diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/loki.nix | 9 | ||||
-rw-r--r-- | nixos/modules/services/networking/rosenpass.nix | 6 | ||||
-rw-r--r-- | nixos/tests/step-ca.nix | 21 |
4 files changed, 33 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 696e9542253a4..7600cf4324078 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -226,7 +226,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> -- `k3s`: was updated to version [v1.29](https://github.com/k3s-io/k3s/releases/tag/v1.29.1%2Bk3s2), all previous versions (k3s_1_26, k3s_1_27, k3s_1_28) will be removed. See [changelog and upgrade notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes) for more information. +- `k3s`: has been updated to version [v1.30](https://github.com/k3s-io/k3s/releases/tag/v1.30.0%2Bk3s1), previous supported versions are available under release specific names (e.g. k3s_1_27, k3s_1_28, and k3s_1_29) and present to help you migrate to the latest supported version. See [changelog and upgrade notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#changelog-since-v1290) for more information. - `himalaya` was updated to v1.0.0-beta.4, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.4) for details. diff --git a/nixos/modules/services/monitoring/loki.nix b/nixos/modules/services/monitoring/loki.nix index 9af1de6aa11f9..de4f1bc7aa23e 100644 --- a/nixos/modules/services/monitoring/loki.nix +++ b/nixos/modules/services/monitoring/loki.nix @@ -97,7 +97,12 @@ in { serviceConfig = let conf = if cfg.configFile == null - then prettyJSON cfg.configuration + then + # Config validation may fail when using extraFlags = [ "-config.expand-env=true" ]. + # To work around this, we simply skip it when extraFlags is not empty. + if cfg.extraFlags == [] + then validateConfig (prettyJSON cfg.configuration) + else prettyJSON cfg.configuration else cfg.configFile; validateConfig = file: pkgs.runCommand "validate-loki-conf" { @@ -108,7 +113,7 @@ in { ''; in { - ExecStart = "${cfg.package}/bin/loki --config.file=${validateConfig conf} ${escapeShellArgs cfg.extraFlags}"; + ExecStart = "${cfg.package}/bin/loki --config.file=${conf} ${escapeShellArgs cfg.extraFlags}"; User = cfg.user; Restart = "always"; PrivateTmp = true; diff --git a/nixos/modules/services/networking/rosenpass.nix b/nixos/modules/services/networking/rosenpass.nix index 373a6c7690799..66b6f960a81ab 100644 --- a/nixos/modules/services/networking/rosenpass.nix +++ b/nixos/modules/services/networking/rosenpass.nix @@ -225,8 +225,10 @@ in # See <https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers> environment.CONFIG = "%t/${serviceConfig.RuntimeDirectory}/config.toml"; - preStart = "${getExe pkgs.envsubst} -i ${config} -o \"$CONFIG\""; - script = "rosenpass exchange-config \"$CONFIG\""; + script = '' + ${getExe pkgs.envsubst} -i ${config} -o "$CONFIG" + rosenpass exchange-config "$CONFIG" + ''; }; }; } diff --git a/nixos/tests/step-ca.nix b/nixos/tests/step-ca.nix index a855b590232dd..31ec0078e0f63 100644 --- a/nixos/tests/step-ca.nix +++ b/nixos/tests/step-ca.nix @@ -62,6 +62,24 @@ import ./make-test-python.nix ({ pkgs, ... }: }; }; + caclientcaddy = + { config, pkgs, ... }: { + security.pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.caddy = { + enable = true; + virtualHosts."caclientcaddy".extraConfig = '' + respond "Welcome to Caddy!" + + tls caddy@example.org { + ca https://caserver:8443/acme/acme/directory + } + ''; + }; + }; + catester = { config, pkgs, ... }: { security.pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; }; @@ -73,5 +91,8 @@ import ./make-test-python.nix ({ pkgs, ... }: caserver.wait_for_unit("step-ca.service") caclient.wait_for_unit("acme-finished-caclient.target") catester.succeed("curl https://caclient/ | grep \"Welcome to nginx!\"") + + caclientcaddy.wait_for_unit("caddy.service") + catester.succeed("curl https://caclientcaddy/ | grep \"Welcome to Caddy!\"") ''; }) |