Commit Graph

5434 Commits

Author SHA1 Message Date
Martin Weinelt
8cbf9ed05b
Merge pull request #202567 from phfroidmont/master 2022-11-23 22:04:36 +01:00
Paul-Henri Froidmont
b8ffc572d2
nixos/patroni: only run tests on x86_64-linux
etcd doesn't support other architectures and refuses to start
2022-11-23 21:54:19 +01:00
Linus Heckemann
24e33a4d2e nixos/ec2: remove paravirtualization-specific code
Paravirtualized EC2 instances haven't been supported since 2017.
It's safe to remove this now.
2022-11-23 17:18:18 +01:00
Félix Baylac-Jacqué
8040c468ed
nixosTests/prosody[-mysql]: fix tests TLS setup
The tests TLS setup was bogus: the xmpp-send-message script was trying
to connect to the server through a bogus domain name. Injecting the
right one.

I'm a bit confused about that one. I know for sure this NixOS test
succeeded last time I checked it, but the TLS conf is bogus for sure.
I assume the slixmpp SNI validation was a bit too loose and was
tightened at some point.
2022-11-23 11:05:12 +01:00
Félix Baylac-Jacqué
501d684de8
nixosTests/prosody: add timeout
The xmpp-sendmessage the slixmpp-powered python script tend to timeout
and block the nixos channels.

Adding a signal-based timeout making sure that whatever happens, the
script won't run for more than 2 minutes. That should be pleinty
enough time to finish regardless of the runner specs. As a data point,
it runs in about 10 secs on my desktop machine.
2022-11-23 11:03:00 +01:00
Martin Weinelt
005233baa2
nixos/tests/evcc: init 2022-11-21 22:40:15 +01:00
Janne Heß
c107fb66da
Merge pull request #202132 from ElvishJerricco/systemd-stage-1-tests-hibernate
nixos: ext fixes with systemd-initrd
2022-11-21 10:38:19 +01:00
Nick Cao
46328f5596
nixosTests.systemd-initrd-luks-password: test mounting device unlocked in initrd after switching root 2022-11-21 14:49:20 +08:00
Will Fancher
23b3add0e3 nixos: Fix hibernate test with systemd stage 1 2022-11-20 21:01:51 -05:00
Maximilian Bosch
853d0a3f2b
Merge pull request #199150 from Ma27/grafana-fixup
nixos/grafana: documentation/warning improvements after #191768
2022-11-20 20:53:25 +01:00
Maximilian Bosch
2580440389
Merge pull request #198470 from RaitoBezarius/nc25-openssl
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption
2022-11-20 18:32:41 +01:00
Maximilian Bosch
9d7e9c5965
nixos/grafana: allow using both directories or single YAML files for non-Nix provisioning 2022-11-20 18:21:41 +01:00
Maximilian Bosch
febc8a4307
nixos/tests/grafana: demonstrate how to use the file provider
Yes, it's still a store path, but it's only for demonstration purposes.
Also we now have fewer warnings in the provision test.
2022-11-20 18:21:40 +01:00
Maximilian Bosch
afd6199cff
nixos/grafana: re-add legacy notifiers test, mention notifiers in release notes 2022-11-20 18:21:39 +01:00
Maximilian Bosch
957e368f3d
nixos/grafana: provision.{datasources,dashboards} can't be a list anymore
The hack with `either` had the side-effect that the sub-options of the
submodule didn't appear in the manual. I decided to remove this because
the "migration" isn't that hard, you just need to fix some module
declarations.

However, `mkRenamedOptionModule` wouldn't work here because it'd create
a "virtual" option for the deprecated path (i.e.
`services.grafana.provision.{datasources,dashboards}`), but that's the
already a new option, i.e. the submodule for the new stuff.

To make sure that you still get errors, I implemented a small hack using
`coercedTo` which throws an error if a list is specified (as it would be
done on 22.05) which explains what to do instead to make the migration
easier.

