From 0dd72b31f4e7acb76f9b672214c253e92d4f1580 Mon Sep 17 00:00:00 2001 From: catvayor Date: Wed, 18 Sep 2024 09:10:07 +0200 Subject: [PATCH 01/23] feat(ci): use ci.nix --- .forgejo/workflows/build.yaml | 22 +++++++++++++++++++++- ci.nix | 4 ++-- default.nix | 9 ++++++--- tests/ext4/test.nix | 2 +- tests/fennel/test.nix | 2 +- tests/inout/test.nix | 2 +- tests/jffs2/configuration.nix | 1 - tests/jffs2/test.nix | 2 +- tests/min-copy-closure/configuration.nix | 1 - tests/min-copy-closure/test.nix | 2 +- tests/pppoe/test.nix | 2 +- tests/tftpboot/test.nix | 3 ++- tests/updown/test.nix | 2 +- tests/wlan/test.nix | 4 ++-- 14 files changed, 40 insertions(+), 18 deletions(-) diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index dcb2ee4..3a29607 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -17,4 +17,24 @@ jobs: - name: Build VM QEMU MIPS run: | # Enter the shell - nix-build -I liminix-config=./examples/hello-from-qemu.nix --arg device "import ./devices/qemu" -A outputs.default + nix-build ci.nix -A qemu + + build_zyxel-nwa50ax_mips: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: Build VM QEMU MIPS + run: | + # Enter the shell + nix-build ci.nix -A qemu + + test_hostapd: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: Build VM QEMU MIPS + run: | + # Enter the shell + nix-build ci.nix -A wlan diff --git a/ci.nix b/ci.nix index 07d26f1..73d8c97 100644 --- a/ci.nix +++ b/ci.nix @@ -7,7 +7,7 @@ let pkgs = (import nixpkgs { }); borderVmConf = ./bordervm.conf-example.nix; - inherit (pkgs.lib.attrsets) genAttrs; + inherit (pkgs.lib.attrsets) genAttrs mapAttrs; devices = [ "qemu" "zyxel-nwa50ax" @@ -19,7 +19,7 @@ let device = import (liminix + "/devices/${name}"); liminix-config = vanilla; }).outputs.default; - tests = import ./tests/ci.nix; + tests = mapAttrs (_: v: v { inherit liminix nixpkgs; }) (import ./tests/ci.nix); jobs = (genAttrs devices for-device) // tests // diff --git a/default.nix b/default.nix index e372095..33593dc 100644 --- a/default.nix +++ b/default.nix @@ -26,9 +26,12 @@ let eval = evalModules { modules = [ { - nixpkgs.overlays = [ - overlay - ]; + nixpkgs = { + overlays = [ overlay ]; + config.permittedInsecurePackages = [ + "python-2.7.18.8" + ]; + }; } device.module liminix-config diff --git a/tests/ext4/test.nix b/tests/ext4/test.nix index f972583..5c5a582 100644 --- a/tests/ext4/test.nix +++ b/tests/ext4/test.nix @@ -6,7 +6,7 @@ let img = (import liminix { device = import "${liminix}/devices/qemu/"; liminix-config = ./configuration.nix; }).outputs.vmroot; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ expect diff --git a/tests/fennel/test.nix b/tests/fennel/test.nix index fda2a89..81206d9 100644 --- a/tests/fennel/test.nix +++ b/tests/fennel/test.nix @@ -4,7 +4,7 @@ }: let overlay = import "${liminix}/overlay.nix"; - pkgs = import { overlays = [overlay]; }; + pkgs = import nixpkgs { overlays = [overlay]; }; script = pkgs.writeFennelScript "foo" [] ./hello.fnl; inherit (pkgs.lua.pkgs) fifo; netlink = pkgs.netlink-lua; diff --git a/tests/inout/test.nix b/tests/inout/test.nix index 5f382e4..3f3b198 100644 --- a/tests/inout/test.nix +++ b/tests/inout/test.nix @@ -6,7 +6,7 @@ let img = (import liminix { device = import "${liminix}/devices/qemu/"; liminix-config = ./configuration.nix; }).outputs.vmroot; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ expect diff --git a/tests/jffs2/configuration.nix b/tests/jffs2/configuration.nix index 2515fbf..ea7670b 100644 --- a/tests/jffs2/configuration.nix +++ b/tests/jffs2/configuration.nix @@ -5,7 +5,6 @@ in { imports = [ ../../vanilla-configuration.nix ../../modules/squashfs.nix - ../../modules/outputs/jffs2.nix ]; config.rootfsType = "jffs2"; config.filesystem = dir { diff --git a/tests/jffs2/test.nix b/tests/jffs2/test.nix index f972583..5c5a582 100644 --- a/tests/jffs2/test.nix +++ b/tests/jffs2/test.nix @@ -6,7 +6,7 @@ let img = (import liminix { device = import "${liminix}/devices/qemu/"; liminix-config = ./configuration.nix; }).outputs.vmroot; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ expect diff --git a/tests/min-copy-closure/configuration.nix b/tests/min-copy-closure/configuration.nix index fe80bf2..0797341 100644 --- a/tests/min-copy-closure/configuration.nix +++ b/tests/min-copy-closure/configuration.nix @@ -13,7 +13,6 @@ let in { imports = [ ../../vanilla-configuration.nix - ../../modules/outputs/jffs2.nix ]; config = { services.sshd = longrun { diff --git a/tests/min-copy-closure/test.nix b/tests/min-copy-closure/test.nix index 14f0225..774b882 100644 --- a/tests/min-copy-closure/test.nix +++ b/tests/min-copy-closure/test.nix @@ -8,7 +8,7 @@ let lmx = (import liminix { }); rogue = lmx.pkgs.rogue; img = lmx.outputs.vmroot; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ expect diff --git a/tests/pppoe/test.nix b/tests/pppoe/test.nix index c8007a9..6972256 100644 --- a/tests/pppoe/test.nix +++ b/tests/pppoe/test.nix @@ -6,7 +6,7 @@ let img = (import liminix { device = import "${liminix}/devices/qemu"; liminix-config = ./configuration.nix; }).outputs.default; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; inherit (pkgs.pkgsBuildBuild) routeros; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ diff --git a/tests/tftpboot/test.nix b/tests/tftpboot/test.nix index b7a3e87..b6b9f1a 100644 --- a/tests/tftpboot/test.nix +++ b/tests/tftpboot/test.nix @@ -1,5 +1,6 @@ { - liminix + liminix, + ... }: let check = deviceName : config : let derivation = (import liminix { diff --git a/tests/updown/test.nix b/tests/updown/test.nix index 589e383..45f7c91 100644 --- a/tests/updown/test.nix +++ b/tests/updown/test.nix @@ -6,7 +6,7 @@ let img = (import liminix { device = import "${liminix}/devices/qemu/"; liminix-config = ./configuration.nix; }).outputs.vmroot; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ expect diff --git a/tests/wlan/test.nix b/tests/wlan/test.nix index fcc2715..f644fb9 100644 --- a/tests/wlan/test.nix +++ b/tests/wlan/test.nix @@ -3,10 +3,10 @@ , nixpkgs }: let img = (import liminix { - device = import "${liminix}/devices/qemu-armv7l/"; + device = import "${liminix}/devices/qemu/"; liminix-config = ./configuration.nix; }).outputs.default; - pkgs = import { overlays = [(import ../../overlay.nix)]; }; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; in pkgs.runCommand "check" { nativeBuildInputs = with pkgs; [ expect socat From c5e48f5c9fb38c721e6d186019269324ff5662d7 Mon Sep 17 00:00:00 2001 From: catvayor Date: Wed, 18 Sep 2024 17:04:51 +0200 Subject: [PATCH 02/23] feat(ci-wlan): use wpa_supplicant --- default.nix | 1 + overlay.nix | 6 +++++- tests/wlan/configuration.nix | 19 ++++++++++++++++++- tests/wlan/test.nix | 1 + tests/wlan/wait-for-wlan.expect | 4 ++-- tests/wlan/wpa_service.nix | 21 +++++++++++++++++++++ tests/wlan/wpa_supplicant.nix | 15 +++++++++++++++ 7 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 tests/wlan/wpa_service.nix create mode 100644 tests/wlan/wpa_supplicant.nix diff --git a/default.nix b/default.nix index 33593dc..fd1c357 100644 --- a/default.nix +++ b/default.nix @@ -27,6 +27,7 @@ let modules = [ { nixpkgs = { + source = nixpkgs; overlays = [ overlay ]; config.permittedInsecurePackages = [ "python-2.7.18.8" diff --git a/overlay.nix b/overlay.nix index dda4ddc..891e9a0 100644 --- a/overlay.nix +++ b/overlay.nix @@ -194,7 +194,11 @@ extraPkgs // { }); in h.override { openssl = null; sqlite = null; }; - + wpa_supplicant = prev.wpa_supplicant.override { + dbusSupport = false; + withPcsclite = false; + wpa_supplicant_gui = null; + }; kexec-tools-static = prev.kexec-tools.overrideAttrs(o: { # For kexecboot we copy kexec into a ramdisk on the system being diff --git a/tests/wlan/configuration.nix b/tests/wlan/configuration.nix index 6dc4b44..ed1d948 100644 --- a/tests/wlan/configuration.nix +++ b/tests/wlan/configuration.nix @@ -7,6 +7,7 @@ in rec { ../../modules/wlan.nix ../../modules/hostapd ../../modules/network + ./wpa_supplicant.nix ]; services.hostap = config.system.service.hostapd.build { @@ -27,5 +28,21 @@ in rec { }; }; - defaultProfile.packages = with pkgs; [ tcpdump ] ; + services.wpa_supplicant = config.system.service.wpa_supplicant.build { + interface = "wlan1"; + driver = "nl80211"; + config-file = pkgs.writeText "wpa_supplicant.conf" '' + country=us + update_config=1 + ctrl_interface=/run/wpa_supplicant + + network={ + scan_ssid=1 + ssid="liminix" + psk="colourless green ideas" + } + ''; + }; + + defaultProfile.packages = with pkgs; [ tcpdump wpa_supplicant ]; } diff --git a/tests/wlan/test.nix b/tests/wlan/test.nix index f644fb9..f1f20c2 100644 --- a/tests/wlan/test.nix +++ b/tests/wlan/test.nix @@ -3,6 +3,7 @@ , nixpkgs }: let img = (import liminix { + inherit nixpkgs; device = import "${liminix}/devices/qemu/"; liminix-config = ./configuration.nix; }).outputs.default; diff --git a/tests/wlan/wait-for-wlan.expect b/tests/wlan/wait-for-wlan.expect index 1d42a4e..5e0f073 100644 --- a/tests/wlan/wait-for-wlan.expect +++ b/tests/wlan/wait-for-wlan.expect @@ -14,10 +14,10 @@ expect { } expect "#" while { $FINISHED < 10 } { - send "date && grep AP-ENABLED /run/uncaught-logs/* || echo \$NOT\r\n" + send "date && grep CTRL-EVENT-CONNECTED /run/uncaught-logs/* || echo \$NOT\r\n" expect { - "wlan0: AP-ENABLED" { set FINISHED 999; set EXIT 0; } + "wlan1: CTRL-EVENT-CONNECTED" { set FINISHED 999; set EXIT 0; } "not_present" { send_user "waiting ...