Bruno BELANYI
738d1760c3
secrets: remove git-crypt secrets
2021-09-26 23:09:33 +02:00
Bruno BELANYI
1cf93825b2
secrets: register agenix secrets automatically
2021-09-26 23:09:31 +02:00
Bruno BELANYI
8a2aad9b54
secrets: migrate to agenix
...
It is finally time to graduate to an actually secure, stateless
solution.
2021-09-26 23:09:31 +02:00
Bruno BELANYI
018394b61d
secrets: import 'agenix' module
2021-09-25 13:31:43 +02:00
Bruno BELANYI
5ae7b593e4
secrets: add paperless password
...
To be used as a fallback.
2021-08-31 13:52:11 +02:00
Bruno BELANYI
47d19e5b3f
secrets: add paperless
2021-08-31 13:52:11 +02:00
Bruno BELANYI
894b571745
secrets: add sso
2021-08-30 17:36:39 +02:00
Bruno BELANYI
2049e7a2c5
secrets: allow lists in types
2021-08-30 15:35:00 +02:00
Bruno BELANYI
4e8045716c
secrets: add monitoring password
2021-07-13 19:17:33 +02:00
Bruno BELANYI
d6e9f9786d
secrets: use more specific type
...
I will amend it if I need more types, but for now this is fine.
2021-06-27 19:48:26 +02:00
Bruno BELANYI
f8325cc9c7
secrets: clean-up 'default.nix'
2021-06-12 20:35:06 +02:00
Bruno BELANYI
6614b47546
secrets: matrix: add mail configuration
2021-06-09 19:14:09 +02:00
Bruno BELANYI
471fe4e21f
machines: porthos: services: enable podgrab
2021-04-15 16:24:41 +00:00
Bruno BELANYI
ff975b8c7d
machines: porthos: services: enable lohr
2021-04-01 22:48:38 +00:00
Bruno BELANYI
2523b764bd
secrets: add wireguard peers
2021-02-25 15:29:06 +00:00
Bruno BELANYI
91be5ad978
porthos: services: enable Miniflux
2021-02-25 15:29:06 +00:00
Bruno BELANYI
4423478019
secrets: do not encrypt 'default.nix'
2021-02-25 15:29:06 +00:00
Bruno BELANYI
9a0720f934
porthos: services: enable Drone CI
2021-02-25 15:29:05 +00:00
Bruno BELANYI
926f4a144f
secrets: drone: add ssh keys
2021-02-25 15:29:05 +00:00
Bruno BELANYI
a0cdd38848
porthos: services: configure backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
d1d33fd1d1
secrets: modularise
...
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.
This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
7ca077adf7
configuration: users: use hashedPassword
2021-02-08 10:49:58 +00:00
Bruno BELANYI
34ff469b6d
services: add nextcloud
...
The password is quoted using `"` instead of `'` in the setup script,
beware of `$` characters...
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6bfa421112
services: matrix: use shared registration secret
2021-02-08 10:49:58 +00:00
Bruno BELANYI
27d089afaa
services: add transmission
...
This service makes use of the default webui. I really like combustion
more, but am willing to use that one instead given the few amount of
time I actually spend looking at it
2021-02-03 20:38:54 +01:00
Bruno BELANYI
c4e78b2f16
secrets: acme: add dns key
2021-02-03 11:55:33 +01:00
Bruno BELANYI
85e153ac2f
secrets: init git-crypt
2021-02-03 11:55:33 +01:00