aboutsummaryrefslogtreecommitdiff
path: root/secrets/secrets.nix (follow)
Commit message (Collapse)AuthorAgeFilesLines
* delete profiles for forgejo and keycloakFranck Cuny2025-11-151-8/+0
|
* simplify the backupsFranck Cuny2025-11-151-5/+3
|
* remove tailscale configurationFranck Cuny2025-11-091-5/+0
|
* configure rivendell to be an exit node for tailscaleFranck Cuny2025-10-241-0/+5
|
* move keycloak and forgejo on rivendellFranck Cuny2025-10-181-2/+2
| | | | | I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
* configure wireguard for rivendellFranck Cuny2025-10-181-0/+6
|
* switch to nginxFranck Cuny2025-08-301-1/+1
| | | | | For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
* add keycloak for OAuth, runbooks, and finish forgejo setupFranck Cuny2025-08-141-0/+8
|
* rekey some secrets and deleted unused onesFranck Cuny2025-08-121-9/+4
|
* delete LLM related stuff for nowFranck Cuny2025-08-121-6/+0
|
* setup wireguard tunnel between the VM and DO hostsFranck Cuny2025-08-101-0/+5
|
* manage a DigitalOcean virtual machine with nixosFranck Cuny2025-08-101-0/+10
| | | | | | | Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
* add the SSH key for the remote builderFranck Cuny2025-08-091-0/+7
| | | | All the secrets were rekeyed.
* add a module for mounting CIFS volumesFranck Cuny2025-07-251-0/+4
| | | | | | | | | | The new module is for NAS clients, where we specify the server and the paths to mount locally. We add a new secret to have the username of the `nas' user. We mount the backups volume from the NAS under `/data/backups` on the VM.
* add secrets and configurations for cloudflaredFranck Cuny2025-07-061-0/+9
|
* backup the VM to Google Cloud StorageFranck Cuny2025-06-301-0/+11
| | | | For now we only backup git repositories.
* remove one of my keys from the secretsFranck Cuny2025-06-121-6/+3
|
* use a dedicated SSH key for agenixFranck Cuny2025-06-121-3/+10
| | | | | | | The key is still stored in 1password, and we add a script to synchronize the key to the host. The existing keys have been rekeyed with the new key.
* use agenix to manage some secretsFranck Cuny2025-06-081-0/+9
| | | | | | | | | | | I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future.
* remove secrets and agenix since nothing uses themFranck Cuny2024-12-281-12/+0
|
* switch to the newer version of nixfmtFranck Cuny2024-12-191-6/+8
| | | | | | `nixfmt-rfc-style' replaces `nixfmt-classic'. It's actively maintained, but also changes the style, so this commit touches all the files in the repository.
* use treefmt to format all the filesFranck Cuny2024-12-191-6/+1
|
* run `ddns-updater' on `vm-synology'Franck Cuny2024-12-151-1/+4
| | | | | It has a small UI and the configuration with the secrets is managed with `agenix'.
* use agenix to manage secrets in the repositoryFranck Cuny2024-12-141-0/+12
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:35:18 +0000