Commit graph

21456 commits

Author SHA1 Message Date
Michael Weiss
28a1e9516d
Merge pull request #122627 from primeos/nixos-tests-signal-desktop-db-encryption
nixos/tests/signal-desktop: test if the SQLite DB is (un)encrypted
2021-05-13 21:40:07 +02:00
Michael Weiss
217f268534
nixos/tests/signal-desktop: test if the SQLite DB is (un)encrypted
Well, this should test if the database is encrypted but currently it is
still unencrypted and we need to notice if this behaviour changes in the
future (as it will cause data loss, see e.g. #108772).
Anyway, this doesn't really matter for security reasons but we need this
test to prevent data loss (unfortunately Signal-Desktop and SQLCipher
handle this badly... :o).
2021-05-13 21:18:28 +02:00
Michael Weiss
60f2af5938
Merge pull request #122605 from primeos/nixos-sway-extend-default-configuration
nixos/sway: Extend the default configuration for NixOS
2021-05-13 20:48:55 +02:00
Jonas Chevalier
c6b62f2381
mkShell: introduce packages argument (#122180)
The distinction between the inputs doesn't really make sense in the
mkShell context.  Technically speaking, we should be using the
nativeBuildInputs most of the time.

So in order to make this function more beginner-friendly, add "packages"
as an attribute, that maps to nativeBuildInputs.

This commit also updates all the uses in nixpkgs.
2021-05-13 19:17:29 +02:00
Luke Granger-Brown
ca6255bf0b nixos/docker: fix evaluation when NAT is enabled too
Both networking.nat.enable and virtualisation.docker.enable now want to
make sure that the IP forwarding sysctl is enabled, but the module
system dislikes that both modules contain this option.

Realistically this should be refactored a bit, so that the Docker module
automatically enables the NAT module instead, but this is a more obvious
fix.
2021-05-13 10:26:45 +00:00
midchildan
6567031111
nixos/mirakurun: add polkit rule for smart card access (#122066)
Fixes #122039
2021-05-12 13:57:49 -04:00
davidak
afc1b5220e
Merge pull request #122438 from xaverdh/linux-5.12
linux_5_12: init at 5.12.2
2021-05-12 02:58:55 +02:00
Michael Weiss
00e8e5b123
nixos/sway: Extend the default configuration for NixOS
The default config.in template contains
"include @sysconfdir@/sway/config.d/*" but we've dropped it to better
support non-NixOS (which seems like a mistake in retrospect).
This restores that behaviour and extends the default configuration via
nixos.conf to fix #119445.

Note: The security configurations (security.d) where dropped entirely
(but maybe they'll return).
2021-05-11 18:53:49 +02:00
Tom
33a4c43126
nixos/tor: fix HidServAuth (#122439)
* add an example for services.tor.settings.HidServAuth

* fix HidServAuth validation to require ".onion"
  Per https://manpages.debian.org/testing/tor/torrc.5.en.html :
  > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
2021-05-11 10:10:32 +02:00
Jörg Thalheim
8af4bf61fd
Merge pull request #122423 from Izorkin/update-netdata
nixos/netdata: update configuration
2021-05-11 06:07:48 +01:00
Robert Schütz
7217b2d85e
Merge pull request #121785 from dotlambda/dendrite-rename
matrix-dendrite: rename to dendrite
2021-05-10 23:30:12 +02:00
Joe DeVivo
bf92d0ec37 nixos/ssm-agent: conf files written to /etc
ssm-agent expects files in /etc/amazon/ssm. The pkg substitutes a location in
the nix store for those default files, but if we ever want to adjust this
configuration on NixOS, we'd need the ability to modify that file.

