ctucx.git: nixfiles

ctucx' nixfiles

commit 013b96664bba953d4e397fe82c5a95a0f1c15bca
parent d06fe3a0d212eb089e6d591e16a9c1c356d0546e
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 23 Apr 2025 11:13:39 +0200

nodes: add `rabbit`

8 files changed, 229 insertions(+), 127 deletions(-)
A
nodes/rabbit/default.nix
|
43
+++++++++++++++++++++++++++++++++++++++++++
A
nodes/rabbit/hardware-configuration.nix
|
32
++++++++++++++++++++++++++++++++
M
secrets/allNodes/ntfyshEnv.age
|
46
++++++++++++++++++++++++----------------------
M
secrets/allNodes/passwords/katja.age
|
47
++++++++++++++++++++++++-----------------------
M
secrets/allNodes/resticServer/briefkasten.age
|
45
++++++++++++++++++++++++---------------------
M
secrets/allNodes/resticServer/wanderduene.age
|
44
++++++++++++++++++++++++--------------------
M
secrets/hector/knotKeys.age
|
88
++++++++++++++++++++++++++++++++++++++++++-------------------------------------
A
secrets/rabbit/acmeTSigKey.age
|
11
+++++++++++
diff --git a/nodes/rabbit/default.nix b/nodes/rabbit/default.nix
@@ -0,0 +1,42 @@
+{
+
+  system          = "x86_64-linux";
+
+  sshPubKey       = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpItlMyMEepKhAGd2+jfXbyyvaoUi9fQmRKCJMnox70 root@nixos";
+
+  mainInterface   = "ens3";
+
+  ip4IsPrivate    = false;
+  ip4Address      = "152.89.106.158";
+  ip4PrefixLength = 22;
+  defaultGateway4 = "152.89.104.1";
+
+  ip6IsPrivate    = false;
+  ip6Address      = "2a03:4000:39:e9a::1";
+  ip6PrefixLength = 64;
+  defaultGateway6 = "fe80::1";
+
+  configuration = { config, node, secrets, dnsNix, ctucxConfig, ... }: {
+
+    imports = [
+      ./hardware-configuration.nix
+
+      ctucxConfig.services.prometheus-exporters
+    ];
+
+    home-manager.users.katja.imports = [
+    ];
+
+    dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address;
+
+    age.secrets.resticServerBriefkasten.file = secrets.allNodes.resticServer.briefkasten;
+    age.secrets.resticServerWanderduene.file = secrets.allNodes.resticServer.wanderduene;
+
+    systemd.network.networks."5-mainInterface".enable = true;
+
+    system.stateVersion = "24.11"; # Did you read the comment?
+    home-manager.users.katja.home.stateVersion = "24.11";
+
+  };
+
+}+
\ No newline at end of file

diff --git a/nodes/rabbit/hardware-configuration.nix b/nodes/rabbit/hardware-configuration.nix
@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5ad56587-c648-41b0-a40f-8b7916e99d0a";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/5f139565-ad2f-4459-b0e1-916e172bb72e";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1D27-AF0E";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

diff --git a/secrets/allNodes/ntfyshEnv.age b/secrets/allNodes/ntfyshEnv.age
