dan/liminix
1
0
Fork 5
Code
1,398 Commits 15 Branches 0 Tags 7.1 MiB
ede8f12d2b
Commit Graph

408 Commits

Author SHA1 Message Date
Daniel Barlow
ede8f12d2b declare options.hardware.ubi unconditionally 
this is so it can be defined in device modules even when
ubifs is not included in the configuration
 2024-12-23 22:37:07 +00:00
Daniel Barlow
6cd5b90678 outputs.rootubifs -> ubifs 2024-12-23 22:37:07 +00:00
Daniel Barlow
db4f098c02 add fit bootloader 
this is for the belkin rt3200, whose uboot doesn't do
extlinux but can load a fit from a ubifs. It adds the
a kernel+dtb as /boot/fit
 2024-12-23 11:21:58 +00:00
Daniel Barlow
1347937345 rename file 2024-12-23 10:31:22 +00:00
Daniel Barlow
a7b5f80674 rename extlinux output to bootfiles 
this is in preparation for introducing other non-extlinux
modules that populate /boot
 2024-12-23 00:09:31 +00:00
Daniel Barlow
f07a38b0fd extract uimage output module into own file 2024-12-22 21:10:07 +00:00
Daniel Barlow
ac189f2977 outputs.zimage -> outputs.kernel.zImage 
remove config option/derivation in favour of accessing
as output of the kernel derivation (matches what we do
with e.g. modulesupport)
 2024-12-22 17:27:59 +00:00
Daniel Barlow
f60b74f415 add a new updater output 
this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.

breaking-ish change to workflows, docs updated
 2024-12-20 00:05:07 +00:00
Daniel Barlow
56c667cfd5 extract systemConfiguration into its own output module 2024-12-19 20:55:10 +00:00
Daniel Barlow
f9b4f0bc9c move modules/squashfs.nix into outputs/ 2024-12-19 14:33:50 +00:00
Daniel Barlow
ffaca615ba copy logs to /dev/pmsg0 when ogging.persistent.enabled 2024-12-18 21:11:58 +00:00
Daniel Barlow
81f5550bf0 config.logging.persistent enables /dev/pmsg0 
- whatever's written to /dev/pmsg0 appears as
/sys/fs/pstore/pmsg-ramoops-0 after reboot

- only works on devices with the relevant device tree
support (gl-ar750 and whatever has it by default)

- nothing in the system is actually writing this file yet

- or reading it at boot time, for that matter
 2024-12-17 23:24:31 +00:00
Daniel Barlow
b52133a28b add hardware.dts.includes option 2024-12-17 20:36:14 +00:00
Daniel Barlow
44caefcd3b rename config.hardware.dts.includes -> includePaths 
(1) it's a better name
(2) I want to use `includes` to specify dtsi files
 2024-12-17 17:41:53 +00:00
Daniel Barlow
1f7d6544e3 provide stdout to ppp callback scripts 
pppd runs them with 0,1,2 => /dev/null but we actually quite like
seeing errors in the logs
 2024-10-17 21:37:08 +01:00
Daniel Barlow
1bca072509 fix chrony pidfile error 2024-10-17 21:35:33 +01:00
Daniel Barlow
7b98724643 turns out we did need usepeerdns 2024-10-17 21:05:16 +01:00
Daniel Barlow
b1625763ee ppp service signal readiness only when ip-up has run 
as downstream services need e.g. ifname which is not written by ipv6-up
 2024-10-16 22:59:01 +01:00
Daniel Barlow
14bfebc5c3 enable unloading modules so that scripts work 
if we can't unload them then the service that loads them will fail
the second time it's run
 2024-10-16 22:54:19 +01:00
Daniel Barlow
0447ac0ff9 did we need MODULE_SIG? 
I think this may be a hangover from using backports modules for wlan
 2024-10-16 22:53:16 +01:00
Daniel Barlow
e35a1514ab send kernel logs to s6 2024-10-16 18:59:42 +01:00
Daniel Barlow
4a0120487c remove usepeerdns - it causes only errors 
we handle dns with service outputs anyway
 2024-10-16 18:58:34 +01:00
Daniel Barlow
17517dd34f remove KEXEC from base kernel config 
we're not using it any more
 2024-10-10 18:23:50 +01:00
Daniel Barlow
5112eab4da apply incoming-allowed-ip[46] rules to input as well as forward pkts 
this makes it possible to open ports on the router itself
 2024-10-10 18:18:23 +01:00
Daniel Barlow
2d7e6188ac log shipping service now gets logs on stdin 
instead of having to open the unix socket
 2024-10-06 13:26:58 +01:00
Daniel Barlow
493c5f69d7 add module for certifix-client 2024-10-06 11:27:39 +01:00
Daniel Barlow
635590d37a implement log shipping config 
to use this, you need config like for example

+  logging.shipping = {
+    enable = true;
+    service = longrun {
+      name = "ship-logs";
+      run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+            in ''
+        PATH=${path}:$PATH
+        s6-ipcserver -1 ${config.logging.shipping.socket} \
+        s6-tcpclient 10.0.2.2 19612 \
+        fdmove -c 1 7 cat
+      '';
+    };
+  };

but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
 2024-09-18 22:14:34 +01:00
Daniel Barlow
707a471bc2 add logtee to catchall logger 2024-09-16 21:30:06 +01:00
Daniel Barlow
e0725489ca unbreak pppoe ci job 2024-09-06 00:33:30 +01:00
Daniel Barlow
091d863710 extract pppoe/l2tp common code 2024-09-04 12:02:00 +01:00
Daniel Barlow
c7bcfbfa34 make pppoe/l2tp more consistent 2024-09-03 22:57:45 +01:00
Daniel Barlow
500a3c1025 make nodefaultroute explicit in ppp 2024-09-03 22:53:13 +01:00
Daniel Barlow
e590c0ad3f secrets subscriber: add provider as dep to controlled service 2024-09-01 09:56:59 +01:00
Daniel Barlow
14abdd9998 tang: notify on ready 2024-08-31 23:24:50 +01:00
Daniel Barlow
e745991b9d restart pppoe/l2tp in secrets changes 2024-08-30 20:49:27 +01:00
Daniel Barlow
defbfce1fb finish converting outputRef to lambda 2024-08-30 20:46:48 +01:00
Daniel Barlow
a8a19977ca (untested) template service for tang encrypted secrets 2024-08-28 22:32:26 +01:00
Daniel Barlow
7351e143c5 remove redundant sourcing of ${serviceFns} 
this is done by the oneshot and longrun functions
 2024-08-28 21:28:27 +01:00
Daniel Barlow
fe7b092075 (untested) http basic auth for outboard secrets 2024-08-28 20:53:59 +01:00
Daniel Barlow
d5d621f310 rename http-fstree => json-to-fstree 
it works for file urls as well, not just http
 2024-08-28 16:36:49 +01:00
Daniel Barlow
c7164a6f4a sshd can use outputRef for authorized_keys 2024-08-25 16:35:50 +01:00
Daniel Barlow
99f68e5421 destructure params in ssh service 2024-08-23 23:13:49 +01:00
Daniel Barlow
9c30b6f882 change output references from attrset to lambda 
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
 2024-08-23 22:25:57 +01:00
Daniel Barlow
869a508c0a add authorizedKeys option to ssh service 
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
 2024-08-23 20:35:07 +01:00
Daniel Barlow
a6128955e7 ppp modules: permit (mostly) same params for l2tp as pppoe 
this also means that l2tp can use secrets for username/password
 2024-08-21 23:10:28 +01:00
Daniel Barlow
531cb113be devout needs a longer startup timeout 
seems to be taking around 40 seconds now, would be worth digging in to
find out why
 2024-08-21 23:09:11 +01:00
Daniel Barlow
2992771c7e pppoe allow secrets for username/password 2024-08-21 00:17:22 +01:00
Daniel Barlow
21f2320d86 inline method 2024-08-20 23:26:11 +01:00
Daniel Barlow
4053ea9481 secrets/subscriber implement different restart types 2024-08-20 22:56:26 +01:00
Daniel Barlow
54d3415885 pppoe convert to using a config file 
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
 2024-08-20 22:55:30 +01:00