From cfd96284abf6ea3fabf4c25bda82dd25a4019507 Mon Sep 17 00:00:00 2001 From: "Robert T. McGibbon" Date: Fri, 26 Mar 2021 14:36:23 -0400 Subject: [PATCH 01/22] python39Packages.apptools: add prerequisite --- pkgs/development/python-modules/apptools/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/apptools/default.nix b/pkgs/development/python-modules/apptools/default.nix index a6bb0584018..d44a3c5fd42 100644 --- a/pkgs/development/python-modules/apptools/default.nix +++ b/pkgs/development/python-modules/apptools/default.nix @@ -1,7 +1,7 @@ { lib, fetchPypi, buildPythonPackage , configobj, six, traitsui , pytestCheckHook, tables, pandas -, pythonOlder, importlib-resources +, importlib-resources }: buildPythonPackage rec { @@ -17,7 +17,6 @@ buildPythonPackage rec { configobj six traitsui - ] ++ lib.optionals (pythonOlder "3.9") [ importlib-resources ]; From 24109ffdb6372d5d3547cc2048532189ff178de1 Mon Sep 17 00:00:00 2001 From: "Robert T. McGibbon" Date: Fri, 26 Mar 2021 14:37:13 -0400 Subject: [PATCH 02/22] python3Packages.envisage: 4.9.2 -> 5.0.0 --- .../python-modules/apptools/default.nix | 14 +++++++++-- .../python-modules/envisage/default.nix | 24 +++++-------------- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/pkgs/development/python-modules/apptools/default.nix b/pkgs/development/python-modules/apptools/default.nix index d44a3c5fd42..4ee3add12b1 100644 --- a/pkgs/development/python-modules/apptools/default.nix +++ b/pkgs/development/python-modules/apptools/default.nix @@ -1,7 +1,7 @@ { lib, fetchPypi, buildPythonPackage -, configobj, six, traitsui +, fetchpatch, configobj, six, traitsui , pytestCheckHook, tables, pandas -, importlib-resources +, pythonOlder, importlib-resources }: buildPythonPackage rec { @@ -13,10 +13,20 @@ buildPythonPackage rec { sha256 = "12x5lcs1cllpybz7f0i1lcwvmqsaa5n818wb2165lj049wqxx4yh"; }; + patches = [ + # python39: importlib_resources -> importlib.resources. This patch will be included + # in the next release after 5.1.0. + (fetchpatch { + url = "https://github.com/enthought/apptools/commit/0ae4f52f19a8c0ca9d7926e17c7de949097f24b4.patch"; + sha256 = "165aiwjisr5c3lasg7xblcha7y1y5bq23vi3g9gc80c24bzwcbsw"; + }) + ]; + propagatedBuildInputs = [ configobj six traitsui + ] ++ lib.optionals (pythonOlder "3.9") [ importlib-resources ]; diff --git a/pkgs/development/python-modules/envisage/default.nix b/pkgs/development/python-modules/envisage/default.nix index 397e573a252..f53184a8166 100644 --- a/pkgs/development/python-modules/envisage/default.nix +++ b/pkgs/development/python-modules/envisage/default.nix @@ -1,18 +1,18 @@ -{ lib, fetchPypi, fetchpatch, isPy27 +{ lib, fetchPypi, isPy27 , buildPythonPackage -, traits, apptools -, python, ipykernel, ipython +, traits, apptools, pytestCheckHook +, ipykernel, ipython }: buildPythonPackage rec { pname = "envisage"; - version = "4.9.2"; + version = "5.0.0"; disabled = isPy27; src = fetchPypi { inherit pname version; - sha256 = "1srjmkhnz84nz5jd72vdsnc4fn7dd9jr8nyf3hzk6yx1dsn815gd"; + sha256 = "0zrxlq4v3091727vf10ngc8418sp26raxa8q83i4h0sydfkh2dic"; }; propagatedBuildInputs = [ traits apptools ]; @@ -21,22 +21,10 @@ buildPythonPackage rec { export HOME=$PWD/HOME ''; - # fix a test failure; should be merged in next release - patches = [ (fetchpatch { - url = "https://github.com/enthought/envisage/pull/248/commits/7b6d2dd615d5cb7455b200eb8f37e030bbf4df9e.patch"; - sha256 = "0a3dmbpxwsn1bkjcjv9v7b751rcmppj6hc9wcgiayg4l9r2nrvyh"; - }) ]; - checkInputs = [ - ipykernel ipython + ipykernel ipython pytestCheckHook ]; - checkPhase = '' - runHook preCheck - ${python.interpreter} -m unittest - runHook postCheck - ''; - meta = with lib; { description = "Framework for building applications whose functionalities can be extended by adding 'plug-ins'"; homepage = "https://github.com/enthought/envisage"; From 44704440ef6d152b83604d3f953def69f8b41551 Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Mon, 29 Mar 2021 21:17:56 +0200 Subject: [PATCH 03/22] releaseTools: fix nixBuild function Without this fix, I can no longer build anything with releaseTools.nixBuild {}. A job typically fails with: $ nix-build release.nix -A build.basic.x86_64-linux --show-trace error: while evaluating the attribute 'lib' of the derivation 'libnixxml-0.1pre1234' at /home/sander/teststuff/nixpkgs/pkgs/build-support/release/nix-build.nix:89:5: cannot coerce a set to a string, at /home/sander/teststuff/nixpkgs/pkgs/build-support/release/nix-build.nix:89:5 This is caused by the fact that `lib' is propagated as a parameter, which is a function. Functions cannot be converted to strings. --- pkgs/build-support/release/nix-build.