diff --git a/devshells/default.nix b/devshells/default.nix index af1eb17..5e9e7da 100644 --- a/devshells/default.nix +++ b/devshells/default.nix @@ -8,6 +8,7 @@ pkgs.mkShell { age-plugin-yubikey nil nixpkgs-fmt + pwgen ssh-to-age ]; } diff --git a/flake.lock b/flake.lock index 9c68f69..6d0a2ed 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -50,11 +50,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -86,27 +86,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747953325, - "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=", + "lastModified": 1765838191, + "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d1f923c480dadce40f5231feb472e81b0bab48", + "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1747912973, - "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", + "lastModified": 1766000401, + "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", + "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e9bfe83..20aae44 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Configuration NixOS du Crans"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; flake-parts.url = "github:hercules-ci/flake-parts"; # Formatter @@ -65,6 +65,11 @@ modules = [ ./hosts/vm/neo ] ++ baseModules; }; + nextcloud = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/nextcloud ] ++ baseModules; + }; + periodique = nixosSystem { specialArgs = inputs; modules = [ ./hosts/vm/periodique ] ++ baseModules; diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix index 81e5c14..4e67e57 100644 --- a/hosts/vm/apprentix/default.nix +++ b/hosts/vm/apprentix/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = "50"; + id = 150; srvNat.enable = true; }; diff --git a/hosts/vm/jitsi/default.nix b/hosts/vm/jitsi/default.nix index f04f286..518a948 100644 --- a/hosts/vm/jitsi/default.nix +++ b/hosts/vm/jitsi/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = "63"; + id = 163; srv = { enable = true; ipv4 = "185.230.79.15"; diff --git a/hosts/vm/jitsi/jitsi.nix b/hosts/vm/jitsi/jitsi.nix index a2e63e1..e6f4fea 100644 --- a/hosts/vm/jitsi/jitsi.nix +++ b/hosts/vm/jitsi/jitsi.nix @@ -23,6 +23,6 @@ }; nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" + "jitsi-meet-1.0.8792" ]; } diff --git a/hosts/vm/livre/default.nix b/hosts/vm/livre/default.nix index 042d63c..9b669a9 100644 --- a/hosts/vm/livre/default.nix +++ b/hosts/vm/livre/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = "40"; + id = 140; srvNat.enable = true; }; diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index f845f57..f2f99ae 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -16,7 +16,7 @@ enable = true; networking = { - id = "41"; + id = 141; srv = { enable = true; ipv4 = "185.230.79.5"; diff --git a/hosts/vm/neo/matrix.nix b/hosts/vm/neo/matrix.nix index 5345f8e..8b1c86f 100644 --- a/hosts/vm/neo/matrix.nix +++ b/hosts/vm/neo/matrix.nix @@ -127,7 +127,6 @@ "postgres" "systemd" "url-preview" - "user-search" ]; }; diff --git a/hosts/vm/nextcloud/default.nix b/hosts/vm/nextcloud/default.nix new file mode 100644 index 0000000..99c1ae6 --- /dev/null +++ b/hosts/vm/nextcloud/default.nix @@ -0,0 +1,52 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./nextcloud.nix + ]; + + networking.hostName = "nextcloud"; + boot.loader.grub.devices = [ "/dev/sda" ]; + + crans = { + enable = true; + networking = { + id = 146; + srvNat = { + enable = true; + interface = "ens20"; + }; + san = { + enable = true; + interface = "ens19"; + }; + }; + + homeAdh.enable = true; + + resticClient.enable = false; + }; + + services.autofs = { + enable = true; + + autoMaster = '' + /home-nextcloud /etc/auto.master.d/home-nextcloud.sh -t60 + ''; + }; + + programs.fuse.userAllowOther = true; + systemd.services.autofs = { + path = with pkgs; [ + bash + bindfs + gawk + logger + openldap + ]; + }; + environment.systemPackages = with pkgs; [ bindfs ]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/vm/nextcloud/hardware-configuration.nix b/hosts/vm/nextcloud/hardware-configuration.nix new file mode 100644 index 0000000..7b9a662 --- /dev/null +++ b/hosts/vm/nextcloud/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/342946cf-cf7c-411e-9e8f-876ac18aa443"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + # networking.interfaces.ens20.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vm/nextcloud/nextcloud.nix b/hosts/vm/nextcloud/nextcloud.nix new file mode 100644 index 0000000..890d8dc --- /dev/null +++ b/hosts/vm/nextcloud/nextcloud.nix @@ -0,0 +1,51 @@ +{ pkgs, config, ... }: + +{ + age.secrets = { + nextcloud_db_pass = { + file = ../../../secrets/nextcloud/nextcloud_db_pass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + nextcloud_admin_pass = { + file = ../../../secrets/nextcloud/nextcloud_admin_pass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + + configureRedis = true; + hostName = "nextcloud.crans.org"; + https = false; + + maxUploadSize = "4G"; + + config = { + dbtype = "pgsql"; + dbhost = "tealc.adm.crans.org"; + dbuser = "nextcloud"; + dbpassFile = config.age.secrets.nextcloud_db_pass.path; + adminpassFile = config.age.secrets.nextcloud_admin_pass.path; + }; + + phpOptions = { + "opcache.interned_strings_buffer" = "32"; + "opcache.memory_consumption" = "512"; + }; + + settings = { + trusted_proxies = [ + # hodaur + "172.16.10.145" + ]; + }; + + + appstoreEnable = true; + extraAppsEnable = true; + }; +} diff --git a/hosts/vm/periodique/default.nix b/hosts/vm/periodique/default.nix index e59b98a..d66df0b 100644 --- a/hosts/vm/periodique/default.nix +++ b/hosts/vm/periodique/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = "18"; + id = 118; srvNat.enable = true; }; diff --git a/hosts/vm/periodique/element.nix b/hosts/vm/periodique/element.nix index 518da13..b3c43c3 100644 --- a/hosts/vm/periodique/element.nix +++ b/hosts/vm/periodique/element.nix @@ -20,6 +20,11 @@ feature_group_calls = true; feature_element_call_video_rooms = true; }; + + # https://github.com/element-hq/element-web/blob/develop/docs/jitsi.md + "jitsi" = { + "preferred_domain" = "jitsi.crans.org"; + }; }; }; }; diff --git a/hosts/vm/redite/default.nix b/hosts/vm/redite/default.nix index f4cf49f..45dea89 100644 --- a/hosts/vm/redite/default.nix +++ b/hosts/vm/redite/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = "39"; + id = 139; srvNat.enable = true; }; diff --git a/hosts/vm/reverseproxy/default.nix b/hosts/vm/reverseproxy/default.nix index cc37e51..4c56498 100644 --- a/hosts/vm/reverseproxy/default.nix +++ b/hosts/vm/reverseproxy/default.nix @@ -17,7 +17,7 @@ enable = true; networking = { - id = "51"; + id = 151; srvNat.enable = true; srv = { enable = true; diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index c3315cc..2d80b89 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -1,141 +1,167 @@ { pkgs, ... }: let - anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml" - '' - - name: whitelist-crans - action: ALLOW - remote_addresses: - - 185.230.79.0/22 - - 2a0c:700::/32 - - 46.105.102.188/32 - - 2001:41d0:2:d5bc::/128 + formatJSON = pkgs.formats.json { }; + formatYAML = pkgs.formats.yaml { }; - - name: no-user-agent-string - action: DENY - expression: userAgent == "" + anubisBotsMirror = formatYAML.generate "anubis_bots_mirror.yaml" [ + { + name = "whitelist-crans"; + action = "ALLOW"; + remote_addresses = [ + "185.230.79.0/22" + "2a0c:700::/32" + "46.105.102.188/32" + "2001:41d0:2:d5bc::/128" + ]; + } + { + name = "no-user-agent"; + action = "DENY"; + expression = "userAgent == \"\""; + } + { + name = "ban-gpt"; + action = "DENY"; + user_agent_regex = ".*gpt.*"; + } + { + name = "ban-bot"; + action = "DENY"; + user_agent_regex = ".*(b|B)ot.*"; + } + { + name = "ban-WebKit"; + action = "DENY"; + expression = { + all = [ + "userAgent.startsWith(\"Mozilla\")" + "userAgent.startsWith(\"AppleWebKit\")" + "userAgent.startsWith(\"Safari\")" + "userAgent.startsWith(\"Chrome\")" + ]; + }; + } + { + name = "ban-Barkrowler"; + action = "DENY"; + user_agent_regex = ".*Barkrowler.*"; + } + ]; - - name: ban-gpt - user_agent_regex: ".*gpt.*" - action: DENY - - - name: ban-bot - user_agent_regex: ".*(b|B)ot.*" - action: DENY - - - name: ban-WebKit - action: DENY - expression: - all: - - userAgent.startsWith("Mozilla") - - userAgent.matches("AppleWebKit") - - userAgent.matches("Safari") - - userAgent.matches("Chrome") - - - name: ban-Barkrowler - user_agent_regex: ".*Barkrowler.*" - action: DENY - ''; - anubisMirror = pkgs.writeText "anubis_mirror.json" - '' + anubisMirror = formatJSON.generate "anubis_mirror.json" { + bots = [ { - "bots": [ - { - "import": "${anubisBotsMirror}" - }, - { - "name": "allow-repo", - "path_regex": "^...*", - "action": "ALLOW" - }, - { - "name": "deny-other", - "path_regex": ".*", - "action": "ALLOW" - } - ] + import = "${anubisBotsMirror}"; } - ''; - antibot = pkgs.writeText "antibot.yaml" - '' - - name: whitelist-crans - action: ALLOW - remote_addresses: - - 185.230.79.0/22 - - 2a0c:700::/32 - - 46.105.102.188/32 - - 2001:41d0:2:d5bc::/128 - - - name: no-user-agent-string - action: DENY - expression: userAgent == "" - - - name: ban-gpt - user_agent_regex: ".*gpt.*" - action: DENY - - - name: ban-bot - user_agent_regex: ".*(b|B)ot.*" - action: DENY - - - name: ban-WebKit - action: CHALLENGE - expression: - all: - - userAgent.startsWith("Mozilla") - - userAgent.matches("AppleWebKit") - - userAgent.matches("Safari") - - userAgent.matches("Chrome") - - - name: ban-Barkrowler - user_agent_regex: ".*Barkrowler.*" - action: DENY - ''; - anubisChallenge = pkgs.writeText "anubis_challenge.json" - '' { - "bots": [ - { - "import": "${antibot}" - }, - { - "name": "challenge-other", - "path_regex": "^*", - "action": "CHALLENGE" - } - ] + name = "allow-repo"; + action = "ALLOW"; + path_regex = "^...*"; } - ''; - anubisMirrors = pkgs.writeText "anubis_mirrors.json" - '' { - "bots": [ - { - "import": "${antibot}" - }, - { - "name": "deny-other", - "path_regex": ".*cdimage-.*", - "action": "ALLOW" - }, - { - "name": "allow-repo", - "path_regex": "^...*", - "action": "ALLOW" - }, - { - "name": "deny-other", - "path_regex": ".*", - "action": "CHALLENGE" - } - ] - } - ''; -in { + name = "deny-other"; + path_regex = ".*"; + action = "ALLOW"; + } + ]; + }; + + antiBot = formatYAML.generate "antibot.yaml" [ + { + import = "${anubisBotsMirror}"; + } + { + # On refuse les bots qui font souvent de la merde. + # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml + import = "(data)/bots/_deny-pathological.yaml"; + } + { + # On autorise les indexers des moteurs de recherche. + # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml + import = "(data)/crawlers/_allow-good.yaml"; + } + { + # On autorise l'accès à favicon, robots.txt, well-known, ... + # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml + import = "(data)/common/keep-internet-working.yaml"; + } + { + # On refuse si userAgent = "" + # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml + import = "(data)/common/rfc-violations.yaml"; + } + { + # On bloque les AI aggressivement (bots/agent, training et user search par IA) + # https://github.com/TecharoHQ/anubis/blob/main/data/meta/ai-block-aggressive.yaml + import = "(data)/meta/ai-block-aggressive.yaml"; + } + ]; + + anubisChallenge = formatJSON.generate "anubis_challenge.json" { + "bots" = [ + { + import = "${antiBot}"; + } + { + name = "challenge-other"; + path_regex = "^*"; + action = "CHALLENGE"; + } + ]; + }; + + anubisPerso = formatJSON.generate "anubis_perso.json" { + "bots" = [ + { + name = "allow-public"; + path_regex = "^/[a-zA-Z0-9_-]*/public/.*"; + action = "ALLOW"; + } + { + import = "${antiBot}"; + } + { + name = "challenge-other"; + path_regex = "^*"; + action = "CHALLENGE"; + } + ]; + }; + + anubisMirrors = formatJSON.generate "anubis_mirrors.json" { + "bots" = [ + { + import = "${antiBot}"; + } + { + name = "deny-other"; + path_regex = ".*cdimage-.*"; + action = "ALLOW"; + } + { + name = "allow-repo"; + path_regex = "^...*"; + action = "ALLOW"; + } + { + name = "deny-other"; + path_regex = ".*"; + action = "CHALLENGE"; + } + ]; + }; + +in +{ crans = { reverseProxy = { enable = true; virtualHosts = { + "collabora" = { + target = "172.16.10.149"; + proxyWebsockets = true; + }; "eclat" = { anubisConfig = "${anubisMirror}"; httpOnly = true; @@ -175,7 +201,7 @@ in { target = "172.16.10.104"; }; "perso" = { - anubisConfig = "${anubisChallenge}"; + anubisConfig = "${anubisPerso}"; target = "172.16.10.31"; serverAliases = [ "clubs" diff --git a/hosts/vm/two/default.nix b/hosts/vm/two/default.nix index b280e43..a87ebcd 100644 --- a/hosts/vm/two/default.nix +++ b/hosts/vm/two/default.nix @@ -12,7 +12,7 @@ enable = true; networking = { - id = "35"; + id = 135; srvNat = { enable = true; interface = "ens19"; diff --git a/hosts/vm/vaultwarden/default.nix b/hosts/vm/vaultwarden/default.nix index 26cfe43..523b73d 100644 --- a/hosts/vm/vaultwarden/default.nix +++ b/hosts/vm/vaultwarden/default.nix @@ -13,7 +13,7 @@ enable = true; networking = { - id = "59"; + id = 159; srvNat.enable = true; }; diff --git a/hosts/vm/vaultwarden/vaultwarden.nix b/hosts/vm/vaultwarden/vaultwarden.nix index a8bf1fa..ba47a0e 100644 --- a/hosts/vm/vaultwarden/vaultwarden.nix +++ b/hosts/vm/vaultwarden/vaultwarden.nix @@ -15,6 +15,7 @@ config = { ROCKET_PORT = 8222; SENDMAIL_COMMAND = "${config.security.wrapperDir}/sendmail"; + SIGNUPS_DOMAINS_WHITELIST = "crans.org,ens-paris-saclay.fr"; }; }; diff --git a/modules/crans/home.nix b/modules/crans/home.nix index e95fbed..e2e4bab 100644 --- a/modules/crans/home.nix +++ b/modules/crans/home.nix @@ -1,25 +1,38 @@ { lib, config, ... }: let - cfg = config.crans.homeNounou; + cfg = config.crans; inherit (lib) mkEnableOption mkIf; in { - options.crans.homeNounou = { - enable = mkEnableOption "Monter /home_nounou."; + options.crans = { + homeNounou = { + enable = mkEnableOption "Monter /home_nounou."; + }; + homeAdh = { + enable = mkEnableOption "Monter /home-adh"; + }; }; - config = mkIf cfg.enable { - fileSystems.home_nounou = { - mountPoint = "/home_nounou"; - device = "172.16.10.1:/pool/home"; - fsType = "nfs"; - options = [ - "rw" - "nosuid" - ]; + config = { + fileSystems = { + home_nounou = mkIf cfg.homeNounou.enable { + mountPoint = "/home_nounou"; + device = "172.16.10.1:/pool/home"; + fsType = "nfs"; + options = [ + "rw" + "nosuid" + ]; + }; + + home_adh = mkIf cfg.homeAdh.enable { + mountPoint = "/home-adh"; + device = "172.16.4.2:/pool/home"; + fsType = "nfs"; + }; }; }; } diff --git a/modules/crans/networking.nix b/modules/crans/networking.nix index 42b43fa..60ac51e 100644 --- a/modules/crans/networking.nix +++ b/modules/crans/networking.nix @@ -9,16 +9,21 @@ let mkOption types ; -in + idString = toString cfg.id; + hostId = lib.mod cfg.id 100; + hostIdString = lib.fixedWidthString 2 "0" (toString hostId); + isVm = cfg.id >= 100; + isVmString = toString isVm; +in { options.crans.networking = { enable = mkEnableOption "Configuration réseaux commune à toutes les machines du Crans."; id = mkOption { - type = types.str; - example = "35"; - description = "Le numéro de la VM dans Proxmox (sans le `1` devant)."; + type = types.int; + example = 135; + description = "Le numéro de la VM dans Proxmox."; }; adm = { @@ -97,14 +102,14 @@ in adm = { ipv4.addresses = [ { - address = "172.16.10.1${cfg.id}"; + address = "172.16.10.${idString}"; prefixLength = 24; } ]; ipv6.addresses = [ { - address = "fd00::10:0:ff:fe01:${cfg.id}10"; + address = "fd00::10:0:ff:fe0${isVmString}:${hostIdString}10"; prefixLength = 64; } ]; @@ -130,7 +135,7 @@ in ipv6 = { addresses = [ { - address = "2a0c:700:2::ff:fe01:${cfg.id}02"; + address = "2a0c:700:2::ff:fe0${isVmString}:${hostIdString}02"; prefixLength = 64; } ]; @@ -149,7 +154,7 @@ in ipv4 = { addresses = [ { - address = "172.16.3.1${cfg.id}"; + address = "172.16.3.${idString}"; prefixLength = 24; } ]; @@ -165,7 +170,7 @@ in ipv6 = { addresses = [ { - address = "2a0c:700:3::ff:fe01:${cfg.id}03"; + address = "2a0c:700:3::ff:fe0${isVmString}:${hostIdString}03"; prefixLength = 64; } ]; @@ -183,14 +188,14 @@ in san = { ipv4.addresses = [ { - address = "172.16.4.1${cfg.id}"; + address = "172.16.4.