From 7be3567e6de347f86d1bbc112e6cb7bc03370f4a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 6 Nov 2023 21:28:05 +0100 Subject: [PATCH 1/7] flora-6: refactor to use flake.parts --- flake.lock | 40 ++++++ flake.nix | 3 + hosts/default.nix | 10 ++ hosts/flora-6/README.md | 50 ++++++++ hosts/flora-6/apps/caddy.nix | 41 +++++++ hosts/flora-6/apps/drone.nix | 116 ++++++++++++++++++ hosts/flora-6/apps/forgejo-actions-runner.nix | 35 ++++++ hosts/flora-6/configuration.nix | 71 +++++++++++ hosts/flora-6/default.nix | 15 +++ hosts/flora-6/hardware-configuration.nix | 45 +++++++ hosts/flora-6/triton-vmtools.nix | 9 ++ hosts/nachtigall/configuration.nix | 8 -- modules/default.nix | 15 ++- modules/networking.nix | 28 ++++- overlays/default.nix | 1 + 15 files changed, 475 insertions(+), 12 deletions(-) create mode 100644 hosts/flora-6/README.md create mode 100644 hosts/flora-6/apps/caddy.nix create mode 100644 hosts/flora-6/apps/drone.nix create mode 100644 hosts/flora-6/apps/forgejo-actions-runner.nix create mode 100644 hosts/flora-6/configuration.nix create mode 100644 hosts/flora-6/default.nix create mode 100644 hosts/flora-6/hardware-configuration.nix create mode 100644 hosts/flora-6/triton-vmtools.nix diff --git a/flake.lock b/flake.lock index 1eb34c2..21619ae 100644 --- a/flake.lock +++ b/flake.lock @@ -122,6 +122,21 @@ "type": "github" } }, + "flake-utils_2": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -280,6 +295,7 @@ "nixos-flake": "nixos-flake", "nixpkgs": "nixpkgs", "nixpkgs-2205": "nixpkgs-2205", + "triton-vmtools": "triton-vmtools", "unstable": "unstable" } }, @@ -313,6 +329,30 @@ "type": "github" } }, + "triton-vmtools": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "vmtools", + "lastModified": 1698443513, + "narHash": "sha256-wX2JIJ3JmJn6MAurdyjwZU+FZjLCwBArMrVSeeCb/ZU=", + "ref": "main", + "rev": "0d039dcf06afb8cbddd7ac54bae4d0d185f3e88e", + "revCount": 85, + "type": "git", + "url": "https://git.pub.solar/pub-solar/infra-vintage?dir=vmtools" + }, + "original": { + "dir": "vmtools", + "ref": "main", + "type": "git", + "url": "https://git.pub.solar/pub-solar/infra-vintage?dir=vmtools" + } + }, "unstable": { "locked": { "lastModified": 1698318101, diff --git a/flake.nix b/flake.nix index 7006190..a3187f6 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,9 @@ keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main"; keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; + + triton-vmtools.url = "git+https://git.pub.solar/pub-solar/infra-vintage?ref=main&dir=vmtools"; + triton-vmtools.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs@{ self, ... }: diff --git a/hosts/default.nix b/hosts/default.nix index 8a2913b..22a4f32 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -13,6 +13,16 @@ self.nixosModules.docker ]; }; + + flora-6 = self.nixos-flake.lib.mkLinuxSystem { + imports = [ + self.inputs.agenix.nixosModules.default + self.nixosModules.home-manager + ./flora-6 + self.nixosModules.overlays + self.nixosModules.core + ]; + }; }; }; } diff --git a/hosts/flora-6/README.md b/hosts/flora-6/README.md new file mode 100644 index 0000000..4600605 --- /dev/null +++ b/hosts/flora-6/README.md @@ -0,0 +1,50 @@ +# Deploy infra branch to flora-6 + +Use this command after updating flake inputs to update services on `flora-6`. + +``` +deploy --skip-checks --confirm-timeout 300 --targets '.#flora-6' + +An alternative, if deployment always fails and rolls back. + +``` + +deploy --skip-checks --magic-rollback false --auto-rollback false --targets '.#flora-6' + +``` + +# SSH access to flora-6 +Ensure your SSH public key is in place [here](./users/barkeeper/default.nix) and +was deployed by someone with access. + +``` + +ssh barkeeper@flora-6.pub.solar + +``` + +# Mailman on NixOS docs + +- add reverse DNS record for IP + +Manual setup done for mailman, adapted from https://nixos.wiki/wiki/Mailman: + +``` + +# Add DNS records in infra repo using terraform: + +# https://git.pub.solar/pub-solar/infra/commit/db234cdb5b55758a3d74387ada0760e06e166b9d + +# Generate initial postfix_domains.db and postfix_lmtp.db databases for Postfix + +sudo -u mailman mailman aliases + +# Create a django superuser account + +sudo -u mailman-web mailman-web createsuperuser + +# Followed outlined steps in web UI + +``` + +``` diff --git a/hosts/flora-6/apps/caddy.nix b/hosts/flora-6/apps/caddy.nix new file mode 100644 index 0000000..a241de2 --- /dev/null +++ b/hosts/flora-6/apps/caddy.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + pkgs, + flake, + ... +}: +{ + systemd.tmpfiles.rules = [ + "d '/data/srv/www/os/download/' 0750 hakkonaut hakkonaut - -" + ]; + + services.caddy = { + enable = lib.mkForce true; + group = "hakkonaut"; + email = "admins@pub.solar"; + enableReload = true; + globalConfig = lib.mkForce '' + grace_period 60s + ''; + virtualHosts = { + "ci.pub.solar" = { + logFormat = lib.mkForce '' + output discard + ''; + extraConfig = '' + reverse_proxy :4000 + ''; + }; + "obs-portal.pub.solar" = { + logFormat = lib.mkForce '' + output discard + ''; + extraConfig = '' + reverse_proxy obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone:3000 + ''; + }; + }; + }; + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/flora-6/apps/drone.nix b/hosts/flora-6/apps/drone.nix new file mode 100644 index 0000000..e8408e7 --- /dev/null +++ b/hosts/flora-6/apps/drone.nix @@ -0,0 +1,116 @@ +{ + config, + lib, + pkgs, + flake, + ... +}: { + age.secrets.drone-secrets = { + file = "${flake.self}/secrets/drone-secrets.age"; + mode = "600"; + owner = "drone"; + }; + age.secrets.drone-db-secrets = { + file = "${flake.self}/secrets/drone-db-secrets.age"; + mode = "600"; + owner = "drone"; + }; + + users.users.drone = { + description = "Drone Service"; + home = "/var/lib/drone"; + useDefaultShell = true; + uid = 994; + group = "drone"; + isSystemUser = true; + }; + + users.groups.drone = {}; + + systemd.tmpfiles.rules = [ + "d '/var/lib/drone-db' 0750 drone drone - -" + ]; + + systemd.services."docker-network-drone" = let + docker = config.virtualisation.oci-containers.backend; + dockerBin = "${pkgs.${docker}}/bin/${docker}"; + in { + serviceConfig.Type = "oneshot"; + before = ["docker-drone-server.service"]; + script = '' + ${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24 + ''; + }; + + virtualisation = { + docker = { + enable = true; # sadly podman is not supported rightnow + extraOptions = '' + --data-root /data/docker + ''; + }; + + oci-containers = { + backend = "docker"; + containers."drone-db" = { + image = "postgres:14"; + autoStart = true; + user = "994"; + volumes = [ + "/var/lib/drone-db:/var/lib/postgresql/data" + ]; + extraOptions = [ + "--network=drone-net" + ]; + environmentFiles = [ + config.age.secrets.drone-db-secrets.path + ]; + }; + containers."drone-server" = { + image = "drone/drone:2"; + autoStart = true; + user = "994"; + ports = [ + "4000:80" + ]; + dependsOn = ["drone-db"]; + extraOptions = [ + "--network=drone-net" + "--pull=always" + ]; + environment = { + DRONE_GITEA_SERVER = "https://git.pub.solar"; + DRONE_SERVER_HOST = "ci.pub.solar"; + DRONE_SERVER_PROTO = "https"; + DRONE_DATABASE_DRIVER = "postgres"; + }; + environmentFiles = [ + config.age.secrets.drone-secrets.path + ]; + }; + containers."drone-docker-runner" = { + image = "drone/drone-runner-docker:1"; + autoStart = true; + # needs to run as root + #user = "994"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + dependsOn = ["drone-db"]; + extraOptions = [ + "--network=drone-net" + "--pull=always" + ]; + environment = { + DRONE_RPC_HOST = "ci.pub.solar"; + DRONE_RPC_PROTO = "https"; + DRONE_RUNNER_CAPACITY = "2"; + DRONE_RUNNER_NAME = "flora-6-docker-runner"; + }; + environmentFiles = [ + config.age.secrets.drone-secrets.path + ]; + }; + }; + }; +} diff --git a/hosts/flora-6/apps/forgejo-actions-runner.nix b/hosts/flora-6/apps/forgejo-actions-runner.nix new file mode 100644 index 0000000..612a24a --- /dev/null +++ b/hosts/flora-6/apps/forgejo-actions-runner.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + pkgs, + flake, + ... +}: { + age.secrets.forgejo-actions-runner-token = { + file = "${flake.self}/secrets/forgejo-actions-runner-token.age"; + mode = "644"; + }; + + # forgejo actions runner + # https://forgejo.org/docs/latest/admin/actions/ + # https://docs.gitea.com/usage/actions/quickstart + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances."flora-6" = { + enable = true; + name = config.networking.hostName; + url = "https://git.pub.solar"; + tokenFile = config.age.secrets.forgejo-actions-runner-token.path; + labels = [ + # provide a debian 12 bookworm base for actions + "debian-latest:docker://debian:bookworm" + # fake the ubuntu name, commonly used in actions examples + "ubuntu-latest:docker://debian:bookworm" + # alpine + "alpine-latest:docker://alpine:3.18" + # nix flakes enabled image from + "nix-flakes:docker://git.pub.solar/pub-solar/nix-flakes-node:latest" + ]; + }; + }; +} diff --git a/hosts/flora-6/configuration.nix b/hosts/flora-6/configuration.nix new file mode 100644 index 0000000..dc20845 --- /dev/null +++ b/hosts/flora-6/configuration.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + pkgs, + flake, + ... +}: let + psCfg = config.pub-solar; +in { + imports = [ + "${flake.inputs.unstable}/nixos/modules/services/continuous-integration/gitea-actions-runner.nix" + "${flake.inputs.unstable}/nixos/modules/services/web-servers/caddy/default.nix" + ]; + disabledModules = [ + "services/continuous-integration/gitea-actions-runner.nix" + "services/web-servers/caddy/default.nix" + ]; + + config = { + # Override nix.conf for more agressive garbage collection + nix.extraOptions = lib.mkForce '' + experimental-features = flakes nix-command + min-free = 536870912 + keep-outputs = false + keep-derivations = false + fallback = true + ''; + + # # # + # # # Triton host specific options + # # # DO NOT ALTER below this line, changes might render system unbootable + # # # + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Force getting the hostname from cloud-init + networking.hostName = lib.mkDefault ""; + + # List services that you want to enable: + services.cloud-init.enable = true; + services.cloud-init.ext4.enable = true; + services.cloud-init.network.enable = true; + # use the default NixOS cloud-init config, but add some SmartOS customization to it + environment.etc."cloud/cloud.cfg.d/90_smartos.cfg".text = '' + datasource_list: [ SmartOS ] + + # Do not create the centos/ubuntu/debian user + users: [ ] + + # mount second disk with label ephemeral0, gets formated by cloud-init + # this will fail to get added to /etc/fstab as it's read-only, but should + # mount at boot anyway + mounts: + - [ vdb, /data, auto, "defaults,nofail" ] + ''; + + # We manage the firewall with nix, too + # altough triton can also manage firewall rules via the triton fwrule subcommand + networking.firewall.