diff --git a/flake.nix b/flake.nix index 635d62f..8785258 100644 --- a/flake.nix +++ b/flake.nix @@ -70,6 +70,11 @@ modules = [ ./hosts/vm/redite ] ++ baseModules; }; + reverseproxy = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/reverseproxy ] ++ baseModules; + }; + thot = nixosSystem { specialArgs = inputs; modules = [ ./hosts/physiques/thot ] ++ baseModules; diff --git a/hosts/vm/README.md b/hosts/vm/README.md index 1e4607b..84466b6 100644 --- a/hosts/vm/README.md +++ b/hosts/vm/README.md @@ -22,6 +22,10 @@ Serveur Matrix, bridge IRC <-> Matrix et interface admin pour synapse, accessibl Serveur redlib (client WEB alternatif pour Reddit), accessible à . +## reverseproxy + +Serveur qui héberge un reverseproxy et une instance de anubis. + ## two Serveur NixOS de test. Vous pouvez vous en servir comme base pour la configuration d'une nouvelle machine. diff --git a/hosts/vm/reverseproxy/default.nix b/hosts/vm/reverseproxy/default.nix new file mode 100644 index 0000000..cc37e51 --- /dev/null +++ b/hosts/vm/reverseproxy/default.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + + ./reverseproxy.nix + ]; + + networking.hostName = "reverseproxy"; + boot.loader.grub.devices = [ "/dev/sda" ]; + + users.users."nginx".home = "/var/lib/nginx"; + users.users."anubis".extraGroups = [ "nginx" ]; + + crans = { + enable = true; + + networking = { + id = "51"; + srvNat.enable = true; + srv = { + enable = true; + interface = "ens20"; + ipv4 = "185.230.79.42"; + }; + }; + + resticClient.when = "03:42"; + + }; + + system.stateVersion = "25.05"; +} diff --git a/hosts/vm/reverseproxy/hardware-configuration.nix b/hosts/vm/reverseproxy/hardware-configuration.nix new file mode 100644 index 0000000..f512116 --- /dev/null +++ b/hosts/vm/reverseproxy/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c4c2de17-2965-4c0a-b4c5-7d518712c9aa"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + # networking.interfaces.ens20.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix new file mode 100644 index 0000000..c3315cc --- /dev/null +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -0,0 +1,198 @@ +{ pkgs, ... }: + +let + anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml" + '' + - name: whitelist-crans + action: ALLOW + remote_addresses: + - 185.230.79.0/22 + - 2a0c:700::/32 + - 46.105.102.188/32 + - 2001:41d0:2:d5bc::/128 + + - name: no-user-agent-string + action: DENY + expression: userAgent == "" + + - name: ban-gpt + user_agent_regex: ".*gpt.*" + action: DENY + + - name: ban-bot + user_agent_regex: ".*(b|B)ot.*" + action: DENY + + - name: ban-WebKit + action: DENY + expression: + all: + - userAgent.startsWith("Mozilla") + - userAgent.matches("AppleWebKit") + - userAgent.matches("Safari") + - userAgent.matches("Chrome") + + - name: ban-Barkrowler + user_agent_regex: ".*Barkrowler.*" + action: DENY + ''; + anubisMirror = pkgs.writeText "anubis_mirror.json" + '' + { + "bots": [ + { + "import": "${anubisBotsMirror}" + }, + { + "name": "allow-repo", + "path_regex": "^...*", + "action": "ALLOW" + }, + { + "name": "deny-other", + "path_regex": ".*", + "action": "ALLOW" + } + ] + } + ''; + antibot = pkgs.writeText "antibot.yaml" + '' + - name: whitelist-crans + action: ALLOW + remote_addresses: + - 185.230.79.0/22 + - 2a0c:700::/32 + - 46.105.102.188/32 + - 2001:41d0:2:d5bc::/128 + + - name: no-user-agent-string + action: DENY + expression: userAgent == "" + + - name: ban-gpt + user_agent_regex: ".*gpt.*" + action: DENY + + - name: ban-bot + user_agent_regex: ".*(b|B)ot.*" + action: DENY + + - name: ban-WebKit + action: CHALLENGE + expression: + all: + - userAgent.startsWith("Mozilla") + - userAgent.matches("AppleWebKit") + - userAgent.matches("Safari") + - userAgent.matches("Chrome") + + - name: ban-Barkrowler + user_agent_regex: ".*Barkrowler.*" + action: DENY + ''; + anubisChallenge = pkgs.writeText "anubis_challenge.json" + '' + { + "bots": [ + { + "import": "${antibot}" + }, + { + "name": "challenge-other", + "path_regex": "^*", + "action": "CHALLENGE" + } + ] + } + ''; + anubisMirrors = pkgs.writeText "anubis_mirrors.json" + '' + { + "bots": [ + { + "import": "${antibot}" + }, + { + "name": "deny-other", + "path_regex": ".