Bruno BELANYI
8664781da7
secrets: migrate to agenix
...
It is finally time to graduate to an actually secure, stateless
solution.
2021-09-26 23:09:31 +02:00
Bruno BELANYI
abf526ae3c
secrets: import 'agenix' module
2021-09-25 13:31:43 +02:00
Bruno BELANYI
197f371ca9
secrets: add paperless password
...
To be used as a fallback.
2021-08-31 13:52:11 +02:00
Bruno BELANYI
2ea68f705d
secrets: add paperless
2021-08-31 13:52:11 +02:00
Bruno BELANYI
878759cb77
secrets: add sso
2021-08-30 17:36:39 +02:00
Bruno BELANYI
fd526b674b
secrets: allow lists in types
2021-08-30 15:35:00 +02:00
Bruno BELANYI
e342934718
secrets: add monitoring password
2021-07-13 19:17:33 +02:00
Bruno BELANYI
7f8b661309
secrets: use more specific type
...
I will amend it if I need more types, but for now this is fine.
2021-06-27 19:48:26 +02:00
Bruno BELANYI
a4cce8a561
secrets: clean-up 'default.nix'
2021-06-12 20:35:06 +02:00
Bruno BELANYI
4601a55253
secrets: matrix: add mail configuration
2021-06-09 19:14:09 +02:00
Bruno BELANYI
471fe4e21f
machines: porthos: services: enable podgrab
2021-04-15 16:24:41 +00:00
Bruno BELANYI
ff975b8c7d
machines: porthos: services: enable lohr
2021-04-01 22:48:38 +00:00
Bruno BELANYI
2523b764bd
secrets: add wireguard peers
2021-02-25 15:29:06 +00:00
Bruno BELANYI
91be5ad978
porthos: services: enable Miniflux
2021-02-25 15:29:06 +00:00
Bruno BELANYI
4423478019
secrets: do not encrypt 'default.nix'
2021-02-25 15:29:06 +00:00
Bruno BELANYI
9a0720f934
porthos: services: enable Drone CI
2021-02-25 15:29:05 +00:00
Bruno BELANYI
926f4a144f
secrets: drone: add ssh keys
2021-02-25 15:29:05 +00:00
Bruno BELANYI
a0cdd38848
porthos: services: configure backup
2021-02-08 10:49:59 +00:00
Bruno BELANYI
d1d33fd1d1
secrets: modularise
...
Instead of reading from the 'secrets' directory all over the place,
consolidate all secrets-handling inside the same module.
This means that finally, the 'acme' service does not need to come read
right into this repository, however this leads to a potentially unsecure
setup (because I am storing passwords in the Nix store)... I have
decided not to care about this relatively minor issue, but I could
revisit it by using `sops-nix` in the future.
2021-02-08 10:49:59 +00:00
Bruno BELANYI
7ca077adf7
configuration: users: use hashedPassword
2021-02-08 10:49:58 +00:00
Bruno BELANYI
34ff469b6d
services: add nextcloud
...
The password is quoted using `"` instead of `'` in the setup script,
beware of `$` characters...
2021-02-08 10:49:58 +00:00
Bruno BELANYI
6bfa421112
services: matrix: use shared registration secret
2021-02-08 10:49:58 +00:00
Bruno BELANYI
27d089afaa
services: add transmission
...
This service makes use of the default webui. I really like combustion
more, but am willing to use that one instead given the few amount of
time I actually spend looking at it
2021-02-03 20:38:54 +01:00
Bruno BELANYI
c4e78b2f16
secrets: acme: add dns key
2021-02-03 11:55:33 +01:00
Bruno BELANYI
85e153ac2f
secrets: init git-crypt
2021-02-03 11:55:33 +01:00