From 7d4ce411c29652909cbf360cbf107837e7ee144c Mon Sep 17 00:00:00 2001 From: oddlama Date: Sat, 14 Jun 2025 10:14:35 +0200 Subject: [PATCH] chore: remove immich --- hosts/sire/guests/immich.nix | 385 ------------------ hosts/sire/secrets/immich/host.pub | 1 - .../sire-immich/postgres_password.age | 9 - .../promtail-loki-basic-auth-password.age | 10 - .../sire-immich/telegraf-influxdb-token.age | 11 - .../ward-kanidm/kanidm-oauth2-immich.age | 10 - ...oxy-sentinel-psks-sentinel+sire-immich.age | 7 - ...eguard-proxy-sentinel-priv-sire-immich.age | Bin 322 -> 0 bytes ...eeb2bd5238e193-telegraf-influxdb-token.age | 7 - ...c027-promtail-loki-basic-auth-password.age | 8 - ...-wireguard-proxy-home-priv-sire-immich.age | 8 - ...guard-proxy-home-psks-sire-immich+ward.age | 7 - ...oxy-sentinel-psks-sentinel+sire-immich.age | Bin 306 -> 0 bytes ...f77a27fdaf6d22a1ba55-postgres_password.age | Bin 281 -> 0 bytes ...7c300ed6f3-immich-oauth2-client-secret.age | 8 - ...a7-telegraf-influxdb-token-sire-immich.age | 7 - ...12b7ab919989b6497-kanidm-oauth2-immich.age | 7 - ...guard-proxy-home-psks-sire-immich+ward.age | 7 - .../wireguard/proxy-home/keys/sire-immich.age | 9 - .../wireguard/proxy-home/keys/sire-immich.pub | 1 - .../proxy-home/psks/sire-immich+ward.age | 9 - .../proxy-sentinel/keys/sire-immich.age | Bin 465 -> 0 bytes .../proxy-sentinel/keys/sire-immich.pub | 1 - .../psks/sentinel+sire-immich.age | 10 - 24 files changed, 522 deletions(-) delete mode 100644 hosts/sire/guests/immich.nix delete mode 100644 hosts/sire/secrets/immich/host.pub delete mode 100644 secrets/generated/sire-immich/postgres_password.age delete mode 100644 secrets/generated/sire-immich/promtail-loki-basic-auth-password.age delete mode 100644 secrets/generated/sire-immich/telegraf-influxdb-token.age delete mode 100644 secrets/generated/ward-kanidm/kanidm-oauth2-immich.age delete mode 100644 secrets/rekeyed/sentinel/f9e987f9a615350e98faea68bfd1d02f-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age delete mode 100644 secrets/rekeyed/sire-immich/0730d572a8ade5d77ac73599e0e34849-wireguard-proxy-sentinel-priv-sire-immich.age delete mode 100644 secrets/rekeyed/sire-immich/3c477d946db6a631ffeeb2bd5238e193-telegraf-influxdb-token.age delete mode 100644 secrets/rekeyed/sire-immich/3eac162a8d876aeca6df53466fdac027-promtail-loki-basic-auth-password.age delete mode 100644 secrets/rekeyed/sire-immich/48210b29550be1724e0e6a5603af581a-wireguard-proxy-home-priv-sire-immich.age delete mode 100644 secrets/rekeyed/sire-immich/489ba5990cd27a548ef61bf66d994759-wireguard-proxy-home-psks-sire-immich+ward.age delete mode 100644 secrets/rekeyed/sire-immich/728f08e691130577601b4679a3dab787-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age delete mode 100644 secrets/rekeyed/sire-immich/e55cf79b52fbf77a27fdaf6d22a1ba55-postgres_password.age delete mode 100644 secrets/rekeyed/sire-immich/ea54ab4624fd187523f06b7c300ed6f3-immich-oauth2-client-secret.age delete mode 100644 secrets/rekeyed/sire-influxdb/07a3e3541d88d79a37a412416a54e5a7-telegraf-influxdb-token-sire-immich.age delete mode 100644 secrets/rekeyed/ward-kanidm/1a56c4d74b010ed12b7ab919989b6497-kanidm-oauth2-immich.age delete mode 100644 secrets/rekeyed/ward/fb12194e159c81499ee0ad944efd427d-wireguard-proxy-home-psks-sire-immich+ward.age delete mode 100644 secrets/wireguard/proxy-home/keys/sire-immich.age