raboof/liminix
1
0
Fork 0
forked from dan/liminix
Code Pull Requests Activity

Compare commits

base: raboof:7d08497bcbf2486be154c654c339c94ec5b1aa59
Branches Tags
raboof:main
raboof:openwrt-one
raboof:typo
raboof:tftpboot-fit
raboof:linux-version-with-openwrt
raboof:tp-archer-c7
raboof:archer-wired-extender
raboof:add-archer-ax23-v1-bak
raboof:tftp-old-uboot
raboof:add-archer-ax23-v1
raboof:openwrt-update-to-v23.05.2
raboof:hardware-recommendations
raboof:armv7
raboof:hark-how-all-the-belkin-rings
raboof:first-do-no-arm
raboof:doc-do-over
raboof:module-based-network
dan:v1.0.0
...
compare: raboof:ac8b456c29a169a71bd22a300ccd2b637383ec9c
Branches Tags
raboof:openwrt-one
raboof:typo
raboof:tftpboot-fit
raboof:linux-version-with-openwrt
raboof:tp-archer-c7
raboof:archer-wired-extender
raboof:add-archer-ax23-v1-bak
raboof:tftp-old-uboot
raboof:add-archer-ax23-v1
raboof:openwrt-update-to-v23.05.2
raboof:hardware-recommendations
raboof:main
raboof:armv7
raboof:hark-how-all-the-belkin-rings
raboof:first-do-no-arm
raboof:doc-do-over
raboof:module-based-network
dan:main
dan:nftables-turned
dan:firescape
dan:runciter
dan:wip-pstore-tls
dan:fallover
dan:lte
dan:gateway-profile
dan:tftpboot-append-dtb
dan:mainline-omnia-wip
dan:armv7
dan:hark-how-all-the-belkin-rings
dan:first-do-no-arm
dan:doc-do-over
dan:module-based-network
dan:v1.0.0

10 Commits
7d08497bcb ... ac8b456c29

Author SHA1 Message Date
Arnout Engelen
ac8b456c29
WIP: add device TP-link Archer C7 v1 2024-05-18 23:38:35 +02:00
Daniel Barlow
471c63b399 s6-rc do cleanup in "finish", don't append to "run" script 
s6-supervise sends signals (e.g. SIGTERM) to the pid of the process
running "run", so how do we know if the ceanup commands are even
getting executed if the shell interpreter that is supposed to do that
got killed already?
 2024-05-13 17:53:02 +01:00
Daniel Barlow
782feaeafa set default for firewall extraRules 2024-05-03 16:28:53 +01:00
Daniel Barlow
ac54c89427 add busybox to bordervm for udhcpd 2024-05-01 23:09:23 +01:00
Daniel Barlow
5a3646cb29 add authorized keys to bordervm 
You don't often need this because it has autologin, but sometimes
you want to do antics involving sshing through it to the wan port
of a test device.

Note that you probably wanted to start bordervm with funny qemu
options to even make that possible

 nix-shell --run "QEMU_NET_OPTS=hostfwd=tcp::10022-:22 run-border-vm"
 2024-05-01 23:07:11 +01:00
Daniel Barlow
e249f48cff add deps on {ins,rm}mod and kconfig for firewall module 2024-05-01 23:06:12 +01:00
Daniel Barlow
6661e42684 mt300a tftpboot needs appendDTB 2024-05-01 23:04:25 +01:00
Daniel Barlow
b9ba9ef835 mt300a remove unneeded service dependencies 2024-05-01 23:03:55 +01:00
Daniel Barlow
8b69dcc209 pass entire config fragment to levitate, not just services 
to make it useful we need to be able to set packages, passwords, ssh
keys etc
 2024-04-29 20:07:01 +01:00
Daniel Barlow
9b3a3b9ff7 add levitate to arhcive 
this is largely untested
 2024-04-28 21:38:13 +01:00
9 changed files with 406 additions and 12 deletions
Show Stats Expand all files Collapse all files

