From af4c7db8c18e37924a900932f3adbcb1b8075929 Mon Sep 17 00:00:00 2001 From: oddlama Date: Sun, 18 May 2025 20:23:05 +0200 Subject: [PATCH] feat: add mealie --- hosts/sentinel/firezone.nix | 1 + hosts/ward/default.nix | 2 + hosts/ward/guests/adguardhome.nix | 1 + hosts/ward/guests/kanidm.nix | 24 ++++++ hosts/ward/guests/mealie.nix | 79 ++++++++++++++++++ hosts/ward/secrets/mealie/host.pub | 1 + .../sentinel/loki-basic-auth-hashes.age | Bin 2634 -> 2723 bytes .../ward-kanidm/kanidm-oauth2-mealie.age | 11 +++ .../promtail-loki-basic-auth-password.age | Bin 0 -> 496 bytes .../ward-mealie/telegraf-influxdb-token.age | 9 ++ secrets/global.nix.age | Bin 3617 -> 3735 bytes ...7f5b14bf1f05cdf-loki-basic-auth-hashes.age | Bin 2551 -> 0 bytes ...3b0deaad3d35a85-loki-basic-auth-hashes.age | Bin 0 -> 2654 bytes ...3b-telegraf-influxdb-token-ward-mealie.age | 8 ++ ...9f78131fe5bcf2a07-kanidm-oauth2-mealie.age | 8 ++ ...d1fda123df3d8d-telegraf-influxdb-token.age | 8 ++ ...-wireguard-proxy-home-priv-ward-mealie.age | 8 ++ ...guard-proxy-home-psks-ward+ward-mealie.age | 7 ++ ...21fd1f2022-mealie-oauth2-client-secret.age | 7 ++ ...3e84-promtail-loki-basic-auth-password.age | 8 ++ ...76d676cc0a97b4b-loki-basic-auth-hashes.age | Bin 0 -> 2619 bytes ...3aa1c34b6ed6dfd-loki-basic-auth-hashes.age | Bin 2526 -> 0 bytes ...guard-proxy-home-psks-ward+ward-mealie.age | 7 ++ .../wireguard/proxy-home/keys/ward-mealie.age | 10 +++ .../wireguard/proxy-home/keys/ward-mealie.pub | 1 + .../proxy-home/psks/ward+ward-mealie.age | 11 +++ 26 files changed, 211 insertions(+) create mode 100644 hosts/ward/guests/mealie.nix create mode 100644 hosts/ward/secrets/mealie/host.pub create mode 100644 secrets/generated/ward-kanidm/kanidm-oauth2-mealie.age create mode 100644 secrets/generated/ward-mealie/promtail-loki-basic-auth-password.age create mode 100644 secrets/generated/ward-mealie/telegraf-influxdb-token.age delete mode 100644 secrets/rekeyed/sentinel/0eaa4bb18cbfcecdc7f5b14bf1f05cdf-loki-basic-auth-hashes.age create mode 100644 secrets/rekeyed/sentinel/754829daef824cd4d3b0deaad3d35a85-loki-basic-auth-hashes.age create mode 100644 secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age create mode 100644 secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age create mode 100644 secrets/rekeyed/ward-mealie/0e26f79cf1faf0b8aed1fda123df3d8d-telegraf-influxdb-token.age create mode 100644 secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age create mode 100644 secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age create mode 100644 secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age create mode 100644 secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age create mode 100644 secrets/rekeyed/ward-web-proxy/06b01e2633342abd576d676cc0a97b4b-loki-basic-auth-hashes.age delete mode 100644 secrets/rekeyed/ward-web-proxy/09683ecb6ba69322f3aa1c34b6ed6dfd-loki-basic-auth-hashes.age create mode 100644 secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age create mode 100644 secrets/wireguard/proxy-home/keys/ward-mealie.age create mode 100644 secrets/wireguard/proxy-home/keys/ward-mealie.pub create mode 100644 secrets/wireguard/proxy-home/psks/ward+ward-mealie.age diff --git a/hosts/sentinel/firezone.nix b/hosts/sentinel/firezone.nix index 94dbb4d..7591cf9 100644 --- a/hosts/sentinel/firezone.nix +++ b/hosts/sentinel/firezone.nix @@ -18,6 +18,7 @@ let "cast.photos.${globals.domains.me}" "photos.${globals.domains.me}" "s3.photos.${globals.domains.me}" + globals.services.mealie.domain globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 518ee23..0a08a1f 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -20,6 +20,7 @@ let "cast.photos.${globals.domains.me}" "photos.${globals.domains.me}" "s3.photos.${globals.domains.me}" + globals.services.mealie.domain globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain @@ -142,6 +143,7 @@ in // mkMicrovm "adguardhome" // mkMicrovm "forgejo" // mkMicrovm "kanidm" + // mkMicrovm "mealie" // mkMicrovm "radicale" // mkMicrovm "vaultwarden" // mkMicrovm "web-proxy" diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index 626859d..1e2e2fc 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -118,6 +118,7 @@ in "cast.photos.${globals.domains.me}" "photos.${globals.domains.me}" "s3.photos.