dan/liminix
2
0
Fork 6
Code Activity

treewide: nixfmt and deadnix

Browse Source
This commit is contained in:
Daniel Barlow
2025-11-11 21:49:45 +00:00
parent 9784e90d1f
commit 9f3c8f7cbd
65 changed files with 1787 additions and 1761 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bordervm-configuration.nix
View File

@@ -131,13 +131,17 @@ in
# expose victorialogs on host so (clients attached to) guest
# can log
from = "guest"; # packets are forwarded from guest
guest.address = "10.0.2.10"; guest.port = 443;
host.address = "127.0.0.1"; host.port = 443;
guest.address = "10.0.2.10";
guest.port = 443;
host.address = "127.0.0.1";
host.port = 443;
}
{
from = "guest"; # packets are forwarded from guest
guest.address = "10.0.2.10"; guest.port = 19613;
host.address = "127.0.0.1"; host.port = 19613;
guest.address = "10.0.2.10";
guest.port = 19613;
host.address = "127.0.0.1";
host.port = 19613;
}
];
qemu = {

2
ci.nix
View File

@@ -35,7 +35,7 @@ let
device = import (liminix + "/devices/qemu");
liminix-config = vanilla;
}).buildEnv;
doc = pkgs.callPackage ./doc.nix { inherit liminix borderVmConf; } ;
doc = pkgs.callPackage ./doc.nix { inherit liminix borderVmConf; };
};
in
jobs

166
devices/belkin-rt3200/default.nix
View File

@@ -1,106 +1,106 @@
{
description = ''
== Belkin RT-3200 / Linksys E8450
== Belkin RT-3200 / Linksys E8450
This device is based on a 64 bit Mediatek MT7622 ARM platform, and has
been powering my (Daniel's) home network since February 2025.
This device is based on a 64 bit Mediatek MT7622 ARM platform, and has
been powering my (Daniel's) home network since February 2025.
=== Hardware summary
=== Hardware summary
* MediaTek MT7622BV (1350MHz)
* 128MB NAND flash
* 512MB RAM
* b/g/n wireless using MediaTek MT7622BV (MT7615E driver)
* a/n/ac/ax wireless using MediaTek MT7915E
* MediaTek MT7622BV (1350MHz)
* 128MB NAND flash
* 512MB RAM
* b/g/n wireless using MediaTek MT7622BV (MT7615E driver)
* a/n/ac/ax wireless using MediaTek MT7915E
=== Installation
=== Installation
Liminix on this device uses the UBI volume management system to perform
wear leveling on the flash. This is not set up from the factory, so a
one-time step is needed to prepare it before Liminix can be installed.
Liminix on this device uses the UBI volume management system to perform
wear leveling on the flash. This is not set up from the factory, so a
one-time step is needed to prepare it before Liminix can be installed.
==== Preparation
==== Preparation
To prepare the device for Liminix you first need to use the
https://github.com/dangowrt/owrt-ubi-installer[OpenWrt UBI Installer]
image to rewrite the flash layout. As of Jan 2025 there are two versions
of the installer available: the release version 1.0.2 and the
pre-release 1.1.3 and for Liminix you nee the pre-release. The release
version of the installer creates UBI volumes according to an older
layout that is not compatible with the Linux 6.6.67 kernel used in
Liminix.
To prepare the device for Liminix you first need to use the
https://github.com/dangowrt/owrt-ubi-installer[OpenWrt UBI Installer]
image to rewrite the flash layout. As of Jan 2025 there are two versions
of the installer available: the release version 1.0.2 and the
pre-release 1.1.3 and for Liminix you nee the pre-release. The release
version of the installer creates UBI volumes according to an older
layout that is not compatible with the Linux 6.6.67 kernel used in
Liminix.
You can run the installer in one of two ways: either follow the
instructions to do it through the vendor web interface, or you can drop
to U-Boot and use TFTP
You can run the installer in one of two ways: either follow the
instructions to do it through the vendor web interface, or you can drop
to U-Boot and use TFTP
[source,console]
----
MT7622> setenv ipaddr 10.0.0.6
MT7622> setenv serverip 10.0.0.1
MT7622> tftpboot 0x42000000 openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery-installer.itb
MT7622> bootm 0x42000000
----
[source,console]
----
MT7622> setenv ipaddr 10.0.0.6
MT7622> setenv serverip 10.0.0.1
MT7622> tftpboot 0x42000000 openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery-installer.itb
MT7622> bootm 0x42000000
----
This will write the new flash layout and then boot into a "recovery"
OpenWrt installation.
This will write the new flash layout and then boot into a "recovery"
OpenWrt installation.
==== Building/installing Liminix
==== Building/installing Liminix
The default target for this device is `+outputs.ubimage+` which makes a
ubifs image suitable for use with `+ubiupdatevol+`. To write this to the
device we use the OpenWrt recovery system installed in the previous
step. In this configuration the device assigns itself the IP address
192.168.1.1/24 on its LAN ports and expects the connected computer to
have 192.168.1.254
The default target for this device is `+outputs.ubimage+` which makes a
ubifs image suitable for use with `+ubiupdatevol+`. To write this to the
device we use the OpenWrt recovery system installed in the previous
step. In this configuration the device assigns itself the IP address
192.168.1.1/24 on its LAN ports and expects the connected computer to
have 192.168.1.254
[WARNING]
====
The [.title-ref]#ubi0_7# device in these instructions is correct as of
Dec 2024 (dangowrt/owrt-ubi-installer commit d79e7928). If you are
installing some time later, it is important to check the output from
`+ubinfo -a+` and make sure you are updating the "liminix" volume and
not some other one which had been introduced since I wrote this.
====
[WARNING]
====
The [.title-ref]#ubi0_7# device in these instructions is correct as of
Dec 2024 (dangowrt/owrt-ubi-installer commit d79e7928). If you are
installing some time later, it is important to check the output from
`+ubinfo -a+` and make sure you are updating the "liminix" volume and
not some other one which had been introduced since I wrote this.
====
[source,console]
----
$ nix-build -I liminix-config=./my-configuration.nix --arg device "import ./devices/belkin-rt3200" -A outputs.default
$ cat result/rootfs | ssh root@192.168.1.1 "cat > /tmp/rootfs"
$ ssh root@192.168.1.1
root@OpenWrt:~# ubimkvol /dev/ubi0 --name=liminix --maxavsize
root@OpenWrt:~# ubinfo -a
[...]
Volume ID: 7 (on ubi0)
Type: dynamic
Alignment: 1
Size: 851 LEBs (108056576 bytes, 103.0 MiB)
State: OK
Name: liminix
Character device major/minor: 250:8
root@OpenWrt:~# ubiupdatevol /dev/ubi0_7 /tmp/rootfs
----
[source,console]
----
$ nix-build -I liminix-config=./my-configuration.nix --arg device "import ./devices/belkin-rt3200" -A outputs.default
$ cat result/rootfs | ssh root@192.168.1.1 "cat > /tmp/rootfs"
$ ssh root@192.168.1.1
root@OpenWrt:~# ubimkvol /dev/ubi0 --name=liminix --maxavsize
root@OpenWrt:~# ubinfo -a
[...]
Volume ID: 7 (on ubi0)
Type: dynamic
Alignment: 1
Size: 851 LEBs (108056576 bytes, 103.0 MiB)
State: OK
Name: liminix
Character device major/minor: 250:8
root@OpenWrt:~# ubiupdatevol /dev/ubi0_7 /tmp/rootfs
----
To make the new system bootable we also need to change some U-Boot
variables. `+boot_production+` needs to mount the filesystem and boot
the FIT image found there, and `+bootcmd+` needs to be told not to boot
the rescue image if there are records in pstore, because that interferes
with `+config.log.persistent+`
To make the new system bootable we also need to change some U-Boot
variables. `+boot_production+` needs to mount the filesystem and boot
the FIT image found there, and `+bootcmd+` needs to be told not to boot
the rescue image if there are records in pstore, because that interferes
with `+config.log.persistent+`
[source,console]
----
root@OpenWrt:~# fw_setenv orig_boot_production $(fw_printenv -n boot_production)
root@OpenWrt:~# fw_setenv orig_bootcmd $(fw_printenv -n bootcmd)
root@OpenWrt:~# fw_setenv boot_production 'led $bootled_pwr on ; ubifsmount ubi0:liminix && ubifsload ''${loadaddr} boot/fit && bootm ''${loadaddr}'
root@OpenWrt:~# fw_setenv bootcmd 'run boot_ubi'
----
[source,console]
----
root@OpenWrt:~# fw_setenv orig_boot_production $(fw_printenv -n boot_production)
root@OpenWrt:~# fw_setenv orig_bootcmd $(fw_printenv -n bootcmd)
root@OpenWrt:~# fw_setenv boot_production 'led $bootled_pwr on ; ubifsmount ubi0:liminix && ubifsload ''${loadaddr} boot/fit && bootm ''${loadaddr}'
root@OpenWrt:~# fw_setenv bootcmd 'run boot_ubi'
----
For subsequent Liminix reinstalls, just run the `+ubiupdatevol+` command
again. You don't need to repeat the "Preparation" step and in fact
should seek to avoid it if possible, as it will reset the erase counters
used for write levelling. Using UBI-aware tools is therefore preferred
over any kind of "factory" wipe which will reset them.
For subsequent Liminix reinstalls, just run the `+ubiupdatevol+` command
again. You don't need to repeat the "Preparation" step and in fact
should seek to avoid it if possible, as it will reset the erase counters
used for write levelling. Using UBI-aware tools is therefore preferred
over any kind of "factory" wipe which will reset them.
'';

54
devices/gl-ar750/default.nix
View File

@@ -11,42 +11,42 @@
description = ''
== GL.iNet GL-AR750
== GL.iNet GL-AR750
=== Hardware summary
=== Hardware summary
The GL-AR750 "Creta" travel router features:
The GL-AR750 "Creta" travel router features:
* QCA9531 @650Mhz SoC
* dual band wireless: IEEE 802.11a/b/g/n/ac
* two 10/100Mbps LAN ports and one WAN
* 128MB DDR2 RAM
* 16MB NOR Flash
* supported in OpenWrt by the "ath79" SoC family
* QCA9531 @650Mhz SoC
* dual band wireless: IEEE 802.11a/b/g/n/ac
* two 10/100Mbps LAN ports and one WAN
* 128MB DDR2 RAM
* 16MB NOR Flash
* supported in OpenWrt by the "ath79" SoC family
The GL-AR750 has two distinct sets of wifi hardware. The 2.4GHz radio is
part of the QCA9531 SoC, i.e. it's on the same silicon as the CPU, the
Ethernet, the USB etc. The device is connected to the host via
https://en.wikipedia.org/wiki/Advanced_Microcontroller_Bus_Architecture[AHB]
and it is supported in Linux using the ath9k driver. 5GHz wifi is
provided by a QCA9887 PCIe (PCI embedded) WLAN chip, supported by the
ath10k driver.
The GL-AR750 has two distinct sets of wifi hardware. The 2.4GHz radio is
part of the QCA9531 SoC, i.e. it's on the same silicon as the CPU, the
Ethernet, the USB etc. The device is connected to the host via
https://en.wikipedia.org/wiki/Advanced_Microcontroller_Bus_Architecture[AHB]
and it is supported in Linux using the ath9k driver. 5GHz wifi is
provided by a QCA9887 PCIe (PCI embedded) WLAN chip, supported by the
ath10k driver.
=== Installation
=== Installation
As with many GL.iNet devices, the stock vendor firmware is a fork of
OpenWrt, meaning that the binary created by `+system-outputs-mtdimage+`
can be flashed using the vendor web UI or the U-Boot emergency "unbrick"
routine.
As with many GL.iNet devices, the stock vendor firmware is a fork of
OpenWrt, meaning that the binary created by `+system-outputs-mtdimage+`
can be flashed using the vendor web UI or the U-Boot emergency "unbrick"
routine.
Flashing over an existing Liminix system is not possible while that
system is running, otherwise you'll be overwriting flash partitions
while they're in use - and that might not end well. Configure the system
with `+levitate+` if you need to make it upgradable.
Flashing over an existing Liminix system is not possible while that
system is running, otherwise you'll be overwriting flash partitions
while they're in use - and that might not end well. Configure the system
with `+levitate+` if you need to make it upgradable.
Vendor web page: https://www.gl-inet.com/products/gl-ar750/
Vendor web page: https://www.gl-inet.com/products/gl-ar750/
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-ar750
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-ar750
'';

