1
0
Fork 0

Compare commits

...

388 Commits
main ... main

Author SHA1 Message Date
Daniel Barlow 0f50648157 don't put hostname in levitate logs
there might not be one
2024-10-08 22:55:39 +01:00
Daniel Barlow f1c260d4f7 make ci.ni "all" a derivation
this is to stop hydra complaining
2024-10-06 18:04:56 +01:00
Daniel Barlow 3d611d3ba2 fix unstable qemu build?
nix-repl> (lib.versionOlder "24.11pre-git" "24.11")
true

nix-repl> (lib.versionOlder "24.11pre-git" "24.10")
false

n
2024-10-06 18:04:48 +01:00
Daniel Barlow e6b7d86381 sort lines 2024-10-06 17:53:34 +01:00
Daniel Barlow 83fbffb39b catch another uncaught-logs 2024-10-06 17:53:09 +01:00
Daniel Barlow f8c579b41e add CI "all" target 2024-10-06 17:52:59 +01:00
Daniel Barlow ca9efc4b26 simplify CI
* I didn't know what I was doing when I set up Hydra

* it's not certain that I do now either, but hey ho
2024-10-06 15:55:01 +01:00
Daniel Barlow 336fc7e495 think 2024-10-06 14:27:45 +01:00
Daniel Barlow 4cc0add2ad update refs to uncaught-logs in docs/tests 2024-10-06 13:46:14 +01:00
Daniel Barlow 2d7e6188ac log shipping service now gets logs on stdin
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
Daniel Barlow b9999857cb longrun: don't add logger if producer-for is already set 2024-10-06 13:13:04 +01:00
Daniel Barlow ba03ddeb38 border-vm: add tang service 2024-10-06 12:38:06 +01:00
Daniel Barlow 493c5f69d7 add module for certifix-client 2024-10-06 11:27:39 +01:00
Daniel Barlow 1a915e91ff add altname to CSR 2024-10-06 10:13:28 +01:00
Daniel Barlow 197e2eb5b1 new package certifix-client uses certifix to sign ssl client cert
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
Daniel Barlow 7ca822c826 more messing around with lua derivation 2024-10-03 23:00:08 +01:00
Daniel Barlow e5631783e1 add luaossl package with patch for CSR attributes 2024-10-03 23:00:08 +01:00
Daniel Barlow 635590d37a implement log shipping config
to use this, you need config like for example

+  logging.shipping = {
+    enable = true;
+    service = longrun {
+      name = "ship-logs";
+      run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+            in ''
+        PATH=${path}:$PATH
+        s6-ipcserver -1 ${config.logging.shipping.socket} \
+        s6-tcpclient 10.0.2.2 19612 \
+        fdmove -c 1 7 cat
+      '';
+    };
+  };

but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
Daniel Barlow 17630f2678 rename logtee->logtap 2024-09-18 20:58:02 +01:00
Daniel Barlow 707a471bc2 add logtee to catchall logger 2024-09-16 21:30:06 +01:00
Daniel Barlow d3fce5edd4 implement error() for musl 2024-09-16 20:35:23 +01:00
Daniel Barlow 5771108fed improve logtee socket connection warning
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
Daniel Barlow 9e5f2d663d close socket fd if we can't connect it 2024-09-15 22:09:31 +01:00
Daniel Barlow 21eeb1671e print diagnostic when eof on stderr 2024-09-15 21:59:24 +01:00
Daniel Barlow 44762d38fc write start cookie when socket connect succeeds 2024-09-15 21:54:21 +01:00
Daniel Barlow 1f6cfc3679 extract method is_connected 2024-09-15 21:40:05 +01:00
Daniel Barlow 8ec00f1710 improve error message 2024-09-15 21:37:04 +01:00
Daniel Barlow 6a6dd32dea make pollfd array global 2024-09-15 21:32:48 +01:00
Daniel Barlow 9b1fc11a59 logshipper/logtee :copy stdin to stdout & to a unix socket if present
first draft
2024-09-15 19:33:21 +01:00
Daniel Barlow aaa6e353db incz is a very rudimentary log shipper for zinc search
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible

this is just the package and needs hooking into the service/log
infrastructure somehow
2024-09-08 16:38:37 +01:00
Daniel Barlow 69bf6cb5fb write-fennel quote PATH properly
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
2024-09-07 22:31:44 +01:00
Daniel Barlow 9f58e7b926 maybe fix nixpkgs-unstable lua 2024-09-07 00:58:11 +01:00
Daniel Barlow 5a5c27ab9f think 2024-09-06 22:37:49 +01:00
Daniel Barlow 277c91acdf Revert "remove luaposix ref in write-fennel"
This reverts commit a60c2539a6.
2024-09-06 00:33:30 +01:00
Daniel Barlow e0725489ca unbreak pppoe ci job 2024-09-06 00:33:30 +01:00
Daniel Barlow cc47515cf8 watch-outputs remove debug code 2024-09-06 00:13:54 +01:00
Daniel Barlow 464913cc8f tangc use spawn to invoke jose
hopefully we are now deadlock-free
2024-09-06 00:12:45 +01:00
Daniel Barlow e604d628e3 fennel anoia.process.spawn
runs a subprocess and invokes a callback whenever its io
descriptors are ready
2024-09-06 00:11:33 +01:00
Daniel Barlow e2a597589b anoia.fs.find-executable looks for bin in colon-sep list of directories 2024-09-06 00:08:40 +01:00
Raito Bezarius a139a262c1 seedrng: init at 2022.04
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-05 14:18:00 +01:00
Daniel Barlow 6a5fed83dd conditional fetch in json-to-fstree 2024-09-05 11:14:47 +01:00
Daniel Barlow bcf5ab24e8 tidy watch-outputs startup message 2024-09-05 10:11:16 +01:00
Daniel Barlow 32bf80c6fa devout: unlink socket pathname before binding 2024-09-05 10:05:13 +01:00
Daniel Barlow 12275f6896 add more test for table= 2024-09-04 21:21:30 +01:00
Daniel Barlow a60c2539a6 remove luaposix ref in write-fennel 2024-09-04 21:21:02 +01:00
Daniel Barlow 146a2d9ac0 fix startup race/fencepost in watch-ssh-keys
if it starts _after_ the outputs are populated, it should
write the first lot of outputs without waiting for a change
2024-09-04 21:19:51 +01:00
Daniel Barlow 091d863710 extract pppoe/l2tp common code 2024-09-04 12:02:00 +01:00
Daniel Barlow c7bcfbfa34 make pppoe/l2tp more consistent 2024-09-03 22:57:45 +01:00
Daniel Barlow 500a3c1025 make nodefaultroute explicit in ppp 2024-09-03 22:53:13 +01:00
Daniel Barlow 0c0d0eed8a make watch-ssh-keys robust against missing key 2024-09-03 22:51:29 +01:00
Daniel Barlow 699cf97206 improve tangc http error messages 2024-09-03 22:50:55 +01:00
Daniel Barlow cd0093279c think 2024-09-01 10:14:31 +01:00
Daniel Barlow 034d6aacc4 tangc handle non-zero exit from jwe dec
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
2024-09-01 09:57:38 +01:00
Daniel Barlow e590c0ad3f secrets subscriber: add provider as dep to controlled service 2024-09-01 09:56:59 +01:00
Daniel Barlow 14abdd9998 tang: notify on ready 2024-08-31 23:24:50 +01:00
Daniel Barlow 6287b92000 fix bugs handling base64 padding 2024-08-31 22:43:25 +01:00
Daniel Barlow d2215d3e56 tangc popen retry on short read 2024-08-31 22:18:23 +01:00
Daniel Barlow 3cf2308bee tangc: stop printing unexpected blank lines 2024-08-31 15:29:10 +01:00
Daniel Barlow 3913989be3 provide string to perform-encryption
instead of letting it read stdin, which I think may have been read
by a subprocess already sometimes?
2024-08-31 15:27:54 +01:00
Daniel Barlow 43e5e6876e improve tangc error messages 2024-08-31 15:22:26 +01:00
Daniel Barlow 7d6c80570c refactor all writeFennelScript calls to use writeFennel directly 2024-08-30 20:57:42 +01:00
Daniel Barlow e745991b9d restart pppoe/l2tp in secrets changes 2024-08-30 20:49:27 +01:00
Daniel Barlow defbfce1fb finish converting outputRef to lambda 2024-08-30 20:46:48 +01:00
Daniel Barlow 0df2c83382 tighten perms on service state directory 2024-08-29 23:56:43 +01:00
Daniel Barlow 01c28de88d think 2024-08-29 23:56:20 +01:00
Daniel Barlow 2bf197cad8 document outputs and secrets 2024-08-29 23:55:32 +01:00
Daniel Barlow a8a19977ca (untested) template service for tang encrypted secrets 2024-08-28 22:32:26 +01:00
Daniel Barlow 8a9284af1e think 2024-08-28 22:23:00 +01:00
Daniel Barlow 7351e143c5 remove redundant sourcing of ${serviceFns}
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
Daniel Barlow 283c3154a7 missing file in s6-rc-up-tree test fixture 2024-08-28 21:18:54 +01:00
Daniel Barlow 34f37d60d9 missed adding this 2024-08-28 20:56:52 +01:00
Daniel Barlow fe7b092075 (untested) http basic auth for outboard secrets 2024-08-28 20:53:59 +01:00
Daniel Barlow b56f121e04 fetch lua glue: handle missing content-length 2024-08-28 19:52:00 +01:00
Daniel Barlow d5d621f310 rename http-fstree => json-to-fstree
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
Daniel Barlow da95a9fa62 tangc support encryption 2024-08-28 18:55:20 +01:00
