raboof/liminix
1
0
Fork 0
forked from dan/liminix
Code Pull Requests Activity

Compare commits

base: raboof:ac8b456c29a169a71bd22a300ccd2b637383ec9c
Branches Tags
raboof:main
raboof:openwrt-one
raboof:typo
raboof:tftpboot-fit
raboof:linux-version-with-openwrt
raboof:tp-archer-c7
raboof:archer-wired-extender
raboof:add-archer-ax23-v1-bak
raboof:tftp-old-uboot
raboof:add-archer-ax23-v1
raboof:openwrt-update-to-v23.05.2
raboof:hardware-recommendations
raboof:armv7
raboof:hark-how-all-the-belkin-rings
raboof:first-do-no-arm
raboof:doc-do-over
raboof:module-based-network
dan:v1.0.0
..
compare: raboof:7d08497bcbf2486be154c654c339c94ec5b1aa59
Branches Tags
raboof:openwrt-one
raboof:typo
raboof:tftpboot-fit
raboof:linux-version-with-openwrt
raboof:tp-archer-c7
raboof:archer-wired-extender
raboof:add-archer-ax23-v1-bak
raboof:tftp-old-uboot
raboof:add-archer-ax23-v1
raboof:openwrt-update-to-v23.05.2
raboof:hardware-recommendations
raboof:main
raboof:armv7
raboof:hark-how-all-the-belkin-rings
raboof:first-do-no-arm
raboof:doc-do-over
raboof:module-based-network
dan:main
dan:nftables-turned
dan:firescape
dan:runciter
dan:wip-pstore-tls
dan:fallover
dan:lte
dan:gateway-profile
dan:tftpboot-append-dtb
dan:mainline-omnia-wip
dan:armv7
dan:hark-how-all-the-belkin-rings
dan:first-do-no-arm
dan:doc-do-over
dan:module-based-network
dan:v1.0.0

No commits in common. "ac8b456c29a169a71bd22a300ccd2b637383ec9c" and "7d08497bcbf2486be154c654c339c94ec5b1aa59" have entirely different histories.
ac8b456c29 ... 7d08497bcb

9 changed files with 12 additions and 406 deletions
Show Stats Expand all files Collapse all files

19
NEWS
View File

@ -84,22 +84,3 @@ sponsoring this development (and funding the hardware)
New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX, New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX,
an MT7621 (MIPS EL) dual radio WiFi AP. an MT7621 (MIPS EL) dual radio WiFi AP.
2024-04-29
The setup for using `levitate` has changed: now it accepts an entire
config fragment, not just a list of services. Hopefully this makes it
a bit more useful :-)
defaultProfile.packages = with pkgs; [
...
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];

6
bordervm-configuration.nix
View File

@ -4,10 +4,6 @@ let
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals; inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
in { in {
options.bordervm = { options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [];
};
l2tp = { l2tp = {
host = mkOption { host = mkOption {
description = mdDoc '' description = mdDoc ''
@ -112,7 +108,6 @@ in {
tufted tufted
iptables iptables
usbutils usbutils
busybox
]; ];
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
networking = { networking = {
@ -127,7 +122,6 @@ in {
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
extraGroups = [ "wheel"]; extraGroups = [ "wheel"];
openssh.authorizedKeys.keys = cfg.keys;
}; };
services.getty.autologinUser = "liminix"; services.getty.autologinUser = "liminix";
}; };

5
devices/gl-mt300a/default.nix
View File

@ -110,11 +110,13 @@
ifname = "eth0.1"; ifname = "eth0.1";
primary = eth; primary = eth;
vid = "1"; vid = "1";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
}; };
wan = vlan.build { wan = vlan.build {
ifname = "eth0.2"; ifname = "eth0.2";
primary = eth; primary = eth;
vid = "2"; vid = "2";
dependencies = [swconfig eth]; # 660ed5d obsoletes this?
}; };
wlan = link.build { wlan = link.build {
ifname = "wlan0"; ifname = "wlan0";
@ -124,8 +126,7 @@
}; };
boot.tftp = { boot.tftp = {
loadAddress = lim.parseInt "0x00A00000"; loadAddress = lim.parseInt "0x00A00000";
appendDTB = true; };
};
kernel = { kernel = {
src = pkgs.fetchurl { src = pkgs.fetchurl {

