forked from DGNum/liminix
Compare commits
17 commits
Author | SHA1 | Date | |
---|---|---|---|
|
1322de1ee0 | ||
|
9490822c1a | ||
|
0c6d26b4fc | ||
|
c5c82a5391 | ||
|
92594b3b64 | ||
|
9f9ade29f4 | ||
|
d6c976f8a1 | ||
|
1598d59ca7 | ||
|
4dabd970f0 | ||
|
473d6acc3d | ||
|
b8caddae08 | ||
|
d02397cd65 | ||
|
24443628a1 | ||
|
c515e4354b | ||
|
1a607ef8ed | ||
|
9b03b4355b | ||
|
752ff19e21 |
13 changed files with 107 additions and 16 deletions
|
@ -12,6 +12,7 @@ in
|
||||||
"${modulesPath}/hardware.nix"
|
"${modulesPath}/hardware.nix"
|
||||||
"${modulesPath}/base.nix"
|
"${modulesPath}/base.nix"
|
||||||
"${modulesPath}/busybox.nix"
|
"${modulesPath}/busybox.nix"
|
||||||
|
"${modulesPath}/iproute2.nix"
|
||||||
"${modulesPath}/hostname.nix"
|
"${modulesPath}/hostname.nix"
|
||||||
"${modulesPath}/kernel"
|
"${modulesPath}/kernel"
|
||||||
"${modulesPath}/s6"
|
"${modulesPath}/s6"
|
||||||
|
|
|
@ -4,9 +4,10 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
./base.nix
|
||||||
./bridge
|
./bridge
|
||||||
./busybox.nix
|
./busybox.nix
|
||||||
|
./iproute2.nix
|
||||||
./dhcp6c
|
./dhcp6c
|
||||||
./jitter-rng
|
./jitter-rng
|
||||||
./dnsmasq
|
./dnsmasq
|
||||||
|
|
|
@ -130,7 +130,7 @@ in {
|
||||||
nixpkgs.buildPlatform = lib.mkDefault builtins.currentSystem;
|
nixpkgs.buildPlatform = lib.mkDefault builtins.currentSystem;
|
||||||
|
|
||||||
defaultProfile.packages = with pkgs;
|
defaultProfile.packages = with pkgs;
|
||||||
[ s6 s6-init-bin execline s6-linux-init s6-rc ];
|
[ s6 s6-init-bin execline s6-linux-init s6-rc iproute2 ];
|
||||||
# Set the useful PS1 prompt by default.
|
# Set the useful PS1 prompt by default.
|
||||||
defaultProfile.environmentVariables.PS1 = lib.mkDefault config.defaultProfile.prompt;
|
defaultProfile.environmentVariables.PS1 = lib.mkDefault config.defaultProfile.prompt;
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,7 @@
|
||||||
|
|
||||||
{ lib, pkgs, config, ...}:
|
{ lib, pkgs, config, ...}:
|
||||||
let
|
let
|
||||||
inherit (lib) mkOption types;
|
inherit (lib) mkOption types mkEnableOption;
|
||||||
inherit (pkgs.liminix.services) oneshot;
|
|
||||||
inherit (pkgs) liminix;
|
inherit (pkgs) liminix;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -35,6 +34,20 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
description = "reuse mac address from an existing interface service";
|
description = "reuse mac address from an existing interface service";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
untagged = {
|
||||||
|
enable = mkEnableOption "untagged frames on port VID";
|
||||||
|
pvid = mkOption {
|
||||||
|
type = types.nullOr types.int;
|
||||||
|
default = null;
|
||||||
|
description = "Port VLAN ID for egress untagged frames";
|
||||||
|
};
|
||||||
|
default-pvid = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 0;
|
||||||
|
description = "Default PVID for ingress untagged frames, defaults to 0, which disable untagged frames for ingress";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
members = config.system.callService ./members.nix {
|
members = config.system.callService ./members.nix {
|
||||||
primary = mkOption {
|
primary = mkOption {
|
||||||
|
|
|
@ -3,17 +3,22 @@
|
||||||
, ifwait
|
, ifwait
|
||||||
, lib
|
, lib
|
||||||
}:
|
}:
|
||||||
{ ifname, macAddressFromInterface ? null } :
|
{ ifname, macAddressFromInterface ? null, untagged } :
|
||||||
let
|
let
|
||||||
inherit (liminix.services) bundle oneshot;
|
inherit (liminix.services) oneshot;
|
||||||
inherit (lib) mkOption types optional;
|
inherit (lib) optional optionalString;
|
||||||
|
# This enables vlan_filtering if we do make use of it.
|
||||||
|
extra = if untagged.enable then " vlan_filtering 1 vlan_default_pvid ${toString untagged.default-pvid}" else "";
|
||||||
in oneshot rec {
|
in oneshot rec {
|
||||||
name = "${ifname}.link";
|
name = "${ifname}.link";
|
||||||
up = ''
|
up = ''
|
||||||
${if macAddressFromInterface == null then
|
${if macAddressFromInterface == null then
|
||||||
"ip link add name ${ifname} type bridge"
|
"ip link add name ${ifname} type bridge${extra}"
|
||||||
else
|
else
|
||||||
"ip link add name ${ifname} address $(output ${macAddressFromInterface} ether) type bridge"}
|
"ip link add name ${ifname} address $(output ${macAddressFromInterface} ether) type bridge${extra}"}
|
||||||
|
|
||||||
|
${optionalString untagged.enable
|
||||||
|
"bridge vlan add vid ${toString untagged.pvid} dev ${ifname} pvid untagged self"}
|
||||||
|
|
||||||
(in_outputs ${name}
|
(in_outputs ${name}
|
||||||
echo ${ifname} > ifname
|
echo ${ifname} > ifname
|
||||||
|
|
|
@ -37,7 +37,7 @@ let
|
||||||
"comm" "cp" "cpio" "cut" "date" "dhcprelay" "dd" "df" "dirname" "dmesg"
|
"comm" "cp" "cpio" "cut" "date" "dhcprelay" "dd" "df" "dirname" "dmesg"
|
||||||
"du" "echo" "egrep" "env" "expand" "expr" "false" "fdisk" "fgrep" "find"
|
"du" "echo" "egrep" "env" "expand" "expr" "false" "fdisk" "fgrep" "find"
|
||||||
"free" "fuser" "grep" "gunzip" "gzip" "head" "hexdump" "hostname" "hwclock"
|
"free" "fuser" "grep" "gunzip" "gzip" "head" "hexdump" "hostname" "hwclock"
|
||||||
"ifconfig" "ip" "ipaddr" "iplink" "ipneigh" "iproute" "iprule" "kill"
|
"ifconfig" "ipneigh" "kill"
|
||||||
"killall" "killall5" "less" "ln" "ls" "lsattr" "lsof" "md5sum" "mkdir"
|
"killall" "killall5" "less" "ln" "ls" "lsattr" "lsof" "md5sum" "mkdir"
|
||||||
"mknod" "mktemp" "mount" "mv" "nc" "netstat" "nohup" "od" "pgrep" "pidof"
|
"mknod" "mktemp" "mount" "mv" "nc" "netstat" "nohup" "od" "pgrep" "pidof"
|
||||||
"ping" "ping6" "pkill" "pmap" "printenv" "printf" "ps" "pwd" "readlink"
|
"ping" "ping6" "pkill" "pmap" "printenv" "printf" "ps" "pwd" "readlink"
|
||||||
|
|
28
modules/iproute2.nix
Normal file
28
modules/iproute2.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption mkPackageOption mkIf genAttrs;
|
||||||
|
inherit (pkgs.pseudofile) dir symlink;
|
||||||
|
cfg = config.programs.iproute2;
|
||||||
|
minimalPrograms = [
|
||||||
|
"ip"
|
||||||
|
"devlink"
|
||||||
|
"ss"
|
||||||
|
"bridge"
|
||||||
|
"genl"
|
||||||
|
"ifstat"
|
||||||
|
"nstat"
|
||||||
|
];
|
||||||
|
links = genAttrs minimalPrograms (p: symlink "${cfg.package}/bin/${p}");
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.programs.iproute2 = {
|
||||||
|
enable = mkEnableOption "the iproute2 programs instead of busybox variants";
|
||||||
|
package = mkPackageOption pkgs "iproute2" { };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
filesystem = dir {
|
||||||
|
bin = dir links;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -54,7 +54,7 @@ in
|
||||||
mount -t sysfs none /sys
|
mount -t sysfs none /sys
|
||||||
${busybox}/bin/sh
|
${busybox}/bin/sh
|
||||||
'';
|
'';
|
||||||
refs = pkgs.writeReferencesToFile busybox;
|
refs = pkgs.writeClosure [ busybox ];
|
||||||
in runCommand "initramfs.cpio" {} ''
|
in runCommand "initramfs.cpio" {} ''
|
||||||
cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out
