From 7dc6b5df8cbf6cf0089e9fd1b0f01cd833d7fd28 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Sat, 11 Jun 2022 19:13:20 +0100 Subject: [PATCH] nixos: Initial jackflix container --- nixos/boxes/colony/vms/default.nix | 14 ++- .../colony/vms/shill/containers/default.nix | 1 + .../vms/shill/containers/jackflix/default.nix | 46 ++++++++ .../shill/containers/jackflix/networking.nix | 109 ++++++++++++++++++ nixos/boxes/colony/vms/shill/default.nix | 34 ++++-- nixos/modules/containers.nix | 7 +- nixos/modules/tmproot.nix | 8 ++ secrets/cloudflare-credentials.conf.age | Bin 507 -> 583 bytes secrets/dhparams.pem.age | Bin 1216 -> 1229 bytes secrets/jackflix-wg-privkey.txt.age | 11 ++ secrets/pdns-file-records.key.age | Bin 869 -> 737 bytes secrets/synapse.yaml.age | Bin 657 -> 557 bytes secrets/user-passwd.txt.age | 42 +++---- secrets/vaultwarden.env.age | 18 +-- 14 files changed, 246 insertions(+), 44 deletions(-) create mode 100644 nixos/boxes/colony/vms/shill/containers/jackflix/default.nix create mode 100644 nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix create mode 100644 secrets/jackflix-wg-privkey.txt.age diff --git a/nixos/boxes/colony/vms/default.nix b/nixos/boxes/colony/vms/default.nix index e2c3685..720961b 100644 --- a/nixos/boxes/colony/vms/default.nix +++ b/nixos/boxes/colony/vms/default.nix @@ -75,7 +75,19 @@ (vmLVM "shill" "esp") (vmLVM "shill" "nix") (vmLVM "shill" "persist") - { esp.frontendOpts.bootindex = 0; } + + { + esp.frontendOpts.bootindex = 0; + + media = { + backend = { + driver = "host_device"; + filename = "/dev/hdds/media"; + }; + format.driver = "raw"; + frontend = "virtio-blk"; + }; + } ])); }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/default.nix b/nixos/boxes/colony/vms/shill/containers/default.nix index 3fe62eb..34376df 100644 --- a/nixos/boxes/colony/vms/shill/containers/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/default.nix @@ -4,5 +4,6 @@ ./vaultwarden.nix ./colony-psql.nix ./chatterbox.nix + ./jackflix ]; } diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix new file mode 100644 index 0000000..fed08cc --- /dev/null +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix @@ -0,0 +1,46 @@ +{ lib, ... }: { + nixos.systems.jackflix = { + system = "x86_64-linux"; + nixpkgs = "mine"; + + assignments = { + internal = { + name = "jackflix-ctr"; + domain = lib.my.colony.domain; + ipv4.address = "${lib.my.colony.start.ctrs.v4}6"; + ipv6 = { + iid = "::6"; + address = "${lib.my.colony.start.ctrs.v6}6"; + }; + }; + }; + + configuration = { lib, pkgs, config, ... }: + let + inherit (lib) mkMerge mkIf; + in + { + imports = [ ./networking.nix ]; + + config = mkMerge [ + { + my = { + deploy.enable = false; + server.enable = true; + + secrets = { + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzzAqa4821NlYfALYOlvR7YlOgxNuulTWo9Vm5L1mNU"; + }; + }; + } + (mkIf config.my.build.isDevVM { + virtualisation = { + forwardPorts = [ + { from = "host"; host.port = 8080; guest.port = 80; } + ]; + }; + }) + ]; + }; + }; +} diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix new file mode 100644 index 0000000..0fb640e --- /dev/null +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix @@ -0,0 +1,109 @@ +{ lib, pkgs, config, assignments, ... }: +let + inherit (lib) mkMerge; + inherit (lib.my) networkdAssignment; + + wg = { + keyFile = "jackflix-wg-privkey.txt"; + fwMark = 42; + routeTable = 51820; + }; +in +{ + config = { + my = { + secrets = { + files."${wg.keyFile}" = { + group = "systemd-network"; + mode = "440"; + }; + }; + + firewall = { + tcp.allowed = [ ]; + }; + }; + + environment.systemPackages = with pkgs; [ + wireguard-tools + ]; + + systemd = { + network = { + netdevs."30-vpn" = with wg; { + netdevConfig = { + Name = "vpn"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets."${keyFile}".path; + FirewallMark = fwMark; + RouteTable = routeTable; + }; + wireguardPeers = [ + { + # mlvd-de32 + wireguardPeerConfig = { + Endpoint = "146.70.107.194:51820"; + PublicKey = "uKTC5oP/zfn6SSjayiXDDR9L82X0tGYJd5LVn5kzyCc="; + AllowedIPs = [ "0.0.0.0/0" "::/0" ]; + }; + } + ]; + }; + + networks = { + "80-container-host0" = mkMerge [ + (networkdAssignment "host0" assignments.internal) + { + networkConfig.DNSDefaultRoute = false; + } + ]; + "90-vpn" = with wg; { + matchConfig.Name = "vpn"; + address = [ "10.68.19.11/32" "fc00:bbbb:bbbb:bb01::5:130a/128" ]; + dns = [ "10.64.0.1" ]; + routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ + { + Family = "both"; + SuppressPrefixLength = 0; + Table = "main"; + Priority = 100; + } + + { + From = lib.my.colony.prefixes.all.v4; + Table = "main"; + Priority = 100; + } + { + To = lib.my.colony.prefixes.all.v4; + Table = "main"; + Priority = 