diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 6 | ||||
-rw-r--r-- | nixos/modules/config/no-x-libs.nix | 5 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/moonraker.nix | 49 | ||||
-rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/search/opensearch.nix | 244 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/akkoma.md | 8 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/akkoma.nix | 12 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 3 | ||||
-rw-r--r-- | nixos/modules/system/boot/systemd/initrd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/podman/default.nix | 11 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/opensearch.nix | 52 | ||||
-rw-r--r-- | nixos/tests/predictable-interface-names.nix | 2 | ||||
-rw-r--r-- | nixos/tests/wireguard/snakeoil-keys.nix | 3 |
16 files changed, 368 insertions, 35 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 22b1fe885cc3f..460d03b6c6dee 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -10,6 +10,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Cinnamon has been updated to 5.6, see [the pull request](https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204) for what is changed. +- KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed. + - `nixos-rebuild` now supports an extra `--specialisation` option that can be used to change specialisation for `switch` and `test` commands. ## New Services {#sec-release-23.05-new-services} @@ -34,6 +36,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable). +- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable). + - [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable). - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). @@ -64,6 +68,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep). +- The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes` + - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index e18003c0d486a..eb1e41a3d8dc6 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -30,8 +30,8 @@ with lib; beam = super.beam_nox; cairo = super.cairo.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; }; - ffmpeg_4 = super.ffmpeg_4-headless; - ffmpeg_5 = super.ffmpeg_5-headless; + ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; }; + ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; }; # dep of graphviz, libXpm is optional for Xpm support gd = super.gd.override { withXorg = false; }; gobject-introspection = super.gobject-introspection.override { x11Support = false; }; @@ -67,6 +67,7 @@ with lib; stoken = super.stoken.override { withGTK3 = false; }; # translateManpages -> perlPackages.po4a -> texlive-combined-basic -> texlive-core-big -> libX11 util-linux = super.util-linux.override { translateManpages = false; }; + vim-full = super.vim-full.override { guiSupport = false; }; zbar = super.zbar.override { enableVideo = false; withXorg = false; }; })); }; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 74651efc0c5ad..9ce78c9eb124b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1048,6 +1048,7 @@ ./services/search/hound.nix ./services/search/kibana.nix ./services/search/meilisearch.nix + ./services/search/opensearch.nix ./services/search/solr.nix ./services/security/aesmd.nix ./services/security/certmgr.nix diff --git a/nixos/modules/services/misc/moonraker.nix b/nixos/modules/services/misc/moonraker.nix index 62064b5d90fb3..53638ded29634 100644 --- a/nixos/modules/services/misc/moonraker.nix +++ b/nixos/modules/services/misc/moonraker.nix @@ -11,6 +11,8 @@ let else lib.concatMapStrings (s: "\n ${generators.mkValueStringDefault {} s}") l; mkKeyValue = generators.mkKeyValueDefault {} ":"; }; + + unifiedConfigDir = cfg.stateDir + "/config"; in { options = { services.moonraker = { @@ -30,11 +32,10 @@ in { }; configDir = mkOption { - type = types.path; - default = cfg.stateDir + "/config"; - defaultText = literalExpression ''config.