public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into staging-next

This commit is contained in:
Frederik Rietdijk 2019-11-25 21:51:57 +01:00
parent 2a2d3de78c 646b279c55
commit 06a054e6eb
252 changed files with 3160 additions and 2290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View File

@ -47,6 +47,9 @@
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
# NixOS integration test driver
/nixos/lib/test-driver @tfc
# New NixOS modules
/nixos/modules/module-list.nix @Infinisil

11
doc/using/configuration.xml
View File

@ -141,11 +141,10 @@
For a more useful example, try the following. This configuration only allows unfree packages named flash player and visual studio code:
<programlisting>
{
allowUnfreePredicate = (pkg: builtins.elem
(pkg.pname or (builtins.parseDrvName pkg.name).name) [
"flashplayer"
"vscode"
]);
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"flashplayer"
"vscode"
];
}
</programlisting>
</para>
@ -217,7 +216,7 @@
The following configuration example only allows insecure packages with very short names:
<programlisting>
{
allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) &lt;= 5);
allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) &lt;= 5;
}
</programlisting>
</para>

3
lib/default.nix
View File

@ -84,7 +84,8 @@ let
hasInfix hasPrefix hasSuffix stringToCharacters stringAsChars escape
escapeShellArg escapeShellArgs replaceChars lowerChars
upperChars toLower toUpper addContextFrom splitString
removePrefix removeSuffix versionOlder versionAtLeast getVersion
removePrefix removeSuffix versionOlder versionAtLeast
getName getVersion
nameFromURL enableFeature enableFeatureAs withFeature
withFeatureAs fixedWidthString fixedWidthNumber isStorePath
toInt readPathsFromFile fileContents;

17
lib/strings.nix
View File

@ -472,6 +472,23 @@ rec {
*/
versionAtLeast = v1: v2: !versionOlder v1 v2;
/* This function takes an argument that's either a derivation or a
derivation's "name" attribute and extracts the name part from that
argument.
Example:
getName "youtube-dl-2016.01.01"
=> "youtube-dl"
getName pkgs.youtube-dl
=> "youtube-dl"
*/
getName = x:
let
parse = drv: (builtins.parseDrvName drv).name;
in if isString x
then parse x
else x.pname or (parse x.name);
/* This function takes an argument that's either a derivation or a
derivation's "name" attribute and extracts the version part from that
argument.

1
lib/systems/default.nix
View File

@ -37,6 +37,7 @@ rec {
else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
else if final.isMsp430 then "newlib"
else if final.isVc4 then "newlib"
else if final.isAvr then "avrlibc"
else if final.isNetBSD then "nblibc"
# TODO(@Ericson2314) think more about other operating systems

3
lib/systems/doubles.nix
View File

@ -26,7 +26,7 @@ let
"riscv32-linux" "riscv64-linux"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none" "vc4-none"
];
allParsed = map parse.mkSystemFromString all;
@ -45,6 +45,7 @@ in {
x86_64 = filterDoubles predicates.isx86_64;
mips = filterDoubles predicates.isMips;
riscv = filterDoubles predicates.isRiscV;
vc4 = filterDoubles predicates.isVc4;
cygwin = filterDoubles predicates.isCygwin;
darwin = filterDoubles predicates.isDarwin;

6
lib/systems/examples.nix
View File

@ -118,6 +118,12 @@ rec {
config = "avr";
};
vc4 = {
config = "vc4-elf";
libc = "newlib";
platform = {};
};
arm-embedded = {
config = "arm-none-eabi";
libc = "newlib";

1
lib/systems/inspect.nix
View File

@ -21,6 +21,7 @@ rec {
isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; };
isMsp430 = { cpu = { family = "msp430"; }; };
isVc4 = { cpu = { family = "vc4"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isJavaScript = { cpu = cpuTypes.js; };

2
lib/systems/parse.nix
View File

@ -112,6 +112,8 @@ rec {
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
vc4 = { bits = 32; significantByte = littleEndian; family = "vc4"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};

18
maintainers/maintainer-list.nix
View File

@ -3601,6 +3601,12 @@
github = "klntsky";
githubId = 18447310;
};
kmcopper = {
email = "kmcopper@danwin1210.me";
name = "Kyle Copperfield";
github = "kmcopper";
githubId = 57132115;
};
kmeakin = {
email = "karlwfmeakin@gmail.com";
name = "Karl Meakin";
@ -4524,6 +4530,12 @@
githubId = 117842;
name = "Henri Bourcereau";
};
mmilata = {
email = "martin@martinmilata.cz";
github = "mmilata";
gitHubId = 85857;
name = "Martin Milata";
};
mmlb = {
email = "me.mmlb@mmlb.me";
github = "mmlb";
@ -6727,6 +6739,12 @@
githubId = 42933;
name = "Andrew Childs";
};
thefenriswolf = {
email = "stefan.rohrbacher97@gmail.com";
github = "thefenriswolf";
githubId = "8547242";
name = "Stefan Rohrbacher";
};
thesola10 = {
email = "thesola10@bobile.fr";
github = "thesola10";

2
maintainers/scripts/update.nix
View File

@ -126,7 +126,7 @@ let
packageData = package: {
name = package.name;
pname = (builtins.parseDrvName package.name).name;
pname = pkgs.lib.getName package;
updateScript = map builtins.toString (pkgs.lib.toList package.updateScript);
};

10
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -176,6 +176,16 @@
KDEs old multimedia framework Phonon no longer supports Qt 4. For that reason, Plasma desktop also does not have <option>enableQt4Support</option> option any more.
</para>
</listitem>
<listitem>
<para>
The BeeGFS module has been removed.
</para>
</listitem>
<listitem>
<para>
The osquery module has been removed.
</para>
</listitem>
</itemizedlist>
</section>

2
nixos/lib/make-options-doc/default.nix
View File

@ -86,7 +86,7 @@ let
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsXML = pkgs.writeText "options.xml" (builtins.toXML optionsList);
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);

7
nixos/lib/test-driver/test-driver.py
View File

@ -3,7 +3,6 @@ from contextlib import contextmanager, _GeneratorContextManager
from xml.sax.saxutils import XMLGenerator
import _thread
import atexit
import json
import os
import ptpython.repl
import pty
@ -16,7 +15,7 @@ import sys
import tempfile
import time
import unicodedata
from typing import Tuple, TextIO, Any, Callable, Dict, Iterator, Optional, List
from typing import Tuple, Any, Callable, Dict, Iterator, Optional, List
CHAR_TO_KEY = {
"A": "shift-a",
@ -771,7 +770,9 @@ def run_tests() -> None:
machine.execute("sync")
if nr_tests != 0:
log.log("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
eprint("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
if nr_tests > nr_succeeded:
sys.exit(1)
@contextmanager

41
nixos/modules/config/vpnc.nix
View File

@ -1,41 +0,0 @@
{ config, lib, ... }:
with lib;
let
cfg = config.networking.vpnc;
mkServiceDef = name: value:
{
name = "vpnc/${name}.conf";
value = { text = value; };
};
in
{
options = {
networking.vpnc = {
services = mkOption {
type = types.attrsOf types.str;
default = {};
example = literalExample ''
{ test = '''
IPSec gateway 192.168.1.1
IPSec ID someID
IPSec secret secretKey
Xauth username name
Xauth password pass
''';
}
'';
description =
''
The names of cisco VPNs and their associated definitions
'';
};
};
};
config.environment.etc = mapAttrs' mkServiceDef cfg.services;
}

3
nixos/modules/module-list.nix
View File

@ -35,7 +35,6 @@
./config/terminfo.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/vpnc.nix
./config/vte.nix
./config/zram.nix
./hardware/acpilight.nix
@ -519,7 +518,6 @@
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
./services/monitoring/netdata.nix
./services/monitoring/osquery.nix
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/exporters.nix
@ -539,7 +537,6 @@
./services/monitoring/zabbix-agent.nix
./services/monitoring/zabbix-proxy.nix
./services/monitoring/zabbix-server.nix
./services/network-filesystems/beegfs.nix
./services/network-filesystems/cachefilesd.nix
./services/network-filesystems/davfs2.nix
./services/network-filesystems/drbd.nix

9
nixos/modules/rename.nix
View File

@ -10,6 +10,7 @@ with lib;
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkRenamedOptionModule [ "networking" "connman" ] [ "services" "connman" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
@ -235,6 +236,7 @@ with lib;
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
(mkRemovedOptionModule [ "fonts" "enableCoreFonts" ] "Use fonts.fonts = [ pkgs.corefonts ]; instead.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
@ -279,6 +281,13 @@ with lib;
# BLCR
(mkRemovedOptionModule [ "environment.blcr.enable" ] "The BLCR module has been removed")
# beegfs
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
# osquery
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")

12
nixos/modules/services/databases/mysql.nix
View File

@ -8,15 +8,11 @@ let
mysql = cfg.package;
isMariaDB =
let
pName = _p: (builtins.parseDrvName (_p.name)).name;
in pName mysql == pName pkgs.mariadb;
isMariaDB = lib.getName mysql == lib.getName pkgs.mariadb;
isMysqlAtLeast57 =
let
pName = _p: (builtins.parseDrvName (_p.name)).name;
in (pName mysql == pName pkgs.mysql57)
&& ((builtins.compareVersions mysql.version "5.7") >= 0);
(lib.getName mysql == lib.getName pkgs.mysql57)
&& (builtins.compareVersions mysql.version "5.7" >= 0);
mysqldOptions =
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";

2
nixos/modules/services/games/openarena.nix
View File

@ -43,7 +43,7 @@ in
serviceConfig = {
DynamicUser = true;
StateDirectory = "openarena";
ExecStart = "${pkgs.openarena}/bin/openarena-server +set fs_basepath ${pkgs.openarena}/openarena-0.8.8 +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
ExecStart = "${pkgs.openarena}/bin/oa_ded +set fs_basepath ${pkgs.openarena}/openarena-0.8.8 +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
Restart = "on-failure";
# Hardening

91
nixos/modules/services/monitoring/osquery.nix
View File

@ -1,91 +0,0 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.services.osquery;
in
{
options = {
services.osquery = {
enable = mkEnableOption "osquery";
loggerPath = mkOption {
type = types.path;
description = "Base directory used for logging.";
default = "/var/log/osquery";
};
pidfile = mkOption {
type = types.path;
description = "Path used for pid file.";
default = "/var/osquery/osqueryd.pidfile";
};
utc = mkOption {
type = types.bool;
description = "Attempt to convert all UNIX calendar times to UTC.";
default = true;
};
databasePath = mkOption {
type = types.path;
description = "Path used for database file.";
default = "/var/osquery/osquery.db";
};
extraConfig = mkOption {
type = types.attrs // {
merge = loc: foldl' (res: def: recursiveUpdate res def.value) {};
};
description = "Extra config to be recursively merged into the JSON config file.";
default = { };
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.osquery ];
environment.etc."osquery/osquery.conf".text = toJSON (
recursiveUpdate {
options = {
config_plugin = "filesystem";
logger_plugin = "filesystem";
logger_path = cfg.loggerPath;
database_path = cfg.databasePath;
utc = cfg.utc;
};
} cfg.extraConfig
);
systemd.services.osqueryd = {
description = "The osquery Daemon";
after = [ "network.target" "syslog.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.osquery ];
preStart = ''
mkdir -p ${escapeShellArg cfg.loggerPath}
mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})"
mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})"
'';
serviceConfig = {
TimeoutStartSec = "infinity";
ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}";
KillMode = "process";
KillSignal = "SIGTERM";
Restart = "on-failure";
};
};
};
}

357
nixos/modules/services/network-filesystems/beegfs.nix
View File

@ -1,357 +0,0 @@
{ config, lib, pkgs, ...} :
with lib;
let
cfg = config.services.beegfs;
# functions for the generations of config files
configMgmtd = name: cfg: pkgs.writeText "mgmt-${name}.conf" ''
storeMgmtdDirectory = ${cfg.mgmtd.storeDir}
storeAllowFirstRunInit = false
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
${cfg.mgmtd.extraConfig}
'';
configAdmon = name: cfg: pkgs.writeText "admon-${name}.conf" ''
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
${cfg.admon.extraConfig}
'';
configMeta = name: cfg: pkgs.writeText "meta-${name}.conf" ''
storeMetaDirectory = ${cfg.meta.storeDir}
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
storeAllowFirstRunInit = false
${cfg.meta.extraConfig}
'';
configStorage = name: cfg: pkgs.writeText "storage-${name}.conf" ''
storeStorageDirectory = ${cfg.storage.storeDir}
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
storeAllowFirstRunInit = false
${cfg.storage.extraConfig}
'';
configHelperd = name: cfg: pkgs.writeText "helperd-${name}.conf" ''
connAuthFile = ${cfg.connAuthFile}
${cfg.helperd.extraConfig}
'';
configClientFilename = name : "/etc/beegfs/client-${name}.conf";
configClient = name: cfg: ''
sysMgmtdHost = ${cfg.mgmtdHost}
connAuthFile = ${cfg.connAuthFile}
connPortShift = ${toString cfg.connPortShift}
${cfg.client.extraConfig}
'';
serviceList = [
{ service = "admon"; cfgFile = configAdmon; }
{ service = "meta"; cfgFile = configMeta; }
{ service = "mgmtd"; cfgFile = configMgmtd; }
{ service = "storage"; cfgFile = configStorage; }
];
# functions to generate systemd.service entries
systemdEntry = service: cfgFile: (mapAttrs' ( name: cfg:
(nameValuePair "beegfs-${service}-${name}" (mkIf cfg.${service}.enable {
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = rec {
ExecStart = ''
${pkgs.beegfs}/bin/beegfs-${service} \
cfgFile=${cfgFile name cfg} \
pidFile=${PIDFile}
'';
PIDFile = "/run/beegfs-${service}-${name}.pid";
TimeoutStopSec = "300";
};
}))) cfg);
systemdHelperd = mapAttrs' ( name: cfg:
(nameValuePair "beegfs-helperd-${name}" (mkIf cfg.client.enable {
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = rec {
ExecStart = ''
${pkgs.beegfs}/bin/beegfs-helperd \
cfgFile=${configHelperd name cfg} \
pidFile=${PIDFile}
'';
PIDFile = "/run/beegfs-helperd-${name}.pid";
TimeoutStopSec = "300";
};
}))) cfg;
# wrappers to beegfs tools. Avoid typing path of config files
utilWrappers = mapAttrsToList ( name: cfg:
( pkgs.runCommand "beegfs-utils-${name}" {
nativeBuildInputs = [ pkgs.makeWrapper ];
preferLocalBuild = true;
} ''
mkdir -p $out/bin
makeWrapper ${pkgs.beegfs}/bin/beegfs-check-servers \
$out/bin/beegfs-check-servers-${name} \
--add-flags "-c ${configClientFilename name}" \
--prefix PATH : ${lib.makeBinPath [ pkgs.beegfs ]}
makeWrapper ${pkgs.beegfs}/bin/beegfs-ctl \
$out/bin/beegfs-ctl-${name} \
--add-flags "--cfgFile=${configClientFilename name}"
makeWrapper ${pkgs.beegfs}/bin/beegfs-ctl \
$out/bin/beegfs-df-${name} \
--add-flags "--cfgFile=${configClientFilename name}" \
--add-flags --listtargets \
--add-flags --hidenodeid \
--add-flags --pools \
--add-flags --spaceinfo
makeWrapper ${pkgs.beegfs}/bin/beegfs-fsck \
$out/bin/beegfs-fsck-${name} \
--add-flags "--cfgFile=${configClientFilename name}"
''
)) cfg;
in
{
###### interface
options = {
services.beegfsEnable = mkEnableOption "BeeGFS";
services.beegfs = mkOption {
default = {};
description = ''
BeeGFS configurations. Every mount point requires a separate configuration.
'';
type = with types; attrsOf (submodule ({ ... } : {
options = {
mgmtdHost = mkOption {
type = types.str;
default = null;
example = "master";
description = ''Hostname of managament host.'';
};
connAuthFile = mkOption {
type = types.str;
default = "";
example = "/etc/my.key";
description = "File containing shared secret authentication.";
};
connPortShift = mkOption {
type = types.int;
default = 0;
example = 5;
description = ''
For each additional beegfs configuration shift all
service TCP/UDP ports by at least 5.
'';
};
client = {
enable = mkEnableOption "BeeGFS client";
mount = mkOption {
type = types.bool;
default = true;
description = "Create fstab entry automatically";
};
mountPoint = mkOption {
type = types.str;
default = "/run/beegfs";
description = ''
Mount point under which the beegfs filesytem should be mounted.
If mounted manually the mount option specifing the config file is needed:
cfgFile=/etc/beegfs/beegfs-client-&lt;name&gt;.conf
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-client.conf.
See documentation for further details.
'';
};
};
helperd = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Enable the BeeGFS helperd.
The helpered is need for logging purposes on the client.
Disabling <literal>helperd</literal> allows for runing the client
with <literal>allowUnfree = false</literal>.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-helperd.conf. See documentation
for further details.
'';
};
};
mgmtd = {
enable = mkEnableOption "BeeGFS mgmtd daemon";
storeDir = mkOption {
type = types.path;
default = null;
example = "/data/beegfs-mgmtd";
description = ''
Data directory for mgmtd.
Must not be shared with other beegfs daemons.
This directory must exist and it must be initialized
with beegfs-setup-mgmtd, e.g. "beegfs-setup-mgmtd -C -p &lt;storeDir&gt;"
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-mgmtd.conf. See documentation
for further details.
'';
};
};
admon = {
enable = mkEnableOption "BeeGFS admon daemon";
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional lines for beegfs-admon.conf. See documentation
for further details.
'';
};
};
meta = {
enable = mkEnableOption "BeeGFS meta data daemon";
storeDir = mkOption {
type = types.path;
default = null;
example = "/data/beegfs-meta";
description = ''
Data directory for meta data service.
Must not be shared with other beegfs daemons.
The underlying filesystem must be mounted with xattr turned on.
This directory must exist and it must be initialized
with beegfs-setup-meta, e.g.
"beegfs-setup-meta -C -s &lt;serviceID&gt; -p &lt;storeDir&gt;"
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Additional lines for beegfs-meta.conf. See documentation
for further details.
'';
};
};
storage = {
enable = mkEnableOption "BeeGFS storage daemon";
storeDir = mkOption {
type = types.path;
default = null;
example = "/data/beegfs-storage";
description = ''
Data directories for storage service.
Must not be shared with other beegfs daemons.
The underlying filesystem must be mounted with xattr turned on.
This directory must exist and it must be initialized
with beegfs-setup-storage, e.g.
"beegfs-setup-storage -C -s &lt;serviceID&gt; -i &lt;storageTargetID&gt; -p &lt;storeDir&gt;"
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Addional lines for beegfs-storage.conf. See documentation
for further details.
'';
};
};
};
}));
};
};
###### implementation
config =
mkIf config.services.beegfsEnable {
environment.systemPackages = utilWrappers;
# Put the client.conf files in /etc since they are needed
# by the commandline tools
environment.etc = mapAttrs' ( name: cfg:
(nameValuePair "beegfs/client-${name}.conf" (mkIf (cfg.client.enable)
{
enable = true;
text = configClient name cfg;
}))) cfg;
# Kernel module, we need it only once per host.
boot = mkIf (
foldr (a: b: a || b) false
(map (x: x.client.enable) (collect (x: x ? client) cfg)))
{
kernelModules = [ "beegfs" ];
extraModulePackages = [ pkgs.linuxPackages.beegfs-module ];
};
# generate fstab entries
fileSystems = mapAttrs' (name: cfg:
(nameValuePair cfg.client.mountPoint (optionalAttrs cfg.client.mount (mkIf cfg.client.enable {
device = "beegfs_nodev";
fsType = "beegfs";
mountPoint = cfg.client.mountPoint;
options = [ "cfgFile=${configClientFilename name}" "_netdev" ];
})))) cfg;
# generate systemd services
systemd.services = systemdHelperd //
foldr (a: b: a // b) {}
(map (x: systemdEntry x.service x.cfgFile) serviceList);
};
}

