ctucx.git: nixfiles

ctucx' nixfiles

commit 66944aa8a1ce306c337154e8798873dac3504459
parent decb17d54502f1b264eb41a9fddb597eae7a0b1c
Author: Leah (ctucx) <git@ctu.cx>
Date: Wed, 14 Dec 2022 17:35:02 +0100

update secrets-handling
8 files changed, 114 insertions(+), 113 deletions(-)
diff --git a/machines/lollo/smarthome/telegraf.nix b/machines/lollo/smarthome/telegraf.nix
@@ -18,7 +18,7 @@
           urls         = [ "https://influx.home.ctu.cx" ];
           organization = "leah";
           bucket       = "mqttData";
-          token        = inputs.local-secrets.hosts.lollo.telegraf.powermeters.influxToken;
+          token        = inputs.local-secrets.hosts.lollo.telegraf.influxToken;
         };
       };
     };
diff --git a/machines/lollo/smarthome/zigbee2mqtt.nix b/machines/lollo/smarthome/zigbee2mqtt.nix
@@ -2,6 +2,13 @@
 
 {
 
+  age.secrets = {
+    "zigbee2mqtt-secrets.yaml" = {
+      file  = ../../../secrets/lollo/zigbee2mqtt/secrets.age;
+      owner = "zigbee2mqtt";
+    };
+  };
+
   systemd.services.zigbee2mqtt = {
     requires  = [ "mosquitto.service" ];
     after     = [ "mosquitto.service" ];

@@ -33,13 +40,13 @@
 
         frontend = {
           port = 8422;
-          host = "0.0.0.0";
+          host = "10.0.0.1";
         };
 
         advanced = {
           log_level   = "info";
           log_output  = [ "console" ];
-          network_key = inputs.local-secrets.hosts.lollo.zigbee2mqtt.network_key;
+          network_key = "!${config.age.secrets."zigbee2mqtt-secrets.yaml".path} network_key";
         };
 
         device_options.retain = true;
diff --git a/machines/trabbi/matrix-synapse.nix b/machines/trabbi/matrix-synapse.nix
@@ -2,7 +2,13 @@
 
 {
 
-  age.secrets.restic-matrix-synapse.file = ../../secrets/trabbi/restic/matrix-synapse.age;
+  age.secrets = {
+    restic-matrix-synapse.file        = ../../secrets/trabbi/restic/matrix-synapse.age;
+    matrix-registration_shared_secret = {
+      file  = ../../secrets/trabbi/matrix-synapse/registration_shared_secret.age;
+      owner = "matrix-synapse";
+    };
+  };
 
   restic-backups.matrix-synapse = {
     user              = "matrix-synapse";

