f170351de7
ship komikku (comic/manga viewer)
2023-06-13 05:30:10 +00:00
c85a429388
servo: fix pleroma secret config syntax
2023-05-15 00:58:31 +00:00
7c31407ead
secrets: rename "universal" -> "common" to match the language of hosts/
2023-05-14 08:52:43 +00:00
0822ed34d7
secrets: split matrix_synapse_secrets out of servo.yaml
2023-05-14 08:46:40 +00:00
147b1c50b2
secrets: split pleroma_secrets out of servo.yaml
2023-05-14 08:44:37 +00:00
55875816d0
secrets: split nix_serve_privkey out of servo.yaml
2023-05-14 08:43:07 +00:00
e25a4bbee6
secrets: split freshrss_passwd out of servo.yaml
2023-05-14 08:41:27 +00:00
dbb9e00bed
secrets: split dovecot_passwd out of servo.yaml
2023-05-14 08:40:35 +00:00
6b1c3d02c1
secrets: split wg_ovpns_privkey out of servo.yaml
2023-05-14 08:38:46 +00:00
4a448a1bf1
secrets: split ddns_afraid out of servo.yaml
2023-05-14 08:37:13 +00:00
452a55c5e1
secrets: split ddns_he out of servo.yaml
2023-05-14 08:36:04 +00:00
d10f70aff7
secrets: split duplicity_passphrase out of servo.yaml
2023-05-14 08:34:36 +00:00
38423183ee
secrets: split mediawiki_pw out of servo.yaml
2023-05-14 08:33:22 +00:00
5c3be90b82
secrets: split wireguard keys out of universal.yaml
2023-05-14 08:26:54 +00:00
eabeef9f30
secrets/universal: document some of the more obscure secrets
2023-05-14 08:22:16 +00:00
f5dcca5166
secrets: split router_passwd out from universal.yaml
2023-05-14 08:19:54 +00:00
d9a23dfc1b
secrets: split transmission_passwd out of universal.yaml
2023-05-14 08:17:06 +00:00
adb2162a9c
secrets: split jackett_apikey out of universal.yaml
2023-05-14 08:16:56 +00:00
ed020b56c0
secrets: split moby.yaml into file-per-secret
2023-05-14 02:42:07 +00:00
ff01155efc
secrets: remove dead lappy.yaml file
2023-05-14 02:35:01 +00:00
974656a80a
secrets: split lappy.yaml into per-secret files
2023-05-14 02:33:21 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
c4bf887fe6
net: add conn for calyx-roomie
2023-05-10 04:52:34 +00:00
7b141f6f58
mx-sanebot: refactor event handling
...
now we handle invites using the same sync idioms as with normal messages
2023-04-27 23:35:42 +00:00
9c09d03e5c
programs: add per-program secrets
2023-04-26 00:19:33 +00:00
8e8e63a33f
matrix: re-enable shared registration secret
...
this allows me to create users from the CLI
2023-04-24 09:49:37 +00:00
4331df28d2
sane-scripts: add sane-bt-show to get info about previously added torrents
2023-03-22 22:43:30 +00:00
8e865999f8
email: ship offlineimap
for mail synchronization
2023-03-03 08:48:59 +00:00
c744b976d0
secrets: add internet for make space
2023-03-02 00:46:37 +00:00
b740af17cd
net: document how to add new networks
2023-02-15 01:59:22 +00:00
40e7d8a689
net: add new WiFi connection details
2023-02-15 01:59:12 +00:00
2f16e802d8
rename old networks
2023-02-15 01:52:39 +00:00
094b7223c7
servo: wireguard secret is auto-generated
2023-01-20 07:11:37 +00:00
7c2ab92302
wg-home: derive wireguard key from ssh privkey
2023-01-20 06:57:49 +00:00
df848b3262
wg-home: use separate host key than client key
2023-01-20 05:10:51 +00:00
58a5a8b56d
wg_home_privkey: move secret to common file
2023-01-19 09:47:44 +00:00
e6d4ff3c6a
experimental wg-home VPN shared across my devices
2023-01-19 09:45:03 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
ea5552daa7
bluetooth: accept that LinkKeys are device/host-specific and stop trying to share them across machines
2023-01-07 11:31:35 +00:00
fb7d94209c
bluetooth: update key for portable speaker
...
i was having difficulty connecting from lappy.
i re-paired: the old LinkKey doesn't seem to work...?
this new key gave a file without `PublicAddress=true`: i don't *think*
that actually matters, though the device *does* appear to be a public
address on first glance (00: prefix, and last 2 bits aren't 11).
2023-01-07 10:18:36 +00:00
70a43c770d
net: fix a iwd error by not encoding a network name which didn't need encoding
2023-01-07 03:11:12 +00:00
88a33dd5de
snippets: add private links
2023-01-02 13:23:29 +00:00
f5b49e014c
net: add parent's wifi
2022-12-29 00:57:36 +00:00
a0ac7fa98d
snippets: add secret snippets
2022-12-26 09:29:04 +00:00
b03043e513
add sane-bt-search script to search jackett/torrents
2022-12-26 09:05:26 +00:00
567c08460a
add sane-ip-check-router-wan to query WAN with a more trustworthy source
2022-12-19 05:59:44 +00:00
01db7e1f23
servo: install mediawiki
2022-12-15 11:17:50 +00:00
58ad87df8e
vpns: add us-mi[ami]
2022-12-13 04:26:00 +00:00
5fc894cda9
vpn: fix us-atlanta -> us-atl to match interface length limit
2022-12-13 04:13:01 +00:00
005a79e680
vpn: factor out more helpers
2022-12-13 03:55:18 +00:00
0f5279bbca
add us-atlanta VPN
2022-12-13 03:26:23 +00:00
a979521a98
servo: enable ddns against freedns.afraid.org
2022-12-08 14:30:17 +00:00
2992644901
bluetooth: persist bluetooth earbuds connection
2022-12-04 11:33:03 +00:00
d5d89a10b9
bluetooth: add key for connecting to my car
2022-12-04 10:56:50 +00:00
7c36a0d522
bluetooth: share connections across machines
2022-12-03 11:05:09 +00:00
b869617b09
duplicity: refactor and update files list
2022-11-21 10:39:52 +00:00
965181c8b0
moby: change password
2022-10-24 08:33:51 -07:00
174bc539bc
moby: enable a statically-assigned but encrypted password
2022-10-24 07:39:50 -07:00
9ef457c0dd
secrets/servo: grant access to lappy
2022-10-24 06:56:16 -07:00
9151f58b37
desko: set a password
2022-10-24 01:59:36 -07:00
9a4c2613c1
lappy: update passwd
2022-10-24 00:47:09 -07:00
b658b93c64
lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot
...
