forked from dan/liminix
Compare commits
11 Commits
main
...
module-bas
Author | SHA1 | Date | |
---|---|---|---|
b326b685de | |||
d7209f33c8 | |||
999a11f89c | |||
27c9bd9707 | |||
540d2fcf87 | |||
d1fea06959 | |||
5e37f2b99a | |||
d83f8716ea | |||
83c451dd8f | |||
fbec31be79 | |||
6ae062f5e4 |
1
.gitignore
vendored
1
.gitignore
vendored
@ -5,4 +5,3 @@ result-*
|
||||
*.qcow2
|
||||
_build
|
||||
*-secrets.nix
|
||||
examples/static-leases.nix
|
||||
|
27
NEWS
27
NEWS
@ -1,27 +0,0 @@
|
||||
A brief guide to backward-incompatible changes
|
||||
that are likely to break configurations or workflows
|
||||
|
||||
2023-07-13
|
||||
|
||||
* a significant re-arrangement of modules and services, which will
|
||||
probably break any configuration written before this time. For a
|
||||
detailed explanation, see
|
||||
https://www.liminix.org/doc/configuration.html#modules
|
||||
|
||||
2023-12-10
|
||||
|
||||
* configurations (usually) need no longer import modules from
|
||||
modules/outputs because devices are expected to do this instead. This
|
||||
change is because the outputs that make sense in any given context are
|
||||
usually a property of the device being installed onto.
|
||||
|
||||
2023-12-11
|
||||
|
||||
* rename outputs.flashimage to outputs.mtdimage (and also diskimage to
|
||||
mbrimage). This change is made in the expectation that "fooimage" is
|
||||
the name of an outputs that gloms together other filesystem-like
|
||||
outputs with some kind of partition table - so we might in future have
|
||||
gptimage or lvmimage or ubimage.
|
||||
|
||||
|
||||
|
20
README.md
20
README.md
@ -18,14 +18,22 @@ outside word goes across it.
|
||||
|
||||
Liminix is pre-1.0. We are still finding new and better ways to do things,
|
||||
and there is no attempt to maintain backward compatibility with the old
|
||||
ways.
|
||||
ways. This will change when it settles down.
|
||||
|
||||
The [NEWS](NEWS) file (available wherever you found this README) is
|
||||
a high-level overview of breaking changes.
|
||||
_In general:_ development mostly happens on the `main` branch, which is
|
||||
therefore not guaranteed to build or to work on every commit. For the
|
||||
latest functioning version, see [the CI system](https://build.liminix.org/jobset/liminix/build) and pick a revision with all jobs green.
|
||||
|
||||
Development mostly happens on the `main` branch, which is therefore
|
||||
not guaranteed to build or to work on every commit. For the latest
|
||||
functioning version, see [the CI system](https://build.liminix.org/jobset/liminix/build) and pick a revision with all jobs green.
|
||||
_In particular:_ as of July 2023, a significant re-arrangement of
|
||||
modules and services is ongoing:
|
||||
|
||||
* if you are using out-of-tree configurations created before commit
|
||||
2e50368, especially if they reference things under pkgs.liminix,
|
||||
they will need updating. Look at changes to examples/rotuer.nix
|
||||
for guidance
|
||||
|
||||
* the same is intermittently true for examples/{extensino,arhcive}.nix
|
||||
where I've updated rotuer and not updated them to match.
|
||||
|
||||
|
||||
## Documentation
|
||||
|
1644
THOUGHTS.txt
1644
THOUGHTS.txt
File diff suppressed because it is too large
Load Diff
@ -99,16 +99,14 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
environment.systemPackages =
|
||||
let wireshark-nogui = pkgs.wireshark.override { withQt = false ; };
|
||||
in with pkgs; [
|
||||
tcpdump
|
||||
wireshark-nogui
|
||||
socat
|
||||
tufted
|
||||
iptables
|
||||
usbutils
|
||||
];
|
||||
environment.systemPackages = with pkgs; [
|
||||
tcpdump
|
||||
wireshark
|
||||
socat
|
||||
tufted
|
||||
iptables
|
||||
usbutils
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
networking = {
|
||||
hostName = "border";
|
||||
|
64
ci.nix
64
ci.nix
@ -8,10 +8,7 @@ let
|
||||
pkgs = (import nixpkgs {});
|
||||
borderVmConf = ./bordervm.conf-example.nix;
|
||||
inherit (pkgs.lib.attrsets) genAttrs;
|
||||
devices = [
|
||||
"gl-ar750" "gl-mt300n-v2" "gl-mt300a"
|
||||
"qemu" "qemu-aarch64" "qemu-armv7l"
|
||||
];
|
||||
devices = [ "qemu" "gl-ar750" "gl-mt300n-v2" "gl-mt300a" ];
|
||||
vanilla = ./vanilla-configuration.nix;
|
||||
for-device = name:
|
||||
(import liminix {
|
||||
@ -21,50 +18,33 @@ let
|
||||
}).outputs.default;
|
||||
tests = import ./tests/ci.nix;
|
||||
jobs =
|
||||
(genAttrs devices for-device) //
|
||||
(genAttrs devices (name: for-device name)) //
|
||||
tests //
|
||||
{
|
||||
buildEnv = (import liminix {
|
||||
inherit nixpkgs borderVmConf;
|
||||
inherit nixpkgs borderVmConf;
|
||||
device = import (liminix + "/devices/qemu");
|
||||
liminix-config = vanilla;
|
||||
}).buildEnv;
|
||||
doc =
|
||||
let json =
|
||||
(import liminix {
|
||||
inherit nixpkgs borderVmConf;
|
||||
device = import (liminix + "/devices/qemu");
|
||||
liminix-config = {...} : {
|
||||
imports = [ ./modules/all-modules.nix ];
|
||||
};
|
||||
}).outputs.optionsJson;
|
||||
installers = map (f: "system.outputs.${f}") [
|
||||
"vmroot"
|
||||
"mtdimage"
|
||||
"ubimage"
|
||||
];
|
||||
inherit (pkgs.lib) concatStringsSep;
|
||||
in pkgs.stdenv.mkDerivation {
|
||||
name = "liminix-doc";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
gnumake sphinx fennel luaPackages.lyaml
|
||||
];
|
||||
src = ./.;
|
||||
buildPhase = ''
|
||||
cat ${json} | fennel --correlate doc/parse-options.fnl > doc/modules-generated.rst
|
||||
cat ${json} | fennel --correlate doc/parse-options-outputs.fnl > doc/outputs-generated.rst
|
||||
cp ${(import ./doc/hardware.nix)} doc/hardware.rst
|
||||
make -C doc html
|
||||
'';
|
||||
installPhase = ''
|
||||
mkdir -p $out/nix-support $out/share/doc/
|
||||
cd doc
|
||||
cp *-generated.rst $out
|
||||
ln -s ${json} $out/options.json
|
||||
cp -a _build/html $out/share/doc/liminix
|
||||
echo "file source-dist \"$out/share/doc/liminix\"" \
|
||||
> $out/nix-support/hydra-build-products
|
||||
'';
|
||||
doc = pkgs.stdenv.mkDerivation {
|
||||
name = "liminix-doc";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
gnumake sphinx
|
||||
fennel luaPackages.lyaml
|
||||
];
|
||||
src = ./doc;
|
||||
buildPhase = ''
|
||||
cat ${(import ./doc/extract-options.nix).doc} > options.json
|
||||
cat options.json | fennel --correlate parse-options.fnl > modules.rst
|
||||
make html
|
||||
'';
|
||||
installPhase = ''
|
||||
mkdir -p $out/nix-support $out/share/doc/
|
||||
cp modules.rst options.json $out
|
||||
cp -a _build/html $out/share/doc/liminix
|
||||
echo "file source-dist \"$out/share/doc/liminix\"" \
|
||||
> $out/nix-support/hydra-build-products
|
||||
'';
|
||||
};
|
||||
with-unstable = (import liminix {
|
||||
nixpkgs = unstable;
|
||||
|
16
default.nix
16
default.nix
@ -13,14 +13,13 @@ let
|
||||
allowUnsupportedSystem = true; # mipsel
|
||||
permittedInsecurePackages = [
|
||||
"python-2.7.18.6" # kernel backports needs python <3
|
||||
"python-2.7.18.7"
|
||||
];
|
||||
};
|
||||
});
|
||||
|
||||
eval = pkgs.lib.evalModules {
|
||||
config = (pkgs.lib.evalModules {
|
||||
modules = [
|
||||
{ _module.args = { inherit pkgs; inherit (pkgs) lim; }; }
|
||||
{ _module.args = { inherit pkgs; lib = pkgs.lib; }; }
|
||||
./modules/hardware.nix
|
||||
./modules/base.nix
|
||||
./modules/busybox.nix
|
||||
@ -31,8 +30,7 @@ let
|
||||
./modules/users.nix
|
||||
./modules/outputs.nix
|
||||
];
|
||||
};
|
||||
config = eval.config;
|
||||
}).config;
|
||||
|
||||
borderVm = ((import <nixpkgs/nixos/lib/eval-config.nix>) {
|
||||
system = builtins.currentSystem;
|
||||
@ -45,12 +43,6 @@ let
|
||||
in {
|
||||
outputs = config.system.outputs // {
|
||||
default = config.system.outputs.${config.hardware.defaultOutput};
|
||||
optionsJson =
|
||||
let o = import ./doc/extract-options.nix {
|
||||
inherit pkgs eval;
|
||||
lib = pkgs.lib;
|
||||
};
|
||||
in pkgs.writeText "options.json" (builtins.toJSON o);
|
||||
};
|
||||
|
||||
# this is just here as a convenience, so that we can get a
|
||||
@ -62,7 +54,7 @@ in {
|
||||
tufted
|
||||
routeros.routeros
|
||||
routeros.ros-exec-script
|
||||
run-liminix-vm
|
||||
mips-vm
|
||||
borderVm.build.vm
|
||||
go-l2tp
|
||||
min-copy-closure
|
||||
|
@ -1,230 +0,0 @@
|
||||
{
|
||||
description = ''
|
||||
Belkin RT-3200 / Linksys E8450
|
||||
******************************
|
||||
|
||||
This device is based on a 64 bit Mediatek MT7622 ARM platform,
|
||||
and is "work in progress" in Liminix.
|
||||
|
||||
.. note:: The factory flash image contains ECC errors that make it
|
||||
incompatible with Liminix: you need to use the `OpenWrt
|
||||
UBI Installer <https://github.com/dangowrt/owrt-ubi-installer>`_ to
|
||||
rewrite the partition layout before you can flash
|
||||
Liminix onto it (or even use it with
|
||||
:ref:`system-outputs-tftpboot`, if you want the wireless
|
||||
to work).
|
||||
|
||||
Hardware summary
|
||||
================
|
||||
|
||||
- MediaTek MT7622BV (1350MHz)
|
||||
- 128MB NAND flash
|
||||
- 512MB RAM
|
||||
- b/g/n wireless using MediaTek MT7622BV (MT7615E driver)
|
||||
- a/n/ac/ax wireless using MediaTek MT7915E
|
||||
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
Installation is currently a manual process (you need a :ref:`serial <serial>` conection and
|
||||
TFTP) following the instructions at :ref:`system-outputs-ubimage`
|
||||
|
||||
'';
|
||||
|
||||
system = {
|
||||
crossSystem = {
|
||||
config = "aarch64-unknown-linux-musl";
|
||||
};
|
||||
};
|
||||
|
||||
module = {pkgs, config, lib, lim, ... }:
|
||||
let firmware = pkgs.stdenv.mkDerivation {
|
||||
name = "wlan-firmware";
|
||||
phases = ["installPhase"];
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp ${pkgs.linux-firmware}/lib/firmware/mediatek/{mt7915,mt7615,mt7622}* $out
|
||||
'';
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../../modules/arch/aarch64.nix
|
||||
../../modules/outputs/tftpboot.nix
|
||||
../../modules/outputs/ubifs.nix
|
||||
];
|
||||
config = {
|
||||
kernel = {
|
||||
src = pkgs.pkgsBuildBuild.fetchurl {
|
||||
name = "linux.tar.gz";
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.71.tar.gz";
|
||||
hash = "sha256-yhO2cXIeIgUxkSZf/4aAsF11uxyh+UUZu6D1h92vCD8=";
|
||||
};
|
||||
extraPatchPhase = ''
|
||||
${pkgs.openwrt.applyPatches.mediatek}
|
||||
'';
|
||||
config = {
|
||||
PCI = "y";
|
||||
ARCH_MEDIATEK = "y";
|
||||
# ARM_MEDIATEK_CPUFREQ = "y";
|
||||
|
||||
# needed for "Cannot find regmap for /infracfg@10000000"
|
||||
MFD_SYSCON = "y";
|
||||
MTK_INFRACFG = "y";
|
||||
|
||||
MTK_PMIC_WRAP = "y";
|
||||
MTK_EFUSE="y";
|
||||
# MTK_HSDMA="y";
|
||||
MTK_SCPSYS="y";
|
||||
MTK_SCPSYS_PM_DOMAINS="y";
|
||||
# MTK_THERMAL="y";
|
||||
MTK_TIMER="y";
|
||||
|
||||
COMMON_CLK_MT7622 = "y";
|
||||
COMMON_CLK_MT7622_ETHSYS = "y";
|
||||
COMMON_CLK_MT7622_HIFSYS = "y";
|
||||
COMMON_CLK_MT7622_AUDSYS = "y";
|
||||
PM_CLK="y";
|
||||
|
||||
REGMAP_MMIO = "y";
|
||||
CLKSRC_MMIO = "y";
|
||||
REGMAP = "y";
|
||||
|
||||
MEDIATEK_GE_PHY = "y";
|
||||
# MEDIATEK_MT6577_AUXADC = "y";
|
||||
# MEDIATEK_WATCHDOG = "y";
|
||||
NET_MEDIATEK_SOC = "y";
|
||||
NET_MEDIATEK_SOC_WED = "y";
|
||||
NET_MEDIATEK_STAR_EMAC = "y"; # this enables REGMAP_MMIO
|
||||
NET_VENDOR_MEDIATEK = "y";
|
||||
PCIE_MEDIATEK = "y";
|
||||
|
||||
BLOCK = "y"; # move this to base option
|
||||
|
||||
SPI_MASTER = "y";
|
||||
SPI = "y";
|
||||
SPI_MEM="y";
|
||||
SPI_MTK_NOR="y";
|
||||
SPI_MTK_SNFI = "y";
|
||||
|
||||
MTD = "y";
|
||||
MTD_BLOCK = "y";
|
||||
MTD_RAW_NAND = "y";
|
||||
MTD_NAND_MTK = "y";
|
||||
MTD_NAND_MTK_BMT = "y"; # Bad-block Management Table
|
||||
MTD_NAND_ECC_MEDIATEK= "y";
|
||||
MTD_NAND_ECC_SW_HAMMING= "y";
|
||||
MTD_SPI_NAND= "y";
|
||||
MTD_OF_PARTS = "y";
|
||||
MTD_NAND_CORE= "y";
|
||||
MTD_SPI_NOR= "y";
|
||||
MTD_SPLIT_FIRMWARE= "y";
|
||||
MTD_SPLIT_FIT_FW= "y";
|
||||
|
||||
|
||||
MMC = "y";
|
||||
MMC_BLOCK = "y";
|
||||
MMC_CQHCI = "y";
|
||||
MMC_MTK = "y";
|
||||
|
||||
# Distributed Switch Architecture is needed
|
||||
# to make the ethernet ports visible
|
||||
NET_DSA="y";
|
||||
NET_DSA_MT7530="y";
|
||||
NET_DSA_TAG_MTK="y";
|
||||
|
||||
PSTORE = "y";
|
||||
PSTORE_RAM = "y";
|
||||
PSTORE_CONSOLE = "y";
|
||||
PSTORE_DEFLATE_COMPRESS = "n";
|
||||
|
||||
SERIAL_8250 = "y";
|
||||
SERIAL_8250_CONSOLE = "y";
|
||||
SERIAL_8250_MT6577="y";
|
||||
# SERIAL_8250_NR_UARTS="3";
|
||||
# SERIAL_8250_RUNTIME_UARTS="3";
|
||||
SERIAL_OF_PLATFORM="y";
|
||||
};
|
||||
};
|
||||
boot = {
|
||||
commandLine = [ "console=ttyS0,115200" ];
|
||||
tftp.loadAddress = lim.parseInt "0x4007ff28";
|
||||
imageFormat = "fit";
|
||||
};
|
||||
filesystem =
|
||||
let inherit (pkgs.pseudofile) dir symlink;
|
||||
in
|
||||
dir {
|
||||
lib = dir {
|
||||
firmware = dir {
|
||||
mediatek = symlink firmware;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hardware =
|
||||
let
|
||||
openwrt = pkgs.openwrt;
|
||||
mac80211 = pkgs.mac80211.override {
|
||||
drivers = [
|
||||
"mt7615e"
|
||||
"mt7915e"
|
||||
];
|
||||
klibBuild = config.system.outputs.kernel.modulesupport;
|
||||
};
|
||||
in {
|
||||
ubi = {
|
||||
minIOSize = "2048";
|
||||
eraseBlockSize = "126976";
|
||||
maxLEBcount = "1024"; # guessing
|
||||
};
|
||||
|
||||
defaultOutput = "ubimage";
|
||||
# the kernel expects this to be on a 2MB boundary. U-Boot
|
||||
# (I don't know why) has a default of 0x41080000, which isn't.
|
||||
# We put it at the 32MB mark so that tftpboot can put its rootfs
|
||||
# image and DTB underneath, but maybe this is a terrible waste of
|
||||
# RAM unless the kernel is able to reuse it later. Oh well
|
||||
loadAddress = lim.parseInt "0x42000000";
|
||||
entryPoint = lim.parseInt "0x42000000";
|
||||
rootDevice = "ubi0:liminix";
|
||||
dts = {
|
||||
src = "${openwrt.src}/target/linux/mediatek/dts/mt7622-linksys-e8450-ubi.dts";
|
||||
includes = [
|
||||
"${openwrt.src}/target/linux/mediatek/dts"
|
||||
"${config.system.outputs.kernel.modulesupport}/arch/arm64/boot/dts/mediatek/"
|
||||
];
|
||||
};
|
||||
|
||||
# - 0x000000000000-0x000008000000 : "spi-nand0"
|
||||
# - 0x000000000000-0x000000080000 : "bl2"
|
||||
# - 0x000000080000-0x0000001c0000 : "fip"
|
||||
# - 0x0000001c0000-0x0000002c0000 : "factory"
|
||||
# - 0x0000002c0000-0x000000300000 : "reserved"
|
||||
# - 0x000000300000-0x000008000000 : "ubi"
|
||||
|
||||
networkInterfaces =
|
||||
let
|
||||
inherit (config.system.service.network) link;
|
||||
inherit (config.system.service) bridge;
|
||||
in rec {
|
||||
wan = link.build { ifname = "wan"; };
|
||||
lan1 = link.build { ifname = "lan1"; };
|
||||
lan2 = link.build { ifname = "lan2"; };
|
||||
lan3 = link.build { ifname = "lan3"; };
|
||||
lan4 = link.build { ifname = "lan4"; };
|
||||
lan = lan3;
|
||||
|
||||
wlan = link.build {
|
||||
ifname = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
wlan5 = link.build {
|
||||
ifname = "wlan1";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../modules/outputs/jffs2.nix
|
||||
];
|
||||
config = {
|
||||
kernel = {
|
||||
src = pkgs.pkgsBuildBuild.fetchurl {
|
||||
name = "linux.tar.gz";
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.71.tar.gz";
|
||||
hash = "sha256-yhO2cXIeIgUxkSZf/4aAsF11uxyh+UUZu6D1h92vCD8=";
|
||||
};
|
||||
config = {
|
||||
MTD = "y";
|
||||
MTD_BLOCK = "y";
|
||||
MTD_CMDLINE_PARTS = "y";
|
||||
MTD_PHRAM = "y";
|
||||
|
||||
VIRTIO_MENU = "y";
|
||||
PCI = "y";
|
||||
VIRTIO_PCI = "y";
|
||||
BLOCK = "y";
|
||||
VIRTIO_BLK = "y";
|
||||
VIRTIO_NET = "y";
|
||||
};
|
||||
};
|
||||
hardware =
|
||||
let
|
||||
mac80211 = pkgs.mac80211.override {
|
||||
drivers = ["mac80211_hwsim"];
|
||||
klibBuild = config.system.outputs.kernel.modulesupport;
|
||||
};
|
||||
in {
|
||||
defaultOutput = "vmroot";
|
||||
rootDevice = "/dev/mtdblock0";
|
||||
dts.src = pkgs.lib.mkDefault null;
|
||||
flash.eraseBlockSize = 65536;
|
||||
networkInterfaces =
|
||||
let inherit (config.system.service.network) link;
|
||||
in {
|
||||
wan = link.build {
|
||||
devpath = "/devices/pci0000:00/0000:00:13.0/virtio0";
|
||||
ifname = "wan";
|
||||
};
|
||||
lan = link.build {
|
||||
devpath = "/devices/pci0000:00/0000:00:14.0/virtio1";
|
||||
ifname = "lan";
|
||||
};
|
||||
|
||||
wlan_24 = link.build {
|
||||
ifname = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,3 +1,11 @@
|
||||
|
||||
# I like GL.iNet devices because they're relatively accessible to
|
||||
# DIY users: the serial port connections have headers preinstalled
|
||||
# and don't need soldering
|
||||
|
||||
# Mainline linux 5.19 doesn't have device-tree support for this device
|
||||
# or even for the SoC, so we use the extensive OpenWrt kernel patches
|
||||
|
||||
{
|
||||
system = {
|
||||
crossSystem = {
|
||||
@ -10,49 +18,27 @@
|
||||
};
|
||||
|
||||
description = ''
|
||||
GL.iNet GL-AR750
|
||||
****************
|
||||
|
||||
Hardware summary
|
||||
================
|
||||
|
||||
The GL-AR750 "Creta" travel router features:
|
||||
|
||||
GL.INet GL-AR750 "Creta" travel router
|
||||
- QCA9531 @650Mhz SoC
|
||||
- dual band wireless: IEEE 802.11a/b/g/n/ac
|
||||
- two 10/100Mbps LAN ports and one WAN
|
||||
- 128MB DDR2 RAM
|
||||
- 16MB NOR Flash
|
||||
- supported in OpenWrt by the "ath79" SoC family
|
||||
- 128MB DDR2 RAM / 16MB NOR Flash
|
||||
- "ath79" soc family
|
||||
https://www.gl-inet.com/products/gl-ar750/
|
||||
|
||||
The GL-AR750 has two distinct sets of wifi hardware. The 2.4GHz
|
||||
radio is part of the QCA9531 SoC, i.e. it's on the same silicon as
|
||||
the CPU, the Ethernet, the USB etc. The device is connected to the
|
||||
host via `AHB <https://en.wikipedia.org/wiki/Advanced_Microcontroller_Bus_Architecture>`_ and it is
|
||||
supported in Linux using the ath9k driver. 5GHz wifi
|
||||
is provided by a QCA9887 PCIe (PCI embedded) WLAN chip,
|
||||
host via AHB, the "Advanced High-Performance Bus" and it is
|
||||
supported in Linux using the ath9k driver. The 5GHz support, on the
|
||||
other hand, is provided by a QCA9887 PCIe (PCI embedded) WLAN chip:
|
||||
I haven't looked closely at the router innards to see if this is
|
||||
actually physically a separate board that could be unplugged, but
|
||||
as far as the Linux is concerned it behaves as one. This is
|
||||
supported by the ath10k driver.
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
As with many GL.iNet devices, the stock vendor firmware
|
||||
is a fork of OpenWrt, meaning that the binary created by
|
||||
:ref:`system-outputs-mtdimage` can be flashed using the
|
||||
vendor web UI or the U-Boot emergency "unbrick" routine.
|
||||
|
||||
For flashing from an existing Liminix system (we believe that) it
|
||||
is necessary to first boot into a :ref:`system-outputs-kexecboot`
|
||||
system, otherwise you'll be overwriting flash partitions while
|
||||
they're in use - and that might not end well.
|
||||
|
||||
Vendor web page: https://www.gl-inet.com/products/gl-ar750/
|
||||
|
||||
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-ar750
|
||||
|
||||
'';
|
||||
|
||||
module = {pkgs, config, lim, ... }:
|
||||
module = {pkgs, config, ... }:
|
||||
let
|
||||
openwrt = pkgs.openwrt;
|
||||
firmwareBlobs = pkgs.pkgsBuildBuild.fetchFromGitHub {
|
||||
@ -77,8 +63,8 @@
|
||||
};
|
||||
ath10k_cal_data =
|
||||
let
|
||||
offset = lim.parseInt "0x5000";
|
||||
size = lim.parseInt "0x844";
|
||||
offset = 1024 * 20; # 0x5000
|
||||
size = 2048 + 68; # 0x844
|
||||
in pkgs.liminix.services.oneshot rec {
|
||||
name = "ath10k_cal_data";
|
||||
up = ''
|
||||
@ -89,29 +75,24 @@
|
||||
dd if=/dev/$part of=data iflag=skip_bytes,fullblock bs=${toString size} skip=${toString offset} count=1
|
||||
)
|
||||
'';
|
||||
down = "true";
|
||||
};
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
inherit (pkgs.liminix.networking) interface;
|
||||
in {
|
||||
imports = [
|
||||
../../modules/network
|
||||
../../modules/arch/mipseb.nix
|
||||
../../modules/outputs/tftpboot.nix
|
||||
../../modules/outputs/mtdimage.nix
|
||||
../../modules/outputs/jffs2.nix
|
||||
];
|
||||
imports = [ ../../modules/network];
|
||||
|
||||
programs.busybox.options = {
|
||||
FEATURE_DD_IBS_OBS = "y"; # ath10k_cal_data needs skip_bytes,fullblock
|
||||
};
|
||||
hardware = {
|
||||
defaultOutput = "mtdimage";
|
||||
loadAddress = lim.parseInt "0x80060000";
|
||||
entryPoint = lim.parseInt "0x80060000";
|
||||
defaultOutput = "tftpboot";
|
||||
loadAddress = "0x80060000";
|
||||
entryPoint = "0x80060000";
|
||||
flash = {
|
||||
address = lim.parseInt "0x9F060000";
|
||||
size = lim.parseInt "0xfa0000";
|
||||
eraseBlockSize = 65536;
|
||||
address = "0x9F060000";
|
||||
size ="0xfa0000";
|
||||
eraseBlockSize = "65536";
|
||||
};
|
||||
rootDevice = "/dev/mtdblock5";
|
||||
dts = {
|
||||
@ -126,11 +107,11 @@
|
||||
in {
|
||||
lan = link.build { ifname = "eth0"; };
|
||||
wan = link.build { ifname = "eth1"; };
|
||||
wlan = link.build {
|
||||
wlan_24 = link.build {
|
||||
ifname = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
wlan5 = link.build {
|
||||
wlan_5 = link.build {
|
||||
ifname = "wlan1";
|
||||
dependencies = [ mac80211 ath10k_cal_data ];
|
||||
};
|
||||
@ -147,7 +128,7 @@
|
||||
};
|
||||
};
|
||||
boot.tftp = {
|
||||
loadAddress = lim.parseInt "0x00A00000";
|
||||
loadAddress = "0x00A00000";
|
||||
};
|
||||
kernel = {
|
||||
src = pkgs.pkgsBuildBuild.fetchurl {
|
||||
@ -155,15 +136,13 @@
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.71.tar.gz";
|
||||
hash = "sha256-yhO2cXIeIgUxkSZf/4aAsF11uxyh+UUZu6D1h92vCD8=";
|
||||
};
|
||||
|
||||
# Mainline linux 5.19 doesn't have device-tree support for
|
||||
# this device or even for the SoC, so we use the extensive
|
||||
# OpenWrt kernel patches
|
||||
extraPatchPhase = ''
|
||||
${openwrt.applyPatches.ath79}
|
||||
'';
|
||||
|
||||
config = {
|
||||
MIPS_ELF_APPENDED_DTB = "y";
|
||||
OF = "y";
|
||||
USE_OF = "y";
|
||||
ATH79 = "y";
|
||||
PCI = "y";
|
||||
PCI_AR724X = "y";
|
||||
@ -183,6 +162,7 @@
|
||||
CONSOLE_LOGLEVEL_QUIET = "4";
|
||||
|
||||
NET = "y";
|
||||
NETDEVICES = "y";
|
||||
ETHERNET = "y";
|
||||
NET_VENDOR_ATHEROS = "y";
|
||||
AG71XX = "y"; # ethernet (qca,qca9530-eth)
|
||||
@ -190,6 +170,7 @@
|
||||
AR8216_PHY = "y"; # eth1 is behind a switch
|
||||
|
||||
MTD_SPI_NOR = "y";
|
||||
MTD_SPI_NOR_USE_4K_SECTORS = "n"; # jffs2 needs min 8k erase block
|
||||
|
||||
SPI_ATH79 = "y"; # these are copied from OpenWrt.
|
||||
SPI_MASTER= "y"; # At least one of them is necessary
|
||||
@ -206,18 +187,25 @@
|
||||
SYSFS = "y";
|
||||
SPI = "y";
|
||||
MTD = "y";
|
||||
MTD_CMDLINE_PARTS = "y";
|
||||
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_devs
|
||||
|
||||
WATCHDOG = "y";
|
||||
ATH79_WDT = "y"; # watchdog timer
|
||||
|
||||
CPU_BIG_ENDIAN= "y";
|
||||
|
||||
# this is all copied from nixwrt ath79 config. Clearly not all
|
||||
# of it is device config, some of it is wifi config or
|
||||
# installation method config or ...
|
||||
|
||||
CMDLINE_PARTITION = "y";
|
||||
EARLY_PRINTK = "y";
|
||||
|
||||
PARTITION_ADVANCED = "y";
|
||||
PRINTK_TIME = "y";
|
||||
SQUASHFS = "y";
|
||||
SQUASHFS_XZ = "y";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,4 +1,4 @@
|
||||
# GL.iNet GL-MT300A
|
||||
# GL.INet GL-MT300A
|
||||
|
||||
{
|
||||
system = {
|
||||
@ -12,38 +12,13 @@
|
||||
};
|
||||
|
||||
description = ''
|
||||
GL.iNet GL-MT300A
|
||||
*****************
|
||||
|
||||
The GL-MT300A is based on a MT7620 chipset.
|
||||
|
||||
For flashing from U-Boot, the firmware partition is from
|
||||
0xbc050000 to 0xbcfd0000.
|
||||
|
||||
WiFi on this device is provided by the rt2800soc module. It
|
||||
expects firmware to be present in the "factory" MTD partition, so
|
||||
- assuming we want to use the wireless - we need to build MTD
|
||||
support into the kernel even if we're using TFTP root.
