From c40314c32e81b5fb19ce96ac96778fe2aaa293ad Mon Sep 17 00:00:00 2001
From: Sander van der Burg <svanderburg@gmail.com>
Date: Thu, 15 Apr 2021 19:53:24 +0200
Subject: [PATCH] Add xinetd service container

---
 service-containers-agnostic/constructors.nix  |  9 +++
 .../xinetd/extendable.nix                     | 36 +++++++++
 services-agnostic/constructors.nix            |  5 ++
 services-agnostic/xinetd/declarative.nix      |  6 +-
 services-agnostic/xinetd/extendable.nix       | 21 +++++
 tests/default.nix                             |  7 +-
 tests/xinetd/{ => declarative}/default.nix    |  0
 tests/xinetd/{ => declarative}/processes.nix  |  2 +-
 tests/xinetd/extendable/default.nix           | 77 +++++++++++++++++++
 tests/xinetd/extendable/processes.nix         | 35 +++++++++
 tests/xinetd/extendable/xinetd.d/telnet       | 13 ++++
 tests/xinetd/extendable/xinetd.d/tftp         | 13 ++++
 12 files changed, 219 insertions(+), 5 deletions(-)
 create mode 100644 service-containers-agnostic/xinetd/extendable.nix
 create mode 100644 services-agnostic/xinetd/extendable.nix
 rename tests/xinetd/{ => declarative}/default.nix (100%)
 rename tests/xinetd/{ => declarative}/processes.nix (96%)
 create mode 100644 tests/xinetd/extendable/default.nix
 create mode 100644 tests/xinetd/extendable/processes.nix
 create mode 100644 tests/xinetd/extendable/xinetd.d/telnet
 create mode 100644 tests/xinetd/extendable/xinetd.d/tftp

diff --git a/service-containers-agnostic/constructors.nix b/service-containers-agnostic/constructors.nix
index d393696..1901ea6 100644
--- a/service-containers-agnostic/constructors.nix
+++ b/service-containers-agnostic/constructors.nix
@@ -97,4 +97,13 @@ in
       enableSubversionRepository = true;
     });
   };
+
+  extendableXinetd = import ./xinetd/extendable.nix {
+    inherit libDir;
+    inherit (pkgs) lib;
+    xinetdConstructorFun = constructors.extendableXinetd;
+    dysnomia = pkgs.dysnomia.override (origArgs: {
+      enableXinetdService = true;
+    });
+  };
 }
diff --git a/service-containers-agnostic/xinetd/extendable.nix b/service-containers-agnostic/xinetd/extendable.nix
new file mode 100644
index 0000000..5b99012
--- /dev/null
+++ b/service-containers-agnostic/xinetd/extendable.nix
@@ -0,0 +1,36 @@
+{xinetdConstructorFun, lib, dysnomia, libDir}:
+
+{ instanceSuffix ? ""
+, instanceName ? "xinetd${instanceSuffix}"
+, containerName ? "xinetd-service${instanceSuffix}"
+, postInstall ? ""
+, type ? null
+, properties ? {}
+}:
+
+let
+  xinetdTargetDir = "${libDir}/${instanceName}/xinetd.d";
+
+  pkg = xinetdConstructorFun {
+    inherit instanceName;
+    postInstall = ''
+      # Add Dysnomia container configuration file for xinetd
+      mkdir -p $out/etc/dysnomia/containers
+      cat > $out/etc/dysnomia/containers/${containerName} <<EOF
+      xinetdTargetDir="${xinetdTargetDir}"
+      EOF
+
+      # Copy the Dysnomia module that manages a xinetd service
+      mkdir -p $out/libexec/dysnomia
+      ln -s ${dysnomia}/libexec/dysnomia/xinetd-service $out/libexec/dysnomia
+    ''
+    + postInstall;
+  };
+in
+{
+  name = instanceName;
+  inherit pkg xinetdTargetDir;
+  providesContainer = containerName;
+} // lib.optionalAttrs (type != null) {
+  inherit type;
+} // properties
diff --git a/services-agnostic/constructors.nix b/services-agnostic/constructors.nix
index b3ab677..92a268f 100644
--- a/services-agnostic/constructors.nix
+++ b/services-agnostic/constructors.nix
@@ -192,4 +192,9 @@ in
     inherit createManagedProcess runtimeDir tmpDir forceDisableUserChange;
     inherit (pkgs) xinetd lib writeTextFile;
   };
+
+  extendableXinetd = import ./xinetd/extendable.nix {
+    inherit createManagedProcess runtimeDir tmpDir libDir forceDisableUserChange;
+    inherit (pkgs) xinetd writeTextFile;
+  };
 }
diff --git a/services-agnostic/xinetd/declarative.nix b/services-agnostic/xinetd/declarative.nix
index 49a5dc6..5e74219 100644
--- a/services-agnostic/xinetd/declarative.nix
+++ b/services-agnostic/xinetd/declarative.nix
@@ -30,7 +30,7 @@ import ./default.nix {
         }
 