${globals.domains.me}" + globals.services.mealie.domain globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain diff --git a/hosts/ward/guests/kanidm.nix b/hosts/ward/guests/kanidm.nix index 010bfa2..595c847 100644 --- a/hosts/ward/guests/kanidm.nix +++ b/hosts/ward/guests/kanidm.nix @@ -39,6 +39,7 @@ in age.secrets.kanidm-oauth2-grafana = mkRandomSecret; age.secrets.kanidm-oauth2-immich = mkRandomSecret; age.secrets.kanidm-oauth2-firezone = mkRandomSecret; + age.secrets.kanidm-oauth2-mealie = mkRandomSecret; age.secrets.kanidm-oauth2-paperless = mkRandomSecret; age.secrets.kanidm-oauth2-web-sentinel = mkRandomSecret; @@ -155,6 +156,29 @@ in ]; }; + # Mealie + groups."mealie.access" = { }; + groups."mealie.admins" = { }; + systems.oauth2.mealie = { + displayName = "Mealie"; + originUrl = "https://${globals.services.mealie.domain}/login"; + originLanding = "https://${globals.services.mealie.domain}/"; + basicSecretFile = config.age.secrets.kanidm-oauth2-mealie.path; + preferShortUsername = true; + scopeMaps."mealie.access" = [ + "openid" + "email" + "profile" + ]; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "mealie.access" = [ "user" ]; + "mealie.admins" = [ "admin" ]; + }; + }; + }; + # Paperless groups."paperless.access" = { }; systems.oauth2.paperless = { diff --git a/hosts/ward/guests/mealie.nix b/hosts/ward/guests/mealie.nix new file mode 100644 index 0000000..6731ac1 --- /dev/null +++ b/hosts/ward/guests/mealie.nix @@ -0,0 +1,79 @@ +{ + config, + globals, + nodes, + ... +}: +let + mealieDomain = "mealie.${globals.domains.personal}"; +in +{ + wireguard.proxy-home = { + client.via = "ward"; + firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ config.services.mealie.port ]; + }; + + # Mirror the original oauth2 secret + age.secrets.mealie-oauth2-client-secret = { + inherit (nodes.ward-kanidm.config.age.secrets.kanidm-oauth2-mealie) rekeyFile; + mode = "440"; + }; + + globals.services.mealie.domain = mealieDomain; + globals.monitoring.http.mealie = { + url = "https://${mealieDomain}"; + # FIXME: todooooooooooo + expectedBodyRegex = "TODO"; + network = "internet"; + }; + + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/private/mealie"; + mode = "0700"; + } + ]; + + services.mealie = { + enable = true; + settings = rec { + ALLOW_SIGNUP = "false"; + BASE_URL = "https://${mealieDomain}"; + TZ = config.time.timeZone; + + TOKEN_TIME = 87600; # 10 years session time - this is only internal so who cares + OIDC_AUTH_ENABLED = "true"; + OIDC_AUTO_REDIRECT = "true"; + OIDC_CLIENT_ID = "mealie"; + OIDC_CONFIGURATION_URL = "https://${globals.services.kanidm.domain}/oauth2/openid/${OIDC_CLIENT_ID}/.well-known/openid-configuration"; + OIDC_SIGNUP_ENABLED = "true"; + OIDC_USER_GROUP = "user"; + OIDC_ADMIN_GROUP = "admin"; + }; + }; + + nodes.ward-web-proxy = { + services.nginx = { + upstreams.mealie = { + servers."${config.wireguard.proxy-home.ipv4}:${config.services.mealie.port}" = { }; + extraConfig = '' + zone mealie 64k; + keepalive 2; + ''; + monitoring = { + enable = true; + # FIXME: todooooooooooo + expectedBodyRegex = "TODO"; + }; + }; + virtualHosts.${mealieDomain} = { + forceSSL = true; + useACMEWildcardHost = true; + extraConfig = '' + client_max_body_size 128M; + ''; + locations."/".proxyPass = "http://mealie"; + }; + }; + }; +} diff --git a/hosts/ward/secrets/mealie/host.pub b/hosts/ward/secrets/mealie/host.pub new file mode 100644 index 0000000..d78cb5f --- /dev/null +++ b/hosts/ward/secrets/mealie/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmfHyKfCoAUflxiWZF4IBLMxLtTZexaAfwVwzFJIlqH diff --git a/secrets/generated/sentinel/loki-basic-auth-hashes.age b/secrets/generated/sentinel/loki-basic-auth-hashes.age index 858f27a02a35bf6416897389780d4df1c5efbb5c..6a398a1141c702407057bd4b300a7adccf6bdf07 100644 GIT binary patch delta 2719 zcmV;Q3Sjlh6r&Z8Ab)OlaAIdyZCOKkWKU;oYiCqOX;(!`Fj8+=VM|YLNOm-9ax-pA zQ&uooQ3`N&Oif`{R8nM1ZD%h?PHb#gRZ~N6cWEnTV=H7)Zb&wBFJ*62SU6f{X9_Jo zAaH4REpRe5HXwL$Q)M_&AVF(aV@)$bYG+VINLgWOSY&W%NPkmQNI5k^OGINtQ*~=q zPgqk?WGiKOYiSB^PiSmVMN(^HYH3YJGej$MMlWe;Ohr&lNJ~mZZZj4IGDD6u-mD6^1nHGBau$=_``rhMT zETWN&z33+JUzF#otAVjXx4%=PM)RsPp%;=mQspH0eSaikv%3U-N!6VM2A*FwWY(Un zsRQcj_oy@Jr*Ued4e4E_j-lH-0Vg)>F2{pSoBQmAw}b{xh~Y|h2GD>MOP|r18;($l zbB3Pfxgl5xZSA*5BHg+>&YGN+a|MKKPK&YnH-M4FpIh(dkql8@<3q6}t>T10Qy$(? zuArpk)qg&w1e7Kh1Hme94!eMc&EY(xrEK8ubg%YXsn@|@C!1`+k4H4 z$K-m~)u3su*@hZ_MMS0(;xEJ3?{WJs zM~Ql+Cdwwxn6e36_UzwNF4=_qd4D&XI7roi!GCE{#;z9=?V0oMvIuN-k+1~6f zD``_pMteQZl8N?m`@DDs!r)9h zNq_$r_Y)Qf4I1ib;4>_B4O|bFj(A8?pTMrQ@z(bZmA>+A_x2o5FB4WcwofG6QQ2Y{ zTZs_j@Q9!a;^&a8Ig}wy2edLa$#wv~;<6KcC{&e5XdiHkx4qYWEk#8Y?rRzc3r$PR znno?aY%cjalYq2gd-gy&cxR(z%Fvg5?tk~m9pl`!