10
nixos/modules/services/networking/connman.nix
View File

@ -4,7 +4,7 @@ with pkgs;
with lib;
let
cfg = config.networking.connman;
cfg = config.services.connman;
configFile = pkgs.writeText "connman.conf" ''
[General]
NetworkInterfaceBlacklist=${concatStringsSep "," cfg.networkInterfaceBlacklist}
@ -17,7 +17,7 @@ in {
options = {
networking.connman = {
services.connman = {
enable = mkOption {
type = types.bool;
@ -71,13 +71,13 @@ in {
assertions = [{
assertion = !config.networking.useDHCP;
message = "You can not use services.networking.connman with services.networking.useDHCP";
message = "You can not use services.connman with networking.useDHCP";
}{
assertion = config.networking.wireless.enable;
message = "You must use services.networking.connman with services.networking.wireless";
message = "You must use services.connman with networking.wireless";
}{
assertion = !config.networking.networkmanager.enable;
message = "You can not use services.networking.connman with services.networking.networkmanager";
message = "You can not use services.connman with networking.networkmanager";
}];
environment.systemPackages = [ connman ];

2
nixos/modules/services/networking/znc/default.nix
View File

@ -239,7 +239,7 @@ in
services.znc = {
configFile = mkDefault (pkgs.writeText "znc-generated.conf" semanticString);
config = {
Version = (builtins.parseDrvName pkgs.znc.name).version;
Version = lib.getVersion pkgs.znc;
Listener.l.Port = mkDefault 5000;
Listener.l.SSL = mkDefault true;
};

4
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -47,8 +47,8 @@ let
grub = f grub;
grubTarget = f (grub.grubTarget or "");
shell = "${pkgs.runtimeShell}";
fullName = (builtins.parseDrvName realGrub.name).name;
fullVersion = (builtins.parseDrvName realGrub.name).version;
fullName = lib.getName realGrub;
fullVersion = lib.getVersion realGrub;
grubEfi = f grubEfi;
grubTargetEfi = if cfg.efiSupport && (cfg.version == 2) then f (grubEfi.grubTarget or "") else "";
bootPath = args.path;

2
nixos/modules/system/boot/networkd.nix
View File

@ -924,6 +924,8 @@ in
config = mkIf config.systemd.network.enable {
users.users.systemd-network.group = "systemd-network";
systemd.additionalUpstreamSystemUnits = [
"systemd-networkd.service" "systemd-networkd-wait-online.service"
];

2
nixos/modules/system/boot/resolved.nix
View File

@ -136,6 +136,8 @@ in
}
];
users.users.resolved.group = "systemd-resolve";
systemd.additionalUpstreamSystemUnits = [
"systemd-resolved.service"
];

5
nixos/modules/system/boot/timesyncd.nix
View File

@ -50,7 +50,10 @@ with lib;
${config.services.timesyncd.extraConfig}
'';
users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync;
users.users.systemd-timesync = {
uid = config.ids.uids.systemd-timesync;
group = "systemd-timesync";
};
users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") ''

2
nixos/modules/virtualisation/containers.nix
View File

@ -149,7 +149,7 @@ let
--setenv PATH="$PATH" \
${optionalString cfg.ephemeral "--ephemeral"} \
${if cfg.additionalCapabilities != null && cfg.additionalCapabilities != [] then
''--capability="${concatStringsSep " " cfg.additionalCapabilities}"'' else ""
''--capability="${concatStringsSep "," cfg.additionalCapabilities}"'' else ""
} \
${if cfg.tmpfs != null && cfg.tmpfs != [] then
''--tmpfs=${concatStringsSep " --tmpfs=" cfg.tmpfs}'' else ""

197
nixos/modules/virtualisation/digital-ocean-config.nix Normal file
View File

@ -0,0 +1,197 @@
{ config, pkgs, lib, modulesPath, ... }:
with lib;
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/virtualisation/digital-ocean-init.nix")
];
options.virtualisation.digitalOcean = with types; {
setRootPassword = mkOption {
type = bool;
default = false;
example = true;
description = "Whether to set the root password from the Digital Ocean metadata";
};
setSshKeys = mkOption {
type = bool;
default = true;
example = true;
description = "Whether to fetch ssh keys from Digital Ocean";
};
seedEntropy = mkOption {
type = bool;
default = true;
example = true;
description = "Whether to run the kernel RNG entropy seeding script from the Digital Ocean vendor data";
};
};
config =
let
cfg = config.virtualisation.digitalOcean;
hostName = config.networking.hostName;
doMetadataFile = "/run/do-metadata/v1.json";
in mkMerge [{
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
boot = {
growPartition = true;
kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
initrd.kernelModules = [ "virtio_scsi" ];
kernelModules = [ "virtio_pci" "virtio_net" ];
loader = {
grub.device = "/dev/vda";
timeout = 0;
grub.configurationLimit = 0;
};
};
services.openssh = {
enable = mkDefault true;
passwordAuthentication = mkDefault false;
};
services.do-agent.enable = mkDefault true;
networking = {
hostName = mkDefault ""; # use Digital Ocean metadata server
};
/* Check for and wait for the metadata server to become reachable.
* This serves as a dependency for all the other metadata services. */
systemd.services.digitalocean-metadata = {
path = [ pkgs.curl ];
description = "Get host metadata provided by Digitalocean";
script = ''
set -eu
DO_DELAY_ATTEMPTS=0
while ! curl -fsSL -o $RUNTIME_DIRECTORY/v1.json http://169.254.169.254/metadata/v1.json; do
DO_DELAY_ATTEMPTS=$((DO_DELAY_ATTEMPTS + 1))
if (( $DO_DELAY_ATTEMPTS >= $DO_DELAY_ATTEMPTS_MAX )); then
echo "giving up"
exit 1
fi
echo "metadata unavailable, trying again in 1s..."
sleep 1
done
chmod 600 $RUNTIME_DIRECTORY/v1.json
'';
environment = {
DO_DELAY_ATTEMPTS_MAX = "10";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
RuntimeDirectory = "do-metadata";
RuntimeDirectoryPreserve = "yes";
};
unitConfig = {
ConditionPathExists = "!${doMetadataFile}";
After = [ "network-pre.target" ] ++
optional config.networking.dhcpcd.enable "dhcpcd.service" ++
optional config.systemd.network.enable "systemd-networkd.service";
};
};
/* Fetch the root password from the digital ocean metadata.
* There is no specific route for this, so we use jq to get
* it from the One Big JSON metadata blob */
systemd.services.digitalocean-set-root-password = mkIf cfg.setRootPassword {
path = [ pkgs.shadow pkgs.jq ];
description = "Set root password provided by Digitalocean";
wantedBy = [ "multi-user.target" ];
script = ''
set -eo pipefail
ROOT_PASSWORD=$(jq -er '.auth_key' ${doMetadataFile})
echo "root:$ROOT_PASSWORD" | chpasswd
mkdir -p /etc/do-metadata/set-root-password
'';
unitConfig = {
ConditionPathExists = "!/etc/do-metadata/set-root-password";
Before = optional config.services.openssh.enable "sshd.service";
After = [ "digitalocean-metadata.service" ];
Requires = [ "digitalocean-metadata.service" ];
};
serviceConfig = {
Type = "oneshot";
};
};
/* Set the hostname from Digital Ocean, unless the user configured it in
* the NixOS configuration. The cached metadata file isn't used here
* because the hostname is a mutable part of the droplet. */
systemd.services.digitalocean-set-hostname = mkIf (hostName == "") {
path = [ pkgs.curl pkgs.nettools ];
description = "Set hostname provided by Digitalocean";
wantedBy = [ "network.target" ];
script = ''
set -e
DIGITALOCEAN_HOSTNAME=$(curl -fsSL http://169.254.169.254/metadata/v1/hostname)
hostname "$DIGITALOCEAN_HOSTNAME"
if [[ ! -e /etc/hostname || -w /etc/hostname ]]; then
printf "%s\n" "$DIGITALOCEAN_HOSTNAME" > /etc/hostname
fi
'';
unitConfig = {
Before = [ "network.target" ];
After = [ "digitalocean-metadata.service" ];
Wants = [ "digitalocean-metadata.service" ];
};
serviceConfig = {
Type = "oneshot";
};
};
/* Fetch the ssh keys for root from Digital Ocean */
systemd.services.digitalocean-ssh-keys = mkIf cfg.setSshKeys {
description = "Set root ssh keys provided by Digital Ocean";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.jq ];
script = ''
set -e
mkdir -m 0700 -p /root/.ssh
jq -er '.public_keys[]' ${doMetadataFile} > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
unitConfig = {
ConditionPathExists = "!/root/.ssh/authorized_keys";
Before = optional config.services.openssh.enable "sshd.service";
After = [ "digitalocean-metadata.service" ];
Requires = [ "digitalocean-metadata.service" ];
};
};
/* Initialize the RNG by running the entropy-seed script from the
* Digital Ocean metadata
*/
systemd.services.digitalocean-entropy-seed = mkIf cfg.seedEntropy {
description = "Run the kernel RNG entropy seeding script from the Digital Ocean vendor data";
wantedBy = [ "network.target" ];
path = [ pkgs.jq pkgs.mpack ];
script = ''
set -eo pipefail
TEMPDIR=$(mktemp -d)
jq -er '.vendor_data' ${doMetadataFile} | munpack -tC $TEMPDIR
ENTROPY_SEED=$(grep -rl "DigitalOcean Entropy Seed script" $TEMPDIR)
${pkgs.runtimeShell} $ENTROPY_SEED
rm -rf $TEMPDIR
'';
unitConfig = {
Before = [ "network.target" ];
After = [ "digitalocean-metadata.service" ];
Requires = [ "digitalocean-metadata.service" ];
};
serviceConfig = {
Type = "oneshot";
};
};
}
];
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

69
nixos/modules/virtualisation/digital-ocean-image.nix Normal file
View File

@ -0,0 +1,69 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.digitalOceanImage;
in
{
imports = [ ./digital-ocean-config.nix ];
options = {
virtualisation.digitalOceanImage.diskSize = mkOption {
type = with types; int;
default = 4096;
description = ''
Size of disk image. Unit is MB.
'';
};
virtualisation.digitalOceanImage.configFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
A path to a configuration file which will be placed at
<literal>/etc/nixos/configuration.nix</literal> and be used when switching
to a new configuration. If set to <literal>null</literal>, a default
configuration is used that imports
<literal>(modulesPath + "/virtualisation/digital-ocean-config.nix")</literal>.
'';
};
virtualisation.digitalOceanImage.compressionMethod = mkOption {
type = types.enum [ "gzip" "bzip2" ];
default = "gzip";
example = "bzip2";
description = ''
Disk image compression method. Choose bzip2 to generate smaller images that
take longer to generate but will consume less metered storage space on your
Digital Ocean account.
'';
};
};
#### implementation
config = {
system.build.digitalOceanImage = import ../../lib/make-disk-image.nix {
name = "digital-ocean-image";
format = "qcow2";
postVM = let
compress = {
"gzip" = "${pkgs.gzip}/bin/gzip";
"bzip2" = "${pkgs.bzip2}/bin/bzip2";
}.${cfg.compressionMethod};
in ''
${compress} $diskImage
'';
configFile = if cfg.configFile == null
then config.virtualisation.digitalOcean.defaultConfigFile
else cfg.configFile;
inherit (cfg) diskSize;
inherit config lib pkgs;
};
};
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

95
nixos/modules/virtualisation/digital-ocean-init.nix Normal file
View File

@ -0,0 +1,95 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.virtualisation.digitalOcean;
defaultConfigFile = pkgs.writeText "digitalocean-configuration.nix" ''
{ modulesPath, lib, ... }:
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
];
}
'';
in {
options.virtualisation.digitalOcean.rebuildFromUserData = mkOption {
type = types.bool;
default = true;
example = true;
description = "Whether to reconfigure the system from Digital Ocean user data";
};
options.virtualisation.digitalOcean.defaultConfigFile = mkOption {
type = types.path;
default = defaultConfigFile;
defaultText = ''
The default configuration imports user-data if applicable and
<literal>(modulesPath + "/virtualisation/digital-ocean-config.nix")</literal>.
'';
description = ''
A path to a configuration file which will be placed at
<literal>/etc/nixos/configuration.nix</literal> and be used when switching to
a new configuration.
'';
};
config = {
systemd.services.digitalocean-init = mkIf cfg.rebuildFromUserData {
description = "Reconfigure the system from Digital Ocean userdata on startup";
wantedBy = [ "network-online.target" ];
unitConfig = {
ConditionPathExists = "!/etc/nixos/do-userdata.nix";
After = [ "digitalocean-metadata.service" "network-online.target" ];
Requires = [ "digitalocean-metadata.service" ];
X-StopOnRemoval = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
restartIfChanged = false;
path = [ pkgs.jq pkgs.gnused pkgs.gnugrep pkgs.systemd config.nix.package config.system.build.nixos-rebuild ];
environment = {
HOME = "/root";
NIX_PATH = concatStringsSep ":" [
"/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
script = ''
set -e
echo "attempting to fetch configuration from Digital Ocean user data..."
userData=$(mktemp)
if jq -er '.user_data' /run/do-metadata/v1.json > $userData; then
# If the user-data looks like it could be a nix expression,
# copy it over. Also, look for a magic three-hash comment and set
# that as the channel.
if nix-instantiate --parse $userData > /dev/null; then
channels="$(grep '^###' "$userData" | sed 's|###\s*||')"
printf "%s" "$channels" | while read channel; do
echo "writing channel: $channel"
done
if [[ -n "$channels" ]]; then
printf "%s" "$channels" > /root/.nix-channels
nix-channel --update
fi
echo "setting configuration from Digital Ocean user data"
cp "$userData" /etc/nixos/do-userdata.nix
if [[ ! -e /etc/nixos/configuration.nix ]]; then
install -m0644 ${cfg.defaultConfigFile} /etc/nixos/configuration.nix
fi
else
echo "user data does not appear to be a Nix expression; ignoring"
exit
fi
nixos-rebuild switch
else
echo "no user data is available"
fi
'';
};
};
meta.maintainers = with maintainers; [ arianvp eamsden ];
}

