Commit graph

3420 commits

Author SHA1 Message Date
divanorama
b7dea9e494 nixosTests.systemd-confinement: fix script format
https://hydra.nixos.org/build/142591177/nixlog/30

ZHF: #122042
2021-05-08 10:05:15 -07:00
Robert Hensing
3cfb002b07
Merge pull request #122192 from roberth/docker-tools-stimulate-testing
dockerTools testing update
2021-05-08 15:53:17 +02:00
Robert Hensing
4035049af3 nixos/tests/docker-tools*: remove useless formatter 2021-05-08 15:03:20 +02:00
Robert Hensing
a67c97a5eb nixos/tests/docker-tools*: Add myself as maintainer where missing
I should have done this when I became maintainer for dockerTools,
but it's the PR reviews that matter.
2021-05-08 15:00:19 +02:00
Vladimír Čunát
080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Jan Tojnar
468cb5980b gnome: rename from gnome3
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
2021-05-08 09:47:42 +02:00
Evils
3d043c6939 nixosTests.fancontrol: fix test
and set myself (module author) as maintainer
2021-05-07 11:46:40 -07:00
Robin Gloster
29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable
nixos/network: allow configuring tempaddr for undeclared interfaces
2021-05-07 13:01:29 -05:00
ajs124
cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5
spidermonkey_1_8_5: drop
2021-05-07 18:55:49 +02:00
Vladimír Čunát
9f054b5e1a
treewide: remove worldofpeace from meta.maintainers
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
2021-05-07 15:36:40 +02:00
Jan Tojnar
941b15b003
librsvg: register installed tests 2021-05-05 22:20:22 +02:00
Michael Weiss
ff5fdec093
Merge pull request #121437 from primeos/nixos-tests-sway
nixos/tests/sway: init
2021-05-05 13:52:51 +02:00
Ben Siraphob
a913f3ff49 nixos/tests/wmderland: remove stdenv.lib 2021-05-05 01:43:05 -04:00
talyz
8f83860a0a keycloak.tests: Make sure databaseUsername is either ignored...
...or used correctly.
2021-05-04 19:27:08 +02:00
Michael Weiss
957b7a476e
nixos/tests/sway: init
This adds a basic test for Sway. Because Sway is an important part of
the Wayland ecosystem, is stable, and has few dependencies this test
should also be suitable for testing core packages it depends on (e.g.
wayland, wayland-protocols, wlroots, xwayland, mesa, libglvnd, libdrm,
and soon libseat).

The test is modeled after the suggested way of using Sway, i.e. logging
in via a virtual console (tty1) and copying the configuration from
/etc/sway/config (we replace Mod4 (the GNU/Tux key - you've replaced
that evil logo, right? :D) with Mod1 (Alt key) because QEMU monitor's
sendkey command doesn't support the former).

The shell aliases are used to make the sendkey log output shorter.

Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
2021-05-04 16:52:36 +02:00
WilliButz
a2adfae036
Merge pull request #121599 from Ma27/knot-exporter-patch
prometheus-knot-exporter: add patch to fix stats
2021-05-04 01:02:28 +02:00
Andreas Rammhold
3ec6977d30
Merge pull request #89572 from rissson/nixos/unbound
nixos/unbound: add settings option, deprecate extraConfig
2021-05-03 21:49:24 +02:00
Luke Granger-Brown
62f675eff6
Merge pull request #121558 from sumnerevans/fix-airsonic-service
airsonic: force use of jre8
2021-05-03 20:43:00 +01:00
Luke Granger-Brown
4e98ae6418
Merge pull request #120548 from minijackson/jellyfin-enhanced-test
nixos/tests/jellyfin: enhanced test
2021-05-03 20:38:22 +01:00
Sumner Evans
1ce3067c42
airsonic: add test for module 2021-05-03 13:27:23 -06:00
Marc 'risson' Schmitt
52f6733203
nixos/unbound: deprecate extraConfig in favor of settings
Follow RFC 42 by having a settings option that is
then converted into an unbound configuration file
instead of having an extraConfig option.

Existing options have been renamed or kept if
possible.

An enableRemoteAccess has been added. It sets remote-control setting to
true in unbound.conf which in turn enables the new wrapping of
unbound-control to access the server locally.  Also includes options
'remoteAccessInterfaces' and 'remoteAccessPort' for remote access.

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2021-05-03 21:27:15 +02:00
Minijackson
2ab88a31fe
nixos/tests/jellyfin: enhanced test 2021-05-03 20:48:13 +02:00
Luke Granger-Brown
049850341e
Merge pull request #121540 from lukegb/postfix-compat
nixos/tests/rspamd: fix OOM flakyness
2021-05-03 17:36:46 +01:00
Luke Granger-Brown
4e06e6e005
Merge pull request #121541 from lukegb/git-test
nixos/tests/gitdaemon: deflake by using systemd-tmpfiles
2021-05-03 17:36:01 +01:00
Luke Granger-Brown
4f9fe889b8
Merge pull request #121548 from lukegb/bios-usb-better
nixos/tests/installer: fix for i686-linux
2021-05-03 17:35:24 +01:00
Martin Weinelt
d23610ae65
Merge pull request #121209 from mweinelt/pinnwand 2021-05-03 18:24:45 +02:00
Maximilian Bosch
75c5a703ab
prometheus-knot-exporter: add patch to fix stats
This is a patch I filed against upstream[1] a while ago. As it isn't
merged yet and fixes configurations with all stats enabled in knot
(otherwise it'd crash when sending a request to `localhost:9433`), I
decided that it makes sense to add it to the package directly.

I extended the test to make sure that it only passes with this patch.