103
devices/gl-mt300a/default.nix
View File

@@ -13,32 +13,32 @@
description = ''
== GL.iNet GL-MT300A
== GL.iNet GL-MT300A
The GL-MT300A is based on a MT7620 chipset.
The GL-MT300A is based on a MT7620 chipset.
For flashing from U-Boot, the firmware partition is from 0xbc050000 to
0xbcfd0000.
For flashing from U-Boot, the firmware partition is from 0xbc050000 to
0xbcfd0000.
WiFi on this device is provided by the rt2800soc module. It expects
firmware to be present in the "factory" MTD partition, so - assuming we
want to use the wireless - we need to build MTD support into the kernel
even if we're using TFTP root.
WiFi on this device is provided by the rt2800soc module. It expects
firmware to be present in the "factory" MTD partition, so - assuming we
want to use the wireless - we need to build MTD support into the kernel
even if we're using TFTP root.
=== Installation
=== Installation
The stock vendor firmware is a fork of OpenWrt, meaning that the binary
created by `+system-outputs-mtdimage+` can be flashed using the vendor
web UI or the U-Boot emergency "unbrick" routine.
The stock vendor firmware is a fork of OpenWrt, meaning that the binary
created by `+system-outputs-mtdimage+` can be flashed using the vendor
web UI or the U-Boot emergency "unbrick" routine.
Flashing over an existing Liminix system is not possible while that
system is running, otherwise you'll be overwriting flash partitions
while they're in use - and that might not end well. Configure the system
with `+levitate+` if you need to make it upgradable.
Flashing over an existing Liminix system is not possible while that
system is running, otherwise you'll be overwriting flash partitions
while they're in use - and that might not end well. Configure the system
with `+levitate+` if you need to make it upgradable.
Vendor web page: https://www.gl-inet.com/products/gl-mt300a/
Vendor web page: https://www.gl-inet.com/products/gl-mt300a/
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300a
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300a
'';
@@ -126,49 +126,48 @@ OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300a
${openwrt.applyPatches.ramips}
${openwrt.applyPatches.rt2x00}
'';
config =
{
config = {
RALINK = "y";
PCI = "y";
SOC_MT7620 = "y";
RALINK = "y";
PCI = "y";
SOC_MT7620 = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250 = "y";
SERIAL_CORE_CONSOLE = "y";
SERIAL_OF_PLATFORM = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250 = "y";
SERIAL_CORE_CONSOLE = "y";
SERIAL_OF_PLATFORM = "y";
CONSOLE_LOGLEVEL_DEFAULT = "8";
CONSOLE_LOGLEVEL_QUIET = "4";
CONSOLE_LOGLEVEL_DEFAULT = "8";
CONSOLE_LOGLEVEL_QUIET = "4";
NET = "y";
ETHERNET = "y";
NET_VENDOR_RALINK = "y";
NET_RALINK_MDIO = "y";
NET_RALINK_MDIO_MT7620 = "y";
NET_RALINK_MT7620 = "y";
SWPHY = "y";
NET = "y";
ETHERNET = "y";
NET_VENDOR_RALINK = "y";
NET_RALINK_MDIO = "y";
NET_RALINK_MDIO_MT7620 = "y";
NET_RALINK_MT7620 = "y";
SWPHY = "y";
SPI = "y";
MTD_SPI_NOR = "y";
SPI_MT7621 = "y"; # } probably don't need both of these
SPI_RT2880 = "y"; # }
SPI_MASTER = "y";
SPI_MEM = "y";
SPI = "y";
MTD_SPI_NOR = "y";
SPI_MT7621 = "y"; # } probably don't need both of these
SPI_RT2880 = "y"; # }
SPI_MASTER = "y";
SPI_MEM = "y";
MTD = "y";
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_devs
MTD = "y";
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_devs
EARLY_PRINTK = "y";
EARLY_PRINTK = "y";
NEW_LEDS = "y";
LEDS_CLASS = "y"; # required by rt2x00lib
NEW_LEDS = "y";
LEDS_CLASS = "y"; # required by rt2x00lib
PRINTK_TIME = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
SWCONFIG = "y";
};
PRINTK_TIME = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
SWCONFIG = "y";
};
conditionalConfig = {
WLAN = {
WLAN_VENDOR_RALINK = "y";

115
devices/gl-mt300n-v2/default.nix
View File

@@ -10,27 +10,27 @@
};
description = ''
== GL.iNet GL-MT300N-v2
== GL.iNet GL-MT300N-v2
The GL-MT300N-v2 "Mango" is is very similar to the `+gl-mt300a+`, but is
based on the MT7628 chipset instead of MT7620. It's also marginally
cheaper and comes in a yellow case not a blue one. Be sure your device
is v2 not v1, which is a different animal and has only half as much RAM.
The GL-MT300N-v2 "Mango" is is very similar to the `+gl-mt300a+`, but is
based on the MT7628 chipset instead of MT7620. It's also marginally
cheaper and comes in a yellow case not a blue one. Be sure your device
is v2 not v1, which is a different animal and has only half as much RAM.
=== Installation
=== Installation
The stock vendor firmware is a fork of OpenWrt, meaning that the binary
created by `+system-outputs-mtdimage+` can be flashed using the vendor
web UI or the U-Boot emergency "unbrick" routine.
The stock vendor firmware is a fork of OpenWrt, meaning that the binary
created by `+system-outputs-mtdimage+` can be flashed using the vendor
web UI or the U-Boot emergency "unbrick" routine.
Flashing over an existing Liminix system is not possible while that
system is running, otherwise you'll be overwriting flash partitions
while they're in use - and that might not end well. Configure the system
with `+levitate+` if you need to make it upgradable.
Flashing over an existing Liminix system is not possible while that
system is running, otherwise you'll be overwriting flash partitions
while they're in use - and that might not end well. Configure the system
with `+levitate+` if you need to make it upgradable.
Vendor web page: https://www.gl-inet.com/products/gl-mt300n-v2/
Vendor web page: https://www.gl-inet.com/products/gl-mt300n-v2/
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300n_v2
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300n_v2
'';
@@ -138,61 +138,60 @@ OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300n_v2
extraPatchPhase = ''
${openwrt.applyPatches.ramips}
'';
config =
{
config = {
RALINK = "y";
PCI = "y";
SOC_MT7620 = "y";
RALINK = "y";
PCI = "y";
SOC_MT7620 = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250 = "y";
SERIAL_CORE_CONSOLE = "y";
SERIAL_OF_PLATFORM = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250 = "y";
SERIAL_CORE_CONSOLE = "y";
SERIAL_OF_PLATFORM = "y";
CONSOLE_LOGLEVEL_DEFAULT = "8";
CONSOLE_LOGLEVEL_QUIET = "4";
CONSOLE_LOGLEVEL_DEFAULT = "8";
CONSOLE_LOGLEVEL_QUIET = "4";
MTD = "y";
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_dev
MTD = "y";
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_dev
SPI = "y";
MTD_SPI_NOR = "y";
SPI_MT7621 = "y";
SPI_MASTER = "y";
SPI_MEM = "y";
SPI = "y";
MTD_SPI_NOR = "y";
SPI_MT7621 = "y";
SPI_MASTER = "y";
SPI_MEM = "y";
REGULATOR = "y";
REGULATOR_FIXED_VOLTAGE = "y";
REGULATOR = "y";
REGULATOR_FIXED_VOLTAGE = "y";
NET = "y";
ETHERNET = "y";
NET = "y";
ETHERNET = "y";
PHYLIB = "y";
AT803X_PHY = "y";
FIXED_PHY = "y";
GENERIC_PHY = "y";
NET_VENDOR_RALINK = "y";
NET_RALINK_RT3050 = "y";
NET_RALINK_SOC = "y";
SWPHY = "y";
PHYLIB = "y";
AT803X_PHY = "y";
FIXED_PHY = "y";
GENERIC_PHY = "y";
NET_VENDOR_RALINK = "y";
NET_RALINK_RT3050 = "y";
NET_RALINK_SOC = "y";
SWPHY = "y";
GPIOLIB = "y";
GPIO_MT7621 = "y";
GPIOLIB = "y";
GPIO_MT7621 = "y";
PHY_RALINK_USB = "y";
PHY_RALINK_USB = "y";
EARLY_PRINTK = "y";
EARLY_PRINTK = "y";
PRINTK_TIME = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
SWCONFIG = "y";
}
// lib.optionalAttrs (config.system.service ? watchdog) {
RALINK_WDT = "y"; # watchdog
MT7621_WDT = "y"; # or it might be this one
};
PRINTK_TIME = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
SWCONFIG = "y";
}
// lib.optionalAttrs (config.system.service ? watchdog) {
RALINK_WDT = "y"; # watchdog
MT7621_WDT = "y"; # or it might be this one
};
conditionalConfig = {
WLAN = {
WLAN_VENDOR_RALINK = "y";

1083
devices/openwrt-one/default.nix
View File

File diff suppressed because it is too large Load Diff

16
devices/qemu-aarch64/default.nix
View File

@@ -11,16 +11,16 @@
description = ''
== QEMU Aarch64
== QEMU Aarch64
This target produces an image for the
https://www.qemu.org/docs/master/system/arm/virt.html[QEMU "virt"
platform] using a 64 bit CPU type.
This target produces an image for the
https://www.qemu.org/docs/master/system/arm/virt.html[QEMU "virt"
platform] using a 64 bit CPU type.
ARM targets differ from MIPS in that the kernel format expected by QEMU
is an "Image" (raw binary file) rather than an ELF file, but this is
taken care of by `+run.sh+`. Check the documentation for the `+qemu+`
target for more information.
ARM targets differ from MIPS in that the kernel format expected by QEMU
is an "Image" (raw binary file) rather than an ELF file, but this is
taken care of by `+run.sh+`. Check the documentation for the `+qemu+`
target for more information.
'';
# this device is described by the "qemu" device

16
devices/qemu-armv7l/default.nix
View File

@@ -11,16 +11,16 @@
# this device is described by the "qemu" device
description = ''
== QEMU ARM v7
== QEMU ARM v7
This target produces an image for the
https://www.qemu.org/docs/master/system/arm/virt.html[QEMU "virt"
platform] using a 32 bit CPU type.
This target produces an image for the
https://www.qemu.org/docs/master/system/arm/virt.html[QEMU "virt"
platform] using a 32 bit CPU type.
ARM targets differ from MIPS in that the kernel format expected by QEMU
is an "Image" (raw binary file) rather than an ELF file, but this is
taken care of by `+run.sh+`. Check the documentation for the `+QEMU+`
(MIPS) target for more information. '';
ARM targets differ from MIPS in that the kernel format expected by QEMU
is an "Image" (raw binary file) rather than an ELF file, but this is
taken care of by `+run.sh+`. Check the documentation for the `+QEMU+`
(MIPS) target for more information. '';
installer = "vmroot";
module =

26
devices/qemu/default.nix
View File

@@ -13,23 +13,23 @@
};
description = ''
== QEMU MIPS
== QEMU MIPS
This target produces an image for QEMU, the "generic and open source
machine emulator and virtualizer".
This target produces an image for QEMU, the "generic and open source
machine emulator and virtualizer".
MIPS QEMU emulates a "Malta" board, which was an ATX form factor
evaluation board made by MIPS Technologies, but mostly in Liminix we use
paravirtualized devices (Virtio) instead of emulating hardware.
MIPS QEMU emulates a "Malta" board, which was an ATX form factor
evaluation board made by MIPS Technologies, but mostly in Liminix we use
paravirtualized devices (Virtio) instead of emulating hardware.
Building an image for QEMU results in a `+result/+` directory containing
`+run.sh+` `+vmlinux+`, and `+rootfs+` files. To invoke the emulator,
run `+run.sh+`.
Building an image for QEMU results in a `+result/+` directory containing
`+run.sh+` `+vmlinux+`, and `+rootfs+` files. To invoke the emulator,
run `+run.sh+`.
The configuration includes two emulated "hardware" ethernet devices and
the kernel `+mac80211_hwsim+` module to provide an emulated wlan device.
To read more about how to connect to this network, refer to
`+qemu-networking+` in the Development manual.
The configuration includes two emulated "hardware" ethernet devices and
the kernel `+mac80211_hwsim+` module to provide an emulated wlan device.
To read more about how to connect to this network, refer to
`+qemu-networking+` in the Development manual.
'';
module =

