From accb14721dd396b2873a6c28bb9d9432f34f6e2d Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Sat, 16 Jul 2022 15:01:15 +0100 Subject: [PATCH] nixos/shill: Add MinIO container --- nixos/boxes/colony/vms/default.nix | 13 +++ .../colony/vms/shill/containers/default.nix | 1 + .../shill/containers/middleman/default.nix | 1 + .../vms/shill/containers/middleman/vhosts.nix | 20 +++++ .../colony/vms/shill/containers/object.nix | 74 ++++++++++++++++++ nixos/boxes/colony/vms/shill/default.nix | 10 +++ nixos/modules/tmproot.nix | 9 +++ secrets/chatterbox/nul.ie.signing.key.age | 18 ++--- secrets/chatterbox/synapse.yaml.age | Bin 1079 -> 1026 bytes secrets/dhparams.pem.age | Bin 1105 -> 1231 bytes secrets/estuary/netdata/powerdns.conf.age | Bin 544 -> 512 bytes .../netdata/powerdns_recursor.conf.age | Bin 500 -> 498 bytes secrets/estuary/pdns/auth.conf.age | 16 ++-- secrets/estuary/pdns/recursor.conf.age | Bin 432 -> 418 bytes secrets/jackflix/mullvad-privkey.age | Bin 468 -> 503 bytes .../middleman/cloudflare-credentials.conf.age | Bin 501 -> 460 bytes secrets/middleman/nginx-sso.yaml.age | Bin 839 -> 819 bytes secrets/minio.env.age | 10 +++ secrets/pdns-file-records.key.age | Bin 773 -> 763 bytes secrets/user-passwd.txt.age | Bin 1225 -> 1425 bytes secrets/vaultwarden.env.age | Bin 543 -> 478 bytes 21 files changed, 154 insertions(+), 18 deletions(-) create mode 100644 nixos/boxes/colony/vms/shill/containers/object.nix create mode 100644 secrets/minio.env.age diff --git a/nixos/boxes/colony/vms/default.nix b/nixos/boxes/colony/vms/default.nix index 0561897..bef27e6 100644 --- a/nixos/boxes/colony/vms/default.nix +++ b/nixos/boxes/colony/vms/default.nix @@ -149,6 +149,19 @@ }; frontend = "virtio-blk"; } + { + name = "minio"; + backend = { + driver = "host_device"; + filename = "/dev/ssds/minio"; + discard = "unmap"; + }; + format = { + driver = "raw"; + discard = "unmap"; + }; + frontend = "virtio-blk"; + } ]); }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/default.nix b/nixos/boxes/colony/vms/shill/containers/default.nix index 34376df..7436738 100644 --- a/nixos/boxes/colony/vms/shill/containers/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/default.nix @@ -5,5 +5,6 @@ ./colony-psql.nix ./chatterbox.nix ./jackflix + ./object.nix ]; } diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix index d5c60fa..f19c4e2 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix @@ -162,6 +162,7 @@ "${lib.my.pubDomain}" = { extraDomainNames = [ "*.${lib.my.pubDomain}" + "*.s3.${lib.my.pubDomain}" ]; dnsProvider = "cloudflare"; credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path; diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index 027d143..a237279 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -279,6 +279,26 @@ in }; useACMEHost = lib.my.pubDomain; }; + + "minio.