forked from dan/liminix
1
0
Fork 0

Compare commits

...

448 Commits

Author SHA1 Message Date
Daniel Barlow 69bf6cb5fb write-fennel quote PATH properly
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
2024-09-07 22:31:44 +01:00
Daniel Barlow 9f58e7b926 maybe fix nixpkgs-unstable lua 2024-09-07 00:58:11 +01:00
Daniel Barlow 5a5c27ab9f think 2024-09-06 22:37:49 +01:00
Daniel Barlow 277c91acdf Revert "remove luaposix ref in write-fennel"
This reverts commit a60c2539a6057c74c0a63cdee2f4e883c8c3b388.
2024-09-06 00:33:30 +01:00
Daniel Barlow e0725489ca unbreak pppoe ci job 2024-09-06 00:33:30 +01:00
Daniel Barlow cc47515cf8 watch-outputs remove debug code 2024-09-06 00:13:54 +01:00
Daniel Barlow 464913cc8f tangc use spawn to invoke jose
hopefully we are now deadlock-free
2024-09-06 00:12:45 +01:00
Daniel Barlow e604d628e3 fennel anoia.process.spawn
runs a subprocess and invokes a callback whenever its io
descriptors are ready
2024-09-06 00:11:33 +01:00
Daniel Barlow e2a597589b anoia.fs.find-executable looks for bin in colon-sep list of directories 2024-09-06 00:08:40 +01:00
Raito Bezarius a139a262c1 seedrng: init at 2022.04
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-05 14:18:00 +01:00
Daniel Barlow 6a5fed83dd conditional fetch in json-to-fstree 2024-09-05 11:14:47 +01:00
Daniel Barlow bcf5ab24e8 tidy watch-outputs startup message 2024-09-05 10:11:16 +01:00
Daniel Barlow 32bf80c6fa devout: unlink socket pathname before binding 2024-09-05 10:05:13 +01:00
Daniel Barlow 12275f6896 add more test for table= 2024-09-04 21:21:30 +01:00
Daniel Barlow a60c2539a6 remove luaposix ref in write-fennel 2024-09-04 21:21:02 +01:00
Daniel Barlow 146a2d9ac0 fix startup race/fencepost in watch-ssh-keys
if it starts _after_ the outputs are populated, it should
write the first lot of outputs without waiting for a change
2024-09-04 21:19:51 +01:00
Daniel Barlow 091d863710 extract pppoe/l2tp common code 2024-09-04 12:02:00 +01:00
Daniel Barlow c7bcfbfa34 make pppoe/l2tp more consistent 2024-09-03 22:57:45 +01:00
Daniel Barlow 500a3c1025 make nodefaultroute explicit in ppp 2024-09-03 22:53:13 +01:00
Daniel Barlow 0c0d0eed8a make watch-ssh-keys robust against missing key 2024-09-03 22:51:29 +01:00
Daniel Barlow 699cf97206 improve tangc http error messages 2024-09-03 22:50:55 +01:00
Daniel Barlow cd0093279c think 2024-09-01 10:14:31 +01:00
Daniel Barlow 034d6aacc4 tangc handle non-zero exit from jwe dec
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
2024-09-01 09:57:38 +01:00
Daniel Barlow e590c0ad3f secrets subscriber: add provider as dep to controlled service 2024-09-01 09:56:59 +01:00
Daniel Barlow 14abdd9998 tang: notify on ready 2024-08-31 23:24:50 +01:00
Daniel Barlow 6287b92000 fix bugs handling base64 padding 2024-08-31 22:43:25 +01:00
Daniel Barlow d2215d3e56 tangc popen retry on short read 2024-08-31 22:18:23 +01:00
Daniel Barlow 3cf2308bee tangc: stop printing unexpected blank lines 2024-08-31 15:29:10 +01:00
Daniel Barlow 3913989be3 provide string to perform-encryption
instead of letting it read stdin, which I think may have been read
by a subprocess already sometimes?
2024-08-31 15:27:54 +01:00
Daniel Barlow 43e5e6876e improve tangc error messages 2024-08-31 15:22:26 +01:00
Daniel Barlow 7d6c80570c refactor all writeFennelScript calls to use writeFennel directly 2024-08-30 20:57:42 +01:00
Daniel Barlow e745991b9d restart pppoe/l2tp in secrets changes 2024-08-30 20:49:27 +01:00
Daniel Barlow defbfce1fb finish converting outputRef to lambda 2024-08-30 20:46:48 +01:00
Daniel Barlow 0df2c83382 tighten perms on service state directory 2024-08-29 23:56:43 +01:00
Daniel Barlow 01c28de88d think 2024-08-29 23:56:20 +01:00
Daniel Barlow 2bf197cad8 document outputs and secrets 2024-08-29 23:55:32 +01:00
Daniel Barlow a8a19977ca (untested) template service for tang encrypted secrets 2024-08-28 22:32:26 +01:00
Daniel Barlow 8a9284af1e think 2024-08-28 22:23:00 +01:00
Daniel Barlow 7351e143c5 remove redundant sourcing of ${serviceFns}
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
Daniel Barlow 283c3154a7 missing file in s6-rc-up-tree test fixture 2024-08-28 21:18:54 +01:00
Daniel Barlow 34f37d60d9 missed adding this 2024-08-28 20:56:52 +01:00
Daniel Barlow fe7b092075 (untested) http basic auth for outboard secrets 2024-08-28 20:53:59 +01:00
Daniel Barlow b56f121e04 fetch lua glue: handle missing content-length 2024-08-28 19:52:00 +01:00
Daniel Barlow d5d621f310 rename http-fstree => json-to-fstree
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
Daniel Barlow da95a9fa62 tangc support encryption 2024-08-28 18:55:20 +01:00
Daniel Barlow 85071c88e7 remove argv0 from calls to jose 2024-08-28 11:16:43 +01:00
Daniel Barlow 74093b7ee3 josep! runs jose without json parsing the output 2024-08-28 08:13:50 +01:00
Daniel Barlow 41733e58d6 remove unused code, tidy string parsing 2024-08-28 07:20:07 +01:00
Daniel Barlow 9041d5d63a add jose! fn to reduce error-checking boilerplate 2024-08-28 07:10:47 +01:00
Daniel Barlow 001ebdc601 remove unused requires 2024-08-28 06:52:04 +01:00
Daniel Barlow 1f97409474 add popen2 to anoia.fs 2024-08-28 06:49:43 +01:00
Daniel Barlow a41839f3d1 clevis-decrypt-tang in fennel
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
Daniel Barlow ff76d854fc extend libfetch lua glue to other HTTP methods 2024-08-28 01:37:02 +01:00
Daniel Barlow 81a6480a4f anoia add base64 deode 2024-08-27 22:42:03 +01:00
Daniel Barlow c7164a6f4a sshd can use outputRef for authorized_keys 2024-08-25 16:35:50 +01:00
Daniel Barlow 83ca86fe42 keys in service output tree are strings 2024-08-25 15:59:24 +01:00
Daniel Barlow 1b4106e2a3 ssh-keys service, draft 2024-08-25 15:09:31 +01:00
Daniel Barlow 89912c766b nixpkgs 24.11 qemu does not expect texinfo 2024-08-25 14:23:29 +01:00
Daniel Barlow 9828b007ae watch-ssh-keys turns secrets-service into authorized_keys files 2024-08-24 23:25:32 +01:00
Daniel Barlow f34abc85ae add macros param to write-fennel 2024-08-24 23:19:46 +01:00
Daniel Barlow b475a680fb define-tests macro, evals body only when inside fennelrepl --test 2024-08-24 22:26:25 +01:00
Daniel Barlow 43612af71a anoia: %% is alias for string.formt 2024-08-24 13:56:54 +01:00
Daniel Barlow 5695c47496 add dig to anoia 2024-08-23 23:27:29 +01:00
Daniel Barlow e3ec514710 think 2024-08-23 23:27:17 +01:00
Daniel Barlow 99f68e5421 destructure params in ssh service 2024-08-23 23:13:49 +01:00
Daniel Barlow 9c30b6f882 change output references from attrset to lambda
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow dd75322c10 think 2024-08-23 21:45:18 +01:00
Daniel Barlow 869a508c0a add authorizedKeys option to ssh service
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow e835473945 patch dropbear to add -U option 2024-08-23 19:58:05 +01:00
Daniel Barlow 055268d5d2 upgrade dropbear 2024-08-23 19:57:10 +01:00
Daniel Barlow ff38bcacbb improve devout error reporting 2024-08-21 23:24:13 +01:00
Daniel Barlow a6128955e7 ppp modules: permit (mostly) same params for l2tp as pppoe
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow 531cb113be devout needs a longer startup timeout
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow daede666cb in router-with-l2tp use secrets for ppp username/password 2024-08-21 00:17:53 +01:00
Daniel Barlow 2992771c7e pppoe allow secrets for username/password 2024-08-21 00:17:22 +01:00
Daniel Barlow 4cc82e1502 liminix.types.replacable is a string or ref to an output 2024-08-21 00:16:14 +01:00
Daniel Barlow 21f2320d86 inline method 2024-08-20 23:26:11 +01:00
Daniel Barlow d40ada4251 use structured ppp params in ppp test 2024-08-20 23:25:31 +01:00
Daniel Barlow 4053ea9481 secrets/subscriber implement different restart types 2024-08-20 22:56:26 +01:00
Daniel Barlow 54d3415885 pppoe convert to using a config file
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow 264d83c98d move some secret-watching stuff from hostapd to secrets 2024-08-20 21:49:11 +01:00
Daniel Barlow 97defc2076 hostapd: get secrets service/path from attrs 2024-08-17 22:25:30 +01:00
Daniel Barlow ddaa5476d3 override clevis derivation (experimental) 2024-08-15 23:02:54 +01:00
Daniel Barlow bcd9d56624 start devout after mdevd
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow e2c883356c add secrets-subscriber service, make hostapd use it 2024-08-15 23:00:41 +01:00
Daniel Barlow d79a941504 new package watch-outputs and example of its use 2024-08-14 22:58:17 +01:00
Daniel Barlow 2f82e0dab8 hostapd set permissions on dir in /run/ 2024-08-14 22:57:02 +01:00
Daniel Barlow fc03965915 hostapd literal_or_output use an attrset for dispatch 2024-08-14 22:56:01 +01:00
Daniel Barlow d2d3af2587 outboard secrets: loop in service
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
Daniel Barlow 310ac30f24 http-fstree needs to write state and .lock for anoia.svc 2024-08-14 22:39:41 +01:00
Daniel Barlow 45a7f96bd4 anoia table= compares tables 2024-08-14 22:36:28 +01:00
Daniel Barlow 79445fd962 support multi-arg assoc 2024-08-14 22:34:37 +01:00
Daniel Barlow a9ddd78482 think 2024-08-12 22:59:03 +01:00
Daniel Barlow 4fb8253e57 first pass at outboard secrets
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it

needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
Daniel Barlow ff3a1905a5 pass service to `output` fn in output-template
instead of on command line
2024-08-12 22:53:07 +01:00
Daniel Barlow 3c353e4aff support json quoting in output-template 2024-08-10 23:42:08 +01:00
Daniel Barlow ba21384fde new: output-template interpolates output values into config file 2024-08-10 23:06:47 +01:00
Daniel Barlow 2480fdef5b set up nginx on bordervm for testing outboard secrets 2024-08-10 23:05:50 +01:00
Daniel Barlow 409c1cfb16 think 2024-08-10 23:05:15 +01:00
Daniel Barlow 9767078878 add the example used in the video 2024-08-08 19:24:58 +01:00
Daniel Barlow d760c2d27b http-fstree downloads a json file and converts to service outputs 2024-08-08 15:35:11 +01:00
Daniel Barlow 1e139c22fd think 2024-08-08 15:21:24 +01:00
Daniel Barlow a1ff07b063 add rxi/json lua module 2024-08-08 15:05:26 +01:00
Daniel Barlow 9550772cec add lua binding to fetch-freebsd 2024-08-08 15:05:03 +01:00
Daniel Barlow 64cd1626c6 new package fetch-freebsd: small http(s) client library
[*] smaller than curl, maybe not maximally small
2024-08-08 11:38:38 +01:00
Daniel Barlow eb79928b37 anoia.svc allow writing outputs 2024-08-08 11:37:50 +01:00
Daniel Barlow 0a629df48d anoia.fs: improve error messages 2024-08-08 11:36:47 +01:00
Daniel Barlow 64afd18e2a why does this fail on hydra? 2024-08-06 23:18:39 +01:00
Daniel Barlow 47e96ddc15 think 2024-08-06 18:43:49 +01:00
Daniel Barlow 5db9d7269e ppoe structured options are optional 2024-08-06 18:43:27 +01:00
Daniel Barlow 985df8792d overlay: handle cross-only overrides consistently 2024-08-06 18:42:58 +01:00
Daniel Barlow 528afae8b1 doc: punctuate 2024-08-06 14:15:57 +01:00
Daniel Barlow 384835c89d admin doc: updte round-robin, explain health check 2024-08-06 14:14:52 +01:00
Daniel Barlow 5051625d31 mention health check in docs 2024-07-30 22:53:21 +01:00
Daniel Barlow c4d00e062a add health check service and example that uses it 2024-07-30 22:37:43 +01:00
Daniel Barlow 8fa3443923 Revert "anoia.svc use timeout for inotify"
This reverts commit eca8e37e7a.
2024-07-30 17:37:38 +01:00
Daniel Barlow 8091e207b6 some notes on controlled services 2024-07-28 22:57:23 +01:00
Daniel Barlow 39020607ad rename service-trigger rule to match service name 2024-07-28 22:35:37 +01:00
Daniel Barlow fe735408a1 v:address is nil if missing, but code expects an array 2024-07-27 17:40:32 +01:00
Daniel Barlow a9d1582b53 remove unused arg 2024-07-26 23:41:50 +01:00
Daniel Barlow eca8e37e7a anoia.svc use timeout for inotify
in case we miss a message, check the directory every 5s
anyway
2024-07-26 23:40:40 +01:00
Daniel Barlow d300373b96 anoia fs.dir use case not match
match was accidentally pinning the return from readdir against the
function parameter. Which didn't work.
2024-07-26 23:37:40 +01:00
Daniel Barlow 70ca7fac17 elfutils is reqd by iproute2 (for bpf?), build sans kitchen sink 2024-07-24 22:07:58 +01:00
Daniel Barlow 79a3a45061 build iproute2 without rb to avoid stdatomic 2024-07-24 21:13:55 +01:00
Daniel Barlow 612d6d7a51 build openssl without threads to avoid stdatomic 2024-07-24 21:12:52 +01:00
Daniel Barlow e1ae986cf6 convert l2tp example to use gateway profile 2024-07-23 09:31:34 +01:00
Daniel Barlow bce0c7ffb6 rename services.dhcpc in l2tp example
it's only used to get the address of the l2tp server, not for
name lookups in general
2024-07-23 09:31:34 +01:00
Daniel Barlow 28ca1e68ab wwan module needs mdevd 2024-07-23 09:31:34 +01:00
Daniel Barlow acf33a100f think 2024-07-23 09:31:34 +01:00
Daniel Barlow 7f9cae9d5c generalise profile.gateway.wan so not just pppoe 2024-07-23 09:31:34 +01:00
Daniel Barlow 3012c91b47 executive decision: rotuer example should build on gl-ar750 2024-07-23 09:31:34 +01:00
Daniel Barlow 1edf20c08f fix whitespace 2024-07-23 09:31:34 +01:00
Daniel Barlow 7195cb10ce add structured config for common pppoe options 2024-07-23 09:31:34 +01:00
Daniel Barlow 135a445672 restore param removed by deadnix
dochain is called with `family` even if it never uses it
2024-07-16 20:41:21 +01:00
Daniel Barlow 3899daee56 create a module for round-robin 2024-07-15 22:37:37 +01:00
Daniel Barlow b17f623d03 need insmod when we habve kmodloader 2024-07-15 22:35:26 +01:00
Daniel Barlow df395a4d5d finish moving pkgs.linimix.callService to config.system 2024-07-15 19:00:08 +01:00
Daniel Barlow 75e9f8210c remove the fixpoint we didn't need 2024-07-15 18:54:04 +01:00
Daniel Barlow 1c3242cab1 doc: swap order of configuration and installation
you can get a device up and running using a lightly edited example
config before you need to read all the reference info, so let's
have the documentation in that order.
2024-07-14 12:26:07 +01:00
Daniel Barlow 44ea683391 think 2024-07-14 12:08:02 +01:00
Daniel Barlow 725d8b608f huawei-cdc-ncm kernel driver -> module 2024-07-14 12:07:28 +01:00
Daniel Barlow bc9ced5d38 fix doc ref from admin section -> configuration 2024-07-14 11:56:35 +01:00
Daniel Barlow 73ae7788b9 rename wwan-related modules/services
we only currently support huawei e3372/cdc ncm so let's make that
explicit in the naming
2024-07-14 11:53:45 +01:00
Daniel Barlow d34919766a improve reinstallation docs 2024-07-12 18:38:04 +01:00
Daniel Barlow 2fe0cd2f48 add first draft instructions for using Levitate 2024-07-12 00:17:25 +01:00
Daniel Barlow 241f1013ed add new Installation guide
move the u-boot/serial stuff here from development, as the
reality of Liminix development in 2024 is that serial connection
is still the smoothest installation method
2024-07-11 23:31:00 +01:00
Daniel Barlow 2ce361d4e3 think 2024-07-11 09:39:38 +01:00
Daniel Barlow 3f8cc24dcc fix most doc warnings 2024-07-10 23:36:24 +01:00
Daniel Barlow 57e3b449f8 proofreading 2024-07-10 21:23:24 +01:00
Daniel Barlow 3964505131 some notes on services 2024-07-10 20:50:08 +01:00
Daniel Barlow 941479b144 use round-robin failiover in l2tp example 2024-07-08 22:01:54 +01:00
Daniel Barlow ac551536da set cwd before exec xl2tpd 2024-07-08 21:56:26 +01:00
Daniel Barlow 6f908156af fix dependency between modem-atz and modeswitch
for values of "fix" more than slightly reminiscent of "kludge"
2024-07-08 21:55:05 +01:00
Daniel Barlow 534a49e827 s6-rc-round-robin
runs services in order, starting the next one when the previous one
dies or fails to start
2024-07-08 21:53:51 +01:00
Daniel Barlow 07a6eb73cd set lcp-echo timeout in l2tp 2024-07-08 21:45:54 +01:00
Daniel Barlow 159bfa3057 make xl2tpd quit when the connections close 2024-07-08 21:44:15 +01:00
Daniel Barlow 8f0ab5be40 enable tail -F 2024-07-08 21:37:07 +01:00
Daniel Barlow 7f9971512d a6-rc-up-tree: handle blocked deps, exit 1 if nothing started 2024-07-08 21:28:31 +01:00
Daniel Barlow f0f6cc80d7 remove dead code 2024-07-08 21:28:11 +01:00
Daniel Barlow afcc6a6436 s6-rc-up-tree pass -b to s6-rc command 2024-07-08 21:27:54 +01:00
Daniel Barlow 2e8e05f31a wip: rewrite s6-rc-up-tree in an actual procgramming language
and write some tests for it, too
2024-07-08 21:27:42 +01:00
Daniel Barlow 143137cbc6 pppoe: set lcp echo failure timeout 2024-07-08 21:25:42 +01:00
Daniel Barlow 8d228f2bef mess with redial 2024-07-08 21:24:44 +01:00
Daniel Barlow 5751058d59 gl-ar750 swap lan and wan
I don't know if I just got it wrong the first time or if something
weird is going on
2024-07-08 21:19:30 +01:00
Daniel Barlow 5ac7e1e9b2 write-fennel: set $PATH if lualinux is available 2024-07-08 21:18:02 +01:00
Daniel Barlow c75452549b think 2024-07-08 21:17:12 +01:00
Daniel Barlow 2663f58807 disable security for bordervm "liminix" share
tftp needs to be able to follow symlinks into the store
2024-07-01 20:53:03 +01:00
Daniel Barlow 9dbc285605 build libusb1 without libatomic 2024-06-30 17:52:17 +01:00
Daniel Barlow 8b6aa2134e zyxel dual image; restore deleted params 2024-06-30 17:50:45 +01:00
Daniel Barlow 3df1ec76ff cleanup whitespace and commas
* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning

In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time
2024-06-30 17:16:28 +01:00
Daniel Barlow 0d3218127f remove unused makeWrapper input 2024-06-30 10:46:37 +01:00
Daniel Barlow e94bf62ec1 remove dead code (run deadnix) 2024-06-29 22:59:27 +01:00
Daniel Barlow 16a2499d74 avoid makeWrapper on host, it requires bash 2024-06-29 22:36:05 +01:00
Daniel Barlow d4d8093f97 working l2tp-over-wwan stick example 2024-06-20 10:15:54 +01:00
Daniel Barlow 7c9c801afc rename isTrigger to restart-on-upgrade
we're moving away from "trigger" services to "controller" services,
and "restart-on-upgrade" is the name used by s6-rc
2024-06-16 12:58:06 +01:00
Daniel Barlow c4185617c0 a6-rc-up-tree wait for lock if needed 2024-06-15 15:36:07 +01:00
Daniel Barlow 06d28e9b08 dhcpc handle case when env vars are missing
the notify-script should continue and signal readiness even if one or
more of the outputs it writes are mssing in the environment
2024-06-15 15:34:49 +01:00
Daniel Barlow 9540fc2641 add writeAshScriptBin (forgot to add file) 2024-06-15 15:04:56 +01:00
Daniel Barlow adc84108ad Revert "wwan gets address from ppp ipcp not dhcp"
This reverts commit be13ab23ca.
2024-06-15 15:04:33 +01:00
Daniel Barlow eae99051fa exec devout in service definition
makes little practical difference but saves a process slot
2024-06-15 15:01:57 +01:00
Daniel Barlow 49d1703428 add s6-rc-up-tree: start reverse deps of controlled service
When s6-rc stops a service, it also stops everything that
depends on it. but when it starts a service it starts only
that service, so we have to go through the other services
depending on it and figure out if they should be started too.
2024-06-15 14:59:34 +01:00
Daniel Barlow 1d337588f9 think 2024-06-15 09:04:19 +01:00
Daniel Barlow 29a869b4fa qemu: use kmodloader for wifi 2024-06-13 10:12:17 +01:00
Daniel Barlow 5ae1b0a193 Revert "bodervm: remove usbutils until we can fix the udev dep"
This reverts commit c22e3fb2ef.
2024-06-12 20:58:13 +01:00
Daniel Barlow 473a4947a5 inout test: wait longer for disk to appear 2024-06-12 20:44:03 +01:00
Daniel Barlow 50bad5c604 libusb needs udev on build
this is a workaround to make CI work again, but what we really need to
do is completely separate the nixpkgs used for nixos build-system
tools from the nixpkgs we use for liminix host binaries
2024-06-12 18:55:30 +01:00
Daniel Barlow c22e3fb2ef bodervm: remove usbutils until we can fix the udev dep 2024-06-12 13:07:29 +01:00
Daniel Barlow f898e4dca2 remove debug 2024-06-12 13:03:26 +01:00
Daniel Barlow 5121a8563d callService: dependencies are services not names 2024-06-12 12:58:57 +01:00
Daniel Barlow 78be354b6e think 2024-06-12 12:52:52 +01:00
Daniel Barlow be13ab23ca wwan gets address from ppp ipcp not dhcp 2024-06-12 12:51:07 +01:00
Daniel Barlow 4b30cd7a75 think 2024-06-11 14:05:32 +01:00
Daniel Barlow b15542b668 start correct services at boot
- uncontrolled services that are not dependent on a controlled service
- controllers
- _not_ controlled services or any other service that depends on one
2024-06-11 14:04:14 +01:00
Daniel Barlow 6daeaf29a0 flip controller/controlled relationship for wwan services 2024-06-11 14:02:48 +01:00
Daniel Barlow e6ca5ea064 store derivations not just names for service deps
.. also controllers, contents. This is to make it possible (easier)
to work out transitive dependencies at build time
2024-06-11 14:01:06 +01:00
Daniel Barlow e6e4665a18 flip dependencies for triggered/controlled services
Instead of treating the trigger as the "main" service and the
triggered service as subsidary, now we treat the triggered
service as the service and the trigger as "subsidary". This
needs some special handling when we work out which services
go in the default bundle, but it works better for declaring
dependencies on triggered services because it means the
dependency runs after the triggered service comes up, not
just when the watcher-for-events starts
2024-06-09 22:37:45 +01:00
Daniel Barlow 2c10790a6d think 2024-06-09 11:19:38 +01:00
Daniel Barlow 571adf84c0 inherit builtins.map 2024-06-07 16:55:45 +01:00
Daniel Barlow c8c79fd75a update all calls to uevent-watch 2024-06-02 20:42:09 +01:00
Daniel Barlow 884d8d194e wrap uevent-watch in a service 2024-06-02 20:42:09 +01:00
Daniel Barlow f091bbd706 devout: recognise attr,attrs when parsing search term string 2024-06-01 23:48:05 +01:00
Daniel Barlow 37d7e20582 wwan use uevent-watch to find tty for AT commands 2024-06-01 23:47:20 +01:00
Daniel Barlow 04b068f7a3 delete unused code 2024-06-01 22:43:48 +01:00
Daniel Barlow 53f57c1a8c devout: support sysfs attributes for (grand*)parent device 2024-06-01 22:43:27 +01:00
Daniel Barlow 19aba0d873 devout: support search for sysfs attributes 2024-06-01 21:20:41 +01:00
Daniel Barlow 7d00b39249 rename attributes->properties when referring to uevent fields
properties: key-value pairs in the uevent message
attributes: file contents in sysfs
2024-06-01 12:17:49 +01:00
Daniel Barlow 7aa8633cde think 2024-06-01 12:16:21 +01:00
Daniel Barlow 58bec8a40f semi-automate tftpbooting with minicom 2024-05-26 18:03:32 +01:00
Daniel Barlow a3fca5bf05 devout: add functions to read sysfs attributes 2024-05-26 18:03:32 +01:00
Daniel Barlow e0bd7aec1e wwan: hook usb-modeswitch to uevent 2024-05-26 18:03:32 +01:00
Daniel Barlow e815f61bb5 think 2024-05-26 18:00:31 +01:00
Daniel Barlow af9200a136 skip symlink handing unless linkname was provided 2024-05-26 18:00:31 +01:00
Daniel Barlow 898958fa10 make a serviceDefn for wwan 2024-05-22 18:54:49 +01:00
Daniel Barlow fa0f262706 commentary 2024-05-22 18:54:49 +01:00
Daniel Barlow 71aeb27b2f add hacky wwan service with hardcoding all over 2024-05-22 18:54:49 +01:00
Daniel Barlow 530b4080c9 create cdc-ncm module 2024-05-22 18:54:49 +01:00
Daniel Barlow 58cd007ccc barebones usb_modeswitch package 2024-05-22 18:54:49 +01:00
Daniel Barlow 3a56798eb5 l2tp set default route via tunnel 2024-05-22 18:54:49 +01:00
Daniel Barlow 758c7ef657 exec xl2tpd
haven't fully worked out why, but without this s6 is unable to stop it.
2024-05-22 18:54:49 +01:00
Daniel Barlow 73225a70b2 add rudimentary l2tp service module 2024-05-22 18:54:49 +01:00
Daniel Barlow ab304dd3f1 bordervm enable nat 2024-05-22 18:47:37 +01:00
Daniel Barlow 0d49f0f7a7 gl-ar750 appendDTB 2024-05-22 18:47:16 +01:00
Daniel Barlow e64390460a memorable net device names for gl-ar750
linux's view of eth1 and eth0 are opposite to that of u-boot
2024-05-22 18:47:08 +01:00
Daniel Barlow c0ef6ce282 list pkgs we need in bordervm build
it's a bit silly trying to build it with the whole liminix overlay
when it's a nixos system not a liminix system
2024-05-22 18:45:35 +01:00
Daniel Barlow bd6ec5201f run dhcp server on bordervm
this is for testing clients that have dhcp upstream
2024-05-22 18:45:35 +01:00
Daniel Barlow b4068da9fe tftp addresses 2024-05-22 18:45:35 +01:00
Daniel Barlow aa4b09da85 think (foreshadowing) 2024-05-22 18:45:23 +01:00
Daniel Barlow 471c63b399 s6-rc do cleanup in "finish", don't append to "run" script
s6-supervise sends signals (e.g. SIGTERM) to the pid of the process
running "run", so how do we know if the ceanup commands are even
getting executed if the shell interpreter that is supposed to do that
got killed already?
2024-05-13 17:53:02 +01:00
Daniel Barlow 782feaeafa set default for firewall extraRules 2024-05-03 16:28:53 +01:00
Daniel Barlow ac54c89427 add busybox to bordervm for udhcpd 2024-05-01 23:09:23 +01:00
Daniel Barlow 5a3646cb29 add authorized keys to bordervm
You don't often need this because it has autologin, but sometimes
you want to do antics involving sshing through it to the wan port
of a test device.

