raboof/liminix
1
0
Fork 0
forked from dan/liminix
Code Pull Requests Activity

Compare commits

base: raboof:ac8b456c29a169a71bd22a300ccd2b637383ec9c
Branches Tags
raboof:main
raboof:openwrt-one
raboof:typo
raboof:tftpboot-fit
raboof:linux-version-with-openwrt
raboof:tp-archer-c7
raboof:archer-wired-extender
raboof:add-archer-ax23-v1-bak
raboof:tftp-old-uboot
raboof:add-archer-ax23-v1
raboof:openwrt-update-to-v23.05.2
raboof:hardware-recommendations
raboof:armv7
raboof:hark-how-all-the-belkin-rings
raboof:first-do-no-arm
raboof:doc-do-over
raboof:module-based-network
dan:v1.0.0
..
compare: raboof:7d08497bcbf2486be154c654c339c94ec5b1aa59
Branches Tags
raboof:openwrt-one
raboof:typo
raboof:tftpboot-fit
raboof:linux-version-with-openwrt
raboof:tp-archer-c7
raboof:archer-wired-extender
raboof:add-archer-ax23-v1-bak
raboof:tftp-old-uboot
raboof:add-archer-ax23-v1
raboof:openwrt-update-to-v23.05.2
raboof:hardware-recommendations
raboof:main
raboof:armv7
raboof:hark-how-all-the-belkin-rings
raboof:first-do-no-arm
raboof:doc-do-over
raboof:module-based-network
dan:main
dan:nftables-turned
dan:firescape
dan:runciter
dan:wip-pstore-tls
dan:fallover
dan:lte
dan:gateway-profile
dan:tftpboot-append-dtb
dan:mainline-omnia-wip
dan:armv7
dan:hark-how-all-the-belkin-rings
dan:first-do-no-arm
dan:doc-do-over
dan:module-based-network
dan:v1.0.0

No commits in common. "ac8b456c29a169a71bd22a300ccd2b637383ec9c" and "7d08497bcbf2486be154c654c339c94ec5b1aa59" have entirely different histories.
ac8b456c29 ... 7d08497bcb

9 changed files with 12 additions and 406 deletions
Show Stats Expand all files Collapse all files

21
NEWS
View File

@ -83,23 +83,4 @@ sponsoring this development (and funding the hardware)
2024-02-21
New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX,
an MT7621 (MIPS EL) dual radio WiFi AP.
2024-04-29
The setup for using `levitate` has changed: now it accepts an entire
config fragment, not just a list of services. Hopefully this makes it
a bit more useful :-)
defaultProfile.packages = with pkgs; [
...
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
an MT7621 (MIPS EL) dual radio WiFi AP.

6
bordervm-configuration.nix
View File

@ -4,10 +4,6 @@ let
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
in {
options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [];
};
l2tp = {
host = mkOption {
description = mdDoc ''
@ -112,7 +108,6 @@ in {
tufted
iptables
usbutils
busybox
];
security.sudo.wheelNeedsPassword = false;
networking = {
@ -127,7 +122,6 @@ in {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
openssh.authorizedKeys.keys = cfg.keys;
};
services.getty.autologinUser = "liminix";
};

5
devices/gl-mt300a/default.nix
View File

@ -110,11 +110,13 @@
ifname = "eth0.1";
primary = eth;
vid = "1";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
};
wan = vlan.build {
ifname = "eth0.2";
primary = eth;
vid = "2";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
};
wlan = link.build {
ifname = "wlan0";
@ -124,8 +126,7 @@
};
boot.tftp = {
loadAddress = lim.parseInt "0x00A00000";
appendDTB = true;
};
};
kernel = {
src = pkgs.fetchurl {

