Compare commits
5 Commits
f2fa92b5f7
...
488bc7fd5a
Author | SHA1 | Date |
---|---|---|
Daniel Barlow | 488bc7fd5a | |
Daniel Barlow | b6ac881d32 | |
Daniel Barlow | 0c8a2abba2 | |
Daniel Barlow | 6dd5d511dc | |
Daniel Barlow | 0774b1798b |
61
THOUGHTS.txt
61
THOUGHTS.txt
|
@ -3952,3 +3952,64 @@ I can actually use it as a CPE. This means
|
|||
|
||||
- would be quite cool to run sniproxy instead of forwarding to
|
||||
loaclhost (extra credit)
|
||||
|
||||
Sat Feb 10 12:41:12 GMT 2024
|
||||
|
||||
s6-linux-init version 1.1.2.0
|
||||
|
||||
nfnetlink: module verification failed: signature and/or required key missing - tainting kernel
|
||||
------------[ cut here ]------------
|
||||
kernel BUG at net/wireless/core.h:125!
|
||||
Internal error: Oops - BUG: 0 [#1] SMP ARM
|
||||
Modules linked in: cfg80211(E+) nfnetlink(E)
|
||||
CPU: 0 PID: 197 Comm: insmod Tainted: G E 6.7.4 #1
|
||||
Hardware name: Marvell Armada 380/385 (Device Tree)
|
||||
PC is at cfg80211_netdev_notifier_call+0x2cc/0x3e0 [cfg80211]
|
||||
LR is at call_netdevice_register_net_notifiers+0x4c/0xec
|
||||
pc : [<bf010024>] lr : [<c0672e30>] psr: 60000013
|
||||
sp : f0ba5c10 ip : fffffffb fp : c328df00
|
||||
r10: c15c4170 r9 : c328df00 r8 : 00000000
|
||||
r7 : 00000000 r6 : bf04c620 r5 : c10c9000 r4 : c11ff414
|
||||
r3 : 00000000 r2 : f0ba5df4 r1 : 00000005 r0 : bf04c620
|
||||
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
|
||||
Control: 10c5387d Table: 0320804a DAC: 00000051
|
||||
R
|
||||
cfg80211_netdev_notifier_call [cfg80211] from call_netdevice_register_net_notifiers+0x4c/0xec
|
||||
|
||||
setenv omnia_reset 1; run bootcmd_rescue
|
||||
|
||||
Sat Feb 10 18:23:54 GMT 2024
|
||||
|
||||
ARGH KERNEL
|
||||
|
||||
You can't define CONFIG_NETFILTER=y in a monolithic kernel and expect
|
||||
later to separately build some modules that use it, because there are
|
||||
a bunch of symbols that only get defined if certain other CONFIG
|
||||
options are set at the time that the monolithic kernel is built.
|
||||
|
||||
https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
|
||||
|
||||
Another example is
|
||||
https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
|
||||
- if you decide after building the kernel that you're going to build
|
||||
some wireless modules, you can't do that without rebuilding the kernel
|
||||
so that it knows to expect them
|
||||
|
||||
The moral of the story seems to be: if you have a compiled Linux kernel source tree and you change some symbol from "is not set" to m and then run make modules, you cannot in general expect that newly compiled module to work.
|
||||
|
||||
AP advertised VHT without HT, disabling HT/VHT/HE
|
||||
|
||||
TODO
|
||||
|
||||
- support kernel version as parameter to builder pkgs/kernel/default.nix
|
||||
- extract the change in how module loading works from omnia device config,
|
||||
and fix the other thing that uses it
|
||||
- wlan module to take 'backported' as a parameter
|
||||
half of the omnia conditionalConfig can go into the module
|
||||
- upgrade omnia to kernel v6
|
||||
- figure out what mdns we need for local hostname resolution
|
||||
(maybe bridging lan/wlan)?
|
||||
- slow wifi because "AP advertised VHT without HT, disabling HT/VHT/HE"
|
||||
- add local domain to secrets
|
||||
- run sniproxy instead of forwarding
|
||||
- forward some port to loaclhost 22 for inbound ipv4 ssh
|
||||
|
|
|
@ -145,7 +145,7 @@ in rec {
|
|||
};
|
||||
|
||||
users.root = {
|
||||
passwd = lib.mkForce secrets.root_password;
|
||||
passwd = lib.mkForce secrets.root.passwd;
|
||||
# openssh.authorizedKeys.keys = [
|
||||
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
|
||||
# ];
|
||||
|
|
|
@ -131,6 +131,6 @@ in rec {
|
|||
dependencies = [services.dhcpc];
|
||||
};
|
||||
|
||||
users.root.passwd = lib.mkForce secrets.root_password;
|
||||
users.root.passwd = lib.mkForce secrets.root.passwd;
|
||||
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
rec {
|
||||
{
|
||||
wpa_passphrase = "you bring light in";
|
||||
ssid = "liminix";
|
||||
l2tp = {
|
||||
name = "abcde@a.1";
|
||||
password = "NotMyIspPassword";
|
||||
|
@ -10,9 +11,9 @@ rec {
|
|||
openssh.authorizedKeys.keys = [
|
||||
];
|
||||
};
|
||||
root_password = root.passwd;
|
||||
|
||||
lan = {
|
||||
prefix = "10.8.0"; # "192.168.8";
|
||||
prefix = "10.8.0";
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -8,7 +8,10 @@
|
|||
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
secrets = import ./rotuer-secrets.nix;
|
||||
secrets = {
|
||||
domainName = "fake.liminix.org";
|
||||
firewallRules = {};
|
||||
} // (import ./rotuer-secrets.nix);
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle;
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
|
@ -56,7 +59,7 @@ in rec {
|
|||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
params = {
|
||||
ssid = "liminix";
|
||||
ssid = secrets.ssid;
|
||||
hw_mode="g";
|
||||
channel = "2";
|
||||
ieee80211n = 1;
|
||||
|
@ -66,7 +69,7 @@ in rec {
|
|||
services.hostap5 = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan5;
|
||||
params = rec {
|
||||
ssid = "liminix_5";
|
||||
ssid = "${secrets.ssid}5";
|
||||
hw_mode="a";
|
||||
channel = 36;
|
||||
ht_capab = "[HT40+]";
|
||||
|
@ -122,7 +125,7 @@ in rec {
|
|||
# not putting my actual MAC addresses in a public git repo ...
|
||||
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||
|
||||
domain = "fake.liminix.org";
|
||||
domain = secrets.domainName;
|
||||
};
|
||||
|
||||
services.wan = svc.pppoe.build {
|
||||
|
|
Loading…
Reference in New Issue