forked from DGNum/liminix
consistent ownership/permissions for /run/service-state/**
This commit is contained in:
parent
4bd99df0f1
commit
59ce03630a
7 changed files with 57 additions and 38 deletions
|
@ -121,6 +121,9 @@ in {
|
|||
root = {
|
||||
gid = 0; usernames = ["root"];
|
||||
};
|
||||
system = {
|
||||
gid = 1; usernames = ["root"];
|
||||
};
|
||||
};
|
||||
|
||||
filesystem = dir {
|
||||
|
|
|
@ -18,6 +18,9 @@ shift
|
|||
mount -t proc none /proc
|
||||
mount -t sysfs none /sys
|
||||
|
||||
mkdir -m 0750 /run/service-state
|
||||
chgrp system /run/service-state
|
||||
|
||||
### If your services are managed by s6-rc:
|
||||
### (replace /run/service with your scandir)
|
||||
s6-rc-init /run/service -d -c /etc/s6-rc/compiled
|
||||
|
|
10
overlay.nix
10
overlay.nix
|
@ -89,6 +89,16 @@ final: prev: {
|
|||
netlink-lua = final.callPackage ./pkgs/netlink-lua {};
|
||||
waitup = final.callPackage ./pkgs/waitup {};
|
||||
|
||||
serviceFns = final.writeText "service-fns.sh" ''
|
||||
output() { cat $1/.outputs/$2; }
|
||||
output_path() { echo $(realpath $1/.outputs)/$2; }
|
||||
mkoutputs() {
|
||||
d=/run/service-state/$1
|
||||
mkdir -m 2750 -p $d && chown root:system $d
|
||||
echo $d
|
||||
}
|
||||
'';
|
||||
|
||||
# these are packages for the build system not the host/target
|
||||
|
||||
tufted = final.callPackage ./pkgs/tufted {};
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
{
|
||||
liminix
|
||||
, dnsmasq
|
||||
, serviceFns
|
||||
, lib
|
||||
}:
|
||||
{
|
||||
user ? "dnsmasq"
|
||||
, group ? "dnsmasq"
|
||||
, group ? "system"
|
||||
, interface
|
||||
, upstreams ? []
|
||||
, ranges
|
||||
|
@ -19,6 +20,7 @@ in longrun {
|
|||
inherit name;
|
||||
dependencies = [ interface ];
|
||||
run = ''
|
||||
. ${serviceFns}
|
||||
${dnsmasq}/bin/dnsmasq \
|
||||
--user=${user} \
|
||||
--domain=${domain} \
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
, ppp
|
||||
, pppoe
|
||||
, writeAshScript
|
||||
, serviceFns
|
||||
} :
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
|
@ -17,16 +18,15 @@ interface: {
|
|||
let
|
||||
name = "${interface.device}.pppoe";
|
||||
ip-up = writeAshScript "ip-up" {} ''
|
||||
outputs=/run/service-state/${name}/
|
||||
mkdir -p $outputs
|
||||
(cd $outputs
|
||||
echo $1 > ifname
|
||||
echo $2 > tty
|
||||
echo $3 > speed
|
||||
echo $4 > address
|
||||
echo $5 > peer-address
|
||||
echo $DNS1 > ns1
|
||||
echo $DNS1 > ns2
|
||||
. ${serviceFns}
|
||||
(cd $(mkoutputs ${name}); umask 0027
|
||||
echo $1 > ifname
|
||||
echo $2 > tty
|
||||
echo $3 > speed
|
||||
echo $4 > address
|
||||
echo $5 > peer-address
|
||||
echo $DNS1 > ns1
|
||||
echo $DNS2 > ns2
|
||||
)
|
||||
echo >/proc/self/fd/10
|
||||
'';
|
||||
|
|
|
@ -10,33 +10,33 @@ interface: { ... } @ args:
|
|||
let
|
||||
name = "${interface.device}.udhcp";
|
||||
script = writeShellScript "udhcp-notify" ''
|
||||
action=$1
|
||||
. ${serviceFns}
|
||||
action=$1
|
||||
|
||||
set_address() {
|
||||
ip address replace $ip/$mask dev $interface
|
||||
dir=/run/service-state/${name}/
|
||||
mkdir -p $dir
|
||||
for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do
|
||||
echo ''${!i} > $dir/$i
|
||||
done
|
||||
}
|
||||
case $action in
|
||||
deconfig)
|
||||
ip address flush $interface
|
||||
ip link set up dev $interface
|
||||
;;
|
||||
bound)
|
||||
# this doesn't actually replace, it adds a new address.
|
||||
set_address
|
||||
;;
|
||||
renew)
|
||||
set_address
|
||||
;;
|
||||
nak)
|
||||
echo "received NAK on $interface"
|
||||
;;
|
||||
esac
|
||||
'';
|
||||
set_address() {
|
||||
ip address replace $ip/$mask dev $interface
|
||||
(cd $(mkoutputs ${name}); umask 0027
|
||||
for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do
|
||||
echo ''${!i} > $i
|
||||
done)
|
||||
}
|
||||
case $action in
|
||||
deconfig)
|
||||
ip address flush $interface
|
||||
ip link set up dev $interface
|
||||
;;
|
||||
bound)
|
||||
# this doesn't actually replace, it adds a new address.
|
||||
set_address
|
||||
;;
|
||||
renew)
|
||||
set_address
|
||||
;;
|
||||
nak)
|
||||
echo "received NAK on $interface"
|
||||
;;
|
||||
esac
|
||||
'';
|
||||
in longrun {
|
||||
inherit name;
|
||||
run = "${busybox}/bin/udhcpc -f -i ${interface.device} -s ${script}";
|
||||
|
|
|
@ -5,13 +5,14 @@
|
|||
, busybox
|
||||
, callPackage
|
||||
, writeScript
|
||||
, serviceFns
|
||||
}:
|
||||
let
|
||||
inherit (builtins) concatStringsSep;
|
||||
output = service: name: "/run/service-state/${service.name}/${name}";
|
||||
serviceScript = commands : ''
|
||||
#!${busybox}/bin/sh
|
||||
output() { cat $1/.outputs/$2; }
|
||||
. ${serviceFns}
|
||||
${commands}
|
||||
'';
|
||||
service = {
|
||||
|
|
Loading…
Reference in a new issue