nixos/encrypted-dns-server: init #411530
nixos/encrypted-dns-server: init #411530
Conversation
5261b37 to
278d2c9
Compare
e1e2828 to
a6b172b
Compare
0c8da07 to
b55d550
Compare
The package has a versionCheckHook to ensure the binary build process, the service integration does at least has port bind verification now. Can you help me out to understand your request? What is missing? A real-world end-to-end application layer/data test? |
|
The goal is indeed to enable integration tests from the package itself. In |
b55d550 to
ae2a5ea
Compare
... two commits within the same PR or a separate one? |
|
Two commits in the same PR. |
ae2a5ea to
3f3fd84
Compare
|
As per the documentation, the commit message should be:
Same goes for the PR title. |
3f3fd84 to
bcc435e
Compare
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-already-reviewed/2617/2410 |
| DynamicUser = true; | ||
| ExecStart = "${pkgs.encrypted-dns-server}/bin/encrypted-dns --config ${cfg.configFile}"; | ||
| LockPersonality = true; | ||
| LogsDirectory = "encrypted-dns-server"; |
There was a problem hiding this comment.
Does it write to /var/log? If not...
| LogsDirectory = "encrypted-dns-server"; |
There was a problem hiding this comment.
currently not (discussion still pending upstream), so drop it for now and re-add it later if required
| wantedBy = [ "multi-user.target" ]; | ||
| serviceConfig = { | ||
| AmbientCapabilities = "CAP_NET_BIND_SERVICE"; | ||
| CacheDirectory = "encrypted-dns-server"; |
There was a problem hiding this comment.
The same as with logs
| CacheDirectory = "encrypted-dns-server"; |
| services.encrypted-dns-server = { | ||
| enable = true; | ||
| settings = { | ||
| state_file = "/var/lib/encrypted-dns-server/encrypted-dns.state"; |
There was a problem hiding this comment.
Should work without this option with correct WorkingDirectory
| state_file = "/var/lib/encrypted-dns-server/encrypted-dns.state"; |
b0f32c6 to
3a426da
Compare
868f196 to
96079fd
Compare
| @@ -424,6 +424,7 @@ in | |||
| ejabberd = runTest ./xmpp/ejabberd.nix; | |||
| elk = handleTestOn [ "x86_64-linux" ] ./elk.nix { }; | |||
| emacs-daemon = runTest ./emacs-daemon.nix; | |||
| encrypted-dns-server = runTest ./encrypted-dns-server.nix; | |||
There was a problem hiding this comment.
The test doesn't evaluate
error: Module `nixos/tests/encrypted-dns-server.nix' has an unsupported attribute `defaults'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: defaults driver driverInteractive drvPath enableOCR extraBaseModules extraDriverArgs extraPythonPackages globalTimeout hostPkgs includeTestScriptReferences interactive machine name node nodes nodesCompat out outPath outputName outputs passthru qemu rawTestDerivation result skipLint skipTypeCheck sshBackdoor system test testScript testScriptString type withoutTestScriptReferences) into the explicit `config' attribute.
96079fd to
25bb69e
Compare
25bb69e to
c5488e9
Compare
|
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-already-reviewed/2617/2439 |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-already-reviewed/2617/2489 |
| inherit (nixosTests) encrypted-dns-server; | ||
| service = nixosTests.encrypted-dns-server; |
There was a problem hiding this comment.
Why 2 lines here? The first one is enough!
add nixos service integration for recently (22.05) added encrypted-dns-server (#398775)
(https://github.com/DNSCrypt/encrypted-dns-server) via hardened systemd profile.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.