From 31e7762cfd270d7fa2eaaf5aae7bd8c457e18f42 Mon Sep 17 00:00:00 2001 From: lzebulon Date: Sun, 8 Jun 2025 17:41:45 +0200 Subject: [PATCH 01/37] add a gitlab-ci --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..f68151e --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,10 @@ +image: nixos/nix:latest + +before_script: + - echo "experimental-features= nix-command flakes" >> /etc/nix/nix.conf + - nix-daemon & + +nix-flake-check: + stage: test + script: + - nix flake check From 7637667ed7fc1057e878c8ec5ec4cb198223b882 Mon Sep 17 00:00:00 2001 From: lzebulon Date: Sun, 8 Jun 2025 17:47:52 +0200 Subject: [PATCH 02/37] fix typo --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f68151e..2c0db60 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ image: nixos/nix:latest before_script: - - echo "experimental-features= nix-command flakes" >> /etc/nix/nix.conf + - echo "extra-experimental-features = nix-command flakes" >> /etc/nix/nix.conf - nix-daemon & nix-flake-check: From 7d0b47ab3d1c0d811667afec03b44abf6bd3cbfd Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 14 Jun 2025 15:37:13 +0200 Subject: [PATCH 03/37] accepte que jitsi a libolm --- modules/services/jitsi.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/services/jitsi.nix b/modules/services/jitsi.nix index 7490187..1356890 100644 --- a/modules/services/jitsi.nix +++ b/modules/services/jitsi.nix @@ -1,12 +1,19 @@ -{...}: +{ ... }: { + # il y a une faille de secu mais c'est pas exploitable + # libolm : https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802 + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + ]; + + services.jitsi-meet = { enable = true; hostName = "jitsi.crans.org"; config = { # vient de l'ancienne config liveStreamingEnable = true - liveStreaming.enabled = true; + liveStreaming.enabled = true; }; }; @@ -25,7 +32,7 @@ config = { xmpp = { - trusted-domains = ["recoder.jitsi.crans.org"]; + trusted-domains = [ "recoder.jitsi.crans.org" ]; }; }; }; @@ -33,5 +40,5 @@ services.prometheus.exporters.jitsi = { enable = true; }; - + } From ab20269f92885bb5628e5de27c5ae2ec59280fb1 Mon Sep 17 00:00:00 2001 From: lzebulon Date: Sat, 14 Jun 2025 16:14:59 +0200 Subject: [PATCH 04/37] fix add longer timeout --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2c0db60..ccfac76 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,7 @@ before_script: - nix-daemon & nix-flake-check: + timeout: 1h stage: test script: - nix flake check From cedff82836ace55ce6e8bfebb3dfe135661e0948 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 8 Jun 2025 15:53:33 +0200 Subject: [PATCH 05/37] Factorisation en un module crans --- flake.nix | 15 +- hosts/physiques/thot/default.nix | 7 + hosts/vm/apprentix/default.nix | 28 ++-- hosts/vm/apprentix/networking.nix | 65 --------- hosts/vm/jitsi/default.nix | 14 +- hosts/vm/jitsi/networking.nix | 53 ------- hosts/vm/livre/default.nix | 11 +- hosts/vm/livre/networking.nix | 53 ------- hosts/vm/neo/default.nix | 14 +- hosts/vm/neo/networking.nix | 62 -------- hosts/vm/redite/default.nix | 11 +- hosts/vm/redite/networking.nix | 65 --------- hosts/vm/two/default.nix | 15 +- hosts/vm/two/networking.nix | 65 --------- hosts/vm/vaultwarden/default.nix | 11 +- hosts/vm/vaultwarden/networking.nix | 53 ------- modules/crans/default.nix | 49 ++++--- modules/crans/home.nix | 21 +-- modules/crans/monitoring.nix | 49 +++++-- modules/crans/networking.nix | 218 +++++++++++++++++++++++++++- modules/crans/packages.nix | 21 +++ modules/crans/restic_client.nix | 94 ++++++++---- modules/crans/ssh.nix | 11 ++ modules/crans/users.nix | 101 ++++++++----- modules/crans/virtualisation.nix | 6 + modules/default.nix | 23 ++- modules/services/default.nix | 5 + 27 files changed, 566 insertions(+), 574 deletions(-) delete mode 100644 hosts/vm/apprentix/networking.nix delete mode 100644 hosts/vm/jitsi/networking.nix delete mode 100644 hosts/vm/livre/networking.nix delete mode 100644 hosts/vm/neo/networking.nix delete mode 100644 hosts/vm/redite/networking.nix delete mode 100644 hosts/vm/two/networking.nix delete mode 100644 hosts/vm/vaultwarden/networking.nix create mode 100644 modules/crans/packages.nix create mode 100644 modules/crans/ssh.nix create mode 100644 modules/crans/virtualisation.nix create mode 100644 modules/services/default.nix diff --git a/flake.nix b/flake.nix index e4d64c4..5ae51e2 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,10 @@ flake = with nixpkgs.lib; { nixosConfigurations = let - baseModules = [ agenix.nixosModules.default ]; + baseModules = [ + ./modules + agenix.nixosModules.default + ]; in { apprentix = nixosSystem { @@ -71,12 +74,12 @@ specialArgs = inputs; modules = [ ./hosts/vm/two ] ++ baseModules; }; - - vaultwarden = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/vaultwarden ] ++ baseModules; + + vaultwarden = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/vaultwarden ] ++ baseModules; + }; }; - }; }; perSystem = diff --git a/hosts/physiques/thot/default.nix b/hosts/physiques/thot/default.nix index ed4cee3..6caac2d 100644 --- a/hosts/physiques/thot/default.nix +++ b/hosts/physiques/thot/default.nix @@ -39,5 +39,12 @@ restic ]; + crans = { + enable = true; + + networking.adm.enable = false; + resticClient.enable = false; + }; + system.stateVersion = "24.05"; } diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix index 945f8e0..6feeef0 100644 --- a/hosts/vm/apprentix/default.nix +++ b/hosts/vm/apprentix/default.nix @@ -1,17 +1,27 @@ -{ config, lib, ... }: +{ ... }: { imports = [ ./hardware-configuration.nix - ./networking.nix - - ../../../modules ]; boot.loader.grub.devices = [ "/dev/sda" ]; networking.hostName = "apprentix"; + crans = { + enable = true; + + networking = { + id = 50; + srvNat.enable = true; + }; + + homeNounou.enable = false; + + users.root.passwordFile = ../../../secrets/apprentix/root.age; + }; + security.sudo.extraRules = [ { groups = [ "_user" ]; @@ -19,15 +29,5 @@ } ]; - age.secrets = { - root-passwd-hash.file = ../../../secrets/apprentix/root.age; - }; - - users.users.root = { - hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - }; - - crans.home_nounou.enable = false; - system.stateVersion = "24.11"; } diff --git a/hosts/vm/apprentix/networking.nix b/hosts/vm/apprentix/networking.nix deleted file mode 100644 index 548d59a..0000000 --- a/hosts/vm/apprentix/networking.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [ - { - address = "172.16.10.150"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "fd00::10:0:ff:fe01:5010"; - prefixLength = 64; - } - ]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [ - { - address = "172.16.3.150"; - prefixLength = 24; - } - ]; - routes = [ - { - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "2a0c:700:3::ff:fe01:5003"; - prefixLength = 64; - } - ]; - routes = [ - { - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - } - ]; - }; - - }; - }; - }; -} diff --git a/hosts/vm/jitsi/default.nix b/hosts/vm/jitsi/default.nix index 51e86f3..db3f4f1 100644 --- a/hosts/vm/jitsi/default.nix +++ b/hosts/vm/jitsi/default.nix @@ -3,9 +3,7 @@ { imports = [ ./hardware-configuration.nix - ./networking.nix - ../../../modules ../../../modules/services/jitsi.nix ../../../modules/services/acme.nix ]; @@ -13,5 +11,17 @@ networking.hostName = "jitsi"; boot.loader.grub.devices = [ "/dev/vda" ]; + crans = { + enable = true; + + networking = { + id = 63; + srv = { + enable = true; + ipv4 = "185.230.79.15"; + }; + }; + }; + system.stateVersion = "24.11"; } diff --git a/hosts/vm/jitsi/networking.nix b/hosts/vm/jitsi/networking.nix deleted file mode 100644 index 4a18bf0..0000000 --- a/hosts/vm/jitsi/networking.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [{ - address = "172.16.10.163"; - prefixLength = 24; - }]; - }; - - ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:6310"; - prefixLength = 64; - }]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [{ - address = "185.230.79.15"; - prefixLength = 26; - }]; - routes = [{ - address = "0.0.0.0"; - via = "185.230.79.62"; - prefixLength = 0; - }]; - }; - - ipv6 = { - addresses = [{ - address = "2a0c:700:2::ff:fe01:6302"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:2::ff:fe00:9902"; - prefixLength = 0; - }]; - }; - - }; - }; - }; -} diff --git a/hosts/vm/livre/default.nix b/hosts/vm/livre/default.nix index 19e40b1..bdee797 100644 --- a/hosts/vm/livre/default.nix +++ b/hosts/vm/livre/default.nix @@ -3,9 +3,7 @@ { imports = [ ./hardware-configuration.nix - ./networking.nix - ../../../modules ../../../modules/services/nginx.nix ../../../modules/services/stirling.nix ]; @@ -13,6 +11,15 @@ networking.hostName = "livre"; boot.loader.grub.devices = [ "/dev/sda" ]; + crans = { + enable = true; + + networking = { + id = 40; + srvNat.enable = true; + }; + }; + services.nginx.virtualHosts = { "pdf.crans.org" = { locations."/" = { diff --git a/hosts/vm/livre/networking.nix b/hosts/vm/livre/networking.nix deleted file mode 100644 index ae7302c..0000000 --- a/hosts/vm/livre/networking.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [{ - address = "172.16.10.140"; - prefixLength = 24; - }]; - }; - - ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:4010"; - prefixLength = 64; - }]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [{ - address = "172.16.3.140"; - prefixLength = 24; - }]; - routes = [{ - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - }]; - }; - - ipv6 = { - addresses = [{ - address = "2a0c:700:3::ff:fe01:4003"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - }]; - }; - - }; - }; - }; -} diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index 5b51a68..5b7ff25 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -3,9 +3,7 @@ { imports = [ ./hardware-configuration.nix - ./networking.nix - ../../../modules ../../../modules/services/matrix.nix ../../../modules/services/synapse-admin.nix ]; @@ -14,5 +12,17 @@ networking.hostName = "neo"; + crans = { + enable = true; + + networking = { + id = 41; + srv = { + enable = true; + ipv4 = "185.230.79.5"; + }; + }; + }; + system.stateVersion = "24.11"; } diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix deleted file mode 100644 index 363ead7..0000000 --- a/hosts/vm/neo/networking.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - ipv4 = { - addresses = [ - { - address = "172.16.10.141"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "fd00::10:0:ff:fe01:4110"; - prefixLength = 64; - } - ]; - }; - }; - - ens19 = { - ipv4 = { - addresses = [ - { - address = "185.230.79.5"; - prefixLength = 26; - } - ]; - routes = [ - { - address = "0.0.0.0"; - via = "185.230.79.62"; - prefixLength = 0; - } - ]; - }; - ipv6 = { - addresses = [ - { - address = "2a0c:700:2::ff:fe01:4102"; - prefixLength = 64; - } - ]; - routes = [{ - address = "::"; - via = "2a0c:700:2::ff:fe00:9902"; - prefixLength = 0; - }]; - }; - }; - }; - - firewall = { - enable = true; - }; - }; -} diff --git a/hosts/vm/redite/default.nix b/hosts/vm/redite/default.nix index 4921d62..12a85a3 100644 --- a/hosts/vm/redite/default.nix +++ b/hosts/vm/redite/default.nix @@ -3,14 +3,21 @@ { imports = [ ./hardware-configuration.nix - ./networking.nix - ../../../modules ../../../modules/services/libreddit.nix ]; networking.hostName = "redite"; boot.loader.grub.devices = [ "/dev/sda" ]; + crans = { + enable = true; + + networking = { + id = 39; + srvNat.enable = true; + }; + }; + system.stateVersion = "23.11"; } diff --git a/hosts/vm/redite/networking.nix b/hosts/vm/redite/networking.nix deleted file mode 100644 index 8ec9ca3..0000000 --- a/hosts/vm/redite/networking.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [ - { - address = "172.16.10.139"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "fd00::10:0:ff:fe01:3910"; - prefixLength = 64; - } - ]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [ - { - address = "172.16.3.139"; - prefixLength = 24; - } - ]; - routes = [ - { - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "2a0c:700:3::ff:fe01:3903"; - prefixLength = 64; - } - ]; - routes = [ - { - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - } - ]; - }; - - }; - }; - }; -} diff --git a/hosts/vm/two/default.nix b/hosts/vm/two/default.nix index a2f6c54..c1758e0 100644 --- a/hosts/vm/two/default.nix +++ b/hosts/vm/two/default.nix @@ -3,13 +3,22 @@ { imports = [ ./hardware-configuration.nix - ./networking.nix - - ../../../modules ]; networking.hostName = "two"; boot.loader.grub.devices = [ "/dev/sda" ]; + crans = { + enable = true; + + networking = { + id = 35; + srvNat = { + enable = true; + interface = "ens19"; + }; + }; + }; + system.stateVersion = "23.11"; } diff --git a/hosts/vm/two/networking.nix b/hosts/vm/two/networking.nix deleted file mode 100644 index 1840458..0000000 --- a/hosts/vm/two/networking.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [ - { - address = "172.16.10.135"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "fd00::10:0:ff:fe01:3510"; - prefixLength = 64; - } - ]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [ - { - address = "172.16.3.135"; - prefixLength = 24; - } - ]; - routes = [ - { - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "2a0c:700:3::ff:fe01:3503"; - prefixLength = 64; - } - ]; - routes = [ - { - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - } - ]; - }; - - }; - }; - }; -} diff --git a/hosts/vm/vaultwarden/default.nix b/hosts/vm/vaultwarden/default.nix index 18e2c6e..e231698 100644 --- a/hosts/vm/vaultwarden/default.nix +++ b/hosts/vm/vaultwarden/default.nix @@ -3,14 +3,21 @@ { imports = [ ./hardware-configuration.nix - ./networking.nix - ../../../modules ../../../modules/services/vaultwarden.nix ]; networking.hostName = "vaultwarden"; boot.loader.grub.devices = [ "/dev/sda" ]; + crans = { + enable = true; + + networking = { + id = 59; + srvNat.enable = true; + }; + }; + system.stateVersion = "24.05"; } diff --git a/hosts/vm/vaultwarden/networking.nix b/hosts/vm/vaultwarden/networking.nix deleted file mode 100644 index 5e870b4..0000000 --- a/hosts/vm/vaultwarden/networking.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [{ - address = "172.16.10.159"; - prefixLength = 24; - }]; - }; - - ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:5910"; - prefixLength = 64; - }]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [{ - address = "172.16.3.159"; - prefixLength = 24; - }]; - routes = [{ - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - }]; - }; - - ipv6 = { - addresses = [{ - address = "2a0c:700:3::ff:fe01:5903"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - }]; - }; - - }; - }; - }; -} diff --git a/modules/crans/default.nix b/modules/crans/default.nix index a86b3ca..cac4a63 100644 --- a/modules/crans/default.nix +++ b/modules/crans/default.nix @@ -1,5 +1,10 @@ -{ pkgs, ... }: +{ lib, config, ... }: +let + cfg = config.crans; + + inherit (lib) mkEnableOption mkIf; +in { imports = [ ./age.nix @@ -10,32 +15,28 @@ ./restic_client.nix ./monitoring.nix ./nullmailer.nix + ./packages.nix + ./ssh.nix ./users.nix + ./virtualisation.nix ]; - services.qemuGuest.enable = true; - boot.kernelParams = [ "console=ttyS0,115200" ]; - - services.openssh = { - enable = true; + options.crans = { + enable = mkEnableOption "Configuration commune à toutes les machines du Crans"; }; - nixpkgs.config.allowUnfree = true; - - # Enable some utility programs. - programs.git.enable = true; - programs.htop.enable = true; - programs.neovim.enable = true; - programs.screen.enable = true; - programs.tmux.enable = true; - programs.vim.enable = true; - - environment.systemPackages = with pkgs; [ - bat - fd - helix - nfs-utils - ripgrep - shelldap - ]; + config = mkIf cfg.enable { + crans = { + homeNounou.enable = lib.mkDefault true; + monitoring.enable = true; + networking = { + enable = true; + adm.enable = lib.mkDefault true; + }; + resticClient.enable = lib.mkDefault true; + users = { + ldap.enable = true; + }; + }; + }; } diff --git a/modules/crans/home.nix b/modules/crans/home.nix index 0ae6c23..e95fbed 100644 --- a/modules/crans/home.nix +++ b/modules/crans/home.nix @@ -1,24 +1,17 @@ -{ - pkgs, - lib, - config, - ... -}: +{ lib, config, ... }: let - cfg = config.crans.home_nounou; + cfg = config.crans.homeNounou; + + inherit (lib) mkEnableOption mkIf; in { - options.crans.home_nounou = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Monter les home nounous"; - }; + options.crans.homeNounou = { + enable = mkEnableOption "Monter /home_nounou."; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { fileSystems.home_nounou = { mountPoint = "/home_nounou"; device = "172.16.10.1:/pool/home"; diff --git a/modules/crans/monitoring.nix b/modules/crans/monitoring.nix index bea4865..18862cf 100644 --- a/modules/crans/monitoring.nix +++ b/modules/crans/monitoring.nix @@ -1,17 +1,44 @@ -{ config, ... }: -{ - services.prometheus.exporters = { - node = { - enable = true; - port = 9100; +{ config, lib, ... }: - openFirewall = true; - }; +let + cfg = config.crans.monitoring; + + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; +in + +{ + options.crans.monitoring = { + enable = mkEnableOption "Monitoring prometheus de la machine."; nginx = { - enable = config.services.nginx.enable; - port = 9117; - scrapeUri = "http://[::1]:6424/stub_status"; + enable = mkOption { + type = types.bool; + default = config.services.nginx.enable; + example = true; + description = "Monitoring de Nginx par prometheus."; + }; + }; + }; + + config = mkIf cfg.enable { + services.prometheus.exporters = { + node = { + enable = true; + port = 9100; + + openFirewall = true; + }; + + nginx = { + enable = cfg.nginx.enable; + port = 9117; + scrapeUri = "http://[::1]:6424/stub_status"; + }; }; }; } diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 1e3644b..4d9a1e8 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -1,10 +1,216 @@ -{ lib, ... }: +{ lib, config, ... }: + +let + cfg = config.crans.networking; + + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; +in { - # Les interfaces ne sont pas déclarées ici : elles sont propres à chaque VM. - networking = { - useDHCP = false; - firewall.enable = lib.mkDefault false; - nameservers = [ "172.16.10.128" ]; + options.crans.networking = { + enable = mkEnableOption "Configuration réseaux commune à toutes les machines du Crans."; + + id = mkOption { + type = types.int; + example = "35"; + description = "Le numéro de la VM dans Proxmox (sans le `1` devant)."; + }; + + adm = { + enable = mkEnableOption "Configuration du VLAN adm."; + + interface = mkOption { + type = types.str; + default = "ens18"; + example = "ens20"; + description = "Nom de l'interface réseau sur laquelle est située le VLAN adm."; + }; + }; + + srv = { + enable = mkEnableOption "Configuration du VLAN srv."; + + interface = mkOption { + type = types.str; + default = "ens18"; + example = "ens19"; + description = "Nom de l'interface réseau sur laquelle est située le VLAN srv."; + }; + + ipv4 = mkOption { + type = types.str; + example = "185.230.79.1"; + description = "Adresse IPv4 de la machine."; + }; + }; + + srvNat = { + enable = mkEnableOption "Configuration du VLAN srv-nat."; + + interface = mkOption { + type = types.str; + default = "ens19"; + example = "ens20"; + description = "Nom de l'interface réseau sur laquelle est située le VLAN srv-nat."; + }; + }; + + san = { + enable = mkEnableOption "Configuration du VLAN san."; + + interface = mkOption { + type = types.str; + example = "ens19"; + description = "Nom de l'interface réseau sur laquelle est située le VLAN san."; + }; + }; + }; + + config = mkIf cfg.enable { + networking = + { + useDHCP = false; + firewall.enable = lib.mkDefault false; + nameservers = [ "172.16.10.128" ]; + } + // + # Configuration du VLAN adm + ( + if cfg.adm.enable then + { + interfaces."${cfg.adm.interface}" = { + ipv4.addresses = [ + { + address = "172.16.10.1${toString cfg.id}"; + prefixLength = 24; + } + ]; + + ipv6.addresses = [ + { + address = "fd00::10:0:ff:fe01:${toString cfg.id}10"; + prefixLength = 64; + } + ]; + }; + } + else + { } + ) + // + # Configuration du VLAN srv + ( + if cfg.srv.enable then + { + firewall.enable = true; + + interfaces."${cfg.srv.interface}" = { + ipv4 = { + addresses = [ + { + address = cfg.srv.ipv4; + prefixLength = 26; + } + ]; + routes = [ + { + address = "0.0.0.0"; + via = "185.230.79.62"; + prefixLength = 0; + } + ]; + }; + ipv6 = { + addresses = [ + { + address = "2a0c:700:2::ff::fe01:${toString cfg.id}02"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "2a0c:700:2::ff:fe00:9902"; + prefixLength = 0; + } + ]; + }; + }; + } + else + { } + ) + + // + # Configuration du VLAN srv-nat + ( + if cfg.srvNat.enable then + { + interfaces."${cfg.srvNat.interface}" = { + ipv4 = { + addresses = [ + { + address = "172.16.3.1${toString cfg.id}"; + prefixLength = 24; + } + ]; + routes = [ + { + address = "0.0.0.0"; + via = "172.16.3.99"; + prefixLength = 0; + } + ]; + }; + + ipv6 = { + addresses = [ + { + address = "2a0c:700:3::ff:fe01:${toString cfg.id}03"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "2a0c:700:3::ff:fe00:9903"; + prefixLength = 0; + } + ]; + }; + }; + } + else + { } + ) + // + # Configuration du VLAN san + ( + if cfg.san.enable then + { + interfaces."${cfg.san.interface}" = { + ipv4.addresses = [ + { + address = "172.16.4.1${toString cfg.id}"; + prefixLength = 24; + } + ]; + + ipv6.addresses = [ + { + address = "fd00::4:0:ff:fe01:${toString cfg.id}10"; + prefixLength = 64; + } + ]; + }; + } + else + { } + ); }; } diff --git a/modules/crans/packages.nix b/modules/crans/packages.nix new file mode 100644 index 0000000..1f2d4cd --- /dev/null +++ b/modules/crans/packages.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +{ + programs.git.enable = true; + programs.htop.enable = true; + programs.neovim.enable = true; + programs.screen.enable = true; + programs.tmux.enable = true; + programs.vim.enable = true; + + environment.systemPackages = with pkgs; [ + bat + coreutils-full + fd + helix + inetutils + nfs-utils + ripgrep + shelldap + ]; +} diff --git a/modules/crans/restic_client.nix b/modules/crans/restic_client.nix index d99c252..920c2ec 100644 --- a/modules/crans/restic_client.nix +++ b/modules/crans/restic_client.nix @@ -1,36 +1,74 @@ -{ config, ... }: +{ config, lib, ... }: + +let + cfg = config.crans.resticClient; + + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; +in { - age.secrets = { - restic-base-env.file = ../../secrets/restic/client_env.age; - restic-base-repo.file = ../../secrets/restic/${config.networking.hostName}/base-repo.age; - restic-base-password.file = ../../secrets/restic/${config.networking.hostName}/base-password.age; + options.crans.resticClient = { + enable = mkEnableOption "Configuration générale pour le client restic."; + + additionalPaths = mkOption { + type = types.listOf types.path; + default = [ ]; + example = [ "/backup" ]; + description = "Chemins à backuper en plus de ceux par défaut."; + }; + + additionalExcludes = mkOption { + type = types.listOf types.path; + default = [ ]; + example = [ "/var/lib//cache" ]; + description = "Chemins à exclure des backups en plus de ceux par défaut."; + }; + + when = mkOption { + type = types.str; + default = "00:00"; + example = "05:42"; + description = "À quelle heure faire les backups."; + }; }; - services.restic.backups = { - base = { - exclude = [ - "/var/cache" - "/var/lib/lxcfs" - ]; - initialize = true; - passwordFile = config.age.secrets.restic-base-password.path; - repositoryFile = config.age.secrets.restic-base-repo.path; - environmentFile = config.age.secrets.restic-base-env.path; - paths = [ - "/etc" - "/var" - ]; - timerConfig = { - OnCalendar = "00:00"; - RandomizedDelaySec = "6h"; + config = mkIf cfg.enable { + age.secrets = { + restic-base-env.file = ../../secrets/restic/client_env.age; + restic-base-repo.file = ../../secrets/restic/${config.networking.hostName}/base-repo.age; + restic-base-password.file = ../../secrets/restic/${config.networking.hostName}/base-password.age; + }; + + services.restic.backups = { + base = { + initialize = true; + passwordFile = config.age.secrets.restic-base-password.path; + repositoryFile = config.age.secrets.restic-base-repo.path; + environmentFile = config.age.secrets.restic-base-env.path; + paths = [ + "/etc" + "/var" + ] ++ cfg.additionalPaths; + exclude = [ + "/var/cache" + "/var/lib/lxcfs" + ] ++ cfg.additionalExcludes; + timerConfig = { + OnCalendar = cfg.when; + RandomizedDelaySec = "6h"; + }; + pruneOpts = [ + "--keep-daily 2" + "--keep-weekly 2" + "--keep-monthly 2" + "--keep-yearly 1" + ]; }; - pruneOpts = [ - "--keep-daily 2" - "--keep-weekly 2" - "--keep-monthly 2" - "--keep-yearly 1" - ]; }; }; } diff --git a/modules/crans/ssh.nix b/modules/crans/ssh.nix new file mode 100644 index 0000000..3bea073 --- /dev/null +++ b/modules/crans/ssh.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + services.openssh = { + enable = true; + + settings = { + PermitRootLogin = "yes"; + }; + }; +} diff --git a/modules/crans/users.nix b/modules/crans/users.nix index 1425d94..68e27e4 100644 --- a/modules/crans/users.nix +++ b/modules/crans/users.nix @@ -1,50 +1,75 @@ { config, lib, ... }: -{ - users = { - mutableUsers = false; +let + cfg = config.crans.users; + inherit (lib) + mkEnableOption + mkOption + types + ; +in + +{ + options.crans.users = { ldap = { - enable = true; - base = "dc=crans,dc=org"; - server = "ldaps://ldap-adm.adm.crans.org/"; - daemon = { - enable = true; - extraConfig = '' - ldap_version 3 - tls_reqcert allow - map passwd loginShell /run/current-system/sw/bin/bash - ''; + enable = mkEnableOption "Authentification par le LDAP adm."; + }; + + root = { + passwordFile = mkOption { + type = types.path; + default = ../../secrets/common/root.age; + example = ../../secrets/apprentix/root.age; + description = "Fichier chiffré par age contenant le mot de passe root."; }; }; }; - security.sudo = { - enable = true; - extraConfig = '' - Defaults passprompt_override - Defaults passprompt="[sudo] mot de passe pour %p sur %h: " - ''; - extraRules = [ - { - groups = [ "_user" ]; - runAs = "root:ALL"; - commands = [ "NOPASSWD:/usr/bin/qm list" ]; - } - { - groups = [ "_nounou" ]; - commands = [ "ALL" ]; - } - ]; - }; + config = { + age.secrets.root-passwd-hash = { + file = cfg.root.passwordFile; + }; - age.secrets.root-passwd-hash = { - file = lib.mkDefault ../../secrets/common/root.age; - }; + users = { + mutableUsers = false; - users.users.root = { - hashedPasswordFile = lib.mkDefault config.age.secrets.root-passwd-hash.path; - }; + users.root = { + hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + }; - services.openssh.settings.PermitRootLogin = "yes"; + ldap = { + enable = cfg.ldap.enable; + base = "dc=crans,dc=org"; + server = "ldaps://ldap-adm.adm.crans.org/"; + daemon = { + enable = true; + extraConfig = '' + ldap_version 3 + tls_reqcert allow + map passwd loginShell /run/current-system/sw/bin/bash + ''; + }; + }; + }; + + security.sudo = { + enable = true; + extraConfig = '' + Defaults passprompt_override + Defaults passprompt="[sudo] mot de passe pour %p sur %h: " + ''; + extraRules = [ + { + groups = [ "_user" ]; + runAs = "root:ALL"; + commands = [ "NOPASSWD:/usr/bin/qm list" ]; + } + { + groups = [ "_nounou" ]; + commands = [ "ALL" ]; + } + ]; + }; + }; } diff --git a/modules/crans/virtualisation.nix b/modules/crans/virtualisation.nix new file mode 100644 index 0000000..7018e4a --- /dev/null +++ b/modules/crans/virtualisation.nix @@ -0,0 +1,6 @@ +{ ... }: + +{ + services.qemuGuest.enable = true; + boot.kernelParams = [ "console=ttyS0,115200" ]; +} diff --git a/modules/default.nix b/modules/default.nix index 1515e9b..6a72322 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -3,10 +3,25 @@ { imports = [ ./crans + ./services ]; - nix.settings.experimental-features = [ - "flakes" - "nix-command" - ]; + nix = { + settings = { + experimental-features = [ + "flakes" + "nix-command" + ]; + auto-optimise-store = true; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + }; + + boot.tmp = { + useTmpfs = true; + cleanOnBoot = true; + }; } diff --git a/modules/services/default.nix b/modules/services/default.nix new file mode 100644 index 0000000..d8147ea --- /dev/null +++ b/modules/services/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + +} From 2136a2a1b205cfbeea6c914a691b856063efd36a Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 8 Jun 2025 17:02:08 +0200 Subject: [PATCH 06/37] Simplification de secrets.nix --- secrets.nix | 119 +++++++++++++++-------------------- secrets/acme/.gitkeep | 0 secrets/apprentix/.gitkeep | 0 secrets/cephiroth/.gitkeep | 0 secrets/common/.gitkeep | 0 secrets/jitsi/.gitkeep | 0 secrets/livre/.gitkeep | 0 secrets/neo/.gitkeep | 0 secrets/redite/.gitkeep | 0 secrets/restic/.gitkeep | 0 secrets/thot/.gitkeep | 0 secrets/two/.gitkeep | 0 secrets/vaultwarden/.gitkeep | 0 13 files changed, 51 insertions(+), 68 deletions(-) create mode 100644 secrets/acme/.gitkeep create mode 100644 secrets/apprentix/.gitkeep create mode 100644 secrets/cephiroth/.gitkeep create mode 100644 secrets/common/.gitkeep create mode 100644 secrets/jitsi/.gitkeep create mode 100644 secrets/livre/.gitkeep create mode 100644 secrets/neo/.gitkeep create mode 100644 secrets/redite/.gitkeep create mode 100644 secrets/restic/.gitkeep create mode 100644 secrets/thot/.gitkeep create mode 100644 secrets/two/.gitkeep create mode 100644 secrets/vaultwarden/.gitkeep diff --git a/secrets.nix b/secrets.nix index b2665f4..7957792 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,4 +1,11 @@ let + inherit (import { }) lib; + inherit (lib) + attrsets + filesystem + lists + path + ; # Nounous aeltheos_0 = "age1yubikey1qvn7t9hplvnr2w8nsfezfqudz8gq3v8sq99dkdpzmm4a74rng5qgz4v6wzt"; @@ -21,80 +28,52 @@ let # Machines - apprentix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCJV6jqQWEYuwi+OJ9r/4TbBN/cK9NvYWNiJhpFzcc7 root@apprentix"; - cephiroth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsBGkhiu6l3jeo15cQHMu3dPyL025zXPV2ZH02EDYEt root@nixos"; - jitsi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6jVMIZ5y2oXX9HOkw7r5UUjw95MlFaFuu7FnEC0Q8z root@jitsi"; - livre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVfKNokHG6ig32hhQxTep+fKFmKahlDClPrX/dP4/gb root@livre"; - neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGfSvxqC2PJYRrxJaivVDujwlwCZ6AwH8hOSA9ktZ1V root@neo"; - redite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwfVmR3NjZf6qkDlTSiyo39Up5nSNUVW7jYDWXrY8Xr root@redite"; - thot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKNg1b8ft1L55+joXQ/7Dt2QTOdkea8opTEnq4xrhPU root@thot"; - two = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpaGf8A+XWXBdNrs69RiC0qPbjPHdtkl31OjxrktmF6 root@nixos"; - vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICn6vfDlsZVU6TEWg9vTgq9+Fp3irHjytBTky7A4ErRM root@vaultwarden"; - hosts = { - inherit - apprentix - cephiroth - jitsi - livre - neo - redite - thot - two - vaultwarden - ; + apprentix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCJV6jqQWEYuwi+OJ9r/4TbBN/cK9NvYWNiJhpFzcc7 root@apprentix"; + cephiroth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsBGkhiu6l3jeo15cQHMu3dPyL025zXPV2ZH02EDYEt root@nixos"; + jitsi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6jVMIZ5y2oXX9HOkw7r5UUjw95MlFaFuu7FnEC0Q8z root@jitsi"; + livre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVfKNokHG6ig32hhQxTep+fKFmKahlDClPrX/dP4/gb root@livre"; + neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGfSvxqC2PJYRrxJaivVDujwlwCZ6AwH8hOSA9ktZ1V root@neo"; + redite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwfVmR3NjZf6qkDlTSiyo39Up5nSNUVW7jYDWXrY8Xr root@redite"; + thot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKNg1b8ft1L55+joXQ/7Dt2QTOdkea8opTEnq4xrhPU root@thot"; + two = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpaGf8A+XWXBdNrs69RiC0qPbjPHdtkl31OjxrktmF6 root@nixos"; + vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICn6vfDlsZVU6TEWg9vTgq9+Fp3irHjytBTky7A4ErRM root@vaultwarden"; }; - hostnames = [ - "apprentix" - "cephiroth" - "jitsi" - "livre" - "neo" - "redite" - "thot" - "two" - "vaultwarden" - ]; + hostnames = attrsets.mapAttrsToList (host: _: host) hosts; # Groupes - all = [ - apprentix - cephiroth - jitsi - livre - neo - thot - two - vaultwarden - ]; + all = attrsets.mapAttrsToList (_: key: key) hosts; acme = [ - jitsi - neo + hosts.jitsi + hosts.neo ]; - # Secrets - - commonSecrets = [ "restic/client_env" ]; - - acmeSecrets = [ "acme/env" ]; - # Fonctions utilitaires - remove = el: list: builtins.filter (x: el != x) list; + listFilesRelative = dir: map (p: path.removePrefix ./. p) (filesystem.listFilesRecursive dir); genAttrs = paths: groups: - builtins.foldl' ( - acc: secret: acc // { "secrets/${secret}.age".publicKeys = groups ++ nounous; } - ) { } paths; + builtins.foldl' (acc: secret: acc // { "${secret}".publicKeys = groups ++ nounous; }) { } paths; + + # Secrets + + commonSecrets = (listFilesRelative ./secrets/common) ++ [ + "./secrets/restic/client_env" + ]; + + acmeSecrets = listFilesRelative ./secrets/acme; in -(genAttrs commonSecrets (remove apprentix all)) +# Secrets communs à toutes les machines (sauf apprentix) +(genAttrs commonSecrets (lists.remove hosts.apprentix all)) +# Secrets pour ACME // (genAttrs acmeSecrets acme) +# Secrets pour restic // builtins.foldl' ( acc: name: acc @@ -104,19 +83,23 @@ in in genAttrs [ - "restic/${name}/base-repo" - "restic/${name}/base-password" + "./secrets/restic/${name}/base-repo" + "./secrets/restic/${name}/base-password" ] [ key ] ) -) { } (remove "thot" hostnames) -// builtins.mapAttrs (name: value: { publicKeys = value.publicKeys ++ nounous; }) { - "secrets/apprentix/root.age".publicKeys = [ apprentix ]; - "secrets/common/root.age".publicKeys = remove apprentix all; - "secrets/neo/appservice_irc_db_env.age".publicKeys = [ neo ]; - "secrets/neo/coturn_auth_secret.age".publicKeys = [ neo ]; - "secrets/neo/database_extra_config.age".publicKeys = [ neo ]; - "secrets/neo/note_oidc_extra_config.age".publicKeys = [ neo ]; - "secrets/neo/ldap_synapse_password.age".publicKeys = [ neo ]; - "secrets/vaultwarden/env.age".publicKeys = [ vaultwarden ]; -} +) { } (lists.remove "thot" hostnames) +// attrsets.foldlAttrs ( + outacc: host: key: + let + secrets = listFilesRelative (path.append ./secrets host); + in + outacc + // builtins.foldl' ( + acc: secret: + acc + // { + "${secret}".publicKeys = [ key ] ++ nounous; + } + ) { } secrets +) { } hosts diff --git a/secrets/acme/.gitkeep b/secrets/acme/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/apprentix/.gitkeep b/secrets/apprentix/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/cephiroth/.gitkeep b/secrets/cephiroth/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/common/.gitkeep b/secrets/common/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/jitsi/.gitkeep b/secrets/jitsi/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/livre/.gitkeep b/secrets/livre/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/neo/.gitkeep b/secrets/neo/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/redite/.gitkeep b/secrets/redite/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/restic/.gitkeep b/secrets/restic/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/thot/.gitkeep b/secrets/thot/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/two/.gitkeep b/secrets/two/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/vaultwarden/.gitkeep b/secrets/vaultwarden/.gitkeep new file mode 100644 index 0000000..e69de29 From ef566ac562f3909b43ae9dd5714e4ed0feb94b9c Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 22 Jun 2025 15:59:26 +0200 Subject: [PATCH 07/37] Commentaires PR --- modules/crans/networking.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 4d9a1e8..ca183cf 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -16,7 +16,7 @@ in enable = mkEnableOption "Configuration réseaux commune à toutes les machines du Crans."; id = mkOption { - type = types.int; + type = types.str; example = "35"; description = "Le numéro de la VM dans Proxmox (sans le `1` devant)."; }; @@ -203,7 +203,7 @@ in ipv6.addresses = [ { - address = "fd00::4:0:ff:fe01:${toString cfg.id}10"; + address = "fd00::4:0:ff:fe01:${toString cfg.id}04"; prefixLength = 64; } ]; From f8bb89c39d3f069160bacde06ddbda4ab1ac4e21 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 22 Jun 2025 16:09:07 +0200 Subject: [PATCH 08/37] =?UTF-8?q?Mise=20=C3=A0=20jour=20hosts/vm/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/vm/README.