561
devices/tp-archer-ax23/default.nix
View File

@@ -1,22 +1,22 @@
{
description = ''
== TP-Link Archer AX23 / AX1800 Dual Band Wi-Fi 6 Router
== TP-Link Archer AX23 / AX1800 Dual Band Wi-Fi 6 Router
=== Hardware summary
=== Hardware summary
* MediaTek MT7621 (880MHz)
* 16MB Flash
* 128MB RAM
* WLan hardware: Mediatek MT7905, MT7975
* MediaTek MT7621 (880MHz)
* 16MB Flash
* 128MB RAM
* WLan hardware: Mediatek MT7905, MT7975
=== Limitations
=== Limitations
Status LEDs do not work yet.
Status LEDs do not work yet.
Uploading an image via tftp doesn't work yet, because the Archer uboot
version is so old it doesn't support overriding the DTB from the mboot
command. The tftpboot module doesn't support this yet, see
https://gti.telent.net/dan/liminix/pulls/5 for the WiP.
Uploading an image via tftp doesn't work yet, because the Archer uboot
version is so old it doesn't support overriding the DTB from the mboot
command. The tftpboot module doesn't support this yet, see
https://gti.telent.net/dan/liminix/pulls/5 for the WiP.
'';
system = {
@@ -59,275 +59,274 @@ https://gti.telent.net/dan/liminix/pulls/5 for the WiP.
extraPatchPhase = ''
${pkgs.openwrt.applyPatches.ramips}
'';
config =
{
# Initially taken from openwrt's ./target/linux/ramips/mt7621/config-5.15,
# then tweaked here and there
ARCH_32BIT_OFF_T = "y";
ARCH_HIBERNATION_POSSIBLE = "y";
ARCH_KEEP_MEMBLOCK = "y";
ARCH_MMAP_RND_BITS_MAX = "15";
ARCH_MMAP_RND_COMPAT_BITS_MAX = "15";
ARCH_SUSPEND_POSSIBLE = "y";
AT803X_PHY = "y";
BLK_MQ_PCI = "y";
BOARD_SCACHE = "y";
CEVT_R4K = "y";
CLKSRC_MIPS_GIC = "y";
CLK_MT7621 = "y";
CLOCKSOURCE_WATCHDOG = "y";
CLONE_BACKWARDS = "y";
CMDLINE_BOOL = "y";
COMMON_CLK = "y";
COMPAT_32BIT_TIME = "y";
CPU_GENERIC_DUMP_TLB = "y";
CPU_HAS_DIEI = "y";
CPU_HAS_PREFETCH = "y";
CPU_HAS_RIXI = "y";
CPU_HAS_SYNC = "y";
CPU_LITTLE_ENDIAN = "y";
CPU_MIPS32 = "y";
CPU_MIPS32_R2 = "y";
CPU_MIPSR2 = "y";
CPU_MIPSR2_IRQ_EI = "y";
CPU_MIPSR2_IRQ_VI = "y";
CPU_NEEDS_NO_SMARTMIPS_OR_MICROMIPS = "y";
CPU_R4K_CACHE_TLB = "y";
CPU_RMAP = "y";
CPU_SUPPORTS_32BIT_KERNEL = "y";
CPU_SUPPORTS_HIGHMEM = "y";
CPU_SUPPORTS_MSA = "y";
CRC16 = "y";
CRYPTO_DEFLATE = "y";
CRYPTO_HASH_INFO = "y";
CRYPTO_LIB_BLAKE2S_GENERIC = "y";
CRYPTO_LIB_POLY1305_RSIZE = "2";
CRYPTO_LZO = "y";
CRYPTO_ZSTD = "y";
CSRC_R4K = "y";
DIMLIB = "y";
DMA_NONCOHERENT = "y";
DTB_RT_NONE = "y";
DTC = "y";
EARLY_PRINTK = "y";
FIXED_PHY = "y";
FWNODE_MDIO = "y";
FW_LOADER_PAGED_BUF = "y";
GENERIC_ATOMIC64 = "y";
GENERIC_CLOCKEVENTS = "y";
GENERIC_CMOS_UPDATE = "y";
GENERIC_CPU_AUTOPROBE = "y";
GENERIC_FIND_FIRST_BIT = "y";
GENERIC_GETTIMEOFDAY = "y";
GENERIC_IOMAP = "y";
GENERIC_IRQ_CHIP = "y";
GENERIC_IRQ_EFFECTIVE_AFF_MASK = "y";
GENERIC_IRQ_SHOW = "y";
GENERIC_LIB_ASHLDI3 = "y";
GENERIC_LIB_ASHRDI3 = "y";
GENERIC_LIB_CMPDI2 = "y";
GENERIC_LIB_LSHRDI3 = "y";
GENERIC_LIB_UCMPDI2 = "y";
GENERIC_PCI_IOMAP = "y";
GENERIC_PHY = "y";
GENERIC_PINCONF = "y";
GENERIC_SCHED_CLOCK = "y";
GENERIC_SMP_IDLE_THREAD = "y";
GENERIC_TIME_VSYSCALL = "y";
GLOB = "y";
GPIOLIB_IRQCHIP = "y";
GPIO_CDEV = "y";
GPIO_GENERIC = "y";
GPIO_MT7621 = "y";
GRO_CELLS = "y";
HANDLE_DOMAIN_IRQ = "y";
HARDWARE_WATCHPOINTS = "y";
HAS_DMA = "y";
HAS_IOMEM = "y";
HAS_IOPORT_MAP = "y";
I2C = "y";
I2C_ALGOBIT = "y";
I2C_BOARDINFO = "y";
I2C_CHARDEV = "y";
I2C_GPIO = "y";
I2C_MT7621 = "y";
ICPLUS_PHY = "y";
IRQCHIP = "y";
IRQ_DOMAIN = "y";
IRQ_DOMAIN_HIERARCHY = "y";
IRQ_FORCED_THREADING = "y";
IRQ_MIPS_CPU = "y";
IRQ_WORK = "y";
LIBFDT = "y";
LOCK_DEBUGGING_SUPPORT = "y";
LZO_COMPRESS = "y";
LZO_DECOMPRESS = "y";
MDIO_BUS = "y";
MDIO_DEVICE = "y";
MDIO_DEVRES = "y";
MEDIATEK_GE_PHY = "y";
MEMFD_CREATE = "y";
MFD_SYSCON = "y";
MIGRATION = "y";
MIKROTIK = "y";
MIKROTIK_RB_SYSFS = "y";
MIPS = "y";
MIPS_ASID_BITS = "8";
MIPS_ASID_SHIFT = "0";
MIPS_CLOCK_VSYSCALL = "y";
MIPS_CM = "y";
MIPS_CPC = "y";
MIPS_CPS = "y";
MIPS_CPU_SCACHE = "y";
MIPS_GIC = "y";
MIPS_L1_CACHE_SHIFT = "5";
MIPS_LD_CAN_LINK_VDSO = "y";
MIPS_MT = "y";
MIPS_MT_FPAFF = "y";
MIPS_MT_SMP = "y";
MIPS_NR_CPU_NR_MAP = "4";
MIPS_PERF_SHARED_TC_COUNTERS = "y";
MIPS_SPRAM = "y";
MODULES_USE_ELF_REL = "y";
MTD_CMDLINE_PARTS = "y";
MTD_NAND_CORE = "y";
MTD_NAND_ECC = "y";
MTD_NAND_ECC_SW_HAMMING = "y";
MTD_NAND_MT7621 = "y";
MTD_NAND_MTK_BMT = "y";
MTD_RAW_NAND = "y";
MTD_ROUTERBOOT_PARTS = "y";
MTD_SERCOMM_PARTS = "y";
MTD_SPI_NOR = "y";
MTD_SPLIT_FIT_FW = "y";
MTD_SPLIT_MINOR_FW = "y";
MTD_SPLIT_SEAMA_FW = "y";
MTD_SPLIT_TPLINK_FW = "y";
MTD_SPLIT_TRX_FW = "y";
MTD_SPLIT_UIMAGE_FW = "y";
MTD_UBI = "y";
MTD_UBI_BEB_LIMIT = "20";
MTD_UBI_BLOCK = "y";
MTD_UBI_WL_THRESHOLD = "4096";
MTD_VIRT_CONCAT = "y";
NEED_DMA_MAP_STATE = "y";
NET_DEVLINK = "y";
NET_DSA = "y";
NET_DSA_MT7530 = "y";
NET_DSA_MT7530_MDIO = "y";
NET_DSA_TAG_MTK = "y";
NET_FLOW_LIMIT = "y";
NET_MEDIATEK_SOC = "y";
NET_SELFTESTS = "y";
NET_SWITCHDEV = "y";
NET_VENDOR_MEDIATEK = "y";
NO_HZ_COMMON = "y";
NO_HZ_IDLE = "y";
NR_CPUS = "4";
NVMEM = "y";
OF = "y";
OF_ADDRESS = "y";
OF_EARLY_FLATTREE = "y";
OF_FLATTREE = "y";
OF_GPIO = "y";
OF_IRQ = "y";
OF_KOBJ = "y";
OF_MDIO = "y";
PAGE_POOL = "y";
PAGE_POOL_STATS = "y";
PCI = "y";
PCIE_MT7621 = "y";
PCI_DISABLE_COMMON_QUIRKS = "y";
PCI_DOMAINS = "y";
PCI_DOMAINS_GENERIC = "y";
PCI_DRIVERS_GENERIC = "y";
PCS_MTK_LYNXI = "y";
PERF_USE_VMALLOC = "y";
PGTABLE_LEVELS = "2";
PHYLIB = "y";
PHYLINK = "y";
PHY_MT7621_PCI = "y";
PINCTRL = "y";
PINCTRL_AW9523 = "y";
PINCTRL_MT7621 = "y";
PINCTRL_RALINK = "y";
PINCTRL_SX150X = "y";
POWER_RESET = "y";
POWER_RESET_GPIO = "y";
POWER_SUPPLY = "y";
PTP_1588_CLOCK_OPTIONAL = "y";
QUEUED_RWLOCKS = "y";
QUEUED_SPINLOCKS = "y";
RALINK = "y";
RATIONAL = "y";
REGMAP = "y";
REGMAP_I2C = "y";
REGMAP_MMIO = "y";
REGULATOR = "y";
REGULATOR_FIXED_VOLTAGE = "y";
RESET_CONTROLLER = "y";
RFS_ACCEL = "y";
RPS = "y";
RTC_CLASS = "y";
RTC_DRV_BQ32K = "y";
RTC_DRV_PCF8563 = "y";
RTC_I2C_AND_SPI = "y";
SCHED_SMT = "y";
SERIAL_8250 = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250_NR_UARTS = "3";
SERIAL_8250_RUNTIME_UARTS = "3";
SERIAL_MCTRL_GPIO = "y";
SERIAL_OF_PLATFORM = "y";
SGL_ALLOC = "y";
SMP = "y";
SMP_UP = "y";
SOCK_RX_QUEUE_MAPPING = "y";
SOC_BUS = "y";
SOC_MT7621 = "y";
SPI = "y";
SPI_MASTER = "y";
SPI_MEM = "y";
SPI_MT7621 = "y";
SRCU = "y";
SWPHY = "y";
SYNC_R4K = "y";
SYSCTL_EXCEPTION_TRACE = "y";
SYS_HAS_CPU_MIPS32_R1 = "y";
SYS_HAS_CPU_MIPS32_R2 = "y";
SYS_HAS_EARLY_PRINTK = "y";
SYS_SUPPORTS_32BIT_KERNEL = "y";
SYS_SUPPORTS_ARBIT_HZ = "y";
SYS_SUPPORTS_HIGHMEM = "y";
SYS_SUPPORTS_HOTPLUG_CPU = "y";
SYS_SUPPORTS_LITTLE_ENDIAN = "y";
SYS_SUPPORTS_MIPS16 = "y";
SYS_SUPPORTS_MIPS_CPS = "y";
SYS_SUPPORTS_MULTITHREADING = "y";
SYS_SUPPORTS_SCHED_SMT = "y";
SYS_SUPPORTS_SMP = "y";
SYS_SUPPORTS_ZBOOT = "y";
TARGET_ISA_REV = "2";
TICK_CPU_ACCOUNTING = "y";
TIMER_OF = "y";
TIMER_PROBE = "y";
TREE_RCU = "y";
TREE_SRCU = "y";
UBIFS_FS = "y";
USB_SUPPORT = "y";
USE_OF = "y";
WEAK_ORDERING = "y";
XPS = "y";
XXHASH = "y";
ZLIB_DEFLATE = "y";
ZLIB_INFLATE = "y";
ZSTD_COMPRESS = "y";
ZSTD_DECOMPRESS = "y";
}
// lib.optionalAttrs (config.system.service ? watchdog) {
RALINK_WDT = "y"; # watchdog
MT7621_WDT = "y"; # or it might be this one
};
config = {
# Initially taken from openwrt's ./target/linux/ramips/mt7621/config-5.15,
# then tweaked here and there
ARCH_32BIT_OFF_T = "y";
ARCH_HIBERNATION_POSSIBLE = "y";
ARCH_KEEP_MEMBLOCK = "y";
ARCH_MMAP_RND_BITS_MAX = "15";
ARCH_MMAP_RND_COMPAT_BITS_MAX = "15";
ARCH_SUSPEND_POSSIBLE = "y";
AT803X_PHY = "y";
BLK_MQ_PCI = "y";
BOARD_SCACHE = "y";
CEVT_R4K = "y";
CLKSRC_MIPS_GIC = "y";
CLK_MT7621 = "y";
CLOCKSOURCE_WATCHDOG = "y";
CLONE_BACKWARDS = "y";
CMDLINE_BOOL = "y";
COMMON_CLK = "y";
COMPAT_32BIT_TIME = "y";
CPU_GENERIC_DUMP_TLB = "y";
CPU_HAS_DIEI = "y";
CPU_HAS_PREFETCH = "y";
CPU_HAS_RIXI = "y";
CPU_HAS_SYNC = "y";
CPU_LITTLE_ENDIAN = "y";
CPU_MIPS32 = "y";
CPU_MIPS32_R2 = "y";
CPU_MIPSR2 = "y";
CPU_MIPSR2_IRQ_EI = "y";
CPU_MIPSR2_IRQ_VI = "y";
CPU_NEEDS_NO_SMARTMIPS_OR_MICROMIPS = "y";
CPU_R4K_CACHE_TLB = "y";
CPU_RMAP = "y";
CPU_SUPPORTS_32BIT_KERNEL = "y";
CPU_SUPPORTS_HIGHMEM = "y";
CPU_SUPPORTS_MSA = "y";
CRC16 = "y";
CRYPTO_DEFLATE = "y";
CRYPTO_HASH_INFO = "y";
CRYPTO_LIB_BLAKE2S_GENERIC = "y";
CRYPTO_LIB_POLY1305_RSIZE = "2";
CRYPTO_LZO = "y";
CRYPTO_ZSTD = "y";
CSRC_R4K = "y";
DIMLIB = "y";
DMA_NONCOHERENT = "y";
DTB_RT_NONE = "y";
DTC = "y";
EARLY_PRINTK = "y";
FIXED_PHY = "y";
FWNODE_MDIO = "y";
FW_LOADER_PAGED_BUF = "y";
GENERIC_ATOMIC64 = "y";
GENERIC_CLOCKEVENTS = "y";
GENERIC_CMOS_UPDATE = "y";
GENERIC_CPU_AUTOPROBE = "y";
GENERIC_FIND_FIRST_BIT = "y";
GENERIC_GETTIMEOFDAY = "y";
GENERIC_IOMAP = "y";
GENERIC_IRQ_CHIP = "y";
GENERIC_IRQ_EFFECTIVE_AFF_MASK = "y";
GENERIC_IRQ_SHOW = "y";
GENERIC_LIB_ASHLDI3 = "y";
GENERIC_LIB_ASHRDI3 = "y";
GENERIC_LIB_CMPDI2 = "y";
GENERIC_LIB_LSHRDI3 = "y";
GENERIC_LIB_UCMPDI2 = "y";
GENERIC_PCI_IOMAP = "y";
GENERIC_PHY = "y";
GENERIC_PINCONF = "y";
GENERIC_SCHED_CLOCK = "y";
GENERIC_SMP_IDLE_THREAD = "y";
GENERIC_TIME_VSYSCALL = "y";
GLOB = "y";
GPIOLIB_IRQCHIP = "y";
GPIO_CDEV = "y";
GPIO_GENERIC = "y";
GPIO_MT7621 = "y";
GRO_CELLS = "y";
HANDLE_DOMAIN_IRQ = "y";
HARDWARE_WATCHPOINTS = "y";
HAS_DMA = "y";
HAS_IOMEM = "y";
HAS_IOPORT_MAP = "y";
I2C = "y";
I2C_ALGOBIT = "y";
I2C_BOARDINFO = "y";
I2C_CHARDEV = "y";
I2C_GPIO = "y";
I2C_MT7621 = "y";
ICPLUS_PHY = "y";
IRQCHIP = "y";
IRQ_DOMAIN = "y";
IRQ_DOMAIN_HIERARCHY = "y";
IRQ_FORCED_THREADING = "y";
IRQ_MIPS_CPU = "y";
IRQ_WORK = "y";
LIBFDT = "y";
LOCK_DEBUGGING_SUPPORT = "y";
LZO_COMPRESS = "y";
LZO_DECOMPRESS = "y";
MDIO_BUS = "y";
MDIO_DEVICE = "y";
MDIO_DEVRES = "y";
MEDIATEK_GE_PHY = "y";
MEMFD_CREATE = "y";
MFD_SYSCON = "y";
MIGRATION = "y";
MIKROTIK = "y";
MIKROTIK_RB_SYSFS = "y";
MIPS = "y";
MIPS_ASID_BITS = "8";
MIPS_ASID_SHIFT = "0";
MIPS_CLOCK_VSYSCALL = "y";
MIPS_CM = "y";
MIPS_CPC = "y";
MIPS_CPS = "y";
MIPS_CPU_SCACHE = "y";
MIPS_GIC = "y";
MIPS_L1_CACHE_SHIFT = "5";
MIPS_LD_CAN_LINK_VDSO = "y";
MIPS_MT = "y";
MIPS_MT_FPAFF = "y";
MIPS_MT_SMP = "y";
MIPS_NR_CPU_NR_MAP = "4";
MIPS_PERF_SHARED_TC_COUNTERS = "y";
MIPS_SPRAM = "y";
MODULES_USE_ELF_REL = "y";
MTD_CMDLINE_PARTS = "y";
MTD_NAND_CORE = "y";
MTD_NAND_ECC = "y";
MTD_NAND_ECC_SW_HAMMING = "y";
MTD_NAND_MT7621 = "y";
MTD_NAND_MTK_BMT = "y";
MTD_RAW_NAND = "y";
MTD_ROUTERBOOT_PARTS = "y";
MTD_SERCOMM_PARTS = "y";
MTD_SPI_NOR = "y";
MTD_SPLIT_FIT_FW = "y";
MTD_SPLIT_MINOR_FW = "y";
MTD_SPLIT_SEAMA_FW = "y";
MTD_SPLIT_TPLINK_FW = "y";
MTD_SPLIT_TRX_FW = "y";
MTD_SPLIT_UIMAGE_FW = "y";
MTD_UBI = "y";
MTD_UBI_BEB_LIMIT = "20";
MTD_UBI_BLOCK = "y";
MTD_UBI_WL_THRESHOLD = "4096";
MTD_VIRT_CONCAT = "y";
NEED_DMA_MAP_STATE = "y";
NET_DEVLINK = "y";
NET_DSA = "y";
NET_DSA_MT7530 = "y";
NET_DSA_MT7530_MDIO = "y";
NET_DSA_TAG_MTK = "y";
NET_FLOW_LIMIT = "y";
NET_MEDIATEK_SOC = "y";
NET_SELFTESTS = "y";
NET_SWITCHDEV = "y";
NET_VENDOR_MEDIATEK = "y";
NO_HZ_COMMON = "y";
NO_HZ_IDLE = "y";
NR_CPUS = "4";
NVMEM = "y";
OF = "y";
OF_ADDRESS = "y";
OF_EARLY_FLATTREE = "y";
OF_FLATTREE = "y";
OF_GPIO = "y";
OF_IRQ = "y";
OF_KOBJ = "y";
OF_MDIO = "y";
PAGE_POOL = "y";
PAGE_POOL_STATS = "y";
PCI = "y";
PCIE_MT7621 = "y";
PCI_DISABLE_COMMON_QUIRKS = "y";
PCI_DOMAINS = "y";
PCI_DOMAINS_GENERIC = "y";
PCI_DRIVERS_GENERIC = "y";
PCS_MTK_LYNXI = "y";
PERF_USE_VMALLOC = "y";
PGTABLE_LEVELS = "2";
PHYLIB = "y";
PHYLINK = "y";
PHY_MT7621_PCI = "y";
PINCTRL = "y";
PINCTRL_AW9523 = "y";
PINCTRL_MT7621 = "y";
PINCTRL_RALINK = "y";
PINCTRL_SX150X = "y";
POWER_RESET = "y";
POWER_RESET_GPIO = "y";
POWER_SUPPLY = "y";
PTP_1588_CLOCK_OPTIONAL = "y";
QUEUED_RWLOCKS = "y";
QUEUED_SPINLOCKS = "y";
RALINK = "y";
RATIONAL = "y";
REGMAP = "y";
REGMAP_I2C = "y";
REGMAP_MMIO = "y";
REGULATOR = "y";
REGULATOR_FIXED_VOLTAGE = "y";
RESET_CONTROLLER = "y";
RFS_ACCEL = "y";
RPS = "y";
RTC_CLASS = "y";
RTC_DRV_BQ32K = "y";
RTC_DRV_PCF8563 = "y";
RTC_I2C_AND_SPI = "y";
SCHED_SMT = "y";
SERIAL_8250 = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250_NR_UARTS = "3";
SERIAL_8250_RUNTIME_UARTS = "3";
SERIAL_MCTRL_GPIO = "y";
SERIAL_OF_PLATFORM = "y";
SGL_ALLOC = "y";
SMP = "y";
SMP_UP = "y";
SOCK_RX_QUEUE_MAPPING = "y";
SOC_BUS = "y";
SOC_MT7621 = "y";
SPI = "y";
SPI_MASTER = "y";
SPI_MEM = "y";
SPI_MT7621 = "y";
SRCU = "y";
SWPHY = "y";
SYNC_R4K = "y";
SYSCTL_EXCEPTION_TRACE = "y";
SYS_HAS_CPU_MIPS32_R1 = "y";
SYS_HAS_CPU_MIPS32_R2 = "y";
SYS_HAS_EARLY_PRINTK = "y";
SYS_SUPPORTS_32BIT_KERNEL = "y";
SYS_SUPPORTS_ARBIT_HZ = "y";
SYS_SUPPORTS_HIGHMEM = "y";
SYS_SUPPORTS_HOTPLUG_CPU = "y";
SYS_SUPPORTS_LITTLE_ENDIAN = "y";
SYS_SUPPORTS_MIPS16 = "y";
SYS_SUPPORTS_MIPS_CPS = "y";
SYS_SUPPORTS_MULTITHREADING = "y";
SYS_SUPPORTS_SCHED_SMT = "y";
SYS_SUPPORTS_SMP = "y";
SYS_SUPPORTS_ZBOOT = "y";
TARGET_ISA_REV = "2";
TICK_CPU_ACCOUNTING = "y";
TIMER_OF = "y";
TIMER_PROBE = "y";
TREE_RCU = "y";
TREE_SRCU = "y";
UBIFS_FS = "y";
USB_SUPPORT = "y";
USE_OF = "y";
WEAK_ORDERING = "y";
XPS = "y";
XXHASH = "y";
ZLIB_DEFLATE = "y";
ZLIB_INFLATE = "y";
ZSTD_COMPRESS = "y";
ZSTD_DECOMPRESS = "y";
}
// lib.optionalAttrs (config.system.service ? watchdog) {
RALINK_WDT = "y"; # watchdog
MT7621_WDT = "y"; # or it might be this one
};
conditionalConfig = {
WLAN = {
MT7915E = "m";