delete mode 100644 secrets/wireguard/proxy-home/keys/sire-immich.pub delete mode 100644 secrets/wireguard/proxy-home/psks/sire-immich+ward.age delete mode 100644 secrets/wireguard/proxy-sentinel/keys/sire-immich.age delete mode 100644 secrets/wireguard/proxy-sentinel/keys/sire-immich.pub delete mode 100644 secrets/wireguard/proxy-sentinel/psks/sentinel+sire-immich.age diff --git a/hosts/sire/guests/immich.nix b/hosts/sire/guests/immich.nix deleted file mode 100644 index 8c66fa4..0000000 --- a/hosts/sire/guests/immich.nix +++ /dev/null @@ -1,385 +0,0 @@ -{ - config, - globals, - nodes, - pkgs, - ... -}: -let - sentinelCfg = nodes.sentinel.config; - wardWebProxyCfg = nodes.ward-web-proxy.config; - immichDomain = "immich.${globals.domains.me}"; - - ipImmichMachineLearning = "10.89.0.10"; - ipImmichPostgres = "10.89.0.12"; - ipImmichRedis = "10.89.0.13"; - ipImmichServer = "10.89.0.14"; - configFile = pkgs.writeText "immich.config.json" ( - builtins.toJSON { - ffmpeg = { - accel = "disabled"; - bframes = -1; - cqMode = "auto"; - crf = 23; - gopSize = 0; - maxBitrate = "0"; - preset = "ultrafast"; - refs = 0; - targetAudioCodec = "aac"; - targetResolution = "720"; - targetVideoCodec = "h264"; - temporalAQ = false; - threads = 0; - tonemap = "hable"; - transcode = "required"; - twoPass = false; - }; - job = { - backgroundTask.concurrency = 5; - faceDetection.concurrency = 10; - library.concurrency = 5; - metadataExtraction.concurrency = 10; - migration.concurrency = 5; - search.concurrency = 5; - sidecar.concurrency = 5; - smartSearch.concurrency = 10; - thumbnailGeneration.concurrency = 10; - videoConversion.concurrency = 5; - }; - library.scan = { - enabled = true; - cronExpression = "0 0 * * *"; - }; - logging = { - enabled = true; - level = "log"; - }; - machineLearning = { - clip = { - enabled = true; - modelName = "ViT-B-32__openai"; - }; - enabled = true; - facialRecognition = { - enabled = true; - maxDistance = 0.45; - minFaces = 2; - minScore = 0.65; - modelName = "buffalo_l"; - }; - url = "http://${ipImmichMachineLearning}:3003"; - }; - map.enabled = true; - newVersionCheck.enabled = true; - oauth = rec { - enabled = true; - autoLaunch = false; - autoRegister = true; - buttonText = "Login with Kanidm"; - - mobileOverrideEnabled = true; - mobileRedirectUri = "https://${immichDomain}/api/oauth/mobile-redirect"; - - clientId = "immich"; - # clientSecret will be dynamically added in activation script - issuerUrl = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}"; - scope = "openid email profile"; - storageLabelClaim = "preferred_username"; - }; - passwordLogin.enabled = true; - reverseGeocoding.enabled = true; - server = { - externalDomain = "https://${immichDomain}"; - loginPageMessage = "Besser im Stuhl einschlafen als im Schlaf einstuhlen."; - }; - storageTemplate = { - enabled = true; - hashVerificationEnabled = true; - template = "{{y}}/{{MM}}/{{filename}}"; - }; - theme.customCss = ""; - trash = { - days = 30; - enabled = true; - }; - } - ); - - processedConfigFile = "/run/agenix/immich.config.json"; - - version = "v1.131.3"; - environment = { - DB_DATABASE_NAME = "immich"; - DB_HOSTNAME = ipImmichPostgres; - DB_PASSWORD_FILE = config.age.secrets.postgres_password.path; - DB_USERNAME = "postgres"; - IMMICH_VERSION = "${version}"; - UPLOAD_LOCATION = upload_folder; - IMMICH_SERVER_URL = "http://${ipImmichServer}:2283/"; - IMMICH_MACHINE_LEARNING_URL = "http://${ipImmichMachineLearning}:3003"; - REDIS_HOSTNAME = ipImmichRedis; - IMMICH_CONFIG_FILE = "/immich.config.json"; - }; - - upload_folder = "/storage/immich"; - pgdata_folder = "/persist/immich/pgdata"; - model_folder = "/state/immich/modeldata"; - - serviceConfig = { - serviceConfig.Restart = "always"; - after = [ "podman-network-immich-default.service" ]; - requires = [ "podman-network-immich-default.service" ]; - partOf = [ "podman-compose-immich-root.target" ]; - wantedBy = [ "podman-compose-immich-root.target" ]; - }; -in -{ - microvm.mem = 1024 * 12; - microvm.vcpu = 16; - - # Forwarding required to masquerade podman network - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - - environment.persistence."/state".directories = [ - { - directory = "/var/lib/containers"; - mode = "0755"; - } - ]; - - # Mirror the original oauth2 secret - age.secrets.immich-oauth2-client-secret = { - inherit (nodes.ward-kanidm.config.age.secrets.kanidm-oauth2-immich) rekeyFile; - mode = "440"; - group = "root"; - }; - - system.activationScripts.agenixRooterDerivedSecrets = { - # Run after agenix has generated secrets - deps = [ "agenix" ]; - text = '' - immichClientSecret=$(< ${config.age.secrets.immich-oauth2-client-secret.path}) - ${pkgs.jq}/bin/jq --arg immichClientSecret "$immichClientSecret" '.oauth.clientSecret = $immichClientSecret' ${configFile} > ${processedConfigFile} - chmod 444 ${processedConfigFile} - ''; - }; - - wireguard.proxy-sentinel = { - client.via = "sentinel"; - firewallRuleForNode.sentinel.allowedTCPPorts = [ 2283 ]; - }; - wireguard.proxy-home = { - client.via = "ward"; - firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ 2283 ]; - }; - networking.nftables.chains.forward.into-immich-container = { - after = [ "conntrack" ]; - rules = [ - "iifname proxy-sentinel ip saddr ${sentinelCfg.wireguard.proxy-sentinel.ipv4} tcp dport 2283 accept" - "iifname proxy-home ip saddr ${wardWebProxyCfg.wireguard.proxy-home.ipv4} tcp dport 2283 accept" - "iifname podman1 oifname vlan-services accept" - ]; - }; - - globals.services.immich.domain = immichDomain; - globals.monitoring.http.immich = { - url = "https://${immichDomain}"; - expectedBodyRegex = "immutable.entry.app"; - network = "internet"; - }; - - nodes.sentinel = { - services.nginx = { - upstreams.immich = { - servers."${config.wireguard.proxy-sentinel.ipv4}:2283" = { }; - extraConfig = '' - zone immich 64k; - keepalive 2; - ''; - monitoring = { - enable = true; - expectedBodyRegex = "immutable.entry.app"; - }; - }; - virtualHosts.${immichDomain} = { - forceSSL = true; - useACMEWildcardHost = true; - locations."/" = { - proxyPass = "http://immich"; - proxyWebsockets = true; - }; - extraConfig = '' - client_max_body_size 50G; - proxy_buffering off; - proxy_request_buffering off; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - }; - }; - - nodes.ward-web-proxy = { - services.nginx = { - upstreams.immich = { - servers."${config.wireguard.proxy-home.ipv4}:2283" = { }; - extraConfig = '' - zone immich 64k; - keepalive 2; - ''; - monitoring = { - enable = true; - expectedBodyRegex = "immutable.entry.app"; - }; - }; - virtualHosts.${immichDomain} = { - forceSSL = true; - useACMEWildcardHost = true; - locations."