24a3c22edc
revoke ssh access from servo/moby into any other system (by default)
2023-07-07 21:15:00 +00:00
0d0a9fce6a
associate ssh pubkeys to my hosts' wireguard names
2023-06-15 07:54:31 +00:00
a5fafee4dd
hosts: fix servo lan IP typo
2023-05-13 12:56:11 +00:00
4afdc11882
hosts: update LAN UP addresses
2023-05-13 11:58:10 +00:00
ff081f3da6
hosts: fix moby lan ip
2023-05-02 18:04:24 +00:00
b15fd0ced5
hosts: fix lappy lan ip
2023-05-02 06:00:06 +00:00
4d96a1ed45
update LAN IPs for lappy/desko/moby
2023-04-01 23:50:53 +00:00
9aedb133bb
servo: update LAN IP
2023-04-01 17:08:01 +00:00
290a15e517
servo: update lan IP
2023-02-21 11:36:16 +00:00
af5c0d0648
hosts: update LAN IPs
2023-02-20 00:27:14 +00:00
5d78bc6704
moby: enable wireguard/home VPN
2023-01-20 22:40:58 +00:00
f4d6ecb1cf
wg-home: use the DNS endpoint for connecting to my home VPN
2023-01-20 10:34:04 +00:00
c316e51344
desko: enable wg-home
2023-01-20 07:59:11 +00:00
6a2374e046
wg-home: unify server and client config
2023-01-20 07:42:31 +00:00
708cb841fe
wg-home: auto-generate peer list from hosts.nix config
2023-01-20 07:22:34 +00:00
094b7223c7
servo: wireguard secret is auto-generated
2023-01-20 07:11:37 +00:00
f6dfc9cf29
hosts: migrate IP addresses into hosts/modules
2023-01-20 07:07:45 +00:00
7c2ab92302
wg-home: derive wireguard key from ssh privkey
2023-01-20 06:57:49 +00:00
7c18d77046
wg-home: make wireguard pubkeys configurable; we'll want one per host
2023-01-20 06:09:57 +00:00
038a9034d7
hosts: remove the is-target attribute and opt into roles via the config system instead
2023-01-20 00:13:13 +00:00
9301b95dbb
wg-home: move to shared module so that host and client config can be adjacent
2023-01-19 23:55:56 +00:00
d13bcc49ab
refactor hosts directory, and move ssh keys out of modules/data
...
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).
also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
2023-01-19 23:23:43 +00:00