deep thoughts

THOUGHTS.txt

@@ -3952,3 +3952,92 @@ I can actually use it as a CPE. This means
 
 - would be quite cool to run sniproxy instead of forwarding to
   loaclhost (extra credit)
+
+Sat Feb 10 18:23:54 GMT 2024
+
+ARGH KERNEL
+
+You can't define CONFIG_NETFILTER=y in a monolithic kernel and expect
+later to separately build some modules that use it, because there are
+a bunch of symbols that only get defined if certain other CONFIG
+options are set at the time that the monolithic kernel is built.
+
+https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
+
+Another example is
+https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
+- if you decide after building the kernel that you're going to build
+some wireless modules, you can't do that without rebuilding the kernel
+so that it knows to expect them
+
+The moral of the story seems to be: if you have a compiled Linux kernel source tree and you change some symbol from "is not set" to m and then run  make modules, you cannot in general expect that newly compiled  module to work.
+
+AP advertised VHT without HT, disabling HT/VHT/HE
+
+TODO
+
+- support kernel version as parameter to builder pkgs/kernel/default.nix
+- extract the change in how module loading works from omnia device config,
+  and fix the other thing that uses it
+- wlan module to take 'backported' as a parameter
+  half of the omnia conditionalConfig can go into the module
+- upgrade omnia to kernel v6
+- figure out what mdns we need for local hostname resolution
+  (maybe bridging lan/wlan)?
+- [DONE] slow wifi because "AP advertised VHT without HT, disabling HT/VHT/HE"
+- [DONE] add local domain to secrets
+- run sniproxy instead of forwarding
+- forward some port to loaclhost 22 for inbound ipv4 ssh
+
+
+Mon Feb 12 21:50:35 GMT 2024
+
+# find  /run/service-state/dhcp6c.wan.link.pppoe/address/
+/run/service-state/dhcp6c.wan.link.pppoe/address/
+/run/service-state/dhcp6c.wan.link.pppoe/address/2001-8b0-1111-1111-0-ffff-51bb-4cf2_LFoo015bSsM
+/run/service-state/dhcp6c.wan.link.pppoe/address/2001-8b0-1111-1111-0-ffff-51bb-4cf2_LFoo015bSsM/valid
+/run/service-state/dhcp6c.wan.link.pppoe/address/2001-8b0-1111-1111-0-ffff-51bb-4cf2_LFoo015bSsM/preferred
+/run/service-state/dhcp6c.wan.link.pppoe/address/2001-8b0-1111-1111-0-ffff-51bb-4cf2_LFoo015bSsM/len
+/run/service-state/dhcp6c.wan.link.pppoe/address/2001-8b0-1111-1111-0-ffff-51bb-4cf2_LFoo015bSsM/address
+#
+
+valid 7199 preferred 3599
+
+Tue Feb 13 19:44:57 GMT 2024
+
+Before we put this back live, would be good to
+
+1) move the leases file into /persist
+
+I think we'll do /persist/service/<name>/ and change ssh to use the same
+scheme.
+
+we could put mkpersist() in serviceFns which would check for /persist
+and return a directory in /persist/service/ or /run/service-state
+
+(will something bad happen if we use /run/service-state? it will also
+expose the thingy as an output, but whether it's accessible that way
+will depend on whether there's a writable fs or not, which is unexpected)
+
+: rename service-state to  /run/services/outputs
+: on boot
+:  if /persist
+:    create /persist/services/state and symlink /run/services/state to it
+:  else create /run/services/state
+
+
+2) maybe change the local domain back to .lan?  setting up
+  systemd-networkd with search domains is an awful faff
+
+3) work out what to do with incoming ssh from wan
+
+- For noetbook and thinkpad we have a vpn anyway so can expect to
+  reach loaclhost directly using ipv6
+
+- stop ssh from ever trying to get to our ipv4 address.
+  - we could get rid of A record for loaclhost.telent.net but
+    there are a bunch of CNAMES pointing at it for web servers.
+  - we could reject incoming connections to tcp4 port 22 in firewall
+    and then there is a clear signal to Dont Do That Then
+
+- for emergency use, dnat ipv4 2200 and 2201 to rotuer and loaclhost