movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2022-10-05 00:05:03 +00:00 committed by GitHub
commit d426366b62
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
315 changed files with 5179 additions and 2215 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/doc/manual/default.nix
View file

@ -63,6 +63,7 @@ let
};
documentType = "none";
variablelistId = "test-options-list";
optionIdPrefix = "test-opt-";
};
sources = lib.sourceFilesBySuffices ./. [".xml"];

4
nixos/doc/manual/development/running-nixos-tests-interactively.section.md
View file

@ -39,11 +39,11 @@ directory.
## Interactive-only test configuration {#sec-nixos-test-interactive-configuration}
The `.driverInteractive` attribute combines the regular test configuration with
definitions from the [`interactive` submodule](#opt-interactive). This gives you
definitions from the [`interactive` submodule](#test-opt-interactive). This gives you
a more usable, graphical, but slightly different configuration.
You can add your own interactive-only test configuration by adding extra
configuration to the [`interactive` submodule](#opt-interactive).
configuration to the [`interactive` submodule](#test-opt-interactive).
To interactively run only the regular configuration, build the `<test>.driver` attribute
instead, and call it with the flag `result/bin/nixos-test-driver --interactive`.

12
nixos/doc/manual/development/writing-nixos-tests.section.md
View file

@ -22,12 +22,12 @@ A NixOS test is a module that has the following structure:
```
We refer to the whole test above as a test module, whereas the values
in [`nodes.<name>`](#opt-nodes) are NixOS modules themselves.
in [`nodes.<name>`](#test-opt-nodes) are NixOS modules themselves.
The option [`testScript`](#opt-testScript) is a piece of Python code that executes the
The option [`testScript`](#test-opt-testScript) is a piece of Python code that executes the
test (described below). During the test, it will start one or more
virtual machines, the configuration of which is described by
the option [`nodes`](#opt-nodes).
the option [`nodes`](#test-opt-nodes).
An example of a single-node test is
[`login.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix).
@ -171,7 +171,7 @@ The following methods are available on machine objects:
least one will be returned.
::: {.note}
This requires [`enableOCR`](#opt-enableOCR) to be set to `true`.
This requires [`enableOCR`](#test-opt-enableOCR) to be set to `true`.
:::
`get_screen_text`
@ -180,7 +180,7 @@ The following methods are available on machine objects:
machine\'s screen using optical character recognition.
::: {.note}
This requires [`enableOCR`](#opt-enableOCR) to be set to `true`.
This requires [`enableOCR`](#test-opt-enableOCR) to be set to `true`.
:::
`send_monitor_command`
@ -291,7 +291,7 @@ The following methods are available on machine objects:
`get_screen_text` and `get_screen_text_variants`).
::: {.note}
This requires [`enableOCR`](#opt-enableOCR) to be set to `true`.
This requires [`enableOCR`](#test-opt-enableOCR) to be set to `true`.
:::
`wait_for_console_text`

4
nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml
View file

@ -44,14 +44,14 @@ $ ./result/bin/nixos-test-driver --keep-vm-state
<para>
The <literal>.driverInteractive</literal> attribute combines the
regular test configuration with definitions from the
<link linkend="opt-interactive"><literal>interactive</literal>
<link linkend="test-opt-interactive"><literal>interactive</literal>
submodule</link>. This gives you a more usable, graphical, but
slightly different configuration.
</para>
<para>
You can add your own interactive-only test configuration by adding
extra configuration to the
<link linkend="opt-interactive"><literal>interactive</literal>
<link linkend="test-opt-interactive"><literal>interactive</literal>
submodule</link>.
</para>
<para>

12
nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml
View file

@ -24,16 +24,16 @@
<para>
We refer to the whole test above as a test module, whereas the
values in
<link linkend="opt-nodes"><literal>nodes.&lt;name&gt;</literal></link>
<link linkend="test-opt-nodes"><literal>nodes.&lt;name&gt;</literal></link>
are NixOS modules themselves.
</para>
<para>
The option
<link linkend="opt-testScript"><literal>testScript</literal></link>
<link linkend="test-opt-testScript"><literal>testScript</literal></link>
is a piece of Python code that executes the test (described below).
During the test, it will start one or more virtual machines, the
configuration of which is described by the option
<link linkend="opt-nodes"><literal>nodes</literal></link>.