Also, I linkified the options in the manual now to make it easier to
navigate between those.
2022-11-20 18:21:35 +01:00
ajs124
626e8b67fa nixos/tests/acme/server: regenerate certs
expired today
2022-11-20 16:37:42 +01:00
Elis Hirwing
14cc62d7e6
Merge pull request #201000 from drupol/php/8.2.0
php82: init at 8.2.0rc6
2022-11-20 16:01:00 +01:00
Georg Haas
f20402f8e3
nixos/tests/deluge: fix test
deluge-console always exits with code 1. This is known in https://dev.deluge-torrent.org/ticket/3291
2022-11-20 00:35:59 +01:00
Martin Weinelt
c021df5792
Merge pull request #197254 from Atemu/fstab-escape-options 2022-11-19 18:08:40 +01:00
Martin Weinelt
2714a22521
Merge pull request #198820 from talyz/keycloak-admin-password 2022-11-19 15:03:03 +01:00
Martin Weinelt
218e2f5e14
Merge pull request #193740 from illustris/hbase
hbase: remove 1.7, 2.4.11 -> 2.4.15, init 2.5.1, 3.0.0-alpha-2 -> alpha-3
2022-11-19 14:28:11 +01:00
Zhaofeng Li
3d185562b5 nixos/tests/phosh: init 2022-11-19 06:55:25 +01:00
Anderson Torres
fc8a4f7291
Merge pull request #201521 from hmenke/alps
nixos/alps: add hardening, extensible options, test
2022-11-18 14:46:03 -03:00
Manuel Bärenz
af447367ec nixos/mastodon: Add turion as maintainer 2022-11-17 20:05:50 +01:00
Kerstin Humm
7718720149 nixos/mastodon: increase RAM for NixOS test vm 2022-11-17 20:05:50 +01:00
Henri Menke
9820effbba
nixos/alps: test login and cookie 2022-11-17 17:12:57 +01:00
Henri Menke
aeb5a692c3
nixos/alps: add hardening, extensible options, test 2022-11-17 17:12:54 +01:00
Pol Dellaiera
1812d1540e
php82: init at 8.2.0rc6 2022-11-16 18:57:26 +01:00
Carl Richard Theodor Schneider
647ed242dc nixos/adguardhome: allow for empty/unmanaged configs
This commit fixes broken non-declarative configs by
making the assertions more relaxed.
It also allows to remove the forced configuration merge by making
`settings` `null`able (now the default).

Both cases (trivial non-declarative config and `null`able config) are
verified with additional tests.

Fixes #198665
2022-11-15 23:43:15 -05:00
Franz Pletz
69f8e94c46
Merge pull request #199587 from lorenz/fscrypt
nixos/pam: support fscrypt login protectors
2022-11-14 09:42:35 +01:00
Franz Pletz
2274143409
Merge pull request #200611 from fpletz/libvirtd-fix-autostart 2022-11-14 09:21:00 +01:00
Justinas Stankevicius
3f6eb10dbd nixos/mastodon: fix definition of mastodon-media-auto-remove 2022-11-12 22:22:41 +01:00
Lorenz Brun
f046cc0923 nixos/pam: support fscrypt login protectors
fscrypt can automatically unlock directories with the user's login
password. To do this it ships a PAM module which reads the user's
password and loads the respective keys into the user's kernel keyring.

Significant inspiration was taken from the ecryptfs implementation.
2022-11-11 15:37:39 +01:00
Maximilian Bosch
35b146ca31
nixos/nextcloud: fixup openssl compat change
Upon testing the change itself I realized that it doesn't build properly
because

* the `pname` of a php extension is `php-<name>`, not `<name>`.
* calling the extension `openssl-legacy` resulted in PHP trying to compile
  `ext/openssl-legacy` which broke since it doesn't exist:

      source root is php-8.1.12
      setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c
      patching sources
      cdToExtensionRootPhase
      /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory

I didn't encounter that one before because I was mostly interested in
having a sane behavior for everyone not using this "feature" and the
documentation around this. My findings about the behavior with turning
openssl1.1 on/off are still valid because I tested this on `master` with
manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`.

To work around the issue I had to slightly modify the extension
build-system for PHP:

* The attribute `extensionName` is now relevant to determine the output
  paths (e.g. `lib/openssl.so`). This is not a behavioral change for
  existing extensions because then `extensionName==name`.

  However when specifying `extName` in `php-packages.nix` this value is
  overridden and it is made sure that the extension called `extName` NOT
  `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed.

  The `name` still has to be kept to keep the legacy openssl available
  as `php.extensions.openssl-legacy`.

