lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions
depot/ops/nixos/lib
History
Luke Granger-Brown 58a907b700 nixos/vault-agent: listen on UDS only 
This UDS is going to be private to vault-agent and tokend (which doesn't exist
yet).

As a stopgap, for the moment, secretsmgrd will be granted direct access to
speak to the Vault Agent over the UDS.

tokend will be responsible for provisioning applications with tokens, by
issuing subtokens which have roles corresponding to the user account requesting
access.
2022-03-20 11:14:51 +00:00
..
coredns ops/nixos: set up gnetwork link 2022-01-14 19:42:06 +00:00
home-manager hm/client: add VAULT_ADDR env variable 2022-03-11 18:44:52 +00:00
lightspeed nixos/lightspeed: init lightspeed-ingest and lightspeed-webrtc NixOS modules 2021-01-04 15:50:42 +00:00
as205479-web.nix nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
baserow.nix nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
bgp.nix bgp: avoid sending routes to clouvider over routeservers 2022-01-30 15:57:35 +00:00
blade-router.nix blade-router: mark cloudflare as pending 2022-03-03 17:38:19 +00:00
blade.nix ops/nixos: tidy up networking.useDHCP 2022-01-08 21:45:18 +00:00
bvm.nix ops/nixos: migrate nix.maxJobs/binaryCaches/trustedBinaryCaches to the nix.settings equivalents 2022-01-30 20:30:20 +00:00
client.nix ops/nixos: disable LLMNR 2022-01-01 00:41:37 +00:00
common.nix ops/vault: use wrapping token to protect secret IDs in transit 2022-03-20 10:14:02 +00:00
content.nix ops/nixos: factor out various things from clouvider-fra01 2022-01-23 16:58:29 +00:00
deluge.nix ops/nixos: factor out various things from clouvider-fra01 2022-01-23 16:58:29 +00:00
frantech.nix ops/nixos: migrate nix.maxJobs/binaryCaches/trustedBinaryCaches to the nix.settings equivalents 2022-01-30 20:30:20 +00:00
fup.nix nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
graphical-client-wayland.nix ops/nixos: refactoring for sway 2021-05-06 03:56:20 +01:00
graphical-client-x11.nix ops/nixos: add wayland support 2021-05-05 22:13:27 +01:00
graphical-client.nix treewide: fix eval fallout from nixpkgs bump 2022-03-11 14:56:55 +00:00
low-space.nix ops/nixos/lib/low-space: fix 2020-12-06 15:22:40 +00:00
macmini-distributed.nix clouvider-lon01: add mac-mini as remote builder 2021-04-09 18:14:06 +00:00
minotarproxy.nix ops/nixos: set group for isSystemUser users 2021-09-16 19:14:30 +00:00
nhsenglandtests.nix nhsenglandtests: init 2021-12-31 07:00:32 +00:00
plex.nix ops/nixos: factor out various things from clouvider-fra01 2022-01-23 16:58:29 +00:00
quotes.bfob.gg.nix nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
rebuilder.nix ops/nixos: move nix cache tokens into vault 2022-03-11 16:46:50 +00:00
secretsmgr-acme.nix nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
secretsmgr.nix secretsmgr: actually _enable_ the timer unit 2022-03-18 01:08:35 +00:00
ssh-ca-vault.nix nixos: migrate to secretsmgr for sshd and ACME 2022-03-17 23:31:55 +00:00
switch-prebuilt.nix ops/nixos: move nix cache tokens into vault 2022-03-11 16:46:50 +00:00
twitternuke.nix totoro: add twitternuke timer 2021-01-06 21:29:33 +00:00
vault-agent-secrets.nix vault-agent-secrets: add wantedBy for all restartable units too 2022-03-11 18:48:54 +00:00
vault-agent.nix nixos/vault-agent: listen on UDS only 2022-03-20 11:14:51 +00:00
whitby-distributed.nix ops/nixos: add whitby-distributed to clouvider-lon01 2020-11-30 23:21:56 +00:00
zfs.nix ops/nixos: add some vault-agent setup 2022-01-23 23:38:40 +00:00