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/hosts/vm/README.md b/hosts/vm/README.md index 58279f3..85e788b 100644 --- a/hosts/vm/README.md +++ b/hosts/vm/README.md @@ -2,14 +2,30 @@ Voici la liste des machines virtuelles sur NixOS ainsi que leur utilisation (par ordre alphabétique). +## apprentix + +Machine des apprenti⋅e⋅s sous NixOS. Toustes les apprenti⋅e⋅s ont le droit de sudo (les home-nounous ne sont donc pas montés). + +## jitsi + +Serveur jitsi (vidéoconférence), accessible à . + +## livre + +Serveur stirling (manipulation de PDF). + ## neo -Serveur Matrix (encore non déployé). +Serveur Matrix et bridge IRC <-> Matrix. ## redite -Serveur libreddit, accessible à https://redite.crans.org. +Serveur redlib (client WEB alternatif pour Reddit), accessible à . ## two -Serveur NixOS de test. Vous pouvez vous en servir comme base pour la configuration d'une nouvelle machine. \ No newline at end of file +Serveur NixOS de test. Vous pouvez vous en servir comme base pour la configuration d'une nouvelle machine. + +## vaultwarden + +Serveur vaultwarden (gestionnaire de mots de passe), accessible à . From 997d665535fc026caab670111354cad46056debe Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 22 Jun 2025 18:25:08 +0200 Subject: [PATCH 09/37] =?UTF-8?q?Factorisation=20et=20d=C3=A9placements=20?= =?UTF-8?q?services?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.nix | 5 - hosts/physiques/thot/default.nix | 12 +- hosts/physiques/thot/nginx.nix | 15 ++ hosts/vm/README.md | 2 +- hosts/vm/apprentix/default.nix | 2 +- hosts/vm/jitsi/default.nix | 10 +- hosts/vm/jitsi/hardware-configuration.nix | 30 ++-- hosts/vm/jitsi/jitsi.nix | 26 ++++ hosts/vm/livre/default.nix | 16 +- hosts/vm/livre/hardware-configuration.nix | 32 ++-- .../services => hosts/vm/livre}/stirling.nix | 12 ++ hosts/vm/neo/default.nix | 13 +- .../vm/neo}/matrix-appservice-irc.nix | 9 +- {modules/services => hosts/vm/neo}/matrix.nix | 17 +- hosts/vm/neo/synapse-admin.nix | 29 ++++ hosts/vm/redite/default.nix | 5 +- .../vm/redite/redlib.nix | 2 +- hosts/vm/two/default.nix | 2 +- hosts/vm/vaultwarden/default.nix | 5 +- .../vm/vaultwarden/hardware-configuration.nix | 31 ++-- .../vm/vaultwarden}/vaultwarden.nix | 23 +-- modules/README.md | 2 +- modules/crans/README.md | 36 ++++- modules/crans/networking.nix | 14 +- modules/services/acme.nix | 42 +++-- modules/services/coturn.nix | 147 +++++++++++------- modules/services/default.nix | 7 +- modules/services/jitsi.nix | 44 ------ modules/services/nginx.nix | 6 +- modules/services/restic.nix | 45 ++++-- modules/services/synapse-admin.nix | 28 ---- 31 files changed, 405 insertions(+), 264 deletions(-) create mode 100644 hosts/physiques/thot/nginx.nix create mode 100644 hosts/vm/jitsi/jitsi.nix rename {modules/services => hosts/vm/livre}/stirling.nix (50%) rename {modules/services => hosts/vm/neo}/matrix-appservice-irc.nix (99%) rename {modules/services => hosts/vm/neo}/matrix.nix (92%) create mode 100644 hosts/vm/neo/synapse-admin.nix rename modules/services/libreddit.nix => hosts/vm/redite/redlib.nix (75%) rename {modules/services => hosts/vm/vaultwarden}/vaultwarden.nix (64%) delete mode 100644 modules/services/jitsi.nix delete mode 100644 modules/services/synapse-admin.nix diff --git a/flake.nix b/flake.nix index 5ae51e2..c212442 100644 --- a/flake.nix +++ b/flake.nix @@ -85,11 +85,6 @@ perSystem = { config, pkgs, ... }: { - treefmt = { - projectRootFile = "flake.nix"; - programs.nixpkgs-fmt.enable = true; - }; - devShells = { default = pkgs.callPackage ./devshells/default.nix { inherit (inputs) agenix; }; }; diff --git a/hosts/physiques/thot/default.nix b/hosts/physiques/thot/default.nix index 6caac2d..ba780fa 100644 --- a/hosts/physiques/thot/default.nix +++ b/hosts/physiques/thot/default.nix @@ -4,10 +4,7 @@ imports = [ ./hardware-configuration.nix ./networking.nix - - ../../../modules - ../../../modules/services/nginx.nix - ../../../modules/services/restic.nix + ./nginx.nix ]; networking.hostId = "bbdd1133"; @@ -44,6 +41,13 @@ networking.adm.enable = false; resticClient.enable = false; + + services = { + resticServer = { + enable = true; + port = 4242; + }; + }; }; system.stateVersion = "24.05"; diff --git a/hosts/physiques/thot/nginx.nix b/hosts/physiques/thot/nginx.nix new file mode 100644 index 0000000..aa721d0 --- /dev/null +++ b/hosts/physiques/thot/nginx.nix @@ -0,0 +1,15 @@ +{ config, ... }: + +{ + services.nginx = { + enable = true; + + virtualHosts = { + "${config.networking.hostName}.adm.crans.org" = { + locations."/" = { + proxyPass = "http://${config.services.restic.server.listenAddress}"; + }; + }; + }; + }; +} diff --git a/hosts/vm/README.md b/hosts/vm/README.md index 85e788b..a0a6fc4 100644 --- a/hosts/vm/README.md +++ b/hosts/vm/README.md @@ -16,7 +16,7 @@ Serveur stirling (manipulation de PDF). ## neo -Serveur Matrix et bridge IRC <-> Matrix. +Serveur Matrix, bridge IRC <-> Matrix et interface admin pour synapse, accessible à . ## redite diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix index 6feeef0..da714e4 100644 --- a/hosts/vm/apprentix/default.nix +++ b/hosts/vm/apprentix/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = 50; + id = "50"; srvNat.enable = true; }; diff --git a/hosts/vm/jitsi/default.nix b/hosts/vm/jitsi/default.nix index db3f4f1..9a78eea 100644 --- a/hosts/vm/jitsi/default.nix +++ b/hosts/vm/jitsi/default.nix @@ -3,9 +3,7 @@ { imports = [ ./hardware-configuration.nix - - ../../../modules/services/jitsi.nix - ../../../modules/services/acme.nix + ./jitsi.nix ]; networking.hostName = "jitsi"; @@ -15,12 +13,16 @@ enable = true; networking = { - id = 63; + id = "63"; srv = { enable = true; ipv4 = "185.230.79.15"; }; }; + + services = { + acme.enable = true; + }; }; system.stateVersion = "24.11"; diff --git a/hosts/vm/jitsi/hardware-configuration.nix b/hosts/vm/jitsi/hardware-configuration.nix index 8bc6d1b..15779d2 100644 --- a/hosts/vm/jitsi/hardware-configuration.nix +++ b/hosts/vm/jitsi/hardware-configuration.nix @@ -1,22 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/66101184-15ad-4859-addf-95040bac1145"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/66101184-15ad-4859-addf-95040bac1145"; + fsType = "ext4"; + }; swapDevices = [ ]; diff --git a/hosts/vm/jitsi/jitsi.nix b/hosts/vm/jitsi/jitsi.nix new file mode 100644 index 0000000..71f46a1 --- /dev/null +++ b/hosts/vm/jitsi/jitsi.nix @@ -0,0 +1,26 @@ +{ ... }: + +{ + services.jitsi-meet = { + enable = true; + hostName = "jitsi.crans.org"; + + config = { + liveStreaming.enabled = true; + }; + }; + + services.jitsi-videobridge = { + enable = true; + openFirewall = true; + }; + + services.prometheus.exporters.jitsi = { + enable = true; + port = 9700; + }; + + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + ]; +} diff --git a/hosts/vm/livre/default.nix b/hosts/vm/livre/default.nix index bdee797..abeded5 100644 --- a/hosts/vm/livre/default.nix +++ b/hosts/vm/livre/default.nix @@ -1,11 +1,9 @@ -{ config, ... }: +{ ... }: { imports = [ ./hardware-configuration.nix - - ../../../modules/services/nginx.nix - ../../../modules/services/stirling.nix + ./stirling.nix ]; networking.hostName = "livre"; @@ -15,18 +13,10 @@ enable = true; networking = { - id = 40; + id = "40"; srvNat.enable = true; }; }; - services.nginx.virtualHosts = { - "pdf.crans.org" = { - locations."/" = { - proxyPass = "http://localhost:${toString config.services.stirling-pdf.environment.SERVER_PORT}"; - }; - }; - }; - system.stateVersion = "24.11"; } diff --git a/hosts/vm/livre/hardware-configuration.nix b/hosts/vm/livre/hardware-configuration.nix index 66ff281..04493d3 100644 --- a/hosts/vm/livre/hardware-configuration.nix +++ b/hosts/vm/livre/hardware-configuration.nix @@ -1,22 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/9fed1492-e7b2-4ec2-a5f4-8825bf8e89a0"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/9fed1492-e7b2-4ec2-a5f4-8825bf8e89a0"; + fsType = "ext4"; + }; swapDevices = [ ]; @@ -30,4 +43,3 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } - diff --git a/modules/services/stirling.nix b/hosts/vm/livre/stirling.nix similarity index 50% rename from modules/services/stirling.nix rename to hosts/vm/livre/stirling.nix index fe958e5..a18fe97 100644 --- a/modules/services/stirling.nix +++ b/hosts/vm/livre/stirling.nix @@ -10,4 +10,16 @@ SYSTEM_DEFAULTLOCALE = "fr-FR"; }; }; + + services.nginx = { + enable = true; + + virtualHosts = { + "pdf.crans.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString config.services.stirling-pdf.environment.SERVER_PORT}"; + }; + }; + }; + }; } diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index 5b7ff25..53dcee1 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -3,9 +3,9 @@ { imports = [ ./hardware-configuration.nix - - ../../../modules/services/matrix.nix - ../../../modules/services/synapse-admin.nix + ./matrix.nix + ./matrix-appservice-irc.nix + ./synapse-admin.nix ]; boot.loader.grub.devices = [ "/dev/sda" ]; @@ -16,12 +16,17 @@ enable = true; networking = { - id = 41; + id = "41"; srv = { enable = true; ipv4 = "185.230.79.5"; }; }; + + services = { + acme.enable = true; + coturn.enable = true; + }; }; system.stateVersion = "24.11"; diff --git a/modules/services/matrix-appservice-irc.nix b/hosts/vm/neo/matrix-appservice-irc.nix similarity index 99% rename from modules/services/matrix-appservice-irc.nix rename to hosts/vm/neo/matrix-appservice-irc.nix index 6352c7c..0540c42 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/hosts/vm/neo/matrix-appservice-irc.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let diff --git a/modules/services/matrix.nix b/hosts/vm/neo/matrix.nix similarity index 92% rename from modules/services/matrix.nix rename to hosts/vm/neo/matrix.nix index f360537..5345f8e 100644 --- a/modules/services/matrix.nix +++ b/hosts/vm/neo/matrix.nix @@ -1,35 +1,28 @@ { config, ... }: { - imports = [ - ./acme.nix - ./coturn.nix - ./matrix-appservice-irc.nix - ./nginx.nix - ]; - age.secrets = { ldap_synapse_password = { - file = ../../secrets/neo/ldap_synapse_password.age; + file = ../../../secrets/neo/ldap_synapse_password.age; owner = "matrix-synapse"; }; database_extra_config = { - file = ../../secrets/neo/database_extra_config.age; + file = ../../../secrets/neo/database_extra_config.age; owner = "matrix-synapse"; }; note_oidc_extra_config = { - file = ../../secrets/neo/note_oidc_extra_config.age; + file = ../../../secrets/neo/note_oidc_extra_config.age; owner = "matrix-synapse"; }; appservice_irc_db_env = { - file = ../../secrets/neo/appservice_irc_db_env.age; + file = ../../../secrets/neo/appservice_irc_db_env.age; }; coturn_auth_secret = { - file = ../../secrets/neo/coturn_auth_secret.age; + file = ../../../secrets/neo/coturn_auth_secret.age; owner = "turnserver"; }; }; diff --git a/hosts/vm/neo/synapse-admin.nix b/hosts/vm/neo/synapse-admin.nix new file mode 100644 index 0000000..193b29b --- /dev/null +++ b/hosts/vm/neo/synapse-admin.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +let + synapse-admin_over = pkgs.synapse-admin-etkecc.overrideAttrs (_: { + yarnBuildFlags = "--base=/admin"; + }); + synapse-admin = synapse-admin_over.withConfig { + restrictBaseUrl = [ + "https://matrix.crans.org" + ]; + asManagedUsers = [ + "^@ircbot:crans\\.org$" + ]; + }; +in +{ + services.nginx = { + enable = true; + + virtualHosts = { + "matrix.crans.org" = { + locations."/admin/".alias = synapse-admin + "/"; + locations."=/admin".extraConfig = '' + return 301 /admin/; + ''; + }; + }; + }; +} diff --git a/hosts/vm/redite/default.nix b/hosts/vm/redite/default.nix index 12a85a3..481bc0c 100644 --- a/hosts/vm/redite/default.nix +++ b/hosts/vm/redite/default.nix @@ -3,8 +3,7 @@ { imports = [ ./hardware-configuration.nix - - ../../../modules/services/libreddit.nix + ./redlib.nix ]; networking.hostName = "redite"; @@ -14,7 +13,7 @@ enable = true; networking = { - id = 39; + id = "39"; srvNat.enable = true; }; }; diff --git a/modules/services/libreddit.nix b/hosts/vm/redite/redlib.nix similarity index 75% rename from modules/services/libreddit.nix rename to hosts/vm/redite/redlib.nix index 35157b7..e569cf6 100644 --- a/modules/services/libreddit.nix +++ b/hosts/vm/redite/redlib.nix @@ -1,7 +1,7 @@ { ... }: { - services.libreddit = { + services.redlib = { openFirewall = true; port = 80; enable = true; diff --git a/hosts/vm/two/default.nix b/hosts/vm/two/default.nix index c1758e0..70bf30b 100644 --- a/hosts/vm/two/default.nix +++ b/hosts/vm/two/default.nix @@ -12,7 +12,7 @@ enable = true; networking = { - id = 35; + id = "35"; srvNat = { enable = true; interface = "ens19"; diff --git a/hosts/vm/vaultwarden/default.nix b/hosts/vm/vaultwarden/default.nix index e231698..f63b05e 100644 --- a/hosts/vm/vaultwarden/default.nix +++ b/hosts/vm/vaultwarden/default.nix @@ -3,8 +3,7 @@ { imports = [ ./hardware-configuration.nix - - ../../../modules/services/vaultwarden.nix + ./vaultwarden.nix ]; networking.hostName = "vaultwarden"; @@ -14,7 +13,7 @@ enable = true; networking = { - id = 59; + id = "59"; srvNat.enable = true; }; }; diff --git a/hosts/vm/vaultwarden/hardware-configuration.nix b/hosts/vm/vaultwarden/hardware-configuration.nix index 9b113d6..3854e59 100644 --- a/hosts/vm/vaultwarden/hardware-configuration.nix +++ b/hosts/vm/vaultwarden/hardware-configuration.nix @@ -1,22 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/c97aeccd-b88a-407e-a08d-f821a3f34936"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/c97aeccd-b88a-407e-a08d-f821a3f34936"; + fsType = "ext4"; + }; swapDevices = [ ]; diff --git a/modules/services/vaultwarden.nix b/hosts/vm/vaultwarden/vaultwarden.nix similarity index 64% rename from modules/services/vaultwarden.nix rename to hosts/vm/vaultwarden/vaultwarden.nix index 4cb76a3..a8bf1fa 100644 --- a/modules/services/vaultwarden.nix +++ b/hosts/vm/vaultwarden/vaultwarden.nix @@ -1,13 +1,9 @@ { config, lib, ... }: { - imports = [ - ./nginx.nix - ]; - age.secrets = { - env = { - file = ../../secrets/vaultwarden/env.age; + vaultwarden-env = { + file = ../../../secrets/vaultwarden/env.age; }; }; @@ -15,12 +11,13 @@ enable = true; dbBackend = "postgresql"; - environmentFile = config.age.secrets.env.path; + environmentFile = config.age.secrets.vaultwarden-env.path; config = { ROCKET_PORT = 8222; SENDMAIL_COMMAND = "${config.security.wrapperDir}/sendmail"; }; }; + users.users.vaultwarden.extraGroups = [ "nullmailer" ]; systemd.services.vaultwarden = { @@ -37,10 +34,14 @@ }; }; - services.nginx.virtualHosts."vaultwarden.crans.org" = { - locations."/" = { - proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}"; - proxyWebsockets = true; + services.nginx = { + enable = true; + + virtualHosts."vaultwarden.crans.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + proxyWebsockets = true; + }; }; }; } diff --git a/modules/README.md b/modules/README.md index fb791c0..9d49acf 100644 --- a/modules/README.md +++ b/modules/README.md @@ -12,4 +12,4 @@ Le dossier [`crans`](crans) contient tous les services/programmes communs à tou ## Services -Le dossier [`services`](services) contient tous les services/programmes utilisés par un nombre restreint de machines. On peut y déclarer deux types de configurations : les configurations directement inscrites car seront toujours utilisées de la même façon, et les configurations mettant en place un système d'options et de configuration générée pour avoir plus de granularités. Cette seconde utilisation est plus complexe à mettre en place et nécessite une meilleure compréhension de `nix`. +Le dossier [`services`](services) contient tous les services/programmes utilisés par un nombre restreint de machines. On y déclare les configurations mettant en place un système d'options et de configuration générée pour avoir plus de granularités. diff --git a/modules/crans/README.md b/modules/crans/README.md index cc78b77..fd9a209 100644 --- a/modules/crans/README.md +++ b/modules/crans/README.md @@ -2,9 +2,15 @@ Ce dossier contient tous les modules commun à la majorité des machines virtuelles du Crans. On y retrouve par exemple les utilisateurices, les `home_nounou`, etc. +Ces modules sont présentés sous forme d'option (si besoin), afin de pouvoir contrôler la présence ou l'absence de certains services. + ## `default.nix` -Le fichier [`default.nix`](default.nix), comme tous les autres du même nom, importe tous les autres fichiers du dossier. De plus, il déclare des programmes utiles à avoir en permanence, tels que `ssh`, `git`, `nvim`, ... +Le fichier [`default.nix`](default.nix), comme tous les autres du même nom, importe tous les autres fichiers du dossier. De plus, il déclare des programmes utiles à avoir en permanence, tels que `ssh`, `git`, `nvim`, ... et importe les options par défaut qui sont utile pour la majorité des machines. + +## `age.nix` + +Le fichier [`age.nix`](age.nix) contient la configuration commune d'agenix (voir [`../../secrets/README.md`](../../secrets/README.md)). ## `home.nix` @@ -14,18 +20,38 @@ Le fichier [`home.nix`](home.nix) monte les `home_nounou` par NFS à partir de ` Le fichier [`locale.nix`](locale.nix) déclare simplement les locales à utiliser. +## `monitoring.nix` + +Le fichier [`monitoring.nix`] déploie une instance prometheus avec un exporteur node contactable sur le port `9100` par défaut, ainsi qu'un exporteur nginx (si pertinent) sur le port `9117`. + ## `networking.nix` -Le fichier [`networking.nix`](networking.nix) a moins d'utilité que ce à quoi on pourrait s'attendre : comme chaque machine possède sa propre configuration réseau, les seules choses communes à déclarer sont : la non-utilisation de DHCP, la non-utilisation d'un pare-feu par défault ainsi que l'ajout d'un serveur DNS. +Le fichier [`networking.nix`](networking.nix) contient toute la configuration réseau des machines : l'option `crans.networking.id` permet de configurer la majorité du réseau automatiquement (il faut alors déployer interface par interface). ## `ntp.nix` Le fichier [`ntp.nix`](ntp.nix) active simplement le NTP (Network Time Protocol) en ajoutant le serveur `ntp.adm.crans.org` comme serveur de temps. -## `sops.nix` +## `nullmailer.nix` -Le fichier [`sops.nix`](sops.nix) déclare l'utilisation de `sops` dans la configuration (voir [ce `README.md`](../../secrets/README.md) pour plus de détails) et importe la clef publique SSH de la machine pour pouvoir l'utiliser dans la gestion des secrets. +Le fichier [`nullmailer.nix`](nullmailer.nix) déploie un client SMTP sur chaque serveur afin de pouvoir envoyer des mails en le nom du Crans. + +## `packages.nix` + +Le fichier [`packages.nix`](packages.nix) contient la liste des programmes installés par défaut sur les machines du Crans. + +## `restic_client.nix` + +Le fichier [`restic_client`](restic_client.nix) permet de configurer un client restic sur chaque machine pour faire des backups et les envoyer sur le serveur thot. + +## `ssh.nix` + +Le fichier [`ssh.nix`](ssh.nix) contient la configuration SSH pour toutes les machines. ## `users.nix` -Le fichier [`users.nix`](users.nix) configure les `_users` à partir du LDAP d'administration, et configure les droits pour que les `_nounou` aient les accès `sudo`. Il configure également le user `root` en lui donnant son mot de passe haché à travers un fichier `sops`. +Le fichier [`users.nix`](users.nix) configure les `_users` à partir du LDAP d'administration, et configure les droits pour que les `_nounou` aient les accès `sudo`. Il configure également le user `root` en lui donnant son mot de passe haché à travers un fichier `age`. + +## `virtualisation.nix` + +Le fichier [`virtualisation.nix`](virtualisation.nix) contient des paramètres utiles pour la virtualisation (pour les VM en priorité donc). diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index ca183cf..a376fb2 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -86,14 +86,14 @@ in interfaces."${cfg.adm.interface}" = { ipv4.addresses = [ { - address = "172.16.10.1${toString cfg.id}"; + address = "172.16.10.1${cfg.id}"; prefixLength = 24; } ]; ipv6.addresses = [ { - address = "fd00::10:0:ff:fe01:${toString cfg.id}10"; + address = "fd00::10:0:ff:fe01:${cfg.id}10"; prefixLength = 64; } ]; @@ -128,7 +128,7 @@ in ipv6 = { addresses = [ { - address = "2a0c:700:2::ff::fe01:${toString cfg.id}02"; + address = "2a0c:700:2::ff::fe01:${cfg.id}02"; prefixLength = 64; } ]; @@ -155,7 +155,7 @@ in ipv4 = { addresses = [ { - address = "172.16.3.1${toString cfg.id}"; + address = "172.16.3.1${cfg.id}"; prefixLength = 24; } ]; @@ -171,7 +171,7 @@ in ipv6 = { addresses = [ { - address = "2a0c:700:3::ff:fe01:${toString cfg.id}03"; + address = "2a0c:700:3::ff:fe01:${cfg.id}03"; prefixLength = 64; } ]; @@ -196,14 +196,14 @@ in interfaces."${cfg.san.interface}" = { ipv4.addresses = [ { - address = "172.16.4.1${toString cfg.id}"; + address = "172.16.4.1${cfg.id}"; prefixLength = 24; } ]; ipv6.addresses = [ { - address = "fd00::4:0:ff:fe01:${toString cfg.id}04"; + address = "fd00::4:0:ff:fe01:${cfg.id}04"; prefixLength = 64; } ]; diff --git a/modules/services/acme.nix b/modules/services/acme.nix index 236ddb0..1b90021 100644 --- a/modules/services/acme.nix +++ b/modules/services/acme.nix @@ -1,24 +1,36 @@ -{ config, ... }: +{ config, lib, ... }: + +let + cfg = config.crans.services.acme; + + inherit (lib) mkEnableOption mkIf; +in { - age.secrets = { - acme-env.file = ../../secrets/acme/env.age; + options.crans.services.acme = { + enable = mkEnableOption "Activer les certificats ACME via let's encrypt."; }; - security.acme = { - acceptTerms = true; - - defaults = { - email = "root@crans.org"; - dnsPropagationCheck = false; + config = mkIf cfg.enable { + age.secrets = { + acme-env.file = ../../secrets/acme/env.age; }; - certs."crans.org" = { - domain = "*.crans.org"; - dnsProvider = "rfc2136"; - # Contient le serveur à contacter avec le protocole - # et le mot de passe - environmentFile = config.age.secrets.acme-env.path; + security.acme = { + acceptTerms = true; + + defaults = { + email = "root@crans.org"; + dnsPropagationCheck = false; + }; + + certs."crans.org" = { + domain = "*.crans.org"; + dnsProvider = "rfc2136"; + # Contient le serveur à contacter avec le protocole + # et le mot de passe + environmentFile = config.age.secrets.acme-env.path; + }; }; }; } diff --git a/modules/services/coturn.nix b/modules/services/coturn.nix index 8382c11..e1bc36e 100644 --- a/modules/services/coturn.nix +++ b/modules/services/coturn.nix @@ -1,59 +1,100 @@ -{ config, ... }: +{ config, lib, ... }: + +let + cfg = config.crans.services.coturn; + + inherit (lib) + mkEnableOption + mkOption + mkIf + types + ; +in { - services.coturn = { - enable = true; - no-cli = true; - no-tcp-relay = true; - min-port = 49000; - max-port = 50000; - use-auth-secret = true; - static-auth-secret-file = config.age.secrets.coturn_auth_secret.path; - realm = "crans.org"; - cert = "/var/lib/acme/crans.org/full.pem"; - pkey = "/var/lib/acme/crans.org/key.pem"; - extraConfig = '' - verbose - no-multicast-peers - denied-peer-ip=0.0.0.0-0.255.255.255 - denied-peer-ip=10.0.0.0-10.255.255.255 - denied-peer-ip=100.64.0.0-100.127.255.255 - denied-peer-ip=127.0.0.0-127.255.255.255 - denied-peer-ip=169.254.0.0-169.254.255.255 - denied-peer-ip=172.16.0.0-172.31.255.255 - denied-peer-ip=192.0.0.0-192.0.0.255 - denied-peer-ip=192.0.2.0-192.0.2.255 - denied-peer-ip=192.88.99.0-192.88.99.255 - denied-peer-ip=192.168.0.0-192.168.255.255 - denied-peer-ip=198.18.0.0-198.19.255.255 - denied-peer-ip=198.51.100.0-198.51.100.255 - denied-peer-ip=203.0.113.0-203.0.113.255 - denied-peer-ip=240.0.0.0-255.255.255.255 - denied-peer-ip=::1 - denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff - denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 - denied-peer-ip=100::-100::ffff:ffff:ffff:ffff - denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff - ''; + options.crans.services.coturn = { + enable = mkEnableOption "Coturn, un serveur TURN open-source."; + + secretFile = mkOption { + type = types.path; + default = config.age.secrets.coturn_auth_secret.path; + description = "Fichier contenant le secret de configuration du serveur."; + }; + + fqdn = mkOption { + type = types.str; + default = "crans.org"; + description = "Domaine pour lequel le serveur coturn est configuré."; + }; + + certFile = mkOption { + type = types.path; + default = "/var/lib/acme/${cfg.fqdn}/full.pem"; + description = "Fichier contenant le certificat associé au FQDN."; + }; + + keyFile = mkOption { + type = types.path; + default = "/var/lib/acme/${cfg.fqdn}/key.pem"; + description = "Fichier contenant la clef associé au FQDN."; + }; }; - networking.firewall = { - allowedTCPPorts = [ - 3478 - 5349 - ]; - allowedUDPPorts = [ - 3478 - 5349 - ]; - allowedUDPPortRanges = [ - { - from = config.services.coturn.min-port; - to = config.services.coturn.max-port; - } - ]; + config = mkIf cfg.enable { + services.coturn = { + enable = true; + no-cli = true; + no-tcp-relay = true; + min-port = 49000; + max-port = 50000; + use-auth-secret = true; + static-auth-secret-file = cfg.secretFile; + realm = cfg.fqdn; + cert = cfg.certFile; + pkey = cfg.keyFile; + extraConfig = '' + verbose + no-multicast-peers + denied-peer-ip=0.0.0.0-0.255.255.255 + denied-peer-ip=10.0.0.0-10.255.255.255 + denied-peer-ip=100.64.0.0-100.127.255.255 + denied-peer-ip=127.0.0.0-127.255.255.255 + denied-peer-ip=169.254.0.0-169.254.255.255 + denied-peer-ip=172.16.0.0-172.31.255.255 + denied-peer-ip=192.0.0.0-192.0.0.255 + denied-peer-ip=192.0.2.0-192.0.2.255 + denied-peer-ip=192.88.99.0-192.88.99.255 + denied-peer-ip=192.168.0.0-192.168.255.255 + denied-peer-ip=198.18.0.0-198.19.255.255 + denied-peer-ip=198.51.100.0-198.51.100.255 + denied-peer-ip=203.0.113.0-203.0.113.255 + denied-peer-ip=240.0.0.0-255.255.255.255 + denied-peer-ip=::1 + denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff + denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 + denied-peer-ip=100::-100::ffff:ffff:ffff:ffff + denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff + ''; + }; + + networking.firewall = { + allowedTCPPorts = [ + 3478 + 5349 + ]; + allowedUDPPorts = [ + 3478 + 5349 + ]; + allowedUDPPortRanges = [ + { + from = config.services.coturn.min-port; + to = config.services.coturn.max-port; + } + ]; + }; }; } diff --git a/modules/services/default.nix b/modules/services/default.nix index d8147ea..9c1cafb 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -1,5 +1,10 @@ { ... }: { - + imports = [ + ./acme.nix + ./coturn.nix + ./nginx.nix + ./restic.nix + ]; } diff --git a/modules/services/jitsi.nix b/modules/services/jitsi.nix deleted file mode 100644 index 1356890..0000000 --- a/modules/services/jitsi.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ ... }: -{ - # il y a une faille de secu mais c'est pas exploitable - # libolm : https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802 - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - ]; - - - services.jitsi-meet = { - enable = true; - hostName = "jitsi.crans.org"; - - config = { - # vient de l'ancienne config liveStreamingEnable = true - liveStreaming.enabled = true; - }; - }; - - services.jitsi-videobridge = { - enable = true; - - #xmppConfigs."localhost" = { - # port = 5347; - #}; - - openFirewall = true; - }; - - services.jicofo = { - enable = true; - - config = { - xmpp = { - trusted-domains = [ "recoder.jitsi.crans.org" ]; - }; - }; - }; - - services.prometheus.exporters.jitsi = { - enable = true; - }; - -} diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index e05c89a..b15423d 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -1,9 +1,7 @@ -{ ... }: +{ lib, config, ... }: { - services.nginx = { - enable = true; - + services.nginx = lib.mkIf config.services.nginx.enable { recommendedProxySettings = true; recommendedOptimisation = true; diff --git a/modules/services/restic.nix b/modules/services/restic.nix index 9f0d302..5e6c8dd 100644 --- a/modules/services/restic.nix +++ b/modules/services/restic.nix @@ -1,19 +1,42 @@ -{ config, ... }: +{ config, lib, ... }: + +let + cfg = config.crans.services.resticServer; + + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; +in { - services.restic.server = { - enable = true; + options.crans.services.resticServer = { + enable = mkEnableOption "Serveur de backups restic."; - dataDir = "/backups"; - listenAddress = "localhost:4242"; - privateRepos = true; + dataDir = mkOption { + type = types.path; + default = "/backups"; + example = "/var/backups"; + description = "Dossier dans lequel les backups seront effectuées."; + }; + + port = mkOption { + type = types.int; + default = 8080; + example = 4242; + description = "Port sur lequel le serveur restic écoute."; + }; }; - services.nginx.virtualHosts = { - "${config.networking.hostName}.adm.crans.org" = { - locations."/" = { - proxyPass = "http://${config.services.restic.server.listenAddress}"; - }; + config = mkIf cfg.enable { + services.restic.server = { + enable = true; + + dataDir = cfg.dataDir; + listenAddress = "localhost:${toString cfg.port}"; + privateRepos = true; }; }; } diff --git a/modules/services/synapse-admin.nix b/modules/services/synapse-admin.nix deleted file mode 100644 index 9e2f298..0000000 --- a/modules/services/synapse-admin.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: - -let - synapse-admin_over = pkgs.synapse-admin-etkecc.overrideAttrs (_: { yarnBuildFlags = "--base=/admin"; }); - synapse-admin = synapse-admin_over - .withConfig { - restrictBaseUrl = [ - "https://matrix.crans.org" - ]; - asManagedUsers = [ - "^@ircbot:crans\\.org$" - ]; - }; -in -{ - imports = [ - ./nginx.nix - ]; - - services.nginx.virtualHosts = { - "matrix.crans.org" = { - locations."/admin/".alias = synapse-admin + "/"; - locations."=/admin".extraConfig = '' - return 301 /admin/; - ''; - }; - }; -} From d2ec7cddf1f1373b8a4966efabc64d19001e604b Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 22 Jun 2025 18:37:08 +0200 Subject: [PATCH 10/37] Ajout lien pdf.crans.org --- hosts/vm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/vm/README.md b/hosts/vm/README.md index a0a6fc4..1e4607b 100644 --- a/hosts/vm/README.md +++ b/hosts/vm/README.md @@ -12,7 +12,7 @@ Serveur jitsi (vidéoconférence), accessible à . ## livre -Serveur stirling (manipulation de PDF). +Serveur stirling (manipulation de PDF), accessible à . ## neo From 11c19d92a4cedd2f50634ed3cf6ec42e32e54f07 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 22 Jun 2025 18:45:06 +0200 Subject: [PATCH 11/37] =?UTF-8?q?Suppression=20horaire=20par=20d=C3=A9faul?= =?UTF-8?q?t=20sur=20le=20client=20restic?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/vm/apprentix/default.nix | 2 ++ hosts/vm/jitsi/default.nix | 2 ++ hosts/vm/livre/default.nix | 2 ++ hosts/vm/neo/default.nix | 2 ++ hosts/vm/redite/default.nix | 2 ++ hosts/vm/two/default.nix | 2 ++ hosts/vm/vaultwarden/default.nix | 2 ++ modules/crans/restic_client.nix | 1 - 8 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix index da714e4..81e5c14 100644 --- a/hosts/vm/apprentix/default.nix +++ b/hosts/vm/apprentix/default.nix @@ -17,6 +17,8 @@ srvNat.enable = true; }; + resticClient.when = "01:23"; + homeNounou.enable = false; users.root.passwordFile = ../../../secrets/apprentix/root.age; diff --git a/hosts/vm/jitsi/default.nix b/hosts/vm/jitsi/default.nix index 9a78eea..f04f286 100644 --- a/hosts/vm/jitsi/default.nix +++ b/hosts/vm/jitsi/default.nix @@ -20,6 +20,8 @@ }; }; + resticClient.when = "02:34"; + services = { acme.enable = true; }; diff --git a/hosts/vm/livre/default.nix b/hosts/vm/livre/default.nix index abeded5..042d63c 100644 --- a/hosts/vm/livre/default.nix +++ b/hosts/vm/livre/default.nix @@ -16,6 +16,8 @@ id = "40"; srvNat.enable = true; }; + + resticClient.when = "03:45"; }; system.stateVersion = "24.11"; diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index 53dcee1..f845f57 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -23,6 +23,8 @@ }; }; + resticClient.when = "04:56"; + services = { acme.enable = true; coturn.enable = true; diff --git a/hosts/vm/redite/default.nix b/hosts/vm/redite/default.nix index 481bc0c..f4cf49f 100644 --- a/hosts/vm/redite/default.nix +++ b/hosts/vm/redite/default.nix @@ -16,6 +16,8 @@ id = "39"; srvNat.enable = true; }; + + resticClient.when = "06:18"; }; system.stateVersion = "23.11"; diff --git a/hosts/vm/two/default.nix b/hosts/vm/two/default.nix index 70bf30b..b280e43 100644 --- a/hosts/vm/two/default.nix +++ b/hosts/vm/two/default.nix @@ -18,6 +18,8 @@ interface = "ens19"; }; }; + + resticClient.when = "07:29"; }; system.stateVersion = "23.11"; diff --git a/hosts/vm/vaultwarden/default.nix b/hosts/vm/vaultwarden/default.nix index f63b05e..26cfe43 100644 --- a/hosts/vm/vaultwarden/default.nix +++ b/hosts/vm/vaultwarden/default.nix @@ -16,6 +16,8 @@ id = "59"; srvNat.enable = true; }; + + resticClient.when = "04:44"; }; system.stateVersion = "24.05"; diff --git a/modules/crans/restic_client.nix b/modules/crans/restic_client.nix index 920c2ec..b0b3228 100644 --- a/modules/crans/restic_client.nix +++ b/modules/crans/restic_client.nix @@ -31,7 +31,6 @@ in when = mkOption { type = types.str; - default = "00:00"; example = "05:42"; description = "À quelle heure faire les backups."; }; From 259aa15db814ccd6e28a21bf854d44bb4b418e2c Mon Sep 17 00:00:00 2001 From: lzebulon Date: Sun, 22 Jun 2025 18:54:47 +0200 Subject: [PATCH 12/37] Add --no-build to nix flake check (faster CI) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ccfac76..21dcae4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,4 +8,4 @@ nix-flake-check: timeout: 1h stage: test script: - - nix flake check + - nix flake check --no-build From b2cb4caa6f651f115d81d58f539e33ea96ed2f7e Mon Sep 17 00:00:00 2001 From: lzebulon Date: Sun, 22 Jun 2025 19:26:39 +0200 Subject: [PATCH 13/37] Ajout de -vvv pour voir que quelque chose se passe --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 21dcae4..5fc7339 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,4 +8,4 @@ nix-flake-check: timeout: 1h stage: test script: - - nix flake check --no-build + - nix flake check --no-build -vvv From 644216378f64f30dcfb02056b84d2f5fae1b7cbb Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 25 Jun 2025 16:57:50 +0200 Subject: [PATCH 14/37] =?UTF-8?q?Corrections=20probl=C3=A8mes=20r=C3=A9sea?= =?UTF-8?q?ux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/crans/networking.nix | 70 +++++++++++++----------------------- 1 file changed, 24 insertions(+), 46 deletions(-) diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index a376fb2..46e3b17 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -72,18 +72,21 @@ in }; config = mkIf cfg.enable { - networking = - { - useDHCP = false; - firewall.enable = lib.mkDefault false; - nameservers = [ "172.16.10.128" ]; - } - // - # Configuration du VLAN adm - ( - if cfg.adm.enable then - { - interfaces."${cfg.adm.interface}" = { + networking = { + useDHCP = false; + firewall.enable = lib.mkDefault false; + nameservers = [ "172.16.10.128" ]; + + interfaces = + lib.attrsets.mapAttrs' + (interface: conf: { + name = cfg."${interface}".interface; + value = conf; + }) + ( + lib.attrsets.filterAttrs (interface: _: cfg."${interface}".enable) { + # Configuration du VLAN adm + adm = { ipv4.addresses = [ { address = "172.16.10.1${cfg.id}"; @@ -98,18 +101,9 @@ in } ]; }; - } - else - { } - ) - // - # Configuration du VLAN srv - ( - if cfg.srv.enable then - { - firewall.enable = true; - interfaces."${cfg.srv.interface}" = { + # Configuration du VLAN srv + srv = { ipv4 = { addresses = [ { @@ -141,17 +135,9 @@ in ]; }; }; - } - else - { } - ) - // - # Configuration du VLAN srv-nat - ( - if cfg.srvNat.enable then - { - interfaces."${cfg.srvNat.interface}" = { + # Configuration du VLAN srv-nat + srvNat = { ipv4 = { addresses = [ { @@ -184,16 +170,9 @@ in ]; }; }; - } - else - { } - ) - // - # Configuration du VLAN san - ( - if cfg.san.enable then - { - interfaces."${cfg.san.interface}" = { + + # Configuration du VLAN san + san = { ipv4.addresses = [ { address = "172.16.4.1${cfg.id}"; @@ -209,8 +188,7 @@ in ]; }; } - else - { } - ); + ); + }; }; } From 6f8c5a7cafdadda9988983c07a53f6858fca447e Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 25 Jun 2025 17:07:55 +0200 Subject: [PATCH 15/37] Ajout commentaire fonctionnement interfaces --- modules/crans/networking.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 46e3b17..0696806 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -77,13 +77,21 @@ in firewall.enable = lib.mkDefault false; nameservers = [ "172.16.10.128" ]; + # La configuration des interfaces se fait de la manière suivante : + # elle est écrite de manière générique pour toutes les machines, puis + # on filtre pour ne garder que les interfaces activées. nix fait de + # l'évaluation paresseuse donc ça fonctionne bien ! interfaces = + # On change le nom des interfaces de "adm", "srv", ... pour leur vrai + # nom (on ne le met pas directement pour faire fonctionner le filter + # plus bas). lib.attrsets.mapAttrs' (interface: conf: { name = cfg."