Merge branch 'master' into staging

nixos-19.03
Vladimír Čunát 5 years ago
commit 24d81d6332
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
  1. 16
      doc/languages-frameworks/haskell.md
  2. 1
      lib/maintainers.nix
  3. 2
      nixos/lib/make-squashfs.nix
  4. 8
      nixos/modules/misc/ids.nix
  5. 3
      nixos/modules/module-list.nix
  6. 21
      nixos/modules/services/desktops/gnome3/at-spi2-core.nix
  7. 73
      nixos/modules/services/misc/xmr-stak.nix
  8. 1
      nixos/modules/services/network-filesystems/samba.nix
  9. 3
      nixos/modules/services/web-servers/lighttpd/default.nix
  10. 10
      nixos/modules/services/x11/desktop-managers/plasma5.nix
  11. 9
      nixos/modules/system/boot/plymouth.nix
  12. 30
      nixos/modules/virtualisation/ec2-amis.nix
  13. 174
      nixos/modules/virtualisation/nova.nix
  14. 84
      nixos/modules/virtualisation/openstack/common.nix
  15. 245
      nixos/modules/virtualisation/openstack/glance.nix
  16. 220
      nixos/modules/virtualisation/openstack/keystone.nix
  17. 2
      nixos/release.nix
  18. 77
      nixos/tests/glance.nix
  19. 5
      nixos/tests/jenkins.nix
  20. 82
      nixos/tests/keystone.nix
  21. 4
      pkgs/applications/audio/bitwig-studio/default.nix
  22. 14
      pkgs/applications/audio/ingen/default.nix
  23. 4
      pkgs/applications/audio/qsampler/default.nix
  24. 4
      pkgs/applications/editors/atom/default.nix
  25. 3
      pkgs/applications/editors/emacs-modes/melpa-packages.nix
  26. 3
      pkgs/applications/editors/emacs-modes/melpa-stable-packages.nix
  27. 10
      pkgs/applications/graphics/pqiv/default.nix
  28. 6
      pkgs/applications/graphics/sane/backends/git.nix
  29. 9
      pkgs/applications/misc/airspy/default.nix
  30. 35
      pkgs/applications/misc/camlistore/default.nix
  31. 7
      pkgs/applications/misc/ipmicfg/default.nix
  32. 8
      pkgs/applications/misc/keepassx/community.nix
  33. 31
      pkgs/applications/misc/perkeep/default.nix
  34. 16
      pkgs/applications/misc/xmr-stak/default.nix
  35. 4
      pkgs/applications/networking/browsers/chromium/plugins.nix
  36. 12
      pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/default.nix
  37. 10
      pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/standalone.nix
  38. 6
      pkgs/applications/networking/browsers/qutebrowser/default.nix
  39. 6
      pkgs/applications/networking/cluster/minikube/default.nix
  40. 4
      pkgs/applications/networking/instant-messengers/discord/default.nix
  41. 9
      pkgs/applications/networking/instant-messengers/jackline/default.nix
  42. 4
      pkgs/applications/networking/instant-messengers/skypeforlinux/default.nix
  43. 4
      pkgs/applications/networking/mailreaders/neomutt/default.nix
  44. 18
      pkgs/applications/science/logic/ott/default.nix
  45. 31
      pkgs/applications/science/logic/z3/4.5.0.nix
  46. 6
      pkgs/applications/version-management/gerrit/default.nix
  47. 26
      pkgs/applications/version-management/gitless/default.nix
  48. 69
      pkgs/applications/virtualization/openstack/glance.nix
  49. 55
      pkgs/applications/virtualization/openstack/keystone.nix
  50. 93
      pkgs/applications/virtualization/openstack/neutron-iproute-4.patch
  51. 69
      pkgs/applications/virtualization/openstack/neutron.nix
  52. 71
      pkgs/applications/virtualization/openstack/nova.nix
  53. 61
      pkgs/applications/virtualization/openstack/remove-oslo-policy-tests.patch
  54. 6
      pkgs/build-support/libredirect/default.nix
  55. 26
      pkgs/desktops/gnome-3/core/gtksourceview/default.nix
  56. 6
      pkgs/desktops/gnome-3/core/gtksourceview/src.nix
  57. 4
      pkgs/development/compilers/chicken/default.nix
  58. 3
      pkgs/development/compilers/cudatoolkit/default.nix
  59. 7
      pkgs/development/compilers/kotlin/default.nix
  60. 45
      pkgs/development/coq-modules/category-theory/default.nix
  61. 51
      pkgs/development/coq-modules/coq-haskell/default.nix
  62. 14
      pkgs/development/haskell-modules/configuration-common.nix
  63. 85
      pkgs/development/haskell-modules/configuration-hackage2nix.yaml