${lib.my.pubDomain}" = { + extraConfig = '' + chunked_transfer_encoding off; + ''; + locations = { + "/".proxyPass = "http://object-ctr.${config.networking.domain}:9001"; + }; + useACMEHost = lib.my.pubDomain; + }; + "s3.${lib.my.pubDomain}" = { + serverAliases = [ "*.s3.${lib.my.pubDomain}" ]; + extraConfig = '' + chunked_transfer_encoding off; + ''; + locations = { + "/".proxyPass = "http://object-ctr.${config.networking.domain}:9000"; + }; + useACMEHost = lib.my.pubDomain; + }; }; in mkMerge [ diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix new file mode 100644 index 0000000..7a01db7 --- /dev/null +++ b/nixos/boxes/colony/vms/shill/containers/object.nix @@ -0,0 +1,74 @@ +{ lib, ... }: { + nixos.systems.object = { + system = "x86_64-linux"; + nixpkgs = "mine"; + + assignments = { + internal = { + name = "object-ctr"; + domain = lib.my.colony.domain; + ipv4.address = "${lib.my.colony.start.ctrs.v4}7"; + ipv6 = { + iid = "::7"; + address = "${lib.my.colony.start.ctrs.v6}7"; + }; + }; + }; + + configuration = { lib, config, assignments, ... }: + let + inherit (lib) mkMerge mkIf; + inherit (lib.my) networkdAssignment; + in + { + config = mkMerge [ + { + my = { + deploy.enable = false; + server.enable = true; + + secrets = { + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdHbZErWLmTPO/aEWB1Fup/aGMf31Un5Wk66FJwTz/8"; + files."minio.env" = {}; + }; + + firewall = { + tcp.allowed = [ 9000 9001 ]; + }; + }; + + systemd = { + network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal; + services = { + minio = { + environment = { + MINIO_ROOT_USER = "minioadmin"; + MINIO_DOMAIN = "s3.nul.ie"; + MINIO_SERVER_URL = "https://s3.nul.ie"; + MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie"; + }; + }; + }; + }; + + services = { + minio = { + enable = true; + region = "eu-central-1"; + browser = true; + rootCredentialsFile = config.age.secrets."minio.env".path; + }; + }; + } + (mkIf config.my.build.isDevVM { + virtualisation = { + forwardPorts = [ + { from = "host"; host.port = 9000; guest.port = 9000; } + { from = "host"; host.port = 9001; guest.port = 9001; } + ]; + }; + }) + ]; + }; + }; +} diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix index c06c0ea..070441c 100644 --- a/nixos/boxes/colony/vms/shill/default.nix +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -70,9 +70,14 @@ device = "/dev/disk/by-label/media"; fsType = "ext4"; }; + "/mnt/minio" = { + device = "/dev/disk/by-label/minio"; + fsType = "xfs"; + }; }; services = { + fstrim.enable = true; netdata.enable = true; }; @@ -140,6 +145,11 @@ "/mnt/media".readOnly = false; }; }; + object = { + bindMounts = { + "/mnt/minio".readOnly = false; + }; + }; }; in mkMerge [ diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index ef2706e..5c499f3 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -298,6 +298,15 @@ in (persistSimpleSvc "jackett") (persistSimpleSvc "radarr") (persistSimpleSvc "sonarr") + (mkIf config.services.minio.enable { + my.tmproot.persistence.config.directories = [ + { + directory = config.services.minio.configDir; + user = "minio"; + group = "minio"; + } + ]; + }) (mkIf config.my.build.isDevVM { fileSystems = mkVMOverride { # Hijack the "root" device for persistence in the VM diff --git a/secrets/chatterbox/nul.ie.signing.key.age b/secrets/chatterbox/nul.ie.signing.key.age index a13b4e9..3251231 100644 --- a/secrets/chatterbox/nul.ie.signing.key.age +++ b/secrets/chatterbox/nul.ie.signing.key.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 ZB3e6Q o3nZEDuOm/JC/EhJ5uRnbMMHPNwRcKwfsPFNBVCjtHk -cYKUNgQmkpTRSEm9ZINYlslv9O6MM3ujb1rNO7p7gvc --> X25519 TQ2jWod+e0a3ylj+GL8gPoScvzFdBCZcaYauY2gtsDY -pP5q3ZYkRYqSeOEHxYXzQXCfltBGKi5jMpCfSP7PPSI --> `)-v-grease fr R1 W`Y -pjfwfNM9JTJe0/mYB6OC6LtgJeIvn4RVJogageAl/djWgMVZ4DDr2kakgF3V28xf -0g ---- 4b27xLN78GCex7VdHqlJj8g+SuUlOOgZjZ4Qj8/RIsk --N/&ˀvEֶ`}DO#`ZV^D"&p -p/ݹĬiqlᅳj@i57O,䇩$F2hS \ No newline at end of file +-> ssh-ed25519 ZB3e6Q sQJFhvr8FRUhNhBMue77730wcbg28fTFnsszgerwEBo +7VzmwSkllK2wbSyFSCClvjY4X6sT6vLLPBAcXSbmnRU +-> X25519 DufjAOGVQtGU2oiDCymV7rv9bdw5Llk3KjbOj5wJxxs +9sOvYKIfp+fUKcW6zbhAU3kwaUrF9PCBlu56qmGhOss +-> m-grease s$ A ,2 =sKpm +lLRsEhRI4PsWw9K6uygWxFznKZSJUXesteKQ7hZ/wWJXkRHq +--- XYl7iGPy1+YfKOWNoZoiYvfFjctfqhWWzR4hMCWmXYU +50K2Rp)w.(rhU~w|%j͂ 9V 0d{E\Vag~"T -3\)NS"I \ No newline at end of file diff --git a/secrets/chatterbox/synapse.yaml.age b/secrets/chatterbox/synapse.yaml.age index 621c8c64c0930d59431c649156f93252e81404e2..2bea90ccb91243098548344db4b6a23643a4451c 100644 GIT binary patch delta 996 zcmVHFPUSRZ4ntRC;k^XmWW{Gi^w8Z%;39Vr)`kR(N4_V>EbG zFiJQ?cM4B1Q#CkGL1|e-Y(r;rGC4IbPGwbTWnxr!Vo+x`NJ33fLsBq7IeK_eYYHts zAXqXrH8D9LWK3pfNH8&4PETz_PGfRbIZ821V`xWYV@geUczL8H(F^=a(`AuZ!mXhH(FCKSwdt%LoZM-Q3^f1rp)baH#V?NB-h#jB}|)fcm6Vh z&O04WNT}ErMY|o&tIhBEsnY74KaoH`$Bs{EUn8>q@lrL+yP&Lny4bsFSpK@MEHZB| zD%bq0?1@3L7|&k5Zz>{z4_sIXbTFnyE;CTn{Oyv1K7Ry?xiudrj;R_L2Fb zdC$;I@&1$NPqMg;aaVb$gCgOkG4D{2ys;@2Gg7tX>~$ax<#a2h~V zIiBQ;RrMrpl2aBz01!n}aM55d)G~;y5vI6`SE)XmGIz~!$?;0z%zg^IaZoEsYi&$)RAyH}3N1b$W^G?B zXL4m>b7denAVPR{S43+fb0B;QNi}#{VnK6uZ%a*6WH?SxS9W1#S5jd@Q+8KXT620@ zQ&~YbIa*d|bbm%tX-0HJN=bE1G({^fI72s9N^?arR0;|$EiE8TF-3DnayD04WOj2@ zZBI5$SW8qkOm%m8Wl>9WbZ19qHA-?yVplI}RapuOJ`1z}N)kwf1{z=sRy?8$NF)T) zPBamcV27i@1Q-Ka4=DDECfw<(TIOE1v zL<%nkhD_ohVL(gX1!k!$jx6vZ-F<;ef@+B`%21(p`8mPjkJ;?m)AR58@1a+lKYD}8 zb(&rIvaT;m!uSp5s5S~r&$8rrfZJj2z#T29ewmyfe@6MV>A_OU&VHqb)ECcFWJb`1 zd;%tslz-q&T2I_Hme0+=U?C{aGIzt?7HAf}eceLik?yty_bcVNFM{4Iur`nCsjP5F z1??SrbAfffExinYg@RhRqwwMo>@O4h&XcxA`C4K#){onjMUqvA6*n&b|H=~v%8|B< zyRoafUS^J3r106CA-5dzbUb>DP_1z3+l3^}4u3HW+>jJgk^MHI0ll>5*WYLcN=W%a zxDi?