From 289fcdd197cf0b5f2575b6a9b56990cdd6b69806 Mon Sep 17 00:00:00 2001 From: oddlama Date: Sun, 7 Apr 2024 21:59:54 +0200 Subject: [PATCH] feat: add new host envoy for mail, switch disko to partlabel --- hosts.toml | 18 ++++++-- hosts/envoy/acme.nix | 30 +++++++++++++ hosts/envoy/default.nix | 42 ++++++++++++++++++ hosts/envoy/fs.nix | 29 ++++++++++++ hosts/envoy/net.nix | 38 ++++++++++++++++ .../secrets/acme-cloudflare-dns-token.age | Bin 0 -> 404 bytes .../secrets/acme-cloudflare-zone-token.age | 10 +++++ hosts/envoy/secrets/host.pub | 1 + hosts/envoy/secrets/local.nix.age | 11 +++++ hosts/kroma/fs.nix | 23 ++-------- hosts/nom/fs.nix | 25 +++-------- hosts/sentinel/fs.nix | 23 ++-------- hosts/sire/fs.nix | 18 ++------ hosts/ward/fs.nix | 23 ++-------- hosts/zackbiene/fs.nix | 23 ++-------- secrets/generated/envoy/dhparams.pem.age | Bin 0 -> 1152 bytes .../envoy/initrd_host_ed25519_key.age | Bin 0 -> 881 bytes .../promtail-loki-basic-auth-password.age | Bin 0 -> 439 bytes .../envoy/telegraf-influxdb-token.age | 9 ++++ .../sentinel/loki-basic-auth-hashes.age | Bin 2238 -> 2356 bytes secrets/global.nix.age | Bin 2374 -> 2476 bytes ...2c-wireguard-proxy-sentinel-priv-envoy.age | 7 +++ ...0592-promtail-loki-basic-auth-password.age | 7 +++ ...a0da577d8f0117a747de9ea81-dhparams.pem.age | Bin 0 -> 1017 bytes ...ard-proxy-sentinel-psks-envoy+sentinel.age | 7 +++ ...e9cb9b732ca42a-initrd_host_ed25519_key.age | 9 ++++ ...3647b453988a84-telegraf-influxdb-token.age | Bin 0 -> 324 bytes ...6fb8666deb22-acme-cloudflare-dns-token.age | 7 +++ ...2164a0f22f0-acme-cloudflare-zone-token.age | 8 ++++ ...ard-proxy-sentinel-psks-envoy+sentinel.age | 7 +++ ...d-proxy-sentinel-psks-sentinel+sire-ai.age | 8 ---- ...roxy-sentinel-psks-sentinel+sire-samba.age | 9 ---- ...55c392329c27f35-loki-basic-auth-hashes.age | Bin 0 -> 2241 bytes ...64b18a2c7fdec70-loki-basic-auth-hashes.age | Bin 2259 -> 0 bytes ...d-proxy-sentinel-psks-sentinel+sire-ai.age | 7 --- ...-wireguard-proxy-sentinel-priv-sire-ai.age | Bin 364 -> 0 bytes ...0bd62443-telegraf-influxdb-token-envoy.age | 7 +++ ...reguard-proxy-sentinel-priv-sire-samba.age | 9 ---- ...roxy-sentinel-psks-sentinel+sire-samba.age | 7 --- ...99aa7ae978-mosquitto-pw-home_assistant.age | 7 +++ ...928380133562f-mosquitto-pw-zigbee2mqtt.age | 8 ++++ ...618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age | Bin 0 -> 317 bytes .../wireguard/proxy-sentinel/keys/envoy.age | 9 ++++ .../wireguard/proxy-sentinel/keys/envoy.pub | 1 + .../proxy-sentinel/psks/envoy+sentinel.age | 9 ++++ 45 files changed, 302 insertions(+), 154 deletions(-) create mode 100644 hosts/envoy/acme.nix create mode 100644 hosts/envoy/default.nix create mode 100644 hosts/envoy/fs.nix create mode 100644 hosts/envoy/net.nix create mode 100644 hosts/envoy/secrets/acme-cloudflare-dns-token.age create mode 100644 hosts/envoy/secrets/acme-cloudflare-zone-token.age create mode 100644 hosts/envoy/secrets/host.pub create mode 100644 hosts/envoy/secrets/local.nix.age create mode 100644 secrets/generated/envoy/dhparams.pem.age create mode 100644 secrets/generated/envoy/initrd_host_ed25519_key.age create mode 100644 secrets/generated/envoy/promtail-loki-basic-auth-password.age create mode 100644 secrets/generated/envoy/telegraf-influxdb-token.age create mode 100644 secrets/rekeyed/envoy/18339a3d1929a51d4e47d2541c123e2c-wireguard-proxy-sentinel-priv-envoy.age create mode 100644 secrets/rekeyed/envoy/192d6b442164766c6509bcaedc330592-promtail-loki-basic-auth-password.age create mode 100644 secrets/rekeyed/envoy/192d927a0da577d8f0117a747de9ea81-dhparams.pem.age create mode 100644 secrets/rekeyed/envoy/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age create mode 100644 secrets/rekeyed/envoy/2ef9539ec793ecd1fce9cb9b732ca42a-initrd_host_ed25519_key.age create mode 100644 secrets/rekeyed/envoy/5bc09852ae48483fb23647b453988a84-telegraf-influxdb-token.age create mode 100644 secrets/rekeyed/envoy/adc68343fd1e82562f7f6fb8666deb22-acme-cloudflare-dns-token.age create mode 100644 secrets/rekeyed/envoy/fbe90fea6015be22bc47a2164a0f22f0-acme-cloudflare-zone-token.age create mode 100644 secrets/rekeyed/sentinel/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age delete mode 100644 secrets/rekeyed/sentinel/4cff83edc1d2b2ca516f8cb63fb06782-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age delete mode 100644 secrets/rekeyed/sentinel/8df8bc7331f1c1b2112f03dbbbfe126c-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age create mode 100644 secrets/rekeyed/sentinel/b8a185a1607106ef955c392329c27f35-loki-basic-auth-hashes.age delete mode 100644 secrets/rekeyed/sentinel/dff3a7ca6af4b2bde64b18a2c7fdec70-loki-basic-auth-hashes.age delete mode 100644 secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age delete mode 100644 secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age create mode 100644 secrets/rekeyed/sire-influxdb/556953d98099cdb7f1274d6e0bd62443-telegraf-influxdb-token-envoy.age delete mode 100644 secrets/rekeyed/sire-samba/52e0b64f69eb5e84fcccee0f8141cce7-wireguard-proxy-sentinel-priv-sire-samba.age delete mode 100644 secrets/rekeyed/sire-samba/9cb014e8ff14329d085de1287ff23802-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age create mode 100644 secrets/rekeyed/zackbiene/2114c48ad63cd022bc589099aa7ae978-mosquitto-pw-home_assistant.age create mode 100644 secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age create mode 100644 