  64. 1
      pkgs/development/haskell-modules/configuration-nix.nix
  65. 1918
      pkgs/development/haskell-modules/hackage-packages.nix
  66. 22
      pkgs/development/interpreters/clojure/default.nix
  67. 6
      pkgs/development/libraries/audio/lv2/unstable.nix
  68. 6
      pkgs/development/libraries/audio/raul/default.nix
  69. 4
      pkgs/development/libraries/aws-sdk-cpp/default.nix
  70. 12
      pkgs/development/libraries/gpgme/default.nix
  71. 22
      pkgs/development/libraries/hwloc/default.nix
  72. 6
      pkgs/development/libraries/liblscp/default.nix
  73. 29
      pkgs/development/libraries/libva-utils/default.nix
  74. 37
      pkgs/development/libraries/libva/default.nix
  75. 3
      pkgs/development/libraries/taglib/1.9.nix
  76. 9
      pkgs/development/libraries/taglib/default.nix
  77. 16
      pkgs/development/libraries/vaapi-intel/default.nix
  78. 4
      pkgs/development/ocaml-modules/alcotest/default.nix
  79. 15
      pkgs/development/ocaml-modules/asn1-combinators/default.nix
  80. 13
      pkgs/development/ocaml-modules/astring/default.nix
  81. 4
      pkgs/development/ocaml-modules/bos/default.nix
  82. 15
      pkgs/development/ocaml-modules/cmdliner/default.nix
  83. 6
      pkgs/development/ocaml-modules/cow/default.nix
  84. 4
      pkgs/development/ocaml-modules/cpuid/default.nix
  85. 4
      pkgs/development/ocaml-modules/decompress/default.nix
  86. 6
      pkgs/development/ocaml-modules/fmt/default.nix
  87. 4
      pkgs/development/ocaml-modules/fpath/default.nix
  88. 4
      pkgs/development/ocaml-modules/functoria/default.nix
  89. 4
      pkgs/development/ocaml-modules/integers/default.nix
  90. 6
      pkgs/development/ocaml-modules/jsonm/default.nix
  91. 11
      pkgs/development/ocaml-modules/logs/default.nix
  92. 4
      pkgs/development/ocaml-modules/mtime/default.nix
  93. 6
      pkgs/development/ocaml-modules/nocrypto/default.nix
  94. 4
      pkgs/development/ocaml-modules/notty/default.nix
  95. 4
      pkgs/development/ocaml-modules/ocb-stubblr/default.nix
  96. 4
      pkgs/development/ocaml-modules/octavius/default.nix
  97. 6
      pkgs/development/ocaml-modules/otfm/default.nix
  98. 23
      pkgs/development/ocaml-modules/otr/default.nix
  99. 4
      pkgs/development/ocaml-modules/ppx_deriving_yojson/default.nix
  100. 8
      pkgs/development/ocaml-modules/ptime/default.nix
  101. Some files were not shown because too many files have changed in this diff Show More

@ -777,14 +777,14 @@ to find out the store path of the system's zlib library. Now, you can
stack --extra-lib-dirs=/nix/store/alsvwzkiw4b7ip38l4nlfjijdvg3fvzn-zlib-1.2.8/lib build
```
Typically, you'll need `--extra-include-dirs` as well. It's possible
to add those flag to the project's `stack.yaml` or your user's
global `~/.stack/global/stack.yaml` file so that you don't have to
specify them manually every time. But again, you're likely better off
using Stack's Nix support instead.
The same thing applies to `cabal configure`, of course, if you're
building with `cabal-install` instead of Stack.
Typically, you'll need `--extra-include-dirs` as well. It's possible
to add those flag to the project's `stack.yaml` or your user's
global `~/.stack/global/stack.yaml` file so that you don't have to
specify them manually every time. But again, you're likely better off
using Stack's Nix support instead.
The same thing applies to `cabal configure`, of course, if you're
building with `cabal-install` instead of Stack.
### Creating statically linked binaries

@ -286,6 +286,7 @@
iblech = "Ingo Blechschmidt <iblech@speicherleck.de>";
igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
ilya-kolpakov = "Ilya Kolpakov <ilya.kolpakov@gmail.com>";
infinisil = "Silvan Mosberger <infinisil@icloud.com>";
ironpinguin = "Michele Catalano <michele@catalano.de>";
ivan-tkatchev = "Ivan Tkatchev <tkatchev@gmail.com>";

@ -36,7 +36,7 @@ stdenv.mkDerivation {
hasBadPaths=1
fi
if [ "$mode" != 444 ] && [ "$mode" != 555 ]; then
echo "Store path '$path' has invalid permissions."
echo "Store path '$path' has invalid permissions ($mode)."