348
devices/tp-archer-c7-v1/default.nix
View File

@ -1,348 +0,0 @@
{
description = ''
TP-Link Archer C7 1.1
*********************
Hardware summary
================
- Qualcomm Atheros QCA9558 ver 1 rev 0 (720MHz, MIPS 74Kc)
- 8MB Flash
- 128MB RAM
- WLan hardware: Qualcomm Atheros QCA9558, Qualcomm Atheros QCA9880-AR1A
Limitations
===========
5G is not supported on the v1 revision
ath10k may cause a bootloop, build without ath10k there
'';
system = {
crossSystem = {
config = "mips-unknown-linux-musl";
gcc = {
abi = "32";
arch = "74kc";
};
};
};
module = {pkgs, config, lib, lim, ... }:
let firmware = pkgs.stdenv.mkDerivation {
name = "wlan-firmware";
phases = ["installPhase"];
installPhase = ''
mkdir $out
cp -r ${pkgs.linux-firmware}/lib/firmware/ath10k/QCA988X $out
'';
};
in {
imports = [
../../modules/arch/mips.nix
../../modules/outputs/tftpboot.nix
../../modules/outputs/jffs2.nix
];
config = {
kernel = {
src = pkgs.pkgsBuildBuild.fetchurl {
name = "linux.tar.gz";
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.137.tar.gz";
hash = "sha256-PkdzUKZ0IpBiWe/RS70J76JKnBFzRblWcKlaIFNxnHQ=";
};
extraPatchPhase = ''
${pkgs.openwrt.applyPatches.ath79}
'';
config = {
# Initially taken from openwrt's ./target/linux/ath79/config-5.15,
# then tweaked here and there
AG71XX="y";
AG71XX_DEBUG_FS="y";
AR8216_PHY="y";
#AR8216_PHY_LEDS="y";
ARCH_32BIT_OFF_T="y";
ARCH_HIBERNATION_POSSIBLE="y";
ARCH_KEEP_MEMBLOCK="y";
ARCH_MMAP_RND_BITS_MAX="15";
ARCH_MMAP_RND_COMPAT_BITS_MAX="15";
ARCH_SUSPEND_POSSIBLE="y";
AT803X_PHY="y";
ATH79="y";
WATCHDOG="y";
ATH79_WDT="y";
BLK_MQ_PCI="y";
CEVT_R4K="y";
CLONE_BACKWARDS="y";
#CMDLINE="rootfstype=squashfs,jffs2";
CMDLINE_BOOL="y";
COMMON_CLK="y";
COMPAT_32BIT_TIME="y";
CPU_BIG_ENDIAN="y";
CPU_GENERIC_DUMP_TLB="y";
CPU_HAS_DIEI="y";
CPU_HAS_PREFETCH="y";
CPU_HAS_RIXI="y";
CPU_HAS_SYNC="y";
CPU_MIPS32="y";
CPU_MIPS32_R2="y";
CPU_MIPSR2="y";
CPU_NEEDS_NO_SMARTMIPS_OR_MICROMIPS="y";
CPU_R4K_CACHE_TLB="y";
CPU_SUPPORTS_32BIT_KERNEL="y";
CPU_SUPPORTS_HIGHMEM="y";
CPU_SUPPORTS_MSA="y";
#CRYPTO_BLAKE2S="y";
CRYPTO_LIB_BLAKE2S_GENERIC="y";
CRYPTO_LIB_POLY1305_RSIZE="2";
CRYPTO_RNG2="y";
CSRC_R4K="y";
DMA_NONCOHERENT="y";
DTC="y";
EARLY_PRINTK="y";
FIXED_PHY="y";
FWNODE_MDIO="y";
FW_LOADER_PAGED_BUF="y";
GENERIC_ATOMIC64="y";
GENERIC_CLOCKEVENTS="y";
GENERIC_CMOS_UPDATE="y";
GENERIC_CPU_AUTOPROBE="y";
GENERIC_FIND_FIRST_BIT="y";
GENERIC_GETTIMEOFDAY="y";
GENERIC_IOMAP="y";
GENERIC_IRQ_CHIP="y";
GENERIC_IRQ_EFFECTIVE_AFF_MASK="y";
GENERIC_IRQ_SHOW="y";
GENERIC_LIB_ASHLDI3="y";
GENERIC_LIB_ASHRDI3="y";
GENERIC_LIB_CMPDI2="y";
GENERIC_LIB_LSHRDI3="y";
GENERIC_LIB_UCMPDI2="y";
GENERIC_PCI_IOMAP="y";
GENERIC_PHY="y";
#GENERIC_PINCONF="y";
#GENERIC_PINCTRL_GROUPS="y";