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
The stock vendor firmware is a fork of OpenWrt, meaning that the
|
||||
binary created by :ref:`system-outputs-mtdimage` can be flashed
|
||||
using the vendor web UI or the U-Boot emergency "unbrick" routine.
|
||||
|
||||
For flashing from an existing Liminix system (we think) it
|
||||
is necessary to first boot into a :ref:`system-outputs-kexecboot`
|
||||
system, otherwise you'll be overwriting flash partitions while
|
||||
they're in use - and that might not end well.
|
||||
|
||||
Vendor web page: https://www.gl-inet.com/products/gl-mt300a/
|
||||
|
||||
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300a
|
||||
|
||||
support into the kernel even if we're using TFTP root
|
||||
'';
|
||||
|
||||
module = { pkgs, config, lib, lim, ...}:
|
||||
module = { pkgs, config, ...}:
|
||||
let
|
||||
inherit (pkgs.liminix.networking) interface;
|
||||
inherit (pkgs) openwrt;
|
||||
@ -51,17 +26,11 @@
|
||||
drivers = ["rt2800soc"];
|
||||
klibBuild = config.system.outputs.kernel.modulesupport;
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../../modules/arch/mipsel.nix
|
||||
../../modules/outputs/tftpboot.nix
|
||||
../../modules/outputs/mtdimage.nix
|
||||
../../modules/outputs/jffs2.nix
|
||||
];
|
||||
in {
|
||||
hardware = {
|
||||
defaultOutput = "mtdimage";
|
||||
loadAddress = lim.parseInt "0x80000000";
|
||||
entryPoint = lim.parseInt "0x80000000";
|
||||
defaultOutput = "tftpboot";
|
||||
loadAddress = "0x80000000";
|
||||
entryPoint = "0x80000000";
|
||||
|
||||
# Creating 5 MTD partitions on "spi0.0":
|
||||
# 0x000000000000-0x000000030000 : "u-boot"
|
||||
@ -74,9 +43,9 @@
|
||||
# 0x000000260000-0x000000f80000 : "rootfs"
|
||||
|
||||
flash = {
|
||||
address = lim.parseInt "0xbc050000";
|
||||
size = lim.parseInt "0xf80000";
|
||||
eraseBlockSize = 65536;
|
||||
address = "0xbc050000";
|
||||
size ="0xf80000";
|
||||
eraseBlockSize = "65536";
|
||||
};
|
||||
rootDevice = "/dev/mtdblock5";
|
||||
|
||||
@ -86,46 +55,31 @@
|
||||
"${openwrt.src}/target/linux/ramips/dts"
|
||||
];
|
||||
};
|
||||
networkInterfaces =
|
||||
let
|
||||
inherit (config.system.service.network) link;
|
||||
inherit (config.system.service) vlan;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
swconfig = oneshot {
|
||||
name = "swconfig";
|
||||
up = ''
|
||||
PATH=${pkgs.swconfig}/bin:$PATH
|
||||
swconfig dev switch0 set reset
|
||||
swconfig dev switch0 set enable_vlan 1
|
||||
swconfig dev switch0 vlan 1 set ports '1 2 3 4 6t'
|
||||
swconfig dev switch0 vlan 2 set ports '0 6t'
|
||||
swconfig dev switch0 set apply
|
||||
'';
|
||||
down = "${pkgs.swconfig}/bin/swconfig dev switch0 set reset";
|
||||
};
|
||||
in rec {
|
||||
eth = link.build { ifname = "eth0"; };
|
||||
# lan and wan ports are both behind a switch on eth0
|
||||
lan = vlan.build {
|
||||
ifname = "eth0.1";
|
||||
primary = eth;
|
||||
vid = "1";
|
||||
dependencies = [swconfig eth];
|
||||
};
|
||||
wan = vlan.build {
|
||||
ifname = "eth0.2";
|
||||
primary = eth;
|
||||
vid = "2";
|
||||
dependencies = [swconfig eth];
|
||||
};
|
||||
wlan = link.build {
|
||||
ifname = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
networkInterfaces = rec {
|
||||
# lan and wan ports are both behind a switch on eth0
|
||||
eth = interface { device = "eth0"; };
|
||||
lan = interface {
|
||||
type = "vlan";
|
||||
device = "eth0.1";
|
||||
link = "eth0";
|
||||
id = "1";
|
||||
dependencies = [eth];
|
||||
};
|
||||
wan = interface {
|
||||
type = "vlan";
|
||||
device = "eth0.2";
|
||||
id = "2";
|
||||
link = "eth0";
|
||||
dependencies = [eth];
|
||||
};
|
||||
wlan = interface {
|
||||
device = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
boot.tftp = {
|
||||
loadAddress = lim.parseInt "0x00A00000";
|
||||
loadAddress = "0x00A00000";
|
||||
};
|
||||
|
||||
kernel = {
|
||||
@ -138,6 +92,9 @@
|
||||
${openwrt.applyPatches.ramips}
|
||||
'';
|
||||
config = {
|
||||
MIPS_ELF_APPENDED_DTB = "y";
|
||||
OF = "y";
|
||||
USE_OF = "y";
|
||||
|
||||
RALINK = "y";
|
||||
PCI = "y";
|
||||
@ -152,12 +109,12 @@
|
||||
CONSOLE_LOGLEVEL_QUIET = "4";
|
||||
|
||||
NET = "y";
|
||||
NETDEVICES = "y";
|
||||
ETHERNET = "y";
|
||||
NET_VENDOR_RALINK = "y";
|
||||
NET_RALINK_MDIO = "y";
|
||||
NET_RALINK_MDIO_MT7620 = "y";
|
||||
NET_RALINK_MT7620 = "y";
|
||||
SWPHY = "y";
|
||||
|
||||
SPI = "y";
|
||||
MTD_SPI_NOR = "y";
|
||||
@ -166,17 +123,34 @@
|
||||
SPI_MASTER= "y";
|
||||
SPI_MEM= "y";
|
||||
|
||||
# both the ethernet ports on this device (lan and wan)
|
||||
# are behind a switch, so we need VLANs to do anything
|
||||
# useful with them
|
||||
|
||||
VLAN_8021Q = "y";
|
||||
SWCONFIG = "y";
|
||||
SWPHY = "y";
|
||||
|
||||
BRIDGE = "y";
|
||||
BRIDGE_VLAN_FILTERING = "y";
|
||||
BRIDGE_IGMP_SNOOPING = "y";
|
||||
|
||||
MTD = "y";
|
||||
MTD_CMDLINE_PARTS = "y";
|
||||
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_devs
|
||||
|
||||
CPU_LITTLE_ENDIAN = "y";
|
||||
|
||||
CMDLINE_PARTITION = "y";
|
||||
EARLY_PRINTK = "y";
|
||||
|
||||
NEW_LEDS = "y";
|
||||
LEDS_CLASS = "y"; # required by rt2x00lib
|
||||
|
||||
PARTITION_ADVANCED = "y";
|
||||
PRINTK_TIME = "y";
|
||||
} // lib.optionalAttrs (config.system.service ? vlan) {
|
||||
SWCONFIG = "y";
|
||||
SQUASHFS = "y";
|
||||
SQUASHFS_XZ = "y";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,3 +1,5 @@
|
||||
# GL.INet GL-MT300N v2
|
||||
|
||||
{
|
||||
system = {
|
||||
crossSystem = {
|
||||
@ -9,34 +11,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
description = ''
|
||||
GL.iNet GL-MT300N-v2
|
||||
********************
|
||||
|
||||
The GL-MT300N-v2 "Mango" is is very similar to the :ref:`MT300A <GL.iNet GL-MT300A>, but is
|
||||
based on the MT7628 chipset instead of MT7620. It's also marginally cheaper
|
||||
and comes in a yellow case not a blue one. Be sure your device is
|
||||
v2 not v1, which is a different animal and has only half as much RAM.
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
The stock vendor firmware is a fork of OpenWrt, meaning that the
|
||||
binary created by :ref:`system-outputs-mtdimage` can be flashed
|
||||
using the vendor web UI or the U-Boot emergency "unbrick" routine.
|
||||
|
||||
For flashing from an existing Liminix system (we think) it
|
||||
is necessary to first boot into a :ref:`system-outputs-kexecboot`
|
||||
system, otherwise you'll be overwriting flash partitions while
|
||||
they're in use - and that might not end well.
|
||||
|
||||
Vendor web page: https://www.gl-inet.com/products/gl-mt300n-v2/
|
||||
|
||||
OpenWrt web page: https://openwrt.org/toh/gl.inet/gl-mt300n_v2
|
||||
|
||||
'';
|
||||
|
||||
module = { pkgs, config, lib, lim, ...}:
|
||||
module = { pkgs, config, ...}:
|
||||
let
|
||||
inherit (pkgs.liminix.networking) interface;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
@ -52,12 +27,6 @@
|
||||
hash = "sha256:1dkhfznmdz6s50kwc841x3wj0h6zg6icg5g2bim9pvg66as2vmh9";
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../../modules/arch/mipsel.nix
|
||||
../../modules/outputs/tftpboot.nix
|
||||
../../modules/outputs/mtdimage.nix
|
||||
../../modules/outputs/jffs2.nix
|
||||
];
|
||||
filesystem = dir {
|
||||
lib = dir {
|
||||
firmware = dir {
|
||||
@ -66,14 +35,14 @@
|
||||
};
|
||||
};
|
||||
hardware = {
|
||||
defaultOutput = "mtdimage";
|
||||
loadAddress = lim.parseInt "0x80000000";
|
||||
entryPoint = lim.parseInt "0x80000000";
|
||||
defaultOutput = "tftpboot";
|
||||
loadAddress = "0x80000000";
|
||||
entryPoint = "0x80000000";
|
||||
|
||||
flash = {
|
||||
address = lim.parseInt "0xbc050000";
|
||||
size = lim.parseInt "0xfb0000";
|
||||
eraseBlockSize = 65536;
|
||||
address = "0xbc050000";
|
||||
size = "0xfb0000";
|
||||
eraseBlockSize = "65536";
|
||||
};
|
||||
rootDevice = "/dev/mtdblock5";
|
||||
|
||||
@ -83,45 +52,49 @@
|
||||
"${openwrt.src}/target/linux/ramips/dts"
|
||||
];
|
||||
};
|
||||
networkInterfaces =
|
||||
let
|
||||
inherit (config.system.service.network) link;
|
||||
inherit (config.system.service) vlan;
|
||||
swconfig = oneshot {
|
||||
name = "swconfig";
|
||||
up = ''
|
||||
PATH=${pkgs.swconfig}/bin:$PATH
|
||||
swconfig dev switch0 set reset
|
||||
swconfig dev switch0 set enable_vlan 1
|
||||
swconfig dev switch0 vlan 1 set ports '1 2 3 4 6t'
|
||||
swconfig dev switch0 vlan 2 set ports '0 6t'
|
||||
swconfig dev switch0 set apply
|
||||
'';
|
||||
down = "swconfig dev switch0 set reset";
|
||||
};
|
||||
in rec {
|
||||
eth = link.build { ifname = "eth0"; dependencies = [swconfig]; };
|
||||
# lan and wan ports are both behind a switch on eth0
|
||||
lan = vlan.build {
|
||||
ifname = "eth0.1";
|
||||
primary = eth;
|
||||
vid = "1";
|
||||
};
|
||||
wan = vlan.build {
|
||||
ifname = "eth0.2";
|
||||
primary = eth;
|
||||
vid = "2";
|
||||
};
|
||||
wlan = link.build {
|
||||
ifname = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
networkInterfaces = rec {
|
||||
# lan and wan ports are both behind a switch on eth0
|
||||
eth =
|
||||
let swconfig = oneshot {
|
||||
name = "swconfig";
|
||||
up = ''
|
||||
PATH=${pkgs.swconfig}/bin:$PATH
|
||||
swconfig dev switch0 set reset
|
||||
swconfig dev switch0 set enable_vlan 1
|
||||
swconfig dev switch0 vlan 1 set ports '1 2 3 4 6t'
|
||||
swconfig dev switch0 vlan 2 set ports '0 6t'
|
||||
swconfig dev switch0 set apply
|
||||
'';
|
||||
down = "swconfig dev switch0 set reset";
|
||||
};
|
||||
in interface {
|
||||
device = "eth0";
|
||||
dependencies = [swconfig];
|
||||
};
|
||||
lan = interface {
|
||||
type = "vlan";
|
||||
device = "eth0.1";
|
||||
link = "eth0";
|
||||
id = "1";
|
||||
dependencies = [eth];
|
||||
};
|
||||
wan = interface {
|
||||
type = "vlan";
|
||||
device = "eth0.2";
|
||||
id = "2";
|
||||
link = "eth0";
|
||||
dependencies = [eth];
|
||||
};
|
||||
wlan = interface {
|
||||
device = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
boot.tftp = {
|
||||
# 20MB seems to give enough room to uncompress the kernel
|
||||
# without anything getting trodden on. 10MB was too small
|
||||
loadAddress = lim.parseInt "0x1400000";
|
||||
loadAddress = "0x1400000";
|
||||
};
|
||||
|
||||
kernel = {
|
||||
@ -134,10 +107,14 @@
|
||||
${openwrt.applyPatches.ramips}
|
||||
'';
|
||||
config = {
|
||||
MIPS_ELF_APPENDED_DTB = "y";
|
||||
OF = "y";
|
||||
USE_OF = "y";
|
||||
|
||||
RALINK = "y";
|
||||
PCI = "y";
|
||||
SOC_MT7620 = "y";
|
||||
CPU_LITTLE_ENDIAN= "y";
|
||||
|
||||
SERIAL_8250_CONSOLE = "y";
|
||||
SERIAL_8250 = "y";
|
||||
@ -148,6 +125,7 @@
|
||||
CONSOLE_LOGLEVEL_QUIET = "4";
|
||||
|
||||
MTD = "y";
|
||||
MTD_CMDLINE_PARTS = "y";
|
||||
MTD_BLOCK = "y"; # fix undefined ref to register_mtd_blktrans_dev
|
||||
|
||||
SPI = "y";
|
||||
@ -160,6 +138,7 @@
|
||||
REGULATOR_FIXED_VOLTAGE = "y";
|
||||
|
||||
NET = "y";
|
||||
NETDEVICES = "y";
|
||||
ETHERNET = "y";
|
||||
|
||||
PHYLIB = "y";
|
||||
@ -169,21 +148,35 @@
|
||||
NET_VENDOR_RALINK = "y";
|
||||
NET_RALINK_RT3050 = "y";
|
||||
NET_RALINK_SOC="y";
|
||||
|
||||
# both the ethernet ports on this device (lan and wan)
|
||||
# are behind a switch, so we need VLANs to do anything
|
||||
# useful with them
|
||||
|
||||
VLAN_8021Q = "y";
|
||||
SWCONFIG = "y";
|
||||
SWPHY = "y";
|
||||
|
||||
BRIDGE = "y";
|
||||
BRIDGE_VLAN_FILTERING = "y";
|
||||
BRIDGE_IGMP_SNOOPING = "y";
|
||||
|
||||
WATCHDOG = "y";
|
||||
RALINK_WDT = "y"; # watchdog
|
||||
MT7621_WDT = "y"; # or it might be this one
|
||||
|
||||
GPIOLIB="y";
|
||||
GPIO_MT7621 = "y";
|
||||
|
||||
PHY_RALINK_USB = "y";
|
||||
|
||||
CMDLINE_PARTITION = "y";
|
||||
EARLY_PRINTK = "y";
|
||||
|
||||
PARTITION_ADVANCED = "y";
|
||||
PRINTK_TIME = "y";
|
||||
} // lib.optionalAttrs (config.system.service ? vlan) {
|
||||
SWCONFIG = "y";
|
||||
} // lib.optionalAttrs (config.system.service ? watchdog) {
|
||||
RALINK_WDT = "y"; # watchdog
|
||||
MT7621_WDT = "y"; # or it might be this one
|
||||
SQUASHFS = "y";
|
||||
SQUASHFS_XZ = "y";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,51 +0,0 @@
|
||||
# This "device" generates images that can be used with the QEMU
|
||||
# emulator. The default output is a directory containing separate
|
||||
# kernel ("Image" format) and root filesystem (squashfs or jffs2)
|
||||
# images
|
||||
{
|
||||
system = {
|
||||
crossSystem = {
|
||||
config = "aarch64-unknown-linux-musl";
|
||||
};
|
||||
};
|
||||
|
||||
description = ''
|
||||
QEMU Aarch64
|
||||
************
|
||||
|
||||
This target produces an image for
|
||||
the `QEMU "virt" platform <https://www.qemu.org/docs/master/system/arm/virt.html>`_ using a 64 bit CPU type.
|
||||
|
||||
ARM targets differ from MIPS in that the kernel format expected
|
||||
by QEMU is an "Image" (raw binary file) rather than an ELF
|
||||
file, but this is taken care of by :command:`run.sh`. Check the
|
||||
documentation for the :ref:`QEMU` (MIPS) target for more information.
|
||||
|
||||
'';
|
||||
|
||||
# this device is described by the "qemu" device
|
||||
installer = "vmroot";
|
||||
|
||||
module = {pkgs, config, lim, ... }: {
|
||||
imports = [
|
||||
../../modules/arch/aarch64.nix
|
||||
../families/qemu.nix
|
||||
];
|
||||
kernel = {
|
||||
config = {
|
||||
VIRTUALIZATION = "y";
|
||||
PCI_HOST_GENERIC="y";
|
||||
|
||||
SERIAL_AMBA_PL011 = "y";
|
||||
SERIAL_AMBA_PL011_CONSOLE = "y";
|
||||
};
|
||||
};
|
||||
boot.commandLine = [
|
||||
"console=ttyAMA0,38400"
|
||||
];
|
||||
hardware = let addr = lim.parseInt "0x40010000"; in {
|
||||
loadAddress = addr;
|
||||
entryPoint = addr;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,53 +0,0 @@
|
||||
# This "device" generates images that can be used with the QEMU
|
||||
# emulator. The default output is a directory containing separate
|
||||
# kernel ("Image" format) and root filesystem (squashfs or jffs2)
|
||||
# images
|
||||
{
|
||||
system = {
|
||||
crossSystem = {
|
||||
config = "armv7l-unknown-linux-musleabihf";
|
||||
};
|
||||
};
|
||||
|
||||
# this device is described by the "qemu" device
|
||||
description = ''
|
||||
QEMU ARM v7
|
||||
***********
|
||||
|
||||
This target produces an image for
|
||||
the `QEMU "virt" platform <https://www.qemu.org/docs/master/system/arm/virt.html>`_ using a 32 bit CPU type.
|
||||
|
||||
ARM targets differ from MIPS in that the kernel format expected
|
||||
by QEMU is an "Image" (raw binary file) rather than an ELF
|
||||
file, but this is taken care of by :command:`run.sh`. Check the
|
||||
documentation for the :ref:`QEMU` (MIPS) target for more information.
|
||||
'';
|
||||
installer = "vmroot";
|
||||
|
||||
module = {pkgs, config, lim, ... }: {
|
||||
imports = [
|
||||
../../modules/arch/arm.nix
|
||||
../families/qemu.nix
|
||||
];
|
||||
kernel = {
|
||||
config = {
|
||||
PCI_HOST_GENERIC = "y";
|
||||
ARCH_VIRT = "y";
|
||||
|
||||
VFP = "y";
|
||||
NEON = "y";
|
||||
AEABI = "y";
|
||||
|
||||
SERIAL_AMBA_PL011 = "y";
|
||||
SERIAL_AMBA_PL011_CONSOLE = "y";
|
||||
};
|
||||
};
|
||||
boot.commandLine = [
|
||||
"console=ttyAMA0"
|
||||
];
|
||||
hardware = let addr = lim.parseInt "0x40008000"; in {
|
||||
loadAddress = addr;
|
||||
entryPoint = addr;
|
||||
};
|
||||
};
|
||||
}
|
@ -12,65 +12,59 @@
|
||||
};
|
||||
};
|
||||
|
||||
description = ''
|
||||
QEMU MIPS
|
||||
*********
|
||||
|
||||
This target produces an image for
|
||||
QEMU, the "generic and open source machine emulator and
|
||||
virtualizer".
|
||||
|
||||
MIPS QEMU emulates a "Malta" board, which was an ATX form factor
|
||||
evaluation board made by MIPS Technologies, but mostly in Liminix
|
||||
we use paravirtualized devices (Virtio) instead of emulating
|
||||
hardware.
|
||||
|
||||
Building an image for QEMU results in a :file:`result/` directory
|
||||
containing ``run.sh`` ``vmlinux``, and ``rootfs`` files. To invoke
|
||||
the emulator, run ``run.sh``.
|
||||
|
||||
The configuration includes two emulated "hardware" ethernet
|
||||
devices and the kernel :code:`mac80211_hwsim` module to
|
||||
provide an emulated wlan device. To read more about how
|
||||
to connect to this network, refer to :ref:`qemu-networking`
|
||||
in the Development manual.
|
||||
|
||||
'';
|
||||
module = {pkgs, config, lib, lim, ... }: {
|
||||
imports = [
|
||||
../../modules/arch/mipseb.nix
|
||||
../families/qemu.nix
|
||||
];
|
||||
module = {pkgs, config, ... }: {
|
||||
kernel = {
|
||||
src = pkgs.pkgsBuildBuild.fetchurl {
|
||||
name = "linux.tar.gz";
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.71.tar.gz";
|
||||
hash = "sha256-yhO2cXIeIgUxkSZf/4aAsF11uxyh+UUZu6D1h92vCD8=";
|
||||
};
|
||||
config = {
|
||||
MIPS_MALTA= "y";
|
||||
CPU_LITTLE_ENDIAN= "n";
|
||||
CPU_BIG_ENDIAN= "y";
|
||||
CPU_MIPS32_R2= "y";
|
||||
|
||||
POWER_RESET = "y";
|
||||
POWER_RESET_SYSCON = "y";
|
||||
MTD = "y";
|
||||
MTD_BLOCK2MTD = "y";
|
||||
MTD_BLKDEVS = "y";
|
||||
MTD_BLOCK = "y";
|
||||
|
||||
SQUASHFS = "y";
|
||||
SQUASHFS_XZ = "y";
|
||||
|
||||
VIRTIO_MENU = "y";
|
||||
PCI = "y";
|
||||
VIRTIO_PCI = "y";
|
||||
BLOCK = "y";
|
||||
VIRTIO_BLK = "y";
|
||||
NETDEVICES = "y";
|
||||
VIRTIO_NET = "y";
|
||||
|
||||
SERIAL_8250= "y";
|
||||
SERIAL_8250_CONSOLE= "y";
|
||||
};
|
||||
};
|
||||
hardware =
|
||||
# from arch/mips/mti-malta/Platform:load-$(CONFIG_MIPS_MALTA) += 0xffffffff80100000
|
||||
let addr = lim.parseInt "0x80100000";
|
||||
in {
|
||||
loadAddress = addr;
|
||||
entryPoint = addr;
|
||||
|
||||
# Unlike the arm qemu targets, we need a static dts when
|
||||
# running u-boot-using tests, qemu dumpdtb command doesn't
|
||||
# work for this board. I am not at all sure this dts is
|
||||
# *correct* but it does at least boot
|
||||
dts = lib.mkForce {
|
||||
src = "${config.system.outputs.kernel.modulesupport}/arch/mips/boot/dts/mti/malta.dts";
|
||||
includes = [
|
||||
"${config.system.outputs.kernel.modulesupport}/arch/mips/boot/dts/"
|
||||
];
|
||||
let
|
||||
mac80211 = pkgs.mac80211.override {
|
||||
drivers = ["mac80211_hwsim"];
|
||||
klibBuild = config.system.outputs.kernel.modulesupport;
|
||||
};
|
||||
inherit (pkgs.liminix.networking) interface;
|
||||
in {
|
||||
defaultOutput = "vmroot";
|
||||
flash.eraseBlockSize = "65536"; # c.f. pkgs/mips-vm/mips-vm.sh
|
||||
networkInterfaces = {
|
||||
lan = interface { device = "eth0"; };
|
||||
wan = interface { device = "eth1"; };
|
||||
|
||||
wlan_24 = interface {
|
||||
device = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
@ -1,238 +0,0 @@
|
||||
{
|
||||
description = ''
|
||||
Turris Omnia
|
||||
************
|
||||
'';
|
||||
|
||||
system = {
|
||||
crossSystem = {
|
||||
config = "armv7l-unknown-linux-musleabihf";
|
||||
};
|
||||
};
|
||||
|
||||
module = {pkgs, config, lib, lim, ... }:
|
||||
let
|
||||
openwrt = pkgs.openwrt;
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
inherit (pkgs) liminix;
|
||||
mtd_by_name_links = pkgs.liminix.services.oneshot rec {
|
||||
name = "mtd_by_name_links";
|
||||
up = ''
|
||||
mkdir -p /dev/mtd/by-name
|
||||
cd /dev/mtd/by-name
|
||||
for i in /sys/class/mtd/mtd*[0-9]; do
|
||||
ln -s ../../$(basename $i) $(cat $i/name)
|
||||
done
|
||||
'';
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../../modules/arch/arm.nix
|
||||
../../modules/outputs/tftpboot.nix
|
||||
../../modules/outputs/ext4fs.nix
|
||||
../../modules/outputs/mbrimage.nix
|
||||
../../modules/outputs/extlinux.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
services.mtd-name-links = mtd_by_name_links;
|
||||
kernel = {
|
||||
src = pkgs.pkgsBuildBuild.fetchurl {
|
||||
name = "linux.tar.gz";
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.71.tar.gz";
|
||||
hash = "sha256-yhO2cXIeIgUxkSZf/4aAsF11uxyh+UUZu6D1h92vCD8=";
|
||||
};
|
||||
extraPatchPhase = ''
|
||||
${pkgs.openwrt.applyPatches.mvebu}
|
||||
'';
|
||||
config = {
|
||||
PCI = "y";
|
||||
OF = "y";
|
||||
MEMORY = "y"; # for MVEBU_DEVBUS
|
||||
DMADEVICES = "y"; # for MV_XOR
|
||||
CPU_V7 = "y";
|
||||
ARCH_MULTIPLATFORM = "y";
|
||||
ARCH_MVEBU = "y";
|
||||
ARCH_MULTI_V7= "y";
|
||||
PCI_MVEBU = "y";
|
||||
AHCI_MVEBU = "y";
|
||||
MACH_ARMADA_38X = "y";
|
||||
SMP = "y";
|
||||
# this is disabled for the moment because it relies on a GCC
|
||||
# plugin that requires gmp.h to build, and I can't see right now
|
||||
# how to confgure it to find gmp
|
||||
STACKPROTECTOR_PER_TASK = "n";
|
||||
NR_CPUS = "4";
|
||||
VFP = "y";
|
||||
NEON= "y";
|
||||
|
||||
# WARNING: unmet direct dependencies detected for ARCH_WANT_LIBATA_LEDS
|
||||
ATA = "y";
|
||||
|
||||
PSTORE = "y";
|
||||
PSTORE_RAM = "y";
|
||||
PSTORE_CONSOLE = "y";
|
||||
PSTORE_DEFLATE_COMPRESS = "n";
|
||||
|
||||
BLOCK = "y";
|
||||
MMC="y";
|
||||
PWRSEQ_EMMC="y"; # ???
|
||||
PWRSEQ_SIMPLE="y"; # ???
|
||||
MMC_BLOCK="y";
|
||||
|
||||
MMC_SDHCI= "y";
|
||||
MMC_SDHCI_PLTFM= "y";
|
||||
MMC_SDHCI_PXAV3= "y";
|
||||
MMC_MVSDIO= "y";
|
||||
|
||||
SERIAL_8250 = "y";
|
||||
SERIAL_8250_CONSOLE = "y";
|
||||
SERIAL_OF_PLATFORM="y";
|
||||
SERIAL_MVEBU_UART = "y";
|
||||
SERIAL_MVEBU_CONSOLE = "y";
|
||||
|
||||
SERIAL_8250_DMA= "y";
|
||||
SERIAL_8250_DW= "y";
|
||||
SERIAL_8250_EXTENDED= "y";
|
||||
SERIAL_8250_MANY_PORTS= "y";
|
||||
SERIAL_8250_SHARE_IRQ= "y";
|
||||
OF_ADDRESS= "y";
|
||||
OF_MDIO= "y";
|
||||
|
||||
WATCHDOG = "y"; # watchdog is enabled by u-boot
|
||||
ORION_WATCHDOG = "y"; # so is non-optional to keep feeding
|
||||
|
||||
MVEBU_DEVBUS = "y"; # "Device Bus controller ... flash devices such as NOR, NAND, SRAM, and FPGA"
|
||||
MVMDIO = "y";
|
||||
MVNETA = "y";
|
||||
MVNETA_BM = "y";
|
||||
MVNETA_BM_ENABLE = "y";
|
||||
SRAM = "y"; # mmio-sram is "compatible" for bm_bppi reqd by BM
|
||||
PHY_MVEBU_A38X_COMPHY = "y"; # for eth2
|
||||
|
||||
MVPP2 = "y";
|
||||
MV_XOR = "y";
|
||||
|
||||
# there is NOR flash on this device, which is used for U-Boot
|
||||
# and the rescue system (which we don't interfere with) but
|
||||
# also for the U-Boot environment variables (which we might
|
||||
# need to meddle with)
|
||||
MTD_SPI_NOR = "y";
|
||||
SPI = "y";
|
||||
SPI_MASTER = "y";
|
||||
SPI_ORION = "y";
|
||||
|
||||
NET_DSA = "y";
|
||||
NET_DSA_MV88E6XXX = "y"; # depends on PTP_1588_CLOCK_OPTIONAL
|
||||
};
|
||||
};
|
||||
rootfsType = "ext4";
|
||||
boot = {
|
||||
commandLine = [
|
||||
"console=ttyS0,115200"
|
||||
"pcie_aspm=off" # ath9k pci incompatible with PCIe ASPM
|
||||
];
|
||||
imageFormat = "fit";
|
||||
};
|
||||
filesystem =
|
||||
let
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
firmware = pkgs.stdenv.mkDerivation {
|
||||
name = "wlan-firmware";
|
||||
phases = ["installPhase"];
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -r ${pkgs.linux-firmware}/lib/firmware/ath10k/QCA988X $out
|
||||
'';
|
||||
};
|
||||
in dir {
|
||||
lib = dir {
|
||||
firmware = dir {
|
||||
ath10k = symlink firmware;
|
||||
};
|
||||
};
|
||||
etc = dir {
|
||||
"fw_env.config" =
|
||||
let f = pkgs.writeText "fw_env.config" ''
|
||||
/dev/mtd/by-name/u-boot-env 0x0 0x10000 0x10000
|
||||
'';
|
||||
in symlink f;
|
||||
};
|
||||
};
|
||||
|
||||
boot.tftp = {
|
||||
loadAddress = lim.parseInt "0x1000000";
|
||||
kernelFormat = "zimage";
|
||||
compressRoot = true;
|
||||
};
|
||||
|
||||
hardware = let
|
||||
mac80211 = pkgs.mac80211.override {
|
||||
drivers = ["ath9k_pci" "ath10k_pci"];
|
||||
klibBuild = config.system.outputs.kernel.modulesupport;
|
||||
};
|
||||
in {
|
||||
defaultOutput = "mtdimage";
|
||||
loadAddress = lim.parseInt "0x00800000"; # "0x00008000";
|
||||
entryPoint = lim.parseInt "0x00800000"; # "0x00008000";
|
||||
rootDevice = "/dev/mtdblock0";
|
||||
|
||||
dts = {
|
||||
src = "${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/armada-385-turris-omnia.dts";
|
||||
includes = [
|
||||
"${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/"
|
||||
];
|
||||
};
|
||||
flash.eraseBlockSize = 65536; # only used for tftpboot
|
||||
networkInterfaces =
|
||||
let
|
||||
inherit (config.system.service.network) link;
|
||||
inherit (config.system.service) bridge;
|
||||
in rec {
|
||||
en70000 = link.build {
|
||||
# in armada-38x.dtsi this is eth0.
|
||||
# It's connected to port 5 of the 88E6176 switch
|
||||
devpath = "/devices/platform/soc/soc:internal-regs/f1070000.ethernet";
|
||||
# name is unambiguous but not very semantic
|
||||
ifname = "en70000";
|
||||
};
|
||||
en30000 = link.build {
|
||||
# in armada-38x.dtsi this is eth1
|
||||
# It's connected to port 6 of the 88E6176 switch
|
||||
devpath = "/devices/platform/soc/soc:internal-regs/f1030000.ethernet";
|
||||
# name is unambiguous but not very semantic
|
||||
ifname = "en30000";
|
||||
};
|
||||
# the default (from the dts? I'm guessing) behavour for
|
||||
# lan ports on the switch is to attach them to
|
||||
# en30000. It should be possible to do something better,
|
||||
# per
|
||||
# https://www.kernel.org/doc/html/latest/networking/dsa/configuration.html#affinity-of-user-ports-to-cpu-ports
|
||||
# but apparently OpenWrt doesn't either so maybe it's more
|
||||
# complicated than it looks
|
||||
|
||||
wan = link.build {
|
||||
# in armada-38x.dtsi this is eth2. It may be connected to
|
||||
# an ethernet phy or to the SFP cage, depending on a gpio
|
||||
devpath = "/devices/platform/soc/soc:internal-regs/f1034000.ethernet";
|
||||
ifname = "wan";
|
||||
};
|
||||
|
||||
lan = link.build {
|
||||
ifname = "lan1";
|
||||
};
|
||||
|
||||
wlan = link.build {
|
||||
ifname = "wlan0";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
wlan5 = link.build {
|
||||
ifname = "wlan1";
|
||||
dependencies = [ mac80211 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
198
doc/admin.rst
198
doc/admin.rst
@ -1,198 +0,0 @@
|
||||
System Administration
|
||||
#####################
|
||||
|
||||
Services on a running system
|
||||
****************************
|
||||
|
||||
* add an s6-rc cheatsheet here
|
||||
|
||||
|
||||
Flashing and updating
|
||||
*********************
|
||||
|
||||
|
||||
|
||||
Flashing from Liminix
|
||||
=====================
|
||||
|
||||
The flash procedure from an existing Liminix-system has two steps.
|
||||
First we reboot the device (using "kexec") into an "ephemeral"
|
||||
RAM-based version of the new configuration, then when we're happy it
|
||||
works we can flash the image - and if it doesn't work we can reboot
|
||||
the device again and it will boot from the old image.
|
||||
|
||||
|
||||
Building the RAM-based image
|
||||
----------------------------
|
||||
|
||||
To create the ephemeral image, build ``outputs.kexecboot`` instead of
|
||||
``outputs.default``. This generates a directory containing the root
|
||||
filesystem image and kernel, along with an executable called `kexec`
|
||||
and a `boot.sh` script that runs it with appropriate arguments.
