From 56b59fd9a0b7b52d76452a51f5c92891306420fa Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 10 Mar 2022 11:05:39 +0100
Subject: tv waydroid: init

---
 tv/3modules/default.nix        |  1 +
 tv/3modules/waydroid.nix       | 97 ++++++++++++++++++++++++++++++++++++++++++
 tv/5pkgs/override/waydroid.nix |  9 ++++
 3 files changed, 107 insertions(+)
 create mode 100644 tv/3modules/waydroid.nix
 create mode 100644 tv/5pkgs/override/waydroid.nix

diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index b6b4faa51..b65201855 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -10,6 +10,7 @@
     ./iptables.nix
     ./org.freedesktop.machine1.host-shell.nix
     ./slock.nix
+    ./waydroid.nix
     ./x0vncserver.nix
     ./Xresources.nix
   ];
diff --git a/tv/3modules/waydroid.nix b/tv/3modules/waydroid.nix
new file mode 100644
index 000000000..6e6aa1377
--- /dev/null
+++ b/tv/3modules/waydroid.nix
@@ -0,0 +1,97 @@
+# usage:
+# 0.
+#   systemctl status waydroid.target waydroid-container.service waydroid-dnsmasq.service
+# 1.
+#   tail -F /var/lib/waydroid/waydroid.log
+#   journalctl -fu waydroid\*
+# 2.
+#   sudo systemctl start waydroid.target
+#     TODO add polkit rule for user?
+# 3. (in wayland)
+#   waydroid session start
+# 4.
+#   waydroid show-full-ui
+#   sudo waydroid shell
+#   etc.
+# 5.
+#   sudo systemctl stop waydroid.target
+{ config, pkgs, ... }: let
+  lib = import ../../lib;
+  cfg = config.tv.services.waydroid;
+  # TODO confgure firewall
+in {
+  options.tv.services.waydroid = {
+    enable = lib.mkEnableOption "tv.services.waydroid";
+    #ipv4.gateway.address = lib.mkOption {
+    #  type = lib.types.addr4;
+    #  default = "10.66.250.1";
+    #};
+  };
+  config = lib.mkIf cfg.enable {
+    virtualisation.waydroid.enable = true;
+
+    # TODO (this is from wayland-net)
+    #   ip addr add 10.66.250.1/24 broadcast + dev waydroid0
+
+    networking.bridges.waydroid0.interfaces = [ ];
+    # TODO we can also find 40-waydroid0 by finding .name == "waydroid0"
+    #systemd.network.networks."40-waydroid0".linkConfig.RequiredForOnline = false;
+    systemd.network.networks."40-waydroid0".networkConfig.ConfigureWithoutCarrier = true;
+    networking.interfaces.waydroid0.ipv4.addresses = [{
+      address = "10.66.250.1";
+      prefixLength = 24;
+    }];
+    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+    systemd.targets.waydroid = {};
+    systemd.services.waydroid-container = {
+      wantedBy = lib.mkForce [ "waydroid.target" ];
+      partOf = lib.mkForce [ "waydroid.target" ];
+    };
+    systemd.services.waydroid-dnsmasq = {
+      description = "Dnsmasq Daemon for Waydroid";
+      # XXX do we need this (it's from nixpkgs dnsmasq): after = [ "network.target" "systemd-resolved.service" ];
+      wantedBy = [ "waydroid.target" ];
+      partOf = [ "waydroid.target" ];
+
+      serviceConfig = {
+        # TODO DynamicUser = true;
+        ExecStartPre = [
+          "${pkgs.coreutils}/bin/touch /var/lib/waydroid-dnsmasq/dnsmasq.leases"
+          # TODO "${pkgs.dnsmasq}/bin/dnsmasq --test" with correct config
+        ];
+        ExecStart = toString [
+          "${pkgs.dnsmasq}/bin/dnsmasq"
+              "-k"
+              #"--port=16653" # TODO 0 to disable
+              #"--dhcp-alternate-port=16667,16668"
+              #"--enable-dbus=de.krebsco.tv.dnsmasq.waydroid" # TODO
+              "--conf-file=/dev/null" # TODO ${dnsmasqConf}
+              # TODO -s $LXC_DOMAIN -S /$LXC_DOMAIN/
+              "--no-ping" # XXX ping requires NET_RAW
+              "--dhcp-broadcast" # XXX otherwise NET_ADMIN is needed
+              "--strict-order"
+              "--bind-interfaces"
+              # TODO "--pid-file=.../dnsmasq.pid"
+              "--listen-address 10.66.250.1"
+              "--dhcp-range 10.66.250.100,10.66.250.200"
+              "--dhcp-lease-max=253"
+              "--dhcp-no-override"
+              "--except-interface=lo"
+              "--interface=waydroid0"
+              "--dhcp-leasefile=/var/lib/waydroid-dnsmasq/dnsmasq.leases"
+              "--dhcp-authoritative"
+              "--user=nobody" # TODO
+              # TODO ipv6: --dhcp-range=${LXC_IPV6_ADDR},ra-only --listen-address ${LXC_IPV6_ADDR}"
+        ];
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        PrivateTmp = true;
+        ProtectSystem = true;
+        ProtectHome = true;
+        #Restart = if cfg.alwaysKeepRunning then "always" else "on-failure";
+        Restart = "always";
+        StateDirectory = "waydroid-dnsmasq";
+      };
+      # TODO restartTriggers = [ config.environment.etc.hosts.source ];
+    };
+  };
+}
diff --git a/tv/5pkgs/override/waydroid.nix b/tv/5pkgs/override/waydroid.nix
new file mode 100644
index 000000000..efe10b3d1
--- /dev/null
+++ b/tv/5pkgs/override/waydroid.nix
@@ -0,0 +1,9 @@
+self: super:
+
+super.waydroid.overrideAttrs (old: {
+  installPhase = ''
+    ${old.installPhase}
+    echo '#!/bin/sh' > $out/${self.python3Packages.python.sitePackages}/data/scripts/waydroid-net.sh
+    rm $out/${self.python3Packages.python.sitePackages}/data/scripts/.waydroid-net.sh-wrapped
+  '';
+})
-- 
cgit v1.2.3