094b7223c7
servo: wireguard secret is auto-generated
2023-01-20 07:11:37 +00:00
7c2ab92302
wg-home: derive wireguard key from ssh privkey
2023-01-20 06:57:49 +00:00
df848b3262
wg-home: use separate host key than client key
2023-01-20 05:10:51 +00:00
58a5a8b56d
wg_home_privkey: move secret to common file
2023-01-19 09:47:44 +00:00
e6d4ff3c6a
experimental wg-home VPN shared across my devices
2023-01-19 09:45:03 +00:00
472d25c056
mautrix-signal: define the shared secrets statically
2023-01-16 11:43:17 +00:00
ea5552daa7
bluetooth: accept that LinkKeys are device/host-specific and stop trying to share them across machines
2023-01-07 11:31:35 +00:00
fb7d94209c
bluetooth: update key for portable speaker
...
i was having difficulty connecting from lappy.
i re-paired: the old LinkKey doesn't seem to work...?
this new key gave a file without `PublicAddress=true`: i don't *think*
that actually matters, though the device *does* appear to be a public
address on first glance (00: prefix, and last 2 bits aren't 11).
2023-01-07 10:18:36 +00:00
70a43c770d
net: fix a iwd error by not encoding a network name which didn't need encoding
2023-01-07 03:11:12 +00:00
88a33dd5de
snippets: add private links
2023-01-02 13:23:29 +00:00
f5b49e014c
net: add parent's wifi
2022-12-29 00:57:36 +00:00
a0ac7fa98d
snippets: add secret snippets
2022-12-26 09:29:04 +00:00
b03043e513
add sane-bt-search script to search jackett/torrents
2022-12-26 09:05:26 +00:00
567c08460a
add sane-ip-check-router-wan to query WAN with a more trustworthy source
2022-12-19 05:59:44 +00:00
01db7e1f23
servo: install mediawiki
2022-12-15 11:17:50 +00:00
58ad87df8e
vpns: add us-mi[ami]
2022-12-13 04:26:00 +00:00
5fc894cda9
vpn: fix us-atlanta -> us-atl to match interface length limit
2022-12-13 04:13:01 +00:00
005a79e680
vpn: factor out more helpers
2022-12-13 03:55:18 +00:00
0f5279bbca
add us-atlanta VPN
2022-12-13 03:26:23 +00:00
a979521a98
servo: enable ddns against freedns.afraid.org
2022-12-08 14:30:17 +00:00
2992644901
bluetooth: persist bluetooth earbuds connection
2022-12-04 11:33:03 +00:00
d5d89a10b9
bluetooth: add key for connecting to my car
2022-12-04 10:56:50 +00:00
7c36a0d522
bluetooth: share connections across machines
2022-12-03 11:05:09 +00:00
b869617b09
duplicity: refactor and update files list
2022-11-21 10:39:52 +00:00
965181c8b0
moby: change password
2022-10-24 08:33:51 -07:00
174bc539bc
moby: enable a statically-assigned but encrypted password
2022-10-24 07:39:50 -07:00
9ef457c0dd
secrets/servo: grant access to lappy
2022-10-24 06:56:16 -07:00
9151f58b37
desko: set a password
2022-10-24 01:59:36 -07:00
9a4c2613c1
lappy: update passwd
2022-10-24 00:47:09 -07:00
b658b93c64
lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot
...
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00
fdb77ac588
matrix-appservice-discord: remove
...
i use mx-puppet now. it works better and requires no patching (at least
yet. maybe it will in the future to support threads).
2022-10-15 02:25:57 -07:00
9305d44fde
servo: add freshrss service
2022-10-13 17:52:43 -07:00
f464a80541
net: rename iphone SSID
2022-10-10 04:54:02 -07:00
f663243ad4
net: nit: normalize the SSID_PLAINTEXT field
2022-10-09 23:28:52 -07:00
94d9348b73
net: fix missing [Security] section for iphone.psk
2022-10-09 23:28:31 -07:00
1a5f1260e2
Merge branch 'staging/2022-10-08-flutter-update'
2022-10-08 21:39:37 -07:00
874c352987
net: add psk for connecting to my mobile hotspot
2022-10-08 19:24:55 -07:00
b2b61d2889
net: hex-encode the home network names.
...
otherwise iwd doesn't seem to understand them?
2022-10-07 20:39:26 -07:00
a3db626a00
servo: matrix-appservice-discord: hide keys in sops, and enable.
2022-10-05 22:38:20 -07:00
d6e34c6e98
net: rename encrypted .psk files -> .psk.bin
2022-09-29 06:12:51 -07:00
10c7a8d779
delete old network manager files
2022-09-29 06:10:35 -07:00
3184c6cfb6
net: switch to iwd for better experience
...
iwd, v.s. wpa_supplicant, has smarter metrics for choosing which
wireless networks to connect to when multiple are in range.
2022-09-29 06:08:33 -07:00
beda2b5238
net: share connections between all devices by not specifying the adapter name
2022-09-25 18:03:23 -07:00
2316b4a3ce
NetworkManager: store (and deploy) wifi connections to all devices
...
i haven't saved the hard-wired connection on desko/servo, but i think
that's alright: they should be DHCP'd.
2022-09-22 18:28:03 -07:00
b8ab7c1fa9
desko: enable nix-serve
2022-09-14 14:45:07 -07:00
f0334db736
secrets: update for moby keys
2022-08-31 17:25:21 -07:00
cd89ea884b
secrets: update moby keys
2022-08-31 17:01:41 -07:00
0e611ba3d4
sublime: disable song notifications
2022-08-09 23:12:51 -07:00
c5b132b8c8
persist sublime music config
...
we encode the whole config as a secret. that's because it contains the
auth info. not *that* much else is of interest in it. it doesn't appear
to be stateful, thankfully: the state is in
~/.local/share/sublime-music.
2022-08-09 23:10:21 -07:00
c6fbe3574d
vpn: rename ovpnd -> ovpnd-us
...
this is needed to disambiguate it against the other regions.
2022-07-09 00:52:05 -07:00
