df848b3262
wg-home: use separate host key than client key
2023-01-20 05:10:51 +00:00
58a5a8b56d
wg_home_privkey: move secret to common file
2023-01-19 09:47:44 +00:00
e6d4ff3c6a
experimental wg-home VPN shared across my devices
2023-01-19 09:45:03 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
ea5552daa7
bluetooth: accept that LinkKeys are device/host-specific and stop trying to share them across machines
2023-01-07 11:31:35 +00:00
fb7d94209c
bluetooth: update key for portable speaker
...
i was having difficulty connecting from lappy.
i re-paired: the old LinkKey doesn't seem to work...?
this new key gave a file without `PublicAddress=true`: i don't *think*
that actually matters, though the device *does* appear to be a public
address on first glance (00: prefix, and last 2 bits aren't 11).
2023-01-07 10:18:36 +00:00
70a43c770d
net: fix a iwd error by not encoding a network name which didn't need encoding
2023-01-07 03:11:12 +00:00
88a33dd5de
snippets: add private links
2023-01-02 13:23:29 +00:00
f5b49e014c
net: add parent's wifi
2022-12-29 00:57:36 +00:00
a0ac7fa98d
snippets: add secret snippets
2022-12-26 09:29:04 +00:00
b03043e513
add sane-bt-search script to search jackett/torrents
2022-12-26 09:05:26 +00:00
567c08460a
add sane-ip-check-router-wan to query WAN with a more trustworthy source
2022-12-19 05:59:44 +00:00
01db7e1f23
servo: install mediawiki
2022-12-15 11:17:50 +00:00
58ad87df8e
vpns: add us-mi[ami]
2022-12-13 04:26:00 +00:00
5fc894cda9
vpn: fix us-atlanta -> us-atl to match interface length limit
2022-12-13 04:13:01 +00:00
005a79e680
vpn: factor out more helpers
2022-12-13 03:55:18 +00:00
0f5279bbca
add us-atlanta VPN
2022-12-13 03:26:23 +00:00
a979521a98
servo: enable ddns against freedns.afraid.org
2022-12-08 14:30:17 +00:00
2992644901
bluetooth: persist bluetooth earbuds connection
2022-12-04 11:33:03 +00:00
d5d89a10b9
bluetooth: add key for connecting to my car
2022-12-04 10:56:50 +00:00
7c36a0d522
bluetooth: share connections across machines
2022-12-03 11:05:09 +00:00
b869617b09
duplicity: refactor and update files list
2022-11-21 10:39:52 +00:00
965181c8b0
moby: change password
2022-10-24 08:33:51 -07:00
174bc539bc
moby: enable a statically-assigned but encrypted password
2022-10-24 07:39:50 -07:00
9ef457c0dd
secrets/servo: grant access to lappy
2022-10-24 06:56:16 -07:00
9151f58b37
desko: set a password
2022-10-24 01:59:36 -07:00
9a4c2613c1
lappy: update passwd
2022-10-24 00:47:09 -07:00
b658b93c64
lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot
...
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00
fdb77ac588
matrix-appservice-discord: remove
...
i use mx-puppet now. it works better and requires no patching (at least
yet. maybe it will in the future to support threads).
2022-10-15 02:25:57 -07:00
9305d44fde
servo: add freshrss service
2022-10-13 17:52:43 -07:00
f464a80541
net: rename iphone SSID
2022-10-10 04:54:02 -07:00
f663243ad4
net: nit: normalize the SSID_PLAINTEXT field
2022-10-09 23:28:52 -07:00
94d9348b73
net: fix missing [Security] section for iphone.psk
2022-10-09 23:28:31 -07:00
1a5f1260e2
Merge branch 'staging/2022-10-08-flutter-update'
2022-10-08 21:39:37 -07:00
874c352987
net: add psk for connecting to my mobile hotspot
2022-10-08 19:24:55 -07:00
b2b61d2889
net: hex-encode the home network names.
...
otherwise iwd doesn't seem to understand them?
2022-10-07 20:39:26 -07:00
a3db626a00
servo: matrix-appservice-discord: hide keys in sops, and enable.
2022-10-05 22:38:20 -07:00
d6e34c6e98
net: rename encrypted .psk files -> .psk.bin
2022-09-29 06:12:51 -07:00
10c7a8d779
delete old network manager files
2022-09-29 06:10:35 -07:00
3184c6cfb6
net: switch to iwd for better experience
...
iwd, v.s. wpa_supplicant, has smarter metrics for choosing which
wireless networks to connect to when multiple are in range.
2022-09-29 06:08:33 -07:00
beda2b5238
net: share connections between all devices by not specifying the adapter name
2022-09-25 18:03:23 -07:00
2316b4a3ce
NetworkManager: store (and deploy) wifi connections to all devices
...
i haven't saved the hard-wired connection on desko/servo, but i think
that's alright: they should be DHCP'd.