100; + } + + { + From = lib.my.colony.prefixes.all.v6; + Table = "main"; + Priority = 100; + } + { + To = lib.my.colony.prefixes.all.v6; + Table = "main"; + Priority = 100; + } + + { + Family = "both"; + InvertRule = true; + FirewallMark = fwMark; + Table = routeTable; + Priority = 110; + } + ]; + }; + }; + }; + }; + }; +} diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix index 364b6af..a8bb84f 100644 --- a/nixos/boxes/colony/vms/shill/default.nix +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -30,7 +30,7 @@ configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: let inherit (builtins) mapAttrs; - inherit (lib) mkIf mkMerge mkForce recursiveUpdate; + inherit (lib) mkIf mkMerge mkForce; inherit (lib.my) networkdAssignment; in { @@ -53,6 +53,10 @@ fsType = "ext4"; neededForBoot = true; }; + "/mnt/media" = { + device = "/dev/disk/by-label/media"; + fsType = "ext4"; + }; }; systemd.network = { @@ -98,14 +102,26 @@ trustedInterfaces = [ "vms" "ctrs" ]; }; - containers.instances = mapAttrs (_: c: recursiveUpdate c { - networking.bridge = "ctrs"; - }) { - middleman = {}; - vaultwarden = {}; - colony-psql = {}; - chatterbox = {}; - }; + containers.instances = + let + instances = { + middleman = {}; + vaultwarden = {}; + colony-psql = {}; + chatterbox = {}; + jackflix = { + bindMounts = { + "/mnt/media".readOnly = false; + }; + }; + }; + in + mkMerge [ + instances + (mapAttrs (n: i: { + networking.bridge = "ctrs"; + }) instances) + ]; }; } ]; diff --git a/nixos/modules/containers.nix b/nixos/modules/containers.nix index 3c766a9..d26b1ff 100644 --- a/nixos/modules/containers.nix +++ b/nixos/modules/containers.nix @@ -60,12 +60,13 @@ let bindMountOpts = with lib.types; { name, ... }: { options = { mountPoint = mkOption { + default = name; example = "/mnt/usb"; type = str; description = "Mount point on the container file system."; }; hostPath = mkOption { - default = null; + default = name; example = "/home/alice"; type = nullOr str; description = "Location of the host path to be mounted."; @@ -76,10 +77,6 @@ let description = "Determine whether the mounted path will be accessed in read-only mode."; }; }; - - config = { - mountPoint = mkDefault name; - }; }; containerOpts = with lib.types; { name, ... }: { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index af68fc6..5644962 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -259,6 +259,14 @@ in } ]; }) + (mkIf config.services.jackett.