Commit Graph

437 Commits

Author SHA1 Message Date
Daniel Barlow
4a0120487c remove usepeerdns - it causes only errors
we handle dns with service outputs anyway
2024-10-16 18:58:34 +01:00
Daniel Barlow
17517dd34f remove KEXEC from base kernel config
we're not using it any more
2024-10-10 18:23:50 +01:00
Daniel Barlow
5112eab4da apply incoming-allowed-ip[46] rules to input as well as forward pkts
this makes it possible to open ports on the router itself
2024-10-10 18:18:23 +01:00
Daniel Barlow
2d7e6188ac log shipping service now gets logs on stdin
instead of having to open the unix socket
2024-10-06 13:26:58 +01:00
Daniel Barlow
493c5f69d7 add module for certifix-client 2024-10-06 11:27:39 +01:00
Daniel Barlow
635590d37a implement log shipping config
to use this, you need config like for example

+  logging.shipping = {
+    enable = true;
+    service = longrun {
+      name = "ship-logs";
+      run = let path = lib.makeBinPath (with pkgs; [ s6 s6-networking s6 execline ]);
+            in ''
+        PATH=${path}:$PATH
+        s6-ipcserver -1 ${config.logging.shipping.socket} \
+        s6-tcpclient 10.0.2.2 19612 \
+        fdmove -c 1 7 cat
+      '';
+    };
+  };

but I think we can reduce the noise a bit if we use an s6-rc pipeline
with an s6-ipcserver on one side and and a (whatever the user wants)
on the other
2024-09-18 22:14:34 +01:00
Daniel Barlow
707a471bc2 add logtee to catchall logger 2024-09-16 21:30:06 +01:00
Daniel Barlow
e0725489ca unbreak pppoe ci job 2024-09-06 00:33:30 +01:00
Daniel Barlow
091d863710 extract pppoe/l2tp common code 2024-09-04 12:02:00 +01:00
Daniel Barlow
c7bcfbfa34 make pppoe/l2tp more consistent 2024-09-03 22:57:45 +01:00
Daniel Barlow
500a3c1025 make nodefaultroute explicit in ppp 2024-09-03 22:53:13 +01:00
Daniel Barlow
e590c0ad3f secrets subscriber: add provider as dep to controlled service 2024-09-01 09:56:59 +01:00
Daniel Barlow
14abdd9998 tang: notify on ready 2024-08-31 23:24:50 +01:00
Daniel Barlow
e745991b9d restart pppoe/l2tp in secrets changes 2024-08-30 20:49:27 +01:00
Daniel Barlow
defbfce1fb finish converting outputRef to lambda 2024-08-30 20:46:48 +01:00
Daniel Barlow
a8a19977ca (untested) template service for tang encrypted secrets 2024-08-28 22:32:26 +01:00
Daniel Barlow
7351e143c5 remove redundant sourcing of ${serviceFns}
this is done by the oneshot and longrun functions
2024-08-28 21:28:27 +01:00
Daniel Barlow
fe7b092075 (untested) http basic auth for outboard secrets 2024-08-28 20:53:59 +01:00
Daniel Barlow
d5d621f310 rename http-fstree => json-to-fstree
it works for file urls as well, not just http
2024-08-28 16:36:49 +01:00
Daniel Barlow
c7164a6f4a sshd can use outputRef for authorized_keys 2024-08-25 16:35:50 +01:00
Daniel Barlow
99f68e5421 destructure params in ssh service 2024-08-23 23:13:49 +01:00
Daniel Barlow
9c30b6f882 change output references from attrset to lambda
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow
869a508c0a add authorizedKeys option to ssh service
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow
a6128955e7 ppp modules: permit (mostly) same params for l2tp as pppoe
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow
531cb113be devout needs a longer startup timeout
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow
2992771c7e pppoe allow secrets for username/password 2024-08-21 00:17:22 +01:00
Daniel Barlow
21f2320d86 inline method 2024-08-20 23:26:11 +01:00
Daniel Barlow
4053ea9481 secrets/subscriber implement different restart types 2024-08-20 22:56:26 +01:00
Daniel Barlow
54d3415885 pppoe convert to using a config file
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow
264d83c98d move some secret-watching stuff from hostapd to secrets 2024-08-20 21:49:11 +01:00
Daniel Barlow
97defc2076 hostapd: get secrets service/path from attrs 2024-08-17 22:25:30 +01:00
Daniel Barlow
bcd9d56624 start devout after mdevd
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow
e2c883356c add secrets-subscriber service, make hostapd use it 2024-08-15 23:00:41 +01:00
Daniel Barlow
2f82e0dab8 hostapd set permissions on dir in /run/ 2024-08-14 22:57:02 +01:00
Daniel Barlow
fc03965915 hostapd literal_or_output use an attrset for dispatch 2024-08-14 22:56:01 +01:00
Daniel Barlow
d2d3af2587 outboard secrets: loop in service
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
Daniel Barlow
4fb8253e57 first pass at outboard secrets
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it

needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
Daniel Barlow
5db9d7269e ppoe structured options are optional 2024-08-06 18:43:27 +01:00
Daniel Barlow
c4d00e062a add health check service and example that uses it 2024-07-30 22:37:43 +01:00
Daniel Barlow
39020607ad rename service-trigger rule to match service name 2024-07-28 22:35:37 +01:00
Daniel Barlow
fe735408a1 v:address is nil if missing, but code expects an array 2024-07-27 17:40:32 +01:00
Daniel Barlow
a9d1582b53 remove unused arg 2024-07-26 23:41:50 +01:00
Daniel Barlow
28ca1e68ab wwan module needs mdevd 2024-07-23 09:31:34 +01:00
Daniel Barlow
7f9cae9d5c generalise profile.gateway.wan so not just pppoe 2024-07-23 09:31:34 +01:00
Daniel Barlow
7195cb10ce add structured config for common pppoe options 2024-07-23 09:31:34 +01:00
Daniel Barlow
3899daee56 create a module for round-robin 2024-07-15 22:37:37 +01:00
Daniel Barlow
b17f623d03 need insmod when we habve kmodloader 2024-07-15 22:35:26 +01:00
Daniel Barlow
df395a4d5d finish moving pkgs.linimix.callService to config.system 2024-07-15 19:00:08 +01:00
Daniel Barlow
725d8b608f huawei-cdc-ncm kernel driver -> module 2024-07-14 12:07:28 +01:00
Daniel Barlow
73ae7788b9 rename wwan-related modules/services
we only currently support huawei e3372/cdc ncm so let's make that
explicit in the naming
2024-07-14 11:53:45 +01:00