diff --git a/doc/src/mailserver.md b/doc/src/mailserver.md index e0373c844..f0649b03b 100644 --- a/doc/src/mailserver.md +++ b/doc/src/mailserver.md @@ -257,7 +257,7 @@ HELO name Frontend IP addresses -: Public IPv4 and/or IPv6 adresses. **A** and **AAAA** queries of the HELO name +: Public IPv4 and/or IPv6 addresses. **A** and **AAAA** queries of the HELO name must resolve to the frontend IP addresses. Each address must have a **PTR** record which must resolve exactly to the HELO name. diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..5999137c9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,7 @@ +{ + "nodes": { + "root": {} + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..9a87c4833 --- /dev/null +++ b/flake.nix @@ -0,0 +1,82 @@ +{ + outputs = { self, ...}: let + versions = builtins.fromJSON (builtins.readFile ./versions.json); + nixpkgs = let + inherit (versions.nixpkgs) owner repo rev; + in builtins.getFlake "github:${owner}/${repo}/${rev}"; + + inherit (nixpkgs) lib; + nixpkgsConfig = import ./nixpkgs-config.nix; + + testConfigFor = system: let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + testlib = import ./tests/testlib.nix { inherit lib; }; + versions = import ./versions.nix { inherit pkgs; }; + in lib.nixosSystem { + inherit pkgs system; + specialArgs.nixos-mailserver = versions.nixos-mailserver; + + modules = [ + ({ lib, ... }: + { + options.virtualisation.vlans = lib.mkOption { + type = lib.types.anything; + default = []; + }; + config = { + networking.domain = "gocept.net"; + + mailserver.domains = [ "example.com" ]; + mailserver.dmarcReporting = { + domain = lib.mkDefault "example.com"; + organizationName = lib.mkDefault "ACME Corp."; + }; + }; + }) + (testlib.fcConfig { + extraEncParameters.environment_url = "example.com"; + }) + ]; + }; + + forAllSystems = lib.genAttrs lib.systems.flakeExposed; + in { + overlays.default = import ./pkgs/overlay.nix; + nixosModules.default = import ./nixos/default.nix; + + legacyPackages = forAllSystems (system: import ./. { + inherit nixpkgs system; + overlays = [ self.overlays.default ]; + config = { + inherit (nixpkgsConfig) permittedInsecurePackages; + }; + }); + + options = forAllSystems (system: let + rawOpts = lib.optionAttrSetToDocList (testConfigFor system).options; + + substSpecial = x: + if lib.isDerivation x then { _type = "derivation"; name = x.name; } + else if builtins.isAttrs x then lib.mapAttrs (name: substSpecial) x + else if builtins.isList x then map substSpecial x + else if lib.isFunction x then "" + else x; + + filteredOpts = lib.filter (opt: opt.visible && !opt.internal) rawOpts; + optionsList = lib.flip map filteredOpts + (opt: opt + // lib.optionalAttrs (opt ? example) { example = substSpecial opt.example; } + // lib.optionalAttrs (opt ? default) { default = substSpecial opt.default; } + // lib.optionalAttrs (opt ? type) { type = substSpecial opt.type; } + ); + + optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList); + finalOptions = lib.mapAttrsToList (name: option: option // { inherit name; }) optionsNix; + in builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON finalOptions))); + }; +} diff --git a/nixos/platform/auditbeat.nix b/nixos/platform/auditbeat.nix index 94ed0d93d..1c463f551 100644 --- a/nixos/platform/auditbeat.nix +++ b/nixos/platform/auditbeat.nix @@ -13,7 +13,7 @@ in type = types.package; default = pkgs.auditbeat7-oss; defaultText = "pkgs.auditbeat7-oss"; - example = literalExample "pkgs.auditbeat7"; + example = literalExpression "pkgs.auditbeat7"; description = '' The auditbeat package to use. ''; diff --git a/nixos/platform/default.nix b/nixos/platform/default.nix index 3c7940003..8b6c0048f 100644 --- a/nixos/platform/default.nix +++ b/nixos/platform/default.nix @@ -82,6 +82,7 @@ in { }; flyingcircus.enc_services_path = mkOption { + defaultText = "/etc/nixos/services.json"; default = /etc/nixos/services.json; type = path; description = "Where to find the ENC services json file."; @@ -168,7 +169,7 @@ in { ''; type = types.path; default = "/etc/local"; - example = ./test_cfg; + example = "./test_cfg"; }; flyingcircus.platform = { diff --git a/nixos/platform/enc.nix b/nixos/platform/enc.nix index 02acfe36e..e2101d646 100644 --- a/nixos/platform/enc.nix +++ b/nixos/platform/enc.nix @@ -35,6 +35,7 @@ with lib; }; encAddressesPath = mkOption { + defaultText = "/etc/nixos/addresses_srv.json"; default = /etc/nixos/addresses_srv.json; type = path; description = "Where to find the address list json file."; @@ -46,6 +47,7 @@ with lib; }; encServicesPath = mkOption { + defaultText = "/etc/nixos/services.json"; default = /etc/nixos/services.json; type = path; description = "Where to find the ENC services json file."; @@ -59,12 +61,14 @@ with lib; }; encServiceClientsPath = mkOption { + defaultText = "/etc/nixos/service_clients.json"; default = /etc/nixos/service_clients.json; type = path; description = "Where to find the ENC service clients json file."; }; systemStatePath = mkOption { + defaultText = "/etc/nixos/system_state.json"; default = /etc/nixos/system_state.json; type = path; description = "Where to find the system state json file."; diff --git a/nixos/platform/filebeat.nix b/nixos/platform/filebeat.nix index 313f87742..7e60c8def 100644 --- a/nixos/platform/filebeat.nix +++ b/nixos/platform/filebeat.nix @@ -118,7 +118,7 @@ in type = types.package; default = pkgs.filebeat7-oss; defaultText = "pkgs.filebeat7-oss"; - example = literalExample "pkgs.filebeat7"; + example = literalExpression "pkgs.filebeat7"; description = '' The filebeat package to use. ''; diff --git a/nixos/platform/journalbeat.nix b/nixos/platform/journalbeat.nix index e932d0f7f..8baf1df7c 100644 --- a/nixos/platform/journalbeat.nix +++ b/nixos/platform/journalbeat.nix @@ -125,7 +125,7 @@ in type = types.package; default = pkgs.filebeat7-oss; defaultText = "pkgs.filebeat7-oss"; - example = literalExample "pkgs.filebeat7"; + example = literalExpression "pkgs.filebeat7"; description = '' The filebeat package to use. ''; diff --git a/nixos/platform/static.nix b/nixos/platform/static.nix index a7c14c248..b111093d6 100644 --- a/nixos/platform/static.nix +++ b/nixos/platform/static.nix @@ -22,6 +22,7 @@ with lib; }; ceph.fsids = { + "testloc"."testrg" = "7d3bdc42-1d8e-4fcd-952d-e968d4f0cde4"; # These are needed once per cluster. # Generate a new one via: `uuidgen -t` and record # it here with the ${location}.${resourcegroup} key diff --git a/nixos/platform/users.nix b/nixos/platform/users.nix index 752a23567..6531e9e3b 100644 --- a/nixos/platform/users.nix +++ b/nixos/platform/users.nix @@ -126,6 +126,7 @@ in }; userDataPath = lib.mkOption { + defaultText = "/etc/nixos/users.json"; default = /etc/nixos/users.json; type = path; description = "Where to find the user json file."; @@ -137,6 +138,7 @@ in }; permissionsPath = lib.mkOption { + defaultText = "/etc/nixos/permissions.json"; default = /etc/nixos/permissions.json; type = path; description = '' diff --git a/nixos/roles/antivirus.nix b/nixos/roles/antivirus.nix index aea48e30f..37ea90127 100644 --- a/nixos/roles/antivirus.nix +++ b/nixos/roles/antivirus.nix @@ -16,6 +16,7 @@ in listenAddresses = lib.mkOption { type = lib.types.listOf lib.types.str; + defaultText = "addresses of the interfaces `lo` and `srv`"; default = fclib.network.lo.dualstack.addresses ++ fclib.network.srv.dualstack.addresses; }; diff --git a/nixos/roles/coturn.nix b/nixos/roles/coturn.nix index 68b50daa4..77455cf34 100644 --- a/nixos/roles/coturn.nix +++ b/nixos/roles/coturn.nix @@ -50,7 +50,20 @@ in config = mkOption { description = "Platform-configured options"; type = types.attrs; - default = { + defaultText = { + hostname = "\${cfg.hostName}"; + alt-listening-port = 3479; + alt-tls-listening-port = 5350; + listening-ips = "the addresses of networks `lo`, `srv` and `fe`"; + listening-port = 3478; + lt-cred-mech = false; + no-cli = true; + realm = "\${cfg.hostName}"; + tls-listening-port = 5349; + use-auth-secret = true; + extraConfig = []; + }; + default = { hostname = cfg.hostName; alt-listening-port = 3479; alt-tls-listening-port = 5350; diff --git a/nixos/roles/external_net/default.nix b/nixos/roles/external_net/default.nix index 0edac54bf..682f3128b 100644 --- a/nixos/roles/external_net/default.nix +++ b/nixos/roles/external_net/default.nix @@ -34,7 +34,7 @@ in options = { flyingcircus.roles.external_net = { - enable = lib.mkEnableOption { }; + enable = lib.mkEnableOption "fcio external_net role"; supportsContainers = fclib.mkDisableContainerSupport; vxlan4 = lib.mkOption { @@ -59,6 +59,7 @@ in frontendName = lib.mkOption { type = lib.types.str; + defaultText = "reverse name of the frontend's address"; default = defaultFrontendName; description = '' DNS host name for the external network gateway. This is also the name diff --git a/nixos/roles/external_net/openvpn.nix b/nixos/roles/external_net/openvpn.nix index 935c901e1..bb9da13fb 100644 --- a/nixos/roles/external_net/openvpn.nix +++ b/nixos/roles/external_net/openvpn.nix @@ -208,7 +208,7 @@ in { options = { flyingcircus.roles.openvpn = { - enable = lib.mkEnableOption { }; + enable = lib.mkEnableOption "fcio openvpn role"; supportsContainers = fclib.mkDisableContainerSupport; accessNets = lib.mkOption { diff --git a/nixos/roles/external_net/vxlan.nix b/nixos/roles/external_net/vxlan.nix index 1cecfc36e..2562d2cb0 100644 --- a/nixos/roles/external_net/vxlan.nix +++ b/nixos/roles/external_net/vxlan.nix @@ -106,7 +106,7 @@ in { options = with lib; { flyingcircus.roles.vxlan = { - gateway = mkEnableOption { }; + gateway = mkEnableOption "fcio vxlan gateway"; supportsContainers = fclib.mkDisableContainerSupport; diff --git a/nixos/roles/mailserver.nix b/nixos/roles/mailserver.nix index 1005ab966..fef09bc2f 100644 --- a/nixos/roles/mailserver.nix +++ b/nixos/roles/mailserver.nix @@ -26,7 +26,7 @@ let then "${hostName}.fe.${params.location}.${domain}" else if domain != null then "${hostName}.