[READY] - openwrt bump, preconf checklist updates, make-dhcpd.sh (#828)

Merging as requested.
socallinuxexpo · Feb 6, 2025 · 328ec9b · 328ec9b
2 parents b3d1338 + 1d7d1fa
commit 328ec9b
Show file tree

Hide file tree

Showing 23 changed files with 105 additions and 31 deletions.
diff --git a/docs/checklists/PRECONF-CHECKLIST.md b/docs/checklists/PRECONF-CHECKLIST.md
@@ -1,13 +1,21 @@
 ## Preconference Checklist
 
-- \[\] Ensure network team members keys are up to date (https://github.com/socallinuxexpo/scale-network/tree/master/facts/keys) if necessary
-- \[\] Update admin key for the expo (https://github.com/socallinuxexpo/scale-network/blob/master/facts/keys/admin_id\*.pub)
-- \[\] Update scale version in facts/secrets/\*-openwrt-example.yaml
+- \[ \] Ensure network team members keys are up to date (https://github.com/socallinuxexpo/scale-network/tree/master/facts/keys) if necessary
+- \[ \] Update admin key for the expo (https://github.com/socallinuxexpo/scale-network/blob/master/facts/keys/admin_id\*.pub)
+- \[ \] Update scale version in facts/aps/\*-openwrt-show.yaml
 
-5. Update root secrets in facts/secrets/\*-openwrt-example.yaml
+```bash
+find ./facts/aps/ -type f -exec sed -i 's/scale:\ 21/scale:\ 22/g' {} \;
+```
 
-- \[\] Update scale-signs repo per: https://github.com/socallinuxexpo/scale-signs#yearly-tasks
-- \[\] Create release: https://github.com/socallinuxexpo/scale-network/blob/master/RELEASE.md
-- \[\] Update wifi password:
+- \[ \] Update root secrets in facts/aps/\*-openwrt-show.yaml:
+
+```bash
+openssl passwd -6 newpass
+```
+
+- \[ \] Update wifi password (if need):
   - https://github.com/socallinuxexpo/scale-network/blob/master/facts/secrets/ar71xx-openwrt-show.yaml
   - https://github.com/socallinuxexpo/scale-network/blob/master/openwrt/files-mt7622/etc/config/wireless.0
+- \[ \] Create release: https://github.com/socallinuxexpo/scale-network/blob/master/RELEASE.md
+- \[ \] Update scale-signs repo per: https://github.com/socallinuxexpo/scale-signs#yearly-tasks
diff --git a/facts/secrets/ath79-openwrt-example.yaml → facts/aps/ath79-openwrt-example.yaml b/facts/secrets/ath79-openwrt-example.yaml → facts/aps/ath79-openwrt-example.yaml
@@ -1,7 +1,7 @@
 # scale
 root_hash: "$1$zh0PjBbB$f9aFGDX9vNYNdSRexhib8/"
 # Bump for each year for scale
-scale: 21
+scale: 22
 sshd:
   password_auth: true
 rsyslog:

diff --git a/facts/secrets/ath79-openwrt-show.yaml → facts/aps/ath79-openwrt-show.yaml b/facts/secrets/ath79-openwrt-show.yaml → facts/aps/ath79-openwrt-show.yaml
@@ -1,7 +1,7 @@
 # only used for console/su
-root_hash: "$6$A.qZ6.jIUKL/WS0P$lrIP99C3BgP7OMmVlYOGaErcatjipS0cL0AiVFeTAAk6IwBkstXz/EpMv1SOtO8rDifzC.mLta3eOvG/q4cRq."
+root_hash: "$6$CvGoTRZ3/d7w0jt.$kaZnn83uGemQgPznFMz6WgMM8h58Sgs/ydUETmh44RPrCS7D8dqBCklXQyHXKsYnf5nEis4ylwxfNm0NU0piC."
 # Bump for each year for scale
-scale: 21
+scale: 22
 sshd:
   password_auth: false
 rsyslog:

diff --git a/facts/secrets/ipq806x-openwrt-example.yaml → facts/aps/ipq806x-openwrt-example.yaml b/facts/secrets/ipq806x-openwrt-example.yaml → facts/aps/ipq806x-openwrt-example.yaml
diff --git a/facts/secrets/mt7622-openwrt-example.yaml → facts/aps/mt7622-openwrt-example.yaml b/facts/secrets/mt7622-openwrt-example.yaml → facts/aps/mt7622-openwrt-example.yaml
@@ -1,7 +1,7 @@
 # scale
 root_hash: "$1$zh0PjBbB$f9aFGDX9vNYNdSRexhib8/"
 # Bump for each year for scale
-scale: 21
+scale: 22
 sshd:
   password_auth: true
 rsyslog:

