This is the master branch of nixpkgs, initially pulled from commit 8debf2f9a63d54ae4f28994290437ba54c681c7b
The intent of this repo is to be merged onto nixpkgs master. This will also be of help for https://git.suyu.dev/BoomMicrophone/suyu-nix-test
which I will need in order for development (it will also be helpful to know what to do for setting up the environment for the master server. Currently I am focusing on this so I can actually see what is still missing)
This repo will be removed once the PR to the nixpkgs github goes through
b3162a1074
These modules implement a way to test ACME based on a test instance of Letsencrypt's Boulder service. The service implementation is in letsencrypt.nix and the second module (resolver.nix) is a support-module for the former, but can also be used for tests not involving ACME. The second module provides a DNS server which hosts a root zone containing all the zones and /etc/hosts entries (except loopback) in the entire test network, so this can be very useful for other modules that need DNS resolution. Originally, I wrote these modules for the Headcounter deployment, but I've refactored them a bit to be generally useful to NixOS users. The original implementation can be found here: https://github.com/headcounter/deployment/tree/89e7feafb/modules/testing Quoting parts from the commit message of the initial implementation of the Letsencrypt module in headcounter/deployment@95dfb31110: This module is going to be used for tests where we need to impersonate an ACME service such as the one from Letsencrypt within VM tests, which is the reason why this module is a bit ugly (I only care if it's working not if it's beautiful). While the module isn't used anywhere, it will serve as a pluggable module for testing whether ACME works properly to fetch certificates and also as a replacement for our snakeoil certificate generator. Also quoting parts of the commit where I have refactored the same module in headcounter/deployment@85fa481b34: Now we have a fully pluggable module which automatically discovers in which network it's used via the nodes attribute. The test environment of Boulder used "dns-test-srv", which is a fake DNS server that's resolving almost everything to 127.0.0.1. On our setup this is not useful, so instead we're now running a local BIND name server which has a fake root zone and uses the mentioned node attribute to automatically discover other zones in the network of machines and generate delegations from the root zone to the respective zones with the primaryIPAddress of the node. ... We want to use real letsencrypt.org FQDNs here, so we can't get away with the snakeoil test certificates from the upstream project but now roll our own. This not only has the benefit that we can easily pass the snakeoil certificate to other nodes, but we can (and do) also use it for an nginx proxy that's now serving HTTPS for the Boulder web front end. The Headcounter deployment tests are simulating a production scenario with real IPs and nameservers so it won't need to rely on networking.extraHost. However in this implementation we don't necessarily want to do that, so I've added auto-discovery of networking.extraHosts in the resolver module. Another change here is that the letsencrypt module now falls back to using a local resolver, the Headcounter implementation on the other hand always required to add an extra test node which serves as a resolver. I could have squashed both modules into the final ACME test, but that would make it not very reusable, so that's the main reason why I put these modules in tests/common. Signed-off-by: aszlig <aszlig@redmoonstudios.org> |
||
|---|---|---|
| .github | ||
| doc | ||
| lib | ||
| maintainers/scripts | ||
| nixos | ||
| pkgs | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| .version | ||
| COPYING | ||
| default.nix | ||
| README.md | ||
Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:
% git remote add channels git://github.com/NixOS/nixpkgs-channels.git
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. nixos-17.03 for the latest
release and nixos-unstable for the latest successful build of master:
% git remote update channels
% git rebase channels/nixos-17.03
For pull-requests, please rebase onto nixpkgs master.
NixOS linux distribution source code is located inside
nixos/ folder.
- NixOS installation instructions
- Documentation (Nix Expression Language chapter)
- Manual (How to write packages for Nix)
- Manual (NixOS)
- Nix Wiki (deprecated, see milestone "Move the Wiki!")
- Continuous package builds for unstable/master
- Continuous package builds for 17.03 release
- Tests for unstable/master
- Tests for 17.03 release
Communication: