From 3f4dbfcfd3ea7d229404ebf64c2250888ec07f2c Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Wed, 31 May 2023 23:29:05 +0100
Subject: [PATCH] ipv6 prefix delegation for rotuer

much tidying needed, but it works
---
 examples/acquire-delegated-prefix.fnl | 70 +++++++++++++++++++++++++++
 examples/acquire-delegated-prefix.nix | 10 ++++
 examples/odhcp6-script.fnl            |  7 ++-
 examples/rotuer.nix                   | 19 ++++++--
 pkgs/default.nix                      |  1 +
 pkgs/linotify/default.nix             | 19 ++++++++
 pkgs/write-fennel-script/default.nix  |  2 +-
 7 files changed, 123 insertions(+), 5 deletions(-)
 create mode 100644 examples/acquire-delegated-prefix.fnl
 create mode 100644 examples/acquire-delegated-prefix.nix
 create mode 100644 pkgs/linotify/default.nix

diff --git a/examples/acquire-delegated-prefix.fnl b/examples/acquire-delegated-prefix.fnl
new file mode 100644
index 0000000..5f397b3
--- /dev/null
+++ b/examples/acquire-delegated-prefix.fnl
@@ -0,0 +1,70 @@
+
+(local inotify (require :inotify))
+
+(fn watch-fsevents [directory-name]
+  (let [handle (inotify.init)]
+    (handle:addwatch directory-name
+                     inotify.IN_CREATE
+                     inotify.IN_MOVE
+                     inotify.IN_DELETE
+                     inotify.IN_DELETE_SELF
+                     inotify.IN_MOVED_FROM
+                     inotify.IN_MOVED_TO
+                     inotify.IN_CLOSE_WRITE)
+    handle))
+
+
+(fn merge [table1 table2]
+  (collect [k v (pairs table2) &into table1]
+    k v))
+
+(fn parse-extra [s]
+  (let [out {}]
+    (each [name val (string.gmatch s ",(.-)=([^,]+)")]
+      (tset out name val))
+    out))
+
+(fn parse-prefixes [prefixes]
+  (icollect [val (string.gmatch prefixes "([^ ]+)")]
+    (let [(prefix len preferred valid extra)
+          (string.match val "(.-)::/(%d+),(%d+),(%d+)(.*)$")]
+      (merge {: prefix : len : preferred : valid} (parse-extra extra))
+      )))
+
+;; Format: <prefix>/<length>,preferred,valid[,excluded=<excluded-prefix>/<length>][,class=<prefix class #>]
+
+;; (parse-prefixes "2001:8b0:de3a:40dc::/64,7198,7198 2001:8b0:de3a:1001::/64,7198,7188,excluded=1/2,thi=10")
+
+
+(fn file-exists? [name]
+  (let [f (io.open name :r)]
+    (match f
+      non-nil (or (f:close) true)
+      (nil err) false)))
+
+(fn read-line [name]
+  (with-open [f (assert (io.open name :r) (.. "can't open file " name))]
+    (f:read "*l")))
+
+(var last-update 0)
+(fn event-time [directory]
+  (if (file-exists? (.. directory "/state"))
+      (tonumber (read-line (.. directory "/last-update")))
+      nil))
+
+(fn wait-for-update [directory fsevents]
+  (while (<= (or (event-time directory) 0) last-update)
+    (fsevents:read))
+  (set last-update (event-time directory))
+  true)
+
+(let [[state-directory lan-device] arg
+      fsevents (watch-fsevents state-directory)]
+  (while (wait-for-update state-directory fsevents)
+    (match (read-line (.. state-directory "/state"))
+      (where (or :bound :rebound :informed :updated :ra-updated))
+      (let [[{ : prefix : len : preferred : valid }]
+            (parse-prefixes (read-line (.. state-directory  "/prefixes")))]
+        (os.execute (.. "ip address add " prefix "::1/" len
+    		        " dev " lan-device)))
+      _ (os.exit 1))))
diff --git a/examples/acquire-delegated-prefix.nix b/examples/acquire-delegated-prefix.nix
new file mode 100644
index 0000000..3356ec9
--- /dev/null
+++ b/examples/acquire-delegated-prefix.nix
@@ -0,0 +1,10 @@
+{
+  writeFennelScript
+, luaSmall
+, linotify
+}:
+writeFennelScript "acquire-delegated-prefix"
+  [
+    (linotify.override { lua = luaSmall; })
+  ]
+  ./acquire-delegated-prefix.fnl
diff --git a/examples/odhcp6-script.fnl b/examples/odhcp6-script.fnl
index 1629203..2ab8691 100644
--- a/examples/odhcp6-script.fnl
+++ b/examples/odhcp6-script.fnl
@@ -10,6 +10,10 @@
 (fn write-value-from-env [name]
   (write-value name (os.getenv (string.upper name))))
 
+;; we remove state before updating to ensure that consumers don't get
+;; a half-updated snapshot
+(os.remove (.. state-directory "/state"))
+
 (let [wanted
       [
        :addresses
@@ -52,7 +56,8 @@
               "unbound" false
               "stopped" false
               _ true)]
-  (write-value "state" state)
+  (write-value "last-update" (tostring (os.time)))
   (write-value "ifname" ifname)
+  (write-value "state" state)
   (when ready
     (with-open [fd (io.open "/proc/self/fd/10" :w)] (fd:write "\n"))))
diff --git a/examples/rotuer.nix b/examples/rotuer.nix
index 795b6ee..7b18d59 100644
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@@ -183,10 +183,14 @@ in rec {
   groups.system.usernames = ["dnsmasq"];
 
   services.dns =
-    dnsmasq {
+    let interface = services.int;
+    in dnsmasq {
       resolvconf = services.resolvconf;
-      interface = services.int;
-      ranges = ["10.8.0.10,10.8.0.240"];
+      inherit interface;
+      ranges = [
+        "10.8.0.10,10.8.0.240"
+        "::,constructor:${interface.device},ra-stateless"
+      ];
       domain = "fake.liminix.org";
     };
 
@@ -248,6 +252,14 @@ in rec {
       dependencies = [ services.wan ];
     };
 
+  services.acquire-lan-prefix =
+    let script = pkgs.callPackage ./acquire-delegated-prefix.nix {  };
+    in longrun {
+      name = "acquire-lan-prefix";
+      run = "${script} /run/service-state/dhcp6c.wan ${services.int.device}";
+      dependencies = [ services.dhcp6 ];
+    };
+
   services.default = target {
     name = "default";
     contents = with config.services; [
@@ -265,6 +277,7 @@ in rec {
       sshd
       config.services.hostname
       dhcp6
+      acquire-lan-prefix
     ];
   };
   defaultProfile.packages = with pkgs;  [min-collect-garbage nftables tcpdump] ;
diff --git a/pkgs/default.nix b/pkgs/default.nix
index fd9753e..de8ce66 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -23,6 +23,7 @@
   kernel-backport = callPackage ./kernel-backport {};
   mac80211 = callPackage ./mac80211 {};
   netlink-lua = callPackage ./netlink-lua {};
+  linotify = callPackage ./linotify {};
   ifwait = callPackage ./ifwait {};
 
   gen_init_cpio = callPackage ./gen_init_cpio {};
diff --git a/pkgs/linotify/default.nix b/pkgs/linotify/default.nix
new file mode 100644
index 0000000..eaef17c
--- /dev/null
+++ b/pkgs/linotify/default.nix
@@ -0,0 +1,19 @@
+{ lua, lib, fetchFromGitHub }:
+let pname = "linotify";
+in lua.pkgs.buildLuaPackage {
+  inherit pname;
+  version = "0.5";
+
+  src = fetchFromGitHub {
+    repo = "linotify";
+    owner = "hoelzro";
+    rev = "a56913e9c0922befb65227a00cf69c2e8052de1a";
+    hash = "sha256-IlOJbGx1zbOR3vgNMsNTPsarhPANpzl7jsu33LEbIqY=";
+  };
+
+  installPhase = ''
+    mkdir -p "$out/lib/lua/${lua.luaversion}"
+    cp inotify.so "$out/lib/lua/${lua.luaversion}/"
+  '';
+
+}
diff --git a/pkgs/write-fennel-script/default.nix b/pkgs/write-fennel-script/default.nix
index bdff627..3a7a5cb 100644
--- a/pkgs/write-fennel-script/default.nix
+++ b/pkgs/write-fennel-script/default.nix
@@ -15,7 +15,7 @@ in name : packages : source :
       echo "#!${lua}/bin/lua"
       echo "package.path = ${lib.strings.escapeShellArg luapath} .. package.path"
       echo "package.cpath = ${lib.strings.escapeShellArg luacpath} .. package.cpath"
-      ${lua.pkgs.fennel}/bin/fennel --compile  ${source}
+      ${lua.pkgs.fennel}/bin/fennel --correlate --compile ${source}
       ) > $out
       chmod a+x $out
     ''