refactor: dns+dhcp to a module, support short host queries

[vilvo]

Description of changes

• Renaming module to dns-dhcp allows us to change the internal implementation
  of DNS and DHCP services from dnsmasq to something else, like rust-based,
  later
• Current implementation stays dnsmasq-based but is only refactored into a
  module
• Disable systemd resolved on client side VMs completely, including DNS stub
  listener on 127.0.0.53 which made the name queries time out before going
  to primary nameserver 192.168.100.1 in the net-vm. Also note that it is
  required to set resolve.enable to false - even when NixOS options document
  the default as false.
• Give static IPs to guests based on their mimicked synthetic MAC
• dhcp-option '6' equals 'option:dns-server'. More descriptive this way.
• Client side queries are configured to use .ghaf domain for local name queries
• Better not set debug subnet ip addresses in dnsmasq, because sometimes we are
  debugging the dnsmasq itself.
• Add tshark network packet capturing tool for builds that include
  the ghaf debug profile

Considerations:

• ghaf-host uses resolv.conf via DNS stub resolver. It does not use
  net-vm (192.168.100.1) as default nameserver. This is considered
  more secure than using net-vm. Future development could be
  debug optional that allows ghaf-host access to local network host
  names. This has risks related to development and testing time
  assumptions on ghaf-host access to names with release builds.
• net-vm does not serve IP address for ghaf-host queries - even
  for debug builds. See rationale above.

Checklist for things done

• Summary of the proposed changes in the PR description
• More detailed description in the commit message(s)
• Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
• Contribution guidelines followed
• Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• PR linked to architecture documentation and requirement(s) (ticket id)
• Test procedure described (or includes tests). Select one or more:
  • Tested on Lenovo X1 x86_64
  • Tested on Jetson Orin NX or AGX aarch64
  • Tested on Polarfire riscv64
• Author has run nix flake check --accept-flake-config and it passes
• All automatic Github Action checks pass - see actions
• Author has added reviewers and removed PR draft status

Testing

[ghaf@gui-vm:~]$ time for host in net-vm chromium-vm gala-vm gui-vm \
> zathura-vm; do dig +short $host; done;
192.168.100.1
192.168.100.6
192.168.100.4
192.168.100.3
192.168.100.5

real	0m0.151s
user	0m0.029s
sys	0m0.031s

[jpruiz84]

Today I had a routing problem in Ghaf, because my default internet router subnet is 192.168.101.0/24.

[ghaf@net-vm:~]$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         net-vm          0.0.0.0         UG    1025   0        0 wlp0s4f0
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 ethint0
192.168.101.0   0.0.0.0         255.255.255.0   U     0      0        0 ethint0
192.168.101.0   0.0.0.0         255.255.255.0   U     1025   0        0 wlp0s4f0
net-vm          0.0.0.0         255.255.255.255 UH    1025   0        0 wlp0s4f0

The problem was that the net-vm was not able to ping my laptop because the default route in that case was through ethint0 and not to wlp0s4f0.

The solution in my case was simple, change the subnet in my Internet router to 192.168.110.0. But, many user could have a similar problem if their Internet routers subnet are 192.168.100.0 or 192.168.101.0. I think that the subnet managed by the net-vm should be one less popular, such as 192.168.170.0/

[riskuuse]

@riskuuse - requesting early review comments to this draft One key change here is also (difficult to notice in diff):

- domain-needed = true;
+ domain-needed = false;

which removes the need to use the domain ghaf with internal name queries (e.g. gui-vm.ghaf). The primary DNS as internal (192.168.101.1) ensures that queries do not leave outside.

My tests on X1 indicates that currently VM's don't resolve to any name, with .ghaf or without. Investigating...