deep thoughts

rotuer: make domainName configurable
add wifi ssid to secrets
2024-02-11 15:11:33 +00:00 · 2024-02-11 15:11:06 +00:00 · 2024-02-11 15:08:23 +00:00 · 2024-02-11 09:10:50 +00:00 · 2024-02-11 09:10:03 +00:00
5 changed files with 74 additions and 9 deletions
--- a/THOUGHTS.txt
+++ b/THOUGHTS.txt
@ -3952,3 +3952,64 @@ I can actually use it as a CPE. This means

 - would be quite cool to run sniproxy instead of forwarding to
  loaclhost (extra credit)
+
+Sat Feb 10 12:41:12 GMT 2024
+
+  s6-linux-init version 1.1.2.0
+
+nfnetlink: module verification failed: signature and/or required key missing - tainting kernel
+------------[ cut here ]------------
+kernel BUG at net/wireless/core.h:125!
+Internal error: Oops - BUG: 0 [#1] SMP ARM
+Modules linked in: cfg80211(E+) nfnetlink(E)
+CPU: 0 PID: 197 Comm: insmod Tainted: G            E      6.7.4 #1
+Hardware name: Marvell Armada 380/385 (Device Tree)
+PC is at cfg80211_netdev_notifier_call+0x2cc/0x3e0 [cfg80211]
+LR is at call_netdevice_register_net_notifiers+0x4c/0xec
+pc : [<bf010024>]    lr : [<c0672e30>]    psr: 60000013
+sp : f0ba5c10  ip : fffffffb  fp : c328df00
+r10: c15c4170  r9 : c328df00  r8 : 00000000
+r7 : 00000000  r6 : bf04c620  r5 : c10c9000  r4 : c11ff414
+r3 : 00000000  r2 : f0ba5df4  r1 : 00000005  r0 : bf04c620
+Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
+Control: 10c5387d  Table: 0320804a  DAC: 00000051
+R
+ cfg80211_netdev_notifier_call [cfg80211] from call_netdevice_register_net_notifiers+0x4c/0xec
+
+setenv omnia_reset 1; run bootcmd_rescue
+
+Sat Feb 10 18:23:54 GMT 2024
+
+ARGH KERNEL
+
+You can't define CONFIG_NETFILTER=y in a monolithic kernel and expect
+later to separately build some modules that use it, because there are
+a bunch of symbols that only get defined if certain other CONFIG
+options are set at the time that the monolithic kernel is built.
+
+https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
+
+Another example is
+https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
+- if you decide after building the kernel that you're going to build
+some wireless modules, you can't do that without rebuilding the kernel
+so that it knows to expect them
+
+The moral of the story seems to be: if you have a compiled Linux kernel source tree and you change some symbol from "is not set" to m and then run  make modules, you cannot in general expect that newly compiled  module to work.
+
+AP advertised VHT without HT, disabling HT/VHT/HE
+
+TODO
+
+- support kernel version as parameter to builder pkgs/kernel/default.nix
+- extract the change in how module loading works from omnia device config,
+  and fix the other thing that uses it
+- wlan module to take 'backported' as a parameter
+  half of the omnia conditionalConfig can go into the module
+- upgrade omnia to kernel v6
+- figure out what mdns we need for local hostname resolution
+  (maybe bridging lan/wlan)?
+- slow wifi because "AP advertised VHT without HT, disabling HT/VHT/HE"
+- add local domain to secrets
+- run sniproxy instead of forwarding
+- forward some port to loaclhost 22 for inbound ipv4 ssh
--- a/examples/arhcive.nix
+++ b/examples/arhcive.nix
@ -145,7 +145,7 @@ in rec {
    };

  users.root = {
-    passwd = lib.mkForce secrets.root_password;
+    passwd = lib.mkForce secrets.root.passwd;
    # openssh.authorizedKeys.keys = [
    #   (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
    # ];
--- a/examples/extneder.nix
+++ b/examples/extneder.nix
@ -131,6 +131,6 @@ in rec {
    dependencies = [services.dhcpc];
  };

-  users.root.passwd = lib.mkForce secrets.root_password;
+  users.root.passwd = lib.mkForce secrets.root.passwd;
  defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
 }
--- a/examples/rotuer-secrets.example.nix
+++ b/examples/rotuer-secrets.example.nix
@ -1,5 +1,6 @@
-rec {
+{
  wpa_passphrase = "you bring light in";
+  ssid = "liminix";
  l2tp = {
    name = "abcde@a.1";
    password = "NotMyIspPassword";
@ -10,9 +11,9 @@ rec {
    openssh.authorizedKeys.keys = [
    ];
  };
-  root_password = root.passwd;
+
  lan = {
-    prefix = "10.8.0"; # "192.168.8";
+    prefix = "10.8.0";
  };

 }
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@ -8,7 +8,10 @@

 { config, pkgs, lib, ... } :
 let
-  secrets = import ./rotuer-secrets.nix;
+  secrets = {
+    domainName = "fake.liminix.org";
+    firewallRules = {};
+  } // (import ./rotuer-secrets.nix);
  inherit (pkgs.liminix.services) oneshot longrun bundle;
  inherit (pkgs) serviceFns;
  svc = config.system.service;
@ -56,7 +59,7 @@ in rec {
  services.hostap = svc.hostapd.build {
    interface = config.hardware.networkInterfaces.wlan;
    params = {
-      ssid = "liminix";
+      ssid = secrets.ssid;
      hw_mode="g";
      channel = "2";
      ieee80211n = 1;
@ -66,7 +69,7 @@ in rec {
  services.hostap5 = svc.hostapd.build {
    interface = config.hardware.networkInterfaces.wlan5;
    params = rec {
-      ssid = "liminix_5";
+      ssid = "${secrets.ssid}5";
      hw_mode="a";
      channel = 36;
      ht_capab = "[HT40+]";
@ -122,7 +125,7 @@ in rec {
      # not putting my actual MAC addresses in a public git repo ...
      hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);

-      domain = "fake.liminix.org";
+      domain = secrets.domainName;
    };

  services.wan = svc.pppoe.build {
Author	SHA1	Message	Date
Daniel Barlow	488bc7fd5a	deep thoughts	2024-02-11 15:11:33 +00:00
Daniel Barlow	b6ac881d32	rotuer: make domainName configurable	2024-02-11 15:11:06 +00:00
Daniel Barlow	0c8a2abba2	add wifi ssid to secrets	2024-02-11 15:08:23 +00:00
Daniel Barlow	6dd5d511dc	deep thoughts	2024-02-11 09:10:50 +00:00
Daniel Barlow	0774b1798b	remove root_password secret, is dup of root.passwd	2024-02-11 09:10:03 +00:00