11 changed files with 7 additions and 92 deletions
--- a/README.md
+++ b/README.md
@ -31,4 +31,3 @@ TODO
 - [ ] Dynamic address assignment
 - [ ] network booting and diskless machines
 - [ ] Horrible networks that use *all* of the RFC 1918 IPv4 addresses in the inside infra (gateways, DNS servers) and therefore clash with *any/most* private network on the host
- [ ] Firewalls
--- a/init-shim.sh
+++ b/init-shim.sh
@ -1,2 +1,2 @@
 #!/bin/sh
-unshare -rnmpf --mount-proc ./init.sh
+unshare -rnm ./init.sh
--- a/init.sh
+++ b/init.sh
@ -6,8 +6,6 @@ set -eu

 mount -t tmpfs -o size=100M horror ./state

-tmux new-session -t nethorror -d
-
 # TODO: Set some sysctls in order not to interact with the networks

 for net in networks/*; do
@ -18,4 +16,4 @@ for mach in machines/*; do
 	$mach/run-shim.sh
 done

-tmux -N attach
+tmux
--- a/lib.shs
+++ b/lib.shs
@ -1,9 +1,6 @@
 #!/bin/false

-mach="${0#*machines/}"
-mach="${mach%%/*}"
-net="${0#*networks/}"
-net="${net%%/*}"
+mach=$(basename $(dirname "$0"))

 netns=netns
 nethorror_root="`pwd`" # and hope?
@ -52,7 +49,7 @@ bridge_name() {
 }

 make_bridge() {
-	br="$(bridge_name "$net")"
+	br="$(bridge_name "$mach")"
 	ip link add name "$br" type bridge
 	ip link set dev "$br" up
 }
--- a/machines/loc1xe/setup.sh
+++ b/machines/loc1xe/setup.sh
@ -13,25 +13,4 @@ ip addr add 192.168.0.3/24 dev wifi
 ip link set dev wifi up
 ip route add default via 192.168.0.1 dev wifi

-wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f03/108
-
-# Netns for running public VMs
-vm_netns="./state/$mach/vm_netns"
-touch "$vm_netns"
-unshare --net="$vm_netns" /bin/true
-ip link add name wg-vms type wireguard
-wg setconf wg-vms ./machines/$mach/wg-vms.conf
-ip link set wg-vms netns "$vm_netns"
-nsenter --net="$vm_netns" ip link set wg-vms up
-nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0001/128 dev wg-vms onlink
-nsenter --net="$vm_netns" ip route add default via 2a01:4f8:c0c:36b8:ff01:8000:0:0001 dev wg-vms
-nsenter --net="$vm_netns" sysctl net.ipv6.conf.all.forwarding=1
-
-tmux -N new-window -d -n vm1 socat stdio unix-listen:state/$mach/vm1.sock
-nsenter --net="$vm_netns" ./machines/$mach/vm1/start.sh
-# We *do* have an IPv6 address just because the VM simulates ethernet, which is broadcast and runs NDP and so we need to respond.
-# However, we should avoid *any* interaction with the packets, that is, probably just drop everything in input and output chains, TODO
-# FIXME: I think the correct range is fe80::/64, not fe80:whatever::/64… But this works…
-nsenter --net="$vm_netns" ip addr add fe80:ff01:8000::2/64 dev tap-vm1 scope link
-nsenter --net="$vm_netns" ip link set dev tap-vm1 up
-nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128 dev tap-vm1 onlink
+wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f03/128
--- a/machines/loc1xe/vm1/create.sh
+++ b/machines/loc1xe/vm1/create.sh
@ -1,22 +0,0 @@
-#!/bin/sh
-
-# LEdoian's absurdly simple initrd generator (ad-hoc arc)
-
-here="$(dirname "$0")"
-
-set -eu
-outdir="$1"
-
-mkdir "$outdir/initrd"
-cp "$here/init" "$outdir/initrd/"
-
-busybox="$(which busybox)"
-cp "$busybox" "$outdir/initrd/busybox"
-
-# TODO: get kernel version from /boot/vmlinuz-linux (which we use)
-kver="$(uname -r)"
-zstdcat /usr/lib/modules/$kver/kernel/drivers/net/ethernet/intel/e1000/e1000.ko.zst > "$outdir/initrd/e1000.ko"
-
-pushd "$outdir/initrd"
-find . | cpio -o -H newc > ../initrd.img
-popd
--- a/machines/loc1xe/vm1/init
+++ b/machines/loc1xe/vm1/init
@ -1,13 +0,0 @@
-#!/busybox ash
-
-/busybox echo START
-#/busybox mdev -s
-# we know the modules, lol :-)
-/busybox insmod /e1000.ko
-/busybox ip link set lo up
-/busybox ip addr add 2a01:4f8:c0c:36b8:ff01:8000:0:3/128 dev eth0
-/busybox ip addr add fe80:ff01:8000::3 dev eth0 scope link
-/busybox ip link set eth0 up
-/busybox ip route add default via fe80:ff01:8000::2 dev eth0
-
-/busybox ash
--- a/machines/loc1xe/vm1/run.sh
+++ b/machines/loc1xe/vm1/run.sh
@ -1,10 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-arch=x86_64
-kernel=/boot/vmlinuz-linux
-initrd_dir="$1"
-sockpath="$2"
-shift 2
-qemu-system-"$arch" -m 1G -nic tap,id=net0,ifname=tap-vm1,script=no,downscript=no -kernel "$kernel" -initrd "$initrd_dir/initrd.img" -chardev socket,id=sock0,path="$sockpath",mux=on,server=off -serial chardev:sock0 -mon chardev=sock0,mode=readline -daemonize -display none -append console=ttyS0,115200n1 "$@"
--- a/machines/loc1xe/vm1/start.sh
+++ b/machines/loc1xe/vm1/start.sh
@ -1,9 +0,0 @@
-#!/bin/sh
-
-. ./lib.shs
-
-set -eu
-
-mkdir state/$mach/initdir
-machines/$mach/vm1/create.sh state/$mach/initdir
-machines/$mach/vm1/run.sh state/$mach/initdir state/$mach/vm1.sock
--- a/machines/uo/setup.sh
+++ b/machines/uo/setup.sh
@ -15,8 +15,4 @@ ip link set dev up_ve up
 ip route add default via 100.100.0.1 dev up_ve
 ip route add default via fe80:ff01::1 dev up_ve

-wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f06/108
-wireguard wg-vms ./machines/$mach/wg-vms.conf 2a01:4f8:c0c:36b8:ff01:8000:0:0001/112
-
-# FIXME: Firewall this!
-sysctl net.ipv6.conf.all.forwarding=1
+wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f06/128
--- a/machines/uo/wg-vms.conf
+++ b/machines/uo/wg-vms.conf
@ -6,4 +6,4 @@ ListenPort = 62421
 # Xe
 [Peer]
 PublicKey = TISpt9e6DkduZVO4vxtq2xc5obdQk+oVAmASGwO+QC4=
-AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128, 2a01:4f8:c0c:36b8:ff01:8000:0:0004/128
+AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128 2a01:4f8:c0c:36b8:ff01:8000:0:0004/128