sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2295 commits 1 branch 0 tags 3.4 MiB
Commit graph

85 commits

Author SHA1 Message Date
zowoq
03fb7492bb add agenix to deploy darwin secrets 2024-05-16 05:29:31 +00:00
zowoq
a50a726407 modules/darwin/community-builder: sort UIDs 2024-05-16 04:58:33 +00:00
zowoq
4acae13372 modules/darwin/common: add customer user 2024-05-16 03:59:55 +00:00
nicoo
b4a3ab4adc darwin/community-builder: add user nicoo 2024-05-13 07:27:30 +00:00
zowoq
06b72a6b95 modules/shared/telegraf: add /etc/flake-inputs.prom 
allows the flake inputs to be changed without restarting telegraf
 2024-05-09 22:31:50 +00:00
zowoq
21c49c5357 modules: refactor telegraf 2024-05-09 22:31:50 +00:00
zowoq
17b28638cc modules/darwin/builder: set interactive ProcessType for nix daemon 2024-04-25 03:08:24 +00:00
zowoq
453a51770f modules/darwin/common: add mdutil to postActivation script 
The official and detsys nix installers disable spotlight for /nix/store but we may as well just disable it everywhere.

eb25dc61a6/modules/examples/hydra.nix (L46)
9ddbcdd3b7/darwin-configuration.nix (L58)
 2024-04-20 01:24:08 +00:00
zowoq
5da85a9b72 modules/darwin/hercules-ci: add security to service path 2024-04-09 23:07:18 +00:00
zowoq
fbb9cd80bb Revert "darwin/community-builder: add user annalee" 
This reverts commit c0263ecb84.
 2024-04-06 22:06:27 +00:00
Ember 'n0emis' Keske
f98bd5644a darwin/community-builder: add user ember 2024-03-28 02:44:19 +00:00
Pablo Ovelleiro Corral
a53d7c7414 Add pinpox key to darwin 2024-03-27 22:43:17 +00:00
Pablo Ovelleiro Corral
006213a749 Add pinpox 2024-03-27 22:43:17 +00:00
jopejoe1
c47efd57da darwin/community-builder: jopejoe1 update ssh key 2024-03-27 22:41:02 +00:00
annalee
c0263ecb84 darwin/community-builder: add user annalee 2024-03-16 07:51:44 +00:00
zowoq
6987a1b9de modules/shared: add known-hosts 2024-03-09 23:40:07 +00:00
zowoq
252fca47eb switch back to nixpkgs hercules ci agent 2024-03-08 09:51:00 +00:00
zowoq
06633fbc5a modules/darwin/common: switch back to default 50gb gc 2024-03-08 08:01:24 +00:00
a-kenji
52b02a7824 darwin/community-builder: add user kenji 2024-03-07 16:11:31 +00:00
Puck Meerburg
1450ec832f darwin/community-builder: add user puckipedia 2024-03-07 14:52:57 +00:00
jopejoe1
a6c946dfdb darwin/community-builder: add user jopejoe1 2024-03-06 23:42:43 +00:00
zimbatm
8603c1d570 darwin: disable netbios on activation 
We have received a notification from the German Federal Office for
Information Security (BSI) about our NetBIOS being enabled, and it
potentially being used for DDoS reflection attacks.
 2024-03-06 11:50:51 +00:00
pennae
b6564a5b90 darwin/community-builder: add pennae 2024-03-01 23:00:42 +00:00
matthewcroughan
7e0f467660 modules/*/community-builder: add user matthewcroughan 2024-02-24 15:57:41 +00:00
zowoq
ce979d7349 modules/darwin/common: only allow ssh_host_ed25519_key 
81dd4e0557
we do the same for nixos
 2024-01-25 21:50:15 +00:00
zowoq
5cb6b93100 modules/*/reboot: reduce window from 6 to 3 hours 2024-01-25 02:44:52 +00:00
Matthieu Coudron
b8349ad5b0 modules/*/community-builder: add user teto 2024-01-21 22:58:42 +00:00
zowoq
a9411872ea modules/darwin/common: gbFree: 25 -> 30 2024-01-16 21:23:02 +00:00
David McFarland
0cc343e748 darwin/community-builder: add user corngood 2024-01-09 07:44:41 +00:00
Jan Tojnar
87a6477c98 darwin/community-builder: add user jtojnar 2024-01-07 09:32:06 +00:00
zowoq
c84767203f modules/darwin/common: refactor keys 2024-01-05 01:08:30 +00:00
Maximilian Bosch
f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
 2023-12-24 13:33:06 +00:00
zowoq
672d74cff8 modules/darwin/common: add ryantm to hetzner user 2023-12-22 14:04:45 +00:00
zowoq
648a6031f7 build04, modules/darwin/common: set nixCommunity.gc.gbFree to 25 2023-12-19 23:10:47 +00:00
zowoq
a3a90bc0ae modules/darwin: add apfs-cleanup 2023-12-18 02:48:49 +00:00
zowoq
134882a2b4 modules/darwin/common/reboot: add logs 2023-12-18 02:48:42 +00:00
Maximilian Bosch
b0e7287cc3 darwin/keys/ma27: update 2023-12-17 11:32:21 +00:00
sternenseemann
efbbb2035d darwin/community-builder: add user sternenseemann 
Please there is an angry mob of aarch64-darwin users in front of my
house that want me to fix aarch64-darwin Haskell issues.
 2023-12-12 13:18:25 +00:00
zowoq
aa20e930c6 modules/darwin/common/flake-inputs: fix inputs 2023-12-11 22:52:42 +00:00
zowoq
008c339c6b docs/community-builder: add note about darwin keys 2023-12-10 23:30:21 +00:00
Ilan Joselevich
1a5337ccae darwin/community-builder: add kranzes 2023-12-04 03:18:26 +00:00
Jade Lovelace
2270ffe8d2 darwin/community-builder: add jade 2023-12-03 23:01:53 +00:00
zowoq
92957ad208 modules/darwin/common: disable includeUninstaller 2023-11-27 03:49:14 +00:00
zowoq
42fb15140f modules/darwin/community-builder/users: re-enable forceRecreate 2023-11-25 01:52:13 +00:00
zowoq
accf44e44c modules/darwin/common: add deployment key 2023-11-11 02:16:31 +00:00
zowoq
c46fc2bf60 remove cachix deploy 2023-11-11 00:57:40 +00:00
Stig Palmquist
a31b266e6f modules/darwin/community-builder: add ssh key (sgo) 
Add additional machine specific key
 2023-11-08 12:56:15 +00:00
zowoq
436a795a63 modules/darwin/common/telegraf: add smart 2023-11-03 06:33:05 +00:00
adisbladis
c940bea45e modules/darwin/common: Add adisbladis key to shared hetzner user 2023-11-02 10:58:48 +00:00
chayleaf
8f1a3e5cfe modules/darwin/community-builder: add user 2023-11-01 13:49:51 +00:00