dan/liminix
1
0
Fork 5
Code
1,469 Commits 15 Branches 0 Tags 7.1 MiB
e1293e3778
Commit Graph

1469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Barlow
e1293e3778 think 2025-02-21 23:22:39 +00:00
Daniel Barlow
0c406058e9 remove acceotance of udp sport 5 on wan 
this was added for replies to dns queries but isn't needed for
that purpose as connection tracking does that anyway
 2025-02-12 21:54:01 +00:00
Daniel Barlow
19d441333c remove duplicate rule 2025-02-10 23:50:07 +00:00
Daniel Barlow
a726c09ae4 improve explanaton of reverse path filtering rule 
thanks RoS for the references :-)
 2025-02-10 23:48:29 +00:00
Daniel Barlow
7e2b0068e6 nixfmt-rfc-style 
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."

If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
 2025-02-10 21:55:08 +00:00
dan
13cc5a8992 Merge pull request 'support firewall zones: don't hardcode interface names in rules' (#16) from firescape into main 
Reviewed-on: #16
 2025-02-10 21:23:15 +00:00
Daniel Barlow
3f889c7119 default firewall zones in gateway profile 2025-02-10 21:21:08 +00:00
Daniel Barlow
7f17125039 firewall: update zones with interface names as they appear 2025-02-10 21:21:08 +00:00
Daniel Barlow
4bb081ffcf export anoia.svc:fileno so it can be used with event loops 2025-02-10 21:21:08 +00:00
Daniel Barlow
6587813577 WIP add zones to firewall module 
- zones are an attrset of name -> [interface-service]

- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)

- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear

This commit only adds the empty sets
 2025-02-10 21:21:08 +00:00
Daniel Barlow
1d780de0f1 add (very basic) set support in firewallgen 
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
 2025-02-10 21:17:43 +00:00
Daniel Barlow
8cf602da91 think 2025-02-10 21:17:43 +00:00
Daniel Barlow
c92aacc6fd firewall rules: use @lan and @wan sets instead of ifnames 
we don't have anything yet to create or populate the sets
 2025-02-06 09:22:41 +00:00
Daniel Barlow
eff255fe12 boot.expect: sleep more, for gl-ar750 
the bootloader on gl-ar750 loses characters if we shovel them too fast
 2025-02-05 20:35:04 +00:00
Daniel Barlow
453baede61 rt3200: add installer compatibility note 2025-02-05 20:35:04 +00:00
dan
2295ed3110 Merge pull request 'OpenWrt One device support' (#13) from raboof/liminix:openwrt-one into main 
Reviewed-on: #13
 2025-01-08 13:57:39 +00:00
Arnout Engelen
e71d92eb3d
OpenWrt One support 
https://openwrt.org/toh/openwrt/one
 2025-01-07 16:10:04 +01:00
Daniel Barlow
f77da6f14c remove remaining refs to kexecboot 2025-01-05 17:22:30 +00:00
Daniel Barlow
61eaaa82eb drivel 2025-01-05 17:17:44 +00:00
Daniel Barlow
95dd1a1fab add missing code-block 2025-01-05 15:45:04 +00:00
Daniel Barlow
2f9b0f12f9 switch uid 2025-01-05 12:57:51 +00:00
Daniel Barlow
9fd9b8b878 rt3200 kconfig for 6.6.x 
* DMA stuff needed for wired ethernet

* DSA MDIO _probably_ (based on guessing from openwrt dmesg) needed
for wired ethernet

* some or all of NVMEM so that wireless drivers can read their eeprom
 2025-01-05 00:16:03 +00:00
Daniel Barlow
26f206d0e1 phram dtb reserved-memory needs no-map 
c.f. 69429404ab

Co-authored-by: Arnout Engelen <arnout@bzzt.net>
 2025-01-04 23:50:44 +00:00
Daniel Barlow
8cd068ea68 belkin rt3200: set tftp loadAddress to match u-boot 
the old value of 0x4007ff28 was originally copied from something
upstreamy but I have no record of what. 0x48000000 is $loadaddr
in u-boot so let's use that instead
 2025-01-04 23:48:19 +00:00
Daniel Barlow
350ddde260 add pkgs.openwrt_24_10 
is needed by Belkin RT3200 and might also be handy for OpenWrt One?

