I'm merging this without review, since the tests run by ofborg are
succeeding. In addition to that, it's fixing a currently broken test so
the worst that could happen is that the test still does not work.
- Use `runTest` instead of `handleTest`, which simplifies the code a little
- Use `lib.maintainers` instead of `pkgs.lib.maintainers`
- Remove unused function argument `pkgs`
- Change test name in the kernel module from `test` to `apfs`, since that seems to be a common pattern for the name
The test fails because the way the configuration switch was implemented
back then was by using a dummy configuration and simply activating that
dummy configuration from within the test script.
Nowadays, this doesn't work anymore and fails to typecheck because the
dummy "newServer" will inherit the same value for networking.hostName,
which in turn will generate two attributes for "server":
> testScriptWithTypes:43: error: Name "server" already defined on line 43
> [no-redef]
> client1: Machine; client2: Machine; server: Machine; server: Machine;
Fortunately, we don't need to do workarounds like this anymore and there
is the "specialisation" option, which allows to do this in a less ugly
way (and it also works with mypy).
Signed-off-by: aszlig <aszlig@nix.build>
This allows us to drop our fsck-look-for-fsck-binary-not-just-in-
sbin.patch, as it was upstreamed.
We also manually backport https://github.com/systemd/systemd/pull/27856 as
it didn't get backported and without it we can't merge this PR as
systemd-boot-builder.py will remain broken and make it impossible to do upgrade
to NixOS 23.05 in some scenarios
Changelog:
```
991158e8b9 (hwdb: update to 2533fdd0fbe71e4a3fa7a2cca9830cd864fb9136, 2023-06-01)
d1087bc599 (test-network: add tests for vlan QoS mapping, 2023-05-24)
7ed7b07a92 (network/vlan: paranoia about type safety, 2023-05-24)
b20bc7c1ff (network/vlan: drop unnecessary restriction for QoS mapping, 2023-05-24)
dbf50f1911 (udev: do not set ID_PATH and by-path symlink for nvmf disks, 2023-05-10)
75d4967502 (journalctl: fix --no-tail handling, 2023-05-04)
f1ea9cd55e (journalctl: use correct variable to check if --since is specified, 2023-05-04)
0227947bab (test/README: fix advice for testsuite debugging, 2023-05-29)
3222272c46 (test-fstab-generator: fix test on systemd with systemd-boot, 2023-05-30)
23b7bf3d01 (home: move the assert back to the intended place, 2023-05-29)
901f0f0ac1 (resolvectl: drop extra colon, 2023-05-28)
5f3ca32d0c (basic/syscall: update syscall list, 2023-05-29)
375e6be16c (tree-wide: Downgrade a few more noisy log messages to trace, 2023-05-27)
3f5f7e5f30 (journal-remote: bump the refcount right after creating the writer object, 2023-05-25)
4810e789ad (man: fix UKI filename suffix in 'tries' description, 2023-05-26)
2e10f8874a (units: Shut down networkd and resolved on switch-root, 2023-05-25)
9dde31ac74 (resolve: avoid memory leak from a partially processed RR, 2023-05-23)
b1663b8333 (sd-journal: avoid double-free, 2023-05-23)
aa48ecb0a6 (core/timer: Always use inactive_exit_timestamp if it is set, 2023-05-23)
ac380e43a4 (core: Do not check child freezability when thawing slice, 2023-05-23)
53bc78d3e0 (tree-wide: Fix false positives on newer gcc, 2023-05-23)
58c1816aa4 (json: correctly handle magic strings when parsing variant strv, 2023-05-23)
fbb2c5ab19 (sysusers: fix argument confusion in error message, 2022-10-13)
e5520ab28f (sysusers: add usual "ret_" prefix, fix messages, 2022-10-13)
286ce2be44 (man: extend description of --boot, 2022-10-09)
7394a75688 (sd-bus: refuse to send messages with an invalid string, 2023-05-19)
ae83e97a51 (core/service: when resetting PID also reset known flag, 2023-05-22)
f0bb967388 (shared: correctly propagate possible allocation errors, 2023-05-21)
318c9d5fec (wait-online: downgrade log level of failure that interface is removed or unmanaged during processing it, 2023-05-22)
1a0f2c5c57 (boot: Read files in small chunks on broken firmware, 2023-01-05)
eeaf884f5b (cryptenroll: update log messages, 2023-05-20)
debce7c184 (test: check if we can use --merge with --follow, 2023-05-19)
3cf401e3e3 (manager: restrict Dump*() to privileged callers or ratelimit, 2023-04-27)
6ca461fe29 (ratelimit: add ratelimit_left helper, 2023-04-28)
604d132fde (journalctl: make --follow work with --merge again, 2023-05-19)
6a4c05c615 (test: make the stress test slightly less stressful on slower machines, 2023-05-19)
a08cb80451 (core/device: downgrade error when units specified in SYSTEMD_WANTS= not found, 2023-05-19)
eb5dad0a72 (unit: add conditions and deps to make oomd.socket and .service consistent, 2023-05-19)
c756ffea57 (oomd: shorten message, 2023-05-18)
a3e5eb5606 (sd-bus,sd-event: allow querying of description even after fork, 2023-05-18)
e91557a1e0 (sd-bus: do not assert if bus description is not set, 2023-05-18)
93b3bd12ac (test: don't mount /sys & /proc if already mounted, 2023-05-18)
c51273941d (nspawn: make the error message less confusing, 2023-05-18)
e85daabd3e (Revert (partially) "man: Clarify when OnFailure= activates after restarts (#7646)", 2023-05-17)
3e286a7b2e (man/tmpfiles: fix off-by-one in example, 2023-05-17)
cb6641bde3 (man: explain allowed values for /sys/power/{disk,state}, 2023-05-17)
65bf6c5a8f (man: say that ProtectClock= also affects reads, 2023-05-17)
13c8807360 (man: fixes for assorted issues reported by the manpage-l10n project, 2023-05-17)
1809fff392 (nspawn: make sure the device type survives when setting device mode, 2023-05-16)
b8ed81660f (nspawn: fix a global-buffer-overflow, 2023-05-15)
756e77b936 (nspawn: fix inverted condition, 2023-05-15)
c7861222ba (nspawn: call json_dispatch() with a correct pointer, 2023-05-15)
6f577f5d92 (nspawn: use the just returned errno in the log message, 2023-05-15)
9a7c6ed568 (nspawn: avoid NULL pointer dereference, 2023-05-16)
