Merge remote-tracking branch 'origin/staging-next' into staging

author: Martin Weinelt <hexa@darmstadt.ccc.de> 2024-06-19 23:28:26 +0200
committer: Martin Weinelt <hexa@darmstadt.ccc.de> 2024-06-19 23:28:26 +0200
commit: af4cfc1e0fd25a0a1c92ee108978ef66c9ff8195 (patch)
tree: d79351a51c56695abc498716b2afe826149b0143 /nixos
parent: 4cc52593cd4c6ed72a8c151fa437e87d21a086c5 (diff)
parent: 11b7fc6440a32a6e33076665d3a020588bf7cdd4 (diff)
8 files changed, 139 insertions, 98 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md
index 165e3e13a78ef..8fa59863bf782 100644
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@@ -822,3 +822,4 @@ Module System:
 ### Internal {#sec-release-24.05-lib-internal}
 - `lib` now has [Readme for contributing](https://github.com/NixOS/nixpkgs/tree/master/lib#readme).
 - Some function's documentation is now written using the [accepted doc comment syntax](https://github.com/NixOS/rfcs/pull/145).
+- `odoo` has been updated from `16.0.20231024` to `17.0.20240507`.
diff --git a/nixos/modules/services/admin/docuum.nix b/nixos/modules/services/admin/docuum.nix
index 6f6cd4e027337..51a21740b276a 100644
--- a/nixos/modules/services/admin/docuum.nix
+++ b/nixos/modules/services/admin/docuum.nix
@@ -2,7 +2,7 @@
 
 let
   cfg = config.services.docuum;
-  inherit (lib) mkIf mkEnableOption mkOption getExe types;
+  inherit (lib) mkIf mkEnableOption mkOption getExe types optionals concatMap;
 in
 {
   options.services.docuum = {
@@ -14,6 +14,27 @@ in
       default = "10 GB";
       example = "50%";
     };
+
+    minAge = mkOption {
+      description = "Sets the minimum age of images to be considered for deletion.";
+      type = types.nullOr types.str;
+      default = null;
+      example = "1d";
+    };
+
+    keep = mkOption {
+      description = "Prevents deletion of images for which repository:tag matches the specified regex.";
+      type = types.listOf types.str;
+      default = [];
+      example = [ "^my-image" ];
+    };
+
+    deletionChunkSize = mkOption {
+      description = "Removes specified quantity of images at a time.";
+      type = types.int;
+      default = 1;
+      example = 10;
+    };
   };
 
   config = mkIf cfg.enable {
@@ -35,10 +56,13 @@ in
         DynamicUser = true;
         StateDirectory = "docuum";
         SupplementaryGroups = [ "docker" ];
-        ExecStart = utils.escapeSystemdExecArgs [
+        ExecStart = utils.escapeSystemdExecArgs ([
           (getExe pkgs.docuum)
           "--threshold" cfg.threshold
-        ];
+          "--deletion-chunk-size" cfg.deletionChunkSize
+        ] ++ (concatMap (keep: [ "--keep" keep ]) cfg.keep)
+          ++ (optionals (cfg.minAge != null) [ "--min-age" cfg.minAge ])
+        );
       };
     };
   };
diff --git a/nixos/modules/services/misc/anki-sync-server.md b/nixos/modules/services/misc/anki-sync-server.md
index f58d3d8ad0dab..5482a4aa0e5ff 100644
--- a/nixos/modules/services/misc/anki-sync-server.md
+++ b/nixos/modules/services/misc/anki-sync-server.md
@@ -52,7 +52,7 @@ following options:
 
 ```nix
 {
-  services.anki-sync-server.host = "0.0.0.0";
+  services.anki-sync-server.address = "0.0.0.0";
   services.anki-sync-server.openFirewall = true;
 }
 ```
diff --git a/nixos/modules/services/misc/snapper.nix b/nixos/modules/services/misc/snapper.nix
index a42fca5b60289..4e0b4c551e23f 100644
--- a/nixos/modules/services/misc/snapper.nix
+++ b/nixos/modules/services/misc/snapper.nix
@@ -235,7 +235,7 @@ in
       timerConfig.OnUnitActiveSec = cfg.cleanupInterval;
     };
 