@@ -1,24 +1,26 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBjN09y
-VkVvS05vakVkRjRZRnkvdHI0algyNUtNMkQvRXo5cGVaOXpheFVJClNKUUQ4VW00
-TWhoV0lES0VOVXk1VzlDZlpLU0QzcVh6eGpzREVXdzdtSkUKLT4gc3NoLWVkMjU1
-MTkgNGhLQ013IGJXbVQ3NitJUzJCSkVodDEvTjVJdi95N3NjQXljUFdIYmFDTnpW
-cStGekkKdk5KbWNWZTVHSFpiYVdZMTV2Yzd3U3VhYlBwMUkxNnkzbzFxZnJxZzhU
-MAotPiBzc2gtZWQyNTUxOSB5YUxIU1EgR0lIQmZmQmhPUk8yVjlLalR0bU9xaGl3
-RlF2MGREYjZ5dXJ5cjZiMXJtNApSOUdqYnlvbDFocUhHQVpkdkpIQThnOUgwQmtI
-KzBIT2NIZzFGWFhhNmdVCi0+IFgyNTUxOSBwMTlheVVGbnJpbWRvQ0F3T0tMSzAz
-Q2laZjl3b3pFUkZQU1BMZ2I2TVYwCmIvN0Y4MzJURXUwcTBvcEdiajRrNklwbW5x
-c3Vyc2IzREowaGxKeSsya0EKLT4gc3NoLWVkMjU1MTkgU1lqNklnIGxBelZIVVVm
-ODFLanRIbHhKOVUzdkdqaFAzRkxKaUpBRXZxUDNRcjJIRU0KeFZINzdyd2xsRDNi
-KzBpd2xVbWxUcExteE5CRFNDa1hqb0lZMDRycUxPSQotPiBzc2gtZWQyNTUxOSBx
-OG9jemcgT2NpV2VWUjNORFFpa3BxZFlmWGYyRUV4bnhNRko0TXhhWDFhSFhMNThI
-bwozUnJCMUxsN1dJaFVQN1g2eDUraTZxc3FSVkx1SzUvRmZ4ZVQrRkJHeGVRCi0+
-IHNzaC1lZDI1NTE5IE9KUVZEUSBNVFZJMFJGYUJZWDlzQVZvd1E0UkRYV29EQTE4
-dmJQbElNa1JyUWZBRHc0CmhFWHlwcjlyWlN4VXFNZXNjdXM3VWd2cyt1V0FQVjVD
-Q1BkOGprTG5XN28KLT4gUXJ8Z3QpXy1ncmVhc2UgawpadFFRV21lUnRBckwyd0pN
-dHdteE5YVkUvK3FhZkY3Y0ROMkRqSlpzVVhReDVYc1JUd2x4K2pBRk5jc2ZjbTRV
-Clp6ZnJTUQotLS0gb3kzUk9QY21wUHpTSHlKeDlIY0hkd2srZTdBNTFNbDM0RlJF
-bkhSMlpzUQqzrWovsik5aHM4J697ud/ZjFdnoa1DjW9LokvxkCr5zypA/kEWg2It
-GugJhvoLEzeZtfrQQ7a1fs9GQan6zzGxJh+boHOTixlG5NaehU5T7znO2wNPJ8Pg
-pNz1IY8rxfaiWUKdPyyWAaH842FJ
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBQWVFS
+SE9ScUU0TXlEZXlLSFBqYXU1S05RQk5tdHNvTHk5azN0OEhheFVBCkxiNVBPanNo
+MTM2NkMvaVFiWmppUjZPaFQzd2RMbmFTaURvTCs3ekswWHcKLT4gc3NoLWVkMjU1
+MTkgNGhLQ013IHRSTTlUcUlDSW1YK2tmWnBQUWJhY0tiaVhUb05abk5wQnZIb0ZV
+YzdJVUEKMVMxKzB2RjdqU29SUkU3TU51aXh5bTZJaEhHb3hEbGFkOENBdzVOcmdt
+YwotPiBzc2gtZWQyNTUxOSB5YUxIU1EgMzY3SENERjdKU2xZZ2YxZldxVmVWVElu
+UFNMbE45eHNZeDlDS2NLOVgyUQo5dVhMYjhFdGt5Rlpkb0ZRckhxVnZXSjRJMStj
+cm5EYUh2M3h3R2t6RlE0Ci0+IFgyNTUxOSBsV2EySUxsaEZpcmUrQTd4RXlEeUF3
+UG1KUnBBektCaDVQSTVJbkVmbjFjCldBamdOQVBkSjV6eEJ1b1JmTzU0U3N4NFlD
+azRyZUcwazdpMmprYUJGb1EKLT4gc3NoLWVkMjU1MTkgaGtMdUVnIGJ3R2dYSlpW
+eitJQ25JMUQ2eFdVdWd4QU93cTZKOWtrWWJxakZPNVBlbVUKWkZ3Zko0NnVvM0x6
+aG9xVU9LVmNQRENqamtnNXhRUlVXVjc2N2JrZ1RLWQotPiBzc2gtZWQyNTUxOSBT
+WWo2SWcgaDJUSTVzZmxuZ25ObE4wdkRCbC9RT3o4RDFKd2RhY0JQNUxyeS9LZzNV
+Zwp5QkppKzY3Z0QwQXJmRU9zRVVPSllmT1RPYkR6MTlCcGdUTVgzdTcvblVnCi0+
+IHNzaC1lZDI1NTE5IHE4b2N6ZyBYaGRCWWVHZ3pKcFFYcHAyWnZ1ZTdjcllEclR2
+MXpIL3M2YTNUNndyU0cwClc0S045eUhrQ0lrbC9jVUEwbitPdktsdm9sSUdlZTVM
+TDlIODA2cCtYNm8KLT4gc3NoLWVkMjU1MTkgT0pRVkRRIFN6S1pxaFhkSGtZUjl1
+N3ZQOWF0blJ4Vitydmw1eFFVRnNvVUxIbGx1bkkKbnBnQUg1c2pibWdCTk42M0ZL
+cEZMVDczcmpOaytSbWx1dWMvcjNpZmpISQotPiB4YS1ncmVhc2UgcEcKdmpTazJ4