hasBadPaths=1
fi
done

@ -281,8 +281,8 @@
stanchion = 262;
riak-cs = 263;
infinoted = 264;
keystone = 265;
glance = 266;
# keystone = 265; # unused, removed 2017-12-13
# glance = 266; # unused, removed 2017-12-13
couchpotato = 267;
gogs = 268;
pdns-recursor = 269;
@ -551,8 +551,8 @@
stanchion = 262;
riak-cs = 263;
infinoted = 264;
keystone = 265;
glance = 266;
# keystone = 265; # unused, removed 2017-12-13
# glance = 266; # unused, removed 2017-12-13
couchpotato = 267;
gogs = 268;
kresd = 270;

@ -354,6 +354,7 @@
./services/misc/taskserver
./services/misc/tzupdate.nix
./services/misc/uhub.nix
./services/misc/xmr-stak.nix
./services/misc/zookeeper.nix
./services/monitoring/apcupsd.nix
./services/monitoring/arbtt.nix
@ -748,6 +749,4 @@
./virtualisation/vmware-guest.nix
./virtualisation/xen-dom0.nix
./virtualisation/xe-guest-utilities.nix
./virtualisation/openstack/keystone.nix
./virtualisation/openstack/glance.nix
]

@ -28,14 +28,15 @@ with lib;
###### implementation
config = mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
systemd.packages = [ pkgs.at_spi2_core ];
};
config = mkMerge [
(mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
systemd.packages = [ pkgs.at_spi2_core ];
})
(mkIf (!config.services.gnome3.at-spi2-core.enable) {
environment.variables.NO_AT_BRIDGE = "1";
})
];
}

@ -0,0 +1,73 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.xmr-stak;
pkg = pkgs.xmr-stak.override {
inherit (cfg) openclSupport cudaSupport;
};
xmrConfArg = optionalString (cfg.configText != "") ("-c " +
pkgs.writeText "xmr-stak-config.txt" cfg.configText);
in
{
options = {
services.xmr-stak = {
enable = mkEnableOption "xmr-stak miner";
openclSupport = mkEnableOption "support for OpenCL (AMD/ATI graphics cards)";
cudaSupport = mkEnableOption "support for CUDA (NVidia graphics cards)";
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--noCPU" "--currency monero" ];
description = "List of parameters to pass to xmr-stak.";
};
configText = mkOption {
type = types.lines;
default = "";
example = ''
"currency" : "monero",
"pool_list" :
[ { "pool_address" : "pool.supportxmr.com:5555",
"wallet_address" : "<long-hash>",
"pool_password" : "minername",
"pool_weight" : 1,
},
],
'';
description = ''
Verbatim xmr-stak config.txt. If empty, the <literal>-c</literal>
parameter will not be added to the xmr-stak command.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.xmr-stak = {
wantedBy = [ "multi-user.target" ];
bindsTo = [ "network-online.target" ];
after = [ "network-online.target" ];
environment = mkIf cfg.cudaSupport {
LD_LIBRARY_PATH = "${pkgs.linuxPackages_latest.nvidia_x11}/lib";
};
script = ''
exec ${pkg}/bin/xmr-stak ${xmrConfArg} ${concatStringsSep " " cfg.extraArgs}
'';
serviceConfig = let rootRequired = cfg.openclSupport || cfg.cudaSupport; in {
# xmr-stak generates cpu and/or gpu configuration files
WorkingDirectory = "/tmp";
PrivateTmp = true;
DynamicUser = !rootRequired;
LimitMEMLOCK = toString (1024*1024);
};
};
};
}

@ -56,6 +56,7 @@ let
serviceConfig = {
ExecStart = "${samba}/sbin/${appName} ${args}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitNOFILE = 16384;
Type = "notify";
};

@ -50,11 +50,14 @@ let
"mod_geoip"
"mod_magnet"
"mod_mysql_vhost"
"mod_openssl" # since v1.4.46
"mod_scgi"
"mod_setenv"
"mod_trigger_b4_dl"
"mod_uploadprogress"
"mod_vhostdb" # since v1.4.46
"mod_webdav"
"mod_wstunnel" # since v1.4.46
];
maybeModuleString = moduleName:

@ -193,16 +193,6 @@ in
theme = mkDefault "breeze";
};
boot.plymouth = {
theme = mkDefault "breeze";
themePackages = mkDefault [
(pkgs.breeze-plymouth.override {
nixosBranding = true;
nixosVersion = config.system.nixosRelease;
})
];
};
security.pam.services.kde = { allowNullPassword = true; };
# Doing these one by one seems silly, but we currently lack a better

@ -8,9 +8,14 @@ let
cfg = config.boot.plymouth;
breezePlymouth = pkgs.breeze-plymouth.override {
nixosBranding = true;
nixosVersion = config.system.nixosRelease;
};
themesEnv = pkgs.buildEnv {
name = "plymouth-themes";
paths = [ plymouth ] ++ cfg.themePackages;
paths = [ plymouth breezePlymouth ] ++ cfg.themePackages;
};
configFile = pkgs.writeText "plymouthd.conf" ''
@ -38,7 +43,7 @@ in
};
theme = mkOption {
default = "fade-in";
default = "breeze";
type = types.str;
description = ''
Splash screen theme.

