Daniel Barlow
2d7e6188ac
log shipping service now gets logs on stdin
...
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
Daniel Barlow
493c5f69d7
add module for certifix-client
2024-10-06 11:27:39 +01:00
Daniel Barlow
635590d37a
implement log shipping config
...
to use this, you need config like for example
+ logging.shipping = {
+ enable = true;
+ service = longrun {
+ name = "ship-logs";
+ run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+ in ''
+ PATH=${path}:$PATH
+ s6-ipcserver -1 ${config.logging.shipping.socket} \
+ s6-tcpclient 10.0.2.2 19612 \
+ fdmove -c 1 7 cat
+ '';
+ };
+ };
but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
Daniel Barlow
707a471bc2
add logtee to catchall logger
2024-09-16 21:30:06 +01:00
Daniel Barlow
e0725489ca
unbreak pppoe ci job
2024-09-06 00:33:30 +01:00
Daniel Barlow
091d863710
extract pppoe/l2tp common code
2024-09-04 12:02:00 +01:00
Daniel Barlow
c7bcfbfa34
make pppoe/l2tp more consistent
2024-09-03 22:57:45 +01:00
Daniel Barlow
500a3c1025
make nodefaultroute explicit in ppp
2024-09-03 22:53:13 +01:00
Daniel Barlow
e590c0ad3f
secrets subscriber: add provider as dep to controlled service
2024-09-01 09:56:59 +01:00
Daniel Barlow
14abdd9998
tang: notify on ready
2024-08-31 23:24:50 +01:00
Daniel Barlow
e745991b9d
restart pppoe/l2tp in secrets changes
2024-08-30 20:49:27 +01:00
Daniel Barlow
defbfce1fb
finish converting outputRef to lambda
2024-08-30 20:46:48 +01:00
Daniel Barlow
a8a19977ca
(untested) template service for tang encrypted secrets
2024-08-28 22:32:26 +01:00
Daniel Barlow
7351e143c5
remove redundant sourcing of ${serviceFns}
...
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
Daniel Barlow
fe7b092075
(untested) http basic auth for outboard secrets
2024-08-28 20:53:59 +01:00
Daniel Barlow
d5d621f310
rename http-fstree => json-to-fstree
...
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
Daniel Barlow
c7164a6f4a
sshd can use outputRef for authorized_keys
2024-08-25 16:35:50 +01:00
Daniel Barlow
99f68e5421
destructure params in ssh service
2024-08-23 23:13:49 +01:00
Daniel Barlow
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow
869a508c0a
add authorizedKeys option to ssh service
...
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow
a6128955e7
ppp modules: permit (mostly) same params for l2tp as pppoe
...
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow
531cb113be
devout needs a longer startup timeout
...
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow
2992771c7e
pppoe allow secrets for username/password
2024-08-21 00:17:22 +01:00
Daniel Barlow
21f2320d86
inline method
2024-08-20 23:26:11 +01:00
Daniel Barlow
4053ea9481
secrets/subscriber implement different restart types
2024-08-20 22:56:26 +01:00
Daniel Barlow
54d3415885
pppoe convert to using a config file
...
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow
264d83c98d
move some secret-watching stuff from hostapd to secrets
2024-08-20 21:49:11 +01:00
Daniel Barlow
97defc2076
hostapd: get secrets service/path from attrs
2024-08-17 22:25:30 +01:00
Daniel Barlow
bcd9d56624
start devout after mdevd
...
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow
e2c883356c
add secrets-subscriber service, make hostapd use it
2024-08-15 23:00:41 +01:00
Daniel Barlow
2f82e0dab8
hostapd set permissions on dir in /run/
2024-08-14 22:57:02 +01:00
Daniel Barlow
fc03965915
hostapd literal_or_output use an attrset for dispatch
2024-08-14 22:56:01 +01:00
Daniel Barlow
d2d3af2587
outboard secrets: loop in service
...
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
Daniel Barlow
4fb8253e57
first pass at outboard secrets
...
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it
needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
Daniel Barlow
5db9d7269e
ppoe structured options are optional
2024-08-06 18:43:27 +01:00
Daniel Barlow
c4d00e062a
add health check service and example that uses it
2024-07-30 22:37:43 +01:00
Daniel Barlow
39020607ad
rename service-trigger rule to match service name
2024-07-28 22:35:37 +01:00
Daniel Barlow
fe735408a1
v:address is nil if missing, but code expects an array
2024-07-27 17:40:32 +01:00
Daniel Barlow
a9d1582b53
remove unused arg
2024-07-26 23:41:50 +01:00
Daniel Barlow
28ca1e68ab
wwan module needs mdevd
2024-07-23 09:31:34 +01:00
Daniel Barlow
7f9cae9d5c
generalise profile.gateway.wan so not just pppoe
2024-07-23 09:31:34 +01:00
Daniel Barlow
7195cb10ce
add structured config for common pppoe options
2024-07-23 09:31:34 +01:00
Daniel Barlow
3899daee56
create a module for round-robin
2024-07-15 22:37:37 +01:00
Daniel Barlow
b17f623d03
need insmod when we habve kmodloader
2024-07-15 22:35:26 +01:00
Daniel Barlow
df395a4d5d
finish moving pkgs.linimix.callService to config.system
2024-07-15 19:00:08 +01:00
Daniel Barlow
725d8b608f
huawei-cdc-ncm kernel driver -> module
2024-07-14 12:07:28 +01:00
Daniel Barlow
73ae7788b9
rename wwan-related modules/services
...
we only currently support huawei e3372/cdc ncm so let's make that
explicit in the naming
2024-07-14 11:53:45 +01:00
Daniel Barlow
3f8cc24dcc
fix most doc warnings
2024-07-10 23:36:24 +01:00
Daniel Barlow
ac551536da
set cwd before exec xl2tpd
2024-07-08 21:56:26 +01:00
Daniel Barlow
6f908156af
fix dependency between modem-atz and modeswitch
...
for values of "fix" more than slightly reminiscent of "kludge"
2024-07-08 21:55:05 +01:00