er, don\'t know?
This commit is contained in:
parent
1f7d6544e3
commit
d7d2fb361a
@ -114,12 +114,27 @@
|
||||
eraseBlockSize = 65536;
|
||||
};
|
||||
rootDevice = "/dev/mtdblock5";
|
||||
dts = {
|
||||
src = "${openwrt.src}/target/linux/ath79/dts/qca9531_glinet_gl-ar750.dts";
|
||||
includes = [
|
||||
"${openwrt.src}/target/linux/ath79/dts"
|
||||
];
|
||||
};
|
||||
dts =
|
||||
let
|
||||
upstream = {
|
||||
src = "${openwrt.src}/target/linux/ath79/dts/qca9531_glinet_gl-ar750.dts";
|
||||
includes = [
|
||||
"${openwrt.src}/target/linux/ath79/dts"
|
||||
];
|
||||
};
|
||||
cppDtSearchFlags = builtins.concatStringsSep " " (map (f: "-I${f}") upstream.includes);
|
||||
dtcSearchFlags = builtins.concatStringsSep " " (map (f: "-i${f}") upstream.includes);
|
||||
|
||||
patched = pkgs.runCommand "patch-dts" {
|
||||
nativeBuildInputs = with pkgs.pkgsBuildBuild; [pkgs.stdenv.cc dtc ];
|
||||
}
|
||||
''
|
||||
echo patching dts
|
||||
${pkgs.stdenv.cc.targetPrefix}cpp -nostdinc -x assembler-with-cpp ${cppDtSearchFlags} -undef -D__DTS__ -o dts.tmp ${upstream.src}
|
||||
dtc -I dts ${dtcSearchFlags} -o $out -O dts dts.tmp
|
||||
'';
|
||||
in upstream // { src = patched; };
|
||||
|
||||
|
||||
networkInterfaces =
|
||||
let inherit (config.system.service.network) link;
|
||||
|
@ -1,12 +1,14 @@
|
||||
{ config, pkgs, ... } :
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
svc = config.system.service;
|
||||
inherit (pkgs.liminix.services) longrun oneshot ;
|
||||
|
||||
in rec {
|
||||
imports = [
|
||||
../modules/network
|
||||
../modules/dnsmasq
|
||||
../modules/ssh
|
||||
../modules/tls-certificate
|
||||
];
|
||||
|
||||
hostname = "hello";
|
||||
@ -17,8 +19,51 @@ in rec {
|
||||
family = "inet"; address ="10.3.0.1"; prefixLength = 16;
|
||||
};
|
||||
|
||||
filesystem =
|
||||
let inherit (pkgs.pseudofile) file dir symlink;
|
||||
in dir {
|
||||
etc = dir {
|
||||
hosts = {
|
||||
type = "f";
|
||||
file = "127.0.0.1 localhost\n10.0.2.2 loaclhost.telent.net\n";
|
||||
mode = "0444";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
services.lan-address-for-secrets =
|
||||
svc.network.address.build {
|
||||
interface = config.hardware.networkInterfaces.lan;
|
||||
family = "inet"; address ="10.0.2.15"; prefixLength = 24;
|
||||
};
|
||||
|
||||
# services.client-cert = svc.tls-certificate.certifix-client.build {
|
||||
# caCertificate = builtins.readFile /var/lib/certifix/certs/ca.crt;
|
||||
# subject = "C=GB,ST=London,O=Telent,OU=devices,CN=${config.hostname}";
|
||||
# secret = builtins.readFile ../challengePassword;
|
||||
# serviceUrl = "https://loaclhost.telent.net:19613/sign";
|
||||
# };
|
||||
|
||||
# logging.shipping = {
|
||||
# enable = true;
|
||||
# service = longrun {
|
||||
# name = "ship-logs";
|
||||
# dependencies = [ config.services.client-cert ];
|
||||
# run =
|
||||
# let path = lib.makeBinPath (with pkgs; [ s6-networking s6 ]);
|
||||
# in ''
|
||||
# PATH=${path}:$PATH \
|
||||
# CAFILE=${/var/lib/certifix/certs/ca.crt} \
|
||||
# KEYFILE=$(output_path ${services.client-cert} key) \
|
||||
# CERTFILE=$(output_path ${services.client-cert} cert) \
|
||||
# s6-tlsclient -k loaclhost.telent.net -h -y loaclhost.telent.net 19612 \
|
||||
# fdmove -c 1 7 cat
|
