implement log shipping config

to use this, you need config like for example

+  logging.shipping = {
+    enable = true;
+    service = longrun {
+      name = "ship-logs";
+      run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+            in ''
+        PATH=${path}:$PATH
+        s6-ipcserver -1 ${config.logging.shipping.socket} \
+        s6-tcpclient 10.0.2.2 19612 \
+        fdmove -c 1 7 cat
+      '';
+    };
+  };

but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other

NEWS

@@ -103,3 +103,15 @@ a bit more useful :-)
       };
     })
   ];
+
+2024-07-16
+
+* structured parameters are available for the pppoe service
+
+* The "wan" configuration in modules/profiles/gateway.nix has changed:
+instead of passing options that are used to create a pppoe interface,
+callers should create a (pppoe or other) interface and pass that as
+the value of profile.gateway.wan. For the pppoe case this is now only
+very slightly more verbose, and it allows using the gateway profile
+with other kinds of upstream.
+

boot.expect

@@ -0,0 +1,20 @@
+# This is for use with minicom, but needs you to configure it to
+# use expect as its "Script program" instead of runscript.  Try
+# Ctrl+A O -> Filenames and paths -> D
+
+log_user 0
+log_file -a -open stderr
+set f [open "result/boot.scr"]
+send "version\r"
+set timeout 60
+while {[gets $f line] >= 0} {
+    puts stderr "next line $line\r"
+    puts stderr "waiting for prompt\r"	
+    expect {
+      "ath>" {}
+      "BusyBox" { puts stderr  "DONE"; exit 0 }
+    }
+    send "$line\r\n"
+}
+puts stderr "done\r\n"
+close $f

bordervm-configuration.nix

@@ -6,7 +6,7 @@ in {
   options.bordervm = {
     keys = mkOption {
       type = types.listOf types.str;
-      default = [];
+      default = [ ];
     };
     l2tp = {
       host = mkOption {
@@ -55,18 +55,17 @@ in {
     <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
   ];
   config = {
-    boot.kernelParams = [
-      "loglevel=9"
-    ];
+    boot.kernelParams = [ "loglevel=9" ];
     systemd.services.pppoe =
-      let conf = pkgs.writeText "kpppoed.toml"
-        ''
-      interface_name = "eth1"
-      services = [ "myservice" ]
-      lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
-      ac_name = "kpppoed-1.0"
-    '';
-      in  {
+      let
+        conf = pkgs.writeText "kpppoed.toml" ''
+          interface_name = "eth1"
+          services = [ "myservice" ]
+          lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
+          ac_name = "kpppoed-1.0"
+        '';
+      in
+      {
         wantedBy = [ "multi-user.target" ];
         after = [ "network-online.target" ];
         serviceConfig = {
@@ -83,32 +82,43 @@ in {
     services.dnsmasq = {
       enable = true;
       resolveLocalQueries = false;
-      settings =  {
+      settings = {
         # domain-needed = true;
         dhcp-range = [ "10.0.0.10,10.0.0.240" ];
         interface = "eth1";
       };
     };
 
-    systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+    services.nginx = {
+      enable = true;
+      user = "liminix";
+      virtualHosts.${config.networking.hostName} = {
+        root = "/home/liminix";
+        default = true;
+      };
+    };
+    systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
 
+    systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
 
     virtualisation = {
       qemu = {
-        networkingOptions = [];
-        options = [] ++
-          optional cfg.ethernet.pci.enable
-            "-device vfio-pci,host=${cfg.ethernet.pci.id}" ++
-          optionals cfg.ethernet.usb.enable [
+        networkingOptions = [ ];
+        options =
+          [ ]
+          ++ optional cfg.ethernet.pci.enable "-device vfio-pci,host=${cfg.ethernet.pci.id}"
+          ++ optionals cfg.ethernet.usb.enable [
             "-device usb-ehci,id=ehci"
             "-device usb-host,bus=ehci.0,vendorid=${cfg.ethernet.usb.vendor},productid=${cfg.ethernet.usb.product}"
-          ] ++ [
+          ]
+          ++ [
             "-nographic"
             "-serial mon:stdio"
           ];
       };
       sharedDirectories = {
         liminix = {
+          securityModel = "none";
           source = builtins.toString ./.;
           target = "/home/liminix/liminix";
         };
@@ -136,13 +146,13 @@ in {
       nat = {
         enable = true;
         internalInterfaces = [ "eth1" ];
-        externalInterface ="eth0";
+        externalInterface = "eth0";
       };
     };
     users.users.liminix = {
       isNormalUser = true;
       uid = 1000;
-      extraGroups = [ "wheel"];
+      extraGroups = [ "wheel" ];
       openssh.authorizedKeys.keys = cfg.keys;
     };
     services.getty.autologinUser = "liminix";

bordervm.conf-example.nix

@@ -1,8 +1,12 @@
-{...}:
+{ ... }:
 {
   bordervm = {
     # ethernet.pci = { id = "01:00.0"; enable = true; };
-    ethernet.usb = { vendor = "0x0bda"; product = "0x8153"; enable = true; };
+    ethernet.usb = {
+      vendor = "0x0bda";
+      product = "0x8153";
+      enable = true;
+    };
     l2tp = {
       host = "l2tp.aa.net.uk";
     };

ci.nix

@@ -1,12 +1,12 @@
 {
-  nixpkgs
-, unstable
-, liminix
-, ... }:
+  nixpkgs,
+  unstable,
+  liminix,
+  ...
+}:
 let
-  inherit (builtins) map;
-  pkgs = (import nixpkgs {});
-  borderVmConf =  ./bordervm.conf-example.nix;
+  pkgs = (import nixpkgs { });
+  borderVmConf = ./bordervm.conf-example.nix;
   inherit (pkgs.lib.attrsets) genAttrs;
   devices = [
     "gl-ar750"
@@ -27,45 +27,47 @@ let
     }).outputs.default;
   tests = import ./tests/ci.nix;
   jobs =
-    (genAttrs devices for-device) //
-    tests //
-    {
-      buildEnv = (import liminix {
-        inherit nixpkgs borderVmConf;
-        device = import (liminix + "/devices/qemu");
-        liminix-config = vanilla;
-      }).buildEnv;
+    (genAttrs devices for-device)
+    // tests
+    // {
+      buildEnv =
+        (import liminix {
+          inherit nixpkgs borderVmConf;
+          device = import (liminix + "/devices/qemu");
+          liminix-config = vanilla;
+        }).buildEnv;
       doc =
-        let json =
-              (import liminix {
-                inherit nixpkgs borderVmConf;
-                device = import (liminix + "/devices/qemu");
-                liminix-config = {...} : {
+        let
+          json =
+            (import liminix {
+              inherit nixpkgs borderVmConf;
+              device = import (liminix + "/devices/qemu");
+              liminix-config =
+                { ... }:
+                {
                   imports = [ ./modules/all-modules.nix ];
                 };
-              }).outputs.optionsJson;
-            installers = map (f: "system.outputs.${f}") [
-              "vmroot"
-              "mtdimage"
-              "ubimage"
-            ];
-            inherit (pkgs.lib) concatStringsSep;
-        in pkgs.stdenv.mkDerivation {
+            }).outputs.optionsJson;
+        in
+        pkgs.stdenv.mkDerivation {
           name = "liminix-doc";
           nativeBuildInputs = with pkgs; [
-            gnumake sphinx fennel luaPackages.lyaml
+            gnumake
+            sphinx
+            fennel
+            luaPackages.lyaml
           ];
           src = ./.;
           buildPhase = ''
-            cat ${json} | fennel --correlate doc/parse-options.fnl > doc/modules-generated.rst
-            cat ${json} | fennel --correlate doc/parse-options-outputs.fnl     > doc/outputs-generated.rst
+            cat ${json} | fennel --correlate doc/parse-options.fnl > doc/modules-generated.inc.rst
+            cat ${json} | fennel --correlate doc/parse-options-outputs.fnl     > doc/outputs-generated.inc.rst
             cp ${(import ./doc/hardware.nix)} doc/hardware.rst
             make -C doc html
           '';
           installPhase = ''
             mkdir -p $out/nix-support $out/share/doc/
             cd doc
-            cp *-generated.rst  $out
+            cp *-generated.inc.rst hardware.rst $out
             ln -s ${json} $out/options.json
             cp -a _build/html $out/share/doc/liminix
             echo "file source-dist \"$out/share/doc/liminix\"" \

default.nix

@@ -1,24 +1,27 @@
 {
-  deviceName ? null
-, device ? (import ./devices/${deviceName} )
-, liminix-config ? <liminix-config>
-, nixpkgs ? <nixpkgs>
-, borderVmConf ? ./bordervm.conf.nix
-, imageType ? "primary"
+  deviceName ? null,
+  device ? (import ./devices/${deviceName}),
+  liminix-config ? <liminix-config>,
+  nixpkgs ? <nixpkgs>,
+  borderVmConf ? ./bordervm.conf.nix,
+  imageType ? "primary",
 }:
 
 let
   overlay = import ./overlay.nix;
-  pkgs = import nixpkgs (device.system // {
-    overlays = [overlay];
-    config = {
-      allowUnsupportedSystem = true; # mipsel
-      permittedInsecurePackages = [
-        "python-2.7.18.6"       # kernel backports needs python <3
-        "python-2.7.18.7"
-      ];
-    };
-  });
+  pkgs = import nixpkgs (
+    device.system
+    // {
+      overlays = [ overlay ];
+      config = {
+        allowUnsupportedSystem = true; # mipsel
+        permittedInsecurePackages = [
+          "python-2.7.18.6" # kernel backports needs python <3
+          "python-2.7.18.7"
+        ];
+      };
+    }
+  );
 
   eval = pkgs.lib.evalModules {
     specialArgs = {
@@ -46,7 +49,14 @@ let
   borderVm = ((import <nixpkgs/nixos/lib/eval-config.nix>) {
     system = builtins.currentSystem;
     modules = [
-      ({  ... } : { nixpkgs.overlays = [ overlay ]; })
+      {
+        nixpkgs.overlays = [
+          (final: prev: {
+            go-l2tp = final.callPackage ./pkgs/go-l2tp {};
+            tufted = final.callPackage ./pkgs/tufted {};
+          })
+        ];
+      }
       (import ./bordervm-configuration.nix)
       borderVmConf
     ];

devices/belkin-rt3200/default.nix

@@ -213,7 +213,6 @@
         networkInterfaces =
           let
             inherit (config.system.service.network) link;
-            inherit (config.system.service) bridge;
           in rec {
             wan = link.build { ifname = "wan"; };
             lan1 = link.build { ifname = "lan1"; };

devices/families/qemu.nix

@@ -23,12 +23,17 @@
         VIRTIO_BLK = "y";
         VIRTIO_NET = "y";
       };
+      conditionalConfig = {
+        WLAN= {
+          MAC80211_HWSIM = "m";
+        };
+      };
     };
     hardware =
       let
-        mac80211 =  pkgs.mac80211.override {
-          drivers = ["mac80211_hwsim"];
-          klibBuild = config.system.outputs.kernel.modulesupport;
+        mac80211 =  pkgs.kmodloader.override {
+          inherit (config.system.outputs) kernel;
+          targets = ["mac80211_hwsim"];
         };
       in {
         defaultOutput = "vmroot";

devices/gl-ar750/default.nix

@@ -92,7 +92,6 @@
         '';
       };
       inherit (pkgs.pseudofile) dir symlink;
-      inherit (pkgs.liminix.networking) interface;
     in {
       imports = [
         ../../modules/network
@@ -127,11 +126,11 @@
           in {
             lan = link.build {
               ifname = "lan";
-              devpath = "/devices/platform/ahb/19000000.eth";
+              devpath = "/devices/platform/ahb/1a000000.eth";
             };
             wan = link.build {
               ifname = "wan";
-              devpath = "/devices/platform/ahb/1a000000.eth";
+              devpath = "/devices/platform/ahb/19000000.eth";
             };
             wlan = link.build {
               ifname = "wlan0";

devices/gl-mt300a/default.nix

@@ -45,7 +45,6 @@
 
   module = { pkgs, config, lib, lim, ...}:
     let
-      inherit (pkgs.liminix.networking) interface;
       inherit (pkgs) openwrt;
       mac80211 = pkgs.kmodloader.override {
         targets = ["rt2800soc"];
@@ -90,19 +89,6 @@
           let
             inherit (config.system.service.network) link;
             inherit (config.system.service) vlan;
-            inherit (pkgs.liminix.services) oneshot;
-            swconfig = oneshot {
-              name = "swconfig";
-              up = ''
-                PATH=${pkgs.swconfig}/bin:$PATH
-                swconfig dev switch0 set reset
-                swconfig dev switch0 set enable_vlan 1
-                swconfig dev switch0 vlan 1 set ports '1 2 3 4 6t'
-                swconfig dev switch0 vlan 2 set ports '0 6t'
-                swconfig dev switch0 set apply
-              '';
-              down = "${pkgs.swconfig}/bin/swconfig dev switch0 set reset";
-            };
           in rec {
             eth = link.build { ifname = "eth0"; };
             # lan and wan ports are both behind a switch on eth0

devices/gl-mt300n-v2/default.nix

@@ -13,7 +13,7 @@
     GL.iNet GL-MT300N-v2
     ********************
 
-    The GL-MT300N-v2 "Mango" is is very similar to the :ref:`MT300A <GL.iNet GL-MT300A>, but is
+    The GL-MT300N-v2 "Mango" is is very similar to the :ref:`gl-mt300a`, but is
     based on the MT7628 chipset instead of MT7620.  It's also marginally cheaper
     and comes in a yellow case not a blue one.  Be sure your device is
     v2 not v1, which is a different animal and has only half as much RAM.
@@ -38,7 +38,6 @@
 
   module = { pkgs, config, lib, lim, ...}:
     let
-      inherit (pkgs.liminix.networking) interface;
       inherit (pkgs.liminix.services) oneshot;
       inherit (pkgs.pseudofile) dir symlink;
       inherit (pkgs) openwrt;

devices/qemu-aarch64/default.nix

@@ -19,14 +19,14 @@
     ARM targets differ from MIPS in that the kernel format expected
     by QEMU is an "Image" (raw binary file) rather than an ELF
     file, but this is taken care of by :command:`run.sh`. Check the
-    documentation for the :ref:`QEMU` (MIPS) target for more information.
+    documentation for the :ref:`qemu` target for more information.
 
   '';
 
   # this device is described by the "qemu" device
   installer = "vmroot";
 
-  module = {pkgs, config, lim, ... }: {
+  module = { config, lim, ... }: {
     imports = [
       ../../modules/arch/aarch64.nix
       ../families/qemu.nix

devices/qemu-armv7l/default.nix

@@ -24,7 +24,7 @@
   '';
   installer = "vmroot";
 
-  module = {pkgs, config, lim, ... }: {
+  module = { config, lim, ... }: {
     imports = [
       ../../modules/arch/arm.nix
       ../families/qemu.nix

devices/qemu/default.nix

@@ -36,7 +36,7 @@
     in the Development manual.
 