@@ -31,14 +37,14 @@
       enable         = true;
       withJemalloc   = true;
       settings       = {
-        server_name                    = "ctu.cx";
-        public_baseurl                 = "https://matrix.ctu.cx/";
-        max_upload_size                = "100M";
-        dynamic_thumbnails             = true;
-        enable_registration            = false;
-        registration_shared_secret     = inputs.local-secrets.hosts.trabbi.matrix.registration_shared_secret;
-        url_preview_enabled            = true;
-        url_preview_ip_range_blacklist = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"];
+        server_name                     = "ctu.cx";
+        public_baseurl                  = "https://matrix.ctu.cx/";
+        max_upload_size                 = "100M";
+        dynamic_thumbnails              = true;
+        enable_registration             = false;
+        registration_shared_secret_file = config.age.secrets.matrix-registration_shared_secret.path;
+        url_preview_enabled             = true;
+        url_preview_ip_range_blacklist  = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"];
         listeners = [{
           bind_addresses = [ "127.0.0.1" ];
           port           = 8008;
diff --git a/secrets/flake.nix.age b/secrets/flake.nix.age
@@ -1,94 +1,81 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHY3p2dVYrR3c2YzhXc0ph
-NWpyS0d4Tm0rLzUyM0ozK1dpSVdMYmpySEVjCkducUQ2eWppNWV5ZTJCS2JuNG84
-RGo3SFpaSTZGQ0Y5K05FdW9uVlNrWncKLS0tIGo5MlFBcTNmY28vVFVjc0hreVZP
-MGkzRkdXc2hJRUNod0djeVI0Qm1UOWMKc0j8/ASihWQAlKcgqQUcMI3KGvFjPQ/X
-cN9I7dva+CuueVfjP2kT7k+NgZ11iLtwpi/43jiYu8snpkqQxjKPxB0uFvYBeBQ8
-UfsukWPeHZ064OHAezayA04xDXwouCF7xRCMYpuU+pxP1pq5rqC74Zl/qvvLgJTn
-8Saxkb0X3uSHIuozEDPfWRy2w6LHI5D5DJiw6tB1l5xcisxVAMXS6Uy/ieN1R/9K
-ljlnnFE3EO1msq+pyrvLBKoKR+LSXPxT2jp9fyXPftiDE4bFxt6TxS2gSoXeuOOt
-hX/6f50wp5tMf8xwj+32I+eEREE0z676g8b6a1RDVF6c6KObEmGIJeGvehtgxiwD
-yzulVPvSNBNBfmvIUoAQXFs69oO7bghLgQkBgRWEngwJw7//gX7OhzRdOnDyH6ML
-+XO7mcPRsSE27xn6UagPmky2dD4ENmtVGsDEC8nlk2gPkny29fcMA9d2d+J7Myj8
