forked from dan/liminix
1
0
Fork 0

Compare commits

...

10 Commits

Author SHA1 Message Date
Arnout Engelen ac8b456c29
WIP: add device TP-link Archer C7 v1 2024-05-18 23:38:35 +02:00
Daniel Barlow 471c63b399 s6-rc do cleanup in "finish", don't append to "run" script
s6-supervise sends signals (e.g. SIGTERM) to the pid of the process
running "run", so how do we know if the ceanup commands are even
getting executed if the shell interpreter that is supposed to do that
got killed already?
2024-05-13 17:53:02 +01:00
Daniel Barlow 782feaeafa set default for firewall extraRules 2024-05-03 16:28:53 +01:00
Daniel Barlow ac54c89427 add busybox to bordervm for udhcpd 2024-05-01 23:09:23 +01:00
Daniel Barlow 5a3646cb29 add authorized keys to bordervm
You don't often need this because it has autologin, but sometimes
you want to do antics involving sshing through it to the wan port
of a test device.

Note that you probably wanted to start bordervm with funny qemu
options to even make that possible

 nix-shell --run "QEMU_NET_OPTS=hostfwd=tcp::10022-:22 run-border-vm"
2024-05-01 23:07:11 +01:00
Daniel Barlow e249f48cff add deps on {ins,rm}mod and kconfig for firewall module 2024-05-01 23:06:12 +01:00
Daniel Barlow 6661e42684 mt300a tftpboot needs appendDTB 2024-05-01 23:04:25 +01:00
Daniel Barlow b9ba9ef835 mt300a remove unneeded service dependencies 2024-05-01 23:03:55 +01:00
Daniel Barlow 8b69dcc209 pass entire config fragment to levitate, not just services
to make it useful we need to be able to set packages, passwords, ssh
keys etc
2024-04-29 20:07:01 +01:00
Daniel Barlow 9b3a3b9ff7 add levitate to arhcive
this is largely untested
2024-04-28 21:38:13 +01:00
9 changed files with 406 additions and 12 deletions

21
NEWS
View File

@ -83,4 +83,23 @@ sponsoring this development (and funding the hardware)
2024-02-21
New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX,
an MT7621 (MIPS EL) dual radio WiFi AP.
an MT7621 (MIPS EL) dual radio WiFi AP.
2024-04-29
The setup for using `levitate` has changed: now it accepts an entire
config fragment, not just a list of services. Hopefully this makes it
a bit more useful :-)
defaultProfile.packages = with pkgs; [
...
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];

View File

@ -4,6 +4,10 @@ let
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
in {
options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [];
};
l2tp = {
host = mkOption {
description = mdDoc ''
@ -108,6 +112,7 @@ in {
tufted
iptables
usbutils
busybox
];
security.sudo.wheelNeedsPassword = false;
networking = {
@ -122,6 +127,7 @@ in {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
openssh.authorizedKeys.keys = cfg.keys;
};
services.getty.autologinUser = "liminix";
};

View File

@ -110,13 +110,11 @@
ifname = "eth0.1";
primary = eth;
vid = "1";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
};
wan = vlan.build {
ifname = "eth0.2";
primary = eth;
vid = "2";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
};
wlan = link.build {
ifname = "wlan0";
@ -126,7 +124,8 @@
};
boot.tftp = {
loadAddress = lim.parseInt "0x00A00000";
};
appendDTB = true;
};
kernel = {
src = pkgs.fetchurl {

