Add examples/ subtree

23 files changed, 110 insertions, 0 deletions

diff --git a/examples/ROOT/img/services-network/README b/examples/ROOT/img/services-network/README
new file mode 100644
index 0000000..9f4ab38
--- /dev/null
+++ b/examples/ROOT/img/services-network/README
@@ -0,0 +1,5 @@
+This is the service repository for all the late services,
+i.e. those that do not need to be started before the network
+is up.
+Only a few examples are provided here; you can make your own
+service directories depending on your needs.
diff --git a/examples/ROOT/img/services-network/dns-cache/README b/examples/ROOT/img/services-network/dns-cache/README
new file mode 100644
index 0000000..8fc5c28
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/README
@@ -0,0 +1,2 @@
+Service directory for a DNS caching resolver service,
+implemented via djbdns's dnscache running on 127.0.0.1
diff --git a/examples/ROOT/img/services-network/dns-cache/env/CACHESIZE b/examples/ROOT/img/services-network/dns-cache/env/CACHESIZE
new file mode 100644
index 0000000..6820bf1
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/env/CACHESIZE
@@ -0,0 +1 @@
+1048576
diff --git a/examples/ROOT/img/services-network/dns-cache/env/IP b/examples/ROOT/img/services-network/dns-cache/env/IP
new file mode 100644
index 0000000..7b9ad53
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/env/IP
@@ -0,0 +1 @@
+127.0.0.1
diff --git a/examples/ROOT/img/services-network/dns-cache/env/IPSEND b/examples/ROOT/img/services-network/dns-cache/env/IPSEND
new file mode 100644
index 0000000..d690dc0
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/env/IPSEND
@@ -0,0 +1 @@
+0.0.0.0
diff --git a/examples/ROOT/img/services-network/dns-cache/env/ROOT b/examples/ROOT/img/services-network/dns-cache/env/ROOT
new file mode 100644
index 0000000..0a89945
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/env/ROOT
@@ -0,0 +1 @@
+/service/dns-cache/root
diff --git a/examples/ROOT/img/services-network/dns-cache/log/README b/examples/ROOT/img/services-network/dns-cache/log/README
new file mode 100644
index 0000000..55676f1
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/log/README
@@ -0,0 +1,3 @@
+Logger service for the dns-cache service.
+djbdns's dnscache produces a lot of output, so
+you may want to add log filters.
diff --git a/examples/ROOT/img/services-network/dns-cache/log/run b/examples/ROOT/img/services-network/dns-cache/log/run
new file mode 100755
index 0000000..7bd42bd
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/log/run
@@ -0,0 +1,4 @@
+#!/command/execlineb -P
+s6-setuidgid dnslog
+exec -c
+s6-log -t s1000000 n20 /var/log/dns-cache
diff --git a/examples/ROOT/img/services-network/dns-cache/root/ip/127.0.0.1 b/examples/ROOT/img/services-network/dns-cache/root/ip/127.0.0.1
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/root/ip/127.0.0.1
diff --git a/examples/ROOT/img/services-network/dns-cache/root/servers/@ b/examples/ROOT/img/services-network/dns-cache/root/servers/@
new file mode 100644
index 0000000..ca40b38
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/root/servers/@
@@ -0,0 +1,13 @@
+198.41.0.4
+192.228.79.201
+192.33.4.12
+128.8.10.90
+192.203.230.10
+192.5.5.241
+192.112.36.4
+128.63.2.53
+192.36.148.17
+192.58.128.30
+193.0.14.129
+199.7.83.42
+202.12.27.33
diff --git a/examples/ROOT/img/services-network/dns-cache/run b/examples/ROOT/img/services-network/dns-cache/run
new file mode 100755
index 0000000..af92aae
--- /dev/null
+++ b/examples/ROOT/img/services-network/dns-cache/run
@@ -0,0 +1,12 @@
+#!/command/execlineb -P
+fdmove -c 2 1
+s6-envuidgid dnscache
+s6-envdir env
+s6-softlimit -m 2000000
+pipeline -d
+{
+  redirfd -r 0 /dev/urandom
+  s6-head -c 128
+}
+unexport !
+dnscache
diff --git a/examples/ROOT/img/services-network/fifodir-cleanup/README b/examples/ROOT/img/services-network/fifodir-cleanup/README
new file mode 100644
index 0000000..2c41ea2
--- /dev/null
+++ b/examples/ROOT/img/services-network/fifodir-cleanup/README
@@ -0,0 +1,2 @@
+This service cleans up the fifodirs for all the services in
+/service once a day.
diff --git a/examples/ROOT/img/services-network/fifodir-cleanup/run b/examples/ROOT/img/services-network/fifodir-cleanup/run
new file mode 100755
index 0000000..9928d84
--- /dev/null
+++ b/examples/ROOT/img/services-network/fifodir-cleanup/run
@@ -0,0 +1,14 @@
+#!/command/execlineb -P
+fdmove -c 2 1
+if
+{
+  forbacktickx -p -0 i { s6-ls -0 /service }
+  import i unexport i
+  foreground
+  {
+    if { s6-test -d /service/${i}/log }
+    s6-cleanfifodir /service/${i}/log/event
+  }
+  s6-cleanfifodir /service/${i}/event
+}
+s6-sleep 86400
diff --git a/examples/ROOT/img/services-network/ntpclient/README b/examples/ROOT/img/services-network/ntpclient/README
new file mode 100644
index 0000000..c4fc357
--- /dev/null
+++ b/examples/ROOT/img/services-network/ntpclient/README
@@ -0,0 +1,9 @@
+This service updates the system clock via NTP every 4 hours.
