aboutsummaryrefslogtreecommitdiff
path: root/secrets (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Migration: Remove Ansible and Docker code, move only to NixOSEuAndreh2020-08-107-0/+0
|
* WIP: Move to Vultr and NixOSEuAndreh2020-08-104-0/+0
|
* secret-envrc.sh: Fix remote borg pathEuAndreh2020-08-091-0/+0
|
* scripts/ci/setup.sh: Get GPG key from serverEuAndreh2020-08-081-0/+0
| | | | Instead of storing it on the repository.
* Remove gpodder.net sync software from the serverEuAndreh2020-08-061-0/+0
|
* Add gpodder environment variablesEuAndreh2020-08-051-0/+0
|
* Add gpodder container initial implementationEuAndreh2020-08-051-0/+0
|
* Toggle DESTROY_VPSEuAndreh2020-08-021-0/+0
|
* Conform volume_name to digital ocean's limitationEuAndreh2020-08-021-0/+0
|
* Remove all wallabag references leftEuAndreh2020-08-021-0/+0
|
* Rename DESTROY_VOLUME -> DESTROY_VPSEuAndreh2020-08-021-0/+0
|
* Toggle DESTROY_VOLUMEEuAndreh2020-08-021-0/+0
|
* secret-envry.sh: Add ${DESTROY_VOLUME} operational toggleEuAndreh2020-08-021-0/+0
|
* Use a name from the environment for the names of the host and the volumeEuAndreh2020-08-021-0/+0
|
* secret-envrc.sh: Update TLDEuAndreh2020-08-021-0/+0
|
* Chage $TLD! :tada:EuAndreh2019-06-161-0/+0
|
* Fancify TLD prefixes for Wallabag and NextcloudEuAndreh2019-06-151-0/+0
|
* Specify email address when rotating keysEuAndreh2019-06-131-0/+0
|
* Remove call to =cd= in envrc filesEuAndreh2019-06-101-0/+0
|
* Output all generated files on ./generated/, refactor .envrc variablesEuAndreh2019-06-102-0/+0
|
* Re enable $DESTROY_VOLUME toggleEuAndreh2019-06-101-0/+0
|
* Import GPG key before provisioningEuAndreh2019-06-101-0/+0
|
* Encrypt attached logEuAndreh2019-06-101-0/+0
|
* Send logs via email after finishing provision.shEuAndreh2019-06-101-0/+0
| | | | The email will be send for both sucessfull and failed runs.
* Disable $DESTROY_VOLUME operational toggleEuAndreh2019-06-101-0/+0
|
* Change SSH portEuAndreh2019-06-101-0/+0
|
* Provision DNS entries using DigitalOcean instead of DNS registrarEuAndreh2019-06-101-0/+0
| | | | | | | | | | | | | This way we can implement dynamic (provision-time) Floating IP, instead of a hardcoded pre-created Floating IP address. Related changes: - remove =terraform-godaddy= provider, use =digitalocean_record= instead; - create =generated-known-hosts= after provisioning instead of during =setup.sh=: use the =$(terraform output public_floating_ip)= value to make this file dynamic; - remote the =$PINNED_IP= and =$TF_VAR_floating_ip= variables; - add type and descriptions to variable declarations in Terraform recipe.
* Change $TLDEuAndreh2019-06-091-0/+0
|
* Rotate DNS registrar keysEuAndreh2019-06-091-0/+0
|
* Use same NIX_PATH locally and on the CIEuAndreh2019-06-091-0/+0
|
* Use terraform-godaddy and Terraform 0.11EuAndreh2019-06-081-0/+0
| | | | | | | | | | | | The =terraform-godaddy= package supports only Terraform 0.11 as of now. It is not packaged by default by nixpkgs, and the =postInstall= hook is required because Terraform looks for providers usinthe the =terraform-provider-$name= template, which the package doesn't follow. I had to remove the loop on vps.tf since it requires Terraform 0.12. I'll either wait for =terraform-godaddy= to upgrade to 0.12 or try to do it myself if it bothers me enough.
* Add credentials for manipulating DNS entries.EuAndreh2019-06-081-0/+0
|
* Generate UserKnownHostsFile dynamically instead of when rotating keysEuAndreh2019-06-081-0/+0
| | | | | | | | | | | | The previous solution would hardcode the server IP. This way we can change the server IP address that is hosting everything and keep the SSH keypair. Previously changing the IP address would require either calling the =./rotate-ssh-keys.sh= script or manually changing the IP address on the known-hosts.txt file. The IP address being duplicated itself was a code smell. Both SSH keypair and IP address can now be changed independently.
* Use nextcloud.${TLD} instead of cloud.${TLD} as CNAME for Nextcloud installationEuAndreh2019-06-081-0/+0
|
* Add ${DESTROY_VOLUME} operational toggleEuAndreh2019-06-061-0/+0
| | | | | | | | | | | | | This way I can dynamically control whether to destroy and recreate all the existing infrastructure entirely from scratch. The advantages of doing so are: - test the non-existence of local state on every deployment; - make sure I can always recreate everything from scratch. The disadvantages are: - slower deployment times; - longer downtime during deployments.
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
|
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
|
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
|
* Fix git-crypt configurationEuAndreh2019-06-059-0/+0
|
* Add ./secrets/borg/meta.txtEuAndreh2019-06-051-0/+2
|
* Use specific known keys for connecting with the backup serverEuAndreh2019-06-053-0/+2
|
* Use non-standard port for SSHEuAndreh2019-06-051-0/+0
|
* Use known-hosts.txt with public key from the rotated SSH key pairEuAndreh2019-06-051-0/+1
|
* Use Ansible instead of Bash for provisioningEuAndreh2019-06-0512-0/+150
| | | | | | | | | | | | | | | | | | The deployment is not quite working, and I'm unable to test right now: DigitalOcean is returning 503 for my requests. As of this commit, I can run =ansible-playbook provider.yml= more than once and it will actually be idempotent. Notes: - SSH fingerprint are now taken from the public key file instead of manually supplying it in the terraform template using the =digitalocean_ssh_key= resource; - use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets created by Terraform; - use the =filename.env.extension= to create the concrete files in CI; - use the =user_data= to add the know SSH key pair to the newly created Droplet; - add =rotate-ssh-keys.sh= utils;
* Use Floating IP on DropletEuAndreh2019-05-281-0/+0
|
* Remove git rev-parse from .envrcEuAndreh2019-05-281-0/+0
|
* Rotate secretsEuAndreh2019-05-281-0/+0
|
* Split Bash variable declaration from assignment (shellcheck offense)EuAndreh2019-05-281-0/+0
|
* Add backup routing before possibly tearing down machineEuAndreh2019-05-281-0/+0
| | | | | | | | | | Create a new backup entry before running =terraform apply=, which may (or may not) destroy the current machine. This shouldn't be an issue for the backup itself, since all of the data should be stored in a separate Block Storage Volume, but we can take advantage of the sevices already needing to be taken down in order to perform a full backup of the data.
* Add secrets/borg_remote{.pub} SSH keypairEuAndreh2019-05-282-0/+0
|
generated by cgit v1.2.3 (git 2.50.1) at 2025-12-13 11:05:48 +0000