*cdimage-.*", + "action": "ALLOW" + }, + { + "name": "allow-repo", + "path_regex": "^...*", + "action": "ALLOW" + }, + { + "name": "deny-other", + "path_regex": ".*", + "action": "CHALLENGE" + } + ] + } + ''; +in { + crans = { + reverseProxy = { + enable = true; + virtualHosts = { + "eclat" = { + anubisConfig = "${anubisMirror}"; + httpOnly = true; + target = "172.16.10.104"; + }; + "eclats" = { + anubisConfig = "${anubisMirrors}"; + target = "172.16.10.104"; + }; + "install-party" = { + anubisConfig = "${anubisChallenge}"; + target = "/var/www/install-party.crans.org"; + serverAliases = [ + "i-p" + "adopteunmanchot" + "adopteunpingouin" + ]; + }; + "lists" = { + anubisConfig = "${anubisChallenge}"; + target = "172.16.10.110"; + }; + "mediawiki" = { + anubisConfig = "${anubisChallenge}"; + target = "172.16.10.144"; + serverAliases = [ + "mediakiwi" + ]; + }; + "mirrors" = { + anubisConfig = "${anubisMirrors}"; + target = "172.16.10.104"; + }; + "mirror" = { + anubisConfig = "${anubisMirror}"; + httpOnly = true; + target = "172.16.10.104"; + }; + "perso" = { + anubisConfig = "${anubisChallenge}"; + target = "172.16.10.31"; + serverAliases = [ + "clubs" + ]; + }; + "wiki" = { + anubisConfig = "${anubisChallenge}"; + target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas + serverAliases = [ + "wikipedia" + ]; + }; + }; + }; + + services = { + acme.enable = true; + }; + }; +} diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 97f7c4e..42b43fa 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -130,7 +130,7 @@ in ipv6 = { addresses = [ { - address = "2a0c:700:2::ff::fe01:${cfg.id}02"; + address = "2a0c:700:2::ff:fe01:${cfg.id}02"; prefixLength = 64; } ]; diff --git a/modules/services/default.nix b/modules/services/default.nix index 9c1cafb..5c91cc2 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -6,5 +6,6 @@ ./coturn.nix ./nginx.nix ./restic.nix + ./reverseproxy.nix ]; } diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix new file mode 100644 index 0000000..177093c --- /dev/null +++ b/modules/services/reverseproxy.nix @@ -0,0 +1,177 @@ +{ pkgs, lib, config, ... }: + +let + cfg = config.crans.reverseProxy; + + allowAll = pkgs.writeText "allow_all.json" + '' + { + "bots": [ + { + "name": "allow_all", + "path_regex": ".*", + "action": "ALLOW" + } + ] + } + ''; + inherit (lib) + cartesianProduct + literalExpression + mapAttrs + mapAttrs' + mkEnableOption + mkIf + mkOption + nameValuePair + substring + types + ; +in + +{ + options.crans.reverseProxy = { + enable = mkEnableOption "Configuration du reverseproxy."; + + virtualHosts = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + serverAliases = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ + "everything" + "voyager" + ]; + description = '' + Déclaration des alias. + ''; + }; + + target = mkOption { + type = types.str; + default = ""; + description = '' + Indique la destination. Il peut s'agir du chemin vers des fichiers statiques. + ''; + example = "172.16.10.128:8000"; + }; + + anubisConfig = mkOption { + type = types.str; + default = ""; + description = '' + Chemin du fichier de configuration + ''; + example = "/var/www/anubis.conf"; + }; + + httpOnly = mkOption { + type = types.bool; + default = false; + description = '' + Interdit les connexions en ssh + ''; + example = "true"; + }; + }; + } + ); + default = {}; + example = literalExpression '' + { + "framadate" = { + host = "176.16.10.128:8000"; + serverAliases = [ + "everything" + "voyager" + ] + }; + }; + ''; + description = "Déclaration des machines."; + }; + }; + + config = { + systemd.services = mapAttrs ( + vhostName: vhostConfig: { + wantedBy = [ "multi-user.target" ]; + } + ) cfg.virtualHosts; + + services = mkIf cfg.enable { + anubis = { + defaultOptions.group = "nginx"; + instances = mapAttrs ( + vhostName: vhostConfig: { + enable = true; + settings = { + BIND = "/run/anubis/anubis-${vhostName}.sock"; + BIND_NETWORK = "unix"; + TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; + COOKIE_DOMAIN = "crans.org"; + REDIRECT_DOMAINS = "${vhostName}.crans.org"; + SOCKET_MODE = "0660"; + POLICY_FNAME = + if (vhostConfig.anubisConfig == "") + then allowAll + else vhostConfig.anubisConfig; + }; + } + ) cfg.virtualHosts; + }; + + nginx = + let + domaines = [ + "crans.org" + "crans.fr" + "crans.eu" + ]; + redirectConfig = mapAttrs ( + vhostName: vhostConfig: { + locations = mkIf ((substring 0 1 vhostConfig.target) != "/") { + "/favicon.ico".root = "/var/www/logo/"; + "/".proxyPass = "http://${vhostConfig.target}"; + }; + root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target; + listen = [ + { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } + ]; + } + ) cfg.virtualHosts; + aliasConfig = mapAttrs' ( + vhostName: vhostConfig: nameValuePair (vhostName + "-alias") { + enableACME = !vhostConfig.httpOnly; + forceSSL = !vhostConfig.httpOnly; + rejectSSL = vhostConfig.httpOnly; + serverName = "${vhostName}.crans.fr"; + serverAliases = let + aliases = cartesianProduct { + name = vhostConfig.serverAliases; + domaine = domaines; + }; + in [ + "${vhostName}.crans.eu" + ] ++ map (value: value.name + "." + value.domaine) aliases; + globalRedirect = "${vhostName}.crans.org"; + } + ) cfg.virtualHosts; + anubisConfig = mapAttrs' ( + vhostName: vhostConfig: nameValuePair (vhostName + "-anubis") { + enableACME = !vhostConfig.httpOnly; + forceSSL = !vhostConfig.httpOnly; + rejectSSL = vhostConfig.httpOnly; + locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; + serverName = "${vhostName}.crans.org"; + } + ) cfg.virtualHosts; + in { + enable = true; + virtualHosts = redirectConfig // aliasConfig // anubisConfig; + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index b7a9526..dbec4ca 100644 --- a/secrets.nix +++ b/secrets.nix @@ -37,6 +37,7 @@ let neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGfSvxqC2PJYRrxJaivVDujwlwCZ6AwH8hOSA9ktZ1V root@neo"; periodique = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTdfSIL3AWIv0mjRDam6E/qsjoqwJ8QSm1Cb0xqs1s1 root@periodique"; redite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwfVmR3NjZf6qkDlTSiyo39Up5nSNUVW7jYDWXrY8Xr root@redite"; + reverseproxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOx/lUQE6naP3EBy81sr93X8ktZmivU09ACx6T43Odhb root@reverseproxy"; thot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKNg1b8ft1L55+joXQ/7Dt2QTOdkea8opTEnq4xrhPU root@thot"; two = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpaGf8A+XWXBdNrs69RiC0qPbjPHdtkl31OjxrktmF6 root@nixos"; vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICn6vfDlsZVU6TEWg9vTgq9+Fp3irHjytBTky7A4ErRM root@vaultwarden"; @@ -49,6 +50,7 @@ let acme = [ hosts.jitsi hosts.neo + hosts.reverseproxy ]; # Fonctions utilitaires diff --git a/secrets/acme/env.age b/secrets/acme/env.age index a550ebd..72ebb92 100644 Binary files a/secrets/acme/env.age and b/secrets/acme/env.age differ diff --git a/secrets/apprentix/root.age b/secrets/apprentix/root.age index bbffde0..97706ae 100644 Binary files a/secrets/apprentix/root.age and b/secrets/apprentix/root.age differ diff --git a/secrets/common/root.age b/secrets/common/root.age index 8625a46..f7dff4d 100644 --- a/secrets/common/root.age +++ b/secrets/common/root.age @@ -1,36 +1,38 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg HOeKe2eK/aS5I03IhDzGxNmTYjsl3voLEZzo1Eo6tU4 -5kDl8YdkXlldYxDAA9d7ZY7U7dDXK90gGlC0rZbKssM --> ssh-ed25519 iTd7eA 4b9kmbrtMR0wqxGPp+zSinQkBrrpphUqDPU8znOKGgo -OLhmXA+tWFeIXvjHFPHxcqT4kI3u4ZjCkqQnh9jjl7U --> ssh-ed25519 h5sWQA 0CdrNIrGvOV5MbbruvofVYSSvvFZTo2NKIe5ObGskRU -NV8yW4h53LbM4z7h65gX6gjZvSzrMES88+TigkNYsjI --> ssh-ed25519 /Gpyew rzL9LqVqxaBtHpXV/J4waJtYKXMfYENvmPTOT71bxk0 -+BvI574uhXeYggaCsCdk41ngl9SmDDMEkIM6Y9gzVXc --> ssh-ed25519 FtI9pg 8qEeHhQb1Si9kAxbeHOj2S5cAOxRKIxFI0CDBhRzLwc -Zm+ecEMJf+KybsIPZPhwm4IM1cyb3mu8OeuRebqecdA --> ssh-ed25519 hTlmJA lumh1xqYQtE9dgi1IWy86u6BURcR+o2skd1Qv5VJYTg -58HTMO2z80oGNdAJbP5+8IBiHPyux6rZGd50jfG1xp4 --> ssh-ed25519 LAIH1A hEZ2oJzLTpZjzKHohaTjjv7a2eZXa8sRioUY5doWVFo -63wnlO8v8zf25z+Thu7b/SbJxHcb9YXkhFlxAscgl9o --> ssh-ed25519 qeMkwQ d7iWnCnWqlI4zahgvjgqsihXoyivln/FOCQqnYCwoyw -H0a0zCTE1cW5oW+aTJrtBnVGJLxsfjmGB3r9FyWl3UA --> ssh-ed25519 TqxOLw ctsxZCLOpeALmB98dzyiEq2ZUOxAvxHUKSR7qbzTjwA -apaDGw8eBs0BNPoi0qC7FR2Otqr7m3vby2M7F3cbHbo --> piv-p256 ewCc3w A8b7dyXfbD02u9w3dR6O5zI38vk5ugVqLDCENdcQfY/d -OETvwkXXQZWUeOiqpOn5IZ4c+EOAaZFFehWY9vGqCd0 --> piv-p256 6CL/Pw AyHxDyxvA9gv4d5be5yXnGGavgeHITRV1x1gNiY5z/cz -zcXakgy9Hr1R3eXrgYI1t8RozOjlAdUh/lXS6siL/MI --> ssh-ed25519 I2EdxQ hXSBASbQg06854UxXOGnTJBRMXiehol3KjIG+LU35wM -cUsysgvO/y3Kd/iDvkUPyHkiFS+J6gDKMMIXSi2Yr60 --> ssh-ed25519 J/iReg z/L3B+/EL7fW2t3MFGDLn6+2YzxhQqitFabi7GVjsX8 -nHyC+TpPKb3Iqm+YKXt5otuO785f1T7E49hWCt6zOSE --> ssh-ed25519 GNhSGw VDYQnBCfmDZbirQRkv/miOU31TYZafRxckltnbGdGi0 -j7reZzDf3SJTzN1q8xZY+LMdTncli/5ia9aBi8yt4Zk --> ssh-ed25519 eXMAtA viKyTQHsrPGy0MLicGAR/CzOavCyTgsV5KNnydNRDDE -m68TXreCwUQnhWbBqxAZ0ujYcn4kXKmNb89/2+0OAuQ --> ssh-ed25519 5hXocQ tHX/UfzefaF0YPdIUja4weKyEWv0LWIFaAnpLODMbDE -0ium7CQZBqQfH0s90ArJ+3FEp6EARZSqcet365TLyI0 ---- PUvC1MJkkbgfTeLAx3F6vSb3WzBmUX+QtR0on6Svvck -}sޭR*dv -u8aBc%*+<:&ڠjD^/~qͪ(F=g$ \ No newline at end of file +-> ssh-ed25519 2k5NOg cR5ohdfnKc3NNlGxdVDsLe+jAmLBIfOiaGfFAPPmrTg +848H6k08p4PzbkD+c4AdtGAK0D3fxFFOEzrvqvFDgbg +-> ssh-ed25519 iTd7eA AWwcHOwmn5hHn3POEFF5pJpvWJ8lcbrMe3n3JqBfyX8 +D2PdIh6BFBocjfNeDLY6f9Th0yixTBp7V6sMVEzoXjY +-> ssh-ed25519 h5sWQA pWqJ5nuVHkg6rFvGn+8tkdH/cKQ/xwIMED/giZeCOGY +GOKAPL951GOkyQxM2SEst9Yv7Omhp+y22zW/Vbu0x0Q +-> ssh-ed25519 /Gpyew kRpo5sKEN283fFQpr2ML9GuhpugiqRsQ0Ezc4BjBKlQ +8hKJmmgoNapIruh1hc+EUyB/uZVKvtZrocPPd68naMk +-> ssh-ed25519 FtI9pg Ieby+KtL7TViX81m58F+y1Ll3aZubWndFBOpVEEr5jQ +JhpUwA+U5ppm+SCPzQ0JNA/hjGGUGd+6xpDenjPsnt8 +-> ssh-ed25519 hTlmJA HTUuHAiK0jRB86m9kxk+K/U9b7cnTLwJ6DizUhpNOjw +T6VuoPzd196TizLAJgi4xa4pMXlF8nzrbQMENRbRlY0 +-> ssh-ed25519 GCcVXA 9mjW03T5ockAAAtZtVjIZTIYOXwaCeG4nAK+K/97EDs +yYYVpyomBECUSw+huUaX7p9TdBclUukd0m1tZbrOP/0 +-> ssh-ed25519 LAIH1A 6aYzD3onWE/lZE22Y+ZRcXqZX8ODq8gM84fvtIuG3ws +kuNjmtOxsCC6xpsMpDN+d5/nmKgKo5Q2n/NvVEJGqVk +-> ssh-ed25519 qeMkwQ UkTD2aRW1DcE1pwwcUY5jdzFry47IOfrgcFeb/7U0iE +0K3bYslOGMvhvD52C/OYKWLCSD/GFYUnbAMNGOwJ4O4 +-> ssh-ed25519 TqxOLw ucyZoaPMI+iC/lC8fdZlSwL70ScqA/18rFgZKGrWbw0 +fNLP3zECUQUOz33Rf2XZLHiY4uSt6oc0z5U7x0GBmtc +-> piv-p256 ewCc3w AocWW7SEg3MVI/sCjCHu9obVVVVbFcfFazpmTTR+PRMj +498jlz/DJgqzZxmvF6sRHruaOK9ssXpuM1UfbZwzWE0 +-> piv-p256 6CL/Pw Au/taJ3kM3uj06PdSgUPHC6UVCCOYDbMY2m2Eofbi63V +9NRjQxdkGM6lNnRvqWyR7ugweuvw4R6oCG2Qm8JBPuk +-> ssh-ed25519 I2EdxQ nek4QEs28RjB5LmGI8QmI+PovaBsP20H58HLft9t314 +7kD4VKhSe8GVI6G5nEEB9S75nqiWcw2KIq5yXQW6pkM +-> ssh-ed25519 J/iReg NaSxlV2jBjaEHjddB2x5wiUfu8dqzgPOKB1vaRo8cUY +b2Wak21uSh9FEcCsXAc9zjuakI0B7e2D4j1EmyKHCS4 +-> ssh-ed25519 GNhSGw /0K7Q0S2PLsIa4gFjFpwcXYHhRuDdRJH16FMX2/tJhs +ti7iUykOROYtos8+jPlQoyCur3hhgZumzzaqHwE/k/g +-> ssh-ed25519 eXMAtA wx6srIjvJ9E+lZzvg6jvtAVmTg/0B6x6f1zv8D6LuEE +iFjLVZ/c/pevSRzoBUee07TX2/tVFUThvvP6Bek4LIQ +-> ssh-ed25519 5hXocQ an1+7W1qN6bEdGXBfio99DzkTcZC6gEOm2ZQe11x5Us +cbPU+Ih4aUVSOOveg/mQnV57Tn8boE4CKusOag5ZgNU +--- Ya9fvOnvystGbDpL8ti3cqD4sNIaMNF1Yv8OuviMgjI +Vj&qnZ6#;8BCGE1Wsb +4. 0cjA]I#M \ No newline at end of file diff --git a/secrets/neo/appservice_irc_db_env.age b/secrets/neo/appservice_irc_db_env.age index 45a9099..e7635bd 100644 --- a/secrets/neo/appservice_irc_db_env.age +++ b/secrets/neo/appservice_irc_db_env.age @@ -1,21 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew YVx7IZ+WDpGomt0tU3+KysRGtOidN460zNNLuT61HkA -ELYa1OqUFYqOqMrEyQIfUUWXWhYqCy0s9/SmOVFUvFA --> piv-p256 ewCc3w AjjDfaGF/im0hTAtKcNCzEUi8hM0VJj05y1KA7Fsz+d1 -Tur19NeaxPBbPEN+6zAnOFvdGuQVC1VkbmHlfikHT0I --> piv-p256 6CL/Pw A2dW6q45SBlXUKA5vTDDsXU4ZOSaAV2htfyMJcWTUpoO -h5yO5/9QNEOB872c2SdSbUZ7vRmYS1HTfqKJgZRwP8Q --> ssh-ed25519 I2EdxQ toLPTW6TrKZx1K5y1mN3gODSFpVfT4KU31v5XjJOQ2s -Do/p+oK4axHDjSfTVWtcdZRQFt2OPps0n9cA4Tp6lBo --> ssh-ed25519 J/iReg a4su4Gi/kohEXVXMZszlCWEQlkHNmLOH1t1P0Ssuqlc -03enelm16WI1AP4vAJbieDNGwFQSw52WeZ+isQhWQ8E --> ssh-ed25519 GNhSGw 22EAbCwSIY3SirGolGVRzvRSE164PFD+MOnr0aJSqVQ -YMeQhP95Bi/e7oNri11/W86b0ALkSyuFJ+hptOUy61g --> ssh-ed25519 eXMAtA sWsPopzbV8Ls82wmBwbnV5hCAlznq4TWO2paWn2RnRw -eDlZQr1F3FtuXDqc84vD3QUZzYNAsJe3L4Abw9Oqxnk --> ssh-ed25519 5hXocQ u7/+FfeY9SwM1wuqeOHgsYpq/g/o10+8Q8AA5ODBWRk -mA1+vo/7nM3GyrL5UtdyOwpTHdVcZQ8mtVX6xuk9cmA ---- /cchAACEC4BclR+km+6nZZjLkIteeIG8kt974NLjwlw -IFb)HӂDH2Co c(xXgPiVG+!H5Yn4jIfJdMK5GՔף7_!oFlcݓ/UNsmMӱ|o3 -E@ -,2?J{?7M|S ѷVWӔ| 7l~2ı/lP \ No newline at end of file +-> ssh-ed25519 /Gpyew CfIsypY8RtS9xiEz41Os6yTEJ0jLyq9abLnmD1BmIxo +kY6DRThZg1hsZsy5NtIwvronzqY+DntxMi/oJU2Lj1I +-> piv-p256 ewCc3w Axo2RjgPlDAGnV1KDiFwrKyYeb0ScsjaQ0ayZqWEusHm +FSPAP9v5jXgaus25xR94woquDnz6CCPawXpzUxgLBEw +-> piv-p256 6CL/Pw AxaFajLGlSPKOL3C13kdA5txo3XzaGyyJrEDeR5EGZFX +qNSby8foc3TUeMRkbLGEf/KhGMftfDdVs0yF/RJ0LBk +-> ssh-ed25519 I2EdxQ pz+wkE+wVN4zQgM6zlOECWXzsGXNjhqEItmTGPKleBk +24kTeX0aj4LWrOlEyhKCd4vj3+d0Rr3xynC4yiS3E04 +-> ssh-ed25519 J/iReg oYbqvVH3yyGrJHgruNtIDRlhqVyetK5o85RpxYR1NiQ +5k+78ZQsox92gUGw8JDHsK2dE09vMskLO5QDCAX4C2s +-> ssh-ed25519 GNhSGw rVguQoCqPt7EcodF4+4QLkb3LZcfIRu7PqdhR2W/QgM +xTHsVt8uQldI+l+dWaOmLIkFAnkal6wlNwqsrG8JoHg +-> ssh-ed25519 eXMAtA UcfI5tfsqs9wCacaTfH4U5E1kD7Mvk4kkruSbiwQngs ++mWFtbwsLW9fGGo4VKPc1JT2Cz66XBoVHNbunZyc2qQ +-> ssh-ed25519 5hXocQ CrXLt0QWY5gKVYRpjoE2ipTkI99bOsz3e2RlHxdQlyY +aUrsUJgVtCCSyh49XXINzxTlCtFVD9vESoHSu2GK2oU +--- yw1hzyJgwgfb66dS4w4uuY9v4Dvtvjis/aURt3Uaa9c +0.z.`uF/sF7"RKDm 0ReB_?э+?eոG7Rv(d֎"F>>6IM0@ ^Ʀ +珴JBV`>{:jt[y6շt2I5 N8H֔N0ja@j?p}W \ No newline at end of file diff --git a/secrets/neo/coturn_auth_secret.age b/secrets/neo/coturn_auth_secret.age index 96b8f11..b0493c1 100644 Binary files a/secrets/neo/coturn_auth_secret.age and b/secrets/neo/coturn_auth_secret.age differ diff --git a/secrets/neo/database_extra_config.age b/secrets/neo/database_extra_config.age index 99f843c..604be95 100644 Binary files a/secrets/neo/database_extra_config.age and b/secrets/neo/database_extra_config.age differ diff --git a/secrets/neo/ldap_synapse_password.age b/secrets/neo/ldap_synapse_password.age index 37e045c..0aba78b 100644 --- a/secrets/neo/ldap_synapse_password.age +++ b/secrets/neo/ldap_synapse_password.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew +A7G/2a79VScR2EWxRwH48Tsv96JgqSXQJkoWmucH0U -09dv435I9zm7RT6/evgzXcSl1gRpIFPIE74ES5zSqNc --> piv-p256 ewCc3w AydwzAVvlJQQykcKcrM2BxOicwS7e4ZG+t3Wd+9wyz07 -LQ0bZU1cQkROkEZrZr9PyMEnhCMi0b9+BgcG+PiJvps --> piv-p256 6CL/Pw At4qtMZGID6EKvwKkGNd7FTWMn+mmmbdeuY7nAjtaPjk -6mHzefuannU0JK50JlLiWHulUFs5iv073LJregUL2Zo --> ssh-ed25519 I2EdxQ H2MgML+9f4MNf4g/01+/V8n5UNNeEKL67MKaNTAcHWs -LWjC8FdlnDyImdiH+9nkN5g8Q5HLV9tOzzbuGZ7kpi8 --> ssh-ed25519 J/iReg nAN+oNfJcN6+qrMBApMUUOhiE2TSDT0jCL7OD0zfrkQ -X5zSCWnsPvijGdLsYusg0JdjsFExv2vQguq/Uph3BRE --> ssh-ed25519 GNhSGw G7OQfDkSwlvqc6ffJqzB7FMTRD9fA0oxT7VjdwMPbms -zdyQ0Xo+IjcW1TDetsijHbo2BhqIopga+bYy+3b6+0U --> ssh-ed25519 eXMAtA hQQVOPa8pw1xieN09bTBDVol3PsgiqH4/Z0Rk037tQw -DjRJWFH+xtXPdXwb6bF1zHilcA4t65ZORGUKYWXX7yY --> ssh-ed25519 5hXocQ slJCm8Hrse5zVlMc6kTOPcVuHpisFTjXfob/DAAgjDU -pebRHNQ1cUKkT7W3hl3x+Cf9Dc+YhHKgEsXXBRHrq3Q ---- EHUlBeA6vMSKMbct09Ouxn2EhqaG0AB/cMr4HEEFO9M -ĬV$# ' -["#ue&E8HyU;-4f$ \ No newline at end of file +-> ssh-ed25519 /Gpyew oaVD79l3EZWfSVKb8XpqWAV8NKXySVAPbWLoT1UA52A ++kOAxHr3zaV5i0JpQAtlAdU95Q9M3rJqGtIJ8XvPbkQ +-> piv-p256 ewCc3w AivgKvbuHgMuIJkXqo2/Cp3IF5MJAbfxKBMngMbKvQq/ +OKe5ZZH1BcR02enuqgNYQR1xUk4nwHnHUwFeWNa1+Eg +-> piv-p256 6CL/Pw A9Tk3dUEE9IL2Mke3E3mOe19oqDS9YTDZK3yRV75eJX4 +8qCQHjVWgfLk99WfT1694g3DvCozGbfYrf/cvsWygGU +-> ssh-ed25519 I2EdxQ iD7bG+gD5EB6IKt37N5wBIK+gykxKX08nBJmqUMIKyE +xs5EhKazMdwtYiBh8DWyZfp9N6oHUXKAUwJ3ipGnoUo +-> ssh-ed25519 J/iReg z+J9LYzBpAmrk+qs/bKM+dWZADzaCG1Zn2++aqngiUI +ZKj2uEEtSxI+VZmFMTIs/YCN27Dzaez55OHcRRcXGGg +-> ssh-ed25519 GNhSGw QiKR6ruzN9obAMMWEX1SJP6cuWG+zPer1EOEOubWcyQ +EGxT2dlZg9SBCH7MI6HygE6bgeyM2Njj+bfc9HVHAHU +-> ssh-ed25519 eXMAtA iD5onNylX7xPzgCZDnbio6+5GtbuO9lXDE+mwVb/jlU +rdadtpwMGEAwZOhYId9xeryALddEK3T4DQP6dfgSYN4 +-> ssh-ed25519 5hXocQ bhNzIK/vKeNNpqhZA9dEtHOlfYQ4sZpwF4Xy2Xm+yA4 +pD1xgl7iR1nYEjt7TcMQC2WzBlaMukoMNwBgomm0zzo +--- tMEzkXbsknws8FNrhwbH30AMAvDUtmI+IiQwUYCTLfs +׿[Gl +"7BMػr6X5Md D2sYǪ vE[p \ No newline at end of file diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age index 492f4c0..4e0abde 100644 Binary files a/secrets/neo/note_oidc_extra_config.age and b/secrets/neo/note_oidc_extra_config.age differ diff --git a/secrets/restic/apprentix/base-password.age b/secrets/restic/apprentix/base-password.age index 9bb9b58..10ca63d 100644 Binary files a/secrets/restic/apprentix/base-password.age and b/secrets/restic/apprentix/base-password.age differ diff --git a/secrets/restic/apprentix/base-repo.age b/secrets/restic/apprentix/base-repo.age index e01fbf1..84f0507 100644 --- a/secrets/restic/apprentix/base-repo.age +++ b/secrets/restic/apprentix/base-repo.