Commit Graph

1563 Commits

Author SHA1 Message Date
Arian van Putten
604b7c139f Fix letsencrypt (#60219)
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
Silvan Mosberger
6233291d95
Merge pull request #64738 from rnhmjoj/magnetico
magnetico: init package and service
2019-08-28 18:39:21 +02:00
rnhmjoj
ea40c66bf5
nixos/magnetico: add test 2019-08-28 14:19:24 +02:00
worldofpeace
27a4afefbe
Merge pull request #66859 from worldofpeace/xfce4-14-module
nixos/xfce4-14: init
2019-08-27 22:37:03 -04:00
Florian Klink
9a02d9c75e
Merge pull request #66984 from flokli/systemd-cgroup-accounting
nixos/systemd: enable systemd cgroup accounting by default
2019-08-27 11:38:28 +02:00
Aaron Andersen
87fdc06a97
Merge pull request #63634 from aanderse/moodle
moodle: init at 3.7.1
2019-08-26 21:12:44 -04:00
Florian Klink
6b075ddc8f nixos/systemd: add cgroup accounting test 2019-08-25 22:26:12 +02:00
Marek Mahut
1a6d3f5bc2 nixos/jormungandr: adding genesis tests 2019-08-25 18:33:13 +02:00
Aaron Andersen
3bd03d2c0a nixos/moodle: init service 2019-08-25 08:12:28 -04:00
Jan Tojnar
a8d3aebdce
Merge pull request #67318 from jtojnar/gnome-photos
gnome-photos: 3.32.0 → 3.32.1
2019-08-23 19:49:43 +02:00
Jan Tojnar
c6eb691fb8
gnome-photos: add installed tests 2019-08-23 19:31:14 +02:00
Lassulus
8b12bfcb83
Merge pull request #66215 from ajs124/ejabberd/19.08
ejabberd: 19.05 -> 19.08
2019-08-23 13:27:55 +02:00
Marek Mahut
882e5b0e05
Merge pull request #67213 from mmahut/jormungandr
nixos: adding jormungandr service
2019-08-23 11:07:49 +02:00
Marek Mahut
4aef2212ee
Revert "nixos/containers: add unprivileged option" 2019-08-23 08:24:06 +02:00
Marek Mahut
27acea73b8
Merge pull request #67130 from uvNikita/containers/unprivileged
nixos/containers: add unprivileged option
2019-08-23 08:00:35 +02:00
Jan Tojnar
91b46353a5
Merge pull request #67308 from jtojnar/libxmlb-0.1.11
libxmlb: 0.1.10 → 0.1.11
2019-08-23 02:06:41 +02:00
Jan Tojnar
93f4d6f6ae
nixos/tests/libxmlb: init 2019-08-23 01:34:48 +02:00
Marek Mahut
f4ca6e3dd1
Merge pull request #66722 from mmahut/trezord-emulator
trezord: adding emulator support (plus test)
2019-08-22 23:25:18 +02:00
Marek Mahut
8d0776be66 nixos/tests: adding jormungandr service test 2019-08-22 07:10:16 +02:00
worldofpeace
fd7d31b50e nixosTests.xfce4-14: init
This is pretty much identical to the xfce test we currently have.
2019-08-21 22:04:29 -04:00
Danylo Hlynskyi
855be67358
nginx: expose generated config and allow nginx reloads (#57429)
* nginx: expose generated config and allow nginx reloads

Fixes: https://github.com/NixOS/nixpkgs/issues/15906
Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476

This add 2 new features: ability to review generated Nginx config
(and NixOS has sophisticated generation!) and reloading
of nginx on config changes. This preserves nginx restart on package
updates.

I've modified nginx test to use this new feature and check reload/restart
behavior.