236
devices/turris-omnia/default.nix
View File

@@ -1,151 +1,151 @@
{
description = ''
== Turris Omnia
== Turris Omnia
This is a 32 bit ARMv7 MVEBU device, which is usually shipped with
TurrisOS, an OpenWrt-based system. Rather than reformatting the builtin
storage, we install Liminix on to the existing btrfs filesystem so that
the vendor snapshot/recovery system continues to work (and provides you
an easy rollback if you decide you don't like Liminix after all).
This is a 32 bit ARMv7 MVEBU device, which is usually shipped with
TurrisOS, an OpenWrt-based system. Rather than reformatting the builtin
storage, we install Liminix on to the existing btrfs filesystem so that
the vendor snapshot/recovery system continues to work (and provides you
an easy rollback if you decide you don't like Liminix after all).
The install process has two stages, and is intended that you should not
need to open the device and add a serial console (although it may be
handy for visibility, and in case anything goes wrong). First we build a
minimal installation/recovery system, then we reboot into that recovery
image to prepare the device for the full target install.
The install process has two stages, and is intended that you should not
need to open the device and add a serial console (although it may be
handy for visibility, and in case anything goes wrong). First we build a
minimal installation/recovery system, then we reboot into that recovery
image to prepare the device for the full target install.
=== Installation using a USB stick
=== Installation using a USB stick
First, build the image for the USB stick. Review
`+examples/recovery.nix+` in order to change the default root password
(which is `+secret+`) and/or the SSH keys, then build it with
First, build the image for the USB stick. Review
`+examples/recovery.nix+` in order to change the default root password
(which is `+secret+`) and/or the SSH keys, then build it with
[source,console]
----
$ nix-build -I liminix-config=./examples/recovery.nix \
--arg device "import ./devices/turris-omnia" \
-A outputs.mbrimage -o mbrimage
$ file -L mbrimage
mbrimage: DOS/MBR boot sector; partition 1 : ID=0x83, active, start-CHS (0x0,0,5), end-CHS (0x6,130,26), startsector 4, 104602 sectors
----
[source,console]
----
$ nix-build -I liminix-config=./examples/recovery.nix \
--arg device "import ./devices/turris-omnia" \
-A outputs.mbrimage -o mbrimage
$ file -L mbrimage
mbrimage: DOS/MBR boot sector; partition 1 : ID=0x83, active, start-CHS (0x0,0,5), end-CHS (0x6,130,26), startsector 4, 104602 sectors
----
Next, copy the image from your build machine to a USB storage medium
using `+dd+` or your other most favoured file copying tool, which might
be a comand something like this:
Next, copy the image from your build machine to a USB storage medium
using `+dd+` or your other most favoured file copying tool, which might
be a comand something like this:
[source,console]
----
$ dd if=mbrimage of=/dev/path/to/the/usb/stick \
bs=1M conv=fdatasync status=progress
----
[source,console]
----
$ dd if=mbrimage of=/dev/path/to/the/usb/stick \
bs=1M conv=fdatasync status=progress
----
The Omnia's default boot order only checks USB after it has failed to
boot from eMMC, which is not ideal for our purpose. Unless you have a
serial cable, the easiest way to change this is by booting to TurrisOS
and logging in with ssh:
The Omnia's default boot order only checks USB after it has failed to
boot from eMMC, which is not ideal for our purpose. Unless you have a
serial cable, the easiest way to change this is by booting to TurrisOS
and logging in with ssh:
[source,console]
----
root@turris:/# fw_printenv boot_targets
boot_targets=mmc0 nvme0 scsi0 usb0 pxe dhcp
root@turris:/# fw_setenv boot_targets usb0 mmc0
root@turris:/# fw_printenv boot_targets
boot_targets=usb0 mmc0
root@turris:/# reboot -f
----
[source,console]
----
root@turris:/# fw_printenv boot_targets
boot_targets=mmc0 nvme0 scsi0 usb0 pxe dhcp
root@turris:/# fw_setenv boot_targets usb0 mmc0
root@turris:/# fw_printenv boot_targets
boot_targets=usb0 mmc0
root@turris:/# reboot -f
----
It should now boot into the recovery image. It expects a network cable
to be plugged into LAN2 with something on the other end of it that
serves DHCP requests. Check your DHCP server logs for a request from a
`+liminix-recovery+` host and figure out what IP address was assigned.
It should now boot into the recovery image. It expects a network cable
to be plugged into LAN2 with something on the other end of it that
serves DHCP requests. Check your DHCP server logs for a request from a
`+liminix-recovery+` host and figure out what IP address was assigned.
[source,console]
----
$ ssh liminix-recovery.lan
----
[source,console]
----
$ ssh liminix-recovery.lan
----
You should get a "Busybox" banner and a root prompt. Now you can start
preparing the device to install Liminix on it. First we'll mount the
root filesystem and take a snapshot:
You should get a "Busybox" banner and a root prompt. Now you can start
preparing the device to install Liminix on it. First we'll mount the
root filesystem and take a snapshot:
[source,console]
----
# mkdir /dest && mount /dev/mmcblk0p1 /dest
# schnapps -d /dest create "pre liminix"
# schnapps -d /dest list
ERROR: not a valid btrfs filesystem: /
# | Type | Size | Date | Description
------+-----------+-------------+---------------------------+------------------------------------
1 | single | 16.00KiB | 1970-01-01 00:11:49 +0000 | pre liminix
----
[source,console]
----
# mkdir /dest && mount /dev/mmcblk0p1 /dest
# schnapps -d /dest create "pre liminix"
# schnapps -d /dest list
ERROR: not a valid btrfs filesystem: /
# | Type | Size | Date | Description
------+-----------+-------------+---------------------------+------------------------------------
1 | single | 16.00KiB | 1970-01-01 00:11:49 +0000 | pre liminix
----
(`+not a valid btrfs filesystem: /+` is not a real error)
(`+not a valid btrfs filesystem: /+` is not a real error)
then we can remove all the files
then we can remove all the files
[source,console]
----
# rm -r /dest/@/*
----
[source,console]
----
# rm -r /dest/@/*
----
and then it's ready to install the real Liminix system onto. On your
build system, create the Liminix configuration you wish to install: here
we'll use the `+rotuer+` example.
and then it's ready to install the real Liminix system onto. On your
build system, create the Liminix configuration you wish to install: here
we'll use the `+rotuer+` example.
[source,console]
----
build$ nix-build -I liminix-config=./examples/rotuer.nix \
--arg device "import ./devices/turris-omnia" \
-A outputs.systemConfiguration
----
[source,console]
----
build$ nix-build -I liminix-config=./examples/rotuer.nix \
--arg device "import ./devices/turris-omnia" \
-A outputs.systemConfiguration
----
and then use `+min-copy-closure+` to copy it to the device.
and then use `+min-copy-closure+` to copy it to the device.
[source,console]
----
build$ nix-shell --run \
"min-copy-closure -r /dest/@ root@liminix-recovery.lan result"
----
[source,console]
----
build$ nix-shell --run \
"min-copy-closure -r /dest/@ root@liminix-recovery.lan result"
----
and activate it
and activate it
[source,console]
----
build$ ssh root@liminix-recovery.lan \
"/dest/@/$(readlink result)/bin/install /dest/@"
----
[source,console]
----
build$ ssh root@liminix-recovery.lan \
"/dest/@/$(readlink result)/bin/install /dest/@"
----
The final steps are performed directly on the device again: add a
symlink so U-Boot can find `+/boot+`, then restore the default boot
order and reboot into the new configuration.
The final steps are performed directly on the device again: add a
symlink so U-Boot can find `+/boot+`, then restore the default boot
order and reboot into the new configuration.
[source,console]
----
# cd /dest && ln -s @/boot .
# fw_setenv boot_targets "mmc0 nvme0 scsi0 usb0 pxe dhcp"
# cd / ; umount /dest
# reboot
----
[source,console]
----
# cd /dest && ln -s @/boot .
# fw_setenv boot_targets "mmc0 nvme0 scsi0 usb0 pxe dhcp"
# cd / ; umount /dest
# reboot
----
=== Installation using a TFTP server and serial console
=== Installation using a TFTP server and serial console
If you have a <<serial,serial console connection>> and a TFTP server, and would
rather use them than fiddling with USB sticks, the
`+examples/recovery.nix+` configuration also works using the
`+tftpboot+` output. So you can do
If you have a <<serial,serial console connection>> and a TFTP server, and would
rather use them than fiddling with USB sticks, the
`+examples/recovery.nix+` configuration also works using the
`+tftpboot+` output. So you can do
[source,console]
----
build$ nix-build -I liminix-config=./examples/recovery.nix \
--arg device "import ./devices/turris-omnia" \
-A outputs.tftpboot
----
[source,console]
----
build$ nix-build -I liminix-config=./examples/recovery.nix \
--arg device "import ./devices/turris-omnia" \
-A outputs.tftpboot
----
and then paste the generated `+result/boot.scr+` into U-Boot, and you
will end up with the same system as you would have had after booting
from USB. If you don't have a serial console connection you could
probably even get clever with elaborate use of `+fw_setenv+`, but that
is left as an exercise for the reader.
and then paste the generated `+result/boot.scr+` into U-Boot, and you
will end up with the same system as you would have had after booting
from USB. If you don't have a serial console connection you could
probably even get clever with elaborate use of `+fw_setenv+`, but that
is left as an exercise for the reader.
'';

