Loading nixos/modules/services/monitoring/cockpit.nix +23 −3 Original line number Diff line number Diff line Loading @@ -12,7 +12,6 @@ let mkEnableOption mkOption mkIf literalMD mkPackageOption ; settingsFormat = pkgs.formats.ini { }; Loading @@ -26,6 +25,18 @@ in default = [ "cockpit" ]; }; allowed-origins = lib.mkOption { type = types.listOf types.str; default = [ ]; description = '' List of allowed origins. Maps to the WebService.Origins setting and allows merging from multiple modules. ''; }; settings = lib.mkOption { type = settingsFormat.type; Loading Loading @@ -62,14 +73,16 @@ in # generate cockpit settings environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings; security.pam.services.cockpit = { }; security.pam.services.cockpit = { startSession = true; }; networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; systemd.packages = [ cfg.package ]; systemd.sockets.cockpit.wantedBy = [ "multi-user.target" ]; systemd.sockets.cockpit.listenStreams = [ "" "" # workaround so it doesn't listen on both ports caused by the runtime merging (toString cfg.port) ]; Loading @@ -80,6 +93,13 @@ in "L+ /run/cockpit/motd - - - - inactive.motd" "d /etc/cockpit/ws-certs.d 0600 root root 0" ]; services.cockpit.allowed-origins = [ "https://localhost:${toString config.services.cockpit.port}" ]; services.cockpit.settings.WebService.Origins = builtins.concatStringsSep " " config.services.cockpit.allowed-origins; }; meta.maintainers = pkgs.cockpit.meta.maintainers; Loading nixos/tests/cockpit.nix +8 −6 Original line number Diff line number Diff line Loading @@ -23,11 +23,9 @@ import ./make-test-python.nix ( enable = true; port = 7890; openFirewall = true; settings = { WebService = { Origins = "https://server:7890"; }; }; allowed-origins = [ "https://server:${toString config.services.cockpit.port}" ]; }; }; client = Loading Loading @@ -123,10 +121,14 @@ import ./make-test-python.nix ( assert "Web console is running in limited access mode" in driver.page_source log("Clicking the sudo button") for button in driver.find_elements(By.TAG_NAME, "button"): if 'admin' in button.text: button.click() driver.switch_to.default_content() driver.find_element(By.CSS_SELECTOR, 'button.ct-locked').click() log("Checking that /nonexistent is not a thing") assert '/nonexistent' not in driver.page_source assert len(driver.find_elements(By.CSS_SELECTOR, '#machine-reconnect')) == 0 driver.close() ''; Loading pkgs/by-name/co/cockpit/package.nix +22 −2 Original line number Diff line number Diff line Loading @@ -14,7 +14,9 @@ git, glib, glib-networking, gnused, gnutls, iproute2, json-glib, krb5, libssh, Loading @@ -33,6 +35,7 @@ systemd, udev, xmlto, which, }: stdenv.mkDerivation (finalAttrs: { Loading Loading @@ -63,6 +66,7 @@ stdenv.mkDerivation (finalAttrs: { python3Packages.setuptools systemd xmlto which ]; buildInputs = [ Loading Loading @@ -93,6 +97,9 @@ stdenv.mkDerivation (finalAttrs: { substituteInPlace src/common/cockpitconf.c \ --replace-fail 'const char *cockpit_config_dirs[] = { PACKAGE_SYSCONF_DIR' 'const char *cockpit_config_dirs[] = { "/etc"' substituteInPlace src/**/*.c \ --replace '"/bin/sh"' "\"$(which sh)\"" # instruct users with problems to create a nixpkgs issue instead of nagging upstream directly substituteInPlace configure.ac \ --replace-fail 'devel@lists.cockpit-project.org' 'https://github.com/NixOS/nixpkgs/issues/new?assignees=&labels=0.kind%3A+bug&template=bug_report.md&title=cockpit%25' Loading Loading @@ -165,8 +172,21 @@ stdenv.mkDerivation (finalAttrs: { } \ --run 'cd $(mktemp -d)' wrapProgram $out/bin/cockpit-bridge \ for binary in $out/bin/cockpit-bridge $out/libexec/cockpit-askpass; do chmod +x $binary wrapProgram $binary \ --prefix PYTHONPATH : $out/${python3Packages.python.sitePackages} done patchShebangs $out/share/cockpit/issue/update-issue wrapProgram $out/share/cockpit/issue/update-issue \ --prefix PATH : ${ lib.makeBinPath [ iproute2 gnused ] } substituteInPlace $out/${python3Packages.python.sitePackages}/cockpit/_vendor/systemd_ctypes/libsystemd.py \ --replace-warn libsystemd.so.0 ${systemd}/lib/libsystemd.so.0 Loading Loading
