Add xinetd service container
This commit is contained in:
parent
e06f2f15d8
commit
c40314c32e
|
@ -97,4 +97,13 @@ in
|
||||||
enableSubversionRepository = true;
|
enableSubversionRepository = true;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extendableXinetd = import ./xinetd/extendable.nix {
|
||||||
|
inherit libDir;
|
||||||
|
inherit (pkgs) lib;
|
||||||
|
xinetdConstructorFun = constructors.extendableXinetd;
|
||||||
|
dysnomia = pkgs.dysnomia.override (origArgs: {
|
||||||
|
enableXinetdService = true;
|
||||||
|
});
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
{xinetdConstructorFun, lib, dysnomia, libDir}:
|
||||||
|
|
||||||
|
{ instanceSuffix ? ""
|
||||||
|
, instanceName ? "xinetd${instanceSuffix}"
|
||||||
|
, containerName ? "xinetd-service${instanceSuffix}"
|
||||||
|
, postInstall ? ""
|
||||||
|
, type ? null
|
||||||
|
, properties ? {}
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
xinetdTargetDir = "${libDir}/${instanceName}/xinetd.d";
|
||||||
|
|
||||||
|
pkg = xinetdConstructorFun {
|
||||||
|
inherit instanceName;
|
||||||
|
postInstall = ''
|
||||||
|
# Add Dysnomia container configuration file for xinetd
|
||||||
|
mkdir -p $out/etc/dysnomia/containers
|
||||||
|
cat > $out/etc/dysnomia/containers/${containerName} <<EOF
|
||||||
|
xinetdTargetDir="${xinetdTargetDir}"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Copy the Dysnomia module that manages a xinetd service
|
||||||
|
mkdir -p $out/libexec/dysnomia
|
||||||
|
ln -s ${dysnomia}/libexec/dysnomia/xinetd-service $out/libexec/dysnomia
|
||||||
|
''
|
||||||
|
+ postInstall;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
name = instanceName;
|
||||||
|
inherit pkg xinetdTargetDir;
|
||||||
|
providesContainer = containerName;
|
||||||
|
} // lib.optionalAttrs (type != null) {
|
||||||
|
inherit type;
|
||||||
|
} // properties
|
|
@ -192,4 +192,9 @@ in
|
||||||
inherit createManagedProcess runtimeDir tmpDir forceDisableUserChange;
|
inherit createManagedProcess runtimeDir tmpDir forceDisableUserChange;
|
||||||
inherit (pkgs) xinetd lib writeTextFile;
|
inherit (pkgs) xinetd lib writeTextFile;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extendableXinetd = import ./xinetd/extendable.nix {
|
||||||
|
inherit createManagedProcess runtimeDir tmpDir libDir forceDisableUserChange;
|
||||||
|
inherit (pkgs) xinetd writeTextFile;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,7 @@ import ./default.nix {
|
||||||
}
|
}
|
||||||
|
|
||||||
''
|
''
|
||||||
) (builtins.attrNames services);
|
) (builtins.attrNames services)
|
||||||
}
|
+ extraConfig;
|
||||||
+ extraConfig;
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
{createManagedProcess, xinetd, runtimeDir, tmpDir, libDir, forceDisableUserChange, writeTextFile}:
|
||||||
|
|
||||||
|
{ instanceSuffix ? ""
|
||||||
|
, instanceName ? "xinetd${instanceSuffix}"
|
||||||
|
, services ? {}
|
||||||
|
, extraConfig ? ""
|
||||||
|
}:
|
||||||
|
|
||||||
|
import ./default.nix {
|
||||||
|
inherit createManagedProcess xinetd runtimeDir tmpDir forceDisableUserChange;
|
||||||
|
} {
|
||||||
|
inherit instanceSuffix instanceName;
|
||||||
|
|
||||||
|
configFile = writeTextFile {
|
||||||
|
name = "xinetd.conf";
|
||||||
|
text = ''
|
||||||
|
includedir ${libDir}/${instanceName}/xinetd.d
|
||||||
|
''
|
||||||
|
+ extraConfig;
|
||||||
|
};
|
||||||
|
}
|
|
@ -95,7 +95,12 @@ in
|
||||||
inherit pkgs processManagers profiles testService;
|
inherit pkgs processManagers profiles testService;
|
||||||
};
|
};
|
||||||
|
|
||||||
xinetd = import ./xinetd {
|
xinetd = import ./xinetd/declarative {
|
||||||
inherit pkgs processManagers profiles testService;
|
inherit pkgs processManagers profiles testService;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
xinetd-extendable = import ./xinetd/extendable {
|
||||||
|
inherit pkgs processManagers profiles testService;
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
constructors = import ../../services-agnostic/constructors.nix {
|
constructors = import ../../../services-agnostic/constructors.nix {
|
||||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
|
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
|
||||||
};
|
};
|
||||||
in
|
in
|
|
@ -0,0 +1,77 @@
|
||||||
|
{ pkgs, testService, processManagers, profiles }:
|
||||||
|
|
||||||
|
testService {
|
||||||
|
exprFile = ./processes.nix;
|
||||||
|
systemPackages = [ pkgs.inetutils ];
|
||||||
|
|
||||||
|
tests = {instanceName, instance, stateDir, runtimeDir, forceDisableUserChange, ...}:
|
||||||
|
if instanceName == "xinetd-primary" then
