chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

router: fix

Browse source
This commit is contained in:
chayleaf 2024-06-14 01:25:15 +07:00
parent c3db9da6d5
commit fb7d64c5ea
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
6 changed files with 41 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -282,11 +282,11 @@
]
},
"locked": {
"lastModified": 1710972558,
"narHash": "sha256-fA72ql4T4/KgSNxZwZJ1EoEHXjmwt7I/OukHC8NVVF0=",
"lastModified": 1718217962,
"narHash": "sha256-bVKwJdVeo6wMN6xMOFx3Um3x7ebijyCG5iGCIXAtDXA=",
"owner": "chayleaf",
"repo": "nixos-router",
"rev": "061cf097417ed363b1e23d11daa7192e4b5f1994",
"rev": "f25509e55a06f1dfa089556b28b9402c13e18aa4",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -81,7 +81,7 @@
if dev.${name} or false then
(if input._type or null == "flake"
then let inputs = input.inputs // { self = (import /${devPath}/${name}/flake.nix).outputs inputs; };
in inputs.self
in { __toString = _: "/${devPath}/${name}"; } // inputs.self
else /${devPath}/${name})
else input)
base-inputs;

63
system/hardware/oneplus-enchilada/linux_6_9.patch
View file

@ -4090,40 +4090,8 @@ index b84fdd17c3d..23beef9a62b 100644
};
static struct gdsc *disp_cc_sdm845_gdscs[] = {
diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c
index 521a71c61b1..17ed94885dc 100644
--- a/drivers/gpu/drm/drm_bridge.c
+++ b/drivers/gpu/drm/drm_bridge.c
@@ -687,11 +687,17 @@ void drm_atomic_bridge_chain_post_disable(struct drm_bridge *bridge,
*/
list_for_each_entry_from(next, &encoder->bridge_chain,
chain_node) {
- if (next->pre_enable_prev_first) {
+ if (!next->pre_enable_prev_first) {
next = list_prev_entry(next, chain_node);
limit = next;
break;
}
+
+ if (list_is_last(&next->chain_node,
+ &encoder->bridge_chain)) {
+ limit = next;
+ break;
+ }
}
/* Call these bridges in reverse order */
@@ -774,7 +780,7 @@ void drm_atomic_bridge_chain_pre_enable(struct drm_bridge *bridge,
/* Found first bridge that does NOT
* request prev to be enabled first
*/
- limit = list_prev_entry(next, chain_node);
+ limit = next;
break;
}
}
diff --git a/drivers/gpu/drm/drm_mipi_dsi.c b/drivers/gpu/drm/drm_mipi_dsi.c
index ef6e416522f..795001bb7ff 100644
index 9874ff6d471..795001bb7ff 100644
--- a/drivers/gpu/drm/drm_mipi_dsi.c
+++ b/drivers/gpu/drm/drm_mipi_dsi.c
@@ -645,29 +645,56 @@ int mipi_dsi_set_maximum_return_packet_size(struct mipi_dsi_device *dsi,
@ -4143,7 +4111,7 @@ index ef6e416522f..795001bb7ff 100644
*
* Return: 0 on success or a negative error code on failure.
*/
-ssize_t mipi_dsi_compression_mode(struct mipi_dsi_device *dsi, bool enable)
-int mipi_dsi_compression_mode(struct mipi_dsi_device *dsi, bool enable)
+int mipi_dsi_compression_mode_ext(struct mipi_dsi_device *dsi, bool enable,
+ enum mipi_dsi_compression_algo algo,
+ unsigned int pps_selector)
@ -4190,17 +4158,6 @@ index ef6e416522f..795001bb7ff 100644
EXPORT_SYMBOL(mipi_dsi_compression_mode);
/**
@@ -679,8 +706,8 @@ EXPORT_SYMBOL(mipi_dsi_compression_mode);
*
* Return: 0 on success or a negative error code on failure.
*/
-ssize_t mipi_dsi_picture_parameter_set(struct mipi_dsi_device *dsi,
- const struct drm_dsc_picture_parameter_set *pps)
+int mipi_dsi_picture_parameter_set(struct mipi_dsi_device *dsi,
+ const struct drm_dsc_picture_parameter_set *pps)
{
struct mipi_dsi_msg msg = {
.channel = dsi->channel,
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
index cf0b1de1c07..ff3ff6ab9dd 100644
--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
@ -47636,7 +47593,7 @@ index 10129095a4c..6d3016e008e 100644
static const struct of_device_id wled_match_table[] = {
diff --git a/include/drm/drm_mipi_dsi.h b/include/drm/drm_mipi_dsi.h
index c0aec0d4d66..82b1cc434ea 100644
index 3011d33eccb..82b1cc434ea 100644
--- a/include/drm/drm_mipi_dsi.h
+++ b/include/drm/drm_mipi_dsi.h
@@ -226,6 +226,12 @@ static inline int mipi_dsi_pixel_format_to_bpp(enum mipi_dsi_pixel_format fmt)
@ -47652,22 +47609,16 @@ index c0aec0d4d66..82b1cc434ea 100644
struct mipi_dsi_device *
mipi_dsi_device_register_full(struct mipi_dsi_host *host,
const struct mipi_dsi_device_info *info);
@@ -241,9 +247,12 @@ int mipi_dsi_shutdown_peripheral(struct mipi_dsi_device *dsi);
int mipi_dsi_turn_on_peripheral(struct mipi_dsi_device *dsi);
@@ -242,6 +248,9 @@ int mipi_dsi_turn_on_peripheral(struct mipi_dsi_device *dsi);
int mipi_dsi_set_maximum_return_packet_size(struct mipi_dsi_device *dsi,
u16 value);
-ssize_t mipi_dsi_compression_mode(struct mipi_dsi_device *dsi, bool enable);
-ssize_t mipi_dsi_picture_parameter_set(struct mipi_dsi_device *dsi,
- const struct drm_dsc_picture_parameter_set *pps);
+int mipi_dsi_compression_mode(struct mipi_dsi_device *dsi, bool enable);
int mipi_dsi_compression_mode(struct mipi_dsi_device *dsi, bool enable);
+int mipi_dsi_compression_mode_ext(struct mipi_dsi_device *dsi, bool enable,
+ enum mipi_dsi_compression_algo algo,
+ unsigned int pps_selector);
+int mipi_dsi_picture_parameter_set(struct mipi_dsi_device *dsi,
+ const struct drm_dsc_picture_parameter_set *pps);
int mipi_dsi_picture_parameter_set(struct mipi_dsi_device *dsi,
const struct drm_dsc_picture_parameter_set *pps);
ssize_t mipi_dsi_generic_write(struct mipi_dsi_device *dsi, const void *payload,
size_t size);
diff --git a/include/dt-bindings/clock/qcom,dispcc-sdm845.h b/include/dt-bindings/clock/qcom,dispcc-sdm845.h
index 4016fd1d5b4..f3e088b450b 100644
--- a/include/dt-bindings/clock/qcom,dispcc-sdm845.h

