| commit | 2b74eede40bca050694f7731207c16b8c5c3ba79 | [log] [tgz] |
|---|---|---|
| author | Skyler Grey <sky@a.starrysky.fyi> | Fri Aug 02 19:01:48 2024 +0000 |
| committer | Skyler Grey <minion@clicks.codes> | Fri Aug 02 19:46:49 2024 +0000 |
| tree | d7c8f3269bb92c52111f5de73dddb7318d703e58 | |
| parent | 2c9c3e7b56d4573bbc9b7c694941627e2fd266fb [diff] |
feat(secrets): Base names on encrypted contents This is useful, for example, to make systemd services restart without fiddling with restart triggers. In sops we achieved this by setting the attribute name using a function - this isn't possible with agenix-rekey because it needs to evaluate secrets (including their attribute names) when the files don't yet exist Despite this, we can still set the "name" - which is used only when rekeying and deploying the secret - and manually handle attribute names Change-Id: Ia49c7fe9eb55341f433cbb7c49935584b48518fe Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/806 Tested-by: Skyler Grey <minion@clicks.codes> Reviewed-by: Skyler Grey <minion@clicks.codes>
This repository contains system configuration for Clicks's infrastructure.
Config is written using Snowfall lib. It keeps us organized and has some nice features like namespaces.
Devices are named after colors, areas are named as a letter, with the matching phonetic alphabet word. Areas are generally managed by one member of Clicks, who has full access to all of the servers in that area. If you require help for a specific area you can email admin@clicks.codes and in the subject line include the area you want help for.
| System | Description | Address |
|---|---|---|
| teal | Primary Host | teal.alpha.clicks.domains |
| a1d2 | Build Server | d2.a1.clicks.domains |
Deploys are done with deploy-rs, you'll need to be able to ssh into a machine with its hostname (either by a nifty .ssh/config rule or tailscale).
Once you've done that, you'll be able to deploy with
$ deploy .#MACHINE_NAME