\n" ; sleep 5 } } set FINISHED [ expr $FINISHED + 1 ] diff --git a/tests/wlan/wpa_service.nix b/tests/wlan/wpa_service.nix new file mode 100644 index 0000000..ae70db3 --- /dev/null +++ b/tests/wlan/wpa_service.nix @@ -0,0 +1,21 @@ +{ + liminix, + wpa_supplicant, + lib, +}: +{ + interface, + driver, + config-file, +}: +let + inherit (liminix.services) longrun; + inherit (lib.strings) escapeShellArg; +in +longrun { + name = "wpa_supplicant"; + run = + '' + ${wpa_supplicant}/bin/wpa_supplicant -D${driver} -i${interface} -c ${config-file} + ''; +} diff --git a/tests/wlan/wpa_supplicant.nix b/tests/wlan/wpa_supplicant.nix new file mode 100644 index 0000000..98f7f08 --- /dev/null +++ b/tests/wlan/wpa_supplicant.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +with lib; { + options.system.service.wpa_supplicant = mkOption { type = pkgs.liminix.lib.types.serviceDefn; }; + config.system.service.wpa_supplicant = config.system.callService ./wpa_service.nix { + interface = mkOption { + type = types.str; + }; + driver = mkOption { + type = types.str; + }; + config-file = mkOption { + type = types.package; + }; + }; +} From 562b05034136363989620ab65ecdc830b53db9f1 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Tue, 17 Sep 2024 16:35:33 +0200 Subject: [PATCH 03/23] feat: add environment variables and prompt customization in login shells This way, we can configure a bit our prompt. Signed-off-by: Raito Bezarius --- modules/base.nix | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/modules/base.nix b/modules/base.nix index 41550e6..0d507a7 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -4,11 +4,13 @@ { lib, pkgs, config, ...}: let - inherit (lib) mkEnableOption mkOption types isDerivation hasAttr ; + inherit (lib) mkEnableOption mkOption types isDerivation hasAttr concatStringsSep; inherit (pkgs.pseudofile) dir symlink; inherit (pkgs.liminix.networking) address interface; inherit (pkgs.liminix.services) bundle; + # TODO: escape shell argument. + exportVar = name: value: "export ${name}=\"${value}\""; type_service = pkgs.liminix.lib.types.service; in { @@ -22,6 +24,24 @@ in { /run/current-system, we just add the paths in /etc/profile ''; }; + + environmentVariables = mkOption { + type = types.attrsOf types.str; + description = '' + Attribute set of environment variables to make available + in a login shell. + + The value is assumed to be escaped and the name to be valid. + ''; + }; + + prompt = mkOption { + type = types.str; + default = "$(whoami)@$(hostname) # "; + description = '' + Prompt string (PS1) for the shell. + ''; + }; }; services = mkOption { type = types.attrsOf type_service; @@ -111,6 +131,8 @@ in { defaultProfile.packages = with pkgs; [ s6 s6-init-bin execline s6-linux-init s6-rc ]; + # Set the useful PS1 prompt by default. + defaultProfile.environmentVariables.PS1 = lib.mkDefault config.defaultProfile.prompt; boot.commandLine = [ "panic=10 oops=panic init=/bin/init loglevel=8" @@ -181,9 +203,10 @@ in { etc = let profile = symlink (pkgs.writeScript ".profile" '' - PATH=${lib.makeBinPath config.defaultProfile.packages}:/bin + PATH=${lib.makeBinPath config.defaultProfile.packages}:/bin export PATH - ''); + ${concatStringsSep "\n" (map exportVar config.defaultProfile.environmentVariables)} + ''); in dir { inherit profile; ashrc = profile; From eec7a6e985424200678afe090922c89457f5e4b8 Mon Sep 17 00:00:00 2001 From: catvayor Date: Fri, 27 Sep 2024 10:17:34 +0200 Subject: [PATCH 04/23] fix PS1 --- modules/base.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/base.nix b/modules/base.nix index 0d507a7..5107e1e 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -4,7 +4,7 @@ { lib, pkgs, config, ...}: let - inherit (lib) mkEnableOption mkOption types isDerivation hasAttr concatStringsSep; + inherit (lib) mkEnableOption mkOption types isDerivation hasAttr concatStringsSep mapAttrsToList; inherit (pkgs.pseudofile) dir symlink; inherit (pkgs.liminix.networking) address interface; inherit (pkgs.liminix.services) bundle; @@ -205,7 +205,7 @@ in { (pkgs.writeScript ".profile" '' PATH=${lib.makeBinPath config.defaultProfile.packages}:/bin export PATH - ${concatStringsSep "\n" (map exportVar config.defaultProfile.environmentVariables)} + ${concatStringsSep "\n" (mapAttrsToList exportVar config.defaultProfile.environmentVariables)} ''); in dir { inherit profile; From 89d2d34ad77646ec7f405863907067b19cc41168 Mon Sep 17 00:00:00 2001 From: catvayor Date: Fri, 27 Sep 2024 10:35:53 +0200 Subject: [PATCH 05/23] feat(ci): prompt checking --- .forgejo/workflows/build.yaml | 10 ++++++++++ tests/ci.nix | 1 + tests/custom-shell/check-prompt.expect | 7 +++++++ tests/custom-shell/configuration.nix | 13 +++++++++++++ tests/custom-shell/test.nix | 21 +++++++++++++++++++++ 5 files changed, 52 