$l_Q2jli`%a6y9GgQ%U|_ww9s z6SVOM9hJkBwy@In>ftgiQwH*>T|3QXH$}5Qq-C03u2E>B%c5xTo81j(Thw{i*{_86 z+vl|%s9GO^-mrOi66Of(SnhNikzQ}X)!;>QO0oE{C=id4pe?i)2zypoN^^zC2Y>G< zoN7g1;_9ElSkuk^E`O_Z1CAECZ2!Dk~@=sC@n;NKnaHO6?#4Exw(8ds1AJqlreVk=# zJV)jFB9d!IinA7K>slWMI~kDZ!$Ko3d`wSapZ%-QmY{Z}qa>zictctE^bW4$7bG&K z9?`kIC~9U4SWomFTF4Q+Y|>8*2oI0?WjW~Awr&J?i@~RNerQkEn{UubF@IdEhj~r^ zRPDC7Sg7wYWp<)YXdbtlL~55(!UOI?Pe}x$dc9YI6E9!#4wv3QRRaM#9E7V;_@-Hs--i}(G>2gS z4~%-V+;MJoSqYDI z)(|_Q3Hjy3*n3V>aNqXi%nqyivm=dBeEAoxH;!0>-^|qNKB>?@A}EBL2c97w->Loo zXUf(s1`~#`Jb4{nMnQi8Q{Kf^L<&d^2Z)Cu)Gvmt%}swlsEHbnbwq9Zanyd8<1*J) zhZQD!MK|`g*b;j`UVqO3N-}c!4N}D?cZEe4qLK*dYkuN%6jAg?(^>WM7!v}&(O}If zuP@1!b)k*=c)kGD{ifiRqd>1yt;xr0T0<~2m#|nCd>nD)25I6MnQej+ZhZnU@n(Dr zqr_11U7uBxAvi%lxeDrmKF*5c()Gk)whi&1MsX`uFmZPn&wt`a+jU+Ka+%@8JftTn zmZb~8oz{iR0Z>fw@i>7 zDzHi1x>2flZbm2yg^(gEcIgZ+0(p4yK6)aE(iolF9?IW&4tSotb~ThC`OHs#SFHvg z3df{&#@j^?@PBM&nn?<3B}BEm^Ca%cS_BdcUUs1ign)w)L)El@Zhy~t(|;<;sd4ll zZQ#>$$LZ@;Hk{9N`$zOuUt$0%AgPX6#;1fzikqU=1HF?S@UV9$S&2HtPZ2G1;S{cY zo7beuHG~vD0H~kFMt-p$mlM@gI7S5VY$ZlzllGLYsDEp3{`W$$drXTD$Fl(%=8a$; z!3e(P<@JnD(+%)vymo85&7NiT(<)^J&B$Bgx!r1Id4Q=)TAZ(xQBc7V*^2>~#HJzSwg z@b{f|#k!4+5gXb06t03w^fiCRypy8GAawoWk$=4~Xm?;v3(e+wvhcoFDCi8tlRf&9 z{8JpI-{`md%rdG)FwyXK)3r?n+H4Qy)N0OTxo>Bz^K=GX?sT5JHV5HBj^P0rl@D#T zm;>r5j;brkp0M(a&Ejf0nLgpc?^N%_Q9ub|w4Q9+UWv5-GCPVJUM{#EN!E!k%)yu< zHGh(*EjvNG@!|MOi8Y#=3tMwc{Xj!Cf zHLiRSk^fMRb@*((p5$ADb3u(-QSa%x(-oRu3pHFsp_p%~c(bQoO}}IB+4yOyS^iC} z|8iPTVZd)=kx2J%6`rgC^Gg1Ix}geuvMc#!i!4sGmh_fRvRHMu3q^imbU)+CY8dgq Z5`s7%uSjv#;851-zJH7D^XUQ#X%K$g9dG~u delta 2629 zcmV-L3cB^970MKlAb)IfQ+ahuSu$a8Sa~;bFlI$VaWYC$SWQS*LR3^#V^d>UMR#LD zc55|hI0`RrO*S|%I963=MKoGOcW-kra8_ASY;9OfMrb%PGhsPnY;jpZS7SJCI0`L3 zAaH4REpRe5HXwL$Q)M_&AVD=~WKUI7V?;=7dT=;cS#wWpbANSDOjs{yOhI&db!u-# zP;g{nF)%Y(Pf`j;a5pqVbaOaDQF>)=H90s)Xi!E)Sx9wlS21Q}D@tcLWKTpgq|Zc}4QSy4kyG;BC=G;b?2 zH8Dy=c6VAdD}P~UZ8>^xFbXX#Eg(c^MpQO!Ze~$;FG@seHdZlYGiOm#X)iT)OF>6@ zQC4|KdNf99G(}=>Q3~mq(2`)06*za;zo@Gmq&i@X9b; z0!CIjufj+*n6dA6qFNRTdBb{fF8H2IVR{Gtu`*qkY#EQ2%bShZDTmsB?ieA9 zC>v-ZKYuY3e_I9bgD}I~Za=QNs6qdPt4PgE(+L-4c6D96q>mxz92<%+*%j7gfgNuY zEwNJhpv|8SmQM#Jevgq4C0%pTE@{|G4?u&S7|{`cGF$ zXQD)-SsXDYl|g|crX{D8Cr9(W-+iGUUJVwDQB8LQ&3zf>!#5tCgs5W1TQ*FUag3eg zknbKLfY|bwS!?tFZR8eJnfHs^&g}`ctnp@?*2`Ehbe_!}&EYqavTid3E1AmORn~g{ zEPsU1^*hbCTJM&X_K~W3xeR@5O`oYvou4r696zp0<0x&9hs1uaSTo?VF@CStZ$E{D z_igPyrb#P5Bs9SO7-rXh9kg!f_9z8}UbXDh9zbFICX5c^2y_x+c{=>BZ`;3guSoPPO(v3 z?5;&O4$3E!a0TUQHEQmhiXGY_H2jFGWL0jHhZsn<$K6cWUY?&9c>+51O6xiqkpp& za(uh?JSRi3HP6)DryV7Qp!p-r^H>8fd@lsZpmh$LX}~UbGir7P-(^f+D~7Q+`H1UR zPQxv0?s-rrC*1-XFq#ffwNGv=HXElHyA!YLwBg@dh4WnkS(izrP z)UU^z9yI6FehW2o1=0MkK}Mh{2v@Gxm>E)K@8B@Q9NEe9Z`?h(SZ!|eh=29}HjwQ` zS_s3;P0qFM_1k#<+7n49O56vOP+C@3y2gqE>jEStNZhqPgArcch$ay@aYJ#jyWAHN z;G15GE6Kb;XAt=X&`_ac%>&x<_@dYwl77wvr~;1|DtL$unZ=alv+-xVP54AeAy={I zhyABra6j6iu&qtbcr=o=f`8M768froq6lF`ja6Uo`b_Y+8WJ>lbg`aFYI{ zHWb7|g~6ry6;@OjeqLj*OGih)sgsqdXN%RhMW~V3Uppnd_CL+TW2A-l)A}0t5>$r2 z!0b%FV^Q+cNDV5sJg#A45nZFj@5O=`lLx>(_irW&EJH2sI-5M!w}0E)Wf@>L`qO4( zA$Zj|X^Hrk%IIOK;Waf`tQs2AhXufh*Q{Fi%4O=y)k8~cD`W&As!oC7HJBQdaE{)$ zOv=6wzosxlqNgdMAs^U466+P;ro|aKeV2m+sprkMrBCrhDu;jXfi-QVjQ(%*+p^n4 zE0&z=ia)ev)p+Q;)PIx?O@!`|FgVZwuH$ycdM8Kr{WU<#N*O&;T(nP4{*%i-4xOaL zWZtQNWB9X#)#R4({m&}{%a1{1JpJrDA@=!NGSDQd6CFz+`_$ow5@DXxz|W~=j3e>> z$hfP?aH%6(H18hS9c3(o0L59ahgUFM%tGM);n{i+^gosVOMeenR~lCDOD-*O9k02I z*z<41v8L-Y8it?~Sa}Y4IG)pN^Q{T>KXEaQlrHQ1Mj?}2=e9O%l2)}#$~kx!B>k!* z=DrvS$=I1qL_m)1CK$JYtn!KZm)BeY!NS?7r7j_EBM@K)yTIRXLxbZB4J!EhE@?^U z(F+YzrX=;87=JJ}wao3PWNnew6@qn%n!XYRu=bP?@U(Ukb$T>Fkiae8yNPF8=PJ8! zhej${)=?qwCdMg#dcgEPo0Jc0?xV+svOe8ey$%RyF*>m8s%#{+6iHL2(E! z0SUT72SiCf3xo!)3_NkwNN*N#F?St$UX>4Rz1HqGw|@*))tdj4t ziE2x0n222Eq5MNdpo+;rKFFSOj3nY8XP<@Mr8Kk4w;f-@mh9ja!bd^E^`g5iA=O8$W$#j!0o1l?{N)Ud(V zmgfT%-GX`7Tgon$3UlxQD~#hb!EcKcg1m&06qn?SR6+@@Q-PeJ`5Ea%EG1Iq+5R^` z>o=O>ru`Nr+;WKFEIDlQb8ziRDvO4qgLI|S3HN^ zqXBwp5(9CMGpm2U6r499BsJi&qsAdbIy`9dNh zVV467+)@Fjmlw9i6ZC^;bTC^){C1bM?ym&iC^%omxB3q40^!! zH+PIQ;!!PF#X8doX(@3!F3|cAS%d}%V*I4V*pRr$#adN)3cT8aZzA!7XX%^2@*CF= zJBon3`Ak{N;LR&)S{9~aB?3}3vS4Viq(1oPaxOw|gz848P#)}TAe79VgU6h;$fpt# nA83$~qI7}lBG16sfi$r##-ylOf#ng~%}gk(|HS%u+b X25519 cJsUAs5kab+tag5KhjwJ+ZsCdnyDmXkQR89R9Yg9wlU +h5hbA32BsvgNHm9N2Z3MNeBaSh62jMZZXadwQ67p6TM +-> piv-p256 xqSe8Q A+J9DUC4CyzTSM8AeSrXggvg+iEG+EeVLZ6y2vZoFxdp +kr6Te/2pBpsQ67/veC2zmFLoFo8az8UG20KVLrNjg1c +-> '58-grease +gd23myuHckOq82KNxQJ8wLupxTIEi3VQ2KdJEfKGay3EQQziBFFNeLwpXOOr1UzZ +PnBY8e3gER+J0XKrFBVgvukbLfPxO0U6oa3uJStKpqIS0M+0CxTm6SYX752+dA +--- zG8eAxMs4mHvZXAHGko6cWwiCbocn/QkCOz91D8a6Yw +hS}dNbUkٗTQ. UB;% +,n>f?x8Fi, y$8 \ No newline at end of file diff --git a/secrets/generated/ward-mealie/promtail-loki-basic-auth-password.age b/secrets/generated/ward-mealie/promtail-loki-basic-auth-password.age new file mode 100644 index 0000000000000000000000000000000000000000..502e10c791ab14359b1022f3fd29dd74ad7f8047 GIT binary patch literal 496 zcmWm7J&V&|003aeGlPSRx`h)LOYTk5q)kN%ZF=cPV)~ILX*&pM`Zjs<-K1%g+zE%9 zqaf&@;2!