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + }; +} diff --git a/hosts/flora-6/default.nix b/hosts/flora-6/default.nix new file mode 100644 index 0000000..6511a00 --- /dev/null +++ b/hosts/flora-6/default.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./configuration.nix + ./triton-vmtools.nix + + ./apps/caddy.nix + + ./apps/drone.nix + ./apps/forgejo-actions-runner.nix + ]; +} diff --git a/hosts/flora-6/hardware-configuration.nix b/hosts/flora-6/hardware-configuration.nix new file mode 100644 index 0000000..6b10768 --- /dev/null +++ b/hosts/flora-6/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = []; + + boot.initrd.availableKernelModules = ["ahci" "virtio_pci" "xhci_pci" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + autoResize = true; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + fileSystems."/data" = { + device = "/dev/disk/by-label/ephemeral0"; + fsType = "ext4"; + options = [ + "defaults" + "nofail" + ]; + }; + + swapDevices = []; + + networking.useDHCP = lib.mkDefault false; + networking.networkmanager.enable = lib.mkForce false; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/flora-6/triton-vmtools.nix b/hosts/flora-6/triton-vmtools.nix new file mode 100644 index 0000000..77c8048 --- /dev/null +++ b/hosts/flora-6/triton-vmtools.nix @@ -0,0 +1,9 @@ +{ + pkgs, + flake, + ... +}: { + environment.systemPackages = with pkgs; [ + flake.inputs.triton-vmtools.packages.${pkgs.system}.default + ]; +} diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index 8d61f8d..6b2f04a 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -35,14 +35,6 @@ boot.initrd.availableKernelModules = [ "igb" ]; - # Set your time zone. - time.timeZone = "Etc/UTC"; - - environment = { - # just a couple of packages to make our lives easier - systemPackages = with pkgs; [ vim ]; - }; - # https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets systemd.services.zfs-mount.enable = false; diff --git a/modules/default.nix b/modules/default.nix index 16ac03f..b8a037d 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -9,7 +9,7 @@ terminal-tooling = import ./terminal-tooling.nix; users = import ./users.nix; - core = { + core = { pkgs, ... }: { imports = [ nix networking @@ -17,6 +17,19 @@ users ]; + environment = { + # Just a couple of global packages to make our lives easier + systemPackages = with pkgs; [ git vim wget ]; + }; + + # Select internationalization properties + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + time.timeZone = "Etc/UTC"; + home-manager.users.${self.username} = { home.stateVersion = "23.05"; }; diff --git a/modules/networking.nix b/modules/networking.nix index bd27877..5b879b8 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -1,7 +1,29 @@ { pkgs, ... }: { - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "prohibit-password"; - services.openssh.settings.PasswordAuthentication = false; + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + # Add back openssh MACs that got removed from defaults + # for backwards compatibility + # + # NixOS default openssh MACs have changed to use "encrypt-then-mac" only. + # This breaks compatibilty with clients that do not offer these MACs. For + # compatibility reasons, we add back the old defaults. + # See: https://github.com/NixOS/nixpkgs/pull/231165 + # + # https://blog.stribik.technology/2015/01/04/secure-secure-shell.html + # https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67 + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + "hmac-sha2-512" + "hmac-sha2-256" + "umac-128@openssh.com" + ]; + }; + }; services.resolved = { enable = true; diff --git a/overlays/default.nix b/overlays/default.nix index 7bfa77b..97c9bc7 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -9,6 +9,7 @@ nixpkgs.overlays = [ (final: prev: { mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon; + forgejo-actions-runner = inputs.unstable.legacyPackages.${prev.system}.forgejo-actions-runner; }) ]; }); From f24a29196cb57f8930a3ce7bbc418e74816a0668 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 6 Nov 2023 21:28:37 +0100 Subject: [PATCH 2/7] secrets: add drone, forgejo-actions-runner secrets and rekey --- secrets/drone-db-secrets.age | 28 +++++++++ secrets/drone-secrets.age | Bin 0 -> 1829 bytes secrets/forgejo-actions-runner-token.age | 27 +++++++++ secrets/forgejo-database-password.age | 50 ++++++++--------- secrets/forgejo-mailer-password.age | 51 ++++++++--------- secrets/keycloak-database-password.age | Bin 1475 -> 1563 bytes secrets/mastodon-extra-env-secrets.age | Bin 1768 -> 1717 bytes secrets/mastodon-otp-secret.age | 50 ++++++++--------- secrets/mastodon-secret-key-base.age | 53 +++++++++--------- secrets/mastodon-smtp-password.age | Bin 1516 -> 1537 bytes secrets/mastodon-vapid-private-key.age | Bin 1456 -> 1524 bytes secrets/mastodon-vapid-public-key.age | Bin 1605 -> 1478 bytes secrets/matrix-mautrix-telegram-env-file.age | Bin 2013 -> 1957 bytes secrets/matrix-synapse-secret-config.yaml.age | Bin 2833 -> 2825 bytes secrets/matrix-synapse-signing-key.age | Bin 1543 -> 1528 bytes secrets/nachtigall-root-ssh-key.age | Bin 1858 -> 1860 bytes secrets/nextcloud-admin-pass.age | 50 ++++++++--------- secrets/nextcloud-secrets.age | 52 ++++++++--------- secrets/searx-environment.age | Bin 1522 -> 1505 bytes secrets/secrets.nix | 9 +++ 20 files changed, 217 insertions(+), 153 deletions(-) create mode 100644 secrets/drone-db-secrets.age create mode 100644 secrets/drone-secrets.age create mode 100644 secrets/forgejo-actions-runner-token.age diff --git a/secrets/drone-db-secrets.age b/secrets/drone-db-secrets.age new file mode 100644 index 0000000..9496198 --- /dev/null +++ b/secrets/drone-db-secrets.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 Y0ZZaw FLHjNYq0CIlbPUKpJgrw4Dka33LIBW9p2E93v8RGdl8 +aw0LoWNfjAx1nXK9+SwFMLRxpd/KZL5Y0XJQqIZG0+E +-> ssh-ed25519 uYcDNw dbVXX0Nj5fq5nr/7yaC3ZQnPIk5MQAQpT5RJmz2IMCM +t9ci+WVCroHprSfoud7LKuaTjk5NeiS/Mp2LqhcOrdI +-> ssh-rsa kFDS0A +RZaFU9rClM9C7SUyYx4e1dZmntzPxoB60gJU2XUXFwkAp54dXL8fxs2cHcRxUQMo +HpzCCMiPo2QowUe9O4VQFlOPraub+aTc/nkMmy/spKM50DeVHlK11aoGkJ2j8uj9 +FPAzdI47DFpLWN6ncndtKHvYeV2ip2qv9oOgbl84aQ5DqeACb5BHtGS0edWa8YwM +8B6GX9ZpDGB6oW17Ko4IIjeBRnwmY+66mzl6cqhYsGWK2vOYBDLmx4JmGH2LqHL7 ++8kQBaq+hNkRlpgLZC7RIrnaW41yMmRZbyr6hPIXaLnlYp6+7+A8krnZKTJXPgBf +Cpv4SSd+igSSjUGUSrnOM2LqOAOcqBAmnIDAyIsVMPnjOkCFxyEj1ynfiSwM1qb0 +QqTi0TZRHZsfpiGcvHVoBCWBFQ8d391MFQAiija0iW6QR/eRiGC4mcSA/6vP6X9G +p7BNJoP+mt0pYpVXCA85Rv5K+0JKR2VqlluHl4V2rnwqCGGelG9oYz2D1pQz7Obs +vVgjJaWxzzLGrCCDwk6LjuXv5UMobwlTw7YEGad7AnKPjtrhLuWm1Xs8STZ5oMJp +BhYLDuTUtLFvYciITEEWK/46IBI4m8iJmKpHOMXjWhSuBGKj9q9ifwxeLOmkZgt/ +AojO4dtmmfzVNLGIIoUdFYjbp/Kr92p78y8jBIIkcMs +-> ssh-ed25519 YFSOsg TvpVdCtlBkpCBOPgiy8wKZo/0JxzQFDFRh16SXsdm1Q +SSHyUUNu2S1Sq7c89DZAlx43zoab32mUenqgitqEfXw +-> ssh-ed25519 iHV63A YjDcxJ0Jt1Ifc22kDk5qiPNv333ZVdHizPdc3e0QgGQ +nqXiCnVH9x7xAlEhIlqD2ThvglFLaHyd5yMzun7m7Xk +-> ssh-ed25519 BVsyTA eZZW8nsBoPJEDgH0tJNKMHyQgyOD5gpuf/gAGfaycj8 +Ss82nrDGaf/ZB4hq9bVYwmTdh7Z1zl10w8bpr5cN3Dg +-> %o-grease g0_~ |]P[H&% }+ +XEDXb/UfDFfY/NGfgrttIHoE0Q/0S2xvBwpy0p1SJb4h1/xOb/E/3uIWT7OlQQgO +8Q +--- 0DdGRYR7j5NAQX63wD6e4LxW3xHTTiBekFtxYFCcK10 +U2J3fKxsx;1.S ^d3+r{Y1&' اۮ)_4/u\TeF tRss%\s| \ No newline at end of file diff --git a/secrets/drone-secrets.age b/secrets/drone-secrets.age new file mode 100644 index 0000000000000000000000000000000000000000..be23c3591f00b4a07e9f97bd57705e5349a19ada GIT binary patch literal 1829 zcmZ9M{qNia0mk(^z^qKRnI#w{?9^n@bzknTy}q2wChfhn*Is+Q>&vxAAoS(>a=q(a z+iQDm9HJ0sNCXCsWSf#@Oe8QvjLBd)NE{G1V7>40yOx${W|PlKbXo?b=3JQuINRgXFrf1}CsLLvUWRkWL5^U1uGFrF0!}@d%S5vn;00LE?Fj5zl8__&gEtOdC zIgv~#92&EHA=v>0YFw}3cx9-EKsuR|c~)EWokkZ&IA5@UX$67&IR|0}FD$MqF;Q4q z#15;|)Bw?;E|?5SBcD#tKj&E$eI!sw9Sjs)tEP z--bIDnF|I^+ubOv%OCdm{~K+Kz1S&<7LluZ$A~#T>E{^B^+}BIX7wa(xC;~%5-Uk2 zggGc@EdU>-3dh#$;jCpfy_g?5vt_IZv_yxrGD#pk5$7#_Pz@FCTAD{IC`^>XPzc*P z4RVfF9m+FTv*g^ENM3J!s{-Qzs?-6#dJJDE=$E8-IND07d zkMvl?+mP9+3SA54Wi7y016u9tbqA4_o)+2-xMC*V9%yx~v5sL21rNA3nfK!W(*PzV zr@VpS%?Pe*7H#%uL5m@Z?I`_h2D)=#eSN*u>N(MpZx@nk_UQzkcnzU766Sq|t?LXb zvN2c{9B|kt3m@3rGD%w(i_@@X(X5Jr;eYaaP)-w{E><{~LdQ*t~+?@JH?P180w& zvj1TJ`}j}(^X}K*+jpY=$eo)HK+iXC*{*GV-TO_kmHx%Q?te(7Zu{h6>B>{8^UODI zetLSQbLg*I+pl7e9qR45^z)0~*>?MTv-8oP?~RULIQ{UEmv4If^&KVXo#wW?{;_qV zaOb1On_u~25WINP$q!yQ^^N`2k8k@Gco^h|4}SK!Gxphy-@bVJ^n34**#~}q{`~b{ z{q4Oc-`f1ASMR6cQ~S2>m~J2*dGYct`KdeJ{j$Gf*QdU9dT+0`cKY()*!7>je{{F> z={Jvl|Cbwnn65pFcJF)PYy8g!yFdSfAK%wH*Z$n5OND;w*xTI;=e8UL9zT8Yy64~8 WV%&fpyY;0b2k+Ux`{eAzf&T*LBaTl1 literal 0 HcmV?d00001 diff --git a/secrets/forgejo-actions-runner-token.age b/secrets/forgejo-actions-runner-token.age new file mode 100644 index 0000000..45ced5d --- /dev/null +++ b/secrets/forgejo-actions-runner-token.