aboutsummaryrefslogtreecommitdiff
path: root/secrets/secrets.nix (follow)
Commit message (Collapse)AuthorAgeFilesLines
* add a module to remotely unlock machinesFranck Cuny7 days1-0/+10
| | | | | | | For machines with full disk encryption, we can remotely unlock them from bree. A systemd timer will run every 10 minutes and check if we need to unlock the host. If we need to, it will SSH and provide the passphrase to unlock the disk(s).
* the VM on the synology was reinstalledFranck Cuny8 days1-1/+1
| | | | All the secrets were re-keyed.
* backup to the synology nasFranck Cuny8 days1-4/+1
| | | | | | In addition to do a local backup, we also backup to the synology nas. We don't configure what to backup in the profiles, but instead in the host configuration.
* rename synology-vm to breeFranck Cuny9 days1-7/+6
|
* configure miniflux and integrate with autheliaFranck Cuny13 days1-0/+12
|
* initial setup for autheliaFranck Cuny14 days1-0/+19
|
* delete do-rproxyFranck Cuny14 days1-11/+3
| | | | This machine is replaced by argonath
* configure the reverse proxy on argonathFranck Cuny14 days1-1/+1
|
* add argonath to agenix and rekey secretsFranck Cuny2025-11-211-0/+7
|
* move acme configurations to a profileFranck Cuny2025-11-201-1/+2
| | | | Clean up API keys for Cloudflare.
* delete profiles for forgejo and keycloakFranck Cuny2025-11-151-8/+0
|
* simplify the backupsFranck Cuny2025-11-151-5/+3
|
* remove tailscale configurationFranck Cuny2025-11-091-5/+0
|
* configure rivendell to be an exit node for tailscaleFranck Cuny2025-10-241-0/+5
|
* move keycloak and forgejo on rivendellFranck Cuny2025-10-181-2/+2
| | | | | I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
* configure wireguard for rivendellFranck Cuny2025-10-181-0/+6
|
* switch to nginxFranck Cuny2025-08-301-1/+1
| | | | | For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
* add keycloak for OAuth, runbooks, and finish forgejo setupFranck Cuny2025-08-141-0/+8
|
* rekey some secrets and deleted unused onesFranck Cuny2025-08-121-9/+4
|
* delete LLM related stuff for nowFranck Cuny2025-08-121-6/+0
|
* setup wireguard tunnel between the VM and DO hostsFranck Cuny2025-08-101-0/+5
|
* manage a DigitalOcean virtual machine with nixosFranck Cuny2025-08-101-0/+10
| | | | | | | Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
* add the SSH key for the remote builderFranck Cuny2025-08-091-0/+7
| | | | All the secrets were rekeyed.
* add a module for mounting CIFS volumesFranck Cuny2025-07-251-0/+4
| | | | | | | | | | The new module is for NAS clients, where we specify the server and the paths to mount locally. We add a new secret to have the username of the `nas' user. We mount the backups volume from the NAS under `/data/backups` on the VM.
* add secrets and configurations for cloudflaredFranck Cuny2025-07-061-0/+9
|
* backup the VM to Google Cloud StorageFranck Cuny2025-06-301-0/+11
| | | | For now we only backup git repositories.
* remove one of my keys from the secretsFranck Cuny2025-06-121-6/+3
|
* use a dedicated SSH key for agenixFranck Cuny2025-06-121-3/+10
| | | | | | | The key is still stored in 1password, and we add a script to synchronize the key to the host. The existing keys have been rekeyed with the new key.
* use agenix to manage some secretsFranck Cuny2025-06-081-0/+9
| | | | | | | | | | | I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future.
* remove secrets and agenix since nothing uses themFranck Cuny2024-12-281-12/+0
|
* switch to the newer version of nixfmtFranck Cuny2024-12-191-6/+8
| | | | | | `nixfmt-rfc-style' replaces `nixfmt-classic'. It's actively maintained, but also changes the style, so this commit touches all the files in the repository.
* use treefmt to format all the filesFranck Cuny2024-12-191-6/+1
|
* run `ddns-updater' on `vm-synology'Franck Cuny2024-12-151-1/+4
| | | | | It has a small UI and the configuration with the secrets is managed with `agenix'.
* use agenix to manage secrets in the repositoryFranck Cuny2024-12-141-0/+12
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:16:59 +0000