-511%s7wMC=B+(*a900BkK5sW?8C+ zqX{gFrs1vvLvA;HX;=#8Nm+ner^k+Epm&Q(U#F11aT*wHptxj{#mJ#~KHqnxMz>wo z^o1$=S}j2e+wug@K{~l1&xZ(Yh=^t@c(zg?H^dvITv-aX(i3I_I~CMK4CE0tEh;LE zvT5H%VG^{X;VjLy2-7326G_6t=mH zSTQsbi0|IQ_~pdx@pl$2hv}5EmXMoBVp1;2B)3U(i9nXQowawaH-Ny zw=Gc!N12B$EDMp{WyRBmd0I)#Wp%Wk>(wR#M!qo^m8a}bAINrx(Tcc44giq7Xyx=U zf*^36WEn%I`wVS_V9on3=a%QD==(xGsBP1(2XYJXem731*o6m2AD%qF`1jA<+RnE# zcmi1Z>ci`U@umCV+U{xf<&U!~|Bikh|2{sAo*le?`;ohG@9CG5+n;xS9X@*XLVf@E TjrM(9-~R;6%l5na+WPt*FY~ah literal 0 HcmV?d00001 diff --git a/secrets/generated/ward-mealie/telegraf-influxdb-token.age b/secrets/generated/ward-mealie/telegraf-influxdb-token.age new file mode 100644 index 0000000..774f09b --- /dev/null +++ b/secrets/generated/ward-mealie/telegraf-influxdb-token.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 N9dmnsf18HnbTxhRcEH/xtfpPAJSWfCnhqf+zXxuAXo +x5s33yPRTyR8/dObTK93N6TqQVxM5mq00eb8ELmHt2M +-> piv-p256 xqSe8Q A8iifEpFK/miSnKIeTMtanK1xqwBsLrWlCA8REv9+WgI +am4/Lch1SEVBfDm91jYqJdeGdcQyWl9XWEjLP/mDHFw +-> k-grease Kc$ G/ +jO05FKqhHg +--- LhH0UM9+rOqKAvfRt4SQ8zOSPgXPUs7sGIY1O9qvZDQ +rPP'6qUK@؍d F\/DA\1DxDj`!kqFJyi8 \ No newline at end of file diff --git a/secrets/global.nix.age b/secrets/global.nix.age index 38567d8a1319331f915fc845bb495597dff0778f..9016b6aaca93a75f22abce0fcd5361483abff5d8 100644 GIT binary patch literal 3735 zcmV;I4ruXVXJsvAZewzJaCB*JZZ2tGoOf_|AI9GNwPc<}DYAZHjGE8`SFLnxeZEH$lP%>9EH&1LaS}S-= zVR~#+Rb)zOOJ-GdW>YX(ZcAxqX<~L}bubDoJ|IC-E_7clXL4m>b7de?AUSagT4r}f zL3T-FMP^koNp*8WGHz3MGDJ>UL{w)_GE7i$PHahXF;_x!NG~vUaC0~@OldY#F;6Qi zNlZm)L}EBY3TkUf3pQg?M?F<47cVsKV4PIPWeb4p@uIc{QYX9`Df zPTy7npzKh)m+XyH6Cm6DDgC5}P7yy>v_Fkd0C!5A&S(dtrUK4j1FEU>?$>O4PW9jc zhW&iyE5u{FwdKsHI@>_ZzEq(q!#3A$$Z0K}onTni%`9t`OZ8rBw_pvsSrnLauukDx zdiG2CFAq$r(S{2T&-QuuGev)hcNKXx6k%J&Exk&4QztQc#8GwAUzP{`PG!a5y*EgB=Tz!`I-96Xupy)Cd{_UEuU%6{A_rhQnUGG?E9fjV8%==^YxB zv|59`zjV3p?PIDfY)4lU)_Qft?!?w zw*!yG`yV=VDxUf9m|+O@pS?`2Vga8w$=Frg9BGN2tdVNR(=|FN*dM_#} zQ1lqVl$61$qe%*B$KBWLJ2Td(T`&&ATTbr!D(PCHH;bMO|71!Wh3P;`dT_8y16AD? zcWCAruXt+rd8$i4?aQz>bKF-q%eDaJ)F}L|s#NMQp|)dmFWF=1)m?zR(r3OoY@ z9iY-AgzTrxi`eATOQC2&TefdCqvz)DjyaTU;5i~+_dr~wl_gHg6otevSD#YIU<0MO zzXe!v5p?#a@+=-vMH8o71*4UX3XkM@S$3qmT%}FzyQ~C@lO>0GKvHB?r>y$>*gDQ=N zHLg#eLv63^0@k^W^r69aW@Dnocj5ooJ8p3w^5P0KWB+ z%`2}3HRKp7Ac^RwN?^)lglg>+@HIloV1%U{@!lXUETc|+bVGqwqMBJT{r>grs2M$J z-N6e(bokZAYT?v}Hehf4 zwLB}dxYvJKqdU&zYIhk+NO9sHb_H3{Ca^Ht!Mm!}P8t!DCTxf;zHS+IoB@Dv41`+j zv(-rPcYGGBXSyWap}%;o=*YKG?~ljAQT@_vI^uJhhyh{G>vL1cl39mlB`>n4QjeV$tgOzZ>ICg zE`RZ&3bZEdOD_cGEh32g-xOy+xvlt@@iiSMyXqL#!M!(^ZiK2HaNqJR@0;)Xz;#1c z*ql=;<1ap#{1p{Zc>HbWojzf{nnVIlq16oA{^spniI$Mmv0bB#m|dEk?mo7lVt0g2$~3G0TVuKoID-a^yC63{Pj(u8^XR($al!D<&@a1KlAPO^IGfKzFHjo8IXy=)5l z6&o6+`XYoylz&xc?B4|CVjSZ{BBvWLwn_#=%c%vyXqr%rJ*6kQqL4n{fN9~VPl~JJ zeBQBfT(YH&8fzN`a(p;v+A$}dz(i!uCwU&{SvQsq%g$jOPG~2%Mr-P_=*yBBMiq9a zeB*N0r_(-ul@C+7QrUSFNMA7#Df>rle;crqHt!NK$p0lvU7=BoT`e3=Pj@H}kg|u! zk%=KSE3>Neq>s)@nkRnfBD*sqwP~k|M1c$58tjaHmDOW32R+J$Mk6C0TXo~; z%ElijPay^PS?CXWN=o0s0&+{Z_Cj%Z6`hkxB+hK3+m$TLy}z%!7mzmG=mf>5P8jAO z*bJ~RdWxyky?R zT|x!AY;m{UMUg6OVY-1>T~l}pWwG#+)^QxDfMceGU8MtH{G+hS-0;i&t6kn|s>|QZ zv%A4f_raz@r?N3y$v8T+3Pcp_bz>*`D(2h2VsrD(Ff9+SEZHY$pYTrP&5e zb=gm40zr*8ow}A-wOqnhtV_X2R}{z22O^Z2S-d$pQ1(y953v}FVoiZyx3nNTxv?a+ zmRDZ;gEx!K{a77G4gDzCuk?^MJOvFP4JYY)mjZ?^)|IJySjI5A9qZFxLto2!Ib`%2 z)HJz&|g=5$#rM+BZQ&3S0=>(HeU~}f1OCu+>q+ciRyjG2W|Vw z1*@g(cumF6VwwvRX!|xjljIhl*{A=&Q+t_R!Mq+XWaW<;{L%Xx{yRmrdfVg5lp03q_=+!LoemEGaD*U;rXMP!*GiB3wG@rT*9g?4TtM$(l{ zX?Q*YX>|?S3u!<*6kpB&^k&#YxPRGJRC{SOEwit@yryqfyDiyM4~TML z`L_0m_AruD?;56k6zlT}rbb|u_dXJjV=8^ZEK3y3t<){GQ_%#i<~v+vgoiMJq00@shO|cc^rkyyOx`=_4C~o8eZfpS^9Px6i$j;EUOyJ}3)<)J{9$EsA zJnp5V{|A=%(%+EPO@jdx<9(S?n!17uogu%&CtSpuk|CX7ucr)a#-C86Q6eBZ7hiIE z6+I=a0d{=$;WqriZ5_`q&lEfQ_e=Q_zKRIX?V_r2mbOl+DUcqXR%uySOuMqyfby0( zw5PTngK&~mJEDXYoiUpG+=UM$sTe0DOJNMdb>x)mRLg`_jw}I(+5**oHw1_HveO?9 z^v3bBYU`WKm1|NXRYG%=S>!zAC_t0}y`2s1K-zG&SImjDmEIhj=ON(P$pIPO+#vx_ zGPJMN(L$$5mzdiJZ8+_`Ux`8t*EmytZc&DI!&3)(O=}*;m}7V*GB$t7`D8<8V<=w6 zn;d=_$;%TbJnk2f!+mst{Z68OriY@xrdfa@nxmKFzU#q$OvDW4MgNTK#Ou(trm`&3 zbvhwJ%9ow)1@4;_7ZKd2cW(u&nMm1o#;P+RC>O!=KA%R>iGiL3EjZDMXLX?