dan
/
liminix
1
0
Fork 5
Code Issues 3 Pull Requests 2 Projects Releases Wiki Activity
1,071 Commits
9 Branches
0 Tags
8 MiB
Commit Graph

154 Commits (main)

Author SHA1 Message Date
Daniel Barlow 0f31afee2b hellonet: set password for root 
otherwise incoming ssh gets a bit fraught
 2023-09-17 17:03:56 +01:00
Daniel Barlow 98c63e7498 hellonet: don't run ntp 
it's a bit pointless when there's no connectivity to
any ntp server
 2023-09-17 17:03:56 +01:00
Daniel Barlow c6faf88dd1 doc WIP: build "hello net" example 2023-09-17 17:03:56 +01:00
Daniel Barlow f7b30939b5 remove service-state when service exits 2023-09-13 22:49:00 +01:00
Daniel Barlow 92e107d77c update acquire-delegated-prefix to use svc.events 2023-09-13 17:49:57 +01:00
Daniel Barlow fa040a194c acquire-wan-address remove boundness checking 
if we're unbound then the script will be called with
empty ADDRESSES and so the usual case will handle this fine
by removing all the previosuly set addresses
 2023-09-13 13:17:58 +01:00
Daniel Barlow 3bdb7754d3 replace var/each with accumulate 2023-09-12 20:55:08 +01:00
Daniel Barlow 8f97c5bf3c anoia service :events method behaves as iterator 2023-09-12 20:46:52 +01:00
Daniel Barlow 7904c6bfe9 anoia users now need lfs 
... and we need to figure out how to do transitive
dependencies, because this is not a great experience
 2023-09-12 18:46:04 +01:00
Daniel Barlow 0a737c62cd convert acquire-wan-address to writeFennel 
this means we can get rid of the inelegant environent variable
check at the bottom of the file
 2023-09-12 17:51:00 +01:00
Daniel Barlow d49cbbb8ed test for acquire-wan-address 2023-09-11 00:07:49 +01:00
Daniel Barlow 7683ed69de acquire-wan-address uses parsed addresses from odhcp 2023-09-11 00:07:11 +01:00
Daniel Barlow 91e957ced7 static leases for rotuer 2023-09-04 23:07:13 +01:00
Daniel Barlow a24c2a23a0 whitespace 2023-09-04 22:06:15 +01:00
Daniel Barlow 9e52faa0b6 remove unused imports 2023-09-04 22:05:42 +01:00
Daniel Barlow 3bdc986dd7 extract "mount filesystem" to module 2023-09-04 21:17:52 +01:00
Daniel Barlow 83092b7b73 add watchdog service 2023-09-02 17:28:40 +01:00
Daniel Barlow 6805e0090d working down the TODOs 2023-09-01 17:57:22 +01:00
Daniel Barlow 7ad848cb77 add service to enable packet forwarding 
might be worth looking into adding RA config to this
 2023-09-01 17:34:47 +01:00
Daniel Barlow ef666c34cd use ssh service in examples 2023-09-01 17:32:53 +01:00
Daniel Barlow d7336679c4 arhcive use ssh service instead of hand-rolling 2023-08-31 23:59:48 +01:00
Daniel Barlow 535eb70bb9 convert all route defns to module-based-service 2023-08-31 23:52:59 +01:00
Daniel Barlow 51ad051443 delete unneeded services.default 2023-08-31 23:52:03 +01:00
Daniel Barlow 3609d8d5ee implement route as module-based-service 2023-08-31 23:24:23 +01:00
Daniel Barlow e577caa15f extneder: use bridge module 2023-08-31 18:29:45 +01:00
Daniel Barlow 333327be75 make a module for vlan 
Acked-by: Daniel Barlow <<dan@telent.net>>
 2023-08-30 23:26:44 +01:00
Daniel Barlow aecbe08f08 add o+x permission on service-state directories 
this is needed for resolvconf, which writes resolv.conf as
an output and wants to make it world-readable
 2023-08-28 22:02:28 +01:00
Daniel Barlow ff2d3e1a63 TODO comments 2023-08-28 22:02:28 +01:00
Daniel Barlow 8688d47c65 rotuer: create resolv.conf 2023-08-28 22:02:28 +01:00
Daniel Barlow e86daf9bbc default value for services.default 
as a default default target, start all the services
 2023-08-28 22:02:28 +01:00
Daniel Barlow 23ccfec5fb update examples so they build again 2023-08-28 22:02:28 +01:00
Daniel Barlow 31f0213b6f convert network link/address to module-based-service 
... and make bridge use it.