View File

@ -0,0 +1,348 @@
{
description = ''
TP-Link Archer C7 1.1
*********************
Hardware summary
================
- Qualcomm Atheros QCA9558 ver 1 rev 0 (720MHz, MIPS 74Kc)
- 8MB Flash
- 128MB RAM
- WLan hardware: Qualcomm Atheros QCA9558, Qualcomm Atheros QCA9880-AR1A
Limitations
===========
5G is not supported on the v1 revision
ath10k may cause a bootloop, build without ath10k there
'';
system = {
crossSystem = {
config = "mips-unknown-linux-musl";
gcc = {
abi = "32";
arch = "74kc";
};
};
};
module = {pkgs, config, lib, lim, ... }:
let firmware = pkgs.stdenv.mkDerivation {
name = "wlan-firmware";
phases = ["installPhase"];
installPhase = ''
mkdir $out
cp -r ${pkgs.linux-firmware}/lib/firmware/ath10k/QCA988X $out
'';
};
in {
imports = [
../../modules/arch/mips.nix
../../modules/outputs/tftpboot.nix
../../modules/outputs/jffs2.nix
];
config = {
kernel = {
src = pkgs.pkgsBuildBuild.fetchurl {
name = "linux.tar.gz";
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.137.tar.gz";
hash = "sha256-PkdzUKZ0IpBiWe/RS70J76JKnBFzRblWcKlaIFNxnHQ=";
};
extraPatchPhase = ''
${pkgs.openwrt.applyPatches.ath79}
'';
config = {
# Initially taken from openwrt's ./target/linux/ath79/config-5.15,
# then tweaked here and there
AG71XX="y";
AG71XX_DEBUG_FS="y";
AR8216_PHY="y";
#AR8216_PHY_LEDS="y";
ARCH_32BIT_OFF_T="y";
ARCH_HIBERNATION_POSSIBLE="y";
ARCH_KEEP_MEMBLOCK="y";
ARCH_MMAP_RND_BITS_MAX="15";
ARCH_MMAP_RND_COMPAT_BITS_MAX="15";
ARCH_SUSPEND_POSSIBLE="y";
AT803X_PHY="y";
ATH79="y";
WATCHDOG="y";
ATH79_WDT="y";
BLK_MQ_PCI="y";
CEVT_R4K="y";
CLONE_BACKWARDS="y";
#CMDLINE="rootfstype=squashfs,jffs2";
CMDLINE_BOOL="y";
COMMON_CLK="y";
COMPAT_32BIT_TIME="y";
CPU_BIG_ENDIAN="y";
CPU_GENERIC_DUMP_TLB="y";
CPU_HAS_DIEI="y";
CPU_HAS_PREFETCH="y";
CPU_HAS_RIXI="y";
CPU_HAS_SYNC="y";
CPU_MIPS32="y";
CPU_MIPS32_R2="y";
CPU_MIPSR2="y";
CPU_NEEDS_NO_SMARTMIPS_OR_MICROMIPS="y";
CPU_R4K_CACHE_TLB="y";
CPU_SUPPORTS_32BIT_KERNEL="y";
CPU_SUPPORTS_HIGHMEM="y";
CPU_SUPPORTS_MSA="y";
#CRYPTO_BLAKE2S="y";
CRYPTO_LIB_BLAKE2S_GENERIC="y";
CRYPTO_LIB_POLY1305_RSIZE="2";
CRYPTO_RNG2="y";
CSRC_R4K="y";
DMA_NONCOHERENT="y";
DTC="y";
EARLY_PRINTK="y";
FIXED_PHY="y";
FWNODE_MDIO="y";
FW_LOADER_PAGED_BUF="y";
GENERIC_ATOMIC64="y";
GENERIC_CLOCKEVENTS="y";
GENERIC_CMOS_UPDATE="y";
GENERIC_CPU_AUTOPROBE="y";
GENERIC_FIND_FIRST_BIT="y";
GENERIC_GETTIMEOFDAY="y";
GENERIC_IOMAP="y";
GENERIC_IRQ_CHIP="y";
GENERIC_IRQ_EFFECTIVE_AFF_MASK="y";
GENERIC_IRQ_SHOW="y";
GENERIC_LIB_ASHLDI3="y";
GENERIC_LIB_ASHRDI3="y";
GENERIC_LIB_CMPDI2="y";
GENERIC_LIB_LSHRDI3="y";
GENERIC_LIB_UCMPDI2="y";
GENERIC_PCI_IOMAP="y";
GENERIC_PHY="y";
#GENERIC_PINCONF="y";
#GENERIC_PINCTRL_GROUPS="y";
#GENERIC_PINMUX_FUNCTIONS="y";