`_@mnt z5vkK0kh24z%MGI*G_eIcY7+bJtGjdwQB-bvFOhak?<|Y}ibMwuL1(5QdC}x_Xp4Ne zS2$M6%>Mb^naEvZ@mLN{tE?`(ol+kktkC65Mi}mfFsz2io4W`5(CPG!JAiypv^BA4 zU4_pA3wG`=C~$GfL3#fpri=9=F3Fk=pdejW_C;Cbw#J40UXDjCYuWz#;GwgCJY2QYP zByd~+A+e!=SDXRf76v7I{=2C^az(dA9ePv*4ou(#4BlaIk!{$hI-p)Jdg^PA6|9kj z6_Gu8P@A-6It^{{cUNHbz@I3n7zP(4$whHA2B6ujE5vE}s^X*%5wT3QJPk3Qg!8sT zsg*OYYHTElLUAVum*nzgtF6?scF~OQ@)unv1`4kEnS$lZyS<8ty~51FZlGVm(uB4} zCykjR(60liAXiTi2!UXh(oBk%+JRF;n{{Ue;Lnwzu{V8Kv7W1r literal 3617 zcmV++4&L!$XJsvAZewzJaCB*JZZ2t_LHd04ab8&EKX;}&_J|J*ub}eu+H8vo4aZ_bDQ6NDtGfguwQ(9~^ zMnq>dR!2lrHB)X?c{w?4PjORbYi4z0FHTuOWl%Frc47*8SV=fGL}D*;OGGedYB^F? zN=!yUFJw?eMs`+EGB80hL}FM_S3xscb43a*J|I>Wnpt=Aa)^QH7GtH zE_){+M{gy4W(rD3L~UqlML{?>Ycxbqabrk9I7nA+V=z=!cuqk?YHu}fLNq~6H84X^ zLsl?EW@1ZLMMhRdRas9+N?})aZg>h}RBJCzXLopOGi+x=czSAXXL4ypcx+E|M?+^f zP-1OiX<|`TD`as~IcGC%P&Q>nQ#EK;O?5|hIB_yZZ+UbIdP`9XEiEk|L`zOJXl7?b zIBZvCb6I+9Flj|(YgJ)uR&Gc^OL|OdV`5J*b7OK+cWh${q8%~vd2q%iEC5N#c`e{) zvOE!&QXlPac){clT1QdW;-tC6kqV}0FRw`^K@9F74m!p6{)7f6iaOyIumjoqnfSJ1 zqY|5}o~Dzb0mc#X0i@4+U9rq;G_mqNpx?KTjdElXeEZTtMSbhN#S2hww}~mK=Oa>L z8lz}*^u|_kh^{Bk*?3K{p(QkU*83en_*=|TH0Hz3xM|eV>Jr0AHsnaUej*g%dW2$%J87dc&aY~3#JtWIBGA5unV2~Y z{PFk{0MkX3pcX$6oO((75lZLf&8dB#NV(wC0u~x_Rb_69J<_T8Gs4rF){sr85f=}* ze%6lE%!Fa|@U-QwTaM}to%+$a;*)HZk254{zAKHw^<<~ARTiyS zew`g!fyzHCkfUCnCWU8@O!bnal-+&H2!6s5URHnaa zCwaS0u45C-sKJA)5T1=gTAu6uVvo(%d579;SH4L(2H`pEX>fy9$#}j>3j&fsiFe&? z3F#>7ucJ`fi|IU{(|-|t+!)cEr70r3UQ@!juKS|xts4HJZRpW}?NO4+PlNKYMO5(# z=yqpJYs}sD1Pd3iMhd50HFWrhgN`JC$|N!;Yu4^ z4svvhlJ&{w$0#gW2hMPWMRI8!gxV|YF9CKDG&qYe?@#DQ{iaG2am9SIbHa>IXGxMV zD)K4=wnJy{8L|J!e!W{l{kSuW!r^)oIT8>6o?WMhYm{~s$k6z8R1eLd5c$&p4&}g%;N>-$^+q#upm26 z!idd0aP`rCX(IRDz~F1E(ou%2=8T&Qxueosw4Ud@E8bB19hkra%u?DE!NU!tyHqX> zB>g+z(8BUFJtfBR>CLWi=Din|DuU0v1&<2b{;2rQO4|x(jA9Wz{pICAxac!J%7RUm z4Rsz=?$;`kp5`=?RzKyhJf{u zdlnP3M5>ODa}72@QuX;zmK?ofT&a;k)e}9hbiX7pZS7p?F)>Hbmu4O{AH*x^*{P0z z-fNb_$nlrO1KyxvGCbE3G;!b4&Rfl&WPkBJ%uL|hX4=~m$^eYX;X77l!yCXgPv7mh z62ubNWJTeOMhMC$k(E>U<@$`8Kh_d@Y->7kT#9;XAV*T+>>e6P8^?Wi`7-7j*Itx4 z%lR&Snfof@H*++`e5N^u#+v|Di=k-$$_7!>*0*H^j}#a7spw~<(tc1lCa&YW<^q#m zz(pZow}t6aj*pPiI|rM$Fh|;*c%#k~Wone_nh{5%_v%bzmNbe(dA_E01UHbmGE}wB zOW`%myR?uNu~ANt@*eINm4-0FbXv>b`;0UTEQE&cPQWzjhG$DZ84RXl>LM~vUlp>> zFd@W2${q6Dk^v8Ioz3<$2~{4qAs^Kw#8m62*4sYW>t#?C9NU|!T4DE+3Gfv?(~p^D zaQt4C3mrJIiVvxGV#UHqCLxkM1Ac(hYX7M=%gs zbihBBC(eX+CZUrg!nupdeF-?9YBT2Zpf0B-8qUIuc_btj!Z_PGCdZo0`=qO(F8{ah zu0uo)2msLT0^FjvRLoMtDj2nwzYjT}W^B#flmeDuM!{8ZJBC|!4Ho(Yldg@#(JkAQ z1P19P1@^TL3&8!PayUjgR zfful_Ils=LJQoxC5yODIYVB|0KPJox^%FldxVipD}N3XD{FvfN`ihmsFo-T@lL zRz-<-=($-5Dm1IF5UM77*Siq3t}K3uaHI41x#@yWTKBLwMD*~kVXM?l*58ow*(fTM zCHVB^4ou8vv3v1<`W$MTr9+E>zlm~BwNB6;Ht(;C;))i?CngSqBwWRAt1wad*O{<) zMVkc%^#yn=p8G~@bw~uQ8C{d3ESgHisLe0c3Bqv!0!VucF=Xk*#!5c znWl#xox5|0xuF!`3->^vRncM0BlOK*W{%gXXYt^Kz@1~7l{SG!r6yXIu)14)X0`vD zRbR1V@m9R=ts5|3aumB0>^m zD&wQacqU&WZYLRou~U#zQ5^KWZwOV4q3N8jPMLr=E_sWuJ3e8S9WBRg0oc}dr8dsH z1a-+ph+4fh;Di^Cr|5zOGVb*+E%LtixCi6YRhGu%AX+!(hBdx(m$#^z7e<&ZtN{nZb6?0=)MSKv3XZcS#um(#R(S*VnP4TF5Bicu1(+qEF9Bwdv0B_*h@ zW#v)pd`F8%&)xhDRE?YkkuA0OGx_OMoJBGU*SUQ!M`Q*s@7IU#=6#znjk*C){YMuk zRAqo_;80Th-Q1qe`R2lz>ory>uAMmI&)4YkguWt(?(AQh^Ncfg}K-NvO*W2B*$Q zor+9QnW)a>l*-kxG@13f=+J=?Ti!SoB*xy=54SW7&5cW&1Q*P-^Z}(qtg-pRiMMKB zB@Sa9;$v6thEcHAnhJgUuxBn8a!rTrbXKkefXm^&<%5)4AsiE<1srkWQ?E8|1!e9g$uX8L5T7Dl)f^A;;8H#)j+^O_xYUx& zw~npDvx?ro8a;!KjR+6{KzW#dh7EI20l0qC!2ntmtls>}G1NJ#dU%*ZP5jg7UV~Z< ztaoZe!z;!4@T^FMTSSUJ`;$nmIx?lkKk~^4$z{A_5=xvL6dp?2$eA+>!49H?`F#nWlVe_5E{~=Sa|q6 z;kQ)>t?=kAL%%Myd<8btU^GtnF-e$-D@MS`J_OJC(Bn%G=sL!eBvA|)Y2{H}&9=U} z;SapQsLzd`VNmsVtn`7T?8pm?4cN(gV$iDfdBm_AJgkbRXwCdtEj5`uNiY)!Io}vp z$0b*?iX~-<#05>d*j%k#;&fX13G{Hf%-WzV;Z!Gua{Jd|pU(a^&E`yplKYVOJx(9} ndY!ZP@8DrRkV{v(FHFijNLp63;PFV^qJ|HeFXL4m>b7df5OesTJ zejs#SYcpO_eo!D%Nn;9QOmlKYOLux=c1L1HFj8$bYG!zMZFNLQLt=DHW_V|5a#2P` zb3s&0MR|8`Q3@?BEg)iIIW&4NXjNk{Q)OpOF++MncVTd7HC1pkX=GAtb3toGMJrK8 zZ+UudRSHU(ZTmS9d6nCNrD&Bln5O*W`wu^rFYF&ZP0mjF>T^R3Dh&J=y6X)TBpxsY zHX*!W0+=ds|+{W{#N_ z#eESG+IKCsA9jO?7(O2mENVPvt`hx_8be?1pb9hJL#XRfUG_4KOdyxH<|vW)uM*P! z?NQu|-qS{~?J(t}rq5+$ry+p-Xv<%#f>|z}2vkjyay&U_Y%E(|rfy{LqSGb@TFhNWtK@D^hr4NVkY^jQ102xmMiFu~c|#TR9iO&dz?OFiSc6Gfr{V1m#0D zHV}{@zlke=(`JSeqi_I zn8rL>d_ed7JqZrZgy!M+i@e$!mP9t?ZzyIE;fO%6JLb^UE82{+Xlq5LRMl5^(zAcV zmUP{z7hCqbp({)90qr9gOCWb)`$z?<2dmD{N+QuyP3Hi8Z)mxwAIn|Wt^#~)k%o=` z`#7YyAS#hn{Znq>=$x6SNjC{1q-pH!Tsl=i7$$H6-9ORSh0%8r9)>I9=}s}#M3@$f zq_z+9beRCAA>tjR!%-bnoXbIzTBZ8q*x2!d!qIIE;`dIBAmk#*)lO%FLoqwQs?ONN zsu^&;dk387vUokCBL4#pILTh%{dg&HW9_|SUF77f-WAU;Bp&wqw$as;-|G}?yXME} zWyj)5^pqS+QRv(A0CH!