348
devices/tp-archer-c7-v1/default.nix
View File

@ -1,348 +0,0 @@
{
description = ''
TP-Link Archer C7 1.1
*********************
Hardware summary
================
- Qualcomm Atheros QCA9558 ver 1 rev 0 (720MHz, MIPS 74Kc)
- 8MB Flash
- 128MB RAM
- WLan hardware: Qualcomm Atheros QCA9558, Qualcomm Atheros QCA9880-AR1A
Limitations
===========
5G is not supported on the v1 revision
ath10k may cause a bootloop, build without ath10k there
'';
system = {
crossSystem = {
config = "mips-unknown-linux-musl";
gcc = {
abi = "32";
arch = "74kc";
};
};
};
module = {pkgs, config, lib, lim, ... }:
let firmware = pkgs.stdenv.mkDerivation {
name = "wlan-firmware";
phases = ["installPhase"];
installPhase = ''
mkdir $out
cp -r ${pkgs.linux-firmware}/lib/firmware/ath10k/QCA988X $out
'';
};
in {
imports = [
../../modules/arch/mips.nix
../../modules/outputs/tftpboot.nix
../../modules/outputs/jffs2.nix
];
config = {
kernel = {
src = pkgs.pkgsBuildBuild.fetchurl {
name = "linux.tar.gz";
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.137.tar.gz";
hash = "sha256-PkdzUKZ0IpBiWe/RS70J76JKnBFzRblWcKlaIFNxnHQ=";
};
extraPatchPhase = ''
${pkgs.openwrt.applyPatches.ath79}
'';
config = {
# Initially taken from openwrt's ./target/linux/ath79/config-5.15,
# then tweaked here and there
AG71XX="y";
AG71XX_DEBUG_FS="y";
AR8216_PHY="y";
#AR8216_PHY_LEDS="y";
ARCH_32BIT_OFF_T="y";
ARCH_HIBERNATION_POSSIBLE="y";
ARCH_KEEP_MEMBLOCK="y";
ARCH_MMAP_RND_BITS_MAX="15";
ARCH_MMAP_RND_COMPAT_BITS_MAX="15";
ARCH_SUSPEND_POSSIBLE="y";
AT803X_PHY="y";
ATH79="y";
WATCHDOG="y";
ATH79_WDT="y";
BLK_MQ_PCI="y";
CEVT_R4K="y";
CLONE_BACKWARDS="y";
#CMDLINE="rootfstype=squashfs,jffs2";
CMDLINE_BOOL="y";
COMMON_CLK="y";
COMPAT_32BIT_TIME="y";
CPU_BIG_ENDIAN="y";
CPU_GENERIC_DUMP_TLB="y";
CPU_HAS_DIEI="y";
CPU_HAS_PREFETCH="y";
CPU_HAS_RIXI="y";
CPU_HAS_SYNC="y";
CPU_MIPS32="y";
CPU_MIPS32_R2="y";
CPU_MIPSR2="y";
CPU_NEEDS_NO_SMARTMIPS_OR_MICROMIPS="y";
CPU_R4K_CACHE_TLB="y";
CPU_SUPPORTS_32BIT_KERNEL="y";
CPU_SUPPORTS_HIGHMEM="y";
CPU_SUPPORTS_MSA="y";
#CRYPTO_BLAKE2S="y";
CRYPTO_LIB_BLAKE2S_GENERIC="y";
CRYPTO_LIB_POLY1305_RSIZE="2";
CRYPTO_RNG2="y";
CSRC_R4K="y";
DMA_NONCOHERENT="y";
DTC="y";
EARLY_PRINTK="y";
FIXED_PHY="y";
FWNODE_MDIO="y";
FW_LOADER_PAGED_BUF="y";
GENERIC_ATOMIC64="y";
GENERIC_CLOCKEVENTS="y";
GENERIC_CMOS_UPDATE="y";
GENERIC_CPU_AUTOPROBE="y";
GENERIC_FIND_FIRST_BIT="y";
GENERIC_GETTIMEOFDAY="y";
GENERIC_IOMAP="y";
GENERIC_IRQ_CHIP="y";
GENERIC_IRQ_EFFECTIVE_AFF_MASK="y";
GENERIC_IRQ_SHOW="y";
GENERIC_LIB_ASHLDI3="y";
GENERIC_LIB_ASHRDI3="y";
GENERIC_LIB_CMPDI2="y";
GENERIC_LIB_LSHRDI3="y";
GENERIC_LIB_UCMPDI2="y";
GENERIC_PCI_IOMAP="y";
GENERIC_PHY="y";
#GENERIC_PINCONF="y";
#GENERIC_PINCTRL_GROUPS="y";
