+1 -1

nixos/modules/config/krb5/default.nix

··· 84 type = types.package; 85 default = pkgs.krb5Full; 86 defaultText = "pkgs.krb5Full"; 87 - example = literalExample "pkgs.heimdalFull"; 88 description = '' 89 The Kerberos implementation that will be present in 90 <literal>environment.systemPackages</literal> after enabling this

··· 84 type = types.package; 85 default = pkgs.krb5Full; 86 defaultText = "pkgs.krb5Full"; 87 + example = literalExample "pkgs.heimdal"; 88 description = '' 89 The Kerberos implementation that will be present in 90 <literal>environment.systemPackages</literal> after enabling this

+9 -2

nixos/modules/programs/atop.nix

··· 141 // mkService cfg.atopgpu.enable "atopgpu" [ atop ]; 142 timers = mkTimer cfg.atopRotateTimer.enable "atop-rotate" [ atop ]; 143 }; 144 - security.wrappers = 145 - lib.mkIf cfg.setuidWrapper.enable { atop = { source = "${atop}/bin/atop"; }; }; 0 0 0 0 0 0 0 146 } 147 ); 148 }

··· 141 // mkService cfg.atopgpu.enable "atopgpu" [ atop ]; 142 timers = mkTimer cfg.atopRotateTimer.enable "atop-rotate" [ atop ]; 143 }; 144 + 145 + security.wrappers = lib.mkIf cfg.setuidWrapper.enable { 146 + atop = 147 + { setuid = true; 148 + owner = "root"; 149 + group = "root"; 150 + source = "${atop}/bin/atop"; 151 + }; 152 + }; 153 } 154 ); 155 }

+1 -1

nixos/modules/programs/plotinus.nix

··· 30 ###### implementation 31 32 config = mkIf cfg.enable { 33 - environment.variables.XDG_DATA_DIRS = [ "${pkgs.plotinus}/share/gsettings-schemas/${pkgs.plotinus.name}" ]; 34 environment.variables.GTK3_MODULES = [ "${pkgs.plotinus}/lib/libplotinus.so" ]; 35 }; 36 }

··· 30 ###### implementation 31 32 config = mkIf cfg.enable { 33 + environment.sessionVariables.XDG_DATA_DIRS = [ "${pkgs.plotinus}/share/gsettings-schemas/${pkgs.plotinus.name}" ]; 34 environment.variables.GTK3_MODULES = [ "${pkgs.plotinus}/lib/libplotinus.so" ]; 35 }; 36 }

+23 -18

nixos/modules/services/cluster/kubernetes/default.nix

··· 5 let 6 cfg = config.services.kubernetes; 7 8 - defaultContainerdConfigFile = pkgs.writeText "containerd.toml" '' 9 - version = 2 10 - root = "/var/lib/containerd" 11 - state = "/run/containerd" 12 - oom_score = 0 13 14 - [grpc] 15 - address = "/run/containerd/containerd.sock" 0 16 17 - [plugins."io.containerd.grpc.v1.cri"] 18 - sandbox_image = "pause:latest" 19 20 - [plugins."io.containerd.grpc.v1.cri".cni] 21 - bin_dir = "/opt/cni/bin" 22 - max_conf_num = 0 0 23 24 - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] 25 - runtime_type = "io.containerd.runc.v2" 0 26 27 - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes."io.containerd.runc.v2".options] 28 - SystemdCgroup = true 29 - ''; 0 0 30 31 mkKubeConfig = name: conf: pkgs.writeText "${name}-kubeconfig" (builtins.toJSON { 32 apiVersion = "v1"; ··· 248 (mkIf cfg.kubelet.enable { 249 virtualisation.containerd = { 250 enable = mkDefault true; 251 - configFile = mkDefault defaultContainerdConfigFile; 252 }; 253 }) 254

