Add xinetd service container

service-containers-agnostic/constructors.nix

@@ -97,4 +97,13 @@ in
       enableSubversionRepository = true;
     });
   };
+
+  extendableXinetd = import ./xinetd/extendable.nix {
+    inherit libDir;
+    inherit (pkgs) lib;
+    xinetdConstructorFun = constructors.extendableXinetd;
+    dysnomia = pkgs.dysnomia.override (origArgs: {
+      enableXinetdService = true;
+    });
+  };
 }

service-containers-agnostic/xinetd/extendable.nix

@@ -0,0 +1,36 @@
+{xinetdConstructorFun, lib, dysnomia, libDir}:
+
+{ instanceSuffix ? ""
+, instanceName ? "xinetd${instanceSuffix}"
+, containerName ? "xinetd-service${instanceSuffix}"
+, postInstall ? ""
+, type ? null
+, properties ? {}
+}:
+
+let
+  xinetdTargetDir = "${libDir}/${instanceName}/xinetd.d";
+
+  pkg = xinetdConstructorFun {
+    inherit instanceName;
+    postInstall = ''
+      # Add Dysnomia container configuration file for xinetd
+      mkdir -p $out/etc/dysnomia/containers
+      cat > $out/etc/dysnomia/containers/${containerName} <<EOF
+      xinetdTargetDir="${xinetdTargetDir}"
+      EOF
+
+      # Copy the Dysnomia module that manages a xinetd service
+      mkdir -p $out/libexec/dysnomia
+      ln -s ${dysnomia}/libexec/dysnomia/xinetd-service $out/libexec/dysnomia
+    ''
+    + postInstall;
+  };
+in
+{
+  name = instanceName;
+  inherit pkg xinetdTargetDir;
+  providesContainer = containerName;
+} // lib.optionalAttrs (type != null) {
+  inherit type;
+} // properties

services-agnostic/constructors.nix

@@ -192,4 +192,9 @@ in
     inherit createManagedProcess runtimeDir tmpDir forceDisableUserChange;
     inherit (pkgs) xinetd lib writeTextFile;
   };
+
+  extendableXinetd = import ./xinetd/extendable.nix {
+    inherit createManagedProcess runtimeDir tmpDir libDir forceDisableUserChange;
+    inherit (pkgs) xinetd writeTextFile;
+  };
 }

services-agnostic/xinetd/declarative.nix

@@ -30,7 +30,7 @@ import ./default.nix {
         }
 
       ''
-    ) (builtins.attrNames services);
-  }
-  + extraConfig;
+    ) (builtins.attrNames services)
+    + extraConfig;
+  };
 }

services-agnostic/xinetd/extendable.nix

@@ -0,0 +1,21 @@
+{createManagedProcess, xinetd, runtimeDir, tmpDir, libDir, forceDisableUserChange, writeTextFile}:
+
+{ instanceSuffix ? ""
+, instanceName ? "xinetd${instanceSuffix}"
+, services ? {}
+, extraConfig ? ""
+}:
+
+import ./default.nix {
+  inherit createManagedProcess xinetd runtimeDir tmpDir forceDisableUserChange;
+} {
+  inherit instanceSuffix instanceName;
+
+  configFile = writeTextFile {
+    name = "xinetd.conf";
+    text = ''
+      includedir ${libDir}/${instanceName}/xinetd.d
+    ''
+    + extraConfig;
+  };
+}

tests/default.nix

@@ -95,7 +95,12 @@ in
     inherit pkgs processManagers profiles testService;
   };
 
-  xinetd = import ./xinetd {
+  xinetd = import ./xinetd/declarative {
     inherit pkgs processManagers profiles testService;
   };
+
+  xinetd-extendable = import ./xinetd/extendable {
+    inherit pkgs processManagers profiles testService;
+  };
+
 }

tests/xinetd/declarative/processes.nix

@@ -13,7 +13,7 @@
 }:
 
 let
-  constructors = import ../../services-agnostic/constructors.nix {
+  constructors = import ../../../services-agnostic/constructors.nix {
     inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
   };
 in