Note that you probably wanted to start bordervm with funny qemu
options to even make that possible

 nix-shell --run "QEMU_NET_OPTS=hostfwd=tcp::10022-:22 run-border-vm"
2024-05-01 23:07:11 +01:00
Daniel Barlow e249f48cff add deps on {ins,rm}mod and kconfig for firewall module 2024-05-01 23:06:12 +01:00
Daniel Barlow 6661e42684 mt300a tftpboot needs appendDTB 2024-05-01 23:04:25 +01:00
Daniel Barlow b9ba9ef835 mt300a remove unneeded service dependencies 2024-05-01 23:03:55 +01:00
Daniel Barlow 8b69dcc209 pass entire config fragment to levitate, not just services
to make it useful we need to be able to set packages, passwords, ssh
keys etc
2024-04-29 20:07:01 +01:00
Daniel Barlow 9b3a3b9ff7 add levitate to arhcive
this is largely untested
2024-04-28 21:38:13 +01:00
Daniel Barlow 7d08497bcb arhcive remove coldplug fudge 2024-04-28 21:37:30 +01:00
Daniel Barlow 0e84adaa0e maybe don't need deps for gl-mt300a vlan devices?
will delete them next time I have that device open to test
2024-04-28 21:35:09 +01:00
Daniel Barlow 660ed5df8f vlan interface services depend on primary 2024-04-28 21:33:36 +01:00
Daniel Barlow 792a11c8c0 gl-mt300n-v2 use full path to swconfig in service stop 2024-04-28 21:32:42 +01:00
Daniel Barlow 7e4a05bbf8 separate kernel and base modules
this is needed for levitate
2024-04-28 12:44:27 +01:00
Daniel Barlow a4ba5c85e1 alphabetize list in all-modules 2024-04-28 12:42:47 +01:00
Daniel Barlow 723ef73d5a inout: test hotplug and coldplug 2024-04-27 22:41:30 +01:00
Daniel Barlow 3d4e782929 devout: run tests in postBuild
because checkPhase is not executed when cross-compiling, and this
package is always only cross-compiled
2024-04-27 21:07:25 +01:00
Daniel Barlow 1b6a05aec5 make uevent-watch use devout instead of direct netlink 2024-04-27 21:07:25 +01:00
Daniel Barlow 80628a3d90 move event matching tests to devout
in preparation for future uevent-watch not needing to do
event matching
2024-04-27 21:07:25 +01:00
Daniel Barlow bf0cafffed start devout alongside mdevd
ensure it starts before mdevd-coldplug so it can populate
its database
2024-04-26 20:52:12 +01:00
Daniel Barlow e49aba127c devout: improve socket error handling 2024-04-26 20:49:23 +01:00
Daniel Barlow 324465bc18 devout: write uevent KEY=value format to clients 2024-04-26 17:37:28 +01:00
Daniel Barlow b33249a050 devout: add readiness notification 2024-04-26 17:23:29 +01:00
Daniel Barlow b9c084415e devout: handle readiness on netlink socket but no event 2024-04-26 17:20:33 +01:00
Daniel Barlow cf9cadd212 devout: replay relevant events to new subscriber 2024-04-26 17:20:33 +01:00
Daniel Barlow a116fe084a devout: use socket constants from anoia.net.constants 2024-04-26 16:48:51 +01:00
Daniel Barlow 74cf3e0711 add anoia.net.constants for SOCK_{STREAM,DGRAM} etc
we use an ugly bit of C preprocessor to get the values from
header files, because certain constants are different on MIPS
than on other architectures
2024-04-26 16:43:09 +01:00
Daniel Barlow 9795f03da4 think 2024-04-26 16:41:31 +01:00
Daniel Barlow cdb23b147c convert anoia.fs to use lualinux 2024-04-25 21:14:37 +01:00
Daniel Barlow dbd1264352 convert anoia.fs to use lualinux instead of lfs 2024-04-24 20:44:32 +01:00
Daniel Barlow 834858d5bc think 2024-04-24 18:33:57 +01:00
Daniel Barlow 18335b95e3 devout: strip newlines from client terms
this is just to make testing with socat easier
2024-04-24 18:33:02 +01:00
Daniel Barlow 6bee2f67ac devout: add incoming netlink messages to database 2024-04-24 18:32:27 +01:00
Daniel Barlow b4ba3eea21 fix revents in unpack-pollfds 2024-04-24 18:31:26 +01:00
Daniel Barlow 16af3984c9 add lualinux to fennelrepl 2024-04-24 18:30:34 +01:00
Daniel Barlow ce7e395295 devout test: replace minisock with lualinux 2024-04-24 18:29:24 +01:00
Daniel Barlow 7e13e017eb add readline suport to fennelrepl 2024-04-24 18:28:39 +01:00
Daniel Barlow bbf2f53c0e cross-compile lualinux 2024-04-24 18:28:14 +01:00
Daniel Barlow 032d0f8aca add netlink socket
it's not hooked up to anything yet, but it proves we can
do this with lualinux
2024-04-23 23:34:25 +01:00
Daniel Barlow b8ac9e5279 convert devout from minisock to lualinux 2024-04-23 23:33:11 +01:00
Daniel Barlow ff2604ca5d think 2024-04-23 23:30:50 +01:00
Daniel Barlow 72789984ce add lualinux package 2024-04-23 22:41:38 +01:00
Daniel Barlow 90d9d0e811 update minisock to not scribble on lua strings 2024-04-23 20:19:33 +01:00
Daniel Barlow 97a8ae1c84 devout: add event loop and main `run` function 2024-04-23 20:15:02 +01:00
Daniel Barlow 52eb283a26 implement unsubscribe
and add ids to subscribe so that there's a unique identifier
to pass to unsubscribe
2024-04-23 20:12:46 +01:00
Daniel Barlow cbb1de804e switch to minisock fork witj poll() call
this is likely to be temporary as minisock is getting
replaced with lualinux
2024-04-23 20:09:41 +01:00
Daniel Barlow f9c03998b8 implement subscriptions with callback 2024-04-21 13:19:17 +01:00
Daniel Barlow 50de1b090f add the rest of the test list (all we've thought of) 2024-04-21 11:22:26 +01:00
Daniel Barlow 648382f64a report bodyless tests as PENDING 2024-04-21 11:19:42 +01:00
Daniel Barlow e9370358ae implement "remove" events 2024-04-21 11:19:06 +01:00
Daniel Barlow 762ce7b6b8 cut/paste devout implementation into a real module 2024-04-20 22:48:00 +01:00
Daniel Barlow b1c0560f4f implement fetch by path 2024-04-20 22:20:43 +01:00
Daniel Barlow e34135c41a improve failed test reporting 2024-04-20 21:46:37 +01:00
Daniel Barlow 712c9b266f implement find 2024-04-20 18:42:42 +01:00
Daniel Barlow 4df963996c devout: add device 2024-04-20 18:24:10 +01:00
Daniel Barlow 349bfecbb8 new package "devout", does nothing yet 2024-04-20 17:45:40 +01:00
Daniel Barlow 450d3820b2 clean up uevent-watch test using writeFennel and mainFunction
requires less cavorting with globals and stuff
2024-04-20 16:53:43 +01:00
Daniel Barlow 771585546d import expect= where previously it was copy-pasted 2024-04-20 15:09:50 +01:00
Daniel Barlow 73abf952d5 package minisock, a minimal Lua socket library 2024-04-20 15:09:17 +01:00
Daniel Barlow 8af4e9fd5b package anoia assert macros and point fennelrepl at them 2024-04-20 14:59:14 +01:00
Daniel Barlow 7e19d80130 anoia: add assert macro module
contains expect and expect=