/" = { - proxyPass = "http://immich"; - proxyWebsockets = true; - extraConfig = ''''; - }; - extraConfig = '' - client_max_body_size 50G; - proxy_buffering off; - proxy_request_buffering off; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - allow ${globals.net.home-lan.vlans.home.cidrv4}; - allow ${globals.net.home-lan.vlans.home.cidrv6}; - # Firezone traffic - allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv4}; - allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv6}; - deny all; - ''; - }; - }; - }; - - systemd.tmpfiles.settings = { - "10-immich" = { - ${upload_folder}.d = { - mode = "0770"; - }; - ${pgdata_folder}.d = { - mode = "0770"; - }; - ${model_folder}.d = { - mode = "0770"; - }; - }; - }; - - age.secrets.postgres_password.generator.script = "alnum"; - - # Runtime - virtualisation.oci-containers.backend = "podman"; - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - }; - - # Containers - virtualisation.oci-containers.containers."immich_machine_learning" = { - image = "ghcr.io/immich-app/immich-machine-learning:${version}"; - inherit environment; - volumes = [ - "${processedConfigFile}:${environment.IMMICH_CONFIG_FILE}:ro" - "${model_folder}:/cache:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=immich-machine-learning" - "--network=immich-default" - "--ip=${ipImmichMachineLearning}" - ]; - }; - systemd.services."podman-immich_machine_learning" = serviceConfig; - virtualisation.oci-containers.containers."immich_postgres" = { - image = "tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0"; - environment = { - POSTGRES_DB = environment.DB_DATABASE_NAME; - POSTGRES_PASSWORD_FILE = environment.DB_PASSWORD_FILE; - POSTGRES_USER = environment.DB_USERNAME; - }; - volumes = [ - "${config.age.secrets.postgres_password.path}:${config.age.secrets.postgres_password.path}:ro" - "${pgdata_folder}:/var/lib/postgresql/data:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=immich_postgres" - "--network=immich-default" - "--ip=${ipImmichPostgres}" - ]; - }; - systemd.services."podman-immich_postgres" = serviceConfig; - virtualisation.oci-containers.containers."immich_redis" = { - image = "redis:6.2-alpine@sha256:51d6c56749a4243096327e3fb964a48ed92254357108449cb6e23999c37773c5"; - log-driver = "journald"; - extraOptions = [ - "--network-alias=immich_redis" - "--network=immich-default" - "--ip=${ipImmichRedis}" - ]; - }; - systemd.services."podman-immich_redis" = serviceConfig; - virtualisation.oci-containers.containers."immich_server" = { - image = "ghcr.io/immich-app/immich-server:${version}"; - inherit environment; - volumes = [ - "${processedConfigFile}:${environment.IMMICH_CONFIG_FILE}:ro" - "${config.age.secrets.postgres_password.path}:${config.age.secrets.postgres_password.path}:ro" - "/etc/localtime:/etc/localtime:ro" - "${upload_folder}:/usr/src/app/upload:rw" - ]; - ports = [ - "2283:2283/tcp" - ]; - dependsOn = [ - "immich_postgres" - "immich_redis" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=immich-server" - "--network=immich-default" - "--ip=${ipImmichServer}" - ]; - }; - systemd.services."podman-immich_server" = serviceConfig // { - unitConfig.UpheldBy = [ - "podman-immich_postgres.service" - "podman-immich_redis.service" - ]; - }; - - # Networks - systemd.services."podman-network-immich-default" = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "${pkgs.podman}/bin/podman