@ -223,21 +223,21 @@ let self = {
"17.03".us-west-2.hvm-ebs = "ami-a93daac9";
"17.03".us-west-2.hvm-s3 = "ami-5139ae31";
# 17.09.1483.d0f0657ca0
"17.09".eu-west-1.hvm-ebs = "ami-cf33e7b6";
"17.09".eu-west-2.hvm-ebs = "ami-7d061419";
"17.09".eu-central-1.hvm-ebs = "ami-7548fa1a";
"17.09".us-east-1.hvm-ebs = "ami-6f669d15";
"17.09".us-east-2.hvm-ebs = "ami-cbe1ccae";
"17.09".us-west-1.hvm-ebs = "ami-9d95a5fd";
"17.09".us-west-2.hvm-ebs = "ami-d3956fab";
"17.09".ca-central-1.hvm-ebs = "ami-ee4ef78a";
"17.09".ap-southeast-1.hvm-ebs = "ami-1dfc807e";
"17.09".ap-southeast-2.hvm-ebs = "ami-dcb350be";
"17.09".ap-northeast-1.hvm-ebs = "ami-00ec3d66";
"17.09".ap-northeast-2.hvm-ebs = "ami-1107dd7f";
"17.09".sa-east-1.hvm-ebs = "ami-0377086f";
"17.09".ap-south-1.hvm-ebs = "ami-4a064625";
# 17.09.2356.cb751f9b1c3
"17.09".eu-west-1.hvm-ebs = "ami-d40185ad";
"17.09".eu-west-2.hvm-ebs = "ami-c5445da1";
"17.09".eu-central-1.hvm-ebs = "ami-e758d388";
"17.09".us-east-1.hvm-ebs = "ami-865327fc";
"17.09".us-east-2.hvm-ebs = "ami-074d6562";
"17.09".us-west-1.hvm-ebs = "ami-992c28f9";
"17.09".us-west-2.hvm-ebs = "ami-2bd87953";
"17.09".ca-central-1.hvm-ebs = "ami-c4bb01a0";
"17.09".ap-southeast-1.hvm-ebs = "ami-5ff79723";
"17.09".ap-southeast-2.hvm-ebs = "ami-57e71135";
"17.09".ap-northeast-1.hvm-ebs = "ami-5249c434";
"17.09".ap-northeast-2.hvm-ebs = "ami-f1288e9f";
"17.09".sa-east-1.hvm-ebs = "ami-5492d438";
"17.09".ap-south-1.hvm-ebs = "ami-c4fab2ab";
latest = self."17.09";
}; in self

@ -1,174 +0,0 @@
# Module for Nova, a.k.a. OpenStack Compute.
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.nova;
nova = pkgs.nova;
novaConf = pkgs.writeText "nova.conf"
''
--nodaemon
--verbose
${cfg.extraConfig}
'';
in
{
###### interface
options = {
virtualisation.nova.enableSingleNode =
mkOption {
default = false;
description =
''
This option enables Nova, also known as OpenStack Compute,
a cloud computing system, as a single-machine
installation. That is, all of Nova's components are
enabled on this machine, using SQLite as Nova's database.
This is useful for evaluating and experimenting with Nova.
However, for a real cloud computing environment, you'll
want to enable some of Nova's services on other machines,
and use a database such as MySQL.
'';
};
virtualisation.nova.extraConfig =
mkOption {
default = "";
description =
''
Additional text appended to <filename>nova.conf</filename>,
the main Nova configuration file.
'';
};
};
###### implementation
config = mkIf cfg.enableSingleNode {
environment.systemPackages = [ nova pkgs.euca2ools pkgs.novaclient ];
environment.etc =
[ { source = novaConf;
target = "nova/nova.conf";
}
];
# Nova requires libvirtd and RabbitMQ.
virtualisation.libvirtd.enable = true;
services.rabbitmq.enable = true;
# `qemu-nbd' required the `nbd' kernel module.
boot.kernelModules = [ "nbd" ];
system.activationScripts.nova =
''