17c7b07c67 (nspawn: file system namespace -> mount namespace, 2023-05-15)
b13e836315 (nspawn: fix a typo in an error message, 2023-05-15)
d88225ef44 (busctl: set a description for the bus connection, 2023-05-05)
29115ef32e (man: indicate that the JOB parameter to "systemctl cancel" is optional, 2023-05-16)
051f86ae0e (meson: fix description for link-udev-shared option, 2023-05-16)
85ba46539f (man: use correct name for --bank option, 2023-05-15)
d7e75c7315 (machine,portable: fix a typo in an info message, 2023-05-12)
4d29f741c8 (machine: fix a memory leak when showing multiple machines, 2023-05-12)
e6a719598c (machine: fix a memory leak when showing multiple images, 2023-05-12)
ea221dc685 (fstab-generator: Fix log message, 2023-05-10)
4c3b06f255 (test: test O_CLOEXEC filtering of fdset fill logic, 2023-05-30)
88bf6b5815 (pid1: when taking possession of passed fds check O_CLOEXEC state first, 2023-05-30)
0d8372b450 (repart: Create temporary root directory using var_tmp_dir(), 2023-02-14)
aedfe41cda (cryptenroll: actually allow using multiple "special" strings when wiping, 2023-05-10)
f59ce1aa7b (core: fix use of uninitialized value, 2023-05-04)
3f5db0dbc1 (sd-journal: check .next_entry_array_offset earlier, 2023-05-03)
0baac8e60e (tree-wide: drop _pure_ attribute from non-pure functions, 2023-05-10)
4984f70db5 (dirent: conditionalize dirent assert based on dirent64 existence, 2023-05-10)
5fcbda8b5e (network/tc: rename settings in log messages too, 2023-05-10)
59dccdfddb (sd-bus: bus_message_type_from_string is not pure, 2023-05-10)
133d4ff6d6 (cryptenroll: fix an assertion with weak passwords, 2023-05-09)
c937b8f9de (units: Add CAP_NET_ADMIN condition to systemd-networkd-wait-online@.service as well, 2023-05-07)
60af5019fb (units: add/fix Documentation= about bus interface, 2023-05-09)
53f7e5f18f (core/service: fix error cause in the log, 2023-05-09)
951c27ce14 (shell completion: add timesync-status and show-timesync to zsh completion file (#27574), 2023-05-08)
32831842ba (doc: remove legacy DefaultControlGroup from dbus properties, 2023-05-08)
c31e2fa9c7 (zsh: add service-log-{level,target} completions for systemctl, 2023-05-07)
011a686a23 (test_ukify: fix loop iteration, 2023-04-21)
927d234406 (hwdb: do not include '#' in modalias, 2023-05-06)
b1a7a15ed2 (core: check the unit type more thoroughly when deserializing, 2023-05-04)
154b108513 (shared: refuse fd == INT_MAX, 2023-05-04)
a25605d01d (zsh: remove usage of PREFIX in _systemctl, 2023-05-05)
4be604e75a (basic/audit-util: make a test request before enabling use of audit, 2023-05-02)
4b4285e231 (main: add missing return, 2023-05-05)
ce096b0212 (shared: reject empty attachment path, 2023-05-02)
6027fbf1af (shared: ignore invalid valink socket fd when deserializing, 2023-05-02)
d649128268 (core: fix NULL pointer dereference during deserialization, 2023-05-02)
6ae77d6b99 (boot: Use correct memory type for allocations, 2023-05-02)
de0cbaceb7 (core: check for SERVICE_RELOAD_NOTIFY in manager_dbus_is_running, 2023-05-02)
5ed087fa46 (generators: skip private tmpfs if /tmp does not exist, 2023-04-30)
93143b6d6a (test: replace sleep with timeout, 2023-05-02)
881382685e (test-network: add workaround for bug in iproute2 v6.2.0, 2023-05-02)
abf9e916ad (coredumpctl: add --file/--root/--image to bash completion, 2023-04-25)
dd349a0ede (coredumpctl: fix bash completion matching, 2023-04-25)
120342b62d (test: match all messages with the FILE field, 2023-04-29)
e0da5c9bc6 (test: add tests for "systemctl stop" vs triggering by path unit, 2023-04-29)
c1542a967b (test: create temporary units under /run, 2023-04-29)
03f2a8921e (core/path: do not enqueue new job in .trigger_notify callback, 2023-04-29)
674591e6af (core/path: align table, 2023-04-29)
0413fb7de9 (test: add a couple of tests for systemd-pstore, 2023-04-27)
de41e55c7d (pstore: avoid opening the dmesg.txt file if not requested, 2023-04-28)
37c212dbd7 (pstore: explicitly set the base when converting record ID, 2023-04-28)
daee48adbb (test: dont use anchor char '$' to match a part of a string, 2023-04-27)
53ac14a054 (core/transaction: use hashmap_remove_value() to make not remove job with same ID, 2023-04-26)
0258760397 (resolved: adjust message about credentials, 2023-04-25)
8f19911bc3 (fuzz-journal-remote: fix potential fd-leak, 2023-03-18)
df1e479d4e (fuzz-journal-remote: remove temporary files on exit, 2023-03-18)
0d745e2de3 (hwdb: update to 46b8c3f5b297ac034f2d024c1f3d84ad2c17f410, 2023-04-30)
df9d1d9bb2 (sd-journal: make journal_file_copy_entry() return earlier, 2023-04-26)
3bc2553cfc (sd-journal: copy boot ID, 2023-04-26)
45b045880c (sd-journal: tighten variable scope, 2023-04-26)
3821e3ea07 (journal: Don't try to write garbage if journal entry is corrupted, 2023-04-26)
4eedc4711a (test: add test case of negative match for SYMLINK and TAG, 2023-04-25)
cd795f9abc (udev-rules: fix negative match rule for SYMLINK and TAG, 2023-04-25)
a25e2ef992 (core: fix property getter method for NFileDescriptorStore bus property, 2023-04-12)
eec30e3143 (repart: always take BSD lock when whole block device is opened, 2023-04-13)
50ab96e442 (bootctl: clean up handling of files with no version information, 2023-03-30)
9d97c8d423 (mkosi: disable centos 8 build, 2023-04-26)
c603dae241 (mkosi: disable key check for Fedora builds, 2023-04-26)
724a50fb01 (mkfs-util: do not pass -quiet to mksquashfs, 2023-04-27)
43d194392f (test: use setpriv instead of su for user switch from root, 2023-03-14)
ba683eb48c (test: wrap mkfs.*/mksquashfs/mkswap binaries when running w/ ASan, 2023-03-16)
fdcd1807ff (test: bump the D-Bus related timeouts to 120s, 2023-03-09)
4f8b2abf69 (coredump filter: add mask for 'all' using UINT32_MAX, not UINT64_MAX, 2023-04-26)
021bb972ff (coredump filter: fix stack overflow with =all, 2023-04-26)
3fd444c048 (build(deps): bump github/super-linter from 4.9.7 to 4.10.1, 2023-04-01)
