d4e46dbe28
secrets/subscriber don't depend on the services we're watching
...
this means a watched service can stop and start without killing
the subscriber, and that we can watch for services that don't
yet exist
2025-03-09 20:35:40 +00:00
d1f87a56e0
secrets/subscriber: use correct numbers for signals to s6-svc
2025-03-09 20:34:29 +00:00
8c39b47cae
output-template: allow splicing statements instead of expression
...
if the text inside the delimiters begins with ; (a semicolon) then
the rest of it is expected to be one or more Lua statements. It needs
to say `return "foo"` to interpolate anything, as there is no
implicit return of the value of the last statement
2025-03-05 22:38:48 +00:00
2c7a16d792
firewallgen: add extraText param to set
...
anything in here is added verbatim to the set definition
2025-03-05 22:36:35 +00:00
d6b06abb63
delet second copy of output-template
2025-03-02 21:34:02 +00:00
234d1bd87e
basic unit tests for output-template
2025-03-02 21:14:46 +00:00
c38f180fb7
output-template expose table module
2025-03-02 21:14:16 +00:00
9a8b22997c
output-template: pass the tests
2025-03-02 21:09:32 +00:00
c32d09bd83
output-template: run the tests
2025-03-02 21:09:11 +00:00
6649ebeccd
firewall: use watch-outputs to track changes in zone->interface map
...
includes a horrible hack to work around (claimed (by me)) deficiencies
in the nftables parser
2025-02-28 00:43:20 +00:00
929226ed9e
delete commented code
2025-02-27 20:55:30 +00:00
024c018262
run the output-template test
2025-02-22 00:10:19 +00:00
7e2b0068e6
nixfmt-rfc-style
...
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
4bb081ffcf
export anoia.svc:fileno so it can be used with event loops
2025-02-10 21:21:08 +00:00
1d780de0f1
add (very basic) set support in firewallgen
...
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
2025-02-10 21:17:43 +00:00
Arnout Engelen
e71d92eb3d
OpenWrt One support
...
https://openwrt.org/toh/openwrt/one
2025-01-07 16:10:04 +01:00
350ddde260
add pkgs.openwrt_24_10
...
is needed by Belkin RT3200 and might also be handy for OpenWrt One?
this is very copy-pastey, will tidy it up after it
stops being a moving target
2025-01-03 23:52:08 +00:00
aa2160dd05
logtap: fix indentation
...
spaces not tabs
2025-01-02 22:45:00 +00:00
788169586f
/boot is a directory, copy files instead of replacing it with symlink
...
for the record, u-boot doesn't like having /boot/fit -> ../nix/store/..../fit
symlinks so we don't use symlinks inside /boot either
2025-01-01 12:29:25 +00:00
9dd169d500
add "config" output to kernel derivation
2025-01-01 11:54:46 +00:00
48dfbe0c01
add nginx-small : nginx with finegrained configure options
2024-12-29 20:47:03 +00:00
fe1ee12e3d
swap strchr for strchrnul in dropbear authkeyfile patch
...
The strchrnul version was giving weird crashes on aarch64
belkin-rt3200. I haven't figured out why but this one doesn't
2024-12-29 13:30:21 +00:00
Arnout Engelen
a89f866bf0
use Linux kernel sources associated with openwrt by default
2024-12-24 12:21:28 +00:00
f60b74f415
add a new updater output
...
this is so that we don't have to obfuscate store paths in
systemConfiguration to avoid dragging in build system
deps.
breaking-ish change to workflows, docs updated
2024-12-20 00:05:07 +00:00
812e35b7b9
systemconfig: improve filenames/pathnames
...
no more make-stuff
2024-12-19 22:28:30 +00:00
b52133a28b
add hardware.dts.includes option
2024-12-17 20:36:14 +00:00
2e5a8a572e
tufted: more robust merge-pathname impl
2024-12-17 17:24:40 +00:00
464d046b5a
append-path spec behaviour for repeated /
2024-12-17 17:24:16 +00:00
ac8b971cc0
new fn append-path in anoia
...
complains if you try to ../../../
2024-12-11 17:26:44 +00:00
13087d17e3
use assert macros in anoia/init.fnl
...
there is no circularity (maybe there was once?)
2024-12-11 17:25:39 +00:00
91bdfc2766
remove apparently obsolete rp-pppoe configure setting
...
this were copied from nixpkgs but perhaps is for an older version of
rp-pppoe because it builds just fine without
2024-10-16 22:56:05 +01:00
888688ce28
buuld ppp with path to /run
2024-10-16 18:57:26 +01:00
72171021e3
support finish script in longrun
2024-10-10 18:26:14 +01:00
e383f1b3d3
obfuscate store path for min-copy-closure
...
otherwise the systemconfig closure drags in a bunch of build system
things (bash, etc) which we don't want or need to copy to the device
2024-10-10 16:25:00 +01:00
541b1c61c2
ensure $toplevel is path in /nix/store
2024-10-09 18:59:33 +01:00
55c7410a55
add result/install.sh to systemConfiguration output
...
this makes it possible to install a systemconfig instead of
having to use nix-shell (which is very slow)
2024-10-09 13:35:02 +01:00
0f50648157
don't put hostname in levitate logs
...
there might not be one
2024-10-08 22:55:39 +01:00
b9999857cb
longrun: don't add logger if producer-for is already set
2024-10-06 13:13:04 +01:00
1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
197e2eb5b1
new package certifix-client uses certifix to sign ssl client cert
...
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
17630f2678
rename logtee->logtap
2024-09-18 20:58:02 +01:00
d3fce5edd4
implement error() for musl
2024-09-16 20:35:23 +01:00
5771108fed
improve logtee socket connection warning
...
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
9e5f2d663d
close socket fd if we can't connect it
2024-09-15 22:09:31 +01:00
21eeb1671e
print diagnostic when eof on stderr
2024-09-15 21:59:24 +01:00
44762d38fc
write start cookie when socket connect succeeds
2024-09-15 21:54:21 +01:00
1f6cfc3679
extract method is_connected
2024-09-15 21:40:05 +01:00
8ec00f1710
improve error message
2024-09-15 21:37:04 +01:00
6a6dd32dea
make pollfd array global
2024-09-15 21:32:48 +01:00
9b1fc11a59
logshipper/logtee :copy stdin to stdout & to a unix socket if present
...
first draft
2024-09-15 19:33:21 +01:00