13
nixos/modules/virtualisation/openvswitch.nix
View File

@ -42,6 +42,9 @@ in {
default = false;
description = ''
Whether to start racoon service for openvswitch.
Supported only if openvswitch version is less than 2.6.0.
Use <literal>virtualisation.vswitch.package = pkgs.openvswitch-lts</literal>
for a version that supports ipsec over GRE.
'';
};
};
@ -89,6 +92,13 @@ in {
"${cfg.package}/share/openvswitch/vswitch.ovsschema"
fi
chmod -R +w /var/db/openvswitch
if ${cfg.package}/bin/ovsdb-tool needs-conversion /var/db/openvswitch/conf.db | grep -q "yes"
then
echo "Performing database upgrade"
${cfg.package}/bin/ovsdb-tool convert /var/db/openvswitch/conf.db
else
echo "Database already up to date"
fi
'';
serviceConfig = {
ExecStart =
@ -133,7 +143,7 @@ in {
};
}
(mkIf cfg.ipsec {
(mkIf (cfg.ipsec && (versionOlder cfg.package.version "2.6.0")) {
services.racoon.enable = true;
services.racoon.configPath = "${runDir}/ipsec/etc/racoon/racoon.conf";
@ -172,5 +182,4 @@ in {
'';
};
})]));
}

2
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -620,7 +620,7 @@ in
# Wireless won't work in the VM.
networking.wireless.enable = mkVMOverride false;
networking.connman.enable = mkVMOverride false;
services.connman.enable = mkVMOverride false;
# Speed up booting by not waiting for ARP.
networking.dhcpcd.extraConfig = "noarp";

3
nixos/tests/all-tests.nix
View File

@ -28,7 +28,7 @@ in
babeld = handleTest ./babeld.nix {};
bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64
beanstalkd = handleTest ./beanstalkd.nix {};
beegfs = handleTestOn ["x86_64-linux"] ./beegfs.nix {}; # beegfs is unsupported on aarch64
bees = handleTest ./bees.nix {};
bind = handleTest ./bind.nix {};
bittorrent = handleTest ./bittorrent.nix {};
#blivet = handleTest ./blivet.nix {}; # broken since 2017-07024
@ -206,7 +206,6 @@ in
openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};
orangefs = handleTest ./orangefs.nix {};
os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {};
osquery = handleTest ./osquery.nix {};
osrm-backend = handleTest ./osrm-backend.nix {};
overlayfs = handleTest ./overlayfs.nix {};
packagekit = handleTest ./packagekit.nix {};

115
nixos/tests/beegfs.nix
View File

@ -1,115 +0,0 @@
import ./make-test.nix ({ ... } :
let
connAuthFile="beegfs/auth-def.key";
client = { pkgs, ... } : {
networking.firewall.enable = false;
services.beegfsEnable = true;
services.beegfs.default = {
mgmtdHost = "mgmt";
connAuthFile = "/etc/${connAuthFile}";
client = {
mount = false;
enable = true;
};
};
fileSystems = pkgs.lib.mkVMOverride # FIXME: this should be creatd by the module
[ { mountPoint = "/beegfs";
device = "default";
fsType = "beegfs";
options = [ "cfgFile=/etc/beegfs/client-default.conf" "_netdev" ];
}
];
environment.etc.${connAuthFile} = {
enable = true;
text = "ThisIsALousySecret";
mode = "0600";
};
};
server = service : { pkgs, ... } : {
networking.firewall.enable = false;
boot.initrd.postDeviceCommands = ''
${pkgs.e2fsprogs}/bin/mkfs.ext4 -L data /dev/vdb
'';
virtualisation.emptyDiskImages = [ 4096 ];
fileSystems = pkgs.lib.mkVMOverride
[ { mountPoint = "/data";
device = "/dev/disk/by-label/data";
fsType = "ext4";
}
];
environment.systemPackages = with pkgs; [ beegfs ];
environment.etc.${connAuthFile} = {
enable = true;
text = "ThisIsALousySecret";
mode = "0600";
};
services.beegfsEnable = true;
services.beegfs.default = {
mgmtdHost = "mgmt";
connAuthFile = "/etc/${connAuthFile}";
${service} = {
enable = true;
storeDir = "/data";
};
};
};
in
{
name = "beegfs";
nodes = {
meta = server "meta";
mgmt = server "mgmtd";
storage1 = server "storage";
storage2 = server "storage";
client1 = client;
client2 = client;
};
testScript = ''
# Initalize the data directories
$mgmt->waitForUnit("default.target");
$mgmt->succeed("beegfs-setup-mgmtd -C -f -p /data");
$mgmt->succeed("systemctl start beegfs-mgmtd-default");
$meta->waitForUnit("default.target");
$meta->succeed("beegfs-setup-meta -C -f -s 1 -p /data");
$meta->succeed("systemctl start beegfs-meta-default");
$storage1->waitForUnit("default.target");
$storage1->succeed("beegfs-setup-storage -C -f -s 1 -i 1 -p /data");
$storage1->succeed("systemctl start beegfs-storage-default");
$storage2->waitForUnit("default.target");
$storage2->succeed("beegfs-setup-storage -C -f -s 2 -i 2 -p /data");
$storage2->succeed("systemctl start beegfs-storage-default");
#
# Basic test
$client1->waitForUnit("beegfs.mount");
$client1->succeed("beegfs-check-servers-default");
$client1->succeed("echo test > /beegfs/test");
$client2->waitForUnit("beegfs.mount");
$client2->succeed("test -e /beegfs/test");
$client2->succeed("cat /beegfs/test | grep test");
# test raid0/stripping
$client1->succeed("dd if=/dev/urandom bs=1M count=10 of=/beegfs/striped");
$client2->succeed("cat /beegfs/striped > /dev/null");
# check if fs is still healthy
$client1->succeed("beegfs-fsck-default --checkfs");
'';
})

37
nixos/tests/bees.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ lib, ... }:
import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "bees";
@ -29,27 +29,34 @@ import ./make-test.nix ({ lib, ... }:
testScript =
let
withRetry = content: maxTests: sleepTime: ''
max_tests=${lib.escapeShellArg maxTests}; sleep_time=${lib.escapeShellArg sleepTime}; for ((i=0; i<max_tests; i++)); do ${content} && exit 0; sleep "$sleep_time"; done; exit 1;
someContentIsShared = loc: pkgs.writeShellScript "some-content-is-shared" ''
[[ $(btrfs fi du -s --raw ${lib.escapeShellArg loc}/dedup-me-{1,2} | awk 'BEGIN { count=0; } NR>1 && $3 == 0 { count++ } END { print count }') -eq 0 ]]
'';
someContentIsShared = loc: ''[[ $(btrfs fi du -s --raw ${lib.escapeShellArg loc}/dedup-me-{1,2} | awk 'BEGIN { count=0; } NR>1 && $3 == 0 { count++ } END { print count }') -eq 0 ]]'';
in ''
# shut down the instance started by systemd at boot, so we can test our test procedure
$machine->succeed("systemctl stop beesd\@aux1.service");
machine.succeed("systemctl stop beesd@aux1.service")
$machine->succeed("dd if=/dev/urandom of=/aux1/dedup-me-1 bs=1M count=8");
$machine->succeed("cp --reflink=never /aux1/dedup-me-1 /aux1/dedup-me-2");
$machine->succeed("cp --reflink=never /aux1/* /aux2/");
$machine->succeed("sync");
$machine->fail(q(${someContentIsShared "/aux1"}));
$machine->fail(q(${someContentIsShared "/aux2"}));
$machine->succeed("systemctl start beesd\@aux1.service");
machine.succeed(
"dd if=/dev/urandom of=/aux1/dedup-me-1 bs=1M count=8",
"cp --reflink=never /aux1/dedup-me-1 /aux1/dedup-me-2",
"cp --reflink=never /aux1/* /aux2/",
"sync",
)
machine.fail(
"${someContentIsShared "/aux1"}",
"${someContentIsShared "/aux2"}",
)
machine.succeed("systemctl start beesd@aux1.service")
# assert that "Set Shared" column is nonzero
$machine->succeed(q(${withRetry (someContentIsShared "/aux1") 20 2}));
$machine->fail(q(${someContentIsShared "/aux2"}));
machine.wait_until_succeeds(
"${someContentIsShared "/aux1"}",
)
machine.fail("${someContentIsShared "/aux2"}")
# assert that 16MB hash table size requested was honored
$machine->succeed(q([[ $(stat -c %s /aux1/.beeshome/beeshash.dat) = $(( 16 * 1024 * 1024)) ]]))
machine.succeed(
"[[ $(stat -c %s /aux1/.beeshome/beeshash.dat) = $(( 16 * 1024 * 1024)) ]]"
)
'';
})

26
nixos/tests/codimd.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "codimd";
@ -35,20 +35,18 @@ import ./make-test.nix ({ pkgs, lib, ... }:
};
testScript = ''
startAll();
start_all()
subtest "CodiMD sqlite", sub {
$codimdSqlite->waitForUnit("codimd.service");
$codimdSqlite->waitForOpenPort(3000);
$codimdSqlite->waitUntilSucceeds("curl -sSf http://localhost:3000/new");
};
with subtest("CodiMD sqlite"):
codimdSqlite.wait_for_unit("codimd.service")
codimdSqlite.wait_for_open_port(3000)
codimdSqlite.wait_until_succeeds("curl -sSf http://localhost:3000/new")
subtest "CodiMD postgres", sub {
$codimdPostgres->waitForUnit("postgresql.service");
$codimdPostgres->waitForUnit("codimd.service");
$codimdPostgres->waitForOpenPort(5432);
$codimdPostgres->waitForOpenPort(3000);
$codimdPostgres->waitUntilSucceeds("curl -sSf http://localhost:3000/new");
};
with subtest("CodiMD postgres"):
codimdPostgres.wait_for_unit("postgresql.service")
codimdPostgres.wait_for_unit("codimd.service")
codimdPostgres.wait_for_open_port(5432)
codimdPostgres.wait_for_open_port(3000)
codimdPostgres.wait_until_succeeds("curl -sSf http://localhost:3000/new")
'';
})

50
nixos/tests/docker-registry.nix
View File

@ -1,6 +1,6 @@
# This test runs docker-registry and check if it works
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "docker-registry";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ globin ma27 ironpinguin ];
@ -28,36 +28,34 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
$client1->start();
$client1->waitForUnit("docker.service");
$client1->succeed("tar cv --files-from /dev/null | docker import - scratch");
$client1->succeed("docker tag scratch registry:8080/scratch");
client1.start()
client1.wait_for_unit("docker.service")
client1.succeed("tar cv --files-from /dev/null | docker import - scratch")
client1.succeed("docker tag scratch registry:8080/scratch")
$registry->start();
$registry->waitForUnit("docker-registry.service");
$registry->waitForOpenPort("8080");
$client1->succeed("docker push registry:8080/scratch");
registry.start()
registry.wait_for_unit("docker-registry.service")
registry.wait_for_open_port("8080")
client1.succeed("docker push registry:8080/scratch")
$client2->start();
$client2->waitForUnit("docker.service");
$client2->succeed("docker pull registry:8080/scratch");
$client2->succeed("docker images | grep scratch");
client2.start()
client2.wait_for_unit("docker.service")
client2.succeed("docker pull registry:8080/scratch")
client2.succeed("docker images | grep scratch")
$client2->succeed(
'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')'
);
client2.succeed(
"curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H\"Accept: application/vnd.docker.distribution.manifest.v2+json\" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e 's/Docker-Content-Digest: //' | tr -d '\\r')"
)
$registry->systemctl("start docker-registry-garbage-collect.service");
$registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service");
$registry->waitForUnit("docker-registry.service");
registry.systemctl("start docker-registry-garbage-collect.service")
registry.wait_until_fails("systemctl status docker-registry-garbage-collect.service")
registry.wait_for_unit("docker-registry.service")
$registry->fail(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
registry.fail("ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data")
$client1->succeed("docker push registry:8080/scratch");
$registry->succeed(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
client1.succeed("docker push registry:8080/scratch")
registry.succeed(
"ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data"
)
'';
})

43
nixos/tests/etcd-cluster.nix
View File

@ -1,6 +1,6 @@
# This test runs simple etcd cluster
import ./make-test.nix ({ pkgs, ... } : let
import ./make-test-python.nix ({ pkgs, ... } : let
runWithOpenSSL = file: cmd: pkgs.runCommand file {
buildInputs = [ pkgs.openssl ];
@ -129,29 +129,26 @@ in {
};
testScript = ''
subtest "should start etcd cluster", sub {
$node1->start();
$node2->start();
$node1->waitForUnit("etcd.service");
$node2->waitForUnit("etcd.service");
$node2->waitUntilSucceeds("etcdctl cluster-health");
$node1->succeed("etcdctl set /foo/bar 'Hello world'");
$node2->succeed("etcdctl get /foo/bar | grep 'Hello world'");
};
with subtest("should start etcd cluster"):
node1.start()
node2.start()
node1.wait_for_unit("etcd.service")
node2.wait_for_unit("etcd.service")
node2.wait_until_succeeds("etcdctl cluster-health")
node1.succeed("etcdctl set /foo/bar 'Hello world'")
node2.succeed("etcdctl get /foo/bar | grep 'Hello world'")
subtest "should add another member", sub {
$node1->waitUntilSucceeds("etcdctl member add node3 https://node3:2380");
$node3->start();
$node3->waitForUnit("etcd.service");
$node3->waitUntilSucceeds("etcdctl member list | grep 'node3'");
$node3->succeed("etcdctl cluster-health");
};
with subtest("should add another member"):
node1.wait_until_succeeds("etcdctl member add node3 https://node3:2380")
node3.start()
node3.wait_for_unit("etcd.service")
node3.wait_until_succeeds("etcdctl member list | grep 'node3'")
node3.succeed("etcdctl cluster-health")
subtest "should survive member crash", sub {
$node3->crash;
$node1->succeed("etcdctl cluster-health");
$node1->succeed("etcdctl set /foo/bar 'Hello degraded world'");
$node1->succeed("etcdctl get /foo/bar | grep 'Hello degraded world'");
};
with subtest("should survive member crash"):
node3.crash()
node1.succeed("etcdctl cluster-health")
node1.succeed("etcdctl set /foo/bar 'Hello degraded world'")
node1.succeed("etcdctl get /foo/bar | grep 'Hello degraded world'")
'';
})

16
nixos/tests/etcd.nix
View File

@ -1,6 +1,6 @@
# This test runs simple etcd node
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "etcd";
meta = with pkgs.stdenv.lib.maintainers; {
@ -14,14 +14,12 @@ import ./make-test.nix ({ pkgs, ... } : {
};
testScript = ''
subtest "should start etcd node", sub {
$node->start();
$node->waitForUnit("etcd.service");
};
with subtest("should start etcd node"):
node.start()
node.wait_for_unit("etcd.service")
subtest "should write and read some values to etcd", sub {
$node->succeed("etcdctl set /foo/bar 'Hello world'");
$node->succeed("etcdctl get /foo/bar | grep 'Hello world'");
}
with subtest("should write and read some values to etcd"):
node.succeed("etcdctl set /foo/bar 'Hello world'")
node.succeed("etcdctl get /foo/bar | grep 'Hello world'")
'';
})

89
nixos/tests/gitolite.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...}:
import ./make-test-python.nix ({ pkgs, ...}:
let
adminPrivateKey = pkgs.writeText "id_ed25519" ''
@ -43,7 +43,7 @@ let
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
'';
gitoliteAdminConfSnippet = ''
gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
repo alice-project
RW+ = alice
'';
@ -85,55 +85,54 @@ in
};
testScript = ''
startAll;
start_all()
subtest "can setup ssh keys on system", sub {
$client->mustSucceed("mkdir -p ~root/.ssh");
$client->mustSucceed("cp ${adminPrivateKey} ~root/.ssh/id_ed25519");
$client->mustSucceed("chmod 600 ~root/.ssh/id_ed25519");
with subtest("can setup ssh keys on system"):
client.succeed(
"mkdir -p ~root/.ssh",
"cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
"chmod 600 ~root/.ssh/id_ed25519",
)
client.succeed(
"sudo -u alice mkdir -p ~alice/.ssh",
"sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
"sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
)
client.succeed(
"sudo -u bob mkdir -p ~bob/.ssh",
"sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
"sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
)
$client->mustSucceed("sudo -u alice mkdir -p ~alice/.ssh");
$client->mustSucceed("sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519");
$client->mustSucceed("sudo -u alice chmod 600 ~alice/.ssh/id_ed25519");
with subtest("gitolite server starts"):
server.wait_for_unit("gitolite-init.service")
server.wait_for_unit("sshd.service")
client.succeed("ssh gitolite@server info")
$client->mustSucceed("sudo -u bob mkdir -p ~bob/.ssh");
$client->mustSucceed("sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519");
$client->mustSucceed("sudo -u bob chmod 600 ~bob/.ssh/id_ed25519");
};
with subtest("admin can clone and configure gitolite-admin.git"):
client.succeed(
"git clone gitolite@server:gitolite-admin.git",
"git config --global user.name 'System Administrator'",
"git config --global user.email root\@domain.example",
"cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
"cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
"(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
"cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
"(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
)
subtest "gitolite server starts", sub {
$server->waitForUnit("gitolite-init.service");
$server->waitForUnit("sshd.service");
$client->mustSucceed('ssh gitolite@server info');
};
with subtest("non-admins cannot clone gitolite-admin.git"):
client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
subtest "admin can clone and configure gitolite-admin.git", sub {
$client->mustSucceed('git clone gitolite@server:gitolite-admin.git');
$client->mustSucceed("git config --global user.name 'System Administrator'");
$client->mustSucceed("git config --global user.email root\@domain.example");
$client->mustSucceed("cp ${alicePublicKey} gitolite-admin/keydir/alice.pub");
$client->mustSucceed("cp ${bobPublicKey} gitolite-admin/keydir/bob.pub");
$client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add keys for alice, bob" && git push)');
$client->mustSucceed("printf '${gitoliteAdminConfSnippet}' >> gitolite-admin/conf/gitolite.conf");
$client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add repo for alice" && git push)');
};
with subtest("non-admins can clone testing.git"):
client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
subtest "non-admins cannot clone gitolite-admin.git", sub {
$client->mustFail('sudo -i -u alice git clone gitolite@server:gitolite-admin.git');
$client->mustFail('sudo -i -u bob git clone gitolite@server:gitolite-admin.git');
};
with subtest("alice can clone alice-project.git"):
client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
subtest "non-admins can clone testing.git", sub {
$client->mustSucceed('sudo -i -u alice git clone gitolite@server:testing.git');
$client->mustSucceed('sudo -i -u bob git clone gitolite@server:testing.git');
};
subtest "alice can clone alice-project.git", sub {
$client->mustSucceed('sudo -i -u alice git clone gitolite@server:alice-project.git');
};
subtest "bob cannot clone alice-project.git", sub {
$client->mustFail('sudo -i -u bob git clone gitolite@server:alice-project.git');
};
with subtest("bob cannot clone alice-project.git"):
client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
'';
})

