Merge master into staging-next

author: github-actions[bot] 2021-05-14 00:58:11 +0000
committer: GitHub 2021-05-14 00:58:11 +0000
commit: bf5d8bb531f98263c45731490fdab482c62f7670 (patch)
tree: e3d2106ac59f6b20b25b31dac6d8dd7077095252 /nixos
parent: 39e3f7c2cc3d5ad71561136df41beca52bfa35c6 (diff)
parent: 7cd876f22d58f2f977c1b8dfdb9d4316cdbd52ec (diff)
8 files changed, 44 insertions, 24 deletions
diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix
index c7a13974a516..797fcddb8c90 100644
--- a/nixos/modules/profiles/all-hardware.nix
+++ b/nixos/modules/profiles/all-hardware.nix
@@ -37,6 +37,9 @@ in
       # drives.
       "uas"
 
+      # SD cards.
+      "sdhci_pci"
+
       # Firewire support.  Not tested.
       "ohci1394" "sbp2"
 
diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix
index 107e783c0c21..2b69851b340b 100644
--- a/nixos/modules/programs/sway.nix
+++ b/nixos/modules/programs/sway.nix
@@ -31,6 +31,7 @@ let
     extraOptions = cfg.extraOptions;
     withBaseWrapper = cfg.wrapperFeatures.base;
     withGtkWrapper = cfg.wrapperFeatures.gtk;
+    isNixOS = true;
   };
 in {
   options.programs.sway = {
@@ -120,8 +121,11 @@ in {
       systemPackages = [ swayPackage ] ++ cfg.extraPackages;
       etc = {
         "sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
-        #"sway/security.d".source = mkOptionDefault "${swayPackage}/etc/sway/security.d/";
-        #"sway/config.d".source = mkOptionDefault "${swayPackage}/etc/sway/config.d/";
+        "sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
+          # Import the most important environment variables into the D-Bus and systemd
+          # user environments (e.g. required for screen sharing and Pinentry prompts):
+          exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
+        '';
       };
     };
     security.pam.services.swaylock = {};
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/bind.nix b/nixos/modules/services/monitoring/prometheus/exporters/bind.nix
index 972632b5a24a..16c2920751d9 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/bind.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/bind.nix
@@ -41,12 +41,12 @@ in
     serviceConfig = {
       ExecStart = ''
         ${pkgs.prometheus-bind-exporter}/bin/bind_exporter \
-          -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
-          -bind.pid-file /var/run/named/named.pid \
-          -bind.timeout ${toString cfg.bindTimeout} \
-          -bind.stats-url ${cfg.bindURI} \
-          -bind.stats-version ${cfg.bindVersion} \
-          -bind.stats-groups ${concatStringsSep "," cfg.bindGroups} \
+          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
+          --bind.pid-file /var/run/named/named.pid \
+          --bind.timeout ${toString cfg.bindTimeout} \
+          --bind.stats-url ${cfg.bindURI} \
+          --bind.stats-version ${cfg.bindVersion} \
+          --bind.stats-groups ${concatStringsSep "," cfg.bindGroups} \
           ${concatStringsSep " \\\n  " cfg.extraFlags}
       '';
     };
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix b/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix
index a3b2b92bc347..a7f4d3e096fe 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix
@@ -41,11 +41,11 @@ in
     };
 
     logFormat = mkOption {
-      type = types.str;
-      default = "logger:stderr";
-      example = "logger:syslog?appname=bob&local=7 or logger:stdout?json=true";
+      type = types.enum [ "logfmt" "json" ];
+      default = "logfmt";
+      example = "json";
       description = ''
-        Set the log target and format.
+        Set the log format.
       '';
     };
 
