Daniel Barlow 
							
						 
					 
					
						
						
							
						
						6587813577 
					 
					
						
						
							
							WIP add zones to firewall module  
						
						... 
						
						
						
						- zones are an attrset of name -> [interface-service]
- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)
- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear
This commit only adds the empty sets 
						
						
					 
					
						2025-02-10 21:21:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						2f9b0f12f9 
					 
					
						
						
							
							switch uid  
						
						
						
						
					 
					
						2025-01-05 12:57:51 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						2e513eb4a7 
					 
					
						
						
							
							example sni proxy using nginx  
						
						
						
						
					 
					
						2024-12-29 23:34:15 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1347937345 
					 
					
						
						
							
							rename file  
						
						
						
						
					 
					
						2024-12-23 10:31:22 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7351e143c5 
					 
					
						
						
							
							remove redundant sourcing of ${serviceFns}  
						
						... 
						
						
						
						this is done by the oneshot and longrun functions 
						
						
					 
					
						2024-08-28 21:28:27 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						fe7b092075 
					 
					
						
						
							
							(untested) http basic auth for outboard secrets  
						
						
						
						
					 
					
						2024-08-28 20:53:59 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						c7164a6f4a 
					 
					
						
						
							
							sshd can use outputRef for authorized_keys  
						
						
						
						
					 
					
						2024-08-25 16:35:50 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1b4106e2a3 
					 
					
						
						
							
							ssh-keys service, draft  
						
						
						
						
					 
					
						2024-08-25 15:09:31 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						9c30b6f882 
					 
					
						
						
							
							change output references from attrset to lambda  
						
						... 
						
						
						
						this is so that we can distinguish a ref from a literal parameter that
might be a attrset 
						
						
					 
					
						2024-08-23 22:25:57 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						869a508c0a 
					 
					
						
						
							
							add authorizedKeys option to ssh service  
						
						... 
						
						
						
						this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service 
						
						
					 
					
						2024-08-23 20:35:07 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						daede666cb 
					 
					
						
						
							
							in router-with-l2tp use secrets for ppp username/password  
						
						
						
						
					 
					
						2024-08-21 00:17:53 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						e2c883356c 
					 
					
						
						
							
							add secrets-subscriber service, make hostapd use it  
						
						
						
						
					 
					
						2024-08-15 23:00:41 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						d79a941504 
					 
					
						
						
							
							new package watch-outputs and example of its use  
						
						
						
						
					 
					
						2024-08-14 22:58:17 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						4fb8253e57 
					 
					
						
						
							
							first pass at outboard secrets  
						
						... 
						
						
						
						- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it
needs service restarts
needs other services to use the template mechanism
needs tidying up 
						
						
					 
					
						2024-08-12 22:57:21 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						2480fdef5b 
					 
					
						
						
							
							set up nginx on bordervm for testing outboard secrets  
						
						
						
						
					 
					
						2024-08-10 23:05:50 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						9767078878 
					 
					
						
						
							
							add the example used in the video  
						
						
						
						
					 
					
						2024-08-08 19:24:58 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						384835c89d 
					 
					
						
						
							
							admin doc: updte round-robin, explain health check  
						
						
						
						
					 
					
						2024-08-06 14:14:52 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						c4d00e062a 
					 
					
						
						
							
							add health check service and example that uses it  
						
						
						
						
					 
					
						2024-07-30 22:37:43 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						e1ae986cf6 
					 
					
						
						
							
							convert l2tp example to use gateway profile  
						
						
						
						
					 
					
						2024-07-23 09:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						bce0c7ffb6 
					 
					
						
						
							
							rename services.dhcpc in l2tp example  
						
						... 
						
						
						
						it's only used to get the address of the l2tp server, not for
name lookups in general 
						
						
					 
					
						2024-07-23 09:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7f9cae9d5c 
					 
					
						
						
							
							generalise profile.gateway.wan so not just pppoe  
						
						
						
						
					 
					
						2024-07-23 09:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						3012c91b47 
					 
					
						
						
							
							executive decision: rotuer example should build on gl-ar750  
						
						
						
						
					 
					
						2024-07-23 09:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1edf20c08f 
					 
					
						
						
							
							fix whitespace  
						
						
						
						
					 
					
						2024-07-23 09:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7195cb10ce 
					 
					
						
						
							
							add structured config for common pppoe options  
						
						
						
						
					 
					
						2024-07-23 09:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						3899daee56 
					 
					
						
						
							
							create a module for round-robin  
						
						
						
						
					 
					
						2024-07-15 22:37:37 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						75e9f8210c 
					 
					
						
						
							
							remove the fixpoint we didn't need  
						
						
						
						
					 
					
						2024-07-15 18:54:04 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						73ae7788b9 
					 
					
						
						
							
							rename wwan-related modules/services  
						
						... 
						
