it was only working by accident, when it worked, which was by no
means all of the time
note that we unconditionally perform the action (restart or whatever)
once we've started and got the initial state of the outputs. That's
because we have no idea whether the outputs changed in the interval
between the controlled service initially starting and watch-outputs
starting, so updates in that interval could be lost
we change the inotify watcher so that it attempts to monitor
/run/service as well as /run/service/foo. If foo doesn't yet exist
then that call to addwatch fails, so we need to be looking at the
parent if we are to be told when foo gets created
properties are similar to outputs, but are different in that they are
fixed values (do not change) and are present even when the service is
down
if the attribute is present and an attrset, this will write the
equivalent recursive directory structure to $out/.properties/
* the lua necessary is quite wordy, but it's less of a hack than
post-processing the rules file with pseudo-sed to get rid of `elements
= { }` lines
* also switch from stop/starting the firewall service to using a
signal, so that we don't go briefly offline every time a new interface
appears
if the text inside the delimiters begins with ; (a semicolon) then
the rest of it is expected to be one or more Lua statements. It needs
to say `return "foo"` to interpolate anything, as there is no
implicit return of the value of the last statement
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
- zones are an attrset of name -> [interface-service]
- the firewall will create empty "ifname" sets for each zone name
in each address family (ip, ip6)
- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear
This commit only adds the empty sets