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 cZNEGg Nlccs0f2Y+tAZuucnNzMSz22dgnFMOd0FyCUJa+33w4 -CZPU1BkxGDvaaB+0D6bX1aC5hbnewGsZlbGMcA8vB9s --> piv-p256 ewCc3w AotAQEs3SY2TWrLrdHxM+yNFP5tuOlgHoZBjXvxP05Sd -6S6kGPJI2O9zqtdDi8WaNVNBvCpHeRKWHOIOhABk3U8 --> piv-p256 6CL/Pw A4TXb9Qy/woxDSBTGwnYdPZs0km00wlYfLhoPpqcdS10 -VQ4DPWcWGajvCAGUAzqUESPix4q9h9J395HZ3aJ1j3M --> ssh-ed25519 I2EdxQ 5WhO2QjJWafz2x2FR2sxnEjO2B55ZcJUYhefOYTBX1s -dm3J6VOocxHUpTCkuP9aXEvc0ZD8q875I7WyHOyEn2c --> ssh-ed25519 J/iReg aWz3WK2d/Abh3ZQ2gxehf2hB48WEFom6zDAQOIBjJgE -mkRU9jHIPG2oGYVGMcv0qcca+yt2N6vKvjxPUETzCMI --> ssh-ed25519 GNhSGw 9Bq6Z12us2Ff8eDO8bBL8R/4QeMxgltI/UBTDx9MsCk -MnhroVnSzbA5b3kfnTChrw43Oga9pqFzzFTWMYB/f5U --> ssh-ed25519 eXMAtA atHAYPq5qXROeIOu30+OcS33GukjaxULkbTlBli4eEE -2kMozM1CVoaN5ua/SevxH4qsuDtDcux+7HRN2aug/X4 --> ssh-ed25519 5hXocQ K+c4QqO+w3CUCrHe5HVarwHNDD+RknZVTO1Pw5W9RWs -2C4Fxp21Wc9ZDj06B0QLOWzvSAnHdnEMtQtlcraGa68 ---- ucbVnMMTZihSbRviwcGbyxwDcUUEnyeJCDj6d4dJVX0 -Axy2~~Ȅ'a#tdy%R*w}iK@uql.*DaUq4 %N+36߂k!.ȃ lXNA_t^QlŹi@ 9d5G) \ No newline at end of file +-> ssh-ed25519 cZNEGg bcq2jdSV1iE6alm6V4KPX9MJUGF1MwIKVczTCKp0VGw ++MCRVeS46FKPHMH6VeSQ1P9aCU6+LmYtTlgdnHP8TUw +-> piv-p256 ewCc3w A34SQY8XltI0bXv5WNFztuk5eBbUiT2Vqmue4xRUTn1D +r76a0kI7G68qf7onVGAq4S5Z32DR6BEmCrSUZ+oYg8A +-> piv-p256 6CL/Pw Am45lx4DKBrRYWaDQA6F+5aN83+RTyPOuls06IuN0wR7 +39yE14NK9KhezDSFADfvIIzFoxEgUDV6REtb4ztpS1s +-> ssh-ed25519 I2EdxQ TYjJ2+ItmyRRzJLeQxNsyEtDy3GKsE7+X2EtqhEDmWI +6D3WNy7XUrRphd4qSeCJpgxIvuUsaO5Ip2geK22DnbI +-> ssh-ed25519 J/iReg lmLKh/Sl9ZCMmLsfsh7jx9GdUbB49w/zrYtSM4YfaGE +tOtKJkQrqI/xgVfLf64FCjsnJTxjj5YuXk1EmjXD79E +-> ssh-ed25519 GNhSGw UnFhELQY7g4PgkSJNXEFHIeeKwlW9NiUQmrQTY4KuCw +F7buN8iYpM0CkswV+O/jyMG73SjD6hY+AjULp7t1WCI +-> ssh-ed25519 eXMAtA 2n2v9JWA4s7b91DyfaYau/cCx06JgNKeqlBXquSJYUA +ToeRSuVsb9pLmZQxYKTxIEF/i3XTZDAM6MqBuEidClY +-> ssh-ed25519 5hXocQ s1XTnL4QkBRhW9SRQt0KrOj6gQRhfZm139UYGe7t2TM +tT5EdRyoilgWlZ8X6qfEB1Fe6GQ1f8V4gFvwFweal2E +--- bjfHy+S+lcKqOAt/hnbXDtlbDz02YuRsce6XM4KMwXg +HeL[1qrr`趘RIp) 8^Av_6xy+.d3d38Y%̡=2Ce|p%>[tW9]8Q9i#3T \ No newline at end of file diff --git a/secrets/restic/client_env.age b/secrets/restic/client_env.age index d05a765..77d12cb 100644 Binary files a/secrets/restic/client_env.age and b/secrets/restic/client_env.age differ diff --git a/secrets/restic/jitsi/base-password.age b/secrets/restic/jitsi/base-password.age index 6524e11..ca05a01 100644 Binary files a/secrets/restic/jitsi/base-password.age and b/secrets/restic/jitsi/base-password.age differ diff --git a/secrets/restic/jitsi/base-repo.age b/secrets/restic/jitsi/base-repo.age index c735952..61d0ece 100644 Binary files a/secrets/restic/jitsi/base-repo.age and b/secrets/restic/jitsi/base-repo.age differ diff --git a/secrets/restic/livre/base-password.age b/secrets/restic/livre/base-password.age index e9d8898..8cbb875 100644 Binary files a/secrets/restic/livre/base-password.age and b/secrets/restic/livre/base-password.age differ diff --git a/secrets/restic/livre/base-repo.age b/secrets/restic/livre/base-repo.age index 9277798..8a148fb 100644 Binary files a/secrets/restic/livre/base-repo.age and b/secrets/restic/livre/base-repo.age differ diff --git a/secrets/restic/neo/base-password.age b/secrets/restic/neo/base-password.age index 8aeaa91..6e8ece2 100644 Binary files a/secrets/restic/neo/base-password.age and b/secrets/restic/neo/base-password.age differ diff --git a/secrets/restic/neo/base-repo.age b/secrets/restic/neo/base-repo.age index 5bc4c18..76f8d7a 100644 --- a/secrets/restic/neo/base-repo.age +++ b/secrets/restic/neo/base-repo.