   '';
-  module = {pkgs, config, lib, lim, ... }: {
+  module = { config, lib, lim, ... }: {
     imports = [
       ../../modules/arch/mipseb.nix
       ../families/qemu.nix

devices/tp-archer-ax23/default.nix

@@ -419,7 +419,6 @@
           networkInterfaces =
             let
               inherit (config.system.service.network) link;
-              inherit (config.system.service) bridge;
             in rec {
               lan1 = link.build { ifname = "lan1"; };
               lan2 = link.build { ifname = "lan2"; };

devices/turris-omnia/default.nix

@@ -155,8 +155,6 @@
 
   module = {pkgs, config, lib, lim, ... }:
     let
-      openwrt = pkgs.openwrt;
-      inherit (lib) mkOption types;
       inherit (pkgs.liminix.services) oneshot;
       inherit (pkgs) liminix;
       mtd_by_name_links = pkgs.liminix.services.oneshot rec  {
@@ -358,7 +356,6 @@
           networkInterfaces =
             let
               inherit (config.system.service.network) link;
-              inherit (config.system.service) bridge;
             in rec {
               en70000 = link.build {
                 # in armada-38x.dtsi this is eth0.

devices/zyxel-nwa50ax/default.nix

@@ -103,8 +103,6 @@
 
   module = { pkgs, config, lib, lim, ...}:
     let
-      inherit (pkgs.liminix.networking) interface;
-      inherit (pkgs.liminix.services) oneshot;
       inherit (pkgs.pseudofile) dir symlink;
       inherit (pkgs) openwrt;
 

doc/admin.rst

@@ -4,143 +4,134 @@ System Administration
 Services on a running system
 ****************************
 
-* add an s6-rc cheatsheet here
+Liminix services are built on s6-rc, which is itself layered on s6.
+Services are defined at build time in your configuration (see
+:ref:`configuration-services` for information) and can't be added
+to/changed at runtime, but to monitor
+events or diagnose problems you may need to inspect them on the
+running system. Here are some of the most commonly used s6,-rc
+commands:
 
+.. list-table:: Service management quick reference
+   :widths: 55 45
+   :header-rows: 1
+   
+   * - What
+     - How
+   * - List all running services
+     - ``s6-rc -a list``
+   * - List all services that are **not** running
+     - ``s6-rc -da list``
+   * - List services that ``wombat`` depends on
+     - ``s6-rc-db dependencies wombat``
+   * - ... transitively
+     - ``s6-rc-db all-dependencies wombat``
+   * - List services that depend on service ``wombat``
+     - ``s6-rc-db -d dependencies wombat``
+   * - ... transitively
+     - ``s6-rc-db -d all-dependencies wombat``
+   * - Stop service ``wombat`` and everything depending on it
+     - ``s6-rc -d change wombat``
+   * - Start service ``wombat`` (but not any services depending on it)
+     - ``s6-rc -u change wombat``
+   * - Start service ``wombat`` and all* services depending on it
+     - ``s6-rc-up-tree wombat``
 
-Flashing and updating
-*********************
+:command:`s6-rc-up-tree` brings up a service and all services that
+depend on it, except for any services that depend on a "controlled"
+service that is not currently running. Controlled services are not
+started at boot time but in response to external events (e.g. plugging
+in a particular piece of hardware) so you probably don't want to be
+starting them by hand if the conditions aren't there.
 
+A service may be **up** or **down** (there are no intermediate states
+like "started" or "stopping" or "dying" or "cogitating"). Some (but
+not all) services have "readiness" notifications: the dependents of a
+service with a readiness notification won't be started until the
+service signals (by writing to a nominated file descriptor) that it's
+prepared to start work. Most services defined by Liminix also have a
+``timeout-up`` parameter, which means that if a service has readiness
+notifications and doesn't become ready in the allotted time (defaults
+20 seconds) it will be terminated and its state set to **down**.
 
+If the process providing a service dies, it will be restarted
+automatically. Liminix does not automatically set it to **down**.
 
-Flashing from Liminix
-=====================
+(If the process providing a service dies without ever notifying
+readiness, Liminix will restart it as many times as it has to until the
+timeout period elapses, and then stop it and mark it down.)
 
-The flash procedure from an existing Liminix-system has two steps.
-First we reboot the device (using "kexec") into an "ephemeral"
-RAM-based version of the new configuration, then when we're happy it
-works we can flash the image - and if it doesn't work we can reboot
-the device again and it will boot from the old image.
+Controlled services
+===================
 
+**Controlled** services are those which are started/stopped on demand
+by a **controller** (another service) instead of being started at boot
+time.  For example:
 
-Building the RAM-based image
-----------------------------
+* ``svc.uevent-rule.build`` creates a controlled service which is
+  active when a particular hardware device (identified by uevent/sysfs
+  directory) is present.
 
-To create the ephemeral image, build ``outputs.kexecboot`` instead of
-``outputs.default``.  This generates a directory containing the root
-filesystem image and kernel, along with an executable called `kexec`
-and a `boot.sh` script that runs it with appropriate arguments.
+* ``svc.round-robin.build`` creates a service controller that
+  invokes two or more services in turn, running the next one when the
+  process providing the previous one exits. We use this for failover
+  from one network connection to a backup connection, for example.
 
-For example
+* ``svc.health-check.build`` creates a service controller that
+  runs a controlled service and periodically tests whether it is
+  healthy by running an external health check command or script. If the
+  check command repeatedly fails, the controlled service is
+  restarted.
+
+  The Configuration section of the manual describes controlled
+  services in more detail. Some operational considerations
+
+* ``round-robin`` detects a service status by looking at its
+  :file:`outputs` directory, so it won't work unless the service
+  creates some outputs. This is considered a bug and will be
+  fixed in a future release
+
+* ``health-check`` works for longruns but not for oneshots, as it
+  internally relies on ``s6-svc`` to restart the process
+
+Logs
+====
+
+Logs for all services are collated into :file:`/run/uncaught-logs/current`.
+The log file is rotated when it reaches a threshold size, into another
+file in the same directory whose name contains a TAI64 timestamp.
+
+Each log line is prefixed with a TAI64 timestamp and the name of the
+service, if it is a longrun. If it is a oneshot, a timestamp and the
+name of some other service. To convert the timestamp into a
+human-readable format, use :command:`s6-tai64nlocal`.
 
 .. code-block:: console
 
-   nix-build -I liminix-config=./examples/arhcive.nix \
-     --arg device "import ./devices/gl-ar750"
-     -A outputs.kexecboot && \
-     (tar chf - result | ssh root@the-device tar -C /run -xvf -)
-
-and then login to the device and run
-
-.. code-block:: console
-
-   cd /run/result
-   sh ./boot.sh .
+  # ls -l /run/uncaught-logs/
+  -rw-r--r--    1         0 lock
+  -rw-r--r--    1         0 state
+  -rwxr--r--    1     98059 @4000000000025cb629c311ac.s
+  -rwxr--r--    1     98061 @40000000000260f7309c7fb4.s
+  -rwxr--r--    1     98041 @40000000000265233a6cc0b6.s
+  -rwxr--r--    1     98019 @400000000002695d10c06929.s
+  -rwxr--r--    1     98064 @4000000000026d84189559e0.s
+  -rwxr--r--    1     98055 @40000000000271ce1e031d91.s
+  -rwxr--r--    1     98054 @400000000002760229733626.s
+  -rwxr--r--    1     98104 @4000000000027a2e3b6f4e12.s
+  -rwxr--r--    1     98023 @4000000000027e6f0ed24a6c.s
+  -rw-r--r--    1     42374 current
+  
+  # tail -2 /run/uncaught-logs/current 
+  @40000000000284f130747343 wan.link.pppoe Connect: ppp0 <--> /dev/pts/0
+  @40000000000284f230acc669 wan.link.pppoe sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x667a9594> <pcomp> <accomp>]
+  # tail -2 /run/uncaught-logs/current  | s6-tai64nlocal 
+  1970-01-02 21:51:45.828598156 wan.link.pppoe sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x667a9594> <pcomp> <accom
+  p>]
+  1970-01-02 21:51:48.832588765 wan.link.pppoe sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x667a9594> <pcomp> <accom
+  p>]
 
 
-This will load the new kernel and map the root filesystem into a RAM
-disk, then start executing the new kernel. *This is effectively a
-reboot - be sure to close all open files and finish anything else
-you were doing first.*
-
-If the new system crashes or is rebooted, then the device will revert
-to the old configuration it finds in flash.
-
-
-Building the second (permanent) image
--------------------------------------
-
-While running in the kexecboot system, you can build the permanent
-image and copy it to the device with :command:`ssh`
-
-.. code-block:: console
-
-   build-machine$ nix-build -I liminix-config=./examples/arhcive.nix \
-     --arg device "import ./devices/gl-ar750"
-     -A outputs.default && \
-     (tar chf - result | ssh root@the-device tar -C /run -xvf -)
-
-   build-machine$ tar chf - result/firmware.bin | \
-    ssh root@the-device tar -C /run -xvf -
-
-Next you need to connect to the device and locate the "firmware"
-partition, which you can do with a combination of :command:`dmesg`
-output and the contents of :file:`/proc/mtd`
-
-.. code-block:: console
-
-   <5>[    0.469841] Creating 4 MTD partitions on "spi0.0":
-   <5>[    0.474837] 0x000000000000-0x000000040000 : "u-boot"
-   <5>[    0.480796] 0x000000040000-0x000000050000 : "u-boot-env"
-   <5>[    0.487056] 0x000000050000-0x000000060000 : "art"
-   <5>[    0.492753] 0x000000060000-0x000001000000 : "firmware"
-
-   # cat /proc/mtd
-   dev:    size   erasesize  name
-   mtd0: 00040000 00001000 "u-boot"
-   mtd1: 00010000 00001000 "u-boot-env"
-   mtd2: 00010000 00001000 "art"
-   mtd3: 00fa0000 00001000 "firmware"
-   mtd4: 002a0000 00001000 "kernel"
-   mtd5: 00d00000 00001000 "rootfs"
-
-Now run (in this example)
-
-.. code-block:: console
-
-   flashcp -v firmware.bin /dev/mtd3
-
-
-"I know my new image is good, can I skip the intermediate step?"
-----------------------------------------------------------------
-
-In addition to giving you a chance to see if the new image works, this
-two-step process ensures that you're not copying the new image over
-the top of the active root filesystem. Sometimes it works, but you
-will at least need physical access to the device to power-cycle it
-because it will be effectively frozen afterwards.
-
-
-Flashing from the boot monitor
-==============================
-
-If you are prepared to open the device and have a TTL serial adaptor
-of some kind to connect it to, you can probably use U-Boot and a TFTP
-server to download and flash the image.  This is quite
-hardware-specific, and sometimes involves soldering: please refer
-to :ref:`serial`.
-
-
-Flashing from OpenWrt
-=====================
-
-.. CAUTION:: Untested! A previous version of these instructions
-	     (without the -e flag) led to bricking the device
-	     when flashing a jffs2 image. If you are reading
-	     this message, nobody has yet reported on whether the
-	     new instructions are any better.
-
-If your device is running OpenWrt then it probably has the
-:command:`mtd` command installed. After transferring the image onto the
-device using e.g. :command:`ssh`,  you can run it as follows:
-
-.. code-block:: console
-
-   mtd -e -r write /tmp/firmware.bin firmware
-
-The options to this command are for "erase before writing" and "reboot
-after writing".
-
-For more information, please see the `OpenWrt manual <https://openwrt.org/docs/guide-user/installation/sysupgrade.cli>`_ which may also contain (hardware-dependent) instructions on how to flash an image using the vendor firmware - perhaps even from a web interface.
 
 Updating an installed system (JFFS2)
 ************************************
@@ -165,6 +156,8 @@ Note that this only copies the package to the device: it doesn't update
 any profile to add it to ``$PATH``
 
 
+.. _rebuilding the system:
+
 Rebuilding the system
 =====================
 
@@ -196,3 +189,116 @@ Caveats
   nixpkgs).
 
 * it cannot upgrade the kernel, only userland
+
+.. _levitate:  
+
+Reinstalling on a running system
+********************************
+
+Liminix is initially installed from a monolithic
+:file:`firmware.bin` - and unless you're running a writable
+filesystem, the only way to update it is to build and install a whole
+new :file:`firmware.bin`.  However, you probably would prefer not to
+have to remove it from its installation site, unplug it from the
+network and stick serial cables in it all over again.
+
+It is not (generally) safe to install a new firmware onto the flash
+partitions that the active system is running on. To address this we
+have :command:`levitate`, which a way for a running Liminix system to
+"soft restart" into a ramdisk running only a limited set of services,
+so that the main partitions can then be safely flashed.
+
+
+
+Configuration
+=============
+
+Levitate *needs to be configured when you create the initial system*
+to specify which services/packages/etc to run in maintenance
+mode. Most likely you want to configure a network interface and an ssh
+for example so that you can login to reflash it.
+
+.. code-block:: nix
+
+  defaultProfile.packages = with pkgs; [
+    ...
+    (levitate.override {
+      config  = {
+        services = {
+          inherit (config.services) dhcpc sshd watchdog;
+        };
+        defaultProfile.packages = [ mtdutils ];
+        users.root = config.users.root;
+      };
+    })
+  ];
+  		
+
+
+Use
+===
+
+Connect (with ssh, probably) to the running Liminix system that you
+wish to upgrade.
+
+.. code-block:: console
+
+  bash$ ssh root@the-device
+  
+Run :command:`levitate`. This takes a little while (perhaps a few
+tens of seconds) to execute, and copies all config required for
+maintenance mode to :file:`/run/maintenance`.
+  
+.. code-block:: console
+  
+  # levitate 
+  
+Reboot into maintenance mode. You will be logged out
+  
+.. code-block:: console
+
+  # reboot
+  
+Connect to the device again - note that the ssh host key will have changed.
+  
+.. code-block:: console
+
+  # ssh -o UserKnownHostsFile=/dev/null root@the-device
+  
+Check we're in maintenance mode
+  
+.. code-block:: console
+
+  # cat /etc/banner 
+  
+  LADIES AND GENTLEMEN WE ARE FLOATING IN SPACE
+  
+  Most services are disabled. The system is operating
+  with a ram-based root filesystem, making it safe to
+  overwrite the flash devices in order to perform
+  upgrades and maintenance.
+  
+  Don't forget to reboot when you have finished.
+  
+Perform the upgrade, using flashcp. This is an example,
+your device will differ
+   
+.. code-block:: console
+
+  # cat /proc/mtd 
+  dev:    size   erasesize  name
+  mtd0: 00030000 00010000 "u-boot"
+  mtd1: 00010000 00010000 "u-boot-env"
+  mtd2: 00010000 00010000 "factory"
+  mtd3: 00f80000 00010000 "firmware"
+  mtd4: 00220000 00010000 "kernel"
+  mtd5: 00d60000 00010000 "rootfs"
+  mtd6: 00010000 00010000 "art"
+  # flashcp -v firmware.bin mtd:firmware
+
+All done
+  
+.. code-block:: console
+
+  # reboot
+

doc/conf.py

@@ -7,19 +7,19 @@
 # https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information
 
 project = 'Liminix'
-copyright = '2023, Daniel Barlow'
+copyright = '2023-2024 Daniel Barlow'
 author = 'Daniel Barlow'
 
 # -- General configuration ---------------------------------------------------
 # https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
 
 extensions = [
-    'sphinx.ext.autosectionlabel'
+#    'sphinx.ext.autosectionlabel'
 ]
 autosectionlabel_prefix_document = True
 
 templates_path = ['_templates']
-exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+exclude_patterns = ['*.inc.rst', '_build', 'Thumbs.db', '.DS_Store']
 
 
 

doc/configuration.rst

@@ -1,27 +1,8 @@
+.. _configuration:
+
 Configuration
 #############
 
-Liminix uses the Nix language to provide congruent configuration
-management.  This means that to change anything about the way in
-which a Liminix system works, you make that change in
-your :file:`configuration.nix` (or one of the other files it references),
-and rerun :command:`nix-build` or :command:`liminix-rebuild` to action
-the change. It is not possible (at least, without shenanigans) to make
-changes by logging into the device and running imperative commands
-whose effects may later be overridden: :file:`configuration.nix`
-always describes the entire system and can be used to recreate that
-system at any time.  You can usefully keep it under version control.
-
-If you are familiar with NixOS, you will notice some similarities
-between NixOS and Liminix configuration, and also some
-differences. Sometimes the differences are due to the
-resource-constrained devices we deploy onto, sometimes due to
-differences in the uses these devices are put to.
-
-
-Configuration taxonomy
-**********************
-
 There are many things you can specify in a configuration, but these
 are the ones you most commonly need to change:
 
@@ -86,14 +67,166 @@ domains, or you want to run two SSH daemons on different ports.
 	 don't use the NixOS modules themselves, because the
 	 underlying system is not similar enough for them to work.
 