289
devices/zyxel-nwa50ax/default.nix
View File

@@ -11,92 +11,92 @@
description = ''
== Zyxel NWA50AX
== Zyxel NWA50AX
Zyxel NWA50AX is quite close to the GL-MT300N-v2 "Mango" device, but it is based on the MT7621
chipset instead of the MT7628.
Zyxel NWA50AX is quite close to the GL-MT300N-v2 "Mango" device, but it is based on the MT7621
chipset instead of the MT7628.
=== Installation
=== Installation
This device is pretty, but, due to its A/B capabilities, can be a bit hard
to use completely.
This device is pretty, but, due to its A/B capabilities, can be a bit hard
to use completely.
The stock vendor firmware is a downstream fork of U-Boot: <https://github.com/RaitoBezarius/uboot-nwa50ax>
with restricted boot commands. Fortunately, OpenWrt folks figured out trivial command injections,
so you can use most of the OpenWrt commands without trouble by just command injecting
atns, atna or atnf, e.g. atns "; $real_command".
The stock vendor firmware is a downstream fork of U-Boot: <https://github.com/RaitoBezarius/uboot-nwa50ax>
with restricted boot commands. Fortunately, OpenWrt folks figured out trivial command injections,
so you can use most of the OpenWrt commands without trouble by just command injecting
atns, atna or atnf, e.g. atns "; $real_command".
From factory web UI, you can upload the result of the zyxel-nwa-fit output.
From another operating system, you need to `dumpimage -T flat_dt -p 0 $zyxel-nwa-fit -o firmware.bin`,
`flash_erase $(mtd partition of the target partition firmware or zy_firmware) 0 0`, then you complete by
`nandwrite -p $(mtd partition of the target partition firmware or zy_firmware) firmware.bin`.
From factory web UI, you can upload the result of the zyxel-nwa-fit output.
From another operating system, you need to `dumpimage -T flat_dt -p 0 $zyxel-nwa-fit -o firmware.bin`,
`flash_erase $(mtd partition of the target partition firmware or zy_firmware) 0 0`, then you complete by
`nandwrite -p $(mtd partition of the target partition firmware or zy_firmware) firmware.bin`.
How to put the firmware.bin on the machine is left to you as an exercise, e.g. SSH, TFTP, whatever.
How to put the firmware.bin on the machine is left to you as an exercise, e.g. SSH, TFTP, whatever.
From serial, you have two choices:
From serial, you have two choices:
- Flash this system via U-Boot:
same reasoning as from an existing Linux system, two choices:
- ymodem the binary, perform the write manually, you can inspire yourself
from the `script` contained in the vendor firmware, those are just a FIT containing a script.
- prepare a FIT containing a script executing your commands, tftpboot this.
- Flash this system via U-Boot:
same reasoning as from an existing Linux system, two choices:
- ymodem the binary, perform the write manually, you can inspire yourself
from the `script` contained in the vendor firmware, those are just a FIT containing a script.
- prepare a FIT containing a script executing your commands, tftpboot this.
- boot from an existing Liminix system, e.g. TFTPBOOT image.
- boot from an OpenWrt system, i.e. follow OpenWrt steps.
- boot from an existing Liminix system, e.g. TFTPBOOT image.
- boot from an OpenWrt system, i.e. follow OpenWrt steps.
Once you are in a Linux system, understand that this device has A/B boot.
Once you are in a Linux system, understand that this device has A/B boot.
OpenWrt provides you with `zyxel-bootconfig` to set/unset the image status and choice.
OpenWrt provides you with `zyxel-bootconfig` to set/unset the image status and choice.
The kernel is booted with `bootImage=<number>` which tells you which slot are you on.
The kernel is booted with `bootImage=<number>` which tells you which slot are you on.
You should find yourself with 10ish MTD partitions, the most interesting ones are two:
You should find yourself with 10ish MTD partitions, the most interesting ones are two:
- firmware: 40MB
- firmware_1: 40MB
- firmware: 40MB
- firmware_1: 40MB
In the current setup, they are split further into kernel (8MB) and ubi (32MB).
In the current setup, they are split further into kernel (8MB) and ubi (32MB).
Once you are done with first installation, note that if you want to use the A/B feature,
you need to write a secondary image on the slot B. There is no proper flashing code
that will set the being-updated slot to `new` and boot on it to verify if it's working.
This is a WIP.
Once you are done with first installation, note that if you want to use the A/B feature,
you need to write a secondary image on the slot B. There is no proper flashing code
that will set the being-updated slot to `new` and boot on it to verify if it's working.
This is a WIP.
Upgrading your system can be achieved via:
Upgrading your system can be achieved via:
- `liminix-rebuild` for the userspace.
- `flash_erase` + `nandwrite` for the kernelspace to the other slot than the one you are booted on,
note that you can just nandwrite the mtd partition corresponding to the *kernel* and not the whole firmware.
- `liminix-rebuild` for the userspace.
- `flash_erase` + `nandwrite` for the kernelspace to the other slot than the one you are booted on,
note that you can just nandwrite the mtd partition corresponding to the *kernel* and not the whole firmware.
If you soft-bricked your AP, i.e. you cannot boot anything in U-Boot, no worries, just plug the serial console,
prepare a TFTP server (via `tufted` for example), download vendor firmware, set up `atns`, `atnf`, etc. and run `atnz`.
If you soft-bricked your AP, i.e. you cannot boot anything in U-Boot, no worries, just plug the serial console,
prepare a TFTP server (via `tufted` for example), download vendor firmware, set up `atns`, `atnf`, etc. and run `atnz`.
This will reflash everything back to normal via TFTP.
This will reflash everything back to normal via TFTP.
If you hard-bricked your AP, i.e. U-Boot is telling you to transfer a valid bootloader via ymodem, just extract
a U-Boot from the vendor OS, send it via ymodem and use the previous operations to perform a full flash this time
of all partitions.
If you hard-bricked your AP, i.e. U-Boot is telling you to transfer a valid bootloader via ymodem, just extract
a U-Boot from the vendor OS, send it via ymodem and use the previous operations to perform a full flash this time
of all partitions.
Note that if you erased your MRD partition, you lost your serial and MAC address. There's no way to recover the original one
except by reading the physical label on your device!
Note that if you erased your MRD partition, you lost your serial and MAC address. There's no way to recover the original one
except by reading the physical label on your device!
If you super-hard-bricked your AP, i.e. no output on serial console, congratulations, you reached one of the rare state
of this device. You need an external NAND flasher to repair it and write the first stage from Mediatek to continue the previous
recovery operations.
If you super-hard-bricked your AP, i.e. no output on serial console, congratulations, you reached one of the rare state
of this device. You need an external NAND flasher to repair it and write the first stage from Mediatek to continue the previous
recovery operations.
Development TODO list:
Development TODO list:
- Better support for upgrade automation w.r.t. to A/B, e.g. automagic scripts.
- Mount the logs partition, mount / as overlayfs of firmware ? rootfs and rootfs_data for extended data.
- Jitter-based entropy injection? Device can be slow to initialize its CRNG and hostapd will reject few clients at the start because of that.
- Defaults for hostapd based on MT7915 capabilities? See the example for one possible list.
- Remove primary/secondary hack and put it in preinit.
- Offer ways to reflash the *bootloader* itself to support direct boot via UBI and kernel upgrades via filesystem rewrite.
- Better support for upgrade automation w.r.t. to A/B, e.g. automagic scripts.
- Mount the logs partition, mount / as overlayfs of firmware ? rootfs and rootfs_data for extended data.
- Jitter-based entropy injection? Device can be slow to initialize its CRNG and hostapd will reject few clients at the start because of that.
- Defaults for hostapd based on MT7915 capabilities? See the example for one possible list.
- Remove primary/secondary hack and put it in preinit.
- Offer ways to reflash the *bootloader* itself to support direct boot via UBI and kernel upgrades via filesystem rewrite.
Vendor web page: https://www.zyxel.com/fr/fr/products/wireless/ax1800-wifi-6-dual-radio-nebulaflex-access-point-nwa50ax
Vendor web page: https://www.zyxel.com/fr/fr/products/wireless/ax1800-wifi-6-dual-radio-nebulaflex-access-point-nwa50ax
OpenWrt web page: https://openwrt.org/inbox/toh/zyxel/nwa50ax
OpenWrt tech data: https://openwrt.org/toh/hwdata/zyxel/zyxel_nwa50ax
OpenWrt web page: https://openwrt.org/inbox/toh/zyxel/nwa50ax
OpenWrt tech data: https://openwrt.org/toh/hwdata/zyxel/zyxel_nwa50ax
'';
@@ -261,110 +261,109 @@ OpenWrt tech data: https://openwrt.org/toh/hwdata/zyxel/zyxel_nwa50ax
extraPatchPhase = ''
${openwrt.applyPatches.ramips}
'';
config =
{
config = {
RALINK = "y";
PCI = "y";
PHY_MT7621_PCI = "y";
PCIE_MT7621 = "y";
SOC_MT7621 = "y";
CLK_MT7621 = "y";
CLOCKSOURCE_WATCHDOG = "y";
RALINK = "y";
PCI = "y";
PHY_MT7621_PCI = "y";
PCIE_MT7621 = "y";
SOC_MT7621 = "y";
CLK_MT7621 = "y";
CLOCKSOURCE_WATCHDOG = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250 = "y";
SERIAL_CORE_CONSOLE = "y";
SERIAL_OF_PLATFORM = "y";
SERIAL_8250_NR_UARTS = "3";
SERIAL_8250_RUNTIME_UARTS = "3";
SERIAL_MCTRL_GPIO = "y";
SERIAL_8250_CONSOLE = "y";
SERIAL_8250 = "y";
SERIAL_CORE_CONSOLE = "y";
SERIAL_OF_PLATFORM = "y";
SERIAL_8250_NR_UARTS = "3";
SERIAL_8250_RUNTIME_UARTS = "3";
SERIAL_MCTRL_GPIO = "y";
CONSOLE_LOGLEVEL_DEFAULT = "8";
CONSOLE_LOGLEVEL_QUIET = "4";
CONSOLE_LOGLEVEL_DEFAULT = "8";
CONSOLE_LOGLEVEL_QUIET = "4";
# MTD_UBI_BEB_LIMIT = "20";
# MTD_UBI_WL_THRESHOLD = "4096";
# MTD_UBI_BEB_LIMIT = "20";
# MTD_UBI_WL_THRESHOLD = "4096";
MTD = "y";
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_dev
MTD_RAW_NAND = "y";
MTD_NAND_MT7621 = "y";
MTD_NAND_MTK_BMT = "y"; # Bad-block Management Table
MTD_NAND_ECC_SW_HAMMING = "y";
MTD_SPI_NAND = "y";
MTD_OF_PARTS = "y";
MTD_NAND_CORE = "y";
MTD_SPLIT_FIRMWARE = "y";
MTD_SPLIT_FIT_FW = "y";
MTD = "y";
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_dev
MTD_RAW_NAND = "y";
MTD_NAND_MT7621 = "y";
MTD_NAND_MTK_BMT = "y"; # Bad-block Management Table
MTD_NAND_ECC_SW_HAMMING = "y";
MTD_SPI_NAND = "y";
MTD_OF_PARTS = "y";
MTD_NAND_CORE = "y";
MTD_SPLIT_FIRMWARE = "y";
MTD_SPLIT_FIT_FW = "y";
PINCTRL = "y";
PINCTRL_MT7621 = "y";
PINCTRL = "y";
PINCTRL_MT7621 = "y";
I2C = "y";
I2C_MT7621 = "y";
I2C = "y";
I2C_MT7621 = "y";
SPI = "y";
MTD_SPI_NOR = "y";
SPI_MT7621 = "y";
SPI_MASTER = "y";
SPI_MEM = "y";
SPI = "y";
MTD_SPI_NOR = "y";
SPI_MT7621 = "y";
SPI_MASTER = "y";
SPI_MEM = "y";
REGULATOR = "y";
REGULATOR_FIXED_VOLTAGE = "y";
RESET_CONTROLLER = "y";
POWER_RESET = "y";
POWER_RESET_GPIO = "y";
POWER_SUPPLY = "y";
LED_TRIGGER_PHY = "y";
REGULATOR = "y";
REGULATOR_FIXED_VOLTAGE = "y";
RESET_CONTROLLER = "y";
POWER_RESET = "y";
POWER_RESET_GPIO = "y";
POWER_SUPPLY = "y";
LED_TRIGGER_PHY = "y";
PCI_DISABLE_COMMON_QUIRKS = "y";
PCI_DOMAINS = "y";
PCI_DOMAINS_GENERIC = "y";
PCI_DRIVERS_GENERIC = "y";
PCS_MTK_LYNXI = "y";
PCI_DISABLE_COMMON_QUIRKS = "y";
PCI_DOMAINS = "y";
PCI_DOMAINS_GENERIC = "y";
PCI_DRIVERS_GENERIC = "y";
PCS_MTK_LYNXI = "y";
SOC_BUS = "y";
SOC_BUS = "y";
NET = "y";
ETHERNET = "y";
WLAN = "y";
NET = "y";
ETHERNET = "y";
WLAN = "y";
PHYLIB = "y";
AT803X_PHY = "y";
FIXED_PHY = "y";
GENERIC_PHY = "y";
NET_DSA = "y";
NET_DSA_MT7530 = "y";
NET_DSA_MT7530_MDIO = "y";
NET_DSA_TAG_MTK = "y";
NET_MEDIATEK_SOC = "y";
NET_SWITCHDEV = "y";
NET_VENDOR_MEDIATEK = "y";
PHYLIB = "y";
AT803X_PHY = "y";
FIXED_PHY = "y";
GENERIC_PHY = "y";
NET_DSA = "y";
NET_DSA_MT7530 = "y";
NET_DSA_MT7530_MDIO = "y";
NET_DSA_TAG_MTK = "y";
NET_MEDIATEK_SOC = "y";
NET_SWITCHDEV = "y";
NET_VENDOR_MEDIATEK = "y";
SWPHY = "y";
SWPHY = "y";
GPIOLIB = "y";
GPIO_MT7621 = "y";
OF_GPIO = "y";
GPIOLIB = "y";
GPIO_MT7621 = "y";
OF_GPIO = "y";
EARLY_PRINTK = "y";
EARLY_PRINTK = "y";
NEW_LEDS = "y";
LEDS_TRIGGERS = "y";
LEDS_CLASS = "y"; # required by rt2x00lib
LEDS_CLASS_MULTICOLOR = "y";
LEDS_BRIGHTNESS_HW_CHANGED = "y";
NEW_LEDS = "y";
LEDS_TRIGGERS = "y";
LEDS_CLASS = "y"; # required by rt2x00lib
LEDS_CLASS_MULTICOLOR = "y";
LEDS_BRIGHTNESS_HW_CHANGED = "y";
PRINTK_TIME = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
SWCONFIG = "y";
}
// lib.optionalAttrs (config.system.service ? watchdog) {
RALINK_WDT = "y"; # watchdog
MT7621_WDT = "y"; # or it might be this one
};
PRINTK_TIME = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
SWCONFIG = "y";
}
// lib.optionalAttrs (config.system.service ? watchdog) {
RALINK_WDT = "y"; # watchdog
MT7621_WDT = "y"; # or it might be this one
};
};
};
}

