agenix
Netmaker
agenix | Netmaker | |
---|---|---|
10 | 166 | |
1,241 | 8,971 | |
- | 1.1% | |
7.3 | 9.6 | |
6 days ago | 5 days ago | |
Nix | Go | |
Creative Commons Zero v1.0 Universal | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
agenix
-
password manager solution advice
How about: https://github.com/ryantm/agenix
-
how to store secrets needed at install time
I've heard good things about and seen sops-nix used on a few really solid configs. Others tend to use Age or Homeage.
-
Ask HN: A Better Docker Compose?
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. Here are some links that explain:
Containers:
https://nixos.wiki/wiki/NixOS_Containers
Modules:
https://nixos.wiki/wiki/NixOS_modules
Functions:
https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...
Agenix:
https://github.com/ryantm/agenix
-
ridiculously easy mail server setup with NixOS
For passwords I am using agenix which is also pretty awesome, an alternative could have been sops.nix.
-
NixOS for Apt/Yum Users: a Gift That Keeps on Giving
Alternatively, you could simply add the wireless connection files to the Networkmanager dir in /etc using environment.etc. Though keep in mind that any file declared in your config is readable by any user in your system. agenix would be the solution to that.
-
What to do...
One think I saw that I don't recommend is to change your password after installing; that's not very reporoducible, use users.users..hashedPassword or users.users..passwordFile with agenix or sops-nix.
-
Understanding nixos secrets management/aws configuration
Answering your broader question (secret management) colmena does that for me outside the Nix store. I also use git-crypt to store secrets in the repo. There are also more Nix-y alternatives like agenix.
-
If you’re not using SSH certificates you’re doing SSH wrong
I feel that trying to make SSH keys short-lived is becoming more painful each year because there's an increase of tools that use SSH keys for purposes other than SSH logins. For example, age [1] encrypts files with SSH keys, agenix [2] does secrets management with it, Git can now sign commits with it [3], and even ssh-keygen can now sign arbitrary data [4]. All of these become useless the moment you start using short-lived keys.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/ryantm/agenix
[3]: https://calebhearth.com/sign-git-with-ssh
[4]: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
-
homeage: declarative runtime decrypted age secrets for home manager
I built this because I try to keep as much as possible outside of my system config but all of the secret managers I found were system only. I had no idea how to solve this until I found RaitoBezarius' awesome pull request to agenix where it all clicked. It also exposed me to the inner workings of home-manager which has definitely made me appreciate it more! I kept this separate from agenix because I am interested only in a module rather than a CLI and thus see it as having a different fit.
-
How do you manage your private keys?
I've been thinking about the same thing. I haven't gotten around to it yet but agenix looked the most promising to me so far
Netmaker
-
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
Netmaker - Layer 3 peer-to-peer overlay network and private DNS. Similar to Tailscale, but with a self-hosted server/admin UI. Runs kernel WireGuard so very fast. Not FOSS, but the source code is available. Written in Go.
- Netmaker: An open source WireGuard VPN
-
Connecting several hundreds IoT (raspberry pi's) devices with a VPN
My plan is to set up an EC2 instance and host a VPN, considering options like Netmaker, OpenVPN, or Tailscale. The goal is to connect these devices to the VPN, enabling SSH access from any connected node. This method seems cost-effective(Considering I want to use 100s of devices and potentially 1000s) and straightforward, requiring a simple setup with a sudo apt command on the Raspberry Pi.
-
Remote access to a NAS from another location?
I'm wondering if there are any alternative approaches to achieve this. Is something like Netmaker or Tailscale feasible enough? If you have any suggestions, I'd greatly appreciate it.
-
Would we still create Nebula today?
https://github.com/gravitl/netmaker
Honorable mention:
SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:
https://github.com/mrusme/superhighway84
- Show HN: Netmaker – Netmaker Goes Open Source
-
Netmaker Transitions to Open source: Embracing the Apache-2.0 License
Exciting news to share! Netmaker has officially embraced open source. This momentous decision was unveiled at the Open Source Summit in Europe when the pull request successfully merged, transitioning their server from the SSPL to the widely recognized Apache License 2.0.
-
SD-WAN and SASE Solutions
While we've encountered some challenges and worked with vendors like Cisco to find solutions, I'm curious about recommendations for SD-WAN providers that are well-suited for SASE users. This includes not only Zscaler but also other options like Netmaker, Palo Alto, Cloudflare, Cisco, and Forcepoint.
-
Only allowing my home network to access all my EC2 Instances?
Now, my main question is how I can link my DDNS host endpoint with my EC2 instances, allowing only my home network to access them. I've come across a variety of suggestions, such as Netmaker, OpenVPN, Tailscale etc. but I'm curious to hear your opinions on these solutions.
-
CLAs create different issues than making (small) open source contributions
HN is somehow always timely. Currently, these folks expect me to sign a CLA for a one-byte change to their README: https://github.com/gravitl/netmaker/pull/2516
What are some alternatives?
sops-nix - Atomic secret provisioning for NixOS based on sops
tailscale - The easiest, most secure way to use WireGuard and 2FA.
nixos-config - My NixOS configurations.
headscale - An open source, self-hosted implementation of the Tailscale control server
nixos-config - Mirror of https://code.balsoft.ru/balsoft/nixos-config
netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
homeage - runtime decrypted age secrets for nix home manager
firezone - Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
packages - Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
pass-import - A pass extension for importing data from most existing password managers
ZeroTier - A Smart Ethernet Switch for Earth