secrets/rekeyed/zackbiene/47aefe1120e3a32dc5b13dca618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age create mode 100644 secrets/wireguard/proxy-sentinel/keys/envoy.age create mode 100644 secrets/wireguard/proxy-sentinel/keys/envoy.pub create mode 100644 secrets/wireguard/proxy-sentinel/psks/envoy+sentinel.age diff --git a/hosts.toml b/hosts.toml index d575643..f6a1926 100644 --- a/hosts.toml +++ b/hosts.toml @@ -1,3 +1,5 @@ +# Desktops + [kroma] type = "nixos" system = "x86_64-linux" @@ -6,18 +8,26 @@ system = "x86_64-linux" type = "nixos" system = "x86_64-linux" +# Cloud Server + +[envoy] +type = "nixos" +system = "x86_64-linux" + [sentinel] type = "nixos" system = "x86_64-linux" +# Home Server + +[sire] +type = "nixos" +system = "x86_64-linux" + [ward] type = "nixos" system = "x86_64-linux" -[sire] -type = "nixos" -system = "x86_64-linux" - [zackbiene] type = "nixos" system = "aarch64-linux" diff --git a/hosts/envoy/acme.nix b/hosts/envoy/acme.nix new file mode 100644 index 0000000..c257605 --- /dev/null +++ b/hosts/envoy/acme.nix @@ -0,0 +1,30 @@ +{config, ...}: let + inherit (config.repo.secrets.local) acme; +in { + age.secrets.acme-cloudflare-dns-token = { + rekeyFile = ./secrets/acme-cloudflare-dns-token.age; + mode = "440"; + group = "acme"; + }; + + age.secrets.acme-cloudflare-zone-token = { + rekeyFile = ./secrets/acme-cloudflare-zone-token.age; + mode = "440"; + group = "acme"; + }; + + security.acme = { + acceptTerms = true; + defaults = { + inherit (acme) email; + credentialFiles = { + CF_DNS_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-dns-token.path; + CF_ZONE_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-zone-token.path; + }; + dnsProvider = "cloudflare"; + dnsPropagationCheck = true; + reloadServices = ["nginx"]; + }; + wildcardDomains = acme.domains; + }; +} diff --git a/hosts/envoy/default.nix b/hosts/envoy/default.nix new file mode 100644 index 0000000..25d91a0 --- /dev/null +++ b/hosts/envoy/default.nix @@ -0,0 +1,42 @@ +{ + config, + nodes, + ... +}: { + imports = [ + ../../modules/optional/hardware/hetzner-cloud.nix + + ../../modules + ../../modules/optional/initrd-ssh.nix + ../../modules/optional/zfs.nix + + ./acme.nix + ./fs.nix + ./net.nix + ]; + + boot.mode = "bios"; + + users.groups.acme.members = ["nginx"]; + wireguard.proxy-sentinel.firewallRuleForAll.allowedTCPPorts = [80 443]; + services.nginx.enable = true; + services.nginx.recommendedSetup = true; + + meta.promtail = { + enable = true; + proxy = "sentinel"; + }; + + # Connect safely via wireguard to skip authentication + networking.hosts.${nodes.sentinel.config.wireguard.proxy-sentinel.ipv4} = [nodes.sentinel.config.networking.providedDomains.influxdb]; + meta.telegraf = { + enable = true; + scrapeSensors = false; + influxdb2 = { + domain = config.networking.providedDomains.influxdb; + organization = "machines"; + bucket = "telegraf"; + node = "sire-influxdb"; + }; + }; +} diff --git a/hosts/envoy/fs.nix b/hosts/envoy/fs.nix new file mode 100644 index 0000000..5b26a6d --- /dev/null +++ b/hosts/envoy/fs.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + ... +}: let + inherit (config.repo.secrets.local) disks; +in { + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/${disks.main}"; + content = with lib.disko.gpt; { + type = "gpt"; + partitions = { + grub = partGrub; + bios = partBoot "512M"; + rpool = partLuksZfs disks.main "rpool" "100%"; + }; + }; + }; + }; + zpool = with lib.disko.zfs; { + rpool = mkZpool {datasets = impermanenceZfsDatasets;}; + }; + }; + + boot.loader.grub.devices = ["/dev/disk/by-id/${disks.main}"]; +} diff --git a/hosts/envoy/net.nix b/hosts/envoy/net.nix new file mode 100644 index 0000000..e09dd5d --- /dev/null +++ b/hosts/envoy/net.nix @@ -0,0 +1,38 @@ +{config, ...}: { + networking.hostId = config.repo.secrets.local.networking.hostId; + networking.domain = config.repo.secrets.global.domains.me; + + boot.initrd.systemd.network = { + enable = true; + networks = {inherit (config.systemd.network.networks) "10-wan";}; + }; + + systemd.network.networks = { + "10-wan" = let + icfg = config.repo.secrets.local.networking.interfaces.wan; + in { + address = [ + icfg.hostCidrv4 + icfg.hostCidrv6 + ]; + gateway = ["fe80::1"]; + routes = [ + {routeConfig = {Destination = "172.31.1.1";};} + { + routeConfig = { + Gateway = "172.31.1.1"; + GatewayOnLink = true; + }; + } + ]; + matchConfig.MACAddress = icfg.mac; + networkConfig.IPv6PrivacyExtensions = "yes"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + networking.nftables.firewall.zones.untrusted.interfaces = ["wan"]; + + # Allow accessing influx + wireguard.proxy-sentinel.client.via = "sentinel"; +} diff --git a/hosts/envoy/secrets/acme-cloudflare-dns-token.age b/hosts/envoy/secrets/acme-cloudflare-dns-token.age new file mode 100644 index 0000000000000000000000000000000000000000..612643b5754f30918558bdf70361e9b5b8b0f50c GIT binary patch literal 404 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Y~|bgL+`^mp<0b}IBs2`=)< zEGWt}PL0S3_R4iMD=RU`s?5$v3^ERNE#}I}$SyH=ar8_qa&;{(H1IJtjjXcpFiY{s z$gj#NH22EL@k=$yF0XRR2n5+skXfc%U}S2hP*E71Y7wa5SQ?~n6lPfIZ;)7J>1~>u znB(sp7Fv;LP!S%LomuW1UJ;O{@8gr|66WQ>m06@;Wa42N5M|&SSXpS46%zo z=o3}s=8@%-mRsOgSQwF!>z8K&vdi8n*ehH&y(l%YI8`CuO2J0mFHIq)s7}F@E2ttQ zJ0-)rD5BilvCKKWz&Fp^FFzwBluK7vS0TGHJI^2>!=l7F(M&(h+1sVcAT-d?