sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2161 commits 1 branch 0 tags 3.4 MiB
Commit graph

71 commits

Author SHA1 Message Date
annalee
c0263ecb84 darwin/community-builder: add user annalee 2024-03-16 07:51:44 +00:00
zowoq
6987a1b9de modules/shared: add known-hosts 2024-03-09 23:40:07 +00:00
zowoq
252fca47eb switch back to nixpkgs hercules ci agent 2024-03-08 09:51:00 +00:00
zowoq
06633fbc5a modules/darwin/common: switch back to default 50gb gc 2024-03-08 08:01:24 +00:00
a-kenji
52b02a7824 darwin/community-builder: add user kenji 2024-03-07 16:11:31 +00:00
Puck Meerburg
1450ec832f darwin/community-builder: add user puckipedia 2024-03-07 14:52:57 +00:00
jopejoe1
a6c946dfdb darwin/community-builder: add user jopejoe1 2024-03-06 23:42:43 +00:00
zimbatm
8603c1d570 darwin: disable netbios on activation 
We have received a notification from the German Federal Office for
Information Security (BSI) about our NetBIOS being enabled, and it
potentially being used for DDoS reflection attacks.
 2024-03-06 11:50:51 +00:00
pennae
b6564a5b90 darwin/community-builder: add pennae 2024-03-01 23:00:42 +00:00
matthewcroughan
7e0f467660 modules/*/community-builder: add user matthewcroughan 2024-02-24 15:57:41 +00:00
zowoq
ce979d7349 modules/darwin/common: only allow ssh_host_ed25519_key 
81dd4e0557
we do the same for nixos
 2024-01-25 21:50:15 +00:00
zowoq
5cb6b93100 modules/*/reboot: reduce window from 6 to 3 hours 2024-01-25 02:44:52 +00:00
Matthieu Coudron
b8349ad5b0 modules/*/community-builder: add user teto 2024-01-21 22:58:42 +00:00
zowoq
a9411872ea modules/darwin/common: gbFree: 25 -> 30 2024-01-16 21:23:02 +00:00
David McFarland
0cc343e748 darwin/community-builder: add user corngood 2024-01-09 07:44:41 +00:00
Jan Tojnar
87a6477c98 darwin/community-builder: add user jtojnar 2024-01-07 09:32:06 +00:00
zowoq
c84767203f modules/darwin/common: refactor keys 2024-01-05 01:08:30 +00:00
Maximilian Bosch
f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
 2023-12-24 13:33:06 +00:00
zowoq
672d74cff8 modules/darwin/common: add ryantm to hetzner user 2023-12-22 14:04:45 +00:00
zowoq
648a6031f7 build04, modules/darwin/common: set nixCommunity.gc.gbFree to 25 2023-12-19 23:10:47 +00:00
zowoq
a3a90bc0ae modules/darwin: add apfs-cleanup 2023-12-18 02:48:49 +00:00
zowoq
134882a2b4 modules/darwin/common/reboot: add logs 2023-12-18 02:48:42 +00:00
Maximilian Bosch
b0e7287cc3 darwin/keys/ma27: update 2023-12-17 11:32:21 +00:00
sternenseemann
efbbb2035d darwin/community-builder: add user sternenseemann 
Please there is an angry mob of aarch64-darwin users in front of my
house that want me to fix aarch64-darwin Haskell issues.
 2023-12-12 13:18:25 +00:00
zowoq
aa20e930c6 modules/darwin/common/flake-inputs: fix inputs 2023-12-11 22:52:42 +00:00
zowoq
008c339c6b docs/community-builder: add note about darwin keys 2023-12-10 23:30:21 +00:00
Ilan Joselevich
1a5337ccae darwin/community-builder: add kranzes 2023-12-04 03:18:26 +00:00
Jade Lovelace
2270ffe8d2 darwin/community-builder: add jade 2023-12-03 23:01:53 +00:00
zowoq
92957ad208 modules/darwin/common: disable includeUninstaller 2023-11-27 03:49:14 +00:00
zowoq
42fb15140f modules/darwin/community-builder/users: re-enable forceRecreate 2023-11-25 01:52:13 +00:00
zowoq
accf44e44c modules/darwin/common: add deployment key 2023-11-11 02:16:31 +00:00
zowoq
c46fc2bf60 remove cachix deploy 2023-11-11 00:57:40 +00:00
Stig Palmquist
a31b266e6f modules/darwin/community-builder: add ssh key (sgo) 
Add additional machine specific key
 2023-11-08 12:56:15 +00:00
zowoq
436a795a63 modules/darwin/common/telegraf: add smart 2023-11-03 06:33:05 +00:00
adisbladis
c940bea45e modules/darwin/common: Add adisbladis key to shared hetzner user 2023-11-02 10:58:48 +00:00
chayleaf
8f1a3e5cfe modules/darwin/community-builder: add user 2023-11-01 13:49:51 +00:00
Stig Palmquist
45412005fc modules/darwin/community-builder: add user (sgo) 2023-11-01 11:09:00 +00:00
Anthony Roussel
bfe1912fb0 modules/darwin/community-builder: add user 2023-11-01 10:38:56 +00:00
zowoq
e56954701f modules/darwin/community-builder: add user 2023-10-30 02:38:40 +00:00
zowoq
a2f560d6f9 switch to upstream hercules ci agent 2023-10-29 23:33:02 +00:00
zowoq
0385ef3f38 modules/darwin/community-builder/users: disable users.forceRecreate 2023-10-28 23:58:35 +00:00
zowoq
e181c309a3 modules/darwin: add community-builder 2023-10-28 23:23:19 +00:00
zowoq
5b4fc9aeed modules/darwin/common: disable StrictModes 
needed for symlinked ssh keys
 2023-10-28 23:23:19 +00:00
zowoq
5442d19ea2 modules/darwin/remote-builder: drop ssh activation script 2023-10-26 00:59:48 +00:00
zowoq
8fd1e0819f modules/darwin/common/upgrade-diff: remove HOME workaround 
ab817e5d0e
 2023-10-01 22:10:58 +00:00
zowoq
04b89aba0c modules/darwin/common/telegraf: add internal 2023-09-27 09:12:38 +00:00
zowoq
0b0e0feb1b modules/darwin/common/upgrade-diff: switch to nvd 2023-09-26 21:32:35 +00:00
zowoq
87f470d5ea modules/darwin/common: set nix.gc.user 2023-09-25 01:57:15 +00:00
zowoq
b74ef1be64 modules/darwin/common: set timeZone 2023-09-16 03:15:03 +00:00
zowoq
5c7481a3aa enable cachix deploy agent on all hosts 2023-09-13 07:05:25 +00:00