-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
headscale: make module conform with rfc42 and upstream (0.17.1) config. #203938
Conversation
Doc build failure seem to be related to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
generally looks good. Added some comments
}; | ||
}; | ||
|
||
meta.maintainers = with maintainers; [ kradalby ]; | ||
meta.maintainers = with maintainers; [kradalby]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
spaces should remain. Same in other places
nixpkgs-fmt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed.
@@ -38,3 +38,9 @@ In addition to numerous new and upgraded packages, this release has the followin | |||
- The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules) | |||
|
|||
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). | |||
|
|||
- The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: | |||
- Most settings has been migrated under [](#opt-services.grafana.settings) which is an attribute-set that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[]
probably needs to be filled & the link updated to not be grafana
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This list is pretty short so it's bound to happen right now but the advice is to put the item in at a random point in this list to avoid merge conflicts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed
7715148
to
def65e4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, looks great!
Just pulled it and tested on my server, here's a few small errors I found:
${optionalString (cfg.setting.db_password_file != null) '' | ||
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.setting.db_password_file})" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
${optionalString (cfg.setting.db_password_file != null) '' | |
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.setting.db_password_file})" | |
${optionalString (cfg.settings.db_password_file != null) '' | |
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.settings.db_password_file})" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
description = lib.mdDoc "Database user."; | ||
}; | ||
|
||
db_passwordFile = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
db_passwordFile = mkOption { | |
db_password_file = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
Blocked on #203952. |
e256801
to
9bba67b
Compare
@Misterio77 How do you feel about me cherry picking your two relevant commits (f69b63e and f76bebb) onto this one? |
Feel free! :) |
Also, I'd love to help maintain the package and/or module. Feel free to add me as a maintainer if you folks could use some help. |
I picked @Misterio77's commits from #203694 onto this PR so we have a consistent change with since the new module and the new version depend on each other. I also added @Misterio77 as a headscale maintainer. I believe this is good for review now, and I can squash it all up when someone has approved it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Hey! I was wondering if we should include all options like that. We're using freeform options following RFC42 but, according to it, we should probably only explicitly include options that are either important, required for the program to run, or are secrets (so that the user can use a file instead). |
A downside of RFC42 is it reduces discovery of options. I often head to https://search.nixos.org -> options and search for config options. Having items listed there highlights that the option is configurable. |
@ghuntley Thanks!, I will get in the changes a bit later today. On backport: I am happy to have it backported, "open question", this will break people who has already upgraded and use headscale, what is NixOS's policy for that? On adding all options: I am not against adding all options per sei, as I appreciate In any case, I do not have a strong opinion, and I'm happy to try to keep it up to date, and with the new format, we allow passthrough of options so it should at least not block updates. |
918db65
to
2586008
Compare
00ddd96
to
34176a5
Compare
I've updated this to 0.17.1 which has been released and added a missing build flag. PTAL |
34176a5
to
80ab363
Compare
Does anything else need to happen for this to be merged? |
@kradalby @Misterio77 @ghuntley @NKJe @06kellyjac Does anything else need to happen for this to be merged? |
@viq should not be, or I seem to have to resolve some new conflicts, but other than that its been ready a few weeks. |
I'm interested in getting this in, so ping me when you resolve conflicts and I can merge. |
This commit upgrades headscale to the newest version, 0.17.0 and updates the module with the current breaking config changes. In addition, the module is rewritten to conform with RFC0042 to try to prevent some drift between the module and the upstream. A new maintainer, Misterio77, is added as maintainer. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> Co-authored-by: Gabriel Fontes <hi@m7.rs> Co-authored-by: Geoffrey Huntley <ghuntley@ghuntley.com>
80ab363
to
5717803
Compare
Backport failed for Please cherry-pick the changes locally. git fetch origin release-22.11
git worktree add -d .worktree/backport-203938-to-release-22.11 origin/release-22.11
cd .worktree/backport-203938-to-release-22.11
git checkout -b backport-203938-to-release-22.11
ancref=$(git merge-base ef77bcb369d0f5c7840992277b8621abe803f042 571780384a4327b5af15c411b23e318be5cfc9f0)
git cherry-pick -x $ancref..571780384a4327b5af15c411b23e318be5cfc9f0 |
''; | ||
}; | ||
|
||
override_local_dns = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any particular reason we're setting this to false when upstream defaults to true? This seems to break MagicDNS by default (which may or may not be an upstream bug).
Description of changes
This PR changes the
headscale
module to conform with RFC42 as it had already drifted from upstream configuration and updates headscale to version 0.17.1.There are currently multiple commits, and might be some more after comments, I'll squash it up before merge.
This PR contains the changes from #203694.
This PR supersede and closes #167513.
Things done
nixpkgs-fmt
settings
key, mirroring the naming from upstreamsandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notesSigned-off-by: Kristoffer Dalby kristoffer@dalby.cc