%Tlw21@ts5P0GKGmlJ@M}cqw}K%|4cuCGWyBDqA6$WQZpZxYg2MLYEkrMjLpV zy!wbp(u;n{nEG;qbC&fxG!7aNW9%J+_%0nRzA)EcQ7Wp84d0g=7=^J(C)iW8VMX^5 zxPMUC;+Gz>I=YYz`Mw#Z+M|rfMANR9xo>f9V&(?0o7g73-_2|Stz~QY`4N%ITfkVW zlL5r!*=g*WXKPO3G^H4OcUcoO|L%aYYH2kkqMweWm|xoqa-1ss;^ZUjA8*tcdOodg zN|TR9T=DHzeWD%rW^P@y_;FZg!}BDBMt{Z@9m?Ny-K|~KEdEWP{leG;qmP*k`*nU( zWWi%fi(t8u50-#A@yf2d@DX!D?>4;8d32tn3i*&{k&IBna$Rw6L3~z+4l{f@FgXgD zYWrEcZBukT)&?IWPjBr)W6Ayquy0#)Hcfb6O|jBQIxXLUY}$aJiZ}|HzaX_*Aro|M Uv0`^>q;tT%pY7rgW!lqZ4Ruu1^8f$< diff --git a/secrets/dhparams.pem.age b/secrets/dhparams.pem.age index c27e3a011bfb8f24cf41e4b7b32a218dfd015f12..a182ab9e581eb71b37c1d32874d0aff4e59bdfc9 100644 GIT binary patch delta 1203 zcmV;k1WfzU2+s+SEPr8dS#nu+X<{~3Sxjb2IYmfyPeWriQ$|izcX=~qGjK37K~pta zZ%bh_a|$<4XJs#SGi`ZhD{MlmX9_Jo zAXqXrH8D9LMOaaBSX6p*XIU~yYchFKHDyjmV`ghjQfOjxYJX@ra%yB^O)F?oHFi}= z3RyI0K{ZKMVNo$vGIDNZNoIO*YHE3PXJR->PIWSMMRhktR(C{oQciI&3N1b$acWE^ zKW8&7XL4m>b7de&Uok*iT`M4dWIhTtHbq8SWNUdsIWkgHRY*)TM>sEddQomTRyHp~ zY;$mJPEKcfIDb(#P<2x`a4$$qRB%E!WGi`WQB-Vmb3sH#3PD;`dO=z%GcPM|Nn}Ac zYidSWPH|C2G*Cr0P*FKWIc_g?R7^!fPH9?oN>^}iR!%EqRAWy!P6{n8Eg)ntNLO@H zF)&$HQ$smWZDd+cc5iM=V^>ajcVcTRHcDhwLQiBXM1L@3XITo$>`r=V9xcIO!+nnR z6t#{pJ-6Yuo%QY7U_4gSi#QlkP&ffM8#5kq9f@HY>({(A z)^Au>7}m678ypTJHn5DBm(^v=#c3XA1M2u)7}(+FT=rt%}P~>L{oNJ6h2mZFI2W z%XM}sq8XBl3-n4N472@KKnKa0p!5FBf#n><(SK8~zTDCV27$_K$Wsk9wScOnf?0UChfKqTyj*lu9?H2TTo+B?)$ z9B$MDxjz!_JR>^8V!j5~S?6e!po0H$->6$!)}7|x-FY>Y__L^`52H^Y@Q$_Q@YB{ zQAjfly3lB6qK-x4+x?LXaCdQ}DuZ~pJaJ+x)gBKb-HL^6!m4*8YfTCkV0zu>^(ocO ztH=s9BMgV%2Grs#GT>8gev7p0hkO}m>wg-EAQDH$o-XQctATHAcofiPV?RtKpzTB7 z2M^jhWG=9K+l`dDov@}g6s3QmnhozB#lG~s4@CsPu(+Lghd0F?6MxTd5>vU6uy5z% znBo^^Xi$hU4V!-{S!cM?@$t2XIy`kP!n#boQ||Ks{NMK&|0)VMAKja+*>93W{eOMZ zI456cyZ7|3&BWY|j=P1djuNq2pOra!e>O_&t?Jki@|XH@oo2C}*1V${eJ~%*Klyk) zlMwxco`aZ4+K1FpYQtL7YYdd@SPt!t=@|5$)Z^T0Y|&MIcSxE_fz7H?Ey=RC?j$`+ zv!%W6A=XlF!Qo72VhX8RVs)wZ`YaL|fGxihE9LpD(I-&z)O9;x4XpF#@dpk|&rozf RV=&M4P=`o>B(ih^{-E5u6tn;U delta 1076 zcmV-41k3x+3DF3UEPrlhMma)IayMyFadK#GZ!u^yIZ0zhFj;PKctTG#W^GYoHAZSm zRx>nrYYI_HMmc#}X;NBNL_;z`P;z&1YcE7^IZj$tS58Q4Lqu(2V|hhxdQUf0FbXX` zAXqXrH8D9LaaCweGE*yYF*agPD{eDOVNo_@a6(x)M>JwHYJW&Ebuw*kWO_JLZDK`h z3Trq+R55jDOG80(O*m6^Hg!)!MM6z5MrTxMZA>$BHAYEBM=x?~H#1Ua3N1b$F-$FI za%Ew2Wgu%#I0`s&QbKD{X)+2eEiE8OFHuo8GHp3CSVebtOHNWUIdgeYWA~)+|vfee-#*hR1+ugyi&FQYlZ|VK9RdaY0P#kn~aM{fkGdI)of{j6@2hfhCQ%2 zI1vnthHO8%{J8sIo!r*Q!JZVi-L44-2oxJFlJb-;1ie{jJY+}X(*wtc9|?URA)O)* zarO-ImVbI^T-i_XZ{Ufnm-oWx6rv1UbEjARgkvWiBQf=;u7+_yNPIc<*Yw}cW9J;6 zk5z8SI$M9&tB|iHpmERDEE;7?)+Dj(5CPCT)LdMBei!;gyxcRQXwPcw$)mVT&kLq= z_A~V(Q0F|nNfzK>>ETJ;ErOy1B_XHla%+}&U4M8ZF)mB2lnzHn@|=7@Ek!-!x3=ZT z&)OPM54#-FO;H!zKEHhA^mU6rl0#ow@We+PF_xq#&|N*EeND^04&7@CKxMWP*BWzL zUXMI(!@7lg^$)p&CvJWPB^2YXC?d0R4BS*riL_dXpff0Bv&1mDd;jL5vI6&}xd<`Y zv48*gJogV3TY*|gyNt{Z0(0^F2Rq4m(R>6uX!Sv3ra7o~qAAf)6EVEuK?e~W>Z1<{b%e0$65&LHlADF== zjjM@d_$)Z!e_q(;>Gze#ra0fbyPdk92fSw~ja`e^qaTgkdSwMHjrp>PF* z<6EU-!Z}9o=sf?