${interface}".interface; value = conf; }) ( + # On filtre sur les interfaces activées lib.attrsets.filterAttrs (interface: _: cfg."${interface}".enable) { # Configuration du VLAN adm adm = { From a255229ceb3983b664bbca8e62b76e6ce91ec845 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 25 Jun 2025 17:13:40 +0200 Subject: [PATCH 16/37] =?UTF-8?q?Fix=20interface=20par=20d=C3=A9faut=20de?= =?UTF-8?q?=20srv?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/crans/networking.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 0696806..97f7c4e 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -37,8 +37,8 @@ in interface = mkOption { type = types.str; - default = "ens18"; - example = "ens19"; + default = "ens19"; + example = "ens20"; description = "Nom de l'interface réseau sur laquelle est située le VLAN srv."; }; From 02ab2c3aecdf95de9824f79f3afd3dbaf614f98b Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 25 Jun 2025 17:37:21 +0200 Subject: [PATCH 17/37] Correction secrets.nix --- secrets.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/secrets.nix b/secrets.nix index 7957792..702bf51 100644 --- a/secrets.nix +++ b/secrets.nix @@ -62,7 +62,7 @@ let # Secrets commonSecrets = (listFilesRelative ./secrets/common) ++ [ - "./secrets/restic/client_env" + "./secrets/restic/client_env.age" ]; acmeSecrets = listFilesRelative ./secrets/acme; @@ -74,21 +74,21 @@ in # Secrets pour ACME // (genAttrs acmeSecrets acme) # Secrets pour restic -// builtins.foldl' ( - acc: name: - acc - // ( - let - key = hosts.${name}; - in - genAttrs - [ - "./secrets/restic/${name}/base-repo" - "./secrets/restic/${name}/base-password" - ] - [ key ] - ) -) { } (lists.remove "thot" hostnames) +// attrsets.foldlAttrs ( + outacc: host: key: + let + secrets = listFilesRelative (path.append ./secrets/restic host); + in + outacc + // builtins.foldl' ( + acc: secret: + acc + // { + "${secret}".publicKeys = [ key ] ++ nounous; + } + ) { } secrets +) { } (lib.filterAttrs (host: _: host != "thot" && host != "cephiroth") hosts) +# Secrets spécifiques à chaque VM // attrsets.foldlAttrs ( outacc: host: key: let From 1b0736d17f2005e0f29bef6176f00493f866460b Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Thu, 26 Jun 2025 10:09:49 +0200 Subject: [PATCH 18/37] Rekeying agenix --- secrets.nix | 9 ++- secrets/acme/env.age | Bin 1304 -> 1304 bytes secrets/apprentix/root.age | 36 +++++------ secrets/common/root.age | 62 ++++++++++--------- secrets/neo/appservice_irc_db_env.age | 40 ++++++------ secrets/neo/coturn_auth_secret.age | 38 ++++++------ secrets/neo/database_extra_config.age | Bin 1187 -> 1187 bytes secrets/neo/ldap_synapse_password.age | 36 +++++------ secrets/neo/note_oidc_extra_config.age | Bin 1555 -> 1555 bytes secrets/restic/apprentix/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/apprentix/base-repo.age | 38 ++++++------ secrets/restic/client_env.age | 62 ++++++++++--------- secrets/restic/jitsi/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/jitsi/base-repo.age | Bin 1081 -> 1081 bytes secrets/restic/livre/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/livre/base-repo.age | 38 ++++++------ secrets/restic/neo/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/neo/base-repo.age | Bin 1077 -> 1077 bytes secrets/restic/redite/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/redite/base-repo.age | 37 +++++------ secrets/restic/two/base-password.age | 39 ++++++------ secrets/restic/two/base-repo.age | Bin 1077 -> 1077 bytes secrets/restic/vaultwarden/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/vaultwarden/base-repo.age | Bin 1093 -> 1093 bytes secrets/vaultwarden/env.age | Bin 2951 -> 2951 bytes 25 files changed, 221 insertions(+), 214 deletions(-) diff --git a/secrets.nix b/secrets.nix index 702bf51..bc603e8 100644 --- a/secrets.nix +++ b/secrets.nix @@ -5,6 +5,7 @@ let filesystem lists path + strings ; # Nounous @@ -40,8 +41,6 @@ let vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICn6vfDlsZVU6TEWg9vTgq9+Fp3irHjytBTky7A4ErRM root@vaultwarden"; }; - hostnames = attrsets.mapAttrsToList (host: _: host) hosts; - # Groupes all = attrsets.mapAttrsToList (_: key: key) hosts; @@ -53,7 +52,11 @@ let # Fonctions utilitaires - listFilesRelative = dir: map (p: path.removePrefix ./. p) (filesystem.listFilesRecursive dir); + listFilesRelative = + dir: + lists.filter (f: strings.hasSuffix ".age" f) ( + map (p: path.removePrefix ./. p) (filesystem.listFilesRecursive dir) + ); genAttrs = paths: groups: diff --git a/secrets/acme/env.age b/secrets/acme/env.age index 35b075042a5899f29fe20f573665ba37877ce800..d16172e90df8d0b9c75c0152269cf2b8de697314 100644 GIT binary patch literal 1304 zcmZ9~Td3Ov00v+mj&l}7aAP_|%y23*o|87WrZ}g$wN0Dm(j-lq;V?;aX_}^&v?ocu zAvpHnU>qOzFxgc&LxiD-B7%qMeAqyT&dF4ep)hq&ZfWHB^FRlhiVyyXp=*hDMJY@YLC=LA7!2 zrU2T?G;`5g^eI(iT)`k(3=ct53}5w3K@==Z!z_f!SyGb=#5~OUMA{EnM4rM8YC^%3 zHMP47QXiWjM2{D`HRq6w-^^}y8~0b2$1sKiZb~~y3Xt=fEzL(AIEx20m=?UEtIv8a z!&<&A(lrZ(GZ8~|wH*o7!YC#%2+TOL>1s(-8iL$HF1DyzkjyeVF6MO5@_2hfPwM}- zaGHmtO$%e~i4`;(GgJ*L7^out0uTEOhL212OfhvNtth#dYx7cEC}Q|fOK{(m$qpUj z60gmS#VlnO4p}9d`V4GH6J_dD)pBv`iX6=LG8rI2T++*>-lW<9L$d|t!hq6ABR9Hb z4k3A2B+`~abpzaB3%pE*P8`uHA4^S+H4`S02BW4cXtE{si%&6R&4kT@>)`0qL z*9XYSICk9}$LAfg9@S`2ZNNdV)hs1*Dj84|8i*EEK`~Gn6`GB?qBJ}qh4HbcMghsK z675m~P2{eXkRe-lUAk{2#^&-{wVDtpwG@!;mK?gmlp=IOg)6AgWZ4-`m6R+JZLZjC zsxS%K1}3)Af08$&3LAl{xCG#95_S)1kj zlt^^AW9Es<`hKrgiPNnb78oN(2I4TyBfHyn=&~Xheh2pOmZyk|Zh#OOX=RhloK{Cw z!%~TY*Fc#L%=2Y0l`9K!8al0nk;fv68IC?7=z;IclR-U@2AkUQ^5*?VI@hNm#McZ{ zid+&huvEcgw!M%7IAK{qy6%d~Iz#dT#@IfB$;#{M*V~zpech{O~ey{fW-) za~Gcf=J@*lI`e(`@a56xSMcG@!@-H~KG=KzGY|f_R;R(&V%sJisrE_LsxcZt%;Gr*}MC&l~BrCUEQ9qcj+{ri=lE+(&AGxV!3 cw>=j8as34IfOOP8_3!-L;qANc=7?YZ11V&^EC2ui literal 1304 zcmZXT+p81>9LEv!P+LY=qJhE+BIL=l)IrqHRU(!b#Iq=0cEo~AyA?&cI0Mmseny1ztv%BR-Y|Nd^a?P z8i5N_G)rN&Y>R$b);o+3dH6pxe-zLAa1qTLNkv1FJPy}*ZJ0$KHngJ9Yn4C*D^J+E zMfFFDL2+(WYub?&n0h+OfrF95b$rE6wMM~@1k)Z5X@W6O(ACUwL=lutK(>x#viCn0 zTHyd;ja2|!7+G0TNu*k)sft$1!kR6zh193D40hE5ONgA&l{zw;Q+q~(QaQy$B1()& z+a?k+9F`FkZ;+|i97h5~O)9z)_HMISgDE`~^X)L;E3rCBOpd{fo?<9{Y=HCQiYcbL zS1lm`B^u(m9lBbMk*v5?cR+}i7*2!`LI~4RxeEJ}jyp{e2ktvSyIJ8za{bn3EHILc zVIG0NKnJaQ7b>?}nj9>Ic1V4yffmR1!1A(7Cnss zQRH=wMP?v?Mq-llZGmqlEZU<7v77QjL@FGg!3siiO0#P9%bdK_Pt#)Ex{YRZ>UfCf zF|3(3{AyDJKvyPE0n&7pbPxqJ$O7eOZJ9|+T0QKvn|4m9P7w_dT^=o!CUykX2d;&~ zO`97y06V5iVWYr^RzEVG?yV+^X2;XSJZEM+)KilI(9&u&(_*orOS+E4P83mVOO2Rj zNNnbt!deS>N}^IfU>Xsu$br(giD8CEobPo5QA`q5;_YDO`E_Ejwvzezd}kuEXarWL z`q~L%!A_t8fu>6$t#VRn+C}V|T*kl#s;zwss{!cK)g5#jvqw$D50LzuY-@VEv6R?sppN zU-7NGfFs{8uPpun@=xygiFtlK^uYOTZ*TnQV)5$L=7nD#yl-XKy3K&Pax*>#Rd<~^ z0N(k7_0_X?zkA1{m#%GDe&+PY*H(_5`t;>PXZK7ly|ek;z201SDEH0fv!9=1vbhhg i9QyY1Z#%U=HywRz_m%CHV3%uJCtlxr{NNT>y74z{g~X)* diff --git a/secrets/apprentix/root.age b/secrets/apprentix/root.age index c88217e..3a7bb07 100644 --- a/secrets/apprentix/root.age +++ b/secrets/apprentix/root.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 cZNEGg hx2K+BJ2BE5shiuYVL8lNDebSXOslE+D11wInEU5AC0 -/Voe2mVa0VBiowquOfiCqBwbsNWKlqJw19Rshncmb08 --> piv-p256 ewCc3w Atur1opHkIZnyRdfVcSPmXJ6pnC8KRSoTDTgRdpXhQ0a -BeNHX/8DygcMRjv+BYCMJEbx+yUiiOz1yRQ4WdpCkEA --> piv-p256 6CL/Pw An/25v/ZffNknCs1+Z9oUHEa9sltmBbaCGw5zGtPlS6X -Mp3IpX/1m45V1PVIxnh50hp4ymL3VjCnDZ9+n+pjoro --> ssh-ed25519 I2EdxQ MFQL0HlTcYBeQe5W+cAegZNrtvYh67YfaeQk5lKBkxI -6YtFHaJBmdC05zaeCNRUEOx+XdAy/KSSJbIFDAjqk4I --> ssh-ed25519 J/iReg pRxUVtZLA7OlkbjZPNJY+PcWBiwu0qOUymXTACmOGws -wLOQy84hbkdjSiqywOU+fAoZkUg84cdUP5mmehv1Les --> ssh-ed25519 GNhSGw oSRxaxlY2LyuB5QBkfQ+vIpmI6uFCCi2l4IqPrQxWgk -ePpTSXekzXDwSUZj6drtsvlnaKxPjgu+j5afvNsKbQk --> ssh-ed25519 eXMAtA v6zL1bc8aR2fgESNZcmTtGPk5pjVj0UGiBd3SjqGLzc -amsA5x2C5dQBzqL1uu6popDmDkKEhm4WPeK0J361vNQ --> ssh-ed25519 5hXocQ DPduJx7pfwr8FqMTXEPq3zXBhyElZTj3Ouy0d3S8RnI -m8K+tCRbGmnf6IkkPAa+scmGmiEy8QAvJppj0lvHYXs ---- Oelwm56/V9NDvorDKW+xqISHYjsqEs6HG/pYf5qTX94 -Ğuŕ{ %i[V4kX+d 'B<{h%P)m=`Է^I \ No newline at end of file +-> ssh-ed25519 cZNEGg cCqVXLLrHvanTMqXfxGd0gjoMj51K9T8B8fJkQiUE3o +N8bANPITpOunRC0fLfqNLyfpd17xKduK9EtZPMaROpM +-> piv-p256 ewCc3w AxxJaGKhvBGfTAW6NMc0cIT7A66PGugB/OeM7wU/9Inw +Sg/yKPotg9CDeBGYkG3Pgz0RBJoz2Q7NRZCDzslR8Hs +-> piv-p256 6CL/Pw AzPWMMEuvSCThR+2/4nbYU6iMJhQXhxPuUwtf3P0TCLY +oEdhbI58aZd8ZinNiYBBgNzmWnowNBsxEQkSUOfU8gQ +-> ssh-ed25519 I2EdxQ 0RgVUxgyBpzBlc5UeLkDGo7VZUy6mPQFkxAw1Z6Rbm8 +lTk0OiozJ/0XrAnHkIVDC8939mtfla2iNPJLbvc10Lk +-> ssh-ed25519 J/iReg 0AxRISUbavlAC3HMApLzemQds2KbIqB2F0pj2unyFxo +iwJy44Hkk+Hjj9lN7BeNgv4eINkrKMUT3lrP1s42yR0 +-> ssh-ed25519 GNhSGw UjDNEUVLKgktYlvP1jM9Lt03J68NCS5J14ZzcbfBwD4 +2KxidMac4QtQlOC9npD1jhIs13AjUcRcY7R5jGzlbck +-> ssh-ed25519 eXMAtA BTDHGZ+pCtn+0g4Sqjw22QjqkTbypABDcp+SdsZkcUM +YPGwUfBFogZfFwcsVfTEI5ctJ6N6ugL01sVLyVLbaxA +-> ssh-ed25519 5hXocQ ZE1YjMEagjDGHpXnSRGxgkghVqvpHsMs2Mcvx/s5yi8 +G1P4PFbANHdZBuyDuJPkjHcrxyzefOB3MbvUOGyDpUw +--- DALPeLry56OdM4CXWsbdJIyWxywt6RmbCqM7HoCpCeg +$3֒ڠ<,!hj0юdJC^^Qr lB.U \U \ No newline at end of file diff --git a/secrets/common/root.age b/secrets/common/root.age index b00783c..f657bcd 100644 --- a/secrets/common/root.age +++ b/secrets/common/root.age @@ -1,31 +1,33 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg YmbPaKvtfcfoBEHw3yNp5vhE+XVzUprbyBK0MDmmeD8 -SRKPmndyQT/dCl+b8Cvu5Vh2VOlpMd3x6Vvw0uO4iOQ --> ssh-ed25519 iTd7eA 3Rue4QGiodPqjeTKKM0qN88HKwCWkmwBMWkNjA/7TmA -Uk3I820rcpL5YlqcFkL6zdnNNoanI0qDi+mhMXKVxuE --> ssh-ed25519 h5sWQA 9zcxhz4bEox4G2dSRcXoQkPpwY54LT8ZVpSpvlsbgig -u7gerFg6oEW3AbJs+fBbpZhFlPTsEjU2J2pzuYTQXpk --> ssh-ed25519 /Gpyew ECbV0DgETfbvF+Q1SrjJlELMszd9jYr/531fnwhR0hY -WNpIJes+t7AAaMoy/w0VY+ZMlL3cdpYmn6+MN0H+FKY --> ssh-ed25519 LAIH1A hGk2swRwo3+RfgA7YEBTTBGjQfsCLomVsbibWSYDsWY -s24C/xWNaCDyaLmjCGs6jDranUM7oUDioHKphihr+qY --> ssh-ed25519 qeMkwQ 8awNaR9XeQkvpI6myrt4Vw8Zf+rMTEp3GlviMrVnd1w -WlhYTdfgQ4SRfLJ8JwudQXboOftvVV1xKrf50JXMe1k --> ssh-ed25519 TqxOLw dZt5AZcQquKWFaqw7ukmQvwDyTdXhgdEE/8vZste+1k -Oxl2ZWb35uDpaoMFQPtJAmjzozNsCaMxYpj3jvJXAik --> piv-p256 ewCc3w A8A3ROxMWx9TqoJOizACq7Nn/lhZKM17X66+2B8YQzUE -KdlLlekWwdJEH/wEXm5HciAtjkS5cxYmUWkej7TLbX4 --> piv-p256 6CL/Pw AiOTq8eaVT1xRTHPTyNe4AMlh3vIsbci8YjTr3pwMU97 -n9BKSF3ErIkUVCQi/7IXovV28vj7EbZw5Y89EHYEc7A --> ssh-ed25519 I2EdxQ iucWeurkE6h5oi0abTGcX6ARNczx5UAGDJ60TetbXxU -P5af2OXIgjrXs2NxZ0Uqn2n907oAl4eXcAl3GyS5l24 --> ssh-ed25519 J/iReg RHmuEjgm8BkXSmY/CSm79tBAEVKr1DAco89zCDqgJDo -xeZiAiICN9y9jdPpeV5HnksRnmZCDS6bp5bOlhIqRQM --> ssh-ed25519 GNhSGw uRhFkAlkmpm8fjaPYHCj3zrnauItBnZSKvBDhiacmEE -UXkvpqB6yIvtafeyb3eLuemR2rdkzm7ZkxRBuZ5vm9k --> ssh-ed25519 eXMAtA BbFvjDyTd4tjqqECd5syWrpO7b5SDdYBmGGzJI5A9X8 -5wDNuBCpFsW02tBO2QvSrRs0MKUgmRgqCfuTxaovoC0 --> ssh-ed25519 5hXocQ 7JpeboYqxK/xmrqw6YZzzFnutiM4OonHjN3bm1UIG3w -lux99mMAaHuu1Yzrty8Q7D3jPYgZHWhcP3WOYth1sLo ---- /CcrdzDPefk+EA7YxAtJ4cPesIFb6RZy50kDV2FTU7o -'aJ9ѓKhDJW$+| %Ԩ)Nny@FEjx \ No newline at end of file +-> ssh-ed25519 2k5NOg PuyFIx++EQB6LhrKUTSwRI/rDKZWWg2gkVRGMVQrhEA +aYydV+Ph/RL7IeXZEE8S+1WXMJ0AacJ6+MbBtomWqhM +-> ssh-ed25519 iTd7eA XlEYPySuo/PKgd1zeUy6/HOnnKDkKyJRhtT1ospAmQY +HzDt1YiYtrcquCWeYlOsYr3YhhG8MJ9TljVBLRBNPQY +-> ssh-ed25519 h5sWQA 5KifKrJwYVwQe1hW6o1BjpOAXyrTCaycrjgLyKSygCc +wSLtBJSiC0cr4BrAL8i9RRhZA8ZC37LtfrLA9cKzbVs +-> ssh-ed25519 /Gpyew Oq06K4RjI9izhx2PPPSRcf05k+WgVRBF4oA6YCJfMAg +jqtPBWyf9vZYnunQUi3a/ZGAP/2fx/KN/VqeZujUxog +-> ssh-ed25519 hTlmJA rduNY50g6IZgpYRmSS9GJqV8RPefRT4RBSBRYYOL0BI +WtKzp5BxjRPKypMT0CeXXRD8IygLjMbB0bMM82T0E2Y +-> ssh-ed25519 LAIH1A HO86dJfWvGiCV5AjSpoZMpM1tWfr8tnwkvhC3lsb2xM +Y0tr2ySsHGNfSCQYFHZaJAeV2YS1XvxmOpFK22h8asE +-> ssh-ed25519 qeMkwQ R5CijMftsKNSClF871ggg7PcTTRRY+L0zmPv7AP6Unk +hiTKMCFrJVUhSbEGrGGMvCgG04FsBGbVyZRdOqp4TXU +-> ssh-ed25519 TqxOLw IM8fkgZv+B5eTYZwpckuABGUiOXyPPAopnj5BBSx6Dw +HkxbM4AjhZ1KIaY6ugCztiGj29xQTL4kh+OnPyO5fSU +-> piv-p256 ewCc3w AgsDHsiNo69oTayVXasrpZK2Tjas294WpHbviaRDkfHd +1VV6e3FnC/r7u/gSNxuGgQ07saJA8lj4hVPqYIDfXHY +-> piv-p256 6CL/Pw Avyn7WzCr2reAVPhVYPCNZ8LxAIVVIR2vl/u/OV4WKtI +OkSywpxyrvsvyzTXC7T8ZD9kMuDPKk356RPrKcPZ4g4 +-> ssh-ed25519 I2EdxQ W3xXfPf3VlRhaNYKHBbopWxM1f2SPba/Caq9LrLwuBI +Y41/A9/vLKjUmlzXnNdBETqiruSJjSRQyQ+0nPkAnCo +-> ssh-ed25519 J/iReg moouU1scj2ordop9DERldP8mo3M1vbtfwfkerY3KQgM +oW1tff00Uxg85NvdgZqZvvSV4n/1neyQvvFMPxG1MNs +-> ssh-ed25519 GNhSGw kt24V7gegcXxhb+3WJYftAXCUYuOolI/n9m6OdjtS2s +AyhmFPQKcyTnSGALlQ9nB5oI1KJGlN7lqurksAAq/Fo +-> ssh-ed25519 eXMAtA wZ9ta9ezsprCH849EELDY9IJmHwpjqUE8+S4H1X1Ci8 +CLgkU1aQVZgVcKYMJk/8M7uXS+zieCM64nsZadkO6/M +-> ssh-ed25519 5hXocQ P3a5x4r7WhfBCpV7b2gi0d6hIcLbvefsCJu/YBpdmzY +6+RfKKdK00zY7aXbmNAeSruoaMA08Mptl7+P1jyn0UU +--- 01givh+zY0K5WX5OuosHbZ2V1cnutJfx1BBQOT+LHKg +9{9\7oy3!yra|*cUO96ϑ am&]$?.c How \ No newline at end of file diff --git a/secrets/neo/appservice_irc_db_env.age b/secrets/neo/appservice_irc_db_env.age index 61087d3..fbac516 100644 --- a/secrets/neo/appservice_irc_db_env.age +++ b/secrets/neo/appservice_irc_db_env.age @@ -1,21 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew 2c1R5xA3ysgTJnq/HCziDj7XhHT1Hv8V54UgOHourW8 -/NlGsMHUW8FUJIKxGG14CCVzKsMrDnvEbz35JucLiOM --> piv-p256 ewCc3w ArHjVI/3kjx3o3Hg8pG5oXBx8CKpGos6d34KeEUtvDPb -5AC7+ocL22wHBjbpgH+84nGzsuIX4jfkoegOF6gb4VI --> piv-p256 6CL/Pw A3Mz3pTCNLCC9vpdw+LD8SRlKALfLl7DN1ycAYWhs6xi -9bjpCFriJsDwGFx3HA8hFtfqlKXgoKOq0h2KTgBYpBA --> ssh-ed25519 I2EdxQ von0TonSTJiV5+N13iraMgCfhzPnITZ+M9d9QC6Dfio -EcAbxu4HdynI2Yw0csc1aiSXW66hN9M65jfuH2UIx+Q --> ssh-ed25519 J/iReg 4zFtaNqmnuPg0WI8jIAGNax0r6TOwOO2Qc43hFSAvA0 -xXqGtbQ6x+4l/SLVr+2jfLC7D1A47IXRAH0/wZQQHVA --> ssh-ed25519 GNhSGw Vd/lZOIPyAwrQWuFheuoDY18pwgx3BRS39vDWqModFM -nTILZ7swG5CINavzl/R3tY3UBymZnPXtBXVfB97bjq4 --> ssh-ed25519 eXMAtA b7V/kwqSf539kSNBZ1w6Xr4ezIT8hoR1QorI7LkzXnI -PUyaubPrhK5gDnjf/4HLYlkAeO09dW3o0402tV3Bhto --> ssh-ed25519 5hXocQ DCCJYc082KzrCW6eJtspCMtYYWcSVuCN9v8x0g3VlCk -/9LEFTnsT6hFUaIE10vOZVVzKSzEDJjRaJGOen9ypDA ---- xTWsFOu+sDOcWM6Oue4voILxJ94WTnkZKSrGaiWazpo -,۳<00'C~zu -/@_Du_3Mot ]_D7L9e`V f&&{ny]2NC$եfe\>C n^o|~wA[ʶԊD*tKi7˩xG~^e,3*ԥYeJ<}L -'d \ No newline at end of file +-> ssh-ed25519 /Gpyew oiueq/kpy8n/iSGh8nnCvMXn1ArLdp0B8Sr/zc+dPQc +3CCpb3SY5sKYl9KDTXbAgeDSonPc0m0BwFLJWLxxGlI +-> piv-p256 ewCc3w A4hnsq85ya4+SeJCh7hmpRHt1B73xNS9nV3CW/x/1beo +dAQIsw7vVN+Kv3vKEHCz85ImKV5AuG3F0IywtA8t8DQ +-> piv-p256 6CL/Pw An3unvmk/EQjUBkA3Hn8FDXfB367jlHJ4qMCUYC0Egmw +1g2cQlMsguOYyiXPO/9frbqiHSQzGhaOrneBoxP0OM0 +-> ssh-ed25519 I2EdxQ jJ/4pnzjGwwkYblptHKt8AsIVea26pVd5XpqqoPrjzQ +wa5pTx6WF74ChTRE0h0mrGf+agjZ/PbXjgmmIQ5WryQ +-> ssh-ed25519 J/iReg baeZG/Rtj6WcnE56gZJQUMXatdbYUkKwWM0xN521XHM +joEmhBM5kRXmfE4bH/N5ioBat4pYNUXstaTI/ZZfjtg +-> ssh-ed25519 GNhSGw CU2QnFssTK5ItonbVCFzvP4DiAIlnzZNxCF8rzGJpnM +Ri35ECruZlUR8qgMIzoTeuDW1IQD2ch3n5zEucBMBes +-> ssh-ed25519 eXMAtA 1uJa+lgJHfpfA5LktUo2DFA/3kzJa8vVjaO3qmxwp3I +JSmjw/9iF4QVdyE1OZ9EY9R8gVXUF576G2uKQxMNdok +-> ssh-ed25519 5hXocQ u8iHMYgWQfJn41y+AK+W5CAGL5uotgKlO3GezLb7egc +UdusHwDzpFsxfD9ZSslU+izrO4jCEHmMWzUAkZ51ruU +--- rxz0SqY76mfGmCS3oPJnKOlpmiIMu4LWnTZvlnglsZE +B\M +c"B`qw$塀a@MtS>7fmwqSp ]?(~.l:@M0ܙc^ə.k +N{֝^f5il xȢC;'J= f]eXM3},6Ǒ\ւ.شUJm \ No newline at end of file diff --git a/secrets/neo/coturn_auth_secret.age b/secrets/neo/coturn_auth_secret.age index 2ac1e90..7cd94c5 100644 --- a/secrets/neo/coturn_auth_secret.age +++ b/secrets/neo/coturn_auth_secret.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew v0IqoUYfieE87jMKBLBXcc1amCW4Yvv0IRdRbwPS10E -M+i/CVbVYt+Ync6WjXQuurcwjUaormehyhAUf88jVn4 --> piv-p256 ewCc3w AxDlsQZUVtsbd3+mbL9xrp1tSLetzNnyyfA8vpvzGTlK -vFCIppHYU3xJIA04azjm1Iep4KKsgrtgabMzfPK44n0 --> piv-p256 6CL/Pw AlgXPmHKl4SX+ZBcgg5d1yyjIIW3ZbB/5jPDljjSedez -tbTih/OlT6sd3C1K7SdYFawUsHDTrbPf0ZaOH5+UFUA --> ssh-ed25519 I2EdxQ QddIpLDoWFRzwKh6a2AT1A+/FJ+XNLG6dn7bXhHeMG0 -K8hJxagVv4HQ0yjrvb25wEWtI3AJBUzsc6RFuOv2k+E --> ssh-ed25519 J/iReg FUvDVYnluuwFUVc585stre42Yq3DXHO/9dYagJx0MDc -IThjI+lcHpud7iXnvDULPUUVr97RV3SDLrFuATOlIww --> ssh-ed25519 GNhSGw V6svkQ6B/rpYGyyLbhZRJfZkzFRInYPvbUFeKGDsBDM -dO+b8Eq1E5JHULnDfIJAtugboMTSTtcvD/brJAwf8qE --> ssh-ed25519 eXMAtA Q1mwgmya5U87Q75c2KhhLUKfaDRm/WhHnoPCAyJB+zs -Cj+BiSc1v2kdOjkuZSCiNUnB6oRz05kAGH3PwJyz9eA --> ssh-ed25519 5hXocQ 1zO9Ob5Fo4JUYG7vUYdaBcL/1++4vqZQc7zVrNPyUEs -giGdiXDB4Q16y8qH19y+aq8bzZaG8xgFzDJ3QkbWqUw ---- 8z2WQTx5KtMtdNlIgkzUwKPatgX5sM19u60iUZCoxOo - _>eRb!PZ#ZU% pq+7Ņ"s-K"$ -MS}²+dã5Q ٟ+a: ŭ"+s %c/<RC~9Aͣ\IfqQ \ No newline at end of file +-> ssh-ed25519 /Gpyew t5XHS5ci2UuJYr7c10Msr+zfBfWTjGClnYkM565wPUA +hcjj+WPvjOp+PdJKHnb9AwYE8NAfudr1b/MC0m41OEk +-> piv-p256 ewCc3w Au9TM56jPaNaRFs3lZaVH94ZVoeKL93OKocn9Jt6BdEG +svbg1OfmTFBpjak1tgB3CNdoUVG6TkLhAtpMSB8mZPU +-> piv-p256 6CL/Pw Arkhx1n2Ko3TMCEgMqy1/2KK3iYI1Sd+PCnKyvmlnqX2 +kMaFudKtU4B5VlpIpfDHpHvmHyyPJJBWSQQ6JWTJc2A +-> ssh-ed25519 I2EdxQ 8RnUMwOXPN8AwfJVBhIqXiR58gWC6I2PZh4pYYEFv0o +8PjYugyCgXuGBiAjlLcbCEvJUomw1RNLVHaysIt8PIM +-> ssh-ed25519 J/iReg 1vSW1OEwB+sORjqwbEazCrH6q8x/KPtLtGzBUlpmJT4 +LY9HSBHJxOz1UU96Mf5Toht24D/MG09OyY/hR3Wdr2s +-> ssh-ed25519 GNhSGw Y8+cu7OdM+TY6qcrDjGA+sEe3ji1ICSan/bmRmVTCyc +lhMcdwMAWepMUiij28MBryKYTfulsPnZHdWW0X+DX1w +-> ssh-ed25519 eXMAtA pytExWidCIuxny3RWUxJ5vsyd3LUZ4m/tSbk51AvqUE +jWA9YWl830bJBfQK5yxXksUjc4p2S2j5Tnk/6FN3npM +-> ssh-ed25519 5hXocQ RBGSM/Fxgf+MlWZWT1BFfAx1Ec8Qmj8WBb+6lo/ECh0 +PRMInIp2K3oSR/qKQGCYW2joLC/Tubukt0BGQRya43M +--- g1gGX8nZGHSNA7e2vZMnoI+b/pyMUvCTvcxk1RAtixU +KyPW/[mרL;5b҄rxѠ37ByRH)6VՕ@uA#s X,''~"TaК $[+z,W,) +J(2oʍ( ( _ \ No newline at end of file diff --git a/secrets/neo/database_extra_config.age b/secrets/neo/database_extra_config.age index cbdd4cbdb34bd485f170c90da0440696d0f012f6..402057092c6f1974103be5d2f9e0065bd17658f4 100644 GIT binary patch literal 1187 zcmZ9|-|G_v003}E44P?HBw>UTB#kfge($?WzrwcrvAf;vZoBPnJ2lvDxBIo-@7rxB z6cweBl2A`!;zNQ&y+oQ6LiJ*WNj+pxiGE)qrEflbk@^})_1O0>_`s)c=mp)?!nq$? zp1aoz4PXl83J3C0WES)xjA0O-2WWq;r+IHysa5@AlTGY68Z^O40E{)0z`+5@wo=cW z^Agl|MkFnfIfg<;7(mZB03h^94-miw9kJR~OeW!}7^-0nfU8VMfqMF%=3CQ(4`ao= zo>ny^&6m*utBk_M@|YQwaIZ%t4JX2QE%f;&5A>Ka;edpv6N?m6&Y6i_Cu6>n!93|m zSR0x9RbV8v$C)y)dsHbaYcxz|gTx{KXBDd)ApUD*LE^?bifTi_MruY(0HR?)i5e&Z zp-p5iDPi3f!J~{l$hAl4kc$u}22(d=Y0xyCdWe@Q6}4I(A)zP|^FHT9^YTKpevyI6 z;jEd5yt>(~&E`|Jl{V}Y30;2Nw)Np$c2RKZEIQ)E5*3_KDxDlkf`$)joX7W>)NYbt z35FTF)2F8qfoB6}tZ7v$jTdTlZ@tC>R!cYXpyuFh9$T=9N+O^YTI^&Nz}BH2X3Lc* z8rW1161y|`qk(;BZtnZZh=Jeh{WtY+lmVyEVK5w=)tj&+h*$Y@c6 z6SX&3oSPQdY2j!h)kLtwDa?9J@ABoioR8^=-|15T3lzt&k1b+SFKDQ(k}yppdV+MM zaf-vTZ--Db7X>T`3<$R+Slw!)Ri6yilBb|}Xrh<~n*CYA5rWvBN{!xn4Kur**39!t zr{crPM9%_Bih-Fz$N*zZp=Ph^azaWKQD?>kAc1z$T*(|zc7z)gY}rGtt<94(tz>Fc zv>W0`A12mB<{L#^ODr^3C=~MS+(O(6n zGPlN<8;>2@P<{N!L4N<)T@Swb^~H-H{rdaWeHVV_?jBwFyYbBfPjjn>9@_f;lXp({ z(Gv$=+H(E)<;G{5e_H-w>s$6;x6UjX_s;+J%2{=%dh>hk*;8L$33l%|cNqPkL0yY( zo&4iRa{Hd@{e3w1?Hh#?N7gPKe!hL~^y;P0k)=;pS5{xRLO)_|+xOV+*Dlk$Hr{*r z^$p)usWs(^Q)f18yZ!Nwo7@fS!zJisy!q(f+snT+XP-R!=ccutZ(pa6wRf)Exhsp; z&K-YI*3LZ4de6Oje$V)egG-HTTaLfGjJ$LI8SiSeNj!1Py>W2=_V~T0z^^W>ErI_4 DC$OaS literal 1187 zcmZ9~ON-nD00(eSisPeVp@$x1RCEhrOeT{_Cf(9*UX#gWlG#b-l@x3?g#t<%-i+CPn-G!0lO~rF*h~kwlX?2Z(M019tC!mgDGoW7N z`GBm5fF>Ktg2<6G6g3xijiItMoHQD71K}5`*_;hJI2sK*8BP!VemF}r=pW4;#|0NI zqj@8t^iq;1EUazdK-b8G3Y4J~8DMNxvg#Z^k}c396gcZZKGtK1F_K#~iq%GKa>=I}*9A2e`}@h4L_VE$*JR0CXnWM#ZV&2dH?PVjD62Gc$da{>!Z zF|lcOOhNW%7*g?_S+`~8*tXI#g{Cc1SQiwc?DM_#CGgW&37za4Z>SzTcy5f2gWyUvFepX>PiuUa<$8 z8kUANq7wy+$d9|Dx=XimpwS@9noRfunw65G(s5vm7?epblawTIgJw(MIM!z!zO`Lr zMN4LreCX8#RWw{;;;BHVK0$3l(9xDF!x=s=!lB?hZQqb>r^@6IECn7NN5M&rHQbrh z3{8*5M7&mCgb1qio9$GQ2$UEI$#%`?3q(ldiwr^tEnzNN;;_^R1Y4Z*P}YumNLn<4 zk%h#qlBZf}wUp!{L5i|br_0D=tfV=P3c+9?g)x97j!1g8wy?W(zEQzS&UUSA^&P#H z*V(?S;VLH9yP;9iHKGP2b7`PgMkSm9g2}-3`g2^M2Gb-bsIVi>%OfwGOB%{pwueK^ zVjQqNPn$#w$LrK<1(30VL=MT}LEV^|?#b;tx_ zt86Ds&baY#jk#k#3H*-y`2B(C#_{!sr;_iEzFApu9i-9T`OA(VU0XY{@h$)E6)9O; zKDY7q2bZ17?Bs*n`yL-Y@y_PC%j?aDZ(Q0zUf%ou-szr;uRMQ$^Zo;1Q(yjQ<+B&U zmsh-{@YJO{VE@it_U`Um&+a^%tK8&IUq7SJhnEjt+j@P+>HE(d;ckDUeceAa`)U8p z&#(S`p+ETenE2I+b@MIq3)@+L>_l$suY332t6g2%bN<+cv%6j-j}-UC_$qQ}bNA>6 zq=)~u@hQCVE4B6E!Ka=sAN}(1#anmX(x1CudhWRV$sfC}U)j3GojmYrap}y;-)1bK A-2eap diff --git a/secrets/neo/ldap_synapse_password.age b/secrets/neo/ldap_synapse_password.age index a9b10a6..2fa3389 100644 --- a/secrets/neo/ldap_synapse_password.age +++ b/secrets/neo/ldap_synapse_password.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew 8DFDxGaZWao+vO9qxc7f5O477lK7RnGI1RDBIxySpz8 -TKZsz+XOy3O7Ev8Uel7RzQw53eTPe8/6IltBLCx7dDI --> piv-p256 ewCc3w AuDjekUccsQysWccrX2KIlqqSy482h9dmBM+N2599B6s -X3ZD4NEdRmIVtNNHUtMcpWsa7Z6gSSxfNjMbQfdw5VE --> piv-p256 6CL/Pw AmuREh4r0wVcpltIZjXTI4LqmHz6bKMCJk3FOPShnwBP -q6es8bKoU9dXIWegdY8418Nq9QLjEf4Xmn4RUMozV1U --> ssh-ed25519 I2EdxQ 0hXF3v4y5kSEZdR4eg/TZbcRjHQMyT3iu7ucYoBm/FE -aj/i/gRRPMdOFG0urrG5bcT6NGgXQ0IdT4IUoLhLrHo --> ssh-ed25519 J/iReg K9SLwdDMWuUpyRM26ysJHATmVk8rsfi90NZ8Z+h5XnM -0yQ+b1augkDHdCVWPI9uvq1IzgOBwQ23S/Fp54lVce0 --> ssh-ed25519 GNhSGw 0/k4x4mxXWKyqhwg2LeFIau8Zdx0ebPPYWfcppGEfUo -njIid8JCI+41KyhIzQTj4T4DKmQ2GxRRrN6P1U6ywFc --> ssh-ed25519 eXMAtA m9yyWKx2xE55CHRgeEyTrft3dZUkJjmWdZh+M1Nf73g -97B5ztSgE1BXzNDnu0ZM+oowj8wEkxWYoiNEs5qXhGs --> ssh-ed25519 5hXocQ 1Z8OfB3R7un6+JGu4MeBe2lzvf4kIRS8L1TUJ1JAygM -GmkDdKbrUgaF1aOYKRJCFTC4gIdvoYzmIhGoHbOWOW4 ---- 9wriBEhA/Kil1/4DRfn0Lj8KXVxU01JOtzdY34HkP1I -Qʋ;qz[ ssh-ed25519 /Gpyew iB1+WuE82Roy418PVGF4Lngw732xXosKuNtJL6U1T0s +6SCVc01vzFrxoBSFMRNXUuWyIu1wdoSsrw/IxSDpqeI +-> piv-p256 ewCc3w AxIm6ntONhvwDIoNZv/brzzHkWx/XKuwVHLGJfVHdjp5 +POhBnU/wKo3nP0yWdIVUCrTHWh0HmQajERUfH/I5dQY +-> piv-p256 6CL/Pw A6sp9SZyOftzPW6pDMB81+j2ZoeJ3AWMkuuIjDtT0O1M +rg6EOjkkjwM9YQaeBzWBha4IO724zzAm40nRNvGm5AI +-> ssh-ed25519 I2EdxQ IbOeL910hNemBqTIryxk7LAbdXgMQcH6By5WWENk1GA +cxlM9754AcBv8EUFKSA0D2n7UKer/UyRMCVRP3EwXVg +-> ssh-ed25519 J/iReg Pqr06p88CJhWojV6dFeaUqslGNKMQ8KFZnrF76ncsDw +ALQVuk+qrdu5oI2/nhV653aSZrl8IOb6IBncYt0o1uA +-> ssh-ed25519 GNhSGw qlTw5ppkSeGo/sEYxpyRPM51xzdyir4wqstoYHd0EHQ +Fh03PWPyuJ+y5UDMZcgOyfxRFhyVzrU9hFBia1opszo +-> ssh-ed25519 eXMAtA PEYQX+73hYk20TverGL1sGuwyzIDfSSsR6HpSlWIfh8 +CPr0fJoMgGAE9kDhETUPvd6gZ27GqjOhigcDF9K1Vj8 +-> ssh-ed25519 5hXocQ KQleGmCMGB9i9o8SJPKAoYbU6t/UzLeDAdK7gpmG6Fg +YnKFt4hX0ZCbdj37jE3yk+yAZehsX+APwz5E5bqvB/k +--- P+9Jrq3E5YDaybtI3YNnzYQ2UvYJsTmp1jxyZKrQR9s +3 ЪdS$蔌*Zqkʃ ׿8*Oy& \ No newline at end of file diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age index 49ed9a003c14ab8dffcf6fbecb18b9e84a9e62d2..3491106dec9e7a2c9e805b367b43aeac565943b4 100644 GIT binary patch literal 1555 zcmZY7{cjTm90qVf23tWg-ZoyB1_n;**4OJxT#&w8U)Hy4d%d>j7_`0X%Uy51ySCT6 z>O{7{78E8glNUiiq5@6^5@SR_f$*9kpb;2>APAWQ+#p2W5%EXo_YZhJd7ga3al9ID zjIsiqO{N=b(rjGH$wk$3#FAlHed7FxjbVjX3}SR0;&Olfln@p7SXDov&o zwwO?0Gpxsbb?U4YfxF~O=;Q}2Eg-lxhMY0veX`|7QLklrY3q)AE< z>3=mk$yL(|KrP1e#;7tc)@Q<(7ozub*h?IJ95*OmceI!m8VN}3G z3@im{lS!fX`$)S=6DVkKBj-U_ATP-L5i_5NIn;HUfHvxI{>M@q9a89p#j1>9EoL4a>r~S0c-}^d?x7*Xj&NAZ5ey z4nLq$CuAZ8;a1{Az@Y(?ZUAwlq%x$@tWqI{M953&^@75O#{jPzPYd8+txlTs;&Cw^ z_9H&n993wHR;Lb0f}qCBIy|H-Cyz)CtT_W%3nYZ`6cQEL>~T2d;*wg@30VDgkSebX zLJ7n~gp3AF2H|xMkk?@fr_$mdtXW(MpCvEOg90dbfd#uARNzrlD97>{Kxz`Tq7-;#LH zsn6=gDK?zQajA%qb=9#9#^EwwGN;G6D5eB6q+6m9ge*kyXpAC7q=Y9jU?CWdAqf=| zhk3z}w1qf;k?AOx+W|pF#ubt{vn;M3+zm(s(@~F@a0?a}msWCNIZS(OjdqBP^YMTK z4rC=BFin7z4YH{j5Y&SrH7(DiIBVR6`X~dVaIjK!5GB-hT{01tSPU_%$-{bOVH=CS z`2Ol@aRDU_Iwl(7;(0EnB}jD~m1A*)fKf_`rF}p!nSjDhfwEw65mnQ*^~#J(s^cRj zO+Q)HH8NbgGc|l>-++0Vuqv`teR^EU!s~}SezL3?qE7t$Ud}0}x zwI4V&?P_~*)o~;}>H&DlMd zJ|6yNIXL*d3a8|rT>Dp?E0(2B2oxjQ2x^Mr{lYi2KmzM6MdQubmY{I zp3))uzbkthn|b%r1F}1By%H7D=C@;>VZ$f?K*jLS_z`MjSb|{O5yXI_G@l`Ms;W){-8n zE7{#Su55gbsq>ziJ^S6J%f)kQSFb%fQ0x8hd_CP-8hEhzi|1wLsxwQ_p{tdB{NCLU y!0q=2ioTiEP&s?sl_z)6HS-UzTkJ1YZ{2hUC#>HR-qW|6OGYd>Q<3@e4dp*Kep12! literal 1555 zcmZY7{d3a<90qV0=86=m$c~{BGvxRMBUWAVb6n*ex(O zv|LhZ%4uOl#meTGPF7(e6}E-+iL_3M@z#iJ_iNm^TrhCBk5xm2PZCL_jJv|TXtM$| z%f$31D8ZpYhXwZQGL%D8fiY5WTQYhV<$?&FM?4Y}auENq5HksSZdg9rB^1$AUglaH zIYxk4wxWac4iJNE_Nq+bWD#{6g;b2dfGR|iNI{eY(XHWP5NdMkV#0*Sj-2Uf+U5o;>{Y&hq5uRO37DBewjAXfr2qnh$|VZU*|3omWgh^=+$TPr!$@jc#s;le9Zhd=VKJ&)t zNbi%&fyPVgv(r!LI0vf-A43zG564&aW0#Mu z-PGE@+_t0rnGHuA*DmJ{cfDWw-TKzL)}7lLdV4^BI12adL0>w-BKKM>E(6ze$ zz>%v*?_Rs}joSJ}uTN>j8^)e9{cwIP79Y2+bHT~QBi-MxymTSWJ5?KJFV}8*Y0XpT zdw%JD&p4o4bK8`~zZq(zzjoCQ_-b=Iu5}1U*R*e`-+N0|2egu}nEHR5I(_#;BTGks z+^o+6i_G7QRIdyVt%9Q8wVmCLx5m#cycpv`ziS@XAd@D}+K0S*348SdTz=L&wJ{x5 z9{X+UuKq5tp=@yrYeeCY3`Rv~gv{cam diff --git a/secrets/restic/apprentix/base-password.age b/secrets/restic/apprentix/base-password.age index a68f73d3aef7d3ca77c07735372e888bcbb278c9..630b63e39122854d5aa622dbb9bee7cf8e1b5d3d 100644 GIT binary patch literal 1235 zcmZ9~|I5?_0LO8QNW32&Arm4ct}r9!J-gfPc3X(C?RMMl+3xn`ZreQ-a@*~8Uv}H> zcH8b|SWqM)6dF-sNI!`3U=Th)518&w6sA07h9B2lDAQMvAdhMio92K(;fWd>=)41!hobmD3n4jBxMy{YuEgbSSm*T-;fWf^ zi~58_ikQ(F2mN9QOXZ<%Q#MK$5?~pNbB7FZ7A;YytO=*oIL^;TW6;N&ylems z7V?dyFR~ET9E-_J3v2N_)E_Wr&*)+!3T%y_T-E~^1G9TTu1i*w5j5L@Yf-`Cl{iRw7>`11SR1i^Sqk6|BCOukEot&uw zV27X-fV;Q7ni&B40CXFJu)rq#80Qh$rV9N+RfW2FL2ULdBaQhGmBvU1k0YiIc{Y+~ zqNN&LZp(C(#GIO4g_{^MbUh8A)cR-~i$bA;_ZXKJbfp61dc_$AANPBSEDd3y$TVSw z8WX(e6eUx&9AYNV%VxUXvD;#=Yteo`wD6^xsqy#-Ps$=glT2TLl0%g1I@+(vxa20lwCX{Pt{1D& z1k0&lY?rvQ-NFOfV?8`)G&r+k>tIXj)e@;xDyeIhSj$Kj*wQ14C$g{@`Ejkp&EUP+ zNfmO18h|4v0mw`*aqx(+{9WJ-_{VW)^`mzSUu{?x%zXOHXJ;-itZ+9j-v1M~4cq(j z$-EXfcZwP;`U#F12O`X4TWDZ&mp5DEa`hNP>iJLv{@;aC#-`cW$ zan<3u_mb>)PaS=1>-F6q->z?d{N(1ZpZ#X#E5Cvl7WZ9z^@|_&d@?wqd0r?j>{#~Vi9-kGw;sB* zLOi?a%U$~h`t;0}3mbpGat)OqKK)~TtS_62clpOu>+D+Tqf-|SJn+lg-;&Y`+cFo$ JHRu!P{{}&yymJ5m literal 1235 zcmZ9~-;3J>0KjqFj}yz-rXV^{sNTcGtTt)VHW9onKl&qS(ll+8CS{zqO`D`?^P^3g zG}9r2Dd#2%JDtkrkfDqrj)`!xhp{>EVNRKd1Mvno+-*#Bf=^?pb3S^1!3Vy4TUs~K zwK}7z;~BQ~oITQ#6DXFLi;u^8qN}FTX$XsVn&n(Ui%0drAhJms4oXTT7ebBks3}d= z1{ImZUVtdR+xHq3fFMFV7Fczk0tW7g>L3&-7OyryQAKSPuE0l_A+=<-P?OV+rk6Shq8j0+uZs zH5MTSn{Af6f>53`(m_)QaJ(to!`Qf4Y)(r|dZgrO&NiUpK$f6@4*_));*@R#OjRW$ zLJXzx+KO~4r-nkjo)!^X4lyi?bu)ud@3nE;;U^K1t2TVQQzPVbL9tCvwd`15615r& zLxhHt9rG9h`Wcqtm9?0zxsCn@)2iOqShhu57_>)&_JXC{TWC2seGI9_od91`{RC zaL~0{p{&;mLEHuDN{`UcJWA&?2&2dm#NcGR3wb;v@F+ZL<4g^JDB3b(h$_hg3l2>e z8-#F(M(wsa!ksk35v?jXbugU^a0040wy;*~${gFGiYZ$&PE4_S`D`E=V*LJegmrCuc*4$)eU?FIu+L6W_wNtkQ3 zv@Y8nAwD!}N(%zqzLXu(#fe+x9rgb6DAb)Gp`1r^tQ5+9gsSB2m{!NEycl#qt5U8` z0MHp*b{Zbz5iYa}MXIegT0pIik0(MWmPjPx2wB9+6(4UDvzZp1kg-b=E`4yM@y@Zuix0hMo;Tk*xU#b2<~jdI{*`~u>{b7m{dn_V^T%dCed)KN zx0$Vgn~L-AU0=V=_P)QM9hlkh`m5UKU*1^VeRu!6Uu=2e+S?n$nKR$&-wC_E-h94& z@6hkn1!(Zv^0uuzSHT-+qtgejY*;?@)7%?(cYc#O?A^Qc%c;kK1?6(;;ma?q+&XG~ za;5U~oi`)!^bB+J`HdUa=SA_v%k8Qnv GF8UX=nYo|< diff --git a/secrets/restic/apprentix/base-repo.age b/secrets/restic/apprentix/base-repo.age index 59d8e9a..14169fa 100644 --- a/secrets/restic/apprentix/base-repo.age +++ b/secrets/restic/apprentix/base-repo.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 cZNEGg 1IExuYocHQMUARzOIlb1wEMF4XYRF4wsKf3YyDzAuAE -jU/FpHsXSgO6LmXQnlZwiTZtTmqTHJ/ftFRH+TzW2Wk --> piv-p256 ewCc3w ApldHeqzV736VZnV7K8FivXC9ZJTQ4uVbwS37QC8my2c -ePkP37ESE3LrvlAXRT/bC38bEr81KdDY1hphmFZQjPQ --> piv-p256 6CL/Pw A1/F54DYuMTiegKSk2EmLtJc+Ow9SzZGuxmpCtAxwDY8 -gF4ws4resurPQgDJ1Xad9/xwVvL+qrqoB352dctXpzw --> ssh-ed25519 I2EdxQ y1dT+umEWWE3jLL4pvbCSzxcQBoDvP1iY9LMI+4jjhk -6TxUadoIzp98+UmZxDnZzG/Ujzmz78zxswJtrxcyA2Y --> ssh-ed25519 J/iReg eFS2Vj0srrjZZva71rL6SK+4hpr8Py8ywDtva0ESgQc -aSTyNlYJJTl2J8xRrYMlYJ2ynvzkfuWrJNfsvBLpw24 --> ssh-ed25519 GNhSGw 1GdlvMDIlg6mMhVbEzFPqAj7NQLavgQh9XXg9juG91w -oCwmcCFOqzNqa19VmBPU/mfiRbkap3/yqLZuVGrnKHk --> ssh-ed25519 eXMAtA XOzDKhoGWJufceYvYOYYBGj0Alk1dkCXK1LqC+R9Ojk -CFjSpPpVsJyr4qowR1wR4O7J+vhdi3uDTwfppf4j7+U --> ssh-ed25519 5hXocQ 4mlMh1Q9RN47TKGAlhoRfseuft1qw0HWGUewF/eC5U4 -2nhvo98zEImfRjdA7RumzA0dEQiFsl7EP1iGVJudJP8 ---- z+Rt9J0j3wsKrvCOYmvG3Bx7lXXs9YQjkwL4HyLjrDI -SnVW1"E)hf` pV#I%rF]j ΛڨYu -ǤXt^1ҩ|m0O:1$I/A1;+rEqL9K, v~*kv˥knG9b \ No newline at end of file +-> ssh-ed25519 cZNEGg TQEefBOBnvSoZ/Bccwr6tl0RCFwg/L82dGQXSQJoOUs +Y7uomZi8xQNYls5xPgIOZP1Ma11rf0/T9DeWPp/KGN8 +-> piv-p256 ewCc3w Ak1yL+6zBpExJqYmFYhxVxVEIXurfZfxa2eFNhHLFbNb +X9ERqgf8MDyY0KCngq/IVlXX67JMg1Uh7S9tDUBd80s +-> piv-p256 6CL/Pw AiyC5gaiyPwYJLfiHclfSenLLYulx/T+95PZUStw9ziR +GNNLL2SyzFSvJOwXvgIFaghNjW39F45KgQZr8ee8n1w +-> ssh-ed25519 I2EdxQ 0uPmcUi8BlTEgv2WfXvGMsa+/oyp3OIbnUyOkEN0ils +OI8tShR4LwHLHGkLhPfOqD0c5H/eTcaEE7NkMRryQao +-> ssh-ed25519 J/iReg 8k1XKoYlC6GXiESgzJ3YXscg+9WyXdGNAqFHZXvF4B0 +uoF0y2XzFg64LGOus9pXmHZR5SlXRBMFh2zcRTbgFhc +-> ssh-ed25519 GNhSGw 3SH0Iky19g2IFQjmHNjn2AS7/M0qE2+oWaLla/gT5HU +cRYnX77mUOmewPlp4DBStPcHA1Qvt4Otu6pPud3tG+Y +-> ssh-ed25519 eXMAtA YYFIiu0LTke0JUNixFyDUoU73ojzkK4YVcU3IO1Nmlw +cI3P0T/YQjM4rYixXKXCMOQzvdrPepc99ziaj/TpZPI +-> ssh-ed25519 5hXocQ iJu2kR9mztUq774/VyCVjFg6tuPxhCqnVUGe0AEZKl4 +eRAeDn4bMEXXa4zl8tHH0N40s7EBjhh+yPT4uk7805M +--- gtKc5W9yiqq5bswJNmnT25fR0Zux886cug365ZwLG1w + ~kқ * gȣG2h-nȡ #v*֡ K9 +aB.$$N83oQ _艟_qd_u煥~{ڠBB~k:|H7G \ No newline at end of file diff --git a/secrets/restic/client_env.age b/secrets/restic/client_env.age index 6c9746f..50dc96f 100644 --- a/secrets/restic/client_env.age +++ b/secrets/restic/client_env.age @@ -1,31 +1,33 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg XGZP4EH1IDkn3p4ePkfsWtsW9bMSVO0AvmMfJH4W2WI -5Mr/qVQlMnLE588JVpwrg67eHNo5Sm3pS0+hKyIXjZE --> ssh-ed25519 iTd7eA e8azFJdubW6QdX028QsyiyveLwXC/keqUKAOo7ov1WU -LtJU9FPHPJsQ0OZ9VkVuIR5euMK34UuCnv2YKza+eCY --> ssh-ed25519 h5sWQA osdcvM48i4O8blpFNWitglcC8ZDTQBI1NulDB7KQ8RY -2yaVf/txYLO/hG8aT+gUcCQkuRgUusrx+d4x700XZ/M --> ssh-ed25519 /Gpyew ZN+vKCfaHbLDrJazqMVAmiVmEf7/hzzJC2k5VrHrG2k -k8xCSXCeIpU/n0D/y1nRz5AIEdzZi77+i73xfhhzv60 --> ssh-ed25519 LAIH1A SoRMAtJ5hai4Ose83POu2PTrarox1MI98veJaUqcNhw -qZ0jUzIGnIWm4sR6l6QXYfCszIYT59b26I2DQca2BL0 --> ssh-ed25519 qeMkwQ by6fhcNSMrV1Lv30zCCfhZRs3x26OHcqUHfFYlsizgo -3khfxvt5DqFUPiA0I1rg9HyKBnQMPeSwEVNKG+txTd4 --> ssh-ed25519 TqxOLw 9lVMAb4NRSrKByLZmKuO6vy0k01wB65tCc4umewmzSM -ITdmhUt3oMpht9jSiuJXSckM7yI7ZeUaOza2wruWV9A --> piv-p256 ewCc3w A14aX2GMEbTgkcGFLcUCbiL+zt7b2BnnIABfe4jevPM9 -91FMwVTbhwauvucF76Xl3X7fD+1PQHBAtuL58EsW/mk --> piv-p256 6CL/Pw AtvjWTogb40ZYcFhe+NBkBNmtTTFKxtlwn48XVpPWowy -8oPkdrBttDuOZIxFB/8WHoo0ufuFOp/oI7QHHh83Lkk --> ssh-ed25519 I2EdxQ ILSdic9OWDS68w6uK7FE5a0KyrjoXYxb4fFw3vS8/Hk -zD22ZiBw9N9H1+yXwQgc03J+t34d3h9l1yRx12zVqyM --> ssh-ed25519 J/iReg 5eIrm4COB80DxYnx0n7g2hrqhchZcw0zhn4AD+vdQQI -Yd0K7dNZwpeTTsvjKb7SrOwDaPQLVUS9IhrtQgWZkFs --> ssh-ed25519 GNhSGw su9SMmlH8f1K/7N1ggbGGTUm1zM/p0Whgjye87MaZWU -BEJwAlduPYI+rMCyZUYJKB7aRpsQlKr6HIh5hYpVxN8 --> ssh-ed25519 eXMAtA Yxo6gFb1CsRI39KU9/wR0u+VNYFvRsV1G96CwkFSdgE -27E7XV3aVNxppX4bfta/XQkVdxo/XGRCk0PUDWJyeww --> ssh-ed25519 5hXocQ NbomDCWlMeNi4X0Tw6TJ2q7LVLv/206DHScIr9ijrG0 -hQrBPaut1XIfroDxL+KGSkGrRZ680O7US3WGIJu3zCc ---- Dtvnt2AyqssEE3RYew+Zuq14E4YGRVkccEL2qssodTA -}( IR F8ͯXΞ6dhLKd}WǗIO-HϾE’ctЃԡO^8]n^*x+R#%g2 =*`j瀰~J \ No newline at end of file +-> ssh-ed25519 2k5NOg GTzTB/4oTPX4GgUXebUp2usW6WC03FgeIybP1NOsymE +svPuoccAmLBiQfEl3l6/eH2VKtNXAGYTVCKW8vGnN+0 +-> ssh-ed25519 iTd7eA dwEz38xlFx/R9iG9PEW1rEqBmE4IujE/9iLTI+ysnlk +3ymf3XrPE02XkQrV0+vNF4lSvxc8lTbST5SF8gpb9Wg +-> ssh-ed25519 h5sWQA /fcAuuCz6gErWLyqHzrEY0zMYQHCzd21ya1wv51Q1g4 +C5VNkPyq+4oN/JL767mvoAAm4a9+nceAyT1aY3F959I +-> ssh-ed25519 /Gpyew 6fUsrnunE+55NBgPhgVDr0GgLAVuO/ncjhcuEl+wvng +C1+3nI4vRf/aBKf85PSy1X/w2WwEL2hvAF5MrwDkcp8 +-> ssh-ed25519 hTlmJA PmmPxFrMv/CNG+SfWhCWozWCWQ3ZxfgCAkLsbA8N0x4 +wKMLwOlGFVnCL/DVNuPUK/XdWjMTY7bF1lNymm/WO/k +-> ssh-ed25519 LAIH1A cp21yYkJKWit4VF6CPwMOyQkegp5y0ENu1q3DfDPHAY +q0nZNYNlDnEBvD32+uSZbq9YByr3XxLWA1TX4bZI7dk +-> ssh-ed25519 qeMkwQ KLGoGQQNE5rdUu2gjhchtog4pLFrfKYB51uAygHFDAs +flkmCHwzWGnMc1cFhR4DLMR6CEzZp4gx4bfa9atoKh0 +-> ssh-ed25519 TqxOLw gd2mO+7HbN3l7rK/2efcrSvwj43BVsYUiOLA3TjVuBg +zMysEOlhKW08C+VoqABuBioQgeTMviHNYVJy2PwubqY +-> piv-p256 ewCc3w AgDTSzBYcuFF/fbq/1lGtVQJ/hGhvOl24P4efLsZhGC/ +3EcR6BYSpisJahe/S2XfuoGVYxkscTE70ARQ/g7OZIg +-> piv-p256 6CL/Pw Ak4ZBz69R8BE5uo1NI4s111shRKc9OnhcBtaBtKVerxg +nhaorLd83Eyuu/2Ax7+Zt6HocHi2yD7wsqWTUoq399o +-> ssh-ed25519 I2EdxQ oTcQa7k8nyGY4a0h/ETU459VTwY0hSk1nLFdX1wMWxc +XJtIDxpzEOm0IJnFBe+0hikyRoqiJvtPIHHaPtMrr5c +-> ssh-ed25519 J/iReg R/F7lVu5QNvDV2Y1EfBQ1oIthN1itQU26ilN8DEKLRk +e2f5qOFtfkFYlUlsL21kj3r3uGcl8V/e+rYhlF/DtFo +-> ssh-ed25519 GNhSGw ANpVIuphVMTrXFALS2SZ3ag2rNrGkVXXvH0KDcVypmc +EANJr+S/mknifOJcLDBjhuPfYhYzHrFKRQcUH/TYkBo +-> ssh-ed25519 eXMAtA gD3H0ikmih1XqxUrDtqakmWFRH1EaByqDn66Gm0pRwQ +ngC4vPlohbUHhDmW5Q52Gnz3DGxWgrFuZlX7ZWfR4Og +-> ssh-ed25519 5hXocQ /IINku5jrZKsCuf0WL+hGxR978pp8n2xFRbwfl8I53c +kaZspCtVYwA0nl02fQ9eYqA+ihmJF1USGZ1xmVictK0 +--- Kmzz4xXIiXpOLw6JrwHMnMUkq5GDhIKuGZRnr298dy8 +8HУ؏j䳠 +^&>nk3z^7/E1+Q%);~'ne ^mrۯ/phs`yGU45#M) >.yT4"Gǂm \ No newline at end of file diff --git a/secrets/restic/jitsi/base-password.age b/secrets/restic/jitsi/base-password.age index 44d3dabae59df1fb59bfee4dbff4f25c7fd645ff..e3bf58b91c5a634dfdbad7c2aab80a0ca0c1ef3f 100644 GIT binary patch literal 1235 zcmZY7|LYTV0LO8m5?Vx%MwXQ8iv_NEd*AK0TZJF)cDL>Bw$E*M+wFFiu>1aHyWO_? zvQ3mw`$7?jN__lOBw!6*s}NxP}#bv#)TGCg?$_hkhV70CuL0)%0a7bzsj z=ssxS9f6z)`4UPt5<|?Y_8?|zTMomAd^<|} zFq%v1aZyF$ByNLYL%?9FTg1IwZtM%wpiFQbBhY9Mm`hnAZzFUN&!*BJcA$`z|n{e}goA*R+M0C>An6Z0nwqCvt}>Q6lAKS8C=qr@1Lp-{UeZvPlo^l8Ca|$1N>GDRXq*Xq zHFn^_nYJrHQY{V}rlRL1%aj6+sX_nK7|7;zGnuPYB4%D3da+f&3t6pIHl!|6EjFdL zMOVvV7qeI~Re=mrO%O82BB6v2S^}y7Cnl4*QOJqndF>%qGHUU{Tu81->y7OC2H~ zmD|l&t071U@R=YUw40-D5sgr%b+e{RH9WwRJkQfc71s%@fufOHw{;if6(;BhdeO^N zOL7k`&nP?viF88Y+|-Dgr+m|xHO&@}3K9(u3aD4ZGf^>|bVViw5i`PX{nN<5>qjkV zpf-|J-{FT6m$D6A84EI5n2dVO8e>l3j2zB{7FMSChL#&mZ7h-F=PMYhWw~w+9}E3n zMag=0&|}bYT&zrJAm;^C81AVKp-Au~WWnFsRt$4LZu`jLi3^ z8c-T7+zK*@c=4WlUwh+XQTkWkq^J#7W(|azRT~HFcGM$yP2g7$R?AU#1 z`QkAFzD@f6httcppV;`oGY@UKc5eNbx3sVNFMYe?@`gRx%(7Kq&97rlt$BCqt(=>y zyz=>(BYUB*OB)|1-0I2JFV5agxt$+_;)OL&e6$aG>Qc|$`P1|mx9r1<3-0sLNG-E|$hxP9%?Rnx@VC+h9HU2CN@v|+jy-i)T7i7> zCb{kPeLMFX@Lh8!&plheW5dxGi479HV(X6QgDu~H(|>B$=g!7&9en=-X3zb1U*5F$ z8hj{q=L^bXS02AW%Cqywucg6v*C*S9MQ-zw)k_aFPJwNk<4N@DftP=KE_m+`U)_52 EFE(wtXaE2J literal 1235 zcmZ9|?aR~z008g=F}lZ~FJTbsNbJRNZnt~e0w3CTx4YeKcYD3tEz$1wcH8c5yWQQh z?V<+)qa+MW$`ItCLbElz^ppVrDqqGlEf~AR>VD|E{=P&rduWcDgW1t1G zKeoNWW-qXyxl|%K3yenHq@g3(YzhNxNzWTNptYx3DXLj8iZl#&+VHum?H5{n&uBTS zF!HC9GSOlD3R(0LxGROibeP7PAkh|uoKnki!pN()2@}-ONnSx);*_Qa6tm72TDQpy=PKQr%)sb0`71dM|Bmy=_cn)h* zIXLukMNleh9ayOZO|UU()avR;P@9eH5XI2{Svit{xPPsbU{69Qln0}p46_Z*RQmK# zV+NKm^`cRV*S&HbYwM`wR1;%5<6@E-KoQ1pX}>iI4X><|vCG+dH~@wExMRXlL*pTS z`67)J^@syQ@uPK#+X>j z%gqtQkZhorpfobZ8l{3RrM3JVip+`4)^e=^*@9sKEh^P3E8V(hWF=0kQdnB;r)mww z5%8WRckqyNY2Tum3>7Bks;=2gmxyAVnUE4D;ju|549fHe?ilKJ9j;iXrVbti0lZu* z)w*IS1Ond6l)$dSFa=sp6+ulY_=BFu!(=`q$KqI4Yc^8zWyeAjEyk-8($pGxni~gj(q88k;5jXqwOZQxj*2f+qNtp)5~{tATCT-1IPn zt)c1oSp-k4@ULS_YPjw0z0{EfHT%f?kHE>V_8cM}exg%;Z`C3^c>l+ZVPTUz>eu;ng?YHR0*wt4_9z)A*MA*MFMacri!M zzq@b2+`K#Itvmqsf0uxKaBA>O>#Z~AfBA57@X22nFVow<7S2U0yEEK(Fmq#r&2M__l?)+2z3t!=2If7wYSFZ~j*OnBDmawC3`r)id|F+RWC&56r7#_Kw517Vj%D0J diff --git a/secrets/restic/jitsi/base-repo.age b/secrets/restic/jitsi/base-repo.age index efc311d79970e5fcd402b9f2d37e4805a70267b1..f61afefb123f7db9fa097c4334f8092dce53b8cc 100644 GIT binary patch literal 1081 zcmZ9|&CA<#003aUcnBh>$UKcA2pgqK(lkv9D*T$}t4-c~Hc4~XX!G5s`EJq#(HAd* zr~?n;MG@x3gL+X!2XhFbIJ^uI5oPGX%RoGc2zqcHegA?7o^{|2yu>Nmtcud)Qd$IX zjY5NGdSw|7Ja>rW=%g3vF5!WmvN&cajfI(u@P`!vCy~+`Q$8ROLIq`0>@9noPUDQm zcF?p*35vjApyKt(j-hxtJ*)~m$V6qN5FUJF!6t~1qwdlFX<1YcvLQb1c@5=YO%LEz zt29(-hS@Fjy9uvDOW)wkgOnVjjo#){xEmj9iql)< z#1-_}!2-F7#(HJ)Ecl-_rUY2NXN4z+a#r*D#7Q{QL681ai=8qd{57|&N+-9}@!r`> z{6fc|El>%d>@*3NnWQU5&TPHM>YZ37-Y)d@^&&1v)W{nXCC@JML)twmy@Fm#xgAU< zHn7+&8>F1$+F=WVe!FKfb)HM=iJa&HOwkZi33a^nYG;Ei=?Ny5=0^0Hh~OJNfjQh* zNxHSnD%=%w_SkB+=P(POjt}xWglA4Wo2eWz zwfVD}XNjN!y{gl!j%4Lv=`5v1V;s8q5n139PnDAGdc5d3eievL=|&3F??j*IFZxlM zRtYYP8j&)!DT95RW;L*v_L9SnftPaZiTPD&EEFpxBhDC*J2zu?37>qTKFO#Skh@7G!STvkSS zO(2~Y(cKPq!k|Zz#0Xt40xD$CN-M|02(&Rv9mb=B+rr*n8V2S2mc(QVOR?@}OO^ z%yyi6mfVzj(03*#*vyUpSVJ(y=l@u=kp!w*ShV7EVWK(Ypi`W=~9Mk773OzPBsA#DS7kgI~ z#hmojElav`V~M*SwzLd=$>x0;#-bayvcY7CM^j;;&58kaRQTbFiZIt5EO;eqYm+RB zNhWOl(Q3WzHtcy##MfFFp%bWjpd9N&ta2x_Svrk+r2tr}nm5=8PeqgL*%iee164*G zg&+*NCJ2eA!N%FB^@uHUsKf_gWUxpFLSa}M2z{uY*Ej|0T!Ui3s~DM!D}_s`2+o7h z!Nn+C94$pS2#b0;3_K&y8Vov!9hu_#*iJU_ex>U{7#n(4g}lq?20vj}{j%%B!Csz9 zoBy2*ZJF6K=y<>nb(8BSj_YDtIkW8ypRi+MWNX%%tN7`XN?e**L{LEbd9_aK{4^_f$-LkyQkm3 zTcLkld-z-J!Oc%ah_+mal2}7*m$lraVv9s(LL16J1Vm_3t3&mi$&h~67VT^v9uFid(Lh`c6{x6= zdsKRWFSf!H{ic(J)x788v|%kx7Ej7nNR%^#>C(s&f)W)U)@SUo__<`g?oZ8IfCyMImiBu|;#Kne4<>*+3?KtQoTp-{sC%G9U>Md;G zQpq$b1gL5uLnb=%uS>pOjxIZqJbwDNgU8-^>2&eh+^H|t?_g5ruI{|={T2F|d%ya2 z)2BNwjk*5o>rd=E1B`wySqx#yR=mbT{}T73|5-`pK< zV@j9jsg2IwWq)p6imcw_oLPWxazFY#lX~XtWx+qTsA+o5(~x1Bq-lChoAlbGtuIE~{F*drn)D%0 zRmT(&+??W@>BiU#A2t;y=r)AmIdnQF>U@~o#x{p?QzuMh3WxZF^QHF}eBjHsp@TT+ zwFZ$p>NvgooPmz`C=}lq8xD;)(2^L2QZWM?sxlqR0+tH=E)VjupT%;DE;Z{Jzu4@y zJ&;8PmW4DqtqwP7R)&gESd&{-8OaNXQ}$%FJ)P(Up=p^QM^qF`*2nE4Hin0y^`GW; z{J5LM@E8b~)^re~9k?