··· 5 let 6 cfg = config.services.kubernetes; 7 8 + defaultContainerdSettings = { 9 + version = 2; 10 + root = "/var/lib/containerd"; 11 + state = "/run/containerd"; 12 + oom_score = 0; 13 14 + grpc = { 15 + address = "/run/containerd/containerd.sock"; 16 + }; 17 18 + plugins."io.containerd.grpc.v1.cri" = { 19 + sandbox_image = "pause:latest"; 20 21 + cni = { 22 + bin_dir = "/opt/cni/bin"; 23 + max_conf_num = 0; 24 + }; 25 26 + containerd.runtimes.runc = { 27 + runtime_type = "io.containerd.runc.v2"; 28 + }; 29 30 + containerd.runtimes."io.containerd.runc.v2".options = { 31 + SystemdCgroup = true; 32 + }; 33 + }; 34 + }; 35 36 mkKubeConfig = name: conf: pkgs.writeText "${name}-kubeconfig" (builtins.toJSON { 37 apiVersion = "v1"; ··· 253 (mkIf cfg.kubelet.enable { 254 virtualisation.containerd = { 255 enable = mkDefault true; 256 + settings = mkDefault defaultContainerdSettings; 257 }; 258 }) 259

+1

nixos/modules/services/networking/dnscrypt-wrapper.nix

··· 217 home = "${dataDir}"; 218 createHome = true; 219 isSystemUser = true; 0 220 }; 221 users.groups.dnscrypt-wrapper = { }; 222

··· 217 home = "${dataDir}"; 218 createHome = true; 219 isSystemUser = true; 220 + group = "dnscrypt-wrapper"; 221 }; 222 users.groups.dnscrypt-wrapper = { }; 223

+1 -1

nixos/modules/services/networking/flannel.nix

··· 164 path = [ pkgs.iptables ]; 165 preStart = optionalString (cfg.storageBackend == "etcd") '' 166 echo "setting network configuration" 167 - until ${pkgs.etcdctl}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}' 168 do 169 echo "setting network configuration, retry" 170 sleep 1

··· 164 path = [ pkgs.iptables ]; 165 preStart = optionalString (cfg.storageBackend == "etcd") '' 166 echo "setting network configuration" 167 + until ${pkgs.etcd}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}' 168 do 169 echo "setting network configuration, retry" 170 sleep 1

+1 -1

nixos/modules/services/search/meilisearch.nix

··· 8 in 9 { 10 11 - meta.maintainers = with maintainers; [ filalex77 ]; 12 13 ###### interface 14

··· 8 in 9 { 10 11 + meta.maintainers = with maintainers; [ Br1ght0ne ]; 12 13 ###### interface 14

+1 -1

nixos/modules/services/system/kerberos/heimdal.nix

··· 27 { 28 # No documentation about correct triggers, so guessing at them. 29 30 - config = mkIf (cfg.enable && kerberos == pkgs.heimdalFull) { 31 systemd.services.kadmind = { 32 description = "Kerberos Administration Daemon"; 33 wantedBy = [ "multi-user.target" ];

··· 27 { 28 # No documentation about correct triggers, so guessing at them. 29 30 + config = mkIf (cfg.enable && kerberos == pkgs.heimdal) { 31 systemd.services.kadmind = { 32 description = "Kerberos Administration Daemon"; 33 wantedBy = [ "multi-user.target" ];

-1

nixos/tests/all-tests.nix

··· 223 krb5 = discoverTests (import ./krb5 {}); 224 ksm = handleTest ./ksm.nix {}; 225 kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {}; 226 - latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; }; 227 latestKernel.login = handleTest ./login.nix { latestKernel = true; }; 228 leaps = handleTest ./leaps.nix {}; 229 libreddit = handleTest ./libreddit.nix {};

