From 4e46105e5e82d10ba1f820c9c2882520c3a608d7 Mon Sep 17 00:00:00 2001 From: oddlama Date: Tue, 21 May 2024 22:55:03 +0200 Subject: [PATCH] feat: begin zackbiene rework --- hosts/ward/default.nix | 2 +- hosts/ward/guests/adguardhome.nix | 8 +++--- hosts/ward/kea.nix | 7 +++++ hosts/ward/net.nix | 3 -- hosts/zackbiene/default.nix | 18 ++++++++---- hosts/zackbiene/kea.nix | 20 ++++++++++--- hosts/zackbiene/net.nix | 27 ++++++++++++++++-- ...uard-proxy-sentinel-psks-sentinel+ward.age | 8 ------ ...proxy-sentinel-psks-sentinel+zackbiene.age | 10 ------- ...reguard-proxy-home-psks-ward+zackbiene.age | 7 +++++ ...uard-proxy-sentinel-psks-sentinel+ward.age | 9 ------ ...bcc-wireguard-proxy-sentinel-priv-ward.age | 9 ------ ...99aa7ae978-mosquitto-pw-home_assistant.age | 7 ----- ...928380133562f-mosquitto-pw-zigbee2mqtt.age | 8 ------ ...618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age | Bin 317 -> 0 bytes ...a993fdb5a7-home-assistant-secrets.yaml.age | 8 ------ ...proxy-sentinel-psks-sentinel+zackbiene.age | 8 ------ ...97ed6618156ecad1b137cdbb5-wifi-clients.age | Bin 867 -> 0 bytes ...ireguard-proxy-sentinel-priv-zackbiene.age | 7 ----- ...reguard-proxy-home-psks-ward+zackbiene.age | 8 ++++++ ...7c-wireguard-proxy-home-priv-zackbiene.age | Bin 0 -> 332 bytes .../wireguard/proxy-home/keys/zackbiene.age | 10 +++++++ .../wireguard/proxy-home/keys/zackbiene.pub | 1 + .../proxy-home/psks/ward+zackbiene.age | 10 +++++++ 24 files changed, 100 insertions(+), 95 deletions(-) delete mode 100644 secrets/rekeyed/sentinel/7bbc738a6b7f036671566a0dcf16455b-wireguard-proxy-sentinel-psks-sentinel+ward.age delete mode 100644 secrets/rekeyed/sentinel/91eb5997e276d968bdb36f794e4bc903-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age create mode 100644 secrets/rekeyed/ward/020fd8ddc9ee58c7e32a968d26d3b765-wireguard-proxy-home-psks-ward+zackbiene.age delete mode 100644 secrets/rekeyed/ward/62f1ce6d3e02cbbb670793b0ab141184-wireguard-proxy-sentinel-psks-sentinel+ward.age delete mode 100644 secrets/rekeyed/ward/97b14c8662bd7bd081e2b000db354bcc-wireguard-proxy-sentinel-priv-ward.age delete mode 100644 secrets/rekeyed/zackbiene/2114c48ad63cd022bc589099aa7ae978-mosquitto-pw-home_assistant.age delete mode 100644 secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age delete mode 100644 secrets/rekeyed/zackbiene/47aefe1120e3a32dc5b13dca618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age delete mode 100644 secrets/rekeyed/zackbiene/6917bad7d537d4b0053232a993fdb5a7-home-assistant-secrets.yaml.age delete mode 100644 secrets/rekeyed/zackbiene/71daa67a131fadb64673a2ee99b6bd9e-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age delete mode 100644 secrets/rekeyed/zackbiene/77e703197ed6618156ecad1b137cdbb5-wifi-clients.age delete mode 