diff --git a/facts/aps/mt7622-openwrt-show.yaml b/facts/aps/mt7622-openwrt-show.yaml
@@ -0,0 +1,14 @@
+# scale
+root_hash: "$6$CvGoTRZ3/d7w0jt.$kaZnn83uGemQgPznFMz6WgMM8h58Sgs/ydUETmh44RPrCS7D8dqBCklXQyHXKsYnf5nEis4ylwxfNm0NU0piC."
+# Bump for each year for scale
+scale: 22
+sshd:
+  password_auth: false
+rsyslog:
+  server: 'loghost.scale.lan'
+  port: '514'
+  protocol: 'udp'
+ntp:
+  server: '0.openwrt.pool.ntp.org'
+
+# Wired/Wireless config can directly be found in files dir
diff --git a/facts/secrets/mt7622-openwrt-show.yaml → facts/aps/mt798x-openwrt-example.yaml b/facts/secrets/mt7622-openwrt-show.yaml → facts/aps/mt798x-openwrt-example.yaml
@@ -1,9 +1,9 @@
 # scale
 root_hash: "$1$zh0PjBbB$f9aFGDX9vNYNdSRexhib8/"
 # Bump for each year for scale
-scale: 21
+scale: 22
 sshd:
-  password_auth: false
+  password_auth: true
 rsyslog:
   server: 'loghost.scale.lan'
   port: '514'

diff --git a/facts/aps/mt798x-openwrt-show.yaml b/facts/aps/mt798x-openwrt-show.yaml
@@ -0,0 +1,14 @@
+# scale
+root_hash: "$6$CvGoTRZ3/d7w0jt.$kaZnn83uGemQgPznFMz6WgMM8h58Sgs/ydUETmh44RPrCS7D8dqBCklXQyHXKsYnf5nEis4ylwxfNm0NU0piC."
+# Bump for each year for scale
+scale: 22
+sshd:
+  password_auth: false
+rsyslog:
+  server: 'loghost.scale.lan'
+  port: '514'
+  protocol: 'udp'
+ntp:
+  server: '0.openwrt.pool.ntp.org'
+
+# Wired/Wireless config can directly be found in files dir
diff --git a/facts/secrets/openwrt-example.yaml → facts/aps/openwrt-example.yaml b/facts/secrets/openwrt-example.yaml → facts/aps/openwrt-example.yaml
@@ -1,7 +1,7 @@
 # scale
 root_hash: "$1$zh0PjBbB$f9aFGDX9vNYNdSRexhib8/"
 # Bump for each year for scale
-scale: 18
+scale: 22
 rsyslog:
   server: 'server2.scale.lan'
   port: '514'

diff --git a/facts/keys/admin2_id_ed25519.pub b/facts/keys/admin2_id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5RX5BeD3WfsYvOlvjX1RhBhQiEHtPRut0c+8PlRbU8 scale22x-02022025
diff --git a/facts/keys/conjones_id_ed25519.pub b/facts/keys/conjones_id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0JyiGQCbLtjVoi72VA0pR4GjvKqL2JeiqbsxLndZvn conjones@nixtop
diff --git a/facts/keys/djacu_id_ed25519.pub b/facts/keys/djacu_id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFxaAICX/8f0YSTVL52MrvmGRV9EArQOmUhIgmdwt8o djacu@malachite
diff --git a/nix/dev-shells/default.nix b/nix/dev-shells/default.nix
@@ -31,6 +31,7 @@ inputs.nixpkgs.lib.genAttrs
       ];
 
       openwrtSub = with pkgs; [
+        dnsmasq
         expect
         gomplate
         magic-wormhole
@@ -43,6 +44,7 @@ inputs.nixpkgs.lib.genAttrs
         pkg-config
         gcc
         stdenv
+        scale-network.makeDhcpd
         scale-network.serverspec
       ];
 

diff --git a/nix/packages/default.nix b/nix/packages/default.nix
@@ -6,6 +6,7 @@ inputs.nixpkgs.lib.genAttrs
   ]
   (system: {
     inherit (inputs.self.legacyPackages.${system}.scale-network)
+      makeDhcpd
       massflash
       scaleInventory
       serverspec