+.. _configuration-services:
 
 Services
 ********
 
-We use the `s6-rc service manager <https://www.skarnet.org/software/s6-rc/overview.html>`_  to start/stop/restart services and handle
-service dependencies. Any attribute in `config.services` will become
-part of the default set of services that s6-rc will try to bring up on
-boot.
+In Liminix a service is any kind of long-running task or process on
+the system, that is managed (started, stopped, and monitored) by a
+service supervisor.  A typical SOHO router might have services to
+
+* answer DHCP and DNS requests from the LAN
+* provide a wireless access point
+* connect using PPPoE or L2TP to an upstream network
+* start/stop the firewall
+* enable/disable IP packet forwarding
+* mount filesystems
+
+(Some of these might not be considered services using other
+definitions of the term: for example, this L2TP process would be a
+"client" in the client/server classification; and enabling packet
+forwarding doesn't require any long-lived process - just a setting to
+be toggled.  However, there is value in being able to use the same
+abstractions for all the things to manage them and specify their
+dependency relationships - so in Liminix "everything is a service")
+
+The service supervision system enables service health monitoring,
+restart of unhealthy services, and failover to "backup" services when
+a primary service fails or its dependencies are unavailable. The
+intention is that you have a framework in which you can specify policy
+requirements like "ethernet wan dhcp-client should be restarted if it
+crashes, but if it can't start because the hardware link is down, then
+4G ppp service should be started instead".
+
+Any attribute in `config.services` will become part of the default set
+of services that s6-rc will try to bring up.  Services are usually
+started at boot time, but **controlled services** are those that are
+required only in particular contexts.  For example, a service to mount
+a USB backup drive should run only when the drive is attached to the
+system. Liminix currently implements three kinds of controlled service:
+
+* "uevent-rule" service controllers use sysfs/uevent to identify when
+  particular hardware devices are present, and start/stop a controlled
+  service appropriately.
+
+* the "round-robin" service controller is used for service failover:
+  it allows you to specify a list of services and runs each of them
+  in turn until it exits, then runs the next.
+
+* the "health-check" service wraps another service, and runs a "health
+  check" command at regular intervals. When the health check fails,
+  indicating that the wrapped service is not working, it is terminated
+  and allowed to restart.
+
+Runtime secrets (external vault)
+================================
+
+Secrets (such as wifi passphrases, PPP username/password, SSH keys,
+etc) that you provide as literal values in :file:`configuration.nix`
+are processed into into config files and scripts at build time, and
+eventually end up in various files in the (world-readable)
+:file:`/nix/store` before being baked into a flashable image. To
+change a secret - whether due to a compromise, or just as part of to a
+routine key rotation - you need to rebuild the configuration and
+potentially reflash the affected devices.
+
+To avoid this, you may instead use a "secrets service", which is a
+mechanism for your device to fetch secrets from a source external to
+the Nix store, and create at runtime the configuration files and
+scripts that start the services which require them.
+
+Not every possible parameter to every possible service is configurable
+using a secrets service. Parameters which can be configured this way
+are those with the type ``liminix.lib.types.replacable``. At the time
+this document was written, these include:
+
+* ppp (pppoe and l2tp): ``username``, ``password``
+* ssh: ``authorizedKeys``
+* hostapd: all parameters (most likely to be useful for ``wpa_passphrase``)
+
+To use a runtime secret for any of these parameters:
+
+* create a secrets service to specify the source of truth for secrets
+* use the :code:`outputRef` function in the service parameter to specify the secrets service and path
+
+For example, given you had an HTTPS server hosting a JSON file with the structure
+
+.. code-block:: json
+
+    "ssh": {
+      "authorizedKeys": {
+	"root": [ "ssh-rsa ....",  "ssh-rsa ....", ... ]
+	"guest": [ "ssh-rsa ....",  "ssh-rsa ....", ... ]
+      }
+    }
+ 
+you could use a :file:`configuration.nix` fragment something like this
+to make those keys visible to ssh:
+  
+.. code-block:: nix  
+
+    services.secrets = svc.secrets.outboard.build {
+      name = "secret-service";
+      url = "http://10.0.0.1/secrets.json";
+      username = "secrets";
+      password = "liminix";
+      interval = 30; # minutes
+      dependencies = [ config.services.lan ];
+    };
+    services.sshd = svc.ssh.build {
+      authorizedKeys = outputRef config.services.secrets "ssh/authorizedKeys";
+    };
+
+
+    
+There are presently two implementations of a secrets service:
+
+Outboard secrets (HTTPS)
+------------------------
+
+This service expects a URL to a JSON file containing all the secrets.
+
+You may specify a username and password along with the URL, which are
+used if the file is password-protected (HTTP Basic
+authentication). Note that this is not a protection against a
+malicious local user: the username and password are normal build-time
+parameters so will be readable in the Nix store.  This is a mitigation
+against the URL being accidentally discovered due to e.g. a log file
+or error message on the server leaking.
+
+
+Tang secrets (encrypted local file)
+-----------------------------------
+
+Aternatively, secrets may be stored locally on the device, in a file
+that has been encrypted using `Tang <https://github.com/latchset/tang>`_.
+
+    Tang is a server for binding data to network presence.
+
+    This sounds fancy, but the concept is simple. You have some data, but you only want it to be available when the system containing the data is on a certain, usually secure, network. 
+
+
+.. code-block:: nix
+
+    services.secrets = svc.secrets.tang.build {
+      name = "secret-service";
+      path = "/run/mnt/usbstick/secrets.json.jwe";
+      interval = 30; # minutes
+      dependencies = [ config.services.mount-usbstick ];
+    };
+
+The encryption uses the
+same scheme/algorithm as `Clevis <https://github.com/latchset/clevis>`_ : you may use the `Clevis instructions <https://github.com/latchset/clevis?tab=readme-ov-file#pin-tang>`_ to
+encrypt the file on another host and then copy it to your Liminix
+device, or you can use :command:`tangc encrypt` to encrypt directly on
+the device.  (That latter approach may pose a chicken/egg problem if
+the device needs secrets to boot up and run the services you are
+relying on in order to login).
+ 
+
+Writing services
+================
 
 For the most part, for common use cases, hopefully the services you
 need will be defined by modules and you will only have to pass the
@@ -141,11 +274,101 @@ Services may have dependencies: as you see above in the ``cowsayd``
 example, it depends on some service called ``config.services.lan``,
 meaning that it won't be started until that other service is up.
 
-..
-	TODO: explain service outputs
+Service outputs
+===============
+
+Outputs are a mechanism by which a service can provide data which may
+be required by other services. For example:
+
+* the DHCP client service can expect to receive nameserver address
+  information as one of the fields in the response from the DHCP
+  server: we provide that as an output which a dependent service for a
+  stub name resolver can use to configure its upstream servers.
+
+* a service that creates a new network interface (e.g. ppp) will
+  provide the name of the interface (:code:`ppp0`, or :code:`ppp1` or
+  :code:`ppp7`) as an output so that a dependent service can reference
+  it to set up a route, or to configure firewall rules.
+
+A service :code:`myservice` should write its outputs as files in
+:file:`/run/services/outputs/myservice`: you can look around this
+directory on a running Liminix system to see how it's used currently.
+Usually we use the :code:`in_outputs` shell function in the
+:command:`up` or :command:`run` attributes of the service:
+
+.. code-block:: shell
+		
+    (in_outputs ${name}
+     for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do
+       (printenv $i || true) > $i
+     done)
+ 
+The outputs are just files, so technically you can read them using
+anything that can read a file. Liminix has two "preferred"
+mechanisms, though:
+
+One-off lookups
+---------------
+
+In any context that ends up being evaluated by the shell, use 
+:code:`output` to print the value of an output
+
+.. code-block:: nix
+		
+    services.defaultroute4 = svc.network.route.build {
+      via = "$(output ${services.wan} address)";
+      target = "default";
+      dependencies = [ services.wan ];
+    };	  
+
+    
+Continuous updates
+------------------
+
+The downside of using shell functions in downstream service startup
+scripts is that they only run when the service starts up: if a service
+output *changes*, the downstream service would have to be restarted to
+notice the change. Sometimes this is OK but other times the downstream
+has no other need to restart, if it can only get its new data.
+
+For this case, there is the :code:`anoia.svc` Fennel library, which
+allows you to write a simple loop which is iterated over whenever a
+service's outputs change. This code is from
+:file:`modules/dhcp6c/acquire-wan-address.fnl`
+
+.. code-block:: fennel
+
+    (fn update-addresses [wan-device addresses new-addresses exec]
+      ;; run some appropriate "ip address [add|remove]" commands
+      )
+
+    (fn run []
+      (let [[state-directory wan-device] arg
+	    dir (svc.open state-directory)]
+	(accumulate [addresses []
+		     v (dir:events)]
+	  (update-addresses wan-device addresses
+	                    (or (v:output "address") []) system))))		
+
+The :code:`output` method seen here accepts a filename (relative
+to the service's output directory), or a directory name. It 
+returns the first line of that file, or for directories it
+returns a table (Lua's key/value datastructure, similar to
+a hash/dictionary) of the outputs in that directory.
+	  
+    
+Output design considerations
+----------------------------
+
+For preference, outputs should be short and simple, and not require
+downstream services to do complicated parsing in order to use them.
+Shell commands in Liminix are run using the Busybox shell which
+doesn't have the niceties of an advanced shell like Bash let alone
+those of a real programming language.
+
+Note also that the Lua :code:`svc` library only reads the first line
+of each output.
 
-..
-	TODO: outputs that change, and services that poll other services
 
 Module implementation
 *********************
@@ -192,7 +415,7 @@ To expose a service template in a module, it needs the following:
 
 .. code-block:: nix
 
-    config.system.service.cowsay = liminix.callService ./service.nix {
+    config.system.service.cowsay = config.system.callService ./service.nix {
       address = mkOption {
 	type = types.str;
 	default = "0.0.0.0";

doc/development.rst

@@ -88,64 +88,6 @@ time with configurations for RP-PPPoE and/or Accel PPP.`
 Hardware devices
 ****************
 
-.. _serial:
-
-U-Boot and serial shenanigans
-=============================
-
-Every device that we have so far encountered in Liminix uses `U-Boot,
-the "Universal Boot Loader" <https://docs.u-boot.org/en/latest/>`_ so
-it's worth knowing a bit about it. "Universal" is in this context a
-bit of a misnomer, though: encountering *mainline* U-Boot is very rare
-and often you'll find it is a fork from some version last updated
-in 2008. Upgrading U-Boot is more or less complicated depending on the
-device and is outside scope for Liminix.
-
-To speak to U-Boot on your device you'll usually need a serial
-connection to it.  This is device-specific. Usually it involves
-opening the box, locating the serial header pins (TX, RX and GND) and
-connecting a USB TTL converter to them.
-
-The Rolls Royce of USB/UART cables is the `FTDI cable
-<https://cpc.farnell.com/ftdi/ttl-232r-rpi/cable-debug-ttl-232-usb-rpi/dp/SC12825?st=usb%20to%20uart%20cable>`_,
-but there are cheaper alternatives based on the PL2303 and CP2102 chipsets.  Or
-get creative and use the `UART GPIO pins <https://pinout.xyz/>`_ on a Raspberry Pi. Whatever you do, make sure
-that the voltages are compatible: if your device is 3.3V (this is
-typical but not universal), you don't want to be sending it 5v or
-(even worse) 12v.
-
-Run a terminal emulator such as Minicom on the computer at other end
-of the link. 115200 8N1 is the typical speed.
-
-.. NOTE::
-
-   TTL serial connections typically have no form of flow control and
-   so don't always like having massive chunks of text pasted into
-   them - and U-Boot may drop characters while it's busy. So don't
-   necessarily expect to copy-paste large chunks of text into the
-   terminal emulator and have it work just like that.
-
-   If using Minicom, you may find it helps to bring up the "Termimal
-   settings" dialog (C^A T), then configure "Newline tx delay" to
-   some small but non-zero value.
-
-When you turn the router on you should be greeted with some messages
-from U-Boot, followed by the instruction to hit some key to stop
-autoboot. Do this and you will get to the prompt. If you didn't see
-anything, the strong likelihood is that TX and RX are the wrong way
-around. If you see garbage, try a different speed.
-
-Interesting commands to try first in U-Boot are :command:`help` and
-:command:`printenv`.
-
-To do anything useful with U-Boot you will probably need a way to get
-large binary files onto the device, and the usual way to do this is by
-adding a network connection and using TFTP to download them. It's
-quite common that the device's U-Boot doesn't speak DHCP so it will
-need a static LAN address. You might also want to keep it away from
-your "real" LAN: see :ref:`bng` for some potentially useful tooling
-to use it on an isolated network.
-
 