100644 secrets/rekeyed/zackbiene/d0f23e19a9316e295461ea6e66c401b7-wireguard-proxy-sentinel-priv-zackbiene.age create mode 100644 secrets/rekeyed/zackbiene/f47d690aad469d096c3857040d7905f2-wireguard-proxy-home-psks-ward+zackbiene.age create mode 100644 secrets/rekeyed/zackbiene/f7ca0be5742c64f7a5204c0f9a51927c-wireguard-proxy-home-priv-zackbiene.age create mode 100644 secrets/wireguard/proxy-home/keys/zackbiene.age create mode 100644 secrets/wireguard/proxy-home/keys/zackbiene.pub create mode 100644 secrets/wireguard/proxy-home/psks/ward+zackbiene.age diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 4dbc650..f7ee0f3 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -33,7 +33,7 @@ }; # Connect safely via wireguard to skip authentication - networking.hosts.${nodes.sentinel.config.wireguard.proxy-sentinel.ipv4} = [nodes.sentinel.config.networking.providedDomains.influxdb]; + networking.hosts.${config.wireguard.proxy-home.ipv4} = [nodes.sentinel.config.networking.providedDomains.influxdb]; meta.telegraf = { enable = true; influxdb2 = { diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index 711c552..c7b39ac 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -9,7 +9,7 @@ in { wireguard.proxy-sentinel = { client.via = "sentinel"; - firewallRuleForNode.sentinel.allowedTCPPorts = [config.services.adguardhome.settings.port]; + firewallRuleForNode.sentinel.allowedTCPPorts = [config.services.adguardhome.port]; }; nodes.sentinel = { @@ -17,7 +17,7 @@ in { services.nginx = { upstreams.adguardhome = { - servers."${config.wireguard.proxy-sentinel.ipv4}:${toString config.services.adguardhome.settings.port}" = {}; + servers."${config.wireguard.proxy-sentinel.ipv4}:${toString config.services.adguardhome.port}" = {}; extraConfig = '' zone adguardhome 64k; keepalive 2; @@ -52,9 +52,9 @@ in { services.adguardhome = { enable = true; mutableSettings = false; + host = "0.0.0.0"; + port = 3000; settings = { - host = "0.0.0.0"; - port = 3000; dns = { # allowed_clients = [ # ]; diff --git a/hosts/ward/kea.nix b/hosts/ward/kea.nix index 9af4426..8fa4ccf 100644 --- a/hosts/ward/kea.nix +++ b/hosts/ward/kea.nix @@ -9,6 +9,13 @@ dnsIp = net.cidr.host 3 lanCidrv4; webProxyIp = net.cidr.host 4 lanCidrv4; in { + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/private/kea"; + mode = "0700"; + } + ]; + # TODO make meta.kea module? # TODO reserve by default using assignIps algo? services.kea.dhcp4 = { diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index e190ae4..cc8d190 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -156,9 +156,6 @@ in { }; }; - # Allow accessing influx - wireguard.proxy-sentinel.client.via = "sentinel"; - #wireguard.home.server = { # host = todo # config.networking.fqdn; # port = 51192; diff --git