BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
286964 commits 1 branch 0 tags 3.8 GiB
Commit graph

3393 commits

Author SHA1 Message Date
github-actions[bot]
afe3fd192f
Merge staging-next into staging 2021-05-03 00:53:51 +00:00
Martin Weinelt
d67fc76603
Merge pull request #120536 from mweinelt/mosquitto 2021-05-03 00:41:21 +02:00
Martin Weinelt
1dbb60f562
nixos/tests/home-assistant: update maintainership to home-assistant team 2021-05-03 00:21:25 +02:00
Martin Weinelt
8ab7fc1107
nixos/tests/home-assistant: test capability passing 
Configures the emulated_hue component and expects CAP_NET_BIND_SERVICE
to be passed in order to be able to bind to 80/tcp.

Also print the systemd security analysis, so we can spot changes more
quickly.
 2021-05-03 00:21:25 +02:00
Martin Weinelt
33e867620e
nixos/mosquitto: harden systemd unit 
It can still network, it can only access the ssl related files if ssl is
enabled.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                  0.1

→ Overall exposure level for mosquitto.service: 1.1 OK 🙂
 2021-05-01 19:46:48 +02:00
github-actions[bot]
ef6416a6ba
Merge staging-next into staging 2021-05-01 00:54:32 +00:00
Martin Weinelt
efb30a191e
Merge pull request #120529 from mweinelt/zigbee2mqtt 2021-04-30 21:59:22 +02:00
Florian Klink
44a0debca7
Merge pull request #121021 from pennae/container-sigterm 
nixos/nix-containers: use SIGTERM to stop containers
 2021-04-30 21:35:16 +02:00
github-actions[bot]
20ebbe6b59
Merge staging-next into staging 2021-04-30 18:26:34 +00:00
Martin Weinelt
f1e7183f69
nixos/tests/zigbee2mqtt: relax DevicePolicy and log systemd-analye security 2021-04-30 19:42:26 +02:00
Michael Weiss
28b8cff301
nixos/tests/cage: Fix the test with wlroots 0.13 
See #119615 for more details. The aarch64-linux test failed with
"qemu-system-aarch64: Virtio VGA not available" so I've restricted the
test to x86_64-linux (the virtio paravirtualized 3D graphics driver is
likely only available on very few platforms).
 2021-04-30 15:57:04 +02:00
pennae
317a2c9f26 nixos/nix-containers: add tests for early/no-machined container stop 2021-04-30 15:43:27 +02:00
github-actions[bot]
b4766e97ee
Merge staging-next into staging 2021-04-30 00:52:06 +00:00
Michael Weiss
af99194379
nixos/tests/cage: Increase the xterm font size to fix the test 
The result still looks far from ideal but at least it gets recognized
now. "-fa Monospace" is required to switch to a font from the FreeType
library so that "-fs 24" works.

Note: Using linuxPackages_latest is not required anymore.
 2021-04-29 21:08:10 +02:00
github-actions[bot]
3ad64733d9
Merge staging-next into staging 2021-04-29 18:28:08 +00:00
Kim Lindberger
abecdfea73
Merge pull request #120833 from talyz/pipewire-0.3.26 
pipewire: 0.3.25 -> 0.3.26
 2021-04-29 18:46:35 +02:00
Florian Klink
7f9a5ad257
cage: drop maintainership (#121174) 
I cannot currently maintain this, as I don't have access to the hardware
running it anymore.
 2021-04-29 18:07:13 +02:00
github-actions[bot]
54e69b71cd
Merge staging-next into staging 2021-04-29 12:26:05 +00:00
WilliButz
674cea17a7
Merge pull request #120492 from SuperSandro2000/prometheus-unbound-exporter 
Prometheus unbound exporter
 2021-04-29 10:54:22 +02:00
Sandro Jäckel
d3fe53a8a6
nixos/tests/prometheus-exporters: nixpkgs-fmt 2021-04-29 06:19:31 +02:00
Sandro Jäckel
da858b16b8
nixos/tests/prometheus-exporters: add unbound test 
Author: WilliButz <willibutz@posteo.de>
 2021-04-29 06:19:30 +02:00
Jan Tojnar
76c3a6aafd
Merge branch 'staging-next' into staging 2021-04-29 02:35:54 +02:00
Luke Granger-Brown
f64e68e09b
Merge pull request #120071 from johanot/ceph-16 
ceph: 15.2.10 -> 16.2.1
 2021-04-29 00:03:45 +01:00
github-actions[bot]
655989d7b3
Merge staging-next into staging 2021-04-28 00:15:29 +00:00
Samuel Dionne-Riel
1f4dedfa64
Merge pull request #120667 from samueldr/fix/grub1-test 
nixosTests.installer: Fix grub1 test being unreliable
 2021-04-27 19:32:13 -04:00
github-actions[bot]
97889a52e1
Merge staging-next into staging 2021-04-27 18:14:28 +00:00
talyz
1215bd4ea9
Revert "nixos/tests/gitlab: add 32 byte secrets" 
This reverts commit d6e0d38b84.