 TFTP
 ====

doc/extract-options.nix

@@ -1,11 +1,9 @@
 { eval, lib, pkgs }:
 let
-  inherit (lib) types;
   conf = eval.config;
   rootDir = builtins.toPath ./..;
-  stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix)
-    ["${rootDir}/"];
-  optToDoc = name: opt : {
+  stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) [ "${rootDir}/" ];
+  optToDoc = name: opt: {
     inherit name;
     description = opt.description or null;
     default = opt.default or null;
@@ -26,7 +24,6 @@ let
           let x = lib.mapAttrsToList optToDoc sd.parameters; in x;
       }
     else
-      item // { declarations =  map stripAnyPrefixes item.declarations; };
+      item // { declarations = map stripAnyPrefixes item.declarations; };
 in
-builtins.map spliceServiceDefn
-  (pkgs.lib.optionAttrSetToDocList eval.options)
+builtins.map spliceServiceDefn (pkgs.lib.optionAttrSetToDocList eval.options)

doc/hardware.nix

@@ -1,24 +1,22 @@
-with import <nixpkgs> {} ;
+with import <nixpkgs> { };
 
 let
   inherit (builtins) stringLength readDir filter;
-  devices = filter (n: n != "families")
-    (lib.mapAttrsToList (n: t: n) (readDir ../devices));
-  texts = map (n:
-    let d = import  ../devices/${n}/default.nix;
-        d' = {
-          description = "${n}\n${substring 0 (stringLength n) "********************************"}\n";
-        } // d;
-        installer =
-          if d ? description && d ? installer
-          then ''
-
-            The default installation route for this device is
-            :ref:`system-outputs-${d.installer}`
-          ''
-          else "";
-    in d'.description)
-    devices;
+  devices = filter (n: n != "families") (lib.mapAttrsToList (n: t: n) (readDir ../devices));
+  texts = map (
+    n:
+    let
+      d = import ../devices/${n}/default.nix;
+      tag = ".. _${lib.strings.replaceStrings [" "] ["-"] n}:";
+      d' = {
+        description = ''
+          ${n}
+          ${substring 0 (stringLength n) "********************************"}
+        '';
+      } // d;
+    in
+      "${tag}\n\n${d'.description}"
+  ) devices;
 in
 writeText "hwdoc" ''
   Supported hardware

doc/index.rst

@@ -7,6 +7,7 @@ Liminix
 
    intro
    tutorial
+   installation
    configuration
    admin
    development

doc/installation.rst

@@ -0,0 +1,211 @@
+Installation
+############
+
+Hardware devices vary wildly in their affordances for installing new
+operating systems, so it should be no surprise that the Liminix
+installation procedure is hardware-dependent. This section contains
+generic instructions, but please refer to the documentation for your
+device to find whether and how well they apply.
+
+
+Building a firmware image
+*************************
+
+Liminix uses the Nix language to provide congruent configuration
+management.  This means that to change anything about the way in
+which a Liminix system works, you make that change in
+your :file:`configuration.nix` (or one of the other files it references),
+and rerun :command:`nix-build` or :command:`liminix-rebuild` to action
+the change. It is not possible (at least, without shenanigans) to make
+changes by logging into the device and running imperative commands
+whose effects may later be overridden: :file:`configuration.nix`
+always describes the entire system and can be used to recreate that
+system at any time.  You can usefully keep it under version control.
+
+If you are familiar with NixOS, you will notice some similarities
+between NixOS and Liminix configuration, and also some
+differences. Sometimes the differences are due to the
+resource-constrained devices we deploy onto, sometimes due to
+differences in the uses these devices are put to.
+
+For a more full description of how to configure Liminix, see
+:ref:`configuration`. Assuming for the moment that you want a typical
+home wireless gateway/router, the best way to get started is to copy
+:file:`examples/rotuer.nix` and edit it for your requirements.
+
+
+.. code-block:: console
+
+    $ cp examples/rotuer.nix configuration.nix
+    $ vi configuration.nix # other editors are available 
+    $ # adjust this next command for your hardware device
+    $ nix-build -I liminix-config=./configuration.nix \
+     --arg device "import ./devices/gl-mt300a" -A outputs.default
+
+Usually  (not always, *please check the documentation for your device*)
+this will leave you with a file :file:`result/firmware.bin`
+which you now need to flash to the device.
+
+
+Flashing from the boot monitor (TFTP install)
+*********************************************
+
+If you are prepared to open the device and have a TTL serial adaptor
+of some kind to connect it to, you can probably use U-Boot and a TFTP
+server to download and flash the image.
+
+This is quite hardware-specific and may even involve soldering - see
+the documention for your device. However, it is in some ways the most
+"reliable" option: if you can see what's happening (or not happening)
+in early boot, the risk of "bricking" is substantially reduced and you
+have options for recovering if you misstep or flash a bad image.
+
+
+.. _serial:
+
+U-Boot and serial shenanigans
+=============================
+
+Every device that we have so far encountered in Liminix uses `U-Boot,
+the "Universal Boot Loader" <https://docs.u-boot.org/en/latest/>`_ so
+it's worth knowing a bit about it. "Universal" is in this context a
+bit of a misnomer, though: encountering *mainline* U-Boot is very rare
+and often you'll find it is a fork from some version last updated
+in 2008. Upgrading U-Boot is more or less complicated depending on the
+device and is outside scope for Liminix.
+
+To speak to U-Boot on your device you'll usually need a serial
+connection to it.  This typically involves opening the box, locating
+the serial header pins (TX, RX and GND) and connecting a USB TTL
+converter to them.
+
+The Rolls Royce of USB/UART cables is the `FTDI cable
+<https://cpc.farnell.com/ftdi/ttl-232r-rpi/cable-debug-ttl-232-usb-rpi/dp/SC12825?st=usb%20to%20uart%20cable>`_,
+but there are cheaper alternatives based on the PL2303 and CP2102 chipsets -   or you could even 
+get creative and use the `UART GPIO pins <https://pinout.xyz/>`_ on a Raspberry Pi. Whatever you do, make sure
+that the voltages are compatible: if your device is 3.3V (this is
+typical but not universal), you don't want to be sending it 5v or
+(even worse) 12v.
+
+Run a terminal emulator such as Minicom on the computer at other end
+of the link. 115200 8N1 is the typical speed.
+
+.. NOTE::
+
+   TTL serial connections often have no flow control and
+   so don't always like having massive chunks of text pasted into
+   them - and U-Boot may drop characters while it's busy. So don't
+   do that.
+
+   If using Minicom, you may find it helps to bring up the "Termimal
+   settings" dialog (C^A T), then configure "Newline tx delay" to
+   some small but non-zero value.
+
+When you turn the router on you should be greeted with some messages
+from U-Boot, followed by the instruction to hit some key to stop
+autoboot. Do this and you will get to the prompt. If you didn't see
+anything, the strong likelihood is that TX and RX are the wrong way
+around. If you see garbage, try a different speed.
+
+Interesting commands to try first in U-Boot are :command:`help` and
+:command:`printenv`.
+
+You will also need to configure a TFTP server on a network that's
+accessible to the device: how you do that will vary according to which
+TFTP server you're using and so is out of scope for this document.
+
+
+
+Buildiing and installing the image
+==================================
+
+Follow the device-specific instructions for "TFTP install": usually,
+the steps are 
+
+* build the `outputs.mtdimage` output
+* copy :file:`result/firmware.bin` to your TFTP server
+* copy/paste the commands in :file:`result/flash.scr` one at a time into the U-Boot command line
+* reset the device
+
+You should now see messages from U-Boot, then from the Linux kernel
+and eventually a shell prompt.
+
+.. NOTE:: Before you reboot, check which networks the device is
+          plugged into, and disconnect as necessary. If you've just
+          installed a DHCP server or anything similar that responds to
+          broadcasts, you may not want it to do that on the network
+          that you temporarily connected it to for installing it.
+
+
+
+Flashing from OpenWrt
+*********************
+
+.. CAUTION:: Untested! A previous version of these instructions
+	     (without the -e flag) led to bricking the device
+	     when flashing a jffs2 image. If you are reading
+	     this message, nobody has yet reported on whether the
+	     new instructions are any better.
+
+If your device is running OpenWrt then it probably has the
+:command:`mtd` command installed. Build the `outputs.mtdimage` output
+(as you would for a TFTP install) and then transfer
+:file:`result/firmware.bin` onto the device using e.g.
+:command:`scp`. Now flash as follows:
+
+.. code-block:: console
+
+   mtd -e -r write /tmp/firmware.bin firmware
+
+The options to this command are for "erase before writing" and "reboot
+after writing".
+
+For more information, please see the `OpenWrt manual <https://openwrt.org/docs/guide-user/installation/sysupgrade.cli>`_ which may also contain (hardware-dependent) instructions on how to flash an image using the vendor firmware - perhaps even from a web interface.
+
+
+Flashing from Liminix
+*********************
+
+If the device is already running Liminix and has been configured with
+:command:`levitate`, you can use that to safely flash your new image.
+Refer to :ref:`levitate` for an explanation.
+
+If the device is running Liminix but doesn't have :command:`levitate`
+your options are more limited. You may attempt to use
+:command:`flashcp` but it doesn't always work: as it copies the new
+image over the top of the active root filesystem, surprise may ensue.
+Consider instead using a serial connection: you may need one anyway
+after trying flashcp if it corrupts the image.
+
+flashcp (not generally recommended)
+===================================
+
+Connect to the device and locate the "firmware" partition, which you
+can do with a combination of :command:`dmesg` output and the contents
+of :file:`/proc/mtd`
+
+.. code-block:: console
+
+   <5>[    0.469841] Creating 4 MTD partitions on "spi0.0":
+   <5>[    0.474837] 0x000000000000-0x000000040000 : "u-boot"
+   <5>[    0.480796] 0x000000040000-0x000000050000 : "u-boot-env"
+   <5>[    0.487056] 0x000000050000-0x000000060000 : "art"
+   <5>[    0.492753] 0x000000060000-0x000001000000 : "firmware"
+
+   # cat /proc/mtd
+   dev:    size   erasesize  name
+   mtd0: 00040000 00001000 "u-boot"
+   mtd1: 00010000 00001000 "u-boot-env"
+   mtd2: 00010000 00001000 "art"
+   mtd3: 00fa0000 00001000 "firmware"
+   mtd4: 002a0000 00001000 "kernel"
+   mtd5: 00d00000 00001000 "rootfs"
+
+Copy :file:`result/firmware.bin` to the device and now run (in this
+example)
+
+.. code-block:: console
+
+   flashcp -v firmware.bin /dev/mtd3
+
+

doc/modules.rst

@@ -1,4 +1,4 @@
 Module options
 ##############
 
-.. include:: modules-generated.rst
+.. include:: modules-generated.inc.rst

doc/outputs.rst

@@ -10,4 +10,4 @@ different artefacts, or have different ways to get that artefact
 installed. The options available for a particular device are described in
 the section for that device.
 
-.. include:: outputs-generated.rst
+.. include:: outputs-generated.inc.rst

doc/parse-options-outputs.fnl

@@ -16,4 +16,4 @@
 (each [_ option (ipairs (sorted-options (yaml.load (io.read "*a"))))]
   (when (and (output? option) (not option.internal))
     (print (.. ".. _" (string.gsub option.name "%." "-") ":") "\n")
-    (print option.description)))
+    (print option.description "\n")))

doc/tutorial.rst

@@ -300,7 +300,7 @@ machine, which for a test/demo system might involve a second network
 device in your build system - USB ethernet adapters are cheap - or
 a bit of messing around unplugging cables.)
 
-For more information about :code:`liminix-rebuild`, see the manual section :ref:`admin:Rebuilding the system`.
+For more information about :code:`liminix-rebuild`, see the manual section :ref:`Rebuilding the system`.
 
 
 Final thoughts

examples/arhcive.nix

@@ -11,9 +11,9 @@
   ...
 }: let
   secrets = import ./extneder-secrets.nix;
-  inherit (pkgs.liminix.services) oneshot longrun bundle target;
+  inherit (pkgs.liminix.services) oneshot longrun target;
   inherit (pkgs.pseudofile) dir symlink;
-  inherit (pkgs) writeText dropbear ifwait serviceFns;
+  inherit (pkgs) writeText serviceFns;
   svc = config.system.service;
 in rec {
   boot = {
@@ -52,7 +52,6 @@ in rec {
     dependencies = [ services.dhcpc ];
     name = "resolvconf";
     up = ''
-      . ${serviceFns}
       ( in_outputs ${name}
       for i in $(output ${services.dhcpc} dns); do
         echo "nameserver $i" > resolv.conf
@@ -93,7 +92,6 @@ in rec {
       secrets_file = oneshot rec {
         name = "rsync-secrets";
         up = ''
-          . ${serviceFns}
           (in_outputs ${name}
            echo  "backup:${secrets.rsync_secret}" > secrets)
         '';
@@ -119,7 +117,7 @@ in rec {
         secrets_file
         services.mount_external_disk
         config.hardware.networkInterfaces.lan
-      ] ;
+      ];
     };
 
   users.root = {
@@ -128,18 +126,22 @@ in rec {
   };
 
   users.backup = {
-    uid=500; gid=500; gecos="Storage owner"; dir="/srv";
-    shell="/dev/null";
+    uid = 500;
+    gid = 500;
+    gecos = "Storage owner";
+    dir = "/srv";
+    shell = "/dev/null";
   };
   groups.backup = {
-    gid=500; usernames = ["backup"];
+    gid = 500;
+    usernames = [ "backup" ];
   };
 
   defaultProfile.packages = with pkgs; [
     e2fsprogs
     mtdutils
     (levitate.override {
-      config  = {
+      config = {
         services = {
           inherit (config.services) dhcpc sshd watchdog;
         };

examples/demo.nix

@@ -5,9 +5,9 @@
 # wherever the text "EDIT" appears - please consult the tutorial
 # documentation for details.
 
-{ config, pkgs, lib, ... } :
+{ config, pkgs, ... }:
 let
-  inherit (pkgs.liminix.services) bundle oneshot longrun;
+  inherit (pkgs.liminix.services) bundle oneshot;
   inherit (pkgs) serviceFns;
   # EDIT: you can pick your preferred RFC1918 address space
   # for NATted connections, if you don't like this one.
@@ -49,31 +49,40 @@ in rec {
       country_code = "GB";
       wpa_passphrase = "not a real wifi password";
 
-      hw_mode="g";
+      hw_mode = "g";
       ieee80211n = 1;
       auth_algs = 1; # 1=wpa2, 2=wep, 3=both
-      wpa = 2;       # 1=wpa, 2=wpa2, 3=both
+      wpa = 2; # 1=wpa, 2=wpa2, 3=both
       wpa_key_mgmt = "WPA-PSK";
-      wpa_pairwise = "TKIP CCMP";   # auth for wpa (may not need this?)
-      rsn_pairwise = "CCMP";        # auth for wpa2
+      wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
+      rsn_pairwise = "CCMP"; # auth for wpa2
       wmm_enabled = 1;
     };
   };
 
   services.int = svc.network.address.build {
     interface = svc.bridge.primary.build { ifname = "int"; };
-    family = "inet"; address = "${ipv4LocalNet}.1"; prefixLength = 16;
+    family = "inet";
+    address = "${ipv4LocalNet}.1";
+    prefixLength = 16;
   };
 
-  services.bridge =  svc.bridge.members.build {
+  services.bridge = svc.bridge.members.build {
     primary = services.int;
-    members = with config.hardware.networkInterfaces;
-      [ wlan lan ];
+    members = with config.hardware.networkInterfaces; [
+      wlan
+      lan
+    ];
   };
 
   services.ntp = svc.ntp.build {
-    pools = { "pool.ntp.org" = ["iburst"]; };
-    makestep = { threshold = 1.0; limit = 3; };
+    pools = {
+      "pool.ntp.org" = [ "iburst" ];
+    };
+    makestep = {
+      threshold = 1.0;
+      limit = 3;
+    };
   };
 
   services.sshd = svc.ssh.build { };
@@ -128,7 +137,6 @@ in rec {
     dependencies = [ services.wan ];
     name = "resolvconf";
     up = ''
-      . ${serviceFns}
       ( in_outputs ${name}
        echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
        echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
@@ -157,8 +165,7 @@ in rec {
     interface = services.wan;
   };
 
-  services.firewall = svc.firewall.build {
-  };
+  services.firewall = svc.firewall.build { };
 
   services.packet_forwarding = svc.network.forward.build { };
 
@@ -195,7 +202,5 @@ in rec {
       ];
     };
 