a19396c73b (cryptenroll: fix a memory leak, 2023-03-27)
083ede1482 (test: tell dfuzzer to skip Reexecute(), 2023-04-26)
ae12c1380b (portablectl: add --extension to bash completion, 2023-04-25)
b1ecfe3fe7 (man: /usr/lib/systemd/random-seed -> /usr/lib/systemd/systemd-random-seed, 2023-04-25)
8895ccaaa8 (cryptsetup-fido2: Depend on libcryptsetup, 2023-04-24)
c6e957d02d (test: use idiomatic bash loop iteration, 2023-04-07)
26e181e94e (testsuite-54: drop unnecessary pipe, 2023-04-05)
d2c738341b (testsuite-70: drop unnecessary env, 2023-04-05)
f3abd451dd (test: drop uses of "&& { echo 'unexpected success'; exit 1; }", 2023-04-05)
59243061f6 (man: fix LogControl1 manpage example, 2023-04-24)
04983c2b00 (pam: cache sd-bus separately per module, 2023-04-16)
0045d952b5 (pam_systemd_home: clean up sd-bus when called about something else's user, 2023-04-20)
c50ec75e1e (testsuite-04: remove unnecessary conditional, 2023-04-04)
5a8987794e (man: clarify sd_bus_default, 2023-04-22)
b9af9a320e (man: add working example to LogControl1 manpage, 2023-04-21)
4d2b5338ac (detect-virt: add message at debug level, 2023-04-20)
749a6d9959 (dissect: let's check for crypto_LUKS before fstype allowlist check, 2023-04-20)
1aa6171081 (ratelimit: handle counter overflows somewhat sanely, 2023-04-20)
5ff63b8507 (man: try to make clearer that /var/ is generally not available in /usr/lib/systemd/system-shutdown/ callouts, 2023-04-20)
2be23f69ee (dissect-image: issue BLKFLSBUF before probing an fs at block device offset != 0, 2023-04-20)
7b437659b1 (list: fix double evaluation, 2023-04-20)
ffbb75aa46 (mountpoint-util: check /proc is mounted on failure, 2023-04-17)
14eb49b5eb (test: prefix the transient unit with test- to make coverage runs happy, 2023-04-18)
980954d2cf (kmod-setup: bypass heavy virtio-rng check if we are not running in a VM anyway, 2023-04-18)
567a1a6fd8 (kmod-setup: use STARTSWITH_SET() where appropriate, 2023-04-18)
d37f06f96f (creds: make available to all ExecStartPre= and ExecStart= processes, 2023-04-15)
d15f907b5b (user-util:remove duplicate includes, 2023-04-17)
cedea4cb7e (virt: Further improve detection of EC2 metal instances, 2023-04-13)
826662680b (string-util: add strstrafter(), 2023-04-14)
ac721c88af (test: add a couple of tests with invalid UTF-8 characters, 2023-04-15)
9c8d8719e4 (test: add a simple test for getenv_path_list(), 2023-04-15)
a9c73150ac (test: add a couple of basic sanity tests for the security verb, 2023-04-15)
06a70861bc (test: add a couple of basic sanity tests for timedatectl, 2023-04-15)
def6c37a19 (shared: add a missing include, 2023-04-15)
79e23f618f (test: add tests for uuid/uint64 specifiers, 2023-04-15)
3ee1839c19 (fsck: look for fsck binary not just in /sbin, 2023-04-13)
eab75a8591 (test: stop the test unit when it's not needed anymore, 2023-04-14)
f86ec34958 (Synposis and description of networkctl man page reflecting only part of its functionality (#27264), 2023-04-13)
fffcebc4bb (core/main: fix a typo for --log-target, 2023-04-13)
f152cdabae (test: add some tests for RuntimeMaxSec, 2023-04-13)
999f48558b (scope: do not disable timer event source when state is SCOPE_RUNNING, 2023-04-04)
430861fc96 (Fix cross-reference of manual for LogsDirectory, 2023-04-12)
91953109ec (pid1: fix coredump_filter setting, 2023-04-12)
fa8d33bb37 (Uphold/StopWhenUnneeded/BindsTo: requeue when job finishes, 2023-04-12)
6fc08d8407 (Uphold/StopWhenUnneeded/BindsTo: add retry timer on rate limit, 2023-04-12)
1fb4ae32b0 (man: add util-linux to the package list for Fedora container, 2023-04-12)
841146f243 (man: link to Fedora 37, 2023-04-12)
465edc1230 (systemctl: suppress error for try-* if unit is masked, 2023-04-04)
7102925d1a (ci: drop checkout from release workflow, 2023-04-11)
167c01688f (ci: don't run release wf on `systemd-security`, 2023-04-11)
bda5c892a8 (shell-completion: add --xml-interface option of busctl to the rules, 2023-04-11)
6265430ca9 (busctl: add --xml-interface to the help message, 2023-04-11)
d26fd71d1a (test: update description, 2023-04-11)
35a6460a2f (test: systemd-analyze blame should succeed now, 2023-04-10)
ef10974c66 (analyze: make blame command work even the default target not reached, 2023-04-10)
dc2facf61d (ci: add permissions to make a release, 2023-04-03)
4c65c644d6 (test/test-functions: fix typo in install_suse_systemd(), 2023-04-04)
fca5a45a59 (test: install symlinks with valid targets on SUSE and Debian, 2023-03-24)
d18037b8ff (localed: fix invalid free after shifting pointers using strstrip, 2023-04-07)
93ac024b7e (test: bump the timeout for non-qemu runs to 90s, 2023-04-07)
283b7b4159 (test: enable the systemd-resolved unit in TEST-75, 2023-04-07)
6179141124 (man/systemd-mount: Clearify documentation about --bind-device, 2023-04-05)
b2e1dabbeb (resolve: change DNS_PACKET_UNICAST_SIZE_LARGE_MAX to 1232 (#27171), 2023-04-07)
16dc17d68c (man: netdev: Clarify wireguard IPv6 endpoint format, 2023-04-07)
0558c490a6 (test: use kbd-mode-map we ship in TEST-73-LOCALE, 2023-04-05)
64ef6ccd4f (ci: do one build with no tpm/p11kit/fido2, 2023-04-04)
018461aaf0 (man: mention -o option for systemd-journal-remote, 2023-04-05)
31c7f6d0d1 (manager: remove transient unit directory during startup, 2023-04-04)
49c6965946 (core: a more informative error when SetProperties/StartTransientUnit fails, 2023-04-02)
649e335bc1 (journald: fix log message, 2023-04-04)
eda7bf237f (Added unit test for strv_env_name_is_valid() function listed in env-util.c (#27100), 2023-04-02)
0430078cfb (man: restore description of ConditionControlGroupController=v1|v2, 2023-03-31)
0d9c2c270b (test: set ReadWritePaths= for test-.services when built w/ coverage, 2023-03-31)
384fec2622 (core: skip deps on oomd if v2 or memory unavailable, 2023-03-31)
2950b4ebf6 (test: fixed negative checks in TEST-70-TPM2. Use in-line error handling rather than redirections. Follow up on #27020, 2023-03-30)