|
||||
|
||||
For example
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./examples/arhcive.nix \
|
||||
--arg device "import ./devices/gl-ar750"
|
||||
-A outputs.kexecboot && \
|
||||
(tar chf - result | ssh root@the-device tar -C /run -xvf -)
|
||||
|
||||
and then login to the device and run
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd /run/result
|
||||
sh ./boot.sh .
|
||||
|
||||
|
||||
This will load the new kernel and map the root filesystem into a RAM
|
||||
disk, then start executing the new kernel. *This is effectively a
|
||||
reboot - be sure to close all open files and finish anything else
|
||||
you were doing first.*
|
||||
|
||||
If the new system crashes or is rebooted, then the device will revert
|
||||
to the old configuration it finds in flash.
|
||||
|
||||
|
||||
Building the second (permanent) image
|
||||
-------------------------------------
|
||||
|
||||
While running in the kexecboot system, you can build the permanent
|
||||
image and copy it to the device with :command:`ssh`
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
build-machine$ nix-build -I liminix-config=./examples/arhcive.nix \
|
||||
--arg device "import ./devices/gl-ar750"
|
||||
-A outputs.default && \
|
||||
(tar chf - result | ssh root@the-device tar -C /run -xvf -)
|
||||
|
||||
build-machine$ tar chf - result/firmware.bin | \
|
||||
ssh root@the-device tar -C /run -xvf -
|
||||
|
||||
Next you need to connect to the device and locate the "firmware"
|
||||
partition, which you can do with a combination of :command:`dmesg`
|
||||
output and the contents of :file:`/proc/mtd`
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
<5>[ 0.469841] Creating 4 MTD partitions on "spi0.0":
|
||||
<5>[ 0.474837] 0x000000000000-0x000000040000 : "u-boot"
|
||||
<5>[ 0.480796] 0x000000040000-0x000000050000 : "u-boot-env"
|
||||
<5>[ 0.487056] 0x000000050000-0x000000060000 : "art"
|
||||
<5>[ 0.492753] 0x000000060000-0x000001000000 : "firmware"
|
||||
|
||||
# cat /proc/mtd
|
||||
dev: size erasesize name
|
||||
mtd0: 00040000 00001000 "u-boot"
|
||||
mtd1: 00010000 00001000 "u-boot-env"
|
||||
mtd2: 00010000 00001000 "art"
|
||||
mtd3: 00fa0000 00001000 "firmware"
|
||||
mtd4: 002a0000 00001000 "kernel"
|
||||
mtd5: 00d00000 00001000 "rootfs"
|
||||
|
||||
Now run (in this example)
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
flashcp -v firmware.bin /dev/mtd3
|
||||
|
||||
|
||||
"I know my new image is good, can I skip the intermediate step?"
|
||||
----------------------------------------------------------------
|
||||
|
||||
In addition to giving you a chance to see if the new image works, this
|
||||
two-step process ensures that you're not copying the new image over
|
||||
the top of the active root filesystem. Sometimes it works, but you
|
||||
will at least need physical access to the device to power-cycle it
|
||||
because it will be effectively frozen afterwards.
|
||||
|
||||
|
||||
Flashing from the boot monitor
|
||||
==============================
|
||||
|
||||
If you are prepared to open the device and have a TTL serial adaptor
|
||||
of some kind to connect it to, you can probably use U-Boot and a TFTP
|
||||
server to download and flash the image. This is quite
|
||||
hardware-specific, and sometimes involves soldering: please refer
|
||||
to :ref:`serial`.
|
||||
|
||||
|
||||
Flashing from OpenWrt
|
||||
=====================
|
||||
|
||||
.. CAUTION:: Untested! A previous version of these instructions
|
||||
(without the -e flag) led to bricking the device
|
||||
when flashing a jffs2 image. If you are reading
|
||||
this message, nobody has yet reported on whether the
|
||||
new instructions are any better.
|
||||
|
||||
If your device is running OpenWrt then it probably has the
|
||||
:command:`mtd` command installed. After transferring the image onto the
|
||||
device using e.g. :command:`ssh`, you can run it as follows:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
mtd -e -r write /tmp/firmware.bin firmware
|
||||
|
||||
The options to this command are for "erase before writing" and "reboot
|
||||
after writing".
|
||||
|
||||
For more information, please see the `OpenWrt manual <https://openwrt.org/docs/guide-user/installation/sysupgrade.cli>`_ which may also contain (hardware-dependent) instructions on how to flash an image using the vendor firmware - perhaps even from a web interface.
|
||||
|
||||
Updating an installed system (JFFS2)
|
||||
************************************
|
||||
|
||||
|
||||
Adding packages
|
||||
===============
|
||||
|
||||
If your device is running a JFFS2 root filesystem, you can build
|
||||
extra packages for it on your build system and copy them to the
|
||||
device: any package in Nixpkgs or in the Liminix overlay is available
|
||||
with the ``pkgs`` prefix:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./my-configuration.nix \
|
||||
--arg device "import ./devices/mydevice" -A pkgs.tcpdump
|
||||
|
||||
nix-shell -p min-copy-closure root@the-device result/
|
||||
|
||||
Note that this only copies the package to the device: it doesn't update
|
||||
any profile to add it to ``$PATH``
|
||||
|
||||
|
||||
Rebuilding the system
|
||||
=====================
|
||||
|
||||
:command:`liminix-rebuild` is the Liminix analogue of :command:`nixos-rebuild`, although its operation is a bit different because it expects to run on a build machine and then copy to the host device. Run it with the same ``liminix-config`` and ``device`` parameters as you would run :command:`nix-build`, and it will build any new/changed packages and then copy them to the device using SSH. For example:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
liminix-rebuild root@the-device -I liminix-config=./examples/rotuer.nix --arg device "import ./devices/gl-ar750"
|
||||
|
||||
This will
|
||||
|
||||
* build anything that needs building
|
||||
* copy new or changed packages to the device
|
||||
* reboot the device
|
||||
|
||||
It doesn't delete old packages automatically: to do that run
|
||||
:command:`min-collect-garbage`, which will delete any packages not in
|
||||
the current system closure. Note that Liminix does not have the NixOS
|
||||
concept of environments or generations, and there is no way back from
|
||||
this except for building the previous configuration again.
|
||||
|
||||
|
||||
Caveats
|
||||
-------
|
||||
|
||||
* it needs there to be enough free space on the device for all the new
|
||||
packages in addition to all the packages already on it - which may be
|
||||
a problem if a lot of things have changed (e.g. a new version of
|
||||
nixpkgs).
|
||||
|
||||
* it cannot upgrade the kernel, only userland
|
@ -1,6 +0,0 @@
|
||||
Architecture Decision Records
|
||||
#############################
|
||||
|
||||
In this directory you will find descriptions of Liminix architecture
|
||||
decisions.
|
||||
|
@ -1,201 +0,0 @@
|
||||
Module system
|
||||
#############
|
||||
|
||||
**Status:** Adopted; implemented in July-September 2023
|
||||
|
||||
|
||||
Context
|
||||
*******
|
||||
|
||||
Liminix users need a way to assemble a full system configuration by
|
||||
combining smaller, more isolated and reusable components, otherwise
|
||||
systems will be unwieldy and copy-and-paste will be rife.
|
||||
|
||||
|
||||
Alternatives
|
||||
************
|
||||
|
||||
NixOS module system
|
||||
===================
|
||||
|
||||
The NixOS module system addresses many of these concerns. A module is
|
||||
a Nix function which accepts a ``configuration`` attrset and some
|
||||
other parameters, and returns a new fragment of ``configuration``
|
||||
which is merged into it. It includes a DSL describing the permitted
|
||||
types of values for each key in the configuration, which is used for
|
||||
checking that the supplied parameters are valid and also governs what
|
||||
to do if two modules both specify a value for the same key. (Usually
|
||||
they are "merged", using some type-appropriate concept of merging.)
|
||||
|
||||
Usually a NixOS module looks only (or mostly only) at a particular
|
||||
subtree of the overall configuration which is hardcoded in the module
|
||||
definition, but the configuration fragment it returns may touch any
|
||||
part of the schema. For example, the factorio module refers to
|
||||
``config.services.factorio``, and it returns values for keys in
|
||||
``systemd.services.factorio`` and ``networking.firewall``. There is no
|
||||
way to use this module to run **two** factorio services with different
|
||||
config (e.g. on different ports) - the only way to make that
|
||||
possible would be to extend the module definition so that it
|
||||
accepts a collection of game configurations and then create
|
||||
a systemd service for each.
|
||||
|
||||
|
||||
NixWRT module system
|
||||
====================
|
||||
|
||||
NixWRT, the (now defunct) predecessor of Liminix, used a homegrown
|
||||
module system modelled on the Nixpkgs overlay pattern. Each module is
|
||||
a function that accepts ``super`` and ``self`` parameters, and
|
||||
using <handwaves>that fixpoint magic thing</handwaves>
|
||||
is called in a chain with the configuration returned by the previous
|
||||
module and the final configuration.
|
||||
|
||||
NixWRT modules mostly don't refer to the configuration object to
|
||||
decide how to configure themselves, but accept their parameters
|
||||
directly as function parameters. For example, the configuration
|
||||
file for "arhcive" (a backup server) includes this text:
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
(sshd {
|
||||
hostkey = secrets.sshHostKey;
|
||||
authkeys = { root = lib.splitString "\n" secrets.myKeys; };
|
||||
})
|
||||
busybox
|
||||
(usbdisk {
|
||||
label = "backup-disk";
|
||||
mountpoint = "/srv";
|
||||
fstype = "ext4";
|
||||
options = "rw";
|
||||
})
|
||||
|
||||
This gives us flexibility that NixOS modules don't: for example, if we
|
||||
want to mount two USB disks, we can simply repeat that module twice
|
||||
with different parameters - and the module definition doesn't have to
|
||||
handle it specially.
|
||||
|
||||
However, the downside of this system is that we didn't implement any
|
||||
concept of "types" - there is no type information, so there is no
|
||||
systematic checking that parameters are valid, and if two modules set
|
||||
the same config key then the rules for merging are entirely ad hoc.
|
||||
|
||||
There is a further (arguable) downside, which is that the
|
||||
configuration is not just data - it's now part code. While it could be
|
||||
feasible (though I've never seen it done) to encode a NixOS
|
||||
configuration using Yaml or XML and then manipulate it as data, this
|
||||
is not even possible using the NixWRT system.
|
||||
|
||||
|
||||
Use services for everything
|
||||
===========================
|
||||
|
||||
The most common properties that a Liminix configuration needs to
|
||||
define are:
|
||||
|
||||
* which services (processes) to run
|
||||
* what packages to install
|
||||
* permitted users and groups
|
||||
* Linux kernel configuration options
|
||||
* Busybox applets
|
||||
* filesystem layout
|
||||
|
||||
Suppose we only had services?
|
||||
|
||||
A Liminix service is (also) a derivation, so it is able to
|
||||
create any files it likes inside its own store path, and
|
||||
transitively require other packages simply by referring to them.
|
||||
If it needs particular kernel options it could define them
|
||||
as kernel modules to be loaded on demand when the service
|
||||
starts (see the nftables module for an example). However:
|
||||
|
||||
* there is no way for a service to add busybox modules
|
||||
|
||||
* it cannot create files outside of its store path, so
|
||||
wouldn't be able to make e.g. :file:`/etc/something.conf`
|
||||
|
||||
* no way to create users/groups. We could steal the DynamicUsers idea
|
||||
from systemd and make them on demand, but this starts to get a bit
|
||||
more complicated.
|
||||
|
||||
These limitations force us to reject this option as a general
|
||||
solution - though we should strive *where possible* to implement
|
||||
functionality as services and to minimise the proportion of Liminix
|
||||
that manipulates the global configuration.
|
||||
|
||||
|
||||
Decision
|
||||
********
|
||||
|
||||
"Why not both?" None of these options is sufficient alone, so we are
|
||||
going to do a mixture.
|
||||
|
||||
We will use the NixOS module system, but instead of expecting modules
|
||||
to create systemd services as instances, they will expose "service
|
||||
templates": functions that accept an attrset and return an
|
||||
appropriately configured service that can be assigned by the caller
|
||||
to a key in ``config.services``.
|
||||
|
||||
We will typecheck the service template function parameters using the
|
||||
same type-checking code as NixOS uses for its modules.
|
||||
|
||||
An example may make this clearer: to add an NTP
|
||||
service you first add :file:`modules/ntp` to your ``imports`` list,
|
||||
then you create a service by calling
|
||||
:code:`config.system.service.ntp.build { .... }` with the appropriate
|
||||
service-dependent configuration parameters.
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
let svc = config.system.service;
|
||||
in {
|
||||
# ...
|
||||
imports = [
|
||||
./modules/ntp
|
||||
# ....
|
||||
];
|
||||
config.services.ntp = svc.ntp.build {
|
||||
pools = { "pool.ntp.org" = ["iburst"]; };
|
||||
makestep = { threshold = 1.0; limit = 3; };
|
||||
};
|
||||
|
||||
Merely including the module won't define the service on its own: it
|
||||
only creates the template in ``config.system.service.foo`` and you
|
||||
have to create the actual service using the template.
|
||||
|
||||
|
||||
|
||||
Consequences
|
||||
************
|
||||
|
||||
This decision has both good and bad consequences
|
||||
|
||||
Pro
|
||||
===
|
||||
|
||||
* We have a workable system for reusing configuration elements in
|
||||
Liminix.
|
||||
|
||||
* We have type checking for most imortant things, reducing the risk of
|
||||
deploying an invalid configuration.
|
||||
|
||||
* We have a simple mechanism for creating multiple services based on
|
||||
the same module, without buulding that logic into the module
|
||||
definition itself. For example, we could create two SSH daemons on
|
||||
different ports, or DHCP clients with different configurations on
|
||||
different network devices.
|
||||
|
||||
* We expect to be able to automate the generation of module
|
||||
documentation.
|
||||
|
||||
Con
|
||||
===
|
||||
|
||||
|
||||
* By departing somewhat from the NixOS conventions we increase the
|
||||
amount of code we have to write/maintain ourselves - and the
|
||||
learning burden on users who are already familiar with that system.
|
||||
|
||||
* Liminix configurations contain function calls and aren't just data,
|
||||
which means we can ony realistically interpret or introspect
|
||||
them with the Nix interpreter itself - we can't query them
|
||||
as data with other non-Nix tools.
|
13
doc/conf.py
13
doc/conf.py
@ -13,10 +13,7 @@ author = 'Daniel Barlow'
|
||||
# -- General configuration ---------------------------------------------------
|
||||
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
|
||||
|
||||
extensions = [
|
||||
'sphinx.ext.autosectionlabel'
|
||||
]
|
||||
autosectionlabel_prefix_document = True
|
||||
extensions = []
|
||||
|
||||
templates_path = ['_templates']
|
||||
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
|
||||
@ -28,11 +25,3 @@ exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
|
||||
|
||||
html_theme = 'alabaster'
|
||||
html_static_path = ['_static']
|
||||
|
||||
html_theme_options = {
|
||||
'logo': '/logo.svg',
|
||||
'globaltoc_collapse': 'false',
|
||||
'page_width': '90%',
|
||||
'body_max_width': '90%',
|
||||
'description': 'A Nix-based OpenWrt-style embedded Linux system for consumer wifi routers'
|
||||
}
|
||||
|
@ -1,259 +0,0 @@
|
||||
Configuration
|
||||
#############
|
||||
|
||||
Liminix uses the Nix language to provide congruent configuration
|
||||
management. This means that to change anything about the way in
|
||||
which a Liminix system works, you make that change in
|
||||
your :file:`configuration.nix` (or one of the other files it references),
|
||||
and rerun :command:`nix-build` or :command:`liminix-rebuild` to action
|
||||
the change. It is not possible (at least, without shenanigans) to make
|
||||
changes by logging into the device and running imperative commands
|
||||
whose effects may later be overridden: :file:`configuration.nix`
|
||||
always describes the entire system and can be used to recreate that
|
||||
system at any time. You can usefully keep it under version control.
|
||||
|
||||
If you are familiar with NixOS, you will notice some similarities
|
||||
between NixOS and Liminix configuration, and also some
|
||||
differences. Sometimes the differences are due to the
|
||||
resource-constrained devices we deploy onto, sometimes due to
|
||||
differences in the uses these devices are put to.
|
||||
|
||||
|
||||
Configuration taxonomy
|
||||
**********************
|
||||
|
||||
There are many things you can specify in a configuration, but these
|
||||
are the ones you most commonly need to change:
|
||||
|
||||
* which services (processes) to run
|
||||
* what packages to install
|
||||
* permitted users and groups
|
||||
* Linux kernel configuration options
|
||||
* Busybox applets
|
||||
* filesystem layout
|
||||
|
||||
|
||||
Modules
|
||||
*******
|
||||
|
||||
**Modules** are a means of abstraction which allow "bundling"
|
||||
of configuration options related to a common purpose or theme. For
|
||||
example, the ``dnsmasq`` module defines a template for a dnsmasq
|
||||
service, ensures that the dnsmasq package is installed, and provides a
|
||||
dnsmasq user and group for the service to run as. The ``ppp`` module
|
||||
defines a service template and also enables various PPP-related kernel
|
||||
configuration.
|
||||
|
||||
Not all modules are included in the configuration by default, because
|
||||
that would mean that the kernel (and the Busybox binary providing
|
||||
common CLI tools) was compiled with many unnecessary bells and whistles
|
||||
and therefore be bigger than needed. (This is not purely an academic concern
|
||||
if your device has little flash storage). Therefore, specifying a
|
||||
service is usually a two-step process. For example, to add an NTP
|
||||
service you first add :file:`modules/ntp` to your ``imports`` list,
|
||||
then you create a service by calling
|
||||
:code:`config.system.service.ntp.build { .... }` with the appropriate
|
||||
service-dependent configuration parameters.
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
let svc = config.system.service;
|
||||
in {
|
||||
# ...
|
||||
imports = [
|
||||
./modules/ntp
|
||||
# ....
|
||||
];
|
||||
config.services.ntp = svc.ntp.build {
|
||||
pools = { "pool.ntp.org" = ["iburst"]; };
|
||||
makestep = { threshold = 1.0; limit = 3; };
|
||||
};
|
||||
|
||||
Merely including the module won't define the service on its own: it
|
||||
only creates the template in ``config.system.service.foo`` and you
|
||||
have to create an actual service using the template. This is an
|
||||
intentional choice to allow the creation of multiple
|
||||
differently-configured services based on the same template - perhaps
|
||||
e.g. when you have multiple networks (VPNs etc) in different trust
|
||||
domains, or you want to run two SSH daemons on different ports.
|
||||
(For the background to this, please refer to the :doc:`architecture decision record <adr/module-system>`)
|
||||
|
||||
.. tip:: Liminix modules should be quite familiar (but also different)
|
||||
if you already know how to use NixOS modules. We use the
|
||||
NixOS module infrastructure code, meaning that you should
|
||||
recognise the syntax, the type system, the rules for
|
||||
combining configuration values from different sources. We
|
||||
don't use the NixOS modules themselves, because the
|
||||
underlying system is not similar enough for them to work.
|
||||
|
||||
|
||||
Services
|
||||
********
|
||||
|
||||
We use the `s6-rc service manager <https://www.skarnet.org/software/s6-rc/overview.html>`_ to start/stop/restart services and handle
|
||||
service dependencies. Any attribute in `config.services` will become
|
||||
part of the default set of services that s6-rc will try to bring up on
|
||||
boot.
|
||||
|
||||
For the most part, for common use cases, hopefully the services you
|
||||
need will be defined by modules and you will only have to pass the
|
||||
right parameters to ``build``.
|
||||
|
||||
Should you need to create a custom service of your own devising, use
|
||||
the `oneshot` or `longrun` functions:
|
||||
|
||||
* a "longrun" service is the "normal" service concept: it has a
|
||||
``run`` action which describes the process to start, and it watches
|
||||
that process to restart it if it exits. The process should not
|
||||
attempt to daemonize or "background" itself, otherwise s6-rc will think
|
||||
it died. Whatever it prints to standard output/standard error
|
||||
will be logged.
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
config.services.cowsayd = pkgs.liminix.services.longrun {
|
||||
name = "cowsayd";
|
||||
run = "${pkgs.cowsayd}/bin/cowsayd --port 3001 --breed hereford";
|
||||
# don't start this until the lan interface is ready
|
||||
dependencies = [ config.services.lan ];
|
||||
}
|
||||
|
||||
|
||||
* a "oneshot" service doesn't have a process attached. It consists of
|
||||
``up`` and ``down`` actions which are bits of shell script that
|
||||
are run at the appropriate points in the service lifecycle
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
config.services.greenled = pkgs.liminix.services.oneshot {
|
||||
name = "greenled";
|
||||
up = ''
|
||||
echo 17 > /sys/class/gpio/export
|
||||
echo out > /sys/class/gpio/gpio17/direction
|
||||
echo 0 > /sys/class/gpio/gpio17/value
|
||||
'';
|
||||
down = ''
|
||||
echo 0 > /sys/class/gpio/gpio17/value
|
||||
'';
|
||||
}
|
||||
|
||||
Services may have dependencies: as you see above in the ``cowsayd``
|
||||
example, it depends on some service called ``config.services.lan``,
|
||||
meaning that it won't be started until that other service is up.
|
||||
|
||||
..
|
||||
TODO: explain service outputs
|
||||
|
||||
..
|
||||
TODO: outputs that change, and services that poll other services
|
||||
|
||||
Module implementation
|
||||
*********************
|
||||
|
||||
Modules in Liminix conventionally live in
|
||||
:file:`modules/somename/default.nix`. If you want or need to
|
||||
write your own, you may wish to refer to the
|
||||
examples there in conjunction with reading this section.
|
||||
|
||||
A module is a function that accepts ``{lib, pkgs, config, ... }`` and
|
||||
returns an attrset with keys ``imports, options config``.
|
||||
|
||||
* ``imports`` is a list of paths to the other modules required by this one
|
||||
|
||||
* ``options`` is a nested set of option declarations
|
||||
|
||||
* ``config`` is a nested set of option definitions
|
||||
|
||||
The NixOS manual section `Writing NixOS Modules
|
||||
<https://nixos.org/manual/nixos/stable/#sec-writing-modules>`_ is a
|
||||
quite comprehensive reference to writing NixOS modules, which is also
|
||||
mostly applicable to Liminix except that it doesn't cover
|
||||
service templates.
|
||||
|
||||
Service templates
|
||||
=================
|
||||
|
||||
To expose a service template in a module, it needs the following:
|
||||
|
||||
* an option declaration for ``system.service.myservicename`` with the
|
||||
type of ``liminix.lib.types.serviceDefn``
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
options = {
|
||||
system.service.cowsay = mkOption {
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
};
|
||||
|
||||
* an option definition for the same key, which specifies where to
|
||||
import the service template from (often :file:`./service.nix`)
|
||||
and the types of its parameters.
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
config.system.service.cowsay = liminix.callService ./service.nix {
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = "Listen on specified address";
|
||||
example = "127.0.0.1";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 22;
|
||||
description = "Listen on specified TCP port";
|
||||
};
|
||||
breed = mkOption {
|
||||
type = types.str;
|
||||
default = "British Friesian"
|
||||
description = "Breed of the cow";
|
||||
};
|
||||
};
|
||||
|
||||
Then you need to provide the service template itself, probably in
|
||||
:file:`./service.nix`:
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
{
|
||||
# any nixpkgs package can be named here
|
||||
liminix
|
||||
, cowsayd
|
||||
, serviceFns
|
||||
, lib
|
||||
}:
|
||||
# these are the parameters declared in the callService invocation
|
||||
{ address, port, breed} :
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
inherit (lib.strings) escapeShellArg;
|
||||
in longrun {
|
||||
name = "cowsayd";
|
||||
run = "${cowsayd}/bin/cowsayd --address ${address} --port ${builtins.toString port} --breed ${escapeShellArg breed}";
|
||||
}
|
||||
|
||||
.. tip::
|
||||
|
||||
Not relevant to module-based services specifically, but a common
|
||||
gotcha when specifiying services is forgetting to transform "rich"
|
||||
parameter values into text when composing a command for the shell
|
||||
to execute. Note here that the port number, an integer, is
|
||||
stringified with ``toString``, and the name of the breed,
|
||||
which may contain spaces, is
|
||||
escaped with ``escapeShellArg``
|
||||
|
||||
Types
|
||||
=====
|
||||
|
||||
All of the NixOS module types are available in Liminix. These
|
||||
Liminix-specific types also exist in ``pkgs.liminix.lib.types``:
|
||||
|
||||
* ``service``: an s6-rc service
|
||||
* ``interface``: an s6-rc service which specifies a network
|
||||
interface
|
||||
* ``serviceDefn``: a service "template" definition
|
||||
|
||||
In the future it is likely that we will extend this to include other
|
||||
useful types in the networking domain: for example; IP address,
|
||||
network prefix or netmask, protocol family and others as we find them.
|
@ -1,14 +1,14 @@
|
||||
Development
|
||||
###########
|
||||
Developer Manual
|
||||
################
|
||||
|
||||
As a developer working on Liminix, or implementing a service or
|
||||
module, you probably want to test your changes more conveniently
|
||||
than by building and flashing a new image every time. This section
|
||||
than by building and flashing a new image every time. This manual
|
||||
documents various affordances for iteration and experiments.
|
||||
|
||||
In general, packages and tools that run on the "build" machine are
|
||||
available in the ``buildEnv`` derivation and can most easily
|
||||
be added to your environment by running :command:`nix-shell`.
|
||||
be added to your environment by running :command:`nix-shell`
|
||||
|
||||
|
||||
|
||||
@ -27,18 +27,19 @@ To build it,
|
||||
|
||||
nix-build -I liminix-config=path/to/your/configuration.nix --arg device "import ./devices/qemu" -A outputs.default
|
||||
|
||||
This creates a :file:`result/` directory containing a :file:`vmlinux`
|
||||
and a :file:`rootfs`, and also a shell script :file:`run.sh` which
|
||||
invokes QEMU to run that kernel with that filesystem. It connects the Liminix
|
||||
In a ``buildEnv`` nix-shell, you can use the :command:`mips-vm` command
|
||||
to run Qemu with appropriate options. It connects the Liminix
|
||||
serial console and the `QEMU monitor <https://www.qemu.org/docs/master/system/monitor.html>`_ to stdin/stdout. Use ^P (not ^A) to switch to the monitor.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-shell --run "mips-vm result/vmlinux result/squashfs"
|
||||
|
||||
If you run with ``--background /path/to/some/directory`` as the first
|
||||
parameter, it will fork into the background and open Unix sockets in
|
||||
that directory for console and monitor. Use :command:`nix-shell --run
|
||||
connect-vm` to connect to either of these sockets, and ^O to
|
||||
disconnect.
|
||||
|
||||
.. _qemu-networking:
|
||||
that directory for console and monitor. Use :command:`connect-vm`
|
||||
(also in the ``buildEnv`` environment) to connect to either of these
|
||||
sockets, and ^O to disconnect.
|
||||
|
||||
Networking
|
||||
==========
|
||||
@ -52,11 +53,9 @@ the right way:
|
||||
* multicast 230.0.0.1:1235 : lan
|
||||
* multicast 230.0.0.1:1236 : world (the internet)
|
||||
|
||||
Any VM started by a :command:`run.sh` script is connected to "lan" and
|
||||
"access", and the emulated border network gateway (see below) runs
|
||||
PPPoE and is connected to "access" and "world".
|
||||
|
||||
.. _border-network-gateway:
|
||||
A VM started with :command:`mips-vm` is connected to "lan" and "access", and
|
||||
the emulated border network gateway (see below) runs PPPoE and is
|
||||
connected to "access" and "world".
|
||||
|
||||
Border Network Gateway
|
||||
----------------------
|
||||
@ -88,70 +87,6 @@ time with configurations for RP-PPPoE and/or Accel PPP.`
|
||||
Hardware devices
|
||||
****************
|
||||
|
||||
.. _serial:
|
||||
|
||||
U-Boot and serial shenanigans
|
||||
=============================
|
||||
|
||||
Every device that we have so far encountered in Liminix uses `U-Boot,
|
||||
the "Universal Boot Loader" <https://docs.u-boot.org/en/latest/>`_ so
|
||||
it's worth knowing a bit about it. "Universal" is in this context a
|
||||
bit of a misnomer, though: encountering *mainline* U-Boot is very rare
|
||||
and often you'll find it is a fork from some version last updated
|
||||
in 2008. Upgrading U-Boot is more or less complicated depending on the
|
||||
device and is outside scope for Liminix.
|
||||
|
||||
To speak to U-Boot on your device you'll usually need a serial
|
||||
connection to it. This is device-specific. Usually it involves
|
||||
opening the box, locating the serial header pins (TX, RX and GND) and
|
||||
connecting a USB TTL converter to them.
|
||||
|
||||
The Rolls Royce of USB/UART cables is the `FTDI cable
|
||||
<https://cpc.farnell.com/ftdi/ttl-232r-rpi/cable-debug-ttl-232-usb-rpi/dp/SC12825?st=usb%20to%20uart%20cable>`_,
|
||||
but there are cheaper alternatives based on the PL2303 and CP2102 chipsets. Or
|
||||
get creative and use the `UART GPIO pins <https://pinout.xyz/>`_ on a Raspberry Pi. Whatever you do, make sure
|
||||
that the voltages are compatible: if your device is 3.3V (this is
|
||||
typical but not universal), you don't want to be sending it 5v or
|
||||
(even worse) 12v.
|
||||
|
||||
Run a terminal emulator such as Minicom on the computer at other end
|
||||
of the link. 115200 8N1 is the typical speed.
|
||||
|
||||
.. NOTE::
|
||||
|
||||
TTL serial connections typically have no form of flow control and
|
||||
so don't always like having massive chunks of text pasted into
|
||||
them - and U-Boot may drop characters while it's busy. So don't
|
||||
necessarily expect to copy-paste large chunks of text into the
|
||||
terminal emulator and have it work just like that.
|
||||
|
||||
If using Minicom, you may find it helps to bring up the "Termimal
|
||||
settings" dialog (C^A T), then configure "Newline tx delay" to
|
||||
some small but non-zero value.
|
||||
|
||||
When you turn the router on you should be greeted with some messages
|
||||
from U-Boot, followed by the instruction to hit some key to stop
|
||||
autoboot. Do this and you will get to the prompt. If you didn't see
|
||||
anything, the strong likelihood is that TX and RX are the wrong way
|
||||
around. If you see garbage, try a different speed.
|
||||
|
||||
Interesting commands to try first in U-Boot are :command:`help` and
|
||||
:command:`printenv`.
|
||||
|
||||
To do anything useful with U-Boot you will probably need a way to get
|
||||
large binary files onto the device, and the usual way to do this is by
|
||||
adding a network connection and using TFTP to download them. It's
|
||||
quite common that the device's U-Boot doesn't speak DHCP so it will
|
||||
need a static LAN address. You might also want to keep it away from
|
||||
your "real" LAN: see :ref:`bng` for some potentially useful tooling
|
||||
to use it on an isolated network.
|
||||
|
||||
|
||||
TFTP
|
||||
====
|
||||
|
||||
.. _tftp server:
|
||||
|
||||
How you get your image onto hardware will vary according to the
|
||||
device, but is likely to involve taking it apart to add wires to
|
||||
serial console pads/headers, then using U-Boot to fetch images over
|
||||
@ -180,7 +115,7 @@ Now add the device and server IP addresses to your configuration:
|
||||
};
|
||||
|
||||
and then build the derivation for ``outputs.default`` or
|
||||
``outputs.mtdimage`` (for which it will be an alias on any device
|
||||
``outputs.flashimage`` (for which it will be an alias on any device
|
||||
where this is applicable). You should find it has created
|
||||
|
||||
* :file:`result/firmware.bin` which is the file you are going to flash
|
||||
@ -213,8 +148,6 @@ U-Boot to transfer the kernel and filesystem over TFTP and boot the
|
||||
kernel from RAM.
|
||||
|
||||
|
||||
.. _bng:
|
||||
|
||||
Networking
|
||||
==========
|
||||
|
51
doc/etc.rst
Normal file
51
doc/etc.rst
Normal file
@ -0,0 +1,51 @@
|
||||
The Future
|
||||
##########
|
||||
|
||||
What about NixWRT?
|
||||
|
||||
This is an in-progress rewrite of NixWRT, incorporating Lessons
|
||||
Learned. That said, as of today it is not yet at feature parity.
|
||||
|
||||
Liminix will eventually provide these differentiators over NixWRT:
|
||||
|
||||
* a writable filesystem so that software updates or reconfiguration
|
||||
(e.g. changing passwords) don't require taking the device offline to
|
||||
reflash it.
|
||||
|
||||
* more flexible service management with dependencies, to allow
|
||||
configurations such as "route through PPPoE if it is healthy, with
|
||||
fallback to LTE"
|
||||
|
||||
* a spec for valid configuration options (a la NixOS module options)
|
||||
to that we can detect errors at evaluation time instead of producing
|
||||
a bad image.