4
system/hosts/router/avahi-resolver-v2.py
View file

@ -595,6 +595,10 @@ def add_split_domain(domains: Domains, split_domain: list[str]):
if not split_domain:
return
split_domain = split_domain[:]
if split_domain and split_domain[-1] == '*':
split_domain.pop()
if not split_domain:
return
while len(split_domain) > 1:
key = split_domain[-1]
if key in domains.keys():

40
system/hosts/router/default.nix
View file

@ -580,20 +580,21 @@ in {
[(is.eq ip6.daddr "@block6") (log "block6 ") drop]
[(is.eq ip.saddr "@block4") (log "block4/s ") drop]
[(is.eq ip6.saddr "@block6") (log "block6/s ") drop]
# default to no vpn...
[(mangle meta.mark wan_table)]
# default to vpn...
# # default to vpn...
# [(mangle meta.mark vpn_table)]
# ...but unvpn traffic to/from force_unvpn4/force_unvpn6
# [(is.eq ip.daddr "@force_unvpn4") (mangle meta.mark wan_table)]
# [(is.eq ip6.daddr "@force_unvpn6") (mangle meta.mark wan_table)]
# [(is.eq ip.saddr "@force_unvpn4") (mangle meta.mark wan_table)]
# [(is.eq ip6.saddr "@force_unvpn6") (mangle meta.mark wan_table)]
# ...force vpn to/from force_vpn4/force_vpn6
# (disable this if it breaks some sites)
[(is.eq ip.daddr "@force_vpn4") (mangle meta.mark vpn_table)]
[(is.eq ip6.daddr "@force_vpn6") (mangle meta.mark vpn_table)]
[(is.eq ip.saddr "@force_vpn4") (mangle meta.mark vpn_table)]
[(is.eq ip6.saddr "@force_vpn6") (mangle meta.mark vpn_table)]
# ...but unvpn traffic to/from force_unvpn4/force_unvpn6
[(is.eq ip.daddr "@force_unvpn4") (mangle meta.mark wan_table)]
[(is.eq ip6.daddr "@force_unvpn6") (mangle meta.mark wan_table)]
[(is.eq ip.saddr "@force_unvpn4") (mangle meta.mark wan_table)]
[(is.eq ip6.saddr "@force_unvpn6") (mangle meta.mark wan_table)]
# block requests to port 25 from hosts other than the server so they can't send mail pretending to originate from my domain
# only do this for lans since traffic from other interfaces isn't forwarded to wan
[(is.eq meta.iifname lanSet) (is.ne ether.saddr cfg.serverMac) (is.eq meta.l4proto (f: f.tcp)) (is.eq tcp.dport 25) (log "smtp ") drop]
@ -780,24 +781,23 @@ in {
stopIfChanged = false;
path = [ config.programs.ssh.package ];
script = ''
while true; do
${config.programs.ssh.package}/bin/ssh \
-i /secrets/vpn/sshtunnel.key \
-L ${netAddresses.netnsWan4}:${toString cfg.vpn.tunnel.localPort}:127.0.0.1:${toString cfg.vpn.tunnel.remotePort} \
-p ${toString cfg.vpn.tunnel.port} \
-N -T -v \
sshtunnel@${cfg.vpn.tunnel.ip}
echo "Restarting..."
sleep 10
done
${config.programs.ssh.package}/bin/ssh \
-i /secrets/vpn/sshtunnel.key \
-L ${netAddresses.netnsWan4}:${toString cfg.vpn.tunnel.localPort}:127.0.0.1:${toString cfg.vpn.tunnel.remotePort} \
-p ${toString cfg.vpn.tunnel.port} \
-N -T -v \
${cfg.vpn.tunnel.user}@${cfg.vpn.tunnel.ip}
'';
serviceConfig = {
Restart = "always";
RestartSec = "10s";
Type = "simple";
NetworkNamespacePath = "/var/run/netns/wan";
};
};
systemd.services.openvpn-client = lib.mkIf cfg.vpn.openvpn.enable {
wantedBy = [ "nftables-netns-default.service" ];
};
services.openvpn.servers = lib.mkIf cfg.vpn.openvpn.enable {
client.config = cfg.vpn.openvpn.config;
};
@ -874,6 +874,8 @@ in {
unbound-python = pkgs.python3.withPackages (ps: with ps; [ pydbus dnspython requests pytricia nftables ]);
in
"${unbound-python}/${unbound-python.sitePackages}";
# see https://github.com/NixOS/nixpkgs/pull/310514
environment.GI_TYPELIB_PATH = "${lib.getLib pkgs.glib}/lib/girepository-1.0";
environment.MDNS_ACCEPT_NAMES = "^(.*\\.)?local\\.$";
# resolve retracker.local to whatever router.local resolves to
# we can't add a local zone alongside using avahi resolver, so we have to use hacks like this
@ -884,8 +886,8 @@ in {
environment.NFT_QUERIES = "vpn:force_vpn4,force_vpn6;unvpn!:force_unvpn4,force_unvpn6;iot:allow_iot4,allow_iot6";
serviceConfig.EnvironmentFile = "/secrets/unbound_env";
# it needs to run after nftables has been set up because it sets up the sets
after = [ "nftables-default.service" "avahi-daemon.service" ];
wants = [ "nftables-default.service" "avahi-daemon.service" ];
after = [ "nftables-netns-default.service" "avahi-daemon.service" ];
wants = [ "nftables-netns-default.service" "avahi-daemon.service" ];
# allow it to call nft
serviceConfig.AmbientCapabilities = [ "CAP_NET_ADMIN" ];
serviceConfig.CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];

5
system/hosts/router/options.nix
View file

@ -25,6 +25,11 @@
type = lib.types.port;
default = 22;
};
user = lib.mkOption {
description = "SSH user";
type = lib.types.str;
default = "sshtunnel";
};
};
openvpn.enable = lib.mkEnableOption "OpenVPN";
openvpn.config = lib.mkOption {