a726c09ae4
improve explanaton of reverse path filtering rule
...
thanks RoS for the references :-)
2025-02-10 23:48:29 +00:00
7e2b0068e6
nixfmt-rfc-style
...
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
3f889c7119
default firewall zones in gateway profile
2025-02-10 21:21:08 +00:00
7f17125039
firewall: update zones with interface names as they appear
2025-02-10 21:21:08 +00:00
6587813577
WIP add zones to firewall module
...
- zones are an attrset of name -> [interface-service]
- the firewall will create empty "ifname" sets for each zone name
in each address family (ip, ip6)
- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear
This commit only adds the empty sets
2025-02-10 21:21:08 +00:00
1d780de0f1
add (very basic) set support in firewallgen
...
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
2025-02-10 21:17:43 +00:00
c92aacc6fd
firewall rules: use @lan and @wan sets instead of ifnames
...
we don't have anything yet to create or populate the sets
2025-02-06 09:22:41 +00:00
f77da6f14c
remove remaining refs to kexecboot
2025-01-05 17:22:30 +00:00
26f206d0e1
phram dtb reserved-memory needs no-map
...
c.f. 69429404ab
2025-01-04 23:50:44 +00:00
13cb8d3692
sort imports
2025-01-03 15:41:22 +00:00
62b7aea8ab
add btrfs.nix to outputs imports
2025-01-03 15:40:33 +00:00
92284fa9ba
mtdimage can't be a default import
...
it adds kernel config that depend on openwrt patches,
which aren't used/needed on all devices
2025-01-03 00:19:17 +00:00
74027b44d7
extract log persistence config from s6 to new module
...
because it frobs kernel config, it breaks levitate
as levitate evalModules doesn't include the kernel
2025-01-02 23:56:49 +00:00
ea5370b3f4
import mtdimage in outputs
2025-01-02 23:37:07 +00:00
7377f7ceb2
implement mechanism for reverting from update.sh
2025-01-02 22:19:49 +00:00
cc94ef57fa
in rc.init copy log from previous boot to place of safety
2025-01-01 18:22:45 +00:00
497307588f
automate ubimage instructions a little
2025-01-01 12:38:08 +00:00
28d39cd66d
provide etc/kconfig in updater output
...
this is for debugging/documentation purposes and isn't copied to the
device
2025-01-01 11:55:33 +00:00
f2e4e77d73
firewall: don't use oifname in input rules
...
because it's empty, these are input rules for the local machine
2024-12-29 23:17:31 +00:00
4d273a9469
dropbear would like /etc/shells to exist
2024-12-29 13:27:49 +00:00
40db175b41
complain if user attempting to tftpboot a ubifs
2024-12-29 13:26:45 +00:00
ab07212a7e
include jffs2 module per default
...
it has no effect unless enabled
2024-12-29 13:26:06 +00:00
294492a176
jiggle imports
2024-12-24 13:46:19 +00:00
Arnout Engelen
f8a275d1a3
use Linux kernel sources associated with openwrt by default
2024-12-24 12:30:15 +00:00
bc20f4c6b7
rt3200 test install
2024-12-23 23:59:52 +00:00
848214d104
add ubivolume output
2024-12-23 22:37:07 +00:00
ede8f12d2b
declare options.hardware.ubi unconditionally
...
this is so it can be defined in device modules even when
ubifs is not included in the configuration
2024-12-23 22:37:07 +00:00
6cd5b90678
outputs.rootubifs -> ubifs
2024-12-23 22:37:07 +00:00
db4f098c02
add fit bootloader
...
this is for the belkin rt3200, whose uboot doesn't do
extlinux but can load a fit from a ubifs. It adds the
a kernel+dtb as /boot/fit
2024-12-23 11:21:58 +00:00
1347937345
rename file
2024-12-23 10:31:22 +00:00
a7b5f80674
rename extlinux output to bootfiles
...
this is in preparation for introducing other non-extlinux
modules that populate /boot
2024-12-23 00:09:31 +00:00
f07a38b0fd
extract uimage output module into own file
2024-12-22 21:10:07 +00:00
ac189f2977
outputs.zimage -> outputs.kernel.zImage
...
remove config option/derivation in favour of accessing
as output of the kernel derivation (matches what we do
with e.g. modulesupport)
2024-12-22 17:27:59 +00:00
f60b74f415
add a new updater output
...
this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.
breaking-ish change to workflows, docs updated
2024-12-20 00:05:07 +00:00
56c667cfd5
extract systemConfiguration into its own output module
2024-12-19 20:55:10 +00:00
f9b4f0bc9c
move modules/squashfs.nix into outputs/
2024-12-19 14:33:50 +00:00
ffaca615ba
copy logs to /dev/pmsg0 when ogging.persistent.enabled
2024-12-18 21:11:58 +00:00
81f5550bf0
config.logging.persistent enables /dev/pmsg0
...
- whatever's written to /dev/pmsg0 appears as
/sys/fs/pstore/pmsg-ramoops-0 after reboot
- only works on devices with the relevant device tree
support (gl-ar750 and whatever has it by default)
- nothing in the system is actually writing this file yet
- or reading it at boot time, for that matter
2024-12-17 23:24:31 +00:00
b52133a28b
add hardware.dts.includes option
2024-12-17 20:36:14 +00:00
44caefcd3b
rename config.hardware.dts.includes -> includePaths
...
(1) it's a better name
(2) I want to use `includes` to specify dtsi files
2024-12-17 17:41:53 +00:00
1f7d6544e3
provide stdout to ppp callback scripts
...
pppd runs them with 0,1,2 => /dev/null but we actually quite like
seeing errors in the logs
2024-10-17 21:37:08 +01:00
1bca072509
fix chrony pidfile error
2024-10-17 21:35:33 +01:00
7b98724643
turns out we did need usepeerdns
2024-10-17 21:05:16 +01:00
b1625763ee
ppp service signal readiness only when ip-up has run
...
as downstream services need e.g. ifname which is not written by ipv6-up
2024-10-16 22:59:01 +01:00
14bfebc5c3
enable unloading modules so that scripts work
...
if we can't unload them then the service that loads them will fail
the second time it's run
2024-10-16 22:54:19 +01:00
0447ac0ff9
did we need MODULE_SIG?
...
I think this may be a hangover from using backports modules for wlan
2024-10-16 22:53:16 +01:00
e35a1514ab
send kernel logs to s6
2024-10-16 18:59:42 +01:00
4a0120487c
remove usepeerdns - it causes only errors
...
we handle dns with service outputs anyway
2024-10-16 18:58:34 +01:00
17517dd34f
remove KEXEC from base kernel config
...
we're not using it any more
2024-10-10 18:23:50 +01:00
5112eab4da
apply incoming-allowed-ip[46] rules to input as well as forward pkts
...
this makes it possible to open ports on the router itself
2024-10-10 18:18:23 +01:00