${idString}"; prefixLength = 24; } ]; ipv6.addresses = [ { - address = "fd00::4:0:ff:fe01:${cfg.id}04"; + address = "fd00::4:0:ff:fe0${isVmString}:${hostIdString}04"; prefixLength = 64; } ]; diff --git a/modules/crans/users.nix b/modules/crans/users.nix index 68e27e4..c229bf4 100644 --- a/modules/crans/users.nix +++ b/modules/crans/users.nix @@ -56,6 +56,10 @@ in security.sudo = { enable = true; extraConfig = '' + # envoyer un email apres un fail de l'authentification + Defaults mail_badpass + + # custom prompt Defaults passprompt_override Defaults passprompt="[sudo] mot de passe pour %p sur %h: " ''; diff --git a/modules/services/restic.nix b/modules/services/restic.nix index 5e6c8dd..e3b1e7d 100644 --- a/modules/services/restic.nix +++ b/modules/services/restic.nix @@ -35,7 +35,7 @@ in enable = true; dataDir = cfg.dataDir; - listenAddress = "localhost:${toString cfg.port}"; + listenAddress = "127.0.0.1:${toString cfg.port}"; privateRepos = true; }; }; diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix index 177093c..8db3db1 100644 --- a/modules/services/reverseproxy.nix +++ b/modules/services/reverseproxy.nix @@ -1,30 +1,36 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let cfg = config.crans.reverseProxy; - allowAll = pkgs.writeText "allow_all.json" - '' + formatJSON = pkgs.formats.json { }; + + allowAll = formatJSON.generate "allow_all.json" { + bots = [ { - "bots": [ - { - "name": "allow_all", - "path_regex": ".*", - "action": "ALLOW" - } - ] + name = "allow_all"; + path_regex = ".*"; + action = "ALLOW"; } - ''; + ]; + }; + + mainTld = "org"; + otherTld = [ + "fr" + "eu" + ]; + inherit (lib) - cartesianProduct literalExpression - mapAttrs - mapAttrs' mkEnableOption mkIf mkOption - nameValuePair - substring types ; in @@ -75,10 +81,21 @@ in ''; example = "true"; }; + + proxyWebsockets = mkOption { + type = types.bool; + default = false; + description = '' + Activer les websockets + ''; + example = "true"; + }; }; } ); - default = {}; + + default = { }; + example = literalExpression '' { "framadate" = { @@ -95,82 +112,82 @@ in }; config = { - systemd.services = mapAttrs ( - vhostName: vhostConfig: { - wantedBy = [ "multi-user.target" ]; - } - ) cfg.virtualHosts; + systemd.services = lib.mapAttrs (vhostName: vhostConfig: { + wantedBy = [ "multi-user.target" ]; + }) cfg.virtualHosts; services = mkIf cfg.enable { anubis = { defaultOptions.group = "nginx"; - instances = mapAttrs ( - vhostName: vhostConfig: { - enable = true; - settings = { - BIND = "/run/anubis/anubis-${vhostName}.sock"; - BIND_NETWORK = "unix"; - TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; - COOKIE_DOMAIN = "crans.org"; - REDIRECT_DOMAINS = "${vhostName}.crans.org"; - SOCKET_MODE = "0660"; - POLICY_FNAME = - if (vhostConfig.anubisConfig == "") - then allowAll - else vhostConfig.anubisConfig; - }; - } - ) cfg.virtualHosts; + instances = lib.mapAttrs (vhostName: vhostConfig: { + enable = true; + settings = { + BIND = "/run/anubis/anubis-${vhostName}/socket.sock"; + BIND_NETWORK = "unix"; + METRICS_BIND = "/run/anubis/anubis-${vhostName}/anubis-${vhostName}-metrics.sock"; + TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; + COOKIE_DOMAIN = "crans.org"; + REDIRECT_DOMAINS = "${vhostName}.crans.org"; + SOCKET_MODE = "0660"; + POLICY_FNAME = if (vhostConfig.anubisConfig == "") then "${allowAll}" else vhostConfig.anubisConfig; + }; + }) cfg.virtualHosts; }; nginx = let - domaines = [ - "crans.org" - "crans.fr" - "crans.eu" - ]; - redirectConfig = mapAttrs ( - vhostName: vhostConfig: { - locations = mkIf ((substring 0 1 vhostConfig.target) != "/") { - "/favicon.ico".root = "/var/www/logo/"; - "/".proxyPass = "http://${vhostConfig.target}"; + # Configuration du serveur principal. + mainConfig = lib.mapAttrs' ( + vhostName: vhostConfig: + lib.nameValuePair (vhostName + "-anubis") { + enableACME = !vhostConfig.httpOnly; + forceSSL = !vhostConfig.httpOnly; + rejectSSL = vhostConfig.httpOnly; + locations."/" = { + proxyPass = "http://unix:/run/anubis/anubis-${vhostName}/socket.sock"; + proxyWebsockets = vhostConfig.proxyWebsockets; }; - root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target; - listen = [ - { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } - ]; + serverName = "${vhostName}.crans.${mainTld}"; } ) cfg.virtualHosts; - aliasConfig = mapAttrs' ( - vhostName: vhostConfig: nameValuePair (vhostName + "-alias") { - enableACME = !vhostConfig.httpOnly; - forceSSL = !vhostConfig.httpOnly; - rejectSSL = vhostConfig.httpOnly; - serverName = "${vhostName}.crans.fr"; - serverAliases = let - aliases = cartesianProduct { - name = vhostConfig.serverAliases; - domaine = domaines; - }; - in [ - "${vhostName}.crans.eu" - ] ++ map (value: value.name + "." + value.domaine) aliases; - globalRedirect = "${vhostName}.crans.org"; - } - ) cfg.virtualHosts; - anubisConfig = mapAttrs' ( - vhostName: vhostConfig: nameValuePair (vhostName + "-anubis") { - enableACME = !vhostConfig.httpOnly; - forceSSL = !vhostConfig.httpOnly; - rejectSSL = vhostConfig.httpOnly; - locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock"; - serverName = "${vhostName}.crans.org"; - } - ) cfg.virtualHosts; - in { + + # Redirections + redirectConfig = lib.mapAttrs (vhostName: vhostConfig: { + # Redirection vers d'autres machines + locations = mkIf (!lib.strings.hasPrefix "/" vhostConfig.target) { + "/favicon.ico".root = "/var/www/logo/"; + "/" = { + proxyPass = "http://${vhostConfig.target}"; + proxyWebsockets = vhostConfig.proxyWebsockets; + }; + }; + # Redirection vers des fichiers locaux + root = mkIf (lib.strings.hasPrefix "/" vhostConfig.target) vhostConfig.target; + listen = [ + { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } + ]; + }) cfg.virtualHosts; + + # Configuration des alias .fr et .eu + aliasConfig = lib.fold ( + tld: acc: + acc + // lib.mapAttrs' ( + vhostName: vhostConfig: + lib.nameValuePair "${vhostName}-alias-${tld}" rec { + rejectSSL = vhostConfig.httpOnly; + forceSSL = !rejectSSL; + enableACME = !rejectSSL; + serverName = "${vhostName}.crans.${tld}"; + serverAliases = map (name: "${name}.crans.${tld}") vhostConfig.serverAliases; + globalRedirect = "${vhostName}.crans.${mainTld}"; + } + ) cfg.virtualHosts + ) { } otherTld; + in + { enable = true; - virtualHosts = redirectConfig // aliasConfig // anubisConfig; + virtualHosts = redirectConfig // aliasConfig // mainConfig; }; }; }; diff --git a/secrets.nix b/secrets.nix index 26e99f6..e14d74e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -11,24 +11,29 @@ let # Nounous aeltheos_0 = "age1yubikey1qvn7t9hplvnr2w8nsfezfqudz8gq3v8sq99dkdpzmm4a74rng5qgz4v6wzt"; aeltheos_1 = "age1yubikey1qwmt8heph3jg9sfva3yygphfw0nqed9hs8ndjsfw8yp86kwllearq9fylz2"; - korenstin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh26Ejn/syhvReixauY8i85+XD8P9RRJrPQGEyAQ07l klin@nixos"; + gabo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINzsvqxwl91qPJJX2l7g3MZwO7NHqOtMfJhXWb8S1AnV gabo@gAbolEno"; + hachino = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ+Km78tkWXnmRTeg2F5kHgTGYS+JYM3SfAoTqvaisBRLpYHOtG889FvRjczVJn7A2q4aLGuejzjJ9V3wyF+aJjdzANPnVMUCGQXSnbHC4pMfL8fD67J+8gJil/QwGgpKpYlU0u81tgcjszYMv/ub8d9HnqLeYFkTvy2678vrsA2GoB/pO6iWOA4cubI0R0BYOP1zRnsgBM7L3swag/7lQ0L+6g+M8IcU2fr2Fp/L0gQ33e6H59fyuDaEp2GyQM66r0N+dMqjAyvB7tZlM2S28wji+DW46p4SJxNiqE8mzAjzWxV4rQDXfg+89LvzDN6iOKOtYAP9otWj14X4MOlQaKws4gicGjdUX9MiiChEjl3LET5i/zQqAMylMvm8qKTJ6PqIOootuUi6rv5d1IqLoaHXcU++h8HtYJU8o4MfGYBe4mFT4SRvJaX6C+UTdi6JKEJBmmBVwJIUCRCfXeqitc15Xb3xDgoOf0VsWiIaFnduYRDWfPKBCDl1raafxYO0= guillaume@guillaume-ThinkPad"; lyes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHW62pK9A6E8pEwmSnTp6oKXac+bbOJ4VkPvNLa11No8 lyessaadi@crans.org"; lzebulon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRSBsRgd/ITK2An7q1VXoeDPbcydR3FkQjHoO+1tAAO lzebulon@archframe"; pigeonmoelleux_0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHa+ptSTNG4mnGUEGSkHTNDzyUGeiMnaWS2nDvJwrYTp