54
nixos/tests/google-oslogin/default.nix
View File

@ -1,7 +1,14 @@
import ../make-test.nix ({ pkgs, ... } :
import ../make-test-python.nix ({ pkgs, ... } :
let
inherit (import ./../ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
# don't check host keys or known hosts, use the snakeoil ssh key
ssh-config = builtins.toFile "ssh.conf" ''
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
IdentityFile=~/.ssh/id_snakeoil
'';
in {
name = "google-oslogin";
meta = with pkgs.stdenv.lib.maintainers; {
@ -15,38 +22,49 @@ in {
client = { ... }: {};
};
testScript = ''
startAll;
start_all()
$server->waitForUnit("mock-google-metadata.service");
$server->waitForOpenPort(80);
server.wait_for_unit("mock-google-metadata.service")
server.wait_for_open_port(80)
# mockserver should return a non-expired ssh key for both mockuser and mockadmin
$server->succeed('${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockuser | grep -q "${snakeOilPublicKey}"');
$server->succeed('${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockadmin | grep -q "${snakeOilPublicKey}"');
server.succeed(
'${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockuser | grep -q "${snakeOilPublicKey}"'
)
server.succeed(
'${pkgs.google-compute-engine-oslogin}/bin/google_authorized_keys mockadmin | grep -q "${snakeOilPublicKey}"'
)
# install snakeoil ssh key on the client
$client->succeed("mkdir -p ~/.ssh");
$client->succeed("cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil");
$client->succeed("chmod 600 ~/.ssh/id_snakeoil");
# install snakeoil ssh key on the client, and provision .ssh/config file
client.succeed("mkdir -p ~/.ssh")
client.succeed(
"cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil"
)
client.succeed("chmod 600 ~/.ssh/id_snakeoil")
client.succeed("cp ${ssh-config} ~/.ssh/config")
$client->waitForUnit("network.target");
$server->waitForUnit("sshd.service");
client.wait_for_unit("network.target")
server.wait_for_unit("sshd.service")
# we should not be able to connect as non-existing user
$client->fail("ssh -o User=ghost -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil 'true'");
client.fail("ssh ghost@server 'true'")
# we should be able to connect as mockuser
$client->succeed("ssh -o User=mockuser -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil 'true'");
client.succeed("ssh mockuser@server 'true'")
# but we shouldn't be able to sudo
$client->fail("ssh -o User=mockuser -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'");
client.fail(
"ssh mockuser@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'"
)
# we should also be able to log in as mockadmin
$client->succeed("ssh -o User=mockadmin -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil 'true'");
client.succeed("ssh mockadmin@server 'true'")
# pam_oslogin_admin.so should now have generated a sudoers file
$server->succeed("find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/mockadmin'");
server.succeed("find /run/google-sudoers.d | grep -q '/run/google-sudoers.d/mockadmin'")
# and we should be able to sudo
$client->succeed("ssh -o User=mockadmin -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server -i ~/.ssh/id_snakeoil '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'");
client.succeed(
"ssh mockadmin@server '/run/wrappers/bin/sudo /run/current-system/sw/bin/id' | grep -q 'root'"
)
'';
})

44
nixos/tests/gotify-server.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ...} : {
name = "gotify-server";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
@ -14,32 +14,32 @@ import ./make-test.nix ({ pkgs, lib, ...} : {
};
testScript = ''
startAll;
machine.start()
$machine->waitForUnit("gotify-server");
$machine->waitForOpenPort(3000);
machine.wait_for_unit("gotify-server.service")
machine.wait_for_open_port(3000)
my $token = $machine->succeed(
"curl --fail -sS -X POST localhost:3000/application -F name=nixos " .
'-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" ' .
'| jq .token | xargs echo -n'
);
token = machine.succeed(
"curl --fail -sS -X POST localhost:3000/application -F name=nixos "
+ '-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" '
+ "| jq .token | xargs echo -n"
)
my $usertoken = $machine->succeed(
"curl --fail -sS -X POST localhost:3000/client -F name=nixos " .
'-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" ' .
'| jq .token | xargs echo -n'
);
usertoken = machine.succeed(
"curl --fail -sS -X POST localhost:3000/client -F name=nixos "
+ '-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" '
+ "| jq .token | xargs echo -n"
)
$machine->succeed(
"curl --fail -sS -X POST 'localhost:3000/message?token=$token' -H 'Accept: application/json' " .
'-F title=Gotify -F message=Works'
);
machine.succeed(
f"curl --fail -sS -X POST 'localhost:3000/message?token={token}' -H 'Accept: application/json' "
+ "-F title=Gotify -F message=Works"
)
my $title = $machine->succeed(
"curl --fail -sS 'localhost:3000/message?since=0&token=$usertoken' | jq '.messages|.[0]|.title' | xargs echo -n"
);
title = machine.succeed(
f"curl --fail -sS 'localhost:3000/message?since=0&token={usertoken}' | jq '.messages|.[0]|.title' | xargs echo -n"
)
$title eq "Gotify" or die "Wrong title ($title), expected 'Gotify'!";
assert title == "Gotify"
'';
})

82
nixos/tests/graylog.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }: {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "graylog";
meta.maintainers = with lib.maintainers; [ ma27 ];
@ -64,48 +64,52 @@ import ./make-test.nix ({ pkgs, lib, ... }: {
facility = "Test";
});
in ''
$machine->start;
$machine->waitForUnit("graylog.service");
$machine->waitForOpenPort(9000);
$machine->succeed("curl -sSfL http://127.0.0.1:9000/");
machine.start()
machine.wait_for_unit("graylog.service")
machine.wait_for_open_port(9000)
machine.succeed("curl -sSfL http://127.0.0.1:9000/")
my $session = $machine->succeed("curl -X POST "
. "-sSfL http://127.0.0.1:9000/api/system/sessions "
. "-d \$(cat ${payloads.login}) "
. "-H 'Content-Type: application/json' "
. "-H 'Accept: application/json' "
. "-H 'x-requested-by: cli' "
. "| jq .session_id | xargs echo"
);
session = machine.succeed(
"curl -X POST "
+ "-sSfL http://127.0.0.1:9000/api/system/sessions "
+ "-d $(cat ${payloads.login}) "
+ "-H 'Content-Type: application/json' "
+ "-H 'Accept: application/json' "
+ "-H 'x-requested-by: cli' "
+ "| jq .session_id | xargs echo"
).rstrip()
chomp($session);
machine.succeed(
"curl -X POST "
+ f"-sSfL http://127.0.0.1:9000/api/system/inputs -u {session}:session "
+ '-d $(cat ${payloads.input} | sed -e "s,@node@,$(cat /var/lib/graylog/server/node-id),") '
+ "-H 'Accept: application/json' "
+ "-H 'Content-Type: application/json' "
+ "-H 'x-requested-by: cli' "
)
$machine->succeed("curl -X POST "
. "-sSfL http://127.0.0.1:9000/api/system/inputs -u $session:session "
. "-d \$(cat ${payloads.input} | sed -e \"s,\@node\@,\$(cat /var/lib/graylog/server/node-id),\") "
. "-H 'Accept: application/json' "
. "-H 'Content-Type: application/json' "
. "-H 'x-requested-by: cli' "
);
machine.wait_until_succeeds(
"test \"$(curl -sSfL 'http://127.0.0.1:9000/api/cluster/inputstates' "
+ f"-u {session}:session "
+ "-H 'Accept: application/json' "
+ "-H 'Content-Type: application/json' "
+ "-H 'x-requested-by: cli'"
+ "| jq 'to_entries[]|.value|.[0]|.state' | xargs echo"
+ ')" = "RUNNING"'
)
$machine->waitUntilSucceeds("test \"\$(curl -sSfL 'http://127.0.0.1:9000/api/cluster/inputstates' "
. "-u $session:session "
. "-H 'Accept: application/json' "
. "-H 'Content-Type: application/json' "
. "-H 'x-requested-by: cli'"
. "| jq 'to_entries[]|.value|.[0]|.state' | xargs echo"
. ")\" = \"RUNNING\""
);
machine.succeed(
"echo -n $(cat ${payloads.gelf_message}) | nc -w10 -u 127.0.0.1 12201"
)
$machine->succeed("echo -n \$(cat ${payloads.gelf_message}) | nc -w10 -u 127.0.0.1 12201");
$machine->succeed("test \"\$(curl -X GET "
. "-sSfL 'http://127.0.0.1:9000/api/search/universal/relative?query=*' "
. "-u $session:session "
. "-H 'Accept: application/json' "
. "-H 'Content-Type: application/json' "
. "-H 'x-requested-by: cli'"
. " | jq '.total_results' | xargs echo)\" = \"1\""
);
machine.succeed(
'test "$(curl -X GET '
+ "-sSfL 'http://127.0.0.1:9000/api/search/universal/relative?query=*' "
+ f"-u {session}:session "
+ "-H 'Accept: application/json' "
+ "-H 'Content-Type: application/json' "
+ "-H 'x-requested-by: cli'"
+ ' | jq \'.total_results\' | xargs echo)" = "1"'
)
'';
})

33
nixos/tests/influxdb.nix
View File

@ -1,6 +1,6 @@
# This test runs influxdb and checks if influxdb is up and running
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "influxdb";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ offline ];
@ -9,25 +9,32 @@ import ./make-test.nix ({ pkgs, ...} : {
nodes = {
one = { ... }: {
services.influxdb.enable = true;
environment.systemPackages = [ pkgs.httpie ];
};
};
testScript = ''
startAll;
$one->waitForUnit("influxdb.service");
import shlex
start_all()
one.wait_for_unit("influxdb.service")
# create database
$one->succeed(q~
curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE test"
~);
one.succeed(
"curl -XPOST http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE test'"
)
# write some points and run simple query
$one->succeed(q~
curl -XPOST 'http://localhost:8086/write?db=test' --data-binary 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'
~);
$one->succeed(q~
curl -GET 'http://localhost:8086/query' --data-urlencode "db=test" --data-urlencode "q=SELECT \"value\" FROM \"cpu_load_short\" WHERE \"region\"='us-west'" | grep "0\.64"
~);
out = one.succeed(
"curl -XPOST 'http://localhost:8086/write?db=test' --data-binary 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'"
)
qv = "SELECT value FROM cpu_load_short WHERE region='us-west'"
cmd = f'curl -GET "http://localhost:8086/query?db=test" --data-urlencode {shlex.quote("q="+ qv)}'
out = one.succeed(cmd)
assert "2015-06-11T20:46:02Z" in out
assert "0.64" in out
'';
})

19
nixos/tests/jenkins.nix
View File

@ -3,7 +3,7 @@
# 2. jenkins user can be extended on both master and slave
# 3. jenkins service not started on slave node
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "jenkins";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bjornfor coconnor domenkozar eelco ];
@ -33,18 +33,17 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all()
$master->waitForUnit("jenkins");
master.wait_for_unit("jenkins")
$master->mustSucceed("curl http://localhost:8080 | grep 'Authentication required'");
assert "Authentication required" in master.succeed("curl http://localhost:8080")
print $master->execute("sudo -u jenkins groups");
$master->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users");
for host in master, slave:
groups = host.succeed("sudo -u jenkins groups")
assert "jenkins" in groups
assert "users" in groups
print $slave->execute("sudo -u jenkins groups");
$slave->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users");
$slave->mustFail("systemctl is-enabled jenkins.service");
slave.fail("systemctl is-enabled jenkins.service")
'';
})

32
nixos/tests/minio.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} :
import ./make-test-python.nix ({ pkgs, ...} :
let
accessKey = "BKIKJAA5BMMU2RHO6IBB";
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
@ -18,7 +18,7 @@ let
sio.seek(0)
minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain')
'';
in {
in {
name = "minio";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bachp ];
@ -37,19 +37,19 @@ let
};
};
testScript =
''
startAll;
$machine->waitForUnit("minio.service");
$machine->waitForOpenPort(9000);
testScript = ''
start_all()
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(9000)
# Create a test bucket on the server
$machine->succeed("mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} S3v4");
$machine->succeed("mc mb minio/test-bucket");
$machine->succeed("${minioPythonScript}");
$machine->succeed("mc ls minio") =~ /test-bucket/ or die;
$machine->succeed("mc cat minio/test-bucket/test.txt") =~ /Test from Python/ or die;
$machine->shutdown;
'';
# Create a test bucket on the server
machine.succeed(
"mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} S3v4"
)
machine.succeed("mc mb minio/test-bucket")
machine.succeed("${minioPythonScript}")
assert "test-bucket" in machine.succeed("mc ls minio")
assert "Test from Python" in machine.succeed("mc cat minio/test-bucket/test.txt")
machine.shutdown()
'';
})

48
nixos/tests/mysql-backup.nix
View File

@ -1,5 +1,5 @@
# Test whether mysqlBackup option works
import ./make-test.nix ({ pkgs, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "mysql-backup";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ rvl ];
@ -20,31 +20,37 @@ import ./make-test.nix ({ pkgs, ... } : {
};
};
testScript =
'' startAll;
testScript = ''
start_all()
# Delete backup file that may be left over from a previous test run.
# This is not needed on Hydra but useful for repeated local test runs.
$master->execute("rm -f /var/backup/mysql/testdb.gz");
# Delete backup file that may be left over from a previous test run.
# This is not needed on Hydra but useful for repeated local test runs.
master.execute("rm -f /var/backup/mysql/testdb.gz")
# Need to have mysql started so that it can be populated with data.
$master->waitForUnit("mysql.service");
# Need to have mysql started so that it can be populated with data.
master.wait_for_unit("mysql.service")
# Wait for testdb to be fully populated (5 rows).
$master->waitUntilSucceeds("mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5");
# Wait for testdb to be fully populated (5 rows).
master.wait_until_succeeds(
"mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5"
)
# Do a backup and wait for it to start
$master->startJob("mysql-backup.service");
$master->waitForJob("mysql-backup.service");
# Do a backup and wait for it to start
master.start_job("mysql-backup.service")
master.wait_for_unit("mysql-backup.service")
# wait for backup to fail, because of database 'doesnotexist'
$master->waitUntilFails("systemctl is-active -q mysql-backup.service");
# wait for backup to fail, because of database 'doesnotexist'
master.wait_until_fails("systemctl is-active -q mysql-backup.service")
# wait for backup file and check that data appears in backup
$master->waitForFile("/var/backup/mysql/testdb.gz");
$master->succeed("${pkgs.gzip}/bin/zcat /var/backup/mysql/testdb.gz | grep hello");
# wait for backup file and check that data appears in backup
master.wait_for_file("/var/backup/mysql/testdb.gz")
master.succeed(
"${pkgs.gzip}/bin/zcat /var/backup/mysql/testdb.gz | grep hello"
)
# Check that a failed backup is logged
$master->succeed("journalctl -u mysql-backup.service | grep 'fail.*doesnotexist' > /dev/null");
'';
# Check that a failed backup is logged
master.succeed(
"journalctl -u mysql-backup.service | grep 'fail.*doesnotexist' > /dev/null"
)
'';
})

46
nixos/tests/mysql-replication.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} :
import ./make-test-python.nix ({ pkgs, ...} :
let
replicateUser = "replicate";
@ -54,28 +54,36 @@ in
};
testScript = ''
$master->start;
$master->waitForUnit("mysql");
$master->waitForOpenPort(3306);
master.start()
master.wait_for_unit("mysql")
master.wait_for_open_port(3306)
# Wait for testdb to be fully populated (5 rows).
$master->waitUntilSucceeds("mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5");
master.wait_until_succeeds(
"mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5"
)
$slave1->start;
$slave2->start;
$slave1->waitForUnit("mysql");
$slave1->waitForOpenPort(3306);
$slave2->waitForUnit("mysql");
$slave2->waitForOpenPort(3306);
slave1.start()
slave2.start()
slave1.wait_for_unit("mysql")
slave1.wait_for_open_port(3306)
slave2.wait_for_unit("mysql")
slave2.wait_for_open_port(3306)
# wait for replications to finish
$slave1->waitUntilSucceeds("mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5");
$slave2->waitUntilSucceeds("mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5");
slave1.wait_until_succeeds(
"mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5"
)
slave2.wait_until_succeeds(
"mysql -u root -D testdb -N -B -e 'select count(id) from tests' | grep -q 5"
)
$slave2->succeed("systemctl stop mysql");
$master->succeed("echo 'insert into testdb.tests values (123, 456);' | mysql -u root -N");
$slave2->succeed("systemctl start mysql");
$slave2->waitForUnit("mysql");
$slave2->waitForOpenPort(3306);
$slave2->waitUntilSucceeds("echo 'select * from testdb.tests where Id = 123;' | mysql -u root -N | grep 456");
slave2.succeed("systemctl stop mysql")
master.succeed("echo 'insert into testdb.tests values (123, 456);' | mysql -u root -N")
slave2.succeed("systemctl start mysql")
slave2.wait_for_unit("mysql")
slave2.wait_for_open_port(3306)
slave2.wait_until_succeeds(
"echo 'select * from testdb.tests where Id = 123;' | mysql -u root -N | grep 456"
)
'';
})

