diff options
Diffstat (limited to 'nixos')
36 files changed, 942 insertions, 502 deletions
diff --git a/nixos/doc/manual/configuration/renaming-interfaces.section.md b/nixos/doc/manual/configuration/renaming-interfaces.section.md index b124e8303feed..18390c959b242 100644 --- a/nixos/doc/manual/configuration/renaming-interfaces.section.md +++ b/nixos/doc/manual/configuration/renaming-interfaces.section.md @@ -26,7 +26,7 @@ we assign the name `wan` to the interface with MAC address ```nix systemd.network.links."10-wan" = { - matchConfig.MACAddress = "52:54:00:12:01:01"; + matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; linkConfig.Name = "wan"; }; ``` diff --git a/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml b/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml index 1c32e30b3f850..88c9e624c82ff 100644 --- a/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml +++ b/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml @@ -32,7 +32,7 @@ </para> <programlisting language="bash"> systemd.network.links."10-wan" = { - matchConfig.MACAddress = "52:54:00:12:01:01"; + matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; linkConfig.Name = "wan"; }; </programlisting> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index fb98b6a4b01c0..96cb5187889fa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -1,9 +1,5 @@ <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.11"> <title>Release 21.11 (“Porcupine”, 2021/11/30)</title> - <para> - In addition to numerous new and upgraded packages, this release has - the following highlights: - </para> <itemizedlist spacing="compact"> <listitem> <para> @@ -14,6 +10,10 @@ </itemizedlist> <section xml:id="sec-release-21.11-highlights"> <title>Highlights</title> + <para> + In addition to numerous new and upgraded packages, this release + has the following highlights: + </para> <itemizedlist> <listitem> <para> @@ -255,14 +255,14 @@ <para> <link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs 2nd generation DHCP and DDNS server suite. Available at - <link xlink:href="options.html#opt-services.kea">services.kea</link>. + <link xlink:href="options.html#opt-services.kea.dhcp4">services.kea</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://owncast.online/">owncast</link>, self-hosted video live streaming solution. Available at - <link xlink:href="options.html#opt-services.owncast">services.owncast</link>. + <link xlink:href="options.html#opt-services.owncast.enable">services.owncast</link>. </para> </listitem> <listitem> @@ -270,7 +270,7 @@ <link xlink:href="https://joinpeertube.org/">PeerTube</link>, developed by Framasoft, is the free and decentralized alternative to video platforms. Available at - <link xlink:href="options.html#opt-services.peertube">services.peertube</link>. + <link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>. </para> </listitem> <listitem> @@ -2023,6 +2023,12 @@ Superuser created successfully. hydrus manual</link>. </para> </listitem> + <listitem> + <para> + More jdk and jre versions are now exposed via + <literal>java-packages.compiler</literal>. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index baefa0d369e5a..bb8c24ec4d1fb 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -24,7 +24,7 @@ </section> <section xml:id="sec-release-22.05-incompatibilities"> <title>Backward Incompatibilities</title> - <itemizedlist spacing="compact"> + <itemizedlist> <listitem> <para> <literal>pkgs.ghc</literal> now refers to @@ -46,6 +46,26 @@ <literal>haskellPackages.callPackage</literal>). </para> </listitem> + <listitem> + <para> + <literal>pkgs.emacsPackages.orgPackages</literal> is removed + because org elpa is deprecated. The packages in the top level + of <literal>pkgs.emacsPackages</literal>, such as org and + org-contrib, refer to the ones in + <literal>pkgs.emacsPackages.elpaPackages</literal> and + <literal>pkgs.emacsPackages.nongnuPackages</literal> where the + new versions will release. + </para> + </listitem> + <listitem> + <para> + The <literal>wafHook</literal> hook now honors + <literal>NIX_BUILD_CORES</literal> when + <literal>enableParallelBuilding</literal> is not set + explicitly. Packages can restore the old behaviour by setting + <literal>enableParallelBuilding=false</literal>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-notable-changes"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 5abfa6beb1061..584bde952a2af 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -1,11 +1,11 @@ # Release 21.11 (“Porcupine”, 2021/11/30) {#sec-release-21.11} -In addition to numerous new and upgraded packages, this release has the following highlights: - - Support is planned until the end of June 2022, handing over to 22.05. ## Highlights {#sec-release-21.11-highlights} +In addition to numerous new and upgraded packages, this release has the following highlights: + - Nix has been updated to version 2.4, reference its [release notes](https://discourse.nixos.org/t/nix-2-4-released/15822) for more information on what has changed. The previous version of Nix, 2.3.16, remains available for the time being in the `nix_2_3` package. - `iptables` now uses `nf_tables` backend. @@ -68,11 +68,11 @@ In addition to numerous new and upgraded packages, this release has the followin - [Jibri](https://github.com/jitsi/jibri), a service for recording or streaming a Jitsi Meet conference. Available as [services.jibri](options.html#opt-services.jibri.enable). -- [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea). +- [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea.dhcp4). -- [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast). +- [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast.enable). -- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube). +- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable). - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable). @@ -549,3 +549,5 @@ In addition to numerous new and upgraded packages, this release has the followin - RetroArch has been upgraded from version `1.8.5` to `1.9.13.2`. Since the previous release was quite old, if you're having issues after the upgrade, please delete your `$XDG_CONFIG_HOME/retroarch/retroarch.cfg` file. - hydrus has been upgraded from version `438` to `463`. Since upgrading between releases this old is advised against, be sure to have a backup of your data before upgrading. For details, see [the hydrus manual](https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates). + +- More jdk and jre versions are now exposed via `java-packages.compiler`. diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index a66e29bdb5f84..579bcda9ec4ff 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -10,7 +10,7 @@ In addition to numerous new and upgraded packages, this release has the followin ## Backward Incompatibilities {#sec-release-22.05-incompatibilities} -* `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`. +- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`. This *only* makes a difference if you are cross-compiling and will ensure that `pkgs.ghc` always runs on the host platform and compiles for the target platform (similar to `pkgs.gcc` for example). @@ -22,4 +22,11 @@ In addition to numerous new and upgraded packages, this release has the followin instead to ensure cross compilation keeps working (or switch to `haskellPackages.callPackage`). +- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated. + The packages in the top level of `pkgs.emacsPackages`, such as org and + org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and + `pkgs.emacsPackages.nongnuPackages` where the new versions will release. + +- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`. + ## Other Notable Changes {#sec-release-22.05-notable-changes} diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index 69e0a2afdba3d..74b52daa3c8eb 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -51,23 +51,28 @@ let }; }; -in rec { - - # Merge the option definitions in all modules, forming the full - # system configuration. - inherit (lib.evalModules { + noUserModules = lib.evalModules { inherit prefix check; - modules = baseModules ++ extraModules ++ [ pkgsModule ] ++ modules; + modules = baseModules ++ extraModules ++ [ pkgsModule ]; args = extraArgs; specialArgs = { modulesPath = builtins.toString ../modules; } // specialArgs; - }) config options _module type; + }; # These are the extra arguments passed to every module. In # particular, Nixpkgs is passed through the "pkgs" argument. extraArgs = extraArgs_ // { - inherit baseModules extraModules modules; + inherit noUserModules baseModules extraModules modules; }; +in rec { + + # Merge the option definitions in all modules, forming the full + # system configuration. + inherit (noUserModules.extendModules { inherit modules; }) + config options _module type; + + inherit extraArgs; + inherit (_module.args) pkgs; } diff --git a/nixos/lib/qemu-common.nix b/nixos/lib/qemu-common.nix index 1a1f7531feb0b..f3af85040bd62 100644 --- a/nixos/lib/qemu-common.nix +++ b/nixos/lib/qemu-common.nix @@ -22,7 +22,7 @@ rec { else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'"; qemuBinary = qemuPkg: { - x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu max"; + x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu qemu64"; armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host"; aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host"; powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py index 643446f313e3a..2cdf4fc2732ea 100755 --- a/nixos/lib/test-driver/test-driver.py +++ b/nixos/lib/test-driver/test-driver.py @@ -171,7 +171,7 @@ class Logger: yield self.drain_log_queue() toc = time.time() - self.log("({:.2f} seconds)".format(toc - tic)) + self.log("(finished: {}, in {:.2f} seconds)".format(message, toc - tic)) self.xml.endElement("nest") @@ -490,23 +490,24 @@ class Machine: return rootlog.nested(msg, my_attrs) def wait_for_monitor_prompt(self) -> str: - assert self.monitor is not None - answer = "" - while True: - undecoded_answer = self.monitor.recv(1024) - if not undecoded_answer: - break - answer += undecoded_answer.decode() - if answer.endswith("(qemu) "): - break - return answer + with self.nested("waiting for monitor prompt"): + assert self.monitor is not None + answer = "" + while True: + undecoded_answer = self.monitor.recv(1024) + if not undecoded_answer: + break + answer += undecoded_answer.decode() + if answer.endswith("(qemu) "): + break + return answer def send_monitor_command(self, command: str) -> str: - message = ("{}\n".format(command)).encode() - self.log("sending monitor command: {}".format(command)) - assert self.monitor is not None - self.monitor.send(message) - return self.wait_for_monitor_prompt() + with self.nested("sending monitor command: {}".format(command)): + message = ("{}\n".format(command)).encode() + assert self.monitor is not None + self.monitor.send(message) + return self.wait_for_monitor_prompt() def wait_for_unit(self, unit: str, user: Optional[str] = None) -> None: """Wait for a systemd unit to get into "active" state. @@ -533,7 +534,12 @@ class Machine: return state == "active" - retry(check_active) + with self.nested( + "waiting for unit {}{}".format( + unit, f" with user {user}" if user is not None else "" + ) + ): + retry(check_active) def get_unit_info(self, unit: str, user: Optional[str] = None) -> Dict[str, str]: status, lines = self.systemctl('--no-pager show "{}"'.format(unit), user) @@ -597,9 +603,14 @@ class Machine: break return "".join(output_buffer) - def execute(self, command: str, check_return: bool = True) -> Tuple[int, str]: + def execute( + self, command: str, check_return: bool = True, timeout: Optional[int] = 900 + ) -> Tuple[int, str]: self.connect() + if timeout is not None: + command = "timeout {} sh -c {}".format(timeout, shlex.quote(command)) + out_command = f"( set -euo pipefail; {command} ) | (base64 --wrap 0; echo)\n" assert self.shell self.shell.send(out_command.encode()) @@ -629,12 +640,12 @@ class Machine: pass_fds=[self.shell.fileno()], ) - def succeed(self, *commands: str) -> str: + def succeed(self, *commands: str, timeout: Optional[int] = None) -> str: """Execute each command and check that it succeeds.""" output = "" for command in commands: with self.nested("must succeed: {}".format(command)): - (status, out) = self.execute(command) + (status, out) = self.execute(command, timeout=timeout) if status != 0: self.log("output: {}".format(out)) raise Exception( @@ -643,12 +654,12 @@ class Machine: output += out return output - def fail(self, *commands: str) -> str: + def fail(self, *commands: str, timeout: Optional[int] = None) -> str: """Execute each command and check that it fails.""" output = "" for command in commands: with self.nested("must fail: {}".format(command)): - (status, out) = self.execute(command) + (status, out) = self.execute(command, timeout=timeout) if status == 0: raise Exception( "command `{}` unexpectedly succeeded".format(command) @@ -664,14 +675,14 @@ class Machine: def check_success(_: Any) -> bool: nonlocal output - status, output = self.execute(command) + status, output = self.execute(command, timeout=timeout) return status == 0 with self.nested("waiting for success: {}".format(command)): retry(check_success, timeout) return output - def wait_until_fails(self, command: str) -> str: + def wait_until_fails(self, command: str, timeout: int = 900) -> str: """Wait until a command returns failure. Throws an exception on timeout. """ @@ -679,7 +690,7 @@ class Machine: def check_failure(_: Any) -> bool: nonlocal output - status, output = self.execute(command) + status, output = self.execute(command, timeout=timeout) return status != 0 with self.nested("waiting for failure: {}".format(command)): @@ -752,7 +763,8 @@ class Machine: status, _ = self.execute("nc -z localhost {}".format(port)) return status != 0 - retry(port_is_closed) + with self.nested("waiting for TCP port {} to be closed"): + retry(port_is_closed) def start_job(self, jobname: str, user: Optional[str] = None) -> Tuple[int, str]: return self.systemctl("start {}".format(jobname), user) @@ -886,20 +898,20 @@ class Machine: retry(screen_matches) def wait_for_console_text(self, regex: str) -> None: - self.log("waiting for {} to appear on console".format(regex)) - # Buffer the console output, this is needed - # to match multiline regexes. - console = io.StringIO() - while True: - try: - console.write(self.last_lines.get()) - except queue.Empty: - self.sleep(1) - continue - console.seek(0) - matches = re.search(regex, console.read()) - if matches is not None: - return + with self.nested("waiting for {} to appear on console".format(regex)): + # Buffer the console output, this is needed + # to match multiline regexes. + console = io.StringIO() + while True: + try: + console.write(self.last_lines.get()) + except queue.Empty: + self.sleep(1) + continue + console.seek(0) + matches = re.search(regex, console.read()) + if matches is not None: + return def send_key(self, key: str) -> None: key = CHAR_TO_KEY.get(key, key) @@ -1014,7 +1026,7 @@ class Machine: ) return any(pattern.search(name) for name in names) - with self.nested("Waiting for a window to appear"): + with self.nested("waiting for a window to appear"): retry(window_is_visible) def sleep(self, secs: int) -> None: diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 5b379505608a4..ff4225dc29adb 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -179,7 +179,7 @@ in in mkIf enabled { assertions = [ { - assertion = with config.services.xserver.displayManager; gdm.nvidiaWayland -> cfg.modesetting.enable; + assertion = with config.services.xserver.displayManager; (gdm.enable && gdm.nvidiaWayland) -> cfg.modesetting.enable; message = "You cannot use wayland with GDM without modesetting enabled for NVIDIA drivers, set `hardware.nvidia.modesetting.enable = true`"; } diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f392ca52566fb..273ed95e1bce1 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -351,6 +351,7 @@ in hqplayer = 319; moonraker = 320; distcc = 321; + webdav = 322; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -656,6 +657,7 @@ in hqplayer = 319; moonraker = 320; distcc = 321; + webdav = 322; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 3638bebed931b..5fd82aa963bff 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -84,12 +84,15 @@ in { "bdev" "binfmt" "binfmt_misc" + "ceph" "cgroup" + "cgroup2" "cifs" "coda" "configfs" "cramfs" "cpuset" + "curlftpfs" "debugfs" "devfs" "devpts" @@ -101,6 +104,13 @@ in { "ftpfs" "fuse" "fusectl" + "fusesmb" + "fuse.ceph" + "fuse.glusterfs" + "fuse.gvfsd-fuse" + "fuse.mfs" + "fuse.rclone" + "fuse.rozofs" "fuse.sshfs" "gfs" "gfs2" @@ -110,9 +120,15 @@ in { "iso9660" "jffs2" "lustre" + "lustre_lite" "misc" + "mfs" "mqueue" "ncpfs" + "nfs" + "NFS" + "nfs4" + "nfsd" "nnpfs" "ocfs" "ocfs2" @@ -127,16 +143,14 @@ in { "smbfs" "sockfs" "spufs" - "nfs" - "NFS" - "nfs4" - "nfsd" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" + "tracefs" "ubifs" + "udev" "udf" "usbfs" "vboxsf" @@ -202,7 +216,7 @@ in { PRUNEFS="${lib.concatStringsSep " " cfg.pruneFS}" PRUNENAMES="${lib.concatStringsSep " " cfg.pruneNames}" PRUNEPATHS="${lib.concatStringsSep " " cfg.prunePaths}" - PRUNE_BIND_MOUNTSFR="${lib.boolToString cfg.pruneBindMounts}" + PRUNE_BIND_MOUNTS="${if cfg.pruneBindMounts then "yes" else "no"}" ''; }; }; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9eca0b8d65f23..1d51fca02fbf1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -685,6 +685,7 @@ ./services/network-filesystems/diod.nix ./services/network-filesystems/u9fs.nix ./services/network-filesystems/webdav.nix + ./services/network-filesystems/webdav-server-rs.nix ./services/network-filesystems/yandex-disk.nix ./services/network-filesystems/xtreemfs.nix ./services/network-filesystems/ceph.nix diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 8249da948c6d8..bf93800a0af40 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -253,7 +253,7 @@ chmod 400 /var/lib/secrets/certs.secret </programlisting> <para> - Now you're all set to generate certs! You should monitor the first invokation + Now you're all set to generate certs! You should monitor the first invocation by running <literal>systemctl start acme-example.com.service & journalctl -fu acme-example.com.service</literal> and watching its log output. </para> diff --git a/nixos/modules/services/misc/home-assistant.nix b/nixos/modules/services/misc/home-assistant.nix index 8279d075bafbc..2de25d87ed398 100644 --- a/nixos/modules/services/misc/home-assistant.nix +++ b/nixos/modules/services/misc/home-assistant.nix @@ -24,6 +24,8 @@ let availableComponents = cfg.package.availableComponents; + explicitComponents = cfg.package.extraComponents; + usedPlatforms = config: if isAttrs config then optional (config ? platform) config.platform @@ -42,10 +44,13 @@ let # } ]; useComponentPlatform = component: elem component (usedPlatforms cfg.config); - # Returns whether component is used in config + useExplicitComponent = component: elem component explicitComponents; + + # Returns whether component is used in config or explicitly passed into package useComponent = component: hasAttrByPath (splitString "." component) cfg.config - || useComponentPlatform component; + || useComponentPlatform component + || useExplicitComponent component; # List of components used in config extraComponents = filter useComponent availableComponents; diff --git a/nixos/modules/services/network-filesystems/webdav-server-rs.nix b/nixos/modules/services/network-filesystems/webdav-server-rs.nix new file mode 100644 index 0000000000000..1c5c299cb6735 --- /dev/null +++ b/nixos/modules/services/network-filesystems/webdav-server-rs.nix @@ -0,0 +1,144 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.webdav-server-rs; + format = pkgs.formats.toml { }; + settings = recursiveUpdate + { + server.uid = config.users.users."${cfg.user}".uid; + server.gid = config.users.groups."${cfg.group}".gid; + } + cfg.settings; +in +{ + options = { + services.webdav-server-rs = { + enable = mkEnableOption "WebDAV server"; + + user = mkOption { + type = types.str; + default = "webdav"; + description = "User to run under when setuid is not enabled."; + }; + + group = mkOption { + type = types.str; + default = "webdav"; + description = "Group to run under when setuid is not enabled."; + }; + + settings = mkOption { + type = format.type; + default = { }; + description = '' + Attrset that is converted and passed as config file. Available + options can be found at + <link xlink:href="https://github.com/miquels/webdav-server-rs/blob/master/webdav-server.toml">here</link>. + ''; + example = literalExpression '' + { + server.listen = [ "0.0.0.0:4918" "[::]:4918" ]; + accounts = { + auth-type = "htpasswd.default"; + acct-type = "unix"; + }; + htpasswd.default = { + htpasswd = "/etc/htpasswd"; + }; + location = [ + { + route = [ "/public/*path" ]; + directory = "/srv/public"; + handler = "filesystem"; + methods = [ "webdav-ro" ]; + autoindex = true; + auth = "false"; + } + { + route = [ "/user/:user/*path" ]; + directory = "~"; + handler = "filesystem"; + methods = [ "webdav-rw" ]; + autoindex = true; + auth = "true"; + setuid = true; + } + ]; + } + ''; + }; + + configFile = mkOption { + type = types.path; + default = format.generate "webdav-server.toml" settings; + defaultText = "Config file generated from services.webdav-server-rs.settings"; + description = '' + Path to config file. If this option is set, it will override any + configuration done in services.webdav-server-rs.settings. + ''; + example = "/etc/webdav-server.toml"; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = hasAttr cfg.user config.users.users && config.users.users."