1
0
Commit Graph

436 Commits

Author SHA1 Message Date
0c406058e9 remove acceotance of udp sport 5 on wan
this was added for replies to dns queries but isn't needed for
that purpose as connection tracking does that anyway
2025-02-12 21:54:01 +00:00
19d441333c remove duplicate rule 2025-02-10 23:50:07 +00:00
a726c09ae4 improve explanaton of reverse path filtering rule
thanks RoS for the references :-)
2025-02-10 23:48:29 +00:00
7e2b0068e6 nixfmt-rfc-style
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."

If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
3f889c7119 default firewall zones in gateway profile 2025-02-10 21:21:08 +00:00
7f17125039 firewall: update zones with interface names as they appear 2025-02-10 21:21:08 +00:00
6587813577 WIP add zones to firewall module
- zones are an attrset of name -> [interface-service]

- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)

- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear

This commit only adds the empty sets
2025-02-10 21:21:08 +00:00
1d780de0f1 add (very basic) set support in firewallgen
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
2025-02-10 21:17:43 +00:00
c92aacc6fd firewall rules: use @lan and @wan sets instead of ifnames
we don't have anything yet to create or populate the sets
2025-02-06 09:22:41 +00:00
f77da6f14c remove remaining refs to kexecboot 2025-01-05 17:22:30 +00:00
26f206d0e1 phram dtb reserved-memory needs no-map
c.f. 69429404ab

Co-authored-by: Arnout Engelen <arnout@bzzt.net>
2025-01-04 23:50:44 +00:00
13cb8d3692 sort imports 2025-01-03 15:41:22 +00:00
62b7aea8ab add btrfs.nix to outputs imports 2025-01-03 15:40:33 +00:00
92284fa9ba mtdimage can't be a default import
it adds kernel config that depend on openwrt patches,
which aren't used/needed on all devices
2025-01-03 00:19:17 +00:00
74027b44d7 extract log persistence config from s6 to new module
because it frobs kernel config, it breaks levitate
as levitate evalModules doesn't include the kernel
2025-01-02 23:56:49 +00:00
ea5370b3f4 import mtdimage in outputs 2025-01-02 23:37:07 +00:00
7377f7ceb2 implement mechanism for reverting from update.sh 2025-01-02 22:19:49 +00:00
cc94ef57fa in rc.init copy log from previous boot to place of safety 2025-01-01 18:22:45 +00:00
497307588f automate ubimage instructions a little 2025-01-01 12:38:08 +00:00
28d39cd66d provide etc/kconfig in updater output
this is for debugging/documentation purposes and isn't copied to the
device
2025-01-01 11:55:33 +00:00
f2e4e77d73 firewall: don't use oifname in input rules
because it's empty, these are input rules for the local machine
2024-12-29 23:17:31 +00:00
4d273a9469 dropbear would like /etc/shells to exist 2024-12-29 13:27:49 +00:00
40db175b41 complain if user attempting to tftpboot a ubifs 2024-12-29 13:26:45 +00:00
ab07212a7e include jffs2 module per default
it has no effect unless enabled
2024-12-29 13:26:06 +00:00
294492a176 jiggle imports 2024-12-24 13:46:19 +00:00
Arnout Engelen
f8a275d1a3 use Linux kernel sources associated with openwrt by default 2024-12-24 12:30:15 +00:00
bc20f4c6b7 rt3200 test install 2024-12-23 23:59:52 +00:00
848214d104 add ubivolume output 2024-12-23 22:37:07 +00:00
ede8f12d2b declare options.hardware.ubi unconditionally
this is so it can be defined in device modules even when
ubifs is not included in the configuration
2024-12-23 22:37:07 +00:00
6cd5b90678 outputs.rootubifs -> ubifs 2024-12-23 22:37:07 +00:00
db4f098c02 add fit bootloader
this is for the belkin rt3200, whose uboot doesn't do
extlinux but can load a fit from a ubifs. It adds the
a kernel+dtb as /boot/fit
2024-12-23 11:21:58 +00:00
1347937345 rename file 2024-12-23 10:31:22 +00:00
a7b5f80674 rename extlinux output to bootfiles
this is in preparation for introducing other non-extlinux
modules that populate /boot
2024-12-23 00:09:31 +00:00
f07a38b0fd extract uimage output module into own file 2024-12-22 21:10:07 +00:00
ac189f2977 outputs.zimage -> outputs.kernel.zImage
remove config option/derivation in favour of accessing
as output of the kernel derivation (matches what we do
with e.g. modulesupport)
2024-12-22 17:27:59 +00:00
f60b74f415 add a new updater output
this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.

breaking-ish change to workflows, docs updated
2024-12-20 00:05:07 +00:00
56c667cfd5 extract systemConfiguration into its own output module 2024-12-19 20:55:10 +00:00
f9b4f0bc9c move modules/squashfs.nix into outputs/ 2024-12-19 14:33:50 +00:00
ffaca615ba copy logs to /dev/pmsg0 when ogging.persistent.enabled 2024-12-18 21:11:58 +00:00
81f5550bf0 config.logging.persistent enables /dev/pmsg0
- whatever's written to /dev/pmsg0 appears as
/sys/fs/pstore/pmsg-ramoops-0 after reboot

- only works on devices with the relevant device tree
support (gl-ar750 and whatever has it by default)

- nothing in the system is actually writing this file yet

- or reading it at boot time, for that matter
2024-12-17 23:24:31 +00:00
b52133a28b add hardware.dts.includes option 2024-12-17 20:36:14 +00:00
44caefcd3b rename config.hardware.dts.includes -> includePaths
(1) it's a better name
(2) I want to use `includes` to specify dtsi files
2024-12-17 17:41:53 +00:00
1f7d6544e3 provide stdout to ppp callback scripts
pppd runs them with 0,1,2 => /dev/null but we actually quite like
seeing errors in the logs
2024-10-17 21:37:08 +01:00
1bca072509 fix chrony pidfile error 2024-10-17 21:35:33 +01:00
7b98724643 turns out we did need usepeerdns 2024-10-17 21:05:16 +01:00
b1625763ee ppp service signal readiness only when ip-up has run
as downstream services need e.g. ifname which is not written by ipv6-up
2024-10-16 22:59:01 +01:00
14bfebc5c3 enable unloading modules so that scripts work
if we can't unload them then the service that loads them will fail
the second time it's run
2024-10-16 22:54:19 +01:00
0447ac0ff9 did we need MODULE_SIG?
I think this may be a hangover from using backports modules for wlan
2024-10-16 22:53:16 +01:00
e35a1514ab send kernel logs to s6 2024-10-16 18:59:42 +01:00
4a0120487c remove usepeerdns - it causes only errors
we handle dns with service outputs anyway
2024-10-16 18:58:34 +01:00