26
nixos/tests/mysql.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "mysql";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eelco shlevy ];
@ -47,17 +47,23 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all
$mysql->waitForUnit("mysql");
$mysql->succeed("echo 'use empty_testdb;' | mysql -u root");
$mysql->succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4");
mysql.wait_for_unit("mysql")
mysql.succeed("echo 'use empty_testdb;' | mysql -u root")
mysql.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4")
# ';' acts as no-op, just check whether login succeeds with the user created from the initialScript
$mysql->succeed("echo ';' | mysql -u passworduser --password=password123");
mysql.succeed("echo ';' | mysql -u passworduser --password=password123")
$mariadb->waitForUnit("mysql");
$mariadb->succeed("echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser");
$mariadb->succeed("echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser");
$mariadb->succeed("echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42");
mariadb.wait_for_unit("mysql")
mariadb.succeed(
"echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser"
)
mariadb.succeed(
"echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser"
)
mariadb.succeed(
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42"
)
'';
})

10
nixos/tests/nexus.nix
View File

@ -3,7 +3,7 @@
# 2. nexus service can startup on server (creating database and all other initial stuff)
# 3. the web application is reachable via HTTP
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "nexus";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ironpinguin ma27 ];
@ -22,11 +22,11 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript = ''
startAll;
start_all()
$server->waitForUnit("nexus");
$server->waitForOpenPort(8081);
server.wait_for_unit("nexus")
server.wait_for_open_port(8081)
$server->succeed("curl -f 127.0.0.1:8081");
server.succeed("curl -f 127.0.0.1:8081")
'';
})

30
nixos/tests/nix-ssh-serve.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib, ... }:
import ./make-test-python.nix ({ pkgs, lib, ... }:
let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
ssh-config = builtins.toFile "ssh.conf" ''
@ -18,22 +18,28 @@ in
client.nix.package = pkgs.nix;
};
testScript = ''
startAll;
start_all()
$client->succeed("mkdir -m 700 /root/.ssh");
$client->copyFileFromHost("${ssh-config}", "/root/.ssh/config");
$client->succeed("cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa");
$client->succeed("chmod 600 /root/.ssh/id_ecdsa");
client.succeed("mkdir -m 700 /root/.ssh")
client.succeed(
"cat ${ssh-config} > /root/.ssh/config"
)
client.succeed(
"cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa"
)
client.succeed("chmod 600 /root/.ssh/id_ecdsa")
$client->succeed("nix-store --add /etc/machine-id > mach-id-path");
client.succeed("nix-store --add /etc/machine-id > mach-id-path")
$server->waitForUnit("sshd");
server.wait_for_unit("sshd")
$client->fail("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
client.fail("diff /root/other-store$(cat mach-id-path) /etc/machine-id")
# Currently due to shared store this is a noop :(
$client->succeed("nix copy --to ssh-ng://nix-ssh\@server \$(cat mach-id-path)");
$client->succeed("nix-store --realise \$(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh\@server");
$client->succeed("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
client.succeed("nix copy --to ssh-ng://nix-ssh@server $(cat mach-id-path)")
client.succeed(
"nix-store --realise $(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh@server"
)
client.succeed("diff /root/other-store$(cat mach-id-path) /etc/machine-id")
'';
}
)

28
nixos/tests/osquery.nix
View File

@ -1,28 +0,0 @@
import ./make-test.nix ({ pkgs, lib, ... }:
with lib;
{
name = "osquery";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
machine = {
services.osquery.enable = true;
services.osquery.loggerPath = "/var/log/osquery/logs";
services.osquery.pidfile = "/run/osqueryd.pid";
};
testScript = ''
$machine->start;
$machine->waitForUnit("osqueryd.service");
$machine->succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | grep '127.0.0.1'");
$machine->succeed(
"echo 'SELECT value FROM osquery_flags WHERE name = \"logger_path\";' | osqueryi | grep /var/log/osquery/logs"
);
$machine->succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"pidfile\";' | osqueryi | grep /run/osqueryd.pid");
'';
})

55
nixos/tests/pantheon.nix
View File

@ -1,9 +1,10 @@
import ./make-test.nix ({ pkgs, ...} :
import ./make-test-python.nix ({ pkgs, ...} :
{
name = "pantheon";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ worldofpeace ];
maintainers = pkgs.pantheon.maintainers;
};
machine = { ... }:
@ -21,35 +22,37 @@ import ./make-test.nix ({ pkgs, ...} :
testScript = { nodes, ... }: let
user = nodes.machine.config.users.users.alice;
bob = nodes.machine.config.users.users.bob;
in ''
startAll;
machine.wait_for_unit("display-manager.service")
# Wait for display manager to start
$machine->waitForText(qr/${user.description}/);
$machine->screenshot("lightdm");
with subtest("Test we can see usernames in elementary-greeter"):
machine.wait_for_text("${user.description}")
machine.wait_for_text("${bob.description}")
machine.screenshot("elementary_greeter_lightdm")
# Log in
$machine->sendChars("${user.password}\n");
$machine->waitForFile("/home/alice/.Xauthority");
$machine->succeed("xauth merge ~alice/.Xauthority");
with subtest("Login with elementary-greeter"):
machine.send_chars("${user.password}\n")
machine.wait_for_x()
machine.wait_for_file("${user.home}/.Xauthority")
machine.succeed("xauth merge ${user.home}/.Xauthority")
# Check if "pantheon-shell" components actually start
$machine->waitUntilSucceeds("pgrep gala");
$machine->waitForWindow(qr/gala/);
$machine->waitUntilSucceeds("pgrep wingpanel");
$machine->waitForWindow("wingpanel");
$machine->waitUntilSucceeds("pgrep plank");
$machine->waitForWindow(qr/plank/);
with subtest("Check that logging in has given the user ownership of devices"):
machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}")
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl -p /dev/snd/timer | grep -q alice");
# TODO: DBus API could eliminate this? Pantheon uses Bamf.
with subtest("Check if pantheon session components actually start"):
machine.wait_until_succeeds("pgrep gala")
machine.wait_for_window("gala")
machine.wait_until_succeeds("pgrep wingpanel")
machine.wait_for_window("wingpanel")
machine.wait_until_succeeds("pgrep plank")
machine.wait_for_window("plank")
# Open elementary terminal
$machine->execute("su - alice -c 'DISPLAY=:0.0 io.elementary.terminal &'");
$machine->waitForWindow(qr/io.elementary.terminal/);
# Take a screenshot of the desktop
$machine->sleep(20);
$machine->screenshot("screen");
with subtest("Open elementary terminal"):
machine.execute("su - ${user.name} -c 'DISPLAY=:0 io.elementary.terminal &'")
machine.wait_for_window("io.elementary.terminal")
machine.sleep(20)
machine.screenshot("screen")
'';
})

56
nixos/tests/plasma5.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} :
import ./make-test-python.nix ({ pkgs, ...} :
{
name = "plasma5";
@ -7,23 +7,11 @@ import ./make-test.nix ({ pkgs, ...} :
};
machine = { ... }:
let
sddm_theme = pkgs.stdenv.mkDerivation {
name = "breeze-ocr-theme";
phases = "buildPhase";
buildCommand = ''
mkdir -p $out/share/sddm/themes/
cp -r ${pkgs.plasma-workspace}/share/sddm/themes/breeze $out/share/sddm/themes/breeze-ocr-theme
chmod -R +w $out/share/sddm/themes/breeze-ocr-theme
printf "[General]\ntype=color\ncolor=#1d99f3\nbackground=\n" > $out/share/sddm/themes/breeze-ocr-theme/theme.conf
'';
};
in
{
imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.theme = "breeze-ocr-theme";
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.default = "plasma5";
services.xserver.displayManager.sddm.autoLogin = {
@ -32,34 +20,40 @@ import ./make-test.nix ({ pkgs, ...} :
};
hardware.pulseaudio.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then
virtualisation.memorySize = 1024;
environment.systemPackages = [ sddm_theme ];
};
testScript = { nodes, ... }: let
user = nodes.machine.config.users.users.alice;
xdo = "${pkgs.xdotool}/bin/xdotool";
in ''
startAll;
# wait for log in
$machine->waitForFile("/home/alice/.Xauthority");
$machine->succeed("xauth merge ~alice/.Xauthority");
with subtest("Wait for login"):
start_all()
machine.wait_for_file("${user.home}/.Xauthority")
machine.succeed("xauth merge ${user.home}/.Xauthority")
$machine->waitUntilSucceeds("pgrep plasmashell");
$machine->waitForWindow("^Desktop ");
with subtest("Check plasmashell started"):
machine.wait_until_succeeds("pgrep plasmashell")
machine.wait_for_window("^Desktop ")
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl -p /dev/snd/timer | grep -q alice");
with subtest("Check that logging in has given the user ownership of devices"):
machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}")
$machine->execute("su - alice -c 'DISPLAY=:0.0 dolphin &'");
$machine->waitForWindow(" Dolphin");
with subtest("Run Dolphin"):
machine.execute("su - ${user.name} -c 'DISPLAY=:0.0 dolphin &'")
machine.wait_for_window(" Dolphin")
$machine->execute("su - alice -c 'DISPLAY=:0.0 konsole &'");
$machine->waitForWindow("Konsole");
with subtest("Run Konsole"):
machine.execute("su - ${user.name} -c 'DISPLAY=:0.0 konsole &'")
machine.wait_for_window("Konsole")
$machine->execute("su - alice -c 'DISPLAY=:0.0 systemsettings5 &'");
$machine->waitForWindow("Settings");
with subtest("Run systemsettings"):
machine.execute("su - ${user.name} -c 'DISPLAY=:0.0 systemsettings5 &'")
machine.wait_for_window("Settings")
$machine->execute("${xdo} key Alt+F1 sleep 10");
$machine->screenshot("screen");
with subtest("Wait to get a screenshot"):
machine.execute(
"${xdo} key Alt+F1 sleep 10"
)
machine.screenshot("screen")
'';
})

78
nixos/tests/prometheus.nix
View File

@ -31,7 +31,7 @@ let
};
};
in import ./make-test.nix {
in import ./make-test-python.nix {
name = "prometheus";
nodes = {
@ -173,67 +173,73 @@ in import ./make-test.nix {
testScript = { nodes, ... } : ''
# Before starting the other machines we first make sure that our S3 service is online
# and has a bucket added for thanos:
$s3->start;
$s3->waitForUnit("minio.service");
$s3->waitForOpenPort(${toString minioPort});
$s3->succeed(
"mc config host add minio " .
"http://localhost:${toString minioPort} ${s3.accessKey} ${s3.secretKey} S3v4");
$s3->succeed("mc mb minio/thanos-bucket");
s3.start()
s3.wait_for_unit("minio.service")
s3.wait_for_open_port(${toString minioPort})
s3.succeed(
"mc config host add minio "
+ "http://localhost:${toString minioPort} "
+ "${s3.accessKey} ${s3.secretKey} S3v4",
"mc mb minio/thanos-bucket",
)
# Now that s3 has started we can start the other machines:
$prometheus->start;
$query->start;
$store->start;
for machine in prometheus, query, store:
machine.start()
# Check if prometheus responds to requests:
$prometheus->waitForUnit("prometheus.service");
$prometheus->waitForOpenPort(${toString queryPort});
$prometheus->succeed("curl -s http://127.0.0.1:${toString queryPort}/metrics");
prometheus.wait_for_unit("prometheus.service")
prometheus.wait_for_open_port(${toString queryPort})
prometheus.succeed("curl -s http://127.0.0.1:${toString queryPort}/metrics")
# Let's test if pushing a metric to the pushgateway succeeds:
$prometheus->waitForUnit("pushgateway.service");
$prometheus->succeed(
"echo 'some_metric 3.14' | " .
"curl --data-binary \@- http://127.0.0.1:${toString pushgwPort}/metrics/job/some_job");
prometheus.wait_for_unit("pushgateway.service")
prometheus.succeed(
"echo 'some_metric 3.14' | "
+ "curl --data-binary \@- "
+ "http://127.0.0.1:${toString pushgwPort}/metrics/job/some_job"
)
# Now check whether that metric gets ingested by prometheus.
# Since we'll check for the metric several times on different machines
# we abstract the test using the following function:
# Function to check if the metric "some_metric" has been received and returns the correct value.
local *Machine::waitForMetric = sub {
my ($self) = @_;
$self->waitUntilSucceeds(
"curl -sf 'http://127.0.0.1:${toString queryPort}/api/v1/query?query=some_metric' " .
"| jq '.data.result[0].value[1]' | grep '\"3.14\"'");
};
def wait_for_metric(machine):
return machine.wait_until_succeeds(
"curl -sf 'http://127.0.0.1:${toString queryPort}/api/v1/query?query=some_metric' | "
+ "jq '.data.result[0].value[1]' | grep '\"3.14\"'"
)
$prometheus->waitForMetric;
wait_for_metric(prometheus)
# Let's test if the pushgateway persists metrics to the configured location.
$prometheus->waitUntilSucceeds("test -e /var/lib/prometheus-pushgateway/metrics");
prometheus.wait_until_succeeds("test -e /var/lib/prometheus-pushgateway/metrics")
# Test thanos
$prometheus->waitForUnit("thanos-sidecar.service");
prometheus.wait_for_unit("thanos-sidecar.service")
# Test if the Thanos query service can correctly retrieve the metric that was send above.
$query->waitForUnit("thanos-query.service");
$query->waitForMetric;
query.wait_for_unit("thanos-query.service")
wait_for_metric(query)
# Test if the Thanos sidecar has correctly uploaded its TSDB to S3, if the
# Thanos storage service has correctly downloaded it from S3 and if the Thanos
# query service running on $store can correctly retrieve the metric:
$store->waitForUnit("thanos-store.service");
$store->waitForMetric;
store.wait_for_unit("thanos-store.service")
wait_for_metric(store)
$store->waitForUnit("thanos-compact.service");
store.wait_for_unit("thanos-compact.service")
# Test if the Thanos bucket command is able to retrieve blocks from the S3 bucket
# and check if the blocks have the correct labels:
$store->succeed(
"thanos bucket ls" .
" --objstore.config-file=${nodes.store.config.services.thanos.store.objstore.config-file}" .
" --output=json | jq .thanos.labels.some_label | grep 'required by thanos'");
store.succeed(
"thanos bucket ls "
+ "--objstore.config-file=${nodes.store.config.services.thanos.store.objstore.config-file} "
+ "--output=json | "
+ "jq .thanos.labels.some_label | "
+ "grep 'required by thanos'"
)
'';
}

52
nixos/tests/sudo.nix
View File

@ -4,7 +4,7 @@ let
password = "helloworld";
in
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ...} : {
name = "sudo";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lschuermann ];
@ -50,44 +50,34 @@ in
testScript =
''
subtest "users in wheel group should have passwordless sudo", sub {
$machine->succeed("su - test0 -c \"sudo -u root true\"");
};
with subtest("users in wheel group should have passwordless sudo"):
machine.succeed('su - test0 -c "sudo -u root true"')
subtest "test1 user should have sudo with password", sub {
$machine->succeed("su - test1 -c \"echo ${password} | sudo -S -u root true\"");
};
with subtest("test1 user should have sudo with password"):
machine.succeed('su - test1 -c "echo ${password} | sudo -S -u root true"')
subtest "test1 user should not be able to use sudo without password", sub {
$machine->fail("su - test1 -c \"sudo -n -u root true\"");
};
with subtest("test1 user should not be able to use sudo without password"):
machine.fail('su - test1 -c "sudo -n -u root true"')
subtest "users in group 'foobar' should be able to use sudo with password", sub {
$machine->succeed("sudo -u test2 echo ${password} | sudo -S -u root true");
};
with subtest("users in group 'foobar' should be able to use sudo with password"):
machine.succeed("sudo -u test2 echo ${password} | sudo -S -u root true")
subtest "users in group 'barfoo' should be able to use sudo without password", sub {
$machine->succeed("sudo -u test3 sudo -n -u root true");
};
with subtest("users in group 'barfoo' should be able to use sudo without password"):
machine.succeed("sudo -u test3 sudo -n -u root true")
subtest "users in group 'baz' (GID 1337) should be able to use sudo without password", sub {
$machine->succeed("sudo -u test4 sudo -n -u root echo true");
};
with subtest("users in group 'baz' (GID 1337)"):
machine.succeed("sudo -u test4 sudo -n -u root echo true")
subtest "test5 user should be able to run commands under test1", sub {
$machine->succeed("sudo -u test5 sudo -n -u test1 true");
};
with subtest("test5 user should be able to run commands under test1"):
machine.succeed("sudo -u test5 sudo -n -u test1 true")
subtest "test5 user should not be able to run commands under root", sub {
$machine->fail("sudo -u test5 sudo -n -u root true");
};
with subtest("test5 user should not be able to run commands under root"):
machine.fail("sudo -u test5 sudo -n -u root true")
subtest "test5 user should be able to keep his environment", sub {
$machine->succeed("sudo -u test5 sudo -n -E -u test1 true");
};
with subtest("test5 user should be able to keep his environment"):
machine.succeed("sudo -u test5 sudo -n -E -u test1 true")
subtest "users in group 'barfoo' should not be able to keep their environment", sub {
$machine->fail("sudo -u test3 sudo -n -E -u root true");
};
with subtest("users in group 'barfoo' should not be able to keep their environment"):
machine.fail("sudo -u test3 sudo -n -E -u root true")
'';
})

