From ca6fe534dcc834fe500569e7a944226bbfc3458c Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Mon, 8 Jan 2024 23:31:06 +0000 Subject: [PATCH] nixos/git: Use separate nginx --- lib/constants.nix | 12 ++- nixos/boxes/colony/vms/estuary/default.nix | 6 +- nixos/boxes/colony/vms/estuary/dns.nix | 2 + nixos/boxes/colony/vms/git/default.nix | 92 ++++++++++++++++++- nixos/boxes/colony/vms/git/gitea.nix | 27 ------ .../vms/shill/containers/middleman/vhosts.nix | 5 - nixos/boxes/colony/vms/whale2/default.nix | 2 +- .../colony/vms/whale2/minecraft/default.nix | 70 +++++++++++--- secrets/dhparams.pem.age | 61 ++++++------ .../middleman/cloudflare-credentials.conf.age | 32 ++++--- secrets/whale2/simpcraft.env.age | 10 ++ 11 files changed, 221 insertions(+), 98 deletions(-) create mode 100644 secrets/whale2/simpcraft.env.age diff --git a/lib/constants.nix b/lib/constants.nix index f16671f..5b7549f 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -173,10 +173,14 @@ rec { port = 25565; dst = aa.simpcraft-oci.internal.ipv4.address; } - # { - # port = 25566; - # dst = aa.simpcraft-staging-oci.internal.ipv4.address; - # } + { + port = 25566; + dst = aa.simpcraft-staging-oci.internal.ipv4.address; + } + { + port = 25575; + dst = aa.simpcraft-oci.internal.ipv4.address; + } { port = 2456; diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index bf1d955..c0c6b1e 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -394,7 +394,9 @@ in tcp dport ssh accept ip6 daddr ${aa.middleman.internal.ipv6.address} tcp dport { http, https, 8448 } accept - ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport 25565 accept + ${matchInet "tcp dport { http, https } accept" "git"} + ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport { 25565, 25575 } accept + ip6 daddr ${aa.simpcraft-staging-oci.internal.ipv6.address} tcp dport 25565 accept return } chain routing-udp { @@ -431,8 +433,6 @@ in table inet nat { chain prerouting { ${matchInet "meta l4proto { udp, tcp } th dport domain redirect to :5353" "estuary"} - ip daddr ${aa.git.internal.ipv4.address} tcp dport { http, https } dnat to ${aa.middleman.internal.ipv4.address} - ip6 daddr ${aa.git.internal.ipv6.address} tcp dport { http, https } dnat to ${aa.middleman.internal.ipv6.address} } chain postrouting { ip saddr ${prefixes.all.v4} oifname != as211024 snat to ${assignments.internal.ipv4.address} diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index 7fe8268..215ff92 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -151,6 +151,8 @@ in valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address} simpcraft IN A ${assignments.internal.ipv4.address} simpcraft IN AAAA ${allAssignments.simpcraft-oci.internal.ipv6.address} + simpcraft-staging IN A ${assignments.internal.ipv4.address} + simpcraft-staging IN AAAA ${allAssignments.simpcraft-staging-oci.internal.ipv6.address} mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4} mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6} diff --git a/nixos/boxes/colony/vms/git/default.nix b/nixos/boxes/colony/vms/git/default.nix index 3b82f47..2787638 100644 --- a/nixos/boxes/colony/vms/git/default.nix +++ b/nixos/boxes/colony/vms/git/default.nix @@ -1,8 +1,11 @@ { lib, ... }: let + inherit (builtins) mapAttrs; + inherit (lib) mkMerge mkDefault; inherit (lib.my) net; inherit (lib.my.c) pubDomain; inherit (lib.my.c.colony) domain prefixes; + inherit (lib.my.c.nginx) baseHttpConfig proxyHeaders; in { nixos.systems.git = { @@ -72,9 +75,81 @@ in }; }; + users = { + users = { + nginx.extraGroups = [ "acme" ]; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "dev@nul.ie"; + server = "https://acme-v02.api.letsencrypt.org/directory"; + reloadServices = [ "nginx" ]; + dnsResolver = "8.8.8.8"; + }; + certs = { + "${pubDomain}" = { + extraDomainNames = [ + "*.${pubDomain}" + ]; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path; + }; + }; + }; + services = { fstrim = lib.my.c.colony.fstrimConfig; netdata.enable = true; + nginx = { + enable = true; + enableReload = true; + + logError = "stderr info"; + recommendedTlsSettings = true; + clientMaxBodySize = "0"; + serverTokens = true; + sslDhparam = config.age.secrets."dhparams.pem".path; + + # Based on recommended*Settings, but probably better to be explicit about these + appendHttpConfig = '' + ${baseHttpConfig} + + # caching + proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=512m; + ''; + + virtualHosts = + let + hosts = { + "_" = { + default = true; + forceSSL = true; + onlySSL = false; + locations = { + "/".root = "${pkgs.nginx}/html"; + }; + }; + + "git.${pubDomain}" = { + locations."/".proxyPass = "http://localhost:3000"; + }; + }; + + defaultsFor = mapAttrs (n: _: { + onlySSL = mkDefault true; + useACMEHost = mkDefault pubDomain; + kTLS = mkDefault true; + http2 = mkDefault true; + }); + in + mkMerge [ + hosts + (defaultsFor hosts) + ]; + }; }; virtualisation = { @@ -104,11 +179,24 @@ in }; my = { - secrets.