2024-04-20 14:04:32 +01:00
Daniel Barlow 0f0688c802 think 2024-04-20 14:03:48 +01:00
Daniel Barlow b43f17f655 think 2024-04-20 12:23:04 +01:00
Daniel Barlow adf62d4483 arhcive: make it work when disk is attached before boot
This is a bit of a kludge (a lot of a kludge) but it will
get it running whilt I work on something better
2024-04-17 18:49:30 +01:00
Daniel Barlow 68eb1360f6 use appended dtb in gl-mt300n-v2 tftpboot
probably the A variant needs this as well
2024-04-17 18:48:19 +01:00
Daniel Barlow 19ad6cd278 watchdog: put s6 pkg on $PATH for s6-svstat 2024-04-17 13:01:10 +01:00
Daniel Barlow 00076c7b81 mount service: use uevent-watch 2024-04-17 12:59:13 +01:00
Daniel Barlow 721e7499f3 arhcive: use usb module instead of harcoded kconfig 2024-04-17 12:53:43 +01:00
Daniel Barlow fc723b9a35 think 2024-04-16 18:59:01 +01:00
Daniel Barlow a5f16dfa81 convert inout test to use uevent-watch 2024-04-15 22:15:27 +01:00
Daniel Barlow 41a4b1f7ef clean cruft from inout test script 2024-04-15 22:00:44 +01:00
Daniel Barlow 42a5699326 remove unneeded config from inout test 2024-04-15 21:19:18 +01:00
Daniel Barlow ea2b25168e add uevent-watch, which toggles services based on uevent msgs 2024-04-15 21:15:07 +01:00
Daniel Barlow 5564cf0554 add nellie.close 2024-04-14 22:45:29 +01:00
Daniel Barlow f3a13630d3 add multicast groups param to nellie.open 2024-04-14 22:45:29 +01:00
Daniel Barlow f233acf9ff netlink uevent hello world 2024-04-14 22:45:29 +01:00
Daniel Barlow b6a054c588 add mdevd as module
following the upstream example, it republishes uevent messages
using multicast group 4 instead of group 2 as used by udev.
2024-04-14 21:59:23 +01:00
Daniel Barlow b231664a06 anoia: add basename, dirname 2024-04-11 23:11:20 +01:00
Daniel Barlow f4bf3029fa anoia: alphabetize exports 2024-04-11 23:11:13 +01:00
Daniel Barlow 05f2c9a2f7 add lua in nix-shell environment 2024-04-11 23:11:06 +01:00
Daniel Barlow 5df5c822ea convert mount service to trigger
Good: this means it's not hanging holding the s6 dataase lock.

Bad: it's the ugliest implementation and doesn't deserve to be preserved

(tbf the ugliness is not new)
2024-04-03 23:17:36 +01:00
Daniel Barlow 4795dd05b7 unconditionally restart trigger services on liminix-rebuild
We call s6-rc -u -p default to restart/start the base services
on a rebuild, otherwise services that are only in the new
configuration won't come up. However, this stops any service
started by a trigger. So, workaround is to restart the trigger
service and expect it to restart the services it manages if they're
needed
2024-04-03 23:07:56 +01:00
Daniel Barlow a192f08881 remove missing module 2024-03-29 17:34:10 +00:00
Daniel Barlow a873dc6608 Merge commit 'efcfdcc' 2024-03-28 23:47:04 +00:00
Daniel Barlow 2fb4756a7f add soft restart option to liminix-rebuild
instead of doing a full reboot, it runs activate / and uses
s6-rc-update to install the new service database
2024-03-28 23:45:10 +00:00
Daniel Barlow 04f5174425 fix vanilla-configuration defaultroute 2024-03-28 22:13:21 +00:00
Daniel Barlow dca2e4def1 fix params to s6-rc-init
flags must precede scandir otherwise they're ignored
2024-03-28 21:56:28 +00:00
Daniel Barlow b60126775a improve liminix-rebuild test
* make it executable
* improve robustness
* do't hardcode services.default (why did it do this?)
2024-03-28 21:37:47 +00:00
Daniel Barlow 76f11bcc93 liminix-rebuild: remove -f flag from reboot call
now we have timeouts in service definitions, shouldn't need this
any more
2024-03-28 21:37:47 +00:00
Daniel Barlow efcfdcc21d think 2024-03-28 20:59:39 +00:00
Daniel Barlow 77f1a78331 ifwait block if s6-rc lock is held
otherwise it doesn't trigger the service if something else is
slow to start
2024-03-28 20:59:39 +00:00
Daniel Barlow 28a5dec7dd implement ifwait trigger service and use in bridge
should we convert all ifwait uses to this trigger too? seems
reasonable
2024-03-28 20:59:39 +00:00
Daniel Barlow fad0a47b75 add config.system.callService
this is like pkgs.callService except that it passes
config.system.service as a param so that the service
being defined can invoke other services

if this proves to be a good idea, all uses of
pkgs.callService should be changed to use it instead
2024-03-28 20:59:39 +00:00
Daniel Barlow af52aafc84 deep thoughts 2024-03-28 20:59:39 +00:00
Daniel Barlow 34442b6069 failing test for ifwait 2024-03-28 20:59:39 +00:00
Daniel Barlow b8a46fc05e allow buildInputs param to s6 service
this is in preparation for trigger services that need to
close over the triggered service without adding it to
s6-rc dependencies
2024-03-28 20:58:53 +00:00
Daniel Barlow 8ac2c6cec1 support timeouts (default 30s) for starting s6-rc services 2024-03-28 20:58:47 +00:00
Daniel Barlow 8879b2d1ba fix rt2x00 wifi 2024-03-28 20:58:39 +00:00
Daniel Barlow 83e346d5a0 add deviceName param 2024-03-22 21:55:44 +00:00
Daniel Barlow 156b1fe64a deep thoughts 2024-03-22 21:54:38 +00:00
Daniel Barlow 1a314e55b7 firewall module: provide default rules and merge extraRules
a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules.  Specifying `rules` will override the defaults
2024-03-21 12:00:34 +00:00
Daniel Barlow 9263b21faa create gateway profile by extracting from rotuer example 2024-03-21 10:04:42 +00:00
Daniel Barlow 0a820a702a extneder: delete nftables kernel config
don't need nftables on a bridge. (do we? hope not)
2024-03-20 19:05:31 +00:00
Daniel Barlow 4ea518e296 expose modulesPath to ease out-of-tree configuration.nix 2024-03-20 18:58:44 +00:00
Daniel Barlow 98318b450d deep thoughts 2024-03-16 20:16:49 +00:00
Daniel Barlow e4ac7f19dc fix ifwait deps 2024-03-16 20:16:49 +00:00
Daniel Barlow 9c22744850 deep thoughts 2024-03-16 20:16:49 +00:00
Daniel Barlow c697be8c28 temporary fix for cmake cross-compilation 2024-03-16 20:16:49 +00:00
dan 202a37221a Merge pull request 'tftpboot: use commandLineDtbNode' (#11) from flokli/liminix:tftpboot-honor-commandLineDtbNode into main
Reviewed-on: dan/liminix#11
2024-03-16 18:18:18 +00:00
Florian Klink 436eb03a7b tftpboot: use commandLineDtbNode
config.boot.commandLineDtbNode can be set from `bootargs` to
`bootargs-override` (used for boards where the u-boot on the board does
set `bootargs` on its own).

