- nixfmt on apparmor test
- move apparmor test to nixos/tests/apparmor directory
- expected profile contents are now generated in its own file to make the test file less confusing and hard to maintain
- enforce/complain is now being tested via diff of expected against aa-status
- path is now tested against diff+file checking symlink target of /etc/static/apparmor.d/<name>
- profile is now checked by diff of /etc/static/apparmor.d/<name> against original string added in nix config
- test still successfully passes
- added test for confined hello to succeed
- added test for confined hexdump on denied path to fail
This commit adds two new tests to show that the ordering of password
overrides documentation in nixos/modules/config/user-groups.nix is
correct. The override behavior differs depending on whether a system
has systemd-sysusers enabled, so there are two tests.
From hosts(5):
> For each host a single line should be present with the following
> information:
>
> IP_address canonical_hostname [aliases...]
With lines like "::1 localhost ahost.adomin ahost", we were saying
that the canonical name for "ahost" was "localhost", the opposite of a
canonical name. This is why a second loopback address (127.0.0.2) is
used for hostnames with IPv4 — if they were put after "localhost" on
the 127.0.0.1 line, the same thing would happen. With IPv6 we can't
do the same thing as there's only a single loopback address, so
instead the right thing to do is to simply not list the hostnames in
/etc/hosts, and rely on the myhostname NSS plugin, which will handle
this correctly.
(Note that the examples in hosts(5) also do not include IPv6 FQDN or
hostname entries.)
The newer runTest handler uses a single nixpkgs instance to eval all the
specialisations, reducing the memory usage and eval time of the test
drastically compared to handleTest which creates a new nixpkgs instance
for every specialisation.
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev 78e9caf153
result/bin/apply-formatting $NIXPKGS_PATH
The backup module is part of the default integrations and as such it will
always be loaded. Replace it with the prometheus module, for which this
is probably unlikely to ever become the case.
When sending SIGHUP to hass it will exit with code 100, which is the
codified exit code to trigger a restart. This is useful, because it can
allow triggering a restart from within the frontend.
It was previously assumed that it would result in a reload, which would
keep the same interpreter process intact. That is not the case and so the
assumption that the PID would stay the same was flawed and only succeeded
due to race conditions.
Caddy usually expects just a hostname without scheme to do its automatic
HTTPS. It is possible to get the old behavior (only HTTP) by setting
`services.caddy.virtualHosts.<host>.hostName`.
First, `stop network-addresses-X` should clean up the addresses without deleting the interfaces. And only `stop tap0-netdev` should fully delete the interfaces.
Signed-off-by: Egor Savkin <es@m-labs.hk>
This code is mostly from #279629, the uninvoled client checks were removed (since they are the same as the direct connection to the client test) and the tests were adjusted to work as intended as well as bugs fixed.
In some cases, some tests are skipped when they do not make sense for the specific configuration that is being tested.
The validity period for TRCs cannot be set to an rfc3339 date, only an
offset from the current system time, which if set to 3650d rather than
36500d will still give us quite a long time before it becomes invalid,
which is acceptable for the time being.
This makes timestamps and cert expiry less of a spurious issue in VM
Tests, and in CI/Hydra, by hardcoding large values, and allowing certs
to begin at 0 seconds from UNIX epoch time
Add an option for shell script fragments that are ran before switching
to a new NixOS system configuration (pre installation of bootloader or
system activation). Also add a new subcommand for
switch-to-configuration called "check" that will cause the program to
always exit after checks are ran.