+MWpyK0hQakVhSE01NWNOc01KdG0zNE43VVZhRE5NNmo2cVpIeDFOaDFvQTRWWFhK
+K09FWEVscy9INQpmVDhHbTE5WAotLS0gZi9qUFFOY2NpS09zYjBmRHNQMXFibTdW
+c2N3a0JuRms0SVpJaTBkV3hZbwppH4avq39kEsMkkK9RfiSwoyqEhvfjTMX5Q06f
+XoJ593pM5SY8V2LTjsAjg7B4Zlk72r6TffZtjWABh2Du68QQCKwzNeGc+UDaLJeB
+peE2eMDtfqWoTvhtq6Idgkuv7b8KwvU0k6qhdKhbakmV
 -----END AGE ENCRYPTED FILE-----

diff --git a/secrets/allNodes/passwords/katja.age b/secrets/allNodes/passwords/katja.age
@@ -1,25 +1,26 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBFZFlm
-QWw4OVdlRzFidkhCTmFkN2NKbUYrbERaNEsxdjRDNFlBcmJaY0FzCjFvOE9yaTFZ
-aHRJcnlWTVRYQUc2bW9FM3M5eGo4aDFnaS9Rb1hpOHlKa0EKLT4gc3NoLWVkMjU1
-MTkgNGhLQ013IHRDcDlxajdFNEVsQXA0YmxVcVo0VUkzMmRsNTdTUE5qK2NnUzE3
-Mldobk0KbS9PQ3Zicm90dmVrbkl0Q0ZrdC90VE9uYngzZWc0NXVoRDIrQVlVNWRn
-UQotPiBzc2gtZWQyNTUxOSB5YUxIU1EgREtGUXh1VWM2M01Xd0hkUVJadGh3MzIv
-WUFIT2FlSVptTWVPeHpJeVYxNAp0ZEtOaUk5M3IxcTVPdy9SRjlqeVR3UW5zYXRZ
-QWx5bURway8vNjFCWjJRCi0+IFgyNTUxOSBSNnFZTTJyS2tESmk3M015M2h2V3Iy
-cm1kVHZyemJ6RDlTcE9ha0FkMGpBCkV6NnJ5NEFvYjdrVjUzUzIwQkxqaGwxRlda
-NXNIRkR6ZjNXTkt0Slk1VzgKLT4gc3NoLWVkMjU1MTkgU1lqNklnIHhsOFhYd2FQ
-YkNiTGtDb1ZCQ3JhMXh3Nmp3VUwzc0EreVFOOGpHa3lybmMKSTN6VVpTc0N0QWdN
-Z1FPSDVrSE91blhTWndyTmZqT3lPNFlYaTRSNTVQZwotPiBzc2gtZWQyNTUxOSBx
-OG9jemcgQ3Y0YWRyRG1PYWtUMDlXTHc1YkZPb3pBMytlS1lPZ0ViTC9WSzhJZU1I
-bwpnUkJjQXNWYm85alpZSFlJNDFyY1Y0WFc1dVQvM2FsRVRYNk1jVFNnYUVZCi0+
-IHNzaC1lZDI1NTE5IE9KUVZEUSBVR2VRNi82Tkw4aVJKQTBiaWlZZVZlUGZUTTJn
-Vld3THpKMmlKNTZaT1RFClcrWTVkSXNBQ0kvNS8wNjE1aHBBdVFtLzZqcnlaNzJn
-UGNpYjY0aTNVZjAKLT4gNXkvLWdyZWFzZSB5NTIKb0t4UmJtQUVwaVlLSHAwTHkz
-SnowOVcvbHJWa3JSY1JYV29zRE9YTFp4S0poQlNlL2ZsQ25ueHNzNWNINVFqcwor
-VmJSem14MHN2SFd5TkN3UjB3ekJyUVBGS0podjBSZ29VWk5mSGZtcm0zT3JCS1lk
-cHBmCi0tLSB3a0NkeHZzYmFHeTFzTTFRdDFVaFY4NUppSDdodmRYY0Y4dVlqcmdG
-VEw0CouVnXD6rLmQ7TxppgtXT6Ub76p68UkFFGyWQwxSIJk3mu6Z1DT1IDN/W7RV
-qqYlQ2w4fhsBhK4w5Nabi4/+bgnSEmgwov7iPcaHTy+kNyh4h1ayUx4w/XBCpUzi
-g4wJ0aMp50iIQvFHJ6kzEwvr67Tpva0PbIBMSBnAg4Ck2Wt78y1W6oA7O2IBwg==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBZWGhV
+NHpLTnlUZldpUXF6T25rMytLZjlMSmRJc1c3SkVsSkU2RDZuZTIwCksxZjhpekNi
+MGtITm1FMTdCQjlYOUQwaFcweFJMN0VLSlNmTllxQ3I4eWcKLT4gc3NoLWVkMjU1
+MTkgNGhLQ013IElXVENUa2FJenFuYUFPVE5YRmNZSHMybWhzcFdsSHNsd2h0dzE3
+N1J3a0EKM3kvZXdBWHRucGp6TmNVNXNmSHYxRTlZMHRMbEFHL0lIUUJkT1RpdFgv
+OAotPiBzc2gtZWQyNTUxOSB5YUxIU1EgYVhxN1lmT051NHRnbUNyOTB3WExKOE1K
+S2tpbmYvZHhIZjV6STRwQUVFcwp2a0xsSlJBSkNUZHBhYjJONTl2ZDRwYUdYanpT
+NHo3K2RteWY4Ynd2ZWQ0Ci0+IFgyNTUxOSA3RUlOYVhZbEYxWFF4N1duWHBiSytj
+NStuU3hyYU85ejI5b0pnQloveFFVCllyaVZyN1BBbENMUG1GUGY3QkpuOTRRLzdr
+QWtLNE9WRkdwM0xPd1ZvS00KLT4gc3NoLWVkMjU1MTkgaGtMdUVnIFVKT2txVjN6
+eGNSMWgweEUyOU5PdHV1Y29DdCtWcTdDTVRnV3ZpdTBTak0KaEUyQWlsRWFhZ0xa
+ZFlocWJEdm93N1VVNnpPdUM2YzExd0VCakZiUDVzVQotPiBzc2gtZWQyNTUxOSBT
