Daniel Barlow 
							
						 
					 
					
						
						
							
						
						2b0972ed73 
					 
					
						
						
							
							svc.open accepts a /nix/store folder not an outputs folder  
						
						... 
						
						
						
						this mostly makes things simpler 
						
						
					 
					
						2025-03-11 00:21:44 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						9ab77a7d7e 
					 
					
						
						
							
							remove unused function  
						
						
						
						
					 
					
						2025-03-09 20:44:35 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						c6918fec00 
					 
					
						
						
							
							firewall: use extraText for zone set contents  
						
						... 
						
						
						
						* the lua necessary is quite wordy, but it's less of a hack than
post-processing the rules file with pseudo-sed to get rid of `elements
= { }` lines
* also switch from stop/starting the firewall service to using a
signal, so that we don't go briefly offline every time a new interface
appears 
						
						
					 
					
						2025-03-09 20:42:02 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						d4e46dbe28 
					 
					
						
						
							
							secrets/subscriber don't depend on the services we're watching  
						
						... 
						
						
						
						this means a watched service can stop and start without killing
the subscriber, and that we can watch for services that don't
yet exist 
						
						
					 
					
						2025-03-09 20:35:40 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						d1f87a56e0 
					 
					
						
						
							
							secrets/subscriber: use correct numbers for signals to s6-svc  
						
						
						
						
					 
					
						2025-03-09 20:34:29 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						6649ebeccd 
					 
					
						
						
							
							firewall: use watch-outputs to track changes in zone->interface map  
						
						... 
						
						
						
						includes a horrible hack to work around (claimed (by me)) deficiencies
in the nftables parser 
						
						
					 
					
						2025-02-28 00:43:20 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						0c406058e9 
					 
					
						
						
							
							remove acceotance of udp sport 5 on wan  
						
						... 
						
						
						
						this was added for replies to dns queries but isn't needed for
that purpose as connection tracking does that anyway 
						
						
					 
					
						2025-02-12 21:54:01 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						19d441333c 
					 
					
						
						
							
							remove duplicate rule  
						
						
						
						
					 
					
						2025-02-10 23:50:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						a726c09ae4 
					 
					
						
						
							
							improve explanaton of reverse path filtering rule  
						
						... 
						
						
						
						thanks RoS for the references :-) 
						
						
					 
					
						2025-02-10 23:48:29 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7e2b0068e6 
					 
					
						
						
							
							nixfmt-rfc-style  
						
						... 
						
						
						
						There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging 
						
						
					 
					
						2025-02-10 21:55:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						3f889c7119 
					 
					
						
						
							
							default firewall zones in gateway profile  
						
						
						
						
					 
					
						2025-02-10 21:21:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7f17125039 
					 
					
						
						
							
							firewall: update zones with interface names as they appear  
						
						
						
						
					 
					
						2025-02-10 21:21:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						6587813577 
					 
					
						
						
							
							WIP add zones to firewall module  
						
						... 
						
						
						
						- zones are an attrset of name -> [interface-service]
- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)
- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear
This commit only adds the empty sets 
						
						
					 
					
						2025-02-10 21:21:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1d780de0f1 
					 
					
						
						
							
							add (very basic) set support in firewallgen  
						
						... 
						
						
						
						and add sets for lan/wan/dmz/guest interface names to default
firewall rules 
						
						
					 
					
						2025-02-10 21:17:43 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						c92aacc6fd 
					 
					
						
						
							
							firewall rules: use @lan and @wan sets instead of ifnames  
						
						... 
						
						
						
						we don't have anything yet to create or populate the sets 
						
						
					 
					
						2025-02-06 09:22:41 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						f77da6f14c 
					 
					
						
						
							
							remove remaining refs to kexecboot  
						
						
						
						
					 
					
						2025-01-05 17:22:30 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						26f206d0e1 
					 
					
						
						
							
							phram dtb reserved-memory needs no-map  
						
						... 
						
						
						
						c.f. 69429404abarnout@bzzt.net > 
						
						
					 
					
						2025-01-04 23:50:44 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						13cb8d3692 
					 
					
						
						
							
							sort imports  
						
						
						
						
					 
					
						2025-01-03 15:41:22 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						62b7aea8ab 
					 
					
						
						
							
							add btrfs.nix to outputs imports  
						
						
						
						
					 
					
						2025-01-03 15:40:33 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						92284fa9ba 
					 
					
						
						
							
							mtdimage can't be a default import  
						
						... 
						
						
						
						it adds kernel config that depend on openwrt patches,
which aren't used/needed on all devices 
						
						
					 
					
						2025-01-03 00:19:17 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						74027b44d7 
					 
					
						
						
							
							extract log persistence config from s6 to new module  
						
						... 
						
						
						
						because it frobs kernel config, it breaks levitate
as levitate evalModules doesn't include the kernel 
						
						
					 
					
						2025-01-02 23:56:49 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						ea5370b3f4 
					 
					
						
						
							
							import mtdimage in outputs  
						
						
						
						
					 
					
						2025-01-02 23:37:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7377f7ceb2 
					 
					
						
						
							
							implement mechanism for reverting from update.sh  
						
						
						
						
					 
					
						2025-01-02 22:19:49 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						cc94ef57fa 
					 
					
						
						
							
							in rc.init copy log from previous boot to place of safety  
						
						
						
						
					 
					
						2025-01-01 18:22:45 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						497307588f 
					 
					
						
						
							
							automate ubimage instructions a little  
						
						
						
						
					 
					
						2025-01-01 12:38:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						28d39cd66d 
					 
					
						
						
							
							provide etc/kconfig in updater output  
						
						... 
						
