Merge master into staging-next

author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2022-10-19 18:09:25 +0000
committer: GitHub <noreply@github.com> 2022-10-19 18:09:25 +0000
commit: 958cbc7d51ec9a4bacafebee5f39f48ffd98e146 (patch)
tree: 2c0f7920788876c8909d69708fb9e014aac9b1b7 /nixos
parent: bbaff9a043d0bea6eef68b7e87ee71caafe50d5c (diff)
parent: 9be64ddafffc65a8cdf6a9343e52d99f3d2899cd (diff)
4 files changed, 23 insertions, 11 deletions
diff --git a/nixos/modules/services/continuous-integration/github-runner/options.nix b/nixos/modules/services/continuous-integration/github-runner/options.nix
index ae89d3a3bfb6c..796b5a7f1175f 100644
--- a/nixos/modules/services/continuous-integration/github-runner/options.nix
+++ b/nixos/modules/services/continuous-integration/github-runner/options.nix
@@ -42,13 +42,14 @@ with lib;
     type = types.path;
     description = lib.mdDoc ''
       The full path to a file which contains either a runner registration token or a
-      personal access token (PAT).
+      (fine-grained) personal access token (PAT).
       The file should contain exactly one line with the token without any newline.
       If a registration token is given, it can be used to re-register a runner of the same
       name but is time-limited. If the file contains a PAT, the service creates a new
       registration token on startup as needed. Make sure the PAT has a scope of
       `admin:org` for organization-wide registrations or a scope of
-      `repo` for a single repository.
+      `repo` for a single repository. Fine-grained PATs need read and write permission
+      to the "Adminstration" resources.
 
       Changing this option or the file's content triggers a new runner registration.
     '';
diff --git a/nixos/modules/services/continuous-integration/github-runner/service.nix b/nixos/modules/services/continuous-integration/github-runner/service.nix
index 4dc8445495a60..49195410bb423 100644
--- a/nixos/modules/services/continuous-integration/github-runner/service.nix
+++ b/nixos/modules/services/continuous-integration/github-runner/service.nix
@@ -134,10 +134,10 @@ with lib;
               ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}
               ${optionalString cfg.ephemeral "--ephemeral"}
             )
-            # If the token file contains a PAT (i.e., it starts with "ghp_"), we have to use the --pat option,
+            # If the token file contains a PAT (i.e., it starts with "ghp_" or "github_pat_"), we have to use the --pat option,
             # if it is not a PAT, we assume it contains a registration token and use the --token option
             token=$(<"${newConfigTokenPath}")
-            if [[ "$token" =~ ^ghp_* ]]; then
+            if [[ "$token" =~ ^ghp_* ]] || [[ "$token" =~ ^github_pat_* ]]; then
               args+=(--pat "$token")
             else
               args+=(--token "$token")
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/kea.nix b/nixos/modules/services/monitoring/prometheus/exporters/kea.nix
index 0682f9da4003a..ed33c72f644f3 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/kea.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/kea.nix
@@ -35,7 +35,7 @@ in {
         ${pkgs.prometheus-kea-exporter}/bin/kea-exporter \
           --address ${cfg.listenAddress} \
           --port ${toString cfg.port} \
-          ${concatStringsSep " \\n" cfg.controlSocketPaths}
+          ${concatStringsSep " " cfg.controlSocketPaths}
       '';
       SupplementaryGroups = [ "kea" ];
       RestrictAddressFamilies = [
diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix
index 596a4eafcd642..a8737eb504d98 100644
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@@ -374,25 +374,34 @@ let
     };
 
     kea = let
-      controlSocketPath = "/run/kea/dhcp6.sock";
+      controlSocketPathV4 = "/run/kea/dhcp4.sock";
+      controlSocketPathV6 = "/run/kea/dhcp6.sock";
     in
     {
       exporterConfig = {
         enable = true;
         controlSocketPaths = [
-          controlSocketPath
+          controlSocketPathV4
+          controlSocketPathV6
         ];
       };
       metricProvider = {
-        systemd.services.prometheus-kea-exporter.after = [ "kea-dhcp6-server.service" ];
-
         services.kea = {
+          dhcp4 = {
+            enable = true;
+            settings = {
+              control-socket = {
+                socket-type = "unix";
+                socket-name = controlSocketPathV4;
+              };
+            };
+          };
           dhcp6 = {
             enable = true;
             settings = {
               control-socket = {
                 socket-type = "unix";
-                socket-name = controlSocketPath;
+                socket-name = controlSocketPathV6;
               };
             };
           };
@@ -400,8 +409,10 @@ let
       };
 
       exporterTest = ''
+        wait_for_unit("kea-dhcp4-server.service")
         wait_for_unit("kea-dhcp6-server.service")
-        wait_for_file("${controlSocketPath}")
+        wait_for_file("${controlSocketPathV4}")
+        wait_for_file("${controlSocketPathV6}")
         wait_for_unit("prometheus-kea-exporter.service")
         wait_for_open_port(9547)
         succeed(
author	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2022-10-19 18:09:25 +0000
committer	GitHub <noreply@github.com>	2022-10-19 18:09:25 +0000
commit	958cbc7d51ec9a4bacafebee5f39f48ffd98e146 (patch)
tree	2c0f7920788876c8909d69708fb9e014aac9b1b7 /nixos
parent	bbaff9a043d0bea6eef68b7e87ee71caafe50d5c (diff)
parent	9be64ddafffc65a8cdf6a9343e52d99f3d2899cd (diff)