Move all flakes into modules/ and sep't, create deploy script for a1d2
Change-Id: Ie4d50fb8f16da193195beb139922a366b72b0b0a
diff --git a/.sops.yaml b/.sops.yaml
index e9b72bc..f90f560 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,11 +1,13 @@
keys:
- &clicks_minion age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy
- &clicks_coded age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd
- - &server_dc1 age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr
+ - &a1d1 age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr
+ - &a1d2 age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv
creation_rules:
- path_regex: secrets/.*
key_groups:
- age:
- *clicks_minion
- *clicks_coded
- - *server_dc1
+ - *a1d1
+ - *a1d2
diff --git a/default/configuration.nix b/default/configuration.nix
deleted file mode 100644
index b3b80a9..0000000
--- a/default/configuration.nix
+++ /dev/null
@@ -1,153 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-
-{
- # Use the GRUB 2 boot loader.
- boot.loader.systemd-boot.enable = true;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
- # networking.hostName = "nixos"; # Define your hostname.
- # Pick only one of the below networking options.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
-
- # Set your time zone.
- time.timeZone = "Etc/UTC";
-
- # Configure network proxy if necessary
- # networking.proxy.default = "http://user:password@proxy:port/";
- # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
- # Select internationalisation properties.
- # i18n.defaultLocale = "en_US.UTF-8";
- # console = {
- # font = "Lat2-Terminus16";
- # keyMap = "us";
- # useXkbConfig = true; # use xkbOptions in tty.
- # };
-
- # Enable the X11 windowing system.
- # services.xserver.enable = true;
-
- # Configure keymap in X11
- # services.xserver.layout = "us";
- # services.xserver.xkbOptions = {
- # "eurosign:e";
- # "caps:escape" # map caps to escape.
- # };
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # Enable sound.
- # sound.enable = true;
- # hardware.pulseaudio.enable = true;
-
- # Enable touchpad support (enabled default in most desktopManager).
- # services.xserver.libinput.enable = true;
-
- # Define a user account. Don't forget to set a password with ‘passwd’.
- # users.users.alice = {
- # isNormalUser = true;
- # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
- # packages = with pkgs; [
- # firefox
- # thunderbird
- # ];
- # };
- users.users.minion = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
-
- openssh.authorizedKeys.keys = [
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
- ];
- };
- users.users.coded = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
- shell = pkgs.zsh;
-
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZGErwcw5YUlJS9tAfIYOSqkiuDRZZRTJjMlrDaAiNwTjqUML/Lrcau/1KA6a0+sXCM8DhQ1e0qhh2Qxmh/kxZWO6XMVK2EB7ELPNojqFI16T8Bbhq2t7yVAqbPUhXLQ4xKGvWMCPWOCo/dY72P9yu7kkMV0kTW3nq25+8nvqIvvuQOlOUx1uyR7qEfO706O86wjVTIuwfZKyzMDIC909vyg0xS+SfFlD7MkBuGzevQnOAV3U6tyafg6XW4PaJuDLyGXwpKz6asY08F7gRL/7/GhlMB09nfFfT4sZggmqPdGAtxwsFuwHPjNSlktHz5nlHtpS0LjefR9mWiGIhw5Hw1z33lxP0rfmiEU9J7kFcXv9B8QAWFwWfNEZfeqB7h7DJruo+QRStGeDz4SwRG3GR+DB4iNJLt7n0ALkVFJpOpskeo8TV4+Fwok+hYs2GsvdEmh9Cj7dC/9CyRhJeam9iLIi/iVGZhXEE3tIiqEktZPjiK7JwQyr97zhGJ7Rj4oE= samue@SamuelDesktop"
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH+TJRuMpDPgh6Wp2h+E+O/WoyEAVyWo6SN8oxm2JZNVAAAABHNzaDo= samue@SamuelDesktop"
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILrwKN4dJQ0BiLmjsA/66QHhu06+JyokWtHkLcjhWU79AAAABHNzaDo= coded-sk-resident-1"
- ];
- };
- users.users.pineafan = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
- shell = pkgs.zsh;
-
- openssh.authorizedKeys.keys = [
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFXa8ow7H8XpTrwYI+oSgLFfb6YNZanwv/QCKvEKiERSAAAABHNzaDo= pineapplefan@Pineapplefan"
- "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJNFMUYiEepGrIAbUM+Hlw/OuGWc8CNQsYlJ7519RVmeu+/vqEQbhchySTelibD19YqsZ7ICfYxAeQzOqHdXfs="
- ];
- };
- users.users.nucleus = {
- isSystemUser = true;
- createHome = true;
- home = "/services/nucleus";
- group = "clicks";
- shell = pkgs.bashInteractive;
- };
- users.users.websites = {
- isSystemUser = true;
- createHome = true;
- home = "/services/websites";
- group = "clicks";
- shell = pkgs.bashInteractive;
- };
- users.groups.clicks = { };
-
- programs.zsh.enable = true;
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
- wget
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- nix.settings.trusted-users = [ "minion" ]; # please do not add all wheel, only
- # add users when there is a specific need
-
- nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
- # Open ports in the firewall.
- networking.firewall.allowedTCPPorts =
- [ 80 443 25 465 587 110 995 143 993 29418 ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- networking.firewall.enable = true;
- networking.hostName = "Clicks";
- # Copy the NixOS configuration file and link it from the resulting system
- # (/run/current-system/configuration.nix). This is useful in case you
- # accidentally delete configuration.nix.
- # system.copySystemConfiguration = true;
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "22.11"; # Did you read the comment?
-
-}
diff --git a/default/flake.nix b/default/flake.nix
deleted file mode 100644
index a379628..0000000
--- a/default/flake.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- description = "A very basic flake";
-
- outputs = { self, nixpkgs }: {
-
- packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
-
- packages.x86_64-linux.nixosConfigurations.nixos =
- let pkgs = nixpkgs.legacyPackages.x86_64-linux;
- in nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- {
- nixpkgs.config.allowUnfree = true;
- services.mongodb.enable = true;
- services.mongodb.package = pkgs.mongodb-6_0;
- }
- ./configuration.nix
- ];
- };
-
- };
-}
diff --git a/flake.lock b/flake.lock
index 8b5a381..b8a76d8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -59,15 +59,16 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1699382547,
- "narHash": "sha256-2eic/8NNO6G1fQsCpTm26ryUyk2bl6f08S9Zc/69iBI=",
- "ref": "refs/heads/main",
- "rev": "fde6300909a486731d1cbe14589f65c8f6262d7e",
+ "lastModified": 1698610123,
+ "narHash": "sha256-soPh6oYJOjLFsbVx9Qu/0FTAIaLXjvaB8YohezFEBeE=",
+ "ref": "refs/changes/88/188/3",
+ "rev": "75adae2fe0c9679868a8e7a942dd3ef21aa462da",
"revCount": 17,
"type": "git",
"url": "https://git.clicks.codes/Clicks/NixHelpers"
},
"original": {
+ "ref": "refs/changes/88/188/3",
"type": "git",
"url": "https://git.clicks.codes/Clicks/NixHelpers"
}
@@ -125,6 +126,22 @@
"type": "github"
}
},
+ "nixpkgs-mongodb": {
+ "locked": {
+ "lastModified": 1697935353,
+ "narHash": "sha256-dDwl5ziD24Gs0feke2seFXoQibHafb5XeNDWlUZxCbg=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "8dfad603247387df1df4826b8bea58efc5d012d8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "8dfad603247387df1df4826b8bea58efc5d012d8",
+ "type": "github"
+ }
+ },
"nixpkgs-privatebin": {
"locked": {
"lastModified": 1694007184,
@@ -195,6 +212,7 @@
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_3",
"nixpkgs-clicksforms": "nixpkgs-clicksforms",
+ "nixpkgs-mongodb": "nixpkgs-mongodb",
"nixpkgs-privatebin": "nixpkgs-privatebin",
"scalpel": "scalpel",
"sops-nix": "sops-nix"
diff --git a/flake.nix b/flake.nix
index a9ca630..51c638a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,7 @@
