diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/lib/test-driver/default.nix | 13 | ||||
-rw-r--r-- | nixos/modules/services/audio/navidrome.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/jellyfin.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/aria2.nix | 7 | ||||
-rw-r--r-- | nixos/modules/services/ttys/getty.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/x11/window-managers/qtile.nix | 39 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
-rw-r--r-- | nixos/tests/firefly-iii.nix | 4 | ||||
-rw-r--r-- | nixos/tests/qtile.nix | 2 | ||||
-rw-r--r-- | nixos/tests/vaultwarden.nix | 264 |
10 files changed, 171 insertions, 167 deletions
diff --git a/nixos/lib/test-driver/default.nix b/nixos/lib/test-driver/default.nix index 7a88694b3167e..26652db6016e6 100644 --- a/nixos/lib/test-driver/default.nix +++ b/nixos/lib/test-driver/default.nix @@ -13,11 +13,20 @@ , extraPythonPackages ? (_ : []) , nixosTests }: - +let + fs = lib.fileset; +in python3Packages.buildPythonApplication { pname = "nixos-test-driver"; version = "1.1"; - src = ./.; + src = fs.toSource { + root = ./.; + fileset = fs.unions [ + ./pyproject.toml + ./test_driver + ./extract-docstrings.py + ]; + }; pyproject = true; propagatedBuildInputs = [ diff --git a/nixos/modules/services/audio/navidrome.nix b/nixos/modules/services/audio/navidrome.nix index a9db9228827a2..06d2d174a4df3 100644 --- a/nixos/modules/services/audio/navidrome.nix +++ b/nixos/modules/services/audio/navidrome.nix @@ -157,5 +157,5 @@ in networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.Port ]; }; - meta.maintainers = with maintainers; [ nu-nu-ko ]; + meta.maintainers = with maintainers; [ fsnkty ]; } diff --git a/nixos/modules/services/misc/jellyfin.nix b/nixos/modules/services/misc/jellyfin.nix index a1d3910bd93b0..a006090878422 100644 --- a/nixos/modules/services/misc/jellyfin.nix +++ b/nixos/modules/services/misc/jellyfin.nix @@ -160,5 +160,5 @@ in }; - meta.maintainers = with maintainers; [ minijackson nu-nu-ko ]; + meta.maintainers = with maintainers; [ minijackson fsnkty ]; } diff --git a/nixos/modules/services/networking/aria2.nix b/nixos/modules/services/networking/aria2.nix index dd4823911f2b3..f0d5c5c8a21e3 100644 --- a/nixos/modules/services/networking/aria2.nix +++ b/nixos/modules/services/networking/aria2.nix @@ -7,12 +7,6 @@ let defaultRpcListenPort = 6800; defaultDir = "${homeDir}/Downloads"; - rangesToStringList = map (x: - if x.from == x.to - then builtins.toString x.from - else builtins.toString x.from + "-" + builtins.toString x.to - ); - portRangesToString = ranges: lib.concatStringsSep "," (map (x: if x.from == x.to @@ -77,6 +71,7 @@ in [0]: https://aria2.github.io/manual/en/html/aria2c.html#synopsis ''; + default = { }; type = lib.types.submodule { freeformType = with lib.types; attrsOf (oneOf [ bool int float singleLineStr ]); options = { diff --git a/nixos/modules/services/ttys/getty.nix b/nixos/modules/services/ttys/getty.nix index 011016dd5fd14..e88bb4628635e 100644 --- a/nixos/modules/services/ttys/getty.nix +++ b/nixos/modules/services/ttys/getty.nix @@ -101,7 +101,7 @@ in config = { # Note: this is set here rather than up there so that changing # nixos.label would not rebuild manual pages - services.getty.greetingLine = mkDefault ''<<< Welcome to NixOS ${config.system.nixos.label} (\m) - \l >>>''; + services.getty.greetingLine = mkDefault ''<<< Welcome to ${config.system.nixos.distroName} ${config.system.nixos.label} (\m) - \l >>>''; services.getty.helpLine = mkIf (config.documentation.nixos.enable && config.documentation.doc.enable) "\nRun 'nixos-help' for the NixOS manual."; systemd.services."getty@" = @@ -158,4 +158,5 @@ in }; + meta.maintainers = with maintainers; [ RossComputerGuy ]; } diff --git a/nixos/modules/services/x11/window-managers/qtile.nix b/nixos/modules/services/x11/window-managers/qtile.nix index 700ead8366008..4603ca3fb50f0 100644 --- a/nixos/modules/services/x11/window-managers/qtile.nix +++ b/nixos/modules/services/x11/window-managers/qtile.nix @@ -7,6 +7,10 @@ let in { + imports = [ + (mkRemovedOptionModule [ "services" "xserver" "windowManager" "qtile" "backend" ] "The qtile package now provides separate