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew uXq+MfJBkPm8swwZrPvdDvV2bDhpRym/ZeMGqys9BSI -j+YqicDZ4bihNJ7l8KdVkto+si2y2Hs0rCiP1OSu9pQ --> piv-p256 ewCc3w AhHSf+4ctgmsivwSWdryNpYm4pWmGYTC0uP8vCMFa9RQ -cLbPGip95TFpeVLVX4RAmr2M4wzcY7JKqOOmP+A6h+4 --> piv-p256 6CL/Pw As8p7SSauNa84TXKGtPw/R7RSv4Rcsw5i6QtiLm3Dt4e -6yEs/0Wz88KUPmqVRjtvnajydqb5g6RKHDIDltXE0Dc --> ssh-ed25519 I2EdxQ ql80kds5JxVbwiQSyn4iYM8Gd97hZZtZEIiwEc9gK2E -anQR86o7Dx/36CQefEsoaNpDVQEb6CnCh3n8stGXiDI --> ssh-ed25519 J/iReg pnMm4HO8/9T1OOTH7hKr7TXzEsmOZLD65LNUWGBbLz0 -N4FOYkaW7og8RdS2QG8h6PLtivNLmOHlCHF0YmJ4V6Y --> ssh-ed25519 GNhSGw 9J51AEaJRIcigTwyaiCkjP3qKxy+L/YegYZ23r+yHi8 -yT/24Ci1e4DfGIwfF9gLOWs3eCoeDen/w7uBUjxMTRw --> ssh-ed25519 eXMAtA eBsWiM0mKL4xYkI5IFjkLy6/qYTBRhoNAyE3iTd1Ez0 -R7T+pCgYRjHtmj/NTKYPQ6cd8WWC14y8aLDMT/kZ0aM --> ssh-ed25519 5hXocQ bOEbEcSTnUwrMUJ2VZNu1FPG8hNOUGIID/CscM+mRWY -18iZ/TdpvAeACn6oYu7pCjNc/lpONZBqt2NjufP/OMI ---- t+VOF1H5amjBbo1np9PvCtidQNXVEva9j6eByQd9Qkk -ZzQ;]/tG9l!jן 8UahXгLbs3?ɪ]@()x&pMao/\'Og8 Mc% \ No newline at end of file +-> ssh-ed25519 /Gpyew mx+zUDoJlBkJG4GUEJpTmF+7cekgNMAqGf8L/hLKdAM +TBwEFgEWExFwuINvzdrfck6mnBCIpUAekZdTBlX2jyw +-> piv-p256 ewCc3w AtCGtCqOkpF5bFUtuAiYe84lT+1G6MxDNkRU2pUqk18B +3/G5szghCSHCvmiCc7/y8hOZyanfbU71VI1P/CQ4g8Q +-> piv-p256 6CL/Pw AmvS4ErSMMakjmPgkc6uuAW93uB7dkmLzwIWLnfELyXc +0LzlaXihUe55n4gSERN2IyQvjBZ1sbBO/sg3QuLSiaQ +-> ssh-ed25519 I2EdxQ cwwjiEWrJhC3QlZxbCEGjVBPf3jlpjgroeDBzHh+NXQ +V9avgV8Fey4NRK1SYZNUThYncU7zfKU14U5EvQ2kasg +-> ssh-ed25519 J/iReg BbZPEVsU+QcuK+R7O/iyM5QynQ01ve5mpYOmGS7T/Qs +VN2037c3niLVO/wCpl2aJag5yoH04Xs5sFRwNgf9Szk +-> ssh-ed25519 GNhSGw LGM6jIDcmvJJjst+IZGZtIFqopu3VA5pJsX30LKh7BI +cHv8yBQWrrZGnfP+/iN5kboEQHR5fBCNWXkEED7f8vg +-> ssh-ed25519 eXMAtA RXk5YHqqh9G8XIlFcm1yFHjEN7yRQwjT3+OIAu7JHj4 +xNZVF7sCfEIGU6fFrPutCks7b+ZYrXXmPrmsm68Iqjc +-> ssh-ed25519 5hXocQ sCyqDVxD7B/hHT69Cwr+eI/kYI61Ea7fW974qrv9+hc +WyHRkS/KyupY1/REGTrOuVsCkAUgOZdZBDNU66fq3X4 +--- ySHYrP5bMWtiO3uer5Updjm5yAOeuX9fnUFKH4vwUSc + ">lJ!]@l)yCp>Ἑk'#h7|n aa*Mǻck2)o>LD>VOGIX/1c!QsMTS)dEuc>Ry(Z_ \ No newline at end of file diff --git a/secrets/restic/periodique/base-password.age b/secrets/restic/periodique/base-password.age index 466e931..395572e 100644 Binary files a/secrets/restic/periodique/base-password.age and b/secrets/restic/periodique/base-password.age differ diff --git a/secrets/restic/periodique/base-repo.age b/secrets/restic/periodique/base-repo.age index 141bc77..226fc0a 100644 Binary files a/secrets/restic/periodique/base-repo.age and b/secrets/restic/periodique/base-repo.age differ diff --git a/secrets/restic/redite/base-password.age b/secrets/restic/redite/base-password.age index bf42ca0..3da9a83 100644 Binary files a/secrets/restic/redite/base-password.age and b/secrets/restic/redite/base-password.age differ diff --git a/secrets/restic/redite/base-repo.age b/secrets/restic/redite/base-repo.age index 0d6a34d..3ffcc29 100644 --- a/secrets/restic/redite/base-repo.age +++ b/secrets/restic/redite/base-repo.age @@ -1,19 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 hTlmJA NN+fdIZAAYh+A7hFaWXYOxmemjlzS24WNa9qWIS8jQ8 -lhVBAvY+TWg1yAJcrgvphoOKB06ETLyH+DLLAO/32bw --> piv-p256 ewCc3w AtQ8DoBM3GwBCc+B70nQss2/lmirWJs845PrS6cyivYL -xrE8YMYKv7XTiMmu/Qh3W9j4KGkZIN61vnyBUbiRous --> piv-p256 6CL/Pw Ak6Zjws9g8YrtUPyVQpJxPOL2yhEo1izmu00ODWO/9bN -9g/dmEHdJTKg8cB3xQs5cSXQUz7TkXQM//SCA8qFgqU --> ssh-ed25519 I2EdxQ B1SaZxW/oOYTADdHLJ/CfE/ePpn5MauuQIV11P7ciWU -BCINmTI1TE7V5/9tIBUpHFBrzk5k5ycvrOFrmEGoHcw --> ssh-ed25519 J/iReg a93JQXzEH0rzZL9BzI9GWdm+vfIthZj9KmYe/xkM3x0 -BNLZmF4I/B7bNzZUQ7C1VYUiI6AXN7aLaQ4b5pS/Qpw --> ssh-ed25519 GNhSGw Z9bIU2D8d7oT6/k8AIUFk2GWlQ0kbpZIx6Mch6Zd9DU -ZWGrSOd/K5e0ZnFZvE8U4zLsBBKnTQUu6l+WAFrSIGA --> ssh-ed25519 eXMAtA 1ZPBxg7vVPdFl/I9Xgty8H8X0HliAQte0D5VrgRJYgs -onOuCxlv73SpBqIZarKbXzUJ/dERBHfPTy5EacFRToU --> ssh-ed25519 5hXocQ u/9fRCc+gz7Qo0020HYqkgeSk+joAGC9iRo1PpTTNWc -iFIduae61MdkkYBP42yf/59v8OySnNLXgypOS9Z+ib0 ---- 27DrzEcaoj5yEFstaty5e+q67L8kDi1hUN18k10kUAM -).M¦8-UH#c>SHF"I3-?cu?PssEB2SiU6z|-sBB-'rl~_glܦ# vdQuy4TPO \ No newline at end of file +-> ssh-ed25519 hTlmJA FwyYHqXJq8FnP/kKDOyZYMsEpOVVvdxcPka7dxH9TEg +hKPhAZz5/6DP1ugpv3bHOZrbSoVs0hpZSP8kycw0hds +-> piv-p256 ewCc3w A0NZ/VH4wQ07JGUjRnD2QU7VlrG4zMeVzHa7g46Av+jU +qCXVqCAtOikfPENz7RJpy0PTdTw1tAwusSWh1iDlVT0 +-> piv-p256 6CL/Pw Awzu5nbYg4GuVnEloOsPVwQ47BicdnAb4sS1mG+0w/Hg +CeDZkaghyrRT4Qokg6dTkDLrwND4mix7dhFgMEXzsRo +-> ssh-ed25519 I2EdxQ MrZNzDREuwEhfu7lU21VsJ02Q9orNM0TPB87viA78XM +NSlPC8lW9U2ppLIGySpmU0HJpemN+GUA74RBFhnhroY +-> ssh-ed25519 J/iReg ZWPGgqUI89NVHp7iLK37iRdwBGroJ0pDxI3ZMeIJ/Ak +PxJTCoNmF/c741FTeXYsjUjogf4/ZLZU56IoEKHX140 +-> ssh-ed25519 GNhSGw k4VJGNkwALEyUJfqoWNjm7gVS4EL1PDQtigjrJyKJ0Y +f35rY9JCJSiEkXEC8E9O2e8RqikKHL4WG91y+Q/0Dxw +-> ssh-ed25519 eXMAtA 4exKSkUZbK6IGNqms3oXHZjqxdanDxruBIWzlWkud18 +fikqarrrB2wEAS8b033Cp2QpAGxy1SGju6wcfcpgWPo +-> ssh-ed25519 5hXocQ A7y23nvH1k2eh9YhzkDfTX8BTsds6HJfTzEPgP7A10g +CXq+VQurL+CrAZKu9ycJp/iSz/S8CTP8F00OAhNzuwg +--- TZLMHnfF4+CThKdhjtmeSzB/66o6MEV6r4Fh5CzEkCA +j`3H1TCZ6/zR+qрȲÜ QFK׳8,oH,PDnfnTI\Yn +ﵖk +f M0Y`.