~ehmry/sigil

76029a7035cb765c7e4326542b9790db28c3b51d — Emery Hemingway 3 years ago cf52eeb tor
WiP! nixosConfigurations, tor
M flake.nix => flake.nix +7 -0
@@ 211,6 211,13 @@
        # Modules for composing Genode and NixOS
        import ./nixos-modules { flake = self; };

      nixosConfigurations =
        # Demo NixOS configurations
        import ./nixos-configurations {
          inherit nixpkgs;
          genodepkgs = self;
        };

      checks =
        # Checks for continous testing
        let tests = import ./tests;

A nixos-configurations/default.nix => nixos-configurations/default.nix +49 -0
@@ 0,0 1,49 @@
{ nixpkgs, genodepkgs }:

{
  torDemo = nixpkgs.lib.nixosSystem {
    system = "x86_64-genode";
    modules = [
      genodepkgs.nixosModules.x86_64
      genodepkgs.nixosModules.nova

      (import ./tor-relay.nix)

      ({ config, pkgs, ... }: {
        system.build.libvirtDomain = with pkgs;
          stdenv.mkDerivation {
            name = config.system.name + ".libvirt";

            # nativeBuildInputs = with pkgs.buildPackages; [ libvirt ];

            buildCommand = ''
              mkdir -p $out
              virtXml=$out/libvirt-domain.xml
              cat > $virtXml << EOF
              <?xml version="1.0"?>
              <domain type="qemu">
                <name>${config.system.name}</name>
                <memory>${toString config.virtualisation.memorySize}</memory>
                <vcpu>${toString config.virtualisation.cores}</vcpu>
                <os>
                  <type arch="x86_64" machine="pc">hvm</type>
                  <kernel>${config.virtualisation.qemu.kernel}</kernel>
                  <initrd>${config.virtualisation.qemu.initrd}</initrd>
                  <cmdline>${config.virtualisation.qemu.cmdline}</cmdline>
                </os>
                <devices>
                  <emulator>qemu-system-x86_64</emulator>
                  <interface type="network">
                    <source network="default"/>
                  </interface>
                </devices>
              </domain>
              EOF

              # virt-xml-validate $virtXml
            '';
          };
      })
    ];
  };
}

A nixos-configurations/tor-relay.nix => nixos-configurations/tor-relay.nix +36 -0
@@ 0,0 1,36 @@
{ config, lib, pkgs, ... }:

{
  genode.boot.storeBackend = "ahci";

  networking.interfaces.eth0 = {
    genode.driver = "virtio";
    useDHCP = true;
  };

  services.tor = {
    enable = true;
    client.enable = false;
    extraConfig = ''
      Log [general,net,config,fs]debug stdout
    '';
    relay = {
      enable = true;
      port = 80;
      role = "relay";
      bridgeTransports = [ ];
    };
  };

  systemd.services.tor.genode = {
    enable = true;
    interface = "eth0";
    ramQuota = 1024;
    extraVfs = pkgs.writeText "tor.vfs.dhall" ''
      let VFS = (env:DHALL_GENODE).VFS

      in  [ VFS.dir "var" [ VFS.dir "lib" [ VFS.leaf "ram" ] ] ]
    '';
  };

}

M tests/default.nix => tests/default.nix +1 -0
@@ 13,6 13,7 @@ let
    ./hello.nix
    ./log.nix
    ./networking.nix
    ./tor.nix
    ./vmm_x86.nix
    ./x86.nix
  ];

A tests/tor.nix => tests/tor.nix +27 -0
@@ 0,0 1,27 @@
{
  name = "tor";
  machine = { config, pkgs, ... }: {
    imports = [ ../nixos-modules/hardware.nix ../nixos-modules/systemd.nix ];
    genode.boot.storeBackend = "ahci";
    services.tor = {
      enable = true;
      client.enable = false;
      extraConfig = ''
        Log [general,net,config,fs]debug stdout
      '';
      relay = {
        enable = true;
        contactInfo = "genodepkgs-junk@spam.works";
        port = 80;
        role = "relay";
        bridgeTransports = [ ];
      };
    };
    systemd.services.tor.genode = {
      enable = true;
      interface = "eth1";
      ramQuota = 300;
      fsPersistence = true;
    };
  };
}