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-ed25519 Y0ZZaw Povd/J2P/1tppBq1rh3R9rTYWoXJN1pfQokGn6Idz0s +ataZHdaYvFwSn3gR4fuMn9RvJTA5AwKD7lgYOCYQNb8 +-> ssh-ed25519 uYcDNw +5kiekvoqciyqEQ2pojHioLF02vsohdmPraXIpwHUiw +4WA66g6VB5ORcnIEu5qrX6MQhSp+Hu7FIX/K58oinVw +-> ssh-rsa kFDS0A +VPX1jfzQwqg0TYi1B7t/35OIO4JjFSbK7sK4k6Hn3/EXePHV1GU7eiJFCQFHiU9d +ngcr6VQLOcPYRkGeb+pKva9eRCxq3vh4Xu/h6bR1J1Ie4cD3GeIpg7GyV3IH9oMG +TyoiOmIf9YdxhOu3aCLkrQgG48H2h/caBxAc/TkQBonsIAAhe57TCcUqGCpsSLCB +Ib2HsZ/NcomiEF/dGUoex31RWaG9G7nSuPg7xePHKtWICqIbKlBVGQZZQILZu5pU ++prbi0O8usjR9vfIu+j1HY+DmQqlgHECmgZdkH0fejp3bgsC5mc9rET9d9guNxW1 +D4LjpawcTQyvJmTBcrznOUkH7qqGPBf1OEBAYkOxb00Pko++6kQzVzCRci5vgJnv +0wf9ersRqJVcIP+S9fMUTqz5IVtEj59pO8Shzwvc6ULLPeMlhce9EF0l2Pd52CrI +h8OMAJwh30kZlKk96LpO1x2i7/vS09SzH2Qtqh3K/y1OjEJZUNNAagClh5m+WI/A +AemuH35ypOnc4ijl4CeXVQt30bJyjzH1s176bx9mBh8TfRkxe/F4y2qOlOc4eQeZ +Sy+rM15V6zlLD7cHc5KdA9UyoY321iIh9Q82M/dcj1smnvC3Pg0FxBZXEtEysyAE +is+amEbE75s8GYbrk0kn9LKB/m17gCzQX1EzV60ZUEk +-> ssh-ed25519 YFSOsg VVfArrCKSfZEIHxjr6u0K916ro5rf4W+bgl5/qd8AR0 +0OLMC8j4LO5QRLF5yfZcwnSLnlOKeQEnuiYghBr7Mbw +-> ssh-ed25519 iHV63A NxuNR2PCc8mJ5hTLHXdiAP7S5MKg1uK8oEbP3bYfIwY +d5b6kIHuzqcRYTS0OGcGMhxVaqSwPH7ZLjJhoipjpkc +-> ssh-ed25519 BVsyTA J1SkTbuvm/iaCrHV3c5Kr0eU1GEOlYmNPPGiLmxunR4 +9dxHQZYpPmTyskaTtf0456K9r3pU9O9zbZYBuv/r6G4 +-> ,7dQ0j\}-grease hO7 a> a +Hk4uVg +--- mrTRIooqC/b5dqqVG/1mAxmNVNs0+KeFb8YPr5/qudc +?'넋O@N*EhkpP]Q@1+AI*QI1)hcD]@*LܸV \ No newline at end of file diff --git a/secrets/forgejo-database-password.age b/secrets/forgejo-database-password.age index 54f6e4f..8624eb0 100644 --- a/secrets/forgejo-database-password.age +++ b/secrets/forgejo-database-password.age @@ -1,27 +1,27 @@ age-encryption.org/v1 --> ssh-ed25519 iDKjwg RIy4MC1iLzjOVc1ENd8Hic3b6yVsey1jGKKfpH5QznI -jCdBc7BcfAa0/BxN40P9neRJcRyz/mbXCHkQZ98MjqI --> ssh-ed25519 uYcDNw bmxhArWdUbbC2zCb1FQmtz5UXBKM9nYdGnmRQNVjsiY -IUsRWcBZf2HJpibhqaqBUGTaOTL865Y2ZR2ZM8Ocmr0 +-> ssh-ed25519 iDKjwg IFEv1dHKgnrQp6jjxwv6cmEeFRDLEGrnVaJkQ58ZaiU +OzmsmKDfl0h5O0gtPeV0B/O6rySog0PVok5H6544mJA +-> ssh-ed25519 uYcDNw M6IIbbZ07S6k8Gn1ZdMoQjjRZ2veA5aavAofofH4mWA +Zg3luviCp3PRNajja/DDxWmJm3bUEtNzm2MG6WFMwas -> ssh-rsa kFDS0A -XuCHi1ekeI+EG3JpNpze/XZWImIFHd4itCzjxApHINBdUqRA7yqVq1k557GcXU3S -dSW4Li2yQaGTDfWYbks5gyOxHjJ75mQ+McnzROdMuMTNYYpTs5CDmGUKDs7Fp86l -/YLfoo/hYd7/sKObJLSC/STEk/ObAxDNIe2eEK+esbAlBC0Lym9mi/vtuY8WzWAY -dsPvGk6497ap5lcZiLiJRChqumYSoTryKAMAvfiTtytcNCFh7hWnw5DFKcA/vlkx -cGDrM99itWtEO01oWA6SAVL6JfpWyjpQZqEKt3f3U0xsJbLUXEEiH+kUWpros6Nk -PJKVR2mcW3DiBKpR2QJDIkXJ5tUWzDn9Dgw54NniF2D91xs3MzQuvScrfb+/XR6H -Xc9BiytdOP/WW3PnvAu2jfMzXJlmlUJTQTWYRZs5tp8daKFN7MP3cIMwx/r+qc+o -JbqFxOewnNO0hEwfwYPCFnMEam8rmRmU8GI1RiBAGpQbBv02ihX4U5eWuLXrpmHK -0VOgkesWsAOHpV+tRJ3cxA8t/pjIWmN0nccRz+qz/1Ec6O5circBneVBgJow/MKh -M0f0b+HPr+ld0z4FA7rDESGhgQHEsyU9UUWU8U++Mdh64c/mRMCnYokoemve0w1G -9cJjR0rcknDgo+KQutinh3pTqbvYrtfP4iuzWBd8LV8 --> ssh-ed25519 YFSOsg m6r2ew7bjrpbA0QMs7O5MhSm0UpKCWHEJTlwm384MxI -a/mnaNz14aFuZCtcq46ANVydKRJw0e61N5e+kGGkuYQ --> ssh-ed25519 iHV63A MQu2VYkY/Cs5bhYe95wpdlpLfe/lHwhk60WA9EgN3wc -gbZyVF9l0W8+BO59ddsZ7c+VgzdPkNbq9U9oG0Kjebo --> ssh-ed25519 BVsyTA XWMWR2qUI1KFhcZxGgxuWOq+DLrTwHvEpI7xee/GD3I -jVckHGgjXWlz0kvad6EDZ1vDrXGjBM2dxT5qJswX2Kc --> W},tK-grease -4P6Gr7nsS9raE/XVkCkDawtWkS7a3o7r7tXe9w ---- de3b3x+RtRpsIBf3Sh72AydLgEHUcGeRvoDE0rPFZ2o -Z8pMAʨ$[󥟏<tIOrqoce,;MK_3-Ӎߘ\RQ&GᒷR} \ No newline at end of file +Qt9Q+RTtl07p6O9RjpGeM/AcK9MregnLFxd2VCOJfE4RtLD/euEA3+u0Ad/SNHtF +UdtELgQeWQn1RRSTycmfo2FOu80do408uNjk9HueA+bxuVB/W3hLmCADsfNt4AcA +h9ioCA7zrCfei5UhbThUgpU79n++IWv+fPZQ1XUndTpRDrLFBCmZIYvupYezPYYL +/QxpCQVZWmPe5LK7Cs/hsVp8SII0wk6pT+Gh3ZR2lqTanhcVA1pBkhcMjZLCW+m0 +gE6P0LOP72DoTH/Wq5krpjUkmTkAaQnedxMbRqUmqQ4E9XWprplzqe11ijItWD9c +k3Eqc9Rw3uBhDe6u7Uk0zfD+q5MX2tjCSZVrU8yf3YDIM0ZXgcLYZycwlVF165ob +Si7nk+0q3Y7cfizKTIr04KAxiM0S+z6vv0zAVulQwU8tzt4whovh+A5w0X0NqsfM +VKySv2EZ7T0HnDHtCN9aB6BRs+8BIipfMcb76obHWa1z5xDYmawebtztvwt4hw0o +V7VdC9SoVDwq3nFMLQD3+5jhbqfGtRFhSGLzbh9SbNg8Uyrtdq7vucmcLfXZVIJd +qJgtlxSYyhRgc3W4C5VU0imEw6OI9pU+wtKdxy0dkEwwDTtwbLm705ecGEZZncgK +FJoN9Ekmeys+XVvRQDg5mB6dLURYfAmpA1m4Z5n6o/U +-> ssh-ed25519 YFSOsg 3GMmeCYAYaauIAfmYa03QvngaHWoCplNNTQiriiacGo +PFnOJAATB5pW9uiMnZUG/aEpVowHOzfq8RYmOUkFHGI +-> ssh-ed25519 iHV63A 1lR+ZHsXw2sJqCHcbdYPR77w0k+LU9PEFT+bR4J+wzc +7p0YQW0xNUme7oOLsKPomx86i5mVexoFnsol75hI7Ro +-> ssh-ed25519 BVsyTA Y9X469NMDgT/KRWQKxg7+TUXW08jQ1ACXYpvWCPYBlM +hUojIB1Wk2yki2cgWMO+CUF4hAEmIwdgNeiXPjsYdmM +-> _w:{-grease Gg:\L| ~7 op[S^L: +qL+WeYvxxEUUSX2b1xSa +--- HDOAUEyo2WtEf2roCfMkEKNx48ZX08b0Tj1BMUbOJDM +mͧ{pYW{HGp[oL ~15 |#%NWD5'ws=Dlndoa۽ZC}ׂ_ő|:Q \ No newline at end of file diff --git a/secrets/forgejo-mailer-password.age b/secrets/forgejo-mailer-password.age index fd4a5c1..f93ee02 100644 --- a/secrets/forgejo-mailer-password.age +++ b/secrets/forgejo-mailer-password.age @@ -1,27 +1,28 @@ age-encryption.org/v1 --> ssh-ed25519 iDKjwg qOInns0pyNkaFNGoodX1QrRCSRDL5ncmJWSyDxCo7Rc -8mJO69rBO8IaVRYG94hidY6MU7UEn+ENejdHOkzn7h8 --> ssh-ed25519 uYcDNw FdZ8Z50hcHrRVuBC7HPnVPNdnJgyudepe/smnTkcmzg -ELojSvwv3K6YVLXEAmjoQxt5szvs68oRZ9fZ+QcaVEU +-> ssh-ed25519 iDKjwg YnMyPihQVexMn+Fo3GFLVdDdovAEGSlhcHtJKYsk2T8 +nGU7ENvUew6N4gzZAfSEqM5el6M4abC4fR535KZsjyY +-> ssh-ed25519 uYcDNw lPE7/R9GhYEinW9LNJ1c8N9oiTmIFesCML6fbom4NQc +cxwc9AdLwqOtBmb7853LQ8uxWovT9FvpqvOYKS1zbVc -> ssh-rsa kFDS0A -cbDwTYbZf9SZJ4SmjdBD7hSWMZWi87KUbAHTS2snWi1wjf0m5KngbdlWVcTOgwE5 -Gnn1m9cZKx6z7s/AUsPRRQizoYsUY91osPmc7lNVZ8mjJ6ztLhX1JhAy3PobmxDi -BI3WsZtMpL+JihSE1DfJ05dkY/tWYZu/yXDmaig/E54YsuyXeATikm/IzxbSXDDT -crSOE2YVS0+GjhEfJft6ckw9YdbzqjoXwdutrzQWdivvXU17xH11cM3xC579OUNF -c+EobYRjCfzsk27vFGxieV+0mAmJSM5V5mBQ9VBaqDiZ43gI5enCIVJIkK36f4P3 -lt9PQ9UmWJ8RPQis+Aaq5Ld5y8aVho16BQjCqDzsRoFTalVNYa5ElrB2nuJPYQIw -DV9Hj3R2wG4IZSIEq5WnLtk7Gda2x4VlfdlMhGXixPJ0xjYKWg8Sj0qlmCAVqqEc -QyWpVFEu1ogk8Gw2jQK6TvrxUT94UAyEBwqBbumqaB3JfsnDaxbFlLG1wWr10nXh -axplDvM7tuU5RvjPGSwUezkryfn8SjEod+04rQRLhe9JMD5C33JBI1p5JNi2ZAB/ -SyujIVCh+DRzq9IjMYCgCYmYp5P7pJlk+GZCeeMSbvf2d45mX1P2D6PrCm8uSL8m -Fw7mOliDyBGPizpQ2lOJaL1q4A5KGjAaRVuRJSaNlBg --> ssh-ed25519 YFSOsg c3VN03glwExVKBi83ftg6jNZ2Yzx4PGmRiQOpgQl9AI -sKrGt7U5XwNkyydwmXBxPvHwKloY6V/mn+5ipq2GYZo --> ssh-ed25519 iHV63A mH5q5q6ZPlddNsil1NjVLcT2gIxh+PlhA6JT9HBD/VE -O9OxtyCtIhNMFMUPCyPL4ycT75t/g1nvli6XXVifXGo --> ssh-ed25519 BVsyTA iPdUjSRVamrCzUJVhpzMyUhyxHisRofkKswvCb/qUCo -Z5UOndKbp5GPIzxB4xsNlGqC30dnMx557n07NkS3aOk --> fqFqA!-grease >^roC?oN -kKQNtgmcdmj4h1fFB4Fse21BfLrq73SdIZ/cyD1qxBR8VUtIPReLpiYJSm30Eg ---- mUQvto08o1xaSIbSE+zi9IPCIuZZF5G9xlwKUApylMY -6MU܈GWR"*#BwK`Ȍtsoga3r_T9 \ No newline at end of file +cX8p4DJIRP378pFp9Tk4di4VBTdIQ281PhD8lBF+mOrsdxEphlFJ0dpDdlRNYN2U +C/ku2yYVDdQjpwV2i16J99swGNR7Ui3g7BewySk2VeA2Zp1iVHYrxUcLHTU4FkTy +rO654ndMR9nMOF/eMw8q40fdvDR0Dgtz26uqKHqabpHQrmvtRZ+O///4PSLyTpUq +C0Rej1q9hsq38t1SwjYyyR4jZKi2eqUzNI8ZPriDJFwbOf+bKmFx2yxjN/DwjtTZ +P2iajSqXj7bTxarWUOlTEbq8CMEpCTk5GU4G6YVJdFRSyw+KOmCbQccH45gsAsn9 +DDhhDC1nc2WRFEBbSCQdzmdEYLQa/vsmdL9Uk2CENAmqJ4s7YeaOltYxIQuIIlhW +hDRW3MJnjaA3Z5FUyGGEF9G9/puWk+flFqaxdmPImR2MlclMokGFWQrb0LfBTKBN +OHyLa78pCrskgK7xvRN92jepoO3iiBx1cHDgBzNIkEKt+xSissSexRlTwmc0QOom +x9wEqBoMLy/CczRQisHRfRvVvbiu9S9ptn7jKfUExMmF5kZ3zMGnhwIKFARKyeRU +xrJ5xJXOc2jWtK8HyhOObj4JgZYwCgC5yZg0f/0tTwhmD2Rg7l/Z14Qc8z4uSr7a +ZI44yVR6NrnwvxCZc2VMRpS4BKYWZdor29A2I3Mf6es +-> ssh-ed25519 YFSOsg y7SH3xV54A8jRPDALbUgkI/kfG+7Dim9bQ3RoE9dElQ +upTzhcltID98iwyIvAV43TNkn1JiPPTZKYQDXs5nVrU +-> ssh-ed25519 iHV63A OvowvvUTzN/ZZMYciY8PL4jNTsFxvdqo0HZGhrKvpQE +6+vZnlXisJLgHsT973Mv5TW0CNaH7+95u2OLHcNRMTs +-> ssh-ed25519 BVsyTA AXiFtvrUa0SZJIDO128oZ/1EzuQCf/MTXSS8+JXRbBE +L1aePz98wwpswYTwyIi+qlMG5PKaC8YTQ+yBNURV0o0 +-> C-grease Xr"nY_F? L*?+,=6 >>* +btUoGPkIUxNHjEV0cngeRklh2GEiS3m1v9wMkX8CH2gDeFF2M6TTroCpsqRG191/ +oUAA7nf95TEVqPIENOEh2w+U+Q0AMxUvGdps+w +--- q922LPdFDFgQBvP6ZX4Zr8+bc2Rb2z3Ru45K/bPN6yw +ErG5Orm82(PyNm3|e|IK8!O!hRIWRgrK`<@A0P%N|(wG*tY z?=xI%?i<(%R)UR<3L>cJMYxSV!N)o0J6;^#g+#i2HR(>&*382xgcICR}Cv7t-nZC*DUR^2Vx-E8x5rIwI_yJ&`iE}dvV zXz~Hx)tHheSAke!u*9rRm1XkGOz;lzUs~@3!hT%fgP!lifR(t&TFE3&ZjbxP9%Qm) zT!XjE1nBvV-$zWsLa+>63{Pla45vL$O(zfaT-ewoM7?%1g3oTrL`O#}w%NzDru7!7 zBxnc=Wd*2OI$CYhEk8FxK%L~8KbUOU&DquhXk44}NQ4RzBCMun!g8~kKpAlTFjY2@ zw-A82Mm>-_f4CfS1Lc}3N_NFX1k3IcH1u-5a?_|zn5bIrI;pm&vn+>%1ka!^bL^Hv z%d$I!t|M&L=CNKo?P^Q$n9$tTz_fZS3r!@xr3B8~{H{9NeLP#`IUq-B-b9j2z-Nf3 zFw{;5>I2GpslS; zxGuqn6oiPa{V5E~<1l-)me0C2l2o9z4gyPIKLBUU_v30U>Kdu>h&x^64mzJ2uMrg? za8?e{bC{0W!__T|s)JRwJM1ofs&%Mi4;Z$^Tn6rYV+d`pR0yUAePe_M(km*DWRjVj_ZwF?D8v>Bh?ZKtyAEuw6SIpt zDlpn^u0(Hh1*OE1fH4X=gFB&J5@$c_OPe*fyXDbb=Wuw*OcT0A{X7$#=45o(JA{1D zYR@W8hRLY`DUo5b&WIWDZ-yV+%1N_TkH&+fZo)CpY+Owt2TWe0UUF%_mQZ@&B4Qbi zY+;rWsf=XOA4WFmE>|w}I=$0Tzn=rs93Bl!-3k+ee_F9LefBHP5lirqG3Pz_?q=G5lI`FZRMxjH&G zQI_UGQE6!F?uOGT=4U&)3Fo@knoTj_4LVy#q%2UC($llg?@uZHzmF!sT;c4ZHQJmo z1vlR%iIxL8R(Z0mu47pHE*tSgCr-(6)v)Irff6x7L{Z-~ho0ERJR6s_ixNe`7%;`y z8|vn*uNSB1c9ZzuY@FHNbap{wQI(H5erEE?zh+3B7xiFwsGC`WhAV28N`zL-C3>MD z_{I?DAVTF(Ky~NJoMXqLrVLiipEaz(rLP(7j*YyZ6=k0etWB;hPWCPoDT~c*6Ygjkk=?AAJA*!yl}l ze>I+YVBP=y15*F%ir literal 1475 zcmZA0y9?t40LO9AErWQ7gSZq06=Th#c@^(Y^G?$wZIh;X+?03HJexF+7SF}~Zd7p) z@g_F~!E+Kv;WiNw7Z-6A90VQI;g|U*7>qrbc5TE5Q{-c$26RlGd;z2o zzRGHFJtY`<>~M||M7xRm)@jFG32J>{6xfqm?*yDS&VpdmoqY^B)yqzCv_ol}+&cEo zTTkp4)($44g_!LmX+S%GH53IRRGHip`kLJu*rHrvCtkC|wd8^YRcQG>trQUU=*L>y zd9z&L444M2ZD^U5;RhCM7b3CrhSDdmuFf2b!SuSOP8FFZOPa435QFv+R4$3V%Hgat^B&M~fhLjhm1WQe>=ynhuOHsgKBm&L9X;7sFRRD4&|i;f<0?i?di_;&#bgfF?wI z0U;Vb*j?oXn0tI+6$tD&Cm9p_l|oN0E^N2kO|ieoZd{`*qp5bh9<{weuDc~*=GM@H z?23}kN0`xT<)qjFKMA^QnWa8y9NhKmlgS6A*q2O;=Ryx1z$-{_F6?cC9Kd0EgX(@? zCj{1@C?`W5#gO!F)CBsfii}?*I*WT+b!O1b0R*FhuD~)Jl(maox>p=;wbb=i zL|71{er`+KaW@rmAV3_4quc;1*qzGM40meBZ^pHpWEN35BUB9#3ds4yq@6<{wym5^ z#zIxy$8e?y&beXid!-IlZBOJ<^%V=2*s`Yzr4w~uRCxA6D6L@*VY zicNLpWQqzPWzSOp86R9PlKG)P*|E;DB&rlr<<2QTVQbVPM<^8HUCh9ZC+- z7>Rs|SKUxXUJm^5^9#*`e;&Pb3PN3Xo{_ghbWd*}0SJm%GxfB*Qe Q8^7HC>LK|4{BZy7zpQ!XqyPW_ diff --git a/secrets/mastodon-extra-env-secrets.age b/secrets/mastodon-extra-env-secrets.age index 5b92a585e132d4de8d3d1ad8364af7766db1b494..ca219f01da3fc7b2702164d36b6f778fe1162176 100644 GIT binary patch literal 1717 zcmZA1>FXQ^0mg9b6hENM0B_UF#b?p&zR**SM-=iZs!8N_z(ookOdc6KHp z6hwW|TE&9e`bHFLsr^~B81O|P7^5Zus}`D9zA1`FqbXGg^{7S2oBRczH{a)RqTnc4 zdqumg;?4Twn<5(QA>imtuPj$bfe#}HMD$`>NSde@phL-;xA@3047gTQ(m^n+OgSaD zkc7_~w5tz{!Ih5I0BMndyd;8sIE0p_R@#y~UHVbhbc=FSjftX=alL~5c`M$o)s{y~ zO;2e32_=~joGZy*#OMr{#TYp_^&0m}n4M`#p2Qj(fo2Ny?Oc`wf>DGO@o|Tm-1f81rvXYF4OPU+Yz|Np%ez2QqPCnmNwO|F42{N44Iaa{*gq2OYkB>aq zOrlBy^JEcm>MCCBnZoiqvVl~9tj5hUM&DcOHJw9Y;Y39rhMRN4YQrO;T((N7PB^5j1N=VnYI>HnN?rLWR}Yf;GV4|NnEkeXt0@qo@d+GU%P|Vc3Jc2in-^t$|cn_H)t-Msc}n z5`y3hhuA7!nykDauY4VLk<#e&?LNe`674W4z#$A-9h4f`K_b%v2s>B-M@L6J8_Z&J z>k5=yu&JP+xu{R9wRdR7nov}rq}Y?eNYThHjeu*~)#d*DC+~RYnG@pmA3yZM9bx>@ zYtNl}`A_%%{*9;aKKI-y^GlajXY~tTxccEUhx3em;y=%VUsmjwP8p&6$c-<4;>|xE z1HXHXIo#+!