19
NEWS
View File

@ -84,3 +84,22 @@ sponsoring this development (and funding the hardware)
New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX, New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX,
an MT7621 (MIPS EL) dual radio WiFi AP. an MT7621 (MIPS EL) dual radio WiFi AP.
2024-04-29
The setup for using `levitate` has changed: now it accepts an entire
config fragment, not just a list of services. Hopefully this makes it
a bit more useful :-)
defaultProfile.packages = with pkgs; [
...
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];

6
bordervm-configuration.nix
View File

@ -4,6 +4,10 @@ let
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals; inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
in { in {
options.bordervm = { options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [];
};
l2tp = { l2tp = {
host = mkOption { host = mkOption {
description = mdDoc '' description = mdDoc ''
@ -108,6 +112,7 @@ in {
tufted tufted
iptables iptables
usbutils usbutils
busybox
]; ];
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
networking = { networking = {
@ -122,6 +127,7 @@ in {
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
extraGroups = [ "wheel"]; extraGroups = [ "wheel"];
openssh.authorizedKeys.keys = cfg.keys;
}; };
services.getty.autologinUser = "liminix"; services.getty.autologinUser = "liminix";
}; };

5
devices/gl-mt300a/default.nix
View File

@ -110,13 +110,11 @@
ifname = "eth0.1"; ifname = "eth0.1";
primary = eth; primary = eth;
vid = "1"; vid = "1";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
}; };
wan = vlan.build { wan = vlan.build {
ifname = "eth0.2"; ifname = "eth0.2";
primary = eth; primary = eth;
vid = "2"; vid = "2";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
}; };
wlan = link.build { wlan = link.build {
ifname = "wlan0"; ifname = "wlan0";
@ -126,7 +124,8 @@
}; };
boot.tftp = { boot.tftp = {
loadAddress = lim.parseInt "0x00A00000"; loadAddress = lim.parseInt "0x00A00000";
}; appendDTB = true;
};
kernel = { kernel = {
src = pkgs.fetchurl { src = pkgs.fetchurl {