-Wm3fSKagG5DM2MxTJ2Hdvv9Sg8sv7HxE8/sXVR/7cYwb6HNN/wSMzCDgXOuRkAvM
-yBm6oOe8abRRJfPQDTi4uXaMwgrJyzjIZEuzeyc3U4FRCbsTKkUr8+/1fdR4SLVy
-rFjT28yhAYW23bnyhYtrYQUMR9GHExwtIxGX9av+l9lBDayyvjM74AybfJMAKH/k
-qp7UBHfH7ZqHilTAr6b0rJ3XELFaaHy3t+k1v1fm7SeoI0vVg2317m0RSUFfIMMz
-LZfLXCJSZDYBwvUKvu7XUoX75oNDZETwtsZ5xtlT6p4RHVwkFQ1SXv0u0ps25NGV
-B0IT2GYzW0DDaFPWmoPxpnIepA0k0Jq/5XpLl3TIyaAk1VSCJTiY2HGPbtGSmvBI
-4aetcy87M7SxsFGD93Dcf/+uy7SN+zrh2f4fpH2H3be7l1a6hhjV4E7SjnXubDdC
-il8v30prUSU98V0XilEip26HgIYopE8tCN5lrkF4wUufmTguhErx5Yq3VawAv2+j
-RQ3T1wSQpAPr1KUuDgsslPORdw0hTepgUZykmh24ESPloSn7XjY9NwC7oNBoRYXg
-MwIY3VVsl3JItAxstQoeZ3Zl3u2c69VbLuhZTJXrsG1IE1u90AKaIAUPuGVbkT2t
-P2Y7MbyWFsBY+HIBYaWrg7s3xAHL0BMRak1WGX5Q15yuXhzDZMh8y4C3LFr/RSmx
-XqXTvEuT5bHkvVvbQ6NyI8RTUYpYiGudKCs3D4PPwhe+UCG4/Ji2zIJOlM9mCVbA
-WN28ubTPD1uov/tA5XWGsA0zHKueS0jchIxd9GvS6HNMFBeoYdWkx6tIYxsQk9C6
-TkHURbpuytGW2UM2woW4G5HLxeG8RzVDBcU6FGTQamaDTBOnHmYkXixQD1h1D0b4
-qe447+CUB4hwFLenczgoBqGXrkUJYSy1PIjSm4pMlapvKXhJLvX8lCvMrO1Q/dj/
-jqGanoGFuoCiVkABKYqjqDiJWEB7058CTtM+azKBo2pxFaK83505ZnVp31PmjJQe
-gtPk3ONzTBvjUwIyK4Dv3fSqeqzVf9kCcY6UBf8lbh/j75M+JLyVi5z+j3LmyMhZ
-M6sNQZda9imJA/rTT0sHXCWMmGA4KAxWfjqftR9PHTn14mbYFm3eekT+XUFXU34T
-V07ZNsqHfFzY1ZiflmtwrA5pdu8Fvj+LJEoJlZ/6rwJEPxkzeUnMK8PtNIR09sxp
-McZLqnx+xq9oJRQH3MwIOwLj6fPP9XGuhGLFmAvzQ6FKZ0wIy/joAqVinLHg52E3
-nklnPBVAA1cGbiZpG+hNbcfuCfiDNHNAR0PGgNKyOm1PV2Cgl9g0cCOxdlGApiax
-ZKpdYABvz3ukM7KwFKz3dDynG3JM4r3swqNXsVIkM62cxE2GjwDiXMUbT8jms+mo
-16KriPCmakrpop8x99Fh+tDRDtHApv+pciPxVplDikr3y7rFJR0h+vhjhKboUr4w
-/t1Hjk1H7Pv1Pv4GO/PqAAvAKE/GTyHGEkTpdNh0ODt1bdbycEGlMnHLX0ZhzgjH
-UjGSSBL1hEK90+bSFFj6j30BTsKg3cBGVzJyzZq+3aQaUxtAL/65ENce36Vf57vv
-h9VmUV+vVuniPS04qdfmIKuQ3uTuxRDE6h1jWtJ/FNSgnjl+dqDtzM8RwQ7XJW6l
-jWW7Kh7yol6VR9WcVboXiP6bEfRJfhntzcZYT6F/0s4tzOjuNe6JEsmGwLe6ygNP
-L+IF7PV7SCWTJDXEvhcQv3T76AE7DGYZDB/SE7UwfvP3JR3q834/2O+XUxzKJXQn
-25MDDKrAYLJluERMVNYgchWHGwSDpJcfQBGDOBheTtEHcTvXxnoXny4vPLOdclfN
-fCoFCLspSlVNW7WsziZrN4b6+JAmdgrvEv12PgyY9QC8pfGQ6AYTmw1HBajP1R63
-k1UkAcYiBKiQ8e2l/EpespTFN/SoKYBact4ep6rrrIwMqJl0SSZ6yJzLOqgAXeRF
-QBhq0to2IPVUOCSh9vK84RlVnK0dROEHVjuSsIuxn9Ikf0PQOPa29AiaiDNZ1R1I