#GENERIC_PINMUX_FUNCTIONS="y";
GENERIC_SCHED_CLOCK="y";
GENERIC_SMP_IDLE_THREAD="y";
GENERIC_TIME_VSYSCALL="y";
GPIOLIB_IRQCHIP="y";
GPIO_74X164="y";
GPIO_ATH79="y";
GPIO_CDEV="y";
GPIO_GENERIC="y";
HANDLE_DOMAIN_IRQ="y";
HARDWARE_WATCHPOINTS="y";
HAS_DMA="y";
HAS_IOMEM="y";
HAS_IOPORT_MAP="y";
HZ_PERIODIC="y";
#IMAGE_CMDLINE_HACK="y";
#INITRAMFS_SOURCE="";
IRQCHIP="y";
IRQ_DOMAIN="y";
IRQ_FORCED_THREADING="y";
IRQ_MIPS_CPU="y";
IRQ_WORK="y";
#LEDS_GPIO="y";
LIBFDT="y";
LOCK_DEBUGGING_SUPPORT="y";
MDIO_BITBANG="y";
MDIO_BUS="y";
MDIO_DEVICE="y";
MDIO_DEVRES="y";
MDIO_GPIO="y";
MEMFD_CREATE="y";
MFD_SYSCON="y";
MIGRATION="y";
MIPS="y";
MIPS_ASID_BITS="8";
MIPS_ASID_SHIFT="0";
MIPS_CLOCK_VSYSCALL="y";
#MIPS_CMDLINE_FROM_DTB="y";
#MIPS_EBPF_JIT="y";
MIPS_L1_CACHE_SHIFT="5";
MIPS_LD_CAN_LINK_VDSO="y";
#MIPS_RAW_APPENDED_DTB="y";
MIPS_SPRAM="y";
MODULES_USE_ELF_REL="y";
MTD_CFI="y";
MTD_GEN_PROBE="y";
MTD_CFI_ADV_OPTIONS="y";
MTD_CFI_GEOMETRY="y";
MTD_CMDLINE_PARTS="y";
MTD_PARSER_CYBERTAN="y";
MTD_PHYSMAP="y";
MTD_SPI_NOR="y";
MTD_SPLIT_ELF_FW="y";
MTD_SPLIT_LZMA_FW="y";
MTD_SPLIT_SEAMA_FW="y";
MTD_SPLIT_TPLINK_FW="y";
MTD_SPLIT_UIMAGE_FW="y";
MTD_SPLIT_WRGG_FW="y";
MTD_VIRT_CONCAT="y";
NEED_DMA_MAP_STATE="y";
NEED_PER_CPU_KM="y";
NET_SELFTESTS="y";
NO_GENERIC_PCI_IOPORT_MAP="y";
NVMEM="y";
OF="y";
OF_ADDRESS="y";
OF_EARLY_FLATTREE="y";
OF_FLATTREE="y";
OF_GPIO="y";
OF_IRQ="y";
OF_KOBJ="y";
OF_MDIO="y";
PCI="y";
PCI_AR71XX="y";
PCI_AR724X="y";
PCI_DISABLE_COMMON_QUIRKS="y";
PCI_DOMAINS="y";
PCI_DRIVERS_LEGACY="y";
PERF_USE_VMALLOC="y";
PGTABLE_LEVELS="2";
PHYLIB="y";
PINCTRL="y";
PTP_1588_CLOCK_OPTIONAL="y";
RATIONAL="y";
REGMAP="y";
REGMAP_MMIO="y";
REGULATOR="y";
RESET_ATH79="y";
RESET_CONTROLLER="y";
SERIAL_8250="y";
SERIAL_8250_CONSOLE="y";
SERIAL_8250_NR_UARTS="1";
SERIAL_8250_RUNTIME_UARTS="1";
SERIAL_AR933X="y";
SERIAL_AR933X_CONSOLE="y";
SERIAL_AR933X_NR_UARTS="2";
SERIAL_MCTRL_GPIO="y";
SERIAL_OF_PLATFORM="y";
SPI="y";
SPI_AR934X="y";
SPI_ATH79="y";
SPI_BITBANG="y";
SPI_GPIO="y";
SPI_MASTER="y";
SPI_MEM="y";
SRCU="y";
SWCONFIG="y";
#SWCONFIG_LEDS="y";
SWPHY="y";
SYSCTL_EXCEPTION_TRACE="y";
SYS_HAS_CPU_MIPS32_R2="y";
SYS_HAS_EARLY_PRINTK="y";
SYS_SUPPORTS_32BIT_KERNEL="y";
SYS_SUPPORTS_ARBIT_HZ="y";
SYS_SUPPORTS_BIG_ENDIAN="y";
SYS_SUPPORTS_MIPS16="y";
SYS_SUPPORTS_ZBOOT="y";
SYS_SUPPORTS_ZBOOT_UART_PROM="y";
TARGET_ISA_REV="2";
TICK_CPU_ACCOUNTING="y";
TINY_SRCU="y";
USB_SUPPORT="y";
USE_OF="y";
};
conditionalConfig = {
WLAN = {
#MT7915E = "m";
};
};
};
boot = {
commandLine = [ "console=ttyS0,115200" ];
tftp = {
# Should be a segment of free RAM, where the tftp artifact
# can be stored before unpacking it to the 'hardware.loadAddress'
# The commands in 'printenv' for 'lu', 'lf' and 'lk'
# seem to suggest files are trtp'ed to 0x80060000 before
# copying them to the flash, so let's try that.
loadAddress = lim.parseInt "0x80060000";
