feat(hostapd): make the package configurable to enable RADIUS

The default hostapd disable too many things, we need a bit more for
RADIUS.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

.forgejo/workflows/build.yaml

@@ -1,50 +0,0 @@
-name: build liminix
-on:
-  pull_request:
-    types: [opened, synchronize, edited, reopened]
-    branches:
-      - main
-  push:
-    branches:
-      - main
-
-jobs:
-  build_vm_qemu_mips:
-    runs-on: nix
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build VM QEMU MIPS
-        run: |
-          # Enter the shell
-          nix-build ci.nix -A qemu
-
-  build_zyxel-nwa50ax_mips:
-    runs-on: nix
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build VM QEMU MIPS
-        run: |
-          # Enter the shell
-          nix-build ci.nix -A qemu
-
-  test_hostapd:
-    runs-on: nix
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build VM QEMU MIPS
-        run: |
-          # Enter the shell
-          nix-build ci.nix -A wlan
-
-  test_shell_customization:
-    runs-on: nix
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build VM QEMU MIPS
-        run: |
-          # Enter the shell
-          nix-build ci.nix -A custom-shell

ci.nix

@@ -1,15 +1,21 @@
 {
-  sources ? import ./lon.nix
+  nixpkgs
-, nixpkgs ? sources.nixpkgs
+, unstable
-, unstable ? nixpkgs
+, liminix
-, liminix ? ./.
 , ... }:
 let
-  pkgs = (import nixpkgs { });
+  inherit (builtins) map;
+  pkgs = (import nixpkgs {});
   borderVmConf =  ./bordervm.conf-example.nix;
-  inherit (pkgs.lib.attrsets) genAttrs mapAttrs;
+  inherit (pkgs.lib.attrsets) genAttrs;
   devices = [
+    "gl-ar750"
+    "gl-mt300a"
+    "gl-mt300n-v2"
     "qemu"
+    "qemu-aarch64"
+    "qemu-armv7l"
+    "tp-archer-ax23"
     "zyxel-nwa50ax"
   ];
   vanilla = ./vanilla-configuration.nix;
@@ -19,7 +25,7 @@ let
       device = import (liminix + "/devices/${name}");
       liminix-config = vanilla;
     }).outputs.default;
-  tests = mapAttrs (_: v: v { inherit liminix nixpkgs; }) (import ./tests/ci.nix);
+  tests = import ./tests/ci.nix;
   jobs =
     (genAttrs devices for-device) //
     tests //
@@ -38,6 +44,12 @@ let
                   imports = [ ./modules/all-modules.nix ];
                 };
               }).outputs.optionsJson;
+            installers = map (f: "system.outputs.${f}") [
+              "vmroot"
+              "mtdimage"
+              "ubimage"
+            ];
+            inherit (pkgs.lib) concatStringsSep;
         in pkgs.stdenv.mkDerivation {
           name = "liminix-doc";
           nativeBuildInputs = with pkgs; [

default.nix

@@ -26,13 +26,9 @@ let
   eval = evalModules {
     modules = [
       {
-        nixpkgs = {
+        nixpkgs.overlays = [
-          source = nixpkgs;
+          overlay
-          overlays = [ overlay ];
+        ];
-          config.permittedInsecurePackages = [
-            "python-2.7.18.8"
-          ];
-        };
       }
       device.module
       liminix-config

devices/qemu/default.nix

@@ -1,7 +1,7 @@
 # This "device" generates images that can be used with the QEMU
 # emulator. The default output is a directory containing separate
 # kernel (uncompressed vmlinux) and initrd (squashfs) images
-rec {
+{
   system = {
     crossSystem = {
       config = "mips-unknown-linux-musl";
@@ -41,9 +41,6 @@ rec {
       ../../modules/arch/mipseb.nix
       ../families/qemu.nix
     ];
-
-    nixpkgs.hostPlatform = system.crossSystem;
-
     kernel = {
       config = {
         MIPS_MALTA= "y";

devices/zyxel-nwa50ax/default.nix

@@ -1,4 +1,4 @@
-rec {
+{
   system = {
     crossSystem = {
       config = "mipsel-unknown-linux-musl";
@@ -135,8 +135,6 @@ rec {
         ../../modules/zyxel-dual-image
       ];
 
-      nixpkgs.hostPlatform = system.crossSystem;
-
       filesystem = dir {
         lib = dir {
           firmware = dir {
@@ -224,8 +222,8 @@ rec {
 
         imageFormat = "fit";
         tftp = {
-          # 20MB is pretty good on this device as we have plenty of RAM.
+          # 5MB is nice.
-          freeSpaceBytes = 20 * 1024 * 1024;
+          freeSpaceBytes = 5 * 1024 * 1024;
           appendDTB = true;
           loadAddress = lim.parseInt "0x2000000";
         };

lib/eval-config.nix

@@ -1,4 +1,4 @@
-{ nixpkgs ? <nixpkgs>, pkgs ? (import nixpkgs {}), lib ? pkgs.lib }:
+{ nixpkgs ? <nixpkgs>, pkgs ? (import <nixpkgs> {}), lib ? pkgs.lib }:
 args:
 let
   modulesPath = builtins.toString ../modules;
@@ -12,7 +12,6 @@ in
     "${modulesPath}/hardware.nix"
     "${modulesPath}/base.nix"
     "${modulesPath}/busybox.nix"
-    "${modulesPath}/iproute2.nix"
     "${modulesPath}/hostname.nix"
     "${modulesPath}/kernel"
     "${modulesPath}/s6"

lon.lock

@@ -1,15 +0,0 @@
-{
-  "version": "1",
-  "sources": {
-    "nixpkgs": {
-      "type": "GitHub",
-      "fetchType": "tarball",
-      "owner": "nixos",
-      "repo": "nixpkgs",
-      "branch": "nixos-unstable-small",
-      "revision": "b6227cadb5123c7e4cb159bf6f9f5705ae081a47",
-      "url": "https://github.com/nixos/nixpkgs/archive/b6227cadb5123c7e4cb159bf6f9f5705ae081a47.tar.gz",
-      "hash": "sha256-KFR30GNFhjzXl0kVEn+KK4xrFr0gggb1NBroP8ukbxY="
-    }
-  }
-}

lon.nix

@@ -1,41 +0,0 @@
-# Generated by lon. Do not modify!
-let
-
-  lock = builtins.fromJSON (builtins.readFile ./lon.lock);
-
-  # Override with a path defined in an environment variable. If no variable is
-  # set, the original path is used.
-  overrideFromEnv =
-    name: path:
-    let
-      replacement = builtins.getEnv "LON_OVERRIDE_${name}";
-    in
-    if replacement == "" then
-      path
-    else
-    # this turns the string into an actual Nix path (for both absolute and
-    # relative paths)
-    if builtins.substring 0 1 replacement == "/" then
-      /. + replacement
-    else
-      /. + builtins.getEnv "PWD" + "/${replacement}";
-
-  fetchSource =
-    args@{ fetchType, ... }:
-    if fetchType == "git" then
-      builtins.fetchGit {
-        url = args.url;
-        ref = args.branch;
-        rev = args.revision;
-        narHash = args.hash;
-      }
-    else if fetchType == "tarball" then
-      builtins.fetchTarball {
-        url = args.url;
-        sha256 = args.hash;
-      }
-    else
-      builtins.throw "Unsupported source type ${fetchType}";
-
-in
-builtins.mapAttrs (name: args: overrideFromEnv name (fetchSource args)) lock.sources

modules/all-modules.nix

@@ -4,12 +4,10 @@
 
 {
   imports = [
-    ./base.nix
+   ./base.nix
    ./bridge
    ./busybox.nix
-   ./iproute2.nix
    ./dhcp6c
-   ./jitter-rng
    ./dnsmasq
    ./firewall
    ./hardware.nix

modules/base.nix

@@ -4,13 +4,11 @@
 
 { lib, pkgs, config, ...}:
 let
-  inherit (lib) mkEnableOption mkOption types isDerivation hasAttr concatStringsSep mapAttrsToList;
+  inherit (lib) mkEnableOption mkOption types isDerivation hasAttr ;
   inherit (pkgs.pseudofile) dir symlink;
   inherit (pkgs.liminix.networking) address interface;
   inherit (pkgs.liminix.services) bundle;
 