Daniel Barlow 85071c88e7 remove argv0 from calls to jose 2024-08-28 11:16:43 +01:00
Daniel Barlow 74093b7ee3 josep! runs jose without json parsing the output 2024-08-28 08:13:50 +01:00
Daniel Barlow 41733e58d6 remove unused code, tidy string parsing 2024-08-28 07:20:07 +01:00
Daniel Barlow 9041d5d63a add jose! fn to reduce error-checking boilerplate 2024-08-28 07:10:47 +01:00
Daniel Barlow 001ebdc601 remove unused requires 2024-08-28 06:52:04 +01:00
Daniel Barlow 1f97409474 add popen2 to anoia.fs 2024-08-28 06:49:43 +01:00
Daniel Barlow a41839f3d1 clevis-decrypt-tang in fennel
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
Daniel Barlow ff76d854fc extend libfetch lua glue to other HTTP methods 2024-08-28 01:37:02 +01:00
Daniel Barlow 81a6480a4f anoia add base64 deode 2024-08-27 22:42:03 +01:00
Daniel Barlow c7164a6f4a sshd can use outputRef for authorized_keys 2024-08-25 16:35:50 +01:00
Daniel Barlow 83ca86fe42 keys in service output tree are strings 2024-08-25 15:59:24 +01:00
Daniel Barlow 1b4106e2a3 ssh-keys service, draft 2024-08-25 15:09:31 +01:00
Daniel Barlow 89912c766b nixpkgs 24.11 qemu does not expect texinfo 2024-08-25 14:23:29 +01:00
Daniel Barlow 9828b007ae watch-ssh-keys turns secrets-service into authorized_keys files 2024-08-24 23:25:32 +01:00
Daniel Barlow f34abc85ae add macros param to write-fennel 2024-08-24 23:19:46 +01:00
Daniel Barlow b475a680fb define-tests macro, evals body only when inside fennelrepl --test 2024-08-24 22:26:25 +01:00
Daniel Barlow 43612af71a anoia: %% is alias for string.formt 2024-08-24 13:56:54 +01:00
Daniel Barlow 5695c47496 add dig to anoia 2024-08-23 23:27:29 +01:00
Daniel Barlow e3ec514710 think 2024-08-23 23:27:17 +01:00
Daniel Barlow 99f68e5421 destructure params in ssh service 2024-08-23 23:13:49 +01:00
Daniel Barlow 9c30b6f882 change output references from attrset to lambda
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow dd75322c10 think 2024-08-23 21:45:18 +01:00
Daniel Barlow 869a508c0a add authorizedKeys option to ssh service
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow e835473945 patch dropbear to add -U option 2024-08-23 19:58:05 +01:00
Daniel Barlow 055268d5d2 upgrade dropbear 2024-08-23 19:57:10 +01:00
Daniel Barlow ff38bcacbb improve devout error reporting 2024-08-21 23:24:13 +01:00
Daniel Barlow a6128955e7 ppp modules: permit (mostly) same params for l2tp as pppoe
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow 531cb113be devout needs a longer startup timeout
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow daede666cb in router-with-l2tp use secrets for ppp username/password 2024-08-21 00:17:53 +01:00
Daniel Barlow 2992771c7e pppoe allow secrets for username/password 2024-08-21 00:17:22 +01:00
Daniel Barlow 4cc82e1502 liminix.types.replacable is a string or ref to an output 2024-08-21 00:16:14 +01:00
Daniel Barlow 21f2320d86 inline method 2024-08-20 23:26:11 +01:00
Daniel Barlow d40ada4251 use structured ppp params in ppp test 2024-08-20 23:25:31 +01:00
Daniel Barlow 4053ea9481 secrets/subscriber implement different restart types 2024-08-20 22:56:26 +01:00
Daniel Barlow 54d3415885 pppoe convert to using a config file
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow 264d83c98d move some secret-watching stuff from hostapd to secrets 2024-08-20 21:49:11 +01:00
Daniel Barlow 97defc2076 hostapd: get secrets service/path from attrs 2024-08-17 22:25:30 +01:00
Daniel Barlow ddaa5476d3 override clevis derivation (experimental) 2024-08-15 23:02:54 +01:00
Daniel Barlow bcd9d56624 start devout after mdevd
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow e2c883356c add secrets-subscriber service, make hostapd use it 2024-08-15 23:00:41 +01:00
Daniel Barlow d79a941504 new package watch-outputs and example of its use 2024-08-14 22:58:17 +01:00
Daniel Barlow 2f82e0dab8 hostapd set permissions on dir in /run/ 2024-08-14 22:57:02 +01:00
Daniel Barlow fc03965915 hostapd literal_or_output use an attrset for dispatch 2024-08-14 22:56:01 +01:00
Daniel Barlow d2d3af2587 outboard secrets: loop in service
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
Daniel Barlow 310ac30f24 http-fstree needs to write state and .lock for anoia.svc 2024-08-14 22:39:41 +01:00
Daniel Barlow 45a7f96bd4 anoia table= compares tables 2024-08-14 22:36:28 +01:00
Daniel Barlow 79445fd962 support multi-arg assoc 2024-08-14 22:34:37 +01:00
Daniel Barlow a9ddd78482 think 2024-08-12 22:59:03 +01:00
Daniel Barlow 4fb8253e57 first pass at outboard secrets
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it

needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
Daniel Barlow ff3a1905a5 pass service to `output` fn in output-template
instead of on command line
2024-08-12 22:53:07 +01:00
Daniel Barlow 3c353e4aff support json quoting in output-template 2024-08-10 23:42:08 +01:00
Daniel Barlow ba21384fde new: output-template interpolates output values into config file 2024-08-10 23:06:47 +01:00
Daniel Barlow 2480fdef5b set up nginx on bordervm for testing outboard secrets 2024-08-10 23:05:50 +01:00
Daniel Barlow 409c1cfb16 think 2024-08-10 23:05:15 +01:00
Daniel Barlow 9767078878 add the example used in the video 2024-08-08 19:24:58 +01:00
Daniel Barlow d760c2d27b http-fstree downloads a json file and converts to service outputs 2024-08-08 15:35:11 +01:00
Daniel Barlow 1e139c22fd think 2024-08-08 15:21:24 +01:00
Daniel Barlow a1ff07b063 add rxi/json lua module 2024-08-08 15:05:26 +01:00
Daniel Barlow 9550772cec add lua binding to fetch-freebsd 2024-08-08 15:05:03 +01:00
Daniel Barlow 64cd1626c6 new package fetch-freebsd: small http(s) client library
[*] smaller than curl, maybe not maximally small
2024-08-08 11:38:38 +01:00
Daniel Barlow eb79928b37 anoia.svc allow writing outputs 2024-08-08 11:37:50 +01:00
Daniel Barlow 0a629df48d anoia.fs: improve error messages 2024-08-08 11:36:47 +01:00
Daniel Barlow 64afd18e2a why does this fail on hydra? 2024-08-06 23:18:39 +01:00
Daniel Barlow 47e96ddc15 think 2024-08-06 18:43:49 +01:00
Daniel Barlow 5db9d7269e ppoe structured options are optional 2024-08-06 18:43:27 +01:00
Daniel Barlow 985df8792d overlay: handle cross-only overrides consistently 2024-08-06 18:42:58 +01:00
Daniel Barlow 528afae8b1 doc: punctuate 2024-08-06 14:15:57 +01:00
Daniel Barlow 384835c89d admin doc: updte round-robin, explain health check 2024-08-06 14:14:52 +01:00
Daniel Barlow 5051625d31 mention health check in docs 2024-07-30 22:53:21 +01:00
Daniel Barlow c4d00e062a add health check service and example that uses it 2024-07-30 22:37:43 +01:00
Daniel Barlow 8fa3443923 Revert "anoia.svc use timeout for inotify"
This reverts commit eca8e37e7a.
2024-07-30 17:37:38 +01:00
Daniel Barlow 8091e207b6 some notes on controlled services 2024-07-28 22:57:23 +01:00
Daniel Barlow 39020607ad rename service-trigger rule to match service name 2024-07-28 22:35:37 +01:00
Daniel Barlow fe735408a1 v:address is nil if missing, but code expects an array 2024-07-27 17:40:32 +01:00
Daniel Barlow a9d1582b53 remove unused arg 2024-07-26 23:41:50 +01:00
Daniel Barlow eca8e37e7a anoia.svc use timeout for inotify
in case we miss a message, check the directory every 5s
anyway
2024-07-26 23:40:40 +01:00
Daniel Barlow d300373b96 anoia fs.dir use case not match
match was accidentally pinning the return from readdir against the
function parameter. Which didn't work.
2024-07-26 23:37:40 +01:00
Daniel Barlow 70ca7fac17 elfutils is reqd by iproute2 (for bpf?), build sans kitchen sink 2024-07-24 22:07:58 +01:00
Daniel Barlow 79a3a45061 build iproute2 without rb to avoid stdatomic 2024-07-24 21:13:55 +01:00
Daniel Barlow 612d6d7a51 build openssl without threads to avoid stdatomic 2024-07-24 21:12:52 +01:00
Daniel Barlow e1ae986cf6 convert l2tp example to use gateway profile 2024-07-23 09:31:34 +01:00
Daniel Barlow bce0c7ffb6 rename services.dhcpc in l2tp example
it's only used to get the address of the l2tp server, not for
name lookups in general
2024-07-23 09:31:34 +01:00
Daniel Barlow 28ca1e68ab wwan module needs mdevd 2024-07-23 09:31:34 +01:00
Daniel Barlow acf33a100f think 2024-07-23 09:31:34 +01:00
Daniel Barlow 7f9cae9d5c generalise profile.gateway.wan so not just pppoe 2024-07-23 09:31:34 +01:00
Daniel Barlow 3012c91b47 executive decision: rotuer example should build on gl-ar750 2024-07-23 09:31:34 +01:00
Daniel Barlow 1edf20c08f fix whitespace 2024-07-23 09:31:34 +01:00
Daniel Barlow 7195cb10ce add structured config for common pppoe options 2024-07-23 09:31:34 +01:00
Daniel Barlow 135a445672 restore param removed by deadnix
dochain is called with `family` even if it never uses it
2024-07-16 20:41:21 +01:00
Daniel Barlow 3899daee56 create a module for round-robin 2024-07-15 22:37:37 +01:00
Daniel Barlow b17f623d03 need insmod when we habve kmodloader 2024-07-15 22:35:26 +01:00
Daniel Barlow df395a4d5d finish moving pkgs.linimix.callService to config.system 2024-07-15 19:00:08 +01:00
Daniel Barlow 75e9f8210c remove the fixpoint we didn't need 2024-07-15 18:54:04 +01:00
Daniel Barlow 1c3242cab1 doc: swap order of configuration and installation
you can get a device up and running using a lightly edited example
config before you need to read all the reference info, so let's
have the documentation in that order.
2024-07-14 12:26:07 +01:00
Daniel Barlow 44ea683391 think 2024-07-14 12:08:02 +01:00
Daniel Barlow 725d8b608f huawei-cdc-ncm kernel driver -> module 2024-07-14 12:07:28 +01:00
Daniel Barlow bc9ced5d38 fix doc ref from admin section -> configuration 2024-07-14 11:56:35 +01:00
Daniel Barlow 73ae7788b9 rename wwan-related modules/services
we only currently support huawei e3372/cdc ncm so let's make that
explicit in the naming
2024-07-14 11:53:45 +01:00
Daniel Barlow d34919766a improve reinstallation docs 2024-07-12 18:38:04 +01:00
Daniel Barlow 2fe0cd2f48 add first draft instructions for using Levitate 2024-07-12 00:17:25 +01:00
Daniel Barlow 241f1013ed add new Installation guide
move the u-boot/serial stuff here from development, as the
reality of Liminix development in 2024 is that serial connection
is still the smoothest installation method
2024-07-11 23:31:00 +01:00
Daniel Barlow 2ce361d4e3 think 2024-07-11 09:39:38 +01:00
Daniel Barlow 3f8cc24dcc fix most doc warnings 2024-07-10 23:36:24 +01:00
Daniel Barlow 57e3b449f8 proofreading 2024-07-10 21:23:24 +01:00
Daniel Barlow 3964505131 some notes on services 2024-07-10 20:50:08 +01:00
Daniel Barlow 941479b144 use round-robin failiover in l2tp example 2024-07-08 22:01:54 +01:00
Daniel Barlow ac551536da set cwd before exec xl2tpd 2024-07-08 21:56:26 +01:00
Daniel Barlow 6f908156af fix dependency between modem-atz and modeswitch
for values of "fix" more than slightly reminiscent of "kludge"
2024-07-08 21:55:05 +01:00
Daniel Barlow 534a49e827 s6-rc-round-robin
runs services in order, starting the next one when the previous one
dies or fails to start
2024-07-08 21:53:51 +01:00
Daniel Barlow 07a6eb73cd set lcp-echo timeout in l2tp 2024-07-08 21:45:54 +01:00
Daniel Barlow 159bfa3057 make xl2tpd quit when the connections close 2024-07-08 21:44:15 +01:00
Daniel Barlow 8f0ab5be40 enable tail -F 2024-07-08 21:37:07 +01:00
Daniel Barlow 7f9971512d a6-rc-up-tree: handle blocked deps, exit 1 if nothing started 2024-07-08 21:28:31 +01:00
Daniel Barlow f0f6cc80d7 remove dead code 2024-07-08 21:28:11 +01:00
Daniel Barlow afcc6a6436 s6-rc-up-tree pass -b to s6-rc command 2024-07-08 21:27:54 +01:00
Daniel Barlow 2e8e05f31a wip: rewrite s6-rc-up-tree in an actual procgramming language
and write some tests for it, too
2024-07-08 21:27:42 +01:00
Daniel Barlow 143137cbc6 pppoe: set lcp echo failure timeout 2024-07-08 21:25:42 +01:00
Daniel Barlow 8d228f2bef mess with redial 2024-07-08 21:24:44 +01:00
Daniel Barlow 5751058d59 gl-ar750 swap lan and wan
I don't know if I just got it wrong the first time or if something
weird is going on
2024-07-08 21:19:30 +01:00
Daniel Barlow 5ac7e1e9b2 write-fennel: set $PATH if lualinux is available 2024-07-08 21:18:02 +01:00
Daniel Barlow c75452549b think 2024-07-08 21:17:12 +01:00
Daniel Barlow 2663f58807 disable security for bordervm "liminix" share
tftp needs to be able to follow symlinks into the store
2024-07-01 20:53:03 +01:00
Daniel Barlow 9dbc285605 build libusb1 without libatomic 2024-06-30 17:52:17 +01:00
Daniel Barlow 8b6aa2134e zyxel dual image; restore deleted params 2024-06-30 17:50:45 +01:00
Daniel Barlow 3df1ec76ff cleanup whitespace and commas
* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning

In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time
2024-06-30 17:16:28 +01:00
Daniel Barlow 0d3218127f remove unused makeWrapper input 2024-06-30 10:46:37 +01:00
Daniel Barlow e94bf62ec1 remove dead code (run deadnix) 2024-06-29 22:59:27 +01:00
Daniel Barlow 16a2499d74 avoid makeWrapper on host, it requires bash 2024-06-29 22:36:05 +01:00
Daniel Barlow d4d8093f97 working l2tp-over-wwan stick example 2024-06-20 10:15:54 +01:00
Daniel Barlow 7c9c801afc rename isTrigger to restart-on-upgrade
we're moving away from "trigger" services to "controller" services,
and "restart-on-upgrade" is the name used by s6-rc
2024-06-16 12:58:06 +01:00
Daniel Barlow c4185617c0 a6-rc-up-tree wait for lock if needed 2024-06-15 15:36:07 +01:00
Daniel Barlow 06d28e9b08 dhcpc handle case when env vars are missing
the notify-script should continue and signal readiness even if one or
more of the outputs it writes are mssing in the environment
2024-06-15 15:34:49 +01:00
Daniel Barlow 9540fc2641 add writeAshScriptBin (forgot to add file) 2024-06-15 15:04:56 +01:00
Daniel Barlow adc84108ad Revert "wwan gets address from ppp ipcp not dhcp"
This reverts commit be13ab23ca.
2024-06-15 15:04:33 +01:00
Daniel Barlow eae99051fa exec devout in service definition
makes little practical difference but saves a process slot
2024-06-15 15:01:57 +01:00
Daniel Barlow 49d1703428 add s6-rc-up-tree: start reverse deps of controlled service
When s6-rc stops a service, it also stops everything that
depends on it. but when it starts a service it starts only
that service, so we have to go through the other services
depending on it and figure out if they should be started too.
2024-06-15 14:59:34 +01:00
Daniel Barlow 1d337588f9 think 2024-06-15 09:04:19 +01:00
Daniel Barlow 29a869b4fa qemu: use kmodloader for wifi 2024-06-13 10:12:17 +01:00
Daniel Barlow 5ae1b0a193 Revert "bodervm: remove usbutils until we can fix the udev dep"
This reverts commit c22e3fb2ef.
2024-06-12 20:58:13 +01:00
Daniel Barlow 473a4947a5 inout test: wait longer for disk to appear 2024-06-12 20:44:03 +01:00
Daniel Barlow 50bad5c604 libusb needs udev on build
this is a workaround to make CI work again, but what we really need to
do is completely separate the nixpkgs used for nixos build-system
tools from the nixpkgs we use for liminix host binaries
2024-06-12 18:55:30 +01:00
Daniel Barlow c22e3fb2ef bodervm: remove usbutils until we can fix the udev dep 2024-06-12 13:07:29 +01:00
Daniel Barlow f898e4dca2 remove debug 2024-06-12 13:03:26 +01:00
Daniel Barlow 5121a8563d callService: dependencies are services not names 2024-06-12 12:58:57 +01:00
Daniel Barlow 78be354b6e think 2024-06-12 12:52:52 +01:00
Daniel Barlow be13ab23ca wwan gets address from ppp ipcp not dhcp 2024-06-12 12:51:07 +01:00
Daniel Barlow 4b30cd7a75 think 2024-06-11 14:05:32 +01:00
Daniel Barlow b15542b668 start correct services at boot
- uncontrolled services that are not dependent on a controlled service
- controllers
- _not_ controlled services or any other service that depends on one
2024-06-11 14:04:14 +01:00
Daniel Barlow 6daeaf29a0 flip controller/controlled relationship for wwan services 2024-06-11 14:02:48 +01:00
Daniel Barlow e6ca5ea064 store derivations not just names for service deps
.. also controllers, contents. This is to make it possible (easier)
to work out transitive dependencies at build time
2024-06-11 14:01:06 +01:00
Daniel Barlow e6e4665a18 flip dependencies for triggered/controlled services
Instead of treating the trigger as the "main" service and the
triggered service as subsidary, now we treat the triggered
service as the service and the trigger as "subsidary". This
needs some special handling when we work out which services
go in the default bundle, but it works better for declaring
dependencies on triggered services because it means the
dependency runs after the triggered service comes up, not
just when the watcher-for-events starts
2024-06-09 22:37:45 +01:00
Daniel Barlow 2c10790a6d think 2024-06-09 11:19:38 +01:00
Daniel Barlow 571adf84c0 inherit builtins.map 2024-06-07 16:55:45 +01:00
Daniel Barlow c8c79fd75a update all calls to uevent-watch 2024-06-02 20:42:09 +01:00
Daniel Barlow 884d8d194e wrap uevent-watch in a service 2024-06-02 20:42:09 +01:00
Daniel Barlow f091bbd706 devout: recognise attr,attrs when parsing search term string 2024-06-01 23:48:05 +01:00
Daniel Barlow 37d7e20582 wwan use uevent-watch to find tty for AT commands 2024-06-01 23:47:20 +01:00
Daniel Barlow 04b068f7a3 delete unused code 2024-06-01 22:43:48 +01:00
Daniel Barlow 53f57c1a8c devout: support sysfs attributes for (grand*)parent device 2024-06-01 22:43:27 +01:00
Daniel Barlow 19aba0d873 devout: support search for sysfs attributes 2024-06-01 21:20:41 +01:00
Daniel Barlow 7d00b39249 rename attributes->properties when referring to uevent fields
properties: key-value pairs in the uevent message
attributes: file contents in sysfs
2024-06-01 12:17:49 +01:00
Daniel Barlow 7aa8633cde think 2024-06-01 12:16:21 +01:00
Daniel Barlow 58bec8a40f semi-automate tftpbooting with minicom 2024-05-26 18:03:32 +01:00
Daniel Barlow a3fca5bf05 devout: add functions to read sysfs attributes 2024-05-26 18:03:32 +01:00
Daniel Barlow e0bd7aec1e wwan: hook usb-modeswitch to uevent 2024-05-26 18:03:32 +01:00
Daniel Barlow e815f61bb5 think 2024-05-26 18:00:31 +01:00
Daniel Barlow af9200a136 skip symlink handing unless linkname was provided 2024-05-26 18:00:31 +01:00
Daniel Barlow 898958fa10 make a serviceDefn for wwan 2024-05-22 18:54:49 +01:00
Daniel Barlow fa0f262706 commentary 2024-05-22 18:54:49 +01:00
Daniel Barlow 71aeb27b2f add hacky wwan service with hardcoding all over 2024-05-22 18:54:49 +01:00
Daniel Barlow 530b4080c9 create cdc-ncm module 2024-05-22 18:54:49 +01:00
Daniel Barlow 58cd007ccc barebones usb_modeswitch package 2024-05-22 18:54:49 +01:00
Daniel Barlow 3a56798eb5 l2tp set default route via tunnel 2024-05-22 18:54:49 +01:00
Daniel Barlow 758c7ef657 exec xl2tpd
haven't fully worked out why, but without this s6 is unable to stop it.
2024-05-22 18:54:49 +01:00
Daniel Barlow 73225a70b2 add rudimentary l2tp service module 2024-05-22 18:54:49 +01:00
Daniel Barlow ab304dd3f1 bordervm enable nat 2024-05-22 18:47:37 +01:00
Daniel Barlow 0d49f0f7a7 gl-ar750 appendDTB 2024-05-22 18:47:16 +01:00
Daniel Barlow e64390460a memorable net device names for gl-ar750
linux's view of eth1 and eth0 are opposite to that of u-boot
2024-05-22 18:47:08 +01:00
Daniel Barlow c0ef6ce282 list pkgs we need in bordervm build
it's a bit silly trying to build it with the whole liminix overlay
when it's a nixos system not a liminix system
2024-05-22 18:45:35 +01:00
Daniel Barlow bd6ec5201f run dhcp server on bordervm
this is for testing clients that have dhcp upstream
2024-05-22 18:45:35 +01:00
Daniel Barlow b4068da9fe tftp addresses 2024-05-22 18:45:35 +01:00
Daniel Barlow aa4b09da85 think (foreshadowing) 2024-05-22 18:45:23 +01:00
Daniel Barlow 471c63b399 s6-rc do cleanup in "finish", don't append to "run" script
s6-supervise sends signals (e.g. SIGTERM) to the pid of the process
running "run", so how do we know if the ceanup commands are even
getting executed if the shell interpreter that is supposed to do that
got killed already?
2024-05-13 17:53:02 +01:00
Daniel Barlow 782feaeafa set default for firewall extraRules 2024-05-03 16:28:53 +01:00
Daniel Barlow ac54c89427 add busybox to bordervm for udhcpd 2024-05-01 23:09:23 +01:00
Daniel Barlow 5a3646cb29 add authorized keys to bordervm
You don't often need this because it has autologin, but sometimes
you want to do antics involving sshing through it to the wan port
of a test device.

