-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openthread-border-router: init at unstable-2024-10-18 #332296
base: master
Are you sure you want to change the base?
Conversation
f771469
to
bc2168f
Compare
bc2168f
to
a83e1b9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move the changelog addition to its own commit
a83e1b9
to
0d941cf
Compare
0d941cf
to
a9d1c74
Compare
I pushed a few changes:
|
a9d1c74
to
269e1ea
Compare
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
269e1ea
to
2f5ba3d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
nixos/modules/services/home-automation/openthread-border-router.nix
Outdated
Show resolved
Hide resolved
31c3205
to
02f29a5
Compare
Pushed:
|
02f29a5
to
cf8dcf1
Compare
Rebased over master to resolve conflicts in changelog. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Diff LGTM; not tested
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-already-reviewed/2617/2060 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have been running this on arm64 / NixOS 24.11 for the past month:
services.openthread-border-router = {
enable = true;
backboneInterface = "end1";
radio = {
device = "/dev/serial/by-id/<your-device-id-here>";
baudRate = 460800;
flowControl = true;
};
};
It's been working great and stable.
This can be used to use compatible Thread radios (such as HomeAssistant's SkyConnect) in order to create a thread border router.
cf8dcf1
to
faa9a55
Compare
Thanks for testing! Rebased over master and moved the changelog entry to rl-2505. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How many of those patches have been upstreamed? The "don't install systemd units" patch can be easily modified to look at a variable:
if (SYSTEMD_FOUND AND (NOT DEFINED INSTALL_SYSTEMD_UNIT OR INSTALL_SYSTEMD_UNIT))
pkg_get_variable(OTBR_SYSTEMD_UNIT_DIR systemd systemdsystemunitdir)
endif()
and then lib.cmakeBool "INSTALL_SYSTEMD_UNIT" false
could be added to cmakeFlags
The static libs patch can instead be changed to:
if (NOT DEFINED Boost_USE_STATIC_LIBS)
set(Boost_USE_STATIC_LIBS ON)
endif()
and then lib.cmakeBool "Boost_USE_STATIC_LIBS" stdenv.targetPlatform.isStatic
could be added to cmakeFlags
.
I'm not sure if the firewall script or the home assistant patch could be upstreamed, but any progress in that direction would be useful.
I opened two upstream PRs with your CMake suggestions:
The firewall patch is slightly less straightforward as you noted, I need to dig into that a bit more to understand it from the OTBR side before I open an issue upstream, but it seems tractable as well. The two Home Assistant-derived patches are a bit murkier.
Given that, my suggestion would be to drop the Home Assistant addon patch references entirely:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I pulled the latest changes and rebuilt my config on arm64 without any issues.
While reviewing the diff, I realized I'd made a couple local changes around network security that might be worth incorporating.
rest = { | ||
listenAddress = lib.mkOption { | ||
type = lib.types.str; | ||
default = "::"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this should default to 127.0.0.1
. (Specifically, a localhost IP, and it appears that this is the convention throughout NixOS/nixpgs.)
The REST API works fine on IPv4 even though Matter comms themselves use IPv6.
(Users can still pass ::1
if they want to listen on IPv6 localhost instead or ::
as currently to listen on all.)
enable = lib.mkEnableOption "the web interface"; | ||
listenAddress = lib.mkOption { | ||
type = lib.types.str; | ||
default = "::"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly, I think the web interface should default to a local IP, i.e. 127.0.0.1
.
{ | ||
meta.maintainers = with lib.maintainers; [ mrene ]; | ||
|
||
options.services.openthread-border-router = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EDIT: Hmm...it looks like the port number for the listening service is dynamic. I was confused and thought 49154
was hardcoded somewhere (note: there ARE other hardcoded ports in OpenThread code 🙈) but I think now it's simply from the "Dynamic and/or Private Ports (49152-65535)" range and shows up a lot in the OpenThread docs by coincidence.
Frustratingly, from what I can tell, it's not clear if this is customizable after compile-time, which makes this tricky.
Original comment:
I think we also need an openFirewall
option:
networking.firewall.allowedUDPPorts = [
49154
];
I don't think it makes sense to have firewall options for REST/web.
In a VM/lab environment, the admin should add allowedTCPPorts
for web.listenPort
/ rest.listenPort
themselves.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Opened a discussion about listener ports upstream: https://github.com/orgs/openthread/discussions/11093
license = lib.licenses.bsd3; | ||
maintainers = with lib.maintainers; [ mrene ]; | ||
mainProgram = "ot-ctl"; | ||
platforms = lib.platforms.linux; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
platforms = lib.platforms.linux; | |
platforms = lib.platforms.unix; |
If upstream claims that it supports POSIX, we should let it run on all POSIX systems, not just linux.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I can get it to compile on aarch64-darwin with the latest apple sdks, it doesn't function correctly (it uses a bogus setsockopt argument when binding to the backbone interface, and it depends on avahi or dns-sd for mdns).
Would it be preferred to be marked as broken on non-linux while defining platforms as unix
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest it be marked broken on darwin. I suspect it would likely work on the BSDs.
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/thread-border-router-on-nixos/57909/3 |
I'm trying to use this with
I suspect that it could be because I haven't flashed the thread firmware to the device yet, but I'm struggling to find any information about how to do that manually (all the documentation that I've seen says that the home-assistant add-on should take care of this automatically). |
Description of changes
This adds OpenThread's open source border router component along with a NixOS service.
Thread is a mesh networking technology based on 6LoWPAN (ipv6-based) and 802.15.4. The border router component bridges the mesh network to an ipv6 network on a local interface. If no ipv6 connectivity exists, it'll advertise a new prefix for the local network so communication is possible.
Once setup, it can be used to bridge a Thread network with the local network to expose IoT devices to other systems like Home Assistant, Apple Home, etc..
I've been using this implementation along with Home Assistant and some Nanoleaf light bulbs using both Matter and their proprietary "ltpdu" protocol for about a week now. It's pretty stable.
For the SkyConnect specifically, some options have to be used (see example). There doesn't seem to be a lot of hardware-specific options in nixpkgs so I chose not to include an option for this. Do let me know if there is an appropriate pattern to use here.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.