Commit graph

7 commits

Author SHA1 Message Date
d4d3f6e5d2 add m4dz 2024-04-09 20:14:29 +02:00
816e175b33 restic: move secrets into sops 2024-01-28 15:32:18 +01:00
b38e6a0ebc move the auamost.fish script into haccfiles
This is our script to synchronise groups between uffd and mattermost,
since there seems to be no better way to do that. It has long lived
under /persist/magic/auamost since it contained sensitive data (both
which groups are on our platform & access tokens to both uffd's and
mattermost's API with admin-level permissions).

This splits the script up into a non-sensitive part which lives in Nix,
and a small snippet that just sets all the sensitive stuff into env vars
in sops, so we can manage the entire thing with our usual setup.
2023-12-30 19:03:25 +01:00
b5d4f76a1d rotate octycs's ssh key 2023-05-04 00:40:44 +02:00
003f2f7e44 move all on-disk secrets into sops
this only concerns secrets which are in a raw file. Some of our
services (e.g. nextclouds) keeps secrets in its database; these remain
untouched.

Not yet deployed because of shitty train internet.
2023-05-03 23:04:13 +02:00
0d75469590 rotate zauberberg's ssh key 2023-05-03 22:33:12 +02:00
49fa2325f3 sops-nix proof of concept
this is currently deployed and appears to be working. please everyone
have a look at it & then decide if we want to use this for the other
secrets as well.
2023-04-19 20:08:45 +02:00