@qqIy@viHOC*srhwfB7`_{%Z6`Qeo(e`McFzn}Arv*g$Dn-}^QKKbtlxhv__hhG1|^N)R7_}WG2ZFhbqJ-;}af8*wjpXKj; z_}bIN$3A@=-n{YT<2UdBCh_Q55qtwNQ{l~X=jw~!z2~X-o&S53{^M^SdHYi@j;?_B zT)O-dQKZhq5U+P}{zzgBKFRLeCj9>Z1{{W9vU5Eex literal 1768 zcmZ9M?d#kI0mobMG13>E59o{O!H}{ZKa*UNO9K9?$tAhV-R1e|l4&K+m*g(VU2=EH zxgrxRZa&maWTOmGe6dZ3QlwbKZGxK)wIJ%7Ss#W2t5aq-5r?*F5&EWoz?aX9@8|n< z4LzxT^$hBP?)ntiIOnhi%5+|1IW0Y zwy}Li+;vtu?NBRXq86)RFjFLJHAdydigsAp<{{37^fJjgskIkA07E95gPgW2LmFfV z3N3fubc;}-ut>=awV*x$&8v2&2K+7Bx^g=i$7m1*%-prUNk^sTS29h8NvTaoO}mO{ z6qM*Nw$`AuoVG-6z;)Lcd85&sgb*x^XT^YWa#{o$kB8|g!wsC4UJ13r4wuckF`C-< zI6A-!bd8oN6rmy(OHr0YJf1K6O@WnpST;i<03bS(!Vne2IXp1H0F1gQT{pvTfM`3-lK(K8w;mp-drHBN4~x+q$dPD(>rJS*;*1 z?D7bb_>;8IX%Xidq)huUWxB=&O?n(ap=8f3iLNlhBAC?N?PM<1qD>T1g0Pk&OS@p- zWNZe5+8vrxuCPXGcJ$a~(6}`u)8mUd73K_~1FX1b{HPW) zkTr=a$p`k3yII0bHBs2^E`gS&Ete{ByHYn6q0BZcwjZ%9+=w)o`$JeyLTI_G83%8? zO3^J{NJhlGFLdK9RWX4EK#5W2)kNbAN!L=SQ7cmtpm^ujTn!_JI_K6AU+PgX6mEHZ zYoj)&NmbkdId!t>mCf7;w1C4AP*<1nqVg8$Kp5H-rRrpo@72M4UIB_bYIYTjFSKQz zg%ZATR*KDG%HDyYSoEX4dNW<6R7McD(~^h$)X9fEzI3M6?U+VQ9;y7~g$ zuGW$=4@%Y|gJM9aR?#yJ93L)+Ub~=tPHquzOF5!qE`fuCgAQm|+nFNh)?_aUdkmGk zW71r2Ok!rR31Ws!I^kK~#SlmV9{=!5|2*=C6O&UXh4&u6@X~8M^}{2_<|lshX#c4j z*01Tw+~3jk$|sK> zp+EDvkIuvIzwLc0^KbH*Ym+O#=FY-jTwQ(O-uC|V#%~vA-o;%0D|`6kzkKNOxx?=Y zPrPOO1vh{2kAFJ!4zJ^H9N%?g);W0YZ_N*09QUT%FJl*f@xr4Y*9&fX=eg@c@xo&M z^Dh+-U3*NqSf4-l)(iI?d-dVFU$}fedF+*UK6vSQ@eOC4?_Gc3?JuK0y7%cbm;Q0} zv;X;Je)6kdfA;m{>YeAGee ssh-ed25519 iDKjwg MIpZgS2K0KZ6NXSvHKaUs5IOwMK8C+THuH+OXGKgpk4 -rwBSIPZ6pHczmeEuNsPgTJIdzE7yHBglYHGbOSd772I --> ssh-ed25519 uYcDNw EY2Zk/jYWxYBPY/g6IH7aSIFvMuOwSplkmaeRC1aNSU -YCSThBBXbmozEZmUDgjA8xuFG9D2lGENZcWvCnRQk+c +-> ssh-ed25519 iDKjwg AEmgV4RMWvoL7IS0h33S86bBpCy1jxuo4Ey8SUakEzs +N3eK1K1BE2hLGF5qwQH4XVZN7y0s4pikYoxeltP1w4s +-> ssh-ed25519 uYcDNw eZrJo1AE7zcNjOn3YceDtRkumV0rwPOR5bk5s5SF+m0 +n9+J1xLDD6carZMRg05BDmaQG/78O8P8QVscKRHy6+I -> ssh-rsa kFDS0A -Z8Xs3hFGUElQdNlxlcnJIA8814TZJYqga/SUXjxG/uvdzv9uExEiNp8FJ5emnT0u -zAaFv5aYiBa1b7aYEVdk30wjmWPT7leOPTFF5qAUdiPHxII+jHtx+eCnum72po42 -SR03IjznH9fKaKiT0VNXDIVZnkP2SaAKhIj57XSUeE/weiU5apBmTMPzMQAkz7KR -sm7uFYYv8zY7LFC0ByPnFkYi6O+mc9LzunlGQVMAQe/fmoEfzI2dmrGhcG2iUbM5 -6Oegjh5B4iKc/fktouHhh3Wc/K63DM9C0A9mkqtqrQJPfV+FseQoQbFwvInXY4u6 -HMT4oymagXt5ifcc1WzyTde+Dz6OIOowpIXXJ0PjQ+KOn0PTG7+OfU/h1Hh/ozg4 -G+finffzeffxdXSjITi+lmoWUFaZAwiico2IjH8cqDWnl8XGNfukZbsNsI6CukY2 -aqffAZiu7MR1+kcMUjjG4OF1S4bRNYkqQej7GUdDmHn+dkJEuiN3ggXt+TW/mYPb -xPvPGOqDxwdOiyViZFBvZ+0ZAij8rnMdToNsY7x68B7C+Ew+cVomiIIkT1ghzmTu -T/ymvlqFlXIS3PFdUPQYd/+Ttw22n72yVxHH+61Ze/aQlt0nKdViEn4D03k3uNVg -K8VYuDwXIFdFIga5Hsw/ozp6tKZdxSzJsQJvAm0JFVk --> ssh-ed25519 YFSOsg M0H0AhDNYpa8nD2nrDyFJOsm/SpfJ7YJXYyKZMIyxl4 -YiocldCbP7HwuRi3AWfnFkqpWhuIuAwjjTzV2utwmn8 --> ssh-ed25519 iHV63A xhkCLcpQhqQxWacnI1M1652hNc/MaeCXL3e5fPGhXHo -0G5lFUE/gGHIz5giRjQPVWAIrHQ8LvxPpfVSBM3GEBM --> ssh-ed25519 BVsyTA aAdMnpKatd4CTcFhtqSj+fiA0ofy+zhbnuN5nk5/umA -LuidYMCiM7IvA/M7k7pMqo5HJmNNmHrzl6kcud+ZS74 --> 0d%YFa-grease |F -fhLc8y67dmyhWtiOEKrZThfm4sTsNP8 ---- /qZszkP7mR5whTTbCQ6JKKh2Ce+aySjeDX3HdDZag1g -~an@ܩ>x$sk)[JHFEhd^3A5_QpLNR*[]GXY\atU+\9bN6B\Wĉ.?N'Hf jcTAWAOM X݅"v \ No newline at end of file +b3klbHjUczTIudayv7wKpiK0IVPUjphuV451U5pEyRXKElJxcAKLae3h4eY30v0N +sCEu32zw7aBdlQRsJrubOdn2RY7ogDsUirM31xEHx/UcDsFFgm806usYAoZ2dpT9 +XELWPs/ZbPuoHf7aJnDXLTtL0KziichCJx5RwpqmKWTDliIcoGLyNVauOU4jq8rK +QuwKadE09U+HvxcTuyVog6lFRGqx+Ak2qRLyPnxDSAkiazj3gqop+G2IWD5Q9nQX +0GFAsoWVdBG/ghEl4A5ruSC/dVgXM7wGkgD8Fim7LgNm0HowmEyLPLYI8PAVp5Vq +z1/uScM/a/2zeZaY7C9JmRHCDb5weiOliSBHLQSKPiF55bgBQKRBsN2WsxYMArr6 +1YhpfIhs3eDiiTRALtyLOQrUS4xm5634ijEJ2gTzpr6XzmGJM9PPOdgbgyj2QtqG +3AaSjknieubNWcfa2/nA0dRnvjjvvG8xfMJOOkX545jkyK7BVAC3/EE88XXuRMZL +u2AkObphlClkW8zzF/2dTFofcjh7Ydvv3ggQBEnsuZO6LWsciuvWR3GA6uUvEAaQ +EbTFsLdIVxzUo4BtQ3Yk6789MPF6CZ+k3UAvFWHq+842lzPp/SzBWctkXTzixsVW +RNqqSHo9a/PEJ5FsdeUoCpov2DzQXRNtK+ia88+IDqc +-> ssh-ed25519 YFSOsg +eCKRumOVPPd3GEt1IoGq2We7jMXxfKgD2KM4iyMMj0 +5QOorpolodGux3vMT1XoCqK/0S22kpBUztPmtOF0fzo +-> ssh-ed25519 iHV63A /iWGqn9ON5KWrOiiWw1r693J90gFmkW1mdgq2aF2HUI +iFzt9DBS5KsmtIjDdiIcS30ysUM2X12NdHuTbD5zvok +-> ssh-ed25519 BVsyTA xcKWN2iiYPQ2pCRML9DYYyyeXgoJ90cupU8gVyRtGxw +gfLMdWnj42h3iv+zGP7uFRxZFqRmO4npNNMk6WGaQc0 +-> #6ut)P5-grease qB$ $ t5c +JEVAGQ7XDVC6hig+ +--- 0yiMTzXw2ijpPVSdSyqxIpu3wM85mYT8cVxDBhn1egw +>S効DF"UݗC!-4XOǫ $UK !wy| Jk-tYzF ssh-ed25519 iDKjwg hUHxNz0ZfR/cgTXIfrOobhUPxcFo8zyxD3idF/bpP3E -H6aIW7YO27ONIIcnmViIWaXiByJMmPFo6E8jsH1Xq2Q --> ssh-ed25519 uYcDNw +D81Yz9zAmCEeIUIxLirpd/OVnWmHQnALp3GWyxUshc -reldI2bJQ2Jq3JxHZ7wWnm6I1pTISQ9G+jjupCrhQ0Q +-> ssh-ed25519 iDKjwg ycwObMB/N2ylOd0U58mHULNc7FBfI6D6+DjafoQG9BQ +DXYakb6Bevbr+ZO2uNWFOJYcXe4QohqyrNhW6oS7GLI +-> ssh-ed25519 uYcDNw PH5y1lhGq6Wh0+bKIyJhWLDKfQQEtQX56k10CzZW5UY +sOvcq5Va4kOBLHTNJ8mQxaxgQWxSWM7VZ8PLTLD+2jA -> ssh-rsa kFDS0A -BYla6U3WqibQOXQFIQrs0d37pmGNvVulP0p18jjTXfA61vth/icCTu3V5VAHz5ST -A8o2gHhQfGXpFm9GMPMVe+OKHnD4Ws4cWowW8/GLMg2XgqPBdvownVwl6hspjmwr -Mxrw1PQL63fiYmCiB49UFaQV0OIxyo3mo7kmF9KKRfdTQ1kF/vjiZuw3Tiz8ubDk -DoaK0g062iI1/GPeGH3blaZj6cFstT9UjoPbdOU9WLkDMUc0d73ih1u6a3VmIY/B -tToYCJuwcjAUvX9Y3Xolx9vKpg8dVD48T1GlPADZCyajY2fEPbJdS29jP7NwQsZ2 -8sgmFkNzUq3Okjbz4lem/g4nlXQN++wdRIYgTLUfJWKOx5+bxSneRvvP6p4HyKZJ -O0OzJTg2ZUTqcpHvxj6DBTbg0e2KW44AkjMLIBwGxdfz3ogrfM2au0bA4SizXCsA -XL03eRmVbzgrBKNUUi6UbQ7iKp+OjWbM6jyZuNEwfepbedLqwDeTXHfm2gZBxUyM -JTk7iTERU5908VhlbNZY5rjXShkPzB9L5jgV23I9CwFlzYSC3mvPS7HMtWcgo8e4 -EBBH5QptHOvaZtDtDqYia8tzKG1KUg75fP4PzKB7+DjGv1phvTyzJDd51qAVrdJH -PheURbBliQOQaqNnTdYfpBC4tdHAMYEp85Y8uMMihYc --> ssh-ed25519 YFSOsg SJDEy0M+3X5SmXsr9C3CDbpWfyhnmu8IUIzNOshE830 -g7jSKtpI+jUO5OC7vd6TJWOTWsIk/x9yL4RKL1lAv5g --> ssh-ed25519 iHV63A tSREgTvnNiKMGWldq/Pp2EVWBmcs18j3zFDwtoBrQiM -kT4SzAuXqbdQSgmxbAy3BogMbh5tOPI3fuGWWQMK7fk --> ssh-ed25519 BVsyTA k4rwyukpUYOGvtG9bm2dpw51P2udNnFSSldm8eCJP0E -C4Cm0eFg0KeXNf/BGX+vXIeAbsdYmN/97gj5snvRSzs --> `rk-grease -Y6ohmk9v8XByEpy/oqM1aXpmeFS2ynIRyGiHfMMez4ONC54ZGOCmr1xUwEGxv7BG -SOltfLTf/rk/0ibNlvMoTqbUUhT1A/CBzSUH1tBy1w ---- DB1jba9WqtcKIEXV24rL0XmFmv1U23dEYaOYd1w9B4E -{.hP;v' ֍mFftʒn -4Z !E+B Lr"ȿCT''wɶj>bf;˕T˩ru;j&b14;&ң81_"o8]_  kbVAGy8Y|g \ No newline at end of file +fI5w3V5O4EHlG7bZGuiNyUPZ4nbl3ZqZjPttUkOMYGjw84Rcxu2Rqg2i53OEG9wC +mrxUdu744kMSxbP5iwLbnPGIhMbtY/HmggdaFI5JzPUrEE37GkUAFtaXCBjYoBFv +7UyhgYgwfvsZXL0TiEOA6k0FikfkfPKLheXZcvIRRRXz7QDufzit5M+XieLwYbxS +uiJYgc7ibuHQolTO6EFJf4+irdlXIWjWXg5M8mnEzDAY11PLYe+2CxguetrJyEmV +5MQNYNEfGkAa8/IfYe0LtnOiUNr8WcHDHQGoRqrKiN7yxjJZaMR6KCMC4khkhGL9 +e8Q9WphxHxA7Rg4TidyzQNd6dOkIWhcDUYd05rm7CldUr+E81dhB3ojYUUfuQN6O +26+wraYVb8SWS4l45gJhtNhIDRJ+gBufdQafPFtxZTjlq36y9qqhJ4LKA2/mD/Yj +tVrjAKJHbwQiulAmBiQPloDU3jGsbFlh70zWvUeFRmKEHQUU46GK1RdvuT29QkaD +WleEEp5BK8nuc+Zauf7xEqLRK4uoZncYGiw4tZxzhneYEBPbkK99b31c680NVB9R +gNYlIutc1ApzOlt9eIUnF/K5CudoDsfk90gIcZjpAZ9rCZ6O2z083PJ1YzpFejdc +hH/u3v21m5zCqGygFUkWs8w8DmhZbmOCjKbIzM8hZ8s +-> ssh-ed25519 YFSOsg LWTJhISwOh1w8Ll3MzCTiQcP+sUbcrwyCIbvTYPoIGE +gcxCieyITgqnCvRAomzKq+um5lTusjxEt8CPNxkXcDI +-> ssh-ed25519 iHV63A yHjOEwLCaPQu/abuyy8mH9W5wmuNrtoSps4yddnljHc +Xazda+HQS2mIk3BTP9ZhgpaQQe9BhcLX7VQpCMATjwo +-> ssh-ed25519 BVsyTA lOR29G60mxkWt2tvKaRBUTohXr0byt7WOnEHQajBwy4 +bq0RS0rjmOp/3jm/vJ7/pln+XU5RrpD7wPIRg0pJtME +-> 29Tg,l-grease d{) e6z s +CqQnPxWIn/038/5/a0duF854yEgjZwNDuKrJwW/V7AkJJ5boEAUZJvwRkQ8giKHT +db/YoP41cx8Vpqib/pv6Aa4fb+ovwoamkAhFp/NnD1KNJwtl8wTR9WRTFI0A +--- US3xOlecmIleG6Ye/LjcV8CSvsVK4oh8+SXoeK1qUZk +KAWj_i㝖ے(?J@e{cžo-Sܥqy0D3 G)>6 92n/9ryĤYK2uoNg-:gKy !x]fUiM!}RzE$MvѠ x( \ No newline at end of file diff --git a/secrets/mastodon-smtp-password.age b/secrets/mastodon-smtp-password.age index 90ca4a0b7be7054b538aef518c064bef98d330b3..a1671554005d75ce2649231d4441b12ab0299825 100644 GIT binary patch literal 1537 zcmZA0Im-NW0LF2|LJSDr!0E$lepx5MHOpk1$)1_a1Q9YxCi}ijk|S8yiP+d_Yj5EJ zEIfgo7Gh~MWS>WpS zlr+_c?Q_zi3rj3*qBqUq|Jrm51^v0R;wCc$%8KkPn~Ly3cC7VGOGpuUNRm24A$l~H@%c*YhhSHTf&*Ac%9+-_ zUGgp|86qH*so4a-W2Rb#xu+!Z7uA`E?l7wkxLgxg1^a`alyp{a8Q+oY0ttmet?-_Q zg?q#L)&7yr0lA9sA_l8GQBiLMakAiB9`g6ml(aj?Wmr0%WhAKdc-){_;sJfbZo%nL z#WAMDO=lb%r7HBx0S)EDP%e~GJVC+rx`0(Q7B<1X6Et9qQ zhjCJ;#lCQ-HW=Ys{P3O|3f>Zm_;o;#aoi=hcssPebexFf}ABz*$Rm8y@ zy$WE7MZjP><%yhGV(Hea$k^`?h;SQ*k2awbS_p4Do9g4 z5euEBX?)LDxzh?&Z09B~*FdZT0kky_gc32`|EhVVW%7l>*&vI2m zsS*X(zTN9kW3AiCX?hie;w{uDKw{Rv+CI@m_JfzCkAorJ2|N6w_rNC~?mouecQ}+x zcXJyC&@h%uwFE^CZ0%s437>mh0u(XNhbHy|7@V_#=}92M@^Yuw!R)0bn~aQe0P5ke z_<%?zuXUJQ#5#AFo_!3L6k+T=MduQ)N^P(?k!SV*P){$92UO4^1BYH-UUphgUZti8 zqPdx^qSfj0QUf9(L0+WuI`*Z*R literal 1516 zcmZA0xz6Kc0EJ-$oohgXDjgbGKVIThNFdwslEm>EFG&I8eThFi@otL?03@i8kfx)f z;tHmuK~#v_proLnU?_%SuHZSvd4nu@O6sUx?tRhJA2)4=j2QIv>89)QrzFNn5@R>T z?pRLQhTHbKj|n{IyRNdI^z~r?0vVkZU?Hp?naP=5fyNwLIzdruX8bep*>KWpj+Hi?>+O*ltpY?Q2B9Qadk*<-A{#kzuqs%>J< z2Tsls(jT0K+`_Cahpt!Ka$+h+ZmEO>4MUk|z*@+?XEQ+2>9LI%xZ4Uj1u5bP)D-OW zNF=P9Rq~VA1W{(@lLuME zz&%BQY?prYf;6-yMv8MN0wCC8@~`P);O+`87aujsA<=f5eqWEK*(LG_Y8I?Nt2IULdH#D zcI3whPDHs^NBq$wd< zVPWy?^#_zc3x~w-NG(!iVNcWTMZXohqSi~cHF2mZyei8RZm--9T$4~VZSq^gYH6Nr-pPqHR z7Z(CN1hS3j)yCscRa$V;^25|tFdryB56STwhh!fO{Ekufz1R%!eeng7&zqM@QqT6ACL$W?$p|q;GsBd{0zjfF)$9;`KYl%5iFdag3+uLKU3k1kd zMh*`nQ}p~}b_>=nc4ZLL2;aM&76->ym2uG1)6)jC25?j5$tPrFDTI3P&RsEkC*TRx zVIe1XxL}79t^^bT)vmX^uzvsP$KSp_{`%IJzr6SUH~)O~;rD;N`1_9md-wS}KTGkq RFF)u1{N#tXKX_Sw_b*D+?*RY+ diff --git a/secrets/mastodon-vapid-private-key.age b/secrets/mastodon-vapid-private-key.age index 64d2541164aa06c9b91bc4dbf6b421bec499d33e..921e416328f0f9bcf94dea75539e723c2d6ad37a 100644 GIT binary patch literal 1524 zcmZA1$?E(D0S9md!ICQUSWwEeMWjuCW}9rHg)EavCNqBDt25VBj z1|{L`YeqIIKXlI2)<1{^29_-t9_c4o^6Addb_QMsS|$`2GnMUz@i@gkcuv2aROjH=XC1}xoD5R!K?l^n4wh^` znPCW}YYCW5hb8k7^l;jib>EWraz`C85jow?d=?2CIx?%Rz-o_>V>(o=?ux`^?)