Note that you probably wanted to start bordervm with funny qemu
options to even make that possible

 nix-shell --run "QEMU_NET_OPTS=hostfwd=tcp::10022-:22 run-border-vm"
2024-05-01 23:07:11 +01:00
Daniel Barlow e249f48cff add deps on {ins,rm}mod and kconfig for firewall module 2024-05-01 23:06:12 +01:00
Daniel Barlow 6661e42684 mt300a tftpboot needs appendDTB 2024-05-01 23:04:25 +01:00
Daniel Barlow b9ba9ef835 mt300a remove unneeded service dependencies 2024-05-01 23:03:55 +01:00
Daniel Barlow 8b69dcc209 pass entire config fragment to levitate, not just services
to make it useful we need to be able to set packages, passwords, ssh
keys etc
2024-04-29 20:07:01 +01:00
Daniel Barlow 9b3a3b9ff7 add levitate to arhcive
this is largely untested
2024-04-28 21:38:13 +01:00
Daniel Barlow 7d08497bcb arhcive remove coldplug fudge 2024-04-28 21:37:30 +01:00
Daniel Barlow 0e84adaa0e maybe don't need deps for gl-mt300a vlan devices?
will delete them next time I have that device open to test
2024-04-28 21:35:09 +01:00
Daniel Barlow 660ed5df8f vlan interface services depend on primary 2024-04-28 21:33:36 +01:00
Daniel Barlow 792a11c8c0 gl-mt300n-v2 use full path to swconfig in service stop 2024-04-28 21:32:42 +01:00
Daniel Barlow 7e4a05bbf8 separate kernel and base modules
this is needed for levitate
2024-04-28 12:44:27 +01:00
Daniel Barlow a4ba5c85e1 alphabetize list in all-modules 2024-04-28 12:42:47 +01:00
Daniel Barlow 723ef73d5a inout: test hotplug and coldplug 2024-04-27 22:41:30 +01:00
Daniel Barlow 3d4e782929 devout: run tests in postBuild
because checkPhase is not executed when cross-compiling, and this
package is always only cross-compiled
2024-04-27 21:07:25 +01:00
Daniel Barlow 1b6a05aec5 make uevent-watch use devout instead of direct netlink 2024-04-27 21:07:25 +01:00
Daniel Barlow 80628a3d90 move event matching tests to devout
in preparation for future uevent-watch not needing to do
event matching
2024-04-27 21:07:25 +01:00
Daniel Barlow bf0cafffed start devout alongside mdevd
ensure it starts before mdevd-coldplug so it can populate
its database
2024-04-26 20:52:12 +01:00
Daniel Barlow e49aba127c devout: improve socket error handling 2024-04-26 20:49:23 +01:00
Daniel Barlow 324465bc18 devout: write uevent KEY=value format to clients 2024-04-26 17:37:28 +01:00
Daniel Barlow b33249a050 devout: add readiness notification 2024-04-26 17:23:29 +01:00
Daniel Barlow b9c084415e devout: handle readiness on netlink socket but no event 2024-04-26 17:20:33 +01:00
Daniel Barlow cf9cadd212 devout: replay relevant events to new subscriber 2024-04-26 17:20:33 +01:00
Daniel Barlow a116fe084a devout: use socket constants from anoia.net.constants 2024-04-26 16:48:51 +01:00
Daniel Barlow 74cf3e0711 add anoia.net.constants for SOCK_{STREAM,DGRAM} etc
we use an ugly bit of C preprocessor to get the values from
header files, because certain constants are different on MIPS
than on other architectures
2024-04-26 16:43:09 +01:00
Daniel Barlow 9795f03da4 think 2024-04-26 16:41:31 +01:00
Daniel Barlow cdb23b147c convert anoia.fs to use lualinux 2024-04-25 21:14:37 +01:00
Daniel Barlow dbd1264352 convert anoia.fs to use lualinux instead of lfs 2024-04-24 20:44:32 +01:00
Daniel Barlow 834858d5bc think 2024-04-24 18:33:57 +01:00
Daniel Barlow 18335b95e3 devout: strip newlines from client terms
this is just to make testing with socat easier
2024-04-24 18:33:02 +01:00
Daniel Barlow 6bee2f67ac devout: add incoming netlink messages to database 2024-04-24 18:32:27 +01:00
Daniel Barlow b4ba3eea21 fix revents in unpack-pollfds 2024-04-24 18:31:26 +01:00
Daniel Barlow 16af3984c9 add lualinux to fennelrepl 2024-04-24 18:30:34 +01:00
Daniel Barlow ce7e395295 devout test: replace minisock with lualinux 2024-04-24 18:29:24 +01:00
Daniel Barlow 7e13e017eb add readline suport to fennelrepl 2024-04-24 18:28:39 +01:00
Daniel Barlow bbf2f53c0e cross-compile lualinux 2024-04-24 18:28:14 +01:00
Daniel Barlow 032d0f8aca add netlink socket
it's not hooked up to anything yet, but it proves we can
do this with lualinux
2024-04-23 23:34:25 +01:00
Daniel Barlow b8ac9e5279 convert devout from minisock to lualinux 2024-04-23 23:33:11 +01:00
Daniel Barlow ff2604ca5d think 2024-04-23 23:30:50 +01:00
Daniel Barlow 72789984ce add lualinux package 2024-04-23 22:41:38 +01:00
Daniel Barlow 90d9d0e811 update minisock to not scribble on lua strings 2024-04-23 20:19:33 +01:00
Daniel Barlow 97a8ae1c84 devout: add event loop and main `run` function 2024-04-23 20:15:02 +01:00
Daniel Barlow 52eb283a26 implement unsubscribe
and add ids to subscribe so that there's a unique identifier
to pass to unsubscribe
2024-04-23 20:12:46 +01:00
Daniel Barlow cbb1de804e switch to minisock fork witj poll() call
this is likely to be temporary as minisock is getting
replaced with lualinux
2024-04-23 20:09:41 +01:00
Daniel Barlow f9c03998b8 implement subscriptions with callback 2024-04-21 13:19:17 +01:00
Daniel Barlow 50de1b090f add the rest of the test list (all we've thought of) 2024-04-21 11:22:26 +01:00
Daniel Barlow 648382f64a report bodyless tests as PENDING 2024-04-21 11:19:42 +01:00
Daniel Barlow e9370358ae implement "remove" events 2024-04-21 11:19:06 +01:00
Daniel Barlow 762ce7b6b8 cut/paste devout implementation into a real module 2024-04-20 22:48:00 +01:00
Daniel Barlow b1c0560f4f implement fetch by path 2024-04-20 22:20:43 +01:00
Daniel Barlow e34135c41a improve failed test reporting 2024-04-20 21:46:37 +01:00
Daniel Barlow 712c9b266f implement find 2024-04-20 18:42:42 +01:00
Daniel Barlow 4df963996c devout: add device 2024-04-20 18:24:10 +01:00
Daniel Barlow 349bfecbb8 new package "devout", does nothing yet 2024-04-20 17:45:40 +01:00
Daniel Barlow 450d3820b2 clean up uevent-watch test using writeFennel and mainFunction
requires less cavorting with globals and stuff
2024-04-20 16:53:43 +01:00
Daniel Barlow 771585546d import expect= where previously it was copy-pasted 2024-04-20 15:09:50 +01:00
Daniel Barlow 73abf952d5 package minisock, a minimal Lua socket library 2024-04-20 15:09:17 +01:00
Daniel Barlow 8af4e9fd5b package anoia assert macros and point fennelrepl at them 2024-04-20 14:59:14 +01:00
Daniel Barlow 7e19d80130 anoia: add assert macro module
contains expect and expect=
2024-04-20 14:04:32 +01:00
Daniel Barlow 0f0688c802 think 2024-04-20 14:03:48 +01:00
Daniel Barlow b43f17f655 think 2024-04-20 12:23:04 +01:00
Daniel Barlow adf62d4483 arhcive: make it work when disk is attached before boot
This is a bit of a kludge (a lot of a kludge) but it will
get it running whilt I work on something better
2024-04-17 18:49:30 +01:00
Daniel Barlow 68eb1360f6 use appended dtb in gl-mt300n-v2 tftpboot
probably the A variant needs this as well
2024-04-17 18:48:19 +01:00
Daniel Barlow 19ad6cd278 watchdog: put s6 pkg on $PATH for s6-svstat 2024-04-17 13:01:10 +01:00
Daniel Barlow 00076c7b81 mount service: use uevent-watch 2024-04-17 12:59:13 +01:00
Daniel Barlow 721e7499f3 arhcive: use usb module instead of harcoded kconfig 2024-04-17 12:53:43 +01:00
Daniel Barlow fc723b9a35 think 2024-04-16 18:59:01 +01:00
Daniel Barlow a5f16dfa81 convert inout test to use uevent-watch 2024-04-15 22:15:27 +01:00
Daniel Barlow 41a4b1f7ef clean cruft from inout test script 2024-04-15 22:00:44 +01:00
Daniel Barlow 42a5699326 remove unneeded config from inout test 2024-04-15 21:19:18 +01:00
Daniel Barlow ea2b25168e add uevent-watch, which toggles services based on uevent msgs 2024-04-15 21:15:07 +01:00
Daniel Barlow 5564cf0554 add nellie.close 2024-04-14 22:45:29 +01:00
Daniel Barlow f3a13630d3 add multicast groups param to nellie.open 2024-04-14 22:45:29 +01:00
Daniel Barlow f233acf9ff netlink uevent hello world 2024-04-14 22:45:29 +01:00
Daniel Barlow b6a054c588 add mdevd as module
following the upstream example, it republishes uevent messages
using multicast group 4 instead of group 2 as used by udev.
2024-04-14 21:59:23 +01:00
Daniel Barlow b231664a06 anoia: add basename, dirname 2024-04-11 23:11:20 +01:00
Daniel Barlow f4bf3029fa anoia: alphabetize exports 2024-04-11 23:11:13 +01:00
Daniel Barlow 05f2c9a2f7 add lua in nix-shell environment 2024-04-11 23:11:06 +01:00
Daniel Barlow 5df5c822ea convert mount service to trigger
Good: this means it's not hanging holding the s6 dataase lock.