12
nixos/tests/syncthing-init.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ lib, pkgs, ... }: let
import ./make-test-python.nix ({ lib, pkgs, ... }: let
testId = "7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU";
@ -22,13 +22,11 @@ in {
};
testScript = ''
my $config;
$machine->waitForUnit("syncthing-init.service");
$config = $machine->succeed("cat /var/lib/syncthing/.config/syncthing/config.xml");
machine.wait_for_unit("syncthing-init.service")
config = machine.succeed("cat /var/lib/syncthing/.config/syncthing/config.xml")
$config =~ /${testId}/ or die;
$config =~ /testFolder/ or die;
assert "testFolder" in config
assert "${testId}" in config
'';
})

14
nixos/tests/syncthing-relay.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ lib, pkgs, ... }: {
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "syncthing-relay";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ delroth ];
@ -14,9 +14,13 @@ import ./make-test.nix ({ lib, pkgs, ... }: {
};
testScript = ''
$machine->waitForUnit("syncthing-relay.service");
$machine->waitForOpenPort(12345);
$machine->waitForOpenPort(12346);
$machine->succeed("curl http://localhost:12346/status | jq -r '.options.\"provided-by\"'") =~ /nixos-test/ or die;
machine.wait_for_unit("syncthing-relay.service")
machine.wait_for_open_port(12345)
machine.wait_for_open_port(12346)
out = machine.succeed(
"curl -sS http://localhost:12346/status | jq -r '.options.\"provided-by\"'"
)
assert "nixos-test" in out
'';
})

11
nixos/tests/systemd-networkd-wireguard.nix
View File

@ -1,4 +1,4 @@
let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ...}: {
let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
imports = [ common/user-account.nix ];
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
networking.useNetworkd = true;
@ -7,13 +7,16 @@ let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ...
virtualisation.vlans = [ 1 ];
environment.systemPackages = with pkgs; [ wireguard-tools ];
boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
systemd.tmpfiles.rules = [
"f /run/wg_priv 0640 root systemd-network - ${privk}"
];
systemd.network = {
enable = true;
netdevs = {
"90-wg0" = {
netdevConfig = { Kind = "wireguard"; Name = "wg0"; };
wireguardConfig = {
PrivateKeyFile = privkpath ;
PrivateKeyFile = "/run/wg_priv";
ListenPort = 51820;
FwMark = 42;
};
@ -53,7 +56,7 @@ in import ./make-test-python.nix ({pkgs, ... }: {
nodes = {
node1 = { pkgs, ... }@attrs:
let localConf = {
privkpath = pkgs.writeText "priv.key" "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00=";
privk = "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00=";
pubk = "iRxpqj42nnY0Qz8MAQbSm7bXxXP5hkPqWYIULmvW+EE=";
nodeId = "1";
peerId = "2";
@ -62,7 +65,7 @@ in import ./make-test-python.nix ({pkgs, ... }: {
node2 = { pkgs, ... }@attrs:
let localConf = {
privkpath = pkgs.writeText "priv.key" "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k=";
privk = "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k=";
pubk = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
nodeId = "2";
peerId = "1";

16
nixos/tests/systemd-nspawn.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({pkgs, lib, ...}:
import ./make-test-python.nix ({pkgs, lib, ...}:
let
gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
mkdir -p $out
@ -32,7 +32,7 @@ let
gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS
'');
in {
name = "opensmtpd";
name = "systemd-nspawn";
nodes = {
server = { pkgs, ... }: {
@ -48,11 +48,13 @@ in {
};
testScript = ''
startAll;
start_all()
$server->waitForUnit("nginx.service");
$client->waitForUnit("network-online.target");
$client->succeed("machinectl pull-raw --verify=signature http://server/testimage.raw");
$client->succeed("cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw");
server.wait_for_unit("nginx.service")
client.wait_for_unit("network-online.target")
client.succeed("machinectl pull-raw --verify=signature http://server/testimage.raw")
client.succeed(
"cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw"
)
'';
})

10
nixos/tests/uwsgi.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "uwsgi";
meta = with pkgs.stdenv.lib.maintainers; {
@ -30,9 +30,9 @@ import ./make-test.nix ({ pkgs, ... }:
testScript =
''
$machine->waitForUnit('multi-user.target');
$machine->waitForUnit('uwsgi.service');
$machine->waitForOpenPort(8000);
$machine->succeed('curl -v 127.0.0.1:8000 | grep "Hello World!"');
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("uwsgi.service")
machine.wait_for_open_port(8000)
assert "Hello World" in machine.succeed("curl -v 127.0.0.1:8000")
'';
})

42
nixos/tests/wordpress.nix
View File

@ -1,9 +1,13 @@
import ./make-test.nix ({ pkgs, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "wordpress";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ grahamc ]; # under duress!
maintainers = [
flokli
grahamc # under duress!
mmilata
];
};
machine =
@ -23,19 +27,31 @@ import ./make-test.nix ({ pkgs, ... }:
};
testScript = ''
startAll;
import re
$machine->waitForUnit("httpd");
$machine->waitForUnit("phpfpm-wordpress-site1.local");
$machine->waitForUnit("phpfpm-wordpress-site2.local");
start_all()
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
machine.wait_for_unit("httpd")
$machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
$machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
$machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
machine.wait_for_unit("phpfpm-wordpress-site1.local")
machine.wait_for_unit("phpfpm-wordpress-site2.local")
site_names = ["site1.local", "site2.local"]
with subtest("website returns welcome screen"):
for site_name in site_names:
assert "Welcome to the famous" in machine.succeed(f"curl -L {site_name}")
with subtest("wordpress-init went through"):
for site_name in site_names:
info = machine.get_unit_info(f"wordpress-init-{site_name}")
assert info["Result"] == "success"
with subtest("secret keys are set"):
pattern = re.compile(r"^define.*NONCE_SALT.{64,};$", re.MULTILINE)
for site_name in site_names:
assert pattern.search(
machine.succeed(f"cat /var/lib/wordpress/{site_name}/secret-keys.php")
)
'';
})

20
nixos/tests/xmpp/prosody-mysql.nix
View File

@ -1,4 +1,4 @@
import ../make-test.nix {
import ../make-test-python.nix {
name = "prosody-mysql";
nodes = {
@ -57,21 +57,21 @@ import ../make-test.nix {
};
testScript = { nodes, ... }: ''
$mysql->waitForUnit('mysql.service');
$server->waitForUnit('prosody.service');
$server->succeed('prosodyctl status') =~ /Prosody is running/;
mysql.wait_for_unit("mysql.service")
server.wait_for_unit("prosody.service")
server.succeed('prosodyctl status | grep "Prosody is running"')
# set password to 'nothunter2' (it's asked twice)
$server->succeed('yes nothunter2 | prosodyctl adduser cthon98@example.com');
server.succeed("yes nothunter2 | prosodyctl adduser cthon98@example.com")
# set password to 'y'
$server->succeed('yes | prosodyctl adduser azurediamond@example.com');
server.succeed("yes | prosodyctl adduser azurediamond@example.com")
# correct password to 'hunter2'
$server->succeed('yes hunter2 | prosodyctl passwd azurediamond@example.com');
server.succeed("yes hunter2 | prosodyctl passwd azurediamond@example.com")
$client->succeed("send-message");
client.succeed("send-message")
$server->succeed('prosodyctl deluser cthon98@example.com');
$server->succeed('prosodyctl deluser azurediamond@example.com');
server.succeed("prosodyctl deluser cthon98@example.com")
server.succeed("prosodyctl deluser azurediamond@example.com")
'';
}

20
nixos/tests/xmpp/prosody.nix
View File

@ -1,4 +1,4 @@
import ../make-test.nix {
import ../make-test-python.nix {
name = "prosody";
nodes = {
@ -28,19 +28,19 @@ import ../make-test.nix {
};
testScript = { nodes, ... }: ''
$server->waitForUnit('prosody.service');
$server->succeed('prosodyctl status') =~ /Prosody is running/;
server.wait_for_unit("prosody.service")
server.succeed('prosodyctl status | grep "Prosody is running"')
# set password to 'nothunter2' (it's asked twice)
$server->succeed('yes nothunter2 | prosodyctl adduser cthon98@example.com');
server.succeed("yes nothunter2 | prosodyctl adduser cthon98@example.com")
# set password to 'y'
$server->succeed('yes | prosodyctl adduser azurediamond@example.com');
# correct password to 'hunter2'
$server->succeed('yes hunter2 | prosodyctl passwd azurediamond@example.com');
server.succeed("yes | prosodyctl adduser azurediamond@example.com")
# correct password to "hunter2"
server.succeed("yes hunter2 | prosodyctl passwd azurediamond@example.com")
$client->succeed("send-message");
client.succeed("send-message")
$server->succeed('prosodyctl deluser cthon98@example.com');
$server->succeed('prosodyctl deluser azurediamond@example.com');
server.succeed("prosodyctl deluser cthon98@example.com")
server.succeed("prosodyctl deluser azurediamond@example.com")
'';
}

4
pkgs/applications/audio/audacity/default.nix
View File

@ -7,12 +7,12 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.3.2";
version = "2.3.3";
pname = "audacity";
src = fetchzip {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "08w96124vv8k4myd4vifq73ningq6404x889wvg2sk016kc4dfv1";
sha256 = "0ddc03dbm4ixy877czmwd03fpjgr3y68bxfgb6n2q6cv4prp30ig";
};
preConfigure = /* we prefer system-wide libs */ ''

6
pkgs/applications/audio/lmms/default.nix
View File

@ -1,9 +1,9 @@
{ stdenv, fetchFromGitHub, cmake, pkgconfig, alsaLib ? null, fftwFloat, fltk13
, fluidsynth_1 ? null, lame ? null, libgig ? null, libjack2 ? null, libpulseaudio ? null
, libsamplerate, libsoundio ? null, libsndfile, libvorbis ? null, portaudio ? null
, qtbase, qtx11extras, qttools, SDL ? null }:
, qtbase, qtx11extras, qttools, SDL ? null, mkDerivation }:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "lmms";
version = "1.2.0-rc7";
@ -43,7 +43,7 @@ stdenv.mkDerivation rec {
description = "DAW similar to FL Studio (music production software)";
homepage = https://lmms.io;
license = licenses.gpl2Plus;
platforms = platforms.linux;
platforms = [ "x86_64-linux" "i686-linux" ];
maintainers = with maintainers; [ goibhniu yegortimoshenko ];
};
}

8
pkgs/applications/audio/spotifyd/default.nix
View File

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "spotifyd";
version = "0.2.19";
version = "0.2.20";
src = fetchFromGitHub {
owner = "Spotifyd";
repo = "spotifyd";
rev = "v${version}";
sha256 = "063b28ysj224m6ngns9i574i7vnp1x4g07cqjw908ch04yngcg1c";
sha256 = "1hf4wpk7r0s4jpjhxaz67y1hd8jx9ns5imd85r3cdg4lxf3j5gph";
};
cargoSha256 = "0pqxqd5dyw9mjclrqkxzfnzsz74xl4bg0b86v5q6kc0a91zd49b9";
cargoSha256 = "1h3fis47hmxvppiv1icjhgp48nd46gayfcmzfjs34q6jask90n0w";
cargoBuildFlags = [
"--no-default-features"
@ -36,7 +36,7 @@ rustPlatform.buildRustPackage rec {
description = "An open source Spotify client running as a UNIX daemon";
homepage = "https://github.com/Spotifyd/spotifyd";
license = with licenses; [ gpl3 ];
maintainers = [ maintainers.anderslundstedt maintainers.marsam ];
maintainers = with maintainers; [ anderslundstedt filalex77 marsam ];
platforms = platforms.unix;
};
}

2
pkgs/applications/editors/kdevelop5/kdevelop.nix
View File

@ -37,7 +37,7 @@ mkDerivation rec {
# https://cgit.kde.org/kdevelop.git/commit/?id=716372ae2e8dff9c51e94d33443536786e4bd85b
# required as nixos seems to be unable to find CLANG_BUILTIN_DIR
cmakeFlags = [
"-DCLANG_BUILTIN_DIR=${llvmPackages.clang-unwrapped}/lib/clang/${(builtins.parseDrvName llvmPackages.clang.name).version}/include"
"-DCLANG_BUILTIN_DIR=${llvmPackages.clang-unwrapped}/lib/clang/${lib.getVersion llvmPackages.clang}/include"
];
dontWrapQtApps = true;

4
pkgs/applications/graphics/drawpile/default.nix
View File

@ -60,11 +60,11 @@ let
in mkDerivation rec {
pname = "drawpile";
version = "2.1.13";
version = "2.1.14";
src = fetchurl {
url = "https://drawpile.net/files/src/drawpile-${version}.tar.gz";
sha256 = "0r56hkzjdlg4615zvrjv60i3f06pv7ssh6bs6jb46qs8wbsawsxf";
sha256 = "0vpsq8swvli6xiykjqjmdcz33jd44nvhq1n350dm9qap9s9wdr47";
};
nativeBuildInputs = [

11
pkgs/applications/graphics/nomacs/default.nix
View File

@ -1,6 +1,7 @@
{ stdenv
, mkDerivation
, fetchFromGitHub
, fetchpatch
, cmake
, pkgconfig
@ -9,7 +10,7 @@
, qtsvg
, exiv2
, opencv
, opencv4
, libraw
, libtiff
, quazip
@ -28,6 +29,12 @@ mkDerivation rec {
patches = [
./nomacs-iostream.patch
(fetchpatch {
name = "darwin-less-restrictive-opencv.patch";
url = "https://github.com/nomacs/nomacs/commit/d182fce4bcd9a25bd15e3de065ca67849a32458c.patch";
sha256 = "0j6sviwrjn69nqf59hjn30c4j838h8az7rnlwcx8ymlb21vd9x2h";
stripLen = 1;
})
];
enableParallelBuilding = true;
@ -43,7 +50,7 @@ mkDerivation rec {
qttools
qtsvg
exiv2
opencv
opencv4
libraw
libtiff
quazip];

4
pkgs/applications/misc/clight/clightd.nix
View File

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "clightd";
version = "3.4";
version = "4.0";
src = fetchFromGitHub {
owner = "FedeDP";
repo = "Clightd";
rev = version;
sha256 = "0g6kawizwfhvigkwm7rbfq6rg872xn8igy8n355w4d7mmcxk0jf8";
sha256 = "0cskxy3xsy187in5vg8xcs3kwcx2s160qv009v0ahkcalp29ghz4";
};
# dbus-1.pc has datadir=/etc

7
pkgs/applications/misc/clight/default.nix
View File

@ -1,18 +1,18 @@
{ lib, stdenv, fetchFromGitHub
, dbus, cmake, pkgconfig, bash-completion
, gsl, popt, clightd, systemd, libconfig
, gsl, popt, clightd, systemd, libconfig, libmodule
, withGeoclue ? true, geoclue2
, withUpower ? true, upower }:
stdenv.mkDerivation rec {
pname = "clight";
version = "3.1";
version = "4.0";
src = fetchFromGitHub {
owner = "FedeDP";
repo = "Clight";
rev = version;
sha256 = "0rzcr1x9h4llnmklhgzs9r7xwhsrw1qkqvfffkp8fs90nycaqx81";
sha256 = "101fp9kwmfmfffpdvv41wf96kdjw0b16xk49g43w32a5wlr74zrq";
};
# bash-completion.pc completionsdir=${bash-completion.out}
@ -42,6 +42,7 @@ stdenv.mkDerivation rec {
systemd
geoclue2
libconfig
libmodule
] ++ optional withGeoclue geoclue2
++ optional withUpower upower;

4
pkgs/applications/misc/copyq/default.nix
View File

@ -5,13 +5,13 @@
mkDerivation rec {
pname = "CopyQ";
version = "3.9.2";
version = "3.9.3";
src = fetchFromGitHub {
owner = "hluk";
repo = "CopyQ";
rev = "v${version}";
sha256 = "02zs444i7hnqishs1i6vp8ffjxlxk3xkrw935pdwnwppv9s9v202";
sha256 = "0wlwq9xg8rzsbj0b29z358k4mbrqy04iraa8x0p26pa95yskgcma";
};
nativeBuildInputs = [ cmake ];

4
pkgs/applications/misc/dbeaver/default.nix
View File

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
pname = "dbeaver-ce";
version = "6.2.4";
version = "6.2.5";
desktopItem = makeDesktopItem {
name = "dbeaver";
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dbeaver.io/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
sha256 = "1k3aan290kfy2b53gl8r4yxvb8jas6sms1r052m3jld3i8frqgva";
sha256 = "1bg5cq7ivf263mjr8g9qwdhp9x0gm04nqiya4fyw0k33yiab85zn";
};
installPhase = ''