-    systemd.services.snapper-boot = lib.optionalAttrs cfg.snapshotRootOnBoot {
+    systemd.services.snapper-boot = lib.mkIf cfg.snapshotRootOnBoot {
       description = "Take snapper snapshot of root on boot";
       inherit documentation;
       serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot";
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 708332a9317b5..8d5b865891e4a 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -414,6 +414,7 @@ in {
   pyload = handleTest ./pyload.nix {};
   oci-containers = handleTestOn ["aarch64-linux" "x86_64-linux"] ./oci-containers.nix {};
   odoo = handleTest ./odoo.nix {};
+  odoo16 = handleTest ./odoo.nix { package = pkgs.odoo16; };
   odoo15 = handleTest ./odoo.nix { package = pkgs.odoo15; };
   # 9pnet_virtio used to mount /nix partition doesn't support
   # hibernation. This test happens to work on x86_64-linux but
@@ -834,7 +835,7 @@ in {
   scrutiny = handleTest ./scrutiny.nix {};
   sddm = handleTest ./sddm.nix {};
   seafile = handleTest ./seafile.nix {};
-  searx = handleTest ./searx.nix {};
+  searx = runTest ./searx.nix;
   seatd = handleTest ./seatd.nix {};
   service-runner = handleTest ./service-runner.nix {};
   sftpgo = runTest ./sftpgo.nix;
diff --git a/nixos/tests/odoo.nix b/nixos/tests/odoo.nix
index 00ae4a2137d10..45ec7b7d7a6b7 100644
--- a/nixos/tests/odoo.nix
+++ b/nixos/tests/odoo.nix
@@ -14,6 +14,18 @@ import ./make-test-python.nix ({ pkgs, lib, package ? pkgs.odoo, ...} : {
         package = package;
         domain = "localhost";
       };
+
+      # odoo does not automatically initialize its database,
+      # even if passing what _should_ be the equivalent of these options:
+      #  settings = {
+      #    options = {
+      #      database = "odoo";
+      #      init = "base";
+      #    };
+      #  };
+      systemd.services.odoo.preStart = ''
+        HOME=$STATE_DIRECTORY ${package}/bin/odoo -d odoo -i base --stop-after-init --without-demo all
+      '';
     };
   };
 
diff --git a/nixos/tests/searx.nix b/nixos/tests/searx.nix
index 02a88f690db78..0008424f068b2 100644
--- a/nixos/tests/searx.nix
+++ b/nixos/tests/searx.nix
@@ -1,4 +1,4 @@
-import ./make-test-python.nix ({ pkgs, ...} :
+{ pkgs, ... }:
 
 {
   name = "searx";
@@ -7,108 +7,108 @@ import ./make-test-python.nix ({ pkgs, ...} :
   };
 
   # basic setup: searx running the built-in webserver
-  nodes.base = { ... }: {
-    imports = [ ../modules/profiles/minimal.nix ];
-
-    services.searx = {
-      enable = true;
-      environmentFile = pkgs.writeText "secrets" ''
-        WOLFRAM_API_KEY  = sometoken
-        SEARX_SECRET_KEY = somesecret
-      '';
+  nodes.base =
+    { ... }:
+    {
+      services.searx = {
+        enable = true;
+        environmentFile = pkgs.writeText "secrets" ''
+          WOLFRAM_API_KEY  = sometoken
+          SEARX_SECRET_KEY = somesecret
+        '';
 
-      settings.server =
-        { port = "8080";
+        settings.server = {
+          port = "8080";
           bind_address = "0.0.0.0";
           secret_key = "@SEARX_SECRET_KEY@";
         };
-      settings.engines = [
-        { name = "wolframalpha";
-          api_key = "@WOLFRAM_API_KEY@";
-          engine = "wolframalpha_api";
-        }
-        { name = "startpage";
-          shortcut = "start";
-        }
-      ];
-    };
+        settings.engines = [
+          {
+            name = "wolframalpha";
+            api_key = "@WOLFRAM_API_KEY@";
+            engine = "wolframalpha_api";
+          }
+          {
+            name = "startpage";
+            shortcut = "start";
+          }
+        ];
+      };
 
-  };
+    };
 
   # fancy setup: run in uWSGI and use nginx as proxy
-  nodes.fancy = { config, ... }: {
-    imports = [ ../modules/profiles/minimal.nix ];
-
-    services.searx = {
-      enable = true;
-      # searx refuses to run if unchanged
-      settings.server.secret_key = "somesecret";
-
-      runInUwsgi = true;
-      uwsgiConfig = {
-        # serve using the uwsgi protocol
-        socket = "/run/searx/uwsgi.sock";
-        chmod-socket = "660";
-
-        # use /searx as url "mountpoint"
-        mount = "/searx=searx.webapp:application";
-        module = "";
-        manage-script-name = true;
+  nodes.fancy =
+    { config, ... }:
+    {
+      services.searx = {
+        enable = true;
+        # searx refuses to run if unchanged
+        settings.server.secret_key = "somesecret";
+
+        runInUwsgi = true;
+        uwsgiConfig = {
+          # serve using the uwsgi protocol
+          socket = "/run/searx/uwsgi.sock";
+          chmod-socket = "660";
+
+          # use /searx as url "mountpoint"
+          mount = "/searx=searx.webapp:application";
+          module = "";
+          manage-script-name = true;
+        };
       };
-    };
 
