colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
6,197 Commits 125 Branches 1 Tag 12 MiB
7bb7a24b22
Commit Graph

21 Commits

Author SHA1 Message Date
Colin
e990d5a645 hosts: add supercap 2023-11-24 07:35:58 +00:00
Colin
e0a1dcd51f refactor: remove modules/data/keys.nix 2023-11-23 03:56:00 +00:00
Colin
24a3c22edc revoke ssh access from servo/moby into any other system (by default) 2023-07-07 21:15:00 +00:00
Colin
0d0a9fce6a associate ssh pubkeys to my hosts' wireguard names 2023-06-15 07:54:31 +00:00
Colin
287817056f refactor: sane.services.wan-ports -> sane.ports 2023-05-31 04:25:39 +00:00
Colin
e4262cb0bc ssh: integrate with sane.services.wan-ports 2023-05-28 20:39:18 +00:00
colin
9301b95dbb wg-home: move to shared module so that host and client config can be adjacent 2023-01-19 23:55:56 +00:00
colin
d13bcc49ab refactor hosts directory, and move ssh keys out of modules/data 
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).

also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
 2023-01-19 23:23:43 +00:00
colin
dbb78088f4 refactor: cleanup instances where we map to attrs to be more resilient against duplicate names 2023-01-09 03:48:07 +00:00
colin
b2774a4004 move pubkeys out a modules/data/ directory 2023-01-09 02:40:25 +00:00
colin
a457fc1416 ssh: move sys config out of hosts/common 2023-01-08 08:43:23 +00:00
colin
2c0b0f6947 ssh: explain why we specify host_keys the way we do instead of through sane.persist 2023-01-08 08:41:48 +00:00
colin
488036beb3 ssh: add git.uninsane.org host key back 2023-01-08 03:22:05 +00:00
colin
72d589cb2d ssh: port to modules system 2023-01-08 03:07:57 +00:00
colin
0a6d88dfc1 impermanence: simplify /etc/ssh/host_keys setup 2022-12-30 03:34:59 +00:00
colin
50dfd482cf document plans for better handling of /etc/ssh 2022-12-29 19:19:51 +00:00
colin
9743aee79d ssh keys: document the issues i'm seeing 2022-12-29 18:42:59 +00:00
colin
aa1c1f40cb WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
colin
d60e5264f3 don't bind-mount /etc/ssh/host_keys: symlink them instead 2022-12-20 00:04:09 +00:00
colin
0b2faef989 /etc/ssh/host_keys: fix endlessly stacked mounts 
i believe this was mounting a new /etc/ssh/host_keys on every
activation, resulting in literally thousands of mounts and slowing down
later activations
 2022-12-19 11:18:08 +00:00
colin
0c6b949a72 lift some more files out of modules -> hosts 2022-11-22 04:29:17 +00:00