10
pkgs/applications/misc/glava/default.nix
View File

@ -8,7 +8,7 @@ let
wrapperScript = writeScript "glava" ''
#!${runtimeShell}
case "$1" in
--copy-config)
--copy-config|-C)
# The binary would symlink it, which won't work in Nix because the
# garbage collector will eventually remove the original files after
# updates
@ -45,6 +45,14 @@ in
];
preConfigure = ''
for f in $(find -type f);do
substituteInPlace $f \
--replace /etc/xdg $out/etc/xdg
done
substituteInPlace Makefile \
--replace '$(DESTDIR)$(SHADERDIR)' '$(SHADERDIR)'
substituteInPlace Makefile \
--replace 'unknown' 'v${version}'

8
pkgs/applications/misc/houdini/runtime.nix
View File

@ -30,14 +30,14 @@ let
license_dir = "~/.config/houdini";
in
stdenv.mkDerivation rec {
version = "17.0.352";
version = "17.5.327";
pname = "houdini-runtime";
src = requireFile rec {
name = "houdini-${version}-linux_x86_64_gcc6.3.tar.gz";
sha256 = "0cl5fkgaplb0cvv7mli06ffc9j4ngpy8hl5zqabj3d645gcgafjg";
sha256 = "1byigmhmby8lgi2vmgxy9jlrrqk7jyr507zqkihq5bv8kfsanv1x";
message = ''
This nix expression requires that ${name} is already part of the store.
Download it from https://sidefx.com and add it to the nix store with:
Download it from https://www.sidefx.com and add it to the nix store with:
nix-prefetch-url <URL>
@ -78,7 +78,7 @@ stdenv.mkDerivation rec {
'';
meta = {
description = "3D animation application software";
homepage = https://sidefx.com;
homepage = https://www.sidefx.com;
license = stdenv.lib.licenses.unfree;
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.canndrew ];

23
pkgs/applications/misc/nut/default.nix
View File

@ -1,17 +1,27 @@
{ stdenv, fetchurl, pkgconfig, neon, libusb, openssl, udev, avahi, freeipmi
, libtool, makeWrapper, nss }:
, libtool, makeWrapper, autoreconfHook, fetchpatch
}:
stdenv.mkDerivation rec {
name = "nut-2.7.4";
pname = "nut";
version = "2.7.4";
src = fetchurl {
url = "http://www.networkupstools.org/source/2.7/${name}.tar.gz";
url = "https://networkupstools.org/source/2.7/${pname}-${version}.tar.gz";
sha256 = "19r5dm07sfz495ckcgbfy0pasx0zy3faa0q7bih69lsjij8q43lq";
};
buildInputs = [ neon libusb openssl udev avahi freeipmi libtool nss ];
patches = [
(fetchpatch {
# Fix build with openssl >= 1.1.0
url = "https://github.com/networkupstools/nut/commit/612c05efb3c3b243da603a3a050993281888b6e3.patch";
sha256 = "0jdbii1z5sqyv24286j5px65j7b3gp8zk3ahbph83pig6g46m3hs";
})
];
nativeBuildInputs = [ pkgconfig makeWrapper ];
buildInputs = [ neon libusb openssl udev avahi freeipmi ];
nativeBuildInputs = [ autoreconfHook libtool pkgconfig makeWrapper ];
configureFlags =
[ "--with-all"
@ -26,7 +36,6 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
postInstall = ''
wrapProgram $out/bin/nut-scanner --prefix LD_LIBRARY_PATH : \
"$out/lib:${neon}/lib:${libusb.out}/lib:${avahi}/lib:${freeipmi}/lib"
@ -39,7 +48,7 @@ stdenv.mkDerivation rec {
interface for monitoring and administering UPS, PDU and SCD hardware.
It uses a layered approach to connect all of the parts.
'';
homepage = http://www.networkupstools.org/;
homepage = https://networkupstools.org/;
repositories.git = https://github.com/networkupstools/nut.git;
platforms = platforms.linux;
maintainers = [ maintainers.pierron ];

17
pkgs/applications/misc/polybar/default.nix
View File

@ -1,5 +1,5 @@
{ cairo, cmake, fetchFromGitHub, libXdmcp, libpthreadstubs, libxcb, pcre, pkgconfig
, python2, stdenv, xcbproto, xcbutil, xcbutilcursor, xcbutilimage
, python3, stdenv, xcbproto, xcbutil, xcbutilcursor, xcbutilimage
, xcbutilrenderutil, xcbutilwm, xcbutilxrm, makeWrapper
# optional packages-- override the variables ending in 'Support' to enable or
@ -24,15 +24,16 @@ assert nlSupport -> ! iwSupport && libnl != null;
assert i3Support -> ! i3GapsSupport && jsoncpp != null && i3 != null;
assert i3GapsSupport -> ! i3Support && jsoncpp != null && i3-gaps != null;
stdenv.mkDerivation rec {
let xcbproto-py3 = xcbproto.override { python = python3; };
in stdenv.mkDerivation rec {
pname = "polybar";
version = "3.4.0";
version = "3.4.1";
src = fetchFromGitHub {
owner = "jaagr";
owner = pname;
repo = pname;
rev = version;
sha256 = "1g3zj0788cdlm8inpl19279bw8zjcy7dzj7q4f1l2d8c8g1jhv0m";
sha256 = "1z1m6dxh2i5vsnkzaccb9j02ab05wgmcgig5d0l9w856g5jp3zmy";
fetchSubmodules = true;
};
@ -45,12 +46,12 @@ stdenv.mkDerivation rec {
having a black belt in shell scripting.
'';
license = licenses.mit;
maintainers = [ maintainers.afldcr ];
platforms = platforms.unix;
maintainers = with maintainers; [ afldcr filalex77 ];
platforms = platforms.linux;
};
buildInputs = [
cairo libXdmcp libpthreadstubs libxcb pcre python2 xcbproto xcbutil
cairo libXdmcp libpthreadstubs libxcb pcre python3 xcbproto-py3 xcbutil
xcbutilcursor xcbutilimage xcbutilrenderutil xcbutilwm xcbutilxrm
(if alsaSupport then alsaLib else null)

14
pkgs/applications/misc/sweethome3d/default.nix
View File

@ -3,8 +3,6 @@
let
getDesktopFileName = drvName: (builtins.parseDrvName drvName).name;
# TODO: Should we move this to `lib`? Seems like its would be useful in many cases.
extensionOf = filePath:
lib.concatStringsSep "." (lib.tail (lib.splitString "." (builtins.baseNameOf filePath)));
@ -15,15 +13,15 @@ let
'') icons);
mkSweetHome3D =
{ name, module, version, src, license, description, desktopName, icons }:
{ pname, module, version, src, license, description, desktopName, icons }:
stdenv.mkDerivation rec {
inherit name version src description;
inherit pname version src description;
exec = stdenv.lib.toLower module;
sweethome3dItem = makeDesktopItem {
inherit exec desktopName;
name = getDesktopFileName name;
icon = getDesktopFileName name;
name = pname;
icon = pname;
comment = description;
genericName = "Computer Aided (Interior) Design";
categories = "Application;Graphics;2DGraphics;3DGraphics;";
@ -49,7 +47,7 @@ let
mkdir -p $out/bin
cp install/${module}-${version}.jar $out/share/java/.
${installIcons (getDesktopFileName name) icons}
${installIcons pname icons}
cp "${sweethome3dItem}/share/applications/"* $out/share/applications
@ -74,9 +72,9 @@ let
in {
application = mkSweetHome3D rec {
pname = stdenv.lib.toLower module + "-application";
version = "6.2";
module = "SweetHome3D";
name = stdenv.lib.toLower module + "-application-" + version;
description = "Design and visualize your future home";
license = stdenv.lib.licenses.gpl2Plus;
src = fetchsvn {

13
pkgs/applications/misc/sweethome3d/editors.nix
View File

@ -7,20 +7,17 @@ let
m: "sweethome3d-"
+ removeSuffix "libraryeditor" (toLower m)
+ "-editor";
sweetName = m: v: sweetExec m + "-" + v;
getDesktopFileName = drvName: (builtins.parseDrvName drvName).name;
mkEditorProject =
{ name, module, version, src, license, description, desktopName }:
{ pname, module, version, src, license, description, desktopName }:
stdenv.mkDerivation rec {
application = sweethome3dApp;
inherit name module version src description;
inherit pname module version src description;
exec = sweetExec module;
editorItem = makeDesktopItem {
inherit exec desktopName;
name = getDesktopFileName name;
name = pname;
comment = description;
genericName = "Computer Aided (Interior) Design";
categories = "Application;Graphics;2DGraphics;3DGraphics;";
@ -66,7 +63,7 @@ in {
textures-editor = mkEditorProject rec {
version = "1.5";
module = "TexturesLibraryEditor";
name = sweetName module version;
pname = module;
description = "Easily create SH3T files and edit the properties of the texture images it contain";
license = stdenv.lib.licenses.gpl2Plus;
src = fetchcvs {
@ -81,7 +78,7 @@ in {
furniture-editor = mkEditorProject rec {
version = "1.19";
module = "FurnitureLibraryEditor";
name = sweetName module version;
pname = module;
description = "Quickly create SH3F files and edit the properties of the 3D models it contain";
license = stdenv.lib.licenses.gpl2;
src = fetchcvs {

13
pkgs/applications/misc/timewarrior/default.nix
View File

@ -1,14 +1,17 @@
{ stdenv, fetchurl, cmake }:
{ stdenv, fetchFromGitHub, cmake }:
stdenv.mkDerivation rec {
pname = "timewarrior";
version = "1.1.1";
version = "1.2.0";
enableParallelBuilding = true;
src = fetchurl {
url = "https://taskwarrior.org/download/timew-${version}.tar.gz";
sha256 = "1jfcfzdwk5qqhxznj1bgy0sx3lnp3z5lqr9kch9a7iazwmi9lz8z";
src = fetchFromGitHub {
owner = "GothenburgBitFactory";
repo = "timewarrior";
rev = "v${version}";
sha256 = "0ci8kb7gdp1dsv6xj30nbz8lidrmn50pbriw26wv8mdhs17rfk7w";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake ];

4
pkgs/applications/misc/tnef/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub, autoreconfHook }:
stdenv.mkDerivation rec {
version = "1.4.17";
version = "1.4.18";
pname = "tnef";
src = fetchFromGitHub {
owner = "verdammelt";
repo = "tnef";
rev = version;
sha256 = "0cq2xh5wd74qn6k2nnw5rayxgqhjl3jbzf4zlc4babcwxrv32ldh";
sha256 = "104g48mcm00bgiyzas2vf86331w7bnw7h3bc11ib4lp7rz6zqfck";
};
doCheck = true;

28
pkgs/applications/misc/zola/cargo-lock.patch Normal file
View File

@ -0,0 +1,28 @@
diff --git a/Cargo.lock b/Cargo.lock
index df5fef3..80f071a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2158,12 +2158,12 @@ version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
- "sass-sys 0.4.13 (registry+https://github.com/rust-lang/crates.io-index)",
+ "sass-sys 0.4.15 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
name = "sass-sys"
-version = "0.4.13"
+version = "0.4.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"cc 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -3410,7 +3410,7 @@ dependencies = [
"checksum safemem 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "d2b08423011dae9a5ca23f07cf57dac3857f5c885d352b76f6d95f4aea9434d0"
"checksum same-file 1.0.5 (registry+https://github.com/rust-lang/crates.io-index)" = "585e8ddcedc187886a30fa705c47985c3fa88d06624095856b36ca0b82ff4421"
"checksum sass-rs 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "cabcf7c6e55053f359911187ac401409aad2dc14338cae972dec266fee486abd"
-"checksum sass-sys 0.4.13 (registry+https://github.com/rust-lang/crates.io-index)" = "6e16ac97c2335bc367e2d675f54c1823558f1b19a6c67671d48b70e30ae22972"
+"checksum sass-sys 0.4.15 (registry+https://github.com/rust-lang/crates.io-index)" = "304b6f9501d1da13f17404aeee85486d7383d06074906669b3ea032f81e83d22"
"checksum schannel 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "87f550b06b6cba9c8b8be3ee73f391990116bf527450d2556e9b9ce263b9a021"
"checksum scoped_threadpool 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "1d51f5df5af43ab3f1360b429fa5e0152ac5ce8c0bd6485cae490332e96846a8"
"checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27"

5
pkgs/applications/misc/zola/default.nix
View File

@ -8,10 +8,11 @@ rustPlatform.buildRustPackage rec {
owner = "getzola";
repo = pname;
rev = "v${version}";
sha256 = "0dbj2rkn4k5glnwdazsvjhah5pj9cbdb8hwlvm5q4njsmrgpyaw5";
sha256 = "13kbgxh7r6124d1fjdf0x599j1kpgixp1y9d299zb5vrd6rf5wy5";
};
cargoPatches = [ ./cargo-lock.patch ];
cargoSha256 = "0i0xqbpbv3md42d2853cfzkhfwlkvxahhz5dldla5x96rm1i2hr8";
cargoSha256 = "03rwf5l1l3ap03qi0xqcxsbyvpg3cqmr50j8ql6c5v55xl0ki9w8";
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ openssl ]

4
pkgs/applications/networking/browsers/chromium/common.nix
View File

@ -150,8 +150,8 @@ let
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi) [
# source: https://aur.archlinux.org/cgit/aur.git/plain/chromium-vaapi.patch?h=chromium-vaapi
./patches/chromium-vaapi.patch
# source: https://aur.archlinux.org/cgit/aur.git/tree/vaapi-fix.patch?h=chromium-vaapi
./patches/vaapi-fix.patch
] ++ optional stdenv.isAarch64 (fetchpatch {
url = https://raw.githubusercontent.com/OSSystems/meta-browser/e4a667deaaf9a26a3a1aeb355770d1f29da549ad/recipes-browser/chromium/files/aarch64-skia-build-fix.patch;
postFetch = "substituteInPlace $out --replace __aarch64__ SK_CPU_ARM64";

117
pkgs/applications/networking/browsers/chromium/patches/chromium-vaapi.patch
View File

@ -1,117 +0,0 @@
From abc7295ca1653c85472916909f0eb76e28e79a58 Mon Sep 17 00:00:00 2001
From: Akarshan Biswas <akarshan.biswas@gmail.com>
Date: Thu, 24 Jan 2019 12:45:29 +0530
Subject: [PATCH] Enable mojo with VDA2 on Linux
---
chrome/browser/about_flags.cc | 8 ++++----
chrome/browser/flag_descriptions.cc | 9 +++++++--
chrome/browser/flag_descriptions.h | 10 ++++++++--
gpu/config/software_rendering_list.json | 3 ++-
media/media_options.gni | 9 ++++++---
media/mojo/services/gpu_mojo_media_client.cc | 4 ++--
6 files changed, 29 insertions(+), 14 deletions(-)
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
index 0a84c6ac1..be2aa1d8b 100644
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -1714,7 +1714,7 @@ const FeatureEntry kFeatureEntries[] = {
"disable-accelerated-video-decode",
flag_descriptions::kAcceleratedVideoDecodeName,
flag_descriptions::kAcceleratedVideoDecodeDescription,
- kOsMac | kOsWin | kOsCrOS | kOsAndroid,
+ kOsMac | kOsWin | kOsCrOS | kOsAndroid | kOsLinux,
SINGLE_DISABLE_VALUE_TYPE(switches::kDisableAcceleratedVideoDecode),
},
#if defined(OS_WIN)
@@ -2345,12 +2345,12 @@ const FeatureEntry kFeatureEntries[] = {
FEATURE_VALUE_TYPE(service_manager::features::kXRSandbox)},
#endif // ENABLE_ISOLATED_XR_SERVICE
#endif // ENABLE_VR
-#if defined(OS_CHROMEOS)
+#if defined(OS_CHROMEOS) || defined(OS_LINUX)
{"disable-accelerated-mjpeg-decode",
flag_descriptions::kAcceleratedMjpegDecodeName,
- flag_descriptions::kAcceleratedMjpegDecodeDescription, kOsCrOS,
+ flag_descriptions::kAcceleratedMjpegDecodeDescription, kOsCrOS | kOsLinux,
SINGLE_DISABLE_VALUE_TYPE(switches::kDisableAcceleratedMjpegDecode)},
-#endif // OS_CHROMEOS
+#endif // OS_CHROMEOS // OS_LINUX
{"v8-cache-options", flag_descriptions::kV8CacheOptionsName,
flag_descriptions::kV8CacheOptionsDescription, kOsAll,
MULTI_VALUE_TYPE(kV8CacheOptionsChoices)},
diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
index 62637e092..86f89fc6e 100644
--- a/chrome/browser/flag_descriptions.cc
+++ b/chrome/browser/flag_descriptions.cc
@@ -3085,15 +3085,20 @@ const char kTextSuggestionsTouchBarDescription[] =
#endif
-// Chrome OS -------------------------------------------------------------------
+// Chrome OS Linux-------------------------------------------------------------------
-#if defined(OS_CHROMEOS)
+#if defined(OS_CHROMEOS) || (defined(OS_LINUX) && !defined(OS_ANDROID))
const char kAcceleratedMjpegDecodeName[] =
"Hardware-accelerated mjpeg decode for captured frame";
const char kAcceleratedMjpegDecodeDescription[] =
"Enable hardware-accelerated mjpeg decode for captured frame where "
"available.";
+#endif
+
+// Chrome OS --------------------------------------------------
+
+#if defined(OS_CHROMEOS)
const char kAllowTouchpadThreeFingerClickName[] = "Touchpad three-finger-click";
const char kAllowTouchpadThreeFingerClickDescription[] =
diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
index 5dac660bb..6cc4115da 100644
--- a/chrome/browser/flag_descriptions.h
+++ b/chrome/browser/flag_descriptions.h
@@ -1846,13 +1846,19 @@ extern const char kPermissionPromptPersistenceToggleDescription[];
#endif // defined(OS_MACOSX)
-// Chrome OS ------------------------------------------------------------------
+// Chrome OS and Linux ------------------------------------------------------------------
-#if defined(OS_CHROMEOS)
+#if defined(OS_CHROMEOS) || (defined(OS_LINUX) && !defined(OS_ANDROID))
extern const char kAcceleratedMjpegDecodeName[];
extern const char kAcceleratedMjpegDecodeDescription[];
+#endif // defined(OS_CHROMEOS) || (defined(OS_LINUX) && !defined(OS_ANDROID))
+
+// Chrome OS ------------------------------------------------------------------------
+
+#if defined(OS_CHROMEOS)
+
extern const char kAllowTouchpadThreeFingerClickName[];
extern const char kAllowTouchpadThreeFingerClickDescription[];
diff --git a/gpu/config/software_rendering_list.json b/gpu/config/software_rendering_list.json
index 65f37b3f1..ae8a1718f 100644
--- a/gpu/config/software_rendering_list.json
+++ b/gpu/config/software_rendering_list.json
@@ -371,11 +371,12 @@
},
{
"id": 48,
- "description": "Accelerated video decode is unavailable on Linux",
+ "description": "Accelerated VA-API video decode is not supported on NVIDIA platforms",
"cr_bugs": [137247],
"os": {
"type": "linux"
},
+ "vendor_id": "0x10de",
"features": [
"accelerated_video_decode"
]
--
2.20.1

