Merge master into staging-next

NixOS · Aug 24, 2020 · 0a874ff · 0a874ff
2 parents 91104b5 + bc00ece
commit 0a874ff
Show file tree

Hide file tree

Showing 139 changed files with 1,639 additions and 846 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -198,6 +198,7 @@
 /nixos/modules/virtualisation/containers.nix @NixOS/podman @zowoq
 /nixos/modules/virtualisation/cri-o.nix      @NixOS/podman @zowoq
 /nixos/modules/virtualisation/podman.nix     @NixOS/podman @zowoq
+/nixos/tests/cri-o.nix                       @NixOS/podman @zowoq
 /nixos/tests/podman.nix                      @NixOS/podman @zowoq
 
 # Blockchains

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -472,6 +472,12 @@
     githubId = 858965;
     name = "Andrew Morsillo";
   };
+  andehen = {
+    email = "[email protected]";
+    github = "andehen";
+    githubId = 754494;
+    name = "Anders Asheim Hennum";
+  };
   andersk = {
     email = "[email protected]";
     github = "andersk";
@@ -3349,6 +3355,12 @@
     githubId = 131599;
     name = "Martin Weinelt";
   };
+  hh = {
+    email = "[email protected]";
+    github = "HarryMakes";
+    githubId = 66358631;
+    name = "Harry Ho";
+  };
   hhm = {
     email = "[email protected]";
     github = "hhm0";
@@ -8547,6 +8559,12 @@
     githubId = 699403;
     name = "Tomas Vestelind";
   };
+  tviti = {
+    email = "[email protected]";
+    github = "tviti";
+    githubId = 2251912;
+    name = "Taylor Viti";
+  };
   tvorog = {
     email = "[email protected]";
     github = "tvorog";
@@ -9438,4 +9456,10 @@
     github = "fzakaria";
     githubId = 605070;
   };
+  yevhenshymotiuk = {
+    name = "Yevhen Shymotiuk";
+    email = "[email protected]";
+    github = "yevhenshymotiuk";
+    githubId = 44244245;
+  };
 }
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -128,7 +128,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
    </listitem>
    <listitem>
     <para>
-      Two new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
+      The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
       has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities
       like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of
       the NixOS configuration: since this can be expensive when a large number of packages are installed, the
@@ -195,6 +195,15 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
       The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them.
      </para>
    </listitem>
+   <listitem>
+     <para>
+       The GRUB module gained support for basic password protection, which
+       allows to restrict non-default entries in the boot menu to one or more
+       users. The users and passwords are defined via the option
+       <option>boot.loader.grub.users</option>.
+       Note: Password support is only avaiable in GRUB version 2.
+     </para>
+   </listitem>
   </itemizedlist>
  </section>
 

diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix
@@ -24,11 +24,11 @@
   check ? true
 , prefix ? []
 , lib ? import ../../lib
+, extraModules ? let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
+                 in if e == "" then [] else [(import e)]
 }:
 
 let extraArgs_ = extraArgs; pkgs_ = pkgs;
-    extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
-                   in if e == "" then [] else [(import e)];
 in
 
 let

diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py
@@ -424,15 +424,18 @@ def succeed(self, *commands: str) -> str:
                 output += out
         return output
 
-    def fail(self, *commands: str) -> None:
+    def fail(self, *commands: str) -> str:
         """Execute each command and check that it fails."""
+        output = ""
         for command in commands:
             with self.nested("must fail: {}".format(command)):
-                status, output = self.execute(command)
+                (status, out) = self.execute(command)
                 if status == 0:
                     raise Exception(
                         "command `{}` unexpectedly succeeded".format(command)
                     )
+                output += out
+        return output
 
     def wait_until_succeeds(self, command: str) -> str:
         """Wait until a command returns success and return its output.

diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix
@@ -29,13 +29,15 @@ in {
 
   config = mkIf cfg.enable {
     systemd.services.ssm-agent = {
+      users.extraUsers.ssm-user = {};
+
       inherit (cfg.package.meta) description;
       after    = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
 
-      path = [ fake-lsb-release ];
+      path = [ fake-lsb-release pkgs.coreutils ];
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/agent";
+        ExecStart = "${cfg.package}/bin/amazon-ssm-agent";
         KillMode = "process";
         Restart = "on-failure";
         RestartSec = "15min";

diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix
@@ -46,7 +46,7 @@ let
   cmdlineArgs = cfg.extraFlags ++ [
     "--storage.tsdb.path=${workingDir}/data/"
     "--config.file=${prometheusYml}"
-    "--web.listen-address=${cfg.listenAddress}"
+    "--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"
     "--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"
     "--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s"
   ] ++
@@ -489,9 +489,17 @@ in {
       '';
     };
 
+    port = mkOption {
+      type = types.port;
+      default = 9090;
+      description = ''
+        Port to listen on.
+      '';
+    };
+
     listenAddress = mkOption {
       type = types.str;
-      default = "0.0.0.0:9090";
+      default = "0.0.0.0";
       description = ''
         Address to listen on for the web interface, API, and telemetry.
       '';
@@ -619,6 +627,21 @@ in {
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      ( let
+          legacy = builtins.match "(.*):(.*)" cfg.listenAddress;
+        in {
+          assertion = legacy == null;
+          message = ''
+            Do not specify the port for Prometheus to listen on in the
+            listenAddress option; use the port option instead:
+              services.prometheus.listenAddress = ${builtins.elemAt legacy 0};
+              services.prometheus.port = ${builtins.elemAt legacy 1};
+          '';
+        }
+      )
+    ];
+
     users.groups.prometheus.gid = config.ids.gids.prometheus;
     users.users.prometheus = {
       description = "Prometheus daemon user";

diff --git a/nixos/modules/virtualisation/docker-preloader.nix b/nixos/modules/virtualisation/docker-preloader.nix
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
@@ -264,7 +264,6 @@ in
 {
   imports = [
     ../profiles/qemu-guest.nix
-   ./docker-preloader.nix
   ];
 
   options = {

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
@@ -66,11 +66,13 @@ in
   containers-macvlans = handleTest ./containers-macvlans.nix {};
   containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
   containers-portforward = handleTest ./containers-portforward.nix {};
+  containers-reloadable = handleTest ./containers-reloadable.nix {};
   containers-restart_networking = handleTest ./containers-restart_networking.nix {};
   containers-tmpfs = handleTest ./containers-tmpfs.nix {};
   convos = handleTest ./convos.nix {};
   corerad = handleTest ./corerad.nix {};
   couchdb = handleTest ./couchdb.nix {};
+  cri-o = handleTestOn ["x86_64-linux"] ./cri-o.nix {};
   deluge = handleTest ./deluge.nix {};
   dhparams = handleTest ./dhparams.nix {};
   dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};
@@ -79,15 +81,13 @@ in
   docker = handleTestOn ["x86_64-linux"] ./docker.nix {};
   oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {};
   docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {};
-  docker-preloader = handleTestOn ["x86_64-linux"] ./docker-preloader.nix {};
   docker-registry = handleTest ./docker-registry.nix {};
   docker-tools = handleTestOn ["x86_64-linux"] ./docker-tools.nix {};
   docker-tools-overlay = handleTestOn ["x86_64-linux"] ./docker-tools-overlay.nix {};
   documize = handleTest ./documize.nix {};
   dokuwiki = handleTest ./dokuwiki.nix {};
   dovecot = handleTest ./dovecot.nix {};
-  # ec2-config doesn't work in a sandbox as the simulated ec2 instance needs network access
-  #ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {};
+  ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {};
   ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {};
   ecryptfs = handleTest ./ecryptfs.nix {};
   ejabberd = handleTest ./xmpp/ejabberd.nix {};