nixpkgs/nixos/release.nix
Rodney Lorrimar 56eba66f77 mysqlBackup service: let it work with default settings
* Grants enough privileges to the configured user so that it can run
  mysqldump.

* Adds a nixos test.

* Use systemd timers instead of a cronjob (by @fadenb).

* Creates a new user for backups by default, instead of using mysql
  user.

* Ensures that backup user has write permissions on backup location.

* Write backup to a temporary file before renaming so that a failed
  backup won't overwrite the previous backup, and so that the backup
  location will never contain a partial backup.

Breaking changes:

 * Renamed period to calendar to reflect the change in how to
   configure the backup time.

 * A failed backup will no longer result in cron sending an e-mail --
   users' monitoring systems must be updated.

Resolves #24728
2017-09-27 18:44:49 +02:00

367 lines
14 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ nixpkgs ? { outPath = ./..; revCount = 56789; shortRev = "gfedcba"; }
, stableBranch ? false
, supportedSystems ? [ "x86_64-linux" ]
}:
with import ../lib;
let
version = fileContents ../.version;
versionSuffix =
(if stableBranch then "." else "pre") + "${toString nixpkgs.revCount}.${nixpkgs.shortRev}";
forAllSystems = genAttrs supportedSystems;
importTest = fn: args: system: import fn ({
inherit system;
} // args);
callTest = fn: args: forAllSystems (system: hydraJob (importTest fn args system));
callSubTests = fn: args: let
discover = attrs: let
subTests = filterAttrs (const (hasAttr "test")) attrs;
in mapAttrs (const (t: hydraJob t.test)) subTests;
discoverForSystem = system: mapAttrs (_: test: {
${system} = test;
}) (discover (importTest fn args system));
# If the test is only for a particular system, use only the specified
# system instead of generating attributes for all available systems.
in if args ? system then discover (import fn args)
else foldAttrs mergeAttrs {} (map discoverForSystem supportedSystems);
pkgs = import nixpkgs { system = "x86_64-linux"; };
versionModule =
{ system.nixosVersionSuffix = versionSuffix;
system.nixosRevision = nixpkgs.rev or nixpkgs.shortRev;
};
makeIso =
{ module, type, maintainers ? ["eelco"], system }:
with import nixpkgs { inherit system; };
hydraJob ((import lib/eval-config.nix {
inherit system;
modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
}).config.system.build.isoImage);
makeSystemTarball =
{ module, maintainers ? ["viric"], system }:
with import nixpkgs { inherit system; };
let
config = (import lib/eval-config.nix {
inherit system;
modules = [ module versionModule ];
}).config;
tarball = config.system.build.tarball;
in
tarball //
{ meta = {
description = "NixOS system tarball for ${system} - ${stdenv.platform.name}";
maintainers = map (x: lib.maintainers.${x}) maintainers;
};
inherit config;
};
makeClosure = module: buildFromConfig module (config: config.system.build.toplevel);
buildFromConfig = module: sel: forAllSystems (system: hydraJob (sel (import ./lib/eval-config.nix {
inherit system;
modules = [ module versionModule ] ++ singleton
({ config, lib, ... }:
{ fileSystems."/".device = mkDefault "/dev/sda1";
boot.loader.grub.device = mkDefault "/dev/sda";
});
}).config));
in rec {
channel = import lib/make-channel.nix { inherit pkgs nixpkgs version versionSuffix; };
manual = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manual);
manualEpub = (buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manualEpub));
manpages = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manpages);
options = (buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.optionsJSON)).x86_64-linux;
# Build the initial ramdisk so Hydra can keep track of its size over time.
initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk);
netboot.x86_64-linux = let build = (import lib/eval-config.nix {
system = "x86_64-linux";
modules = [
./modules/installer/netboot/netboot-minimal.nix
versionModule
];
}).config.system.build;
in
pkgs.symlinkJoin {
name="netboot";
paths=[
build.netbootRamdisk
build.kernel
build.netbootIpxeScript
];
postBuild = ''
mkdir -p $out/nix-support
echo "file bzImage $out/bzImage" >> $out/nix-support/hydra-build-products
echo "file initrd $out/initrd" >> $out/nix-support/hydra-build-products
echo "file ipxe $out/netboot.ipxe" >> $out/nix-support/hydra-build-products
'';
};
iso_minimal = forAllSystems (system: makeIso {
module = ./modules/installer/cd-dvd/installation-cd-minimal.nix;
type = "minimal";
inherit system;
});
iso_graphical = genAttrs [ "x86_64-linux" ] (system: makeIso {