|
cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out
|
||||||
dir /proc 0755 0 0
|
dir /proc 0755 0 0
|
||||||
|
|
|
@ -33,6 +33,11 @@ in
|
||||||
description = "VLAN identifier (VID) in range 1-4094";
|
description = "VLAN identifier (VID) in range 1-4094";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
untagged.egress = mkOption {
|
||||||
|
description = "Whether packets from this interface will go out *untagged*";
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
config.kernel.config = {
|
config.kernel.config = {
|
||||||
VLAN_8021Q = "y";
|
VLAN_8021Q = "y";
|
||||||
|
|
|
@ -2,13 +2,15 @@
|
||||||
liminix
|
liminix
|
||||||
, lib
|
, lib
|
||||||
}:
|
}:
|
||||||
{ ifname, primary, vid } :
|
{ ifname, primary, vid, untagged } :
|
||||||
let
|
let
|
||||||
|
inherit (lib) optionalString;
|
||||||
inherit (liminix.services) oneshot;
|
inherit (liminix.services) oneshot;
|
||||||
in oneshot rec {
|
in oneshot rec {
|
||||||
name = "${ifname}.link";
|
name = "${ifname}.link";
|
||||||
up = ''
|
up = ''
|
||||||
ip link add link $(output ${primary} ifname) name ${ifname} type vlan id ${vid}
|
ip link add link $(output ${primary} ifname) name ${ifname} type vlan id ${vid}
|
||||||
|
${optionalString untagged.egress "bridge vlan add dev ${ifname} vid ${toString untagged.vid} pvid untagged master"}
|
||||||
${liminix.networking.ifup name ifname}
|
${liminix.networking.ifup name ifname}
|
||||||
(in_outputs ${name}
|
(in_outputs ${name}
|
||||||
echo ${ifname} > ifname
|
echo ${ifname} > ifname
|
||||||
|
|
29
overlay.nix
29
overlay.nix
|
@ -141,7 +141,9 @@ extraPkgs // {
|
||||||
repo = "hostapd";
|
repo = "hostapd";
|
||||||
rev = "hostap-liminix-integration";
|
rev = "hostap-liminix-integration";
|
||||||
hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI=";
|
hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI=";
|
||||||
};
|
};
|
||||||
|
# Do not take any patch.
|
||||||
|
patches = [];
|
||||||
extraConfig = "";
|
extraConfig = "";
|
||||||
configurePhase = ''
|
configurePhase = ''
|
||||||
cat > hostapd/defconfig <<EOF
|
cat > hostapd/defconfig <<EOF
|
||||||
|
@ -184,6 +186,7 @@ extraPkgs // {
|
||||||
rev = "hostap-liminix-integration";
|
rev = "hostap-liminix-integration";
|
||||||
hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI=";
|
hash = "sha256-5Xi90keCHxvuKR5Q7STuZDzuM9h9ac6aWoXVQYvqkQI=";
|
||||||
};
|
};
|
||||||
|
patches = [];
|
||||||
extraConfig = "";
|
extraConfig = "";
|
||||||
configurePhase = ''
|
configurePhase = ''
|
||||||
cat > hostapd/defconfig <<EOF
|
cat > hostapd/defconfig <<EOF
|
||||||
|
@ -194,6 +197,30 @@ extraPkgs // {
|
||||||
});
|
});
|
||||||
in h.override { openssl = null; sqlite = null; };
|
in h.override { openssl = null; sqlite = null; };
|
||||||
|
|
||||||
|
libnl = prev.libnl.override {
|
||||||
|
graphviz = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
iproute2 =
|
||||||
|
let i = prev.iproute2.overrideAttrs (old: {
|
||||||
|
postInstall = ''
|
||||||
|
${(old.postInstall or "")}
|
||||||
|
non_necessary_binaries=("tc" "rdma" "dcb" "tipc" "vdpa")
|
||||||
|
for needless_binary in "''${non_necessary_binaries[@]}"; do
|
||||||
|
echo "Removing unnecessary binary $out/sbin/$needless_binary"
|
||||||
|
rm "$out/sbin/$needless_binary"
|
||||||
|
done
|
||||||
|
# No man
|
||||||
|
rm -rf "$out/share"