54
pkgs/applications/networking/browsers/chromium/patches/vaapi-fix.patch Normal file
View File

@ -0,0 +1,54 @@
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.cc
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.cc
@@ -635,6 +635,7 @@
// |vpp_vaapi_wrapper_| for VaapiPicture to DownloadFromSurface() the VA's
// internal decoded frame.
if (buffer_allocation_mode_ != BufferAllocationMode::kNone &&
+ buffer_allocation_mode_ != BufferAllocationMode::kWrapVdpau &&
!vpp_vaapi_wrapper_) {
vpp_vaapi_wrapper_ = VaapiWrapper::Create(
VaapiWrapper::kVideoProcess, VAProfileNone,
@@ -650,7 +651,8 @@
// only used as a copy destination. Therefore, the VaapiWrapper used and
// owned by |picture| is |vpp_vaapi_wrapper_|.
std::unique_ptr<VaapiPicture> picture = vaapi_picture_factory_->Create(
- (buffer_allocation_mode_ == BufferAllocationMode::kNone)
+ ((buffer_allocation_mode_ == BufferAllocationMode::kNone) ||
+ (buffer_allocation_mode_ == BufferAllocationMode::kWrapVdpau))
? vaapi_wrapper_
: vpp_vaapi_wrapper_,
make_context_current_cb_, bind_image_cb_, buffers[i]);
@@ -1077,6 +1079,14 @@
VaapiVideoDecodeAccelerator::BufferAllocationMode
VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
+ // NVIDIA blobs use VDPAU
+ if (base::StartsWith(VaapiWrapper::GetVendorStringForTesting(),
+ "Splitted-Desktop Systems VDPAU",
+ base::CompareCase::SENSITIVE)) {
+ LOG(INFO) << "VA-API driver on VDPAU backend";
+ return BufferAllocationMode::kWrapVdpau;
+ }
+
// TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT
// |output_mode_| as well.
if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT)
@@ -1089,7 +1099,7 @@
// depends on the bitstream and sometimes it's not enough to cover the amount
// of frames needed by the client pipeline (see b/133733739).
// TODO(crbug.com/911754): Enable for VP9 Profile 2.
- if (IsGeminiLakeOrLater() &&
+ if (false && IsGeminiLakeOrLater() &&
(profile_ == VP9PROFILE_PROFILE0 || profile_ == VP8PROFILE_ANY)) {
// Add one to the reference frames for the one being currently egressed, and
// an extra allocation for both |client_| and |decoder_|, see
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h
@@ -204,6 +204,7 @@
// Using |client_|s provided PictureBuffers and as many internally
// allocated.
kNormal,
+ kWrapVdpau,
};
// Decides the concrete buffer allocation mode, depending on the hardware

7
pkgs/applications/networking/browsers/firefox/wrapper.nix
View File

@ -18,8 +18,9 @@ browser:
let
wrapper =
{ browserName ? browser.browserName or (builtins.parseDrvName browser.name).name
, name ? (browserName + "-" + (builtins.parseDrvName browser.name).version)
{ browserName ? browser.browserName or (lib.getName browser)
, pname ? browserName
, version ? lib.getVersion browser
, desktopName ? # browserName with first letter capitalized
(lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName)
, nameSuffix ? ""
@ -83,7 +84,7 @@ let
gtk_modules = [ libcanberra-gtk2 ];
in stdenv.mkDerivation {
inherit name;
inherit pname version;
desktopItem = makeDesktopItem {
name = browserName;

2
pkgs/applications/networking/c14/default.nix
View File

@ -17,7 +17,7 @@ buildGoPackage rec {
meta = with stdenv.lib; {
description = "C14 is designed for data archiving & long-term backups.";
homepage = https://www.online.net/en/c14;
homepage = https://www.online.net/en/storage/c14-cold-storage;
license = licenses.mit;
maintainers = with maintainers; [ apeyroux ];
};

4
pkgs/applications/networking/datovka/default.nix
View File

@ -11,11 +11,11 @@
mkDerivation rec {
pname = "datovka";
version = "4.14.0";
version = "4.14.1";
src = fetchurl {
url = "https://secure.nic.cz/files/datove_schranky/${version}/${pname}-${version}.tar.xz";
sha256 = "0q7zlq522wdgwxgd3jxmxvr3awclcy0mbw3qaymwzn2b8d35168r";
sha256 = "0jinxsm2zw77294vz9pjiqpgpzdwx5nijsi4nqzxna5rkmwdyxk6";
};
buildInputs = [ libisds qmake qtbase qtsvg libxml2 ];

35
pkgs/applications/networking/instant-messengers/linphone/default.nix
View File

@ -2,19 +2,18 @@
, zlib, libxml2, gtk2, libnotify, speex, ffmpeg, libX11, libsoup, udev
, ortp, mediastreamer, sqlite, belle-sip, libosip, libexosip, bzrtp
, mediastreamer-openh264, bctoolbox, makeWrapper, fetchFromGitHub, cmake
, libmatroska, bcunit, doxygen, gdk-pixbuf, glib, cairo, pango, polarssl
, python, graphviz, belcard
, libmatroska, bcunit, doxygen, gdk-pixbuf, glib, cairo, pango, mbedtls
, python, graphviz, belcard, bcg729
, withGui ? true
}:
stdenv.mkDerivation rec {
baseName = "linphone";
pname = "linphone";
version = "3.12.0";
name = "${baseName}-${version}";
src = fetchFromGitHub {
owner = "BelledonneCommunications";
repo = baseName;
repo = pname;
rev = version;
sha256 = "0az2ywrpx11sqfb4s4r2v726avcjf4k15bvrqj7xvhz7hdndmh0j";
};
@ -27,21 +26,25 @@ stdenv.mkDerivation rec {
buildInputs = [
readline openldap cyrus_sasl libupnp zlib libxml2 gtk2 libnotify speex ffmpeg libX11
polarssl libsoup udev ortp mediastreamer sqlite belle-sip libosip libexosip
bctoolbox libmatroska bcunit gdk-pixbuf glib cairo pango bzrtp belcard
mbedtls libsoup udev ortp mediastreamer sqlite belle-sip libosip libexosip
bctoolbox libmatroska gdk-pixbuf glib cairo pango bzrtp belcard bcg729
];
nativeBuildInputs = [
intltool pkgconfig makeWrapper cmake doxygen graphviz
intltool pkgconfig makeWrapper cmake bcunit doxygen graphviz
(python.withPackages (ps: [ ps.pystache ps.six ]))
];
NIX_CFLAGS_COMPILE = " -Wno-error -I${glib.dev}/include/glib-2.0
-I${glib.out}/lib/glib-2.0/include -I${gtk2.dev}/include/gtk-2.0/
-I${cairo.dev}/include/cairo -I${pango.dev}/include/pango-1.0
-I${gtk2}/lib/gtk-2.0/include
-DLIBLINPHONE_GIT_VERSION=\"v${version}\"
";
NIX_CFLAGS_COMPILE = [
"-Wno-error"
"-I${glib.dev}/include/glib-2.0"
"-I${glib.out}/lib/glib-2.0/include"
"-I${gtk2.dev}/include/gtk-2.0/"
"-I${cairo.dev}/include/cairo"
"-I${pango.dev}/include/pango-1.0"
"-I${gtk2}/lib/gtk-2.0/include"
"-DLIBLINPHONE_GIT_VERSION=\"v${version}\""
];
postInstall = ''
for i in $(cd $out/bin && ls); do
@ -50,8 +53,8 @@ stdenv.mkDerivation rec {
'';
meta = with stdenv.lib; {
homepage = http://www.linphone.org/;
description = "Open Source video SIP softphone";
homepage = https://www.linphone.org/;
description = "Open source SIP phone for voice/video calls and instant messaging";
license = licenses.gpl2Plus;
platforms = platforms.linux;
};

2
pkgs/applications/networking/instant-messengers/slack/update.sh
View File

@ -3,7 +3,7 @@
set -eu -o pipefail
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; slack-theme-black.version or (builtins.parseDrvName slack-theme-black.name).version" | tr -d '"')"
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion slack-theme-black" | tr -d '"')"
latestSha="$(curl -L -s https://api.github.com/repos/laCour/slack-night-mode/commits\?sha\=master\&since\=${oldVersion} | jq -r '.[0].sha')"
if [ ! "null" = "${latestSha}" ]; then

2
pkgs/applications/networking/instant-messengers/zoom-us/update.sh
View File

@ -3,7 +3,7 @@
set -eu -o pipefail
oldVersion=$(nix-instantiate --eval -E "with import ./. {}; zoom-us.version or (builtins.parseDrvName zoom-us.name).version" | tr -d '"')
oldVersion=$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion zoom-us" | tr -d '"')
version="$(curl -sI https://zoom.us/client/latest/zoom_x86_64.tar.xz | grep -Fi 'Location:' | pcregrep -o1 '/(([0-9]\.?)+)/')"
if [ ! "${oldVersion}" = "${version}" ]; then

13
pkgs/applications/networking/mailreaders/aerc/default.nix
View File

@ -1,21 +1,22 @@
{ stdenv, buildGoModule, fetchurl
, go, ncurses, scdoc
, go, ncurses, notmuch, scdoc
, python3, perl, w3m, dante
}:
buildGoModule rec {
pname = "aerc";
version = "0.2.1";
version = "0.3.0";
src = fetchurl {
url = "https://git.sr.ht/~sircmpwn/aerc/archive/${version}.tar.gz";
sha256 = "1ky1nl5b54lf5jnac2kb5404fplwnwypjplas8imdlsf517fw32n";
sha256 = "188jln8hmgiqn5il5m54bns0wk4grj09di8y6mmid58ibw6spma4";
};
nativeBuildInputs = [
go
scdoc
python3.pkgs.wrapPython
notmuch
];
patches = [
@ -28,6 +29,8 @@ buildGoModule rec {
buildInputs = [ python3 perl ];
GOFLAGS="-tags=notmuch";
buildPhase = "
runHook preBuild
# we use make instead of go build
@ -43,12 +46,12 @@ buildGoModule rec {
postFixup = ''
wrapProgram $out/bin/aerc --prefix PATH ":" \
"$out/share/aerc/filters:${stdenv.lib.makeBinPath [ ncurses.dev ]}"
"$out/share/aerc/filters:${stdenv.lib.makeBinPath [ ncurses ]}"
wrapProgram $out/share/aerc/filters/html --prefix PATH ":" \
${stdenv.lib.makeBinPath [ w3m dante ]}
'';
modSha256 = "0fc9m1qb8innypc8cxzbqyrfkawawyaqq3gqy7lqwmyh32f300jh";
modSha256 = "0pxbv4zfhii0g41cy0ycfpkkxw6nnd4ibavic6zqw30j476jnm2x";
meta = with stdenv.lib; {
description = "aerc is an email client for your terminal";

29
pkgs/applications/networking/mailreaders/aerc/runtime-sharedir.patch
View File

@ -1,18 +1,19 @@
From 7ea68a2eef026723903d72f54ca54b629881ec06 Mon Sep 17 00:00:00 2001
From 6cf3c2e42d219b9665a43ca65f321c653b0aa102 Mon Sep 17 00:00:00 2001
From: Tadeo Kondrak <me@tadeo.ca>
Date: Mon, 28 Oct 2019 08:36:36 -0600
Subject: [PATCH] Fix aerc breaking every time the package is rebuilt.
On NixOS, the SHAREDIR changes on every rebuild to the package, but aerc
fills it in as part of the default config. Fix this by not substituting
@SHAREDIR@ in the default config until runtime.
fills it in as part of the default config and then installs that config
to the users home folder. Fix this by not substituting @SHAREDIR@ in the
default config until runtime.
---
Makefile | 2 +-
config/config.go | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
config/config.go | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index d3072d3..17ca0be 100644
index d1c755d..1185a96 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,7 @@ aerc: $(GOSRC)
@ -25,10 +26,22 @@ index d3072d3..17ca0be 100644
DOCS := \
aerc.1 \
diff --git a/config/config.go b/config/config.go
index bfcbecf..2f4e703 100644
index 32d07fc..8ffd3e8 100644
--- a/config/config.go
+++ b/config/config.go
@@ -377,6 +377,9 @@ func LoadConfigFromFile(root *string, sharedir string) (*AercConfig, error) {
@@ -355,6 +355,11 @@ func LoadConfigFromFile(root *string, sharedir string) (*AercConfig, error) {
return nil, err
}
}
+ if sec, err := file.GetSection("templates"); err == nil {
+ if key, err := sec.GetKey("template-dirs"); err == nil {
+ sec.NewKey("template-dirs", strings.ReplaceAll(key.String(), "@SHAREDIR@", sharedir))
+ }
+ }
file.NameMapper = mapName
config := &AercConfig{
Bindings: BindingConfig{
@@ -423,6 +428,9 @@ func LoadConfigFromFile(root *string, sharedir string) (*AercConfig, error) {
if err = config.LoadConfig(file); err != nil {
return nil, err
}

2
pkgs/applications/version-management/git-and-tools/default.nix
View File

@ -103,6 +103,8 @@ let
git-imerge = callPackage ./git-imerge { };
git-machete = python3Packages.callPackage ./git-machete { };
git-octopus = callPackage ./git-octopus { };
git-open = callPackage ./git-open { };

33
pkgs/applications/version-management/git-and-tools/git-machete/default.nix Normal file
View File

@ -0,0 +1,33 @@
{ lib, buildPythonApplication, fetchPypi
, installShellFiles, pbr
, flake8, mock, pycodestyle, pylint, tox }:
buildPythonApplication rec {
pname = "git-machete";
version = "2.12.1";
src = fetchPypi {
inherit pname version;
sha256 = "114kq396zq45jlibn1lp0nk4lmanj4w1bcn48gi7xzdm0y1nkzfq";
};
nativeBuildInputs = [ installShellFiles pbr ];
# TODO: Add missing check inputs (2019-11-22):
# - stestr
doCheck = false;
checkInputs = [ flake8 mock pycodestyle pylint tox ];
postInstall = ''
installShellCompletion --bash --name git-machete completion/git-machete.completion.bash
installShellCompletion --zsh --name _git-machete completion/git-machete.completion.zsh
'';
meta = with lib; {
homepage = https://github.com/VirtusLab/git-machete;
description = "Git repository organizer and rebase workflow automation tool";
license = licenses.mit;
platforms = platforms.all;
maintainers = [ maintainers.blitz ];
};
}

2
pkgs/applications/version-management/git-and-tools/git-subrepo/default.nix
View File

@ -52,7 +52,7 @@ stdenv.mkDerivation rec {
homepage = https://github.com/ingydotnet/git-subrepo;
description = "Git submodule alternative";
license = licenses.mit;
platforms = platforms.linux;
platforms = platforms.unix ++ platforms.darwin;
maintainers = [ maintainers.ryantrinkle ];
};
}

2
pkgs/applications/version-management/git-and-tools/git/update.sh
View File

@ -3,7 +3,7 @@
set -eu -o pipefail
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; git.version or (builtins.parseDrvName git.name).version" | tr -d '"')"
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion git" | tr -d '"')"
latestTag="$(git ls-remote --tags --sort="v:refname" git://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
if [ ! "${oldVersion}" = "${latestTag}" ]; then

Some files were not shown because too many files have changed in this diff Show More