348
devices/tp-archer-c7-v1/default.nix Normal file
View File

@ -0,0 +1,348 @@
{
description = ''
TP-Link Archer C7 1.1
*********************
Hardware summary
================
- Qualcomm Atheros QCA9558 ver 1 rev 0 (720MHz, MIPS 74Kc)
- 8MB Flash
- 128MB RAM
- WLan hardware: Qualcomm Atheros QCA9558, Qualcomm Atheros QCA9880-AR1A
Limitations
===========
5G is not supported on the v1 revision
ath10k may cause a bootloop, build without ath10k there
'';
system = {
crossSystem = {
config = "mips-unknown-linux-musl";
gcc = {
abi = "32";
arch = "74kc";
};
};
};
module = {pkgs, config, lib, lim, ... }:
let firmware = pkgs.stdenv.mkDerivation {
name = "wlan-firmware";
phases = ["installPhase"];
installPhase = ''
mkdir $out
cp -r ${pkgs.linux-firmware}/lib/firmware/ath10k/QCA988X $out
'';
};
in {
imports = [
../../modules/arch/mips.nix
../../modules/outputs/tftpboot.nix
../../modules/outputs/jffs2.nix
];
config = {
kernel = {
src = pkgs.pkgsBuildBuild.fetchurl {
name = "linux.tar.gz";
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.137.tar.gz";
hash = "sha256-PkdzUKZ0IpBiWe/RS70J76JKnBFzRblWcKlaIFNxnHQ=";
};
extraPatchPhase = ''
${pkgs.openwrt.applyPatches.ath79}
'';
config = {
# Initially taken from openwrt's ./target/linux/ath79/config-5.15,
# then tweaked here and there
AG71XX="y";
AG71XX_DEBUG_FS="y";
AR8216_PHY="y";
#AR8216_PHY_LEDS="y";
ARCH_32BIT_OFF_T="y";
ARCH_HIBERNATION_POSSIBLE="y";
ARCH_KEEP_MEMBLOCK="y";
ARCH_MMAP_RND_BITS_MAX="15";
ARCH_MMAP_RND_COMPAT_BITS_MAX="15";
ARCH_SUSPEND_POSSIBLE="y";
AT803X_PHY="y";
ATH79="y";
WATCHDOG="y";
ATH79_WDT="y";
BLK_MQ_PCI="y";
CEVT_R4K="y";
CLONE_BACKWARDS="y";
#CMDLINE="rootfstype=squashfs,jffs2";
CMDLINE_BOOL="y";
COMMON_CLK="y";
COMPAT_32BIT_TIME="y";
CPU_BIG_ENDIAN="y";
CPU_GENERIC_DUMP_TLB="y";
CPU_HAS_DIEI="y";
CPU_HAS_PREFETCH="y";
CPU_HAS_RIXI="y";
CPU_HAS_SYNC="y";
CPU_MIPS32="y";
CPU_MIPS32_R2="y";
CPU_MIPSR2="y";
CPU_NEEDS_NO_SMARTMIPS_OR_MICROMIPS="y";
CPU_R4K_CACHE_TLB="y";
CPU_SUPPORTS_32BIT_KERNEL="y";
CPU_SUPPORTS_HIGHMEM="y";
CPU_SUPPORTS_MSA="y";
#CRYPTO_BLAKE2S="y";
CRYPTO_LIB_BLAKE2S_GENERIC="y";
CRYPTO_LIB_POLY1305_RSIZE="2";
CRYPTO_RNG2="y";
CSRC_R4K="y";
DMA_NONCOHERENT="y";
DTC="y";
EARLY_PRINTK="y";
FIXED_PHY="y";
FWNODE_MDIO="y";
FW_LOADER_PAGED_BUF="y";
GENERIC_ATOMIC64="y";
GENERIC_CLOCKEVENTS="y";
GENERIC_CMOS_UPDATE="y";
GENERIC_CPU_AUTOPROBE="y";
GENERIC_FIND_FIRST_BIT="y";
GENERIC_GETTIMEOFDAY="y";
GENERIC_IOMAP="y";
GENERIC_IRQ_CHIP="y";
GENERIC_IRQ_EFFECTIVE_AFF_MASK="y";
GENERIC_IRQ_SHOW="y";
GENERIC_LIB_ASHLDI3="y";
GENERIC_LIB_ASHRDI3="y";
GENERIC_LIB_CMPDI2="y";
GENERIC_LIB_LSHRDI3="y";
GENERIC_LIB_UCMPDI2="y";
GENERIC_PCI_IOMAP="y";
GENERIC_PHY="y";
#GENERIC_PINCONF="y";
#GENERIC_PINCTRL_GROUPS="y";
#GENERIC_PINMUX_FUNCTIONS="y";
GENERIC_SCHED_CLOCK="y";
GENERIC_SMP_IDLE_THREAD="y";
GENERIC_TIME_VSYSCALL="y";
GPIOLIB_IRQCHIP="y";
GPIO_74X164="y";
GPIO_ATH79="y";
GPIO_CDEV="y";
GPIO_GENERIC="y";
HANDLE_DOMAIN_IRQ="y";
HARDWARE_WATCHPOINTS="y";
HAS_DMA="y";
HAS_IOMEM="y";
HAS_IOPORT_MAP="y";
HZ_PERIODIC="y";
#IMAGE_CMDLINE_HACK="y";
#INITRAMFS_SOURCE="";
IRQCHIP="y";
IRQ_DOMAIN="y";
IRQ_FORCED_THREADING="y";
IRQ_MIPS_CPU="y";
IRQ_WORK="y";
#LEDS_GPIO="y";
LIBFDT="y";
LOCK_DEBUGGING_SUPPORT="y";
MDIO_BITBANG="y";
MDIO_BUS="y";
MDIO_DEVICE="y";
MDIO_DEVRES="y";
MDIO_GPIO="y";
MEMFD_CREATE="y";
MFD_SYSCON="y";
MIGRATION="y";
MIPS="y";
MIPS_ASID_BITS="8";
MIPS_ASID_SHIFT="0";
MIPS_CLOCK_VSYSCALL="y";
#MIPS_CMDLINE_FROM_DTB="y";
#MIPS_EBPF_JIT="y";
MIPS_L1_CACHE_SHIFT="5";
MIPS_LD_CAN_LINK_VDSO="y";
#MIPS_RAW_APPENDED_DTB="y";
MIPS_SPRAM="y";
MODULES_USE_ELF_REL="y";
MTD_CFI="y";
MTD_GEN_PROBE="y";
MTD_CFI_ADV_OPTIONS="y";
MTD_CFI_GEOMETRY="y";
MTD_CMDLINE_PARTS="y";
MTD_PARSER_CYBERTAN="y";
MTD_PHYSMAP="y";
MTD_SPI_NOR="y";
MTD_SPLIT_ELF_FW="y";
MTD_SPLIT_LZMA_FW="y";
MTD_SPLIT_SEAMA_FW="y";
MTD_SPLIT_TPLINK_FW="y";
MTD_SPLIT_UIMAGE_FW="y";
MTD_SPLIT_WRGG_FW="y";
MTD_VIRT_CONCAT="y";
NEED_DMA_MAP_STATE="y";
NEED_PER_CPU_KM="y";
NET_SELFTESTS="y";
NO_GENERIC_PCI_IOPORT_MAP="y";
NVMEM="y";
OF="y";
OF_ADDRESS="y";
OF_EARLY_FLATTREE="y";
OF_FLATTREE="y";
OF_GPIO="y";
OF_IRQ="y";
OF_KOBJ="y";
OF_MDIO="y";
PCI="y";
PCI_AR71XX="y";
PCI_AR724X="y";
PCI_DISABLE_COMMON_QUIRKS="y";
PCI_DOMAINS="y";
PCI_DRIVERS_LEGACY="y";
PERF_USE_VMALLOC="y";
PGTABLE_LEVELS="2";
PHYLIB="y";
PINCTRL="y";
PTP_1588_CLOCK_OPTIONAL="y";
RATIONAL="y";
REGMAP="y";
REGMAP_MMIO="y";
REGULATOR="y";
RESET_ATH79="y";
RESET_CONTROLLER="y";
SERIAL_8250="y";
SERIAL_8250_CONSOLE="y";
SERIAL_8250_NR_UARTS="1";
SERIAL_8250_RUNTIME_UARTS="1";
SERIAL_AR933X="y";
SERIAL_AR933X_CONSOLE="y";
SERIAL_AR933X_NR_UARTS="2";
SERIAL_MCTRL_GPIO="y";
SERIAL_OF_PLATFORM="y";
SPI="y";
SPI_AR934X="y";
SPI_ATH79="y";
SPI_BITBANG="y";
SPI_GPIO="y";
SPI_MASTER="y";
SPI_MEM="y";
SRCU="y";
SWCONFIG="y";
#SWCONFIG_LEDS="y";
SWPHY="y";
SYSCTL_EXCEPTION_TRACE="y";
SYS_HAS_CPU_MIPS32_R2="y";
SYS_HAS_EARLY_PRINTK="y";
SYS_SUPPORTS_32BIT_KERNEL="y";
SYS_SUPPORTS_ARBIT_HZ="y";
SYS_SUPPORTS_BIG_ENDIAN="y";
SYS_SUPPORTS_MIPS16="y";
SYS_SUPPORTS_ZBOOT="y";
SYS_SUPPORTS_ZBOOT_UART_PROM="y";
TARGET_ISA_REV="2";
TICK_CPU_ACCOUNTING="y";
TINY_SRCU="y";
USB_SUPPORT="y";
USE_OF="y";
};
conditionalConfig = {
WLAN = {
#MT7915E = "m";
};
};
};
boot = {
commandLine = [ "console=ttyS0,115200" ];
tftp = {
# Should be a segment of free RAM, where the tftp artifact
# can be stored before unpacking it to the 'hardware.loadAddress'
# The commands in 'printenv' for 'lu', 'lf' and 'lk'
# seem to suggest files are trtp'ed to 0x80060000 before
# copying them to the flash, so let's try that.
loadAddress = lim.parseInt "0x80060000";
appendDTB = true;
};
};
filesystem =
let inherit (pkgs.pseudofile) dir symlink;
in
dir {
lib = dir {
firmware = dir {
mediatek = symlink firmware;
};
};
};
hardware =
let
openwrt = pkgs.openwrt;
mac80211 = pkgs.kmodloader.override {
inherit (config.system.outputs) kernel;
targets = [ /*TODO "ath9k"*/ ];
};
in {
# from openwrt bootlog
# [ 0.896994] 5 tp-link partitions found on MTD device spi0.0
# [ 0.902676] Creating 5 MTD partitions on "spi0.0":
# [ 0.907544] 0x000000000000-0x000000020000 : "u-boot"
# [ 0.913624] 0x000000020000-0x0000001a3cc8 : "kernel"
# [ 0.920249] 0x0000001a3cc8-0x0000007f0000 : "rootfs"
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
# [ 0.931748] 1 squashfs-split partitions found on MTD device rootfs
# [ 0.938019] 0x0000003b0000-0x0000007f0000 : "rootfs_data"
# [ 0.945224] 0x0000007f0000-0x000000800000 : "art"
# [ 0.951066] 0x000000020000-0x0000007f0000 : "firmware"
flash = {
# from the uboot bootlog 'Booting image at 9f020000'
# (0x20000 from 0x9f000000)
# also confirmed from default bootcmd in env: "bootm 0x9f020000"
address = lim.parseInt "0x9f020000";
# 0x000000020000-0x0000007f0000
size = lim.parseInt "0x7d0000";
# TODO: find in /proc/mtd on a running system
eraseBlockSize = 65536;
};
# guessed - might also be mtdimage? or something else?
defaultOutput = "uimage";
# not found in openwrt sysupgrade image:
# openwrt-23.05.2-ath79-generic-tplink_archer-c7-v1-squashfs-sysupgrade.bin: firmware 7500 v1 OpenWrt r23630-842932a63d, 8126464 bytes or less, at 0x200 2329811 bytes , at 0x238ed4 3676624 bytes \012- Squashfs filesystem, little endian, version 4.0, xz compressed, 3676624 bytes, 1352 inodes, blocksize: 262144 bytes, created: Tue Nov 14 13:38:11 2023
loadAddress = lim.parseInt "0x80001000";
entryPoint = lim.parseInt "0x80001000";
# from openwrt bootlog:
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
rootDevice = "/dev/mtdblock2";
dts = {
src = "${openwrt.src}/target/linux/ath79/dts/qca9558_tplink_archer-c7-v1.dts";
includes = [
"${openwrt.src}/target/linux/ath79/dts"
#"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
];
};
networkInterfaces =
let
inherit (config.system.service.network) link;
inherit (config.system.service) bridge;
in rec {
lan1 = link.build { ifname = "lan1"; };
lan2 = link.build { ifname = "lan2"; };
lan3 = link.build { ifname = "lan3"; };
lan4 = link.build { ifname = "lan4"; };
wan = link.build { ifname = "wan"; };
wlan = link.build {
ifname = "wlan0";
dependencies = [ mac80211 ];
};
#wlan5 = link.build {
# ifname = "wlan1";
# dependencies = [ mac80211 ];
#};
};
};
};
};
}