}FvGl4Tao&>hZRtWsT4Z)6De?ZmyIF2r{b%wbC{WKj!y#3 zy}{Mj6Bw~L97Px7KTHw(HXaVH#XSR5RvjvL>XXGg+zJPgot{1Cplvc7;8O8?=P<#* zTit_+1{|u#PsRPDF_EXn)3KpduaPdB=hS+RCNMqUW&o*b;Z#o!C(oC(GY0Z*$*EMW z3C&#jQn3F$W-9*R#3>bcRXjY`zay6Aq82~>Ar5ZH5MBu#M+qNp$I9nC{@R3ry>Jq9 zS*--C2Cy9+ZcJzKk?+F-AGQ~OPK7s(nnC#l|EoN}I(GvXi2@)3iifIP?hqq4Q-ze5 zaPZC$%K1ystrs!np%x5Jy;K>&L^EX5ZQaNmexUNY_v&l_(>_yt6)+B>PrFggS;M!! zKjZAP$bl^A3?zmX8E>&Zx-_F#OTMP3uUymX&<%zuCH4Wg{+3HhmSM9OH(jsH^iX?w zr&X(HL5X;3x(9Z?TC^l<+m>+9S#|JMdafsH_kuvGnTi!x7?KBHF%?rzC5$Lfr4bk* z^Ut@inZR!l>XbbE1|}8CmF~r>`hALTvYoR$h2a*C1^|s82%ps|`6Us`R7HJX3g_o*Z(j(jeA)wY(E4QQJ8TomYhuU;3%w%-3s1fpJ+;*2-I^&~ zT9<~vl$GYZ^WgR%h};(i@isu~i6KU^EBda{%L&-&G$cDj_2ZSG-^in~{tZ2GOe;FE z_YF#g)O(cGZdrGn;@-+v2(xRum>Cb zga#+WKp^&&q2`^s%?E!-Yf7Q_CO{6Ek13S(f#R*@}rX>qQnz<7Ekjbb``q6X%KuDO>F4i+v8*9(ce1ItG!Lmc=A;2K1{CXG zUBr6zI}zPART`?c_sW0X;J*`9kZ9bpC&>&sQs51bBo6QhPF*^5Zd(;A{O_i~SIfSb zpHIM2-LRf*eFR(CWnUjs85BN$uuCs+GUexIx)U-Ta&{9Ce&tdwbywcyIGritOel9_ z^19(4m~PXLd&1TDCNEEi*G=-D0w-=Yrx7&B(x-S z+C8?_yGRlVV>?cZa}h1p!0;E7x2&rV-0OQ!<|D!=Cbim;H0sRbINyGm6+rkUR4;bj NL`AY~^QnvZDx8AvzFz5~DS!Q=`Rc%INP;_Z8bxK)ARAUM_Id^L~c|m$; zac)9zcyClIPgY1WXH#k`c4jYCXGL{+GD0<3OffMsb6E;4J|HVoaYjo|EoX9NVRL05 zEIma%3T{?uRZ4L*YD7^sD{OLMICV`iL`iE{Icr#AWj01iV>e?lV{=eza(7jEVo_#C zN-H=?3N0-yAVWAwbYx;PFmp{xOi(sLF=;O|M@>g>Rzh@kQ9?m!OL1CCdUI26GcjaA z3a7>s>c`b$Dv2~cafa_gd3hhfv(>mf;>EPz^66bqGSqgBp_gCAS`%N%*u{`YVtSdU z(W)giV%`9dg5QjlSve|pe9m@ z#acRo)){lb7Rqp}3<&tmYffs;v3cM#Z_WXK%5SDTq7%DB(%4P9g7Burd*_gqk+AjG zAf8YKvWmEpAF~u80}Eq;D0y2gfDGbZEEV?fDpD&MjF;8kJ}Pd#F79Y$mqVr`V;q(a{dfe78TnwT1KM zDhDcIUdGDukQO0CxXDtcr&N+`7}gsa4`RWjxnF5NBSGE+{W;pP?A%;4ymUDj_?jU$Q!@>>{|Pp`nl0q`)IPb(AXbK9A) zvrIw*06u3DJF>aJR++x~l-Y3UX!EzDz{(I@EpuPoRjpfpLn{1lF7?shecrhS4iUQw z*GqiB{_(ZxW3ytV9$0iQ+9Z@0?YA}Ri>)_O)$mvjfS4Gg%{);)9&xN7GXA0k{sDN@ zsL@Klr7Obn6vbnXmOpKZIrZ5`8wAMr_JX66?=IDilysf@vHBbNq=Lb6SCn7)cg;9$ z&klMBY~8)8x zqq!21zI5wBMF0d`?LMc~a<1?qlzJk`aW&A;$bC7115Xu{58Z?Lksug`&!j+mSNTBV zHetkmV5NSHwPGSW^Y+L4_bo>d*%*i@oU_@%dI9n z;+v42a|Xf07XS*u4vS6VlyEMz$ zd}%=RlxSEh+zUqp^&Phm1a-f{hOnGHRbOO&b*-SCQPGZ!`GAZ~>rymZ2c2Avai~*fSi}>Jm1D5q z`wHD)jW$Tb(lF9I+_$5_* z`;-SuINgXE-!tI2vntGqVlNYoRCZ~Esk>b}lg_nGMWCp`Tq`NEHm4h+D*!(VMFtzt zCsH9w_<>XAcCBEES&$w^v6vZ!`MA<#{E5#dw@~}* z_h+@!jm8RJxxdcFyUOylW|ol6Or~P0nO%bb%4DAA_8Y*5M~&)-6^6qfbeYhQ@M*OZ z-?kJ7-3=yRUoAv~qgetRdP5BPBGi58^m$x^Qy7o0K!i_ZURHlsRGso&Go`uGjb=R-TPe1Px(Pg#E&L-Kt>^gW#U(Zp#CBg`y%j_Rc%^=&CW%;)E z#pO!^`2+s)jWAbDf!D;J_X1f$OJCZfib9gFy6t+q$yka;fcz^L$kXEBtO3W5+$-MPQe;-KoC zO{w>r**kU>4l>22q%n&*OR5n0$Lhgm1?nMx@EvxBl;xCwn+MI5o0U&1z{8sv0B+xO z(DagBXpEfne%-MX`#|v$p!L0Q|K`a`${`Tj>lT3_7IX{!u*Ikt@E!XFLCnd$F;zhA zfQeeMh0`$4&ew%(wG4Vq0k~g$sU0N+l%wXpj9VFD)pAb5V%FRfLF?BV%p9H^4Xsel z5XYHmRS6X|Vp}6PB6XB2e&tl0R^#*;QZFU~+rYve0%o3yZO_NXxfZWdP@lyybXnpYsy)1H@jJoIkbqN6dV{8P+!B zYV@&2tvp2c0K87B?ZQ;W5EU(_KCvIXKE!QP9FfxnyBILPZs*t_qH$no8CCF8<`G)oC0Lif9m~8L+E(&k-O*07 zjC@Bim6~GyVVC@;#2wv}p^skc=rR~TbcAkCAwYI7NFDL`waBk;?u`aDFgs}Sda2@$ MextYhWc&&1wP?f!^8f$< literal 0 HcmV?d00001 diff --git a/secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age b/secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age new file mode 100644 index 0000000..191bffe --- /dev/null +++ b/secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 1tdZKQ MN56T24f/dSVI6afWn7jc/lkOVJZtf02XCtxyWStSG0 +gUT9Wx23QhRVLvAR9p2XzIH7ssu56We1XhtEIN4t30s +-> gwO1ؙ9(˶] ( \ No newline at end of file diff --git a/secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age b/secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age new file mode 100644 index 0000000..4df698e --- /dev/null +++ b/secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 QciEZQ Mb7FWnZMyUpEI72QX/92B+l2E756oTlZwrGpR6htERQ +txqIzt+oJiHjsE6xDUlWSLaEyu2BNpPAMpzDFGIIeBI +-> jV-grease +pt4Kb7YOgGqbqug5THlDQgE2dEC7OTfwkz3wi5B5K5jFFwWUOB/2b5FP72flL0IO +prmEssYGvxfptw +--- RhK7j5bP4w7SrnHNYWffHBQA3yq1/Btv1v8GnV7WKgk ++o\Ui5ru.njv ssh-ed25519 lvVD1Q YXn9WHQpMzpHXr8+kFMIdSyQ/rk3NwEukoV+qciYTTY +yoAXvZkuiHE0KW3weO2oX51TFLY1f2ANh9pNBG6o1Rc +-> Wf6oihH1-grease +1JCd3EhtX+OYjlmSt17OWxet/+bHlRtfDHIhMFRbTvdjt8saIRffxRYASWkg+HCR +3cUlOR/aCG22BsI +--- /ObukYBUdzN3bdi0YFdBch219+aRwQpzoNPGcnM6oeI +ooF6F^XcNˣ-~pYUZ8Z"YU:1bYp^U͔Υi?O \ No newline at end of file diff --git a/secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age b/secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age new file mode 100644 index 0000000..b8e2cf6 --- /dev/null +++ b/secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 lvVD1Q XH+1hvyyrVDswacwgSVP6jSIcailJbsCdRarwlMnrzs ++e+R58+qCvCxy64/v3c7ljVL41MIqqUIlkyi/QNmyOY +-> u}-grease y vy?+:1 +B05VV7/MovZh2CbxdJotf+f40O9c97r4XU3KV4Ke1yqqrBjapMhNl/6z/WZakK/l +WEzGOxhRn8lXQc6Gaxa3VkQzIrPFD2ZOSxFTjscPVwFL9hunJ3+104Px +--- 3K6Z/4SOPvxVVHpHpCDlkujxGLR6empVqF/DcFcYJn8 +HJ5cp(+iK{ +&lI98Wyu4„ҔKTQiETH7Ղ \ No newline at end of file diff --git a/secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age b/secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age new file mode 100644 index 0000000..d315631 --- /dev/null +++ b/secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 lvVD1Q iShb88vIuWOY66+uWNmMQtezGJJSfmMwNmT0ddPQ8Fs +zC7Lk8BgMap9E1/T2DkMLeYNSzv49qxT/lAXsOgHT/M +-> $LQ9%qm-grease ?F' B:CTB( +l/BZ/6lu6OFFEtKQO4/i6W8W+YMg0opJSJ903Yk +--- 1nUvsKXuR/xpxmAY2WGKpk162DSm1kulcWc6YT2+SPc +F\cbb(9[t3f*Qogcgs,;l @@󃬏lQ]n -z!?K \ No newline at end of file diff --git a/secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age b/secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age new file mode 100644 index 0000000..bcb68ad --- /dev/null +++ b/secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 lvVD1Q 1ftd4N+uIcmtSGYOerFKVH6fQavXooDt0f7BgCgzCmk +DjCtfR88tAJQUSSQt9vTlOG5nhQ1iCnbiGcbDw/crOY +-> #fyuI5Mu-grease +SnraD1nrsAszqx7zmuLw3i8vC+epOSHg6DIsHRY +--- /OdJQCUMgxTacJEAubG8PysIiI2yc6ECnu/3Xxn28xA +f4b@POtSYase;VhC՝W=`Ȁzr9ّt](K-`f޾ \ No newline at end of file diff --git a/secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age b/secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age new file mode 100644 index 0000000..a29b870 --- /dev/null +++ b/secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 lvVD1Q ilziysyxRUkLfYFbS5Q0pruB+dUmuOtmd6fGjsITRS0 +n086Qtr6zcm0Ozkon6BGUggP8a1qm8XouAg31YrO12I +-> ei0^-grease 6G|p@_ +JEm5VZ+YV1hAtz++5XikLeeSySYaeuBI1glv4Np75mkYQftRRsoJczNM5FWMnBjx +87w/3gNwFeKlpxsP0j4RavIm2XqCOvzIQb7tIJuP3EM9nrA6GgAb +--- +zULhUPkWO/20iwtnz4Y3Jf89pw4w3UiTLgRtaGnFgs +t:1uR "2]ګ"~,q?l 8|6<ЊH$)GcM0fy"nPۡ5 \ No newline at end of file diff --git a/secrets/rekeyed/ward-web-proxy/06b01e2633342abd576d676cc0a97b4b-loki-basic-auth-hashes.age b/secrets/rekeyed/ward-web-proxy/06b01e2633342abd576d676cc0a97b4b-loki-basic-auth-hashes.age new file mode 100644 index 0000000000000000000000000000000000000000..00099c616788d82e82a964e9414a559793629754 GIT binary patch literal 2619 zcmV-B3dHqcXJsvAZewzJaCB*JZZ2VlqW>Ra9kSXE1MfG%|KDGHW(yaz{3Gd1z})Gj|GBNm?snT4r)o zOF1h;D_VL>V`54b7cxK zHB407Q!83iD`aJPGIv;ScM2^nEg)AjL}FGeVNqF1PHcHiQFBr_c1Uz|N^?bZ zWmr!zcXmcKMQuqiNGm~dK?+PTPCBMN-RFD?GbT{@6cI&plkBqLVP^YmRf0%^Vj#+S zTPPVB9cL|LXS4KuyV(_;WTv!=>`PYw>Lp5-#cy!dozTHJk{PC?tK}Ie9^X#s zk)?|!aCq`lW>qifI<{6@d(~yk3|Da(EJMeT$KH8!P*pjIM)w3P0YE4yZs4@B_aOul0I_}Z}nc0BhziRGs6kXFK%Q7Hfr%$oal zB8OzjlBxRsBz7Q8fZT?gy*>%h*p5M4PsQCh8ke^GVs4h~36G)s!t*xA8Q=`(s3jHR zFlS0Fn!=snKn=496a{M}1A-O+G0N6K;{#-x1`cRo4EHlZ%pY`y{`quNJQSQ$c;D}K z&0hU70P76tkm+;5UHtfBzoXSm86$^#(?Py4oPYQt6D`HR^JRme3vMy%q^$5T0F;9 zN#VtNWkWoxD|!8sdyH7792=M+Om>(Jsv)HO!>%X<$>4ap(ERnGxCNZtv*lJ$BA0W)E z+XlDtg;tC-o-UM5uE7;~$fMUE%90J>14Zyj47w6gyET|@-(sOJe^yqzGC0!jW(4nn zp!UABB9Rp=W+Y|}?o!zHE8X7;Q<3P4u?U{7&^O+(#9Abzl&dNaVS}}qyu<|W(2?L9 zH*QIRJ+t4Cvkf+zdgd=~T*&K#KEO<_236=0a*~1ocDJs2Ok?&(QnG{v@dJCM&`I%= zreaotMc3Af#tt4pZ9AJQPgg^Hm+9g2eU`zhh(`C$-=Ur=9%e_c+B*hNzmWN?485ym z4fafkURJ=GI58W3`-S?r8&|ac-uAPQwvUbxBQ93FTTc0z{2Iw+Few1wGwew7mK*c_N$ zskPeYf=6^Cg0aSuESWd)+)2?q%|YI{v7wXO&{7EeN-PINon#L+hX2sSw3>w70qZd$ zn%R`qjJP_Umwr>Y8<7GE?Ib3o>hC4^bZjddN)`#UG0`8n*x{Tmpw>?#loU9##v=dm zO7H$l&e#hyeNqT=XUtXY88FDJI1FC7-nm-emNj^DNp9`n?qaL!*+AE~+Pjm?lQ$jd zsx(*bNvztdxv>3qZP)zvNk_|Yz2ZGq*Y1VsO5zOH!x%*7A+KgmMrtR2FPjx?^YRXL zs%pM9G|axc>!dh8pC6QxCWz;kdBK$(yPZ45(`=_V z^?j@nEV8z_TjqMY_~kXSXGRd~wBZ|ErBnaS(RtG76qocGbl&*|BC$o83_2SM7Db>_ z?X8fp=&x!3ignedsuyH;{b}W=dmERkz)8hIkbSS3^+KXe%_dt=`|1e6p#J+*7{-n& z-F*4f%=Ef9jhm|-j`T;yvrIfbkNO-@HNNi|#~`j@+Hc#ACR&MXKCkf%XV1jFX^I_II737|Mp)}KV+WIH$=Vw5 zS-xJ&pp<*S8!jVt982ee- z{4ggS)0`5)`a}~2`e|ta7lwRNTdCXb7p+Jw9GWQgd&L3xLY%>TSsJ2F=`m=b(dXJ^ zxGs4OF27{+;zo{gsa5a8Rrb*w-AGiH=?Di~1FNu@ZJ!^qnh`8I%pZRB6v>zlmsn_+ z7Z506KXp-~9V1`jg_y+sm9Y$^3Ko-zP1mcWAXXaSKn*C2(08o-5s@xf@v$-749hfO zsldwZd7MC8(dDK#>|oyZUKY$k5)E=jhsdtI@Iys<*Jut#deA=O8CSnQ#eA*p^H;8@ zi8knV`+CO=U}|V$7-R069GdLU(?_7n8rL;tx_g!_cX za(zmmobtp%TICC^Ad_)JEE0T79{Qr!&TC(GWfYX%&$#iio`WA8SlxFj5JF zqPdT}v4U3#w5r-OWz)?(7Idqm%1IA)tVUsUYJDN49oSPUuqC}RM_b3Ty`7i;WxZ?q zLT@-vP2W~*z9R3kJw$RwGgm=y2zX3@dg!-7)x-Oja^KDi?)vz-XNky1>4*RhFu}(P0Or|K9jT9RioxPD z`j?-USahXP8d+(^2pT!;F{<#CJhri1A_r4+##MC&DaX-CtDsar4HDqZngvqjin7`} zEIrO0?e>6ghc7Eo$z7atVa$Dc5ym#(NqgOoebG}y%>;$|PUoLi#Gjbs>da+zfbND8 zI{ww|K3q0W{0DJQC?5L3=Yw$AXe;y+ui^1&1D}*+D8qTv;X&6-DYL>)gO*0ldG5du z8?Va1YDOla3`K?