diff --git a/nix/packages/make-dhcpd/make-dhcpd.sh b/nix/packages/make-dhcpd/make-dhcpd.sh
@@ -0,0 +1,23 @@
+if [[ -z "$1" ]]; then
+  echo "ERROR: Please pass interface for dhcp server to bind to"
+  exit 1
+fi
+
+IFACE=$1
+
+sudo ip link add link "$IFACE" name "$IFACE".503 type vlan id 503
+sudo ip addr add 192.168.254.1/24 dev "$IFACE".503
+sudo ip link set up "$IFACE"
+sudo ip link set up "$IFACE".503
+
+if systemctl is-active --quiet service firewall; then
+  echo -e "\nWARN: firewall is running so dhcp server might not be able to hand out leases\n\
+WARN: consider running: sudo systemctl stop firewall\n"
+fi
+
+sudo dnsmasq -i "$IFACE".503 \
+  --dhcp-range=192.168.254.100,192.168.254.120,255.255.255.0,120s \
+  --dhcp-option=3,192.168.254.1 \
+  -p0 -d \
+  --dhcp-leasefile=./dnsmasq-lease.log \
+  --bind-interfaces
diff --git a/nix/packages/make-dhcpd/package.nix b/nix/packages/make-dhcpd/package.nix
@@ -0,0 +1,13 @@
+{
+  writeShellApplication,
+  dnsmasq,
+}:
+writeShellApplication {
+  name = "make-dhcpd";
+
+  runtimeInputs = [ dnsmasq ];
+
+  bashOptions = [ ];
+
+  text = builtins.readFile ./make-dhcpd.sh;
+}
diff --git a/openwrt/Makefile b/openwrt/Makefile
@@ -17,14 +17,14 @@ BUILD_DIR ?= build
 # Set to configure -j (defaults to nproc)
 JOBS ?= $(shell nproc)
 
-BUILD_SECRETS ?= ../facts/secrets/$(TARGET)-openwrt-example.yaml
+BUILD_SECRETS ?= ../facts/aps/$(TARGET)-openwrt-example.yaml
 KEYPATH ?= ../facts/keys/
 
 # bins
 GOMPLATE := $(shell command -v gomplate 2> /dev/null)
 CURL := $(shell command -v curl 2> /dev/null)
 
-OPENWRT_VER ?= c8ea1aa970bf5a0275e3b0b7da777e804821ddcd
+OPENWRT_VER ?= fbe0bd5f6453a61fab871bee56883afc5c6308cf
 # If bumping opkg it needs to be a commit that exists in the fork
 # https://github.com/sarcasticadmin/opkgs
 OPENWRT_PKG_VERSION ?= 38e0f8c7d5c2f69f1603abb99e0fd3886c05f687

diff --git a/openwrt/docs/BUILD.md b/openwrt/docs/BUILD.md
@@ -63,18 +63,18 @@ The `*sysupgrade.bin` and `*factory.img` files match the AP models
 To get the configuration thats used at scale the templates need to be baked into
 the image.
 
-Copy over the default secrets:
+Copy over the default config:
 
 ```bash
-cp ./facts/secrets/openwrt-example.yaml ./facts/secrets/openwrt.yaml
+cp ./facts/aps/openwrt-example.yaml ./facts/aps/openwrt.yaml
 ```
 
 > If needed update the defaults in `openwrt.yaml` to represent actual values
 
 Generate and update the root password hash in `openwrt.yaml`:
 
 ```bash
-openssl passwd -1 secretpassword
+openssl passwd -6 secretpassword
 ```
 
 Compile the templates:

diff --git a/openwrt/files/etc/config/system b/openwrt/files/etc/config/system
@@ -1,7 +1,7 @@
 config system
         option hostname 'OpenWrt'
         option timezone 'UTC'
-        option ttylogin '0'
+        option ttylogin '1'
         option log_size '64'
         option urandom_seed '0'
 

diff --git a/openwrt/flash b/openwrt/flash
@@ -13,15 +13,8 @@ expect {
   "taking countermeasures"
 }
 close
-send_user "enter the name,serial of this AP: "
-expect_user -timeout -1 -re "(.*)\n"
-set ap $expect_out(1,string)
 spawn arp -n 192.168.1.1
 expect -re "192.168.1.1 *ether *(\[^ \]*) "
-set mac $expect_out(1,string)
-set file [open aplist a]
-puts $file "$ap,$mac,"
-close $file
 spawn tftp 192.168.1.1
 expect tftp
 send "bin\n"

diff --git a/tests/unit/openwrt/golden/ath79/etc/config/system b/tests/unit/openwrt/golden/ath79/etc/config/system
@@ -1,7 +1,7 @@
 config system
         option hostname 'OpenWrt'
         option timezone 'UTC'
-        option ttylogin '0'
+        option ttylogin '1'
         option log_size '64'
         option urandom_seed '0'
 