tests/xinetd/extendable/default.nix

@@ -0,0 +1,77 @@
+{ pkgs, testService, processManagers, profiles }:
+
+testService {
+  exprFile = ./processes.nix;
+  systemPackages = [ pkgs.inetutils ];
+
+  tests = {instanceName, instance, stateDir, runtimeDir, forceDisableUserChange, ...}:
+    if instanceName == "xinetd-primary" then
+      let
+        tftpService = pkgs.writeTextFile {
+          name = "tftp";
+          text = ''
+            service tftp
+            {
+                socket_type = dgram
+                protocol = udp
+                bind = 127.0.0.1
+                wait = yes
+                user = ${if forceDisableUserChange then "unprivileged" else "root"}
+                server = ${pkgs.inetutils}/libexec/tftpd
+                server_args = -u ${if forceDisableUserChange then "unprivileged" else "nobody"}
+                disable = no
+                type = UNLISTED
+                port = ${toString instance.port}
+            }
+          '';
+        };
+      in
+      ''
+        machine.succeed("mkdir -p ${stateDir}/lib/${instanceName}/xinetd.d")
+        machine.succeed(
+            "cp ${tftpService} ${stateDir}/lib/${instanceName}/xinetd.d"
+        )
+        machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
+
+        machine.succeed("echo hello > ${stateDir}/hello.txt")
+        # fmt: off
+        machine.succeed(
+            "(echo 'get ${stateDir}/hello.txt'; sleep 3; echo 'quit') | tftp 127.0.0.1 ${pkgs.lib.optionalString (instance.port != 69) (toString instance.port)}"
+        )
+        # fmt: on
+        machine.succeed("grep 'hello' hello.txt")
+      ''
+    else if instanceName == "xinetd-secondary" then
+      let
+        telnetService = pkgs.writeTextFile {
+          name = "telnet";
+          text = ''
+            service telnet
+            {
+                flags = REUSE
+                socket_type = stream
+                wait = no
+                user = ${if forceDisableUserChange then "unprivileged" else "root"}
+                server = ${pkgs.inetutils}/libexec/telnetd
+                server_args = -E ${pkgs.bashInteractive}/bin/bash
+                disable = no
+                instances = 10
+                type = UNLISTED
+                port = ${toString instance.port}
+            }
+          '';
+        };
+      in
+      ''
+        machine.succeed("mkdir -p ${stateDir}/lib/${instanceName}/xinetd.d")
+        machine.succeed(
+            "cp ${telnetService} ${stateDir}/lib/${instanceName}/xinetd.d"
+        )
+        machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
+
+        machine.succeed("(echo 'ls /'; sleep 3) | telnet localhost ${pkgs.lib.optionalString (instance.port != 23) (toString instance.port)} | grep bin")
+      ''
+    else "";
+
+  inherit processManagers profiles;
+}

tests/xinetd/extendable/processes.nix

@@ -0,0 +1,35 @@
+{ pkgs ? import <nixpkgs> { inherit system; }
+, system ? builtins.currentSystem
+, stateDir ? "/var"
+, runtimeDir ? "${stateDir}/run"
+, logDir ? "${stateDir}/log"
+, spoolDir ? "${stateDir}/spool"
+, cacheDir ? "${stateDir}/cache"
+, libDir ? "${stateDir}/lib"
+, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
+, forceDisableUserChange ? false
+, processManager
+}:
+
+let
+  constructors = import ../../../services-agnostic/constructors.nix {
+    inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
+  };
+in
+rec {
+  xinetd-primary = {
+    port = if forceDisableUserChange then 6969 else 69;
+
+    pkg = constructors.extendableXinetd {
+      instanceSuffix = "-primary";
+    };
+  };
+
+  xinetd-secondary = {
+    port = if forceDisableUserChange then 2323 else 23;
+
+    pkg = constructors.extendableXinetd {
+      instanceSuffix = "-secondary";
+    };
+  };
+}

tests/xinetd/extendable/xinetd.d/telnet

@@ -0,0 +1,13 @@
+service telnet
+{
+    flags = REUSE
+    socket_type = stream
+    wait = no
+    user = ${if forceDisableUserChange then callingUser else "root"}
+    server = ${pkgs.inetutils}/libexec/telnetd
+    server_args = -E ${pkgs.bashInteractive}/bin/bash
+    disable = no
+    instances = 10
+    type = UNLISTED
+    port = ${toString port}
+}

tests/xinetd/extendable/xinetd.d/tftp

@@ -0,0 +1,13 @@
+service tftp
+{
+    socket_type = dgram
+    protocol = udp
+    bind = 127.0.0.1
+    wait = yes
+    user = ${if forceDisableUserChange then callingUser else "root"}
+    server = ${pkgs.inetutils}/libexec/tftpd
+    server_args = "-u " ${if forceDisableUserChange then callingUser else "nobody"}
+    disable = no
+    type = UNLISTED
+    port = ${toString port}
+}