|
||||
|
||||
* a network-based mechanism for secrets management so that changes can
|
||||
be pushed from a central location to several Liminix devices at once
|
||||
|
||||
* send device metrics and logs to a monitoring/alerting/o11y
|
||||
infrastructure
|
||||
|
||||
Today though, it does approximately none of these things and certainly
|
||||
not on real hardware.
|
||||
|
||||
|
||||
Articles of interest
|
||||
####################
|
||||
|
||||
* `Build Safety of Software in 28 Popular Home Routers <https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf>`_: "of the access
|
||||
points and routers we reviewed, not a single one took full
|
||||
advantage of the basic application armoring features provided by
|
||||
the operating system. Indeed, only one or two models even came
|
||||
close, and no brand did well consistently across all models tested"
|
||||
|
||||
* `A PPPoE Implementation for Linux <https://static.usenix.org/publications/library/proceedings/als00/2000papers/papers/full_papers/skoll/skoll_html/index.html>`_:
|
||||
"Many DSL service providers use PPPoE for residential broadband
|
||||
Internet access. This paper briefly describes the PPPoE protocol,
|
||||
presents strategies for implementing it under Linux and describes in
|
||||
detail a user-space implementation of a PPPoE client."
|
||||
|
||||
* `PPP IPV6CP vs DHCPv6 at AAISP <https://www.revk.uk/2011/01/ppp-ipv6cp-vs-dhcpv6.html>`_
|
||||
|
||||
|
||||
* `Creating a Home IPv6 Network (James Bottomley) <https://blog.hansenpartnership.com/creating-a-home-ipv6-network/>`_
|
@ -1,10 +1,30 @@
|
||||
{ eval, lib, pkgs }:
|
||||
let
|
||||
overlay = import ../overlay.nix;
|
||||
pkgs = import <nixpkgs> ( {
|
||||
overlays = [overlay];
|
||||
config = {
|
||||
allowUnsupportedSystem = true; # mipsel
|
||||
permittedInsecurePackages = [
|
||||
"python-2.7.18.6" # kernel backports needs python <3
|
||||
];
|
||||
};
|
||||
});
|
||||
inherit (pkgs) lib;
|
||||
inherit (lib) types;
|
||||
modulenames =
|
||||
builtins.attrNames
|
||||
(lib.filterAttrsRecursive
|
||||
(n: t:
|
||||
(t=="directory") ||
|
||||
((t=="regular") && ((builtins.match ".*\\.nix$" n) != null)))
|
||||
(builtins.readDir ../modules));
|
||||
modulefiles = builtins.map (n: builtins.toPath "${../modules}/${n}") modulenames;
|
||||
eval = (lib.evalModules {
|
||||
modules = [
|
||||
{ _module.args = { inherit pkgs; lib = pkgs.lib; }; }
|
||||
] ++ modulefiles;
|
||||
});
|
||||
conf = eval.config;
|
||||
rootDir = builtins.toPath ./..;
|
||||
stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix)
|
||||
["${rootDir}/"];
|
||||
optToDoc = name: opt : {
|
||||
inherit name;
|
||||
description = opt.description or null;
|
||||
@ -21,12 +41,16 @@ let
|
||||
then
|
||||
let sd = lib.attrByPath item.loc ["not found"] conf;
|
||||
in item // {
|
||||
declarations = map stripAnyPrefixes item.declarations;
|
||||
parameters =
|
||||
let x = lib.mapAttrsToList optToDoc sd.parameters; in x;
|
||||
}
|
||||
else
|
||||
item // { declarations = map stripAnyPrefixes item.declarations; };
|
||||
in
|
||||
builtins.map spliceServiceDefn
|
||||
(pkgs.lib.optionAttrSetToDocList eval.options)
|
||||
item;
|
||||
o = builtins.map spliceServiceDefn
|
||||
(pkgs.lib.optionAttrSetToDocList eval.options);
|
||||
in {
|
||||
doc = pkgs.writeText "options.yaml" ''
|
||||
# ${./..}
|
||||
${builtins.toJSON o}
|
||||
'';
|
||||
}
|
||||
|
@ -1,29 +0,0 @@
|
||||
with import <nixpkgs> {} ;
|
||||
|
||||
let
|
||||
inherit (builtins) stringLength readDir filter;
|
||||
devices = filter (n: n != "families")
|
||||
(lib.mapAttrsToList (n: t: n) (readDir ../devices));
|
||||
texts = map (n:
|
||||
let d = import ../devices/${n}/default.nix;
|
||||
d' = {
|
||||
description = "${n}\n${substring 0 (stringLength n) "********************************"}\n";
|
||||
} // d;
|
||||
installer =
|
||||
if d ? description && d ? installer
|
||||
then ''
|
||||
|
||||
The default installation route for this device is
|
||||
:ref:`system-outputs-${d.installer}`
|
||||
''
|
||||
else "";
|
||||
in d'.description)
|
||||
devices;
|
||||
in
|
||||
writeText "hwdoc" ''
|
||||
Supported hardware
|
||||
##################
|
||||
|
||||
${lib.concatStringsSep "\n\n" texts}
|
||||
|
||||
''
|
@ -6,13 +6,9 @@ Liminix
|
||||
:caption: Contents:
|
||||
|
||||
intro
|
||||
tutorial
|
||||
configuration
|
||||
admin
|
||||
development
|
||||
modules
|
||||
hardware
|
||||
outputs
|
||||
user
|
||||
developer
|
||||
etc
|
||||
|
||||
|
||||
Indices and tables
|
||||
|
@ -1,4 +0,0 @@
|
||||
Module options
|
||||
##############
|
||||
|
||||
.. include:: modules-generated.rst
|
@ -1,13 +0,0 @@
|
||||
Outputs
|
||||
#######
|
||||
|
||||
Liminix *outputs* are artefacts that can be installed somehow on a
|
||||
target device, or "installers" which run on the target device to
|
||||
perform the installation.
|
||||
|
||||
There are different outputs because different target devices need
|
||||
different artefacts, or have different ways to get that artefact
|
||||
installed. The options available for a particular device are described in
|
||||
the section for that device.
|
||||
|
||||
.. include:: outputs-generated.rst
|
@ -1,19 +0,0 @@
|
||||
(local yaml (require :lyaml))
|
||||
|
||||
;; (local { : view } (require :fennel))
|
||||
|
||||
(fn output? [option]
|
||||
(match option.loc
|
||||
["system" "outputs" & _] true
|
||||
_ false))
|
||||
|
||||
(fn sorted-options [options]
|
||||
(table.sort
|
||||
options
|
||||
(fn [a b] (< a.name b.name)))
|
||||
options)
|
||||
|
||||
(each [_ option (ipairs (sorted-options (yaml.load (io.read "*a"))))]
|
||||
(when (and (output? option) (not option.internal))
|
||||
(print (.. ".. _" (string.gsub option.name "%." "-") ":") "\n")
|
||||
(print option.description)))
|
@ -2,25 +2,21 @@
|
||||
|
||||
(local { : view } (require :fennel))
|
||||
|
||||
(fn basename [str ext]
|
||||
(-> str
|
||||
(string.gsub "(.*/)(.*)" "%2")
|
||||
(string.gsub (.. ext "$") "")))
|
||||
|
||||
(fn headline [name]
|
||||
(let [title (assert (basename name ".nix"))
|
||||
len (title:len)]
|
||||
(.. title "\n" (string.rep "=" len))))
|
||||
(let [(_ _ basename) (string.find name ".*/([^/].*).nix")
|
||||
len (basename:len)]
|
||||
(.. basename "\n" (string.rep "=" len))))
|
||||
|
||||
(fn read-preamble [pathname]
|
||||
(let [pathname (if (string.match pathname ".nix$")
|
||||
pathname
|
||||
(.. pathname "/default.nix"))]
|
||||
(with-open [f (assert (io.open pathname :r))]
|
||||
(accumulate [lines nil
|
||||
l (f:lines)
|
||||
:until (not (= (string.sub l 1 2) "##"))]
|
||||
(.. (or lines "") (string.gsub l "^## *" "") "\n")))))
|
||||
(if (= (pathname:sub 1 1) "/")
|
||||
(let [pathname (if (string.match pathname ".nix$")
|
||||
pathname
|
||||
(.. pathname "/default.nix"))]
|
||||
(with-open [f (assert (io.open pathname :r))]
|
||||
(accumulate [lines nil
|
||||
l (f:lines)
|
||||
:until (not (= (string.sub l 1 2) "##"))]
|
||||
(.. (or lines "") (string.gsub l "^## *" "") "\n"))))))
|
||||
|
||||
(fn relative-pathname [pathname]
|
||||
(let [pathname
|
||||
|
322
doc/tutorial.rst
322
doc/tutorial.rst
@ -1,322 +0,0 @@
|
||||
Tutorial
|
||||
########
|
||||
|
||||
Liminix is very configurable, which can make it initially quite
|
||||
daunting - especially if you're learning Nix or Linux or networking
|
||||
concepts at the same time. In this section we build some "worked
|
||||
example" Liminix images to introduce the concepts. If you follow the
|
||||
examples exactly, they should work. If you change things as you go
|
||||
along, they may work differently or not at all, but the experience
|
||||
should be educational either way.
|
||||
|
||||
|
||||
Requirements
|
||||
************
|
||||
|
||||
You will need a reasonably powerful computer running Nix. Target
|
||||
devices for Liminix are unlikely to have the CPU power and disk space
|
||||
to be able to build it in situ, so the build process is based around
|
||||
"cross-compilation" from another computer. The build machine can be
|
||||
any reasonably powerful desktop/laptop/server PC running NixOS.
|
||||
Standalone Nixpkgs installations on other Linux distributions - or on
|
||||
MacOS, or even in a Docker container - also ought to work but are
|
||||
untested.
|
||||
|
||||
|
||||
Running in Qemu
|
||||
***************
|
||||
|
||||
You can try out Liminix without even having a router to play with.
|
||||
Clone the Liminix git repository and change into its directory
|
||||
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
git clone https://gti.telent.net/dan/liminix
|
||||
cd liminix
|
||||
|
||||
Now build Liminix
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./examples/hello-from-qemu.nix \
|
||||
--arg device "import ./devices/qemu" -A outputs.default
|
||||
|
||||
In this command ``liminix-config`` points to the desired software
|
||||
configuration (e.g. services, users, filesystem, secrets) and
|
||||
``device`` describes the hardware (or emulated hardware) to run it on.
|
||||
``outputs.default`` tells Liminix that we want the default image
|
||||
output for flashing to the device: for the Qemu "hardware" it's an
|
||||
alias for ``outputs.vmbuild``, which creates a directory containing a
|
||||
root filesystem image and a kernel.
|
||||
|
||||
.. tip:: The first time you run this it may take several hours,
|
||||
because it builds all of the dependencies including a full
|
||||
MIPS gcc and library toolchain. Once those intermediate build
|
||||
products are in the nix store, subsequent builds will be much
|
||||
faster - practically instant, if nothing has changed.
|
||||
|
||||
Now you can try it:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
./result/run.sh
|
||||
|
||||
This starts the Qemu emulator with a bunch of useful options, to run
|
||||
the Liminix configuration you just built. It connects the emulated
|
||||
device's serial console and the `QEMU monitor
|
||||
<https://www.qemu.org/docs/master/system/monitor.html>`_ to
|
||||
stdin/stdout.
|
||||
|
||||
You should now see Linux boot messages and after a few seconds be
|
||||
presented with a root shell prompt. You can run commands to look at
|
||||
the filesystem, see what processes are running, view log messages (in
|
||||
:file:/run/uncaught-logs.current), etc. To kill the emulator, press ^P
|
||||
(Control P) then c to enter the "QEMU Monitor", then type ``quit`` at
|
||||
the ``(qemu)`` prompt.
|
||||
|
||||
To see that it's running network services we need to connect to its
|
||||
emulated network. Start the machine again, if you had stopped it, and
|
||||
open up a second terminal on your build machine. We're going to run
|
||||
another virtual machine attached to the virtual network, which will
|
||||
request an IP address from our Liminix system and give you a shell you
|
||||
can run ssh from.
|
||||
|
||||
We use `System Rescue <https://www.system-rescue.org/>`_ in tty
|
||||
mode (no graphical output) for this example, but if you have some
|
||||
other favourite Linux Live CD ISO - or, for that matter, any other OS
|
||||
image that QEMU can boot - adjust the command to suit.
|
||||
|
||||
Download the System Rescue ISO:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
curl https://fastly-cdn.system-rescue.org/releases/10.01/systemrescue-10.01-amd64.iso -O
|
||||
|
||||
and run it
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-shell -p qemu --run " \
|
||||
qemu-system-x86_64 \
|
||||
-echr 16 \
|
||||
-m 1024 \
|
||||
-cdrom systemrescue-10.01-amd64.iso \
|
||||
-netdev socket,mcast=230.0.0.1:1235,localaddr=127.0.0.1,id=lan \
|
||||
-device virtio-net,disable-legacy=on,disable-modern=off,netdev=lan,mac=ba:ad:3d:ea:21:01 \
|
||||
-display none -serial mon:stdio"
|
||||
|
||||
System Rescue displays a boot menu at which you should select the
|
||||
"serial console" option, then after a few moments it boots to a root
|
||||
prompt. You can now try things out:
|
||||
|
||||
* run :command:`ip a` and see that it's been allocated an IP address in the range 10.3.0.0/16.
|
||||
|
||||
* run :command:`ping 10.3.0.1` to see that the Liminix VM responds
|
||||
|
||||
* run :command:`ssh root@10.3.0.1` to try logging into it.
|
||||
|
||||
Congratulations! You have installed your first Liminix system - albeit
|
||||
it has no practical use and it's not even real. The next step is to try
|
||||
running it on hardware.
|
||||
|
||||
Installing on hardware
|
||||
**********************
|
||||
|
||||
For the next example, we're going to install onto an actual hardware
|
||||
device. These steps have been tested using a GL.iNet GL-MT300A, which
|
||||
has been chosen for the purpose because it's cheap and easy to
|
||||
unbrick if necessary.
|
||||
|
||||
.. warning:: There is always a risk of rendering your device
|
||||
unbootable by flashing it with an image that doesn't
|
||||
work. The GL-MT300A has a builtin "debrick" procedure in
|
||||
the boot monitor and is also comparatively simple to
|
||||
attach serial cables to (soldering not required), so it
|
||||
is lower-risk than some devices. Using some other
|
||||
Liminix-supported MIPS hardware device also *ought* to
|
||||
work here, but you accept the slightly greater bricking
|
||||
risk if it doesn't.
|
||||
|
||||
You may want to read and inwardly digest the Develoment Manual section
|
||||
:ref:`serial` when you start working with Liminix on real hardware. You
|
||||
won't *need* serial access for this example, assuming it works, but it
|
||||
allows you
|
||||
to see the boot monitor and kernel messages, and to login directly to
|
||||
the device if for some reason it doesn't bring its network up.
|
||||
|
||||
Now we can build Liminix. Although we could use the same example
|
||||
configuration as we did for Qemu, you might not want to plug a DHCP
|
||||
server into your working LAN because it will compete with the real
|
||||
DHCP service. So we're going to use a different configuration with a
|
||||
DHCP client: this is :file:`examples/hello-from-mt300.nix`
|
||||
|
||||
It's instructive to compare the two configurations:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
diff -u examples/hello-from-qemu.nix examples/hello-from-mt300.nix
|
||||
|
||||
You'll see a new ``boot.tftp`` stanza which you can ignore,
|
||||
``services.dns`` has been removed, and the static IP address allocation
|
||||
has been replaced by a ``dhcp.client`` service.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./examples/hello-from-mt300.nix \
|
||||
--arg device "import ./devices/gl-mt300a" -A outputs.default
|
||||
|
||||
.. tip:: The first time you run this it may take several hours.
|
||||
Again? Yes, even if you ran the previous example. Qemu is
|
||||
set up as a big-endian system whereas the MediaTek SoC
|
||||
on this device is little-endian - so it requires building
|
||||
all of the dependencies including an entirely different
|
||||
MIPS gcc and library toolchain to the other one.
|
||||
|
||||
This time in :file:`result/` you will see a bunch of files. Most of
|
||||
them you can ignore for the moment, but :file:`result/firmware.bin` is
|
||||
the firmware image you can flash.
|
||||
|
||||
|
||||
Flashing
|
||||
========
|
||||
|
||||
Again, there are a number of different ways you could do this: using
|
||||
TFTP with a serial cable, through the stock firmware's web UI, or
|
||||
using the `vendor's "debrick" process
|
||||
<https://docs.gl-inet.com/router/en/3/tutorials/debrick/>`_. The last
|
||||
of these options has a lot to recommend it for a first attempt:
|
||||
|
||||
* it works no matter what firmware is currently installed
|
||||
|
||||
* it doesn't require plugging a router into the same network as your
|
||||
build system and potentially messing up your actual upstream
|
||||
|
||||
* no need to open the device and add cables
|
||||
|
||||
You can read detailed instructions on the vendor site, but the short version is:
|
||||
|
||||
1. turn the device off
|
||||
2. connect it by ethernet cable to a computer
|
||||
3. configure the computer to have static ip address 192.168.1.10
|
||||
4. while holding down the Reset button, turn the device on
|
||||
5. after about five seconds you can release the Reset button
|
||||
6. visit http://192.168.1.1/ using a web browser on the connected computer
|
||||
7. click on "Browse" and choose :file:`result/firmware.bin`
|
||||
8. click on "Update firmware"
|
||||
9. wait a minute or so while it updates.
|
||||
|
||||
There's no feedback from the web interface when the flashing is
|
||||
finished, but what should happen is that the router reboots and
|
||||
starts running Liminix. Now you need to figure out what address it got
|
||||
from DHCP - e.g. by checking the DHCP server logs, or maybe by pinging
|
||||
``hello.lan`` or something. Once you've found it on the
|
||||
network you can ping it and ssh to it just like you did the Qemu
|
||||
example, but this time for real.
|
||||
|
||||
.. warning:: Do not leave the default root password in place on any
|
||||
device exposed to the internet! Although it has no
|
||||
writable storage and no default route, a motivated attacker
|
||||
with some imagination could probably still do something
|
||||
awful using it.
|
||||
|
||||
Congratulations Part II! You have installed your first Liminix system on actual hardware - albeit that it *still* has no practical use.
|
||||
|
||||
Exercise for the reader: change the default password by editing
|
||||
:file:`examples/hello-from-mt300.nix`, and then create and upload a
|
||||
new image that has it set to something less hopeless.
|
||||
|
||||
Routing
|
||||
*******
|
||||
|
||||
The third example :file:`examples/demo.nix` is a fully-functional home
|
||||
"WiFi router" - although you will have to edit it a bit before it will
|
||||
actually work for you. Copy :file:`examples/demo.nix` to
|
||||
:file:`my-router.nix` (or other name of your choice) and open it in
|
||||
your favourite text editor. Everywhere that the text :code:`EDIT`
|
||||
appears is either a place you probably want to change or a place you
|
||||
almost certainly need to change.
|
||||
|
||||
There's a lot going on in this configuration:
|
||||
|
||||
* it provides a wireless access point using the :code:`hostapd`
|
||||
service: in this stanza you can change the ssid, the channel,
|
||||
the passphrase etc.
|
||||
|
||||
* the wireless lan and wired lan are bridged together with the
|
||||
:code:`bridge` service, so that your wired and wireless clients appear
|
||||
to be on the same network.
|
||||
|
||||
.. tip:: If you were using a hardware device that provides both 2.4GHz
|
||||
and 5GHz wifi, you'd probably find that it has two wireless
|
||||
devices (often called wlan0 and wlan1). In Liminix we handle
|
||||
this by running two :code:`hostapd` services, and adding
|
||||
both of them to the network bridge along with the wired lan.
|
||||
(You can see an example in :file:`examples/rotuer.nix`)
|
||||
|
||||
* we use the combination DNS and DHCP daemon provided by the
|
||||
:code:`dnsmasq` service, which you can configure
|
||||
|
||||
* the upstream network is "PPP over Ethernet", provided by the
|
||||
:code:`pppoe` service. Assuming that your ISP uses this standard,
|
||||
they will have provided you with a PPP username and password
|
||||
(sometimes this will be listed as "PAP" or "CHAP") which you can edit
|
||||
into the configuration
|
||||
|
||||
* this example supports the new [#ipv6]_ Internet Protocol v6
|
||||
as well as traditional IPv4. Configuring IPv6 seems to
|
||||
vary from one ISP to the next: this example expects them
|
||||
to be providing IP address allocation and "prefix delegation"
|
||||
using DHCP6.
|
||||
|
||||
Build it using the same method as the previous example
|
||||
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./my-router.nix \
|
||||
--arg device "import ./devices/gl-mt300a" -A outputs.default
|
||||
|
||||
and then you can flash it to the device.
|
||||
|
||||
|
||||
Bonus: in-place updates
|
||||
=======================
|
||||
|
||||
This configuration uses a writable filesystem (see the line
|
||||
:code:`rootfsType = "jffs2"`), which means that once you've flashed it
|
||||
for the first time, you can make further updates over SSH onto the
|
||||
running router. To try this, make a small change (I'd suggest changing
|
||||
the hostname) and then run
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-shell --run "liminix-rebuild root@address-of-the-device -I liminix-config=./my-router.nix --arg device "import ./devices/gl-ar750""
|
||||
|
||||
(This requires the device to be network-accessible from your build
|
||||
machine, which for a test/demo system might involve a second network
|
||||
device in your build system - USB ethernet adapters are cheap - or
|
||||
a bit of messing around unplugging cables.)
|
||||
|
||||
For more information about :code:`liminix-rebuild`, see the manual section :ref:`admin:Rebuilding the system`.
|
||||
|
||||
|
||||
Final thoughts
|
||||
**************
|
||||
|
||||
* These are demonstration configs for pedagogical purposes. If you'd
|
||||
like to see some more realistic uses of Liminix,
|
||||
:file:`examples/rotuer,arhcive,extneder.nix` are based on some
|
||||
actual real hosts in my home network.
|
||||
|
||||
* The technique used here for flashing was chosen mostly because it
|
||||
doesn't need much infrastructure/tooling, but it is a bit of a faff
|
||||
(requires physical access, vendor specific). There are slicker ways
|
||||
to do it that need a bit more setup - we'll talk about that later as
|
||||
well.
|
||||
|
||||
|
||||
|
||||
.. rubric:: Footnotes
|
||||
|
||||
.. [#ipv6] `RFC1883 Internet Protocol, Version 6 <https://datatracker.ietf.org/doc/html/rfc1883>`_ was published in 1995, so only "new" when Bill Clinton was US President
|
347
doc/user.rst
Normal file
347
doc/user.rst
Normal file
@ -0,0 +1,347 @@
|
||||
User Manual
|
||||
###########
|
||||
|
||||
This manual is an early work in progress, not least because Liminix is
|
||||
not yet really ready for users who are not also developers. Your
|
||||
feedback to improve it is very welcome.
|
||||
|
||||
Installation
|
||||
************
|
||||
|
||||
The Liminix installation process is not quite like installing NixOS on
|
||||
a real computer, but some NixOS experience will nevertheless be
|
||||
helpful in understanding it. The steps are as follows:
|
||||
|
||||
* Decide whether you want the device to be updatable in-place (there
|
||||
are advantages and disadvantages), or if you are happy to generate
|
||||
and flash a new image whenever changes are required.
|
||||
|
||||
* Create a :file:`configuration.nix` describing the system you want
|
||||
|
||||
* Build an image
|
||||
|
||||
* Flash it to the device
|
||||
|
||||
Supported devices
|
||||
=================
|
||||
|
||||
For a list of devices that Liminix (present or previous versions)
|
||||
has run on, refer to `devices/ in the source repo <https://gti.telent.net/dan/liminix/src/branch/main/devices>`_. For devices that _currently_ build,
|
||||
cross-reference it with `the CI status <https://build.liminix.org/jobset/liminix/build#tabs-jobs>`_. Everything that builds is (usually) expected
|
||||
to run, so if you end up with an image that builds but doesn't
|
||||
boot, please report it as a bug.
|
||||
|
||||
As of June 2023 the device list is a little thin. Adding devices based
|
||||
on the Atheros or Mediatek (Ralink) platform should be quite
|
||||
straightforward if you have some C/Linux kernel experience and are
|
||||
prepared to open it up and attach serial wires: please refer to the
|
||||
Developer Manual.
|
||||
|
||||
|
||||
Choosing a flavour (read-only or updatable)
|
||||
===========================================
|
||||
|
||||
Liminix installations come in two "flavours"- read-only or in-place
|
||||
updatable:
|
||||
|
||||
* a read-only installation can't be updated once it is flashed to your
|
||||
device, and so must be reinstalled in its entirety every time you
|
||||
want to change it. It uses the ``squashfs`` filesystem which has
|
||||
very good compression ratios and so you can pack quite a lot of
|
||||
useful stuff onto your device. This is good if you don't expect
|
||||
to change it often.
|
||||
|
||||
* an updatable installation has a writable filesystem so that you can
|
||||
update configuration, upgrade packages and install new packages over
|
||||
the network after installation. This uses the `jffs2
|
||||
<http://www.linux-mtd.infradead.org/doc/jffs2.html>`_ filesystem:
|
||||
although it does compress the data, the need to support writes means
|
||||
that it can't pack quite as small as squashfs, so you will not have
|
||||
as much space to play with.
|
||||
|
||||
Updatability caveats
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
At the time of writing this manual the read-only squashfs support is
|
||||
much more mature. Consider also that it may not be possible to perform
|
||||
"larger" updates in-place even if you do opt for updatability. If you
|
||||
have (for example) an 11MB system on a 16MB device, you won't be able
|
||||
to do an in-place update of something fundamental like the C library
|
||||
(libc), as this will temporarily require 22MB to install all the
|
||||
packages needing the new library before the packages using the old
|
||||
library can be removed. A writable system will be more useful for
|
||||
smaller updates such as installing a new package (perhaps you
|
||||
temporarily need tcpdump to diagnose a network problem) or for
|
||||
changing configuration files.
|
||||
|
||||
Note also that the kernel is not part of the filesystem so cannot be
|
||||
updated this way. Kernel changes require a full reflash.
|
||||
|
||||
|
||||
|
||||
Creating configuration.nix
|
||||
==========================
|
||||
|
||||
|
||||
You need to create a :file:`configuration.nix` that describes your
|
||||
device and the services that you want to run on it. The best way to
|
||||
get started is by reading one of the examples such as
|
||||
:file:`examples/rotuer.nix` and modifying it to your needs.
|
||||
|
||||
:file:`configuration.nix` conventionally describes the packages, services,
|
||||
user accounts etc of the device. It does not describe the hardware
|
||||
itself, which is specified separately in the build command (as you
|
||||
will see below).
|
||||
|
||||
Most of the functionality of a Liminix system is driven by *services*
|
||||
which are declared by *modules*: thus, to add for example an NTP service
|
||||
you first add :file:`modules/ntp` to your ``imports`` list, then
|
||||
you create a service by calling :code:`config.system.service.ntp.build { .... }`
|
||||
with the appropriate service-dependent configuration parameters.
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
let svc = config.system.service;
|
||||
in {
|
||||
# ...
|
||||
imports = [
|
||||
./modules/ntp
|
||||
# ....
|
||||
];
|
||||
config.services.ntp = svc.ntp.build {
|
||||
pools = { "pool.ntp.org" = ["iburst"]; };
|
||||
makestep = { threshold = 1.0; limit = 3; };
|
||||
};
|
||||
|
||||
A :ref:`full list of module options <module-options>` is provided
|
||||
later in this manual.
|
||||
|
||||
You *most likely* want to include the ``standard`` module unless you
|
||||
have a quite unusual use case for a very minimal system, in which case
|
||||
you will understand what it does and what happens if you leave it out.
|
||||
|
||||
.. code-block:: nix
|
||||
|
||||
imports = [
|
||||
./modules/standard.nix
|
||||
]
|
||||
configuration.rootfsType = "jffs2"; # or "squashfs"
|
||||
|
||||
|
||||
|
||||
Building
|
||||
========
|
||||
|
||||
Build Liminix using the :file:`default.nix` in the project toplevel
|
||||
directory, passing it arguments for configuration and hardware. For
|
||||
example:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./tests/smoke/configuration.nix \
|
||||
--arg device "import ./devices/qemu" -A outputs.default
|
||||
|
||||
In this command ``<liminix-config>`` points to your
|
||||
:file:`configuration.nix`, ``device`` is the file for your hardware device
|
||||
definition, and ``outputs.default`` will generate some kind of
|
||||
Liminix image output appropriate to that device.
|
||||
|
||||
For the qemu device in this example, ``outputs.default`` is an alias
|
||||
for ``outputs.vmbuild``, which creates a directory containing a
|
||||
squashfs root image and a kernel. You can use the :command:`mips-vm` command to
|
||||
run this.
|
||||
|
||||
For the currently supported hardware devices, ``outputs.default``
|
||||
creates a directory containing a file called ``firmware.bin``. This
|
||||
is a raw image file that can be written directly to the firmware flash
|
||||
partition.
|
||||
|
||||
|
||||
Flashing
|
||||
========
|
||||
|
||||
|
||||
Flashing from the boot monitor
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
If you are prepared to open the device and have a TTL serial adaptor
|
||||
of some kind to connect it to, you can probably flash it using U-Boot.
|
||||
This is quite hardware-specific, and sometimes involves soldering:
|
||||
please refer to the Developer Manual.
|
||||
|
||||
|
||||
Flashing from an existing Liminix system with :command:`flashcp`
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The flash procedure from an existing Liminix-system is two-step.
|
||||
First we reboot the device (using "kexec") into an "ephemeral"
|
||||
RAM-based version of the new configuration, then when we're happy it
|
||||
works we can flash the image - and if it doesn't work we can reboot
|
||||
the device again and it will boot from the old image.
|
||||
|
||||
|
||||
|
||||
Building the RAM-based image
|
||||
............................
|
||||
|
||||
To create the ephemeral image, build ``outputs.kexecboot`` instead of
|
||||
``outputs.default``. This generates a directory containing the root
|
||||
filesystem image and kernel, along with an executable called `kexec`
|
||||
and a `boot.sh` script that runs it with appropriate arguments.
|
||||
|
||||
For example
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build --show-trace -I liminix-config=./examples/arhcive.nix \
|
||||
--arg device "import ./devices/gl-ar750"
|
||||
-A outputs.kexecboot && \
|
||||
(tar chf - result | ssh root@the-device tar -C /run -xvf -)
|
||||
|
||||
and then login to the device and run
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd /run/result
|
||||
sh ./boot.sh .
|
||||
|
||||
|
||||
This will load the new kernel and map the root filesystem into a RAM
|
||||
disk, then start executing the new kernel. *This is effectively a
|
||||
reboot - be sure to close all open files and finish anything else
|
||||
you were doing first.*
|
||||
|
||||
If the new system crashes or is rebooted, then the device will revert
|
||||
to the old configuration it finds in flash.
|
||||
|
||||
|
||||
Building the second (permanent) image
|
||||
.....................................
|
||||
|
||||
While running in the kexecboot system, you can copy the permanent
|
||||
image to the device with :command:`ssh`
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
build-machine$ tar chf - result/firmware.bin | \
|
||||
ssh root@the-device tar -C /run -xvf -
|
||||
|
||||
Next you need to connect to the device and locate the "firmware"
|
||||
partition, which you can do with a combination of :command:`dmesg`
|
||||
output and the contents of :file:`/proc/mtd`
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
<5>[ 0.469841] Creating 4 MTD partitions on "spi0.0":
|
||||
<5>[ 0.474837] 0x000000000000-0x000000040000 : "u-boot"
|
||||
<5>[ 0.480796] 0x000000040000-0x000000050000 : "u-boot-env"
|
||||
<5>[ 0.487056] 0x000000050000-0x000000060000 : "art"
|
||||
<5>[ 0.492753] 0x000000060000-0x000001000000 : "firmware"
|
||||
|
||||
# cat /proc/mtd
|
||||
dev: size erasesize name
|
||||
mtd0: 00040000 00001000 "u-boot"
|
||||
mtd1: 00010000 00001000 "u-boot-env"
|
||||
mtd2: 00010000 00001000 "art"
|
||||
mtd3: 00fa0000 00001000 "firmware"
|
||||
mtd4: 002a0000 00001000 "kernel"
|
||||
mtd5: 00d00000 00001000 "rootfs"
|
||||
|
||||
Now run (in this example)
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
flashcp -v firmware.bin /dev/mtd3
|
||||
|
||||
|
||||
"I know my new image is good, can I skip the intemediate step?"
|
||||
```````````````````````````````````````````````````````````````
|
||||
|
||||
In addition to giving you a chance to see if the new image works, this
|
||||
two-step process ensures that you're not copying the new image over
|
||||
the top of the active root filesystem. It might work, or it might
|
||||
crash in surprising ways.