-H4HL7kMvDVKQs+LZIIzyu9kBVFi/jcd3gEZnxKQFxnw7PydqDRm++Z57Rq4Yygok
-cNNAVVX+lesSWkE5M2Nq4N042HQ9etsefOinFTTnNzAb0OPOdBK2G1WWies4s2BU
-JddmzzoFsMR7P7gBsFMHi9FjT0McbqcvO+qssC1dXYkwacgMAKiwZv8I1VfLpQfp
-6pkvz2oyhGfTtWlF4I/mPVJFvwit0vz8PGhpzhXwfI6EuQunMDdWAwbpZPSxmJfe
-jx3EeUshUHQYLYzBx8vEl3F9ma19AcTSj7R3p76/XpktMZbjzDafm6F+vfte7xmd
-JeVjhIz/zlS7Q0/JknVusGi9/li2xhN2UXv8sTb16uZI5cEb2F9in3/5pYgEFmYq
-I0Cfnl62VW1C7cJE5qDNmGhy1RCMLHbf6KbL82HUMqWkx0Y75D3NM3/hMpxkoeoz
-H+xbUSCGMlsoHjcXlxoPEVm3qYaBSy+yrt+C0hafv94vrbFXLC7DThnE9Pak4mON
-BYCVYUOHed7sfYfucLPRmpLjuSv43p7c3UOd7N/77Z53v1jIFsz8028OuxauAztb
-/Fxco//ZpafYm+SYd1hEoQs7Sj7DJUjYFtKTyLMnHjBv4SSFPXy7nwiV3hpzdmdh
-891nU9/SCnMw2Kca79U04zVIC7rX2J0kM4hd/LXOVVjvCF21R/GocGUVHhk6HIp5
-InrtsqnNbJ8AF1q1NTBb5OciG/cJdzqNWzasp13AfQPTrDwupuO1GOMz3N+BNvNO
-YChE7EHBOBd6jFdKWJLurYB9785cjMx1/kro0wTugCik/9c9QWVfaArQAiG2GUZh
-eFnSiOVbc/KVHmcThpSfHSLBrSde3JDlDUEw0/7rpiQt0Ax2lvSaRifcGGb1FNl/
-8VY5tZFn7ZMBBubpQWhLeQUQzkoX93v8rCaXNxwvKvbUSdx8/TteKAan+/66ROCD
-jwttwUTECtq04EHFMiFie7cw5OE0VzABuftQPlGx4M1ErdfFXRkdEgJ+lOCGCACm
-f064tgH7wlxGRiIrE5TCmk5aKdZdRM0cb8R3DqArVY0LNNYyGuK9HsFwFNp4ru6r
-NZ6dfmuRQVerTUcwA8okzycjC3QxkGKlT1pWBZckgrcVaVtYcg7hIM4qIP8Hs0EZ
-OlCUELphzHJfScR8s348gsNBsqvYF+SGKbP/mrCRNixYxp8VOXrLMnO9cUzHfW7m
-yqi1CbhBAVuWndyA5+H/xZaCk3zcRKBDN1mWf+RaA0OUyy6tSbrE6EfhwWPmvWBI
-UujALrtCybC/Ev4pHdsp/WDIg0YemutLRkkxh36PWZpBt3Q27z1UJe2J044ZL1PN
-Jo2n3TSpEpQMY9lPB1e0yOWpwcuku2V2jDQRmBFeoYQn5Ld8FU3MSZOZYbid//KV
-s+fyEqXV1VtqJ4rYdnAwsGCTbmI/v4ovissGS6wvTWAzpqAt55C2AvR+29ZV/Ftq
-fUB0eyouinloHOjXKZpsl4jaDLUoWArS7c3MTNCM6SfstTjKgQwAOy08ARfwUfOZ
-4UBZgnuTxlmX3F3xCxomeiYwGeZ/5HdEieYBoWlMnFkWPDu52u1d7moFNF1VV2aS
-wXgk3fV8d3iH+JjA2ydixjuShB3GaqbWsaGXJ+uhMRoiBxGF7PE0rH2sgNWyZ7vn
-A/fPO1qm/xoXYguqQHgjP6wCUTcAOEaHglBMi3NZvaqNU8Fl20utPUfPoQIkbJ6K
-5vWJJU2hM+CLIS92S32Cp1qBaX3zsjJbG9B5JlhpDC5bMlAf6b1zEQ26PXzRCKhH
-yl1UMQZU0KMSBulDkSEC65PXWXu3IWlKcwdbHaul13opq2uYiU0zAlSHXfiu4VSx
-uQ4Gdc+/DN8lI4tOnFU8gBLaYeQguPfX88a96O9NPUCbvYaT/TW9arncd1pHtdJZ
-BZAdLiLXAWGluAWjSfNpbWMacXW8Z6c0OaAhcL+GLn+9WtNdrarozxPZd1RW2Tke