-  defaultProfile.packages = with pkgs; [
-    min-collect-garbage
-  ];
+  defaultProfile.packages = with pkgs; [ min-collect-garbage ];
 }

examples/hello-from-mt300.nix

@@ -1,6 +1,5 @@
-{ config, pkgs, lib, ... } :
+{ config, pkgs, ... } :
 let
-  inherit (pkgs) serviceFns;
   svc = config.system.service;
 
 in rec {

examples/hello-from-qemu.nix

@@ -1,6 +1,5 @@
-{ config, pkgs, lib, ... } :
+{ config, pkgs, ... } :
 let
-  inherit (pkgs) serviceFns;
   svc = config.system.service;
 
 in rec {

examples/l2tp.nix

@@ -1,86 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  secrets = import ./extneder-secrets.nix;
-  rsecrets = import ./rotuer-secrets.nix;
-  lns = "l2tp.aaisp.net.uk";
-  inherit (pkgs.liminix.services) oneshot longrun bundle target;
-  inherit (pkgs.pseudofile) dir symlink;
-  inherit (pkgs) writeText dropbear ifwait serviceFns;
-  svc = config.system.service;
-in rec {
-  boot = {
-    tftp = {
-      serverip = "10.0.0.1";
-      ipaddr = "10.0.0.8";
-    };
-  };
-
-  imports = [
-    ../modules/cdc-ncm
-    ../modules/network
-    ../modules/vlan
-    ../modules/ssh
-    ../modules/usb.nix
-    ../modules/watchdog
-    ../modules/mount
-    ../modules/ppp
-  ];
-  hostname = "thing";
-
-  services.dhcpc = svc.network.dhcp.client.build {
-    interface = config.services.wwan;
-    dependencies = [ config.services.hostname ];
-  };
-
-  services.sshd = svc.ssh.build { };
-
-  services.resolvconf = oneshot rec {
-    dependencies = [ services.dhcpc ];
-    name = "resolvconf";
-    up = ''
-      . ${serviceFns}
-      ( in_outputs ${name}
-      for i in $(output ${services.dhcpc} dns); do
-        echo "nameserver $i" > resolv.conf
-      done
-      )
-    '';
-  };
-  filesystem = dir {
-    etc = dir {
-      "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
-    };
-    srv = dir {};
-  };
-
-  services.lnsroute = svc.network.route.build {
-    via = "$(output ${services.dhcpc} router)";
-    target = lns;
-    dependencies = [services.dhcpc];
-  };
-
-  services.l2tp = svc.l2tp.build {
-    inherit lns;
-    ppp-options = [
-      "debug" "+ipv6" "noauth"
-      "name" rsecrets.l2tp.name
-      "password" rsecrets.l2tp.password
-    ];
-    dependencies = [ services.lnsroute ];
-  };
-
-  services.defaultroute4 = svc.network.route.build {
-    via = "$(output ${services.l2tp} router)";
-    target = "default";
-    dependencies = [services.l2tp];
-  };
-
-  users.root = {
-    passwd = lib.mkForce secrets.root.passwd;
-    openssh.authorizedKeys.keys = secrets.root.keys;
-  };
-}

examples/nwa50ax-ap.nix

@@ -1,7 +1,6 @@
 { config, pkgs, ... } :
 let
-  inherit (pkgs.liminix.services) oneshot longrun bundle target;
-  inherit (pkgs) writeText;
+  inherit (pkgs.liminix.services) target;
   svc = config.system.service;
   secrets-1 = {
     ssid = "Zyxel 2G (N)";

examples/recovery.nix

@@ -3,8 +3,8 @@ let
   inherit (pkgs) serviceFns;
   svc = config.system.service;
   inherit (pkgs.pseudofile) dir symlink;
-  inherit (pkgs.liminix.services) oneshot longrun bundle target;
-  some-util-linux = pkgs.runCommand "some-util-linux" {} ''
+  inherit (pkgs.liminix.services) oneshot target;
+  some-util-linux = pkgs.runCommand "some-util-linux" { } ''
     mkdir -p $out/bin
     cd ${pkgs.util-linux-small}/bin
     cp fdisk sfdisk mkswap $out/bin
@@ -53,14 +53,13 @@ in rec {
   services.defaultroute4 = svc.network.route.build {
     via = "$(output ${services.dhcpc} router)";
     target = "default";
-    dependencies = [services.dhcpc];
+    dependencies = [ services.dhcpc ];
   };
 
   services.resolvconf = oneshot rec {
     dependencies = [ services.dhcpc ];
     name = "resolvconf";
     up = ''
-      . ${serviceFns}
       ( in_outputs ${name}
       for i in $(output ${services.dhcpc} dns); do
         echo "nameserver $i" > resolv.conf
@@ -72,7 +71,6 @@ in rec {
   services.growfs = let name = "growfs"; in oneshot {
     inherit name;
     up = ''
-      . ${serviceFns}
       device=$(grep /persist /proc/1/mountinfo | cut -f9 -d' ')
       ${pkgs.e2fsprogs}/bin/resize2fs $device
     '';

examples/rotuer-secrets.example.nix

@@ -8,12 +8,10 @@
   root = {
     #  mkpasswd -m sha512crypt
     passwd = "$6$6pt0mpbgcB7kC2RJ$kSBoCYGyi1.qxt7dqmexLj1l8E6oTZJZmfGyJSsMYMW.jlsETxdgQSdv6ptOYDM7DHAwf6vLG0pz3UD31XBfC1";
-    openssh.authorizedKeys.keys = [
-    ];
+    openssh.authorizedKeys.keys = [ ];
   };
 
   lan = {
     prefix = "10.8.0";
   };
-
 }

examples/rotuer.nix

@@ -1,21 +1,17 @@
-# This is not part of Liminix per se. This is my "scratchpad"
-# configuration for the device I'm testing with.
-#
-# Parts of it do do things that Liminix eventually needs to do, but
-# don't look in here for solutions - just for identifying the
-# problems.
-
+# This is an example that uses the "gateway" profile to create a
+# "typical home wireless router" configuration suitable for a Gl.inet
+# gl-ar750 router. It should be fairly simple to edit it for other
+# devices: mostly you will need to attend to the number of wlan and lan
+# interfaces
 
 { config, pkgs, lib, modulesPath, ... } :
 let
   secrets = {
     domainName = "fake.liminix.org";
-    firewallRules = {};
+    firewallRules = { };
   } // (import ./rotuer-secrets.nix);
-  inherit (pkgs.liminix.services) oneshot bundle;
-  inherit (pkgs) serviceFns;
   svc = config.system.service;
-  wirelessConfig =  {
+  wirelessConfig = {
     country_code = "GB";
     inherit (secrets) wpa_passphrase;
     wmm_enabled = 1;
@@ -32,21 +28,18 @@ in rec {
 
   imports = [
     "${modulesPath}/profiles/gateway.nix"
-    "${modulesPath}/schnapps"
-    "${modulesPath}/outputs/btrfs.nix"
-    "${modulesPath}/outputs/extlinux.nix"
   ];
   hostname = "rotuer";
-  rootfsType = "btrfs";
-  rootOptions = "subvol=@";
-  boot.loader.extlinux.enable = true;
 
   profile.gateway = {
     lan = {
       interfaces =  with config.hardware.networkInterfaces;
         [
+          # EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
+          # if your device has more or differently named lan interfaces,
+          # specify them here
           wlan wlan5
-          lan0 lan1 lan2 lan3 lan4
+          lan
         ];
       inherit (secrets.lan) prefix;
       address = {
@@ -60,9 +53,17 @@ in rec {
       };
     };
     wan = {
-      interface = config.hardware.networkInterfaces.wan;
-      username = secrets.l2tp.name;
-      password = secrets.l2tp.password;
+      # wan interface depends on your upstream - could be dhcp, static
+      # ethernet, a pppoe, ppp over serial, a complicated bonded
+      # failover ... who knows what else?
+      interface = svc.pppoe.build {
+        interface = config.hardware.networkInterfaces.wan;
+        username = secrets.l2tp.name;
+        password = secrets.l2tp.password;
+      };
+      # once the wan has ipv4 connnectivity, should we run dhcp6
+      # client to potentially get an address range ("prefix
+      # delegation")
       dhcp6.enable = true;
     };
     firewall = {
@@ -70,15 +71,19 @@ in rec {
       rules = secrets.firewallRules;
     };
     wireless.networks = {
+      # EDIT: if you have more or fewer wireless radios, here is where
+      # you need to say so.  hostapd tuning is hardware-specific and
+      # left as an exercise for the reader :-).
+
       "${secrets.ssid}" = {
         interface = config.hardware.networkInterfaces.wlan;
-        hw_mode="g";
+        hw_mode = "g";
         channel = "2";
         ieee80211n = 1;
       } // wirelessConfig;
       "${secrets.ssid}5" = rec {
         interface = config.hardware.networkInterfaces.wlan5;
-        hw_mode="a";
+        hw_mode = "a";
         channel = 36;
         ht_capab = "[HT40+]";
         vht_oper_chwidth = 1;

examples/router-with-l2tp.nix

@@ -0,0 +1,211 @@
+# A demonstration config for a home/soho router with PPPoE upstream
+# and fallback to an L2TP tunnel over a USB WWAN device
+
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  secrets = import ./extneder-secrets.nix;
+  rsecrets = import ./rotuer-secrets.nix;
+
+  # https://support.aa.net.uk/Category:Incoming_L2TP says:
+  # "Please use the DNS name (l2tp.aa.net.uk) instead of hardcoding an
+  # IP address; IP addresses can and do change. If you have to use an
+  # IP, use 194.4.172.12, but do check the DNS for l2tp.aa.net.uk in
+  # case it changes."
+
+  # but (1) we don't want to use the wwan stick's dns as our main
+  # resolver: it's provided by some mobile ISP and they aren't
+  # necessarily the best at providing unfettered services without
+  # deciding to do something weird; (2) it's not simple to arrange
+  # that xl2tpd gets a different resolver than every other process;
+  # (3) there's no way to specify an lns address to xl2tpd at runtime
+  # except by rewriting its config file. So what we will do is lookup
+  # the lns hostname using the mobile ISP's dns server and then refuse
+  # to start l2tp unless the expected lns address is one of the
+  # addresses returned. I think this satisfies "do check the DNS"
+
+  lns = { hostname = "l2tp.aaisp.net.uk"; address = "194.4.172.12"; };
+
+  inherit (pkgs.liminix.services) oneshot longrun target;
+  inherit (pkgs.liminix) outputRef;
+  inherit (pkgs.pseudofile) dir symlink;
+  inherit (pkgs) serviceFns;
+  svc = config.system.service;
+  wirelessConfig = {
+    country_code = "GB";
+    inherit (rsecrets) wpa_passphrase;
+    wmm_enabled = 1;
+  };
+in rec {
+  boot = {
+    tftp = {
+      serverip = "10.0.0.1";
+      ipaddr = "10.0.0.8";
+    };
+  };
+
+  imports = [
+    ../modules/wwan
+    ../modules/network
+    ../modules/ssh
+    ../modules/usb.nix
+    ../modules/ppp
+    ../modules/round-robin
+    ../modules/health-check
+    ../modules/secrets
+    ../modules/profiles/gateway.nix
+  ];
+  hostname = "thing";
+
+  services.wan-address-for-secrets = svc.network.address.build {
+    interface = config.hardware.networkInterfaces.wan;
+    family = "inet"; address ="10.0.0.10"; prefixLength = 24;
+  };
+
+  services.secrets = svc.secrets.outboard.build {
+    name = "secret-service";
+    url = "http://10.0.0.1/liminix/examples/real-secrets.json";
+    username = "demo";
+    password = "demo";
+    interval = 5;
+    dependencies = [ services.wan-address-for-secrets ];
+  };
+
+  services.wwan = svc.wwan.huawei-e3372.build {
+    apn = "data.uk";
+    username = "user";
+    password = "one2one";
+    authType = "chap";
+  };
+
+  profile.gateway = {
+    lan = {
+      interfaces =  with config.hardware.networkInterfaces;
+        [
+          # EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
+          # if your device has more or differently named lan interfaces,
+          # specify them here
+          wlan wlan5
+          lan
+        ];
+      inherit (rsecrets.lan) prefix;
+      address = {
+        family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24;
+      };
+      dhcp = {
+        start = 10;
+        end = 240;
+        hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
+        localDomain = "lan";
+      };
+    };
+    wan =
+      let
+        secret = outputRef config.services.secrets;
+        username = secret "ppp/username";
+        password = secret "ppp/password";
+      in {
+        interface =
+          let
+            pppoe = svc.pppoe.build {
+              interface = config.hardware.networkInterfaces.wan;
+              debug = true;
+              inherit username password;
+            };
+
+            l2tp =
+              let
+                check-address = oneshot rec {
+                  name = "check-lns-address";
+                  up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)";
+                  dependencies = [ services.lns-address ];
+                };
+                route = svc.network.route.build {
+                  via = "$(output ${services.bootstrap-dhcpc} router)";
+                  target = lns.address;
+                  dependencies = [services.bootstrap-dhcpc check-address];
+                };
+                l2tpd= svc.l2tp.build {
+                  lns = lns.address;
+                  inherit username password;
+                  dependencies = [config.services.lns-address route check-address];
+                };
+              in
+                svc.health-check.build {
+                  service = l2tpd;
+                  threshold = 3;
+                  interval = 2;
+                  healthCheck = pkgs.writeAshScript "ping-check" {} "ping 1.1.1.1";
+                };
+          in svc.round-robin.build {
+            name = "wan";
+            services = [
+              pppoe
+              l2tp
+            ];
+          };
+        dhcp6.enable = true;
+      };
+
+    wireless.networks = {
+      "${rsecrets.ssid}" = {
+        interface = config.hardware.networkInterfaces.wlan;
+        hw_mode = "g";
+        channel = "6";
+        ieee80211n = 1;
+      } // wirelessConfig // {
+        wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
+      };
+
+      "${rsecrets.ssid}5" = rec {
+        interface = config.hardware.networkInterfaces.wlan5;
+        hw_mode = "a";
+        channel = 36;
+        ht_capab = "[HT40+]";
+        vht_oper_chwidth = 1;
+        vht_oper_centr_freq_seg0_idx = channel + 6;
+        ieee80211n = 1;
+        ieee80211ac = 1;
+      } // wirelessConfig // {
+        wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
+      };
+    };
+  };
+
+  services.bootstrap-dhcpc = svc.network.dhcp.client.build {
+    interface = config.services.wwan;
+    dependencies = [ config.services.hostname ];
+  };
+
+  services.sshd = svc.ssh.build {
+    authorizedKeys = outputRef config.services.secrets "ssh/authorizedKeys";
+  };
+
+  services.lns-address = let
+    ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)";
+    route-to-bootstrap-nameserver = svc.network.route.build {
+      via = "$(output ${services.bootstrap-dhcpc} router)";
+      target = ns;
+      dependencies = [services.bootstrap-dhcpc];
+    };
+  in oneshot rec {
+    name = "resolve-l2tp-server";
+    dependencies = [ services.bootstrap-dhcpc route-to-bootstrap-nameserver ];
+    up = ''
+      (in_outputs ${name}
+       DNSCACHEIP="${ns}" ${pkgs.s6-dns}/bin/s6-dnsip4 ${lns.hostname} \
+        > addresses
+      )
+    '';
+  };
+
+  users.root = rsecrets.root;
+
+  programs.busybox.options = {
+    FEATURE_FANCY_TAIL = "y";
+  };
+
+}

examples/secrets.json

@@ -0,0 +1,19 @@
+{
+    "wpa_passphrase": "you bring light in",
+    "ssid": "liminix",
+    "l2tp": {
+	"name": "abcde@a.1",
+	"password": "NotMyIspPassword"
+    },
+    "root": {
+	"passwd": "$6$6pt0mpbgcB7kC2RJ$kSBoCYGyi1.qxt7dqmexLj1l8E6oTZJZmfGyJSsMYMW.jlsETxdgQSdv6ptOYDM7DHAwf6vLG0pz3UD31XBfC1",
+	"openssh": {
+	    "authorizedKeys": {
+		"keys": [ ]
+	    }
+	}
+    },
+    "lan": {
+	"prefix": "10.8.0"
+    }
+}

examples/turris.nix

@@ -1,6 +1,5 @@
-{ config, pkgs, lib, lim, ... } :
+{ config, pkgs, lim, ... } :
 let
-  inherit (pkgs) serviceFns;
   svc = config.system.service;
 
 in rec {

modules/arch/aarch64.nix

@@ -1,4 +1,4 @@
-{ lib, lim, pkgs, config, ...}:
+{ lim, pkgs, config, ...}:
 {
   config = {
     kernel.config = {

modules/arch/arm.nix

@@ -1,4 +1,4 @@
-{ lib, lim, pkgs, config, ...}:
+{ lim, pkgs, config, ...}:
 {
   config = {
     kernel.config = {

modules/arch/mips.nix

@@ -1,4 +1,4 @@
-{ lib, pkgs, config, lim, ...}:
+{ config, lim, ...}:
 {
   config = {
     kernel.config = {

modules/arch/mipseb.nix

@@ -1,4 +1,4 @@
-{ lib, pkgs, config, ...}:
+{ pkgs, config, ...}:
 {
   imports = [ ./mips.nix ];
   config = {

modules/arch/mipsel.nix

@@ -1,4 +1,4 @@
-{ lib, pkgs, config, ...}:
+{ config, ...}:
 {
   imports = [ ./mips.nix ];
   config = {

modules/base.nix

@@ -4,10 +4,8 @@
 
 { lib, pkgs, config, ...}:
 let
-  inherit (lib) mkEnableOption mkOption types isDerivation hasAttr ;
+  inherit (lib) mkOption types;
   inherit (pkgs.pseudofile) dir symlink;
-  inherit (pkgs.liminix.networking) address interface;
-  inherit (pkgs.liminix.services) bundle;
 
   type_service = pkgs.liminix.lib.types.service;
 
