mirror of
https://github.com/archr-linux/Arch-R.git
synced 2026-03-31 14:41:55 -07:00
542f03f335
This patch moves the distribution to a modern network stack using systemd-resolved
integrated with IWD and Connman, alongside a kernel configuration alignment to support
modern routing standards. This resolves historical connectivity issues regarding
DNS search paths, captive portals, blocked DNS scenarios, and IPv6 gateway selection.
Detailed changes:
1. Systemd-Resolved & Configuration Logic:
- Configured IWD to use native systemd-resolved support via DBus.
- Retained standard distribution `resolv.conf` symlink/pointer behavior for
backward compatibility.
- EXPANDED: Added support for persistent user overrides.
* If `/storage/.config/resolv.conf` is populated by the user, it will be
honored and take precedence over automatic discovery.
- Specific handling for domain search paths and captive portal complexity.
2. Connman Improvements:
- Removed hardcoded single fallback DNS entries.
- *Rationale:* These entries were never updated and caused connectivity/resolution
failures when the primary DNS path was blocked or unavailable.
3. System Integration & Permissions (Compatibility Shims):
- Added `dummy` user (UID 100) and `nobody` group (standard overflow UID/GID).
- *Rationale:* Required to satisfy `systemd-resolved` internal sandboxing constraints.
Although Rocknix runs as root, systemd-resolved enforces privilege dropping for
specific internal operations.
- *Standardization:* Aligning these mappings (User 100, nobody/nogroup) with
Linux standards resolves dependencies for multiple services beyond systemd
(e.g., NFS idmapd, Avahi, RPC).
- *Maintainability:* chosen over binary patching to ensure package cleanliness.
4. Avahi / mDNS:
- Integrated with existing Avahi setup to prevent systemd-resolved from
binding to mDNS ports, avoiding conflict.
5. IWD Updates:
- Optimized IPv6 support configuration.
- Enabled Kernel Crypto User API (`AF_ALG`) interaction for WPA3/SAE support.
6. Kernel Configuration Alignment:
- **Performance:** Enforced `TCP_CONG_BBR` and `NET_SCH_FQ_CODEL` as the
kernel defaults. This mitigates bufferbloat and improves throughput in
congested WiFi environments compared to the previous cubic/fifo defaults.
- **IPv6 Compliance:** Enabled `ROUTER_PREF`, `MULTIPLE_TABLES`, `SUBTREES`,
and `MROUTE`.
* *Rationale:* Required for policy routing used by modern network managers
and ensures correct gateway selection in multi-router environments.
- **VPN & VLAN Support:** Enabled `TUN`, `WIREGUARD`, `BRIDGE`, and `VLAN_8021Q`.
* *Rationale:* Provides necessary primitives for Tailscale, WireGuard, and
VLAN-tagged WAN/IoT isolation. Container networking (IPVLAN/MACVLAN)
remains disabled to prevent conflicts with L3 Master Device selection.
- **Netfilter Modernization:** Enabled `NF_TABLES` with `NFT_COMPAT` while
retaining legacy `IP_NF_IPTABLES` support.
* *Rationale:* Allows modern tooling to use efficient NFTables backends
while maintaining backward compatibility for existing user scripts.
- **Hardware Cryptography:** Enabled SoC-specific hardware crypto drivers as
modules (`CRYPTO_DEV_ROCKCHIP`, `CRYPTO_DEV_QCE`, `CRYPTO_DEV_AMLOGIC_GXL`,
`CRYPTO_DEV_SUN8I`) to support hardware-offloaded operations for IWD/SAE
and VPNs where available.
7. Device Specific Cleanups:
- **SDM845 (Kernel 5.18):** Explicitly disabled legacy Android Power Management
flags (`CONFIG_PM_SLEEP`, `CONFIG_SUSPEND`)