=>5MWtdiVRdOlOadVY}OUNnGUk<*K`ng4%af{C4Z7%85z%r7fXx uM9UhE3G0MxnE?CbaPK-jC}IH={0O}G^cR#kRkIZRYGLsKzzNq1IpG-N?$Y&Lc_Y)oT#dPinaNeV4K zAXqXrH8D9LI5uZSNL6=GQcq5BWo$4)Qe}2>T4FFkK`VD^OMg*ub7gjND``+>c1CDP z3Px3PYiVjkFiKKPSa@wyG<0TnLuWB|D`ZDbW=~X6GE!({YDr;6GHYR33N1b$J2*!= zK}}FwEoX9NVRL05Av8x>T?$b+Ye7d=K}j-2O?P2(Z**j8VrWZRNlQdjG;mTxVl_lJ zOEyV4WoT+_X@5j=W@=VzOf)huOjC1Nct}DDEiEk|RZM4TOIk!hP)u%6bX8MlQD}BH zS4CDyRCrD>LvKk)K|*U}V|8n2Z!>QSqEGfB0JKnrl)i>*D8Zn==|;>kRI^MU2zU_w zkFiu)`j>&AP*PB@Y^ZrN0Ji>}2!zqzN+z%L2fwKmy;u9ktwj;_P3Xuu&hw*a%#Hqp zN>Vn;HB3)(?Yj~vsKe zN=7$EFbZOGOL#$PY;|HXH)?BbLQ6+hL{wI1XH7#!G;c?1O*BhGLqS7Ucup@+K?*HC zAXqXrH8D9LS#?);azt==cTajXP+@LoIb~{cGBIOjFHu4(WPfc-Z&zn@HF;Q2X=`^) z3S(?(P`xC#Ug>vx4j#I$qM?+~h2roJX}>v;ky ze}RIE&1jt@H5{HtU+Tf+qqURLaBGUA{hxCPKp58&Uz!_5BUz(c_3IqL63$!ZC@UO| z=X8Jd)XpE}&3A!qszDgFDxm>$B(bvPSfxBN?1bh(g+hEM&D6klpGc8EV?T^RG&VNB Ap8x;= diff --git a/secrets/estuary/netdata/powerdns_recursor.conf.age b/secrets/estuary/netdata/powerdns_recursor.conf.age index 43f5c76f53f876f8ee3e22febd2de849df0c1990..516853782a23d433e06ac83960c09ad1e93a835d 100644 GIT binary patch delta 464 zcmV;>0Wbda1M&lqEPqg9GHYjeb9z-rSw>PYGcQIqcy(n>OG0^LR5No}VP$hMLN7~B zZ&hz+X9_DtSZz#JZBuh=PiIbXadl=;VpT#pYfmp?L^o|(V^T0RNmX)lN|LX z3PNi#RboRcQ8smOY-?zCNLFr6Yh*KFc`HL$GFo~`b!Bf_MQuWKRAxt!m5eRZg6-I2< z7VA*27^2R|-%}V88YgYZ)%d|X6vAXw==n)9ym>#>X72Jg%^|KY6CIIM`nj<(8x=jN GB^0xx(5U4A delta 466 zcmV;@0WJRW1M~xsEPqR7Wp;L9GHgLYbz@0rM^I-`Niud*T1qQ2N=ijcNqKlfHAh8E zNl#gKZwgsXQ#4pIXi80HctK$=HcduKLSsp8ZFOj9H%~W9Pj-4rPFinxHhDBiO$seO zAXqXrH8D9LR#{JXHZf*!YE@-;PE#{YK~iWdGDl7{D>yW5F@I%8I8{zaGC4DCbaHn^ z3RW~PVK{SEPD6A`b}=<-IWssiWqCGHD?w#WMm0A^X+%n8O=Wa;L27Y#3N1b$Jai&I zEoX9NVRL05GYWDvV?{=JSSw{wPET!iW==t3cY0DuHgHo$SZ6~^Wp7V8W^hY3M?`Tk zG-zi=cx8HYd4DiCYj!sZEiEk|P*zY`Xm(*RbXrJ8O;$N^b5wd-Mn*V#adSdRI8AOw zZ!|G7XG~;BMKEIuq^iYgTGVLCqpgmZ34A33KKq2(Xf~pS!ov2f5`fh!HIk|=PE<<@ zulBs|3o@foRpy~C)p4$PQn>$n2S~qG5bN=GZx3qw97}+i!=r*_&vmZyM5-6=?w*Ih z`YlS?Pv^_zhY?Eg+*l5stYgYl^EHyCmi#KXKF?OFlnuV>9N3Z$#+eIlF>EmR#kV@c In&z4Z^uE=zKmY&$ diff --git a/secrets/estuary/pdns/auth.conf.age b/secrets/estuary/pdns/auth.conf.age index 9077cb1..1d36fd0 100644 --- a/secrets/estuary/pdns/auth.conf.age +++ b/secrets/estuary/pdns/auth.conf.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 n8CpUw AcjQZzA4G7pdhn011TXFQmTdDIQuTEfFc0mKjmPWUho -tecWVMzkggw92meDkh2tZV+lbvQCvrYr0YSV5/fCTRs --> X25519 JGc6LzCMH2LhJlUSyk4H5IDGfQNjtW9W6rz3SzoV/0Y -vGNuHYO95z5i+OVkj4TRuCxF122V/shxvD6CnGCT+kw --> g)n[I4U>-grease ^Tm {G saw -q/ODO7xmWIcsr2cMaVpEg38 ---- VHUzlGz2hT3SbnZ32S0SzBDCn3QwWxEohH9Cw3N2Je0 -.=-f˯c}}SzaPېZ7&g,GH;WVP*cѐ'-suh\KJ4 z3 \ No newline at end of file +-> ssh-ed25519 n8CpUw ACIVtxzORRq2ptG0/MNlBt83MQZJu3Pc3R/5QRpgi2A +NSO8o2fL/EDLXegZ/kkzMW4/Za79q/6QfMQ1t0Sk9BM +-> X25519 nHYed6I+w6lIxgQNPUdeO35HlHmd0tKATpvnbtB5WzU +IWRKvT2csHQplib3ms1akiqdzGS37xQ2ev45yGW5d+w +-> %YW{-grease +4/tMk8Gzztby5x5ojQXj3853G0V8t7AoZA +--- 6vzp2wJk0Eh0O33xXCLrQiNbqeV7oMgvvqrgyRMK9Mg +2ȬGhl)N˺[N p|3>m'N I?) =6`` \ No newline at end of file diff --git a/secrets/estuary/pdns/recursor.conf.age b/secrets/estuary/pdns/recursor.conf.age index de6b1ae27518b5cc20d9e06f2da9fbc4b616c26c..5b9f9dcecd6e93bc973a297269c41405bab5ecb6 100644 GIT binary patch delta 383 zcmV-_0f7Fn1EK?vEPr`+V`*=7byhhva$!|THF#BWY(iH!LPBn2HA`bnT4X^*N>@lv zHZoala|$_5LRv#pM@djLWj0qebYgZ`WKd02Oj>VHNq0(FMn`o?Za8sJPEspINeV4K zAXqXrH8D9LN@F-uHg0D_WNJZXSZqZxac^*1Pi=5CR!?Y3Xn$5wNLf^5OGk1-XGv*i z3Qc%*RXArwcSJZiNl0O9Monf}T1iD~LSWnpt=AYN5IO(1(9Iv_SqJ0l8KVR&RyZ#PqMc{Vv_G;erqFj_NIK{8G;M?zIW zPgZhQcM2^nEqEX=N_cZ}cz9t*c1&VHSu`<5c5rlYXG<$^M08|rH+g78T4!QoYFR5% zXD|xjp=j%fp#UlcyRpeWUm<}C(F%~lpm1;j2>_H?e8n|lsJpu6~u`XSS d*r$nE^0H#FB@RJ|pA}!E+8YS%QXfm+@;2-6g}(p* delta 398 zcmV;90dfAK1F!>-EPppgM@?vMQATb#Giz`-OlxXQVpeoyLo;GlNO)y%X;)cUX+cb4 zbw@W-RSHK>WH@9mR&q)(PESi^MO8CUO+!RXHez&ZIB8*YVOUmmSb0fOZ)|KaX9_Jo zAXqXrH8D9LSa(H4QEf<4W?6V^Vq-B=HCk(UGE;6dFmq3OM}IF_Giq*8X)7>UR%bFa z3NcY@FE}@BSvgihZ8CQ_PEAp0YD95&L~?FTWMoA{dNoyINLXuVK}SzX3N1b$a%pgM zEoX9NVRL05cv@;KFMc3s3U5VXb#!G@SxaYkNNjd&QD}29c}_)eS86p*Gi+BlIdXJZ zT6tJmOgJ-dL4Q?QI801zH$iH53N0-yAWwF6bV_nkGj%j+X-;xvL{c<*R&jH5LN9Y> zbwgrIVMRq$X<9I4Hg0r53MIA>of?v=>Uz=gfMWl0xhcL;@~Tf}Gu@5iqyI-wd`GK? sXtS3)sh%65Q4a(cvy_MD?30M)su=d7&F42~EiR2X!3RBm2%;~N?@IQN3IG5A diff --git a/secrets/jackflix/mullvad-privkey.age b/secrets/jackflix/mullvad-privkey.age index 6c6d52cd80a81765ad581422d602d9d0a699f295..6c8856ffa005f38d9cc1f60574568ad085bd3334 100644 GIT binary patch delta 469 zcmWm7J&V&|007|OKrrhGhaeKT?P^F{`zFmD6fVh|CTSDWHn~fqAk9bLG|flz(WdRv zNn8&c4xGeI6gM5jK?lL9pd6y04*CyVTolFU4?Gt;zjn@UY}SK{(}SZD31(c&EhLvP z3gs~a5{5-NS(>q8aw!l~zJWO-E!X*I>Pm53Jq<{1=FwCL9hc(+V@Wm5GLaU|R2s+* zMznCV4nU2;NyP9fM-M!ysLksGv1wy7r;rMlPERjV29_8<5*vCoooFYn zqOYiNHz>vv$5To^@mJQMmg{2M7Aoyiy8K@d1j@Wo?%~wo8sUpOcvbTc4g(Ei0|@1$ zG+;mMtN;n9IJ2kL@OUj7bZ6NXH~}a(dobIiC^Zx$75dzq0ZnoWm8BU?jIiR^wavn} z7VHd0foO$`#9n06$;!(eMoUOCkHsud=k*gZW`;uqn{GEp7(oy?utYQqGk+Fmxxy!& z8-mKRu^Q3SPCttJA}iP9F>7|ZURA{&e*XJ delta 434 zcmV;j0Zsn*1JnbMEPrNMa$<0HZB%x1MsQAILv&|YZ7Vr4H$-hoZ(&F{WL9TWN;XV3 zL3A-OFbZWuaWqj&NMdPaFJ(+KPE9pMNK1KUMr=fOFgH?Ub}%z{FgI02Ye;T3YYHts zAXqXrH8D9LF<~%pK}%0cWJ)t)IYCuUdR1#HL3464Qg>B!OMg^QK~P0$R!28kYjAor z3QTTiV>oPCV^(Z*MmBPBWJfYlXjxWFXHr^pb}&k1OII{%LULG9dNoEk3N1b$ZaHpX zcPnQtXL4m>b7deWB_<$NGjekvJy=wIVNW$M3Q%lxL`hRKPcbiMGdO8aa!F}rW>Ge3 zSW#k1OH6ELP=9VhV|RFBLTO||WLY$LMP*@mb$4k{L{Lj>P)0&AHF647Wo}wnId4&V zYC#GuEiE8dN=Z*?P)9*gOn5Iwc5GKrIZ`n-c4Kl@WkGUCQf4nON=HgYa#C$pI7JGx zwgb@-Rn|7DtXspOKlJSBTX%UXyTA4Az$6wqhN?lwVk?Y3s~i!MY3%O#t}t)8uJ2nQ c*5Ux@95i&pd(dY42Tv?p42&xy`jSA(KYbyX&j0`b diff --git a/secrets/middleman/cloudflare-credentials.conf.age b/secrets/middleman/cloudflare-credentials.conf.age index a19253f83d55d035d20efc458fc4e3248ab7265f..550d4a9aca5af872ce8d3a8071a5c99a62f99ead 