pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #217852 from justinas/teleport-12

teleport: 11.3.4 -> 12.0.2, reintroduce teleport_11

authored by Arian van Putten and committed by GitHub 17ca3dd2 b3c09089

+92 -42
unified split
+1 -1
nixos/doc/manual/release-notes/rl-2305.section.md
··· 105 106 - The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2. 107 108 - - `teleport` has been upgraded to major version 11. Please see upstream [upgrade instructions](https://goteleport.com/docs/setup/operations/upgrading/) and [release notes](https://goteleport.com/docs/changelog/#1100). 109 110 - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 111
··· 105 106 - The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2. 107 108 + - `teleport` has been upgraded from major version 10 to major version 12. Please see upstream [upgrade instructions](https://goteleport.com/docs/setup/operations/upgrading/) and release notes for versions [11](https://goteleport.com/docs/changelog/#1100) and [12](https://goteleport.com/docs/changelog/#1201). Note that Teleport does not officially support upgrades across more than one major version at a time. If you're running Teleport server components, it is recommended to first upgrade to an intermediate 11.x version by setting `services.teleport.package = pkgs.teleport_11`. Afterwards, this option can be removed to upgrade to the default version (12). 109 110 - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 111
+10 -2
nixos/modules/services/networking/teleport.nix
··· 11 services.teleport = with lib.types; { 12 enable = mkEnableOption (lib.mdDoc "the Teleport service"); 13 14 settings = mkOption { 15 type = settingsYaml.type; 16 default = { }; ··· 74 }; 75 76 config = mkIf config.services.teleport.enable { 77 - environment.systemPackages = [ pkgs.teleport ]; 78 79 systemd.services.teleport = { 80 wantedBy = [ "multi-user.target" ]; 81 after = [ "network.target" ]; 82 serviceConfig = { 83 ExecStart = '' 84 - ${pkgs.teleport}/bin/teleport start \ 85 ${optionalString cfg.insecure.enable "--insecure"} \ 86 ${optionalString cfg.diag.enable "--diag-addr=${cfg.diag.addr}:${toString cfg.diag.port}"} \ 87 ${optionalString (cfg.settings != { }) "--config=${settingsYaml.generate "teleport.yaml" cfg.settings}"}
··· 11 services.teleport = with lib.types; { 12 enable = mkEnableOption (lib.mdDoc "the Teleport service"); 13 14 + package = mkOption { 15 + type = types.package; 16 + default = pkgs.teleport; 17 + defaultText = lib.literalMD "pkgs.teleport"; 18 + example = lib.literalMD "pkgs.teleport_11"; 19 + description = lib.mdDoc "The teleport package to use"; 20 + }; 21 + 22 settings = mkOption { 23 type = settingsYaml.type; 24 default = { }; ··· 82 }; 83 84 config = mkIf config.services.teleport.enable { 85 + environment.systemPackages = [ cfg.package ]; 86 87 systemd.services.teleport = { 88 wantedBy = [ "multi-user.target" ]; 89 after = [ "network.target" ]; 90 serviceConfig = { 91 ExecStart = '' 92 + ${cfg.package}/bin/teleport start \ 93 ${optionalString cfg.insecure.enable "--insecure"} \ 94 ${optionalString cfg.diag.enable "--diag-addr=${cfg.diag.addr}:${toString cfg.diag.port}"} \ 95 ${optionalString (cfg.settings != { }) "--config=${settingsYaml.generate "teleport.yaml" cfg.settings}"}
+49 -33
nixos/tests/teleport.nix