|
||||
|
||||
|
||||
|
||||
Flashing from OpenWrt (not currently advised!)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. CAUTION:: At your own risk! This will (at least in some
|
||||
circumstances) lead to bricking the device: we think this
|
||||
flash method is currently incompatible with use of a
|
||||
writeable (jffs2) filesystem.
|
||||
|
||||
If your device is running OpenWrt then it probably has the
|
||||
:command:`mtd` command installed. After transferring the image onto the
|
||||
device using e.g. :command:`ssh`, you can run it as follows:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
mtd -r write /tmp/firmware.bin firmware
|
||||
|
||||
For more information, please see the `OpenWrt manual <https://openwrt.org/docs/guide-user/installation/sysupgrade.cli>`_ which may also contain (hardware-dependent) instructions on how to flash an image using the vendor firmware - perhaps even from a web interface.
|
||||
|
||||
|
||||
Updating an installed system (JFFS2)
|
||||
************************************
|
||||
|
||||
Adding packages
|
||||
===============
|
||||
|
||||
|
||||
If your device is running a JFFS2 root filesystem, you can build
|
||||
extra packages for it on your build system and copy them to the
|
||||
device: any package in Nixpkgs or in the Liminix overlay is available
|
||||
with the ``pkgs`` prefix:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
nix-build -I liminix-config=./my-configuration.nix \
|
||||
--arg device "import ./devices/mydevice" -A pkgs.tcpdump
|
||||
|
||||
nix-shell -p min-copy-closure root@the-device result/
|
||||
|
||||
Note that this only copies the package to the device: it doesn't update
|
||||
any profile to add it to ``$PATH``
|
||||
|
||||
|
||||
Rebuilding the system
|
||||
=====================
|
||||
|
||||
:command:`liminix-rebuild` is the Liminix analogue of :command:`nixos-rebuild`, although its operation is a bit different because it expects to run on a build machine and then copy to the host device. Run it with the same ``liminix-config`` and ``device`` parameters as you would run :command:`nix-build`, and it will build any new/changed packages and then copy them to the device using SSH. For example:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
liminix-rebuild root@the-device -I liminix-config=./examples/rotuer.nix --arg device "import ./devices/gl-ar750"
|
||||
|
||||
This will
|
||||
|
||||
* build anything that needs building
|
||||
* copy new or changed packages to the device
|
||||
* reboot the device
|
||||
|
||||
It doesn't delete old packages automatically: to do that run
|
||||
:command:`min-collect-garbage`, which will delete any packages not in
|
||||
the current system closure. Note that Liminix does not have the NixOS
|
||||
concept of environments or generations, and there is no way back from
|
||||
this except for building the previous configuration again.
|
||||
|
||||
|
||||
|
||||
Caveats
|
||||
~~~~~~~
|
||||
|
||||
* it needs there to be enough free space on the device for all the new
|
||||
packages in addition to all the packages already on it - which may be
|
||||
a problem if a lot of things have changed (e.g. a new version of
|
||||
nixpkgs).
|
||||
|
||||
* it cannot upgrade the kernel, only userland
|
||||
|
||||
Configuration options
|
||||
*********************
|
||||
|
||||
.. _module-options:
|
||||
|
||||
.. include:: modules.rst
|
59
examples/acquire-delegated-prefix.fnl
Normal file
59
examples/acquire-delegated-prefix.fnl
Normal file
@ -0,0 +1,59 @@
|
||||
(local { : merge : split : file-exists? : system } (require :anoia))
|
||||
(local svc (require :anoia.svc))
|
||||
|
||||
(fn parse-prefix [str]
|
||||
(fn parse-extra [s]
|
||||
(let [out {}]
|
||||
(each [name val (string.gmatch s ",(.-)=([^,]+)")]
|
||||
(tset out name val))
|
||||
out))
|
||||
(let [(prefix len preferred valid extra)
|
||||
(string.match str "(.-)::/(%d+),(%d+),(%d+)(.*)$")]
|
||||
(merge {: prefix : len : preferred : valid} (parse-extra extra))))
|
||||
|
||||
|
||||
;; Format: <prefix>/<length>,preferred,valid[,excluded=<excluded-prefix>/<length>][,class=<prefix class #>]
|
||||
|
||||
;;(parse-prefix "2001:8b0:de3a:40dc::/64,7198,7198")
|
||||
;;(parse-prefix "2001:8b0:de3a:1001::/64,7198,7188,excluded=1/2,thi=10")
|
||||
|
||||
|
||||
(local bound-states
|
||||
{ :bound true
|
||||
:rebound true
|
||||
:informed true
|
||||
:updated true
|
||||
:ra-updated true
|
||||
})
|
||||
|
||||
; (local { : view } (require :fennel))
|
||||
|
||||
(fn changes [old-prefixes new-prefixes]
|
||||
(let [added {}
|
||||
deleted {}
|
||||
old-set (collect [_ v (ipairs old-prefixes)] (values v true))
|
||||
new-set (collect [_ v (ipairs new-prefixes)] (values v true))]
|
||||
(each [_ prefix (ipairs new-prefixes)]
|
||||
(if (not (. old-set prefix))
|
||||
(table.insert added (parse-prefix prefix))))
|
||||
(each [_ prefix (ipairs old-prefixes)]
|
||||
(if (not (. new-set prefix))
|
||||
(table.insert deleted (parse-prefix prefix))))
|
||||
(values added deleted)))
|
||||
|
||||
(let [[state-directory lan-device] arg
|
||||
dir (svc.open state-directory)]
|
||||
(var prefixes [])
|
||||
(while true
|
||||
(while (not (dir:ready?)) (dir:wait))
|
||||
(if (. bound-states (dir:output "state"))
|
||||
(let [new-prefixes (split " " (dir:output "/prefixes"))
|
||||
(added deleted) (changes prefixes new-prefixes)]
|
||||
(each [_ p (ipairs added)]
|
||||
(system
|
||||
(.. "ip address add " p.prefix "::1/" p.len " dev " lan-device)))
|
||||
(each [_ p (ipairs deleted)]
|
||||
(system
|
||||
(.. "ip address del " p.prefix "::1/" p.len " dev " lan-device)))
|
||||
(set prefixes new-prefixes)))
|
||||
(dir:wait)))
|
8
examples/acquire-delegated-prefix.nix
Normal file
8
examples/acquire-delegated-prefix.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
writeFennelScript
|
||||
, linotify
|
||||
, anoia
|
||||
}:
|
||||
writeFennelScript "acquire-delegated-prefix"
|
||||
[ linotify anoia ]
|
||||
./acquire-delegated-prefix.fnl
|
60
examples/acquire-wan-address.fnl
Normal file
60
examples/acquire-wan-address.fnl
Normal file
@ -0,0 +1,60 @@
|
||||
(local { : merge : split : file-exists? : system } (require :anoia))
|
||||
(local svc (require :anoia.svc))
|
||||
|
||||
;; structurally this is remarkably similar to
|
||||
;; acquire-lan-prefix.fnl. maybe they should be merged: if not then
|
||||
;; we could at least extract some common code
|
||||
|
||||
;; (alternatively we could move all the parsing code into the thing in
|
||||
;; the odhcp service that *writes* this stuff)
|
||||
|
||||
; (parse-address "2001:8b0:1111:1111:0:ffff:51bb:4cf2/128,3600,7200")
|
||||
|
||||
|
||||
(fn parse-address [str]
|
||||
(fn parse-extra [s]
|
||||
(let [out {}]
|
||||
(each [name val (string.gmatch s ",(.-)=([^,]+)")]
|
||||
(tset out name val))
|
||||
out))
|
||||
(let [(address len preferred valid extra)
|
||||
(string.match str "(.-)/(%d+),(%d+),(%d+)(.*)$")]
|
||||
(merge {: address : len : preferred : valid} (parse-extra extra))))
|
||||
|
||||
(local bound-states
|
||||
{ :bound true
|
||||
:rebound true
|
||||
:informed true
|
||||
:updated true
|
||||
:ra-updated true
|
||||
})
|
||||
|
||||
(fn changes [old-addresses new-addresses]
|
||||
(let [added {}
|
||||
deleted {}
|
||||
old-set (collect [_ v (ipairs old-addresses)] (values v true))
|
||||
new-set (collect [_ v (ipairs new-addresses)] (values v true))]
|
||||
(each [_ address (ipairs new-addresses)]
|
||||
(if (not (. old-set address))
|
||||
(table.insert added (parse-address address))))
|
||||
(each [_ address (ipairs old-addresses)]
|
||||
(if (not (. new-set address))
|
||||
(table.insert deleted (parse-address address))))
|
||||
(values added deleted)))
|
||||
|
||||
(let [[state-directory wan-device] arg
|
||||
dir (svc.open state-directory)]
|
||||
(var addresses [])
|
||||
(while true
|
||||
(while (not (dir:ready?)) (dir:wait))
|
||||
(if (. bound-states (dir:output "state"))
|
||||
(let [new-addresses (split " " (dir:output "/addresses"))
|
||||
(added deleted) (changes addresses new-addresses)]
|
||||
(each [_ p (ipairs added)]
|
||||
(system
|
||||
(.. "ip address add " p.address "/" p.len " dev " wan-device)))
|
||||
(each [_ p (ipairs deleted)]
|
||||
(system
|
||||
(.. "ip address del " p.address "/" p.len " dev " wan-device)))
|
||||
(set addresses new-addresses)))
|
||||
(dir:wait)))
|
8
examples/acquire-wan-address.nix
Normal file
8
examples/acquire-wan-address.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
writeFennelScript
|
||||
, linotify
|
||||
, anoia
|
||||
}:
|
||||
writeFennelScript "acquire-wan-address"
|
||||
[ linotify anoia ]
|
||||
./acquire-wan-address.fnl
|
@ -11,6 +11,10 @@
|
||||
...
|
||||
}: let
|
||||
secrets = import ./extneder-secrets.nix;
|
||||
inherit
|
||||
(pkgs.liminix.networking)
|
||||
route
|
||||
;
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
inherit (pkgs) writeText dropbear ifwait serviceFns;
|
||||
@ -24,13 +28,11 @@ in rec {
|
||||
};
|
||||
|
||||
imports = [
|
||||
../modules/standard.nix
|
||||
../modules/wlan.nix
|
||||
../modules/network
|
||||
../modules/vlan
|
||||
../modules/ssh
|
||||
../modules/watchdog
|
||||
../modules/mount
|
||||
];
|
||||
|
||||
hostname = "arhcive";
|
||||
|
||||
kernel = {
|
||||
@ -49,6 +51,7 @@ in rec {
|
||||
SCSI = "y";
|
||||
BLK_DEV_SD = "y";
|
||||
USB_PRINTER = "y";
|
||||
PARTITION_ADVANCED = "y";
|
||||
MSDOS_PARTITION = "y";
|
||||
EFI_PARTITION = "y";
|
||||
EXT4_FS = "y";
|
||||
@ -64,12 +67,51 @@ in rec {
|
||||
dependencies = [ config.services.hostname ];
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
services.watchdog = svc.watchdog.build {
|
||||
watched = with config.services ; [ sshd dhcpc ];
|
||||
services.sshd = longrun {
|
||||
name = "sshd";
|
||||
run = ''
|
||||
mkdir -p /run/dropbear
|
||||
${dropbear}/bin/dropbear -E -P /run/dropbear.pid -R -F
|
||||
'';
|
||||
};
|
||||
|
||||
services.watchdog =
|
||||
let
|
||||
watched = with config.services ; [ sshd dhcpc ];
|
||||
spinupGrace = 60;
|
||||
script = pkgs.writeAshScript "gaspode" {
|
||||
runtimeInputs = [ pkgs.s6 ];
|
||||
} ''
|
||||
deadline=$(expr $(date +%s) + ${toString spinupGrace})
|
||||
services=$@
|
||||
echo started feeding the dog
|
||||
exec 3> ''${WATCHDOG-/dev/watchdog}
|
||||
|
||||
healthy(){
|
||||
test $(date +%s) -le $deadline && return 0
|
||||
|
||||
for i in $services; do
|
||||
if test "$(s6-svstat -o up /run/service/$i)" != "true" ; then
|
||||
echo "service $i is down"
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
while healthy ;do
|
||||
sleep 10
|
||||
echo >&3
|
||||
done
|
||||
echo "stopped feeding the dog"
|
||||
sleep 6000 # don't want s6-rc to restart
|
||||
'';
|
||||
in longrun {
|
||||
name = "watchdog";
|
||||
run =
|
||||
"${script} ${lib.concatStringsSep " " (builtins.map (s: s.name) watched)}";
|
||||
};
|
||||
|
||||
|
||||
services.resolvconf = oneshot rec {
|
||||
dependencies = [ services.dhcpc ];
|
||||
name = "resolvconf";
|
||||
@ -81,6 +123,9 @@ in rec {
|
||||
done
|
||||
)
|
||||
'';
|
||||
down = ''
|
||||
rm -rf /run/service-state/${name}/
|
||||
'';
|
||||
};
|
||||
filesystem = dir {
|
||||
etc = dir {
|
||||
@ -89,25 +134,35 @@ in rec {
|
||||
srv = dir {};
|
||||
};
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
services.defaultroute4 = route {
|
||||
name = "defaultroute";
|
||||
via = "$(output ${services.dhcpc} router)";
|
||||
target = "default";
|
||||
dependencies = [services.dhcpc];
|
||||
};
|
||||
|
||||
programs.busybox = {
|
||||
applets = ["lsusb" "tar"];
|
||||
applets = ["blkid" "lsusb" "findfs" "tar"];
|
||||
options = {
|
||||
FEATURE_LS_TIMESTAMPS = "y";
|
||||
FEATURE_LS_SORTFILES = "y";
|
||||
FEATURE_BLKID_TYPE = "y";
|
||||
FEATURE_MOUNT_FLAGS = "y";
|
||||
FEATURE_MOUNT_LABEL = "y";
|
||||
FEATURE_VOLUMEID_EXT = "y";
|
||||
};
|
||||
};
|
||||
|
||||
services.mount_external_disk = svc.mount.build {
|
||||
device = "LABEL=backup-disk";
|
||||
mountpoint = "/srv";
|
||||
fstype = "ext4";
|
||||
services.mount_external_disk = oneshot {
|
||||
name = "mount_external_disk";
|
||||
up = ''
|
||||
while ! findfs LABEL=backup-disk; do
|
||||
echo waiting for backup-disk
|
||||
sleep 1
|
||||
done
|
||||
mount -t ext4 LABEL=backup-disk /srv
|
||||
'';
|
||||
down = "umount /srv";
|
||||
};
|
||||
|
||||
services.rsync =
|
||||
@ -144,6 +199,20 @@ in rec {
|
||||
] ;
|
||||
};
|
||||
|
||||
services.default = target {
|
||||
name = "default";
|
||||
contents =
|
||||
let links = config.hardware.networkInterfaces;
|
||||
in with config.services; [
|
||||
links.lo
|
||||
defaultroute4
|
||||
resolvconf
|
||||
sshd
|
||||
rsync
|
||||
watchdog
|
||||
];
|
||||
};
|
||||
|
||||
users.root = {
|
||||
passwd = lib.mkForce secrets.root_password;
|
||||
# openssh.authorizedKeys.keys = [
|
||||
|
@ -1,202 +0,0 @@
|
||||
# This is an example configuration for a "typical" small office/home
|
||||
# router and wifi access point.
|
||||
|
||||
# You need to copy it to another filename and change the configuration
|
||||
# wherever the text "EDIT" appears - please consult the tutorial
|
||||
# documentation for details.
|
||||
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
inherit (pkgs.liminix.services) bundle oneshot longrun;
|
||||
inherit (pkgs) serviceFns;
|
||||
# EDIT: you can pick your preferred RFC1918 address space
|
||||
# for NATted connections, if you don't like this one.
|
||||
ipv4LocalNet = "10.8.0";
|
||||
svc = config.system.service;
|
||||
|
||||
in rec {
|
||||
boot = {
|
||||
tftp = {
|
||||
freeSpaceBytes = 3 * 1024 * 1024;
|
||||
serverip = "10.0.0.1";
|
||||
ipaddr = "10.0.0.8";
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
../modules/bridge
|
||||
../modules/dhcp6c
|
||||
../modules/dnsmasq
|
||||
../modules/firewall
|
||||
../modules/hostapd
|
||||
../modules/network
|
||||
../modules/ntp
|
||||
../modules/ppp
|
||||
../modules/ssh
|
||||
../modules/vlan
|
||||
../modules/wlan.nix
|
||||
];
|
||||
rootfsType = "jffs2";
|
||||
hostname = "the-internet"; # EDIT
|
||||
|
||||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
# EDIT: you will want to change the obvious things
|
||||
# here to values of your choice
|
||||
params = {
|
||||
ssid = "the-internet";
|
||||
channel = "1";
|
||||
country_code = "GB";
|
||||
wpa_passphrase = "not a real wifi password";
|
||||
|
||||
hw_mode="g";
|
||||
ieee80211n = 1;
|
||||
auth_algs = 1; # 1=wpa2, 2=wep, 3=both
|
||||
wpa = 2; # 1=wpa, 2=wpa2, 3=both
|
||||
wpa_key_mgmt = "WPA-PSK";
|
||||
wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
|
||||
rsn_pairwise = "CCMP"; # auth for wpa2
|
||||
wmm_enabled = 1;
|
||||
};
|
||||
};
|
||||
|
||||
services.int = svc.network.address.build {
|
||||
interface = svc.bridge.primary.build { ifname = "int"; };
|
||||
family = "inet"; address = "${ipv4LocalNet}.1"; prefixLength = 16;
|
||||
};
|
||||
|
||||
services.bridge = svc.bridge.members.build {
|
||||
primary = services.int;
|
||||
members = with config.hardware.networkInterfaces;
|
||||
[ wlan lan ];
|
||||
};
|
||||
|
||||
services.ntp = svc.ntp.build {
|
||||
pools = { "pool.ntp.org" = ["iburst"]; };
|
||||
makestep = { threshold = 1.0; limit = 3; };
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
users.root = {
|
||||
# EDIT: choose a root password and then use
|
||||
# "mkpasswd -m sha512crypt" to determine the hash.
|
||||
# It should start wirh $6$.
|
||||
passwd = "$6$6HG7WALLQQY1LQDE$428cnouMJ7wVmyK9.dF1uWs7t0z9ztgp3MHvN5bbeo0M4Kqg/u2ThjoSHIjCEJQlnVpDOaEKcOjXAlIClHWN21";
|
||||
openssh.authorizedKeys.keys = [
|
||||
# EDIT: you can add your ssh pubkey here
|
||||
# "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
|
||||
];
|
||||
};
|
||||
|
||||
services.dns =
|
||||
let interface = services.int;
|
||||
in svc.dnsmasq.build {
|
||||
resolvconf = services.resolvconf;
|
||||
inherit interface;
|
||||
ranges = [
|
||||
"${ipv4LocalNet}.10,${ipv4LocalNet}.249"
|
||||
# EDIT: ... maybe. In this example we use "ra-stateless",
|
||||
# meaning dnsmasq sends router advertisements with the O and A
|
||||
# bits set, and provides a stateless DHCP service. The client
|
||||
# will use a SLAAC address, and use DHCP for other
|
||||
# configuration information.
|
||||
# If you didn't understand the preceding sentence then
|
||||
# the default is _probably_ fine, but if you need
|
||||
# a DHCP-only IPv6 network or some other different
|
||||
# configuration, this is the place to change it.
|
||||
"::,constructor:$(output ${interface} ifname),ra-stateless"
|
||||
];
|
||||
# EDIT: choose a domain name for the DNS names issued for your
|
||||
# DHCP-issued hosts
|
||||
domain = "lan.example.com";
|
||||
};
|
||||
|
||||
services.wan = svc.pppoe.build {
|
||||
interface = config.hardware.networkInterfaces.wan;
|
||||
ppp-options = [
|
||||
"debug" "+ipv6" "noauth"
|
||||
# EDIT: change the strings "chap-username"
|
||||
# and "chap-secret" to match the username/password
|
||||
# provided by your ISP for PPP logins
|
||||
"name" "chap-username"
|
||||
"password" "chap-secret"
|
||||
];
|
||||
};
|
||||
|
||||
services.resolvconf = oneshot rec {
|
||||
dependencies = [ services.wan ];
|
||||
name = "resolvconf";
|
||||
up = ''
|
||||
. ${serviceFns}
|
||||
( in_outputs ${name}
|
||||
echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
|
||||
echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
|
||||
chmod 0444 resolv.conf
|
||||
)
|
||||
'';
|
||||
};
|
||||
|
||||
filesystem =
|
||||
let inherit (pkgs.pseudofile) dir symlink;
|
||||
in dir {
|
||||
etc = dir {
|
||||
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
|
||||
};
|
||||
};
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
via = "$(output ${services.wan} address)";
|
||||
target = "default";
|
||||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.defaultroute6 = svc.network.route.build {
|
||||
via = "$(output ${services.wan} ipv6-peer-address)";
|
||||
target = "default";
|
||||
interface = services.wan;
|
||||
};
|
||||
|
||||
services.firewall = svc.firewall.build {
|
||||
ruleset = import ./demo-firewall.nix;
|
||||
};
|
||||
|
||||
services.packet_forwarding = svc.network.forward.build { };
|
||||
|
||||
# We expect the ISP uses DHCP6 to issue IPv6 addresses. There is a
|
||||
# service to request address information in the form of a DHCP
|
||||
# lease, and two dependent services that listen for updates to the
|
||||
# DHCP address information and update the addresses of the WAN and
|
||||
# LAN interfaces respectively.
|
||||
|
||||
services.dhcp6c =
|
||||
let client = svc.dhcp6c.client.build {
|
||||
interface = services.wan;
|
||||
};
|
||||
in bundle {
|
||||
name = "dhcp6c";
|
||||
contents = [
|
||||
(svc.dhcp6c.prefix.build {
|
||||
# if your ISP provides you a real IPv6 prefix for your local
|
||||
# network (usually a /64 or /48 or something in between the
|
||||
# two), this service subscribes to that "prefix delegation"
|
||||
# information, and uses it to assign an address to the LAN
|
||||
# device. dnsmasq will notice this address and use it to
|
||||
# form the addresses it hands out to devices on the lan
|
||||
inherit client;
|
||||
interface = services.int;
|
||||
})
|
||||
(svc.dhcp6c.address.build {
|
||||
# if your ISP provides you a regular global IPv6 address,
|
||||
# this service subscribes to that information and assigns
|
||||
# the address to the WAN device.
|
||||
inherit client;
|
||||
interface = services.wan;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
min-collect-garbage
|
||||
];
|
||||
}
|
@ -11,6 +11,12 @@
|
||||
...
|
||||
}: let
|
||||
secrets = import ./extneder-secrets.nix;
|
||||
inherit
|
||||
(pkgs.liminix.networking)
|
||||
address
|
||||
interface
|
||||
route
|
||||
;
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
inherit (pkgs) dropbear ifwait serviceFns;
|
||||
@ -25,11 +31,10 @@ in rec {
|
||||
|
||||
imports = [
|
||||
../modules/wlan.nix
|
||||
../modules/vlan
|
||||
../modules/network
|
||||
../modules/hostapd
|
||||
../modules/bridge
|
||||
../modules/ssh
|
||||
../modules/standard.nix
|
||||
];
|
||||
|
||||
hostname = "extneder";
|
||||
@ -42,9 +47,7 @@ in rec {
|
||||
IP6_NF_IPTABLES = "y"; # do we still need these
|
||||
IP_NF_IPTABLES = "y"; # if using nftables directly
|
||||
|
||||
# these are copied from rotuer and need review.
|
||||
# we're not running a firewall, so why do we need
|
||||
# nftables config?
|
||||
# these are copied from rotuer and need review
|
||||
IP_NF_NAT = "y";
|
||||
IP_NF_TARGET_MASQUERADE = "y";
|
||||
NETFILTER = "y";
|
||||
@ -85,8 +88,9 @@ in rec {
|
||||
};
|
||||
};
|
||||
|
||||
services.int = svc.bridge.primary.build {
|
||||
ifname = "int";
|
||||
services.int = interface {
|
||||
type = "bridge";
|
||||
device = "int";
|
||||
};
|
||||
|
||||
services.dhcpc = svc.network.dhcp.client.build {
|
||||
@ -102,7 +106,13 @@ in rec {
|
||||
];
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build {};
|
||||
services.sshd = longrun {
|
||||
name = "sshd";
|
||||
run = ''
|
||||
mkdir -p /run/dropbear
|
||||
${dropbear}/bin/dropbear -E -P /run/dropbear.pid -R -F
|
||||
'';
|
||||
};
|
||||
|
||||
services.resolvconf = oneshot rec {
|
||||
dependencies = [ services.dhcpc ];
|
||||
@ -118,6 +128,9 @@ in rec {
|
||||
done
|
||||
)
|
||||
'';
|
||||
down = ''
|
||||
rm -rf /run/service-state/${name}/
|
||||
'';
|
||||
};
|
||||
filesystem = dir {
|
||||
etc = dir {
|
||||
@ -125,12 +138,27 @@ in rec {
|
||||
};
|
||||
};
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
services.defaultroute4 = route {
|
||||
name = "defaultroute";
|
||||
via = "$(output ${services.dhcpc} router)";
|
||||
target = "default";
|
||||
dependencies = [services.dhcpc];
|
||||
};
|
||||
|
||||
services.default = target {
|
||||
name = "default";
|
||||
contents =
|
||||
let links = config.hardware.networkInterfaces;
|
||||
in with config.services; [
|
||||
links.lo links.eth links.wlan
|
||||
int
|
||||
bridge
|
||||
hostap
|
||||
defaultroute4
|
||||
resolvconf
|
||||
sshd
|
||||
];
|
||||
};
|
||||
users.root.passwd = lib.mkForce secrets.root_password;
|
||||
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
|
||||
}
|
||||
|
@ -1,42 +0,0 @@
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
|
||||
in rec {
|
||||
imports = [
|
||||
../modules/network
|
||||
../modules/ssh
|
||||
../modules/vlan
|
||||
];
|
||||
|
||||
boot.tftp = {
|
||||
# IP addresses to use in the boot monitor when flashing/ booting
|
||||
# over TFTP. If you are flashing using the stock firmware's Web UI
|
||||
# then these dummy values are fine
|
||||
ipaddr = "192.0.2.115"; # my address
|
||||
serverip = "192.0.2.5"; # build machine or other tftp server
|
||||
};
|
||||
|
||||
hostname = "hello";
|
||||
|
||||
services.dhcpc = svc.network.dhcp.client.build {
|
||||
interface = config.hardware.networkInterfaces.lan;
|
||||
|
||||
# don't start DHCP until the hostname is configured,
|
||||
# so it can identify itself to the DHCP server
|
||||
dependencies = [ config.services.hostname ];
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
users.root = {
|
||||
# the password is "secret". Use mkpasswd -m sha512crypt to
|
||||
# create this hashed password string
|
||||
passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
figlet
|
||||
];
|
||||
}
|
@ -1,44 +0,0 @@
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
|
||||
in rec {
|
||||
imports = [
|
||||
../modules/network
|
||||
../modules/dnsmasq
|
||||
../modules/ssh
|
||||
];
|
||||
|
||||
hostname = "hello";
|
||||
|
||||
# configure the internal network (LAN) with an address
|
||||
services.int = svc.network.address.build {
|
||||
interface = config.hardware.networkInterfaces.lan;
|
||||
family = "inet"; address ="10.3.0.1"; prefixLength = 16;
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
users.root = {
|
||||
# the password is "secret". Use mkpasswd -m sha512crypt to
|
||||
# create this hashed password string
|
||||
passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
|
||||
};
|
||||
|
||||
services.dns =
|
||||
let interface = services.int;
|
||||
in svc.dnsmasq.build {
|
||||
inherit interface;
|
||||
ranges = [
|
||||
"10.3.0.10,10.3.0.240"
|
||||
"::,constructor:$(output ${interface} ifname),ra-stateless"
|
||||
];
|
||||
|
||||
domain = "example.org";
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
figlet
|
||||
];
|
||||
}
|
@ -9,8 +9,17 @@
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
secrets = import ./rotuer-secrets.nix;
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle;
|
||||
inherit (pkgs) serviceFns;
|
||||
inherit (pkgs.liminix.networking)
|
||||
address
|
||||
interface
|
||||
route;
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
||||
inherit (pkgs)
|
||||
dropbear
|
||||
ifwait
|
||||
writeText
|
||||
writeFennelScript
|
||||
serviceFns;
|
||||
svc = config.system.service;
|
||||
wirelessConfig = {
|
||||
country_code = "GB";
|
||||
@ -34,20 +43,21 @@ in rec {
|
||||
|
||||
imports = [
|
||||
../modules/wlan.nix
|
||||
../modules/standard.nix
|
||||
../modules/network
|
||||
../modules/ppp
|
||||
../modules/dnsmasq
|
||||
../modules/dhcp6c
|
||||
../modules/firewall
|
||||
../modules/hostapd
|
||||
../modules/bridge
|
||||
../modules/ntp
|
||||
../modules/ssh
|
||||
];
|
||||
rootfsType = "jffs2";
|
||||
hostname = "rotuer";
|
||||
|
||||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
interface = config.hardware.networkInterfaces.wlan_24;
|
||||
params = {
|
||||
ssid = "liminix";
|
||||
hw_mode="g";
|
||||
@ -57,7 +67,7 @@ in rec {
|
||||
};
|
||||
|
||||
services.hostap5 = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan5;
|
||||
interface = config.hardware.networkInterfaces.wlan_5;
|
||||
params = rec {
|
||||
ssid = "liminix_5";
|
||||
hw_mode="a";
|
||||
@ -70,16 +80,14 @@ in rec {
|
||||
};
|
||||
|
||||
services.int = svc.network.address.build {
|
||||
interface = svc.bridge.primary.build { ifname = "int"; };
|
||||
interface = svc.bridge.primary.build { ifname = "int"; };# services.int;
|
||||
family = "inet"; address ="10.8.0.1"; prefixLength = 16;
|
||||
};
|
||||
|
||||
services.bridge = svc.bridge.members.build {
|
||||
primary = services.int;
|
||||
members = with config.hardware.networkInterfaces;
|
||||
[ wlan
|
||||
wlan5
|
||||
lan ];
|
||||
[ wlan_24 wlan_5 lan ];
|
||||
};
|
||||
|
||||
services.ntp = svc.ntp.build {
|
||||
@ -98,17 +106,8 @@ in rec {
|
||||
inherit interface;
|
||||
ranges = [
|
||||
"10.8.0.10,10.8.0.240"
|
||||
# ra-stateless: sends router advertisements with the O and A
|
||||
# bits set, and provides a stateless DHCP service. The client
|
||||
# will use a SLAAC address, and use DHCP for other
|
||||
# configuration information.
|
||||
"::,constructor:$(output ${interface} ifname),ra-stateless"
|
||||
];