||||
# '';
|
||||
# };
|
||||
# };
|
||||
|
||||
users.root = {
|
||||
# the password is "secret". Use mkpasswd -m sha512crypt to
|
||||
# create this hashed password string
|
||||
@ -38,6 +83,6 @@ in rec {
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
figlet
|
||||
figlet openssl
|
||||
];
|
||||
}
|
||||
|
@ -16,11 +16,11 @@ let
|
||||
inherit (secrets) wpa_passphrase;
|
||||
wmm_enabled = 1;
|
||||
};
|
||||
|
||||
inherit (pkgs.liminix.services) longrun;
|
||||
in rec {
|
||||
boot = {
|
||||
tftp = {
|
||||
freeSpaceBytes = 3 * 1024 * 1024;
|
||||
freeSpaceBytes = 2 * 1024 * 1024;
|
||||
serverip = "10.0.0.1";
|
||||
ipaddr = "10.0.0.8";
|
||||
};
|
||||
@ -28,8 +28,24 @@ in rec {
|
||||
|
||||
imports = [
|
||||
"${modulesPath}/profiles/gateway.nix"
|
||||
"${modulesPath}/tls-certificate"
|
||||
];
|
||||
|
||||
hostname = "rotuer";
|
||||
# rootfsType = "jffs2";
|
||||
|
||||
filesystem =
|
||||
let inherit (pkgs.pseudofile) file dir symlink;
|
||||
in dir {
|
||||
mnt = dir {};
|
||||
etc = dir {
|
||||
hosts = {
|
||||
type = "f";
|
||||
file = "127.0.0.1 localhost\n10.0.0.1 loaclhost.telent.net\n";
|
||||
mode = "0444";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
profile.gateway = {
|
||||
lan = {
|
||||
@ -106,9 +122,11 @@ in rec {
|
||||
defaultProfile.packages = with pkgs; [
|
||||
min-collect-garbage
|
||||
nftables
|
||||
strace
|
||||
tcpdump
|
||||
# strace
|
||||
# tcpdump
|
||||
s6
|
||||
dtc
|
||||
# certifix-client
|
||||
];
|
||||
|
||||
programs.busybox = {
|
||||
@ -119,4 +137,47 @@ in rec {
|
||||
FEATURE_FANCY_TAIL = "y";
|
||||
};
|
||||
};
|
||||
|
||||
services.wan-address-for-secrets =
|
||||
let
|
||||
interface = config.hardware.networkInterfaces.wan;
|
||||
addr =
|
||||
svc.network.address.build {
|
||||
inherit interface;
|
||||
family = "inet"; address ="10.0.0.10"; prefixLength = 24;
|
||||
};
|
||||
in svc.network.route.build {
|
||||
target = "10.0.0.1";
|
||||
inherit interface;
|
||||
via = "10.0.0.10";
|
||||
metric = 1;
|
||||
dependencies = [ addr ];
|
||||
};
|
||||
|
||||
# services.client-cert = svc.tls-certificate.certifix-client.build {
|
||||
# caCertificate = builtins.readFile /var/lib/certifix/certs/ca.crt;
|
||||
# subject = "C=GB,ST=London,O=Telent,OU=devices,CN=${config.hostname}";
|
||||
# secret = builtins.readFile ../challengePassword;
|
||||
# serviceUrl = "https://loaclhost.telent.net:19613/sign";
|
||||
# dependencies = [ services.wan-address-for-secrets ];
|
||||
# };
|
||||
|
||||
logging.pstore = true;
|
||||
logging.shipping = {
|
||||
enable = false;
|
||||
service = longrun {
|
||||
name = "ship-logs";
|
||||
dependencies = [ config.services.client-cert ];
|
||||
run =
|
||||
let path = lib.makeBinPath (with pkgs; [ s6-networking s6 ]);
|
||||
in ''
|
||||
PATH=${path}:$PATH \
|
||||
CAFILE=${/var/lib/certifix/certs/ca.crt} \
|
||||
KEYFILE=$(output_path ${services.client-cert} key) \
|
||||
CERTFILE=$(output_path ${services.client-cert} cert) \
|
||||
s6-tlsclient -k loaclhost.telent.net -h -y loaclhost.telent.net 19612 \
|
||||
fdmove -c 1 7 cat
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -24,17 +24,21 @@ let
|
||||
echo $4 > address
|
||||
echo $5 > peer-address
|
||||
set +o nounset
|
||||