mkdir -m 755 -p /var/lib/nova
mkdir -m 755 -p /var/lib/nova/networks
mkdir -m 700 -p /var/lib/nova/instances
mkdir -m 700 -p /var/lib/nova/keys
# Allow the CA certificate generation script (called by
# nova-api) to work.
mkdir -m 700 -p /var/lib/nova/CA /var/lib/nova/CA/private
# Initialise the SQLite database.
${nova}/bin/nova-manage db sync
'';
# `nova-api' receives and executes external client requests from
# tools such as euca2ools. It listens on port 8773 (XML) and 8774
# (JSON).
jobs.nova_api =
{ name = "nova-api";
description = "Nova API service";
startOn = "ip-up";
# `openssl' is required to generate the CA. `openssh' is
# required to generate key pairs.
path = [ pkgs.openssl config.programs.ssh.package pkgs.bash ];
respawn = false;
exec = "${nova}/bin/nova-api --flagfile=${novaConf} --api_paste_config=${nova}/etc/nova/api-paste.ini";
};
# `nova-objectstore' is a simple image server. Useful if you're
# not running the OpenStack Imaging Service (Swift). It serves
# images placed in /var/lib/nova/images/.
jobs.nova_objectstore =
{ name = "nova-objectstore";
description = "Nova Simple Object Store Service";
startOn = "ip-up";
preStart =
''
mkdir -m 700 -p /var/lib/nova/images
'';
exec = "${nova}/bin/nova-objectstore --flagfile=${novaConf}";
};
# `nova-scheduler' schedules VM execution requests.
jobs.nova_scheduler =
{ name = "nova-scheduler";
description = "Nova Scheduler Service";
startOn = "ip-up";
exec = "${nova}/bin/nova-scheduler --flagfile=${novaConf}";
};
# `nova-compute' starts and manages virtual machines.
jobs.nova_compute =
{ name = "nova-compute";
description = "Nova Compute Service";
startOn = "ip-up";
path =
[ pkgs.sudo pkgs.vlan pkgs.nettools pkgs.iptables pkgs.qemu_kvm
pkgs.e2fsprogs pkgs.utillinux pkgs.multipath-tools pkgs.iproute
pkgs.bridge-utils
];
exec = "${nova}/bin/nova-compute --flagfile=${novaConf}";
};
# `nova-network' manages networks and allocates IP addresses.
jobs.nova_network =
{ name = "nova-network";
description = "Nova Network Service";
startOn = "ip-up";
path =
[ pkgs.sudo pkgs.vlan pkgs.dnsmasq pkgs.nettools pkgs.iptables
pkgs.iproute pkgs.bridge-utils pkgs.radvd
];
exec = "${nova}/bin/nova-network --flagfile=${novaConf}";
};
};
}

@ -1,84 +0,0 @@
{ lib }:
with lib;
rec {
# A shell script string helper to get the value of a secret at
# runtime.
getSecret = secretOption:
if secretOption.storage == "fromFile"
then ''$(cat ${secretOption.value})''
else ''${secretOption.value}'';
# A shell script string help to replace at runtime in a file the
# pattern of a secret by its value.
replaceSecret = secretOption: filename: ''
sed -i "s/${secretOption.pattern}/${getSecret secretOption}/g" ${filename}
'';
# This generates an option that can be used to declare secrets which
# can be stored in the nix store, or not. A pattern is written in
# the nix store to represent the secret. The pattern can
# then be overwritten with the value of the secret at runtime.
mkSecretOption = {name, description ? ""}:
mkOption {
description = description;
type = types.submodule ({
options = {
pattern = mkOption {
type = types.str;
default = "##${name}##";
description = "The pattern that represent the secret.";
};
storage = mkOption {
type = types.enum [ "fromNixStore" "fromFile" ];
description = ''
Choose the way the password is provisionned. If
fromNixStore is used, the value is the password and it is
written in the nix store. If fromFile is used, the value
is a path from where the password will be read at
runtime. This is generally used with <link
xlink:href="https://nixos.org/nixops/manual/#opt-deployment.keys">
deployment keys</link> of Nixops.
'';};
value = mkOption {
type = types.str;
description = ''
If the storage is fromNixStore, the value is the password itself,
otherwise it is a path to the file that contains the password.
'';
};
};});
};
databaseOption = name: {
host = mkOption {
type = types.str;
default = "localhost";
description = ''
Host of the database.
'';
};
name = mkOption {
type = types.str;
default = name;
description = ''
Name of the existing database.
'';
};
user = mkOption {
type = types.str;
default = name;
description = ''
The database user. The user must exist and has access to
the specified database.
'';
};
password = mkSecretOption {
name = name + "MysqlPassword";
description = "The database user's password";};
};
}

@ -1,245 +0,0 @@
{ config, lib, pkgs, ... }:
with lib; with import ./common.nix {inherit lib;};
let
cfg = config.virtualisation.openstack.glance;
commonConf = ''
[database]
connection = "mysql://${cfg.database.user}:${cfg.database.password.pattern}@${cfg.database.host}/${cfg.database.name}"
notification_driver = noop
[keystone_authtoken]
auth_url = ${cfg.authUrl}
auth_plugin = password
project_name = service
project_domain_id = default
user_domain_id = default
username = ${cfg.serviceUsername}
password = ${cfg.servicePassword.pattern}
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
'';
glanceApiConfTpl = pkgs.writeText "glance-api.conf" ''
${commonConf}
[paste_deploy]
flavor = keystone
config_file = ${cfg.package}/etc/glance-api-paste.ini
'';
glanceRegistryConfTpl = pkgs.writeText "glance-registry.conf" ''
${commonConf}
[paste_deploy]
config_file = ${cfg.package}/etc/glance-registry-paste.ini
'';
glanceApiConf = "/var/lib/glance/glance-api.conf";
glanceRegistryConf = "/var/lib/glance/glance-registry.conf";
in {
options.virtualisation.openstack.glance = {
package = mkOption {
type = types.package;
default = pkgs.glance;
defaultText = "pkgs.glance";
description = ''
Glance package to use.
