Commit graph

517 commits

Author SHA1 Message Date
Eric Sagnes
2d2c311304 cadvisor test: fix (#18671)
* influxdb module: add postStart

* cadvisor module: increase TimeoutStartSec

Under high load, the cadvisor module can take longer than the default 90
seconds to start. This change should hopefully fix the test on Hydra.
2016-09-16 22:06:16 +02:00
Eric Sagnes
db387a6f0d cadvisor: fix test 2016-09-15 21:28:41 +09:00
aszlig
1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
aszlig
f7563efa6e
nixos/tests/vbox: Add destroyVM for all subtests
One reason why it took me so long for debugging the test failure with
systemd-detect-virt was that simple-cli has succeeded while the former
has not.

This now makes sure we have consistency accross all the subtests and if
problems like the one in the previos commit ever show up again, we will
have just the headless test succeeding and it's more obvious where the
actual problem resides.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-14 02:12:16 +02:00
aszlig
80c2cc350c
nixos/tests/vbox: Disable audio for VBox guests
We don't have (simulated) sound hardware within the qemu VM, neither do
we have it available within VirtualBox that's running within the qemu
VMs.

With sound hardware the VirtualBox UI displays an error dialog, which in
turn causes the VM process to hang on unregister. This in turn has
caused the tests to fail because of the following error:

Cannot unregister the machine '...' while it is locked

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 23:17:47 +02:00
Reno Reckling
8ea8659f29 Remove tomcat vm test timing issues
(cherry picked from commit 090f1f0722b79cbba5f0abccac61496398789762)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 22:46:46 +02:00
Jaka Hudoklin
7a9dd489d6 Merge pull request #18481 from offlinehacker/pkgs/docker/1.12.1
docker: 1.10.3 -> 1.12.1
2016-09-13 15:59:18 +02:00
aszlig
562c7f56f0
nixos/tests/vbox: Make shutdown less noisy
Using waitUntilSucceeds for testing whether the shutdown signalling
files have vanished is quite noisy because it prints two lines for every
try. This is now fixed with a while loop on the guest VM which does the
same check but with only one output for the command that's executed and
another one when the conditions are met.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:55:52 +02:00
Jaka Hudoklin
5d9c62541a docker module: updates
- logDriver option, use journald for logging by default
- keep storage driver intact by default, as docker has sane defaults
- do not choose storage driver in tests, docker will choose by itself
- use dockerd binary as "docker daemon" command is deprecated and will be
  removed
- add overlay2 to list of storage drivers
2016-09-13 12:51:13 +02:00
Alexander Ried
60a9edbbeb tests.networking: remove network-interfaces.target 2016-09-13 11:19:23 +02:00
Reno Reckling
6ff44c571b mumble: fix failing vm tests
modify tests to not fail if the event handlers are
registered too slowly or if the wrong window is in focus

(cherry picked from commit e087b0d12f97604ee1fdd09ef3d78b772c12468e)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 09:45:08 +02:00
Franz Pletz
5a7e5537aa Merge pull request #18298 from teh/prometheus-service
Prometheus service
2016-09-11 23:18:36 +02:00
Domen Kožar
fed3501b07 Remove docker-registry as it's deprecated #18209 2016-09-09 18:50:42 +02:00
Thomas Tuegel
e5a79b0eae
nixos/tests/kde5: rename from sddm-kde5 and run by default
(cherry picked from commit 701f02a6eed902835e3d2a27838723cd9a7bb66a)
2016-09-09 10:12:38 -05:00
Thomas Tuegel
0fdaae8be4
nixos/tests/sddm-kde5: don't run tests through krunner
(cherry picked from commit 1f510dc7cd1dbb67bbf6574983de1dc5ebde1a1d)
2016-09-09 10:12:31 -05:00
Rodney Lorrimar
5537503dec nixos/tests/pump.io: Fix systemd unit config
Ref #18209

(cherry picked from commit 3fd603c02f339778c8ea24c2fadacb91185eb1c7)
2016-09-08 17:06:49 +01:00
Eric Sagnes
f39f829441 nixos: unbreak influxdb test (due to new API)
Data from the documentation example[1] was used.

