Daniel Barlow
1f97409474
add popen2 to anoia.fs
2024-08-28 06:49:43 +01:00
Daniel Barlow
a41839f3d1
clevis-decrypt-tang in fennel
...
needs a lot of tidying up, but works on my test file
2024-08-28 01:37:44 +01:00
Daniel Barlow
ff76d854fc
extend libfetch lua glue to other HTTP methods
2024-08-28 01:37:02 +01:00
Daniel Barlow
81a6480a4f
anoia add base64 deode
2024-08-27 22:42:03 +01:00
Daniel Barlow
c7164a6f4a
sshd can use outputRef for authorized_keys
2024-08-25 16:35:50 +01:00
Daniel Barlow
83ca86fe42
keys in service output tree are strings
2024-08-25 15:59:24 +01:00
Daniel Barlow
1b4106e2a3
ssh-keys service, draft
2024-08-25 15:09:31 +01:00
Daniel Barlow
89912c766b
nixpkgs 24.11 qemu does not expect texinfo
2024-08-25 14:23:29 +01:00
Daniel Barlow
9828b007ae
watch-ssh-keys turns secrets-service into authorized_keys files
2024-08-24 23:25:32 +01:00
Daniel Barlow
f34abc85ae
add macros param to write-fennel
2024-08-24 23:19:46 +01:00
Daniel Barlow
b475a680fb
define-tests macro, evals body only when inside fennelrepl --test
2024-08-24 22:26:25 +01:00
Daniel Barlow
43612af71a
anoia: %% is alias for string.formt
2024-08-24 13:56:54 +01:00
Daniel Barlow
5695c47496
add dig to anoia
2024-08-23 23:27:29 +01:00
Daniel Barlow
e3ec514710
think
2024-08-23 23:27:17 +01:00
Daniel Barlow
99f68e5421
destructure params in ssh service
2024-08-23 23:13:49 +01:00
Daniel Barlow
9c30b6f882
change output references from attrset to lambda
...
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow
dd75322c10
think
2024-08-23 21:45:18 +01:00
Daniel Barlow
869a508c0a
add authorizedKeys option to ssh service
...
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow
e835473945
patch dropbear to add -U option
2024-08-23 19:58:05 +01:00
Daniel Barlow
055268d5d2
upgrade dropbear
2024-08-23 19:57:10 +01:00
Daniel Barlow
ff38bcacbb
improve devout error reporting
2024-08-21 23:24:13 +01:00
Daniel Barlow
a6128955e7
ppp modules: permit (mostly) same params for l2tp as pppoe
...
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow
531cb113be
devout needs a longer startup timeout
...
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow
daede666cb
in router-with-l2tp use secrets for ppp username/password
2024-08-21 00:17:53 +01:00
Daniel Barlow
2992771c7e
pppoe allow secrets for username/password
2024-08-21 00:17:22 +01:00
Daniel Barlow
4cc82e1502
liminix.types.replacable is a string or ref to an output
2024-08-21 00:16:14 +01:00
Daniel Barlow
21f2320d86
inline method
2024-08-20 23:26:11 +01:00
Daniel Barlow
d40ada4251
use structured ppp params in ppp test
2024-08-20 23:25:31 +01:00
Daniel Barlow
4053ea9481
secrets/subscriber implement different restart types
2024-08-20 22:56:26 +01:00
Daniel Barlow
54d3415885
pppoe convert to using a config file
...
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow
264d83c98d
move some secret-watching stuff from hostapd to secrets
2024-08-20 21:49:11 +01:00
Daniel Barlow
97defc2076
hostapd: get secrets service/path from attrs
2024-08-17 22:25:30 +01:00
Daniel Barlow
ddaa5476d3
override clevis derivation (experimental)
2024-08-15 23:02:54 +01:00
Daniel Barlow
bcd9d56624
start devout after mdevd
...
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow
e2c883356c
add secrets-subscriber service, make hostapd use it
2024-08-15 23:00:41 +01:00
Daniel Barlow
d79a941504
new package watch-outputs and example of its use
2024-08-14 22:58:17 +01:00
Daniel Barlow
2f82e0dab8
hostapd set permissions on dir in /run/
2024-08-14 22:57:02 +01:00
Daniel Barlow
fc03965915
hostapd literal_or_output use an attrset for dispatch
2024-08-14 22:56:01 +01:00
Daniel Barlow
d2d3af2587
outboard secrets: loop in service
...
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
Daniel Barlow
310ac30f24
http-fstree needs to write state and .lock for anoia.svc
2024-08-14 22:39:41 +01:00
Daniel Barlow
45a7f96bd4
anoia table= compares tables
2024-08-14 22:36:28 +01:00
Daniel Barlow
79445fd962
support multi-arg assoc
2024-08-14 22:34:37 +01:00
Daniel Barlow
a9ddd78482
think
2024-08-12 22:59:03 +01:00
Daniel Barlow
4fb8253e57
first pass at outboard secrets
...
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it
needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
Daniel Barlow
ff3a1905a5
pass service to `output` fn in output-template
...
instead of on command line
2024-08-12 22:53:07 +01:00
Daniel Barlow
3c353e4aff
support json quoting in output-template
2024-08-10 23:42:08 +01:00
Daniel Barlow
ba21384fde
new: output-template interpolates output values into config file
2024-08-10 23:06:47 +01:00
Daniel Barlow
2480fdef5b
set up nginx on bordervm for testing outboard secrets
2024-08-10 23:05:50 +01:00
Daniel Barlow
409c1cfb16
think
2024-08-10 23:05:15 +01:00
Daniel Barlow
9767078878
add the example used in the video
2024-08-08 19:24:58 +01:00