1f97409474
add popen2 to anoia.fs
2024-08-28 06:49:43 +01:00
a41839f3d1
clevis-decrypt-tang in fennel
...
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
ff76d854fc
extend libfetch lua glue to other HTTP methods
2024-08-28 01:37:02 +01:00
81a6480a4f
anoia add base64 deode
2024-08-27 22:42:03 +01:00
c7164a6f4a
sshd can use outputRef for authorized_keys
2024-08-25 16:35:50 +01:00
83ca86fe42
keys in service output tree are strings
2024-08-25 15:59:24 +01:00
1b4106e2a3
ssh-keys service, draft
2024-08-25 15:09:31 +01:00
89912c766b
nixpkgs 24.11 qemu does not expect texinfo
2024-08-25 14:23:29 +01:00
9828b007ae
watch-ssh-keys turns secrets-service into authorized_keys files
2024-08-24 23:25:32 +01:00
f34abc85ae
add macros param to write-fennel
2024-08-24 23:19:46 +01:00
b475a680fb
define-tests macro, evals body only when inside fennelrepl --test
2024-08-24 22:26:25 +01:00
43612af71a
anoia: %% is alias for string.formt
2024-08-24 13:56:54 +01:00
5695c47496
add dig to anoia
2024-08-23 23:27:29 +01:00
e3ec514710
think
2024-08-23 23:27:17 +01:00
99f68e5421
destructure params in ssh service
2024-08-23 23:13:49 +01:00
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
dd75322c10
think
2024-08-23 21:45:18 +01:00
869a508c0a
add authorizedKeys option to ssh service
...
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
e835473945
patch dropbear to add -U option
2024-08-23 19:58:05 +01:00
055268d5d2
upgrade dropbear
2024-08-23 19:57:10 +01:00
ff38bcacbb
improve devout error reporting
2024-08-21 23:24:13 +01:00
a6128955e7
ppp modules: permit (mostly) same params for l2tp as pppoe
...
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
531cb113be
devout needs a longer startup timeout
...
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
daede666cb
in router-with-l2tp use secrets for ppp username/password
2024-08-21 00:17:53 +01:00
2992771c7e
pppoe allow secrets for username/password
2024-08-21 00:17:22 +01:00
4cc82e1502
liminix.types.replacable is a string or ref to an output
2024-08-21 00:16:14 +01:00
21f2320d86
inline method
2024-08-20 23:26:11 +01:00
d40ada4251
use structured ppp params in ppp test
2024-08-20 23:25:31 +01:00
4053ea9481
secrets/subscriber implement different restart types
2024-08-20 22:56:26 +01:00
54d3415885
pppoe convert to using a config file
...
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
264d83c98d
move some secret-watching stuff from hostapd to secrets
2024-08-20 21:49:11 +01:00
97defc2076
hostapd: get secrets service/path from attrs
2024-08-17 22:25:30 +01:00
ddaa5476d3
override clevis derivation (experimental)
2024-08-15 23:02:54 +01:00
bcd9d56624
start devout after mdevd
...
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
e2c883356c
add secrets-subscriber service, make hostapd use it
2024-08-15 23:00:41 +01:00
d79a941504
new package watch-outputs and example of its use
2024-08-14 22:58:17 +01:00
2f82e0dab8
hostapd set permissions on dir in /run/
2024-08-14 22:57:02 +01:00
fc03965915
hostapd literal_or_output use an attrset for dispatch
2024-08-14 22:56:01 +01:00
d2d3af2587
outboard secrets: loop in service
...
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
310ac30f24
http-fstree needs to write state and .lock for anoia.svc
2024-08-14 22:39:41 +01:00
45a7f96bd4
anoia table= compares tables
2024-08-14 22:36:28 +01:00
79445fd962
support multi-arg assoc
2024-08-14 22:34:37 +01:00
a9ddd78482
think
2024-08-12 22:59:03 +01:00
4fb8253e57
first pass at outboard secrets
...
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it
needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
ff3a1905a5
pass service to output fn in output-template
...
instead of on command line
2024-08-12 22:53:07 +01:00
3c353e4aff
support json quoting in output-template
2024-08-10 23:42:08 +01:00
ba21384fde
new: output-template interpolates output values into config file
2024-08-10 23:06:47 +01:00
2480fdef5b
set up nginx on bordervm for testing outboard secrets
2024-08-10 23:05:50 +01:00
409c1cfb16
think
2024-08-10 23:05:15 +01:00
9767078878
add the example used in the video
2024-08-08 19:24:58 +01:00