*S7 z_^>O0pfN-?3NElF90;}7M${(js6?6mZaKahu#f<{#SGGWM--fkZ}{fCq9whg7t=Dj z3xL|9X988b&4)=Qpj&eU@qD(nsl9C}(LQSI3QnOvAi=W+e1vtt~ zhPJtcot;|1_o9BZA}^1)MZj_b&vX5b%xt5JkZzdQ8dhy}rcdy_g^Q(Pdo=`#gLRnr z;gniODTz*^G;`P-5#-|7MU9fV*l3AVXN`-;qhF4MOoWr8#1A2lM|z<|AV>VZ@Cvs$ zTsRPw=Vcu#qKL)F5twkipIYmZD&ugyXq|Bxa*gdDiv+>fnscYruLz(SXqRjJzyr7B z#x#YeR!N5YCczUWNqN;n?D{xAqSAHrmkfjZCS5v+3j8YKp9fC^+H?dtBhfVPFrHRJ z)QoB1#Jzb5=9+FB2}C?9eT=YGkp2Z*CYvyG)y{2s61S_&W`MJ;C=7Md{tmJ1Ja!Ua z!3F{nAcS3G@cO(Av|o>iv((m$9>3VACm2ef?(QT$Z;*L}2NFSb9BT>!FYbpHVi;D2 z84$nC1ZnN>_GST6#0{3-fVinltw73Nbgr;isb$9-L-T>kD#e-}$0z>bWi1nJ0%La7 z5GiQyBUn;ehtQc!H_+$3s2xVtA=c$^J$vcdM5Ef)07*f@JG!QX6-pGSB z%p)2bT-9(D8!;KF7}CocYxk?k>_W6f(vfJ-3C3JD_{b=rs~*oGTRKyD<~vqzP6Gk5 zUflo>7%37I8Y$AAE$DvBSoN|*q`3(BAV!tZslBu0G~Q&||FzQ(wC0`pJ^d-|;-HUr znim-#l5YvS>dnI5Q9x0YkB3%B2&dyKQ>X1hTVfnsEL^u^nTxOZAxTI|irWqohf~2d zJ#iCo1fSv{!o4eCSNBcogaLuUn0i>aX%bN#k1OPkX%IUhj73KeGD(lI8) zP$CQ?wQXw#-uTJeU;gEr-~Q~`pMM&c|NYss-+cc5Ki~QK+24Nst-t?v`qw9)T)+SE zAK&`!SHF7m_uu%=2e16&jqvNQe*Wpd_kaD<$KU(Ik3TZocmMO+FMj#E_r7@j)zgp8 F{{sPQ_}Kse literal 1456 zcmZXUxz6Kc07dB#?tp2KK*}%CnIA8SHwiJa<0W2_*iIbBhQ|96+p#}yu^Xy^j)o3V z@d8MoDM8RqhoC{4j*=1y1O;L!rWu~#=w6+By(GGissK!NmtCuOuOLAN47z`R(YEP* z6ygMdF^h~>^D$Wn@^G0)#g!UqMH$;*sW6v1Fe)EqL3*L^wwupFSd4RSK)!}u-PO9# zQ?|*4+CN&s&FgrKj*vCDuF|5zg_DUav$}ne);j^e8yDA+M7MYllC5F}XFf6{;k0w? zlZfnOR-63w4d1~8-D@KYT~(vO3Jp7?v=w@UKuk-DA_8fLR&mj=cBpW6fHAFv3(skw z^%fVAKcFmR?f@pOlmT&cS}A`tM(BX&Nh;*)?FurHl!idwtQjz5X#&MzqKHt>3&-&_&eM_OJ4 z9;;FOa#W|axhnJ7msExg_(^G83fQUMsM0|x$+A>~edb66gHf36S>hp+Av$0V{ot$v zcuLp|W8tKew&#P_O+v{PDYv^;Hp-j;);7*&RM6v*%!#Few`2@aX%k;yvEJI` zWZeR$*U7_G?g%3d1c7RdGgWF$VY)fmsr4Q(RklXJO0cA?*DW(?AbW(HIVuMXREKLw z&v`Yo(Rmmz8;m|kv(&F8zvM`4VA)>TYgv^Wi0!bxf@#s_3P`9p&UH=g%-Jc}#GTif z%=dA4j^etc5Y=e)l?sA0&ZpyQ%e&UaYMa1PlRBteGeW!);t+qipKQ^vYk{uHt^ncc zD7SraW`oQ(;C9vH6#Go(ZuQ*b=Nomz!@f-x^<+~S9aNawP0!lRof_3|w|#Zt{cg@s z&$aM|ad2GaS}6BiIREq#NRMUK8m%Qh!+$u2qv zCXeO-FjPBL{&75#vWDtNWy4Nf5ApzjGp6zeujT~ehCz|eyXEc1NuDW*xoU75AC3|a zkMX9q5+_dmh92YF{~m!mwbPMZh`H39uUJVdoao9n(A`sBs_A)p*0;Z!_KnBSSJ)D` z$$}I`WIfy{WE$1#3+xDuTszgY+_yuJq;jm|%~Fw>DG-wXvLz4Y`vgQ@8!hgpyBOL! z4L+=f-3hg&l;N`qBhIQ~HwR*b?(gpxtuqMy5#G|v`DnX3Kyis_WsS^vcT*#zr$mJ9 z4Z(rGjnHSmp+C33{`KQepBt~~uY|uCA7+n#DF1kSFMN0R(nsHq&Ib?Py8JmTpM3Jh q;?Xzh*Yp>^Kl;ai`sU*YpMKlD^JJU6`t&{J%h&&wzk2!M$NvJm#^!7Q diff --git a/secrets/mastodon-vapid-public-key.age b/secrets/mastodon-vapid-public-key.age index d2321eb9cccc7791863e5a543c6bec602b3dcd01..50f1b9e10385c642d7efedfd9ec48fbb9e3f6c12 100644 GIT binary patch literal 1478 zcmZA0yX)Kp00(gCRHIa+lZ#xJI>cWu$t9N@sF386OD?aw7auakEP*ROldDPzusP(K>YLU-04k<@OA=rY$3v0yH(Di3Q6 z(luHF0s$e_Tr}J~S~B$d6r&Wf*^Iq`vk(VuXPS~t1_eB}YyMHKvG#Mh9nDu8iPTXv z^^Zu(i7u#ta*)95W>JWyvqV@4MiSNJyw(D!Q#Z_3r}ns@`UXm-t{;L8BeN~RbuNK` zGfZ-bP{NTgc&L??Gm6={29ZEoz*B|ZrEO#|2s&AIL$w#!e4(X71l!sK)borG>?t<) z%OHzaS%HTQ-<%k4VxGcU1h!4V%`9(~v4q)&{6X|>ac3L6P#5x^Oi?lNB*x2k{CMYZ zWMtryfg|w>@#__DftCOu`^3pG2M?UcF=R}#>?KP;4-zBnc#C`3rmX9wWRhz`={K}9 zZk=7F4+j!D&P$VwDWE0U$Ri}B+IEcVw~W%FmTF*Kq*OJd%)zW|b$6mVYa`5NE{POO z!-c+f;7=3p2zx0I87RNC3Tl-kC-@Ly*;ZJ0JkuXw*Kx_6zjNE3U8kuqClq0;`;Kj~ zSRR2o+4T4ZTmU`+q0*l2y*1U_+umr9iMmsTels*21JYy6CKi?nQ%T=CwJBCUPB%o!>wd4mlm__@ z6AN}g2Wq6@2`zQfQ2}EO#NX~XRB-6MoZ^F)(7n`Rf+yJf14{&MATe8I=<~xW$y95h z(m=k^NU<-4MP$+oOQ0l*CERts9t*gumOC(FsYQp@&3e)V(-Y*{r)6OwNaSadj3NdN ztme9DHD2LmM_Scoy{pqfw8M?w4dcLpY(7dTzDeQAARg}c;YTf2Q>tLpfg~74>ZGh% z9<)rbUfa3G;0eiZu)fO zf?J~w;bjs+#Z+nvwX0A0fq?*L2Afo;#1J+u%!x%sIwRK#X*b}mrrj#Vj`I|wgv{=s z|26Kcfehg+C_Sh00G-435GVm>XJ?}|!AtzQfZ|%%Q+UwUwd2K+<&DU>TzgT?u;#ZfS{o48b z!fV&h?Y;@vkI%p3jNkp}?{B|+`^PUX`hWcSgYn*z=a%+`Tm6;n&Aa!w;o7CEkH1{r ny!!rA@$G+pyXl^P;g`El-1+tUSKqkz*X_?f`TYa`?pyx>{SfpV literal 1605 zcmZA1%j@iR0R`|?L9(f?tZtkNf@S#K$$Ju8q?tS>$>cGaJSNGeFH#Ta! zMmlG@69N^RW{(a~AA$1554Q|=l;vHk>m*MQL3cGf&t#{Jqiw5=O^w^#`aPJ9$WLnW z;246-qW11+uIKs=NwK*UJbRqVQG_QmAT(oBHnMA&vpFa^QXdNyHN{EJspFQPBz8)b z{b_p&PbHb1JQm_<*X8ofu$$@WPN{u%boRH~mL?AFZOJjtanG8bOvX;v#C(Zk0}f+= zWwf9la-581=MFU*(71Z@lM~*h1`Hp(ewct=xBY<=V=k=HW0iY?fH-T#EspDB z7OHDW6fclerl8#ks&iX;hMroOT4r37eOk zJ9H+=5o1Lszhif{l_>Ibx+GG*<-C%h2g4!kvv-R-$(#?M}V|1OO8rzILW7AD{esT*-3_q*w9I#l-N>2lVL{4Kik>Q9r*nQc+w)~_d zCES(_x?CghBvOjRl?0icpk*-KZsff&-LIx{cK2RV9aBo&nz@Tmta2?!E1)R+|JrzY zZ5w>0c*y!B011TWqwdke&MVwLlZZVA`02@j>7g?Bzay)1q7z>Xm;#{;ctX zUqAnwKR)-(&wZ--I{NZYte<}WgZwl9{L_ElQvUl}_dQMj?)~!O-@f(v?>&C$g>M{` lm);5Ad;1^n2e19*<99#$!wboCU;8Wm>DAA5{*6ap{vT|xAU6O2 diff --git a/secrets/matrix-mautrix-telegram-env-file.age b/secrets/matrix-mautrix-telegram-env-file.age index 2497dfdfc6ae974d903a22130d6cdd9bd4c33752..f52fc7c661583576586fb04f36e22d013bf21f00 100644 GIT binary patch literal 1957 zcmZXT?eElt0f3pZ4^$W?AZo_TF*4^YKYH!;dTqkUde>gB*L&~XwRaI+-|waGy=(6- z2r`|?21De>W|WKxiy0s$zyu}JX-04&EKX&}<`!fUMInO?nIB+m?gL-kU-0Bfo<}mY zDa}^=u{-EG_6o;0pb!S8R>gv#Go`6WG6@s0F2(gCBbHK{9#JfjX0L+@QL|A5Tjeh5 zkRHril7_4DAeC{6MAM8&pb}|aM?g%5>EaC+7FCw6yJ`-~Y7=^(QxXFC11~-t@$KrD zX~UL6m7*9(nsUZu8IR#ivw^LoitUp6w0GU zv4%qxF(?_(2*T~OMXMG0U=V*M<|$4P)L!DUX(*BfrtZX4nNvr$|U zS&}sQ!LS?>OtQ^$kRyY*qYrF1M@9`zY!{;*mgR_Xy#U0MFf2PmGat_i>PTWKjm83$ z3ksy9i|w%%pl+dGm2R3FF% z)S`#1J3^y8U*+XInCRO{4HCvyza?^Xv#(=r+$9B(DF9F-l=WJr3yCaD`cglUB$<3% zDk&4mplnY{T5=dzzDQP~vemQNuAK`>P9riNq=*bD0?}ktH%YxCL>O&*g<%NeuGHd1 znyk5+6y}O#$4=zH;TKIYd3xQ0Ms$WwrSn9G%Q&!f-Q;k|GA}`!MIMwj6BxrDWS<3LnoeRjb4)XQ$d{Qs-2dM!nqpF zvNmZ=+BF;y@=-6e@{=5ESze-*si!7os`EuJm|Y!1m7;}ZhgrWvR`ad@x#?gRo-%w* z3ba@+yF$$-2eAj2>H;vB6eOW$N0rDK1V+JB_#w>(2BpWD(n!r>fzzRMH01{cJPp!v zf08Tn9k7zL39d(hc^7E5&3f3fUCqZT770vEO~snZ7|vb+Gp_PU58S3@n6^G$(yimAH9+g7B1aFQ*&;~?zp@`HoZiW-%&KOR{`2moKY#SY6Dv0yXP;R@|7}h8p6c^6 zr`;45zqZACYyU$J3;pTzYacwn^2{%i*Uuh#GBtnj`xP(0ea+&r16Q=opYZFZf&I&t z&p&nSk@})_*H^s0OTOpiY32NWH+oslUD|dfc;NNf&Zp$blkaVsI=uDpX{*6`hp!1t9W#&viPhZ%&{*-d@R_~X<_kRRze{uHRpPj_-I`+fq zL;8ZLSvU5~KTXX1Q(;l!_Scp_w|em_!dJY-bLV8f3$0b`_RQ3gzB?B@{@Z^%cptg{ zs3ul%#Gvt_Y$}6uD=WZap$w=)Zt&QFWSS7;bjjWq(6S_ z>9v<5W49{h&9_3dq6CsJ!yUo=)Se~@Oc+419) z^Y^E2{4CtN{{H5dK z&xPafyt41?9W%cAjaT2;wQEUO+i~Kj7dLKw`aAYVYo>ptm&Q=>rB|a{9`)uNGe6o_ z`QYf169?Y8cj3uH+pp|B^4FJEe*WUYM*r0PQ)eH~MGFoeIQaf%^p<{kmf2r^{lD>2 B&~X3& literal 2013 zcmZA0{qxg=0mtzTzMNQ@Zon5DKCH3{jPRvNnkKE|!L&`=q)F2>O`DVc%#_lgovGp+GN#gNhz!^HMD%ecS#k% znr@qtuGNN8HJNjQl#Qaz2CS-FCkHkv7@5OJC5lN%u}sQRH`W;Tao2XxE^vp18I9nx) zn2I*i5|4C=t`jcFV3qE~k)8(#KG=}01c0=iBvenKX2Ta5ks)9-6ab)}*(y0Dmg{k8 zG75CndbyhA$}E=6mFs!YlgoUBk>3(_o}l}cU~0yE)qyb=}6Vm!bCu{6zEJWW*M zQmVqiNk6Alqe{V3NwNwseXvQ;VbCiv*(6>Fl_Ads3S1(_=rRvS2`A8CavUNlP=*t` z12kL4hmgXa%cs3HNQB$r$RuBAA! zTw&v78^dtju5{>RGVKuw-^qCzrbGsrp%yJuLQ&{IvXa-j9NC~Gx{U?;l+jYHTwm(- zP!*B8mL=p^*#jz+WOWi*-EXmlZh~l-zHoKNS3fGHc-B;d9AMyVD;zE4X*VI%;*{$_ z(R?0>WP0N(fFdk%mA<{>?A-h*B*n63O%;TLSRZ$iZ!)} z2>B$|3`z0)|0*S1Fk~0=eJoQ?N{r_Kq7B5dbcu0LqZ}9;8w;iw(6o~VmnQlN%dgrL z+C?O%m54zDA>`UN$mcP|({nm11@@e{`10K|Biq0Auk&X^Z@gZe_rdPzv#&da&UmmP zJ^#sz=O+F9;Vo0|TfXni;lJ(rd>eCIhz6Jc=AG}sdp7TwzV4RkbN%o9I)2^6S^1mx z?o&n%Za!IiZprpDk$J~fB-iik_ZB~XVgAO(!oPfb#iGaKGHxACMY{3Et@-KEpd5GPKa zntg@5?SkH+d%w6hygT*w>4`hPa$xJLxt|{Yc-4}z(XWoI+;x88Zy$O;-TLkn;_X{! z!k^B)`H|$~S?ZJP<(JMrf8Xf!(~iY1{c7~+W%x};UOHhv75y>u;qRBe_1>ztM(=%Y zjWD-xsc~>0y>)a>ZPMtJ_?5q2{Pf-{6Gxt)UaK5fy!8IfA5EPCe(iSr4+oEKxsu{< Xf8wcEmkl4=FloidQ!kQaaKe89ci7^o diff --git a/secrets/matrix-synapse-secret-config.yaml.age b/secrets/matrix-synapse-secret-config.yaml.age index eb1dc12abd25c30684fb496fe16f026479ee410e..276c7b57c330109b0cf64b71277d28b71272f4ca 100644 GIT binary patch literal 2825 zcmZA0S$s@~9tZF!T1JR1J|&jXNG)T`K4(TEb!ItpW;?TQr>>ZpoH?_cSu$sKu~Z0B zOL{f-CDsZ-mC!1w5D~EianT}{r05OGb?wA;ANtbg|HJpc{Qhbj#~>Q++IK|fN6et5><1QQ7|Is$ow#m2V1#+*P=G3 z1c_6%s4^@}A<|HoB?FY0KquvrBUg5eWFN`)&ZW#dv3PYEMLG!-_*@xQb%X{Y)iiGc}H)NVG4F#LAhVT;LaM$iCi z0=$Td00SBzEVCKpBAJB`cx1Sip)^@#L9H0mI*6dpZ^BYM10JT>*m8iK!jrDB9%X^S zgxqXns@Yx%q7mr8h|`7pl0uF@#M5j1`gpWZC>NtNCPPG|1f)zGMD>&iCmQw}5x<*b z(ED-7#xJDV0`f$_>GUT+H3-63OyJ|n`2eDZ^?WQsIEsuR3zOz@e5e)rbQA>ef)S-p zPD**S53LCTh*}d;c-3A&WM(B`jNoAiUy0d3HGzXdR21TAL}3KQCGikpWN1tjCjr0` zm5E3~0wt`FB@l^S&rNx01Qtg`ff%Ml(72mmnsr=nR4Ny7*!pOcgcN#_EldW3)&NC| z1jP)aHY|h1MJA_MEno*ZFlsOgi)0o81`w;kC_`aHP1r>;r%)I6gv?mL>OiGJ0}+*& z0E!dfa+tKBQ0R+jJXp#Tj}&=DsN4nlY2I*9LOMiAk4otP!>W{uP4gOsl8}t8Vx;(1 zr-_CpRTS8#RJp7{0+KsJdacuvNNKgOAYhZAnA55OoKD0M6RI3Cm}&P}G!c@6#&9LU zl3@wR%(YrQ6uy9y;Fuh2j4&Ewe$b_ofh_%p*-Z(nK_m5fNi~5m4N!s`HX4*Nmd?Xd zz#*eiVw4a`IWL}|@RB00$ymf!NYuDOK@9^P{;}T zg%L95V>_&V7aZ}jtWsP@(TLD^{KMLrQXXQADMW>OQjZj}08KQYA$4XQ?y=Y;q?qLw z2LHp%r0zsjO7YB46h9jkS&?Ht(#KKM_NRV#{C0((&TpuVT-Bzp7ZKEh$ zqL_?rR0q`}yI-Vnf*v^`mY{L2Ea24{c>*aIf*jlsLj#%qu6bZHp94}|5fowoa&H3W zsPtmc6bf-^96U*bf>ACQ(~zn}5`}SwnJKbSxG0P3fZP^e9+g&up< zCRDKvYz2xy0+%}#DY7C4XG}+-)9KVgRBL7jY(D0PgW8!1rh&$eNG*^l=H?6STrSRM z_`zr_B_KjJ3N7>l<16cOdx^M5vfC2ZOj6D}MW10>(bw^-`TgTW{|$$xzP=$`MPaRv zd|I>cPTTc__uY&PB=_I~CiYnP@0pp?DIe#=pp94lx$%tYO@9B;bKZ=Sv4td~O+G$ZsxB8+>n7?wbdU zOjqOm$}61o_)Y-|Yo$JHr+Hm0f!uULr9w6J1J+-mA~A zn4G@>*1RqL^6vJQ3;({I(S7y2M8=|J-sXlcPS5{j-)E2fYuB#pS=q6-c(7!QynRj4 z@6;1#XSMy78Wd{G*uJP=XKN!hXY&uMKR>ghvekQP31jc#r*n_I_~o&*^>u-AWJk#* znsnt=@zBv3H9%%$+r@+ES8J|8C}`=Ki^7 z<_&K7c|uzEB~{HWx?Ve(;<7=T-u*FAm-BS^?HjbCZu_KtZv)gV>Frlu?d_AeNajCV z)wC-2(EY4*LqjI_a9Z6U)rc#PO9uL8?LO9}a?@u|7C!j;t1H7dlZcDgVY@>miAg(najYfynmvzq%Ypk(c=s0-lr%Z zuUxshxm){>jH8oAtsA{-Y^eJEd)=scP#@QjZF#k-p*^3+FWoFyS$ujoT2p=dOjhmr z-EY1&HwVKSjK}a#-2W`QOo(v+IsDe|mKm$;?ac zUUhV6&DC$vW8!DzlcAplPgWgY+gzC0`)S?gTaS8|obB8`Pdu`;zhn2dxu%T>3eH~Fxm_GHI@y7t>s+Bbu?!mMxU z@w|%Bi3#-e8@FZ2S7#2aeE+X`OC()ND%SXJDrdelT$`u8T0JI{x{vCfboP@*pzhv< zC_Dm=X53|orqNqg{7LoR{(Wl2kgvao79MCid|mcL^i@p%Kz(Wdy?#!`;& zh-bKZy)1Z!y*PF5$mHhRyZZQ1*R|69J@e#S9V46Wv;+^rg@II;!%(*_ul4K+-Q0Wj IjV{su54&E83;+NC literal 2833 zcmZA0`Fj%u0>*KWc7bpdsTNwU6y!3LOfr*9B5fhpC87HGj zUnD#|68A7uELu@1J(2Jhxm|1yhsCG+#7ckKL&ppnm5TvlVFUoxZV8J=nH-=wWEGAp0H9$PJ3W6Ym9uLC_Q8XDfCQ0*O zHNxr?YtnQQF(`Egy^NO;dBb{$9dJcmb{VF0>oFKgE9?@?El{!aW+aoK3G6z^7vcHb z#*88YE987eobWMmuGP#|f^5L-Nt8&d(g~SP<)qj&&L7sE4Ty{xIa|pV#H9SB z)d8R|6Bj#uI3l-U3ZI+?8WpLOIcQd49H(6BM`W-^B?eqUb^_Gle1_iagmjTW0K|P! zqcz3>K@gP!l-H`anMnc5VWB~6rZc5>h*)@vVNMy@p`Z}f2?z;a#}LW=V4BCn6e=*N zisPRrASEE-0X{0 zw>{yeDDSS)G_9zph|UgcC;`u;iQ!shXm`yb6L=E{4w{gvmRv{q>yIr!(^M-Mv8%ZeX&=h5>| zuFbFT=H0x5o)}VId(YGTdsVi+dDq^l+3N=-wbRu5jxGHJVmAGhv#%9MD=-2EudgSc^t$jZ%?jG&!ccJRx>9#iAcwQk>V&a?5t-e~^Ryq)4 zEdSv|!q&BM_}PL>M|+r$Z*k@0m~}O~Z&zIr#$T;GauS^MV%j@0%c$b99lvcH@ucC& zB1X4(ckugZ)Qq}eo!zyo4y5-#10*Yg(;u(==fxZMHGf;15Z!z_dhpJ`r1qRo&o?