about summary refs log tree commit diff
path: root/hosts/aptos/secrets (follow)
Commit message (Collapse)AuthorAgeFilesLines
* delete configuration for old machinesFranck Cuny2023-12-086-40/+0
| | | | These machines are gone, no need to keep the configuration around.
* hosts/aptos: do backups over sftp with a dedicated ssh keyFranck Cuny2023-04-232-0/+5
|
* secrets: move aptos' gcloud secrets to homeageFranck Cuny2023-03-112-5/+0
| | | | This secret is not needed system wide, I only need it to run some tools.
* hosts/aptos: re-key all the secrets with age identitiesFranck Cuny2023-03-106-18/+19
| | | | | | | This is now using the public keys from various age keys: - one for my user on the laptop - one for the root user on the laptop - one backup key stored on the USB drive
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-101-1/+2
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* secrets: add a new secrets for gcloud (aptos only)Franck Cuny2022-05-072-0/+5
| | | | | This is the configuration needed to interact with GCP from this repository. We only want it on aptos for now.
* backups: do backups for the laptopFranck Cuny2022-04-242-0/+14
| | | | | | | | | | | | | From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup.
* syncthing: enable on trusted machinesFranck Cuny2022-04-214-2/+16
| | | | Add the cert and key for aptos.
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-132-0/+4
Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.