We also had to convert bridge back into a pair of services.
Downstreams want to depend on the bridge it self being configured
even if not necessarily all the members are up. e.g. don't want
to break ssh on lan if there's a misconfigured wlan device
 2023-08-28 22:02:28 +01:00
Daniel Barlow 540a1dfd76 remove interface.device 
build-time uses can mostly be replaced with interface.name

for runtime uses, switch to $(output ${interface} name)
 2023-08-28 22:02:28 +01:00
Daniel Barlow 6f92f8fa8b merge bridge services into one 2023-08-16 23:29:53 +01:00
Daniel Barlow 3ea40f95dc convert pppoe to serviceDefn 2023-08-10 22:53:45 +01:00
Daniel Barlow 2942c465b9 add ssh module 2023-08-10 22:53:21 +01:00
Daniel Barlow 2414dd4b55 convert ntp to serviceDefn 2023-08-05 14:16:54 +01:00
Daniel Barlow 93e04bb834 convert bridge service to serviceDefn 2023-08-05 14:10:14 +01:00
Daniel Barlow f82501d278 update hostapd to "build" syntax 2023-08-05 12:21:18 +01:00
Daniel Barlow 90c1d59aca convert firewall service to new serviceDefn 
this is a bit kludgey with dependencies, need to
come back and look at that
 2023-08-05 12:07:35 +01:00
Daniel Barlow fbb2c04132 move module-based-service parameter types into service 
This is in preparation for writing something that extracts them
into documentation.

user configurations now call config.system.service.foo.build { ...params }
instead of config.system.service.foo

the parameter type definitions themselves now move into the
config stanza of the module referencing the service

new helper function  liminix.callService

The only service moved so far is dnsmasq
 2023-08-04 20:39:29 +01:00
Daniel Barlow 9994c161d4 DRY up wireless config 2023-07-22 23:37:01 +01:00
Daniel Barlow bf1d9beec1 add first version of ntp module 2023-07-22 23:25:25 +01:00
Daniel Barlow 4396afa97b inline excessive lets 2023-07-20 12:05:36 +01:00
Daniel Barlow 9b70fd62f6 extract bridge to module-based services 2023-07-20 12:02:09 +01:00
Daniel Barlow 86e73317ee alias config.system.service 2023-07-20 11:28:45 +01:00
Daniel Barlow 648ea5613b use module-based-service for hostapd 2023-07-16 17:51:50 +01:00
Daniel Barlow 1117f98afc remove redundant let 2023-07-16 17:51:50 +01:00
Daniel Barlow d7f3e05063 turn nftables firewall into a service-providing module 2023-07-16 17:51:50 +01:00
Daniel Barlow 669af24247 make a module for dnsmasq 2023-07-14 23:18:21 +01:00
Daniel Barlow c13defc891 rename modules/ppp.nix -> modules/ppp/default.nix 2023-07-14 21:08:33 +01:00
Daniel Barlow 69e6eb5a89 accept attr args to pppoe service, and typecheck them 
We use (abuse, arguably) the nixos module system for typechecking.  Un
the plus side, it gives us documentation of the options and their
expected types. On the downside, the error message doesn't tell us
the file in which the error was encountered.

(This is subject to change, if I can find a better way)
 2023-07-14 16:53:36 +01:00
Daniel Barlow 9441f48819 new ppp module, used by rotuer 
The objective here is that services which depend on global config
(e.g. kernel config or busybox options or static paths in the
filesystem) now live under config.system.service, and are added
to that collection by the module that defines the necessary state.

This is a first step: the services will be configured by a typechecked
attr set instead of the arbitrary arguments that
pkgs.liminix.networking.pppoe accepts
 2023-07-13 19:44:14 +01:00
Daniel Barlow 2e50368bd2 rename config.outputs to config.system.outputs 
New rules: everything under "config" that isn't actually configuration
(e.g. build products) will in future live in config.system. This is
the first step.
 2023-07-13 19:24:59 +01:00
Daniel Barlow 7c06f30675 set ipv6 wan address to that provided by dhcpv6 2023-07-08 23:08:25 +01:00
Daniel Barlow 0c41e9305c extract service output watcher to fennel module 2023-07-08 23:08:24 +01:00
Daniel Barlow e7de889403 explain why all the examples are misspelled 2023-07-07 17:45:23 +01:00
Daniel Barlow a12e5888e9 rotuer: remove hardcoded wan address 2023-07-05 20:34:30 +01:00
Daniel Barlow 2de4d7a8f9 fennel: extract some common functions into a shareable module 2023-07-05 20:23:27 +01:00
Daniel Barlow 41687e916d rename luaSmall package to lua 2023-07-02 18:19:54 +01:00
Daniel Barlow 3900683413 simplify protocol for watchers of service output directories 
Previously: the service wrote a timestamp and the receiver
read and parsed it to see if there was new data

