1a6160bcab
firewall: show how to ratelimit icmp6 to 5% of available bandwidth
...
it's a little klunky as yet, requires setting properties.bandwidth on
the interface service
2025-03-25 23:53:02 +00:00
b1bf13bb01
add svc:directory, mostly for use in debugging messages
2025-03-25 23:47:01 +00:00
c3f550698d
watch-outputs fix update logic
...
it was only working by accident, when it worked, which was by no
means all of the time
note that we unconditionally perform the action (restart or whatever)
once we've started and got the initial state of the outputs. That's
because we have no idea whether the outputs changed in the interval
between the controlled service initially starting and watch-outputs
starting, so updates in that interval could be lost
2025-03-25 23:44:21 +00:00
05991225de
anoia.svc allow open of a service that is not yet running
...
we change the inotify watcher so that it attempts to monitor
/run/service as well as /run/service/foo. If foo doesn't yet exist
then that call to addwatch fails, so we need to be looking at the
parent if we are to be told when foo gets created
2025-03-25 23:37:58 +00:00
7ce1c6bb7d
add realpath to lualinux
2025-03-24 22:39:59 +00:00
8440378a39
anoia: make dirname handle tralning / like posix
2025-03-24 22:37:24 +00:00
0ae5689a40
support maps in firewallgen
2025-03-21 21:19:18 +00:00
45047dc023
squahs falls back
2025-03-21 21:09:05 +00:00
be03e9e8c8
service outputs falls back to properties (untested)
2025-03-18 18:38:04 +00:00
4e51977ae0
provide properties attr to services
...
properties are similar to outputs, but are different in that they are
fixed values (do not change) and are present even when the service is
down
if the attribute is present and an attrset, this will write the
equivalent recursive directory structure to $out/.properties/
2025-03-12 23:35:56 +00:00
2b0972ed73
svc.open accepts a /nix/store folder not an outputs folder
...
this mostly makes things simpler
2025-03-11 00:21:44 +00:00
d4e46dbe28
secrets/subscriber don't depend on the services we're watching
...
this means a watched service can stop and start without killing
the subscriber, and that we can watch for services that don't
yet exist
2025-03-09 20:35:40 +00:00
d1f87a56e0
secrets/subscriber: use correct numbers for signals to s6-svc
2025-03-09 20:34:29 +00:00
8c39b47cae
output-template: allow splicing statements instead of expression
...
if the text inside the delimiters begins with ; (a semicolon) then
the rest of it is expected to be one or more Lua statements. It needs
to say `return "foo"` to interpolate anything, as there is no
implicit return of the value of the last statement
2025-03-05 22:38:48 +00:00
2c7a16d792
firewallgen: add extraText param to set
...
anything in here is added verbatim to the set definition
2025-03-05 22:36:35 +00:00
d6b06abb63
delet second copy of output-template
2025-03-02 21:34:02 +00:00
234d1bd87e
basic unit tests for output-template
2025-03-02 21:14:46 +00:00
c38f180fb7
output-template expose table module
2025-03-02 21:14:16 +00:00
9a8b22997c
output-template: pass the tests
2025-03-02 21:09:32 +00:00
c32d09bd83
output-template: run the tests
2025-03-02 21:09:11 +00:00
6649ebeccd
firewall: use watch-outputs to track changes in zone->interface map
...
includes a horrible hack to work around (claimed (by me)) deficiencies
in the nftables parser
2025-02-28 00:43:20 +00:00
929226ed9e
delete commented code
2025-02-27 20:55:30 +00:00
024c018262
run the output-template test
2025-02-22 00:10:19 +00:00
7e2b0068e6
nixfmt-rfc-style
...
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
4bb081ffcf
export anoia.svc:fileno so it can be used with event loops
2025-02-10 21:21:08 +00:00
1d780de0f1
add (very basic) set support in firewallgen
...
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
2025-02-10 21:17:43 +00:00
Arnout Engelen
e71d92eb3d
OpenWrt One support
...
https://openwrt.org/toh/openwrt/one
2025-01-07 16:10:04 +01:00
350ddde260
add pkgs.openwrt_24_10
...
is needed by Belkin RT3200 and might also be handy for OpenWrt One?
this is very copy-pastey, will tidy it up after it
stops being a moving target
2025-01-03 23:52:08 +00:00
aa2160dd05
logtap: fix indentation
...
spaces not tabs
2025-01-02 22:45:00 +00:00
788169586f
/boot is a directory, copy files instead of replacing it with symlink
...
for the record, u-boot doesn't like having /boot/fit -> ../nix/store/..../fit
symlinks so we don't use symlinks inside /boot either
2025-01-01 12:29:25 +00:00
9dd169d500
add "config" output to kernel derivation
2025-01-01 11:54:46 +00:00
48dfbe0c01
add nginx-small : nginx with finegrained configure options
2024-12-29 20:47:03 +00:00
fe1ee12e3d
swap strchr for strchrnul in dropbear authkeyfile patch
...
The strchrnul version was giving weird crashes on aarch64
belkin-rt3200. I haven't figured out why but this one doesn't
2024-12-29 13:30:21 +00:00
Arnout Engelen
a89f866bf0
use Linux kernel sources associated with openwrt by default
2024-12-24 12:21:28 +00:00
f60b74f415
add a new updater output
...
this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.
breaking-ish change to workflows, docs updated
2024-12-20 00:05:07 +00:00
812e35b7b9
systemconfig: improve filenames/pathnames
...
no more make-stuff
2024-12-19 22:28:30 +00:00
b52133a28b
add hardware.dts.includes option
2024-12-17 20:36:14 +00:00
2e5a8a572e
tufted: more robust merge-pathname impl
2024-12-17 17:24:40 +00:00
464d046b5a
append-path spec behaviour for repeated /
2024-12-17 17:24:16 +00:00
ac8b971cc0
new fn append-path in anoia
...
complains if you try to ../../../
2024-12-11 17:26:44 +00:00
13087d17e3
use assert macros in anoia/init.fnl
...
there is no circularity (maybe there was once?)
2024-12-11 17:25:39 +00:00
91bdfc2766
remove apparently obsolete rp-pppoe configure setting
...
this were copied from nixpkgs but perhaps is for an older version of
rp-pppoe because it builds just fine without
2024-10-16 22:56:05 +01:00
888688ce28
buuld ppp with path to /run
2024-10-16 18:57:26 +01:00
72171021e3
support finish script in longrun
2024-10-10 18:26:14 +01:00
e383f1b3d3
obfuscate store path for min-copy-closure
...
otherwise the systemconfig closure drags in a bunch of build system
things (bash, etc) which we don't want or need to copy to the device
2024-10-10 16:25:00 +01:00
541b1c61c2
ensure $toplevel is path in /nix/store
2024-10-09 18:59:33 +01:00
55c7410a55
add result/install.sh to systemConfiguration output
...
this makes it possible to install a systemconfig instead of
having to use nix-shell (which is very slow)
2024-10-09 13:35:02 +01:00
0f50648157
don't put hostname in levitate logs
...
there might not be one
2024-10-08 22:55:39 +01:00
b9999857cb
longrun: don't add logger if producer-for is already set
2024-10-06 13:13:04 +01:00
1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