network rm -f immich-default"; - }; - script = '' - podman network inspect immich-default || podman network create immich-default --opt isolate=true --subnet=10.89.0.0/24 --disable-dns - ''; - partOf = [ "podman-compose-immich-root.target" ]; - wantedBy = [ "podman-compose-immich-root.target" ]; - }; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - systemd.targets."podman-compose-immich-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; -} diff --git a/hosts/sire/secrets/immich/host.pub b/hosts/sire/secrets/immich/host.pub deleted file mode 100644 index 9c7563b..0000000 --- a/hosts/sire/secrets/immich/host.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKE+geXK2RVVNwZVoYOuX7pW+6mbgCa9SIghJCdHmbSB diff --git a/secrets/generated/sire-immich/postgres_password.age b/secrets/generated/sire-immich/postgres_password.age deleted file mode 100644 index 414a5f7..0000000 --- a/secrets/generated/sire-immich/postgres_password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> X25519 lxcs64hgn5qiaMjFfFKIdS7a4DYzsSIp2rYWu9Sxg1o -DWoXP55lOfYh26BQyMTWtJpZXD6RAYYT4ArCNy2RmPQ --> piv-p256 xqSe8Q ApSmxT6ujEnuH3c0Avr7g/DGdbSf906OFhOiMvi9ONmt -UmLDT5AJkIc8GgLgaVgS6KWk7d0rf/P29V4l2JU1lgI --> )-grease p4kI HFcVp -dPSUp6CWnLW6gpi6a2g+mWKIZ+OEYiRvTc6YcSLY ---- 7pImagsw0LryRQOHCqzwJxCQNyoESpJsrztMaUqrwPg -NbǬ Е7MNPr>+8zJĒo\LWsڳz0;ipRiK.wvK \ No newline at end of file diff --git a/secrets/generated/sire-immich/promtail-loki-basic-auth-password.age b/secrets/generated/sire-immich/promtail-loki-basic-auth-password.age deleted file mode 100644 index fe40ad7..0000000 --- a/secrets/generated/sire-immich/promtail-loki-basic-auth-password.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> X25519 ks4qXV3qPJeADOguclgvlOS/81Wd7fgcVKdlhg3FgzI -PLKauYQ+46t8RSPD73M18RUOL/z4SjikoNsDbL3X/cc --> piv-p256 xqSe8Q A2xu0dbsgARRnDBak5Cd6YG3JF5zOuZlqzPdbg9lgP2x -+tbb9URbCrPqIWOp0O26ptbXRUh/6koKhdONNz5p494 --> Yy),Z@(\-grease %R <|> I]- G -1t94Jtghka4vBg2VMzDqPO2qwzpovhNT0W+fe0K82obdDaajCa3pfiFz4Nrfbm+7 -hsJyVaViVGio7BVDPso ---- 8JU+s4Yn2DCmSHfRx4EPn8pa8RRWTn8BfEkCLhVn+DI -~loLNu앵 zt5žcW0g8,{5tK>mH? \ No newline at end of file diff --git a/secrets/generated/sire-immich/telegraf-influxdb-token.age b/secrets/generated/sire-immich/telegraf-influxdb-token.age deleted file mode 100644 index 3f3dfa9..0000000 --- a/secrets/generated/sire-immich/telegraf-influxdb-token.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> X25519 SQp3X/pCRAK0LDysYw/iO5XbD5DknZDqrfYVsF4Wryc -MToFiMkEqhq0uJlDE3peo/1r2eG8SGfYj6XZDcHJHsE --> piv-p256 xqSe8Q AjwjDiFrzD8Zvc7Xx9fA7WcxG+nsF2mUgmMlFswinh/l -ONrzVVrUpWWfy4on9Vouz3D3VxSYu4Rb2+DnRSyBtWU --> J)C?2Kps-grease ", -+w4vydh7txIfUxLLwNztvo6nDva4zEfkJJZn2Kbh1agtjfiaqVh9hznQyHjY+bKX -TTro7bJoHrdBOj7RX6CV1BO0w2ToeQ1XnkhZv/8GE2xm3aehsSEFt5AqU8f2ucrt - ---- ISE4KQBHYV8vazUMaRG9y8BTag3zVtMN32n3lwiTp48 - dѲTAvuW 9lPFg. T FS!5ۤTo LvΦ,2TH7a!lj*GG \ No newline at end of file diff --git a/secrets/generated/ward-kanidm/kanidm-oauth2-immich.age b/secrets/generated/ward-kanidm/kanidm-oauth2-immich.age deleted file mode 100644 index 231b353..0000000 --- a/secrets/generated/ward-kanidm/kanidm-oauth2-immich.