Skip to content

Loading…

Shell assertions in config phase #111

Open
domenkozar opened this Issue · 8 comments

4 participants

@domenkozar
Official Nix/Nixpkgs/NixOS member

Feature request:

Software with DSL config files normally has a way to validate the config file before service is restarted. I'd like to assert that generated config file passes that test before systemd service is restarted.

For example, for nginx one can do nginx -t -c default.confg and non-zero exit code should stop nixos-rebuild script with an error.

PS: if such convention already exists, I'm happy to document it somewhere (wiki?)

@vcunat
Official Nix/Nixpkgs/NixOS member

Oh, this is IMO a really good idea. I don't know about any placed used, but that's not a useful information, as I know very little about NixOS expressions.

@garbas

i think you could do this in similar way that modules/services/networking/ircd-hybrid/default.nix is done. since there it creates derivation and you could run configtest in one of test phases

@edolstra
Official Nix/Nixpkgs/NixOS member

We actually had something like that in the Upstart era. See e.g. https://github.com/NixOS/nixos/blob/ce3941d6e6d7c5f4f683d3ef25070cd1c803a79b/modules/services/web-servers/apache-httpd/default.nix (look for "buildHook"). The idea was that building the httpd job fails if the configuration file is not syntactically correct. (Well, that was the theory. It didn't actually work because "httpd -t" is impure.)

@domenkozar
Official Nix/Nixpkgs/NixOS member

There is no way to create user/group before the build check? Nginx seems to do the same:

nginx: [emerg] getpwnam("www-data2") failed in /etc/nginx/nginx.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
@vcunat
Official Nix/Nixpkgs/NixOS member

Can't the needed files be built in a separate derivation? Then it could be given as another input.

@domenkozar
Official Nix/Nixpkgs/NixOS member
@vcunat
Official Nix/Nixpkgs/NixOS member

Yes, that was an example of building a NixOS service by a derivation... so you want this and additionally a test phase that checks the config.

Moreover, I just speculated that if you're missing some other stuff (like /etc/passwd), IMHO it could be separated into another derivation and used as and additional input... but I would rather avoid this if possible.

@domenkozar
Official Nix/Nixpkgs/NixOS member

OK, I'll play around and post here the results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.