|
||||||
|
let
|
||||||
|
tftpService = pkgs.writeTextFile {
|
||||||
|
name = "tftp";
|
||||||
|
text = ''
|
||||||
|
service tftp
|
||||||
|
{
|
||||||
|
socket_type = dgram
|
||||||
|
protocol = udp
|
||||||
|
bind = 127.0.0.1
|
||||||
|
wait = yes
|
||||||
|
user = ${if forceDisableUserChange then "unprivileged" else "root"}
|
||||||
|
server = ${pkgs.inetutils}/libexec/tftpd
|
||||||
|
server_args = -u ${if forceDisableUserChange then "unprivileged" else "nobody"}
|
||||||
|
disable = no
|
||||||
|
type = UNLISTED
|
||||||
|
port = ${toString instance.port}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
''
|
||||||
|
machine.succeed("mkdir -p ${stateDir}/lib/${instanceName}/xinetd.d")
|
||||||
|
machine.succeed(
|
||||||
|
"cp ${tftpService} ${stateDir}/lib/${instanceName}/xinetd.d"
|
||||||
|
)
|
||||||
|
machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
|
||||||
|
|
||||||
|
machine.succeed("echo hello > ${stateDir}/hello.txt")
|
||||||
|
# fmt: off
|
||||||
|
machine.succeed(
|
||||||
|
"(echo 'get ${stateDir}/hello.txt'; sleep 3; echo 'quit') | tftp 127.0.0.1 ${pkgs.lib.optionalString (instance.port != 69) (toString instance.port)}"
|
||||||
|
)
|
||||||
|
# fmt: on
|
||||||
|
machine.succeed("grep 'hello' hello.txt")
|
||||||
|
''
|
||||||
|
else if instanceName == "xinetd-secondary" then
|
||||||
|
let
|
||||||
|
telnetService = pkgs.writeTextFile {
|
||||||
|
name = "telnet";
|
||||||
|
text = ''
|
||||||
|
service telnet
|
||||||
|
{
|
||||||
|
flags = REUSE
|
||||||
|
socket_type = stream
|
||||||
|
wait = no
|
||||||
|
user = ${if forceDisableUserChange then "unprivileged" else "root"}
|
||||||
|
server = ${pkgs.inetutils}/libexec/telnetd
|
||||||
|
server_args = -E ${pkgs.bashInteractive}/bin/bash
|
||||||
|
disable = no
|
||||||
|
instances = 10
|
||||||
|
type = UNLISTED
|
||||||
|
port = ${toString instance.port}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
''
|
||||||
|
machine.succeed("mkdir -p ${stateDir}/lib/${instanceName}/xinetd.d")
|
||||||
|
machine.succeed(
|
||||||
|
"cp ${telnetService} ${stateDir}/lib/${instanceName}/xinetd.d"
|
||||||
|
)
|
||||||
|
machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
|
||||||
|
|
||||||
|
machine.succeed("(echo 'ls /'; sleep 3) | telnet localhost ${pkgs.lib.optionalString (instance.port != 23) (toString instance.port)} | grep bin")
|
||||||
|
''
|
||||||
|
else "";
|
||||||
|
|
||||||
|
inherit processManagers profiles;
|
||||||
|
}
|
|
@ -0,0 +1,35 @@
|
||||||
|
{ pkgs ? import <nixpkgs> { inherit system; }
|
||||||
|
, system ? builtins.currentSystem
|
||||||
|
, stateDir ? "/var"
|
||||||
|
, runtimeDir ? "${stateDir}/run"
|
||||||
|
, logDir ? "${stateDir}/log"
|
||||||
|
, spoolDir ? "${stateDir}/spool"
|
||||||
|
, cacheDir ? "${stateDir}/cache"
|
||||||
|
, libDir ? "${stateDir}/lib"
|
||||||
|
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||||
|
, forceDisableUserChange ? false
|
||||||
|
, processManager
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
constructors = import ../../../services-agnostic/constructors.nix {
|
||||||
|
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
rec {
|
||||||
|
xinetd-primary = {
|
||||||
|
port = if forceDisableUserChange then 6969 else 69;
|
||||||
|
|
||||||
|
pkg = constructors.extendableXinetd {
|
||||||
|
instanceSuffix = "-primary";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
xinetd-secondary = {
|
||||||
|
port = if forceDisableUserChange then 2323 else 23;
|
||||||
|
|
||||||
|
pkg = constructors.extendableXinetd {
|
||||||
|
instanceSuffix = "-secondary";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
service telnet
|
||||||
|
{
|
||||||
|
flags = REUSE
|
||||||
|
socket_type = stream
|
||||||
|
wait = no
|
||||||
|
user = ${if forceDisableUserChange then callingUser else "root"}
|
||||||
|
server = ${pkgs.inetutils}/libexec/telnetd
|
||||||
|
server_args = -E ${pkgs.bashInteractive}/bin/bash
|
||||||
|
disable = no
|
||||||
|
instances = 10
|
||||||
|
type = UNLISTED
|
||||||
|
port = ${toString port}
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
service tftp
|
||||||
|
{
|
||||||
|
socket_type = dgram
|
||||||
|
protocol = udp
|
||||||
|
bind = 127.0.0.1
|
||||||
|
wait = yes
|
||||||
|
user = ${if forceDisableUserChange then callingUser else "root"}
|
||||||
|
server = ${pkgs.inetutils}/libexec/tftpd
|
||||||
|
server_args = "-u " ${if forceDisableUserChange then callingUser else "nobody"}
|
||||||
|
disable = no
|
||||||
|
type = UNLISTED
|
||||||
|
port = ${toString port}
|
||||||
|
}
|
Loading…
Reference in New Issue