aboutsummaryrefslogtreecommitdiff
path: root/secrets (follow)
Commit message (Collapse)AuthorAgeFilesLines
* don't use agenix from home managerFranck Cuny8 days20-26/+35
| | | | Install the key with the host's configuration and rekey the secrets.
* configure aider and emacs properlyFranck Cuny2026-01-032-0/+4
| | | | Use anthropic's models and set the API key.
* add monitoringFranck Cuny2025-12-193-0/+12
| | | | | | Run victoria metrics and grafana on rivendell. Grafana is using authelia for auth. We run some collectors on all the machines, and they publish to VM through the wireguard interface.
* rsync some medias to the NASFranck Cuny2025-12-152-0/+6
|
* add a module to remotely unlock machinesFranck Cuny2025-11-283-0/+18
| | | | | | | For machines with full disk encryption, we can remotely unlock them from bree. A systemd timer will run every 10 minutes and check if we need to unlock the host. If we need to, it will SSH and provide the passphrase to unlock the disk(s).
* the VM on the synology was reinstalledFranck Cuny2025-11-2813-7/+7
| | | | All the secrets were re-keyed.
* backup to the synology nasFranck Cuny2025-11-274-14/+1
| | | | | | In addition to do a local backup, we also backup to the synology nas. We don't configure what to backup in the profiles, but instead in the host configuration.
* rename synology-vm to breeFranck Cuny2025-11-272-7/+6
|
* configure miniflux and integrate with autheliaFranck Cuny2025-11-233-0/+12
|
* initial setup for autheliaFranck Cuny2025-11-2211-6/+33
|
* delete do-rproxyFranck Cuny2025-11-223-18/+3
| | | | This machine is replaced by argonath
* configure the reverse proxy on argonathFranck Cuny2025-11-223-12/+1
|
* add argonath to agenix and rekey secretsFranck Cuny2025-11-2110-20/+34
|
* move acme configurations to a profileFranck Cuny2025-11-205-8/+2
| | | | Clean up API keys for Cloudflare.
* delete profiles for forgejo and keycloakFranck Cuny2025-11-153-23/+0
|
* simplify the backupsFranck Cuny2025-11-1512-45/+46
|
* remove tailscale configurationFranck Cuny2025-11-092-12/+0
|
* configure rivendell to be an exit node for tailscaleFranck Cuny2025-10-242-0/+12
|
* move keycloak and forgejo on rivendellFranck Cuny2025-10-1812-44/+41
| | | | | I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
* configure wireguard for rivendellFranck Cuny2025-10-182-0/+13
|
* switch to nginxFranck Cuny2025-08-302-1/+1
| | | | | For some reasons, I can't get compression to work with Caddy, and I don't get much benefit from it in the first place anyway.
* add keycloak for OAuth, runbooks, and finish forgejo setupFranck Cuny2025-08-143-0/+22
|
* rekey some secrets and deleted unused onesFranck Cuny2025-08-129-34/+30
|
* delete LLM related stuff for nowFranck Cuny2025-08-121-6/+0
|
* setup wireguard tunnel between the VM and DO hostsFranck Cuny2025-08-102-0/+12
|
* manage a DigitalOcean virtual machine with nixosFranck Cuny2025-08-103-0/+17
| | | | | | | Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time.
* add the SSH key for the remote builderFranck Cuny2025-08-098-12/+17
| | | | All the secrets were rekeyed.
* add a module for mounting CIFS volumesFranck Cuny2025-07-252-0/+12
| | | | | | | | | | The new module is for NAS clients, where we specify the server and the paths to mount locally. We add a new secret to have the username of the `nas' user. We mount the backups volume from the NAS under `/data/backups` on the VM.
* store backups locally and remotelyFranck Cuny2025-07-071-0/+0
| | | | | | | | | | It might be useful to have a local backup so that I don't need to pull it from the remote bucket. It is useful to be able to quickly browse and see what's in the backup, and having to go to GCS for that is a waste of resources. Export environment variables to make it easier to interact with the local repository.
* add secrets and configurations for cloudflaredFranck Cuny2025-07-063-0/+9
|
* backup the VM to Google Cloud StorageFranck Cuny2025-06-303-0/+18
| | | | For now we only backup git repositories.
* remove one of my keys from the secretsFranck Cuny2025-06-121-6/+3
|
* use a dedicated SSH key for agenixFranck Cuny2025-06-123-12/+23
| | | | | | | The key is still stored in 1password, and we add a script to synchronize the key to the host. The existing keys have been rekeyed with the new key.
* use agenix to manage some secretsFranck Cuny2025-06-083-0/+20
| | | | | | | | | | | I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future.
* remove secrets and agenix since nothing uses themFranck Cuny2024-12-283-19/+0
|
* switch to the newer version of nixfmtFranck Cuny2024-12-191-6/+8
| | | | | | `nixfmt-rfc-style' replaces `nixfmt-classic'. It's actively maintained, but also changes the style, so this commit touches all the files in the repository.
* use treefmt to format all the filesFranck Cuny2024-12-191-6/+1
|
* move gitotlite to vm-synologyFranck Cuny2024-12-162-6/+6
|
* run `ddns-updater' on `vm-synology'Franck Cuny2024-12-152-1/+4
| | | | | It has a small UI and the configuration with the secrets is managed with `agenix'.
* use agenix to manage secrets in the repositoryFranck Cuny2024-12-142-0/+19
|
* secrets: move all the secrets under module/Franck Cuny2022-04-107-25/+0
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* rclone: synchronize restic repo to GCSFranck Cuny2022-03-112-0/+0
| | | | | | Add a couple of secrets to store the configuration and the service account, and add a timer to synchronize the restic repository to a GCS bucket once a day.
* restic: add the secret for the repo 'systems'Franck Cuny2022-03-071-0/+12
|
* unifi: configure the pollerFranck Cuny2022-03-061-0/+13
|
* traefik: initial configurationFranck Cuny2022-03-061-0/+0
| | | | | | | | | I want to run traefik on the NAS, so I can reach grafana and other future services running on that host. To manage TLS, we use let's encrypt with a DNS challenge. For this to work we need a service account configuration, that is encrypted with age.
* agenix: rekey secretsFranck Cuny2022-03-052-0/+0
| | | | Reinstalled tahoe, new ssh key for the host.
* secrets: add a new key and rekey existing keysFranck Cuny2022-03-012-18/+19
|
* tahoe: wireguard setupFranck Cuny2022-02-211-0/+10
|
* secrets: initial config and a first secretFranck Cuny2022-02-211-0/+10
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 13:45:05 +0000