#GENERIC_PINMUX_FUNCTIONS="y";
GENERIC_SCHED_CLOCK="y";
GENERIC_SMP_IDLE_THREAD="y";
GENERIC_TIME_VSYSCALL="y";
GPIOLIB_IRQCHIP="y";
GPIO_74X164="y";
GPIO_ATH79="y";
GPIO_CDEV="y";
GPIO_GENERIC="y";
HANDLE_DOMAIN_IRQ="y";
HARDWARE_WATCHPOINTS="y";
HAS_DMA="y";
HAS_IOMEM="y";
HAS_IOPORT_MAP="y";
HZ_PERIODIC="y";
#IMAGE_CMDLINE_HACK="y";
#INITRAMFS_SOURCE="";
IRQCHIP="y";
IRQ_DOMAIN="y";
IRQ_FORCED_THREADING="y";
IRQ_MIPS_CPU="y";
IRQ_WORK="y";
#LEDS_GPIO="y";
LIBFDT="y";
LOCK_DEBUGGING_SUPPORT="y";
MDIO_BITBANG="y";
MDIO_BUS="y";
MDIO_DEVICE="y";
MDIO_DEVRES="y";
MDIO_GPIO="y";
MEMFD_CREATE="y";
MFD_SYSCON="y";
MIGRATION="y";
MIPS="y";
MIPS_ASID_BITS="8";
MIPS_ASID_SHIFT="0";
MIPS_CLOCK_VSYSCALL="y";
#MIPS_CMDLINE_FROM_DTB="y";
#MIPS_EBPF_JIT="y";
MIPS_L1_CACHE_SHIFT="5";
MIPS_LD_CAN_LINK_VDSO="y";
#MIPS_RAW_APPENDED_DTB="y";
MIPS_SPRAM="y";
MODULES_USE_ELF_REL="y";
MTD_CFI="y";
MTD_GEN_PROBE="y";
MTD_CFI_ADV_OPTIONS="y";
MTD_CFI_GEOMETRY="y";
MTD_CMDLINE_PARTS="y";
MTD_PARSER_CYBERTAN="y";
MTD_PHYSMAP="y";
MTD_SPI_NOR="y";
MTD_SPLIT_ELF_FW="y";
MTD_SPLIT_LZMA_FW="y";
MTD_SPLIT_SEAMA_FW="y";
MTD_SPLIT_TPLINK_FW="y";
MTD_SPLIT_UIMAGE_FW="y";
MTD_SPLIT_WRGG_FW="y";
MTD_VIRT_CONCAT="y";
NEED_DMA_MAP_STATE="y";
NEED_PER_CPU_KM="y";
NET_SELFTESTS="y";
NO_GENERIC_PCI_IOPORT_MAP="y";
NVMEM="y";
OF="y";
OF_ADDRESS="y";
OF_EARLY_FLATTREE="y";
OF_FLATTREE="y";
OF_GPIO="y";
OF_IRQ="y";
OF_KOBJ="y";
OF_MDIO="y";
PCI="y";
PCI_AR71XX="y";
PCI_AR724X="y";
PCI_DISABLE_COMMON_QUIRKS="y";
PCI_DOMAINS="y";
PCI_DRIVERS_LEGACY="y";
PERF_USE_VMALLOC="y";
PGTABLE_LEVELS="2";
PHYLIB="y";
PINCTRL="y";
PTP_1588_CLOCK_OPTIONAL="y";
RATIONAL="y";
REGMAP="y";
REGMAP_MMIO="y";
REGULATOR="y";
RESET_ATH79="y";
RESET_CONTROLLER="y";
SERIAL_8250="y";
SERIAL_8250_CONSOLE="y";
SERIAL_8250_NR_UARTS="1";
SERIAL_8250_RUNTIME_UARTS="1";
SERIAL_AR933X="y";
SERIAL_AR933X_CONSOLE="y";
SERIAL_AR933X_NR_UARTS="2";
SERIAL_MCTRL_GPIO="y";
SERIAL_OF_PLATFORM="y";
SPI="y";
SPI_AR934X="y";
SPI_ATH79="y";
SPI_BITBANG="y";
SPI_GPIO="y";
SPI_MASTER="y";
SPI_MEM="y";
SRCU="y";
SWCONFIG="y";
#SWCONFIG_LEDS="y";
SWPHY="y";
SYSCTL_EXCEPTION_TRACE="y";
SYS_HAS_CPU_MIPS32_R2="y";
SYS_HAS_EARLY_PRINTK="y";
SYS_SUPPORTS_32BIT_KERNEL="y";
SYS_SUPPORTS_ARBIT_HZ="y";
SYS_SUPPORTS_BIG_ENDIAN="y";
SYS_SUPPORTS_MIPS16="y";
SYS_SUPPORTS_ZBOOT="y";
SYS_SUPPORTS_ZBOOT_UART_PROM="y";
TARGET_ISA_REV="2";
TICK_CPU_ACCOUNTING="y";
TINY_SRCU="y";
USB_SUPPORT="y";
USE_OF="y";
};
conditionalConfig = {
WLAN = {
#MT7915E = "m";
};
};
};
boot = {
commandLine = [ "console=ttyS0,115200" ];
tftp = {
# Should be a segment of free RAM, where the tftp artifact
# can be stored before unpacking it to the 'hardware.loadAddress'
# The commands in 'printenv' for 'lu', 'lf' and 'lk'
# seem to suggest files are trtp'ed to 0x80060000 before
# copying them to the flash, so let's try that.
loadAddress = lim.parseInt "0x80060000";