<link linkend="test-opt-nodes"><literal>nodes</literal></link>.
</para>
<para>
An example of a single-node test is
@ -263,7 +263,7 @@ start_all()
<note>
<para>
This requires
<link linkend="opt-enableOCR"><literal>enableOCR</literal></link>
<link linkend="test-opt-enableOCR"><literal>enableOCR</literal></link>
to be set to <literal>true</literal>.
</para>
</note>
@ -281,7 +281,7 @@ start_all()
<note>
<para>
This requires
<link linkend="opt-enableOCR"><literal>enableOCR</literal></link>
<link linkend="test-opt-enableOCR"><literal>enableOCR</literal></link>
to be set to <literal>true</literal>.
</para>
</note>
@ -522,7 +522,7 @@ start_all()
<note>
<para>
This requires
<link linkend="opt-enableOCR"><literal>enableOCR</literal></link>
<link linkend="test-opt-enableOCR"><literal>enableOCR</literal></link>
to be set to <literal>true</literal>.
</para>
</note>

7
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
View file

@ -194,6 +194,13 @@
<link linkend="opt-services.komga.enable">services.komga</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://tandoor.dev">Tandoor Recipes</link>,
a self-hosted multi-tenant recipe collection. Available as
<link xlink:href="options.html#opt-services.tandoor-recipes.enable">services.tandoor-recipes</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://hbase.apache.org/">HBase

2
nixos/doc/manual/release-notes/rl-2211.section.md
View file

@ -72,6 +72,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
- [Tandoor Recipes](https://tandoor.dev), a self-hosted multi-tenant recipe collection. Available as [services.tandoor-recipes](options.html#opt-services.tandoor-recipes.enable).
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
- [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable).

3
nixos/lib/make-options-doc/default.nix
View file

@ -26,6 +26,8 @@
# If you include more than one option list into a document, you need to
# provide different ids.
, variablelistId ? "configuration-variable-list"
# Strig to prefix to the option XML/HTML id attributes.
, optionIdPrefix ? "opt-"
, revision ? "" # Specify revision for the options
# a set of options the docs we are generating will be merged into, as if by recursiveUpdate.
# used to split the options doc build into a static part (nixos/modules) and a dynamic part
@ -183,6 +185,7 @@ in rec {
--stringparam documentType '${documentType}' \
--stringparam revision '${revision}' \
--stringparam variablelistId '${variablelistId}' \
--stringparam optionIdPrefix '${optionIdPrefix}' \
-o intermediate.xml ${./options-to-docbook.xsl} sorted.xml
${pkgs.libxslt.bin}/bin/xsltproc \
-o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml

3
nixos/lib/make-options-doc/options-to-docbook.xsl
View file

@ -15,6 +15,7 @@
<xsl:param name="documentType" />
<xsl:param name="program" />
<xsl:param name="variablelistId" />
<xsl:param name="optionIdPrefix" />
<xsl:template match="/expr/list">
@ -36,7 +37,7 @@
<xsl:attribute name="id" namespace="http://www.w3.org/XML/1998/namespace"><xsl:value-of select="$variablelistId"/></xsl:attribute>
<xsl:for-each select="attrs">
<xsl:variable name="id" select="
concat('opt-',
concat($optionIdPrefix,
translate(
attr[@name = 'name']/string/@value,
'*&lt; >[]:',

2
nixos/lib/qemu-common.nix
View file

@ -19,7 +19,7 @@ rec {
];
qemuSerialDevice =
if pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isRiscV then "ttyS0"
if with pkgs.stdenv.hostPlatform; isx86 || isMips64 || isRiscV then "ttyS0"
else if (with pkgs.stdenv.hostPlatform; isAarch || isPower) then "ttyAMA0"
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";

6
nixos/lib/testing/driver.nix
View file

@ -120,7 +120,7 @@ in
};
qemu.package = mkOption {
description = mdDoc "Which qemu package to use for the virtualisation of [{option}`nodes`](#opt-nodes).";
description = mdDoc "Which qemu package to use for the virtualisation of [{option}`nodes`](#test-opt-nodes).";
type = types.package;
default = hostPkgs.qemu_test;
defaultText = "hostPkgs.qemu_test";
@ -152,7 +152,7 @@ in
description = mdDoc ''
Extra arguments to pass to the test driver.