module = ./modules/installer/cd-dvd/installation-cd-graphical-kde.nix;
type = "graphical";
inherit system;
});
# A variant with a more recent (but possibly less stable) kernel
# that might support more hardware.
iso_minimal_new_kernel = genAttrs [ "x86_64-linux" ] (system: makeIso {
module = ./modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix;
type = "minimal-new-kernel";
inherit system;
});
# A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF).
ova = genAttrs [ "x86_64-linux" ] (system:
with import nixpkgs { inherit system; };
hydraJob ((import lib/eval-config.nix {
inherit system;
modules =
[ versionModule
./modules/installer/virtualbox-demo.nix
];
}).config.system.build.virtualBoxOVA)
);
# Ensure that all packages used by the minimal NixOS config end up in the channel.
dummy = forAllSystems (system: pkgs.runCommand "dummy"
{ toplevel = (import lib/eval-config.nix {
inherit system;
modules = singleton ({ config, pkgs, ... }:
{ fileSystems."/".device = mkDefault "/dev/sda1";
boot.loader.grub.device = mkDefault "/dev/sda";
});
}).config.system.build.toplevel;
preferLocalBuild = true;
}
"mkdir $out; ln -s $toplevel $out/dummy");
# Provide a tarball that can be unpacked into an SD card, and easily
# boot that system from uboot (like for the sheevaplug).
# The pc variant helps preparing the expression for the system tarball
# in a machine faster than the sheevpalug
/*
system_tarball_pc = forAllSystems (system: makeSystemTarball {
module = ./modules/installer/cd-dvd/system-tarball-pc.nix;
inherit system;
});
*/
# Provide container tarball for lxc, libvirt-lxc, docker-lxc, ...
containerTarball = forAllSystems (system: makeSystemTarball {
module = ./modules/virtualisation/lxc-container.nix;
inherit system;
});
/*
system_tarball_fuloong2f =
assert builtins.currentSystem == "mips64-linux";
makeSystemTarball {
module = ./modules/installer/cd-dvd/system-tarball-fuloong2f.nix;
system = "mips64-linux";
};
system_tarball_sheevaplug =
assert builtins.currentSystem == "armv5tel-linux";
makeSystemTarball {
module = ./modules/installer/cd-dvd/system-tarball-sheevaplug.nix;
system = "armv5tel-linux";
};
*/
# Run the tests for each platform. You can run a test by doing
# e.g. nix-build -A tests.login.x86_64-linux, or equivalently,
# nix-build tests/login.nix -A result.
tests.acme = callTest tests/acme.nix {};
tests.avahi = callTest tests/avahi.nix {};
tests.bittorrent = callTest tests/bittorrent.nix {};
tests.blivet = callTest tests/blivet.nix {};
tests.boot = callSubTests tests/boot.nix {};
tests.boot-stage1 = callTest tests/boot-stage1.nix {};
tests.cadvisor = hydraJob (import tests/cadvisor.nix { system = "x86_64-linux"; });
tests.chromium = (callSubTests tests/chromium.nix { system = "x86_64-linux"; }).stable;
tests.cjdns = callTest tests/cjdns.nix {};
tests.cloud-init = callTest tests/cloud-init.nix {};
tests.containers-ipv4 = callTest tests/containers-ipv4.nix {};
tests.containers-ipv6 = callTest tests/containers-ipv6.nix {};
tests.containers-bridge = callTest tests/containers-bridge.nix {};
tests.containers-imperative = callTest tests/containers-imperative.nix {};
tests.containers-extra_veth = callTest tests/containers-extra_veth.nix {};
tests.containers-physical_interfaces = callTest tests/containers-physical_interfaces.nix {};
tests.containers-restart_networking = callTest tests/containers-restart_networking.nix {};
tests.containers-tmpfs = callTest tests/containers-tmpfs.nix {};
tests.containers-hosts = callTest tests/containers-hosts.nix {};
tests.containers-macvlans = callTest tests/containers-macvlans.nix {};
tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; });
tests.docker-edge = hydraJob (import tests/docker-edge.nix { system = "x86_64-linux"; });
tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; };
tests.ecryptfs = callTest tests/ecryptfs.nix {};
tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; });
tests.ec2-nixops = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-nixops;
tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config;
tests.elk = hydraJob (import tests/elk.nix { system = "x86_64-linux"; });
tests.env = callTest tests/env.nix {};
tests.ferm = callTest tests/ferm.nix {};
tests.firefox = callTest tests/firefox.nix {};
tests.firewall = callTest tests/firewall.nix {};
tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });
#tests.gitlab = callTest tests/gitlab.nix {};
tests.glance = callTest tests/glance.nix {};
tests.gocd-agent = callTest tests/gocd-agent.nix {};
tests.gocd-server = callTest tests/gocd-server.nix {};