GENERIC_SCHED_CLOCK="y";
GENERIC_SMP_IDLE_THREAD="y";
GENERIC_TIME_VSYSCALL="y";
GPIOLIB_IRQCHIP="y";
GPIO_74X164="y";
GPIO_ATH79="y";
GPIO_CDEV="y";
GPIO_GENERIC="y";
HANDLE_DOMAIN_IRQ="y";
HARDWARE_WATCHPOINTS="y";
HAS_DMA="y";
HAS_IOMEM="y";
HAS_IOPORT_MAP="y";
HZ_PERIODIC="y";
#IMAGE_CMDLINE_HACK="y";
#INITRAMFS_SOURCE="";
IRQCHIP="y";
IRQ_DOMAIN="y";
IRQ_FORCED_THREADING="y";
IRQ_MIPS_CPU="y";
IRQ_WORK="y";
#LEDS_GPIO="y";
LIBFDT="y";
LOCK_DEBUGGING_SUPPORT="y";
MDIO_BITBANG="y";
MDIO_BUS="y";
MDIO_DEVICE="y";
MDIO_DEVRES="y";
MDIO_GPIO="y";
MEMFD_CREATE="y";
MFD_SYSCON="y";
MIGRATION="y";
MIPS="y";
MIPS_ASID_BITS="8";
MIPS_ASID_SHIFT="0";
MIPS_CLOCK_VSYSCALL="y";
#MIPS_CMDLINE_FROM_DTB="y";
#MIPS_EBPF_JIT="y";
MIPS_L1_CACHE_SHIFT="5";
MIPS_LD_CAN_LINK_VDSO="y";
#MIPS_RAW_APPENDED_DTB="y";
MIPS_SPRAM="y";
MODULES_USE_ELF_REL="y";
MTD_CFI="y";
MTD_GEN_PROBE="y";
MTD_CFI_ADV_OPTIONS="y";
MTD_CFI_GEOMETRY="y";
MTD_CMDLINE_PARTS="y";
MTD_PARSER_CYBERTAN="y";
MTD_PHYSMAP="y";
MTD_SPI_NOR="y";
MTD_SPLIT_ELF_FW="y";
MTD_SPLIT_LZMA_FW="y";
MTD_SPLIT_SEAMA_FW="y";
MTD_SPLIT_TPLINK_FW="y";
MTD_SPLIT_UIMAGE_FW="y";
MTD_SPLIT_WRGG_FW="y";
MTD_VIRT_CONCAT="y";
NEED_DMA_MAP_STATE="y";
NEED_PER_CPU_KM="y";
NET_SELFTESTS="y";
NO_GENERIC_PCI_IOPORT_MAP="y";
NVMEM="y";
OF="y";
OF_ADDRESS="y";
OF_EARLY_FLATTREE="y";
OF_FLATTREE="y";
OF_GPIO="y";
OF_IRQ="y";
OF_KOBJ="y";
OF_MDIO="y";
PCI="y";
PCI_AR71XX="y";
PCI_AR724X="y";
PCI_DISABLE_COMMON_QUIRKS="y";
PCI_DOMAINS="y";
PCI_DRIVERS_LEGACY="y";
PERF_USE_VMALLOC="y";
PGTABLE_LEVELS="2";
PHYLIB="y";
PINCTRL="y";
PTP_1588_CLOCK_OPTIONAL="y";
RATIONAL="y";
REGMAP="y";
REGMAP_MMIO="y";
REGULATOR="y";
RESET_ATH79="y";
RESET_CONTROLLER="y";
SERIAL_8250="y";
SERIAL_8250_CONSOLE="y";
SERIAL_8250_NR_UARTS="1";
SERIAL_8250_RUNTIME_UARTS="1";
SERIAL_AR933X="y";
SERIAL_AR933X_CONSOLE="y";
SERIAL_AR933X_NR_UARTS="2";
SERIAL_MCTRL_GPIO="y";
SERIAL_OF_PLATFORM="y";
SPI="y";
SPI_AR934X="y";
SPI_ATH79="y";
SPI_BITBANG="y";
SPI_GPIO="y";
SPI_MASTER="y";
SPI_MEM="y";
SRCU="y";
SWCONFIG="y";
#SWCONFIG_LEDS="y";
SWPHY="y";
SYSCTL_EXCEPTION_TRACE="y";
SYS_HAS_CPU_MIPS32_R2="y";
SYS_HAS_EARLY_PRINTK="y";
SYS_SUPPORTS_32BIT_KERNEL="y";
SYS_SUPPORTS_ARBIT_HZ="y";
SYS_SUPPORTS_BIG_ENDIAN="y";
SYS_SUPPORTS_MIPS16="y";
SYS_SUPPORTS_ZBOOT="y";
SYS_SUPPORTS_ZBOOT_UART_PROM="y";
TARGET_ISA_REV="2";
TICK_CPU_ACCOUNTING="y";
TINY_SRCU="y";
USB_SUPPORT="y";
USE_OF="y";
};
conditionalConfig = {
WLAN = {
#MT7915E = "m";
};
};
};
boot = {
commandLine = [ "console=ttyS0,115200" ];
tftp = {
# Should be a segment of free RAM, where the tftp artifact
# can be stored before unpacking it to the 'hardware.loadAddress'
# The commands in 'printenv' for 'lu', 'lf' and 'lk'
# seem to suggest files are trtp'ed to 0x80060000 before
# copying them to the flash, so let's try that.
loadAddress = lim.parseInt "0x80060000";