set +o errexit
|
||||
if test -n "''${DNS1}" ;then echo ''${DNS1} > ns1 ; fi
|
||||
if test -n "''${DNS2}" ;then echo ''${DNS2} > ns2 ; fi
|
||||
test -e ipv6-address && echo >/proc/self/fd/10
|
||||
set +o pipefail
|
||||
ls -l /proc/self/fd
|
||||
echo >/proc/self/fd/10
|
||||
'';
|
||||
ip6-up = writeAshScript "ip6-up" {} ''
|
||||
exec >&5 2>&5
|
||||
. ${serviceFns}
|
||||
in_outputs ${name}
|
||||
set +o nounset
|
||||
set +o errexit
|
||||
echo $4 > ipv6-address
|
||||
echo $5 > ipv6-peer-address
|
||||
test -e ifname && echo >/proc/self/fd/10
|
||||
'';
|
||||
literal_or_output =
|
||||
let v = o: ({
|
||||
@ -73,7 +77,7 @@ let
|
||||
chmod 0700 /run/${name}
|
||||
in_outputs ${name}
|
||||
echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options
|
||||
fdmove -c 5 2 \
|
||||
exec fdmove -c 5 2 \
|
||||
${command}
|
||||
'';
|
||||
notification-fd = 10;
|
||||
|
@ -24,7 +24,7 @@ let
|
||||
in common {
|
||||
inherit name debug username password lcpEcho ppp-options;
|
||||
command = ''
|
||||
exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt} -I $(output ${interface} ifname)" file /run/${name}/ppp-options
|
||||
${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt} -I $(output ${interface} ifname)" file /run/${name}/ppp-options
|
||||
'';
|
||||
dependencies = [ interface ];
|
||||
}
|
||||
|
@ -107,17 +107,22 @@ let
|
||||
};
|
||||
notification-fd = { file = "3"; };
|
||||
run = {
|
||||
file = ''
|
||||
#!${execline}/bin/execlineb -P
|
||||
${execline}/bin/redirfd -w 1 /dev/null
|
||||
${execline}/bin/redirfd -rnb 0 fifo
|
||||
${if cfg.shipping.enable then ''
|
||||
pipeline { ${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1 }
|
||||
pipeline { ${pkgs.logshipper}/bin/logtap ${cfg.shipping.socket} logshipper-socket-event }
|
||||
${s6}/bin/s6-log -- ${cfg.directory}
|
||||
'' else ''
|
||||
${s6}/bin/s6-log -bpd3 -- ${cfg.script} ${cfg.directory}
|
||||
''}
|
||||
file =
|
||||
let pstore = if cfg.pstore then "pipeline { tee /dev/pmsg0 }" else "";
|
||||
in ''
|
||||
#!${execline}/bin/execlineb -P
|
||||
${execline}/bin/redirfd -w 1 /dev/null
|
||||
${execline}/bin/redirfd -rnb 0 fifo
|
||||
${if cfg.shipping.enable then ''
|
||||
pipeline { ${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1 }
|
||||
pipeline { ${pkgs.logshipper}/bin/logtap ${cfg.shipping.socket} logshipper-socket-event }
|
||||
${pstore}
|
||||
${s6}/bin/s6-log -- ${cfg.directory}
|
||||
'' else ''
|
||||
pipeline { ${s6}/bin/s6-log -bpd3 -- ${cfg.script} 1 }
|
||||
${pstore}
|
||||
${s6}/bin/s6-log -- ${cfg.directory}
|
||||
''}
|
||||
'';
|
||||
mode = "0755";
|
||||
};
|
||||
@ -212,6 +217,7 @@ let
|
||||
in {
|
||||
options = {
|
||||
logging = {
|
||||
pstore = mkEnableOption "system logs in pstore for retention after reboot";
|
||||
shipping = {
|
||||
enable = mkEnableOption "unix socket for log shipping";
|
||||
socket = mkOption {
|
||||
@ -263,6 +269,12 @@ in {
|
||||
)];
|
||||
|
||||
config = {
|
||||
kernel.config = mkIf cfg.pstore {
|
||||
PSTORE = "y";
|
||||
PSTORE_PMSG = "y";
|
||||
};
|
||||
programs.busybox.applets = mkIf cfg.pstore [ "tee" ];
|
||||
|
||||
filesystem = dir {
|
||||
etc = dir {
|
||||
s6-rc = dir {
|
||||
|
Loading…
Reference in New Issue
Block a user