··· 223 krb5 = discoverTests (import ./krb5 {}); 224 ksm = handleTest ./ksm.nix {}; 225 kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {}; 0 226 latestKernel.login = handleTest ./login.nix { latestKernel = true; }; 227 leaps = handleTest ./leaps.nix {}; 228 libreddit = handleTest ./libreddit.nix {};

-2

nixos/tests/atop.nix

··· 105 }; 106 in 107 { 108 - name = "atop"; 109 - 110 justThePackage = makeTest { 111 name = "atop-justThePackage"; 112 machine = {

··· 105 }; 106 in 107 { 0 0 108 justThePackage = makeTest { 109 name = "atop-justThePackage"; 110 machine = {

+1 -1

nixos/tests/cntr.nix

··· 9 makeTest { 10 name = "cntr-${backend}"; 11 12 - meta = { maintainers = with lib.maintainers; [ srk mic92 ]; }; 13 14 nodes = { 15 ${backend} = { pkgs, ... }: {

··· 9 makeTest { 10 name = "cntr-${backend}"; 11 12 + meta = { maintainers = with lib.maintainers; [ sorki mic92 ]; }; 13 14 nodes = { 15 ${backend} = { pkgs, ... }: {

+5

nixos/tests/ec2.nix

··· 24 ln -s vda1 /dev/xvda1 25 ''; 26 0 0 0 0 0 27 # Needed by nixos-rebuild due to the lack of network 28 # access. Determined by trial and error. 29 system.extraDependencies = with pkgs; ( [

··· 24 ln -s vda1 /dev/xvda1 25 ''; 26 27 + # In a NixOS test the serial console is occupied by the "backdoor" 28 + # (see testing/test-instrumentation.nix) and is incompatible with 29 + # the configuration in virtualisation/amazon-image.nix. 30 + systemd.services."serial-getty@ttyS0".enable = mkForce false; 31 + 32 # Needed by nixos-rebuild due to the lack of network 33 # access. Determined by trial and error. 34 system.extraDependencies = with pkgs; ( [

+2 -2

nixos/tests/enlightenment.nix

··· 11 imports = [ ./common/user-account.nix ]; 12 services.xserver.enable = true; 13 services.xserver.desktopManager.enlightenment.enable = true; 14 - services.xserver.displayManager.lightdm = { 15 - enable = true; 16 autoLogin = { 17 enable = true; 18 user = "alice";

··· 11 imports = [ ./common/user-account.nix ]; 12 services.xserver.enable = true; 13 services.xserver.desktopManager.enlightenment.enable = true; 14 + services.xserver.displayManager = { 15 + lightdm.enable = true; 16 autoLogin = { 17 enable = true; 18 user = "alice";

+1 -3

nixos/tests/hardened.nix

··· 1 - import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { 2 name = "hardened"; 3 meta = with pkgs.lib.maintainers; { 4 maintainers = [ joachifm ]; ··· 10 { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; 11 users.users.sybil = { isNormalUser = true; group = "wheel"; }; 12 imports = [ ../modules/profiles/hardened.nix ]; 13 - boot.kernelPackages = 14 - lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened; 15 environment.memoryAllocator.provider = "graphene-hardened"; 16 nix.useSandbox = false; 17 virtualisation.emptyDiskImages = [ 4096 ];

··· 1 + import ./make-test-python.nix ({ pkgs, ... } : { 2 name = "hardened"; 3 meta = with pkgs.lib.maintainers; { 4 maintainers = [ joachifm ]; ··· 10 { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; 11 users.users.sybil = { isNormalUser = true; group = "wheel"; }; 12 imports = [ ../modules/profiles/hardened.nix ]; 0 0 13 environment.memoryAllocator.provider = "graphene-hardened"; 14 nix.useSandbox = false; 15 virtualisation.emptyDiskImages = [ 4096 ];

+1 -1

nixos/tests/kerberos/heimdal.nix

··· 9 }; 10 krb5 = { 11 enable = true; 12 - kerberos = pkgs.heimdalFull; 13 libdefaults = { 14 default_realm = "FOO.BAR"; 15 };