a/hosts/zackbiene/default.nix b/hosts/zackbiene/default.nix index 95aebe8..7ab7c18 100644 --- a/hosts/zackbiene/default.nix +++ b/hosts/zackbiene/default.nix @@ -6,6 +6,7 @@ }: let inherit (config.repo.secrets.local) acme; sentinelCfg = nodes.sentinel.config; + wardWebProxyCfg = nodes.ward-web-proxy.config; in { imports = [ ../../modules/optional/hardware/odroid-n2plus.nix @@ -14,14 +15,14 @@ in { ../../modules/optional/initrd-ssh.nix ../../modules/optional/zfs.nix - ./esphome.nix + #./esphome.nix ./fs.nix - ./home-assistant.nix - ./hostapd.nix - ./mosquitto.nix + #./home-assistant.nix + #./hostapd.nix + #./mosquitto.nix ./kea.nix ./net.nix - ./zigbee2mqtt.nix + #./zigbee2mqtt.nix ]; topology.self.name = "🥔  zackbiene"; # yes this is 2x U+2009, don't ask (satori 🤬). @@ -47,7 +48,12 @@ in { }; # Connect safely via wireguard to skip http authentication - networking.hosts.${sentinelCfg.wireguard.proxy-sentinel.ipv4} = [sentinelCfg.networking.providedDomains.influxdb]; + networking.hosts.${ + if config.wireguard ? proxy-home + then wardWebProxyCfg.wireguard.proxy-home.ipv4 + else sentinelCfg.wireguard.proxy-sentinel.ipv4 + } = [sentinelCfg.networking.providedDomains.influxdb]; + meta.telegraf = { enable = true; influxdb2 = { diff --git a/hosts/zackbiene/kea.nix b/hosts/zackbiene/kea.nix index dc605f4..33e0245 100644 --- a/hosts/zackbiene/kea.nix +++ b/hosts/zackbiene/kea.nix @@ -4,8 +4,15 @@ ... }: let inherit (lib) net; - iotCidrv4 = "10.0.90.0/24"; + iotCidrv4 = "10.0.90.0/24"; # FIXME: make all subnet allocations accessible via global.net or smth in { + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/private/kea"; + mode = "0700"; + } + ]; + services.kea.dhcp4 = { enable = true; settings = { @@ -14,13 +21,18 @@ in { persist = true; type = "memfile"; }; - valid-lifetime = 4000; - renew-timer = 1000; - rebind-timer = 2000; + valid-lifetime = 86400; + renew-timer = 3600; interfaces-config = { interfaces = ["wlan1"]; service-sockets-max-retries = -1; }; + option-data = [ + { + name = "domain-name-servers"; + data = "192.168.1.3"; # FIXME: global (also search for 192.168 and "*Ip =") + } + ]; subnet4 = [ { interface = "wlan1"; diff --git a/hosts/zackbiene/net.nix b/hosts/zackbiene/net.nix index 6bf8cc7..381fdcf 100644 --- a/hosts/zackbiene/net.nix +++ b/hosts/zackbiene/net.nix @@ -8,8 +8,8 @@ in { networking.hostId = config.repo.secrets.local.networking.hostId; - wireguard.proxy-sentinel = { - client.via = "sentinel"; + wireguard.proxy-home = { + client.via = "ward"; }; boot.initrd.systemd.network = { @@ -51,6 +51,27 @@ in { }; networking.nftables.firewall = { - zones.untrusted.interfaces = ["lan1"]; + snippets.nnf-icmp.ipv6Types = ["mld-listener-query" "nd-router-solicit"]; + + zones = { + untrusted.interfaces = ["lan1"]; + lan.interfaces = ["lan1"]; + iot.interfaces = ["wlan1"]; + }; + + rules = { + masquerade-iot = { + from = ["lan"]; + to = ["iot"]; + masquerade = true; + }; + + outbound = { + from = ["lan"]; + to = ["iot"]; + late = true; # Only accept after any rejects have been processed + verdict = "accept"; + }; + }; }; } diff --git a/secrets/rekeyed/sentinel/7bbc738a6b7f036671566a0dcf16455b-wireguard-proxy-sentinel-psks-sentinel+ward.age b/secrets/rekeyed/sentinel/7bbc738a6b7f036671566a0dcf16455b-wireguard-proxy-sentinel-psks-sentinel+ward.age deleted file mode 100644 index 58980ad..0000000 --- a/secrets/rekeyed/sentinel/7bbc738a6b7f036671566a0dcf16455b-wireguard-proxy-sentinel-psks-sentinel+ward.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yV7lcA vQsqojxPobKC/GApVahRbbyNBINS8wIuu8duOrLCmQE -Jugt2kwD/csBYt+zv1K8G4ZTby3/3FomloJTzYLPTAY --> '+q#4U3t-grease -QGHRmCylzgRVGaKpEWSFt9e5Wm6Bm5ctgHEPWNKvrAlsJN12vUkt3uCtZmy500S8 -gKw/rNxTU2sUhL+qEJQuzbvpjBvepGBm6QOvh4n9vG93Yfq0+nFzS1A ---- 1VVeULtF716DG+ZFn0YFiDx2bfvAG5fA+3V3uuIZan4 -[5|R՜_#AKrhJ:V jI]m~_N?9M68aD5"|E \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/91eb5997e276d968bdb36f794e4bc903-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age b/secrets/rekeyed/sentinel/91eb5997e276d968bdb36f794e4bc903-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age deleted file mode 100644 index 3bf1c64..0000000 --- a/secrets/rekeyed/sentinel/91eb5997e276d968bdb36f794e4bc903-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yV7lcA 6ACSnnVp2xhzQ/QVuf/HepfEYoSpjk30q825mzwRilc -gzAkr/xnFODD2dnn0l7vzS4w7pmZwAO23J6r0Yx9H14 --> U-grease j _i*1$@SM jfz6. -FqCMO4ohslThLGpAowt0DBM+UTvbn7wIgPsvrpNdrB4nY7fQHHAI417uI8K8YvQY -/IBfSiuPiFF1TDUaV2UvHL+P2lGCMIrWvHg1wiZHPpuS1yarDdj6THomPWYkbdAb -7qeg ---- 1SON/pfv2UQly8bx4JlVTdj1QPLZih53h7yxAgyoddk -p]b1r=4?=aioFLO -ܽbboN5gNUX{2`?%|:L \ No newline at end of file diff --git a/secrets/rekeyed/ward/020fd8ddc9ee58c7e32a968d26d3b765-wireguard-proxy-home-psks-ward+zackbiene.age b/secrets/rekeyed/ward/020fd8ddc9ee58c7e32a968d26d3b765-wireguard-proxy-home-psks-ward+zackbiene.age new file mode 100644 index 0000000..2659a8c --- /dev/null +++ b/secrets/rekeyed/ward/020fd8ddc9ee58c7e32a968d26d3b765-wireguard-proxy-home-psks-ward+zackbiene.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 iNceIg iTd9PnSEFe5Zzwld5E/onR2xtvNRF1vs8uNAuiU21FE +8id5IERQSvIiVjEIuZ6uFrO2aLGtLD3TiGUqZJIZ4UA +-> ZLaW2-grease +OGBoLHKqHfuUnly0OEo+sSj20yKrrQ5U+xH5gBZ9ZA +--- 71by0nesi0wWF0q1HgwTlvnZL6+rC24oxGZ1ogmer9E +3TD# m-볔7U:l Yu`ظr_KK+$xP&[/h) \ No newline at end of file diff --git a/secrets/rekeyed/ward/62f1ce6d3e02cbbb670793b0ab141184-wireguard-proxy-sentinel-psks-sentinel+ward.age b/secrets/rekeyed/ward/62f1ce6d3e02cbbb670793b0ab141184-wireguard-proxy-sentinel-psks-sentinel+ward.age deleted file mode 100644 index 6c52923..0000000 --- a/secrets/rekeyed/ward/62f1ce6d3e02cbbb670793b0ab141184-wireguard-proxy-sentinel-psks-sentinel+ward.