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/var/lib/jackett"; + inherit (config.services.jackett) user group; + } + ]; + }) (mkIf config.my.build.isDevVM { fileSystems = mkVMOverride { # Hijack the "root" device for persistence in the VM diff --git a/secrets/cloudflare-credentials.conf.age b/secrets/cloudflare-credentials.conf.age index ff62f699aff2e32e84d64d3f471d524a484cdcf3..f1177316da50a9e6c043a7aaaf98aa0924f18db8 100644 GIT binary patch delta 550 zcmey(e4J&1PJNJRXmPqnxwCmx_1o2iGnepa|+Qea|~S(0gHahi99Yf(vdD3`9CLWGg2 zsiCDpc3_rch<{SKTZUW1lQ%Cl@X+U(a%LOFs*f^n7>!4BrrUKi6dKl43vqqAH)n zGS^@WcPCfJ;;Mj@;Is%MLz6SR*nZ9nV4zIADY-!{nC5^gjmr1iDC0XaxJ&>Mi rse5USguL^WlAh-xkKg&Nes+KM$}rK`wOTKCtvO*Jv8};9I`AFRzZ$=v9Dvgg>RCFw!go-vsXoqL1C6-I+w1ULWGg2 zsiCDpXud~=cA24mk$-qql9Op>iJ`x5Mrg1}sR7h|(S7AlD zeqwTkd#b*vVO~g%fv>k&kaj?hL5ih|wnt#Lk6(qmQ@TO0cdD5u$O>g^vncHhqgvhc zqSVCVR0Uf_zd$8@Lj}74^Du=9#hNVtbgopNaF^@|Qyx_>t{PbK4 z=YT@r#1Iqb(oA2j6W<;(o_@P_azyD`?a2nt-z7XBum!HE{Kl-lW$Tep9@X_<iT*ka&J|SbmtW52G;#o ST1vINCP+`;(msj(pbY>^e5+Fc diff --git a/secrets/dhparams.pem.age b/secrets/dhparams.pem.age index 459f729a063988bae8b6afecdba8ff8c6d139b1f..d302214728744a42e24a51a7973506d9036ba592 100644 GIT binary patch delta 1201 zcmX@Wd6sj6PJM}XR#0MqQNE#RN|aG)eo<6@UX(?-seX7wX0fA7sZm<4ex-$RzP5*Z zK9_-Ss&ROlpP`?2s&|revO!p+k8z1%g`=^1NJM!~N=RODU}%1ok*BtHGMBEMLWGg2 zsiCDpR=&4oqO)gsd2(V#mbZSCLnQ zr;%HfhgqG;Q6sMr92n!=0SBvzNKua!5zhcXb;3Ds&+`uwJ=ODKt=PF;ns<29Z{VK0Y z4?lC$N(=7_v*JL;2;;@l3bHK$4LG9VgoKsjVAHO8;(8MzuvO1Ct~BeHN_2+ z&FlYjh90|J#do0XMQC^YoyfdA-qxj4O-|jdiA&)Ao?LaFW!5-)>)>dQ`c8F-Pm6?lsp!IJK=x zBBZ8ziq-ArT+!YTNzTnw@^^{-n4w>_c77EkP zy{~qgTmSB|n#`X6mVJ%vFO9A4#U8(?xK{h?+PZ0Ln4D^5gc9sF={8ZkwIr>=KRF@A+pen`_L%u;;5$o}-Y}N+HwxkM3nv35CC!K7VTFbS6({RXz>T z8MAjiw$2FpsOJ(8!yWKXia+B1mE>1i3!bwFh1;Jy|7o<-qht z^VC_PKa>|7J;(Gi*iME*+f3=FZwI#0R5QD_WS=Ss7=J_XgGjKor#&c?!ePzU6x#wT}!n2aY zFZZoD_uD(^QuyU?yN_OO%Z|Km@NN9Vw&OcXwkGS(u02PDXHFNqYV|2RTRB(c{{5W~ zpZ{95b){(cXU-0$@A{JACSQxz6`5?ZWV~EIZ|%E|0@x{hQPK z@$~(;Hoi1g3_$~0HTlrGfM=Qd%DeJ@shUYB)8GI&e$6Ya(C?AuLTc)=ZmYXfT z;&$Hf#6qoq{yr}ST*ED{9@wfY`i}d;r0BKfvy3(`F_t_Ld|23_uc0%zzy0PpKCM*% D-jx;z delta 1188 zcmX@hd4O|*PQ7?PKyj9lr;kaMscBYL zF;{xBzL|fPm!)N9c0o~kgi&#Tmz!aBg=Jw`vPX8YepXdho@uU2T6tce1(&X!LWGg2 zsiCDpWqDz#XQgjsMvkRhdayx7a$a$HX>mbOvQva(XnkI!c2r27Q)Hx1a8yJjS5%;9 zVMeBLa+Hx#Sa4-Pmbt56lB-XtVNR)jNpO~lS6E?Uu1|`)Z=_`?