${opt.stateDir} + "/config"''; + type = types.nullOr types.path; + default = null; description = lib.mdDoc '' - The directory containing client-writable configuration files. + Deprecated directory containing client-writable configuration files. Clients will be able to edit files in this directory via the API. This directory must be writable. ''; @@ -96,8 +97,18 @@ in { }; config = mkIf cfg.enable { - warnings = optional (cfg.settings ? update_manager) - ''Enabling update_manager is not supported on NixOS and will lead to non-removable warnings in some clients.''; + warnings = [] + ++ optional (cfg.settings ? update_manager) + ''Enabling update_manager is not supported on NixOS and will lead to non-removable warnings in some clients.'' + ++ optional (cfg.configDir != null) + '' + services.moonraker.configDir has been deprecated upstream and will be removed. + + Action: ${ + if cfg.configDir == unifiedConfigDir then "Simply remove services.moonraker.configDir from your config." + else "Move files from `${cfg.configDir}` to `${unifiedConfigDir}` then remove services.moonraker.configDir from your config." + } + ''; assertions = [ { @@ -124,20 +135,20 @@ in { port = cfg.port; klippy_uds_address = cfg.klipperSocket; }; + machine = { + validate_service = false; + }; + } // (lib.optionalAttrs (cfg.configDir != null) { file_manager = { config_path = cfg.configDir; }; - database = { - database_path = "${cfg.stateDir}/database"; - }; - }; + }); fullConfig = recursiveUpdate cfg.settings forcedConfig; in format.generate "moonraker.cfg" fullConfig; systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" - "d '${cfg.configDir}' - ${cfg.user} ${cfg.group} - -" - ]; + ] ++ lib.optional (cfg.configDir != null) "d '${cfg.configDir}' - ${cfg.user} ${cfg.group} - -"; systemd.services.moonraker = { description = "Moonraker, an API web server for Klipper"; @@ -147,9 +158,16 @@ in { # Moonraker really wants its own config to be writable... script = '' - cp /etc/moonraker.cfg ${cfg.configDir}/moonraker-temp.cfg - chmod u+w ${cfg.configDir}/moonraker-temp.cfg - exec ${pkg}/bin/moonraker -c ${cfg.configDir}/moonraker-temp.cfg + config_path=${ + # Deprecated separate config dir + if cfg.configDir != null then "${cfg.configDir}/moonraker-temp.cfg" + # Config in unified data path + else "${unifiedConfigDir}/moonraker-temp.cfg" + } + mkdir -p $(dirname "$config_path") + cp /etc/moonraker.cfg "$config_path" + chmod u+w "$config_path" + exec ${pkg}/bin/moonraker -d ${cfg.stateDir} -c "$config_path" ''; # Needs `ip` command @@ -184,5 +202,6 @@ in { meta.maintainers = with maintainers; [ cab404 vtuan10 + zhaofengli ]; } diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 1d6556f626be9..b08f1015e8b8a 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -176,7 +176,7 @@ let publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; - type = types.str; + type = types.singleLineStr; description = lib.mdDoc "The base64 public key of the peer."; }; diff --git a/nixos/modules/services/search/opensearch.nix b/nixos/modules/services/search/opensearch.nix new file mode 100644 index 0000000000000..df699b56747e0 --- /dev/null +++ b/nixos/modules/services/search/opensearch.nix @@ -0,0 +1,244 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.opensearch; + + settingsFormat = pkgs.formats.yaml {}; + + configDir = cfg.dataDir + "/config"; + + usingDefaultDataDir = cfg.dataDir == "/var/lib/opensearch"; + usingDefaultUserAndGroup = cfg.user == "opensearch" && cfg.group == "opensearch"; + + opensearchYml = settingsFormat.generate "opensearch.yml" cfg.settings; + + loggingConfigFilename = "log4j2.properties"; + loggingConfigFile = pkgs.writeTextFile { + name = loggingConfigFilename; + text = cfg.logging; + }; +in +{ + + options.services.opensearch = { + enable = mkEnableOption (lib.mdDoc "OpenSearch"); + + package = lib.mkPackageOptionMD pkgs "OpenSearch" { + default = [ "opensearch" ]; + }; + + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = settingsFormat.type; + + options."network.host" = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = lib.mdDoc '' + Which port this service should listen on. + ''; + }; + + options."cluster.name" = lib.mkOption { + type = lib.types.str; + default = "opensearch"; + description = lib.mdDoc '' + The name of the cluster. + ''; + }; + + options."discovery.type" = lib.mkOption { + type = lib.types.str; + default = "single-node"; + description = lib.mdDoc '' + The type of discovery to use. + ''; + }; + + options."http.port" = lib.mkOption { + type = lib.types.port; + default = 9200; + description = lib.mdDoc '' + The port to listen on for HTTP traffic. + ''; + }; + + options."transport.port" = lib.mkOption { + type = lib.types.port; + default = 9300; + description = lib.mdDoc '' + The port to listen on for transport traffic. + ''; + }; + }; + + default = {}; + + description = lib.mdDoc '' + OpenSearch configuration. + ''; + }; + + logging = lib.mkOption { + description = lib.mdDoc "opensearch logging configuration."; + + default = '' + logger.action.name = org.opensearch.action + logger.action.level = info + + appender.console.type = Console + appender.console.name = console + appender.console.layout.type = PatternLayout + appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + + rootLogger.level = info + rootLogger.appenderRef.console.ref = console + ''; + type = types.str; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/opensearch"; + apply = converge (removeSuffix "/"); + description = lib.mdDoc '' + Data directory for OpenSearch. If you change this, you need to + manually create the directory. You also need to create the + `opensearch` user and group, or change + [](#opt-services.opensearch.user) and + [](#opt-services.opensearch.group) to existing ones with + access to the directory. + ''; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "opensearch"; + description = lib.mdDoc '' + The user OpenSearch runs as. Should be left at default unless + you have very specific needs. + ''; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "opensearch"; + description = lib.mdDoc '' + The group OpenSearch runs as. Should be left at default unless + you have very specific needs. + ''; + }; + + extraCmdLineOptions = lib.mkOption { + description = lib.mdDoc "Extra command line options for the OpenSearch launcher."; + default = [ ]; + type = lib.types.listOf lib.types.str; + }; + + extraJavaOptions = lib.mkOption { + description = lib.mdDoc "Extra command line options for Java."; + default = [ ]; + type = lib.types.listOf lib.types.str; + example = [ "-Djava.net.preferIPv4Stack=true" ]; + }; + + restartIfChanged = lib.mkOption { + type = lib.types.bool; + description = lib.mdDoc '' + Automatically restart the service on config change. + This can be set to false to defer restarts on a server or cluster. + Please consider the security implications of inadvertently running an older version, + and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option. + ''; + default = true; + }; + }; + + config = mkIf cfg.enable { + systemd.services.opensearch = { + description = "OpenSearch Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = [ pkgs.inetutils ]; + inherit (cfg) restartIfChanged; + environment = { + OPENSEARCH_HOME = cfg.dataDir; + OPENSEARCH_JAVA_OPTS = toString cfg.extraJavaOptions; + OPENSEARCH_PATH_CONF = configDir; + }; + serviceConfig = { + ExecStartPre = + let + startPreFullPrivileges = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + '' + (optionalString (!config.boot.isContainer) '' + # Only set vm.max_map_count if lower than ES required minimum + # This avoids conflict if configured via boot.kernel.sysctl + if [ $(${pkgs.procps}/bin/sysctl -n vm.max_map_count) -lt 262144 ]; then + ${pkgs.procps}/bin/sysctl -w vm.max_map_count=262144 + fi + ''); + startPreUnprivileged = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + + # Install plugins + ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib + ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules + + # opensearch needs to create the opensearch.keystore in the config directory + # so this directory needs to be writable. + mkdir -p ${configDir} + chmod 0700 ${configDir} + + # Note that we copy config files from the nix store instead of symbolically linking them + # because otherwise X-Pack Security will raise the following exception: + # java.security.AccessControlException: + # access denied ("java.io.FilePermission" "/var/lib/opensearch/config/opensearch.yml" "read") + + cp ${opensearchYml} ${configDir}/opensearch.yml + + # Make sure the logging configuration for old OpenSearch versions is removed: + rm -f "${configDir}/logging.yml" + cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename} + mkdir -p ${configDir}/scripts + cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options + + # redirect jvm logs to the data directory + mkdir -p ${cfg.dataDir}/logs + chmod 0700 ${cfg.dataDir}/logs + sed -e '#logs/gc.log#${cfg.dataDir}/logs/gc.log#' -i ${configDir}/jvm.options + ''; + in [ + "+${pkgs.writeShellScript "opensearch-start-pre-full-privileges" startPreFullPrivileges}" + "${pkgs.writeShellScript "opensearch-start-pre-unprivileged" startPreUnprivileged}" + ]; + ExecStartPost = pkgs.writeShellScript "opensearch-start-post" '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + + # Make sure opensearch is up and running before dependents + # are started + while ! ${pkgs.curl}/bin/curl -sS -f http://${cfg.settings."network.host"}:${toString cfg.settings."http.port"} 2>/dev/null; do + sleep 1 + done + ''; + ExecStart = "${cfg.package}/bin/opensearch ${toString cfg.extraCmdLineOptions}"; + User = cfg.user; + Group = cfg.group; + LimitNOFILE = "1024000"; + Restart = "always"; + TimeoutStartSec = "infinity"; + DynamicUser = usingDefaultUserAndGroup && usingDefaultDataDir; + } // (optionalAttrs (usingDefaultDataDir) { + StateDirectory = "opensearch"; + StateDirectoryMode = "0700"; + }); + }; + + environment.systemPackages = [ cfg.package ]; + }; +} diff --git a/nixos/modules/services/web-apps/akkoma.md b/nixos/modules/services/web-apps/akkoma.md index fc849be0c8726..5419940a68d63 100644 --- a/nixos/modules/services/web-apps/akkoma.md +++ b/nixos/modules/services/web-apps/akkoma.md @@ -152,7 +152,7 @@ services.akkoma.config.":pleroma".":media_preview_proxy" = { ## Frontend management {#modules-services-akkoma-frontend-management} -Akkoma will be deployed with the `pleroma-fe` and `admin-fe` frontends by default. These can be +Akkoma will be deployed with the `akkoma-fe` and `admin-fe` frontends by default. These can be modified by setting [{option}`services.akkoma.frontends`](options.html#opt-services.akkoma.frontends). @@ -160,7 +160,7 @@ The following example overrides the primary frontend’s default configuration u derivation. ```nix -services.akkoma.frontends.primary.package = pkgs.runCommand "pleroma-fe" { +services.akkoma.frontends.primary.package = pkgs.runCommand "akkoma-fe" { config = builtins.toJSON { expertLevel = 1; collapseMessageWithSubject = false; @@ -177,10 +177,10 @@ services.akkoma.frontends.primary.package = pkgs.runCommand "pleroma-fe" { passAsFile = [ "config" ]; } '' mkdir $out - lndir ${pkgs.akkoma-frontends.pleroma-fe} $out + lndir ${pkgs.akkoma-frontends.akkoma-fe} $out rm $out/static/config.json - jq -s add ${pkgs.akkoma-frontends.pleroma-fe}/static/config.json ${config} \ + jq -s add ${pkgs.akkoma-frontends.akkoma-fe}/static/config.json ${config} \ >$out/static/config.json ''; ``` diff --git a/nixos/modules/services/web-apps/akkoma.nix b/nixos/modules/services/web-apps/akkoma.nix index fc482ff32debc..8d17752586128 100644 --- a/nixos/modules/services/web-apps/akkoma.nix +++ b/nixos/modules/services/web-apps/akkoma.nix @@ -51,13 +51,13 @@ let package = mkOption { type = types.package; description = mdDoc "Akkoma frontend package."; - example = literalExpression "pkgs.akkoma-frontends.pleroma-fe"; + example = literalExpression "pkgs.akkoma-frontends.akkoma-fe"; }; name = mkOption { type = types.nonEmptyStr; description = mdDoc "Akkoma frontend name."; - example = "pleroma-fe"; + example = "akkoma-fe"; }; ref = mkOption { @@ -476,8 +476,8 @@ in { type = with types; attrsOf (submodule frontend); default = { primary = { - package = pkgs.akkoma-frontends.pleroma-fe; - name = "pleroma-fe"; + package = pkgs.akkoma-frontends.akkoma-fe; + name = "akkoma-fe"; ref = "stable"; }; admin = { @@ -489,8 +489,8 @@ in { defaultText = literalExpression '' { primary = { - package = pkgs.akkoma-frontends.pleroma-fe; - name = "pleroma-fe"; + package = pkgs.akkoma-frontends.akkoma-fe; + name = "akkoma-fe"; ref = "stable"; }; admin = { diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 50c2d68c77e48..c5e161c2516ad 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -79,7 +79,7 @@ in { (which can be opened e.g. by running `nixos-help`). '') (mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] '' - Use services.nextcloud.nginx.enableImagemagick instead. + Use services.nextcloud.enableImagemagick instead. '') ]; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index c150adcac26b2..ab666ba394902 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -316,7 +316,8 @@ in ++ lib.optional config.services.colord.enable pkgs.colord-kde ++ lib.optional config.services.hardware.bolt.enable pkgs.plasma5Packages.plasma-thunderbolt ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ] - ++ lib.optional config.services.xserver.wacom.enable pkgs.wacomtablet; + ++ lib.optional config.services.xserver.wacom.enable pkgs.wacomtablet + ++ lib.optional config.services.flatpak.enable flatpak-kcm; # Extra services for D-Bus activation services.dbus.packages = [ diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index 620d76aef20d8..70edc13dc0fa0 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -495,7 +495,7 @@ in { # If we are not booting a NixOS closure (e.g. init=/bin/sh), # we don't know what root to prepare so we don't do anything - if ! [ -x "/sysroot$closure/prepare-root" ]; then + if ! [ -x "/sysroot$(readlink "/sysroot$closure/prepare-root" || echo "$closure/prepare-root")" ]; then echo "NEW_INIT=''${initParam[1]}" > /etc/switch-root.conf echo "$closure does not look like a NixOS installation - not activating" exit 0 diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix index 2e2190e4188c3..baca48305188d 100644 --- a/nixos/modules/virtualisation/podman/default.nix +++ b/nixos/modules/virtualisation/podman/default.nix @@ -9,8 +9,7 @@ let extraPackages = cfg.extraPackages # setuid shadow ++ [ "/run/wrappers" ] - # include pkgs.zfs by default in the wrapped podman used by the module so it is cached - ++ (if (builtins.elem "zfs" config.boot.supportedFilesystems) then [ config.boot.zfs.package ] else [ pkgs.zfs ]); + ++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package; }); # Provides a fake "docker" binary mapping to podman @@ -184,6 +183,10 @@ in systemd.packages = [ cfg.package ]; + systemd.services.podman.serviceConfig = { + ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; + }; + systemd.services.podman-prune = { description = "Prune podman resources"; @@ -204,6 +207,10 @@ in systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.socketConfig.SocketGroup = "podman"; + systemd.user.services.podman.serviceConfig = { + ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; + }; + systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.tmpfiles.packages = [ diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ced2687ed9a43..86dd096afc0b0 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -490,6 +490,7 @@ in { ombi = handleTest ./ombi.nix {}; openarena = handleTest ./openarena.nix {}; openldap = handleTest ./openldap.nix {}; + opensearch = discoverTests (import ./opensearch.nix); openresty-lua = handleTest ./openresty-lua.nix {}; opensmtpd = handleTest ./opensmtpd.nix {}; opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {}; diff --git a/nixos/tests/opensearch.nix b/nixos/tests/opensearch.nix new file mode 100644 index 0000000000000..c0caf950cb9c9 --- /dev/null +++ b/nixos/tests/opensearch.nix @@ -0,0 +1,52 @@ +let + opensearchTest = + import ./make-test-python.nix ( + { pkgs, lib, extraSettings ? {} }: { + name = "opensearch"; + meta.maintainers = with pkgs.lib.maintainers; [ shyim ]; + + nodes.machine = lib.mkMerge [ + { + virtualisation.memorySize = 2048; + services.opensearch.enable = true; + } + extraSettings + ]; + + testScript = '' + machine.start() + machine.wait_for_unit("opensearch.service") + machine.wait_for_open_port(9200) + + machine.succeed( + "curl --fail localhost:9200" + ) + ''; + }); +in +{ + opensearch = opensearchTest {}; + opensearchCustomPathAndUser = opensearchTest { + extraSettings = { + services.opensearch.dataDir = "/var/opensearch_test"; + services.opensearch.user = "open_search"; + services.opensearch.group = "open_search"; + system.activationScripts.createDirectory = { + text = '' + mkdir -p "/var/opensearch_test" + chown open_search:open_search /var/opensearch_test + chmod 0700 /var/opensearch_test + ''; + deps = [ "users" "groups" ]; + }; + users = { + groups.open_search = {}; + users.open_search = { + description = "OpenSearch daemon user"; + group = "open_search"; + isSystemUser = true; + }; + }; + }; + }; +} diff --git a/nixos/tests/predictable-interface-names.nix b/nixos/tests/predictable-interface-names.nix index 08773120bc127..684df9c39246c 100644 --- a/nixos/tests/predictable-interface-names.nix +++ b/nixos/tests/predictable-interface-names.nix @@ -13,7 +13,7 @@ in pkgs.lib.listToAttrs (builtins.map ({ predictable, withNetworkd }: { name = pkgs.lib.optionalString (!predictable) "un" + "predictable" + pkgs.lib.optionalString withNetworkd "Networkd"; value = makeTest { - name = "${if predictable then "" else "un"}predictableInterfaceNames${if withNetworkd then "-with-networkd" else ""}"; + name = "${pkgs.lib.optionalString (!predictable) "un"}predictableInterfaceNames${pkgs.lib.optionalString withNetworkd "-with-networkd"}"; meta = {}; nodes.machine = { lib, ... }: { diff --git a/nixos/tests/wireguard/snakeoil-keys.nix b/nixos/tests/wireguard/snakeoil-keys.nix index 55ad582d40595..c979f0e0c8a96 100644 --- a/nixos/tests/wireguard/snakeoil-keys.nix +++ b/nixos/tests/wireguard/snakeoil-keys.nix @@ -6,6 +6,7 @@ peer1 = { privateKey = "uO8JVo/sanx2DOM0L9GUEtzKZ82RGkRnYgpaYc7iXmg="; - publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI="; + # readFile'd keys may have trailing newlines, emulate this + publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI=\n"; }; } |