&!w`e z#2_Rw*ubqkx3ttfwal}koa@TtrMJ&~bdDE!Qp}mzxzFIx8;c#M;{qa%*|_s2*=toD uZdXgIR1;uWX<#Y&QssE<%!drFVFeGX4dy!D6rioevLZ- literal 0 HcmV?d00001 diff --git a/hosts/envoy/secrets/acme-cloudflare-zone-token.age b/hosts/envoy/secrets/acme-cloudflare-zone-token.age new file mode 100644 index 0000000..c26ae7a --- /dev/null +++ b/hosts/envoy/secrets/acme-cloudflare-zone-token.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 Y7J0KmGssDwytzJSMTKnb2qVfCBEl4nMiKeg4PDhbhM +R+FV22jr0XcybGJk8Z2o40O5ptRK3NPgQOxJ7HlORho +-> piv-p256 xqSe8Q AyC1XlhbGhbfUBn4gV56t48AazKi5Lt9H5BCOZqbTtOp +s3mrvVrMZ/kTdUSjKyBWa5hUFL2fwL2xRo7UFF0AwP0 +-> Ao-grease vp@ m_b +oV7D7L5dZtF75bJ6Ms0yZr92rENJmE4xKpdlBp4h40onYWv1Z17R2/bmygv5MD9+ +S7J25g3rxfk00fUOK8cwDcWyRtp4jQqcooJyrQ +--- J/aXuudcbUAfU06R065fsvPTX2qZr0w0eZ9gI6I+McY +v-##=|ڕ-IRn X25519 Iz/ZYzOsB5ONZTT2azO8HcfvwEdS8zjYv2a+gdSa6Rw +3RvSD6jq4IKXOWmgFiLK0OgZkvrbRQZLqlYgiVMixAY +-> piv-p256 xqSe8Q A4BW1CqEWMOdGkIjIqvXJrzC54BBaEbnhywgd1UA9gQf +lRdaSMaW/xFvzBYk56T6ld64vrFS4EbQdcJJarOd2hE +-> Xw[-grease ^u-qoTf JV +7ht6GO0MH9xXNpmbVpi/NYiy27V0XHtE+qNmMqZSj0/rVtnYWMhm4Ezu+3Y +--- EYikW64z1mfwwVgFevfGeo4Sp4994H8WnvbJ+RfxMnc +PlbwqZޜ9 :Vl~(ރ#xV[|!ccVn%kYr;hS)ggELwZAJHj~a{*C8 +bi ! # K4/3$Ic7UTjfj`LX0fhO%~*]c񭯛RA0y0v#{C.BqW-1W7/jȔ} !/ Eb%Ԡtq!e>g)Λd~yA +ZN쟞mo|rX͈6T$~5͂Rj>zhKIed}NzZe`e݁b~K] h1yF \ No newline at end of file diff --git a/hosts/kroma/fs.nix b/hosts/kroma/fs.nix index 08d8221..d801358 100644 --- a/hosts/kroma/fs.nix +++ b/hosts/kroma/fs.nix @@ -7,30 +7,15 @@ in { disko.devices = { disk = { - ${disks.m2-ssd} = { + m2-ssd = { type = "disk"; device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - efi = - partEfi "0%" "1GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part1"; - }; - swap = - partSwap "1GiB" "17GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part2"; - }; - "rpool_${disks.m2-ssd}" = - partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part3"; - }; + efi = partEfi "1G"; + swap = partSwap "16G"; + rpool = partLuksZfs disks.m2-ssd "rpool" "100%"; }; }; }; diff --git a/hosts/nom/fs.nix b/hosts/nom/fs.nix index e729121..fd6469e 100644 --- a/hosts/nom/fs.nix +++ b/hosts/nom/fs.nix @@ -7,39 +7,24 @@ in { disko.devices = { disk = { - ${disks.m2-ssd} = { + m2-ssd = { type = "disk"; device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - "rpool_${disks.m2-ssd}" = - partLuksZfs disks.m2-ssd "rpool" "0%" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part1"; - }; + rpool = partLuksZfs disks.m2-ssd "rpool" "100%"; }; }; }; - ${disks.boot-ssd} = { + boot-ssd = { type = "disk"; device = "/dev/disk/by-id/${disks.boot-ssd}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - efi = - partEfi "0%" "8GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.boot-ssd}-part1"; - }; - swap = - partSwap "8GiB" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.boot-ssd}-part2"; - }; + efi = partEfi "8G"; + swap = partSwap "100%"; }; }; }; diff --git a/hosts/sentinel/fs.nix b/hosts/sentinel/fs.nix index f9fb4ac..5b26a6d 100644 --- a/hosts/sentinel/fs.nix +++ b/hosts/sentinel/fs.nix @@ -7,30 +7,15 @@ in { disko.devices = { disk = { - ${disks.main} = { + main = { type = "disk"; device = "/dev/disk/by-id/${disks.main}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - grub = - partGrub "0%" "1MiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.main}-part1"; - }; - bios = - partEfi "1MiB" "512MiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.main}-part2"; - }; - "rpool_${disks.main}" = - partLuksZfs disks.main "rpool" "512MiB" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.main}-part3"; - }; + grub = partGrub; + bios = partBoot "512M"; + rpool = partLuksZfs disks.main "rpool" "100%"; }; }; }; diff --git a/hosts/sire/fs.nix b/hosts/sire/fs.nix index e45ca72..2063a8b 100644 --- a/hosts/sire/fs.nix +++ b/hosts/sire/fs.nix @@ -8,28 +8,18 @@ in { disko.devices = { disk = { - ${disks.m2-ssd-1} = { + m2-ssd-1 = { type = "disk"; device = "/dev/disk/by-id/${disks.m2-ssd-1}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - efi = - partEfi "0%" "1GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd-1}-part1"; - }; - "rpool_${disks.m2-ssd-1}" = - partLuksZfs disks.m2-ssd-1 "rpool" "1GiB" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd-1}-part2"; - }; + efi = partEfi "1G"; + rpool = partLuksZfs disks.m2-ssd-1 "rpool" "100%"; }; }; }; - ${disks.m2-ssd-2} = { + m2-ssd-2 = { type = "disk"; device = "/dev/disk/by-id/${disks.m2-ssd-2}"; content = lib.disko.content.luksZfs disks.m2-ssd-2 "rpool"; diff --git a/hosts/ward/fs.nix b/hosts/ward/fs.nix index 3757162..66741e8 100644 --- a/hosts/ward/fs.nix +++ b/hosts/ward/fs.nix @@ -7,30 +7,15 @@ in { disko.devices = { disk = { - ${disks.m2-ssd} = { + m2-ssd = { type = "disk"; device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - efi = - partEfi "0%" "1GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part1"; - }; - swap = - partSwap "1GiB" "17GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part2"; - }; - "rpool_${disks.m2-ssd}" = - partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.m2-ssd}-part3"; - }; + efi = partEfi "1G"; + swap = partSwap "16G"; + rpool = partLuksZfs disks.m2-ssd "rpool" "100%"; }; }; }; diff --git a/hosts/zackbiene/fs.nix b/hosts/zackbiene/fs.nix index 2f4531b..196d97d 100644 --- a/hosts/zackbiene/fs.nix +++ b/hosts/zackbiene/fs.nix @@ -7,30 +7,15 @@ in { disko.devices = { disk = { - ${disks.mmc} = { + mmc = { type = "disk"; device = "/dev/disk/by-id/${disks.mmc}"; content = with lib.disko.gpt; { type = "gpt"; partitions = { - efi = - partEfi "0%" "1GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.mmc}-part1"; - }; - swap = - partSwap "1GiB" "9GiB" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.mmc}-part2"; - }; - "rpool_${disks.mmc}" = - partLuksZfs disks.mmc "rpool" "9GiB" "100%" - // { - # FIXME: Needed because partlabels are 💩: https://github.com/nix-community/disko/issues/551 - device = "/dev/disk/by-id/${disks.mmc}-part3"; - }; + efi = partEfi "1G"; + swap = partSwap "8G"; + rpool = partLuksZfs disks.mmc "rpool" "100%"; }; }; }; diff --git a/secrets/generated/envoy/dhparams.pem.age b/secrets/generated/envoy/dhparams.pem.age new file mode 100644 index 0000000000000000000000000000000000000000..f60a74bb0bb8bd7b2f0573f08e547d604d879739 GIT binary patch literal 1152 zcmV-`1b_QsXJsvAZewzJaCB*JZZ2OPEArsRCY#k zby!g}Y)?