mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-13 13:40:28 +03:00
treewide: format all inactive Nix files
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
This commit is contained in:
Silvan Mosberger
parent
b32a094368
commit
4f0dadbf38
21293 changed files with 701351 additions and 428307 deletions
|
|
@ -1,132 +1,136 @@
|
|||
{ system ? builtins.currentSystem
|
||||
, config ? {}
|
||||
, pkgs ? import ../.. { inherit system config; }
|
||||
, systemdStage1 ? false
|
||||
{
|
||||
system ? builtins.currentSystem,
|
||||
config ? { },
|
||||
pkgs ? import ../.. { inherit system config; },
|
||||
systemdStage1 ? false,
|
||||
}:
|
||||
|
||||
import ../make-test-python.nix ({ lib, ...}:
|
||||
import ../make-test-python.nix (
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
name = "initrd-network-openvpn";
|
||||
{
|
||||
name = "initrd-network-openvpn";
|
||||
|
||||
nodes =
|
||||
let
|
||||
nodes =
|
||||
let
|
||||
|
||||
# Inlining of the shared secret for the
|
||||
# OpenVPN server and client
|
||||
secretblock = ''
|
||||
secret [inline]
|
||||
<secret>
|
||||
${lib.readFile ./shared.key}
|
||||
</secret>
|
||||
# Inlining of the shared secret for the
|
||||
# OpenVPN server and client
|
||||
secretblock = ''
|
||||
secret [inline]
|
||||
<secret>
|
||||
${lib.readFile ./shared.key}
|
||||
</secret>
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
in
|
||||
{
|
||||
|
||||
# Minimal test case to check a successful boot, even with invalid config
|
||||
minimalboot =
|
||||
{ ... }:
|
||||
{
|
||||
boot.initrd.systemd.enable = systemdStage1;
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
openvpn = {
|
||||
# Minimal test case to check a successful boot, even with invalid config
|
||||
minimalboot =
|
||||
{ ... }:
|
||||
{
|
||||
boot.initrd.systemd.enable = systemdStage1;
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
configuration = builtins.toFile "initrd.ovpn" "";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# initrd VPN client
|
||||
ovpnclient =
|
||||
{ ... }:
|
||||
{
|
||||
virtualisation.useBootLoader = true;
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
boot.initrd = {
|
||||
systemd.enable = systemdStage1;
|
||||
systemd.extraBin.nc = "${pkgs.busybox}/bin/nc";
|
||||
systemd.services.nc = {
|
||||
requiredBy = ["initrd.target"];
|
||||
after = ["network.target"];
|
||||
serviceConfig = {
|
||||
ExecStart = "/bin/nc -p 1234 -lke /bin/echo TESTVALUE";
|
||||
Type = "oneshot";
|
||||
openvpn = {
|
||||
enable = true;
|
||||
configuration = builtins.toFile "initrd.ovpn" "";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# This command does not fork to keep the VM in the state where
|
||||
# only the initramfs is loaded
|
||||
preLVMCommands = lib.mkIf (!systemdStage1)
|
||||
''
|
||||
# initrd VPN client
|
||||
ovpnclient =
|
||||
{ ... }:
|
||||
{
|
||||
virtualisation.useBootLoader = true;
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
boot.initrd = {
|
||||
systemd.enable = systemdStage1;
|
||||
systemd.extraBin.nc = "${pkgs.busybox}/bin/nc";
|
||||
systemd.services.nc = {
|
||||
requiredBy = [ "initrd.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "/bin/nc -p 1234 -lke /bin/echo TESTVALUE";
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
|
||||
# This command does not fork to keep the VM in the state where
|
||||
# only the initramfs is loaded
|
||||
preLVMCommands = lib.mkIf (!systemdStage1) ''
|
||||
/bin/nc -p 1234 -lke /bin/echo TESTVALUE
|
||||
'';
|
||||
|
||||
network = {
|
||||
enable = true;
|
||||
network = {
|
||||
enable = true;
|
||||
|
||||
# Work around udhcpc only getting a lease on eth0
|
||||
postCommands = lib.mkIf (!systemdStage1)
|
||||
''
|
||||
# Work around udhcpc only getting a lease on eth0
|
||||
postCommands = lib.mkIf (!systemdStage1) ''
|
||||
/bin/ip addr add 192.168.1.2/24 dev eth1
|
||||
'';
|
||||
|
||||
# Example configuration for OpenVPN
|
||||
# This is the main reason for this test
|
||||
openvpn = {
|
||||
enable = true;
|
||||
configuration = "${./initrd.ovpn}";
|
||||
# Example configuration for OpenVPN
|
||||
# This is the main reason for this test
|
||||
openvpn = {
|
||||
enable = true;
|
||||
configuration = "${./initrd.ovpn}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# VPN server and gateway for ovpnclient between vlan 1 and 2
|
||||
ovpnserver =
|
||||
{ ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 1 2 ];
|
||||
|
||||
# Enable NAT and forward port 12345 to port 1234
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "tun0" ];
|
||||
externalInterface = "eth2";
|
||||
forwardPorts = [ { destination = "10.8.0.2:1234";
|
||||
sourcePort = 12345; } ];
|
||||
};
|
||||
|
||||
# Trust tun0 and allow the VPN Server to be reached
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tun0" ];
|
||||
allowedUDPPorts = [ 1194 ];
|
||||
};
|
||||
|
||||
# Minimal OpenVPN server configuration
|
||||
services.openvpn.servers.testserver =
|
||||
# VPN server and gateway for ovpnclient between vlan 1 and 2
|
||||
ovpnserver =
|
||||
{ ... }:
|
||||
{
|
||||
config = ''
|
||||
dev tun0
|
||||
ifconfig 10.8.0.1 10.8.0.2
|
||||
cipher AES-256-CBC
|
||||
${secretblock}
|
||||
'';
|
||||
virtualisation.vlans = [
|
||||
1
|
||||
2
|
||||
];
|
||||
|
||||
# Enable NAT and forward port 12345 to port 1234
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "tun0" ];
|
||||
externalInterface = "eth2";
|
||||
forwardPorts = [
|
||||
{
|
||||
destination = "10.8.0.2:1234";
|
||||
sourcePort = 12345;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# Trust tun0 and allow the VPN Server to be reached
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tun0" ];
|
||||
allowedUDPPorts = [ 1194 ];
|
||||
};
|
||||
|
||||
# Minimal OpenVPN server configuration
|
||||
services.openvpn.servers.testserver = {
|
||||
config = ''
|
||||
dev tun0
|
||||
ifconfig 10.8.0.1 10.8.0.2
|
||||
cipher AES-256-CBC
|
||||
${secretblock}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Client that resides in the "external" VLAN
|
||||
testclient =
|
||||
{ ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 2 ];
|
||||
};
|
||||
};
|
||||
# Client that resides in the "external" VLAN
|
||||
testclient =
|
||||
{ ... }:
|
||||
{
|
||||
virtualisation.vlans = [ 2 ];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
testScript =
|
||||
''
|
||||
testScript = ''
|
||||
# Minimal test case, checks whether enabling (with invalid config) harms
|
||||
# the boot process
|
||||
with subtest("Check for successful boot with broken openvpn config"):
|
||||
|
|
@ -162,4 +166,5 @@ import ../make-test-python.nix ({ lib, ...}:
|
|||
# Check that ovpnclient is reachable from testclient over the gateway
|
||||
testclient.succeed("nc -w 2 192.168.2.3 12345 | grep -q TESTVALUE")
|
||||
'';
|
||||
})
|
||||
}
|
||||
)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue