4cbe3ba683
add some debug output in inout test
2024-12-09 21:00:11 +00:00
20f4a12689
inout: improve robustness, maybe?
2024-12-07 16:02:42 +00:00
33e5c436d5
add environment variables that scapy now needs (24.11)
2024-12-04 21:16:36 +00:00
cde30bcd54
in nixos 24.11 chrony no longer expects nss/nspr/readline
2024-12-03 21:39:54 +00:00
1f7d6544e3
provide stdout to ppp callback scripts
...
pppd runs them with 0,1,2 => /dev/null but we actually quite like
seeing errors in the logs
2024-10-17 21:37:08 +01:00
1bca072509
fix chrony pidfile error
2024-10-17 21:35:33 +01:00
7b98724643
turns out we did need usepeerdns
2024-10-17 21:05:16 +01:00
b1625763ee
ppp service signal readiness only when ip-up has run
...
as downstream services need e.g. ifname which is not written by ipv6-up
2024-10-16 22:59:01 +01:00
91bdfc2766
remove apparently obsolete rp-pppoe configure setting
...
this were copied from nixpkgs but perhaps is for an older version of
rp-pppoe because it builds just fine without
2024-10-16 22:56:05 +01:00
14bfebc5c3
enable unloading modules so that scripts work
...
if we can't unload them then the service that loads them will fail
the second time it's run
2024-10-16 22:54:19 +01:00
0447ac0ff9
did we need MODULE_SIG?
...
I think this may be a hangover from using backports modules for wlan
2024-10-16 22:53:16 +01:00
e35a1514ab
send kernel logs to s6
2024-10-16 18:59:42 +01:00
4a0120487c
remove usepeerdns - it causes only errors
...
we handle dns with service outputs anyway
2024-10-16 18:58:34 +01:00
888688ce28
buuld ppp with path to /run
2024-10-16 18:57:26 +01:00
9e3f48768e
think
2024-10-14 18:49:10 +01:00
72171021e3
support finish script in longrun
2024-10-10 18:26:14 +01:00
17517dd34f
remove KEXEC from base kernel config
...
we're not using it any more
2024-10-10 18:23:50 +01:00
5112eab4da
apply incoming-allowed-ip[46] rules to input as well as forward pkts
...
this makes it possible to open ports on the router itself
2024-10-10 18:18:23 +01:00
e383f1b3d3
obfuscate store path for min-copy-closure
...
otherwise the systemconfig closure drags in a bunch of build system
things (bash, etc) which we don't want or need to copy to the device
2024-10-10 16:25:00 +01:00
da1245432e
no more iminix-rebuild
2024-10-09 19:34:55 +01:00
541b1c61c2
ensure $toplevel is path in /nix/store
2024-10-09 18:59:33 +01:00
55c7410a55
add result/install.sh to systemConfiguration output
...
this makes it possible to install a systemconfig instead of
having to use nix-shell (which is very slow)
2024-10-09 13:35:02 +01:00
0f50648157
don't put hostname in levitate logs
...
there might not be one
2024-10-08 22:55:39 +01:00
f1c260d4f7
make ci.ni "all" a derivation
...
this is to stop hydra complaining
2024-10-06 18:04:56 +01:00
3d611d3ba2
fix unstable qemu build?
...
nix-repl> (lib.versionOlder "24.11pre-git" "24.11")
true
nix-repl> (lib.versionOlder "24.11pre-git" "24.10")
false
n
2024-10-06 18:04:48 +01:00
e6b7d86381
sort lines
2024-10-06 17:53:34 +01:00
83fbffb39b
catch another uncaught-logs
2024-10-06 17:53:09 +01:00
f8c579b41e
add CI "all" target
2024-10-06 17:52:59 +01:00
ca9efc4b26
simplify CI
...
* I didn't know what I was doing when I set up Hydra
* it's not certain that I do now either, but hey ho
2024-10-06 15:55:01 +01:00
336fc7e495
think
2024-10-06 14:27:45 +01:00
4cc0add2ad
update refs to uncaught-logs in docs/tests
2024-10-06 13:46:14 +01:00
2d7e6188ac
log shipping service now gets logs on stdin
...
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
b9999857cb
longrun: don't add logger if producer-for is already set
2024-10-06 13:13:04 +01:00
ba03ddeb38
border-vm: add tang service
2024-10-06 12:38:06 +01:00
493c5f69d7
add module for certifix-client
2024-10-06 11:27:39 +01:00
1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
197e2eb5b1
new package certifix-client uses certifix to sign ssl client cert
...
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
7ca822c826
more messing around with lua derivation
2024-10-03 23:00:08 +01:00
e5631783e1
add luaossl package with patch for CSR attributes
2024-10-03 23:00:08 +01:00
635590d37a
implement log shipping config
...
to use this, you need config like for example
+ logging.shipping = {
+ enable = true;
+ service = longrun {
+ name = "ship-logs";
+ run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+ in ''
+ PATH=${path}:$PATH
+ s6-ipcserver -1 ${config.logging.shipping.socket} \
+ s6-tcpclient 10.0.2.2 19612 \
+ fdmove -c 1 7 cat
+ '';
+ };
+ };
but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
17630f2678
rename logtee->logtap
2024-09-18 20:58:02 +01:00
707a471bc2
add logtee to catchall logger
2024-09-16 21:30:06 +01:00
d3fce5edd4
implement error() for musl
2024-09-16 20:35:23 +01:00
5771108fed
improve logtee socket connection warning
...
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
9e5f2d663d
close socket fd if we can't connect it
2024-09-15 22:09:31 +01:00
21eeb1671e
print diagnostic when eof on stderr
2024-09-15 21:59:24 +01:00
44762d38fc
write start cookie when socket connect succeeds
2024-09-15 21:54:21 +01:00
1f6cfc3679
extract method is_connected
2024-09-15 21:40:05 +01:00
8ec00f1710
improve error message
2024-09-15 21:37:04 +01:00
6a6dd32dea
make pollfd array global
2024-09-15 21:32:48 +01:00