They become part of [{option}`driver`](#opt-driver) via `wrapProgram`.
They become part of [{option}`driver`](#test-opt-driver) via `wrapProgram`.
'';
type = types.listOf types.str;
default = [];
@ -172,7 +172,7 @@ in
description = mdDoc ''
Disable type checking. This must not be enabled for new NixOS tests.
This may speed up your iteration cycle, unless you're working on the [{option}`testScript`](#opt-testScript).
This may speed up your iteration cycle, unless you're working on the [{option}`testScript`](#test-opt-testScript).
'';
};
};

4
nixos/lib/testing/meta.nix
View file

@ -24,14 +24,14 @@ in
type = types.nullOr types.int;
default = null; # NOTE: null values are filtered out by `meta`.
description = mdDoc ''
The [{option}`test`](#opt-test)'s [`meta.timeout`](https://nixos.org/manual/nixpkgs/stable/#var-meta-timeout) in seconds.
The [{option}`test`](#test-opt-test)'s [`meta.timeout`](https://nixos.org/manual/nixpkgs/stable/#var-meta-timeout) in seconds.
'';
};
broken = lib.mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Sets the [`meta.broken`](https://nixos.org/manual/nixpkgs/stable/#var-meta-broken) attribute on the [{option}`test`](#opt-test) derivation.
Sets the [`meta.broken`](https://nixos.org/manual/nixpkgs/stable/#var-meta-broken) attribute on the [{option}`test`](#test-opt-test) derivation.
'';
};
};

2
nixos/lib/testing/name.nix
View file

@ -7,7 +7,7 @@ in
description = mdDoc ''
The name of the test.
This is used in the derivation names of the [{option}`driver`](#opt-driver) and [{option}`test`](#opt-test) runner.
This is used in the derivation names of the [{option}`driver`](#test-opt-driver) and [{option}`test`](#test-opt-test) runner.
'';
type = types.str;
};

8
nixos/lib/testing/nodes.nix
View file

@ -44,7 +44,7 @@ in
description = mdDoc ''
An attribute set of NixOS configuration modules.
The configurations are augmented by the [`defaults`](#opt-defaults) option.
The configurations are augmented by the [`defaults`](#test-opt-defaults) option.
They are assigned network addresses according to the `nixos/lib/testing/network.nix` module.
@ -54,7 +54,7 @@ in
defaults = mkOption {
description = mdDoc ''
NixOS configuration that is applied to all [{option}`nodes`](#opt-nodes).
NixOS configuration that is applied to all [{option}`nodes`](#test-opt-nodes).
'';
type = types.deferredModule;
default = { };
@ -62,7 +62,7 @@ in
extraBaseModules = mkOption {
description = mdDoc ''
NixOS configuration that, like [{option}`defaults`](#opt-defaults), is applied to all [{option}`nodes`](#opt-nodes) and can not be undone with [`specialisation.<name>.inheritParentConfig`](https://search.nixos.org/options?show=specialisation.%3Cname%3E.inheritParentConfig&from=0&size=50&sort=relevance&type=packages&query=specialisation).
NixOS configuration that, like [{option}`defaults`](#test-opt-defaults), is applied to all [{option}`nodes`](#test-opt-nodes) and can not be undone with [`specialisation.<name>.inheritParentConfig`](https://search.nixos.org/options?show=specialisation.%3Cname%3E.inheritParentConfig&from=0&size=50&sort=relevance&type=packages&query=specialisation).
'';
type = types.deferredModule;
default = { };
@ -82,7 +82,7 @@ in
type = types.bool;
default = false;
description = mdDoc ''
Enable to configure all [{option}`nodes`](#opt-nodes) to run with a minimal kernel.
Enable to configure all [{option}`nodes`](#test-opt-nodes) to run with a minimal kernel.