[1] https://github.com/ghedo/knot_exporter/pull/6
2021-05-03 17:27:36 +02:00
Florian Klink
9071cb3001
Merge pull request #121416 from primeos/nixos-tests-replace-QEMU_OPTS
nixos/tests: Replace QEMU_OPTS usages with virtualisation.qemu.options
2021-05-03 17:23:49 +02:00
Luke Granger-Brown
a0da004326
Merge pull request #121376 from urbas/amazon-init-shell-script-support
nixos/amazon-init: add user-data shell script support
2021-05-03 16:01:26 +01:00
Martin Weinelt
b208338c36
nixos/tests/pinnwand: use wait_for_open_port instead of direct sockstat call 2021-05-03 16:52:06 +02:00
Martin Weinelt
7b2bc43dba
nixos/tests/pinnwand: add negative-test for the reaper
The reaper, at this point, should not delete a freshly created paste.
2021-05-03 16:52:05 +02:00
Martin Weinelt
f1c32c2809
nixos/tests/pinnwand: show systemd-analyze security
Easy way to revisit the hardening setup of the systemd unit.
2021-05-03 16:52:05 +02:00
ajs124
891a83d948 nixosTests.couchdb: clean up 2021-05-03 15:42:36 +02:00
ajs124
29bcaf04cb couchdb2: drop 2021-05-03 15:41:42 +02:00
Michele Guerini Rocco
e5bbb1cf33
Merge pull request #121539 from lukegb/custom-ca-debug
nixos/tests/custom-ca: fix by setting Content-Type
2021-05-03 10:49:57 +02:00
Luke Granger-Brown
d922cad4d6
Merge pull request #119172 from midchildan/package/trafficserver
nixos/trafficserver: init
2021-05-03 09:48:07 +01:00
Luke Granger-Brown
b942e0f650 nixos/tests/installer: don't break under i686
Currently, the installer tests just hang after the initial install phase
on i686 because qemu just quits because of the gic parameter.

Fix this by doing x86 things for both x86-64 and i686.
2021-05-03 01:44:54 +00:00
Martin Weinelt
d67fc76603
Merge pull request #120536 from mweinelt/mosquitto 2021-05-03 00:41:21 +02:00
Martin Weinelt
1dbb60f562
nixos/tests/home-assistant: update maintainership to home-assistant team 2021-05-03 00:21:25 +02:00
Martin Weinelt
8ab7fc1107
nixos/tests/home-assistant: test capability passing
Configures the emulated_hue component and expects CAP_NET_BIND_SERVICE
to be passed in order to be able to bind to 80/tcp.

Also print the systemd security analysis, so we can spot changes more
quickly.
2021-05-03 00:21:25 +02:00
Luke Granger-Brown
f2a91ec2b7 nixos/tests/gitdaemon: deflake by using systemd-tmpfiles
git-daemon won't start up if its project directory (here /git) doesn't
exist. If we try to create it using the test harness, then we're racing
whether we manage to connect to the backdoor vs. the startup speed of
git-daemon.

Instead, use systemd-tmpfiles, which is guaranteed(?) to run before
network.target and thus before git-daemon.service starts.
2021-05-02 21:58:43 +00:00
Luke Granger-Brown
a6fb22a689 nixos/tests/rspamd: increase memory
rspamd seems to be consuming more memory now sometimes, causing OOMs in
the test.

Increase the memory given to these VMs to make the tests pass more
reliably.
2021-05-02 21:50:17 +00:00
Luke Granger-Brown
da000ae239 nixos/tests/custom-ca: fix by setting Content-Type
This test was failing because Firefox was displaying a download prompt
rather than the page content, presumably because mumble mumble
content-type sniffing.

By explicitly setting a content-type, the test now passes.
2021-05-02 21:38:56 +00:00
Michael Weiss
c6325c8325
nixos/tests: Replace QEMU_OPTS usages with virtualisation.qemu.options
See [0]: "QEMU_OPTS is something that should be set by people running VM
tests interactively, to do port forwardings etc.
We really should not poke with it from the test script - that's what
virtualisation.qemu.options is for."

[0]: https://github.com/NixOS/nixpkgs/pull/119615#discussion_r624145020

Co-authored-by: Florian Klink <flokli@flokli.de>
2021-05-01 20:20:29 +02:00
Martin Weinelt
33e867620e
nixos/mosquitto: harden systemd unit
It can still network, it can only access the ssl related files if ssl is
enabled.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                  0.1

→ Overall exposure level for mosquitto.service: 1.1 OK 🙂
2021-05-01 19:46:48 +02:00
Martin Weinelt
efb30a191e
Merge pull request #120529 from mweinelt/zigbee2mqtt 2021-04-30 21:59:22 +02:00
Florian Klink
44a0debca7
Merge pull request #121021 from pennae/container-sigterm
nixos/nix-containers: use SIGTERM to stop containers
2021-04-30 21:35:16 +02:00
Martin Weinelt
f1e7183f69
nixos/tests/zigbee2mqtt: relax DevicePolicy and log systemd-analye security 2021-04-30 19:42:26 +02:00
Michael Weiss
28b8cff301
nixos/tests/cage: Fix the test with wlroots 0.13
See #119615 for more details. The aarch64-linux test failed with
"qemu-system-aarch64: Virtio VGA not available" so I've restricted the
test to x86_64-linux (the virtio paravirtualized 3D graphics driver is
likely only available on very few platforms).
2021-04-30 15:57:04 +02:00
pennae
317a2c9f26 nixos/nix-containers: add tests for early/no-machined container stop 2021-04-30 15:43:27 +02:00