[1] https://docs.influxdata.com/influxdb/v1.0/guides/writing_data/

[Bjørn: change commit message.]
2016-09-08 15:01:10 +02:00
aszlig
75efdc6502
nixos/tests/blivet: Fix btrfs-related tests
The loopback-based tests use a storage size of 102400 blocks (one block
is 1024 bytes), which doesn't seem to fit for btrfs volumes in recent
btrfs versions. I'm setting this to 409600 (400 MB) now so that it
should be enough for later versions in case they need even more space
for subvolumes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-07 16:32:12 +02:00
aszlig
fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3: Fix starting the firewall
  e090701e2d: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Benjamin Staffin
58869cf310 prometheus service: add
This is based on @benleys work: https://github.com/NixOS/nixpkgs/pull/8216
I updated changed the user and group ids.
2016-09-04 20:03:32 +01:00
Jaka Hudoklin
c083ab99b2 Merge pull request #17969 from offlinehacker/pkgs/etcd/update-3.0.6
Update etcd, improve nixos module, fix nixos tests
2016-09-04 16:31:50 +02:00
Jörg Thalheim
94dd66882f ferm: fix race condition in integration test (#18288)
curl sent the request faster then nginx bound the port in some cases
2016-09-04 14:34:06 +02:00
Joachim F
78b4b632ae Merge pull request #18085 from Mic92/ferm
ferm: add integration test
2016-09-03 17:27:38 +02:00
Joachim F
3db5311be9 Merge pull request #18207 from tavyc/quagga-module
quagga service: init
2016-09-03 16:23:23 +02:00
Graham Christensen
ff5fd1ec40 etcd-cluster: split up openssl commands 2016-09-03 13:59:28 +02:00
Vladimír Čunát
02217bf697 Merge #17838: postgresql: Fix use with extensions 2016-09-02 20:09:40 +02:00
Octavian Cerna
eb14130934 quagga test: Add test for the quagga service. 2016-09-02 14:00:32 +03:00
Lancelot SIX
5b8072fff6
postgresql: Fix use with extensions
Fixes #15512 and #16032

With the multi output, postgresql cannot find at runtime what is its
basedir when looking for libdir and pkglibdir. This commit fixes that.
2016-09-02 11:51:21 +02:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Jörg Thalheim
2ed6529444
ferm: add integration test 2016-08-29 15:34:30 +02:00
Jaka Hudoklin
0630233afa etcd module: add test for simple one node etcd service 2016-08-25 14:42:22 +02:00
Jaka Hudoklin
8256c07fc0 etcd module: add support for ssl, better defaults, fix tests 2016-08-24 20:12:24 +02:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Eelco Dolstra
3fe93d2f75 Fix virtualbox test evaluation 2016-08-23 13:05:14 +02:00
Tuomas Tynkkynen
74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
obadz
1759825b34 nixos/tests/ecryptfs: placate some commands causing many builds failure
These commands shouldn't have to be here in the first place as ecryptfs
homes should be automatically unmounted during logoff.
2016-08-16 02:47:08 +01:00
Robin Gloster
bea8972d96 nixos.tests.boot-stage1: disable pic for kernel module 2016-08-13 09:49:24 +00:00
Graham Christensen
5d2980aa8e
gocd-agent / gocd-server: Reduce test memory requirements so Hydra builds 2016-08-10 16:21:35 -04:00
Graham Christensen
d969f3fa51
gocd-agent: 16.7.0 startup fixes + test improvements
- Agent now takes a full URL to the Go.CD server
 - Instruct the agent to attempt restart every 30s upon failure
 - Test's Accept header did not match the server's expectation
 - Replace the tests' complex Awk matches with calls to `jq`
2016-08-10 15:47:29 -04:00
Shawn Warren
8750b4892e bump gocd-agent version to 16.6.0-3590 (#17311)
Update gocd-agent package version to 16.6.0-3590 including new sha.  Modify heapSize
and maxMemory mkOption to accurately reflect their intended purpose of configuring
initial java heap sizes.
2016-08-10 17:10:13 +02:00
Frederik Rietdijk
8955dc5e7e Merge pull request #17464 from cransom/cassandra
Cassandra
2016-08-10 11:42:57 +02:00
obadz
74b3ad148d nixos/tests/installer.nix: add libxml2 & libxslt to prevent download attempts 2016-08-09 17:01:42 +01:00
Casey Ransom
9ecc587e3b cassandra service: init
The module will configure a Cassandra server with common options being
tweakable. Included is also a test which will spin up 3 nodes and
verify that the cluster can be formed, broken, and repaired.
2016-08-02 20:58:35 -04:00
Arnold Krille
07de11f165 containers: add myself to the maintainers of the tests
Seems like the right thing to do.
2016-07-28 23:06:41 +02:00
Arnold Krille
9045a8e24c declarative containers: additional veths
With these changes, a container can have more then one veth-pair. This allows for example to have LAN and DMZ as bridges on the host and add dedicated containers for proxies, ipv4-firewall and ipv6-firewall. Or to have a bridge for normal WAN, one bridge for administration and one bridge for customer-internal communication. So that web-server containers can be reached from outside per http, from the management via ssh and can talk to their database via the customer network.