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/build-support/release/nix-build.nix b/pkgs/build-support/release/nix-build.nix index 97df52eaced..ac51b90e016 100644 --- a/pkgs/build-support/release/nix-build.nix +++ b/pkgs/build-support/release/nix-build.nix @@ -83,9 +83,9 @@ stdenv.mkDerivation ( ''; } - // args // + // removeAttrs args [ "lib" ] # Propagating lib causes the evaluation to fail, because lib is a function that can't be converted to a string - { + // { name = name + (if src ? version then "-" + src.version else ""); postHook = '' From 3ac9e7b934554686609a11ef22a8f27e57e04f40 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 08:24:50 +0000 Subject: [PATCH 04/22] asciigraph: 0.5.1 -> 0.5.2 --- pkgs/tools/text/asciigraph/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/asciigraph/default.nix b/pkgs/tools/text/asciigraph/default.nix index 79d8c9079c7..27c2a1ff28e 100644 --- a/pkgs/tools/text/asciigraph/default.nix +++ b/pkgs/tools/text/asciigraph/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "asciigraph"; - version = "0.5.1"; + version = "0.5.2"; goPackagePath = "github.com/guptarohit/asciigraph"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "guptarohit"; repo = pname; rev = "v${version}"; - sha256 = "0aqf64b5d5lf9scvxdx5f3p0vvx5s59mrvr6hcjljg1prksah9ns"; + sha256 = "sha256-iVgJtxt0B6nMA3bieZ1CmZucwLMb5av6Wn5BMDRWfcI="; }; meta = with lib; { From c7a9be116dd33fe0954a98551e6f0d9b5bfa620c Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 09:52:00 +0000 Subject: [PATCH 05/22] clightd: 5.2 -> 5.3 --- pkgs/applications/misc/clight/clightd.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/clight/clightd.nix b/pkgs/applications/misc/clight/clightd.nix index 632a0d5d0e8..192cddc2e17 100644 --- a/pkgs/applications/misc/clight/clightd.nix +++ b/pkgs/applications/misc/clight/clightd.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "clightd"; - version = "5.2"; + version = "5.3"; src = fetchFromGitHub { owner = "FedeDP"; repo = "Clightd"; rev = version; - sha256 = "sha256-bb+PQsWLf4KnbzWUY6B42yHaDQKN9dtyfwSLe8FBaWU="; + sha256 = "sha256-CuTYCNZ9oiDsm5mUDmjbxkmAl61PEXv3WMrZRzgdZeE="; }; # dbus-1.pc has datadir=/etc From 0414c39fc7b146643fadaec4611c49b3120e6d14 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 10:05:07 +0000 Subject: [PATCH 06/22] cpu-x: 4.0.1 -> 4.2.0 --- pkgs/applications/misc/cpu-x/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/cpu-x/default.nix b/pkgs/applications/misc/cpu-x/default.nix index d0ef6f05aeb..2de06f8c031 100644 --- a/pkgs/applications/misc/cpu-x/default.nix +++ b/pkgs/applications/misc/cpu-x/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "cpu-x"; - version = "4.0.1"; + version = "4.2.0"; src = fetchFromGitHub { owner = "X0rg"; repo = "CPU-X"; rev = "v${version}"; - sha256 = "191zkkswlbbsw492yygc3idf7wh3bxs97drrqvqqw0mqvrzykxm3"; + sha256 = "sha256-LWIcE86o+uU8G9DtumiH6iTqHhvq4y/QyQX7J3FhKEc="; }; nativeBuildInputs = [ cmake pkg-config wrapGAppsHook nasm makeWrapper ]; From 7c30e788cca2c96cb64063ac26dbb7f4d59d6831 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 10:17:22 +0000 Subject: [PATCH 07/22] dasel: 1.13.5 -> 1.13.6 --- pkgs/applications/misc/dasel/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/dasel/default.nix b/pkgs/applications/misc/dasel/default.nix index 6cbc7ffd475..a78ac11d67c 100644 --- a/pkgs/applications/misc/dasel/default.nix +++ b/pkgs/applications/misc/dasel/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "dasel"; - version = "1.13.5"; + version = "1.13.6"; src = fetchFromGitHub { owner = "TomWright"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Fy202w1lUrymnpnCmWwnbpMsda7JrZ3B0c+a9UtKsSA="; + sha256 = "sha256-PTi1blbMVsuftLrFIYNDI8ZFEwRxDA53Md9oZTv7nHs="; }; vendorSha256 = "sha256-BdX4DO77mIf/+aBdkNVFUzClsIml1UMcgvikDbbdgcY="; From 637c75cf50dfd4a3a61b6b6a99f4d2533cef82b2 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 11:46:55 +0000 Subject: [PATCH 08/22] gdu: 4.9.0 -> 4.9.1 --- pkgs/tools/system/gdu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/system/gdu/default.nix b/pkgs/tools/system/gdu/default.nix index c57c2766984..839c48c320a 100644 --- a/pkgs/tools/system/gdu/default.nix +++ b/pkgs/tools/system/gdu/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "gdu"; - version = "4.9.0"; + version = "4.9.1"; src = fetchFromGitHub { owner = "dundee"; repo = pname; rev = "v${version}"; - sha256 = "sha256-fQzKWgePF7SszYMwRSB3s59AmVjvzMvXPM49PXFTBGM="; + sha256 = "sha256-blvnwsmcHf0yH2C/NUCsVQECIH4SI0BTNiMzCuNd0H0="; }; vendorSha256 = "sha256-QiO5p0x8kmIN6f0uYS0IR2MlWtRYTHeZpW6Nmupjias="; From dadaadc76002c93b13b6e7a3fb8c868e110b5651 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 12:01:35 +0000 Subject: [PATCH 09/22] gitjacker: 0.0.3 -> 0.1.0 --- pkgs/tools/security/gitjacker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/gitjacker/default.nix b/pkgs/tools/security/gitjacker/default.nix index 53350f01317..14d9ab9ccfa 100644 --- a/pkgs/tools/security/gitjacker/default.nix +++ b/pkgs/tools/security/gitjacker/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "gitjacker"; - version = "0.0.3"; + version = "0.1.0"; src = fetchFromGitHub { owner = "liamg"; repo = "gitjacker"; rev = "v${version}"; - sha256 = "sha256-cMjjVjHGTVT33bknAo2DVH/qPSeazVIIw3RpXGDxF5E="; + sha256 = "sha256-rEn9FpcRfEt2yGepIPEAO9m8JeVb+nMhYMBWhC/barc="; }; vendorSha256 = null; From ecbaf640cfdbd9596528823e1f03112051ae9c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Tue, 30 Mar 2021 15:51:56 +0200 Subject: [PATCH 10/22] prs: 0.2.5 -> 0.2.6 --- pkgs/tools/security/prs/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/security/prs/default.nix b/pkgs/tools/security/prs/default.nix index ca3e1feef3e..64028b3f443 100644 --- a/pkgs/tools/security/prs/default.nix +++ b/pkgs/tools/security/prs/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "prs"; - version = "0.2.5"; + version = "0.2.6"; src = fetchFromGitLab { owner = "timvisee"; repo = "prs"; rev = "v${version}"; - sha256 = "sha256-XJcNhIMu60H5LmoRzMqhPq33cCU9PBPfIIUtaSnmrH8="; + sha256 = "sha256-2fpR9XCcKby+hI7Dzpr2qi1QgOzdgJp0Um57tQmi01A="; }; - cargoSha256 = "sha256-4l/KQMtGfZX5Rg35AJxvwzg3aAzuPK2iKrHDRgIw+bg="; + cargoSha256 = "sha256-0oWNGrJ24gPkPp5PR/pQ1tIYkXztQJFAdPz162V5THY="; postPatch = '' # The GPGME backend is recommended From f80c3825a60ab3e5976c9d284281106b34a4dbb0 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 14:48:56 +0000 Subject: [PATCH 11/22] mgba: 0.8.4 -> 0.9.0 --- pkgs/misc/emulators/mgba/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/misc/emulators/mgba/default.nix b/pkgs/misc/emulators/mgba/default.nix index 03269017518..be097c31185 100644 --- a/pkgs/misc/emulators/mgba/default.nix +++ b/pkgs/misc/emulators/mgba/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "mgba"; - version = "0.8.4"; + version = "0.9.0"; src = fetchFromGitHub { owner = "mgba-emu"; repo = "mgba"; rev = version; - sha256 = "0nqj4bnn5c2z1bq4bnbw1wznc0wpmq4sy3w8pipd6n6620b9m4qq"; + sha256 = "sha256-JVauGyHJVfiXVG4Z+Ydh1lRypy5rk9SKeTbeHFNFYJs="; }; nativeBuildInputs = [ wrapQtAppsHook pkg-config cmake ]; From 3fb04ca505b19831c78d84b63213dc208cda997c Mon Sep 17 00:00:00 2001 From: talyz Date: Tue, 23 Feb 2021 18:51:48 +0100 Subject: [PATCH 12/22] nixos/gitlab: Introduce automatic backup support Add support for automatically backing up GitLab state, both locally and to remote locations. --- nixos/modules/services/misc/gitlab.nix | 121 ++++++++++++++++++++++++- 1 file changed, 117 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index c9dd10ec557..0af57bd4e89 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -116,7 +116,11 @@ let omniauth.enabled = false; shared.path = "${cfg.statePath}/shared"; gitaly.client_path = "${cfg.packages.gitaly}/bin"; - backup.path = "${cfg.backupPath}"; + backup = { + path = cfg.backup.path; + keep_time = cfg.backup.keepTime; + upload = cfg.backup.uploadOptions; + }; gitlab_shell = { path = "${cfg.packages.gitlab-shell}"; hooks_path = "${cfg.statePath}/shell/hooks"; @@ -207,6 +211,7 @@ in { imports = [ (mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ]) + (mkRenamedOptionModule [ "services" "gitlab" "backupPath" ] [ "services" "gitlab" "backup" "path" ]) (mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "") ]; @@ -270,10 +275,101 @@ in { ''; }; - backupPath = mkOption { + backup.startAt = mkOption { + type = with types; either str (listOf str); + default = []; + example = "03:00"; + description = '' + The time(s) to run automatic backup of GitLab + state. Specified in systemd's time format; see + systemd.time + 7. + ''; + }; + + backup.path = mkOption { type = types.str; default = cfg.statePath + "/backup"; - description = "Gitlab path for backups."; + description = "GitLab path for backups."; + }; + + backup.keepTime = mkOption { + type = types.int; + default = 0; + example = 48; + apply = x: x * 60 * 60; + description = '' + How long to keep the backups around, in + hours. 0 means keep + forever. + ''; + }; + + backup.skip = mkOption { + type = with types; + let value = enum [ + "db" + "uploads" + "builds" + "artifacts" + "lfs" + "registry" + "pages" + "repositories" + "tar" + ]; + in + either value (listOf value); + default = []; + example = [ "artifacts" "lfs" ]; + apply = x: if isString x then x else concatStringsSep "," x; + description = '' + Directories to exclude from the backup. The example excludes + CI artifacts and LFS objects from the backups. The + tar option skips the creation of a tar + file. + + Refer to + for more information. + ''; + }; + + backup.uploadOptions = mkOption { + type = types.attrs; + default = {}; + example = literalExample '' + { + # Fog storage connection settings, see http://fog.io/storage/ + connection = { + provider = "AWS"; + region = "eu-north-1"; + aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX"; + aws_secret_access_key = { _secret = config.deployment.keys.aws_access_key.path; }; + }; + + # The remote 'directory' to store your backups in. + # For S3, this would be the bucket name. + remote_directory = "my-gitlab-backups"; + + # Use multipart uploads when file size reaches 100MB, see + # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html + multipart_chunk_size = 104857600; + + # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional + encryption = "AES256"; + + # Specifies Amazon S3 storage class to use for backups, this is optional + storage_class = "STANDARD"; + }; + ''; + description = '' + GitLab automatic upload specification. Tells GitLab to + upload the backup to a remote location when done. + + Attributes specified here are added under + production -> backup -> upload in + config/gitlab.yml. + ''; }; databaseHost = mkOption { @@ -720,7 +816,7 @@ in { "d /run/gitlab 0755 ${cfg.user} ${cfg.group} -" "d ${gitlabEnv.HOME} 0750 ${cfg.user} ${cfg.group} -" "z ${gitlabEnv.HOME}/.ssh/authorized_keys 0600 ${cfg.user} ${cfg.group} -" - "d ${cfg.backupPath} 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.backup.path} 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath} 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -" @@ -1053,6 +1149,23 @@ in { }; + systemd.services.gitlab-backup = { + after = [ "gitlab.service" ]; + bindsTo = [ "gitlab.service" ]; + startAt = cfg.backup.startAt; + environment = { + RAILS_ENV = "production"; + CRON = "1"; + } // optionalAttrs (stringLength cfg.backup.skip > 0) { + SKIP = cfg.backup.skip; + }; + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart = "${gitlab-rake}/bin/gitlab-rake gitlab:backup:create"; + }; + }; + }; meta.doc = ./gitlab.xml; From 35582c5af7be083e0e7aaacccec5642ecccf83fb Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 25 Feb 2021 11:40:47 +0100 Subject: [PATCH 13/22] gitlab.tests: Test backup and restore Test the automatic backup and restore functionality by backing up the instance after running the initial tests, stopping GitLab and removing all state, running the restore rake task, then running the tests again, but without pushing data. --- nixos/tests/gitlab.nix | 135 +++++++++++++++++++++++++---------------- 1 file changed, 83 insertions(+), 52 deletions(-) diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index baad675229c..582f5faf9bc 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -34,6 +34,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; { enableImap = true; }; + systemd.services.gitlab-backup.environment.BACKUP = "dump"; + services.gitlab = { enable = true; databasePasswordFile = pkgs.writeText "dbPassword" "xo0daiF4"; @@ -64,60 +66,89 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; { }; }; - testScript = - let - auth = pkgs.writeText "auth.json" (builtins.toJSON { - grant_type = "password"; - username = "root"; - password = initialRootPassword; - }); + testScript = { nodes, ... }: + let + auth = pkgs.writeText "auth.json" (builtins.toJSON { + grant_type = "password"; + username = "root"; + password = initialRootPassword; + }); - createProject = pkgs.writeText "create-project.json" (builtins.toJSON { - name = "test"; - }); + createProject = pkgs.writeText "create-project.json" (builtins.toJSON { + name = "test"; + }); - putFile = pkgs.writeText "put-file.json" (builtins.toJSON { - branch = "master"; - author_email = "author@example.com"; - author_name = "Firstname Lastname"; - content = "some content"; - commit_message = "create a new file"; - }); - in - '' - gitlab.start() + putFile = pkgs.writeText "put-file.json" (builtins.toJSON { + branch = "master"; + author_email = "author@example.com"; + author_name = "Firstname Lastname"; + content = "some content"; + commit_message = "create a new file"; + }); - gitlab.wait_for_unit("gitaly.service") - gitlab.wait_for_unit("gitlab-workhorse.service") - gitlab.wait_for_unit("gitlab-pages.service") - gitlab.wait_for_unit("gitlab-mailroom.service") - gitlab.wait_for_unit("gitlab.service") - gitlab.wait_for_unit("gitlab-sidekiq.service") - gitlab.wait_for_file("/var/gitlab/state/tmp/sockets/gitlab.socket") - gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in") + # Wait for all GitLab services to be fully started. + waitForServices = '' + gitlab.wait_for_unit("gitaly.service") + gitlab.wait_for_unit("gitlab-workhorse.service") + gitlab.wait_for_unit("gitlab-pages.service") + gitlab.wait_for_unit("gitlab-mailroom.service") + gitlab.wait_for_unit("gitlab.service") + gitlab.wait_for_unit("gitlab-sidekiq.service") + gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitlab.socket") + gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in") + ''; - gitlab.succeed( - "curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in" - ) - gitlab.succeed( - "${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2" - ) - gitlab.succeed( - "echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers" - ) - gitlab.succeed( - "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects" - ) - gitlab.succeed( - "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt" - ) - gitlab.succeed( - "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz" - ) - gitlab.succeed( - "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2" - ) - gitlab.succeed("test -s /tmp/archive.tar.gz") - gitlab.succeed("test -s /tmp/archive.tar.bz2") - ''; + # The actual test of GitLab. Only push data to GitLab if + # `doSetup` is is true. + test = doSetup: '' + gitlab.succeed( + "curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in" + ) + gitlab.succeed( + "${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2" + ) + gitlab.succeed( + "echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers" + ) + '' + optionalString doSetup '' + gitlab.succeed( + "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects" + ) + gitlab.succeed( + "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt" + ) + '' + '' + gitlab.succeed( + "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz" + ) + gitlab.succeed( + "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2" + ) + gitlab.succeed("test -s /tmp/archive.tar.gz") + gitlab.succeed("test -s /tmp/archive.tar.bz2") + ''; + + in '' + gitlab.start() + '' + + waitForServices + + test true + + '' + gitlab.systemctl("start gitlab-backup.service") + gitlab.wait_for_unit("gitlab-backup.service") + gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/backup/dump_gitlab_backup.tar") + gitlab.systemctl("stop postgresql.service gitlab.target") + gitlab.succeed( + "find ${nodes.gitlab.config.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +" + ) + gitlab.succeed("systemd-tmpfiles --create") + gitlab.succeed("rm -rf ${nodes.gitlab.config.services.postgresql.dataDir}") + gitlab.systemctl("start gitlab-config.service gitlab-postgresql.service") + gitlab.succeed( + "sudo -u gitlab -H gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=dump force=yes" + ) + gitlab.systemctl("start gitlab.target") + '' + + waitForServices + + test false; }) From 7b5cbde81ff5d59541deb64e12557ce964f65299 Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 25 Feb 2021 12:02:55 +0100 Subject: [PATCH 14/22] nixos/gitlab: Gitlab -> GitLab --- nixos/modules/services/misc/gitlab.nix | 22 +++++++++++----------- nixos/modules/services/misc/gitlab.xml | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 0af57bd4e89..b8bb4059dcc 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -265,7 +265,7 @@ in { type = types.str; default = "/var/gitlab/state"; description = '' - Gitlab state directory. Configuration, repositories and + GitLab state directory. Configuration, repositories and logs, among other things, are stored here. The directory will be created automatically if it doesn't @@ -376,7 +376,7 @@ in { type = types.str; default = ""; description = '' - Gitlab database hostname. An empty string means use + GitLab database hostname. An empty string means use local unix socket connection. ''; }; @@ -385,7 +385,7 @@ in { type = with types; nullOr path; default = null; description = '' - File containing the Gitlab database user password. + File containing the GitLab database user password. This should be a string, not a nix path, since nix paths are copied into the world-readable nix store. @@ -406,13 +406,13 @@ in { databaseName = mkOption { type = types.str; default = "gitlab"; - description = "Gitlab database name."; + description = "GitLab database name."; }; databaseUsername = mkOption { type = types.str; default = "gitlab"; - description = "Gitlab database user."; + description = "GitLab database user."; }; databasePool = mkOption { @@ -456,14 +456,14 @@ in { host = mkOption { type = types.str; default = config.networking.hostName; - description = "Gitlab host name. Used e.g. for copy-paste URLs."; + description = "GitLab host name. Used e.g. for copy-paste URLs."; }; port = mkOption { type = types.int; default = 8080; description = '' - Gitlab server port for copy-paste URLs, e.g. 80 or 443 if you're + GitLab server port for copy-paste URLs, e.g. 80 or 443 if you're service over https. ''; }; @@ -516,26 +516,26 @@ in { address = mkOption { type = types.str; default = "localhost"; - description = "Address of the SMTP server for Gitlab."; + description = "Address of the SMTP server for GitLab."; }; port = mkOption { type = types.int; default = 25; - description = "Port of the SMTP server for Gitlab."; + description = "Port of the SMTP server for GitLab."; }; username = mkOption { type = with types; nullOr str; default = null; - description = "Username of the SMTP server for Gitlab."; + description = "Username of the SMTP server for GitLab."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; description = '' - File containing the password of the SMTP server for Gitlab. + File containing the password of the SMTP server for GitLab. This should be a string, not a nix path, since nix paths are copied into the world-readable nix store. diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 19a3df0a5f6..8ddc54794b2 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -3,15 +3,15 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="module-services-gitlab"> - Gitlab + GitLab - Gitlab is a feature-rich git hosting service. + GitLab is a feature-rich git hosting service.