@@ -26,5 +26,5 @@ config led 'led_usb'
 config led 'led_wps'
         option name 'WPS for build ID'
 	option 'sysfs' 'netgear:green:wps'
-        option default '0'
+        option default '1'
 
diff --git a/tests/unit/openwrt/golden/ath79/root/.ssh/authorized_keys b/tests/unit/openwrt/golden/ath79/root/.ssh/authorized_keys
@@ -1,6 +1,9 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5RX5BeD3WfsYvOlvjX1RhBhQiEHtPRut0c+8PlRbU8 scale22x-02022025
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnRaYbdYsnVqTZNRpXxgK1LlEk9QWa/JwaYAbOZFXiC scale19x-04032022
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAS6QGttw0MBR9UKWfiO3dDp7J/MQdAfpkRQ2hO5oATv [email protected]
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0JyiGQCbLtjVoi72VA0pR4GjvKqL2JeiqbsxLndZvn conjones@nixtop
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/mloyevy5Qdvl4ngNRZ4xIwL2GGvg10XEF/oKrx6VE [email protected]
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFxaAICX/8f0YSTVL52MrvmGRV9EArQOmUhIgmdwt8o djacu@malachite
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho dlang@dlang-mobile
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtTtJZOyg/9/hbP6IuCyjpA1L0SqMR6wWOU8uJaoa3YlN2sqUkIGne1WYc+4jR+0F2uusDQ1Beb2a9Z0XGxP7nkEIGc5ontC6R/ZUHGf8axz5LXGk9VESR6sMdOjeotSYWwcuj6kPqa0XNXy0nG08dhe8Y+QkjiDQRhjMka4OOmcjMtRAjJyfhROEMpFM18M4Fh3+8j36TatzQQWO6wZ408dQYIc6ShleVfVCvEn5fZ0lm3BRe0UW3wfNs9qupk89VrfUWAEYqvh2uSz9SJBEkGAumreu6ASq7rfPC2DyI60vIT4uaRsqSzfQyT9o1n4v8WmgUKp4kRfZ+T8jWFoUXhj82+2WCCxUlq8D1SRcXDI1OQhHNmH7okorw7TgKJPdM0f96tvgdviH3As6xP/GdnEup8HL0nqKSX8dbRggS9xvmr5SKqGN8QSrclJ+cCsUOWRctgGasf7m+Q6XFNF/8LG6wbqBxxw7TLMLkjVdppHAFoewoBau5cRKGQ++G+BU= dlang@dlang-mobile
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjigwV0KnnaTnFmKjjvnULa5X+hvsy2FAlu+lUUY59f gene@rainbow-planet

diff --git a/tests/unit/openwrt/test.sh b/tests/unit/openwrt/test.sh
@@ -53,9 +53,9 @@ gen_templates(){
   export TARGET=$TARGET
   export KEYPATH=$KEYPATH
   rm -rf "${1}"
-  gomplate -d openwrt=../../../facts/secrets/${TARGET}-openwrt-example.yaml -d keys_dir=${KEYPATH} --input-dir=../../../openwrt/files --output-dir="${1}"
+  gomplate -d openwrt=../../../facts/aps/${TARGET}-openwrt-example.yaml -d keys_dir=${KEYPATH} --input-dir=../../../openwrt/files --output-dir="${1}"
   if [ -d ../../../openwrt/files-${TARGET} ]; then
-    gomplate -d openwrt=../../../facts/secrets/${TARGET}-openwrt-example.yaml -d keys_dir=${KEYPATH} --input-dir=../../../openwrt/files-${TARGET} --output-dir="${1}"
+    gomplate -d openwrt=../../../facts/aps/${TARGET}-openwrt-example.yaml -d keys_dir=${KEYPATH} --input-dir=../../../openwrt/files-${TARGET} --output-dir="${1}"
   fi
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5RX5BeD3WfsYvOlvjX1RhBhQiEHtPRut0c+8PlRbU8 scale22x-02022025
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0JyiGQCbLtjVoi72VA0pR4GjvKqL2JeiqbsxLndZvn conjones@nixtop
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFxaAICX/8f0YSTVL52MrvmGRV9EArQOmUhIgmdwt8o djacu@malachite