-  # TODO: escape shell argument.
-  exportVar = name: value: "export ${name}=\"${value}\"";
   type_service = pkgs.liminix.lib.types.service;
 
 in {
@@ -24,24 +22,6 @@ in {
           /run/current-system, we just add the paths in /etc/profile
         '';
       };
-
-      environmentVariables = mkOption {
-        type = types.attrsOf types.str;
-        description = ''
-          Attribute set of environment variables to make available
-          in a login shell.
-
-          The value is assumed to be escaped and the name to be valid.
-        '';
-      };
-
-      prompt = mkOption {
-        type = types.str;
-        default = "$(whoami)@$(hostname) # ";
-        description = ''
-          Prompt string (PS1) for the shell.
-        '';
-      };
     };
     services = mkOption {
       type = types.attrsOf type_service;
@@ -89,14 +69,6 @@ in {
         default = "uimage";
       };
       tftp = {
-        commandLine = mkOption {
-          type = types.listOf types.str;
-          default = config.boot.commandLine;
-          description = ''
-            TFTP-specific command line.
-            Defaults to the classical one if unset.
-          '';
-        };
         loadAddress = mkOption {
           type = types.ints.unsigned;
           description = ''
@@ -126,13 +98,8 @@ in {
     };
   };
   config = {
-    # By default, we enable cross-compilation support.
-    nixpkgs.buildPlatform = lib.mkDefault builtins.currentSystem;
-
     defaultProfile.packages = with pkgs;
-      [ s6 s6-init-bin execline s6-linux-init s6-rc iproute2 ];
+      [ s6 s6-init-bin execline s6-linux-init s6-rc ];
-    # Set the useful PS1 prompt by default.
-    defaultProfile.environmentVariables.PS1 = lib.mkDefault config.defaultProfile.prompt;
 
     boot.commandLine = [
       "panic=10 oops=panic init=/bin/init loglevel=8"
@@ -203,10 +170,9 @@ in {
       etc = let
         profile = symlink
           (pkgs.writeScript ".profile" ''
-            PATH=${lib.makeBinPath config.defaultProfile.packages}:/bin
+           PATH=${lib.makeBinPath config.defaultProfile.packages}:/bin
             export PATH
-            ${concatStringsSep "\n" (mapAttrsToList exportVar config.defaultProfile.environmentVariables)}
+            '');
-          '');
       in dir {
         inherit profile;
         ashrc = profile;

modules/bridge/default.nix

@@ -9,7 +9,8 @@
 
 { lib, pkgs, config, ...}:
 let
-  inherit (lib) mkOption types mkEnableOption;
+  inherit (lib) mkOption types;
+  inherit (pkgs.liminix.services) oneshot;
   inherit (pkgs) liminix;
 in
 {
@@ -19,7 +20,6 @@ in
     system.service.bridge = {
       primary = mkOption { type = liminix.lib.types.serviceDefn; };
       members = mkOption { type = liminix.lib.types.serviceDefn; };
-      ready = mkOption { type = liminix.lib.types.serviceDefn; };
     };
   };
   config.system.service.bridge = {
@@ -28,26 +28,6 @@ in
         type = types.str;
         description = "bridge interface name to create";
       };
-
-      macAddressFromInterface = mkOption {
-        type = types.nullOr liminix.lib.types.service;
-        default = null;
-        description = "reuse mac address from an existing interface service";
-      };
-
-      untagged = {
-        enable = mkEnableOption "untagged frames on port VID";
-        pvid = mkOption {
-          type = types.nullOr types.int;
-          default = null;
-          description = "Port VLAN ID for egress untagged frames";
-        };
-        default-pvid = mkOption {
-          type = types.int;
-          default = 0;
-          description = "Default PVID for ingress untagged frames, defaults to 0, which disable untagged frames for ingress";
-        };
-      };
     };
     members = config.system.callService ./members.nix {
       primary = mkOption {
@@ -56,33 +36,8 @@ in
       };
 
       members = mkOption {
-        type = types.attrsOf (types.submodule ({ ... }: { options = {
+        type = types.listOf liminix.lib.types.interface;
-          member = mkOption {
+        description = "interfaces to add to the bridge";
-            type = liminix.lib.types.interface;
-            description = "interface to add";
-          };
-
-          dependencies = mkOption {
-            type = types.listOf liminix.lib.types.service;
-            default = [];
-            description = "extra dependencies before attaching this interface to the bridge";
-          };
-        }; }));
-
-        description = "set of bridge members";
-      };
-    };
-
-    # TODO: generalize it outside
-    ready = config.system.callService ./ready.nix {
-      primary = mkOption {
-        type = liminix.lib.types.service;
-        description = "primary bridge interface";
-      };
-
-      members = mkOption {
-        type = liminix.lib.types.service;
-        description = "members service";
       };
     };
   };

modules/bridge/members.nix

@@ -7,22 +7,26 @@
 { members, primary } :
 
 let
-  inherit (liminix.services) structuredBundle oneshot;
+  inherit (liminix.networking) interface;
-  inherit (lib) mapAttrs;
+  inherit (liminix.services) bundle oneshot;
-  addif = name: { dependencies ? [ ], member }: oneshot {
+  inherit (lib) mkOption types;
-    name = "${primary.name}.member.${name}";
+  addif = member :
-    up = ''
+    # how do we get sight of services from here? maybe we need to
-      echo "attaching $(output ${member} ifname) to $(output ${primary} ifname) bridge"
+    # implement ifwait as a regualr derivation instead of a
-      ip link set dev $(output ${member} ifname) master $(output ${primary} ifname)
+    # servicedefinition
-    '';
+    svc.ifwait.build {
-    down = ''
+      state = "running";
-      echo "detaching $(output ${member} ifname) from any bridge"
+      interface = member;
-      ip link set dev $(output ${member} ifname) nomaster
+      dependencies = [ primary member ];
-    '';
+      service = oneshot {
-
+        name = "${primary.name}.member.${member.name}";
-    dependencies = [ primary member ] ++ dependencies;
+        up = ''
-  };
+          ip link set dev $(output ${member} ifname) master $(output ${primary} ifname)
-in structuredBundle {
+        '';
+        down = "ip link set dev $(output ${member} ifname) nomaster";
+      };
+    };
+in bundle {
   name = "${primary.name}.members";
-  contents = mapAttrs addif members;
+  contents = map addif members;
 }

modules/bridge/primary.nix

@@ -3,29 +3,15 @@
 , ifwait
 , lib
 }:
-{ ifname, macAddressFromInterface ? null, untagged } :
+{ ifname } :
 let
-  inherit (liminix.services) oneshot;
+  inherit (liminix.services) bundle oneshot;
-  inherit (lib) optional optionalString;
+  inherit (lib) mkOption types;
-  # This enables vlan_filtering if we do make use of it.
-  extra = if untagged.enable then " vlan_filtering 1 vlan_default_pvid ${toString untagged.default-pvid}" else "";
 in oneshot rec {
   name = "${ifname}.link";
   up = ''
-    ${if macAddressFromInterface == null then
+    ip link add name ${ifname} type bridge
-      "ip link add name ${ifname} type bridge${extra}"
+    ${liminix.networking.ifup name ifname}
-      else
-      "ip link add name ${ifname} address $(output ${macAddressFromInterface} ether) type bridge${extra}"}
-
-      ${optionalString untagged.enable 
-        "bridge vlan add vid ${toString untagged.pvid} dev ${ifname} pvid untagged self"}
-
-      (in_outputs ${name}
-        echo ${ifname} > ifname
-        cat /sys/class/net/${ifname}/address > ether
-      )
   '';
-  down = "ip link delete ${ifname}";
+  down = "ip link set down dev ${ifname}";
-
-  dependencies = optional (macAddressFromInterface != null) macAddressFromInterface;
 }

