colin/nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,386 Commits 120 Branches 0 Tags 17 MiB
dev
Commit Graph

22 Commits

Author SHA1 Message Date
Colin
beef453802 sops: fix key map after universal -> common rename 2023-05-16 07:19:09 +00:00
Colin
ed020b56c0 secrets: split moby.yaml into file-per-secret 2023-05-14 02:42:07 +00:00
Colin
974656a80a secrets: split lappy.yaml into per-secret files 2023-05-14 02:33:21 +00:00
Colin
318efe09e2 secrets: split desko.yaml into one-secret-per-file 2023-05-14 02:29:30 +00:00
colin
174bc539bc moby: enable a statically-assigned but encrypted password 2022-10-24 07:39:50 -07:00
colin
9ef457c0dd secrets/servo: grant access to lappy 2022-10-24 06:56:16 -07:00
colin
b658b93c64 lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot 
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
 2022-10-23 06:53:06 -07:00
colin
a3db626a00 servo: matrix-appservice-discord: hide keys in sops, and enable. 2022-10-05 22:38:20 -07:00
colin
cd89ea884b secrets: update moby keys 2022-08-31 17:01:41 -07:00
colin
ceef35af96 add aerc accounts.conf to secret store (and home-manager) 2022-06-20 23:55:43 -07:00
colin
6c810bc82c update lappy key 2022-06-20 16:03:52 -07:00
Colin
2b8ff8d5ae rename 'uninsane' machine -> 'servo' 2022-06-12 15:11:41 -07:00
colin
fb15f84f1d desko: enable duplicity backups 2022-06-10 01:43:48 -07:00
colin
22bcfe8853 rotate sops key for desko 2022-06-10 00:32:19 -07:00
Colin
d2ea4c5ffe migrate duplicity PASSPHRASE to sops 2022-06-06 19:06:53 -07:00
colin
4689d49d9f secrets: add lappy host key to access list 2022-06-06 18:07:28 -07:00
colin
3fea4297a8 secrets: add moby host to the access list 2022-06-06 18:05:28 -07:00
colin
fbd99f0069 re-encrypt keys for uninsane host 2022-06-06 17:53:39 -07:00
Colin
a900d9e692 sops: add uninsane host key 2022-06-06 17:52:26 -07:00
colin
b10b6c4aab sops: add uninsane.colin to access list 2022-06-06 16:57:35 -07:00
colin
0a1c959cb5 sops: add moby and lappy pubkeys 2022-06-06 16:54:05 -07:00
colin
1c16348724 secrets: add an example sops secret 2022-06-06 16:39:27 -07:00