··· 9 }; 10 krb5 = { 11 enable = true; 12 + kerberos = pkgs.heimdal; 13 libdefaults = { 14 default_realm = "FOO.BAR"; 15 };

+1 -1

nixos/tests/meilisearch.nix

··· 10 ''; 11 in { 12 name = "meilisearch"; 13 - meta.maintainers = with lib.maintainers; [ filalex77 ]; 14 15 machine = { ... }: { 16 environment.systemPackages = with pkgs; [ curl jq ];

··· 10 ''; 11 in { 12 name = "meilisearch"; 13 + meta.maintainers = with lib.maintainers; [ Br1ght0ne ]; 14 15 machine = { ... }: { 16 environment.systemPackages = with pkgs; [ curl jq ];

+4 -1

nixos/tests/minio.nix

··· 28 machine = { pkgs, ... }: { 29 services.minio = { 30 enable = true; 31 - inherit accessKey secretKey; 0 0 0 32 }; 33 environment.systemPackages = [ pkgs.minio-client ]; 34

··· 28 machine = { pkgs, ... }: { 29 services.minio = { 30 enable = true; 31 + rootCredentialsFile = pkgs.writeText "minio-credentials" '' 32 + MINIO_ROOT_USER=${accessKey} 33 + MINIO_ROOT_PASSWORD=${secretKey} 34 + ''; 35 }; 36 environment.systemPackages = [ pkgs.minio-client ]; 37

+1 -1

nixos/tests/mpv.nix

··· 14 { 15 environment.systemPackages = [ 16 pkgs.curl 17 - (pkgs.mpv-with-scripts.override { 18 scripts = [ pkgs.mpvScripts.simple-mpv-webui ]; 19 }) 20 ];

··· 14 { 15 environment.systemPackages = [ 16 pkgs.curl 17 + (pkgs.wrapMpv pkgs.mpv-unwrapped { 18 scripts = [ pkgs.mpvScripts.simple-mpv-webui ]; 19 }) 20 ];

+13 -3

nixos/tests/mysql/mariadb-galera-mariabackup.nix

··· 4 mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; }; 5 mysqlenv-mariabackup = pkgs.buildEnv { name = "mysql-path-env-mariabackup"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ gzip iproute2 netcat procps pv socat ]; }; 6 0 0 0 0 0 0 0 0 0 0 7 in { 8 name = "mariadb-galera-mariabackup"; 9 meta = with pkgs.lib.maintainers; { ··· 17 galera_01 = 18 { pkgs, ... }: 19 { 0 20 networking = { 21 interfaces.eth1 = { 22 ipv4.addresses = [ ··· 31 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 32 firewall.allowedUDPPorts = [ 4567 ]; 33 }; 34 - users.users.testuser = { isSystemUser = true; }; 35 systemd.services.mysql = with pkgs; { 36 path = [ mysqlenv-common mysqlenv-mariabackup ]; 37 }; ··· 75 galera_02 = 76 { pkgs, ... }: 77 { 0 78 networking = { 79 interfaces.eth1 = { 80 ipv4.addresses = [ ··· 89 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 90 firewall.allowedUDPPorts = [ 4567 ]; 91 }; 92 - users.users.testuser = { isSystemUser = true; }; 93 systemd.services.mysql = with pkgs; { 94 path = [ mysqlenv-common mysqlenv-mariabackup ]; 95 }; ··· 122 galera_03 = 123 { pkgs, ... }: 124 { 0 125 networking = { 126 interfaces.eth1 = { 127 ipv4.addresses = [ ··· 136 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 137 firewall.allowedUDPPorts = [ 4567 ]; 138 }; 139 - users.users.testuser = { isSystemUser = true; }; 140 systemd.services.mysql = with pkgs; { 141 path = [ mysqlenv-common mysqlenv-mariabackup ]; 142 };

··· 4 mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; }; 5 mysqlenv-mariabackup = pkgs.buildEnv { name = "mysql-path-env-mariabackup"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ gzip iproute2 netcat procps pv socat ]; }; 6 7 + # Common user configuration 8 + users = { ... }: 9 + { 10 + users.users.testuser = { 11 + isSystemUser = true; 12 + group = "testusers"; 13 + }; 14 + users.groups.testusers = { }; 15 + }; 16 + 17 in { 18 name = "mariadb-galera-mariabackup"; 19 meta = with pkgs.lib.maintainers; { ··· 27 galera_01 = 28 { pkgs, ... }: 29 { 30 + imports = [ users ]; 31 networking = { 32 interfaces.eth1 = { 33 ipv4.addresses = [ ··· 42 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 43 firewall.allowedUDPPorts = [ 4567 ]; 44 }; 0 45 systemd.services.mysql = with pkgs; { 46 path = [ mysqlenv-common mysqlenv-mariabackup ]; 47 }; ··· 85 galera_02 = 86 { pkgs, ... }: 87 { 88 + imports = [ users ]; 89 networking = { 90 interfaces.eth1 = { 91 ipv4.addresses = [ ··· 100 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 101 firewall.allowedUDPPorts = [ 4567 ]; 102 }; 0 103 systemd.services.mysql = with pkgs; { 104 path = [ mysqlenv-common mysqlenv-mariabackup ]; 105 }; ··· 132 galera_03 = 133 { pkgs, ... }: 134 { 135 + imports = [ users ]; 136 networking = { 137 interfaces.eth1 = { 138 ipv4.addresses = [ ··· 147 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 148 firewall.allowedUDPPorts = [ 4567 ]; 149 }; 0 150 systemd.services.mysql = with pkgs; { 151 path = [ mysqlenv-common mysqlenv-mariabackup ]; 152 };

+13 -3

nixos/tests/mysql/mariadb-galera-rsync.nix

··· 4 mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; }; 5 mysqlenv-rsync = pkgs.buildEnv { name = "mysql-path-env-rsync"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ lsof procps rsync stunnel ]; }; 6 0 0 0 0 0 0 0 0 0 0 7 in { 8 name = "mariadb-galera-rsync"; 9 meta = with pkgs.lib.maintainers; { ··· 17 galera_04 = 18 { pkgs, ... }: 19 { 0 20 networking = { 21 interfaces.eth1 = { 22 ipv4.addresses = [ ··· 31 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 32 firewall.allowedUDPPorts = [ 4567 ]; 33 }; 34 - users.users.testuser = { isSystemUser = true; }; 35 systemd.services.mysql = with pkgs; { 36 path = [ mysqlenv-common mysqlenv-rsync ]; 37 }; ··· 70 galera_05 = 71 { pkgs, ... }: 72 { 0 73 networking = { 74 interfaces.eth1 = { 75 ipv4.addresses = [ ··· 84 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 85 firewall.allowedUDPPorts = [ 4567 ]; 86 }; 87 - users.users.testuser = { isSystemUser = true; }; 88 systemd.services.mysql = with pkgs; { 89 path = [ mysqlenv-common mysqlenv-rsync ]; 90 }; ··· 116 galera_06 = 117 { pkgs, ... }: 118 { 0 119 networking = { 120 interfaces.eth1 = { 121 ipv4.addresses = [ ··· 130 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 131 firewall.allowedUDPPorts = [ 4567 ]; 132 }; 133 - users.users.testuser = { isSystemUser = true; }; 134 systemd.services.mysql = with pkgs; { 135 path = [ mysqlenv-common mysqlenv-rsync ]; 136 };