${cfg.user}".uid != null; + message = "users.users.${cfg.user} and users.users.${cfg.user}.uid must be defined."; + } + { + assertion = hasAttr cfg.group config.users.groups && config.users.groups."${cfg.group}".gid != null; + message = "users.groups.${cfg.group} and users.groups.${cfg.group}.gid must be defined."; + } + ]; + + users.users = optionalAttrs (cfg.user == "webdav") { + webdav = { + description = "WebDAV user"; + group = cfg.group; + uid = config.ids.uids.webdav; + }; + }; + + users.groups = optionalAttrs (cfg.group == "webdav") { + webdav.gid = config.ids.gids.webdav; + }; + + systemd.services.webdav-server-rs = { + description = "WebDAV server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.webdav-server-rs}/bin/webdav-server -c ${cfg.configFile}"; + + CapabilityBoundingSet = [ + "CAP_SETUID" + "CAP_SETGID" + ]; + + NoExecPaths = [ "/" ]; + ExecPaths = [ "/nix/store" ]; + + # This program actively detects if it is running in root user account + # when it starts and uses root privilege to switch process uid to + # respective unix user when a user logs in. Maybe we can enable + # DynamicUser in the future when it's able to detect CAP_SETUID and + # CAP_SETGID capabilities. + + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = true; + }; + }; + }; + + meta.maintainers = with maintainers; [ pmy ]; +} diff --git a/nixos/modules/services/network-filesystems/webdav.nix b/nixos/modules/services/network-filesystems/webdav.nix index 4086a0f5d5620..a810af40fd478 100644 --- a/nixos/modules/services/network-filesystems/webdav.nix +++ b/nixos/modules/services/network-filesystems/webdav.nix @@ -80,13 +80,13 @@ in users.users = mkIf (cfg.user == "webdav") { webdav = { description = "WebDAV daemon user"; - isSystemUser = true; group = cfg.group; + uid = config.ids.uids.webdav; }; }; users.groups = mkIf (cfg.group == "webdav") { - webdav = { }; + webdav.gid = config.ids.gids.webdav; }; systemd.services.webdav = { @@ -103,5 +103,5 @@ in }; }; - meta.maintainers = with maintainers; [ pengmeiyu ]; + meta.maintainers = with maintainers; [ pmy ]; } diff --git a/nixos/modules/services/networking/charybdis.nix b/nixos/modules/services/networking/charybdis.nix index 43829d36e4176..ff09c0160cb67 100644 --- a/nixos/modules/services/networking/charybdis.nix +++ b/nixos/modules/services/networking/charybdis.nix @@ -85,14 +85,21 @@ in "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -" ]; + environment.etc."charybdis/ircd.conf".source = configFile; + systemd.services.charybdis = { description = "Charybdis IRC daemon"; wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ + configFile + ]; environment = { BANDB_DBPATH = "${cfg.statedir}/ban.db"; }; serviceConfig = { - ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; + ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile /etc/charybdis/ircd.conf"; + ExecReload = "${coreutils}/bin/kill -HUP $MAINPID"; Group = cfg.group; User = cfg.user; }; diff --git a/nixos/modules/services/networking/lxd-image-server.nix b/nixos/modules/services/networking/lxd-image-server.nix index 5ec6cacffa497..b119ba8acf634 100644 --- a/nixos/modules/services/networking/lxd-image-server.nix +++ b/nixos/modules/services/networking/lxd-image-server.nix @@ -55,9 +55,8 @@ in path = "/var/log/lxd-image-server/lxd-image-server.log"; frequency = "daily"; keep = 21; - user = "lxd-image-server"; - group = cfg.group; extraConfig = '' + create 755 lxd-image-server ${cfg.group} missingok compress delaycompress diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index 7fc145f2303d7..390f0ddaee83c 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -37,8 +37,6 @@ in nix-store --generate-binary-cache-key key-name secret-key-file public-key-file ``` - Make sure user `nix-serve` has read access to the private key file. - For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>. ''; }; @@ -61,16 +59,22 @@ in path = [ config.nix.package.out pkgs.bzip2.bin ]; environment.NIX_REMOTE = "daemon"; - environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; + + script = '' + ${lib.optionalString (cfg.secretKeyFile != null) '' + export NIX_SECRET_KEY_FILE="$CREDENTIALS_DIRECTORY/NIX_SECRET_KEY_FILE" + ''} + exec ${pkgs.nix-serve}/bin/nix-serve --listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams} + ''; serviceConfig = { Restart = "always"; RestartSec = "5s"; - ExecStart = "${pkgs.nix-serve}/bin/nix-serve " + - "--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}"; User = "nix-serve"; Group = "nix-serve"; DynamicUser = true; + LoadCredential = lib.optionalString (cfg.secretKeyFile != null) + "NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}"; }; }; }; diff --git a/nixos/modules/services/networking/shairport-sync.nix b/nixos/modules/services/networking/shairport-sync.nix index ac526c0e9f6f4..eb61663e4d922 100644 --- a/nixos/modules/services/networking/shairport-sync.nix +++ b/nixos/modules/services/networking/shairport-sync.nix @@ -36,6 +36,14 @@ in ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to automatically open ports in the firewall. + ''; + }; + user = mkOption { type = types.str; default = "shairport"; @@ -45,6 +53,15 @@ in ''; }; + group = mkOption { + type = types.str; + default = "shairport"; + description = '' + Group account name under which to run shairport-sync. The account + will be created. + ''; + }; + }; }; @@ -58,13 +75,22 @@ in services.avahi.publish.enable = true; services.avahi.publish.userServices = true; - users.users.${cfg.user} = - { description = "Shairport user"; + users = { + users.${cfg.user} = { + description = "Shairport user"; isSystemUser = true; createHome = true; home = "/var/lib/shairport-sync"; + group = cfg.group; extraGroups = [ "audio" ] ++ optional config.hardware.pulseaudio.enable "pulse"; }; + groups.${cfg.group} = {}; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ 5000 ]; + allowedUDPPortRanges = [ { from = 6001; to = 6011; } ]; + }; systemd.services.shairport-sync = { @@ -73,6 +99,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { User = cfg.user; + Group = cfg.group; ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}"; RuntimeDirectory = "shairport-sync"; }; diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix index db7f81acd2a39..27b2ceed1a430 100644 --- a/nixos/modules/services/security/step-ca.nix +++ b/nixos/modules/services/security/step-ca.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, nixosTests, ... }: let cfg = config.services.step-ca; settingsFormat = (pkgs.formats.json { }); @@ -82,6 +82,8 @@ in }); in { + passthru.tests.step-ca = nixosTests.step-ca; + assertions = [ { diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index a6ff467914a10..b8b38f6ba93c7 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -67,7 +67,7 @@ in description = ""; }; options.message-level = mkOption { - type = types.ints.between 0 2; + type = types.ints.between 0 3; default = 2; description = "Set verbosity of transmission messages."; }; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 5717b86b3bea6..96e45cfc4f77d 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -79,6 +79,11 @@ let # we use a list of mime types from the mailcap package, which is also # used by most other Linux distributions by default. include ${pkgs.mailcap}/etc/nginx/mime.types; + # When recommendedOptimisation is disabled nginx fails to start because the mailmap mime.types database + # contains 1026 enries and the default is only 1024. Setting to a higher number to remove the need to + # overwrite it because nginx does not allow duplicated settings. + types_hash_max_size 4096; + include ${cfg.package}/conf/fastcgi.conf; include ${cfg.package}/conf/uwsgi_params; @@ -113,7 +118,6 @@ let tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; - types_hash_max_size 4096; ''} ssl_protocols ${cfg.sslProtocols}; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.xml b/nixos/modules/services/x11/desktop-managers/gnome.xml index 6c53bacacb322..e5da7740196e1 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.xml +++ b/nixos/modules/services/x11/desktop-managers/gnome.xml @@ -126,21 +126,6 @@ </programlisting> </section> - <section xml:id="sec-gnome-gdm"> - <title>GDM</title> - - <para> - If you want to use GNOME Wayland session on Nvidia hardware, you need to enable: - </para> - -<programlisting> -<xref linkend="opt-services.xserver.displayManager.gdm.nvidiaWayland"/> = true; -</programlisting> - - <para> - as the default configuration will forbid this. - </para> - </section> <section xml:id="sec-gnome-icons-and-gtk-themes"> <title>Icons and GTK Themes</title> diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 9a7532b476415..84b75c83aeab4 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -312,7 +312,7 @@ in }; systemd.tmpfiles.rules = [ - "d /run/lightdm 0711 lightdm lightdm 0" + "d /run/lightdm 0711 lightdm lightdm -" "d /var/cache/lightdm 0711 root lightdm -" "d /var/lib/lightdm 1770 lightdm lightdm -" "d /var/lib/lightdm-data 1775 lightdm lightdm -" diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 026fd1791d33f..b04577aeb83e4 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modules, baseModules, specialArgs, ... }: +{ config, lib, pkgs, extendModules, noUserModules, ... }: with lib; @@ -11,16 +11,10 @@ let # you can provide an easy way to boot the same configuration # as you use, but with another kernel # !!! fix this - children = mapAttrs (childName: childConfig: - (import ../../../lib/eval-config.nix { - inherit lib baseModules specialArgs; - system = config.nixpkgs.initialSystem; - modules = - (optionals childConfig.inheritParentConfig modules) - ++ [ ./no-clone.nix ] - ++ [ childConfig.configuration ]; - }).config.system.build.toplevel - ) config.specialisation; + children = + mapAttrs + (childName: childConfig: childConfig.configuration.system.build.toplevel) + config.specialisation; systemBuilder = let @@ -169,7 +163,11 @@ in </screen> ''; type = types.attrsOf (types.submodule ( - { ... }: { + local@{ ... }: let + extend = if local.config.inheritParentConfig + then extendModules + else noUserModules.extendModules; + in { options.inheritParentConfig = mkOption { type = types.bool; default = true; @@ -178,7 +176,15 @@ in options.configuration = mkOption { default = {}; - description = "Arbitrary NixOS configuration options."; + description = '' + Arbitrary NixOS configuration. + + Anything you can add to a normal NixOS configuration, you can add + here, including imports and config values, although nested + specialisations will be ignored. + ''; + visible = "shallow"; + inherit (extend { modules = [ ./no-clone.nix ]; }) type; }; }) ); diff --git a/nixos/modules/virtualisation/amazon-ec2-amis.nix b/nixos/modules/virtualisation/amazon-ec2-amis.nix new file mode 100644 index 0000000000000..91b5237e3371d --- /dev/null +++ b/nixos/modules/virtualisation/amazon-ec2-amis.nix @@ -0,0 +1,444 @@ +let self = { + "14.04".