insertions(+) create mode 100644 tests/custom-shell/check-prompt.expect create mode 100644 tests/custom-shell/configuration.nix create mode 100644 tests/custom-shell/test.nix diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 3a29607..71964a9 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -38,3 +38,13 @@ jobs: run: | # Enter the shell nix-build ci.nix -A wlan + + test_shell_customization: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: Build VM QEMU MIPS + run: | + # Enter the shell + nix-build ci.nix -A custom-shell diff --git a/tests/ci.nix b/tests/ci.nix index 4fbd953..1334885 100644 --- a/tests/ci.nix +++ b/tests/ci.nix @@ -10,4 +10,5 @@ tftpboot = import ./tftpboot/test.nix; updown = import ./updown/test.nix; inout = import ./inout/test.nix; + custom-shell = import ./custom-shell/test.nix; } diff --git a/tests/custom-shell/check-prompt.expect b/tests/custom-shell/check-prompt.expect new file mode 100644 index 0000000..4cc7656 --- /dev/null +++ b/tests/custom-shell/check-prompt.expect @@ -0,0 +1,7 @@ +set timeout 60 + +spawn socat unix-connect:vm/console - +expect { + "root@liminix blah blah > " { exit 0 } + timeout { exit 1 } +} diff --git a/tests/custom-shell/configuration.nix b/tests/custom-shell/configuration.nix new file mode 100644 index 0000000..b908137 --- /dev/null +++ b/tests/custom-shell/configuration.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... } : +let + inherit (pkgs.liminix.networking) interface address hostapd route dnsmasq; + inherit (pkgs.liminix.services) oneshot longrun bundle target; +in rec { + imports = [ + ../../modules/network + ]; + + defaultProfile.prompt = "$(whoami)@$(hostname) blah blah > "; + + defaultProfile.packages = with pkgs; [ ]; +} diff --git a/tests/custom-shell/test.nix b/tests/custom-shell/test.nix new file mode 100644 index 0000000..e5273e1 --- /dev/null +++ b/tests/custom-shell/test.nix @@ -0,0 +1,21 @@ +{ + liminix +, nixpkgs +}: +let img = (import liminix { + inherit nixpkgs; + device = import "${liminix}/devices/qemu/"; + liminix-config = ./configuration.nix; + }).outputs.default; + pkgs = import nixpkgs { overlays = [(import ../../overlay.nix)]; }; +in pkgs.runCommand "check" { + nativeBuildInputs = with pkgs; [ + expect socat + ] ; +} '' +. ${../test-helpers.sh} + +mkdir vm +${img}/run.sh --background ./vm +expect ${./check-prompt.expect} |tee output && mv output $out +'' From 7eff028b022ec6e5ae210305196b86b999a03452 Mon Sep 17 00:00:00 2001 From: catvayor Date: Fri, 27 Sep 2024 16:18:13 +0200 Subject: [PATCH 06/23] fix: hostname at early boot --- modules/hostname.nix | 22 +++++++++++++++------- modules/s6/default.nix | 2 ++ modules/s6/scripts/rc.init | 1 + 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/modules/hostname.nix b/modules/hostname.nix index 5f18b04..e05b724 100644 --- a/modules/hostname.nix +++ b/modules/hostname.nix @@ -1,7 +1,6 @@ { lib, pkgs, config, ...}: let inherit (lib) mkOption types; - inherit (pkgs.liminix.services) oneshot; in { options = { hostname = mkOption { @@ -12,12 +11,21 @@ in { default = "liminix"; type = types.nonEmptyStr; }; - }; - config = { - services.hostname = oneshot { - name = "hostname-${builtins.substring 0 12 (builtins.hashString "sha256" config.hostname)}"; - up = "echo ${config.hostname} > /proc/sys/kernel/hostname"; - down = "true"; + hostname-script = mkOption { + description = '' + Script that outputs the system hostname on stdin. + ''; + default = pkgs.writeScript "hostname-gen" '' + #!/bin/sh + echo ${config.hostname} + ''; + defaultText = '' + pkgs.writeScript "hostname-gen" ''' + #!/bin/sh + echo ''${config.hostname} + ''' + ''; + type = types.package; }; }; } diff --git a/modules/s6/default.nix b/modules/s6/default.nix index cd05de7..e1ce9c8 100644 --- a/modules/s6/default.nix +++ b/modules/s6/default.nix @@ -30,6 +30,8 @@ let installPhase = '' mkdir $out cp -r $src $out/scripts + substituteInPlace $out/scripts/rc.init \ + --replace-fail 'config.hostname' "${config.hostname-script}" chmod -R +w $out ''; }; diff --git a/modules/s6/scripts/rc.init b/modules/s6/scripts/rc.init index c098ffb..3888e50 100755 --- a/modules/s6/scripts/rc.init +++ b/modules/s6/scripts/rc.init @@ -36,6 +36,7 @@ fi ### (replace /run/service with your scandir) s6-rc-init -d -c /etc/s6-rc/compiled /run/service +config.hostname > /proc/sys/kernel/hostname ### 2. Starting the wanted set of services ### This is also called every time you change runlevels with telinit. From 752ff19e21571a6242b6d1aaf249d4ef510e00bf Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 7 Dec 2024 16:00:29 +0100 Subject: [PATCH 07/23] fix: switch to writeClosure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit writeReferencesToFile has been removed