404162ac1e
now we can have flashable and tftpboot in the same configuration
236 lines
5.5 KiB
Nix
236 lines
5.5 KiB
Nix
# This is not part of Liminix per se. This is a "scratchpad"
|
|
# configuration for a device I'm testing with.
|
|
#
|
|
# Parts of it do do things that Liminix eventually needs to do, but
|
|
# don't look in here for solutions - just for identifying the
|
|
# problems.
|
|
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
secrets = import ./extneder-secrets.nix;
|
|
inherit
|
|
(pkgs.liminix.networking)
|
|
address
|
|
udhcpc
|
|
interface
|
|
route
|
|
;
|
|
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
|
inherit (pkgs.pseudofile) dir symlink;
|
|
inherit (pkgs) writeText dropbear ifwait serviceFns
|
|
;
|
|
in rec {
|
|
boot = {
|
|
tftp = {
|
|
enable = true;
|
|
serverip = "192.168.8.148";
|
|
ipaddr = "192.168.8.251";
|
|
};
|
|
};
|
|
|
|
imports = [
|
|
../modules/tftpboot.nix
|
|
../modules/wlan.nix
|
|
../modules/flashable.nix
|
|
../modules/kexecboot.nix
|
|
];
|
|
|
|
hostname = "arhcive";
|
|
|
|
kernel = {
|
|
config = {
|
|
USB = "y";
|
|
USB_EHCI_HCD = "y";
|
|
USB_EHCI_HCD_PLATFORM = "y";
|
|
USB_OHCI_HCD = "y";
|
|
USB_OHCI_HCD_PLATFORM = "y";
|
|
USB_SUPPORT = "y";
|
|
USB_COMMON = "y";
|
|
USB_STORAGE = "y";
|
|
USB_STORAGE_DEBUG = "n";
|
|
USB_UAS = "y";
|
|
USB_ANNOUNCE_NEW_DEVICES = "y";
|
|
SCSI = "y";
|
|
BLK_DEV_SD = "y";
|
|
USB_PRINTER = "y";
|
|
PARTITION_ADVANCED = "y";
|
|
MSDOS_PARTITION = "y";
|
|
EFI_PARTITION = "y";
|
|
EXT4_FS = "y";
|
|
EXT4_USE_FOR_EXT2 = "y";
|
|
FS_ENCRYPTION = "y";
|
|
};
|
|
};
|
|
|
|
services.dhcpc =
|
|
let iface = config.hardware.networkInterfaces.lan;
|
|
in (udhcpc iface {
|
|
dependencies = [ config.services.hostname ];
|
|
}) // { inherit (iface) device; };
|
|
|
|
services.sshd = longrun {
|
|
name = "sshd";
|
|
run = ''
|
|
mkdir -p /run/dropbear
|
|
${dropbear}/bin/dropbear -E -P /run/dropbear.pid -R -F
|
|
'';
|
|
};
|
|
|
|
services.watchdog =
|
|
let
|
|
watched = with config.services ; [ sshd dhcpc ];
|
|
spinupGrace = 60;
|
|
script = pkgs.writeAshScript "gaspode" {
|
|
runtimeInputs = [ pkgs.s6 ];
|
|
} ''
|
|
deadline=$(expr $(date +%s) + ${toString spinupGrace})
|
|
services=$@
|
|
echo started feeding the dog
|
|
exec 3> ''${WATCHDOG-/dev/watchdog}
|
|
|
|
healthy(){
|
|
test $(date +%s) -le $deadline && return 0
|
|
|
|
for i in $services; do
|
|
if test "$(s6-svstat -o up /run/service/$i)" != "true" ; then
|
|
echo "service $i is down"
|
|
return 1
|
|
fi
|
|
done
|
|
}
|
|
|
|
while healthy ;do
|
|
sleep 10
|
|
echo >&3
|
|
done
|
|
echo "stopped feeding the dog"
|
|
sleep 6000 # don't want s6-rc to restart
|
|
'';
|
|
in longrun {
|
|
name = "watchdog";
|
|
run =
|
|
