| commit | 67cf8aa3731dca126803bc3a24a14b6a5fb81ea4 | [log] [tgz] |
|---|---|---|
| author | Skyler Grey <sky@a.starrysky.fyi> | Sun Jul 28 13:21:32 2024 +0000 |
| committer | Skyler Grey <minion@clicks.codes> | Fri Aug 02 19:46:49 2024 +0000 |
| tree | 08152526b8813a18e586e75da77f152f6e54f7db | |
| parent | d938392fe420e2f68177cb78668e7ce59d20d6ef [diff] |
feat(secrets)!: Replace sops with agenix-rekey
sops-nix is tending to be fairly complex for our use-cases, which adds
difficulty to deploying, maintaining our wrapper module, keeping
".env.bin" files, etc.
agenix-rekey is a lot simpler.
notable in this commit is the `// { outputPath = ...; }` hack in
flake.nix. This is needed due to snowfall-lib otherwise butchering paths
such that agenix-rekey is unable to show us what secrets exist with
`agenix edit`, etc... companion to that is the lib.snowfall.fs stuff in
the secrets/default.nix file
Change-Id: Id3e79cfc7d37a7b7de7b8cc42f7392c4d8bd07c5
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/801
Reviewed-by: Skyler Grey <minion@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
This repository contains system configuration for Clicks's infrastructure.
Config is written using Snowfall lib. It keeps us organized and has some nice features like namespaces.
Devices are named after colors, areas are named as a letter, with the matching phonetic alphabet word. Areas are generally managed by one member of Clicks, who has full access to all of the servers in that area. If you require help for a specific area you can email admin@clicks.codes and in the subject line include the area you want help for.
| System | Description | Address |
|---|---|---|
| teal | Primary Host | teal.alpha.clicks.domains |
| a1d2 | Build Server | d2.a1.clicks.domains |
Deploys are done with deploy-rs, you'll need to be able to ssh into a machine with its hostname (either by a nifty .ssh/config rule or tailscale).
Once you've done that, you'll be able to deploy with
$ deploy .#MACHINE_NAME