$cpd)MN`KL?P%Tf zqSVCVRIUPTgPh>tipU`Mtjx-)QuAWZBA+bRoXRA#OnoC)3q#A4kicwXZIhx>gTVCc zLdVK_PuI#a&+v?#V)GC;j|f*T6KAuCkW%N|K;LqUq`+MNGFKCKgJPFt!!*y5lq9!| zsNCZ8ob)_{Ad~D2*W@U-s7k*;E?r$+g@B0gj4FSR)I1;U94}*2=cp1(6J!4XZ~v;S zr0|q%Z;Q%Q@06%8{h~kvu1%K{8y1FpYzkXmzhsHw9Kp?L9@3Jf;g2D|v5BdJv z9??(se`H%@tw=KAS?D457yXILx?e$OKINxw< z!(XKU)=vgI)Goe%*=g4+XS&~7;qq?@?+VZR z&t3SUp7M*@-M852vd&rKt-&q>PIJCbfB9ZLoltSn`%~cOp5LPRv$`h6T@{Jak2O8_ z<@d6gPkR2$u>I`ySVZ>gKh^-*PivxQpV)u=sbZ+_o&Tjr^P*$PVydiJfpEIPMnntTN7zp_~iPOoVR%m1-sQKsXZ z9;-(RXG7-*@~;zD{QUjY2I~OEs$EyENUWZ?!?5L{(;SXTyA3w6o_iSkGfq#b`;8tS zhe^@m?+4|U&e-qj^=xm1N@e6*rK!u`tO$P9vxeVQ>rYJT=^Ngw7uxFOU9H>9r&^yR zZ<}^bYGK$OL7f{9XE*m0-&$LeZ1vz!@#9T?2NX9+Px}Ahy-D55FT3usR@wjA8kqOI zq4$?TTkNAdN9CJDE*UK9UD9MLSja~NWLBqDCzB>yy-kg1Q z=bF$vH(jPLcsg4zdws>}$tnpM@t+nJA3CD{MDfJ)Kf2s~LA=FBnM-=~_vJRdN$mfx zz+u0xAi+0xm%N_g{51AHC diff --git a/secrets/jackflix-wg-privkey.txt.age b/secrets/jackflix-wg-privkey.txt.age new file mode 100644 index 0000000..03dbb6e --- /dev/null +++ b/secrets/jackflix-wg-privkey.txt.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 vf+WVg urUmX8GQaZ9N5s4im5LjHdrqF7G1cUmOhRwJ4C6QiDo +rgzuokfwMMjYtbPBCBNa+9Jg4QHbdd4ynqrsVX5LSWM +-> X25519 Kr0gKsPYyLt3PFVZlv6m1NlLedJJYxSNKvmKx9canyc +1Ki72qamPIaor+FCYy0SLVSm0GVCVsjFiRteSNv5hCA +-> MT&kccY-grease k k>D#= -/DFm:' ufBE\ +1HfnD0ef5OnLrhBZL+pyaMVLjCadk+vLszSORTxyarFPKD5wqor5nPn/mMLotY79 +mpKSMQq8ehwB+Ruv6fjys3q/1A +--- J8tifBtzNpEgeFqTxpfq+Md0vdmzU23rizI3C39gkc4 +29A7JȔ،\r=Jwx xlՕAddԬQ#rɚ}ay0Pl& +dF|- \ No newline at end of file diff --git a/secrets/pdns-file-records.key.age b/secrets/pdns-file-records.key.age index 47e41529821551fd3e31f7d848c490315f17f16c..e35409f7eabdd2edbfb49f3f2ccb1650d4ed0f06 100644 GIT binary patch delta 705 zcmaFL_KMS5vfNmxjFWJ-RPMWBH}epp=+tPZ(5#-k8!f4hl#$iE0?aFLWGg2 zsiCDpYDPw|VYr*4U#W>xnNewGYLIqPNQRq*o4ap%L48$@rD#dqqKCth{$qnv;5qMumB&6e3t^l)HHL)h~V5rb1!F$OQJ=tDWqfhKlNvR%$EA3{Qwg}M3LNjI%oBmJ+v4c~jNC8%lrO&JMakzM8;=k{OJo0hs` zW7{Vk1!1*IJe}LlgrxqIu=mZLxBkr3YZbBk`kWVy{=~pjJ-4Ihku%ErjDsvvetrQ0%w}*8IqJ%D~Y=-3W_b58xhDY ze{KF_47j4&yM_JnE(77mizL3Vue#Zpz?i){_(Egl&X?0;-xh3)y30`? zwfuDy?*`k(O|zJv#_a#Sc)O1<+l{I23Bl`L=^x#*SU9PBiE47$p$wbdRw+7rWDkV} z3Qzpl_fxfG9=G%L3wKYwIwZmskRK@+S{{?^sDJHC1i$#v%NvcNt2f`W?_2E_ZXN5x GS^xlYvMtpB delta 838 zcmaFJ`jl;gPJNZLqhYANe|m+fS6R7NnrA?V1cS5b0V zQc!_wS(Z;kN@!