0c0d0eed8a
make watch-ssh-keys robust against missing key
2024-09-03 22:51:29 +01:00
699cf97206
improve tangc http error messages
2024-09-03 22:50:55 +01:00
cd0093279c
think
2024-09-01 10:14:31 +01:00
034d6aacc4
tangc handle non-zero exit from jwe dec
...
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
2024-09-01 09:57:38 +01:00
e590c0ad3f
secrets subscriber: add provider as dep to controlled service
2024-09-01 09:56:59 +01:00
14abdd9998
tang: notify on ready
2024-08-31 23:24:50 +01:00
6287b92000
fix bugs handling base64 padding
2024-08-31 22:43:25 +01:00
d2215d3e56
tangc popen retry on short read
2024-08-31 22:18:23 +01:00
3cf2308bee
tangc: stop printing unexpected blank lines
2024-08-31 15:29:10 +01:00
3913989be3
provide string to perform-encryption
...
instead of letting it read stdin, which I think may have been read
by a subprocess already sometimes?
2024-08-31 15:27:54 +01:00
43e5e6876e
improve tangc error messages
2024-08-31 15:22:26 +01:00
7d6c80570c
refactor all writeFennelScript calls to use writeFennel directly
2024-08-30 20:57:42 +01:00
e745991b9d
restart pppoe/l2tp in secrets changes
2024-08-30 20:49:27 +01:00
defbfce1fb
finish converting outputRef to lambda
2024-08-30 20:46:48 +01:00
0df2c83382
tighten perms on service state directory
2024-08-29 23:56:43 +01:00
01c28de88d
think
2024-08-29 23:56:20 +01:00
2bf197cad8
document outputs and secrets
2024-08-29 23:55:32 +01:00
a8a19977ca
(untested) template service for tang encrypted secrets
2024-08-28 22:32:26 +01:00
8a9284af1e
think
2024-08-28 22:23:00 +01:00
7351e143c5
remove redundant sourcing of ${serviceFns}
...
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
283c3154a7
missing file in s6-rc-up-tree test fixture
2024-08-28 21:18:54 +01:00
34f37d60d9
missed adding this
2024-08-28 20:56:52 +01:00
fe7b092075
(untested) http basic auth for outboard secrets
2024-08-28 20:53:59 +01:00
b56f121e04
fetch lua glue: handle missing content-length
2024-08-28 19:52:00 +01:00
d5d621f310
rename http-fstree => json-to-fstree
...
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
da95a9fa62
tangc support encryption
2024-08-28 18:55:20 +01:00
85071c88e7
remove argv0 from calls to jose
2024-08-28 11:16:43 +01:00
74093b7ee3
josep! runs jose without json parsing the output
2024-08-28 08:13:50 +01:00
41733e58d6
remove unused code, tidy string parsing
2024-08-28 07:20:07 +01:00
9041d5d63a
add jose! fn to reduce error-checking boilerplate
2024-08-28 07:10:47 +01:00
001ebdc601
remove unused requires
2024-08-28 06:52:04 +01:00
1f97409474
add popen2 to anoia.fs
2024-08-28 06:49:43 +01:00
a41839f3d1
clevis-decrypt-tang in fennel
...
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
ff76d854fc
extend libfetch lua glue to other HTTP methods
2024-08-28 01:37:02 +01:00
81a6480a4f
anoia add base64 deode
2024-08-27 22:42:03 +01:00
c7164a6f4a
sshd can use outputRef for authorized_keys
2024-08-25 16:35:50 +01:00
83ca86fe42
keys in service output tree are strings
2024-08-25 15:59:24 +01:00
1b4106e2a3
ssh-keys service, draft
2024-08-25 15:09:31 +01:00
89912c766b
nixpkgs 24.11 qemu does not expect texinfo
2024-08-25 14:23:29 +01:00
9828b007ae
watch-ssh-keys turns secrets-service into authorized_keys files
2024-08-24 23:25:32 +01:00
f34abc85ae
add macros param to write-fennel
2024-08-24 23:19:46 +01:00
b475a680fb
define-tests macro, evals body only when inside fennelrepl --test
2024-08-24 22:26:25 +01:00
43612af71a
anoia: %% is alias for string.formt
2024-08-24 13:56:54 +01:00
5695c47496
add dig to anoia
2024-08-23 23:27:29 +01:00
e3ec514710
think
2024-08-23 23:27:17 +01:00
99f68e5421
destructure params in ssh service
2024-08-23 23:13:49 +01:00
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
dd75322c10
think
2024-08-23 21:45:18 +01:00
869a508c0a
add authorizedKeys option to ssh service
...
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
e835473945
patch dropbear to add -U option
2024-08-23 19:58:05 +01:00