Bad: it's the ugliest implementation and doesn't deserve to be preserved

(tbf the ugliness is not new)
2024-04-03 23:17:36 +01:00
Daniel Barlow 4795dd05b7 unconditionally restart trigger services on liminix-rebuild
We call s6-rc -u -p default to restart/start the base services
on a rebuild, otherwise services that are only in the new
configuration won't come up. However, this stops any service
started by a trigger. So, workaround is to restart the trigger
service and expect it to restart the services it manages if they're
needed
2024-04-03 23:07:56 +01:00
Daniel Barlow a192f08881 remove missing module 2024-03-29 17:34:10 +00:00
Daniel Barlow a873dc6608 Merge commit 'efcfdcc' 2024-03-28 23:47:04 +00:00
Daniel Barlow 2fb4756a7f add soft restart option to liminix-rebuild
instead of doing a full reboot, it runs activate / and uses
s6-rc-update to install the new service database
2024-03-28 23:45:10 +00:00
Daniel Barlow 04f5174425 fix vanilla-configuration defaultroute 2024-03-28 22:13:21 +00:00
Daniel Barlow dca2e4def1 fix params to s6-rc-init
flags must precede scandir otherwise they're ignored
2024-03-28 21:56:28 +00:00
Daniel Barlow b60126775a improve liminix-rebuild test
* make it executable
* improve robustness
* do't hardcode services.default (why did it do this?)
2024-03-28 21:37:47 +00:00
Daniel Barlow 76f11bcc93 liminix-rebuild: remove -f flag from reboot call
now we have timeouts in service definitions, shouldn't need this
any more
2024-03-28 21:37:47 +00:00
Daniel Barlow efcfdcc21d think 2024-03-28 20:59:39 +00:00
Daniel Barlow 77f1a78331 ifwait block if s6-rc lock is held
otherwise it doesn't trigger the service if something else is
slow to start
2024-03-28 20:59:39 +00:00
Daniel Barlow 28a5dec7dd implement ifwait trigger service and use in bridge
should we convert all ifwait uses to this trigger too? seems
reasonable
2024-03-28 20:59:39 +00:00
Daniel Barlow fad0a47b75 add config.system.callService
this is like pkgs.callService except that it passes
config.system.service as a param so that the service
being defined can invoke other services

if this proves to be a good idea, all uses of
pkgs.callService should be changed to use it instead
2024-03-28 20:59:39 +00:00
Daniel Barlow af52aafc84 deep thoughts 2024-03-28 20:59:39 +00:00
Daniel Barlow 34442b6069 failing test for ifwait 2024-03-28 20:59:39 +00:00
Daniel Barlow b8a46fc05e allow buildInputs param to s6 service
this is in preparation for trigger services that need to
close over the triggered service without adding it to
s6-rc dependencies
2024-03-28 20:58:53 +00:00
Daniel Barlow 8ac2c6cec1 support timeouts (default 30s) for starting s6-rc services 2024-03-28 20:58:47 +00:00
Daniel Barlow 8879b2d1ba fix rt2x00 wifi 2024-03-28 20:58:39 +00:00
Daniel Barlow 83e346d5a0 add deviceName param 2024-03-22 21:55:44 +00:00
Daniel Barlow 156b1fe64a deep thoughts 2024-03-22 21:54:38 +00:00
Daniel Barlow 1a314e55b7 firewall module: provide default rules and merge extraRules
a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules.  Specifying `rules` will override the defaults
2024-03-21 12:00:34 +00:00
Daniel Barlow 9263b21faa create gateway profile by extracting from rotuer example 2024-03-21 10:04:42 +00:00
Daniel Barlow 0a820a702a extneder: delete nftables kernel config
don't need nftables on a bridge. (do we? hope not)
2024-03-20 19:05:31 +00:00
Daniel Barlow 4ea518e296 expose modulesPath to ease out-of-tree configuration.nix 2024-03-20 18:58:44 +00:00
Daniel Barlow 98318b450d deep thoughts 2024-03-16 20:16:49 +00:00
Daniel Barlow e4ac7f19dc fix ifwait deps 2024-03-16 20:16:49 +00:00
Daniel Barlow 9c22744850 deep thoughts 2024-03-16 20:16:49 +00:00
Daniel Barlow c697be8c28 temporary fix for cmake cross-compilation 2024-03-16 20:16:49 +00:00
dan 202a37221a Merge pull request 'tftpboot: use commandLineDtbNode' (#11) from flokli/liminix:tftpboot-honor-commandLineDtbNode into main
Reviewed-on: dan/liminix#11
2024-03-16 18:18:18 +00:00
Florian Klink 436eb03a7b tftpboot: use commandLineDtbNode
config.boot.commandLineDtbNode can be set from `bootargs` to
`bootargs-override` (used for boards where the u-boot on the board does
set `bootargs` on its own).

In that case, the code updating the cmdline for tftpboot purposes also
needs to update this node, not the `bootargs` node.

Otherwise the kernel won't find the phram device, as it never heard
about it, as it didn't get the necessary cmdline options.
2024-03-16 20:06:38 +02:00
Daniel Barlow e5963ae3f7 deep thoughts 2024-03-06 23:19:47 +00:00
Daniel Barlow f164f19d95 service starts and stops 2024-03-06 23:19:47 +00:00
Daniel Barlow dd4ab41f6a rename run-event 2024-03-06 23:19:47 +00:00
Daniel Barlow 5d5dff6729 WIP add failing test that service starts 2024-03-06 23:19:47 +00:00
Daniel Barlow 570d29c368 pass command line params to run instead of reffing global 2024-03-06 23:19:47 +00:00
Daniel Barlow 725af00dc9 improve test for dummy0 up
if we run off the end of the events fixture, it didn't work
2024-03-06 23:19:47 +00:00
Daniel Barlow e1b932ec27 remove hardcoded filename in test event generator 2024-03-06 23:19:47 +00:00
Daniel Barlow 7173b6fb1c don't call os.exit 2024-03-06 23:19:47 +00:00
Daniel Barlow ed9548f21d pass event producer fn as param 2024-03-06 23:19:47 +00:00
Daniel Barlow 0787807a7f ifwait: don't run on load if in test harness 2024-03-06 23:19:47 +00:00
Daniel Barlow 38ed91f641 simplify assertion 2024-03-06 23:19:47 +00:00
Daniel Barlow ffe9603c39 remove file-scoped parameters var 2024-03-06 23:19:47 +00:00
Daniel Barlow cbd3dfefc5 ifwait fixture/test harness 2024-03-06 23:19:47 +00:00
Daniel Barlow 018c1868b5 ifwait: use anoia.assoc 2024-03-06 23:19:47 +00:00
Daniel Barlow 5184ff63f7 add anoia.nl, a convenience wrapper on netlink 2024-03-06 23:19:47 +00:00
Daniel Barlow 35909c9a23 add netlink to fennelrepl 2024-03-06 23:19:47 +00:00
Daniel Barlow 4383462199 deep thoughts 2024-03-06 23:19:47 +00:00
Daniel Barlow 9730cdd63b add assoc to anoia 2024-03-06 23:19:47 +00:00
dan 095853214b Merge pull request 'Fix kernel build on belkin' (#10) from sinavir/liminix:fix_kernel_build_on_belkin into main
Reviewed-on: dan/liminix#10
2024-03-06 18:21:13 +00:00
sinavir 27c7735f02 belkin-RT3200: fix kernel options 2024-02-22 21:57:40 +01:00
sinavir 29c9de248d fix import of openwrt sources 2024-02-22 21:57:33 +01:00
1718 changed files with 11349 additions and 1561 deletions

33
NEWS
View File

@ -83,4 +83,35 @@ sponsoring this development (and funding the hardware)
2024-02-21
New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX,
an MT7621 (MIPS EL) dual radio WiFi AP.
an MT7621 (MIPS EL) dual radio WiFi AP.
2024-04-29
The setup for using `levitate` has changed: now it accepts an entire
config fragment, not just a list of services. Hopefully this makes it
a bit more useful :-)
defaultProfile.packages = with pkgs; [
...
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
2024-07-16
* structured parameters are available for the pppoe service
* The "wan" configuration in modules/profiles/gateway.nix has changed:
instead of passing options that are used to create a pppoe interface,
callers should create a (pppoe or other) interface and pass that as
the value of profile.gateway.wan. For the pppoe case this is now only
very slightly more verbose, and it allows using the gateway profile
with other kinds of upstream.