modules/bridge/ready.nix

@@ -1,18 +0,0 @@
-{
-  liminix
-, ifwait
-, lib
-}:
-{ primary, members } :
-let
-  inherit (liminix.services) oneshot;
-in oneshot {
-  name = "${primary.name}.oper";
-  up = ''
-    ip link set up dev $(output ${primary} ifname)
-    ${ifwait}/bin/ifwait -v $(output ${primary} ifname) running
-  '';
-  down = "ip link set down dev $(output ${primary} ifname)";
-
-  dependencies = [ members ];
-}

modules/busybox.nix

@@ -37,7 +37,7 @@ let
     "comm" "cp" "cpio" "cut" "date" "dhcprelay" "dd" "df" "dirname" "dmesg"
     "du" "echo" "egrep" "env" "expand" "expr" "false" "fdisk" "fgrep" "find"
     "free" "fuser" "grep" "gunzip" "gzip" "head" "hexdump" "hostname" "hwclock"
-    "ifconfig" "ipneigh" "kill"
+    "ifconfig" "ip" "ipaddr" "iplink" "ipneigh" "iproute" "iprule" "kill"
     "killall" "killall5" "less" "ln" "ls" "lsattr" "lsof" "md5sum" "mkdir"
     "mknod" "mktemp" "mount" "mv" "nc" "netstat" "nohup" "od" "pgrep" "pidof"
     "ping" "ping6" "pkill" "pmap" "printenv" "printf" "ps" "pwd" "readlink"

modules/hostapd/default.nix

@@ -20,10 +20,6 @@ in {
     system.service.hostapd = mkOption {
       type = liminix.lib.types.serviceDefn;
     };
-
-    system.service.hostapd-ready = mkOption {
-      type = liminix.lib.types.serviceDefn;
-    };
   };
   config = {
     system.service.hostapd = liminix.callService ./service.nix {
@@ -38,12 +34,5 @@ in {
         type = types.attrs;
       };
     };
-
-    system.service.hostapd-ready = liminix.callService ./ready.nix {
-      interface = mkOption {
-        type = liminix.lib.types.interface;
-        description = "Interface for which to wait that the oper state Master or Master (VLAN) has been reached.";
-      };
-    };
   };
 }

modules/hostapd/ready.nix

@@ -1,16 +0,0 @@
-{
-  liminix
-, ifwait
-, lib
-}:
-{ interface } :
-let
-  inherit (liminix.services) oneshot;
-in oneshot {
-  name = "${interface.name}.wlan-oper";
-  up = ''
-    ${ifwait}/bin/ifbridgeable -v $(output ${interface} ifname)
-  '';
-
-  dependencies = [ interface ];
-}

modules/hostname.nix

@@ -1,6 +1,7 @@
 { lib, pkgs, config, ...}:
 let
   inherit (lib) mkOption types;
+  inherit (pkgs.liminix.services) oneshot;
 in {
   options = {
     hostname = mkOption {
@@ -11,21 +12,12 @@ in {
       default = "liminix";
       type = types.nonEmptyStr;
     };
-    hostname-script = mkOption {
+  };
-      description = ''
+  config = {
-        Script that outputs the system hostname on stdin.
+    services.hostname = oneshot {
-      '';
+      name = "hostname";
-      default = pkgs.writeScript "hostname-gen" ''
+      up = "echo ${config.hostname} > /proc/sys/kernel/hostname";
-        #!/bin/sh
+      down = "true";
-        echo ${config.hostname}
-      '';
-      defaultText = ''
-        pkgs.writeScript "hostname-gen" '''
-        #!/bin/sh
-        echo ''${config.hostname}
-      '''
-      '';
-      type = types.package;
     };
   };
 }

modules/iproute2.nix

@@ -1,28 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  inherit (lib) mkEnableOption mkPackageOption mkIf genAttrs;
-  inherit (pkgs.pseudofile) dir symlink;
-  cfg = config.programs.iproute2;
-  minimalPrograms = [
-    "ip"
-    "devlink"
-    "ss"
-    "bridge"
-    "genl"
-    "ifstat"
-    "nstat"
-  ];
-  links = genAttrs minimalPrograms (p: symlink "${cfg.package}/bin/${p}");
-in
-{
-  options.programs.iproute2 = {
-    enable = mkEnableOption "the iproute2 programs instead of busybox variants";
-    package = mkPackageOption pkgs "iproute2" { };
-  };
-
-  config = mkIf cfg.enable {
-    filesystem = dir {
-      bin = dir links;
-    };
-  };
-}

modules/jitter-rng/default.nix

@@ -1,21 +0,0 @@
-## CPU Jitter RNG
-## ==============
-##
-## CPU Jitter RNG is a random number generator # providing non-physical true
-## random generation # that works equally for kernel and user-land. It relies
-## on the availability of a high-resolution timer.
-{ lib, pkgs, ... }:
-let
-  inherit (lib) mkOption types;
-  inherit (pkgs) liminix;
-in {
-  options.system.service.jitter-rng = mkOption {
-    type = liminix.lib.types.serviceDefn;
-  };
-
-  config = {
-    system.service.jitter-rng = pkgs.liminix.callService ./jitter-rng.nix {
-    };
-  };
-}
-

modules/jitter-rng/jitter-rng.nix

@@ -1,18 +0,0 @@
-{
-  liminix
-, lib
-, jitterentropy-rngd
-}:
-{ }:
-let
-  inherit (liminix.services) longrun;
-  name = "jitterentropy-rngd";
-in
-longrun {
-  # Does it need to be unique?
-  inherit name;
-  run = ''
-    mkdir -p /run/jitterentropy-rngd
-    ${jitterentropy-rngd}/bin/jitterentropy-rngd -v -p /run/jitterentropy-rngd/${name}.pid
-  '';
-}

modules/network/dhcpc.nix

@@ -17,7 +17,7 @@ let
         ip address replace $ip/$mask dev $interface
         (in_outputs ${name}
          for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do
-            (printenv $i || true) > $i
+            printenv $i > $i
          done)
     }
     case $action in
@@ -40,7 +40,7 @@ let
   '';
 in longrun {
   inherit name;
-  run = "exec /bin/udhcpc -f -i $(output ${interface} ifname) -x hostname:$(cat /proc/sys/kernel/hostname) -s ${script}";
+  run = "/bin/udhcpc -f -i $(output ${interface} ifname) -x hostname:$(cat /proc/sys/kernel/hostname) -s ${script}";
   notification-fd = 10;
   dependencies = [ interface ];
 }

modules/nixpkgs.nix

@@ -83,11 +83,11 @@ let
               localSystem = cfg.hostPlatform;
             };
       in
-      import cfg.source ({
+      import <nixpkgs> ({
         inherit (cfg) config overlays;
       } // systemArgs)
     else
-      import cfg.source {
+      import <nixpkgs> {
         inherit (cfg) config overlays localSystem crossSystem;
       };
 