786649c904 (test: make make_addresses() actually return the addresses, 2023-03-30)
5e3ac73017 (coverage: add a wrapper for execveat(), 2023-03-30)
8b1cc644c5 (man: add example for sd_bus_call_method, 2023-03-30)
382e53977c (man: further shorten print-unit-path example, 2023-03-29)
960f05945c (man: link up new online coredump docs from man page, 2023-03-30)
edfca36727 (tree-wide: reset optind to 0 when GNU extensions in optstring are used, 2023-03-21)
91ff21962d (test-kernel-install: several cleanups, 2023-03-28)
9943f2af3d (units: let's establish the coredump socket before writting core_pattern sysctl, 2023-03-29)
dbb1b9c2c8 (test: do not remove state directory on failure, 2023-03-29)
29cfb05183 (test: fix shellcheck warnings in test-sysusers.sh, 2023-03-29)
18afac6e90 (man: fix shellcheck warning for html.in, 2023-03-29)
4629419038 (added more test cases, 2023-03-27)
05ae9e276c (test: fix regexp in testsuite-74.mount.sh, 2023-03-28)
295012f7fa (test: drop extraneous bracket in testsuite-74.mount.sh, 2023-03-28)
ff7040b193 (busctl: also assume --full if not writing to terminal, 2023-03-28)
00977a8e74 (busctl: use size_t for set size, 2023-03-28)
802fded9a5 (busctl: do not truncate property values when --full, 2023-03-28)
e400a62a92 (oomd: add inline comments with param names, 2023-03-21)
4067ec52f4 (test: add more testcases for rm_rf(), 2023-03-19)
201830df21 (rm-rf: also chmod() directory if it cannot be opened, 2023-03-19)
d91f7eb0fb (rm-rf: mask file mode with 07777 when passed to chmod(), 2023-03-19)
80417f90b0 (rm-rf: fix errno handling, 2023-03-18)
```
Co-authored-by: Arian van Putten <arian.vanputten@gmail.com>
* Update Cargo.lock from upstream.
* Adapt expression to upstream source tree layout changes.
* Apply patch to restore x86_64 v1 support
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
Also updates the NixOS test:
* Stop kanidm to recover the idm_admin account
* Group all tests into subtest blocks
* Add TODO to wait for unix socket on unixd for the next release
Co-Authored-By: Raito Bezarius <masterancpp@gmail.com>
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.
Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.
It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.
An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.
Finally, the tests covers:
- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
(sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;
In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.
For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
Adds a new option to the virtualisation modules that enables specifying explicitly named network interfaces in QEMU VMs.
The existing `virtualisation.vlans` option is still supported for cases where the name of the network interface is irrelevant.
Libvirt support calling user defined hooks on certains events.
Documentation can be found https://libvirt.org/hooks.html.
This commit allow specifying these hooks via the
virtualisation.libvirtd.hooks.<name>.* options
it is now possible to supply a stratis pool uuid
for every filesystem, and if that filesystem
is required for boot, the relevant pool will be
started in the initramfs.
Enable using an erofs filesystem as one of the filesystems needed to
boot the system. This is useful for example in image based deployments
where the Nix store is mounted read only.
[erofs](https://docs.kernel.org/filesystems/erofs.html) offers multiple
benefits over older filesystems like squashfs. Skip fsck.erofs because
it is still experimental.
Calling `eval-config.nix` without a `system` from a Nix flake fails with
`error: attribute 'currentSystem' missing` since #230523. Setting
`system = null` removes the use of `currentSystem` and instead uses the
value from the `nixpkgs` module.
This speeds up evaluation by a factor 2.
Ballpark figures from my machine:
```
$ time nix-build nixos/release.nix -A tests.acme
/nix/store/q4fxp55k64clcarsx8xc8f6s10szlfvz-vm-test-run-acme
/nix/store/lnfqg051sxx05hclva84bcbnjfc71c8x-vm-test-run-acme
real 1m28.142s
user 1m7.474s
sys 0m7.932s
$ time nix-build nixos/release.nix -A tests.acme
/nix/store/q4fxp55k64clcarsx8xc8f6s10szlfvz-vm-test-run-acme
/nix/store/lnfqg051sxx05hclva84bcbnjfc71c8x-vm-test-run-acme
real 0m38.235s
user 0m33.814s
sys 0m2.283s
```
For this round of ZHF: #230712
Failing Hydra build: https://hydra.nixos.org/build/219234565
Not sure why this a problem now and not in the past, but routes to
the corresponding `/24`-subnet are only configured if addresses are
specified with the correct CIDR.
Fail pattern:
1. Unsuspecting `qemu-kvm` notice:
```
server # qemu-kvm: at most 2047 MB RAM can be simulated
```
2. Hard fail
```
self.shell.send(out_command.encode())
BrokenPipeError: [Errno 32] Broken pipe
```
(Took me a while to consider those lines are related)
Fail pattern:
1. Unsuspecting `qemu-kvm` notice:
```
server # qemu-kvm: at most 2047 MB RAM can be simulated
```
2. Hard fail
```
self.shell.send(out_command.encode())
BrokenPipeError: [Errno 32] Broken pipe
```
(Took me a while to consider those lines are related)
the non-networkd backend does not wait for slaac to finish (ie, ipv6
addresses coming out of tentative state), and that breaks the mosquitto
bind_interface test slightly. if slaac takes too long the test will run
into mosquitto restart limits and fail.
Because llvmPackages_latest is used in Nixpkgs, by quite a few
packages, it's difficult to keep it up to date, because updating it
requires some level of confidence that every package that uses it is
going to keep working after the update. The result of this is that
llvmPackages_latest is not updated, and so we end up in the situation
that "latest" is two versions older than the latest version we
actually provide. This is confusing and unexpected.