In that case, the code updating the cmdline for tftpboot purposes also
needs to update this node, not the `bootargs` node.

Otherwise the kernel won't find the phram device, as it never heard
about it, as it didn't get the necessary cmdline options.
2024-03-16 20:06:38 +02:00
Daniel Barlow e5963ae3f7 deep thoughts 2024-03-06 23:19:47 +00:00
Daniel Barlow f164f19d95 service starts and stops 2024-03-06 23:19:47 +00:00
Daniel Barlow dd4ab41f6a rename run-event 2024-03-06 23:19:47 +00:00
Daniel Barlow 5d5dff6729 WIP add failing test that service starts 2024-03-06 23:19:47 +00:00
Daniel Barlow 570d29c368 pass command line params to run instead of reffing global 2024-03-06 23:19:47 +00:00
Daniel Barlow 725af00dc9 improve test for dummy0 up
if we run off the end of the events fixture, it didn't work
2024-03-06 23:19:47 +00:00
Daniel Barlow e1b932ec27 remove hardcoded filename in test event generator 2024-03-06 23:19:47 +00:00
Daniel Barlow 7173b6fb1c don't call os.exit 2024-03-06 23:19:47 +00:00
Daniel Barlow ed9548f21d pass event producer fn as param 2024-03-06 23:19:47 +00:00
Daniel Barlow 0787807a7f ifwait: don't run on load if in test harness 2024-03-06 23:19:47 +00:00
Daniel Barlow 38ed91f641 simplify assertion 2024-03-06 23:19:47 +00:00
Daniel Barlow ffe9603c39 remove file-scoped parameters var 2024-03-06 23:19:47 +00:00
Daniel Barlow cbd3dfefc5 ifwait fixture/test harness 2024-03-06 23:19:47 +00:00
Daniel Barlow 018c1868b5 ifwait: use anoia.assoc 2024-03-06 23:19:47 +00:00
Daniel Barlow 5184ff63f7 add anoia.nl, a convenience wrapper on netlink 2024-03-06 23:19:47 +00:00
Daniel Barlow 35909c9a23 add netlink to fennelrepl 2024-03-06 23:19:47 +00:00
Daniel Barlow 4383462199 deep thoughts 2024-03-06 23:19:47 +00:00
Daniel Barlow 9730cdd63b add assoc to anoia 2024-03-06 23:19:47 +00:00
dan 095853214b Merge pull request 'Fix kernel build on belkin' (#10) from sinavir/liminix:fix_kernel_build_on_belkin into main
Reviewed-on: dan/liminix#10
2024-03-06 18:21:13 +00:00
Daniel Barlow 9d6e50cbbc extract extneder example to a "profile"
this is a bit of an experiment to reduce the copy-paste in
examples by turning them into "application" modules.

planning to follow up with another module for "wifi router"
2024-02-27 23:13:12 +00:00
Daniel Barlow 94dbc56595 fix doc 2024-02-27 20:08:30 +00:00
Daniel Barlow 2cd7f932eb alignment may be null 2024-02-27 19:47:46 +00:00
sinavir 27c7735f02 belkin-RT3200: fix kernel options 2024-02-22 21:57:40 +01:00
sinavir 29c9de248d fix import of openwrt sources 2024-02-22 21:57:33 +01:00
Daniel Barlow 3ca0d87c27 ci.nix: alphabetise systems 2024-02-21 19:49:14 +00:00
Daniel Barlow 8f30db58ae New port to Zyxel NWA50AX: update NEWS and ci.nix 2024-02-21 19:32:50 +00:00
Daniel Barlow f9ab0590a6 Merge remote-tracking branch 'raito/nwa50ax' 2024-02-21 19:27:23 +00:00
Daniel Barlow 84fa8d65f4 fennel: system: verbose log of command that was run 2024-02-21 19:27:14 +00:00
Daniel Barlow 9b0149ecb7 deep thoughts 2024-02-21 19:26:33 +00:00
Raito Bezarius baf3cf7413 devices/zyxel-nwa50ax: fix dual image mgmt after DTB expansion
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 03:13:35 +01:00
Raito Bezarius c5145b5fc9 devices/zyxel-nwa50ax: make `zyxel-bootconfig` executable
Otherwise, it doesn't work well…

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 03:13:21 +01:00
Raito Bezarius 628f4dfdbe devices/zyxel-nwa50ax: developer todo
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 03:13:21 +01:00
Raito Bezarius da59e2a349 devices/zyxel-nwa50ax: complete documentation
It covers everything I know more or less.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:57:34 +01:00
Raito Bezarius c0a9571a13 devices/zyxel-nwa50ax: upgrade MT7915 firmware from OpenWRT repository
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:57:34 +01:00
Raito Bezarius d6ffdd7be6 devices/zyxel-nwa50ax: expose primary and secondary images
To support A/B a bit better.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:57:34 +01:00
Raito Bezarius 985f982435 examples/nwa50ax-ap: support bridge between lan and ethernet
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius a893c0dc4c devices/zyxel-nwa50ax: use our own more advanced DTB
OpenWRT had a DTB for the NWA50AX LEDs that I didn't pick up.

Anyway, we need to include our own special DTB for the NWA platform in general
to support A/B operations, because OpenWRT original one just mark everything else read-only.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius 3ec29dc1b9 examples/nwa50ax-ap: ensure `mtdutils` is available for further flashing
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius 0e81953b67 devices/zyxel-nwa50ax: cleanup of `flash` attribute and `rootDevice`
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius 3c70a0d037 devices/zyxel-nwa50ax: ensure bridge is always available
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius 422f3edab1 modules/zyxel-dual-image: init
This adds a simple boot blessing module, to be used, with the Zyxel NWA50AX.

There's a lot of elephant in the rooms: how do you upgrade kernel, etc.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius c14b2f6356 modules/busybox: add `dhcprelay`
This enables to run a DHCP relay from multiple interfaces.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius cdafff2095 examples/nwa50ax-ap: init
This is a quite comprehensive example using maximally the hardware
available to reach nice performance.

In the future, I will even add RADIUS examples.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-19 02:48:50 +01:00
Raito Bezarius 13f1bb9f52 devices/zyxel-nwa50ax: init 2024-02-19 02:48:48 +01:00
Raito Bezarius 019fef6929 zyxel-bootconfig: init at no version
This tool is useful for manipulating the A/B boot status of the image.
2024-02-18 20:30:41 +01:00
Raito Bezarius 63007859c2 modules/outputs/zyxel-nwa-fit: init
Zyxel "firmware" format is just… a FIT with some metadata on the models.

This FIT is like this:

--------------------------
    uImage FIT header
--------------------------
    Linux kernel
--------------------------
    FDT DTB
--------------------------
    Padding so that
    this makes
    8192kb [1]
--------------------------
    UBI volume
    as a root filesystem
--------------------------

We just reproduce this in a very brutal and naive way.
In the future, this seems worth to generalize and modularize this idea
so that zyxel-nwa-fit is just an instance of a more general output.

[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=target/linux/ramips/image/mt7621.mk;h=ab1b829ba0086cb9fc9ca8cbbf3cbc14735034d6;hb=refs/heads/main#l3097

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-18 20:30:41 +01:00
Raito Bezarius e9ab8d7183 modules/outputs/ubivolume: introduce ubinization
It creates an UBI image based on an UBI volume configuration.