|
||||
|
||||
# You can add static addresses for the DHCP server here. I'm
|
||||
# not putting my actual MAC addresses in a public git repo ...
|
||||
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||
|
||||
domain = "fake.liminix.org";
|
||||
};
|
||||
|
||||
@ -132,8 +131,10 @@ in rec {
|
||||
chmod 0444 resolv.conf
|
||||
)
|
||||
'';
|
||||
down = ''
|
||||
rm -rf /run/service-state/${name}/
|
||||
'';
|
||||
};
|
||||
|
||||
filesystem =
|
||||
let inherit (pkgs.pseudofile) dir symlink;
|
||||
in dir {
|
||||
@ -142,47 +143,74 @@ in rec {
|
||||
};
|
||||
};
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
|
||||
services.defaultroute4 = route {
|
||||
name = "defaultroute4";
|
||||
via = "$(output ${services.wan} address)";
|
||||
target = "default";
|
||||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.defaultroute6 = svc.network.route.build {
|
||||
services.defaultroute6 = route {
|
||||
name = "defaultroute6";
|
||||
via = "$(output ${services.wan} ipv6-peer-address)";
|
||||
target = "default";
|
||||
interface = services.wan;
|
||||
dev = "$(output ${services.wan} ifname)";
|
||||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.firewall = svc.firewall.build {
|
||||
ruleset = import ./demo-firewall.nix;
|
||||
ruleset = import ./rotuer-firewall.nix;
|
||||
};
|
||||
|
||||
services.packet_forwarding = svc.network.forward.build { };
|
||||
services.packet_forwarding =
|
||||
let
|
||||
ip4 = "/proc/sys/net/ipv4/conf/all/forwarding";
|
||||
ip6 = "/proc/sys/net/ipv6/conf/all/forwarding";
|
||||
in oneshot {
|
||||
name = "let-the-ip-flow";
|
||||
up = ''
|
||||
echo 1 > ${ip4}
|
||||
echo 1 > ${ip6}
|
||||
'';
|
||||
down = ''
|
||||
echo 0 > ${ip4};
|
||||
echo 0 > ${ip6};
|
||||
'';
|
||||
dependencies = [ services.firewall ];
|
||||
};
|
||||
|
||||
services.dhcp6c =
|
||||
let client = svc.dhcp6c.client.build {
|
||||
interface = services.wan;
|
||||
};
|
||||
in bundle {
|
||||
name = "dhcp6c";
|
||||
contents = [
|
||||
(svc.dhcp6c.prefix.build {
|
||||
inherit client;
|
||||
interface = services.int;
|
||||
})
|
||||
(svc.dhcp6c.address.build {
|
||||
inherit client;
|
||||
interface = services.wan;
|
||||
})
|
||||
];
|
||||
services.dhcp6 =
|
||||
let
|
||||
name = "dhcp6c.wan";
|
||||
in longrun {
|
||||
inherit name;
|
||||
notification-fd = 10;
|
||||
run = ''
|
||||
export SERVICE_STATE=/run/service-state/${name}
|
||||
${pkgs.odhcp6c}/bin/odhcp6c -s ${pkgs.odhcp-script} -e -v -p /run/${name}.pid -P 48 $(output ${services.wan} ifname)
|
||||
)
|
||||
'';
|
||||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.acquire-lan-prefix =
|
||||
let script = pkgs.callPackage ./acquire-delegated-prefix.nix { };
|
||||
in longrun {
|
||||
name = "acquire-lan-prefix";
|
||||
run = "${script} /run/service-state/dhcp6c.wan $(output ${services.int} ifname)";
|
||||
dependencies = [ services.dhcp6 ];
|
||||
};
|
||||
|
||||
services.acquire-wan-address =
|
||||
let script = pkgs.callPackage ./acquire-wan-address.nix { };
|
||||
in longrun {
|
||||
name = "acquire-wan-address";
|
||||
run = "${script} /run/service-state/dhcp6c.wan $(output ${services.wan} ifname)";
|
||||
dependencies = [ services.dhcp6 ];
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
min-collect-garbage
|
||||
];
|
||||
|
||||
programs.busybox.applets = [
|
||||
"fdisk" "sfdisk"
|
||||
];
|
||||
}
|
||||
|
@ -1,109 +0,0 @@
|
||||
{ config, pkgs, lib, lim, ... } :
|
||||
let
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
|
||||
in rec {
|
||||
imports = [
|
||||
../modules/network
|
||||
../modules/ssh
|
||||
../modules/vlan
|
||||
../modules/wlan.nix
|
||||
../modules/hostapd
|
||||
../modules/bridge
|
||||
|
||||
../modules/ext4fs.nix
|
||||
../modules/tftpboot.nix
|
||||
];
|
||||
|
||||
rootfsType = "ext4";
|
||||
|
||||
boot.tftp = {
|
||||
# IP addresses to use in the boot monitor when flashing/ booting
|
||||
# over TFTP. If you are flashing using the stock firmware's Web UI
|
||||
# then these dummy values are fine
|
||||
ipaddr = "10.0.0.8"; # my address
|
||||
serverip = "10.0.0.1"; # build machine or other tftp server
|
||||
loadAddress = lim.parseInt "0x40000800";
|
||||
};
|
||||
|
||||
hostname = "omnia";
|
||||
|
||||
services.hostap =
|
||||
let secrets = {
|
||||
ssid = "not-the-internet";
|
||||
channel = 4;
|
||||
wpa_passphrase = "diamond dogs";
|
||||
};
|
||||
in svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
params = {
|
||||
country_code = "GB";
|
||||
hw_mode = "g";
|
||||
wmm_enabled = 1;
|
||||
ieee80211n = 1;
|
||||
inherit (secrets) ssid channel wpa_passphrase;
|
||||
auth_algs = 1; # 1=wpa2, 2=wep, 3=both
|
||||
wpa = 2; # 1=wpa, 2=wpa2, 3=both
|
||||
wpa_key_mgmt = "WPA-PSK";
|
||||
wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
|
||||
rsn_pairwise = "CCMP"; # auth for wpa2
|
||||
};
|
||||
};
|
||||
|
||||
services.hostap5 =
|
||||
let secrets = {
|
||||
ssid = "not-the-internet";
|
||||
channel = 36;
|
||||
wpa_passphrase = "diamond dogs";
|
||||
};
|
||||
in svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan5;
|
||||
params = {
|
||||
country_code = "GB";
|
||||
hw_mode = "a";
|
||||
|
||||
ht_capab = "[HT40+]";
|
||||
vht_oper_chwidth = 1;
|
||||
vht_oper_centr_freq_seg0_idx = secrets.channel + 6;
|
||||
ieee80211ac = 1;
|
||||
|
||||
wmm_enabled = 1;
|
||||
inherit (secrets) ssid channel wpa_passphrase;
|
||||
auth_algs = 1; # 1=wpa2, 2=wep, 3=both
|
||||
wpa = 2; # 1=wpa, 2=wpa2, 3=both
|
||||
wpa_key_mgmt = "WPA-PSK";
|
||||
wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
|
||||
rsn_pairwise = "CCMP"; # auth for wpa2
|
||||
};
|
||||
};
|
||||
|
||||
services.int = svc.bridge.primary.build {
|
||||
ifname = "int";
|
||||
};
|
||||
|
||||
services.dhcpc = svc.network.dhcp.client.build {
|
||||
interface = services.int;
|
||||
dependencies = [ config.services.hostname ];
|
||||
};
|
||||
|
||||
services.bridge = svc.bridge.members.build {
|
||||
primary = services.int;
|
||||
members = with config.hardware.networkInterfaces; [
|
||||
lan
|
||||
wlan
|
||||
];
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
users.root = {
|
||||
# the password is "secret". Use mkpasswd -m sha512crypt to
|
||||
# create this hashed password string
|
||||
passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
figlet pciutils
|
||||
];
|
||||
}
|
48
kernel/uimage.nix
Normal file
48
kernel/uimage.nix
Normal file
@ -0,0 +1,48 @@
|
||||
{
|
||||
lzma
|
||||
, stdenv
|
||||
, ubootTools
|
||||
, dtc
|
||||
} :
|
||||
let
|
||||
objcopy = "${stdenv.cc.bintools.targetPrefix}objcopy";
|
||||
in {
|
||||
kernel
|
||||
, commandLine
|
||||
, entryPoint
|
||||
, extraName ? "" # e.g. socFamily
|
||||
, loadAddress
|
||||
, dtb ? null
|
||||
} :
|
||||
stdenv.mkDerivation {
|
||||
name = "kernel.image";
|
||||
phases = [
|
||||
"preparePhase"
|
||||
(if dtb != null then "dtbPhase" else ":")
|
||||
"buildPhase"
|
||||
"installPhase" ];
|
||||
nativeBuildInputs = [
|
||||
lzma
|
||||
dtc
|
||||
stdenv.cc
|
||||
ubootTools
|
||||
];
|
||||
preparePhase = ''
|
||||
cp ${kernel} vmlinux.elf; chmod +w vmlinux.elf
|
||||
'';
|
||||
dtbPhase = ''
|
||||
dtc -I dtb -O dts -o tmp.dts ${dtb}
|
||||
echo '/{ chosen { bootargs = ${builtins.toJSON commandLine}; }; };' >> tmp.dts
|
||||
dtc -I dts -O dtb -o tmp.dtb tmp.dts
|
||||
${objcopy} --update-section .appended_dtb=tmp.dtb vmlinux.elf || ${objcopy} --add-section .appended_dtb=${dtb} vmlinux.elf
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
${objcopy} -O binary -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id -S vmlinux.elf vmlinux.bin
|
||||
rm -f vmlinux.bin.lzma ; lzma -k -z vmlinux.bin
|
||||
mkimage -A mips -O linux -T kernel -C lzma -a ${loadAddress} -e ${entryPoint} -n 'MIPS Liminix Linux ${extraName}' -d vmlinux.bin.lzma kernel.uimage
|
||||
'';
|
||||
installPhase = ''
|
||||
cp kernel.uimage $out
|
||||
'';
|
||||
}
|
@ -1,39 +0,0 @@
|
||||
# Import all of the modules, used in the documentation generator. Not
|
||||
# currently expected to work in an actual configuration, but it would
|
||||
# be nice if it did.
|
||||
|
||||
{
|
||||
imports = [
|
||||
./base.nix
|
||||
./bridge
|
||||
./busybox.nix
|
||||
./dhcp6c
|
||||
./dnsmasq
|
||||
./outputs/ext4fs.nix
|
||||
./firewall
|
||||
./hardware.nix
|
||||
./hostapd
|
||||
./hostname.nix
|
||||
./outputs/initramfs.nix
|
||||
./outputs/jffs2.nix
|
||||
./kernel.nix
|
||||
./outputs/kexecboot.nix
|
||||
./mount
|
||||
./network
|
||||
./ntp
|
||||
./outputs.nix
|
||||
./outputs/vmroot.nix
|
||||
./outputs/ubimage.nix
|
||||
./outputs/mtdimage.nix
|
||||
./ppp
|
||||
./ramdisk.nix
|
||||
./squashfs.nix
|
||||
./ssh
|
||||
./outputs/tftpboot.nix
|
||||
./outputs/ubifs.nix
|
||||
./users.nix
|
||||
./vlan
|
||||
./watchdog
|
||||
./wlan.nix
|
||||
];
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
{ lib, lim, pkgs, config, ...}:
|
||||
{
|
||||
config = {
|
||||
kernel.config = {
|
||||
CPU_LITTLE_ENDIAN= "y";
|
||||
CPU_BIG_ENDIAN= "n";
|
||||
# CMDLINE_FROM_BOOTLOADER availability is conditional
|
||||
# on CMDLINE being set to something non-empty
|
||||
CMDLINE="\"empty=false\"";
|
||||
CMDLINE_FROM_BOOTLOADER = "y";
|
||||
|
||||
OF = "y";
|
||||
# USE_OF = "y";
|
||||
};
|
||||
hardware.ram.startAddress = lim.parseInt "0x40000000";
|
||||
system.outputs.u-boot = pkgs.ubootQemuAarch64;
|
||||
};
|
||||
}
|
@ -1,11 +0,0 @@
|
||||
{ lib, lim, pkgs, config, ...}:
|
||||
{
|
||||
config = {
|
||||
kernel.config = {
|
||||
OF = "y";
|
||||
};
|
||||
kernel.makeTargets = ["arch/arm/boot/zImage"];
|
||||
hardware.ram.startAddress = lim.parseInt "0x40000000";
|
||||
system.outputs.u-boot = pkgs.ubootQemuArm;
|
||||
};
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
{ lib, pkgs, config, lim, ...}:
|
||||
{
|
||||
config = {
|
||||
kernel.config = {
|
||||
MIPS_ELF_APPENDED_DTB = "y";
|
||||
MIPS_BOOTLOADER_CMDLINE_REQUIRE_COOKIE = "y";
|
||||
MIPS_BOOTLOADER_CMDLINE_COOKIE = "\"liminix\"";
|
||||
MIPS_CMDLINE_DTB_EXTEND = "y";
|
||||
|
||||
OF = "y";
|
||||
USE_OF = "y";
|
||||
};
|
||||
hardware.ram.startAddress = lim.parseInt "0x80000000";
|
||||
boot.commandLine = [
|
||||
"console=ttyS0,115200" # true of all mips we've yet encountered
|
||||
];
|
||||
};
|
||||
}
|
@ -1,10 +0,0 @@
|
||||
{ lib, pkgs, config, ...}:
|
||||
{
|
||||
imports = [ ./mips.nix ];
|
||||
config = {
|
||||
kernel.config = {
|
||||
CPU_BIG_ENDIAN = "y";
|
||||
};
|
||||
system.outputs.u-boot = pkgs.ubootQemuMips;
|
||||
};
|
||||
}
|
@ -1,9 +0,0 @@
|
||||
{ lib, pkgs, config, ...}:
|
||||
{
|
||||
imports = [ ./mips.nix ];
|
||||
config = {
|
||||
kernel.config = {
|
||||
CPU_LITTLE_ENDIAN = "y";
|
||||
};
|
||||
};
|
||||
}
|
@ -39,12 +39,7 @@ in {
|
||||
};
|
||||
rootfsType = mkOption {
|
||||
default = "squashfs";
|
||||
type = types.enum [
|
||||
"ext4"
|
||||
"jffs2"
|
||||
"squashfs"
|
||||
"ubifs"
|
||||
];
|
||||
type = types.enum ["squashfs" "jffs2"];
|
||||
};
|
||||
boot = {
|
||||
commandLine = mkOption {
|
||||
@ -52,13 +47,9 @@ in {
|
||||
default = [];
|
||||
description = "Kernel command line";
|
||||
};
|
||||
imageFormat = mkOption {
|
||||
type = types.enum ["fit" "uimage"];
|
||||
default = "uimage";
|
||||
};
|
||||
tftp = {
|
||||
loadAddress = mkOption {
|
||||
type = types.ints.unsigned;
|
||||
type = types.str;
|
||||
description = ''
|
||||
RAM address at which to load data when transferring via
|
||||
TFTP. This is not the address of the flash storage,
|
||||
@ -89,8 +80,20 @@ in {
|
||||
defaultProfile.packages = with pkgs;
|
||||
[ s6 s6-init-bin execline s6-linux-init s6-rc ];
|
||||
|
||||
hardware.networkInterfaces = {
|
||||
lo =
|
||||
let iface = interface { type = "loopback"; device = "lo";};
|
||||
in bundle {
|
||||
name = "loopback";
|
||||
contents = [
|
||||
(address iface { family = "inet4"; address ="127.0.0.1"; prefixLength = 8;})
|
||||
(address iface { family = "inet6"; address ="::1"; prefixLength = 128;})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
boot.commandLine = [
|
||||
"panic=10 oops=panic init=/bin/init loglevel=8"
|
||||
"console=ttyS0,115200 panic=10 oops=panic init=/bin/init loglevel=8"
|
||||
"root=${config.hardware.rootDevice}"
|
||||
"rootfstype=${config.rootfsType}"
|
||||
"fw_devlink=off"
|
||||
|
@ -39,13 +39,5 @@ in
|
||||
};
|
||||
};
|
||||
};
|
||||
config.kernel.config = {
|
||||
BRIDGE = "y";
|
||||
BRIDGE_IGMP_SNOOPING = "y";
|
||||
} // lib.optionalAttrs (config.system.service ? vlan) {
|
||||
# depends on bridge _and_ vlan. I would like there to be
|
||||
# a better way to test for the existence of vlan config:
|
||||
# maybe the module should set an `enabled` attribute?
|
||||
BRIDGE_VLAN_FILTERING = "y";
|
||||
};
|
||||
config.kernel.config.BRIDGE = "y";
|
||||
}
|
||||
|
@ -5,6 +5,7 @@
|
||||
}:
|
||||
{ ifname } :
|
||||
let
|
||||
inherit (liminix.networking) interface;
|
||||
inherit (liminix.services) bundle oneshot;
|
||||
inherit (lib) mkOption types;
|
||||
in oneshot rec {
|
||||
|
@ -1,31 +0,0 @@
|
||||
(local { : system } (require :anoia))
|
||||
(local svc (require :anoia.svc))
|
||||
|
||||
(fn changes [old-addresses new-addresses]
|
||||
(let [added {}
|
||||
deleted {}]
|
||||
(each [n address (pairs new-addresses)]
|
||||
(if (not (. old-addresses n))
|
||||
(table.insert added address)))
|
||||
(each [n address (pairs old-addresses)]
|
||||
(if (not (. new-addresses n))
|
||||
(table.insert deleted address)))
|
||||
(values added deleted)))
|
||||
|
||||
(fn update-prefixes [device prefixes new-prefixes]
|
||||
(let [(added deleted) (changes prefixes new-prefixes)]
|
||||
(each [_ p (ipairs added)]
|
||||
(system
|
||||
(.. "ip address add " p.address "1/" p.len " dev " device)))
|
||||
(each [_ p (ipairs deleted)]
|
||||
(system
|
||||
(.. "ip address del " p.address "1/" p.len " dev " device)))))
|
||||
|
||||
(fn run []
|
||||
(let [[state-directory lan-device] arg
|
||||
dir (svc.open state-directory)]
|
||||
(accumulate [addresses []
|
||||
v (dir:events)]
|
||||
(update-prefixes lan-device addresses (v:output "prefix")))))
|
||||
|
||||
{ : changes : run }
|
@ -1,10 +0,0 @@
|
||||
{
|
||||
writeFennel
|
||||
, linotify
|
||||
, anoia
|
||||
, lua
|
||||
}:
|
||||
writeFennel "acquire-delegated-prefix" {
|
||||
packages = [ linotify anoia lua.pkgs.luafilesystem ];
|
||||
mainFunction = "run";
|
||||
} ./acquire-delegated-prefix.fnl
|
@ -1,68 +0,0 @@
|
||||
(local subject (require :acquire-wan-address))
|
||||
(local { : view } (require :fennel))
|
||||
(local { : merge : dup } (require :anoia))
|
||||
|
||||
|
||||
(local a1
|
||||
{
|
||||
"2001-ab-cd-ef_hjgKHGhKJH" {
|
||||
:address "2001:ab:cd:ef"
|
||||
:len "64"
|
||||
:preferred "200"
|
||||
:valid "200"
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
(local a2
|
||||
{
|
||||
"2001-0-1-2-3_aNteBnb" {
|
||||
:address "2001:0:1:2:3"
|
||||
:len "64"
|
||||
:preferred "200"
|
||||
:valid "200"
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
(macro expect [assertion]
|
||||
(let [msg (.. "expectation failed: " (view assertion))]
|
||||
`(when (not ,assertion)
|
||||
(assert false ,msg))))
|
||||
|
||||
(fn first-address []
|
||||
(let [(add del)
|
||||
(subject.changes
|
||||
{ }
|
||||
a1
|
||||
)]
|
||||
(expect (= (# del) 0))
|
||||
(expect (= (# add) 1))
|
||||
(let [[first] add]
|
||||
(expect (= first.address "2001:ab:cd:ef")))))
|
||||
|
||||
(fn second-address []
|
||||
(let [(add del)
|
||||
(subject.changes
|
||||
a1
|
||||
(merge (dup a1) a2)
|
||||
)]
|
||||
(expect (= (# del) 0))
|
||||
(expect (= (# add) 1))
|
||||
(let [[first] add] (expect (= first.address "2001:0:1:2:3")))))
|
||||
|
||||
(fn less-address []1
|
||||
(let [(add del)
|
||||
(subject.changes
|
||||
(merge (dup a1) a2)
|
||||
a1
|
||||
)]
|
||||
(expect (= (# add) 0))
|
||||
(expect (= (# del) 1))
|
||||
|
||||
(let [[first] del] (expect (= first.address "2001:0:1:2:3")))))
|
||||
|
||||
|
||||
(first-address)
|
||||
(second-address)
|
||||
(less-address)
|
@ -1,35 +0,0 @@
|
||||
(local { : system } (require :anoia))
|
||||
(local svc (require :anoia.svc))
|
||||
|
||||
;; acquire-delegated-prefix has very similar code: we'd like to move
|
||||
;; this to anoia.svc when we see what the general form would look like
|
||||
|
||||
(fn changes [old-addresses new-addresses]
|
||||
(let [added {}
|
||||
deleted {}]
|
||||
(each [n address (pairs new-addresses)]
|
||||
(if (not (. old-addresses n))
|
||||
(table.insert added address)))
|
||||
(each [n address (pairs old-addresses)]
|
||||
(if (not (. new-addresses n))
|
||||
(table.insert deleted address)))
|
||||
(values added deleted)))
|
||||
|
||||
(fn update-addresses [wan-device addresses new-addresses]
|
||||
(let [(added deleted) (changes addresses new-addresses)]
|
||||
(each [_ p (ipairs added)]
|
||||
(system
|
||||
(.. "ip address add " p.address "/" p.len " dev " wan-device)))
|
||||
(each [_ p (ipairs deleted)]
|
||||
(system
|
||||
(.. "ip address del " p.address "/" p.len " dev " wan-device)))
|
||||
new-addresses))
|
||||
|
||||
(fn run []
|
||||
(let [[state-directory wan-device] arg
|
||||
dir (svc.open state-directory)]
|
||||
(accumulate [addresses []
|
||||
v (dir:events)]
|
||||
(update-addresses wan-device addresses (v:output "address")))))
|
||||
|
||||
{ : update-addresses : changes : run }
|
@ -1,10 +0,0 @@
|
||||
{
|
||||
writeFennel
|
||||
, linotify
|
||||
, anoia
|
||||
, lua
|
||||
}:
|
||||
writeFennel "acquire-wan-address" {
|
||||
packages = [ linotify anoia lua.pkgs.luafilesystem ];
|
||||
mainFunction = "run";
|
||||
} ./acquire-wan-address.fnl
|
@ -1,16 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
, callPackage
|
||||
}:
|
||||
{ client, interface } :
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
inherit (lib) mkOption types;
|
||||
name = "dhcp6c.addr.${client.name}.${interface.name}";
|
||||
script = callPackage ./acquire-wan-address.nix { };
|
||||
in longrun {
|
||||
inherit name;
|
||||
run = "${script} /run/service-state/${client.name} $(output ${interface} ifname)";
|
||||
dependencies = [ client interface ];
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
, odhcp6c
|
||||
, odhcp-script
|
||||
}:
|
||||
{ interface } :
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
inherit (lib) mkOption types;
|
||||
name = "dhcp6c.${interface.name}";
|
||||
in longrun {
|
||||
inherit name;
|
||||
notification-fd = 10;
|
||||
run = ''
|
||||
export SERVICE_STATE=/run/service-state/${name}
|
||||
${odhcp6c}/bin/odhcp6c -s ${odhcp-script} -e -v -p /run/${name}.pid -P0 $(output ${interface} ifname)
|
||||
)
|
||||
'';
|
||||
dependencies = [ interface ];
|
||||
}
|
@ -1,52 +0,0 @@
|
||||
## DHCP6 client module
|
||||
## ===================
|
||||
##
|
||||
## This is for use if you have an IPv6-capable upstream that provides
|
||||
## address information and/or prefix delegation using DHCP6. It
|
||||
## provides a service to request address information in the form of a
|
||||
## DHCP lease, and two dependent services that listen for updates
|
||||
## to the DHCP address information and can be used to update
|
||||
## addresses of network interfaces that you want to assign those
|
||||
## prefixes to
|
||||
|
||||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
inherit (pkgs) liminix;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
system.service.dhcp6c = {
|
||||
client = mkOption { type = liminix.lib.types.serviceDefn; };
|
||||
prefix = mkOption { type = liminix.lib.types.serviceDefn; };
|
||||
address = mkOption { type = liminix.lib.types.serviceDefn; };
|
||||
};
|
||||
};
|
||||
config.system.service.dhcp6c = {
|
||||
client = liminix.callService ./client.nix {
|
||||
interface = mkOption {
|
||||
type = liminix.lib.types.interface;
|
||||
description = "interface (usually WAN) to query for DHCP6";
|
||||
};
|
||||
};
|
||||
address = liminix.callService ./address.nix {
|
||||
client = mkOption {
|
||||
type = types.anything; # liminix.lib.types.service;
|
||||
};
|
||||
interface = mkOption {
|
||||
type = liminix.lib.types.interface;
|
||||
description = "interface to assign the address to";
|
||||
};
|
||||
};
|
||||
prefix = liminix.callService ./prefix.nix {
|
||||
client = mkOption {
|
||||
type = types.anything; # liminix.lib.types.service;
|
||||
};
|
||||
interface = mkOption {
|
||||
type = liminix.lib.types.interface;
|
||||
description = "interface to assign <prefix>::1 to";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
, callPackage
|
||||
}:
|
||||
{ client, interface } :
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
inherit (lib) mkOption types;
|
||||
name = "dhcp6c.prefix.${client.name}.${interface.name}";
|
||||
script = callPackage ./acquire-delegated-prefix.nix { };
|
||||
in longrun {
|
||||
inherit name;
|
||||
run = "${script} /run/service-state/${client.name} $(output ${interface} ifname)";
|
||||
dependencies = [ client interface ];
|
||||
}
|
@ -42,38 +42,6 @@ in {
|
||||
ranges = mkOption {
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
hosts = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf (types.submodule {
|
||||
options = {
|
||||
mac = mkOption {
|
||||
description = ''
|
||||
MAC or other hardware address to match on. For Ethernet
|
||||
this is a 48 bit address represented as colon-separated
|
||||
hex bytes, or "id:clientid" to match a presented
|
||||
client id (IPv6 DUID)
|
||||
'';
|
||||
type = types.str;
|
||||
example = "01:20:31:4a:50";
|
||||
};
|
||||
v4 = mkOption {
|
||||
description = "IPv4 address to assign to this client";
|
||||
example = "192.0.2.1";
|
||||
type = types.str;
|
||||
};
|
||||
v6 = mkOption {
|
||||
type = types.listOf types.str;
|
||||
description = "IPv6 addresses or interface-ids to assign to this client";
|
||||
default = [];
|
||||
example = [ "fe80::42:1eff:fefd:b341" "::1234"];
|
||||
};
|
||||
leasetime = mkOption {
|
||||
type = types.int;
|
||||
default = 86400;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
domain = mkOption {
|
||||
# this can be given multiple times so probably should be
|
||||
# domains plural and list of string
|
||||
|
@ -10,17 +10,13 @@
|
||||
, domain
|
||||
, group
|
||||
, ranges
|
||||
, hosts
|
||||
, upstreams
|
||||
, resolvconf
|
||||
}:
|
||||
let
|
||||
name = "${interface.name}.dnsmasq";
|
||||
inherit (liminix.services) longrun;
|
||||
inherit (lib) concatStrings concatStringsSep mapAttrsToList;
|
||||
hostOpt = name : { mac, v4, v6, leasetime } @ attrs:
|
||||
let v6s = concatStrings (map (a : ",[${a}]") v6);
|
||||
in "--dhcp-host=${mac},${v4}${v6s},${name},${builtins.toString leasetime}";
|
||||
inherit (lib) concatStringsSep;
|
||||
in
|
||||
longrun {
|
||||
inherit name;
|
||||
@ -37,7 +33,6 @@ longrun {
|
||||
--keep-in-foreground \
|
||||
--dhcp-authoritative \
|
||||
${if resolvconf != null then "--resolv-file=$(output_path ${resolvconf} resolv.conf)" else "--no-resolv"} \
|
||||
${lib.concatStringsSep " " (mapAttrsToList hostOpt hosts)} \
|
||||
--no-hosts \
|
||||
--log-dhcp \
|
||||
--enable-ra \
|
||||
|
89
modules/flashimage.nix
Normal file
89
modules/flashimage.nix
Normal file
@ -0,0 +1,89 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
inherit (config.boot) tftp;
|
||||
in {
|
||||
options.system.outputs = {
|
||||
firmware = mkOption {
|
||||
type = types.package;
|
||||
internal = true; # component of flashimage
|
||||
description = ''
|
||||
Binary image (combining kernel, FDT, rootfs, initramfs
|
||||
if needed, etc) for the target device.
|
||||
'';
|
||||
};
|
||||
flash-scr = mkOption {
|
||||
type = types.package;
|
||||
internal = true; # component of flashimage
|
||||
description = ''
|
||||
Copy-pastable U-Boot commands to TFTP download the
|
||||
image and write it to flash
|
||||
'';
|
||||
};
|
||||
flashimage = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
Flashable image for the target device, and the script to
|
||||
install it
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
kernel = {
|
||||
config = {
|
||||
MTD_SPLIT_UIMAGE_FW = "y";
|
||||
};
|
||||
};
|
||||
|
||||
programs.busybox.applets = [
|
||||
"flashcp"
|
||||
];
|
||||
|
||||
system.outputs = {
|
||||
firmware =
|
||||
let o = config.system.outputs; in
|
||||
pkgs.runCommand "firmware" {} ''
|
||||
dd if=${o.uimage} of=$out bs=128k conv=sync
|
||||
dd if=${o.rootfs} of=$out bs=128k conv=sync,nocreat,notrunc oflag=append
|
||||
'';
|
||||
flashimage =
|
||||
let o = config.system.outputs; in
|
||||
# could use trivial-builders.linkFarmFromDrvs here?
|
||||
pkgs.runCommand "flashimage" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${o.firmware} firmware.bin
|
||||
ln -s ${o.rootfs} rootfs
|
||||
ln -s ${o.kernel} vmlinux
|
||||
ln -s ${o.manifest} manifest
|
||||
ln -s ${o.kernel.headers} build
|
||||
ln -s ${o.uimage} uimage
|
||||
ln -s ${o.dtb} dtb
|
||||
ln -s ${o.flash-scr} flash.scr
|
||||
'';
|
||||
|
||||
flash-scr =
|
||||
let
|
||||
inherit (pkgs.lib.trivial) toHexString;
|
||||
inherit (config.hardware) flash;
|
||||
in
|
||||
pkgs.buildPackages.runCommand "" {} ''
|
||||
imageSize=$(stat -L -c %s ${config.system.outputs.firmware})
|
||||
cat > $out << EOF
|
||||
setenv serverip ${tftp.serverip}
|
||||
setenv ipaddr ${tftp.ipaddr}
|
||||
tftp 0x$(printf %x ${tftp.loadAddress}) result/firmware.bin
|
||||
erase 0x$(printf %x ${flash.address}) +${flash.size}
|
||||
cp.b 0x$(printf %x ${tftp.loadAddress}) 0x$(printf %x ${flash.address}) \''${filesize}
|
||||
echo command line was ${builtins.toJSON (concatStringsSep " " config.boot.commandLine)}
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -16,14 +16,8 @@ in {
|
||||
hardware = {
|
||||
dts = {
|
||||
src = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
description = ''
|
||||
If the device requires an external device tree to be loaded
|
||||
alongside the kernel, this is the path to the device tree source
|
||||
(we usually get these from OpenWrt). This value may be null if the
|
||||
platform creates the device tree - currently this is the case
|
||||
only for QEMU.