"But won't this end up fragmenting our LLVM versions, if every package
previously using _latest is separately pinned to LLVM 14?", I hear you
ask. No. That fragmentation is already happening, even with an
llvmPackages_latest, because packages that actually require the
_latest_ version of LLVM (15/16), have already been decoupled from
llvmPackages_latest since it hasn't been upgraded. So like it or not,
we can't escape packages depending on specific recent LLVMs. The only
real fix is to get better at keeping the default LLVM up to
date (which I'm reasonably confident we're getting into a better
position to be feasibly better able to do).
So, unless we want to double down on providing a confusingly named
"llvmPackages_latest" attribute that refers to some arbitrary LLVM
version that's probably not the latest one (or even the latest one
available in Nixpkgs), we only have two options here: either we don't
provide such an attribute at all, or we don't use it in Nixpkgs so we
don't become scared to bump it as soon as we have a new LLVM available.
commit fd5d7b2586 ("tests/bpf: add module BTF test") added a new test
for module BTF, but that test does not work on aarch64. (merged in
https://github.com/NixOS/nixpkgs/pull/214001 )
This is not a regression (kfuncs didn't work on bpftrace 0.16,
even if you do not use features requiring BTF like argument name
or type), so just disable the test on aarch64 until it is fixed.
* add sector size parameter to swap randomEncryption
* add key size parameter to swap randomEncryption
* allow deviceName to be overridden for encrypted swap
* create test for swap random encryption
* update release notes
To reduce the danger of accidentally exposing sensitive files processed
by a restic backup to other services/users, enable the `PrivateTmp=`
feature of restic service units, which provides a per service isolation
of `/tmp` and `/var/tmp`.
Co-authored-by: Daniel Nagy <danielnagy@posteo.de>
This removes the feature preview warning, enable by default bootspec,
adds a validation flag to prevent Go to go into build-time closure.
This will break all downstream users of bootspec as those changes are
not backward-compatible.
This option has been introduced in 678eed323f without realizing there was this
PR inflight, unfortunately, it collide with what this PR does and make
it irrelevant.
Therefore, I remove it here.
Bind mount the base dirs of the tls key and chain into the service.
Make sure to bind every directory just once. The test failed on ofborg
when /nix/store and the certificate path in /nix/store/<some path> were
bound.
I think this is required for the gdbus invocations used to implement
the test, rather than for power-profiles-daemon itself.
Fixes: a813be071c ("nixos/polkit: don't enable by default")
`make-disk-image` is a tool for creating VM images. It takes an argument
`contents` that allows one to specify files and directories that should
be copied into the VM image. However, directories end up not at the
specified target, but instead at a subdirectory of the target, with a
nix-store-like path, e.g.
`/target/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-source`. See issue
https://github.com/NixOS/nixpkgs/issues/226203 .
This change adds a test for make-disk-image's contents directory
handling and adds a fix (appending `/` to rsync input directory names).
This closes issue https://github.com/NixOS/nixpkgs/issues/226203 .
This change fixes two problems with the qemu testing code:
1. Previously, the qemu-img command was missing a disk image format
argument.
2. Previously, if a test assertion failed, the test hung because the VM
was not torn down.
Fixes https://github.com/NixOS/nixpkgs/issues/223289.
This doesn't reduce the security in any way since it was already possible for normal users to do what I do here and create such a fake repo for themselves and set their $IPFS_PATH variable to it. It was and still is also possible to just use the --api CLI option.
This change just removes the manual setup that would otherwise be required.
We wouldn't need this workaround if https://github.com/ipfs/kubo/pull/9366 was merged but the fix seems to have been ignored upstream. Patching it ourselves seems like a bad idea since the patch has security implications.
- Use `runTest` instead of `handleTest`, which simplifies the code a little
- Use `lib.maintainers` instead of `pkgs.lib.maintainers`
- Use `ipfs add --quieter` instead of `ipfs add | awk '{ print $2 }'`
- Whitespace and comment changes
The underlying problem with OCR in this test has been that the only
font installed was DejaVu Sans, a proportional font, which xterm would
try to render as monospace. This produced very broken looking text,
which the OCR understandably had trouble with. With an actual
monospace font installed, there are no more problems and we don't need
the hacks.
This change allows the number of sidekiq processes and which job classes
they handle to be configured.
An instance admin may choose to have separate sidekiq processes handling
jobs related to local users (`default` job class) and jobs related to
federation (`push`, `pull`, `ingress`), so that as the instance grows
and takes on more federation traffic, the local users' experience is not
as impacted.
For more details, see https://docs.joinmastodon.org/admin/scaling/#sidekiq
This pr also includes the following changes suggested in review:
- adds syslog identifiers for mastodon services
- moves working directory config to common cfgService
- adds mastodon.target
1. Launching an app externally (like we do in tests) does not dismiss the GNOME Shell’s Activities view opened on log-in.
2. Activities view grabs input so that user can type to search.
3. Due to a regression in Mutter 44, a window focus is not acquired when Shell grabs input
3ac82a58c5
As a result, trying to determine the WMClass would throw:
TypeError: global.display.focus_window is null
Let’s dismiss the Activities view with Escape key as a workaround.
Starting terminal with autostart makes it harder to control when it is activated.
This reverts commit 7aaf526225.
Unfortunately, we cannot simply just go back since that would fail
as mentioned in the reverted commit.
It appears that this is due to the app not being able to find DISPLAY,
since switching to a different terminal emulator will complain:
(kgx:1612): Gtk-WARNING **: 01:12:49.988: cannot open display: :0.0
Let’s use D-Bus activation rather than executing the program through su.
That will hopefully take care of all the necessary environment variables.
And since GNOME Terminal does not support D-Bus activation for the app,
let’s switch to GNOME Console. It probably makes sense anyway,
as it is the default terminal emulator.
Also let’s unify the WMClass detection a bit. Though, weirdly,
the WMClass differs on Wayland.
Make sure that JIT is actually available when using
services.postgresql = {
enable = true;
enableJIT = true;
package = pkgs.postgresql_15;
};
The current behavior is counter-intuitive because the docs state that
`enableJIT = true;` is sufficient even though it wasn't in that case
because the declared package doesn't have the LLVM dependency.
Fixed by using `package.withJIT` if `enableJIT = true;` and
`package.jitSupport` is `false`.
Also updated the postgresql-jit test to test for that case.
Closes#150801
Note: I decided against resuming directly on #150801 because the
conflict was too big (and resolving it seemed too error-prone to me).