We need shorter secrets to continue working, since the earlier
recommendation was too short and there's no way to rotate the them.
 2021-04-27 18:08:59 +02:00
talyz
6edd102013
pipewire: Fix tests 2021-04-27 12:41:35 +02:00
github-actions[bot]
f0290a5d27
Merge staging-next into staging 2021-04-26 18:14:28 +00:00
Luke Granger-Brown
825a9ad1f9
Merge pull request #120286 from lukegb/hibernate-install 
nixos/tests/hibernate: install a system instead
 2021-04-26 18:00:41 +01:00
Samuel Dionne-Riel
7d112134de nixosTests.installer: Fix grub1 test being unreliable 
The kernel sometimes assigns `/dev/sdb` to the 8GiB disk. This, in turn,
means the test will fail because we're targeting the wrong disk.

```
machine # [    0.000000] sd 2:0:0:0: [sda] 16777216 512-byte logical blocks: (8.59 GB/8.00 GiB)
machine # [    0.000000] sd 3:0:0:0: [sdb] 1048576 512-byte logical blocks: (537 MB/512 MiB)
```

```
machine # [    0.000000] sd 2:0:0:0: [sdb] 16777216 512-byte logical blocks: (8.59 GB/8.00 GiB)
machine # [    0.000000] sd 3:0:0:0: [sda] 1048576 512-byte logical blocks: (537 MB/512 MiB)
```

Note how the "sd x:0:0:0:` ID is stable. That is because QEMU **is**
told to give specific identifiers to the disks. So using the
dev/disk/by-id/ identifiers is stable.

* * *

Tested by forcing the sda/sdb swap this way:

    diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
    index 24c55081f9a..2eee224351b 100644
    --- a/nixos/tests/installer.nix
    +++ b/nixos/tests/installer.nix
    @@ -702,12 +702,19 @@ in {
               + " mkpart primary linux-swap 1M 1024M"
               + " mkpart primary ext2 1024M -1s",
               "udevadm settle",
    +      )
    +      print(machine.succeed("find /dev/disk/ '!' -type d -printf '%p → %l\n' | sort"))
    +      machine.succeed(
               "mkswap ${grubDevice}-part1 -L swap",
               "swapon -L swap",
               "mkfs.ext3 -L nixos ${grubDevice}-part2",
               "mount LABEL=nixos /mnt",
               "mkdir -p /mnt/tmp",
           )
    +      machine.succeed("echo success")
    +      machine.succeed(
    +          'if [[ "$(find ${grubDevice} -printf \'%l\')" != "../../sdb" ]]; then exit 22; else true; fi'
    +      )
         '';
         grubVersion = 1;
         # /dev/sda is not stable, even when the SCSI disk number is.

And ran this way:

     $ until (clear; tmux clear ; time env -i nix-build nixos/release-combined.nix -A nixos.tests.installer.grub1.x86_64-linux); do echo derp; done
 2021-04-25 19:59:29 -04:00
github-actions[bot]
9a945aac72
Merge staging-next into staging 2021-04-25 18:14:18 +00:00
Luke Granger-Brown
ed83f6455c
Merge pull request #119443 from ambroisie/add-podgrab 
Add podgrab package and module
 2021-04-25 14:12:40 +01:00
github-actions[bot]
1626c4772a
Merge staging-next into staging 2021-04-25 12:06:12 +00:00
Frederik Rietdijk
c648f7ee2a Merge master into staging-next 2021-04-25 13:54:29 +02:00
Luke Granger-Brown
0cc25061b0
Merge pull request #114240 from sorki/containers/nested 
nixos/nixos-containers: default boot.enableContainers to true
 2021-04-25 11:37:01 +01:00
Jan Tojnar
c1f851b2ee
Merge branch 'staging-next' into staging 2021-04-25 08:22:13 +02:00
github-actions[bot]
a956f62ea4
Merge master into staging-next 2021-04-25 06:05:34 +00:00
Jan Tojnar
0f1c4558d3
Merge branch 'master' into staging-next 
Choose binwalk 2.3.1, 27 is legacy version for Python 2.
 2021-04-25 02:50:48 +02:00
Martin Weinelt
ceb26b53d8 nixos/tests/babeld: drop forwarding sysctls 
They are now set as part of the babeld module.
 2021-04-25 00:55:05 +02:00
Maximilian Bosch
7b2982e22e
Merge pull request #119498 from mweinelt/tests-bird 
nixos/test/prometheus-exporters/bird: fix race condition
 2021-04-24 21:13:09 +02:00
Michael Raskin
d04f1c4314
Merge pull request #101071 from ju1m/apparmor 
apparmor: try again to fix and improve
 2021-04-24 11:24:26 +00:00
github-actions[bot]
944e32775d
Merge staging-next into staging 2021-04-24 00:16:20 +00:00
github-actions[bot]
6e7c70d02d
Merge master into staging-next 2021-04-24 00:16:17 +00:00
Martin Weinelt
fc55a1bdd4
nixos/tests/prometheus-exporters/bird: set router id 
Previously bird would refuse to start up because the router id wasn't
set.

> bird[682]: Cannot determine router ID, please configure it manually
 2021-04-23 23:34:26 +02:00
Maximilian Bosch
f62b42f405
Merge pull request #120125 from BBBSnowball/pr-add-config-nextcloud-imagick-rename-option 
nixos/nextcloud: Rename option disableImagemagick to enableImagemagick
 2021-04-23 23:27:34 +02:00
davidak
513143fe4e kbd: add tests and update them 2021-04-23 16:41:11 +02:00
Julien Moutinho
76887d750b nixos/apparmor: add test for apparmorRulesFromClosure 2021-04-23 07:20:20 +02:00
Luke Granger-Brown
32d80aaaa5 nixos/tests/hibernate: install a system instead 
Rather than relying on carefully avoiding touching the 9P-mounted
/nix/store, we instead install a small NixOS system, similar to
the installer tests, and boot from that.

This avoids the various pitfalls associated with trying to unsuspend
properly and trades off a bunch of boilerplate for what will hopefully
be a more reliable test.

Additionally, this test now actually tests booting the system using a
bootloader, rather than the previous method of just booting the kernel
directly.
 2021-04-23 01:30:38 +00:00
github-actions[bot]
b95da5efb6
Merge master into staging-next 2021-04-22 18:14:27 +00:00