@@ -97,14 +97,6 @@ in
 
 {
   options.nixpkgs = {
-    source = mkOption {
-      type = types.package // {
-        description = "Source of a nixpkgs repository";
-      };
-
-      default = <nixpkgs>;
-      defaultText = "<nixpkgs>";
-    };
 
     pkgs = mkOption {
       defaultText = literalExpression ''

modules/outputs/initramfs.nix

@@ -36,43 +36,22 @@ in
     kernel.config = {
       BLK_DEV_INITRD = "y";
       INITRAMFS_SOURCE = builtins.toJSON "${config.system.outputs.initramfs}";
-      INITRAMFS_COMPRESSION_ZSTD = "y";
+#      INITRAMFS_COMPRESSION_LZO = "y";
     };
 
     system.outputs = {
       initramfs =
-        let
+        let inherit (pkgs.pkgsBuildBuild) gen_init_cpio;
-          inherit (pkgs.pkgsBuildBuild) gen_init_cpio cpio writeScript;
-          inherit (pkgs) busybox;
-          failsafe-init = writeScript "init" ''
-            #!/bin/sh
-            exec >/dev/console
-            echo Running in initramfs
-            PATH=${busybox}/bin:$PATH
-            export PATH
-            mount -t proc none /proc
-            mount -t sysfs none /sys
-            ${busybox}/bin/sh
-          '';
-          refs = pkgs.writeClosure [ busybox ];
         in runCommand "initramfs.cpio" {} ''
-          cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out
+          cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > $out
           dir /proc 0755 0 0
           dir /dev 0755 0 0
           nod /dev/console 0600 0 0 c 5 1
           dir /target 0755 0 0
           dir /target/persist 0755 0 0
           dir /target/nix 0755 0 0
-          dir /nix 0755 0 0
-          dir /nix/store 0755 0 0
-          dir /bin 0755 0 0
-          file /bin/sh  ${busybox}/bin/sh 0755 0 0
           file /init ${pkgs.preinit}/bin/preinit 0755 0 0
-          file /failsafe-init ${failsafe-init} 0755 0 0
           SPECIALS
-
-          find $(cat ${refs}) | ${cpio}/bin/cpio -H newc -o -A -v -O out
-          mv out $out
         '';
       systemConfiguration =
         pkgs.systemconfig config.filesystem.contents;

modules/outputs/tftpboot.nix

@@ -12,15 +12,10 @@ let
   arch = pkgs.stdenv.hostPlatform.linuxArch;
 
   # UBI cannot run on the top of phram.
-  needsJffs2 = config.rootfsType == "ubifs";
+  needsSquashfs = config.rootfsType == "ubifs";
-  # squashfs doesn't work out for us because only `bootablerootdir`
+  rootfstype = if needsSquashfs then "squashfs" else config.rootfsType;
-  # contain what we need to boot, not `config.filesystem.contents` alas.
+  rootfs = if needsSquashfs then
-  rootfstype = if needsJffs2 then "jffs2" else config.rootfsType;
+    liminix.builders.squashfs config.filesystem.contents
-  rootfs = if needsJffs2 then
-  liminix.builders.jffs2 {
-    bootableRootDirectory = config.system.outputs.bootablerootdir;
-    inherit (config.hardware.flash) eraseBlockSize;
-  }
   else config.system.outputs.rootfs;
 in {
   imports = [ ../ramdisk.nix ];
@@ -41,6 +36,14 @@ in {
       type = types.bool;
       default = false;
     };
+    commandLine = mkOption {
+      type = types.listOf types.str;
+      default = config.boot.commandLine;
+      description = ''
+        TFTP-specific command line.
+        Defaults to the classical one if unset.
+      '';
+    };
   };
   options.system.outputs = {
     tftpboot = mkOption {
@@ -79,13 +82,9 @@ in {
   config = {
     boot.ramdisk.enable = true;
 
-    kernel.config = mkIf needsJffs2 {
+    kernel.config = mkIf needsSquashfs {
-      JFFS2_FS = "y";
+      SQUASHFS = "y";
-      JFFS2_LZO = "y";
+      SQUASHFS_XZ = "y";
-      JFFS2_RTIME = "y";
-      JFFS2_COMPRESSION_OPTIONS = "y";
-      JFFS2_ZLIB = "y";
-      JFFS2_CMODE_SIZE = "y";
     };
 
     system.outputs = rec {

modules/pki/default.nix

@@ -1,83 +0,0 @@
-{ config, lib, pkgs, ... }:
-# Inspired from nixpkgs/NixOS.
-
-with lib;
-
-let
-  inherit (pkgs.pseudofile) dir symlink;
-  cfg = config.security.pki;
-
-  cacertPackage = pkgs.cacert.override {
-    blacklist = [ ];
-    extraCertificateFiles = cfg.certificateFiles;
-    extraCertificateStrings = cfg.certificates;
-  };
-  caBundleName = "ca-bundle.crt";
-  caBundle = "${cacertPackage}/etc/ssl/certs/${caBundleName}";
-
-in
-
-{
-
-  options = {
-    security.pki.installCACerts = mkEnableOption "installing CA certificates to the system" // {
-      default = false;
-    };
-
-    security.pki.certificateFiles = mkOption {
-      type = types.listOf types.path;
-      default = [];
-      example = literalExpression ''[ "''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]'';
-      description = ''
-        A list of files containing trusted root certificates in PEM
-        format. These are concatenated to form
-        {file}`/etc/ssl/certs/ca-certificates.crt`, which is
-        used by many programs that use OpenSSL, such as
-        {command}`curl` and {command}`git`.
-      '';
-    };
-
-    security.pki.certificates = mkOption {
-      type = types.listOf types.str;
-      default = [];
-      example = literalExpression ''
-        [ '''
-            NixOS.org
-            =========
-            -----BEGIN CERTIFICATE-----
-            MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
-            TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
-            ...
-            -----END CERTIFICATE-----
-          '''
-        ]
-      '';
-      description = ''
-        A list of trusted root certificates in PEM format.
-      '';
-    };
-  };
-
-  config = mkIf cfg.installCACerts {
-    # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
-    filesystem = dir {
-      etc = dir {
-        ssl = dir {
-          certs = dir {
-            "ca-certificates.crt" = symlink caBundle;
-            "ca-bundle.crt" = symlink caBundle;
-          };
-        };
-
-        # CentOS/Fedora compatibility.
-        pki = dir {
-          certs = dir {
-            "ca-bundle.crt" = symlink caBundle;
-          };
-        };
-      };
-    };
-  };
-
-}
-

modules/s6/default.nix

@@ -30,8 +30,6 @@ let
     installPhase = ''
       mkdir $out
       cp -r $src $out/scripts
-      substituteInPlace $out/scripts/rc.init \
-        --replace-fail 'config.hostname' "${config.hostname-script}"
       chmod -R +w $out
     '';
   };

modules/s6/scripts/rc.init

@@ -36,7 +36,6 @@ fi
 ### (replace /run/service with your scandir)
 s6-rc-init -d -c /etc/s6-rc/compiled /run/service
 
-config.hostname > /proc/sys/kernel/hostname
 
 ### 2. Starting the wanted set of services
 ### This is also called every time you change runlevels with telinit.

modules/ubus/default.nix

@@ -1,24 +0,0 @@
-## ubus
-## ====
-##
-## ubus is a micro-bus à la D-Bus for all your needs.
-
-{ lib, pkgs, config, ...}:
-let
-  inherit (lib) mkOption types;
-  inherit (pkgs) liminix;
-in {
-  options = {
-    system.service.ubus = mkOption {
-      type = liminix.lib.types.serviceDefn;
-    };
-  };
-  config = {
-    system.service.ubus = liminix.callService ./service.nix {
-      package = mkOption {
-        type = types.package;
-        default = pkgs.ubus;
-      };
-    };
-  };
-}

modules/ubus/service.nix

@@ -1,16 +0,0 @@
-{
-  liminix
-, writeText
-, lib
-}:
-{ package } :
-let
-  inherit (liminix.services) longrun;
-in longrun {
-  # Long term: make it unique so that user can spawn multiple buses if they want.
-  name = "ubus";
-  run = ''
-    mkdir -p /run/ubus
-    ${package}/bin/ubusd -s /run/ubus/ubus.sock
-  '';
-}

modules/vlan/default.nix

@@ -33,11 +33,6 @@ in
       description = "VLAN identifier (VID) in range 1-4094";
       type = types.str;
     };
-    untagged.egress = mkOption {
-      description = "Whether packets from this interface will go out *untagged*";
-      type = types.bool;
-      default = false;
-    };
   };
   config.kernel.config = {
     VLAN_8021Q = "y";

modules/vlan/service.nix

@@ -2,15 +2,13 @@
   liminix
 , lib
 }:
-{ ifname, primary, vid, untagged } :
+{ ifname, primary, vid } :
 let
-  inherit (lib) optionalString;
   inherit (liminix.services) oneshot;
 in oneshot rec {
   name = "${ifname}.link";
   up = ''
     ip link add link $(output ${primary} ifname) name ${ifname} type vlan id ${vid}
-    ${optionalString untagged.egress "bridge vlan add dev ${ifname} vid ${toString untagged.vid} pvid untagged master"}
     ${liminix.networking.ifup name ifname}
     (in_outputs ${name}
      echo ${ifname} > ifname

