aboutsummaryrefslogtreecommitdiff
path: root/secrets (follow)
Commit message (Expand)AuthorAgeFilesLines
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
* Fix git-crypt configurationEuAndreh2019-06-059-0/+0
* Add ./secrets/borg/meta.txtEuAndreh2019-06-051-0/+2
* Use specific known keys for connecting with the backup serverEuAndreh2019-06-053-0/+2
* Use non-standard port for SSHEuAndreh2019-06-051-0/+0
* Use known-hosts.txt with public key from the rotated SSH key pairEuAndreh2019-06-051-0/+1
* Use Ansible instead of Bash for provisioning•••The deployment is not quite working, and I'm unable to test right now: DigitalOcean is returning 503 for my requests. As of this commit, I can run =ansible-playbook provider.yml= more than once and it will actually be idempotent. Notes: - SSH fingerprint are now taken from the public key file instead of manually supplying it in the terraform template using the =digitalocean_ssh_key= resource; - use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets created by Terraform; - use the =filename.env.extension= to create the concrete files in CI; - use the =user_data= to add the know SSH key pair to the newly created Droplet; - add =rotate-ssh-keys.sh= utils; EuAndreh2019-06-0512-0/+150
* Use Floating IP on DropletEuAndreh2019-05-281-0/+0
* Remove git rev-parse from .envrcEuAndreh2019-05-281-0/+0
* Rotate secretsEuAndreh2019-05-281-0/+0
* Split Bash variable declaration from assignment (shellcheck offense)EuAndreh2019-05-281-0/+0
* Add backup routing before possibly tearing down machine•••Create a new backup entry before running =terraform apply=, which may (or may not) destroy the current machine. This shouldn't be an issue for the backup itself, since all of the data should be stored in a separate Block Storage Volume, but we can take advantage of the sevices already needing to be taken down in order to perform a full backup of the data. EuAndreh2019-05-281-0/+0
* Add secrets/borg_remote{.pub} SSH keypairEuAndreh2019-05-282-0/+0
* Rename ./secrets/id_rsa{.pub} -> ./secrets/vps_box{.pub}EuAndreh2019-05-282-0/+0
* Add variables to properly tag a backupEuAndreh2019-05-271-0/+0
* Add Nextcloud recipe to docker-compose.yamlEuAndreh2019-05-271-0/+0
* Use Bash variables for domain names and container portsEuAndreh2019-05-271-0/+0
* Use more robust Bash cd approachEuAndreh2019-05-261-0/+0
* Automate provisioning and deployment of VPS•••In order to perform that I had to remove Terraform's =.tfstate= files from the repository. Terraform does support "backends" for storing the state files, but I settled for storing it on a separate repo (vps-state). For now it solves the state management problem: - it has history of states; - all state files are GPG encrypted; - there's no coordination however, but only the CI should perform a deploy in order to avoid race conditions. I had to add GPG and SSH keys to sr.ht to achieve that: - SSH public key to my profile to authorize it to push to vps-state repo; - SSH private key to the secret builds.sr.ht environment to enable push to the repository from the pipeline; - GPG public key to git-crypt to make it possible for the pipeline to unlock the encrypted content; - GPG private key to the secret builds.sr.ht environment to enable decrypting git-crypt content from the pipeline. In order to avoid divergent environment from local and CI, the ./provision.sh script is ran through nix-shell. EuAndreh2019-05-262-0/+0
* Update .tfstate filesEuAndreh2019-05-252-0/+0
* Restart docker-compose after deploymentEuAndreh2019-05-251-0/+0
* Check-in Terraform .tfstate files using git-cryptEuAndreh2019-05-252-0/+0
* Don't use pub_key and pvt_key as input variables•••Embed SSH keypair directly into git-crypt. EuAndreh2019-05-252-0/+0
* Remove docker-compose.yml from git-cryptEuAndreh2019-05-252-0/+0
* Add simple DigitalOcean droplet skeleton for TerraformEuAndreh2019-05-251-0/+0
* Use specific folder for volumesEuAndreh2019-05-251-0/+0
* Start docker-compose.yml skeleton with WallabagEuAndreh2019-05-252-0/+0
* Remove existing NixOps configurationEuAndreh2019-05-251-0/+0
* Test nixcloud-webservicesEuAndreh2019-05-251-0/+0
* Add simple stub VM definitionEuAndreh2019-05-252-0/+0
generated by cgit v1.2.3 (git 2.52.0) at 2026-02-24 08:34:33 +0000