Prerequisites - The gitlab service exposes only an Unix socket at + The gitlab service exposes only an Unix socket at /run/gitlab/gitlab-workhorse.socket. You need to configure a webserver to proxy HTTP requests to the socket. @@ -39,7 +39,7 @@ Configuring - Gitlab depends on both PostgreSQL and Redis and will automatically enable + GitLab depends on both PostgreSQL and Redis and will automatically enable both services. In the case of PostgreSQL, a database and a role will be created. @@ -85,20 +85,20 @@ services.gitlab = { - If you're setting up a new Gitlab instance, generate new + If you're setting up a new GitLab instance, generate new secrets. You for instance use tr -dc A-Za-z0-9 < /dev/urandom | head -c 128 > /var/keys/gitlab/db to generate a new db secret. Make sure the files can be read by, and only by, the user specified by services.gitlab.user. Gitlab + linkend="opt-services.gitlab.user">services.gitlab.user. GitLab encrypts sensitive data stored in the database. If you're restoring - an existing Gitlab instance, you must specify the secrets secret - from config/secrets.yml located in your Gitlab + an existing GitLab instance, you must specify the secrets secret + from config/secrets.yml located in your GitLab state folder. - When icoming_mail.enabled is set to true + When incoming_mail.enabled is set to true in extraConfig an additional service called gitlab-mailroom is enabled for fetching incoming mail. @@ -113,13 +113,13 @@ services.gitlab = { Maintenance - You can run Gitlab's rake tasks with gitlab-rake which + You can run GitLab's rake tasks with gitlab-rake which will be available on the system when gitlab is enabled. You will have to run the command as the user that you configured to run gitlab with. - For example, to backup a Gitlab instance: + For example, to backup a GitLab instance: $ sudo -u git -H gitlab-rake gitlab:backup:create From abba76a3b96c75872010e31c216b84cac7fe3a6e Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 25 Feb 2021 13:48:33 +0100 Subject: [PATCH 15/22] nixos/gitlab: Document automatic backups --- nixos/doc/manual/release-notes/rl-2105.xml | 8 +++++ nixos/modules/services/misc/gitlab.xml | 39 ++++++++++++++++------ 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index b7947293c01..73deab7f539 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -883,6 +883,14 @@ environment.systemPackages = [ Please test your setup and container images with containerd prior to upgrading. + + + The GitLab module now has support for automatic backups. A + schedule can be set with the + services.gitlab.backup.startAt + option. + +
diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 8ddc54794b2..40424c5039a 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -112,21 +112,40 @@ services.gitlab = {
Maintenance - - You can run GitLab's rake tasks with gitlab-rake which - will be available on the system when gitlab is enabled. You will have to run - the command as the user that you configured to run gitlab with. - +
+ Backups + + Backups can be configured with the options in services.gitlab.backup. Use + the services.gitlab.backup.startAt + option to configure regular backups. + - - For example, to backup a GitLab instance: + + To run a manual backup, start the gitlab-backup service: -$ sudo -u git -H gitlab-rake gitlab:backup:create +$ systemctl start gitlab-backup.service - A list of all availabe rake tasks can be obtained by running: + +
+ +
+ Rake tasks + + + You can run GitLab's rake tasks with gitlab-rake + which will be available on the system when GitLab is enabled. You + will have to run the command as the user that you configured to run + GitLab with. + + + + A list of all availabe rake tasks can be obtained by running: $ sudo -u git -H gitlab-rake -T - + +
From aae2d4cfa912d54f81d2791d47919926e9a1e972 Mon Sep 17 00:00:00 2001 From: Enno Richter Date: Tue, 30 Mar 2021 10:51:35 +0200 Subject: [PATCH 16/22] python3Packages.pysonos: fix broken checkPhase --- .../python-modules/pysonos/default.nix | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pkgs/development/python-modules/pysonos/default.nix b/pkgs/development/python-modules/pysonos/default.nix index fdf350bd377..704f3c44c4e 100644 --- a/pkgs/development/python-modules/pysonos/default.nix +++ b/pkgs/development/python-modules/pysonos/default.nix @@ -3,12 +3,12 @@ , fetchFromGitHub , isPy3k , xmltodict -, requests , ifaddr +, requests -# Test dependencies -, pytest, pylint, flake8, graphviz -, mock, sphinx, sphinx_rtd_theme + # Test dependencies +, pytestCheckHook +, mock , requests-mock }: @@ -26,17 +26,17 @@ buildPythonPackage rec { sha256 = "0a0c7jwv39nbvpdcx32sd8kjmj4nyrd7k0yxhpmxdnx4zr4vvzqg"; }; - propagatedBuildInputs = [ xmltodict requests ifaddr ]; + propagatedBuildInputs = [ ifaddr requests xmltodict ]; checkInputs = [ - pytest pylint flake8 graphviz - mock sphinx sphinx_rtd_theme + pytestCheckHook + mock requests-mock ]; - checkPhase = '' - pytest --deselect=tests/test_discovery.py::TestDiscover::test_discover - ''; + disabledTests = [ + "test_desc_from_uri" # test requires network access + ]; meta = { homepage = "https://github.com/amelchio/pysonos"; From ca8ff0b83412ac617033e978ba89858066c00e2a Mon Sep 17 00:00:00 2001 From: Enno Richter Date: Tue, 30 Mar 2021 14:15:14 +0200 Subject: [PATCH 17/22] home-assistant: enable sonos componentTest --- pkgs/servers/home-assistant/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index 6260906e0c2..e667378af5b 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -299,6 +299,7 @@ in with py.pkgs; buildPythonApplication rec { "smarttub" "smtp" "solaredge" + "sonos" "sql" "ssdp" "stream" From 7248f89da2dab8bca3a9f4f11d0407d0c8e25e89 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 31 