sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-community infrastructure [maintainer=@zowoq]
2039 commits 1 branch 0 tags 3.4 MiB
Nix 58.3%
Python 29.1%
HCL 9.2%
Shell 2.9%
sed 0.5%
Find a file
Maximilian Bosch f333f4e99d darwin/keys/ma27: rotate once again 
It turns out that when using PIV rather than OpenPGP for SSH
(`yubikey-agent` in this case), you cannot change the touch policy for
enrolled keys[1].

However, it turns out that the default (`always` - touching the key for
each SSH auth) is pretty annoying when running remote builds or making
SSH signatures, so I had no choice but to rotate the keys once again.

It's not urgent at all to get this key deployed, I'm only filing this
patch now to check every box on my "SSH rotation checklist" so I don't
forget about it. Happy holidays 🎉

Finally, sorry for the additional noise!

[1] https://docs.yubico.com/yesdk/users-manual/application-piv/pin-touch-policies.html#touch-policies
2023-12-24 13:33:06 +00:00
.github Revert ".github/workflows/repo-list.yml: use default token" 2023-12-19 03:12:32 +00:00
dev dev/treefmt: black -> ruff format 2023-10-30 11:42:34 +00:00
devdoc devdoc: update repo list 2023-12-24 2023-12-24 02:58:43 +00:00
docs docs: add more links for nixpkgs-update 2023-12-14 23:40:43 +00:00
hosts modules/nixos/buildbot: update cachix 2023-12-24 07:16:59 +00:00
modules darwin/keys/ma27: rotate once again 2023-12-24 13:33:06 +00:00
terraform unpin terraform shell 2023-12-17 11:50:04 +00:00
users users: remove admins after quorum changes 2023-02-03 17:10:58 +10:00
.envrc shell, treefmt: move into /dev 2023-05-18 01:17:21 +00:00
.gitignore .gitignore: add newline 2023-11-04 09:41:17 +00:00
.sops.yaml build02: remove hercules 2023-12-02 03:37:48 +00:00
config.yaml use sotp for TOTP secrets 2023-10-17 01:39:48 +00:00
flake.lock flake.lock: Update 2023-12-24 07:16:59 +00:00
flake.nix unpin terraform shell 2023-12-17 11:50:04 +00:00
inv deploy -> inv 2023-01-10 06:47:06 +10:00
LICENSE Create LICENSE 2023-01-22 13:44:41 +10:00
mkdocs.yml docs: add more links for nixpkgs-update 2023-12-14 23:40:43 +00:00
pyproject.toml apply treefmt to codebase 2022-12-31 07:27:07 +01:00
README.md README: link to contacts directly 2023-09-10 06:48:15 +00:00
secrets.yaml secrets.yaml: remove build02 2023-12-13 05:53:33 +00:00
tasks.py unpin terraform shell 2023-12-17 11:50:04 +00:00

README.md

nix-community infrastructure

Welcome to the Nix Community infrastructure project. This project holds all the NixOS and Terraform configuration for this organization.

You're probably looking for our website https://nix-community.org. If you are trying to get in touch with the admins of nix-community, checkout https://nix-community.org/contact/

See devdoc for details about deployment, hardware and onboarding admins.