*VL{&6)Wi)PBVr4T&W^+MNPHPG+J|JCVMnq~&EoX9NVRL05GDu&1AWJ$a zJ7gd{cwkH}aSCuYc4lU8ZAMXbbXqlYIcZlgN^viDOjUYDOG|fnHDyRKPFhe$Gzu*( zEg)5CR#I(ec63a2S8q*WXL)IARaiuNW@B;1dR1xIrGWPwP3`Za(nHf$sU;m_*zDi zMW&g3S0z-O%6&B=Np-mTxi8UclD1Z??74V*;wwL@&4ntOBm>aO^G;gK!rK z4@NM(FR5#*97Z!c7qFwq4%zMB@p~iaCO0JwCx|VV?a{FFcXvr#HG(d|fpU=2@srz5 zzm+XQN8N!EDi$SsjaHq@5R)!GEKF&F>Ur2AanOH}+Y*ZmH#{j9Y$MiV9vCxM5!eZU zH)*?XwYWrMcNSQo{7F#h6?I+ZNSnwed*7uZHAyN3+@w;8wUacT?wq>Y`p=@v;9~z; zM&Zs2ICGxhmC)!LfbrC#p}^-R}QOq|Q48cWc7S*5e0xgu2veL+KsCexK_KZ_?T zh>$Edsq!u_v$LQq3(2QR@^-j?dDLqEElT5Se@y??tfN|7%sf4yLyo5GqBnc`DZjK* z;m29z^O+B`?eR;EcEAjRlhA)Qe*tlTjz<}wgnX#E=!1?Jm~03?DioKzK|Sam@=%;1 zq5j)X`4KV%-yw3$Dr7`lYOQTvLp7PjZ*?ZsZ|5Jdg1&?VQT*jZWj@iz>;kG(_h7f# zeW2rn%!>|zM_vR*EPh-u%wmz*#w~8(%LNFANMcf9Yjl3N>z7DQA$WnPG@3cZAEB7QBq-c zcUduZYe8r*3R6}qO>R?hG<8K&Z#QX8I8;VNNN!?yO?7ERFe`dyN=al+MrwLfIWkve zN?A*CF*15jZ&-0lG&X4~WLS1cO$t+Y3N0-yAZ=25GEQtkHD@t1HZNo_LsfEda9K`x zXmNB!aVu4KH#SFiYBX(3IAlak3i+tGsE$^2?8V=Pnj*)vxnbI6ee<1ho53X9#{Sfj zU7ht)4)_~-%p>(;02kKdXTJAXM*hegN*E@;d{8Uij)D>j(<`}niDYDp;Ua1MHL=@b z2r=)be&C=c7+0xCwc(N?8BAPD`>LR}*)e-bSF!E62x_1cGM+%d?&IH0$CtG!RW{P! zU%)~5=+B1G1}7A{v#!J)PGYOAq5pF_yZV5d*f65lB3S?GGP5;>U3X~X`)^UO)8FyW z*5l9dosDLF&>{1!IZ%q7*T*b=JQPHt#bf9S&H`j?rR92UNGkwe%o>xSx%pN>a*lUy zpU#)Ks8NYWv9jOMGsnlo%I*MSmB6E_5z2@L>Wr>a@wgREb30N@Oo%#a?Pkk{{##-v zz`Lwc`7TT4kWt_Pla-+X5K&KqTx6?JVT}l}inH`K>z@ThsE~f@J{`t*jR%kW7>rqF zKBFZ7umZiTQT|W5gQq^PWVJ{!TPbaXp<>Qj(Owwz<7P(8_=A*g1Z<5QWa)XnL zgA|+uJLsSYP6cstaq(BUxG4ytlZf>B1J5!91jziNLz@_82e1f-HH8s(afcp_C=OqT zXIT&D{qdZN%WlojqJSaWF=;p{a(JsTR@ySk=_;oftX&M{p1EgmF}oNFZs}yg5>6}0 zme{dVH0NrHICP|Ha;;qtD6R=akH&bLpMWC+=Nn%MD?4@~fkLe)2UWxZiyK?e^}YMd zN;~mIGK?VPS2RXOb2XR-T%2tLMQ`BH4gdmFSJlS_E1FHRT1-iak2WTMeM!FM3J++V z2n(<*0Z!pTrv`e7?_sRv>U~#IZIXxxw&|kU_a^%xI_2ol;>@{knu$i&YFJskr=Oll z8pH^Kz{3$I$F>*DjB_usNFJ?0&m_$(Rgzpwh0=4)$>Dki#A$;)y-Wbe2kJn%`Es|V zv8HU^-uOJ&{WdUu$rnoZ$es-MUi{d3eEH!E^YiNY@10L~F196;PPTu)KK%FQ-K}TE S)%Ig@`^n+=*MHu>I`|KZCYqT5 literal 0 HcmV?d00001 diff --git a/secrets/generated/envoy/telegraf-influxdb-token.age b/secrets/generated/envoy/telegraf-influxdb-token.age new file mode 100644 index 0000000..dc0bbc1 --- /dev/null +++ b/secrets/generated/envoy/telegraf-influxdb-token.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 V7BwuAWcBb8XH3Eb6tWfyfoCL1shUP1kgWFDDubzPCw +4FlGy8DMzFpgN+wOEj4yrMgctNibQP6afuv79LlpZig +-> piv-p256 xqSe8Q A3VKu8wLRa7PX8kdNYS5chPWZgdUOWcR6tbfq0G9QVr7 +b8Z8cCA8BRHjLxAe0o/57ifVOI/xrUChoMCikui0bgY +-> T-grease }@.z [ ./ %/A8'7 +69b+3UIwlyGj0TrDvVVkCO/+Jvnk +--- yPe/jQ7/2m7jqcVE1Z/+vrAbPRK9A65DbDbkOrcSnNM +טojT:E8Gʐ%#q=#T3 zbx%n~YYJLoIAmI5b3rq1GciJLG;b?2R7f>#Fi$UWbYeJKLSko8WbWS!@Rx(UNFmpC?Xi7*#S${WSH&R7dZDm7cd30J) zHDXvdHZ(XyVL}R2R!4VBS59qqXGbG)Hz(VQf%HX?i$SFnCT@ zYe@<%J|Ij+EoX9NVRK~)OK@a%b5=!dbw@@)R#;9+cuO=gQBh(sVQ*15IYe?;bT>w5 zRZn?LGf7x5M}JRwNI^k#bZ268GC@^QR7Ox#QVL~xXhuXiZ2&bYVeiY-m9_FhNdjT3JprQZRCF zG;BpSW=1t@FJVe$I0~^wDMFjYvQWr}E2F|GGyyl*GJje6@3=5_Xfl#y=gf}z0x@RE ztv^s~#-%~T(AFu&RmH(LR483l^}0`+9H!thh@xeol2srr(bI&^7GMe6$yqy&_FvGGFD`LXf%xGR4Xw7m>qlQH44ySC8rgsz3>P?z3_JG6wwpVs zuPfd#ZhuWh39|YPW&5m;ujSP}o`Z!aJ7h(V%F5!+zpR*#CPA%r>-_LsAF`KK`_FIEsMkv6Oxr?Y$SEi>vijtWPgW$mYw7KV04QF;9GBwnge1jYi_10 z)*f;c`|Z}|n~Ea94faU~!uAL(&K4yOA-O5PE2d; zhJVf#2MG?iU_lEu`1^kuN_c)*Lu8a!q8(uSzs|06blz7E_YlUZq5a3aUG9M^OLb`z znqHcb)rCwdH6C@ae$l{bvVRdKXzb}ci91~&Cb~2XW_`lXKQr^?LjFku z3c^8Mm>nDJ$Wx+Plat@;O_c`{rDSS!VCz3#sy~;fs4bf_RlhB)Tdf>mTKbF1h^`{< zI6yh2gogf>mrWq|Q|>OJaJ{ygE-LBZAH<6zh_6n}tRmz#y-8c)lM>QfRc`B^+kd1W zas3s&q(OO}sCHxRlp~@~c7+VZ4{E=Gm2hw6(lMMUNodN;q?3QgM(WdnP15eQLZEPh zpE-!&u1EIY{dj~NU+b3%_O6|py;h+ki#f!AblQ1F8zEM!<{|*Y>C)kq{*Garg&H_G zq9YP8aZx;iB(T}{&5t3w zd^8p*gc6EgFi2nEV!YJ7Ynyi>f;mQsUjSc%G0wq;Y@$8rZQZLM-sHRMe8+Z2R~T|p zT{iBm6=^eU({&hr$L6XcUw=waT1mMVc4Dj2pIBGGsmdujv@<&r=C!)dzr{3vM7e&% z+zqewr5Sr&&N4LA5u_=Frk4q@+rARXRg$>!r7P8O!o}kUk&*D?%6~~Lz)y(iU}57p zy_pJaLB(;5`n>Sly4;__sFb8u09}dGT`CU3YK?zYc;5gzy=Phjn~f$TyRQJO`X!JF zG!;lU^q%)(BrKFBH(|TS6Msh`yr(>VT@kUDQj)%d6{TEB)~TJx1f#Jqu{zzw<-a1- zg%K^0!&-SBkzvl%?0+CnX#&&m+{8xB{CdBs0I6026%-)9huNI#)NSwyj)&F+?ls|0 zb4wSj?l(_XxeNE(4r2Cp(C_?8jpCh3x9d(J5>k^s`p468rhMwR{s6PPE2Iyp1-G!T z8H`jKN9r`0Wmk&vviyYdEa;C;Ro=stw?8TVFhBqMr0C2|TYoj68Pd9^EaZkURy^7) z=4qNC4st?`#e#Yv=A({S{2!+*0Xs5z@!q-di9smr^k@VG4&t3bUvyo1mE)MI)UL4A zGfY(^u4UoP>DF=WEc~f79^vYpNlKisz>%9Wo>zjIaF&5gztF2@>R{H!VIq}Y~<6|s#4D_3#b^hXAF+e3LIm;^h~`*6?D1upePOB9)R*zYu=GCD*@s+J69-{CS6laUXxwL9c<9y{=Rv z_^hFTZ^EenXeLDf24KV=Ur4Z9lh(5GnzPf<6iz82FYtISvUEg= zib!aC`pfGY7SARIXnK0wzOFkkig7y-R(rWURLh8pP>as0A;ak?r!K=xWB?9DHZdwy zU8`iMaDU=)xLK_;}4YXkHqZ0#wU~F{3XeQ@YC2_Zmz?3!ozJ{NeV4K zAaH4REpRe5HXwL$Q)M_&AVG6%G-gswNo7Y?Rd7;aW^!zGMSn_hN>D~`S7K8uNH=GGTgbZ#Fh@Z7)|;Fe@u-I8;P1Z)8qvNOL%4N>ov2 zF=GlXEiE8rFLg9(P*zxWLuGI`cWP@wMoM#2K~ZHfR%AzbQf5g)Q9&zEK{R)GD>w>5 zawzeuXm01GZhwca1kiy(o-Uq_a4q;n74Yc&0@9z0!gA}At6Jx8793tzFwt^`)JU{J~;IE4G#dspnsaI=lF%$G`gzZ`eHub8E@luqci_tvT^C|y*y zyHh6vd;8La2+v3=4}jEPYJDveeOKlA>xp4oR$EmGsH zGT6@O;1oqV2cu6(&mVzJvVbX=WSW=c@KkHRB1H?fQz~$Ob%YY8Z{R466Ao&jSs_~) zi?bWY$fOn}2u8JRJyBdZE7N?hQiZJG@;I#t+s)^)UTD`P6?