ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
582 commits 9 branches 0 tags 3.7 MiB
Commit graph

26 commits

Author SHA1 Message Date
Bruno BELANYI 1cf93825b2 secrets: register agenix secrets automatically 2021-09-26 23:09:31 +02:00
Bruno BELANYI 8a2aad9b54 secrets: migrate to agenix 
It is finally time to graduate to an actually secure, stateless
solution.
 2021-09-26 23:09:31 +02:00
Bruno BELANYI 018394b61d secrets: import 'agenix' module 2021-09-25 13:31:43 +02:00
Bruno BELANYI 5ae7b593e4 secrets: add paperless password 
To be used as a fallback.
 2021-08-31 13:52:11 +02:00
Bruno BELANYI 47d19e5b3f secrets: add paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI 894b571745 secrets: add sso 2021-08-30 17:36:39 +02:00
Bruno BELANYI 2049e7a2c5 secrets: allow lists in types 2021-08-30 15:35:00 +02:00
Bruno BELANYI 4e8045716c secrets: add monitoring password 2021-07-13 19:17:33 +02:00
Bruno BELANYI d6e9f9786d secrets: use more specific type 
I will amend it if I need more types, but for now this is fine.
 2021-06-27 19:48:26 +02:00
Bruno BELANYI f8325cc9c7 secrets: clean-up 'default.nix' 2021-06-12 20:35:06 +02:00
Bruno BELANYI 6614b47546 secrets: matrix: add mail configuration 2021-06-09 19:14:09 +02:00
Bruno BELANYI 471fe4e21f machines: porthos: services: enable podgrab 2021-04-15 16:24:41 +00:00
Bruno BELANYI ff975b8c7d machines: porthos: services: enable lohr 2021-04-01 22:48:38 +00:00
Bruno BELANYI 2523b764bd secrets: add wireguard peers 2021-02-25 15:29:06 +00:00
Bruno BELANYI 91be5ad978 porthos: services: enable Miniflux 2021-02-25 15:29:06 +00:00
Bruno BELANYI 4423478019 secrets: do not encrypt 'default.nix' 2021-02-25 15:29:06 +00:00
Bruno BELANYI 9a0720f934 porthos: services: enable Drone CI 2021-02-25 15:29:05 +00:00
Bruno BELANYI 926f4a144f secrets: drone: add ssh keys 2021-02-25 15:29:05 +00:00
Bruno BELANYI a0cdd38848 porthos: services: configure backup 2021-02-08 10:49:59 +00:00
Bruno BELANYI d1d33fd1d1 secrets: modularise 
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.

This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
 2021-02-08 10:49:59 +00:00
Bruno BELANYI 7ca077adf7 configuration: users: use hashedPassword 2021-02-08 10:49:58 +00:00
Bruno BELANYI 34ff469b6d services: add nextcloud 
The password is quoted using `"` instead of `'` in the setup script,
beware of `$` characters...
 2021-02-08 10:49:58 +00:00
Bruno BELANYI 6bfa421112 services: matrix: use shared registration secret 2021-02-08 10:49:58 +00:00
Bruno BELANYI 27d089afaa services: add transmission 
This service makes use of the default webui. I really like combustion
more, but am willing to use that one instead given the few amount of
time I actually spend looking at it
 2021-02-03 20:38:54 +01:00
Bruno BELANYI c4e78b2f16 secrets: acme: add dns key 2021-02-03 11:55:33 +01:00
Bruno BELANYI 85e153ac2f secrets: init git-crypt 2021-02-03 11:55:33 +01:00