Wait until home-assistant is fully reloaded or restarted to spot
possible errors during startup.
Swap out bluetooth_tracker for esphome, since the bluetooth tracker
causes errors, when it does not find a bluetooth device.
Drop mosquitto from the environment. It wasn't used since the 2022.3.0
release when MQTT stopped being configurable from the YAML config.
* Update to the latest upstream version of pass-secret-service that includes
systemd service files.
* Add patch to fix use of a function that has been removed from the Python
Cryptography library in NixOS 22.05
* Install systemd service files in the Nix package.
* Add NixOS test to ensure the D-Bus API activates the service unit.
* Add myself as a maintainer to the package and NixOS test.
* Use checkTarget instead of equivalent custom checkPhase.
The FUSE mount functionality of IPFS was broken by the update to v0.13.0, so disable it. Hopefully it will be fixed soon.
See https://github.com/ipfs/kubo/issues/9044.
Due to lack of maintenance. It is not compatible with the default
Python version (due to the tornado 5) dependency, and doesn't look
like it will be any time soon.
- support librewolf in the firefox nixos test
- use the correct binary name
- ensure autoplay is always on for the audio test, since
librewolf disables it by default
This was broken by a bad merge, where the same attribute was added
separately in two different places.
Fixes: ef895f6b43 ("Merge pull request #173239 from jojosch/mjolnir-update")
Since 831024e2b9 ("nixos/dhcpcd: assert if privSep && alternative
malloc"), this test has an assertion failure because dhcpcd (with
privsep enabled) is not compatible with the allocator used by the
hardened profile.
Since it's unclear[1] what to do about this for the hardened profile,
I propose doing the simplest thing possible to make the test eval,
which is to just disable dhcpcd privsep. It's very inconvenient when
trying to refactor the NixOS test infrastructure to have a test that
doesn't evaluate. Once the correct solution is found for using dhcpcd
with privsep with the hardened profile, this patch can be reverted.
[1]: https://github.com/NixOS/nixpkgs/pull/157430
This commit fixes the following error:
Failed assertions:
- Setting xdg.portal.enable to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde.
* nixos/vault: add option to start in dev mode.
This is not only useful for nixos tests i.e. when testing vault agent
setups but also when playing around with vault in local setups. In our
tests we can now make use of this option to test more vault features.
i.e. adding this feature has uncovered the need for a `StateDirectory`.
* Update nixos/modules/services/security/vault.nix
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: Jonas Chevalier <zimbatm@zimbatm.com>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Simon passed away in December 2021.
Simon, it was a pleasure to work with you, to learn things together
and to share good times. It ended too soon. You will be missed.
This improves security, by starting the service as an unprivileged user,
rather than starting as root and relying on the service to drop
privileges. This requires a significant cleanup of pre-init scripts, to
make use of StateDirectory and RuntimeDirectory for permissions.
By default, this is /run/ldapi, which is not compatible with systemd's
runtime directories. Change it to /run/slapd/ldapi (in library and
server). This makes `ldapi:///` work as a default socket again.
I have read the full diff[0] between the previous owner and the new
maintained fork that I'm switching to, and could not find any suspicious
code. The new fork includes fixes that are otherwise crashing as of
Python 3.10.
This commit also fixes the PYTHONPATH which prevents the client from
starting.
This commit also adds a test that the client can successfully query the
server, testing the two components at once.
[0] https://github.com/SystemRage/py-kms/compare/master...Py-KMS-Organization:master
dhclient is no longer built by default in the dhcp package, so this
test has been broken since that change was made. To fix, switch to
dhcpcd. dhcpcd insists on writing into /var/run, so we need to ensure
that exists.
Fixes: a2c379d4b6 ("dhcp: make client and relay component optional")
This used to be StandardOutput=syslog, which was removed because
syslog is deprecated, but that caused the test to fail. So bring it
back, but set it to the non-deprecated "journal" value instead (which
is what systemd interprets "syslog" as now anyway).
Fixes: 962e15aebc ("nixos: remove StandardOutput=syslog, StandardError=syslog lines")
Otherwise, since the update to Virtualbox 6.1.22, the test would fail
due to the shared directory not existing.
Fixes: ba0da8a076 ("virtualbox: 6.1.18 -> 6.1.22")
Nested KVM has been enabled by default on Linux on Intel for a long
time now, and since Virtualbox 6.1.0, the test won't run without it
because Virtualbox now only supports running hardware-accelerated VMs.
Additionally, this means we can 64-bit guests by default. The 32-bit
guest additions don't currently build, so this is important to have
the tests work with the default options.
Riak have been updated a lot since the version 2.2 (now 3.0.10) but
has seen no updated to the package. This is at this point
a problem forcing us to maintain old versions of erlang.
We would be happy to re accept a newer version of Riak if someone want
to spend the time to set it up.
The original implementation did a simple string-comparison against the
output of `ip route`. This is problematic because
* if the details in the string-output change, the test breaks. This is
less likely with JSON because the relevant values (i.e. destination,
interface etc) aren't supposed to be changed.
* this is causing issues with formatters[1][2].
[1] #161703
[2] #154818
With multiple specialization changes this isn't very helpful anymore,
but no biggie since we check the log for errors anyway and the log is
not too verbose anyway.
Use `networking.resolvconf.package` to allow DNS entries to be set using
the system-wide resolver implementation instead of hardcoding systemd or
openresolv.
Extend the tests by adding DNS entries and making one of the peers use
systemd-networkd (hence systemd-resolved).
Also add a few `networkd`-specific settings.
`nixos/modules/installer/kexec/kexec-boot.nix` doesn't contain any
custom NixOS config, other than importing `netboot-minimal.nix` (which
imports `netboot-base.nix`, which imports `netboot.nix`.
`netboot.nix` really is just describing a self-contained system config,
running entirely off kernel and initrd, so we might as well move the
kexec script generation there as well.
`netboot.nix` already contains some `system.build` attributes.
Provide a `system.build.kexecTree` attribute (and `kexecScript` for
composability).
The backupPrepareCommand and backupCleanupCommand options offer a way to
run a script to prepare for backup and then cleanup it once finish.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Allow providing the repository as a file, useful when we don't want it
being stored in the Git repository as plain text.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
systemd-247 provides a mechanism called LoadCredential for secrets and
it is better than environment file. See the section of Environment=
in the manual of systemd.exec for more information.
Some options in config.yaml need values to be strings, which currently
can be used with environmentFile but not loadCredential. But it's
possible to use loadCredential for those options, e.g. we can
substitute their values in ExecStart, but not in ExecStartPre due to
[1].
[1]: https://github.com/systemd/systemd/issues/19604
Prior to this patch:
$ nix-instantiate --eval -E '
> with import ./. {
> localSystem.config = "aarch64-unknown-linux-musl";
> };
> (nixos {}).config.nixpkgs.localSystem.config
> '
"aarch64-unknown-linux-gnu"
Because only the system triple was being passed through, the Musl part
of the system specification was lost. This patch fixes various
occurrences of NixOS evaluation when a Nixpkgs evaluation is already
available, to pass through the full elaborated system attribute set,
to avoid this loss of precision.