This change to the nixos module writes copies of the default files from the nix
store to /etc/amazon/ssm. Future versions can add config, but right now this
would allow users to at least write out a text value to
environment.etc."amazon/ssm/amazon-ssm-agent.json".text to provide
their own config.
2021-05-10 13:16:41 -07:00
Samuel Dionne-Riel
37f14fa4d9
Merge pull request #121450 from samueldr/feature/cross-uefi-iso
iso-image: Fixes for cross-compilation
2021-05-10 14:42:59 -04:00
Samuel Dionne-Riel
79752e2310
Merge pull request #121834 from samueldr/feature/raspberrypi4-image-cleanup
sd_image_raspberrypi4: Remove, as planned initially
2021-05-10 14:05:02 -04:00
Sandro
f0bb4f066a
Merge pull request #95050 from paumr/bind-fmt 2021-05-10 19:06:00 +02:00
Dominik Xaver Hörl
db0294aa60 linux_5_12: init at 5.12.2 2021-05-10 11:43:23 +02:00
Izorkin
85914bc01d
nixos/netdata: change wrappers permissions 2021-05-10 10:35:51 +03:00
Izorkin
859633ee43
nixos/netdata: use cgroup v2 2021-05-10 10:24:31 +03:00
Izorkin
58497175be
nixos/netdata: cgroup-network: don't use AmbientCapabilities 2021-05-10 10:19:57 +03:00
Michele Guerini Rocco
4cbe186a8a
Merge pull request #121394 from bjornfor/atd-file-creation
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
2021-05-10 08:43:57 +02:00
Michele Guerini Rocco
d0cbcce8d4
Merge pull request #121395 from bjornfor/nixos-wpa-supplicant
nixos/wpa_supplicant: prefer 'install' over 'touch/chmod/mkdir/chgrp'
2021-05-10 08:16:39 +02:00
Guillaume Girol
fe50cb0ee1
Merge pull request #122301 from Izorkin/update-test-unit-php
nixos/tests/unit-php: require one of users.users.name.{isSystemUser,isNormalUser}
2021-05-09 20:09:29 +00:00
Félix Baylac-Jacqué
524ff40291
nixosTests.systemd-networkd: remove wireguard kernel module
config.boot.kernelPackages.wireguard evaluates to null on machine
closure having a > 5.6 Linux kernels, hence making the evaluation of
this test fail.

Wireguard is now part of the mainline Linux kernel, we do not need to
to add it via a additional kernel module anymore for this test.
2021-05-09 15:40:19 +02:00
Luke Granger-Brown
491216df02
Merge pull request #122099 from alekna/fix/docker
nixos/docker: ensure ipv4 forwarding is enabled
2021-05-09 12:15:16 +01:00
Michele Guerini Rocco
e5452226af
Merge pull request #121791 from dotlambda/sudo-execWheelOnly
nixos/sudo: add option execWheelOnly
2021-05-09 10:04:15 +02:00
Izorkin
506646e48b
nixos/tests/unit-php: require one of users.users.name.{isSystemUser,isNormalUser} 2021-05-09 07:42:02 +03:00
Robert Hensing
e312fc23c4
Merge pull request #122282 from roberth/docker-tools-reenable-lint
nixos/tests/docker-tools*: enable linting
2021-05-09 03:33:42 +02:00
Robert Hensing
75c4fc1c8b nixos/testing-python.nix: Move makeWrapper to nativeBuildInputs 2021-05-09 03:04:03 +02:00
Robert Hensing
8c868f47a8 Revert "nixos/tests/docker-tools*: remove useless formatter"
Annoyed with the interference of the python formatting of
generated code (see #72964), I took matters into my own hands
as maintainer of dockerTools.

Afterwards, I've created a PR, hoping to unstuck the discussion.

@aszlig took notice and thanks to his python ecosystem knowledge,
the testing efforts of @blaggacao and @Ma27, and a sense of
shared suffering and comraderie we were able to change the
situation for the better in #122201.

Now, we have a proper linter that actually helps contributors,
so it's time to turn it back on again.

I'm glad we could make it happen this quickly!

Thanks!

This reverts commit 4035049af3.
2021-05-09 02:57:17 +02:00
aszlig
54bc69637b
nixos/test/virtualbox: Fix linting errors
There were a bunch of unnecessary f-strings in there and I also removed
the "# fmt: on/off" comments, because we no longer use Black and thus
won't need those comments anymore.

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:32 +02:00
aszlig
74bff4e667
nixos/tests/unbound: Remove unused 'json' import
Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:30 +02:00
David Arnold
6ad2e41269
nixos/testing: lint jellyfin test 2021-05-09 02:28:28 +02:00
aszlig
6c0ec527b9
nixos/tests/shadow: Fix linting errors
Linter errors reported:

  6:32 f-string is missing placeholders
  7:26 f-string is missing placeholders
  8:32 f-string is missing placeholders
  30:32 f-string is missing placeholders
  31:26 f-string is missing placeholders
  32:32 f-string is missing placeholders
  48:32 f-string is missing placeholders
  49:26 f-string is missing placeholders
  50:32 f-string is missing placeholders
  76:32 f-string is missing placeholders
  77:26 f-string is missing placeholders
  78:32 f-string is missing placeholders

