# This is not part of Liminix per se. This is a "scratchpad" # configuration for a device I'm testing with. # # Parts of it do do things that Liminix eventually needs to do, but # don't look in here for solutions - just for identifying the # problems. { config, pkgs, lib, ... }: let secrets = import ./extneder-secrets.nix; inherit (pkgs.liminix.networking) address udhcpc interface route ; inherit (pkgs.liminix.services) oneshot longrun bundle target; inherit (pkgs.pseudofile) dir symlink; inherit (pkgs) writeText dropbear ifwait serviceFns ; in rec { boot = { tftp = { enable = true; serverip = "192.168.8.148"; ipaddr = "192.168.8.251"; }; }; imports = [ ../modules/tftpboot.nix ../modules/wlan.nix # ./modules/flashable.nix ]; hostname = "arhcive"; kernel = { config = { USB = "y"; USB_EHCI_HCD = "y"; USB_EHCI_HCD_PLATFORM = "y"; USB_OHCI_HCD = "y"; USB_OHCI_HCD_PLATFORM = "y"; USB_SUPPORT = "y"; USB_COMMON = "y"; USB_STORAGE = "y"; USB_STORAGE_DEBUG = "n"; USB_UAS = "y"; USB_ANNOUNCE_NEW_DEVICES = "y"; SCSI = "y"; BLK_DEV_SD = "y"; USB_PRINTER = "y"; PARTITION_ADVANCED = "y"; MSDOS_PARTITION = "y"; EFI_PARTITION = "y"; EXT4_FS = "y"; EXT4_USE_FOR_EXT2 = "y"; FS_ENCRYPTION = "y"; }; }; services.dhcpc = let iface = config.hardware.networkInterfaces.lan; in (udhcpc iface { dependencies = [ config.services.hostname ]; }) // { inherit (iface) device; }; services.sshd = longrun { name = "sshd"; run = '' mkdir -p /run/dropbear ${dropbear}/bin/dropbear -E -P /run/dropbear.pid -R -F ''; }; services.watchdog = let watched = with config.services ; [ sshd dhcpc ]; spinupGrace = 60; script = pkgs.writeAshScript "gaspode" { runtimeInputs = [ pkgs.s6 ]; } '' deadline=$(expr $(date +%s) + ${toString spinupGrace}) services=$@ echo started feeding the dog exec 3> ''${WATCHDOG-/dev/watchdog} healthy(){ test $(date +%s) -le $deadline && return 0 for i in $services; do if test "$(s6-svstat -o up /run/service/$i)" != "true" ; then echo "service $i is down" return 1 fi done } while healthy ;do sleep 10 echo >&3 done echo "stopped feeding the dog" sleep 6000 # don't want s6-rc to restart ''; in longrun { name = "watchdog"; run = "${script} ${lib.concatStringsSep " " (builtins.map (s: s.name) watched)}"; }; services.resolvconf = oneshot rec { dependencies = [ services.dhcpc ]; name = "resolvconf"; up = '' . ${serviceFns} ( in_outputs ${name} for i in $(output ${services.dhcpc} dns); do echo "nameserver $i" > resolv.conf done ) ''; down = '' rm -rf /run/service-state/${name}/ ''; }; filesystem = dir { etc = dir { "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; }; srv = dir {}; }; services.defaultroute4 = route { name = "defaultroute"; via = "$(output ${services.dhcpc} router)"; target = "default"; dependencies = [services.dhcpc]; }; programs.busybox = { applets = ["blkid" "lsusb" "findfs" "tar"]; options = { FEATURE_LS_TIMESTAMPS = "y"; FEATURE_LS_SORTFILES = "y"; FEATURE_BLKID_TYPE = "y"; FEATURE_MOUNT_FLAGS = "y"; FEATURE_MOUNT_LABEL = "y"; FEATURE_VOLUMEID_EXT = "y"; }; }; services.mount_external_disk = oneshot { name = "mount_external_disk"; up = '' while ! findfs LABEL=backup-disk; do echo waiting for backup-disk sleep 1 done mount -t ext4 LABEL=backup-disk /srv ''; down = "umount /srv"; }; services.rsync = let secrets_file = oneshot rec { name = "rsync-secrets"; up = '' . ${serviceFns} (in_outputs ${name} echo "backup:${secrets.rsync_secret}" > secrets) ''; down = "true"; }; configFile = writeText "rsync.conf" '' pid file = /run/rsyncd.pid uid = store [srv] path = /srv use chroot = yes auth users = backup read only = false secrets file = ${secrets_file}/.outputs/secrets ''; in longrun { name = "rsync"; run = '' ${pkgs.rsync}/bin/rsync --no-detach --daemon --config=${configFile} ''; dependencies = [ secrets_file services.mount_external_disk config.hardware.networkInterfaces.lan ] ; }; services.default = target { name = "default"; contents = let links = config.hardware.networkInterfaces; in with config.services; [ links.lo links.eth links.wlan defaultroute4 resolvconf sshd rsync watchdog ]; }; users.root = { passwd = lib.mkForce secrets.root_password; # openssh.authorizedKeys.keys = [ # (builtins.readFile "/home/dan/.ssh/id_rsa.pub") # ]; }; users.store = { uid=500; gid=500; gecos="Storage owner"; dir="/srv"; shell="/dev/null"; # authorizedKeys = []; }; defaultProfile.packages = with pkgs; [e2fsprogs strace tcpdump ]; }