aboutsummaryrefslogtreecommitdiff
path: root/secrets (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use Floating IP on DropletEuAndreh2019-05-281-0/+0
|
* Remove git rev-parse from .envrcEuAndreh2019-05-281-0/+0
|
* Rotate secretsEuAndreh2019-05-281-0/+0
|
* Split Bash variable declaration from assignment (shellcheck offense)EuAndreh2019-05-281-0/+0
|
* Add backup routing before possibly tearing down machineEuAndreh2019-05-281-0/+0
| | | | | | | | | | Create a new backup entry before running =terraform apply=, which may (or may not) destroy the current machine. This shouldn't be an issue for the backup itself, since all of the data should be stored in a separate Block Storage Volume, but we can take advantage of the sevices already needing to be taken down in order to perform a full backup of the data.
* Add secrets/borg_remote{.pub} SSH keypairEuAndreh2019-05-282-0/+0
|
* Rename ./secrets/id_rsa{.pub} -> ./secrets/vps_box{.pub}EuAndreh2019-05-282-0/+0
|
* Add variables to properly tag a backupEuAndreh2019-05-271-0/+0
|
* Add Nextcloud recipe to docker-compose.yamlEuAndreh2019-05-271-0/+0
|
* Use Bash variables for domain names and container portsEuAndreh2019-05-271-0/+0
|
* Use more robust Bash cd approachEuAndreh2019-05-261-0/+0
|
* Automate provisioning and deployment of VPSEuAndreh2019-05-262-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | In order to perform that I had to remove Terraform's =.tfstate= files from the repository. Terraform does support "backends" for storing the state files, but I settled for storing it on a separate repo (vps-state). For now it solves the state management problem: - it has history of states; - all state files are GPG encrypted; - there's no coordination however, but only the CI should perform a deploy in order to avoid race conditions. I had to add GPG and SSH keys to sr.ht to achieve that: - SSH public key to my profile to authorize it to push to vps-state repo; - SSH private key to the secret builds.sr.ht environment to enable push to the repository from the pipeline; - GPG public key to git-crypt to make it possible for the pipeline to unlock the encrypted content; - GPG private key to the secret builds.sr.ht environment to enable decrypting git-crypt content from the pipeline. In order to avoid divergent environment from local and CI, the ./provision.sh script is ran through nix-shell.
* Update .tfstate filesEuAndreh2019-05-252-0/+0
|
* Restart docker-compose after deploymentEuAndreh2019-05-251-0/+0
|
* Check-in Terraform .tfstate files using git-cryptEuAndreh2019-05-252-0/+0
|
* Don't use pub_key and pvt_key as input variablesEuAndreh2019-05-252-0/+0
| | | | Embed SSH keypair directly into git-crypt.
* Remove docker-compose.yml from git-cryptEuAndreh2019-05-252-0/+0
|
* Add simple DigitalOcean droplet skeleton for TerraformEuAndreh2019-05-251-0/+0
|
* Use specific folder for volumesEuAndreh2019-05-251-0/+0
|
* Start docker-compose.yml skeleton with WallabagEuAndreh2019-05-252-0/+0
|
* Remove existing NixOps configurationEuAndreh2019-05-251-0/+0
|
* Test nixcloud-webservicesEuAndreh2019-05-251-0/+0
|
* Add simple stub VM definitionEuAndreh2019-05-252-0/+0
generated by cgit v1.2.3 (git 2.50.1) at 2025-12-16 06:21:37 +0000