From 2ba6277778c2402922e98f785f05681fe4a993f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jalil=20David=20Salam=C3=A9=20Messina?= Date: Sun, 29 Dec 2024 17:41:25 +0100 Subject: [PATCH 1/2] feat(renovate): enable lockFileMaintenance This allows it to update the flake.lock and Cargo.lock files. --- flake-modules/tests.nix | 100 +++++++++++++++++++++------------------- flake.lock | 11 +++-- flake.nix | 2 +- 3 files changed, 60 insertions(+), 53 deletions(-) diff --git a/flake-modules/tests.nix b/flake-modules/tests.nix index 7ec61ab..c214710 100644 --- a/flake-modules/tests.nix +++ b/flake-modules/tests.nix @@ -6,7 +6,6 @@ checks = let testDomain = "webnstest.example"; - dynamicZonesDir = "/var/lib/named/zones"; zoneFile = pkgs.writeText "${testDomain}.zoneinfo" '' $ORIGIN . $TTL 60 ; 1 minute @@ -27,59 +26,65 @@ nsupdate IN AAAA ::1 ''; - webnsupdate-machine = { - imports = [ self.nixosModules.webnsupdate ]; + webnsupdate-machine = + { config, ... }: + let + bindCfg = config.services.bind; + bindData = bindCfg.directory; + dynamicZonesDir = "${bindData}/zones"; + in + { + imports = [ self.nixosModules.webnsupdate ]; - config = { - environment.systemPackages = [ - pkgs.dig - pkgs.curl - ]; + config = { + environment.systemPackages = [ + pkgs.dig + pkgs.curl + ]; - services = { - webnsupdate = { - enable = true; - bindIp = "127.0.0.1"; - keyFile = "/etc/bind/rndc.key"; - # test:test (user:password) - passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; - package = self'.packages.webnsupdate; - extraArgs = [ - "-vvv" # debug messages - "--ip-source=ConnectInfo" - ]; - records = '' - test1.${testDomain}. - test2.${testDomain}. - test3.${testDomain}. - ''; - }; - - bind = { - enable = true; - zones.${testDomain} = { - master = true; - file = "${dynamicZonesDir}/${testDomain}"; - extraConfig = '' - allow-update { key rndc-key; }; + services = { + webnsupdate = { + enable = true; + bindIp = "127.0.0.1"; + keyFile = "/etc/bind/rndc.key"; + # test:test (user:password) + passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; + package = self'.packages.webnsupdate; + extraArgs = [ + "-vvv" # debug messages + "--ip-source=ConnectInfo" + ]; + records = '' + test1.${testDomain}. + test2.${testDomain}. + test3.${testDomain}. ''; }; + + bind = { + enable = true; + zones.${testDomain} = { + master = true; + file = "${dynamicZonesDir}/${testDomain}"; + extraConfig = '' + allow-update { key rndc-key; }; + ''; + }; + }; }; + + systemd.services.bind.preStart = '' + # shellcheck disable=SC2211,SC1127 + rm -f ${dynamicZonesDir}/* # reset dynamic zones + + mkdir -m 0755 -p ${dynamicZonesDir} + chown named ${dynamicZonesDir} + + # copy dynamic zone's file to the dynamic zones dir + cp ${zoneFile} ${dynamicZonesDir}/${testDomain} + ''; }; - - systemd.services.bind.preStart = '' - # shellcheck disable=SC2211,SC1127 - rm -f ${dynamicZonesDir}/* # reset dynamic zones - - ${pkgs.coreutils}/bin/mkdir -m 0755 -p ${dynamicZonesDir} - chown "named" ${dynamicZonesDir} - chown "named" /var/lib/named - - # copy dynamic zone's file to the dynamic zones dir - cp ${zoneFile} ${dynamicZonesDir}/${testDomain} - ''; }; - }; in { module-test = pkgs.testers.runNixOSTest { @@ -87,6 +92,7 @@ nodes.machine = webnsupdate-machine; testScript = '' machine.start(allow_reboot=True) + machine.wait_for_unit("bind.service") machine.wait_for_unit("webnsupdate.service") # ensure base DNS records area available diff --git a/flake.lock b/flake.lock index b4bb41d..5d0749c 100644 --- a/flake.lock +++ b/flake.lock @@ -37,17 +37,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1735291276, + "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixos-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "root": { diff --git a/flake.nix b/flake.nix index 3e7f04f..f93aaca 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; - nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; systems.url = "github:nix-systems/default"; treefmt-nix = { url = "github:numtide/treefmt-nix"; -- 2.47.0 From 6a1feb26127e0a18d9ab399f91fdd88e797286b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jalil=20David=20Salam=C3=A9=20Messina?