* rename to enableReload

* add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone`
2019-08-21 16:52:46 +03:00
Florian Klink
9f237fe444
Merge pull request #45392 from dguibert/dg/wireguard
nixos/wireguard: setup interface with systemd-networkd
2019-08-21 15:48:05 +02:00
Félix Baylac-Jacqué
0528816570 systemd-networkd: add tests
(cherry picked from commit ec073e41a0)
2019-08-21 11:11:28 +02:00
Aaron Andersen
249b4ad942
Merge pull request #66492 from aanderse/extra-subservice-cleanup
nixos/httpd: extraSubservices cleanup
2019-08-20 18:55:08 -04:00
Nikita Uvarov
7e7fc6471e
nixos/containers: add unprivileged option
Fixes #57083.
2019-08-21 00:01:29 +02:00
ajs124
9a0e820f5d nixos/ejabberd: fix test for new release 2019-08-20 11:09:40 +02:00
Matthieu Coudron
0f32b32c95
Merge pull request #63150 from Izorkin/prosody-test
nixos/tests/prosody: update prosody tests
2019-08-20 17:52:58 +09:00
Michael Raskin
0cbeac4f66
Merge pull request #66736 from markuskowa/upd-gluster
glusterfs: 4.0 -> 6.5
2019-08-20 08:08:57 +00:00
Izorkin
89c69bfb79 prosody: fix work after update luadbi packages 2019-08-20 10:24:49 +03:00
Izorkin
bb4816d41c nixos/tests/prosodyMysql: add check work prosody with MySQL database 2019-08-20 10:24:49 +03:00
Izorkin
e328ea9c11 nixos/tests/prosody: checking work prosody through local network 2019-08-20 10:24:48 +03:00
Izorkin
691da63cba nixos/tests: move ejabberd and prosody test to xmpp folder 2019-08-20 10:24:47 +03:00
Marek Mahut
3b6258946f
Merge pull request #64407 from dasJ/icingaweb-test
nixos/icingaweb: Fix module path; Add test
2019-08-19 21:27:16 +02:00
Marek Mahut
94c51859df
Merge pull request #66846 from uvNikita/containers/ephemeral
nixos/containers: add 'ephemeral' option
2019-08-19 20:55:33 +02:00
Florian Klink
93a03177f2
Merge pull request #66482 from flokli/systemd-sysctl
nixos/systemd: install sysctl snippets
2019-08-19 16:32:00 +02:00
Nikita Uvarov
c740f0d400
nixos/containers: add 'ephemeral' option 2019-08-19 15:21:35 +02:00
Aaron Andersen
8227b2f29e
Merge pull request #66399 from mmahut/metabase
metabase: service module and test
2019-08-18 19:49:05 -04:00
Markus Kowalewski
6104ad00a1
nixos/glusterfs: add test 2019-08-18 18:58:00 +02:00
Florian Klink
8e923dfe36 nixosTests.systemd: add fq_codel test 2019-08-18 17:54:26 +02:00
Florian Klink
368be910fc
Merge pull request #66825 from flokli/nixos-systemd-test-dup
nixosTests.systemd: remove duplicate copypasta
2019-08-18 17:54:09 +02:00
danbst
d80cd26ff9 Merge branch 'master' into flip-map-foreach 2019-08-18 18:00:25 +03:00
Marek Mahut
d2ebcec779 tests: adding metabase service test 2019-08-18 13:44:26 +02:00
Florian Klink
ffef31459a nixosTests.systemd: remove duplicate copypasta
It seems the regression test for #35268 sneaked in twice.
2019-08-18 13:11:51 +02:00
Frederik Rietdijk
c68f58d95c Merge master into staging-next 2019-08-17 09:30:16 +02:00
Marek Mahut
20ea4b6dd3 tests: adding trezord 2019-08-16 17:05:13 +02:00
Aaron Andersen
1dcf51f8eb nixos/tests/subversion: drop unreferenced/unmaintained test 2019-08-15 21:00:27 -04:00
Aaron Andersen
d1129a5688 nixos/tests/php-pcre: replace usage of deprecated services.httpd.extraSubservices 2019-08-15 21:00:27 -04:00
Matthew Bauer
e9b7085ff8 cups: add myself as maintainer 2019-08-14 11:47:48 -04:00
Matthew Bauer
01cd4663d6 tests/printing: don’t wait for unit services
These are now socket activated, we don’t need it to start up front.
2019-08-14 11:47:48 -04:00
Frederik Rietdijk
8d56f2472e Merge master into staging-next 2019-08-14 13:45:54 +02:00