Compare commits

..

4 commits

Author SHA1 Message Date
Daniel Barlow
1896d9d70c pass service to output fn in output-template
instead of on command line
2024-09-17 15:26:25 +02:00
Daniel Barlow
87e1fa128a support json quoting in output-template 2024-09-17 15:26:25 +02:00
Daniel Barlow
7b5b930984 new: output-template interpolates output values into config file 2024-09-17 15:25:07 +02:00
Daniel Barlow
6b36215d61 add health check service and example that uses it 2024-09-17 15:23:14 +02:00
22 changed files with 271 additions and 17 deletions

View file

@ -28,6 +28,9 @@ in rec {
../modules/watchdog
../modules/mount
../modules/ppp
../modules/round-robin
../modules/health-check
../modules/profiles/gateway.nix
];
hostname = "thing";
@ -38,7 +41,95 @@ in rec {
authType = "chap";
};
services.dhcpc = svc.network.dhcp.client.build {
profile.gateway = {
lan = {
interfaces = with config.hardware.networkInterfaces;
[
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
# if your device has more or differently named lan interfaces,
# specify them here
wlan wlan5
lan
];
inherit (rsecrets.lan) prefix;
address = {
family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24;
};
dhcp = {
start = 10;
end = 240;
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
localDomain = "lan";
};
};
wan = {
interface = let
pppoe = svc.pppoe.build {
interface = config.hardware.networkInterfaces.wan;
debug = true;
username = rsecrets.l2tp.name;
password = rsecrets.l2tp.password;
};
l2tp =
let
check-address = oneshot rec {
name = "check-lns-address";
up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)";
dependencies = [ services.lns-address ];
};
route = svc.network.route.build {
via = "$(output ${services.bootstrap-dhcpc} router)";
target = lns.address;
dependencies = [services.bootstrap-dhcpc check-address];
};
l2tpd= svc.l2tp.build {
lns = lns.address;
ppp-options = [
"debug" "+ipv6" "noauth"
"name" rsecrets.l2tp.name
"password" rsecrets.l2tp.password
];
dependencies = [config.services.lns-address route check-address];
};
in
svc.health-check.build {
service = l2tpd;
threshold = 3;
interval = 2;
healthCheck = pkgs.writeAshScript "ping-check" {} "ping 1.1.1.1";
};
in svc.round-robin.build {
name = "wan";
services = [
pppoe
l2tp
];
};
dhcp6.enable = true;
};
wireless.networks = {
"${rsecrets.ssid}" = {
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "6";
ieee80211n = 1;
} // wirelessConfig;
"${rsecrets.ssid}5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
} // wirelessConfig;
};
};
services.bootstrap-dhcpc = svc.network.dhcp.client.build {
interface = config.services.wwan;
dependencies = [ config.services.hostname ];
};

View file

@ -105,9 +105,6 @@ in {
};
};
};
imports = [ ./nixpkgs.nix ];
config = {
# By default, we enable cross-compilation support.
nixpkgs.buildPlatform = lib.mkDefault builtins.currentSystem;

View file

@ -0,0 +1,43 @@
## Health check
##
## Runs a service and a separate periodic health process. When the
## health check starts failing over a period of time, kill the service.
## (Usually that means the supervisor will restart it, but you can
## have other behaviours by e.g. combining this service with a round-robin
## for failover)
{ lib, pkgs, config, ...}:
let
inherit (lib) mkOption types;
inherit (pkgs) liminix;
# inherit (pkgs.liminix.services) longrun;
in {
options = {
system.service.health-check = mkOption {
description = "run a service while periodically checking it is healthy";
type = liminix.lib.types.serviceDefn;
};
};
config.system.service.health-check = config.system.callService ./service.nix {
service = mkOption {
type = liminix.lib.types.service;
};
interval = mkOption {
description = "interval between checks, in seconds";
type = types.int;
default = 10;
example = 10;
};
threshold = mkOption {
description = "number of consecutive failures required for the service to be kicked";
type = types.int;
example = 3;
};
healthCheck = mkOption {
description = "health check command or script. Expected to exit 0 if the service is healthy or any other exit status otherwise";
type = types.path;
};
};
config.programs.busybox.applets = ["expr"];
}