~)mxB^J;8ShXhMmxHpdzi8qiu4=VK>%D^!1eYOmq}zqcw{+Y1ao d8gNHNpV>-FlH&t}Z&~*cgU>lJ%%l>^EIx%$^-}-< literal 0 HcmV?d00001 diff --git a/secrets/rekeyed/ward-web-proxy/09683ecb6ba69322f3aa1c34b6ed6dfd-loki-basic-auth-hashes.age b/secrets/rekeyed/ward-web-proxy/09683ecb6ba69322f3aa1c34b6ed6dfd-loki-basic-auth-hashes.age deleted file mode 100644 index c1b183c9254832caa70b6f1083fb93709df8278d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2526 zcmV<42_g1jXJsvAZewzJaCB*JZZ2HmQI8jY)XKPVnOE_mSVn=2joEoX9NVRL05 zel27#5YQ)(||QB^Q`FEnvTcTIC_cq?aO3N0-yAW=yxcuG-4MJrN8 zQdLQ1IZQ}nOmSyxGiF&xVQfJ|H)}?9XG2bOQ%FW{3SwL2Rq_)n&3U%^6Sj(4#4Slf zo)7mNJZ_=!WUlfJIQGh3Qk{UUsn1+J@f9qLFpD52KXL0<*DDsCm=v+D`rF%xw){3306+8Y zoCv7I%M`(CLo6+DtU?SU=pXrUFWU3OTMzM6`HST?px*Z`(Fh{*!Qz>CRR|~h`lubr za(C|(2Mgg^@Fzt=4PmZv^WVWM{e3}`L+wCcZX3hs?M!E1qV@TE;v#us@DwuYS6G04 zci;1L4&Jo|&lBvNEDaEGLaM{LoL#_}r*3l5Zdr`elj!ioVh_JA5i&rMyGl6O6a4N_ zc~ZB6ql&yfwl)?7E9RLc^Jzx}H0yg~&vVt&I+nOK9c`3>pS2gM$Y_uhxRc2~_5_KL zi9U~4i39I!rd>*_{#qbCNCwUyt&e-x-1)ONZ_5E~xrjbS`O}3kS`GaUPH`-+Cz!KS zd&qn}u&th^H56+{a*8KJ`Duh+Ljh6`va`|e+hS$%^s_9r1|8^WNVnE=TODvt8K#kS zHYn+FNJpiWx4j9vG=^{fh}g$qHSY7KxMd7hsMKWwHw4Q1+-rD7ab!~ii48U(2!$2O+1zVMu-zmaZWY7%*mys#?umoJ96d4Kr zBS^MyXwcaAyjE|gZh@;^Tg7Hd=Dz(ZohQZ?I{Ft*+x-gp(9}U@zVUtn<#xM;(^~mj zb7{LrMVOq%Sb<({bQ22#86ix(I~<^qE-uOn!ONU>rDMVDnfzz6mI;S8cKwNQN4$j* zuuDVZncleF8A3$_15keNkV9ej->V*4a$K^$8X8-A8%znt;#MD?xFFjZ<0|mN%sLi zGS~rNN0b)^T(}8k#d}(IL>s}7=-0U>#~T2Uh2y>{;+ZvNKbG2It*C@#QDpPzQGwrs zE)XH+sns1P>6oXU#ONILGjr-fX@1Mj<5C|19#ePNhiVj2;h0&o{p%axTn$ZWWn=g; zld|RN(46bdK$(BjntCun6j@HZHNCBwM8!(_>)99Ty2Rt5|5{~<%%ub&%s=JLbHDgb z9Rx<#jJ$OhoveCVzrPt~_k7w&Try5#2q#k8fV=D??L|u-&}GAfmGwRcr@$tGq&~gsB!m zCT`@0^Tb>LpGX|79HbvR%a$*1GlKBp^^rWc(b;Z8NZ9d1M_s{)SjUOyUvx~<@NMpP z#;ev-uw%8x8V-K)PmPEs+Hpkm28Ll+CVBakPRZd=Mf&x9ooHTTE|!lvOpe*G)L2c9WHPdZq2De78#Oam);&`!sf;qIW@$g5^YZpO z?kzdcLLXy4Ml$;A@?P@6z}*=5C*v+|`_OX08>Xq$RRX(Qae^Jz8h}Cw7KBx)?|rH0 zlR#2Yd6FnS%=`jcIm7GK()NYM~e}$@J$jN6YIPjCA8?QsiqB&yDUU$ z2~-j3?VnS0C=U7~9iEAnNzf_x;N-ejIYP66T8HF^+GhFLiyhrc*EJRMe;VH>A({_z zY*F18P!PUQ7)T3BX+^8v^ZNy6ug2iWw!?Wrp{Fw>|U}bg?>qZ2EAlm8}Lk}vdYbO7Q3!QEXxPAlM6XK ztRNEuRat_Th9E>Y)g;sfP;;4S)Z31(j8QXxeFIK-Q?6=hT|R~-ns3MF#WMMLuNX8o zRfp=Pb-&m!{(g?yyU=v_oKDrt<#fl9rt_@hNDs(wx0V;FK&Th^h9;2{tF`3aW_^L& z5tlNJ;EL=H@eoi16rB2JWIOD3SP~D2~cc2uWf{%4_aO{C3SqOb7zjHv?>k` z-F|l1!j8(WAt4_$@Y<|#r^wzDpWMuamJU5KWYE(peYP@Uv?&?$A;wgmY?heh!*6FW z?EVC@7}qasrCSxm~DsbVz*9fCr2=Seoa+2+*p@0{{R3 diff --git a/secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age b/secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age new file mode 100644 index 0000000..3d3dd8f --- /dev/null +++ b/secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 iNceIg E2ZHUBua1uN2jqFcGZRadRQQ6MbSdqp6eX4kNzjwaXk +lvjp5twZimfTkbWx7KG4y0Ifg7CVvyeHCINYkgjo7q8 +-> xOBGCH-grease .fe[Q3 Dzm=`! ggW +DsoXiHXKTej5cYbRdR+IAjlHGBGY1wBujsyeHBL+ZYWMBsK1AvJeUivTjGQAXw +--- NLQ3LLLx8SOcGJxG+bUYnPJ0xiBRTuT1IJG5DxdWjv8 +^Ǝ VuouԜ}s!-Ya7YH_9A8c^T X25519 IGuSeVYlhS4zQIPtGjEdfz0aRlWwW9p7v1dnZE+0Y1s +Va/LZJGX6lcWIJO88z6VOXy/nj/71CknrE6vfhqYLx4 +-> piv-p256 xqSe8Q A9v78VaWAYGK0qcnH9628aP26j86H5Lv37snchHbrqO2 +1QEZrG2VFBogG/3GrYmKREA97+srQJnYebgYqitBQ1w +-> R-/_~K-grease +sXTbRG1LknmW4uaybnfCc7wRhkE0LR6lIF7BfXJfh+NqyUZqiobiySS61RWGRp2x +6Mg8FuOwz4XVYPVLEZ/+170XqvNHTU5il1xP579N7ovN2Q +--- jcRvGpWSesVfxcd/PeUl/VnA52jkliI30rC55RgZiwc +&$q\;RظA,ج-wyLDzCxU3 /tvh-h>zQ$I \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/ward-mealie.pub b/secrets/wireguard/proxy-home/keys/ward-mealie.pub new file mode 100644 index 0000000..7987e45 --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/ward-mealie.pub @@ -0,0 +1 @@ +2N/eyBW8vTKV7Q5CKAr6+37AH0DdB7RRHpvbXaWwOx4= diff --git a/secrets/wireguard/proxy-home/psks/ward+ward-mealie.age b/secrets/wireguard/proxy-home/psks/ward+ward-mealie.age new file mode 100644 index 0000000..0017a3a --- /dev/null +++ b/secrets/wireguard/proxy-home/psks/ward+ward-mealie.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> X25519 WghdrFO5I3jJ32m9Z/LoSsbmA3KFSji4XwvejaR+mG8 +1EISuNRcxxldcjPRNFUupQ4KldvIbsBfwq3OrIRO3XM +-> piv-p256 xqSe8Q A38ktdHkbuqywFR1vLYmjZ/4bwwCsMtpiYw+JeBZ8hJI +7rd7W2o43+ic0akAqDZz3pP+iAE1I+nt38CVLylY2qg +-> tssi"-grease /c?&9>,} P5}~<: eE~$p\C +V7OSW0OxjRENAvsYvwHiHRQHDIFBbn8zElLW9BNntLDNMjhjNl8KEgbciRBKYCkU +t7I +--- eY9b9CPUwHCuj97O8Io5epNsxGdlVR4v48BFg+v/Lp0 + +!^Kƣ?ϰ ||LmmJFƢ)I^̴)O'pFÜ.p"Ip檽|s[EԌ \ No newline at end of file