+If you're not in France, change 0.fr.pool.ntp.org to a NTP
+server pool more fitting your location.
+See www.ntp.pool.org for details.
+
+Do yourself a favor and don't rely on NTP internally.
+Just synchronize your main time server via this NTP client
+to the outside world, and use a saner and simpler protocol
+like TAICLOCK in your internal, fast-speed network.
diff --git a/examples/ROOT/img/services-network/ntpclient/log/README b/examples/ROOT/img/services-network/ntpclient/log/README
new file mode 100644
index 0000000..e4c7a37
--- /dev/null
+++ b/examples/ROOT/img/services-network/ntpclient/log/README
@@ -0,0 +1,3 @@
+Yes, the output of the ntpclient service is logged to
+the /var/log/ntpclient logdir.
+Make sure it has the correct Unix credentials and permissions!
diff --git a/examples/ROOT/img/services-network/ntpclient/log/run b/examples/ROOT/img/services-network/ntpclient/log/run
new file mode 100755
index 0000000..261b534
--- /dev/null
+++ b/examples/ROOT/img/services-network/ntpclient/log/run
@@ -0,0 +1,4 @@
+#!/command/execlineb -P
+s6-setuidgid ntplog
+exec -c
+s6-log -t /var/log/ntpclient
diff --git a/examples/ROOT/img/services-network/ntpclient/run b/examples/ROOT/img/services-network/ntpclient/run
new file mode 100755
index 0000000..7ade064
--- /dev/null
+++ b/examples/ROOT/img/services-network/ntpclient/run
@@ -0,0 +1,19 @@
+#!/command/execlineb -P
+
+fdmove -c 2 1
+if
+{
+  pipeline
+  {
+    s6-setuidgid ntp
+    backtick -n NTPSERVERIP
+    {
+      pipeline { s6-dnsip4 -t 16000 0.fr.pool.ntp.org. }
+      s6-head -n 1
+    }
+    s6-sntpclock -v $NTPSERVERIP
+  }
+  s6-clockadd
+}
+s6-setuidgid nobody
+s6-sleep 14400
diff --git a/examples/ROOT/img/services-network/sshd/README b/examples/ROOT/img/services-network/sshd/README
new file mode 100644
index 0000000..2d55a5e
--- /dev/null
+++ b/examples/ROOT/img/services-network/sshd/README
@@ -0,0 +1,5 @@
+Service directory for a sshd server over IPv4,
+implemented via s6-networking and dropbear.
+The rules subdirectory implements access control; in
+this example, only 127.0.0.1 is allowed to connect
+(which isn't exactly useful for a SSH server).
diff --git a/examples/ROOT/img/services-network/sshd/log/README b/examples/ROOT/img/services-network/sshd/log/README
new file mode 100644
index 0000000..392ede8
--- /dev/null
+++ b/examples/ROOT/img/services-network/sshd/log/README
@@ -0,0 +1 @@
+Logging service for sshd.
diff --git a/examples/ROOT/img/services-network/sshd/log/run b/examples/ROOT/img/services-network/sshd/log/run
new file mode 100755
index 0000000..9795581
--- /dev/null
+++ b/examples/ROOT/img/services-network/sshd/log/run
@@ -0,0 +1,4 @@
+#!/command/execlineb -P
+s6-setuidgid log
+exec -c
+s6-log -t s1000000 n20 /var/log/sshd
diff --git a/examples/ROOT/img/services-network/sshd/rules/ip4/0.0.0.0_0/deny b/examples/ROOT/img/services-network/sshd/rules/ip4/0.0.0.0_0/deny
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/examples/ROOT/img/services-network/sshd/rules/ip4/0.0.0.0_0/deny
diff --git a/examples/ROOT/img/services-network/sshd/rules/ip4/127.0.0.1_32/allow b/examples/ROOT/img/services-network/sshd/rules/ip4/127.0.0.1_32/allow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/examples/ROOT/img/services-network/sshd/rules/ip4/127.0.0.1_32/allow
diff --git a/examples/ROOT/img/services-network/sshd/run b/examples/ROOT/img/services-network/sshd/run
new file mode 100755
index 0000000..45bc6a8
--- /dev/null
+++ b/examples/ROOT/img/services-network/sshd/run
@@ -0,0 +1,6 @@
+#!/command/execlineb -P
+fdmove -c 2 1
+s6-notifywhenup -f
+s6-tcpserver4 -1 -- 0.0.0.0 22
+s6-tcpserver-access -vvDRl0 -t 5000 -i rules
+dropbear -iEg