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+KINpHLMduBuW96JzfSRDLUzkI+XaCBghu5/wHiW5R"; + secrets = { + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+KINpHLMduBuW96JzfSRDLUzkI+XaCBghu5/wHiW5R"; + files = { + "dhparams.pem" = { + owner = "acme"; + group = "acme"; + mode = "440"; + }; + "middleman/cloudflare-credentials.conf" = { + owner = "acme"; + group = "acme"; + }; + }; + }; server.enable = true; firewall = { - tcp.allowed = [ 19999 ]; + tcp.allowed = [ 19999 "http" "https" ]; extraRules = '' table inet filter { chain forward { diff --git a/nixos/boxes/colony/vms/git/gitea.nix b/nixos/boxes/colony/vms/git/gitea.nix index 3d2451f..1a932b2 100644 --- a/nixos/boxes/colony/vms/git/gitea.nix +++ b/nixos/boxes/colony/vms/git/gitea.nix @@ -26,18 +26,6 @@ in systemd = { services = { - # TODO: Figure out a way to do this properly... redirecting localhost is awkward... - local-http-forward = { - description = "Forward local HTTP connections"; - serviceConfig.ExecStart = "${pkgs.socat}/bin/socat tcp-listen:80,fork tcp:${allAssignments.middleman.internal.ipv4.address}:80"; - wantedBy = [ "multi-user.target" ]; - }; - local-https-forward = { - description = "Forward local HTTPS connections"; - serviceConfig.ExecStart = "${pkgs.socat}/bin/socat tcp-listen:443,fork tcp:${allAssignments.middleman.internal.ipv4.address}:443"; - wantedBy = [ "multi-user.target" ]; - }; - gitea = mkMerge [ (lib.my.systemdAwaitPostgres pkgs.postgresql "colony-psql") { @@ -141,21 +129,6 @@ in "gitea/minio.txt" = ownedByGit; }; }; - - firewall.extraRules = '' - table inet filter { - chain input { - ip saddr ${prefixes.all.v4} tcp dport 3000 accept - ip6 saddr ${prefixes.all.v6} tcp dport 3000 accept - } - } - table inet nat { - chain prerouting { - ip daddr ${assignments.internal.ipv4.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address} - ip6 daddr ${assignments.internal.ipv6.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv6.address} - } - } - ''; }; }; } diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index 27a96ac..ae9f71b 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -359,11 +359,6 @@ in useACMEHost = pubDomain; }; - "git.${pubDomain}" = { - locations."/".proxyPass = "http://git-vm.${domain}:3000"; - useACMEHost = pubDomain; - }; - "mc-map.${pubDomain}" = { locations."/".proxyPass = "http://simpcraft-oci.