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-71c6f470"; + "14.04".ap-northeast-1.x86_64-linux.pv-ebs = "ami-4dcbf84c"; + "14.04".ap-northeast-1.x86_64-linux.pv-s3 = "ami-8fc4f68e"; + "14.04".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-da280888"; + "14.04".ap-southeast-1.x86_64-linux.pv-ebs = "ami-7a9dbc28"; + "14.04".ap-southeast-1.x86_64-linux.pv-s3 = "ami-c4290996"; + "14.04".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-ab523e91"; + "14.04".ap-southeast-2.x86_64-linux.pv-ebs = "ami-6769055d"; + "14.04".ap-southeast-2.x86_64-linux.pv-s3 = "ami-15533f2f"; + "14.04".eu-central-1.x86_64-linux.hvm-ebs = "ami-ba0234a7"; + "14.04".eu-west-1.x86_64-linux.hvm-ebs = "ami-96cb63e1"; + "14.04".eu-west-1.x86_64-linux.pv-ebs = "ami-b48c25c3"; + "14.04".eu-west-1.x86_64-linux.pv-s3 = "ami-06cd6571"; + "14.04".sa-east-1.x86_64-linux.hvm-ebs = "ami-01b90e1c"; + "14.04".sa-east-1.x86_64-linux.pv-ebs = "ami-69e35474"; + "14.04".sa-east-1.x86_64-linux.pv-s3 = "ami-61b90e7c"; + "14.04".us-east-1.x86_64-linux.hvm-ebs = "ami-58ba3a30"; + "14.04".us-east-1.x86_64-linux.pv-ebs = "ami-9e0583f6"; + "14.04".us-east-1.x86_64-linux.pv-s3 = "ami-9cbe3ef4"; + "14.04".us-west-1.x86_64-linux.hvm-ebs = "ami-0bc3d74e"; + "14.04".us-west-1.x86_64-linux.pv-ebs = "ami-8b1703ce"; + "14.04".us-west-1.x86_64-linux.pv-s3 = "ami-27ccd862"; + "14.04".us-west-2.x86_64-linux.hvm-ebs = "ami-3bf1bf0b"; + "14.04".us-west-2.x86_64-linux.pv-ebs = "ami-259bd515"; + "14.04".us-west-2.x86_64-linux.pv-s3 = "ami-07094037"; + + "14.12".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-24435f25"; + "14.12".ap-northeast-1.x86_64-linux.pv-ebs = "ami-b0425eb1"; + "14.12".ap-northeast-1.x86_64-linux.pv-s3 = "ami-fed3c6ff"; + "14.12".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-6c765d3e"; + "14.12".ap-southeast-1.x86_64-linux.pv-ebs = "ami-6a765d38"; + "14.12".ap-southeast-1.x86_64-linux.pv-s3 = "ami-d1bf9183"; + "14.12".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-af86f395"; + "14.12".ap-southeast-2.x86_64-linux.pv-ebs = "ami-b386f389"; + "14.12".ap-southeast-2.x86_64-linux.pv-s3 = "ami-69c5ae53"; + "14.12".eu-central-1.x86_64-linux.hvm-ebs = "ami-4a497a57"; + "14.12".eu-central-1.x86_64-linux.pv-ebs = "ami-4c497a51"; + "14.12".eu-central-1.x86_64-linux.pv-s3 = "ami-60f2c27d"; + "14.12".eu-west-1.x86_64-linux.hvm-ebs = "ami-d126a5a6"; + "14.12".eu-west-1.x86_64-linux.pv-ebs = "ami-0126a576"; + "14.12".eu-west-1.x86_64-linux.pv-s3 = "ami-deda5fa9"; + "14.12".sa-east-1.x86_64-linux.hvm-ebs = "ami-2d239e30"; + "14.12".sa-east-1.x86_64-linux.pv-ebs = "ami-35239e28"; + "14.12".sa-east-1.x86_64-linux.pv-s3 = "ami-81e3519c"; + "14.12".us-east-1.x86_64-linux.hvm-ebs = "ami-0c463a64"; + "14.12".us-east-1.x86_64-linux.pv-ebs = "ami-ac473bc4"; + "14.12".us-east-1.x86_64-linux.pv-s3 = "ami-00e18a68"; + "14.12".us-west-1.x86_64-linux.hvm-ebs = "ami-ca534a8f"; + "14.12".us-west-1.x86_64-linux.pv-ebs = "ami-3e534a7b"; + "14.12".us-west-1.x86_64-linux.pv-s3 = "ami-2905196c"; + "14.12".us-west-2.x86_64-linux.hvm-ebs = "ami-fb9dc3cb"; + "14.12".us-west-2.x86_64-linux.pv-ebs = "ami-899dc3b9"; + "14.12".us-west-2.x86_64-linux.pv-s3 = "ami-cb7f2dfb"; + + "15.09".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-58cac236"; + "15.09".ap-northeast-1.x86_64-linux.hvm-s3 = "ami-39c8c057"; + "15.09".ap-northeast-1.x86_64-linux.pv-ebs = "ami-5ac9c134"; + "15.09".ap-northeast-1.x86_64-linux.pv-s3 = "ami-03cec66d"; + "15.09".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-2fc2094c"; + "15.09".ap-southeast-1.x86_64-linux.hvm-s3 = "ami-9ec308fd"; + "15.09".ap-southeast-1.x86_64-linux.pv-ebs = "ami-95c00bf6"; + "15.09".ap-southeast-1.x86_64-linux.pv-s3 = "ami-bfc00bdc"; + "15.09".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-996c4cfa"; + "15.09".ap-southeast-2.x86_64-linux.hvm-s3 = "ami-3f6e4e5c"; + "15.09".ap-southeast-2.x86_64-linux.pv-ebs = "ami-066d4d65"; + "15.09".ap-southeast-2.x86_64-linux.pv-s3 = "ami-cc6e4eaf"; + "15.09".eu-central-1.x86_64-linux.hvm-ebs = "ami-3f8c6b50"; + "15.09".eu-central-1.x86_64-linux.hvm-s3 = "ami-5b836434"; + "15.09".eu-central-1.x86_64-linux.pv-ebs = "ami-118c6b7e"; + "15.09".eu-central-1.x86_64-linux.pv-s3 = "ami-2c977043"; + "15.09".eu-west-1.x86_64-linux.hvm-ebs = "ami-9cf04aef"; + "15.09".eu-west-1.x86_64-linux.hvm-s3 = "ami-2bea5058"; + "15.09".eu-west-1.x86_64-linux.pv-ebs = "ami-c9e852ba"; + "15.09".eu-west-1.x86_64-linux.pv-s3 = "ami-c6f64cb5"; + "15.09".sa-east-1.x86_64-linux.hvm-ebs = "ami-6e52df02"; + "15.09".sa-east-1.x86_64-linux.hvm-s3 = "ami-1852df74"; + "15.09".sa-east-1.x86_64-linux.pv-ebs = "ami-4368e52f"; + "15.09".sa-east-1.x86_64-linux.pv-s3 = "ami-f15ad79d"; + "15.09".us-east-1.x86_64-linux.hvm-ebs = "ami-84a6a0ee"; + "15.09".us-east-1.x86_64-linux.hvm-s3 = "ami-06a7a16c"; + "15.09".us-east-1.x86_64-linux.pv-ebs = "ami-a4a1a7ce"; + "15.09".us-east-1.x86_64-linux.pv-s3 = "ami-5ba8ae31"; + "15.09".us-west-1.x86_64-linux.hvm-ebs = "ami-22c8bb42"; + "15.09".us-west-1.x86_64-linux.hvm-s3 = "ami-a2ccbfc2"; + "15.09".us-west-1.x86_64-linux.pv-ebs = "ami-10cebd70"; + "15.09".us-west-1.x86_64-linux.pv-s3 = "ami-fa30429a"; + "15.09".us-west-2.x86_64-linux.hvm-ebs = "ami-ce57b9ae"; + "15.09".us-west-2.x86_64-linux.hvm-s3 = "ami-2956b849"; + "15.09".us-west-2.x86_64-linux.pv-ebs = "ami-005fb160"; + "15.09".us-west-2.x86_64-linux.pv-s3 = "ami-cd55bbad"; + + "16.03".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-40619d21"; + "16.03".ap-northeast-1.x86_64-linux.hvm-s3 = "ami-ce629eaf"; + "16.03".ap-northeast-1.x86_64-linux.pv-ebs = "ami-ef639f8e"; + "16.03".ap-northeast-1.x86_64-linux.pv-s3 = "ami-a1609cc0"; + "16.03".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-deca00b0"; + "16.03".ap-northeast-2.x86_64-linux.hvm-s3 = "ami-a3b77dcd"; + "16.03".ap-northeast-2.x86_64-linux.pv-ebs = "ami-7bcb0115"; + "16.03".ap-northeast-2.x86_64-linux.pv-s3 = "ami-a2b77dcc"; + "16.03".ap-south-1.x86_64-linux.hvm-ebs = "ami-0dff9562"; + "16.03".ap-south-1.x86_64-linux.hvm-s3 = "ami-13f69c7c"; + "16.03".ap-south-1.x86_64-linux.pv-ebs = "ami-0ef39961"; + "16.03".ap-south-1.x86_64-linux.pv-s3 = "ami-e0c8a28f"; + "16.03".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-5e964a3d"; + "16.03".ap-southeast-1.x86_64-linux.hvm-s3 = "ami-4d964a2e"; + "16.03".ap-southeast-1.x86_64-linux.pv-ebs = "ami-ec9b478f"; + "16.03".ap-southeast-1.x86_64-linux.pv-s3 = "ami-999b47fa"; + "16.03".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-9f7359fc"; + "16.03".ap-southeast-2.x86_64-linux.hvm-s3 = "ami-987359fb"; + "16.03".ap-southeast-2.x86_64-linux.pv-ebs = "ami-a2705ac1"; + "16.03".ap-southeast-2.x86_64-linux.pv-s3 = "ami-a3705ac0"; + "16.03".eu-central-1.x86_64-linux.hvm-ebs = "ami-17a45178"; + "16.03".eu-central-1.x86_64-linux.hvm-s3 = "ami-f9a55096"; + "16.03".eu-central-1.x86_64-linux.pv-ebs = "ami-c8a550a7"; + "16.03".eu-central-1.x86_64-linux.pv-s3 = "ami-6ea45101"; + "16.03".eu-west-1.x86_64-linux.hvm-ebs = "ami-b5b3d5c6"; + "16.03".eu-west-1.x86_64-linux.hvm-s3 = "ami-c986e0ba"; + "16.03".eu-west-1.x86_64-linux.pv-ebs = "ami-b083e5c3"; + "16.03".eu-west-1.x86_64-linux.pv-s3 = "ami-3c83e54f"; + "16.03".sa-east-1.x86_64-linux.hvm-ebs = "ami-f6eb7f9a"; + "16.03".sa-east-1.x86_64-linux.hvm-s3 = "ami-93e773ff"; + "16.03".sa-east-1.x86_64-linux.pv-ebs = "ami-cbb82ca7"; + "16.03".sa-east-1.x86_64-linux.pv-s3 = "ami-abb82cc7"; + "16.03".us-east-1.x86_64-linux.hvm-ebs = "ami-c123a3d6"; + "16.03".us-east-1.x86_64-linux.hvm-s3 = "ami-bc25a5ab"; + "16.03".us-east-1.x86_64-linux.pv-ebs = "ami-bd25a5aa"; + "16.03".us-east-1.x86_64-linux.pv-s3 = "ami-a325a5b4"; + "16.03".us-west-1.x86_64-linux.hvm-ebs = "ami-748bcd14"; + "16.03".us-west-1.x86_64-linux.hvm-s3 = "ami-a68dcbc6"; + "16.03".us-west-1.x86_64-linux.pv-ebs = "ami-048acc64"; + "16.03".us-west-1.x86_64-linux.pv-s3 = "ami-208dcb40"; + "16.03".us-west-2.x86_64-linux.hvm-ebs = "ami-8263a0e2"; + "16.03".us-west-2.x86_64-linux.hvm-s3 = "ami-925c9ff2"; + "16.03".us-west-2.x86_64-linux.pv-ebs = "ami-5e61a23e"; + "16.03".us-west-2.x86_64-linux.pv-s3 = "ami-734c8f13"; + + # 16.09.1508.3909827 + "16.09".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-68453b0f"; + "16.09".ap-northeast-1.x86_64-linux.hvm-s3 = "ami-f9bec09e"; + "16.09".ap-northeast-1.x86_64-linux.pv-ebs = "ami-254a3442"; + "16.09".ap-northeast-1.x86_64-linux.pv-s3 = "ami-ef473988"; + "16.09".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-18ae7f76"; + "16.09".ap-northeast-2.x86_64-linux.hvm-s3 = "ami-9eac7df0"; + "16.09".ap-northeast-2.x86_64-linux.pv-ebs = "ami-57aa7b39"; + "16.09".ap-northeast-2.x86_64-linux.pv-s3 = "ami-5cae7f32"; + "16.09".ap-south-1.x86_64-linux.hvm-ebs = "ami-b3f98fdc"; + "16.09".ap-south-1.x86_64-linux.hvm-s3 = "ami-98e690f7"; + "16.09".ap-south-1.x86_64-linux.pv-ebs = "ami-aef98fc1"; + "16.09".ap-south-1.x86_64-linux.pv-s3 = "ami-caf88ea5"; + "16.09".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-80fb51e3"; + "16.09".ap-southeast-1.x86_64-linux.hvm-s3 = "ami-2df3594e"; + "16.09".ap-southeast-1.x86_64-linux.pv-ebs = "ami-37f05a54"; + "16.09".ap-southeast-1.x86_64-linux.pv-s3 = "ami-27f35944"; + "16.09".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-57ece834"; + "16.09".ap-southeast-2.x86_64-linux.hvm-s3 = "ami-87f4f0e4"; + "16.09".ap-southeast-2.x86_64-linux.pv-ebs = "ami-d8ede9bb"; + "16.09".ap-southeast-2.x86_64-linux.pv-s3 = "ami-a6ebefc5"; + "16.09".ca-central-1.x86_64-linux.hvm-ebs = "ami-9f863bfb"; + "16.09".ca-central-1.x86_64-linux.hvm-s3 = "ami-ea85388e"; + "16.09".ca-central-1.x86_64-linux.pv-ebs = "ami-ce8a37aa"; + "16.09".ca-central-1.x86_64-linux.pv-s3 = "ami-448a3720"; + "16.09".eu-central-1.x86_64-linux.hvm-ebs = "ami-1b884774"; + "16.09".eu-central-1.x86_64-linux.hvm-s3 = "ami-b08c43df"; + "16.09".eu-central-1.x86_64-linux.pv-ebs = "ami-888946e7"; + "16.09".eu-central-1.x86_64-linux.pv-s3 = "ami-06874869"; + "16.09".eu-west-1.x86_64-linux.hvm-ebs = "ami-1ed3e76d"; + "16.09".eu-west-1.x86_64-linux.hvm-s3 = "ami-73d1e500"; + "16.09".eu-west-1.x86_64-linux.pv-ebs = "ami-44c0f437"; + "16.09".eu-west-1.x86_64-linux.pv-s3 = "ami-f3d8ec80"; + "16.09".eu-west-2.x86_64-linux.hvm-ebs = "ami-2c9c9648"; + "16.09".eu-west-2.x86_64-linux.hvm-s3 = "ami-6b9e940f"; + "16.09".eu-west-2.x86_64-linux.pv-ebs = "ami-f1999395"; + "16.09".eu-west-2.x86_64-linux.pv-s3 = "ami-bb9f95df"; + "16.09".sa-east-1.x86_64-linux.hvm-ebs = "ami-a11882cd"; + "16.09".sa-east-1.x86_64-linux.hvm-s3 = "ami-7726bc1b"; + "16.09".sa-east-1.x86_64-linux.pv-ebs = "ami-9725bffb"; + "16.09".sa-east-1.x86_64-linux.pv-s3 = "ami-b027bddc"; + "16.09".us-east-1.x86_64-linux.hvm-ebs = "ami-854ca593"; + "16.09".us-east-1.x86_64-linux.hvm-s3 = "ami-2241a834"; + "16.09".us-east-1.x86_64-linux.pv-ebs = "ami-a441a8b2"; + "16.09".us-east-1.x86_64-linux.pv-s3 = "ami-e841a8fe"; + "16.09".us-east-2.x86_64-linux.hvm-ebs = "ami-3f41645a"; + "16.09".us-east-2.x86_64-linux.hvm-s3 = "ami-804065e5"; + "16.09".us-east-2.x86_64-linux.pv-ebs = "ami-f1466394"; + "16.09".us-east-2.x86_64-linux.pv-s3 = "ami-05426760"; + "16.09".us-west-1.x86_64-linux.hvm-ebs = "ami-c2efbca2"; + "16.09".us-west-1.x86_64-linux.hvm-s3 = "ami-d71042b7"; + "16.09".us-west-1.x86_64-linux.pv-ebs = "ami-04e8bb64"; + "16.09".us-west-1.x86_64-linux.pv-s3 = "ami-31e9ba51"; + "16.09".us-west-2.x86_64-linux.hvm-ebs = "ami-6449f504"; + "16.09".us-west-2.x86_64-linux.hvm-s3 = "ami-344af654"; + "16.09".us-west-2.x86_64-linux.pv-ebs = "ami-6d4af60d"; + "16.09".us-west-2.x86_64-linux.pv-s3 = "ami-de48f4be"; + + # 17.03.885.6024dd4067 + "17.03".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-dbd0f7bc"; + "17.03".ap-northeast-1.x86_64-linux.hvm-s3 = "ami-7cdff81b"; + "17.03".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-c59a48ab"; + "17.03".ap-northeast-2.x86_64-linux.hvm-s3 = "ami-0b944665"; + "17.03".ap-south-1.x86_64-linux.hvm-ebs = "ami-4f413220"; + "17.03".ap-south-1.x86_64-linux.hvm-s3 = "ami-864033e9"; + "17.03".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-e08c3383"; + "17.03".ap-southeast-1.x86_64-linux.hvm-s3 = "ami-c28f30a1"; + "17.03".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-fca9a69f"; + "17.03".ap-southeast-2.x86_64-linux.hvm-s3 = "ami-3daaa55e"; + "17.03".ca-central-1.x86_64-linux.hvm-ebs = "ami-9b00bdff"; + "17.03".ca-central-1.x86_64-linux.hvm-s3 = "ami-e800bd8c"; + "17.03".eu-central-1.x86_64-linux.hvm-ebs = "ami-5450803b"; + "17.03".eu-central-1.x86_64-linux.hvm-s3 = "ami-6e2efe01"; + "17.03".eu-west-1.x86_64-linux.hvm-ebs = "ami-10754c76"; + "17.03".eu-west-1.x86_64-linux.hvm-s3 = "ami-11734a77"; + "17.03".eu-west-2.x86_64-linux.hvm-ebs = "ami-ff1d099b"; + "17.03".eu-west-2.x86_64-linux.hvm-s3 = "ami-fe1d099a"; + "17.03".sa-east-1.x86_64-linux.hvm-ebs = "ami-d95d3eb5"; + "17.03".sa-east-1.x86_64-linux.hvm-s3 = "ami-fca2c190"; + "17.03".us-east-1.x86_64-linux.hvm-ebs = "ami-0940c61f"; + "17.03".us-east-1.x86_64-linux.hvm-s3 = "ami-674fc971"; + "17.03".us-east-2.x86_64-linux.hvm-ebs = "ami-afc2e6ca"; + "17.03".us-east-2.x86_64-linux.hvm-s3 = "ami-a1cde9c4"; + "17.03".us-west-1.x86_64-linux.hvm-ebs = "ami-587b2138"; + "17.03".us-west-1.x86_64-linux.hvm-s3 = "ami-70411b10"; + "17.03".us-west-2.x86_64-linux.hvm-ebs = "ami-a93daac9"; + "17.03".us-west-2.x86_64-linux.hvm-s3 = "ami-5139ae31"; + + # 17.09.2681.59661f21be6 + "17.09".eu-west-1.x86_64-linux.hvm-ebs = "ami-a30192da"; + "17.09".eu-west-2.x86_64-linux.hvm-ebs = "ami-295a414d"; + "17.09".eu-west-3.x86_64-linux.hvm-ebs = "ami-8c0eb9f1"; + "17.09".eu-central-1.x86_64-linux.hvm-ebs = "ami-266cfe49"; + "17.09".us-east-1.x86_64-linux.hvm-ebs = "ami-40bee63a"; + "17.09".us-east-2.x86_64-linux.hvm-ebs = "ami-9d84aff8"; + "17.09".us-west-1.x86_64-linux.hvm-ebs = "ami-d14142b1"; + "17.09".us-west-2.x86_64-linux.hvm-ebs = "ami-3eb40346"; + "17.09".ca-central-1.x86_64-linux.hvm-ebs = "ami-ca8207ae"; + "17.09".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-84bccff8"; + "17.09".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-0dc5386f"; + "17.09".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-89b921ef"; + "17.09".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-179b3b79"; + "17.09".sa-east-1.x86_64-linux.hvm-ebs = "ami-4762202b"; + "17.09".ap-south-1.x86_64-linux.hvm-ebs = "ami-4e376021"; + + # 18.03.132946.1caae7247b8 + "18.03".eu-west-1.x86_64-linux.hvm-ebs = "ami-065c46ec"; + "18.03".eu-west-2.x86_64-linux.hvm-ebs = "ami-64f31903"; + "18.03".eu-west-3.x86_64-linux.hvm-ebs = "ami-5a8d3d27"; + "18.03".eu-central-1.x86_64-linux.hvm-ebs = "ami-09faf9e2"; + "18.03".us-east-1.x86_64-linux.hvm-ebs = "ami-8b3538f4"; + "18.03".us-east-2.x86_64-linux.hvm-ebs = "ami-150b3170"; + "18.03".us-west-1.x86_64-linux.hvm-ebs = "ami-ce06ebad"; + "18.03".us-west-2.x86_64-linux.hvm-ebs = "ami-586c3520"; + "18.03".ca-central-1.x86_64-linux.hvm-ebs = "ami-aca72ac8"; + "18.03".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-aa0b4d40"; + "18.03".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-d0f254b2"; + "18.03".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-456511a8"; + "18.03".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-3366d15d"; + "18.03".sa-east-1.x86_64-linux.hvm-ebs = "ami-163e1f7a"; + "18.03".ap-south-1.x86_64-linux.hvm-ebs = "ami-6a390b05"; + + # 18.09.910.c15e342304a + "18.09".eu-west-1.x86_64-linux.hvm-ebs = "ami-0f412186fb8a0ec97"; + "18.09".eu-west-2.x86_64-linux.hvm-ebs = "ami-0dada3805ce43c55e"; + "18.09".eu-west-3.x86_64-linux.hvm-ebs = "ami-074df85565f2e02e2"; + "18.09".eu-central-1.x86_64-linux.hvm-ebs = "ami-07c9b884e679df4f8"; + "18.09".us-east-1.x86_64-linux.hvm-ebs = "ami-009c9c3f1af480ff3"; + "18.09".us-east-2.x86_64-linux.hvm-ebs = "ami-08199961085ea8bc6"; + "18.09".us-west-1.x86_64-linux.hvm-ebs = "ami-07aa7f56d612ddd38"; + "18.09".us-west-2.x86_64-linux.hvm-ebs = "ami-01c84b7c368ac24d1"; + "18.09".ca-central-1.x86_64-linux.hvm-ebs = "ami-04f66113f76198f6c"; + "18.09".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-0892c7e24ebf2194f"; + "18.09".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-010730f36424b0a2c"; + "18.09".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-0cdba8e998f076547"; + "18.09".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-0400a698e6a9f4a15"; + "18.09".sa-east-1.x86_64-linux.hvm-ebs = "ami-0e4a8a47fd6db6112"; + "18.09".ap-south-1.x86_64-linux.hvm-ebs = "ami-0880a678d3f555313"; + + # 19.03.172286.8ea36d73256 + "19.03".eu-west-1.x86_64-linux.hvm-ebs = "ami-0fe40176548ff0940"; + "19.03".eu-west-2.x86_64-linux.hvm-ebs = "ami-03a40fd3a02fe95ba"; + "19.03".eu-west-3.x86_64-linux.hvm-ebs = "ami-0436f9da0f20a638e"; + "19.03".eu-central-1.x86_64-linux.hvm-ebs = "ami-0022b8ea9efde5de4"; + "19.03".us-east-1.x86_64-linux.hvm-ebs = "ami-0efc58fb70ae9a217"; + "19.03".us-east-2.x86_64-linux.hvm-ebs = "ami-0abf711b1b34da1af"; + "19.03".us-west-1.x86_64-linux.hvm-ebs = "ami-07d126e8838c40ec5"; + "19.03".us-west-2.x86_64-linux.hvm-ebs = "ami-03f8a737546e47fb0"; + "19.03".ca-central-1.x86_64-linux.hvm-ebs = "ami-03f9fd0ef2e035ede"; + "19.03".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-0cff66114c652c262"; + "19.03".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-054c73a7f8d773ea9"; + "19.03".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-00db62688900456a4"; + "19.03".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-0485cdd1a5fdd2117"; + "19.03".sa-east-1.x86_64-linux.hvm-ebs = "ami-0c6a43c6e0ad1f4e2"; + "19.03".ap-south-1.x86_64-linux.hvm-ebs = "ami-0303deb1b5890f878"; + + # 19.09.2243.84af403f54f + "19.09".eu-west-1.x86_64-linux.hvm-ebs = "ami-071082f0fa035374f"; + "19.09".eu-west-2.x86_64-linux.hvm-ebs = "ami-0d9dc33c54d1dc4c3"; + "19.09".eu-west-3.x86_64-linux.hvm-ebs = "ami-09566799591d1bfed"; + "19.09".eu-central-1.x86_64-linux.hvm-ebs = "ami-015f8efc2be419b79"; + "19.09".eu-north-1.x86_64-linux.hvm-ebs = "ami-07fc0a32d885e01ed"; + "19.09".us-east-1.x86_64-linux.hvm-ebs = "ami-03330d8b51287412f"; + "19.09".us-east-2.x86_64-linux.hvm-ebs = "ami-0518b4c84972e967f"; + "19.09".us-west-1.x86_64-linux.hvm-ebs = "ami-06ad07e61a353b4a6"; + "19.09".us-west-2.x86_64-linux.hvm-ebs = "ami-0e31e30925cf3ce4e"; + "19.09".ca-central-1.x86_64-linux.hvm-ebs = "ami-07df50fc76702a36d"; + "19.09".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-0f71ae5d4b0b78d95"; + "19.09".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-057bbf2b4bd62d210"; + "19.09".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-02a62555ca182fb5b"; + "19.09".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-0219dde0e6b7b7b93"; + "19.09".ap-south-1.x86_64-linux.hvm-ebs = "ami-066f7f2a895c821a1"; + "19.09".ap-east-1.x86_64-linux.hvm-ebs = "ami-055b2348db2827ff1"; + "19.09".sa-east-1.x86_64-linux.hvm-ebs = "ami-018aab68377227e06"; + + # 20.03.1554.94e39623a49 + "20.03".eu-west-1.x86_64-linux.hvm-ebs = "ami-02c34db5766cc7013"; + "20.03".eu-west-2.x86_64-linux.hvm-ebs = "ami-0e32bd8c7853883f1"; + "20.03".eu-west-3.x86_64-linux.hvm-ebs = "ami-061edb1356c1d69fd"; + "20.03".eu-central-1.x86_64-linux.hvm-ebs = "ami-0a1a94722dcbff94c"; + "20.03".eu-north-1.x86_64-linux.hvm-ebs = "ami-02699abfacbb6464b"; + "20.03".us-east-1.x86_64-linux.hvm-ebs = "ami-0c5e7760748b74e85"; + "20.03".us-east-2.x86_64-linux.hvm-ebs = "ami-030296bb256764655"; + "20.03".us-west-1.x86_64-linux.hvm-ebs = "ami-050be818e0266b741"; + "20.03".us-west-2.x86_64-linux.hvm-ebs = "ami-06562f78dca68eda2"; + "20.03".ca-central-1.x86_64-linux.hvm-ebs = "ami-02365684a173255c7"; + "20.03".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-0dbf353e168d155f7"; + "20.03".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-04c0f3a75f63daddd"; + "20.03".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-093d9cc49c191eb6c"; + "20.03".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-0087df91a7b6ebd45"; + "20.03".ap-south-1.x86_64-linux.hvm-ebs = "ami-0a1a6b569af04af9d"; + "20.03".ap-east-1.x86_64-linux.hvm-ebs = "ami-0d18fdd309cdefa86"; + "20.03".sa-east-1.x86_64-linux.hvm-ebs = "ami-09859378158ae971d"; + # 20.03.2351.f8248ab6d9e-aarch64-linux + "20.03".eu-west-1.aarch64-linux.hvm-ebs = "ami-0a4c46dfdfe921aab"; + "20.03".eu-west-2.aarch64-linux.hvm-ebs = "ami-0b47871912b7d36f9"; + "20.03".eu-west-3.aarch64-linux.hvm-ebs = "ami-01031e1aa505b8935"; + "20.03".eu-central-1.aarch64-linux.hvm-ebs = "ami-0bb4669de1f477fd1"; + # missing "20.03".eu-north-1.aarch64-linux.hvm-ebs = "ami-"; + "20.03".us-east-1.aarch64-linux.hvm-ebs = "ami-01d2de16a1878271c"; + "20.03".us-east-2.aarch64-linux.hvm-ebs = "ami-0eade0158b1ff49c0"; + "20.03".us-west-1.aarch64-linux.hvm-ebs = "ami-0913bf30cb9a764a4"; + "20.03".us-west-2.aarch64-linux.hvm-ebs = "ami-073449580ff8e82b5"; + "20.03".ca-central-1.aarch64-linux.hvm-ebs = "ami-050f2e923c4d703c0"; + "20.03".ap-southeast-1.aarch64-linux.hvm-ebs = "ami-0d11ef6705a9a11a7"; + "20.03".ap-southeast-2.aarch64-linux.hvm-ebs = "ami-05446a2f818cd3263"; + "20.03".ap-northeast-1.aarch64-linux.hvm-ebs = "ami-0c057f010065d2453"; + "20.03".ap-northeast-2.aarch64-linux.hvm-ebs = "ami-0e90eda7f24eb33ab"; + "20.03".ap-south-1.aarch64-linux.hvm-ebs = "ami-03ba7e9f093f568bc"; + "20.03".sa-east-1.aarch64-linux.hvm-ebs = "ami-0a8344c6ce6d0c902"; + + # 20.09.2016.19db3e5ea27 + "20.09".eu-west-1.x86_64-linux.hvm-ebs = "ami-0057cb7d614329fa2"; + "20.09".eu-west-2.x86_64-linux.hvm-ebs = "ami-0d46f16e0bb0ec8fd"; + "20.09".eu-west-3.x86_64-linux.hvm-ebs = "ami-0e8985c3ea42f87fe"; + "20.09".eu-central-1.x86_64-linux.hvm-ebs = "ami-0eed77c38432886d2"; + "20.09".eu-north-1.x86_64-linux.hvm-ebs = "ami-0be5bcadd632bea14"; + "20.09".us-east-1.x86_64-linux.hvm-ebs = "ami-0a2cce52b42daccc8"; + "20.09".us-east-2.x86_64-linux.hvm-ebs = "ami-09378bf487b07a4d8"; + "20.09".us-west-1.x86_64-linux.hvm-ebs = "ami-09b4337b2a9e77485"; + "20.09".us-west-2.x86_64-linux.hvm-ebs = "ami-081d3bb5fbee0a1ac"; + "20.09".ca-central-1.x86_64-linux.hvm-ebs = "ami-020c24c6c607e7ac7"; + "20.09".