Commit graph

6372 commits

Author SHA1 Message Date
aszlig
c14dac6f25
Merge pull request #235972 (fix Taskserver test)
I'm merging this without review, since the tests run by ofborg are
succeeding. In addition to that, it's fixing a currently broken test so
the worst that could happen is that the test still does not work.
2023-06-06 17:55:22 +02:00
github-actions[bot]
de4f02a6c8
Merge master into staging-next 2023-06-05 12:01:12 +00:00
Florian Klink
4627ee741d
Merge pull request #234877 from ElvishJerricco/auto-format-and-resize-with-systemd
Auto format and resize with systemd
2023-06-05 12:25:02 +03:00
Will Fancher
5176a4f113 nixos: Use systemd-makefs for autoFormat 2023-06-04 22:57:20 -04:00
github-actions[bot]
4a640f8bb6
Merge master into staging-next 2023-06-05 00:02:32 +00:00
Sandro
793dd34507
Merge pull request #219602 from 999eagle/traefik-envsubst
nixos/traefik: add environmentFiles option
2023-06-05 00:36:43 +02:00
aszlig
9b6f9e4624
nixos/tests/taskserver: Fix build
The test fails because the way the configuration switch was implemented
back then was by using a dummy configuration and simply activating that
dummy configuration from within the test script.

Nowadays, this doesn't work anymore and fails to typecheck because the
dummy "newServer" will inherit the same value for networking.hostName,
which in turn will generate two attributes for "server":

  > testScriptWithTypes:43: error: Name "server" already defined on line 43
  > [no-redef]
  >     client1: Machine; client2: Machine; server: Machine; server: Machine;

Fortunately, we don't need to do workarounds like this anymore and there
is the "specialisation" option, which allows to do this in a less ugly
way (and it also works with mypy).

Signed-off-by: aszlig <aszlig@nix.build>
2023-06-04 23:14:07 +02:00
github-actions[bot]
22e7031b28
Merge master into staging-next 2023-06-04 18:00:59 +00:00
Julien Moutinho
50301d73e9 public-inbox: 1.8.0 -> 1.9.0
Co-authored-by: Alyssa Ross <hi@alyssa.is>
2023-06-04 13:09:28 +00:00
github-actions[bot]
6a837d8fb1
Merge master into staging-next 2023-06-03 06:01:11 +00:00
Gabriel Fontes
4ff3a5795b nixos/tests/prometheus-exporters: add graphite 2023-06-03 03:13:09 +00:00
github-actions[bot]
4b2e2c8b39
Merge master into staging-next 2023-06-03 00:02:20 +00:00
Pol Dellaiera
161182c362
Merge pull request #234987 from mmusnjak/apache-datasketches
apache_datasketches: init at 1.6.0
2023-06-02 21:55:22 +02:00
happysalada
ee1c6053fb nixos/ntfy-sh: use dynamic user and add defaults 2023-06-02 15:22:14 -04:00
Marko Mušnjak
aafe0f4314
apache_datasketches: init at 1.6.0
PostgreSQL extension providing approximate algorithms for
distinct item counts, quantile estimation and frequent items detection.
2023-06-02 21:03:19 +02:00
github-actions[bot]
6084eca7dc
Merge master into staging-next 2023-06-02 18:01:04 +00:00
Bobby Rong
7f96a08418
Merge pull request #235511 from bobby285271/upd/cinnamon-bpo
Cinnamon updates 2023-06-02
2023-06-02 21:25:34 +08:00
Mario Rodas
99287fe19b
Merge pull request #235450 from Luflosi/update/aaaaxy
aaaaxy: 1.3.538 -> 1.4.2
2023-06-02 07:42:12 -05:00
Bobby Rong
9f5dc9f927
nixos/tests/cinnamon: silence a warning and remove unused args
Module argument `nodes.machine.config` is deprecated. Use `nodes.machine` instead.
2023-06-02 19:51:12 +08:00
github-actions[bot]
1625d790e1
Merge staging-next into staging 2023-06-02 06:01:45 +00:00
Dennis Gosnell
dcf201d275
nixosTests.virtualbox: remove cdepillabout as maintainer 2023-06-02 07:44:51 +09:00
Luflosi
35af643640
aaaaxy: 1.3.538 -> 1.4.2
https://github.com/divVerent/aaaaxy/releases/tag/v1.4.2
2023-06-01 20:14:33 +02:00
github-actions[bot]
8985306cfd
Merge staging-next into staging 2023-06-01 18:01:45 +00:00
Martin Weinelt
849fe26ac4
Merge pull request #229309 from bjornfor/update-kanidm
kanidm: 1.1.0-alpha.11 -> 1.1.0-alpha.12
2023-06-01 16:47:44 +02:00
Bjørn Forsman
ed99bd0fb9
kanidm: 1.1.0-alpha.11 -> 1.1.0-alpha.12
* Update Cargo.lock from upstream.
* Adapt expression to upstream source tree layout changes.
* Apply patch to restore x86_64 v1 support

Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>

Also updates the NixOS test:

* Stop kanidm to recover the idm_admin account
* Group all tests into subtest blocks
* Add TODO to wait for unix socket on unixd for the next release

Co-Authored-By: Raito Bezarius <masterancpp@gmail.com>
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
2023-06-01 15:28:11 +02:00
github-actions[bot]
e8e956566c
Merge staging-next into staging 2023-06-01 12:02:11 +00:00
Pol Dellaiera
3090855141
Merge pull request #232360 from drupol/nixos/refactor-code-server
nixos/code-server: add tests and more command line options
2023-06-01 13:56:01 +02:00
github-actions[bot]
52e40d8261
Merge staging-next into staging 2023-06-01 00:03:14 +00:00
Yureka
82d9c2e91f nixosTests.gitlab: fix project ids 2023-05-31 22:14:25 +02:00
github-actions[bot]
e436cc21a6
Merge staging-next into staging 2023-05-31 18:01:35 +00:00
Kira Bruneau
7e820610e3
Merge pull request #234207 from emilylange/acme-dns
acme-dns: init at 1.0; nixos/acme-dns: init; nixos/acme-dns: init
2023-05-31 11:40:35 -04:00
emilylange
fa21828be5
nixosTests.acme-dns: init 2023-05-31 15:08:39 +02:00
Arian van Putten
5a13c00640
Merge pull request #235082 from ElvishJerricco/systemd-uefi-bug-chunked-reads
systemd-boot: Patch for firmwares that fail to load large files
2023-05-31 13:49:57 +02:00
ajs124
957db96d53
Merge pull request #233850 from helsinki-systems/upd/apparmor
apparmor: 3.1.3 -> 3.1.4
2023-05-31 12:12:30 +02:00
Will Fancher
6727bab05e systemd-boot: Patch for firmwares that fail to load large files 2023-05-30 19:21:16 -04:00
github-actions[bot]
698b4f4f63
Merge master into staging-next 2023-05-29 18:01:07 +00:00
Julien Malka
9631553153 Revert "nixos/ntfy-sh: add defaults, use dynamic user"
This reverts commit 3dcca62a5e.
2023-05-29 11:11:32 -04:00
Florian Klink
8b8a64d737
Merge pull request #234442 from rnhmjoj/pr-fix-ifnames
network-interfaces-scripted: fix interface cleanup
2023-05-29 15:14:12 +02:00
Vladimír Čunát
2f9191eb88
Merge branch 'master' into staging-next 2023-05-29 08:14:18 +02:00
happysalada
3dcca62a5e nixos/ntfy-sh: add defaults, use dynamic user 2023-05-28 21:17:14 -04:00
Martin Weinelt
6b554aae1c
Merge pull request #234186 from hmenke/shadowsocks
nixos/shadowsocks: wait for nginx to prevent race condition
2023-05-29 01:37:36 +02:00
Weijia Wang
b8ce4c46f5
Merge pull request #234645 from Izorkin/update-http3-libs
Update http3 libraries
2023-05-29 00:50:38 +03:00
Izorkin
f28c987507
nixos/tests: update nginx-http3 test 2023-05-28 19:55:00 +03:00
Alyssa Ross
ad31856bd9
nixosTests.public-inbox: extend sleep
5 seconds isn't reliably enough here on my system.
2023-05-28 16:40:13 +00:00
Thomas Gerbet
85f15277d0 etcd: switch to etcd_3_5 2023-05-28 08:04:43 +10:00
rnhmjoj
ea0b4a694a
nixos/test/networking: test unusual interface names 2023-05-27 19:19:37 +02:00
Victor Freire
fca068a558 nixos/tests/legit: init 2023-05-27 16:20:05 +00:00
Raito Bezarius
69bb0f94de nixos/nginx: first-class PROXY protocol support
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.

Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.

It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.

An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.

Finally, the tests covers:

- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
  (sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;

In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.

For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
Ryan Lahfa
435237d641
Merge pull request #233350 from GrahamDennis/grahamdennis/testing-networks
nixos/qemu-vm: add option for named network interfaces
2023-05-26 15:57:01 +02:00
Henri Menke
7d621d6be5
nixos/shadowsocks: wait for nginx to prevent race condition 2023-05-26 11:24:21 +02:00