(@pMQ#1c7}bm#YlFTbx7T-yB4`?}ye z`HtYkZ3}lNeUa<+^I&h@(sKO%tpmzsZN~x{tY>a)oNm7`-(UEyJ9o>^zQs2qpWd(E zSiOFW&neOADz&lyE~-duvbf?qhwt*nbp4Q$ys8;<9XDv_nmNWEeqDJ~Vs*v*y;-qc zmCX1=c%WnA@Q?w55PTXrrhR!%>*)9PO|XS$fd@4M<>*^3VT44S!iVd;*Oo?F!n zD`HRm3S)ZZwc&5Z`>d5>YWY{&Q-tHbS?W#O;52{3t)TqABRMyAuAk*EIoC9-gZoaw zv)0(ZKRh06)~r->-=^OBcfy{&0$KI_vso`@XEPouDhZgh`EGsq>~$Tihd)0Gd--$I zHB0u;#uZVTyQ_}oQQ?_wDz*X0VXY%$Xf`YNsdDBc>PGZ%*<@-dI`YFa1n4W{={5N=}QS6^qK< zooXV@zLorbTGf1W1y9XkJNxq2d*@6xf8JqqbklZ|J4YL4`enaMUE()ov-0&l49$*h m?+?h#6XWFm)$@!LN(}d{hFO4sUSXK2dAV`1bE#*bWu;eASh;sjD3`9CLWGg2 zsiCDpL10;ir&pe9kY!3Bnm79NBS-FR{NqvxOYLH*1MR7rhr%zQjS87yP zT1Hrii?OL;l&7niQqtU{M)g}`7xuHq^)Q*Dc|{189ia{o;4VpFdm{Vdb;aNl$;U0q!T7x(1M z@{pYRC~XU`C?BUJN7smopenqeHl;f2+S>in!HYP@zk+m@_avbp-_QH9!OmES%SHh;Cb z*!;BbW~fQ>;y|Pfs?WRP+C2T^?uQ0piiW~AUVpVe z>uTKkv~hpht#5`u8&+AUP1v)}_02sAts}cmgw;3OWP6FS|51@N+qI{vuW^Y&-F|<= z#+ZNZ&o;VTaXBpTabqc`%-@;L^S(K6}myy|QlA-g4b=T*kzX|~@GSWc+ delta 624 zcmZ3>GLdzHPQ7+YVufWulu1#RUtqbhQ--lwPFY2nvs+}ad89#FNvf+wenD`Kr)Q8$ zIaf%DuWyD|V4|aOseXuefP0RLGk%naT1 zqSVCVR0SjR&=_wWF4I((5ZCY=vl7?hoWjJk(7^Oai^$UaLnBuM3&*g^s8DTR zqd>=c{fzRQ?$0|5Ee3 z+|=Lzr?TY83XdYU!qSi|?G*FORiuqbCcgFD_Uo_O}N9AXD3m#xjO!4qsfY+ z);avHzizkAD_gX3>1&}T&&Cv|u)nJ}$G9avn?C){3JwpoqRo-|e=cV{5O0&+;}U#Q Rak|;uu&cinD?Y5Q1OQML?QQ@7 diff --git a/secrets/user-passwd.txt.age b/secrets/user-passwd.txt.age index ea1ed56..33ab7cf 100644 --- a/secrets/user-passwd.txt.age +++ b/secrets/user-passwd.txt.age @@ -1,21 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 FAIX7A PkWyLLijQZgNyFSvjEcWkYTYIyOpbxsu69hczCKx1g4 -qGruVJb5SjTNm6EhRMbaO+aZc8hXQdU9jcfRN4CVAC8 --> ssh-ed25519 SKXJUw JIFQcXOdHl/9uLcvmriKLBmtXEHKrKUII99KgOkqPFI -ODO2TuI3VYWcPJnwAmpQi38a8CXV0C6pAFwd5otrh+w --> ssh-ed25519 wbGjmA rZm8T6+N1cw3vpXrtrAIufUdjTpzu8wXLsERZAjVwHQ -MdfU6LwTZpiBEJwVvsY+BPUmN+955Ty1Xc6c0PfwH+o --> ssh-ed25519 B9K/XQ XQiWYiYiEcVrrcjkel5TDwZSxIommrxk1cVNvDoiFSo -EE7VDprouGZ/MpNFPjhh7TSr1jzr0ZeIOmmO3G6JAeU --> ssh-ed25519 H162lQ ce5lAulJBRSzeCKnJBNuSy1HE1R5TG20Wdx5kavPNTg -BPXI69PEmSP0BmO3f8MAPqGyBR29hts798DbevMUATg --> ssh-ed25519 b6YMqg w0JygLSUv/Y5j1zWlUY5zoeTwX3s+URX1yJxc99rg1Y -01VfQiWgldlCBNPTBoudyKVpXXfVbrXhaVMq+MBFhVM --> ssh-ed25519 Lqn0Yw TWRasWvKcfxukcFX95KJ6QnRwNfJSF/RCz40IrsfSGY -/CSufoexTjNSVK225VjCD3pm/z2gK6Moud7fST9tjuc --> X25519 bFnUlqUCBjMxEPrBiMpOeQTqR4qpmBQhMzIvtLKuHUk -PEYj+yEbPfUWDKRTsYMUPUcM+i3KZ0Zu0YQ4JE3zFEE --> T-grease NFmx4 ssh-ed25519 FAIX7A 9lwGzxHbaj59re00D+VBn31xh6lXBdqlocUWbuGl0lk +WWXUSz//VWPGWwNRNDOY9rNZHEMj74gJDPyPzntmONk +-> ssh-ed25519 SKXJUw 9espI6g1Y0xAOf8RZaYTnw6Y7YSTN5Wv/9JqHMOe5Wo +ZaujblPPK14BYY67ffHCmRg33xljYwl/4YygG9efKQc +-> ssh-ed25519 wbGjmA U6GrN0iOmz77kOwa1VQ/0Cn7v/EiAJh1ZUOhJuqloVA +xB8Uu6+tVXNbAqCSkHYMvBla/oJA0nOHayrHtN4yCGQ +-> ssh-ed25519 B9K/XQ gMQEYYshD9fFvI0vrUER/2OWZYRICGem5bX7ZIP16kQ +9QwTY23a5C8TZ+1wUeqYWLWM4zSQNNzUoaqhkhQLxG4 +-> ssh-ed25519 vf+WVg 3MU9AIwghf/IDoMuAZEX3GuFz1w7vYtSso5I5BDY/hM +b1U0PexxCj4DTQB41bDi6bKktoOiA+xDDMLZYPHCMlA +-> ssh-ed25519 H162lQ 99SwlUFFeKMu8VH2264WyjJVugRKYcAFHF2aHtCGyE8 +LL2cJEdKtqrylLZWQVCoZQ9bGkCD6xPeY0K5C+sMrm0 +-> ssh-ed25519 b6YMqg ME2+OkaFz7ZkAy4izG26lmYMl47AF5NZFojEhawj0nU +FsMXB4ymF0e/FyySdEjE3LAJw3q0Ax5BQk9m0Zsu4cg +-> ssh-ed25519 Lqn0Yw CwGVxMt//mUhJp2Dv1juO8oWFVNML0Q+zTqsqncEo0U +/YzScABKV/949EQnf8ztFzNQGzjGOWPj9iXHy2uFDYM +-> X25519 I0lKCScunZXPMiHBpGhFa7nAGFg3NeAslOdutKkyuFo +csAlkN1jWUbUxlWRF/mAX1TT95ZU7iTDUa7uGi3Gtjk +-> Q?#-grease @c: +CXkWEsR63Q4TflQd95UiFCazSFterOzSMmqRaCR/uQBhUEkyPc0 +--- aOjcucJdwzcZQ2eT5PBsU7P0o1xlCgCMqPDWczEWY28 +7B"t G6B?`-ra^Jlcl5g[9M#Fj&Mn]Sevo޹}_n5;ܺ/1|cLCf!=*At{ \ No newline at end of file diff --git a/secrets/vaultwarden.env.age b/secrets/vaultwarden.env.age index 227c6d1..b60971d 100644 --- a/secrets/vaultwarden.env.age +++ b/secrets/vaultwarden.env.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 Lqn0Yw COtpnkiIOsiZ6sI7GpZW6DSrMdP+V8SFm+G6VSx6Tlg -foNXyNZ/u5RVNdijDQr0mGn5BQaPDhOqLhD9gxEP5e4 --> X25519 xbW4hHBb8lJ9fIwnRsfBpTmLGO74ZBkwmdXpWQ1H9CA -ucFk4TvPIxiQNyuNgQ/dHKy+p9LvePmwWLYd2e60AT0 --> "d-grease -7zl7veXnoG49diEebRbI1ok+U0CMgjo7AQK8rsCsOa4tDR8L460m4CfSOSEMEqzK -QjEjuxC9NY0liwnNsRLNWccKxa3V1LQLL68RhA ---- exAOdELiQNGSJcweG5qVkiX4SLNMq8x9uNyp77pCrWA -B; iAo,ULb(Gea?H؋Ɖfhz+^ij0%ΫKā3azsU]L!YD>v|'W!!K' \ No newline at end of file +-> ssh-ed25519 Lqn0Yw r7XhdzWjjBP5HLeX+RwIek+vTZP1wZhhO5sr0LppdwI +4HH91EuAKYOQ5E37/dH7fgFKShxE1aX7v/njbL4cNMU +-> X25519 itbc3rl6K9BmbhNsMo/FaeOynrtrpZj5Zt0VF3McYmw +Cc0jPYLqyp5X4+KPfpy821mpCVSDke+z+Al/8Hp7vc0 +-> WQA%nPY-grease n&Oc2@ sf 05 +aC3qV0yeKogkc/OdfKhxW2rv4GDlT4mMlPA5FoqMA/2lq6yCoeMjGffwzXVEsauq +IRyYz3R/53ZrFtfefkBS5P4d4d/OmI6lsA +--- KYxAUYn/NHyfCJO+WqH0JKJKQZMCQYSeMryS/Kw3n8s +;i7K,T&{1^]WVzLKs Y\|@z`b'-lkP'aT''mZk76iK*-t 1:mUIqNчމst)# \ No newline at end of file