··· 4 mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; }; 5 mysqlenv-rsync = pkgs.buildEnv { name = "mysql-path-env-rsync"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ lsof procps rsync stunnel ]; }; 6 7 + # Common user configuration 8 + users = { ... }: 9 + { 10 + users.users.testuser = { 11 + isSystemUser = true; 12 + group = "testusers"; 13 + }; 14 + users.groups.testusers = { }; 15 + }; 16 + 17 in { 18 name = "mariadb-galera-rsync"; 19 meta = with pkgs.lib.maintainers; { ··· 27 galera_04 = 28 { pkgs, ... }: 29 { 30 + imports = [ users ]; 31 networking = { 32 interfaces.eth1 = { 33 ipv4.addresses = [ ··· 42 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 43 firewall.allowedUDPPorts = [ 4567 ]; 44 }; 0 45 systemd.services.mysql = with pkgs; { 46 path = [ mysqlenv-common mysqlenv-rsync ]; 47 }; ··· 80 galera_05 = 81 { pkgs, ... }: 82 { 83 + imports = [ users ]; 84 networking = { 85 interfaces.eth1 = { 86 ipv4.addresses = [ ··· 95 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 96 firewall.allowedUDPPorts = [ 4567 ]; 97 }; 0 98 systemd.services.mysql = with pkgs; { 99 path = [ mysqlenv-common mysqlenv-rsync ]; 100 }; ··· 126 galera_06 = 127 { pkgs, ... }: 128 { 129 + imports = [ users ]; 130 networking = { 131 interfaces.eth1 = { 132 ipv4.addresses = [ ··· 141 firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; 142 firewall.allowedUDPPorts = [ 4567 ]; 143 }; 0 144 systemd.services.mysql = with pkgs; { 145 path = [ mysqlenv-common mysqlenv-rsync ]; 146 };

+29 -7

nixos/tests/mysql/mysql.nix

··· 1 - import ./../make-test-python.nix ({ pkgs, ...} : { 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 name = "mysql"; 3 meta = with pkgs.lib.maintainers; { 4 maintainers = [ eelco shlevy ]; ··· 9 { pkgs, ... }: 10 11 { 12 - users.users.testuser = { isSystemUser = true; }; 13 - users.users.testuser2 = { isSystemUser = true; }; 14 services.mysql.enable = true; 15 services.mysql.initialDatabases = [ 16 { name = "testdb3"; schema = ./testdb.sql; } ··· 40 { pkgs, ... }: 41 42 { 0 0 43 # prevent oom: 44 # Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled 45 virtualisation.memorySize = 1024; 46 47 - users.users.testuser = { isSystemUser = true; }; 48 - users.users.testuser2 = { isSystemUser = true; }; 49 services.mysql.enable = true; 50 services.mysql.initialDatabases = [ 51 { name = "testdb3"; schema = ./testdb.sql; } ··· 75 { pkgs, ... }: 76 77 { 78 - users.users.testuser = { isSystemUser = true; }; 79 - users.users.testuser2 = { isSystemUser = true; }; 80 services.mysql.enable = true; 81 services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' 82 ALTER USER root@localhost IDENTIFIED WITH unix_socket;

··· 1 + import ./../make-test-python.nix ({ pkgs, ...}: 2 + 3 + 4 + let 5 + # Setup common users 6 + users = { ... }: 7 + { 8 + users.groups.testusers = { }; 9 + 10 + users.users.testuser = { 11 + isSystemUser = true; 12 + group = "testusers"; 13 + }; 14 + 15 + users.users.testuser2 = { 16 + isSystemUser = true; 17 + group = "testusers"; 18 + }; 19 + }; 20 + 21 + in 22 + 23 + { 24 name = "mysql"; 25 meta = with pkgs.lib.maintainers; { 26 maintainers = [ eelco shlevy ]; ··· 31 { pkgs, ... }: 32 33 { 34 + imports = [ users ]; 35 + 36 services.mysql.enable = true; 37 services.mysql.initialDatabases = [ 38 { name = "testdb3"; schema = ./testdb.sql; } ··· 62 { pkgs, ... }: 63 64 { 65 + imports = [ users ]; 66 + 67 # prevent oom: 68 # Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled 69 virtualisation.memorySize = 1024; 70 0 0 71 services.mysql.enable = true; 72 services.mysql.initialDatabases = [ 73 { name = "testdb3"; schema = ./testdb.sql; } ··· 97 { pkgs, ... }: 98 99 { 100 + imports = [ users ]; 101 + 102 services.mysql.enable = true; 103 services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' 104 ALTER USER root@localhost IDENTIFIED WITH unix_socket;