appendDTB = true;
};
};
filesystem =
let inherit (pkgs.pseudofile) dir symlink;
in
dir {
lib = dir {
firmware = dir {
mediatek = symlink firmware;
};
};
};
hardware =
let
openwrt = pkgs.openwrt;
mac80211 = pkgs.kmodloader.override {
inherit (config.system.outputs) kernel;
targets = [ /*TODO "ath9k"*/ ];
};
in {
# from openwrt bootlog
# [ 0.896994] 5 tp-link partitions found on MTD device spi0.0
# [ 0.902676] Creating 5 MTD partitions on "spi0.0":
# [ 0.907544] 0x000000000000-0x000000020000 : "u-boot"
# [ 0.913624] 0x000000020000-0x0000001a3cc8 : "kernel"
# [ 0.920249] 0x0000001a3cc8-0x0000007f0000 : "rootfs"
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
# [ 0.931748] 1 squashfs-split partitions found on MTD device rootfs
# [ 0.938019] 0x0000003b0000-0x0000007f0000 : "rootfs_data"
# [ 0.945224] 0x0000007f0000-0x000000800000 : "art"
# [ 0.951066] 0x000000020000-0x0000007f0000 : "firmware"
flash = {
# from the uboot bootlog 'Booting image at 9f020000'
# (0x20000 from 0x9f000000)
# also confirmed from default bootcmd in env: "bootm 0x9f020000"
address = lim.parseInt "0x9f020000";
# 0x000000020000-0x0000007f0000
size = lim.parseInt "0x7d0000";
# TODO: find in /proc/mtd on a running system
eraseBlockSize = 65536;
};
# guessed - might also be mtdimage? or something else?
defaultOutput = "uimage";
# not found in openwrt sysupgrade image:
# openwrt-23.05.2-ath79-generic-tplink_archer-c7-v1-squashfs-sysupgrade.bin: firmware 7500 v1 OpenWrt r23630-842932a63d, 8126464 bytes or less, at 0x200 2329811 bytes , at 0x238ed4 3676624 bytes \012- Squashfs filesystem, little endian, version 4.0, xz compressed, 3676624 bytes, 1352 inodes, blocksize: 262144 bytes, created: Tue Nov 14 13:38:11 2023
loadAddress = lim.parseInt "0x80001000";
entryPoint = lim.parseInt "0x80001000";
# from openwrt bootlog:
# [ 0.925932] mtd: device 2 (rootfs) set to be root filesystem
rootDevice = "/dev/mtdblock2";
dts = {
src = "${openwrt.src}/target/linux/ath79/dts/qca9558_tplink_archer-c7-v1.dts";
includes = [
"${openwrt.src}/target/linux/ath79/dts"
#"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
];
};
networkInterfaces =
let
inherit (config.system.service.network) link;
inherit (config.system.service) bridge;
in rec {
lan1 = link.build { ifname = "lan1"; };
lan2 = link.build { ifname = "lan2"; };
lan3 = link.build { ifname = "lan3"; };
lan4 = link.build { ifname = "lan4"; };
wan = link.build { ifname = "wan"; };
wlan = link.build {
ifname = "wlan0";
dependencies = [ mac80211 ];
};
#wlan5 = link.build {
# ifname = "wlan1";
# dependencies = [ mac80211 ];
#};
};
};
};
};
}