+WWo2SWcgMm91WjVjOXpXdDR6UHM3WmRSWW9BV2VSY21GSVk3eHdZU0Vja3dlUVdE
+RQpMb1RnQU5qUjVvTjNXMVJaKzZYUVlORC81M0RLRyttK2ZzMTllUmswL0tVCi0+
+IHNzaC1lZDI1NTE5IHE4b2N6ZyBTYkNUbkdoY1RMdDdTa3JSbkw3NXZ1dnF4L3B0
+ZnNjUW9CaG1YYlo2MVNjCmtlb2k1elFBVER3cUZuckJqRk9ZZE5raktHLzYyNUJF
+TUhLci9XWjJkencKLT4gc3NoLWVkMjU1MTkgT0pRVkRRIFEwTjFjNDk5YytGZHNk
+R1FPREtHUVJNSk90NVc2ZzgrZEFrMjNVa01yV2sKZXMrQWxKMW01VW9xY0NZdEZa
+VmFFUVF4bVBYWU9oMU5pNXhSa2xLeG5ZawotPiBvekd4LXstZ3JlYXNlIHFDUEgh
+LmcxIEQgOXt0CnNCWDAxT3J2WlZKQlp0YnZHbEoveHhnbFlLeVdvK2pSZlQ5VUpn
+Ci0tLSB3YkRPNXlMOFA5eC9pcVppSHVMTzY4YlBSaGppdVV1ZENEWDh0Zi8wbkxV
+CocI9trYS+Pc4YJQOBNXPghrOvgLzhQuI+AYERVpgJOUybV5tekQFQ8h1ZqYyr9I
+EwrR3xQwCx8wMtWKbHG938ZytMgagAbuadNu05zpqwsCMUPpY9qPSrjzfY03WzXq
+Jgt5gS00szMHS4K8qLycoxPTTrEu339y5rR2+RSVoCMOii8onGOLvZQPGw==
 -----END AGE ENCRYPTED FILE-----

diff --git a/secrets/allNodes/resticServer/briefkasten.age b/secrets/allNodes/resticServer/briefkasten.age
@@ -1,23 +1,26 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBHRlI1
-MUZvbVRKQmdrTGwzUC85YnNyVEROZlM0RHBBMzFrTmZDajdFdUdJCkIrbmVGbHF1
-SHczSkIzeU1yUVFXbE9VdmUvdWFJdGVBanJOVjZsZVNNaTAKLT4gc3NoLWVkMjU1
-MTkgNGhLQ013IGRmNUlRT0pzclphbzNydXN4cFl2UVhGL0xHeHJhZ2RqQ3lSUzlh
-cFh3QkEKNEVlSDRsL3pURVY5MUk5SnlCVFlWYzRXZFRoUGx5QVdVVUFtUUQvbVk4
-cwotPiBzc2gtZWQyNTUxOSB5YUxIU1EgK0F5OGgya25OMHllQ25ZOEJYNmJsYkRo
-cDRUZk5McXVPTExlL0dISWxtQQpwOEhSUmU2Q1VXSXJ4OFNZNVY2RjUvZUw4OGJT
-WndpZzBKZHBKMzVqQklJCi0+IFgyNTUxOSBUNVhOZFdZQ1lmUnhZY3JTTEtqaDdV
-VEJ2Q215WTk1ZWljbSt1TjlRTnlVCnk3cW8vMUFsYjRNSmtqa1RkR2dKdjJ0MVN4
-dk9pZHkvU1dsNWNEK2FZd1UKLT4gc3NoLWVkMjU1MTkgU1lqNklnIEF2VCt2U3cx
-QVJUWit6bVNpbHpReXh1eTkycndmYWdGLzhxdE5reElsV2MKNUcxSmJkWENBeTJs
-djdQNm00aHNHTWwvdUVCR0Q5cXcvTWxMemlRQ3c0QQotPiBzc2gtZWQyNTUxOSBx
-OG9jemcgd2E4UWNITnRvQ3gza1ZWc1dMRFhOM0lycVpHWTBvMU1qOExJZ1p1ZFBV
-RQplcElqbnpwTDNtSTAzMHpWQzdrSGZmKzJpdmhrL2RNZk8wVmFIUFJCSEpnCi0+
-IHNzaC1lZDI1NTE5IE9KUVZEUSB1QTRYckcybWlyeFhQY2diT1I2dzQybyswcHhR
-Q2tUWjU1dkZUYkdkMUJJCnRldENZNm43WFNtSzlJM2w0cEU0RTBiZHF6N3BUREdD
-R2xBYlpCV0tFYmcKLT4gV3ItZ3JlYXNlICJ0MCBYUUEKOWVwUEtydmpNVThSS002
-YnhsYUFkNHZPK2tSTFlISW1IZGJ5MkJMK0l5Ui93MW40SzBwcHhJSkN5R3dudDlK
-KwpEZTdPdUc0eEtYQlVEQm0wZzYrS2VLT3QKLS0tIE5VV1Y5eGlhRFhycmhaKzho
-QlIxakFFRVE0d3lFaTljQURaT1hxTXc1SXcKatWlRuD1+eufyr4eXcnmatg0+3Uw
-ejRLP+4z4mKLSEjEzWpJTklmkS53MbejQaa/pIqxRQCLjD0k
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBuZHZj
+OE1lZlYwZDYrVnhTYWlrTUw1SlZMaXAxN0F0ZXRFVmt3MFBCR0VVCksvNk5SWXd5
+ZXdhL2ZFVWY5NXpwdWVKVEczdVVpSnRsdTY2bVhJZHV3SzAKLT4gc3NoLWVkMjU1
+MTkgNGhLQ013ICtMWi9tMkhDNTcxT3lwOXRWak4xdy85ejVXRE9qU2NuK1E2Vzh4
+dnRtRGcKdWZtL1NBSjhySEFaeGEvek54dHNwRzFiL0JVMVVoK2JvRGJES0NTNmZ4
+VQotPiBzc2gtZWQyNTUxOSB5YUxIU1EgOHFvUmhqOGdDUTFZUkxscXZzLzdXZTZI
