forked from DGNum/liminix
Compare commits
4 commits
main
...
port-upstr
Author | SHA1 | Date | |
---|---|---|---|
|
1896d9d70c | ||
|
87e1fa128a | ||
|
7b5b930984 | ||
|
6b36215d61 |
19 changed files with 271 additions and 2 deletions
|
@ -28,6 +28,9 @@ in rec {
|
||||||
../modules/watchdog
|
../modules/watchdog
|
||||||
../modules/mount
|
../modules/mount
|
||||||
../modules/ppp
|
../modules/ppp
|
||||||
|
../modules/round-robin
|
||||||
|
../modules/health-check
|
||||||
|
../modules/profiles/gateway.nix
|
||||||
];
|
];
|
||||||
hostname = "thing";
|
hostname = "thing";
|
||||||
|
|
||||||
|
@ -38,7 +41,95 @@ in rec {
|
||||||
authType = "chap";
|
authType = "chap";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.dhcpc = svc.network.dhcp.client.build {
|
profile.gateway = {
|
||||||
|
lan = {
|
||||||
|
interfaces = with config.hardware.networkInterfaces;
|
||||||
|
[
|
||||||
|
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
|
||||||
|
# if your device has more or differently named lan interfaces,
|
||||||
|
# specify them here
|
||||||
|
wlan wlan5
|
||||||
|
lan
|
||||||
|
];
|
||||||
|
inherit (rsecrets.lan) prefix;
|
||||||
|
address = {
|
||||||
|
family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24;
|
||||||
|
};
|
||||||
|
dhcp = {
|
||||||
|
start = 10;
|
||||||
|
end = 240;
|
||||||
|
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||||
|
localDomain = "lan";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wan = {
|
||||||
|
interface = let
|
||||||
|
pppoe = svc.pppoe.build {
|
||||||
|
interface = config.hardware.networkInterfaces.wan;
|
||||||
|
debug = true;
|
||||||
|
username = rsecrets.l2tp.name;
|
||||||
|
password = rsecrets.l2tp.password;
|
||||||
|
};
|
||||||
|
|
||||||
|
l2tp =
|
||||||
|
let
|
||||||
|
check-address = oneshot rec {
|
||||||
|
name = "check-lns-address";
|
||||||
|
up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)";
|
||||||
|
dependencies = [ services.lns-address ];
|
||||||
|
};
|
||||||
|
route = svc.network.route.build {
|
||||||
|
via = "$(output ${services.bootstrap-dhcpc} router)";
|
||||||
|
target = lns.address;
|
||||||
|
dependencies = [services.bootstrap-dhcpc check-address];
|
||||||
|
};
|
||||||
|
l2tpd= svc.l2tp.build {
|
||||||
|
lns = lns.address;
|
||||||
|
ppp-options = [
|
||||||
|
"debug" "+ipv6" "noauth"
|
||||||
|
"name" rsecrets.l2tp.name
|
||||||
|
"password" rsecrets.l2tp.password
|
||||||
|
];
|
||||||
|
dependencies = [config.services.lns-address route check-address];
|
||||||
|
};
|
||||||
|
in
|
||||||
|
svc.health-check.build {
|
||||||
|
service = l2tpd;
|
||||||
|
threshold = 3;
|
||||||
|
interval = 2;
|
||||||
|
healthCheck = pkgs.writeAshScript "ping-check" {} "ping 1.1.1.1";
|
||||||
|
};
|
||||||
|
in svc.round-robin.build {
|
||||||
|
name = "wan";
|
||||||
|
services = [
|
||||||
|
pppoe
|
||||||
|
l2tp
|
||||||
|
];
|
||||||
|
};
|
||||||
|
dhcp6.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireless.networks = {
|
||||||
|
"${rsecrets.ssid}" = {
|
||||||
|
interface = config.hardware.networkInterfaces.wlan;
|
||||||
|
hw_mode = "g";
|
||||||
|
channel = "6";
|
||||||
|
ieee80211n = 1;
|
||||||
|
} // wirelessConfig;
|
||||||
|
"${rsecrets.ssid}5" = rec {
|
||||||
|
interface = config.hardware.networkInterfaces.wlan5;
|
||||||
|
hw_mode = "a";
|
||||||
|
channel = 36;
|
||||||
|
ht_capab = "[HT40+]";
|
||||||
|
vht_oper_chwidth = 1;
|
||||||
|
vht_oper_centr_freq_seg0_idx = channel + 6;
|
||||||
|
ieee80211n = 1;
|
||||||
|
ieee80211ac = 1;
|
||||||
|
} // wirelessConfig;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.bootstrap-dhcpc = svc.network.dhcp.client.build {
|
||||||
interface = config.services.wwan;
|
interface = config.services.wwan;
|
||||||
dependencies = [ config.services.hostname ];
|
dependencies = [ config.services.hostname ];
|
||||||
};
|
};
|
||||||
|
|
43
modules/health-check/default.nix
Normal file
43
modules/health-check/default.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
## Health check
|
||||||
|
##
|
||||||
|
## Runs a service and a separate periodic health process. When the
|
||||||
|
## health check starts failing over a period of time, kill the service.
|
||||||
|
## (Usually that means the supervisor will restart it, but you can
|
||||||
|
## have other behaviours by e.g. combining this service with a round-robin
|
||||||
|
## for failover)
|
||||||
|
|
||||||
|
|
||||||
|
{ lib, pkgs, config, ...}:
|
||||||
|
let
|
||||||
|
inherit (lib) mkOption types;
|
||||||
|
inherit (pkgs) liminix;
|
||||||
|
# inherit (pkgs.liminix.services) longrun;
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
system.service.health-check = mkOption {
|
||||||
|
description = "run a service while periodically checking it is healthy";
|
||||||
|
type = liminix.lib.types.serviceDefn;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config.system.service.health-check = config.system.callService ./service.nix {
|
||||||
|
service = mkOption {
|
||||||
|
type = liminix.lib.types.service;
|
||||||
|
};
|
||||||
|
interval = mkOption {
|
||||||
|
description = "interval between checks, in seconds";
|
||||||
|
type = types.int;
|
||||||
|
default = 10;
|
||||||
|
example = 10;
|
||||||
|
};
|
||||||
|
threshold = mkOption {
|
||||||
|
description = "number of consecutive failures required for the service to be kicked";
|
||||||
|
type = types.int;
|
||||||
|
example = 3;
|
||||||
|
};
|
||||||
|
healthCheck = mkOption {
|
||||||
|
description = "health check command or script. Expected to exit 0 if the service is healthy or any other exit status otherwise";
|
||||||
|
type = types.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config.programs.busybox.applets = ["expr"];
|
||||||
|
}
|
37
modules/health-check/service.nix
Normal file
37
modules/health-check/service.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
liminix, lib, lim, s6
|
||||||
|
}:
|
||||||
|
{ service, interval, threshold, healthCheck } :
|
||||||
|
let
|
||||||
|
inherit (liminix.services) oneshot longrun;
|
||||||
|
inherit (builtins) toString;
|
||||||
|
inherit (service) name;
|
||||||
|
checker = let name' = "check-${name}"; in longrun {
|
||||||
|
name = name';
|
||||||
|
run = ''
|
||||||
|
fails=0
|
||||||
|
echo waiting for /run/service/${name}
|
||||||
|
${s6}/bin/s6-svwait -U /run/service/${name} || exit
|
||||||
|
while sleep ${toString interval} ; do
|
||||||
|
${healthCheck}
|
||||||
|
if test $? -gt 0; then
|
||||||
|
fails=$(expr $fails + 1)
|
||||||
|
else
|
||||||
|
fails=0
|
||||||
|
fi
|
||||||
|
echo fails $fails/${toString threshold} for ${name}
|
||||||
|
if test "$fails" -gt "${toString threshold}" ; then
|
||||||
|
echo time to die
|
||||||
|
${s6}/bin/s6-svc -r /run/service/${name}
|
||||||
|
echo bounced
|
||||||
|
fails=0
|
||||||
|
echo waiting for /run/service/${name}
|
||||||
|
${s6}/bin/s6-svwait -U /run/service/${name}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in service.overrideAttrs(o: {
|
||||||
|
buildInputs = (lim.orEmpty o.buildInputs) ++ [ checker ];
|
||||||
|
dependencies = (lim.orEmpty o.dependencies) ++ [ checker ];
|
||||||
|
})
|
|
@ -48,6 +48,7 @@ extraPkgs // {
|
||||||
# liminix library functions
|
# liminix library functions
|
||||||
lim = {
|
lim = {
|
||||||
parseInt = s: (builtins.fromTOML "r=${s}").r;
|
parseInt = s: (builtins.fromTOML "r=${s}").r;
|
||||||
|
orEmpty = x: if x != null then x else [];
|
||||||
};
|
};
|
||||||
|
|
||||||
# keep these alphabetical
|
# keep these alphabetical
|
||||||
|
|
|
@ -91,6 +91,7 @@ in {
|
||||||
odhcp-script = callPackage ./odhcp-script {};
|
odhcp-script = callPackage ./odhcp-script {};
|
||||||
odhcp6c = callPackage ./odhcp6c {};
|
odhcp6c = callPackage ./odhcp6c {};
|
||||||
openwrt = callPackage ./openwrt {};
|
openwrt = callPackage ./openwrt {};
|
||||||
|
output-template = callPackage ./output-template { };
|
||||||
ppp = callPackage ./ppp {};
|
ppp = callPackage ./ppp {};
|
||||||
pppoe = callPackage ./pppoe {};
|
pppoe = callPackage ./pppoe {};
