eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router
<danderson> Whee, finally got my router running on nixos. Interaction between pppd and the network interface systemd units is a bit wonky
<danderson> somehow restarting a couple interfaces made the default route go away, even though I wasn't touching the WAN interface
<clever> danderson: ive sometimes had that happen, without any pppoe clients (though i run a pppoe server, for complex reasons)
<danderson> the pppd we have in nixos lacks some patches that are being carried by debian, related to default route handling. May want to port them over
<flokli> danderson: :+1
<betawaffle> flokli: nixos
<betawaffle> the 19.09 release
<betawaffle> gchristensen: i just ordered a second apu2, this time an apu2e4. my first motivation is to have a backup in case i brick one with a firmware upgrade (though i also ordered an un-bricker)
<betawaffle> my secondary motivation is to have another small nixos machine i can mess with more, without having to be concerned i'll knock myself off the internet
<gchristensen> oh cool!
<gchristensen> haha yeah fair
<betawaffle> my tertiary motivation is to have a machine i can ssh into to get serial access to my router, in an easier way that what i have to do now
<betawaffle> than*
<gchristensen> set them up in an active/passive config with your home router, and each connected to the other's serial port
<gchristensen> s/router/ONT/
<betawaffle> i also want a machine i can play around with firmware on, and these things use coreboot
<betawaffle> unfortunately the ONT only has one ethernet port
<betawaffle> (i think)
<gchristensen> ONT->switch->your two devices with one of them always administratively marked as down
<gchristensen> anyway I'm absolutely 100% kidding and have no idea if this would work
<betawaffle> the switch would need to support forwarding 802.1x auth, which is against spec
<betawaffle> that's actually why i'm using this apu2 as my router
<betawaffle> to do that forwarding between the ONT and the gateway they give me, which has the certificates used to auth with at&t
<betawaffle> if i can extract them at some point, i can scrap that shit
<betawaffle> but i'd need to root the gateway
<gchristensen> :D
<betawaffle> which i don't know how to do
<betawaffle> (the currently functional ways to do it are not public)
<gchristensen> I don't either, but I bet it involves cracking open the box and finding a EEPROM you can dump
<betawaffle> yeah, you can dump that with a usb ttl, people say
<betawaffle> i'm not confident enough for that yet
<gchristensen> I've never done that sort of thing before
<gchristensen> and I probably wouldn't start on my router
<gchristensen> ...ONT.
<betawaffle> i've got a friend (on the other side of the country...) who does this sort of thing for a living
<gchristensen> perfect
<betawaffle> so... just to be clear, the ONT is the optical network terminal, mounted on the wall. the fiber goes in, and ethernet comes out
<gchristensen> oh right and you do actually need to examine the router
<betawaffle> the gateway i need to break is something else
<gchristensen> the gateway is intended to be your router, no?
<betawaffle> but currently it's literally only used for auth, so i'm in a pretty good state
<betawaffle> yes
<gchristensen> yeah
<betawaffle> but i've bypassed it
<gchristensen> :D
<betawaffle> many other people have too, fwiw
<betawaffle> it's garbage
<betawaffle> the *only* problem i have remaining with it, is the order and timing that network interfaces have to come up
<betawaffle> it's critical that the interface the gateway is connected to doesn't get carrier before the ONT does
<betawaffle> i've made a change that *might* fix that, but i'm not super hopeful
<betawaffle> currently, whenever my router boots up, the interfaces just all come up in whatever order. which means the gateway may try to authenticate before my router is ready to forward those packets to the ONT
<gchristensen> ouch
<betawaffle> so i have to down/up the port after everything is up and i can ssh in :/
<betawaffle> but i'm gonna see if BindCarrier can help me
<gchristensen> what des BindCarrier do?
<betawaffle> "When set, controls the behavior of the current link. When all links in the list are in an operational down state, the current link is brought down. When at least one link has carrier, the current interface is brought up."
<gchristensen> sounsd right!
<betawaffle> i could have sworn i tried it before, but i'm not certain...
<betawaffle> gchristensen: it seems like BindCarrier may have worked
<betawaffle> internet came up by itself
<gchristensen> nice!!