'';
};
enable = mkOption {
default = false;
type = types.bool;
description = ''
This option enables Glance as a single-machine
installation. That is, all of Glance's components are
enabled on this machine. This is useful for evaluating and
experimenting with Glance. Note we are currently not
providing any configurations for a multi-node setup.
'';
};
authUrl = mkOption {
type = types.str;
default = http://localhost:5000;
description = ''
Complete public Identity (Keystone) API endpoint. Note this is
unversionned.
'';
};
serviceUsername = mkOption {
type = types.str;
default = "glance";
description = ''
The Glance service username. This user is created if bootstrap
is enable, otherwise it has to be manually created before
starting this service.
'';
};
servicePassword = mkSecretOption {
name = "glanceAdminPassword";
description = ''
The Glance service user's password.
'';
};
database = databaseOption "glance";
bootstrap = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Bootstrap the Glance service by creating the service tenant,
an admin account and a public endpoint. This option provides
a ready-to-use glance service. This is only done at the
first Glance execution by the systemd post start section.
The keystone admin account is used to create required
Keystone resource for the Glance service.
<note><para> This option is a helper for setting up
development or testing environments.</para></note>
'';
};
endpointPublic = mkOption {
type = types.str;
default = "http://localhost:9292";
description = ''
The public image endpoint. The link <link
xlink:href="http://docs.openstack.org/liberty/install-guide-rdo/keystone-services.html">
create endpoint</link> provides more informations
about that.
'';
};
keystoneAdminUsername = mkOption {
type = types.str;
default = "admin";
description = ''
The keystone admin user name used to create the Glance account.
'';
};
keystoneAdminPassword = mkSecretOption {
name = "keystoneAdminPassword";
description = ''
The keystone admin user's password.
'';
};
keystoneAdminTenant = mkOption {
type = types.str;
default = "admin";
description = ''
The keystone admin tenant used to create the Glance account.
'';
};
keystoneAuthUrl = mkOption {
type = types.str;
default = "http://localhost:5000/v2.0";
description = ''
The keystone auth url used to create the Glance account.
'';
};
};
};
config = mkIf cfg.enable {
users.extraUsers = [{
name = "glance";
group = "glance";
uid = config.ids.gids.glance;
}];
users.extraGroups = [{
name = "glance";
gid = config.ids.gids.glance;
}];
systemd.services.glance-registry = {
description = "OpenStack Glance Registry Daemon";
after = [ "network.target"];
path = [ pkgs.curl pkgs.pythonPackages.keystoneclient pkgs.gawk ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 775 -p /var/lib/glance/{images,scrubber,image_cache}
chown glance:glance /var/lib/glance/{images,scrubber,image_cache}
# Secret file managment
cp ${glanceRegistryConfTpl} ${glanceRegistryConf};
chown glance:glance ${glanceRegistryConf};
chmod 640 ${glanceRegistryConf}
${replaceSecret cfg.database.password glanceRegistryConf}
${replaceSecret cfg.servicePassword glanceRegistryConf}
cp ${glanceApiConfTpl} ${glanceApiConf};
chown glance:glance ${glanceApiConf};
chmod 640 ${glanceApiConf}
${replaceSecret cfg.database.password glanceApiConf}
${replaceSecret cfg.servicePassword glanceApiConf}
# Initialise the database
${cfg.package}/bin/glance-manage --config-file=${glanceApiConf} --config-file=${glanceRegistryConf} db_sync
'';
postStart = ''
set -eu
export OS_AUTH_URL=${cfg.bootstrap.keystoneAuthUrl}
export OS_USERNAME=${cfg.bootstrap.keystoneAdminUsername}
export OS_PASSWORD=${getSecret cfg.bootstrap.keystoneAdminPassword}
export OS_TENANT_NAME=${cfg.bootstrap.keystoneAdminTenant}
# Wait until the keystone is available for use
count=0
while ! keystone user-get ${cfg.bootstrap.keystoneAdminUsername} > /dev/null
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "Keystone not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
# If the service glance doesn't exist, we consider glance is
# not initialized
if ! keystone service-get glance
then
keystone service-create --type image --name glance
ID=$(keystone service-get glance | awk '/ id / { print $4 }')
keystone endpoint-create --region RegionOne --service $ID --internalurl http://localhost:9292 --adminurl http://localhost:9292 --publicurl ${cfg.bootstrap.endpointPublic}
keystone user-create --name ${cfg.serviceUsername} --tenant service --pass ${getSecret cfg.servicePassword}
keystone user-role-add --tenant service --user ${cfg.serviceUsername} --role admin
fi
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
TimeoutStartSec = "600"; # 10min for initial db migrations
User = "glance";
Group = "glance";
ExecStart = "${cfg.package}/bin/glance-registry --config-file=${glanceRegistryConf}";
};
};
systemd.services.glance-api = {
description = "OpenStack Glance API Daemon";
after = [ "glance-registry.service" "network.target"];
requires = [ "glance-registry.service" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
User = "glance";
Group = "glance";
ExecStart = "${cfg.package}/bin/glance-api --config-file=${glanceApiConf}";
};
};
};
}

@ -1,220 +0,0 @@
{ config, lib, pkgs, ... }:
with lib; with import ./common.nix {inherit lib;};
let
cfg = config.virtualisation.openstack.keystone;
keystoneConfTpl = pkgs.writeText "keystone.conf" ''
[DEFAULT]
admin_token = ${cfg.adminToken.pattern}
policy_file=${cfg.package}/etc/policy.json
[database]
connection = "mysql://${cfg.database.user}:${cfg.database.password.pattern}@${cfg.database.host}/${cfg.database.name}"
[paste_deploy]
config_file = ${cfg.package}/etc/keystone-paste.ini
${cfg.extraConfig}
'';
keystoneConf = "/var/lib/keystone/keystone.conf";
in {
options.virtualisation.openstack.keystone = {
package = mkOption {
type = types.package;
example = literalExample "pkgs.keystone";
description = ''
Keystone package to use.