from nixpkgs… Signed-off-by: Raito Bezarius --- modules/outputs/initramfs.nix | 2 +- pkgs/initramfs-peek/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/outputs/initramfs.nix b/modules/outputs/initramfs.nix index b1e0ea8..6d5d473 100644 --- a/modules/outputs/initramfs.nix +++ b/modules/outputs/initramfs.nix @@ -54,7 +54,7 @@ in mount -t sysfs none /sys ${busybox}/bin/sh ''; - refs = pkgs.writeReferencesToFile busybox; + refs = pkgs.writeClosure [ busybox ]; in runCommand "initramfs.cpio" {} '' cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out dir /proc 0755 0 0 diff --git a/pkgs/initramfs-peek/default.nix b/pkgs/initramfs-peek/default.nix index 39067cb..86f8e18 100644 --- a/pkgs/initramfs-peek/default.nix +++ b/pkgs/initramfs-peek/default.nix @@ -3,7 +3,7 @@ , pkgsBuildBuild , runCommand , cpio -, writeReferencesToFile +, writeClosure , writeScript } : let @@ -18,7 +18,7 @@ let mount -t sysfs none /sys ${busybox}/bin/sh ''; - refs = writeReferencesToFile busybox; + refs = writeClosure [ busybox ]; in runCommand "initramfs.cpio" { } '' cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out dir /proc 0755 0 0 From 9b03b4355b39205791a6dc809d8e8b3056c343da Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 7 Dec 2024 16:07:41 +0100 Subject: [PATCH 08/23] fix: add forgotten modules for levitation Otherwise, this won't eval properly. Signed-off-by: Raito Bezarius --- pkgs/levitate/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/levitate/default.nix b/pkgs/levitate/default.nix index 8bbbfb6..b2b1ec3 100644 --- a/pkgs/levitate/default.nix +++ b/pkgs/levitate/default.nix @@ -60,6 +60,9 @@ let ../../modules/base.nix ../../modules/users.nix ../../modules/busybox.nix + ../../modules/hostname.nix + ../../modules/misc/assertions.nix + ../../modules/nixpkgs.nix base ({ ... } : paramConfig) ../../modules/s6 From 1a607ef8ed381b06f850de1f5f0d4d0a676fb9ba Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 7 Dec 2024 16:11:04 +0100 Subject: [PATCH 09/23] fix: propagate host platform to levitated systems Signed-off-by: Raito Bezarius --- pkgs/levitate/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/levitate/default.nix b/pkgs/levitate/default.nix index b2b1ec3..966200b 100644 --- a/pkgs/levitate/default.nix +++ b/pkgs/levitate/default.nix @@ -2,6 +2,7 @@ writeScriptBin , writeScript , systemconfig +, stdenv , execline , lib , config ? {} @@ -64,6 +65,10 @@ let ../../modules/misc/assertions.nix ../../modules/nixpkgs.nix base + { + # Inherit from that target system host platform. + nixpkgs.hostPlatform = stdenv.hostPlatform; + } ({ ... } : paramConfig) ../../modules/s6 ]; From c515e4354bb229bb74ee084a9e4b3d50b40ffd4f Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 7 Dec 2024 16:12:59 +0100 Subject: [PATCH 10/23] fix: do not redefine pkgs and lim for levitated system Signed-off-by: Raito Bezarius --- pkgs/levitate/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/levitate/default.nix b/pkgs/levitate/default.nix index 966200b..5a2e9c5 100644 --- a/pkgs/levitate/default.nix +++ b/pkgs/levitate/default.nix @@ -57,7 +57,6 @@ let }; eval = lib.evalModules { modules = [ - { _module.args = { inherit pkgs; inherit (pkgs) lim; }; } ../../modules/base.nix ../../modules/users.nix ../../modules/busybox.nix @@ -68,6 +67,8 @@ let { # Inherit from that target system host platform. nixpkgs.hostPlatform = stdenv.hostPlatform; + # Force our own package set. + nixpkgs.pkgs = lib.mkForce pkgs; } ({ ... } : paramConfig) ../../modules/s6 From 24443628a1cc759190663cbd4a0e18f4f542fa3b Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 7 Dec 2024 16:18:30 +0100 Subject: [PATCH 11/23] fix: chrony does not have readline, nspr, nss anymore Signed-off-by: Raito Bezarius --- overlay.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/overlay.nix b/overlay.nix index 891e9a0..ad54704 100644 --- a/overlay.nix +++ b/overlay.nix @@ -67,9 +67,6 @@ extraPkgs // { }); in chrony'.override { gnutls = null; - nss = null; - nspr = null; - readline = null; libedit = null; libseccomp = null; # should texinfo be in nativeBuildInputs instead of From d02397cd653557938b1cd47e17b818a32628a9e1 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 8 Dec 2024 13:14:19 +0100 Subject: [PATCH 12/23] fix: do not pass graphviz as a dependency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On mipsel, we do not have… graphviz. Signed-off-by: Raito Bezarius --- overlay.