tests.gnome3 = callTest tests/gnome3.nix {};
tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {};
tests.grafama = callTest tests/grafana.nix {};
tests.hardened = callTest tests/hardened.nix { };
tests.hibernate = callTest tests/hibernate.nix {};
tests.hound = callTest tests/hound.nix {};
tests.i3wm = callTest tests/i3wm.nix {};
tests.initrd-network-ssh = callTest tests/initrd-network-ssh.nix {};
tests.installer = callSubTests tests/installer.nix {};
tests.influxdb = callTest tests/influxdb.nix {};
tests.ipv6 = callTest tests/ipv6.nix {};
tests.jenkins = callTest tests/jenkins.nix {};
tests.plasma5 = callTest tests/plasma5.nix {};
tests.keymap = callSubTests tests/keymap.nix {};
tests.initrdNetwork = callTest tests/initrd-network.nix {};
tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};
tests.kernel-latest = callTest tests/kernel-latest.nix {};
tests.kernel-lts = callTest tests/kernel-lts.nix {};
tests.keystone = callTest tests/keystone.nix {};
tests.kubernetes = hydraJob (import tests/kubernetes/default.nix { system = "x86_64-linux"; });
tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; };
tests.ldap = callTest tests/ldap.nix {};
#tests.lightdm = callTest tests/lightdm.nix {};
tests.login = callTest tests/login.nix {};
#tests.logstash = callTest tests/logstash.nix {};
tests.mathics = callTest tests/mathics.nix {};
tests.misc = callTest tests/misc.nix {};
tests.mongodb = callTest tests/mongodb.nix {};
tests.mumble = callTest tests/mumble.nix {};
tests.munin = callTest tests/munin.nix {};
tests.mysql = callTest tests/mysql.nix {};
tests.mysqlBackup = callTest tests/mysql-backup.nix {};
tests.mysqlReplication = callTest tests/mysql-replication.nix {};
tests.nat.firewall = callTest tests/nat.nix { withFirewall = true; };
tests.nat.firewall-conntrack = callTest tests/nat.nix { withFirewall = true; withConntrackHelpers = true; };
tests.nat.standalone = callTest tests/nat.nix { withFirewall = false; };
tests.networking.networkd = callSubTests tests/networking.nix { networkd = true; };
tests.networking.scripted = callSubTests tests/networking.nix { networkd = false; };
# TODO: put in networking.nix after the test becomes more complete
tests.networkingProxy = callTest tests/networking-proxy.nix {};
tests.nfs3 = callTest tests/nfs.nix { version = 3; };
tests.nfs4 = callTest tests/nfs.nix { version = 4; };
tests.nginx = callTest tests/nginx.nix { };
tests.leaps = callTest tests/leaps.nix { };
tests.nsd = callTest tests/nsd.nix {};
tests.openssh = callTest tests/openssh.nix {};
tests.pam-oath-login = callTest tests/pam-oath-login.nix {};
#tests.panamax = hydraJob (import tests/panamax.nix { system = "x86_64-linux"; });
tests.peerflix = callTest tests/peerflix.nix {};
tests.postgresql = callSubTests tests/postgresql.nix {};
tests.pgjwt = callTest tests/pgjwt.nix {};
tests.printing = callTest tests/printing.nix {};
tests.proxy = callTest tests/proxy.nix {};
tests.pumpio = callTest tests/pump.io.nix {};
# tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.radicale = callTest tests/radicale.nix {};
tests.runInMachine = callTest tests/run-in-machine.nix {};
tests.samba = callTest tests/samba.nix {};
tests.sddm = callSubTests tests/sddm.nix {};
tests.simple = callTest tests/simple.nix {};
tests.slim = callTest tests/slim.nix {};
tests.smokeping = callTest tests/smokeping.nix {};
tests.snapper = callTest tests/snapper.nix {};
tests.taskserver = callTest tests/taskserver.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks2 = callTest tests/udisks2.nix {};
tests.virtualbox = callSubTests tests/virtualbox.nix { system = "x86_64-linux"; };
tests.wordpress = callTest tests/wordpress.nix {};
tests.xfce = callTest tests/xfce.nix {};
tests.xmonad = callTest tests/xmonad.nix {};
/* Build a bunch of typical closures so that Hydra can keep track of
the evolution of closure sizes. */
closures = {
smallContainer = makeClosure ({ pkgs, ... }:
{ boot.isContainer = true;
services.openssh.enable = true;
});
tinyContainer = makeClosure ({ pkgs, ... }:
{ boot.isContainer = true;
imports = [ modules/profiles/minimal.nix ];
});
ec2 = makeClosure ({ pkgs, ... }:
{ imports = [ modules/virtualisation/amazon-image.nix ];
});
kde = makeClosure ({ pkgs, ... }:
{ services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
});
xfce = makeClosure ({ pkgs, ... }:
{ services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
});
# Linux/Apache/PostgreSQL/PHP stack.
lapp = makeClosure ({ pkgs, ... }:
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql93;
environment.systemPackages = [ pkgs.php ];
});
};
}