${domain}" else hostName; description = '' - FQDN of the mail server's frontend address. IP adresses and + FQDN of the mail server's frontend address. IP addresses and forward/reverse DNS must match exactly. ''; example = "mail.example.com"; diff --git a/nixos/roles/memcached.nix b/nixos/roles/memcached.nix index 067d05358..adb5ef048 100644 --- a/nixos/roles/memcached.nix +++ b/nixos/roles/memcached.nix @@ -34,6 +34,7 @@ in listenAddresses = lib.mkOption { type = lib.types.listOf lib.types.str; + defaultText = "the addresses of the networks `lo` and `srv`"; default = fclib.network.lo.dualstack.addresses ++ fclib.network.srv.dualstack.addresses; }; diff --git a/nixos/roles/mysql.nix b/nixos/roles/mysql.nix index 971bb5722..273dc99e3 100644 --- a/nixos/roles/mysql.nix +++ b/nixos/roles/mysql.nix @@ -37,6 +37,7 @@ in listenAddresses = lib.mkOption { type = lib.types.listOf lib.types.str; + defaultText = "the addresses of the networks `lo` and `srv`"; default = fclib.network.lo.dualstack.addresses ++ fclib.network.srv.dualstack.addresses; }; diff --git a/nixos/roles/statshost/default.nix b/nixos/roles/statshost/default.nix index 3273ac968..722f218c4 100644 --- a/nixos/roles/statshost/default.nix +++ b/nixos/roles/statshost/default.nix @@ -191,6 +191,7 @@ in prometheusListenAddress = mkOption { type = types.str; + defaultText = "\${head fclib.network.srv.dualstack.addressQuoted}:9090"; default = "${head fclib.network.srv.dualstack.addressesQuoted}:9090"; description = "Prometheus listen address"; }; diff --git a/nixos/roles/webproxy.nix b/nixos/roles/webproxy.nix index 0ba5731d9..1ae570ebc 100644 --- a/nixos/roles/webproxy.nix +++ b/nixos/roles/webproxy.nix @@ -48,6 +48,7 @@ in listenAddresses = lib.mkOption { type = lib.types.listOf lib.types.str; + defaultText = "the addresses of the networks `srv` and `lo`"; default = fclib.network.srv.dualstack.addressesQuoted ++ fclib.network.lo.dualstack.addressesQuoted; }; diff --git a/nixos/services/ceph/client.nix b/nixos/services/ceph/client.nix index 10fc6c8bb..fc3b3d939 100644 --- a/nixos/services/ceph/client.nix +++ b/nixos/services/ceph/client.nix @@ -21,6 +21,37 @@ in flyingcircus.services.ceph = { config = lib.mkOption { type = lib.types.lines; + defaultText = '' + [global] + pid file = /run/ceph/$type-$id.pid + admin socket = /run/ceph/$cluster-$name.asok + + # Needs to correspond with daemon startup ulimit + max open files = 262144 + + osd pool default min size = 2 + osd pool default size = 3 + + osd pool default pg num = 64 + osd pool default pgp num = 64 + + setuser match path = /srv/ceph/$type/ceph-$id + + debug filestore = 4 + debug mon = 4 + debug osd = 4 + debug journal = 4 + debug throttle = 4 + + mon compact on start = true # Keep leveldb small + mon osd down out interval = 900 # Allow 15 min for reboots to happen without backfilling. + mon osd nearfull ratio = .9 + + mon data = /srv/ceph/mon/$cluster-$id + mon osd allow primary affinity = true + mon pg warn max per osd = 3000 + mon pg warn max object skew = 20 + ''; default = '' [global] fsid = ${fs_id} diff --git a/nixos/services/haproxy/config-options.nix b/nixos/services/haproxy/config-options.nix index 020cc6159..faa8c4ff0 100644 --- a/nixos/services/haproxy/config-options.nix +++ b/nixos/services/haproxy/config-options.nix @@ -298,7 +298,7 @@ in { }; listen = mkOption { default = {}; - example = literalExample ''{ + example = literalExpression ''{ http-in = { binds = [ "127.0.0.1:8002" @@ -325,7 +325,7 @@ in { }; backend = mkOption { default = {}; - example = literalExample ''{ + example = literalExpression ''{ be = { servers = [ "localhost localhost:8080" diff --git a/nixos/services/jitsi/jibri.nix b/nixos/services/jitsi/jibri.nix index 9c6d4ced9..9d47de130 100644 --- a/nixos/services/jitsi/jibri.nix +++ b/nixos/services/jitsi/jibri.nix @@ -162,6 +162,7 @@ in configFile = mkOption { type = types.path; + defaultText = "jibri.conf"; default = "${pkgs.writeText "jibri.conf" (toHOCON cfg.settings)}"; description = '' Jibri main config file path. @@ -171,6 +172,7 @@ in settings = mkOption { type = types.attrs; + defaultText = {}; default = settings; description = "Settings used to generate the default config file"; }; diff --git a/nixos/services/jitsi/jicofo.nix b/nixos/services/jitsi/jicofo.nix index 2dc120277..b9c0ae839 100644 --- a/nixos/services/jitsi/jicofo.nix +++ b/nixos/services/jitsi/jicofo.nix @@ -62,7 +62,7 @@ in config = mkOption { type = attrsOf str; default = { }; - example = literalExample '' + example = literalExpression '' { "org.jitsi.jicofo.auth.URL" = "XMPP:jitsi-meet.example.com"; } diff --git a/nixos/services/jitsi/jitsi-meet.nix b/nixos/services/jitsi/jitsi-meet.nix index 9f3cdc217..d27667bea 100644 --- a/nixos/services/jitsi/jitsi-meet.nix +++ b/nixos/services/jitsi/jitsi-meet.nix @@ -54,7 +54,7 @@ in config = mkOption { type = attrs; default = { }; - example = literalExample '' + example = literalExpression '' { enableWelcomePage = false; defaultLang = "fi"; @@ -81,7 +81,7 @@ in interfaceConfig = mkOption { type = attrs; default = { }; - example = literalExample '' + example = literalExpression '' { SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; diff --git a/nixos/services/jitsi/jitsi-videobridge.nix b/nixos/services/jitsi/jitsi-videobridge.nix index 275a37354..6ae88afd4 100644 --- a/nixos/services/jitsi/jitsi-videobridge.nix +++ b/nixos/services/jitsi/jitsi-videobridge.nix @@ -57,7 +57,7 @@ in config = mkOption { type = attrs; default = { }; - example = literalExample '' + example = literalExpression '' { videobridge = { ice.udp.port = 5000; @@ -83,7 +83,7 @@ in See for more information. ''; default = { }; - example = literalExample '' + example = literalExpression '' { "localhost" = { hostName = "localhost"; diff --git a/nixos/services/jitsi/prosody.nix b/nixos/services/jitsi/prosody.nix index 28e019590..ed742e83b 100644 --- a/nixos/services/jitsi/prosody.nix +++ b/nixos/services/jitsi/prosody.nix @@ -501,7 +501,7 @@ in description = "Prosody package to use"; default = pkgs.prosody; defaultText = "pkgs.prosody"; - example = literalExample '' + example = literalExpression '' pkgs.prosody.override { withExtraLibs = [ pkgs.luaPackages.lpty ]; withCommunityModules = [ "auth_external" ]; diff --git a/nixos/services/k3s/frontend.nix b/nixos/services/k3s/frontend.nix index 5a0902b5d..395809a16 100644 --- a/nixos/services/k3s/frontend.nix +++ b/nixos/services/k3s/frontend.nix @@ -4,8 +4,6 @@ { config, lib, pkgs, ... }: -with builtins; - let fclib = config.fclib; cfg = config.flyingcircus.services.k3s-frontend; @@ -21,6 +19,9 @@ let location = lib.attrByPath [ "parameters" "location" ] "standalone" config.flyingcircus.enc; fcNameservers = config.flyingcircus.static.nameservers.