71baa09bd2 
							
						 
					 
					
						
						
							
							Refactor imports and secrets. Add per system properties and role based secret access.  
						
						... 
						
						
						
						Highlights
- No need to update flake for every machine anymore, just add a properties.nix file.
- Roles are automatically generated from all machine configurations.
- Roles and their secrets automatically are grouped and show up in agenix secrets.nix
- Machines and their service configs may now query the properties of all machines.
- Machine configuration and secrets are now competely isolated into each machine's directory.
- Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones.
- SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup. 
						
						
					 
					
						2023-04-21 12:58:11 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							40f0e5d2ac 
							
						 
					 
					
						
						
							
							Add Phil  
						
						
						
						
					 
					
						2023-04-19 18:12:42 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							378cf47683 
							
						 
					 
					
						
						
							
							restic backups  
						
						
						
						
					 
					
						2023-04-08 21:25:55 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f68a4f4431 
							
						 
					 
					
						
						
							
							nixpkgs-fmt everything  
						
						
						
						
					 
					
						2023-04-04 23:30:28 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							c48b1995f8 
							
						 
					 
					
						
						
							
							Remove zerotier  
						
						
						
						
					 
					
						2023-03-18 20:41:09 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							820cd392f1 
							
						 
					 
					
						
						
							
							Choose random PIA server in a specified region instead of hardcoded. And more TODOs addressed.  
						
						
						
						
					 
					
						2023-03-12 22:55:46 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							759fe04185 
							
						 
					 
					
						
						
							
							with lib;  
						
						
						
						
					 
					
						2023-03-12 21:50:46 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							db441fcf98 
							
						 
					 
					
						
						
							
							Add ability to refuse PIA ports  
						
						
						
						
					 
					
						2023-03-12 21:46:36 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							83e9280bb4 
							
						 
					 
					
						
						
							
							Use the NixOS firewall instead to block unwanted PIA VPN traffic  
						
						
						
						
					 
					
						2023-03-12 20:49:39 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							478235fe32 
							
						 
					 
					
						
						
							
							Enable firewall for PIA VPN wireguard interface  
						
						
						
						
					 
					
						2023-03-12 20:29:20 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							42c0dcae2d 
							
						 
					 
					
						
						
							
							Port forwarding for transmission  
						
						
						
						
					 
					
						2023-03-12 19:50:29 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							7159868b57 
							
						 
					 
					
						
						
							
							update todo's  
						
						
						
						
					 
					
						2023-03-12 19:46:51 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							5ed02e924d 
							
						 
					 
					
						
						
							
							Remove liza  
						
						
						
						
					 
					
						2023-03-12 00:15:06 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							1d620372b8 
							
						 
					 
					
						
						
							
							Remove leftovers of removed compute nodes  
						
						
						
						
					 
					
						2023-03-12 00:14:49 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ecb6d1ef63 
							
						 
					 
					
						
						
							
							Migrate mailserver to ponyo  
						
						
						
						
					 
					
						2023-03-11 23:40:36 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							a5f7bb8a22 
							
						 
					 
					
						
						
							
							Fix vpn systemd service restart issues  
						
						
						
						
					 
					
						2023-03-09 13:07:20 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							cea9b9452b 
							
						 
					 
					
						
						
							
							Initial prototype for Wireguard based PIA VPN - not quite 'ready' yet  
						
						
						
						
					 
					
						2023-03-08 23:49:02 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							b53f03bb7d 
							
						 
					 
					
						
						
							
							Fix typo  
						
						
						
						
					 
					
						2023-03-08 23:45:49 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							dee0243268 
							
						 
					 
					
						
						
							
							Peer to peer connection keepalive task  
						
						
						
						
					 
					
						2023-03-07 22:55:37 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							8b6bc354bd 
							
						 
					 
					
						
						
							
							Peer to peer connection keepalive task  
						
						
						
						
					 
					
						2023-03-07 22:54:26 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							3e0cde40b8 
							
						 
					 
					
						
						
							
							Cleanup remote LUKS unlock  
						
						
						
						
					 
					
						2023-02-11 18:40:08 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							9bcf7cc50d 
							
						 
					 
					
						
						
							
							VPN using its own DNS resolver is unstable  
						
						
						
						
					 
					
						2023-02-11 16:09:02 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							c649b04bdd 
							
						 
					 
					
						
						
							
							Update ssh keys and allow easy ssh LUKS unlocking  
						
						
						
						
					 
					
						2023-02-11 15:05:20 -07:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ec2b248ed8 
							
						 
					 
					
						
						
							
							Don't use tailscale in containers  
						
						
						
						
					 
					
						2022-06-23 22:37:14 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							aa7bbc5932 
							
						 
					 
					
						
						
							
							Use Tailscale  
						
						
						
						
					 
					
						2022-06-23 22:30:07 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							7e615f814d 
							
						 
					 
					
						
						
							
							Rewrite VPN container  
						
						
						
						
					 
					
						2022-05-28 18:54:41 -04:00