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 iNceIg LhLSnqwCOA5S50b1zYiPlOeXGw2uPjJDiwv5w9XGrTM -4Hz5PCLxetDHcf6N6Tp2fuDLreqHhIavM4NjdnTA6uQ --> c&1hmDw-grease [VS*Zev: %;MC=6 @p5nwT61 -vP5f5VHYMYMFaDhzXHyA38rvb4e1KNfPG5Jj7jM2yiVKfk/kPc6jTqnzDlEuD7h4 -uusvcw ---- Btcjc8qBkfxLQ1LFUeEy8kBFho+NKwbHzSMht2jUIeg -moGM -M|%QZ-f՛4.Y`iKs^ D>93* \ No newline at end of file diff --git a/secrets/rekeyed/ward/97b14c8662bd7bd081e2b000db354bcc-wireguard-proxy-sentinel-priv-ward.age b/secrets/rekeyed/ward/97b14c8662bd7bd081e2b000db354bcc-wireguard-proxy-sentinel-priv-ward.age deleted file mode 100644 index a86e1e9..0000000 --- a/secrets/rekeyed/ward/97b14c8662bd7bd081e2b000db354bcc-wireguard-proxy-sentinel-priv-ward.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 iNceIg 2fpmUUMrDliZx8uVqkl/gAXFDLY+orMQgqKzM8AfkQ8 -qL4p4rRzgUEk0WfN+eXBVssJurtFJh2SpfzErkKpRWM --> *Xm? ssh-ed25519 DynNMA 0jbyffbAwO0+WtJmLPgBdQ6o4BQfhtyoR3eC/CisgyY -nx2vpN/ZWdoG6z0GVA5a4563wiySTlr+BUggqeAxfVU --> fHq^-grease $1R? 4g mF -6Y3otzVbFmwsR3Jqy6G82g9wnKz5JB5tSblkn6O9UoO5 ---- wiu0ndqSrU3ofFPn8WlpLJz3JaMRSGDYcxR8A+QHSbI -g[^0JI3}߽cm`-xtS'9$QbΆ \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age b/secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age deleted file mode 100644 index f1c9e58..0000000 --- a/secrets/rekeyed/zackbiene/21fec08806b3194e39c928380133562f-mosquitto-pw-zigbee2mqtt.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 DynNMA IKMt3H+qN5Tp+klLYaeKCa0b5brlB8//VAjpAl68GCI -MTV8wXhkCYulvS6o7Wnq/rMHeYqPxDdSMggMT6+FLyo --> |-:8x-grease s O3ZB {Q" -GscWlHRccebYhiGFelYXa+GLLzprQc+k9iS//LY ---- FgB9+ChfVo/svSZ9pgcCv+ZG/edwwIs11tNjCpkHLjg -Ïސ -ԻW%Dѯ` {E[&r-זbMM[ӈ=t.&_ \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/47aefe1120e3a32dc5b13dca618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age b/secrets/rekeyed/zackbiene/47aefe1120e3a32dc5b13dca618bb1ab-mosquitto-pw-zigbee2mqtt.yaml.age deleted file mode 100644 index da76e8196ade8f32235f14d75416d1445eb3441f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 317 zcmV-D0mA-aXJsvAZewzJaCB*JZZ2W>jlQH$*UUG;~2}Xh}(NSz$zTHd#bYHAif8MpX)BaZOK7c|lNi zb2&vZD{FFaMQm;`cTYBLM@x8OXhU^!MnzgdPDxj8bubDoJ|J;tb4Es1FD++sWnpt= zASfw#etB&#Vjy53TyA4nZeI#YQ&~qdYhh?_M@u(aYfC{*L}g@9axySvV=-(}OjQak zEiE8UWM_9&O*B(gbTC0eY;Z$(aW7U&MNd#RS2=1~G*56vGj}<3HZ*2*b88CnsIXl= zC!p&(Ks|{Obz@3cur2j%_dDQP_g&Wx`?e`1zyQa(B-H!JQE&7G*{(p|msN_-Krj3A PP31lxA4ucL#4}L ssh-ed25519 DynNMA XFqNwvTo+KpkJoPd9jYFN2XfCEb/kLGQfeubvcCFSQs -Zixgkd3zxoyHFqszXWMEoouNIDI3o/RMbkGsTqAZzXg --> :/[1R6-grease e'6D_ e>ngz4 -8KsUxS4HykfNC6D2O/CVFf6XhRh6OPtjDuuyYyypgGWRAg8Cx3Zzpd5Vjxp8bQHh -T5Ih+xXlZa6ilkbd3A9Wm2adrdHBdbMFFmWgAKYjQQ ---- XDQWFwbDpKtM5swe0W42WNd0IGRIEolRdXJ0OL1SpFk -ޕ>цհbSͫĊZb\v<^ R H -jܫP'$jƈW*-S+ Q%q?ALRU!Uo2QXмj ֔w)/4꓎Mœg`:nl!