14bfebc5c3
enable unloading modules so that scripts work
...
if we can't unload them then the service that loads them will fail
the second time it's run
2024-10-16 22:54:19 +01:00
0447ac0ff9
did we need MODULE_SIG?
...
I think this may be a hangover from using backports modules for wlan
2024-10-16 22:53:16 +01:00
e35a1514ab
send kernel logs to s6
2024-10-16 18:59:42 +01:00
4a0120487c
remove usepeerdns - it causes only errors
...
we handle dns with service outputs anyway
2024-10-16 18:58:34 +01:00
888688ce28
buuld ppp with path to /run
2024-10-16 18:57:26 +01:00
9e3f48768e
think
2024-10-14 18:49:10 +01:00
72171021e3
support finish script in longrun
2024-10-10 18:26:14 +01:00
17517dd34f
remove KEXEC from base kernel config
...
we're not using it any more
2024-10-10 18:23:50 +01:00
5112eab4da
apply incoming-allowed-ip[46] rules to input as well as forward pkts
...
this makes it possible to open ports on the router itself
2024-10-10 18:18:23 +01:00
e383f1b3d3
obfuscate store path for min-copy-closure
...
otherwise the systemconfig closure drags in a bunch of build system
things (bash, etc) which we don't want or need to copy to the device
2024-10-10 16:25:00 +01:00
da1245432e
no more iminix-rebuild
2024-10-09 19:34:55 +01:00
541b1c61c2
ensure $toplevel is path in /nix/store
2024-10-09 18:59:33 +01:00
55c7410a55
add result/install.sh to systemConfiguration output
...
this makes it possible to install a systemconfig instead of
having to use nix-shell (which is very slow)
2024-10-09 13:35:02 +01:00
0f50648157
don't put hostname in levitate logs
...
there might not be one
2024-10-08 22:55:39 +01:00
f1c260d4f7
make ci.ni "all" a derivation
...
this is to stop hydra complaining
2024-10-06 18:04:56 +01:00
3d611d3ba2
fix unstable qemu build?
...
nix-repl> (lib.versionOlder "24.11pre-git" "24.11")
true
nix-repl> (lib.versionOlder "24.11pre-git" "24.10")
false
n
2024-10-06 18:04:48 +01:00
e6b7d86381
sort lines
2024-10-06 17:53:34 +01:00
83fbffb39b
catch another uncaught-logs
2024-10-06 17:53:09 +01:00
f8c579b41e
add CI "all" target
2024-10-06 17:52:59 +01:00
ca9efc4b26
simplify CI
...
* I didn't know what I was doing when I set up Hydra
* it's not certain that I do now either, but hey ho
2024-10-06 15:55:01 +01:00
336fc7e495
think
2024-10-06 14:27:45 +01:00
4cc0add2ad
update refs to uncaught-logs in docs/tests
2024-10-06 13:46:14 +01:00
2d7e6188ac
log shipping service now gets logs on stdin
...
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
b9999857cb
longrun: don't add logger if producer-for is already set
2024-10-06 13:13:04 +01:00
ba03ddeb38
border-vm: add tang service
2024-10-06 12:38:06 +01:00
493c5f69d7
add module for certifix-client
2024-10-06 11:27:39 +01:00
1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
197e2eb5b1
new package certifix-client uses certifix to sign ssl client cert
...
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
7ca822c826
more messing around with lua derivation
2024-10-03 23:00:08 +01:00
e5631783e1
add luaossl package with patch for CSR attributes
2024-10-03 23:00:08 +01:00
635590d37a
implement log shipping config
...
to use this, you need config like for example
+ logging.shipping = {
+ enable = true;
+ service = longrun {
+ name = "ship-logs";
+ run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+ in ''
+ PATH=${path}:$PATH
+ s6-ipcserver -1 ${config.logging.shipping.socket} \
+ s6-tcpclient 10.0.2.2 19612 \
+ fdmove -c 1 7 cat
+ '';
+ };
+ };
but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
17630f2678
rename logtee->logtap
2024-09-18 20:58:02 +01:00
707a471bc2
add logtee to catchall logger
2024-09-16 21:30:06 +01:00
d3fce5edd4
implement error() for musl
2024-09-16 20:35:23 +01:00
5771108fed
improve logtee socket connection warning
...
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
9e5f2d663d
close socket fd if we can't connect it
2024-09-15 22:09:31 +01:00
21eeb1671e
print diagnostic when eof on stderr
2024-09-15 21:59:24 +01:00
44762d38fc
write start cookie when socket connect succeeds
2024-09-15 21:54:21 +01:00
1f6cfc3679
extract method is_connected
2024-09-15 21:40:05 +01:00
8ec00f1710
improve error message
2024-09-15 21:37:04 +01:00
6a6dd32dea
make pollfd array global
2024-09-15 21:32:48 +01:00
9b1fc11a59
logshipper/logtee :copy stdin to stdout & to a unix socket if present
...
first draft
2024-09-15 19:33:21 +01:00
aaa6e353db
incz is a very rudimentary log shipper for zinc search
...
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible
this is just the package and needs hooking into the service/log
infrastructure somehow
2024-09-08 16:38:37 +01:00
69bf6cb5fb
write-fennel quote PATH properly
...
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
2024-09-07 22:31:44 +01:00
9f58e7b926
maybe fix nixpkgs-unstable lua
2024-09-07 00:58:11 +01:00
5a5c27ab9f
think
2024-09-06 22:37:49 +01:00
277c91acdf
Revert "remove luaposix ref in write-fennel"
...
This reverts commit a60c2539a6
2024-09-06 00:33:30 +01:00
e0725489ca
unbreak pppoe ci job
2024-09-06 00:33:30 +01:00
cc47515cf8
watch-outputs remove debug code
2024-09-06 00:13:54 +01:00
464913cc8f
tangc use spawn to invoke jose
...
hopefully we are now deadlock-free
2024-09-06 00:12:45 +01:00