{
description = "A flake to deploy and configure Clicks' NixOS server";
+ # input URLs
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05";
inputs.flake-utils.url = "github:numtide/flake-utils";
@@ -9,6 +10,12 @@
inputs.sops-nix.url = "github:Mic92/sops-nix";
inputs.scalpel.url = "github:polygon/scalpel";
+ inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
+ inputs.nixpkgs-mongodb.url = "github:nixos/nixpkgs?rev=8dfad603247387df1df4826b8bea58efc5d012d8";
+
+ inputs.helpers.url = "git+https://git.clicks.codes/Clicks/NixHelpers?ref=refs/changes/88/188/3";
+
+ # follow settings
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -16,12 +23,8 @@
inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
- inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
-
- inputs.helpers.url = "git+https://git.clicks.codes/Clicks/NixHelpers";
-
outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel
- , nixpkgs-privatebin, helpers, ... }@inputs:
+ , nixpkgs-privatebin, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
@@ -34,55 +37,36 @@
})
];
};
+ helpers = inputs.helpers.helpers { inherit pkgs nixpkgs; };
+ drive_paths = import ./variables/drive_paths.nix;
+
+ a1d1 = import ./modules/a1d1 { inherit self pkgs system inputs drive_paths; };
+ a1d2 = import ./modules/a1d2 { inherit self pkgs system inputs; drive_paths = null; };
in rec {
nixosConfigurations.clicks = let
base = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
- ./default/configuration.nix
- ./default/hardware-configuration.nix
- ./modules/cache.nix
- ./modules/clamav.nix
- ./modules/cloudflare-ddns.nix
- ./modules/dmarc.nix
- ./modules/dnsmasq.nix
- ./modules/doas.nix
- ./modules/docker.nix
- ./modules/drivePaths.nix
- ./modules/ecryptfs.nix
- ./modules/fail2ban.nix
- ./modules/gerrit.nix
- ./modules/git.nix
- ./modules/grafana.nix
- ./modules/home-manager-users.nix
- ./modules/keycloak.nix
- ./modules/kitty.nix
- ./modules/loginctl-linger.nix
- ./modules/matrix.nix
- ./modules/mongodb.nix
- ./modules/networking.nix
- ./modules/nextcloud.nix
- ./modules/nginx-routes.nix
- ./modules/nginx.nix
- ./modules/node.nix
- ./modules/postgres.nix
- ./modules/privatebin.nix
- ./modules/samba.nix
- ./modules/scalpel.nix
- ./modules/ssh.nix
- ./modules/static-ip.nix
- ./modules/syncthing.nix
- ./modules/tesseract.nix
- ./modules/vaultwarden.nix
+ {
+ system.stateVersion = "22.11";
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.trusted-users = [ "minion" ];
+ time.timeZone = "Etc/UTC";
+ users.mutableUsers = false;
+
+ fileSystems."/" = {};
+ }
+ ]
+ ++ (helpers.nixFilesIn ./modules/common)
+ ++ [
sops-nix.nixosModules.sops
"${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix"
- { users.mutableUsers = false; }
];
- specialArgs = {
+ specialArgs = inputs // {
base = null;
- drive_paths = import ./variables/drive_paths.nix;
inherit system;
- helpers = helpers.helpers { inherit pkgs; };
+ inherit helpers;
+ drive_paths = null;
};
};
in base.extendModules {
@@ -95,82 +79,11 @@
modules = [{ services.mongodb.enable = nixpkgs.lib.mkForce false; }];
};
- deploy.nodes.clicks = {
- sudo = "doas -u";
- profiles = {
- system = {
- remoteBuild = true;
- user = "root";
- path = deploy-rs.lib.x86_64-linux.activate.nixos
- self.nixosConfigurations.clicks-without-mongodb;
- };
- } // (let
- mkServiceConfig = service: {
- remoteBuild = true;
- user = service;
+ nixosConfigurations.a1d1 = a1d1.config;
+ nixosConfigurations.a1d2 = a1d2.config;
- profilePath =
- "/nix/var/nix/profiles/per-user/${service}/home-manager";
- path = deploy-rs.lib.x86_64-linux.activate.home-manager
- (home-manager.lib.homeManagerConfiguration {
- inherit pkgs;
- modules = [
- {
- home.homeDirectory = "/services/${service}";
- home.username = service;
- home.stateVersion = "22.11";
- programs.home-manager.enable = true;
- }
- "${./services}/${service}"
- ];
- extraSpecialArgs = {
- inherit (inputs) nixpkgs-clicksforms;
- inherit system;
- };
- });
- };
- in nixpkgs.lib.pipe ./services [
- builtins.readDir
- (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
- builtins.attrNames
- (map (name: {
- inherit name;
- value = mkServiceConfig name;
- }))
- builtins.listToAttrs
- ]) // (let
- mkBlankConfig = username: {
- remoteBuild = true;
- user = username;
-
- profilePath =
- "/nix/var/nix/profiles/per-user/${username}/home-manager";
- path = deploy-rs.lib.x86_64-linux.activate.home-manager
- (home-manager.lib.homeManagerConfiguration {
- inherit pkgs;
- modules = [
- {
- home.username = username;
- home.stateVersion = "22.11";
- programs.home-manager.enable = true;
- }
- "${./homes}/${username}"
- ];
- });
- };
- in nixpkgs.lib.pipe ./homes [
- builtins.readDir
- (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
- builtins.attrNames
- (map (name: {
- inherit name;
- value = mkBlankConfig name;
- }))
- builtins.listToAttrs
- ]);
- hostname = "clicks";
- profilesOrder = [ "system" ];
- };
+ deploy.nodes.a1d1 = a1d1.deploy;
+ deploy.nodes.a1d2 = a1d2.deploy;
devShells.x86_64-linux.default =
pkgs.mkShell { packages = [ pkgs.deploy-rs ]; };
diff --git a/helpers b/helpers
index fde6300..75adae2 160000
--- a/helpers
+++ b/helpers
@@ -1 +1 @@
-Subproject commit fde6300909a486731d1cbe14589f65c8f6262d7e
+Subproject commit 75adae2fe0c9679868a8e7a942dd3ef21aa462da
diff --git a/modules/a1d1/default.nix b/modules/a1d1/default.nix
new file mode 100644
index 0000000..4a4cef2
--- /dev/null
+++ b/modules/a1d1/default.nix
@@ -0,0 +1,75 @@
+{ inputs, system, pkgs, drive_paths, ... }:
+let
+ inherit (inputs) self home-manager deploy-rs nixpkgs;
+ config = (self.nixosConfigurations.clicks.extendModules { modules = [ ./hardware-configuration.nix ]; });
+ deploy = {
+ sudo = "doas -u";
+ profiles = {
+ system = {
+ user = "root";
+ path = deploy-rs.lib.x86_64-linux.activate.nixos config;
+ };
+ } // (let
+ mkServiceConfig = service: {
+ user = service;
+
+ profilePath = "/nix/var/nix/profiles/per-user/${service}/home-manager";
+ path = deploy-rs.lib.x86_64-linux.activate.home-manager
+ (home-manager.lib.homeManagerConfiguration {
+ inherit pkgs;
+ modules = [
+ {
+ home.homeDirectory = "/services/${service}";
+ home.username = service;
+ home.stateVersion = "22.11";
+ programs.home-manager.enable = true;
+ }
+ "${../../services}/${service}"
+ ];
+ extraSpecialArgs = {
+ inherit (inputs) nixpkgs-clicksforms;
+ inherit system drive_paths;
+ };
+ });
+ };
+ in nixpkgs.lib.pipe ../../services [
+ builtins.readDir
+ (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+ builtins.attrNames
+ (map (name: {
+ inherit name;
+ value = mkServiceConfig name;
+ }))
+ builtins.listToAttrs
+ ]) // (let
+ mkBlankConfig = username: {
+ user = username;
+
+ profilePath = "/nix/var/nix/profiles/per-user/${username}/home-manager";
+ path = deploy-rs.lib.x86_64-linux.activate.home-manager
+ (home-manager.lib.homeManagerConfiguration {
+ inherit pkgs;
+ modules = [
+ {
+ home.username = username;
+ home.stateVersion = "22.11";
+ programs.home-manager.enable = true;
+ }
+ "${../../homes}/${username}"
+ ];
+ });
+ };
+ in nixpkgs.lib.pipe ../../homes [
+ builtins.readDir
+ (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+ builtins.attrNames
+ (map (name: {
+ inherit name;
+ value = mkBlankConfig name;
+ }))
+ builtins.listToAttrs
+ ]);
+ hostname = "a1d1";
+ profilesOrder = [ "system" ];
+ };
+in { inherit deploy config; }