@@ -59,16 +59,16 @@ in
   };
   serviceOpts = let
     collectSettingsArgs = if (cfg.collectdBinary.enable) then ''
-      -collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
-      -collectd.security-level ${cfg.collectdBinary.securityLevel} \
+      --collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
+      --collectd.security-level ${cfg.collectdBinary.securityLevel} \
     '' else "";
   in {
     serviceConfig = {
       ExecStart = ''
         ${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \
-          -log.format ${escapeShellArg cfg.logFormat} \
-          -log.level ${cfg.logLevel} \
-          -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
+          --log.format ${escapeShellArg cfg.logFormat} \
+          --log.level ${cfg.logLevel} \
+          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
           ${collectSettingsArgs} \
           ${concatStringsSep " \\\n  " cfg.extraFlags}
       '';
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
index 78fe120e4d93..d95e5ed9e83c 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
@@ -13,7 +13,7 @@ let
   generateConfig = extraLabels: {
     metrics = (map (path: {
       name = "rspamd_${replaceStrings [ "." " " ] [ "_" "_" ] path}";
-      path = "$.${path}";
+      path = "{ .${path} }";
       labels = extraLabels;
     }) [
       "actions.'add header'"
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
index 21c30305188b..376d6530f363 100644
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -103,6 +103,7 @@ in
         readOnly = true;
         type = types.package;
         default = if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs;
+        defaultText = "if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs";
         description = "Configured ZFS userland tools package.";
       };
 
diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix
index 2b17d0ff78ff..d32aca5f6084 100644
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@@ -302,7 +302,7 @@ let
         url = "http://localhost";
         configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON {
           metrics = [
-            { name = "json_test_metric"; path = "$.test"; }
+            { name = "json_test_metric"; path = "{ .test }"; }
           ];
         });
       };
@@ -406,8 +406,8 @@ let
       };
       metricProvider = {
         systemd.services.prometheus-lnd-exporter.serviceConfig.DynamicUser = false;
-        services.bitcoind.enable = true;
-        services.bitcoind.extraConfig = ''
+        services.bitcoind.main.enable = true;
+        services.bitcoind.main.extraConfig = ''
           rpcauth=bitcoinrpc:e8fe33f797e698ac258c16c8d7aadfbe$872bdb8f4d787367c26bcfd75e6c23c4f19d44a69f5d1ad329e5adf3f82710f7
           bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
           bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
@@ -1021,7 +1021,7 @@ let
         # Note: this does not connect the test environment to the Tor network.
         # Client, relay, bridge or exit connectivity are disabled by default.
         services.tor.enable = true;
-        services.tor.controlPort = 9051;
+        services.tor.settings.ControlPort = 9051;
       };
       exporterTest = ''
         wait_for_unit("tor.service")
diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix
index c424288e00a9..deddb9d0834f 100644
--- a/nixos/tests/signal-desktop.nix
+++ b/nixos/tests/signal-desktop.nix
@@ -3,7 +3,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
 {
   name = "signal-desktop";
   meta = with pkgs.lib.maintainers; {
-    maintainers = [ flokli ];
+    maintainers = [ flokli primeos ];
   };
 
   machine = { ... }:
@@ -16,7 +16,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
 
     services.xserver.enable = true;
     test-support.displayManager.auto.user = "alice";
-    environment.systemPackages = [ pkgs.signal-desktop ];
+    environment.systemPackages = with pkgs; [ signal-desktop file ];
     virtualisation.memorySize = 1024;
   };
 
@@ -39,5 +39,17 @@ import ./make-test-python.nix ({ pkgs, ...} :
     machine.wait_for_text("Signal")
     machine.wait_for_text("File Edit View Window Help")
     machine.screenshot("signal_desktop")
+
+    # Test if the database is encrypted to prevent these issues:
+    # - https://github.com/NixOS/nixpkgs/issues/108772
+    # - https://github.com/NixOS/nixpkgs/pull/117555
+    print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
+    # TODO: The DB should be encrypted and the following should be machine.fail
+    # instead of machine.succeed but the DB is currently unencrypted and we
+    # want to notice if this isn't the case anymore as the transition to a
+    # encrypted DB can cause data loss!:
+    machine.succeed(
+        "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -i sqlite"
+    )
   '';
 })
author	github-actions[bot]	2021-05-14 00:58:11 +0000
committer	GitHub	2021-05-14 00:58:11 +0000
commit	bf5d8bb531f98263c45731490fdab482c62f7670 (patch)
tree	e3d2106ac59f6b20b25b31dac6d8dd7077095252 /nixos
parent	39e3f7c2cc3d5ad71561136df41beca52bfa35c6 (diff)
parent	7cd876f22d58f2f977c1b8dfdb9d4316cdbd52ec (diff)