Unverified Commit b658a928 authored by github-actions[bot]'s avatar github-actions[bot] Committed by GitHub
Browse files

Merge master into staging-next

parents 2675fbb8 af56b152

.gitattributes

+1 −1
Original line number Diff line number Diff line 
**/deps.nix linguist-generated

**/deps.json linguist-generated

**/deps.toml lingust-generated

**/deps.toml linguist-generated

**/node-packages.nix linguist-generated



pkgs/applications/editors/emacs-modes/*-generated.nix linguist-generated

maintainers/maintainer-list.nix

+6 −0
Original line number Diff line number Diff line
@@ -14830,6 +14830,12 @@ 
    githubId = 2825204;

    name = "Steven Pease";

  };

  spectre256 = {

    name = "Ellis Gibbons";

    email = "egibbons256@gmail.com";

    github = "spectre256";

    githubId = 72505298;

  };

  spencerjanssen = {

    email = "spencerjanssen@gmail.com";

    matrix = "@sjanssen:matrix.org";

nixos/doc/manual/release-notes/rl-2305.section.md

+2 −0
Original line number Diff line number Diff line
@@ -343,6 +343,8 @@ In addition to numerous new and upgraded packages, this release has the followin 


- The `pict-rs` package was updated from an 0.3 alpha release to 0.3 stable, and related environment variables now require two underscores instead of one.



- `espanso` has been updated to major version 2. Therefore, migration steps may need to be performed. See [the official migration instructions](https://espanso.org/docs/migration/overview/) for how to perform these migrations. Further, `espanso-wayland` can now be used for Wayland support.



## Other Notable Changes {#sec-release-23.05-notable-changes}



<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/services/misc/redmine.nix

+1 −1
Original line number Diff line number Diff line
@@ -419,7 +419,7 @@ in 
        Group = cfg.group;

        TimeoutSec = "300";

        WorkingDirectory = "${cfg.package}/share/redmine";

        ExecStart="${bundle} exec rails server webrick -e production -p ${toString cfg.port} -P '${cfg.stateDir}/redmine.pid'";

        ExecStart="${bundle} exec rails server -u webrick -e production -p ${toString cfg.port} -P '${cfg.stateDir}/redmine.pid'";

      };



    };

nixos/tests/headscale.nix

+80 −15
Original line number Diff line number Diff line 
import ./make-test-python.nix ({ pkgs, lib, ... }: {

import ./make-test-python.nix ({ pkgs, lib, ... }:

  let

    tls-cert =

      pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''

        openssl req \

          -x509 -newkey rsa:4096 -sha256 -days 365 \

          -nodes -out cert.pem -keyout key.pem \

          -subj '/CN=headscale' -addext "subjectAltName=DNS:headscale"



        mkdir -p $out

        cp key.pem cert.pem $out

      '';

  in {

    name = "headscale";

    meta.maintainers = with lib.maintainers; [ misterio77 ];



  nodes.machine = { ... }: {

    services.headscale.enable = true;

    nodes = let

      headscalePort = 8080;

      stunPort = 3478;

      peer = {

        services.tailscale.enable = true;

        security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];

      };

    in {

      peer1 = peer;

      peer2 = peer;



      headscale = {

        services = {

          headscale = {

            enable = true;

            port = headscalePort;

            settings = {

              server_url = "https://headscale";

              ip_prefixes = [ "100.64.0.0/10" ];

              derp.server = {

                enabled = true;

                region_id = 999;

                stun_listen_addr = "0.0.0.0:${toString stunPort}";

              };

            };

          };

          nginx = {

            enable = true;

            virtualHosts.headscale = {

              addSSL = true;

              sslCertificate = "${tls-cert}/cert.pem";

              sslCertificateKey = "${tls-cert}/key.pem";

              locations."/" = {

                proxyPass = "http://127.0.0.1:${toString headscalePort}";

                proxyWebsockets = true;

              };

            };

          };

        };

        networking.firewall = {

          allowedTCPPorts = [ 80 443 ];

          allowedUDPPorts = [ stunPort ];

        };

        environment.systemPackages = [ pkgs.headscale ];

      };

    };



    testScript = ''

    machine.wait_for_unit("headscale")

    machine.wait_for_open_port(8080)

    # Test basic functionality

    machine.succeed("headscale namespaces create test")

    machine.succeed("headscale preauthkeys -u test create")

      start_all()

      headscale.wait_for_unit("headscale")

      headscale.wait_for_open_port(443)



      # Create headscale user and preauth-key

      headscale.succeed("headscale users create test")

      authkey = headscale.succeed("headscale preauthkeys -u test create --reusable")



      # Connect peers

      up_cmd = f"tailscale up --login-server 'https://headscale' --auth-key {authkey}"

      peer1.execute(up_cmd)

      peer2.execute(up_cmd)



      # Check that they are reachable from the tailnet

      peer1.wait_until_succeeds("tailscale ping peer2")

      peer2.wait_until_succeeds("tailscale ping peer1")

    '';

  })