&|ffsqSM&cbp5XgE^Vz?yN(9$xGv2B5z0Lb0wAAygVvmNXOqGMFN?P_& zg0;Jn09$yWmhV&PTCG}uF^>^Q0SL{GOD@%NNT&q!813i%vM5ui-A@~)=r;OcI8tSw zL(MuTw{vb5sRxlMu|^Hj)P$4Ki9|G89jO-Ig;hD-$4FC`s2Q@(sv6AJSvI4i%y6m3 z7mQgxhyi~FE_TN)H60NwQ}EDac8rul6tpo`BKg*IuGma74Uwoi5L~hyQ8QE%PcsTy zw}M%+GS8}bT8mNl&h>oS(Wb({lx-srYGy05RRta2h!v+;;Nnxpm z8C9nx$AnQnn-oJ72g{fb>wHe`*_5R6Y@10-v_2#LQVBe*`&Vc3f>f#%#E`hBVt)uHN zP!C?aJbU@!d)Msv>Wf#^TX5l_S8m+DW5WlZJ@Mn`r*2(5oqBZgxt*WvnmfGf>_lzi z*q)UW<%2)D-yB$%+4S+dPfpzo9lLtZGUBxplk+Ry#>eBMb6cu=pE_`+dS~~ZLsO}J z@wtVy-+#36#Xqlq_Jp>3+v9wxbZ|ZK+x)j1ZeO?cSA@Lln!V>XKcL)Hc0QduE$m(& zS>(Bel?$gI*^W9B=b=078-8!!7LDFqb$Qd5lZ(80zsMZ_@W}C_XP>|7yY25Bd29c+ J$6`ck;a}TIySM-V diff --git a/secrets/restic/livre/base-repo.age b/secrets/restic/livre/base-repo.age index 39575ea..9b98be9 100644 --- a/secrets/restic/livre/base-repo.age +++ b/secrets/restic/livre/base-repo.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 h5sWQA UVA54f4ih1Y7DeHl8JaR5xx4aNZmYSWBH3rSDVx+V30 -9DkQJ8hh6vLIzHy1Jh7evdTC0IxJfZ8h5Dna95mhGdM --> piv-p256 ewCc3w AnSKSHNZoIlAOaJ8yuHASConbMyE5Xe9pYBRZTH1Bmpp -tDvSbnzs1MmYGD2ADjrPcQ2/CnYbgFKAFgx+LCwSKwg --> piv-p256 6CL/Pw Akuc2AE0t7UEi2cc7MKsELdEJI9j1HArytxKs8ALhhkF -CtYo5aBfkeUEdeB8WtD6+aJntmUOLgV3c0YqiIa7mqc --> ssh-ed25519 I2EdxQ vHAuEyr61iU2FNZ0a7qoGxMrdwhTsxyJY5md5decugs -XeUhYGi/sPLQ1S60TL752+w0A4esESNwa9nb3dyy6T8 --> ssh-ed25519 J/iReg ukrGz/sElgVRVYZezBP9zbK85owb+6SieNmx2+6LQUE -cal2YERpuidS4flDyOd0p/wendfr2RNPtTP9MXxAxtM --> ssh-ed25519 GNhSGw BndztlGUOHgsxE5gpUZXjipFnKijFm9C6iu4MZGymFo -hD3xvuydadnbTClB/Oe48zyLXgk21fYdSPlLiZIG7TM --> ssh-ed25519 eXMAtA dM6ndCAczkhAmvKTP/ZKPN8hvun6VQdzZbDfJ5VApWo -REcIqzrOHyO/Rloldxvxp2y1kTk/nKrD1WPDFrX78nw --> ssh-ed25519 5hXocQ QW1soBQzuSD0UyTagoTswDdLi0Clw8YUV41wvGtIpDs -z4YXC79z4YoJrOq3HRISGWotcoq/6bR99dKd/PimHlQ ---- i2Rl65MgbXq5oGglcGefPDQ6yWdi6+Nl4/SYTCvYZq8 - zl[={ -:ȏ3@HcAhpgdߌ̲ptn#E:!dA'X?<ڶdl&ʂ ]+A9䗜hp. 5 ~b \ No newline at end of file +-> ssh-ed25519 h5sWQA 5tzo8ZIYdTzxoeazGzC1COFQLIH1xgxwSZYWshrCX24 +qe7hDx1J4NMPCpIFOQZFIkRG9GJ74rzcDzYQ+l5wsQI +-> piv-p256 ewCc3w Av0RDpfvdY4A6iMzRpLfEEjxfu0BrgQT3lNsSxms5+1Z +xsN/4JSnfF2JEiaSmDnnMFwPEZKah919LeE3zZC3ovk +-> piv-p256 6CL/Pw A3rShTU30UySod5nlXgGDQFbtwv1GKqSgWzyVUY+9nIB +P8bM8AEzTWdbzb6LfOait7qCcrZUWXA5GinamQm2V9k +-> ssh-ed25519 I2EdxQ s92P4q3rc7mnPCNetLAM5VM0rW5CX2El1ZuoRsXpZxk +CjYHau+p0ee1Q43QeqGPJPDg35pRrbenSxTE//gVS1A +-> ssh-ed25519 J/iReg EaXo5UCBnjvAWor5Yoi/Qxp0DBeA/i5kYv86bjXQP1U +V74njr+Co/ZYPRU6p+YyWQs4W40yV+oPPYbhTodG2RU +-> ssh-ed25519 GNhSGw 94SWVJ0KOjRWuZfEHjRS4Tso1mqD1chtaejPyIkzdh8 +Nne1exsd1yjxTm4+32Qn0/b219Yj6tANMRZlGjZeA0o +-> ssh-ed25519 eXMAtA wbDOhvP2+w0JdEnbUuWQxcZNVJ32m1wN31AOe/O3VW8 +BRHEfjcSpnNz55YLNqYQNl8bIA1XzxQ3wqoh+k/DuKs +-> ssh-ed25519 5hXocQ JhA00hvkl1CXlvWno9JnojJ1E2wLxiiPNggVwM/PMWg +01oo+JOBvRXSC3OqJSKuzjpvuMxUc/sRB+e5/DR6DzU +--- l/5h5BN/Xg8MD3uVUMN7R3Z9GpmeV/AExODs8HpAcvQ + + ΅p5_QxïI ϴd͢"9Į{s'ۮ+=2η0񝴝ױ{zΰz"{M '#n89.wd/aoRZ~uүgs`g/ \ No newline at end of file diff --git a/secrets/restic/neo/base-password.age b/secrets/restic/neo/base-password.age index d445971964c11a0ed18bddff2e45f0411b666a52..7b7e3a7470c4fc4c491dffaf952627560195edf5 100644 GIT binary patch literal 1235 zcmZY7>#Gz60LEd#F1SW%WEv?9VNea*+-G;Qvf110&VA0#-X<+~ZacHHduC>5FEbm6 zmC`9G3{K^TkP?edd7?fDL5T^K(Op6%G|)h#qOu50>rmFGvcKTr_wu&dX40J2`>{W8 zyy-i=ej6GgiR8UN7}`nGKnViL01)lR<`__2qSj%2fyvh~nDKZ>&QAI+*Y&iz%=@9D zz&Wqfk5P)26LiHXSryR7MW$_K)4@=W!9qc-Mov0XdPNe|LXN5%q$rR7)_iA_^ihHY z%yCY~#sGx~qf|vg-MoXby++j=h(%M4i?lsb$Dm<1%OH+xkzh6IUSh~ZB{edHK$cQ9 zX$&D{kPZy4t#F2(%P7jUt5b|@bX$1)KNgweAnB6TA5=TC5*U}7+(Cm#%RPR`Ny7oI zOf|wVn=@6s6%TmWhaRh7dGXlQR&i#)W3vSLmQB8R>kO7+Jx>A)n!)Vb%|H(a;50FK``)AY9fS zVBLbK#2SW$33q@Ac2yr`K!F;mrfW+kA(3{#XB8aopu0`Jo_EHtr?GzHpWD*#bni0rm#18D!P_sA66=TbkiUFpLZG|i9U9=p7 zxmIyfmlJody#3g^FQ3^0Cr>TgUE1`jGCi89)7QXbl2dxcVmC)-0SByu6yFpHlEsd$EkUQ-~NKSXQj6P z{#RzZ_q{v(aBkntkH2*8cxUs)vwPR9Kl$l~)4R?u``EeSkFQr*2fjUUYDMoF3j3+L zbMcce@42phXy#Vn9%QX`_>mK>qwKx(IoT{fKLc&JcE^!p->;VzCAuY~xBIyz&5wS)Wns-z4-zx_ G>c0RA^SKKE literal 1235 zcmZ9~|H~5v90zbMshIjh6lOo93&ZM}dv4p^ZMTH*cDvo~xv$&p+nt%uecRn_yWMT~ zW!pvafT)OQNNO4cW<^Hi<8Kj4luDvdX&5N>Lr_T&k_lpAVNd;3&mZvN#pnHg%Z8rR z`|5Dw`j*q5c7_HJrenz$3kd@+=)Jl8;GtJ-5jVpB+m?TY*4oY$W*#f z#E)tST5S2SPVqJ&Sx(Fr0?6tN{CXn{ve~>ck!cq7IH{wNRRaf`eiQ^c?pFdN^^fLS zVbaaO*|I4>7NY@v!SYNb?Sot$Ndvu74nx|t zs6QTe)1cYoEE8?w7Fw+GBMoL!v3lU=sukNXd6{eu(Jv-FchCa zX)Y%*ER6ZMUL?4LR|kVg5Mx$5gLa^1zfxc)qM>O01m7@91**XiXb;fy$SBO=5X+zl zv{)lpQy@n1uokt{LKiNkU}r`k&7u%>Rbn)Za)w8?D|va`8ic*nFlwqXk5;uo5$*x@ zKwii|0lGrRQ*0Td>Rr)e)24%Sq)cPl@ZW{}caM6DL47oCharWKa$zXgsrrmu){uf= z6RCDc5kbTd-Uucc(8Wo$V#I=mTj{zu16mCrg0Vpf)KJDrgF`Yj8Banw6%7CjRh1x+ z#lOL3%TX(FC6mDqcRgfE{Vq0wZ1xdbH(`4mGaN?uuu>K0DZwU$J$`@>5rzzPU*`{NDNvTTkDz zkDppy+Ijf})4yJPXW5qre!K7h{?x~xU*4oX@@ZnT_~VuO-ty6dHxe5!-g*9v^;~Mr JuGe=Q`x_brx2^yH diff --git a/secrets/restic/neo/base-repo.age b/secrets/restic/neo/base-repo.age index ef64cac96c32bd875aa15a38162c0159ad7a27c8..bc8eaddcf04d66cb31c67ea74c26cac3dc93c155 100644 GIT binary patch literal 1077 zcmZY5yX)h0003}@^N=_>$RWZ}5InK=(xgq&EJE^alQvEBXwx(act?`v*}R)HNf95& zEsm$7ia!u{ITwe+K?Mbu13?7AbND&vDfm2oEK z1nNE8+3)?HvqdosAv-XewNBmPcL#y21s%8xy_x6foS7L#%S#cRTKvM@bICZ29Ap!!Gv!YFTjTWhjPsoEq4JxKVB7{26Eengek&=2^Mb(E{ODztKgy;=DNWS zs~GXIqeXbAy^RQ&S^vkv0S`<6Sm^q&+9+gL<>MGf2jP5*RXf4T1+WkTTdi1{?2_|T zGL|qj&T>yqDk=}mJhjYzAsGfPrOIv?98fBt@ECPUC(VecKEF6aC)-BuxHOf=R=-*Z z4x3YbD~9*{7^aYgCJ_R?bPvAoTGd*YWf{uo8AqyC*Vq(l8qA_L&t@QDm>h6=#0|GW zGV%$cWDH(DuW@j&bi9r?E{Ad2rMPtxZ5xhn!%|huVp+!x0^rjcIm=>KU_tbpv{vdZ4b|Dtl+QMx|3uJk(|O^Q^BQ1b41tc z&ih(Ba|2hD=30wL2G33jm8Lw%V%5?j@NiWyDI=+Z(WEx1P3S0%#cp>s&|C>((u;nx)KH`Uyq!06CFl4kBs zwC;l06bi}utOio(I511HQDaw?qR2G*yCz5x!IQZ?0cMQ_Fg2P=F&8M@1nTvAoeeX_ zXWHf0R^HM%|>+%a{*LLfB-!PXy{PT+bZSRYpe!qL={mu86 XuKxJl&rh`X`xl(yW3@nx;vbCQZ{UO>_=TlO}DGW^1zzB96#A zISeR+7eRzkQ3Sm_KY$1WgW}!O;6X)rjEV=J7ssRT6a4=CmtoKg_N$`J4x4oUd|HHX zg#x{oz_N^bfsYXc%7CztwLuLU!?8c|Av)aH-L^02a7x1B5Em8a$hRS?Z}FjIO|5xX zuYhBpfH#KAP^~x5s&&2eGF`yz?J6&P(F*4)%@rmKnK{hq|FmpV^)ieg!Jy_={TgKH zvX4|wvA45aV!1St=Xsnd3`;SgiWl1vI!2-a!8KmH2ZmnUk2dl~2~1SC5k@uRev*cX zHf9Y+&Pi52LUe4x9E|+WBDo2yJ+Pv3T`r-7M^G9z5j;M z44NGJK-#ye6=ylxE?ajD!;mgEYZ6qf+5x|dbehEdR4O`|&BBWpC5-o*8Q7$3$`d}* zxYC^0P&pfQOa8zqr4q-mtC8ZCsCJeELv{!xT1iB;UrFr2iHL?k#=&wdE8>xs78+&1 zo*=*^!{U30zo?DjjUI&H?8qM{%RV~I>wp&Ae7T@^`^xP)#vhM^!(_N-OO0qSgEN7F zG=*ZlQ4K^KcqnI^DNEaa#7NjEEGUv<52FU^{E>~O7d1hR=0XjU44%V&!Wq?Sn&U{w z$-9AN>Zrm=m@`vT%A68iwdRdJ4Qx!!vgf54Cz@MirJtzouB-Ke$C)(9DOQne6w+`B zS>hM9V4<)F7Nn0#WLYE1^!!n?(*0vHBordHh8BcGIK?jxU8PVh1Z@!@8dS98BA$hF z0xF};j%(eST?U!0$m)(>uc{p^h!09)^P)yXi*z*uL+Cgqct{qP+3ehPnU=?6d^pijg+L9BTj3z`Z*05P1`^Q|R0&1~tCr&+@*la^OK(E&W zl_|PFs=?kV-EO|1*}5f7bK*hf*51`>H7kyB$=Ap*h-SbY_p3*4e*F~t@^`mS?k2bY zx_9-A6_)s8=Z>$6wyo);$%>(`3QFJ>S8`egm_4e6PimoL4SzfiyP Y=oe>yzcF5xr{K1|_sXp&u*cPZ0bvko$^ZZW diff --git a/secrets/restic/redite/base-password.age b/secrets/restic/redite/base-password.age index 35d1b35d48d278ce5903264e0dd3cf58e36ba588..96209231dd43eca78aae78a0e5764ee7bccab309 100644 GIT binary patch literal 1235 zcmZ9~`;XHE00(f5U~oQ=1Qk@sh(wX)u4}ihs}W^wZ{51JYu9#rbc(1j8Vj>)jFBfPCGyQ;oXnce~%z!6gl5qP|r98*WAkZ_Al1D`UXhSWW z7(#F^sYbY*iIN4ql5YZKzBSabnv#J=eufnY3h0*OxY}%wf^sBK5-p0NWhS`spiQ@F zEr4U#iU*xa!DWYquc46dRio+Bc*>2M}g zF=7$RVoX|v^L(8Zb6G}EfnLZRl;n{NYqeI_Xr}C znGoh{=?>m%6(y9G(?*RafOOF^8|55fOXXTHgFh-CubX_la0tAp$L`vAO|o3l1F~Yuj1=A#(2=)T zgZr(4%q97$SmoTVW}6V+@A?*1#|Ti?QfveO0FC7ubdMl&L~+cw6L^d0G^@RQ8s;oT z92*?TbGj=uqngyPY^Myw2#}$Qpo83c$;3pG7K9*+g;v1OO#$yU9D%QfRH_e^LK!ub zVLlW)RUh)rz(_d1Ke%M;nUmiib=F>E&#(PL-E-IHd!JaS54X(?x$o$=y%f1?_l{NU z@d|=o+djTB4{>|lSDL5LH|}2Z)$ZBTFW$KD(Mwz46AMe&7xL@FZ|2_Ge&y&d8{9AH zv%%vlza|IjJAaNa(7>dYNm%EYI)Ke_MFd8Kpb(&OF9gOkTDe0a8t zI|o8|?vlE0k9Gfu+H5>^_0fIQdn=C~EP=;1w)c@MFCI70o%`3H*!%u(ul@MLhIh~X zb!2wdyZMO!z`C9HegYp@v7ejFe!G0t!UvmYIy-M1zWniXyEgR>tUj{h^@U%T9sYTK zd1KQ#f8+K0ESMlV!m(kgW+2`dMs(<6+AJ=a#+q&b~hn}9hd{2wdduQKV IeeKZP-=-|Nh5!Hn literal 1235 zcmZ9}+pp6E0LO8XV@}BQ7(frA4>E{ipp33v*RB$XTi4y%ZtJ@477j_b-q&_(*L7<# zA&44HOeA;-4+@b)iJHje7&KAhgDBz!6NouL0w#haM8#u_NWcWqCp~|`C*R*sP^5@t zbsWF%YCUU1&rv`R3Pm=D2Lm-CiEum);bFCEn1y6`0O-tk9PPJ#O+;G$V60jYCg`>> zL{yqelQk&-HO&bK7zs52aLgw21ZM@V!qs4m&o%9SBG6>WH`S;LTY^18GIcaJ_($t& zUZfAl(XcckIUTghIi(bK(5 zDXz&zDU0V*)l`>(WmZ)vs~AlcOcbc4bHxl;;3(vO7D~`y`Hp2&H3F!JgpBqC)DqLJ zegPWw$h2bjhXCmetQZA39W3nz{g72^CsIbA(c?in(5nJMx6^jf;~j^HTZGa~-0^U% z!2{#w!WHu{DUR82!R$BvK-J<{JVvuz8}o`XYL#Th&Ik@SCWQ}+S&lM_ ze!e4TJcdnWRo;Z)W=4Y0vYf)`Ml_@k6;ntL85{6&itN-oMO#O!W{Y=9gHarGl`@qa zm}N>+qYK-zMU~5r!fYV`D4*oiEZi|_Y0<)gR)f`gF0Q(bAmsrB1d0u`Nd~lqEOT%PTF79Jywk>bKffGbwiOzB<%AAIY!b{weENIAXRSCGLrXn zMaMxL%gc17G-&w%EmXurX!ma`w(NXY`1{h@bOa8pZ9?;XE-9lx^t@W$i) z^#>l@oX$USnHcozD7(KjF7fRl?!XXEm#3bXzGxnq|n zL*IRF(;v4_{-zb@JHm>qlNHS$htxd-C|)z9rwU-|^8Y;g^TED=RlW QA@76sA77S#`<0o$0nVSflmGw# diff --git a/secrets/restic/redite/base-repo.age b/secrets/restic/redite/base-repo.age index 2f072c6..1fc6687 100644 --- a/secrets/restic/redite/base-repo.age +++ b/secrets/restic/redite/base-repo.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 hTlmJA XZDs1zHFk+9P4hzZA/Zu+G7sO1eYcYr+0KWTrKI851A -YMoR3tHRBefzkM2KsHco1Bh5PQOtfeN4+ve+nE/78lk --> piv-p256 ewCc3w ArH3Tqls+HA/I2XkR7/dGeBW7NGNdhcAo7uaisl6h6F+ -5rzeWieiAggmtOA5hR3nP0ZiCYg6r08NAWaMkfSzCtU --> piv-p256 6CL/Pw AtXZ8dzJX7TcUa2HhdVglBj7+1el+Tu8NDm+MdnnHSlo -WBOmsYrKZEsiFGdHFlYfZDk5U6cO7TG1b3m4n+BHghM --> ssh-ed25519 I2EdxQ e4oHTYOR3MrDQOyjpNC/EgOyYflJaDJkKnUU7xv/2A8 -0XT1ux2W81hATfRRvAnyWMFzrBIDuKFZp/xLDRkwA5c --> ssh-ed25519 J/iReg uomqbGMQ28HZ3Q1dUDT+yxC8wW68vcpucIy/8UBIHUQ -PoRWEQ89RaQun1Nc02164SZdfYFgwNKNoWbUnilQbcA --> ssh-ed25519 GNhSGw OSKbI416an6C7BE67xciGot0YYVTb9TNTa9rI4+BKFw -xPqk5vIneu25cWngENs90wYor9dg+nil8cO5w31ikWk --> ssh-ed25519 eXMAtA ugsam7RvXNRFwuyWUOybY4nEAU4GGtj2iV0AEXehL10 -mZVFITQYG9/Mw/IpJMRoxJ7xWYCfL8IbbSxdYVh99YQ --> ssh-ed25519 5hXocQ D7ly1CCnsSBSTnP3FafEfJirZBctrQw884RgQz90eDA -XkJtG4bWX0I+jKrqhWXi/kH9LQaQj/kWnFycQ9JRc3w ---- crgTIhzpAT6j3UavdDLQWT6bS5D13qmZ1+JigZJhdxs -"|;ľmBPwcU}(l A~)tLυCk3}(\8^Fﭽ̇L!oZk25kLwgŒA؟G6=g0eD䙑6(ʨy \ No newline at end of file +-> ssh-ed25519 hTlmJA L8ylisvw6LsR52IPOy5yk8XrQWiYZzVTVM06wKK4O2o +Z8jpkaxmPZDFQ3NmO1HPmBwKDUBytda9neGUfxh0L60 +-> piv-p256 ewCc3w A/jTPTdavs7MDUVtjvEeEvwZlwNOzbyp8Lek90UAoIaw +duPJcCiIbpPWUQoQvFzmkAThyEtEHdZuf4QVEO6RXkc +-> piv-p256 6CL/Pw AnNRvokWbpEgYlgIHG5V7cDguNRMfg7lHaQxZdjZ2RWD +f9ZYtq6SQB0wMDaaKrTY+2xcTGxBoU6f63m7hk731TU +-> ssh-ed25519 I2EdxQ uh9OUdIKGWc/TfcqATX72iJ1BYwFUzEd35uwrYFQRwI +DwxNMU4V4hwc70f4jRlQbh6xezPRNn2T+lbkI77bU+c +-> ssh-ed25519 J/iReg uD81hZ8At1q5vA9IC5a8PhPHBBZIHQxAQ2+XRFzGFXY +Qswu/K18nHPT/FPStnBtPC8QpP9FO76t0t7K5Ry67O0 +-> ssh-ed25519 GNhSGw P5cAY0inQ3FtEKk2abI/t8P6Rg+TwHjQOWbOTXhfSys +bYHnKtBNPqe3CYI7i1yPhv+CtgJWfBuUTrWDDNddy3U +-> ssh-ed25519 eXMAtA zg5tTTXZFk+lcAvxCm6gdhN5j+k8n1jNhkoAhmtTJVQ +4NAe9ytki8jl1q9UF5GasjkpIVe/ymTzgWroIUGUQ2A +-> ssh-ed25519 5hXocQ 0EJXZWeP5/7myPDCKEuNgjyw26i3ElsD/1l4v+kXiCg +LPnJR+1lEE7SsEVWfr2Hxt8yuXVxf3SN42B3jZVq0gs +--- ySlNwZEEtYAM0gUcqLei1BAt4z1IQSId0rqF7B5bvzU +4/>aF_*8ȑz&*40K:m'I']i@SN[~lu-22%2> +/Rt5Gn;}Ň-ׇ i敘m[]B?2{ilJ)dVV`& \ No newline at end of file diff --git a/secrets/restic/two/base-password.age b/secrets/restic/two/base-password.age index a50a037..24684ed 100644 --- a/secrets/restic/two/base-password.age +++ b/secrets/restic/two/base-password.age @@ -1,21 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 qeMkwQ lhh6bd23FH3Hn404o9sJl+KImq+RXNRZFqPKJcZQ7GI -S2BQK34VYZGSSeKOqelBfcKxB0HbxK9ewRexg/PE36M --> piv-p256 ewCc3w Am4uoXzdmiXDC+qZJVVZNc/FrN59U33cUi2D9+9mAI79 -oFKbEIomM3OfoPDIqRI8I1tAfN4bgfQOMgoZJp2OZvg --> piv-p256 6CL/Pw AnSOSCc21ekFkc5p7W8fBOciNqfBn+wbn5KHVndgNjdV -EWq20DFhf9b1Cf7ARSSMrndiMcE3DinSNfeR5Uu+KLY --> ssh-ed25519 I2EdxQ jrt85s0g6aCA/gs+UCzcV7Pkt703Fs145MPfus8P7Cg -GmBwegl6mmT1WOSMVzpH+V0mXPdW0aC76SSVPGGHBIk --> ssh-ed25519 J/iReg 7Z2Ttvl8MDnwELutnNJUtMSe+DK7VhrDEtwmBTaI72M -PPEXp8cT0MfViIxP6TZX4NaIbU/cncfmRVx+/gP2ztg --> ssh-ed25519 GNhSGw ET5WTttkMHIjv3P3c/PFDv0GJyf8SjanS3hLHsu9QVM -6FolJs4qL+NPlTRQzSJXt6PucFfZBAWqa32tD627IuY --> ssh-ed25519 eXMAtA lMbetQOb1LaoGTgTOyM5VBiOZkKY9VI2roJVkTxwXSc -G07M8nFdtHrSHSBMBWDFPcGbBEVn1qWO8xHIV38YBXs --> ssh-ed25519 5hXocQ SrxklvHG54MV6CbAvAiW28oTkj4XZmeAWipOwtvz6Gs -XdO/tq4NzjOg6GJ8nzKzxY1SvCbFxpfVtOs6hrXexuo ---- 12HUkojZ27/Vd1c/fWLlS6dS2uljdEMAt5tf9KfpRwg -QFW7@r(UXCGUWK6伯YL40.Gb%#vg3RYtSCoIRJʡH~FC/|%/i+CAG|/N6 -2ddK.+Ã{lؙýxSI6xs -cKdxl)Is/`Pl;@zE{==K?;?4_4sZ Ǻ^7$tjCFt1,-/A *;~A|n] |p \ No newline at end of file +-> ssh-ed25519 qeMkwQ 2Fz8aDYIDM4eZsk3TcxqjH6Kyy5tbIpiQ6g51yn7HU0 +dXMgxq8IElRA2BUB+H0+lnEoIFe2cizdx7k06yyRGvs +-> piv-p256 ewCc3w An2qh9XolYIfS6raBPi+X1nyOSKoPW0cC6OW+d4zKKaf +dfqUOjj8hUSsQUM2kHbG4FZvRNwWHIWsJd3c2fl/tKU +-> piv-p256 6CL/Pw A+ICDRTOb8LluaCvm1E/HEn6eDP+g/HZAebym7Jo9KLN +ecoa4ESR81XuIpMAnpY20IV/6N0nonFKkXBa/GIXCQo +-> ssh-ed25519 I2EdxQ LRT9glvKVQYTmmgsDTL++iry57ydE4Yphee2pDiBxDg +8mBHDu0ZmjOnSURnDDN7VjKqv7eq5wwSsC8GFQkoowg +-> ssh-ed25519 J/iReg EHwvMpHVmSquZZ6ts4rt5nllU/LSKY53DMey27LS+z0 +zhAqrWORyT84M0gwp8RValaeE694edXO1EX8zhcQIlU +-> ssh-ed25519 GNhSGw MUSLnRY33yIGShVmeqvKN/mQoAHxkfcli4Tu4Z9at0I +J3eMRdvGpxF9AlWxG7YaZOPZ/HxyN4cbiG1Toi7oecc +-> ssh-ed25519 eXMAtA xaUyXSWWnSsnxiGRAYLw3jrAlpfmplmXZYll2S7tMCY ++9Tc+pj76OoGRdbzpREuSEPL5W/McmMjYYS0QsLRWlI +-> ssh-ed25519 5hXocQ aIZQeO+JBK8xcCqc6NEmIdisHHXaZWt0u+/Dl3jSpCM +L/x0DGRLHGCQjgAS8s4rvbdFCeCHti8hYpUo6M1L65k +--- 31mE0lPvIY4VVS/mzuZ/4M+/LkzmNQGyxKunni4DYPY + 8ďRNFShLg8n +2!; j ˳;iٱn+9Ic9KK&OoJmԄ6߂닒(k4y'A/LXv=+eϩ=1ChH$^[كumҨV% WֹNw.Oq9T.Xjs#GF||J\t.bGaMQZtia83'/0$ Em9u!6K@"iِV+Z< \ No newline at end of file diff --git a/secrets/restic/two/base-repo.age b/secrets/restic/two/base-repo.age index e010244078930e25bfdb244b9fcfacc05083c5d7..7527459889ee3105545e86df0225f664b668fdf9 100644 GIT binary patch literal 1077 zcmZY6z02bS0LSscM~4jJ=w=Qa#L`QXG;hisq)D14ZC;zENhb5&G->nNqz!VTpgsq8 z!lU3Sf*?1Dn}eW;gW#agB))(SB66sp2QCMmqmO^V=gaTs#^EsB`_-vvl6-$XuVSc$ zf#FTCt~bLlKrjrZz%rE5P6OQ|=VJ7%OXnf2pE!8FE$zzZB+-#Fv_iXMroy{uhL3m- zP%N^@3U(l;NG)c@L?-;EXkmOM!y&%u9Ik+puTJ2x0NZMh6U^p0djE{C8oo9k_ z8Z8=#5oK%y`KqT4R`twE6jq252#@vBwd2YR8wrSrWtP}l*>=%3j(TR0Q6<3+#4YJb zSfFpaUR)t46poSce=M9?KyaFwg3 z1KNpgALSG7ind^pG*2eyOsu^oS4=uy#|DL&jVfGSQ9!uhsDTA%;D!W+p{Ll> z{VAn`-AII#iVU#ztg{Wfo|5=6nYp|TDE2|MrBFBa4g>R*B>6SDMS^;_V6(z1PA=ov zIV8;UioU9eP@;!1$V+s9iwss^mR{&h72C@Jw=9mv%I$+gh>-fh-=_1_Ksi8%CdO_q z<<7G3mZ&^#OQV#kMcp~p^BMvtuWG!!S@Ip|X-!*BdACU%0W;&Nk8NB5 z6U}Vkrj3R-d1Cr46CXOQ1K11`;!1HiYG(%XV0-Mwv?xp!Z=%ked=6Uy#Z$RFSj6>J zEwm)Mp+TSJ8^1dytB4|)(xyaTLk(>mtuuW*Pw7^aE0?I*c|i*RtBzEy!zCtCquE3h zoN#xj4^GDEkq2v}wHvd+L>b$x@xR}&jg|WvNUbGp?Wlw0scPGh(U$q7ibcCG!h?Cz zC;Y*7F|VGuT}%R&&_J|24iaAXWoWCpHi1xa$LUQpO@nmTplJ$Ivq0Uaz;HMOL#dC_ zP*2Uch)={SiapFI*0Bzkox)J)@AhO`D3pPPMp60(i QmpPjo=NAuNdbeNv1M&-T8~^|S literal 1077 zcmZ9|%gfsY008h^zJpOj!3VNS55mCGC25m3LHHzT(k5-vBu&yZ!GU?dA5GGxi4Fu2 zym*)|R1`s{hoP{Gh{D)OJnU2SG-0rl*D>(w!N<|>FZjXF^xc7**=1YQVV+&iOCLPI zz~Ho3Rl&e@hA0Z-y`9U)jnq>;jbX{M3sw4v&|#~3B~*?m))EQ~^$;&yE~hCMi|7Ud zrdA*t2WUH1*5skYOfqRJO@Vho-RdhyY&ve28wd?$0`i|$goi;fM8`e1ncAbKM`ZJ4 zB-l_j=QTP+Fym+$DJy!)aA*w`h0$q&G5fhgU^)j(qiDHW(d~xWb9IGy&145|Qe@SE z>!Jb;6I|-X1VN|@wEt&~ryMB$Ywb1=S+X>U9j)Bz3Zl(2&M5bADTB^vI*)5NT(EE~ zI8Y8)%-+VTNP_#axiTVu=}a(uHKFm;4)OzCj1w+R;0fWS{P{(8NIOTV*T`#h#>K~Y z*9Od5PZ$*TLb`^*VyTEE7x;5DLK9Do(;Vmuq@WZ~)vAbLXtA7sz8)No=9fYOZ^!KE;RI(AU;#AjJTkU_0_qA$`I0 z+%SoDF2zKNjnxu{w9cZB@8^^jBVCZu=QT9g=C;&J7L;VmAv6LFBTSm*L1`n9_4=-p zj69y)aC~DIvV=xH1b7|EuQRSg?Z^@LB<84;W>FPirt2}r(vIXIG#3|+Hf?~xV9XY}5&i5bv zbn*1>YZrbvdy{#1v;T|o`#Ya~`u0`j-H(B5CtqB@M16Pv)+ZlazIFfUlfQm@eSiJe YFaLP&ts5_VMPI#m=e5tn=T0vD1JP=2l>h($ diff --git a/secrets/restic/vaultwarden/base-password.age b/secrets/restic/vaultwarden/base-password.age index e2d9fc1aa4e6db2e54992f8785775cadcbaafc2b..19b7f81b61afba09ca57449889387e6038a9b831 100644 GIT binary patch literal 1235 zcmZA0edrT)90zdaM;6mEjQEM5j1qiUbK7lqyQBK)-FCa%!#!-f-EAw1-R-;EZMVDI z?s0=OABZAJiZFvx|44--3^NNcN>F^l{z&PM1RoND$o^1*D1T|c`m26_e?IWy{r>Q2 zsUQjrWi+-N%``TcBQ@qFLeZJ9ZFi%f4Z&~%3k$=5EBWE7%@Sq_vOT8PQGvt;DMJ@Y z+m~bF7?_Gy4WzN&M1c>*L$P8p<9HZnn10*BaGOYC9im=wTM?@cRS{oeWQ1@LgrL-a zG)wcM76c<<;AfPiAI8mUO~+L`U`fhKf#RSm3KTDxL5zWg#z--UmOGX#51CL}C{iXR z8$tA@S?3UMT;_a`1!j+nXM8mdiw4k(HKa|Ioo?!X7LqB&_&ICL#=ExMF@|+M5M(R{ z(-s1?le(U$;A$3lQZi3wJ=TT_$ld>o(4bV6V;M2XR?!6AXgOVu9@A(C0+FgB>5UMR*4sne zFXlR99k9cRlH|>jIB%`s>~VsgAOYG-*gv~&7oU!j&yFP*ySe!>2A`pVV!FSgcRxq0GKDt+t_h7Ck<_cpQC!JGpiBHF@o_ zZ;v_$muw@pogJL|;kz%7cXIpB2df+E?la%tJ$LrVnVtKH{mo;~t=UJvyW+LI57yn^ zE*_hDW#OXh?n}<{^=~+tQ=h$k_bGn!rPQUpPrtKis|86tB-R0!P6TSESp)dwF{V^3qR#P Q`uv%~fv-PVGrRJ^-vqw9-~a#s literal 1235 zcmZ9}{mT;t0Kjoj%34o`gpl@>vrvjL@3!4;cZ%A*ZFkRhx7~Kzy_m+H+wFGS?ryu+ z-67@=X;CIch*msQiYUetLPh;3Sy2knFGXf#q)=i-_F&ly)zgnXf58X7-?px$HA{7( zk!RS}Cfm`0Ad^UMOS*0^t#z{bdomL^6jE85uH&qv_<$ZjjdHDCC{H+00COl?=|QqFitYcjkrAXv z**u)oLPE`jNlbUWfUM+aU7)E10z}gm%JH0TAuW1F0(4Lv!zgaZaa$QC7=#jIHA{yn zB_;SGm7)nzap8(5T1^o%iIiJ#9K$c65%oU{CMrN}(E>W$$Yi^IgnPXijlgt-WmL!q z$68S6)3OkgjssL9k44~w7Iq;Cjd}!m5Emxk5|!Kvc??I_}bn zOqS|Q_#~R`E4rrlSve~DVL3l$Bhf9#)s{FO)@O@llGN(#*sOIjY{IHA!=~wnIyz`^ zW~+gb-6qGH1%-!eniO|swwFOhg4}1JrP>T&)HOXB8*k^Cu%W)bHp&$b(;te1F&we5mZNIPK8K~nKW8eb`T~EDIO6MUSgTv5Z8)s zqhMJ?GiETA^w^P-7o>vPvTSW}(Nay5Sj@wcB#I9Uep`?@wq25#42lUsoEtznv?2}^ zG>dq!9h4{zv-reVDUS`4SJZZaGYN*~fd)5Z2Pq`xacN@81VO8i20^X>F4giq$yWJf zJ`)LpA<2g0SeAQ3RE&ppDdmeSpgD_mX5CN#t1SuW(|m$$>NW{5UL*}tI;V_)vQGy> zYNkDbWV=Il!YHwgAAb=cV>AN_4AU1`Jl|8 zb(D1z)919Q$6i>q^5`{WYkTLy)~hT2n7lF>PyYh%xNi&e#07t0_3WN~YWu4nk6zqg zdS?E{17~-i`s{S=`0)+vPU_{y!#BOXo7H#CoxzEXx1SE~dB1T&xa-QDg80UI;nl(B zQ|GrY=(|4OkKMacn_9k0Jh}JVpO){q^!3@7FaNWB(~&m6a(r{$fy%A)vwIkP+FADc z$FFTDeG#m=&0mjQSIrmcV^i;;$3Dc?UHf~PIQP!s6I<5SzSMtx$-d(zw6OZYYlqfe zJvhHFb9C8-`KEf{{3DmeRde;Lo4%R8{_vy2yEisB+?cz+xbg5uAAI^`bng1aGl!yu z=fzC%t;*BemM2zQz2Bev+1!gflzF>-=C50R_~g6Mnk!GuT}pp%YX^T@k@<7C*!UMH CJhp29 diff --git a/secrets/restic/vaultwarden/base-repo.age b/secrets/restic/vaultwarden/base-repo.age index 875d74af8b3c7182cb0d858250d6fc80672933a9..ed02333cb4d4362f5c4350e212a112e6194142cf 100644 GIT binary patch literal 1093 zcmZ9~Nvq=o00(eKWtdklF5rMTkWo>FzS=C!c2To6OSiOX)28Z^>`9wu-|?oRBYF`L z#FIynLGYlUI5#~g2nr9pD&s*B4}zx|P{)(LPw?Zv=&s$fLo;pS+>gR1qtxw}P^b44 zkY!%awqO*6NMM=NvvCD%p|u8+jn?-?d?xHvwmoEmpp$B?W1}+lJUX{AiO8)v(eW4E zL;%}ap2!YTvwTG|6rNctEzfPF$%K-yG$r&Zd$78##eUg~VH5-GiZPK2ppeCs7}-%F zFU!N2C9zl;`Ie9IT7l-oUYV|8T&q~y7j&Wn?qgv!2q7JWCo^_C0GlR}nMF53Bqg22 zb-^@fI%`Wu=Kg14%(yS#wn7urVK%Tueo8M=mkf}Nx5-Gxh)fcvNC~nP!V+rH2Rqa5 zh)CuV=g`}-hzHu-r1&_eDxw>T3ogLmXe#1|a%K3{*%n2Zv+6lu;6$vq`Al;()1lzP z#A-Nz@oed?H=F>$MLyc{2X>A!ZYNLi9hcG#Mh8do~+C^%TAWMg^*>Igvt%Lt=bDO9M3- zxstIPLN2o`P3MqQ=mf-Z#O*96EjWh<6US}(kgD1YTp0($3t`K|x&D^YL@OC< z&T95%Lgf_T??{o~DfZe!i@s@|)lhE}nR8%W)78`=<;5zFi3T=Pfthbv1qnPH zrG!ushOtlA<1P&iIt3(fVWkWkejjbLv9!lA*oxYukoBkvWOku6B2`qWp8fOwUJq#5 zowR4k;U=!wtMpe*mW&N2QvaOIw>m)`vS?aN0ekNyV=1&c)a`h%g=nH zeQR`|eX;xX?5~GDJ{-OG=l4G!9e>4~Kb4-oas1Kg<(2x!udf_GfBI!TE3d!7-u&T5 m8ND_A?Xd@;N4|LL(z#D{^>Fgi$(0)y@3qS3&R-or@Y>&h@oC}! literal 1093 zcmZY5&FkBA0LO9gFr|mVP=|ttiin5O<*|8~ASP*&CQZ^LZS#Z*zobo*CQb59nuq>C zR1iGPhw)?JK@dbQo;E@B;to4Z=1GwaFHVFV)Polp>dATZ=U?#peBMW!^>Cd9<)PTe zd3GT$H&BE0hA;H1DjKd==xBt{{RQY|O50!P^J$VMOhUx#m=Ww4o{lZCl0z5C)7H;7 z!d_T-JEF+co{fV6p4SR|q?f+YkfA~sS|W2?H=c!|foQEkZ%D9rh~>Xp5jVpE9TEL? z%LQ25XW}$P4r-2Q9WI+&G)A(4IaSwNg4RaZ2Dp1*?jn?Ig&6Kd4XG(?0q_FJSPsG2 zW`fxTLTdt*&0B0H8YZ83w$j4Ee=LGiApL=r&nQH7alF|0unww5Ynzz>lcqCOeVU-H zP#O5bMn9^kvNvMAe2L9Po2AFa*uXT`S9NI%xzNBxG3)r)COtFuMWVt_SCmkG)fs&V zGiHn9aTq(=xF)JZ9(4YEH`+74z*I;w)=hmurHd-wO1%W8;ZTVfX>8*(t%!)hnu{{S zIXd?0Dg*c`%}TUZCj@m`lcCsLZ~DMum0Wg|k-RF$PQ@P6cHQrSv}c(PLovl58b=BKR3d+ag4 zFoOvYygBl}l50n0_Dmnmozl}>7{pZ6O{rWKgw=$VFt*79%%%9$8gLCLRBy8E6#-Qe zyEtk%DMb=l^0slV()J1&Dde1~Ct>ZcTb82p8FTvED01?^=!0|=1m+Q0ivzH>)8k`{ zl6*}ilIemSsBuyQ6F^f7PL@W`*>Z@5tSUCGsg=0wpokY|dL}1=Aa)4Ugvky^$T{F? zsW%)B`y9G2SFVo|*rpkEWR9ejws&MHldKZ5?dZY23FT-;2bR5epT08qup#hE-#z>1 zE7#ATKU~LdhZw!Ndgsmhr-(-)8GQdk_VANK^0z;}ITL>J+Am++y?3LtZr0s z=5Kw}Jb&@R*s!b3i__h|junR}Pxm#@9_4D!U^@1Ok#6?t)P diff --git a/secrets/vaultwarden/env.age b/secrets/vaultwarden/env.age index d2d5d0e9ae192dc971ded2bb706ab16a82510da6..c87a1685dc77cfe153cf44fae8be6b12d4c4cc4c 100644 GIT binary patch literal 2951 zcmZY8`CkkO0|xM|q)XdM=}>D(8C`Q9*(@_P_ubqRX_|YQ`)sBxDrMQW%N3DQNGB2- z5?bVpbuH^iMaYJvB6;`y@!j_?_dR+O0SF8n-m}$#5?XsfZ42! zlS!cn1SA2#F=jESc7Q{LG1)Z+7>`3?LIq%5riiFukcAm!iipS*a2X0AH-XP5I5j+p zx7fi|nqWdUo=&7OLCNZ5STabS!BVI-T9zFHN3o@HsKZJp(Fx%HY6g`p&HzOq0Wy1% z1ZD?djL?__lE{h>^RWUDj0nM6#U=qxmZ3&xQ4BT&5=_e=rm*NLD~jZeWrHOdMmd*& zg)uQHEUK8Jz}fUx2}|KLQ+Y_WPDzBqR9OUwBJ+PNWD*s`{KvA9(G-eAPZhzPc0#h0 z385jhN*z&e!Nll=47ih`QX!B+Hb=$ed#f`HMk!RNw`fF4kUm31rJ>9Sa7L2EO6KAT zd=Q3AkXVp%AqoNicZ(z_PMXC6@Zc5&mXF8)gOGZe1>?{pD|yKzObk@6LmABil#-;f z(gi#f4{G+d@Kf|yE)kBilT2AGgdA;r}!;NR=W} z0KjY|4y)A29a@!>jz+1GI+?|UH^O4L8Fr4D%#~xU<`@V|g;Wc@5jqqIE3`teU^hT4H}Ni}?a5jhf8Xkpxsa1tT&zz&aidFTsg; zDR2yi4z?<2|JGyz8peVFP~mnd2TC_`Wd^1R0Y}4?5Wbqvz}rlw7%3bg5RsfFxQfo! z+qvFEydjBUjge|GEIL^(RMO1|3jzs6bM+3Q6YMaU$O%@g-l1ed6#v!`N`YR&0;r5) zuGOiNTNA*r6gCN+iPVu%1RNP5AZcW1nvNycfedgo5(3eCgB5Bkhp9$dbUY1(M->~A zlF1a6SqqV&=*beMSu2L&k&I*>4#xG4i;Dv|)VwUaApwdtS}-`3+N`yscv2QRMj}ii z3W)+FnQB5|WdemzM)DShlmIh7A31pb-iSRNb3J~cwe$3@;Jsxv<;uDTD;|MuwkM;GcbB8FnqBZrUSDL42k4w*q z2yNfA9reCTiAZRiUfb1ixR3em9?!*Xkkv`N7w`*m|ASH8rB^bSs`5KuZ#5OVCxuqt zu~#gaJh!}iQ%h~#aMd|3Viq8v4-_H#Gv}d~@v(jXkL&Kw?SYtZGbav?9qg}4m>$}; z-RRX?zz(`6A1ObTmE(=5IEeA)|m&f}V`a~G^j?Kr-KZF5F)xWJ&{aBMa8 zN(J}+?XpQffu$Vsuy|qPpBuj~OTB+P_gKoxjqwjcWQ*kZqn5U3ZpFmSf3@w*e^1^B zIr%YWEOErm582V|#tQ*ID+lHl&Dg%1rk!1KDkOK!j+Vlllit~XFtAE;9s8mCu%*al zEN*%F^tGv~>iI3T(d|Wpkh7`I?d_f)$~)wTU0ybjf|F$W&CfjV1nqWGc32_4Qstgu z)YqCuPQ+6fW?|gr_wOim4|+#HrUr%Dd^dDV-T%pXbWUJ1Ye9ZDRqhh`n^BfILI@rb z4|+=6PXJ4mFAiVO6~?MJS5Mt}4UWH?|45Um>-8Ue@CPOO`hz*PkH}@gOBj%}roCq? zrNCL%QP<`f&vPxpF<{@#wUwKgykMV;ivAs;->>I{7~hx+ zpaP3uxMnlieN9RIsPTmXec(J=?8kjdB;6!e>FPp3OJGuIGTPTkCZIA5To+arn72`n#Z*WJ5#|9tXooZa97;447JNZDr_RZZd#|jwn zsSD1hKDu_=qd7SE^Z5-wd*7Bs?acQ2TJG{!)XLzKeVH4}-K%|+E%!PMw|oC8Vq9%z zK4V?hRnLK)C!C&hYEEiEfxco zn!ms1(s3_mYstI^%wh}wwGTtzSZxXT(Q_Q!>tk3(VMVZaE!Av zyrSowct{x)^kVZs39)|Wno+Hv((gA(%+E~D;UA)15d2?rbU*p@!^0ycBih9|kkNDg zEw4||4}X!ntjj;n@tEbC-8JV7u^8R2n|13^JUwExtt32sd(reO_E0{+x8vnfod+Qy zZL~Q+?0YJW>bL#tP3r2D*XLG>R7H|R%k9NC7u+bH$+9Wf#B$HhfQRqHLNU_F#GaT@ zC1{*8N*R=gZ~U`PloX%yJ}b!6-5?(R#&Hd-sN8@`&ph7V@F4bg4^SPjA??+YvWa&E zIq=@Y&XwO*h3uR$H$6(%_H?K4>hhZUV?lhMUAMy4Ct?x%Z9J18Of3;y(lKmO<`O9+);N)-|u}SC}Pl8 z;xgdcR`M8!n+hapn~>e7z94#78|JRM+*3Gi^Y?ig^_{2BLs-BlXkc)t@XU&{zwFMz zx9=T3v8=4GgO{;&QG@TT>nmhDXdj_`dR|ar6AV1?WbyYAz$Czlz4MYgKUTdgK15pm z;w|%S8bF84&)e9)*I!I`M$UeeKG4yrQ*?O^1|AnC0c<<7I50K!&g zPYI|x+NSa^phy~)Z6&HdN;I|gtDigpf5`i*tJYvC5%-3jNKtGn4ad4QkS%ZXzS1hb zI&;OB4s|x|(|AY^V>N*fnKd(g&rCFDnXx+ihkzARYj(uuPZaxDU2AUL$xY!z7dKaZ zo~PS-M%b#o?pQ)>4}V@;qn!VpsBwSs5r5aN#&w3Z7uExB%{$vM_8#Sq#LTWIl2+Zu zhpphR*um$c(E_ddK7neyz@ WFh)0i^!$BBc>k8-q1x5AT>k?d3HjyJoay1e~JI&op2-956)!b)VJI&P`&3%)jBx!AulCqhQE|erH zDMzVIg)W3Bd{%OYqN9YYI7F``8GuX@oeF&J&($VdF7!z$Y=>!xw7zrbKP_S|o zT?mhH=%6uHeYn}Cg^5f!8wkP{OWAlF6)TIyb7^KaU&r~Mrc+peIw&FpAhlw|Fe?Bp zr;zzf5(5TSBLqT~QG*YnYj{cr35t-|bOyOmsf|$U;#9G*QiKPQstrO2h;j-)4i!hW zi}Y+5j2Z*O*wC?N17A(TV0iKnshDO2Q~%Ej!B9Z-f2~+ns6!NomeCcEa12T;7Rb@z zp*A`xQfCxHDIk^H$QBX_2DF&N^}w3B77<&khojh1v@!wkf+WF%Lt_;&W)TzRVJ8G3^cI`~Y81(oa*CNM zMPW50B{7o4pyOg01g6qLq8OD18BYAOMu?1M5v%~bkQf0~>a9YxMWz=sq-G%#%{Ov2 zQl^P+k*QQl3mK)v*bH1I+QSrTp-Z(vQmvE?hKCYDwIr%mL1i!mdX<$AV&UQ(9F5fh zVMFD(pEW6;iZ-DEQWH}PmBBQaSVAaW!jC}Vg)%mqXON%?2D(hlaexpyl@tv9x7C9W z#US`%i%BYzLzGmgjA{WHa9klB3=v4lbS&AZ9^0i_HKyHT!k!&Re zON!$$^kSVYhJ?4X7#s**AvM9p9J|9x<5^$`jm_v0#FIM2Fr-6mB?<7xIF(YQ=Ne5i zmO+II?>A8$h0X9ZTv0#HDIpH#u#9*R?3)nEI3=XG~ zsAwLCuAq~x9-JoTsJc&**~q<>Bc<+{5Z;#@4vF_GaQQ3f+Ld42qLGjpBICW6wU>_9 zR1YTSQNQ1Jzf9iL#OtRubRYWUpUn3f`O+#N?QIfvvW$z!` z6YuUJI-2I>$LE!D2ig*&RIF>CKkvM8tn=WI-n-Ck?fI^;%X=AAWVY#BtNdy1PKmc% zt`_bOueCa%72W&bM+-KhpROVp30}pwo#U6ZTkEq1dP@SC5+1$vw_(zZD3EMze;@7f z{G|uS8*JnLr*{2-wjABEnVNeeB`p71H{(a*R|4^A*Q71(=d&+$S2D&p*=rS+k3R4A z)BSf=b=s`ax%r9~2#{Z_y$A35&hGQN_wi(0YwdSnyFgdq9-R@vlBB4bT_a7)N6K9_ z!%J2OJ=UbR-vVy?9A+5zB#d@gm2C;LlFvFaMoa!P=gwGWU609Dc@VP9hHLnm z-fg}aa$AV1Ep<-&s!j2Fn3l4@^XfwWtEMhc$?Az02`{_7bvI;Zo^8#L`vb3& zihMj^{QF7lVeK`wENT!6}4wR}80# zt3z6{Kk^#|DW?l>`qY(A?JdZdQhNMR67EjR?aADhqWWo%P$he-rql-b;;)0hB{6up zbio%(J6 zc;vlT*e;J2<9A}9m)}_GkBu%9i!fQ9J*_tbj%F4Q)mbg}yMFJv5u8N#L=CQBdVu7! zl1q!Y=9ZlJWl>^N;`Mf{@3j{@do#Y3l66FLxlh%wxY09@EZ=pw*6m{Xqy_uxQ;#&f zSnC3*^L(+pZO4~^BW0Z>)C*#Nt45K{l=Y8AJX26o1Di=R)=s$k@_#g;i@7 zl`D@XjK4XSW?x0oLgF3kiUPTn3pgzWKb8iNk}8#7IPAvS;0OF- z@fTUw@bb{>S!Q40-Y06w=R5wJPNhc?sL}Pwk9c>SW8OO!`T9Sc;3V}I)tm;SP(JlJ zo8LCnDg^MtqQJvv;%#BO$|gNsLh4_m%co7=ATi(Mon*8W@=oV?)_r59ak?g5XNCDS zx;XQgheDg9=iEC#Pd6Vh#{J+*`Q{GWwW2Vp8hh&qHT0j4?ks(MsyOfReC*0|NjaGp z23t!<{Km+aN;b#|cxZcQ+=(36ImL3t`^uA@z^xO}Fd76&GGh9kN8^6K=8IhBFcjYYBdmu5dZwuF&VI4RR- zcjwFnKA$2gd=3oYW?jr;JURFzW4@%~p5)7o=WBQEcP{Ku^sE|L$kedzuSr04NB35; zr;WJWYx>x(8Qyd{pnd52J6+M!08v@{M4zd3AJ%=d?C|(Juji#QQ$qgmgXZ!zb%ob4 zS3kpuwNuHOxijxnyNy20IWe%z4>&v$wTkA=$)+t|H|01r(KStIq%GPyYyXoPes=2i zXKT)lN}f-@x$W(IXEsIc`ew?`jL7KIftbumGvAzjGb;;)e_a*U)+9LDkua3uxM5u~ z_iD38>Z0L_wCCvfLuow|sxU-mmslN zkD!h58nSWwXXlN_?wj77s43nUYTJQ4@vt=f+}hE&ufVhYFI<8GTGH?Ux z5fATF6IJaW%{woT#8}Piy^(rpXW4Yy(`UQai)*~nE4~7Pyu-$iXGzY-$qo^>P?ohv UY!5qgVQ^_?JJZ9Nbl#`;zj%QuYXATM From b7f743d60e5f160612f52fe985e6fd6c6ef840cd Mon Sep 17 00:00:00 2001 From: korenstin Date: Sat, 1 Mar 2025 17:31:44 +0100 Subject: [PATCH 19/37] installation de periodique --- flake.nix | 5 ++ hosts/vm/periodique/default.nix | 15 ++++ .../vm/periodique/hardware-configuration.nix | 32 +++++++++ hosts/vm/periodique/networking.nix | 53 ++++++++++++++ secrets.nix | 1 + secrets/acme/env.age | Bin 1304 -> 1304 bytes secrets/apprentix/root.age | 37 +++++----- secrets/common/root.age | 67 +++++++++--------- secrets/neo/appservice_irc_db_env.age | 40 +++++------ secrets/neo/coturn_auth_secret.age | 38 +++++----- secrets/neo/database_extra_config.age | 39 +++++----- secrets/neo/ldap_synapse_password.age | 37 +++++----- secrets/neo/note_oidc_extra_config.age | Bin 1555 -> 1555 bytes secrets/periodique/.gitkeep | 0 secrets/restic/apprentix/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/apprentix/base-repo.age | 37 +++++----- secrets/restic/client_env.age | 67 +++++++++--------- secrets/restic/jitsi/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/jitsi/base-repo.age | Bin 1081 -> 1081 bytes secrets/restic/livre/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/livre/base-repo.age | 37 +++++----- secrets/restic/neo/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/neo/base-repo.age | Bin 1077 -> 1077 bytes secrets/restic/periodique/base-password.age | Bin 0 -> 1235 bytes secrets/restic/periodique/base-repo.age | Bin 0 -> 1091 bytes secrets/restic/redite/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/redite/base-repo.age | 37 +++++----- secrets/restic/two/base-password.age | 37 +++++----- secrets/restic/two/base-repo.age | 39 +++++----- secrets/restic/vaultwarden/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/vaultwarden/base-repo.age | Bin 1093 -> 1093 bytes secrets/vaultwarden/env.age | Bin 2951 -> 2951 bytes 32 files changed, 366 insertions(+), 252 deletions(-) create mode 100644 hosts/vm/periodique/default.nix create mode 100644 hosts/vm/periodique/hardware-configuration.nix create mode 100644 hosts/vm/periodique/networking.nix create mode 100644 secrets/periodique/.gitkeep create mode 100644 secrets/restic/periodique/base-password.age create mode 100644 secrets/restic/periodique/base-repo.age diff --git a/flake.nix b/flake.nix index c212442..635d62f 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,11 @@ modules = [ ./hosts/vm/neo ] ++ baseModules; }; + periodique = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/periodique ] ++ baseModules; + }; + redite = nixosSystem { specialArgs = inputs; modules = [ ./hosts/vm/redite ] ++ baseModules; diff --git a/hosts/vm/periodique/default.nix b/hosts/vm/periodique/default.nix new file mode 100644 index 0000000..e0a5ea4 --- /dev/null +++ b/hosts/vm/periodique/default.nix @@ -0,0 +1,15 @@ +{ config, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + + ../../../modules + ]; + + networking.hostName = "periodique"; + boot.loader.grub.devices = [ "/dev/sda" ]; + + system.stateVersion = "24.11"; +} diff --git a/hosts/vm/periodique/hardware-configuration.nix b/hosts/vm/periodique/hardware-configuration.nix new file mode 100644 index 0000000..07f0ec4 --- /dev/null +++ b/hosts/vm/periodique/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ad1cdd57-44a2-4e1c-83c7-8810a567e0f7"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vm/periodique/networking.nix b/hosts/vm/periodique/networking.nix new file mode 100644 index 0000000..b8e6068 --- /dev/null +++ b/hosts/vm/periodique/networking.nix @@ -0,0 +1,53 @@ +{ ... }: + +{ + networking = { + interfaces = { + ens18 = { + + ipv4 = { + addresses = [{ + address = "172.16.10.118"; + prefixLength = 24; + }]; + }; + + ipv6 = { + addresses = [{ + address = "fd00::10:0:ff:fe01:1810"; + prefixLength = 64; + }]; + }; + + }; + + ens19 = { + + ipv4 = { + addresses = [{ + address = "172.16.3.118"; + prefixLength = 24; + }]; + routes = [{ + address = "0.0.0.0"; + via = "172.16.3.99"; + prefixLength = 0; + }]; + }; + + ipv6 = { + addresses = [{ + address = "2a0c:700:3::ff:fe01:1803"; + prefixLength = 64; + }]; + routes = [{ + address = "::"; + via = "2a0c:700:3::ff:fe00:9903"; + prefixLength = 0; + }]; + }; + + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index bc603e8..b7a9526 100644 --- a/secrets.nix +++ b/secrets.nix @@ -35,6 +35,7 @@ let jitsi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6jVMIZ5y2oXX9HOkw7r5UUjw95MlFaFuu7FnEC0Q8z root@jitsi"; livre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVfKNokHG6ig32hhQxTep+fKFmKahlDClPrX/dP4/gb root@livre"; neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGfSvxqC2PJYRrxJaivVDujwlwCZ6AwH8hOSA9ktZ1V root@neo"; + periodique = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTdfSIL3AWIv0mjRDam6E/qsjoqwJ8QSm1Cb0xqs1s1 root@periodique"; redite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwfVmR3NjZf6qkDlTSiyo39Up5nSNUVW7jYDWXrY8Xr root@redite"; thot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKNg1b8ft1L55+joXQ/7Dt2QTOdkea8opTEnq4xrhPU root@thot"; two = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpaGf8A+XWXBdNrs69RiC0qPbjPHdtkl31OjxrktmF6 root@nixos"; diff --git a/secrets/acme/env.age b/secrets/acme/env.age index d16172e90df8d0b9c75c0152269cf2b8de697314..a550ebd3525b6edeeec568a7870a842c82acb1f0 100644 GIT binary patch literal 1304 zcmZY5%kR?!0KoAO^)me-h9G)SDk0%8f41w^Zat{9dvxn->$4c0_UNp#!%n^OJA__1LyN zZjXh8lh81B9f{4s>1+VXlMtg9Q+G1W;(AxE6x^ZHCqtuYnFA~es2 zKIn@LFUS|XyseE@Wul=ugpD19%WIO zW%ZHQ7nE!YOA|-Twb}~nwatcPmTYAnC5@!Y5ra}ao{6e68>wp2nb0GC|MW87Dvgjl@lPcY;;W`YYefri4QydV4 zv7}9vViiX^5dhFI2R<{cBzpRLZS(&MG325TvC(u zX1yKdQO-=_vTbx~Y)O;;cM`GXK;r?k8x~R0B}xnldbWZgYIBaKs*1&>TA!Bhw9vZU zEinTk&iO{r4n!C78;MNIH0DHnWro2HMW+2l$}W|z3c0J(Z1tB?fnDCcK<_CeC-1q{y?Fe-zYaf`13sJ9{Q9*&HV!U5d;Zp5 z?BJI86+gYPf_OJyJ3ADB%Li`VSib??dYRS_eqU5x`19SnuBEG+ZucHJ(p)`PyZBtR gy1sR||ID{?|KgK7$uHLJdhk*5%A41Yoq^u|2Q;q9;s5{u literal 1304 zcmZ9~Td3Ov00v+mj&l}7aAP_|%y23*o|87WrZ}g$wN0Dm(j-lq;V?;aX_}^&v?ocu zAvpHnU>qOzFxgc&LxiD-B7%qMeAqyT&dF4ep)hq&ZfWHB^FRlhiVyyXp=*hDMJY@YLC=LA7!2 zrU2T?G;`5g^eI(iT)`k(3=ct53}5w3K@==Z!z_f!SyGb=#5~OUMA{EnM4rM8YC^%3 zHMP47QXiWjM2{D`HRq6w-^^}y8~0b2$1sKiZb~~y3Xt=fEzL(AIEx20m=?UEtIv8a z!&<&A(lrZ(GZ8~|wH*o7!YC#%2+TOL>1s(-8iL$HF1DyzkjyeVF6MO5@_2hfPwM}- zaGHmtO$%e~i4`;(GgJ*L7^out0uTEOhL212OfhvNtth#dYx7cEC}Q|fOK{(m$qpUj z60gmS#VlnO4p}9d`V4GH6J_dD)pBv`iX6=LG8rI2T++*>-lW<9L$d|t!hq6ABR9Hb z4k3A2B+`~abpzaB3%pE*P8`uHA4^S+H4`S02BW4cXtE{si%&6R&4kT@>)`0qL z*9XYSICk9}$LAfg9@S`2ZNNdV)hs1*Dj84|8i*EEK`~Gn6`GB?qBJ}qh4HbcMghsK z675m~P2{eXkRe-lUAk{2#^&-{wVDtpwG@!;mK?gmlp=IOg)6AgWZ4-`m6R+JZLZjC zsxS%K1}3)Af08$&3LAl{xCG#95_S)1kj zlt^^AW9Es<`hKrgiPNnb78oN(2I4TyBfHyn=&~Xheh2pOmZyk|Zh#OOX=RhloK{Cw z!%~TY*Fc#L%=2Y0l`9K!8al0nk;fv68IC?7=z;IclR-U@2AkUQ^5*?VI@hNm#McZ{ zid+&huvEcgw!M%7IAK{qy6%d~Iz#dT#@IfB$;#{M*V~zpech{O~ey{fW-) za~Gcf=J@*lI`e(`@a56xSMcG@!@-H~KG=KzGY|f_R;R(&V%sJisrE_LsxcZt%;Gr*}MC&l~BrCUEQ9qcj+{ri=lE+(&AGxV!3 cw>=j8as34IfOOP8_3!-L;qANc=7?YZ11V&^EC2ui diff --git a/secrets/apprentix/root.age b/secrets/apprentix/root.age index 3a7bb07..bbffde0 100644 --- a/secrets/apprentix/root.age +++ b/secrets/apprentix/root.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 cZNEGg cCqVXLLrHvanTMqXfxGd0gjoMj51K9T8B8fJkQiUE3o -N8bANPITpOunRC0fLfqNLyfpd17xKduK9EtZPMaROpM --> piv-p256 ewCc3w AxxJaGKhvBGfTAW6NMc0cIT7A66PGugB/OeM7wU/9Inw -Sg/yKPotg9CDeBGYkG3Pgz0RBJoz2Q7NRZCDzslR8Hs --> piv-p256 6CL/Pw AzPWMMEuvSCThR+2/4nbYU6iMJhQXhxPuUwtf3P0TCLY -oEdhbI58aZd8ZinNiYBBgNzmWnowNBsxEQkSUOfU8gQ --> ssh-ed25519 I2EdxQ 0RgVUxgyBpzBlc5UeLkDGo7VZUy6mPQFkxAw1Z6Rbm8 -lTk0OiozJ/0XrAnHkIVDC8939mtfla2iNPJLbvc10Lk --> ssh-ed25519 J/iReg 0AxRISUbavlAC3HMApLzemQds2KbIqB2F0pj2unyFxo -iwJy44Hkk+Hjj9lN7BeNgv4eINkrKMUT3lrP1s42yR0 --> ssh-ed25519 GNhSGw UjDNEUVLKgktYlvP1jM9Lt03J68NCS5J14ZzcbfBwD4 -2KxidMac4QtQlOC9npD1jhIs13AjUcRcY7R5jGzlbck --> ssh-ed25519 eXMAtA BTDHGZ+pCtn+0g4Sqjw22QjqkTbypABDcp+SdsZkcUM -YPGwUfBFogZfFwcsVfTEI5ctJ6N6ugL01sVLyVLbaxA --> ssh-ed25519 5hXocQ ZE1YjMEagjDGHpXnSRGxgkghVqvpHsMs2Mcvx/s5yi8 -G1P4PFbANHdZBuyDuJPkjHcrxyzefOB3MbvUOGyDpUw ---- DALPeLry56OdM4CXWsbdJIyWxywt6RmbCqM7HoCpCeg -$3֒ڠ<,!hj0юdJC^^Qr lB.U \U \ No newline at end of file +-> ssh-ed25519 cZNEGg OHQQ5F1ma1AbIoenKk2UoLnqWzRnScWz4sYR4/eIdVg +p3ANTawps0YNyVnvIexifpr8G2oZbby/zdUvzbA6hbM +-> piv-p256 ewCc3w Ajz3z77IwyebPTpBlX/cBN0kkdrfOjfQlWjxz7fxowe5 +4iE3zShV+rNitucgX2DJ99Yi5M1Gp8rbijg3MsRT5Bk +-> piv-p256 6CL/Pw A/JiEgls6VdU+goIrYfZkggfFhRqp/e0UjKmcVEfzTjA +QFHMbZ9da9CFL30YL90UUqp86P9heVNBraCa+m7DZoc +-> ssh-ed25519 I2EdxQ Ke2y227B+sYi6/5/O4os37DMPOGM1ATkWKYpLCpXvQY +VIhp5uKGHYE2mhv1xTMfOvxWbhYpC3eE82gkkHHDXt4 +-> ssh-ed25519 J/iReg vKbLENYkRIc9FupC77Y3Gs7Rj72O5zL/pyS/vP80Pzg +4ClQjVWogZsAj6Fng36FSTh9XjbZ4AleNVMP6F/fS60 +-> ssh-ed25519 GNhSGw YcQXzvHjZ9qco8LbMdwo6geUHgPWOm2gh8nDhbbFd3M +YD3YtJFORFg7ls98RPczL8k+Knfxm19wUiYgTTcUb4s +-> ssh-ed25519 eXMAtA pKQUDlA6tgllual2auq4Dmzk9YexP1zfY6v/zioVaCg ++kaRb19L47MItVwx8duaV2prNeGkN6HDEYNOmStsz+w +-> ssh-ed25519 5hXocQ 3KlHl5yNXS6+aiCGAHaO3+LUzi8fjSYQjkFM8tyWyTQ +qmwIPkMOwTpLoihBtKBLuACthnw4M76RreZCqdp0DkU +--- kl9NXKn0+sIA5/41/P0WBG/uajpGNPEz+hPSoJMolxY + +ai&%:GԪAOdwϣkVZ@sb6Ҙpa?v4K5)t \ No newline at end of file diff --git a/secrets/common/root.age b/secrets/common/root.age index f657bcd..8625a46 100644 --- a/secrets/common/root.age +++ b/secrets/common/root.age @@ -1,33 +1,36 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg PuyFIx++EQB6LhrKUTSwRI/rDKZWWg2gkVRGMVQrhEA -aYydV+Ph/RL7IeXZEE8S+1WXMJ0AacJ6+MbBtomWqhM --> ssh-ed25519 iTd7eA XlEYPySuo/PKgd1zeUy6/HOnnKDkKyJRhtT1ospAmQY -HzDt1YiYtrcquCWeYlOsYr3YhhG8MJ9TljVBLRBNPQY --> ssh-ed25519 h5sWQA 5KifKrJwYVwQe1hW6o1BjpOAXyrTCaycrjgLyKSygCc -wSLtBJSiC0cr4BrAL8i9RRhZA8ZC37LtfrLA9cKzbVs --> ssh-ed25519 /Gpyew Oq06K4RjI9izhx2PPPSRcf05k+WgVRBF4oA6YCJfMAg -jqtPBWyf9vZYnunQUi3a/ZGAP/2fx/KN/VqeZujUxog --> ssh-ed25519 hTlmJA rduNY50g6IZgpYRmSS9GJqV8RPefRT4RBSBRYYOL0BI -WtKzp5BxjRPKypMT0CeXXRD8IygLjMbB0bMM82T0E2Y --> ssh-ed25519 LAIH1A HO86dJfWvGiCV5AjSpoZMpM1tWfr8tnwkvhC3lsb2xM -Y0tr2ySsHGNfSCQYFHZaJAeV2YS1XvxmOpFK22h8asE --> ssh-ed25519 qeMkwQ R5CijMftsKNSClF871ggg7PcTTRRY+L0zmPv7AP6Unk -hiTKMCFrJVUhSbEGrGGMvCgG04FsBGbVyZRdOqp4TXU --> ssh-ed25519 TqxOLw IM8fkgZv+B5eTYZwpckuABGUiOXyPPAopnj5BBSx6Dw -HkxbM4AjhZ1KIaY6ugCztiGj29xQTL4kh+OnPyO5fSU --> piv-p256 ewCc3w AgsDHsiNo69oTayVXasrpZK2Tjas294WpHbviaRDkfHd -1VV6e3FnC/r7u/gSNxuGgQ07saJA8lj4hVPqYIDfXHY --> piv-p256 6CL/Pw Avyn7WzCr2reAVPhVYPCNZ8LxAIVVIR2vl/u/OV4WKtI -OkSywpxyrvsvyzTXC7T8ZD9kMuDPKk356RPrKcPZ4g4 --> ssh-ed25519 I2EdxQ W3xXfPf3VlRhaNYKHBbopWxM1f2SPba/Caq9LrLwuBI -Y41/A9/vLKjUmlzXnNdBETqiruSJjSRQyQ+0nPkAnCo --> ssh-ed25519 J/iReg moouU1scj2ordop9DERldP8mo3M1vbtfwfkerY3KQgM -oW1tff00Uxg85NvdgZqZvvSV4n/1neyQvvFMPxG1MNs --> ssh-ed25519 GNhSGw kt24V7gegcXxhb+3WJYftAXCUYuOolI/n9m6OdjtS2s -AyhmFPQKcyTnSGALlQ9nB5oI1KJGlN7lqurksAAq/Fo --> ssh-ed25519 eXMAtA wZ9ta9ezsprCH849EELDY9IJmHwpjqUE8+S4H1X1Ci8 -CLgkU1aQVZgVcKYMJk/8M7uXS+zieCM64nsZadkO6/M --> ssh-ed25519 5hXocQ P3a5x4r7WhfBCpV7b2gi0d6hIcLbvefsCJu/YBpdmzY -6+RfKKdK00zY7aXbmNAeSruoaMA08Mptl7+P1jyn0UU ---- 01givh+zY0K5WX5OuosHbZ2V1cnutJfx1BBQOT+LHKg -9{9\7oy3!yra|*cUO96ϑ am&]$?.c How \ No newline at end of file +-> ssh-ed25519 2k5NOg HOeKe2eK/aS5I03IhDzGxNmTYjsl3voLEZzo1Eo6tU4 +5kDl8YdkXlldYxDAA9d7ZY7U7dDXK90gGlC0rZbKssM +-> ssh-ed25519 iTd7eA 4b9kmbrtMR0wqxGPp+zSinQkBrrpphUqDPU8znOKGgo +OLhmXA+tWFeIXvjHFPHxcqT4kI3u4ZjCkqQnh9jjl7U +-> ssh-ed25519 h5sWQA 0CdrNIrGvOV5MbbruvofVYSSvvFZTo2NKIe5ObGskRU +NV8yW4h53LbM4z7h65gX6gjZvSzrMES88+TigkNYsjI +-> ssh-ed25519 /Gpyew rzL9LqVqxaBtHpXV/J4waJtYKXMfYENvmPTOT71bxk0 ++BvI574uhXeYggaCsCdk41ngl9SmDDMEkIM6Y9gzVXc +-> ssh-ed25519 FtI9pg 8qEeHhQb1Si9kAxbeHOj2S5cAOxRKIxFI0CDBhRzLwc +Zm+ecEMJf+KybsIPZPhwm4IM1cyb3mu8OeuRebqecdA +-> ssh-ed25519 hTlmJA lumh1xqYQtE9dgi1IWy86u6BURcR+o2skd1Qv5VJYTg +58HTMO2z80oGNdAJbP5+8IBiHPyux6rZGd50jfG1xp4 +-> ssh-ed25519 LAIH1A hEZ2oJzLTpZjzKHohaTjjv7a2eZXa8sRioUY5doWVFo +63wnlO8v8zf25z+Thu7b/SbJxHcb9YXkhFlxAscgl9o +-> ssh-ed25519 qeMkwQ d7iWnCnWqlI4zahgvjgqsihXoyivln/FOCQqnYCwoyw +H0a0zCTE1cW5oW+aTJrtBnVGJLxsfjmGB3r9FyWl3UA +-> ssh-ed25519 TqxOLw ctsxZCLOpeALmB98dzyiEq2ZUOxAvxHUKSR7qbzTjwA +apaDGw8eBs0BNPoi0qC7FR2Otqr7m3vby2M7F3cbHbo +-> piv-p256 ewCc3w A8b7dyXfbD02u9w3dR6O5zI38vk5ugVqLDCENdcQfY/d +OETvwkXXQZWUeOiqpOn5IZ4c+EOAaZFFehWY9vGqCd0 +-> piv-p256 6CL/Pw AyHxDyxvA9gv4d5be5yXnGGavgeHITRV1x1gNiY5z/cz +zcXakgy9Hr1R3eXrgYI1t8RozOjlAdUh/lXS6siL/MI +-> ssh-ed25519 I2EdxQ hXSBASbQg06854UxXOGnTJBRMXiehol3KjIG+LU35wM +cUsysgvO/y3Kd/iDvkUPyHkiFS+J6gDKMMIXSi2Yr60 +-> ssh-ed25519 J/iReg z/L3B+/EL7fW2t3MFGDLn6+2YzxhQqitFabi7GVjsX8 +nHyC+TpPKb3Iqm+YKXt5otuO785f1T7E49hWCt6zOSE +-> ssh-ed25519 GNhSGw VDYQnBCfmDZbirQRkv/miOU31TYZafRxckltnbGdGi0 +j7reZzDf3SJTzN1q8xZY+LMdTncli/5ia9aBi8yt4Zk +-> ssh-ed25519 eXMAtA viKyTQHsrPGy0MLicGAR/CzOavCyTgsV5KNnydNRDDE +m68TXreCwUQnhWbBqxAZ0ujYcn4kXKmNb89/2+0OAuQ +-> ssh-ed25519 5hXocQ tHX/UfzefaF0YPdIUja4weKyEWv0LWIFaAnpLODMbDE +0ium7CQZBqQfH0s90ArJ+3FEp6EARZSqcet365TLyI0 +--- PUvC1MJkkbgfTeLAx3F6vSb3WzBmUX+QtR0on6Svvck +}sޭR*dv +u8aBc%*+<:&ڠjD^/~qͪ(F=g$ \ No newline at end of file diff --git a/secrets/neo/appservice_irc_db_env.age b/secrets/neo/appservice_irc_db_env.age index fbac516..45a9099 100644 --- a/secrets/neo/appservice_irc_db_env.age +++ b/secrets/neo/appservice_irc_db_env.age @@ -1,21 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew oiueq/kpy8n/iSGh8nnCvMXn1ArLdp0B8Sr/zc+dPQc -3CCpb3SY5sKYl9KDTXbAgeDSonPc0m0BwFLJWLxxGlI --> piv-p256 ewCc3w A4hnsq85ya4+SeJCh7hmpRHt1B73xNS9nV3CW/x/1beo -dAQIsw7vVN+Kv3vKEHCz85ImKV5AuG3F0IywtA8t8DQ --> piv-p256 6CL/Pw An3unvmk/EQjUBkA3Hn8FDXfB367jlHJ4qMCUYC0Egmw -1g2cQlMsguOYyiXPO/9frbqiHSQzGhaOrneBoxP0OM0 --> ssh-ed25519 I2EdxQ jJ/4pnzjGwwkYblptHKt8AsIVea26pVd5XpqqoPrjzQ -wa5pTx6WF74ChTRE0h0mrGf+agjZ/PbXjgmmIQ5WryQ --> ssh-ed25519 J/iReg baeZG/Rtj6WcnE56gZJQUMXatdbYUkKwWM0xN521XHM -joEmhBM5kRXmfE4bH/N5ioBat4pYNUXstaTI/ZZfjtg --> ssh-ed25519 GNhSGw CU2QnFssTK5ItonbVCFzvP4DiAIlnzZNxCF8rzGJpnM -Ri35ECruZlUR8qgMIzoTeuDW1IQD2ch3n5zEucBMBes --> ssh-ed25519 eXMAtA 1uJa+lgJHfpfA5LktUo2DFA/3kzJa8vVjaO3qmxwp3I -JSmjw/9iF4QVdyE1OZ9EY9R8gVXUF576G2uKQxMNdok --> ssh-ed25519 5hXocQ u8iHMYgWQfJn41y+AK+W5CAGL5uotgKlO3GezLb7egc -UdusHwDzpFsxfD9ZSslU+izrO4jCEHmMWzUAkZ51ruU ---- rxz0SqY76mfGmCS3oPJnKOlpmiIMu4LWnTZvlnglsZE -B\M -c"B`qw$塀a@MtS>7fmwqSp ]?(~.l:@M0ܙc^ə.k -N{֝^f5il xȢC;'J= f]eXM3},6Ǒ\ւ.شUJm \ No newline at end of file +-> ssh-ed25519 /Gpyew YVx7IZ+WDpGomt0tU3+KysRGtOidN460zNNLuT61HkA +ELYa1OqUFYqOqMrEyQIfUUWXWhYqCy0s9/SmOVFUvFA +-> piv-p256 ewCc3w AjjDfaGF/im0hTAtKcNCzEUi8hM0VJj05y1KA7Fsz+d1 +Tur19NeaxPBbPEN+6zAnOFvdGuQVC1VkbmHlfikHT0I +-> piv-p256 6CL/Pw A2dW6q45SBlXUKA5vTDDsXU4ZOSaAV2htfyMJcWTUpoO +h5yO5/9QNEOB872c2SdSbUZ7vRmYS1HTfqKJgZRwP8Q +-> ssh-ed25519 I2EdxQ toLPTW6TrKZx1K5y1mN3gODSFpVfT4KU31v5XjJOQ2s +Do/p+oK4axHDjSfTVWtcdZRQFt2OPps0n9cA4Tp6lBo +-> ssh-ed25519 J/iReg a4su4Gi/kohEXVXMZszlCWEQlkHNmLOH1t1P0Ssuqlc +03enelm16WI1AP4vAJbieDNGwFQSw52WeZ+isQhWQ8E +-> ssh-ed25519 GNhSGw 22EAbCwSIY3SirGolGVRzvRSE164PFD+MOnr0aJSqVQ +YMeQhP95Bi/e7oNri11/W86b0ALkSyuFJ+hptOUy61g +-> ssh-ed25519 eXMAtA sWsPopzbV8Ls82wmBwbnV5hCAlznq4TWO2paWn2RnRw +eDlZQr1F3FtuXDqc84vD3QUZzYNAsJe3L4Abw9Oqxnk +-> ssh-ed25519 5hXocQ u7/+FfeY9SwM1wuqeOHgsYpq/g/o10+8Q8AA5ODBWRk +mA1+vo/7nM3GyrL5UtdyOwpTHdVcZQ8mtVX6xuk9cmA +--- /cchAACEC4BclR+km+6nZZjLkIteeIG8kt974NLjwlw +IFb)HӂDH2Co c(xXgPiVG+!H5Yn4jIfJdMK5GՔף7_!oFlcݓ/UNsmMӱ|o3 +E@ +,2?J{?7M|S ѷVWӔ| 7l~2ı/lP \ No newline at end of file diff --git a/secrets/neo/coturn_auth_secret.age b/secrets/neo/coturn_auth_secret.age index 7cd94c5..96b8f11 100644 --- a/secrets/neo/coturn_auth_secret.age +++ b/secrets/neo/coturn_auth_secret.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew t5XHS5ci2UuJYr7c10Msr+zfBfWTjGClnYkM565wPUA -hcjj+WPvjOp+PdJKHnb9AwYE8NAfudr1b/MC0m41OEk --> piv-p256 ewCc3w Au9TM56jPaNaRFs3lZaVH94ZVoeKL93OKocn9Jt6BdEG -svbg1OfmTFBpjak1tgB3CNdoUVG6TkLhAtpMSB8mZPU --> piv-p256 6CL/Pw Arkhx1n2Ko3TMCEgMqy1/2KK3iYI1Sd+PCnKyvmlnqX2 -kMaFudKtU4B5VlpIpfDHpHvmHyyPJJBWSQQ6JWTJc2A --> ssh-ed25519 I2EdxQ 8RnUMwOXPN8AwfJVBhIqXiR58gWC6I2PZh4pYYEFv0o -8PjYugyCgXuGBiAjlLcbCEvJUomw1RNLVHaysIt8PIM --> ssh-ed25519 J/iReg 1vSW1OEwB+sORjqwbEazCrH6q8x/KPtLtGzBUlpmJT4 -LY9HSBHJxOz1UU96Mf5Toht24D/MG09OyY/hR3Wdr2s --> ssh-ed25519 GNhSGw Y8+cu7OdM+TY6qcrDjGA+sEe3ji1ICSan/bmRmVTCyc -lhMcdwMAWepMUiij28MBryKYTfulsPnZHdWW0X+DX1w --> ssh-ed25519 eXMAtA pytExWidCIuxny3RWUxJ5vsyd3LUZ4m/tSbk51AvqUE -jWA9YWl830bJBfQK5yxXksUjc4p2S2j5Tnk/6FN3npM --> ssh-ed25519 5hXocQ RBGSM/Fxgf+MlWZWT1BFfAx1Ec8Qmj8WBb+6lo/ECh0 -PRMInIp2K3oSR/qKQGCYW2joLC/Tubukt0BGQRya43M ---- g1gGX8nZGHSNA7e2vZMnoI+b/pyMUvCTvcxk1RAtixU -KyPW/[mרL;5b҄rxѠ37ByRH)6VՕ@uA#s X,''~"TaК $[+z,W,) -J(2oʍ( ( _ \ No newline at end of file +-> ssh-ed25519 /Gpyew Et49nDjhbRkh06DFrGovieoWR5iNzBi1l7pTyD3j1jY +57vJaVyfHjtG2XAs+hE2LI/WbJzlE295CA49L9KjxWM +-> piv-p256 ewCc3w AoBV+dmdrW0Ow1h+ZkAXgY5MKwWiA9BXgXxIM5EMlyt8 +I55I5toyuydCL27xhLJWpqqj3ECc1meMI1Z850RZscU +-> piv-p256 6CL/Pw ApATHIfJbEKDjvo29B+7epLKoCd+gK80DrMjEyvdRArC +lzavhdArQYw0V/Z3qwppLqZR1OygpEg6JiCC4Q86W5s +-> ssh-ed25519 I2EdxQ /4eydVpTt7bBvW8FjSi/U3t1e2FAW+3JWIQ4uqxHTzA +jRHXSUf0w21NGSn0wtsh9qV2hRBxJ8NZ7dN0Ij9rtyQ +-> ssh-ed25519 J/iReg uIGoGuISQidI8jNgboWz1wFj+VFa7e1upAaRcghR3Fc +EvN8pLc7U2joOc5F3GF5bGZWjcZSe/RblJQjliRQ4l4 +-> ssh-ed25519 GNhSGw OcpDZOf1yyh1OGD5j2wF0DwOBux5W1SZBoXMKz8SKxk +HU/Tz0ptYe/nPubvX1oYUfmLy164Lem3GH/wU7GOY4w +-> ssh-ed25519 eXMAtA DQ481pQu0Oqz/2qXP8Od5X1xuCs7g7gfvebin1cXgC0 +yk1NFtpKdmPtI8rHu3daA606BN8bmY4cDrD7bXxd9K0 +-> ssh-ed25519 5hXocQ Uo5QaTldrw0/OwFD+dIo5rdXn9lUEy2fFkF0w7Tiems +c2RuQp7XU9G9Po4LW8wVExSVplduaETuBXbEQVPP9DM +--- vUHoNFNtL4s9rARCH6fWB3bi7AvFKD4co7pELtgOodo +-+Vk.?Eag?M /THju1W%d6ΧۢFU?'Jx.Z!`c> {IhjOG~?n|LL +292_MUY>8 \ No newline at end of file diff --git a/secrets/neo/database_extra_config.age b/secrets/neo/database_extra_config.age index 4020570..99f843c 100644 --- a/secrets/neo/database_extra_config.age +++ b/secrets/neo/database_extra_config.age @@ -1,19 +1,22 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew oxBHCp6QJujtsbQ0mq/lchD90bEJRwohyMS1akfEGSE -IF3f5/GxL//DemY/O0+e3iTC5VE2vPrZrH/2CIrF0ew --> piv-p256 ewCc3w A4bJWfr7AlIf89oYFuNks5McrpMQM/YIADk0DoeD7FIA -hujKEtMBz2MEkS5T3ypC/fOTlzWbjYF8zAcG2EzbukE --> piv-p256 6CL/Pw Azqunte44cdOj3HgtD/Pgg1uZqWODcmVLu85XRDM4Ijb -Tf4dLs3kt0wnrJG0hhkKr98BBZCAf3rPPDyaLksyA+s --> ssh-ed25519 I2EdxQ 1oKhXHxyvZRwNjw3rnMlTjedyVn40vk7kPmiPW9DWBU -4E0gp0cLoMaIwjQEr822IjUaGvsD9zbklccCFwt+HKo --> ssh-ed25519 J/iReg 0ck9TM5+jDBuO4BGPUzi/JK1Y5jVBssbjFY1OoxWWT4 -qBwniH3wOVax1nFbeth35T1JafWiq+LOJUVSYn8LOHM --> ssh-ed25519 GNhSGw BpFqKSWy1Sv1qPXVbzgRYt8gZvHMWszgJSEVmvrdzHg -t6UHkos576QleEI+zGPc2uZYb7yhi0UR94uSHP08LWI --> ssh-ed25519 eXMAtA tGmpUaF/J/6l2p575SYqNZR8OvwsGm3USlw92Vpjr1Q -sqJ0/bDnROiXCNRKmdZ8oW49rh45c0haxuLDOPTvSNY --> ssh-ed25519 5hXocQ MWUBp2WmezqFSt/xWDV/Igv1QYXnLOwF64kxIq0D4Uw -8hbFjs9gF2ijdcTcyuwwBzZs6jNPfeduimVMN69cui4 ---- Jyi3nBIpPaQU3uJO55xVsZqRxUxFsZOP9IZ/SOzLNEE -Ih\C{[M<$ɸ;LNL\ a4>݌N j=g胥Z!ZL)q']4NFsE(C;9L͋-{]^T3=~Gh;'G$CFWLi=1t .Qx !GT!VP֨Vc Jo:(l[=N3&os Pn[<t0ȶ=0 \ No newline at end of file +-> ssh-ed25519 /Gpyew NbI/n+xAaQRV6MS9Sv5lHfyqdteNNxcoSrauzBTpsz0 +zSE0oCQxOTwJNjzJMTsFA35H3i47vZ+FWQq0Kl2ufEM +-> piv-p256 ewCc3w A/VvQgYtbSbKx348z/YQ4pQexRMhMrb5JN8IJX5vAU7Y +Dakc6n+1rHOV3XJ61MW8HL298QTHXLXu0ry3mU6haEw +-> piv-p256 6CL/Pw AgvURHpzFjr3GxK8xY351vrwoGjVeR8VlvDk0GJGyA77 +NeUkSxeKUpPl0NLlbMuxQfMJsdl72J8JPz5fmDksslI +-> ssh-ed25519 I2EdxQ OucX6UlrN4JU857xV+nuQpJmvoG2Thnh6D1Cdc0CJys +I1Y3MUm4DfPgka7jrLnE/+13fIswc3mtCgnUGt0E6zg +-> ssh-ed25519 J/iReg j0QA0+/9jRgquXz8Dyux8Ho/aOqQ1YjYI6KQnVBtkhA +nSRI0W+0Mwp4R42JLvlxcadkj3JgNQQPDO/fazmgPvA +-> ssh-ed25519 GNhSGw BLvqTbJp29my+kM6zBtg/1d1t4KJCyUiyYAwwSIreVw +OI5YS2lLx1I0RMZ75wA+SWnggMLbwYC7dNmvZ/QXmXw +-> ssh-ed25519 eXMAtA dyaexe9MPyqeYyJ5Prreumimia7HYxuh7OPrQQqWgng +xdfqlMoRWG2b7HStlR8JxfJAikHbvoYqxwBgi3cNZxg +-> ssh-ed25519 5hXocQ bcEBZBfqQW/KxxJaYuz7R2kdgcC1AwXwNKdb+jkgOCQ +8J8p3D2uVY8LiKR3YyC4MJWfPGb7cqo8PYlohu5vo9M +--- ihUS4YDedVmTb+Bo88A3iLJpPnCYn6lsb0q1Kje2tQI +oJ6F +.]TMԓ**1va]FEJHr/(4$m2S3BGVbgiҤJ8P +pab/زP=z5f p_}F +u4IO~_tڙ"f< BwW[cmu\jw_5a'E9˒0ڦ$q92ӛ, \ No newline at end of file diff --git a/secrets/neo/ldap_synapse_password.age b/secrets/neo/ldap_synapse_password.age index 2fa3389..37e045c 100644 --- a/secrets/neo/ldap_synapse_password.age +++ b/secrets/neo/ldap_synapse_password.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew iB1+WuE82Roy418PVGF4Lngw732xXosKuNtJL6U1T0s -6SCVc01vzFrxoBSFMRNXUuWyIu1wdoSsrw/IxSDpqeI --> piv-p256 ewCc3w AxIm6ntONhvwDIoNZv/brzzHkWx/XKuwVHLGJfVHdjp5 -POhBnU/wKo3nP0yWdIVUCrTHWh0HmQajERUfH/I5dQY --> piv-p256 6CL/Pw A6sp9SZyOftzPW6pDMB81+j2ZoeJ3AWMkuuIjDtT0O1M -rg6EOjkkjwM9YQaeBzWBha4IO724zzAm40nRNvGm5AI --> ssh-ed25519 I2EdxQ IbOeL910hNemBqTIryxk7LAbdXgMQcH6By5WWENk1GA -cxlM9754AcBv8EUFKSA0D2n7UKer/UyRMCVRP3EwXVg --> ssh-ed25519 J/iReg Pqr06p88CJhWojV6dFeaUqslGNKMQ8KFZnrF76ncsDw -ALQVuk+qrdu5oI2/nhV653aSZrl8IOb6IBncYt0o1uA --> ssh-ed25519 GNhSGw qlTw5ppkSeGo/sEYxpyRPM51xzdyir4wqstoYHd0EHQ -Fh03PWPyuJ+y5UDMZcgOyfxRFhyVzrU9hFBia1opszo --> ssh-ed25519 eXMAtA PEYQX+73hYk20TverGL1sGuwyzIDfSSsR6HpSlWIfh8 -CPr0fJoMgGAE9kDhETUPvd6gZ27GqjOhigcDF9K1Vj8 --> ssh-ed25519 5hXocQ KQleGmCMGB9i9o8SJPKAoYbU6t/UzLeDAdK7gpmG6Fg -YnKFt4hX0ZCbdj37jE3yk+yAZehsX+APwz5E5bqvB/k ---- P+9Jrq3E5YDaybtI3YNnzYQ2UvYJsTmp1jxyZKrQR9s -3 ЪdS$蔌*Zqkʃ ׿8*Oy& \ No newline at end of file +-> ssh-ed25519 /Gpyew +A7G/2a79VScR2EWxRwH48Tsv96JgqSXQJkoWmucH0U +09dv435I9zm7RT6/evgzXcSl1gRpIFPIE74ES5zSqNc +-> piv-p256 ewCc3w AydwzAVvlJQQykcKcrM2BxOicwS7e4ZG+t3Wd+9wyz07 +LQ0bZU1cQkROkEZrZr9PyMEnhCMi0b9+BgcG+PiJvps +-> piv-p256 6CL/Pw At4qtMZGID6EKvwKkGNd7FTWMn+mmmbdeuY7nAjtaPjk +6mHzefuannU0JK50JlLiWHulUFs5iv073LJregUL2Zo +-> ssh-ed25519 I2EdxQ H2MgML+9f4MNf4g/01+/V8n5UNNeEKL67MKaNTAcHWs +LWjC8FdlnDyImdiH+9nkN5g8Q5HLV9tOzzbuGZ7kpi8 +-> ssh-ed25519 J/iReg nAN+oNfJcN6+qrMBApMUUOhiE2TSDT0jCL7OD0zfrkQ +X5zSCWnsPvijGdLsYusg0JdjsFExv2vQguq/Uph3BRE +-> ssh-ed25519 GNhSGw G7OQfDkSwlvqc6ffJqzB7FMTRD9fA0oxT7VjdwMPbms +zdyQ0Xo+IjcW1TDetsijHbo2BhqIopga+bYy+3b6+0U +-> ssh-ed25519 eXMAtA hQQVOPa8pw1xieN09bTBDVol3PsgiqH4/Z0Rk037tQw +DjRJWFH+xtXPdXwb6bF1zHilcA4t65ZORGUKYWXX7yY +-> ssh-ed25519 5hXocQ slJCm8Hrse5zVlMc6kTOPcVuHpisFTjXfob/DAAgjDU +pebRHNQ1cUKkT7W3hl3x+Cf9Dc+YhHKgEsXXBRHrq3Q +--- EHUlBeA6vMSKMbct09Ouxn2EhqaG0AB/cMr4HEEFO9M +ĬV$# ' +["#ue&E8HyU;-4f$ \ No newline at end of file diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age index 3491106dec9e7a2c9e805b367b43aeac565943b4..492f4c0cab58a6a1296a5de64d08bff8d2ff4b17 100644 GIT binary patch literal 1555 zcmZXS`)?Bk0DzV8N@c?dvN2v|5EwS4y|&kDC7bkdeO%Xe-Sv9cZWyk2x3;@Ju4}K? zR*^+bfGxn54Uhms7*4?OFyS#^I8a_ACIl1W0MWsQpuom!pdujplj2|S<@@rH0Y=J1 zsk#i848@}JV|4*p3J^)l#EC>u%FqfB1hitAnaePOSPyGZr;j8Ai^LcUJ0cK~c2R;Y z5R2(EiCP(pCjhr!Km%r65QXBf!lhJEDQz@ql3-{CRoF2Z5rQkz`mi>Rb0k-%=TWC6 z=>40N zi${(T6lIgsVIu+mrvaso<9u>$Ex~h0g!ZX;&QKQ$yi7x6p-Lto zwg@U6PDFy`F15lYM-;VmS{LyXW+&%O`Qj8>X^Vzql-i;)3ZgU|F}NulGBaw5g!Og- zaicX*O5mO0nmUa?9ZonQQqK7C^#9z$|3d+-2D^Ul<{c+NmNvG6qBxyrDH3}PP_bJ`5po9K7 z!MkP_KpSU6*g#Ck{3AAY!#7Q(nGUOGLhnf6r(nSUJ^=s18iDr!zfRAHiFe4 z6<{(O_Pr=6m5MV4olb!pJRAbjZdhg@XMFxA>=_kD(mQI{rIsoe4>w5O>j7#m` zY*Gr$?OgmuuA(~k^EV{)%CC-GSsNBnC?e}%9i?8Oj zwf=a5ZKa!=BprA*uYT9I39q!YKd#M*ANm?G%o?}F2WyV6e0%nu_1jvk(h(Au z^k{2GeB;ee&qDB|+noy+_wHp%Tlg|t_k+o%e#Uil==sMtSIwREFi{Y`zvRiu&FsGM z2jQmAM&t3qx}oz`b9P9F`|WYIg1akT5xyKl=|lFx!>O@>HiWj zO&r^4$nTr?OWU~jFBBD?8Z~vMW{r6Eq_R?AY-UUT;ruU%^-Bj0w|36wb`{?}Gw)0n zH*!?{M`%Z7?zOgVqwaLi&vOb7WS3qp&dq5auya$i$FI#B=-|2Cu7MWgYq*l`TWh|) zyZbkm`vEUGckWgr{OZ$3BMxx0Z*)o)h#H<2N~ne2k;*>0>f)6Z6{~ysg5Fb4*A36X zng*ASp)cq3sR#R3)gQbjdNXfFNkcx)z_NF*klScoNp!QQ>FP9TiGA$Jv;74-{{n>} BT2BA~ literal 1555 zcmZY7{cjTm90qVf23tWg-ZoyB1_n;**4OJxT#&w8U)Hy4d%d>j7_`0X%Uy51ySCT6 z>O{7{78E8glNUiiq5@6^5@SR_f$*9kpb;2>APAWQ+#p2W5%EXo_YZhJd7ga3al9ID zjIsiqO{N=b(rjGH$wk$3#FAlHed7FxjbVjX3}SR0;&Olfln@p7SXDov&o zwwO?0Gpxsbb?U4YfxF~O=;Q}2Eg-lxhMY0veX`|7QLklrY3q)AE< z>3=mk$yL(|KrP1e#;7tc)@Q<(7ozub*h?IJ95*OmceI!m8VN}3G z3@im{lS!fX`$)S=6DVkKBj-U_ATP-L5i_5NIn;HUfHvxI{>M@q9a89p#j1>9EoL4a>r~S0c-}^d?x7*Xj&NAZ5ey z4nLq$CuAZ8;a1{Az@Y(?ZUAwlq%x$@tWqI{M953&^@75O#{jPzPYd8+txlTs;&Cw^ z_9H&n993wHR;Lb0f}qCBIy|H-Cyz)CtT_W%3nYZ`6cQEL>~T2d;*wg@30VDgkSebX zLJ7n~gp3AF2H|xMkk?@fr_$mdtXW(MpCvEOg90dbfd#uARNzrlD97>{Kxz`Tq7-;#LH zsn6=gDK?zQajA%qb=9#9#^EwwGN;G6D5eB6q+6m9ge*kyXpAC7q=Y9jU?CWdAqf=| zhk3z}w1qf;k?AOx+W|pF#ubt{vn;M3+zm(s(@~F@a0?a}msWCNIZS(OjdqBP^YMTK z4rC=BFin7z4YH{j5Y&SrH7(DiIBVR6`X~dVaIjK!5GB-hT{01tSPU_%$-{bOVH=CS z`2Ol@aRDU_Iwl(7;(0EnB}jD~m1A*)fKf_`rF}p!nSjDhfwEw65mnQ*^~#J(s^cRj zO+Q)HH8NbgGc|l>-++0Vuqv`teR^EU!s~}SezL3?qE7t$Ud}0}x zwI4V&?P_~*)o~;}>H&DlMd zJ|6yNIXL*d3a8|rT>Dp?E0(2B2oxjQ2x^Mr{lYi2KmzM6MdQubmY{I zp3))uzbkthn|b%r1F}1By%H7D=C@;>VZ$f?K*jLS_z`MjSb|{O5yXI_G@l`Ms;W){-8n zE7{#Su55gbsq>ziJ^S6J%f)kQSFb%fQ0x8hd_CP-8hEhzi|1wLsxwQ_p{tdB{NCLU y!0q=2ioTiEP&s?sl_z)6HS-UzTkJ1YZ{2hUC#>HR-qW|6OGYd>Q<3@e4dp*Kep12! diff --git a/secrets/periodique/.gitkeep b/secrets/periodique/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/restic/apprentix/base-password.age b/secrets/restic/apprentix/base-password.age index 630b63e39122854d5aa622dbb9bee7cf8e1b5d3d..9bb9b5824e9637353ae23373897d10e338dd653e 100644 GIT binary patch literal 1235 zcmZ9~`LELi00(e?GBOfa^m9 z&d}&juk5>8a-5DOCgYx`C)7>`g3^V!BGDyWi$f7tpj}n(G7RVS@v;jK2uqP9pp1D@ zjta#PZg+dS38S@GT4h@8h6)M2fDWrJZWe1464XW}BektA40WWs3uD=mQmy@?ImS5Q zWT0GJ^)V&u#}Oxpf}&R-_>@9Xx&~4*J{2$#kcS|hMFzz#V{|B3FAYXPtWak=6mo; z>ZHP#2fEY@hjMCM5&MWALvu9(Vh5=yPZ@|FsL>+;#+zQf48#3Fw%(|Fq+Bwa03f91 zYmhGV6*eAb?4hXQW`${*a+o99u)twp4+kU)Eq20y5^~_MN;QWF8&gESMfb^CCXl$S znv%yQusdb*7MRWRXp2_-s#((tO}5_mVu?f|Znv#gzHH}#(9lr}P*O zX78!ZJKnf=N%ylq7QS@$hBxP4-cDCeK6}XI7Cn0N={@JtmmZ;io%-N#@%^c>`{Rw+ zB}FdJEWLlE`aPOXNYp51J`R!YG9$z5gGuRjIzRw^0?$(p~753*%`H5%7 zo0cD2|NGW+{B5HxTV9WzlqT<9ZM?nl<14|TC-PgDzQ}Iij-2YRpIiCV%<*@a6kvXC}TT?%J>Yu;@Isc-QP5x4#0LOAVXKFFa+ zcH8b|SWqM)6dF-sNI!`3U=Th)518&w6sA07h9B2lDAQMvAdhMio92K(;fWd>=)41!hobmD3n4jBxMy{YuEgbSSm*T-;fWf^ zi~58_ikQ(F2mN9QOXZ<%Q#MK$5?~pNbB7FZ7A;YytO=*oIL^;TW6;N&ylems z7V?dyFR~ET9E-_J3v2N_)E_Wr&*)+!3T%y_T-E~^1G9TTu1i*w5j5L@Yf-`Cl{iRw7>`11SR1i^Sqk6|BCOukEot&uw zV27X-fV;Q7ni&B40CXFJu)rq#80Qh$rV9N+RfW2FL2ULdBaQhGmBvU1k0YiIc{Y+~ zqNN&LZp(C(#GIO4g_{^MbUh8A)cR-~i$bA;_ZXKJbfp61dc_$AANPBSEDd3y$TVSw z8WX(e6eUx&9AYNV%VxUXvD;#=Yteo`wD6^xsqy#-Ps$=glT2TLl0%g1I@+(vxa20lwCX{Pt{1D& z1k0&lY?rvQ-NFOfV?8`)G&r+k>tIXj)e@;xDyeIhSj$Kj*wQ14C$g{@`Ejkp&EUP+ zNfmO18h|4v0mw`*aqx(+{9WJ-_{VW)^`mzSUu{?x%zXOHXJ;-itZ+9j-v1M~4cq(j z$-EXfcZwP;`U#F12O`X4TWDZ&mp5DEa`hNP>iJLv{@;aC#-`cW$ zan<3u_mb>)PaS=1>-F6q->z?d{N(1ZpZ#X#E5Cvl7WZ9z^@|_&d@?wqd0r?j>{#~Vi9-kGw;sB* zLOi?a%U$~h`t;0}3mbpGat)OqKK)~TtS_62clpOu>+D+Tqf-|SJn+lg-;&Y`+cFo$ JHRu!P{{}&yymJ5m diff --git a/secrets/restic/apprentix/base-repo.age b/secrets/restic/apprentix/base-repo.age index 14169fa..e01fbf1 100644 --- a/secrets/restic/apprentix/base-repo.age +++ b/secrets/restic/apprentix/base-repo.age @@ -1,20 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 cZNEGg TQEefBOBnvSoZ/Bccwr6tl0RCFwg/L82dGQXSQJoOUs -Y7uomZi8xQNYls5xPgIOZP1Ma11rf0/T9DeWPp/KGN8 --> piv-p256 ewCc3w Ak1yL+6zBpExJqYmFYhxVxVEIXurfZfxa2eFNhHLFbNb -X9ERqgf8MDyY0KCngq/IVlXX67JMg1Uh7S9tDUBd80s --> piv-p256 6CL/Pw AiyC5gaiyPwYJLfiHclfSenLLYulx/T+95PZUStw9ziR -GNNLL2SyzFSvJOwXvgIFaghNjW39F45KgQZr8ee8n1w --> ssh-ed25519 I2EdxQ 0uPmcUi8BlTEgv2WfXvGMsa+/oyp3OIbnUyOkEN0ils -OI8tShR4LwHLHGkLhPfOqD0c5H/eTcaEE7NkMRryQao --> ssh-ed25519 J/iReg 8k1XKoYlC6GXiESgzJ3YXscg+9WyXdGNAqFHZXvF4B0 -uoF0y2XzFg64LGOus9pXmHZR5SlXRBMFh2zcRTbgFhc --> ssh-ed25519 GNhSGw 3SH0Iky19g2IFQjmHNjn2AS7/M0qE2+oWaLla/gT5HU -cRYnX77mUOmewPlp4DBStPcHA1Qvt4Otu6pPud3tG+Y --> ssh-ed25519 eXMAtA YYFIiu0LTke0JUNixFyDUoU73ojzkK4YVcU3IO1Nmlw -cI3P0T/YQjM4rYixXKXCMOQzvdrPepc99ziaj/TpZPI --> ssh-ed25519 5hXocQ iJu2kR9mztUq774/VyCVjFg6tuPxhCqnVUGe0AEZKl4 -eRAeDn4bMEXXa4zl8tHH0N40s7EBjhh+yPT4uk7805M ---- gtKc5W9yiqq5bswJNmnT25fR0Zux886cug365ZwLG1w - ~kқ * gȣG2h-nȡ #v*֡ K9 -aB.$$N83oQ _艟_qd_u煥~{ڠBB~k:|H7G \ No newline at end of file +-> ssh-ed25519 cZNEGg Nlccs0f2Y+tAZuucnNzMSz22dgnFMOd0FyCUJa+33w4 +CZPU1BkxGDvaaB+0D6bX1aC5hbnewGsZlbGMcA8vB9s +-> piv-p256 ewCc3w AotAQEs3SY2TWrLrdHxM+yNFP5tuOlgHoZBjXvxP05Sd +6S6kGPJI2O9zqtdDi8WaNVNBvCpHeRKWHOIOhABk3U8 +-> piv-p256 6CL/Pw A4TXb9Qy/woxDSBTGwnYdPZs0km00wlYfLhoPpqcdS10 +VQ4DPWcWGajvCAGUAzqUESPix4q9h9J395HZ3aJ1j3M +-> ssh-ed25519 I2EdxQ 5WhO2QjJWafz2x2FR2sxnEjO2B55ZcJUYhefOYTBX1s +dm3J6VOocxHUpTCkuP9aXEvc0ZD8q875I7WyHOyEn2c +-> ssh-ed25519 J/iReg aWz3WK2d/Abh3ZQ2gxehf2hB48WEFom6zDAQOIBjJgE +mkRU9jHIPG2oGYVGMcv0qcca+yt2N6vKvjxPUETzCMI +-> ssh-ed25519 GNhSGw 9Bq6Z12us2Ff8eDO8bBL8R/4QeMxgltI/UBTDx9MsCk +MnhroVnSzbA5b3kfnTChrw43Oga9pqFzzFTWMYB/f5U +-> ssh-ed25519 eXMAtA atHAYPq5qXROeIOu30+OcS33GukjaxULkbTlBli4eEE +2kMozM1CVoaN5ua/SevxH4qsuDtDcux+7HRN2aug/X4 +-> ssh-ed25519 5hXocQ K+c4QqO+w3CUCrHe5HVarwHNDD+RknZVTO1Pw5W9RWs +2C4Fxp21Wc9ZDj06B0QLOWzvSAnHdnEMtQtlcraGa68 +--- ucbVnMMTZihSbRviwcGbyxwDcUUEnyeJCDj6d4dJVX0 +Axy2~~Ȅ'a#tdy%R*w}iK@uql.*DaUq4 %N+36߂k!.ȃ lXNA_t^QlŹi@ 9d5G) \ No newline at end of file diff --git a/secrets/restic/client_env.age b/secrets/restic/client_env.age index 50dc96f..d05a765 100644 --- a/secrets/restic/client_env.age +++ b/secrets/restic/client_env.age @@ -1,33 +1,36 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg GTzTB/4oTPX4GgUXebUp2usW6WC03FgeIybP1NOsymE -svPuoccAmLBiQfEl3l6/eH2VKtNXAGYTVCKW8vGnN+0 --> ssh-ed25519 iTd7eA dwEz38xlFx/R9iG9PEW1rEqBmE4IujE/9iLTI+ysnlk -3ymf3XrPE02XkQrV0+vNF4lSvxc8lTbST5SF8gpb9Wg --> ssh-ed25519 h5sWQA /fcAuuCz6gErWLyqHzrEY0zMYQHCzd21ya1wv51Q1g4 -C5VNkPyq+4oN/JL767mvoAAm4a9+nceAyT1aY3F959I --> ssh-ed25519 /Gpyew 6fUsrnunE+55NBgPhgVDr0GgLAVuO/ncjhcuEl+wvng -C1+3nI4vRf/aBKf85PSy1X/w2WwEL2hvAF5MrwDkcp8 --> ssh-ed25519 hTlmJA PmmPxFrMv/CNG+SfWhCWozWCWQ3ZxfgCAkLsbA8N0x4 -wKMLwOlGFVnCL/DVNuPUK/XdWjMTY7bF1lNymm/WO/k --> ssh-ed25519 LAIH1A cp21yYkJKWit4VF6CPwMOyQkegp5y0ENu1q3DfDPHAY -q0nZNYNlDnEBvD32+uSZbq9YByr3XxLWA1TX4bZI7dk --> ssh-ed25519 qeMkwQ KLGoGQQNE5rdUu2gjhchtog4pLFrfKYB51uAygHFDAs -flkmCHwzWGnMc1cFhR4DLMR6CEzZp4gx4bfa9atoKh0 --> ssh-ed25519 TqxOLw gd2mO+7HbN3l7rK/2efcrSvwj43BVsYUiOLA3TjVuBg -zMysEOlhKW08C+VoqABuBioQgeTMviHNYVJy2PwubqY --> piv-p256 ewCc3w AgDTSzBYcuFF/fbq/1lGtVQJ/hGhvOl24P4efLsZhGC/ -3EcR6BYSpisJahe/S2XfuoGVYxkscTE70ARQ/g7OZIg --> piv-p256 6CL/Pw Ak4ZBz69R8BE5uo1NI4s111shRKc9OnhcBtaBtKVerxg -nhaorLd83Eyuu/2Ax7+Zt6HocHi2yD7wsqWTUoq399o --> ssh-ed25519 I2EdxQ oTcQa7k8nyGY4a0h/ETU459VTwY0hSk1nLFdX1wMWxc -XJtIDxpzEOm0IJnFBe+0hikyRoqiJvtPIHHaPtMrr5c --> ssh-ed25519 J/iReg R/F7lVu5QNvDV2Y1EfBQ1oIthN1itQU26ilN8DEKLRk -e2f5qOFtfkFYlUlsL21kj3r3uGcl8V/e+rYhlF/DtFo --> ssh-ed25519 GNhSGw ANpVIuphVMTrXFALS2SZ3ag2rNrGkVXXvH0KDcVypmc -EANJr+S/mknifOJcLDBjhuPfYhYzHrFKRQcUH/TYkBo --> ssh-ed25519 eXMAtA gD3H0ikmih1XqxUrDtqakmWFRH1EaByqDn66Gm0pRwQ -ngC4vPlohbUHhDmW5Q52Gnz3DGxWgrFuZlX7ZWfR4Og --> ssh-ed25519 5hXocQ /IINku5jrZKsCuf0WL+hGxR978pp8n2xFRbwfl8I53c -kaZspCtVYwA0nl02fQ9eYqA+ihmJF1USGZ1xmVictK0 ---- Kmzz4xXIiXpOLw6JrwHMnMUkq5GDhIKuGZRnr298dy8 -8HУ؏j䳠 +^&>nk3z^7/E1+Q%);~'ne ^mrۯ/phs`yGU45#M) >.yT4"Gǂm \ No newline at end of file +-> ssh-ed25519 2k5NOg oCoSvuig04J0bqxW9ryk4S6TnkRRchP+bXWtTsZ98lk +hm6XqFCIT2EvP+1CYn2tO0FzSBF0Wcrt+1TrNweP2DI +-> ssh-ed25519 iTd7eA pJ+QApRj9bSVtrj7/2nEtBA2g/hSwTBfYqhrlD9t8lo +NGAPiwoS6tb+0KPs+C+OvWPj94iUDmkBGI+L+UMBNUg +-> ssh-ed25519 h5sWQA 7UOfgC4/FnxiC0v6qyHTLpoXrPih/Sb5HzGwYEJSTSM +L88RjLC1u2ewxzSZBNMVAhPg/OQmHYsUCbyqqbWzyms +-> ssh-ed25519 /Gpyew rfZd2uUERa2oPoNRrEnyG9MYmPB495c/uGPGhVz9JG4 +tUeMFlQn0WDC1w7y+7JAxjN+GeqS91PomEjZ9iusdu0 +-> ssh-ed25519 FtI9pg IM9r5hs4PKbjhx94ogyG0J05L4IsOMpMnWaGxy4NfgY +JDUd9puiSwI17jF3PgTer1KIHM9t2qDzUzrM3WTM0Pc +-> ssh-ed25519 hTlmJA vpnPyNbj9f7faeb9ElSmyPd5AMEIaYKSWCJFuH1q5m0 +Yr1kKBEZdBsOfX+hQM6SnpFMdJmDOK4GjiBebI7lomY +-> ssh-ed25519 LAIH1A g+m9YytmlG79eGN7bvyYgWQU45EvOIMezRsGyr1FvnQ +vEKEQYapdlepe8jMgnlqMdN4IYJJBynbTPjLPeAVOsY +-> ssh-ed25519 qeMkwQ 29A7UcPPEqBZbFSkqyGc4YOsbE8NfIPCrXh9b1WyQVQ +5Z77Dmok1jcfZwOG48mUSMAGip/IqxaU4YxTNP5zUbE +-> ssh-ed25519 TqxOLw cc5B//e5x2khmMzdjUdjZ3GwFmt1JUpNNulb1B3NLD0 +Qf7a3WE8iDcxlfTVogrJQBL77l7RJJYbd/hEvygig0w +-> piv-p256 ewCc3w A2fnhjFUAVztnaQaWd0Kf2vVLbuQ9U6ucVZcd932p5dB +qA2vVwyOoEpCw7az4XZet+mDUczD5BWF4lO7SU24VMg +-> piv-p256 6CL/Pw A9sE/ddNV8qe0hRHl8izXUzBWqXK8iV6K8I1QNlqVdq2 +VpJzsTEF0+fVzA6jKU1evRBWwr8hW5SccnaEDCsVuAs +-> ssh-ed25519 I2EdxQ o+zsFhEJjqBXhv/LtDxvh9zC7R0+bH8RHTkZZOZMOUs +HjT9YRxGkHm+2Zxo/hMqFIPdWgLgyPG36U4RAERpZXQ +-> ssh-ed25519 J/iReg 9ZdkGpQ6YDbJxkRLNgQUAOFlp5/SomD575a/4JAzRns +msYLKsogs9YXASku5iw9FH0KqY0cnoKl48UcoC16XZ8 +-> ssh-ed25519 GNhSGw Yhv1VvNH4wLdn2nwQ8GS7QEwzgONyTFBbafCVsydMEc +9AojBC7pRQ68ebWKm5JlK4QrLTWkTd5w2ltdi3BDOiM +-> ssh-ed25519 eXMAtA 1G1qsmjn7N5rebjREjNWaOOvglBvXzmkTS0yA378HQ0 +sX/UhOyhNmtHOChkikjwtIrV4yrH4LIzHmqNoeNCfXM +-> ssh-ed25519 5hXocQ 1LAKC7PrAItcBHFr5RIgwGS6NXy8SKawbjaQRV7esn0 +alAjR/iLaHZS+5yadxyh5aZxzOveaqreHBf//7VaIhw +--- fZ/ATFhmdQrFHu7XjHG8VurX1OyP5zK0H1K0LhrTtk0 +ėP3GIzxPf>jmcI +W2 gkv2oEuydYqe=~ܐb^P{ӿԞTx@5'|SJ2Ĭ|,f: \ No newline at end of file diff --git a/secrets/restic/jitsi/base-password.age b/secrets/restic/jitsi/base-password.age index e3bf58b91c5a634dfdbad7c2aab80a0ca0c1ef3f..6524e112cb0cd2c421d13590bdfdd95013b604f8 100644 GIT binary patch literal 1235 zcmZ9|Td&gu003Y^!o?lng%B_roJxps&aP{_t`G@rx3yc_UAwhi)VQu)FI(4k>t&sZ z5)~6oP#~Bb2@*&!CL}5Z#1Jv?KztB6h7bh_;X!@iBFDf3UI=)3^!$P^`8t}KREOPB zY}If`C}u;1yKG<3fUSD-H}1wpr61tjGa5w5ruxt}K|O z7x63#TLZ%~SSpN-5IpO1ZineYutL&~!flIhxy`ZbmO`vtiY07ALPrT3tSe5phPbRm!l{wT!lWqkOo6Obh>{*mMFeXu zTr8&Z%A^(tGqOuSVm2p~1*=_E{f5#~_#)m02a!QAft-ezP~u2KE5?{Kmo*R_s#JL| zKthCu!fxPHBAZpC5-8HmY#WI3GH-X_g<1(P>Z%qeI}(8FC4?_e)sZ|Hq(%|sN-h+c z3PSf&3X1Ah4o1n^l#A)C%aEEk6^AA!!g98UK+_?cC=<;du2&?1K}NpWZ=~}czEGpe zdV>n%ma7c>iCl{s6QR?WVO-3#I<1mDk}`r{!~$bTM_4Asz%(A~)O_77BE-0rvv|_1 zb2T#~hPVoI2?tH3NpRB5A%WELTlPXt6*=6);{Z~ulNcf_76MNm5H;(<#~NXeG#o$*2q(M7vk zi!)3?pU5)Yj+}{$G+a<9q?`dtl2m_?f^C%ILT1th@gALzL4iv!Vjk|J3Pg!x4rte? zNpX;>OO3kdXDf7rVo8M|hDI1mCX?}^nZem!=mn5m$qguw6p8~gOPP~=6@(*}0*w)w zK-z%c(qi|QuRD8yojI~2S~)ybf3Ruo^!FcMdSPyGd)1OP>4gW{`uSJxzJ2ABw$E*M+wFFiu>1aHyWO_? zvQ3mw`$7?jN__lOBw!6*s}NxP}#bv#)TGCg?$_hkhV70CuL0)%0a7bzsj z=ssxS9f6z)`4UPt5<|?Y_8?|zTMomAd^<|} zFq%v1aZyF$ByNLYL%?9FTg1IwZtM%wpiFQbBhY9Mm`hnAZzFUN&!*BJcA$`z|n{e}goA*R+M0C>An6Z0nwqCvt}>Q6lAKS8C=qr@1Lp-{UeZvPlo^l8Ca|$1N>GDRXq*Xq zHFn^_nYJrHQY{V}rlRL1%aj6+sX_nK7|7;zGnuPYB4%D3da+f&3t6pIHl!|6EjFdL zMOVvV7qeI~Re=mrO%O82BB6v2S^}y7Cnl4*QOJqndF>%qGHUU{Tu81->y7OC2H~ zmD|l&t071U@R=YUw40-D5sgr%b+e{RH9WwRJkQfc71s%@fufOHw{;if6(;BhdeO^N zOL7k`&nP?viF88Y+|-Dgr+m|xHO&@}3K9(u3aD4ZGf^>|bVViw5i`PX{nN<5>qjkV zpf-|J-{FT6m$D6A84EI5n2dVO8e>l3j2zB{7FMSChL#&mZ7h-F=PMYhWw~w+9}E3n zMag=0&|}bYT&zrJAm;^C81AVKp-Au~WWnFsRt$4LZu`jLi3^ z8c-T7+zK*@c=4WlUwh+XQTkWkq^J#7W(|azRT~HFcGM$yP2g7$R?AU#1 z`QkAFzD@f6httcppV;`oGY@UKc5eNbx3sVNFMYe?@`gRx%(7Kq&97rlt$BCqt(=>y zyz=>(BYUB*OB)|1-0I2JFV5agxt$+_;)OL&e6$aG>Qc|$`P1|mx9r1<3-0sLNG-E|$hxP9%?Rnx@VC+h9HU2CN@v|+jy-i)T7i7> zCb{kPeLMFX@Lh8!&plheW5dxGi479HV(X6QgDu~H(|>B$=g!7&9en=-X3zb1U*5F$ z8hj{q=L^bXS02AW%Cqywucg6v*C*S9MQ-zw)k_aFPJwNk<4N@DftP=KE_m+`U)_52 EFE(wtXaE2J diff --git a/secrets/restic/jitsi/base-repo.age b/secrets/restic/jitsi/base-repo.age index f61afefb123f7db9fa097c4334f8092dce53b8cc..c735952e514cd9898ef0d794dba82b3a6e8f8bb1 100644 GIT binary patch literal 1081 zcmZY7NvPZe9LMq2i!vTW5D^qfwRkX&nQSwO2QianmL!v8lG$>oO!jS(Ofp$f5QGO- z^i;$mypuhvw1NjgLGkdgJ*psxdTXU1uZUNlN1x~a;luaOZ|mA!J2tZ>J@`rda+0}F z33s}$0(tIrZ41G1m;`*y8rT$o2N0F<^4jLB#R|c2Nh*{WLMe65SR9rOTP`&hl;btA z*l~D&UZdMVlZ4xmQ7NTQ&bZJ5HK(8ZM8u2OhE<#8L~yZxwbU=WDT4O_yP{3B0w^M9 zCh8#0dXcL~(x|8-f4!f9M1!K^iMLAmfYHlR-_7Kp6DaE1S5>eQ#>BGjj}pYS!Km>i z4(ex!P}OMRJCz0(eD6P2pB5nb%pwsHg~7hlhRDLnGiMO13wWS;9BB;IO~cS^s%gV` zy$y#QR7N8rah0h?!km?m{Bo2}cX|$s>*X{SVs`n0)Xw7FW6zl zl=~e^Q-OFeK`(WpX)wkEMq!8%ms|6k2xzerHz9gxN=!h-tbqhs6A?@`vzVC?&J-8H z-eG~X0$tAg`FU*$`E%O^T2*FZyH3U!2xFAFF|tZ9lS6^6C=CgT9cwS$F;gn35_V?7 z5CjPo-B*ZS4)}dyah_@^QrUw_O19+LxZE4tl_UrMYa7ixbyNXocnJ9a~zt-sp^ z4uKwxQF%b5kUkxR6Di-$$)1=yBhD-l2~t@FT6!2)%Vy{PV?Uf;|M24VCq8-m=4XFD zeB=0+lUv0%SHkZF>5X@8*R|XnW$)d3a6$iB|NZHYeV>Z_FQo^? zpLc#^?_c=t=JL%)PA)^&zPj?v=XXB3`^Dg|Bj-~6Ed0_d*PeU)($&$$7wacavmcKi cz5Nh%{QT~<@U45VpEOT>dvy9iCx7?qKQoPRr~m)} literal 1081 zcmZ9|&CA<#003aUcnBh>$UKcA2pgqK(lkv9D*T$}t4-c~Hc4~XX!G5s`EJq#(HAd* zr~?n;MG@x3gL+X!2XhFbIJ^uI5oPGX%RoGc2zqcHegA?7o^{|2yu>Nmtcud)Qd$IX zjY5NGdSw|7Ja>rW=%g3vF5!WmvN&cajfI(u@P`!vCy~+`Q$8ROLIq`0>@9noPUDQm zcF?p*35vjApyKt(j-hxtJ*)~m$V6qN5FUJF!6t~1qwdlFX<1YcvLQb1c@5=YO%LEz zt29(-hS@Fjy9uvDOW)wkgOnVjjo#){xEmj9iql)< z#1-_}!2-F7#(HJ)Ecl-_rUY2NXN4z+a#r*D#7Q{QL681ai=8qd{57|&N+-9}@!r`> z{6fc|El>%d>@*3NnWQU5&TPHM>YZ37-Y)d@^&&1v)W{nXCC@JML)twmy@Fm#xgAU< zHn7+&8>F1$+F=WVe!FKfb)HM=iJa&HOwkZi33a^nYG;Ei=?Ny5=0^0Hh~OJNfjQh* zNxHSnD%=%w_SkB+=P(POjt}xWglA4Wo2eWz zwfVD}XNjN!y{gl!j%4Lv=`5v1V;s8q5n139PnDAGdc5d3eievL=|&3F??j*IFZxlM zRtYYP8j&)!DT95RW;L*v_L9SnftPaZiTPD&EEFpxBh{ZJ$XO(ikLx`*v zp5^o&aE2xrz(8V6%yrudT|-b5&c@oPJI&!Sh{r*pDp3PeA;V;r(sEAT=yNrt(tv~! zUrUov!!2YZCy4{oHIxZ*h+fX73s$e7qC~Qr^Rs&BRRqh{(^12!@~yU!FF=25eJe=x z5fqE*VNOkkF&r_v*+8U0xl|U?t_WvR(oD#BMFMQ*X*(*o4lAP?(=>|;AX<73j1T+M z8r$i)I?IZFgoSxTMQWy-68mOU9Sla6QjKT+V_`W4WUpILN~5*07iZEAKQldu>&l?Y zdFet2?)Q0y3`+z{k9v7K$YDT8`w>G?S`Qr7@iM2DvK9&=uF{4I4be9O3Kt~GC6ze$ zkM-{rX{4YM5LHH!GR8;{z|~=-2ZQA@ zU5IS5(IycQ=glfqSDV@}9SvE@^_v*)4TI@M+Ax!KANo{h>084&`bTV zjjXl>GK}d~$X8rTE5f50$hFI17c57pikM18t43HwFvoIEaeIVB1Aa}XEe~S|Hq1~u8Zq(4W zEV%}s#ms(Cq=7^t5hK`24pF-;R~$*6K;<|_sa0l@GHr{5Q9>0h z6!NT%=Ig00@H5u$Y(LS8@0q9uc#V*j>Hbwwzoh z-2d9K_nvS@cZ{Zfy!QKZZ(qDNi}{l)J9l4QWvt!5S6=t!qMth_+mal2}7*m$lraVv9s(LL16J1Vm_3t3&mi$&h~67VT^v9uFid(Lh`c6{x6= zdsKRWFSf!H{ic(J)x788v|%kx7Ej7nNR%^#>C(s&f)W)U)@SUo__<`g?oZ8IfCyMImiBu|;#Kne4<>*+3?KtQoTp-{sC%G9U>Md;G zQpq$b1gL5uLnb=%uS>pOjxIZqJbwDNgU8-^>2&eh+^H|t?_g5ruI{|={T2F|d%ya2 z)2BNwjk*5o>rd=E1B`wySqx#yR=mbT{}T73|5-`pK< zV@j9jsg2IwWq)p6imcw_oLPWxazFY#lX~XtWx+qT ssh-ed25519 h5sWQA 5tzo8ZIYdTzxoeazGzC1COFQLIH1xgxwSZYWshrCX24 -qe7hDx1J4NMPCpIFOQZFIkRG9GJ74rzcDzYQ+l5wsQI --> piv-p256 ewCc3w Av0RDpfvdY4A6iMzRpLfEEjxfu0BrgQT3lNsSxms5+1Z -xsN/4JSnfF2JEiaSmDnnMFwPEZKah919LeE3zZC3ovk --> piv-p256 6CL/Pw A3rShTU30UySod5nlXgGDQFbtwv1GKqSgWzyVUY+9nIB -P8bM8AEzTWdbzb6LfOait7qCcrZUWXA5GinamQm2V9k --> ssh-ed25519 I2EdxQ s92P4q3rc7mnPCNetLAM5VM0rW5CX2El1ZuoRsXpZxk -CjYHau+p0ee1Q43QeqGPJPDg35pRrbenSxTE//gVS1A --> ssh-ed25519 J/iReg EaXo5UCBnjvAWor5Yoi/Qxp0DBeA/i5kYv86bjXQP1U -V74njr+Co/ZYPRU6p+YyWQs4W40yV+oPPYbhTodG2RU --> ssh-ed25519 GNhSGw 94SWVJ0KOjRWuZfEHjRS4Tso1mqD1chtaejPyIkzdh8 -Nne1exsd1yjxTm4+32Qn0/b219Yj6tANMRZlGjZeA0o --> ssh-ed25519 eXMAtA wbDOhvP2+w0JdEnbUuWQxcZNVJ32m1wN31AOe/O3VW8 -BRHEfjcSpnNz55YLNqYQNl8bIA1XzxQ3wqoh+k/DuKs --> ssh-ed25519 5hXocQ JhA00hvkl1CXlvWno9JnojJ1E2wLxiiPNggVwM/PMWg -01oo+JOBvRXSC3OqJSKuzjpvuMxUc/sRB+e5/DR6DzU ---- l/5h5BN/Xg8MD3uVUMN7R3Z9GpmeV/AExODs8HpAcvQ - - ΅p5_QxïI ϴd͢"9Į{s'ۮ+=2η0񝴝ױ{zΰz"{M '#n89.wd/aoRZ~uүgs`g/ \ No newline at end of file +-> ssh-ed25519 h5sWQA 0qY0ZLhtJjK3/xxMzoAHkfDp+0JB0/ifqZHi55bMdAo +7pp64AWviLGpX4/zzltb1Qms7/OvgozAN+X9XgXdGxI +-> piv-p256 ewCc3w Aiiqhsc26jTjn2D2ynQ/JZZZ0fB3DU930dKfesBuANL0 +m1J1YKJYP05dolLt84L/WQOLNIflNmeAkJi7IhqO/UY +-> piv-p256 6CL/Pw AoUq5eG3Qsnk+m+jdeTmT14o4ClWUh5y+frJSthoPIYR +UwGFNWxSpuUtA5oWrwrDGqwXa8uLRy/IxmHrFH7jkfg +-> ssh-ed25519 I2EdxQ HVCoxWULBNEOvMSMxqdV3wVV6d3FVRFZ1u+MbpHVF2s +V8SSlmpl/XYdR4rAHeEYgA17ZiOOo89Yfyl6TvUbFF0 +-> ssh-ed25519 J/iReg G3cKpGhUEfe18UuUyLRt89qmEoKmJxII5uOUHt1kbFI +/DpAfbOgyMRGitcsOM4jflG9C2RgX2yNGISZ9AmmDOo +-> ssh-ed25519 GNhSGw l5SifENR2cwNiLMrWd/mRExs0ea2s8p04SDgq9RD4U4 +OheYHaQfegLDL1GKpku84txxZM7ie03smKBDjVGEyh8 +-> ssh-ed25519 eXMAtA 6IhkdzT4rv8B4V1fCl74zH7APjq48LTtwjs+4IdB0T8 +zNoGG/NWK+TkoXMVJthlBOtFyI3tTFIF1ARVgSf5uRo +-> ssh-ed25519 5hXocQ R2MmhbfpUMKtqIrBRnX8UfcoaSHtBNzJw7mFpR9WZiI +RhqSntcuybm84bmML1mS3kRi/Sg7GARiA03+LkSqvc0 +--- NUxI31H9DJ0RF3ngbVQqagcOQrC3+5LsYZOdtTbRGQA +3%>@m3h"h{֯]X-OR6:6Ƃ5)ڐqVL͉TӵbФDmM/u:H؉<<%udRi1)Lf~*KVg>J2lX=-nOpm*2^wU zj2gU=phrkB5m9pzBPb|5NIVjV2H_|qh7jW;5J{APni!*r1iU}#`3pYzeSex|q>Nt6 zpY+4F*W2Lv7C1~NQjY*ZV5bZnM$vR00IB}O7y%5yx0$fYwL!(lG&GtBX#s(dT)9Zp zeG`$m*d7O7Dbnpsg2$V~AX|hmO=0llGzv3?2$$&CW@=_S8$wYRMswXJSQ3JNw0?V- z>cc1o7$c&Ei~u~Vcy*1+b1uUap{{G8nW2kDK3l|TS!7|*z>_p>!z7h2Cva%kW-$%v zl1QdEtTPqKip%ZH#K{+QGOa+A%MFugxuaBdP_xIAbtbXT;^JzGNk)gSaM_Y+Nvr zF$sr_SU|E!KQnGbY|-+2t!g*yqPZrSssCH?zn?K+yJlDbQnVOODQEJ9yoi?5F)@Sd zTqsWn9+lyw=lUil`4vY{VKvd|b~*({hNNb*&vn{VFhF8T#)?wS;-P}jo53d}OXQI% zAuirV@phdW0Trj=G+@!{DNc?k&_lyl<4z6hY77a}y3d#OmMSU;(!;HU$&)cS66qM` zgt`)GW^OdGT@tfG_!*MlB;aNBWXP!sS<6|Oo@VA zpDI+btXwpwy|zSxebGyFCWb^fLg2TGNfu(+0qz$la>l_Xc5^VJX=Xv4u8pG%E2@h% z)KRT$$O_~jj4LBAp{gC;oD>8+9;c0d ztHSVgB0bhauPh)j8j>C@@)Vgw_-reYN~Hi#x2io{w8r=lEXI1;P@qANHo>OTH%e8T zk?kgyVUkHAZY8{1&tBQOXI=fmOY+Ix?u#FtSh0KC(Tx|U{s6#PXJO02;SVn#OB^48 z&%M$UkNeth-(7j2bA87?smFY&?OJ&exRhv|S%3HWHy74DwAT2cX>Z=X@2O{}?m2Wg znqQS&_Qw3zKQ*-*_I?$gpIyCaV{mLm{preuSAp+QdGGP{r*7Wmo^G$vKAHdJl6UsN z?4KvEEj{$GedOvB?_67>LPyqrdT?&j$6vhs`_|>ZKC|>jNy>xwxmWf-fBE(;2d>_G zop^u$$(_y)eqq&_jW1x2J&rn`z4r4hP(wNW_6N(f+0XxYH07V0dvcrl;Oi%_yTlFe z{dlHy)BK(#b8BxKQ}-{A&jC}Lzu7*ubIH`HeRoz?eoN&K-Z7_ahB|NMwy$2@KYHK@ Ie>wN=Uyh@#Gz60LEd#F1SW%WEv?9VNea*+-G;Qvf110&VA0#-X<+~ZacHHduC>5FEbm6 zmC`9G3{K^TkP?edd7?fDL5T^K(Op6%G|)h#qOu50>rmFGvcKTr_wu&dX40J2`>{W8 zyy-i=ej6GgiR8UN7}`nGKnViL01)lR<`__2qSj%2fyvh~nDKZ>&QAI+*Y&iz%=@9D zz&Wqfk5P)26LiHXSryR7MW$_K)4@=W!9qc-Mov0XdPNe|LXN5%q$rR7)_iA_^ihHY z%yCY~#sGx~qf|vg-MoXby++j=h(%M4i?lsb$Dm<1%OH+xkzh6IUSh~ZB{edHK$cQ9 zX$&D{kPZy4t#F2(%P7jUt5b|@bX$1)KNgweAnB6TA5=TC5*U}7+(Cm#%RPR`Ny7oI zOf|wVn=@6s6%TmWhaRh7dGXlQR&i#)W3vSLmQB8R>kO7+Jx>A)n!)Vb%|H(a;50FK``)AY9fS zVBLbK#2SW$33q@Ac2yr`K!F;mrfW+kA(3{#XB8aopu0`Jo_EHtr?GzHpWD*#bni0rm#18D!P_sA66=TbkiUFpLZG|i9U9=p7 zxmIyfmlJody#3g^FQ3^0Cr>TgUE1`jGCi89)7QXbl2dxcVmC)-0SByu6yFpHlEsd$EkUQ-~NKSXQj6P z{#RzZ_q{v(aBkntkH2*8cxUs)vwPR9Kl$l~)4R?u``EeSkFQr*2fjUUYDMoF3j3+L zbMcce@42phXy#Vn9%QX`_>mK>qwKx(IoT{fKLc&JcE^!p->;VzCAuY~xBIyz&5wS)Wns-z4-zx_ G>c0RA^SKKE diff --git a/secrets/restic/neo/base-repo.age b/secrets/restic/neo/base-repo.age index bc8eaddcf04d66cb31c67ea74c26cac3dc93c155..5bc4c18420af442ba1d40f9b7535b8fba183138f 100644 GIT binary patch literal 1077 zcmZ9}xzF2l0LF1qphJXUs?fWcflF3!?D!NCkl2oM__pK379D)W{yFiH*s<3?dO%=}$jR3Oiu$afJ^ zqn++kP+7*^Fu(``WgtW-+OUE4%PlOero*+G(q+>)JGBnD+QK|8F7!4P*KI$Gllk_R)D%&U<3(;4eR$CXb_K$ z6^#2;l$M}wj76|(<-$(!Vv!2A$@catU9-~2Wpu6Mi=HZgf+5UN5n7_P#PvbC!z8>p z_HAl9+bT+`!UHmf@&8#QD&SO}CbwRCVSiZLsx-h}36eZo+M6U;i53EeiXEqN_z7rupNVD|-*Gcdr^%e+4oIJ5wQ$9kxhof(rSTrgW^CNg z=&}-)fSa7xrU=l(2r4ou#m5SbFea)f=9r3SJIY)h^JS_yB1aOUJYNVyPdx5*WPGI9 zYj;8A5v>OXrU`URs$vCdSxlAjh8>T3b~?o^(mt;Va%>0<#7qfvz`Ij@;)BR+S{JbE zMD1^9hZYtQJB(}x>+j%p4Cqd4A{fpBG{m`;FlkmJCK8oJ*$>$~AIocB ze(={j;`5ih7s~$0)k{xbd+*iD&ph_{#ly>w6rbFXzWd4j{;sd{D$RWZ}5InK=(xgq&EJE^alQvEBXwx(act?`v*}R)HNf95& zEsm$7ia!u{ITwe+K?Mbu13?7AbND&vDfm2oEK z1nNE8+3)?HvqdosAv-XewNBmPcL#y21s%8xy_x6foS7L#%S#cRTKvM@bICZ29Ap!!Gv!YFTjTWhjPsoEq4JxKVB7{26Eengek&=2^Mb(E{ODztKgy;=DNWS zs~GXIqeXbAy^RQ&S^vkv0S`<6Sm^q&+9+gL<>MGf2jP5*RXf4T1+WkTTdi1{?2_|T zGL|qj&T>yqDk=}mJhjYzAsGfPrOIv?98fBt@ECPUC(VecKEF6aC)-BuxHOf=R=-*Z z4x3YbD~9*{7^aYgCJ_R?bPvAoTGd*YWf{uo8AqyC*Vq(l8qA_L&t@QDm>h6=#0|GW zGV%$cWDH(DuW@j&bi9r?E{Ad2rMPtxZ5xhn!%|huVp+!x0^rjcIm=>KU_tbpv{vdZ4b|Dtl+QMx|3uJk(|O^Q^BQ1b41tc z&ih(Ba|2hD=30wL2G33jm8Lw%V%5?j@NiWyDI=+Z(WEx1P3S0%#cp>s&|C>((u;nx)KH`Uyq!06CFl4kBs zwC;l06bi}utOio(I511HQDaw?qR2G*yCz5x!IQZ?0cMQ_Fg2P=F&8M@1nTvAoeeX_ zXWHf0R^HM%|>+%a{*LLfB-!PXy{PT+bZSRYpe!qL={mu86 XuKxJl&rh`X`xl63^&eMso@QSIhKK z!4r!^&VVU_XwfKc)qS9Ws6D5U=U_psQ+7RVn_jzv!W5|{)AZQH93mi<9$NIsy+^*;40MSH3u?vly)#C9EfyjtTBE6tn8Ftx<1f`B5Ax};ZTJqpdW6kqZa8Y#IF5!A<4)5hX`oh{Qzls;M5#}NwKCKpq4ofvs-sd9?G-v8 zgta)REeg|FQK|^dU?|BQBcJw!LDNLF60a}Rv^tCT@rVnzh9wDOQ{&LdOt;ctKsRxv zSXBHTWjZdNtkonFfpaB60o-QbsKttgwSpk9i>c{MS2kPp{ISLaOBhTenfK*DaNErP zmPCwtPvIjXu1N-nagKud3O_buDx;#ZfHh1~O?jMFq7g=M3Shd;0^)Q|_xK!@9AP7v zHXMO#gaa;L&S_o>tck1*1r}05bdsq7(P%V6C^^^i{e;;HlVjFZNu^@(e52B4vVn%y zaWO~Hu~F5Ad>Q!d=cP|w?tQoIaCY&>D^4w63y{ZV!t009AMC$r=B=HZ50u7xo@Kd{ zH>_TD(VzPLI`-&e#~;#HPhLBENTUCCr{23~!&PAW*2t32r?wp3t)FaNxWhSS?b`n~ zK&*$p`Ekp;lY5sQUAO-F$;@o=rQ>TR7fqSVHkj#yatH_4PBX79)}vP|KmA&I;LMV< z=ZNIW`?hU7_g8rK+Y7u3-m+&Yal$x7u3~>#^UkF|uupIE_l@s8ziZvg56)f)PrtJN z$d?Bvo`3PpKdYB_Ebq_7Z=Klu#fPuHv0b}D%}rc7Fu8Gd-}&8#o?Ag|I#QU~x#O9` zdvBirwk~=9?nUeFeBt1UWjBAa^64`X55n)?_1w|~D%fH!Sy&3z z;}?}8^^4XH;?{uBH7ZU(Y$ur0)~fP1`UGbZEh=S`Q0(P?wAQ-#?4Mc|R-Ft&(6(EX zPQPvsb}0$FC!6sgXEYUQsl+OwZ>tj*_s&>HW z!oWbXY2%H`u1x?U^{?W8HyeYY>iTUGU**I~SK_g|!p1%|+4^Bh_Y=%Wv#F2B(O4qjbQ;2BNXlqHR-%6IZ;TX7nYt}|DK*2^ ziXn&dB~ht$4fiXXTA+YsELJ0T!tD1I?sl;lZW#_I#)tvin=na6VPwv{t*V-{x^GJn z8_)M82(mbDc=~;kt|bn(gLboD&`8#|)QV70DWL<-Vds7n5{zGwR@`G8cLz%~J8xz! zPnZ&DR^ZX5N|kwT;0wMt#Rb<4O1C0u^wMeTTV^7Q484$s_v>Fblb*6W|WGXECLZq8nK@9Hn*!{VhY4?OqR z`Sl++ejmJZ5qRU{PmNm_&i#1y?c(!SuU|WQ^UgQ#-~R33()Ei!FBgA4$!o_)uf5Ei vKm2}q_kwWci1_5@x#u7H=|S!X`n$(|z54D`H@-Z2;%xH8nS)245kLGJn?QFO literal 0 HcmV?d00001 diff --git a/secrets/restic/redite/base-password.age b/secrets/restic/redite/base-password.age index 96209231dd43eca78aae78a0e5764ee7bccab309..bf42ca0b70a8c18c2a8e97f9f2e05821e6ef24c7 100644 GIT binary patch literal 1235 zcmZ9|-;3J>0KoAvMMqT_oFE57I^4uv?V2=6o5*w|X_NHQHc6W{Y1B#6ruotIM}9PE z%Wdj|Zt6fbMQ%=TI~CLi1@9gv^9RG-)CYH`V}fvaC&MRoq7L@UIp?GI7kv1B>$(=# zx(#>K_sw2+XV29W0T_ut7WF(Mt~HYg0%B1^v^&#yG^Vvn9l`6dd0@mBkb*Y55OvhRldfB)JS>fPYQkyJ<&M)!Qi|dyq&`|sF)=k04r-16 zw7wa{`$;4f)k3lXg;Bg)LC`EF2@-(_1AuW5LaYUxFSW#>RyPH{8X8p|MV!8lM$&m* zL`V(@=pI>ZKnCWB*uXWJh6;=orN$;bjk3Xffz9RqXQjw|g1=>TV5#eO2H8x5HMyjp z*4wqV#gu?*7p)|TjM0Jsj1Ebz}onj$=FuTbU`l2$^qFEj4=n5RmW8&l*pkO zla!iBcKyX%GTR&q(W-19Lcm#>l#6;2AuEAU2dd4a&8D&fnsS}4?#i<}B-dJndIaya(dM8O%| z`tOA6HM(e&=`aeHDA1$Z_$WX!1QXbqPQ{e%Hra3StjmZ#=W)}ZI79=p7U{BB#>B=# zE$fXH3*e1Vum~xiaIhw4wnt^SIF=f$pJ|BRdQFoHxQ|B_s8z=?rwNLJrMf88NTd{` ztgA)dE40kCMwOi*5wu2{k&R@joYho@(`sn+5veW9@Q{N@C#>TV2q-npz?DuP?=V6i zUaujB+-nF?KkeB9F4r=nR#qC*&Y*>KYoa-zIH(v5Xf81LkhX?ISqvk-g~dFPO(TH~ zh)C5M4thN}fE3Bn1k4{W)heJWj#AeH1!7Pw z)?AsgInGa}7+i%T7hakAE^n9@R>i3z549TH`j^p z_?a_*s(0`H!P;~ec}O~c&*F*G8y=pU=YIY6&EsFpzehFBZCDC#Zk%0tdEX2BpO|>* z?AO0-TiUpWKd|Mei%X05?R_zQ{qV%hClizZ?D}-a^UM6U2X~!b(D#=n_wGA$YUj+- zy>b3WaQpEa@a*b#@bJRaZNzGH<*PT6D_53Zj~%*Ws(g9w>PaziJIzd@-FP!sD0@7beopSrR2#rbc(1j8Vj>)jFBfPCGyQ;oXnce~%z!6gl5qP|r98*WAkZ_Al1D`UXhSWW z7(#F^sYbY*iIN4ql5YZKzBSabnv#J=eufnY3h0*OxY}%wf^sBK5-p0NWhS`spiQ@F zEr4U#iU*xa!DWYquc46dRio+Bc*>2M}g zF=7$RVoX|v^L(8Zb6G}EfnLZRl;n{NYqeI_Xr}C znGoh{=?>m%6(y9G(?*RafOOF^8|55fOXXTHgFh-CubX_la0tAp$L`vAO|o3l1F~Yuj1=A#(2=)T zgZr(4%q97$SmoTVW}6V+@A?*1#|Ti?QfveO0FC7ubdMl&L~+cw6L^d0G^@RQ8s;oT z92*?TbGj=uqngyPY^Myw2#}$Qpo83c$;3pG7K9*+g;v1OO#$yU9D%QfRH_e^LK!ub zVLlW)RUh)rz(_d1Ke%M;nUmiib=F>E&#(PL-E-IHd!JaS54X(?x$o$=y%f1?_l{NU z@d|=o+djTB4{>|lSDL5LH|}2Z)$ZBTFW$KD(Mwz46AMe&7xL@FZ|2_Ge&y&d8{9AH zv%%vlza|IjJAaNa(7>dYNm%EYI)Ke_MFd8Kpb(&OF9gOkTDe0a8t zI|o8|?vlE0k9Gfu+H5>^_0fIQdn=C~EP=;1w)c@MFCI70o%`3H*!