Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

headscale: make module conform with rfc42 and upstream (0.17.1) config. #203938

Merged
merged 1 commit into from
Dec 23, 2022

Conversation

kradalby
Copy link
Member

@kradalby kradalby commented Dec 1, 2022

Description of changes

This PR changes the headscale module to conform with RFC42 as it had already drifted from upstream configuration and updates headscale to version 0.17.1.

There are currently multiple commits, and might be some more after comments, I'll squash it up before merge.

This PR contains the changes from #203694.
This PR supersede and closes #167513.

Things done
  1. Formatted the code with nixpkgs-fmt
  2. Moved all settings to settings key, mirroring the naming from upstream
  3. Marked all renamed module settings
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

Signed-off-by: Kristoffer Dalby kristoffer@dalby.cc

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Dec 1, 2022
@kradalby kradalby mentioned this pull request Dec 1, 2022
13 tasks
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Dec 1, 2022
@github-actions github-actions bot added 8.has: changelog 8.has: documentation This PR adds or changes documentation labels Dec 1, 2022
@kradalby
Copy link
Member Author

kradalby commented Dec 1, 2022

Doc build failure seem to be related to the redmine module and not headscale.

Copy link
Member

@06kellyjac 06kellyjac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally looks good. Added some comments

};
};

meta.maintainers = with maintainers; [ kradalby ];
meta.maintainers = with maintainers; [kradalby];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spaces should remain. Same in other places

nixpkgs-fmt

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed.

@@ -38,3 +38,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules)

- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).

- The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed:
- Most settings has been migrated under [](#opt-services.grafana.settings) which is an attribute-set that
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[] probably needs to be filled & the link updated to not be grafana

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This list is pretty short so it's bound to happen right now but the advice is to put the item in at a random point in this list to avoid merge conflicts

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

Copy link
Member

@Misterio77 Misterio77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, looks great!

Just pulled it and tested on my server, here's a few small errors I found:

Comment on lines 422 to 423
${optionalString (cfg.setting.db_password_file != null) ''
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.setting.db_password_file})"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
${optionalString (cfg.setting.db_password_file != null) ''
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.setting.db_password_file})"
${optionalString (cfg.settings.db_password_file != null) ''
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.settings.db_password_file})"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

description = lib.mdDoc "Database user.";
};

db_passwordFile = mkOption {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
db_passwordFile = mkOption {
db_password_file = mkOption {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@RaitoBezarius
Copy link
Member

Blocked on #203952.

@kradalby kradalby force-pushed the headscale-rfc0042 branch 2 times, most recently from e256801 to 9bba67b Compare December 1, 2022 16:38
@kradalby kradalby requested a review from 06kellyjac December 1, 2022 16:48
@kradalby kradalby marked this pull request as ready for review December 1, 2022 16:48
@kradalby kradalby requested a review from Misterio77 December 1, 2022 16:48
@kradalby
Copy link
Member Author

kradalby commented Dec 1, 2022

@Misterio77 How do you feel about me cherry picking your two relevant commits (f69b63e and f76bebb) onto this one?

@Misterio77
Copy link
Member

Feel free! :)

@Misterio77
Copy link
Member

Also, I'd love to help maintain the package and/or module. Feel free to add me as a maintainer if you folks could use some help.

nixos/modules/services/networking/headscale.nix Outdated Show resolved Hide resolved
nixos/modules/services/networking/headscale.nix Outdated Show resolved Hide resolved
@kradalby
Copy link
Member Author

kradalby commented Dec 1, 2022

I picked @Misterio77's commits from #203694 onto this PR so we have a consistent change with since the new module and the new version depend on each other.

I also added @Misterio77 as a headscale maintainer.

I believe this is good for review now, and I can squash it all up when someone has approved it.

@ofborg ofborg bot requested a review from NKJe December 1, 2022 21:13
@ofborg ofborg bot added 11.by: package-maintainer This PR was created by the maintainer of the package it changes 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 and removed 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin labels Dec 1, 2022
@ofborg ofborg bot requested a review from Misterio77 December 1, 2022 21:14
Copy link
Member

@Misterio77 Misterio77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Misterio77
Copy link
Member

Misterio77 commented Dec 3, 2022

Hey!

