Merge remote-tracking branch 'upstream/master' into HEAD

2025-07-13 13:40:28 +03:00 · 2017-09-11 22:52:53 +02:00 · 2017-09-11 22:52:53 +02:00 · 628b6c0e9d
commit 628b6c0e9d
parent c86eb1da5f c3887f0253
126 changed files with 2687 additions and 2186 deletions
--- a/nixos/doc/manual/configuration/summary.xml
+++ b/nixos/doc/manual/configuration/summary.xml
@ -113,7 +113,8 @@ manual</link> for the rest.</para>
      </row>
      <row>
        <entry><literal>assert 1 + 1 == 2; "yes!"</literal></entry>
-        <entry>Assertion check (evaluates to <literal>"yes!"</literal>)</entry>
+        <entry>Assertion check (evaluates to <literal>"yes!"</literal>). See <xref
+    linkend="sec-assertions"/> for using assertions in modules</entry>
      </row>
      <row>
        <entry><literal>let x = "foo"; y = "bar"; in x + y</literal></entry>
--- a/nixos/doc/manual/development/assertions.xml
+++ b/nixos/doc/manual/development/assertions.xml
@ -0,0 +1,80 @@
+<section xmlns="http://docbook.org/ns/docbook"
+        xmlns:xlink="http://www.w3.org/1999/xlink"
+        xmlns:xi="http://www.w3.org/2001/XInclude"
+        version="5.0"
+        xml:id="sec-assertions">
+
+<title>Warnings and Assertions</title>
+
+<para>
+  When configuration problems are detectable in a module, it is a good
+  idea to write an assertion or warning. Doing so provides clear
+  feedback to the user and prevents errors after the build.
+</para>
+
+<para>
+  Although Nix has the <literal>abort</literal> and
+  <literal>builtins.trace</literal> <link xlink:href="https://nixos.org/nix/manual/#ssec-builtins">functions</link> to perform such tasks,
+  they are not ideally suited for NixOS modules. Instead of these
+  functions, you can declare your warnings and assertions using the
+  NixOS module system.
+</para>
+
+<section>
+
+<title>Warnings</title>
+
+<para>
+  This is an example of using <literal>warnings</literal>.
+</para>
+
+<programlisting>
+<![CDATA[
+{ config, lib, ... }:
+{
+  config = lib.mkIf config.services.foo.enable {
+    warnings =
+      if config.services.foo.bar
+      then [ ''You have enabled the bar feature of the foo service.
+               This is known to cause some specific problems in certain situations.
+               '' ]
+      else [];
+  }
+}
+]]>
+</programlisting>
+
+</section>
+
+<section>
+
+<title>Assertions</title>
+
+
+<para>
+  This example, extracted from the
+  <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-17.09/nixos/modules/services/logging/syslogd.nix">
+    <literal>syslogd</literal> module
+  </link> shows how to use <literal>assertions</literal>. Since there
+  can only be one active syslog daemon at a time, an assertion is useful to
+  prevent such a broken system from being built.
+</para>
+
+<programlisting>
+<![CDATA[
+{ config, lib, ... }:
+{
+  config = lib.mkIf config.services.syslogd.enable {
+    assertions =
+      [ { assertion = !config.services.rsyslogd.enable;
+          message = "rsyslogd conflicts with syslogd";
+        }
+      ];
+  }
+}
+]]>
+</programlisting>
+
+</section>
+
+</section>
--- a/nixos/doc/manual/development/option-declarations.xml
+++ b/nixos/doc/manual/development/option-declarations.xml
@ -137,8 +137,8 @@ services.xserver.displayManager.enable = mkOption {
 };</screen></example>

 <example xml:id='ex-option-declaration-eot-backend-sddm'><title>Extending
-    <literal>services.foo.backend</literal> in the <literal>sddm</literal>
-    module</title>
+    <literal>services.xserver.displayManager.enable</literal> in the 
+    <literal>sddm</literal> module</title>
 <screen>
 services.xserver.displayManager.enable = mkOption {
  type = with types; nullOr (enum [ "sddm" ]);
--- a/nixos/doc/manual/development/option-types.xml
+++ b/nixos/doc/manual/development/option-types.xml
@ -157,27 +157,26 @@