_e5gx7lM9l=*U{VXJ+ zp?|P^r(YpUDEx8-EOHEVL&FkJ28H04&_FS=QB=q8qcV1xtUbRGO$Q!a>a^K6=$hcp zfE%O%E#p&97}$f*hC%GFWQ&W_vcpc+TRvqm(*Wf?^}ezht+P?><|zOjmq@Ld1Nm8ILt`dC#|-)GBc}KvEp1KKhQJ=r zPmdZL+dd4`T@xZZXP`@2`O(;0BPSl|JC+T}1Z;LDRr z&`9udt=0l7bCx&A~Ih=5e8O8LB=+?w$rvcFNOx5L=l%* zsn?XW3JPE1ScggfhTbpY#lE*y_4vgv)=v_Pa_CKjuKFI0bxg6#cEW79rZ>iKIEr5s zvy~RgvPsOn{$5RoTJg7wvcajo{eP@O$4oDA-vAD?F6`OL!>CBGH6NvqV!RR1!|&Dz z1IYPIf=oOf1B6z$^{&RKn8@q-TqegVAsdEY(n}D_i(qelogymD3o-6m{tvD*?cTgj zQSZr9onuk^7JzyZZ)#6j(h%~_sj4&fq+50O7wmhnW0Yp&fNF`tFpXJ(p?}t9DSU(K z28Ve>A2|LwLdhr4M-yB2Pi1tr>=YVx{F#=i&woBsBpQJ~t??o6FMfXmW8@=>5Xz385zeD<9DAJd7I7%<*^6VTxbI?UF-b^;Hq|EP4t+nA(a ziB%GhA-!PQ@V^mj@@%+|gMZcmO?!$!!!|6nzJ6FDy*)BFU&46#f^jnVOo7CQFk*F# z=(-XN&QKtCwH+v>@msQf%|x%b+b%uUBqDmA@7!sHTXk=Bb{I%(s1W5il3E>td)*4$ z@f`b@D+6D0z2h8hj)T3m#lsKT$$(jN9iM7Rhvy%3y@m?Zu>xeU2CaY?%b7PAVsy3I@(@ z!M@3t9yO&f_*m-tl%XplqUh;N%UMmrFG;A73h@S1{Ir^YGT3} zC(o$3MClbaydd24W`DM1Jb2J=!RB)l#$`8HG5sJg)vWr5^qvXlxJa%B9e#n^S=x;6 z4s?#sBeB7`<0qkmxJjMQHM5_~-_Km-MH{Ni!o9oQ-Fv40$zVjec5!;&o-w@qf{ zJfMMtb^^(k{=hq=dlgpRRa7GEH$ypXouVTNjeLK@H6qVrx>x7YdGzo$JvqN@uxlnM zxCuukHkD$7aRuGcUrz~|2i&k)=rpDMj16NHa<*?4ineXA)M%fvbPPGO1`faX$rJ`TCNn` z^>D-yN82sErU-U;n2abme`US?y>)--6XsG;b06FO8z0fQB<`k}oGjpk&p6xyxWZSK zM^EUCe#N4RA7u8bqsu21?I5nx1W(Ljc$E0}U(&%KgRaQm|z0KmwLvE{#UZ zxQ-6Oq%VD2e^rg-oDGAgJ5f$Ri6({O+Vw_Awk=W9L@xAwJxR?ul8S5wXCThb&fbC= EtepoUOaK4? diff --git a/secrets/global.nix.age b/secrets/global.nix.age index 73f90c006118a3d9321c2d543504ea234548cc32..5a6978df788fd4390691327fd03c5b72f754c48d 100644 GIT binary patch delta 2470 zcmV;X30d~W608%DAb)ODa#Uwza6wI3K}0oqIYmuYa#w9xY(zOqSVeAdI5cH-VoEe} zXGeK>cM4H)Zc~I7mi9Fm^agSqd#a zAaH4REpRe5HXwL$Q)M_&AVF()PfulTMRG(lZ)0dObWwD9O@C@_GgWysM|d$)LRnNx zQcE*3a5Hg1b7cxfZ(=!ZVNEqRFg7xJI5lE$MNxHYI8I1xD^zfKWXV#ae72XT1g5mEiE8OZgELiSaV@bax+geLvuz*Wp#9VPj-4lPc>tDR7X>5 zRAF{SS4lWHP*Do{n|gnG_Kl^>vCZy{_rL6l7%|}(a(`UUuBun;)1&nzn5DV3g)r#} zR`DLp9yNvoT&+M9v_pmqo~LdhI01AM#7bH}SHw~b-!OB8BfCBo?~(Vqe=diS&Cwl= zF2@v{E^r24Jy}9$h`oli!>{~fvEbt7QZ*X8r-pCT!g(Ioe!wQ&vmdyYXOv#C2TGs; z7<_NG*?;g$ABuM&0l89lIc=kCYT(m=-~IiKoxK`qy4+un>C9l`tdQx3lCvms;5Mrc z>O@7AawaJ)+r+nfx?m|671msG-QhV+q=qUkpD0^8U)H>j=3KmVDpP%fXzhFZ;DCLV zORLLQv%+>r*#(mi>T}Izw$1b^wO4jhj~YNjyMK$#&W_*oj@6>e7l`ezc;W!$cGhEp zQ_UzNPszf=%pqjK6!xK^1D_m{0)YN4>OMk={1oWH!JWshal{ULTDXCRo)xpNw6Nsk zEJYRhrrJ1b@*|cEjd!j#p21(iR^Ma20P3G_(YE49?S3 zCb?^L*I$VPjM)AzkhYh(nVpLC*Yg{lG=6`+C zn^!SE4@SON`whaOH|S`(Bd0r0WmzQ@fC#G_hqbyhjbI>?p4HqII-<5c_Z6NwE7r$Q z85QPl9}j=ACqrUw^v>(V&fPkYgq=xXdOXQOS+|~wy|6m2*c38AS0ra_Kcqci#50MU zV#6#n5-)g2ZuTt7FZo-YFPqr)Qh&E~-JTcY^5x57ZnT^T>417JoRg>iDhh11Is+2X z2bGT+KBgw>lE!!r+)WW=oU?_q1G4SW5=)H$JtZ|J_J*->xZ4uy6%_%JI%uS_jsGFa zL2E!_hcu#g_<4lB&WQZp3&R*tKEn}QYG3`2nPvuo@IBtlh}@;pdXN0M4u8Za6gWPZ zu`R^`-o2zk!n`{TyCOld)lPWj*%gd=arFzzdB1rtG2?D=P0?R!OkA_Ki^PDqmJF1Z zuJkuYaEyvauvbiB0ws4z&NKO>n=3HLNl#bkRM#q~cWH=D7}^VYP^0QVe4h1vrDmS@VQ+QTP7 zX8&Nq z+xKW)ax-`O&NKm>wttQRX9|OAjRBA!0~pw@#}C8H#tYthbk76}5`Z64Ce&K4=MUD3 z2#0!?F^Z>-;7i}6nGSid@oqN~H&QRr*NgEA8gqN`hkH1m!epKaq)-+~36ulpx8R=m z@VDdDb%qGWxO=Qc@9DXHM#?9{zKZ}cL4F>-o|}`ivWs61LVu1-45I|^{KP>mcPD(>t8-`m;(6t-2S* z$G9f&6g}u4+pQ3nJcMNE%F8rC9DH$W1E${L&_dc0j$7oi(#u}tw>&Kc*@8jcD91aM za?H)4Qoj-;ltWCr>RH-MOSEj8Jcitf9wjX`obx`E1b==NVVt3rEX$7{&9gK=U98n+ z&Pjbn>TL|6QyVSWE z+J8a$S%S{?r*k%D(f?>;Z7?StzjCSjl4=<#9K_y5>8}@tyf2%z(Z=DY%4W(ug*5yD z){d7ndNykXO4g8*{nqsO&oQiVPpt0v(3f`R7k@4dn3v(0MRHt@L3Ot_qOQIXfkdZU z$6fVkXD_Z?0X6Mot0H&To9cZg_$=Z*cf)qa$;;UYW1E1Mc4aEme{+5Bqg|ioAj=+N kRv(hy^`F|FCt{b3mx|0%2y^TRxz*a-3g(+qN#alV5!_ghng9R* delta 2367 zcmV-F3BdNO6UGvdAb&%8Qg~rjaaT%mbx~S%H*0lBRdaSkZBbNBS4&e)N_uZKXGnH2 zaYkWQO$tmkMlp0SH#cE#GFWplFLE#|F=|?9R&Z!;R7z8Ccy)SfF=taYL1%0-Sqd#a zAaH4REpRe5HXwL$Q)M_&AVDxsVPbT0QAO za6t+!J|H_;R84kNEoX9NVRK~)F?M!ORZvAVc1J^XQ*3!`Hg|SdRXIyzNHR=oIBYUX zF>FtGbXaL_R)2U+a8yx7XERT3Lwa^dY-40nRx2`V3N0-yAXZvYdNw#=ZB0jTHE2gc zIB8ICa5qwRa5qjbW@R`qSy^;bS4mVvR%}Xh3M2&5P*s#{XwBopuhm2)>oNVhVFdFV zV11EQDP~z@!_=)m*M%Yi_2)DqmA{M}QRq0j#h~m``hU$5Dm>fe>sEs4-%R-Nd!!nW z?rK@KD``}~@^FMKBsPjG*xWQJF~nE6DRKyxU#g;&J}WvrD=kUGcc$&n6CfLytII5S z%1f`$#s0%m-H?kyV1y;5S_{4fF>cTwKpj3|(>t=q)-(HqpKUzY@3r$PgEVBbX*t z|2;h>jql7H(`h->2nYMfB#sVV68TaV73D|u7Jp@JPSW%;xMWr{`AtVE2*T@$x}dK! z2XgVlijVoo=Itp)7^6smTn>kIUC{Lq&Re6{r*jYJ(J3Ekl*uebwWQ>w2(#A8BZyF` z*eLsp4tgNoI+WE<1;H!=N7}GgWS9ER9(kP(8h8_KE)VD(bHPS8+>p8qNmMj2;u$DCXU+|8S=QN`C%V$n1<-?dMkWK02Eml@ zb$MqO(ErtOWs$-n;K#Nq#Ivx+3OTI{Uw>2Ci9#>~nq#f$1nr%iR-{y5hu=?QaXLi; zLG^c67AS#HVW6@Lq8`SU(i>t!Bim$H=oHe{k_+ou0;?{6Ed@MO^{kcC?6*L%JGV|7 zvIu8A{pn8?1*;lOccF4vTaq@VS|FKKplp8KD-V5H${jCdMmSx8TIrVmZ`4*1=X|J&9ZMJ#~wS7EFE^;XTWi zV;`q=W~Y^%mT?}EU)KsxhZgGa+b~Q_x5d5uB1XeG$kTB{j~o7x-HyAXa2pNgf=+qR z1Yj>WZl19?F9wAfJ4ccCY^}=orho8=l`QRSaJ&OeW+!g@tFH%Y2z8kg8=B z(}{z19jEfz4F+`R0px%v^?~y9O)68zzC_4@_*b`9&j}!?L&$Gefs(Ygb@eq^ zOl9Re2v}4IThRbR!FK2hNeQhd0%KxnX)@?Ihx%z?=7CM0ej9B{&1>oYS6;ZjN&j)= zG8N~itHGb(lyT__wtr}mY;`nEV#ef?u6K6>eu|3|lT&`)$wlA0K`HOsB2E$&S)JjD z`@iTc0exxly*1EJ?yQPaHUTfVaE32=EL;L$Fa{v6$aD(l5+9H& z%(^pV$SLVFpbj%G4nJ}71|B0bJ5Lv1Z3-HWSR~9&Qy%*5U+MrXh$Gc^8Y*&Ibpr+( zu|&NIp-!