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/overlay.nix b/overlay.nix index ad54704..b85a0ca 100644 --- a/overlay.nix +++ b/overlay.nix @@ -191,6 +191,10 @@ extraPkgs // { }); in h.override { openssl = null; sqlite = null; }; + libnl = prev.libnl.override { + graphviz = null; + }; + wpa_supplicant = prev.wpa_supplicant.override { dbusSupport = false; withPcsclite = false; From b8caddae08fc6fcea75bcb003523a010eb9cc10f Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 8 Dec 2024 20:29:09 +0100 Subject: [PATCH 13/23] fix: do not take any hostapd patches from nixpkgs We have our own hostapd fork, hence patches may be wrong. Signed-off-by: Raito Bezarius --- overlay.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/overlay.nix b/overlay.nix index b85a0ca..42a8e78 100644 --- a/overlay.nix +++ b/overlay.nix @@ -138,7 +138,9 @@ extraPkgs // { repo = "hostapd"; rev = "hostap-liminix-integration"; hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI="; - }; + }; + # Do not take any patch. + patches = []; extraConfig = ""; configurePhase = '' cat > hostapd/defconfig < hostapd/defconfig < Date: Sun, 8 Dec 2024 20:40:52 +0100 Subject: [PATCH 14/23] Revert "fix: chrony does not have readline, nspr, nss anymore" This reverts commit 24443628a1cc759190663cbd4a0e18f4f542fa3b because we fell back to NixOS 24.05. --- overlay.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/overlay.nix b/overlay.nix index 42a8e78..0a30478 100644 --- a/overlay.nix +++ b/overlay.nix @@ -67,6 +67,9 @@ extraPkgs // { }); in chrony'.override { gnutls = null; + nss = null; + nspr = null; + readline = null; libedit = null; libseccomp = null; # should texinfo be in nativeBuildInputs instead of From 4dabd970f0e4f09a5c03d467d845c4a21206db2d Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:09:21 +0100 Subject: [PATCH 15/23] feat: use iproute2 by default instead of busybox iproute2 brings so much on the table, it's worth it. Signed-off-by: Raito Bezarius --- modules/base.nix | 2 +- modules/busybox.nix | 2 +- overlay.nix | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/base.nix b/modules/base.nix index 5107e1e..a342539 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -130,7 +130,7 @@ in { nixpkgs.buildPlatform = lib.mkDefault builtins.currentSystem; defaultProfile.packages = with pkgs; - [ s6 s6-init-bin execline s6-linux-init s6-rc ]; + [ s6 s6-init-bin execline s6-linux-init s6-rc iproute2 ]; # Set the useful PS1 prompt by default. defaultProfile.environmentVariables.PS1 = lib.mkDefault config.defaultProfile.prompt; diff --git a/modules/busybox.nix b/modules/busybox.nix index 718cafd..ee3b09b 100644 --- a/modules/busybox.nix +++ b/modules/busybox.nix @@ -37,7 +37,7 @@ let "comm" "cp" "cpio" "cut" "date" "dhcprelay" "dd" "df" "dirname" "dmesg" "du" "echo" "egrep" "env" "expand" "expr" "false" "fdisk" "fgrep" "find" "free" "fuser" "grep" "gunzip" "gzip" "head" "hexdump" "hostname" "hwclock" - "ifconfig" "ip" "ipaddr" "iplink" "ipneigh" "iproute" "iprule" "kill" + "ifconfig" "ipneigh" "kill" "killall" "killall5" "less" "ln" "ls" "lsattr" "lsof" "md5sum" "mkdir" "mknod" "mktemp" "mount" "mv" "nc" "netstat" "nohup" "od" "pgrep" "pidof" "ping" "ping6" "pkill" "pmap" "printenv" "printf" "ps" "pwd" "readlink" diff --git a/overlay.nix b/overlay.nix index 0a30478..1aa7bf1 100644 --- a/overlay.nix +++ b/overlay.nix @@ -201,6 +201,17 @@ extraPkgs // { graphviz = null; }; + iproute2 = prev.iproute2.overrideAttrs (old: { + postInstall = '' + ${(old.postInstall or "")} + non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa") + for needless_binary in "$non_necessary_binaries[@]"; do + echo "Removing unnecessary binary $out/$needless_binary" + rm "$out/$needless_binary" + done + ''; + }); + wpa_supplicant = prev.wpa_supplicant.override { dbusSupport = false; withPcsclite = false; From 1598d59ca7a16c0e93a989d2f4ac73637e58513b Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:11:48 +0100 Subject: [PATCH 16/23] feat: remove elfutils from iproute2 Shaves a lot of the compile time. Signed-off-by: Raito Bezarius --- overlay.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/overlay.nix b/overlay.nix index 1aa7bf1..59c6b7e 100644 --- a/overlay.nix +++ b/overlay.nix @@ -201,7 +201,8 @@ extraPkgs // { graphviz = null; }; - iproute2 = prev.iproute2.overrideAttrs (old: { + iproute2 = + let i = prev.iproute2.overrideAttrs (old: { postInstall = '' ${(old.postInstall or "")} non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa") @@ -211,6 +212,8 @@ extraPkgs // { done ''; }); + # Don't bring ebpf stuff to the table. + in i.override { elfutils = null; }; wpa_supplicant = prev.wpa_supplicant.override { dbusSupport = false; From d6c976f8a1daad05d42cfb0314b4230e666c2a02 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:13:18 +0100 Subject: [PATCH 17/23] feat: remove iptables from iproute2 Signed-off-by: Raito Bezarius --- overlay.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/overlay.nix b/overlay.nix index 59c6b7e..fde7798 100644 --- a/overlay.nix +++ b/overlay.nix @@ -213,7 +213,8 @@ extraPkgs // { ''; }); # Don't bring ebpf stuff to the table. - in i.override { elfutils = null; }; + # We also remove tc so we can drop iptables as well. + in i.override { elfutils = null; iptables = null; }; wpa_supplicant = prev.wpa_supplicant.override { dbusSupport = false; From 9f9ade29f418cd1d991135c8b585ae3e68e88781 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:14:22 +0100 Subject: [PATCH 18/23] fix: i do not know how to do bash ok? fix the quoting for the array iteration Signed-off-by: Raito Bezarius --- overlay.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay.nix b/overlay.nix index fde7798..ace3c8f 100644 --- a/overlay.nix +++ b/overlay.nix @@ -206,7 +206,7 @@ extraPkgs // { postInstall = '' ${(old.postInstall or "")} non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa") - for needless_binary in "$non_necessary_binaries[@]"; do + for needless_binary in "''${non_necessary_binaries[@]}"; do echo "Removing unnecessary binary $out/$needless_binary" rm "$out/$needless_binary" done From 92594b3b64df1170843930570e5431a35377b9d3 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:15:07 +0100 Subject: [PATCH 19/23] fix: i do not know how to do nix ok? it's in bin/, not in $out/ simply. Signed-off-by: Raito Bezarius --- overlay.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay.nix b/overlay.nix index ace3c8f..80dd3a5 100644 --- a/overlay.nix +++ b/overlay.nix @@ -207,8 +207,8 @@ extraPkgs // { ${(old.postInstall or "")} non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa") for needless_binary in "''${non_necessary_binaries[@]}"; do - echo "Removing unnecessary binary $out/$needless_binary" - rm "$out/$needless_binary" + echo "Removing unnecessary binary $out/bin/$needless_binary" + rm "$out/bin/$needless_binary" done ''; }); From c5c82a5391f3c7b4c6d583a79ce5d1f21f681160 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:16:40 +0100 Subject: [PATCH 20/23] fix: i do not know how to do makefiles ok? it's in sbin/ not in bin/, nix moves it to bin/ later on. Signed-off-by: Raito Bezarius --- overlay.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay.nix b/overlay.nix index 80dd3a5..c674ad3 100644 --- a/overlay.nix +++ b/overlay.nix @@ -207,8 +207,8 @@ extraPkgs // { ${(old.postInstall or "")} non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa") for needless_binary in "''${non_necessary_binaries[@]}"; do - echo "Removing unnecessary binary $out/bin/$needless_binary" - rm "$out/bin/$needless_binary" + echo "Removing unnecessary binary $out/sbin/$needless_binary" + rm "$out/sbin/$needless_binary" done ''; }); From 0c6d26b4fce5641dd746c8061526aa8141f1b3db Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:22:30 +0100 Subject: [PATCH 21/23] feat: remove db from iproute2 as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Too big already… ! Signed-off-by: Raito Bezarius --- overlay.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/overlay.nix b/overlay.nix index c674ad3..b170c24 100644 --- a/overlay.nix +++ b/overlay.nix @@ -214,7 +214,8 @@ extraPkgs // { }); # Don't bring ebpf stuff to the table. # We also remove tc so we can drop iptables as well. - in i.override { elfutils = null; iptables = null; }; + # Let's try to kill `db` as well. + in i.override { elfutils = null; iptables = null; db = null; }; wpa_supplicant = prev.wpa_supplicant.override { dbusSupport = false; From 9490822c1a539669d1db951cc4807bcad19d3832 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 00:43:45 +0100 Subject: [PATCH 22/23] feat: introduce iproute2 module for linkage In the future, we will make it possible to choose between iproute2 and busybox more properly. Signed-off-by: Raito Bezarius --- lib/eval-config.nix | 1 + modules/all-modules.nix | 3 ++- modules/iproute2.nix | 28 ++++++++++++++++++++++++++++ overlay.nix | 4 ++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 modules/iproute2.nix diff --git a/lib/eval-config.nix b/lib/eval-config.nix index 4c3c009..a940497 100644 --- a/lib/eval-config.nix +++ b/lib/eval-config.nix @@ -12,6 +12,7 @@ in "${modulesPath}/hardware.nix" "${modulesPath}/base.nix" "${modulesPath}/busybox.nix" + "${modulesPath}/iproute2.nix" "${modulesPath}/hostname.nix" "${modulesPath}/kernel" "${modulesPath}/s6" diff --git a/modules/all-modules.nix b/modules/all-modules.nix index 98352c1..9afff7d 100644 --- a/modules/all-modules.nix +++ b/modules/all-modules.nix @@ -4,9 +4,10 @@ { imports = [ - ./base.nix + ./base.nix ./bridge ./busybox.nix + ./iproute2.nix ./dhcp6c ./jitter-rng ./dnsmasq diff --git a/modules/iproute2.nix b/modules/iproute2.nix new file mode 100644 index 0000000..2555d44 --- /dev/null +++ b/modules/iproute2.