 <section xml:id='section-option-types-submodule'><title>Submodule</title>

-  <para>Submodule is a very powerful type that defines a set of sub-options that 
-    are handled like a separate module.
-    It is especially interesting when used with composed types like 
-    <literal>attrsOf</literal> or <literal>listOf</literal>.</para>
+  <para><literal>submodule</literal> is a very powerful type that defines a set
+    of sub-options that are handled like a separate module.</para>

-  <para>The submodule type take a parameter <replaceable>o</replaceable>, that 
-    should be a set, or a function returning a set with an 
-    <literal>options</literal> key defining the sub-options.
-    The option set can be defined directly (<xref linkend='ex-submodule-direct' 
-      />) or as reference (<xref linkend='ex-submodule-reference' />).</para>
+  <para>It takes a parameter <replaceable>o</replaceable>, that should be a set,
+    or a function returning a set with an <literal>options</literal> key
+    defining the sub-options.
+    Submodule option definitions are type-checked accordingly to the
+    <literal>options</literal> declarations.
+    Of course, you can nest submodule option definitons for even higher
+    modularity.</para>

-  <para>Submodule option definitions are type-checked accordingly to the options 
-    declarations. It is possible to declare submodule options inside a submodule 
-    sub-options for even higher modularity.</para>
+  <para>The option set can be defined directly
+    (<xref linkend='ex-submodule-direct' />) or as reference
+    (<xref linkend='ex-submodule-reference' />).</para>

 <example xml:id='ex-submodule-direct'><title>Directly defined submodule</title>
 <screen>
 options.mod = mkOption {
-  name = "mod";
  description = "submodule example";
-  type = with types; listOf (submodule {
+  type = with types; submodule {
    options = {
      foo = mkOption {
        type = int;
@ -186,10 +185,10 @@ options.mod = mkOption {
        type = str;
      };
    };
-  });
+  };
 };</screen></example>

-<example xml:id='ex-submodule-reference'><title>Submodule defined as a 
+<example xml:id='ex-submodule-reference'><title>Submodule defined as a
    reference</title>
 <screen>
 let
@ -206,16 +205,20 @@ let
 in
 options.mod = mkOption {
  description = "submodule example";
-  type = with types; listOf (submodule modOptions);
+  type = with types; submodule modOptions;
 };</screen></example>

-<section><title>Composed with <literal>listOf</literal></title>
-
-  <para>When composed with <literal>listOf</literal>, submodule allows multiple 
-    definitions of the submodule option set.</para>
+  <para>The <literal>submodule</literal> type is especially interesting when
+    used with composed types like <literal>attrsOf</literal> or
+    <literal>listOf</literal>.
+    When composed with <literal>listOf</literal>
+    (<xref linkend='ex-submodule-listof-declaration' />),
+    <literal>submodule</literal> allows multiple definitions of the submodule
+    option set (<xref linkend='ex-submodule-listof-definition' />).</para>
+    

 <example xml:id='ex-submodule-listof-declaration'><title>Declaration of a list 
-    of submodules</title>
+    nof submodules</title>
 <screen>
 options.mod = mkOption {
  description = "submodule example";
@ -239,13 +242,11 @@ config.mod = [
  { foo = 2; bar = "two"; }
 ];</screen></example>

-</section>
-
-
-<section><title>Composed with <literal>attrsOf</literal></title>
-
-  <para>When composed with <literal>attrsOf</literal>, submodule allows multiple 
-    named definitions of the submodule option set.</para>
+  <para>When composed with <literal>attrsOf</literal>
+    (<xref linkend='ex-submodule-attrsof-declaration' />),
+    <literal>submodule</literal> allows multiple named definitions of the
+    submodule option set (<xref linkend='ex-submodule-attrsof-definition' />).
+  </para>

 <example xml:id='ex-submodule-attrsof-declaration'><title>Declaration of 
    attribute sets of submodules</title>
@ -270,7 +271,6 @@ options.mod = mkOption {
 config.mod.one = { foo = 1; bar = "one"; };
 config.mod.two = { foo = 2; bar = "two"; };</screen></example>

-</section>
 </section>

 <section><title>Extending types</title>
--- a/nixos/doc/manual/development/writing-modules.xml
+++ b/nixos/doc/manual/development/writing-modules.xml
@ -178,6 +178,7 @@ in {
 <xi:include href="option-declarations.xml" />
 <xi:include href="option-types.xml" />
 <xi:include href="option-def.xml" />
+<xi:include href="assertions.xml" />
 <xi:include href="meta-attributes.xml" />
 <xi:include href="replace-modules.xml" />