#EKrxTrG72-9c{vzNup`FcYiYr~P4Gv>RNB37*k#P_LpJBkGOe6ttxpZD zJEt_MuYU?5st>=0J#n^HBxL(xR~X#>l)N_xlc4~%J1Z4#(@`uRoQF3QpG4s#XMwmi z)nx7TWMNe0wB3uKF=p(}-BX%V(&vGo{#i297cUvu3rqA1b4*z;EHc7z2c^Q9m*phd z)de9I#qG}v35SK_YJGwLR?L^ma^z3dcAm>BJ2-U+{t{sESfjCw{eai=2o94yLF$kH lEDlME8^CT)FGnZjp|#@NN>)UlPk0}o7})Fbo(^+xI?=-*I`sem diff --git a/secrets/rekeyed/envoy/18339a3d1929a51d4e47d2541c123e2c-wireguard-proxy-sentinel-priv-envoy.age b/secrets/rekeyed/envoy/18339a3d1929a51d4e47d2541c123e2c-wireguard-proxy-sentinel-priv-envoy.age new file mode 100644 index 0000000..18bf3cf --- /dev/null +++ b/secrets/rekeyed/envoy/18339a3d1929a51d4e47d2541c123e2c-wireguard-proxy-sentinel-priv-envoy.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA ro8yCQGqIdBBovM2iK7imSP88HGNQwpan0yauSw5qU8 +VbL9PnSeLvQojxZ0qrb7wJ3a6NSCQHqPQyKh70CjVqM +-> )NZc,-grease EFSDzU\| \uz{0/ NN<#vF{ +1Cu8YWV71eWkHxA7I3dw1+sWIWtUC5sWxRKZiH64h5g +--- JDjw2+EYI9KJSnfhUinszT2Q5531mDwcrK3kflQDbzA +Iɐ9H"!T K$[b|0$]\d;9%k>f @Icx \ No newline at end of file diff --git a/secrets/rekeyed/envoy/192d6b442164766c6509bcaedc330592-promtail-loki-basic-auth-password.age b/secrets/rekeyed/envoy/192d6b442164766c6509bcaedc330592-promtail-loki-basic-auth-password.age new file mode 100644 index 0000000..d39b718 --- /dev/null +++ b/secrets/rekeyed/envoy/192d6b442164766c6509bcaedc330592-promtail-loki-basic-auth-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA I5wScaDWTGX1gasgX1yIrxC/ydftpHQJSCe+D45H+x4 +rL7dK7KvxBi7WjR33Uk8ApLCahQwYaH4lXJSjXfWeio +-> `l10-grease _, &7 fe-*# /,uA +enpbx3yatzXTsg +--- yrSIElR05M59DbLbtVM++07G1jygBtfsD26buadiqBY + ;|J?g *QtA1>\҇󤌰mƑcBKM&O7 \ No newline at end of file diff --git a/secrets/rekeyed/envoy/192d927a0da577d8f0117a747de9ea81-dhparams.pem.age b/secrets/rekeyed/envoy/192d927a0da577d8f0117a747de9ea81-dhparams.pem.age new file mode 100644 index 0000000000000000000000000000000000000000..45449a650f8230472fe2162c3edad68a2d8481a6 GIT binary patch literal 1017 zcmVwTJ@ex0K76JgiHjFT=)!b? zAcyTDT32Mv&HUZ)d8GbkxP{w;d75E4tGzeQvmct^MIL@LzW*_A0${GMHxAdO-Xk*t z%K@LR=Bex1C8;RGMoDg0@v#{Ig-0nIpB=;R5om^NWY*)W(erux6ow8#H|v?ZcOGc5 zy#iAtB6gd(ur2iR!1`xr)!kzlD>gNQjOc|}8yy(ad#u5e$BNSsT>{>cNba`#cN`#^ zP1b0rY9??oQR0o(_>SPSE*GK`Z4Z{|#r>B)DPV=N|Ls6kXhyG&rST2n4yQ5WErN#}XR=LqT z0e|Qi742t4x=jyytC)$_qMW2m^J*j6qun3LXUCy7^8z7Sc(Ci1U+{>n08319=e$dN4`xZf&I`C;~-AUy* zRHhR2KNk-}tK_<_LxaGq@P1Il3MDNnG|wqmWh6+@X{f3tlW=YznF+jhC+m+;yn|pP zRB@<|9|o3SZwdcfRvx1)|NAJtdd4)$D3zp9XKPye{2suxA!?&O=@59$)(#Z1>&59c zgatO^PkN+r5GZ36&?=OYy=|^3rn`wx1Guby7&qFIv`9_z7(&@)>#HnW(}IO}3K)yR zC8%%N>-l@p2sy|%B~a*+6IZ^*LO+*mQhoG?$L1J-w0iCGIf+c{(F&P&h3KG&mnTqp n|1*$VKEO;q6`ZpuM|ALnk-Pu>39_D;M!i&w1VM$P!0SLAmKoBi literal 0 HcmV?d00001 diff --git a/secrets/rekeyed/envoy/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age b/secrets/rekeyed/envoy/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age new file mode 100644 index 0000000..f79843c --- /dev/null +++ b/secrets/rekeyed/envoy/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA YJsWJO8spPFzaDtGlvw8qccQ1L9RpirgE8TPsc9aNhk +0PuAaJS7EXN8G4vck0Pm+XOf/nLUylZDH8j53SoAuA4 +-> mh!+A:^-grease <, ++siLvQ+lKp1BU8l7t54 +--- DVzyObFZjySus/P22atP2xYm0+ZDdhgDoon8u5ijZEI +^Ŏ]sX^̛|JCe:_I4ӘdFR5A)> nu \ No newline at end of file diff --git a/secrets/rekeyed/envoy/2ef9539ec793ecd1fce9cb9b732ca42a-initrd_host_ed25519_key.age b/secrets/rekeyed/envoy/2ef9539ec793ecd1fce9cb9b732ca42a-initrd_host_ed25519_key.age new file mode 100644 index 0000000..ab509ba --- /dev/null +++ b/secrets/rekeyed/envoy/2ef9539ec793ecd1fce9cb9b732ca42a-initrd_host_ed25519_key.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA 24sIrRomFFXsZ57wFq/Alchpea891THmcqcCp8WIaQI +60isrJZAzhUyQ0WDYzIqwEarHFsJdMKaIoYsubP2sgQ +-> i{WB:-grease 0mO +lWfmjDoi +--- VN5AXCQjnCaaudIcFrKrH/J6iQLeVDDs6lT24YONEws +>i%h4b6Z7YȦ%B:o܆,?r1dgsq](Q-=^pz} 5vČd^nxʿ!2%hy8K} ? ] yο i09Z ӆM-!֙0NVU[D07Kf@tIUֱe|p%j(#<+-6F=cφamq,]☕m +ί5ׅ0&*rѯl hNuL\M]BEF t%?.jx* +So" n+Vnl#>,^^%Pi +?1n$p0oll8kUފY t<龶W1*hE{rx3t+ S} ي \ No newline at end of file diff --git a/secrets/rekeyed/envoy/5bc09852ae48483fb23647b453988a84-telegraf-influxdb-token.age b/secrets/rekeyed/envoy/5bc09852ae48483fb23647b453988a84-telegraf-influxdb-token.age new file mode 100644 index 0000000000000000000000000000000000000000..019b7deb5290418bef1ee5669e58043e4c2e5c12 GIT binary patch literal 324 zcmV-K0lWTTXJsvAZewzJaCB*JZZ2 ssh-ed25519 yV7lcA a+d05L2QodqMakVeeKaHaTqUUQjqkZyE0yDW8L4/VkQ +uzwmBpz1Cyaiuqp/OxQOUY5Kq7LpffGAhS8uvwvTMgw +-> 2YW09-grease e Cpd|.76 +1gf8alzcxM/al3TN119HGyJdq3ZsGgGL2K60UUSelg +--- sU+WGjV9XFeGHxh7CmsUWSUNCrJaFFMEQRE56HhZxms +Y*fta=ֱ3 f=Yh^|غoz.G}:Zo+d/s;F",]2 \ No newline at end of file diff --git a/secrets/rekeyed/envoy/fbe90fea6015be22bc47a2164a0f22f0-acme-cloudflare-zone-token.age b/secrets/rekeyed/envoy/fbe90fea6015be22bc47a2164a0f22f0-acme-cloudflare-zone-token.age new file mode 100644 index 0000000..40d6d94 --- /dev/null +++ b/secrets/rekeyed/envoy/fbe90fea6015be22bc47a2164a0f22f0-acme-cloudflare-zone-token.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA Q8NjkvIVBHAbDj0dDmFkiumtDjTBCAEZVrhiklFzzFk +SDDTiC1fxy5XOVVqyFLuunx1O5qvMWSBdKEsIceKgBQ +-> _ef4v-grease +FsmTbPsm7eoAjXgaegyCthI4YvOl7T0ucIwr4lCF9IViwhLaa2Pv47HEZfOgkos+ +2yYSmVj8MFI4nO2epCrLVdtdUe2PhMw+0Brv6IoX4N4S +--- z9G4Xvmg/WK4y8qyV6aP68AVGONt5nC98Ewj2MVMOCs +S{+ ta>gш0+nq\5"u7s{ Ǝa?Y{]O?Y> \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age b/secrets/rekeyed/sentinel/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age new file mode 100644 index 0000000..09e13e7 --- /dev/null +++ b/secrets/rekeyed/sentinel/2689b787b982e885b1ba3361b7affbe2-wireguard-proxy-sentinel-psks-envoy+sentinel.