2022-09-22 18:28:03 -07:00
b8ab7c1fa9
desko: enable nix-serve
2022-09-14 14:45:07 -07:00
f0334db736
secrets: update for moby keys
2022-08-31 17:25:21 -07:00
cd89ea884b
secrets: update moby keys
2022-08-31 17:01:41 -07:00
0e611ba3d4
sublime: disable song notifications
2022-08-09 23:12:51 -07:00
c5b132b8c8
persist sublime music config
...
we encode the whole config as a secret. that's because it contains the
auth info. not *that* much else is of interest in it. it doesn't appear
to be stateful, thankfully: the state is in
~/.local/share/sublime-music.
2022-08-09 23:10:21 -07:00
c6fbe3574d
vpn: rename ovpnd -> ovpnd-us
...
this is needed to disambiguate it against the other regions.
2022-07-09 00:52:05 -07:00
f790147fb0
add ukraine VPN
2022-07-09 00:48:09 -07:00
1dd791874a
remove himalaya: we're using aerc now
2022-06-21 02:02:04 -07:00
924b91564e
fix aerc connection settings
2022-06-21 00:21:32 -07:00
ceef35af96
add aerc accounts.conf to secret store (and home-manager)
2022-06-20 23:55:43 -07:00
6c810bc82c
update lappy key
2022-06-20 16:03:52 -07:00
2b8ff8d5ae
rename 'uninsane' machine -> 'servo'
2022-06-12 15:11:41 -07:00
fb15f84f1d
desko: enable duplicity backups
2022-06-10 01:43:48 -07:00
22bcfe8853
rotate sops key for desko
2022-06-10 00:32:19 -07:00
cd43247d2c
enable himalaya for sending and receiving email
...
sent messages don't get copied to the sent mailbox, but oh well.
problem for another day.
2022-06-09 18:58:42 -07:00
cf4cde548a
implement OVPN wireguard service
2022-06-09 17:41:03 -07:00
492506ab01
remove the last remnants of the old secrets system.
...
using SOPS exclusively now
2022-06-08 17:07:48 -07:00
ff002c3197
matrix: port secrets to sops
2022-06-08 17:03:41 -07:00
117b69d39e
pleroma: port secrets to sops
2022-06-08 16:46:32 -07:00
46b0f10b9d
nix-serve: port secrets to sops
2022-06-08 16:27:35 -07:00
e188db9344
postfix/dovecot: convert secrets to sops
2022-06-08 15:59:02 -07:00
85f16d9732
ovpn config: use sops for secrets
2022-06-08 14:39:10 -07:00
bc9450a0fa
port ddns-he to sops secret
2022-06-08 14:32:16 -07:00
364f76b59e
move uninsane secrets to a machine-global file
2022-06-08 14:22:43 -07:00
a313f61351
duplicity: migrate secrets to sops
2022-06-07 02:33:11 -07:00
d2ea4c5ffe
migrate duplicity PASSPHRASE to sops
2022-06-06 19:06:53 -07:00
4689d49d9f
secrets: add lappy host key to access list
2022-06-06 18:07:28 -07:00
3fea4297a8
secrets: add moby host to the access list
2022-06-06 18:05:28 -07:00
fbd99f0069
re-encrypt keys for uninsane host
2022-06-06 17:53:39 -07:00
b10b6c4aab
sops: add uninsane.colin to access list
2022-06-06 16:57:35 -07:00
0a1c959cb5
sops: add moby and lappy pubkeys
2022-06-06 16:54:05 -07:00
1c16348724
secrets: add an example sops secret
2022-06-06 16:39:27 -07:00
6318e66314
uninsane: enable nix-cache
...
note that the other machines can't easily use it unitl i upgrade to nixos-22.05
2022-05-28 12:39:50 -07:00
0b79ac872a
remove dated duplicity_url secrets/ file
2022-05-27 02:25:24 -07:00
0b3e7a2c4a
update secrets documentation
2022-05-27 01:01:06 -07:00
27f1360681
migrate dovecot secrets to secrets nix file
2022-05-27 00:57:36 -07:00
e207ca56dc
duplicity: port passphrase to secrets file
2022-05-27 00:46:58 -07:00
a9b7b614b8
move matrix-synapse email password to secrets file
2022-05-27 00:34:19 -07:00
91d8b95459
move secrets to a subdirectory, for improved overrides
2022-05-26 23:52:08 -07:00
f2a7592143
secrets: document how to update a secret
2022-05-22 09:41:16 +00:00
55b3b6ad46
port to a flake
...
built and switched. will try reboot.
2022-05-21 01:59:51 +00:00