       ''
-    ) (builtins.attrNames services);
-  }
-  + extraConfig;
+    ) (builtins.attrNames services)
+    + extraConfig;
+  };
 }
diff --git a/services-agnostic/xinetd/extendable.nix b/services-agnostic/xinetd/extendable.nix
new file mode 100644
index 0000000..d7bad6f
--- /dev/null
+++ b/services-agnostic/xinetd/extendable.nix
@@ -0,0 +1,21 @@
+{createManagedProcess, xinetd, runtimeDir, tmpDir, libDir, forceDisableUserChange, writeTextFile}:
+
+{ instanceSuffix ? ""
+, instanceName ? "xinetd${instanceSuffix}"
+, services ? {}
+, extraConfig ? ""
+}:
+
+import ./default.nix {
+  inherit createManagedProcess xinetd runtimeDir tmpDir forceDisableUserChange;
+} {
+  inherit instanceSuffix instanceName;
+
+  configFile = writeTextFile {
+    name = "xinetd.conf";
+    text = ''
+      includedir ${libDir}/${instanceName}/xinetd.d
+    ''
+    + extraConfig;
+  };
+}
diff --git a/tests/default.nix b/tests/default.nix
index 6f5c891..9ee7dad 100644
--- a/tests/default.nix
+++ b/tests/default.nix
@@ -95,7 +95,12 @@ in
     inherit pkgs processManagers profiles testService;
   };
 
-  xinetd = import ./xinetd {
+  xinetd = import ./xinetd/declarative {
     inherit pkgs processManagers profiles testService;
   };
+
+  xinetd-extendable = import ./xinetd/extendable {
+    inherit pkgs processManagers profiles testService;
+  };
+
 }
diff --git a/tests/xinetd/default.nix b/tests/xinetd/declarative/default.nix
similarity index 100%
rename from tests/xinetd/default.nix
rename to tests/xinetd/declarative/default.nix
diff --git a/tests/xinetd/processes.nix b/tests/xinetd/declarative/processes.nix
similarity index 96%
rename from tests/xinetd/processes.nix
rename to tests/xinetd/declarative/processes.nix
index bf53ba7..097fd82 100644
--- a/tests/xinetd/processes.nix
+++ b/tests/xinetd/declarative/processes.nix
@@ -13,7 +13,7 @@
 }:
 