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA FPyVM8Oy0xNsKf2cJEZ3hBpSbr1hf/hmnM7GFOuE3Q0 +Z50LLBpDRNItinG6u+xaItYW9YezvdSBjE08dtHSjXc +-> R-grease yC`(= ssh-ed25519 yV7lcA /KC8F/lM5E8cNGSk5aDjhxYEQJDZhv4fdZmY8tOd0ic -dLzqTpJRzwb1jmaQB7MqOcMYoh/1jpm/u8AK+lG3uMI --> NX-grease mWzYBZ k<&L`D_ -dn3tatoIJ8BZuGlJ ---- Zxr1wrJSf6CGK+EpHNZyobURdv+ISrafHBRrBLhaUZU -(&7Qi0#a:6YZvIkl=ϢdK -7vw]q`!_sq~[a9 \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/8df8bc7331f1c1b2112f03dbbbfe126c-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age b/secrets/rekeyed/sentinel/8df8bc7331f1c1b2112f03dbbbfe126c-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age deleted file mode 100644 index 43160f9..0000000 --- a/secrets/rekeyed/sentinel/8df8bc7331f1c1b2112f03dbbbfe126c-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yV7lcA PPKZ78iD3jThcf5YkIOC5hKTeDHcT77g11UZ0vc8IjE -lgkPYZAMzhVZpUSk13rzBJTDW1pNeOyuVAkNpqJb4lg --> %%JlO}-grease C[7]eK3F KX &_=S \FSSf[^< - ---- Tww9Yj1LeH6zq/6A7TJo5i9rMUNGV0VN6Yyf44aRnpM -jDA6%߮Z4]Pqa!b -ikK at螨N7-s58@b -. \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/b8a185a1607106ef955c392329c27f35-loki-basic-auth-hashes.age b/secrets/rekeyed/sentinel/b8a185a1607106ef955c392329c27f35-loki-basic-auth-hashes.age new file mode 100644 index 0000000000000000000000000000000000000000..9800709bec29ccc75faaf4523b9a4759758eeb7d GIT binary patch literal 2241 zcmV;y2tM~=XJsvAZewzJaCB*JZZ2XL4m>b7degOCV=l zSui4VECqKz zJ~wVVmA@K;58?A7)}~oTwF3}u&GOVGaWx@cB8?lqUi1*o_x3cvbWlk~8w>x{h#oN- zY@L0|uHLBwNZxop&>qznBVGo}K^ni4YHBh2@O5_;ZlB)%3B{uha)<0YU~&AR^?KkK zJE#pMhw+(tR?c1miB8ad=ADiO*->bGAU4dHdT;?GS>*T;(_xZQvxF8{diUiJJN2uN zL@JYcXu4dcUvv{wRs+=D2ZE_sLR#2iUua}$)~00GJEdh%ifgJ+_uhO6pg3sa)VTjA1AF5(aMZW2v>_0NDU>-kBPOS{UDpRq-^pmxpaMK6ftE6Xjv zw^w?js>LQ`#m0rE@5+)Kvmi!tu2Z{-*BOA-qfmR!oZ=UKAh(DYU!fVCCc>APL+)^< zgqgZ-Bcc;&7ZYbx%lB8X+3p0&3St2+#@Glur5zz;?nVzEzR~o*jl??k9p66JnTAA} zBZ!F?fb|FdfeGYsd@Du3<;@`Eng|?@*_w%Y_}vUDs+B}b@aP)(Sa%K?w%+uSbswn* zKE{@?2_-SZ1{5hb4vD~Zc_di3GtVHCm+f{SMiBc}n%uDNGwCA2YN&MHA*~z!%-YgQ zy>?ut<AdI5+WH(9DPGhX=Q13D#4qP5{gTu~s9n~Y)VMpC#Scz8 z#DaTaN$X;G33X){*xZC?MLW}D&Pr@pC!Z- zE#F|}Ot+ZCH<{Pu(LP`BD8qJ@j?8~TO{eTp&&ZTv7b55B8QOqm_aMeZ0EAyPgGvup z{p-z@w(NI9WZLZHUAIdtCu`rHQg_{)#Mkslk7cugBzIqIfpabnO2ay(ZpjWyz%H#~ zit-lzcF8X(u#x^&LI!&-GGEx8j>#`LN1)>6s+ZQ6vXb`St90|vR$U^pVer?DqA+07 zW~)YJY1RqurtKfxp<>2X$Dd1DzeW3gyFPqeh@$qk9V8AqUug{mHMy%eY2cV=t8qHfFWDSc#9dx}$sowo- z&@9lLW)ypG<)ZfFo(`=dy{OB$5dVPsFKsnHuI}>|@*Uo^)CZsR4|DZ(si4YAaf7n> ztfWV4!dC~o`=#7u1%Y9CBWMV`Da8#Z_V@SxkK6zEI&R2DET?T6yO8mq)|FmIF^i4gvN)%#C-q#_Xhzj`(fEvWPR7 z8sDL#m-x;1UGYg~zd_191uV0XAt`UO1o_UBpyLTGhuA5hwSho@+*>p=UU$cKmz$f^ z(_zJKP$S%x2(J(KBJ!-4brYWpl?9MrEBON;N_Z|;CE>r3BCY@YBP+Rj!LHG3zCf#G zYg*H9hf6=RAEaDf*U;w>?@lc8^AhDG&RyhyOoJOHK22@1F()nuEvh zzw9Uyh+9v^Ji^3xZwPhz0+Q*$up$(?11Avp}^nxPLj`ry%Bu{NCz#A8(MD$7D{ zlF1|0U{mpx6YrP^t@h1!x!uO|ph1$1A0fg^WN8q`b_<-~hBSl{q*);;i7*Wk|E9li zR=J8)zheYc->ZeWVW<==PH?%F==nQ27ddwc)Wg?>x}AIKNi&~G;EvBPkIq9M~s?q3{<8aPW) zPlQ<1Z#4%YCV*C2#1(crN7NtHL(-hK8YSEi&XA0!ahV=k+abHJ9-{&$H@tN8p9;}B z#JRDB1%i{orAsI~?uoeXLX6-i?;?X^1A^nSEo-vrbuO?oeAabghcM+dkYj@eQgQv+ PSPo>jcUV<|25MDh*uXMW literal 0 HcmV?d00001 diff --git a/secrets/rekeyed/sentinel/dff3a7ca6af4b2bde64b18a2c7fdec70-loki-basic-auth-hashes.age b/secrets/rekeyed/sentinel/dff3a7ca6af4b2bde64b18a2c7fdec70-loki-basic-auth-hashes.age deleted file mode 100644 index 094cb35b37b41137486c3a99daf1e2db4608bc39..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2259 zcmV;^2rTzuXJsvAZewzJaCB*JZZ2bdiHbHhbF=sPPcw%N+N^c4+J|IyoXL4m>b7deqTvj=E zI713FYE*JcNK{5RV@-2XH&13aZE{#jS9(G(OL=r;PE%H4X+%|eOg1z)aXDI0FlcHv zZACOtFj!`2c`|EbV^LTNNknd1XF+-}I5JIER&PaNFj!(wSYmg1c3C!6Vrg>&uX*XA5X)9xPG%zq!H+N=9H$!z;SWh>3b8AvlI8`@KLpg5>)nnl^R9o!jZ*m6=6@n z3Us`LJSej`I{VIh4WJYq5wrYsH*(-q?KNAkCqZR~D((iUB6QCcU9BBXX?|(hDyYFZ zZDzPYr-UfuB2**ssZY}VwId%9ZRaR)oEYVVZcd@wh<|wOOZJ0{fuSKq0oKjY{?CLl z!)vCiciNq~Ua&zyo;G@p(bbG}TY17?SLl%TXKs(#syh+kRPbKssZxA-`UB0~HG9hO z^8H5|b!()@00M=xdbAF*^OCiM^;lS=KI8vzHjC!8!AQ%N7=n$?MJa@vF+2%tOn&x& zn0{g%`L&p}_zM`2Mxlm z@e)tDkf;KD8{&aE98gMU5y&wXn+R4Fb%-%ohH^BZdbj#1#cV-u9pUs9)=rKY5)NLB zQU|Pdsr9$|T-J0%VQs2749V%n7>I(;gHS?>(v=_#-}3;1h35Y9O))u_EX=mB=oS|h z4+h>tZs(#*X68PUA=iJ{OsiL_Kgc*8D(?Qv6%sM9el44e zM$jwiIUZ2}qaK$!8!-r*Z@)!zn>}qxuwzj>(&o#3=-|F%X2Jw?b``>7-zqMaS>DM* zHH8D4h2N!Y_whqTaQxXZc{CC)KDNBGe9=Fd!h?G=$?7~FFeVhDM!VT|$ps3+q@J7S zflp9$kSWeHcGmGZ)bK>ea$`o1zF=m?!kJDa&{<~thgKU?W6Xs{qypxP6=d(10^b`@bgY7L8JxoP@^y5av zH9Cs8qog>%wau4X@i@K+a9UuD84Oy*)7hu={;}**lJE)7ur(26uX{b51@nEO6A?f)JfuW3h=pIu(Z+=>WbZ*ZkeyY7Mlja(K8nA);kPWi~*m5LTD{5nEn< z(;!Xn>6_q!0|W2oHqB#jau2(#YuhF8&IxBsX>8WPiB<`nw7iPCQ%WBH)ZK}>lHjBp zpzFIxYe$B}{-^mpkvh|02^JN^S|S2yMi2Fbg;~v%3V7?0AKOj*0}P=p2CN&@FG5n) z;Cd$!$@J-xAZkGSBOf2JnO`nY$UyM4)X7 zDZ?y*;c)bVGjFgJN@dCnT8X@Cl@{0WKwhb(a#k*mD(cq}h@z0lc@f<&j_=T7S0%bi zQ)?W&sF1JpbY!Dn^&Vb+Fjf;>1+A}T(KX8R85hAm87ZQ&%f%5djHcrK=9Dpk78Gqy zSi<8dK5RXR$w#}tW>_SJun-v?4)BzBB#nb1t1my%htL3fQ{H-)k(n-_uV!*aklx%r zuu#9;CDb@+PpvpvmW+#*=k^%YQGY2HHI z-gN|$ph8E{iD7o%C93H$SUpP-bo0Z4>upD!)GZxYkc`#%3-6#Nw)RMgeLF zo0iZzA{)<1NLg}HYa>e!3+pZUu?4J{S0f3C>|>z^X|%5$1CCzCfjDmJ435W@>U`tC zC(kPdgl4j%ZPo%7o_KoaI6hbi3A$naqI6f16AJrXfb~gmv>UwD?uY@LTjJACtn4i( z%jZPt;{7ke(5!OYx%+-2dHxI@+H%@vI`-~rWGLFFxEAIczn(X>1@>n@Ayq)S<+q)O z1X&JP#r?7LieLRB*6*i_EchX3(s?gN(01|#_--hshj;faK457QMBt-s?2WY@9aM=g3|!N?e}ozr6RPx79*YpU0(^#8TjMHQ?;LB=K-HU+{f$i)@xPIjZZ!se zuFKjeBu zJAMwE;MGs-ua~BsfqS$U53xOSWRf;-uQGt8O(n@MJ7Lnbn_*j$mJm`btmeyo0DRNV h<1+?