I was wondering if we should include all options like that. We're using freeform options following RFC42 but, according to it, we should probably only explicitly include options that are either important, required for the program to run, or are secrets (so that the user can use a file instead).

@ghuntley
Copy link
Member

ghuntley commented Dec 3, 2022

explicitly include options that are either important

  • override_local_dns is a key feature so my vote is to include?
  • we have log.level ... undecided if to include log.format

CleanShot 2022-12-03 at 17 08 29@2x

A downside of RFC42 is it reduces discovery of options. I often head to https://search.nixos.org -> options and search for config options. Having items listed there highlights that the option is configurable.

@mweinelt mweinelt added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Dec 3, 2022
@kradalby
Copy link
Member Author

kradalby commented Dec 5, 2022

@ghuntley Thanks!, I will get in the changes a bit later today.

On backport: I am happy to have it backported, "open question", this will break people who has already upgraded and use headscale, what is NixOS's policy for that?

On adding all options: I am not against adding all options per sei, as I appreciate search.nixos.org a lot (Really I would love Nix to be the way to configure headscale and the defacto standard). I like the way its documented and makes it discoverable. But I am worried about drift if I forget, or an option goes unnoticed by other maintainers.

In any case, I do not have a strong opinion, and I'm happy to try to keep it up to date, and with the new format, we allow passthrough of options so it should at least not block updates.

@Misterio77 @ghuntley @06kellyjac

@kradalby kradalby force-pushed the headscale-rfc0042 branch 2 times, most recently from 918db65 to 2586008 Compare December 5, 2022 10:06
@kradalby kradalby requested a review from ghuntley December 5, 2022 10:06
@ofborg ofborg bot requested a review from Misterio77 December 5, 2022 10:16
@kradalby kradalby changed the title headscale: make module conform with rfc42 and upstream (0.17.0) config. headscale: make module conform with rfc42 and upstream (0.17.1) config. Dec 7, 2022
@kradalby
Copy link
Member Author

kradalby commented Dec 7, 2022

I've updated this to 0.17.1 which has been released and added a missing build flag. PTAL

@viq
Copy link
Contributor

viq commented Dec 20, 2022

Does anything else need to happen for this to be merged?

@viq
Copy link
Contributor

viq commented Dec 23, 2022

@kradalby @Misterio77 @ghuntley @NKJe @06kellyjac Does anything else need to happen for this to be merged?

@kradalby
Copy link
Member Author

@viq should not be, or I seem to have to resolve some new conflicts, but other than that its been ready a few weeks.

@K900
Copy link
Contributor

K900 commented Dec 23, 2022

I'm interested in getting this in, so ping me when you resolve conflicts and I can merge.

This commit upgrades headscale to the newest version, 0.17.0 and updates
the module with the current breaking config changes.

In addition, the module is rewritten to conform with RFC0042 to try to
prevent some drift between the module and the upstream.

A new maintainer, Misterio77, is added as maintainer.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Gabriel Fontes <hi@m7.rs>
Co-authored-by: Geoffrey Huntley <ghuntley@ghuntley.com>
@kradalby
Copy link
Member Author

@K900 @viq Resolved.

@ofborg ofborg bot requested a review from Misterio77 December 23, 2022 14:59
@K900 K900 merged commit e0a2c59 into NixOS:master Dec 23, 2022
@github-actions
Copy link
Contributor

Backport failed for release-22.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-22.11
git worktree add -d .worktree/backport-203938-to-release-22.11 origin/release-22.11
cd .worktree/backport-203938-to-release-22.11
git checkout -b backport-203938-to-release-22.11
ancref=$(git merge-base ef77bcb369d0f5c7840992277b8621abe803f042 571780384a4327b5af15c411b23e318be5cfc9f0)
git cherry-pick -x $ancref..571780384a4327b5af15c411b23e318be5cfc9f0

'';
};

override_local_dns = mkOption {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any particular reason we're setting this to false when upstream defaults to true? This seems to break MagicDNS by default (which may or may not be an upstream bug).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 11.by: package-maintainer This PR was created by the maintainer of the package it changes 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants