dan
/
liminix
1
0
Fork 5
Code Issues 2 Pull Requests 1 Projects Releases Wiki Activity
1,339 Commits 11 Branches 0 Tags 4.3 MiB
Commit Graph

1339 Commits

Author SHA1 Message Date
Daniel Barlow f8c579b41e add CI "all" target 2024-10-06 17:52:59 +01:00
Daniel Barlow ca9efc4b26 simplify CI 
* I didn't know what I was doing when I set up Hydra

* it's not certain that I do now either, but hey ho
 2024-10-06 15:55:01 +01:00
Daniel Barlow 336fc7e495 think 2024-10-06 14:27:45 +01:00
Daniel Barlow 4cc0add2ad update refs to uncaught-logs in docs/tests 2024-10-06 13:46:14 +01:00
Daniel Barlow 2d7e6188ac log shipping service now gets logs on stdin 
instead of having to open the unix socket
 2024-10-06 13:26:58 +01:00
Daniel Barlow b9999857cb longrun: don't add logger if producer-for is already set 2024-10-06 13:13:04 +01:00
Daniel Barlow ba03ddeb38 border-vm: add tang service 2024-10-06 12:38:06 +01:00
Daniel Barlow 493c5f69d7 add module for certifix-client 2024-10-06 11:27:39 +01:00
Daniel Barlow 1a915e91ff add altname to CSR 2024-10-06 10:13:28 +01:00
Daniel Barlow 197e2eb5b1 new package certifix-client uses certifix to sign ssl client cert 
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
 2024-10-03 23:00:08 +01:00
Daniel Barlow 7ca822c826 more messing around with lua derivation 2024-10-03 23:00:08 +01:00
Daniel Barlow e5631783e1 add luaossl package with patch for CSR attributes 2024-10-03 23:00:08 +01:00
Daniel Barlow 635590d37a implement log shipping config 
to use this, you need config like for example

+  logging.shipping = {
+    enable = true;
+    service = longrun {
+      name = "ship-logs";
+      run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+            in ''
+        PATH=${path}:$PATH
+        s6-ipcserver -1 ${config.logging.shipping.socket} \
+        s6-tcpclient 10.0.2.2 19612 \
+        fdmove -c 1 7 cat
+      '';
+    };
+  };

but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
 2024-09-18 22:14:34 +01:00
Daniel Barlow 17630f2678 rename logtee->logtap 2024-09-18 20:58:02 +01:00
Daniel Barlow 707a471bc2 add logtee to catchall logger 2024-09-16 21:30:06 +01:00
Daniel Barlow d3fce5edd4 implement error() for musl 2024-09-16 20:35:23 +01:00
Daniel Barlow 5771108fed improve logtee socket connection warning 
* print it less often
* to the correct stream (stdout not stderr)
 2024-09-16 20:34:26 +01:00
Daniel Barlow 9e5f2d663d close socket fd if we can't connect it 2024-09-15 22:09:31 +01:00
Daniel Barlow 21eeb1671e print diagnostic when eof on stderr 2024-09-15 21:59:24 +01:00
Daniel Barlow 44762d38fc write start cookie when socket connect succeeds 2024-09-15 21:54:21 +01:00
Daniel Barlow 1f6cfc3679 extract method is_connected 2024-09-15 21:40:05 +01:00
Daniel Barlow 8ec00f1710 improve error message 2024-09-15 21:37:04 +01:00
Daniel Barlow 6a6dd32dea make pollfd array global 2024-09-15 21:32:48 +01:00
Daniel Barlow 9b1fc11a59 logshipper/logtee :copy stdin to stdout & to a unix socket if present 
first draft
 2024-09-15 19:33:21 +01:00
Daniel Barlow aaa6e353db incz is a very rudimentary log shipper for zinc search 
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible

this is just the package and needs hooking into the service/log
infrastructure somehow
 2024-09-08 16:38:37 +01:00
Daniel Barlow 69bf6cb5fb write-fennel quote PATH properly 
escapeShellArg only quotes if the string contains special
characters, but for a Lua string we must quote unconditionally
 2024-09-07 22:31:44 +01:00
Daniel Barlow 9f58e7b926 maybe fix nixpkgs-unstable lua 2024-09-07 00:58:11 +01:00
Daniel Barlow 5a5c27ab9f think 2024-09-06 22:37:49 +01:00
Daniel Barlow 277c91acdf Revert "remove luaposix ref in write-fennel" 
This reverts commit a60c2539a6.
 2024-09-06 00:33:30 +01:00
Daniel Barlow e0725489ca unbreak pppoe ci job 2024-09-06 00:33:30 +01:00
Daniel Barlow cc47515cf8 watch-outputs remove debug code 2024-09-06 00:13:54 +01:00
Daniel Barlow 464913cc8f tangc use spawn to invoke jose 
hopefully we are now deadlock-free
 2024-09-06 00:12:45 +01:00
Daniel Barlow e604d628e3 fennel anoia.process.spawn 
runs a subprocess and invokes a callback whenever its io
descriptors are ready
 2024-09-06 00:11:33 +01:00
Daniel Barlow e2a597589b anoia.fs.find-executable looks for bin in colon-sep list of directories 2024-09-06 00:08:40 +01:00
Raito Bezarius a139a262c1 seedrng: init at 2022.04 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-09-05 14:18:00 +01:00
Daniel Barlow 6a5fed83dd conditional fetch in json-to-fstree 2024-09-05 11:14:47 +01:00
Daniel Barlow bcf5ab24e8 tidy watch-outputs startup message 2024-09-05 10:11:16 +01:00
Daniel Barlow 32bf80c6fa devout: unlink socket pathname before binding 2024-09-05 10:05:13 +01:00
Daniel Barlow 12275f6896 add more test for table= 2024-09-04 21:21:30 +01:00
Daniel Barlow a60c2539a6 remove luaposix ref in write-fennel 2024-09-04 21:21:02 +01:00
Daniel Barlow 146a2d9ac0 fix startup race/fencepost in watch-ssh-keys 
if it starts _after_ the outputs are populated, it should
write the first lot of outputs without waiting for a change
 2024-09-04 21:19:51 +01:00
Daniel Barlow 091d863710 extract pppoe/l2tp common code 2024-09-04 12:02:00 +01:00
Daniel Barlow c7bcfbfa34 make pppoe/l2tp more consistent 2024-09-03 22:57:45 +01:00
Daniel Barlow 500a3c1025 make nodefaultroute explicit in ppp 2024-09-03 22:53:13 +01:00
Daniel Barlow 0c0d0eed8a make watch-ssh-keys robust against missing key 2024-09-03 22:51:29 +01:00
Daniel Barlow 699cf97206 improve tangc http error messages 2024-09-03 22:50:55 +01:00
Daniel Barlow cd0093279c think 2024-09-01 10:14:31 +01:00
Daniel Barlow 034d6aacc4 tangc handle non-zero exit from jwe dec 
Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
 2024-09-01 09:57:38 +01:00
Daniel Barlow e590c0ad3f secrets subscriber: add provider as dep to controlled service 2024-09-01 09:56:59 +01:00
Daniel Barlow 14abdd9998 tang: notify on ready 2024-08-31 23:24:50 +01:00