overlay.nix

@@ -1,24 +1,23 @@
 final: prev:
 let
-  isCross = final.stdenv.buildPlatform != final.stdenv.hostPlatform;
-  crossOnly = pkg : amendFn : if isCross then (amendFn pkg) else pkg;
   extraPkgs = import ./pkgs/default.nix {
     inherit (final) lib callPackage;
   };
   inherit (final) fetchpatch;
-  luaHost = prev.lua5_3.overrideAttrs(o: {
+  lua_no_readline = prev.lua5_3;
-     name = "lua-tty";
+#   lua_no_readline = prev.lua5_3.overrideAttrs(o: {
-     preBuild = ''
+#     name = "lua-tty";
-       makeFlagsArray+=(PLAT="posix" SYSLIBS="-Wl,-E -ldl"  CFLAGS="-O2 -fPIC -DLUA_USE_POSIX -DLUA_USE_DLOPEN")
+#     preBuild = ''
-     '';
+#       makeFlagsArray+=(PLAT="posix" SYSLIBS="-Wl,-E -ldl"  CFLAGS="-O2 -fPIC -DLUA_USE_POSIX -DLUA_USE_DLOPEN")
-     # lua in nixpkgs has a postInstall stanza that assumes only
+#     '';
-     # one output, we need to override that if we're going to
+#     # lua in nixpkgs has a postInstall stanza that assumes only
-     # convert to multi-output
+#     # one output, we need to override that if we're going to
-     # outputs = ["bin" "man" "out"];
+#     # convert to multi-output
-     makeFlags =
+#     # outputs = ["bin" "man" "out"];
-       builtins.filter (x: (builtins.match "(PLAT|MYLIBS).*" x) == null)
+#     makeFlags =
-         o.makeFlags;
+#       builtins.filter (x: (builtins.match "(PLAT|MYLIBS).*" x) == null)
-   });
+#         o.makeFlags;
+#   });
 
   s6 = prev.s6.overrideAttrs(o:
     let
@@ -43,6 +42,7 @@ let
         (if o ? patches then o.patches else []) ++
         (if patch_needed then [ patch ] else []);
     });
+  lua = let s = lua_no_readline.override { self = s; }; in s;
 in
 extraPkgs // {
   # liminix library functions
@@ -130,20 +130,9 @@ extraPkgs // {
         "CONFIG_LIBNL32=y"
         "CONFIG_PKCS12=y"
         "CONFIG_RSN_PREAUTH=y"
-        "CONFIG_UBUS=y"
         "CONFIG_TLS=internal"
       ];
       h = prev.hostapd.overrideAttrs(o: {
-        buildInputs = o.buildInputs ++ [ final.libubox final.ubus ];
-        src = final.fetchFromGitea {
-           domain = "git.dgnum.eu";
-           owner = "DGNum";
-           repo = "hostapd";
-           rev = "hostap-liminix-integration";
-           hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI=";
-         };
-        # Do not take any patch.
-        patches = [];
         extraConfig = "";
         configurePhase = ''
           cat > hostapd/defconfig <<EOF
@@ -174,19 +163,10 @@ extraPkgs // {
       "CONFIG_LIBNL32=y"
       "CONFIG_PKCS12=y"
       "CONFIG_RSN_PREAUTH=y"
-      "CONFIG_UBUS=y"
+      # Required to read the key material for RADIUS.
-      "CONFIG_TLS=internal"
+      "CONFIG_TLS=openssl"
     ];
     h = prev.hostapd.overrideAttrs(o: {
-      buildInputs = o.buildInputs ++ [ final.libubox final.ubus ];
-        src = final.fetchFromGitea {
-           domain = "git.dgnum.eu";
-           owner = "DGNum";
-           repo = "hostapd";
-           rev = "hostap-liminix-integration";
-           hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI=";
-      };
-      patches = [];
       extraConfig = "";
       configurePhase = ''
         cat > hostapd/defconfig <<EOF
@@ -195,37 +175,9 @@ extraPkgs // {
         ${o.configurePhase}
       '';
     });
-  in h.override { openssl = null; sqlite = null; };
+  in h.override { sqlite = null; };
 
-  libnl = prev.libnl.override {
-    graphviz = null;
-  };
 
-  iproute2 =
-  let i = prev.iproute2.overrideAttrs (old: {
-    postInstall = ''
-      ${(old.postInstall or "")}
-      non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa")
-      for needless_binary in "''${non_necessary_binaries[@]}"; do
-        echo "Removing unnecessary binary $out/sbin/$needless_binary"
-        rm "$out/sbin/$needless_binary"
-      done
-      # No man
-      rm -rf "$out/share"
-      # Remove all the data about distributions for tc.
-      rm -rf "$out/lib"
-    '';
-  });
-  # Don't bring ebpf stuff to the table.
-  # We also remove tc so we can drop iptables as well.
-  # Let's try to kill `db` as well.
-  in i.override { elfutils = null; iptables = null; db = null; };
-
-  wpa_supplicant = prev.wpa_supplicant.override {
-    dbusSupport = false;
-    withPcsclite = false;
-    wpa_supplicant_gui = null;
-  };
 
   kexec-tools-static = prev.kexec-tools.overrideAttrs(o: {
     # For kexecboot we copy kexec into a ramdisk on the system being
@@ -245,17 +197,13 @@ extraPkgs // {
     ];
   });
 
-  lua = crossOnly prev.lua5_3 (_: luaHost);
+  luaFull = prev.lua;
+  inherit lua;
 
   mtdutils = prev.mtdutils.overrideAttrs(o: {
     patches = (if o ? patches then o.patches else []) ++ [
       ./pkgs/mtdutils/0001-mkfs.jffs2-add-graft-option.patch
     ];
-
-    postInstall = ''
-      # Testing programs which we don't need. We save a lot of space!
-      rm -rf $out/libexec
-    '';
   });
 
   nftables = prev.nftables.overrideAttrs(o: {

pkgs/anoia/Makefile

@@ -1,5 +1,5 @@
 
-default: wlan.lua fs.lua init.lua nl.lua svc.lua net/constants.lua
+default: fs.lua init.lua nl.lua svc.lua net/constants.lua
 
 test:
 	ln -s . anoia

pkgs/anoia/default.nix

@@ -4,7 +4,6 @@
 , linotify
 , lua
 , lualinux
-, iwinfo
 , cpio
 }:
 let pname =  "anoia";
@@ -13,7 +12,7 @@ in stdenv.mkDerivation {
   version = "0.1";
   src = ./.;
   nativeBuildInputs = [ fennel cpio ];
-  buildInputs = with lua.pkgs; [ linotify lualinux iwinfo ];
+  buildInputs = with lua.pkgs; [ linotify lualinux ];
   outputs = [ "out" "dev" ];
 
   doCheck = true;

pkgs/anoia/wlan.fnl

@@ -1,8 +0,0 @@
-(local { : nl80211 } (require :iwinfo))
-
-(fn is-bridgeable [ifname]
-  (let [mode (nl80211.mode ifname)]
-    (or (= mode "Master") (= mode "Master (VLAN)"))
-))
-
-{ : is-bridgeable }

pkgs/default.nix

@@ -110,9 +110,6 @@ in {
   swconfig = callPackage ./swconfig {};
   systemconfig = callPackage ./systemconfig {};
   tufted = callPackage ./tufted {};
-  libubox = callPackage ./libubox {};
-  ubus = callPackage ./ubus {};
-  iwinfo = callPackage ./iwinfo {};
   uevent-watch = callPackage ./uevent-watch {};
   usb-modeswitch = callPackage ./usb-modeswitch {};
   writeAshScript = callPackage ./write-ash-script {};

pkgs/fennelrepl/default.nix

@@ -10,7 +10,6 @@
 , linotify
 , anoia
 , netlink-lua
-, iwinfo
 , fennel
 }:
 let packages = [
@@ -19,7 +18,7 @@ let packages = [
       fennel
       lualinux
       netlink-lua
-      iwinfo
+      lua.pkgs.readline
     ];
     join = ps: builtins.concatStringsSep ";" ps;
     luapath = join (builtins.map (f:

pkgs/ifwait/default.nix

@@ -1,14 +1,11 @@
 {
   lua
 , netlink-lua
-, lualinux
-, iwinfo
 , writeFennelScript
 , runCommand
 , anoia
 }:
 runCommand "ifwait" {} ''
   mkdir -p $out/bin
-  cp -p ${writeFennelScript "ifwait" [ anoia netlink-lua ] ./ifwait.fnl} $out/bin/ifwait
+  cp -p ${writeFennelScript "ifwait" [anoia netlink-lua] ./ifwait.fnl} $out/bin/ifwait
-  cp -p ${writeFennelScript "ifbridgeable" [ anoia lualinux iwinfo ] ./ifbridgeable.fnl} $out/bin/ifbridgeable
 ''

pkgs/ifwait/ifbridgeable.fnl

@@ -1,30 +0,0 @@
-(local wlan (require :anoia.wlan))
-(local { : assoc } (require :anoia))
-(local { : msleep } (require :lualinux))
-
-(fn parse-args [args]
-  (match args
-    ["-v" & rest]  (assoc (parse-args rest) :verbose true)
-    [linkname] {:link linkname}
-    _  nil))
-
-(fn run [args poll-fn]
-  (let [parameters
-        (assert (parse-args args)
-                (.. "Usage: ifbridgeable [-v] ifname"))]
-    (when parameters.verbose
-      (print (.. "ifbridgeable: waiting for "
-                 parameters.link " to be bridgeable")))
-
-    (while (not (poll-fn parameters.link))
-      (when parameters.verbose
-        (print (.. "ifbridgeable: waiting for " parameters.link " to be bridgeable")))
-      (msleep 500)
-    )
-  )
-)
-
-(when (not (= (. arg 0) "test"))
-  (run arg wlan.is-bridgeable))
-
-{ : run  }

pkgs/ifwait/ifwait.fnl

@@ -19,11 +19,11 @@
         (match v
           ;; - up: Reflects the administrative state of the interface (IFF_UP)
           ;; - running: Reflects the operational state (IFF_RUNNING).
-          {:event "newlink" :name params.link :up "yes" :running "yes"}
+          {:event "newlink" :name params.link :up :yes :running :yes}
           {:present true :up true :running true}
 
-          {:event "newlink" :name params.link :up "yes"}
+          {:event "newlink" :name params.link :up :yes}
-          {:present true :up true}
+          {:present :true :up true}
 
           {:event "newlink" :name params.link}
           {:present true }

pkgs/initramfs-peek/default.nix

@@ -3,7 +3,7 @@
 , pkgsBuildBuild
 , runCommand
 , cpio
-, writeClosure
+, writeReferencesToFile
 , writeScript
 } :
 let
@@ -18,7 +18,7 @@ let
     mount -t sysfs none /sys
     ${busybox}/bin/sh
   '';
-  refs = writeClosure [ busybox ];
+  refs = writeReferencesToFile busybox;
 in runCommand "initramfs.cpio" { } ''
   cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out
   dir /proc 0755 0 0

pkgs/iwinfo/default.nix

@@ -1,59 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitea,
-  ubus,
-  libubox,
-  lua5_3,
-  libnl-tiny,
-  backend ? "nl80211"
-}:
-let
-  lua = lua5_3;
-in
-stdenv.mkDerivation rec {
-  pname = "iwinfo";
-  version = "unstable-07-09-2024";
-
-  src = fetchFromGitea {
-    domain = "git.dgnum.eu";
-    owner = "DGNum";
-    repo = "iwinfo";
-    rev = "14685a26805155aa5c137993b9a4861a0bc585d5";
-    hash = "sha256-lg4sBoYcFFLhcUv+wKR6u1OCartjtnAoF9M5FdfO6JE=";
-  };
-
-  BACKENDS = backend;
-
-  buildInputs = [
-    ubus
-    libubox
-    lua
-    libnl-tiny
-  ];
-
-  CFLAGS = "-I${libnl-tiny}/include/libnl-tiny -D_GNU_SOURCE";
-
-  installPhase = ''
-    runHook preInstall
-
-    install -Dm755 iwinfo $out/bin/iwinfo
-    install -Dm755 iwinfo.so $out/lib/lua/${lua.luaversion}/iwinfo.so
-    install -Dm755 libiwinfo.so $out/lib/libiwinfo.so
-    install -Dm755 libiwinfo.so.0 $out/lib/libiwinfo.so.0
-
-    mkdir -p $out/include
-    cp -r include/* $out/include
-
-    runHook postInstall
-  '';
-
-  meta = {
-    description = "Library to access wireless devices";
-    homepage = "https://github.com/openwrt/iwinfo";
-    license = lib.licenses.gpl2Only;
-    maintainers = with lib.maintainers; [ raitobezarius ];
-    mainProgram = "iwinfo";
-    platforms = lib.platforms.all;
-  };
-}

pkgs/kernel/default.nix

@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [buildPackages.stdenv.cc] ++
                       (with buildPackages.pkgs; [
                         rsync bc bison flex pkg-config
-                        openssl ncurses.all perl zstd
+                        openssl ncurses.all perl
                       ]);
   CC = "${stdenv.cc.bintools.targetPrefix}gcc";
   HOSTCC = with buildPackages.pkgs;

pkgs/levitate/default.nix

@@ -2,7 +2,6 @@
   writeScriptBin
 , writeScript
 , systemconfig
-, stdenv
 , execline
 , lib
 , config ? {}
@@ -57,19 +56,11 @@ let
       };
       eval = lib.evalModules {
         modules = [
+          { _module.args = { inherit pkgs; inherit (pkgs) lim; }; }
           ../../modules/base.nix
           ../../modules/users.nix
           ../../modules/busybox.nix
-          ../../modules/hostname.nix
-          ../../modules/misc/assertions.nix
-          ../../modules/nixpkgs.nix
           base
-          {
-            # Inherit from that target system host platform.
-            nixpkgs.hostPlatform = stdenv.hostPlatform;
-            # Force our own package set.
-            nixpkgs.pkgs = lib.mkForce pkgs;
-          }
           ({ ... } : paramConfig)
           ../../modules/s6
         ];

pkgs/libubox/default.nix

@@ -1,49 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitea,
-  cmake,
-  lua,
-  json_c
-}:
-
-stdenv.mkDerivation rec {
-  pname = "libubox";
-  version = "unstable-2024-04-09";
-
-  src = fetchFromGitea {
-    domain = "git.dgnum.eu";
-    owner = "DGNum";
-    repo = "libubox";
-    rev = "1c4b2dc4c12848e1b70b11e1cb2139ca8f19c860";
-    hash = "sha256-aPhGJ7viXQmnoQRY8DuRvtwtxSy+S4qPj1fBsK066Yc=";
-  };
-
-  nativeBuildInputs = [
-    cmake
-    lua
-  ];
-
-  buildInputs = [
-    lua
-    json_c
-  ];
-
-  # Otherwise, CMake cannot find jsoncpp?
-  env.NIX_CFLAGS_COMPILE = toString [ "-I${json_c.dev}/include/json-c" "-D JSONC" "-D LUA_COMPAT_MODULE" ];
-
-  cmakeFlags = [
-    "-DBUILD_EXAMPLES=off"
-    # TODO: it explode at install phase.
-    "-DBUILD_LUA=on"
-    "-DLUAPATH=${placeholder "out"}/lib/lua/${lua.luaversion}/"
-  ];
-
-  meta = {
-    description = "";
-    homepage = "https://git.openwrt.org/project/libubox.git";
-    maintainers = with lib.maintainers; [ raitobezarius ];
-    mainProgram = "libubox";
-    platforms = lib.platforms.all;
-  };
-}

pkgs/liminix-tools/networking/default.nix

@@ -9,7 +9,6 @@
     ip link set up dev ${ifname}
     (in_outputs ${name}
      echo ${ifname} > ifname
-     cat /sys/class/net/${ifname}/address > ether
     )
   '';
 }