25
doc.nix
View File

@@ -1,4 +1,5 @@
{ stdenv,
{
stdenv,
lib,
liminix,
gnumake,
@@ -6,7 +7,7 @@
pandoc,
luaPackages,
asciidoctor,
borderVmConf
borderVmConf,
}:
let
json =
@@ -30,13 +31,19 @@ stdenv.mkDerivation {
luaPackages.lyaml
];
src = lib.sources.sourceFilesBySuffices
(lib.cleanSource ./. ) [
".adoc"
".nix" ".rst" "Makefile" ".svg"
".fnl" ".py" ".css" ".html"
".md" ".html.in"
];
src = lib.sources.sourceFilesBySuffices (lib.cleanSource ./.) [
".adoc"
".nix"
".rst"
"Makefile"
".svg"
".fnl"
".py"
".css"
".html"
".md"
".html.in"
];
buildPhase = ''
cat ${json} | fennel --correlate doc/parse-options.fnl > doc/module-options-generated.inc.rst

6
doc/hardware.nix
View File

@@ -1,18 +1,18 @@
with import <nixpkgs> { };
let
inherit (builtins) stringLength readDir filter;
inherit (builtins) readDir filter;
devices = filter (n: n != "families") (lib.mapAttrsToList (n: t: n) (readDir ../devices));
texts = map (
n:
let
d = import ../devices/${n}/default.nix;
tag = ".. _${lib.strings.replaceStrings [ " " ] [ "-" ] n}:";
d' = {
description = ''
== ${n}
'';
} // d;
}
// d;
in
"\n${d'.description}"
) devices;

2
examples/arhcive.nix
View File

@@ -14,7 +14,7 @@ let
secrets = import ./extneder-secrets.nix;
inherit (pkgs.liminix.services) oneshot longrun target;
inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs) writeText serviceFns;
inherit (pkgs) writeText;
svc = config.system.service;
in
rec {

1
examples/demo.nix
View File

@@ -8,7 +8,6 @@
{ config, pkgs, ... }:
let
inherit (pkgs.liminix.services) bundle oneshot;
inherit (pkgs) serviceFns;
# EDIT: you can pick your preferred RFC1918 address space
# for NATted connections, if you don't like this one.
ipv4LocalNet = "10.8.0";

1
examples/recovery.nix
View File

@@ -5,7 +5,6 @@
...
}:
let
inherit (pkgs) serviceFns;
svc = config.system.service;
inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs.liminix.services) oneshot target;

16
examples/rotuer.nix
View File

@@ -15,7 +15,8 @@ let
secrets = {
domainName = "fake.liminix.org";
firewallRules = { };
} // (import ./rotuer-secrets.nix);
}
// (import ./rotuer-secrets.nix);
svc = config.system.service;
wirelessConfig = {
country_code = "GB";
@@ -58,8 +59,7 @@ rec {
start = 10;
end = 240;
hosts =
{ }
// lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
{ } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
localDomain = "lan";
};
};
@@ -92,7 +92,8 @@ rec {
hw_mode = "g";
channel = "2";
ieee80211n = 1;
} // wirelessConfig;
}
// wirelessConfig;
"${secrets.ssid}5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
@@ -102,7 +103,8 @@ rec {
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
} // wirelessConfig;
}
// wirelessConfig;
};
};
@@ -151,8 +153,8 @@ rec {
enable = true;
command = ''
${pkgs.s6-networking}/bin/s6-tcpclient 10.0.0.1 9428 ${pkgs.logshippers}/bin/victorialogsend http://loaclhost:9428/insert/jsonline
'';
dependencies = [services.qemu-hyp-route];
'';
dependencies = [ services.qemu-hyp-route ];
};
programs.busybox = {

57
examples/router-with-l2tp.nix
View File

@@ -33,10 +33,8 @@ let
address = "194.4.172.12";
};
inherit (pkgs.liminix.services) oneshot longrun target;
inherit (pkgs.liminix.services) oneshot target;
inherit (pkgs.liminix) outputRef;
inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs) serviceFns;
svc = config.system.service;
wirelessConfig = {
country_code = "GB";
@@ -110,8 +108,7 @@ rec {
start = 10;
end = 240;
hosts =
{ }
// lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
{ } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
localDomain = "lan";
};
};
@@ -173,33 +170,31 @@ rec {
};
wireless.networks = {
"${rsecrets.ssid}" =
{
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "6";
ieee80211n = 1;
}
// wirelessConfig
// {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
"${rsecrets.ssid}" = {
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "6";
ieee80211n = 1;
}
// wirelessConfig
// {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
"${rsecrets.ssid}5" =
rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
}
// wirelessConfig
// {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
"${rsecrets.ssid}5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
}
// wirelessConfig
// {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
};
};

3
modules/base.nix
View File

@@ -128,7 +128,8 @@ in
"root=${config.hardware.rootDevice}"
"rootfstype=${config.rootfsType}"
"fw_devlink=off"
] ++ lib.optional (config.rootOptions != null) "rootflags=${config.rootOptions}";
]
++ lib.optional (config.rootOptions != null) "rootflags=${config.rootOptions}";
system.callService =
path: parameters:

21
modules/bridge/default.nix
View File

@@ -44,15 +44,14 @@ in
};
};
};
config.kernel.config =
{
BRIDGE = "y";
BRIDGE_IGMP_SNOOPING = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
# depends on bridge _and_ vlan. I would like there to be
# a better way to test for the existence of vlan config:
# maybe the module should set an `enabled` attribute?
BRIDGE_VLAN_FILTERING = "y";
};
config.kernel.config = {
BRIDGE = "y";
BRIDGE_IGMP_SNOOPING = "y";
}
// lib.optionalAttrs (config.system.service ? vlan) {
# depends on bridge _and_ vlan. I would like there to be
# a better way to test for the existence of vlan config:
# maybe the module should set an `enabled` attribute?
BRIDGE_VLAN_FILTERING = "y";
};
}

15
modules/dhcp4c/client.nix
View File

@@ -58,16 +58,21 @@ let
run =
let
script = writeFennel "dhcp-lease-watcher" {
packages = [ anoia linotify lualinux ];
packages = [
anoia
linotify
lualinux
];
mainFunction = "run";
}
./lease-watcher.fnl;
in ''
} ./lease-watcher.fnl;
in
''
export PATH=${s6-rc-up-tree}/bin/:$PATH
${script} ${service} ${controlled-name}
'';
};
in longrun {
in
longrun {
name = controlled-name;
run = ''
set -e

2
modules/firewall/default-rules.nix
View File

@@ -200,7 +200,7 @@ in
type = "filter";
family = "ip";
rules = [];
rules = [ ];
};
input-ip4 = {

124
modules/firewall/service.nix
View File

@@ -25,76 +25,76 @@ let
inherit name family;
type = "ifname";
extraText = ''
{{;
local services = { ${concatStringsSep ", " (map toJSON zones.${name})} }
local ifnames = {}
for _, v in ipairs(services) do
local o = output(v, "ifname")
if o then table.insert(ifnames, o) end
end
if (#ifnames > 0) then
return "elements = { " .. table.concat(ifnames, ", ") .. " }\n"
else
return ""
end
}}
{{;
local services = { ${concatStringsSep ", " (map toJSON zones.${name})} }
local ifnames = {}
for _, v in ipairs(services) do
local o = output(v, "ifname")
if o then table.insert(ifnames, o) end
end
if (#ifnames > 0) then
return "elements = { " .. table.concat(ifnames, ", ") .. " }\n"
else
return ""
end
}}
'';
};
rateHook6 =
let rules =
map
(x: ''
{{;
local s = "${x}";
local n = output(s, "ifname");
local bw = output(s, "bandwidth");
if n and bw then
return "meta l4proto icmpv6 iifname ".. n .. " limit rate over " .. (math.floor (tonumber(bw) / 8 / 20)) .. " bytes/second drop"
else
return "# " .. (n or "not n") .. " " .. (bw or "not bw")
end
}}
'')
(concatLists (builtins.attrValues zones));
in {
type = "filter"; family = "ip6";
hook = "input"; priority = "-1"; policy = "accept";
let
rules = map (x: ''
{{;
local s = "${x}";
local n = output(s, "ifname");
local bw = output(s, "bandwidth");
if n and bw then
return "meta l4proto icmpv6 iifname ".. n .. " limit rate over " .. (math.floor (tonumber(bw) / 8 / 20)) .. " bytes/second drop"
else
return "# " .. (n or "not n") .. " " .. (bw or "not bw")
end
}}
'') (concatLists (builtins.attrValues zones));
in
{
type = "filter";
family = "ip6";
hook = "input";
priority = "-1";
policy = "accept";
inherit rules;
};
rateHook4 =
let rules =
map
(x: ''
{{;
local s = "${x}";
local n = output(s, "ifname");
local bw = output(s, "bandwidth");
if n and bw then
return "meta l4proto icmp iifname ".. n .. " limit rate over " .. (math.floor (tonumber(bw) / 8 / 20)) .. " bytes/second drop"
else
return "# " .. (n or "not n") .. " " .. (bw or "not bw")
end
}}
'')
(concatLists (builtins.attrValues zones));
in {
type = "filter"; family = "ip";
hook = "input"; priority = "-1"; policy = "accept";
let
rules = map (x: ''
{{;
local s = "${x}";
local n = output(s, "ifname");
local bw = output(s, "bandwidth");
if n and bw then
return "meta l4proto icmp iifname ".. n .. " limit rate over " .. (math.floor (tonumber(bw) / 8 / 20)) .. " bytes/second drop"
else
return "# " .. (n or "not n") .. " " .. (bw or "not bw")
end
}}
'') (concatLists (builtins.attrValues zones));
in
{
type = "filter";
family = "ip";
hook = "input";
priority = "-1";
policy = "accept";
inherit rules;
};
sets = (mapAttrs' (n: _: mkSet "ip" n) zones) //
(mapAttrs' (n: _: mkSet "ip6" n) zones);
allRules =
{
icmp6-ratehook = rateHook6;
icmp4-ratehook = rateHook4;
} //
(lib.recursiveUpdate
extraRules
(lib.recursiveUpdate sets rules));
sets = (mapAttrs' (n: _: mkSet "ip" n) zones) // (mapAttrs' (n: _: mkSet "ip6" n) zones);
allRules = {
icmp6-ratehook = rateHook6;
icmp4-ratehook = rateHook4;
}
// (lib.recursiveUpdate extraRules (lib.recursiveUpdate sets rules));
script = firewallgen "firewall1.nft" allRules;
name = "firewall";
service = longrun {
@@ -119,9 +119,9 @@ let
in
svc.secrets.subscriber.build {
action = "usr1";
watch =
concatLists
(mapAttrsToList (_zone : services : map (s: outputRef s "ifname") services) zones);
watch = concatLists (
mapAttrsToList (_zone: services: map (s: outputRef s "ifname") services) zones
);
inherit service;
}

2
modules/health-check/service.nix
View File

@@ -11,7 +11,7 @@
healthCheck,
}:
let
inherit (liminix.services) oneshot longrun;
inherit (liminix.services) longrun;
inherit (builtins) toString;
inherit (service) name;
checker =

5
modules/hostapd/service.nix
View File

@@ -9,13 +9,10 @@
{ interface, params }:
let
inherit (liminix.services) longrun;
inherit (lib) concatStringsSep mapAttrsToList unique;
inherit (lib) concatStringsSep mapAttrsToList;
inherit (builtins)
map
filter
attrValues
length
head
typeOf
;

2
modules/ifwait/ifwait.nix
View File

@@ -2,7 +2,7 @@
{
state,
interface,
service
service,
}:
let
inherit (liminix.services) longrun;

