From a4bcad541efd2b1df441c70cf81f05c578c9f018 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Fri, 17 Dec 2021 15:55:13 -0800 Subject: unifi5: Follow new mitigation guidelines Simply disabling lookups isn't enough, and the JndiLookup class must be removed: https://web.archive.org/web/20211217085954/https://logging.apache.org/log4j/2.x/security.html --- nixos/modules/services/networking/unifi.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index e1908cf44d148..a683c537f05b2 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -7,7 +7,6 @@ let @${cfg.jrePackage}/bin/java java \ ${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \ ${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \ - ${optionalString (lib.versionOlder cfg.unifiPackage.version "6.5.54") "-Dlog4j2.formatMsgNoLookups=true"} \ -jar ${stateDir}/lib/ace.jar ''; in -- cgit 1.4.1 From 8bbae8e55873b31faf233cd40cf212b0b8b113c6 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Fri, 17 Dec 2021 15:55:13 -0800 Subject: unifi: Add NixOS tests --- nixos/tests/all-tests.nix | 1 + nixos/tests/unifi.nix | 35 +++++++++++++++++++++++++++++++++++ pkgs/servers/unifi/default.nix | 6 +++++- 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/unifi.nix (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5c8342f0bb7b0..80645283c872d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -485,6 +485,7 @@ in ucarp = handleTest ./ucarp.nix {}; udisks2 = handleTest ./udisks2.nix {}; unbound = handleTest ./unbound.nix {}; + unifi = handleTest ./unifi.nix {}; unit-php = handleTest ./web-servers/unit-php.nix {}; upnp = handleTest ./upnp.nix {}; usbguard = handleTest ./usbguard.nix {}; diff --git a/nixos/tests/unifi.nix b/nixos/tests/unifi.nix new file mode 100644 index 0000000000000..34284811abfb0 --- /dev/null +++ b/nixos/tests/unifi.nix @@ -0,0 +1,35 @@ +# Test UniFi controller + +{ system ? builtins.currentSystem +, config ? { allowUnfree = true; } +, pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +let + makeAppTest = unifi: makeTest { + name = "unifi-controller-${unifi.version}"; + meta = with pkgs.lib.maintainers; { + maintainers = [ zhaofengli ]; + }; + + nodes.server = { + services.unifi = { + enable = true; + unifiPackage = unifi; + openFirewall = false; + }; + }; + + testScript = '' + server.wait_for_unit("unifi.service") + server.wait_until_succeeds("curl -Lk https://localhost:8443 >&2", timeout=300) + ''; + }; +in with pkgs; { + unifiLTS = makeAppTest unifiLTS; + unifi5 = makeAppTest unifi5; + unifi6 = makeAppTest unifi6; +} diff --git a/pkgs/servers/unifi/default.nix b/pkgs/servers/unifi/default.nix index c197ca259080b..33f5044cb7640 100644 --- a/pkgs/servers/unifi/default.nix +++ b/pkgs/servers/unifi/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, dpkg, fetchurl, zip }: +{ lib, stdenv, dpkg, fetchurl, zip, nixosTests }: let generic = { version, sha256, suffix ? "", ... } @ args: @@ -28,6 +28,10 @@ let runHook postInstall ''; + passthru.tests = { + unifi = nixosTests.unifi; + }; + meta = with lib; { homepage = "http://www.ubnt.com/"; description = "Controller for Ubiquiti UniFi access points"; -- cgit 1.4.1