@@ -38,7 +36,7 @@ in {
       '';
       # internal = true;  # probably a good case to make this internal
     };
-    rootfsType =  mkOption {
+    rootfsType = mkOption {
       default = "squashfs";
       type = types.enum [
         "btrfs"
@@ -48,7 +46,7 @@ in {
         "ubifs"
       ];
     };
-    rootOptions =  mkOption {
+    rootOptions = mkOption {
       type = types.nullOr types.str;
       default = null;
     };
@@ -56,20 +54,29 @@ in {
     boot = {
       commandLine = mkOption {
         type = types.listOf types.nonEmptyStr;
-        default = [];
+        default = [ ];
         description = "Kernel command line";
       };
       commandLineDtbNode = mkOption {
-        type = types.enum [ "bootargs" "bootargs-override" ];
+        type = types.enum [
+          "bootargs"
+          "bootargs-override"
+        ];
         default = "bootargs";
         description = "Kernel command line's devicetree node";
       };
       imageType = mkOption {
-        type = types.enum [ "primary" "secondary" ];
+        type = types.enum [
+          "primary"
+          "secondary"
+        ];
         default = "primary";
       };
       imageFormat = mkOption {
-        type = types.enum ["fit" "uimage"];
+        type = types.enum [
+          "fit"
+          "uimage"
+        ];
         default = "uimage";
       };
       tftp = {
@@ -85,7 +92,7 @@ in {
         };
         # These names match the uboot environment variables. I reserve
         # the right to change them if I think of better ones.
-        ipaddr =  mkOption {
+        ipaddr = mkOption {
           type = types.str;
           description = ''
             Our IP address to use when creating scripts to
@@ -130,13 +137,11 @@ in {
             s = pkg (checkTypes parameters
               (builtins.removeAttrs args ["dependencies"]));
           in s.overrideAttrs (o: {
-            dependencies = (builtins.map (d: d.name) dependencies) ++ o.dependencies;
+            dependencies = dependencies ++ o.dependencies;
             buildInputs = dependencies ++ o.buildInputs;
           });
       };
 
-
-
     users.root = {
       uid = 0; gid= 0; gecos = "Root of all evaluation";
       dir = "/home/root/";

modules/bridge/default.nix

@@ -10,7 +10,6 @@
 { lib, pkgs, config, ...}:
 let
   inherit (lib) mkOption types;
-  inherit (pkgs.liminix.services) oneshot;
   inherit (pkgs) liminix;
 in
 {
@@ -23,7 +22,7 @@ in
     };
   };
   config.system.service.bridge = {
-    primary = liminix.callService ./primary.nix {
+    primary = config.system.callService ./primary.nix {
       ifname = mkOption {
         type = types.str;
         description = "bridge interface name to create";

modules/bridge/members.nix

@@ -1,7 +1,6 @@
 {
   liminix
 , ifwait
-, lib
 , svc
 }:
 { members, primary } :
@@ -9,7 +8,6 @@
 let
   inherit (liminix.networking) interface;
   inherit (liminix.services) bundle oneshot;
-  inherit (lib) mkOption types;
   addif = member :
     # how do we get sight of services from here? maybe we need to
     # implement ifwait as a regualr derivation instead of a

modules/bridge/primary.nix

@@ -1,12 +1,10 @@
 {
   liminix
-, ifwait
 , lib
 }:
 { ifname } :
 let
-  inherit (liminix.services) bundle oneshot;
-  inherit (lib) mkOption types;
+  inherit (liminix.services) oneshot;
 in oneshot rec {
   name = "${ifname}.link";
   up = ''

modules/busybox.nix

@@ -8,7 +8,7 @@
 
 { lib, pkgs, config, ...}:
 let
-  inherit (lib) mkOption mkEnableOption types mapAttrsToList;
+  inherit (lib) mkOption types mapAttrsToList;
   inherit (pkgs.pseudofile) dir symlink;
   inherit (lib.strings) toUpper;
 
@@ -85,10 +85,13 @@ in {
       };
     };
     filesystem = dir {
-      bin = dir ({
-        busybox = symlink "${busybox}/bin/busybox";
-        sh = symlink "${busybox}/bin/busybox";
-      } // makeLinks);
+      bin = dir (
+        {
+          busybox = symlink "${busybox}/bin/busybox";
+          sh = symlink "${busybox}/bin/busybox";
+        }
+        // makeLinks
+      );
     };
   };
 }

modules/cdc-ncm/default.nix

@@ -1,56 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  inherit (pkgs.liminix.services) oneshot;
-  svc = config.system.service;
-in {
-  config = {
-    kernel.config = {
-      USB_NET_HUAWEI_CDC_NCM = "y";
-      USB_USBNET = "y";
-      USB_SERIAL = "y";
-      USB_SERIAL_OPTION = "y";
-    };
-
-    # https://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-stick-from-hilink-to-stick-mode/
-
-    services.wwan = let
-      chat = lib.escapeShellArgs [
-        # Your usb modem thing might present as a tty that you run PPP
-        # over, or as a network device ("ndis" or "ncm"). The latter
-        # kind is to be preferred, at least in principle, because it's
-        # faster.  This initialization sequence works for the Huawei
-        # E3372, and took much swearing: the error messages are *awful*
-        "" "AT"
-        "OK" "ATZ"
-        # create PDP context
-        "OK" "AT+CGDCONT=1,\"IP\",\"data.uk\""
-        # activate PDP context
-        "OK"  "AT+CGACT=1,1"
-        # setup username and password per requirements of sim provider.
-        # (caret is special to chat, so needs escaping in AT commands)
-        "OK"  "AT\\^AUTHDATA=1,2,\"1p\",\"one2one\",\"user\""
-        # start the thing (I am choosing to read this as "NDIS DialUP")
-        "OK" "AT\\^NDISDUP=1,1"
-      ];
-      modemConfig = oneshot {
-        name = "modem-configure";
-        # this is currently only going to work if there is one
-        # modem only plugged in, it is plugged in already at boot,
-        # and nothing else is providing a USB tty.
-        # https://stackoverflow.com/questions/5477882/how-to-i-detect-whether-a-tty-belonging-to-a-gsm-3g-modem-is-a-data-or-control-p
-        up = ''
-          sleep 2
-          ${pkgs.usb-modeswitch}/bin/usb_modeswitch -v 12d1 -p 14fe --huawei-new-mode
-          sleep 5
-          ${pkgs.ppp}/bin/chat -s -v ${chat}  0<>/dev/ttyUSB0 1>&0
-        '';
-        down = "chat -v '' ATZ OK  </dev/ttyUSB0 >&0";
-      };
-    in svc.network.link.build {
-      ifname = "wwan0";
-      dependencies = [ modemConfig ];
-    };
-
-
-  };
-}

modules/dhcp6c/acquire-delegated-prefix.fnl

@@ -27,6 +27,6 @@
         dir (svc.open state-directory)]
     (accumulate [addresses []
                  v (dir:events)]
-      (update-prefixes lan-device addresses (v:output "prefix") system))))
+      (update-prefixes lan-device addresses (or (v:output "prefix") []) system))))
 
 { : changes : run }

modules/dhcp6c/acquire-delegated-prefix.nix

@@ -2,7 +2,6 @@
   writeFennel
 , linotify
 , anoia
-, lua
 , lualinux
 }:
 writeFennel "acquire-delegated-prefix" {

modules/dhcp6c/acquire-wan-address.fnl

@@ -27,6 +27,6 @@
         dir (svc.open state-directory)]
     (accumulate [addresses []
                  v (dir:events)]
-      (update-addresses wan-device addresses (v:output "address") system))))
+      (update-addresses wan-device addresses (or (v:output "address") []) system))))
 
 { : update-addresses : deletions : run }

modules/dhcp6c/acquire-wan-address.nix

@@ -3,7 +3,6 @@
 , linotify
 , anoia
 , lualinux
-, lua
 }:
 writeFennel "acquire-wan-address" {
   packages = [ linotify anoia lualinux ];

modules/dhcp6c/address.nix

@@ -1,12 +1,10 @@
 {
   liminix
-, lib
 , callPackage
 }:
 { client, interface } :
 let
   inherit (liminix.services) longrun;
-  inherit (lib) mkOption types;
   name = "dhcp6c.addr.${client.name}.${interface.name}";
   script = callPackage ./acquire-wan-address.nix {  };
 in longrun {

modules/dhcp6c/client.nix

@@ -1,13 +1,11 @@
 {
   liminix
-, lib
 , odhcp6c
 , odhcp-script
 }:
 { interface } :
 let
   inherit (liminix.services) longrun;
-  inherit (lib) mkOption types;
   name = "dhcp6c.${interface.name}";
 in longrun {
   inherit name;

modules/dhcp6c/default.nix

@@ -12,7 +12,6 @@
 { lib, pkgs, config, ...}:
 let
   inherit (lib) mkOption types;
-  inherit (pkgs.liminix.services) oneshot;
   inherit (pkgs) liminix;
 in
 {
@@ -24,13 +23,13 @@ in
     };
   };
   config.system.service.dhcp6c = {
-    client = liminix.callService ./client.nix {
+    client = config.system.callService ./client.nix {
       interface = mkOption {
         type = liminix.lib.types.interface;
         description = "interface (usually WAN) to query for DHCP6";
       };
     };
-    address = liminix.callService ./address.nix {
+    address = config.system.callService ./address.nix {
       client = mkOption {
         type = types.anything; # liminix.lib.types.service;
       };
@@ -39,7 +38,7 @@ in
         description = "interface to assign the address to";
       };
     };
-    prefix = liminix.callService ./prefix.nix {
+    prefix = config.system.callService ./prefix.nix {
       client = mkOption {
         type = types.anything; # liminix.lib.types.service;
       };

modules/dhcp6c/prefix.nix

@@ -1,12 +1,10 @@
 {
   liminix
-, lib
 , callPackage
 }:
 { client, interface } :
 let
   inherit (liminix.services) longrun;
-  inherit (lib) mkOption types;
   name = "dhcp6c.prefix.${client.name}.${interface.name}";
   script = callPackage ./acquire-delegated-prefix.nix {  };
 in longrun {

modules/dnsmasq/default.nix

@@ -16,7 +16,7 @@ in {
     };
   };
   config = {
-    system.service.dnsmasq = liminix.callService ./service.nix {
+    system.service.dnsmasq = config.system.callService ./service.nix {
       user = mkOption {
         type = types.str;
         default = "dnsmasq";

modules/dnsmasq/service.nix

@@ -1,6 +1,6 @@
 {
   liminix
-, dnsmasqSmall
+, dnsmasq
 , serviceFns
 , lib
 }:
@@ -18,7 +18,7 @@ let
   name = "${interface.name}.dnsmasq";
   inherit (liminix.services) longrun;
   inherit (lib) concatStrings concatStringsSep mapAttrsToList;
-  hostOpt = name : { mac, v4, v6, leasetime } @ attrs:
+  hostOpt = name : { mac, v4, v6, leasetime }:
     let v6s = concatStrings (map (a : ",[${a}]") v6);
     in "--dhcp-host=${mac},${v4}${v6s},${name},${builtins.toString leasetime}";
 in
@@ -26,8 +26,7 @@ longrun {
   inherit name;
   dependencies = [ interface ];
   run = ''
-    . ${serviceFns}
-    ${dnsmasqSmall}/bin/dnsmasq \
+    ${dnsmasq}/bin/dnsmasq \
     --user=${user} \
     --domain=${domain} \
     --group=${group} \

modules/firewall/default.nix

@@ -8,7 +8,6 @@
 let
   inherit (lib) mkOption types;
   inherit (pkgs) liminix;
-  inherit (pkgs.liminix.services) oneshot;
 
   kmodules = pkgs.kmodloader.override {
     inherit (config.system.outputs) kernel;
@@ -55,7 +54,7 @@ in
   };
   config = {
     system.service.firewall =
-      let svc = liminix.callService ./service.nix  {
+      let svc = config.system.callService ./service.nix  {
             extraRules = mkOption {
               type = types.attrsOf types.attrs;
               description = "firewall ruleset";

modules/firewall/service.nix

@@ -7,8 +7,6 @@
 { rules, extraRules }:
 let
   inherit (liminix.services) oneshot;
-  inherit (liminix.lib) typeChecked;
-  inherit (lib) mkOption types;
   script = firewallgen "firewall.nft" (lib.recursiveUpdate rules extraRules);
 in oneshot {
   name = "firewall";

modules/hardware.nix

@@ -5,14 +5,13 @@
 ## you want to run on it, and would usually be set in the "device" file:
 ## :file:`devices/manuf-model/default.nix`
 
