yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'clanModules: add xfce/dino' (#444) from Mic92-main into main

Browse Source
This commit is contained in:
clan-bot
2023-10-31 12:56:32 +00:00
parent 1524952eb0 06aaa35119
commit 65eaece901
6 changed files with 304 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clanModules/dino.nix Normal file
View File

@@ -0,0 +1,3 @@
{ pkgs, ... }: {
environment.systemPackages = [ pkgs.dino ];
}

199
clanModules/ejabberd.nix Normal file
View File

@@ -0,0 +1,199 @@
{ config
, ...
}: {
services.ejabberd = {
enable = true;
configFile = "/etc/ejabberd.yml";
};
environment.etc."ejabberd.yml" = {
user = "ejabberd";
mode = "0600";
text = ''
loglevel: 4
default_db: sql
new_sql_schema: true
sql_type: sqlite
sql_database: "/var/lib/ejabberd/db.sqlite"
hosts:
- ${config.clanCore.machineName}.local
listen:
-
port: 5222
ip: "::1"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: false
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
auth_method: [anonymous]
anonymous_protocol: login_anon
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
s2s:
- allow
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: all
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://@HOST@:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: always
mod_mqtt:
access_publish:
"homeassistant/#":
- allow: hass_publisher
- deny
"#":
- deny
access_subscribe:
"homeassistant/#":
- allow: hass_subscriber
- deny
"#":
- deny
mod_muc:
host: "muc.@HOST@"
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
'';
};
networking.firewall.allowedTCPPorts = [
5269 # xmpp-server
];
}

3
clanModules/flake-module.nix
View File

@@ -8,5 +8,8 @@
]; ];
}) })
(builtins.readDir ./diskLayouts); (builtins.readDir ./diskLayouts);
ejabberd = ./ejabberd.nix;
dino = ./dino.nix;
xfce = ./xfce.nix;
}; };
} }

7
clanModules/xfce.nix Normal file
View File

@@ -0,0 +1,7 @@
{
services.xserver = {
enable = true;
desktopManager.xfce.enable = true;
layout = "us";
};
}

2
pkgs/clan-cli/clan_cli/dirs.py
View File

@@ -78,7 +78,7 @@ def clan_flakes_dir() -> Path:
def specific_flake_dir(flake_name: FlakeName) -> Path: def specific_flake_dir(flake_name: FlakeName) -> Path:
flake_dir = clan_flakes_dir() / flake_name flake_dir = clan_flakes_dir() / flake_name
if not flake_dir.exists(): if not flake_dir.exists():
raise ClanError(f"Flake '{flake_name}' does not exist") raise ClanError(f"Flake '{flake_name}' does not exist in {flake_dir}")
return flake_dir return flake_dir