|
||||||
preinit = callPackage ./preinit {};
|
preinit = callPackage ./preinit {};
|
||||||
|
|
3
pkgs/output-template/Makefile
Normal file
3
pkgs/output-template/Makefile
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
check:
|
||||||
|
./output-template '{{' '}}' < example.ini > output
|
||||||
|
diff -u output example.ini.expected
|
34
pkgs/output-template/default.nix
Normal file
34
pkgs/output-template/default.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
fetchurl,
|
||||||
|
writeFennel,
|
||||||
|
fennel,
|
||||||
|
runCommand,
|
||||||
|
lua,
|
||||||
|
anoia,
|
||||||
|
linotify,
|
||||||
|
lualinux,
|
||||||
|
stdenv
|
||||||
|
}:
|
||||||
|
let name = "output-template";
|
||||||
|
in stdenv.mkDerivation {
|
||||||
|
inherit name;
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
buildInputs = [lua];
|
||||||
|
doCheck = true;
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
cp -p ${writeFennel name {
|
||||||
|
packages = [
|
||||||
|
anoia
|
||||||
|
lualinux
|
||||||
|
linotify
|
||||||
|
] ;
|
||||||
|
mainFunction = "run";
|
||||||
|
} ./output-template.fnl } ${name}
|
||||||
|
'';
|
||||||
|
checkPhase = "make check";
|
||||||
|
installPhase = ''
|
||||||
|
install -D ${name} $out/bin/${name}
|
||||||
|
'';
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
a11
|
|
@ -0,0 +1 @@
|
||||||
|
a33
|
|
@ -0,0 +1 @@
|
||||||
|
a55
|
|
@ -0,0 +1 @@
|
||||||
|
a66
|
|
@ -0,0 +1 @@
|
||||||
|
000000
|
|
@ -0,0 +1 @@
|
||||||
|
0000ff
|
|
@ -0,0 +1 @@
|
||||||
|
00ff00
|
|
@ -0,0 +1 @@
|
||||||
|
ff0000
|
1
pkgs/output-template/example-service/.outputs/name
Normal file
1
pkgs/output-template/example-service/.outputs/name
Normal file
|
@ -0,0 +1 @@
|
||||||
|
eth1
|
3
pkgs/output-template/example.ini
Normal file
3
pkgs/output-template/example.ini
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
wpa_passphrase={{ output("./example-service","colours/black") }}
|
||||||
|
think = {{ string.format("%q", output("./example-service","colours/blue")) }}
|
||||||
|
argonaut = {{ json_quote "hello\ngoodbye\tnext\027" }}
|
3
pkgs/output-template/example.ini.expected
Normal file
3
pkgs/output-template/example.ini.expected
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
wpa_passphrase=000000
|
||||||
|
think = "0000ff"
|
||||||
|
argonaut = "hello\ngoodbye\tnext\u001B"
|
44
pkgs/output-template/output-template.fnl
Normal file
44
pkgs/output-template/output-template.fnl
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
(local svc (require :anoia.svc))
|
||||||
|
|
||||||
|
(fn json-escape [s]
|
||||||
|
;; All Unicode characters may be placed within the quotation marks,
|
||||||
|
;; except for the characters that MUST be escaped:
|
||||||
|
;; quotation mark, reverse solidus, and the control characters (U+0000
|
||||||
|
;; through U+001F). (RFC 8259)
|
||||||
|
(-> s
|
||||||
|
(string.gsub
|
||||||
|
"[\"\b\f\n\r\t]" {
|
||||||
|
"\b" "\\b"
|
||||||
|
"\"" "\\\""
|
||||||
|
"\f" "\\f"
|
||||||
|
"\n" "\\n"
|
||||||
|
"\r" "\\r"
|
||||||
|
"\t" "\\t"
|
||||||
|
})
|
||||||
|
(string.gsub
|
||||||
|
"([\x00-\x1b])"
|
||||||
|
(fn [x] (string.format "\\u%04X" (string.byte x))))))
|
||||||
|
|
||||||
|
|
||||||
|
(fn substitute [text opening closing]
|
||||||
|
(let [delim (.. opening "(.-)" closing)
|
||||||
|
myenv {
|
||||||
|
: string
|
||||||
|
:output
|
||||||
|
(fn [service-path path]
|
||||||
|
(let [s (assert (svc.open (.. service-path "/.outputs")))]
|
||||||
|
(s:output path)))
|
||||||
|
:lua_quote #(string.format "%q" %1)
|
||||||
|
:json_quote (fn [x] (.. "\"" (json-escape x) "\""))
|
||||||
|
}]
|
||||||
|
(string.gsub text delim
|
||||||
|
(fn [x]
|
||||||
|
(assert ((load (.. "return " x) x :t myenv))
|
||||||
|
(string.format "missing value for %q" x))))))
|
||||||
|
|
||||||
|
(fn run []
|
||||||
|
(let [[opening closing] arg
|
||||||
|
out (substitute (: (io.input) :read "*a") opening closing)]
|
||||||
|
(io.write out)))
|
||||||
|
|
||||||
|
{ : run }
|
Loading…
Reference in a new issue