ratcornu@skryre"; pigeonmoelleux_1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA41j5jdFj18OSHONx4QN9mMT+oBmtdwb1vstNavGOnz ratcornu@vrrtkin"; + pyjacpp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoxFQlg2CEX04m5J09GvtNtozKjIGx5iaa6Yqn+zg5S antoninl@antoninl-loRdi"; + rdb = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILavl0XzmtTswvEkr12zoRBlzGqh5k5BuvJpj6v3SDe2 rdb@rdb-arch"; nounous = [ aeltheos_0 aeltheos_1 - korenstin + gabo + hachino lyes lzebulon pigeonmoelleux_0 pigeonmoelleux_1 + pyjacpp + rdb ]; # Machines - hosts = { apprentix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCJV6jqQWEYuwi+OJ9r/4TbBN/cK9NvYWNiJhpFzcc7 root@apprentix"; cephiroth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsBGkhiu6l3jeo15cQHMu3dPyL025zXPV2ZH02EDYEt root@nixos"; @@ -36,6 +41,7 @@ let livre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVfKNokHG6ig32hhQxTep+fKFmKahlDClPrX/dP4/gb root@livre"; mediakiwi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiCZU+gdUt2jOxR0niVFsNzw0LIleYvwNhMFIANR5YE root@mediakiwi"; neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGfSvxqC2PJYRrxJaivVDujwlwCZ6AwH8hOSA9ktZ1V root@neo"; + nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgSP9UmuJw8Bi2ML07WHsWvxN8akkc9XZxXyOgdjXkq root@nextcloud"; periodique = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTdfSIL3AWIv0mjRDam6E/qsjoqwJ8QSm1Cb0xqs1s1 root@periodique"; redite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwfVmR3NjZf6qkDlTSiyo39Up5nSNUVW7jYDWXrY8Xr root@redite"; reverseproxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOx/lUQE6naP3EBy81sr93X8ktZmivU09ACx6T43Odhb root@reverseproxy"; diff --git a/secrets/acme/env.age b/secrets/acme/env.age index b49051c..e56eea9 100644 --- a/secrets/acme/env.age +++ b/secrets/acme/env.age @@ -1,24 +1,41 @@ age-encryption.org/v1 --> ssh-ed25519 iTd7eA j8WUzCHfLuYYKXWBajia+AIbSAa4v+ByJv2q4F+JCTQ -PB31xc4pHiXahJKTjoHrHoCt8NrR++s2XQTIm0rQEg0 --> ssh-ed25519 /Gpyew RjB+RTyjyI1t13vDj0t6PirtR5J1L0mzghwLDgQB9gs -eDytU4XPUCh2k8qMrfoT3vBrwtMKXRJ7mSTe4Ae2yro --> ssh-ed25519 GCcVXA gH/JOox1mNDXsEv9wBiMjoa63soO8fpJaz7qdrkIVFA -7RG5RItUL2hDWXM8THpxNLCoPCY3YjtNRAUzWTgMwBw --> piv-p256 ewCc3w AiHOetGz9AorS2Is1h8kAFUZhcMzq56x6Lc2atfk0/A1 -xWa+t9GOWsGbcHBuKatBMwMFmTdqe9tqVjhqIi2tZZA --> piv-p256 6CL/Pw A2cCL2t40V3cmmgcq1k6ZGW04HZUSvOOIrwxLBniE9T/ -DbM9UNqyYXOx+RVBA2jyK2daXZmLkW3xTPOy7qT5OBw --> ssh-ed25519 I2EdxQ 5+gdvK/p2fhq47N0WAkEN9j1xUkPxKTE4IgDnqXyAFI -1MmTbUk84K5DstFU1YMRHXEsqKZs0AIAQk+XfIVXtZ8 --> ssh-ed25519 J/iReg HLgAIvrjfHbtsHihQeKJNxf0C9gPI06Mw6J0uqWWhCU -+WHKslX0x1jH/76otg1x5WcBq90RD53J/J3nIUchjLo --> ssh-ed25519 GNhSGw CofcXa1BFngRWsJ3J4PAkVwBVBv4zp3DjlIFznpPOFM -Yrv1DuZMVNGdsEvbvuKyYW/amhLX+WuSS0uS3Y2/B1o --> ssh-ed25519 eXMAtA F/2eH//Exlq4oZCl66R+Xww7vSoaVWntzuTWtjUBi10 -CJT9i9+rou6HLVGSaGbXjwefGK5xDjK1nqIV4QV3uZo --> ssh-ed25519 5hXocQ VUfxCb/VEq9pXZnDcKP67/BM0BlF/NLMR09+hjBrxGY -EfLl+M8RXqS8B/aaI1+r8D8z22E6LLhVdR+xrAkFSfw ---- Ah6/7fGQD9JAMk8soC4HF+kEgGs/Wtaws0PoIT61jQU -KMk\rvPS;PpIgtfki^OU)>n]i6K -AM>?Ow@$'wI?yÉI>XjȍE+Ne6LԁlAqԞz N5eL}^m}[$d`ceA6.R6:;LIdQ]nL+\e+Um͠8L¡SK !΄Sϗ-h \ No newline at end of file +-> ssh-ed25519 iTd7eA 8v03WT8TJZfSdBJWN1B0ZZDQmbl2tGyacfQAY2nlvnU +Z7JwUvszfHdAuXIpiPcztGhYK3qh+rz8GYeiClblGEA +-> ssh-ed25519 /Gpyew EoyNqvwRz45POaKl/6LhAfDkw3TsfbCFB4GTGEQ8FSk +pK9oU4IirqanPK9JGboQo2UptXxMjfnwi+CV5jNcJKE +-> ssh-ed25519 GCcVXA Ze6Q3d5258jBrIt9BfkjPMHSOX6wKMl7fm4E1Z/bWA0 +UBKrtiPMr0FljL+ejurErLWO6vqBTQZPCeK8U5zgII8 +-> piv-p256 ewCc3w AvhKsYcsbfIz2miJR5UaIj0faTm6JYZpYTwr2kAHew7i +/9Anf7OIlKg/6UONR0H4SScIOl5ce6wx8dCdkHf7P1Y +-> piv-p256 6CL/Pw A7OTrpV6Erns7r3uEu6LQrsizZuWehNNb52R2zZAaD+8 +sZePgJpkp2e7I5+OR++K/gikun9diLTgUG0OYk2SIkc +-> ssh-ed25519 eOAUSg V4kyvt4hAPHCysUWJFdpTAWq1g9h/KK37p4j3iLhcHg ++uHvapsbOmddGfVARtbJfVPwxHAVg4QHOootOhCnzHI +-> ssh-rsa REaZBA +lnvBjjfhF30YYN5suj2Sapn9pI9UEGFa8Ovwh2UR3J14ZXG5/G4Ldp5S03C7rZ8b +uR5Hfkf1piWoBaLVET549sbLhqHeJZ7WE2XRaDI1Rxrmr8tn7Duh2q518dJaJnJW +qDieY3sdsCDJ0lTsWYtHvUeOhIGTSxEhmFEdINJ1L5mha4axE3jCLCLxD8SsE8hR +jISCxfpQzMf3c7+/V9hsdYO2PysE//6jTOBSTTq/97h0NU8corQ+ZO1XWetCVZdl +qzNwKFjiJ1T7MQ74Q0Yak3mRjk/d+IW1wFm9xNAn///YMoNGg+hI83bgggu4Uakz +DB8BgXRUga2Y97tw/FtdJTGCWhUPOUpztMhPGqn9LGVL3Mvak4HAylL0y7XcuPCB +AgS/I+olF+ejfVIUbHSq2Bi4eD52gJ+P8Lnhh/Sf9BqCBjMHG2BUv5KuOzoLXt6h +iIyLRxCx0GXBK20VMwakEllvaQ57UmAgUWDt49b3lHlRYhjrf3JbZ0RGfN+PnrLc + +-> ssh-ed25519 J/iReg Inr6JHn7x/eb5D7j8KNoYBztJWxpPCNikRwEwoy7gGw +qNtuxJtM5XkPpXG3iB6FfOS29WbsgRp2Tjck1og5uPc +-> ssh-ed25519 GNhSGw gJaGQZZ7Ht1sjeKYnJGTy9n1v0d7zbmJ3dnrb8Fmiik +hjUdHIGi9HpcqR6yC2D1pgtUjqe0JfsuavTE/KpnjBk +-> ssh-ed25519 eXMAtA mXc629GhhOkXc5UetxuISSv5wyUCVYHRQUwNc3jE60o +Ipr8vMfKm9EeyC7EQJloekN+jeZWvjqQSyoq8nh9IxI +-> ssh-ed25519 5hXocQ znkNyVO5b5lls826VcxCqAcbUFpQDAa+mIr1F/PxdQA +Vz/N0I5AJYv3Kto8d26z8y+fRfynCnbLec3wEXCbO8g +-> ssh-ed25519 bRHVVA J1HgussxKID+a+ugedX49n14+o7UotY4l2Uhrr7TcnA +PZmUf0FiljPE/l8+2/SSYpJuLKyhbhax6Y9PP3g3KKg +-> ssh-ed25519 HgW9eA 42Ojejuj2zrKj0Wy6xxvMepsInWI22WHKkxHI/VoZhE +xJzDrJP12yic60ek3p+NTSjBaoEQ8EFyXDkaDzt36Kg +--- NgLSI/qHRpH08rMu1szahbSDfXfWmcq9FmqaOYHym/A +60la%>׭GX +겢g Hd3yp}!m5pR(XSٛbui&6m8"j-D1DP7ѝH*)#V5 A-#Xb U<}՗ +(̙/lOH`yS +(ĎMuy;?bڨm(Y,G +x \ No newline at end of file diff --git a/secrets/apprentix/root.age b/secrets/apprentix/root.age index c6541ca..ac2bc4d 100644 Binary files a/secrets/apprentix/root.age and b/secrets/apprentix/root.age differ diff --git a/secrets/common/root.age b/secrets/common/root.age index 0280032..2e9ba21 100644 --- a/secrets/common/root.age +++ b/secrets/common/root.age @@ -1,39 +1,53 @@ age-encryption.org/v1 --> ssh-ed25519 2k5NOg /QDpcGLUswG5B/VgK4LK4TA+eOuwznsW1Am+hvNHagA -JTFogIDwh4sEiMvTaH82wSJhy2s18WM1Upb8e/ry4Oc --> ssh-ed25519 iTd7eA FvyK9mjTJG4szXjK7vrKE2is8AKB6bLLAZ6aU3R0UkU -TCz+hgORz0RHlpNNLbg21JBMrnObwJiIv0mNJLyvIVg --> ssh-ed25519 h5sWQA p6pmwQKE9AabnIJwK7EU8XY+cQlIGQhLfuYnRBEwYHc -LzR2A9+QX3Z2cArfzPzHBqVHjG7rZ/9ltNexpdETf1I --> ssh-ed25519 vZ8Vgw 9Ce/JMUd7yYLHg+F+uLmYdGaMlBnF3ld1cOjpID0kmI -rH8+EHV1QgWt+h9cIynwcPVGh773IeDeZd0n065d+RY --> ssh-ed25519 /Gpyew j1Ex/u/KijHBDWKAHBVCBn8Ok1LD/86eRLpj/HTn9WA -0+m28W6v1mkwwVhIjUY6dfbV+cQVYkUAuSJ/iRBmdho --> ssh-ed25519 FtI9pg kVnavpknVmp+fEsNZIum95gOd1H0xD6iailLvq572Ag -XRJtTQ31hnBfCszFTllIkRlJx5ueEhUuh+9Iu+npRsQ --> ssh-ed25519 hTlmJA vNEda7NLx6uCwawvG+q27zanZesW6YEfj2IWXQIeZRc -anEmC5fxBv1ZWLOwa2zZGmR7lQSoDNTDYhuTmLtTprU --> ssh-ed25519 GCcVXA EUnNiwe8I9t9UK329sH24VoxsE7WAEZ1IUM/veux6hU -VxyYUUHMoFrix2JH4DJXlDg7PBfxNfevk7cNhsSnRrg --> ssh-ed25519 LAIH1A NkZXyPzTX2U8PYZVf3g3XjfjRPpKjVr9FngU9m47EH4 -RsgRPseog69lzWVlF3pfwWQOcbLlfaRTxQ4aqiuHiCw --> ssh-ed25519 qeMkwQ hGhCQe85f1pi2j1HQDtch8npmwVLuYI02yCEcebLbTU -wGO0XUz4WdiVVsWAAwluJYfj/LNlRAlp/dNpCBQ1t1Q --> ssh-ed25519 TqxOLw AyneWoxUjnyhQ8iwEl+S/mrftNRwXJNYKAAPZ5LGpw8 -oyNC96VE9BdXKaQZEoJrzl4VVVuKFiimu0sf4LZLfqg --> piv-p256 ewCc3w A5Wv+xoc5Ygf820u7+Wo5A86sGequUy2vZEj4D2dXxeu -JmwhtlzJjed6FEvaxgrGOYXnxlS15Dc8wmPNiX9Bhh4 --> piv-p256 6CL/Pw Ap8y+fXFbHNcXcY78uA216V9FaX54AwcC67HBlBOdTwM -YESUdJ9S1jLfJAFOajzO5kb2djgEIh1FUY8ss5Sq0gI --> ssh-ed25519 I2EdxQ W2KxcrDn+kFJ0XcaqFwZeCDFzQxiTkBerTHP4UR6WHA -l97139ayTSmJ82bE4VMENRP8G//dRh7/bT7n0V2eBHg --> ssh-ed25519 J/iReg x7SEySFqydZiYqa0woj8U1Muiq43q5GvqjjIoJzBk34 -6gneQWFkj7wsn/oU9Qb4AABsBqSFgvbpNCKy+jki/1k --> ssh-ed25519 GNhSGw Loi1i2EE4soo7JIt0C5YAFlnXexB5DK1sJj5cGjtuV4 -qv+fgbNYaOJSrJYwy5qEkXYsA/TrK1l6Rt/hI06bpOw --> ssh-ed25519 eXMAtA HdujaNPBqwW6OLR4Cf0cHPZTBAxyj3v/cVU8PefLcGc -t8gcVXDRuu+9NvmP97h2V1LJeuMjZXG73zguMSUl/W8 --> ssh-ed25519 5hXocQ ih+FM0WB3Jxf1AVPPurl0oi/xFxpZXMc92bkuOFBNEY -3buzyNxyiRASsESZvxWFmOD0pAuzsBbltU+6iPNjV1c ---- Ts6Z6554UxYnw09pwL1xtm9AV74LWZiEOZXWK9NVFOo -҆"{obfШ} ssh-ed25519 2k5NOg cuPt+uBw0KC1D/d1SynOzSnBMqpUdXtTCCvUCc3GHyw +d9uLiQGBveeu3jtSXWmW2RXWDKTumtUsEkH58UoJbl8 +-> ssh-ed25519 iTd7eA PgtowEuC42/MMd+E9QdZLDHCK8VWNSsDcfSFxXwMDQI +QwrBXMSnPby3EbFM2IcJCqbFgDSe8ODGkVrYBIUn31Y +-> ssh-ed25519 h5sWQA LEigwGDlQ5fuJ/jCje2zIjdHuIb6i5KgSa0gOw/R5Ao +iv238o4yzRBpunQph19ikBU2IeCsY1sgEuxa+5ldPqo +-> ssh-ed25519 /Gpyew HmXj+2oucvBw/y6CD82Jx/e2cQjTF3idmi/pduKKBC8 +hbs9SFa/R9GW9foUp6Y7ivv2USf0ZJ5S9hrmknUwfQE +-> ssh-ed25519 APVFfA jBBnRXSoXcZ7Q0hALBSjidyJY9Oz5BFfcLMzW/gB1TQ +9wpkX8PoqdN8hkwj4p6dZ+rhsF/Xey7sS8Mzyjdv+E8 +-> ssh-ed25519 FtI9pg hsDyjct5mLWIvfL9apROruVVAzWpF+ro+9puQ6hhAUs +fNoxd5jXk+1Hizt9wAMc3IoHwNvcO+CEXFrN7jb7siE +-> ssh-ed25519 hTlmJA Y7Ogq3ZCbcOSMiVrYboeI6NQT7hUg+YbdcvdbF/ltR4 +BwdkO+aWUeuZTGe7JF4JQZ6aomHb/tOaUYagdY1jhOk +-> ssh-ed25519 GCcVXA avxCShkm7JPnAwCiOnEuoQxSyiXyi4TBihc0MH0SNQ0 +mUYhE8nbG5bS/9Iz3hvzFP7hN13WNYHIIen7/CZdY2w +-> ssh-ed25519 LAIH1A IpPB1uC/fU/BiyDW9+tkzdlvVyMqe8IyrJcdMTxKEjs +YwoCJw4hFURJD0RR2p+u60StdDhtVtzNFE300zuXBQY +-> ssh-ed25519 qeMkwQ 9qB1+EeAOyqBWEVJ6skyyIulmgSAqMW6DPWgqTf4xhI +I0pbWx/jy6UqffTdEg0jHdZcyoI00vuWL2Mw/1qVH2A +-> ssh-ed25519 TqxOLw c0kYaZE9YDQ9r2xm1PnG7VWFGdAZsNIT19z5xR152mM +sO3jCM1xn8KkBUrrWlWliAaICuI7aI0ayJPvyRLoEPk +-> piv-p256 ewCc3w AuGOOLPzyZZo4ZTknStBjE9e4IXQh1D2swppddcBzL9p +KX064aLg71f/s8VCib1SBlzAM8YsuxJVd0ssTP9MDKA +-> piv-p256 6CL/Pw Ax5XAdGd2ZJn9Nq9IL4HTtT3cd/zoP9XAe95B6gXR/H+ +D2TfFT1/+sdA2H71FYV03T0KmOLpL5uH40Ybjjsbg4o +-> ssh-ed25519 eOAUSg zN+WSxLmu7KlxHsnfbfwx6udJ3/1JuDt+ceA+qBLh0E +/NyQva08se7tLPm/3P0RO3V9heihzT3vUV8f5G92Mrw +-> ssh-rsa REaZBA +dxBSJTI9t+d7fCbaDqZUfTQf+UMOGHf1LcBbloBjy7h6aRIsPqOie0OUXBue22HQ +DPKPgmj/Y7UG+hps39rxnFcBsDB38QfKorF9XGgrOXd2702xYo62aVrbZSSBp/x4 +TnT4ZVZdhHUNpHRG6atGKR19ZaeAmVfjmY5YzdlZud5da15XLkbd3EfagOvV9L7j +VEKyjQnX4X8Ms/lqti9f21VfZC+fKijdb2pw13/SQjtPnnxJwuTGW3zI8fp5rPs0 +bgN64XSXtAr92V1VL4iUFS3a35szPlyUllXhyaCjZsVzqouYV3Ejlnh4vBjcr/s6 +m5HdwzOhNw12mXL7FNmaiOnj+wEsfmSdQXAn9vDqqXZlYWbv+5DQp6i1xC+VfZhr +9LBgARpjwavK5Zrf/y87nbGVL70GYQ31edyNiXg3U6Z0dhvjrFftNDgKaWj/IKZy +8owVMYyUWYy+BhXDA4IdMEUkNkJZ9GNq+CJxx6whKZrG+4VzWQPZcVqxLa6hHIIA + +-> ssh-ed25519 J/iReg wewTliwPVL8EnCZKXWvBiuMYXqYa/0g9VaR306rp1hA +yRm94S/og2+G6oR3/lvYMoeFQS2117RCBsfU7s8TVZM +-> ssh-ed25519 GNhSGw PnoZV3YT/leCBqpQtlj2qfjbJLej+iQ07PrumMHPnRk +KnU++UBv8kfkqWi+stXuF5koM6UhTsdamRINNFvsSSk +-> ssh-ed25519 eXMAtA B5iuFPUwgvkyqSEJ0PxwUSmvgybnoR6r7HwToACxPRA +mQPHeJwRpN6JgIXx921NOHvLaARgaDR7Cr7AiLM99Yc +-> ssh-ed25519 5hXocQ Mz+MNsX/g2P07lQGQ3oz460O/YN1/YcvET8d1aXyPTI +1G9j5Te7mrmBg9yU+rUwbNaERKumiSioWgtaFfPh4I4 +-> ssh-ed25519 bRHVVA 2gUdvJBKiq0qLC1xf/OOhRnFx3Tf6RqTIGN4NBwcuQo +tJdP9xiP78hKcx86ljzwGwYUxRnkFWEUME8WYbo721o +-> ssh-ed25519 HgW9eA kaoBU/zipKfNXlSU23oIyZg6gpidLDI4haZqeYtdRi8 +2rCRHU1mvSNgvisLjCZrbQo4v2UfnTQtpeXKT9IUTds +--- ABZF4OvHnoYT9tFBA5hT+g7R12W1rD1e1PEJtEc/1b0 +R!(e( Ⱦ 2'x- \2M1 9?ຂ,aY \ No newline at end of file diff --git a/secrets/neo/appservice_irc_db_env.age b/secrets/neo/appservice_irc_db_env.age index c214c67..c333d98 100644 --- a/secrets/neo/appservice_irc_db_env.age +++ b/secrets/neo/appservice_irc_db_env.age @@ -1,21 +1,33 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew C+rKVFXo6MWUZBEEc4AdFF3Db807EGbvzHJP0tGRLRY -jnEN8TqZ8y5QxWbuaqvG+WpnVpAVHDm7Dozs4sGzOYY --> piv-p256 ewCc3w A1U/YvdQECyfj4GCgQUByfC+4jIhZc/bkWjLWLw+T6LO -G7n3+xA62X5qlQ7KPH+//dDxn8si1gzV9tI75TFCPs4 --> piv-p256 6CL/Pw A7l2SbFsaViVK56naWclm8aANxEcPkWTANbuMCWvX3I2 -NJhPqBCshDinyunqVexBUnhZgSU09ocVqACWYFFbf5g --> ssh-ed25519 I2EdxQ HMZeIjU0RIgYoqsrK0yQ//+kefKc3kGELb3o/eJ4zCc -M9d5zHlD/XvNspW+YA8b2Pep9L4aJDXXGRqLB8tAiI8 --> ssh-ed25519 J/iReg ZRBZU3zbfUAEm9w11rpQHFrqtlFT7wsv86Zls0R6bXc -zs/G9jGLrG5IE7G0DEuAgWTycEPiiRyu1o43svBQ3ZA --> ssh-ed25519 GNhSGw 2JM3DCT6fblp+pLt5XVpmkZqAh4WWHu1/rcVwsQH728 -7uKO/m8H8qW6kJhMY0SVXpSwmCdBufDd/vHqntjCXs8 --> ssh-ed25519 eXMAtA juIBoxU98Nl5JnNcBNNXlttpi7+kq2Kc9SBwytevgwI -JVsjwZt0MoSoaCPojSaY+JCzxsSdvnUliXHF9m/bs3c --> ssh-ed25519 5hXocQ ZugAZW3AQWRZIKAxp013n4cO7wP6u4ZEEeFWSuWMvzA -Sf0V+eOJXKjiFMhddgU9P8U8iMtFtLw7s2yN8pw1EFM ---- kiL5m46S11eb5jgXmrVE2gK8G3UDZPdiy7P2HXAyUSM -'{}LSkYWE(1_[/bvPV58rnq-_ -˺T՚mIB3,m -GzZl5 4T|lS\al%m ѕpT f9F:<_vt>t}n?Y \ No newline at end of file +-> ssh-ed25519 /Gpyew 4muAtR5qF8ibz3FWTG329/6MD0PMm2Yg80jHxkuIuVw +rEdn26xACsIJL2sRwc0lkSz6tg5vUYlG5ZMiZXc7k3o +-> piv-p256 ewCc3w AwLlheHvggtW4T8k8ji2z6a6HOEHbeP76cZKwYhoBnq0 +TfgPrj6fG6p9aWyn280ykyg0Yyz3I7e4yIaUinPMxQQ +-> piv-p256 6CL/Pw Az12CKqIrR3rdln2+z7XjESUK0cPBm74vSgclqu6W0u8 +yEsMkDERYFDHBHjEvKo1UsfhUPqI2j5IndKWROh8gAw +-> ssh-ed25519 eOAUSg YsSKMueFV38SWZZ7z4aq5njKz9b84KNnsnod8JrJNWk +3wIkCZ9NUGwYqFm6J5DulxPgBxcWTooYyGD7Q/ACh8s +-> ssh-rsa REaZBA +kEZl8ANzu7z2MKN0HRbarOXzKpJrxa/4eT9eRx/YJKlt3An0rWy2qfVDsHABMTU7 +VbA2fl4wZ8Lcc0mCSU3utLBMgBLdOfjGFw7hwAPoq3h72h67TadWp4sK+S5bc5QA +UT+3fhP9ztpTh/c5tdF9bMc4z2bjJLiU283zUqiPjbmrCjjKmgOfkPymQH4yUytw +Rx6az7uWuu/e5GA/wn2mRq84LN5Tffs0Fgkina6Bc5dfsMJS3ObtO07DVfp6vy6Q +GNwlMVWSqn4CVFJw7g+oVW/pabssV+eqhEdpyZv5uQn+hN/pamOQ3nuMtKo1m8Rl +XIuUhsbl1jJ7YPhp8O04cPUtE/yD1BEcv+BWpqT1JxhgptGvYakpFDLMfqgy3G00 +DFSYdPXaZEbfR1CdoBrX7CK5NZgPSvVQ+fqJvuTYfI6qUEPlrUIsKb/Mly/DA1OD +ofm41WS9hbofHxdQvYKHTNbPSN7vdA3wx9mDmwv1Jinmt26MyJgc7bLa4HLxoygf + +-> ssh-ed25519 J/iReg rQtUxKo3iJuhKPrITQxqbWQp8hay++g/iSnvpA9xMlo +8HPA2TbRt9zxAzxpOw2zXIH6zzTp8VfhOqrzVZBix0o +-> ssh-ed25519 GNhSGw TMtQgplF4p1yN53c1SmkaW8bfN6zKAvCsDb0MSUpJkI +ZXAWqpsKD/rsYzJ5HqaQFUT6V/TMfQ55cg0K8x+p198 +-> ssh-ed25519 eXMAtA x8G9n6JasTSekUTAkhmzkTZJEC3t4Y6QCw+OJp5MHGs +efFppWOJZj4nFv1+pSr2E/xhm47U0hcsJqFqHuaAWk0 +-> ssh-ed25519 5hXocQ BFWdwB0KDqwx+5egZrrhdti7eAhWMy/O8hRG/s3umng +wTBLhJ58P8Q9AqA9oTqB1+ehs2Ob0zsRcD7zcmFjXuI +-> ssh-ed25519 bRHVVA WrAYtTh5o51uXuD+eBy2qJSfh2XfrGjx0GFDf7Niw3w +L97wQePKsHxTLUyzo2GADF8EOsYLYO7S3cC5EVDWF/s +-> ssh-ed25519 HgW9eA CnsP6vXQX7P4cPJrQ0yOtSpsoPP3JhEp3hhyYQrOWFo +ldvq7en3VG0gd5JlAZDXV9JGBNldiq4w7Zy/d6PBsPc +--- CEryh3jsI97lzkKfYAIDP7pxy0Z9a31p5J7n8uE5OJU +"jR+ٍvxYtZ=&q=n x]sHx[nx4D>1y\` n] V,{8A ssh-ed25519 /Gpyew dGSuawZ0RvN2N2ihmoc3qY274uEgOs9HvWDUcl9kOhM -pFZJTtOS6RGW95yC+9CExu/VI88rXlG2UGsEWrTDV3U --> piv-p256 ewCc3w A91zP1PGWv5pkh4jfKZ1brb1VR7tZhwVh9Pms5KOZLAx -xC84LGbuTiO/UnC3ZAMI63Gv3XhQbNJ8sjP9DoCwVo8 --> piv-p256 6CL/Pw AoSgTWZwGO7uPKE2+PPuDrovzeXH5xykqpUeFxZeUx8O -ZcrrjDJkXmlm9hBvms0oXPHe292DqN4LM1Ne9GkJzUA --> ssh-ed25519 I2EdxQ byJwWDmWt+m8rEg85g+UQIjewKsrRpCeMYdcS7scvBM -tFOBJfUSSQ/p2jd2YeiUPSJxnRxw4t/rBtB0QPQHSiU --> ssh-ed25519 J/iReg AKIEv7rUeNmMp23OeHO5FMAMjfN+ZyS7RPh/d/tz+Vo -IxVtVApK+K9G2Zn83QSkQSiW813lPR/i631Sk3uBNB4 --> ssh-ed25519 GNhSGw fOuHlzZ+yJcQGgEcY7gpmQDmJK0Vu1HcNgaLZHs9riA -6zG8JsaWPjqYoPb9dHIdnc423vLEjhWlUS5MXpOjh3o --> ssh-ed25519 eXMAtA GNNPHWjuGcvptxVlqXd+0wC3Yze2xGMIYiTKCP0Y20I -lKvkvCbLGxWMr1Ad20bOdgxSFK2Dzz8hYaoqzFmOcI8 --> ssh-ed25519 5hXocQ 2curLeRtRWLh3M4rjBKGpOxeQ49IKOVMYHgM453iLm4 -Rc/IZ48ZsICzrDFE7GMrA2sCCwOpW8l2ITKdHteQ6mQ ---- +2GDVm6ZCtBJxooh5Kbx0BABvO+lpphyU5Iw6o3FuDI -2 JLJk*uѱZx.lJGB'.?ya" \ No newline at end of file +-> ssh-ed25519 /Gpyew yZcdlis/jjjCgfOwzH7fQVcVcT5s5p9RRk/HIhDGIik +SwgYClN63DKDhHEpzLbqM+3p8g03LRvgoNmInTxHhEs +-> piv-p256 ewCc3w A/qh00euL6PP4PmDZ6mno3aHjLOhj9uOVO1vSBqCJRkd +McJ7lniz1B4YOMZAB7L+vmReAfP5S8s5SN3CHq61NNI +-> piv-p256 6CL/Pw A8so94kmhiL+d0k5ccWuGxqP521G/c753g5+Z0DRiEzt +NsxICOht0TGbVdl90JxMd2npILF3ge5fD3pFjeni0ig +-> ssh-ed25519 eOAUSg NI+6HUmWh5v0x/w1iafu4AFgo7NE5zOmG+yChNn/mg0 ++Eef1VJeXcZWtMzXCRwlvxNnZwMhB7kjGpNmSBkME30 +-> ssh-rsa REaZBA +DdvKzbZamvNnde8HSnLxC6hodXeDxf528/+8XRjilZR/0wvad4q1COE2OD8MdnAe +UhWxhBke15z6c05qFUWBVeau4n5jjYlCwcoHgS3a96aoBPd13nybFbfjInY2o7d1 +nSnbG0KgnKAK380+CYMRkg5UtNiRBCIUVVRh+NkYu6RieJzni+8Lc+GnvPEYATZy +e7uz90o99olIxZHBW6qgtqKEm1Lwed3f1WoFZr0w2EH15SJZDPvDKJvxWMPJp4Hg +qqLc3yCMdA/1WfDiDZeyD/nUMOL/9YE+WBEQd+LBokFuPo51/LP6gh1LQXgjbr8u +ln0HIM+hPPpRaq/chi/vHEAmvbOFKqQAe7Jfdxcm00TXlDvgBR6aT0DTw1TIlUEY +Ys2C1i5r/H+t6WR3Dq8VOhbl2yjFx7BZY0O2MscxEH69p8kpo+vLVMc1OZF3g13u +X/t6+H7Tqd4ARTJgq4wdvabcm7xfcgU9vIg+DCKyTFLgRw/EgAX7Czb/4lyI5r/O + +-> ssh-ed25519 J/iReg kuENtYdA0fG7DwCkbwePCKy3OA1WSUXqCSV4gwcB4S0 +AABkZxxkwmTG+ItytXJk0GCKOfAimtF9pULycEvJOTg +-> ssh-ed25519 GNhSGw EIWdGv6b87oB/5Brb9cQpaC3+7ekIM4Dl6zkKYHVPVg +hTrM/dK9+jd1e5FJreDiTqYpbctXRX96SFR9PrFuUtk +-> ssh-ed25519 eXMAtA Y2XxiI4e4+W+QMwTUebsZWSDv2SkiWh8k3x6BM7Rs2Y +QFKKJ27Mo/0LLkUrrH10uK0BXQs+0lxFJzPFw/aCQoM +-> ssh-ed25519 5hXocQ y5nGayVqdmFZ5viwVPJQR4Iju7K587jx3Qlr87pD/Xw ++VhscbazTlepJpAwaHAKrBCu3P3o9dBSGkkI/oKS7k0 +-> ssh-ed25519 bRHVVA l0lSg1JFQegdRom0yiI8wHwVHvf3+yCEa2f0U9A9XDo +A82mNiuzOgbdticuLxASJqelTgjFO8aEv/668p3UBjM +-> ssh-ed25519 HgW9eA 909r8fn039PjprN+GJE9QcNvZ2/oNjK6A9rkVWSJP0Y +3vyAItWxIwvCOAo9L1PfubBLWDtsE66dwLeItg37gL8 +--- Fi5oUoTEKhdp+jjCRBEe8vzM6Fwk6A1V6C7jlXN3gE4 +LY{ݤl/yDYӊ T?P4W3iE-H*Y0@׵ \ No newline at end of file diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age index 5fa5f05..08bb536 100644 Binary files a/secrets/neo/note_oidc_extra_config.age and b/secrets/neo/note_oidc_extra_config.age differ diff --git a/secrets/nextcloud/nextcloud_admin_pass.age b/secrets/nextcloud/nextcloud_admin_pass.age new file mode 100644 index 0000000..3d1d22f --- /dev/null +++ b/secrets/nextcloud/nextcloud_admin_pass.age @@ -0,0 +1,33 @@ +age-encryption.org/v1 +-> ssh-ed25519 APVFfA 8Y4h4CCgf37A45MHrXIpiqqZF3URqadbvaSyfv+j1k4 +sYGF8m491CjtW5osUKPGTU/zETIJCx0bT6WfA/yZfeA +-> piv-p256 ewCc3w AxMBl4dFobbBdzj2/L43ltk1UV4aSE/CaRuS3259G180 +MJX/wUdTRYFGUfwSEp4eXno4Jbsz1io0rvmODFACueE +-> piv-p256 6CL/Pw A1gJEHsgd1ez36YBGXHadGj6mA22gz/crRxjaO6iOjUt +p8p93AM33Q7N11M/qjzPDam0V43RxWqWfKC/3AVjdd4 +-> ssh-ed25519 eOAUSg 2uJ7Dumb/Uw1j5wSliYBh/1cb3F1RU9zvwEtcCl61zI +ETuBWH3BbeU2k53x+g4jTJzFVel/1Dqove00jPcEEmQ +-> ssh-rsa REaZBA +gxEwx0kIQltaHYHZ2DDC++ryL2ziuJ0m/hKvF5THA8NJvNHvj7xnPOZojy2Pgbpu +xXiYKWLFxN6Hl5pywKH8t973UmSdDJSfJr/h7jM8L5DADyvNEbJlOBBBh/1+FMmB +BWu8mUURQxJvuKr078wvEVKPy6yRxrHQ6+OhLMvEomgiudiSbfBtKQSSOafN91BE +jrbnGL2IDois0I5EqwfJ88D50b3WP2V/HFPXemIZCJ/Dq4Aovu0aQtL3r4J/vdg4 +YhLP+swdfmCUhWZctf+a/348aclfcMVwPOlfiNIFjyLCPFHRhG7Ewg1YeFg2EcdK +9l99sV3hBOD8ZqPUsgeK1AxCEMOSfG+GJIz/m9er+yy/ID5hvxZb+T+mnAmdKp0T +OXjL6R+vLtYkz87OQTEjxBxZDkB+vWFDXFlRo9mbnn9JN+dULGLyVGQLBUhKi+EA +YOAEbqQF7pRiwSbO1zBJ4rIbP+uXiSp1d+1hYWdFp0DrlzCSTagaGHbYMGEL2yJ9 + +-> ssh-ed25519 J/iReg YN2z1FgxkhI+ftJLCnYlEQbsw9F/i4LawRGcCr1+m08 +FrQD95+PilJusXuQ/X1GmMmwqbrGFVTQUjdB330k1DQ +-> ssh-ed25519 GNhSGw dLUgqqsKdQsozzcMbPUsAyR+ULIHp8OcS2mqVfnrlgY +tcfr80cJENiKSJcGEa2lP0g9aVjVC379ofP3mQ52UCw +-> ssh-ed25519 eXMAtA q2Lo3VeyJ/vq9DPbcxeEVDDAbtSK9fgTzXLhGh64ySE +oQsdbmuILI9bseFveJV9ZhytSD3WxjgX+hSiYx0lHS0 +-> ssh-ed25519 5hXocQ EVFRzgV52OLh+TZdSX6Ukqrg/xJr/grnh1IpkqC7sCg +nurKpP+BRzlV8SZjnCzAe24awuYdUukHvNm9HQD2LD8 +-> ssh-ed25519 bRHVVA 6vHWSQDOhPTBMZtw9yDRw4Ed2BR9+n6Ba436ZMMU7Uo +qfWT7BmI9SQbeSwM7D7AXWqDeAQ2Bym4/Inzlx3c3Zc +-> ssh-ed25519 HgW9eA QO/hL1KXvUQM+O5Kotbo9NYqass0vWl0YMLkTzKr4ms +G9HPkudm+FDrCijZYXEk+DsHbKqhFgsupOSOqD1nLM0 +--- rs8MdryR2jyyqC/2npE5B3hKyJaZyiW6eaOz5Jyg7CU +)?ըk -lAvSK#GT?t9!?GP \ No newline at end of file diff --git a/secrets/nextcloud/nextcloud_db_pass.age b/secrets/nextcloud/nextcloud_db_pass.age new file mode 100644 index 0000000..32a38b0 --- /dev/null +++ b/secrets/nextcloud/nextcloud_db_pass.age @@ -0,0 +1,33 @@ +age-encryption.org/v1 +-> ssh-ed25519 APVFfA MAQEBIjozxqxVoiXynPn+zpm1NH3btLqzeeYVpt9Azo +grxw4ExhfmfhIppoBNr1fFb2Os1kSmmdTVrG6zLyFpI +-> piv-p256 ewCc3w AqA6O8a3Lfgy64506EQ9me1mTzvNXwxzcreGmQiMCg15 +SUSScnz0xSinLy359I1UdvRhbhYe6MSWw4+5Zb3K0E0 +-> piv-p256 6CL/Pw A9hFta8AvkmdCX/aP/Yll6s1rV0dcWuqUvzBAn/tgM4Y +bUMOZg2siJyIuMo4iguyWvajnbtvMZR5s8C/wm7pT8Q +-> ssh-ed25519 eOAUSg KIcF4co6/MCliTGm8DIJzrTtDcl+iwDSxi28PUgdeRw +Rpk32l3UPgv5tl52DfixMpMB8/kU/tRWMCUtkUdXQNo +-> ssh-rsa REaZBA +U9B5y/VEgTjuesOH9c0FUxrOtc9EXqxgX0HkI4v8ozIf2dmYHSn3D/e6sZyiwOnX +nE7QqdzgX21M5MZ8XxQ2cWM6a74Xoq77/YJXC/wCcPGL8iZlrQNO/UAoqaew0kCk +PAGBdqyNrgxufimX6thLRbY56IaxuIyyE1aH6bUG21RBFh2n4aYHQ+YKWPpaCNoO +RKJYI94w3Qt6uXVrD7TmtvjynkN/j5xqMoT+cE/65aUpIGmnCEqxdIsJz1qnFSO8 +yWOPdk7OmFShUSIav3iV+rcn17cmvyc7boWFAp8r24+O794j6umRy30KROfmkuXp +OFKQWY6KB3Zja/sk+XVeUsABlqQmviA4M/JTJMLUdS7Aa59TyAmwg9o5YUDBfk0T +aVRaFaqC/Dw/JipERb4kN6Bu0tGvHii9cW/u8T3Oz6pXsJ4r0HCtj7hf3aKfvOr4 +NEShklZcXBAk8prbZ9ff3KdNCCyrN1C5PmFG3mTp4nHZrCx0aOvg2ZZ12lR7ifGr + +-> ssh-ed25519 J/iReg oTQWajjCPpWVnuUP83b9mdad6cHdlgmprGg05dSUSwo +RaPRSlXOJyV+0XHQrVZ0lYhTNb/0Xe2dGAAq8y+p/tQ +-> ssh-ed25519 GNhSGw ohv6XFgt5qtrpGQ+GOgVjJvs4wpH0HH+tFcywbaYDhs +twSIt9rqFJz0gSIZogzSq0ryxMKjihXtm+07PN3fMXY +-> ssh-ed25519 eXMAtA dFYPMp8j772z0aqlf9rWXMBTvj5hfaXN2ZsXqpyTy2E +8YspbXyMI3PMKoOsVkJevOScRvabiXYoio+WJVg054w +-> ssh-ed25519 5hXocQ XIe/NnmGMO7LqIfLxuLz8asXXOyAHnKoz+68uVvSaEQ +fnGJ0WYGFeRahMO+qHMAKcUwCWpnFZ0Hfqnd4wAT9iE +-> ssh-ed25519 bRHVVA e2DbBsSVSZpRaBNHR6CUm7QG44DfcNIs2mlv/dc+1Hk +gl1VZpctEqhSTmA3BNip2gPSh+rxfF4aoQMTda3wfzY +-> ssh-ed25519 HgW9eA ctUKbED/qOOcp6O48fSRRJVqdiD4/c02PkHkEX/kLEs +OVnruVJsetx9KXSnD5qXesGkuckJCr7S8BTMWkZNffk +--- CLMpFgw5tBn099tUgOMWfCM7e0JdkitF6Xu2CAVaV9M +GX|X^w%>c5fTJj/hu}[?gd \ No newline at end of file diff --git a/secrets/restic/apprentix/base-password.age b/secrets/restic/apprentix/base-password.age index 5eaaf2a..ca6df92 100644 Binary files a/secrets/restic/apprentix/base-password.age and b/secrets/restic/apprentix/base-password.age differ diff --git a/secrets/restic/apprentix/base-repo.age b/secrets/restic/apprentix/base-repo.age index 8ff2f99..8dbbc7e 100644 --- a/secrets/restic/apprentix/base-repo.age +++ b/secrets/restic/apprentix/base-repo.age @@ -1,20 +1,33 @@ age-encryption.org/v1 --> ssh-ed25519 cZNEGg b505duRCUjy7CzrtgQ/69TrJjlG6zbJbuW0tyQZO+l4 -jGGys+6yoFd3COQaSqVSta/82Y0ueVohoi6IO1dZ48M --> piv-p256 ewCc3w Av/PLEFUUWaPKb29Kxw9BHYEHfNyr+bgrQXhjW7W2ATE -7awUEWXX+YThjPWiPUTQRbNx2IySdLeaPUbbH6U7iKU --> piv-p256 6CL/Pw A5QaKFv5GZJti1UTgX4LVWfHEWbM+jSlZrVK++1aW3Ag -3fLlT0f14jg4Q31Ar5taxqwpK6kDUwyZBNwgnx7N7zI --> ssh-ed25519 I2EdxQ VUG0TCvv1BdYrMYRS70W0w4tyH97TL0E2J8VFcyXXXQ -DVLF5ndD93np5SbcuawHmQRiUJFglVno5nr2DeFnmJ0 --> ssh-ed25519 J/iReg gUeVDoBNUTTxJxZWdwX3zseuzyQUDoDbDsXZhL68TjI -qvRlMRBco+YtggijnRfMu/6WAVfVSZpmy2DMyc7Knxg --> ssh-ed25519 GNhSGw iVmUqoMBfO8Rnod3gDTv+R9gIxcEvAH9Q2bPBsN3sFU -uCz6NYMtBIyTWu6pLZppCESnC+7scVr3augdMHpi67I --> ssh-ed25519 eXMAtA KvTKKRaHmzRX8JqfDNh+NiQ/NWDZkrDolzUw7V6X8Bw -2dWyACxhfz/dRe30dnA1ee6vIn3zqat1wVrQmuiE0MY --> ssh-ed25519 5hXocQ bth9w7W2pI+mzHZHdE085CwxYfQ01hkXqPjdNEyuWxg -rYt52wmImpd53hvad2aykOv8FI0pFuyCWB+00fkeF/0 ---- sYrrk7yB4pUvvfwri3jsseXhQ8+88uMhxv6REVqRV8c - Dz| 7Ye++WqyQn-Z -wyhA712JB6*=Ci3%,ExBZ;}Mp\80?y:X;frj%(M2x܎d*$ \ No newline at end of file +-> ssh-ed25519 cZNEGg OOs7LFtS0nQv9hBo3470MK2ekBcMmJ6z6kEHmYRMlis +6ikMGSwmbh48AjUwYdgQlOCyDTNcAecBz+wQ5kqqBg8 +-> piv-p256 ewCc3w AuApKu1vVXnLRWeJIu1UFDc48t5yaL4DCPWR0IdMDUzL +vFpM8hYUflRzI34o8LdMaqq4xsNVR2EceMscMVPnwcc +-> piv-p256 6CL/Pw A1EUA9hqSqMlZ1mYRGSFlk9uDeyGpkZqMfWhRs7egUyg +i7A5jWXR4xZyQKG1FYoKqukzkrWPkZEirY9IT7wVB98 +-> ssh-ed25519 eOAUSg pbwTwoxW8b9/+3Klz7ouUZfcr22g/j4Fk06AITQjPSM +WzfyJZYBG0allKWsJ253j///q9+HPlXAmnx6QLtVU1k +-> ssh-rsa REaZBA +bSKBvVK+FdddpA8VWi+c1g4EB29Tnt78xWgA5wz5HjqZVPyFn9qn1QGRv6D1WBzL +LeW8ULpHiycJmU/lUHuaKypULv+lchIjS/r26zT1CrGKvlsA43pwCno1Qo4IlJCI +knuCC0859wt19hn4PMbElZ+2HFp5zsHe5xY08t+Wu2Mctt8N8KOvwgCZyCP/OTH/ +l/nmeSi/+VZJg/U/jzGFtHLd6uK9Y7ND5ifcazBYyVWDLOpkbtcpXn7W+eIT7sd3 +LVUooCR6bMY7NK7aK5lI1I8jbHW1XKT+wG+xc0liH68o6x5IUGvtaM+njYRJHkzk +nIOA0CqvbjquWRQeAkIRgmC7QIQjC7KcEIqTGt9vCW1pDdVIqGwntOxQJ4QQcwTR +57LtXm0YIBAJqQ5M0PkAQnsbgeYeNALdpZZC3yHAWZ+vsOE9nrSLmV4KNnyusmJd +kKxVOsgdwlnadn8HsYewGKvK/Ikni30vCyU/T41zRKabyODjQ3clN8SxA2cPSMQX + +-> ssh-ed25519 J/iReg ne7QjqYm5KzbBNYqTGnX9h8UdSl4wsbP9UEbvEfOUHk +FH20UecBHmcqorKpoPV2ER/5bW4P+CmreAHLUtub1io +-> ssh-ed25519 GNhSGw YYpc/dHXxNBZyE0m0jegwvQeOFKv3X4GUK9GbCjBtWo +6UjSLfkEVOefSQe8tsJoQ+BmRGNdARz24Fvy4eJVLyc +-> ssh-ed25519 eXMAtA lsUFyP44qpmqbyAmUo9ZaY12q/0Ys2N+37OiJX6WHCE +IEk3mU64bH8O0MXx4kTORZeYdV1XjSIeMG2Ti446krQ +-> ssh-ed25519 5hXocQ YHWNDqkKYBGm8KqJe3kNV2eqNxW+NYlPTcR6bLq6FzY +td9tGpVszxZEcSMsZT914yU+5CXYKlu7aL8+HeoiWtU +-> ssh-ed25519 bRHVVA Mmt88YYyToQPn+WYuj9J/Zx5iVhD43iwjjkEArUfOlo +jPiHe7B55I6JEuO82V4QVJylSQrJQCvy3WRMguGWg0o +-> ssh-ed25519 HgW9eA NYyXdOZevSgjJ997zXQRGg1EDhYrBlQQTPDh/3R/JVs +jb8ahjqqE5bM90OAyC71BqZuPwtHGrNQ+SISZEiCPTk +--- Sh5WRXScpHFJ7P7/NV/wPink4SQSl0iPyUCNAQc6xYk +ib/Kiӿ€tlF(}dyxqJ1 )y>ʼ]*uܑifSܔ=NHQbЌFcsW{^퀇,|9ZIعyP2 &<> \ No newline at end of file diff --git a/secrets/restic/client_env.age b/secrets/restic/client_env.age index 436380c..c4dcecf 100644 Binary files a/secrets/restic/client_env.age and b/secrets/restic/client_env.age differ diff --git a/secrets/restic/jitsi/base-password.age b/secrets/restic/jitsi/base-password.age index b169294..94875a2 100644 Binary files a/secrets/restic/jitsi/base-password.age and b/secrets/restic/jitsi/base-password.age differ diff --git a/secrets/restic/jitsi/base-repo.age b/secrets/restic/jitsi/base-repo.age index ba6e049..92c6aeb 100644 Binary files a/secrets/restic/jitsi/base-repo.age and b/secrets/restic/jitsi/base-repo.age differ diff --git a/secrets/restic/livre/base-password.age b/secrets/restic/livre/base-password.age index 5ea38bc..dfc9c2e 100644 Binary files a/secrets/restic/livre/base-password.age and b/secrets/restic/livre/base-password.age differ diff --git a/secrets/restic/livre/base-repo.age b/secrets/restic/livre/base-repo.age index 599dc38..d4e39f6 100644 Binary files a/secrets/restic/livre/base-repo.age and b/secrets/restic/livre/base-repo.age differ diff --git a/secrets/restic/neo/base-password.age b/secrets/restic/neo/base-password.age index 8b515c3..3ab85ef 100644 --- a/secrets/restic/neo/base-password.age +++ b/secrets/restic/neo/base-password.age @@ -1,19 +1,35 @@ age-encryption.org/v1 --> ssh-ed25519 /Gpyew SkXe5r17rrq+GBVVQcsS2HHa8V53JhSSVRwo0I80s2k -ByCrnW2ibcdQGV0zmtEKZlFDKoI8u4gTc77w3kFMZss --> piv-p256 ewCc3w A0E0tbh4tSqcU3KBVcFAoQVEc32RWIrYWk5OXMvQwfkf -d2P81IpR3oERun48wQgg9E5jcTA4DeswehepzjzFJws --> piv-p256 6CL/Pw AnGS3ZpZWsqtYvfNUzAddYufB5FdCOI6PrT0VCTF1xlJ -ks3tGbdcJQIfkitDE2s1qO5hsgNzduFI4c61yTJi8k8 --> ssh-ed25519 I2EdxQ syOOIizaXU7HECwvXJtlp7iko1dthGyUVOqGbxPneAs -k5N67qOOU0WNjnjD7qErclQmGOYDTzBFSaNzPrZGrhw --> ssh-ed25519 J/iReg gU59UxyuUV1WOELP+mGUiOnSuqwhOPs6/bJJf3WoACw -W9QPTpHiR6SxX98iQo3XYw7ryNN24UHnTI+oaGdd968 --> ssh-ed25519 GNhSGw nzr3niNttuzu1fgPxj0tUYl/Mun4/arC2u7E0ObgrSg -oScU0Hcv2UMy94KePmAmyp9S60q/Ado5h0ZQwEcX68U --> ssh-ed25519 eXMAtA eEMxYKf+3++SGhnHVnT3scopo9+n0uRSPJLcsMRt/0A -m3nf4g0Biot+GIWcNq/l/N1YlfXVosBnrXvHHZH1g5s --> ssh-ed25519 5hXocQ bpg50d7Um9oKZHZQicvPMH7k/qx0crfkk9sJBeMCMTI -aFeabDzRmyDLxYlQSyjWPKAbmkrRNKcQC3WhUAUGGIE ---- Luhmj6HyNQba+/ldSrSNzC9DBM9mp9QTuTS5iare2u4 -`\/S%L4:|i9adn*{WxBDˇ>+RT1RpgV9gU?FTŶdFd駲굧*U3}l)*'N+f*(Ugo\lF#襤@`e=mgXw[$*7rc~oYA7Xı5e!h-x$Dȴc܊@!;%@6tg xCoNYN}"~kEk8ˮ=lP \ No newline at end of file +-> ssh-ed25519 /Gpyew NDrJVLbqHT8T4ypePg8mUEFAXD2ml7WIVfK8TAPB0yM +qoM/kh+arYT1BvXcujMG1RJNgPq4/InSkNmU1xO6jUE +-> piv-p256 ewCc3w A2RZ189D9ys+oIArcXnO48GWSeAMJw1HXcT20B0UmmNA +4uA7RuEwZwIMeSKpM7+4QGZXNVxQpyeTcrcRJ6+wKnk +-> piv-p256 6CL/Pw AgjgnCetaDrgHtG3BxoMdBhHtr8TAgX5prmY2CO6Hm2s +IlJKMJokSd4+Zp4chR1zArLJu34L9Eqd3AiEqLWHWxY +-> ssh-ed25519 eOAUSg SDWR0gJ6kCvTI52lXOcFzdqYFOnuictswo2w9MzMsxQ +obNBf4kLO4QAMofSKkUWvyUS9NJwS+Szyj81ZnLnoUg +-> ssh-rsa REaZBA +EvNbJlxqfP60m+xZKPbsI+0MyRCjnHbXV3bJ73I5w1heZJOl069qqWhr8Y4xG6ql +ZuvRnobBNX0Fzqt9NqxgLilCoTI/vdFfaz4z2U+OSolb4HXyq51HLAe7UccWC6MI +QLyDrBfcAtVVdBTiLLDlQn1xOKLIhkFkdsnNfs+nv+2O9NmKnVvyaisitc+pe2LB +lWUO+FE3Eovhru10Ns6j5KZH7t0liWARWD5kMj1P8MkkEqi9pgMcrIBi0RMqnJu5 +WVrpunwpZ0uUqsIt4VoM2Q+Ydkjqj6kntx2BhCULdzsTl1/u8lMpbgegPpIwkm1u +hscU815f2N+YnIH+Iq0XJ5njibaFgyAGsyK46EDzpXTrWt7IFVTGGtkzu4WYzpYg +euhXTi9paCrOgW5ujRY7m4Kze6xp+xGscCVpdKo3UN7lO/1llUulcYczffd/3e3d +WWfWcr7EIGPJd84iw/rjL3MeUt1bxZv3H0zJPKnWyMVMacfME5w8NhD09CF2zfXB + +-> ssh-ed25519 J/iReg 2YRqrz3vdsfYJ2M9aiW0XOjisaSqlY3KiZ7aEcaojh0 +VWKaOFnZmR2Sl5qMxFP/jY/EIOKtRd2nOTdYFHFth2c +-> ssh-ed25519 GNhSGw LhFvvFAiARTfvmCt750gBzyG2YLTWcWHT9y/TsvFiCI +M5+CRHvO0ZUDZWkwC3jsotW/q2HN7S4DvXMocpStijQ +-> ssh-ed25519 eXMAtA KciUUQ8ZnZSSVTXzybjRrp5HC8xRF5UyH24yP7JJIAI +OQ5ddoN7PshRC+pa3A1xYdqgCKvNs8zovKj272vkF5E +-> ssh-ed25519 5hXocQ KQ031h+GyfrbooDYF/wTScyRyAohJDZJBq78re63vDo +2f34ikdvztPsRt14TbtXHOwjUAp9o/+IJIRKUuHDOIc +-> ssh-ed25519 bRHVVA 5+ppSR3fmOC73OBqwmb1Af7/Wz+RrKqaxUZKhRZkiEk +1ndbqrYQa3ybGxzvj84fgIN5y/5mzWScpgPmqH0jj8o +-> ssh-ed25519 HgW9eA 9e/LPRGDFM3xer2JE50Kq0AsM1ayQDl9fpIod/eETlE +Rcnt0RHOtzttYR4nAAYtwHiWctTz3uZ2lG0BIF2hqh4 +--- 2MvOzV24K5bRj/CMgW6f35pW4wXs8GrbEroiukm+0nE +zly>.o2N'<o5kU EٓeM T%FnTˈ yzQn Yqt8[{Ӕ6Hsvnh ssh-ed25519 APVFfA dhVYYldUuKV4CkU1URqKjJTYjN8+0kDLkWCl6Fbjxnw +lsAsrcPJ6FUEiuknql50udQ+MxguUPBpG1VtEhp/6/U +-> piv-p256 ewCc3w Ahgj806GejdrnCqC8KyYykz9k2fgHQaUTo4cs2dMg8dV +DfiXUeRe2Z+XpeJuQuT/cZosVbJELCuazn+lverFD7Q +-> piv-p256 6CL/Pw AkmKUuF6xuzd6miCfSeoNnUbror2DdD3PjTYR0hdk7QD +hkl2GYQa02A79xI5TKFSyJg5vHYmeNEdh7Hu02JNeIM +-> ssh-ed25519 eOAUSg IWVGznF6ym2vmCJNrz1lwZYhGZK0ExgZM0hVUuabREU +CnnVjOviLCtN9YRNuG9yEME0tc/SlHWf0Pd91xLFSAs +-> ssh-rsa REaZBA +RFfmDFkjZaWNmTYe9wtzur9LY4UikSC76T+PjSyGOu/eFps1UHmf/YDXYbR2uSf6 +xaVnkvleuPQPySYk+v9dxUU3PyC0DyaALrEdWIA3hvaDrbV6e3KdLFX7PiQvqOxv +w9yjMxOc79EPj5XuuxySm2mzzyVuJ1+ajmg4GQT2DQH1C86ASGoU8ZXUgXFb5oca +Q/emrQxYwT6q2LgJ50fUtcZ8qYuf5MhwFIwucvFRWg8Poz1yiWqk1GmVuXVb0Yer +HoeiV/H3fAOBvDldgMroT5PGJlLhebj70bSR9wFYIc3Jgy7OQt8ZQhPmAxYhpotR +BoXZ31NrZ9LVBKs6q7luMDyOU2byvplDUSSs5LIsT+jgCMdvXEgfBCnbupsbGQUw +Buh/npgrWBrm1mYgX4c8IhiprzSatZhVMmZeKMXsGpU98e2dmmdeNGuN6mluVqMs +hNYuaaSjeQ0M8TMa9/XFCLsqBTnodDJOFTM7GupdoYXfRkAUx5v7BAJASYPaOtLg + +-> ssh-ed25519 J/iReg +Rk2RSzik7zDnt1yE0BumXYB6bGjUfPPt2fd4vQGUzk +OgoQ0uCxmLjO9MFcnVs8AqEW7H+Odd6AFyr5yL37ODM +-> ssh-ed25519 GNhSGw Z+hEjpgpL1w2ZrrfGdekFfBXW/mvm8NP16AhdcVRYFc +9FXhi8Cb5mKwfhTUWNxt+fqIjT5XXB4wYeB5WrIAM4E +-> ssh-ed25519 eXMAtA fcaFAau7FXOTNuqMdbmeLSZMgRAB+hsjRchxEOuT0nc +ya4JC9zrXfSw3XsvAV3mrfbj7BYXQwz1RCokloUb22w +-> ssh-ed25519 5hXocQ TW+NVIXSvcTZFoVFTdpgUdKTeF/gx83KwJC1N81jHCo ++n3/QMNTW3fLa3NDxOJaVi5Jsc1Pc+GVHg3VZzijl4M +-> ssh-ed25519 bRHVVA OOMtsBuGdeBzCtSXTr/QFnZI1lKlggJvPLDQlab5+Sc +GtXjEk/CQpx3tXVoXXiiIDRSXbcqLwEJKSA1IxdL/As +-> ssh-ed25519 HgW9eA tRymk/is62+yG7Uq/IdiVMAXO29EweLxJ6hDKHmfjRc +6vBTqfiTSqWyS4n3NVOlv5QlF1QoCAp8FQV1DVC1jpc +--- yL9V0rPZ32TrFV362q1kQ23XT17RbMPz3pR941xpkaI +w` ӛvܟ${DߵHKRtK|1u>* ,Kw;y^3\١MQ!1WSg|'$Ydr LP}!z hKvyi;bioRßiPafӳp \ No newline at end of file diff --git a/secrets/restic/nextcloud/base-repo.age b/secrets/restic/nextcloud/base-repo.age new file mode 100644 index 0000000..0a08529 --- /dev/null +++ b/secrets/restic/nextcloud/base-repo.age @@ -0,0 +1,33 @@ +age-encryption.org/v1 +-> ssh-ed25519 APVFfA /npWzPx3co5eXMWHqgpoT2sqGBmSzNBsrvWHNb3oLSY +zUPQ85TgjKb7CkePRM8UxaP1E4dF2SWau/R6tvWu0GY +-> piv-p256 ewCc3w Ax/3jMVVVaY5X3ewLMvfRHbIqrjtMM9oJc0d+DazfsL4 +62we6eL/idXUiWU+cV8ig4rSS0/xMv6LliGk9EQQC1c +-> piv-p256 6CL/Pw AmL+Lm3WU1hRg0yrDpGN0faVxC5PIe1hohnoapniXRTW +LtNB1YPOQdfrNGAatzIMwxVwT3eAYpjC2WoOKOm1Mac +-> ssh-ed25519 eOAUSg ju+aWayOfOXhvDnEykKmHBhi1o+ZI8z7T3PllPbdbDc +tkBJT60G9Vkm/3Hrn1fqj9llhbbtu1b7pg2Uc87pAnE +-> ssh-rsa REaZBA +UbITuVuUfygOO2Fc6r1C+afSsb17yaIfgPzqWCaeNPXA4sk5H9iE79kqDS2aCCp2 +AeqDMoiV/VqaH6VxCJ69plY8hNEtYqZwM3iE3l+d04g7Qzu+NDdNNlcnJbH6s6i3 +ntHm1FhtN5T9p2aqpJn76XRJkA9hEmth7xrDzWBJZgg7JdfCJqhfPaAgsOhWmxoF +d3OoOVoRm8ws50a/RZJxIdZfzCzHtMITESMcTDYnvMczcs+8Phqm4GejQ97xaZ/h +zaR84lTO6klnRP/+x71L4O9Tiq/FUQ8TxykZw2v+P/Y14/+Fbl15Na7/BnMG0CaI +MtrWpRgxkWx3mkO62tSPrhUuqI7t5cqdeYy4ts/BrMg/0z+qj8vm1Hg6MBMwHkXb +SJDjgQ9xPIX/AhnIJX+5zYem35rhy+LLmeq8w41j4RgeqeJc1miPrYOCyl1boNID +zWM+P91h1p9s+ymHHM1oNDCAU4aoBFN3C2feBkaJ5iRt+uInRr/rSj55eZnCx8hx + +-> ssh-ed25519 J/iReg ZGdvc9ilorOUO3LDdxmhfRJVcoyA3rpo1hKbvJ6wghM +VZQJiOPjWHDT2/aDwozJCxxVClVALTeobY9kHkYu6I4 +-> ssh-ed25519 GNhSGw 83qxXBsY+IfmHJH1xxl2EcfnnJ4b3yloVS5TIJTpfj4 +TvhU9/r6Or4RNwW6KVMeeTl6I7Szp7eUzxqQbR6B9IY +-> ssh-ed25519 eXMAtA gR53Jap2FgivohGKYOjbkxKPUTr19nUnzEZmcNoeFSA +w+CY6xVAEyMii1PtJ0M3gSET1o2214JisE+xPFaQYJM +-> ssh-ed25519 5hXocQ kfrUKBh36AkwLG1hWC0dqzVHFWYuu53iUW6Xr3cZmA0 +2D0v2lXq9CUINXWaaj2SX6M4FvE5PeRF5vaxBCCkaHE +-> ssh-ed25519 bRHVVA ECXEcqwN/WJCBfRuweRm8oOs09/enh9gPgVtLz/wr3k +tAfEDWMKfVYOK3fCYqXoKXBGhjbM3YKBofMaC+4DIyo +-> ssh-ed25519 HgW9eA Om8cjnnD11iZmi4necTSRmRTpgl6T5cBOMbf6fUG/EQ +wGZEHm39i03nF7RNO26QyTIPAGeyr+SG8U+m185O9qk +--- 0QoyQFcZZBMja9pF82tRrxF8JpIow25wCiuyfGZRHTk +~N^W0߿1e^]N|N]MXNZӼq%@EC 5Rέz)"{I,q:&Vl I&b;栢YXXde3uBhIHgCsԨ| \ No newline at end of file diff --git a/secrets/restic/periodique/base-password.age b/secrets/restic/periodique/base-password.age index 9fb9dde..f440479 100644 Binary files a/secrets/restic/periodique/base-password.age and b/secrets/restic/periodique/base-password.age differ diff --git a/secrets/restic/periodique/base-repo.age b/secrets/restic/periodique/base-repo.age index b7f0bf5..d87964a 100644 Binary files a/secrets/restic/periodique/base-repo.age and b/secrets/restic/periodique/base-repo.age differ diff --git a/secrets/restic/redite/base-password.age b/secrets/restic/redite/base-password.age index 8c47f20..9942dbd 100644 Binary files a/secrets/restic/redite/base-password.age and b/secrets/restic/redite/base-password.age differ diff --git a/secrets/restic/redite/base-repo.age b/secrets/restic/redite/base-repo.age index ec0c70e..844244f 100644 --- a/secrets/restic/redite/base-repo.age +++ b/secrets/restic/redite/base-repo.age @@ -1,19 +1,35 @@ age-encryption.org/v1 --> ssh-ed25519 hTlmJA kFOWAzDbkq3Tv4qAOlpvOsPSIkC+du0NuaVlqHwtFUU -nuOosQt/u1aLrnbYP/HfYB5kx707tmKG9CuA+PTi8JY --> piv-p256 ewCc3w AyXlgMSHnFrEfp0uB41dwtyhXIEaECaGU7zSGQfih8qR -VAUOEoFKwHLHqVZDp6IGcX9UKqeEYgElENu03DUdejM --> piv-p256 6CL/Pw AqP2EQ964r6wmDXQEBb8UDk6SsphgmkW3IlugcsnDi0d -rkWTPELcoOf4i0gKcJ4jiAsBIOvBIVgrNXZ4KBn7uxw --> ssh-ed25519 I2EdxQ y34hVqcR08tV/hj3XMydLD26YkF+GTlRy/RtQlr4/xM -/ZzHs1EnBc+ox68HkaUbu6aYxrOLSWBavNQNM232CFU --> ssh-ed25519 J/iReg 5Bc8NqLS1iLcBdjCr9aepG3PW0K46YBYw/g7ZeQWunU -1aiVwju7M+6X/tkDqREtBkKShQdig5ATEkhoyyB78b4 --> ssh-ed25519 GNhSGw CnpiJlLIgcnPdRHOi6oZcholAnbJ4YfN/G6DDlxHUR0 -iCDP882YOImc/dSQ0Na5KzA0erszxNGRtWUDtypuFwg --> ssh-ed25519 eXMAtA BhLH5eMtjoznm5pZRAUYw0lC/WspJTdBad5AwxnGiVU -HEtJTTVyeWZEzPBMGfcUpMMt51sUyXiYYjuN4oU1pIg --> ssh-ed25519 5hXocQ hfDNuyyEeIA9RDs1+FwXrFQgiaGzaHs6fkprRitxEHk -pmc9eCpEWu4FA/cbklPuRxbg97tfG1mcWLF+DOE97Hw ---- ZCTOg45uOBDseDGumu8mYOGjI9FZdaEBvHTev7Idn7I -Y_"25ZR4S_8½h ]`IP*ejR}K1DH^&9)0ݡ&tC֋@-H{˞3דāiɷǶOm :]M` \ No newline at end of file +-> ssh-ed25519 hTlmJA JP2aZ32SVp1WGDVgZzPa2noKlrC3GdwEwZyGsk4Zo2I +R/q+9flPs7eUkR/tbkGPcMp9LYbLVElE3UhqfDJ2M6g +-> piv-p256 ewCc3w Apal1aNf86IPdoWfPh5nL7696lttYiVa4mGqRZwZgcwq +PLcM1Vao+/pYIOjeB1yyI1tL/hE5sx+NGuANElypGKM +-> piv-p256 6CL/Pw A65HjvHo7olIurJgHbyDM/oDpLjJsrNvYtkdirnyauDW +Y1zEG5rxALJYnMrqo1QUKVc4R+0gMEOCwRw2bXOwn90 +-> ssh-ed25519 eOAUSg 5iJbcL6tjG91SHmkC7wvHa1HXVrB4ubTAJOfD/bZmB8 +2xSUuVGH3r7ZywrLquJiv0NsF+8nnxIliATrTSa3HOc +-> ssh-rsa REaZBA +WiDjU5Fex8juzkspgru7mgHkDBKjQ3pKpbC9oop7TLBUyDRMtKeg9jsKHgxZfRux +QKFGEjb8OGqTXWvGJ8eeBfhjPaIG7EjEw8+W0hSouHPmQp1cEv3ucUW3hUmBVrJo +89GHp5W3t80JnAisHRxgVo/zIkBe19h+uw8WioEXqUdkIsOBtiHkHseYryQccNWj +Zi6q1kk4aM4nq8JLPwrao3cY3aKOTnvzNBbnBKhpGp3WcAQpzrVhbohYmrhfMq7Y +ZVmKgi+0CC3G7tmcIc2JV1MiPOiMRxmmonABeNvF1fMvS2wg9vmstNsm+DE3x88F +dmL9X6u1qRfJS7Dd6zI/k2Ux/MwmrhEBydjLj5/ACgfGZ2R6mcolO+Bzx6gOpLc3 +MjJvPhb9FCF+QoXRwzsGDhqmpg3KZ3PAAdiYGOBRtipjPYJpo0kJ+TJlRgjsYq+S +Kfj/u6LF16QS21AI9QMEGc2H/FS8+hRg6hQzfM9zvKV+fQpN4MAs3+1XWO0b0E9e + +-> ssh-ed25519 J/iReg gOyB5IhkyTixizzeF8KrZspzyC89bTiyugRforyQTVY +9ihuMc9aqDV+Yl8tXgf8jS7LJxVOqGJ9/MJrApz7sDY +-> ssh-ed25519 GNhSGw OJAuMZo0dXGK5n/o+NRTFYpruvA967wn+LTVWPY8sAw +dcp9p/DHq2J0sJYiYMC053oXmbOtjn6zxqpPCb3ATkk +-> ssh-ed25519 eXMAtA 2sEagYLft0p/LJLt08uUsgHndpqKD8FEKmGAR2jw0Go +BFlCnUGZvlyWWqSjmS3mVDPP8aXGMuszgG30hydlv4o +-> ssh-ed25519 5hXocQ bgMwrVPm8vIBqdT1ZIikv2Y4GxHjPjF8nAtzfTXOdGs +zGPX7k56KDkKnSdLPOSzk9KBmuXjoiMa5XswjJ2pUHQ +-> ssh-ed25519 bRHVVA d7rDdm7N7YY7Vhjs8LdcshS0c0osDsn6DzVNy18SbGI +dC4XiFJzxkiIwb0R5D56mGfh2mTdFWBwYdyZApZaYaE +-> ssh-ed25519 HgW9eA mNBdCCJHqDxv5U8h+hir9ATz0sJnI16Q8XRxOEXP5ys +NmH+V7SiZKj+fAfbFQqr9AYo1GtZ6CketLRNv87aRtg +--- 56l2+1aDwCihjn5pUt+qA0ABF8m3N3lWYd3I1xNlbBc +s"ah315PoOcgY@]YT5㻙Q/4>{W +,8WP?1-gFjM{x6 +*O5ڴ ڟ=3'`O-q&gqm6R \ No newline at end of file diff --git a/secrets/restic/reverseproxy/base-password.age b/secrets/restic/reverseproxy/base-password.age index c1078ad..cb06b81 100644 Binary files a/secrets/restic/reverseproxy/base-password.age and b/secrets/restic/reverseproxy/base-password.age differ diff --git a/secrets/restic/reverseproxy/base-repo.age b/secrets/restic/reverseproxy/base-repo.age index cfa70c2..9c66b45 100644 Binary files a/secrets/restic/reverseproxy/base-repo.age and b/secrets/restic/reverseproxy/base-repo.age differ diff --git a/secrets/restic/two/base-password.age b/secrets/restic/two/base-password.age index 9e3141f..d15072f 100644 Binary files a/secrets/restic/two/base-password.age and b/secrets/restic/two/base-password.age differ diff --git a/secrets/restic/two/base-repo.age b/secrets/restic/two/base-repo.age index 30a491f..09f5596 100644 --- a/secrets/restic/two/base-repo.age +++ b/secrets/restic/two/base-repo.age @@ -1,20 +1,33 @@ age-encryption.org/v1 --> ssh-ed25519 qeMkwQ isv7irYOPM3ZFo+R7YmL9EoRYrFJfuLWkNR6r2lgjHE -PDf7UvNSxP5W+90YcVWpmC9VrsiwvfZeZIhMNtz9MwI --> piv-p256 ewCc3w Ap4ULwesDkTo821rHLHT5QTgLq05Z03f4IyUZlnzyT42 -xseukJDoQ62Z9umifrcpkV2QUQl70haUbCQUQ0CZsD4 --> piv-p256 6CL/Pw AqDUG43l33GpkKBLGSbVNavw6QP7SNtWJ/k1e5220Q20 -WlH4NlD9okKZa3CdKKGwI+1BZGRV5e7OhSCBFPmnMac --> ssh-ed25519 I2EdxQ oT+2CGAukNKWiimsXi3jooqsrFBdKH+LK6v3+7gzeDA -0hnQjy6Hm8uGVRsRpNuesybm6xcUfwr/EIxXaQkQB34 --> ssh-ed25519 J/iReg kyCVyzD4HOGYRqqWxG4nrx2kOkCRdm32c2B6tuOoNBQ -KXqT3v0xgIrbinTw64CrNQchqXJVdBniv6rMyGvRilg --> ssh-ed25519 GNhSGw luLGKV0iAY6fRHUE0PuZhcizlsMbOwPK0ro/kLjPxl0 -PbkSGZgcKCuAbr4anDNaLcSOz/30P2+OCg6AUGd5Pt4 --> ssh-ed25519 eXMAtA Gh4HkVu9m7LvBzcsixrCQjFTC/WS31kLQF8YimibI0E -XHap5pt+OwVvmzkTq3Ewq1VrTifwqwbQ5wv4g381ao8 --> ssh-ed25519 5hXocQ RfYDwwRM2m4H/qRFVdkT4g/viTae2wGHlwgiuwyMDnc -slShejHqsSLqascg68uY4WAIe48VA5MMY2HYGJT8s6U ---- 8yO/uraAtXSuTHm5WQJg/QAHOww4GCWKDwOUOSHczJc -W`> 6bwP5b="]ބ*m!uʿq_ -(=ft6eXWITaUFt(nn4ȇ@5о=K>n*W(8{CY TKGIU) \ No newline at end of file +-> ssh-ed25519 qeMkwQ NKP2RUhBiBJvgeir3w5SdZvMTtewZr8ZaQ4fnFlvqDk +9Qm7F4Fsr8FdCKH1hFfQAUZVJM5AghrI3bkC63e7lA4 +-> piv-p256 ewCc3w A+RbLTktyUPlHfY7CKm878dHfgFHvx7f/ITKKm8q+gBR +ImkH2oI+KnEYGKl9B5f6nTzrpmp++Y9UbcrsxrxKZsQ +-> piv-p256 6CL/Pw AqPlAqiRJ7YzztIxZJ/MG4lllphpONbSpaxwkJWSHp/e +z4cjfWYZ+V7hnLi8aZOZc01Jcrvf2ovElu1I99xHrhM +-> ssh-ed25519 eOAUSg ZqhcAfvlMRAAgFqemzSphx9MaivnWYadvSJc8LhuGyQ +NEsXht+MOG//fe6AGDtIDI/gPPcOVk/FUe34cxSyjC4 +-> ssh-rsa REaZBA +cpNHQ3JzoJw67RTi8O8tIuXTrs5ZEdoN7GzwYHfKz77qipK9noCZ7YzR/xQTvwsr +pe8kzOj/9ojtr7dfEFr9oei9R/WhQpyJmXo5XAV3/7O/06H2uR6GBb7j70mOIFl+ +0dlkOKN6Qd1JC3fStSPxVzLNlMZkDfwEkqQdXeJXExEntcDYKpkhnui1RCOVjN5m +oDWCU4+xobDT5GXN5Q4UpcgkvFwV74t6Qkb/u38wSWZPjFFmdJ7z3FUmC/rzntMd +Fv3CoIRoCHDv1GOFwK1weLDXncHzegg9GM34KkuqTlijKqGcUnMbjrGEIlip5mof +QwMGWA0wDIzzsXk168OU7g2Dn8HfEnlmjKAWMDgOz0xza+Yk4ulcKGTQJPZ8nQSt +D5kO273R+AZVfuK4q8Noelwk+kN9NI7x0fm01VrRgHzH/L4m3NxsfBBf7wlOwjHN +fKQmxDEE6iUb8GPfgoYNT5JmeXjcxTVGqrLEFgsQyBmf60CaTEiyXmYARHzu+KXn + +-> ssh-ed25519 J/iReg 1+Ap42RbP3acr7Ka+qw+aVEv1d7WskyqkNieme0bAEk +ui2uJ3M+L0G0TyKuEV/IhzpYXaxF1O1aagqj3Kx/7EI +-> ssh-ed25519 GNhSGw Ac5WUe27UeSG8N6jY+wTLVxg39TOHj2ofTPEQ8J+50M +lirLvQJ6uLJ6iqbgRXRMcraPCI/qX5bU7VolihDCKSY +-> ssh-ed25519 eXMAtA 9LUBaGZfAXTwSUtRFzMQ+VnWU8Bfm4Vr7ANnTYKiDn4 +gdW6VKHByq15GkGGQ4sVqdUnMdF54KmH1+VrXhnmY+k +-> ssh-ed25519 5hXocQ Y02v/mKTB7LUZ09hIbg9QZpXBX8gYLqnQgyI1pbDSVg +yOOI+/5HJHEeHa5yMi6aBMk75ISwa9Xw9HJalZ/rqTI +-> ssh-ed25519 bRHVVA HgDF3J/p8t71Rb/wH9h490WgNrTF/Na+yCsLTkschHU +CAMpJ+aE3sCiakjuEDWZTeNiUQcRbDc/OEUeaAaicuY +-> ssh-ed25519 HgW9eA FZRwYTkkTqaZKYie1ghT4KHVaN9HotPX8K0h4rktyAY +fCcmP82VGbpAvjkfTdqn4M1VIkDWKmLa4X++YRoZVR8 +--- hOQJKXW3O/fPqp4YCsrX8etojiHqM/lXZhPMSl4bBAU +)Gb氡F?Sn\hTXo9rV.j F\rBoB+FmY!4l H>*yg8 Gtu_)֛aR9Us \ No newline at end of file diff --git a/secrets/restic/vaultwarden/base-password.age b/secrets/restic/vaultwarden/base-password.age index 08fe6f7..4c224eb 100644 Binary files a/secrets/restic/vaultwarden/base-password.age and b/secrets/restic/vaultwarden/base-password.age differ diff --git a/secrets/restic/vaultwarden/base-repo.age b/secrets/restic/vaultwarden/base-repo.age index 47628a2..6a74404 100644 Binary files a/secrets/restic/vaultwarden/base-repo.age and b/secrets/restic/vaultwarden/base-repo.age differ diff --git a/secrets/vaultwarden/env.age b/secrets/vaultwarden/env.age index 3c003b8..656d3de 100644 Binary files a/secrets/vaultwarden/env.age and b/secrets/vaultwarden/env.age differ