\{ԍ%Ʋkp \ No newline at end of file diff --git a/secrets/restic/reverseproxy/base-password.age b/secrets/restic/reverseproxy/base-password.age new file mode 100644 index 0000000..297fd73 Binary files /dev/null and b/secrets/restic/reverseproxy/base-password.age differ diff --git a/secrets/restic/reverseproxy/base-repo.age b/secrets/restic/reverseproxy/base-repo.age new file mode 100644 index 0000000..6a068c8 Binary files /dev/null and b/secrets/restic/reverseproxy/base-repo.age differ diff --git a/secrets/restic/two/base-password.age b/secrets/restic/two/base-password.age index 8596242..4562140 100644 Binary files a/secrets/restic/two/base-password.age and b/secrets/restic/two/base-password.age differ diff --git a/secrets/restic/two/base-repo.age b/secrets/restic/two/base-repo.age index ca8fb65..8de1bb7 100644 --- a/secrets/restic/two/base-repo.age +++ b/secrets/restic/two/base-repo.age @@ -1,21 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 qeMkwQ /keb+Ra7ey8R57qBRtU5VNvXsUBGlP/D3xmu7ShrFi8 -0cLRMQ+nT3uZO59LHNNQLo8lmQsBWuyPEcsnGzSyaeo --> piv-p256 ewCc3w AiuuJefLgWkM5EzXWGAx0sAhGii/a4yXx1a0N62QpEEA -jC3Gph2c0qfsXdivztaOGxqwyH8YaDp8JNsBxYvxmAw --> piv-p256 6CL/Pw A3TNn97Bkf89T3gdh2nOVg8gGJS+YTdxMsT8x7MSwZU7 -sr4NvxEW9NYmROFwmgGSFAkEodrUTxCEX9YKhhzaI/w --> ssh-ed25519 I2EdxQ +Vw5lZB0bpthF5TkdHCsxhw+2VDh6Se7moPZn42R8gQ -w+hRvGIAehIRIuPzvGtZmSWPUxlmrJtRiq1Vphl/bfw --> ssh-ed25519 J/iReg XmBVKUHnA7HbC8eQHRg1Kw52dAYlkXmi3t8CfOVY+hk -lJTLuekWjOTY62hJNpi/fwlyRnWEi1jqGZRVFHbkYHY --> ssh-ed25519 GNhSGw vQvGrEIBipBdgoK2nFm+TygkTBwNrFybwwP7j0w9sA0 -/qQmQ2iB7zXPy0ZStN7cbTNoVdjHYtBjGiKt6Qvj9co --> ssh-ed25519 eXMAtA G4LmMcFCSHgu9nUKVoryCm1EAgw/8r/udi8ioP80D3E -AzFf/on9+O+xrx6CQNrt49kRw4M/9dLywhc7lKW+p4w --> ssh-ed25519 5hXocQ ZIdUDfleb27LFxg2t4d3LXtqE/wJ8Vbie0+fZDAnKWs -VUOTStUwbfFsgKiX5GEgxlYMnSHpXrq85UEC884y314 ---- bHL/tQMiSDfTBt6slaaOwE4r2ORKV0YuhUzqoC9Ea+g -B)b,} - 2( -ۃUc!} VjWPlk 2"sn T}j _d/%J,Tr%ͽrCEtD` IDO$0L \ No newline at end of file +-> ssh-ed25519 qeMkwQ Bi93rI91LBDaaY/yPJDhvx2Xz4Sc3N/QHCuaSIvY4H4 +SEm6Su5gjKvSF6vyl/M80LMS2+JuzllJ9h8R9LWyaK0 +-> piv-p256 ewCc3w AtUZadXsE0CuZPNJg+Rqbbh8cxna7+y2VGVa/lH/N7dh +O7V0wXiK0qncQ6bagJEgzWsUQ5i/K1nibxy97pmDgRc +-> piv-p256 6CL/Pw A0WY0KqpmfB91+nNKnda1hudfI0OHxGi+AEBSTyoYBg9 +l9aGu0kEMfK5g99UADmGN7v9T4c9VPOB2ucmoN+Lry8 +-> ssh-ed25519 I2EdxQ QcTXfmdoGtiGnnBsh8iA7BMhMGUdGz753VGTbnM81zg +HOAA19NC/kbQcpCvpBEhxZvIFQbJNlbW3SsC5D8er8A +-> ssh-ed25519 J/iReg rCs+36Az9gPC0z0bZOkY64kqAQLTRJNIGDPeeAsLLQo +E6i/Tio41CtWvQpwPjgVN+RLyHUb2StBsT65LMnSgTM +-> ssh-ed25519 GNhSGw 8iGHolR8qo6hHIVqLWtOGtrqQwk5lHT9hZA9MtW2vz4 +vPyPAHUkRWVRr1oZ8kzR5Tu2d6Q16hpjPajv5TxJEOU +-> ssh-ed25519 eXMAtA l6mcO5XxwwQaTrfwd32ANLFma+GlwFbqlBNo+sI7/jo +VwjyfbUz//5bbDfCsTy9azFspvykY1+am2TDbajulJU +-> ssh-ed25519 5hXocQ VGfJz+xp5kUTIGLNKE3p4bneECJ8lhETRxZoYq/MaX4 +apxhOfB0uEWMtEoT7oSfWkN66swG0XuN/eK1hWPd6p8 +--- hEoLlgb5t9ASMlVBOu4/QoBBRr5551YqDw5C3vQJ6C8 +5G3M&4sS='N]?ZU:|/?9XǣH~yRz0Q/7ʀwV+ɢ\(cޥ7>}'1Sg5g&ij> \ No newline at end of file diff --git a/secrets/restic/vaultwarden/base-password.age b/secrets/restic/vaultwarden/base-password.age index 34cd486..cb0999a 100644 Binary files a/secrets/restic/vaultwarden/base-password.age and b/secrets/restic/vaultwarden/base-password.age differ diff --git a/secrets/restic/vaultwarden/base-repo.age b/secrets/restic/vaultwarden/base-repo.age index c3c14ab..885f483 100644 Binary files a/secrets/restic/vaultwarden/base-repo.age and b/secrets/restic/vaultwarden/base-repo.age differ diff --git a/secrets/vaultwarden/env.age b/secrets/vaultwarden/env.age index fb105b1..a74fe04 100644 Binary files a/secrets/vaultwarden/env.age and b/secrets/vaultwarden/env.age differ