|
||||
'';
|
||||
type = types.path;
|
||||
description = "Path to the device tree source (usually from OpenWrt)";
|
||||
};
|
||||
includes = mkOption {
|
||||
default = [];
|
||||
@ -32,15 +26,9 @@ in {
|
||||
};
|
||||
};
|
||||
defaultOutput = mkOption {
|
||||
description = "\"Default\" output: what gets built for this device when outputs.default is requested. Typically this is \"mtdimage\" or \"vmroot\"";
|
||||
description = "\"Default\" output: what gets built for this device when outputs.default is requested. Typically this is \"flashimage\" or \"vmroot\"";
|
||||
type = types.nonEmptyStr;
|
||||
};
|
||||
ram = {
|
||||
startAddress = mkOption {
|
||||
type = types.int;
|
||||
};
|
||||
};
|
||||
|
||||
flash = {
|
||||
# start address and size of whichever partition (often
|
||||
# called "firmware") we're going to overwrite with our
|
||||
@ -54,19 +42,19 @@ in {
|
||||
kernel uimage and root fs. Usually not the entire flash, as
|
||||
we don't want to clobber the bootloader, calibration data etc
|
||||
'';
|
||||
type = types.ints.unsigned;
|
||||
type = types.str;
|
||||
};
|
||||
size = mkOption {
|
||||
type = types.ints.unsigned;
|
||||
type = types.str;
|
||||
description = "Size in bytes of the firmware partition";
|
||||
};
|
||||
eraseBlockSize = mkOption {
|
||||
description = "Flash erase block size in bytes";
|
||||
type = types.ints.unsigned;
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
loadAddress = mkOption { type = types.ints.unsigned; default = null; };
|
||||
entryPoint = mkOption { type = types.ints.unsigned; };
|
||||
loadAddress = mkOption { default = null; };
|
||||
entryPoint = mkOption { };
|
||||
radios = mkOption {
|
||||
description = ''
|
||||
Kernel modules (from mac80211 package) required for the
|
||||
|
@ -13,23 +13,13 @@ in
|
||||
boot.initramfs = {
|
||||
enable = mkEnableOption "initramfs";
|
||||
};
|
||||
system.outputs = {
|
||||
initramfs = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
Initramfs image capable of mounting the real root
|
||||
filesystem
|
||||
'';
|
||||
};
|
||||
systemConfiguration = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
pkgs.systemconfig for the configured filesystem,
|
||||
contains 'activate' and 'init' commands
|
||||
'';
|
||||
internal = true;
|
||||
};
|
||||
system.outputs.initramfs = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
Initramfs image capable of mounting the jffs2 root
|
||||
filesystem
|
||||
'';
|
||||
};
|
||||
};
|
||||
config = mkIf config.boot.initramfs.enable {
|
||||
@ -47,14 +37,18 @@ in
|
||||
dir /proc 0755 0 0
|
||||
dir /dev 0755 0 0
|
||||
nod /dev/console 0600 0 0 c 5 1
|
||||
nod /dev/mtdblock0 0600 0 0 b 31 0
|
||||
nod /dev/mtdblock1 0600 0 0 b 31 1
|
||||
nod /dev/mtdblock2 0600 0 0 b 31 2
|
||||
nod /dev/mtdblock3 0600 0 0 b 31 3
|
||||
nod /dev/mtdblock4 0600 0 0 b 31 4
|
||||
nod /dev/mtdblock5 0600 0 0 b 31 5
|
||||
dir /target 0755 0 0
|
||||
dir /target/persist 0755 0 0
|
||||
dir /target/nix 0755 0 0
|
||||
file /init ${pkgs.preinit}/bin/preinit 0755 0 0
|
||||
SPECIALS
|
||||
'';
|
||||
systemConfiguration =
|
||||
pkgs.systemconfig config.filesystem.contents;
|
||||
};
|
||||
};
|
||||
}
|
54
modules/jffs2.nix
Normal file
54
modules/jffs2.nix
Normal file
@ -0,0 +1,54 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./initramfs.nix
|
||||
];
|
||||
options.system.outputs = {
|
||||
systemConfiguration = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
pkgs.systemconfig for the configured filesystem,
|
||||
contains 'activate' and 'init' commands
|
||||
'';
|
||||
internal = true;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (config.rootfsType == "jffs2") {
|
||||
kernel.config = {
|
||||
JFFS2_FS = "y";
|
||||
JFFS2_LZO = "y";
|
||||
JFFS2_RTIME = "y";
|
||||
JFFS2_COMPRESSION_OPTIONS = "y";
|
||||
JFFS2_ZLIB = "y";
|
||||
JFFS2_CMODE_SIZE = "y";
|
||||
};
|
||||
boot.initramfs.enable = true;
|
||||
system.outputs = rec {
|
||||
systemConfiguration =
|
||||
pkgs.systemconfig config.filesystem.contents;
|
||||
rootfs =
|
||||
let
|
||||
inherit (pkgs.pkgsBuildBuild) runCommand mtdutils;
|
||||
endian = if pkgs.stdenv.isBigEndian
|
||||
then "--big-endian" else "--little-endian";
|
||||
in runCommand "make-jffs2" {
|
||||
depsBuildBuild = [ mtdutils ];
|
||||
} ''
|
||||
mkdir -p $TMPDIR/empty/nix/store/ $TMPDIR/empty/secrets
|
||||
cp ${systemConfiguration}/bin/activate $TMPDIR/empty/activate
|
||||
ln -s ${pkgs.s6-init-bin}/bin/init $TMPDIR/empty/init
|
||||
grafts=$(sed < ${systemConfiguration}/etc/nix-store-paths 's/^\(.*\)$/--graft \1:\1/g')
|
||||
mkfs.jffs2 --compression-mode=size ${endian} -e ${config.hardware.flash.eraseBlockSize} --enable-compressor=lzo --pad --root $TMPDIR/empty --output $out $grafts --squash --faketime
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -9,14 +9,13 @@ let
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
inherit (pkgs.liminix.networking) address interface;
|
||||
inherit (pkgs.liminix.services) bundle;
|
||||
inherit (pkgs) liminix;
|
||||
|
||||
type_service = pkgs.liminix.lib.types.service;
|
||||
|
||||
in {
|
||||
options = {
|
||||
kernel = {
|
||||
src = mkOption { type = types.path; } ;
|
||||
src = mkOption { type = types.package; } ;
|
||||
modular = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
@ -25,7 +24,7 @@ in {
|
||||
extraPatchPhase = mkOption {
|
||||
default = "true";
|
||||
type = types.lines;
|
||||
};
|
||||
} ;
|
||||
config = mkOption {
|
||||
description = ''
|
||||
Kernel config options, as listed in Kconfig* files in the
|
||||
@ -42,25 +41,11 @@ in {
|
||||
};
|
||||
'';
|
||||
};
|
||||
makeTargets = mkOption {
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
system.outputs =
|
||||
let k = liminix.builders.kernel.override {
|
||||
inherit (config.kernel) config src extraPatchPhase;
|
||||
targets = config.kernel.makeTargets;
|
||||
};
|
||||
in {
|
||||
kernel = k.vmlinux;
|
||||
zimage = k.zImage;
|
||||
};
|
||||
|
||||
kernel = rec {
|
||||
modular = true; # disabling this is not yet supported
|
||||
makeTargets = ["vmlinux"];
|
||||
config = {
|
||||
IKCONFIG = "y";
|
||||
IKCONFIG_PROC = "y";
|
||||
@ -71,6 +56,10 @@ in {
|
||||
MODULE_SIG = if modular then "y" else "n";
|
||||
DEBUG_FS = "y";
|
||||
|
||||
MIPS_BOOTLOADER_CMDLINE_REQUIRE_COOKIE = "y";
|
||||
MIPS_BOOTLOADER_CMDLINE_COOKIE = "\"liminix\"";
|
||||
MIPS_CMDLINE_DTB_EXTEND = "y";
|
||||
|
||||
# basic networking protocols
|
||||
NET = "y";
|
||||
UNIX = "y";
|
||||
@ -79,8 +68,6 @@ in {
|
||||
PACKET = "y"; # for ppp, tcpdump ...
|
||||
SYSVIPC= "y";
|
||||
|
||||
NETDEVICES = "y"; # even PPP needs this
|
||||
|
||||
# disabling this option causes the kernel to use an "empty"
|
||||
# initramfs instead: it has a /dev/console node and not much
|
||||
# else. Note that pid 1 is started *before* the root
|
||||
|
@ -7,7 +7,7 @@
|
||||
let
|
||||
inherit (lib) mkOption mkForce types concatStringsSep;
|
||||
in {
|
||||
imports = [ ../ramdisk.nix ];
|
||||
imports = [ ./ramdisk.nix ];
|
||||
options.system.outputs = {
|
||||
kexecboot = mkOption {
|
||||
type = types.package;
|
@ -1,53 +0,0 @@
|
||||
## Mount
|
||||
##
|
||||
## Mount filesystems
|
||||
|
||||
|
||||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs) liminix;
|
||||
mkBoolOption = description : mkOption {
|
||||
type = types.bool;
|
||||
inherit description;
|
||||
default = true;
|
||||
};
|
||||
|
||||
in {
|
||||
options = {
|
||||
system.service.mount = mkOption {
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
};
|
||||
config.system.service = {
|
||||
mount = liminix.callService ./service.nix {
|
||||
device = mkOption {
|
||||
type = types.str;
|
||||
example = "/dev/sda1";
|
||||
};
|
||||
mountpoint = mkOption {
|
||||
type = types.str;
|
||||
example = "/mnt/media";
|
||||
};
|
||||
options = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = ["noatime" "ro" "sync"];
|
||||
};
|
||||
fstype = mkOption {
|
||||
type = types.str;
|
||||
default = "auto";
|
||||
example = "vfat";
|
||||
};
|
||||
};
|
||||
};
|
||||
config.programs.busybox = {
|
||||
applets = ["blkid" "findfs"];
|
||||
options = {
|
||||
FEATURE_BLKID_TYPE = "y";
|
||||
FEATURE_MOUNT_FLAGS = "y";
|
||||
FEATURE_MOUNT_LABEL = "y";
|
||||
FEATURE_VOLUMEID_EXT = "y";
|
||||
};
|
||||
};
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
}:
|
||||
{ device, mountpoint, options, fstype }:
|
||||
let
|
||||
inherit (liminix.services) oneshot;
|
||||
in oneshot {
|
||||
name = "mount.${lib.escapeURL mountpoint}";
|
||||
up = ''
|
||||
while ! findfs ${device}; do
|
||||
echo waiting for device ${device}
|
||||
sleep 1
|
||||
done
|
||||
mount -t ${fstype} -o ${lib.concatStringsSep "," options} ${device} ${mountpoint}
|
||||
'';
|
||||
down = "umount ${mountpoint}";
|
||||
}
|
@ -9,7 +9,6 @@
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs) liminix;
|
||||
inherit (pkgs.liminix.services) bundle;
|
||||
in {
|
||||
options = {
|
||||
system.service.network = {
|
||||
@ -21,12 +20,6 @@ in {
|
||||
description = "network interface address";
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
route = mkOption {
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
forward = mkOption {
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
dhcp = {
|
||||
client = mkOption {
|
||||
# this needs to move to its own service as it has
|
||||
@ -38,51 +31,12 @@ in {
|
||||
};
|
||||
};
|
||||
config = {
|
||||
hardware.networkInterfaces = {
|
||||
lo =
|
||||
let
|
||||
net = config.system.service.network;
|
||||
iface = net.link.build { ifname = "lo";};
|
||||
in bundle {
|
||||
name = "loopback";
|
||||
contents = [
|
||||
( net.address.build {
|
||||
interface = iface;
|
||||
family = "inet";
|
||||
address ="127.0.0.1";
|
||||
prefixLength = 8;
|
||||
})
|
||||
( net.address.build {
|
||||
interface = iface;
|
||||
family = "inet6";
|
||||
address = "::1";
|
||||
prefixLength = 128;
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
services.loopback = config.hardware.networkInterfaces.lo;
|
||||
|
||||
system.service.network = {
|
||||
link = liminix.callService ./link.nix {
|
||||
ifname = mkOption {
|
||||
type = types.str;
|
||||
example = "eth0";
|
||||
description = ''
|
||||
Device name as used by the kernel (as seen in "ip link"
|
||||
or "ifconfig" output). If devpath is also specified, the
|
||||
device will be renamed to the name provided.
|
||||
'';
|
||||
};
|
||||
devpath = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/devices/platform/soc/soc:internal-regs/f1070000.ethernet";
|
||||
description = ''
|
||||
Path to the sysfs node of the device. If you provide this
|
||||
and the ifname option, the device will be renamed to the
|
||||
name given by ifname.
|
||||
''; };
|
||||
# other "ip link add" options could go here as well
|
||||
mtu = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
@ -103,39 +57,6 @@ in {
|
||||
type = types.ints.between 0 128;
|
||||
};
|
||||
};
|
||||
|
||||
route = liminix.callService ./route.nix {
|
||||
interface = mkOption {
|
||||
type = types.nullOr liminix.lib.types.interface;
|
||||
default = null;
|
||||
description = "Interface to route through. May be omitted if it can be inferred from \"via\"";
|
||||
};
|
||||
target = mkOption {
|
||||
type = types.str;
|
||||
description = "host or network to add route to";
|
||||
};
|
||||
via = mkOption {
|
||||
type = types.str;
|
||||
description = "address of next hop";
|
||||
};
|
||||
metric = mkOption {
|
||||
type = types.int;
|
||||
description = "route metric";
|
||||
default = 100;
|
||||
};
|
||||
};
|
||||
|
||||
forward = liminix.callService ./forward.nix {
|
||||
enableIPv4 = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
enableIPv6 = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
dhcp.client = liminix.callService ./dhcpc.nix {
|
||||
interface = mkOption {
|
||||
type = liminix.lib.types.service;
|
||||
|
@ -1,21 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, ifwait
|
||||
, serviceFns
|
||||
, lib
|
||||
}:
|
||||
{ enableIPv4, enableIPv6 }:
|
||||
let
|
||||
inherit (liminix.services) oneshot;
|
||||
ip4 = "/proc/sys/net/ipv4/conf/all/forwarding";
|
||||
ip6 = "/proc/sys/net/ipv6/conf/all/forwarding";
|
||||
opt = lib.optionalString;
|
||||
sysctls = b :
|
||||
""
|
||||
+ opt enableIPv4 "echo ${b} > ${ip4}\n"
|
||||
+ opt enableIPv6 "echo ${b} > ${ip6}\n";
|
||||
in oneshot {
|
||||
name = "forwarding${opt enableIPv4 "4"}${opt enableIPv6 "6"}";
|
||||
up = sysctls "1";
|
||||
down = sysctls "0";
|
||||
}
|
@ -4,27 +4,13 @@
|
||||
, serviceFns
|
||||
, lib
|
||||
}:
|
||||
{
|
||||
ifname
|
||||
, devpath ? null
|
||||
, mtu} :
|
||||
# if devpath is supplied, we rename the interface at that
|
||||
# path to have the specified name.
|
||||
{ifname, mtu} :
|
||||
let
|
||||
inherit (liminix.services) longrun oneshot;
|
||||
inherit (lib) concatStringsSep;
|
||||
name = "${ifname}.link";
|
||||
rename = if devpath != null
|
||||
then ''
|
||||
oldname=$(cd /sys${devpath} && cd net/ && echo *)
|
||||
ip link set ''${oldname} name ${ifname}
|
||||
''
|
||||
else "";
|
||||
up = liminix.networking.ifup name ifname;
|
||||
in oneshot {
|
||||
inherit name;
|
||||
up = ''
|
||||
${rename}
|
||||
${liminix.networking.ifup name ifname}
|
||||
'';
|
||||
inherit name up;
|
||||
down = "ip link set down dev ${ifname}";
|
||||
}
|
||||
|
@ -1,20 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, ifwait
|
||||
, serviceFns
|
||||
, lib
|
||||
}:
|
||||
{ target, via, interface ? null, metric }:
|
||||
let
|
||||
inherit (liminix.services) oneshot;
|
||||
with_dev = if interface != null then "dev $(output ${interface} ifname)" else "";
|
||||
in oneshot {
|
||||
name = "route-${target}-${builtins.substring 0 12 (builtins.hashString "sha256" "${via}-${if interface!=null then interface.name else ""}")}";
|
||||
up = ''
|
||||
ip route add ${target} via ${via} metric ${toString metric} ${with_dev}
|
||||
'';
|
||||
down = ''
|
||||
ip route del ${target} via ${via} ${with_dev}
|
||||
'';
|
||||
dependencies = [] ++ lib.optional (interface != null) interface;
|
||||
}
|
@ -7,132 +7,84 @@
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
inherit (pkgs) liminix callPackage writeText;
|
||||
o = config.system.outputs;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./squashfs.nix
|
||||
./outputs/vmroot.nix
|
||||
./outputs/extlinux.nix
|
||||
];
|
||||
options = {
|
||||
system.outputs = {
|
||||
# the convention here is to mark an output as "internal" if
|
||||
# it's not a complete system (kernel plus userland, or installer)
|
||||
# but only part of one.
|
||||
kernel = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
kernel
|
||||
******
|
||||
|
||||
Kernel vmlinux file (usually ELF)
|
||||
'';
|
||||
};
|
||||
zimage = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
zimage
|
||||
******
|
||||
|
||||
Kernel in compressed self-extracting package
|
||||
'';
|
||||
};
|
||||
dtb = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
dtb
|
||||
***
|
||||
|
||||
Compiled device tree (FDT) for the target device
|
||||
'';
|
||||
};
|
||||
uimage = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
uimage
|
||||
******
|
||||
|
||||
Combined kernel and FDT in uImage (U-Boot compatible) format
|
||||
'';
|
||||
};
|
||||
u-boot = mkOption {
|
||||
vmroot = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
Directory containing separate kernel and rootfs image for
|
||||
use with qemu (see mips-vm)
|
||||
'';
|
||||
};
|
||||
manifest = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
Debugging aid. JSON rendition of config.filesystem, on
|
||||
which can run "nix-store -q --tree" on it and find
|
||||
out what's in the image, which is nice if it's unexpectedly huge
|
||||
'';
|
||||
};
|
||||
rootdir = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
directory of files to package into root filesystem
|
||||
'';
|
||||
};
|
||||
bootablerootdir = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
directory of files to package into root filesystem, including
|
||||
a kernel and appropriate associated gubbins for the
|
||||
selected bootloader
|
||||
'';
|
||||
};
|
||||
rootfs = mkOption {
|
||||
type = types.package;
|
||||
internal = true;
|
||||
description = ''
|
||||
root filesystem (squashfs or jffs2) image
|
||||
'';
|
||||
internal = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
system.outputs = rec {
|
||||
dtb = liminix.builders.dtb {
|
||||
# tftpd = pkgs.buildPackages.tufted;
|
||||
kernel = liminix.builders.kernel.override {
|
||||
inherit (config.kernel) config src extraPatchPhase;
|
||||
};
|
||||
dtb = (callPackage ../kernel/dtb.nix {}) {
|
||||
inherit (config.boot) commandLine;
|
||||
dts = config.hardware.dts.src;
|
||||
includes = config.hardware.dts.includes ++ [
|
||||
"${o.kernel.headers}/include"
|
||||
"${kernel.headers}/include"
|
||||
];
|
||||
};
|
||||
uimage = liminix.builders.uimage {
|
||||
uimage = (callPackage ../kernel/uimage.nix {}) {
|
||||
commandLine = concatStringsSep " " config.boot.commandLine;
|
||||
inherit (config.hardware) loadAddress entryPoint;
|
||||
inherit (config.boot) imageFormat;
|
||||
inherit (o) kernel dtb;
|
||||
inherit kernel;
|
||||
inherit dtb;
|
||||
};
|
||||
rootdir =
|
||||
let
|
||||
inherit (pkgs.pkgsBuildBuild) runCommand;
|
||||
in runCommand "mktree" { } ''
|
||||
mkdir -p $out/nix/store/ $out/secrets $out/boot
|
||||
cp ${o.systemConfiguration}/bin/activate $out/activate
|
||||
ln -s ${pkgs.s6-init-bin}/bin/init $out/init
|
||||
mkdir -p $out/nix/store
|
||||
for path in $(cat ${o.systemConfiguration}/etc/nix-store-paths) ; do
|
||||
(cd $out && cp -a $path .$path)
|
||||
done
|
||||
'';
|
||||
bootablerootdir =
|
||||
let inherit (pkgs.pkgsBuildBuild) runCommand;
|
||||
in runCommand "add-slash-boot" { } ''
|
||||
cp -a ${o.rootdir} $out
|
||||
${if config.boot.loader.extlinux.enable
|
||||
then "(cd $out && chmod -R +w . && rmdir boot && cp -a ${o.extlinux} boot)"
|
||||
else ""
|
||||
}
|
||||
'';
|
||||
# could use trivial-builders.linkFarmFromDrvs here?
|
||||
vmroot = pkgs.runCommand "qemu" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${config.system.outputs.rootfs} rootfs
|
||||
ln -s ${kernel} vmlinux
|
||||
ln -s ${manifest} manifest
|
||||
ln -s ${kernel.headers} build
|
||||
'';
|
||||
|
||||
manifest = writeText "manifest.json" (builtins.toJSON config.filesystem.contents);
|
||||
};
|
||||
};
|
||||
|
@ -1,38 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
o = config.system.outputs;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./initramfs.nix
|
||||
];
|
||||
config = mkIf (config.rootfsType == "ext4") {
|
||||
kernel.config = {
|
||||
EXT4_FS = "y";
|
||||
EXT4_USE_FOR_EXT2 = "y";
|
||||
FS_ENCRYPTION = "y";
|
||||
};
|
||||
boot.initramfs.enable = true;
|
||||
system.outputs = {
|
||||
rootfs =
|
||||
let
|
||||
inherit (pkgs.pkgsBuildBuild) runCommand e2fsprogs;
|
||||
in runCommand "mkfs.ext4" {
|
||||
depsBuildBuild = [ e2fsprogs ];
|
||||
} ''
|
||||
tree=${o.bootablerootdir}
|
||||
size=$(du -s --apparent-size --block-size 1024 $tree |cut -f1)
|
||||
# add 25% for filesystem overhead
|
||||
size=$(( 5 * $size / 4))
|
||||
dd if=/dev/zero of=$out bs=1024 count=$size
|
||||
mke2fs -t ext4 -j -d $tree $out
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,39 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types concatStringsSep;
|
||||
cfg = config.boot.loader.extlinux;
|
||||
o = config.system.outputs;
|
||||
cmdline = concatStringsSep " " config.boot.commandLine;
|
||||
wantsDtb = config.hardware.dts ? src && config.hardware.dts.src != null;
|
||||
in {
|
||||
options.system.outputs.extlinux = mkOption {
|
||||
type = types.package;
|
||||
# description = "";
|
||||
};
|
||||
options.boot.loader.extlinux.enable = mkEnableOption "extlinux";
|
||||
|
||||
config = { # mkIf cfg.enable {
|
||||
system.outputs.extlinux = pkgs.runCommand "extlinux" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
${if wantsDtb then "cp ${o.dtb} dtb" else "true"}
|
||||
cp ${o.initramfs} initramfs
|
||||
cp ${o.zimage} kernel
|
||||
mkdir extlinux
|
||||
cat > extlinux/extlinux.conf << _EOF
|
||||
menu title Liminix
|
||||
timeout 100
|
||||
label Liminix
|
||||
kernel /boot/kernel
|
||||
# initrd /boot/initramfs
|
||||
append ${cmdline} root=/dev/vda1
|
||||
${if wantsDtb then "fdt /boot/dtb" else ""}
|
||||
_EOF
|
||||
'';
|
||||
};
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
o = config.system.outputs;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./initramfs.nix
|
||||
];
|
||||
|
||||
config = mkIf (config.rootfsType == "jffs2") {
|
||||
kernel.config = {
|
||||
JFFS2_FS = "y";
|
||||
JFFS2_LZO = "y";
|
||||
JFFS2_RTIME = "y";
|
||||
JFFS2_COMPRESSION_OPTIONS = "y";
|
||||
JFFS2_ZLIB = "y";
|
||||
JFFS2_CMODE_SIZE = "y";
|
||||
};
|
||||
boot.initramfs.enable = true;
|
||||
system.outputs = {
|
||||
rootfs =
|
||||
let
|
||||
inherit (pkgs.pkgsBuildBuild) runCommand mtdutils;
|
||||
endian = if pkgs.stdenv.isBigEndian
|
||||
then "--big-endian" else "--little-endian";
|
||||
in runCommand "make-jffs2" {
|
||||
depsBuildBuild = [ mtdutils ];
|
||||
} ''
|
||||
tree=${o.bootablerootdir}
|
||||
(cd $tree && mkfs.jffs2 --compression-mode=size ${endian} -e ${toString config.hardware.flash.eraseBlockSize} --enable-compressor=lzo --pad --root . --output $out --squash --faketime )
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
o = config.system.outputs;
|
||||
phram_address = lib.toHexString (config.hardware.ram.startAddress + 256 * 1024 * 1024);
|
||||
in {
|
||||
options.system.outputs = {
|
||||
mbrimage = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
mbrimage
|
||||
*********
|
||||
|
||||
This creates a disk image file with a partition table containing
|
||||
the contents of ``outputs.rootfs`` as its only partition.
|
||||
'';
|
||||
};
|
||||
vmdisk = mkOption { type = types.package; };
|
||||
};
|
||||
|
||||
config = {
|
||||
system.outputs = {
|
||||
mbrimage =
|
||||
let
|
||||
o = config.system.outputs;
|
||||
in pkgs.runCommand "mbrimage" {
|
||||
depsBuildBuild = [ pkgs.pkgsBuildBuild.util-linux ];
|
||||
} ''
|
||||
# leave 4 sectors at start for partition table
|
||||
# and alignment to 2048 bytes (does that help?)
|
||||
dd if=${o.rootfs} of=$out bs=512 seek=4 conv=sync
|
||||
echo '4,-,L,*' | sfdisk $out
|
||||
'';
|
||||
vmdisk = pkgs.runCommand "vmdisk" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${o.mbrimage} ./mbrimage
|
||||
cat > run.sh <<EOF
|
||||
#!${pkgs.runtimeShell}
|
||||
${pkgs.pkgsBuildBuild.run-liminix-vm}/bin/run-liminix-vm --arch ${pkgs.stdenv.hostPlatform.qemuArch} --u-boot ${o.u-boot}/u-boot.bin --phram-address 0x${phram_address} --disk-image ${o.mbrimage} \$* /dev/null /dev/null
|
||||
EOF
|
||||
chmod +x run.sh
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,117 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
inherit (config.boot) tftp;
|
||||
in {
|
||||
options.system.outputs = {
|
||||
firmware = mkOption {
|
||||
type = types.package;
|
||||
internal = true; # component of mtdimage
|
||||
description = ''
|
||||
Binary image (combining kernel, FDT, rootfs, initramfs
|
||||
if needed, etc) for the target device.
|
||||
'';
|
||||
};
|
||||
flash-scr = mkOption {
|
||||
type = types.package;
|
||||
internal = true; # component of mtdimage
|
||||
description = ''
|
||||
Copy-pastable U-Boot commands to TFTP download the
|
||||
image and write it to flash
|
||||
'';
|
||||
};
|
||||
mtdimage = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
mtdimage
|
||||
**********
|
||||
|
||||
This creates an image called :file:`firmware.bin` suitable for
|
||||
squashfs or jffs2 systems. It can be flashed from U-Boot (if
|
||||
you have a serial console connection), or on some devices from
|
||||
the vendor firmware, or from a Liminix kexecboot system.
|
||||
|
||||
If you are flashing from U-Boot, the file
|
||||
:file:`flash.scr` is a sequence of commands
|
||||
which you can paste at the U-Boot prompt to
|
||||
to transfer the firmware file from a TFTP server and
|
||||
write it to flash. **Please read the script before
|
||||
running it: flash operations carry the potential to
|
||||
brick your device**
|
||||
|
||||
.. NOTE::
|
||||
|
||||
TTL serial connections typically have no form of flow
|
||||
control and so don't always like having massive chunks of
|
||||
text pasted into them - and U-Boot may drop characters
|
||||
while it's busy. So don't necessarily expect to copy-paste
|
||||
the whole of :file:`flash.scr` into a terminal emulator and
|
||||
have it work just like that. You may need to paste each
|
||||
line one at a time, or even retype it.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
kernel = {
|
||||
config = {
|
||||
MTD_SPLIT_UIMAGE_FW = "y";
|
||||
} // lib.optionalAttrs (pkgs.stdenv.isMips) {
|
||||
# https://stackoverflow.com/questions/26466470/can-the-logical-erase-block-size-of-an-mtd-device-be-increased
|
||||
MTD_SPI_NOR_USE_4K_SECTORS = "n";
|
||||
};
|
||||
};
|
||||
|
||||
programs.busybox.applets = [
|
||||
"flashcp"
|
||||
];
|
||||
|
||||
system.outputs = {
|
||||
firmware =
|
||||
let
|
||||
o = config.system.outputs;
|
||||
bs = toString config.hardware.flash.eraseBlockSize;
|
||||
in pkgs.runCommand "firmware" {} ''
|
||||
dd if=${o.uimage} of=$out bs=${bs} conv=sync
|
||||
dd if=${o.rootfs} of=$out bs=${bs} conv=sync,nocreat,notrunc oflag=append
|
||||
'';
|
||||
mtdimage =
|
||||
let o = config.system.outputs; in
|
||||
# could use trivial-builders.linkFarmFromDrvs here?
|
||||
pkgs.runCommand "mtdimage" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${o.firmware} firmware.bin
|
||||
ln -s ${o.rootfs} rootfs
|
||||
ln -s ${o.kernel} vmlinux
|
||||
ln -s ${o.manifest} manifest
|
||||
ln -s ${o.kernel.headers} build
|
||||
ln -s ${o.uimage} uimage
|
||||
ln -s ${o.dtb} dtb
|
||||
ln -s ${o.flash-scr} flash.scr
|
||||
'';
|
||||
|
||||
flash-scr =
|
||||
let
|
||||
inherit (pkgs.lib.trivial) toHexString;
|
||||
inherit (config.hardware) flash;
|
||||
in
|
||||
pkgs.buildPackages.runCommand "" {} ''
|
||||
imageSize=$(stat -L -c %s ${config.system.outputs.firmware})
|
||||
cat > $out << EOF
|
||||
setenv serverip ${tftp.serverip}
|
||||
setenv ipaddr ${tftp.ipaddr}
|
||||
tftp 0x${toHexString tftp.loadAddress} result/firmware.bin
|
||||
erase 0x${toHexString flash.address} +0x${toHexString flash.size}
|
||||
cp.b 0x${toHexString tftp.loadAddress} 0x${toHexString flash.address} \''${filesize}
|
||||
echo command line was ${builtins.toJSON (concatStringsSep " " config.boot.commandLine)}
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,127 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
cfg = config.boot.tftp;
|
||||
in {
|
||||
imports = [ ../ramdisk.nix ];
|
||||
options.boot.tftp = {
|
||||
freeSpaceBytes = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
};
|
||||
kernelFormat = mkOption {
|
||||
type = types.enum [ "zimage" "uimage" ];
|
||||
default = "uimage";
|
||||
};
|
||||
compressRoot = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
options.system.outputs = {
|
||||
tftpboot = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
tftpboot
|
||||
********
|
||||
|
||||
This output is intended for developing on a new device.
|
||||
It assumes you have a serial connection and a
|
||||
network connection to the device and that your
|
||||
build machine is running a TFTP server.
|
||||
|
||||
The output is a directory containing kernel and
|
||||
root filesystem image, and a script :file:`boot.scr` of U-Boot
|
||||
commands that will load the images into memory and
|
||||
run them directly,
|
||||
instead of first writing them to flash. This saves
|
||||
time and erase cycles.
|
||||
|
||||
It uses the Linux `phram <https://github.com/torvalds/linux/blob/master/drivers/mtd/devices/phram.c>`_ driver to emulate a flash device using a segment of physical RAM.
|
||||
'';
|
||||
};
|
||||
};
|
||||
config = {
|
||||
boot.ramdisk.enable = true;
|
||||
|
||||
system.outputs = rec {
|
||||
tftpboot =
|
||||
let
|
||||
inherit (pkgs.lib.trivial) toHexString;
|
||||
o = config.system.outputs;
|
||||
image = let choices = {
|
||||
uimage = o.uimage;
|
||||
zimage = o.zimage;
|
||||
}; in choices.${cfg.kernelFormat};
|
||||
bootCommand = let choices = {
|
||||
uimage = "bootm";
|
||||
zimage = "bootz";
|
||||
}; in choices.${cfg.kernelFormat};
|
||||
cmdline = concatStringsSep " " config.boot.commandLine;
|
||||
in
|
||||
pkgs.runCommand "tftpboot" { nativeBuildInputs = with pkgs.pkgsBuildBuild; [ lzma dtc ]; } ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
binsize() { local s=$(stat -L -c %s $1); echo $(($s + 0x1000 &(~0xfff))); }
|
||||
binsize64k() { local s=$(stat -L -c %s $1); echo $(($s + 0x10000 &(~0xffff))); }
|
||||
hex() { printf "0x%x" $1; }
|
||||
rootfsStart=${toString cfg.loadAddress}
|
||||
rootfsSize=$(binsize64k ${o.rootfs} )
|
||||
dtbStart=$(($rootfsStart + $rootfsSize))
|
||||
dtbSize=$(binsize ${o.dtb} )
|
||||
imageStart=$(($dtbStart + $dtbSize))
|
||||
imageSize=$(binsize ${image})
|
||||
|
||||
ln -s ${o.manifest} manifest
|
||||
ln -s ${image} image
|
||||
ln -s ${o.kernel} vmlinux # handy for gdb
|
||||
|
||||
${if cfg.compressRoot
|
||||
then ''
|
||||
lzma -z9cv ${o.rootfs} > rootfs.lz
|
||||
rootfsLzStart=$(($imageStart + $imageSize))
|
||||
rootfsLzSize=$(binsize rootfs.lz)
|
||||
''
|
||||
else "ln -s ${o.rootfs} rootfs"
|
||||
}
|
||||
cat ${o.dtb} > dtb
|
||||
address_cells=$(fdtget dtb / '#address-cells')
|
||||
size_cells=$(fdtget dtb / '#size-cells')
|
||||
if [ $address_cells -gt 1 ]; then ac_prefix=0; fi
|
||||
if [ $size_cells -gt 1 ]; then sz_prefix=0; fi
|
||||
|
||||
fdtput -p dtb /reserved-memory '#address-cells' $address_cells
|
||||
fdtput -p dtb /reserved-memory '#size-cells' $size_cells
|
||||
fdtput -p dtb /reserved-memory ranges
|
||||
node=$(printf "phram-rootfs@%x" $rootfsStart)
|
||||
fdtput -p -t s dtb /reserved-memory/$node compatible phram
|
||||
fdtput -p -t lx dtb /reserved-memory/$node reg $ac_prefix $(hex $rootfsStart) $sz_prefix $(hex $rootfsSize)
|
||||
|
||||
cmd="liminix ${cmdline} mtdparts=phram0:''${rootfsSize}(rootfs) phram.phram=phram0,''${rootfsStart},''${rootfsSize},${toString config.hardware.flash.eraseBlockSize} root=/dev/mtdblock0";
|
||||
fdtput -t s dtb /chosen bootargs "$cmd"
|
||||
|
||||
# dtc -I dtb -O dts -o /dev/stdout dtb | grep -A10 chosen ; exit 1
|
||||
|
||||
cat > boot.scr << EOF
|
||||
setenv serverip ${cfg.serverip}
|
||||
setenv ipaddr ${cfg.ipaddr}
|
||||
tftpboot $(hex $imageStart) result/image ; ${
|
||||
if cfg.compressRoot
|
||||
then "tftpboot $(hex $rootfsLzStart) result/rootfs.lz"
|
||||
else "tftpboot $(hex $rootfsStart) result/rootfs"
|
||||
}; tftpboot $(hex $dtbStart) result/dtb
|
||||
${if cfg.compressRoot
|
||||
then "lzmadec $(hex $rootfsLzStart) $(hex $rootfsStart); "
|
||||
else ""
|
||||
} ${bootCommand} $(hex $imageStart) - $(hex $dtbStart)
|
||||
EOF
|
||||
'';
|
||||
|
||||
};
|
||||
};
|
||||
}
|
@ -1,42 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
o = config.system.outputs;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./initramfs.nix
|
||||
];
|
||||
options.hardware.ubi = {
|
||||
minIOSize = mkOption { type = types.str; };
|
||||
eraseBlockSize = mkOption { type = types.str; }; # LEB
|
||||
maxLEBcount = mkOption { type = types.str; }; # LEB
|
||||
};
|
||||
|
||||
config = mkIf (config.rootfsType == "ubifs") {
|
||||
kernel.config = {
|
||||
MTD_UBI="y";
|
||||
UBIFS_FS = "y";
|
||||
UBIFS_FS_SECURITY = "n";
|
||||
};
|
||||
boot.initramfs.enable = true;
|
||||
system.outputs = {
|
||||
rootfs =
|
||||
let
|
||||
inherit (pkgs.pkgsBuildBuild) runCommand mtdutils;
|
||||
cfg = config.hardware.ubi;
|
||||
in runCommand "mkfs.ubifs" {
|
||||
depsBuildBuild = [ mtdutils ];
|
||||
} ''
|
||||
mkdir tmp
|
||||
tree=${o.bootablerootdir}
|
||||
mkfs.ubifs -x favor_lzo -c ${cfg.maxLEBcount} -m ${cfg.minIOSize} -e ${cfg.eraseBlockSize} -y -r $tree --output $out --squash-uids -o $out
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,126 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types concatStringsSep;
|
||||
cfg = config.boot.tftp;
|
||||
instructions = pkgs.writeText "env.scr" ''
|
||||
setenv serverip ${cfg.serverip}
|
||||
setenv ipaddr ${cfg.ipaddr}
|
||||
setenv loadaddr ${lib.toHexString cfg.loadAddress}
|
||||
'';
|
||||
in {
|
||||
options.system.outputs = {
|
||||
ubimage = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
ubimage
|
||||
*******
|
||||
|
||||
This output provides a UBIFS filesystem image and a small U-Boot script
|
||||
to make the manual installation process very slightly simpler. You will
|
||||
need a serial connection and a network connection to a TFTP server
|
||||
containing the filesystem image it creates.