··· 1 { system ? builtins.currentSystem 2 , config ? { } 3 , pkgs ? import ../.. { inherit system config; } 4 }: 5 6 with import ../lib/testing-python.nix { inherit system pkgs; }; 7 8 let 9 - minimal = { config, ... }: { 10 - services.teleport.enable = true; 11 }; 12 13 - client = { config, ... }: { 14 services.teleport = { 15 enable = true; 16 settings = { 17 teleport = { 18 nodename = "client"; ··· 37 }]; 38 }; 39 40 - server = { config, ... }: { 41 services.teleport = { 42 enable = true; 43 settings = { 44 teleport = { 45 nodename = "server"; ··· 64 }; 65 }; 66 in 67 - { 68 - minimal = makeTest { 69 - # minimal setup should always work 70 - name = "teleport-minimal-setup"; 71 - meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ]; 72 - nodes = { inherit minimal; }; 73 74 - testScript = '' 75 - minimal.wait_for_open_port(3025) 76 - minimal.wait_for_open_port(3080) 77 - minimal.wait_for_open_port(3022) 78 - ''; 79 - }; 80 81 - basic = makeTest { 82 - # basic server and client test 83 - name = "teleport-server-client"; 84 - meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ]; 85 - nodes = { inherit server client; }; 86 87 - testScript = '' 88 - with subtest("teleport ready"): 89 - server.wait_for_open_port(3025) 90 - client.wait_for_open_port(3022) 91 92 - with subtest("check applied configuration"): 93 - server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'") 94 - server.wait_for_open_port(3000) 95 - client.succeed("journalctl -u teleport.service --grep='DEBU'") 96 - server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'") 97 - ''; 98 - }; 99 - }
··· 1 { system ? builtins.currentSystem 2 , config ? { } 3 , pkgs ? import ../.. { inherit system config; } 4 + , lib ? pkgs.lib 5 }: 6 7 with import ../lib/testing-python.nix { inherit system pkgs; }; 8 9 let 10 + packages = with pkgs; { 11 + "default" = teleport; 12 + "11" = teleport_11; 13 + }; 14 + 15 + minimal = package: { 16 + services.teleport = { 17 + enable = true; 18 + inherit package; 19 + }; 20 }; 21 22 + client = package: { 23 services.teleport = { 24 enable = true; 25 + inherit package; 26 settings = { 27 teleport = { 28 nodename = "client"; ··· 47 }]; 48 }; 49 50 + server = package: { 51 services.teleport = { 52 enable = true; 53 + inherit package; 54 settings = { 55 teleport = { 56 nodename = "server"; ··· 75 }; 76 }; 77 in 78 + lib.concatMapAttrs 79 + (name: package: { 80 + "minimal_${name}" = makeTest { 81 + # minimal setup should always work 82 + name = "teleport-minimal-setup"; 83 + meta.maintainers = with pkgs.lib.maintainers; [ justinas ]; 84 + nodes.minimal = minimal package; 85 86 + testScript = '' 87 + minimal.wait_for_open_port(3025) 88 + minimal.wait_for_open_port(3080) 89 + minimal.wait_for_open_port(3022) 90 + ''; 91 + }; 92 93 + "basic_${name}" = makeTest { 94 + # basic server and client test 95 + name = "teleport-server-client"; 96 + meta.maintainers = with pkgs.lib.maintainers; [ justinas ]; 97 + nodes = { 98 + server = server package; 99 + client = client package; 100 + }; 101 102 + testScript = '' 103 + with subtest("teleport ready"): 104 + server.wait_for_open_port(3025) 105 + client.wait_for_open_port(3022) 106 107 + with subtest("check applied configuration"): 108 + server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'") 109 + server.wait_for_open_port(3000) 110 + client.succeed("journalctl -u teleport.service --grep='DEBU'") 111 + server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'") 112 + ''; 113 + }; 114 + }) 115 + packages
+8
pkgs/servers/teleport/11.nix
···