--- a/nixos/maintainers/scripts/openstack/nova-image.nix
+++ b/nixos/maintainers/scripts/openstack/nova-image.nix
@ -1,3 +1,5 @@
+# nix-build '<nixpkgs/nixos>' -A config.system.build.novaImage --arg configuration "{ imports = [ ./nixos/maintainers/scripts/openstack/nova-image.nix ]; }"
+
 { config, lib, pkgs, ... }:

 with lib;
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -363,6 +363,7 @@
  ./services/monitoring/prometheus/default.nix
  ./services/monitoring/prometheus/alertmanager.nix
  ./services/monitoring/prometheus/blackbox-exporter.nix
+  ./services/monitoring/prometheus/collectd-exporter.nix
  ./services/monitoring/prometheus/fritzbox-exporter.nix
  ./services/monitoring/prometheus/json-exporter.nix
  ./services/monitoring/prometheus/nginx-exporter.nix
--- a/nixos/modules/services/monitoring/prometheus/collectd-exporter.nix
+++ b/nixos/modules/services/monitoring/prometheus/collectd-exporter.nix
@ -0,0 +1,128 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.prometheus.collectdExporter;
+
+  collectSettingsArgs = if (cfg.collectdBinary.enable) then ''
+    -collectd.listen-address ${optionalString (cfg.collectdBinary.listenAddress != null) cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
+    -collectd.security-level ${cfg.collectdBinary.securityLevel} \
+  '' else "";
+
+in {
+  options = {
+    services.prometheus.collectdExporter = {
+      enable = mkEnableOption "prometheus collectd exporter";
+
+      port = mkOption {
+        type = types.int;
+        default = 9103;
+        description = ''
+          Port to listen on.
+          This is used for scraping as well as the to receive collectd data via the write_http plugin.
+        '';
+      };
+
+      listenAddress = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "0.0.0.0";
+        description = ''
+          Address to listen on for web interface, telemetry and collectd JSON data.
+        '';
+      };
+
+      collectdBinary = {
+        enable = mkEnableOption "collectd binary protocol receiver";
+
+        authFile = mkOption {
+          default = null;
+          type = types.nullOr types.path;
+          description = "File mapping user names to pre-shared keys (passwords).";
+        };
+
+        port = mkOption {
+          type = types.int;
+          default = 25826;
+          description = ''Network address on which to accept collectd binary network packets.'';
+        };
+
+        listenAddress = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          example = "0.0.0.0";
+          description = ''
+            Address to listen on for binary network packets.
+            '';
+        };
+
+        securityLevel = mkOption {
+          type = types.enum ["None" "Sign" "Encrypt"];
+          default = "None";
+          description = ''
+            Minimum required security level for accepted packets.
+            '';
+        };
+      };
+
+      extraFlags = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''
+          Extra commandline options when launching the collectd exporter.
+        '';
+      };
+
+      logFormat = mkOption {
+        type = types.str;
+        default = "logger:stderr";
+        example = "logger:syslog?appname=bob&local=7 or logger:stdout?json=true";
+        description = ''
+          Set the log target and format.
+        '';
+      };
+
+      logLevel = mkOption {
+        type = types.enum ["debug" "info" "warn" "error" "fatal"];
+        default = "info";
+        description = ''
+          Only log messages with the given severity or above.
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Open port in firewall for incoming connections.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = (optional cfg.openFirewall cfg.port) ++
+      (optional (cfg.openFirewall && cfg.collectdBinary.enable) cfg.collectdBinary.port);
+
+    systemd.services.prometheus-collectd-exporter = {
+      description = "Prometheus exporter for Collectd metrics";
+      unitConfig.Documentation = "https://github.com/prometheus/collectd_exporter";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+        Restart = "always";
+        PrivateTmp = true;
+        WorkingDirectory = /tmp;
+        ExecStart = ''
+          ${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \
+            -log.format ${cfg.logFormat} \
+            -log.level ${cfg.logLevel} \
+            -web.listen-address ${optionalString (cfg.listenAddress != null) cfg.listenAddress}:${toString cfg.port} \
+            ${collectSettingsArgs} \
+            ${concatStringsSep " " cfg.extraFlags}
+        '';
+      };
+    };
+  };
+}
--- a/nixos/modules/services/networking/znc.nix
+++ b/nixos/modules/services/networking/znc.nix
@ -261,7 +261,7 @@ in
            "freenode" = {
              server = "chat.freenode.net";
              port = 6697;
-              ssl = true;
+              useSSL = true;
              modules = [ "simple_away" ];
            };
          };
@ -276,6 +276,14 @@ in
          '';
        };

