aboutsummaryrefslogtreecommitdiff
path: root/secrets (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Setup cgit and ProsodyEuAndreh2020-08-141-0/+0
| | | | The TLS setup for Prosody is broken, though.
* Add .tfplan extension to Terraform plan filesEuAndreh2020-08-1233-0/+0
|
* vps-configuration.env.nix: Finish working Nextcloud installationEuAndreh2020-08-116-0/+0
|
* nixos-update.sh: Always set the NixOS channel based on $SYSTEM_STATE_VERSIONEuAndreh2020-08-111-0/+0
|
* Update Terraform infrastructureEuAndreh2020-08-103-0/+0
|
* Semi working setup: Terraform and LetsEncrypt workingEuAndreh2020-08-1023-0/+1
|
* Interactive Terraform plan -> apply cycleEuAndreh2020-08-1011-0/+0
|
* nixfmt ./secrets/nix/e1d5f317b0f7a-snapshot-configuration.nixEuAndreh2020-08-101-0/+0
|
* Use password via stdin, and store the snapshot image configuration.nixEuAndreh2020-08-102-0/+0
|
* Use new image with new SSH key and andreh userEuAndreh2020-08-101-0/+0
|
* Remove unused secrets/{borg,ssh}/EuAndreh2020-08-106-0/+0
|
* Migration: Remove Ansible and Docker code, move only to NixOSEuAndreh2020-08-107-0/+0
|
* WIP: Move to Vultr and NixOSEuAndreh2020-08-104-0/+0
|
* secret-envrc.sh: Fix remote borg pathEuAndreh2020-08-091-0/+0
|
* scripts/ci/setup.sh: Get GPG key from serverEuAndreh2020-08-081-0/+0
| | | | Instead of storing it on the repository.
* Remove gpodder.net sync software from the serverEuAndreh2020-08-061-0/+0
|
* Add gpodder environment variablesEuAndreh2020-08-051-0/+0
|
* Add gpodder container initial implementationEuAndreh2020-08-051-0/+0
|
* Toggle DESTROY_VPSEuAndreh2020-08-021-0/+0
|
* Conform volume_name to digital ocean's limitationEuAndreh2020-08-021-0/+0
|
* Remove all wallabag references leftEuAndreh2020-08-021-0/+0
|
* Rename DESTROY_VOLUME -> DESTROY_VPSEuAndreh2020-08-021-0/+0
|
* Toggle DESTROY_VOLUMEEuAndreh2020-08-021-0/+0
|
* secret-envry.sh: Add ${DESTROY_VOLUME} operational toggleEuAndreh2020-08-021-0/+0
|
* Use a name from the environment for the names of the host and the volumeEuAndreh2020-08-021-0/+0
|
* secret-envrc.sh: Update TLDEuAndreh2020-08-021-0/+0
|
* Chage $TLD! :tada:EuAndreh2019-06-161-0/+0
|
* Fancify TLD prefixes for Wallabag and NextcloudEuAndreh2019-06-151-0/+0
|
* Specify email address when rotating keysEuAndreh2019-06-131-0/+0
|
* Remove call to =cd= in envrc filesEuAndreh2019-06-101-0/+0
|
* Output all generated files on ./generated/, refactor .envrc variablesEuAndreh2019-06-102-0/+0
|
* Re enable $DESTROY_VOLUME toggleEuAndreh2019-06-101-0/+0
|
* Import GPG key before provisioningEuAndreh2019-06-101-0/+0
|
* Encrypt attached logEuAndreh2019-06-101-0/+0
|
* Send logs via email after finishing provision.shEuAndreh2019-06-101-0/+0
| | | | The email will be send for both sucessfull and failed runs.
* Disable $DESTROY_VOLUME operational toggleEuAndreh2019-06-101-0/+0
|
* Change SSH portEuAndreh2019-06-101-0/+0
|
* Provision DNS entries using DigitalOcean instead of DNS registrarEuAndreh2019-06-101-0/+0
| | | | | | | | | | | | | This way we can implement dynamic (provision-time) Floating IP, instead of a hardcoded pre-created Floating IP address. Related changes: - remove =terraform-godaddy= provider, use =digitalocean_record= instead; - create =generated-known-hosts= after provisioning instead of during =setup.sh=: use the =$(terraform output public_floating_ip)= value to make this file dynamic; - remote the =$PINNED_IP= and =$TF_VAR_floating_ip= variables; - add type and descriptions to variable declarations in Terraform recipe.
* Change $TLDEuAndreh2019-06-091-0/+0
|
* Rotate DNS registrar keysEuAndreh2019-06-091-0/+0
|
* Use same NIX_PATH locally and on the CIEuAndreh2019-06-091-0/+0
|
* Use terraform-godaddy and Terraform 0.11EuAndreh2019-06-081-0/+0
| | | | | | | | | | | | The =terraform-godaddy= package supports only Terraform 0.11 as of now. It is not packaged by default by nixpkgs, and the =postInstall= hook is required because Terraform looks for providers usinthe the =terraform-provider-$name= template, which the package doesn't follow. I had to remove the loop on vps.tf since it requires Terraform 0.12. I'll either wait for =terraform-godaddy= to upgrade to 0.12 or try to do it myself if it bothers me enough.
* Add credentials for manipulating DNS entries.EuAndreh2019-06-081-0/+0
|
* Generate UserKnownHostsFile dynamically instead of when rotating keysEuAndreh2019-06-081-0/+0
| | | | | | | | | | | | The previous solution would hardcode the server IP. This way we can change the server IP address that is hosting everything and keep the SSH keypair. Previously changing the IP address would require either calling the =./rotate-ssh-keys.sh= script or manually changing the IP address on the known-hosts.txt file. The IP address being duplicated itself was a code smell. Both SSH keypair and IP address can now be changed independently.
* Use nextcloud.${TLD} instead of cloud.${TLD} as CNAME for Nextcloud installationEuAndreh2019-06-081-0/+0
|
* Add ${DESTROY_VOLUME} operational toggleEuAndreh2019-06-061-0/+0
| | | | | | | | | | | | | This way I can dynamically control whether to destroy and recreate all the existing infrastructure entirely from scratch. The advantages of doing so are: - test the non-existence of local state on every deployment; - make sure I can always recreate everything from scratch. The disadvantages are: - slower deployment times; - longer downtime during deployments.
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
|
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
|
* Script: rotate SSH keysEuAndreh2019-06-055-0/+0
|
* Fix git-crypt configurationEuAndreh2019-06-059-0/+0
|
generated by cgit v1.2.3 (git 2.50.1) at 2025-07-23 20:01:42 +0000