Now: the service writes and removes a .lock file to prevent
the receiver reading partial data. The receiver is responsible
for remembering the *previous* state and only updating if it's changed
 2023-07-02 12:09:13 +01:00
Daniel Barlow 5532144747 hardcode global wan address, temporarily 2023-07-01 12:50:06 +01:00
Daniel Barlow 9aa5ff6ed1 make a package for odhcpc-script 2023-06-30 20:02:03 +01:00
Daniel Barlow b6e72504d6 ipv6 default route 
needs to specify the ppp0 *peer* address not the local address
 2023-06-30 10:17:33 +01:00
Daniel Barlow 5306b36181 ipv4 nat rules 2023-06-28 23:51:37 +01:00
Daniel Barlow 1f1164cc98 allow dhcp client on wan 2023-06-28 23:51:21 +01:00
Daniel Barlow 8affb151b5 rotuer: enable ipv6 forwarding 2023-06-28 22:31:01 +01:00
Daniel Barlow a9848b9668 firewall: enable incoming ssh and dhcp6 2023-06-28 22:20:45 +01:00
Daniel Barlow 25eecabc6d typo 2023-06-28 22:19:11 +01:00
Daniel Barlow 80b6f62896 comment-out example of allowed incoming 2023-06-27 22:33:24 +01:00
Daniel Barlow 64e0ef5931 use numeric proto number (tautology...) for HIP 2023-06-27 21:25:30 +01:00
Daniel Barlow 78d223a839 move nftables fib rule to the prerouting hook 2023-06-27 21:23:15 +01:00
Daniel Barlow 6101f3f3d8 load necessary kernel modules for firewall 2023-06-27 21:18:09 +01:00
Daniel Barlow 15be80e9de remove dead config option 2023-06-22 17:46:57 +01:00
Daniel Barlow 26cb331d8b remove dead config optiuon 2023-06-22 16:56:30 +01:00
Daniel Barlow 5e45817f98 example rotuer-secrets 2023-06-22 16:54:24 +01:00
Daniel Barlow b002a94e07 rotuer: use firewallgen to make packet filter rules 2023-06-20 20:20:32 +01:00
Daniel Barlow 340f7211ef remove unused packages 2023-06-20 20:13:59 +01:00
Daniel Barlow a65bb9d585 improve file-exists? function 2023-06-18 17:41:09 +01:00
Daniel Barlow 3f4dbfcfd3 ipv6 prefix delegation for rotuer 
much tidying needed, but it works
 2023-05-31 23:29:05 +01:00
Daniel Barlow d82173133c odhcpc script: mkdir 2023-05-30 21:00:20 +01:00
Daniel Barlow cb30ce52eb rotuer: use writeFennelScript for odhcpc update script 2023-05-30 18:20:14 +01:00
Daniel Barlow fa7e682e87 dhcp6c readiness notification 2023-05-26 18:36:44 +01:00
Daniel Barlow 447f068569 partly support getting IPv6 addresses 
- gets interface id from ppp
- runs odhcpc to get RA and prefix delegation
- doesn't do anything useful with the data yet
 2023-05-24 23:01:50 +01:00
Daniel Barlow 0173a9ced9 set PATH correctly in ssh sessions 
for a non=interactive shell ("ssh linminix foo") ash does not source
*any* startup files, so we need to set this to something more useful
than /bin:usr/bin
 2023-05-21 17:07:19 +01:00
Daniel Barlow a48d51ffdc keep dropbear host keys in /persist if it exists 2023-05-21 12:01:42 +01:00
Daniel Barlow f249c12bec cruft 2023-05-20 22:48:30 +01:00
Daniel Barlow eadd982a79 rotuer: set hostname 2023-05-20 22:34:57 +01:00
Daniel Barlow b0a0fdcfcc add "standard" module, which includes flashimage kexec & jffs2 
most systems need most of these, so it makes writing the docs a
lot easier
 2023-05-17 15:38:22 +01:00
Daniel Barlow 6d6dbe1cbb tftpboot: allow padding image with freeSpaceBytes 
this is useful for writable filesystems so that there's more than
an erase block of space to write into
 2023-04-26 22:15:19 +01:00
Daniel Barlow 6adab44fcf rotuer; run chronyd for accurate time 2023-04-23 20:56:20 +01:00
Daniel Barlow 4342d3403f make rotuer example build again 2023-04-23 20:56:20 +01:00
Daniel Barlow fe99abc450 shrink rsync 
remove openssl requirement, it  uses it for "optimised assembly
versions" of md5 - but only on x86/arm/sparc not mips anyway
 2023-04-10 22:57:50 +01:00
Daniel Barlow 0687ae7f5c rename flashable->flashimage, o.squashfs to rootfs 
"rootfs" describes what it is for, "squashfs" merely says
how it's implemented

(also, rootfs-as-jffs2 will soon be added)
 2023-04-10 18:13:27 +01:00
Daniel Barlow 2e15acd61c whitespace 2023-04-10 17:46:39 +01:00
Daniel Barlow 404162ac1e support all kinds of boot for arhcive 
now we can have flashable and tftpboot in the same configuration
 2023-03-24 17:14:15 +00:00
Daniel Barlow 561d55ed5f arhcive: rsync daemon needs a group 2023-03-24 17:10:49 +00:00
Daniel Barlow 1c36f1b373 demonstrate adding ssh keys 2023-03-23 13:18:05 +00:00
Daniel Barlow beb6e260d4 PoC support for hardware watchdog 2023-03-23 13:18:05 +00:00
Daniel Barlow 6e95932e0e untested fix for unable to mount usb disk at boot 2023-03-18 14:30:10 +00:00