WiP! nixosConfigurations, tor

2020-12-20 17:06:38 +01:00 · 2020-12-20 17:06:38 +01:00 · 6bc0bf8853
parent 1ff7865d6c
commit 6bc0bf8853
8 changed files with 155 additions and 12 deletions
--- a/flake.nix
+++ b/flake.nix
@ -132,6 +132,13 @@
        # Modules for composing Genode and NixOS
        import ./nixos-modules { flake = self; };

+      nixosConfigurations =
+        # Demo NixOS configurations
+        import ./nixos-configurations {
+          inherit nixpkgs;
+          genodepkgs = self;
+        };
+
      checks =
        # Checks for continous testing
        let tests = import ./tests;
--- a/nixos-configurations/default.nix
+++ b/nixos-configurations/default.nix
@ -0,0 +1,49 @@
+{ nixpkgs, genodepkgs }:
+
+{
+  torDemo = nixpkgs.lib.nixosSystem {
+    system = "x86_64-genode";
+    modules = [
+      genodepkgs.nixosModules.x86_64
+      genodepkgs.nixosModules.nova
+
+      (import ./tor-relay.nix)
+
+      ({ config, pkgs, ... }: {
+        system.build.libvirtDomain = with pkgs;
+          stdenv.mkDerivation {
+            name = config.system.name + ".libvirt";
+
+            # nativeBuildInputs = with pkgs.buildPackages; [ libvirt ];
+
+            buildCommand = ''
+              mkdir -p $out
+              virtXml=$out/libvirt-domain.xml
+              cat > $virtXml << EOF
+              <?xml version="1.0"?>
+              <domain type="qemu">
+                <name>${config.system.name}</name>
+                <memory>${toString config.virtualisation.memorySize}</memory>
+                <vcpu>${toString config.virtualisation.cores}</vcpu>
+                <os>
+                  <type arch="x86_64" machine="pc">hvm</type>
+                  <kernel>${config.virtualisation.qemu.kernel}</kernel>
+                  <initrd>${config.virtualisation.qemu.initrd}</initrd>
+                  <cmdline>${config.virtualisation.qemu.cmdline}</cmdline>
+                </os>
+                <devices>
+                  <emulator>qemu-system-x86_64</emulator>
+                  <interface type="network">
+                    <source network="default"/>
+                  </interface>
+                </devices>
+              </domain>
+              EOF
+
+              # virt-xml-validate $virtXml
+            '';
+          };
+      })
+    ];
+  };
+}
--- a/nixos-configurations/tor-relay.nix
+++ b/nixos-configurations/tor-relay.nix
@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  networking.interfaces.eth0 = {
+    genode.driver = "virtio";
+    useDHCP = true;
+  };
+
+  services.tor = {
+    enable = true;
+    client.enable = false;
+    extraConfig = ''
+      Log [general,net,config,fs]debug stdout
+    '';
+    relay = {
+      enable = true;
+      port = 80;
+      role = "relay";
+      bridgeTransports = [ ];
+    };
+  };
+
+  systemd.services.tor.genode = {
+    enable = true;
+    interface = "eth0";
+    ramQuota = 1024;
+    extraVfs = pkgs.writeText "tor.vfs.dhall" ''
+      let VFS = (env:DHALL_GENODE).VFS
+
+      in  [ VFS.dir "var" [ VFS.dir "lib" [ VFS.leaf "ram" ] ] ]
+    '';
+  };
+
+}
--- a/nixos-modules/default.nix
+++ b/nixos-modules/default.nix
@ -6,7 +6,13 @@ let
 in {

  x86_64 = {
-    imports = [ baseModules ];
+    imports = [
+      ./genode-core.nix
+      ./genode-init.nix
+      ./hardware.nix
+      ./qemu-vm.nix
+      ./systemd.nix
+    ];
    nixpkgs = rec {
      localSystem = "x86_64-linux";
      crossSystem = "x86_64-genode";
--- a/nixos-modules/nova.nix
+++ b/nixos-modules/nova.nix
@ -39,6 +39,12 @@ in {
      "-initrd '${pkgs.genodePackages.NOVA}/hypervisor-x86_64 arg=iommu logmem novpid serial,${config.genode.boot.image}/image.elf'"
    ];

+  virtualisation.qemu.kernel = "${pkgs.genodePackages.bender}/share/bender/bender";
+
+  virtualisation.qemu.initrd = "${pkgs.genodePackages.NOVA}/hypervisor-x86_64";
+
+  virtualisation.qemu.cmdline = "arg=iommu logmem novpid serial,${config.genode.boot.image}/image.elf";
+
  boot.loader.grub.extraEntries = ''
    menuentry 'Genode on NOVA' {
      insmod multiboot2
--- a/nixos-modules/qemu-vm.nix
+++ b/nixos-modules/qemu-vm.nix
@ -144,7 +144,6 @@ let
        -name ${config.system.name} \
        -m ${toString config.virtualisation.memorySize} \
        -smp ${toString config.virtualisation.cores} \
-        -device virtio-rng-pci \
        ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
        -virtfs local,path=/nix/store,security_model=none,mount_tag=store \
        -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
@ -404,6 +403,23 @@ in {
          Enable the Qemu guest agent.
        '';
      };
+
+      kernel = mkOption {
+        type = types.path;
+        description = "Guest kernel.";
+      };
+
+      initrd = mkOption {
+        type = types.path;
+        description = "Guest initrd.";
+      };
+
+      cmdline = mkOption {
+        type = types.str;
+        description = "Command line options to pass to guest.";
+      };
+
+
    };

    virtualisation.useBootLoader = mkOption {
@ -506,16 +522,6 @@ in {

    # FIXME: Consolidate this one day.
    virtualisation.qemu.options = mkMerge [
-      (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
-        "-usb"
-        "-device usb-tablet,bus=usb-bus.0"
-      ])
-      (mkIf (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) [
-        "-device virtio-gpu-pci"
-        "-device usb-ehci,id=usb0"
-        "-device usb-kbd"
-        "-device usb-tablet"
-      ])
      (mkIf cfg.useEFIBoot [
        "-drive if=pflash,format=raw,unit=0,readonly,file=${efiFirmware}"
        "-drive if=pflash,format=raw,unit=1,file=$NIX_EFI_VARS"
--- a/tests/default.nix
+++ b/tests/default.nix
@ -12,6 +12,7 @@ let
    ./hello.nix
    ./log.nix
    ./networking.nix
+    ./tor.nix
    ./vmm_x86.nix
    ./x86.nix
  ];
--- a/tests/tor.nix
+++ b/tests/tor.nix
@ -0,0 +1,33 @@
+{
+  name = "tor";
+  machine = { config, pkgs, ... }: {
+    imports = [ ../nixos-modules/hardware.nix ../nixos-modules/systemd.nix ];
+    services.tor = {
+      enable = true;
+      client.enable = false;
+      extraConfig = ''
+        Log [general,net,config,fs]debug stdout
+        MaxMemInQueues 64 MBytes
+      '';
+      relay = {
+        enable = true;
+        contactInfo = "genodepkgs-junk@spam.works";
+        port = 80;
+        role = "relay";
+        bridgeTransports = [ ];
+      };
+    };
+    systemd.services.tor.genode = {
+      enable = true;
+      interface = "eth1";
+      ramQuota = 96;
+      extraVfs = pkgs.writeText "tor.vfs.dhall" ''
+        let Genode = env:DHALL_GENODE
+
+        let VFS = Genode.VFS
+
+        in  [ VFS.dir "var" [ VFS.dir "lib" [ VFS.leaf "ram" ] ] ]
+      '';
+    };
+  };
+}