'';
};

2
nixos/modules/hardware/ckb-next.nix
View file

@ -48,6 +48,6 @@ in
};
meta = {
maintainers = with lib.maintainers; [ superherointj ];
maintainers = with lib.maintainers; [ ];
};
}

3
nixos/modules/module-list.nix
View file

@ -653,6 +653,7 @@
./services/misc/svnserve.nix
./services/misc/synergy.nix
./services/misc/sysprof.nix
./services/misc/tandoor-recipes.nix
./services/misc/taskserver
./services/misc/tiddlywiki.nix
./services/misc/tp-auto-kbbl.nix
@ -721,7 +722,7 @@
./services/network-filesystems/drbd.nix
./services/network-filesystems/glusterfs.nix
./services/network-filesystems/kbfs.nix
./services/network-filesystems/ipfs.nix
./services/network-filesystems/kubo.nix
./services/network-filesystems/litestream/default.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix

144
nixos/modules/services/misc/tandoor-recipes.nix Normal file
View file

@ -0,0 +1,144 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.tandoor-recipes;
pkg = cfg.package;
# SECRET_KEY through an env file
env = {
GUNICORN_CMD_ARGS = "--bind=${cfg.address}:${toString cfg.port}";
DEBUG = "0";
MEDIA_ROOT = "/var/lib/tandoor-recipes";
} // optionalAttrs (config.time.timeZone != null) {
TIMEZONE = config.time.timeZone;
} // (
lib.mapAttrs (_: toString) cfg.extraConfig
);
manage =
let
setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env);
in
pkgs.writeShellScript "manage" ''
${setupEnv}
exec ${pkg}/bin/tandoor-recipes "$@"
'';
in
{
meta.maintainers = with maintainers; [ ambroisie ];
options.services.tandoor-recipes = {
enable = mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc ''
Enable Tandoor Recipes.
When started, the Tandoor Recipes database is automatically created if
it doesn't exist and updated if the package has changed. Both tasks are
achieved by running a Django migration.
A script to manage the instance (by wrapping Django's manage.py) is linked to
`/var/lib/tandoor-recipes/tandoor-recipes-manage`.
'';
};
address = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Web interface address.";
};
port = mkOption {
type = types.port;
default = 8080;
description = lib.mdDoc "Web interface port.";
};
extraConfig = mkOption {
type = types.attrs;
default = { };
description = lib.mdDoc ''
Extra tandoor recipes config options.
See [the example dot-env file](https://raw.githubusercontent.com/vabene1111/recipes/master/.env.template)
for available options.
'';
example = {
ENABLE_SIGNUP = "1";
};
};
package = mkOption {
type = types.package;
default = pkgs.tandoor-recipes;
defaultText = literalExpression "pkgs.tandoor-recipes";
description = lib.mdDoc "The Tandoor Recipes package to use.";
};
};
config = mkIf cfg.enable {
systemd.services.tandoor-recipes = {
description = "Tandoor Recipes server";
serviceConfig = {
ExecStart = ''
${pkg.python.pkgs.gunicorn}/bin/gunicorn recipes.wsgi
'';
Restart = "on-failure";
User = "tandoor_recipes";
DynamicUser = true;
StateDirectory = "tandoor-recipes";
WorkingDirectory = "/var/lib/tandoor-recipes";
RuntimeDirectory = "tandoor-recipes";
BindReadOnlyPaths = [
"${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
builtins.storeDir
"-/etc/resolv.conf"
"-/etc/nsswitch.conf"
"-/etc/hosts"
"-/etc/localtime"
"-/run/postgresql"
];
CapabilityBoundingSet = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
# gunicorn needs setuid
SystemCallFilter = [ "@system-service" "~@privileged" "@resources" "@setuid" "@keyring" ];
UMask = "0066";
} // lib.optionalAttrs (cfg.port < 1024) {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
};
wantedBy = [ "multi-user.target" ];
preStart = ''
ln -sf ${manage} tandoor-recipes-manage
# Let django migrate the DB as needed
${pkg}/bin/tandoor-recipes migrate
'';
environment = env // {
PYTHONPATH = "${pkg.python.pkgs.makePythonPath pkg.propagatedBuildInputs}:${pkg}/lib/tandoor-recipes";
};