Also the `this`-refactoring could be done in an easier manner, i.e. by
exposing JIT attributes with the correct configuration. More on that
below.
This patch creates variants of the `postgresql*`-packages with JIT[1]
support. Please note that a lot of the work was derived from previous
patches filed by other contributors, namely dasJ, andir and abbradar,
hence the co-authored-by tags below.
Effectively, the following things have changed:
* For JIT variants an LLVM-backed stdenv with clang is now used as
suggested by dasJ[2]. We need LLVM and CLang[3] anyways to build the
JIT-part, so no need to mix this up with GCC's stdenv. Also, using the
`dev`-output of LLVM and clang's stdenv for building (and adding llvm
libs as build-inputs) seems more cross friendly to me (which will
become useful when cross-building for JIT-variants will actually be
supported).
* Plugins inherit the build flags from the Makefiles in
`$out/lib/pgxs/src` (e.g. `-Werror=unguarded-availability-new`). Since
some of the flags are clang-specific (and stem from the use of the
CLang stdenv) and don't work on gcc, the stdenv of `pkgs.postgresql`
is passed to the plugins. I.e., plugins for non-JIT variants are built
with a gcc stdenv on Linux and plugins for JIT variants with a clang
stdenv.
Since `plv8` hard-codes `gcc` as `$CC` in its Makefile[4], I marked it
as broken for JIT-variants of postgresql only.
* Added a test-matrix to confirm that JIT works fine on each
`pkgs.postgresql_*_jit` (thanks Andi for the original test in
#124804!).
* For each postgresql version, a new attribute
`postgresql_<version>_jit` (and a corresponding
`postgresqlPackages<version>JitPackages`) are now exposed for better
discoverability and prebuilt artifacts in the binary cache.
* In #150801 the `this`-argument was replaced by an internal recursion.
I decided against this approach because it'd blow up the diff even
more which makes the readability way harder and also harder to revert
this if necessary.
Instead, it is made sure that `this` always points to the correct
variant of `postgresql` and re-using that in an additional
`.override {}`-expression is trivial because the JIT-variant is
exposed in `all-packages.nix`.
* I think the changes are sufficiently big to actually add myself as
maintainer here.
* Added `libxcrypt` to `buildInputs` for versions <v13. While
building things with an LLVM stdenv, these versions complained that
the extern `crypt()` symbol can't be found. Not sure what this is
exactly about, but since we want to switch to libxcrypt for `crypt()`
usage anyways[5] I decided to add it. For >=13 it's not relevant
anymore anyways[6].
* JIT support doesn't work with cross-compilation. It is attempted to
build LLVM-bytecode (`%.bc` is the corresponding `make(1)`-rule) for
each sub-directory in `backend/` for the JIT apparently, but with a
$(CLANG) that can produce binaries for the build, not the host-platform.
I managed to get a cross-build with JIT support working with
`depsBuildBuild = [ llvmPackages.clang ] ++ buildInputs`, but
considering that the resulting LLVM IR isn't platform-independent this
doesn't give you much. In fact, I tried to test the result in a VM-test,
but as soon as JIT was used to optimize a query, postgres would
coredump with `Illegal instruction`.
A common concern of the original approach - with llvm as build input -
was the massive increase of closure size. With the new approach of using
the LLVM stdenv directly and patching out references to the clang drv in
`$out` the effective closure size changes are:
$ nix path-info -Sh $(nix-build -A postgresql_14)
/nix/store/kssxxqycwa3c7kmwmykwxqvspxxa6r1w-postgresql-14.7 306.4M
$ nix path-info -Sh $(nix-build -A postgresql_14_jit)
/nix/store/xc7qmgqrn4h5yr4vmdwy56gs4bmja9ym-postgresql-14.7 689.2M
Most of the increase in closure-size stems from the `lib`-output of
LLVM
$ nix path-info -Sh /nix/store/5r97sbs5j6mw7qnbg8nhnq1gad9973ap-llvm-11.1.0-lib
/nix/store/5r97sbs5j6mw7qnbg8nhnq1gad9973ap-llvm-11.1.0-lib 349.8M
which is why this shouldn't be enabled by default.
While this is quite much because of LLVM, it's still a massive
improvement over the simple approach of adding llvm/clang as
build-inputs and building with `--with-llvm`:
$ nix path-info -Sh $(nix-build -E '
with import ./. {};
postgresql.overrideAttrs ({ configureFlags ? [], buildInputs ? [], ... }: {
configureFlags = configureFlags ++ [ "--with-llvm" ];
buildInputs = buildInputs ++ [ llvm clang ];
})' -j0)
/nix/store/i3bd2r21c6c3428xb4gavjnplfqxn27p-postgresql-14.7 1.6G
Co-authored-by: Andreas Rammhold <andreas@rammhold.de>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
[1] https://www.postgresql.org/docs/current/jit-reason.html
[2] https://github.com/NixOS/nixpkgs/pull/124804#issuecomment-864616931
& https://github.com/NixOS/nixpkgs/pull/150801#issuecomment-1467868321
[3] This fails with the following error otherwise:
```
configure: error: clang not found, but required when compiling --with-llvm, specify with CLANG=
```
[4] https://github.com/plv8/plv8/blob/v3.1.5/Makefile#L14
[5] https://github.com/NixOS/nixpkgs/pull/181764
[6] c45643d618
This adds an option `services.mattermost.environmentFile`, intended to be
useful especially when `services.mattermost.mutableConfig` is set to `false`.
Since all mattermost configuration options can also be set by environment
variables, this allows managing secret configuration values in a declarative
manner without placing them in the nix store.
This should fix the flakyness of the test.
Forcefully killing the consul process can lead to
a broken `/var/lib/consul/node-id` file, which
will prevent consul from starting on that node again.
See https://github.com/hashicorp/consul/issues/3489
So instead of crashing the whole node, which leads to
this corruption from time to time, we kill the
networking instead, preventing any cluster
communication and then cleanly stop consul.
The keyd package already exists, but without a systemd service.
Keyd requires write access to /var/run to create its socket. Currently
the directory it uses can be changed with an environment variable, but
the keyd repo state suggests that this may turn into a compile-time
option. with that set, and some supplementary groups added, we can run
the service under DynamicUser.
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
The restic repository cache location defaults to ~/.cache/restic when
not overwritten either by the --cache-dir command line parameter or the
universal RESTIC_CACHE_DIR environment variable.
Currently, the --cache-dir variable is set to only some restic commands,
but, e.g., not to the unit's preStart command for the module's
initialize option. This results in two distinct cache locations, one at
~/.cache/restic for the initialize commands and one at the configured
--cache-dir location for the restic backup command.
