Commit graph

4213 commits

Author SHA1 Message Date
tomberek
94cb489156
Merge pull request from ju1m/sourcehut
nixos/sourcehut: updates, fixes, hardening
2021-12-28 22:29:36 -05:00
Julien Moutinho
42da4f78d8 nixos/sourcehut: add more tests 2021-12-28 22:18:45 -05:00
Julien Moutinho
0dc4ccc9a3 nixos/sourcehut: update test 2021-12-28 22:18:44 -05:00
Nikolay Amiantov
a3e7a83514
Merge pull request from abbradar/docker-rootless
Rootless Docker service
2021-12-27 20:32:57 +03:00
Martin Weinelt
99e8065d4c
Merge pull request from m1cr0man/acme 2021-12-27 17:37:39 +01:00
Philipp
aecc901b4b
nixos/hydra: Removing self as maintainer 2021-12-27 12:38:09 +01:00
Lucas Savva
46cd06eb9d
nixos/acme: Add test for caddy
This test is technically broken since reloading caddy
does not seem to load new certs. This needs to be fixed
in caddy.
2021-12-26 21:12:40 +00:00
Lucas Savva
65f1b8c6ae
nixos/acme: Add test for lego's built-in web server
In the process I also found that the CapabilityBoundingSet
was restricting the service from listening on port 80, and
the AmbientCapabilities was ineffective. Fixed appropriately.
2021-12-26 16:49:59 +00:00
Lucas Savva
41fb8d71ab
nixos/acme: Add useRoot option 2021-12-26 16:49:57 +00:00
Lucas Savva
377c6bcefc
nixos/acme: Add defaults and inheritDefaults option
Allows configuring many default settings for certificates,
all of which can still be overridden on a per-cert basis.
Some options have been moved into .defaults from security.acme,
namely email, server, validMinDays and renewInterval. These
changes will not break existing configurations thanks to
mkChangedOptionModule.

With this, it is also now possible to configure DNS-01 with
web servers whose virtualHosts utilise enableACME. The only
requirement is you set `acmeRoot = null` for each vhost.

The test suite has been revamped to cover these additions
and also to generally make it easier to maintain. Test config
for apache and nginx has been fully standardised, and it
is now much easier to add a new web server if it follows
the same configuration patterns as those two. I have also
optimised the use of switch-to-configuration which should
speed up testing.
2021-12-26 16:44:10 +00:00
Lucas Savva
a7f0001328
nixos/acme: Check for revoked certificates
Closes 

It is possible for the CA to revoke a cert that has not yet
expired. We must run lego to validate this before expiration,
but we must still ignore failures on unexpired certs to retain
compatibility with 

Also changed domainHash logic such that a renewal will only
be attempted at all if domains are unchanged, and do a full
run otherwises. Resolves  but will be partially
reverted when  is resolved + available.
2021-12-26 16:44:09 +00:00
Guillaume Girol
b55a253e15 nixos/collectd: add nixos test 2021-12-23 00:08:43 +01:00
Nikolay Amiantov
ab64310a5e docker-rootless service: init 2021-12-22 14:23:23 +03:00
Florian Klink
60e571fa40
Merge pull request from ncfavier/systemd-tzdir
nixos/systemd: set TZDIR for PID 1
2021-12-22 11:52:27 +01:00
Elis Hirwing
e3a7c62565
Merge pull request from drupol/php/php-8.1.0
php: Init at 8.1.1
2021-12-21 12:33:07 +01:00
Graham Christensen
3907d19260 services.prometheus.exporters.fastly: add a smoke test 2021-12-20 10:57:31 -05:00
Pol Dellaiera
3d3479f717
php81: init at 8.1.1 2021-12-20 15:51:00 +01:00
0x4A6F
0b738b87db
Merge pull request from zhaofengli/unifi5-log4j-new-mitigation
unifi5: Follow new mitigation guidelines
2021-12-18 13:00:28 +01:00
Zhaofeng Li
8bbae8e558 unifi: Add NixOS tests 2021-12-18 00:19:04 -08:00
Andrew Brooks
57718902e3 nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order 2021-12-17 19:26:53 -06:00
Flakebi
368b22d09b powerdns-admin: fix and add module
- Add the migrations directory to the package
- Add postgres support to the package
- Add a service for powerdns-admin

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
2021-12-17 10:33:40 +01:00
Martin Weinelt
8086f8658e
Merge pull request from andir/snapcast-bind 2021-12-16 23:52:05 +01:00
Andreas Rammhold
c9c93b0add
nixos/snapserver: use the correct bind address arguments
Snapserver expects the arguments `--tcp.bind_to_address` and
`--http.bind_to_address` instead of the `--tcp.address` (and http
equivalent) versions.

This caused the process to listen on `0.0.0.0` (for TCP and HTTP
sockets) regardless of the configuration value. It also never listend on
the IPv6 address `::` as our module system made the user believe.

This commit fixes the above issue and ensures that (at least for the TCP
socket) that our default `::` does indeed allow connections via IPv6
(to localhost aka ::1).
2021-12-16 23:27:56 +01:00
Kim Lindberger
ebaa226853
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests ()
* elk7: 7.11.1 -> 7.16.1

* nixosTests.elk: Improve reliability and compatibility with ELK 7.x

- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
  passes
- Make curl fail if requests fails

* nixos/filebeat: Add initial module and test

Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.

This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.

* python3Packages.parsedmarc.tests: Fix breakage

- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing

* rl-2205: Note the addition of the filebeat service

* elk6: 6.8.3 -> 6.8.21

The latest version includes a fix for CVE-2021-44228.

* nixos/journalbeat: Add a loose dependency on elasticsearch

Avoid unnecssary back-off when elasticsearch is running on the same
host.
2021-12-17 00:20:52 +09:00
zowoq
014236e9c9 nixos/kubernetes: don't import <nixpkgs> 2021-12-16 21:47:12 +10:00
Naïm Favier
901d4f13a3
nixos/systemd: set TZDIR for PID 1
Fixes 
2021-12-16 04:09:07 +01:00
ajs124
84ce6a6286
Merge pull request from lostnet/couchopts
couchdb3: add vm.args option and fix pkgs.couchdb reference
2021-12-14 10:48:56 +00:00
Bobby Rong
bbfbcefb02
Merge pull request from Izorkin/fix-wsdd
nixos/tests/wsdd: fix test
2021-12-14 14:58:40 +08:00
zowoq
d90103d112 Revert "kubernetes: disable rbac tests"
This reverts commit 91c6a97243.
2021-12-14 11:02:36 +10:00
Johan Thomsen
282b303e83 nixos/kubernetes: drop tty and stdin for execs in test pods 2021-12-14 11:02:07 +10:00
Julien Moutinho
5cf90a60e5 nixos/redis: cleanup tests 2021-12-13 14:42:19 -05:00
Bernardo Meurer
f40283cf62
Merge pull request from helsinki-systems/feat/redo-activation-script-restarting
nixos/switch-to-configuration: Add a massive test and do a slight refactor
2021-12-13 11:37:20 -08:00
Jörg Thalheim
afa3c99cd5
Merge pull request from veehaitch/sgx-psw
sgx-psw: init package and module
2021-12-13 14:16:26 +00:00
zowoq
91c6a97243 kubernetes: disable rbac tests
timed out on hydra
2021-12-12 19:56:19 +10:00
Vincent Haupert
d6cc0ad96e nixosTests.aesmd: init 2021-12-10 10:18:31 +01:00
Will
a6196bc8b2 couchdb3: add vm.args and fix pkgs.couchdb reference 2021-12-09 14:55:01 +00:00
Guillaume Girol
b2ed7c36c1
Merge pull request from r-ryantm/auto-update/os-prober
os-prober: 1.78 -> 1.79
2021-12-09 13:48:46 +00:00
Guillaume Girol
6f2ed3cd1e nixosTests.os-prober: fix infinite recursion 2021-12-09 12:00:00 +00:00
Andreas Rammhold
6e69e537ff
Merge pull request from veehaitch/networkd-DHCPServerStaticLease
nixos/networkd: add `dhcpServerStaticLeaseConfig` option
2021-12-09 12:57:46 +01:00
Janne Heß
efcdc01d62
nixos/switchTest: Massively extend the test 2021-12-09 12:30:48 +01:00
zowoq
79e66fce1c nixos/podman: sort files into directories
Makes codeowners, git history, etc. a bit simpler now that podman has expanded beyond the original single file module and test.
2021-12-09 13:03:16 +10:00
zowoq
4df7ad53c7 Revert "nixos/podman/tests: add workaround for broken import"
This reverts commit 9edf2e0ffd.

This seems to have been fixed.
2021-12-09 08:32:24 +10:00
Jörg Thalheim
8010ff0d54
Merge pull request from mattchrist/fix-brscan5-nixos-test
brscan5: fix nixos test
2021-12-08 15:06:17 +00:00
Janne Heß
e36ceb65e6
Merge pull request from ddz/copy-initrd-secrets-after-early-mount-script
nixos/stage1: copy initrd secrets into place after special mounts
2021-12-08 15:38:02 +01:00
Izorkin
23d62decbb
nixos/tests/wsdd: fix test 2021-12-08 16:44:16 +03:00
Matt Christ
7b1d8bd182 brscan5: fix nixos test
import 're' so we can do regex stuff in this test
2021-12-07 20:35:50 -06:00
Jonas Heinrich
ecd88f91a0
nixos/maddy: Add module for maddy
Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
2021-12-07 22:58:22 +01:00
Johannes Schleifenbaum
9f45c18515 sabnzbd: add simple test 2021-12-06 21:08:19 +01:00
Jörg Thalheim
c7fa870f5a
Merge pull request from martinetd/bpf
bpf update: bcc remove linux kernel dep + devendor libbpf again, bpftrace 0.13.0 -> 0.14.0 + remove kernel dep, pahole 1.20 -> 1.22 + remove submodule, libbpf revert 0.6.0 -> 0.5.0 (unusable)
2021-12-06 08:33:14 +00:00
Ryan Mulligan
542e917e99
Merge pull request from astro/drbd_upstream
drbd: update, fix, add test
2021-12-05 09:10:22 -08:00