display sessions for both X11 and Wayland.") + ]; + options.services.xserver.windowManager.qtile = { enable = mkEnableOption "qtile"; @@ -22,14 +26,6 @@ in ''; }; - backend = mkOption { - type = types.enum [ "x11" "wayland" ]; - default = "x11"; - description = '' - Backend to use in qtile: `x11` or `wayland`. - ''; - }; - extraPackages = mkOption { type = types.functionTo (types.listOf types.package); default = _: []; @@ -57,25 +53,14 @@ in }; config = mkIf cfg.enable { - services.xserver.windowManager.qtile.finalPackage = pkgs.python3.withPackages (p: - [ (cfg.package.unwrapped or cfg.package) ] ++ (cfg.extraPackages p) - ); - - services.xserver.windowManager.session = [{ - name = "qtile"; - start = '' - ${cfg.finalPackage}/bin/qtile start -b ${cfg.backend} \ - ${optionalString (cfg.configFile != null) - "--config \"${cfg.configFile}\""} & - waitPID=$! - ''; - }]; + services = { + xserver.windowManager.qtile.finalPackage = pkgs.python3.pkgs.qtile.override { extraPackages = cfg.extraPackages pkgs.python3.pkgs; }; + displayManager.sessionPackages = [ cfg.finalPackage ]; + }; - environment.systemPackages = [ - # pkgs.qtile is currently a buildenv of qtile and its dependencies. - # For userland commands, we want the underlying package so that - # packages such as python don't bleed into userland and overwrite intended behavior. - (cfg.package.unwrapped or cfg.package) - ]; + environment = { + etc."xdg/qtile/config.py" = mkIf (cfg.configFile != null) { source = cfg.configFile; }; + systemPackages = [ cfg.finalPackage ]; + }; }; } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index a9b6881aab0f8..746b29fd27258 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1019,7 +1019,7 @@ in { vault-agent = handleTest ./vault-agent.nix {}; vault-dev = handleTest ./vault-dev.nix {}; vault-postgresql = handleTest ./vault-postgresql.nix {}; - vaultwarden = handleTest ./vaultwarden.nix {}; + vaultwarden = discoverTests (import ./vaultwarden.nix); vector = handleTest ./vector {}; vengi-tools = handleTest ./vengi-tools.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; diff --git a/nixos/tests/firefly-iii.nix b/nixos/tests/firefly-iii.nix index 2373ba8360264..f8e4ca4bfe2b4 100644 --- a/nixos/tests/firefly-iii.nix +++ b/nixos/tests/firefly-iii.nix @@ -39,12 +39,13 @@ in DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; DB_PASSWORD_FILE = "/etc/postgres-pass"; + PGSQL_SCHEMA = "firefly"; }; }; services.postgresql = { enable = true; - package = pkgs.postgresql_15; + package = pkgs.postgresql_16; authentication = '' local all postgres peer local firefly firefly password @@ -52,6 +53,7 @@ in initialScript = pkgs.writeText "firefly-init.sql" '' CREATE USER "firefly" WITH LOGIN PASSWORD '${db-pass}'; CREATE DATABASE "firefly" WITH OWNER "firefly"; + \c firefly CREATE SCHEMA AUTHORIZATION firefly; ''; }; diff --git a/nixos/tests/qtile.nix b/nixos/tests/qtile.nix index b4d8f9d421144..96afaa342c524 100644 --- a/nixos/tests/qtile.nix +++ b/nixos/tests/qtile.nix @@ -10,7 +10,7 @@ import ./make-test-python.nix ({ lib, ...} : { test-support.displayManager.auto.user = "alice"; services.xserver.windowManager.qtile.enable = true; - services.displayManager.defaultSession = lib.mkForce "none+qtile"; + services.displayManager.defaultSession = lib.mkForce "qtile"; environment.systemPackages = [ pkgs.kitty ]; }; diff --git a/nixos/tests/vaultwarden.nix b/nixos/tests/vaultwarden.nix index 28ff170e36107..3aba3f6845fa7 100644 --- a/nixos/tests/vaultwarden.nix +++ b/nixos/tests/vaultwarden.nix @@ -1,38 +1,94 @@ -{ system ? builtins.currentSystem -, config ? { } -, pkgs ? import ../.. { inherit system config; } -}: - # These tests will: # * Set up a vaultwarden server -# * Have Firefox use the web vault to create an account, log in, and save a password to the valut +# * Have Firefox use the web vault to create an account, log in, and save a password to the vault # * Have the bw cli log in and read that password from the vault # # Note that Firefox must be on the same machine as the server for WebCrypto APIs to be available (or HTTPS must be configured) # # The same tests should work without modification on the official bitwarden server, if we ever package that. -with import ../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; let - backends = [ "sqlite" "mysql" "postgresql" ]; - - dbPassword = "please_dont_hack"; - - userEmail = "meow@example.com"; - userPassword = "also_super_secret_ZJWpBKZi668QGt"; # Must be complex to avoid interstitial warning on the signup page - - storedPassword = "seeeecret"; + makeVaultwardenTest = name: { + backend ? name, + withClient ? true, + testScript ? null, + }: import ./make-test-python.nix ({ lib, pkgs, ...