By explicitly setting RESTIC_CACHE_DIR for the unit, only one cache at
the correct location will be used.
https://restic.readthedocs.io/en/v0.15.1/manual_rest.html#caching
Hydra Eval has been throwing these eval errors for the past four
months, which makes the yellow "Eval Errors" bubble pretty useless:
https://hydra.nixos.org/eval/1790611#tabs-errors
```
in job ‘nixos.tests.installer.separateBoot.aarch64-linux’:
error: Non-EFI boot methods are only supported on i686 / x86_64
in job ‘nixos.tests.installer.simple.aarch64-linux’:
error: Non-EFI boot methods are only supported on i686 / x86_64
in job ‘nixos.tests.installer.lvm.aarch64-linux’:
error: Non-EFI boot methods are only supported on i686 / x86_64
```
This PR moves the failure for the `!isEfi &&
!pkgs.stdenv.hostPlatform.isx86` case from eval-time to runtime, so
the failure gets categorized under the test that produced it, rather
than just being lumped in to the catch-all Eval Errors pile
which... apparently nobody cares about.
Some of the stuff used to be needed for a project, for others I found
alternatives that suited better my needs. Anyways, I don't intend to
spend time maintaining these, so no need to keep that.
`/api/v1/signing-key.gpg` spawns a `gpg` process,
which is great to test if `gpg` is available
and can be invoked from in the unit.
Which is somewhat relevant, since `gpg` was
missing from the unit's `$PATH` until recently.
And even after adding `gpg` to the unit's `$PATH`,
configuring commit signing for a instance
resulted in http/500s nonetheless.
That's due to `@memlock` being present in
`SystemCallFilter=~` and `gpg` trying to
use `mlock` (probably to prevent secrets
in the memory to swap), resulting in an
immediate `SIGKILL` of any spawned `gpg` processes.
The defaults conflicts with the defaults of `services.httpd`:
```
error: The option `nodes.machine.services.logrotate.enable' has conflicting definition values:
- In `/home/thomas/Workspace/Packaging/nixpkgs/nixos/modules/profiles/minimal.nix': false
- In `/home/thomas/Workspace/Packaging/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix': true
Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.
(use '--show-trace' to show detailed location information)
```
`nixos/profile/minimal` is not used in the majority of the tests and it does not
seem to have a specific reason to use it for the HAProxy test.
It looks like the systemd-initrd variant of the systemd-shutdown test
(systemd-initrd-shutdown) did not actually enable the systemd-initrd and
so was just evaluating to the same store path before this change.
The test was failing because it was timing out. Turns out it was waiting
for `foo.kdbx`, which couldn't be "seen" even if it actually existed
(probably some contrast issues with the theme and OCR couldn't find it).
Fixed it by delegating the check to the next screen, where the full path
to the file is displayed in a bigger size. The test seems to pass.
Prepare the tests for a change in dependency handling, by not relying on
bespoke files dropped into the package output.
Instead we now check the journal log for whether a configured component
was setup, once for the initial specialisation another time for the one
introducing esphome configuration.
Also improve abstractions for getting journal data relative to a cursor
and generally make a few things more concise.
using readFile instead of fileContents (or using indented strings) can
leave a trailing newline that causes build errors in systemd units and
has previously caused runtime errors in wireguard scripts. use
singleLineStr to strip a trailing newline if it exists, and to fail if
more than one is present.
...but still allow for setting `dataDir` to a custom path. This gets
rid of the use of the deprecated option PermissionsStartOnly. Also, add
the ability to customize user and group, since that could be useful
with a custom `dataDir`.
Since https://github.com/NixOS/nixpkgs/issues/213943 got fixed, only the main k3s derivation is tested.
Here I changed the tests a bit to make them test all provided k3s derivations
@moduon MT-1718
By default, pgadmin4 uses SERVER_MODE = True. This requires
access to system directories (e.g. /var/lib/pgadmin). There is
no easy way to change this mode during runtime. One has to change
or add config files withing pgadmin's directory structure to change it
or add a system-wide config file under `/etc/pgadmin`[1].
This isn't always easy to achive or may not be possible at all. For
those usecases this implements a switch in the pgadmin4 derivation and
adds a new top-level package `pgadmin4-desktopmode`. This builds in
DESKTOP MODE and allows the usage of pgadmin4 without the nixOS module
and without access to system-wide directories.
pgadmin4 module saves the configuration to /etc/pgadmin/config_system.py
pgadmin4-desktopmode tries to read that as well. This normally fails with
a PermissionError, as the config file is owned by the user of the pgadmin module.
With the check-system-config-dir.patch this will just throw a warning
but will continue and not read the file.
If we run pgadmin4-desktopmode as root
(something one really shouldn't do), it can read the config file and fail,
because of the wrong config for desktopmode.
[1]https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
We test pgadmin in nixosTests, because it needs a running postgresql instance.
This is now unnecessary since we can do so in the package itself.
This reduces the complexity of pgadmin and removes the need for the extra
nixosTests.
Also setting SERVER_MODE in `pkg/pip/setup_pip.py` does not have any effect
on the final package, so we remove it.
In NixOS, we use the module, which expects SERVER_MODE to be true (which it defaults to).
In non-NixOS installations, we will need the directory /var/lib/pgadmin and /var/log/pgadmin
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
If our (fake) metadata server provides a 404 instead of a JSON document,
the NSS module segfaults, and as we do NSS lookups through ns(n)cd,
not only crashes the application doing the NSS lookup, but our ns(n)cd.
This has been causing segfaults of nscd all along, but since our switch
from glibc-nscd to nsncd, caused the test to fail entirely.
In any case, by handling /computeMetadata/v1/oslogin/groups we get the
NSS lookup to not cause any segfaults, and to succeed the test again.
bpftrace 0.17 added module BTF support, check this works.
On bpftrace 0.16, this failed with the following error:
> ERROR: kfunc:nft_trans_alloc_gfp: no BTF data for the function
As announced in the NixOS 22.11 release notes, 23.05 will switch NixOS
to using nsncd (a non-caching reimplementation in Rust) as NSS lookup
dispatcher, instead of the buggy and deprecated glibc-provided nscd.
If you need to switch back, set `services.nscd.enableNsncd = false`, but
please open an issue in nixpkgs so your issue can be fixed.
...for explicitly named network interfaces
This reverts commit 6ae3e7695e.
(and evaluation fixups 08d26bbb727aed90a969)
Some of the tests fail or time out after the merge.
Because nextcloud ships their prerelease versions on a different url, we
are not parsing the version string to detect which path to use. We also
enabled and validated this change via nixos module testing.