${domain}:8100"; useACMEHost = pubDomain; diff --git a/nixos/boxes/colony/vms/whale2/default.nix b/nixos/boxes/colony/vms/whale2/default.nix index 0eec004..01a22f3 100644 --- a/nixos/boxes/colony/vms/whale2/default.nix +++ b/nixos/boxes/colony/vms/whale2/default.nix @@ -51,7 +51,7 @@ in }) { valheim-oci = 2; simpcraft-oci = 3; - # simpcraft-staging-oci = 4; + simpcraft-staging-oci = 4; }; configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: diff --git a/nixos/boxes/colony/vms/whale2/minecraft/default.nix b/nixos/boxes/colony/vms/whale2/minecraft/default.nix index 612e47f..2fe60b2 100644 --- a/nixos/boxes/colony/vms/whale2/minecraft/default.nix +++ b/nixos/boxes/colony/vms/whale2/minecraft/default.nix @@ -5,6 +5,19 @@ let # devplayer0 op = "6d7d971b-ce10-435b-85c5-c99c0d8d288c"; + whitelist = concatStringsSep "," [ + op + "dcd2ecb9-2b5e-49cb-9d4f-f5a76162df56" # Elderlypug + "fcb26db2-c3ce-41aa-b588-efec79d37a8a" # Jesthral_ + "1d366062-12c0-4e29-aba7-6ab5d8c6bb05" # shr3kas0ras + "703b378a-09f9-4c1d-9876-1c9305728c49" # OROURKEIRE + "f105bbe6-eda6-4a13-a8cf-894e77cab77b" # Adzerq + "1fc94979-41fb-497a-81e9-34ae24ca537a" # johnnyscrims + "d53c91df-b6e6-4463-b106-e8427d7a8d01" # BossLonus + "f439f64d-91c9-4c74-9ce5-df4d24cd8e05" # hynge_ + "d6ec4c91-5da2-44eb-b89d-71dc8fe017a0" # Eefah98 + "096a7348-fabe-4b2d-93fc-fd1fd5608fb0" # ToTheMoonStar + ]; in { config = { @@ -21,19 +34,7 @@ in ICON = "/ext/icon.png"; EXISTING_WHITELIST_FILE = "SYNCHRONIZE"; - WHITELIST = concatStringsSep "," [ - op - "dcd2ecb9-2b5e-49cb-9d4f-f5a76162df56" # Elderlypug - "fcb26db2-c3ce-41aa-b588-efec79d37a8a" # Jesthral_ - "1d366062-12c0-4e29-aba7-6ab5d8c6bb05" # shr3kas0ras - "703b378a-09f9-4c1d-9876-1c9305728c49" # OROURKEIRE - "f105bbe6-eda6-4a13-a8cf-894e77cab77b" # Adzerq - "1fc94979-41fb-497a-81e9-34ae24ca537a" # johnnyscrims - "d53c91df-b6e6-4463-b106-e8427d7a8d01" # BossLonus - "f439f64d-91c9-4c74-9ce5-df4d24cd8e05" # hynge_ - "d6ec4c91-5da2-44eb-b89d-71dc8fe017a0" # Eefah98 - "096a7348-fabe-4b2d-93fc-fd1fd5608fb0" # ToTheMoonStar - ]; + WHITELIST = whitelist; EXISTING_OPS_FILE = "SYNCHRONIZE"; OPS = op; DIFFICULTY = "normal"; @@ -55,6 +56,49 @@ in ''--network=colony:${dockerNetAssignment allAssignments "simpcraft-oci"}'' ]; }; + + # simpcraft-staging = { + # image = "git.nul.ie/dev/craftblock:2024.1.0-java17-alpine"; + + # environment = { + # TYPE = "MODRINTH"; + + # EULA = "true"; + # ENABLE_QUERY = "true"; + # ENABLE_RCON = "true"; + # MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t [staging] §4§k-----"; + # ICON = "/ext/icon.png"; + + # EXISTING_WHITELIST_FILE = "SYNCHRONIZE"; + # WHITELIST = whitelist; + # EXISTING_OPS_FILE = "SYNCHRONIZE"; + # OPS = op; + # DIFFICULTY = "normal"; + # SPAWN_PROTECTION = "0"; + # VIEW_DISTANCE = "20"; + + # MAX_MEMORY = "4G"; + # MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/Ym3sIi6H/Simpcraft-0.2.0.mrpack"; + + # TZ = "Europe/Dublin"; + # }; + # environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ]; + + # volumes = [ + # "minecraft_staging_data:/data" + # "${./icon.png}:/ext/icon.png:ro" + # ]; + + # extraOptions = [ + # ''--network=colony:${dockerNetAssignment allAssignments "simpcraft-staging-oci"}'' + # ]; + # }; + }; + + my = { + secrets.files = { + "whale2/simpcraft.env" = {}; + }; }; }; } diff --git a/secrets/dhparams.pem.age b/secrets/dhparams.pem.age index 829212b..4401717 100644 --- a/secrets/dhparams.pem.age +++ b/secrets/dhparams.pem.age @@ -1,30 +1,35 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyBMQkxo -YUpuOW5hSFdZYzhBaU5oeFZPRlVoMmNWMEVhQ1VVclJwT2dtdEV3CmIyYStQeFMr -VkI3UjhSVFA1eDRZWXBjVXVxamx3ZDFaOTF0YS9ZVVk1eFEKLT4gc3NoLWVkMjU1 -MTkgZ1N4UDBRIEdReTZqdlZkSloyTTV6ZFl1QU1hbU53QlVpM3dFVUlNM25MRFhm -Uk96eHcKbWFOYytZbHd1d21xN2JEdE9xQlU2MDQ1dVNvQmlEQ1dCdDJUdXdNSURG -awotPiBzc2gtZWQyNTUxOSBWRmN3NWcgTURZWU01WS8wZnA0ZXh5L2h3ZHhPUUcy -NEhPUDdUcjVRZjRDUWlJRWJCZwpNakpPdFprVUxoWG1ESi9uZWFxV3RDbEJrbUc5 -Q2NsVmx5UnhBclhHSjlZCi0+IFgyNTUxOSArS3JYaklMR3RtSEVhbU5OR2EyY0s4 -OW12V09mZGVYYzdtbEdWL1NTdjJFCmU3c25iNG53d21pTHQvTW1TM2hDcG1xZkZq -M2R3QkZyMnMweFdTeVNFLzAKLT4gMz4sWF5JLWdyZWFzZQpmOU9PTTFieDQvbVhL -ZwotLS0gd0R2OHhrekNrWndZQVR4TTg1L21TM09hUWFzU3lLKzg4QXdHbWRhUWFE -dwoRz4OWxG6yPNFZtBgIuHT8fNp9LRfE7KoD4HcpZtnSIIhgjfs6Bw1KTJtDMRM/ -EbfhxdRuiRs9GES5RQw1n5+kFjZxD9X2ExbnsOhoqc9fY5w/BWcg467ExIt1svDh -wwXGKxsf7upC0NsvywpArY+FeAslYdpfsbwE7TlmnHSG4ZfvJq42RsMiz2VsoKxl -vgdK97lKWUD9xoWM1KJ0ujej8srRWjQQrWo3m28avgUr7LUHPYNbXcOALn60jsKE -N4pBf9pTO5DD6RHTltpXVPyNU6tewUXbyAFWYEPTF5c18Gsl1sjWxKX9mEHcK9VG -hK+5Bg1ygBJ3Rz0o9IROw/cnE8ukHvutZFzSg/d4VOoRvKxhBCxQfr/dy12e33RN -i3jkTqR8Op3279q5Fpi3Z3Ca23Ts32omRRKHt1wQWg9LnI7MonngJpSV1mWk6Lln -RfSxmMtE2DZ64FUCngV17nPXsNqsJxL/edecRaSYFuHWUSEaJvYxHbRN3/QZgKEi -PKUJ7n4hlVrHM9Dk1ktvgVUhf9bucywMiJZUE5bxP6iIlcdTJQsAbd3FzqM+KUD2 -FNEOY28RWPCBhbHtRK8w6a0hSfH3x6/1yBbVWrF7RyJayV6tSUyPMoSKobqSVgZ5 -LMZXaZXfvznBdmRHVyZjVtQM+SKcvY7+jguNCHWOltoCOosT1pdN6XWYyi8piNgQ -3nQDScaiEb61z7juzBlwsbFZ1xVRyMYrNeeg3y9JKjJEImxUae59ieSy+JLkIBYC -LtEwCmyvtcxyRtj1uki2DXtnbPP54vA0BIF0g0bw3FCNcjDslt7ruPN6YWPQjWOY -nCeONk9/JoA0ejG8AHK26W/YlvelQVF+qQJv/ODTdQIjjpM/6ftQZrb++m5hIQHD -p8pCNgta3bXYz58XyeM2WPqBKgU/OAC24AeOLgiTW8PdlTPy31Ylb/wNtsUFYqSW -2cPM/hM7Qjq+OAuuhgf2cOxRsx6cX1y9BnWJVRDUwwBTDjVsF+It8AK6RJ9CUL/p -gRI16087ZRMsfYi0qolVX80IQnJnTl6K8hjWhhc0KAUXZSc= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyB3QTU1 +TEdvbFNaUmE4U1lCNzI1dlloVDBTNXdURjZ2akRMV0R6dm5ST0FNCk9YclRSakhT +NlV2UVJwak9Fa3dQNTNBK0xKWGlkNXdwZTBEMm4xZzc3azQKLT4gc3NoLWVkMjU1 +MTkgakk4UkFnIGNBMHNrdG84cUQxd1lqQmJIczlScU1jNk52Y3BtR2tXeDNWdWRX +cEFCR0UKVU5vem5MZUFPbGhoQzJTYnF4OTd3OW9jYTRkazdocVJkZ0pRRGNLek93 +cwotPiBzc2gtZWQyNTUxOSBnU3hQMFEgQ2RUaEUyV1ZGbGRtZnlIUEtTQXk5MUZF +djYxZ0hBUThlV2tXTHNvdXpVSQpMdiswMy9QNUtCb1hkbGRqR0Nia3FXTzE1ajZL +UXljSTZqM2YvbzVuWUFzCi0+IHNzaC1lZDI1NTE5IFZGY3c1ZyBYL1NrRjRaRnFn +RlNLdWJ3cThteDM3WmNaY210d3RmZzhCYmNpVXBwVGlVCjBkM0IzZC9zNjhmTTZV +R25ySkVoQWxQQ252WWFlWWZFMlc5dWtUN3VvVTgKLT4gWDI1NTE5IE8yUU1pWGFr +NzUvZVpwalB6aklkWmJGWUQzTnJiRjNzdzY2MUp6MkY5M1UKR1VIWDVyTFpxem5F +TmRNWE9zZStLanRTdlU5d0NOSEJKdWhDUjBCdy9vOAotPiBTJCd2NyFYey1ncmVh +c2UgfE4mYSBXfms0TC5FPiBiYmx8IGRFV35mciNoCjVZdHRiVUtMMWxEMlJ4b1F1 +TGgxY01XTlZpTEtndkg0T0hRVjlqVUJGMUpSaE5tVlZWR3VGenpkUXY2eXJtbmkK +ZCtqRVN4dnZENXdoYkpjNHRWYXkvN2laY1p4YjV0WQotLS0gOHlEVTVOSmlNemNQ +TW5ISk1DeDlEM1RoQ2JtUFlyTXRKQjdnT0hiend2VQqrUFvr+76sKn0ldBmZMlEW +U2k85DLo2KU+/+GtbkZwVXxxIZHMLpoJgghHk9ptdalUgLGcl0X15x9jVaw8aeta +hbeOHotRHY7bC3z0S74riTk3xDMR1eT0QGhDMWHjfo8SkCftOYBlFfhTftevdep3 +pKMZsuQMwH9JzxgUfcxIcWE975cZzrEJ85nfWMGvdSjcg51KNxP/UUPRxDlcbCEf +9XX5apSzNsTI3ibGD1n6Qwq8bdVYDMHmy5pAhw4l8L+SdoU1tGdw7JOA16sMCJbx +T4bV0ky/PGRonjJuCyDBj8oe9vMe1ZI1O/ITtktekS+wocxBs6QXlY7pIZMlGUn2 +6m59ZEEaf7R4/MdnmBDNDkQuyXaKc7SaTc6h5sKWzXdYScGUKvgUQ7U/WJ2ItUTC +N/Xq07GkZZMt5MYBlyEr+/mKWlcy+ylJPGb7EswvQWaHoeM1QF0XLZ1v+W/Xsso0 +seIoz+geSu9a02kwfsa8WvWXdIAT5X2pNGPClVNzjQ23pfQfQuW8ZQrGmIFR4g5A +58T1K+vGLdShqqVGyJFMVrSuOzqX5FVmZalu7/++1IQfiRGUlrHKoPlKWnCfFEOu +AYjaPeEFX2ByxcqfMK1YVPvUufdISUQeaQOO7mXGE3FqB0oUqmRIUiWZATwhq3Pw +p5QdcySTnmMpD/w05hvwski77kCdmYuHlMlLZez/kfhTnIGXris+Vwi/V19bsZ8G +zwaZ/Xr6WNC+df5JqSfTGREnXZPFRDkaTt3ri5/eEm6BqliuYjGbuiKsDECi4+JX +bHpH6LBBoKQ6ms7jCAn0Ls4cUKF37PcjGAOuWnzCSBU+REht1EDfHzx4C7hNiP8X +87NjEqJbwE9lORho0hQJRTn8uriQcidlVoB3se2SYKbMy8UA4NNnxN9PTj0TuQjL +OD3LtqHBElqNPbGNyyEAAJmMBmmkUvPPXlGQ0D99b1+jIdHzYSRtOLshBFykqWYQ +LJD61duhGqcQqcLx4+JdQ+oVcfAI2nG7YINnHB0OmS2DOZvvwqQ7ASScSujUWIjA +LNQxu3ruMz+bw/G0tYZBBiE= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/middleman/cloudflare-credentials.conf.age b/secrets/middleman/cloudflare-credentials.conf.age index fc990b0..8709bd7 100644 --- a/secrets/middleman/cloudflare-credentials.conf.age +++ b/secrets/middleman/cloudflare-credentials.conf.age @@ -1,17 +1,19 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZGY3c1ZyBVMkFi -Zkd0SHI1L2M0YTNKU1RXVnFZYlB6T1hFK1B5RWwxYlpkSU9ZVlFRCmRPdWVyNkJ5 -VGw0K3ZBeW9mYmVteEt6aW9BaCtiTzhpb0lxdDZMTkJ6NFUKLT4gWDI1NTE5IGlW -UCtQeXg0bXZNMTlBQUVvTXBScDFRcHFSMzVBd2x5ZDJuVTg2cGx0MXMKTFNDbkN4 -SDlEcG9BOCt3Nk1yNENxKy9EU1dXVC9yalJ0ekRmc2FvQldmZwotPiA3JzZefHFp -LWdyZWFzZSAlQjUmCmV0dUJQU01RdlZraVdPNFN2YzE2Y3d6eW00RmlZd3Y0eVdu -bHUyVDlCb3dsZSszOFhNb1BIUGZUK2hqaFNkV3oKZDRZMU9UbUZUSURkakNvYU9N -WHJRVVhFT1VUczljZlpiVEZ4bSs0NGhYM0k3N0F5UEVWRXd1blFXZwotLS0gWTIv -NXVUb1RQL2ZhajFnSlJuaVp5c1hOUENnTkloOFJ3ZkFTY3pvdktCOAoFB6muUkj5 -xjLe5AQ9bHB2f8DL1U0ijCeHPMHv7fk41jpNAGc0KMxpNboGXxROEu2ZsLN2WJOm -z7LEGHh6bSGP/sBgJnnUMWdsaqToa/JK3d07LzZMevlNxAXOpe/SE3rAEFUnbPKr -UuNYoO2FmyDCAhmdB+HAhb1JUDmmGWEVftrwoCeRg97RE5Rgh/+GT6QJcAct6e3+ -QrJqZ9045L644rDqhMHGHAWTjsLX9s8i10WNhFS4x5J5+C9u32eC2xZ/ZjMj4vHU -xkNg/HCL6iDnm/jlSfmrbuTWu70IofWz9gPZy++/Gbf8uM7cICWXU1ujCI+4TIQm -we8GEP0lO4wrGYnzXgXs5cT0V0dV4Jn5 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGpJOFJBZyA2NGhR +aGJ3RjRaTjlFeUtWa1FZbmdQcGJmbVdxNVkveURqbmdwL2x1RGpVCnY5eTFZRjV3 +QVNMZ2xGMHVBek1BaklxUUtiRU5pTU9kWFk1VHhGNE81SFUKLT4gc3NoLWVkMjU1 +MTkgVkZjdzVnIElYUmkwbUFPeEExZnJGVWwvUFZsRTdhYkJsSC9CM3hMbGtuSVFs +UGJXQkUKQnc4MGNMM0JZcC9FeG5HeHpLUVFlNE9xelo4Qk1mam5WNlBITnF3WnJs +WQotPiBYMjU1MTkgVkpmUVdBY1p2UDdLcFpXVnJOZGUyZ1VXNVYrUmxkZlpqazRn +cVlLYkt5YwpZSUtIN0RwSEdOSUFYQ0Zsc1NzeUhiQ2Q0T296dmZ3UW5hY1Y1MEJn +MzF3Ci0+ICV5Qy1ncmVhc2UgXSggRWprMCBuCkdKVldUMHozVXlqTVNrUVdyUVd0 +MFdSN0dPSVdnT3hMN2NNYVBRSGZnV2k2cVp4NGdjMHBHS0xadC96YmNObEIKUWVH +YWk1Q2tuQUpsV01JWVozbG4rd0ZiN1JHOHRFYVFIenVxOFhXRndrN09lODkvaVhB +eDBoVmxvbU1FbWJrCi0tLSBSeU5TaVZUbmdwdmh1TDVzb0s1eDFvNkVrK1dqTmZG +cDJobU1DZkdHRWhnCvEtMAlEC+BPPYX1YvvcmvRjeOgbuuxzjkGjuB+tT1pBKfYR +9gsHtkPWibhCk546Q1w+fY4StxKmaoxPddBjeQNXh9W6cCQ/vSmxAFya3w5SEtPd +QjozqEVsiwBmBrZgt0UJ96e5hmhmD6zU7fp/RhpFpZv1JrEkhYEz8+jk5Ai96mSg +0pKDAU8xtCnyBBaPiaj2jU/6kiKoGaVXCEuIv0uayRhRp0wap/kf+ToHA/oXVXbl +TZsalOEKH38udhBJiMjRgemqyHQEEpjmYIMWdiTvH6PGZ0yp/09iiEyBCMwzcJAk +nr8HyZKcuzswBcVjRak/raM9lAbpdWWktHxAZa67wsCH017FDrN9e15B2MI8 -----END AGE ENCRYPTED FILE----- diff --git a/secrets/whale2/simpcraft.env.age b/secrets/whale2/simpcraft.env.age new file mode 100644 index 0000000..72c2020 --- /dev/null +++ b/secrets/whale2/simpcraft.env.age @@ -0,0 +1,10 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBEb2hB +cnZBRFZ5OFlvR1ZtSm4zWG1MMjFhQ0VONkk4M2hPQmlaV0tkS21vCm9pWTA4UGtE +dXd4SnFCd3JMeGg3c0ZXZm5Fc1hWdkhxbEQzYVZyMHkyM00KLT4gWDI1NTE5IEwr +MXpubG9nMk1wNFczQ2dUY0NSKzZoR3ZkQlBkbEtOclg3YklWeEYwR1kKZE8wTFND +eDgrbDhNL0ZYYVNCSGRSN1dNSHlmdEVFSnVENnFMVjlOL3k3UQotPiBpNUpIRC1n +cmVhc2UKV0JWMGdmZldNUyswR2tLdUVFRQotLS0gK0E3VFRlVXZqSDQ0ZDBvdjdl +YU1UQkltNUw5ZndVTU1kbVZ6bDlCQjU3NAp0czfiB+B6CH87gdHFh4i6ssbAtjEC +RnlqGXKkw3Lxa66DU0KYewcXcnTQZQSXbaVHin1KXndG7F0Jvz0po70= +-----END AGE ENCRYPTED FILE-----