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-08f648d5db009e67d"; + "20.09".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-0be390efaccbd40f9"; + "20.09".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-0c3311601cbe8f927"; + "20.09".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-0020146701f4d56cf"; + "20.09".ap-south-1.x86_64-linux.hvm-ebs = "ami-0117e2bd876bb40d1"; + "20.09".ap-east-1.x86_64-linux.hvm-ebs = "ami-0c42f97e5b1fda92f"; + "20.09".sa-east-1.x86_64-linux.hvm-ebs = "ami-021637976b094959d"; + # 20.09.2016.19db3e5ea27-aarch64-linux + "20.09".eu-west-1.aarch64-linux.hvm-ebs = "ami-00a02608ff45ff8f9"; + "20.09".eu-west-2.aarch64-linux.hvm-ebs = "ami-0e991d0f8dca21e20"; + "20.09".eu-west-3.aarch64-linux.hvm-ebs = "ami-0d18eec4dc48c6f3b"; + "20.09".eu-central-1.aarch64-linux.hvm-ebs = "ami-01691f25d08f48c9e"; + "20.09".eu-north-1.aarch64-linux.hvm-ebs = "ami-09bb5aabe567ec6f4"; + "20.09".us-east-1.aarch64-linux.hvm-ebs = "ami-0504bd006f9eaae42"; + "20.09".us-east-2.aarch64-linux.hvm-ebs = "ami-00f0f8f2ab2d695ad"; + "20.09".us-west-1.aarch64-linux.hvm-ebs = "ami-02d147d2cb992f878"; + "20.09".us-west-2.aarch64-linux.hvm-ebs = "ami-07f40006cf4d4820e"; + "20.09".ca-central-1.aarch64-linux.hvm-ebs = "ami-0e5f563919a987894"; + "20.09".ap-southeast-1.aarch64-linux.hvm-ebs = "ami-083e35d1acecae5c1"; + "20.09".ap-southeast-2.aarch64-linux.hvm-ebs = "ami-052cdc008b245b067"; + "20.09".ap-northeast-1.aarch64-linux.hvm-ebs = "ami-05e137f373bd72c0c"; + "20.09".ap-northeast-2.aarch64-linux.hvm-ebs = "ami-020791fe4c32f851a"; + "20.09".ap-south-1.aarch64-linux.hvm-ebs = "ami-0285bb96a0f2c3955"; + "20.09".sa-east-1.aarch64-linux.hvm-ebs = "ami-0a55ab650c32be058"; + + + # 21.05.740.aa576357673 + "21.05".eu-west-1.x86_64-linux.hvm-ebs = "ami-048dbc738074a3083"; + "21.05".eu-west-2.x86_64-linux.hvm-ebs = "ami-0234cf81fec68315d"; + "21.05".eu-west-3.x86_64-linux.hvm-ebs = "ami-020e459baf709107d"; + "21.05".eu-central-1.x86_64-linux.hvm-ebs = "ami-0857d5d1309ab8b77"; + "21.05".eu-north-1.x86_64-linux.hvm-ebs = "ami-05403e3ae53d3716f"; + "21.05".us-east-1.x86_64-linux.hvm-ebs = "ami-0d3002ba40b5b9897"; + "21.05".us-east-2.x86_64-linux.hvm-ebs = "ami-069a0ca1bde6dea52"; + "21.05".us-west-1.x86_64-linux.hvm-ebs = "ami-0b415460a84bcf9bc"; + "21.05".us-west-2.x86_64-linux.hvm-ebs = "ami-093cba49754abd7f8"; + "21.05".ca-central-1.x86_64-linux.hvm-ebs = "ami-065c13e1d52d60b33"; + "21.05".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-04f570c70ff9b665e"; + "21.05".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-02a3d1df595df5ef6"; + "21.05".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-027836fddb5c56012"; + "21.05".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-0edacd41dc7700c39"; + "21.05".ap-south-1.x86_64-linux.hvm-ebs = "ami-0b279b5bb55288059"; + "21.05".ap-east-1.x86_64-linux.hvm-ebs = "ami-06dc98082bc55c1fc"; + "21.05".sa-east-1.x86_64-linux.hvm-ebs = "ami-04737dd49b98936c6"; + + # 21.11.333823.96b4157790f-x86_64-linux + "21.11".eu-west-1.x86_64-linux.hvm-ebs = "ami-01d0304a712f2f3f0"; + "21.11".eu-west-2.x86_64-linux.hvm-ebs = "ami-00e828bfc1e5d09ac"; + "21.11".eu-west-3.x86_64-linux.hvm-ebs = "ami-0e1ea64430d8103f2"; + "21.11".eu-central-1.x86_64-linux.hvm-ebs = "ami-0fcf28c07e86142c5"; + "21.11".eu-north-1.x86_64-linux.hvm-ebs = "ami-0ee83a3c6590fd6b1"; + "21.11".us-east-1.x86_64-linux.hvm-ebs = "ami-099756bfda4540da0"; + "21.11".us-east-2.x86_64-linux.hvm-ebs = "ami-0b20a80b82052d23f"; + "21.11".us-west-1.x86_64-linux.hvm-ebs = "ami-088ea590004b01752"; + "21.11".us-west-2.x86_64-linux.hvm-ebs = "ami-0025b9d4831b911a7"; + "21.11".ca-central-1.x86_64-linux.hvm-ebs = "ami-0e67089f898e74443"; + "21.11".ap-southeast-1.x86_64-linux.hvm-ebs = "ami-0dc8d718279d3402d"; + "21.11".ap-southeast-2.x86_64-linux.hvm-ebs = "ami-0155e842329970187"; + "21.11".ap-northeast-1.x86_64-linux.hvm-ebs = "ami-07c95eda953bf5435"; + "21.11".ap-northeast-2.x86_64-linux.hvm-ebs = "ami-04167df3cd952b3bd"; + "21.11".ap-south-1.x86_64-linux.hvm-ebs = "ami-0680e05531b3db677"; + "21.11".ap-east-1.x86_64-linux.hvm-ebs = "ami-0835a3e481dc240f9"; + "21.11".sa-east-1.x86_64-linux.hvm-ebs = "ami-0f7c354c421348e51"; + + # 21.11.333823.96b4157790f-aarch64-linux + "21.11".eu-west-1.aarch64-linux.hvm-ebs = "ami-048f3eea6a12c4b3b"; + "21.11".eu-west-2.aarch64-linux.hvm-ebs = "ami-0e6f18f2009806add"; + "21.11".eu-west-3.aarch64-linux.hvm-ebs = "ami-0a28d593f5e938d80"; + "21.11".eu-central-1.aarch64-linux.hvm-ebs = "ami-0b9c95d926ab9474c"; + "21.11".eu-north-1.aarch64-linux.hvm-ebs = "ami-0f2d400b4a2368a1a"; + "21.11".us-east-1.aarch64-linux.hvm-ebs = "ami-05afb75585567d386"; + "21.11".us-east-2.aarch64-linux.hvm-ebs = "ami-07f360673c2fccf8d"; + "21.11".us-west-1.aarch64-linux.hvm-ebs = "ami-0a6892c61d85774db"; + "21.11".us-west-2.aarch64-linux.hvm-ebs = "ami-04eaf20283432e852"; + "21.11".ca-central-1.aarch64-linux.hvm-ebs = "ami-036b69828502e7fdf"; + "21.11".ap-southeast-1.aarch64-linux.hvm-ebs = "ami-0d52e51e68b6954ef"; + "21.11".ap-southeast-2.aarch64-linux.hvm-ebs = "ami-000a3019e003f4fb9"; + "21.11".ap-northeast-1.aarch64-linux.hvm-ebs = "ami-09b0c7928780e25b6"; + "21.11".ap-northeast-2.aarch64-linux.hvm-ebs = "ami-05f80f3c83083ff62"; + "21.11".ap-south-1.aarch64-linux.hvm-ebs = "ami-05b2a3ff8489c3f59"; + "21.11".ap-east-1.aarch64-linux.hvm-ebs = "ami-0aa3b50a4f2822a00"; + "21.11".sa-east-1.aarch64-linux.hvm-ebs = "ami-00f68eff453d3fe69"; + + latest = self."21.11"; +}; in self diff --git a/nixos/modules/virtualisation/ec2-amis.nix b/nixos/modules/virtualisation/ec2-amis.nix index d38f41ab39d72..1ffb326ba7a87 100644 --- a/nixos/modules/virtualisation/ec2-amis.nix +++ b/nixos/modules/virtualisation/ec2-amis.nix @@ -1,371 +1,9 @@ -let self = { - "14.04".ap-northeast-1.hvm-ebs = "ami-71c6f470"; - "14.04".ap-northeast-1.pv-ebs = "ami-4dcbf84c"; - "14.04".ap-northeast-1.pv-s3 = "ami-8fc4f68e"; - "14.04".ap-southeast-1.hvm-ebs = "ami-da280888"; - "14.04".ap-southeast-1.pv-ebs = "ami-7a9dbc28"; - "14.04".ap-southeast-1.pv-s3 = "ami-c4290996"; - "14.04".ap-southeast-2.hvm-ebs = "ami-ab523e91"; - "14.04".ap-southeast-2.pv-ebs = "ami-6769055d"; - "14.04".ap-southeast-2.pv-s3 = "ami-15533f2f"; - "14.04".eu-central-1.hvm-ebs = "ami-ba0234a7"; - "14.04".eu-west-1.hvm-ebs = "ami-96cb63e1"; - "14.04".eu-west-1.pv-ebs = "ami-b48c25c3"; - "14.04".eu-west-1.pv-s3 = "ami-06cd6571"; - "14.04".sa-east-1.hvm-ebs = "ami-01b90e1c"; - "14.04".sa-east-1.pv-ebs = "ami-69e35474"; - "14.04".sa-east-1.pv-s3 = "ami-61b90e7c"; - "14.04".us-east-1.hvm-ebs = "ami-58ba3a30"; - "14.04".us-east-1.pv-ebs = "ami-9e0583f6"; - "14.04".us-east-1.pv-s3 = "ami-9cbe3ef4"; - "14.04".us-west-1.hvm-ebs = "ami-0bc3d74e"; - "14.04".us-west-1.pv-ebs = "ami-8b1703ce"; - "14.04".us-west-1.pv-s3 = "ami-27ccd862"; - "14.04".us-west-2.hvm-ebs = "ami-3bf1bf0b"; - "14.04".us-west-2.pv-ebs = "ami-259bd515"; - "14.04".us-west-2.pv-s3 = "ami-07094037"; - - "14.12".ap-northeast-1.hvm-ebs = "ami-24435f25"; - "14.12".ap-northeast-1.pv-ebs = "ami-b0425eb1"; - "14.12".ap-northeast-1.pv-s3 = "ami-fed3c6ff"; - "14.12".ap-southeast-1.hvm-ebs = "ami-6c765d3e"; - "14.12".ap-southeast-1.pv-ebs = "ami-6a765d38"; - "14.12".ap-southeast-1.pv-s3 = "ami-d1bf9183"; - "14.12".ap-southeast-2.hvm-ebs = "ami-af86f395"; - "14.12".ap-southeast-2.pv-ebs = "ami-b386f389"; - "14.12".ap-southeast-2.pv-s3 = "ami-69c5ae53"; - "14.12".eu-central-1.hvm-ebs = "ami-4a497a57"; - "14.12".eu-central-1.pv-ebs = "ami-4c497a51"; - "14.12".eu-central-1.pv-s3 = "ami-60f2c27d"; - "14.12".eu-west-1.hvm-ebs = "ami-d126a5a6"; - "14.12".eu-west-1.pv-ebs = "ami-0126a576"; - "14.12".eu-west-1.pv-s3 = "ami-deda5fa9"; - "14.12".sa-east-1.hvm-ebs = "ami-2d239e30"; - "14.12".sa-east-1.pv-ebs = "ami-35239e28"; - "14.12".sa-east-1.pv-s3 = "ami-81e3519c"; - "14.12".us-east-1.hvm-ebs = "ami-0c463a64"; - "14.12".us-east-1.pv-ebs = "ami-ac473bc4"; - "14.12".us-east-1.pv-s3 = "ami-00e18a68"; - "14.12".us-west-1.hvm-ebs = "ami-ca534a8f"; - "14.12".us-west-1.pv-ebs = "ami-3e534a7b"; - "14.12".us-west-1.pv-s3 = "ami-2905196c"; - "14.12".us-west-2.hvm-ebs = "ami-fb9dc3cb"; - "14.12".us-west-2.pv-ebs = "ami-899dc3b9"; - "14.12".us-west-2.pv-s3 = "ami-cb7f2dfb"; - - "15.09".ap-northeast-1.hvm-ebs = "ami-58cac236"; - "15.09".ap-northeast-1.hvm-s3 = "ami-39c8c057"; - "15.09".ap-northeast-1.pv-ebs = "ami-5ac9c134"; - "15.09".ap-northeast-1.pv-s3 = "ami-03cec66d"; - "15.09".ap-southeast-1.hvm-ebs = "ami-2fc2094c"; - "15.09".ap-southeast-1.hvm-s3 = "ami-9ec308fd"; - "15.09".ap-southeast-1.pv-ebs = "ami-95c00bf6"; - "15.09".ap-southeast-1.pv-s3 = "ami-bfc00bdc"; - "15.09".ap-southeast-2.hvm-ebs = "ami-996c4cfa"; - "15.09".ap-southeast-2.hvm-s3 = "ami-3f6e4e5c"; - "15.09".ap-southeast-2.pv-ebs = "ami-066d4d65"; - "15.09".ap-southeast-2.pv-s3 = "ami-cc6e4eaf"; - "15.09".eu-central-1.hvm-ebs = "ami-3f8c6b50"; - "15.09".eu-central-1.hvm-s3 = "ami-5b836434"; - "15.09".eu-central-1.pv-ebs = "ami-118c6b7e"; - "15.09".eu-central-1.pv-s3 = "ami-2c977043"; - "15.09".eu-west-1.hvm-ebs = "ami-9cf04aef"; - "15.09".eu-west-1.hvm-s3 = "ami-2bea5058"; - "15.09".eu-west-1.pv-ebs = "ami-c9e852ba"; - "15.09".eu-west-1.pv-s3 = "ami-c6f64cb5"; - "15.09".sa-east-1.hvm-ebs = "ami-6e52df02"; - "15.09".sa-east-1.hvm-s3 = "ami-1852df74"; - "15.09".sa-east-1.pv-ebs = "ami-4368e52f"; - "15.09".sa-east-1.pv-s3 = "ami-f15ad79d"; - "15.09".us-east-1.hvm-ebs = "ami-84a6a0ee"; - "15.09".us-east-1.hvm-s3 = "ami-06a7a16c"; - "15.09".us-east-1.pv-ebs = "ami-a4a1a7ce"; - "15.09".us-east-1.pv-s3 = "ami-5ba8ae31"; - "15.09".us-west-1.hvm-ebs = "ami-22c8bb42"; - "15.09".us-west-1.hvm-s3 = "ami-a2ccbfc2"; - "15.09".us-west-1.pv-ebs = "ami-10cebd70"; - "15.09".us-west-1.pv-s3 = "ami-fa30429a"; - "15.09".us-west-2.hvm-ebs = "ami-ce57b9ae"; - "15.09".us-west-2.hvm-s3 = "ami-2956b849"; - "15.09".us-west-2.pv-ebs = "ami-005fb160"; - "15.09".us-west-2.pv-s3 = "ami-cd55bbad"; - - "16.03".ap-northeast-1.hvm-ebs = "ami-40619d21"; - "16.03".ap-northeast-1.hvm-s3 = "ami-ce629eaf"; - "16.03".ap-northeast-1.pv-ebs = "ami-ef639f8e"; - "16.03".ap-northeast-1.pv-s3 = "ami-a1609cc0"; - "16.03".ap-northeast-2.hvm-ebs = "ami-deca00b0"; - "16.03".ap-northeast-2.hvm-s3 = "ami-a3b77dcd"; - "16.03".ap-northeast-2.pv-ebs = "ami-7bcb0115"; - "16.03".ap-northeast-2.pv-s3 = "ami-a2b77dcc"; - "16.03".ap-south-1.hvm-ebs = "ami-0dff9562"; - "16.03".ap-south-1.hvm-s3 = "ami-13f69c7c"; - "16.03".ap-south-1.pv-ebs = "ami-0ef39961"; - "16.03".ap-south-1.pv-s3 = "ami-e0c8a28f"; - "16.03".ap-southeast-1.hvm-ebs = "ami-5e964a3d"; - "16.03".ap-southeast-1.hvm-s3 = "ami-4d964a2e"; - "16.03".ap-southeast-1.pv-ebs = "ami-ec9b478f"; - "16.03".ap-southeast-1.pv-s3 = "ami-999b47fa"; - "16.03".ap-southeast-2.hvm-ebs = "ami-9f7359fc"; - "16.03".ap-southeast-2.hvm-s3 = "ami-987359fb"; - "16.03".ap-southeast-2.pv-ebs = "ami-a2705ac1"; - "16.03".ap-southeast-2.pv-s3 = "ami-a3705ac0"; - "16.03".eu-central-1.hvm-ebs = "ami-17a45178"; - "16.03".eu-central-1.hvm-s3 = "ami-f9a55096"; - "16.03".eu-central-1.pv-ebs = "ami-c8a550a7"; - "16.03".eu-central-1.pv-s3 = "ami-6ea45101"; - "16.03".eu-west-1.hvm-ebs = "ami-b5b3d5c6"; - "16.03".eu-west-1.hvm-s3 = "ami-c986e0ba"; - "16.03".eu-west-1.pv-ebs = "ami-b083e5c3"; - "16.03".eu-west-1.pv-s3 = "ami-3c83e54f"; - "16.03".sa-east-1.hvm-ebs = "ami-f6eb7f9a"; - "16.03".sa-east-1.hvm-s3 = "ami-93e773ff"; - "16.03".sa-east-1.pv-ebs = "ami-cbb82ca7"; - "16.03".sa-east-1.pv-s3 = "ami-abb82cc7"; - "16.03".us-east-1.hvm-ebs = "ami-c123a3d6"; - "16.03".us-east-1.hvm-s3 = "ami-bc25a5ab"; - "16.03".us-east-1.pv-ebs = "ami-bd25a5aa"; - "16.03".us-east-1.pv-s3 = "ami-a325a5b4"; - "16.03".us-west-1.hvm-ebs = "ami-748bcd14"; - "16.03".us-west-1.hvm-s3 = "ami-a68dcbc6"; - "16.03".us-west-1.pv-ebs = "ami-048acc64"; - "16.03".us-west-1.pv-s3 = "ami-208dcb40"; - "16.03".us-west-2.hvm-ebs = "ami-8263a0e2"; - "16.03".us-west-2.hvm-s3 = "ami-925c9ff2"; - "16.03".us-west-2.pv-ebs = "ami-5e61a23e"; - "16.03".us-west-2.pv-s3 = "ami-734c8f13"; - - # 16.09.1508.3909827 - "16.09".ap-northeast-1.hvm-ebs = "ami-68453b0f"; - "16.09".ap-northeast-1.hvm-s3 = "ami-f9bec09e"; - "16.09".ap-northeast-1.pv-ebs = "ami-254a3442"; - "16.09".ap-northeast-1.pv-s3 = "ami-ef473988"; - "16.09".ap-northeast-2.hvm-ebs = "ami-18ae7f76"; - "16.09".ap-northeast-2.hvm-s3 = "ami-9eac7df0"; - "16.09".ap-northeast-2.pv-ebs = "ami-57aa7b39"; - "16.09".ap-northeast-2.pv-s3 = "ami-5cae7f32"; - "16.09".ap-south-1.hvm-ebs = "ami-b3f98fdc"; - "16.09".ap-south-1.hvm-s3 = "ami-98e690f7"; - "16.09".ap-south-1.pv-ebs = "ami-aef98fc1"; - "16.09".ap-south-1.pv-s3 = "ami-caf88ea5"; - "16.09".ap-southeast-1.hvm-ebs = "ami-80fb51e3"; - "16.09".ap-southeast-1.hvm-s3 = "ami-2df3594e"; - "16.09".ap-southeast-1.pv-ebs = "ami-37f05a54"; - "16.09".ap-southeast-1.pv-s3 = "ami-27f35944"; - "16.09".ap-southeast-2.hvm-ebs = "ami-57ece834"; - "16.09".ap-southeast-2.hvm-s3 = "ami-87f4f0e4"; - "16.09".ap-southeast-2.pv-ebs = "ami-d8ede9bb"; - "16.09".ap-southeast-2.pv-s3 = "ami-a6ebefc5"; - "16.09".ca-central-1.hvm-ebs = "ami-9f863bfb"; - "16.09".ca-central-1.hvm-s3 = "ami-ea85388e"; - "16.09".ca-central-1.pv-ebs = "ami-ce8a37aa"; - "16.09".ca-central-1.pv-s3 = "ami-448a3720"; - "16.09".eu-central-1.hvm-ebs = "ami-1b884774"; - "16.09".eu-central-1.hvm-s3 = "ami-b08c43df"; - "16.09".eu-central-1.pv-ebs = "ami-888946e7"; - "16.09".eu-central-1.pv-s3 = "ami-06874869"; - "16.09".eu-west-1.hvm-ebs = "ami-1ed3e76d"; - "16.09".eu-west-1.hvm-s3 = "ami-73d1e500"; - "16.09".eu-west-1.pv-ebs = "ami-44c0f437"; - "16.09".eu-west-1.pv-s3 = "ami-f3d8ec80"; - "16.09".eu-west-2.hvm-ebs = "ami-2c9c9648"; - "16.09".eu-west-2.hvm-s3 = "ami-6b9e940f"; - "16.09".eu-west-2.pv-ebs = "ami-f1999395"; - "16.09".eu-west-2.pv-s3 = "ami-bb9f95df"; - "16.09".sa-east-1.hvm-ebs = "ami-a11882cd"; - "16.09".sa-east-1.hvm-s3 = "ami-7726bc1b"; - "16.09".sa-east-1.pv-ebs = "ami-9725bffb"; - "16.09".sa-east-1.pv-s3 = "ami-b027bddc"; - "16.09".us-east-1.hvm-ebs = "ami-854ca593"; - "16.09".us-east-1.hvm-s3 = "ami-2241a834"; - "16.09".us-east-1.pv-ebs = "ami-a441a8b2"; - "16.09".us-east-1.pv-s3 = "ami-e841a8fe"; - "16.09".us-east-2.hvm-ebs = "ami-3f41645a"; - "16.09".us-east-2.hvm-s3 = "ami-804065e5"; - "16.09".us-east-2.pv-ebs = "ami-f1466394"; - "16.09".us-east-2.pv-s3 = "ami-05426760"; - "16.09".us-west-1.hvm-ebs = "ami-c2efbca2"; - "16.09".us-west-1.hvm-s3 = "ami-d71042b7"; - "16.09".us-west-1.pv-ebs = "ami-04e8bb64"; - "16.09".us-west-1.pv-s3 = "ami-31e9ba51"; - "16.09".us-west-2.hvm-ebs = "ami-6449f504"; - "16.09".us-west-2.hvm-s3 = "ami-344af654"; - "16.09".us-west-2.pv-ebs = "ami-6d4af60d"; - "16.09".us-west-2.pv-s3 = "ami-de48f4be"; - - # 17.03.885.6024dd4067 - "17.03".ap-northeast-1.hvm-ebs = "ami-dbd0f7bc"; - "17.03".ap-northeast-1.hvm-s3 = "ami-7cdff81b"; - "17.03".ap-northeast-2.hvm-ebs = "ami-c59a48ab"; - "17.03".ap-northeast-2.hvm-s3 = "ami-0b944665"; - "17.03".ap-south-1.hvm-ebs = "ami-4f413220"; - "17.03".ap-south-1.hvm-s3 = "ami-864033e9"; - "17.03".ap-southeast-1.hvm-ebs = "ami-e08c3383"; - "17.03".ap-southeast-1.hvm-s3 = "ami-c28f30a1"; - "17.03".ap-southeast-2.hvm-ebs = "ami-fca9a69f"; - "17.03".ap-southeast-2.hvm-s3 = "ami-3daaa55e"; - "17.03".ca-central-1.hvm-ebs = "ami-9b00bdff"; - "17.03".ca-central-1.hvm-s3 = "ami-e800bd8c"; - "17.03".eu-central-1.hvm-ebs = "ami-5450803b"; - "17.03".eu-central-1.hvm-s3 = "ami-6e2efe01"; - "17.03".eu-west-1.hvm-ebs = "ami-10754c76"; - "17.03".eu-west-1.hvm-s3 = "ami-11734a77"; - "17.03".eu-west-2.hvm-ebs = "ami-ff1d099b"; - "17.03".eu-west-2.hvm-s3 = "ami-fe1d099a"; - "17.03".sa-east-1.hvm-ebs = "ami-d95d3eb5"; - "17.03".sa-east-1.hvm-s3 = "ami-fca2c190"; - "17.03".us-east-1.hvm-ebs = "ami-0940c61f"; - "17.03".us-east-1.hvm-s3 = "ami-674fc971"; - "17.03".us-east-2.hvm-ebs = "ami-afc2e6ca"; - "17.03".us-east-2.hvm-s3 = "ami-a1cde9c4"; - "17.03".us-west-1.hvm-ebs = "ami-587b2138"; - "17.03".us-west-1.hvm-s3 = "ami-70411b10"; - "17.03".us-west-2.hvm-ebs = "ami-a93daac9"; - "17.03".us-west-2.hvm-s3 = "ami-5139ae31"; - - # 17.09.2681.59661f21be6 - "17.09".eu-west-1.hvm-ebs = "ami-a30192da"; - "17.09".eu-west-2.hvm-ebs = "ami-295a414d"; - "17.09".eu-west-3.hvm-ebs = "ami-8c0eb9f1"; - "17.09".eu-central-1.hvm-ebs = "ami-266cfe49"; - "17.09".us-east-1.hvm-ebs = "ami-40bee63a"; - "17.09".us-east-2.hvm-ebs = "ami-9d84aff8"; - "17.09".us-west-1.hvm-ebs = "ami-d14142b1"; - "17.09".us-west-2.hvm-ebs = "ami-3eb40346"; - "17.09".ca-central-1.hvm-ebs = "ami-ca8207ae"; - "17.09".ap-southeast-1.hvm-ebs = "ami-84bccff8"; - "17.09".ap-southeast-2.hvm-ebs = "ami-0dc5386f"; - "17.09".ap-northeast-1.hvm-ebs = "ami-89b921ef"; - "17.09".ap-northeast-2.hvm-ebs = "ami-179b3b79"; - "17.09".sa-east-1.hvm-ebs = "ami-4762202b"; - "17.09".ap-south-1.hvm-ebs = "ami-4e376021"; - - # 18.03.132946.1caae7247b8 - "18.03".eu-west-1.hvm-ebs = "ami-065c46ec"; - "18.03".eu-west-2.hvm-ebs = "ami-64f31903"; - "18.03".eu-west-3.hvm-ebs = "ami-5a8d3d27"; - "18.03".eu-central-1.hvm-ebs = "ami-09faf9e2"; - "18.03".us-east-1.hvm-ebs = "ami-8b3538f4"; - "18.03".us-east-2.hvm-ebs = "ami-150b3170"; - "18.03".us-west-1.hvm-ebs = "ami-ce06ebad"; - "18.03".us-west-2.hvm-ebs = "ami-586c3520"; - "18.03".ca-central-1.hvm-ebs = "ami-aca72ac8"; - "18.03".ap-southeast-1.hvm-ebs = "ami-aa0b4d40"; - "18.03".ap-southeast-2.hvm-ebs = "ami-d0f254b2"; - "18.03".ap-northeast-1.hvm-ebs = "ami-456511a8"; - "18.03".ap-northeast-2.hvm-ebs = "ami-3366d15d"; - "18.03".sa-east-1.hvm-ebs = "ami-163e1f7a"; - "18.03".ap-south-1.hvm-ebs = "ami-6a390b05"; - - # 18.09.910.c15e342304a - "18.09".eu-west-1.hvm-ebs = "ami-0f412186fb8a0ec97"; - "18.09".eu-west-2.hvm-ebs = "ami-0dada3805ce43c55e"; - "18.09".eu-west-3.hvm-ebs = "ami-074df85565f2e02e2"; - "18.09".eu-central-1.hvm-ebs = "ami-07c9b884e679df4f8"; - "18.09".us-east-1.hvm-ebs = "ami-009c9c3f1af480ff3"; - "18.09".us-east-2.hvm-ebs = "ami-08199961085ea8bc6"; - "18.09".us-west-1.hvm-ebs = "ami-07aa7f56d612ddd38"; - "18.09".us-west-2.hvm-ebs = "ami-01c84b7c368ac24d1"; - "18.09".ca-central-1.hvm-ebs = "ami-04f66113f76198f6c"; - "18.09".ap-southeast-1.hvm-ebs = "ami-0892c7e24ebf2194f"; - "18.09".ap-southeast-2.hvm-ebs = "ami-010730f36424b0a2c"; - "18.09".ap-northeast-1.hvm-ebs = "ami-0cdba8e998f076547"; - "18.09".ap-northeast-2.hvm-ebs = "ami-0400a698e6a9f4a15"; - "18.09".sa-east-1.hvm-ebs = "ami-0e4a8a47fd6db6112"; - "18.09".ap-south-1.hvm-ebs = "ami-0880a678d3f555313"; - - # 19.03.172286.8ea36d73256 - "19.03".eu-west-1.hvm-ebs = "ami-0fe40176548ff0940"; - "19.03".eu-west-2.hvm-ebs = "ami-03a40fd3a02fe95ba"; - "19.03".eu-west-3.hvm-ebs = "ami-0436f9da0f20a638e"; - "19.03".eu-central-1.hvm-ebs = "ami-0022b8ea9efde5de4"; - "19.03".us-east-1.hvm-ebs = "ami-0efc58fb70ae9a217"; - "19.03".us-east-2.hvm-ebs = "ami-0abf711b1b34da1af"; - "19.03".us-west-1.hvm-ebs = "ami-07d126e8838c40ec5"; - "19.03".us-west-2.hvm-ebs = "ami-03f8a737546e47fb0"; - "19.03".ca-central-1.hvm-ebs = "ami-03f9fd0ef2e035ede"; - "19.03".ap-southeast-1.hvm-ebs = "ami-0cff66114c652c262"; - "19.03".ap-southeast-2.hvm-ebs = "ami-054c73a7f8d773ea9"; - "19.03".ap-northeast-1.hvm-ebs = "ami-00db62688900456a4"; - "19.03".ap-northeast-2.hvm-ebs = "ami-0485cdd1a5fdd2117"; - "19.03".sa-east-1.hvm-ebs = "ami-0c6a43c6e0ad1f4e2"; - "19.03".ap-south-1.hvm-ebs = "ami-0303deb1b5890f878"; - - # 19.09.2243.84af403f54f - "19.09".eu-west-1.hvm-ebs = "ami-071082f0fa035374f"; - "19.09".eu-west-2.hvm-ebs = "ami-0d9dc33c54d1dc4c3"; - "19.09".eu-west-3.hvm-ebs = "ami-09566799591d1bfed"; - "19.09".eu-central-1.hvm-ebs = "ami-015f8efc2be419b79"; - "19.09".eu-north-1.hvm-ebs = "ami-07fc0a32d885e01ed"; - "19.09".us-east-1.hvm-ebs = "ami-03330d8b51287412f"; - "19.09".us-east-2.hvm-ebs = "ami-0518b4c84972e967f"; - "19.09".us-west-1.hvm-ebs = "ami-06ad07e61a353b4a6"; - "19.09".us-west-2.hvm-ebs = "ami-0e31e30925cf3ce4e"; - "19.09".ca-central-1.hvm-ebs = "ami-07df50fc76702a36d"; - "19.09".ap-southeast-1.hvm-ebs = "ami-0f71ae5d4b0b78d95"; - "19.09".ap-southeast-2.hvm-ebs = "ami-057bbf2b4bd62d210"; - "19.09".ap-northeast-1.hvm-ebs = "ami-02a62555ca182fb5b"; - "19.09".ap-northeast-2.hvm-ebs = "ami-0219dde0e6b7b7b93"; - "19.09".ap-south-1.hvm-ebs = "ami-066f7f2a895c821a1"; - "19.09".ap-east-1.hvm-ebs = "ami-055b2348db2827ff1"; - "19.09".sa-east-1.hvm-ebs = "ami-018aab68377227e06"; - - # 20.03.1554.94e39623a49 - "20.03".eu-west-1.hvm-ebs = "ami-02c34db5766cc7013"; - "20.03".eu-west-2.hvm-ebs = "ami-0e32bd8c7853883f1"; - "20.03".eu-west-3.hvm-ebs = "ami-061edb1356c1d69fd"; - "20.03".eu-central-1.hvm-ebs = "ami-0a1a94722dcbff94c"; - "20.03".eu-north-1.hvm-ebs = "ami-02699abfacbb6464b"; - "20.03".us-east-1.hvm-ebs = "ami-0c5e7760748b74e85"; - "20.03".us-east-2.hvm-ebs = "ami-030296bb256764655"; - "20.03".us-west-1.hvm-ebs = "ami-050be818e0266b741"; - "20.03".us-west-2.hvm-ebs = "ami-06562f78dca68eda2"; - "20.03".ca-central-1.hvm-ebs = "ami-02365684a173255c7"; - "20.03".ap-southeast-1.hvm-ebs = "ami-0dbf353e168d155f7"; - "20.03".ap-southeast-2.hvm-ebs = "ami-04c0f3a75f63daddd"; - "20.03".ap-northeast-1.hvm-ebs = "ami-093d9cc49c191eb6c"; - "20.03".ap-northeast-2.hvm-ebs = "ami-0087df91a7b6ebd45"; - "20.03".ap-south-1.hvm-ebs = "ami-0a1a6b569af04af9d"; - "20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86"; - "20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d"; - - # 20.09.2016.19db3e5ea27 - "20.09".eu-west-1.hvm-ebs = "ami-0057cb7d614329fa2"; - "20.09".eu-west-2.hvm-ebs = "ami-0d46f16e0bb0ec8fd"; - "20.09".eu-west-3.hvm-ebs = "ami-0e8985c3ea42f87fe"; - "20.09".eu-central-1.hvm-ebs = "ami-0eed77c38432886d2"; - "20.09".eu-north-1.hvm-ebs = "ami-0be5bcadd632bea14"; - "20.09".us-east-1.hvm-ebs = "ami-0a2cce52b42daccc8"; - "20.09".us-east-2.hvm-ebs = "ami-09378bf487b07a4d8"; - "20.09".us-west-1.hvm-ebs = "ami-09b4337b2a9e77485"; - "20.09".us-west-2.hvm-ebs = "ami-081d3bb5fbee0a1ac"; - "20.09".ca-central-1.hvm-ebs = "ami-020c24c6c607e7ac7"; - "20.09".ap-southeast-1.hvm-ebs = "ami-08f648d5db009e67d"; - "20.09".ap-southeast-2.hvm-ebs = "ami-0be390efaccbd40f9"; - "20.09".ap-northeast-1.hvm-ebs = "ami-0c3311601cbe8f927"; - "20.09".ap-northeast-2.hvm-ebs = "ami-0020146701f4d56cf"; - "20.09".ap-south-1.hvm-ebs = "ami-0117e2bd876bb40d1"; - "20.09".ap-east-1.hvm-ebs = "ami-0c42f97e5b1fda92f"; - "20.09".sa-east-1.hvm-ebs = "ami-021637976b094959d"; - - # 21.05.740.aa576357673 - "21.05".eu-west-1.hvm-ebs = "ami-048dbc738074a3083"; - "21.05".eu-west-2.hvm-ebs = "ami-0234cf81fec68315d"; - "21.05".eu-west-3.hvm-ebs = "ami-020e459baf709107d"; - "21.05".eu-central-1.hvm-ebs = "ami-0857d5d1309ab8b77"; - "21.05".eu-north-1.hvm-ebs = "ami-05403e3ae53d3716f"; - "21.05".us-east-1.hvm-ebs = "ami-0d3002ba40b5b9897"; - "21.05".us-east-2.hvm-ebs = "ami-069a0ca1bde6dea52"; - "21.05".us-west-1.hvm-ebs = "ami-0b415460a84bcf9bc"; - "21.05".us-west-2.hvm-ebs = "ami-093cba49754abd7f8"; - "21.05".ca-central-1.hvm-ebs = "ami-065c13e1d52d60b33"; - "21.05".ap-southeast-1.hvm-ebs = "ami-04f570c70ff9b665e"; - "21.05".ap-southeast-2.hvm-ebs = "ami-02a3d1df595df5ef6"; - "21.05".ap-northeast-1.hvm-ebs = "ami-027836fddb5c56012"; - "21.05".ap-northeast-2.hvm-ebs = "ami-0edacd41dc7700c39"; - "21.05".ap-south-1.hvm-ebs = "ami-0b279b5bb55288059"; - "21.05".ap-east-1.hvm-ebs = "ami-06dc98082bc55c1fc"; - "21.05".sa-east-1.hvm-ebs = "ami-04737dd49b98936c6"; - - latest = self."21.05"; -}; in self +# Compatibility shim +let + lib = import ../../../lib; + inherit (lib) mapAttrs; + everything = import ./amazon-ec2-amis.nix; + doAllVersions = mapAttrs (versionName: doRegion); + doRegion = mapAttrs (regionName: systems: systems.x86_64-linux); +in + doAllVersions everything diff --git a/nixos/modules/virtualisation/waydroid.nix b/nixos/modules/virtualisation/waydroid.nix index 854ab056dbb84..4fc798ff39f89 100644 --- a/nixos/modules/virtualisation/waydroid.nix +++ b/nixos/modules/virtualisation/waydroid.nix @@ -18,7 +18,8 @@ let /dev/hwbinder = hidl ''; -in { +in +{ options.virtualisation.waydroid = { enable = mkEnableOption "Waydroid"; @@ -36,6 +37,12 @@ in { (isEnabled "ASHMEM") ]; + /* NOTE: we always enable this flag even if CONFIG_PSI_DEFAULT_DISABLED is not on + as reading the kernel config is not always possible and on kernels where it's + already on it will be no-op + */ + boot.kernelParams = [ "psi=1" ]; + environment.etc."gbinder.d/waydroid.conf".source = waydroidGbinderConf; environment.systemPackages = with pkgs; [ waydroid ]; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index e2b9c868bc85d..1ff1b8d586422 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -315,8 +315,8 @@ in nginx-sso = handleTest ./nginx-sso.nix {}; nginx-variants = handleTest ./nginx-variants.nix {}; nitter = handleTest ./nitter.nix {}; - nix-serve = handleTest ./nix-ssh-serve.nix {}; - nix-ssh-serve = handleTest ./nix-ssh-serve.nix {}; + nix-serve = handleTest ./nix-serve.nix {}; + nix-serve-ssh = handleTest ./nix-serve-ssh.nix {}; nixops = handleTest ./nixops/default.nix {}; nixos-generate-config = handleTest ./nixos-generate-config.nix {}; node-red = handleTest ./node-red.nix {}; @@ -432,6 +432,7 @@ in sslh = handleTest ./sslh.nix {}; sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {}; sssd-ldap = handleTestOn ["x86_64-linux"] ./sssd-ldap.nix {}; + step-ca = handleTestOn ["x86_64-linux"] ./step-ca.nix {}; strongswan-swanctl = handleTest ./strongswan-swanctl.nix {}; sudo = handleTest ./sudo.nix {}; sway = handleTest ./sway.nix {}; diff --git a/nixos/tests/custom-ca.nix b/nixos/tests/custom-ca.nix index 0ab49f3b34306..a55449a397a7c 100644 --- a/nixos/tests/custom-ca.nix +++ b/nixos/tests/custom-ca.nix @@ -82,6 +82,9 @@ in # chromium-based browsers refuse to run as root test-support.displayManager.auto.user = "alice"; + # browsers may hang with the default memory + virtualisation.memorySize = 600; + networking.hosts."127.0.0.1" = [ "good.example.com" "bad.example.com" ]; security.pki.certificateFiles = [ "${example-good-cert}/ca.crt" ]; @@ -160,7 +163,7 @@ in browser = command.split()[0] with subtest("Good certificate is trusted in " + browser): execute_as( - "alice", f"env P11_KIT_DEBUG=trust {command} https://good.example.com & >&2" + "alice", f"{command} https://good.example.com >&2 &" ) wait_for_window_as("alice", browser) machine.wait_for_text("It works!") @@ -168,9 +171,9 @@ in execute_as("alice", "xdotool key ctrl+w") # close tab with subtest("Unknown CA is untrusted in " + browser): - execute_as("alice", f"{command} https://bad.example.com & >&2") + execute_as("alice", f"{command} https://bad.example.com >&2 &") machine.wait_for_text(error) machine.screenshot("bad" + browser) - machine.succeed("pkill " + browser) + machine.succeed("pkill -f " + browser) ''; }) diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 7110187e8d764..f3858b8bd81e8 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -276,15 +276,22 @@ import ./make-test-python.nix ({ pkgs, ... }: { # Ensure the image has the correct number of layers assert len(set_of_layers("layered-bulk-layer")) == 4 - with subtest("Ensure correct behavior when no store is needed"): + with subtest("Ensure only minimal paths are added to the store"): + # TODO: make an example that has no store paths, for example by making + # busybox non-self-referential. + # This check tests that buildLayeredImage can build images that don't need a store. docker.succeed( "docker load --input='${pkgs.dockerTools.examples.no-store-paths}'" ) - # This check may be loosened to allow an *empty* store rather than *no* store. - docker.succeed("docker run --rm no-store-paths ls /") - docker.fail("docker run --rm no-store-paths ls /nix/store") + docker.succeed("docker run --rm no-store-paths ls / >/dev/console") + + # If busybox isn't self-referential, we need this line + # docker.fail("docker run --rm no-store-paths ls /nix/store >/dev/console") + # However, it currently is self-referential, so we check that it is the + # only store path. + docker.succeed("diff <(docker run --rm no-store-paths ls /nix/store) <(basename ${pkgs.pkgsStatic.busybox}) >/dev/console") with subtest("Ensure buildLayeredImage does not change store path contents."): docker.succeed( @@ -379,6 +386,11 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" ) + with subtest("The image contains store paths referenced by the fakeRootCommands output"): + docker.succeed( + "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} /hello/bin/layeredImageWithFakeRootCommands-hello" + ) + with subtest("exportImage produces a valid tarball"): docker.succeed( "tar -tf ${examples.exportBash} | grep '\./bin/bash' > /dev/null" diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index 0894736bac9c3..1ab5755863f74 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -24,6 +24,11 @@ in { services.home-assistant = { inherit configDir; enable = true; + package = (pkgs.home-assistant.override { + extraComponents = [ "zha" ]; + }).overrideAttrs (oldAttrs: { + doInstallCheck = false; + }); config = { homeassistant = { name = "Home"; @@ -87,6 +92,8 @@ in { with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"): hass.wait_for_open_port(80) hass.succeed("curl --fail http://localhost:80/description.xml") + with subtest("Check extra components are considered in systemd unit hardening"): + hass.succeed("systemctl show -p DeviceAllow home-assistant.service | grep -q char-ttyUSB") with subtest("Print log to ease debugging"): output_log = hass.succeed("cat ${configDir}/home-assistant.log") print("\n### home-assistant.log ###\n") diff --git a/nixos/tests/nix-ssh-serve.nix b/nixos/tests/nix-serve-ssh.nix index 03f83542c7c11..1eb8d5b395b1f 100644 --- a/nixos/tests/nix-ssh-serve.nix +++ b/nixos/tests/nix-serve-ssh.nix @@ -35,7 +35,7 @@ in client.fail("diff /root/other-store$(cat mach-id-path) /etc/machine-id") # Currently due to shared store this is a noop :( - client.succeed("nix copy --to ssh-ng://nix-ssh@server $(cat mach-id-path)") + client.succeed("nix copy --experimental-features 'nix-command' --to ssh-ng://nix-ssh@server $(cat mach-id-path)") client.succeed( "nix-store --realise $(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh@server" ) diff --git a/nixos/tests/step-ca.nix b/nixos/tests/step-ca.nix new file mode 100644 index 0000000000000..b22bcb060f2bf --- /dev/null +++ b/nixos/tests/step-ca.nix @@ -0,0 +1,76 @@ +import ./make-test-python.nix ({ pkgs, ... }: + let + test-certificates = pkgs.runCommandLocal "test-certificates" { } '' + mkdir -p $out + echo insecure-root-password > $out/root-password-file + echo insecure-intermediate-password > $out/intermediate-password-file + ${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca + ${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key + ''; + in + { + nodes = + { + caserver = + { config, pkgs, ... }: { + services.step-ca = { + enable = true; + address = "0.0.0.0"; + port = 8443; + openFirewall = true; + intermediatePasswordFile = "${test-certificates}/intermediate-password-file"; + settings = { + dnsNames = [ "caserver" ]; + root = "${test-certificates}/root_ca.crt"; + crt = "${test-certificates}/intermediate_ca.crt"; + key = "${test-certificates}/intermediate_ca.key"; + db = { + type = "badger"; + dataSource = "/var/lib/step-ca/db"; + }; + authority = { + provisioners = [ + { + type = "ACME"; + name = "acme"; + } + ]; + }; + }; + }; + }; + + caclient = + { config, pkgs, ... }: { + security.acme.server = "https://caserver:8443/acme/acme/directory"; + security.acme.email = "root@example.org"; + security.acme.acceptTerms = true; + + security.pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx = { + enable = true; + virtualHosts = { + "caclient" = { + forceSSL = true; + enableACME = true; + }; + }; + }; + }; + + catester = { config, pkgs, ... }: { + security.pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + }; + }; + + testScript = + '' + catester.start() + caserver.wait_for_unit("step-ca.service") + caclient.wait_for_unit("acme-finished-caclient.target") + catester.succeed("curl https://caclient/ | grep \"Welcome to nginx!\"") + ''; + }) |