The scripts to set up the containers are now rendered several times instead of just one template. The scripts now contain per-container code to configure the extra veth interfaces. The default template without support for extra-veths is still rendered for the imperative containers.

Also a test is there to see if extra veths can be placed into host-bridges or can be reached via routing.
2016-07-28 23:06:41 +02:00
Luca Bruno
5c738ec37e gnome3: drop 3.18 2016-07-25 22:49:12 +02:00
Joachim Fasting
88138d43fa
grsecurity test: add note explaining what the tcc -run test accomplishes 2016-07-24 12:54:07 +02:00
Joachim Fasting
8c8d6b4053
grsecurity test: verify that the grsec device node is created 2016-07-24 12:54:07 +02:00
ben smith
c38e6a2a60 mysql: fix replication tests (#17174)
Eliminate race condition in replication test
Remove replication configuration from standalone test
Improve mysql command syntax consistency
2016-07-23 00:37:05 +02:00
Shawn Warren
9886c80daa Add gocd agent and server service packages (#16273)
GoCD is an open source continuous delivery server specializing in advanced workflow
modeling and visualization.  Update maintainers list to include swarren83.  Update
module list to include gocd agent and server module.  Update packages list to include
gocd agent and server package.  Update version, revision and checksum for GoCD
release 16.5.0.
2016-07-23 00:29:18 +02:00
cransom
4a9b640f37 smokeping: init at 2.6.11 (#17090)
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Nikolay Amiantov
9cc70b419c nixos/tests: add hibernation test 2016-07-19 05:20:02 +03:00
obadz
08fe395074 nixos/tests/installer.nix: add curl on host machine
add curl so that rather than seeing the test attempt to download
curl's tarball, we see what it's trying to download.
2016-07-17 21:17:55 +01:00
Nikolay Amiantov
f4ea97ae90 Revert "nixos/tests/installer: Fix matching LUKS prompt"
This reverts commit ec072cbc4c.

See also 193ab8be67
2016-07-17 22:44:54 +03:00
aszlig
ec072cbc4c
nixos/tests/installer: Fix matching LUKS prompt
The LUKS passphrase prompt has changed from "Enter passphrase" to "Enter
LUKS Passphrase" in c69c76ca7e, so the OCR
detection of the test fails indefinitely.

Unfortunately, this doesn't fix the test because we have a real problem
here:

Enter LUKS Passphrase:
killall: cryptsetup: no process killed
Enter LUKS Passphrase:

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2016-07-17 11:20:25 +02:00
obadz
d781bf94c1 ecryptfs: test bug from #16766 2016-07-13 02:00:22 +02:00
obadz
ab6fc29719 ecryptfs: add nixos/tests/ecryptfs.nix 2016-07-13 01:48:41 +02:00
Luca Bruno
5a245c24b0 gnome3: make 3.20 the default 2016-07-10 16:17:37 +02:00
Damien Cassou
fff2d6f395 Add test for emacs module 2016-07-01 11:37:57 +02:00
Joachim Fasting
09cf92ccee
nixos: flesh out the grsecurity test suite
I've failed to figure out what why `paxtest blackhat` hangs the vm, and
have resigned to running individual `paxtest` programs.  This provides
limited coverage, but at least verifies that some important features are
in fact working.