diff --git a/default/hardware-configuration.nix b/modules/a1d1/hardware-configuration.nix
similarity index 100%
rename from default/hardware-configuration.nix
rename to modules/a1d1/hardware-configuration.nix
diff --git a/modules/a1d1/networking.nix b/modules/a1d1/networking.nix
new file mode 100644
index 0000000..6701cea
--- /dev/null
+++ b/modules/a1d1/networking.nix
@@ -0,0 +1 @@
+{ networking.hostName = "a1d1"; }
diff --git a/modules/a1d2/default.nix b/modules/a1d2/default.nix
new file mode 100644
index 0000000..946c02a
--- /dev/null
+++ b/modules/a1d2/default.nix
@@ -0,0 +1,75 @@
+{ inputs, system, pkgs, drive_paths, ... }:
+let
+ inherit (inputs) self home-manager deploy-rs nixpkgs;
+ config = (self.nixosConfigurations.clicks.extendModules { modules = [ ./hardware-configuration.nix ]; });
+ deploy = {
+ sudo = "doas -u";
+ profiles = {
+ system = {
+ user = "root";
+ path = deploy-rs.lib.x86_64-linux.activate.nixos config;
+ };
+ } // (let
+ mkServiceConfig = service: {
+ user = service;
+
+ profilePath = "/nix/var/nix/profiles/per-user/${service}/home-manager";
+ path = deploy-rs.lib.x86_64-linux.activate.home-manager
+ (home-manager.lib.homeManagerConfiguration {
+ inherit pkgs;
+ modules = [
+ {
+ home.homeDirectory = "/services/${service}";
+ home.username = service;
+ home.stateVersion = "22.11";
+ programs.home-manager.enable = true;
+ }
+ "${../../services}/${service}"
+ ];
+ extraSpecialArgs = {
+ inherit (inputs) nixpkgs-clicksforms;
+ inherit system drive_paths;
+ };
+ });
+ };
+ in nixpkgs.lib.pipe ../../services [
+ builtins.readDir
+ (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+ builtins.attrNames
+ (map (name: {
+ inherit name;
+ value = mkServiceConfig name;
+ }))
+ builtins.listToAttrs
+ ]) // (let
+ mkBlankConfig = username: {
+ user = username;
+
+ profilePath = "/nix/var/nix/profiles/per-user/${username}/home-manager";
+ path = deploy-rs.lib.x86_64-linux.activate.home-manager
+ (home-manager.lib.homeManagerConfiguration {
+ inherit pkgs;
+ modules = [
+ {
+ home.username = username;
+ home.stateVersion = "22.11";
+ programs.home-manager.enable = true;
+ }
+ "${../../homes}/${username}"
+ ];
+ });
+ };
+ in nixpkgs.lib.pipe ../../homes [
+ builtins.readDir
+ (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+ builtins.attrNames
+ (map (name: {
+ inherit name;
+ value = mkBlankConfig name;
+ }))
+ builtins.listToAttrs
+ ]);
+ hostname = "a1d2";
+ profilesOrder = [ "system" ];
+ };
+in { inherit deploy config; }
diff --git a/modules/a1d2/hardware-configuration.nix b/modules/a1d2/hardware-configuration.nix
new file mode 100644
index 0000000..e65488f
--- /dev/null
+++ b/modules/a1d2/hardware-configuration.nix
@@ -0,0 +1,42 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+ boot.initrd.availableKernelModules =
+ [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/0456a002-1692-4ed0-a233-d6cd76c8c2dd";
+ fsType = "btrfs";
+ };
+
+ boot.initrd.luks.devices."luks-ssd0".device =
+ "/dev/disk/by-uuid/a50b2c75-dd36-4d31-924f-d4b77b94efa9";
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/9416-209A";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [{ device = "/dev/disk/by-uuid/a1cb08ad-39b3-4a36-bf5a-fad7714a85c0"; }];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode =
+ lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/modules/a1d2/networking.nix b/modules/a1d2/networking.nix
new file mode 100644
index 0000000..e9ceaf5
--- /dev/null
+++ b/modules/a1d2/networking.nix
@@ -0,0 +1 @@
+{ networking.hostName = "a1d2"; }
diff --git a/modules/common/boot.nix b/modules/common/boot.nix
new file mode 100644
index 0000000..26ca4c2
--- /dev/null
+++ b/modules/common/boot.nix
@@ -0,0 +1 @@
+{ boot.loader.systemd-boot.enable = true; }
diff --git a/modules/cache.nix b/modules/common/cache.nix
similarity index 100%
rename from modules/cache.nix
rename to modules/common/cache.nix
diff --git a/modules/clamav.nix b/modules/common/clamav.nix
similarity index 100%
rename from modules/clamav.nix
rename to modules/common/clamav.nix
diff --git a/modules/cloudflare-ddns.nix b/modules/common/cloudflare-ddns.nix
similarity index 88%
rename from modules/cloudflare-ddns.nix
rename to modules/common/cloudflare-ddns.nix
index 35cbf13..a1ebb61 100644
--- a/modules/cloudflare-ddns.nix
+++ b/modules/common/cloudflare-ddns.nix
@@ -12,7 +12,7 @@
mode = "0600";
owner = config.users.users.root.name;
group = config.users.users.root.group;
- sopsFile = ../secrets/cloudflare-ddns.env.bin;
+ sopsFile = ../../secrets/cloudflare-ddns.env.bin;
format = "binary";
};
}
diff --git a/modules/dmarc.nix b/modules/common/dmarc.nix
similarity index 96%
rename from modules/dmarc.nix
rename to modules/common/dmarc.nix
index 69e3313..3266214 100644
--- a/modules/dmarc.nix
+++ b/modules/common/dmarc.nix
@@ -13,7 +13,7 @@
mode = "0400";
owner = config.users.users.parsedmarc.name;
group = config.users.users.parsedmarc.group;
- sopsFile = ../secrets/dmarc.json;
+ sopsFile = ../../secrets/dmarc.json;
format = "json";
};
}))
diff --git a/modules/dnsmasq.nix b/modules/common/dnsmasq.nix
similarity index 100%
rename from modules/dnsmasq.nix
rename to modules/common/dnsmasq.nix
diff --git a/modules/doas.nix b/modules/common/doas.nix
similarity index 100%
rename from modules/doas.nix
rename to modules/common/doas.nix
diff --git a/modules/docker.nix b/modules/common/docker.nix
similarity index 100%
rename from modules/docker.nix
rename to modules/common/docker.nix
diff --git a/modules/drivePaths.nix b/modules/common/drivePaths.nix
similarity index 68%
rename from modules/drivePaths.nix
rename to modules/common/drivePaths.nix
index 49df2ce..2f99b4d 100644
--- a/modules/drivePaths.nix
+++ b/modules/common/drivePaths.nix
@@ -1,4 +1,7 @@
-{ drive_paths, lib, ... }: {
+{ drive_paths, lib, ... }:
+if drive_paths == null
+then {}
+else {
fileSystems = lib.mapAttrs' (name: value: {
name = value.path;
value.device = "/dev/disk/by-uuid/${value.uuid}";
diff --git a/modules/ecryptfs.nix b/modules/common/ecryptfs.nix
similarity index 100%
rename from modules/ecryptfs.nix
rename to modules/common/ecryptfs.nix
diff --git a/modules/fail2ban.nix b/modules/common/fail2ban.nix
similarity index 100%
rename from modules/fail2ban.nix
rename to modules/common/fail2ban.nix
diff --git a/modules/gerrit.nix b/modules/common/gerrit.nix
similarity index 97%
rename from modules/gerrit.nix
rename to modules/common/gerrit.nix
index 0937773..d7a780e 100644
--- a/modules/gerrit.nix
+++ b/modules/common/gerrit.nix
@@ -127,14 +127,14 @@
mode = "0400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
- sopsFile = ../secrets/gerrit.json;
+ sopsFile = ../../secrets/gerrit.json;
format = "json";
};
gerrit_oauth_client_secret = {
mode = "0400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
- sopsFile = ../secrets/gerrit.json;
+ sopsFile = ../../secrets/gerrit.json;
format = "json";
};
};
diff --git a/modules/git.nix b/modules/common/git.nix
similarity index 100%
rename from modules/git.nix
rename to modules/common/git.nix
diff --git a/modules/grafana.nix b/modules/common/grafana.nix
similarity index 98%
rename from modules/grafana.nix
rename to modules/common/grafana.nix
index 948d29a..f6ca62a 100644
--- a/modules/grafana.nix
+++ b/modules/common/grafana.nix
@@ -53,7 +53,7 @@
mode = "0600";
owner = config.users.users.root.name;
group = config.users.users.root.group;
- sopsFile = ../secrets/grafana.json;
+ sopsFile = ../../secrets/grafana.json;
