From e5fff55d0e20c96032effc4242ea31e8877d8491 Mon Sep 17 00:00:00 2001 From: Ivan Kuznetsov Date: Mon, 16 Dec 2024 14:05:03 +0000 Subject: [PATCH] Add ybikey passthrough Signed-off-by: Ivan Kuznetsov --- hardware/fmo-os-rugged-laptop-7330.nix | 9 ++++ hardware/fmo-os-rugged-tablet-7230.nix | 9 ++++ modules/fmo-dci-passthrough/default.nix | 56 +++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 modules/fmo-dci-passthrough/default.nix diff --git a/hardware/fmo-os-rugged-laptop-7330.nix b/hardware/fmo-os-rugged-laptop-7330.nix index 4aa1d64..ae00091 100644 --- a/hardware/fmo-os-rugged-laptop-7330.nix +++ b/hardware/fmo-os-rugged-laptop-7330.nix @@ -397,6 +397,15 @@ vendorid = "1546"; productid = "01a9"; } + # Passthrough yubikeys + {bus = "usb"; vendorid = "1050"; productid = "0401"; } + {bus = "usb"; vendorid = "1050"; productid = "0402"; } + {bus = "usb"; vendorid = "1050"; productid = "0403"; } + {bus = "usb"; vendorid = "1050"; productid = "0404"; } + {bus = "usb"; vendorid = "1050"; productid = "0405"; } + {bus = "usb"; vendorid = "1050"; productid = "0406"; } + {bus = "usb"; vendorid = "1050"; productid = "0407"; } + {bus = "usb"; vendorid = "1050"; productid = "0116"; } ]; }; # services.fmo-dynamic-device-passthrough fmo-dci = { diff --git a/hardware/fmo-os-rugged-tablet-7230.nix b/hardware/fmo-os-rugged-tablet-7230.nix index 2b3fe0d..a2e0062 100644 --- a/hardware/fmo-os-rugged-tablet-7230.nix +++ b/hardware/fmo-os-rugged-tablet-7230.nix @@ -377,6 +377,15 @@ vendorid = "1546"; productid = "01a9"; } + # Passthrough yubikeys + {bus = "usb"; vendorid = "1050"; productid = "0401"; } + {bus = "usb"; vendorid = "1050"; productid = "0402"; } + {bus = "usb"; vendorid = "1050"; productid = "0403"; } + {bus = "usb"; vendorid = "1050"; productid = "0404"; } + {bus = "usb"; vendorid = "1050"; productid = "0405"; } + {bus = "usb"; vendorid = "1050"; productid = "0406"; } + {bus = "usb"; vendorid = "1050"; productid = "0407"; } + {bus = "usb"; vendorid = "1050"; productid = "0116"; } ]; }; # services.fmo-dynamic-device-passthrough fmo-dci = { diff --git a/modules/fmo-dci-passthrough/default.nix b/modules/fmo-dci-passthrough/default.nix new file mode 100644 index 0000000..0f87fd2 --- /dev/null +++ b/modules/fmo-dci-passthrough/default.nix @@ -0,0 +1,56 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.services.fmo-dci-passthrough; +in { + options.services.fmo-dci-passthrough = { + enable = mkEnableOption "Docker Compose Infrastructure devices passthrough"; + + compose-path = mkOption { + type = types.str; + description = "Path to docker-compose's .yml file"; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + docker-compose + ]; + + dockerDevPassScript = pkgs.writeShellScriptBin "docker-dev-pass" '' + + ''; + + udev = { + extraRules = '' + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", RUN+="/usr/local/bin/operation-yubikey.sh 'plugged' '%E{DEVNAME}' '%M' '%m' '%E{PRODUCT}'" + ACTION=="remove", SUBSYSTEM=="usb", RUN+="/usr/local/bin/operation-yubikey.sh 'unplugged' '%E{DEVNAME}' '%M' '%m' '%E{PRODUCT}'" + ''; + }; + + systemd.services.fmo-dci-passthrough = { + script = '' + echo "Start docker-compose" + ${pkgs.docker-compose}/bin/docker-compose -f $DCPATH up + ''; + + wantedBy = ["multi-user.target"]; + # If you use podman + # after = ["podman.service" "podman.socket"]; + # If you use docker + after = [ + "docker.service" + "docker.socket" + "network-online.target" + ]; + + # TODO: restart always + serviceConfig = { + Restart = lib.mkForce "always"; + RestartSec = "30"; + }; + }; + }; +}