Commit Graph

1306 Commits

Author SHA1 Message Date
Daniel Barlow
9828b007ae watch-ssh-keys turns secrets-service into authorized_keys files 2024-08-24 23:25:32 +01:00
Daniel Barlow
f34abc85ae add macros param to write-fennel 2024-08-24 23:19:46 +01:00
Daniel Barlow
b475a680fb define-tests macro, evals body only when inside fennelrepl --test 2024-08-24 22:26:25 +01:00
Daniel Barlow
43612af71a anoia: %% is alias for string.formt 2024-08-24 13:56:54 +01:00
Daniel Barlow
5695c47496 add dig to anoia 2024-08-23 23:27:29 +01:00
Daniel Barlow
e3ec514710 think 2024-08-23 23:27:17 +01:00
Daniel Barlow
99f68e5421 destructure params in ssh service 2024-08-23 23:13:49 +01:00
Daniel Barlow
9c30b6f882 change output references from attrset to lambda
this is so that we can distinguish a ref from a literal parameter that
might be a attrset
2024-08-23 22:25:57 +01:00
Daniel Barlow
dd75322c10 think 2024-08-23 21:45:18 +01:00
Daniel Barlow
869a508c0a add authorizedKeys option to ssh service
this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service
2024-08-23 20:35:07 +01:00
Daniel Barlow
e835473945 patch dropbear to add -U option 2024-08-23 19:58:05 +01:00
Daniel Barlow
055268d5d2 upgrade dropbear 2024-08-23 19:57:10 +01:00
Daniel Barlow
ff38bcacbb improve devout error reporting 2024-08-21 23:24:13 +01:00
Daniel Barlow
a6128955e7 ppp modules: permit (mostly) same params for l2tp as pppoe
this also means that l2tp can use secrets for username/password
2024-08-21 23:10:28 +01:00
Daniel Barlow
531cb113be devout needs a longer startup timeout
seems to be taking around 40 seconds now, would be worth digging in to
find out why
2024-08-21 23:09:11 +01:00
Daniel Barlow
daede666cb in router-with-l2tp use secrets for ppp username/password 2024-08-21 00:17:53 +01:00
Daniel Barlow
2992771c7e pppoe allow secrets for username/password 2024-08-21 00:17:22 +01:00
Daniel Barlow
4cc82e1502 liminix.types.replacable is a string or ref to an output 2024-08-21 00:16:14 +01:00
Daniel Barlow
21f2320d86 inline method 2024-08-20 23:26:11 +01:00
Daniel Barlow
d40ada4251 use structured ppp params in ppp test 2024-08-20 23:25:31 +01:00
Daniel Barlow
4053ea9481 secrets/subscriber implement different restart types 2024-08-20 22:56:26 +01:00
Daniel Barlow
54d3415885 pppoe convert to using a config file
mostly for ease of implementation but does mean we don't
have username/password secrets on the command line
2024-08-20 22:55:30 +01:00
Daniel Barlow
264d83c98d move some secret-watching stuff from hostapd to secrets 2024-08-20 21:49:11 +01:00
Daniel Barlow
97defc2076 hostapd: get secrets service/path from attrs 2024-08-17 22:25:30 +01:00
Daniel Barlow
ddaa5476d3 override clevis derivation (experimental) 2024-08-15 23:02:54 +01:00
Daniel Barlow
bcd9d56624 start devout after mdevd
not 100% sure that there's a dependency but it's plausible, and
would explain the observed occasional failure to start at boot
2024-08-15 23:01:29 +01:00
Daniel Barlow
e2c883356c add secrets-subscriber service, make hostapd use it 2024-08-15 23:00:41 +01:00
Daniel Barlow
d79a941504 new package watch-outputs and example of its use 2024-08-14 22:58:17 +01:00
Daniel Barlow
2f82e0dab8 hostapd set permissions on dir in /run/ 2024-08-14 22:57:02 +01:00
Daniel Barlow
fc03965915 hostapd literal_or_output use an attrset for dispatch 2024-08-14 22:56:01 +01:00
Daniel Barlow
d2d3af2587 outboard secrets: loop in service
if we just quit and expect s6 to restart us, the finish script
wipes our outputs and anything with an inotify watch gets confused
2024-08-14 22:41:56 +01:00
Daniel Barlow
310ac30f24 http-fstree needs to write state and .lock for anoia.svc 2024-08-14 22:39:41 +01:00
Daniel Barlow
45a7f96bd4 anoia table= compares tables 2024-08-14 22:36:28 +01:00
Daniel Barlow
79445fd962 support multi-arg assoc 2024-08-14 22:34:37 +01:00
Daniel Barlow
a9ddd78482 think 2024-08-12 22:59:03 +01:00
Daniel Barlow
4fb8253e57 first pass at outboard secrets
- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it

needs service restarts
needs other services to use the template mechanism
needs tidying up
2024-08-12 22:57:21 +01:00
Daniel Barlow
ff3a1905a5 pass service to output fn in output-template
instead of on command line
2024-08-12 22:53:07 +01:00
Daniel Barlow
3c353e4aff support json quoting in output-template 2024-08-10 23:42:08 +01:00
Daniel Barlow
ba21384fde new: output-template interpolates output values into config file 2024-08-10 23:06:47 +01:00
Daniel Barlow
2480fdef5b set up nginx on bordervm for testing outboard secrets 2024-08-10 23:05:50 +01:00
Daniel Barlow
409c1cfb16 think 2024-08-10 23:05:15 +01:00
Daniel Barlow
9767078878 add the example used in the video 2024-08-08 19:24:58 +01:00
Daniel Barlow
d760c2d27b http-fstree downloads a json file and converts to service outputs 2024-08-08 15:35:11 +01:00
Daniel Barlow
1e139c22fd think 2024-08-08 15:21:24 +01:00
Daniel Barlow
a1ff07b063 add rxi/json lua module 2024-08-08 15:05:26 +01:00
Daniel Barlow
9550772cec add lua binding to fetch-freebsd 2024-08-08 15:05:03 +01:00
Daniel Barlow
64cd1626c6 new package fetch-freebsd: small http(s) client library
[*] smaller than curl, maybe not maximally small
2024-08-08 11:38:38 +01:00
Daniel Barlow
eb79928b37 anoia.svc allow writing outputs 2024-08-08 11:37:50 +01:00
Daniel Barlow
0a629df48d anoia.fs: improve error messages 2024-08-08 11:36:47 +01:00
Daniel Barlow
64afd18e2a why does this fail on hydra? 2024-08-06 23:18:39 +01:00