··· 1 + { callPackage, ... }@args: 2 + callPackage ./generic.nix ({ 3 + version = "11.3.5"; 4 + hash = "sha256-/InWly0jCiPBlgM/qgS6ErMv7Hhg5PW9sldda1oaUIg="; 5 + vendorHash = "sha256-NkiFLEHBNjxUOSuAlVugAV14yCCo3z6yhX7LZQFKhvA="; 6 + cargoHash = "sha256-02qo6i6GuRAYKDKA7k2hDq2O6ayEQbeGhFS2g3b9Wuo="; 7 + yarnHash = "sha256-kvnVmDZ/jISaaS97KM0WbPJU7Y8XWOeHrDLT0iXRyfc="; 8 + } // builtins.removeAttrs args [ "callPackage" ])
+8
pkgs/servers/teleport/12.nix
···
··· 1 + { callPackage, ... }@args: 2 + callPackage ./generic.nix ({ 3 + version = "12.0.2"; 4 + hash = "sha256-9RD4ETQEXnj3d5YID3f3BghwitdqfcDgNhsk8ixWTW4="; 5 + vendorHash = "sha256-2sOELuMyg7w/rhnWvnwDiUOsjUfb56JdAbrTGKvGnjs="; 6 + cargoHash = "sha256-1ScU5ywq8vz1sWHW2idBsWcB1Xs+aylukBm96dKrwL4="; 7 + yarnHash = "sha256-ItRi5EkYrwNB1MIf9l3yyK1BX6vNpL2+H1BlN3Evibg="; 8 + } // builtins.removeAttrs args [ "callPackage" ])
+11 -5
pkgs/servers/teleport/default.nix pkgs/servers/teleport/generic.nix
··· 20 , nixosTests 21 22 , withRdpClient ? true 23 }: 24 let 25 # This repo has a private submodule "e" which fetchgit cannot handle without failing. ··· 27 owner = "gravitational"; 28 repo = "teleport"; 29 rev = "v${version}"; 30 - hash = "sha256-jJfOgcwKkNFO/5XHxMoapZxM8Tb0kEgKVA7SrMU7uW4="; 31 }; 32 - version = "11.3.4"; 33 34 rdpClient = rustPlatform.buildRustPackage rec { 35 pname = "teleport-rdpclient"; 36 - cargoHash = "sha256-TSIwLCY01ygCWT73LR/Ch7NwPQA3a3r0PyL3hUzBNr4="; 37 inherit version src; 38 39 buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient"; ··· 56 57 yarnOfflineCache = fetchYarnDeps { 58 yarnLock = "${src}/yarn.lock"; 59 - hash = "sha256-MAGeWzA366yzpjdCY0+X6RV5MKcsHa/xD5CJu6ce1FU="; 60 }; 61 62 webassets = stdenv.mkDerivation { ··· 95 pname = "teleport"; 96 97 inherit src version; 98 - vendorHash = "sha256-NkiFLEHBNjxUOSuAlVugAV14yCCo3z6yhX7LZQFKhvA="; 99 proxyVendor = true; 100 101 subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
··· 20 , nixosTests 21 22 , withRdpClient ? true 23 + 24 + , version 25 + , hash 26 + , vendorHash 27 + , cargoHash 28 + , yarnHash 29 }: 30 let 31 # This repo has a private submodule "e" which fetchgit cannot handle without failing. ··· 33 owner = "gravitational"; 34 repo = "teleport"; 35 rev = "v${version}"; 36 + inherit hash; 37 }; 38 + inherit version; 39 40 rdpClient = rustPlatform.buildRustPackage rec { 41 pname = "teleport-rdpclient"; 42 + inherit cargoHash; 43 inherit version src; 44 45 buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient"; ··· 62 63 yarnOfflineCache = fetchYarnDeps { 64 yarnLock = "${src}/yarn.lock"; 65 + hash = yarnHash; 66 }; 67 68 webassets = stdenv.mkDerivation { ··· 101 pname = "teleport"; 102 103 inherit src version; 104 + inherit vendorHash; 105 proxyVendor = true; 106 107 subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
+5 -1
pkgs/top-level/all-packages.nix
··· 12570 12571 telegraf = callPackage ../servers/monitoring/telegraf { }; 12572 12573 - teleport = callPackage ../servers/teleport { 12574 inherit (darwin.apple_sdk.frameworks) CoreFoundation Security AppKit; 12575 }; 12576 12577 telepresence = callPackage ../tools/networking/telepresence { 12578 pythonPackages = python3Packages;
··· 12570 12571 telegraf = callPackage ../servers/monitoring/telegraf { }; 12572 12573 + teleport_11 = callPackage ../servers/teleport/11.nix { 12574 inherit (darwin.apple_sdk.frameworks) CoreFoundation Security AppKit; 12575 }; 12576 + teleport_12 = callPackage ../servers/teleport/12.nix { 12577 + inherit (darwin.apple_sdk.frameworks) CoreFoundation Security AppKit; 12578 + }; 12579 + teleport = teleport_12; 12580 12581 telepresence = callPackage ../tools/networking/telepresence { 12582 pythonPackages = python3Packages;