'';
};
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enable Keystone, the OpenStack Identity Service
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
description = ''
Additional text appended to <filename>keystone.conf</filename>,
the main Keystone configuration file.
'';
};
adminToken = mkSecretOption {
name = "adminToken";
description = ''
This is the admin token used to boostrap keystone,
ie. to provision first resources.
'';
};
bootstrap = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Bootstrap the Keystone service by creating the service
tenant, an admin account and a public endpoint. This options
provides a ready-to-use admin account. This is only done at
the first Keystone execution by the systemd post start.
Note this option is a helper for setting up development or
testing environments.
'';
};
endpointPublic = mkOption {
type = types.str;
default = "http://localhost:5000/v2.0";
description = ''
The public identity endpoint. The link <link
xlink:href="http://docs.openstack.org/liberty/install-guide-rdo/keystone-services.html">
create keystone endpoint</link> provides more informations
about that.
'';
};
adminUsername = mkOption {
type = types.str;
default = "admin";
description = ''
A keystone admin username.
'';
};
adminPassword = mkSecretOption {
name = "keystoneAdminPassword";
description = ''
The keystone admin user's password.
'';
};
adminTenant = mkOption {
type = types.str;
default = "admin";
description = ''
A keystone admin tenant name.
'';
};
};
database = {
host = mkOption {
type = types.str;
default = "localhost";
description = ''
Host of the database.
'';
};
name = mkOption {
type = types.str;
default = "keystone";
description = ''
Name of the existing database.
'';
};
user = mkOption {
type = types.str;
default = "keystone";
description = ''
The database user. The user must exist and has access to
the specified database.
'';
};
password = mkSecretOption {
name = "mysqlPassword";
description = "The database user's password";};
};
};
config = mkIf cfg.enable {
# Note: when changing the default, make it conditional on
# ‘system.stateVersion’ to maintain compatibility with existing
# systems!
virtualisation.openstack.keystone.package = mkDefault pkgs.keystone;
users.extraUsers = [{
name = "keystone";
group = "keystone";
uid = config.ids.uids.keystone;
}];
users.extraGroups = [{
name = "keystone";
gid = config.ids.gids.keystone;
}];
systemd.services.keystone-all = {
description = "OpenStack Keystone Daemon";
after = [ "network.target"];
path = [ cfg.package pkgs.mysql pkgs.curl pkgs.pythonPackages.keystoneclient pkgs.gawk ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 755 -p /var/lib/keystone
cp ${keystoneConfTpl} ${keystoneConf};
chown keystone:keystone ${keystoneConf};
chmod 640 ${keystoneConf}
${replaceSecret cfg.database.password keystoneConf}
${replaceSecret cfg.adminToken keystoneConf}
# Initialise the database
${cfg.package}/bin/keystone-manage --config-file=${keystoneConf} db_sync
# Set up the keystone's PKI infrastructure
${cfg.package}/bin/keystone-manage --config-file=${keystoneConf} pki_setup --keystone-user keystone --keystone-group keystone
'';
postStart = optionalString cfg.bootstrap.enable ''
set -eu
# Wait until the keystone is available for use
count=0
while ! curl --fail -s http://localhost:35357/v2.0 > /dev/null
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "Keystone not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
# We use the service token to create a first admin user
export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0
export OS_SERVICE_TOKEN=${getSecret cfg.adminToken}
# If the tenant service doesn't exist, we consider
# keystone is not initialized
if ! keystone tenant-get service
then
keystone tenant-create --name service
keystone tenant-create --name ${cfg.bootstrap.adminTenant}
keystone user-create --name ${cfg.bootstrap.adminUsername} --tenant ${cfg.bootstrap.adminTenant} --pass ${getSecret cfg.bootstrap.adminPassword}
keystone role-create --name admin
keystone role-create --name Member
keystone user-role-add --tenant ${cfg.bootstrap.adminTenant} --user ${cfg.bootstrap.adminUsername} --role admin
keystone service-create --type identity --name keystone