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: +let + inherit (lib) mkEnableOption mkPackageOption mkIf genAttrs; + inherit (pkgs.pseudofile) dir symlink; + cfg = config.programs.iproute2; + minimalPrograms = [ + "ip" + "devlink" + "ss" + "bridge" + "genl" + "ifstat" + "nstat" + ]; + links = genAttrs minimalPrograms (p: symlink "${cfg.package}/bin/${p}"); +in +{ + options.programs.iproute2 = { + enable = mkEnableOption "the iproute2 programs instead of busybox variants"; + package = mkPackageOption pkgs "iproute2" { }; + }; + + config = mkIf cfg.enable { + filesystem = dir { + bin = dir links; + }; + }; +} diff --git a/overlay.nix b/overlay.nix index b170c24..fda6239 100644 --- a/overlay.nix +++ b/overlay.nix @@ -210,6 +210,10 @@ extraPkgs // { echo "Removing unnecessary binary $out/sbin/$needless_binary" rm "$out/sbin/$needless_binary" done + # No man + rm -rf "$out/share" + # Remove all the data about distributions for tc. + rm -rf "$out/lib" ''; }); # Don't bring ebpf stuff to the table. From 1322de1ee0cdb19fead79e12ab279ee0b575019a Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Mon, 9 Dec 2024 01:01:15 +0100 Subject: [PATCH 23/23] feat: add support for untagged frames Should cover egress & ingress. Signed-off-by: Raito Bezarius --- modules/bridge/default.nix | 17 +++++++++++++++-- modules/bridge/primary.nix | 15 ++++++++++----- modules/vlan/default.nix | 5 +++++ modules/vlan/service.nix | 4 +++- 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/modules/bridge/default.nix b/modules/bridge/default.nix index 3a24d7c..df7bce1 100644 --- a/modules/bridge/default.nix +++ b/modules/bridge/default.nix @@ -9,8 +9,7 @@ { lib, pkgs, config, ...}: let - inherit (lib) mkOption types; - inherit (pkgs.liminix.services) oneshot; + inherit (lib) mkOption types mkEnableOption; inherit (pkgs) liminix; in { @@ -35,6 +34,20 @@ in default = null; description = "reuse mac address from an existing interface service"; }; + + untagged = { + enable = mkEnableOption "untagged frames on port VID"; + pvid = mkOption { + type = types.nullOr types.int; + default = null; + description = "Port VLAN ID for egress untagged frames"; + }; + default-pvid = mkOption { + type = types.int; + default = 0; + description = "Default PVID for ingress untagged frames, defaults to 0, which disable untagged frames for ingress"; + }; + }; }; members = config.system.callService ./members.nix { primary = mkOption { diff --git a/modules/bridge/primary.nix b/modules/bridge/primary.nix index f5e1219..35140dd 100644 --- a/modules/bridge/primary.nix +++ b/modules/bridge/primary.nix @@ -3,17 +3,22 @@ , ifwait , lib }: -{ ifname, macAddressFromInterface ? null } : +{ ifname, macAddressFromInterface ? null, untagged } : let - inherit (liminix.services) bundle oneshot; - inherit (lib) mkOption types optional; + inherit (liminix.services) oneshot; + inherit (lib) optional optionalString; + # This enables vlan_filtering if we do make use of it. + extra = if untagged.enable then " vlan_filtering 1 vlan_default_pvid ${toString untagged.default-pvid}" else ""; in oneshot rec { name = "${ifname}.link"; up = '' ${if macAddressFromInterface == null then - "ip link add name ${ifname} type bridge" + "ip link add name ${ifname} type bridge${extra}" else - "ip link add name ${ifname} address $(output ${macAddressFromInterface} ether) type bridge"} + "ip link add name ${ifname} address $(output ${macAddressFromInterface} ether) type bridge${extra}"} + + ${optionalString untagged.enable + "bridge vlan add vid ${toString untagged.pvid} dev ${ifname} pvid untagged self"} (in_outputs ${name} echo ${ifname} > ifname diff --git a/modules/vlan/default.nix b/modules/vlan/default.nix index 6698630..2a6bed9 100644 --- a/modules/vlan/default.nix +++ b/modules/vlan/default.nix @@ -33,6 +33,11 @@ in description = "VLAN identifier (VID) in range 1-4094"; type = types.str; }; + untagged.egress = mkOption { + description = "Whether packets from this interface will go out *untagged*"; + type = types.bool; + default = false; + }; }; config.kernel.config = { VLAN_8021Q = "y"; diff --git a/modules/vlan/service.nix b/modules/vlan/service.nix index 1311545..3fa4ea2 100644 --- a/modules/vlan/service.nix +++ b/modules/vlan/service.nix @@ -2,13 +2,15 @@ liminix , lib }: -{ ifname, primary, vid } : +{ ifname, primary, vid, untagged } : let + inherit (lib) optionalString; inherit (liminix.services) oneshot; in oneshot rec { name = "${ifname}.link"; up = '' ip link add link $(output ${primary} ifname) name ${ifname} type vlan id ${vid} + ${optionalString untagged.egress "bridge vlan add dev ${ifname} vid ${toString untagged.vid} pvid untagged master"} ${liminix.networking.ifup name ifname} (in_outputs ${name} echo ${ifname} > ifname