This commit is contained in:
Emery Hemingway 2021-04-10 17:11:43 +02:00
parent 99130d0f14
commit 48dd5f1d38
4 changed files with 77 additions and 5 deletions

View File

@ -0,0 +1,3 @@
{
imports = [ ./tor.nix ];
}

View File

@ -0,0 +1,45 @@
let Sigil = env:DHALL_SIGIL
let Init = Sigil.Init
let Libc = Sigil.Libc
let VFS = Sigil.VFS
in λ(args : List Text) →
λ(lwipCap : Text) →
λ(binary : Text) →
Init.Child.flat
Init.Child.Attributes::{
, binary
, config =
Libc.toConfig
Libc::{
, args
, pipe = Some "/dev/pipes"
, rtc = Some "/dev/random"
, socket = Some "/dev/sockets"
, vfs =
[ VFS.dir
"dev"
[ VFS.leaf "null"
, VFS.leaf "log"
, VFS.leaf "rtc"
, VFS.leafAttrs "terminal" (toMap { label = "entropy" })
, VFS.dir "pipes" [ VFS.leaf "pipe" ]
, VFS.dir
"sockets"
[ VFS.leafAttrs "plugin" (toMap { load = lwipCap }) ]
]
, VFS.dir
"nix"
[ VFS.dir
"store"
[ VFS.fs
VFS.FS::{ label = "nix-store", writeable = "no" }
]
]
]
}
, resources = Init.Resources::{ caps = 256, ram = Sigil.units.MiB 64 }
}

View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
let
toDhall = lib.generators.toDhall { };
cfg = config.services.tor;
in {
config = lib.mkIf config.services.tor.enable {
genode.init.children.tor = let
args = lib.strings.splitString " "
config.systemd.services.tor.serviceConfig.ExecStart;
tor' = lib.getEris' "bin" pkgs.tor "tor";
lwip' = lib.getEris "lib" pkgs.genodePackages.lwip;
in {
binary = builtins.head args;
package = pkgs.tor;
extraErisInputs = [ tor' lwip' ];
configFile = pkgs.writeText "tor.dhall"
"${./tor.dhall} ${toDhall args} ${lwip'.cap}";
uplinks.eth0 = {
driver = "virtio";
dump = true;
verbose = true;
};
};
};
}

View File

@ -1,7 +1,6 @@
{
name = "tor";
machine = { config, lib, pkgs, ... }: {
# imports = [ ../nixos-modules/systemd.nix ];
# genode.core.storeBackend = "fs";
# hardware.genode.usb.enable = true;
@ -20,9 +19,6 @@
bridgeTransports = [ ];
};
};
systemd.services.tor.genode = {
enable = true;
ramQuota = 300;
};
};
}