-
-{ lib, pkgs, config, ...}:
+{ lib, ... }:
 let
-  inherit (lib) mkEnableOption mkOption types isDerivation hasAttr ;
-in {
+  inherit (lib) mkOption types;
+in
+{
   options = {
-    boot = {
-    };
+    boot = { };
     hardware = {
       dts = {
         src = mkOption {
@@ -26,7 +25,7 @@ in {
           '';
         };
         includes = mkOption {
-          default = [];
+          default = [ ];
           description = "List of directories to search for DTS includes (.dtsi files)";
           type = types.listOf types.path;
         };

modules/health-check/default.nix

@@ -0,0 +1,43 @@
+## Health check
+##
+## Runs a service and a separate periodic health process. When the
+## health check starts failing over a period of time, kill the service.
+## (Usually that means the supervisor will restart it, but you can
+## have other behaviours by e.g. combining this service with a round-robin
+## for failover)
+
+
+{ lib, pkgs, config, ...}:
+let
+  inherit (lib) mkOption types;
+  inherit (pkgs) liminix;
+#  inherit (pkgs.liminix.services) longrun;
+in {
+  options = {
+    system.service.health-check = mkOption {
+      description = "run a service while periodically checking it is healthy";
+      type = liminix.lib.types.serviceDefn;
+    };
+  };
+  config.system.service.health-check = config.system.callService ./service.nix {
+    service = mkOption {
+      type = liminix.lib.types.service;
+    };
+    interval =  mkOption {
+      description = "interval between checks, in seconds";
+      type = types.int;
+      default = 10;
+      example = 10;
+    };
+    threshold =  mkOption {
+      description = "number of consecutive failures required for the service to be kicked";
+      type = types.int;
+      example = 3;
+    };
+    healthCheck = mkOption {
+      description = "health check command or script. Expected to exit 0 if the service is healthy or any other exit status otherwise";
+      type = types.path;
+    };
+  };
+  config.programs.busybox.applets = ["expr"];
+}

modules/health-check/service.nix

@@ -0,0 +1,37 @@
+{
+  liminix, lib, lim, s6
+}:
+{ service, interval, threshold, healthCheck } :
+let
+  inherit (liminix.services) oneshot longrun;
+  inherit (builtins) toString;
+  inherit (service) name;
+  checker = let name' = "check-${name}"; in longrun {
+    name = name';
+    run = ''
+      fails=0
+      echo waiting for /run/service/${name}
+      ${s6}/bin/s6-svwait -U /run/service/${name} || exit
+      while sleep ${toString interval} ; do
+        ${healthCheck}
+        if test $? -gt 0; then
+          fails=$(expr $fails + 1)
+        else
+          fails=0
+        fi
+        echo fails $fails/${toString threshold} for ${name}
+        if test "$fails" -gt "${toString threshold}" ; then
+          echo time to die
+          ${s6}/bin/s6-svc -r /run/service/${name}
+          echo bounced
+          fails=0
+          echo waiting for /run/service/${name}
+          ${s6}/bin/s6-svwait -U /run/service/${name}
+        fi
+      done
+    '';
+  };
+in service.overrideAttrs(o: {
+  buildInputs =  (lim.orEmpty o.buildInputs) ++ [ checker ];
+  dependencies = (lim.orEmpty o.dependencies) ++ [ checker ];
+})

modules/hostapd/default.nix

@@ -16,13 +16,14 @@ let
   inherit (lib) mkOption types;
   inherit (pkgs) liminix;
 in {
+  imports = [ ../secrets ];
   options = {
     system.service.hostapd = mkOption {
       type = liminix.lib.types.serviceDefn;
     };
   };
   config = {
-    system.service.hostapd = liminix.callService ./service.nix {
+    system.service.hostapd = config.system.callService ./service.nix {
       interface = mkOption {
         type = liminix.lib.types.service;
       };

modules/hostapd/service.nix

@@ -1,15 +1,16 @@
 {
   liminix
+, svc
 , hostapd
+, output-template
 , writeText
 , lib
 }:
 { interface, params} :
 let
   inherit (liminix.services) longrun;
-  inherit (lib) concatStringsSep mapAttrsToList;
-  inherit (liminix.lib) typeChecked;
-  inherit (lib) mkOption types;
+  inherit (lib) concatStringsSep mapAttrsToList unique ;
+  inherit (builtins) map filter attrValues length head typeOf;
 
   # This is not a friendly interface to configuring a wireless AP: it
   # just passes everything straight through to the hostapd config.
@@ -22,18 +23,35 @@ let
     driver = "nl80211";
     logger_syslog = "-1";
     logger_syslog_level = 1;
-    ctrl_interface = "/run/hostapd";
+    ctrl_interface = "/run/${name}";
     ctrl_interface_group = 0;
   };
+  attrs = defaults // params ;
+  literal_or_output = o: ({
+    string = builtins.toJSON;
+    int = builtins.toJSON;
+    lambda = (o: "output(${builtins.toJSON (o "service")}, ${builtins.toJSON (o "path")})");
+  }.${builtins.typeOf o}) o;
 
-  conf = writeText "hostapd.conf"
-    (concatStringsSep
-      "\n"
-      (mapAttrsToList
-        (name: value: "${name}=${toString value}")
-        (defaults // params)));
-in longrun {
-  inherit name;
-  dependencies = [ interface ];
-  run = "${hostapd}/bin/hostapd -i $(output ${interface} ifname)  -P /run/${name}.pid -S ${conf}";
+  conf =
+    (writeText "hostapd.conf.in"
+      ((concatStringsSep
+        "\n"
+        (mapAttrsToList
+          (n : v : "${n}={{ ${literal_or_output v} }}")
+          attrs)) + "\n"));
+  service = longrun {
+    inherit name;
+    dependencies = [ interface ];
+    run = ''
+      mkdir -p /run/${name}
+      chmod 0700 /run/${name}
+      ${output-template}/bin/output-template '{{' '}}' < ${conf} > /run/${name}/hostapd.conf
+      exec ${hostapd}/bin/hostapd -i $(output ${interface} ifname) -P /run/${name}/hostapd.pid -S /run/${name}/hostapd.conf
+    '';
+  };
+  watch = filter (f: typeOf f == "lambda") (attrValues attrs);
+in svc.secrets.subscriber.build {
+  inherit service watch;
+  action = "restart-all";
 }

modules/ifwait/ifwait.nix

@@ -9,7 +9,7 @@ let
 in longrun {
   name = "ifwait.${interface.name}";
   buildInputs = [ service ];
-  isTrigger = true;
+  restart-on-upgrade = true;
   run = ''
     ${ifwait}/bin/ifwait -s ${service.name}  $(output ${interface} ifname) ${state}
   '';

modules/kernel/default.nix

@@ -5,14 +5,9 @@
 
 { lib, pkgs, config, ...}:
 let
-  inherit (lib) mkEnableOption mkOption types isDerivation hasAttr ;
-  inherit (pkgs.pseudofile) dir symlink;
-  inherit (pkgs.liminix.networking) address interface;
-  inherit (pkgs.liminix.services) bundle;
+  inherit (lib) mkOption types ;
   inherit (pkgs) liminix;
 
-  type_service = pkgs.liminix.lib.types.service;
-
   mergeConditionals = conf : conditions :
     # for each key in conditions, if it is present in conf
     # then merge the associated value into conf

modules/mdevd.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ...} :
+{ config, pkgs, ...} :
 let inherit (pkgs.liminix.services) oneshot longrun;
 in {
   config = {
@@ -11,16 +11,21 @@ in {
       devout = longrun {
         name = "devout";
         notification-fd = 10;
-        run = "${pkgs.devout}/bin/devout /run/devout.sock 4";
+        timeout-up = 60 * 1000;
+        run = "exec ${pkgs.devout}/bin/devout /run/devout.sock 4";
+        dependencies = [ mdevd ];
       };
       coldplug = oneshot {
-        name ="coldplug";
+        name = "coldplug";
         # would love to know what mdevd-coldplug/udevadm trigger does
         # that this doesn't
         up = ''
           for i in $(find /sys -name uevent); do ( echo change > $i ) ; done
         '';
-        dependencies = [devout mdevd];
+        dependencies = [
+          devout
+          mdevd
+        ];
       };
     };
   };

modules/mount/default.nix

@@ -7,11 +7,6 @@
 let
   inherit (lib) mkOption types;
   inherit (pkgs) liminix;
-  mkBoolOption = description : mkOption {
-    type = types.bool;
-    inherit description;
-    default = true;
-  };
 
 in {
   options = {
@@ -19,9 +14,9 @@ in {
       type = liminix.lib.types.serviceDefn;
     };
   };
-  imports = [ ../mdevd.nix ];
+  imports = [ ../mdevd.nix ../uevent-rule ];
   config.system.service.mount =
-    let svc = liminix.callService ./service.nix {
+    let svc = config.system.callService ./service.nix {
           partlabel = mkOption {
             type = types.str;
             example = "my-usb-stick";

modules/mount/service.nix

@@ -1,26 +1,27 @@
 {
   liminix
-, uevent-watch
 , lib
+, svc
 }:
 { partlabel, mountpoint, options, fstype }:
 let
-  inherit (liminix.services) longrun oneshot;
+  inherit (liminix.services) oneshot;
   device = "/dev/disk/by-partlabel/${partlabel}";
+  name = "mount.${lib.strings.sanitizeDerivationName (lib.escapeURL mountpoint)}";
   options_string =
     if options == [] then "" else "-o ${lib.concatStringsSep "," options}";
-  mount_service = oneshot {
-    name = "mount.${lib.escapeURL mountpoint}";
-    timeout-up = 3600;
-    up = "mount -t ${fstype} ${options_string} ${device} ${mountpoint}";
-    down = "umount ${mountpoint}";
+  controller = svc.uevent-rule.build {
+    serviceName = name;
+    symlink = device;
+    terms = {
+      partname = partlabel;
+      devtype = "partition";
+    };
   };
-in longrun {
-  name = "watch-mount.${lib.strings.sanitizeDerivationName mountpoint}";
-  isTrigger = true;
-  buildInputs = [ mount_service ];
-
-  run = ''
-    ${uevent-watch}/bin/uevent-watch -s ${mount_service.name} -n ${device} partname=${partlabel} devtype=partition
-  '';
+in oneshot {
+  inherit name;
+  timeout-up = 3600;
+  up = "mount -t ${fstype} ${options_string} ${device} ${mountpoint}";
+  down = "umount ${mountpoint}";
+  inherit controller;
 }

modules/network/address.nix

@@ -1,6 +1,5 @@
 {
   liminix
-, ifwait
 , serviceFns
 , lib
 }:
@@ -12,7 +11,6 @@ let
   # prefixes, or the same but different protocols
   name = "${interface.name}.a.${address}";
   up = ''
-    . ${serviceFns}
     dev=$(output ${interface} ifname)
     ip address add ${address}/${toString prefixLength} dev $dev
     (in_outputs ${name}

modules/network/default.nix

@@ -64,7 +64,7 @@ in {
     services.loopback = config.hardware.networkInterfaces.lo;
 
     system.service.network = {
-      link = liminix.callService ./link.nix {
+      link = config.system.callService ./link.nix {
         ifname = mkOption {
           type = types.str;
           example = "eth0";
@@ -89,7 +89,7 @@ in {
           example = 1480;
         };
       };
-      address = liminix.callService ./address.nix {
+      address = config.system.callService ./address.nix {
         interface = mkOption {
           type = liminix.lib.types.service;
         };
@@ -104,7 +104,7 @@ in {
         };
       };
 
-      route = liminix.callService ./route.nix {
+      route = config.system.callService ./route.nix {
         interface = mkOption {
           type = types.nullOr liminix.lib.types.interface;
           default = null;
@@ -125,7 +125,7 @@ in {
         };
       };
 
-      forward = liminix.callService ./forward.nix {
+      forward = config.system.callService ./forward.nix {
         enableIPv4 = mkOption {
           type = types.bool;
           default = true;
@@ -136,7 +136,7 @@ in {
         };
       };
 
-      dhcp.client = liminix.callService ./dhcpc.nix {
+      dhcp.client = config.system.callService ./dhcpc.nix {
         interface = mkOption {
           type = liminix.lib.types.service;
         };

modules/network/dhcpc.nix

@@ -17,7 +17,7 @@ let
         ip address replace $ip/$mask dev $interface
         (in_outputs ${name}
          for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do
-            printenv $i > $i
+            (printenv $i || true) > $i
          done)
     }
     case $action in
@@ -40,7 +40,7 @@ let
   '';
 in longrun {
   inherit name;
-  run = "/bin/udhcpc -f -i $(output ${interface} ifname) -x hostname:$(cat /proc/sys/kernel/hostname) -s ${script}";
+  run = "exec /bin/udhcpc -f -i $(output ${interface} ifname) -x hostname:$(cat /proc/sys/kernel/hostname) -s ${script}";
   notification-fd = 10;
   dependencies = [ interface ];
 }

modules/network/forward.nix

@@ -1,7 +1,5 @@
 {
   liminix
-, ifwait
-, serviceFns
 , lib
 }:
 { enableIPv4, enableIPv6 }:

modules/network/link.nix

@@ -1,7 +1,5 @@
 {
   liminix
-, ifwait
-, serviceFns
 , lib
 }:
 {
@@ -11,8 +9,7 @@
 # if devpath is supplied, we rename the interface at that
 # path to have the specified name.
 let
-  inherit (liminix.services) longrun oneshot;
-  inherit (lib) concatStringsSep;
+  inherit (liminix.services) oneshot;
   name = "${ifname}.link";
   rename = if devpath != null
            then ''

modules/network/route.nix

@@ -1,15 +1,15 @@
 {
   liminix
-, ifwait
-, serviceFns
 , lib
 }:
 { target, via, interface ? null, metric }:
 let
   inherit (liminix.services) oneshot;
   with_dev = if interface != null then "dev $(output ${interface} ifname)" else "";
+  target_hash = builtins.substring 0 12 (builtins.hashString "sha256" target);
+  via_hash = builtins.substring 0 12 (builtins.hashString "sha256" via);
 in oneshot {
-  name = "route-${target}-${builtins.substring 0 12 (builtins.hashString "sha256" "${via}-${if interface!=null then interface.name else ""}")}";
+  name = "route-${target_hash}-${builtins.substring 0 12 (builtins.hashString "sha256" "${via_hash}-${if interface!=null then interface.name else ""}")}";
   up = ''
     ip route add ${target} via ${via} metric ${toString metric} ${with_dev}
   '';

modules/ntp/default.nix

@@ -18,7 +18,7 @@ in {
     };
   };
   config = {
-    system.service.ntp = liminix.callService ./service.nix {
+    system.service.ntp = config.system.callService ./service.nix {
       user = mkOption {
         type = types.str;
         default = "ntp";

modules/ntp/service.nix

@@ -1,7 +1,6 @@
 {
   liminix
 , chrony
-, serviceFns
 , lib
 , writeText
 }:
@@ -9,10 +8,6 @@ params:
 let
   inherit (liminix.services) longrun;
   inherit (lib) concatStringsSep mapAttrsToList;
-  inherit (liminix.lib) typeChecked;
-  inherit (lib) mkOption types;
-
-  serverOpts = types.listOf types.str;
   configFile = p:
     (mapAttrsToList (name: opts: "server ${name} ${concatStringsSep "" opts}")
       p.servers)

modules/outputs.nix

@@ -1,12 +1,12 @@
 {
-  config
-, pkgs
-, lib
-, ...
+  config,
+  pkgs,
+  lib,
+  ...
 }:
 let
   inherit (lib) mkOption types concatStringsSep;
-  inherit (pkgs) liminix callPackage writeText;
+  inherit (pkgs) liminix writeText;
   o = config.system.outputs;
 in
 {
@@ -22,7 +22,7 @@ in
       # but only part of one.
       kernel = mkOption {
         type = types.package;
-        internal  = true;
+        internal = true;
         description = ''
           kernel
           ******
@@ -42,7 +42,7 @@ in
       };
       dtb = mkOption {
         type = types.package;
-        internal  = true;
+        internal = true;
         description = ''
           dtb
           ***
@@ -52,7 +52,7 @@ in
       };
       uimage = mkOption {
         type = types.package;
-        internal  = true;
+        internal = true;
         description = ''
           uimage
           ******
@@ -68,7 +68,7 @@ in
       };
       manifest = mkOption {
         type = types.package;
-        internal  = true;
+        internal = true;
         description = ''
           Debugging aid. JSON rendition of config.filesystem, on
           which can run "nix-store -q --tree" on it and find

modules/outputs/btrfs.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkIf mkOption types;
+  inherit (lib) mkIf;
   o = config.system.outputs;
 in
 {

modules/outputs/ext4fs.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkIf mkOption types;
+  inherit (lib) mkIf;
   o = config.system.outputs;
 in
 {

