336fc7e495
think
2024-10-06 14:27:45 +01:00
4cc0add2ad
update refs to uncaught-logs in docs/tests
2024-10-06 13:46:14 +01:00
2d7e6188ac
log shipping service now gets logs on stdin
...
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
b9999857cb
longrun: don't add logger if producer-for is already set
2024-10-06 13:13:04 +01:00
ba03ddeb38
border-vm: add tang service
2024-10-06 12:38:06 +01:00
493c5f69d7
add module for certifix-client
2024-10-06 11:27:39 +01:00
1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
197e2eb5b1
new package certifix-client uses certifix to sign ssl client cert
...
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
7ca822c826
more messing around with lua derivation
2024-10-03 23:00:08 +01:00
e5631783e1
add luaossl package with patch for CSR attributes
2024-10-03 23:00:08 +01:00
635590d37a
implement log shipping config
...
to use this, you need config like for example
+ logging.shipping = {
+ enable = true;
+ service = longrun {
+ name = "ship-logs";
+ run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+ in ''
+ PATH=${path}:$PATH
+ s6-ipcserver -1 ${config.logging.shipping.socket} \
+ s6-tcpclient 10.0.2.2 19612 \
+ fdmove -c 1 7 cat
+ '';
+ };
+ };
but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
17630f2678
rename logtee->logtap
2024-09-18 20:58:02 +01:00
707a471bc2
add logtee to catchall logger
2024-09-16 21:30:06 +01:00
d3fce5edd4
implement error() for musl
2024-09-16 20:35:23 +01:00
5771108fed
improve logtee socket connection warning
...
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
9e5f2d663d
close socket fd if we can't connect it
2024-09-15 22:09:31 +01:00
21eeb1671e
print diagnostic when eof on stderr
2024-09-15 21:59:24 +01:00
44762d38fc
write start cookie when socket connect succeeds
2024-09-15 21:54:21 +01:00
1f6cfc3679
extract method is_connected
2024-09-15 21:40:05 +01:00
8ec00f1710
improve error message
2024-09-15 21:37:04 +01:00
6a6dd32dea
make pollfd array global
2024-09-15 21:32:48 +01:00
9b1fc11a59
logshipper/logtee :copy stdin to stdout & to a unix socket if present
...
first draft
2024-09-15 19:33:21 +01:00
aaa6e353db
incz is a very rudimentary log shipper for zinc search
...
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible
this is just the package and needs hooking into the service/log
infrastructure somehow
2024-09-08 16:38:37 +01:00
69bf6cb5fb
write-fennel quote PATH properly
...
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
2024-09-07 22:31:44 +01:00
9f58e7b926
maybe fix nixpkgs-unstable lua
2024-09-07 00:58:11 +01:00
5a5c27ab9f
think
2024-09-06 22:37:49 +01:00
277c91acdf
Revert "remove luaposix ref in write-fennel"
...
This reverts commit a60c2539a6
2024-09-06 00:33:30 +01:00
e0725489ca
unbreak pppoe ci job
2024-09-06 00:33:30 +01:00
cc47515cf8
watch-outputs remove debug code
2024-09-06 00:13:54 +01:00
464913cc8f
tangc use spawn to invoke jose
...
hopefully we are now deadlock-free
2024-09-06 00:12:45 +01:00
e604d628e3
fennel anoia.process.spawn
...
runs a subprocess and invokes a callback whenever its io
descriptors are ready
2024-09-06 00:11:33 +01:00
e2a597589b
anoia.fs.find-executable looks for bin in colon-sep list of directories
2024-09-06 00:08:40 +01:00
Raito Bezarius
a139a262c1
seedrng: init at 2022.04
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-05 14:18:00 +01:00
6a5fed83dd
conditional fetch in json-to-fstree
2024-09-05 11:14:47 +01:00
bcf5ab24e8
tidy watch-outputs startup message
2024-09-05 10:11:16 +01:00
32bf80c6fa
devout: unlink socket pathname before binding
2024-09-05 10:05:13 +01:00
12275f6896
add more test for table=
2024-09-04 21:21:30 +01:00
a60c2539a6
remove luaposix ref in write-fennel
2024-09-04 21:21:02 +01:00
146a2d9ac0
fix startup race/fencepost in watch-ssh-keys
...
if it starts _after_ the outputs are populated, it should
write the first lot of outputs without waiting for a change
2024-09-04 21:19:51 +01:00
091d863710
extract pppoe/l2tp common code
2024-09-04 12:02:00 +01:00
c7bcfbfa34
make pppoe/l2tp more consistent
2024-09-03 22:57:45 +01:00
500a3c1025
make nodefaultroute explicit in ppp
2024-09-03 22:53:13 +01:00
0c0d0eed8a
make watch-ssh-keys robust against missing key
2024-09-03 22:51:29 +01:00
699cf97206
improve tangc http error messages
2024-09-03 22:50:55 +01:00
cd0093279c
think
2024-09-01 10:14:31 +01:00
034d6aacc4
tangc handle non-zero exit from jwe dec
...
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
2024-09-01 09:57:38 +01:00
e590c0ad3f
secrets subscriber: add provider as dep to controlled service
2024-09-01 09:56:59 +01:00
14abdd9998
tang: notify on ready
2024-08-31 23:24:50 +01:00
6287b92000
fix bugs handling base64 padding
2024-08-31 22:43:25 +01:00
d2215d3e56
tangc popen retry on short read
2024-08-31 22:18:23 +01:00