						
						
						we only currently support huawei e3372/cdc ncm so let's make that
explicit in the naming 
						
						
					 
					
						2024-07-14 11:53:45 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						941479b144 
					 
					
						
						
							
							use round-robin failiover in l2tp example  
						
						
						
						
					 
					
						2024-07-08 22:01:54 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						8f0ab5be40 
					 
					
						
						
							
							enable tail -F  
						
						
						
						
					 
					
						2024-07-08 21:37:07 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						3df1ec76ff 
					 
					
						
						
							
							cleanup whitespace and commas  
						
						... 
						
						
						
						* [] is now [ ]
* {} is now { }
* commas in arglists go at end of line not beginning
In short, I ran the whole thing through nixfmt-rfc-style but only
accepted about 30% of its changes. I might grow accustomed to more
of it over time 
						
						
					 
					
						2024-06-30 17:16:28 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						e94bf62ec1 
					 
					
						
						
							
							remove dead code (run deadnix)  
						
						
						
						
					 
					
						2024-06-29 22:59:27 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						d4d8093f97 
					 
					
						
						
							
							working l2tp-over-wwan stick example  
						
						
						
						
					 
					
						2024-06-20 10:15:54 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						adc84108ad 
					 
					
						
						
							
							Revert "wwan gets address from ppp ipcp not dhcp"  
						
						... 
						
						
						
						This reverts commit be13ab23ca 
						
						
					 
					
						2024-06-15 15:04:33 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						be13ab23ca 
					 
					
						
						
							
							wwan gets address from ppp ipcp not dhcp  
						
						
						
						
					 
					
						2024-06-12 12:51:07 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						898958fa10 
					 
					
						
						
							
							make a serviceDefn for wwan  
						
						
						
						
					 
					
						2024-05-22 18:54:49 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						71aeb27b2f 
					 
					
						
						
							
							add hacky wwan service with hardcoding all over  
						
						
						
						
					 
					
						2024-05-22 18:54:49 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						530b4080c9 
					 
					
						
						
							
							create cdc-ncm module  
						
						
						
						
					 
					
						2024-05-22 18:54:49 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						3a56798eb5 
					 
					
						
						
							
							l2tp set default route via tunnel  
						
						
						
						
					 
					
						2024-05-22 18:54:49 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						73225a70b2 
					 
					
						
						
							
							add rudimentary l2tp service module  
						
						
						
						
					 
					
						2024-05-22 18:54:49 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						b4068da9fe 
					 
					
						
						
							
							tftp addresses  
						
						
						
						
					 
					
						2024-05-22 18:45:35 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						8b69dcc209 
					 
					
						
						
							
							pass entire config fragment to levitate, not just services  
						
						... 
						
						
						
						to make it useful we need to be able to set packages, passwords, ssh
keys etc 
						
						
					 
					
						2024-04-29 20:07:01 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						9b3a3b9ff7 
					 
					
						
						
							
							add levitate to arhcive  
						
						... 
						
						
						
						this is largely untested 
						
						
					 
					
						2024-04-28 21:38:13 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						7d08497bcb 
					 
					
						
						
							
							arhcive remove coldplug fudge  
						
						
						
						
					 
					
						2024-04-28 21:37:30 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						adf62d4483 
					 
					
						
						
							
							arhcive: make it work when disk is attached before boot  
						
						... 
						
						
						
						This is a bit of a kludge (a lot of a kludge) but it will
get it running whilt I work on something better 
						
						
					 
					
						2024-04-17 18:49:30 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						00076c7b81 
					 
					
						
						
							
							mount service: use uevent-watch  
						
						
						
						
					 
					
						2024-04-17 12:59:13 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						721e7499f3 
					 
					
						
						
							
							arhcive: use usb module instead of harcoded kconfig  
						
						
						
						
					 
					
						2024-04-17 12:53:43 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						1a314e55b7 
					 
					
						
						
							
							firewall module: provide default rules and merge extraRules  
						
						... 
						
						
						
						a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules.  Specifying `rules` will override the defaults 
						
						
					 
					
						2024-03-21 12:00:34 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						9263b21faa 
					 
					
						
						
							
							create gateway profile by extracting from rotuer example  
						
						
						
						
					 
					
						2024-03-21 10:04:42 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						0a820a702a 
					 
					
						
						
							
							extneder: delete nftables kernel config  
						
						... 
						
						
						
						don't need nftables on a bridge. (do we? hope not) 
						
						
					 
					
						2024-03-20 19:05:31 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Barlow 
							
						 
					 
					
						
						
							
						
						4ea518e296 
					 
					
						
						
							
							expose modulesPath to ease out-of-tree configuration.nix  
						
						
						
						
					 
					
						2024-03-20 18:58:44 +00:00