modules/outputs/initramfs.nix

@@ -6,7 +6,7 @@
 }:
 let
   inherit (lib) mkEnableOption mkOption mkIf types;
-  inherit (pkgs) runCommand callPackage writeText;
+  inherit (pkgs) runCommand;
 in
 {
   options = {

modules/outputs/jffs2.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkIf mkOption types;
+  inherit (lib) mkIf;
   o = config.system.outputs;
 in
 {

modules/outputs/kexecboot.nix

@@ -5,13 +5,16 @@
 , ...
 }:
 let
-  inherit (lib) mkOption mkForce types concatStringsSep;
+  inherit (lib) mkOption types concatStringsSep;
 in {
   imports = [ ../ramdisk.nix ];
   options.system.outputs = {
     kexecboot = mkOption {
       type = types.package;
       description = ''
+        kexecboot
+        *********
+
         Directory containing files needed for kexec booting.
         Can be copied onto the target device using ssh or similar
       '';
@@ -42,8 +45,7 @@ in {
 
       boot-sh =
         let
-          inherit (pkgs.lib.trivial) toHexString;
-          inherit (config.system.outputs) rootfs kernel;
+          inherit (config.system.outputs) rootfs;
           cmdline = concatStringsSep " " config.boot.commandLine;
         in
           pkgs.buildPackages.runCommand "boot.sh.sh" {

modules/outputs/mbrimage.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkOption types concatStringsSep;
+  inherit (lib) mkOption types;
   o = config.system.outputs;
   phram_address = lib.toHexString (config.hardware.ram.startAddress + 256 * 1024 * 1024);
 in {

modules/outputs/tftpboot.nix

@@ -58,7 +58,6 @@ in {
     system.outputs = rec {
       tftpboot =
         let
-          inherit (pkgs.lib.trivial) toHexString;
           o = config.system.outputs;
           image = let choices = {
             uimage = o.uimage;

modules/outputs/tplink-safeloader.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkOption types concatStringsSep;
+  inherit (lib) mkOption types;
   o = config.system.outputs;
   cfg = config.tplink-safeloader;
 in {

modules/outputs/ubimage.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkIf mkEnableOption mkOption types concatStringsSep;
+  inherit (lib) mkIf mkOption types;
   cfg = config.boot.tftp;
   instructions = pkgs.writeText "env.scr" ''
     setenv serverip ${cfg.serverip}

modules/outputs/ubivolume.nix

@@ -5,7 +5,6 @@
 , ...
 }:
 let
-  inherit (pkgs) liminix;
   inherit (lib) mkIf mkOption types concatStringsSep optionalString;
 in
   {

modules/outputs/zyxel-nwa-fit.nix

@@ -5,7 +5,7 @@
 , ...
 }:
 let
-  inherit (lib) mkIf mkEnableOption mkOption types concatStringsSep;
+  inherit (lib) mkIf mkOption types;
   models = "6b e1 6f e1 ff ff ff ff ff ff";
 in {
   options.system.outputs = {

modules/ppp/common.nix

@@ -0,0 +1,83 @@
+{ writeAshScript, liminix, svc, lib, serviceFns, output-template }:
+{
+  command,
+  name,
+  debug
+, username,
+  password,
+  lcpEcho,
+  ppp-options,
+  dependencies ? []
+} :
+let
+  inherit (lib) optional optionals escapeShellArgs concatStringsSep;
+  inherit (liminix.services) longrun;
+  inherit (builtins) toJSON toString typeOf;
+
+  ip-up = writeAshScript "ip-up" {} ''
+    . ${serviceFns} 
+    (in_outputs ${name}
+     echo $1 > ifname
+     echo $2 > tty
+     echo $3 > speed
+     echo $4 > address
+     echo $5 > peer-address
+     echo $DNS1 > ns1
+     echo $DNS2 > ns2
+    )
+    echo >/proc/self/fd/10
+  '';
+  ip6-up = writeAshScript "ip6-up" {} ''
+    . ${serviceFns} 
+    (in_outputs ${name}
+     echo $4 > ipv6-address
+     echo $5 > ipv6-peer-address
+    )
+    echo >/proc/self/fd/10
+  '';
+  literal_or_output =
+    let v = o: ({
+          string = toJSON;
+          int = toJSON;
+          lambda = (o: "output(${toJSON (o "service")}, ${toJSON (o "path")})");
+        }.${typeOf o}) o;
+    in  o: "{{ ${v o} }}";
+
+  ppp-options' =
+    ["+ipv6" "noauth"]
+    ++ optional debug "debug"
+    ++ optionals (username != null) ["name" (literal_or_output username)]
+    ++ optionals (password != null) ["password" (literal_or_output password)]
+    ++ optional lcpEcho.adaptive "lcp-echo-adaptive"
+    ++ optionals (lcpEcho.interval != null)
+      ["lcp-echo-interval" (toString lcpEcho.interval)]
+    ++ optionals (lcpEcho.failure != null)
+      ["lcp-echo-failure" (toString lcpEcho.failure)]
+    ++ ppp-options
+    ++ ["ip-up-script" ip-up
+        "ipv6-up-script" ip6-up
+        "ipparam" name
+        "nodetach"
+        "usepeerdns"
+        "nodefaultroute"
+        "logfd" "2"
+       ];
+  service = longrun {
+    inherit name;
+    run = ''
+      mkdir -p /run/${name}
+      chmod 0700 /run/${name}
+      in_outputs ${name}
+      echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options
+      ${command}
+    '';
+    notification-fd = 10;
+    timeout-up = if lcpEcho.failure != null
+                 then (10 + lcpEcho.failure * lcpEcho.interval) * 1000
+                 else 60 * 1000;
+    inherit dependencies;
+  };
+in svc.secrets.subscriber.build {
+  watch = lib.filter (n: typeOf n=="lambda") [ username password ];
+  inherit service;
+}

modules/ppp/default.nix

@@ -1,18 +1,31 @@
 ## PPP
 ## ===
 ##
-## A PPPoE (PPP over Ethernet) configuration to address the case where
-## your Liminix device is connected to an upstream network using
+## ``ppoe`` (PPP over Ethernet) provides a service to address the case
+## where your Liminix device is connected to an upstream network using
 ## PPPoE. This is typical for UK broadband connections where the
 ## physical connection is made by OpenReach ("Fibre To The X") and
-## common in some other localities as well: ask your ISP if this is
+## common in some other localities as well: check with your ISP if this is
 ## you.
+##
+## ``l2tp`` (Layer 2 Tunelling Protocol) provides a service that
+## tunnels PPP over the Internet.  This may be used by some ISPs in
+## conjunction with a DHCP uplink, or other more creative forms of
+## network connection
+
 
 { lib, pkgs, config, ...}:
 let
   inherit (lib) mkOption types;
   inherit (pkgs) liminix;
+  mkStringOption =
+    description: mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      inherit description;
+    };
 in {
+  imports = [ ../secrets ];
   options = {
     system.service.pppoe = mkOption {
       type = liminix.lib.types.serviceDefn;
@@ -22,23 +35,89 @@ in {
     };
   };
   config = {
-    system.service.pppoe = pkgs.liminix.callService ./pppoe.nix {
+    system.service.pppoe = config.system.callService ./pppoe.nix {
       interface = mkOption {
         type = liminix.lib.types.service;
         description = "ethernet interface to run PPPoE over";
       };
+      username = mkOption {
+        type = types.nullOr (liminix.lib.types.replacable types.str);
+        default = null;
+        description = "username";
+      };
+      password = mkOption {
+        type = types.nullOr (liminix.lib.types.replacable types.str);
+        default = null;
+        description = "password";
+      };
+      lcpEcho = {
+        adaptive = mkOption {
+          description = "send LCP echo-request frames only if no traffic was received from the peer since the last echo-request was sent";
+          type = types.bool;
+          default = true;
+        };
+        interval = mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "send an LCP echo-request frame to the peer every n seconds";
+        };
+        failure =  mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "terminate connection if n LCP echo-requests are sent without receiving a valid LCP echo-reply";
+        };
+      };
+      debug = mkOption {
+        description = "log the contents of all control packets sent or received";
+        default = false;
+        type = types.bool;
+      };
       ppp-options = mkOption {
         type = types.listOf types.str;
         description = "options supplied on ppp command line";
+        default = [];
       };
     };
-    system.service.l2tp = pkgs.liminix.callService ./l2tp.nix {
+    system.service.l2tp = config.system.callService ./l2tp.nix {
       lns = mkOption {
         type = types.str;
         description = "hostname or address of the L2TP network server";
       };
+      username = mkOption {
+        type = types.nullOr (liminix.lib.types.replacable types.str);
+        default = null;
+        description = "username";
+      };
+      password = mkOption {
+        type = types.nullOr (liminix.lib.types.replacable types.str);
+        default = null;
+        description = "password";
+      };
+      lcpEcho = {
+        adaptive = mkOption {
+          description = "send LCP echo-request frames only if no traffic was received from the peer since the last echo-request was sent";
+          type = types.bool;
+          default = true;
+        };
+        interval = mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "send an LCP echo-request frame to the peer every n seconds";
+        };
+        failure =  mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "terminate connection if n LCP echo-requests are sent without receiving a valid LCP echo-reply";
+        };
+      };
+      debug = mkOption {
+        description = "log the contents of all control packets sent or received";
+        default = false;
+        type = types.bool;
+      };
       ppp-options = mkOption {
         type = types.listOf types.str;
+        default = [];
         description = "options supplied on ppp command line";
       };
     };

modules/ppp/l2tp.nix

@@ -1,62 +1,40 @@
 {
-  liminix
-, lib
-, ppp
-, pppoe
-, writeAshScript
-, writeText
-, serviceFns
-, xl2tpd
+  lib,
+  liminix,
+  output-template,
+  serviceFns,
+  svc,
+  writeAshScript,
+  writeText,
+  xl2tpd,
+  callPackage
 } :
-{ lns, ppp-options }:
+{ lns,
+  ppp-options,
+  lcpEcho,
+  username,
+  password,
+  debug
+}:
 let
-  inherit (liminix.services) longrun;
   name = "${lns}.l2tp";
-  ip-up = writeAshScript "ip-up" {} ''
-    . ${serviceFns} 
-    (in_outputs ${name}
-     echo $1 > ifname
-     echo $2 > tty
-     echo $3 > speed
-     echo $4 > address
-     echo $5 > peer-address
-     echo $DNS1 > ns1
-     echo $DNS2 > ns2
-    )
-    echo >/proc/self/fd/10
-  '';
-  ip6-up = writeAshScript "ip6-up" {} ''
-    . ${serviceFns} 
-    (in_outputs ${name}
-     echo $4 > ipv6-address
-     echo $5 > ipv6-peer-address
-    )
-    echo >/proc/self/fd/10
-  '';
-  ppp-options' = ppp-options ++ [
-    "ip-up-script" ip-up
-    "ipv6-up-script" ip6-up
-    "ipparam" name
-    "nodetach"
-    "usepeerdns"
-    "logfd" "2"
-  ];
+  common = callPackage ./common.nix { inherit svc; };
+
   conf = writeText "xl2tpd.conf" ''
     [lac upstream]
     lns = ${lns}
     require authentication = no
-    pppoptfile = ${writeText "ppp-options" ppp-options'}
+    pppoptfile = /run/${name}/ppp-options
     autodial = yes
     redial = yes
+    redial timeout = 1
+    max redials = 2 # this gives 1 actual retry, as xl2tpd can't count
   '';
-  control = "/run/xl2tpd/control-${name}";
-in
-longrun {
-  inherit name;
-  run = ''
-    mkdir -p /run/xl2tpd
+  control = "/run/${name}/control";
+in common {
+  inherit name debug username password lcpEcho ppp-options;
+  command = ''
     touch ${control}
-    exec ${xl2tpd}/bin/xl2tpd -D -p /run/xl2tpd/${name}.pid -c ${conf} -C ${control} 
+    exec ${xl2tpd}/bin/xl2tpd -D -p /run/${name}/${name}.pid -c ${conf} -C ${control} 
   '';
-  notification-fd = 10;
 }

modules/ppp/pppoe.nix

@@ -1,51 +1,30 @@
 {
-  liminix
-, lib
-, ppp
-, pppoe
-, writeAshScript
-, serviceFns
+  lib,
+  liminix,
+  output-template,
+  ppp,
+  pppoe,
+  serviceFns,
+  svc,
+  writeAshScript,
+  callPackage
 } :
-{ interface, ppp-options }:
+{ interface,
+  ppp-options,
+  lcpEcho,
+  username,
+  password,
+  debug
+}:
 let
-  inherit (liminix.services) longrun;
   name = "${interface.name}.pppoe";
-  ip-up = writeAshScript "ip-up" {} ''
-    . ${serviceFns} 
-    (in_outputs ${name}
-     echo $1 > ifname
-     echo $2 > tty
-     echo $3 > speed
-     echo $4 > address
-     echo $5 > peer-address
-     echo $DNS1 > ns1
-     echo $DNS2 > ns2
-    )
-    echo >/proc/self/fd/10
+  common = callPackage ./common.nix { inherit svc; };
+
+  timeoutOpt = if lcpEcho.interval != null then "-T ${builtins.toString (4 * lcpEcho.interval)}" else "";
+in common {
+  inherit name debug username password lcpEcho ppp-options;
+  command = ''
+    exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt}  -I $(output ${interface} ifname)" file /run/${name}/ppp-options
   '';
-  ip6-up = writeAshScript "ip6-up" {} ''
-    . ${serviceFns} 
-    (in_outputs ${name}
-     echo $4 > ipv6-address
-     echo $5 > ipv6-peer-address
-    )
-    echo >/proc/self/fd/10
-  '';
-  ppp-options' = ppp-options ++ [
-    "ip-up-script" ip-up
-    "ipv6-up-script" ip6-up
-    "ipparam" name
-    "nodetach"
-    "usepeerdns"
-    "logfd" "2"
-  ];
-in
-longrun {
-  inherit name;
-  run = ''
-    . ${serviceFns} 
-    ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'}
-  '';
-  notification-fd = 10;
   dependencies = [ interface ];
 }

modules/profiles/gateway.nix

@@ -2,7 +2,7 @@
 let
   svc = config.system.service;
   cfg = config.profile.gateway;
-  inherit (lib) mkOption mkEnableOption mkIf mdDoc types optional optionals;
+  inherit (lib) mkOption mkEnableOption mkIf types;
   inherit (pkgs) liminix serviceFns;
   inherit (liminix.services) bundle oneshot;
   hostaps =
@@ -52,8 +52,6 @@ in {
 
     wan = {
       interface = mkOption { type = liminix.lib.types.interface; };
-      username = mkOption { type = types.str; };
-      password =  mkOption { type = types.str; };
       dhcp6.enable = mkOption { type = types.bool; };
     };
 
@@ -86,14 +84,7 @@ in {
       members = cfg.lan.interfaces;
     };
 
-    services.wan = svc.pppoe.build {
-      inherit (cfg.wan) interface;
-      ppp-options = [
-        "debug" "+ipv6" "noauth"
-        "name" cfg.wan.username
-        "password" cfg.wan.password
-      ];
-    };
+    services.wan = cfg.wan.interface;
 
     services.packet_forwarding = svc.network.forward.build { };
 
@@ -158,7 +149,6 @@ in {
       dependencies = [ config.services.wan ];
       name = "resolvconf";
       up = ''
-        . ${serviceFns}
         ( in_outputs ${name}
          echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf
          echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf