Before this change, the hash of the etc metadata image was included in
the mount unit that's responsible for mounting this metadata image in the
initrd.
And because this metadata image changes with every change to the etc
contents, the initrd would be rebuild every time as well.
This can lead to a lot of rebuilds (especially when revision info is
included in /etc/os-release) and all these initrd archives use up a lot of
space on the ESP.
With this change, we instead include a symlink to the metadata image in the
top-level directory, in the same way as we already do for things like init and
prepare-root, and we deduce the store path from the init= kernel parameter,
in the same way as we already do to find the path to init and prepare-root.
Doing so avoids rebuilding the initrd all the time.
The URL scheme for downloading plugins has changed a long time ago and
the used URL is dead. Gerrit only throws an error since it can't load
the plugin but it continues to boot. However, instead of maintaining
URLs to 3rdparty plugins, which end up dead anyway, just drop it. The
test should cover Gerrit and not 3rd party plugins.
Also, while on it, drop the setting `plugins.allowRemoteAdmin = true`
since it's not needed.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
In order to emulate the `nixos-rebuild switch` that is called if the EC2
user data is a nix expression, run the switch-to-configuration script
for the current running config.
Tests were not changed according to the new prometheus firewall port
settings.
With this change we now check that the port is not accessible form the
outside, while everything still works from localhost.
When installing NixOS on a machine with Windows, the "easiest" solution
to dual-boot is re-using the existing EFI System Partition (ESP), which
allows systemd-boot to detect Windows automatically.
However, if there are multiple ESPs, maybe even on multiple disks,
systemd-boot is unable to detect the other OSes, and you either have to
use Grub and os-prober, or do a tedious manual configuration as
described in the wiki:
https://wiki.nixos.org/w/index.php?title=Dual_Booting_NixOS_and_Windows&redirect=no#EFI_with_multiple_disks
This commit automates and documents this properly so only a single line
like
boot.loader.systemd-boot.windows."10".efiDeviceHandle = "HD0c2";
is required.
In the future, we might want to try automatically detecting this
during installation, but finding the correct device handle while the
kernel is running is tricky.
- use upstream service and scripts
- switch to integrated-vtysh-config, abandon per-daemon config
- use always daemon names in options (e.g. ospf -> ospfd)
- zebra, mgmtd and staticd are always enabled
- abandon vtyListenAddress, vtyListenPort options; use
just "extraOptions" or "options" instead, respectively
- extend test to test staticd
- update release-notes
- pkgs.servers.frr: fix sbindir and remove FHS PATH
- introduce services.frr.openFilesLimit option
There's no point for the intermediate `getPath` function calling
`getLuaPath` with the "lua" argument.
There's also no other nginx test this copies code from.
We always call `getLuaPath` with "lua", so constant-propagate it in.
Also, camel-case `lualibs` to `luaLibs.`
When 757a455dde refactored the zones to go
from a list to a map, this broke the tests/common/resolver helper.
reproduction:
```
let
pkgs = import <nixpkgs> {};
testConfig = {
name = "resolver-repro";
nodes = {
acme = { nodes, ... }: {
imports = [ (pkgs.path + /nixos/tests/common/acme/server) ];
};
};
testScript = ''
'';
};
in pkgs.nixosTest testConfig
```
The test currently fails because we attempt to switch to a NixOS
configuration that is _very_ different from the one we are switching
from (e.g. the new configuration has an entirely empty /etc/fstab,
causing switch-to-configuration to want to start unmounting all
filesystems defined in the old configuration).
Explicitly waiting for influxdb2 in the test, instead of fixing the
underlying issue[1], was hiding a real bug[2]. Now that the bug has been
fixed we can remove the wait code.
[1] Commit 732d36522f ("nixos/influxdb2: wait until service is ready")
[2] https://github.com/NixOS/nixpkgs/issues/317017 ("Scrutiny tries to start before influxdb has started")
Added a decorator function to handle any
exceptions generated by test functions and
apply some retry logic with backoff.
Also wrapped the unwrapped add-a curl which
was causing some fails.
In the next release of Pebble, the certificate
subject is no longer populated with a useful domain name.
This change will refactor the fullchain validation assertions
to avoid checking the subject line.
I have no idea what this escape sequence even is, but it breaks the nix parser with cryptic errors if not used in a comment.
A friend let me know MacOS is prone to input weird spaces, not sure if that is the source.
Candidates were located and created with:
chr="$(echo -e '\xc2\xa0')"; rg -F "$chr" -l | xe sd -F "$chr" " "
There are some examples left, most being example output from `tree` in various markdown documents, some patches which we can't really touch, and `pkgs/tools/nix/nixos-render-docs/src/tests/test_commonmark.py` which I'm not sure if should be addressed