@A zE(~7v-q^=PQRkB*Bi>eOsGUVG~1*DL5)?yl0@W5E|gkH`A&zBp?8nBIc}(0cCShvZ6T z%Y+MEt2ivEsH&$j&m3qgOJ?tQN&<^sH2+-m^kZ@;gZ+-E5*d8TBzsCBwOjW8vSY$` z1;h598lh*bX^&stlC|`$;J*3KBcIdCU%tI<#n zhtH{OI++=%{-d5qu6zdG&ECRkdqa4x^I0F+HE_tJWi2-yenBA`J9lhQ;m%9m+xhgK zj%gR6hadDV`ljXkt+S4v$ugA5d+P?m2L(qTI2Zo-dSjh*@uOq8^S-Kg4hc=Y)&JUM zMUZwUbLbOzdT#}_?MdGcpC4JN*tX1h?f0yWAJcCI8|TcJ+#D>iA@3fVS+-^BoXym5 z9pml0KvH@=vi9}cd$Yrb$;pek&f~{Bil=THac^{1s8Le+V2tO-@=Vjy0<*mEUp*B+ zY{|1J+vZbc&6~TvX#9h=Syem?8P6~8-&|i%3mVrQIC^LMnRoY`{^+xvxMskO_{u>I zr`|hKpEcv|!K+n3dvV^8t>0q&b=|kYuI3hE$*WM^g$)%8N)+$Z*8CCV{E(l!b9hbl zp;Y~moYOgLM(n`9dTTT%e?_Lhd8_+T(OT20E1A1<^9Byl?tAN6(~Vx^w2=*l=8-ki zwyvnqda%Df=kbkS7l_;6@7Eo$|(KCd*b zvrA&!YoD~8)84+nssDp`*{=B~j-BgBpyWc;luP|uTV7M1uGLm4YQA3mr3$!JRk`!` zi5Gf4ZC>Nee_7R*xqe_wZ{xwmyIMa?=Or8HaQ+@oiS5dzz4v2+i&_6ZV|_B>J#KkJ z>yU>BIvqI^6`~WSe!~iY)g60uSM{uAFGu`Z*}2ql#~Bag_FcAdZ^!1zFOgvdH?lft z_B|!qnziT4vO1U>I^O3ohOaIz&Akcme>poJCwuFv8&?jcep@)2_yE5ZwqL?FXF~#T8oQPnh(amd1_C;&qBq0 z6}?M8I<#?Abs{sp=tx6$@1}Oih$TlQu@l}YHw`)O*DU$*-3^NarQz)>T4MM|p2Ew! zrpzv%^lZKB(!h&zTw#~|bH7aPnVDpwjg5c7!h%~Y z+t{d$Vs)B5AQrNPTO9<8T^200(8fmmwm8jc-uB1y@VrrxJ!M@oJ%(%5cR%c>0=gr> z(|fylE}ya#B?yGsRf1M8#csP&te6&93O8z0EqB~@%G+k%m2STfk(^+NGmVz}Fq9sM zXa0(W)m+j#q2QOt+*hZ0QR#KM3tfSWC_0?!u++nxep9;ziC`={FBlquOi^oHYhkd# z+|;53HDtRSJwu}v8SUn?(1=SZ0%A-Jcj*Rl&O(AyLuD~nLu|gesYz-lNw#HH8*@wU zb?db@&C%{62@cExV(WwW{i-5R7qGF1)Mu^GM*f+m(UVQjcqxvRFYa^qp*KEn(;~-b zLgbJ4=)y*$2_(d&ua%5PEQttHea#qLPsAaPypENZ!!dV9=j2HN&Mednvlt8WISW4(k zu2A?bpkR-l3_A7DOxDRACm2R#a`t`s#-R{I=l0?r%56`BBqgmWHEq_x?K$>dVP%W@ z+5$jQ=AC&q9iitd`Nu?Jd|9$-+le=F?;R-hrJ#OAA-*CYD<3@E>hdWU7=)j>D+6#lDcBPJ}%h2u!2lSM=izOtGr=sT@swp#a) z(U-nq%1oY@%$m*0?Ku8o<~k-tW>K}*(!3>;SnmU3z8VKGRk1b!1erM8x(;yQpG&l1>&_va1X=fPEv7_Rg;v(D*b(9QAad}g#6pzH% z-F9jvQiU;MqHkK_l-IReSUR=N=`zZ)6H3)BIkI48KevlP`J97`a%8vJV`^;<#<3@{ zgOSv199D+Z1Z5w=1fdjfYMeJeTy|F)^dQ50K(>J{jO(!_Zq*Q14uUQfDEW%zI)$9I z1K}?K4L-Vu+^y}vtwXfLwFtNF!N_rVVi!_VyXM-{U977${g)%~f*`W}mB|HKzDF!c7z<)k!L!7v2Yhx~%nu^Bnv% z^T)HfPp6jJug8%SSywb;3fP`=Jw5G)J>ygp84!5iHcf(@@Z(v7_e7{3kTGIAO~g=f zHHm~yfIo%Hpa1xWFaGxSt1rL!);Cc2Q2+gR%FB;F{PLII`R50JRi|Hn@)h&ZKmPaC zXa9Zs)#t!FzyEZ1eed7je)00--+m^)`qy7%{s;EU$A8|6Ui?D-?)~TCZ>V2=^Z4Q? JJoWjf{|9VV09^n8 literal 1543 zcmZXUx$7(k0mq9Jfx#w_A|O5%1s^i}oSB_-QwVeJTsu4G&hDti+}F-MI~M^l1YRSi zN|nFjK|rty*rc(MbV(Cz(xi(Zh~f|7HSsU_@IC!Bev0d`U)wQn>R&c}3QY*`^sC)4 zWKVIl$8qGa%Q>Z((;X+>vW_I~iDc!2WFnz}8zwEb&N;l1=$!3oTAE^SGk6D}eaW&7 z#}E}yPb4%xSMi3Z1Ff<1DOdfNm^E&Uj%#0HKcqcwA*and-)%5ULwotExN!fN?&;MjTEH`W02S7*H59I~{GTHpB7#5ff< z4n+v9vI59GZxUCO_gZV5rdS-1y}b`OYGBE3YLDCrhStUKIVjx^aS+`h-HPrjs)x_! zRDxUsxK9OpDh{S#e(nHNDhrAmmFZ_?|)|)E*bfwFGm}o+MH7@SB!}_I+BL0cUE(4hjj7 zqeUzS2FI|6P#l%vXG!;F0B3~)2yaUW~0%$O>!g&IP9_Y8#@0 z=Z13RtwLis5ttR-89ffwjR#@Ts4%?`4guGh((2?#f4@=yl{y%p7n#+G{J|JiV>nNxone@L8xkzK zGs|71K{yL;u#RH=|IwJsu-fzvg4L9iQUly_LuaVXg;Fp$F!tKg3Tj1=*{ukLDc{LCy9Rhl=iVd#Jiu$(90e` zj$K3f?t@G4t1GAscwWQ-9W*6@FlC;o=*sY8jlqoyKT68+R;Sc_)%Et!F^SIb2t+m+ zRCu0k9YoIZAT^qk9vQCf1=>qPo?q$)czSx;ZLL$w>;j5SELX7NqPjHS3ubDe1NJOi zNjPJFG_7+4V!)3-{vGlc>1Qv#`Qj(+uU~!k*1tda#n-=o_5OR&A74j5dcAw=YxMfj zKfnLO%eTM!$A_PH^y^nm`N_BMz4(It+_v9E|LimW`rDWP8Q=Z>WY|HuFU diff --git a/secrets/nachtigall-root-ssh-key.age b/secrets/nachtigall-root-ssh-key.age index 359a86f7ece00f0320ed47ab95e377b3f51ec5df..d1514e6ff67c9a524d13378d3efc360bf52917b9 100644 GIT binary patch literal 1860 zcmZXU@9*3M0mehNL}~nn83&V0^cb)hZeM%7UVkA!()O;s_O8A5de>eXB;2*Vws-CI z+TOL-dx4WUK{JyLlIcju7MB@jU=tRmn^{ESrXys?*bGi0BRGfwSr|bjj^KQOFYpg| zp3n2*d7i#wui6tc&ZjdkoO~mU9WaG})w>Hx;;!0O89^YT;8h!=%qjF|YQL+K`VeL) zTEt2i(i)efkP#G4$n%Jy@dd?=@qxK8fi69*wrAyvY(-2Gm(?^I*qyOtaUfsjMIFXN z#L>H2*-*QmrOkD-DrNiKlk{hyHf?KuKTapK1LR9n zkg#yjZica>)Y=LY54Zs@(?o;~ayfP)ey(JyDZ}!ov^eP(#!OWykwCBI4-*uGDNI%k zoiwYX#b_>6=^m7)DP$9#$=fww$Wk-r#bG$+Cv=d`nFv{$Szc!{peB`q0YQLFiOtL| z(jPe;7mi0wm5^b&I-nrlCVh(H89@Xo!s%s0K?ju-6YXFza)wm^6cjXsr7&8MbeGk8 zj@^R{ANA4YKx3D#;-uER zrqd3B${;|Sh?PQv0 zX;Idut;EA~c`8?f7AJXE1&FWdauizKsZKCa3c(!C&bTEYXWHDY^oxX{mFE&T)#gId zFzBI0&|29kTAi^&U6J5mCasQ6>Pq#aqPy65z0=qLQSuc*El9 zQSQ~eR=GkNOU5pya*~WIL#GT)iQKdDE{BNIg_eYUuna^^lZ4nV7N|y#H_76By41@k z+Ln>()gr4}&nkiOBF7At%mlEL_X4ag6k*j~42P&zVgb8vL~~c^_yNIWjZkWkl#sRYiBePjPggeM0QnO;aiwv2%-NieVq)#|L)-%;IY6QU``E)h^dxW}*!epV} zA|~2AY>DpS&Yj*OQX~z?~sLwp7)Uf?RJ!I0Ar}@)ikz-NWp^lEJR#517bi4 z!>h^V8sO_-hh(SHm>EUT0-xnIKjmB>;j3SshR0rr3u6g{G%drQZ z`O(@yyL?05+FHElMti4o5#74?z#ksJ@9Ezj`8eFTUR?h8ROPjolTD{jF{2a3Ft>ib4KFhX`UVnD$3ialW zcUO>S#dqlUui=<~tg+q@*=-@b$M(GP&-0a^JlQWiLVS2+`xzx9fK%%?T(^7I z*Kfo0*ETpk3(M#_~qrp z=St6C`)lgRku%Qjb7$O{C_uPB#-L=>D zrg0{^fHC>vkP&_W9ZTk>X8FP|0~3si=$C|SUmuW-Imu??n2`-8juCO9{;*&67rc^p zJ|D$0mW)7)7vqT?2HV2eg3#rSJkGE0eK<0xi;S2n9%K zSY4?>2SZEalPV;m?Y39#hH8k$G9ovMBD=_6*WyIUxdhhBqX0JbhprfeJ$m8M_*@{d z?qr_A1YAQqg}h){L_B2%O(wyL1a7NVrDvBXnt`GLt&vb#2C95Bg_ynq4-Jww{TU{f zl5uD>HDX$y7NFE%$2_K&A_L0vS|d<;q&KeCC=wU&X`OHgKsTG^R1FMX;6byDN~)w) z>;fzd7>ErQrjK^1GSN`VL0EF+9W&Xn4pR|;d2Yd>9J|ZWrWK_DoKZ76 zk|vx~%y+oBn+;%&nOv>gG$_<& zUOkq_I#-H^WG5nKV{R4@wu;$Pk(tQz=zsMvrsucgMjhbdwuqGHBuLL?Go?T#Z5th& z*C3y3XQahxxGk6Z{ZTuPFsr<9FrQ5R@8MC^V|2lpXC}o>!M=`J(oCiGmQ?c_KuL#O1uW?Lq#Q5i6hgBLGr<~7 zQnmX%Z>Y+_fQ3n}P$_7#4I?wL6W46M>4A`-_h*X+&CyR$6`#WX?YNnMoqu6kn#H1 zTEKF`GqZTx1+zgR<=W#!X{wx`Ol1u?!s(6fw3BJ*XD|)fi#zZR9Ov0a| z3v5z?Fk)8hBQDY$ayM#qDOm_;4lIuRnN=Hd6`y7^H`CE}CYQS?o-eAkk?mAc*#f7m z+-Pw?FEqW06?Cmu)vxvl88uXJuCkQe?O>5;+i{t%%X-xC+k^jW56>3%7m_6_Hk8E3 zJ>c!`1M$dU5JT0(g`4Jihlm9tEye*NQHq-9$JDSyLiw@bg0WH@j0R*#4ug798e286 z4=gP$wquQoT_NLJW`s9TtiR$Sy|9JzdITwF`M62ts>^!vCm|R)AdOPt_cI`LA zTdp2l=kNHi0|Bd_IK2mad;b~ij+-vJ4;_5`{JUF@-gMW-W&DxBfqZq_+VdO!75uLA zSL^kX^_M69d~WiM;97!8*fZaK0n1-L>)v_!!ja{7o;Y^=zH;`xIKAbQ-}Wy3bM)kW zYsSq1diz5s@`rcaKle^Nd)uAQ{^9t!OFw+=k!9!L#}0JCdpJ$%LJCIv_?C_5K_LCdl z|M2LQn}5Qt?E2Bl*4{d$e(aYko9Ahm{qfvuJMHQ6*6n|zk8OPX@41KVx0p}8d+*Zc zFTeEZp#Fsq(_f ssh-ed25519 iDKjwg 1a8hvqTn2un3yxJkdltenSSfEhKMHxXAKlfSnD9vCWo -xOzDWr87QMnE9UgnNimz/C+5aKhspG38RQDhhRqg/EE --> ssh-ed25519 uYcDNw Grc5lFL8+r+Evi3bDl5sCidZMZzLU1K8qiZ+Mhqc8gc -mu0L16Ar7H6ZGsSMGw9W9AwS+JusygM8fM6LMtMsCo4 +-> ssh-ed25519 iDKjwg bydjKoMlcmku7EeLcXflr3Jtjttr3DHhxGz3EwFS810 +RULNHIfG1ueMpePeFe88QKElCRI4Co0ZuoqvViFxecs +-> ssh-ed25519 uYcDNw vOSLnWbhNa9jo/95PrtI+XrS0Pj7CdhIZ3TWJSbQEGk +AmIGuPhrQVDJcAx9T6mg/RwRu/DIeeGjmzlnnXAa1mk -> ssh-rsa kFDS0A -nJnBVo6ArUYVRYUDRAPfBdxPPjCaOqM8fi+7LNLtThnyDzRm31Fgq/07Xy7ual2O -0k10QbXZv3nnhjW+qimfOK9qDpnub0bULBAMKxAGrapb8KdTqpMgMhK7tuySHH+P -L8VTLt5woBz+hkla6P0o1s7pcPCmmQ6vITpGDUEGwFS/orYZdGbAe7+sPanagBx7 -3xh8JRh1VszNa7pRhkRLM9wwLtDCGETT1+5iwdxR18IijvJRbVKkONX6UYkCzy0t -8UmVlfO7m7FN7sdvX+59+70nxhxeECuwZh52TZHaio2NyNvIioFquFZ3SfiLzdd8 -hpUGH1/fPTHvlCTtvI95lXbB370Ta6vpR4uOvAiHz1Oc6aAhbl6QPcZuUr6pFHK0 -5zxlOgc0+3nN9Iv41KbNfoyJYrEVVuMCizdbeyFGTJe+kKjdKbBblJSla0hUGINB -ZsKhzLG5jmCXDo/WC3vVImBN2R+0AWvqoL2jME+jrOmbAcqYToJrv886cEkxdaxs -O3DeXLO2hIGpVMVsrsMyHrF7cBPQ0lahM1tlIzdlzbMeDjM6HO/WYa2fz8XGwXu8 -puBTtRyg0DL/06s9Hr9WqzE1WiEPVl2jhze8jsIzshcN1yCoV/dKnmOVBPj6rBxd -dl5XfpO1d6AOtHx1RquWa2BQWp3nkWvYMgTRaPbpK44 --> ssh-ed25519 YFSOsg eqXDfDhoOgy4g7nb1X1mfT20kfPkixWs9QqpaaDwCyg -+4aFNWh+b1BeKUqPGU79R9EkbFDp/YMSBYMMunV2YrI --> ssh-ed25519 iHV63A F0kH/Uq+wX9F+RDZwTQW4MF8hSo+nwOSTH4vOQF53nA -d20TVZfePKn9y5PWZ0XWV2Xr7N2Ma6V3eSroOiZcgXM --> ssh-ed25519 BVsyTA VvabFmOpUc+TCAFKQYFmlPokmFyqYiD0W9hELvOXv24 -QJ3LX0bqOgujAB/2T//oCctA/fv1Jc8WugVu6iM9gxE --> x\:P|P,}-grease @YO [b'lw5 *.WKU -hfTYY2Pu ---- vCfB3aNBGwwBSvtdjzAUKCzCt/z7YvufcAf/VhaZfcg -a9r_GMSs#(;a(y&|!wiG!e4xc \ No newline at end of file +fDuHqn9LdtgpO3AYo07P2i9rewpURoco22wY1SnDhEHls7MkFBqPUTO2EAXMc+OY +tZSSs1rREZyECH9DG8ngZ3E06t/Z0Uk9azr4RDaFmhzh9rb1KFCJkpLscuDDO7kJ +OiHT7MwNuRPWZxwT1srxX2T3jc8jKFlNUXsOpQrtzRqKWmeKbOJzpNHjmUlrvw3V +fBnVN0ai7vlvo1L9mbTgQpu+3/08CKvE7N7rFteNe+jYQRLC13iI3j3rHeOj+UVE +09rTqwijRtJbkTBxt9hrFDUSA592akYHuKAt+bklbQQlFHZ9bZScE+P+mAC1+ySB +Q/XQhTr2FOO3G+2ieEOb0RGekozOGwJB3XK0sm+rVMsfMhtU/+nfbQGydFIkTgbq +BKnAk+l94h6F3W3WmpOQTBbYVlfou3hmv2aodOYfFYpUHi8kQR0y6dFkARU//zz/ +cS8gs7w23JwGinBVSfsISkCMaM1/lnR5ZRnYtHIaU8aG5RAZhx39+vjBYHsJPKDp +DoaATj1bskIcSTzqPIu7s4B8gI9MuEid8eUAjgBeuxAJCa59k5OxbtVAVx17DGn2 +QkLd/kn0xrJOPyY81fjqS7fapq9+gvxLqdyyznPQA6WKkUJ4DumAxL5lLq70a9I/ +dzk/AC5Jtf6SxqRzX1eUJR5SGI5aSJxo3Hih3m6nuLs +-> ssh-ed25519 YFSOsg +N6SyzhtCailgt6y4C4/0mlGjuxWS0bWHakRX/Bbliw +bkQi60J0nfB/ujoYu8SiIxXp0Ff48MuNzoW0/CDd7AM +-> ssh-ed25519 iHV63A nrHBLzAxmvsxKvEKH6oqS0XIQ1K2kFmPZdOVmzKT00A +R8t/WCmvSO9SBR4gDxfNArdo55NuolHCKYRNtF5oPTs +-> ssh-ed25519 BVsyTA H0lSXGJX+7TplHCmePj3AKeHLf+6GnE4pPKc81fANG8 +ESTz1sB2HWity5dnao69KuFBa5JGeTEgkqYg8lFQICE +-> ^D4?-grease R ,*WNbA@u l$*s}U| +9LAkmaox13NiExiel18LqRT8hUryLKA +--- VuPVAYEmjv4FCkPmiFUCqdtznMOSAGslqarqFZnibuM +N>_m؝($j6PDBNa iՅraф$|t;CLx \ No newline at end of file diff --git a/secrets/nextcloud-secrets.age b/secrets/nextcloud-secrets.age index 937ccec..6f3d10c 100644 --- a/secrets/nextcloud-secrets.age +++ b/secrets/nextcloud-secrets.age @@ -1,28 +1,28 @@ age-encryption.org/v1 --> ssh-ed25519 iDKjwg GHVh1GUADEN6UVTUYntCaYfEqH+LX+gvaICkBHJ5OUY -rfoD++gVdnZ5HSlXbCOy8Pn7if6QM2WRaShpk0dCJ48 --> ssh-ed25519 uYcDNw kKeYQIaKjVDKMDBkluuxarRfv2wR9W5TKHzbu1DR2hQ -bfFYcbcQ7De5hwkCng/CIZXWLHgr/cum0+OfRs5ESvI +-> ssh-ed25519 iDKjwg Qpq2SP58ytg9NXD8eYvlgvVhaJMOQVnTxhDrydMNHjA +V6ES5O5wFL52G4Oc4dGFWkqdFMkb3DniEex3a/fljj8 +-> ssh-ed25519 uYcDNw Ll11H3DdUax5iCn6QNz4zZO7+R6ied79GEu4HEfXujs +G4TE/qDl1deBy4g50lNcKKVNvFxxj+9HpgYKVHt2km4 -> ssh-rsa kFDS0A -pAZ0JEVyYZk3U1vFH/STAuHucNECpbhDdnJR7asfMt2bgTs1dvI9ZA5XBpJs3U4a -PntBwgYebJyHhgeZ0L7q5NYE6eLVThkxnWvm5OP2NjPyTgGUxjp+NA7WNw+Fc/gA -mz//NLMmKVHuknKBVEaZn+2lBWaIXyTkD3KetqxChDcXSnKswesLa6LdHLfE97jP -gHX5Y+JVNeGOlHPn0Ds40I/aFGJJ56p3cD3nTsgoQyGpoQGVIVHO6ghRmVjhSkW4 -7ZfPluq9G0u3NbSD3YjnLrAmUzdJsLPmYme2vvu0YKJr40TG6i5m196DSDuvAtM4 -XhiClq7a2KJfmEF+epVdoXo/7GrPs/F9Bb+NV1S7bVJX7Q87gQ3bbFq2LISu8QvD -HUlx2hJh0fZXpBv6yHIqXutEL1g6XCtpkli15wrHBfEQHOxP6mB/pNeM3gCYwOLX -ZdVqpR46OzOErNDwXTniwQecuKrRB9ecTjmmRZycEZErgEcASEZgAlfu2Q8EIW30 -65byX4EWskm6qlhLxp6SfRXlVcA9XcwIg6q2E2UIoEukZQ5zJNKcFAYec7/xTXs0 -DrLyGkOO+8C0lmCDY8Escd4cge2hIbIcsnQdkfh3NQT1ZqXEXkef/XB6yMEzvysg -3Z13W4dcxwc0ylRFwm2VKcBQD9jDwCyeV4iKohFIyJk --> ssh-ed25519 YFSOsg X4DtlP1y5JXKyaYXJ/l18S7cOGIDlwk3vhrO0Vk6t3U -OXzEp3tRncra6pBvDoeiLkF4SlaHZ6E6j+UV0q1WB80 --> ssh-ed25519 iHV63A AYUNvys+v75VarEdcZ1g9r9bnW76Tfq91gWnyED7kB0 -zloI/t4Dfa4re850ldwdFEjbF1OR/5G8VBAl9n7umEs --> ssh-ed25519 BVsyTA glhHHYg1w7qntg8J3y+6zKJHBaC6PZWFQJnmiQR6axw -WiIDKiuzouGyiyANmEp25T1Dv2IRyRx+lovSpdFP/Dc --> wcj`iUv7-grease }SsQ!/4Y)V\Q\y_g+HڄHoN@wd @ <: NO X!/̬Y7_ ˂ʠѦA}^q -؃ ɐ`:/"iqjGc[>YtT:h$Oh#, R[ץF3a]{Jѷב"Ƣު \ No newline at end of file +gtXlJkXWTs2pvW6sm+FzDo+WaEh2S2ttIflw7x4Jswqaa7b/2VbnHn89NyYNG7J8 ++n/Un8IbG4wh7hVsbhKEOZA8S1BC0c8gXwLoexgF21GYmbWGUR5xdbhVIPnJmJpY +IPgp7Ai72BEv782CjAVlAORVNzr0umtfq3PUlq6NXiYiyb7MT5g6SNd5Avy5r73s +bUZWCUW6m63kDRoVNgfGhrSLHFi1AgLroIqhuuOiRWj16lTUVxh2VkLwRPERy6V8 +jUpb9nb1uAYzMMeMSAvRM5actTJxQA+5chSXUMhp6MR8XiB+EFFRpIDkcfs8O2Hi +0QytXBo3W/NBNLG2RUgLMfq2mnI3bXXvxJZXKfmNxE6e6RVR6tSg23LlzkFtmE3c +DGuYYBz3h4yxjkkjvKJ0VJ1IhQ5wvghdKs7kM+n1wHNOPBSKom/84uyHDvPrTr/0 +7S4Wx12l7DKZtTzv3UItPmBVRSEjbBOMZpQo/13rLQ1bx9WBeVVNSqjpy68W0Dlz +tI3oWX9WIPDUB7xyCXHebkxGJ0lBrza85jnFt5zASbHXeq3pbo7rjPWt6c5oWuiJ +X/OtIXKp0sxeXEgiOoAnNn+yVPBm/9b3ote+T0MwsVVLXQ3HCsYA5mXZCfRK5OA7 +w3nqorCBnBCyE//MCo7j+A1W9HKtDKAJltwfhemhtiQ +-> ssh-ed25519 YFSOsg kTmy8aPCd4THlnO6SWyW+Ifc21Ggau4fxdiQkjyvNwA +Ck6dc8IpHhnuD6FeHJ09vsdcgaoDfYGfqI5bvYV6CKA +-> ssh-ed25519 iHV63A lHVBVGdvw1yp3huhqfGstff4UKRHp4wmbGpZPJxHjwo +eWqfE+s06UgBSK0m9/GWWvhFf6ZcsN7vsygnxeXBF7k +-> ssh-ed25519 BVsyTA vUCYL+NZu8VT8G+bkd/LknxH/7cB3HwOalTZ4Escghw +p+RZhqg6voORDwSwWZ962NOpIn6kX3cryuhbqVD7rzc +-> LzOpAF&-grease mZ4f4.74 8%Wkxw +i6KRW+yK4flm+3fDrVbHAIMNzcbqErlGKHoAZJOwYrhl0tAaZBLk7IIPQ9bas3WQ +ZbJ6fgj/YYbgRhX0jUcmNwv/5tI +--- 3bobJwE4FKDA2SnlzdzzTfMO8NU5+PvG+5of6jN0eCQ +tF]+>`]H}T7VԾ`!&]Z^#ى҉]i`Tk|bRx&^n].|Ѧ$ږh4KL0x^q_P^`Z!pcB1}МxbYv"QAN`4UXYlЍWXe.dr[S폶Ħ,Q~CWb3f )$_MkP(PdxUo99h Ka7 ;M \ No newline at end of file diff --git a/secrets/searx-environment.age b/secrets/searx-environment.age index 76db50015034cadfa5f067605e6bfd2e81dbcccb..ff9993a9fa0dec931e8ea79b6705b9143c2104ff 100644 GIT binary patch literal 1505 zcmZXTInV6m0fp;WN<)F@GHD>l_luYD+FWA$^^85<#_No&G~UMhKAy2hh=K|U2_ez( z7eJzbDqSjSA|+|lA%w0(19XU+;wn=31&_{o&Iz;hDQ)9%?XN}G{<#}7=iJAIi7e+fLtqq|yM#C@5q)bz9h_PT#L_)-Lq%*dL&kopu+2{T4);=^iPVCTG zS!jv1wcZWf;l{-2UIeJVl%8BEmZjHefcI6uZqKb9M59{=c5BE67gG(R8gll~ur-GS zQw1_sPnR@?kJd|B;2s}rt!r2DdV!PfWbhM%mW1r=Y?eiI;dGYUeRzFo^GF9A1|?Dy zmJu1X+`OvGwpS8ul%*6AL{n)GY%kEfR2C{8!G1C8;?W9^l+orl^QO*eH}a72NZN5B znmaWku7jToZq>`3uMD$-_~?91b8R>UE1iWypThwH>Rn_D`}wqPRg>sksBUtd7z_bz z){|2fw4b{DN#yRTk-(J(w=Ie2>SPZ6p1CX+i|@B3tZc)QjbsMDCMi^fs^1Dr$5RS# z8QGd%PPcA4S~~uq>wB@gT(=pJJRJZq>AZH^?hXhwnQ(?n2)J+yw9oXJ%w+|p=B#x? zIxkb9BTKNaFriA~EV42GbejD-IOwQY=!45#+$bX&npINJEKmd#Oh30InIK1646X>4 zVW#QYfaWyJ?oi@Z$keT>s&OmG8FkcYJBpbKe{|NF$DAt^APG{lB77kW20wBwU%^hB zbdugn&G>cs}d$r?NAN6;(F=d;1B=G(iFBE)9SD&6MAf83UjU1A2s5@m_ z^VX};#b0d~y6zD*YdrfjxuzIODK{6Av_0{FLw2h=t#_)55cNKg|9j0VS|NGVmfJXe z(op6@1Sg5DCM${(O3JG_qgO>OupERrslyALULQVW4jP7dD#}aV3D&@3F?OMOSbw3I zJIqvT`PgSuZQ}gpH`#b^S{-f!CYfw=a#F2Y_PU`=Rzj9ujuRhy7aj85wei;)Z3%me zLIhP3^fc?|`oWyl(Vr5d#fb#h3#k%8!&Rsg8%-jUz5m}P|N73eXSVW`jcGWgn|J@n zY@XL#yO}@<LU`LN?;P1VL}qjQsWA`+Oh zv|2Qwr>Cb4?s*RvlV;lm>EKf1p|kee7)zV5CwU3c@zGQF{b&%p3`Ot%^4`d_Uwy>9 z=>GNDz6gJO>+A3BzrBTj1HJv>Pv`cBf4}y{-~SMN_m}?n0s()S9zXcqv!7+_AJ4w@ dUw{3R=l1o-|NQCWH{T>*{L}gL#pmC?@hj~B@y7rF literal 1522 zcmZA0IqNM40R?b7VGt}uY%W0*o&23UclK;B``l&jEO&NnW?%2@JNU5j6C}MLh=pYW zAs^s1RzeDq*x2Y-Fh%ewyyn%X_`%^EKaF4FI_$T0%$xdGO`k$D47_}D7>4X6j!qZ` zQ-_?p7E5|?%ym(hyzkB?bT0~YC(h2(ZZi7D#7dQUWvO&0xh|_C2@r8ZDc3s!pHp|x zSjTBH?s~rKdf#;$rPEUCCDwDI#3%Z$Hn|~pUk<{ixLMzm^csP}a_c$2?#XMlX7mOP zRElu&U1NpWgdGwf`P|dj<(TE9%tiZPW24I-J%`}~k4|xMg^4rY=UeZGZ?%5#52e68 zjx><2A?p$F&WN|WR5U%t%8eyR8;wEcV|s48shL~~QDPBj2cwqPR2zbAZsE_=b*$?P?g(PV4qG zOqOuUE^lcYtjg42XL%XG!od=QjmM0gU@L} zo+PJXxoa#2qKGTj4ensvYV}Q3Wf5HYZdTV$&HeO316zSJgux{98H%yu=BVLR6{Vh7 zqZDD*!$BO+w2>#{QvXgkt8a&q%po4vVVG&E z9NAU3e0$zK4O5%9JAV67S9mBxdcaEbl*26uF)AArtbRIeOx(b7G&sYXdX)HrbxqtX zxL^VSg-g`4b;5+A?NV}hp$7YWr*s0TF^V2~iGl**B8$EIu9iy{j?jk(p=(K)%M6Fk zdAy4ah}IlfnG?3$33L>_wFOc0*alkz#L5xoZIq1HO*S?sf%yo+*{~QRSv8QDN#%Vv zD91No?OlzrhRvW4Ww>0<>2f5jcGNipefIvfr6?Cka(Q$bdxAxB*>@~k8lck|)C#QC zhE}}N%^`b887C$CBsp&`IQwcr-i%o)L-YSy{F|SH?_Ic;w2%EE22`-bEY~$n9}%5w zx5c6zOv=QMo;ocWF-Hs$4&vUS`al?tJ$Lu)hPWEz3KzSvWe>PZ0gM(jj_4Qiktv{! zr`i+6^mzeZUS1C8OBC?`%U!HAV6J_PV>&3f+<3@%ThCg>!G!prf{HSMfBfj9AAJ3~ znUnuupa1#wkAMHZ`3=Ut8sks-k3Rf2M11r558wXlvmd_t=lA~TH(%smPxF^QdG+^? kfA^jJ@wdO$|MuN4`47JTm%sk>XTSX__(k>J2Y)L53osn|)c^nh diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 10e2a20..fa761b0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,6 +7,7 @@ let teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall"; + flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6"; baseKeys = [ axeman-1 @@ -19,6 +20,10 @@ let nachtigallKeys = [ nachtigall-host ]; + + flora6Keys = [ + flora-6-host + ]; in { # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall "nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ baseKeys; @@ -32,6 +37,7 @@ in { "keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; + "forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ baseKeys; "forgejo-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; "forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ baseKeys; @@ -45,4 +51,7 @@ in { "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys; "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys; + + "drone-db-secrets.age".publicKeys = flora6Keys ++ baseKeys; + "drone-secrets.age".publicKeys = flora6Keys ++ baseKeys; } From 1bd7e5c0e77f141453a91b4ed5e7cb51569bd339 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 6 Nov 2023 21:34:50 +0100 Subject: [PATCH 3/7] docs: clean up --- docs/deploying.md | 13 +++++++++-- docs/mailman.md | 21 +++++++++++++++++ hosts/flora-6/README.md | 50 ----------------------------------------- 3 files changed, 32 insertions(+), 52 deletions(-) create mode 100644 docs/mailman.md delete mode 100644 hosts/flora-6/README.md diff --git a/docs/deploying.md b/docs/deploying.md index 010192a..43e748f 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -2,10 +2,19 @@ We use [deploy-rs](https://github.com/serokell/deploy-rs) to deploy changes. Currently this process is not automated, so configuration changes will have to be manually deployed. -To deploy, make sure you have a [working development shell](./development-shell.md). Then, run deploy-rs with the hostname of the server you want to deploy: +To deploy, make sure you have a [working development shell](./development-shell.md). Then, run `deploy-rs` with the hostname of the server you want to deploy: +For nachtigall.pub.solar: ``` deploy '.#nachtigall' ``` -You'll need to have SSH Access to the box to be able to do this. +For flora-6.pub.solar: +``` +deploy '.#flora-6' +``` + +You'll need to have SSH Access to the boxes to be able to do this. + +### SSH access +Ensure your SSH public key is in place [here](./public-keys/admins.nix) and was deployed by someone with access. diff --git a/docs/mailman.md b/docs/mailman.md new file mode 100644 index 0000000..8ac07d5 --- /dev/null +++ b/docs/mailman.md @@ -0,0 +1,21 @@ +# Mailman on NixOS docs + +- add reverse DNS record for IP + +Manual setup done for mailman, adapted from https://nixos.wiki/wiki/Mailman: + +``` +# Add DNS records in infra repo using terraform: + +# https://git.pub.solar/pub-solar/infra-vintage/commit/db234cdb5b55758a3d74387ada0760e06e166b9d + +# Generate initial postfix_domains.db and postfix_lmtp.db databases for Postfix + +sudo -u mailman mailman aliases + +# Create a django superuser account + +sudo -u mailman-web mailman-web createsuperuser + +# Followed outlined steps in web UI +``` diff --git a/hosts/flora-6/README.md b/hosts/flora-6/README.md deleted file mode 100644 index 4600605..0000000 --- a/hosts/flora-6/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Deploy infra branch to flora-6 - -Use this command after updating flake inputs to update services on `flora-6`. - -``` -deploy --skip-checks --confirm-timeout 300 --targets '.#flora-6' - -An alternative, if deployment always fails and rolls back. - -``` - -deploy --skip-checks --magic-rollback false --auto-rollback false --targets '.#flora-6' - -``` - -# SSH access to flora-6 -Ensure your SSH public key is in place [here](./users/barkeeper/default.nix) and -was deployed by someone with access. - -``` - -ssh barkeeper@flora-6.pub.solar - -``` - -# Mailman on NixOS docs - -- add reverse DNS record for IP - -Manual setup done for mailman, adapted from https://nixos.wiki/wiki/Mailman: - -``` - -# Add DNS records in infra repo using terraform: - -# https://git.pub.solar/pub-solar/infra/commit/db234cdb5b55758a3d74387ada0760e06e166b9d - -# Generate initial postfix_domains.db and postfix_lmtp.db databases for Postfix - -sudo -u mailman mailman aliases - -# Create a django superuser account - -sudo -u mailman-web mailman-web createsuperuser - -# Followed outlined steps in web UI - -``` - -``` From 43512ae6e7d9850a1fa0c4a3fa59e8ed0290e13a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 9 Nov 2023 02:33:14 +0100 Subject: [PATCH 4/7] forgejo-actions-runner: use Node.js docker images Regenerate auth token --- hosts/flora-6/apps/forgejo-actions-runner.nix | 12 ++--- secrets/forgejo-actions-runner-token.age | 51 ++++++++++--------- 2 files changed, 32 insertions(+), 31 deletions(-) diff --git a/hosts/flora-6/apps/forgejo-actions-runner.nix b/hosts/flora-6/apps/forgejo-actions-runner.nix index 612a24a..2f7cba4 100644 --- a/hosts/flora-6/apps/forgejo-actions-runner.nix +++ b/hosts/flora-6/apps/forgejo-actions-runner.nix @@ -21,13 +21,13 @@ url = "https://git.pub.solar"; tokenFile = config.age.secrets.forgejo-actions-runner-token.path; labels = [ - # provide a debian 12 bookworm base for actions - "debian-latest:docker://debian:bookworm" + # provide a debian 12 bookworm base with Node.js for actions + "debian-latest:docker://node:20-bookworm" # fake the ubuntu name, commonly used in actions examples - "ubuntu-latest:docker://debian:bookworm" - # alpine - "alpine-latest:docker://alpine:3.18" - # nix flakes enabled image from + "ubuntu-latest:docker://node:20-bookworm" + # alpine with Node.js + "alpine-latest:docker://node:20-alpine" + # nix flakes enabled image with Node.js "nix-flakes:docker://git.pub.solar/pub-solar/nix-flakes-node:latest" ]; }; diff --git a/secrets/forgejo-actions-runner-token.age b/secrets/forgejo-actions-runner-token.age index 45ced5d..345ebfc 100644 --- a/secrets/forgejo-actions-runner-token.age +++ b/secrets/forgejo-actions-runner-token.age @@ -1,27 +1,28 @@ age-encryption.org/v1 --> ssh-ed25519 Y0ZZaw Povd/J2P/1tppBq1rh3R9rTYWoXJN1pfQokGn6Idz0s -ataZHdaYvFwSn3gR4fuMn9RvJTA5AwKD7lgYOCYQNb8 --> ssh-ed25519 uYcDNw +5kiekvoqciyqEQ2pojHioLF02vsohdmPraXIpwHUiw -4WA66g6VB5ORcnIEu5qrX6MQhSp+Hu7FIX/K58oinVw +-> ssh-ed25519 Y0ZZaw it4q6bLS0mFPUWfr0VrKC7tJGFFjQ8lQtezMmKH+SQA +8mIm2QQwaBFHKWTwSEsdjXN4rfjAVivP/I7J3cl8Hws +-> ssh-ed25519 uYcDNw HTeiK6nYLb5RoNWNdoiOPaKZGhJetUELmGElGRASKyI +jDCySbHvMQhB9Z+JuXvDGXYlOUEJqYheaU+FsbnE9YQ -> ssh-rsa kFDS0A -VPX1jfzQwqg0TYi1B7t/35OIO4JjFSbK7sK4k6Hn3/EXePHV1GU7eiJFCQFHiU9d -ngcr6VQLOcPYRkGeb+pKva9eRCxq3vh4Xu/h6bR1J1Ie4cD3GeIpg7GyV3IH9oMG -TyoiOmIf9YdxhOu3aCLkrQgG48H2h/caBxAc/TkQBonsIAAhe57TCcUqGCpsSLCB -Ib2HsZ/NcomiEF/dGUoex31RWaG9G7nSuPg7xePHKtWICqIbKlBVGQZZQILZu5pU -+prbi0O8usjR9vfIu+j1HY+DmQqlgHECmgZdkH0fejp3bgsC5mc9rET9d9guNxW1 -D4LjpawcTQyvJmTBcrznOUkH7qqGPBf1OEBAYkOxb00Pko++6kQzVzCRci5vgJnv -0wf9ersRqJVcIP+S9fMUTqz5IVtEj59pO8Shzwvc6ULLPeMlhce9EF0l2Pd52CrI -h8OMAJwh30kZlKk96LpO1x2i7/vS09SzH2Qtqh3K/y1OjEJZUNNAagClh5m+WI/A -AemuH35ypOnc4ijl4CeXVQt30bJyjzH1s176bx9mBh8TfRkxe/F4y2qOlOc4eQeZ -Sy+rM15V6zlLD7cHc5KdA9UyoY321iIh9Q82M/dcj1smnvC3Pg0FxBZXEtEysyAE -is+amEbE75s8GYbrk0kn9LKB/m17gCzQX1EzV60ZUEk --> ssh-ed25519 YFSOsg VVfArrCKSfZEIHxjr6u0K916ro5rf4W+bgl5/qd8AR0 -0OLMC8j4LO5QRLF5yfZcwnSLnlOKeQEnuiYghBr7Mbw --> ssh-ed25519 iHV63A NxuNR2PCc8mJ5hTLHXdiAP7S5MKg1uK8oEbP3bYfIwY -d5b6kIHuzqcRYTS0OGcGMhxVaqSwPH7ZLjJhoipjpkc --> ssh-ed25519 BVsyTA J1SkTbuvm/iaCrHV3c5Kr0eU1GEOlYmNPPGiLmxunR4 -9dxHQZYpPmTyskaTtf0456K9r3pU9O9zbZYBuv/r6G4 --> ,7dQ0j\}-grease hO7 a> a -Hk4uVg ---- mrTRIooqC/b5dqqVG/1mAxmNVNs0+KeFb8YPr5/qudc -?'넋O@N*EhkpP]Q@1+AI*QI1)hcD]@*LܸV \ No newline at end of file +IKDbXLNxuxPj8MKvNyktgYCjEzRZrIpKiSAl8XxIC7gB4eRltoFl4uM+LoUMQ5Ge +ckpF4+DWws7Gz8Bjp/7MFdZAK5bbre4pw6u1wV+Q+W4cOPzoap4r0QjBYVHZqMGA +s9ZYE+rG0S0cdktk3zujS05NzMv7K6uNCUVWha4AIvQrH5hmjzN1xO7DSRHORoka +basFOr4S290CdG73qPazz5UNGanXS0WF7lxkMXyaQ2InXKXaPgyk2DcvNCk6/R1R +wzTjY8k+crjeJN5CsxKT4n9FTAn7PzAEMlpSu0cYDWdYIEXFZcp9/88koWkp4Rrm +PoxtOBsf1zOskVol5nGt9wgX3ROCXT2FGn0P1QiiqJxX2WKskkHXfYVk8Iq4u/SN +S+b0NKCtrXla/62XcXkrC5YX4RvcrrLQUofgQ28N5maCBziHXb6+eWIqiVSy8bEX +ugZPcEhGRAB0mvBBnaT+ql1wiG14RqtS5EE9uujHo7hp3J8yltGkW9LNmIBvBL8V +Y5Yhvwr9EHtph10m9r8LwsXxoqdWgSAM95u7qmclo4smDLHOlqQJGklRWRk+WgSj +JPiyW0QWs4E95SjCU8FSoewyJ/OELUqOImPNJAuDkZMc7IWp0Y4xckGAaiDNkfkh +MqmKHAGHedUik9XNk58n5gM28YVthhFHRvqEbqvfp14 +-> ssh-ed25519 YFSOsg SPZ3oiNsNYrAwvqurf7ZNi06Bd+6P7rM6NocDBnIx2o +tF+qypjFT8od66LB1RTMKLvRmXoYroA/cO2RXW8o3No +-> ssh-ed25519 iHV63A V+fMVQyDz6trMZlcXGM+dMSgCBY1En2ZXe4QFMuE6Bs +ImSIcRDzdCbDG4qJdpwPBGvnowpeU1nmj42ZjORfaxw +-> ssh-ed25519 BVsyTA Xw3bRebQvpIJAcNg02LXB4I6fxdWYikARLhCYFKOqnc +O2wi4yKFjOLDAWgbQs0JMGHyYDlVmEQA920HONUMVjI +-> V/_O-grease +tvawPoQh/iUcXA+lWDwEYp/dq2VzG0oSTZ7hinS4RdeSfbBbvxR997KX7NxiESTt +idTdI74U++ewDhMCTOENdoERnBmS1TevWA +--- mmjg/elb0BKpqI7oVWftypR7ojwDTw59pBkWRC7/cCs +|91Dkad|e<\Cy|'Tmdym_BV%3jNpaT \ No newline at end of file From 9c1d19d49f03efb3cbc0e99dcdbe54f67aa7be1e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 9 Nov 2023 03:20:48 +0100 Subject: [PATCH 5/7] nachtigall: move SSH private key from user to host --- hosts/nachtigall/configuration.nix | 8 ++++++++ modules/users.nix | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index 6b2f04a..114dcf6 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -38,6 +38,14 @@ # https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets systemd.services.zfs-mount.enable = false; + # Declarative SSH private key + age.secrets."nachtigall-root-ssh-key" = { + file = "${flake.self}/secrets/nachtigall-root-ssh-key.age"; + path = "/root/.ssh/id_ed25519"; + mode = "400"; + owner = "root"; + }; + # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you diff --git a/modules/users.nix b/modules/users.nix index 0b9a08c..5f8b43c 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -25,12 +25,6 @@ users.groups.hakkonaut = {}; users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32"; - age.secrets."nachtigall-root-ssh-key" = { - file = "${flake.self}/secrets/nachtigall-root-ssh-key.age"; - path = "/root/.ssh/id_ed25519"; - mode = "400"; - owner = "root"; - }; security.sudo.wheelNeedsPassword = false; } From 3e0af35c7577ebf9838a75fa2021cc02cbe18bbd Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 9 Nov 2023 03:35:04 +0100 Subject: [PATCH 6/7] wip: actions runner --- flake.nix | 7 ++++ secrets/forgejo-actions-runner-token.age | 53 ++++++++++++------------ 2 files changed, 34 insertions(+), 26 deletions(-) diff --git a/flake.nix b/flake.nix index a3187f6..5627cb8 100644 --- a/flake.nix +++ b/flake.nix @@ -85,8 +85,15 @@ deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations { nachtigall = { + # hostname is set in hosts/nachtigall/networking.nix sshUser = username; }; + flora-6 = { + hostname = "flora-6.pub.solar"; + sshUser = username; + # Example + #sshOpts = [ "-p" "19999" ]; + }; }; }; }; diff --git a/secrets/forgejo-actions-runner-token.age b/secrets/forgejo-actions-runner-token.age index 345ebfc..a3c00ef 100644 --- a/secrets/forgejo-actions-runner-token.age +++ b/secrets/forgejo-actions-runner-token.age @@ -1,28 +1,29 @@ age-encryption.org/v1 --> ssh-ed25519 Y0ZZaw it4q6bLS0mFPUWfr0VrKC7tJGFFjQ8lQtezMmKH+SQA -8mIm2QQwaBFHKWTwSEsdjXN4rfjAVivP/I7J3cl8Hws --> ssh-ed25519 uYcDNw HTeiK6nYLb5RoNWNdoiOPaKZGhJetUELmGElGRASKyI -jDCySbHvMQhB9Z+JuXvDGXYlOUEJqYheaU+FsbnE9YQ +-> ssh-ed25519 Y0ZZaw DpFuuPR7C+Kge5mFO+yDjHgY/3dTiolNAGcxNGnsGwc +S2NQAjZPFfCNGzniArPAJVLKCmSz7Ii2xO7REsNOnr4 +-> ssh-ed25519 uYcDNw 6NlxLCxVu+/tX5FFMLTEoKLx7Ug78TvKufBw/fpLeF4 +3GK+lFy+zxF08TW8ZWZ/cDBq5AFTTOLikvy0HNjgNWA -> ssh-rsa kFDS0A -IKDbXLNxuxPj8MKvNyktgYCjEzRZrIpKiSAl8XxIC7gB4eRltoFl4uM+LoUMQ5Ge -ckpF4+DWws7Gz8Bjp/7MFdZAK5bbre4pw6u1wV+Q+W4cOPzoap4r0QjBYVHZqMGA -s9ZYE+rG0S0cdktk3zujS05NzMv7K6uNCUVWha4AIvQrH5hmjzN1xO7DSRHORoka -basFOr4S290CdG73qPazz5UNGanXS0WF7lxkMXyaQ2InXKXaPgyk2DcvNCk6/R1R -wzTjY8k+crjeJN5CsxKT4n9FTAn7PzAEMlpSu0cYDWdYIEXFZcp9/88koWkp4Rrm -PoxtOBsf1zOskVol5nGt9wgX3ROCXT2FGn0P1QiiqJxX2WKskkHXfYVk8Iq4u/SN -S+b0NKCtrXla/62XcXkrC5YX4RvcrrLQUofgQ28N5maCBziHXb6+eWIqiVSy8bEX -ugZPcEhGRAB0mvBBnaT+ql1wiG14RqtS5EE9uujHo7hp3J8yltGkW9LNmIBvBL8V -Y5Yhvwr9EHtph10m9r8LwsXxoqdWgSAM95u7qmclo4smDLHOlqQJGklRWRk+WgSj -JPiyW0QWs4E95SjCU8FSoewyJ/OELUqOImPNJAuDkZMc7IWp0Y4xckGAaiDNkfkh -MqmKHAGHedUik9XNk58n5gM28YVthhFHRvqEbqvfp14 --> ssh-ed25519 YFSOsg SPZ3oiNsNYrAwvqurf7ZNi06Bd+6P7rM6NocDBnIx2o -tF+qypjFT8od66LB1RTMKLvRmXoYroA/cO2RXW8o3No --> ssh-ed25519 iHV63A V+fMVQyDz6trMZlcXGM+dMSgCBY1En2ZXe4QFMuE6Bs -ImSIcRDzdCbDG4qJdpwPBGvnowpeU1nmj42ZjORfaxw --> ssh-ed25519 BVsyTA Xw3bRebQvpIJAcNg02LXB4I6fxdWYikARLhCYFKOqnc -O2wi4yKFjOLDAWgbQs0JMGHyYDlVmEQA920HONUMVjI --> V/_O-grease -tvawPoQh/iUcXA+lWDwEYp/dq2VzG0oSTZ7hinS4RdeSfbBbvxR997KX7NxiESTt -idTdI74U++ewDhMCTOENdoERnBmS1TevWA ---- mmjg/elb0BKpqI7oVWftypR7ojwDTw59pBkWRC7/cCs -|91Dkad|e<\Cy|'Tmdym_BV%3jNpaT \ No newline at end of file +RLH5jnzacTt4265aOntkuTGMGVpjJhGZhbdPjmiyBMBLOwUZnzY7vSwjyU29XTyS +/7goXuNAMvY00fDMG5FXyeAD7QaVHNa/tAw3Bmtu9rfFUZX4ftJeXQg2QTq4Ulrw +n3IKd62Ew3iMeI1h9H2JdXlse5tlkCkWdZQD+s7rCMeJDEe0m8r7bFPMdXjJMO3f +T3UzjeNFJYsIEPKDCpC6zaA4aRlaVSdoPLIIooB4A//A4aG4ywzvN27JODK2nTB4 +ttjbHK5HGzNLmeJP9wS79bOX/Fg2QUl0bGoOdCiWqFtYkdPzxjstuRd+7OT9E5BM +5h4gqZjxs/k4NZawlIfLeUe5biWkThEqaruzkmgfjY7kch0chqNnpDghOBkUL1VF +KnECE98nmy9huoeDtCUL0yag3yi/Kx7MMaZaNCTJFYpjA3sadvg6nco//e6nA6Pm +vcPcUz8xiZI2Wzx0fPVwVMOozKjf4yEqjERRjo7haGF6vYtxV/zSf5tzxiQsEOGv +/G67BnT6Az46eh3K2EYVRRBTb5sni3ObsO5V/K9ms/MM9eI4qEBRqKag8jRoXVmF +BZKjLwGOU8tOZbupj1Z3JKULqP3FiDLXh+NxM4KE5TjE71eAt8teEytvWYdlwKtO +YjWNheyxxqklTYgzkNQfj8Ks6LujyMdpFtm8toFMVgk +-> ssh-ed25519 YFSOsg GE4K+tP7cjKpq+bxf01vCttDnZAzqtIfwzJ+Zw4D4UI +KG5CNA+FsmC+PhjpifvqRiOWUFHaKQe9QLXydlTFjCw +-> ssh-ed25519 iHV63A +WzV34WwVL+tamwELQY9fuHlBLvzOeTiFjK+LK9d1Rw +KAP3JhagG72qUSWzodRhr/jzFiDaN4GkIuLf+9VuJrE +-> ssh-ed25519 BVsyTA BnkoBmSm2zSm8QtCcN0iFzP5iliTDct36iruHE6FbF0 +9J13BMVSlLRjfZw9i4nSj0ccsY4P+xEvYl/MYUgYZPw +-> S!:G3-grease 0 *v3U# : mPvcuGUl +L3/27eEyArXmM1arietTmN3cao01kBkBXBZXsN1HtnTC8sMXVhq+WVD3QozgDd2k +ws04Y08VFgbfM2ErCsRfKz8T +--- ekItTZTtoj93NT1Xe7zky72aG+rzhAcD/cqNxGAnPHg +ɽlX5),Zٕ+z + xm\c59e\"xm\@K<|,B17FJXlk \ No newline at end of file From d5922ff2b891d0a24030b84147ad61dce4185bd1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 9 Nov 2023 11:38:28 +0100 Subject: [PATCH 7/7] fix: disable DNSSEC for now because of an issue in MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit systemd https://github.com/systemd/systemd/issues/10579 Without this change, there are random SERVFAIL responses with Greenbaum DNS when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone ❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone ; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A ;; ANSWER SECTION: obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82 ;; Query time: 105 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Thu Nov 09 10:38:02 UTC 2023 ;; MSG SIZE rcvd: 121 --- modules/networking.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/networking.nix b/modules/networking.nix index 5b879b8..44cf17c 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -27,11 +27,14 @@ services.resolved = { enable = true; + # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS + # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579 extraConfig = '' DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net FallbackDNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net Domains=~. DNSOverTLS=yes + DNSSEC=false ''; }; }