Ideas for future work includes a subtest for basic desktop
functionality.
2016-06-14 03:38:18 +02:00
Damien Cassou
da62589d8e gnome3_20: Add GNOME 3.20 package set 2016-06-06 20:33:58 +02:00
Joel Moberg
20826c2a5d nixos kde5: improve test
IceWM is not part of KDE 5 and is now no longer part of the test. KDE 5
applications: Dolphin, System Monitor, and System Settings are started
in this test.
2016-06-01 17:09:51 +02:00
Eelco Dolstra
9f0e137338 Rename boot.loader.gummiboot.enable -> boot.loader.systemd-boot.enable 2016-06-01 12:55:52 +02:00
Eelco Dolstra
f222689aba Use systemd-boot instead of gummiboot
Gummiboot is part of systemd now so we may as well use it.
2016-05-31 17:02:47 +02:00
aszlig
3b8a2a793c
nixos/tests/vbox: Fix invocation of dbus
VBoxService needs dbus in order to work properly, which failed to start
up so far, because it was searching in /run/current-system/sw for its
configuration files.

We now no longer run with the --system flag but specify the
configuration file directly instead.

This fixes at least the "simple-gui" test and probably the others as
well, which I haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 16:48:32 +02:00
aszlig
3fd3911105
nixos/tests/vbox: Replace waitForWindow with xprop
We can't use waitForWindow here because it runs xwininfo as user root,
who in turn is not authorized to connect to the X server running as
alice.

So instead, we use xprop from user alice which should fix waiting for
the VirtualBox manager window.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 16:48:32 +02:00
aszlig
ecd3cbb9e7
nixos/tests/vbox: Start X server with user "alice"
The VirtualBox tests so far ran the X server as root instead of user
"alice" and it did work, because we had access control turned off by
default.

Fortunately, it was changed in 1541fa351b.

As a side effect, it caused all the VirtualBox tests to fail because
they now can't connect to the X server, which is a good thing because
it's a bug of the VirtualBox tests.

So to fix it, let's just start the X server as user alice.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 15:05:23 +02:00
obadz
e78a99c35b nixos/tests/installer.nix: nixos-generate-config detects LUKS since a7baec7
Fixes nix-build '<nixos/release.nix>' -A tests.installer.luksroot.x86_64-linux
2016-05-26 04:02:36 +01:00
Eelco Dolstra
845c9b50bf boot.initrd.luks.devices: Change into an attribute set
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain

  boot.initrd.luks.devices.crypted.device = "/dev/disk/...";

while configuration.nix can add

  boot.initrd.luks.devices.crypted.allowDiscards = true;

Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
2016-05-25 18:04:21 +02:00
Eelco Dolstra
fe875b4100 nixos/tests/boot.nix: Remove empty module 2016-05-25 11:39:17 +02:00
Eelco Dolstra
3e7b510281 nixos.tests.swraid: Drop mdadm -W
This command is racy because it will return a non-zero exit code if
the array is already clean. This caused numerous random failures. It
should be unnecessary anyway. (Maybe in the past we needed this
because of #15226.)

http://hydra.nixos.org/job/nixos/release-16.03/nixos.tests.installer.swraid.i686-linux
2016-05-24 17:20:22 +02:00
Domen Kožar
b49bf121b8 rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
aszlig
64ca91cac9
nixos/tests/boot-stage1: Add myself to maintainers
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.

If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 21:32:21 +02:00
aszlig
4f796c28d5
nixos/tests: Add a test for boot stage 1
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.

So in order to do this we provide multiple canary processes which are
checked after the system has booted up:

 * canary1: It's a simple forking daemon which just sleeps until it's
            going to be killed. Of course we expect this process to not
            be alive anymore after boot up.
 * canary2: Similar to canary1, but tries to mimick a kthread to make
            sure that it's going to be properly killed at the end of
            stage 1.
 * canary3: Like canary2, but this time using a @ in front of its
            command name to actually prevent it from being killed.
 * kcanary: This one is a real kthread and it runs until killed, which
            shouldn't be the case.