ID=$(keystone service-get keystone | awk '/ id / { print $4 }')
keystone endpoint-create --region RegionOne --service $ID --publicurl ${cfg.bootstrap.endpointPublic} --adminurl http://localhost:35357/v2.0 --internalurl http://localhost:5000/v2.0
fi
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
TimeoutStartSec = "600"; # 10min for initial db migrations
User = "keystone";
Group = "keystone";
ExecStart = "${cfg.package}/bin/keystone-all --config-file=${keystoneConf}";
};
};
};
}

@ -267,7 +267,6 @@ in rec {
tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });
#tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {};
tests.glance = callTest tests/glance.nix {};
tests.gocd-agent = callTest tests/gocd-agent.nix {};
tests.gocd-server = callTest tests/gocd-server.nix {};
tests.gnome3 = callTest tests/gnome3.nix {};
@ -293,7 +292,6 @@ in rec {
tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};
tests.kernel-latest = callTest tests/kernel-latest.nix {};
tests.kernel-lts = callTest tests/kernel-lts.nix {};
tests.keystone = callTest tests/keystone.nix {};
tests.kubernetes = hydraJob (import tests/kubernetes/default.nix { system = "x86_64-linux"; });
tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; };
tests.ldap = callTest tests/ldap.nix {};

@ -1,77 +0,0 @@
{ system ? builtins.currentSystem }:
with import ../lib/testing.nix { inherit system; };
with pkgs.lib;
let
glanceMysqlPassword = "glanceMysqlPassword";
glanceAdminPassword = "glanceAdminPassword";
createDb = pkgs.writeText "db-provisionning.sql" ''
create database keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
create database glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '${glanceMysqlPassword}';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '${glanceMysqlPassword}';
'';
image =
(import ../lib/eval-config.nix {
inherit system;
modules = [ ../../nixos/modules/virtualisation/nova-image.nix ];
}).config.system.build.novaImage;
# The admin keystone account
adminOpenstackCmd = "OS_TENANT_NAME=admin OS_USERNAME=admin OS_PASSWORD=keystone OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";
in makeTest {
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lewo ];
};
machine =
{ config, pkgs, ... }:
{
services.mysql.enable = true;
services.mysql.package = pkgs.mysql;
services.mysql.initialScript = createDb;
virtualisation = {
openstack.keystone = {
enable = true;
database.password = { value = "keystone"; storage = "fromNixStore"; };
adminToken = { value = "adminToken"; storage = "fromNixStore"; };
bootstrap.enable = true;
bootstrap.adminPassword = { value = "keystone"; storage = "fromNixStore"; };
};
openstack.glance = {
enable = true;
database.password = { value = glanceMysqlPassword; storage = "fromNixStore"; };
servicePassword = { value = glanceAdminPassword; storage = "fromNixStore"; };
bootstrap = {
enable = true;
keystoneAdminPassword = { value = "keystone"; storage = "fromNixStore"; };
};
};
memorySize = 2096;
diskSize = 4 * 1024;
};
environment.systemPackages = with pkgs.pythonPackages; with pkgs; [
openstackclient
];
};
testScript =
''
$machine->waitForUnit("glance-api.service");
# Since Glance api can take time to start, we retry until success
$machine->waitUntilSucceeds("${adminOpenstackCmd} image create nixos --file ${image}/nixos.img --disk-format qcow2 --container-format bare --public");
$machine->succeed("${adminOpenstackCmd} image list") =~ /nixos/ or die;
'';
}

@ -36,6 +36,9 @@ import ./make-test.nix ({ pkgs, ...} : {
startAll;
$master->waitForUnit("jenkins");
$master->mustSucceed("curl http://localhost:8080 | grep 'Authentication required'");
print $master->execute("sudo -u jenkins groups");
$master->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users");
@ -44,4 +47,4 @@ import ./make-test.nix ({ pkgs, ...} : {
$slave->mustFail("systemctl is-enabled jenkins.service");
'';
})
})

@ -1,82 +0,0 @@
{ system ? builtins.currentSystem }:
with import ../lib/testing.nix { inherit system; };
with pkgs.lib;
let
keystoneMysqlPassword = "keystoneMysqlPassword";
keystoneMysqlPasswordFile = "/var/run/keystoneMysqlPassword";
keystoneAdminPassword = "keystoneAdminPassword";
createKeystoneDb = pkgs.writeText "create-keys