%u(ul@MLhIh~X zb!2wdyZMO!z`C9HegYp@v7ejFe!G0t!UvmYIy-M1zWniXyEgR>tUj{h^@U%T9sYTK zd1KQ#f8+K0ESMlV!m(kgW+2`dMs(<6+AJ=a#+q&b~hn}9hd{2wdduQKV IeeKZP-=-|Nh5!Hn diff --git a/secrets/restic/redite/base-repo.age b/secrets/restic/redite/base-repo.age index 1fc6687..0d6a34d 100644 --- a/secrets/restic/redite/base-repo.age +++ b/secrets/restic/redite/base-repo.age @@ -1,20 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 hTlmJA L8ylisvw6LsR52IPOy5yk8XrQWiYZzVTVM06wKK4O2o -Z8jpkaxmPZDFQ3NmO1HPmBwKDUBytda9neGUfxh0L60 --> piv-p256 ewCc3w A/jTPTdavs7MDUVtjvEeEvwZlwNOzbyp8Lek90UAoIaw -duPJcCiIbpPWUQoQvFzmkAThyEtEHdZuf4QVEO6RXkc --> piv-p256 6CL/Pw AnNRvokWbpEgYlgIHG5V7cDguNRMfg7lHaQxZdjZ2RWD -f9ZYtq6SQB0wMDaaKrTY+2xcTGxBoU6f63m7hk731TU --> ssh-ed25519 I2EdxQ uh9OUdIKGWc/TfcqATX72iJ1BYwFUzEd35uwrYFQRwI -DwxNMU4V4hwc70f4jRlQbh6xezPRNn2T+lbkI77bU+c --> ssh-ed25519 J/iReg uD81hZ8At1q5vA9IC5a8PhPHBBZIHQxAQ2+XRFzGFXY -Qswu/K18nHPT/FPStnBtPC8QpP9FO76t0t7K5Ry67O0 --> ssh-ed25519 GNhSGw P5cAY0inQ3FtEKk2abI/t8P6Rg+TwHjQOWbOTXhfSys -bYHnKtBNPqe3CYI7i1yPhv+CtgJWfBuUTrWDDNddy3U --> ssh-ed25519 eXMAtA zg5tTTXZFk+lcAvxCm6gdhN5j+k8n1jNhkoAhmtTJVQ -4NAe9ytki8jl1q9UF5GasjkpIVe/ymTzgWroIUGUQ2A --> ssh-ed25519 5hXocQ 0EJXZWeP5/7myPDCKEuNgjyw26i3ElsD/1l4v+kXiCg -LPnJR+1lEE7SsEVWfr2Hxt8yuXVxf3SN42B3jZVq0gs ---- ySlNwZEEtYAM0gUcqLei1BAt4z1IQSId0rqF7B5bvzU -4/>aF_*8ȑz&*40K:m'I']i@SN[~lu-22%2> -/Rt5Gn;}Ň-ׇ i敘m[]B?2{ilJ)dVV`& \ No newline at end of file +-> ssh-ed25519 hTlmJA NN+fdIZAAYh+A7hFaWXYOxmemjlzS24WNa9qWIS8jQ8 +lhVBAvY+TWg1yAJcrgvphoOKB06ETLyH+DLLAO/32bw +-> piv-p256 ewCc3w AtQ8DoBM3GwBCc+B70nQss2/lmirWJs845PrS6cyivYL +xrE8YMYKv7XTiMmu/Qh3W9j4KGkZIN61vnyBUbiRous +-> piv-p256 6CL/Pw Ak6Zjws9g8YrtUPyVQpJxPOL2yhEo1izmu00ODWO/9bN +9g/dmEHdJTKg8cB3xQs5cSXQUz7TkXQM//SCA8qFgqU +-> ssh-ed25519 I2EdxQ B1SaZxW/oOYTADdHLJ/CfE/ePpn5MauuQIV11P7ciWU +BCINmTI1TE7V5/9tIBUpHFBrzk5k5ycvrOFrmEGoHcw +-> ssh-ed25519 J/iReg a93JQXzEH0rzZL9BzI9GWdm+vfIthZj9KmYe/xkM3x0 +BNLZmF4I/B7bNzZUQ7C1VYUiI6AXN7aLaQ4b5pS/Qpw +-> ssh-ed25519 GNhSGw Z9bIU2D8d7oT6/k8AIUFk2GWlQ0kbpZIx6Mch6Zd9DU +ZWGrSOd/K5e0ZnFZvE8U4zLsBBKnTQUu6l+WAFrSIGA +-> ssh-ed25519 eXMAtA 1ZPBxg7vVPdFl/I9Xgty8H8X0HliAQte0D5VrgRJYgs +onOuCxlv73SpBqIZarKbXzUJ/dERBHfPTy5EacFRToU +-> ssh-ed25519 5hXocQ u/9fRCc+gz7Qo0020HYqkgeSk+joAGC9iRo1PpTTNWc +iFIduae61MdkkYBP42yf/59v8OySnNLXgypOS9Z+ib0 +--- 27DrzEcaoj5yEFstaty5e+q67L8kDi1hUN18k10kUAM +).M¦8-UH#c>SHF"I3-?cu?PssEB2SiU6z|-sBB-'rl~_glܦ# vdQuy4TPO \ No newline at end of file diff --git a/secrets/restic/two/base-password.age b/secrets/restic/two/base-password.age index 24684ed..8596242 100644 --- a/secrets/restic/two/base-password.age +++ b/secrets/restic/two/base-password.age @@ -1,20 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 qeMkwQ 2Fz8aDYIDM4eZsk3TcxqjH6Kyy5tbIpiQ6g51yn7HU0 -dXMgxq8IElRA2BUB+H0+lnEoIFe2cizdx7k06yyRGvs --> piv-p256 ewCc3w An2qh9XolYIfS6raBPi+X1nyOSKoPW0cC6OW+d4zKKaf -dfqUOjj8hUSsQUM2kHbG4FZvRNwWHIWsJd3c2fl/tKU --> piv-p256 6CL/Pw A+ICDRTOb8LluaCvm1E/HEn6eDP+g/HZAebym7Jo9KLN -ecoa4ESR81XuIpMAnpY20IV/6N0nonFKkXBa/GIXCQo --> ssh-ed25519 I2EdxQ LRT9glvKVQYTmmgsDTL++iry57ydE4Yphee2pDiBxDg -8mBHDu0ZmjOnSURnDDN7VjKqv7eq5wwSsC8GFQkoowg --> ssh-ed25519 J/iReg EHwvMpHVmSquZZ6ts4rt5nllU/LSKY53DMey27LS+z0 -zhAqrWORyT84M0gwp8RValaeE694edXO1EX8zhcQIlU --> ssh-ed25519 GNhSGw MUSLnRY33yIGShVmeqvKN/mQoAHxkfcli4Tu4Z9at0I -J3eMRdvGpxF9AlWxG7YaZOPZ/HxyN4cbiG1Toi7oecc --> ssh-ed25519 eXMAtA xaUyXSWWnSsnxiGRAYLw3jrAlpfmplmXZYll2S7tMCY -+9Tc+pj76OoGRdbzpREuSEPL5W/McmMjYYS0QsLRWlI --> ssh-ed25519 5hXocQ aIZQeO+JBK8xcCqc6NEmIdisHHXaZWt0u+/Dl3jSpCM -L/x0DGRLHGCQjgAS8s4rvbdFCeCHti8hYpUo6M1L65k ---- 31mE0lPvIY4VVS/mzuZ/4M+/LkzmNQGyxKunni4DYPY - 8ďRNFShLg8n -2!; j ˳;iٱn+9Ic9KK&OoJmԄ6߂닒(k4y'A/LXv=+eϩ=1ChH$^[كumҨV% WֹNw.Oq9T.Xjs#GF||J\t.bGaMQZtia83'/0$ Em9u!6K@"iِV+Z< \ No newline at end of file +-> ssh-ed25519 qeMkwQ kLwJ12Akgce8+spX5o+Q/UqfkEBEyD4OUxWVPOiLnSM +rdUSxS8F6WgFlpfK6A+USgl1EoQaGS5wS8pHSGS4ywo +-> piv-p256 ewCc3w A1zogfr9BXHIehnumNbpKBSKr48LFh2NePV49tsUdkh7 +iiyyDuQiwF+h/zJkfATm7FIuNQ8QzH0BsRgvnnU2i4s +-> piv-p256 6CL/Pw AkKjGOzxKjVoesmgTJEKeymMRV4U1V9j6VM5sXcu54t3 +PxqqupCqU0XO78nBwB6zP7Jlp8k1nbrBOCLyH9xS6dU +-> ssh-ed25519 I2EdxQ 4nnq0BMU0HUZe0U+wn5DBnRm2bqu0cFdpxHRGD7I0iU +J0vmlSV2KDp0m22dK3uN6/6C1/1yDywttDbilvCT3AI +-> ssh-ed25519 J/iReg KVei3fNRrShvjuqMciyqCk2Hfy/HuqMuUz7t4HL/Bkg +rdc1hsddDLDBnBgTMIn4jwqgp07Dx/Jm9ncNwuJSr+A +-> ssh-ed25519 GNhSGw g2tr85Fxz368+vRqUvuXO85+f0NL1j+Q/wkzyGl+GV4 +sWoykVsRhDPbj4/KvyRTH8n5S7q7OlzXlxmS0tpbmMU +-> ssh-ed25519 eXMAtA DW7qlQZ0XoNp5s4NtJHbRm4x7DVYLWyW6qLwcmtuLEI +ybsEDiF2ZeGOuM36hU2+bP3aqAdrHvJjQXTtT2zK8mI +-> ssh-ed25519 5hXocQ qPLx/wZEHwHOhK6rAOGhQ3TQx5DBEb/QAsqtoDphvx4 +54ea+DCy9+fDoPyVNldvLo/4CwKebqaTLXXYS4USMaE +--- 6HEphClv3rqphYx3BoRqwLiaHIqSm9zQGeBGVb3XM+0 + /״ mBRH =9H3]eq9]-1wS>q672?R \eS2c+Ai OoHL2kziGA^X+1U7|L #RbD_j ssh-ed25519 qeMkwQ axEa5AHwkKeARyE1KjqYrcEMJZMl3r3wxlP1mfH60GE -OX8plpD+Nk2sJlTBN7ctpv16UN1e6hwZJqZSW0EWpvQ --> piv-p256 ewCc3w AolIOy0Lt/CJN50/cPbQ+UsHXiODIfi/6gRqaYgrVetM -f7SliYQqvwfjgfzC+l9q7D+Jj8bM5dRjwzJU23/e424 --> piv-p256 6CL/Pw A+t7IMD1DwrRcb32x2tC1h7ACJPmNzRGRz5Op/eUoPVZ -6pDRk3OZFZSW7aUAX1J8VyVEZBXnQNrCk4WgT95VtPI --> ssh-ed25519 I2EdxQ pET6TM/eebOYFnykAdm0J/Or8d5WHwYTYsF86xiHaGY -OYuPYMeRTnZC1GrMMcs8j2dsmLDlpXpyaCZYo/IKorA --> ssh-ed25519 J/iReg GMAd6JC5p5XRpRtrgYS+ESpxTUazdue28RucjkKkT3E -R/BTmKMoZSpbS3N4vqTqMrLsvthZyJlab84Yibbt768 --> ssh-ed25519 GNhSGw bQtvqFGatiZI5VgFc5haI5JVl+aktQ6toiVcvCguwQw -Dl5IgrOZE9mVdKdjxw4AJIFObBPHZoK1Xd9G9oN+Lgs --> ssh-ed25519 eXMAtA cDGtcwxiUf97CqY9JcQ3TQWfWlR4KkAvJNra7sDKpAI -DP0PQw6MCfPfHBJIZemusuZlERfb1Q8Xm4DdBO4YDTI --> ssh-ed25519 5hXocQ 9WMQWZP+SyrvveCQSoBrgJYzpeuVyRBGuYa5bsBawg8 -XIt/AN4diGRcN/jQaY729gwERtfFkdkmt3kk19HdPnk ---- eMzfkeRkVgpgy7Ufgb5TqDzMvhd5/jrRsC3CIgA7T5U -xY9~f+y5sz0 -zh~җŒ|G*ܫ>!ERkiRPN=nPJfoxg8Qa$Ө!:Ybލ;ӐfGX.ko(lZh=`zL \ No newline at end of file +-> ssh-ed25519 qeMkwQ /keb+Ra7ey8R57qBRtU5VNvXsUBGlP/D3xmu7ShrFi8 +0cLRMQ+nT3uZO59LHNNQLo8lmQsBWuyPEcsnGzSyaeo +-> piv-p256 ewCc3w AiuuJefLgWkM5EzXWGAx0sAhGii/a4yXx1a0N62QpEEA +jC3Gph2c0qfsXdivztaOGxqwyH8YaDp8JNsBxYvxmAw +-> piv-p256 6CL/Pw A3TNn97Bkf89T3gdh2nOVg8gGJS+YTdxMsT8x7MSwZU7 +sr4NvxEW9NYmROFwmgGSFAkEodrUTxCEX9YKhhzaI/w +-> ssh-ed25519 I2EdxQ +Vw5lZB0bpthF5TkdHCsxhw+2VDh6Se7moPZn42R8gQ +w+hRvGIAehIRIuPzvGtZmSWPUxlmrJtRiq1Vphl/bfw +-> ssh-ed25519 J/iReg XmBVKUHnA7HbC8eQHRg1Kw52dAYlkXmi3t8CfOVY+hk +lJTLuekWjOTY62hJNpi/fwlyRnWEi1jqGZRVFHbkYHY +-> ssh-ed25519 GNhSGw vQvGrEIBipBdgoK2nFm+TygkTBwNrFybwwP7j0w9sA0 +/qQmQ2iB7zXPy0ZStN7cbTNoVdjHYtBjGiKt6Qvj9co +-> ssh-ed25519 eXMAtA G4LmMcFCSHgu9nUKVoryCm1EAgw/8r/udi8ioP80D3E +AzFf/on9+O+xrx6CQNrt49kRw4M/9dLywhc7lKW+p4w +-> ssh-ed25519 5hXocQ ZIdUDfleb27LFxg2t4d3LXtqE/wJ8Vbie0+fZDAnKWs +VUOTStUwbfFsgKiX5GEgxlYMnSHpXrq85UEC884y314 +--- bHL/tQMiSDfTBt6slaaOwE4r2ORKV0YuhUzqoC9Ea+g +B)b,} + 2( +ۃUc!} VjWPlk 2"sn T}j _d/%J,Tr%ͽrCEtD` IDO$0L \ No newline at end of file diff --git a/secrets/restic/vaultwarden/base-password.age b/secrets/restic/vaultwarden/base-password.age index 19b7f81b61afba09ca57449889387e6038a9b831..34cd4866065c13fb078bbdf5081be455b03b3769 100644 GIT binary patch literal 1235 zcmZ9}{mT;t0KoCG!rX(3Vc7#Ei$b3~9=E&Oy)5E^?Y7-s?)`S#?MbA&+wE?*+ugRi zXLlP#5|{{DBpKo(Mu8d%_Ch^bnb->vzCe~wX&OCbKM201LGk-Juv#a0Rx6p|+s+>V(~znt~AnhwU1pd;e&i zW`Dc`A!t+&2n`ORDNOS!REfdsWUbz)XT2<@S*5<$>vxi%)R_!1%YfSauuk$?1SG_Q zI%JZq97$S~QY+h1Ds+Ri)y44)&49M4n{-QZLM8P-3ni!+cgu>~Vkr}sC~%6-fNCS? z6kQh8sBXg;@}kt1rLZ8f)kZ(oqauAA5aCKaloUs;l?z6QC}Lhlh?ZSW$i5NxVzSPv znyOa*wfJ~pPM?$W)v8StgeGAb zO`(<#_@X;-P)HI>`|bQ%Y|wTO(dEe zp2!t*(tM3%Opy$tikT&ZlG*}`wm%G0UAJ8rf@r3#!Onn`bFRST^(jn4da@hw6HvLM zbgi1$Wtd5;KzmYL%6N4rsAPyhFNjKjqA-w034Fe$%XG?5MQiO^Q|Az?s))CmSiD)7 zL>ZM&gh&cON-euUu#lC>xnWg`Fu6AEvqhk(<0uQXDb`2$GBgF5Z3kD2jN8aCjXd9B zV{$NGLrmG#_$V85I9C~94$M{QDZi9VRmz~N*9<9BHytkkl7of-@{Vob5rd$eu8~4T z*o6tdm?g4Y3dl2hEoI_ysFx&4WIO}NV8ytljgLnuv|#x*>~#eX1zNHzDN3Bj1{m8) z=kgYxgt&Au;WyHn6_0#7@xhlPyMEobdfEEJ_dc~?^-5C`N&x~-hPhMLP z|LW{2eBpk1urU7YYu_AN**f+0ZA*loTT2hVwC(M|u^7GX`k@nZ+DL9u?Vf{|Ry>GV z2OhhA^Tc~C_m!n@i90SCN(yR?k_K2 Qxcbodle0IrDL1*l0U=+%L;wH) literal 1235 zcmZA0edrT)90zdaM;6mEjQEM5j1qiUbK7lqyQBK)-FCa%!#!-f-EAw1-R-;EZMVDI z?s0=OABZAJiZFvx|44--3^NNcN>F^l{z&PM1RoND$o^1*D1T|c`m26_e?IWy{r>Q2 zsUQjrWi+-N%``TcBQ@qFLeZJ9ZFi%f4Z&~%3k$=5EBWE7%@Sq_vOT8PQGvt;DMJ@Y z+m~bF7?_Gy4WzN&M1c>*L$P8p<9HZnn10*BaGOYC9im=wTM?@cRS{oeWQ1@LgrL-a zG)wcM76c<<;AfPiAI8mUO~+L`U`fhKf#RSm3KTDxL5zWg#z--UmOGX#51CL}C{iXR z8$tA@S?3UMT;_a`1!j+nXM8mdiw4k(HKa|Ioo?!X7LqB&_&ICL#=ExMF@|+M5M(R{ z(-s1?le(U$;A$3lQZi3wJ=TT_$ld>o(4bV6V;M2XR?!6AXgOVu9@A(C0+FgB>5UMR*4sne zFXlR99k9cRlH|>jIB%`s>~VsgAOYG-*gv~&7oU!j&yFP*ySe!>2A`pVV!FSgcRxq0GKDt+t_h7Ck<_cpQC!JGpiBHF@o_ zZ;v_$muw@pogJL|;kz%7cXIpB2df+E?la%tJ$LrVnVtKH{mo;~t=UJvyW+LI57yn^ zE*_hDW#OXh?n}<{^=~+tQ=h$k_bGn!rPQUpPrtKis|86tB-R0!P6TSESp)dwF{V^3qR#P Q`uv%~fv-PVGrRJ^-vqw9-~a#s diff --git a/secrets/restic/vaultwarden/base-repo.age b/secrets/restic/vaultwarden/base-repo.age index ed02333cb4d4362f5c4350e212a112e6194142cf..c3c14abe75c9c0535b64731c939f36e0b7c2db6d 100644 GIT binary patch literal 1093 zcmZ9~&CA;a0LO7qd=7E$;11&DF`z@XTJzStAr70DCTW@`Y0@@{3~BS;q)nQ%c`4#R zQLj4OMGw0OUQ~9F=io(TjDgc#MEwI4VMkHCOvUL*pTFS4@5gr$`dxqH7Hz(Zv(58a z5keILbT5Hr8FhUR#c_lN&26KOY7pxsIUC7+2p6W|%0Nv)YLI@@j+?c@nWevW0(NbX z{HhHBQ;Th!jUjnvM@=k>ma>Pkx!hZ0N*FEc$;2Z@8O^F8oBX5Yan;RHoB;irb+H=k zCly)RLkq1OWqCa}##kbr0>et;sx&|N2{lxwd9<3>6TzA-HH?CK z2;Pw+gVh5g^@8lQHiY7dAA<9k$RlN5j5a(Iz#P-lY+YsGZ6WRRK58#H&K(`dBw+eH zaPSex=_osaQaMC)M7S>9oq{@@MSwVmgGICUT8>m7L-^C0FpdnN1}Uspi(>;GX#C6$ zY6?euqA_Vaoxxadr5+AD&t-=~O{_9Nqqzk}mVIQflCvh^GKUkWJ@FYl zY@plif{^H7O0p6>W6xxq6s>wbsxyft)ey{Sl_>@)T3N0-r8uYLaI zt?O4VDxmS6`S$nFlh|+Z;T!*hAMTHD)=wWjmz>FzS=C!c2To6OSiOX)28Z^>`9wu-|?oRBYF`L z#FIynLGYlUI5#~g2nr9pD&s*B4}zx|P{)(LPw?Zv=&s$fLo;pS+>gR1qtxw}P^b44 zkY!%awqO*6NMM=NvvCD%p|u8+jn?-?d?xHvwmoEmpp$B?W1}+lJUX{AiO8)v(eW4E zL;%}ap2!YTvwTG|6rNctEzfPF$%K-yG$r&Zd$78##eUg~VH5-GiZPK2ppeCs7}-%F zFU!N2C9zl;`Ie9IT7l-oUYV|8T&q~y7j&Wn?qgv!2q7JWCo^_C0GlR}nMF53Bqg22 zb-^@fI%`Wu=Kg14%(yS#wn7urVK%Tueo8M=mkf}Nx5-Gxh)fcvNC~nP!V+rH2Rqa5 zh)CuV=g`}-hzHu-r1&_eDxw>T3ogLmXe#1|a%K3{*%n2Zv+6lu;6$vq`Al;()1lzP z#A-Nz@oed?H=F>$MLyc{2X>A!ZYNLi9hcG#Mh8do~+C^%TAWMg^*>Igvt%Lt=bDO9M3- zxstIPLN2o`P3MqQ=mf-Z#O*96EjWh<6US}(kgD1YTp0($3t`K|x&D^YL@OC< z&T95%Lgf_T??{o~DfZe!i@s@|)lhE}nR8%W)78`=<;5zFi3T=Pfthbv1qnPH zrG!ushOtlA<1P&iIt3(fVWkWkejjbLv9!lA*oxYukoBkvWOku6B2`qWp8fOwUJq#5 zowR4k;U=!wtMpe*mW&N2QvaOIw>m)`vS?aN0ekNyV=1&c)a`h%g=nH zeQR`|eX;xX?5~GDJ{-OG=l4G!9e>4~Kb4-oas1Kg<(2x!udf_GfBI!TE3d!7-u&T5 m8ND_A?Xd@;N4|LL(z#D{^>Fgi$(0)y@3qS3&R-or@Y>&h@oC}! diff --git a/secrets/vaultwarden/env.age b/secrets/vaultwarden/env.age index c87a1685dc77cfe153cf44fae8be6b12d4c4cc4c..fb105b196b9bc3a9d7a1c3fd6d4550bd9ec6b7e3 100644 GIT binary patch literal 2951 zcmZ9~_dnH(1IO_s$srmyC5=;ERL0qklZ-Ps%bAXIoKxsH<8y}NOy_W9G^EhFPGpo4 zQEAZBLf2Q(x+SBbp@Ae)PKD}wzdwHa3!ab1>-`o25?@K8NSC59$kmB{Y8?PE!a%;k zV7*@ED-pv{C>RFJ(Izt@Okg&bpf=+oBMee8-CG5fbM-U^o-6ZLo4ujoW?57iO)OJl zWdJe^3W5q?Dy{@V2hd8nT7wcBq6|6-Rv?2xwFy!Rl|_}YDao)XRZ5ipf0{;a^wq#o z{$Pm-FG85WSY@~Xg{Gh&e1tp+V`ghGLOvNo&;tyPkQvPYQY1Jg5k)nSX&f$y%9m*5 zNCHR7;Y0ls)oO|~EWkgS4T;8c!wAU|z?&{rsQ6*x2&U=(EPs3ig!!+9)=|A_k^aeg zs#zg6(4!$3L>SJWLrCGHY4~UgH-JIo089X@qEJB*d>WF4#)QRd61|~U3~vn{1^6?flQ9YtO=ph6CllcW z6I+K*QJ~CX7{eRKp@9Sv16r&Fpfp4T2Fi$5CW|6*6sk@rW>86F6E2a4F%XPN3}^tG z|GP$k$k`GAj7y=3iKYY*ix@9Q#T!t91dIyDAxktA5}p$oKuSbP;S@4mKnV{38PT`^ zxe^UiG7uE9fyKhpm3%xDD~lj$^)vxTq%)D!3^FlNMnL|q5$Uo>q6tilr^D4aEre2(SXKu;E!2s#510O83=1RRt6yC#XIVGUR?3Cp5$>1H{V%aAbWWHr}c&1R5|Xaf!k08}K0 z#gQV22}*1tkq^?)B?$I>b)kXjxBQqnsHy=jTQo$jL~)THA2`xyon5 zx)sh?T4?BBy)V~4^Y8h2!}#mVnIh}gYb>u1M=qp;Hk+v0%KG=SjO%RXE0QE`p=8GM zdpOX&eCx$S1>h+HvE-5D>T*() zH8zpdU3H{7@!iw;PLCAHAA7zDLT(M_eEB}`4}jSFqOHRH^*(XNhcA&fsU*@?JW0RF z>1;y#eajS&&K11bZ)ULeR}|~RmsSo?kF5S7)b9ExhwahcYB>delpnMLLQ~9q`FhbG z2Cl>0JFg1XcK7TN23_!6VuU@CP5)e8^Om*qE2_r>nPPv#F)6IG;VN=u{La_w8*_s) zn;ILs9~&`dR+8G(5pvQiGT_Ia*As5r1HPSUhBz(brS(!6`DavI z{mT%`^_D2R2EoOUSi(%FnD;MW=hpgV7Di@oXzYE{n9DsH_-;4bGw5c?vxzp?NXYWX z6%JrC(pEn)tjTuq|LT(bBzq2LNIG=I00Cs(9VHJj*&jP*7uo1S*#?{OA9M4aMuqcC z@sH!ImSUOsN}!T!-C>@6^nmzwO#6XnlvN=+`^~)*kF%h3#{;WLpP#6U_V$&xUTbgt zFdE1E$67Vw0G<&z8dIn3Y7Bp-rIA-mdbK~B^h6pUxhm}?^K6(I?^Kn%%a+r=g|cxb2mK(Y7MK?4-%%Np$a>|y9ouNW1Sdv1T+ zvy&*`tW0!_D_gpt>Zsb@TGv-}=}>cKT}{@k;)|;6(d;hP8D}TSFn3*d_FYZyNayuT z)QZWH?Nf@NF0DS>PCpvtey|UA?QG0g8>?UBb#1Hml(Xv(#^zLcQpP+0TVXo$bL1|t z6pC^7Da!#sAI@$JW{QnLqANqKDRG~Det=4^ajOdwnc9~Rro8{KK)8ckpjK7CgEcN0 zht%D&%Zat<{Nf~o389PH_$ydrlOFp!<~s-jNqzDS^Y>d5XI14=McWH`#U2h{)r~It zyKoELUH-l~ccic9i>TCjR@1-lJ2e(nnq%cj-)|0`xnbCW-g^B$#0~1_{mZh9fJ!>p zM^+s(R#O#8eL%jo7X|k%zyGOl*G0396Ld-Z6gTx{YgypRW4G=z21s<@Fa15WvD#_z z%20H~mXJjwqZ6@noW>aQ$0l*%$1#J<66gJQa6Qdyx26ZecG_n2Y8|fI=PYae=v6ft zFjz2N+-=>um^d_4c5ZE;k@+XmCJ|h{WrR9d=cYe7~HWhW_82dht=bi%ls#=G(1>% z-mYUMrhs#$$mQBn1{#li%?EC%$&0ONbNlMo?%kXtyzdH~wQKijeQXTt5=YWZbVH@V zrpDiP>W_<}^$4>dOW^-;6ZQ}LO|*@?xf{ND3;TtAKqYzRYnL}+d!c8AypKm}mrJW! ztJYQ6=Ix}`q%k`9!4(9Vmz-t`*3(dbhTKT)TA z2QH--KB#oZmz{5RFe`YL_Qrm95$mv#VVhfN*Zb%%TACH<4i9e)vfaD%>C$&I_GBCe zmzvwGZK=mkc8acaH5fL~F)cy)nD0XYW9i3@EpSNbB9Db%j6#QR4a}R0PwCYeR&ZiD z{e(=R33R#rr2g}oppA>Co*+xh;x{w59Nlb`y+RDsK=QnrCR+Imvho}~=Iyb2Jp4V_ zc|*yq%!6^z_T!VY)-D(7y*f{?{5CM;3^SPetsLs&lEbGSYyFFc>`u~P1#!@;Lt}&f z&Vzrq9IRCf>(V1bm6W@o@nufW*h{XoGz>Nc>D6p5Joij})z>-AHl>89pk;5XPF|kw zXR!SED|!1=&l#+IOTVe};3mDTsBqrhKSeb)$Gy%ORJ$974_(WsUE-#8CAG8np8;pq z*KE_=Y-%m5yzHXX%I`&Cx)>f^tn8Houa2wF^NO+AY5O$$?;m)#yJuZL@-TbSahMix z`O84a`rtpZW61o`Rfr^ve4GeUa&0xYtJS&lb;gt+B(n1c@w=KipCveZdp8ruSk9|2cQ a1&7bA$xYqcS`VLkOnS&=Mt1(ZMgIi=t{jR0 literal 2951 zcmZY8`CkkO0|xM|q)XdM=}>D(8C`Q9*(@_P_ubqRX_|YQ`)sBxDrMQW%N3DQNGB2- z5?bVpbuH^iMaYJvB6;`y@!j_?_dR+O0SF8n-m}$#5?XsfZ42! zlS!cn1SA2#F=jESc7Q{LG1)Z+7>`3?LIq%5riiFukcAm!iipS*a2X0AH-XP5I5j+p zx7fi|nqWdUo=&7OLCNZ5STabS!BVI-T9zFHN3o@HsKZJp(Fx%HY6g`p&HzOq0Wy1% z1ZD?djL?__lE{h>^RWUDj0nM6#U=qxmZ3&xQ4BT&5=_e=rm*NLD~jZeWrHOdMmd*& zg)uQHEUK8Jz}fUx2}|KLQ+Y_WPDzBqR9OUwBJ+PNWD*s`{KvA9(G-eAPZhzPc0#h0 z385jhN*z&e!Nll=47ih`QX!B+Hb=$ed#f`HMk!RNw`fF4kUm31rJ>9Sa7L2EO6KAT zd=Q3AkXVp%AqoNicZ(z_PMXC6@Zc5&mXF8)gOGZe1>?{pD|yKzObk@6LmABil#-;f z(gi#f4{G+d@Kf|yE)kBilT2AGgdA;r}!;NR=W} z0KjY|4y)A29a@!>jz+1GI+?|UH^O4L8Fr4D%#~xU<`@V|g;Wc@5jqqIE3`teU^hT4H}Ni}?a5jhf8Xkpxsa1tT&zz&aidFTsg; zDR2yi4z?<2|JGyz8peVFP~mnd2TC_`Wd^1R0Y}4?5Wbqvz}rlw7%3bg5RsfFxQfo! z+qvFEydjBUjge|GEIL^(RMO1|3jzs6bM+3Q6YMaU$O%@g-l1ed6#v!`N`YR&0;r5) zuGOiNTNA*r6gCN+iPVu%1RNP5AZcW1nvNycfedgo5(3eCgB5Bkhp9$dbUY1(M->~A zlF1a6SqqV&=*beMSu2L&k&I*>4#xG4i;Dv|)VwUaApwdtS}-`3+N`yscv2QRMj}ii z3W)+FnQB5|WdemzM)DShlmIh7A31pb-iSRNb3J~cwe$3@;Jsxv<;uDTD;|MuwkM;GcbB8FnqBZrUSDL42k4w*q z2yNfA9reCTiAZRiUfb1ixR3em9?!*Xkkv`N7w`*m|ASH8rB^bSs`5KuZ#5OVCxuqt zu~#gaJh!}iQ%h~#aMd|3Viq8v4-_H#Gv}d~@v(jXkL&Kw?SYtZGbav?9qg}4m>$}; z-RRX?zz(`6A1ObTmE(=5IEeA)|m&f}V`a~G^j?Kr-KZF5F)xWJ&{aBMa8 zN(J}+?XpQffu$Vsuy|qPpBuj~OTB+P_gKoxjqwjcWQ*kZqn5U3ZpFmSf3@w*e^1^B zIr%YWEOErm582V|#tQ*ID+lHl&Dg%1rk!1KDkOK!j+Vlllit~XFtAE;9s8mCu%*al zEN*%F^tGv~>iI3T(d|Wpkh7`I?d_f)$~)wTU0ybjf|F$W&CfjV1nqWGc32_4Qstgu z)YqCuPQ+6fW?|gr_wOim4|+#HrUr%Dd^dDV-T%pXbWUJ1Ye9ZDRqhh`n^BfILI@rb z4|+=6PXJ4mFAiVO6~?MJS5Mt}4UWH?|45Um>-8Ue@CPOO`hz*PkH}@gOBj%}roCq? zrNCL%QP<`f&vPxpF<{@#wUwKgykMV;ivAs;->>I{7~hx+ zpaP3uxMnlieN9RIsPTmXec(J=?8kjdB;6!e>FPp3OJGuIGTPTkCZIA5To+arn72`n#Z*WJ5#|9tXooZa97;447JNZDr_RZZd#|jwn zsSD1hKDu_=qd7SE^Z5-wd*7Bs?acQ2TJG{!)XLzKeVH4}-K%|+E%!PMw|oC8Vq9%z zK4V?hRnLK)C!C&hYEEiEfxco zn!ms1(s3_mYstI^%wh}wwGTtzSZxXT(Q_Q!>tk3(VMVZaE!Av zyrSowct{x)^kVZs39)|Wno+Hv((gA(%+E~D;UA)15d2?rbU*p@!^0ycBih9|kkNDg zEw4||4}X!ntjj;n@tEbC-8JV7u^8R2n|13^JUwExtt32sd(reO_E0{+x8vnfod+Qy zZL~Q+?0YJW>bL#tP3r2D*XLG>R7H|R%k9NC7u+bH$+9Wf#B$HhfQRqHLNU_F#GaT@ zC1{*8N*R=gZ~U`PloX%yJ}b!6-5?(R#&Hd-sN8@`&ph7V@F4bg4^SPjA??+YvWa&E zIq=@Y&XwO*h3uR$H$6(%_H?K4>hhZUV?lhMUAMy4Ct?x%Z9J18Of3;y(lKmO<`O9+);N)-|u}SC}Pl8 z;xgdcR`M8!n+hapn~>e7z94#78|JRM+*3Gi^Y?ig^_{2BLs-BlXkc)t@XU&{zwFMz zx9=T3v8=4GgO{;&QG@TT>nmhDXdj_`dR|ar6AV1?WbyYAz$Czlz4MYgKUTdgK15pm z;w|%S8bF84&)e9)*I!I`M$UeeKG4yrQ*?O^1|AnC0c<<7I50K!&g zPYI|x+NSa^phy~)Z6&HdN;I|gtDigpf5`i*tJYvC5%-3jNKtGn4ad4QkS%ZXzS1hb zI&;OB4s|x|(|AY^V>N*fnKd(g&rCFDnXx+ihkzARYj(uuPZaxDU2AUL$xY!z7dKaZ zo~PS-M%b#o?pQ)>4}V@;qn!VpsBwSs5r5aN#&w3Z7uExB%{$vM_8#Sq#LTWIl2+Zu zhpphR*um$c(E_ddK7neyz@ WFh)0i^!$BBc>k8-q1x5AT>k?d3 Date: Sat, 1 Mar 2025 18:05:30 +0100 Subject: [PATCH 20/37] Ajout element-web --- hosts/vm/periodique/default.nix | 3 ++- modules/services/element.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 modules/services/element.nix diff --git a/hosts/vm/periodique/default.nix b/hosts/vm/periodique/default.nix index e0a5ea4..f5ac28e 100644 --- a/hosts/vm/periodique/default.nix +++ b/hosts/vm/periodique/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ ... }: { imports = [ @@ -6,6 +6,7 @@ ./networking.nix ../../../modules + ../../../modules/services/element.nix ]; networking.hostName = "periodique"; diff --git a/modules/services/element.nix b/modules/services/element.nix new file mode 100644 index 0000000..114d58e --- /dev/null +++ b/modules/services/element.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + imports = [ + ./nginx.nix + ]; + + services.nginx.virtualHosts = { + "element.crans.org" = { + root = pkgs.element-web.override { + conf = { + default_server_config = { + "m.homeserver" = { + base_url = "https://crans.org"; + server_name = "crans.org"; + }; + }; + default_theme = "light"; + features = { + feature_video_rooms = true; + feature_group_calls = true; + feature_element_call_video_rooms = true; + }; + }; + }; + }; + }; +} From d1490196138f3a524ff8156a31882a78bfcbdc72 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Fri, 27 Jun 2025 19:42:52 +0200 Subject: [PATCH 21/37] =?UTF-8?q?Mise=20=C3=A0=20niveau=20p=C3=A9riodique?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/vm/periodique/default.nix | 16 ++++++++++++---- hosts/vm/periodique/element.nix | 28 ++++++++++++++++++++++++++++ modules/services/element.nix | 28 ---------------------------- 3 files changed, 40 insertions(+), 32 deletions(-) create mode 100644 hosts/vm/periodique/element.nix delete mode 100644 modules/services/element.nix diff --git a/hosts/vm/periodique/default.nix b/hosts/vm/periodique/default.nix index f5ac28e..e59b98a 100644 --- a/hosts/vm/periodique/default.nix +++ b/hosts/vm/periodique/default.nix @@ -2,15 +2,23 @@ { imports = [ + ./element.nix ./hardware-configuration.nix - ./networking.nix - - ../../../modules - ../../../modules/services/element.nix ]; networking.hostName = "periodique"; boot.loader.grub.devices = [ "/dev/sda" ]; + crans = { + enable = true; + + networking = { + id = "18"; + srvNat.enable = true; + }; + + resticClient.when = "02:56"; + }; + system.stateVersion = "24.11"; } diff --git a/hosts/vm/periodique/element.nix b/hosts/vm/periodique/element.nix new file mode 100644 index 0000000..518da13 --- /dev/null +++ b/hosts/vm/periodique/element.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + services.nginx = { + enable = true; + + virtualHosts = { + "element.crans.org" = { + root = pkgs.element-web.override { + conf = { + default_server_config = { + "m.homeserver" = { + base_url = "https://matrix.crans.org/"; + server_name = "crans.org"; + }; + }; + default_theme = "light"; + features = { + feature_video_rooms = true; + feature_group_calls = true; + feature_element_call_video_rooms = true; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/services/element.nix b/modules/services/element.nix deleted file mode 100644 index 114d58e..0000000 --- a/modules/services/element.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ./nginx.nix - ]; - - services.nginx.virtualHosts = { - "element.crans.org" = { - root = pkgs.element-web.override { - conf = { - default_server_config = { - "m.homeserver" = { - base_url = "https://crans.org"; - server_name = "crans.org"; - }; - }; - default_theme = "light"; - features = { - feature_video_rooms = true; - feature_group_calls = true; - feature_element_call_video_rooms = true; - }; - }; - }; - }; - }; -} From 890e6fb2373b0363f34e8f6471ff312ddb3b02f2 Mon Sep 17 00:00:00 2001 From: korenstin Date: Sat, 28 Jun 2025 18:27:29 +0200 Subject: [PATCH 22/37] Reverseproxy --- flake.nix | 5 + hosts/vm/README.md | 4 + hosts/vm/reverseproxy/default.nix | 34 +++ .../reverseproxy/hardware-configuration.nix | 33 +++ hosts/vm/reverseproxy/reverseproxy.nix | 198 ++++++++++++++++++ modules/crans/networking.nix | 2 +- modules/services/default.nix | 1 + modules/services/reverseproxy.nix | 177 ++++++++++++++++ secrets.nix | 2 + secrets/acme/env.age | Bin 1304 -> 1414 bytes secrets/apprentix/root.age | Bin 1004 -> 1004 bytes secrets/common/root.age | 72 +++---- secrets/neo/appservice_irc_db_env.age | 39 ++-- secrets/neo/coturn_auth_secret.age | Bin 1079 -> 1079 bytes secrets/neo/database_extra_config.age | Bin 1187 -> 1187 bytes secrets/neo/ldap_synapse_password.age | 38 ++-- secrets/neo/note_oidc_extra_config.age | Bin 1555 -> 1555 bytes secrets/restic/apprentix/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/apprentix/base-repo.age | 36 ++-- secrets/restic/client_env.age | Bin 1965 -> 2075 bytes secrets/restic/jitsi/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/jitsi/base-repo.age | Bin 1081 -> 1081 bytes secrets/restic/livre/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/livre/base-repo.age | Bin 1081 -> 1081 bytes secrets/restic/neo/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/neo/base-repo.age | 36 ++-- secrets/restic/periodique/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/periodique/base-repo.age | Bin 1091 -> 1091 bytes secrets/restic/redite/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/redite/base-repo.age | 38 ++-- secrets/restic/reverseproxy/base-password.age | Bin 0 -> 1235 bytes secrets/restic/reverseproxy/base-repo.age | Bin 0 -> 1095 bytes secrets/restic/two/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/two/base-repo.age | 38 ++-- secrets/restic/vaultwarden/base-password.age | Bin 1235 -> 1235 bytes secrets/restic/vaultwarden/base-repo.age | Bin 1093 -> 1093 bytes secrets/vaultwarden/env.age | Bin 2951 -> 2951 bytes 37 files changed, 604 insertions(+), 149 deletions(-) create mode 100644 hosts/vm/reverseproxy/default.nix create mode 100644 hosts/vm/reverseproxy/hardware-configuration.nix create mode 100644 hosts/vm/reverseproxy/reverseproxy.nix create mode 100644 modules/services/reverseproxy.nix create mode 100644 secrets/restic/reverseproxy/base-password.age create mode 100644 secrets/restic/reverseproxy/base-repo.age diff --git a/flake.nix b/flake.nix index 635d62f..8785258 100644 --- a/flake.nix +++ b/flake.nix @@ -70,6 +70,11 @@ modules = [ ./hosts/vm/redite ] ++ baseModules; }; + reverseproxy = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/reverseproxy ] ++ baseModules; + }; + thot = nixosSystem { specialArgs = inputs; modules = [ ./hosts/physiques/thot ] ++ baseModules; diff --git a/hosts/vm/README.md b/hosts/vm/README.md index 1e4607b..84466b6 100644 --- a/hosts/vm/README.md +++ b/hosts/vm/README.md @@ -22,6 +22,10 @@ Serveur Matrix, bridge IRC <-> Matrix et interface admin pour synapse, accessibl Serveur redlib (client WEB alternatif pour Reddit), accessible à . +## reverseproxy + +Serveur qui héberge un reverseproxy et une instance de anubis. + ## two Serveur NixOS de test. Vous pouvez vous en servir comme base pour la configuration d'une nouvelle machine. diff --git a/hosts/vm/reverseproxy/default.nix b/hosts/vm/reverseproxy/default.nix new file mode 100644 index 0000000..cc37e51 --- /dev/null +++ b/hosts/vm/reverseproxy/default.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + + ./reverseproxy.nix + ]; + + networking.hostName = "reverseproxy"; + boot.loader.grub.devices = [ "/dev/sda" ]; + + users.users."nginx".home = "/var/lib/nginx"; + users.users."anubis".extraGroups = [ "nginx" ]; + + crans = { + enable = true; + + networking = { + id = "51"; + srvNat.enable = true; + srv = { + enable = true; + interface = "ens20"; + ipv4 = "185.230.79.42"; + }; + }; + + resticClient.when = "03:42"; + + }; + + system.stateVersion = "25.05"; +} diff --git a/hosts/vm/reverseproxy/hardware-configuration.nix b/hosts/vm/reverseproxy/hardware-configuration.nix new file mode 100644 index 0000000..f512116 --- /dev/null +++ b/hosts/vm/reverseproxy/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c4c2de17-2965-4c0a-b4c5-7d518712c9aa"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + # networking.interfaces.ens20.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix new file mode 100644 index 0000000..c3315cc --- /dev/null +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -0,0 +1,198 @@ +{ pkgs, ... }: + +let + anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml" + '' + - name: whitelist-crans + action: ALLOW + remote_addresses: + - 185.230.79.0/22 + - 2a0c:700::/32 + - 46.105.102.188/32 + - 2001:41d0:2:d5bc::/128 + + - name: no-user-agent-string + action: DENY + expression: userAgent == "" + + - name: ban-gpt + user_agent_regex: ".*gpt.*" + action: DENY + + - name: ban-bot + user_agent_regex: ".*(b|B)ot.*" + action: DENY + + - name: ban-WebKit + action: DENY + expression: + all: + - userAgent.startsWith("Mozilla") + - userAgent.matches("AppleWebKit") + - userAgent.matches("Safari") + - userAgent.matches("Chrome") + + - name: ban-Barkrowler + user_agent_regex: ".*Barkrowler.*" + action: DENY + ''; + anubisMirror = pkgs.writeText "anubis_mirror.json" + '' + { + "bots": [ + { + "import": "${anubisBotsMirror}" + }, + { + "name": "allow-repo", + "path_regex": "^...*", + "action": "ALLOW" + }, + { + "name": "deny-other", + "path_regex": ".*", + "action": "ALLOW" + } + ] + } + ''; + antibot = pkgs.writeText "antibot.yaml" + '' + - name: whitelist-crans + action: ALLOW + remote_addresses: + - 185.230.79.0/22 + - 2a0c:700::/32 + - 46.105.102.188/32 + - 2001:41d0:2:d5bc::/128 + + - name: no-user-agent-string + action: DENY + expression: userAgent == "" + + - name: ban-gpt + user_agent_regex: ".*gpt.*" + action: DENY + + - name: ban-bot + user_agent_regex: ".*(b|B)ot.*" + action: DENY + + - name: ban-WebKit + action: CHALLENGE + expression: + all: + - userAgent.startsWith("Mozilla") + - userAgent.matches("AppleWebKit") + - userAgent.matches("Safari") + - userAgent.matches("Chrome") + + - name: ban-Barkrowler + user_agent_regex: ".*Barkrowler.*" + action: DENY + ''; + anubisChallenge = pkgs.writeText "anubis_challenge.json" + '' + { + "bots": [ + { + "import": "${antibot}" + }, + { + "name": "challenge-other", + "path_regex": "^*", + "action": "CHALLENGE" + } + ] + } + ''; + anubisMirrors = pkgs.writeText "anubis_mirrors.json" + '' + { + "bots": [ + { + "import": "${antibot}" + }, + { + "name": "deny-other", + "path_regex": ".*cdimage-.*", + "action": "ALLOW" + }, + { + "name": "allow-repo", + "path_regex": "^...*", + "action": "ALLOW" + }, + { + "name": "deny-other", + "path_regex": ".*", + "action": "CHALLENGE" + } + ] + } + ''; +in { + crans = { + reverseProxy = { + enable = true; + virtualHosts = { + "eclat" = { + anubisConfig = "${anubisMirror}"; + httpOnly = true; + target = "172.16.10.104"; + }; + "eclats" = { + anubisConfig = "${anubisMirrors}"; + target = "172.16.10.104"; + }; + "install-party" = { + anubisConfig = "${anubisChallenge}"; + target = "/var/www/install-party.crans.org"; + serverAliases = [ + "i-p" + "adopteunmanchot" + "adopteunpingouin" + ]; + }; + "lists" = { + anubisConfig = "${anubisChallenge}"; + target = "172.16.10.110"; + }; + "mediawiki" = { + anubisConfig = "${anubisChallenge}"; + target = "172.16.10.144"; + serverAliases = [ + "mediakiwi" + ]; + }; + "mirrors" = { + anubisConfig = "${anubisMirrors}"; + target = "172.16.10.104"; + }; + "mirror" = { + anubisConfig = "${anubisMirror}"; + httpOnly = true; + target = "172.16.10.104"; + }; + "perso" = { + anubisConfig = "${anubisChallenge}"; + target = "172.16.10.31"; + serverAliases = [ + "clubs" + ]; + }; + "wiki" = { + anubisConfig = "${anubisChallenge}"; + target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas + serverAliases = [ + "wikipedia" + ]; + }; + }; + }; + + services = { + acme.enable = true; + }; + }; +} diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 97f7c4e..42b43fa 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -130,7 +130,7 @@ in ipv6 = { addresses = [ { - address = "2a0c:700:2::ff::fe01:${cfg.id}02"; + address = "2a0c:700:2::ff:fe01:${cfg.id}02"; prefixLength = 64; } ]; diff --git a/modules/services/default.nix b/modules/services/default.nix index 9c1cafb..5c91cc2 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -6,5 +6,6 @@ ./coturn.nix ./nginx.nix ./restic.nix + ./reverseproxy.nix ]; } diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix new file mode 100644 index 0000000..177093c --- /dev/null +++ b/modules/services/reverseproxy.nix @@ -0,0 +1,177 @@ +{ pkgs, lib, config, ... }: + +let + cfg = config.crans.reverseProxy; + + allowAll = pkgs.writeText "allow_all.json" + '' + { + "bots": [ + { + "name": "allow_all", + "path_regex": ".*", + "action": "ALLOW" + } + ] + } + ''; + inherit (lib) + cartesianProduct + literalExpression + mapAttrs + mapAttrs' + mkEnableOption + mkIf + mkOption + nameValuePair + substring + types + ; +in + +{ + options.crans.reverseProxy = { + enable = mkEnableOption "Configuration du reverseproxy."; + + virtualHosts = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + serverAliases = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ + "everything" + "voyager" + ]; + description = '' + Déclaration des alias. + ''; + }; + + target = mkOption { + type = types.str; + default = ""; + description = '' + Indique la destination. Il peut s'agir du chemin vers des fichiers statiques. + ''; + example = "172.16.10.128:8000"; + }; + + anubisConfig = mkOption { + type = types.str; + default = ""; + description = '' + Chemin du fichier de configuration + ''; + example = "/var/www/anubis.conf"; + }; + + httpOnly = mkOption { + type = types.bool; + default = false; + description = '' + Interdit les connexions en ssh + ''; + example = "true"; + }; + }; + } + ); + default = {}; + example = literalExpression '' + { + "framadate" = { + host = "176.16.10.128:8000"; + serverAliases = [ + "everything" + "voyager" + ] + }; + }; + ''; + description = "Déclaration des machines."; + }; + }; + + config = { + systemd.services = mapAttrs ( + vhostName: vhostConfig: { + wantedBy = [ "multi-user.target" ]; + } + ) cfg.virtualHosts; + + services = mkIf cfg.enable { + anubis = { + defaultOptions.group = "nginx"; + instances = mapAttrs ( + vhostName: vhostConfig: { + enable = true; + settings = { + BIND = "/run/anubis/anubis-${vhostName}.sock"; + BIND_NETWORK = "unix"; + TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; + COOKIE_DOMAIN = "crans.org"; + REDIRECT_DOMAINS = "${vhostName}.crans.org"; + SOCKET_MODE = "0660"; + POLICY_FNAME = + if (vhostConfig.anubisConfig == "") + then allowAll + else vhostConfig.anubisConfig; + }; + } + ) cfg.virtualHosts; + }; + + nginx = + let + domaines = [ + "crans.org" + "crans.fr" + "crans.eu" + ]; + redirectConfig = mapAttrs ( + vhostName: vhostConfig: { + locations = mkIf ((substring 0 1 vhostConfig.target) != "/") { + "/favicon.ico".root = "/var/www/logo/"; + "/".proxyPass = "http://${vhostConfig.target}"; + }; + root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target; + listen = [ + { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } + ]; + } + ) cfg.virtualHosts; + aliasConfig = mapAttrs' ( + vhostName: vhostConfig: nameValuePair (vhostName + "-alias") { + enableACME = !vhostConfig.httpOnly; + forceSSL = !vhostConfig.httpOnly; + rejectSSL = vhostConfig.httpOnly; + serverName = "${vhostName}.crans.fr"; + serverAliases = let + aliases = cartesianProduct { + name = vhostConfig.serverAliases; + domaine = domaines; + }; + in [ + "${vhostName}.crans.eu" + ] ++ map (value: value.name + "." + value.domaine) aliases; + globalRedirect = "${vhostName}.crans.org"; + } + ) cfg.virtualHosts; + anubisConfig = mapAttrs' ( + vhostName: vhostConfig: nameValuePair (vhostName + "-anubis") { + enableACME = !vhostConfig.httpOnly; + forceSSL = !vhostConfig.httpOnly; + rejectSSL = vhostConfig.httpOnly; + locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; + serverName = "${vhostName}.crans.org"; + } + ) cfg.virtualHosts; + in { + enable = true; + virtualHosts = redirectConfig // aliasConfig // anubisConfig; + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index b7a9526..dbec4ca 100644 --- a/secrets.nix +++ b/secrets.nix @@ -37,6 +37,7 @@ let neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGfSvxqC2PJYRrxJaivVDujwlwCZ6AwH8hOSA9ktZ1V root@neo"; periodique = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTdfSIL3AWIv0mjRDam6E/qsjoqwJ8QSm1Cb0xqs1s1 root@periodique"; redite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwfVmR3NjZf6qkDlTSiyo39Up5nSNUVW7jYDWXrY8Xr root@redite"; + reverseproxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOx/lUQE6naP3EBy81sr93X8ktZmivU09ACx6T43Odhb root@reverseproxy"; thot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKNg1b8ft1L55+joXQ/7Dt2QTOdkea8opTEnq4xrhPU root@thot"; two = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpaGf8A+XWXBdNrs69RiC0qPbjPHdtkl31OjxrktmF6 root@nixos"; vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICn6vfDlsZVU6TEWg9vTgq9+Fp3irHjytBTky7A4ErRM root@vaultwarden"; @@ -49,6 +50,7 @@ let acme = [ hosts.jitsi hosts.neo + hosts.reverseproxy ]; # Fonctions utilitaires diff --git a/secrets/acme/env.age b/secrets/acme/env.age index a550ebd3525b6edeeec568a7870a842c82acb1f0..72ebb92fc372af3526f5832fd7344fce75f75d5f 100644 GIT binary patch literal 1414 zcmZY7@9Pr<0LO8Qgj&CR&;tX7eWCh7=e*r*_lqdH+wJal+it&Zx7!uL?)P@PU%TyY zyHE?#f*uH2T1HTb(U%@b5tyh{LYf8^SV$q2s2QY0gh+*uJ?!gW@Z$a9Gq8-D;c1ga zFdh2dW`AOVF_g(Yk&PldXXr43Kty&Z>X<=hS*=k)xgypnkI5cCPFbQpCD~Y$C``xoxvtjcR1p`AVza+mV@sMOli4PsH08WcSVWH~VXa!Jkz_u~?6c!tt=&Cc}=E{Ley5HL!WpB9H=C<~c%VFp5Odc8rje?-*>K zDxj#T@Dyl-Fvh8Qg2(`}>QFJ8plMP|?OCCI6M{W$7#p>I5RDdGti$4j(V%vI^@^jvL(bu#QV5-EUzzAGRxBv%98#iT*1 zLUg1y7^T>q*<{8=niSSdJ1t1|VM8f|lbT9W5;FFnNfb{7lpKpjnv5X%mNr(fJ8Y5- z7JLE%NMYEs;e?EdUaMUXEmj4oh34ueX(m0}S4^Cy`k7iS@ESrs#c&HG@Osa76t9x+ zHl-dg6N!lBK+Kuaa>C)x>Lm@iPEN_JVw7pBNc);Fo;pOMF>1rZ8f%ts#xiA@t}7GY zp6S&=*Y0OV02?HcJL~g84956^ar%o`SELlE`g4IG=~Sm>A(__4{%Q@eWnXJ$p<)w- zXCAhg*h0lKgoWTv^+}p1DKxZO2->kh&_GOyhn!5M&DCd3Q7GsV&RT3!5p54gYwE!A zZNM}&fhvexS2XP^p2_8M*)r0>+8wH1l9UcFD{$y)xNfx|Ep~%hI_U$JDtTQY7OTaK zcK@ce?|lBx6ghJ2uG{u(IeUWboaRsMbT4(zR7ICkTKJ70p{3b#-G-n{(c_eY=Fu=$VuyMi|_1E)VZci;tl z|Gwo{;-5F3ihlfQ>5&ibdE*+sZ|CcSr8B3m9KKrEa_J)f=fTV3yNA~uZ*w8DVe2!6 zttVHu?cVeQKwV$|QGVBn_R_h1FW=a9_s5yX&L95Z$hGjrce_}5wM>&N3g->vy&=bE?AJio*H K=K7b(eb&D+Me%t6 literal 1304 zcmZY5%kR?!0KoAO^)me-h9G)SDk0%8f41w^Zat{9dvxn->$4c0_UNp#!%n^OJA__1LyN zZjXh8lh81B9f{4s>1+VXlMtg9Q+G1W;(AxE6x^ZHCqtuYnFA~es2 zKIn@LFUS|XyseE@Wul=ugpD19%WIO zW%ZHQ7nE!YOA|-Twb}~nwatcPmTYAnC5@!Y5ra}ao{6e68>wp2nb0GC|MW87Dvgjl@lPcY;;W`YYefri4QydV4 zv7}9vViiX^5dhFI2R<{cBzpRLZS(&MG325TvC(u zX1yKdQO-=_vTbx~Y)O;;cM`GXK;r?k8x~R0B}xnldbWZgYIBaKs*1&>TA!Bhw9vZU zEinTk&iO{r4n!C78;MNIH0DHnWro2HMW+2l$}W|z3c0J(Z1tB?fnDCcK<_CeC-1q{y?Fe-zYaf`13sJ9{Q9*&HV!U5d;Zp5 z?BJI86+gYPf_OJyJ3ADB%Li`VSib??dYRS_eqU5x`19SnuBEG+ZucHJ(p)`PyZBtR gy1sR||ID{?|KgK7$uHLJdhk*5%A41Yoq^u|2Q;q9;s5{u diff --git a/secrets/apprentix/root.age b/secrets/apprentix/root.age index bbffde01dbd945f9cc53d21fbd5f99fa4a697315..97706aef90355a432bc2fb2afc0fdac99824cb8c 100644 GIT binary patch literal 1004 zcmZY6%gWqj0LF0brZ&%Gs#9slYE)UOeTlPVUpcU4sXuK$#KbZfWjmU437703C5?^8?)X$tDU3n#MUe z@K2HqV0N}tloEW?W|6Hwxv_E^PHfp*1%K4(vH+lDBVV713_!u6dHs+}qppzm7>r;q zWL(QvjGH2P=ft7CJq)7$P*~DOtx3mCL(mKyO+r9UFi)qs0lL_qE@j1BRkLZ*xVce2 zd*d$WQw{uW&&GI`amEC(X@n2z&|-_Ijs(_=ikg&hcBL?yul%9fW6p@T!d=FK|5%K0 zMD>3y)V-kYVs=;DsLNm+D@H2?JvTzr^K?X#+q6TqX{vFYg7!2*O&2gtYMyF_N zTAMd=xx08h?{aPprPgz11h9`++!Inb8?fvK>J_PWeWVF3%V1GvTiQ}p;>~XKdZ856*KB5$+vT^rO8?iNFO8fux?kiV?UK*0d`_ zyVFFQHV|=){?{g-lCwO)*UGEX{h|saV|Er9U!vfwBSmmK7e&|YEk>>Ox!pa*i5fbt zqh(m3Fd+&Js4-7~>YPTC4#(ZWR=1fn=wcV}1Ba68zyxYn-R44u*-$Ikl%(lG-VrepVz3k)dyku$P8Qw5*Vzu)U z&U>uU$)yeqc%b5t2TSi>GW593%d2|c9l1J22Tchz3rAFWENS(?x&V^Pr_{a0=iX5r zwr~ym!7=j(8S^B0Z`2Dp9ZO>cwZ^YJwApN6Vb&hjEmy{-gourFWm9rI&nL`BJCmE_ z;N#nUHv2f*Loc5E_|*sgne(Rj>DNELefit(?dPAo#lQIT%h%GYufMThf2w@e)A#33 XyuW`=Uc7IC{8}iqyn?$qyOS=ygu973 zlY>z=6CHFo(@DIH{-5AWz8K`Iyi0FSI97f4aeo8&L?EkA(P1c8c}6k}A)x8m+9?3F zRo7)?;t~^LqV;*FH)PNo-SxP5-61_L^bmP8o@-eM5J-uZAJ1@DN7gg!CM|zd1-$VJ z*`Jf-i7#0&Es4mMiTR%ft7!#EhDGyPN~swY>xEi4PMe>3;`ngWp73;It(zvh6?R>? z?Xi9=T=D4VoI&VnM=ggk#BNqK-cxWQw|hZ|D#j!f$lsEx29!B?KC@~5XR(rjJO5hv zzS@CyV8blHK(F1R;@kjG$fb9Mc)kv5{gQ^eV)1Jcab?v^&O#Ool59}x$Pm^+aD_bU z2xT5xn_Dc!*oE7k`}F0aM((nQi|RS~BuQ?A4N=A73~tl?Kyh2su@#dL{pP4g(2(G1 zaw85NlTM0L97&zZ6b&a;C*Lw?fll zWxP1B>zA5hl?P=;qtrbulUkpJYufWhVrFyCf;>=xbF?ocDEV$%CW)L;CK7F_Xxz)T zCj+h>1m1Jf#o!xE?~2ET5aytYfbXY4LJu#s{A7xwh(g^BwynsHpl$DQOUCyry}c}r z5akbtSc-_9@TKa*SON&v#9l%O2F;n;7|stqyT>63Z&t1}7OQS|k!4>F6*dywh55cYK1nfV4d`CjSZT};530d>*Gej?