72171021e3
support finish script in longrun
2024-10-10 18:26:14 +01:00
e383f1b3d3
obfuscate store path for min-copy-closure
...
otherwise the systemconfig closure drags in a bunch of build system
things (bash, etc) which we don't want or need to copy to the device
2024-10-10 16:25:00 +01:00
541b1c61c2
ensure $toplevel is path in /nix/store
2024-10-09 18:59:33 +01:00
55c7410a55
add result/install.sh to systemConfiguration output
...
this makes it possible to install a systemconfig instead of
having to use nix-shell (which is very slow)
2024-10-09 13:35:02 +01:00
0f50648157
don't put hostname in levitate logs
...
there might not be one
2024-10-08 22:55:39 +01:00
b9999857cb
longrun: don't add logger if producer-for is already set
2024-10-06 13:13:04 +01:00
1a915e91ff
add altname to CSR
2024-10-06 10:13:28 +01:00
197e2eb5b1
new package certifix-client uses certifix to sign ssl client cert
...
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
2024-10-03 23:00:08 +01:00
17630f2678
rename logtee->logtap
2024-09-18 20:58:02 +01:00
d3fce5edd4
implement error() for musl
2024-09-16 20:35:23 +01:00
5771108fed
improve logtee socket connection warning
...
* print it less often
* to the correct stream (stdout not stderr)
2024-09-16 20:34:26 +01:00
9e5f2d663d
close socket fd if we can't connect it
2024-09-15 22:09:31 +01:00
21eeb1671e
print diagnostic when eof on stderr
2024-09-15 21:59:24 +01:00
44762d38fc
write start cookie when socket connect succeeds
2024-09-15 21:54:21 +01:00
1f6cfc3679
extract method is_connected
2024-09-15 21:40:05 +01:00
8ec00f1710
improve error message
2024-09-15 21:37:04 +01:00
6a6dd32dea
make pollfd array global
2024-09-15 21:32:48 +01:00
9b1fc11a59
logshipper/logtee :copy stdin to stdout & to a unix socket if present
...
first draft
2024-09-15 19:33:21 +01:00
aaa6e353db
incz is a very rudimentary log shipper for zinc search
...
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible
this is just the package and needs hooking into the service/log
infrastructure somehow
2024-09-08 16:38:37 +01:00
69bf6cb5fb
write-fennel quote PATH properly
...
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
2024-09-07 22:31:44 +01:00
9f58e7b926
maybe fix nixpkgs-unstable lua
2024-09-07 00:58:11 +01:00
277c91acdf
Revert "remove luaposix ref in write-fennel"
...
This reverts commit a60c2539a6
2024-09-06 00:33:30 +01:00
cc47515cf8
watch-outputs remove debug code
2024-09-06 00:13:54 +01:00
464913cc8f
tangc use spawn to invoke jose
...
hopefully we are now deadlock-free
2024-09-06 00:12:45 +01:00
e604d628e3
fennel anoia.process.spawn
...
runs a subprocess and invokes a callback whenever its io
descriptors are ready
2024-09-06 00:11:33 +01:00
e2a597589b
anoia.fs.find-executable looks for bin in colon-sep list of directories
2024-09-06 00:08:40 +01:00
Raito Bezarius
a139a262c1
seedrng: init at 2022.04
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-05 14:18:00 +01:00
6a5fed83dd
conditional fetch in json-to-fstree
2024-09-05 11:14:47 +01:00
bcf5ab24e8
tidy watch-outputs startup message
2024-09-05 10:11:16 +01:00
32bf80c6fa
devout: unlink socket pathname before binding
2024-09-05 10:05:13 +01:00
12275f6896
add more test for table=
2024-09-04 21:21:30 +01:00
a60c2539a6
remove luaposix ref in write-fennel
2024-09-04 21:21:02 +01:00
146a2d9ac0
fix startup race/fencepost in watch-ssh-keys
...
if it starts _after_ the outputs are populated, it should
write the first lot of outputs without waiting for a change
2024-09-04 21:19:51 +01:00
0c0d0eed8a
make watch-ssh-keys robust against missing key
2024-09-03 22:51:29 +01:00
699cf97206
improve tangc http error messages
2024-09-03 22:50:55 +01:00
034d6aacc4
tangc handle non-zero exit from jwe dec
...
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
2024-09-01 09:57:38 +01:00
6287b92000
fix bugs handling base64 padding
2024-08-31 22:43:25 +01:00
d2215d3e56
tangc popen retry on short read
2024-08-31 22:18:23 +01:00
3cf2308bee
tangc: stop printing unexpected blank lines
2024-08-31 15:29:10 +01:00
3913989be3
provide string to perform-encryption
...
instead of letting it read stdin, which I think may have been read
by a subprocess already sometimes?
2024-08-31 15:27:54 +01:00
43e5e6876e
improve tangc error messages
2024-08-31 15:22:26 +01:00
7d6c80570c
refactor all writeFennelScript calls to use writeFennel directly
2024-08-30 20:57:42 +01:00
0df2c83382
tighten perms on service state directory
2024-08-29 23:56:43 +01:00
283c3154a7
missing file in s6-rc-up-tree test fixture
2024-08-28 21:18:54 +01:00
34f37d60d9
missed adding this
2024-08-28 20:56:52 +01:00
b56f121e04
fetch lua glue: handle missing content-length
2024-08-28 19:52:00 +01:00
d5d621f310
rename http-fstree => json-to-fstree
...
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
da95a9fa62
tangc support encryption
2024-08-28 18:55:20 +01:00
85071c88e7
remove argv0 from calls to jose
2024-08-28 11:16:43 +01:00
74093b7ee3
josep! runs jose without json parsing the output
2024-08-28 08:13:50 +01:00
41733e58d6
remove unused code, tidy string parsing
2024-08-28 07:20:07 +01:00
9041d5d63a
add jose! fn to reduce error-checking boilerplate
2024-08-28 07:10:47 +01:00
001ebdc601
remove unused requires
2024-08-28 06:52:04 +01:00
1f97409474
add popen2 to anoia.fs
2024-08-28 06:49:43 +01:00
a41839f3d1
clevis-decrypt-tang in fennel
...
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
ff76d854fc
extend libfetch lua glue to other HTTP methods
2024-08-28 01:37:02 +01:00
81a6480a4f
anoia add base64 deode
2024-08-27 22:42:03 +01:00
83ca86fe42
keys in service output tree are strings
2024-08-25 15:59:24 +01:00
9828b007ae
watch-ssh-keys turns secrets-service into authorized_keys files
2024-08-24 23:25:32 +01:00
f34abc85ae
add macros param to write-fennel
2024-08-24 23:19:46 +01:00
b475a680fb
define-tests macro, evals body only when inside fennelrepl --test
2024-08-24 22:26:25 +01:00
43612af71a
anoia: %% is alias for string.formt
2024-08-24 13:56:54 +01:00
5695c47496
add dig to anoia
2024-08-23 23:27:29 +01:00
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
e835473945
patch dropbear to add -U option
2024-08-23 19:58:05 +01:00
ff38bcacbb
improve devout error reporting
2024-08-21 23:24:13 +01:00
4cc82e1502
liminix.types.replacable is a string or ref to an output
2024-08-21 00:16:14 +01:00
e2c883356c
add secrets-subscriber service, make hostapd use it
2024-08-15 23:00:41 +01:00
d79a941504
new package watch-outputs and example of its use
2024-08-14 22:58:17 +01:00
310ac30f24
http-fstree needs to write state and .lock for anoia.svc
2024-08-14 22:39:41 +01:00
45a7f96bd4
anoia table= compares tables
2024-08-14 22:36:28 +01:00
79445fd962
support multi-arg assoc
2024-08-14 22:34:37 +01:00
ff3a1905a5
pass service to output fn in output-template
...
instead of on command line
2024-08-12 22:53:07 +01:00
3c353e4aff
support json quoting in output-template
2024-08-10 23:42:08 +01:00
ba21384fde
new: output-template interpolates output values into config file
2024-08-10 23:06:47 +01:00
2480fdef5b
set up nginx on bordervm for testing outboard secrets
2024-08-10 23:05:50 +01:00
d760c2d27b
http-fstree downloads a json file and converts to service outputs
2024-08-08 15:35:11 +01:00
a1ff07b063
add rxi/json lua module
2024-08-08 15:05:26 +01:00
9550772cec
add lua binding to fetch-freebsd
2024-08-08 15:05:03 +01:00
64cd1626c6
new package fetch-freebsd: small http(s) client library
...
[*] smaller than curl, maybe not maximally small
2024-08-08 11:38:38 +01:00
eb79928b37
anoia.svc allow writing outputs
2024-08-08 11:37:50 +01:00
0a629df48d
anoia.fs: improve error messages
2024-08-08 11:36:47 +01:00
64afd18e2a
why does this fail on hydra?
2024-08-06 23:18:39 +01:00
8fa3443923
Revert "anoia.svc use timeout for inotify"
...
This reverts commit eca8e37e7a
2024-07-30 17:37:38 +01:00
eca8e37e7a
anoia.svc use timeout for inotify
...
in case we miss a message, check the directory every 5s
anyway
2024-07-26 23:40:40 +01:00
d300373b96
anoia fs.dir use case not match
...
match was accidentally pinning the return from readdir against the
function parameter. Which didn't work.
2024-07-26 23:37:40 +01:00
135a445672
restore param removed by deadnix
...
dochain is called with `family` even if it never uses it
2024-07-16 20:41:21 +01:00
3899daee56
create a module for round-robin
2024-07-15 22:37:37 +01:00
534a49e827
s6-rc-round-robin
...
runs services in order, starting the next one when the previous one
dies or fails to start
2024-07-08 21:53:51 +01:00
159bfa3057
make xl2tpd quit when the connections close
2024-07-08 21:44:15 +01:00
7f9971512d
a6-rc-up-tree: handle blocked deps, exit 1 if nothing started
2024-07-08 21:28:31 +01:00
f0f6cc80d7
remove dead code
2024-07-08 21:28:11 +01:00
afcc6a6436
s6-rc-up-tree pass -b to s6-rc command
2024-07-08 21:27:54 +01:00
2e8e05f31a
wip: rewrite s6-rc-up-tree in an actual procgramming language
...
and write some tests for it, too
2024-07-08 21:27:42 +01:00
5ac7e1e9b2
write-fennel: set $PATH if lualinux is available
2024-07-08 21:18:02 +01:00
3df1ec76ff
cleanup whitespace and commas
...
* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning
In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time
2024-06-30 17:16:28 +01:00
0d3218127f
remove unused makeWrapper input
2024-06-30 10:46:37 +01:00
e94bf62ec1
remove dead code (run deadnix)
2024-06-29 22:59:27 +01:00
16a2499d74
avoid makeWrapper on host, it requires bash
2024-06-29 22:36:05 +01:00
d4d8093f97
working l2tp-over-wwan stick example
2024-06-20 10:15:54 +01:00
