sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2077 commits 1 branch 0 tags 3.4 MiB
Commit graph

58 commits

Author SHA1 Message Date
zowoq
a9411872ea modules/darwin/common: gbFree: 25 -> 30 2024-01-16 21:23:02 +00:00
David McFarland
0cc343e748 darwin/community-builder: add user corngood 2024-01-09 07:44:41 +00:00
Jan Tojnar
87a6477c98 darwin/community-builder: add user jtojnar 2024-01-07 09:32:06 +00:00
zowoq
c84767203f modules/darwin/common: refactor keys 2024-01-05 01:08:30 +00:00
Maximilian Bosch
f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
 2023-12-24 13:33:06 +00:00
zowoq
672d74cff8 modules/darwin/common: add ryantm to hetzner user 2023-12-22 14:04:45 +00:00
zowoq
648a6031f7 build04, modules/darwin/common: set nixCommunity.gc.gbFree to 25 2023-12-19 23:10:47 +00:00
zowoq
a3a90bc0ae modules/darwin: add apfs-cleanup 2023-12-18 02:48:49 +00:00
zowoq
134882a2b4 modules/darwin/common/reboot: add logs 2023-12-18 02:48:42 +00:00
Maximilian Bosch
b0e7287cc3 darwin/keys/ma27: update 2023-12-17 11:32:21 +00:00
sternenseemann
efbbb2035d darwin/community-builder: add user sternenseemann 
Please there is an angry mob of aarch64-darwin users in front of my
house that want me to fix aarch64-darwin Haskell issues.
 2023-12-12 13:18:25 +00:00
zowoq
aa20e930c6 modules/darwin/common/flake-inputs: fix inputs 2023-12-11 22:52:42 +00:00
zowoq
008c339c6b docs/community-builder: add note about darwin keys 2023-12-10 23:30:21 +00:00
Ilan Joselevich
1a5337ccae darwin/community-builder: add kranzes 2023-12-04 03:18:26 +00:00
Jade Lovelace
2270ffe8d2 darwin/community-builder: add jade 2023-12-03 23:01:53 +00:00
zowoq
92957ad208 modules/darwin/common: disable includeUninstaller 2023-11-27 03:49:14 +00:00
zowoq
42fb15140f modules/darwin/community-builder/users: re-enable forceRecreate 2023-11-25 01:52:13 +00:00
zowoq
accf44e44c modules/darwin/common: add deployment key 2023-11-11 02:16:31 +00:00
zowoq
c46fc2bf60 remove cachix deploy 2023-11-11 00:57:40 +00:00
Stig Palmquist
a31b266e6f modules/darwin/community-builder: add ssh key (sgo) 
Add additional machine specific key
 2023-11-08 12:56:15 +00:00
zowoq
436a795a63 modules/darwin/common/telegraf: add smart 2023-11-03 06:33:05 +00:00
adisbladis
c940bea45e modules/darwin/common: Add adisbladis key to shared hetzner user 2023-11-02 10:58:48 +00:00
chayleaf
8f1a3e5cfe modules/darwin/community-builder: add user 2023-11-01 13:49:51 +00:00
Stig Palmquist
45412005fc modules/darwin/community-builder: add user (sgo) 2023-11-01 11:09:00 +00:00
Anthony Roussel
bfe1912fb0 modules/darwin/community-builder: add user 2023-11-01 10:38:56 +00:00
zowoq
e56954701f modules/darwin/community-builder: add user 2023-10-30 02:38:40 +00:00
zowoq
a2f560d6f9 switch to upstream hercules ci agent 2023-10-29 23:33:02 +00:00
zowoq
0385ef3f38 modules/darwin/community-builder/users: disable users.forceRecreate 2023-10-28 23:58:35 +00:00
zowoq
e181c309a3 modules/darwin: add community-builder 2023-10-28 23:23:19 +00:00
zowoq
5b4fc9aeed modules/darwin/common: disable StrictModes 
needed for symlinked ssh keys
 2023-10-28 23:23:19 +00:00
zowoq
5442d19ea2 modules/darwin/remote-builder: drop ssh activation script 2023-10-26 00:59:48 +00:00
zowoq
8fd1e0819f modules/darwin/common/upgrade-diff: remove HOME workaround 
ab817e5d0e
 2023-10-01 22:10:58 +00:00
zowoq
04b89aba0c modules/darwin/common/telegraf: add internal 2023-09-27 09:12:38 +00:00
zowoq
0b0e0feb1b modules/darwin/common/upgrade-diff: switch to nvd 2023-09-26 21:32:35 +00:00
zowoq
87f470d5ea modules/darwin/common: set nix.gc.user 2023-09-25 01:57:15 +00:00
zowoq
b74ef1be64 modules/darwin/common: set timeZone 2023-09-16 03:15:03 +00:00
zowoq
5c7481a3aa enable cachix deploy agent on all hosts 2023-09-13 07:05:25 +00:00
zowoq
820fdb8fd1 modules: add darwin/nixos builder 2023-09-09 23:25:11 +00:00
zowoq
754a7b72b8 modules: add darwin/nixos remote-builder 2023-09-09 23:19:20 +00:00
zowoq
74f889bccb remove hercules ssh key 2023-08-15 03:36:15 +00:00
zowoq
e9e0d2be8f Revert "modules/darwin/common: use nix 2.16" 
This reverts commit 57842afd48.
 2023-08-15 02:04:35 +00:00
zowoq
30fa9ad56e modules/darwin/common/reboot: command -> script 2023-08-13 02:59:06 +00:00
zowoq
776bffa875 modules/darwin/common/flake-inputs: fix 2023-08-12 08:02:41 +00:00
zowoq
430555b4ae modules/darwin/common/upgrade-diff: postActivation -> preActivation 2023-08-10 05:52:42 +00:00
zowoq
743cffadab modules/darwin/common: add upgrade-diff 2023-08-08 23:43:31 +00:00
zowoq
44575c5c53 modules/darwin/common: disable alf 2023-08-01 21:40:03 +00:00
zowoq
1a1955404f modules/darwin/common: refactor authorizedKeys 2023-08-01 21:39:52 +00:00
zowoq
590a46c1e0 modules/darwin/builder: various 
- drop unnecessary description and group

- use postActivation to give build user ssh access
 2023-08-01 21:39:42 +00:00
zowoq
cbbece4fc3 modules/darwin/common: set timezone 2023-08-01 21:39:31 +00:00
zowoq
47ab2fadc7 darwin: update ssh key comment 2023-07-30 22:40:53 +00:00