2
modules/logging.nix
View File

@@ -3,8 +3,6 @@ let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
in
{

19
modules/network/default.nix
View File

@@ -147,15 +147,18 @@ in
};
dhcp.client =
lib.warn ''
system.services.network.dhcp.client is deprecated and will
be removed in 2026. Use system.service.dhcp4c instead
''
config.system.callService ./dhcpc.nix {
interface = mkOption {
type = liminix.lib.types.service;
lib.warn
''
system.services.network.dhcp.client is deprecated and will
be removed in 2026. Use system.service.dhcp4c instead
''
config.system.callService
./dhcpc.nix
{
interface = mkOption {
type = liminix.lib.types.service;
};
};
};
};
};

2
modules/outputs.nix
View File

@@ -5,7 +5,7 @@
...
}:
let
inherit (lib) mkOption types concatStringsSep;
inherit (lib) mkOption types;
inherit (pkgs) liminix writeText;
o = config.system.outputs;
in

2
modules/outputs/boot-extlinux.nix
View File

@@ -8,8 +8,6 @@ let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
concatStringsSep
;
inherit (pkgs.pseudofile) dir symlink;

5
modules/outputs/boot-fit.nix
View File

@@ -8,15 +8,10 @@ let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
concatStringsSep
;
inherit (pkgs.pseudofile) dir symlink;
cfg = config.boot.loader.fit;
o = config.system.outputs;
cmdline = concatStringsSep " " config.boot.commandLine;
wantsDtb = config.hardware.dts ? src && config.hardware.dts.src != null;
in
{
options.boot.loader.fit.enable = mkEnableOption "FIT in /boot";

17
modules/outputs/mtdimage.nix
View File

@@ -61,15 +61,14 @@ in
config = {
kernel = {
config =
{
# this needs to be conditional on "not qemu"
MTD_SPLIT_UIMAGE_FW = "y";
}
// lib.optionalAttrs (pkgs.stdenv.isMips) {
# https://stackoverflow.com/questions/26466470/can-the-logical-erase-block-size-of-an-mtd-device-be-increased
MTD_SPI_NOR_USE_4K_SECTORS = "n";
};
config = {
# this needs to be conditional on "not qemu"
MTD_SPLIT_UIMAGE_FW = "y";
}
// lib.optionalAttrs (pkgs.stdenv.isMips) {
# https://stackoverflow.com/questions/26466470/can-the-logical-erase-block-size-of-an-mtd-device-be-increased
MTD_SPI_NOR_USE_4K_SECTORS = "n";
};
};
programs.busybox.applets = [

3
modules/outputs/system-configuration.nix
View File

@@ -6,12 +6,9 @@
}:
let
inherit (lib)
mkEnableOption
mkOption
mkIf
types
;
inherit (pkgs) runCommand;
in
{
options = {

2
modules/outputs/ubifs.nix
View File

@@ -5,7 +5,7 @@
...
}:
let
inherit (lib) mkIf mkOption types;
inherit (lib) mkIf;
o = config.system.outputs;
in
{

2
modules/outputs/ubimage.nix
View File

@@ -5,7 +5,7 @@
...
}:
let
inherit (lib) mkIf mkOption types;
inherit (lib) mkOption types;
cfg = config.boot.tftp;
instructions = pkgs.writeText "flash.scr" ''
setenv serverip ${cfg.serverip}

2
modules/outputs/uimage.nix
View File

@@ -6,7 +6,7 @@
}:
let
inherit (lib) mkOption types concatStringsSep;
inherit (pkgs) liminix writeText;
inherit (pkgs) liminix;
o = config.system.outputs;
in
{

1
modules/outputs/updater/default.nix
View File

@@ -5,7 +5,6 @@
...
}:
let
inherit (lib) mkIf;
o = config.system.outputs;
inherit (pkgs) runCommand;
inherit (lib) mkOption types;

80
modules/ppp/common.nix
View File

@@ -22,7 +22,6 @@ let
optional
optionals
escapeShellArgs
concatStringsSep
;
inherit (liminix.services) longrun;
inherit (builtins) toJSON toString typeOf;
@@ -68,46 +67,45 @@ let
in
o: "{{ ${v o} }}";
ppp-options' =
[
"+ipv6"
"noauth"
]
++ optional debug "debug"
++ optionals (username != null) [
"name"
(literal_or_output username)
]
++ optionals (password != null) [
"password"
(literal_or_output password)
]
++ optional lcpEcho.adaptive "lcp-echo-adaptive"
++ optionals (lcpEcho.interval != null) [
"lcp-echo-interval"
(toString lcpEcho.interval)
]
++ optionals (lcpEcho.failure != null) [
"lcp-echo-failure"
(toString lcpEcho.failure)
]
++ ppp-options
++ [
"ip-up-script"
ip-up
"ipv6-up-script"
ip6-up
"ipparam"
name
"nodetach"
# usepeerdns requests DNS servers from peer (which is good),
# then attempts to write them to /nix/store/xxxx/ppp/resolv.conf
# which causes an unsightly but inconsequential error message
"usepeerdns"
"nodefaultroute"
"logfd"
"2"
];
ppp-options' = [
"+ipv6"
"noauth"
]
++ optional debug "debug"
++ optionals (username != null) [
"name"
(literal_or_output username)
]
++ optionals (password != null) [
"password"
(literal_or_output password)
]
++ optional lcpEcho.adaptive "lcp-echo-adaptive"
++ optionals (lcpEcho.interval != null) [
"lcp-echo-interval"
(toString lcpEcho.interval)
]
++ optionals (lcpEcho.failure != null) [
"lcp-echo-failure"
(toString lcpEcho.failure)
]
++ ppp-options
++ [
"ip-up-script"
ip-up
"ipv6-up-script"
ip6-up
"ipparam"
name
"nodetach"
# usepeerdns requests DNS servers from peer (which is good),
# then attempts to write them to /nix/store/xxxx/ppp/resolv.conf
# which causes an unsightly but inconsequential error message
"usepeerdns"
"nodefaultroute"
"logfd"
"2"
];
service = longrun {
inherit name;
run = ''

7
modules/ppp/default.nix
View File

@@ -22,13 +22,6 @@
let
inherit (lib) mkOption types;
inherit (pkgs) liminix;
mkStringOption =
description:
mkOption {
type = types.nullOr types.str;
default = null;
inherit description;
};
in
{
imports = [ ../secrets ];

2
modules/profiles/gateway.nix
View File

@@ -13,7 +13,7 @@ let
mkIf
types
;
inherit (pkgs) liminix serviceFns;
inherit (pkgs) liminix;
inherit (liminix.services) bundle oneshot;
hostaps =
let

1
modules/profiles/wap.nix
View File

@@ -10,7 +10,6 @@ let
inherit (pkgs.liminix.services) oneshot target;
inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs) serviceFns;
svc = config.system.service;
cfg = config.profile.wap;

1
modules/round-robin/default.nix
View File

@@ -12,7 +12,6 @@
let
inherit (lib) mkOption types;
inherit (pkgs) liminix;
inherit (pkgs.liminix.services) longrun;
in
{
options = {

43
modules/s6/default.nix
View File

@@ -32,10 +32,11 @@ let
logger =
let
pipecmds =
[ "${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1" ]
++ (lib.optional (cfg ? persistent && cfg.persistent.enable) "/bin/tee /dev/pmsg0")
++ (lib.optional cfg.shipping.enable "${pkgs.logtap}/bin/logtap ${fifo} logshipper-socket-event");
pipecmds = [
"${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1"
]
++ (lib.optional (cfg ? persistent && cfg.persistent.enable) "/bin/tee /dev/pmsg0")
++ (lib.optional cfg.shipping.enable "${pkgs.logtap}/bin/logtap ${fifo} logshipper-socket-event");
in
''
#!${execline}/bin/execlineb -P
@@ -61,12 +62,13 @@ let
flatDeps = s: [ s ] ++ concatMap flatDeps (deps s);
allServices = unique (concatMap flatDeps (builtins.attrValues config.services));
isDependentOnControlled =
let inherit (lib.lists) any;
in s:
isControlled s ||
(any isDependentOnControlled s.dependencies) ||
((s ? contents) &&
(any isDependentOnControlled s.contents));
let
inherit (lib.lists) any;
in
s:
isControlled s
|| (any isDependentOnControlled s.dependencies)
|| ((s ? contents) && (any isDependentOnControlled s.contents));
# all controlled services depend on this oneshot, which
# makes a list of them so we can identify them at runtime
@@ -88,7 +90,8 @@ let
};
servicesAttrs = {
default = defaultDefaultTarget;
} // config.services;
}
// config.services;
in
pkgs.s6-rc-database.override {
services = builtins.attrValues servicesAttrs;
@@ -258,7 +261,7 @@ in
dependencies = mkOption {
description = "services required by the shipping script";
type = types.listOf pkgs.liminix.lib.types.service;
default = [];
default = [ ];
};
};
script = mkOption {
@@ -275,12 +278,13 @@ in
};
config = {
programs.busybox.applets = mkIf config.logging.shipping.enable [ "mkfifo" ];
programs.busybox.applets = mkIf config.logging.shipping.enable [ "mkfifo" ];
services.log-shipper =
let
cfg = config.logging.shipping;
dependencies = config.logging.shipping.dependencies;
in mkIf cfg.enable (
in
mkIf cfg.enable (
let
live = longrun {
name = "log-shipper-live";
@@ -297,16 +301,21 @@ in
test -p ${fifoBackfill} || mkfifo ${fifoBackfill}
(cat ${config.logging.directory}/*; sleep 86400) | ${pkgs.logtap}/bin/backfill ${fifoBackfill} ${fifoBackfill}.ts
'';
dependencies = dependencies ++ [live];
dependencies = dependencies ++ [ live ];
};
sink = longrun {
name = "log-shipper-backfill-sink";
run = "${cfg.command} ${fifoBackfill}";
dependencies = dependencies ++ [ source ];
};
in bundle {
in
bundle {
name = "log-shipper";
contents = [live source sink];
contents = [
live
source
sink
];
}
);

1
modules/secrets/default.nix
View File

@@ -12,7 +12,6 @@
let
inherit (lib) mkOption types;
inherit (pkgs) liminix;
inherit (pkgs.liminix.services) longrun;
in
{
options.system.service.secrets = {

2
modules/secrets/outboard.nix
View File

@@ -12,7 +12,7 @@
password,
}:
let
inherit (liminix.services) oneshot longrun;
inherit (liminix.services) longrun;
inherit (lib) optionalString;
in
longrun {

19
modules/secrets/subscriber.nix
View File

@@ -5,7 +5,7 @@
s6,
s6-rc,
watch-outputs,
s6-rc-up-tree
s6-rc-up-tree,
}:
{
watch,
@@ -13,13 +13,11 @@
action,
}:
let
inherit (liminix.services) oneshot longrun;
inherit (builtins) map length head toString;
inherit (lib) unique optional optionals concatStringsSep;
inherit (liminix.services) longrun;
inherit (builtins) map;
inherit (lib) optional concatStringsSep;
inherit (service) name;
watched-services = unique (map (f: f "service") watch);
restart-flag =
{
restart = "-r";
@@ -38,8 +36,7 @@ let
watcher =
let
name' = "restart-${name}";
refs = concatStringsSep " "
(map (s: "${s "service"}:${s "path"}") watch);
refs = concatStringsSep " " (map (s: "${s "service"}:${s "path"}") watch);
in
longrun {
name = name';
@@ -54,8 +51,6 @@ let
};
in
service.overrideAttrs (o: {
buildInputs = (lim.orEmpty o.buildInputs) ++ optional (watch != []) watcher;
dependencies =
(lim.orEmpty o.dependencies)
++ optional (watch != []) watcher;
buildInputs = (lim.orEmpty o.buildInputs) ++ optional (watch != [ ]) watcher;
dependencies = (lim.orEmpty o.dependencies) ++ optional (watch != [ ]) watcher;
})

1
modules/secrets/tang.nix
View File

@@ -12,7 +12,6 @@
}:
let
inherit (liminix.services) longrun;
inherit (lib) optionalString;
in
longrun {
inherit name;

43
modules/ssh/ssh.nix
View File

@@ -22,28 +22,27 @@ let
inherit (liminix.services) longrun;
inherit (lib) concatStringsSep mapAttrs mapAttrsToList;
keydir = "/run/${name}/authorized_keys";
options =
[
"-e" # pass environment to child
"-E" # log to stderr
"-R" # create hostkeys if needed
"-P /run/dropbear.pid"
"-F" # don't fork into background
]
++ (lib.optional (!allowRoot) "-w")
++ (lib.optional (!allowPasswordLogin) "-s")
++ (lib.optional (!allowPasswordLoginForRoot) "-g")
++ (lib.optional (!allowLocalPortForward) "-j")
++ (lib.optional (!allowRemotePortForward) "-k")
++ (lib.optional (!allowRemoteConnectionToForwardedPorts) "-a")
++ (lib.optionals (authorizedKeys != null) [
"-U"
"${keydir}/%n"
])
++ [
(if address != null then "-p ${address}:${toString port}" else "-p ${toString port}")
]
++ [ extraConfig ];
options = [
"-e" # pass environment to child
"-E" # log to stderr
"-R" # create hostkeys if needed
"-P /run/dropbear.pid"
"-F" # don't fork into background
]
++ (lib.optional (!allowRoot) "-w")
++ (lib.optional (!allowPasswordLogin) "-s")
++ (lib.optional (!allowPasswordLoginForRoot) "-g")
++ (lib.optional (!allowLocalPortForward) "-j")
++ (lib.optional (!allowRemotePortForward) "-k")
++ (lib.optional (!allowRemoteConnectionToForwardedPorts) "-a")
++ (lib.optionals (authorizedKeys != null) [
"-U"
"${keydir}/%n"
])
++ [
(if address != null then "-p ${address}:${toString port}" else "-p ${toString port}")
]
++ [ extraConfig ];
isKeyservice = typeOf authorizedKeys == "lambda";
authKeysConcat =
if authorizedKeys != null && !isKeyservice then

1
modules/tls-certificate/certifix-client.nix
View File

@@ -13,7 +13,6 @@
serviceUrl,
}:
let
inherit (builtins) filter isString split;
inherit (liminix.services) oneshot;
name = "certifix-${lib.strings.sanitizeDerivationName subject}";
caCertFile = writeText "ca.crt" caCertificate;

