* networking/stubby.nix: implementing systemd service module for stubby
This change implements stubby, the DNS-over-TLS stub resolver daemon.
The motivation for this change was the desire to use stubby's
DNS-over-TLS funcitonality in tandem with unbound, which requires
passing certain configuration parameters. This module implements those
config parameters by exposing them for use in configuration.nix.
* networking/stubby.nix: merging back module list
re-merging the module list to remove unecessary changes.
* networking/stubby.nix: removing unecessary capabilities flag
This change removes the unecessary flag for toggling the capabilities
which allows the daemon to bind to low ports.
* networking/stubby.nix: adding debug level logging bool
Adding the option to turn on debug logging.
* networking/stubby.nix: clarifying idleTimeout and adding systemd target
Improving docs to note that idleTimeout is expressed in ms. Adding the
nss-lookup `before' target to the systemd service definition.
* networking/stubby.nix: Restrict options with types.enum
This change restricts fallbackProtocol and authenticationMode to accept
only valid options instead of any list or str types (respectively). This
change also fixes typo in the CapabilityBoundingSet systemd setting.
* networking/stubby.nix: cleaning up documentation
Cleaning up docs, adding literal tags to settings, and removing
whitespace.
* networking/stubby.nix: fixing missing linebreak in comments
* networking/stubby.nix: cleaning errant comments
The original `nexus` derivation required `/run/sonatype-work/nexus3`
which explicitly depended on the NixOS path structure.
This would break `nexus` for everyone using `nixpkgs` on a non-NixOS
system, additionally the module never created `/run/sonatype-work`, so
the systemd unit created in `services.nexus` fails as well. The issue
wasn't actively known as the `nixos/nexus` test wasn't registered in
Hydra (see #40257).
This patch contains the following changes:
* Adds `tests.nexus` to `release.nix` to run the test on Hydra.
* Makes JVM parameters configurable: by default all JVM options were located
in `result/bin/nexus.vmoptions` which made it quite hard to patch
these parameters. Now it's possible to override all parameters by
running `VM_OPTS_FILE=custom-nexus.vmoptions ./result/bin/nexus run`
(after patching the `nexus` shell script), additionally it's possible
to override these parameters with `services.nexus.vmoptions`.
* Bumped Nexus from 3.5.1 to 3.11.0
* Run the `nexus` test on Hydra with `callTest` in `nixos/release.nix`,
furthermore the test checks if the UI is available on the specified
port.
* Added myself as maintainer for the NixOS test and the package to have
some more people in case of further breakage.
* Added sufficient disk space to the `nexus` test, otherwise the service
fails with the following errors:
```
com.orientechnologies.orient.core.exception.ODatabaseException: Cannot create database 'accesslog'
com.orientechnologies.orient.core.exception.OLowDiskSpaceException: Error occurred while executing
a write operation to database 'accesslog' due to limited free space on the disk (242 MB). The database
is now working in read-only mode. Please close the database (or stop OrientDB), make room on your hard
drive and then reopen the database. The minimal required space is 256 MB. Required space is now set to
256MB (you can change it by setting parameter storage.diskCache.diskFreeSpaceLimit) .
```
/cc @ironpinguin @xeji
If docker is enabled, start mesos-slave.service after docker.service
to avoid a race condition that could result in mesos-slave to fail
with "Failed to create docker: Timed out getting docker version"
The pull request that added dhparams (#39507) was made at the time where
the dhparams module overhaul (#39526) wasn't done yet, so it's still
using the old mechanics of the module.
As stated in the release notes:
Module implementers should not set a specific bit size in order to let
users configure it by themselves if they want to have a different bit
size than the default (2048).
An example usage of this would be:
{ config, ... }:
{
security.dhparams.params.myservice = {};
environment.etc."myservice.conf".text = ''
dhparams = ${config.security.dhparams.params.myservice.path}
'';
}
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @qknight, @abbradar, @hrdinka, @leenaars
Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf.
Changes are fully backward compatible.
When trying to run NSD to serve the root zone, one gets the following
error message:
error: illegal name: '.'
This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.
So whenever the zone is "." now, the file name generated is "root"
instead of ".".
I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.
Tested this by adding a root zone to the "nsd" NixOS VM test.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight
The following changes have been applied:
- the property `http.headers.X-Content-Type-Options` must a list of
strings rather than a serialized list
- instead of `/etc/docker/registry/config.yml` the configuration will be
written with `pkgs.writeText` and the store path will be used to run
the registry. This reduces the risk of possible impurities by relying
on the Nix store only.
- cleaned up the property paths to easy readability and reduce the
verbosity.
- enhanced the testcase to ensure that digests can be deleted as well
- the `services.docker-registry.extraConfig` object will be merged with
`registryConfig`
/cc @ironpinguin