};
};
}

65
nixos/modules/services/network-filesystems/ipfs.nix → nixos/modules/services/network-filesystems/kubo.nix
View file

@ -1,9 +1,9 @@
{ config, lib, pkgs, utils, ... }:
with lib;
let
cfg = config.services.ipfs;
cfg = config.services.kubo;
ipfsFlags = utils.escapeSystemdExecArgs (
kuboFlags = utils.escapeSystemdExecArgs (
optional cfg.autoMount "--mount" ++
optional cfg.enableGC "--enable-gc" ++
optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false" ++
@ -50,27 +50,27 @@ in
options = {
services.ipfs = {
services.kubo = {
enable = mkEnableOption (lib.mdDoc "Interplanetary File System (WARNING: may cause severe network degredation)");
package = mkOption {
type = types.package;
default = pkgs.ipfs;
defaultText = literalExpression "pkgs.ipfs";
description = lib.mdDoc "Which IPFS package to use.";
default = pkgs.kubo;
defaultText = literalExpression "pkgs.kubo";
description = lib.mdDoc "Which Kubo package to use.";
};
user = mkOption {
type = types.str;
default = "ipfs";
description = lib.mdDoc "User under which the IPFS daemon runs";
description = lib.mdDoc "User under which the Kubo daemon runs";
};
group = mkOption {
type = types.str;
default = "ipfs";
description = lib.mdDoc "Group under which the IPFS daemon runs";
description = lib.mdDoc "Group under which the Kubo daemon runs";
};
dataDir = mkOption {
@ -84,7 +84,7 @@ in
then "/var/lib/ipfs"
else "/var/lib/ipfs/.ipfs"
'';
description = lib.mdDoc "The data dir for IPFS";
description = lib.mdDoc "The data dir for Kubo";
};
defaultMode = mkOption {
@ -96,13 +96,13 @@ in
autoMount = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether IPFS should try to mount /ipfs and /ipns at startup.";
description = lib.mdDoc "Whether Kubo should try to mount /ipfs and /ipns at startup.";
};
autoMigrate = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Whether IPFS should try to run the fs-repo-migration at startup.";
description = lib.mdDoc "Whether Kubo should try to run the fs-repo-migration at startup.";
};
ipfsMountDir = mkOption {
@ -126,7 +126,7 @@ in
apiAddress = mkOption {
type = types.str;
default = "/ip4/127.0.0.1/tcp/5001";
description = lib.mdDoc "Where IPFS exposes its API to";
description = lib.mdDoc "Where Kubo exposes its API to";
};
swarmAddress = mkOption {
@ -137,7 +137,7 @@ in
"/ip4/0.0.0.0/udp/4001/quic"
"/ip6/::/udp/4001/quic"
];
description = lib.mdDoc "Where IPFS listens for incoming p2p connections";
description = lib.mdDoc "Where Kubo listens for incoming p2p connections";
};
enableGC = mkOption {
@ -174,14 +174,14 @@ in
extraFlags = mkOption {
type = types.listOf types.str;
description = lib.mdDoc "Extra flags passed to the IPFS daemon";
description = lib.mdDoc "Extra flags passed to the Kubo daemon";
default = [ ];
};
localDiscovery = mkOption {
type = types.bool;
description = lib.mdDoc ''Whether to enable local discovery for the ipfs daemon.
This will allow ipfs to scan ports on your local network. Some hosting services will ban you if you do this.
description = lib.mdDoc ''Whether to enable local discovery for the Kubo daemon.
This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this.
'';
default = false;
};
@ -189,14 +189,14 @@ in
serviceFdlimit = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc "The fdlimit for the IPFS systemd unit or `null` to have the daemon attempt to manage it";
description = lib.mdDoc "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it";
example = 64 * 1024;
};
startWhenNeeded = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to use socket activation to start IPFS when needed.";
description = lib.mdDoc "Whether to use socket activation to start Kubo when needed.";
};
};
@ -223,7 +223,7 @@ in
uid = config.ids.uids.ipfs;
description = "IPFS daemon user";
packages = [
pkgs.ipfs-migrator
pkgs.kubo-migrator
];
};
};
