kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity
Fediversity/keys
History
Kiara Grouwstra b52ccfaf33
add woodpecker CI 
add woodpecker

status: agents error `agent could not auth: individual agent not found
by token: sql: no rows in result set`

allow manual

set `image: bash` to initally test `local` woodpecker back-end

split CI jobs

image: `bash` (`local` back-end) -> `nixos/nix` (`docker` back-end)

add debugging lines to CD pipeline to debug error `Could not open a connection to your authentication agent`

add more debug prints to CD

even more debugging

continue debugging

debug harder

explicitly specify flakes as nixos/nix image is missing this

rm /home

update fedi203

wrap faulty statement

fix check-resources

split

strace pkg

un-strace

un-test cd

dedupe image

max 5

un-bash strace

configure user

simplify secrets

set just group for system users

unverbose npins

schema

add flakes

flakes
2025-08-04 23:32:01 +02:00
..
contributors Change key for Niols (#316) 2025-04-22 11:32:33 +02:00
systems add woodpecker CI 2025-08-04 23:32:01 +02:00
cd-ssh-key.pub add deployment pipeline (#452) 2025-07-10 16:45:46 +02:00
default.nix add deployment pipeline (#452) 2025-07-10 16:45:46 +02:00
flake-part.nix classify recent flake-parts files 2025-07-02 13:25:23 +02:00
panel-ssh-key.pub allow accessing test vms from fedi201, closes #286 (#297) 2025-04-09 16:58:50 +02:00
README.md docs: fix broken links 2025-02-10 15:05:21 +01:00

README.md

Keys

This directory contains the SSH public keys of both contributors to the projects and systems that we administrate. Keys are used both for secrets decryption and infra management.

Which private keys can be used to decrypt secrets is defined in secrets.nix as all the contributors as well as the specific systems that need access to the secret in question. Adding a contributor of system's key to a secret requires rekeying the secret, which can only be done by some key that had already access to it. (Alternatively, one can overwrite a secret without knowing its contents.)

In infra management, the systems' keys are used for security reasons; they identify the machine that we are talking to. The contributor keys are used to give access to the root user on these machines, which allows, among other things, to deploy their configurations with NixOps4.

Adding a contributor

Adding a contributor consists of three steps:

  1. The contributor in question adds a file with their key to the ./contributors directory, and opens a pull request with it.

  2. An already-existing contributor uses their keys to re-key the secrets, taking that new key into account.

  3. An already-existing contributor redeploys the infrastructure to take into account the new access.

  4. The pull request is accepted and merged.