 13:55:11 +02:00
Jan Tojnar
9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
github-actions[bot]
e5f4def056
Merge staging-next into staging 2021-05-07 00:46:58 +00:00
Robert Hensing
0633b6aa74
Merge pull request #121870 from Pacman99/pass-specialargs
lib/modules: pass specialArgs to modules
2021-05-07 01:54:48 +02:00
Pacman99
87c659ab94 nixos/top-level: specialArgs to specialisations 2021-05-06 16:04:08 -07:00
John Ericson
a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
Sander van der Burg
77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt
6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt
24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
2021-05-06 16:55:53 +02:00
Jörg Thalheim
4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata
netdata: 1.29.3 -> 1.30.1
2021-05-06 14:58:33 +01:00
github-actions[bot]
c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
Maximilian Bosch
a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple
wpa_supplicant: allow both imperative and declarative networks
2021-05-06 11:01:35 +02:00
Simon Thoby
1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
2021-05-05 22:47:52 +02:00
Jan Tojnar
878abc6488
nixos/gnome3: Install GNOME Tour
It will be run after startup.
2021-05-05 22:43:02 +02:00
Jan Tojnar
316928e8c1
nixos/gnome3: Enable power-profiles-daemon
GNOME 40 added support for it in Control Center.
2021-05-05 22:43:01 +02:00
Jan Tojnar
49ae2e4c26
gnome3.gnome-getting-started-docs: drop
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
2021-05-05 22:43:01 +02:00
Jan Tojnar
913123f3b1
rl-2105: Mention GNOME 40 2021-05-05 22:42:58 +02:00
Jan Tojnar
d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00
Jan Tojnar
941b15b003
librsvg: register installed tests 2021-05-05 22:20:22 +02:00
Samuel Dionne-Riel
6cb46a3897 sd_image_raspberrypi4: Remove, as planned initially
The replacement is the generic AArch64 image.

From there, you can customize an image that works better for your
needs, if need be.
2021-05-05 16:19:13 -04:00
Izorkin
53651179b9
nixos/netdata: update capabilities 2021-05-05 20:46:07 +03:00
github-actions[bot]
af9d9374fa
Merge staging-next into staging 2021-05-05 12:23:47 +00:00
Michael Weiss
ff5fdec093
Merge pull request #121437 from primeos/nixos-tests-sway
nixos/tests/sway: init
2021-05-05 13:52:51 +02:00
Robert Schütz
f82c6fdfd5 nixos/matrix-dendrite: rename to dendrite 2021-05-05 12:38:02 +02:00
Robert Schütz
007cab9644 matrix-dendrite: rename to dendrite
No other distro calls it matrix-dendrite:
https://repology.org/project/matrix-dendrite
2021-05-05 12:37:04 +02:00
Robert Hensing
ce93c98ce2
Merge pull request #99132 from Infinisil/recursive-type-deprecation
Recursive type deprecation
2021-05-05 11:13:37 +02:00
github-actions[bot]
dbc1478d23
Merge staging-next into staging 2021-05-05 06:21:29 +00:00
Ben Siraphob
a913f3ff49 nixos/tests/wmderland: remove stdenv.lib 2021-05-05 01:43:05 -04:00
Silvan Mosberger
0a377f11a5 nixos/treewide: Remove usages of deprecated types.string 2021-05-05 03:31:41 +02:00
github-actions[bot]
68e3ba2b1d
Merge staging-next into staging 2021-05-05 00:46:07 +00:00
Samuel Dionne-Riel
1cb977c858 sd-image: Rely on profiles/all-hardware.nix
This ensures that SD images and UEFI installers don't drift in
compatibility with regards to early initrd.
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
cb9b46a3cd profiles/all-hardware.nix: Add vc4 for broadcom hardware
Namely, early KMS on raspberry pi
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
f5b7687d26 profiles/all-hardware.nix: Share some config for all ARM 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
14ac6de024 profiles/all-hardware.nix: Fix for arvmv7l-linux 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
82625705c6 profiles/all-hardware.nix: Add analogix-dp
While it's being brought in implicitly by the other analogix driver,
let's be explicit, in case things change.
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
9fa3e2c2a3 profiles/all-hardware.nix: Add regulator needed for rockchip
But not exclusive to rockchip
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
535d463cf9 profiles/all-hardware.nix: Add rockchip modules 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
70205bd13c profiles/all-hardware.nix: Add support for Raspberry Pi 4 USB 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
a846d19831 profiles/all-hardware.nix: Add power regulator modules
This is used on some allwinner platforms, and is a weak dependency for
USB to work.
2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
a8af02fe6d profiles/all-hardware.nix: Add modules for integrated displays
Namely, this is used by the pinebook's display
2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
5bc36c1b30 profiles/all-hardware.nix: Add support for Allwinner hardware 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
c60de92917 profiles/all-hardware.nix: Add simplefb for AArch64 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel
556fc32d69 iso-image: Build using strictDeps 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel
f1100e1506 iso-image: Add support for armv7l-linux 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel
d053c05d19 iso-image: Fixes for cross-compilation
Note that here, since it's not a in a callPackage call, splicing won't
work on nativeBuildInputs.
2021-05-04 19:37:48 -04:00
Samuel Dionne-Riel
385dc32fa8
Merge pull request #119974 from samueldr/feature/grub-gfx-aarch64
iso-image: Fix GRUB graphical menu on AArch64
2021-05-04 19:36:40 -04:00
Johannes Arnold
ff65166f44 nixos/monero: fix typo 2021-05-04 21:57:21 +00:00
Johannes Arnold
7cf3ffbddd nixos/monero: add dataDir option 2021-05-04 21:56:45 +00:00