+UC9RVktIRmhJb1lLMkp1bUFUTQprNVRwYldmZzlwR3dSL2VqUnNuek9paTNoQlhF
+dEpiTHBaS3llTXhYd0pnCi0+IFgyNTUxOSBwbzlWUVZyckFwbVg3SFpOMHFVQlE1
+c2lQeEp4aXNOa0M4Q0ZRS3A0NWpZClBkWTR5cWNVZFRvOXYwbitvajZUZFlYaGtK
+WVhkeS81VkNpQXVSK21lR2MKLT4gc3NoLWVkMjU1MTkgaGtMdUVnIHdPamx4bnVx
+cy9ueW95MjlMZ3QxdFNsWWJRb3pOWFVhbGc5S2pmMjlCR28KdmRnMnZ0YmgzejZT
+SmovRG8zTWEyRklRTXI5MmdBWXdWRWtxb2F4QmN2QQotPiBzc2gtZWQyNTUxOSBT
+WWo2SWcgV3hNUHNQeXZBdU1nTitCVzduZkZMcThoUHhNakVQL1g3Vk5UOUEySG1p
+VQpKa2RPcFo3ekx5VUV3cWdwbDZWWnBmRUoxWWdjclRiVUdwTXFxZGFTdFg0Ci0+
+IHNzaC1lZDI1NTE5IHE4b2N6ZyBYcXVvemFSMnJzc0tYMzlCZy9EZWVzYnVvNEwx
+YjZwbzVLWjh6bnkvZGdzClpzRzJBQW9BNlI2SSt3VUtOYU5ncVhxUzk0S0paN2hq
+aFh5cVJRS3RRN3cKLT4gc3NoLWVkMjU1MTkgT0pRVkRRIENZcDc2cDFiMlNtbUhH
+U1ZwZ01mMzNycFZGRmNHSkRIaE82VlNlMXpYV2sKNWVwbzJrbjRiMkRuWGlNenZJ
+WURMOFM3RjBCcFhGZzdNUndESXl1UlEzNAotPiBLMy1ncmVhc2UgZk9YMwp5M2lH
+TDRXWmI3MVU2NTlxMkdGSVorTW5DNlJPODJFL3M5NThMQzVEMnlGekNlZHZYSDcv
+eDJlSiszQ0RHOGlqCnBOUlB1RTNBM2k4ZVdxclRsd0xFWG5EUWtwdzYKLS0tIGN6
+ZzV4TjVNUHBRNWhOM3JkZDcrU0p0OFV2UGw3Q3ZOekhmMUprOWlnR00K2J22MeQy
+Zd/Z1OHS5xemteXGYjZ0odIc4mqHVuHW6e0TFuXhzgLVDHzvAmC1en+XANhNA4KL
+Kaiw
 -----END AGE ENCRYPTED FILE-----

diff --git a/secrets/allNodes/resticServer/wanderduene.age b/secrets/allNodes/resticServer/wanderduene.age
@@ -1,22 +1,26 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBNRE56
-RXJLcVk2eFBkVjV4QkNLaGw1aElieU5qMGtrYXZHa2JucHhIaEVNCmQ5Ri9LaVJ0
-Y2MyVmYxbDFFU1FvS3JBUmtIekpvbmNzRFh6SG51QWVyVkkKLT4gc3NoLWVkMjU1
-MTkgNGhLQ013IEVVcTZIYjl3Zi9qZGkzUVBSOVl5bUY4Q2RaQkxFenpHUzRHa2pm
-YlJSQ1UKWUdBell1STR3YnIzTDhQMW5DWnVZMHI1NTFnMGxlbWs1ekJKdDdTUG9m
-VQotPiBzc2gtZWQyNTUxOSB5YUxIU1EgT25ZUmJVUjJRZ1pDTVI5d2tMamdqZTI1
-WmhNOGNIUEZQVnZwK2E5Q2NSZwpaZm9Ddk9ITk5YZ3ZGSEhpZjB4SG1JSHg1NmNN
-SVZSUDhrVjY4UFNpYk1VCi0+IFgyNTUxOSB0dVBtK3pYUUJrSHJoaXdCMEhyajNY
-eml1M0haRUVpU2Q3bUpydDF2dFR3CjZmSEdFUVJlSW0rbGUzZ1J2bWs3TVNxWlBx
-dVZYdUVLdGlWM3l6Z1g2Z0UKLT4gc3NoLWVkMjU1MTkgU1lqNklnIFhIaDRJSHEy
-RDBVeXpucmxsVERCZ2VsRjFwajg4bkdURVBYeXY5aWpyQmsKQW9tRjEyd0tteHo0
-L0daVnI3T0s2ckh3Yk1hNWdhdFF2NEhtN2huZ3pBOAotPiBzc2gtZWQyNTUxOSBx
-OG9jemcgdmp6YzkyNjVKMWlqZGNYUHVRcEdnYmdVRC9XdXFla1RKWklOdC9PcGZH
-OAppams5cFJ2VXRnSXNhOTJoTlFDbDRoYnRjcWZvT2RNaHBFTjNJQUJkNStBCi0+
-IHNzaC1lZDI1NTE5IE9KUVZEUSBFQWVaK05MM0s2OXZWTjhBb1NBZkhySnQrcjJ2
-U2pUYm54cWZqNzc4S3pvCkRzSkNZM29PUklXUGZXUng3dTk0ZnVydncyOUt1bk5P
-SUY1UkpmTmUwcTQKLT4gRU8tZ3JlYXNlIHlLfSBHeDZOIGAKCi0tLSBGMENib3dP
-ZzZKdWJWaUFna3FSZWxiTG1zQTZ3djJVRWowQ3VaSVFTSFM0CgMHYcWF3BTz2ROx
-kPXVO2982uq+AT2O9wBqCdF+3DYcNCD2jbGUnEuCT/G/FxIOtnaqqHwk4x0zdIls
-z4oW6rq2dGBTNCYiEdjw1/Fy7UCGrksNN8cbyRnohfO7WjFZYA==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlpZ1k1USBCUm9F
+VVhQbm5SYzBsaWhOWE9peEEwSXBIbk0zOUJOT0VTN2VVQUNpb0Y0Ci9YejliUFVx