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00
fdb77ac588
matrix-appservice-discord: remove
...
i use mx-puppet now. it works better and requires no patching (at least
yet. maybe it will in the future to support threads).
2022-10-15 02:25:57 -07:00
9305d44fde
servo: add freshrss service
2022-10-13 17:52:43 -07:00
f464a80541
net: rename iphone SSID
2022-10-10 04:54:02 -07:00
f663243ad4
net: nit: normalize the SSID_PLAINTEXT field
2022-10-09 23:28:52 -07:00
94d9348b73
net: fix missing [Security]
section for iphone.psk
2022-10-09 23:28:31 -07:00
1a5f1260e2
Merge branch 'staging/2022-10-08-flutter-update'
2022-10-08 21:39:37 -07:00
874c352987
net: add psk for connecting to my mobile hotspot
2022-10-08 19:24:55 -07:00
b2b61d2889
net: hex-encode the home network names.
...
otherwise iwd doesn't seem to understand them?
2022-10-07 20:39:26 -07:00
a3db626a00
servo: matrix-appservice-discord: hide keys in sops, and enable.
2022-10-05 22:38:20 -07:00
d6e34c6e98
net: rename encrypted .psk files -> .psk.bin
2022-09-29 06:12:51 -07:00
10c7a8d779
delete old network manager files
2022-09-29 06:10:35 -07:00
3184c6cfb6
net: switch to iwd for better experience
...
iwd, v.s. wpa_supplicant, has smarter metrics for choosing which
wireless networks to connect to when multiple are in range.
2022-09-29 06:08:33 -07:00
beda2b5238
net: share connections between all devices by not specifying the adapter name
2022-09-25 18:03:23 -07:00
2316b4a3ce
NetworkManager: store (and deploy) wifi connections to all devices
...
i haven't saved the hard-wired connection on desko/servo, but i think
that's alright: they should be DHCP'd.
2022-09-22 18:28:03 -07:00
b8ab7c1fa9
desko: enable nix-serve
2022-09-14 14:45:07 -07:00
f0334db736
secrets: update for moby keys
2022-08-31 17:25:21 -07:00
cd89ea884b
secrets: update moby
keys
2022-08-31 17:01:41 -07:00
0e611ba3d4
sublime: disable song notifications
2022-08-09 23:12:51 -07:00
c5b132b8c8
persist sublime music config
...
we encode the whole config as a secret. that's because it contains the
auth info. not *that* much else is of interest in it. it doesn't appear
to be stateful, thankfully: the state is in
~/.local/share/sublime-music.
2022-08-09 23:10:21 -07:00
c6fbe3574d
vpn: rename ovpnd -> ovpnd-us
...
this is needed to disambiguate it against the other regions.
2022-07-09 00:52:05 -07:00
f790147fb0
add ukraine VPN
2022-07-09 00:48:09 -07:00
1dd791874a
remove himalaya: we're using aerc now
2022-06-21 02:02:04 -07:00
924b91564e
fix aerc connection settings
2022-06-21 00:21:32 -07:00
ceef35af96
add aerc accounts.conf to secret store (and home-manager)
2022-06-20 23:55:43 -07:00
6c810bc82c
update lappy key
2022-06-20 16:03:52 -07:00
2b8ff8d5ae
rename 'uninsane' machine -> 'servo'
2022-06-12 15:11:41 -07:00
fb15f84f1d
desko: enable duplicity backups
2022-06-10 01:43:48 -07:00
22bcfe8853
rotate sops key for desko
2022-06-10 00:32:19 -07:00
cd43247d2c
enable himalaya
for sending and receiving email
...
sent messages don't get copied to the sent mailbox, but oh well.
problem for another day.
2022-06-09 18:58:42 -07:00
cf4cde548a
implement OVPN wireguard service
2022-06-09 17:41:03 -07:00
492506ab01
remove the last remnants of the old secrets
system.
...
using SOPS exclusively now
2022-06-08 17:07:48 -07:00
ff002c3197
matrix: port secrets to sops
2022-06-08 17:03:41 -07:00
117b69d39e
pleroma: port secrets to sops
2022-06-08 16:46:32 -07:00
46b0f10b9d
nix-serve: port secrets to sops
2022-06-08 16:27:35 -07:00
e188db9344
postfix/dovecot: convert secrets to sops
2022-06-08 15:59:02 -07:00
85f16d9732
ovpn config: use sops for secrets
2022-06-08 14:39:10 -07:00
bc9450a0fa
port ddns-he to sops secret
2022-06-08 14:32:16 -07:00
364f76b59e
move uninsane secrets to a machine-global file
2022-06-08 14:22:43 -07:00