format = "json";
};
} (let isDerived = base != null;
diff --git a/modules/home-manager-users.nix b/modules/common/home-manager-users.nix
similarity index 81%
rename from modules/home-manager-users.nix
rename to modules/common/home-manager-users.nix
index 3ca8e1b..fe1c15d 100644
--- a/modules/home-manager-users.nix
+++ b/modules/common/home-manager-users.nix
@@ -10,12 +10,12 @@
home = "/services/${username}";
group = "clicks";
shell = pkgs.bashInteractive;
- } // (if builtins.pathExists "${../services}/${username}/system.nix" then
- import "${../services}/${username}/system.nix"
+ } // (if builtins.pathExists "${../../services}/${username}/system.nix" then
+ import "${../../services}/${username}/system.nix"
else
{ });
in {
- users.users = lib.pipe ../services [
+ users.users = lib.pipe ../../services [
builtins.readDir
(lib.filterAttrs (_name: value: value == "directory"))
builtins.attrNames
diff --git a/modules/keycloak.nix b/modules/common/keycloak.nix
similarity index 100%
rename from modules/keycloak.nix
rename to modules/common/keycloak.nix
diff --git a/modules/kitty.nix b/modules/common/kitty.nix
similarity index 100%
rename from modules/kitty.nix
rename to modules/common/kitty.nix
diff --git a/modules/loginctl-linger.nix b/modules/common/loginctl-linger.nix
similarity index 100%
rename from modules/loginctl-linger.nix
rename to modules/common/loginctl-linger.nix
diff --git a/modules/matrix.nix b/modules/common/matrix.nix
similarity index 96%
rename from modules/matrix.nix
rename to modules/common/matrix.nix
index 2618fde..c71ba37 100644
--- a/modules/matrix.nix
+++ b/modules/common/matrix.nix
@@ -116,21 +116,21 @@
# mode = "0440";
# owner = "turnserver";
# group = "matrix-synapse";
- # sopsFile = ../secrets/matrix.json;
+ # sopsFile = ../../secrets/matrix.json;
# format = "json";
#};
registration_shared_secret = {
mode = "0400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
- sopsFile = ../secrets/matrix.json;
+ sopsFile = ../../secrets/matrix.json;
format = "json";
};
matrix_private_key = {
mode = "0600";
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
- sopsFile = ../secrets/matrix_private_key.pem;
+ sopsFile = ../../secrets/matrix_private_key.pem;
format = "binary";
path = config.services.matrix-synapse.settings.signing_key_path;
};
@@ -138,7 +138,7 @@
mode = "0600";
owner = config.users.users.mjolnir.name;
group = config.users.users.mjolnir.group;
- sopsFile = ../secrets/matrix.json;
+ sopsFile = ../../secrets/matrix.json;
format = "json";
};
};
diff --git a/modules/mongodb.nix b/modules/common/mongodb.nix
similarity index 73%
rename from modules/mongodb.nix
rename to modules/common/mongodb.nix
index 81473a2..0c4ebc5 100644
--- a/modules/mongodb.nix
+++ b/modules/common/mongodb.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, ... }: {
+{ config, nixpkgs-mongodb, system, ... }: let
+ pkgs = import nixpkgs-mongodb {
+ config.allowUnfree = true;
+ inherit system;
+ };
+in {
environment.systemPackages = [ pkgs.mongosh pkgs.mongodb-tools ];
services.mongodb.enable = true;
services.mongodb.enableAuth = true;
diff --git a/modules/networking.nix b/modules/common/networking.nix
similarity index 72%
rename from modules/networking.nix
rename to modules/common/networking.nix
index 8e97045..e546db9 100644
--- a/modules/networking.nix
+++ b/modules/common/networking.nix
@@ -1,4 +1,7 @@
{
+ networking.firewall.allowedTCPPorts =
+ [ 80 443 25 465 587 110 995 143 993 29418 ];
+
networking.hosts = {
"127.0.0.1" = [ "standard" ];
"127.0.0.2" = [ "clicks" ];
diff --git a/modules/nextcloud.nix b/modules/common/nextcloud.nix
similarity index 98%
rename from modules/nextcloud.nix
rename to modules/common/nextcloud.nix
index d0bd88a..93e2828 100644
--- a/modules/nextcloud.nix
+++ b/modules/common/nextcloud.nix
@@ -101,7 +101,7 @@
mode = "0600";
owner = config.users.users.nextcloud.name;
group = config.users.users.nextcloud.group;
- sopsFile = ../secrets/nextcloud.json;
+ sopsFile = ../../secrets/nextcloud.json;
format = "json";
};
}
diff --git a/modules/nginx-routes.nix b/modules/common/nginx-routes.nix
similarity index 100%
rename from modules/nginx-routes.nix
rename to modules/common/nginx-routes.nix
diff --git a/modules/nginx.nix b/modules/common/nginx.nix
similarity index 98%
rename from modules/nginx.nix
rename to modules/common/nginx.nix
index 7515dcb..6bd95e3 100644
--- a/modules/nginx.nix
+++ b/modules/common/nginx.nix
@@ -183,7 +183,7 @@
mode = "0660";
owner = config.users.users.nginx.name;
group = config.users.users.acme.group;
- sopsFile = ../secrets/cloudflare-cert.env.bin;
+ sopsFile = ../../secrets/cloudflare-cert.env.bin;
format = "binary";
};
diff --git a/modules/nginx/coded.codes/.well-known/matrix b/modules/common/nginx/coded.codes/.well-known/matrix
similarity index 100%
rename from modules/nginx/coded.codes/.well-known/matrix
rename to modules/common/nginx/coded.codes/.well-known/matrix
diff --git a/modules/node.nix b/modules/common/node.nix
similarity index 100%
rename from modules/node.nix
rename to modules/common/node.nix
diff --git a/modules/postgres.nix b/modules/common/postgres.nix
similarity index 98%
rename from modules/postgres.nix
rename to modules/common/postgres.nix
index 05dc882..397a377 100644
--- a/modules/postgres.nix
+++ b/modules/common/postgres.nix
@@ -106,7 +106,7 @@
owner = config.services.postgresql.superUser;
group =
config.users.users.${config.services.postgresql.superUser}.group;
- sopsFile = ../secrets/postgres.json;
+ sopsFile = ../../secrets/postgres.json;
format = "json";
};
}))
diff --git a/modules/privatebin.nix b/modules/common/privatebin.nix
similarity index 93%
rename from modules/privatebin.nix
rename to modules/common/privatebin.nix
index 839f132..eece255 100644
--- a/modules/privatebin.nix
+++ b/modules/common/privatebin.nix
@@ -31,8 +31,7 @@
nginx.forceSSL = lib.mkForce true;
expire_options = {
- "5min" =
- 300; # looks bonkers, but I'm trying to keep the list ordered while also keeping the privatebin label formatter happy
+ "5min" = 300;
"10min" = 600;
"1hour" = 3600;
"1day" = 86400;
diff --git a/modules/scalpel.nix b/modules/common/scalpel.nix
similarity index 100%
rename from modules/scalpel.nix
rename to modules/common/scalpel.nix
diff --git a/modules/common/shell.nix b/modules/common/shell.nix
new file mode 100644
index 0000000..18889bd
--- /dev/null
+++ b/modules/common/shell.nix
@@ -0,0 +1,4 @@
+{ pkgs, ... }: {
+ programs.zsh.enable = true;
+ environment.systemPackages = with pkgs; [ vim wget ];
+}
diff --git a/modules/ssh.nix b/modules/common/ssh.nix
similarity index 100%
rename from modules/ssh.nix
rename to modules/common/ssh.nix
diff --git a/modules/static-ip.nix b/modules/common/static-ip.nix
similarity index 100%
rename from modules/static-ip.nix
rename to modules/common/static-ip.nix
diff --git a/modules/syncthing.nix b/modules/common/syncthing.nix
similarity index 100%
rename from modules/syncthing.nix
rename to modules/common/syncthing.nix
diff --git a/modules/tesseract.nix b/modules/common/tesseract.nix
similarity index 100%
rename from modules/tesseract.nix
rename to modules/common/tesseract.nix
diff --git a/modules/common/users.nix b/modules/common/users.nix
new file mode 100644
index 0000000..58dc7d3
--- /dev/null
+++ b/modules/common/users.nix
@@ -0,0 +1,48 @@
+{ pkgs, ... }: {
+ users.users.minion = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+
+ openssh.authorizedKeys.keys = [