|
||||
|
||||
.. warning:: These steps were tested on a Belkin RT3200 (also known as
|
||||
Linksys E8450). Other devices may be set up differently,
|
||||
so use them as inspiration and don't just paste them
|
||||
blindly.
|
||||
|
||||
1) determine which MTD device is being used for UBI, and the partition name:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> ubi part
|
||||
Device 0: ubi0, MTD partition ubi
|
||||
|
||||
In this case the important value is ``ubi0``
|
||||
|
||||
2) list the available volumes and create a new one on which to install Liminix
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> ubi info l
|
||||
[ copious output scrolls past ]
|
||||
|
||||
Expect there to be existing volumes and for some or all of them to be
|
||||
important. Unless you know what you're doing, don't remove anything
|
||||
whose name suggests it's related to uboot, or any kind of backup or
|
||||
recovery partition. To see how much space is free:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> ubi info
|
||||
[ ... ]
|
||||
UBI: available PEBs: 823
|
||||
|
||||
Now we can make our new root volume
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> ubi create liminix -
|
||||
|
||||
3) transfer the root filesystem from the build system and write it
|
||||
to the new volume. Paste the environment variable settings from
|
||||
:file:`result/env.scr` into U-Boot, then run
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> tftpboot ''${loadaddr} result/rootfs
|
||||
uboot> ubi write ''${loadaddr} liminix $filesize
|
||||
|
||||
Now we have the root filesystem installed on the device. You
|
||||
can even mount it and poke around using ``ubifsmount ubi0:liminix;
|
||||
ubifsls /``
|
||||
|
||||
4) optional: before you configure the device to boot into Liminix
|
||||
automatically, you can try booting it by hand to see if it works:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> ubifsmount ubi0:liminix
|
||||
uboot> ubifsload ''${loadaddr} boot/uimage
|
||||
uboot> bootm ''${loadaddr}
|
||||
|
||||
Once you've done this and you're happy with it, reset the device to
|
||||
U-Boot. You don't need to recreate the volume but you do need to
|
||||
repeat step 3.
|
||||
|
||||
5) Instructions for configuring autoboot are likely to be very
|
||||
device-dependent. On the Linksys E8450/Belkin RT3200, the environment
|
||||
variable `boot_production` governs what happens on a normal boot, so
|
||||
you could do
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> setenv boot_production 'led $bootled_pwr on ; ubifsmount ubi0:liminix; ubifsload ''${loadaddr} boot/uimage; bootm ''${loadaddr}'
|
||||
|
||||
On other devices, some detective work may be needed. Try running
|
||||
`printenv` and look for likely commands, try looking at the existing
|
||||
boot process, maybe even try looking for documentation for that device.
|
||||
|
||||
6) Now you can reboot the device into Liminix
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
uboot> reset
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (config.rootfsType == "ubifs") {
|
||||
system.outputs = {
|
||||
ubimage =
|
||||
let o = config.system.outputs; in
|
||||
pkgs.runCommand "ubimage" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${o.rootfs} rootfs
|
||||
ln -s ${instructions} env.scr
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,73 +0,0 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
system.outputs = {
|
||||
vmroot = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
vmroot
|
||||
******
|
||||
|
||||
This target is for use with the qemu, qemu-aarch64, qemu-armv7l
|
||||
devices. It generates an executable :file:`run.sh` which
|
||||
invokes QEMU. It connects the Liminix
|
||||
serial console and the `QEMU monitor <https://www.qemu.org/docs/master/system/monitor.html>`_
|
||||
to stdin/stdout. Use ^P (not ^A) to switch between monitor and
|
||||
stdio.
|
||||
|
||||
If you call :command:`run.sh` with ``--background
|
||||
/path/to/some/directory`` as the first parameter, it will
|
||||
fork into the background and open Unix sockets in that
|
||||
directory for console and monitor. Use :command:`nix-shell
|
||||
--run connect-vm` to connect to either of these sockets, and
|
||||
^O to disconnect.
|
||||
|
||||
Liminix VMs are networked using QEMU socket networking. The
|
||||
default behaviour is to connect
|
||||
|
||||
* multicast 230.0.0.1:1234 ("access") to eth0
|
||||
* multicast 230.0.0.1:1235 ("lan") to eth1
|
||||
|
||||
Refer to :ref:`border-network-gateway` for details of how to
|
||||
start an emulated upstream on the "access" network that
|
||||
your Liminix device can talk to.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
system.outputs = rec {
|
||||
vmroot =
|
||||
let
|
||||
inherit (config.system.outputs) rootfs kernel manifest;
|
||||
cmdline = builtins.toJSON (concatStringsSep " " config.boot.commandLine);
|
||||
makeBootableImage = pkgs.runCommandCC "objcopy" {}
|
||||
(if pkgs.stdenv.hostPlatform.isAarch
|
||||
then "${pkgs.stdenv.cc.targetPrefix}objcopy -O binary -R .comment -S ${kernel} $out"
|
||||
else "cp ${kernel} $out");
|
||||
phram_address = lib.toHexString (config.hardware.ram.startAddress + 256 * 1024 * 1024);
|
||||
in pkgs.runCommand "vmroot" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${rootfs} rootfs
|
||||
ln -s ${kernel} vmlinux
|
||||
ln -s ${manifest} manifest
|
||||
ln -s ${kernel.headers} build
|
||||
echo ${cmdline} > commandline
|
||||
cat > run.sh << EOF
|
||||
#!${pkgs.runtimeShell}
|
||||
${pkgs.pkgsBuildBuild.run-liminix-vm}/bin/run-liminix-vm --command-line ${cmdline} --arch ${pkgs.stdenv.hostPlatform.qemuArch} --phram-address 0x${phram_address} \$* ${makeBootableImage} ${config.system.outputs.rootfs}
|
||||
EOF
|
||||
chmod +x run.sh
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -55,9 +55,6 @@ let
|
||||
run = {
|
||||
file = ''
|
||||
#!${execline}/bin/execlineb -P
|
||||
importas PATH PATH
|
||||
export PATH ${s6}/bin:''${PATH}
|
||||
foreground { echo path is ''${PATH} }
|
||||
${s6-linux-init}/bin/s6-linux-init-shutdownd -c "/etc/s6-linux-init/current" -g 3000
|
||||
'';
|
||||
mode = "0755";
|
||||
@ -81,44 +78,26 @@ let
|
||||
};
|
||||
getty = dir {
|
||||
run = {
|
||||
# We can't run a useful shell on /dev/console because
|
||||
# /dev/console is not allowed to be the controlling
|
||||
# tty of any process, which means ^C ^Z etc don't work.
|
||||
# So we work out what the *actual* console device is
|
||||
# using sysfs and open our shell there instead.
|
||||
file = ''
|
||||
#!${execline}/bin/execlineb -P
|
||||
${execline}/bin/cd /
|
||||
redirfd -r 0 /sys/devices/virtual/tty/console/active
|
||||
withstdinas CONSOLETTY
|
||||
importas CONSOLETTY CONSOLETTY
|
||||
redirfd -w 2 /dev/''${CONSOLETTY}
|
||||
fdmove -c 1 2
|
||||
redirfd -r 0 /dev/''${CONSOLETTY}
|
||||
/bin/ash -l
|
||||
'';
|
||||
#!${execline}/bin/execlineb -P
|
||||
/bin/getty -l /bin/login 115200 /dev/console
|
||||
'';
|
||||
mode = "0755";
|
||||
};
|
||||
down-signal = {
|
||||
file = "HUP\n";
|
||||
};
|
||||
};
|
||||
".s6-svscan" =
|
||||
let
|
||||
openConsole = ''
|
||||
#!${execline}/bin/execlineb -P
|
||||
${execline}/bin/redirfd -w 2 /dev/console
|
||||
${execline}/bin/fdmove -c 1 2
|
||||
'';
|
||||
quit = message: ''
|
||||
${openConsole}
|
||||
${execline}/bin/foreground { ${s6-linux-init}/bin/s6-linux-init-echo -- ${message} }
|
||||
${s6-linux-init}/bin/s6-linux-init-hpr -fr
|
||||
'';
|
||||
#!${execline}/bin/execlineb -P
|
||||
${execline}/bin/redirfd -w 2 /dev/console
|
||||
${execline}/bin/fdmove -c 1 2
|
||||
${execline}/bin/foreground { ${s6-linux-init}/bin/s6-linux-init-echo -- ${message} }
|
||||
${s6-linux-init}/bin/s6-linux-init-hpr -fr
|
||||
'';
|
||||
shutdown = action: ''
|
||||
#!${execline}/bin/execlineb -P
|
||||
${s6-linux-init}/bin/s6-linux-init-shutdown -a #{action} -- now
|
||||
'';
|
||||
#!${execline}/bin/execlineb -P
|
||||
${s6-linux-init}/bin/s6-linux-init-hpr -a #{action} -- now
|
||||
'';
|
||||
empty = "#!${execline}/bin/execlineb -P\n";
|
||||
in dir {
|
||||
crash = {
|
||||
@ -126,13 +105,7 @@ let
|
||||
mode = "0755";
|
||||
};
|
||||
finish = {
|
||||
file = ''
|
||||
${openConsole}
|
||||
ifelse { test -x /run/maintenance/exec } { /run/maintenance/exec }
|
||||
foreground { echo "s6-svscan exited. Rebooting." }
|
||||
wait { }
|
||||
${s6-linux-init}/bin/s6-linux-init-hpr -fr
|
||||
'';
|
||||
file = quit "s6-svscan exited. Rebooting.";
|
||||
mode = "0755";
|
||||
};
|
||||
SIGINT = {
|
||||
@ -168,6 +141,7 @@ let
|
||||
};
|
||||
in {
|
||||
config = {
|
||||
programs.busybox.applets = [ "login" "getty" ];
|
||||
filesystem = dir {
|
||||
etc = dir {
|
||||
s6-rc = dir {
|
||||
|
@ -1,22 +1,18 @@
|
||||
#!/bin/sh -e
|
||||
|
||||
## s6-linux-init-shutdownd never tells s6-svscan to exit, so if
|
||||
## you're running s6-linux-init, it's normal that your
|
||||
## .s6-svscan/finish script is not executed.
|
||||
### Things to do *right before* the machine gets rebooted or
|
||||
### powered off, at the very end of the shutdown sequence,
|
||||
### when all the filesystems are unmounted.
|
||||
|
||||
## The place where you want to hack things is /etc/rc.shutdown.final,
|
||||
## which is run by the stage 4 script right before the hard reboot.
|
||||
## So you can do dirty stuff [...] which should clean up the
|
||||
## s6-supervise and the foreground, and give control to
|
||||
## .s6-svscan/finish.
|
||||
### This is a last resort hook; normally nothing should be
|
||||
### done here (your rc.shutdown script should have taken care
|
||||
### of everything) and you should leave this script empty.
|
||||
|
||||
## -- Laurent Bercot on skaware mailing list,
|
||||
## https://skarnet.org/lists/skaware/1913.html
|
||||
### Some distributions, however, may need to perform some
|
||||
### actions after unmounting the filesystems: typically if
|
||||
### an additional teardown action is required on a filesystem
|
||||
### after unmounting it, or if the system needs to be
|
||||
### pivot_rooted before it can be shut down, etc.
|
||||
|
||||
exec >/dev/console 2>&1
|
||||
|
||||
# down, exit supervisor, wait, stay down
|
||||
s6-svc -dxwD /run/service/s6-linux-init-shutdownd
|
||||
# HUP, exit supervisor, wait, down
|
||||
s6-svc -hxwd /run/service/s6-svscan-log
|
||||
s6-svscanctl -b /run/service # abort
|
||||
### Those are all exceptional cases. If you don't know for
|
||||
### certain that you need to do something here, you don't.
|
||||
|
@ -12,9 +12,5 @@ in
|
||||
config = mkIf (config.rootfsType == "squashfs") {
|
||||
system.outputs.rootfs =
|
||||
liminix.builders.squashfs config.filesystem.contents;
|
||||
kernel.config = {
|
||||
SQUASHFS = "y";
|
||||
SQUASHFS_XZ = "y";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -35,8 +35,6 @@ longrun {
|
||||
if test -d /persist; then
|
||||
mkdir -p /persist/secrets/dropbear
|
||||
ln -s /persist/secrets/dropbear /run
|
||||
else
|
||||
mkdir -p /run/dropbear
|
||||
fi
|
||||
. /etc/profile # sets PATH but do we need this? it's the same file as ashrc
|
||||
exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options}
|
||||
|
11
modules/standard.nix
Normal file
11
modules/standard.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{
|
||||
# "standard" modules that aren't fundamentally required,
|
||||
# but are probably useful in most common workflows and
|
||||
# you should have to opt out of instead of into
|
||||
imports = [
|
||||
./tftpboot.nix
|
||||
./kexecboot.nix
|
||||
./flashimage.nix
|
||||
./jffs2.nix
|
||||
];
|
||||
}
|
70
modules/tftpboot.nix
Normal file
70
modules/tftpboot.nix
Normal file
@ -0,0 +1,70 @@
|
||||
{
|
||||
config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types concatStringsSep;
|
||||
cfg = config.boot.tftp;
|
||||
in {
|
||||
imports = [ ./ramdisk.nix ];
|
||||
options.boot.tftp.freeSpaceBytes = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
};
|
||||
options.system.outputs = {
|
||||
tftpboot = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
Directory containing files needed for TFTP booting
|
||||
'';
|
||||
};
|
||||
boot-scr = mkOption {
|
||||
type = types.package;
|
||||
description = ''
|
||||
U-Boot commands to load and boot a kernel and rootfs over TFTP.
|
||||
Copy-paste into the device boot monitor
|
||||
'';
|
||||
};
|
||||
};
|
||||
config = {
|
||||
boot.ramdisk.enable = true;
|
||||
|
||||
system.outputs = rec {
|
||||
tftpboot =
|
||||
let o = config.system.outputs; in
|
||||
pkgs.runCommand "tftpboot" {} ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
ln -s ${o.rootfs} rootfs
|
||||
ln -s ${o.kernel} vmlinux
|
||||
ln -s ${o.manifest} manifest
|
||||
ln -s ${o.kernel.headers} build
|
||||
ln -s ${o.uimage} uimage
|
||||
ln -s ${o.boot-scr} boot.scr
|
||||
'';
|
||||
|
||||
boot-scr =
|
||||
let
|
||||
inherit (pkgs.lib.trivial) toHexString;
|
||||
o = config.system.outputs;
|
||||
in
|
||||
pkgs.buildPackages.runCommand "boot-scr" {} ''
|
||||
uimageSize=$(($(stat -L -c %s ${o.uimage}) + 0x1000 &(~0xfff)))
|
||||
rootfsStart=0x$(printf %x $((${cfg.loadAddress} + 0x100000 + $uimageSize)))
|
||||
rootfsBytes=$(($(stat -L -c %s ${o.rootfs}) + 0x100000 &(~0xfffff)))
|
||||
rootfsBytes=$(($rootfsBytes + ${toString cfg.freeSpaceBytes} ))
|
||||
cmd="mtdparts=phram0:''${rootfsMb}M(rootfs) phram.phram=phram0,''${rootfsStart},''${rootfsBytes},${config.hardware.flash.eraseBlockSize} memmap=''${rootfsBytes}\$''${rootfsStart} root=/dev/mtdblock0";
|
||||
|
||||
cat > $out << EOF
|
||||
setenv serverip ${cfg.serverip}
|
||||
setenv ipaddr ${cfg.ipaddr}
|
||||
setenv bootargs 'liminix $cmd'
|
||||
tftp 0x$(printf %x ${cfg.loadAddress}) result/uimage ; tftp 0x$(printf %x $rootfsStart) result/rootfs
|
||||
bootm 0x$(printf %x ${cfg.loadAddress})
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
## VLAN
|
||||
## ====
|
||||
##
|
||||
## Virtual LANs give you the ability to sub-divide a LAN. Linux can
|
||||
## accept VLAN tagged traffic and presents each VLAN ID as a
|
||||
## different network interface (eg: eth0.100 for VLAN ID 100)
|
||||
##
|
||||
## Some Liminix devices with multiple ethernet ports are implemented
|
||||
## using a network switch connecting the physical ports to the CPU,
|
||||
## and require using VLAN in order to send different traffic to
|
||||
## different ports (e.g. LAN vs WAN)
|
||||
|
||||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
inherit (pkgs) liminix;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
system.service.vlan = mkOption { type = liminix.lib.types.serviceDefn; };
|
||||
};
|
||||
config.system.service.vlan = liminix.callService ./service.nix {
|
||||
ifname = mkOption {
|
||||
type = types.str;
|
||||
description = "interface name to create";
|
||||
};
|
||||
primary = mkOption {
|
||||
description = "existing physical interface";
|
||||
type = liminix.lib.types.interface;
|
||||
};
|
||||
vid = mkOption {
|
||||
description = "VLAN identifier (VID) in range 1-4094";
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
config.kernel.config = {
|
||||
VLAN_8021Q = "y";
|
||||
};
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
}:
|
||||
{ ifname, primary, vid } :
|
||||
let
|
||||
inherit (liminix.services) oneshot;
|
||||
in oneshot rec {
|
||||
name = "${ifname}.link";
|
||||
up = ''
|
||||
ip link add link $(output ${primary} ifname) name ${ifname} type vlan id ${vid}
|
||||
${liminix.networking.ifup name ifname}
|
||||
(in_outputs ${name}
|
||||
echo ${ifname} > ifname
|
||||
)
|
||||
'';
|
||||
down = "ip link set down dev ${ifname}";
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
## Watchdog
|
||||
##
|
||||
## Enable hardware watchdog (for devices that support one) and
|
||||
## feed it by checking the health of specified critical services.
|
||||
## If the watchdog feeder stops, the device will reboot.
|
||||
|
||||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs) liminix;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
system.service.watchdog = mkOption {
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
};
|
||||
config.system.service.watchdog = liminix.callService ./watchdog.nix {
|
||||
watched = mkOption {
|
||||
description = "services to watch";
|
||||
type = types.listOf liminix.lib.types.service;
|
||||
};
|
||||
headStart = mkOption {
|
||||
description = "delay in seconds before watchdog starts checking service health";
|
||||
default = 60;
|
||||
type = types.int;
|
||||
};
|
||||
};
|
||||
config.kernel.config.WATCHDOG = "y";
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
#!/bin/sh
|
||||
deadline=$(expr $(date +%s) + ${HEADSTART})
|
||||
services=$@
|
||||
echo started feeding the dog
|
||||
exec 3> ${WATCHDOG-/dev/watchdog}
|
||||
|
||||
healthy(){
|
||||
test $(date +%s) -le $deadline && return 0
|
||||
|
||||
for i in $services; do
|
||||
if test "$(s6-svstat -o up /run/service/$i)" != "true" ; then
|
||||
echo "service $i is down"
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
while healthy ;do
|
||||
sleep 10
|
||||
echo >&3
|
||||
done
|
||||
echo "stopped feeding the dog"
|
||||
sleep 6000 # don't want s6-rc to restart
|
@ -1,12 +0,0 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
}:
|
||||
{ watched, headStart } :
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
in longrun {
|
||||
name = "watchdog";
|
||||
run =
|
||||
"HEADSTART=${toString headStart} ${./gaspode.sh} ${lib.concatStringsSep " " (builtins.map (s: s.name) watched)}";
|
||||
}
|
212
overlay.nix
212
overlay.nix
@ -44,12 +44,20 @@ let
|
||||
lua = let s = lua_no_readline.override { self = s; }; in s;
|
||||
in
|
||||
extraPkgs // {
|
||||
# liminix library functions
|
||||
lim = {
|
||||
parseInt = s : (builtins.fromTOML "r=${s}").r;
|
||||
};
|
||||
mtdutils = prev.mtdutils.overrideAttrs(o: {
|
||||
patches = (if o ? patches then o.patches else []) ++ [
|
||||
./pkgs/mtdutils/0001-mkfs.jffs2-add-graft-option.patch
|
||||
];
|
||||
});
|
||||
|
||||
rsyncSmall =
|
||||
let r = prev.rsync.overrideAttrs(o: {
|
||||
configureFlags = o.configureFlags ++ [
|
||||
"--disable-openssl"
|
||||
];
|
||||
});
|
||||
in r.override { openssl = null; };
|
||||
|
||||
# keep these alphabetical
|
||||
chrony =
|
||||
let chrony' = prev.chrony.overrideAttrs(o: {
|
||||
configureFlags = [
|
||||
@ -71,6 +79,49 @@ extraPkgs // {
|
||||
|
||||
};
|
||||
|
||||
strace = prev.strace.override { libunwind = null; };
|
||||
|
||||
kexec-tools-static = prev.kexec-tools.overrideAttrs(o: {
|
||||
# For kexecboot we copy kexec into a ramdisk on the system being
|
||||
# upgraded from. This is more likely to work if kexec is
|
||||
# statically linked so doesn't have dependencies on store paths that
|
||||
# may not exist on that machine. (We can't nix-copy-closure as
|
||||
# the store may not be on a writable filesystem)
|
||||
LDFLAGS = "-static";
|
||||
|
||||
patches = o.patches ++ [
|
||||
(fetchpatch {
|
||||
# merge user command line options into DTB chosen
|
||||
url = "https://patch-diff.githubusercontent.com/raw/horms/kexec-tools/pull/3.patch";
|
||||
hash = "sha256-MvlJhuex9dlawwNZJ1sJ33YPWn1/q4uKotqkC/4d2tk=";
|
||||
})
|
||||
pkgs/kexec-map-file.patch
|
||||
];
|
||||
});
|
||||
|
||||
luaFull = prev.lua;
|
||||
inherit lua;
|
||||
|
||||
inherit s6;
|
||||
s6-linux-init = prev.s6-linux-init.override {
|
||||
skawarePackages = prev.skawarePackages // {
|
||||
inherit s6;
|
||||
};
|
||||
};
|
||||
s6-rc = prev.s6-rc.override {
|
||||
skawarePackages = prev.skawarePackages // {
|
||||
inherit s6;
|
||||
};
|
||||
};
|
||||
|
||||
nftables = prev.nftables.overrideAttrs(o: {
|
||||
configureFlags = [
|
||||
"--disable-debug"
|
||||
"--disable-python"
|
||||
"--with-mini-gmp"
|
||||
"--without-cli"
|
||||
];
|
||||
});
|
||||
|
||||
dnsmasq =
|
||||
let d = prev.dnsmasq.overrideAttrs(o: {
|
||||
@ -83,15 +134,6 @@ extraPkgs // {
|
||||
nettle = null;
|
||||
};
|
||||
|
||||
dropbear = prev.dropbear.overrideAttrs (o: {
|
||||
postPatch = ''
|
||||
(echo '#define DSS_PRIV_FILENAME "/run/dropbear/dropbear_dss_host_key"'
|
||||
echo '#define RSA_PRIV_FILENAME "/run/dropbear/dropbear_rsa_host_key"'
|
||||
echo '#define ECDSA_PRIV_FILENAME "/run/dropbear/dropbear_ecdsa_host_key"'
|
||||
echo '#define ED25519_PRIV_FILENAME "/run/dropbear/dropbear_ed25519_host_key"') > localoptions.h
|
||||
'';
|
||||
});
|
||||
|
||||
hostapd =
|
||||
let
|
||||
config = [
|
||||
@ -119,142 +161,14 @@ extraPkgs // {
|
||||
});
|
||||
in h.override { openssl = null; sqlite = null; };
|
||||
|
||||
kexec-tools-static = prev.kexec-tools.overrideAttrs(o: {
|
||||
# For kexecboot we copy kexec into a ramdisk on the system being
|
||||
# upgraded from. This is more likely to work if kexec is
|
||||
# statically linked so doesn't have dependencies on store paths that
|
||||
# may not exist on that machine. (We can't nix-copy-closure as
|
||||
# the store may not be on a writable filesystem)
|
||||
LDFLAGS = "-static";
|
||||
|
||||
patches = o.patches ++ [
|
||||
(fetchpatch {
|
||||
# merge user command line options into DTB chosen
|
||||
url = "https://patch-diff.githubusercontent.com/raw/horms/kexec-tools/pull/3.patch";
|
||||
hash = "sha256-MvlJhuex9dlawwNZJ1sJ33YPWn1/q4uKotqkC/4d2tk=";
|
||||
})
|
||||
pkgs/kexec-map-file.patch
|
||||
];
|
||||
});
|
||||
|
||||
luaFull = prev.lua;
|
||||
inherit lua;
|
||||
|
||||
mtdutils = prev.mtdutils.overrideAttrs(o: {
|
||||
patches = (if o ? patches then o.patches else []) ++ [
|
||||
./pkgs/mtdutils/0001-mkfs.jffs2-add-graft-option.patch
|
||||
];
|
||||
});
|
||||
|
||||
nftables = prev.nftables.overrideAttrs(o: {
|
||||
configureFlags = [
|
||||
"--disable-debug"
|
||||
"--disable-python"
|
||||
"--with-mini-gmp"
|
||||
"--without-cli"
|
||||
];
|
||||
});
|
||||
|
||||
openssl = prev.openssl.overrideAttrs (o: {
|
||||
# we want to apply
|
||||
# https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/20273.patch";
|
||||
# which disables overriding the -march cflags to the wrong values,
|
||||
# but openssl is used for bootstrapping so that's easier said than
|
||||
# done. Do it the ugly way..
|
||||
postPatch =
|
||||
o.postPatch
|
||||
+ (with final;
|
||||
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform)
|
||||
"\nsed -i.bak 's/linux.*-mips/linux-mops/' Configure\n");
|
||||
dropbear = prev.dropbear.overrideAttrs (o: {
|
||||
postPatch = ''
|
||||
(echo '#define DSS_PRIV_FILENAME "/run/dropbear/dropbear_dss_host_key"'
|
||||
echo '#define RSA_PRIV_FILENAME "/run/dropbear/dropbear_rsa_host_key"'
|
||||
echo '#define ECDSA_PRIV_FILENAME "/run/dropbear/dropbear_ecdsa_host_key"'
|
||||
echo '#define ED25519_PRIV_FILENAME "/run/dropbear/dropbear_ed25519_host_key"') > localoptions.h
|
||||
'';
|
||||
});
|
||||
|
||||
pppBuild = prev.ppp;
|
||||
|
||||
qemuLim = let q = prev.qemu.overrideAttrs (o: {
|
||||
patches = o.patches ++ [
|
||||
./pkgs/qemu/arm-image-friendly-load-addr.patch
|
||||
];
|
||||
}); in q.override { nixosTestRunner = true; sdlSupport = false; };
|
||||
|
||||
rsyncSmall =
|
||||
let r = prev.rsync.overrideAttrs(o: {
|
||||
configureFlags = o.configureFlags ++ [
|
||||
"--disable-openssl"
|
||||
];
|
||||
});
|
||||
in r.override { openssl = null; };
|
||||
|
||||
|
||||
inherit s6;
|
||||
s6-linux-init = prev.s6-linux-init.override {
|
||||
skawarePackages = prev.skawarePackages // {
|
||||
inherit s6;
|
||||
};
|
||||
};
|
||||
s6-rc = prev.s6-rc.override {
|
||||
skawarePackages = prev.skawarePackages // {
|
||||
inherit s6;
|
||||
};
|
||||
};
|
||||
|
||||
strace = prev.strace.override { libunwind = null; };
|
||||
|
||||
ubootQemuAarch64 = final.buildUBoot {
|
||||
defconfig = "qemu_arm64_defconfig";
|
||||
extraMeta.platforms = ["aarch64-linux"];
|
||||
filesToInstall = ["u-boot.bin"];
|
||||
};
|
||||
|
||||
ubootQemuArm = final.buildUBoot {
|
||||
defconfig = "qemu_arm_defconfig";
|
||||
extraMeta.platforms = ["armv7l-linux"];
|
||||
filesToInstall = ["u-boot.bin"];
|
||||
extraConfig = ''
|
||||
CONFIG_CMD_UBI=y
|
||||
CONFIG_CMD_UBIFS=y
|
||||
CONFIG_BOOTSTD=y
|
||||
CONFIG_BOOTMETH_DISTRO=y
|
||||
CONFIG_LZMA=y
|
||||
CONFIG_CMD_LZMADEC=y
|
||||
CONFIG_SYS_BOOTM_LEN=0x1000000
|
||||
'';
|
||||
};
|
||||
|
||||
ubootQemuMips = final.buildUBoot {
|
||||
defconfig = "malta_defconfig";
|
||||
extraMeta.platforms = ["mips-linux"];
|
||||
filesToInstall = ["u-boot.bin"];
|
||||
# define the prompt to be the same as arm{32,64} so
|
||||
# we can use the same expect script for both
|
||||
extraPatches = [ ./pkgs/u-boot/0002-virtio-init-for-malta.patch ];
|
||||
extraConfig = ''
|
||||
CONFIG_SYS_PROMPT="=> "
|
||||
CONFIG_VIRTIO=y
|
||||
CONFIG_AUTOBOOT=y
|
||||
CONFIG_DM_PCI=y
|
||||
CONFIG_VIRTIO_PCI=y
|
||||
CONFIG_VIRTIO_NET=y
|
||||
CONFIG_VIRTIO_BLK=y
|
||||
CONFIG_VIRTIO_MMIO=y
|
||||
CONFIG_QFW_MMIO=y
|
||||
CONFIG_FIT=y
|
||||
CONFIG_LZMA=y
|
||||
CONFIG_CMD_LZMADEC=y
|
||||
CONFIG_SYS_BOOTM_LEN=0x1000000
|
||||
CONFIG_SYS_MALLOC_LEN=0x400000
|
||||
CONFIG_MIPS_BOOT_FDT=y
|
||||
CONFIG_OF_LIBFDT=y
|
||||
CONFIG_OF_STDOUT_VIA_ALIAS=y
|
||||
'';
|
||||
};
|
||||
|
||||
util-linux-small = prev.util-linux.override {
|
||||
ncursesSupport = false;
|
||||
pamSupport = false;
|
||||
systemdSupport = false;
|
||||
nlsSupport = false;
|
||||
translateManpages = false;
|
||||
capabilitiesSupport = false;
|
||||
};
|
||||
|
||||
}
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user