-26hL/A3mI0Qv64r1gwmvm15SdMd1A3Ur0zDDPx9s65ngP7zVreF8zU4B6q3C+ufK
-P0QqeO4LErh3x2GA9iHeh0feR5N5CwRHNq2Jz5iM0APtOsyTrloWDixyj1CirgGg
-PDeCl9rd6xzrs9kxaZCzojT2+IphVF3WGmJnPwv2tksSzAaFF9Z0PWB5mm43FXGU
-My+jYm84YMgiHsHRaDeS3P9PePcaHn7AuSBHPFZXk4ZVgf1IY6PwGtDtUXN9te6r
-Vgiihk6WTaCWz7eK6D1cpPL3A77v4iHBzg97xrVC7XIk2LAJdm/Ke00ATOpu/tIT
-81gN0K7tnciB85KuRwEagqmgLA7Lp1vfTf8fuU++dtgR3A30rgLg7sRe+Rar4A+O
-uHUZ2beCXH08YU16/3+1BDSxRtVQaetkItlgoS0/h+B8KeimhzpHAoBU4vjCxu+K
-9Y9oYpXDXXP7bLwu76ZLc9OSithq4QJ87lPpq3gGAyn4M1MONIK4CC1WGqkjfcK1
-5Yd+ancy3MW6ieBImB6Eh4I5d4s8b2GryZV+siNR8aic3lNg+RW/9rtz/UBem6sw
-Rnu594RbddFxT2CYi+Tg8pwDjiUp6U8CaUpWWkLBQgKzkWCqYEvOd6gZMVVOhjXE
-xj8uNPO9BiEm5mAyK+fE898a/0TGFZk8ToKXkrWdROFvzIzioKxOYo9C9SA/S7xM
-I24OyPbjzjVDPAfbXpBxOIlCqaxrv1SBDEFJtocB1E1R8sP3EMr0oUVkYhNhlFfk
-k7Va4UDPPB8HcD0AvxQ3/Cmusn/wWrbusl1Gr9N/Un47F1a7vP1AYOf2VLpGyP1N
-N5CUsBdEqPY1w6WjdUN4IFra0pmlH3TAUqXymiz0xBlvSAHtAwWCByTHGtV2dULf
-kRf6dM9rLawUXn1eRGrZ6l+29VLmI7wbvwe97v7zPJcYQfsiJAssS87+SOy2oXQE
-lb2nDM9v/LQfwvjA/2Zh7WwQCztDIUXyLWjgjzlQjQhM++//zc2QBgSf4cJ8m1pV
-Mc4/yYebPlxZ05txMYMlrUt6gUFQmA/CfHa9wIA+pBau9xNKcZ4P9zOX7Cn2sjFS
-P1yDxRAibSfGl5Jd584ov89uTLZGvQ==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VjZmVnkrM2NjQ0YzdWhY
+MzNEVWoxNmZVVXpwdTU5TzZkRHZHS2srMGxnCkRuSzVRZFl1ZUFOTSsrNVRYWW5w
+a3NxNVlWWCtadzhkZ0JScEV1MVQraTQKLS0tIHBWQ2lkMkcyUGtvWGNJV0N3bGtY
+aTc5WkJONUdtdWpHTktuVXdXNVlCaDQKAdHvZsIiCExxahd5NaLndd5hy2l4PuW8
+J59/kN1kqIFC1fQBamg1lpLvHiup9Nt8XiwrmcNSfKBdokmiwRoAVssQUvUtHoRP
+Gs6+2r06wn5rj3pUOuA0InXcNp/5FWth99gEV50JPdDOTF5tBkTSp4FgLg3eAX41
+gvJ6QkguGUWYIp40R/gysttU+mVpNuGA63B6dmtHFiY4PQh/i9wRlNEeENqpRQzR
+7F15BrN2CUfI6d35eC7lTs+ex5p+AbqrQ2wkWkFCO1Cuh3F+P6D0fmHTtRm/g7s1
+Hcq7rK2IFIZGlrTbYV4RPlBel8JPRTc3tKCaZeE3xwadMhPO/WA2DJGnLhx3toF9
+dOiNiUWGRtR78Ohaxq3S3I/umbSz0NRcnyvRV+PuJgzuE0aR2WQXxp/lk/P/rxzQ
+el90ZJ8g3eKZFLqiqozcb/VknDJdmfD5ximNP4uv3GfSXQRGTwUYBAh8XsybLewU
+fP8N/Hmf1Nr+JZXkSs8axTujDOu0WHAPwmxWBnLSPqZcSwmR2Lyr56mIL3zpc+6z
+Qqu6GgrnjSi+UdlOJLUBZpSjQ07ydNDPrsh9Uhukuhbvy+/5G7kIRRXw4MhQYjZk
+U0jhNvE8h+fAlKU9+5Gf2THbJSj8mspBMzpKO8Z7XJSUByTpReVmONBZsqzABHgc