pkgs/liminix-tools/services/default.nix

@@ -39,7 +39,6 @@ let
     , contents ? []
     , buildInputs ? []
     , isTrigger ? false
-    , passthru ? {}
   } @ args:
     stdenvNoCC.mkDerivation {
       # we use stdenvNoCC to avoid generating derivations with names
@@ -51,8 +50,6 @@ let
       dependencies = builtins.map (d: d.name) dependencies;
       contents = builtins.map (d: d.name) contents;
       builder = ./builder.sh;
-
-      inherit passthru;
     };
 
   longrun = {
@@ -103,18 +100,7 @@ let
     serviceType = "bundle";
     inherit contents dependencies;
   });
-  structuredBundle = {
-    name
-    , contents ? {}
-    , dependencies ? []
-    , ...
-  } @ args: service (args // {
-    serviceType = "bundle";
-    contents = builtins.attrValues contents;
-    inherit dependencies;
-    passthru.components = contents;
-  });
   target = bundle;
 in {
-  inherit target bundle oneshot longrun output structuredBundle;
+  inherit target bundle oneshot longrun output;
 }

pkgs/min-copy-closure/liminix-rebuild.sh

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-set -Eeuo pipefail
 
 ssh_command=${SSH_COMMAND-ssh}
 
@@ -14,24 +13,19 @@ case "$1" in
 	reboot="soft"
 	shift
 	;;
-    "--root")
-	root_prefix="$2"
-	shift
-	shift
-	;;
 esac
 
 target_host=$1
 shift
 
 if [ -z "$target_host" ] ; then
-    echo Usage: liminix-rebuild \[--no-reboot\] \[--fast\] target-host params
+    echo Usage: liminix-rebuild \[--no-reboot\] target-host params
     exit 1
 fi
 
 if toplevel=$(nix-build "$@" -A outputs.systemConfiguration --no-out-link); then
     echo systemConfiguration $toplevel
-    min-copy-closure --root "$root_prefix" $target_host $toplevel
+    min-copy-closure $target_host $toplevel
     $ssh_command $target_host $toplevel/bin/install
     case "$reboot" in
 	reboot)

pkgs/preinit/preinit.c

@@ -4,13 +4,9 @@
 #include <fcntl.h>
 #include <sys/mount.h>
 #include <sys/wait.h>
-#include <sys/stat.h>
 #include <string.h>
 #include <stdint.h>
 #include <errno.h>
-#include <stdio.h>
-
-#include <dirent.h>
 
 #include <asm/setup.h>		/* for COMMAND_LINE_SIZE */
 
@@ -48,25 +44,6 @@ static int fork_exec(char * command, char *args[])
 	return execve(command, args, NULL);
 }
 
-static void debug_listdir(const char * path)
-{
-    DIR *mydir;
-    struct dirent *myfile;
-    struct stat mystat;
-
-    char buf[512];
-    mydir = opendir(path);
-    while((myfile = readdir(mydir)) != NULL)
-    {
-        sprintf(buf, "%s/%s", path, myfile->d_name);
-        stat(buf, &mystat);
-        printf("%llu", mystat.st_size);
-        printf(" %s\n", myfile->d_name);
-    }
-    closedir(mydir);
-
-}
-
 char banner[]  = "Running pre-init...\n";
 char buf[COMMAND_LINE_SIZE];
 
@@ -121,7 +98,6 @@ int main(int argc, char *argv[], char *envp[])
 	    AVER(mount(opts.device, "/target/persist", opts.fstype, 0, opts.mount_opts));
 	} else {
 	    if(mount(opts.device, "/target/persist", opts.fstype, 0, opts.mount_opts) < 0) {
-		ERR("failed to mount primary device, mount the alternative device\n");
 		AVER(mount(opts.altdevice, "/target/persist", opts.fstype, 0, opts.mount_opts));
 	    }
 	}
@@ -131,12 +107,7 @@ int main(int argc, char *argv[], char *envp[])
 		   "bind", MS_BIND, NULL));
 
 	char *exec_args[] = { "activate",  "/target", NULL };
-	if (fork_exec("/target/persist/activate", exec_args) < 0) {
+	AVER(fork_exec("/target/persist/activate", exec_args));
-	    ERR("failed to activate the system\n");
-	    pr_u32(errno); ERR ( " - "); ERR(strerror(errno)); ERR("\n");
-	    goto failsafe;
-	}
-
 	AVER(chdir("/target"));
 
 	AVER(mount("/target", "/", "bind", MS_BIND | MS_REC, NULL));
@@ -147,23 +118,5 @@ int main(int argc, char *argv[], char *envp[])
 
 	AVER(execve("/persist/init", argv, envp));
     }
-
-failsafe:
-    debug_listdir("/");
-    debug_listdir("/target");
-
-    ERR("failed to mount the rootfs\n");
-    ERR("final stand using the failsafe initialization method\n");
-    ERR("the boot process is manual from now on\n");
-
-    argv[0] = "init";
-    argv[1] = NULL;
-    // Attempt to unmount the /target mount-bind.
-    AVER(umount("/target"));
-    AVER(execve("/failsafe-init", argv, envp));
-
-    debug_listdir("/");
-    debug_listdir("/target");
-
     die();
 }

pkgs/run-liminix-vm/default.nix

@@ -2,15 +2,14 @@
   qemuLim
 , socat
 , writeShellScript
+, writeFennel
 , runCommand
-, fennel
 , lib
 , lua
 , pkgsBuildBuild
 }: let
-  writeFennel = pkgsBuildBuild.writeFennel.override { inherit lua; };
+  run-liminix-vm = pkgsBuildBuild.writeFennel "run-liminix-vm" {
-  run-liminix-vm = writeFennel "run-liminix-vm" {
+    packages = [ qemuLim pkgsBuildBuild.lua.pkgs.luaposix pkgsBuildBuild.lua.pkgs.fennel ];
-    packages = [ qemuLim lua.pkgs.luaposix fennel ];
   } ./run-liminix-vm.fnl;
   connect = writeShellScript "connect-vm" ''
     export PATH="${lib.makeBinPath [socat]}:$PATH"

pkgs/ubus/default.nix

@@ -1,35 +0,0 @@
-{ stdenv, fetchFromGitea, lib, cmake, libubox, json_c, lua, defaultSocketLocation ? "/run/ubus/ubus.sock" }:
-stdenv.mkDerivation {
-  pname = "ubus";
-  version = "unstable-04-09-2024";
-
-  src = fetchFromGitea {
-    domain = "git.dgnum.eu";
-    owner = "DGNum";
-    repo = "ubus";
-    rev = "ebb1dc92e4985538a8e18b7e926264118138f281";
-    hash = "sha256-fo4zleC9R6uzlcOJ/jQ0t0nSBHUAq/uqPVd9xJdkAM0=";
-  };
-
-  # We don't use /var/run/ in Liminix by default.
-  postPatch = ''
-    substituteInPlace CMakeLists.txt \
-      --replace-fail "/var/run/ubus/ubus.sock" "${defaultSocketLocation}"
-  '';
-
-  nativeBuildInputs = [
-    cmake
-  ];
-
-  buildInputs = [
-    lua
-    libubox
-    json_c
-  ];
-
-  cmakeFlags = [
-    "-DBUILD_LUA=on"
-    "-DLUAPATH=${placeholder "out"}/lib/lua/${lua.luaversion}"
-    "-DBUILD_EXAMPLES=off"
-  ];
-}

pkgs/write-fennel/default.nix

@@ -27,7 +27,7 @@ name :
        echo "#!${lua}/bin/lua ${luaFlags}"
        echo "package.path = ${lib.strings.escapeShellArg (builtins.concatStringsSep "" luapath)} .. package.path"
        echo "package.cpath = ${lib.strings.escapeShellArg (builtins.concatStringsSep "" luacpath)} .. package.cpath"
-       echo "local ok, stdlib = pcall(require,'posix.stdlib'); if ok then stdlib.setenv('PATH', \"${lib.makeBinPath packages}\" .. \":\" .. os.getenv('PATH')) end"
+       echo "local ok, stdlib = pcall(require,'posix.stdlib'); if ok then stdlib.setenv('PATH',${lib.escapeShellArg (lib.makeBinPath packages)} .. \":\" .. os.getenv('PATH')) end"
        fennel ${if correlate then "--correlate" else ""} --compile ${source}
       ) >  ${name}.lua
     '';