nixos/modules/services/monitoring/cockpit.nix +23 −3 Original line number Diff line number Diff line Loading @@ -12,7 +12,6 @@ let mkEnableOption mkOption mkIf literalMD mkPackageOption ; settingsFormat = pkgs.formats.ini { }; Loading @@ -26,6 +25,18 @@ in default = [ "cockpit" ]; }; allowed-origins = lib.mkOption { type = types.listOf types.str; default = [ ]; description = '' List of allowed origins. Maps to the WebService.Origins setting and allows merging from multiple modules. ''; }; settings = lib.mkOption { type = settingsFormat.type; Loading Loading @@ -62,14 +73,16 @@ in # generate cockpit settings environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings; security.pam.services.cockpit = { }; security.pam.services.cockpit = { startSession = true; }; networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; systemd.packages = [ cfg.package ]; systemd.sockets.cockpit.wantedBy = [ "multi-user.target" ]; systemd.sockets.cockpit.listenStreams = [ "" "" # workaround so it doesn't listen on both ports caused by the runtime merging (toString cfg.port) ]; Loading @@ -80,6 +93,13 @@ in "L+ /run/cockpit/motd - - - - inactive.motd" "d /etc/cockpit/ws-certs.d 0600 root root 0" ]; services.cockpit.allowed-origins = [ "https://localhost:${toString config.services.cockpit.port}" ]; services.cockpit.settings.WebService.Origins = builtins.concatStringsSep " " config.services.cockpit.allowed-origins; }; meta.maintainers = pkgs.cockpit.meta.maintainers; Loading
nixos/tests/cockpit.nix +8 −6 Original line number Diff line number Diff line Loading @@ -23,11 +23,9 @@ import ./make-test-python.nix ( enable = true; port = 7890; openFirewall = true; settings = { WebService = { Origins = "https://server:7890"; }; }; allowed-origins = [ "https://server:${toString config.services.cockpit.port}" ]; }; }; client = Loading Loading @@ -123,10 +121,14 @@ import ./make-test-python.nix ( assert "Web console is running in limited access mode" in driver.page_source log("Clicking the sudo button") for button in driver.find_elements(By.TAG_NAME, "button"): if 'admin' in button.text: button.click() driver.switch_to.default_content() driver.find_element(By.CSS_SELECTOR, 'button.ct-locked').click() log("Checking that /nonexistent is not a thing") assert '/nonexistent' not in driver.page_source assert len(driver.find_elements(By.CSS_SELECTOR, '#machine-reconnect')) == 0 driver.close() ''; Loading
pkgs/by-name/co/cockpit/package.nix +22 −2 Original line number Diff line number Diff line Loading @@ -14,7 +14,9 @@ git, glib, glib-networking, gnused, gnutls, iproute2, json-glib, krb5, libssh, Loading @@ -33,6 +35,7 @@ systemd, udev, xmlto, which, }: stdenv.mkDerivation (finalAttrs: { Loading Loading @@ -63,6 +66,7 @@ stdenv.mkDerivation (finalAttrs: { python3Packages.setuptools systemd xmlto which ]; buildInputs = [ Loading Loading @@ -93,6 +97,9 @@ stdenv.mkDerivation (finalAttrs: { substituteInPlace src/common/cockpitconf.c \ --replace-fail 'const char *cockpit_config_dirs[] = { PACKAGE_SYSCONF_DIR' 'const char *cockpit_config_dirs[] = { "/etc"' substituteInPlace src/**/*.c \ --replace '"/bin/sh"' "\"$(which sh)\"" # instruct users with problems to create a nixpkgs issue instead of nagging upstream directly substituteInPlace configure.ac \ --replace-fail 'devel@lists.cockpit-project.org' 'https://github.com/NixOS/nixpkgs/issues/new?assignees=&labels=0.kind%3A+bug&template=bug_report.md&title=cockpit%25' Loading Loading @@ -165,8 +172,21 @@ stdenv.mkDerivation (finalAttrs: { } \ --run 'cd $(mktemp -d)' wrapProgram $out/bin/cockpit-bridge \ for binary in $out/bin/cockpit-bridge $out/libexec/cockpit-askpass; do chmod +x $binary wrapProgram $binary \ --prefix PYTHONPATH : $out/${python3Packages.python.sitePackages} done patchShebangs $out/share/cockpit/issue/update-issue wrapProgram $out/share/cockpit/issue/update-issue \ --prefix PATH : ${ lib.makeBinPath [ iproute2 gnused ] } substituteInPlace $out/${python3Packages.python.sitePackages}/cockpit/_vendor/systemd_ctypes/libsystemd.py \ --replace-warn libsystemd.so.0 ${systemd}/lib/libsystemd.so.0 Loading