EOLed by upstream, doesn't receive any patches anymore, so let's drop
it.
Currently depends on #211886 which bumps the latest compatible ZFS
version to 6.1.
Also, clean up some old aliases.
Adds a new option to the virtualisation modules that enables specifying
explicitly named network interfaces in QEMU VMs. The existing
`virtualisation.vlans` is still supported for cases where the name of
the network interface is irrelevant.
Previously, secrets were named according to the initrd they were
associated with. This created a problem: If secrets were changed whilst
the initrd remained the same, there were two versions of the secrets
with one initrd. The result was that only one version of the secrets would
by recorded into the /boot partition and get used. AFAICT this would
only be the oldest version of the secrets for the given initrd version.
This manifests as #114594, which I found frustrating while trying to use
initrd secrets for the first time. While developing the secrets I found
I could not get new versions of the secrets to take effect.
Additionally, it's a nasty issue to run into if you had cause to change
the initrd secrets for credential rotation, etc, if you change them and
discover you cannot, or alternatively that you can't roll back as you
would expect.
Additional changes in this patch.
* Add a regression test that switching to another grub configuration
with the alternate secrets works. This test relies on the fact that it
is not changing the initrd. I have checked that the test fails if I
undo my change.
* Persist the useBootLoader disk state, similarly to other boot state.
* I had to do this, otherwise I could not find a route to testing the
alternate boot configuration. I did attempt a few different ways of
testing this, including directly running install-grub.pl, but what
I've settled on is most like what a user would do and avoids
depending on lots of internal details.
* Making tests that test the boot are a bit tricky (see hibernate.nix
and installer.nix for inspiration), I found that in addition to
having to copy quite a bit of code I still couldn't get things to
work as desired since the bootloader state was being clobbered.
My change to persist the useBootLoader state could break things,
conceptually. I need some help here discovering if that is the case,
possibly by letting this run through a staging CI if there is one.
Fix#114594.
cc potential reviewers:
@lopsided98 (original implementer) @joachifm (original reviewer),
@wkennington (numerous fixes to grub-install.pl), @lheckemann (wrote
original secrets test).
The cups-pdf vm test previously waited for the
activation of `cups.service` before testing anything.
This method fails since
47d9e7d3d7
as cups auto-stops if it is not used,
causing the test framework to complain
that `cups.service` will never start.
The commit at hand alters the test so it
simply waits for `multi-user.target`.
We could also switch to `cups.socket`,
but `multi-user.target` seems to be more robust
concerning future changes in the cups mechanisms.
This reverts commit a768871934.
This is too fragile, it breaks at least on:
* ssl dh params
* hostnames in proxypass and upstreams are resolved in the sandbox
The update test patches the systemd-boot binary to report a known
version then tests that this is the version updated from. The previous
patch would also search the kernel and initrd binaries, which would
cause sed to write out a temporary file that might cause the disk
to run out of space and the test to fail.
Only attempt to patch binaries which contain systemd-boot (usually
`BOOT<arch>.EFI` and `systemd-boot<arch>.efi` to avoid this problem.
As a bonus, this reduces test time by 20-30%.
At some point many months ago, the systemd-boot update script stopped
outputting parentheses around the version being upgraded from, causing
the test to fail. Remove the parentheses from the expected message to
fix the test.
This commit fixes a papercut in nixos-rebuild where people wanting to
switch to a specialisation (or test one) were forced to manually figure
out the specialisation's path and run its activation script - since now,
there's a dedicated option to do just that.
This is a backwards-compatible change which doesn't affect the existing
behavior, which - to be fair - might still be considered sus by some
people, the painful scenario here being:
- you boot into specialisation `foo`,
- you run `nixos-rebuild switch`,
- whoops, you're no longer at specialisation `foo`, but you're rather
brought back to the base system.
(it's especially painful for cases where specialisation is used to load
extra drivers, e.g. Nvidia, since then launching `nixos-rebuild switch`,
while forgetting that you're inside a specialisation, can cause some
parts of your system to get accidentally unloaded.)
I've tried to mitigate that by improving specialisations so that they
create a dedicated file somewhere in `/run/current-system` containing
the specialisation's name (which `nixos-rebuild` could then use as the
default value for `--specialisation`), but I haven't been able to come
up with anything working (plus it would be a breaking change then).
Closes https://github.com/NixOS/nixpkgs/issues/174065
This provides an easy way to specify exclude patterns in config. It was
already possible via extraBackupOptions; this change creates a simpler,
similar to other backup services, way to specify them.
This commit also moves the indicator files out of the directory that's
being backed up, so that the directory remains static throughout the
backup operation.
Added the RFC42-style added the posibility to use
`services.dokuwiki.sites.<name>.settings' instead of passing a plain
string to `<name>.extraConfig`. ´<name>.pluginsConfig` now also accepts
structured configuration.
Also added two "quality of life" tests to ensure customisations to the
dokuiwki package are not being discarded and both webserver
configurations handle rewriting correctly.
As a follow up to f9d1f80045, we should
add the ability to test explicit versions of the wordpress derivation.
Since we are currently only supporting wordpress6_1 in unstable, this
change is a noop.
Updates #209051
The nixOS test failed sporadically with a timeout.
This is due to a race condition in the startup of
the scheduler vs the task-queue.
The scheduler runs the migration scripts in "pre-start" and
celery isn't available, yet. The celery worker (paperless-task-queue)
was already started by systemd but was unable to connect
(as the migration scripts from "pre-start" still ran).
This fix adds the necessary "after" condition in the systemd
worker unit and adds a test to "paperless"
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
It's better to utilize the boot process and systemd mechanisms to test
these zfs features, rather than manually simulating the same behavior
with testScript.
When test-input-reader runs, it's standard input exists and will
be buffered, so by the time the file exists, the standard input
can already be written to.
I have no reason to believe that a terminal emulator would start
accepting input _after_ launching the command.
I've tested this for hours in a loop without a single failure or
timeout.
This commit upgrades headscale to the newest version, 0.17.0 and updates
the module with the current breaking config changes.
In addition, the module is rewritten to conform with RFC0042 to try to
prevent some drift between the module and the upstream.
A new maintainer, Misterio77, is added as maintainer.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Gabriel Fontes <hi@m7.rs>
Co-authored-by: Geoffrey Huntley <ghuntley@ghuntley.com>
On x86_64-linux only because bootspec is for NixOS (for the moment?),
and NixOS is really only a Linux concept (for the moment?).
Not on aarch64-linux because it fails for whatever reason 🤷