appendDTB = true;
};
};
filesystem =
let inherit (pkgs.pseudofile) dir symlink;
in
dir {
lib = dir {
firmware = dir {
mediatek = symlink firmware;
};
};
};
hardware =
let
openwrt = pkgs.openwrt;
mac80211 = pkgs.kmodloader.override {
inherit (config.system.outputs) kernel;
targets = [ /*TODO "ath9k"*/ ];
};
in {
# from openwrt bootlog
# [ 0.896994] 5 tp-link partitions found on MTD device spi0.0
# [ 0.902676] Creating 5 MTD partitions on "spi0.0":
# [ 0.907544] 0x000000000000-0x000000020000 : "u-boot"
# [ 0.913624] 0x000000020000-0x0000001a3cc8 : "kernel"
# [ 0.920249] 0x0000001a3cc8-0x0000007f0000 : "rootfs"
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
# [ 0.931748] 1 squashfs-split partitions found on MTD device rootfs
# [ 0.938019] 0x0000003b0000-0x0000007f0000 : "rootfs_data"
# [ 0.945224] 0x0000007f0000-0x000000800000 : "art"
# [ 0.951066] 0x000000020000-0x0000007f0000 : "firmware"
flash = {
# from the uboot bootlog 'Booting image at 9f020000'
# (0x20000 from 0x9f000000)
# also confirmed from default bootcmd in env: "bootm 0x9f020000"
address = lim.parseInt "0x9f020000";
# 0x000000020000-0x0000007f0000
size = lim.parseInt "0x7d0000";
# TODO: find in /proc/mtd on a running system
eraseBlockSize = 65536;
};
# guessed - might also be mtdimage? or something else?
defaultOutput = "uimage";
# not found in openwrt sysupgrade image:
# openwrt-23.05.2-ath79-generic-tplink_archer-c7-v1-squashfs-sysupgrade.bin: firmware 7500 v1 OpenWrt r23630-842932a63d, 8126464 bytes or less, at 0x200 2329811 bytes , at 0x238ed4 3676624 bytes \012- Squashfs filesystem, little endian, version 4.0, xz compressed, 3676624 bytes, 1352 inodes, blocksize: 262144 bytes, created: Tue Nov 14 13:38:11 2023
loadAddress = lim.parseInt "0x80001000";
entryPoint = lim.parseInt "0x80001000";
# from openwrt bootlog:
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
rootDevice = "/dev/mtdblock2";
dts = {
src = "${openwrt.src}/target/linux/ath79/dts/qca9558_tplink_archer-c7-v1.dts";
includes = [
"${openwrt.src}/target/linux/ath79/dts"
#"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
];
};
networkInterfaces =
let
inherit (config.system.service.network) link;
inherit (config.system.service) bridge;
in rec {
lan1 = link.build { ifname = "lan1"; };
lan2 = link.build { ifname = "lan2"; };
lan3 = link.build { ifname = "lan3"; };
lan4 = link.build { ifname = "lan4"; };
wan = link.build { ifname = "wan"; };
wlan = link.build {
ifname = "wlan0";
dependencies = [ mac80211 ];
};
#wlan5 = link.build {
# ifname = "wlan1";
# dependencies = [ mac80211 ];
#};
};
};
};
};
}