Ӌ˲[A*.d+ \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/71daa67a131fadb64673a2ee99b6bd9e-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age b/secrets/rekeyed/zackbiene/71daa67a131fadb64673a2ee99b6bd9e-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age deleted file mode 100644 index 3bbaea0..0000000 --- a/secrets/rekeyed/zackbiene/71daa67a131fadb64673a2ee99b6bd9e-wireguard-proxy-sentinel-psks-sentinel+zackbiene.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 DynNMA u4AEzCigYB0NoNbhsNP4tICYl/P7UMB7t7Ck+tt8kTs -EG7+IzCrSjfJx9m1YXX57knrSw5hpox6xtxbNZ2Xbpw --> `>-grease A!nt\3HR ',ty Q q -vj9LYGl5kOAPQGE+Cg3HIHzWxqMfRSQVDOJIm89vRmaWd0DnFnLa8zTlzCtM/ktJ -88mUSEN+d9KdfH1Auq8mj1d3LRCHF1HHCFbnrytlwg/gQGUx ---- X+PWRfD/ySSoblWKP2Fi/OJnksyB1th9bBHzGMlAWSU -~?C:5=uoFr=+ ꑧ1Ru5L4 W V/aQ{xc \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/77e703197ed6618156ecad1b137cdbb5-wifi-clients.age b/secrets/rekeyed/zackbiene/77e703197ed6618156ecad1b137cdbb5-wifi-clients.age deleted file mode 100644 index dc58cad9d0a43f8c82d93973202a36c2ea8b8ea5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 867 zcmV-p1DyO}XJsvAZewzJaCB*JZZ2OIT!ZXnJaSY+_1h zOhZmhOKUk)3RFX7X-r}@bu>0Fb3#Q`cw|RMP%nel=MN6L3vHj)M5$?Br55@E`*cQ2xa91ASsSOQZ?$ipPSf zz7XyMxzv)*m6`v!tlPAM;QVce+xqU=O&(4Ko>kKCln60_S$>|8Bmw7SoYgs>TX_1|Kat>t=hI52ETC@_Js(y z2YUWxq|Vb=)*okzUTxgoa+G>((hu!4`T%Stw7sHpt?SqAPT35qyp|^c`|J$y?HwsF z;64SVHBk%vZl^ilJ*}spL^!$LT-$J=7Ia){3$A%c3JL9Wm<$p_8)tzz=giMV+#qBq tUlQ5CqOyG#vj$EFFguZaQC^HwGIUxK`qfvZEwBk#)e=-b!Ml@X7zEtYcU}Mh diff --git a/secrets/rekeyed/zackbiene/d0f23e19a9316e295461ea6e66c401b7-wireguard-proxy-sentinel-priv-zackbiene.age b/secrets/rekeyed/zackbiene/d0f23e19a9316e295461ea6e66c401b7-wireguard-proxy-sentinel-priv-zackbiene.age deleted file mode 100644 index 658cb24..0000000 --- a/secrets/rekeyed/zackbiene/d0f23e19a9316e295461ea6e66c401b7-wireguard-proxy-sentinel-priv-zackbiene.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 DynNMA Sv9A3D5SrVkISNOrSOyZLnBsCVI8S/6A9BRQekWmG0c -p6TfLZFJK66oATpVtzZ+eU2nvPGgR8Je35Gp5EestGQ --> S&-grease Gjr ~x6E -UUg82dyOhlec/nd33A ---- WeMa6zNNsTCtgAvfS08Tarzjt1XKWK3Dj5v/Uc/abuI -Lt/Xv?3de&Z=%?I/wqz8r~en;F&tWx;󭼚D \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/f47d690aad469d096c3857040d7905f2-wireguard-proxy-home-psks-ward+zackbiene.age b/secrets/rekeyed/zackbiene/f47d690aad469d096c3857040d7905f2-wireguard-proxy-home-psks-ward+zackbiene.age new file mode 100644 index 0000000..3eb5719 --- /dev/null +++ b/secrets/rekeyed/zackbiene/f47d690aad469d096c3857040d7905f2-wireguard-proxy-home-psks-ward+zackbiene.