Additionally I implemented a small VM test to check the behavior with
server-side encryption:

* For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix`
  it's checked that OpenSSL 3 is used). With that the "default"
  behavior of the module is checked.

* It is ensured that the PHP interpreter for Nextcloud's php-fpm
  actually loads the correct openssl extension.

* It is tested that (encrypted) files remain usable when (temporarily)
  installing OpenSSL3 (of course then they're not decryptable, but on a
  rollback that should still be possible).

Finally, a few more documentation changes:

* I also mentioned the issue in `nextcloud.xml` to make sure the issue
  is at least mentioned in the manual section about Nextcloud. Not too
  much detail here, but the relevant option `enableBrokenCiphersForSSE`
  is referenced.

* I fixed a few minor wording issues to also give the full context
  (we're talking about Nextcloud; we're talking about the PHP extension
  **only**; please check if you really need this even though it's
  enabled by default).

  This is because I felt that sometimes it might be hard to understand
  what's going on when e.g. an eval-warning appears without telling where
  exactly it comes from.
2022-11-11 14:45:46 +01:00
Martin Weinelt
90ad4d9da7
Merge pull request #200629 from helsinki-systems/fix/test-dhparams 2022-11-11 12:11:55 +01:00
ajs124
8bb4c87281 nixosTests.dhparams: fix with openssl3 2022-11-11 02:55:54 +01:00
Franz Pletz
8cc2dcce7d
Merge pull request #199524 from ymarkus/zfs-exporter
nixos/prometheus-zfs-exporter: init
2022-11-11 02:01:13 +01:00
Franz Pletz
d82f52519a
nixos/libvirtd: always start libvirtd
Previously we did socket-activation but this breaks the autostart
feature since upstream expects libvirtd to be started unconditionally on
boot.

Fixes #171623.
2022-11-11 01:10:37 +01:00
Eelco Dolstra
0a00b332cd
Merge pull request #198526 from farnoy/nixos-container-unified-cgroups
[nixos-container] Make nixos containers use unified cgroupsv2
2022-11-10 13:37:43 +01:00
Maximilian Bosch
61128cba67
nixos/nextcloud: minor docs cleanup for openssl change
* s/NextCloud/Nextcloud/g
* `enableBrokenCiphersForSSE` should be enabled by default for any NixOS
  installation from before 22.11 to make sure existing installations
  don't run into the issue. Not the other way round.
* Update release notes to reflect on that.
* Improve wording of the warning a bit: explain which option to change
  to get rid of it.
* Ensure that basic tests w/o `enableBrokenCiphersForSSE` run with
  OpenSSL 3.
2022-11-10 12:17:43 +01:00
Raito Bezarius
7eefaeb5e3
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption 2022-11-10 12:17:43 +01:00
Jonas Heinrich
f7f9442695 nixos/invoiceplane: Enable clean url 2022-11-09 08:17:52 -05:00
ajs124
47cbd610ce varnish71: drop 2022-11-08 14:35:01 +01:00
Sandro
4f8277ef10
Merge pull request #200094 from mdlayher/mdl-zrepl 2022-11-08 01:53:26 +01:00
Matt Layher
8ec252784e
zrepl: 0.5.0 -> 0.6.0
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2022-11-07 18:35:44 -05:00
Michael Weiss
acf257739b
Merge pull request #199902 from primeos/nixos-tests-chromium
nixos/tests/chromium: Re-enable the chrome://gpu test for M107
2022-11-08 00:21:13 +01:00
illustris
140bd1aef4
hbase: update versions and remove EoL version
- remove 1.7
- 2.4.11 -> 2.4.15
- init 2.5.1
- 3.0.0-alpha-2 -> 3.0.0-alpha-3
2022-11-07 12:01:36 +05:30
zowoq
58a59738d5 nixos/tests/podman: fix rootless systemd 2022-11-07 14:11:34 +10:00
zowoq
bbfdc6ce4d nixos/tests/podman: move docker tests to separate node 2022-11-07 14:11:34 +10:00
Lily Foster
c2b3c9794d nixosTests: test spaces in mount options via btrfs subvols
Also enabled the btrfs tests for installer-systemd-stage-1 again
2022-11-06 22:15:35 +01:00