+R3FSOFlaT1l4N255SEdSZisxa1RURkROZDhWQU1pYklScWMKLT4gc3NoLWVkMjU1
+MTkgNGhLQ013IHVCVHpNV2tuOXVxN3ZXVlgzVjRzWHVhUUp5Y2hId29YY21uYWpt
+bkJEMzQKRFp5SkFDR2hISGMyZ3c1a0lad3hMYXNaTXd1NDk1dE4yQVc2eStjbmtr
+TQotPiBzc2gtZWQyNTUxOSB5YUxIU1EgOEcySGcrL2ZSRUQxZXgzRThWVmorNkRE
+TGFnRTNXNFBnZjhiWDROdCtWVQoxK2ZjZDgwdGlVUktROHhUUW1aU2tCRHJ2eFVG
+ZGJ2MU1yL1d1QVlQLzhvCi0+IFgyNTUxOSBVdm83bHA4alJUNG16ZFllbjBIWVo3
+bDYwR29UNlhKeUlKMmQxSzV5YTBjCmJPZlFWZmVoUEtRSHJvajlFN1pxUTZzZGlh
+YWtwSEVwQURtTlBCa0RvNmMKLT4gc3NoLWVkMjU1MTkgaGtMdUVnIHNidFdVSThS
+QzNKWTBqaHlTRW5aK0JhYlZtVUw3M2dWbEZmd1U5UlUxQ2MKT2JOZGppRHh6K1dr
+dndSV2pkei9iMGtwWUhRd3YxbGVCTjBmcWRnbHpoSQotPiBzc2gtZWQyNTUxOSBT
+WWo2SWcgV3IwdTIxb3BuL2pPZGdGaGtncWtHbEVzWXJTNk50S0tnQ0JsTGgwWW5p
+awo2L281dTVMaWNiS0tHNy82UXZKaGYvMXU0V3VSeEFjUjlWOGtJeWJGQVRvCi0+
+IHNzaC1lZDI1NTE5IHE4b2N6ZyAvNDdiQVFjb0dVSUtSYnNEM1dtZEdsVXpzSGF0
+dFBhMnFKd1I4STRTOFdzCjZGS0lDOGtzMnI0ZmFsSk5ZOHVBbW1rMW92Z01Dek5j
+S1RkbmZBV0o5Y3cKLT4gc3NoLWVkMjU1MTkgT0pRVkRRIGRNM2hodko0aHdOWGNT
+OVpvSXhiU01ON0hOUlRKWCtsU0srTnowb2t1aXMKazIrTStXakQ0VEc0eTNFaFU2
+ZGpCMHo0Y1dvS0Eyc1BEUWVNTStnTGM5UQotPiBrPTFnU0JKLWdyZWFzZQo0eXhh
+aDJ4UW55ek50cWVZQkhkQTlTNmw1c1RGZFlMRHpndXRYQ3pRRnE0WXhpTmZMamhH
+ZkhLa2JYZ0NPVVdtCkwrYzlMWDFwUStTcjVMbnpxYlJHN0dRdENxRQotLS0gNk4r
+VEV0YU9TblpBQ0NKdTV4RXlyUC9jY3p3a1lQT3hvcjZpamgvTXBQZwrEQUAZBPNY
+TvTZ2P7jFniAPDJQVTlmyPT7wNc1o+YYG/0svV7dO1+M0ztbjeXklHwDh5VrWw3H
+RubpaZ3VJQaV7y8zujLt15/jMiT9KNK+EpkhlTkra/YQtdQQvHhj4JU=
 -----END AGE ENCRYPTED FILE-----

diff --git a/secrets/hector/knotKeys.age b/secrets/hector/knotKeys.age
@@ -1,43 +1,49 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOanJ3c2Uwb1Z3VlNqaTBm
-enAxdldiMitqdEJiQUVXcHBlTldFb3Jwb0VFCnEwRkFJM2JrUHpXZzN5eWVNZnk0
-VlJXZUlEbm1wVy9Wdy9FcUgvNmxRVncKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIFE2
-bzl6REk4UDJhOFV5eE9tNzUxS0ZuSmhlY2RZMGtUYkhJa2s5c3R0UXMKU1JRS3h1
-cVRWRlNZb050Z2tVME9NQ1dHL1lYNTRrQ1RZVTRhTHh1YkhXRQotPiB4P20tZ3Jl
-YXNlCjMwRjlVcDlyeGcKLS0tIGZYT3dIWHJCcjMydC9YU2d3K2c4NXlNQmd2QUdN
-UDhKUUZ0NnZic3FCbGMK+mkg5/8GENvBn+CaH+cIFSWB65n+wG1Hak3B3YNTVci8
-hHO62/km/7FHyEbApN3RVXf0KhuYCiv+9KqovZmEbqWr7hdOMdML4zlwC8qCW5WV
-eJdDNFwYVWlw+/n4CKwaClQtio/Ypj5aPgD3ql/vzc0D4H+JYu/ZJVedSvgT+UMY
-B76y8KMXLJzF3E4cKKneGYhgOM+8BtNjt+DQalakOc7rLHwc8PoLCyABqpKvHymM
-kwDa3s1HjHxStK/PY9U78XTt5bTsilVLagTXNBtt8Yoe0Dw6mSVPr1991Y72uYRH
-HlVAHbgrSFbkl1rIXhbPsmtZ9gfcu66OG4R6XMoj7VtWh0XXI2CGM7REJfS7y7yR
-F99nLr8NS4y6iegV8Ppmv8iddfyoYmU4J4SigpyKEvTl+mKXqaKcSn0hfhLhCKSi
-wlPnA6l+cWJ0ogYn1QUmuchv7kj4S9YdV7NezYlOzEbxIwc9JBE/Iunx2jIt9EaC
-wZcyu8Ohd5dAiCCS3IHHwbBuZvWYqa0gRzJvt7uoNLzK4b0InP0gA/frangFnxpk
-asYb1yrNd+OvIx6W3sLWtDJuFMjgB/jJpBJWEvHR3LuEkxuv7q8J8Yz5VLpI2rhz
-8Q/lJYXlRnpA2dOH66JXxiTnktg42I0vBsylKLAba8anQBbNUi1qtyQj+ldIaSea
-V7aFvZDP/kyb7bXm1GukYj9T+wPlND7EFhQK/pRyM2iCDIFIBC3NzeRPFaLuO6Fj
-25ME9izI6VGLf/w887T9V4iA3wdN8yOoWeZTuT6E/M/ldFXkGpLAln5de4Qnuckm
-+w5HqK2vOZoSHAqC54IVIpbtcLaTj8AVC+m6VzvLjuz29K29RG2snvzTsYsLZpKv
-N5SR9E83tedZs1V2l/p51keEJxiBsKScXIHwzOLBlsK+aG/Cox6podckFZdexpO2
-eUXHTaqlNoa1OC54Zuu9/+gUPSxrs+vinmYY8tAhHZncvEyZjxeBWXs9p/HYXzc+
-SXV/H9kA7K7421PZEVSZqYFVP7+TgQJg8TMmMIJW8XVk9pRQ49YufRAJ3EVyqdLe
-WJsuQXXKsaFwc/SAmakKOAlVhh0kDYeXdjIF7r1sD2pVsPVe8/haTJyugQCOTGv6
-4cDaIgJyGFmLtRtevY55xJMIMPeMNBa22VuRMP4yCFw6BKMOflxjPkC+9W5p7Yid
-ig24BcpkWvhbuAcF3qfIcHM48YEimKm4Y1FkFptQDT13iDi9jyStC6x5BWlDq4h/
-Sd8OSf1L9B5iUw/pAz/5GTP81IptZ4qOOgXT0ZvBhaJTiFWMZP6jixCA0+mwDmEr
-+sp8DtAlQ9SRGgq2+r1YBhZi5IQ1khE70uXqZwybRCGARSJnnh0KkxIMvJ7kEkdW
-HxB7x4Lym0o2Llo4Y2qvTD2oVaXEGX8T9eAZkTPv987D/k+IYf6RFua9RXkAf9YH
-1FRqI8fnOqfzXA099X7fHtPPkP0ON2sJrilgnMNJOw+eYCpbT5TXjw12PjshXnS2
-0Nbyvn5u1l3joNhzL/x8A3iSQ9PbC31K1LsfonWXCpaPjY8VRRvrMTYS+LfYs/WT
-AIv+rcfztU5UyUz7CZrdJ0sMoNKwJ9nBXSBfAxxv3hLvH9H5034Er9rWgDNDMbPV
-o+DnMM9UWv2y8IW+2cyobOkHMfNTrNUiWEGkCh8vThthTDR0JnLnAyekTkvT68SW
-rFoxWfMYswnVI1yH6eEZ9RpGNbHsu8s67v7r4UhcmYWawj5a4XSp50r2s2frdQlp
-0yZ8MoKquhsNlpy93qvoEi6sGakr/aoRzJgLwcW6JfknXSU9EVbkHVAQqIyWwyoo
-dKc0Wmba5Gbm7qhgiG6hsXPmjelquH1Z1194JprxZndx1dal53ncat118RlQ3k0b
-Hk+7nO5n9thcHxJxKCXJpWSMCFSPR4qk9DkrGfpEyAgLULwk5WzNySZR9333bJxL
-DW9bvgvOraJWl/ueDB6ksbwOQKc3kcBxeNRT19pBFpi92DMfSSvvTZoFKdWFr+Gj
-DUjYbkoHwyBddFYURvrdKWqWprz9SyZw1yuzT1ME+QDAso8hSCZD502F8NtEsOzt
-LvGSnAjCX43X0+zx2g7EBrMd/1ZDGtGkSgItkszwS8T0SXDpUai80rDQvTRoFG+u
-lr5br1O2a7PGdBT3Ck/4SjjnbOubVjhQhu/I4k6gNVC+w7bMrTG0QpHiwA==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmSkdaeENuVExWbXRqMDJ1
+OVhIZllmMk9tcHlZNmpadXdBT29LdGFUcUE4CmVMTXEweE9ISGJhWWRjaFBSWlRI
+eTBuVXA2NkNJWU5ETjMrRmdpNWc4SjAKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIGhw
+TlRyNEJRTkF4K2NndVRLcklKVGdsRkw1MVZKdmYwekJZcjRCdFlGV3MKQnJRNFla
+eHY2U0Q0YTNySDBUUWhFOXF4djVUWFo2NzlxaWhhZUpaczhndwotPiBgWS1ncmVh
+c2UgMS07SWtmMCkgNSB+SkEKK1dqMHZONmZFYzRRQTBGdGZaU1RUMXZWWDA4Vkpn
+VTRZMzY2czhJbVpNYU4ydVEKLS0tIG1HdnE5MS95WXE3elEydVN2V1lpS3BuNnZr
+S1lJalBLdjVUVGFPcEt5c3MKUpIHCQqQ8FpucGNWX+ZHGmg6WzASWbogddlnP75l
+XZAtW/7fb0z5ehtbiSeWn3ApJxGhNQWH/aLHLsn5rWmQnB5YVcBs0XN8q02O/PJy
+HFEbR7G5kWBqez+svXFjxgxyTTb0Mg2b0bKBuM+ekMbRzDVeexlCjuM6j2TIBT7L
+GQyRK47NGNf/ASdEqCGG4wrGK2MSnXXHlpcZCS12o0tkILTrEipaRwdofvR/SbYb
++zOXrDoNs6iZKaVh5ILiqNo+h5G4b4XZ6Pcn6Q5/cE+7FFigQXPf0124t5g5oOhu
+u5s8DRq28CoauYeY4N3RitT4HHCTKSzpuFuKlQXOsdupeOei0URgu/+zEma3Ag+s
+r+pfdHSgrXEi0e3auSWNoS1ILLFyRgn+Qb32a8ufZ+4AWIU8gCIBTn21MV5wdJ5g
+pNsmsvBpHOMtNTJ2GnTu0l3Nw66QBE7blW5FE5Zxr2ZjKuFALBrpXAJsfc/HgPjV
+dVO0YkiBpRQFQ8+l/JJ9R3wGLHTk4xN4IffqM9Jf9BaINxgA85ocU1GwV+YK/4jY
+M0XUHwYx9dn15McnHVETEvPX6t8eO+EgQAEUGWO+jYQ1VHBAaKbekH74uPTvglNQ