@ -255,7 +255,7 @@ in
# After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open.
rm -vf "$IPFS_PATH/api"
'' + optionalString cfg.autoMigrate ''
${pkgs.ipfs-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y
${pkgs.kubo-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y
'' + ''
ipfs --offline config profile apply ${profile} >/dev/null
fi
@ -279,7 +279,7 @@ in
| ipfs --offline config replace -
'';
serviceConfig = {
ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${ipfsFlags}" ];
ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${kuboFlags}" ];
User = cfg.user;
Group = cfg.group;
StateDirectory = "";
@ -320,4 +320,27 @@ in
meta = {
maintainers = with lib.maintainers; [ Luflosi ];
};
imports = [
(mkRenamedOptionModule [ "services" "ipfs" "enable" ] [ "services" "kubo" "enable" ])
(mkRenamedOptionModule [ "services" "ipfs" "package" ] [ "services" "kubo" "package" ])
(mkRenamedOptionModule [ "services" "ipfs" "user" ] [ "services" "kubo" "user" ])
(mkRenamedOptionModule [ "services" "ipfs" "group" ] [ "services" "kubo" "group" ])
(mkRenamedOptionModule [ "services" "ipfs" "dataDir" ] [ "services" "kubo" "dataDir" ])
(mkRenamedOptionModule [ "services" "ipfs" "defaultMode" ] [ "services" "kubo" "defaultMode" ])
(mkRenamedOptionModule [ "services" "ipfs" "autoMount" ] [ "services" "kubo" "autoMount" ])
(mkRenamedOptionModule [ "services" "ipfs" "autoMigrate" ] [ "services" "kubo" "autoMigrate" ])
(mkRenamedOptionModule [ "services" "ipfs" "ipfsMountDir" ] [ "services" "kubo" "ipfsMountDir" ])
(mkRenamedOptionModule [ "services" "ipfs" "ipnsMountDir" ] [ "services" "kubo" "ipnsMountDir" ])
(mkRenamedOptionModule [ "services" "ipfs" "gatewayAddress" ] [ "services" "kubo" "gatewayAddress" ])
(mkRenamedOptionModule [ "services" "ipfs" "apiAddress" ] [ "services" "kubo" "apiAddress" ])
(mkRenamedOptionModule [ "services" "ipfs" "swarmAddress" ] [ "services" "kubo" "swarmAddress" ])
(mkRenamedOptionModule [ "services" "ipfs" "enableGC" ] [ "services" "kubo" "enableGC" ])
(mkRenamedOptionModule [ "services" "ipfs" "emptyRepo" ] [ "services" "kubo" "emptyRepo" ])
(mkRenamedOptionModule [ "services" "ipfs" "extraConfig" ] [ "services" "kubo" "extraConfig" ])
(mkRenamedOptionModule [ "services" "ipfs" "extraFlags" ] [ "services" "kubo" "extraFlags" ])
(mkRenamedOptionModule [ "services" "ipfs" "localDiscovery" ] [ "services" "kubo" "localDiscovery" ])
(mkRenamedOptionModule [ "services" "ipfs" "serviceFdlimit" ] [ "services" "kubo" "serviceFdlimit" ])
(mkRenamedOptionModule [ "services" "ipfs" "startWhenNeeded" ] [ "services" "kubo" "startWhenNeeded" ])
];
}

42
nixos/modules/services/x11/desktop-managers/gnome.nix
View file

@ -22,42 +22,14 @@ let
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
'';
nixos-background-ligtht = pkgs.nixos-artwork.wallpapers.simple-blue;
nixos-background-light = pkgs.nixos-artwork.wallpapers.simple-blue;
nixos-background-dark = pkgs.nixos-artwork.wallpapers.simple-dark-gray;
nixos-gsettings-desktop-schemas = let
defaultPackages = with pkgs; [ gsettings-desktop-schemas gnome.gnome-shell ];
in
pkgs.runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; }
''
mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
${concatMapStrings
(pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n")
(defaultPackages ++ cfg.extraGSettingsOverridePackages)}
cp -f ${pkgs.gnome.gnome-shell}/share/gsettings-schemas/*/glib-2.0/schemas/*.gschema.override $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
${optionalString flashbackEnabled ''
cp -f ${pkgs.gnome.gnome-flashback}/share/gsettings-schemas/*/glib-2.0/schemas/*.gschema.override $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
''}
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
[org.gnome.desktop.background]
picture-uri='file://${nixos-background-ligtht.gnomeFilePath}'
picture-uri-dark='file://${nixos-background-dark.gnomeFilePath}'
[org.gnome.desktop.screensaver]
picture-uri='file://${nixos-background-dark.gnomeFilePath}'
${cfg.favoriteAppsOverride}
${cfg.extraGSettingsOverrides}
EOF
${pkgs.glib.dev}/bin/glib-compile-schemas $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/
'';
# TODO: Having https://github.com/NixOS/nixpkgs/issues/54150 would supersede this
nixos-gsettings-desktop-schemas = pkgs.gnome.nixos-gsettings-overrides.override {
inherit (cfg) extraGSettingsOverrides extraGSettingsOverridePackages favoriteAppsOverride;
inherit flashbackEnabled nixos-background-dark nixos-background-light;
};
nixos-background-info = pkgs.writeTextFile rec {
name = "nixos-background-info";
@ -67,7 +39,7 @@ let
<wallpapers>
<wallpaper deleted="false">
<name>Blobs</name>
<filename>${nixos-background-ligtht.gnomeFilePath}</filename>
<filename>${nixos-background-light.gnomeFilePath}</filename>
<filename-dark>${nixos-background-dark.gnomeFilePath}</filename-dark>
<options>zoom</options>
<shade_type>solid</shade_type>

10
nixos/modules/services/x11/hardware/libinput.nix
View file

@ -156,6 +156,14 @@ let cfg = config.services.xserver.libinput;
'';
};
tappingButtonMap = mkOption {
type = types.nullOr (types.enum [ "lrm" "lmr" ]);
default = null;
description = lib.mdDoc ''
Set the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively.