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> X25519 Ty4SRY71eyfLWJGIC0cv89Rg+PEJr1LTyJQgIvj8mRg -3z6gLE56zvPRWWFpCkAx6GdFwAztMgBZnfI/OJfCtzU --> piv-p256 xqSe8Q AyEmhugnXJ33KHAVh/9B0C9oQ1SF3/gFtoAPpThy/4Ef -eEPKdBTKx7Px39zRu7Dtdm6vyZxEzN23SekmsjZ9ILU --> d^!fR-grease -WjaPB3mvS8+aKj9FKDdeSMrIDRu4cvxT9llTrxZxOD+Ej4o8lCN+LRmrAZ6eb1W8 -BWuUvPLUgyWi4eyDIARjperIrX8ESLgqIg ---- rKC5HveByQdXritRQdLqNgasq6y20rT/nfrQenVmoTo -_ A5N1iBl[ OIpJ;iq,#KOx}K Zs0(!ࣁdY2Mv? \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/f9e987f9a615350e98faea68bfd1d02f-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age b/secrets/rekeyed/sentinel/f9e987f9a615350e98faea68bfd1d02f-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age deleted file mode 100644 index d8d2efe..0000000 --- a/secrets/rekeyed/sentinel/f9e987f9a615350e98faea68bfd1d02f-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yV7lcA jwq+aERGrSBruGupY97T9auTbE+H3g8Hw3xC+1i+bk8 -IspH8Sk7HmTFgxrFY4X/y82KMUYVNaKQprqLRc49A9w --> %3<-grease {Y*P~G`X ~.XJm) _M zG%+_pT1-S^a%y>NRW?>MYiVqCM_El}QZr*uYG+brP&ZmgaaBuNdRYofM`J~Jb5S!l zT6#)!O=oB|ZEP!OP<3KrQdTo?MKNk`b4Ex)O>9F#H*X3pJ|I+WcWN~&HES(ra%Ew2 zWgs*-Z!#cUIZZ-5DlkDHQD{?WUSl~RdRSX8FmwuVYfxl4bvSl6K}vaeNm)4xEiEk| zdPZ4FH*aN5HZwshL^o|KS5IPLF-|#AVJ}!WN_S&yLufZ*bZ|#FNl-xw{%^0OR7#Yb z5N@>Y^O5jB)bbkUwg$%!j_M42%AXHIuSp{GwQuGZ)oP_)W=qg+<$80r5bL*heN6yb UY`J~O8O&KUJbS`9HN77BA|d>9=l}o! diff --git a/secrets/rekeyed/sire-immich/3c477d946db6a631ffeeb2bd5238e193-telegraf-influxdb-token.age b/secrets/rekeyed/sire-immich/3c477d946db6a631ffeeb2bd5238e193-telegraf-influxdb-token.age deleted file mode 100644 index 5b4f60e..0000000 --- a/secrets/rekeyed/sire-immich/3c477d946db6a631ffeeb2bd5238e193-telegraf-influxdb-token.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 U8ytLQ H08JFmNPi6NkwMDFFRyox/Bwy7wuao3J9w+l+ETur2A -t8qlbolexzP3+cDki2urbIWVYW4NfZMwZBvFMMI8GBM --> -s7e/*R6-grease s-UuW4;H k$c2ACx ]rWl( -yqY+Oe9nCE++YSot+ca500n+j7GKqiUnnlv79UaRrg ---- /VOnIZ9CtnxPjX4lwMg3XNlhbiz62OFrqcdN6Br8Pgg -/i1DJ ssh-ed25519 U8ytLQ 2BnIjFpUAhxNiv1VMyTxfAk/zUSkU2iHdB/bRXvEX3E -WryT51bMkDioGkL98uslwujesj30ybnjgcg/jNn7J9w --> L];e9$m-grease -9+l/2uiMG8qKpm6g7n2rtRTKulRQ63bCCycs+bnIPMduNX+E ---- vh3VVgzgopb7EJBKQIoL4fUYKpuKDojxeX6ZihRcQ1M -ںU'ǿP岨\SNH}oa'*ӆnؾ -]Šs'٢Q!.)=} \ No newline at end of file diff --git a/secrets/rekeyed/sire-immich/48210b29550be1724e0e6a5603af581a-wireguard-proxy-home-priv-sire-immich.age b/secrets/rekeyed/sire-immich/48210b29550be1724e0e6a5603af581a-wireguard-proxy-home-priv-sire-immich.age deleted file mode 100644 index 6a97cdd..0000000 --- a/secrets/rekeyed/sire-immich/48210b29550be1724e0e6a5603af581a-wireguard-proxy-home-priv-sire-immich.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 U8ytLQ ZDczMuStTpVUMGlObtJB5uA07U/OsrOXaocAGJQ5SUQ -D4Lg2MwHZVFHhTBlCDB3ZAnigTCVnNOFII5Hs9FxoL0 --> oV-grease Y>Wk^oz -lG4J8UNTiqKwws8XmfgOZBtLBf83/OciQN+bWAFbbVd5JSl1SSUDuyu94bp34Udq -MyziULMJLT/tgjRM8H/TmBbuuIhWImHegnSA0WAZ ---- lSARhYuFG3dOCOJmNhgEhToUWyUxwBDQaYTrJ4KJQM0 - * }R@]F \HGl}4'Jg<% 1>=R03I\J \ No newline at end of file diff --git a/secrets/rekeyed/sire-immich/489ba5990cd27a548ef61bf66d994759-wireguard-proxy-home-psks-sire-immich+ward.age b/secrets/rekeyed/sire-immich/489ba5990cd27a548ef61bf66d994759-wireguard-proxy-home-psks-sire-immich+ward.age deleted file mode 100644 index 90cbe43..0000000 --- a/secrets/rekeyed/sire-immich/489ba5990cd27a548ef61bf66d994759-wireguard-proxy-home-psks-sire-immich+ward.