From 48dd5f1d38b58f4f167816d9c950a893ffb6bd86 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Sat, 10 Apr 2021 17:11:43 +0200
Subject: [PATCH] WiP! tor

---
 nixos-modules/services/default.nix |  3 ++
 nixos-modules/services/tor.dhall   | 45 ++++++++++++++++++++++++++++++
 nixos-modules/services/tor.nix     | 28 +++++++++++++++++++
 tests/tor.nix                      |  6 +---
 4 files changed, 77 insertions(+), 5 deletions(-)
 create mode 100644 nixos-modules/services/default.nix
 create mode 100644 nixos-modules/services/tor.dhall
 create mode 100644 nixos-modules/services/tor.nix

diff --git a/nixos-modules/services/default.nix b/nixos-modules/services/default.nix
new file mode 100644
index 0000000..9a90ad8
--- /dev/null
+++ b/nixos-modules/services/default.nix
@@ -0,0 +1,3 @@
+{
+  imports = [ ./tor.nix ];
+}
\ No newline at end of file
diff --git a/nixos-modules/services/tor.dhall b/nixos-modules/services/tor.dhall
new file mode 100644
index 0000000..51eb7bd
--- /dev/null
+++ b/nixos-modules/services/tor.dhall
@@ -0,0 +1,45 @@
+let Sigil = env:DHALL_SIGIL
+
+let Init = Sigil.Init
+
+let Libc = Sigil.Libc
+
+let VFS = Sigil.VFS
+
+in  λ(args : List Text) →
+    λ(lwipCap : Text) →
+    λ(binary : Text) →
+      Init.Child.flat
+        Init.Child.Attributes::{
+        , binary
+        , config =
+            Libc.toConfig
+              Libc::{
+              , args
+              , pipe = Some "/dev/pipes"
+              , rtc = Some "/dev/random"
+              , socket = Some "/dev/sockets"
+              , vfs =
+                [ VFS.dir
+                    "dev"
+                    [ VFS.leaf "null"
+                    , VFS.leaf "log"
+                    , VFS.leaf "rtc"
+                    , VFS.leafAttrs "terminal" (toMap { label = "entropy" })
+                    , VFS.dir "pipes" [ VFS.leaf "pipe" ]
+                    , VFS.dir
+                        "sockets"
+                        [ VFS.leafAttrs "plugin" (toMap { load = lwipCap }) ]
+                    ]
+                , VFS.dir
+                    "nix"
+                    [ VFS.dir
+                        "store"
+                        [ VFS.fs
+                            VFS.FS::{ label = "nix-store", writeable = "no" }
+                        ]
+                    ]
+                ]
+              }
+        , resources = Init.Resources::{ caps = 256, ram = Sigil.units.MiB 64 }
+        }
diff --git a/nixos-modules/services/tor.nix b/nixos-modules/services/tor.nix
new file mode 100644
index 0000000..6523812
--- /dev/null
+++ b/nixos-modules/services/tor.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+let
+  toDhall = lib.generators.toDhall { };
+  cfg = config.services.tor;
+in {
+  config = lib.mkIf config.services.tor.enable {
+
+    genode.init.children.tor = let
+      args = lib.strings.splitString " "
+        config.systemd.services.tor.serviceConfig.ExecStart;
+      tor' = lib.getEris' "bin" pkgs.tor "tor";
+      lwip' = lib.getEris "lib" pkgs.genodePackages.lwip;
+    in {
+      binary = builtins.head args;
+      package = pkgs.tor;
+      extraErisInputs = [ tor' lwip' ];
+      configFile = pkgs.writeText "tor.dhall"
+        "${./tor.dhall} ${toDhall args} ${lwip'.cap}";
+      uplinks.eth0 = {
+        driver = "virtio";
+        dump = true;
+        verbose = true;
+      };
+    };
+
+  };
+}
diff --git a/tests/tor.nix b/tests/tor.nix
index 9f92084..6c1342c 100644
--- a/tests/tor.nix
+++ b/tests/tor.nix
@@ -1,7 +1,6 @@
 {
   name = "tor";
   machine = { config, lib, pkgs, ... }: {
-    # imports = [ ../nixos-modules/systemd.nix ];
 
     # genode.core.storeBackend = "fs";
     # hardware.genode.usb.enable = true;
@@ -20,9 +19,6 @@
         bridgeTransports = [ ];
       };
     };
-    systemd.services.tor.genode = {
-      enable = true;
-      ramQuota = 300;
-    };
+
   };
 }