For now, it creates only an empty rootfs.
2024-02-18 20:30:41 +01:00
Raito Bezarius 3dc58de0eb modules/outputs: expose `commandLineDtbNode` option
We allow `bootargs` and `bootargs-override` for now only.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-18 20:30:41 +01:00
Raito Bezarius dde8386f75 builders/uimage: support aligning the FIT
This is necessary when writing to a MTD partition with a certain erasesize.
2024-02-18 20:30:41 +01:00
Raito Bezarius c59364d623 modules/outputs/ubifs: expose `rootubifs` rather than `rootfs`
I believe there should be another module exposing `rootubifs` as `rootfs`
or let any other module just subsume that component like `zyxel-nwa-fit` output.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-18 20:30:41 +01:00
Raito Bezarius b76c5b4abe modules/ubifs: revamp to offer directly access to the UBIfs partition
Adds the LEB and PEB option and let the user remove the boot image in case
where U-Boot does not support UBI boot.
2024-02-18 20:30:41 +01:00
Raito Bezarius 0a8343be66 pkgs/kernel/uimage: introduce `commandLineDtbNode`
Certain devices like the Zyxel NWA50AX will pass information on the command-line
to explain what is the current image (`bootImage=1` vs. `bootImage=0`).

Unfortunately, if we set the `chosen/bootargs` node, this will be overridden forcibly
by U-Boot.

To avoid this problem, it's easier to simply just use another DTB node like `bootargs-override` which
is what OpenWRT does [1].

[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=target/linux/ramips/patches-5.15/314-MIPS-add-bootargs-override-property.patch;h=e7dca7af886e8c0b69ba2b23f5855ddfeeb0d4a1;hb=refs/heads/main

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-18 20:30:41 +01:00
Raito Bezarius d14ee41325 liminix-rebuild: use `-f` flag to reboot effectively
My AP does not reboot upon `reboot` but `reboot -f`… why?

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-17 11:45:17 +00:00
Raito Bezarius 8f814658fe hostapd: enable 802.11ax
For people enjoying WiFi 6 heaven… :>

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-17 11:45:10 +00:00
Daniel Barlow 60508f4d4e update NEWS
* Turris Omnia
* possible wifi regressions
2024-02-16 21:00:59 +00:00
Daniel Barlow ca64e9035e gl-ar750 ath9k needs cal data from MTD 2024-02-16 20:44:56 +00:00
Daniel Barlow 4bcc3d5b28 dhcpc6 scripts: simplify (and improve correctness) 2024-02-16 18:47:12 +00:00
Daniel Barlow 28fe37d555 deep thoughts 2024-02-16 18:30:54 +00:00
Daniel Barlow 175db9f604 tail -F for rotuer 2024-02-16 18:30:24 +00:00
Daniel Barlow b5722a0153 gl-ar750: ath10k wireless depends on firmware
so make sure the firmware is present _first_

the ath10k is still broken anyway, looking into why
2024-02-16 00:38:36 +00:00
Daniel Barlow c373152673 make tftpboot work on devices with old u-boot
Some devices have a U-boot variant that does not accept a third
parameter on the "bootm" command, meaning we can't override the dtb
in the bootloader so have to smush it back into the kernel image

This doesn't work in QEMU but I think the problem is with the
U-Boot configuration for QEMU. It does work on at least one
hardware device so I'm pushing it anyway

Based on
https://gti.telent.net/raboof/liminix/src/branch/tftp-old-uboot

Co-authored-by:  Arnout Engelen <arnout@bzzt.net>
2024-02-15 23:44:47 +00:00
Daniel Barlow 7e7171556f subdue dnsmasq logs
we need to find a better way of doing this. people might _want_
to have All The Logs from evey dns query
2024-02-15 23:43:54 +00:00
Daniel Barlow 6920ee765d deep thoughts 2024-02-15 09:11:54 +00:00
Daniel Barlow 71a1ef286e deep thoughts 2024-02-13 22:32:57 +00:00
Daniel Barlow ffe0e9d26b use mkstate for dropbear keys 2024-02-13 22:12:26 +00:00
Daniel Barlow 2b22c7aa91 dnsmasq: store dhcp lease file on /persist 2024-02-13 21:54:45 +00:00
Daniel Barlow 3c950704e1 rename /run/service-state to /run/services/outputs 2024-02-13 21:41:43 +00:00
Daniel Barlow 8578a554c7 deep thoughts 2024-02-13 21:11:30 +00:00
Daniel Barlow 3851698d35 fix tftpboot compressed rootfs 2024-02-13 18:16:17 +00:00
Daniel Barlow f69ebbb6f5 fix doc CI target 2024-02-13 15:41:45 +00:00
Daniel Barlow 16e4b05653 dhcp6c: set preferred and valid address lifetimes
also workaround a bug in rebinding/updates where we get an error
from "ip addr add" trying to add an address that's already present
2024-02-13 13:49:12 +00:00
Daniel Barlow 8ac848b1e6 ath10k_pci: wifi modules must be modules 2024-02-13 12:56:03 +00:00
Daniel Barlow b7efbd3e21 update NEWS file 2024-02-12 21:10:52 +00:00
Daniel Barlow a654577ac2 improve port-forwarding comment 2024-02-12 21:05:01 +00:00
Daniel Barlow c50423f689 turris omnia: upgrade to mainline 6.7.4 kernel
On this device we don't need the openwrt kernel or patches. The
newer kernel also fixes the weird one minute pause at boot when
it was doing something with either mmc or switch.
2024-02-12 20:43:01 +00:00
Daniel Barlow 65479e206b use regular kernel not backports for mac80211
the kernel on most devices is now newer than the version that the
backported drivers were backported from
2024-02-12 20:41:10 +00:00
Daniel Barlow 79926c6fe7 remove call to deleted package 2024-02-12 14:56:12 +00:00
Daniel Barlow ae4856ea7c improve firewall comment 2024-02-12 13:56:56 +00:00
Daniel Barlow b9c0d93670 build modules at same time as main kernel vmlinux
This changes the practice for building kernel modules: now we expect
that the appropriate Kconfig symbols are set to =m in
config.kernel.config, and then use pkgs.kmodloader to create
a service that loads and unloads all the modules depended on by
a particular requirement.

Note that modules won't be installed on the target device just by
virue of having been built: only the modules that are referenced by a
kmodloader package will be in the closure.

An example may make this clearer: see modules/firewall/default.nix
in this commit.

Why?

If you have a compiled Linux kernel source tree and you change some
symbol from "is not set" to m and then run make modules, you cannot in
general expect that newly compiled module to work. This is because
there are places in the build of the main kernel where it looks to see
which modules _may_ be defined and uses that information to
accommodate them.

For example in an in-kernel build of

  https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689

some symbols are defined only if CONFIG_NF_CONNTRACK is set, meaning
this code won't work if we have it unset initially then try later to
enable it and build modules only. Or see

  https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
2024-02-11 23:47:11 +00:00
Daniel Barlow 11287a8436 allow lan dns queries (ipv6) 2024-02-11 23:32:46 +00:00
Daniel Barlow 57aece0709 rotuer: don't forward queries for local domain 2024-02-11 23:32:46 +00:00
Daniel Barlow c1d285a220 rotuer: network debugging tools 2024-02-11 23:32:46 +00:00
Daniel Barlow dce983ec79 move kernel module to its own subdir 2024-02-11 18:15:55 +00:00
Daniel Barlow 812f497660 add kernel.version param to allow for version-specific patches
default to 5.15.137 to avoid breaking the devices that don't declare it
2024-02-11 16:19:52 +00:00
Daniel Barlow 1206d02200 rotuer-secrets: remove root_password, add wifi ssid and domainName
this is step one towards getting rid of rotuer-secrets completely and
turning rotuer into a "profile" module that can be less hackily
customised for other people's networks
2024-02-11 15:56:14 +00:00
Daniel Barlow 7c196bf9b4 rotuer: make 5GHz wifi faster
VHT doesn't work unless HT is enabled, apparently
2024-02-11 15:38:19 +00:00
Daniel Barlow 86d19c54b3 turris omnia kernel: add RTC, i2c mux, eeprom 2024-02-09 22:34:46 +00:00
Daniel Barlow aca3e11631 firewall: make ipv4 work 2024-02-08 23:15:48 +00:00
dan 273c66b2d3 Merge pull request 'Add support for TP-Link Archer AX23' (#6) from raboof/liminix:add-archer-ax23-v1-bak into main
Reviewed-on: dan/liminix#6
2024-02-08 17:47:46 +00:00
Daniel Barlow 87f6a31a06 improve firewall log format 2024-02-08 17:21:26 +00:00
Daniel Barlow a9ea01428e firewall: don't drop in conntrack rule
as there are other rules following that might want to accept
2024-02-08 17:20:39 +00:00
Daniel Barlow 92b0bec038 rotuer: add schnapps and the rest of the lan interfaces 2024-02-07 23:48:10 +00:00
Daniel Barlow 82537bbe68 delete commented-out code 2024-02-07 23:47:38 +00:00
Daniel Barlow efb29c5901 demo-firewall: add some rules for ipv4 2024-02-07 23:47:09 +00:00
Daniel Barlow 29e61be26c rotuer: get lan rfc1918 prefix from secrets 2024-02-07 23:46:16 +00:00
Daniel Barlow 6f1f9d6f20 firewall: fix module loading 2024-02-07 23:43:41 +00:00
Daniel Barlow 34291292c0 fix dependency on kernel moduels in firewall service 2024-02-07 16:21:14 +00:00
Daniel Barlow c9e4c1b0da kernel-modules: use linuxArch instead of case expression 2024-02-07 16:20:34 +00:00
Daniel Barlow 891d6e5f20 thenk 2024-02-05 19:20:13 +00:00
dan c4041b00f6 Merge pull request 'docs: add hardware recommendation' (#2) from raboof/liminix:hardware-recommendations into main
Reviewed-on: dan/liminix#2
2024-02-05 15:56:07 +00:00
Daniel Barlow f875622100 improve formatting 2024-02-04 18:24:01 +00:00
Daniel Barlow 49ec4a2961 installation instructions for Turris Omnia
feels like a milestone, or at least a big step towards one
2024-02-04 18:20:04 +00:00
Daniel Barlow c8154a2db9 kernel: add "conditional" config
imagine: you are using a device that requires
CONFIG_MYDEVICE_FROBOZZ_DRIVER but only if CONFIG_FROBOZZ has been
specified elsewhere. Because we check that every requested config
symbol actually appears in .config then it can't be added
unconditionally or the build will fail if CONFIG_FROBOZZ wasn't asked
for.