View file

@ -0,0 +1,37 @@
{
liminix, lib, lim, s6
}:
{ service, interval, threshold, healthCheck } :
let
inherit (liminix.services) oneshot longrun;
inherit (builtins) toString;
inherit (service) name;
checker = let name' = "check-${name}"; in longrun {
name = name';
run = ''
fails=0
echo waiting for /run/service/${name}
${s6}/bin/s6-svwait -U /run/service/${name} || exit
while sleep ${toString interval} ; do
${healthCheck}
if test $? -gt 0; then
fails=$(expr $fails + 1)
else
fails=0
fi
echo fails $fails/${toString threshold} for ${name}
if test "$fails" -gt "${toString threshold}" ; then
echo time to die
${s6}/bin/s6-svc -r /run/service/${name}
echo bounced
fails=0
echo waiting for /run/service/${name}
${s6}/bin/s6-svwait -U /run/service/${name}
fi
done
'';
};
in service.overrideAttrs(o: {
buildInputs = (lim.orEmpty o.buildInputs) ++ [ checker ];
dependencies = (lim.orEmpty o.dependencies) ++ [ checker ];
})

View file

@ -330,8 +330,6 @@ in
'';
};
};
imports = [ ./misc/assertions.nix ];
config = {
_module.args = {

View file

@ -13,14 +13,6 @@ in
boot.initramfs = {
enable = mkEnableOption "initramfs";
};
system.build.toplevel = mkOption {
type = types.package;
description = ''
pkgs.systemconfig for the configured filesystem,
contains 'activate' and 'init' commands
'';
internal = true;
};
system.outputs = {
initramfs = mkOption {
type = types.package;
@ -47,8 +39,6 @@ in
INITRAMFS_COMPRESSION_ZSTD = "y";
};
system.build.toplevel = config.system.outputs.systemConfiguration;
system.outputs = {
initramfs =
let

View file

@ -47,7 +47,8 @@ in
extraPkgs // {
# liminix library functions
lim = {
parseInt = s : (builtins.fromTOML "r=${s}").r;
parseInt = s: (builtins.fromTOML "r=${s}").r;
orEmpty = x: if x != null then x else [];
};
# keep these alphabetical

View file

@ -91,6 +91,7 @@ in {
odhcp-script = callPackage ./odhcp-script {};
odhcp6c = callPackage ./odhcp6c {};
openwrt = callPackage ./openwrt {};
output-template = callPackage ./output-template { };
ppp = callPackage ./ppp {};
pppoe = callPackage ./pppoe {};
preinit = callPackage ./preinit {};

View file

@ -0,0 +1,3 @@
check:
./output-template '{{' '}}' < example.ini > output
diff -u output example.ini.expected

View file

@ -0,0 +1,34 @@
{
fetchurl,
writeFennel,
fennel,
runCommand,
lua,
anoia,
linotify,
lualinux,
stdenv
}:
let name = "output-template";
in stdenv.mkDerivation {
inherit name;
src = ./.;
buildInputs = [lua];
doCheck = true;
buildPhase = ''
cp -p ${writeFennel name {
packages = [
anoia
lualinux
linotify
] ;
mainFunction = "run";
} ./output-template.fnl } ${name}
'';
checkPhase = "make check";
installPhase = ''
install -D ${name} $out/bin/${name}
'';
}

View file

@ -0,0 +1 @@
000000

View file

@ -0,0 +1 @@
0000ff

View file

@ -0,0 +1 @@
00ff00

View file

@ -0,0 +1 @@
ff0000

View file

@ -0,0 +1 @@
eth1

View file

@ -0,0 +1,3 @@
wpa_passphrase={{ output("./example-service","colours/black") }}
think = {{ string.format("%q", output("./example-service","colours/blue")) }}
argonaut = {{ json_quote "hello\ngoodbye\tnext\027" }}

View file

@ -0,0 +1,3 @@
wpa_passphrase=000000
think = "0000ff"
argonaut = "hello\ngoodbye\tnext\u001B"

View file

@ -0,0 +1,44 @@
(local svc (require :anoia.svc))
(fn json-escape [s]
;; All Unicode characters may be placed within the quotation marks,
;; except for the characters that MUST be escaped:
;; quotation mark, reverse solidus, and the control characters (U+0000
;; through U+001F). (RFC 8259)
(-> s
(string.gsub
"[\"\b\f\n\r\t]" {
"\b" "\\b"
"\"" "\\\""
"\f" "\\f"
"\n" "\\n"
"\r" "\\r"
"\t" "\\t"
})
(string.gsub
"([\x00-\x1b])"
(fn [x] (string.format "\\u%04X" (string.byte x))))))
(fn substitute [text opening closing]
(let [delim (.. opening "(.-)" closing)
myenv {
: string
:output
(fn [service-path path]
(let [s (assert (svc.open (.. service-path "/.outputs")))]
(s:output path)))
:lua_quote #(string.format "%q" %1)
:json_quote (fn [x] (.. "\"" (json-escape x) "\""))
}]
(string.gsub text delim
(fn [x]
(assert ((load (.. "return " x) x :t myenv))
(string.format "missing value for %q" x))))))
(fn run []
(let [[opening closing] arg
out (substitute (: (io.input) :read "*a") opening closing)]
(io.write out)))
{ : run }