141
overlay.nix
View File

@@ -20,44 +20,47 @@ let
makeFlags = builtins.filter (x: (builtins.match "(PLAT|MYLIBS).*" x) == null) o.makeFlags;
});
in
l.override {
self = l;
packageOverrides = lua-final: lua-prev:
let openssl = final.opensslNoThreads;
in {
cqueues = lua-prev.cqueues.overrideAttrs(o: {
externalDeps = [
{
name = "CRYPTO";
dep = openssl;
}
{
name = "OPENSSL";
dep = openssl;
}
];
});
luaossl = lua-prev.luaossl.overrideAttrs(o: {
externalDeps = [
{
name = "CRYPTO";
dep = openssl;
}
{
name = "OPENSSL";
dep = openssl;
}
];
name = "${o.name}-218";
patches = [
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/wahern/luaossl/pull/218.patch";
hash = "sha256-2GOliY4/RUzOgx3rqee3X3szCdUVxYDut7d+XFcUTJw=";
})
];
});
};
};
l.override {
self = l;
packageOverrides =
lua-final: lua-prev:
let
openssl = final.opensslNoThreads;
in
{
cqueues = lua-prev.cqueues.overrideAttrs (o: {
externalDeps = [
{
name = "CRYPTO";
dep = openssl;
}
{
name = "OPENSSL";
dep = openssl;
}
];
});
luaossl = lua-prev.luaossl.overrideAttrs (o: {
externalDeps = [
{
name = "CRYPTO";
dep = openssl;
}
{
name = "OPENSSL";
dep = openssl;
}
];
name = "${o.name}-218";
patches = [
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/wahern/luaossl/pull/218.patch";
hash = "sha256-2GOliY4/RUzOgx3rqee3X3szCdUVxYDut7d+XFcUTJw=";
})
];
});
};
};
s6 = prev.s6.overrideAttrs (
o:
@@ -262,7 +265,7 @@ extraPkgs
];
});
libadwaita = prev.libadwaita.overrideAttrs(o: {
libadwaita = prev.libadwaita.overrideAttrs (o: {
# tests fail with a message
# Gdk-DEBUG: error: XDG_RUNTIME_DIR is invalid or not set in the environment.
doCheck = false;
@@ -273,9 +276,9 @@ extraPkgs
mtdutils =
(prev.mtdutils.overrideAttrs (o: {
src = final.fetchgit {
src = final.fetchgit {
url = "git://git.infradead.org/mtd-utils.git";
rev = "77981a2888c711268b0e7f32af6af159c2288e23";
rev = "77981a2888c711268b0e7f32af6af159c2288e23";
hash = "sha256-pHunlPOuvCRyyk9qAiR3Kn3cqS/nZHIxsv6m4nsAcbk=";
};
@@ -301,11 +304,10 @@ extraPkgs
# as a dependency
preConfigure =
let
arch = if stdenv.hostPlatform.gcc ? arch
then "-march=${stdenv.hostPlatform.gcc.arch}"
else "";
soft = if arch == "-march=24kc" then "-msoft-float" else "";
in ''
arch = if stdenv.hostPlatform.gcc ? arch then "-march=${stdenv.hostPlatform.gcc.arch}" else "";
soft = if arch == "-march=24kc" then "-msoft-float" else "";
in
''
configureFlagsArray+=(no-threads no-asm CFLAGS="${arch} ${soft}")
'';
# don't need or want this bash script
@@ -328,30 +330,29 @@ extraPkgs
];
buildInputs = o.buildInputs ++ [ final.libslirp ];
});
overrides =
{
hostCpuTargets = map (f: "${f}-softmmu") [
"arm"
"aarch64"
"mips"
"mipsel"
];
sdlSupport = false;
numaSupport = false;
seccompSupport = false;
usbredirSupport = false;
libiscsiSupport = false;
tpmSupport = false;
uringSupport = false;
capstoneSupport = false;
}
// lib.optionalAttrs (lib.versionOlder lib.version "24.10") {
texinfo = null;
nixosTestRunner = true;
}
// lib.optionalAttrs (lib.versionAtLeast lib.version "25.04") {
minimal = true;
};
overrides = {
hostCpuTargets = map (f: "${f}-softmmu") [
"arm"
"aarch64"
"mips"
"mipsel"
];
sdlSupport = false;
numaSupport = false;
seccompSupport = false;
usbredirSupport = false;
libiscsiSupport = false;
tpmSupport = false;
uringSupport = false;
capstoneSupport = false;
}
// lib.optionalAttrs (lib.versionOlder lib.version "24.10") {
texinfo = null;
nixosTestRunner = true;
}
// lib.optionalAttrs (lib.versionAtLeast lib.version "25.04") {
minimal = true;
};
in
q.override overrides;
rsyncSmall =

4
pkgs/default.nix
View File

@@ -64,7 +64,7 @@ in
lib = {
types =
let
inherit (lib) mkOption types isDerivation;
inherit (lib) types isDerivation;
in
rec {
service = types.package // {
@@ -97,7 +97,7 @@ in
devout = callPackage ./devout { };
fetch-freebsd = callPackage ./fetch-freebsd { };
fennel = callPackage ./fennel { };
fennelc = callPackage ./fennelc { };
fennelc = callPackage ./fennelc { };
fennelrepl = callPackage ./fennelrepl { };
firewallgen = callPackage ./firewallgen { };
firmware-utils = callPackage ./firmware-utils { };

33
pkgs/fennelc/default.nix
View File

@@ -1,19 +1,22 @@
{
lua,
runCommand
runCommand,
}:
let fennel = lua.pkgs.fennel; in
let
fennel = lua.pkgs.fennel;
in
runCommand "build-fennelc"
{
nativeBuildInputs = [ fennel ] ;
} ''
LUAPATH=$(ls -d ${fennel}/share/lua/*)
mkdir -p $out/bin
(
exec > $out/bin/fennelc
echo '#! ${lua}/bin/lua'
echo "package.path = \"''${LUAPATH}/?.lua;''${LLPATH}/?.lua;\" .. package.path"
fennel --compile ${./fennelc.fnl}
)
chmod +x $out/bin/fennelc
''
{
nativeBuildInputs = [ fennel ];
}
''
LUAPATH=$(ls -d ${fennel}/share/lua/*)
mkdir -p $out/bin
(
exec > $out/bin/fennelc
echo '#! ${lua}/bin/lua'
echo "package.path = \"''${LUAPATH}/?.lua;''${LLPATH}/?.lua;\" .. package.path"
fennel --compile ${./fennelc.fnl}
)
chmod +x $out/bin/fennelc
''

43
pkgs/firewallgen/default.nix
View File

@@ -14,7 +14,13 @@ let
;
inherit (lib.lists) groupBy;
inherit (lib.attrsets) attrsToList mapAttrsToList;
inherit (builtins) elemAt map head tail toString;
inherit (builtins)
elemAt
map
head
tail
toString
;
indentLines =
offset: lines:
@@ -63,7 +69,12 @@ let
''
set ${name} {
type ${type}
${if elements != [ ] then "elements = { ${concatStringsSep ", " (builtins.trace elements elements)} }" else ""}
${
if elements != [ ] then
"elements = { ${concatStringsSep ", " (builtins.trace elements elements)} }"
else
""
}
${optionalString (extraText != null) extraText}
}
'';
@@ -76,16 +87,26 @@ let
extraText ? null,
...
}:
let
colonize = v:
let ty = elemAt (attrsToList v) 0; in "${ty.name}: ${ty.value}";
in ''
map ${name} {
type ${colonize type}
${if elements != [ ] then "elements = { ${concatStringsSep ", " (mapAttrsToList (k: v : "${k}: ${toString v}") elements)} }" else ""}
${optionalString (extraText != null) extraText}
let
colonize =
v:
let
ty = elemAt (attrsToList v) 0;
in
"${ty.name}: ${ty.value}";
in
''
map ${name} {
type ${colonize type}
${
if elements != [ ] then
"elements = { ${concatStringsSep ", " (mapAttrsToList (k: v: "${k}: ${toString v}") elements)} }"
else
""
}
'';
${optionalString (extraText != null) extraText}
}
'';
dochainorset =
{

8
pkgs/firewallgen/test-rules-min.nix
View File

@@ -157,11 +157,13 @@ in
name = "intf-limits";
kind = "map";
family = "ip6";
type = { ifname = "bytes"; };
type = {
ifname = "bytes";
};
elements = {
# XXX keys need to be generated from interface outputs
ppp0 = builtins.floor (70*1000*1000 * 0.05); # 5% of 70MB fttp connection
lan = builtins.floor (1000*1000*1000 * 0.05); # GB ethernet
ppp0 = builtins.floor (70 * 1000 * 1000 * 0.05); # 5% of 70MB fttp connection
lan = builtins.floor (1000 * 1000 * 1000 * 0.05); # GB ethernet
};
};

31
pkgs/kernel/default.nix
View File

@@ -21,18 +21,19 @@ stdenv.mkDerivation rec {
name = "kernel";
inherit src extraPatchPhase;
hardeningDisable = [ "all" ];
nativeBuildInputs =
[ buildPackages.stdenv.cc ]
++ (with buildPackages.pkgs; [
rsync
bc
bison
flex
pkg-config
openssl
ncurses.all
perl
]);
nativeBuildInputs = [
buildPackages.stdenv.cc
]
++ (with buildPackages.pkgs; [
rsync
bc
bison
flex
pkg-config
openssl
ncurses.all
perl
]);
CC = "${stdenv.cc.bintools.targetPrefix}gcc";
HOSTCC = with buildPackages.pkgs; "gcc -I${openssl}/include -I${ncurses}/include";
HOST_EXTRACFLAGS =
@@ -50,7 +51,8 @@ stdenv.mkDerivation rec {
"headers"
"modulesupport"
"config"
] ++ targetNames;
]
++ targetNames;
phases = [
"unpackPhase"
"butcherPkgconfig"
@@ -66,7 +68,8 @@ stdenv.mkDerivation rec {
patches = [
./cmdline-cookie.patch
./mips-malta-fdt-from-bootloader.patch
] ++ lib.optional (lib.versionOlder version "5.18.0") ./phram-allow-cached-mappings.patch;
]
++ lib.optional (lib.versionOlder version "5.18.0") ./phram-allow-cached-mappings.patch;
# this is here to work around what I think is a bug in nixpkgs
# packaging of ncurses: it installs pkg-config data files which

14
pkgs/liminix-tools/services/default.nix
View File

@@ -40,7 +40,7 @@ let
buildInputs ? [ ],
restart-on-upgrade ? false,
controller ? null,
properties ? {}
properties ? { },
}:
stdenvNoCC.mkDerivation {
# we use stdenvNoCC to avoid generating derivations with names
@@ -59,12 +59,14 @@ let
timeout-up
timeout-down
restart-on-upgrade
;
;
propertiesText =
let a = mapAttrsRecursive
(path: value: "writepath ${concatStringsSep "/" path} ${builtins.toString value}\n")
properties;
in collect builtins.isString a;
let
a = mapAttrsRecursive (
path: value: "writepath ${concatStringsSep "/" path} ${builtins.toString value}\n"
) properties;
in
collect builtins.isString a;
buildInputs =
buildInputs ++ dependencies ++ contents ++ lib.optional (controller != null) controller;

9
pkgs/logshippers/default.nix
View File

@@ -11,9 +11,14 @@
}:
let
name = "logshippers";
luafy = name : source :
luafy =
name: source:
writeFennel name {
packages = [ anoia lualinux fennel ];
packages = [
anoia
lualinux
fennel
];
macros = [ anoia.dev ];
mainFunction = "run";
} source;

8
pkgs/logtap/default.nix
View File

@@ -3,12 +3,16 @@
fennelc,
lualinux,
lua,
anoia
anoia,
}:
stdenv.mkDerivation {
name = "logtap";
nativeBuildInputs = [ fennelc ];
buildInputs = [ lua lualinux anoia ];
buildInputs = [
lua
lualinux
anoia
];
makeFlags = [ "PREFIX=${placeholder "out"}" ];
src = ./.;
}

28
pkgs/mac80211/default.nix
View File

@@ -110,18 +110,19 @@ let
inherit src;
hardeningDisable = [ "all" ];
nativeBuildInputs =
[ buildPackages.stdenv.cc ]
++ (with buildPackages.pkgs; [
bc
bison
flex
pkg-config
openssl
which
kmod
cpio
]);
nativeBuildInputs = [
buildPackages.stdenv.cc
]
++ (with buildPackages.pkgs; [
bc
bison
flex
pkg-config
openssl
which
kmod
cpio
]);
inherit CC CROSS_COMPILE;
ARCH = arch;
dontStrip = true;
@@ -185,7 +186,8 @@ let
let
c = {
module = d;
} // configs.${d};
}
// configs.${d};
in
c.module
) drivers

2
pkgs/output-template/default.nix
View File

@@ -18,7 +18,7 @@ stdenv.mkDerivation {
src = ./.;
buildInputs = [ lua ];
nativeBuildInputs = [ fennelrepl ] ;
nativeBuildInputs = [ fennelrepl ];
buildPhase = ''
fennelrepl --test ./output-template.fnl
cp -p ${

2
pkgs/watch-outputs/default.nix
View File

@@ -18,7 +18,7 @@ stdenv.mkDerivation {
src = ./.;
buildInputs = [ lua ];
nativeBuildInputs = [ fennelrepl ] ;
nativeBuildInputs = [ fennelrepl ];
buildPhase = ''
fennelrepl --test ./watch-outputs.fnl

1
tests/min-copy-closure/test.nix
View File

@@ -5,7 +5,6 @@ let
liminix-config = ./configuration.nix;
}
);
rogue = lmx.pkgs.rogue;
myPkg = lmx.pkgs.rsyncSmall;
img = lmx.outputs.vmroot;
pkgs = import <nixpkgs> { overlays = [ (import ../../overlay.nix) ]; };

5
tests/pppoe/configuration.nix
View File

@@ -47,5 +47,8 @@ rec {
domain = "fake.liminix.org";
};
defaultProfile.packages = with pkgs; [ nftables hello ];
defaultProfile.packages = with pkgs; [
nftables
hello
];
}