appendDTB = true;
};
};
filesystem =
let inherit (pkgs.pseudofile) dir symlink;
in
dir {
lib = dir {
firmware = dir {
mediatek = symlink firmware;
};
};
};
hardware =
let
openwrt = pkgs.openwrt;
mac80211 = pkgs.kmodloader.override {
inherit (config.system.outputs) kernel;
targets = [ /*TODO "ath9k"*/ ];
};
in {
# from openwrt bootlog
# [ 0.896994] 5 tp-link partitions found on MTD device spi0.0
# [ 0.902676] Creating 5 MTD partitions on "spi0.0":
# [ 0.907544] 0x000000000000-0x000000020000 : "u-boot"
# [ 0.913624] 0x000000020000-0x0000001a3cc8 : "kernel"
# [ 0.920249] 0x0000001a3cc8-0x0000007f0000 : "rootfs"
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
# [ 0.931748] 1 squashfs-split partitions found on MTD device rootfs
# [ 0.938019] 0x0000003b0000-0x0000007f0000 : "rootfs_data"
# [ 0.945224] 0x0000007f0000-0x000000800000 : "art"
# [ 0.951066] 0x000000020000-0x0000007f0000 : "firmware"
flash = {
# from the uboot bootlog 'Booting image at 9f020000'
# (0x20000 from 0x9f000000)
# also confirmed from default bootcmd in env: "bootm 0x9f020000"
address = lim.parseInt "0x9f020000";
# 0x000000020000-0x0000007f0000
size = lim.parseInt "0x7d0000";
# TODO: find in /proc/mtd on a running system
eraseBlockSize = 65536;
};
# guessed - might also be mtdimage? or something else?
defaultOutput = "uimage";
# not found in openwrt sysupgrade image:
# openwrt-23.05.2-ath79-generic-tplink_archer-c7-v1-squashfs-sysupgrade.bin: firmware 7500 v1 OpenWrt r23630-842932a63d, 8126464 bytes or less, at 0x200 2329811 bytes , at 0x238ed4 3676624 bytes \012- Squashfs filesystem, little endian, version 4.0, xz compressed, 3676624 bytes, 1352 inodes, blocksize: 262144 bytes, created: Tue Nov 14 13:38:11 2023
loadAddress = lim.parseInt "0x80001000";
entryPoint = lim.parseInt "0x80001000";
# from openwrt bootlog:
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
rootDevice = "/dev/mtdblock2";
dts = {
src = "${openwrt.src}/target/linux/ath79/dts/qca9558_tplink_archer-c7-v1.dts";
includes = [
"${openwrt.src}/target/linux/ath79/dts"
#"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
];
};
networkInterfaces =
let
inherit (config.system.service.network) link;
inherit (config.system.service) bridge;
in rec {
lan1 = link.build { ifname = "lan1"; };
lan2 = link.build { ifname = "lan2"; };
lan3 = link.build { ifname = "lan3"; };
lan4 = link.build { ifname = "lan4"; };
wan = link.build { ifname = "wan"; };
wlan = link.build {
ifname = "wlan0";
dependencies = [ mac80211 ];
};
#wlan5 = link.build {
# ifname = "wlan1";
# dependencies = [ mac80211 ];
#};
};
};
};
};
}