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 U8ytLQ Q49jP/1k8wgMHasJRs3j4qw4kDjmYMxzx190cqJpD34 -97gvdGUGDqP2LMdxuIM6u0FdNgKbUuKZl6p5irO+BeM --> 4FcwR4h*-grease Yn]g)b %taX> 066d`Ecg -6cpXlQaMcTQU7dHNzQgZMeExv0KnJxzAov0BPBpFeiVfQPJqoDc+qgU ---- 94bvmt9LqBAL3sqQRhc1k9vYo91+Fa7/r8nDpqnyXZ4 -Lp#VP%7 dH~}c|/UvF{[sDCy>Z V@0Õ^}1ޤ$( \ No newline at end of file diff --git a/secrets/rekeyed/sire-immich/728f08e691130577601b4679a3dab787-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age b/secrets/rekeyed/sire-immich/728f08e691130577601b4679a3dab787-wireguard-proxy-sentinel-psks-sentinel+sire-immich.age deleted file mode 100644 index d3258bacc849ce109853ee87520fc41e681b2df6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 306 zcmV-20nPqlXJsvAZewzJaCB*JZZ2_5 zLNr=-Zg+NOQA;aMSyWXvGDBi$Xi9T>Y->hHQ(<*uRZui%Yf3U>R!It2b$VA=V@E?_ zM^|raSVC7gI9N7QI4ebWd1_cjP*pZHR%&NSc1U<@N_Pq^J|HYmIW1>$Wnpt=AV(rz zXl^4T3RP%MZhAO&STJE{N^(_UI8ZP#Nn%xSS}|t|EiEk|Flt6GXLwq5G<7d)Qdl)e zZfHYpNN8C_GkI=!b8b>q|la#=VE@mO5sv3e|&iw)?UE*A7~RrICw(wk&` zM@O&)T7@1_`U4(XXgM7&*{{21t`n8STok?l_B zZdEW^XlOBUD@s!_IaD@uV{bHWVM;Mja$b7cxs zMso@+EiE8&ac)&qdQfdJG%s*!Q#f-uVK_rKb~$x0ODk46PDF8MNq0zEcvEa-NNWl< z%!-_NiY}z^t4k$l8S$X9 ssh-ed25519 U8ytLQ Qz3qe16ayxmKLHCxFAZrGQXWS/FhOZPnj3ypEec7jQA -rvEBCW3zma2qm6QpGpKY4mF/j6ttXIjc9HCruU2UQJk --> 8'%i5|\M-grease ^J Z5D- ~9 h -peL12fzjuN8ykkalpUdYEl3QaRJ61qGxdA9iL3QKPG+Ei8sddmFIepRXsy0I0Puz -qw5gjOxypZeO1ZiTanZHbc6diRWsyFqs/e6g+foym5lfGqh3V7xU0faK9uU ---- WxKCnJ0tpm61Oa1emofkD46mw1shbpYD8Ydq0MK7IUA -?e94x3A1+ R?ޞf؈[}w9yL|zh41ڢs \ No newline at end of file diff --git a/secrets/rekeyed/sire-influxdb/07a3e3541d88d79a37a412416a54e5a7-telegraf-influxdb-token-sire-immich.age b/secrets/rekeyed/sire-influxdb/07a3e3541d88d79a37a412416a54e5a7-telegraf-influxdb-token-sire-immich.age deleted file mode 100644 index 9914af3..0000000 --- a/secrets/rekeyed/sire-influxdb/07a3e3541d88d79a37a412416a54e5a7-telegraf-influxdb-token-sire-immich.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 1tdZKQ 0Hu2I4Uu6HMOXTqQ5dF9pAc3rYoMR38V6JnBaq5H1HQ -Kvl4Sx04B4eHCeejGaMYrdphhXfonSGiqWW4A6T7qfA --> pt|1-grease -vbrjj8oX6rf8mEvmk1qFuoGdxg0PEUxeX2yt6iMjpgeflILf ---- zAiDixmszWdxQMSTnUqBdkUc4TFCNnQi5K4dom7KpI8 -ܚd)I וuxf"[tW[y97?Du4I;i :x:fJ&;%*%N>W࿨j1 \ No newline at end of file diff --git a/secrets/rekeyed/ward-kanidm/1a56c4d74b010ed12b7ab919989b6497-kanidm-oauth2-immich.age b/secrets/rekeyed/ward-kanidm/1a56c4d74b010ed12b7ab919989b6497-kanidm-oauth2-immich.age deleted file mode 100644 index 963849a..0000000 --- a/secrets/rekeyed/ward-kanidm/1a56c4d74b010ed12b7ab919989b6497-kanidm-oauth2-immich.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 QciEZQ v54bFE7wHdyai3cLvMEfslDxGD6Q/fQOmUV6LvQU/yw -Uvkutdp1noMoVrDT4yojftit6fT8V7GQEyPK9KW8qqk --> FpI$xw}3-grease ?@EgZ,|] -tT07uRYy7SukFRWKrHXAMLAdLsU ---- /FyC78r+hWcAzO/9/yfNMmsk6GTCUcyhE+N0JKROmxw - 9@oqW"Q%bUR; 9p"̳t6B90!V^hu1BW( f$ƞrhn \ No newline at end of file diff --git a/secrets/rekeyed/ward/fb12194e159c81499ee0ad944efd427d-wireguard-proxy-home-psks-sire-immich+ward.age b/secrets/rekeyed/ward/fb12194e159c81499ee0ad944efd427d-wireguard-proxy-home-psks-sire-immich+ward.age deleted file mode 100644 index 5f1e5af..0000000 --- a/secrets/rekeyed/ward/fb12194e159c81499ee0ad944efd427d-wireguard-proxy-home-psks-sire-immich+ward.