'';
};
tappingDragLock = mkOption {
type = types.bool;
default = true;
@ -220,6 +228,7 @@ let cfg = config.services.xserver.libinput;
Option "HorizontalScrolling" "${xorgBool cfg.${deviceType}.horizontalScrolling}"
Option "SendEventsMode" "${cfg.${deviceType}.sendEventsMode}"
Option "Tapping" "${xorgBool cfg.${deviceType}.tapping}"
${optionalString (cfg.${deviceType}.tappingButtonMap != null) ''Option "TappingButtonMap" "${cfg.${deviceType}.tappingButtonMap}"''}
Option "TappingDragLock" "${xorgBool cfg.${deviceType}.tappingDragLock}"
Option "DisableWhileTyping" "${xorgBool cfg.${deviceType}.disableWhileTyping}"
${cfg.${deviceType}.additionalOptions}
@ -241,6 +250,7 @@ in {
"horizontalScrolling"
"sendEventsMode"
"tapping"
"tappingButtonMap"
"tappingDragLock"
"transformationMatrix"
"disableWhileTyping"

4
nixos/modules/system/boot/systemd.nix
View file

@ -328,8 +328,8 @@ in
type = types.lines;
example = "DefaultLimitCORE=infinity";
description = lib.mdDoc ''
Extra config options for systemd. See man systemd-system.conf for
available options.
Extra config options for systemd. See systemd-system.conf(5) man page
for available options.
'';
};

3
nixos/tests/all-tests.nix
View file

@ -284,7 +284,6 @@ in {
installer-systemd-stage-1 = handleTest ./installer-systemd-stage-1.nix {};
invoiceplane = handleTest ./invoiceplane.nix {};
iodine = handleTest ./iodine.nix {};
ipfs = handleTest ./ipfs.nix {};
ipv6 = handleTest ./ipv6.nix {};
iscsi-multipath-root = handleTest ./iscsi-multipath-root.nix {};
iscsi-root = handleTest ./iscsi-root.nix {};
@ -317,6 +316,7 @@ in {
ksm = handleTest ./ksm.nix {};
kthxbye = handleTest ./kthxbye.nix {};
kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {};
kubo = handleTest ./kubo.nix {};
ladybird = handleTest ./ladybird.nix {};
languagetool = handleTest ./languagetool.nix {};
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
@ -614,6 +614,7 @@ in {
systemd-shutdown = handleTest ./systemd-shutdown.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-misc = handleTest ./systemd-misc.nix {};
tandoor-recipes = handleTest ./tandoor-recipes.nix {};
taskserver = handleTest ./taskserver.nix {};
teeworlds = handleTest ./teeworlds.nix {};
telegraf = handleTest ./telegraf.nix {};

25
nixos/tests/k3s/multi-node.nix
View file

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, ... }:
import ../make-test-python.nix ({ pkgs, lib, ... }:
let
imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env";
@ -54,7 +54,15 @@ import ../make-test-python.nix ({ pkgs, ... }:
role = "server";
package = pkgs.k3s;
clusterInit = true;
extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local --node-ip 192.168.1.1";
extraFlags = ''
--disable coredns \
--disable local-storage \
--disable metrics-server \
--disable servicelb \
--disable traefik \
--node-ip 192.168.1.1 \
--pause-image test.local/pause:local
'';
};
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
@ -76,7 +84,15 @@ import ../make-test-python.nix ({ pkgs, ... }:
enable = true;
serverAddr = "https://192.168.1.1:6443";
clusterInit = false;
extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local --node-ip 192.168.1.3";
extraFlags = ''
--disable coredns \
--disable local-storage \
--disable metrics-server \