View File

@ -137,5 +137,17 @@ in rec {
gid=500; usernames = ["backup"];
};
defaultProfile.packages = with pkgs; [e2fsprogs strace tcpdump ];
defaultProfile.packages = with pkgs; [
e2fsprogs
mtdutils
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
}

View File

@ -59,6 +59,7 @@ in
extraRules = mkOption {
type = types.attrsOf types.attrs;
description = "firewall ruleset";
default = {};
};
rules = mkOption {
type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-)
@ -73,13 +74,17 @@ in
};
in svc.build args' ;
};
programs.busybox.applets = [
"insmod" "rmmod"
];
kernel.config = {
NETFILTER = "y";
NETFILTER_ADVANCED = "y";
NETFILTER_NETLINK = "m";
NF_CONNTRACK = "m";
NETLINK_DIAG = "y";
IP6_NF_IPTABLES= "m";
IP_NF_IPTABLES = "m";
IP_NF_NAT = "m";

View File

@ -4,7 +4,7 @@
, systemconfig
, execline
, lib
, services ? null
, config ? {}
, liminix
, pseudofile
, pkgs
@ -12,6 +12,7 @@
let
inherit (pseudofile) dir symlink;
inherit (liminix.services) oneshot;
paramConfig = config;
newRoot = "/run/maintenance";
sysconfig =
let
@ -25,8 +26,8 @@ let
emptyenv chroot . /bin/init
'';
base = {...} : {
config = {
services = services // {
config = {
services = {
banner = oneshot {
name = "banner";
up = "cat /etc/banner > /dev/console";
@ -60,6 +61,7 @@ let
../../modules/users.nix
../../modules/busybox.nix
base
({ ... } : paramConfig)
../../modules/s6
];
};

View File

@ -11,7 +11,7 @@ test -n "$contents" && for d in $contents; do
touch $out/${name}/contents.d/$d
done
for i in timeout-up timeout-down run notification-fd up down consumer-for producer-for pipeline-name restart-on-upgrade; do
for i in timeout-up timeout-down run notification-fd up down finish consumer-for producer-for pipeline-name restart-on-upgrade; do
test -n "$(printenv $i)" && (echo "$(printenv $i)" > $out/${name}/$i)
done

View File

@ -18,6 +18,7 @@ let
${commands}
'';
cleanupScript = name : ''
#!/bin/sh
if test -d ${prefix}/${name} ; then rm -rf ${prefix}/${name} ; fi
'';
service = {
@ -26,6 +27,7 @@ let
, run ? null
, up ? null
, down ? null
, finish ? null
, outputs ? []
, notification-fd ? null
, producer-for ? null
@ -41,7 +43,7 @@ let
stdenvNoCC.mkDerivation {
# we use stdenvNoCC to avoid generating derivations with names
# like foo.service-mips-linux-musl
inherit name serviceType up down run notification-fd
inherit name serviceType up down run finish notification-fd
producer-for consumer-for pipeline-name timeout-up timeout-down;
restart-on-upgrade = isTrigger;
buildInputs = buildInputs ++ dependencies ++ contents;
@ -70,7 +72,8 @@ let
in service (args // {
buildInputs = buildInputs ++ [ logger ];
serviceType = "longrun";
run = serviceScript "${run}\n${cleanupScript name}";
run = serviceScript run;
finish = cleanupScript name;
producer-for = "${name}-log";
});