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 iNceIg JvzQt+2ZkDJMDm1KlZQdDml8H4ycJ6AokJPSoZP5cU4 -wpodFTm/MHvNUgNMfKsRkBcqixtW01beo6sAiEdClcM --> ]s%j-grease F80K -+qNWHTRpraF9RkyWQgtAKTyx6zHnRE186qaTSMkEA6aRCsT6Gg ---- eVGyjUp6M/kxFZahyFU1yzoLJSYuGduGZHf6tqkblCI -(=qՓ<$SBYa9j~|Az./~JMw_%9bqg(Y>*3V^&+Ja \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/sire-immich.age b/secrets/wireguard/proxy-home/keys/sire-immich.age deleted file mode 100644 index 7823230..0000000 --- a/secrets/wireguard/proxy-home/keys/sire-immich.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> X25519 uJ3uiXX1C9PpMhT3kcYvUf8mIGxD8KTB6gGKdPGJnCs -ei8KR51jD/rWUp494k6M20oTrwDTiGpdkbOOmW4lOXo --> piv-p256 xqSe8Q A92Qea9NZuHlV2xGjSo53jlPVnKjwBTbMPF23PeXXDrq -IfzttqGs1jW3RlOKGm08vKtJIIkzwRT1fUoMwkbMbuU --> (-grease ;&ILFt\Z \H g&6+q2Xa Z -ZribRa/ctUpGLy4veZe+BF+3YnF6tku94bsH72Exo2WulHZS ---- Std/62CowuRVpxSYuzhJLHy5jNWMpnl6ILk4U7oW54s -:Ĉrs[ oޏl;l]m3̎nm5:Rk4xNE#$d/ nY2r \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/sire-immich.pub b/secrets/wireguard/proxy-home/keys/sire-immich.pub deleted file mode 100644 index 2aa18d4..0000000 --- a/secrets/wireguard/proxy-home/keys/sire-immich.pub +++ /dev/null @@ -1 +0,0 @@ -7Vu1OqBCLq6WNvah8QFBjnwNZUfZqzToFyQH2g/RJR4= diff --git a/secrets/wireguard/proxy-home/psks/sire-immich+ward.age b/secrets/wireguard/proxy-home/psks/sire-immich+ward.age deleted file mode 100644 index 1466cad..0000000 --- a/secrets/wireguard/proxy-home/psks/sire-immich+ward.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> X25519 ocNApTQlwFHphPMWeXS60TWO8RY4kXv1/G7mpvCRfno -q4tgumwcZKxNrObdkxLpU9tPttrDe5oZzOZYu+boNCE --> piv-p256 xqSe8Q A8FzxSYN5kOVb8VG57H105SMUC8P+IRBz5oCN4QX7F6D -7YesnMqNXTyR5Ojtli9R8atxm5dqi9cjEvnnuyT6I1g --> %5P"-grease ,Wf aH@;2_dA ~4s:8[ -opJOhAN4Evvp4x7ndCEfALKDUMvvpqlbwUTSplehbPI ---- oMT/RknMnLIf0ujr+Q/xOCxN8qDOVkNYCVEjoJ3AscA -vYv](լ*nۇ E1 x͘]:;i'-Kl=Pnv}i|5Qs \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/sire-immich.age b/secrets/wireguard/proxy-sentinel/keys/sire-immich.age deleted file mode 100644 index 7b614db93040c74b93acb78ead585e603f6cf918..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 465 zcmWm7zmJnp003YeE*D93yu`^4MlWd)`VM-Kn2SB$0Y{Iv$d7W>K}sKwS1eFyp)h!} zF6X&u)Wt;;7iawkbTlT$+3lvA%nioD-1iTB9!4~Z{j5qCB#G}N8D@$WMej6R!1FD! zQ9At4Q~=AG?pP8vuGu*(an?&#UfW)fIzF%=81yx)+d9SYD%R!F&t$eXkhLw$)3Qk> z(B?zZW)E5!HRCKbo{xqD>6;5r(ay$O$Ni+ zK&Ekqyc|)gKU88E?bc3YCPBg{X^%5=crW5WUoxoz6cDmchAVqC+ z!1Hjh1eT&3eJ6^jOTWnFwR`9P_D|n#?)=zvZ#;SQ;M(cacYj_9pEl0Ft>s7SAK$~X r&*9PY4fE{y`tOHdwocyMlE3~0`1Z5EFRtvp{7~K1-K!_BzaRexpZ%c- diff --git a/secrets/wireguard/proxy-sentinel/keys/sire-immich.pub b/secrets/wireguard/proxy-sentinel/keys/sire-immich.pub deleted file mode 100644 index 1c369d4..0000000 --- a/secrets/wireguard/proxy-sentinel/keys/sire-immich.pub +++ /dev/null @@ -1 +0,0 @@ -slaNaddkDDEeC9Y69VTKqAhYJcjc2u0UbbwxNzaZNR4= diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-immich.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-immich.age deleted file mode 100644 index 31a4330..0000000 --- a/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-immich.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> X25519 YIhkI6nWo8Ud/fjZVBXO5g0NOmaXVbmLiFvSLJ/cdFg -4RZpFKtM40Q81tSAIq1xUjMy4GmGeIZ+335KiFf28M8 --> piv-p256 xqSe8Q AuTq/W1xNTEYrBAbLgffA95slATEeMRMUIwuMyicmwcA -QlR1jm1BC/MDfSF82oJibcS5huJx0lRtdbO/dHfIkKE --> XNC"-grease ~K@0bKg{+/0:\Ðs-5jg J =p6C?迯 \ No newline at end of file