e1293e3778
think
2025-02-21 23:22:39 +00:00
0c406058e9
remove acceotance of udp sport 5 on wan
...
this was added for replies to dns queries but isn't needed for
that purpose as connection tracking does that anyway
2025-02-12 21:54:01 +00:00
19d441333c
remove duplicate rule
2025-02-10 23:50:07 +00:00
a726c09ae4
improve explanaton of reverse path filtering rule
...
thanks RoS for the references :-)
2025-02-10 23:48:29 +00:00
7e2b0068e6
nixfmt-rfc-style
...
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
13cc5a8992
Merge pull request 'support firewall zones: don't hardcode interface names in rules' ( #16 ) from firescape into main
...
Reviewed-on: #16
2025-02-10 21:23:15 +00:00
3f889c7119
default firewall zones in gateway profile
2025-02-10 21:21:08 +00:00
7f17125039
firewall: update zones with interface names as they appear
2025-02-10 21:21:08 +00:00
4bb081ffcf
export anoia.svc:fileno so it can be used with event loops
2025-02-10 21:21:08 +00:00
6587813577
WIP add zones to firewall module
...
- zones are an attrset of name -> [interface-service]
- the firewall will create empty "ifname" sets for each zone name
in each address family (ip, ip6)
- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear
This commit only adds the empty sets
2025-02-10 21:21:08 +00:00
1d780de0f1
add (very basic) set support in firewallgen
...
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
2025-02-10 21:17:43 +00:00
8cf602da91
think
2025-02-10 21:17:43 +00:00
c92aacc6fd
firewall rules: use @lan and @wan sets instead of ifnames
...
we don't have anything yet to create or populate the sets
2025-02-06 09:22:41 +00:00
eff255fe12
boot.expect: sleep more, for gl-ar750
...
the bootloader on gl-ar750 loses characters if we shovel them too fast
2025-02-05 20:35:04 +00:00
453baede61
rt3200: add installer compatibility note
2025-02-05 20:35:04 +00:00
2295ed3110
Merge pull request 'OpenWrt One device support' ( #13 ) from raboof/liminix:openwrt-one into main
...
Reviewed-on: #13
2025-01-08 13:57:39 +00:00
Arnout Engelen
e71d92eb3d
OpenWrt One support
...
https://openwrt.org/toh/openwrt/one
2025-01-07 16:10:04 +01:00
f77da6f14c
remove remaining refs to kexecboot
2025-01-05 17:22:30 +00:00
61eaaa82eb
drivel
2025-01-05 17:17:44 +00:00
95dd1a1fab
add missing code-block
2025-01-05 15:45:04 +00:00
2f9b0f12f9
switch uid
2025-01-05 12:57:51 +00:00
9fd9b8b878
rt3200 kconfig for 6.6.x
...
* DMA stuff needed for wired ethernet
* DSA MDIO _probably_ (based on guessing from openwrt dmesg) needed
for wired ethernet
* some or all of NVMEM so that wireless drivers can read their eeprom
2025-01-05 00:16:03 +00:00
26f206d0e1
phram dtb reserved-memory needs no-map
...
c.f. 69429404ab
Co-authored-by: Arnout Engelen <arnout@bzzt.net>
2025-01-04 23:50:44 +00:00
8cd068ea68
belkin rt3200: set tftp loadAddress to match u-boot
...
the old value of 0x4007ff28 was originally copied from something
upstreamy but I have no record of what. 0x48000000 is $loadaddr
in u-boot so let's use that instead
2025-01-04 23:48:19 +00:00
350ddde260
add pkgs.openwrt_24_10
...
is needed by Belkin RT3200 and might also be handy for OpenWrt One?
this is very copy-pastey, will tidy it up after it
stops being a moving target
2025-01-03 23:52:08 +00:00
13cb8d3692
sort imports
2025-01-03 15:41:22 +00:00
62b7aea8ab
add btrfs.nix to outputs imports
2025-01-03 15:40:33 +00:00
76e3fd9a55
add rt3200 to CI
2025-01-03 15:39:08 +00:00
92284fa9ba
mtdimage can't be a default import
...
it adds kernel config that depend on openwrt patches,
which aren't used/needed on all devices
2025-01-03 00:19:17 +00:00
a2bb55e885
oops fix syntax error
2025-01-03 00:07:00 +00:00
74027b44d7
extract log persistence config from s6 to new module
...
because it frobs kernel config, it breaks levitate
as levitate evalModules doesn't include the kernel
2025-01-02 23:56:49 +00:00
ea5370b3f4
import mtdimage in outputs
2025-01-02 23:37:07 +00:00
55ed365920
turris omnia: default rootfs and bootloader settings
2025-01-02 23:36:15 +00:00
aa2160dd05
logtap: fix indentation
...
spaces not tabs
2025-01-02 22:45:00 +00:00
df414b796f
drivel
2025-01-02 22:19:49 +00:00
7377f7ceb2
implement mechanism for reverting from update.sh
2025-01-02 22:19:49 +00:00
49432aeda5
Merge pull request 'Fix typo: Buildiing -> Building' ( #15 ) from raboof/liminix:typo into main
...
Reviewed-on: #15
Reviewed-by: dan <dan@telent.net>
2025-01-02 14:46:36 +00:00
Arnout Engelen
3caf8a75bb
Fix typo: Buildiing -> Building
2025-01-02 10:53:38 +01:00
cc94ef57fa
in rc.init copy log from previous boot to place of safety
2025-01-01 18:22:45 +00:00
fd28f0ce04
rt3200 needs pmsg-size set in its dts for persistent logging
2025-01-01 14:11:22 +00:00
497307588f
automate ubimage instructions a little
2025-01-01 12:38:08 +00:00
788169586f
/boot is a directory, copy files instead of replacing it with symlink
...
for the record, u-boot doesn't like having /boot/fit -> ../nix/store/..../fit
symlinks so we don't use symlinks inside /boot either
2025-01-01 12:29:25 +00:00
3af9e86624
rt3200: replace bootcmd variable
...
the default is to boot to recovery if there's anything in pstore, but
this doesn't interact well with persstent logging
2025-01-01 11:56:54 +00:00
28d39cd66d
provide etc/kconfig in updater output
...
this is for debugging/documentation purposes and isn't copied to the
device
2025-01-01 11:55:33 +00:00
9dd169d500
add "config" output to kernel derivation
2025-01-01 11:54:46 +00:00
2e513eb4a7
example sni proxy using nginx
2024-12-29 23:34:15 +00:00
f2e4e77d73
firewall: don't use oifname in input rules
...
because it's empty, these are input rules for the local machine
2024-12-29 23:17:31 +00:00
48dfbe0c01
add nginx-small : nginx with finegrained configure options
2024-12-29 20:47:03 +00:00
6f697db57c
remove PSTORE from rt3200 default kconfig
...
we have config.logging.persistent.enable at home
2024-12-29 13:33:55 +00:00
fe1ee12e3d
swap strchr for strchrnul in dropbear authkeyfile patch
...
The strchrnul version was giving weird crashes on aarch64
belkin-rt3200. I haven't figured out why but this one doesn't
2024-12-29 13:30:21 +00:00