+LLwBmt0kpVN1CDYz3a87USJxq9cArngo5cKh5wHLxjKLfC+Jkg6EMy8yhvev98v0
+huc+l8cSfzWCV041BgXLYl6PXY/k0SrJJnXpEN04cA3qZiXjfcmYBvshl52fPIAf
+vnRU13ErBayZEGhxOWqncaZUZlDPG9LTWvjw9/a4Hx0zI3pBP0CQy/9JmTvDXfVE
+xcgVtis69PHB+qx0YeE8zu80fOycH6HpNzZxEQe9+Onz5fePBwTtVDoO0mq9XvbD
+3tHMnXA2MkaIfRz6V+E34BkbEh4+m0bDCIxmla/7vpVLTJ/MnO3ddSotNC5Jiv4J
+o75/NieiS6kao4vnyG9bQhwfCUPeOmDIw/YANjbfbndm+zZb8qQ12m51Bd9IJF9u
+xJDF+TntUu7p/p+W2h5dc/wsvqt2LPnd1tdV5QHp3Ii3dTQe0YlMvYdUl2MhLmSq
+2ILqRVnzRXvrt2DybsQA7nuj5humukKkruYIVW5dITniAagHhPW7d78WE82EMoLE
+IM2P4JGqqLn7UhJd6LihrKt3OYh7lRj5NNBNTgtagRtJUKRrdoVBiAna2/fMiV1r
+FnLG4jpw/l0F3lqaDTzSRT1FZy3L40lnQG/DqdvnyIG2P7leR+b2j/caJngUln+L
+4VQcPN4aqHULnPkRKXE/GkE+sT9U190mntxeJpa8xI3gvyGCqnu877P6xWZzjnZm
+0Lu3ACDyfbn31fvmtBn0OdjAqUIQv0m6GTsdYLftTyQO9Kaw4fdyvfbmgWpMSWIf
+0NyhVDI6zBYxbVKgeASiweAdjN8dO90Bb/0CnHBUgRDgwjzm9aYDjAvo/0X7iRYQ
+o3Ms2UcyYT45aQa4kaA+cMRiBHypw71hRXTw4s2pYAt9nFBnFnPMpdr2wRb2wAa8
+FP1KlSr/+r/BsRyBQIHAknmaNzrCFkx9aBNe96orv6yfFNbzVJxYDhMg8s3UOsVE
+0+wtUqgMXkZ2vMrsw6YmZ8oO6SZV3xsQCVerS9mGFtWYYFwY3G4/upPa63LC9yNj
+ghYUjsToN6HRU95v82si+N4Fbh4gHYs0A/a09NxPYv9hHAe2AHgvJNIZ7ExBDryd
+mYzg5SPewYrc+LPPYYjHD17DrVs+xBoiI1Z9qTkdqg5H1PNLnknaTyaIT6/Gp85c
+JAbCnNlOswV/VBC5b8c+a57GaO0AeXOmZH95r9ZHATueaQDUWFhlskuOjRcDJQ5g
+tBiSidV8tnNvn/LNb341+LE/53sDxtxpTR9CXWosFbjR9aEN2ocp5KD7VP2oBJkU
+IH4ZgQJ2c+5b8afVvCyeNRLQavS3NktNmYNY6iiWpdb324J/yLWeMiloQrp1+vEu
+beQaBWNHQ7eXpvtpuIMt+j5ZcTOfvqK4f+kBDMLJXGP5Us5Z1brglF0TjfK0NDFI
+t1jO0w6vEWtnkKRVpfUyuZkEeAkfhAdDeIguaF34F+dFdmSedTGhI1BmpDhpBhf9
+aFSiI7h8bKxg57g+8pquJAAP+XWw2d19PMzhuBw8+nvFchnDzwCLOWtPQXOps2eg
+iseo9ed3K6IFFCy95RiWK247BirwCp4dqut0dHp+d/33dWIiWF4gJoSXAQkafq2y
+Hvh8akJ+eL/rsoCLwsXWKMGCow8AA0A4FGQaLLshwD79x7DSHUiQcHwZZyU5tf95
+dNioNtoaeJpfsvrY2LpwJGWh7m7mqLP+yY5bj5apvm5j9b/6G31vT7a4SIN4XzjQ
+tbaHcaGHwWlFgTHQuX/30KZngfGZn/tXfOuzO4Q6AU+ugffQgJAdrw8cUMb9t1la
+FdYuYiITcA0pTdLSO+a21icFBGr5jxuydxCrVIKUmBfKvTv3fXy5A1zDowIQNO95
+eSjI4+9dkdjvJ/ZDIsG3Dk49hm9baFovOF28LJ/+444=
 -----END AGE ENCRYPTED FILE-----

diff --git a/secrets/rabbit/acmeTSigKey.age b/secrets/rabbit/acmeTSigKey.age
@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVTdDSjhiK255UjZSZTNG
+UTB4MVZ4NTh5TXNpRkJnQmg4VEtTeWVEYzN3CjQwQXRORmVoRGNJVEdQNGhxMkhr
+V2swM0VjL29sOUM1Q3NTcDZ5akEvS2sKLT4gc3NoLWVkMjU1MTkgaGtMdUVnIFNI
+VDNvQ2QzWHNscWRFSzdvYXY1MlFKY29KM21XazdKclpQcHNEaENkMjgKcEErRWp4
+RWZVL0tRdFA1RkFXV3JUZWRvcHlZK2YzS2MzTzdqaU5GYWZUMAotPiBreGdvQi1n
+cmVhc2UgI2puCnYzZkZLWWtKL3hNQ21Fc1FpZwotLS0gdTAxTWxjdjcwc0dzNUNh
+Ri95QjhFRGJUWWRsc3lrQVptV0taWCs5MHdvSQqWbNTAu99yys9YSKbhoA/rXPQZ
+jbtHMItE3v9K9wsT9kCVyk0QDwuwilKMqlhTJAf2g/8YkV14L1Kjzn2qORVP9+Xw
+KUTfYv0Fh/7nMQgiRrUIeLq/BvMQLR95if8WuclQ+w==
+-----END AGE ENCRYPTED FILE-----