Bjรถrn GohlaBecause of recent events, I've been thinking someone should make an s6 based replacement for nixos.
It turns out, it almost exists:
https://www.liminix.org/
"Almost", because this project focuses on routers.
๐ฎ๐จ๐๐ฆ๐๐ฉ ยท๐ฆ๐๐๐ก๐ฑSeriously looking into flashing OpenWRT onto my ER-X since the last firmware upgrade. #Liminix would be even better, but I don't have a spare to test with and it would be a new hardware target. #theFoundary
I'll have to look at my budget, maybe I can replace my main router with one of the supported liminix devices.
Daniel Barlow#liminix CI is green against nixpkgs 24.11 and unstable and I'm running out of reasons to put off releasing 1.0 any longer
https://build.liminix.org/project/liminix
https://build.liminix.org/project/liminix
I have now thought long enough about the remaining shortcomings (IMO) in #liminix docs that I believe they are sufficiently well-defined to capture in a TODO list
(And no, list item #1 is not just "fix the docs")
(And no, list item #1 is not just "fix the docs")
Declaration of intent: I am working towards a #liminix 1.0 release
https://www.liminix.org/2025/03/27/pen-test.html
There, I said it out loud.
https://www.liminix.org/2025/03/27/pen-test.html
There, I said it out loud.
@algernon @wolf480pl
> eyes hurt
Right.
I use self-hosted nix hydra for #liminix and I'm glad it works because I wouldn't like to have to fix it if it didn't
> eyes hurt
Right.
I use self-hosted nix hydra for #liminix and I'm glad it works because I wouldn't like to have to fix it if it didn't
#liminix had an external security audit last year (thanks to Radically Open Security for performing and to NGI0 for enabling).
Both of the actual findings they produced were to do with sloppy path handling, and now fixed, but they also offered advice on the default firewall rules
Which I am now working on but haven't actually fixed because when I started looking at it I realised that the default firewall rules have int and ppp0 hardcoded as interface names. Which although usually correct, might not be the actual interfaces if you've had some connectivity problems/failures/general weird shit because it could be ppp1 or ppp23. Or maybe your upstream wasn't a PPP connection in the first place.
So, when I've cleaned this up and merged the branch we're going to have a "zone" notation to the firewall so that you will be able to specify which interface services are associated with which zones. It's backed by a longrun service that maintains some nftables sets called @lan, @wan, @dmz or whatever other names you chose, and adds the interface managed by each service once the service knows what it is. So everything will be fine and dandy even if the interface name isn't static/known at build time.
@dcz @janvlug @conservancy @karen same [re federation]. Though I'm happy to give out accounts on my private gitea for established #liminix contributors, there's no way for people new to the project to get started except by old-school patch-based workflows or by using their own hosting that I can pull from.
I do mirror to github (this was fairly straightforward to set up), and it's possible that some people looking at it "over there" think that's the canonical repo
I do mirror to github (this was fairly straightforward to set up), and it's possible that some people looking at it "over there" think that's the canonical repo
#liminix weekly update for Q4 2024: https://www.liminix.org/2025/01/05/btw-i-use-aarch.html
Second attempt at dogfooding the rt3200 with #liminix is going much better
There appears to be a bug in `update.sh --fast` which is _supposed_ to restart only the affected services but in practice seems to be making the hostapd services do a restart loop. So, having to do a lot of reboots while I fiddle with firewall rules
There appears to be a bug in `update.sh --fast` which is _supposed_ to restart only the affected services but in practice seems to be making the hostapd services do a restart loop. So, having to do a lot of reboots while I fiddle with firewall rules