about summary refs log tree commit diff
path: root/ops/secrets/secrets.nix
AgeCommit message (Collapse)AuthorFilesLines
2022-05-25 r/4117 feat(ops/secrets): Add private SSH key for Buildkite agent(s)Vincent Ambo1-0/+1
The public key is: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME13zAw3Fk6qsbWCe6mH2zkxOJ+NmG+FwMjLw00mcWt buildkite@tvl Change-Id: Ia8591e5df42727e4068f26865d83d0af85424fde Reviewed-on: https://cl.tvl.fyi/c/depot/+/5664 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-17 r/4092 chore(ops/secrets): add key for tazjin/zamalekVincent Ambo1-0/+3
Change-Id: Ieb2fe49a67940d7cfbd261edbe10d0a8577a466d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5628 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-17 r/3841 feat(ops/secrets): Add journaldriver keyVincent Ambo1-20/+23
This changes the structure of secrets.nix a bit to split between secrets for whitby, and secrets for all TVL machines. Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-01-31 r/3723 style: format entire depot with nixpkgs-fmtVincent Ambo1-1/+2
This CL can be used to compare the style of nixpkgs-fmt against other formatters (nixpkgs, alejandra). Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: edef <edef@edef.eu> Reviewed-by: eta <tvl@eta.st> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-29 r/3714 feat(ops/secrets): Add secret for telegram alerts bot tokenGriffin Smith1-0/+1
This isn't actually used by anything that would use agenix, but this seems like a vaguely sensible way of sharing the token with other people regardless. Anyone who finds this commit and wants to be added to the telegram channel where the alerts go, lmk. Change-Id: I06d6ed2d4bec099cbf68ede8fd00a5e6f4e7bc60 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5124 Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-01-04 r/3518 feat(ops): Add initial oauth2_proxy configurationVincent Ambo1-0/+1
The intent is to configure oauth2_proxy pointing at Keycloak to enable usage with nginx auth_request directives. I want to expose this as a function from within the module in which nginx server configuration blocks can be wrapped, but the function for that is currently a placeholder. Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-01-01 r/3508 feat(ops/secrets): Add smtprelay credentialsVincent Ambo1-0/+1
Change-Id: I489e611a3fb19b4a374a563aa1afd81a130b2e7f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4759 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <mail@tazj.in>
2021-12-27 r/3474 feat(ops/secrets): Import secrets for tf-glesysVincent Ambo1-0/+1
Adds the secrets and some instructions for deploying the GleSYS Terraform infrastructure. Change-Id: I1a10f9cee7648d406b3d27ef45fc74b6923cbc30 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4712 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3470 feat(ops/secrets): Add tf-keycloak secrets fileVincent Ambo1-0/+1
This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-25 r/3402 refactor(ops/whitby): Move Gerrit secrets into agenixVincent Ambo1-0/+1
Gerrit has OAuth2 and email related secrets which now live in agenix instead of a random file on disk. Change-Id: I6220fbb7a2e2ec0102a900b4bcf6150b8b4d32ef Reviewed-on: https://cl.tvl.fyi/c/depot/+/4612 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-25 r/3401 feat(whitby): Configure initial Keycloak setupVincent Ambo1-0/+1
Trialing this as an alternative to CAS that is a little easier to configure and can help us delegate authentication to other OIDC services. Change-Id: Iad63724d349334910af8fed0b148e4ba428f796b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4608 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-11 r/3207 feat(ops/secrets): add keys for sternisterni1-1/+5
Change-Id: Idf13f7737dd51e74e87093e07cdf22ad24407944
2021-12-10 r/3203 refactor(ops): Move panettone secrets to agenixVincent Ambo1-0/+1
Relates to b/161 Change-Id: I508e5a0eacab668f4bd39a2c888d894b96bed093
2021-12-10 r/3199 refactor(ops): Move Nix cache secret to agenixVincent Ambo1-0/+2
... and also the public key, just to keep the distribution mechanism the same. Change-Id: Ief14daf9344c0fb99eeb5789c1ec9bfb1f12bee0
2021-12-10 r/3198 refactor(ops): Use besadii configuration from agenixVincent Ambo1-0/+1
We already checked this in, but this commit adds the configuration for making use of it. There are two copies of besadii's JSON configuration with different permissions. Note that the buildkite-graphql-token path needs to be updated in static-pipeline.yml, but this needs to happen in a separate commit after deploy because the pipeline will break otherwise. Change-Id: I6fab4bf1a2e679df7cf76521e2b53bd9dadbac62
2021-12-10 r/3197 refactor(ops): Move grafana secret into agenixVincent Ambo1-0/+1
Change-Id: Id141758135c796881e91d20b950dae74c40d9ab3
2021-12-10 r/3187 feat(ops/secrets): Add key for grfnGriffin Smith1-1/+5
Change-Id: I8063ae804932e3815e9a499e0206806818b9b021
2021-12-10 r/3184 refactor(ops): Move irccat secret into agenixVincent Ambo1-1/+2
The irccat module uses DynamicUser, so to grant permission to it a new group has been added for irccat. I have some vague memory of DynamicUser + Group not behaving as one would expect, but we'll see what happens. Change-Id: Iab9f6a3f1a53c4133b635458ce173250cc9a3fac
2021-12-10 r/3183 refactor(ops): Move clbot SSH key into agenixVincent Ambo1-0/+1
Change-Id: Iae03ead7dda0509689a76f0d76f9cfeb8434e967
2021-12-10 r/3176 refactor(ops): Move buildkite-agent-token into agenixVincent Ambo1-0/+1
Relates to b/161 Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
2021-12-10 r/3175 refactor(ops): Move owothia secret into agenixVincent Ambo1-1/+2
Relates to b/161 Change-Id: I25445281b0dd3c3f3660f8bb0d8337506a1e427b
2021-12-10 r/3174 refactor(ops): Move clbot secret into agenixVincent Ambo1-0/+1
Relates to b/161 Change-Id: I7badf22ff93bb4e8b06e4dd4a8bf880b0bd48f09
2021-12-10 r/3173 feat(ops/secrets): Configure secrets for gerrit-queueVincent Ambo1-0/+1
Adds a systemd EnvironmentFile secret that contains the Gerrit username & password for gerrit-queue. Change-Id: I25acf87764c26774045138402b8a417b6813ee8f
2021-12-08 r/3159 feat(ops/secrets): Bootstrap agenix secrets folderVincent Ambo1-0/+12
Sets up the key set and adds an initial secret (besadii config with tokens) to be deployed to whitby. Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-01T16·30+0000