aboutsummaryrefslogtreecommitdiff
path: root/secrets (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-03-07Delete all old code and configuration to start from scratch with Guix onlyEuAndreh7-0/+0
Delete files related to: - Terraform - opt/* - scripts/deploy - secrets/* - git-crypt - Nix
2021-07-29opt/secrets/: AddEuAndreh1-0/+0
2021-03-07Remove terraform stateEuAndreh2-0/+0
2021-02-25Add WIP servers/nixvps/EuAndreh1-0/+0
2021-02-23Delete Vultr vps resourcesEuAndreh2-0/+0
2021-02-21mv secrets/mail/ -> secrets/vps/mail/EuAndreh2-0/+0
2021-01-16Update tfstate fileEuAndreh2-0/+0
2021-01-16Remove old secrets/base-image-old-password.txtEuAndreh1-0/+0
2021-01-15Checkpoint: Working vps.tf declaration after Vultr migrationEuAndreh2-0/+0
2021-01-15Remove secrets/terraform/tfstate-backups/EuAndreh2-0/+0
2021-01-15Remove secrets/terraform/plan-files/ and terraform-apply.shEuAndreh81-0/+0
2020-11-28vps.tf: Add CNAME "*" subdomain aliasEuAndreh3-0/+0
2020-11-26Terraform: Add email DNS records (DKIM, DMARC, SPF)EuAndreh17-0/+0
2020-11-18Remove default.nix and shell.nixEuAndreh3-0/+0
2020-11-18Remove most Nix filesEuAndreh10-0/+0
2020-11-16Add base Guix configuration and start switching to itEuAndreh5-0/+0
- remove NixOS stateVersion from .envrc; - add guix-reconfigure.sh; - add vps.scm with initial Guix system configuration; - update vps.tf to use the new "base-guix" snapshot. The "base-guix" image doesn't need a password. The "andreh" users has one, but it is configured for not requiring it when running commands as "sudo". The expected minimal steps one has to go through for privilege scalation is via the SSH private key, and accessing the VPS via SSH. Since password login is disabled and root can't login via SSH either, only the private SSH key allows access to the server. After that, the attacker will be able to run commands as root.
2020-11-16Forget existing resource to start working on new VPSEuAndreh1-0/+0
2020-11-02Update terraform generated filesEuAndreh5-0/+0
2020-09-23Use SQLite instead of PostgreSQL: simplify operations and backupEuAndreh1-0/+0
2020-09-22Remove mautrix filesEuAndreh1-0/+0
Instead create a module from the mautrix-whatsapp and start using mautrix-telegram module from nixpkgs.
2020-09-19Initial setup for Telegram in Matrix, but it is still not workingEuAndreh2-0/+0
2020-09-06Refactor vps-configuration.nix: Split secrets from config and envsubst varsEuAndreh19-2/+0
Also rename thingTLD to thingDomain.
2020-09-06Use dynamic toggle for prosodyEuAndreh1-0/+0
2020-09-02Add mediator documentationEuAndreh1-0/+0
2020-09-02Add cement documentationEuAndreh1-0/+0
2020-08-29Build new VPS server from snapshot using bigger machineEuAndreh4-0/+0
I'm using the snapshot here because I don't have any backup system yet, ¯\_(ツ)_/¯ This should be reverted on vps.tf after applying, and I should get down to doing automatic backups.
2020-08-28Add ci-logs from static filesEuAndreh1-0/+0
2020-08-25Enable automatic backup for VPS serverEuAndreh3-0/+0
2020-08-25Add pires-prod deploymentEuAndreh1-0/+0
2020-08-24Add subdomain for pires documentationEuAndreh1-0/+0
2020-08-24Remove matterbridge codeEuAndreh1-0/+0
2020-08-23WIP Fix Converse.js setupEuAndreh1-0/+0
2020-08-23Chage DNS record of prosodyEuAndreh7-0/+0
Terraform file changes were du to me initially trying to do this via creating a SRV DNS record. However this is not required, because Prosody is already on the $TLD sever, the only difference being that it is listening on a different port.
2020-08-23Update prosody userEuAndreh1-0/+0
2020-08-23Use fold to mkdir and chmod all data foldersEuAndreh1-0/+0
2020-08-22Fix DATA_ROOT permissionsEuAndreh1-0/+0
2020-08-22Remove old matterbridge configurationEuAndreh1-0/+0
2020-08-22Add songbooks documentation DNS addressEuAndreh6-0/+0
2020-08-22WIP: reenable prosody and matterbridge, and add PDFsEuAndreh7-0/+0
2020-08-20Add songbooks documentatationEuAndreh1-0/+0
2020-08-19Checkpoint: Shut down Prosody and matterbridgeEuAndreh1-0/+0
Full reasoning under "Decisions" section inside TODOs.org.
2020-08-18Checkpoint: working matterbridge serverEuAndreh1-0/+0
I was able to make matterbridge work, but only to realize that it doesn't support private groups on most services. So I can't use this as a replacement for other chat systems as I desired. I ended up using my conversations.im account due to the lack of MUC support in my current server. I was also able to setup the Converse client, but my Prosody server also doesn't have HTTP (or WebSockets, I don't remember) yet, so it didn't work for my server. So this may serve as a useful future reference, but I pan to turn off the matterbridge server itself.
2020-08-16Checkpoint: Working Prosody serverEuAndreh1-0/+0
Use NGINX to create TLS certificate and then share it with prosody.
2020-08-16Use NGINX to handle the creation of certificates for prosodyEuAndreh7-0/+0
After a terraform state rm '...' of the server and domain configuration, and recreating the instance again while leaving the dettached one running. I had to do this because I was experimenting too much with the domain and I hit the Let's Encrypt rate limit[0]. Because of that I'll recreate certificates less often so that doesn't happen in the new domain during development of the VPS. I'm not shure if this solution works, but I'll commit just as a checkpoint. I had to change the custom DNS nameservers from Digital Ocean to Vultr and that may take a while, so it's worth having this as a checkpoint in time while I'm off to other things. [0]: https://letsencrypt.org/docs/rate-limits/
2020-08-15Deploy "boneco" project at boneco.$TLDEuAndreh1-0/+0
2020-08-15Use new image with ownership of /etc/nixos/configuration.nix by userEuAndreh5-0/+1
Useful reference: - https://discourse.nixos.org/t/can-i-move-etc-nixos-to-my-dotfiles-and-symlink-it-back-to-etc-nixos/4833/10
2020-08-14Add generated Terraform filesEuAndreh4-0/+0
2020-08-14Add updated terraform filesEuAndreh2-0/+0
2020-08-14Export borg key under secrets/EuAndreh2-0/+0
2020-08-14Stop hardcoding the user in favor of $USER_NAMEEuAndreh1-0/+0
generated by cgit v1.3 (git 2.53.0) at 2026-06-21 18:15:32 +0000