aboutsummaryrefslogtreecommitdiff
path: root/secrets/secrets.nix (unfollow)
Commit message (Collapse)AuthorFilesLines
9 daysadd a module to remotely unlock machinesFranck Cuny1-0/+10
For machines with full disk encryption, we can remotely unlock them from bree. A systemd timer will run every 10 minutes and check if we need to unlock the host. If we need to, it will SSH and provide the passphrase to unlock the disk(s).
9 daysthe VM on the synology was reinstalledFranck Cuny1-1/+1
All the secrets were re-keyed.
10 daysbackup to the synology nasFranck Cuny1-4/+1
In addition to do a local backup, we also backup to the synology nas. We don't configure what to backup in the profiles, but instead in the host configuration.
10 daysrename synology-vm to breeFranck Cuny1-7/+6
14 daysconfigure miniflux and integrate with autheliaFranck Cuny1-0/+12
2025-11-22initial setup for autheliaFranck Cuny1-0/+19
2025-11-22delete do-rproxyFranck Cuny1-11/+3
This machine is replaced by argonath
2025-11-22configure the reverse proxy on argonathFranck Cuny1-1/+1
2025-11-21add argonath to agenix and rekey secretsFranck Cuny1-0/+7
2025-11-20move acme configurations to a profileFranck Cuny1-1/+2
Clean up API keys for Cloudflare.
2025-11-15delete profiles for forgejo and keycloakFranck Cuny1-8/+0
2025-11-15simplify the backupsFranck Cuny1-5/+3
2025-11-09remove tailscale configurationFranck Cuny1-5/+0
2025-10-24configure rivendell to be an exit node for tailscaleFranck Cuny1-0/+5
2025-10-18move keycloak and forgejo on rivendellFranck Cuny1-2/+2
I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
2025-10-18configure wireguard for rivendellFranck Cuny1-0/+6
2025-08-30switch to nginxFranck Cuny1-1/+1
For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
2025-08-14add keycloak for OAuth, runbooks, and finish forgejo setupFranck Cuny1-0/+8
2025-08-12rekey some secrets and deleted unused onesFranck Cuny1-9/+4
2025-08-12delete LLM related stuff for nowFranck Cuny1-6/+0
2025-08-10setup wireguard tunnel between the VM and DO hostsFranck Cuny1-0/+5
2025-08-10manage a DigitalOcean virtual machine with nixosFranck Cuny1-0/+10
Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
2025-08-09add the SSH key for the remote builderFranck Cuny1-0/+7
All the secrets were rekeyed.
2025-07-25add a module for mounting CIFS volumesFranck Cuny1-0/+4
The new module is for NAS clients, where we specify the server and the paths to mount locally. We add a new secret to have the username of the `nas' user. We mount the backups volume from the NAS under `/data/backups` on the VM.
2025-07-06add secrets and configurations for cloudflaredFranck Cuny1-0/+9
2025-06-30backup the VM to Google Cloud StorageFranck Cuny1-0/+11
For now we only backup git repositories.
2025-06-12remove one of my keys from the secretsFranck Cuny1-6/+3
2025-06-12use a dedicated SSH key for agenixFranck Cuny1-3/+10
The key is still stored in 1password, and we add a script to synchronize the key to the host. The existing keys have been rekeyed with the new key.
2025-06-08use agenix to manage some secretsFranck Cuny1-0/+9
I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future.
2024-12-28remove secrets and agenix since nothing uses themFranck Cuny1-12/+0
2024-12-19switch to the newer version of nixfmtFranck Cuny1-6/+8
`nixfmt-rfc-style' replaces `nixfmt-classic'. It's actively maintained, but also changes the style, so this commit touches all the files in the repository.
2024-12-19use treefmt to format all the filesFranck Cuny1-6/+1
2024-12-15run `ddns-updater' on `vm-synology'Franck Cuny1-1/+4
It has a small UI and the configuration with the secrets is managed with `agenix'.
2024-12-14use agenix to manage secrets in the repositoryFranck Cuny1-0/+12
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-07 12:36:35 +0000