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
+ ];
+ };
+ users.users.coded = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ shell = pkgs.zsh;
+
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZGErwcw5YUlJS9tAfIYOSqkiuDRZZRTJjMlrDaAiNwTjqUML/Lrcau/1KA6a0+sXCM8DhQ1e0qhh2Qxmh/kxZWO6XMVK2EB7ELPNojqFI16T8Bbhq2t7yVAqbPUhXLQ4xKGvWMCPWOCo/dY72P9yu7kkMV0kTW3nq25+8nvqIvvuQOlOUx1uyR7qEfO706O86wjVTIuwfZKyzMDIC909vyg0xS+SfFlD7MkBuGzevQnOAV3U6tyafg6XW4PaJuDLyGXwpKz6asY08F7gRL/7/GhlMB09nfFfT4sZggmqPdGAtxwsFuwHPjNSlktHz5nlHtpS0LjefR9mWiGIhw5Hw1z33lxP0rfmiEU9J7kFcXv9B8QAWFwWfNEZfeqB7h7DJruo+QRStGeDz4SwRG3GR+DB4iNJLt7n0ALkVFJpOpskeo8TV4+Fwok+hYs2GsvdEmh9Cj7dC/9CyRhJeam9iLIi/iVGZhXEE3tIiqEktZPjiK7JwQyr97zhGJ7Rj4oE= samue@SamuelDesktop"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH+TJRuMpDPgh6Wp2h+E+O/WoyEAVyWo6SN8oxm2JZNVAAAABHNzaDo= samue@SamuelDesktop"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILrwKN4dJQ0BiLmjsA/66QHhu06+JyokWtHkLcjhWU79AAAABHNzaDo= coded-sk-resident-1"
+ ];
+ };
+ users.users.pineafan = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ shell = pkgs.zsh;
+
+ openssh.authorizedKeys.keys = [
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFXa8ow7H8XpTrwYI+oSgLFfb6YNZanwv/QCKvEKiERSAAAABHNzaDo= pineapplefan@Pineapplefan"
+ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJNFMUYiEepGrIAbUM+Hlw/OuGWc8CNQsYlJ7519RVmeu+/vqEQbhchySTelibD19YqsZ7ICfYxAeQzOqHdXfs="
+ ];
+ };
+ users.users.nucleus = {
+ isSystemUser = true;
+ createHome = true;
+ home = "/services/nucleus";
+ group = "clicks";
+ shell = pkgs.bashInteractive;
+ };
+ users.users.websites = {
+ isSystemUser = true;
+ createHome = true;
+ home = "/services/websites";
+ group = "clicks";
+ shell = pkgs.bashInteractive;
+ };
+ users.groups.clicks = { };
+}
diff --git a/modules/vaultwarden.nix b/modules/common/vaultwarden.nix
similarity index 97%
rename from modules/vaultwarden.nix
rename to modules/common/vaultwarden.nix
index edca467..40047dd 100644
--- a/modules/vaultwarden.nix
+++ b/modules/common/vaultwarden.nix
@@ -1,5 +1,7 @@
{ base, pkgs, drive_paths, lib, config, ... }:
-lib.recursiveUpdate {
+if drive_paths == null
+then {}
+else lib.recursiveUpdate {
environment.systemPackages = with pkgs; [ vaultwarden ];
services.vaultwarden.enable = true;
@@ -17,7 +19,7 @@
mode = "0400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
- sopsFile = ../secrets/vaultwarden.json;
+ sopsFile = ../../secrets/vaultwarden.json;
format = "json";
};
}))
diff --git a/modules/samba.nix b/modules/samba.nix
deleted file mode 100644
index cd710c3..0000000
--- a/modules/samba.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ lib, config, pkgs, ... }: {
- services.samba = {
- enable = true;
- shares = {
- HDD = {
- path = "/services/kavita/Kavita/drive1";
- browseable = "yes";
- "guest ok" = "no";
- comment =
- "Jellyfin, torrents & tempfiles. Use for large amounts of data that don't necessarily need to be accessed at top speed";
- };
- SSD = {
- path = "/services/kavita/Kavita/drive2";
- browseable = "yes";
- "guest ok" = "no";
- comment = "Manga & LNs. Use for smaller, faster storage";
- };
- };
- };
-
- fileSystems = {
- "/services/kavita/Kavita/drive1".device =
- "/dev/disk/by-uuid/dda57e4d-81b7-4f52-b3ac-f14544b3aaf4";
- "/services/kavita/Kavita/drive2".device =
- "/dev/disk/by-uuid/24d30ffe-91ed-4e41-b40d-f42b02e144a9";
- };
-
- networking.firewall.allowedTCPPorts = [ 139 445 ];
-}
diff --git a/secrets/cloudflare-cert.env.bin b/secrets/cloudflare-cert.env.bin
index 2178003..b68aa36 100644
--- a/secrets/cloudflare-cert.env.bin
+++ b/secrets/cloudflare-cert.env.bin
@@ -8,15 +8,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXT2JQd3JFVjdvd0ptUk8v\nSGp4c3ZHVWQzR2VzSUI0TjFTV01vV1UyVmd3Clg5Z2FDTWRObGdlaWMxL2NuWnA1\nZXM4ajNOZDdJbDJpWGdBU3NqS3BVa2sKLS0tIHJFa0RzOFNKMFBvSFBGQjBzT0Vo\nOUFYd2tTSTBldGpic0wrVDdEMlR2bjgKM9/KNI2zpiH3HGajHYi1e2WUf9zLcJAa\nBswooM1RqbWjSFqGYSF7Lv6F2x7C+7jgya/+M1UoXiB3ZuC5CzSgTg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbk4wWkhGNmlScFV0R0dr\nWW0yNUgwMFFTdjhFSVQrNHg5RENoSHhqL3hvCkduK3l0MVRqd3V6RzNZbGVMVk5K\ndGFMUGZsNm5GTnB2dVpzYTBhYTB6TmMKLS0tIGo2WU9GZkU1K1pCVDN2bHpYOERz\nM2hheVRMMTNRQW5SZTh2UzNxWVhPc2sK49swljxM9jdelBI1eiME24OnJIDSiKkM\n59QIslf6Okmo2jWqT4lpoGNbxuqIUp9vuE1qCqdUT2wqs3biPBdFzA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cDJ1WTVPV2R1K2M5YTFJ\nMDZwcjQxN1pqOE5ONkZuTFJUM2lkVDc4d0h3Cmt3dngyRVNIdlJMTHJ2WklLM0o1\nRTMyMVBRZmlDN3FMVUZDOVlPUGlsdzAKLS0tIFMzTVhTaXNyT0kxalY3ajNHZEtW\nMnhyZXppZVhCUlhVRVlLb2tyVi9SR28K2atV+UZN39jsnoQoUKxDwCuV6tO8c1nH\nMVR/p2w+D3Q1lj2YrXjQInoYTLfEbmXHxpwTGonkHXo3fjuyFPlrlg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4a3B5eUt0dE13Ky84NDkw\nekRaRVQrREtCTEtMZlgvTjZqbXMzV1VOYlVVCjlES0hKT2NyZW5raXloMWQ3ODZw\nVjVwMFMzcGZqaFNjdURDRitKT1Fxb2MKLS0tIGNyVHliNEpRdEx5N3pCMjdHQmph\ndEl3enpqcjR2Njg1R3FnVWVwWHpOcXMKzZJHT+tM2FhOCHPy7lgT/EwGr4YQbcWH\nR5f7xqKiLj8SiVikFuEOHvLIlxBfPJSIFvO97GnvAoJ1AFXTE/ut7w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNlRjUWtYVDYwN3dFcE9B\nVFZxNmxHekZFOWNSb1dxZFJhQnVyYmNjSVFRCmcyT05nR2RtK3VZajRSbGN3NFRy\neDlUZmZLcXkxUmlXZzNoeFRndnFsc00KLS0tIGpEcGZvZ0VBWEVGemN2M3BSV3ha\nWUZIS1AzNEhNT2dKQUN6TjhzcEh4VDgKvEYNaxMaWkWmbaxK0gIe+VUyfW59IRfy\nsdVpld6fTSnZYrhWM33h9RQt4A+ZLkQQ0Kiq4+AmWu+r6BIbP7cFEw==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VFRDazZBemFhUGs2WTI1\nTzFSdm8xMWoyZlFxYkF5WTVqM3VyMGQrVVc0CjBRbHJlOVVlb295eFJUWEptemFW\nMGM4WDAwb2tpOC8wcC9XbDl4S3BDMmMKLS0tIFNVWXVTMkh4OEs0a1YrR1RZVk9T\nQm9rdStWc0V1UzhZWVpDaUU5aVYxUGsKZD7MnyGLGuPhNxJVahmweRZ8gcup8Ru/\nlPzNpWu/aUMV1FPMRRfGY5M8DE1dlmoVRGuNsQCZjLfaOz/JcUyVvA==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WTh4cjVCRFZUcVBtMHlG\nWFJuTGV4TEJ1YUt1WWhCTHJsS0JHNjVScW1JCmxTOGdrbmdJUGdLbDl6NW1MSzFS\nenhkQlhYQ3NmZVo5TFdkblk3ZWFRYWsKLS0tIE1CeXhRSG9nUk4zL01BRmNpbG9Q\nckVYbEhEOWhaVXRCT2dWSW1UZ2VRR1kKX/H4pwKZAnv4RFhPEYAEuHwdlUv4jOka\nkAN7bZkQt4/mlTZmCAM/ppnD6Mn5xYjg3Wbj97iCefYC4yMr8VoAeQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-10-21T00:40:17Z",
diff --git a/secrets/cloudflare-ddns.env.bin b/secrets/cloudflare-ddns.env.bin
index bf60c21..3e636bf 100644
--- a/secrets/cloudflare-ddns.env.bin
+++ b/secrets/cloudflare-ddns.env.bin
@@ -8,15 +8,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpL3E1Wmg3azVQa2lkeHZ3\nRzdROUpuc2FHd3kwVnBucFppYndUNGhBVGgwCjFlNXA4b3g1M0huSW9IRldzWklm\nZGpWQVhxYmZMd1FOMnhuR1prNk9mK2sKLS0tIDRUb1QzQzZGaEdVdDMwMExQckhT\nZFBhRWFaSzhOcE5ldlVCUitHbndNTDgK5S9Man2K208LE35zX3jaaepWSGttIdp/\neWP7tTfDDbw6bl43u6IjlQ8hqgvfSYTNnl5WHjijdU74HjeKzyyi9g==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdFM5MEJaend1R0pObWcx\nWnJPT2J3Q2pWNFdXSTRzNkJqVzNzQ1VzM1NzCiszSVE2NFg1S3lOcWcwcU9LekRL\nZ1RVWFNwbE1TckttTTB1L3lPcDBHWDQKLS0tIFpZOTJTRitia0tKRndaVlJURmRS\nY3dWQWJHNlVyYnNwMklYME5ZdzR1ZmcKsVGhwmj+Gs/kenGf6KqMb3m2nEioS9us\nGHXN+XKj2zo+GYlhOQCdAfKC9vrkFX/9lH1AW6Iy2yQ3uWtAa1cF3A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIY1pibVA5eEhRdnpJL3dH\nUTZEYStiYXhMb1FQN2RkQitYcTUwSzkxVG4wCjRoeFJ2dnEyeDRZb1RwT1VEajBy\nbzRIZ25JWlhvUTFoTksyWHg0OXhmeWcKLS0tIDFoYVltNnVqNFl1TXpCM0I3a2xC\nRmY4dzI4RW44bFRaQmZqbnhxN0dqMGsK9Dt9LqO4M2YWmBfRwB1jowN18BlKMs7k\n0YStD3vflu7BAdwUyt6S+ZdKjuynfcBpC86D/q17IURCo3fTEmpcxw==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSjB5Ky9GTWJ6YjhEM25C\nTUdHaS9EQ2ticTBxSkpEVGRzTVRWV0JGYWxJCkNqMlUrb0hhWCtSUmFuZFZwVjFB\nSnh0WUhpUERUNkU5U1BNZmRuUjZUaTgKLS0tIGJPdkcwZVdicXM0SXhmazh6RE5S\nSkRpbXBPbjZjSHBxWFcvbnYrcERveHcK8lZetCyuzFUKF7/qeMlxFGYIjITjuwnK\nbvkNrC+Ft+Zu0zUCpY5ewH1TL86CYzoN88aEidaxlyLWHKcUy2njpg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSXU1TURlMVRVS0paMlZo\nbTJiWllRT0c1V1BzOTBCQ0JubzFtc2NFb1NBCkN5Qy8rS3hoNzQvbmNPQjdWd2NI\nYUZvdXdYYkVqLzlMbHFIR0xGNjhncVEKLS0tIGV4Q2pKZzRLWngyRVNBN2dZbmxi\nc1kyVG1sd1hrdUYxZkFWMTNVQ01vZU0K9GemfZkMEfz6Sa+FmAX8Dl8LsDKpNsJL\n/sD4ZHu/EwVIxqsi1Roctx6lSOd4ZQNs1o7dSjSEzzwBH5pSUMMVow==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU0s5cHhpbHVKVUpvSkpu\nWXg5MGx3NHhQdEJ6anUxbXNESnUrZkh3dEM4CkFHNnNDT3FkY2JhM0I4YktPbFlj\naWdHc2VxdDNlRmV3d0ZPeEpndlM4WVUKLS0tIDkzRTVWS1NManFpSXZvVXJOTUFm\nS0RRd2I4WDhJTXo4N05mRWpFT0h2cFkKyRrYL8ht1AToGd1YrxaAuLVsidvs43Hv\nMLdTuyVigFdShiamV3loF3YOCrEQlmSb9M++CfCzfw/LuDGShWlUPw==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVWpsZU1JRXA5Z21tYmRS\nTW1Xd2V4cGkxMytQZ0wxNGFPeVB1ekkxRW5jCjFIdUF0aWZPN0MxRHJ5bUdkRTBG\nalBOME9yZ1dFQ2FmOXZFcTNRbkhhbGcKLS0tIHZ5TmZtN0M0aUpEbERiMEtrcisw\nSTBuTWt3dzFCMUFaNk9BVXNIM3ArSDgK0VO+DAqhNyVnoOGKhIAhXvLeVPxpYZNM\nyUPxZ+hZ2fOW4H0riSYL59UkH+uLvqGmgxiShQD6M75Baf+gEv5nEg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-10-21T00:39:36Z",
diff --git a/secrets/dmarc.json b/secrets/dmarc.json
index 9108107..3bbbe6c 100644
--- a/secrets/dmarc.json
+++ b/secrets/dmarc.json
@@ -9,15 +9,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN1RsSVN2d2V6TW0zQzNr\nY2VMUVlyMXc4UGEwR1JrVks3aWFvR0oxckNRCmg4aEVSdnlTR3ljQmlmTzd1d1k5\nNDZiTUFveEN5eVVsTXJEaE4xZmlxVm8KLS0tIFFyWEFLeC93cjBibWxjUmtEeVpF\ndlBKWmw3S3gvUlVnVHdVamEydHFUYjAKI1LIzSdTBniqMq8aVBdwmzsHGC978VCw\nQwqI3SWDRHuuHnMXba2KLBbOYBrYJU4bUtbBP0STdc2Bj991hrRPow==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByaDI3SUc4bjFaUDBXaml4\nOVpGQVg5aE1GZXYyeU1KbWpSMjdPb1ZIOEVVClQrQ2p2c1FtcnR0Z05jR0xSYjFh\nbWZBRWVkeTFRRmhmaDhxbHcvdUg2Y3cKLS0tIDZkbTJOZU5ObWd3T3lrc0dSV0U4\nZGkvWHhiNmo5UEZGRkFDd21EUGRaMjgKxKVYiSDorIuLKS6S5QaiGMYSl/OUxkL8\nrxWyPXDaiF19IlKCPaC4TGAJcZD3IFC6YYG1ELEWNrapk20/EYI2Fg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTEd0cno2VXJYUWxZYk0z\nRU1xTUd2VVlOUnBrZkI2YTRqQjNkRWpCOWxBCmw3RDFCd2VWK1R3OUNibHlBM3d3\nc1BSNk82Y1ZXUnRCYS9rd2h4K2hGZFUKLS0tIHRtLzJ0aUFEd243alU1T2YvR2cw\nWmhPd2lySUFRdnArVXJsdUtzNnJmYjQKJJcjV9kPeTRFCKK3Z5Kj0QXJz0/8ShKV\n0wy7PFAE+Peuj0uoCtrY9HGUq3SHtCQI8QH1DcMbUVlDw/y/eLIMow==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6a29jd2pySzVKa2VqZm5w\nankrQkZPcHBsU1V5RkhOWG1IaTFFcmFXUkZrCnhveUw2ZDBUTENFODJRdTZqQXFp\nS1k4T1p0VldPd0dwby9aNUJxNGFvWTgKLS0tIFVERXNNZXd6aVpWN3ZiUWI3Ti9O\neDNMb1ljMFI4NFhOUnBVU0U2MW5GQzgKEUAtcSgdyaho4tNK9+KJVor6TGh1q93T\nA/mQfZsoAMGpRleijQLCME0FXFQMOQHzDapP6FTgkKAxhDt9OXVdbA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WmdmWm5vdjkwZys5RzF1\nTXdLd2pmMWxadCtVdm1XS1M2ektNYTVKZFZvCkM4MmE4MnFWaGRVZVMxM2VVUkJS\nREVFbnR4eVBOY3plYzJiQXZsbDEyVlEKLS0tIC9TSDdjWmc0VUhOWTZtRUtaeFd1\ncmQwYUdqY1ZQdlQ1dGNCeGl2S09VRVkKh3qYAebROd/ItSSHSLLbfdasiEK2CZUg\nuIEUalZnL3Uuf5AitGOkytTJE3E/0skfCCyI08qvMkW9TYs9iurPJA==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyOVhwL09BOVNLYmxuWndG\nU0NTTU5jd3NXT25SZ3FzTEdMbkxua04xZ2lVClNGNEhqYVphYlMwWGYway9kT084\nVUxRVlJoTU9sRVZtS3lqdDByTDlIalUKLS0tIHFRenViRzZzbXlmYnJ0MzFnWVVk\nK2EzdzNMdldST3ZOWkE3dk1uS3BsQm8KES7OBtRTYA3tgzlXIb+/1jL3fwB3fcKP\nSdJkKS1ZLbcLhBg1g0+0jOcdICOrZjq3kcITRhUiXPczhedw4fTW9g==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaY1l6QXhkY0x3M21WalJh\nZ1pQNm5NR25WbDROeXJVTlpMWkdjS2t0MjJjCjNqSEo3MmwvZ3VWNWJrZjFaTmdQ\ndFlObnJtTlh6YTF6OHB3VkpEVmZId0kKLS0tIHJwV1VoYnRDMlJBTmh6SVYxVWhN\nSnhiNEU4cVNDTGwzQWp3SUY0RVQwdUkKV7JTj9C2lLpK31ie9eTzxT67mRN8BVFV\nYqPmIeuNN37DnReOEWZDoV80lXqrpvLYdwjCmaL4M/KDB5RwI057MQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-12T00:43:43Z",
diff --git a/secrets/gerrit.json b/secrets/gerrit.json
index 5af3821..89d0bd3 100644
--- a/secrets/gerrit.json
+++ b/secrets/gerrit.json
@@ -9,15 +9,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWW9DWWgwL1lPYXpQUUts\ndUsrVlprT1p0NEZwdjdtRVRUeDVlWjJ4Y1RRCm91MXJEUjJuQ3RSS3NUa0JlZnRl\nYVVwQ0I1NytYU1JhTXBBek1zSVRhbHcKLS0tIHZrTGx3MWNxWmVxN1gvcDNCOWN2\naEhxS04rTXZNK3VkT2ovaVVhQ0Z4VzQKOc8Jptj+QHcSAoI1oVZzytbMEm8rmRRx\nr/TxROAYfD2iN+ppFNctXNIw0DrESW3fOaK3kzLr40F9TacHBEIRig==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWDJQZU15VjZVVU93amtN\nRnUvM3M2bVoyKytzbWxxNWlEZWFBdzZjSng4CitjRHVnUXI4T2g2SDkxb3hYYkhV\nb1RkUjQ5eHJsLzhmM3h6Njl3Q0lSdG8KLS0tIGJBQjhEaVFTNVc5a3VEd3F3OWVz\nUE03ZXE2UnhhVDBFOXlLbGtmNURXTFUKqi9u+BSSauxglBhnArVtz5b8cT2zCU0w\nFYwhvE2JpPIriyoyvYzCsS2UxuHfzH3w9xZ03e4I5YZhy7EpONxhCQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMGk2b0Myb3BDN3ZZeHNC\ncXprZG5vbjlnc3lmZ0FORzM4bkpZS2tnUWx3ClcvcmFHaDlJaE83V0ZIM0R2OTJ6\nbllUbjNESS9KQlMyaFZWQk1KY0VCeW8KLS0tIFF4bm5GenlNNUpYbytQaG1ndUxD\na1pnbzIvL1BLYWdieWk1Y2RnSlpPWWsKOXs73Z3Qg1D0yic2w57zZUdcYyLPfwCM\nbBSOEEYl3XgHfCNUBP9MjjekcgWZ6/aOfr+vs8ywt8/qPFvdc3bNEw==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdUR4T21VcG1ZdW5EOUJh\nSFlJM01MOTJWZEVaVkVNT1VQZktubWE4K0ZZCis5cndOOEltb1BEMDRTdFdFckk1\nUU9qY0k1eWtQVGRLbURpUnZFbm1QUE0KLS0tIHhJN0pEenRDcXF6L0xHdEFuQmsz\nS3hCTk0ybDh4SVd0ZXY1WVF2RWF4Um8KgX3uN41DjoRioV/2Qe+UagUHIyR4VOyc\ntnxWfYb+u7MqwYPXr/shtC99W0oUEwkiGD2jg21WHdXRVlfcppqs1g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMHUxMXVkMTJKaXMrYkFO\nS0hSSFptRFFHUDMxaTNwdldXVkhaT1FiVXdvCkt2YmtlbzBxaFNERnN1MkVRd3k0\nTzVObEpSM3JwcHpaWHdBZkNFb1ZMN2MKLS0tIGpleWI4ZDdOUXVXUnhLNUtianRF\nNXdIZjVXZ1BOdm9nNjRNTHJXRUJGWDAK0LFyd/uQWlExs0xnh/9EQimY9GX+BrFa\nHqQw9MEf2sXquLN+JOUQJFB3apIHP1V330j3dAGHuK4CVtfAd7UwNQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MEdXclMwNkMxRnRkbkt2\nNHNRN3dmdmtwc3dJQ0hiSkVhL0VkdHg2a2lZCnh5ZTJUQmIxajdUbkVGWXJScXl5\nOWJQR2JSWHFBWFBTTVEwZHYwRDdZR28KLS0tIGh2UG5oRVo1bGczOWwyejc4cVVx\nRFFZeGNmb0l2dHl0WmlPZ0U4YmxGUkEKW/YyOvMi0huL+ntC0X+iFIUboRl0Y6aC\nU33YUqp9lCjrf6XUnOhTVXgj6Ir5JjdynH9vxK+dndpcjenZgDcvxg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdjdGNUZ2YjVCakhQb1hz\nMURtNW8wL0xuVkk5OXJGbTdBT1pXSmplNEhrCkRSL0QwdDFjeTlFVnl5QnZHQk9k\nNk05dkQ1QzB2WlZpanZYZGp3am1RSkkKLS0tIE1ZV2VsNGdMdkN6cElPaDcxSDM3\nT0NzQlRkVzMxaVh3K2N1MnlxOExURlkK6RAhERFQEqVXER64xhtl1TEp3Ub4q9Co\nGlslk76IH2eqXdCfdHMEfeNZ8w7Ke6YMyBLGhttn76cpsUcM1OFD/A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-10-08T20:27:38Z",
diff --git a/secrets/grafana.json b/secrets/grafana.json
index 933ae48..32ee151 100644
--- a/secrets/grafana.json
+++ b/secrets/grafana.json