14
examples/arhcive.nix
View File

@ -137,5 +137,17 @@ in rec {
gid=500; usernames = ["backup"]; gid=500; usernames = ["backup"];
}; };
defaultProfile.packages = with pkgs; [e2fsprogs strace tcpdump ]; defaultProfile.packages = with pkgs; [
e2fsprogs
mtdutils
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
} }

7
modules/firewall/default.nix
View File

@ -59,6 +59,7 @@ in
extraRules = mkOption { extraRules = mkOption {
type = types.attrsOf types.attrs; type = types.attrsOf types.attrs;
description = "firewall ruleset"; description = "firewall ruleset";
default = {};
}; };
rules = mkOption { rules = mkOption {
type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-) type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-)
@ -73,13 +74,17 @@ in
}; };
in svc.build args' ; in svc.build args' ;
}; };
programs.busybox.applets = [
"insmod" "rmmod"
];
kernel.config = { kernel.config = {
NETFILTER = "y"; NETFILTER = "y";
NETFILTER_ADVANCED = "y"; NETFILTER_ADVANCED = "y";
NETFILTER_NETLINK = "m"; NETFILTER_NETLINK = "m";
NF_CONNTRACK = "m"; NF_CONNTRACK = "m";
NETLINK_DIAG = "y";
IP6_NF_IPTABLES= "m"; IP6_NF_IPTABLES= "m";
IP_NF_IPTABLES = "m"; IP_NF_IPTABLES = "m";
IP_NF_NAT = "m"; IP_NF_NAT = "m";