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:26 +02:00
aszlig
e157ad41cb
nixos/tests/printing: Remove unused 'sys' import
Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:23 +02:00
aszlig
c066cc3c0b
nixos/tests/networking: Fix str literal comparison
Linter error:

  use ==/!= to compare constant literals (str, bytes, int, float, tuple)

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:20 +02:00
aszlig
62a518b904
nixos/tests/yggdrasil: Fix linting error
Linter error was: f-string is missing placeholders

Signed-off-by: aszlig <aszlig@nix.build>
2021-05-09 02:28:18 +02:00
Maximilian Bosch
b782440a62
nixosTests.custom-ca: lint 2021-05-09 02:28:16 +02:00
Maximilian Bosch
b4b5dcb669
nixosTests.containers-imperative: lint 2021-05-09 02:28:14 +02:00
Maximilian Bosch
fc76a44d0f
nixosTests.containers-custom-pkgs: lint
The new linter basically does

   def testScript
      # ...

before calling `pyflakes`. As this test-script is empty, it would lead
to a syntax-error unless `pass` is added.
2021-05-09 02:28:11 +02:00
Maximilian Bosch
774aba102a
nixosTests.chromium: lint
Note: I didn't execute it entirely because I'd have to build chromium
for this, but the diff appears fine.
2021-05-09 02:28:09 +02:00
Robert Hensing
b9e7fb14e2
nixos/tests/nfs: lint 2021-05-09 02:28:07 +02:00
Robert Hensing
06b070ffe7
nixosTests.acme: lint 2021-05-09 02:28:04 +02:00
Robert Hensing
56d9637119
nixos/testing: Set up scope for testScript linter
Our test driver exposes a bunch of variables and functions, which
pyflakes doesn't recognise by default because it assumes that the test
script is executed standalone. In reality however the test driver script
is using exec() on the testScript.

Fortunately pyflakes has $PYFLAKES_BUILTINS, which are the attributes
that are globally available on all modules to be checked. Since we only
have one module, using this environment variable is fine as opposed to
my first approach to this, which tried to use the unstable internal API
of pyflakes.

The attributes are gathered by the main derivation of the test driver,
because we don't want to end up defining a new attribute in the test
driver module just to being confused why using it in a test will result
in an error.

Another way we could have gathered these attributes would be in
mkDriver, which is where the linting takes place. However, we do have a
different set of Python dependencies in scope and duplicating these will
again just cause confusion over having it at one location only.

Signed-off-by: aszlig <aszlig@nix.build>
Co-Authored-By: aszlig <aszlig@nix.build>
2021-05-09 02:26:51 +02:00
Robert Hensing
71087b2bc4
nixos/testing-python.nix: Expose driver
(cherry picked from commit a2c9220568648b4528154ebd8e657add243ed0b4)
2021-05-09 02:26:40 +02:00
aszlig
c362a28fcf
nixos/testing: Switch from black to pyflakes
So far, we have used "black" for formatting the test code, which is
rather strict and opinionated and when used inline in Nix expressions it
creates all sorts of trouble.

One of the main annoyances is that when using strings coming from Nix
expressions (eg. store paths or option definitions from NixOS modules),
completely unrelated changes could cause tests to fail, since eg. black
wants lines to be broken.

Another downside of enforcing a certain kind of formatting is that it
makes the Nix expression code inconsistent because we're mixing two
spaces of indentation (common in nixpkgs) with four spaces of
indentation as defined in PEP-8. While this is perfectly fine for
standalone Python files, it really looks ugly and inconsistent IMO when
used within Nix strings.

What we actually want though is a linter that catches problems early on
before actually running the test, because this is *actually* helping in
development because running the actual VM test takes much longer.

This is the reason why I switched from black to pyflakes, because the
latter actually has useful checks, eg. usage of undefined variables,
invalid format arguments, duplicate arguments, shadowed loop vars and
more.

Signed-off-by: aszlig <aszlig@nix.build>
Closes: https://github.com/NixOS/nixpkgs/issues/72964
2021-05-09 02:26:37 +02:00
Robert Schütz
5624aa9f81 nixos/sudo: add option execWheelOnly
By setting the executable's group to wheel and permissions to 4510, we
make sure that only members of the wheel group can execute sudo.
2021-05-08 23:48:00 +02:00
paumr
5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Hensing
4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include
nixos/unbound: allow list of strings in top-level settings option type
2021-05-08 22:00:57 +02:00
Laurynas Alekna
9317570735 nixos/docker: ensure ipv4 forwarding is enabled
Fixes #118656
2021-05-08 18:58:24 +01:00
Marc 'risson' Schmitt
0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2021-05-08 19:55:17 +02:00