14
examples/arhcive.nix
View File

@ -137,17 +137,5 @@ in rec {
gid=500; usernames = ["backup"]; gid=500; usernames = ["backup"];
}; };
defaultProfile.packages = with pkgs; [ defaultProfile.packages = with pkgs; [e2fsprogs strace tcpdump ];
e2fsprogs
mtdutils
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
} }

7
modules/firewall/default.nix
View File

@ -59,7 +59,6 @@ in
extraRules = mkOption { extraRules = mkOption {
type = types.attrsOf types.attrs; type = types.attrsOf types.attrs;
description = "firewall ruleset"; description = "firewall ruleset";
default = {};
}; };
rules = mkOption { rules = mkOption {
type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-) type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-)
@ -74,17 +73,13 @@ in
}; };
in svc.build args' ; in svc.build args' ;
}; };
programs.busybox.applets = [
"insmod" "rmmod"
];
kernel.config = { kernel.config = {
NETFILTER = "y"; NETFILTER = "y";
NETFILTER_ADVANCED = "y"; NETFILTER_ADVANCED = "y";
NETFILTER_NETLINK = "m"; NETFILTER_NETLINK = "m";
NF_CONNTRACK = "m"; NF_CONNTRACK = "m";
NETLINK_DIAG = "y";
IP6_NF_IPTABLES= "m"; IP6_NF_IPTABLES= "m";
IP_NF_IPTABLES = "m"; IP_NF_IPTABLES = "m";
IP_NF_NAT = "m"; IP_NF_NAT = "m";

8
pkgs/levitate/default.nix
View File

@ -4,7 +4,7 @@
, systemconfig , systemconfig
, execline , execline
, lib , lib
, config ? {} , services ? null
, liminix , liminix
, pseudofile , pseudofile
, pkgs , pkgs
@ -12,7 +12,6 @@
let let
inherit (pseudofile) dir symlink; inherit (pseudofile) dir symlink;
inherit (liminix.services) oneshot; inherit (liminix.services) oneshot;
paramConfig = config;
newRoot = "/run/maintenance"; newRoot = "/run/maintenance";
sysconfig = sysconfig =
let let
@ -26,8 +25,8 @@ let
emptyenv chroot . /bin/init emptyenv chroot . /bin/init
''; '';
base = {...} : { base = {...} : {
config = { config = {
services = { services = services // {
banner = oneshot { banner = oneshot {
name = "banner"; name = "banner";
up = "cat /etc/banner > /dev/console"; up = "cat /etc/banner > /dev/console";
@ -61,7 +60,6 @@ let
../../modules/users.nix ../../modules/users.nix
../../modules/busybox.nix ../../modules/busybox.nix
base base
({ ... } : paramConfig)
../../modules/s6 ../../modules/s6
]; ];
}; };

2
pkgs/liminix-tools/services/builder.sh
View File

@ -11,7 +11,7 @@ test -n "$contents" && for d in $contents; do
touch $out/${name}/contents.d/$d touch $out/${name}/contents.d/$d
done done
for i in timeout-up timeout-down run notification-fd up down finish consumer-for producer-for pipeline-name restart-on-upgrade; do for i in timeout-up timeout-down run notification-fd up down consumer-for producer-for pipeline-name restart-on-upgrade; do
test -n "$(printenv $i)" && (echo "$(printenv $i)" > $out/${name}/$i) test -n "$(printenv $i)" && (echo "$(printenv $i)" > $out/${name}/$i)
done done

7
pkgs/liminix-tools/services/default.nix
View File

@ -18,7 +18,6 @@ let
${commands} ${commands}
''; '';
cleanupScript = name : '' cleanupScript = name : ''
#!/bin/sh
if test -d ${prefix}/${name} ; then rm -rf ${prefix}/${name} ; fi if test -d ${prefix}/${name} ; then rm -rf ${prefix}/${name} ; fi
''; '';
service = { service = {
@ -27,7 +26,6 @@ let
, run ? null , run ? null
, up ? null , up ? null
, down ? null , down ? null
, finish ? null
, outputs ? [] , outputs ? []
, notification-fd ? null , notification-fd ? null
, producer-for ? null , producer-for ? null
@ -43,7 +41,7 @@ let
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
# we use stdenvNoCC to avoid generating derivations with names # we use stdenvNoCC to avoid generating derivations with names
# like foo.service-mips-linux-musl # like foo.service-mips-linux-musl
inherit name serviceType up down run finish notification-fd inherit name serviceType up down run notification-fd
producer-for consumer-for pipeline-name timeout-up timeout-down; producer-for consumer-for pipeline-name timeout-up timeout-down;
restart-on-upgrade = isTrigger; restart-on-upgrade = isTrigger;
buildInputs = buildInputs ++ dependencies ++ contents; buildInputs = buildInputs ++ dependencies ++ contents;
@ -72,8 +70,7 @@ let
in service (args // { in service (args // {
buildInputs = buildInputs ++ [ logger ]; buildInputs = buildInputs ++ [ logger ];
serviceType = "longrun"; serviceType = "longrun";
run = serviceScript run; run = serviceScript "${run}\n${cleanupScript name}";
finish = cleanupScript name;
producer-for = "${name}-log"; producer-for = "${name}-log";
}); });