 let
-  constructors = import ../../services-agnostic/constructors.nix {
+  constructors = import ../../../services-agnostic/constructors.nix {
     inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
   };
 in
diff --git a/tests/xinetd/extendable/default.nix b/tests/xinetd/extendable/default.nix
new file mode 100644
index 0000000..bb5203f
--- /dev/null
+++ b/tests/xinetd/extendable/default.nix
@@ -0,0 +1,77 @@
+{ pkgs, testService, processManagers, profiles }:
+
+testService {
+  exprFile = ./processes.nix;
+  systemPackages = [ pkgs.inetutils ];
+
+  tests = {instanceName, instance, stateDir, runtimeDir, forceDisableUserChange, ...}:
+    if instanceName == "xinetd-primary" then
+      let
+        tftpService = pkgs.writeTextFile {
+          name = "tftp";
+          text = ''
+            service tftp
+            {
+                socket_type = dgram
+                protocol = udp
+                bind = 127.0.0.1
+                wait = yes
+                user = ${if forceDisableUserChange then "unprivileged" else "root"}
+                server = ${pkgs.inetutils}/libexec/tftpd
+                server_args = -u ${if forceDisableUserChange then "unprivileged" else "nobody"}
+                disable = no
+                type = UNLISTED
+                port = ${toString instance.port}
+            }
+          '';
+        };
+      in
+      ''
+        machine.succeed("mkdir -p ${stateDir}/lib/${instanceName}/xinetd.d")
+        machine.succeed(
+            "cp ${tftpService} ${stateDir}/lib/${instanceName}/xinetd.d"
+        )
+        machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
+
+        machine.succeed("echo hello > ${stateDir}/hello.txt")
+        # fmt: off
+        machine.succeed(
+            "(echo 'get ${stateDir}/hello.txt'; sleep 3; echo 'quit') | tftp 127.0.0.1 ${pkgs.lib.optionalString (instance.port != 69) (toString instance.port)}"
+        )
+        # fmt: on
+        machine.succeed("grep 'hello' hello.txt")
+      ''
+    else if instanceName == "xinetd-secondary" then
+      let
+        telnetService = pkgs.writeTextFile {
+          name = "telnet";
+          text = ''
+            service telnet
+            {
+                flags = REUSE
+                socket_type = stream
+                wait = no
+                user = ${if forceDisableUserChange then "unprivileged" else "root"}
+                server = ${pkgs.inetutils}/libexec/telnetd
+                server_args = -E ${pkgs.bashInteractive}/bin/bash
+                disable = no
+                instances = 10
+                type = UNLISTED
+                port = ${toString instance.port}
+            }
+          '';
+        };
+      in
+      ''
+        machine.succeed("mkdir -p ${stateDir}/lib/${instanceName}/xinetd.d")
+        machine.succeed(
+            "cp ${telnetService} ${stateDir}/lib/${instanceName}/xinetd.d"
+        )
+        machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
+
+        machine.succeed("(echo 'ls /'; sleep 3) | telnet localhost ${pkgs.lib.optionalString (instance.port != 23) (toString instance.port)} | grep bin")
+      ''
+    else "";
+
+  inherit processManagers profiles;
+}
diff --git a/tests/xinetd/extendable/processes.nix b/tests/xinetd/extendable/processes.nix
new file mode 100644
index 0000000..3f85edf
--- /dev/null
+++ b/tests/xinetd/extendable/processes.nix
@@ -0,0 +1,35 @@
+{ pkgs ? import <nixpkgs> { inherit system; }
+, system ? builtins.currentSystem
+, stateDir ? "/var"
+, runtimeDir ? "${stateDir}/run"
+, logDir ? "${stateDir}/log"
+, spoolDir ? "${stateDir}/spool"
+, cacheDir ? "${stateDir}/cache"
+, libDir ? "${stateDir}/lib"
+, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
+, forceDisableUserChange ? false
+, processManager
+}:
+
+let
+  constructors = import ../../../services-agnostic/constructors.nix {
+    inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
+  };
+in
+rec {
+  xinetd-primary = {
+    port = if forceDisableUserChange then 6969 else 69;
+
+    pkg = constructors.extendableXinetd {
+      instanceSuffix = "-primary";
+    };
+  };
+
+  xinetd-secondary = {
+    port = if forceDisableUserChange then 2323 else 23;
+
+    pkg = constructors.extendableXinetd {
+      instanceSuffix = "-secondary";
+    };
+  };
+}
diff --git a/tests/xinetd/extendable/xinetd.d/telnet b/tests/xinetd/extendable/xinetd.d/telnet
new file mode 100644
index 0000000..d941d51
--- /dev/null
+++ b/tests/xinetd/extendable/xinetd.d/telnet
@@ -0,0 +1,13 @@
+service telnet
+{
+    flags = REUSE
+    socket_type = stream
+    wait = no
+    user = ${if forceDisableUserChange then callingUser else "root"}
+    server = ${pkgs.inetutils}/libexec/telnetd
+    server_args = -E ${pkgs.bashInteractive}/bin/bash
+    disable = no
+    instances = 10
+    type = UNLISTED
+    port = ${toString port}
+}
diff --git a/tests/xinetd/extendable/xinetd.d/tftp b/tests/xinetd/extendable/xinetd.d/tftp
new file mode 100644
index 0000000..a6d35d1
--- /dev/null
+++ b/tests/xinetd/extendable/xinetd.d/tftp
@@ -0,0 +1,13 @@
+service tftp
+{
+    socket_type = dgram
+    protocol = udp
+    bind = 127.0.0.1
+    wait = yes
+    user = ${if forceDisableUserChange then callingUser else "root"}
+    server = ${pkgs.inetutils}/libexec/tftpd
+    server_args = "-u " ${if forceDisableUserChange then callingUser else "nobody"}
+    disable = no
+    type = UNLISTED
+    port = ${toString port}
+}