A programmable nameserver in OCaml, with capabilities of data tunneling (think firewall penetration) and, AFAIK, even "wake-on-DNS-query".
Implementation-wise, it uses the effect system of OCaml and apparently the multicore capabilities.
avsm•3mo ago
Another extremely cool feature of Eon is that it uses Capnproto as the capability-based RPC interface to handle management. There's a schema that any client can implement here https://github.com/RyanGibb/eon/blob/main/lib/cap/schema.cap... including to provision ACME TLS certificates directly via DNS negotiation instead of the usual HTTP dance.
ryangibb•3mo ago
Author of Eon here, there's still some open questions I have here about managing the lifetimes of these certificates. Renewal is supported via a Capnproto callback and there's some ad-hoc integration in with NixOS nginx to restart it on a certificate renewal. https://github.com/RyanGibb/eon/blob/3a3f5bae2b308b677edfb3f...
This doesn't work in the general case, e.g. for postfix and dovecot, and is only becoming more pertinent with short lived certificates. It would be great if the service manager could use these capabilities directly. I think GNU Shepard's integration with Guile Goblins and OCapN is a step in the right direction here: https://spritely.institute/news/spritely-nlnet-grants-decemb...
nine_k•3mo ago
Implementation-wise, it uses the effect system of OCaml and apparently the multicore capabilities.
avsm•3mo ago
ryangibb•3mo ago
This doesn't work in the general case, e.g. for postfix and dovecot, and is only becoming more pertinent with short lived certificates. It would be great if the service manager could use these capabilities directly. I think GNU Shepard's integration with Guile Goblins and OCapN is a step in the right direction here: https://spritely.institute/news/spritely-nlnet-grants-decemb...
I've written a little more about this here: https://ryan.freumh.org/eilean.html