{N(k%h@eh=^XmK z*|(1fd5gsFeyu+G>-{$$exkhjM*Q*%`|oUi@6YeQ`lSiae|$b9Z`mJSfBpJ982|X$ SZ_@|#&p+wEGw;5AHU0x(K~2m6 diff --git a/secrets/common/root.age b/secrets/common/root.age index 8625a46..f7dff4d 100644 --- a/secrets/common/root.age +++ b/secrets/common/root.age @@ -1,36 +1,38 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg HOeKe2eK/aS5I03IhDzGxNmTYjsl3voLEZzo1Eo6tU4 -5kDl8YdkXlldYxDAA9d7ZY7U7dDXK90gGlC0rZbKssM --> ssh-ed25519 iTd7eA 4b9kmbrtMR0wqxGPp+zSinQkBrrpphUqDPU8znOKGgo -OLhmXA+tWFeIXvjHFPHxcqT4kI3u4ZjCkqQnh9jjl7U --> ssh-ed25519 h5sWQA 0CdrNIrGvOV5MbbruvofVYSSvvFZTo2NKIe5ObGskRU -NV8yW4h53LbM4z7h65gX6gjZvSzrMES88+TigkNYsjI --> ssh-ed25519 /Gpyew rzL9LqVqxaBtHpXV/J4waJtYKXMfYENvmPTOT71bxk0 -+BvI574uhXeYggaCsCdk41ngl9SmDDMEkIM6Y9gzVXc --> ssh-ed25519 FtI9pg 8qEeHhQb1Si9kAxbeHOj2S5cAOxRKIxFI0CDBhRzLwc -Zm+ecEMJf+KybsIPZPhwm4IM1cyb3mu8OeuRebqecdA --> ssh-ed25519 hTlmJA lumh1xqYQtE9dgi1IWy86u6BURcR+o2skd1Qv5VJYTg -58HTMO2z80oGNdAJbP5+8IBiHPyux6rZGd50jfG1xp4 --> ssh-ed25519 LAIH1A hEZ2oJzLTpZjzKHohaTjjv7a2eZXa8sRioUY5doWVFo -63wnlO8v8zf25z+Thu7b/SbJxHcb9YXkhFlxAscgl9o --> ssh-ed25519 qeMkwQ d7iWnCnWqlI4zahgvjgqsihXoyivln/FOCQqnYCwoyw -H0a0zCTE1cW5oW+aTJrtBnVGJLxsfjmGB3r9FyWl3UA --> ssh-ed25519 TqxOLw ctsxZCLOpeALmB98dzyiEq2ZUOxAvxHUKSR7qbzTjwA -apaDGw8eBs0BNPoi0qC7FR2Otqr7m3vby2M7F3cbHbo --> piv-p256 ewCc3w A8b7dyXfbD02u9w3dR6O5zI38vk5ugVqLDCENdcQfY/d -OETvwkXXQZWUeOiqpOn5IZ4c+EOAaZFFehWY9vGqCd0 --> piv-p256 6CL/Pw AyHxDyxvA9gv4d5be5yXnGGavgeHITRV1x1gNiY5z/cz -zcXakgy9Hr1R3eXrgYI1t8RozOjlAdUh/lXS6siL/MI --> ssh-ed25519 I2EdxQ hXSBASbQg06854UxXOGnTJBRMXiehol3KjIG+LU35wM -cUsysgvO/y3Kd/iDvkUPyHkiFS+J6gDKMMIXSi2Yr60 --> ssh-ed25519 J/iReg z/L3B+/EL7fW2t3MFGDLn6+2YzxhQqitFabi7GVjsX8 -nHyC+TpPKb3Iqm+YKXt5otuO785f1T7E49hWCt6zOSE --> ssh-ed25519 GNhSGw VDYQnBCfmDZbirQRkv/miOU31TYZafRxckltnbGdGi0 -j7reZzDf3SJTzN1q8xZY+LMdTncli/5ia9aBi8yt4Zk --> ssh-ed25519 eXMAtA viKyTQHsrPGy0MLicGAR/CzOavCyTgsV5KNnydNRDDE -m68TXreCwUQnhWbBqxAZ0ujYcn4kXKmNb89/2+0OAuQ --> ssh-ed25519 5hXocQ tHX/UfzefaF0YPdIUja4weKyEWv0LWIFaAnpLODMbDE -0ium7CQZBqQfH0s90ArJ+3FEp6EARZSqcet365TLyI0 ---- PUvC1MJkkbgfTeLAx3F6vSb3WzBmUX+QtR0on6Svvck -}sޭR*dv -u8aBc%*+<:&ڠjD^/~qͪ(F=g$ \ No newline at end of file +-> ssh-ed25519 2k5NOg cR5ohdfnKc3NNlGxdVDsLe+jAmLBIfOiaGfFAPPmrTg +848H6k08p4PzbkD+c4AdtGAK0D3fxFFOEzrvqvFDgbg +-> ssh-ed25519 iTd7eA AWwcHOwmn5hHn3POEFF5pJpvWJ8lcbrMe3n3JqBfyX8 +D2PdIh6BFBocjfNeDLY6f9Th0yixTBp7V6sMVEzoXjY +-> ssh-ed25519 h5sWQA pWqJ5nuVHkg6rFvGn+8tkdH/cKQ/xwIMED/giZeCOGY +GOKAPL951GOkyQxM2SEst9Yv7Omhp+y22zW/Vbu0x0Q +-> ssh-ed25519 /Gpyew kRpo5sKEN283fFQpr2ML9GuhpugiqRsQ0Ezc4BjBKlQ +8hKJmmgoNapIruh1hc+EUyB/uZVKvtZrocPPd68naMk +-> ssh-ed25519 FtI9pg Ieby+KtL7TViX81m58F+y1Ll3aZubWndFBOpVEEr5jQ +JhpUwA+U5ppm+SCPzQ0JNA/hjGGUGd+6xpDenjPsnt8 +-> ssh-ed25519 hTlmJA HTUuHAiK0jRB86m9kxk+K/U9b7cnTLwJ6DizUhpNOjw +T6VuoPzd196TizLAJgi4xa4pMXlF8nzrbQMENRbRlY0 +-> ssh-ed25519 GCcVXA 9mjW03T5ockAAAtZtVjIZTIYOXwaCeG4nAK+K/97EDs +yYYVpyomBECUSw+huUaX7p9TdBclUukd0m1tZbrOP/0 +-> ssh-ed25519 LAIH1A 6aYzD3onWE/lZE22Y+ZRcXqZX8ODq8gM84fvtIuG3ws +kuNjmtOxsCC6xpsMpDN+d5/nmKgKo5Q2n/NvVEJGqVk +-> ssh-ed25519 qeMkwQ UkTD2aRW1DcE1pwwcUY5jdzFry47IOfrgcFeb/7U0iE +0K3bYslOGMvhvD52C/OYKWLCSD/GFYUnbAMNGOwJ4O4 +-> ssh-ed25519 TqxOLw ucyZoaPMI+iC/lC8fdZlSwL70ScqA/18rFgZKGrWbw0 +fNLP3zECUQUOz33Rf2XZLHiY4uSt6oc0z5U7x0GBmtc +-> piv-p256 ewCc3w AocWW7SEg3MVI/sCjCHu9obVVVVbFcfFazpmTTR+PRMj +498jlz/DJgqzZxmvF6sRHruaOK9ssXpuM1UfbZwzWE0 +-> piv-p256 6CL/Pw Au/taJ3kM3uj06PdSgUPHC6UVCCOYDbMY2m2Eofbi63V +9NRjQxdkGM6lNnRvqWyR7ugweuvw4R6oCG2Qm8JBPuk +-> ssh-ed25519 I2EdxQ nek4QEs28RjB5LmGI8QmI+PovaBsP20H58HLft9t314 +7kD4VKhSe8GVI6G5nEEB9S75nqiWcw2KIq5yXQW6pkM +-> ssh-ed25519 J/iReg NaSxlV2jBjaEHjddB2x5wiUfu8dqzgPOKB1vaRo8cUY +b2Wak21uSh9FEcCsXAc9zjuakI0B7e2D4j1EmyKHCS4 +-> ssh-ed25519 GNhSGw /0K7Q0S2PLsIa4gFjFpwcXYHhRuDdRJH16FMX2/tJhs +ti7iUykOROYtos8+jPlQoyCur3hhgZumzzaqHwE/k/g +-> ssh-ed25519 eXMAtA wx6srIjvJ9E+lZzvg6jvtAVmTg/0B6x6f1zv8D6LuEE +iFjLVZ/c/pevSRzoBUee07TX2/tVFUThvvP6Bek4LIQ +-> ssh-ed25519 5hXocQ an1+7W1qN6bEdGXBfio99DzkTcZC6gEOm2ZQe11x5Us +cbPU+Ih4aUVSOOveg/mQnV57Tn8boE4CKusOag5ZgNU +--- Ya9fvOnvystGbDpL8ti3cqD4sNIaMNF1Yv8OuviMgjI +Vj&qnZ6#;8BCGE1Wsb +4. 0cjA]I#M \ No newline at end of file diff --git a/secrets/neo/appservice_irc_db_env.age b/secrets/neo/appservice_irc_db_env.age index 45a9099..e7635bd 100644 --- a/secrets/neo/appservice_irc_db_env.age +++ b/secrets/neo/appservice_irc_db_env.age @@ -1,21 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew YVx7IZ+WDpGomt0tU3+KysRGtOidN460zNNLuT61HkA -ELYa1OqUFYqOqMrEyQIfUUWXWhYqCy0s9/SmOVFUvFA --> piv-p256 ewCc3w AjjDfaGF/im0hTAtKcNCzEUi8hM0VJj05y1KA7Fsz+d1 -Tur19NeaxPBbPEN+6zAnOFvdGuQVC1VkbmHlfikHT0I --> piv-p256 6CL/Pw A2dW6q45SBlXUKA5vTDDsXU4ZOSaAV2htfyMJcWTUpoO -h5yO5/9QNEOB872c2SdSbUZ7vRmYS1HTfqKJgZRwP8Q --> ssh-ed25519 I2EdxQ toLPTW6TrKZx1K5y1mN3gODSFpVfT4KU31v5XjJOQ2s -Do/p+oK4axHDjSfTVWtcdZRQFt2OPps0n9cA4Tp6lBo --> ssh-ed25519 J/iReg a4su4Gi/kohEXVXMZszlCWEQlkHNmLOH1t1P0Ssuqlc -03enelm16WI1AP4vAJbieDNGwFQSw52WeZ+isQhWQ8E --> ssh-ed25519 GNhSGw 22EAbCwSIY3SirGolGVRzvRSE164PFD+MOnr0aJSqVQ -YMeQhP95Bi/e7oNri11/W86b0ALkSyuFJ+hptOUy61g --> ssh-ed25519 eXMAtA sWsPopzbV8Ls82wmBwbnV5hCAlznq4TWO2paWn2RnRw -eDlZQr1F3FtuXDqc84vD3QUZzYNAsJe3L4Abw9Oqxnk --> ssh-ed25519 5hXocQ u7/+FfeY9SwM1wuqeOHgsYpq/g/o10+8Q8AA5ODBWRk -mA1+vo/7nM3GyrL5UtdyOwpTHdVcZQ8mtVX6xuk9cmA ---- /cchAACEC4BclR+km+6nZZjLkIteeIG8kt974NLjwlw -IFb)HӂDH2Co c(xXgPiVG+!H5Yn4jIfJdMK5GՔף7_!oFlcݓ/UNsmMӱ|o3 -E@ -,2?J{?7M|S ѷVWӔ| 7l~2ı/lP \ No newline at end of file +-> ssh-ed25519 /Gpyew CfIsypY8RtS9xiEz41Os6yTEJ0jLyq9abLnmD1BmIxo +kY6DRThZg1hsZsy5NtIwvronzqY+DntxMi/oJU2Lj1I +-> piv-p256 ewCc3w Axo2RjgPlDAGnV1KDiFwrKyYeb0ScsjaQ0ayZqWEusHm +FSPAP9v5jXgaus25xR94woquDnz6CCPawXpzUxgLBEw +-> piv-p256 6CL/Pw AxaFajLGlSPKOL3C13kdA5txo3XzaGyyJrEDeR5EGZFX +qNSby8foc3TUeMRkbLGEf/KhGMftfDdVs0yF/RJ0LBk +-> ssh-ed25519 I2EdxQ pz+wkE+wVN4zQgM6zlOECWXzsGXNjhqEItmTGPKleBk +24kTeX0aj4LWrOlEyhKCd4vj3+d0Rr3xynC4yiS3E04 +-> ssh-ed25519 J/iReg oYbqvVH3yyGrJHgruNtIDRlhqVyetK5o85RpxYR1NiQ +5k+78ZQsox92gUGw8JDHsK2dE09vMskLO5QDCAX4C2s +-> ssh-ed25519 GNhSGw rVguQoCqPt7EcodF4+4QLkb3LZcfIRu7PqdhR2W/QgM +xTHsVt8uQldI+l+dWaOmLIkFAnkal6wlNwqsrG8JoHg +-> ssh-ed25519 eXMAtA UcfI5tfsqs9wCacaTfH4U5E1kD7Mvk4kkruSbiwQngs ++mWFtbwsLW9fGGo4VKPc1JT2Cz66XBoVHNbunZyc2qQ +-> ssh-ed25519 5hXocQ CrXLt0QWY5gKVYRpjoE2ipTkI99bOsz3e2RlHxdQlyY +aUrsUJgVtCCSyh49XXINzxTlCtFVD9vESoHSu2GK2oU +--- yw1hzyJgwgfb66dS4w4uuY9v4Dvtvjis/aURt3Uaa9c +0.z.`uF/sF7"RKDm 0ReB_?э+?eոG7Rv(d֎"F>>6IM0@ ^Ʀ +珴JBV`>{:jt[y6շt2I5 N8H֔N0ja@j?p}W \ No newline at end of file diff --git a/secrets/neo/coturn_auth_secret.age b/secrets/neo/coturn_auth_secret.age index 96b8f11915729837bcfe4b17d3d6cbd07b17b37c..b0493c1e5cfb6dab654c2e88e19bf51950feeb22 100644 GIT binary patch literal 1079 zcmZY5$*bc80Dy5B@Ddz7>P5*xgdx~LPIJM= z00G-G^U`vTORmjKV$3!iv1(Inn4J<+b$3d}QE5!hF}Q4u zSvg#L-KkJ@g1D{1p}k-`-dT3#uB4oV0*KwFu)}eRw|XhJ`&7zKnKa*a&`8rfh_6>Q z8(Idj-9pkujfdk^5P}tipq;?vydgGQ*z~ocbNO|IwWgVKIIm-eF)_n-9<1&FaZemY zk=@k2Bw_GDwdGW!5YgmGlxkskIp6N#*Bis)HhAi3EIS=+Ch z868mxCe6A!@6y?#U)Z5ws0ScP7`4^WnHl@WMwrm3t^^xRbfwhYKoEp-HOg6GYjlkM3Nohe;t?v?DNbD5?UDc-oR#0Cl|gvL%KukA=%v z6Kd4Yk(sof6@Jy*lD1*Jd4Tc=s@K%THas#*PX#@zsupymx)?fEFX7cr zAPjlSxDNtd&*n&AHd;}+XasAN6nr}{0|C=|$x?~N&6hEhOc<~B5t3837%&(NKnSG^ zVUkb$aFwx1vUF-RBU`iQVu2*QC~^7$B@04!^th)f->m`G7wA=<=r- VH~1TV>-^^{Z$A0@+ujTJ{sDw4Zr=a^ literal 1079 zcmZ9~z02ct0Kjn^L@bUvoWl_ZaVUL~UtXGIc^>lKv}w|$O_OHP=B0V*OVTv2RU8i- zZcqo&;f6;+5N}lE5Oq)xgabKFIK=UUhtoyS#X~$t`xkuR%Xb+Dy%N-s!0!kAcgVPE%cg%O`rDN3_lGRTxs%K6=JL?L`WPK37d z4JPM0o8z*Id?wcyH8O`CY+q-YvUd!iwP7ZN{b9^;xK8yg;&56~Mg_moAs7!@f1b?> z(q$`)5|e2Rn^*w?RAj6!Hne0NFZa!0c4Rto^56y+pMA5k~j+gwlM%22IHw$dC+IRp7=u;MpOEblNpg#UdN|+esl) z`Jlx7CDTXxtV+4t1@7@VPr7#F(<9_mBO*KXbjVBzeL36sd5yqYE%IGoPKn&Ncl5>- zT686@MWiNYaj-pfJk%)ljI>Q!q9-Y?SX4b1n&~{-_~lZVm8|Uw`g}5>`6u`HdQfE! zQdLw71wYU^V{n81%3?7$CYeec@wk_gnV=M*milSuTCaO+{?Xm_+4J`=ggeWd;lpnp zJbiKN`|)2NJ_pYp50bCS&)@k2eDR|7_SMUN|L(^h-2d+C@$Z*EUta%F{KNny}zlDPlXxI^5jLX)4nm3IL z9*kl+BdKdhlEX`Gz%>jB0S6;?PT@R6YhBizMX3*)ww{h{r#hZSB?IPcpd6>BUblKy zY7aoAH&z(E+sHRF*-`RRFj9h{l*uK?VSV<07FK7#&XyHPYSGI;)kGQIBvVq(kBu1& z`?9Mc83s{y0L~r4X-rTCAo>HUf!isL;-cU1p;8T_RZLh$tfrgx6lBDwL`Moos1t6# zNWp}j3c1k)lYK@CG(?&*tmW8+=|NxU6~hFs3+;MV3)x{U z1S5%=!ySIWlWa;r8n6;}ovs{IF>z{wa=QWP`M8NRd?Re@%Yq+rs*>^@8bWKtc8%oB z9+~8Lxkqv_$(7)lnDKoQp5Zp@`+=OUU|60JbExL4HZe1dY4>uK9H)RbIJ$hoA_ z79!Ih6RsDO{bnH8BGD=%COs_Y?Q9?-q{dH;vPf9KwC$FtzS5aNoYUf{IImfHMa4$3 z)SMe3(?igjgLY85KBRy`p^$4v4g!0&lX`~SR2gnIux+{u+D=9pA~mXjR2*sf5}l3+ z;Kc9m%9jpaoc{LLg;4A{+?Dk`R~L?* zc<~|W{K}~-@U0g{xBj_(NgSvqJ6vcwzIl@dofOYSN@a literal 1187 zcmZY7>#G!X0LF2IN?0f@^Ubkh2%&I0&TZ$iP{Hiw?9Oj@W@mQxHm5}9wzIQ4_uaWI zbO9x#G)jpGePLmeSR@r;#DSt0Wd+r#@Pbg01%@DadZ7uC^{VVI_`vgg71LNWTrJG} zndQ0Lz0ibXG`ILDG@XtX4ILv0vS6)*Z2 zK|)4S*6;*k;9e}6@=TS~Mv52cIV_6>Uo_G-H{wE-06fit0TDA@O3qc3iAK74G_1FJ z_yCY7*Qe`EtVoNU`k*<8kTAoYE;&-F$$u=e+=PW2mKk^3b$`Az4)I#rpi>zq&^S!I z+PG)5>7E@|CP)p`GKQjZywROVsnO{Af{pM^Tjiou9CBc)+Y|<9Ak2xOQ<+SsHhc4m zELPQ15o$%+fb7~KUjSX2pweF6jYJkr(6X)}WspsCEGpw%*C|wnf;myB zaoBXLa2~~n>@?AEXI3`dZf%BC$+>y624Jggn9vvz86*!E$89r+26MWSMJZkPV5Jp^ zs63WgvLU*?(rhwfa<0^7k$xWG62H(cV4xY>six?YF%C>#6opC)9x8Lk6k_IPt;Ua} zS^|}tanMnLj}@IPKjFxEX=cKxj?M}VP|mtmCNoJQv7ymRaxIpSCCqN7D2ueYWr|3c zywrD1lWVGpT&8s1iI-t<;0*qG?cY5b1CE(7ke(?CrThYj-QsQ_g(_G zeOwRW2Mb#dz3yO}_euNl!=>HN9XY;t;f~tg-UjvTmkXw~dSuW3cTcVR9qj(~jX!8% zOYT!&Ilii1d-FZ`#F=-5XW#$qksDDTy>z?3diBcAyIy|c%F^1&TvXV_UOlyG&r=s# zE9Y-H{p69Iv$fR=S1%s>@!TsfUA+I`eXGNVuS1`&-%v{Wk7>_*=sbNo+Vl3~;{%tI z@9%l>&y}4UUs$=DIJ2t!eC+xI)#8?uyS~`J4_SZi=vSNG+WJdS#D4qs;6rCWIS+mF E7u|!Yf&c&j diff --git a/secrets/neo/ldap_synapse_password.age b/secrets/neo/ldap_synapse_password.age index 37e045c..0aba78b 100644 --- a/secrets/neo/ldap_synapse_password.age +++ b/secrets/neo/ldap_synapse_password.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew +A7G/2a79VScR2EWxRwH48Tsv96JgqSXQJkoWmucH0U -09dv435I9zm7RT6/evgzXcSl1gRpIFPIE74ES5zSqNc --> piv-p256 ewCc3w AydwzAVvlJQQykcKcrM2BxOicwS7e4ZG+t3Wd+9wyz07 -LQ0bZU1cQkROkEZrZr9PyMEnhCMi0b9+BgcG+PiJvps --> piv-p256 6CL/Pw At4qtMZGID6EKvwKkGNd7FTWMn+mmmbdeuY7nAjtaPjk -6mHzefuannU0JK50JlLiWHulUFs5iv073LJregUL2Zo --> ssh-ed25519 I2EdxQ H2MgML+9f4MNf4g/01+/V8n5UNNeEKL67MKaNTAcHWs -LWjC8FdlnDyImdiH+9nkN5g8Q5HLV9tOzzbuGZ7kpi8 --> ssh-ed25519 J/iReg nAN+oNfJcN6+qrMBApMUUOhiE2TSDT0jCL7OD0zfrkQ -X5zSCWnsPvijGdLsYusg0JdjsFExv2vQguq/Uph3BRE --> ssh-ed25519 GNhSGw G7OQfDkSwlvqc6ffJqzB7FMTRD9fA0oxT7VjdwMPbms -zdyQ0Xo+IjcW1TDetsijHbo2BhqIopga+bYy+3b6+0U --> ssh-ed25519 eXMAtA hQQVOPa8pw1xieN09bTBDVol3PsgiqH4/Z0Rk037tQw -DjRJWFH+xtXPdXwb6bF1zHilcA4t65ZORGUKYWXX7yY --> ssh-ed25519 5hXocQ slJCm8Hrse5zVlMc6kTOPcVuHpisFTjXfob/DAAgjDU -pebRHNQ1cUKkT7W3hl3x+Cf9Dc+YhHKgEsXXBRHrq3Q ---- EHUlBeA6vMSKMbct09Ouxn2EhqaG0AB/cMr4HEEFO9M -ĬV$# ' -["#ue&E8HyU;-4f$ \ No newline at end of file +-> ssh-ed25519 /Gpyew oaVD79l3EZWfSVKb8XpqWAV8NKXySVAPbWLoT1UA52A ++kOAxHr3zaV5i0JpQAtlAdU95Q9M3rJqGtIJ8XvPbkQ +-> piv-p256 ewCc3w AivgKvbuHgMuIJkXqo2/Cp3IF5MJAbfxKBMngMbKvQq/ +OKe5ZZH1BcR02enuqgNYQR1xUk4nwHnHUwFeWNa1+Eg +-> piv-p256 6CL/Pw A9Tk3dUEE9IL2Mke3E3mOe19oqDS9YTDZK3yRV75eJX4 +8qCQHjVWgfLk99WfT1694g3DvCozGbfYrf/cvsWygGU +-> ssh-ed25519 I2EdxQ iD7bG+gD5EB6IKt37N5wBIK+gykxKX08nBJmqUMIKyE +xs5EhKazMdwtYiBh8DWyZfp9N6oHUXKAUwJ3ipGnoUo +-> ssh-ed25519 J/iReg z+J9LYzBpAmrk+qs/bKM+dWZADzaCG1Zn2++aqngiUI +ZKj2uEEtSxI+VZmFMTIs/YCN27Dzaez55OHcRRcXGGg +-> ssh-ed25519 GNhSGw QiKR6ruzN9obAMMWEX1SJP6cuWG+zPer1EOEOubWcyQ +EGxT2dlZg9SBCH7MI6HygE6bgeyM2Njj+bfc9HVHAHU +-> ssh-ed25519 eXMAtA iD5onNylX7xPzgCZDnbio6+5GtbuO9lXDE+mwVb/jlU +rdadtpwMGEAwZOhYId9xeryALddEK3T4DQP6dfgSYN4 +-> ssh-ed25519 5hXocQ bhNzIK/vKeNNpqhZA9dEtHOlfYQ4sZpwF4Xy2Xm+yA4 +pD1xgl7iR1nYEjt7TcMQC2WzBlaMukoMNwBgomm0zzo +--- tMEzkXbsknws8FNrhwbH30AMAvDUtmI+IiQwUYCTLfs +׿[Gl +"7BMػr6X5Md D2sYǪ vE[p \ No newline at end of file diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age index 492f4c0cab58a6a1296a5de64d08bff8d2ff4b17..4e0abde1eaf296202dfdcfaaeb7c2e4842e294ed 100644 GIT binary patch literal 1555 zcmZY6`*YI-0KjoU23&cmfDTaX-42FyGfmc{t&X{*O`E1o(>Cqa7KXG*mZoi*KGG)w zGCZHW1m@wXaL9NF9-BNoRA3wrl{X9&xG_LMUc-SXr>7@~KZ<|B=kEIr34Ar5VAI8< zBFc&9<+K3gKvi{}I+KZ1^Be@jpivE2lSMwSwn93m28K*oFREu6olZQXH!y}k0^xwH zfwY*dJfs5&w`sDwBjZ~=-`BYV77t&ip)kR-h(%tNPXJxvPkqQ>oj>`?;K{;MU$ zTy+wH5jCGTu{C)$iqIGk(1-M9g+TSD6e2cIC5_gBdx~Zt>aj2`qeqhLNi7D+s^+`` zCnY=`p=>&nq$31v9!mg7M8y0E8}j246-Ox};6}s$wGfj7a6PbKh4#kaC}x3^;UX9> z<$@F@H0BsDpP(ti=n)#cu@o58G6_J1B80>uIBVvKLZTEj>4WjSL5}Aoq?xcA(k>YB za)l6?%S3DsSF}MmS8%Ik4`V=}7-;h9=yW`0X!K$l#!3q*ip{z4ybtv_=$zn(?U11I zvK}EpX52Eh~N(RFL%qY6WDWfzsLc8Q9b(+!!d^?w>1@yo1R?FSP&#@HCJ;|87H<z!E!S2ZJH7AnM27R;^@ogSQv+AQ&8+Ns2KNCB2?IY$X(OK9E|e(d(L#cLt{MEUJi4C)-7R!ELwPf5+{p(wQ zxLtX_ZNR?C&wTRgrNwu*ym{%5@`0~(2%F`OC-R1^%ig-xdO`Jd#XD%3#U86$InHa%JU$Sxh$^>YPuwQks+ zFOT1u{Kkbr_j_&7+kNl!%^e+ISq9uKlgT58-FpMe`JRQ$=ECKU-+G!LmcPmP`9 z?p|HnyR&L^clqkaw9}s4xA&szgP^dt;y`vrX#3)7`sNYi1n#fOGxKK+mL`NY{VV<5r%voRut>fMUYd5Et(sxI(Rt-$ z)r*s+bm>~#dQ$D!{-f{y`1?V3>d(xYs>{1qv(cw(y=~78u@P?#EU(&k#@uqSGkO|7 zrVvf*m(K}r*CyYq*fej~2lH<192u*8{eo&==Pv5m^FyysoU`YP+mndzqoyIJ>z8a> rBvdYSgB!SBvhL>AY2>%lK3eMw9o=7d`zjG4`>ziU?VH-oETsPdcAr$d literal 1555 zcmZXS`)?Bk0DzV8N@c?dvN2v|5EwS4y|&kDC7bkdeO%Xe-Sv9cZWyk2x3;@Ju4}K? zR*^+bfGxn54Uhms7*4?OFyS#^I8a_ACIl1W0MWsQpuom!pdujplj2|S<@@rH0Y=J1 zsk#i848@}JV|4*p3J^)l#EC>u%FqfB1hitAnaePOSPyGZr;j8Ai^LcUJ0cK~c2R;Y z5R2(EiCP(pCjhr!Km%r65QXBf!lhJEDQz@ql3-{CRoF2Z5rQkz`mi>Rb0k-%=TWC6 z=>40N zi${(T6lIgsVIu+mrvaso<9u>$Ex~h0g!ZX;&QKQ$yi7x6p-Lto zwg@U6PDFy`F15lYM-;VmS{LyXW+&%O`Qj8>X^Vzql-i;)3ZgU|F}NulGBaw5g!Og- zaicX*O5mO0nmUa?9ZonQQqK7C^#9z$|3d+-2D^Ul<{c+NmNvG6qBxyrDH3}PP_bJ`5po9K7 z!MkP_KpSU6*g#Ck{3AAY!#7Q(nGUOGLhnf6r(nSUJ^=s18iDr!zfRAHiFe4 z6<{(O_Pr=6m5MV4olb!pJRAbjZdhg@XMFxA>=_kD(mQI{rIsoe4>w5O>j7#m` zY*Gr$?OgmuuA(~k^EV{)%CC-GSsNBnC?e}%9i?8Oj zwf=a5ZKa!=BprA*uYT9I39q!YKd#M*ANm?G%o?}F2WyV6e0%nu_1jvk(h(Au z^k{2GeB;ee&qDB|+noy+_wHp%Tlg|t_k+o%e#Uil==sMtSIwREFi{Y`zvRiu&FsGM z2jQmAM&t3qx}oz`b9P9F`|WYIg1akT5xyKl=|lFx!>O@>HiWj zO&r^4$nTr?OWU~jFBBD?8Z~vMW{r6Eq_R?AY-UUT;ruU%^-Bj0w|36wb`{?}Gw)0n zH*!?{M`%Z7?zOgVqwaLi&vOb7WS3qp&dq5auya$i$FI#B=-|2Cu7MWgYq*l`TWh|) zyZbkm`vEUGckWgr{OZ$3BMxx0Z*)o)h#H<2N~ne2k;*>0>f)6Z6{~ysg5Fb4*A36X zng*ASp)cq3sR#R3)gQbjdNXfFNkcx)z_NF*klScoNp!QQ>FP9TiGA$Jv;74-{{n>} BT2BA~ diff --git a/secrets/restic/apprentix/base-password.age b/secrets/restic/apprentix/base-password.age index 9bb9b5824e9637353ae23373897d10e338dd653e..10ca63dcefc75fa414bc29619f3708b5738e2cd4 100644 GIT binary patch literal 1235 zcmZY7+p81>0LO7mJmErcC{7aOap?~0ad+pkyYrAZJF`18yE}WEo!yxcwB5PyoY}eT z?A$7g=piI5yI3GX22vJTA{O{i9ju2gb~v1uQ>KY{DGEt@Ftjl1sq8QK@cr@YtMZ&Y z65Yu5bZfN9a@Dk-P0Vdhj>p=ZECDc_MUtXWFA-{zm4ptR7KM&h=Qu?c#tPeLlTxV< zG}(ro!>rIUGV_rLl+^@ixI>xZ`m{&{lN_V4^M)0L{dBHTgPV{eMvT^oWF^aC>ff5J z`*St`=aO=OiC~aKO^amPW(KO2UBS0a!4>N{2C3FD1a`AZjj;Lr2(JXqjxbCBJQrJi zy-kcv3BZYg-2-Z&)9hC>92TQMqbDF0#`i#&AOFY7VYPJgrWF??+1JcmNy55;S}nm~ zwm{*NB5ikEvFwE!2#3XvG4K#6k%zp=xIQpUDy48O+^4F%&&ESMqBTn`uuMfOIyI)) z2Wy2}SEPWF6tMq^`3%<*xn71u3N=SW=LQw3%0xp5RQ9O+9Woxn!jdELSQ%<(%6(xCFa42TZArbDNDW7HWc6pV0GuQV8n zw`xRPV~8LL;9~4&iB89iI38z;Lm9&nBPBUH!0|n25~Y*~d=bvr#{LdCknL>t;Rs+Weo!cRT88J-)op_>MOs!*Lds0{KC=ef9!wxd2Ri+UDtoc_w=H@;4>ei zmkwV^o&S;EWK4A)xd9#B_cY)f9(lWdIWx2ShX?z=o?fJc`>!8Z*v7tl=hoh}g$pNv znZ{2iKD+IMBj!(h_v)|@Fzi)HAaNwy|?l8jlcb?dJ zhB%S7o;$wvtGiBJrmU&2m#?ncaBa^m9 z&d}&juk5>8a-5DOCgYx`C)7>`g3^V!BGDyWi$f7tpj}n(G7RVS@v;jK2uqP9pp1D@ zjta#PZg+dS38S@GT4h@8h6)M2fDWrJZWe1464XW}BektA40WWs3uD=mQmy@?ImS5Q zWT0GJ^)V&u#}Oxpf}&R-_>@9Xx&~4*J{2$#kcS|hMFzz#V{|B3FAYXPtWak=6mo; z>ZHP#2fEY@hjMCM5&MWALvu9(Vh5=yPZ@|FsL>+;#+zQf48#3Fw%(|Fq+Bwa03f91 zYmhGV6*eAb?4hXQW`${*a+o99u)twp4+kU)Eq20y5^~_MN;QWF8&gESMfb^CCXl$S znv%yQusdb*7MRWRXp2_-s#((tO}5_mVu?f|Znv#gzHH}#(9lr}P*O zX78!ZJKnf=N%ylq7QS@$hBxP4-cDCeK6}XI7Cn0N={@JtmmZ;io%-N#@%^c>`{Rw+ zB}FdJEWLlE`aPOXNYp51J`R!YG9$z5gGuRjIzRw^0?$(p~753*%`H5%7 zo0cD2|NGW+{B5HxTV9WzlqT<9ZM?nl<14|TC-PgDzQ}Iij-2YRpIiCV%<*@a6kvXC}TT?%J>Yu;@Isc-QP5x4#0LOAVXKFFa+ ssh-ed25519 cZNEGg Nlccs0f2Y+tAZuucnNzMSz22dgnFMOd0FyCUJa+33w4 -CZPU1BkxGDvaaB+0D6bX1aC5hbnewGsZlbGMcA8vB9s --> piv-p256 ewCc3w AotAQEs3SY2TWrLrdHxM+yNFP5tuOlgHoZBjXvxP05Sd -6S6kGPJI2O9zqtdDi8WaNVNBvCpHeRKWHOIOhABk3U8 --> piv-p256 6CL/Pw A4TXb9Qy/woxDSBTGwnYdPZs0km00wlYfLhoPpqcdS10 -VQ4DPWcWGajvCAGUAzqUESPix4q9h9J395HZ3aJ1j3M --> ssh-ed25519 I2EdxQ 5WhO2QjJWafz2x2FR2sxnEjO2B55ZcJUYhefOYTBX1s -dm3J6VOocxHUpTCkuP9aXEvc0ZD8q875I7WyHOyEn2c --> ssh-ed25519 J/iReg aWz3WK2d/Abh3ZQ2gxehf2hB48WEFom6zDAQOIBjJgE -mkRU9jHIPG2oGYVGMcv0qcca+yt2N6vKvjxPUETzCMI --> ssh-ed25519 GNhSGw 9Bq6Z12us2Ff8eDO8bBL8R/4QeMxgltI/UBTDx9MsCk -MnhroVnSzbA5b3kfnTChrw43Oga9pqFzzFTWMYB/f5U --> ssh-ed25519 eXMAtA atHAYPq5qXROeIOu30+OcS33GukjaxULkbTlBli4eEE -2kMozM1CVoaN5ua/SevxH4qsuDtDcux+7HRN2aug/X4 --> ssh-ed25519 5hXocQ K+c4QqO+w3CUCrHe5HVarwHNDD+RknZVTO1Pw5W9RWs -2C4Fxp21Wc9ZDj06B0QLOWzvSAnHdnEMtQtlcraGa68 ---- ucbVnMMTZihSbRviwcGbyxwDcUUEnyeJCDj6d4dJVX0 -Axy2~~Ȅ'a#tdy%R*w}iK@uql.*DaUq4 %N+36߂k!.ȃ lXNA_t^QlŹi@ 9d5G) \ No newline at end of file +-> ssh-ed25519 cZNEGg bcq2jdSV1iE6alm6V4KPX9MJUGF1MwIKVczTCKp0VGw ++MCRVeS46FKPHMH6VeSQ1P9aCU6+LmYtTlgdnHP8TUw +-> piv-p256 ewCc3w A34SQY8XltI0bXv5WNFztuk5eBbUiT2Vqmue4xRUTn1D +r76a0kI7G68qf7onVGAq4S5Z32DR6BEmCrSUZ+oYg8A +-> piv-p256 6CL/Pw Am45lx4DKBrRYWaDQA6F+5aN83+RTyPOuls06IuN0wR7 +39yE14NK9KhezDSFADfvIIzFoxEgUDV6REtb4ztpS1s +-> ssh-ed25519 I2EdxQ TYjJ2+ItmyRRzJLeQxNsyEtDy3GKsE7+X2EtqhEDmWI +6D3WNy7XUrRphd4qSeCJpgxIvuUsaO5Ip2geK22DnbI +-> ssh-ed25519 J/iReg lmLKh/Sl9ZCMmLsfsh7jx9GdUbB49w/zrYtSM4YfaGE +tOtKJkQrqI/xgVfLf64FCjsnJTxjj5YuXk1EmjXD79E +-> ssh-ed25519 GNhSGw UnFhELQY7g4PgkSJNXEFHIeeKwlW9NiUQmrQTY4KuCw +F7buN8iYpM0CkswV+O/jyMG73SjD6hY+AjULp7t1WCI +-> ssh-ed25519 eXMAtA 2n2v9JWA4s7b91DyfaYau/cCx06JgNKeqlBXquSJYUA +ToeRSuVsb9pLmZQxYKTxIEF/i3XTZDAM6MqBuEidClY +-> ssh-ed25519 5hXocQ s1XTnL4QkBRhW9SRQt0KrOj6gQRhfZm139UYGe7t2TM +tT5EdRyoilgWlZ8X6qfEB1Fe6GQ1f8V4gFvwFweal2E +--- bjfHy+S+lcKqOAt/hnbXDtlbDz02YuRsce6XM4KMwXg +HeL[1qrr`趘RIp) 8^Av_6xy+.d3d38Y%̡=2Ce|p%>[tW9]8Q9i#3T \ No newline at end of file diff --git a/secrets/restic/client_env.age b/secrets/restic/client_env.age index d05a7652662fea717f4611914e11651d3ccf4b15..77d12cb098818fe94957928fd308135c8c2e3ed5 100644 GIT binary patch literal 2075 zcmZYAyUXkd83u4yT#HeQwG%~R;R=RtGr1>)tGP~+NhXtfGTnT+Osh{bZitrR~kEav$Tv)jS*E;hHTToSU4J#_&3++{56Cc4-{+qze!}$jB2h zyX#v`9AvsV0i$u*--n=I$q}xGeWhop%jA@W6lt?dnNajF2r>4;?!>H`2-*v{hgVSD zxSF7FgfGM8%uIensKgdCCW#$FZQahrt(Mwlr7*x%as(A_cX@H>mSVV5$8LdmJOEKea?MM|lv`6hB7^m&=U%oWNb@~KH~xX|?( zKv9o_K`uLPE{|rYi*$}lL3p&VfVh(Vwo-#=6f7fR7izVo3fyjJJ>+Cj;{8d@Kt%V~ z+Q#Kj+u_HCORb0r`i_@xv#E?M!3+?pg9cvZC2(B4%bXnnQn6<;tQE5XtO;^PIlwK@}SBKp56__A!=f~?ySJ*iA-)v1b-8BeK0P)O)=mS-b$MY6OTM68l zY<(XUr%^k>4IQmDeHV(LvG}^d`a^dXUOIDRMTF2Pn6*fC86VT@@th zNrhHi9N*pb3)N^B$|1E{ypEIaHIf>-RDZ#biBsS1Oh$z0VgTpEKqH0cth@EmFXe}3 zw>F$f*?QZgM>XIoJcWqXV|7$pP56MG(v~fwJ?9$=N?8IG;pXg+3+J7^xc4!0MjPk; zVBBg7l$r4fFrgwZYt5$)n-Yn=hf`FOvV&Ihq_<#=4ux&wRs;GxBCiEwYL3m^YMWhZZDxQFQzzexov}mEa*Or3-SYt@(Q6`w zI-jXs@hY7C3yRFzsy_FEz*}^16{)6db~R^(D43~iC35*iO`vQ$)M_8X%~Q>eeT^9y zU|j|5gq)}VVX-t8^&F-pMllt*EXQVZnPH;9yW->o!g_VyA?$G7Z;5%+>UE|#{-RyD zHaF#+G!5{PkjaY7_9Na1x7qO2uR{aCiIGVKqyVF8Pv5(~Dqov~$6Y4o=q^c+BrvYZ zHJdpJTSX_zw4x-mjyhY7evm>1;R&uM>h7gSt3rGD2cDC_;Pjx~-2vxfETo}-c!&gT z`v?sxd<~NKxsiL*aEQcCP#qQ2Sp+gxF9UCX>7%dn|9XD<@@Jm?`@8JVzx%HL*$=$% z(vx4m_w4)q7vA@gSHJbSe?}kvQ1IGUK7m~IAAawTKl$d@UU~w({ndZ``_bc{y1)JN z%hjV#vv0lkNY0-7%U@r7^2%fAjgNi)m0x{>|M+jd{rabV_KP=u^o6fKc?Wzh`@yTv myakQ#e6jiEC*Sr=qxURAYLsj=GLe9IGpnf(&QnjqHb=6b6tI? z?owccRu3<)`#yU}Vi-jsVhvwVMNQW=U7O?eoPvl5hV9KIy7_{bJFB`FMwDrr@aPU! z?-O`&S!Lz!*s`=>!OW;_Alj?oK?T{xq*&06x?uxZoiZgFych1ZvlU|rxo*UbPBunP zgr+leIR?NLGf*U)0+~5k)X8hJuGkX;UeqgvBenBXo4X<0fCsJL&>MAhwVXiC_P)GO zoUoBLwoEB@daq?@@9N|lv(-~dBLG|7&NMjg+L^bcrapGsIRnfP^)?;OZ5z7FT=w@Gz%_F+t-F&S!&jRz0=U*{#psx7 z<_Os#116PYda3Uv20G-2}w6UkeyY`CN~2}r9;CijW+wU4jh zy~Yj#(WGlZCOS0h5$zD>*^NNzbml-2L?uM%Rk@KXH{fnFqMTB1CGPE*Xs%~-5+E#R zw_0i?9dr#1vlgSI%m{&Z zFkMLOPgt;Z8T`DDZpF!R>a-JeO2V)LGepq~V<2P3 zIei}Q^k1zxj}Hxu?$*gfN84#l!lx?BS(|j0p$hcCjlshS9vvyX>V&iE2?f=$}mH_R!Mf401$BKiu z378ptfuEP7y-;p@Jm6<%cfbWmSBln&TX^L(;?i3T3vN!%LhkZ|4JD&Nxl@N{E^0= zGj804FE_A%tAR{zSwV~4R7z)!+wN?{AQ_|akNW-1MBr>B>6-B43)kp7Zy$=ciy%!$E4lBWYf)=y@Vo9z3)j7*+M5KyW*%X=r!! z@q3L^GLxIuUN%C`sPM=n#T8slI?kDx&P+?HDzn8>VQ`|IevV}(S`lQOQ#95X`VLP* z_fVo@aX|D=vfPUmqZ3>V@p((_)w6uBB}bVY$Th@4ZC~aUrl4IC<_421ZlJ1TT2SM0 zDKC}@&g2%uc^zE!N5Ib1IaA7kSLy6>zU0#&bPh6iJR%7TU$#n}DD>(0f`(?tI?~sW zL>_2N>qudUD4y+5Lr5pi+$qNyHxI!S=7DZFSkhPEDk#X@0M1gt`{o9ngZMUQXyD%# zbxeY`OL*!80GJa9+4Jvzcvzo&fV9}GjP;J?uh=o?Io!E+M@XHY7kL1A=m1JtXAKu{ z_4XJ3seR*XTki4Sz9{_gQ_CAK-LywfPcQ%B)%=|@`layi$14~9-H+b$+UMU$fBTPb zKl{#4{_@Goo4^0TtM7YrgzHZ;-@X3&(fsJ$*n9HYSAP8GZ?(xse)fqk|MA_={ryWX zz5iMGG411j`s??9_115mzVq0+J^AR9U!Wg&<@G18f9C1;OcDOdrJRC? z7DV%ou=t7`l5R$F97-`H0qDHThC!0(U=NRAB!*n$25~1toDV{~^AOyvNA(!J- zFIkkth*4ChU*fQYT5dZEP_uM0khK~MhQ8_hIp#Yvsu&-*~rXz zA_+HInpuogSkJpmL|9xQl4F4(<(xKylBzG;aL^nWRanRbby4>aA7Qb6PjMrWLF7bw zakr#d^E5f09oa#Lkpq`<88RcZ2Z}%H59wAUF8pnBGH$VCm`$iApcOma3Q0|2=BQEuEI|fb zAE5JIT`&7NwwOVLSXr-py8$et{pOw>?}G2GUbDShxUuf)@omdv!W+x+`g0F?0;r%#f~2jQ?+B#?97)-h0Xefx!0cBeCxRI z-NjOB<)`b6pdcRw(5=)idF^rhWY2X$F5%6^p$*07(epyi!Z-*-<|u@o9ycw-@N?n z?BNR^J^j)KHOJpPIQIP957Fn3Ui;+G;kB>ad~ntK>Bo1homU%c&htyB-rhH}dUn;` zeYeYJ?@EPvWPj8jySaUS#oE^|{dD4w+keepda{4|yrypbtg&_dpSf_;u8HI+d9dZ~ NxrdLw^ZN%Y{|43kzHa~k literal 1235 zcmZ9|Td&gu003Y^!o?lng%B_roJxps&aP{_t`G@rx3yc_UAwhi)VQu)FI(4k>t&sZ z5)~6oP#~Bb2@*&!CL}5Z#1Jv?KztB6h7bh_;X!@iBFDf3UI=)3^!$P^`8t}KREOPB zY}If`C}u;1yKG<3fUSD-H}1wpr61tjGa5w5ruxt}K|O z7x63#TLZ%~SSpN-5IpO1ZineYutL&~!flIhxy`ZbmO`vtiY07ALPrT3tSe5phPbRm!l{wT!lWqkOo6Obh>{*mMFeXu zTr8&Z%A^(tGqOuSVm2p~1*=_E{f5#~_#)m02a!QAft-ezP~u2KE5?{Kmo*R_s#JL| zKthCu!fxPHBAZpC5-8HmY#WI3GH-X_g<1(P>Z%qeI}(8FC4?_e)sZ|Hq(%|sN-h+c z3PSf&3X1Ah4o1n^l#A)C%aEEk6^AA!!g98UK+_?cC=<;du2&?1K}NpWZ=~}czEGpe zdV>n%ma7c>iCl{s6QR?WVO-3#I<1mDk}`r{!~$bTM_4Asz%(A~)O_77BE-0rvv|_1 zb2T#~hPVoI2?tH3NpRB5A%WELTlPXt6*=6);{Z~ulNcf_76MNm5H;(<#~NXeG#o$*2q(M7vk zi!)3?pU5)Yj+}{$G+a<9q?`dtl2m_?f^C%ILT1th@gALzL4iv!Vjk|J3Pg!x4rte? zNpX;>OO3kdXDf7rVo8M|hDI1mCX?}^nZem!=mn5m$qguw6p8~gOPP~=6@(*}0*w)w zK-z%c(qi|QuRD8yojI~2S~)ybf3Ruo^!FcMdSPyGd)1OP>4gW{`uSJxzJ2A6d4BQ zpdiQ~CWdWvHmGUnJVvz&>#vwxYsSnHhpR=!V1qu-?RnCRsvd;PJu)>Eo5~i`72-YAR*24N-=r#-RxpS|)YQUzBmdt+W;}F}0Vj z7+#2IH8CG47ra;n7sMtBG=U2O(qE11dP5SKG+2Db=*DT8% zIB@B#H=J*Dn(qHJ1qpTFx58vv(Yl2U7&gR_G>$|i7n zX~eZ4^B^1R>ROjmKCoTUVa#aK=?=0{>6z3a)JKjpI^QO$fgzSHIip3rTgb?W*gGBr z?9M)#g}Q4kqui^z0LFsYb1RDOWl*%?V?lxwwb%DUc$-C8C-V#vjcJ(F8QAekYxR^s=3r$6w%Yn&=K6p{?DH*C%VOeW{~%#s7rHqZi!-cDQ2*|5Vi)#NWpNtp~ewt9EvKdi5Wx3H~+lSxp(i5`0b4cez|q! z9pdYgSB~!wKDo{=E>h3GcWvlj{NUZoPki?9)h8eN=)s&iI(j31{Q7s-9<}~{k-Pk} z^&0-gN%qoXZ-4sLg)iUy@bsr#{_*Z#Pdy^vy!6A%AHRyf|GL}l-MSzCYV0nZoPKkB e`poatoo8RTDn5NT{QkD^`5$kEzg+oO!jS(Ofp$f5QGO- z^i;$mypuhvw1NjgLGkdgJ*psxdTXU1uZUNlN1x~a;luaOZ|mA!J2tZ>J@`rda+0}F z33s}$0(tIrZ41G1m;`*y8rT$o2N0F<^4jLB#R|c2Nh*{WLMe65SR9rOTP`&hl;btA z*l~D&UZdMVlZ4xmQ7NTQ&bZJ5HK(8ZM8u2OhE<#8L~yZxwbU=WDT4O_yP{3B0w^M9 zCh8#0dXcL~(x|8-f4!f9M1!K^iMLAmfYHlR-_7Kp6DaE1S5>eQ#>BGjj}pYS!Km>i z4(ex!P}OMRJCz0(eD6P2pB5nb%pwsHg~7hlhRDLnGiMO13wWS;9BB;IO~cS^s%gV` zy$y#QR7N8rah0h?!km?m{Bo2}cX|$s>*X{SVs`n0)Xw7FW6zl zl=~e^Q-OFeK`(WpX)wkEMq!8%ms|6k2xzerHz9gxN=!h-tbqhs6A?@`vzVC?&J-8H z-eG~X0$tAg`FU*$`E%O^T2*FZyH3U!2xFAFF|tZ9lS6^6C=CgT9cwS$F;gn35_V?7 z5CjPo-B*ZS4)}dyah_@^QrUw_O19+LxZE4tl_UrMYa7ixbyNXocnJ9a~zt-sp^ z4uKwxQF%b5kUkxR6Di-$$)1=yBhD-l2~t@FT6!2)%Vy{PV?Uf;|M24VCq8-m=4XFD zeB=0+lUv0%SHkZF>5X@8*R|XnW$)d3a6$iB|NZHYeV>Z_FQo^? zpLc#^?_c=t=JL%)PA)^&zPj?v=XXB3`^Dg|Bj-~6Ed0_d*PeU)($&$$7wacavmcKi cz5Nh%{QT~<@U45VpEOT>dvy9iCx7?qKQoPRr~m)} diff --git a/secrets/restic/livre/base-password.age b/secrets/restic/livre/base-password.age index e9d889818ff4095e40b27c468b3fb4a4ab5d423d..8cbb8757d3758639a7e04a88e920d8acb9dea83a 100644 GIT binary patch literal 1235 zcmZY7|H~5v0LO9lp)X9$5`@x%iQ$7>^S0aVb~6(1cH7;)-FDx%3D$kv-R-vB-EOyU zKh-b7lMo0}V40<2W@-LlB3SxZQ4|kJ->^h8@*#Y}3?kuq9?-HM)4$*a@6Sgz^oZV3 zyCb(}Ii1Z;*8uymP-JV^_sxi|L5V~x6*d#T#9-kL0clL!Q^w`IN7ikfba+mM$3UG@ zRI20AvQn{%j&Iu|G~@zAtqaI7;FoYt$+=FyD#kz(_nM4nM0s80q0~TZHUPW!pXOTq zhzlieRmOv1vqgl&b}m}e z0~~4aqLj=FDB0+Zm3q*pjg~~Kx*i4duG(l2-r#>0k}iUkyH+d?IRscx>444FG!+qH z&y?C)M+u^Ef~XTfIxoi)jMYvDAxH0-FakEs{3z=K2${;(g}`dsj4sJVqa@{|=3s=B z2Ck3YTQLV^v>_7?SiS7`%ebxjWTM|ivt1k)vxF%&1C+w?PGG>S(@zpgIulZ9v5OaD zoh)?1JNMOV$oKH)h02OLLcW4AdP>hZg z;XaL|O^zId`GT8E(z=Wlz=CPBWem0wq*HCuibGjQgQhizH-XMB*uK zz@o8u29430C1eDKmm~)l;XX0uiyftzzfaSvC9H>q+l=Q_0@HRSKr_oZy2lGH|U$Z1hXyrQ-{sOz;P zh^t!BK%+HO7}sM~24t%BHct*!!x4>8BoYbdZL+RJadwn7Qy!JDv}l^Epxzj$$_mc~ z4njE^TZ;Az)lz77>gVC=$2VNQc58O;F?7irsU^;dqx09^D?Ihu!s*4GKkWd%nA#{D zVY}a1)U!2>wefP$>7nUzvId=266~LX)ORq1? zY&d%O(pyiQoQ>>m@49o_oxgDM$@7PiO?#F-+dE#F%iY??Z9B2%ol}qfIX5$X{gu!E zKK0>|5O#et5i7kssjl0!;?Y^>>O-u`&q`Wu_StR0*<`^;6LJauX3ux)=f6JMZUr+5&7bd8`idR2d+`Ia?dkX#I;pD{^-<>z9=&GeNTMr!iAh!1RbJLc2 K<9iHPJNYlu_`|RO literal 1235 zcmZY6{p%A20LO78ExEo>{ZJ$XO(ikLx`*v zp5^o&aE2xrz(8V6%yrudT|-b5&c@oPJI&!Sh{r*pDp3PeA;V;r(sEAT=yNrt(tv~! zUrUov!!2YZCy4{oHIxZ*h+fX73s$e7qC~Qr^Rs&BRRqh{(^12!@~yU!FF=25eJe=x z5fqE*VNOkkF&r_v*+8U0xl|U?t_WvR(oD#BMFMQ*X*(*o4lAP?(=>|;AX<73j1T+M z8r$i)I?IZFgoSxTMQWy-68mOU9Sla6QjKT+V_`W4WUpILN~5*07iZEAKQldu>&l?Y zdFet2?)Q0y3`+z{k9v7K$YDT8`w>G?S`Qr7@iM2DvK9&=uF{4I4be9O3Kt~GC6ze$ zkM-{rX{4YM5LHH!GR8;{z|~=-2ZQA@ zU5IS5(IycQ=glfqSDV@}9SvE@^_v*)4TI@M+Ax!KANo{h>084&`bTV zjjXl>GK}d~$X8rTE5f50$hFI17c57pikM18t43HwFvoIEaeIVB1Aa}XEe~S|Hq1~u8Zq(4W zEV%}s#ms(Cq=7^t5hK`24pF-;R~$*6K;<|_sa0l@GHr{5Q9>0h z6!NT%=Ig00@H5u$Y(LS8@0q9uc#V*j>Hbwwzoh z-2d9K_nvS@cZ{Zfy!QKZZ(qDNi}{l)J9l4QWvt!5S6=t!qMt5!G!MsF!h?Gz#`dP0Mu=&Y$stWne;+ljVMh_jT{>nY9(3``II){;%xP7tgQxfN}r z6+~`zd^&bYXSOPfQ9c$NJyYYUzphPLazQl#EMh)%>ykHHEVlw9cxoeIBJ7yLsd{?V z7s~+jE27iO9WAvrK}z-E%KDGhr=^bi&^iWeMC*xj8I>d)83&zU2M5ZuZE0VVNPlQ#ht@A*w-b4p|2Y1pVFj?jTS z0$~tQV=n}^Oz3PTt_NAXACfq>4AR&_wqVZLU@6O{=Tp-yym1J5ox&Cp z>N9@SieOY-Wm=A-V*%A9lbG}?3G`_o+j!C=MpMl6r2%X%qUwAbC;L;bf-;)yI;5X3 zX`iXL0|Q71a|pw3e5hA&Ny)uwln;ybocBlzb z(UY-1nZttB^UiDTd`#vfRB3!@4YM-l^jYSPV>mNI-QdM>X1nW%?&juT1B!hxFzi-2 zmr1Z$YZ0Z#bwtPTdO5($rsrhTK6B`iW28;Ks={UdKMnKeJ6nT%gsvr-!w)-auq#o| z7>lY<5)o6WK__bruv(CA*o%k5s^yvMnn5aSQs!FFpp@E=bfh63P2H@xZfgC zI%h$v-EKopB$1gKrcEIh?pBue7=rzj*K3FR${@#S6E-E8I_C{!{eddiV0}503u=W|wp5 literal 1081 zcmZY6&5Pr70LF0;y!7Bf4|);8!XBj5ytnBvET&EK*1Sx9Y0@;{p?Oc6G)a@RNxdxM z+u%VDBI-dFQSs)%5k%nr2DwT4z`d0Zp>tL5>omt$lf^7msG z-$Qg97g6bA{nc!>!5FOFXs~G8HWG|*#u(y=Hx2x9RMU!tbW&7A7gKR@f{tVPo+ht3Q_DllxX?6r|7LTDe(w)9%XiXXy+jGGd&}jfiZ! z!B*6(C_51rpkwSgR+%??UK5;2m)EF24A6T zhZQ<7lhc8thOG>^xN=KXCRRbh4aXP=Ev!{ILAQr=nlfs3QR9?I=k`!S>Txhp0OszM zSdzDM4^F|PDG`5(l~j%pIujN{zz_z}Q6qoBFSWoAB}PKIX}+#0qG}pj9>hL^m+5rG ztW0jwM$|>kw`97ap}r8Uy~B*y?x+!AqQN*B5C?uhpR5Xkl4jL@Rdxx%8zD2Qb5Jsl zgO&NTJ6mU#Y>HKsjMR#41-zQE0*lhX4E2Dl!T;LG$jV#|0+^gePLLb&v?_${2y86M z2;6L`^VLW>i2Fgx=3qFtW1$10Lf=$w-8v~nIH@e5sgAEf4C~>5qd`m~cvo8M#m>F| zTdxNxMkC-TKV(D%u=pl)Os!akuBvUvc$bvQg{^wk%mJK6cbiH?6g`;)VOqotP~h5iAlM{>9T diff --git a/secrets/restic/neo/base-password.age b/secrets/restic/neo/base-password.age index 8aeaa91ab30036b3a73324fa2ceb4dfcac24829c..6e8ece2ad8e0e26480ca05608079597ffd889997 100644 GIT binary patch literal 1235 zcmZY7|LYS49LI4o!Wa~WA1EzhkQg%N?Y6tyouF~sZnwMbw!7VJ_XYdpZFjr7ZTID~ z-R^d?vPexLBDH=fDh)o`Cj}{pDEgr+CTO39MH9FiSpB0N#xUPKY`eEr-Oz6 zXr2`$y)=x(^)TPggmE0Hx2PP~9|K*L$XYJwfkty8(}I>32&<^)GzEhuW1XU#NNfUB z8|@%Bk__7-`7xxx5;`H#NiJ1s4rg$>MWoZUvd7CB^*;;AR{(awatbJ6Y6ib>4Gq_Q zYmkD6WUkFBoLHu{@(5MiKu*R2PGe#L#k*GMH^n?CbP`C`1F}re>(;=Q<=ORmxnetb zW#~xl((u}fRGQGnT)Z}fTKt3|+dV++cKDex&ceZ5@6cP^=w_>bP_IR zq;8OiP#;4&zM6H4lo9ID2*u4_tgI-Ws}@s>zdKoDC)lUY}uyI#aCjb&naKd{C?U8Y60rD6{azMyA*E7?5;ho=SFc z${tJoKGFv=B9ln9o2k5{njL~Kw9s6x&k(RMkmTz$U1D$_k8_h0GfXsaXej#K6rWIt zTr*WxW=8#P;0zo=v3ZQr0m#m$VvwKqtxOrz+k=t?s+m^S21}f)IU_ABq;10DFm^bW zv8;SuN!XO!HWzn{3K3$mK*L^C&K4t%LbGzWFSMvaq15mc)g>gYu`nhBk9poe)G(%- z?v4F{Tqz6H-pFj`D-{dYN~F`MMG*pIDz;p2#FEKm+(aj;I1-~?m~zJeB;g&QS0nw_ zs9M0w6S?3p2_x^;SVWLxx18No_)0c*-9IH@2QO?8w|!ef&CgeVedmYSbGP4PFMjdW zbMw<%p(`iOztDeZ|CYNBzjEcigWPKe)*d;2`NT^{zNnT6b^7?+rDkmBvxlPf4}bYn ze#4UZqstEc$V$uJKXB9CeQ4$C#p|X{-?;Zp^<75Tj$T~Kg`2QLo1cI3-pk+Z{_T&~ zpIh|^4Qg+nT(|9qrHl40ediF|JX!eFhyN^XrZ#}bq>iaGJ>OE(kIu^XKYHK+9 zY;SToO)hykdSc@T_FIj;d-#*nYmJ-z_wHB(&ThJJmWl02f3xG(i+|2N@abQVo%&_h zgX}XuA1Pj%yJFOiZhZXXiz}w*LEzW9gPVV!z3u9noq6Tl=@p;Uki(~z)3dI2nAoyp Q<-Q%#)clF_7v``24WpC6`2YX_ literal 1235 zcmZ9}+pp6E0LO8`OUUp7B0+L|XuJ^}qg}gp8zIK7>)Lf~*KVg>J2lX=-nOpm*2^wU zj2gU=phrkB5m9pzBPb|5NIVjV2H_|qh7jW;5J{APni!*r1iU}#`3pYzeSex|q>Nt6 zpY+4F*W2Lv7C1~NQjY*ZV5bZnM$vR00IB}O7y%5yx0$fYwL!(lG&GtBX#s(dT)9Zp zeG`$m*d7O7Dbnpsg2$V~AX|hmO=0llGzv3?2$$&CW@=_S8$wYRMswXJSQ3JNw0?V- z>cc1o7$c&Ei~u~Vcy*1+b1uUap{{G8nW2kDK3l|TS!7|*z>_p>!z7h2Cva%kW-$%v zl1QdEtTPqKip%ZH#K{+QGOa+A%MFugxuaBdP_xIAbtbXT;^JzGNk)gSaM_Y+Nvr zF$sr_SU|E!KQnGbY|-+2t!g*yqPZrSssCH?zn?K+yJlDbQnVOODQEJ9yoi?5F)@Sd zTqsWn9+lyw=lUil`4vY{VKvd|b~*({hNNb*&vn{VFhF8T#)?wS;-P}jo53d}OXQI% zAuirV@phdW0Trj=G+@!{DNc?k&_lyl<4z6hY77a}y3d#OmMSU;(!;HU$&)cS66qM` zgt`)GW^OdGT@tfG_!*MlB;aNBWXP!sS<6|Oo@VA zpDI+btXwpwy|zSxebGyFCWb^fLg2TGNfu(+0qz$la>l_Xc5^VJX=Xv4u8pG%E2@h% z)KRT$$O_~jj4LBAp{gC;oD>8+9;c0d ztHSVgB0bhauPh)j8j>C@@)Vgw_-reYN~Hi#x2io{w8r=lEXI1;P@qANHo>OTH%e8T zk?kgyVUkHAZY8{1&tBQOXI=fmOY+Ix?u#FtSh0KC(Tx|U{s6#PXJO02;SVn#OB^48 z&%M$UkNeth-(7j2bA87?smFY&?OJ&exRhv|S%3HWHy74DwAT2cX>Z=X@2O{}?m2Wg znqQS&_Qw3zKQ*-*_I?$gpIyCaV{mLm{preuSAp+QdGGP{r*7Wmo^G$vKAHdJl6UsN z?4KvEEj{$GedOvB?_67>LPyqrdT?&j$6vhs`_|>ZKC|>jNy>xwxmWf-fBE(;2d>_G zop^u$$(_y)eqq&_jW1x2J&rn`z4r4hP(wNW_6N(f+0XxYH07V0dvcrl;Oi%_yTlFe z{dlHy)BK(#b8BxKQ}-{A&jC}Lzu7*ubIH`HeRoz?eoN&K-Z7_ahB|NMwy$2@KYHK@ Ie>wN=Uyh@ ssh-ed25519 /Gpyew uXq+MfJBkPm8swwZrPvdDvV2bDhpRym/ZeMGqys9BSI -j+YqicDZ4bihNJ7l8KdVkto+si2y2Hs0rCiP1OSu9pQ --> piv-p256 ewCc3w AhHSf+4ctgmsivwSWdryNpYm4pWmGYTC0uP8vCMFa9RQ -cLbPGip95TFpeVLVX4RAmr2M4wzcY7JKqOOmP+A6h+4 --> piv-p256 6CL/Pw As8p7SSauNa84TXKGtPw/R7RSv4Rcsw5i6QtiLm3Dt4e -6yEs/0Wz88KUPmqVRjtvnajydqb5g6RKHDIDltXE0Dc --> ssh-ed25519 I2EdxQ ql80kds5JxVbwiQSyn4iYM8Gd97hZZtZEIiwEc9gK2E -anQR86o7Dx/36CQefEsoaNpDVQEb6CnCh3n8stGXiDI --> ssh-ed25519 J/iReg pnMm4HO8/9T1OOTH7hKr7TXzEsmOZLD65LNUWGBbLz0 -N4FOYkaW7og8RdS2QG8h6PLtivNLmOHlCHF0YmJ4V6Y --> ssh-ed25519 GNhSGw 9J51AEaJRIcigTwyaiCkjP3qKxy+L/YegYZ23r+yHi8 -yT/24Ci1e4DfGIwfF9gLOWs3eCoeDen/w7uBUjxMTRw --> ssh-ed25519 eXMAtA eBsWiM0mKL4xYkI5IFjkLy6/qYTBRhoNAyE3iTd1Ez0 -R7T+pCgYRjHtmj/NTKYPQ6cd8WWC14y8aLDMT/kZ0aM --> ssh-ed25519 5hXocQ bOEbEcSTnUwrMUJ2VZNu1FPG8hNOUGIID/CscM+mRWY -18iZ/TdpvAeACn6oYu7pCjNc/lpONZBqt2NjufP/OMI ---- t+VOF1H5amjBbo1np9PvCtidQNXVEva9j6eByQd9Qkk -ZzQ;]/tG9l!jן 8UahXгLbs3?ɪ]@()x&pMao/\'Og8 Mc% \ No newline at end of file +-> ssh-ed25519 /Gpyew mx+zUDoJlBkJG4GUEJpTmF+7cekgNMAqGf8L/hLKdAM +TBwEFgEWExFwuINvzdrfck6mnBCIpUAekZdTBlX2jyw +-> piv-p256 ewCc3w AtCGtCqOkpF5bFUtuAiYe84lT+1G6MxDNkRU2pUqk18B +3/G5szghCSHCvmiCc7/y8hOZyanfbU71VI1P/CQ4g8Q +-> piv-p256 6CL/Pw AmvS4ErSMMakjmPgkc6uuAW93uB7dkmLzwIWLnfELyXc +0LzlaXihUe55n4gSERN2IyQvjBZ1sbBO/sg3QuLSiaQ +-> ssh-ed25519 I2EdxQ cwwjiEWrJhC3QlZxbCEGjVBPf3jlpjgroeDBzHh+NXQ +V9avgV8Fey4NRK1SYZNUThYncU7zfKU14U5EvQ2kasg +-> ssh-ed25519 J/iReg BbZPEVsU+QcuK+R7O/iyM5QynQ01ve5mpYOmGS7T/Qs +VN2037c3niLVO/wCpl2aJag5yoH04Xs5sFRwNgf9Szk +-> ssh-ed25519 GNhSGw LGM6jIDcmvJJjst+IZGZtIFqopu3VA5pJsX30LKh7BI +cHv8yBQWrrZGnfP+/iN5kboEQHR5fBCNWXkEED7f8vg +-> ssh-ed25519 eXMAtA RXk5YHqqh9G8XIlFcm1yFHjEN7yRQwjT3+OIAu7JHj4 +xNZVF7sCfEIGU6fFrPutCks7b+ZYrXXmPrmsm68Iqjc +-> ssh-ed25519 5hXocQ sCyqDVxD7B/hHT69Cwr+eI/kYI61Ea7fW974qrv9+hc +WyHRkS/KyupY1/REGTrOuVsCkAUgOZdZBDNU66fq3X4 +--- ySHYrP5bMWtiO3uer5Updjm5yAOeuX9fnUFKH4vwUSc + ">lJ!]@l)yCp>Ἑk'#h7|n aa*Mǻck2)o>LD>VOGIX/1c!QsMTS)dEuc>Ry(Z_ \ No newline at end of file diff --git a/secrets/restic/periodique/base-password.age b/secrets/restic/periodique/base-password.age index 466e931983f00d4ef48013a3657ebd8efabd47f5..395572e9ca05e6ec9d6134cb6e359bd77fc835ea 100644 GIT binary patch literal 1235 zcmZ9~-;dJ-00;2k4?<>?#GnBpW&tD+q|XcGVA^NG8EGVu4lcA)_#85=p%gker4M(w60v0H@YNydKZMVwx!Z zquHhxw-X2&)qFxp`cd4a^jxouRdB1*_Fx=W2ZMatMTcC56?Bv>TVc0TX93fekw^`f zs$rT+3cwc^0DhXvV={wQEImg~8hSzEW{;+=r5onrJ5yU{KR)2%auyc#Ls| zDKEy45ps2lbb?faQnaYL{Uljs&7c)RF~XNZ+{&_m+-Sq74>Bkc1{4EH43terkh0L= zP$NGo3Z=ly;M%w^hYC_rGJ2k&1iFH`vfz~&dkC)93V7b-ahrn9l+J4W#!S80=(gub*FY5+t1_5}C7A_yEJoRSumGgJc?wkF5{=O~if53m7IJ|A=#+|1xM|N(VzxwX* zuP*zovf0@@_0{opwGa54qxBblx@n!c;XHQj=op0N_wC>QY+?P@FP9$tXny;>b06-* z9$4A+&Hkm88#^xU|N7kY6IZWLEAt0(_dj3yjr9(_75@J4!RZS#nG8^$+xFSnH4}U9 zdcjV$CEhsR8=pAg5cf>Pi+fhKEN63^&eMso@QSIhKK z!4r!^&VVU_XwfKc)qS9Ws6D5U=U_psQ+7RVn_jzv!W5|{)AZQH93mi<9$NIsy+^*;40MSH3u?vly)#C9EfyjtTBE6tn8Ftx<1f`B5Ax};ZTJqpdW6kqZa8Y#IF5!A<4)5hX`oh{Qzls;M5#}NwKCKpq4ofvs-sd9?G-v8 zgta)REeg|FQK|^dU?|BQBcJw!LDNLF60a}Rv^tCT@rVnzh9wDOQ{&LdOt;ctKsRxv zSXBHTWjZdNtkonFfpaB60o-QbsKttgwSpk9i>c{MS2kPp{ISLaOBhTenfK*DaNErP zmPCwtPvIjXu1N-nagKud3O_buDx;#ZfHh1~O?jMFq7g=M3Shd;0^)Q|_xK!@9AP7v zHXMO#gaa;L&S_o>tck1*1r}05bdsq7(P%V6C^^^i{e;;HlVjFZNu^@(e52B4vVn%y zaWO~Hu~F5Ad>Q!d=cP|w?tQoIaCY&>D^4w63y{ZV!t009AMC$r=B=HZ50u7xo@Kd{ zH>_TD(VzPLI`-&e#~;#HPhLBENTUCCr{23~!&PAW*2t32r?wp3t)FaNxWhSS?b`n~ zK&*$p`Ekp;lY5sQUAO-F$;@o=rQ>TR7fqSVHkj#yatH_4PBX79)}vP|KmA&I;LMV< z=ZNIW`?hU7_g8rK+Y7u3-m+&Yal$x7u3~>#^UkF|uupIE_l@s8ziZvg56)f)PrtJN z$d?Bvo`3PpKdYB_Ebq_7Z=Klu#fPuHv0b}D%}rc7Fu8Gd-}&8#o?Ag|I#QU~x#O9` zdvBirwk~=9?nUeFeBt1UWjBAa^64`X55n)?6$ z1i=SU*kQPvP7o&^6b4h=Kp9@P>rP%2e0bE8=w)Mv4V_0H|AN>1^D%+jad-BAi|s7)Iw-6zRRt`8)IGMP$O-2#=NWv&fWiGUbi(V;?_ z8;nHKy4@O7@}6I6OgQ2S(wFE84t$^4P6$X?EH|z@O@n;N^JAe3|J4%z&`D6d-*(HP zjg@U`YetBPfyH{8CaAzT5fBGkt&y4u*BkLJBU<#1Nk~H&;H_ys@_I7?%af@GkHc9j;1jMMIih;*ds7wP`s*XUc@_wsf)&DU}@K3j)fFyju(%vtXSa zqe#6tUt~QwqEyXVLUndlo523U1#Qi!!?ABV&2mGsdw(y_nPe$VY*?QG5IKxeP|9IR z^+Tp?O=Q=Uh=SO}SVUBovF29wXp>{4uwJO^M$!+tJP%3FOYO57Cwfb+Y>&&jhN(EM zXv~m^DZ26Ce5}l3T=m2qjZ$bD7km?7Jw9u(Y(v2%8EugfUs$xCRQ)iODXHwnbl|gU z6$-JzQ0WW>XEj%!Q90G#=s|*76EjO4jOwOyV#2RH4cJ~u8WtMuC<-qssOds0yM-%b zP(d4jn0VTZT%F$z8&!&w8e0vDGR^`<#2E!M?cx8n;hrAba$7ayi54U#W9ajP1fFKH zT5({t$re@Ma)k;JFePpv1E93TBxN%!X;c!iA>5hSP8RSDX6=cf5&#xk?kqrNs7Nn* ztxl)YMs$6;#YjDr?Jb{M8p>5(35hv(p!)~Y$jw7o((CCUGvwAMSM?7s{Brx|@B8yN z{=6iDqvGW^ZvpI?Kd!)UJdgZ_eERiw^$C2p^Vhkfm)_>SI9a}T{Nne=S6-C{!D)1S z;oTP=J^SOevis)I>E o-PM=l;)CaqpO3D-f8+kmhZy$py(j0MeDjug`Pb9GPpqH*0httfiU0rr literal 1091 zcmZY6-K*OK7{_syF{I+_1w|~D%fH!Sy&3z z;}?}8^^4XH;?{uBH7ZU(Y$ur0)~fP1`UGbZEh=S`Q0(P?wAQ-#?4Mc|R-Ft&(6(EX zPQPvsb}0$FC!6sgXEYUQsl+OwZ>tj*_s&>HW z!oWbXY2%H`u1x?U^{?W8HyeYY>iTUGU**I~SK_g|!p1%|+4^Bh_Y=%Wv#F2B(O4qjbQ;2BNXlqHR-%6IZ;TX7nYt}|DK*2^ ziXn&dB~ht$4fiXXTA+YsELJ0T!tD1I?sl;lZW#_I#)tvin=na6VPwv{t*V-{x^GJn z8_)M82(mbDc=~;kt|bn(gLboD&`8#|)QV70DWL<-Vds7n5{zGwR@`G8cLz%~J8xz! zPnZ&DR^ZX5N|kwT;0wMt#Rb<4O1C0u^wMeTTV^7Q484$s_v>Fblb*6W|WGXECLZq8nK@9Hn*!{VhY4?OqR z`Sl++ejmJZ5qRU{PmNm_&i#1y?c(!SuU|WQ^UgQ#-~R33()Ei!FBgA4$!o_)uf5Ei vKm2}q_kwWci1_5@x#u7H=|S!X`n$(|z54D`H@-Z2;%xH8nS)245kLGJn?QFO diff --git a/secrets/restic/redite/base-password.age b/secrets/restic/redite/base-password.age index bf42ca0b70a8c18c2a8e97f9f2e05821e6ef24c7..3da9a83a9f7221310755e9ca6e0c86e46b91ea18 100644 GIT binary patch literal 1235 zcmZY7|I5?_0LO9gNy=GhTJi`XrwKyWwY%GH&n~6d?c43PyWQ@#`}P=dx7%&I-FEwS z+wBPq5;PP2p&~FStW+KdOU)oie=vQbM9WfAqqF~_p{s&H3P?N^^E@q~bkmtkDjU zLBdXFkeCwUG8D$JR5?ednI>0@teJ{{av0fD2g$A!O4%ex@jVhmY>j8^WX1x7dLfX< z1T56rySA?|aYO0aTIb5XQsG^n08P#IaHL|3Uq zJqBA?kx7%?u@HlxsyzkgWXl;Uz2vy!x};T=$YRlS>sCLXa!J7yMlz2G7%?EEX1lov#B!(k{vr{oT}5Zl1X)-0>oOm<_I;LGb&ckM7crQK!GF_ml2oe3wG6k zT6II=B;U;k#VW_!DT+q)8&>Rt#Gm;(BquNQ(F)0&j^))f9 zcQ|w?usF#yVF7sX@cVau`SeI@?Y-a39h@EByuEey!hw}LRz!>3T}Nl};-nl$kczAyGzINx6>_lhXo0pAE=oNbT&G#xNiN_8B zN4M;h24^Q8@&4YB`2Od$YcdaAe|psmfgXOiERzTD#d*Zb+|&reA!AJ~585BB7f z7jJwtcW7DnLho_n=A+QIB|Gwa_EpYqn?8H(#jDdxuYG%F%iiQc{2sJ>>#O67*Z=?{tt`BzJDj!(%<4bqs*E37sc=h00C-%NP`3%48*t_TFH}1dkC3R_b z)&1vUtIy}J&b>WxxctSc>He`_m$;^|ID7iH+g~5wda=Ig2C!&d^|>YLsgGCe-oxci LE3fSSp)~vlM9R8{ literal 1235 zcmZ9|-;3J>0KoAvMMqT_oFE57I^4uv?V2=6o5*w|X_NHQHc6W{Y1B#6ruotIM}9PE z%Wdj|Zt6fbMQ%=TI~CLi1@9gv^9RG-)CYH`V}fvaC&MRoq7L@UIp?GI7kv1B>$(=# zx(#>K_sw2+XV29W0T_ut7WF(Mt~HYg0%B1^v^&#yG^Vvn9l`6dd0@mBkb*Y55OvhRldfB)JS>fPYQkyJ<&M)!Qi|dyq&`|sF)=k04r-16 zw7wa{`$;4f)k3lXg;Bg)LC`EF2@-(_1AuW5LaYUxFSW#>RyPH{8X8p|MV!8lM$&m* zL`V(@=pI>ZKnCWB*uXWJh6;=orN$;bjk3Xffz9RqXQjw|g1=>TV5#eO2H8x5HMyjp z*4wqV#gu?*7p)|TjM0Jsj1Ebz}onj$=FuTbU`l2$^qFEj4=n5RmW8&l*pkO zla!iBcKyX%GTR&q(W-19Lcm#>l#6;2AuEAU2dd4a&8D&fnsS}4?#i<}B-dJndIaya(dM8O%| z`tOA6HM(e&=`aeHDA1$Z_$WX!1QXbqPQ{e%Hra3StjmZ#=W)}ZI79=p7U{BB#>B=# zE$fXH3*e1Vum~xiaIhw4wnt^SIF=f$pJ|BRdQFoHxQ|B_s8z=?rwNLJrMf88NTd{` ztgA)dE40kCMwOi*5wu2{k&R@joYho@(`sn+5veW9@Q{N@C#>TV2q-npz?DuP?=V6i zUaujB+-nF?KkeB9F4r=nR#qC*&Y*>KYoa-zIH(v5Xf81LkhX?ISqvk-g~dFPO(TH~ zh)C5M4thN}fE3Bn1k4{W)heJWj#AeH1!7Pw z)?AsgInGa}7+i%T7hakAE^n9@R>i3z549TH`j^p z_?a_*s(0`H!P;~ec}O~c&*F*G8y=pU=YIY6&EsFpzehFBZCDC#Zk%0tdEX2BpO|>* z?AO0-TiUpWKd|Mei%X05?R_zQ{qV%hClizZ?D}-a^UM6U2X~!b(D#=n_wGA$YUj+- zy>b3WaQpEa@a*b#@bJRaZNzGH<*PT6D_53Zj~%*Ws(g9w>PaziJIzd@-FP!sD0@7beopSrR2# ssh-ed25519 hTlmJA NN+fdIZAAYh+A7hFaWXYOxmemjlzS24WNa9qWIS8jQ8 -lhVBAvY+TWg1yAJcrgvphoOKB06ETLyH+DLLAO/32bw --> piv-p256 ewCc3w AtQ8DoBM3GwBCc+B70nQss2/lmirWJs845PrS6cyivYL -xrE8YMYKv7XTiMmu/Qh3W9j4KGkZIN61vnyBUbiRous --> piv-p256 6CL/Pw Ak6Zjws9g8YrtUPyVQpJxPOL2yhEo1izmu00ODWO/9bN -9g/dmEHdJTKg8cB3xQs5cSXQUz7TkXQM//SCA8qFgqU --> ssh-ed25519 I2EdxQ B1SaZxW/oOYTADdHLJ/CfE/ePpn5MauuQIV11P7ciWU -BCINmTI1TE7V5/9tIBUpHFBrzk5k5ycvrOFrmEGoHcw --> ssh-ed25519 J/iReg a93JQXzEH0rzZL9BzI9GWdm+vfIthZj9KmYe/xkM3x0 -BNLZmF4I/B7bNzZUQ7C1VYUiI6AXN7aLaQ4b5pS/Qpw --> ssh-ed25519 GNhSGw Z9bIU2D8d7oT6/k8AIUFk2GWlQ0kbpZIx6Mch6Zd9DU -ZWGrSOd/K5e0ZnFZvE8U4zLsBBKnTQUu6l+WAFrSIGA --> ssh-ed25519 eXMAtA 1ZPBxg7vVPdFl/I9Xgty8H8X0HliAQte0D5VrgRJYgs -onOuCxlv73SpBqIZarKbXzUJ/dERBHfPTy5EacFRToU --> ssh-ed25519 5hXocQ u/9fRCc+gz7Qo0020HYqkgeSk+joAGC9iRo1PpTTNWc -iFIduae61MdkkYBP42yf/59v8OySnNLXgypOS9Z+ib0 ---- 27DrzEcaoj5yEFstaty5e+q67L8kDi1hUN18k10kUAM -).M¦8-UH#c>SHF"I3-?cu?PssEB2SiU6z|-sBB-'rl~_glܦ# vdQuy4TPO \ No newline at end of file +-> ssh-ed25519 hTlmJA FwyYHqXJq8FnP/kKDOyZYMsEpOVVvdxcPka7dxH9TEg +hKPhAZz5/6DP1ugpv3bHOZrbSoVs0hpZSP8kycw0hds +-> piv-p256 ewCc3w A0NZ/VH4wQ07JGUjRnD2QU7VlrG4zMeVzHa7g46Av+jU +qCXVqCAtOikfPENz7RJpy0PTdTw1tAwusSWh1iDlVT0 +-> piv-p256 6CL/Pw Awzu5nbYg4GuVnEloOsPVwQ47BicdnAb4sS1mG+0w/Hg +CeDZkaghyrRT4Qokg6dTkDLrwND4mix7dhFgMEXzsRo +-> ssh-ed25519 I2EdxQ MrZNzDREuwEhfu7lU21VsJ02Q9orNM0TPB87viA78XM +NSlPC8lW9U2ppLIGySpmU0HJpemN+GUA74RBFhnhroY +-> ssh-ed25519 J/iReg ZWPGgqUI89NVHp7iLK37iRdwBGroJ0pDxI3ZMeIJ/Ak +PxJTCoNmF/c741FTeXYsjUjogf4/ZLZU56IoEKHX140 +-> ssh-ed25519 GNhSGw k4VJGNkwALEyUJfqoWNjm7gVS4EL1PDQtigjrJyKJ0Y +f35rY9JCJSiEkXEC8E9O2e8RqikKHL4WG91y+Q/0Dxw +-> ssh-ed25519 eXMAtA 4exKSkUZbK6IGNqms3oXHZjqxdanDxruBIWzlWkud18 +fikqarrrB2wEAS8b033Cp2QpAGxy1SGju6wcfcpgWPo +-> ssh-ed25519 5hXocQ A7y23nvH1k2eh9YhzkDfTX8BTsds6HJfTzEPgP7A10g +CXq+VQurL+CrAZKu9ycJp/iSz/S8CTP8F00OAhNzuwg +--- TZLMHnfF4+CThKdhjtmeSzB/66o6MEV6r4Fh5CzEkCA +j`3H1TCZ6/zR+qрȲÜ QFK׳8,oH,PDnfnTI\Yn +ﵖk +f M0Y`.