179
pkgs/clan-cli/clan_cli/vms/create.py
View File

@@ -5,6 +5,7 @@ import os
import re import re
import shlex import shlex
import sys import sys
import tempfile
from pathlib import Path from pathlib import Path
from typing import Iterator from typing import Iterator
from uuid import UUID from uuid import UUID
@@ -76,103 +77,105 @@ class BuildVmTask(BaseTask):
validate_path(clan_flakes_dir(), flake_dir) validate_path(clan_flakes_dir(), flake_dir)
flake_dir.mkdir(exist_ok=True) flake_dir.mkdir(exist_ok=True)
xchg_dir = flake_dir / "xchg" with tempfile.TemporaryDirectory() as tmpdir_:
xchg_dir.mkdir() tmpdir = Path(tmpdir_)
secrets_dir = flake_dir / "secrets" xchg_dir = tmpdir / "xchg"
secrets_dir.mkdir() xchg_dir.mkdir(exist_ok=True)
disk_img = f"{flake_dir}/disk.img" secrets_dir = tmpdir / "secrets"
secrets_dir.mkdir(exist_ok=True)
disk_img = tmpdir / "disk.img"
env = os.environ.copy() env = os.environ.copy()
env["CLAN_DIR"] = str(self.vm.flake_url) env["CLAN_DIR"] = str(self.vm.flake_url)
env["PYTHONPATH"] = str( env["PYTHONPATH"] = str(
":".join(sys.path) ":".join(sys.path)
) # TODO do this in the clanCore module ) # TODO do this in the clanCore module
env["SECRETS_DIR"] = str(secrets_dir) env["SECRETS_DIR"] = str(secrets_dir)
res = is_path_or_url(str(self.vm.flake_url)) res = is_path_or_url(str(self.vm.flake_url))
if res is None: if res is None:
raise ClanError( raise ClanError(
f"flake_url must be a valid path or URL, got {self.vm.flake_url}" f"flake_url must be a valid path or URL, got {self.vm.flake_url}"
)
elif res == "path": # Only generate secrets for local clans
cmd = next(cmds)
if Path(self.vm.flake_url).is_dir():
cmd.run(
[vm_config["generateSecrets"], clan_name],
env=env,
) )
else: elif res == "path": # Only generate secrets for local clans
self.log.warning("won't generate secrets for non local clan") cmd = next(cmds)
if Path(self.vm.flake_url).is_dir():
cmd.run(
[vm_config["generateSecrets"], clan_name],
env=env,
)
else:
self.log.warning("won't generate secrets for non local clan")
cmd = next(cmds) cmd = next(cmds)
cmd.run( cmd.run(
[vm_config["uploadSecrets"], clan_name], [vm_config["uploadSecrets"], clan_name],
env=env, env=env,
)
cmd = next(cmds)
cmd.run(
nix_shell(
["qemu"],
[
"qemu-img",
"create",
"-f",
"raw",
disk_img,
"1024M",
],
) )
)
cmd = next(cmds) cmd = next(cmds)
cmd.run( cmd.run(
nix_shell( nix_shell(
["e2fsprogs"], ["qemu"],
[ [
"mkfs.ext4", "qemu-img",
"-L", "create",
"nixos", "-f",
disk_img, "raw",
], str(disk_img),
"1024M",
],
)
) )
)
cmd = next(cmds) cmd = next(cmds)
cmdline = [ cmd.run(
(Path(vm_config["toplevel"]) / "kernel-params").read_text(), nix_shell(
f'init={vm_config["toplevel"]}/init', ["e2fsprogs"],
f'regInfo={vm_config["regInfo"]}/registration', [
"console=ttyS0,115200n8", "mkfs.ext4",
"console=tty0", "-L",
] "nixos",
qemu_command = [ str(disk_img),
# fmt: off ],
"qemu-kvm", )
"-name", machine, )
"-m", f'{vm_config["memorySize"]}M',
"-smp", str(vm_config["cores"]), cmd = next(cmds)
"-device", "virtio-rng-pci", cmdline = [
"-net", "nic,netdev=user.0,model=virtio", "-netdev", "user,id=user.0", (Path(vm_config["toplevel"]) / "kernel-params").read_text(),
"-virtfs", "local,path=/nix/store,security_model=none,mount_tag=nix-store", f'init={vm_config["toplevel"]}/init',
"-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=shared", f'regInfo={vm_config["regInfo"]}/registration',
"-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=xchg", "console=ttyS0,115200n8",
"-virtfs", f"local,path={secrets_dir},security_model=none,mount_tag=secrets", "console=tty0",
"-drive", f'cache=writeback,file={disk_img},format=raw,id=drive1,if=none,index=1,werror=report', ]
"-device", "virtio-blk-pci,bootindex=1,drive=drive1,serial=root", qemu_command = [
"-device", "virtio-keyboard", # fmt: off
"-usb", "qemu-kvm",
"-device", "usb-tablet,bus=usb-bus.0", "-name", machine,
"-kernel", f'{vm_config["toplevel"]}/kernel', "-m", f'{vm_config["memorySize"]}M',
"-initrd", vm_config["initrd"], "-smp", str(vm_config["cores"]),
"-append", " ".join(cmdline), "-device", "virtio-rng-pci",
# fmt: on "-net", "nic,netdev=user.0,model=virtio", "-netdev", "user,id=user.0",
] "-virtfs", "local,path=/nix/store,security_model=none,mount_tag=nix-store",
if not self.vm.graphics: "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=shared",
qemu_command.append("-nographic") "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=xchg",
print("$ " + shlex.join(qemu_command)) "-virtfs", f"local,path={secrets_dir},security_model=none,mount_tag=secrets",
cmd.run(nix_shell(["qemu"], qemu_command)) "-drive", f'cache=writeback,file={disk_img},format=raw,id=drive1,if=none,index=1,werror=report',
"-device", "virtio-blk-pci,bootindex=1,drive=drive1,serial=root",
"-device", "virtio-keyboard",
"-usb",
"-device", "usb-tablet,bus=usb-bus.0",
"-kernel", f'{vm_config["toplevel"]}/kernel',
"-initrd", vm_config["initrd"],
"-append", " ".join(cmdline),
# fmt: on
]
if not self.vm.graphics:
qemu_command.append("-nographic")
print("$ " + shlex.join(qemu_command))
cmd.run(nix_shell(["qemu"], qemu_command))
def create_vm(vm: VmConfig) -> BuildVmTask: def create_vm(vm: VmConfig) -> BuildVmTask: