17517dd34f
remove KEXEC from base kernel config
...
we're not using it any more
2024-10-10 18:23:50 +01:00
5112eab4da
apply incoming-allowed-ip[46] rules to input as well as forward pkts
...
this makes it possible to open ports on the router itself
2024-10-10 18:18:23 +01:00
2d7e6188ac
log shipping service now gets logs on stdin
...
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
493c5f69d7
add module for certifix-client
2024-10-06 11:27:39 +01:00
635590d37a
implement log shipping config
...
to use this, you need config like for example
+ logging.shipping = {
+ enable = true;
+ service = longrun {
+ name = "ship-logs";
+ run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+ in ''
+ PATH=${path}:$PATH
+ s6-ipcserver -1 ${config.logging.shipping.socket} \
+ s6-tcpclient 10.0.2.2 19612 \
+ fdmove -c 1 7 cat
+ '';
+ };
+ };
but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
707a471bc2
add logtee to catchall logger
2024-09-16 21:30:06 +01:00
e0725489ca
unbreak pppoe ci job
2024-09-06 00:33:30 +01:00
091d863710
extract pppoe/l2tp common code
2024-09-04 12:02:00 +01:00
c7bcfbfa34
make pppoe/l2tp more consistent
2024-09-03 22:57:45 +01:00
500a3c1025
make nodefaultroute explicit in ppp
2024-09-03 22:53:13 +01:00
e590c0ad3f
secrets subscriber: add provider as dep to controlled service
2024-09-01 09:56:59 +01:00
14abdd9998
tang: notify on ready
2024-08-31 23:24:50 +01:00
e745991b9d
restart pppoe/l2tp in secrets changes
2024-08-30 20:49:27 +01:00
defbfce1fb
finish converting outputRef to lambda
2024-08-30 20:46:48 +01:00
a8a19977ca
(untested) template service for tang encrypted secrets
2024-08-28 22:32:26 +01:00
7351e143c5
remove redundant sourcing of ${serviceFns}
...
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
fe7b092075
(untested) http basic auth for outboard secrets
2024-08-28 20:53:59 +01:00
d5d621f310
rename http-fstree => json-to-fstree
...
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
c7164a6f4a
sshd can use outputRef for authorized_keys
2024-08-25 16:35:50 +01:00
99f68e5421
destructure params in ssh service
2024-08-23 23:13:49 +01:00
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
869a508c0a
add authorizedKeys option to ssh service
...
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
a6128955e7
ppp modules: permit (mostly) same params for l2tp as pppoe
...
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
531cb113be
devout needs a longer startup timeout
...
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
2992771c7e
pppoe allow secrets for username/password
2024-08-21 00:17:22 +01:00
21f2320d86
inline method
2024-08-20 23:26:11 +01:00
4053ea9481
secrets/subscriber implement different restart types
2024-08-20 22:56:26 +01:00
54d3415885
pppoe convert to using a config file
...
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
264d83c98d
move some secret-watching stuff from hostapd to secrets
2024-08-20 21:49:11 +01:00
97defc2076
hostapd: get secrets service/path from attrs
2024-08-17 22:25:30 +01:00
bcd9d56624
start devout after mdevd
...
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
e2c883356c
add secrets-subscriber service, make hostapd use it
2024-08-15 23:00:41 +01:00
2f82e0dab8
hostapd set permissions on dir in /run/
2024-08-14 22:57:02 +01:00
fc03965915
hostapd literal_or_output use an attrset for dispatch
2024-08-14 22:56:01 +01:00
d2d3af2587
outboard secrets: loop in service
...
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
4fb8253e57
first pass at outboard secrets
...
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it
needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
5db9d7269e
ppoe structured options are optional
2024-08-06 18:43:27 +01:00
c4d00e062a
add health check service and example that uses it
2024-07-30 22:37:43 +01:00
39020607ad
rename service-trigger rule to match service name
2024-07-28 22:35:37 +01:00
fe735408a1
v:address is nil if missing, but code expects an array
2024-07-27 17:40:32 +01:00
a9d1582b53
remove unused arg
2024-07-26 23:41:50 +01:00
28ca1e68ab
wwan module needs mdevd
2024-07-23 09:31:34 +01:00
7f9cae9d5c
generalise profile.gateway.wan so not just pppoe
2024-07-23 09:31:34 +01:00
7195cb10ce
add structured config for common pppoe options
2024-07-23 09:31:34 +01:00
3899daee56
create a module for round-robin
2024-07-15 22:37:37 +01:00
b17f623d03
need insmod when we habve kmodloader
2024-07-15 22:35:26 +01:00
df395a4d5d
finish moving pkgs.linimix.callService to config.system
2024-07-15 19:00:08 +01:00
725d8b608f
huawei-cdc-ncm kernel driver -> module
2024-07-14 12:07:28 +01:00
73ae7788b9
rename wwan-related modules/services
...
we only currently support huawei e3372/cdc ncm so let's make that
explicit in the naming
2024-07-14 11:53:45 +01:00
3f8cc24dcc
fix most doc warnings
2024-07-10 23:36:24 +01:00
ac551536da
set cwd before exec xl2tpd
2024-07-08 21:56:26 +01:00
6f908156af
fix dependency between modem-atz and modeswitch
...
for values of "fix" more than slightly reminiscent of "kludge"
2024-07-08 21:55:05 +01:00
07a6eb73cd
set lcp-echo timeout in l2tp
2024-07-08 21:45:54 +01:00
159bfa3057
make xl2tpd quit when the connections close
2024-07-08 21:44:15 +01:00
143137cbc6
pppoe: set lcp echo failure timeout
2024-07-08 21:25:42 +01:00
8d228f2bef
mess with redial
2024-07-08 21:24:44 +01:00
8b6aa2134e
zyxel dual image; restore deleted params
2024-06-30 17:50:45 +01:00
3df1ec76ff
cleanup whitespace and commas
...
* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning
In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time
2024-06-30 17:16:28 +01:00
e94bf62ec1
remove dead code (run deadnix)
2024-06-29 22:59:27 +01:00
d4d8093f97
working l2tp-over-wwan stick example
2024-06-20 10:15:54 +01:00
7c9c801afc
rename isTrigger to restart-on-upgrade
...
we're moving away from "trigger" services to "controller" services,
and "restart-on-upgrade" is the name used by s6-rc
2024-06-16 12:58:06 +01:00
06d28e9b08
dhcpc handle case when env vars are missing
...
the notify-script should continue and signal readiness even if one or
more of the outputs it writes are mssing in the environment
2024-06-15 15:34:49 +01:00
adc84108ad
Revert "wwan gets address from ppp ipcp not dhcp"
...
This reverts commit be13ab23ca
2024-06-15 15:04:33 +01:00
eae99051fa
exec devout in service definition
...
makes little practical difference but saves a process slot
2024-06-15 15:01:57 +01:00
49d1703428
add s6-rc-up-tree: start reverse deps of controlled service
...
When s6-rc stops a service, it also stops everything that
depends on it. but when it starts a service it starts only
that service, so we have to go through the other services
depending on it and figure out if they should be started too.
2024-06-15 14:59:34 +01:00
f898e4dca2
remove debug
2024-06-12 13:03:26 +01:00
5121a8563d
callService: dependencies are services not names
2024-06-12 12:58:57 +01:00
be13ab23ca
wwan gets address from ppp ipcp not dhcp
2024-06-12 12:51:07 +01:00
b15542b668
start correct services at boot
...
- uncontrolled services that are not dependent on a controlled service
- controllers
- _not_ controlled services or any other service that depends on one
2024-06-11 14:04:14 +01:00
6daeaf29a0
flip controller/controlled relationship for wwan services
2024-06-11 14:02:48 +01:00
e6e4665a18
flip dependencies for triggered/controlled services
...
Instead of treating the trigger as the "main" service and the
triggered service as subsidary, now we treat the triggered
service as the service and the trigger as "subsidary". This
needs some special handling when we work out which services
go in the default bundle, but it works better for declaring
dependencies on triggered services because it means the
dependency runs after the triggered service comes up, not
just when the watcher-for-events starts
2024-06-09 22:37:45 +01:00
c8c79fd75a
update all calls to uevent-watch
2024-06-02 20:42:09 +01:00
884d8d194e
wrap uevent-watch in a service
2024-06-02 20:42:09 +01:00
37d7e20582
wwan use uevent-watch to find tty for AT commands
2024-06-01 23:47:20 +01:00
e0bd7aec1e
wwan: hook usb-modeswitch to uevent
2024-05-26 18:03:32 +01:00
898958fa10
make a serviceDefn for wwan
2024-05-22 18:54:49 +01:00
fa0f262706
commentary
2024-05-22 18:54:49 +01:00
71aeb27b2f
add hacky wwan service with hardcoding all over
2024-05-22 18:54:49 +01:00
530b4080c9
create cdc-ncm module
2024-05-22 18:54:49 +01:00
758c7ef657
exec xl2tpd
...
haven't fully worked out why, but without this s6 is unable to stop it.
2024-05-22 18:54:49 +01:00
73225a70b2
add rudimentary l2tp service module
2024-05-22 18:54:49 +01:00
782feaeafa
set default for firewall extraRules
2024-05-03 16:28:53 +01:00
e249f48cff
add deps on {ins,rm}mod and kconfig for firewall module
2024-05-01 23:06:12 +01:00
660ed5df8f
vlan interface services depend on primary
2024-04-28 21:33:36 +01:00
7e4a05bbf8
separate kernel and base modules
...
this is needed for levitate
2024-04-28 12:44:27 +01:00
a4ba5c85e1
alphabetize list in all-modules
2024-04-28 12:42:47 +01:00
1b6a05aec5
make uevent-watch use devout instead of direct netlink
2024-04-27 21:07:25 +01:00
bf0cafffed
start devout alongside mdevd
...
ensure it starts before mdevd-coldplug so it can populate
its database
2024-04-26 20:52:12 +01:00
cdb23b147c
convert anoia.fs to use lualinux
2024-04-25 21:14:37 +01:00
771585546d
import expect= where previously it was copy-pasted
2024-04-20 15:09:50 +01:00
19ad6cd278
watchdog: put s6 pkg on $PATH for s6-svstat
2024-04-17 13:01:10 +01:00
00076c7b81
mount service: use uevent-watch
2024-04-17 12:59:13 +01:00
b6a054c588
add mdevd as module
...
following the upstream example, it republishes uevent messages
using multicast group 4 instead of group 2 as used by udev.
2024-04-14 21:59:23 +01:00
5df5c822ea
convert mount service to trigger
...
Good: this means it's not hanging holding the s6 dataase lock.
Bad: it's the ugliest implementation and doesn't deserve to be preserved
(tbf the ugliness is not new)
2024-04-03 23:17:36 +01:00
4795dd05b7
unconditionally restart trigger services on liminix-rebuild
...
We call s6-rc -u -p default to restart/start the base services
on a rebuild, otherwise services that are only in the new
configuration won't come up. However, this stops any service
started by a trigger. So, workaround is to restart the trigger
service and expect it to restart the services it manages if they're
needed
2024-04-03 23:07:56 +01:00
a192f08881
remove missing module
2024-03-29 17:34:10 +00:00
a873dc6608
Merge commit 'efcfdcc'
2024-03-28 23:47:04 +00:00
dca2e4def1
fix params to s6-rc-init
...
flags must precede scandir otherwise they're ignored
2024-03-28 21:56:28 +00:00
28a5dec7dd
implement ifwait trigger service and use in bridge
...
should we convert all ifwait uses to this trigger too? seems
reasonable
2024-03-28 20:59:39 +00:00
fad0a47b75
add config.system.callService
...
this is like pkgs.callService except that it passes
config.system.service as a param so that the service
being defined can invoke other services
if this proves to be a good idea, all uses of
pkgs.callService should be changed to use it instead
2024-03-28 20:59:39 +00:00
