infra

Author	SHA1	Message	Date
Raito Bezarius	dc3e5792d0	feat(systems): trust our ICA2 chain on all systems Later, we should ensure we trust only our infra chain on all systems to allow parallel paths that have nothing to do with the infrastructure or multi-tenancy. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2025-01-01 02:07:14 +01:00
Raito Bezarius	92560708b8	feat: multi-tenant secrets Lix may have its own secrets and we want to maintain a certain generalization level on the NixOS modules, so we can decorrelate which secret we select dynamically by having a simple tenancy hierarchy system. This unfortunately requires to rewrite all call sites with a floral prefix until we migrate them to the simple internal secret module which is aware of this. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-06 08:10:44 +00:00
Raito Bezarius	3b6be269d6	feat: introduce Oracle VMs and Hetzner VMs as hardware types This includes aarch64-linux variants for these hosters. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-06 08:10:44 +00:00
Raito Bezarius	6d3e14ec27	feat: finer-grained ACLs for server accesses In the process of adding multi-tenant infrastructure, it seems relevant to add finer-grained ACLs. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-10-05 16:20:19 +02:00
Janik H.	bed5ef022f	change the default user shell to zsh	2024-07-12 19:50:34 +02:00
Pierre Bourdon	70e608a8f7	common: provide a pinned nixpkgs on all infra machines	2024-07-10 17:17:18 +02:00
Yureka	a7d21e96a0	add global hardening options	2024-07-09 23:26:12 +00:00
Raito Bezarius	e3f3c87c0d	meta01: init Includes: - Raito VM module - Raito proxy aware NGINX module - Base server module - Sysadmin module - New SSH keys - Netbox module Signed-off-by: Raito Bezarius <masterancpp@gmail.com>	2024-07-01 19:40:37 +02:00

8 commits