-    # use nginx as reverse proxy
-    services.nginx.enable = true;
-    services.nginx.virtualHosts.localhost = {
-      locations."/searx".extraConfig =
-        ''
+      # use nginx as reverse proxy
+      services.nginx.enable = true;
+      services.nginx.virtualHosts.localhost = {
+        locations."/searx".extraConfig = ''
           include ${pkgs.nginx}/conf/uwsgi_params;
           uwsgi_pass unix:/run/searx/uwsgi.sock;
         '';
-      locations."/searx/static/".alias = "${config.services.searx.package}/share/static/";
-    };
-
-    # allow nginx access to the searx socket
-    users.users.nginx.extraGroups = [ "searx" ];
-
-  };
-
-  testScript =
-    ''
-      base.start()
-
-      with subtest("Settings have been merged"):
-          base.wait_for_unit("searx-init")
-          base.wait_for_file("/run/searx/settings.yml")
-          output = base.succeed(
-              "${pkgs.yq-go}/bin/yq eval"
-              " '.engines[] | select(.name==\"startpage\") | .shortcut'"
-              " /run/searx/settings.yml"
-          ).strip()
-          assert output == "start", "Settings not merged"
+        locations."/searx/static/".alias = "${config.services.searx.package}/share/static/";
+      };
 
-      with subtest("Environment variables have been substituted"):
-          base.succeed("grep -q somesecret /run/searx/settings.yml")
-          base.succeed("grep -q sometoken /run/searx/settings.yml")
-          base.copy_from_vm("/run/searx/settings.yml")
+      # allow nginx access to the searx socket
+      users.users.nginx.extraGroups = [ "searx" ];
 
-      with subtest("Basic setup is working"):
-          base.wait_for_open_port(8080)
-          base.wait_for_unit("searx")
-          base.succeed(
-              "${pkgs.curl}/bin/curl --fail http://localhost:8080"
-          )
-          base.shutdown()
+    };
 
-      with subtest("Nginx+uWSGI setup is working"):
-          fancy.start()
-          fancy.wait_for_open_port(80)
-          fancy.wait_for_unit("uwsgi")
-          fancy.succeed(
-              "${pkgs.curl}/bin/curl --fail http://localhost/searx >&2"
-          )
-          fancy.succeed(
-              "${pkgs.curl}/bin/curl --fail http://localhost/searx/static/themes/simple/js/leaflet.js >&2"
-          )
-    '';
-})
+  testScript = ''
+    base.start()
+
+    with subtest("Settings have been merged"):
+        base.wait_for_unit("searx-init")
+        base.wait_for_file("/run/searx/settings.yml")
+        output = base.succeed(
+            "${pkgs.yq-go}/bin/yq eval"
+            " '.engines[] | select(.name==\"startpage\") | .shortcut'"
+            " /run/searx/settings.yml"
+        ).strip()
+        assert output == "start", "Settings not merged"
+
+    with subtest("Environment variables have been substituted"):
+        base.succeed("grep -q somesecret /run/searx/settings.yml")
+        base.succeed("grep -q sometoken /run/searx/settings.yml")
+        base.copy_from_vm("/run/searx/settings.yml")
+
+    with subtest("Basic setup is working"):
+        base.wait_for_open_port(8080)
+        base.wait_for_unit("searx")
+        base.succeed(
+            "${pkgs.curl}/bin/curl --fail http://localhost:8080"
+        )
+        base.shutdown()
+
+    with subtest("Nginx+uWSGI setup is working"):
+        fancy.start()
+        fancy.wait_for_open_port(80)
+        fancy.wait_for_unit("uwsgi")
+        fancy.succeed(
+            "${pkgs.curl}/bin/curl --fail http://localhost/searx >&2"
+        )
+        fancy.succeed(
+            "${pkgs.curl}/bin/curl --fail http://localhost/searx/static/themes/simple/js/leaflet.js >&2"
+        )
+  '';
+}
diff --git a/nixos/tests/snapper.nix b/nixos/tests/snapper.nix
index 674523584fdaa..0369419930f15 100644
--- a/nixos/tests/snapper.nix
+++ b/nixos/tests/snapper.nix
@@ -19,7 +19,9 @@ import ./make-test-python.nix ({ ... }:
     services.snapper.filters = "/nix";
   };
 
-  testScript = ''
+  testScript = { nodes, ... }: let
+    inherit (nodes.machine.services.snapper) snapshotRootOnBoot;
+  in ''
     machine.succeed("btrfs subvolume create /home/.snapshots")
     machine.succeed("snapper -c home list")
     machine.succeed("snapper -c home create --description empty")
@@ -31,5 +33,6 @@ import ./make-test-python.nix ({ ... }:
     machine.succeed("snapper -c home delete 2")
     machine.succeed("systemctl --wait start snapper-timeline.service")
     machine.succeed("systemctl --wait start snapper-cleanup.service")
+    machine.${if snapshotRootOnBoot then "succeed" else "fail"}("systemctl cat snapper-boot.service")
   '';
 })
author	Martin Weinelt <hexa@darmstadt.ccc.de>	2024-06-19 23:28:26 +0200
committer	Martin Weinelt <hexa@darmstadt.ccc.de>	2024-06-19 23:28:26 +0200
commit	af4cfc1e0fd25a0a1c92ee108978ef66c9ff8195 (patch)
tree	d79351a51c56695abc498716b2afe826149b0143 /nixos
parent	4cc52593cd4c6ed72a8c151fa437e87d21a086c5 (diff)
parent	11b7fc6440a32a6e33076665d3a020588bf7cdd4 (diff)