+1 -1

nixos/tests/pantheon.nix

··· 1 - import ./make-test-python.nix ({ pkgs, ...} : 2 3 { 4 name = "pantheon";

··· 1 + import ./make-test-python.nix ({ pkgs, lib, ...} : 2 3 { 4 name = "pantheon";

+1 -1

nixos/tests/postfixadmin.nix

··· 1 import ./make-test-python.nix ({ pkgs, ...} : { 2 name = "postfixadmin"; 3 - meta = with pkgs.stdenv.lib.maintainers; { 4 maintainers = [ globin ]; 5 }; 6

··· 1 import ./make-test-python.nix ({ pkgs, ...} : { 2 name = "postfixadmin"; 3 + meta = with pkgs.lib.maintainers; { 4 maintainers = [ globin ]; 5 }; 6

+5 -1

nixos/tests/prometheus-exporters.nix

··· 554 WorkingDirectory = "/var/spool/mail"; 555 }; 556 }; 557 - users.users.mailexporter.isSystemUser = true; 0 0 0 0 558 }; 559 exporterTest = '' 560 wait_for_unit("postfix.service")

··· 554 WorkingDirectory = "/var/spool/mail"; 555 }; 556 }; 557 + users.users.mailexporter = { 558 + isSystemUser = true; 559 + group = "mailexporter"; 560 + }; 561 + users.groups.mailexporter = {}; 562 }; 563 exporterTest = '' 564 wait_for_unit("postfix.service")

+2

nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix

··· 42 # DO NOT COPY THIS TO PRODUCTION AS IS. Think about it at least twice. 43 # Everyone on the "isp" machine will be able to add routes to the kernel. 44 security.wrappers.add-dhcpd-lease = { 0 0 45 source = pkgs.writeShellScript "add-dhcpd-lease" '' 46 exec ${pkgs.iproute2}/bin/ip -6 route replace "$1" via "$2" 47 '';

··· 42 # DO NOT COPY THIS TO PRODUCTION AS IS. Think about it at least twice. 43 # Everyone on the "isp" machine will be able to add routes to the kernel. 44 security.wrappers.add-dhcpd-lease = { 45 + owner = "root"; 46 + group = "root"; 47 source = pkgs.writeShellScript "add-dhcpd-lease" '' 48 exec ${pkgs.iproute2}/bin/ip -6 route replace "$1" via "$2" 49 '';

+1 -1

nixos/tests/tigervnc.nix

··· 6 with import ../lib/testing-python.nix { inherit system pkgs; }; 7 makeTest { 8 name = "tigervnc"; 9 - meta = with pkgs.stdenv.lib.maintainers; { 10 maintainers = [ lheckemann ]; 11 }; 12

··· 6 with import ../lib/testing-python.nix { inherit system pkgs; }; 7 makeTest { 8 name = "tigervnc"; 9 + meta = with pkgs.lib.maintainers; { 10 maintainers = [ lheckemann ]; 11 }; 12

+1 -1

nixos/tests/wasabibackend.nix

··· 14 port = 18332; 15 }; 16 }; 17 - services.bitcoind = { 18 enable = true; 19 testnet = true; 20 rpc.users = {

··· 14 port = 18332; 15 }; 16 }; 17 + services.bitcoind."testnet" = { 18 enable = true; 19 testnet = true; 20 rpc.users = {