+        openFirewall = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Whether to open ports in the firewall for ZNC.
+          '';
+        };
+
        passBlock = mkOption {
          example = defaultPassBlock;
          type = types.string;
@ -350,6 +358,10 @@ in

  config = mkIf cfg.enable {

+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+
    systemd.services.znc = {
      description = "ZNC Server";
      wantedBy = [ "multi-user.target" ];
--- a/nixos/modules/virtualisation/cloud-image.nix
+++ b/nixos/modules/virtualisation/cloud-image.nix
@ -1,44 +0,0 @@
-# Usage:
-# $ NIX_PATH=`pwd`:nixos-config=`pwd`/nixpkgs/nixos/modules/virtualisation/cloud-image.nix nix-build '<nixpkgs/nixos>' -A config.system.build.cloudImage
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  system.build.cloudImage = import ../../lib/make-disk-image.nix {
-    inherit pkgs lib config;
-    partitioned = true;
-    diskSize = 1 * 1024;
-    configFile = pkgs.writeText "configuration.nix"
-      ''
-        { config, lib, pkgs, ... }:
-
-        with lib;
-
-        {
-          imports = [ <nixpkgs/nixos/modules/virtualisation/cloud-image.nix> ];
-        }
-      '';
-  };
-
-  imports = [ ../profiles/qemu-guest.nix ];
-
-  fileSystems."/".device = "/dev/disk/by-label/nixos";
-
-  boot = {
-    kernelParams = [ "console=ttyS0" ];
-    loader.grub.device = "/dev/vda";
-    loader.timeout = 0;
-  };
-
-  networking.hostName = mkDefault "";
-
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "without-password";
-    passwordAuthentication = mkDefault false;
-  };
-
-  services.cloud-init.enable = true;
-}
--- a/nixos/modules/virtualisation/nova-config.nix
+++ b/nixos/modules/virtualisation/nova-config.nix
@ -22,8 +22,13 @@ with lib;
    boot.loader.timeout = 0;

    # Allow root logins
-    services.openssh.enable = true;
-    services.openssh.permitRootLogin = "prohibit-password";
+    services.openssh = {
+      enable = true;
+      permitRootLogin = "prohibit-password";
+      passwordAuthentication = mkDefault false;
+    };
+
+    services.cloud-init.enable = true;

    # Put /tmp and /var on /ephemeral0, which has a lot more space.
    # Unfortunately we can't do this with the `fileSystems' option
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@ -93,7 +93,7 @@ in rec {
        (all nixos.tests.keymap.dvp)
        (all nixos.tests.keymap.neo)
        (all nixos.tests.keymap.qwertz)
-        (all nixos.tests.plasma5)
+        nixos.tests.plasma5.x86_64-linux # avoid big build on i686
        (all nixos.tests.kernel-latest)
        (all nixos.tests.kernel-lts)
        (all nixos.tests.kernel-params)
@ -119,10 +119,9 @@ in rec {
        (all nixos.tests.sddm.default)
        (all nixos.tests.simple)
        (all nixos.tests.slim)
-        (all nixos.tests.sysctl)
+        nixos.tests.sysctl.x86_64-linux # i686 fails
        (all nixos.tests.udisks2)
        (all nixos.tests.xfce)
-        (all nixos.tests.xmonad)

        nixpkgs.tarball
        (all allSupportedNixpkgs.emacs)
--- a/nixos/release.nix
+++ b/nixos/release.nix
@ -240,7 +240,7 @@ in rec {
  tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; });
  tests.ec2-nixops = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-nixops;
  tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config;
-  tests.elk = callTest tests/elk.nix {};
+  tests.elk = hydraJob (import tests/elk.nix { system = "x86_64-linux"; });
  tests.env = callTest tests/env.nix {};
  tests.ferm = callTest tests/ferm.nix {};
  tests.firefox = callTest tests/firefox.nix {};