I'm not 100% happy about this design but it's the best I've thought of
so far.
2024-02-04 18:12:15 +00:00
Daniel Barlow 02cf2c6b80 add ssh keys in recovry image 2024-02-04 18:10:58 +00:00
Daniel Barlow b0709a6443 systemconfig: fix missing backslashes on env vars 2024-02-04 17:19:03 +00:00
Daniel Barlow 86f5c9b568 schnapps needs util-linux for mount
specifically, it expects mount /dev/foo -o blah /dest to work,
but busybox mount expects options to precede all the other
command line args
2024-02-04 15:50:25 +00:00
Daniel Barlow ef707de8b1 add extlinux in recovery example
this needlessly bloats the TFTP image, which is a shame, but is
needed for installing onto usb stick
2024-02-02 19:51:41 +00:00
Daniel Barlow 89c88dd472 specify type for rootDevice module option 2024-02-02 19:50:13 +00:00
Daniel Barlow c1ad139310 whitespace 2024-02-02 19:43:34 +00:00
Daniel Barlow f682b26c29 omnia seems very fussy about tftp load address
when loading with 0x1000000 base address, something was getting
corrupted in the uncompressed rootfs

$ head -c $(printf "%d" 0x2be0000) rootfs | sha1sum
142571fe0436c18191727d1d4c2fd32163c1f2e1  -
=> sha1sum 0x1000000 2be0000
sha1 for 01000000 ... 03bdffff ==> 142571fe0436c18191727d1d4c2fd32163c1f2e1

but!

$  head -c $(printf "%d" 0x2bf0000) rootfs | sha1sum
7aa004ba87c6772bade491fbade164e2dfe100f9  -
=> sha1sum 0x1000000 2bf0000
sha1 for 01000000 ... 03beffff ==> 1a0923a94784d0c0b86006c5e6fff1649770dad3
2024-02-02 19:36:11 +00:00
Arnout Engelen d5026c2074
docs: add hardware recommendation
Also add infrastructure to also generate the supported hardware
page when building the docs locally
2024-01-04 14:35:00 +01:00
1713 changed files with 12740 additions and 1800 deletions

1
.gitignore vendored
View File

@ -6,3 +6,4 @@ result-*
_build
*-secrets.nix
examples/static-leases.nix
/doc/hardware.rst

82
NEWS
View File

@ -31,5 +31,87 @@ Upstream changes that have led to incompatible Liminix changes are:
* newer U-Boot version
* util-linux can now be built (previously depended on systemd)
2024-01-30
New port! Thanks to Arnout Engelen <arnout@bzzt.net>, Liminix
now runs on the TP-Link Archer AX23.
2024-02-12
* We now build wifi drivers (mac80211) from the same kernel source as
the running kernel, instead of using drivers from the linux-backports
project. This may be a regression on some devices that depend on
OpenWrt patches for wireless functionality: if you have a device that
used to work and now doesn't, refer to OpenWrt
package/kernel/mac80211/patches/ to see if there's something in there
that needs to be applied.
* in general, we build kernel modules (e.g. for nftables) at the same
time as the kernel itself instead of expecting to be able to build
them afterwards as though they were "out of tree". Refer to commit
b9c0d93670275e69df24902b05bf4aa4f0fcbe96 for a fuller explanation
of how this simplifies things.
2024-02-13
So that we can be more consistent about services that would like their
state to be preserved across boots (assuming a writable filesystem)
these changes have been made
* /run/service-state has been moved to /run/services/outputs
to better reflect what it's used for
* /run/services/state is either a symlink to /persist/services/state
(if there's a writeable fs on /persist) or a directory (if there
isn't)
The change will lose your ssh host key(s) unless you copy them from
the old location to the new one before rebooting into the new system
mkdir -m 02751 -p /run/services/state/dropbear
cp /persist/secrets/dropbear/* /run/services/state/dropbear
The `output`, `mkoutputs` functions defined by ${serviceFns}
have been updated for the new location.
2024-02-16
New (or at least, previously unreported) port! Liminix now runs on the
Turris Omnia and has been serving my family's internet needs for most
of this week. Thanks to NGI0 Entrust and the NLnet Foundation for
sponsoring this development (and funding the hardware)
2024-02-21
New port! Thanks to Raito Bezarius, Liminix now runs on the Zyxel NWA50AX,
an MT7621 (MIPS EL) dual radio WiFi AP.
2024-04-29
The setup for using `levitate` has changed: now it accepts an entire
config fragment, not just a list of services. Hopefully this makes it
a bit more useful :-)
defaultProfile.packages = with pkgs; [
...
(levitate.override {
config = {
services = {
inherit (config.services) dhcpc sshd watchdog;
};
defaultProfile.packages = [ mtdutils ];
users.root.openssh.authorizedKeys.keys = secrets.root.keys;
};
})
];
2024-07-16
* structured parameters are available for the pppoe service
* The "wan" configuration in modules/profiles/gateway.nix has changed:
instead of passing options that are used to create a pppoe interface,
callers should create a (pppoe or other) interface and pass that as
the value of profile.gateway.wan. For the pppoe case this is now only
very slightly more verbose, and it allows using the gateway profile
with other kinds of upstream.

View File

@ -33,7 +33,7 @@ functioning version, see [the CI system](https://build.liminix.org/jobset/limini
Documentation is in the [doc](doc/) directory. You can build it
by running
nix-shell -p sphinx --run "make -C doc html"
nix-shell -p sphinx --run "make -C doc hardware.rst html"
Rendered documentation corresponding to the latest commit on `main`
is published to [https://www.liminix.org/doc/](https://www.liminix.org/doc/)

File diff suppressed because it is too large Load Diff

20
boot.expect Normal file
View File

@ -0,0 +1,20 @@
# This is for use with minicom, but needs you to configure it to
# use expect as its "Script program" instead of runscript. Try
# Ctrl+A O -> Filenames and paths -> D
log_user 0
log_file -a -open stderr
set f [open "result/boot.scr"]
send "version\r"
set timeout 60
while {[gets $f line] >= 0} {
puts stderr "next line $line\r"
puts stderr "waiting for prompt\r"
expect {
"ath>" {}
"BusyBox" { puts stderr "DONE"; exit 0 }
}
send "$line\r\n"
}
puts stderr "done\r\n"
close $f

View File

@ -4,6 +4,10 @@ let
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
in {
options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
};
l2tp = {
host = mkOption {
description = mdDoc ''
@ -51,18 +55,17 @@ in {
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
];
config = {
boot.kernelParams = [
"loglevel=9"
];
boot.kernelParams = [ "loglevel=9" ];
systemd.services.pppoe =
let conf = pkgs.writeText "kpppoed.toml"
''
interface_name = "eth1"
services = [ "myservice" ]
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0"
'';
in {
let
conf = pkgs.writeText "kpppoed.toml" ''
interface_name = "eth1"
services = [ "myservice" ]
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0"
'';
in
{
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
@ -76,24 +79,46 @@ in {
};