this is very copy-pastey, will tidy it up after it
stops being a moving target
 2025-01-03 23:52:08 +00:00
Daniel Barlow
13cb8d3692 sort imports 2025-01-03 15:41:22 +00:00
Daniel Barlow
62b7aea8ab add btrfs.nix to outputs imports 2025-01-03 15:40:33 +00:00
Daniel Barlow
76e3fd9a55 add rt3200 to CI 2025-01-03 15:39:08 +00:00
Daniel Barlow
92284fa9ba mtdimage can't be a default import 
it adds kernel config that depend on openwrt patches,
which aren't used/needed on all devices
 2025-01-03 00:19:17 +00:00
Daniel Barlow
a2bb55e885 oops fix syntax error 2025-01-03 00:07:00 +00:00
Daniel Barlow
74027b44d7 extract log persistence config from s6 to new module 
because it frobs kernel config, it breaks levitate
as levitate evalModules doesn't include the kernel
 2025-01-02 23:56:49 +00:00
Daniel Barlow
ea5370b3f4 import mtdimage in outputs 2025-01-02 23:37:07 +00:00
Daniel Barlow
55ed365920 turris omnia: default rootfs and bootloader settings 2025-01-02 23:36:15 +00:00
Daniel Barlow
aa2160dd05 logtap: fix indentation 
spaces not tabs
 2025-01-02 22:45:00 +00:00
Daniel Barlow
df414b796f drivel 2025-01-02 22:19:49 +00:00
Daniel Barlow
7377f7ceb2 implement mechanism for reverting from update.sh 2025-01-02 22:19:49 +00:00
dan
49432aeda5 Merge pull request 'Fix typo: Buildiing -> Building' (#15) from raboof/liminix:typo into main 
Reviewed-on: #15
Reviewed-by: dan <dan@telent.net>
 2025-01-02 14:46:36 +00:00
Arnout Engelen
3caf8a75bb
Fix typo: Buildiing -> Building 2025-01-02 10:53:38 +01:00
Daniel Barlow
cc94ef57fa in rc.init copy log from previous boot to place of safety 2025-01-01 18:22:45 +00:00
Daniel Barlow
fd28f0ce04 rt3200 needs pmsg-size set in its dts for persistent logging 2025-01-01 14:11:22 +00:00
Daniel Barlow
497307588f automate ubimage instructions a little 2025-01-01 12:38:08 +00:00
Daniel Barlow
788169586f /boot is a directory, copy files instead of replacing it with symlink 
for the record, u-boot doesn't like having /boot/fit -> ../nix/store/..../fit
symlinks so we don't use symlinks inside /boot either
 2025-01-01 12:29:25 +00:00
Daniel Barlow
3af9e86624 rt3200: replace bootcmd variable 
the default is to boot to recovery if there's anything in pstore, but
this doesn't interact well with persstent logging
 2025-01-01 11:56:54 +00:00
Daniel Barlow
28d39cd66d provide etc/kconfig in updater output 
this is for debugging/documentation purposes and isn't copied to the
device
 2025-01-01 11:55:33 +00:00
Daniel Barlow
9dd169d500 add "config" output to kernel derivation 2025-01-01 11:54:46 +00:00
Daniel Barlow
2e513eb4a7 example sni proxy using nginx 2024-12-29 23:34:15 +00:00
Daniel Barlow
f2e4e77d73 firewall: don't use oifname in input rules 
because it's empty, these are input rules for the local machine
 2024-12-29 23:17:31 +00:00
Daniel Barlow
48dfbe0c01 add nginx-small : nginx with finegrained configure options 2024-12-29 20:47:03 +00:00
Daniel Barlow
6f697db57c remove PSTORE from rt3200 default kconfig 
we have config.logging.persistent.enable at home
 2024-12-29 13:33:55 +00:00
Daniel Barlow
fe1ee12e3d swap strchr for strchrnul in dropbear authkeyfile patch 
The strchrnul version was giving weird crashes on aarch64
belkin-rt3200. I haven't figured out why but this one doesn't
 2024-12-29 13:30:21 +00:00