There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
this is initially for TLS-enabled logging but would be useful for
anything on a liminix box that wants to talk to a network service in a
"zero trust" setup
although it probably would work with elasticsearch as well
as zinc is alleged to be ES-compatible
this is just the package and needs hooking into the service/log
infrastructure somehow
* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning
In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time
When s6-rc stops a service, it also stops everything that
depends on it. but when it starts a service it starts only
that service, so we have to go through the other services
depending on it and figure out if they should be started too.
This changes the practice for building kernel modules: now we expect
that the appropriate Kconfig symbols are set to =m in
config.kernel.config, and then use pkgs.kmodloader to create
a service that loads and unloads all the modules depended on by
a particular requirement.
Note that modules won't be installed on the target device just by
virue of having been built: only the modules that are referenced by a
kmodloader package will be in the closure.
An example may make this clearer: see modules/firewall/default.nix
in this commit.
Why?
If you have a compiled Linux kernel source tree and you change some
symbol from "is not set" to m and then run make modules, you cannot in
general expect that newly compiled module to work. This is because
there are places in the build of the main kernel where it looks to see
which modules _may_ be defined and uses that information to
accommodate them.
For example in an in-kernel build of
https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
some symbols are defined only if CONFIG_NF_CONNTRACK is set, meaning
this code won't work if we have it unset initially then try later to
enable it and build modules only. Or see
https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
The second parameter is now an options attrset, wherein we will pile
all kinds of cool stuff.
Right now the only cool bit is `mainFunction`, which allows you to
compile a fennel module into a lua script and name the function that
should be executed when the script runs. This makes it easier to
write testable Fennel code, because the test script can require the
module and call stuff in it.
This is in preparation for writing something that extracts them
into documentation.
user configurations now call config.system.service.foo.build { ...params }
instead of config.system.service.foo
the parameter type definitions themselves now move into the
config stanza of the module referencing the service
new helper function liminix.callService
The only service moved so far is dnsmasq
Runs fennel using a Lua compiled with the same options as the
host system, and with packages set up so it can find all the local
Lua packages
To shorten the dev feedback loop further, allows FENNEL_PATH to be set
on the command line so you can point directly it at the Fennel sources
for some library you're working against instead of having to run
nix-build and compile them to Lua