= Date: Sun, 29 Dec 2024 17:41:25 +0100 Subject: [PATCH 2/2] fix(flake): switch to github ref Switch from a flake ref to a github ref as renovate cannot resolve flake refs, and they are slightly impure. This shows some issues with the previous patch to the bind module which we fix. --- .renovaterc.json | 12 ++++- flake-modules/tests.nix | 102 +++++++++++++++++++++------------------- 2 files changed, 64 insertions(+), 50 deletions(-) diff --git a/.renovaterc.json b/.renovaterc.json index bdcce88..556cabc 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -24,10 +24,20 @@ "fileMatch": [ "(^|/)flake\\.nix$" ], - "commitMessageTopic": "flake inputs", + "commitMessageTopic": "nixpkgs", "commitMessageExtra": "to {{newValue}}", "enabled": true }, + "lockFileMaintenance": { + "enabled": true, + "recreateWhen": "always", + "rebaseStalePrs": true, + "branchTopic": "lock-file-maintenance", + "commitMessageAction": "Lock file maintenance", + "schedule": [ + "* 0-1 * * *" + ] + }, "automergeSchedule": [ "* 0-1 * * *" ] diff --git a/flake-modules/tests.nix b/flake-modules/tests.nix index c214710..4cdac8b 100644 --- a/flake-modules/tests.nix +++ b/flake-modules/tests.nix @@ -6,6 +6,7 @@ checks = let testDomain = "webnstest.example"; + zoneFile = pkgs.writeText "${testDomain}.zoneinfo" '' $ORIGIN . $TTL 60 ; 1 minute @@ -26,7 +27,7 @@ nsupdate IN AAAA ::1 ''; - webnsupdate-machine = + bindDynamicZone = { config, ... }: let bindCfg = config.services.bind; @@ -34,57 +35,60 @@ dynamicZonesDir = "${bindData}/zones"; in { - imports = [ self.nixosModules.webnsupdate ]; - - config = { - environment.systemPackages = [ - pkgs.dig - pkgs.curl - ]; - - services = { - webnsupdate = { - enable = true; - bindIp = "127.0.0.1"; - keyFile = "/etc/bind/rndc.key"; - # test:test (user:password) - passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; - package = self'.packages.webnsupdate; - extraArgs = [ - "-vvv" # debug messages - "--ip-source=ConnectInfo" - ]; - records = '' - test1.${testDomain}. - test2.${testDomain}. - test3.${testDomain}. - ''; - }; - - bind = { - enable = true; - zones.${testDomain} = { - master = true; - file = "${dynamicZonesDir}/${testDomain}"; - extraConfig = '' - allow-update { key rndc-key; }; - ''; - }; - }; - }; - - systemd.services.bind.preStart = '' - # shellcheck disable=SC2211,SC1127 - rm -f ${dynamicZonesDir}/* # reset dynamic zones - - mkdir -m 0755 -p ${dynamicZonesDir} - chown named ${dynamicZonesDir} - - # copy dynamic zone's file to the dynamic zones dir - cp ${zoneFile} ${dynamicZonesDir}/${testDomain} + services.bind.zones.${testDomain} = { + master = true; + file = "${dynamicZonesDir}/${testDomain}"; + extraConfig = '' + allow-update { key rndc-key; }; ''; }; + + systemd.services.bind.preStart = '' + # shellcheck disable=SC2211,SC1127 + rm -f ${dynamicZonesDir}/* # reset dynamic zones + + # create a dynamic zones dir + mkdir -m 0755 -p ${dynamicZonesDir} + # copy dynamic zone's file to the dynamic zones dir + cp ${zoneFile} ${dynamicZonesDir}/${testDomain} + ''; }; + + webnsupdate-machine = { + imports = [ + bindDynamicZone + self.nixosModules.webnsupdate + ]; + + config = { + environment.systemPackages = [ + pkgs.dig + pkgs.curl + ]; + + services = { + bind.enable = true; + + webnsupdate = { + enable = true; + bindIp = "127.0.0.1"; + keyFile = "/etc/bind/rndc.key"; + # test:test (user:password) + passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; + package = self'.packages.webnsupdate; + extraArgs = [ + "-vvv" # debug messages + "--ip-source=ConnectInfo" + ]; + records = '' + test1.${testDomain}. + test2.${testDomain}. + test3.${testDomain}. + ''; + }; + }; + }; + }; in { module-test = pkgs.testers.runNixOSTest { -- 2.47.0