colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,052 Commits 118 Branches 0 Tags 12 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Colin beef453802 sops: fix key map after universal -> common rename 2023-05-16 07:19:09 +00:00
Colin ed020b56c0 secrets: split moby.yaml into file-per-secret 2023-05-14 02:42:07 +00:00
Colin 974656a80a secrets: split lappy.yaml into per-secret files 2023-05-14 02:33:21 +00:00
Colin 318efe09e2 secrets: split desko.yaml into one-secret-per-file 2023-05-14 02:29:30 +00:00
colin 174bc539bc moby: enable a statically-assigned but encrypted password 2022-10-24 07:39:50 -07:00
colin 9ef457c0dd secrets/servo: grant access to lappy 2022-10-24 06:56:16 -07:00
colin b658b93c64 lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot 
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
 2022-10-23 06:53:06 -07:00
colin a3db626a00 servo: matrix-appservice-discord: hide keys in sops, and enable. 2022-10-05 22:38:20 -07:00
colin cd89ea884b secrets: update `moby` keys 2022-08-31 17:01:41 -07:00
colin ceef35af96 add aerc accounts.conf to secret store (and home-manager) 2022-06-20 23:55:43 -07:00
colin 6c810bc82c update lappy key 2022-06-20 16:03:52 -07:00
Colin 2b8ff8d5ae rename 'uninsane' machine -> 'servo' 2022-06-12 15:11:41 -07:00
colin fb15f84f1d desko: enable duplicity backups 2022-06-10 01:43:48 -07:00
colin 22bcfe8853 rotate sops key for desko 2022-06-10 00:32:19 -07:00
Colin d2ea4c5ffe migrate duplicity PASSPHRASE to sops 2022-06-06 19:06:53 -07:00
colin 4689d49d9f secrets: add lappy host key to access list 2022-06-06 18:07:28 -07:00
colin 3fea4297a8 secrets: add moby host to the access list 2022-06-06 18:05:28 -07:00
colin fbd99f0069 re-encrypt keys for uninsane host 2022-06-06 17:53:39 -07:00
Colin a900d9e692 sops: add uninsane host key 2022-06-06 17:52:26 -07:00
colin b10b6c4aab sops: add uninsane.colin to access list 2022-06-06 16:57:35 -07:00
colin 0a1c959cb5 sops: add moby and lappy pubkeys 2022-06-06 16:54:05 -07:00
colin 1c16348724 secrets: add an example sops secret 2022-06-06 16:39:27 -07:00