File diff suppressed because it is too large Load Diff

20
boot.expect Normal file
View File

@ -0,0 +1,20 @@
# This is for use with minicom, but needs you to configure it to
# use expect as its "Script program" instead of runscript. Try
# Ctrl+A O -> Filenames and paths -> D
log_user 0
log_file -a -open stderr
set f [open "result/boot.scr"]
send "version\r"
set timeout 60
while {[gets $f line] >= 0} {
puts stderr "next line $line\r"
puts stderr "waiting for prompt\r"
expect {
"ath>" {}
"BusyBox" { puts stderr "DONE"; exit 0 }
}
send "$line\r\n"
}
puts stderr "done\r\n"
close $f

View File

@ -4,6 +4,10 @@ let
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
in {
options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
};
l2tp = {
host = mkOption {
description = mdDoc ''
@ -51,18 +55,17 @@ in {
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
];
config = {
boot.kernelParams = [
"loglevel=9"
];
boot.kernelParams = [ "loglevel=9" ];
systemd.services.pppoe =
let conf = pkgs.writeText "kpppoed.toml"
''
interface_name = "eth1"
services = [ "myservice" ]
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0"
'';
in {
let
conf = pkgs.writeText "kpppoed.toml" ''
interface_name = "eth1"
services = [ "myservice" ]
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0"
'';
in
{
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
@ -76,29 +79,63 @@ in {
};
};
services.openssh.enable = true;
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
settings = {
# domain-needed = true;
dhcp-range = [ "10.0.0.10,10.0.0.240" ];
interface = "eth1";
};
};
services.nginx = {
enable = true;
user = "liminix";
virtualHosts.${config.networking.hostName} = {
root = "/home/liminix";
default = true;
};
};
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
virtualisation = {
forwardPorts = [ {
from = "host";
host.port = 7654;
# guest.address = "10.0.2.15";
guest.port =7654;
} ];
qemu = {
networkingOptions = [];
options = [] ++
optional cfg.ethernet.pci.enable
"-device vfio-pci,host=${cfg.ethernet.pci.id}" ++
optionals cfg.ethernet.usb.enable [
networkingOptions = [ ];
options =
[ ]
++ optional cfg.ethernet.pci.enable "-device vfio-pci,host=${cfg.ethernet.pci.id}"
++ optionals cfg.ethernet.usb.enable [
"-device usb-ehci,id=ehci"
"-device usb-host,bus=ehci.0,vendorid=${cfg.ethernet.usb.vendor},productid=${cfg.ethernet.usb.product}"
] ++ [
]
++ [
"-nographic"
"-serial mon:stdio"
];
};
sharedDirectories = {
liminix = {
securityModel = "none";
source = builtins.toString ./.;
target = "/home/liminix/liminix";
};
};
};
services.tang = {
enable = true;
ipAddressAllow = [ "10.0.0.0/24" "0.0.0.0/0" ];
};
environment.systemPackages =
let wireshark-nogui = pkgs.wireshark.override { withQt = false ; };
in with pkgs; [
@ -108,6 +145,8 @@ in {
tufted
iptables
usbutils
busybox
clevis
];
security.sudo.wheelNeedsPassword = false;
networking = {
@ -117,11 +156,17 @@ in {
useDHCP = false;
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
};
nat = {
enable = true;
internalInterfaces = [ "eth1" ];
externalInterface = "eth0";
};
};
users.users.liminix = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = cfg.keys;
};
services.getty.autologinUser = "liminix";
};

View File

@ -1,8 +1,12 @@
{...}:
{ ... }:
{
bordervm = {
# ethernet.pci = { id = "01:00.0"; enable = true; };
ethernet.usb = { vendor = "0x0bda"; product = "0x8153"; enable = true; };
ethernet.usb = {
vendor = "0x0bda";
product = "0x8153";
enable = true;
};
l2tp = {
host = "l2tp.aa.net.uk";
};

79
ci.nix
View File

@ -1,12 +1,7 @@
{
nixpkgs
, unstable
, liminix
, ... }:
let
inherit (builtins) map;
pkgs = (import nixpkgs {});
borderVmConf = ./bordervm.conf-example.nix;
pkgs = import <nixpkgs> { };
liminix = <liminix>;
borderVmConf = ./bordervm.conf-example.nix;
inherit (pkgs.lib.attrsets) genAttrs;
devices = [
"gl-ar750"
@ -21,62 +16,64 @@ let
vanilla = ./vanilla-configuration.nix;
for-device = name:
(import liminix {
inherit nixpkgs borderVmConf;
inherit borderVmConf;
device = import (liminix + "/devices/${name}");
liminix-config = vanilla;
}).outputs.default;
tests = import ./tests/ci.nix;
jobs =
(genAttrs devices for-device) //
tests //
{
buildEnv = (import liminix {
inherit nixpkgs borderVmConf;
device = import (liminix + "/devices/qemu");
liminix-config = vanilla;
}).buildEnv;
(genAttrs devices for-device)
// tests
// {
buildEnv =
(import liminix {
inherit borderVmConf;
device = import (liminix + "/devices/qemu");
liminix-config = vanilla;
}).buildEnv;
doc =
let json =
(import liminix {
inherit nixpkgs borderVmConf;
device = import (liminix + "/devices/qemu");
liminix-config = {...} : {
let
json =
(import liminix {
inherit borderVmConf;
device = import (liminix + "/devices/qemu");
liminix-config =
{ ... }:
{
imports = [ ./modules/all-modules.nix ];
};
}).outputs.optionsJson;
installers = map (f: "system.outputs.${f}") [
"vmroot"
"mtdimage"
"ubimage"
];
inherit (pkgs.lib) concatStringsSep;
in pkgs.stdenv.mkDerivation {
}).outputs.optionsJson;
in
pkgs.stdenv.mkDerivation {
name = "liminix-doc";
nativeBuildInputs = with pkgs; [
gnumake sphinx fennel luaPackages.lyaml
gnumake
sphinx
fennel
luaPackages.lyaml
];
src = ./.;
buildPhase = ''
cat ${json} | fennel --correlate doc/parse-options.fnl > doc/modules-generated.rst
cat ${json} | fennel --correlate doc/parse-options-outputs.fnl > doc/outputs-generated.rst
cat ${json} | fennel --correlate doc/parse-options.fnl > doc/modules-generated.inc.rst
cat ${json} | fennel --correlate doc/parse-options-outputs.fnl > doc/outputs-generated.inc.rst
cp ${(import ./doc/hardware.nix)} doc/hardware.rst
make -C doc html
'';
installPhase = ''
mkdir -p $out/nix-support $out/share/doc/
cd doc
cp *-generated.rst $out
cp *-generated.inc.rst hardware.rst $out
ln -s ${json} $out/options.json
cp -a _build/html $out/share/doc/liminix
echo "file source-dist \"$out/share/doc/liminix\"" \
> $out/nix-support/hydra-build-products
'';
};
with-unstable = (import liminix {
nixpkgs = unstable;
inherit borderVmConf;
device = import (liminix + "/devices/qemu");
liminix-config = vanilla;
}).outputs.default;
};
in jobs
in jobs //
{
all = pkgs.mkShell {
name = "all tests";
contents = pkgs.lib.collect pkgs.lib.isDerivation jobs;
};
}