Mar 2021 05:43:53 +1000 Subject: [PATCH 18/22] gh: 1.7.0 -> 1.8.0 https://github.com/cli/cli/releases/tag/v1.8.0 --- .../version-management/git-and-tools/gh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/version-management/git-and-tools/gh/default.nix b/pkgs/applications/version-management/git-and-tools/gh/default.nix index 153a948d8ed..89fce0050ba 100644 --- a/pkgs/applications/version-management/git-and-tools/gh/default.nix +++ b/pkgs/applications/version-management/git-and-tools/gh/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gh"; - version = "1.7.0"; + version = "1.8.0"; src = fetchFromGitHub { owner = "cli"; repo = "cli"; rev = "v${version}"; - sha256 = "0ndi264rrssqin03qmv7n0fpzs3kasfqykidrlcyizw1ngyfgc1a"; + sha256 = "009jh1i1ji7d773ismifdw4qvwlb8s1zn14d0n84j9h3n0hyynbc"; }; - vendorSha256 = "0ywh5d41b1c5ivwngsgn46d6yb7s1wqyzl5b0j1x4mcvydi5yi98"; + vendorSha256 = "1wv30z0jg195nkpz3rwvhixyw81lg2wzwwajq9g6s3rfjj8gs9v2"; nativeBuildInputs = [ installShellFiles ]; From 124564d5d212c8c9a74252ed718e6f1d65f3a5a0 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 31 Mar 2021 06:13:15 +1000 Subject: [PATCH 19/22] youtube-dl: 2021.03.25 -> 2021.03.31 https://github.com/ytdl-org/youtube-dl/releases/tag/2021.03.31 --- pkgs/tools/misc/youtube-dl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/youtube-dl/default.nix b/pkgs/tools/misc/youtube-dl/default.nix index 85868977899..9c24e2b0af2 100644 --- a/pkgs/tools/misc/youtube-dl/default.nix +++ b/pkgs/tools/misc/youtube-dl/default.nix @@ -18,11 +18,11 @@ buildPythonPackage rec { # The websites youtube-dl deals with are a very moving target. That means that # downloads break constantly. Because of that, updates should always be backported # to the latest stable release. - version = "2021.03.25"; + version = "2021.03.31"; src = fetchurl { url = "https://yt-dl.org/downloads/${version}/${pname}-${version}.tar.gz"; - sha256 = "0ps8ydx4hbj6sl0m760zdm9pvhccjmwvx680i4akz3lk4z9wy0x3"; + sha256 = "1svcgrhq1yxpcd6k3piqs5paalrcsq9bm79h5ras1g7yjzid05gj"; }; nativeBuildInputs = [ installShellFiles makeWrapper ]; From dccd915adf469fcba2418d8f8804bf0922a82349 Mon Sep 17 00:00:00 2001 From: Felix Tenley Date: Sun, 28 Mar 2021 20:41:00 +0200 Subject: [PATCH 20/22] nixos/etebase-server: replace customIni with more flexible settings option Fixes #112834 where incorrect documentation of options was reported. customIni used to replace the entire default configuration while the new settings option is merged in with the default configuration and still allows overriding options when needed. --- .../modules/services/misc/etebase-server.nix | 163 ++++++++++-------- 1 file changed, 88 insertions(+), 75 deletions(-) diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix index d9d12698d79..35da5051866 100644 --- a/nixos/modules/services/misc/etebase-server.nix +++ b/nixos/modules/services/misc/etebase-server.nix @@ -8,31 +8,28 @@ let pythonEnv = pkgs.python3.withPackages (ps: with ps; [ etebase-server daphne ]); - dbConfig = { - sqlite3 = '' - engine = django.db.backends.sqlite3 - name = ${cfg.dataDir}/db.sqlite3 - ''; - }; + iniFmt = pkgs.formats.ini {}; - defaultConfigIni = toString (pkgs.writeText "etebase-server.ini" '' - [global] - debug = false - secret_file = ${if cfg.secretFile != null then cfg.secretFile else ""} - media_root = ${cfg.dataDir}/media - - [allowed_hosts] - allowed_host1 = ${cfg.host} - - [database] - ${dbConfig."${cfg.database.type}"} - ''); - - configIni = if cfg.customIni != null then cfg.customIni else defaultConfigIni; + configIni = iniFmt.generate "etebase-server.ini" cfg.settings; defaultUser = "etebase-server"; in { + imports = [ + (mkRemovedOptionModule + [ "services" "etebase-server" "customIni" ] + "Set the option `services.etebase-server.settings' instead.") + (mkRemovedOptionModule + [ "services" "etebase-server" "database" ] + "Set the option `services.etebase-server.settings.database' instead.") + (mkRenamedOptionModule + [ "services" "etebase-server" "secretFile" ] + [ "services" "etebase-server" "settings" "secret_file" ]) + (mkRenamedOptionModule + [ "services" "etebase-server" "host" ] + [ "services" "etebase-server" "settings" "allowed_hosts" "allowed_host1" ]) + ]; + options = { services.etebase-server = { enable = mkOption { @@ -42,21 +39,13 @@ in description = '' Whether to enable the Etebase server. - Once enabled you need to create an admin user using the - shell command etebase-server createsuperuser. + Once enabled you need to create an admin user by invoking the + shell command etebase-server createsuperuser with + the user specified by the user option or a superuser. Then you can login and create accounts on your-etebase-server.com/admin ''; }; - secretFile = mkOption { - default = null; - type = with types; nullOr str; - description = '' - The path to a file containing the secret - used as django's SECRET_KEY. - ''; - }; - dataDir = mkOption { type = types.str; default = "/var/lib/etebase-server"; @@ -77,15 +66,6 @@ in ''; }; - host = mkOption { - type = types.str; - default = "0.0.0.0"; - example = "localhost"; - description = '' - Host to listen on. - ''; - }; - unixSocket = mkOption { type = with types; nullOr str; default = null; @@ -93,42 +73,75 @@ in example = "/run/etebase-server/etebase-server.sock"; }; - database = { - type = mkOption { - type = types.enum [ "sqlite3" ]; - default = "sqlite3"; - description = '' - Database engine to use. - Currently only sqlite3 is supported. - Other options can be configured using extraConfig. - ''; + settings = mkOption { + type = lib.types.submodule { + freeformType = iniFmt.type; + + options = { + global = { + debug = mkOption { + type = types.bool; + default = false; + description = '' + Whether to set django's DEBUG flag. + ''; + }; + secret_file = mkOption { + type = with types; nullOr str; + default = null; + description = '' + The path to a file containing the secret + used as django's SECRET_KEY. + ''; + }; + media_root = mkOption { + type = types.str; + default = "${cfg.dataDir}/media"; + defaultText = "\${config.services.etebase-server.dataDir}/media"; + description = "The media directory."; + }; + }; + allowed_hosts = { + allowed_host1 = mkOption { + type = types.str; + default = "0.0.0.0"; + example = "localhost"; + description = '' + The main host that is allowed access. + ''; + }; + }; + database = { + engine = mkOption { + type = types.enum [ "django.db.backends.sqlite3" "django.db.backends.postgresql" ]; + default = "django.db.backends.sqlite3"; + description = "The database engine to use."; + }; + name = mkOption { + type = types.str; + default = "${cfg.dataDir}/db.sqlite3"; + defaultText = "\${config.services.etebase-server.dataDir}/db.sqlite3"; + description = "The database name."; + }; + }; + }; }; - }; - - customIni = mkOption { - type = with types; nullOr str; - default = null; + default = {}; description = '' - Custom etebase-server.ini. - - See etebase-src/etebase-server.ini.example for available options. - - Setting this option overrides the default config which is generated from the options - secretFile, host and database. - ''; - example = literalExample '' - [global] - debug = false - secret_file = /path/to/secret - media_root = /path/to/media - - [allowed_hosts] - allowed_host1 = example.com - - [database] - engine = django.db.backends.sqlite3 - name = db.sqlite3 + Configuration for etebase-server. Refer to + + and + for details on supported values. ''; + example = { + global = { + debug = true; + media_root = "/path/to/media"; + }; + allowed_hosts = { + allowed_host2 = "localhost"; + }; + }; }; user = mkOption { @@ -166,8 +179,8 @@ in WorkingDirectory = cfg.dataDir; }; environment = { - PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}"; - ETEBASE_EASY_CONFIG_PATH="${configIni}"; + PYTHONPATH = "${pythonEnv}/${pkgs.python3.sitePackages}"; + ETEBASE_EASY_CONFIG_PATH = "${configIni}"; }; preStart = '' # Auto-migrate on first run or if the package has changed From 410d181739183d8dea01bfd7c8299969663aaf77 Mon Sep 17 00:00:00 2001 From: Felix Tenley Date: Sun, 28 Mar 2021 23:50:18 +0200 Subject: [PATCH 21/22] nixos/etebase-server: add missing static directory setup --- nixos/modules/services/misc/etebase-server.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix index 35da5051866..31e0952b5b9 100644 --- a/nixos/modules/services/misc/etebase-server.nix +++ b/nixos/modules/services/misc/etebase-server.nix @@ -94,6 +94,12 @@ in used as django's SECRET_KEY. ''; }; + static_root = mkOption { + type = types.str; + default = "${cfg.dataDir}/static"; + defaultText = "\${config.services.etebase-server.dataDir}/static"; + description = "The directory for static files."; + }; media_root = mkOption { type = types.str; default = "${cfg.dataDir}/media"; @@ -180,13 +186,14 @@ in }; environment = { PYTHONPATH = "${pythonEnv}/${pkgs.python3.sitePackages}"; - ETEBASE_EASY_CONFIG_PATH = "${configIni}"; + ETEBASE_EASY_CONFIG_PATH = configIni; }; preStart = '' # Auto-migrate on first run or if the package has changed versionFile="${cfg.dataDir}/src-version" if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then ${pythonEnv}/bin/etebase-server migrate + ${pythonEnv}/bin/etebase-server collectstatic echo ${pkgs.etebase-server} > "$versionFile" fi ''; From 0f92c208bbb890103f18c9b1ff88ffe95af0c667 Mon Sep 17 00:00:00 2001 From: Felix Tenley Date: Sun, 28 Mar 2021 23:49:45 +0200 Subject: [PATCH 22/22] nixos/tests/etebase-server: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/etebase-server.nix | 50 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 nixos/tests/etebase-server.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 65c7d84ee64..f7f5841b9ac 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -110,6 +110,7 @@ in ergo = handleTest ./ergo.nix {}; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; + etebase-server = handleTest ./etebase-server.nix {}; etesync-dav = handleTest ./etesync-dav.nix {}; fancontrol = handleTest ./fancontrol.nix {}; fcitx = handleTest ./fcitx {}; diff --git a/nixos/tests/etebase-server.nix b/nixos/tests/etebase-server.nix new file mode 100644 index 00000000000..4fc3c1f6392 --- /dev/null +++ b/nixos/tests/etebase-server.nix @@ -0,0 +1,50 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +let + dataDir = "/var/lib/foobar"; + +in { + name = "etebase-server"; + meta = with pkgs.lib.maintainers; { + maintainers = [ felschr ]; + }; + + machine = { pkgs, ... }: + { + services.etebase-server = { + inherit dataDir; + enable = true; + settings.global.secret_file = + toString (pkgs.writeText "secret" "123456"); + }; + }; + + testScript = '' + machine.wait_for_unit("etebase-server.service") + machine.wait_for_open_port(8001) + + with subtest("Database & src-version were created"): + machine.wait_for_file("${dataDir}/src-version") + assert ( + "${pkgs.etebase-server}" + in machine.succeed("cat ${dataDir}/src-version") + ) + machine.wait_for_file("${dataDir}/db.sqlite3") + machine.wait_for_file("${dataDir}/static") + + with subtest("Only allow access from allowed_hosts"): + machine.succeed("curl -sSfL http://0.0.0.0:8001/") + machine.fail("curl -sSfL http://127.0.0.1:8001/") + machine.fail("curl -sSfL http://localhost:8001/") + + with subtest("Run tests"): + machine.succeed("etebase-server check") + machine.succeed("etebase-server test") + + with subtest("Create superuser"): + machine.succeed( + "etebase-server createsuperuser --no-input --username admin --email root@localhost" + ) + ''; + } +)