8
pkgs/levitate/default.nix
View File

@ -4,7 +4,7 @@
, systemconfig , systemconfig
, execline , execline
, lib , lib
, services ? null , config ? {}
, liminix , liminix
, pseudofile , pseudofile
, pkgs , pkgs
@ -12,6 +12,7 @@
let let
inherit (pseudofile) dir symlink; inherit (pseudofile) dir symlink;
inherit (liminix.services) oneshot; inherit (liminix.services) oneshot;
paramConfig = config;
newRoot = "/run/maintenance"; newRoot = "/run/maintenance";
sysconfig = sysconfig =
let let
@ -25,8 +26,8 @@ let
emptyenv chroot . /bin/init emptyenv chroot . /bin/init
''; '';
base = {...} : { base = {...} : {
config = { config = {
services = services // { services = {
banner = oneshot { banner = oneshot {
name = "banner"; name = "banner";
up = "cat /etc/banner > /dev/console"; up = "cat /etc/banner > /dev/console";
@ -60,6 +61,7 @@ let
../../modules/users.nix ../../modules/users.nix
../../modules/busybox.nix ../../modules/busybox.nix
base base
({ ... } : paramConfig)
../../modules/s6 ../../modules/s6
]; ];
}; };

2
pkgs/liminix-tools/services/builder.sh
View File

@ -11,7 +11,7 @@ test -n "$contents" && for d in $contents; do
touch $out/${name}/contents.d/$d touch $out/${name}/contents.d/$d
done done
for i in timeout-up timeout-down run notification-fd up down consumer-for producer-for pipeline-name restart-on-upgrade; do for i in timeout-up timeout-down run notification-fd up down finish consumer-for producer-for pipeline-name restart-on-upgrade; do
test -n "$(printenv $i)" && (echo "$(printenv $i)" > $out/${name}/$i) test -n "$(printenv $i)" && (echo "$(printenv $i)" > $out/${name}/$i)
done done

7
pkgs/liminix-tools/services/default.nix
View File

@ -18,6 +18,7 @@ let
${commands} ${commands}
''; '';
cleanupScript = name : '' cleanupScript = name : ''
#!/bin/sh
if test -d ${prefix}/${name} ; then rm -rf ${prefix}/${name} ; fi if test -d ${prefix}/${name} ; then rm -rf ${prefix}/${name} ; fi
''; '';
service = { service = {
@ -26,6 +27,7 @@ let
, run ? null , run ? null
, up ? null , up ? null
, down ? null , down ? null
, finish ? null
, outputs ? [] , outputs ? []
, notification-fd ? null , notification-fd ? null
, producer-for ? null , producer-for ? null
@ -41,7 +43,7 @@ let
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
# we use stdenvNoCC to avoid generating derivations with names # we use stdenvNoCC to avoid generating derivations with names
# like foo.service-mips-linux-musl # like foo.service-mips-linux-musl
inherit name serviceType up down run notification-fd inherit name serviceType up down run finish notification-fd
producer-for consumer-for pipeline-name timeout-up timeout-down; producer-for consumer-for pipeline-name timeout-up timeout-down;
restart-on-upgrade = isTrigger; restart-on-upgrade = isTrigger;
buildInputs = buildInputs ++ dependencies ++ contents; buildInputs = buildInputs ++ dependencies ++ contents;
@ -70,7 +72,8 @@ let
in service (args // { in service (args // {
buildInputs = buildInputs ++ [ logger ]; buildInputs = buildInputs ++ [ logger ];
serviceType = "longrun"; serviceType = "longrun";
run = serviceScript "${run}\n${cleanupScript name}"; run = serviceScript run;
finish = cleanupScript name;
producer-for = "${name}-log"; producer-for = "${name}-log";
}); });