\{ԍ%Ʋkp \ No newline at end of file diff --git a/secrets/restic/reverseproxy/base-password.age b/secrets/restic/reverseproxy/base-password.age new file mode 100644 index 0000000000000000000000000000000000000000..297fd73635b8057bd45266a6f1d3f8de9730fb2f GIT binary patch literal 1235 zcmZ9}+pp6E0LO74=Yg}BAYOO@VIfgt=IGjO?M8^&cJ12k(sf-gYe4O~w!3s|cj_;H0bP^H?_xC}iQCd`5<`gEvDc}Q0BRs>S( z5F*fAS?wXJZmSVc7f zA`BfKFeIp7FEDJEuF(VvvTzQ>Lyn+^bYLK9dZnhzC3K8N*_7lckeuXUpbH0lY@8`N zuGMj>9m-4FHt4h!DoNB6x>t(G1=(w+J22CB^B@&~S%xv135J{?Ocka&SW>N~GKyt5 z47yTFw`5!6qB&3Tbx3cuWp-2{bBl4#!PT$%6aDVpj`(IAaotS###L~>FAGe;HUG;^( zL+yQX@Xz0Vxq8n8-h1N12Z^0?pIz92ZR#(dS-0iXqq7Ugmd~K8_ut&~`}z4JzaBfZ zZ@L|!(08r7kFEav!KtYiUcMb$I=OlM^tJmxWOl6=&K@d0v-|CR-#It#9liL|!Ur#X zG!MOY^X@BqclGz*zkF%koz0UqspEbjhQG70XPF$79{O0XkxxF4m)k*gW^w-V2J6;U LWaiq=?VJAs;&HkO literal 0 HcmV?d00001 diff --git a/secrets/restic/reverseproxy/base-repo.age b/secrets/restic/reverseproxy/base-repo.age new file mode 100644 index 0000000000000000000000000000000000000000..6a068c8d7159127d434cd8e63c5b654791151763 GIT binary patch literal 1095 zcmZ9|&8yo4008iTo&paxQF-8{ZakHhE^R&=L?vmOk2Yz(^OB-MnxtvcHc6YWHhNOf ziMSp1z=MY;cytJRf;S&BQ4d~xFmUdq2fvtX7mtcQkG{X)2R|q9TYl`Ww`m?G@s(s9 zfMo}0z1YaIS6%E^DJTJ9N0IpJ_2^ zMM+Y17Hv(`n~?#QPR^uQ|9=+N6F~XYs@s9wZL3};=9t@=$S!LxoLH`6S{q>*GoD&f zCJ7F@)-+&X({WJvqb=(#RNUqQ;;ZaddyGup1IclU^hk@M`9%I2@J!+Op*#N>wlj!{|0`Put#1 zq^J14SDn>-OC)o$0cv$V&vIi`S~wwMGc!3Y@>3rrls?OEd#fyHXWWXx4Fj0lUUNf0 z_%`dq&KgC!#H5%YIAaU8n)%savShSw;#Z)aoYl~omAFd7({ur<<4G-bR-QYxR27_; zIyYR!d=4+qGmZMBR|Wju+&vrgU6vk&&w| z&}y|Bvo2DoiJXG=z-?psq;>>FqAC{_HK!|SO(Z~83eOiMfdIPp;M^nkcRsyw_2}gA z+;=a$^44z$&)&W8=kZ_1uU`BE_^WD3Te)Jsp)xp=d-gy1nU&86-mtOuxKm79ji_1&9J3sO9@7wDq!iUcT wH$Q)HV|nd^>dn3Lk6(H3;IUsnDcUOV literal 0 HcmV?d00001 diff --git a/secrets/restic/two/base-password.age b/secrets/restic/two/base-password.age index 85962421655380345521fb8e932386be93663c8b..45621404467ba26abbe37b1a697b7bd4f44f531a 100644 GIT binary patch literal 1235 zcmZA0?T^z00LO8}$Lu61qKGDDXox0bbX%VVk*@2ybzRr4UDxe}xwhMFZP#{NyLFur zG`!)2_>c>pCY-^CXh<}OFCa#Oyb&%rMG}mP@gW)`2t-~GFeIFMzV!ZrPx8(0r?#5$ zrla@6u5Y-`X1Cu0hRH~LTh#N~@n$0h!$~~aYZk3Qh>D;g=4*%#4nuCl4@3iZL|t+~ zBR}8+yFxQMZec7H1G7{FDyWSqG!#`dY+%Cytqn0PumT^HF@|dllRAO4$||SItoNVR zHHPtS3Pz&MfYiYtN?M4HS#L^vFzQwNXd2Bc&2f zbn(EzRBaKUNG$|omR*HqBAQYsbViau%VoV%JqM+($ z(hzMy%PZznRAVGWu`Jq7PsLQwV=7kG9241?khfH)W_DRq!emHI5cm{TaLHn%UY0=z zX`-gbR|$!u5d`a!$xh9qc(M$mX}DCBvpt^jO73!v0gQ696&)z54MSj8M8bX*f$9y% z>qDrn!yPJ5;_W1_FmTy7OLjUD2@8CtRFm91o`Hc5uTiqE55ZHgQ_F8HSp3^KW(PQ8L?W)Wrj>fw`024PkW)2aU*@Um*K-! zK?VA~0YuOVss+Y!n&KLRRIZL8qnHkXOd3(@)N-w<6bYY*_8HRBT6wP22 z4l!^;&h6|nJI4qnpY@n{7|h#gZXbre>wLz1mGy&}*S0xP+6 zK#=tvL}jI}%^I~tWaZ+H*Y;hzv}P;c*!wwu_Up)*9rL&RymMyrp{GovclehRYWBpj zecR7>R$Q*XcV+eS9C_t|J=441ycI6LyZ-h&<IYPS&nH z@y4?{@eRE9_|faDc5^SBJN}ouZo_TsKU%o|t4ohe;1`3F6KjO~UVVC!tIQ3zT$(sL zgKoF4T)Y2M=DTBSg9E33SMDv&Jb3-f)$cTKD$}zsKl#NE z3wNAO)4S$3oZ5Z($lDKJoZRv{uyuZN`_(DEWrrb@3yoI;5jO80|F?!oqnFm z$23-zqe-P!HF!%ZCx&fVilj_|nCun?PKP5%K$f}#IByFLM#4iWt39;_{}`dp8xjw7z8*qUc{>!m!W z#b#MlFd0^|Jwhqtp4#$pY=kCik?Z&x-@Vyeb{OascMdo*=!^c zZTWVKMI_&jgd}EJE<}}Oh?S=_NCrX+rzuM`k*4cItwP(0SdpRAMaYm7B`7cll7euw z1DOcY=1{*vfJ6=k;h2uY(THvugCJK&$>Qy_5@?88H_0iQfp#k5P||~*@0MFe?B@Ci z+lfJTA^P$-J;GQXr25^3&04VTwc9kmP>AZ*%S8+8g>Kh@(sTrt%&gU_gnmgH0_5#9 zrlLzsnCv2>VFoWmW0c4Mf#}MCuU0cS(19vE+*^1{*dNEt0ALg>;Z53cU-3kpt~GlY z$OW-jXEPQqrQLLOFjfbVDM2HrX_oIWsi|dhL?-FUv^x-{Al0roxQA6nCAKM=Sd^xf zP5fj$Nw|F2GDkk2FDBxqm#2*aGNmz9zl;*Pi~!9V+HlGCkPS*bL9LJK$e7ERcbLR= z)ouw%x5h_cIF)BZwyJZ)kgPJgfYya*VZMA56iCk<*|ehv5thI)tpU)vI16-WyA~^z zK|A1W5X*&})^rxO?#|JF)$Vm$K~JC(-H42Ol`3 z&3xj1kli}{S?a;x<`=`^<=6iDMLND=$Eqvt+${0t-Y?QyzC<>P6EpXI^Yjw!#@Soa zBBb>PaP{n6I}VVqUNx5Ps@fM>{v)J6|Mz&g!H_4OQLh8=ck-|IY)!AYu$iBDc>CS2 zoEDq(kI$~Y*n55Mop&GKxbCr|m-c*qVfm8dZ~Zf^&aeLd#Y1P-oL~0o%NtJ}xlW;n z$JY){{P0tI>7&s5+1Z=n>`wCM;+Ye|hhKet^xL`pPh!u_>|S&1^x>5|R_^PN^Uk&V zmkZg$+dkee!8^}Czhc+E3487KE4vHRGwWBoC;wD7zd#?O8uivwYacoA5V-Bqfm7?~ Fe*pkky7vG8 diff --git a/secrets/restic/two/base-repo.age b/secrets/restic/two/base-repo.age index ca8fb65..8de1bb7 100644 --- a/secrets/restic/two/base-repo.age +++ b/secrets/restic/two/base-repo.age @@ -1,21 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 qeMkwQ /keb+Ra7ey8R57qBRtU5VNvXsUBGlP/D3xmu7ShrFi8 -0cLRMQ+nT3uZO59LHNNQLo8lmQsBWuyPEcsnGzSyaeo --> piv-p256 ewCc3w AiuuJefLgWkM5EzXWGAx0sAhGii/a4yXx1a0N62QpEEA -jC3Gph2c0qfsXdivztaOGxqwyH8YaDp8JNsBxYvxmAw --> piv-p256 6CL/Pw A3TNn97Bkf89T3gdh2nOVg8gGJS+YTdxMsT8x7MSwZU7 -sr4NvxEW9NYmROFwmgGSFAkEodrUTxCEX9YKhhzaI/w --> ssh-ed25519 I2EdxQ +Vw5lZB0bpthF5TkdHCsxhw+2VDh6Se7moPZn42R8gQ -w+hRvGIAehIRIuPzvGtZmSWPUxlmrJtRiq1Vphl/bfw --> ssh-ed25519 J/iReg XmBVKUHnA7HbC8eQHRg1Kw52dAYlkXmi3t8CfOVY+hk -lJTLuekWjOTY62hJNpi/fwlyRnWEi1jqGZRVFHbkYHY --> ssh-ed25519 GNhSGw vQvGrEIBipBdgoK2nFm+TygkTBwNrFybwwP7j0w9sA0 -/qQmQ2iB7zXPy0ZStN7cbTNoVdjHYtBjGiKt6Qvj9co --> ssh-ed25519 eXMAtA G4LmMcFCSHgu9nUKVoryCm1EAgw/8r/udi8ioP80D3E -AzFf/on9+O+xrx6CQNrt49kRw4M/9dLywhc7lKW+p4w --> ssh-ed25519 5hXocQ ZIdUDfleb27LFxg2t4d3LXtqE/wJ8Vbie0+fZDAnKWs -VUOTStUwbfFsgKiX5GEgxlYMnSHpXrq85UEC884y314 ---- bHL/tQMiSDfTBt6slaaOwE4r2ORKV0YuhUzqoC9Ea+g -B)b,} - 2( -ۃUc!} VjWPlk 2"sn T}j _d/%J,Tr%ͽrCEtD` IDO$0L \ No newline at end of file +-> ssh-ed25519 qeMkwQ Bi93rI91LBDaaY/yPJDhvx2Xz4Sc3N/QHCuaSIvY4H4 +SEm6Su5gjKvSF6vyl/M80LMS2+JuzllJ9h8R9LWyaK0 +-> piv-p256 ewCc3w AtUZadXsE0CuZPNJg+Rqbbh8cxna7+y2VGVa/lH/N7dh +O7V0wXiK0qncQ6bagJEgzWsUQ5i/K1nibxy97pmDgRc +-> piv-p256 6CL/Pw A0WY0KqpmfB91+nNKnda1hudfI0OHxGi+AEBSTyoYBg9 +l9aGu0kEMfK5g99UADmGN7v9T4c9VPOB2ucmoN+Lry8 +-> ssh-ed25519 I2EdxQ QcTXfmdoGtiGnnBsh8iA7BMhMGUdGz753VGTbnM81zg +HOAA19NC/kbQcpCvpBEhxZvIFQbJNlbW3SsC5D8er8A +-> ssh-ed25519 J/iReg rCs+36Az9gPC0z0bZOkY64kqAQLTRJNIGDPeeAsLLQo +E6i/Tio41CtWvQpwPjgVN+RLyHUb2StBsT65LMnSgTM +-> ssh-ed25519 GNhSGw 8iGHolR8qo6hHIVqLWtOGtrqQwk5lHT9hZA9MtW2vz4 +vPyPAHUkRWVRr1oZ8kzR5Tu2d6Q16hpjPajv5TxJEOU +-> ssh-ed25519 eXMAtA l6mcO5XxwwQaTrfwd32ANLFma+GlwFbqlBNo+sI7/jo +VwjyfbUz//5bbDfCsTy9azFspvykY1+am2TDbajulJU +-> ssh-ed25519 5hXocQ VGfJz+xp5kUTIGLNKE3p4bneECJ8lhETRxZoYq/MaX4 +apxhOfB0uEWMtEoT7oSfWkN66swG0XuN/eK1hWPd6p8 +--- hEoLlgb5t9ASMlVBOu4/QoBBRr5551YqDw5C3vQJ6C8 +5G3M&4sS='N]?ZU:|/?9XǣH~yRz0Q/7ʀwV+ɢ\(cޥ7>}'1Sg5g&ij> \ No newline at end of file diff --git a/secrets/restic/vaultwarden/base-password.age b/secrets/restic/vaultwarden/base-password.age index 34cd4866065c13fb078bbdf5081be455b03b3769..cb0999a2c6d6c9d0607f6cbc04a1feb92f737919 100644 GIT binary patch literal 1235 zcmZY7+pp6E0LO7-OvFW_5{bb`oM13e=hk-ZRvt*&uIsvP>$^qbQI-4kn_8h@2BKC`KZI;{(SiFB)(0@}&3|eDeL}rxz&@~7_KrCMOLasE9OSD7gND>8D$M@PAgOqK}qFkdt zwg?=l!wojurSVETTVrAtHxM{ypu&x;47!L0F?;svu;!U{4l#>2J+7 zgMVk8MzqSB3fPC~Q6KJvX#&r9%zrGDEG4UdSr~{64YQ+#03tD(Lw^ID5;FehEswiDMGpcr&4fVY=Ef$ z&yN3o2wmw2^f)di6#2j(Sj#9iZ4B;XnHzuVnSWh}2BmjNOko^ky zzc!@PbW}b*=+%ly6_N&mBooC^PXMhdpYlAemDk!PoJbU}-&14Rlm=Svge}Vi z+eR_BLMuFMa!#dF6OF(mDV&SINkN^EsaPVBhLARaziT41ImVSQK37Q8;f| zK(eNDt*{J|`5|t^E=;peZ$YlKt6y!n`qt9ZryeN&zVRqCH@LFq;Mxam(t&A_Pu literal 1235 zcmZ9}{mT;t0KoCG!rX(3Vc7#Ei$b3~9=E&Oy)5E^?Y7-s?)`S#?MbA&+wE?*+ugRi zXLlP#5|{{DBpKo(Mu8d%_Ch^bnb->vzCe~wX&OCbKM201LGk-Juv#a0Rx6p|+s+>V(~znt~AnhwU1pd;e&i zW`Dc`A!t+&2n`ORDNOS!REfdsWUbz)XT2<@S*5<$>vxi%)R_!1%YfSauuk$?1SG_Q zI%JZq97$S~QY+h1Ds+Ri)y44)&49M4n{-QZLM8P-3ni!+cgu>~Vkr}sC~%6-fNCS? z6kQh8sBXg;@}kt1rLZ8f)kZ(oqauAA5aCKaloUs;l?z6QC}Lhlh?ZSW$i5NxVzSPv znyOa*wfJ~pPM?$W)v8StgeGAb zO`(<#_@X;-P)HI>`|bQ%Y|wTO(dEe zp2!t*(tM3%Opy$tikT&ZlG*}`wm%G0UAJ8rf@r3#!Onn`bFRST^(jn4da@hw6HvLM zbgi1$Wtd5;KzmYL%6N4rsAPyhFNjKjqA-w034Fe$%XG?5MQiO^Q|Az?s))CmSiD)7 zL>ZM&gh&cON-euUu#lC>xnWg`Fu6AEvqhk(<0uQXDb`2$GBgF5Z3kD2jN8aCjXd9B zV{$NGLrmG#_$V85I9C~94$M{QDZi9VRmz~N*9<9BHytkkl7of-@{Vob5rd$eu8~4T z*o6tdm?g4Y3dl2hEoI_ysFx&4WIO}NV8ytljgLnuv|#x*>~#eX1zNHzDN3Bj1{m8) z=kgYxgt&Au;WyHn6_0#7@xhlPyMEobdfEEJ_dc~?^-5C`N&x~-hPhMLP z|LW{2eBpk1urU7YYu_AN**f+0ZA*loTT2hVwC(M|u^7GX`k@nZ+DL9u?Vf{|Ry>GV z2OhhA^Tc~C_m!n@i90SCN(yR?k_K2 Qxcbodle0IrDL1*l0U=+%L;wH) diff --git a/secrets/restic/vaultwarden/base-repo.age b/secrets/restic/vaultwarden/base-repo.age index c3c14abe75c9c0535b64731c939f36e0b7c2db6d..885f483ffaf2b190989cecdf8ec14390d4a1e664 100644 GIT binary patch literal 1093 zcmZY5yUXJQ003~|YQ%CRqf*<^xz#sUzyYI?6D)PsReK2fB zz~Cvcs=|TqAvivofZFc37Fux6(lX_!3rlh1PMgjdRim||FejhFqHna#yd)r54%#gt4`KtXRRTQCi=?CNI98FaX*&oc1CU> znUMf(>jomTK*#jHYZamHU3clrUFIc(ZqgJg#-5(Trm*d~dlxxm?j2=t)i_uzDSB&W z_OTO;n1>gE6xdW1GI_U|kR9n($`r4)0uYfriIee+3(~FA1gTf@v(#SbElkWgf0r)y znTClGjiCCy+Hx2vegGcUJD!^f)jlf`9X=kdqS0CnUa!YI%~L8-=D32uR_)3hfP0Wa zPivN!F-qWhE36DMp2IpaQ5dX}h&hWIJQOsGNW52LSE0(bAP-wjzRSsyTF>d_f?qh> zK4PYt*3Vf??s`S1uzEf`j?@-_w1W|8TDM+7hj5Hg=#mTdWQFjv#>$tYkut_RvfCXh z=043g#c4eSQy;<2W(0KvpVZ?n>ZZ`dA#8kmPznNV*POr1HQNhgl>_2T6{1m#iHk&vpI225WE5Z~aH=OA@-Y~mw5)aM7mBDc5&#D!T15cjf%n<%hhh zWBrdeUcTFXaO;^LsVAO1LH$6v^1$7XFCNS#??&~@^4(KXWtaJ{{d?xb{GHv literal 1093 zcmZ9~&CA;a0LO7qd=7E$;11&DF`z@XTJzStAr70DCTW@`Y0@@{3~BS;q)nQ%c`4#R zQLj4OMGw0OUQ~9F=io(TjDgc#MEwI4VMkHCOvUL*pTFS4@5gr$`dxqH7Hz(Zv(58a z5keILbT5Hr8FhUR#c_lN&26KOY7pxsIUC7+2p6W|%0Nv)YLI@@j+?c@nWevW0(NbX z{HhHBQ;Th!jUjnvM@=k>ma>Pkx!hZ0N*FEc$;2Z@8O^F8oBX5Yan;RHoB;irb+H=k zCly)RLkq1OWqCa}##kbr0>et;sx&|N2{lxwd9<3>6TzA-HH?CK z2;Pw+gVh5g^@8lQHiY7dAA<9k$RlN5j5a(Iz#P-lY+YsGZ6WRRK58#H&K(`dBw+eH zaPSex=_osaQaMC)M7S>9oq{@@MSwVmgGICUT8>m7L-^C0FpdnN1}Uspi(>;GX#C6$ zY6?euqA_Vaoxxadr5+AD&t-=~O{_9Nqqzk}mVIQflCvh^GKUkWJ@FYl zY@plif{^H7O0p6>W6xxq6s>wbsxyft)ey{Sl_>@)T3N0-r8uYLaI zt?O4VDxmS6`S$nFlh|+Z;T!*hAMTHD)=wWjmz>8PwZl2w{5mb+Gcidb|2wUI?;hrq$uR6M2bQw z=^%*?6i=Z@hn^Br>H7Bj^Vh$hf8MXx=kpOr#2~R+q_f5wWE!=ae*f=;^$ReN=e2swwmk?PzT!f8HAdtb#0E6iNw0M~b6c0rpfnqaG z1TzCMNCXtl(F;W=rkE7Zj(|$gB%uY*X0hYJ;8g?~Qzez#tTwKN9!CYBVWDx%2$Vq} zj}6d5t)bFbA(DudnaKn^nS>1!Y2{!QP7$vaaZ&%zLgL6^`ftmKgm7sL9^0Ui(QRx4 zkw{r(FiVwk7LgUNHKL4qC&5`Y0Eifu%!hL0h^g=@rGgVu@(jpuf>vM$#86}TENG%1oSm{2q#R!2tbN;bTR~v#hJ85 zH55&Nu-E{Cm@MT>HC6s;D2giU>Q>^ z0qQ03G6mbB;sqEe0eY6g09MdKr~;x59U_yX`SC&v@{h1%dr}a zFc=>ji3D?yECg9aW5-393`~TYhyoxG29_b5gpujsaTJ0sjHJaO88R&|4h5r_AzY@8 zfF+2iN-_<~_)`;eDHsC=D1+0)GNctoVPN$FH8Nhn7HZIRW2{%ka}^At&P?Y9;1paFUB!cF`E2+qadAUZaN7V?_Y1%$SWV-MX3TxbFUD({%tdr9-u$7g5Hw_-> z$!qc3Bi7|4dmi@o_bI%vepy+q#NqW(h&+P0EXK!yT{P$f@ZR9og@4f_H-2Dz6fdPV zJUz~HGW6BVpXz>pZA;;H26#BBW)-pLHJtv#t0wqB^xg)s0waiK{nQ`2=x^|c4)EZ>(FNA; z9=RT=?*k8ZZBBLH@;*HTKi-lZ>=X{Go%751rg^n<^VqegvP<=j^T+1pD)Xqa%MmC{Eg9C}&y|fv|62P(+sNk~BX4S^%J%Mk3>r_geq5OneXnAu z4%T7&N@?kBa(}w5lB*h1_)VQd5{@@`Ri_uGxL1EA@B(!WaoSDg;-cu*ynCBl3`hNE zz2BT=CCw-!?QhTBdav%tiS{mE*htBT<+VcSnd?XVR9qk5I~LG*R<*vj_UpCi674le zv%oJVV&M|y=^p>W<|_cC$HshX*Tc0@oEwc_kMwq{q90+^@7As_Cex!6r;z>vG@kca zyrggGGrK|*VcVV8^PS5uBbB=Rz*`HDDHGl!&$lHPw6VUvF@KouDjK=i7U@-YH?Mmr zZpRXMjkm2z>A;o_q)tpel}G3}TMPa+^Vy!HEtYxt`N&x<%n6^t^Q%&MEx`*qTw;6M zzgdzVb$JpG*M0od<<@`-b{PCm|DMc)$S24l(|~FKkUC^TE-I^{;ia%2c&AX;(Xsd9iQ2 zswWSQAB>w5LH=@Vus#0zJV4*&yP)Cj`8JU>>h`VYzZwF$fzuP+M$;VX{ZqD1OC{y? zd%ZlikobIQR!Gp9cBU*7t$i{+52oyCdR%|9O$l-c_FvbTUhRnoP1%~{{+fyD#iRMz zg>cepLK6>j@~#JpSd^S|XtUQjzK?&Biyf{01pRv3f}%~=n(w&e5*Jq{ej&F$PO)#S zx{};R^GjMb*LIisc}SG=Y>{x>nlZolkZ*Ixo7JthOk8nR`rf&fhi-52PR#>;slFK0 zr)!`6M$l9@fP1nJCcNJ{{5EH~)hjvS?Cosr!KAbxm#)v^o%og4$aQTUC&H%f5udSd zeNQ=i+380l<>;s9<$I5r!J9T2kb+u&xSZTk&c}8gIsr+3Ia_>*a3m^j}&j&t( zzFnL@efRy|y4l04o5rRVo&GKpO^QkjCKm3NWktmZOH#H`V`nVdKxNj+$w?T^cj1(? zzhd7^mL$Rv2OKoWOZ^=o9v#Qm{&IMw|Fq%1O2*`XqvK1j7V`H^dV8m#dIaG%Q0nMK zdkd6J7%k8mJJd}3?WdAwHC^3QwWX~T!mYDFs|=6%d#t^b>1U*(uYlQ3<0G!`yu#9| z>>ZrzU1%8qW;uqE-t=VF%_G@Bm<*eKm8g@cpTzZpYPJ-`o25?@K8NSC59$kmB{Y8?PE!a%;k zV7*@ED-pv{C>RFJ(Izt@Okg&bpf=+oBMee8-CG5fbM-U^o-6ZLo4ujoW?57iO)OJl zWdJe^3W5q?Dy{@V2hd8nT7wcBq6|6-Rv?2xwFy!Rl|_}YDao)XRZ5ipf0{;a^wq#o z{$Pm-FG85WSY@~Xg{Gh&e1tp+V`ghGLOvNo&;tyPkQvPYQY1Jg5k)nSX&f$y%9m*5 zNCHR7;Y0ls)oO|~EWkgS4T;8c!wAU|z?&{rsQ6*x2&U=(EPs3ig!!+9)=|A_k^aeg zs#zg6(4!$3L>SJWLrCGHY4~UgH-JIo089X@qEJB*d>WF4#)QRd61|~U3~vn{1^6?flQ9YtO=ph6CllcW z6I+K*QJ~CX7{eRKp@9Sv16r&Fpfp4T2Fi$5CW|6*6sk@rW>86F6E2a4F%XPN3}^tG z|GP$k$k`GAj7y=3iKYY*ix@9Q#T!t91dIyDAxktA5}p$oKuSbP;S@4mKnV{38PT`^ zxe^UiG7uE9fyKhpm3%xDD~lj$^)vxTq%)D!3^FlNMnL|q5$Uo>q6tilr^D4aEre2(SXKu;E!2s#510O83=1RRt6yC#XIVGUR?3Cp5$>1H{V%aAbWWHr}c&1R5|Xaf!k08}K0 z#gQV22}*1tkq^?)B?$I>b)kXjxBQqnsHy=jTQo$jL~)THA2`xyon5 zx)sh?T4?BBy)V~4^Y8h2!}#mVnIh}gYb>u1M=qp;Hk+v0%KG=SjO%RXE0QE`p=8GM zdpOX&eCx$S1>h+HvE-5D>T*() zH8zpdU3H{7@!iw;PLCAHAA7zDLT(M_eEB}`4}jSFqOHRH^*(XNhcA&fsU*@?JW0RF z>1;y#eajS&&K11bZ)ULeR}|~RmsSo?kF5S7)b9ExhwahcYB>delpnMLLQ~9q`FhbG z2Cl>0JFg1XcK7TN23_!6VuU@CP5)e8^Om*qE2_r>nPPv#F)6IG;VN=u{La_w8*_s) zn;ILs9~&`dR+8G(5pvQiGT_Ia*As5r1HPSUhBz(brS(!6`DavI z{mT%`^_D2R2EoOUSi(%FnD;MW=hpgV7Di@oXzYE{n9DsH_-;4bGw5c?vxzp?NXYWX z6%JrC(pEn)tjTuq|LT(bBzq2LNIG=I00Cs(9VHJj*&jP*7uo1S*#?{OA9M4aMuqcC z@sH!ImSUOsN}!T!-C>@6^nmzwO#6XnlvN=+`^~)*kF%h3#{;WLpP#6U_V$&xUTbgt zFdE1E$67Vw0G<&z8dIn3Y7Bp-rIA-mdbK~B^h6pUxhm}?^K6(I?^Kn%%a+r=g|cxb2mK(Y7MK?4-%%Np$a>|y9ouNW1Sdv1T+ zvy&*`tW0!_D_gpt>Zsb@TGv-}=}>cKT}{@k;)|;6(d;hP8D}TSFn3*d_FYZyNayuT z)QZWH?Nf@NF0DS>PCpvtey|UA?QG0g8>?UBb#1Hml(Xv(#^zLcQpP+0TVXo$bL1|t z6pC^7Da!#sAI@$JW{QnLqANqKDRG~Det=4^ajOdwnc9~Rro8{KK)8ckpjK7CgEcN0 zht%D&%Zat<{Nf~o389PH_$ydrlOFp!<~s-jNqzDS^Y>d5XI14=McWH`#U2h{)r~It zyKoELUH-l~ccic9i>TCjR@1-lJ2e(nnq%cj-)|0`xnbCW-g^B$#0~1_{mZh9fJ!>p zM^+s(R#O#8eL%jo7X|k%zyGOl*G0396Ld-Z6gTx{YgypRW4G=z21s<@Fa15WvD#_z z%20H~mXJjwqZ6@noW>aQ$0l*%$1#J<66gJQa6Qdyx26ZecG_n2Y8|fI=PYae=v6ft zFjz2N+-=>um^d_4c5ZE;k@+XmCJ|h{WrR9d=cYe7~HWhW_82dht=bi%ls#=G(1>% z-mYUMrhs#$$mQBn1{#li%?EC%$&0ONbNlMo?%kXtyzdH~wQKijeQXTt5=YWZbVH@V zrpDiP>W_<}^$4>dOW^-;6ZQ}LO|*@?xf{ND3;TtAKqYzRYnL}+d!c8AypKm}mrJW! ztJYQ6=Ix}`q%k`9!4(9Vmz-t`*3(dbhTKT)TA z2QH--KB#oZmz{5RFe`YL_Qrm95$mv#VVhfN*Zb%%TACH<4i9e)vfaD%>C$&I_GBCe zmzvwGZK=mkc8acaH5fL~F)cy)nD0XYW9i3@EpSNbB9Db%j6#QR4a}R0PwCYeR&ZiD z{e(=R33R#rr2g}oppA>Co*+xh;x{w59Nlb`y+RDsK=QnrCR+Imvho}~=Iyb2Jp4V_ zc|*yq%!6^z_T!VY)-D(7y*f{?{5CM;3^SPetsLs&lEbGSYyFFc>`u~P1#!@;Lt}&f z&Vzrq9IRCf>(V1bm6W@o@nufW*h{XoGz>Nc>D6p5Joij})z>-AHl>89pk;5XPF|kw zXR!SED|!1=&l#+IOTVe};3mDTsBqrhKSeb)$Gy%ORJ$974_(WsUE-#8CAG8np8;pq z*KE_=Y-%m5yzHXX%I`&Cx)>f^tn8Houa2wF^NO+AY5O$$?;m)#yJuZL@-TbSahMix z`O84a`rtpZW61o`Rfr^ve4GeUa&0xYtJS&lb;gt+B(n1c@w=KipCveZdp8ruSk9|2cQ a1&7bA$xYqcS`VLkOnS&=Mt1(ZMgIi=t{jR0 From f80e801516eac97d95c797143b96eb19bc9918fa Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 28 Jun 2025 22:34:23 +0200 Subject: [PATCH 23/37] fix: activation du monitoring jitsi --- hosts/vm/jitsi/jitsi.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/vm/jitsi/jitsi.nix b/hosts/vm/jitsi/jitsi.nix index 71f46a1..a2e63e1 100644 --- a/hosts/vm/jitsi/jitsi.nix +++ b/hosts/vm/jitsi/jitsi.nix @@ -13,6 +13,8 @@ services.jitsi-videobridge = { enable = true; openFirewall = true; + # pour le monitoring + colibriRestApi = true; }; services.prometheus.exporters.jitsi = { From 436158439189724299c47d0bd4cdf37c62c04e2c Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 28 Jun 2025 23:09:32 +0200 Subject: [PATCH 24/37] =?UTF-8?q?suppression=20-vvv=20pour=20r=C3=A9duire?= =?UTF-8?q?=20la=20taille=20des=20artifacts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5fc7339..21dcae4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,4 +8,4 @@ nix-flake-check: timeout: 1h stage: test script: - - nix flake check --no-build -vvv + - nix flake check --no-build From f301be82878cc64cc931d75f308fe37a26e7ede2 Mon Sep 17 00:00:00 2001 From: lzebulon Date: Sun, 30 Mar 2025 15:37:55 +0200 Subject: [PATCH 25/37] Add mail_badpass --- modules/crans/users.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/crans/users.nix b/modules/crans/users.nix index 68e27e4..c229bf4 100644 --- a/modules/crans/users.nix +++ b/modules/crans/users.nix @@ -56,6 +56,10 @@ in security.sudo = { enable = true; extraConfig = '' + # envoyer un email apres un fail de l'authentification + Defaults mail_badpass + + # custom prompt Defaults passprompt_override Defaults passprompt="[sudo] mot de passe pour %p sur %h: " ''; From 0bfacad632a1ae6251ed6413da754b691d505534 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 13 Jul 2025 13:24:38 +0200 Subject: [PATCH 26/37] authorise les crawlers des moteurs de recherche --- hosts/vm/reverseproxy/reverseproxy.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index c3315cc..9b0fa01 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -66,6 +66,10 @@ let - 46.105.102.188/32 - 2001:41d0:2:d5bc::/128 + # on authorise les indexers des moteurs de recherche, liste dispo ici : + # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml + - import: (data)/crawlers/_allow-good.yaml + - name: no-user-agent-string action: DENY expression: userAgent == "" From eca3c260b7e338c25a0b59495b571123fa79094c Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 13 Jul 2025 14:06:39 +0200 Subject: [PATCH 27/37] meilleur filtres avec list predefinie par anubis --- hosts/vm/reverseproxy/reverseproxy.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index 9b0fa01..d1a0806 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -66,13 +66,26 @@ let - 46.105.102.188/32 - 2001:41d0:2:d5bc::/128 + # les bots qui font souvent de la merde + # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml + - import: (data)/bots/_deny-pathological.yaml + # on authorise les indexers des moteurs de recherche, liste dispo ici : # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml - import: (data)/crawlers/_allow-good.yaml - - name: no-user-agent-string - action: DENY - expression: userAgent == "" + # authorise l'accès à favicon, robots.txt, well-known + # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml + - import: (data)/common/keep-internet-working.yaml + + # refuse si userAgent = "" + # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml + - import: (data)/common/rfc-violations.yaml + + + # Bloque les AI aggressivement (bots/agent, training et user search par IA) + # https://github.com/TecharoHQ/anubis/blob/main/data/meta/ai-block-aggressive.yaml + - import: (data)/meta/ai-block-aggressive.yaml - name: ban-gpt user_agent_regex: ".*gpt.*" From 2d6c26b00fc9c92b381496f9bddd6ba0b6385d4a Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 13 Jul 2025 14:28:41 +0200 Subject: [PATCH 28/37] update flake.lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 9c68f69..f7f526a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -50,11 +50,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -86,11 +86,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747953325, - "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=", + "lastModified": 1752162966, + "narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d1f923c480dadce40f5231feb472e81b0bab48", + "rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1747912973, - "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { From 998c6c590e1e1822f186f00f633582cacfe661d3 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 13 Jul 2025 14:28:41 +0200 Subject: [PATCH 29/37] update flake.lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 9c68f69..f7f526a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -50,11 +50,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -86,11 +86,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747953325, - "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=", + "lastModified": 1752162966, + "narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d1f923c480dadce40f5231feb472e81b0bab48", + "rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1747912973, - "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { From 0297fbc4725ce11e1856446e97d50c7a4a489901 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 2 Aug 2025 16:49:19 +0200 Subject: [PATCH 30/37] add collabora to reverseproxy --- hosts/vm/reverseproxy/reverseproxy.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index d1a0806..40ee67f 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -153,6 +153,9 @@ in { reverseProxy = { enable = true; virtualHosts = { + "collabora" = { + target = "172.16.10.149"; + }; "eclat" = { anubisConfig = "${anubisMirror}"; httpOnly = true; From 4d021eedff42063d65b4dad0b70212d97c5d746e Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 2 Aug 2025 18:21:07 +0200 Subject: [PATCH 31/37] add proxyWebsockets option --- hosts/vm/reverseproxy/reverseproxy.nix | 1 + modules/services/reverseproxy.nix | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index 40ee67f..e24eaa5 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -155,6 +155,7 @@ in { virtualHosts = { "collabora" = { target = "172.16.10.149"; + proxyWebsockets = true; }; "eclat" = { anubisConfig = "${anubisMirror}"; diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix index 177093c..15328c6 100644 --- a/modules/services/reverseproxy.nix +++ b/modules/services/reverseproxy.nix @@ -75,6 +75,15 @@ in ''; example = "true"; }; + + proxyWebSockets = mkOption { + type = types.bool; + default = false; + description = '' + Activer les websockets + ''; + example = "true"; + }; }; } ); @@ -135,6 +144,7 @@ in locations = mkIf ((substring 0 1 vhostConfig.target) != "/") { "/favicon.ico".root = "/var/www/logo/"; "/".proxyPass = "http://${vhostConfig.target}"; + "/".proxyWebsockets = vhostConfig.proxyWebsockets; }; root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target; listen = [ @@ -157,6 +167,7 @@ in "${vhostName}.crans.eu" ] ++ map (value: value.name + "." + value.domaine) aliases; globalRedirect = "${vhostName}.crans.org"; + locations."/".proxyWebsockets = vhostConfig.proxyWebsockets; } ) cfg.virtualHosts; anubisConfig = mapAttrs' ( @@ -165,6 +176,7 @@ in forceSSL = !vhostConfig.httpOnly; rejectSSL = vhostConfig.httpOnly; locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; + locations."/".proxyWebsockets = vhostConfig.proxyWebsockets; serverName = "${vhostName}.crans.org"; } ) cfg.virtualHosts; From 3fe04b474d9949c522fdf21422ce5cd9bbec450c Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 2 Aug 2025 18:24:08 +0200 Subject: [PATCH 32/37] fix typo --- hosts/vm/reverseproxy/reverseproxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index e24eaa5..83d024f 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -155,7 +155,7 @@ in { virtualHosts = { "collabora" = { target = "172.16.10.149"; - proxyWebsockets = true; + proxyWebSockets = true; }; "eclat" = { anubisConfig = "${anubisMirror}"; From 89f9038adfe61bfd74967a5a8a0a0857bc338295 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 2 Aug 2025 18:26:45 +0200 Subject: [PATCH 33/37] fix typo v2 --- hosts/vm/reverseproxy/reverseproxy.nix | 2 +- modules/services/reverseproxy.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index 83d024f..e24eaa5 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -155,7 +155,7 @@ in { virtualHosts = { "collabora" = { target = "172.16.10.149"; - proxyWebSockets = true; + proxyWebsockets = true; }; "eclat" = { anubisConfig = "${anubisMirror}"; diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix index 15328c6..a225052 100644 --- a/modules/services/reverseproxy.nix +++ b/modules/services/reverseproxy.nix @@ -76,7 +76,7 @@ in example = "true"; }; - proxyWebSockets = mkOption { + proxyWebsockets = mkOption { type = types.bool; default = false; description = '' From eb806aa9fbd6f65dcd7e593234b4f05398cdb698 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 2 Aug 2025 18:35:54 +0200 Subject: [PATCH 34/37] fix double location "/" --- modules/services/reverseproxy.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix index a225052..a67287f 100644 --- a/modules/services/reverseproxy.nix +++ b/modules/services/reverseproxy.nix @@ -143,8 +143,10 @@ in vhostName: vhostConfig: { locations = mkIf ((substring 0 1 vhostConfig.target) != "/") { "/favicon.ico".root = "/var/www/logo/"; - "/".proxyPass = "http://${vhostConfig.target}"; - "/".proxyWebsockets = vhostConfig.proxyWebsockets; + "/" = { + proxyPass = "http://${vhostConfig.target}"; + proxyWebsockets = vhostConfig.proxyWebsockets; + }; }; root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target; listen = [ @@ -167,7 +169,7 @@ in "${vhostName}.crans.eu" ] ++ map (value: value.name + "." + value.domaine) aliases; globalRedirect = "${vhostName}.crans.org"; - locations."/".proxyWebsockets = vhostConfig.proxyWebsockets; + # locations."/".proxyWebsockets = vhostConfig.proxyWebsockets; } ) cfg.virtualHosts; anubisConfig = mapAttrs' ( @@ -175,8 +177,10 @@ in enableACME = !vhostConfig.httpOnly; forceSSL = !vhostConfig.httpOnly; rejectSSL = vhostConfig.httpOnly; - locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; - locations."/".proxyWebsockets = vhostConfig.proxyWebsockets; + locations."/" = { + proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; + proxyWebsockets = vhostConfig.proxyWebsockets; + }; serverName = "${vhostName}.crans.org"; } ) cfg.virtualHosts; From 0a54a27b78bbb24b7137d628a8bd5ab7acc4ec0c Mon Sep 17 00:00:00 2001 From: RatCornu Date: Sun, 3 Aug 2025 15:35:31 +0200 Subject: [PATCH 35/37] Nettoyage de la configuration et du module reverseproxy --- hosts/vm/reverseproxy/reverseproxy.nix | 255 ++++++++++++------------- modules/services/reverseproxy.nix | 164 ++++++++-------- 2 files changed, 203 insertions(+), 216 deletions(-) diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index e24eaa5..f2ca654 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -1,154 +1,141 @@ { pkgs, ... }: let - anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml" - '' - - name: whitelist-crans - action: ALLOW - remote_addresses: - - 185.230.79.0/22 - - 2a0c:700::/32 - - 46.105.102.188/32 - - 2001:41d0:2:d5bc::/128 + formatJSON = pkgs.formats.json { }; + formatYAML = pkgs.formats.yaml { }; - - name: no-user-agent-string - action: DENY - expression: userAgent == "" + anubisBotsMirror = formatYAML.generate "anubis_bots_mirror.yaml" [ + { + name = "whitelist-crans"; + action = "ALLOW"; + remote_addresses = [ + "185.230.79.0/22" + "2a0c:700::/32" + "46.105.102.188/32" + "2001:41d0:2:d5bc::/128" + ]; + } + { + name = "no-user-agent"; + action = "DENY"; + expression = "userAgent == \"\""; + } + { + name = "ban-gpt"; + action = "DENY"; + user_agent_regex = ".*gpt.*"; + } + { + name = "ban-bot"; + action = "DENY"; + user_agent_regex = ".*(b|B)ot.*"; + } + { + name = "ban-WebKit"; + action = "DENY"; + expression = { + all = [ + "userAgent.startsWith(\"Mozilla\")" + "userAgent.startsWith(\"AppleWebKit\")" + "userAgent.startsWith(\"Safari\")" + "userAgent.startsWith(\"Chrome\")" + ]; + }; + } + { + name = "ban-Barkrowler"; + action = "DENY"; + user_agent_regex = ".*Barkrowler.*"; + } + ]; - - name: ban-gpt - user_agent_regex: ".*gpt.*" - action: DENY - - - name: ban-bot - user_agent_regex: ".*(b|B)ot.*" - action: DENY - - - name: ban-WebKit - action: DENY - expression: - all: - - userAgent.startsWith("Mozilla") - - userAgent.matches("AppleWebKit") - - userAgent.matches("Safari") - - userAgent.matches("Chrome") - - - name: ban-Barkrowler - user_agent_regex: ".*Barkrowler.*" - action: DENY - ''; - anubisMirror = pkgs.writeText "anubis_mirror.json" - '' + anubisMirror = formatJSON.generate "anubis_mirror.json" { + bots = [ { - "bots": [ - { - "import": "${anubisBotsMirror}" - }, - { - "name": "allow-repo", - "path_regex": "^...*", - "action": "ALLOW" - }, - { - "name": "deny-other", - "path_regex": ".*", - "action": "ALLOW" - } - ] + import = "${anubisBotsMirror}"; } - ''; - antibot = pkgs.writeText "antibot.yaml" - '' - - name: whitelist-crans - action: ALLOW - remote_addresses: - - 185.230.79.0/22 - - 2a0c:700::/32 - - 46.105.102.188/32 - - 2001:41d0:2:d5bc::/128 + { + name = "allow-repo"; + action = "ALLOW"; + path_regex = "^...*"; + } + { + name = "deny-other"; + path_regex = ".*"; + action = "ALLOW"; + } + ]; + }; - # les bots qui font souvent de la merde + antiBot = formatYAML.generate "antibot.yaml" [ + { + import = "${anubisBotsMirror}"; + } + { + # On refuse les bots qui font souvent de la merde. # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml - - import: (data)/bots/_deny-pathological.yaml - - # on authorise les indexers des moteurs de recherche, liste dispo ici : + import = "(data)/bots/_deny-pathological.yaml"; + } + { + # On autorise les indexers des moteurs de recherche. # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml - - import: (data)/crawlers/_allow-good.yaml - - # authorise l'accès à favicon, robots.txt, well-known + import = "(data)/crawlers/_allow-good.yaml"; + } + { + # On autorise l'accès à favicon, robots.txt, well-known, ... # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml - - import: (data)/common/keep-internet-working.yaml - - # refuse si userAgent = "" + import = "(data)/common/keep-internet-working.yaml"; + } + { + # On refuse si userAgent = "" # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml - - import: (data)/common/rfc-violations.yaml - - - # Bloque les AI aggressivement (bots/agent, training et user search par IA) + import = "(data)/common/rfc-violations.yaml"; + } + { + # On bloque les AI aggressivement (bots/agent, training et user search par IA) # https://github.com/TecharoHQ/anubis/blob/main/data/meta/ai-block-aggressive.yaml - - import: (data)/meta/ai-block-aggressive.yaml + import = "(data)/meta/ai-block-aggressive.yaml"; + } + ]; - - name: ban-gpt - user_agent_regex: ".*gpt.*" - action: DENY - - - name: ban-bot - user_agent_regex: ".*(b|B)ot.*" - action: DENY - - - name: ban-WebKit - action: CHALLENGE - expression: - all: - - userAgent.startsWith("Mozilla") - - userAgent.matches("AppleWebKit") - - userAgent.matches("Safari") - - userAgent.matches("Chrome") - - - name: ban-Barkrowler - user_agent_regex: ".*Barkrowler.*" - action: DENY - ''; - anubisChallenge = pkgs.writeText "anubis_challenge.json" - '' + anubisChallenge = formatJSON.generate "anubis_challenge.json" { + "bots" = [ { - "bots": [ - { - "import": "${antibot}" - }, - { - "name": "challenge-other", - "path_regex": "^*", - "action": "CHALLENGE" - } - ] + import = "${antiBot}"; } - ''; - anubisMirrors = pkgs.writeText "anubis_mirrors.json" - '' { - "bots": [ - { - "import": "${antibot}" - }, - { - "name": "deny-other", - "path_regex": ".*cdimage-.*", - "action": "ALLOW" - }, - { - "name": "allow-repo", - "path_regex": "^...*", - "action": "ALLOW" - }, - { - "name": "deny-other", - "path_regex": ".*", - "action": "CHALLENGE" - } - ] - } - ''; -in { + name = "challenge-other"; + path_regex = "^*"; + action = "CHALLENGE"; + } + ]; + }; + + anubisMirrors = formatJSON.generate "anubis_mirrors.json" { + "bots" = [ + { + import = "${antiBot}"; + } + { + name = "deny-other"; + path_regex = ".*cdimage-.*"; + action = "ALLOW"; + } + { + name = "allow-repo"; + path_regex = "^...*"; + action = "ALLOW"; + } + { + name = "deny-other"; + path_regex = ".*"; + action = "CHALLENGE"; + } + ]; + }; + +in +{ crans = { reverseProxy = { enable = true; diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix index a67287f..fac16cd 100644 --- a/modules/services/reverseproxy.nix +++ b/modules/services/reverseproxy.nix @@ -1,30 +1,36 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let cfg = config.crans.reverseProxy; - allowAll = pkgs.writeText "allow_all.json" - '' + formatJSON = pkgs.formats.json { }; + + allowAll = formatJSON.generate "allow_all.json" { + bots = [ { - "bots": [ - { - "name": "allow_all", - "path_regex": ".*", - "action": "ALLOW" - } - ] + name = "allow_all"; + path_regex = ".*"; + action = "ALLOW"; } - ''; + ]; + }; + + mainTld = "org"; + otherTld = [ + "fr" + "eu" + ]; + inherit (lib) - cartesianProduct literalExpression - mapAttrs - mapAttrs' mkEnableOption mkIf mkOption - nameValuePair - substring types ; in @@ -87,7 +93,9 @@ in }; } ); - default = {}; + + default = { }; + example = literalExpression '' { "framadate" = { @@ -104,76 +112,33 @@ in }; config = { - systemd.services = mapAttrs ( - vhostName: vhostConfig: { - wantedBy = [ "multi-user.target" ]; - } - ) cfg.virtualHosts; + systemd.services = lib.mapAttrs (vhostName: vhostConfig: { + wantedBy = [ "multi-user.target" ]; + }) cfg.virtualHosts; services = mkIf cfg.enable { anubis = { defaultOptions.group = "nginx"; - instances = mapAttrs ( - vhostName: vhostConfig: { - enable = true; - settings = { - BIND = "/run/anubis/anubis-${vhostName}.sock"; - BIND_NETWORK = "unix"; - TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; - COOKIE_DOMAIN = "crans.org"; - REDIRECT_DOMAINS = "${vhostName}.crans.org"; - SOCKET_MODE = "0660"; - POLICY_FNAME = - if (vhostConfig.anubisConfig == "") - then allowAll - else vhostConfig.anubisConfig; - }; - } - ) cfg.virtualHosts; + instances = lib.mapAttrs (vhostName: vhostConfig: { + enable = true; + settings = { + BIND = "/run/anubis/anubis-${vhostName}.sock"; + BIND_NETWORK = "unix"; + TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; + COOKIE_DOMAIN = "crans.org"; + REDIRECT_DOMAINS = "${vhostName}.crans.org"; + SOCKET_MODE = "0660"; + POLICY_FNAME = if (vhostConfig.anubisConfig == "") then "${allowAll}" else vhostConfig.anubisConfig; + }; + }) cfg.virtualHosts; }; nginx = let - domaines = [ - "crans.org" - "crans.fr" - "crans.eu" - ]; - redirectConfig = mapAttrs ( - vhostName: vhostConfig: { - locations = mkIf ((substring 0 1 vhostConfig.target) != "/") { - "/favicon.ico".root = "/var/www/logo/"; - "/" = { - proxyPass = "http://${vhostConfig.target}"; - proxyWebsockets = vhostConfig.proxyWebsockets; - }; - }; - root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target; - listen = [ - { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } - ]; - } - ) cfg.virtualHosts; - aliasConfig = mapAttrs' ( - vhostName: vhostConfig: nameValuePair (vhostName + "-alias") { - enableACME = !vhostConfig.httpOnly; - forceSSL = !vhostConfig.httpOnly; - rejectSSL = vhostConfig.httpOnly; - serverName = "${vhostName}.crans.fr"; - serverAliases = let - aliases = cartesianProduct { - name = vhostConfig.serverAliases; - domaine = domaines; - }; - in [ - "${vhostName}.crans.eu" - ] ++ map (value: value.name + "." + value.domaine) aliases; - globalRedirect = "${vhostName}.crans.org"; - # locations."/".proxyWebsockets = vhostConfig.proxyWebsockets; - } - ) cfg.virtualHosts; - anubisConfig = mapAttrs' ( - vhostName: vhostConfig: nameValuePair (vhostName + "-anubis") { + # Configuration du serveur principal. + mainConfig = lib.mapAttrs' ( + vhostName: vhostConfig: + lib.nameValuePair (vhostName + "-anubis") { enableACME = !vhostConfig.httpOnly; forceSSL = !vhostConfig.httpOnly; rejectSSL = vhostConfig.httpOnly; @@ -181,12 +146,47 @@ in proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; proxyWebsockets = vhostConfig.proxyWebsockets; }; - serverName = "${vhostName}.crans.org"; + serverName = "${vhostName}.crans.${mainTld}"; } ) cfg.virtualHosts; - in { + + # Redirections + redirectConfig = lib.mapAttrs (vhostName: vhostConfig: { + # Redirection vers d'autres machines + locations = mkIf (!lib.strings.hasPrefix "/" vhostConfig.target) { + "/favicon.ico".root = "/var/www/logo/"; + "/" = { + proxyPass = "http://${vhostConfig.target}"; + proxyWebsockets = vhostConfig.proxyWebsockets; + }; + }; + # Redirection vers des fichiers locaux + root = mkIf (lib.strings.hasPrefix "/" vhostConfig.target) vhostConfig.target; + listen = [ + { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } + ]; + }) cfg.virtualHosts; + + # Configuration des alias .fr et .eu + aliasConfig = lib.fold ( + tld: acc: + acc + // lib.mapAttrs' ( + vhostName: vhostConfig: + lib.nameValuePair "${vhostName}-alias-${tld}" rec { + rejectSSL = vhostConfig.httpOnly; + forceSSL = !rejectSSL; + enableACME = !rejectSSL; + serverName = "${vhostName}.crans.${tld}"; + serverAliases = map (name: "${name}.crans.${tld}") vhostConfig.serverAliases; + globalRedirect = "${vhostName}.crans.${mainTld}"; + } + ) cfg.virtualHosts + ) { } otherTld; + in + { enable = true; - virtualHosts = redirectConfig // aliasConfig // anubisConfig; + virtualHosts = redirectConfig // aliasConfig // mainConfig; }; }; }; From 3fb33835755397e007f8fdaf0fc686831c52b995 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 25 Oct 2025 16:31:49 +0200 Subject: [PATCH 36/37] update: flake --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index f7f526a..169a813 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -50,11 +50,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -86,11 +86,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752162966, - "narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=", + "lastModified": 1761173472, + "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a", + "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1752055615, - "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { From 04c6cdbadf95aad30d767cb0b08b7d055d9656fd Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sat, 25 Oct 2025 16:39:58 +0200 Subject: [PATCH 37/37] user-search doesn't exists --- hosts/vm/neo/matrix.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/vm/neo/matrix.nix b/hosts/vm/neo/matrix.nix index 5345f8e..8b1c86f 100644 --- a/hosts/vm/neo/matrix.nix +++ b/hosts/vm/neo/matrix.nix @@ -127,7 +127,6 @@ "postgres" "systemd" "url-preview" - "user-search" ]; };