--disable servicelb \
--disable traefik \
--node-ip 192.168.1.3 \
--pause-image test.local/pause:local
'';
};
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
@ -123,7 +139,8 @@ import ../make-test-python.nix ({ pkgs, ... }:
server.wait_until_succeeds("k3s kubectl get node agent")
for m in machines:
m.succeed("k3s check-config")
'' # Fix-Me: Tests fail for 'aarch64-linux' as: "CONFIG_CGROUP_FREEZER: missing (fail)"
+ lib.optionalString (!pkgs.stdenv.isAarch64) ''m.succeed("k3s check-config")'' + ''
m.succeed(
"${pauseImage} | k3s ctr image import -"
)

15
nixos/tests/k3s/single-node.nix
View file

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, ... }:
import ../make-test-python.nix ({ pkgs, lib, ... }:
let
imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env";
@ -40,7 +40,15 @@ import ../make-test-python.nix ({ pkgs, ... }:
services.k3s.role = "server";
services.k3s.package = pkgs.k3s;
# Slightly reduce resource usage
services.k3s.extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local";
services.k3s.extraFlags = ''
--disable coredns \
--disable local-storage \
--disable metrics-server \
--disable servicelb \
--disable traefik \
--pause-image \
test.local/pause:local
'';
users.users = {
noprivs = {
@ -57,7 +65,8 @@ import ../make-test-python.nix ({ pkgs, ... }:
machine.wait_for_unit("k3s")
machine.succeed("k3s kubectl cluster-info")
machine.fail("sudo -u noprivs k3s kubectl cluster-info")
machine.succeed("k3s check-config")
'' # Fix-Me: Tests fail for 'aarch64-linux' as: "CONFIG_CGROUP_FREEZER: missing (fail)"
+ lib.optionalString (!pkgs.stdenv.isAarch64) ''machine.succeed("k3s check-config")'' + ''
machine.succeed(
"${pauseImage} | k3s ctr image import -"

6
nixos/tests/ipfs.nix → nixos/tests/kubo.nix
View file

@ -1,11 +1,11 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "ipfs";
name = "kubo";
meta = with pkgs.lib.maintainers; {
maintainers = [ mguentner ];
};
nodes.machine = { ... }: {
services.ipfs = {
services.kubo = {
enable = true;
# Also will add a unix domain socket socket API address, see module.
startWhenNeeded = true;
@ -15,7 +15,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
};
nodes.fuse = { ... }: {
services.ipfs = {
services.kubo = {
enable = true;
apiAddress = "/ip4/127.0.0.1/tcp/2324";
autoMount = true;

43
nixos/tests/tandoor-recipes.nix Normal file
View file

@ -0,0 +1,43 @@
import ./make-test-python.nix ({ lib, ... }: {
name = "tandoor-recipes";
meta.maintainers = with lib.maintainers; [ ambroisie ];
nodes.machine = { pkgs, ... }: {
# Setup using Postgres
services.tandoor-recipes = {
enable = true;
extraConfig = {
DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "/run/postgresql";
POSTGRES_USER = "tandoor_recipes";
POSTGRES_DB = "tandoor_recipes";
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "tandoor_recipes" ];
ensureUsers = [
{
name = "tandoor_recipes";
ensurePermissions."DATABASE tandoor_recipes" = "ALL PRIVILEGES";
}
];
};
systemd.services = {
tandoor-recipes = {
after = [ "postgresql.service" ];
};
};
};
testScript = ''
machine.wait_for_unit("tandoor-recipes.service")
with subtest("Web interface gets ready"):
# Wait until server accepts connections
machine.wait_until_succeeds("curl -fs localhost:8080")
'';
})