14
examples/arhcive.nix
View File

@ -137,17 +137,5 @@ in rec {
gid=500; usernames = ["backup"];
};
defaultProfile.packages = with pkgs; [
e2fsprogs
mtdutils
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
defaultProfile.packages = with pkgs; [e2fsprogs strace tcpdump ];
}

7
modules/firewall/default.nix
View File

@ -59,7 +59,6 @@ in
extraRules = mkOption {
type = types.attrsOf types.attrs;
description = "firewall ruleset";
default = {};
};
rules = mkOption {
type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-)
@ -74,17 +73,13 @@ in
};
in svc.build args' ;
};
programs.busybox.applets = [
"insmod" "rmmod"
];
kernel.config = {
NETFILTER = "y";
NETFILTER_ADVANCED = "y";
NETFILTER_NETLINK = "m";
NF_CONNTRACK = "m";
NETLINK_DIAG = "y";
IP6_NF_IPTABLES= "m";
IP_NF_IPTABLES = "m";
IP_NF_NAT = "m";

8
pkgs/levitate/default.nix
View File

@ -4,7 +4,7 @@
, systemconfig
, execline
, lib
, config ? {}
, services ? null
, liminix
, pseudofile
, pkgs
@ -12,7 +12,6 @@
let
inherit (pseudofile) dir symlink;
inherit (liminix.services) oneshot;
paramConfig = config;
newRoot = "/run/maintenance";
sysconfig =
let
@ -26,8 +25,8 @@ let
emptyenv chroot . /bin/init
'';
base = {...} : {
config = {
services = {
config = {
services = services // {
banner = oneshot {
name = "banner";
up = "cat /etc/banner > /dev/console";
@ -61,7 +60,6 @@ let
../../modules/users.nix
../../modules/busybox.nix
base
({ ... } : paramConfig)
../../modules/s6
];
};

2
pkgs/liminix-tools/services/builder.sh
View File

@ -11,7 +11,7 @@ test -n "$contents" && for d in $contents; do
touch $out/${name}/contents.d/$d
done
for i in timeout-up timeout-down run notification-fd up down finish consumer-for producer-for pipeline-name restart-on-upgrade; do
for i in timeout-up timeout-down run notification-fd up down consumer-for producer-for pipeline-name restart-on-upgrade; do
test -n "$(printenv $i)" && (echo "$(printenv $i)" > $out/${name}/$i)
done

7
pkgs/liminix-tools/services/default.nix
View File

@ -18,7 +18,6 @@ let
${commands}
'';
cleanupScript = name : ''
#!/bin/sh
if test -d ${prefix}/${name} ; then rm -rf ${prefix}/${name} ; fi
'';
service = {
@ -27,7 +26,6 @@ let
, run ? null
, up ? null
, down ? null
, finish ? null
, outputs ? []
, notification-fd ? null
, producer-for ? null
@ -43,7 +41,7 @@ let
stdenvNoCC.mkDerivation {
# we use stdenvNoCC to avoid generating derivations with names
# like foo.service-mips-linux-musl
inherit name serviceType up down run finish notification-fd
inherit name serviceType up down run notification-fd
producer-for consumer-for pipeline-name timeout-up timeout-down;
restart-on-upgrade = isTrigger;
buildInputs = buildInputs ++ dependencies ++ contents;
@ -72,8 +70,7 @@ let
in service (args // {
buildInputs = buildInputs ++ [ logger ];
serviceType = "longrun";
run = serviceScript run;
finish = cleanupScript name;
run = serviceScript "${run}\n${cleanupScript name}";
producer-for = "${name}-log";
});