Tested with and without 67223ee and everything works as expected, at
least on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:56:43 +02:00
aszlig
dc6d003011
nixos/tests/installer/swraid: Check for safemode
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:51:38 +02:00
zimbatm
f076f36f8f Merge pull request #14957 from dezgeg/gummiboot-test
NixOS installer tests: Add a test using Gummiboot
2016-05-05 21:14:30 +01:00
aszlig
acf7bc898a
nixos/tests/containers: Remove unused module arg
Just removing the system argument because it doesn't exist (it's
actually config.nixpkgs.system, which we're already using). We won't get
an error anyway if we're not actually using it, so this is just an
aesthetics fix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-04 20:51:01 +02:00
aszlig
9fa30d3bad
nixos/tests/containers-imperative: Fix test
Make sure that we always have everything available within the store of
the VM, so let's evaluate/build the test container fully on the host
system and propagate all dependencies to the VM.

This way, even if there are additional default dependencies that come
with containers in the future we should be on the safe side as these
dependencies should now be included for the test as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @kampfschlaefer, @edolstra
2016-05-04 20:18:27 +02:00
aszlig
f35e9386bd
nixos/tests/chromium: Re-add map for all channels
This partially reverts f2d24b9840.

Instead of disabling the channels via removing the channel mapping from
the tests themselves, let's just explicitly reference the stable test in
release.nix. That way it's still possible to run the beta and dev tests
via something like "nix-build nixos/tests/chromium.nix -A beta" and
achieve the same effect of not building beta and dev versions on Hydra.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-04 18:45:44 +02:00
Eelco Dolstra
f2d24b9840 chromium: Disable Hydra builds of -dev and -beta
It's not the job of Nixpkgs to distribute beta versions of upstream
packages. More importantly, building these delays channel updates by
several hours, which is bad for our security fix turnaround time.
2016-05-04 18:16:27 +02:00
aszlig
e7d3166656
nixos/tests/netboot: Fix evaluation error
Regression introduced by dfe608c8a2.

The commit turns the two arguments into one attrset argument so we need
to adapt that to use the new calling convention.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-03 22:05:11 +02:00
Nahum Shalman
83c0aca062 installer: simple PXE bootable NixOS installer
The Nix store squashfs is stored inside the initrd instead of separately

(cherry picked from commit 976fd407796877b538c470d3a5253ad3e1f7bc68)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-04-29 10:42:39 +01:00
Tuomas Tynkkynen
1feed61164 NixOS installer tests: Add a test using Gummiboot
Issue #14956
2016-04-24 22:05:48 +03:00
Franz Pletz
8cca66f774 Merge pull request #14018 from kampfschlaefer/feature/hostbridge_and_ipv6_for_containers
containers: hostbridge and IPv6
2016-04-24 20:33:46 +02:00
Vladimír Čunát
a1b39b9990 cups tests: finally fix them
Fixes #14748.
2016-04-23 16:17:22 +02:00
Joachim Fasting
55a82158e2
Revert "nixos.tests.printing: fix"
This reverts commit 49894ac857.

Reverting in deference to https://github.com/NixOS/nixpkgs/issues/14782
2016-04-18 13:40:35 +02:00
Joachim Fasting
49894ac857
nixos.tests.printing: fix
Two fixes:

Not really sure why removing `--fail` from the curl calls is necessary,
but with that option, curl erronously reports 404 (which it shouldn't
per my interactive vm testing).

Fix paths to example files used for the printing test

Toghether, these changes allow the test to run to completion on my machine.
2016-04-18 02:21:12 +02:00
aszlig
9ed9e268a2
Merge pull request #14476 (taskserver)
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.

Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.

The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.

Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.

I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
2016-04-15 00:21:49 +02:00
Vladimír Čunát
39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Eelco Dolstra
a42698d2a4 Add a regression test for #14623 2016-04-12 19:13:52 +02:00
Eelco Dolstra
9153d8ed64 Fix X11 tests broken by the removal of -ac
Probably missed a few. Also adding xauth to the system path (it was
already in the closure).
2016-04-12 19:13:47 +02:00
Tuomas Tynkkynen
87b49397bf installer tests: Use different package for testing nix-env -iA
Coreutils is multi-output and the `info` output doesn't seem to be
included on the install disk, failing like this (because now nix-env
wants to build coreutils):

````
machine# these derivations will be built:
machine#   /nix/store/0jk4wzg11sa6cqyw8g7w5lb35axji969-bison-3.0.4.tar.gz.drv
...
machine#   /nix/store/ybjgqwxx63l8cj1s7b8axx09wz06kxbv-coreutils-8.25.drv
machine# building path(s) ‘/nix/store/4xvdi5740vq8vlsi48lik3saz0v5jsx0-coreutils-8.25.tar.xz’
machine# downloading ‘http://ftpmirror.gnu.org/coreutils/coreutils-8.25.tar.xz’...
machine# error: unable to download ‘http://ftpmirror.gnu.org/coreutils/coreutils-8.25.tar.xz’: Couldn't resolve host name (6)
machine# builder for ‘/nix/store/5j3bc5sjr6271fnjh9gk9hrid8kgbpx3-coreutils-8.25.tar.xz.drv’ failed with exit code 1
machine# cannot build derivation ‘/nix/store/ybjgqwxx63l8cj1s7b8axx09wz06kxbv-coreutils-8.25.drv’: 1 dependencies couldn't be built
machine# error: build of ‘/nix/store/ybjgqwxx63l8cj1s7b8axx09wz06kxbv-coreutils-8.25.drv’ failed
````
2016-04-12 17:29:15 +03:00
aszlig
e2383b84f8
nixos/taskserver/helper: Improve CLI subcommands
Try to match the subcommands to act more like the subcommands from the
taskd binary and also add a subcommand to list groups.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:38:37 +02:00
aszlig
ce0954020c
nixos/taskserver: Set allowedTCPPorts accordingly
As suggested by @matthiasbeyer:

"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"

This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".

In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:16:15 +02:00
aszlig
a41b109bc1
nixos/taskserver: Don't change imperative users
Whenever the nixos-taskserver tool was invoked manually for creating an
organisation/group/user we now add an empty file called .imperative to
the data directory.

During the preStart of the Taskserver service, we use process-json which
in turn now checks whether those .imperative files exist and if so, it
doesn't do anything with it.

This should now ensure that whenever there is a manually created user,
it doesn't get killed off by the declarative configuration in case it
shouldn't exist within that configuration.

In addition, we also add a small subtest to check whether this is
happening or not and fail if the imperatively created user got deleted
by process-json.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 03:42:13 +02:00
aszlig
cfb6ce2abe
nixos/tests/taskserver: Make tests less noisy
We were putting the whole output of "nixos-taskserver export-user" from
the server to the respective client and on every such operation the
whole output was shown again in the test log.

Now we're *only* showing these details whenever a user import fails on
the client.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:49:47 +02:00
aszlig
7889fcfa41
nixos/taskserver/helper: Implement deletion
Now we finally can delete organisations, groups and users along with
certificate revocation. The new subtests now make sure that the client
certificate is also revoked (both when removing the whole organisation
and just a single user).

If we use the imperative way to add and delete users, we have to restart
the Taskserver in order for the CRL to be effective.

However, by using the declarative configuration we now get this for
free, because removing a user will also restart the service and thus its
client certificate will end up in the CRL.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:41:41 +02:00
aszlig
3affead91b
nixos/taskserver: Move .pki.fqdn to .fqdn
It's not necessarily related to the PKI options, because this is also
used for setting the server address on the Taskwarrior client.

So if someone doesn't have his/her own certificates from another CA, all
options that need to be adjusted are in .pki. And if someone doesn't
want to bother with getting certificates from another CA, (s)he just
doesn't set anything in .pki.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:42:20 +02:00
aszlig
6de94e7d24
nixos/taskserver: Rename .server options to .pki
After moving out the PKI-unrelated options, let's name this a bit more
appropriate, so we can finally get rid of the taskserver.server thing.

This also moves taskserver.caCert to taskserver.pki.caCert, because that
clearly belongs to the PKI options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:38:16 +02:00