						
						
						this is for debugging/documentation purposes and isn't copied to the
device 
						
						
					 
					
						2025-01-01 11:55:33 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						f2e4e77d73 
					 
					
						
						
							
							firewall: don't use oifname in input rules  
						
						... 
						
						
						
						because it's empty, these are input rules for the local machine 
						
						
					 
					
						2024-12-29 23:17:31 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						4d273a9469 
					 
					
						
						
							
							dropbear would like /etc/shells to exist  
						
						
						
						
					 
					
						2024-12-29 13:27:49 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						40db175b41 
					 
					
						
						
							
							complain if user attempting to tftpboot a ubifs  
						
						
						
						
					 
					
						2024-12-29 13:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						ab07212a7e 
					 
					
						
						
							
							include jffs2 module per default  
						
						... 
						
						
						
						it has no effect unless enabled 
						
						
					 
					
						2024-12-29 13:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						294492a176 
					 
					
						
						
							
							jiggle imports  
						
						
						
						
					 
					
						2024-12-24 13:46:19 +00:00 
						 
				 
			
				
					
						
							
							
								Arnout Engelen 
							
						 
					 
					
						
						
							
						
						f8a275d1a3 
					 
					
						
						
							
							use Linux kernel sources associated with openwrt by default  
						
						
						
						
					 
					
						2024-12-24 12:30:15 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						bc20f4c6b7 
					 
					
						
						
							
							rt3200 test install  
						
						
						
						
					 
					
						2024-12-23 23:59:52 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						848214d104 
					 
					
						
						
							
							add ubivolume output  
						
						
						
						
					 
					
						2024-12-23 22:37:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						ede8f12d2b 
					 
					
						
						
							
							declare options.hardware.ubi unconditionally  
						
						... 
						
						
						
						this is so it can be defined in device modules even when
ubifs is not included in the configuration 
						
						
					 
					
						2024-12-23 22:37:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						6cd5b90678 
					 
					
						
						
							
							outputs.rootubifs -> ubifs  
						
						
						
						
					 
					
						2024-12-23 22:37:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						db4f098c02 
					 
					
						
						
							
							add fit bootloader  
						
						... 
						
						
						
						this is for the belkin rt3200, whose uboot doesn't do
extlinux but can load a fit from a ubifs. It adds the
a kernel+dtb as /boot/fit 
						
						
					 
					
						2024-12-23 11:21:58 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1347937345 
					 
					
						
						
							
							rename file  
						
						
						
						
					 
					
						2024-12-23 10:31:22 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						a7b5f80674 
					 
					
						
						
							
							rename extlinux output to bootfiles  
						
						... 
						
						
						
						this is in preparation for introducing other non-extlinux
modules that populate /boot 
						
						
					 
					
						2024-12-23 00:09:31 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						f07a38b0fd 
					 
					
						
						
							
							extract uimage output module into own file  
						
						
						
						
					 
					
						2024-12-22 21:10:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						ac189f2977 
					 
					
						
						
							
							outputs.zimage -> outputs.kernel.zImage  
						
						... 
						
						
						
						remove config option/derivation in favour of accessing
as output of the kernel derivation (matches what we do
with e.g. modulesupport) 
						
						
					 
					
						2024-12-22 17:27:59 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						f60b74f415 
					 
					
						
						
							
							add a new updater output  
						
						... 
						
						
						
						this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.
breaking-ish change to workflows, docs updated 
						
						
					 
					
						2024-12-20 00:05:07 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						56c667cfd5 
					 
					
						
						
							
							extract systemConfiguration into its own output module  
						
						
						
						
					 
					
						2024-12-19 20:55:10 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						f9b4f0bc9c 
					 
					
						
						
							
							move modules/squashfs.nix into outputs/  
						
						
						
						
					 
					
						2024-12-19 14:33:50 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						ffaca615ba 
					 
					
						
						
							
							copy logs to /dev/pmsg0 when ogging.persistent.enabled  
						
						
						
						
					 
					
						2024-12-18 21:11:58 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						81f5550bf0 
					 
					
						
						
							
							config.logging.persistent enables /dev/pmsg0  
						
						... 
						
						
						
						- whatever's written to /dev/pmsg0 appears as
/sys/fs/pstore/pmsg-ramoops-0 after reboot
- only works on devices with the relevant device tree
support (gl-ar750 and whatever has it by default)
- nothing in the system is actually writing this file yet
- or reading it at boot time, for that matter 
						
						
					 
					
						2024-12-17 23:24:31 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						b52133a28b 
					 
					
						
						
							
							add hardware.dts.includes option  
						
						
						
						
					 
					
						2024-12-17 20:36:14 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						44caefcd3b 
					 
					
						
						
							
							rename config.hardware.dts.includes -> includePaths  
						
						... 
						
						
						
						(1) it's a better name
(2) I want to use `includes` to specify dtsi files 
						
						
					 
					
						2024-12-17 17:41:53 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1f7d6544e3 
					 
					
						
						
							
							provide stdout to ppp callback scripts  
						
						... 
						
						
						
						pppd runs them with 0,1,2 => /dev/null but we actually quite like
seeing errors in the logs 
						
						
					 
					
						2024-10-17 21:37:08 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1bca072509 
					 
					
						
						
							
							fix chrony pidfile error  
						
						
						
						
					 
					
						2024-10-17 21:35:33 +01:00