100644 GIT binary patch delta 426 zcmV;b0agC>1Iz=EEPrZHRAg#TPAgPobVYGhM|O2+RC7aOQDJCpadaz9Vp(NoD{XgU zXh?cTa|%vHMMpAjQB+xROHOlZc41LSP&i6yPdGtCWn*|)a!W&OG;mcla#c`Fa|$g! zAXqXrH8D9LbxkWxa5Xh{LPbeabb3%Wa7b5nYEo`$cywxPb$?iSWN0%_W@t-gIWR<7 z3QKV^S3`PvbZlxzLs)h;N^@#$LNqUKb9ZB8Xl-spL`8KmdRj<9P;+iY3N1b$P(M3S zJ1u8&Wnpt=3PLzYPpn#bX8boMm1qFSa(MPX{Qc_4aX9_Jo zAXqXrH8D9LM|pZrc5_v4S2IU+Ofoc9Gc!m{P&6+xXjL;zF@JJ$PMS4C%3 zSu`*=Rc10nW`9jnNODRFEiEk|T1i@FaxpkFazij}ZFN*`QfD+vNp59&dPrqMIBIN2 zP&Gw2ba`}hZgeyXK|a^y4G#jvDwH++80UBxp;a~T9SSV1f~0R!H}?m~x1OV?O--Tc znCCh(1@uBQGDQyF1Kn%cYhve%=4ln0`2xD3_>k@K;Y_cwPla8-LlVuFB0$j~ylPuFwDg diff --git a/secrets/middleman/nginx-sso.yaml.age b/secrets/middleman/nginx-sso.yaml.age index e14aa757f4f6d9635d9d3466418fb2763384afa7..9b6f53a54033630bf4d58d0a0676743ba38c194e 100644 GIT binary patch delta 788 zcmV+v1MB?92D1i`EPqF7c4IG0I5=Z=Ib~-;R!3AhNLnjwd0}mDM0I#`cy%>#Xk%JN zac?;>I0|iZIazW!WO-vpRzpcdRCFszHbrMEMrCzjL~T-5Q+Q28Ge>JOOL|acNeV4K zAXqXrH8D9LFf=n!F=tRgLS<)US9LdKV^1+;I6`Y@P)l}3Ie&F+RW(O#Q*U-LSYm2L z3UxtHLo!HnHDY*KOKCAic~@|1c~?beRCz{rHBN14YeiHvdNfZ*HBmWh3N1b$Tw_N= zLM>-t6n&sG-Xz*__{{?I! z_cJlt{G$vH)eSUfZO;r}DoH|r77iys8F-Iz^0Wi_M(2*^++ad>;+3~~E<9zsrad!v z3Fqe(-q7EBQYcca#yMCl#K))P!haUT0*S3t<>Fu5zJFKIaoCgw3hd!I6BW@O`7WZ( z_J}dkKT}BQ#tN2bBu~Ju@JK?p)=0f1___hu5-ZhqiM}D}ffm@X0o(^gfzNsk}3{B)0gtLQbt zx`FiF)PLH9Py~FBi~b@Pfl?{Bfb?J!V89q7W4=37?H3}zShZbO-~31>`%b!5BD$jm zl~ghSW%0S&fhWpI$Wv761>$!O%m&lFfppsnQoA1%uGih5z6FpPz;b@SVk05pV(uY^ z^yfCGOi~Ub^=`5;RKi#qRIeaaXYK&~a6C=SbeSBH zi2^>+hajt@l9toh5p$VRR%x~2ik;7GQ&<}u@`n2<-G|=xy$7`k$F-Ieum!4vLAT^x z!Py9K=UjI0l(DFi2>1V#C!8621ajz&AjB= S?+x4sPB%p|Q)E+gPgO8iR8dGYH#1U7PAgSzZ){IyQfGBBVlik?Gzu*~ zAXqXrH8D9LGGb~9W1Z*6N;Za8dkOf@u2bW&qND{L@D3N1b$O+PJX za%Ew2Wgt~cAaX`|G%#LGX&_M`U@<{bb3qDGZcAo(R910pQ!;UNFk*RFa8Gn-cM2^n zEg)l4N<~>zVSi&pIZ07DVKP!MD{OXGQAA{SF>-4wdP-thb4XNkXGUvbOF;^h>mn}> zL{<-JpJe)lYwNSQo7z5ZEpMz7NKzyQlRj!3=VPnq5{J?lM6P0m9XnDUvAg~nhfZ&o zBHv&PU?--)CfX@--P9@Nwtwb~owv<8?KD;%Z3N=@Q-8e|VsW;cB}WkH*?B^5#~WBd z(-a9UqN_py%sB7ZGrz%Vt@0%ELo6rBUN;D|58ix<@8(l<{wLJzBCv<8Z!<<;|64to z@0!mc^%iHRZqd%4b|B5N1b~2AtF%Z* ssh-ed25519 hkbtvg IrwZ+4sEJvFpB/zrFR/8Lu4GgpPppm84IYOAP7QWH0o +Px7RM+aKmjRQKdr0Ta/v+s9M+rRvRTNs9YYaZnNeORk +-> X25519 lSIE40xvHLkKFMCgsKjVhbxYfv7ddDJ3xyMlcDdxgxU +sc+2ibxqyLtlcpFUPCab+x4imPjuedQadA4b1Qg63a4 +-> [J"78S~E-grease S||B(wq} suB8~I ~?E@d} +/3IplD0a0o3phrEIX85CAVkFRvLcCh3ncK/0Reur0bvKsqOjg37KH+Az5dDh2h9D +63kpJpGxwNKlRntnWQWxeYN2PN3cZrggH25/EJuJT3td2Q +--- a+cb3+9Z7WWk6vGGaiXz11G2fKUqLbYuUPyzturVFXY +CEB(c#Y$J4g*t~)h:H`ݷa' <Ark+DwcLK3mĽ \ No newline at end of file diff --git a/secrets/pdns-file-records.key.age b/secrets/pdns-file-records.key.age index 43ad5c19427d16f16da67320b1a17d85834defe3..ed4f19398cb470e396970760726854757860d96f 100644 GIT binary patch delta 731 zcmV<10wn!