"${script} ${lib.concatStringsSep " " (builtins.map (s: s.name) watched)}";
|
|
};
|
|
|
|
|
|
services.resolvconf = oneshot rec {
|
|
dependencies = [ services.dhcpc ];
|
|
name = "resolvconf";
|
|
up = ''
|
|
. ${serviceFns}
|
|
( in_outputs ${name}
|
|
for i in $(output ${services.dhcpc} dns); do
|
|
echo "nameserver $i" > resolv.conf
|
|
done
|
|
)
|
|
'';
|
|
down = ''
|
|
rm -rf /run/service-state/${name}/
|
|
'';
|
|
};
|
|
filesystem = dir {
|
|
etc = dir {
|
|
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
|
|
};
|
|
srv = dir {};
|
|
};
|
|
|
|
services.defaultroute4 = route {
|
|
name = "defaultroute";
|
|
via = "$(output ${services.dhcpc} router)";
|
|
target = "default";
|
|
dependencies = [services.dhcpc];
|
|
};
|
|
|
|
programs.busybox = {
|
|
applets = ["blkid" "lsusb" "findfs" "tar"];
|
|
options = {
|
|
FEATURE_LS_TIMESTAMPS = "y";
|
|
FEATURE_LS_SORTFILES = "y";
|
|
FEATURE_BLKID_TYPE = "y";
|
|
FEATURE_MOUNT_FLAGS = "y";
|
|
FEATURE_MOUNT_LABEL = "y";
|
|
FEATURE_VOLUMEID_EXT = "y";
|
|
};
|
|
};
|
|
|
|
services.mount_external_disk = oneshot {
|
|
name = "mount_external_disk";
|
|
up = ''
|
|
while ! findfs LABEL=backup-disk; do
|
|
echo waiting for backup-disk
|
|
sleep 1
|
|
done
|
|
mount -t ext4 LABEL=backup-disk /srv
|
|
'';
|
|
down = "umount /srv";
|
|
};
|
|
|
|
services.rsync =
|
|
let
|
|
secrets_file = oneshot rec {
|
|
name = "rsync-secrets";
|
|
up = ''
|
|
. ${serviceFns}
|
|
(in_outputs ${name}
|
|
echo "backup:${secrets.rsync_secret}" > secrets)
|
|
'';
|
|
down = "true";
|
|
};
|
|
configFile = writeText "rsync.conf" ''
|
|
pid file = /run/rsyncd.pid
|
|
uid = backup
|
|
[srv]
|
|
path = /srv
|
|
use chroot = yes
|
|
auth users = backup
|
|
read only = false
|
|
gid = backup
|
|
secrets file = ${secrets_file}/.outputs/secrets
|
|
'';
|
|
in longrun {
|
|
name = "rsync";
|
|
run = ''
|
|
${pkgs.rsync}/bin/rsync --no-detach --daemon --config=${configFile}
|
|
'';
|
|
dependencies = [
|
|
secrets_file
|
|
services.mount_external_disk
|
|
config.hardware.networkInterfaces.lan
|
|
] ;
|
|
};
|
|
|
|
services.default = target {
|
|
name = "default";
|
|
contents =
|
|
let links = config.hardware.networkInterfaces;
|
|
in with config.services; [
|
|
links.lo
|
|
defaultroute4
|
|
resolvconf
|
|
sshd
|
|
rsync
|
|
watchdog
|
|
];
|
|
};
|
|
|
|
users.root = {
|
|
passwd = lib.mkForce secrets.root_password;
|
|
# openssh.authorizedKeys.keys = [
|
|
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
|
|
# ];
|
|
};
|
|
|
|
users.backup = {
|
|
uid=500; gid=500; gecos="Storage owner"; dir="/srv";
|
|
shell="/dev/null";
|
|
};
|
|
groups.backup = {
|
|
gid=500; usernames = ["backup"];
|
|
};
|
|
|
|
defaultProfile.packages = with pkgs; [e2fsprogs strace tcpdump ];
|
|
}
|