}: let + dbPassword = "please_dont_hack"; + userEmail = "meow@example.com"; + userPassword = "also_super_secret_ZJWpBKZi668QGt"; # Must be complex to avoid interstitial warning on the signup page + storedPassword = "seeeecret"; + + testRunner = pkgs.writers.writePython3Bin "test-runner" { + libraries = [ pkgs.python3Packages.selenium ]; + flakeIgnore = [ "E501" ]; + } '' + + from selenium.webdriver.common.by import By + from selenium.webdriver import Firefox + from selenium.webdriver.firefox.options import Options + from selenium.webdriver.support.ui import WebDriverWait + from selenium.webdriver.support import expected_conditions as EC + + options = Options() + options.add_argument('--headless') + driver = Firefox(options=options) + + driver.implicitly_wait(20) + driver.get('http://localhost/#/register') + + wait = WebDriverWait(driver, 10) + + wait.until(EC.title_contains("Vaultwarden Web")) + + driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_email').send_keys( + '${userEmail}' + ) + driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_name').send_keys( + 'A Cat' + ) + driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_master-password').send_keys( + '${userPassword}' + ) + driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_confirm-master-password').send_keys( + '${userPassword}' + ) + if driver.find_element(By.CSS_SELECTOR, 'input#checkForBreaches').is_selected(): + driver.find_element(By.CSS_SELECTOR, 'input#checkForBreaches').click() + + driver.find_element(By.XPATH, "//button[contains(., 'Create account')]").click() + + wait.until_not(EC.title_contains("Create account")) + + driver.find_element(By.XPATH, "//button[contains(., 'Continue')]").click() + + driver.find_element(By.CSS_SELECTOR, 'input#login_input_master-password').send_keys( + '${userPassword}' + ) + driver.find_element(By.XPATH, "//button[contains(., 'Log in')]").click() + + wait.until(EC.title_contains("Vaults")) + + driver.find_element(By.XPATH, "//button[contains(., 'New item')]").click() + + driver.find_element(By.CSS_SELECTOR, 'input#name').send_keys( + 'secrets' + ) + driver.find_element(By.CSS_SELECTOR, 'input#loginPassword').send_keys( + '${storedPassword}' + ) + + driver.find_element(By.XPATH, "//button[contains(., 'Save')]").click() + ''; + in { + inherit name; - makeVaultwardenTest = backend: makeTest { - name = "vaultwarden-${backend}"; meta = { - maintainers = with pkgs.lib.maintainers; [ jjjollyjim ]; + maintainers = with pkgs.lib.maintainers; [ dotlambda SuperSandro2000 ]; }; nodes = { - server = { pkgs, ... }: - let backendConfig = { + server = { pkgs, ... }: lib.mkMerge [ + { mysql = { services.mysql = { enable = true; @@ -53,113 +109,47 @@ let postgresql = { services.postgresql = { enable = true; - initialScript = pkgs.writeText "postgresql-init.sql" '' - CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}'; - CREATE DATABASE bitwarden WITH OWNER bitwardenuser; - ''; + ensureDatabases = [ "vaultwarden" ]; + ensureUsers = [{ + name = "vaultwarden"; + ensureDBOwnership = true; + }]; }; - services.vaultwarden.config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden"; + services.vaultwarden.config.databaseUrl = "postgresql:///vaultwarden?host=/run/postgresql"; systemd.services.vaultwarden.after = [ "postgresql.service" ]; }; - sqlite = { }; - }; - in - mkMerge [ - backendConfig.${backend} - { - services.vaultwarden = { - enable = true; - dbBackend = backend; - config = { - rocketAddress = "0.0.0.0"; - rocketPort = 80; - }; - }; + sqlite = { + services.vaultwarden.backupDir = "/var/lib/vaultwarden/backups"; + + environment.systemPackages = [ pkgs.sqlite ]; + }; + }.${backend} - networking.firewall.allowedTCPPorts = [ 80 ]; - - environment.systemPackages = - let - testRunner = pkgs.writers.writePython3Bin "test-runner" - { - libraries = [ pkgs.python3Packages.selenium ]; - flakeIgnore = [ - "E501" - ]; - } '' - - from selenium.webdriver.common.by import By - from selenium.webdriver import Firefox - from selenium.webdriver.firefox.options import Options - from selenium.webdriver.support.ui import WebDriverWait - from selenium.webdriver.support import expected_conditions as EC - - options = Options() - options.add_argument('--headless') - driver = Firefox(options=options) - - driver.implicitly_wait(20) - driver.get('http://localhost/#/register') - - wait = WebDriverWait(driver, 10) - - wait.until(EC.title_contains("Vaultwarden Web")) - - driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_email').send_keys( - '${userEmail}' - ) - driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_name').send_keys( - 'A Cat' - ) - driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_master-password').send_keys( - '${userPassword}' - ) - driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_confirm-master-password').send_keys( - '${userPassword}' - ) - if driver.find_element(By.CSS_SELECTOR, 'input#checkForBreaches').is_selected(): - driver.find_element(By.CSS_SELECTOR, 'input#checkForBreaches').click() - - driver.find_element(By.XPATH, "//button[contains(., 'Create account')]").click() - - wait.until_not(EC.title_contains("Create account")) - - driver.find_element(By.XPATH, "//button[contains(., 'Continue')]").click() - - driver.find_element(By.CSS_SELECTOR, 'input#login_input_master-password').send_keys( - '${userPassword}' - ) - driver.find_element(By.XPATH, "//button[contains(., 'Log in')]").click() - - wait.until(EC.title_contains("Vaults")) - - driver.find_element(By.XPATH, "//button[contains(., 'New item')]").click() - - driver.find_element(By.CSS_SELECTOR, 'input#name').send_keys( - 'secrets' - ) - driver.find_element(By.CSS_SELECTOR, 'input#loginPassword').send_keys( - '${storedPassword}' - ) - - driver.find_element(By.XPATH, "//button[contains(., 'Save')]").click() - ''; - in - [ pkgs.firefox-unwrapped pkgs.geckodriver testRunner ]; - - } - ]; - - client = { pkgs, ... }: { - environment.systemPackages = [ pkgs.bitwarden-cli ]; - }; + services.vaultwarden = { + enable = true; + dbBackend = backend; + config = { + rocketAddress = "0.0.0.0"; + rocketPort = 80; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + environment.systemPackages = [ pkgs.firefox-unwrapped pkgs.geckodriver testRunner ]; + } + ]; + } // lib.optionalAttrs withClient { + client = { pkgs, ... }: { + environment.systemPackages = [ pkgs.bitwarden-cli ]; + }; }; - testScript = '' + testScript = if testScript != null then testScript else '' start_all() server.wait_for_unit("vaultwarden.service") server.wait_for_open_port(80) @@ -184,15 +174,37 @@ let client.succeed(f"bw --nointeraction --raw --session {key} sync -f") with subtest("get the password with the cli"): - password = client.succeed( - f"bw --nointeraction --raw --session {key} list items | ${pkgs.jq}/bin/jq -r .[].login.password" + password = client.wait_until_succeeds( + f"bw --nointeraction --raw --session {key} list items | ${pkgs.jq}/bin/jq -r .[].login.password", + timeout=60 ) assert password.strip() == "${storedPassword}" ''; - }; + }); in -builtins.listToAttrs ( - map - (backend: { name = backend; value = makeVaultwardenTest backend; }) - backends -) +builtins.mapAttrs (k: v: makeVaultwardenTest k v) { + mysql = {}; + postgresql = {}; + sqlite = {}; + sqlite-backup = { + backend = "sqlite"; + withClient = false; + + testScript = '' + start_all() + server.wait_for_unit("vaultwarden.service") + server.wait_for_open_port(80) + + with subtest("Set up vaultwarden"): + server.succeed("PYTHONUNBUFFERED=1 test-runner | systemd-cat -t test-runner") + + with subtest("Run the backup script"): + server.start_job("backup-vaultwarden.service") + + with subtest("Check that backup exists"): + server.succeed('[ -d "/var/lib/vaultwarden/backups" ]') + server.succeed('[ -f "/var/lib/vaultwarden/backups/db.sqlite3" ]') + server.succeed('[ -d "/var/lib/vaultwarden/backups/attachments" ]') + ''; + }; +} |