|
||||||
|
# Remove all the data about distributions for tc.
|
||||||
|
rm -rf "$out/lib"
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
# Don't bring ebpf stuff to the table.
|
||||||
|
# We also remove tc so we can drop iptables as well.
|
||||||
|
# Let's try to kill `db` as well.
|
||||||
|
in i.override { elfutils = null; iptables = null; db = null; };
|
||||||
|
|
||||||
wpa_supplicant = prev.wpa_supplicant.override {
|
wpa_supplicant = prev.wpa_supplicant.override {
|
||||||
dbusSupport = false;
|
dbusSupport = false;
|
||||||
withPcsclite = false;
|
withPcsclite = false;
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
, pkgsBuildBuild
|
, pkgsBuildBuild
|
||||||
, runCommand
|
, runCommand
|
||||||
, cpio
|
, cpio
|
||||||
, writeReferencesToFile
|
, writeClosure
|
||||||
, writeScript
|
, writeScript
|
||||||
} :
|
} :
|
||||||
let
|
let
|
||||||
|
@ -18,7 +18,7 @@ let
|
||||||
mount -t sysfs none /sys
|
mount -t sysfs none /sys
|
||||||
${busybox}/bin/sh
|
${busybox}/bin/sh
|
||||||
'';
|
'';
|
||||||
refs = writeReferencesToFile busybox;
|
refs = writeClosure [ busybox ];
|
||||||
in runCommand "initramfs.cpio" { } ''
|
in runCommand "initramfs.cpio" { } ''
|
||||||
cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out
|
cat << SPECIALS | ${gen_init_cpio}/bin/gen_init_cpio /dev/stdin > out
|
||||||
dir /proc 0755 0 0
|
dir /proc 0755 0 0
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
writeScriptBin
|
writeScriptBin
|
||||||
, writeScript
|
, writeScript
|
||||||
, systemconfig
|
, systemconfig
|
||||||
|
, stdenv
|
||||||
, execline
|
, execline
|
||||||
, lib
|
, lib
|
||||||
, config ? {}
|
, config ? {}
|
||||||
|
@ -56,11 +57,19 @@ let
|
||||||
};
|
};
|
||||||
eval = lib.evalModules {
|
eval = lib.evalModules {
|
||||||
modules = [
|
modules = [
|
||||||
{ _module.args = { inherit pkgs; inherit (pkgs) lim; }; }
|
|
||||||
../../modules/base.nix
|
../../modules/base.nix
|
||||||
../../modules/users.nix
|
../../modules/users.nix
|
||||||
../../modules/busybox.nix
|
../../modules/busybox.nix
|
||||||
|
../../modules/hostname.nix
|
||||||
|
../../modules/misc/assertions.nix
|
||||||
|
../../modules/nixpkgs.nix
|
||||||
base
|
base
|
||||||
|
{
|
||||||
|
# Inherit from that target system host platform.
|
||||||
|
nixpkgs.hostPlatform = stdenv.hostPlatform;
|
||||||
|
# Force our own package set.
|
||||||
|
nixpkgs.pkgs = lib.mkForce pkgs;
|
||||||
|
}
|
||||||
({ ... } : paramConfig)
|
({ ... } : paramConfig)
|
||||||
../../modules/s6
|
../../modules/s6
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue