1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
197e2eb5b1
new package certifix-client uses certifix to sign ssl client cert
...
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
17630f2678
rename logtee->logtap
2024-09-18 20:58:02 +01:00
d3fce5edd4
implement error() for musl
2024-09-16 20:35:23 +01:00
5771108fed
improve logtee socket connection warning
...
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
9e5f2d663d
close socket fd if we can't connect it
2024-09-15 22:09:31 +01:00
21eeb1671e
print diagnostic when eof on stderr
2024-09-15 21:59:24 +01:00
44762d38fc
write start cookie when socket connect succeeds
2024-09-15 21:54:21 +01:00
1f6cfc3679
extract method is_connected
2024-09-15 21:40:05 +01:00
8ec00f1710
improve error message
2024-09-15 21:37:04 +01:00
6a6dd32dea
make pollfd array global
2024-09-15 21:32:48 +01:00
9b1fc11a59
logshipper/logtee :copy stdin to stdout & to a unix socket if present
...
first draft
2024-09-15 19:33:21 +01:00
aaa6e353db
incz is a very rudimentary log shipper for zinc search
...
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible
this is just the package and needs hooking into the service/log
infrastructure somehow
2024-09-08 16:38:37 +01:00
69bf6cb5fb
write-fennel quote PATH properly
...
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
2024-09-07 22:31:44 +01:00
9f58e7b926
maybe fix nixpkgs-unstable lua
2024-09-07 00:58:11 +01:00
277c91acdf
Revert "remove luaposix ref in write-fennel"
...
This reverts commit a60c2539a6
2024-09-06 00:33:30 +01:00
cc47515cf8
watch-outputs remove debug code
2024-09-06 00:13:54 +01:00
464913cc8f
tangc use spawn to invoke jose
...
hopefully we are now deadlock-free
2024-09-06 00:12:45 +01:00
e604d628e3
fennel anoia.process.spawn
...
runs a subprocess and invokes a callback whenever its io
descriptors are ready
2024-09-06 00:11:33 +01:00
e2a597589b
anoia.fs.find-executable looks for bin in colon-sep list of directories
2024-09-06 00:08:40 +01:00
Raito Bezarius
a139a262c1
seedrng: init at 2022.04
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-05 14:18:00 +01:00
6a5fed83dd
conditional fetch in json-to-fstree
2024-09-05 11:14:47 +01:00
bcf5ab24e8
tidy watch-outputs startup message
2024-09-05 10:11:16 +01:00
32bf80c6fa
devout: unlink socket pathname before binding
2024-09-05 10:05:13 +01:00
12275f6896
add more test for table=
2024-09-04 21:21:30 +01:00
a60c2539a6
remove luaposix ref in write-fennel
2024-09-04 21:21:02 +01:00
146a2d9ac0
fix startup race/fencepost in watch-ssh-keys
...
if it starts _after_ the outputs are populated, it should
write the first lot of outputs without waiting for a change
2024-09-04 21:19:51 +01:00
0c0d0eed8a
make watch-ssh-keys robust against missing key
2024-09-03 22:51:29 +01:00
699cf97206
improve tangc http error messages
2024-09-03 22:50:55 +01:00
034d6aacc4
tangc handle non-zero exit from jwe dec
...
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
2024-09-01 09:57:38 +01:00
6287b92000
fix bugs handling base64 padding
2024-08-31 22:43:25 +01:00
d2215d3e56
tangc popen retry on short read
2024-08-31 22:18:23 +01:00
3cf2308bee
tangc: stop printing unexpected blank lines
2024-08-31 15:29:10 +01:00
3913989be3
provide string to perform-encryption
...
instead of letting it read stdin, which I think may have been read
by a subprocess already sometimes?
2024-08-31 15:27:54 +01:00
43e5e6876e
improve tangc error messages
2024-08-31 15:22:26 +01:00
7d6c80570c
refactor all writeFennelScript calls to use writeFennel directly
2024-08-30 20:57:42 +01:00
0df2c83382
tighten perms on service state directory
2024-08-29 23:56:43 +01:00
283c3154a7
missing file in s6-rc-up-tree test fixture
2024-08-28 21:18:54 +01:00
34f37d60d9
missed adding this
2024-08-28 20:56:52 +01:00
b56f121e04
fetch lua glue: handle missing content-length
2024-08-28 19:52:00 +01:00
d5d621f310
rename http-fstree => json-to-fstree
...
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
da95a9fa62
tangc support encryption
2024-08-28 18:55:20 +01:00
85071c88e7
remove argv0 from calls to jose
2024-08-28 11:16:43 +01:00
74093b7ee3
josep! runs jose without json parsing the output
2024-08-28 08:13:50 +01:00
41733e58d6
remove unused code, tidy string parsing
2024-08-28 07:20:07 +01:00
9041d5d63a
add jose! fn to reduce error-checking boilerplate
2024-08-28 07:10:47 +01:00
001ebdc601
remove unused requires
2024-08-28 06:52:04 +01:00
1f97409474
add popen2 to anoia.fs
2024-08-28 06:49:43 +01:00
a41839f3d1
clevis-decrypt-tang in fennel
...
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
ff76d854fc
extend libfetch lua glue to other HTTP methods
2024-08-28 01:37:02 +01:00
81a6480a4f
anoia add base64 deode
2024-08-27 22:42:03 +01:00
83ca86fe42
keys in service output tree are strings
2024-08-25 15:59:24 +01:00
9828b007ae
watch-ssh-keys turns secrets-service into authorized_keys files
2024-08-24 23:25:32 +01:00
f34abc85ae
add macros param to write-fennel
2024-08-24 23:19:46 +01:00
b475a680fb
define-tests macro, evals body only when inside fennelrepl --test
2024-08-24 22:26:25 +01:00
43612af71a
anoia: %% is alias for string.formt
2024-08-24 13:56:54 +01:00
5695c47496
add dig to anoia
2024-08-23 23:27:29 +01:00
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
e835473945
patch dropbear to add -U option
2024-08-23 19:58:05 +01:00
ff38bcacbb
improve devout error reporting
2024-08-21 23:24:13 +01:00
4cc82e1502
liminix.types.replacable is a string or ref to an output
2024-08-21 00:16:14 +01:00
e2c883356c
add secrets-subscriber service, make hostapd use it
2024-08-15 23:00:41 +01:00
d79a941504
new package watch-outputs and example of its use
2024-08-14 22:58:17 +01:00
310ac30f24
http-fstree needs to write state and .lock for anoia.svc
2024-08-14 22:39:41 +01:00
45a7f96bd4
anoia table= compares tables
2024-08-14 22:36:28 +01:00
79445fd962
support multi-arg assoc
2024-08-14 22:34:37 +01:00
ff3a1905a5
pass service to output fn in output-template
...
instead of on command line
2024-08-12 22:53:07 +01:00
3c353e4aff
support json quoting in output-template
2024-08-10 23:42:08 +01:00
ba21384fde
new: output-template interpolates output values into config file
2024-08-10 23:06:47 +01:00
2480fdef5b
set up nginx on bordervm for testing outboard secrets
2024-08-10 23:05:50 +01:00
d760c2d27b
http-fstree downloads a json file and converts to service outputs
2024-08-08 15:35:11 +01:00
a1ff07b063
add rxi/json lua module
2024-08-08 15:05:26 +01:00
9550772cec
add lua binding to fetch-freebsd
2024-08-08 15:05:03 +01:00
64cd1626c6
new package fetch-freebsd: small http(s) client library
...
[*] smaller than curl, maybe not maximally small
2024-08-08 11:38:38 +01:00
eb79928b37
anoia.svc allow writing outputs
2024-08-08 11:37:50 +01:00
0a629df48d
anoia.fs: improve error messages
2024-08-08 11:36:47 +01:00
64afd18e2a
why does this fail on hydra?
2024-08-06 23:18:39 +01:00
8fa3443923
Revert "anoia.svc use timeout for inotify"
...
This reverts commit eca8e37e7a
2024-07-30 17:37:38 +01:00
eca8e37e7a
anoia.svc use timeout for inotify
...
in case we miss a message, check the directory every 5s
anyway
2024-07-26 23:40:40 +01:00
d300373b96
anoia fs.dir use case not match
...
match was accidentally pinning the return from readdir against the
function parameter. Which didn't work.
2024-07-26 23:37:40 +01:00
135a445672
restore param removed by deadnix
...
dochain is called with `family` even if it never uses it
2024-07-16 20:41:21 +01:00
3899daee56
create a module for round-robin
2024-07-15 22:37:37 +01:00
534a49e827
s6-rc-round-robin
...
runs services in order, starting the next one when the previous one
dies or fails to start
2024-07-08 21:53:51 +01:00
159bfa3057
make xl2tpd quit when the connections close
2024-07-08 21:44:15 +01:00
7f9971512d
a6-rc-up-tree: handle blocked deps, exit 1 if nothing started
2024-07-08 21:28:31 +01:00
f0f6cc80d7
remove dead code
2024-07-08 21:28:11 +01:00
afcc6a6436
s6-rc-up-tree pass -b to s6-rc command
2024-07-08 21:27:54 +01:00
2e8e05f31a
wip: rewrite s6-rc-up-tree in an actual procgramming language
...
and write some tests for it, too
2024-07-08 21:27:42 +01:00
5ac7e1e9b2
write-fennel: set $PATH if lualinux is available
2024-07-08 21:18:02 +01:00
3df1ec76ff
cleanup whitespace and commas
...
* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning
In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time
2024-06-30 17:16:28 +01:00
0d3218127f
remove unused makeWrapper input
2024-06-30 10:46:37 +01:00
e94bf62ec1
remove dead code (run deadnix)
2024-06-29 22:59:27 +01:00
16a2499d74
avoid makeWrapper on host, it requires bash
2024-06-29 22:36:05 +01:00
d4d8093f97
working l2tp-over-wwan stick example
2024-06-20 10:15:54 +01:00
7c9c801afc
rename isTrigger to restart-on-upgrade
...
we're moving away from "trigger" services to "controller" services,
and "restart-on-upgrade" is the name used by s6-rc
2024-06-16 12:58:06 +01:00
c4185617c0
a6-rc-up-tree wait for lock if needed
2024-06-15 15:36:07 +01:00
9540fc2641
add writeAshScriptBin (forgot to add file)
2024-06-15 15:04:56 +01:00
49d1703428
add s6-rc-up-tree: start reverse deps of controlled service
...
When s6-rc stops a service, it also stops everything that
depends on it. but when it starts a service it starts only
that service, so we have to go through the other services
depending on it and figure out if they should be started too.
2024-06-15 14:59:34 +01:00
e6ca5ea064
store derivations not just names for service deps
...
.. also controllers, contents. This is to make it possible (easier)
to work out transitive dependencies at build time
2024-06-11 14:01:06 +01:00
e6e4665a18
flip dependencies for triggered/controlled services
...
Instead of treating the trigger as the "main" service and the
triggered service as subsidary, now we treat the triggered
service as the service and the trigger as "subsidary". This
needs some special handling when we work out which services
go in the default bundle, but it works better for declaring
dependencies on triggered services because it means the
dependency runs after the triggered service comes up, not
just when the watcher-for-events starts
2024-06-09 22:37:45 +01:00