@@ -8,15 +8,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVnJHeG94bDM1QjBnUEhB\nMXlRK01jUjk5VVFrWTZUbW5tcnRuRkJnNG5jCldwYmJYV0N0NnZjVGloTTVMQVB0\nVVljbVExb3FHc2pSMEYyRWlZM05kY0EKLS0tIG1aN0FKUmxEWHVqb09YOEpOSmY3\ncFJCT2hUbEEwRXRyN0ZYTXlXWElZdWcKXuHhvbzqqFCqaLxPt+ASnTh4zyrPjXvW\n6XZMazM9tfJHzpaYz4BgpYiqK1uGy1IkLjmVMS6DC8LfS3jfZ8Jb7g==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMUFVUHROVE5MU25Eb2xD\nSlFsdmp4TUJhNmxGNFJuQUZXMHo1d1Vqd0drCmZHa2syVTBhYXN0dTlrSkR5Skk2\nUEIzNTd6cGlJU0k0QVdsWlFIRklwUDAKLS0tIE9wNW40c1BHRUwwbklXM0NhTnp3\naGJRYXd2Y3lsQmlIZkpMRzBQZkg4U00KtV9ZTAd64dWQu95vnAbsCiulXjEIYO7h\naEJKHptYapZ+N4qVI8/rFIGj1weX/fvHDm5dt31S/pcrJdFxoixtvg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVJkY1RITFJwQ2pzak1Q\nTG55RkFHUUt0dU9rV2FGUDJ3L3dpYXZhUnpBClpGRC9EMU5KZXNFZWhDY3I5dHN5\nQS9VeXJuS0QyYkhWU1RjNXNyMlVBS1UKLS0tIHd3Y1E0cERITnNRMkl2enB3Sm01\nOWlsMVhpUDh1R3VSMkd1cERZNkMreUEKcKeK2HQHsg06y7m44qGb39sILITZnp/8\nl39sUK2PtWB++GO4I8Cae+D6OVr1vMfseSQ5e87lXC3sH51mh32g1Q==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Q3d6TnFYZ3YwbDl6Vm5t\naWF4UWVnZDBvamZadjdWSUFkMGpGMmVEV2p3Cm1YT0FCSTB6S2kxRGROZ01aRE5P\nZUpXSENHMGxzVThmT3FlRFBQcW54TmMKLS0tIDU2Mm5aeXBTU0duV0lYcDV2aGZM\naFRUZiswMW9FR1BkRHlJdlpSZW11N1EKL7WAdX5SuP41oLAXxVvzYuJBP+PN3zny\nxomyO2igV6YL7avBVBRjyrdnXUEXvevd75Dj29/atUDmS1y1D3wm2A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3anNtamtGRE1JSVM1TUY0\nVmZQSzhLK2w1M0lSckMyOG5uT0VmT1JyU2t3ClNtOWd5WitrSzI1ZzBjZktOOFUv\nTUp3NzhMT0JqUitRL3JETk90cExiMFUKLS0tIG9WdzRPWkpjcjVxN1NhcXorSG1j\nQkxaREp5S1I0K0t5NlhWL0xkK044OG8KE39CwjXPR+ydht9TaABKcihxR3d2XDX0\nxNfHWWasdoIcKG2NCAlhVBHmUoFU4OHaO0/NKRbt1RYxCOslYi05UA==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMTRwaENVVHVoZ0VocnIx\nU1hPZTgvNXBzeExEZ2F0WnFZalhXYXRYQm5JCklvNGpxRkJUTnk5UmZFb3R6bkxm\nSi85WFU3UFg5T0JMZVZBMVdCY0pnSVUKLS0tIHlaWTBCdWNlZzJ6QU14YWxNQ0FO\naVJkZ0VYM2pITVNXNG9GUjJ5N2k3T2sKaBYDCDIjt2lerxFYZ7uu2t9o+yzbAUTh\n6Vn4tuHibryPx9DyyoR/OConiZiMAcYR0+IEgyQi4CVQS5lVbA21wA==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUFEvU3pjRmRidlMyaDg4\nblUxbEtsZ2xHZWtRQW9STGFkOTJraTJ0ODAwCmozclJFNk94Y3JTYkk4MjR0N3Bv\nU1hubUgvRDBYUFJNakJLbWo2RW00dnMKLS0tIENFcXViT2JYN0ZBL1lqSnNBbDNW\nMGlHdGw5ZU44Rmt5a3ppakJLSGVCL0kK007I1OokUmC49ch8jYCOtAQ0/0E4ATrR\ne4dGe9t3mbclp1l8PtbMGJ+O3N9TRwqS810ltTUEvo/Xl7cUcS6RWw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-10-11T21:44:46Z",
diff --git a/secrets/matrix.json b/secrets/matrix.json
index 11bc8bf..ab61457 100644
--- a/secrets/matrix.json
+++ b/secrets/matrix.json
@@ -10,15 +10,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y1RhZTBSOUt0NDVkdld2\nSWxhTUJwSGc3RytuOVJ6aE5yemJFb3dyMVhJCnBLK3J0cWxvSGRyTFJHVkthZ2Fm\nRzZjR3E2M0hMQ2dDN2p3MnBOV3U2WUkKLS0tIGduaUNHQzJGQmxXVWMyemo4amtO\nV01leVVuQkI2TmQxdHkvWGtjaVBsZ0kKiwGQlGQmhmwC6wSgPpNb3AB4Ls093pSJ\nL4H4qu6kcK4NYpBouBy1R0ahFdq6Mcq+FmNjvA7DftWhqF+AsXI7Pg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TXp3blp5NWxqSzB3dCtt\nZXFaVGZhN0xiUnEyM3ZBSFQwZFRBaFBRQ2dNCmpBajJIdWpCYmh5V3lhY2ZyK2wx\nd0NIY1FDQi9sNlNqSnNTbDhXNTczZ28KLS0tIFp0S1FQNyt1azlHaVEwbDVub09r\nb25YSUZPMDU5Z3Nyd2JwT1ZLZ1VwV1kK2yilK5Tz+xDKXK/claKaCcxfsqNKEFq1\ncSntAEa4rfZvBd4xnJEGvoSoIqrKqWhUGKXS3asVZlN/WseehqTu9A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb3hRWU1YcjByNFdKajgx\nUk8xZFRnK09hMVpybXd6elhMTEg0dHF2SmlNCm9FS0lEZG5ZeVFNckZuZ3JSMzRZ\nMUw1aGI4Rk5EVnVWemJKYXZXL0dYOTAKLS0tIE1SN1RpVXN0WTVUWFBZS0h1RURw\nQXhPQ2gyaDhheDhBT1ZOd3VjNFBEb1UKjOgdV1HDe4wjQrpJcMRt9MJIEM0PszWH\nudgoTHyAXlHjW9/Mr/d/mrQbGW1pRXvhd1hpx6aw+fcDzxKmhJPrGw==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VkFlNHg1Mjc2U1BDRnVQ\nTEQwa3BUYUVtWHQzYXRmNXNMUlErRjBXZ1ZBCmV6S2FkMTJDbnpjVWJJSG91OERj\nKzI3NDlKZGdUUncydmgrbVZZWURjVHMKLS0tIHMxNmtTMjZwT0hMajAxN0szcjBR\nandla091NGgxQXFUeEJWK29hV1ZIOGsKyIUT5ERIm45bJOuuflbS6PSwQPZqyMwH\n0M/hQLJp+SmD39F+of3GiZAEpbZkLqqCmByeLIN9KpKVQlPrYHLQfQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRV2VZbzJuUXQwRmVRZTdK\nR3V3VXdEODFlRCsvengwMDJHWlh3VFFObEdFClJvNm5NVEZ6dnVpWHVHRnRVWXVG\nSk1jRkdjSUxxZmY5b3l6NForQVNBWHMKLS0tIFhIdVpleG1sS25RaWxHZlFTSDk4\nbk9iaGdWVkUxN0dTWkx0VEJaWHJZQzQKhPDYlcEqCOwrxuSEaXMxGFajxwTP5dS0\nV6AhyPwAO2rW0NX6frtDrs1un1el5QKEvm9Bcnli/PNzUbXDbtkjSg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQ2VOQzNEVnQzbXQvVWty\nelpqZEN5Y0QrMlF2aGw0WmpIbWF5bVh4bnhrCmVudEFQUy9CU29wMnZndzU4YTlv\nL1Rramw1OTdaMFBIbGxrbUoySTZNRlEKLS0tIEFwOHZHOCtMR3h5WHYzRW5OOTI2\nN2p2TXZsaGwxS1piZlptb3F6ZitFWkEK/vv5YDd1f6BZPoSl40nGeGHk3xz1y9xL\nr5JCzzisFQbgBewcx73lbLdc7rR5UVIxe7gOTFX1fYNmSiSEXt+i+A==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmeDNSbnI3NGtRSkZoVW1i\nbUNHNmpYNUVsN1VuREN4bUdrNlZqTWJWaHhrClh0RnZoL0NUTW1jemwwWWtYZ1lR\nOHAyNDRHMWR2TTRoRUtsaTJ0VHFWdWsKLS0tIE5xWkwxbkdIMkRFdU1taURacTVk\nS0ovL1pjb29zWE00Q2Y4ZC9RVW1wenMK+Ni83kRl9tS1SjeTFT0SnF7aW8n+KPV7\nAMZxHXKlXAIq5+AOkq5AdWFaIvChfmw+KTI7WLx1lht4rOx1gNJWvA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-06-22T19:57:03Z",
diff --git a/secrets/matrix_private_key.pem b/secrets/matrix_private_key.pem
index 9c1fbb6..103c802 100644
--- a/secrets/matrix_private_key.pem
+++ b/secrets/matrix_private_key.pem
@@ -8,15 +8,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVnh6aFhoeUVmVHM5V0Nn\nQnlPWVU1UzdhdjErODJmSVZQRE9zUHQzWUdNCkZxSEFoZFhjem5BdEtjTUE0Ym4r\ndE0welcrVGN6WndpekJ0YVhZaHpaOTgKLS0tIHpBT09RZWJGZEtzL1JVSWFad1h1\nUnVBNzJielltRUhSdmpJSVhuTk5ZZUEKrDP6qA8Tjvezl0S+PqHzeIKY1LhInrGI\n/8E/rAgDSnA5R9N0W2kU8zu5isTDY/d0Z/pZtHtsZ+y1lVbC/R3ePg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y1R6MlBCUUJXNEJQRnZW\nTEoxUmJ6S0RjNmh6Zmc1YmNGWmxVMkpDK0NnCkRzRmsxVjBubTdIZUZ5aXduVmNK\nbVExU081TDFHUFdZcDBRMHQ2b2ZRTVkKLS0tIHNwS2thUFJXMWRTRU1yYUZoQkdo\nSWEvdk5JT2FtdmRXaG5ibWtVc3B0MjAK38rnVFhiVZzfTZ8MS12AGB8bEA/XTsCA\nxW/IeKCkkRzJ2YHWVA3ddO1DvycKuaglah6yeAYsW+1GzV2baVMdhQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R2Q0NVZjdmhFOTNLZGUx\nMXdEVmJnb0RCZGtpNUJaSEU1OGxxeG9ZZ2djCjU2ekhkWHloa2xzMWZJZGxnci8v\nZVdWaHMyU3oyN285Yzc2QmxndVRqMzQKLS0tIGU2alJ6aitMY05DajFhTzhZeWhw\ncERYZ1lkZG4wSFM1NlprNkNoWnQwelkKPhuZzm2oltQ2Tj7et9BQwQWgJSHJVzaG\nI5kN9Jcw5t9Rypi9UWEQJVlWHAcK5x7uw/9mt/YY5iBQu49h+orinw==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRHhha3o5ZU0xUDMzUC9V\nSDFWclNwM2c1UTdldVVRTU1qbi9VLzQyVWpvCm5nY2x3TkJSVkppUXE1Ujh5K05O\nWWYyUDFZemRQeUhRRUhxbFZQZ1g2ZHMKLS0tIFBnQlk3ZjJxb3JtZTJSZnVocjl1\nbUkwTTdQSzFtcGlGMTlSQy9xbGg0WDAKg7TJjgN6YLETNhMWGKKwK5GyXT6ky8Xf\nBOKODQ2kJQ3CHP2a2A0YjgZg/71dcATOiBvptHNJre4PJ2+NCaV41w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OWhPMkZZb2hIcnlYY0Nm\nZ3ZPSTZwZkVkdThRektYbE9MVVJDUUtDZGlJClIycnNzOG1IMitMMFhXN3dmWFRG\ncy9Ld0VCTFZON3RjT2tEUms2ZlUzaGsKLS0tIHFiYy8wUU05NEVyTk91aHc5MVp4\nU1JvZTJ4L2V2dkxYdWlXMVp6TjlUSEkKveW9GxrGhFrL1EEcngsS2/0qvY1d6K5b\nmajAs6GMOD9ADfwA52JxSPaPEIpvvQTvOzp9LCDZvyU4kN4xoybU9Q==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTGRLVjYzS2lhNGhEWlJO\ndk0vZ2plMGkwd0JsampleW9EaHVZT0YvOVE4CnBjVHRBQ0JnZXc4SnpleFZTcHd2\ncklEVllXTWhTK3JzVEpQMXhQSFFNVVUKLS0tIDJQcnRPd2NXdzFUVGZ2MVJHWXZB\nWXVtemlJbFBuSTRNMXpTZEc2RXVSMFUKwDB/MNnw8jCxY2hdHARjMDGn0D8cHCsW\n8xU2cQ11fc0nZ8EkC7m66cl6cM/myiV1SgBzADHfbCRGC2rFuHWe0A==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcjRpWnN2NnlTdmR5U2Yx\ncVc4Qi9JV1d4TDl0b1dtL2pmZ0FiQ1ZEdlJrClhUbXMzd09aQnh6QjF6UEJNdEt6\nNlBzSFkxbzJhTXRWa0ZWN1c1dmpiNWMKLS0tIHRZOWZydURKWCtVaEhhTytqeXgv\nVmwyWWdpMlF0WlJKQWVVd2hvQ3ZUcEkKwMdsOFxff9qhW8fC/vY32lQE1FndRLpN\neYX+CNuFMDlEtU0l2GtDgxiH0ZyaXMsq5A92TCC8E7EOeZTwStkQuw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-20T17:59:44Z",
diff --git a/secrets/nextcloud.json b/secrets/nextcloud.json
index e31d61d..2f1120d 100644
--- a/secrets/nextcloud.json
+++ b/secrets/nextcloud.json
