| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The dedicated account for backup should be named 'backup', as it's more
generic.
While it's a system account, I still need to be able to log in the host
remotely with sftp, so we give it a UID (991).
The account needs to be able to sftp to tahoe in order to store the
backups from remote hosts. However we don't want this user to get a
shell and be able to browse the host, so we configure sshd to chroot the
user to where the backups are stored.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
- add a comment for each ssh-key that is not stored on a yubikey
- simplify the git commit template
- remove some extra config that I don't need
|
| |
|
|
|
| |
Each key is associated to a variable, which let me be more specific
about which key to use depending on the context.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add a new module to automatically configure the peers for wireguard. The
module needs a configuration file (in `configs/wireguard.toml`) which
lists all the peers, their IP and and their public keys. The secret keys
is encrypted as a secret with agenix.
There's some initial documentation on how to use this setup.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
There's a few things missing (my binaries for the wifi and battery, at a
minimum), but that's fine for now.
|
| | |
|
| |
|
