Hadn’t realised it had been so long since I last updated this, but progress has been slow lately.
liminix-rebuild seems to work nicely, and I have been dogfooding by
using it to get the
rotuer configuration into a shape that I could
actually use it. So far: it runs PPPoE, gets IPv4 and IPv6 addresses,
gets an IPv6 prefix using DHCP6 and advertises that prefix to devices
on the LAN - so, albeit in an unpolished (verging on sketchy) fashion,
it kinda sorta works. A simple firewall is currently in development, after having spent some time
figuring out how nftables works.
Needed: (1) more polish; (2) better organisation. Once it works, lots of this stuff will need lifting into modules or services or both - or some other new yet-to-be-discovered abstraction - but the dependency there is on making it work first. I’m thinking to do an L2TP-based config as well as PPPoE (and maybe something with a wireguard VPN), which I think will expose more ordering/dependency requirements.
Since NixOS 23.05 is now a thing, I’m also in the middle of making Liminix build/work with it. There’s been a CI job running against unstable since I started, which has reduced the number of surprises, but still had a few things to work through:
my disproportionate optimization to avoid using Libc in the initramfs no longer compiles - but 70k is no longer the minimum executable size anyway, so this makes the preinit go from about 5k to about 17k
OpenSSL no longer builds, haven’t yet worked out why. But this is not a catastrophe as nothing in the
rotuerconfig should need it.
using the NixOS Fennel packaging was causing it to try to build Python and all manner of other stuff. Fennel can be had from its upstream as a simple single Lua file, so in the circumstances we just use that.