@@ -8,15 +8,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4T2dxSmN3YkxzZGthaHpR\ndVN6NWtPcGFmMlBwcjJKWG94Yjk2eTR2VHhvCmc5YXJlSUdxOFJVdm0yVmlsSDc4\ndjlXL3h0eHFhUml5bEYyT003cnFVTWMKLS0tIEE4dzllVzlsWjhFbFBhWElrZEJP\nazBneU0rYTFlTCtiZW9RU09hZnZua3MKl4ubpy7xRx4BCQ6A1SawLKMNID9Xd3N2\nhctRsfaMISWwFnw8yOO14zT02bxXXy1NS8vpQSQyuybv++FoUAklxQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcnJrS05CWVcvTUxVVEs4\nK3c0SG5md1ZOSStYWWc3N2xLVWRqUXZVTVRBCldKUjV3SlI4ZWRwVEY2LzEyWUJl\naXFMcWRwcE1mMytkRy95TDF2S2ZjancKLS0tIExoNXNiL04yaWtTeGVSb3pCd0Nx\nZjBsRk5EMTBLK1VkV3RPejZMREFQVHcK/0AWZoJoEiiWBG/FEMi9yXrQEI/6hGiW\nlmDdeMuzza0hBdaZ2DFizVn/yXITa3EMuJRksc3/4dOdT7UiFY3nbA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScytCcHJXM2dzTlA1bW4w\nLzhvOXNxSkpVeTJHN2JERWgyNEw0US9ibVQ0CjB4d09mclFhVkxJYmVjZk56REY3\nY1lpNnJvakFqamhwM3lKeiszSkV1YUUKLS0tIGM1SnlCWGFpL1BjMk01Tllmb3BI\ncUc5Y0xWbnJvZVFpZlBjT3BzZnFvN28KBB/erTTzn44j1dLHqXOg9KmH7srvoDIW\n105QKYsU40h2qtROVscxB5vcpPjxgcacsHFi89wRhUqy1n45nAkNhg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaEc3Ly9ub2ZsQk5ZTldU\nbHNsVWxzUkNFVGkwQ2pieFdzc0hydk1pNFJnCkxkVGVYL2MwVlgyYjBEK2Q0MC9w\nR2dMbTFnTDE5NnFkOEFKMlNlSXhCUXcKLS0tIENyZWdGelVhcEVYdWRwQVJ2ZGFL\nbFZmQU14RmlOb3Q4MjhoY09pYm1lYzAKad5Pgmmhjq0Qh8cMnJ9NinIOxvmRoHD1\nvFk1knmcLh/IJqshQCAgxmdciG7sFa62eKbB8/a8X+lk5Wstpn8Ptg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dTZWN0wreHAzNGFlTVJo\nZnAxZ3ZQYzFHTGdTUVNnVmVuS1I4YVZqRENvClY3QzVaZGwxRVk1c0JrbDhObzF1\nMFErbFpmMFBpYWhZK3N0ZGtkeklMcm8KLS0tIEpNUFNqa0RRV3RiUnRjTXN6ZnVa\nLzBOenFydE4vSkdQZ0FpamY4VC95THMK796rEHXR0K1VrNZofw7nk6SlvJx9cQcU\nswcrNrGBSrSO2mOX+fRKqBMfP0BMsCdk/jmdwl/RjTqPPQI4/hwaTw==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdkc1K2tWSW5JOFgwRC9K\nWnllZ1p2VzdzNHpndCtCbCtiZjM2RjVrN1ZBCjJ6cmRMY01zMUlHSW9qWXBhcm9K\nME1XdUVvUDREY0xQb0RVNkdQT3c1N28KLS0tIDY4Y0hQQ2pXa2FOdjF4TGV1OXlN\nR3FKZW44NmRjK0RvL1FFeGdwNXNSVU0KABokxSf7LA/Vvroyetg89h1agpv7GmVm\nDn0CK7lGvJ2pMBIiQGtrCdjYunY+4LJQbskgznoCIMbzE9WAcJigAg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESXR6ZGErTXAwWWVXSmQ3\naXN3eXE5bnRtV2d4ZjhtdzA4TC8xY1N6NkJZCkJPQy8zSUF3NFZEWEpiQ2tydUpx\neUVGZTk2WGQ0UmpBMWJ6Wi80a0tBTmcKLS0tIElTam1JcXRwa2JTNDFZZFF2OXcy\nbGM2cTVGbk01NWNmcU82S2l3Vi8wWkUKiwlczJEkpti8LeCgGU2FOy2xf7sKq5SE\nsUrxF5Iv7gAA0Rm733p0DGNdtf0aDK+Ds5PaC6btfHpwDMLG+keRwA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-10-07T21:36:03Z",
diff --git a/secrets/postgres.json b/secrets/postgres.json
index e96dc77..23220cf 100644
--- a/secrets/postgres.json
+++ b/secrets/postgres.json
@@ -12,21 +12,25 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRlE1TCtxTTd4RTFtVG9l\na2ZKeEZZMC9YZDBEc0FCMXQ3ekMwczdhZUFvCkcvSGRsVmVDSjdNMW4zNVhKdFhv\nQjdnZXBJMmdORG0wdzVKQ1ZDZ0xVbUEKLS0tIERtK1J6UWQzVTZsUGVrcFFYelBB\nWnFQNGI3Y0JzbHNlcjNxL2FjaVh2Z00KMkxXtxMB656xgwFDd3SI1HeTsyFQ18Rj\nPQZYwbVHgQ/KUo/t6zRFN6RwNQ+eqcgl+x/eSilUlFf8x3sg96OKhg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcEFnM2tIV3YwYzlEL0lU\nUXpIYTlwanVUSUlWaDA1ZjBVWUV5b1RxOHpJCjBMaDQ4YnlYQVZzRmpRcEJCQkRQ\ncWV2elZ1eUZIcWluam9ZR3BLN2RBZU0KLS0tIFJMVXNUWWdOd0c3RXBGZllrZEtU\nZ1MvdjdqZzMreDJBUU1hS1hMWTk4N3MK0xPPjEUxIMqEK7DNCy8bcW2Ewuby2pc6\n/DHW7oRaCBOHeGKlfeTYUC3sb0UkjhdxzHg4GvYzDfg10CBvTzx+Ow==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMjNRUVp1b0R1OWwybGVI\nbjVvWS9CblRQdW9yMldZVmhNUU4yWU9QSGxzCjl0SWlSbHBkektucTJzUUgrcEhp\nMm5weFp0WGJJdUU3ZHZUaXBxUEl1WEkKLS0tIFliZXJDS0V4TlJkdVpMYks5UTNa\nT2hhVzl2cDdUWUVYSXhYbVpET2k0SWcKmqiJMB2N77WenKzx18ADkg56YEW+PNk2\nZX3vvcuU2eLZ1u6O0y7melm/CG2hgYi/oXV+c7Xddva8LN3tbo77MA==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWU3c1S01nTVg2TjBaRHNF\nZVBuVEVkZXZVSUdMZTBsVUtFOXpEdnU0bVQ4Ckc2dXVKRi9kMWxhWGx0bFRkblJr\nbldPSlVLaktmUWNGbFhvcjZSaDNqWVkKLS0tIEp5R3JnS2Q0eEVENjl5T054cERP\nbDdoWFB5SjkzYjBqUTluVXBTSVpoU3MKzRXlzAUzziS0X7mboM9kHXpqhbR7jRZi\n8kLAL1+C8BUz8ZlG5WOa7rqZDQKmqoXyLh0OHLjGe4ZucCk/Vt/Wlg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN2k4QnR0UnhXTHFTUUlz\ndlJpYVBaeHB5eitocktmV1hPN2Vxa0pjYUhBClc1REh1UndRM1F3L082ZElrZkJZ\nWk56Z1Vrd0xla1FSb1k2eGN4UXlud2MKLS0tIEczMWVuVkIwOGNRamE2OW1VNWlT\nZXdBTUxMNnRUSlhHbGtndzZISm1jM1kKvg5s5u68gW9PeQ8cYRqBwqHu352bv1jQ\nQUSPxQpGZilZz95BUMEniAa75ljAD7b9v9zmxLDRreC+4L/thCdMFQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdHd1d0VWNkRlVnpBZ3E0\ndDdQY2wzWnlFN1IvdlNkZmRnTnYzVE4xTmhZCkxrTjdNa05PaXVpYUlBaUJaY0JZ\nVEdhRXBhbkhNT0txNlFqdm96d3pPencKLS0tIHVUWGJ5b3E3cG1SUDJoMklwWklK\nRTRIY2dKUW5rYzhjM29jQy82SEtoeEkKe0gZSFWpSCsTNomKlR8CGbY4BdSQCofS\nTXFkkQZbQuDuKP1sYBHb9Srjm51KJlWy+fMbvluUIgir8r6irW2vTg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clFVS0JZSkhmNElLa3N2\nNFdkT091dzZPdXUyOXNUNkk1QzNMS0hJengwCjcya01LanZhTXNsaGpQdVIvNlRl\nZnljZkhZYWVUR2xJckJPbUpnOSt4SmMKLS0tIElMcGNRTVJudXFORG4zZ3drdG1C\nYTZPcDh4OGwzUTZDVlhWNk55bDZMd2sK/F5ZGw6Kf8nWRXDobOonFDtPlSSU5c4u\nAEvihsNSDR3MwvQgu5jJCuCeRGLdXaOqBBEYrIamIcAlVKGeT6y/UA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
- "lastmodified": "2023-10-07T21:56:51Z",
- "mac": "ENC[AES256_GCM,data:L4f1WW6Wjh/2qEHyqLR16kpM2dmxft9He9E7bADwGk40CKPq2pdh+3MvHsHIPHDoo87f3UO7yJUWsES80vKwjaLIqkeRfVJRFP4Ci/m8KZtWJBtEdaHfU2nKegBTmb797CvMZN8rAvn/AeFl53sNK0QtYAnJhIctZ72rh2kGepQ=,iv:phi5SwKZ8ESWKZntKUkZWfl8NdTvH3Ax7rnuT2bz4vM=,tag:fFQOutSnTO9no1atbravLA==,type:str]",
+ "lastmodified": "2023-11-12T19:15:05Z",
+ "mac": "ENC[AES256_GCM,data:X+IfWdAse4x0THf5EQvH8IKyw+sCEGs/7DbejSepC2uAGYwYEhfdCMDoX/jR7+mCSnmCMsV1ITkiAakJjT6inIqm/p+WO6w01wJiC5N5PrqwEvYFYzZQBrIykqXSZ52aq3ySXorI/lqZo+pB5SZPVolZAqT5CPKl6PmW9dFakUQ=,iv:Xqj4Jjrk5Y4Ybzodl359ATJUi1bDFhUM65UFLzWLPu0=,tag:PnS5ynJVhKZbCQR1SrjGQA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
-}
+}
\ No newline at end of file
diff --git a/secrets/vaultwarden.json b/secrets/vaultwarden.json
index 310e3b9..7fc86ad 100644
--- a/secrets/vaultwarden.json
+++ b/secrets/vaultwarden.json
@@ -11,15 +11,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGlkQm5DeFdTRlJQUkt3\nNld3bnpvMVlzOXprT25aTVR5YUg2R2psRHlRCkxVbHFkQmZtaEJHam9wblJ2NGxl\nRWhBVXB3Y1B3MVRmdFVuc2x4Snd3YW8KLS0tIDlpbHo3aUpvQ1JidUZuOUpEVGdo\nWEtVR0hDR09DWEZTaU4vTTI1VndnQ1kK+gHHkQvm6W9+u7CroftmI2ruMdy18vBr\nf0m+GwOs3tsVGCZn6G+WfPJ3LClZPt4Z66iHU2eNUHTjbM/CvRgJ4A==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrK2NIRVBjc0JiMHNQZjUx\nSjhVZTh6cXRLNWg3TENIcTJHbDI4aHpid3lJCndISXlpSHlxY21Ic1RzajROWjBm\nMEpGSkhhNTVIL25HbU5FdzJFRnpEUnMKLS0tIEVkWXd0UUFTdTJ0bUhuNmwvRFhD\nUU9YU2NWWGtLM3hCcFlLWW5hdXR0ZG8KJQeHLhFnHhhJ4d2zZzEDxCLvoKcsP63V\n7nMsMjkCXIggPhsr49i8k8CxSx0HnuxaTaoej5Dg8fo1akV/2Gah+A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudStENzJUTHp5Tm5FaEN5\nVmltSmFJODNqc0RQL0I1S0EyaUlhcktlVUZNCnFQWExWSVgyWlljZno0ZmQyRVJm\nYjFuZy9lMVRmbmMvOUQ0OHQzaG1PRVUKLS0tIGFPc0FXQ0lQMUE4b0xnTHhhUEQy\nenM2emwzWTQzd2VNY3BPYkFhZ3RpNjgKGi3Twdd8XYulM6L9wRtlRNlG0m/+HyUb\nsgemlvcWo85dGK4HwftjVvT4Dkc1X9lXMV2Km3+5GtqXLZLWIsg8aQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMmxqR2E1enJ3ajJ1THNN\nNUs0NkJMYTVSc3M2QWVGbGZCd3QyUEFxelFnCkVlU2tueWFDUGdHWE5xbTBHZzQw\nWG5wak9tWVphbnh2bHhCN0VSUHFNclkKLS0tIHRJOHBTTCtCL09OcjBaZ0tzN2RW\ncnV3ZDFOdVZBTnlXclJyU3ZDVE9lUTQKH6zR2NbT0II+NlSn/yMsA8D8G7zchgZ2\nZEVqWLTwSGMmJ3VVAJzzXTJCv3Eebizv9emxaEPr/ZzDYAvTbkuUfw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUd2ZiN1F6Q25IN3BpbTRG\nSXI4OW1PdG5rb2krai94ck0wZFh5enBJSFZBCjRnNHB5c1BmNEJIb3FiUEFmQjlV\nKzNpOUJBYzhvd1JSZDZidWVLMVpnZjAKLS0tIFBsOXllU0VZS3NmZDJTZm80bzNp\nazlOUjFPT0MxREVFNVhINVliYm5vRG8KSWa74oUBA4XnnN296zlRvCyhUr2qkm1j\nXlMbq8gYpoL8ttqqyoXfevY7ifezt+U2ookzlONXe52ZENShLofqZg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbXlDVC9jR0xHNFMrc3p1\nWi9PRWJMcU5XQXN0NnE3VEJzakdtcWJ4ekg4ClRFVzRsZGh2a2c0eVJtbEtNcXpK\nbFpNcXdRaWkyNnVkSlN0dGtEZGlYcjgKLS0tIFlpZm5mWlBCMTY3RW9lOWpUcC9a\nVXgrSE1VQjUwQWJoV1k3UUprODFNS0kKLbxlSLaATJuAI3DP+XYxld/nKF63qyKj\noU0vupfCbVWxaniJivytTpkom65twM0YP5pBsmyHGou44edI9ezbjQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age1zunqahfz404x7v8x0gs4hv5kq2xlyvqmukhlwvpymj74805jcunq4r7ugv",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3N1JoaVRUVVZoa1RLdkVj\nUHJ1U3pwTE0zRHl3aU1OeE1RYlBCVnB0ZENRCnVYQkNIMkROR2R2TmNFL1JLZE5l\nRFpZYWsxQjNMQTdFVFZ5S0NWeWlRVkkKLS0tIFU1cTgrRXNsam9FMFpXY21IbUFm\nTXgzMm5aQ0ZtK2tQN2RPUVB3Q25Jc1kKWoYlImOpfDyFI7nyoVpLGUfRX+T59NjJ\nLEgWMBnYYeCyrA3QzryZk1HtJnnqjDwBRSCM3VJOd/I7v0N+c8wHew==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-06-14T22:17:50Z",