Merge branch 'master' into staging-next

2025-07-14 06:00:33 +03:00 · 2019-09-15 13:18:54 +02:00 · 2019-09-15 13:18:54 +02:00 · b6c6e1f9e8
commit b6c6e1f9e8
parent 9f8a7d2679 c860babfe6
192 changed files with 4150 additions and 2678 deletions
--- a/nixos/modules/services/continuous-integration/hydra/default.nix
+++ b/nixos/modules/services/continuous-integration/hydra/default.nix
@ -275,6 +275,7 @@ in
              ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O hydra hydra
              touch ${baseDir}/.db-created
            fi
+            echo "create extension if not exists pg_trgm" | ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra
          ''}

          if [ ! -e ${cfg.gcRootsDir} ]; then
@ -379,6 +380,23 @@ in
          };
      };

+    systemd.services.hydra-notify =
+      { wantedBy = [ "multi-user.target" ];
+        requires = [ "hydra-init.service" ];
+        after = [ "hydra-init.service" ];
+        restartTriggers = [ hydraConf ];
+        environment = env // {
+          PGPASSFILE = "${baseDir}/pgpass-queue-runner";
+        };
+        serviceConfig =
+          { ExecStart = "@${cfg.package}/bin/hydra-notify hydra-notify";
+            # FIXME: run this under a less privileged user?
+            User = "hydra-queue-runner";
+            Restart = "always";
+            RestartSec = 5;
+          };
+      };
+
    # If there is less than a certain amount of free disk space, stop
    # the queue/evaluator to prevent builds from failing or aborting.
    systemd.services.hydra-check-space =
@ -416,6 +434,8 @@ in
        hydra-users hydra-queue-runner hydra
        hydra-users hydra-www hydra
        hydra-users root hydra
+        # The postgres user is used to create the pg_trgm extension for the hydra database
+        hydra-users postgres postgres
      '';

    services.postgresql.authentication = optionalString haveLocalDB
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@ -1,7 +1,5 @@
 { config, lib, pkgs, utils, ... }:

-# TODO: support non-postgresql
-
 with lib;

 let
@ -806,8 +804,8 @@ in {
          export otp="$(<'${cfg.secrets.otpFile}')"
          export jws="$(<'${cfg.secrets.jwsFile}')"
          ${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret,
-                                              otp_key_base: $ENV.db,
-                                              db_key_base: $ENV.otp,
+                                              otp_key_base: $ENV.otp,
+                                              db_key_base: $ENV.db,
                                              openid_connect_signing_key: $ENV.jws}}' \
                            > '${cfg.statePath}/config/secrets.yml'
        )
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@ -8,6 +8,8 @@ let
  dynamicHostsEnabled =
    cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {};

+  delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [];
+
  # /var/lib/misc is for dnsmasq.leases.
  stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";

@ -177,10 +179,11 @@ in {
      basePackages = mkOption {
        type = types.attrsOf types.package;
        default = { inherit (pkgs)
-                            networkmanager modemmanager wpa_supplicant crda
+                            networkmanager modemmanager crda
                            networkmanager-openvpn networkmanager-vpnc
                            networkmanager-openconnect networkmanager-fortisslvpn
-                            networkmanager-l2tp networkmanager-iodine; };
+                            networkmanager-l2tp networkmanager-iodine; }
+                  // optionalAttrs (!delegateWireless) { inherit (pkgs) wpa_supplicant; };
        internal = true;
      };

@ -377,8 +380,11 @@ in {
  config = mkIf cfg.enable {

    assertions = [
-      { assertion = config.networking.wireless.enable == false;
-        message = "You can not use networking.networkmanager with networking.wireless";
+      { assertion = config.networking.wireless.enable == true -> cfg.unmanaged != [];
+        message = ''
+          You can not use networking.networkmanager with networking.wireless.
+          Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager.
+        '';
      }
      { assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq");
        message = ''
@ -496,18 +502,17 @@ in {
      aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
    };

-    # Turn off NixOS' network management
-    networking = {
+    # Turn off NixOS' network management when networking is managed entirely by NetworkManager
+    networking = (mkIf (!delegateWireless) {
      useDHCP = false;
-      # use mkDefault to trigger the assertion about the conflict above
+      # Use mkDefault to trigger the assertion about the conflict above
      wireless.enable = mkDefault false;
-    };
+    }) // (mkIf cfg.enableStrongSwan {
+      networkmanager.packages = [ pkgs.networkmanager_strongswan ];
+    });

    security.polkit.extraConfig = polkitConf;

-    networking.networkmanager.packages =
-      mkIf cfg.enableStrongSwan [ pkgs.networkmanager_strongswan ];
-
    services.dbus.packages =
      optional cfg.enableStrongSwan pkgs.strongswanNM ++ cfg.packages;