${location} or []; + inherit (lib) mkEnableOption mkOption types; + inherit (builtins) head; + serviceListenConfigs = lib.mapAttrs (name: conf: let serviceName = if (conf.serviceName != null) then conf.serviceName else name; @@ -78,9 +79,10 @@ let (lib.optionalString (conf.haproxyExtraConfig != "") conf.haproxyExtraConfig) ]; }) frontendCfg; + in { - options = with lib; { + options = { flyingcircus.services.k3s-frontend.enable = mkEnableOption "Enable k3s (Kubernetes) Frontend"; @@ -171,7 +173,7 @@ in }; extraPodTemplateOptions = mkOption { - type = string; + type = lines; default = ""; description = "haproxy options for the server-template directive used for the pod backends, added verbatim to the end of the generated line."; }; @@ -195,7 +197,7 @@ in }; serviceName = mkOption { - type = nullOr string; + type = nullOr str; default = null; description = '' Name of the Kubernetes service we want to proxy. @@ -220,7 +222,7 @@ in }; namespace = mkOption { - type = string; + type = str; default = "default"; description = '' Kubernetes namespace the service is defined in. @@ -231,7 +233,7 @@ in binds = mkOption { type = nullOr (listOf str); default = null; - example = map (a: "${a}:8080") fclib.network.fe.dualstack.addressesQuoted; + example = [ "0.0.0.0:8008" ]; description = ''Addresses with ports haproxy is binding to, listening for incoming connections. Defaults to 127.0.0.1, using either `lbServicePort` or `podPort`, if `lbServicePort` is not set. diff --git a/nixos/services/mail/default.nix b/nixos/services/mail/default.nix index 337daa3dc..eeea65475 100644 --- a/nixos/services/mail/default.nix +++ b/nixos/services/mail/default.nix @@ -1,4 +1,8 @@ -{ config, lib, pkgs, ... }: +{ config +, lib +, pkgs +, nixos-mailserver ? (import ../../../versions.nix {}).nixos-mailserver +, ... }: with builtins; with lib; @@ -11,8 +15,6 @@ with lib; # - domains: list of mail domains for which regular mail accounts exist let - inherit (import ../../../versions.nix { }) nixos-mailserver; - role = config.flyingcircus.roles.mailserver; svc = config.flyingcircus.services.mail; fclib = config.fclib; diff --git a/nixos/services/matomo.nix b/nixos/services/matomo.nix index 926a29eb6..b252dd4f8 100644 --- a/nixos/services/matomo.nix +++ b/nixos/services/matomo.nix @@ -162,11 +162,7 @@ in { hostname = mkOption { type = types.str; default = "${user}.${fqdn}"; - defaultText = literalExpression '' - if config.${options.networking.domain} != null - then "${user}.''${config.${options.networking.fqdn}}" - else "${user}.''${config.${options.networking.hostName}}" - ''; + defaultText = literalExpression "${user}.\${fqdn}"; example = "matomo.yourdomain.org"; description = lib.mdDoc '' URL of the host, without https prefix. You may want to change it if you diff --git a/nixos/services/nginx/default.nix b/nixos/services/nginx/default.nix index 0ac7f88e8..8d702baf8 100644 --- a/nixos/services/nginx/default.nix +++ b/nixos/services/nginx/default.nix @@ -147,6 +147,7 @@ in defaultListenAddresses = lib.mkOption { type = lib.types.listOf lib.types.str; + defaultText = "addresses of the `fe` network"; default = fclib.network.fe.dualstack.addressesQuoted; description = '' Addresses to listen on if a vhost does not specify any. @@ -239,7 +240,7 @@ in }; })); default = {}; - example = literalExample '' + example = literalExpression '' { "hydra.example.com" = { forceSSL = true; diff --git a/nixos/services/nginx/location-options.nix b/nixos/services/nginx/location-options.nix index 82e0037b4..99832f57b 100644 --- a/nixos/services/nginx/location-options.nix +++ b/nixos/services/nginx/location-options.nix @@ -14,7 +14,7 @@ with lib; basicAuth = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { user = "password"; }; diff --git a/nixos/services/nginx/vhost-options.nix b/nixos/services/nginx/vhost-options.nix index 92073d764..6a5baf800 100644 --- a/nixos/services/nginx/vhost-options.nix +++ b/nixos/services/nginx/vhost-options.nix @@ -234,7 +234,7 @@ with lib; basicAuth = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { user = "password"; }; @@ -264,7 +264,7 @@ with lib; inherit lib; })); default = {}; - example = literalExample '' + example = literalExpression '' { "/" = { proxyPass = "http://localhost:3000"; diff --git a/nixos/services/percona.nix b/nixos/services/percona.nix index ec2d43938..d64e3e73d 100644 --- a/nixos/services/percona.nix +++ b/nixos/services/percona.nix @@ -102,7 +102,7 @@ in package = mkOption { type = types.package; - example = literalExample "pkgs.percona"; + example = literalExpression "pkgs.percona"; description = " Which MySQL derivation to use. "; @@ -155,8 +155,8 @@ in to create databases on the first startup of MySQL ''; example = [ - { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; } - { name = "bardatabase"; schema = literalExample "./bardatabase.sql"; } + { name = "foodatabase"; schema = literalExpression "./foodatabase.sql"; } + { name = "bardatabase"; schema = literalExpression "./bardatabase.sql"; } ]; }; diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix index 63bf37969..6976a4fea 100644 --- a/nixos/services/prometheus.nix +++ b/nixos/services/prometheus.nix @@ -73,8 +73,7 @@ let else x; mkDefOpt = type : defaultStr : description : mkOpt type (description + '' - - Defaults to ${defaultStr} in prometheus + Defaults to ${builtins.toString defaultStr} in prometheus when set to null. ''); diff --git a/nixos/services/redis.nix b/nixos/services/redis.nix index 59e514475..93d391f85 100644 --- a/nixos/services/redis.nix +++ b/nixos/services/redis.nix @@ -27,6 +27,7 @@ in { listenAddresses = lib.mkOption { type = lib.types.listOf lib.types.str; + defaultText = "the addresses of the networks `lo` and `srv`"; default = fclib.network.lo.dualstack.addresses ++ fclib.network.srv.dualstack.addresses; }; diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 40b31b0fd..d268ea25b 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,44 +1,44 @@ -self: super: +final: prev: let - versions = import ../versions.nix { pkgs = super; }; + versions = import ../versions.nix { pkgs = prev; }; # import fossar/nix-phps overlay with nixpkgs-unstable's generic.nix copied in # then use release-set as pkgs phps = (import ../nix-phps/pkgs/phps.nix) (../nix-phps) - {} super; + {} prev; - inherit (super) fetchpatch fetchFromGitHub fetchurl lib; + inherit (prev) fetchpatch fetchFromGitHub fetchurl lib; in { # # == our own stuff # fc = (import ./default.nix { - pkgs = self; + pkgs = final; # Only used by the agent for now but we should probably use this # for all our Python packages and update Python in sync then. - pythonPackages = self.python310Packages; + pythonPackages = final.python310Packages; }); # # imports from other nixpkgs versions or local definitions # - apacheHttpdLegacyCrypt = self.apacheHttpd.override { - aprutil = self.aprutil.override { libxcrypt = self.libxcrypt-legacy; }; + apacheHttpdLegacyCrypt = final.apacheHttpd.override { + aprutil = final.aprutil.override { libxcrypt = final.libxcrypt-legacy; }; }; - inherit (super.callPackage ./boost { }) boost159; + inherit (prev.callPackage ./boost { }) boost159; - bundlerSensuPlugin = super.callPackage ./sensuplugins-rb/bundler-sensu-plugin.nix { }; - busybox = super.busybox.overrideAttrs (oldAttrs: { + bundlerSensuPlugin = prev.callPackage ./sensuplugins-rb/bundler-sensu-plugin.nix { }; + busybox = prev.busybox.overrideAttrs (oldAttrs: { meta.priority = 10; }); - certmgr = super.callPackage ./certmgr.nix { }; + certmgr = prev.callPackage ./certmgr.nix { }; - check_ipmi_sensor = super.callPackage ./check_ipmi_sensor.nix { }; - check_md_raid = super.callPackage ./check_md_raid { }; - check_megaraid = super.callPackage ./check_megaraid { }; + check_ipmi_sensor = prev.callPackage ./check_ipmi_sensor.nix { }; + check_md_raid = prev.callPackage ./check_md_raid { }; + check_megaraid = prev.callPackage ./check_megaraid { }; # XXX: ceph doesn't build # ceph = (super.callPackage ./ceph { @@ -46,13 +46,13 @@ in { # boost = super.boost155; # }); - docsplit = super.callPackage ./docsplit { }; + docsplit = prev.callPackage ./docsplit { }; - innotop = super.callPackage ./percona/innotop.nix { }; + innotop = prev.callPackage ./percona/innotop.nix { }; - libmodsecurity = super.callPackage ./libmodsecurity { }; + libmodsecurity = prev.callPackage ./libmodsecurity { }; - jicofo = super.jicofo.overrideAttrs(oldAttrs: rec { + jicofo = prev.jicofo.overrideAttrs(oldAttrs: rec { pname = "jicofo"; version = "1.0-1027"; src = fetchurl { @@ -61,7 +61,7 @@ in { }; }); - jitsi-meet = super.jitsi-meet.overrideAttrs(oldAttrs: rec { + jitsi-meet = prev.jitsi-meet.overrideAttrs(oldAttrs: rec { pname = "jitsi-meet"; version = "1.0.7235"; src = fetchurl { @@ -71,7 +71,7 @@ in { }); - jitsi-videobridge = super.jitsi-videobridge.overrideAttrs(oldAttrs: rec { + jitsi-videobridge = prev.jitsi-videobridge.overrideAttrs(oldAttrs: rec { pname = "jitsi-videobridge2"; version = "2.3-19-gb286dc0c"; src = fetchurl { @@ -82,7 +82,7 @@ in { installPhase = '' runHook preInstall substituteInPlace usr/share/jitsi-videobridge/jvb.sh \ - --replace "exec java" "exec ${self.jre_headless}/bin/java" + --replace "exec java" "exec ${final.jre_headless}/bin/java" mkdir -p $out/{bin,share/jitsi-videobridge,etc/jitsi/videobridge} mv etc/jitsi/videobridge/logging.properties $out/etc/jitsi/videobridge/ @@ -92,25 +92,25 @@ in { # work around https://github.com/jitsi/jitsi-videobridge/issues/1547 wrapProgram $out/bin/jitsi-videobridge \ --set VIDEOBRIDGE_GC_TYPE G1GC \ - --set LD_LIBRARY_PATH ${super.lib.getLib super.openssl_3_0}/lib/ + --set LD_LIBRARY_PATH ${prev.lib.getLib prev.openssl_3_0}/lib/ runHook postInstall ''; }); - inherit (super.callPackages ./matomo {}) + inherit (prev.callPackages ./matomo {}) matomo matomo-beta; - kubernetes-dashboard = super.callPackage ./kubernetes-dashboard.nix { }; - kubernetes-dashboard-metrics-scraper = super.callPackage ./kubernetes-dashboard-metrics-scraper.nix { }; + kubernetes-dashboard = prev.callPackage ./kubernetes-dashboard.nix { }; + kubernetes-dashboard-metrics-scraper = prev.callPackage ./kubernetes-dashboard-metrics-scraper.nix { }; # Overriding the version for Go modules doesn't work properly so we # include our own beats.nix here. The other beats below inherit the version # change. - inherit (super.callPackage ./beats.nix {}) filebeat7; + inherit (prev.callPackage ./beats.nix {}) filebeat7; - auditbeat7 = self.filebeat7.overrideAttrs(a: a // { + auditbeat7 = final.filebeat7.overrideAttrs(a: a // { name = "auditbeat-${a.version}"; postFixup = ""; @@ -120,23 +120,23 @@ in { ]; }); - auditbeat7-oss = self.auditbeat7.overrideAttrs(a: a // { + auditbeat7-oss = final.auditbeat7.overrideAttrs(a: a // { name = "auditbeat-oss-${a.version}"; preBuild = "rm -rf x-pack"; }); - cyrus_sasl-legacyCrypt = super.cyrus_sasl.override { - libxcrypt = self.libxcrypt-legacy; + cyrus_sasl-legacyCrypt = prev.cyrus_sasl.override { + libxcrypt = final.libxcrypt-legacy; }; - dovecot = (super.dovecot.override { - cyrus_sasl = self.cyrus_sasl-legacyCrypt; + dovecot = (prev.dovecot.override { + cyrus_sasl = final.cyrus_sasl-legacyCrypt; }).overrideAttrs(old: { strictDeps = true; - buildInputs = [ self.libxcrypt-legacy ] ++ old.buildInputs; + buildInputs = [ final.libxcrypt-legacy ] ++ old.buildInputs; }); - filebeat7-oss = self.filebeat7.overrideAttrs(a: a // { + filebeat7-oss = final.filebeat7.overrideAttrs(a: a // { name = "filebeat-oss-${a.version}"; preBuild = "rm -rf x-pack"; }); @@ -148,7 +148,7 @@ in { # PHP versions from vendored nix-phps - lamp_php72 = self.php72.withExtensions ({ enabled, all }: + lamp_php72 = final.php72.withExtensions ({ enabled, all }: enabled ++ [ all.bcmath all.imagick @@ -156,7 +156,7 @@ in { all.redis ]); - lamp_php73 = self.php73.withExtensions ({ enabled, all }: + lamp_php73 = final.php73.withExtensions ({ enabled, all }: enabled ++ [ all.bcmath all.imagick @@ -164,7 +164,7 @@ in { all.redis ]); - lamp_php74 = (self.php74.withExtensions ({ enabled, all }: + lamp_php74 = (final.php74.withExtensions ({ enabled, all }: enabled ++ [ all.bcmath all.imagick @@ -174,7 +174,7 @@ in { # PHP versions from nixpkgs - lamp_php80 = (super.php80.withExtensions ({ enabled, all }: + lamp_php80 = (prev.php80.withExtensions ({ enabled, all }: enabled ++ [ all.bcmath all.imagick @@ -182,7 +182,7 @@ in { all.redis ])); - lamp_php81 = super.php81.withExtensions ({ enabled, all }: + lamp_php81 = prev.php81.withExtensions ({ enabled, all }: enabled ++ [ all.bcmath all.imagick @@ -190,7 +190,7 @@ in { all.redis ]); - lamp_php82 = super.php82.withExtensions ({ enabled, all }: + lamp_php82 = prev.php82.withExtensions ({ enabled, all }: enabled ++ [ all.bcmath all.imagick @@ -198,18 +198,18 @@ in { all.redis ]); - latencytop_nox = super.latencytop.overrideAttrs(_: { - buildInputs = with self; [ ncurses glib ]; + latencytop_nox = prev.latencytop.overrideAttrs(_: { + buildInputs = with final; [ ncurses glib ]; makeFlags = [ "HAS_GTK_GUI=" ]; }); - libxcrypt-with-sha256 = super.libxcrypt.override { + libxcrypt-with-sha256 = prev.libxcrypt.override { enableHashes = "strong,sha256crypt"; }; - links2_nox = super.links2.override { enableX11 = false; enableFB = false; }; + links2_nox = prev.links2.override { enableX11 = false; enableFB = false; }; - lkl = super.lkl.overrideAttrs(_: rec { + lkl = prev.lkl.overrideAttrs(_: rec { version = "2022-05-18"; src = fetchFromGitHub { rev = "10c7b5dee8c424cc2ab754e519ecb73350283ff9"; @@ -227,14 +227,14 @@ in { }); - mc = super.callPackage ./mc.nix { }; + mc = prev.callPackage ./mc.nix { }; - mysql = super.mariadb; + mysql = prev.mariadb; - monitoring-plugins = super.monitoring-plugins.overrideAttrs(_: rec { + monitoring-plugins = prev.monitoring-plugins.overrideAttrs(_: rec { name = "monitoring-plugins-2.3.0"; - src = super.fetchFromGitHub { + src = prev.fetchFromGitHub { owner = "monitoring-plugins"; repo = "monitoring-plugins"; rev = "v2.3"; @@ -243,7 +243,7 @@ in { patches = []; - postInstall = super.monitoring-plugins.postInstall + '' + postInstall = prev.monitoring-plugins.postInstall + '' cp plugins-root/check_dhcp $out/bin cp plugins-root/check_icmp $out/bin ''; @@ -251,8 +251,8 @@ in { }); # This is our default version. - nginxStable = (super.nginxStable.override { - modules = with super.nginxModules; [ + nginxStable = (prev.nginxStable.override { + modules = with prev.nginxModules; [ dav modsecurity moreheaders @@ -264,10 +264,10 @@ in { ]; }); - nginx = self.nginxStable; + nginx = final.nginxStable; - nginxMainline = (super.nginxMainline.override { - modules = with super.nginxModules; [ + nginxMainline = (prev.nginxMainline.override { + modules = with prev.nginxModules; [ dav modsecurity rtmp @@ -278,20 +278,20 @@ in { ]; }); - nginxLegacyCrypt = self.nginx.overrideAttrs(old: { + nginxLegacyCrypt = final.nginx.overrideAttrs(old: { strictDeps = true; - buildInputs = [ self.libxcrypt-legacy ] ++ old.buildInputs; + buildInputs = [ final.libxcrypt-legacy ] ++ old.buildInputs; }); - openldap_2_4 = super.callPackage ./openldap_2_4.nix { - libxcrypt = self.libxcrypt-legacy; + openldap_2_4 = prev.callPackage ./openldap_2_4.nix { + libxcrypt = final.libxcrypt-legacy; }; - opensearch = super.callPackage ./opensearch { }; - opensearch-dashboards = super.callPackage ./opensearch-dashboards { }; + opensearch = prev.callPackage ./opensearch { }; + opensearch-dashboards = prev.callPackage ./opensearch-dashboards { }; - percona = self.percona80; - percona-toolkit = super.perlPackages.PerconaToolkit.overrideAttrs(oldAttrs: { + percona = final.percona80; + percona-toolkit = prev.perlPackages.PerconaToolkit.overrideAttrs(oldAttrs: { # The script uses usr/bin/env perl and the Perl builder adds PERL5LIB to it. # This doesn't work. Looks like a bug in Nixpkgs. # Replacing the interpreter path before the Perl builder touches it fixes this. @@ -300,62 +300,62 @@ in { ''; }); - percona57 = super.callPackage ./percona/5.7.nix { - boost = self.boost159; - openssl = self.openssl_1_1; + percona57 = prev.callPackage ./percona/5.7.nix { + boost = final.boost159; + openssl = final.openssl_1_1; }; - percona80 = super.callPackage ./percona/8.0.nix { - boost = self.boost177; - openldap = self.openldap_2_4; - openssl = self.openssl_1_1; - inherit (super.darwin.apple_sdk.frameworks) CoreServices; - inherit (super.darwin) cctools developer_cmds DarwinTools; + percona80 = prev.callPackage ./percona/8.0.nix { + boost = final.boost177; + openldap = final.openldap_2_4; + openssl = final.openssl_1_1; + inherit (prev.darwin.apple_sdk.frameworks) CoreServices; + inherit (prev.darwin) cctools developer_cmds DarwinTools; }; - percona-xtrabackup_2_4 = super.callPackage ./percona-xtrabackup/2_4.nix { - boost = self.boost159; - openssl = self.openssl_1_1; + percona-xtrabackup_2_4 = prev.callPackage ./percona-xtrabackup/2_4.nix { + boost = final.boost159; + openssl = final.openssl_1_1; }; - percona-xtrabackup_8_0 = super.callPackage ./percona-xtrabackup/8_0.nix { - boost = self.boost177; - openssl = self.openssl_1_1; + percona-xtrabackup_8_0 = prev.callPackage ./percona-xtrabackup/8_0.nix { + boost = final.boost177; + openssl = final.openssl_1_1; }; # Has been renamed upstream, backy-extract still wants to use it. - pkgconfig = super.pkg-config; + pkgconfig = prev.pkg-config; - postfix = super.postfix.override { - cyrus_sasl = self.cyrus_sasl-legacyCrypt; + postfix = prev.postfix.override { + cyrus_sasl = final.cyrus_sasl-legacyCrypt; }; - postgis_2_5 = (super.postgresqlPackages.postgis.override { - proj = self.proj_7; + postgis_2_5 = (prev.postgresqlPackages.postgis.override { + proj = final.proj_7; }).overrideAttrs(_: rec { version = "2.5.5"; - src = super.fetchurl { + src = prev.fetchurl { url = "https://download.osgeo.org/postgis/source/postgis-${version}.tar.gz"; sha256 = "0547xjk6jcwx44s6dsfp4f4j93qrbf2d2j8qhd23w55a58hs05qj"; }; }); - prometheus-elasticsearch-exporter = super.callPackage ./prometheus-elasticsearch-exporter.nix { }; + prometheus-elasticsearch-exporter = prev.callPackage ./prometheus-elasticsearch-exporter.nix { }; - python27 = super.python27.overrideAttrs (prev: { - buildInputs = prev.buildInputs ++ [ super.libxcrypt-legacy ]; + python27 = prev.python27.overrideAttrs (prev: { + buildInputs = prev.buildInputs ++ [ final.libxcrypt-legacy ]; NIX_LDFLAGS = "-lcrypt"; configureFlags = [ - "CFLAGS=-I${super.libxcrypt-legacy}/include" - "LIBS=-L${super.libxcrypt-legacy}/lib" + "CFLAGS=-I${final.libxcrypt-legacy}/include" + "LIBS=-L${final.libxcrypt-legacy}/lib" ]; }); - pythonPackagesExtensions = super.pythonPackagesExtensions ++ [ + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ (python-final: python-prev: { pyslurm = python-prev.pyslurm.overridePythonAttrs(_: { version = "unstable-2023-05-12"; - src = super.fetchFromGitHub { + src = prev.fetchFromGitHub { owner = "pyslurm"; repo = "pyslurm"; rev = "42471d8575e89caa64fea55677d1af130328b4a7"; @@ -366,35 +366,35 @@ in { ]; # This was renamed in NixOS 22.11, nixos-mailserver still refers to the old name. - pypolicyd-spf = self.spf-engine; + pypolicyd-spf = final.spf-engine; - rabbitmq-server_3_8 = super.rabbitmq-server; + rabbitmq-server_3_8 = prev.rabbitmq-server; - sensu = super.callPackage ./sensu { }; - sensu-plugins-elasticsearch = super.callPackage ./sensuplugins-rb/sensu-plugins-elasticsearch { }; - sensu-plugins-kubernetes = super.callPackage ./sensuplugins-rb/sensu-plugins-kubernetes { }; - sensu-plugins-memcached = super.callPackage ./sensuplugins-rb/sensu-plugins-memcached { }; - sensu-plugins-mysql = super.callPackage ./sensuplugins-rb/sensu-plugins-mysql { }; - sensu-plugins-disk-checks = super.callPackage ./sensuplugins-rb/sensu-plugins-disk-checks { }; - sensu-plugins-entropy-checks = super.callPackage ./sensuplugins-rb/sensu-plugins-entropy-checks { }; - sensu-plugins-http = super.callPackage ./sensuplugins-rb/sensu-plugins-http { }; - sensu-plugins-logs = super.callPackage ./sensuplugins-rb/sensu-plugins-logs { }; - sensu-plugins-network-checks = super.callPackage ./sensuplugins-rb/sensu-plugins-network-checks { }; - sensu-plugins-postfix = super.callPackage ./sensuplugins-rb/sensu-plugins-postfix { }; - sensu-plugins-postgres = super.callPackage ./sensuplugins-rb/sensu-plugins-postgres { }; - sensu-plugins-rabbitmq = super.callPackage ./sensuplugins-rb/sensu-plugins-rabbitmq { }; - sensu-plugins-redis = super.callPackage ./sensuplugins-rb/sensu-plugins-redis { }; + sensu = prev.callPackage ./sensu { }; + sensu-plugins-elasticsearch = prev.callPackage ./sensuplugins-rb/sensu-plugins-elasticsearch { }; + sensu-plugins-kubernetes = prev.callPackage ./sensuplugins-rb/sensu-plugins-kubernetes { }; + sensu-plugins-memcached = prev.callPackage ./sensuplugins-rb/sensu-plugins-memcached { }; + sensu-plugins-mysql = prev.callPackage ./sensuplugins-rb/sensu-plugins-mysql { }; + sensu-plugins-disk-checks = prev.callPackage ./sensuplugins-rb/sensu-plugins-disk-checks { }; + sensu-plugins-entropy-checks = prev.callPackage ./sensuplugins-rb/sensu-plugins-entropy-checks { }; + sensu-plugins-http = prev.callPackage ./sensuplugins-rb/sensu-plugins-http { }; + sensu-plugins-logs = prev.callPackage ./sensuplugins-rb/sensu-plugins-logs { }; + sensu-plugins-network-checks = prev.callPackage ./sensuplugins-rb/sensu-plugins-network-checks { }; + sensu-plugins-postfix = prev.callPackage ./sensuplugins-rb/sensu-plugins-postfix { }; + sensu-plugins-postgres = prev.callPackage ./sensuplugins-rb/sensu-plugins-postgres { }; + sensu-plugins-rabbitmq = prev.callPackage ./sensuplugins-rb/sensu-plugins-rabbitmq { }; + sensu-plugins-redis = prev.callPackage ./sensuplugins-rb/sensu-plugins-redis { }; - solr = super.callPackage ./solr { }; + solr = prev.callPackage ./solr { }; - temporal_tables = super.callPackage ./postgresql/temporal_tables { }; + temporal_tables = prev.callPackage ./postgresql/temporal_tables { }; - tideways_daemon = super.callPackage ./tideways/daemon.nix {}; - tideways_module = super.callPackage ./tideways/module.nix {}; + tideways_daemon = prev.callPackage ./tideways/daemon.nix {}; + tideways_module = prev.callPackage ./tideways/module.nix {}; - wkhtmltopdf_0_12_5 = super.callPackage ./wkhtmltopdf/0_12_5.nix { }; - wkhtmltopdf_0_12_6 = super.callPackage ./wkhtmltopdf/0_12_6.nix { }; - wkhtmltopdf = self.wkhtmltopdf_0_12_6; + wkhtmltopdf_0_12_5 = prev.callPackage ./wkhtmltopdf/0_12_5.nix { }; + wkhtmltopdf_0_12_6 = prev.callPackage ./wkhtmltopdf/0_12_6.nix { }; + wkhtmltopdf = final.wkhtmltopdf_0_12_6; - xtrabackup = self.percona-xtrabackup_8_0; + xtrabackup = final.percona-xtrabackup_8_0; } diff --git a/release/default.nix b/release/default.nix index 785fc834f..bb0f424f7 100644 --- a/release/default.nix +++ b/release/default.nix @@ -305,6 +305,9 @@ let # VM image for the Flying Circus infrastructure. fc = lib.hydraJob (import "${nixpkgs_}/nixos/lib/eval-config.nix" { inherit system; + specialArgs = { + inherit (import ../versions.nix { inherit pkgs; }) nixos-mailserver; + }; modules = [ (import ./vm-image.nix imgArgs) (import version_nix {}) diff --git a/tests/default.nix b/tests/default.nix index e452d7292..c71c2d233 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -11,7 +11,7 @@ let inherit system; } // args); - callTest = fn: args: hydraJob (importTest fn args system).test; + callTest = fn: args: hydraJob (importTest fn args system); callSubTests = fn: args: let discover = attrs: let diff --git a/tests/lamp/package-test.nix b/tests/lamp/package-test.nix index 434db18be..42ac1d2d8 100644 --- a/tests/lamp/package-test.nix +++ b/tests/lamp/package-test.nix @@ -2,22 +2,19 @@ let php = pkgs.${version}; pcreTestPackage = import ./pcre-test-package.nix { pkgs = pkgs; php = php; }; -in -{ - test = pkgs.runCommand "php-pcre-test-${version}" {} '' - set -eo pipefail +in pkgs.runCommand "php-pcre-test-${version}" {} '' + set -eo pipefail - # run ${pcreTestPackage}/testPcre.sh and save output as variable - output=$(${pcreTestPackage}/testPcre.sh) + # run ${pcreTestPackage}/testPcre.sh and save output as variable + output=$(${pcreTestPackage}/testPcre.sh) - # remove the first line of the output, which just roughly shows the command that was run - output=$(echo "''${output}" | tail -n +2) + # remove the first line of the output, which just roughly shows the command that was run + output=$(echo "''${output}" | tail -n +2) - # if output contains "doesnotwork", exit with error - if echo "$output" | grep "doesnotwork"; then - echo "PCRE test failed with output: $output" - exit 1 - fi - >$out - ''; -} + # if output contains "doesnotwork", exit with error + if echo "$output" | grep "doesnotwork"; then + echo "PCRE test failed with output: $output" + exit 1 + fi + >$out +'' diff --git a/tests/make-test-python.nix b/tests/make-test-python.nix index 29dd4cff0..7672a0d5b 100644 --- a/tests/make-test-python.nix +++ b/tests/make-test-python.nix @@ -43,12 +43,18 @@ f: { , ... } @ args: -with import "${nixpkgs}/nixos/lib/testing-python.nix" { - inherit system pkgs; -}; - let - lib = pkgs.lib; + inherit (pkgs) lib; + pytest = import "${nixpkgs}/nixos/lib/testing-python.nix" { + inherit system pkgs; + }; + + defaultTest = { + node.specialArgs = { + inherit (import ../versions.nix { inherit pkgs; }) nixos-mailserver; + }; + }; + test = if lib.isFunction f then f (args // { @@ -57,11 +63,11 @@ let }) else f; - makeTestSkipLint = args: makeTest ({ skipLint = true; } // args); + makeTestSkipLint = args: pytest.runTest ({ skipLint = true; } // args); in if test ? testCases then lib.mapAttrs (testCaseName: testCase: makeTestSkipLint ( testCase // { name = "${test.name}-${testCaseName}"; })) test.testCases -else makeTestSkipLint test + else makeTestSkipLint (lib.recursiveUpdate defaultTest test)