Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../keys
History
Pieter 39c57d583a feat: Add Nextcloud maintenance automation and cleanup 
- Add 260124-nextcloud-maintenance.yml playbook for database indices and mimetypes
- Add run-maintenance-all-servers.sh script to run maintenance on all servers
- Update ansible.cfg with IdentitiesOnly SSH option to prevent auth failures
- Remove orphaned SSH keys for deleted servers (black, dev, purple, white, edge)
- Remove obsolete edge-traefik and nat-gateway roles
- Remove old upgrade playbooks and fix-private-network playbook
- Update host_vars for egel, ree, zwaan
- Update diun webhook configuration

Successfully ran maintenance on all 17 active servers:
- Database indices optimized
- Mimetypes updated (145-157 new types on most servers)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-24 12:44:54 +01:00
..
ssh feat: Add Nextcloud maintenance automation and cleanup 2026-01-24 12:44:54 +01:00
.gitignore Complete SOPS secrets management setup (#5) 2025-12-27 14:23:36 +01:00
README.md Complete SOPS secrets management setup (#5) 2025-12-27 14:23:36 +01:00

README.md

Age Encryption Keys

⚠️ CRITICAL: This directory contains encryption keys that are NOT committed to Git.

Key Files

  • age-key.txt - Age private key for SOPS encryption (GITIGNORED)

Backup Checklist

Before proceeding with any infrastructure work, ensure you have:

  • Copied age-key.txt to password manager
  • Created offline backup (printed or encrypted USB)
  • Verified backup can decrypt secrets successfully

Key Recovery

If you lose access to age-key.txt:

  1. Check password manager for backup
  2. Check offline backups (printed copy, USB drive)
  3. If no backup exists: Secrets are PERMANENTLY LOST
    • You will need to regenerate all secrets
    • Re-encrypt all .sops.yaml files
    • Update all services with new credentials

Generating a New Key

Only do this if you've lost the original key or need to rotate for security:

# Generate new Age key
age-keygen -o age-key.txt

# Extract public key
grep "public key:" age-key.txt

# Update .sops.yaml in repository root with new public key

# Re-encrypt all secrets
cd ..
for file in secrets/**/*.sops.yaml; do
  SOPS_AGE_KEY_FILE=keys/age-key.txt sops updatekeys -y "$file"
done

Security Notes

  • This directory is in .gitignore
  • Keys should never be shared via email, Slack, or unencrypted channels
  • Always use secure methods for key distribution (password manager, encrypted channels)