Hadn’t realised it had been so long since I last updated this, but progress has been slow lately.

liminix-rebuild seems to work nicely, and I have been dogfooding by using it to get the rotuer configuration into a shape that I could actually use it. So far: it runs PPPoE, gets IPv4 and IPv6 addresses, gets an IPv6 prefix using DHCP6 and advertises that prefix to devices on the LAN - so, albeit in an unpolished (verging on sketchy) fashion, it kinda sorta works. A simple firewall is currently in development, after having spent some time figuring out how nftables works.

Needed: (1) more polish; (2) better organisation. Once it works, lots of this stuff will need lifting into modules or services or both - or some other new yet-to-be-discovered abstraction - but the dependency there is on making it work first. I’m thinking to do an L2TP-based config as well as PPPoE (and maybe something with a wireguard VPN), which I think will expose more ordering/dependency requirements.

Housekeeping

Since NixOS 23.05 is now a thing, I’m also in the middle of making Liminix build/work with it. There’s been a CI job running against unstable since I started, which has reduced the number of surprises, but still had a few things to work through:

  • my disproportionate optimization to avoid using Libc in the initramfs no longer compiles - but 70k is no longer the minimum executable size anyway, so this makes the preinit go from about 5k to about 17k

  • OpenSSL no longer builds, haven’t yet worked out why. But this is not a catastrophe as nothing in the rotuer config should need it.

  • using the NixOS Fennel packaging was causing it to try to build Python and all manner of other stuff. Fennel can be had from its upstream as a simple single Lua file, so in the circumstances we just use that.