~2Kxn&EPq0HD{EOyV@peEP)~R?LRmIMFEnp2cr`RdIe9O0VP$M}W<+H$ zH+EQUX9{duS8{o9IcG;QQ&VSdHA;3lVrfT1Pi#n0V>eAvad2^VRdQrOX*D@;a|$g! zAXqXrH8D9Lc|lr6W_ERTaxp|$S}HXvc8xd3s<$hj7X_m6#o%>4bcd`YhYdTqO>2+!NsJ8Qof?# zgQBP~y!69PupVfRQU1$f8~QJU8)juy*#`yRKSfUTSRG<2RGs#bJ_rRmSECEoMjn7rJ~W8`qEj+OBU% zz)FlJYYZJ5hn!WM7M6VQuC%L)m+`Y2fkA5Kw{zmshikZr~rE5YrZZ@ZAm4ic2tMPX<{6A%rTT{TbXaL7#L_OQ2@9@ zTVpnwOI;2=)!uJNQ;~S}i)90&Pj}G*CvncXi;Dhn1wY~-a>*^hAT87%wW?u6C`|g> N%!{h3C-f#ls$?{DHF5v| delta 741 zcmVasSx-xPcx*Q>Y(hpd zWl3W&a|&{HZ&x!{FmY-`QBPBFG(|;WYfWc4YGY+dOL%v6a5-;tQ*1Fza6~eBNeV4K zAXqXrH8D9LL`ZCASx$LpZ)Y-AOhGwpbaGTfVNgs(QesR~Gk8na&>14EiEk|M{RIX zHfd#SR&6+KFn@VjM@@5Kb7xdmR$(qrnuni(J^^MripinwiX_9qfar~2p>Vb8Cu765cw)a z3xU7{7=I2YF)x2Kh=|;7v?~;m&@HmfI6x<%My|zR$fA8}UoLt=a;tUjRONr4!3kKq zGv_@8M!mKidNCnI-y1$-)ts?vr*=imQ9!UE$EIy!B=&~eK}f+-Gw;)RFZ`*2HR+vV zm`poAiM!hOMAJWs5fvSJ%Mdbd{B0HdtJ7mVMP81Q7mhB;Y*{Tuh*`g&PhT(5qD_G8 zSmHsOWak34q>dx@o?Rm2BP*W42$X7J Xj%@$eV5f(g9Ru@f&BY7K2E_}uskJn& diff --git a/secrets/user-passwd.txt.age b/secrets/user-passwd.txt.age index 7a12975752fe31a411e370045af1951a61b92f2d..256ca161fed01e07f81eb3a9b9adaabe1720bae2 100644 GIT binary patch literal 1425 zcmZY8&Fk9)0LJmD7pa0r52AGLB%$V|%}c=z^47FT^ZwE#cuCSUNz>-NNgMQ}C-tBX z4}u7S2qF_#;sd&EY!sJ4<~oOsend?T|liXG10grJWio*u!Z3!wp2yWgTv9O zi=E%odw<`_xhiL9zwOXalk1njhFa;X zfF3Wh6~012e>W!wiv`b`@R zInGS|wO?3P=yFbg*oKTvJtNjv;Y8Q;wg%QA6sMRCk%Lf&C_9%UFl)B?I6PXUWSwkk zSwd}uP9mh*p5_q6Y2M-&=*9RlxWD)9n9`-HS9zm`k4!d^P96gFBB}NM1=kp0y0vic_LR#{emAj^-f2-MWxY zCc`nSeHqsn>Wzs!*5quidWJRKgB>!l3NE*Ze|wJ3rBPIcUL6jf89l$*N%5drkd`nP zn?2&lVOkP7y*$iSHWb7PwH25XeaLJ)l>+wy?Zavqturo3S3V}2>jcB}fdtY{D8r8F zu2~lW+$gRCi2-S8eli+G1@hi5d1giqMx)U%C|lo?cvgx!UkEiXZQc+DN!lb$)22z9G^wDZO`7KY{iWSS4+BB* zqNg1^co1PanFnF`auf9=!W;-=J2+8)2SpGjGN)tSe*OiY=i&K&E!XKe@h0D=rI*Cd zCAkaMaHn^sTNJyVVLllbA~XIxndm9Oi+At1G9w)yY>i~ zRW@cpX2)`BUz5FIWqY=zmQYxsWNU6$R-FuNbz!9mg~5>&l#Y2^^D&$?S2gv<6kyj>r*4kP)g=Ei-#X1>9O9O5PXAg&PKkz6hkW>iLJf zKb`4;uy$z!B93btXfd2OTyUjSL3DIOGPU#>g0*Nfig_3WLV~>lPDCsx{p-fchY`T4KWp@dm?T zCgolQh_N{zO-Lk>)`Gnhr+CHJ#lwsM}RGRDa7*p3EqOWU$n>6>xI~ z`(s!J?#33t&PG_^Ca+Xy+soapnYVaSZk&qhdZ%E?_G)U->XI3 zVU$C8L+A}DX-Wvkl^F;HuBN#nr!p=nR6;?MX4MQjNt=n~9u+4{q-;VbX4phs z2rf5q)r<>Lgl8DV2@y^1dCi1(xbPpzjf5A??3s&*}tI9 zg=bzpdG0CV#)az}%@JH?Dm2@%cyIx$ldocdxaRH+v_({owqy zix-b>JbWvA@Rtj~+1r0Gpa1;Ro$CIp(PJ+?{`V#DlXK77zkc`6orm_Ha!>4z-aGZc d@2}i^x%H)Ka@a4SwlX9_Jo zAXqXrH8D9LPBn8^YJeR5WpFS2;sx z3N0-yAa{3CRewoFRzo#yPenO*I8IV>GE8JQM`~qDFmpz1b3|@-MMi67IZ}FKFbdV> zDBQ=nd>VC&W=p5h4dJLecttJUoI=BCTh`%OStg5#ww!(UJqujY?uLc^@3;12)fu~` zjr_z04}Ps;2v2Nac-DD6*5%m~FX~ocKDhz+tufppbv3Xw`{8TCJf~GUr%iRs;2+Hv m%~l$d2_X5qP#f`D&88w}Ojz}MvqMG&@D+O2C-TuI&?syIWu|HX delta 509 zcmV-a#l%tLRmO^N;EP`T3S>qMs7$=ZB}$bT~{gT6cFyQFCoYO?pIeF>rTsN=9y0D}Ok1ab$ILLq|11LP2Y9 z3UDhqL3mPeLTz<&WqDFXSy*&WHCkd+FGVYGD_A#WZE`S3b}~_LN;g$73N1b$W+q5f zEoX9NVRL05ND5OlHCkk5QZ`jhHB)IyOk*oYMQKB1bxL$nSxI#;D=}<%YEg?N`ujX}FxdTq}lAR9WL4WMUb%5c6$GDi6Pv