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 DynNMA OszBoMLZTrzxXJ8dO8oCJGw9F2U6HRQKrkI6U2OWY00 +HyuLC64mc40QciTIAh9Wj5YeLkxk3XGTyq9eZ7BDHrY +-> @2Y^^-grease ~1 SdR3 e%0g.;jM +yMAB/c4lVnD+c/PKEgHi+sKtwzC/WoRGEseyoRT7e0+dfuExNg +--- JHzw1xmBmoi4qtwlazCJ23s9W2UBYbCRswB/a2XpCe4 +2\oѥ56Yu'z@A8ƒv +!9ac |GttYq;h9 \ No newline at end of file diff --git a/secrets/rekeyed/zackbiene/f7ca0be5742c64f7a5204c0f9a51927c-wireguard-proxy-home-priv-zackbiene.age b/secrets/rekeyed/zackbiene/f7ca0be5742c64f7a5204c0f9a51927c-wireguard-proxy-home-priv-zackbiene.age new file mode 100644 index 0000000000000000000000000000000000000000..6c6262c7ea07c2e41e9bf45b11257a85fb6da559 GIT binary patch literal 332 zcmV-S0ki&LXJsvAZewzJaCB*JZZ2y|R6%A^FETJVMKUx}IcYd_a&A;oGj~Qocs4^zM>Gm8J|HZ6KW=zaEoX9NVRL05 zIV(dXAS5q)Bp`WyAU`KrH+eiRZwh*Kab{#|PcwHbaXB+bbvSimbYm-4RYYWUa#B%n zWkq;bYYHtbEg(ZjS4(whWHVPoZDekDWobBbYh*ZeT2?nSaz;fkYI9jgWHeAhMsPDZ zcM571fpDj=dc|85wLC%ct4Uyxs|OACn5NE4Gh+cD`FF~kPotg4<%hB0EN!7>yh@Lf e3VgBZypu=(`aIw!d#ldLQx?6Kc^j-J4$jp@KXvT@ literal 0 HcmV?d00001 diff --git a/secrets/wireguard/proxy-home/keys/zackbiene.age b/secrets/wireguard/proxy-home/keys/zackbiene.age new file mode 100644 index 0000000..bd5d42b --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/zackbiene.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 31hLfNremLhkbDFT6Z8SvMcgN0J6UHHfnV4kvadAuzo +bYnLUZpztxdkA0JeRd+A6aqhUZ8Blw8EeDgAFijsGU8 +-> piv-p256 xqSe8Q AqxEjTAlthttVUtPusarKoKcQQsjpW075NUAgHhFxwNM +ITiV6VF7tRNnEO6KCy35pK9KmSVrLEvPTKOlZXj+KhI +-> Y_,\|kE-grease K=r$dP +MNA2sN3rcItZ8j+sBCoxSu5Tdl0EURNxQyP2pLWzHp4Co1zbnzxsPnbbiBY3pvLd +VnaytjVcoX8NuxlQQeJmK/3xuzOBgfU +--- 6hp4Z5hE7P0H7/sN51gfH15Jfv9WBBlybObNGWZT76A +#aMiQN{:e,픒˔hBHv9Z3JC͕ o9ùL2+zMH۫M\CZ|,  \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/zackbiene.pub b/secrets/wireguard/proxy-home/keys/zackbiene.pub new file mode 100644 index 0000000..dcc8d63 --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/zackbiene.pub @@ -0,0 +1 @@ +vhOgoCnM3IQctN7rQLbBzZBfBYTIZrdFKDsJzissxWY= diff --git a/secrets/wireguard/proxy-home/psks/ward+zackbiene.age b/secrets/wireguard/proxy-home/psks/ward+zackbiene.age new file mode 100644 index 0000000..dc89a2f --- /dev/null +++ b/secrets/wireguard/proxy-home/psks/ward+zackbiene.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 nIy3GDknvICdU2E9snZDJtZqHxA12c4Aa6/XzzeBDzY +hEvsVMkP1h/grI/jAViIwtCGTT8fDLp//zPuHawY6XE +-> piv-p256 xqSe8Q Aryo90NAlU3hI+GRpBnXkTTaskoCaGoMQyptKucQDKHf +qXtpL/Se74WlOO0hVc59JEeqnM6Aq0m7Iv6u9CA5GJY +-> 'XN-grease 0%qI5bYt %IlJ{ $ +AxNrd8cVoKomOI38tWGQf2gHE4PSe7k+GwjCPPahkrZybMQUYGWLF5//jdRoECjC +SIhvUvTPUOnZp+/bYVDTXvrrKdSjmv3QiHZ5c96Uk2Qv6sbMI0s1EG8zeWc +--- MDRkb3z+qB1Lh27aneTscpE+9xNx7n3CTIIvaZNf+hE +AA^8XE@|bFj\g둜LM-TwE9rGFkMM^oW7`H< 2&ي \ No newline at end of file