tests/ci.nix

@@ -10,5 +10,4 @@
   tftpboot = import ./tftpboot/test.nix;
   updown = import ./updown/test.nix;
   inout = import ./inout/test.nix;
-  custom-shell = import ./custom-shell/test.nix;
 }

tests/custom-shell/check-prompt.expect

@@ -1,7 +0,0 @@
-set timeout 60
-
-spawn socat unix-connect:vm/console -
-expect {
-  "root@liminix blah blah > " { exit 0 }
-  timeout { exit 1 }
-}

tests/custom-shell/configuration.nix

@@ -1,13 +0,0 @@
-{ config, pkgs, lib, ... } :
-let
-  inherit (pkgs.liminix.networking) interface address hostapd route dnsmasq;
-  inherit (pkgs.liminix.services) oneshot longrun bundle target;
-in rec {
-  imports = [
-    ../../modules/network
-  ];
-
-  defaultProfile.prompt = "$(whoami)@$(hostname) blah blah > ";
-
-  defaultProfile.packages = with pkgs; [ ];
-}

tests/custom-shell/test.nix

@@ -1,21 +0,0 @@
-{
-  liminix
-, nixpkgs
-}:
-let img = (import liminix {
-      inherit nixpkgs;
-      device = import "${liminix}/devices/qemu/";
-      liminix-config = ./configuration.nix;
-    }).outputs.default;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
-in pkgs.runCommand "check" {
-  nativeBuildInputs = with pkgs; [
-    expect socat
-  ] ;
-} ''
-. ${../test-helpers.sh}
-
-mkdir vm
-${img}/run.sh --background ./vm
-expect ${./check-prompt.expect} |tee output && mv output $out
-''

tests/ext4/test.nix

@@ -6,7 +6,7 @@ let img = (import liminix {
       device = import "${liminix}/devices/qemu/";
       liminix-config = ./configuration.nix;
     }).outputs.vmroot;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [
     expect

tests/fennel/test.nix

@@ -4,7 +4,7 @@
 }:
 let
   overlay = import "${liminix}/overlay.nix";
-  pkgs = import nixpkgs { overlays = [overlay]; };
+  pkgs = import <nixpkgs> { overlays = [overlay]; };
   script = pkgs.writeFennelScript "foo" [] ./hello.fnl;
   inherit (pkgs.lua.pkgs) fifo;
   netlink = pkgs.netlink-lua;

tests/inout/test.nix

@@ -6,7 +6,7 @@ let img = (import liminix {
       device = import "${liminix}/devices/qemu/";
       liminix-config = ./configuration.nix;
     }).outputs.vmroot;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [
     expect

tests/jffs2/configuration.nix

@@ -5,6 +5,7 @@ in {
   imports = [
     ../../vanilla-configuration.nix
     ../../modules/squashfs.nix
+    ../../modules/outputs/jffs2.nix
   ];
   config.rootfsType = "jffs2";
   config.filesystem = dir {

tests/jffs2/test.nix

@@ -6,7 +6,7 @@ let img = (import liminix {
       device = import "${liminix}/devices/qemu/";
       liminix-config = ./configuration.nix;
     }).outputs.vmroot;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [
     expect

tests/min-copy-closure/configuration.nix

@@ -13,6 +13,7 @@ let
 in {
   imports = [
     ../../vanilla-configuration.nix
+    ../../modules/outputs/jffs2.nix
   ];
   config =  {
     services.sshd = longrun {

tests/min-copy-closure/test.nix

@@ -8,7 +8,7 @@ let lmx = (import liminix {
     });
     rogue = lmx.pkgs.rogue;
     img = lmx.outputs.vmroot;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [
     expect

tests/pppoe/test.nix

@@ -6,7 +6,7 @@ let img = (import liminix {
       device = import "${liminix}/devices/qemu";
       liminix-config = ./configuration.nix;
     }).outputs.default;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
     inherit (pkgs.pkgsBuildBuild) routeros;
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [

tests/tftpboot/test.nix

@@ -1,6 +1,5 @@
 {
-  liminix,
+  liminix
-  ...
 }:
 let check = deviceName  : config :
 let derivation = (import liminix {

tests/updown/test.nix

@@ -6,7 +6,7 @@ let img = (import liminix {
       device = import "${liminix}/devices/qemu/";
       liminix-config = ./configuration.nix;
     }).outputs.vmroot;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [
     expect

tests/wlan/configuration.nix

@@ -7,7 +7,6 @@ in rec {
     ../../modules/wlan.nix
     ../../modules/hostapd
     ../../modules/network
-    ./wpa_supplicant.nix
   ];
 
   services.hostap = config.system.service.hostapd.build {
@@ -28,21 +27,5 @@ in rec {
     };
   };
 
-  services.wpa_supplicant = config.system.service.wpa_supplicant.build {
+  defaultProfile.packages = with pkgs;  [ tcpdump ] ;
-    interface = "wlan1";
-    driver = "nl80211";
-    config-file = pkgs.writeText "wpa_supplicant.conf" ''
-      country=us
-      update_config=1
-      ctrl_interface=/run/wpa_supplicant
-
-      network={
-       scan_ssid=1
-       ssid="liminix"
-       psk="colourless green ideas"
-      }
-    '';
-  };
-
-  defaultProfile.packages = with pkgs; [ tcpdump wpa_supplicant ];
 }

tests/wlan/test.nix

@@ -3,11 +3,10 @@
 , nixpkgs
 }:
 let img = (import liminix {
-      inherit nixpkgs;
+      device = import "${liminix}/devices/qemu-armv7l/";
-      device = import "${liminix}/devices/qemu/";
       liminix-config = ./configuration.nix;
     }).outputs.default;
-    pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; };
+    pkgs = import <nixpkgs> { overlays = [(import ../../overlay.nix)]; };
 in pkgs.runCommand "check" {
   nativeBuildInputs = with pkgs; [
     expect socat

tests/wlan/wait-for-wlan.expect

@@ -14,10 +14,10 @@ expect {
 }
 expect "#"
 while { $FINISHED < 10 } {
-  send "date && grep CTRL-EVENT-CONNECTED /run/uncaught-logs/* || echo \$NOT\r\n"
+  send "date && grep AP-ENABLED /run/uncaught-logs/* || echo \$NOT\r\n"
   
   expect {
-    "wlan1: CTRL-EVENT-CONNECTED" { set FINISHED 999; set EXIT 0; }
+    "wlan0: AP-ENABLED" { set FINISHED 999; set EXIT 0; }
     "not_present" { send_user "waiting ...\n" ; sleep 5 }
   }
   set FINISHED [ expr $FINISHED + 1 ]

tests/wlan/wpa_service.nix

@@ -1,21 +0,0 @@
-{
-  liminix,
-  wpa_supplicant,
-  lib,
-}:
-{
-  interface,
-  driver,
-  config-file,
-}:
-let
-  inherit (liminix.services) longrun;
-  inherit (lib.strings) escapeShellArg;
-in
-longrun {
-  name = "wpa_supplicant";
-  run =
-  ''
-    ${wpa_supplicant}/bin/wpa_supplicant -D${driver} -i${interface} -c ${config-file}
-  '';
-}

tests/wlan/wpa_supplicant.nix

@@ -1,15 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib; {
-  options.system.service.wpa_supplicant = mkOption { type = pkgs.liminix.lib.types.serviceDefn; };
-  config.system.service.wpa_supplicant = config.system.callService ./wpa_service.nix {
-    interface = mkOption {
-      type = types.str;
-    };
-    driver = mkOption {
-      type = types.str;
-    };
-    config-file = mkOption {
-      type = types.package;
-    };
-  };
-}