>Ix-@$x7N2^H0)H%<(+EqppwxBl90cSbtr_kCjbBd diff --git a/secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age b/secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age deleted file mode 100644 index 1767b5a..0000000 --- a/secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 vhmDsA nYG2Z2yA03ESRpjgbIDkEoTEH6AJc1v1RUeS+z3cyVY -vzPGWSTfQwY4kqUjAO/SVJatgcbGd904c/SluNLgpZc --> Ym-grease -twk ---- WSBuW7VDmG3ToQrlbccevVe0u0NI/RZYtvcqGSm4Tco -MV1gR'g1"y [}\ǙVuu̢x$ӴwqYP͹B \ No newline at end of file diff --git a/secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age b/secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age deleted file mode 100644 index a5791bdd918dccd77f703bb8f7ae0bfc652adada..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 364 zcmV-y0h9h=XJsvAZewzJaCB*JZZ26`dF=j|YZfQs|Rx(F=cxg8_W;s(&RW)N(a5-m1YFP?7Xme3PXi-6B zc6eqqQ)^c;b1*POH7jX2b7?SaVrWKsb4plrPBB_*MrR5wJ|J{+LUVjbQClr%a%Ew2 zWgt{~CRIs&Rv>LaU`b&hc4}}SZg^ZgRbC2BO>KH~F;a9(d@WMfNsIcQFIK?;9Oho1nuyw?v@np45uJ6&75 z!J;!cDrdQ;{ ssh-ed25519 1tdZKQ ZNcyXbeW/bii8cBafPVHi45e07DPoXfFFyPWOm6XanY +9Jeo7X34qcyiKm1LMQdbsDVaOsgZI/lyl0hARfbcakU +-> }zO< ssh-ed25519 rQrJ/w rBq18FEF23qZMQ1L0ZmPwes7YA6c5tcYghl+wMpH4UE -KsWpipPanBEkM0sJO91aGEUJVLNbKfCGlB8n1AJMe58 --> -iJ@"-grease -e0JwXaE3AG+cwHCgRoYZamBMyxEd60t3woMN4WAChA2FL1sBJ8F+3BFjZdACZDYy -02KPJC2pCplo+rsTpMZd/XRw7+icfGcatjM5yEOuJKz3zNdsKtMnwXGR8BKV4w ---- eWHO47OEkFmhlJ+AxIutCfholFzG3SU/M5H4u1wM0Ew -p6S"\3 -O ,()a.De>>cI3Ro,)[8ml!9)+"GZP \ No newline at end of file diff --git a/secrets/rekeyed/sire-samba/9cb014e8ff14329d085de1287ff23802-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age b/secrets/rekeyed/sire-samba/9cb014e8ff14329d085de1287ff23802-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age deleted file mode 100644 index 736e966..0000000 --- a/secrets/rekeyed/sire-samba/9cb014e8ff14329d085de1287ff23802-wireguard-proxy-sentinel-psks-sentinel+sire-samba.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 rQrJ/w EuoChlYXjzab/J3l8oB5V5NJNtpcr5yAOd6y9m4rjSg -MAJwhKjR+hBx5AEZx95wZvP6IeYAIiksy+zc5ukkQdg --> S5c!<-grease qdoe 9a_t1FH -YuKwOpJ1hoqJl+xYxNW6J88aGGiiceHyHy9RgajmXBsivTDbeaEeXRGdJySGWA ---- F2Mty9Hr43tH1SomwZ2vzgj1zQCdVw5pHcVOFIVjZfQ -9egofG}gNi8`(떪33d^=׭׾-WX*й=Li{%3so"yl \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/2114c48ad63cd022bc589099aa7ae978-mosquitto-pw-home_assistant.age b/secrets/rekeyed/zackbiene/2114c48ad63cd022bc589099aa7ae978-mosquitto-pw-home_assistant.age new file mode 100644 index 0000000..41afbf6 --- /dev/null +++ b/secrets/rekeyed/zackbiene/2114c48ad63cd022bc589099aa7ae978-mosquitto-pw-home_assistant.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 DynNMA 0jbyffbAwO0+WtJmLPgBdQ6o4BQfhtyoR3eC/CisgyY +nx2vpN/ZWdoG6z0GVA5a4563wiySTlr+BUggqeAxfVU +-> fHq^-grease $1R? 4g mF +6Y3otzVbFmwsR3Jqy6G82g9wnKz5JB5tSblkn6O9UoO5 +--- wiu0ndqSrU3ofFPn8WlpLJz3JaMRSGDYcxR8A+QHSbI +g[^0JI3}߽cm`-xtS'9$QbΆ \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age b/secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age new file mode 100644 index 0000000..f1c9e58 --- /dev/null +++ b/secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 DynNMA IKMt3H+qN5Tp+klLYaeKCa0b5brlB8//VAjpAl68GCI +MTV8wXhkCYulvS6o7Wnq/rMHeYqPxDdSMggMT6+FLyo +-> |-:8x-grease s O3ZB {Q" +GscWlHRccebYhiGFelYXa+GLLzprQc+k9iS//LY +--- FgB9+ChfVo/svSZ9pgcCv+ZG/edwwIs11tNjCpkHLjg +Ïސ +ԻW%Dѯ` {E[&r-זbMM[ӈ=t.&_ \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/47aefe1120e3a32dc5b13dca618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age b/secrets/rekeyed/zackbiene/47aefe1120e3a32dc5b13dca618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age new file mode 100644 index 0000000000000000000000000000000000000000..da76e8196ade8f32235f14d75416d1445eb3441f GIT binary patch literal 317 zcmV-D0mA-aXJsvAZewzJaCB*JZZ2W>jlQH$*UUG;~2}Xh}(NSz$zTHd#bYHAif8MpX)BaZOK7c|lNi zb2&vZD{FFaMQm;`cTYBLM@x8OXhU^!MnzgdPDxj8bubDoJ|J;tb4Es1FD++sWnpt= zASfw#etB&#Vjy53TyA4nZeI#YQ&~qdYhh?_M@u(aYfC{*L}g@9axySvV=-(}OjQak zEiE8UWM_9&O*B(gbTC0eY;Z$(aW7U&MNd#RS2=1~G*56vGj}<3HZ*2*b88CnsIXl= zC!p&(Ks|{Obz@3cur2j%_dDQP_g&Wx`?e`1zyQa(B-H!JQE&7G*{(p|msN_-Krj3A PP31lxA4ucL#4}L X25519 guqR3l3I7Aa0DQ/l2D4MNpLanB4C3PgvwXm/96hPaRc +c/k+f+fFHVObsCCTi49snWjfidRNuIny2+AefKQ9j70 +-> piv-p256 xqSe8Q AiMovFyBe+XW+kiY84vewtPf6RXoD4yCh8qgZ1jAxke8 +2eg4gF9casDTL/CZ7crqvLulzCBshR0wOaRx7F/BzP0 +-> Zg[dg@o-grease 6qG)H\ 0E +/OA +--- nnNkb9JT4yPw0mw6r9NQa/4JfWGjt6ZOi15cQSDmeXE +-DN +nH\r#9o4!DՇC) 0K9ۛ,mLR<>z \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/envoy.pub b/secrets/wireguard/proxy-sentinel/keys/envoy.pub new file mode 100644 index 0000000..4a015a9 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/envoy.pub @@ -0,0 +1 @@ +ikABIdsLZyLPhzujmXTxAXfCHs3FTlblv2Xza1W7jz8= diff --git a/secrets/wireguard/proxy-sentinel/psks/envoy+sentinel.age b/secrets/wireguard/proxy-sentinel/psks/envoy+sentinel.age new file mode 100644 index 0000000..6e3115d --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/psks/envoy+sentinel.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 Rum6P5225U0CtcafI68tq+QulUYKH7um3wEkahe33Dk +f6YAiC/0xU3SFywiOnARpR4d4gAgJeGCAEt/TPV3Gyg +-> piv-p256 xqSe8Q As29vYnLfn5HuZn/ybyzWvMNsDIYbYchIP8qP6f6/ngX +vDLqOW0V7JlHOcncgkCnXpNWvIaJl8w/rhZpuQyw+v0 +-> b-grease d /|( EP: +RfUV02LatAx4gm/RsPXq7aWe0nsGIQadTubk/XUZliOqOSMTXuXfCZrZ +--- 4trrv3Kv3OOujp3K4WZ1buDoJ0BEnLxkr7UWeZHVxrg +t0TWjx;ņ4yO%5Cɝ>ОPR]УKKI \ No newline at end of file