+3yCWLpJLl5l/mmwu0lfh9jg3c/sVOryOa4HwJSyi+MvY20Biqp6beehCcsNk7OrB
+H70dx7h9BmIHBVGK8booin5wJMpVh8ctNReKOXojBpEhrxMrDqViBiBmZ+xtwI+c
++IvL6HwusleK0i1UFHA8W+xGOTFzQ5rOZsnV+2QPyTKJSvhqIXjx14r0HV/wNRaa
+heEgVodwOWsDXTgzRPl+GkgZ2AxwILLDeNFtFvZFHplXpV6xpdwGC1YK2n0e9WX/
+y7EvuICRis5TpIOtCOF6CiuH8glK0/rJrF0Ts7f7SAAVM5f1SCDpGPDjoSfhcnXi
+yizqCE+PFUJ84GYR3/m9oTs81esKlzkX+Oh2xJMNx2N9DFusiMMyRiL5e2t8Ma5t
+EYE0hlaw4vVUMKib0Rrilds809s31JnMnBd6fYhWgeQ1S8F0C6UuVL+kT2wak/hL
+NyIv1XY6vaQKFzWWzhl6GJ7onrxI8Rc9NlInKUBuHT/Cz4AGytkNeQuCfe2vSCbX
+ieQQZ7g2dffhllBDgL//T89BbqQQ5oGt4sUfCw8hvsOevVTCi5cww4kOSWqw0y+1
+b69NbeyDaHWZ2xBBqvufUcCLWBotuLLXez0XGWJJDv5LMqapzdM8D957jpPJVa86
+mEG9Ggz/RASw4cN2NIBrkT4xqjOvH27Nqio9u7yfl5zoICyLo3LFrxcCzT+BQXjG
+dMDr2RfewoP/hZNlYDVAE6ehb+/x86Vl69ntJnXqM3SF00dSUhW+KvWhdMHMf92S
+KGEyz4pElDbRQirYLUa45VQNiZWZIJf9TaLuxvkAkONubVDqN2PzLyeu9a+Nl+ma
+bTCRrz7kJxC1cVy0rTniBEqUo39/s/uAGDFTJwJDKNxLO7ZI6QnsNvwV0sOq7ByG
+QFtZQ/Mp6ZG1Mx+SMsyiYB5oSYVlEJdNiL3Gdgtmoi+g1qvb5y3lAZLOQzcFB8dT
+YB/vv17B9y4FTXFhmo2EBkbJ/3EfhgGd3mo4+kfXAE5tFOm0JW1oGSNvGReRX7+p
+3WwGkHRBIC6gBmDoJXrJ1F55i/RCtE1Fxq1AGyI23SPbRjfh8SRG5U1WBcxvv3X6
+L2OQyfCOnL4Zh0S8DY6IXsCGwH1ZBY5uCXP17QJgxlLTJqPKG3VWZoctUE4kA/ch
+Q94wXCXVq9Hi8sEDY67YAvliFUcMDXUJUkTNQX5z0YDw9882xZ+94rJsMqDuTL4W
+C4M1GsXzfCUU6n41pV5fIZwYS+OeY5YQHWtMReE5luTF4ofPUK5P8wj2cdKxhH6z
+H2U0p3sOr8ZxHXE9xc02CPMPN3MaAq4i6tCzW/dFJj7gw+LZBXaNmm6IvYgys6wR
+diHxk/gJ6/WOXGWaM2vDdYh1TalVi+m2kZXUUTYD5tIhO5oJ7sv0dD5jyc57EAdh
++L5TTS/C9R4ZkaXaNUfmABb9wokeCFTBfLrSnOyOCgNjGcrlg9N8EEP9oTT0DVR5
+K8De4LhMbMVfgXPlgY0/K1rmCftTmIfFJWlf9BBXiuhWSwbc+rIVhfmgA+yuZajP
+MRFovc8cITVQT8A/btlqdJcBTj2qSTdHdu8r/g/SNkwc0/Fp7tz5hwx6YL8uIPRv
+7OodOr3b9IyYPsg13DQzYl4Hwx6lAf4/Asd69otzXrjkaKOj+9WO1flLgKbB6pkf
+eCi/Yeg+QF7tBYjRBjby04Rl6rqmShN5XPJoyokCjQkHm7mfB+ZrYvs0pHwOr0LO
+e8c3TKv8fMiNIR8cdTI509IedRTbILy73xbSjtlu9yDOcbJqEzckhdk5WVYe560N
+Sm2jyRzNwsUn1sQmkngu9AiBPQu0t/xtw9RIVKI6UYR1QI19OsiHaAaZ0N14r04k
+vl53FN7Z7/UnI7G12gObYNfWU8BvLs+wt2fdnKUZT14hnd+UMrxvP4/lc2kr2Zdo
+tS0IG5VL/D2NOIz/THX/xU7OnOqSzCBL8z0uFKPCloUhCl7lNQvsaKafgiFB/e4j
+YfiSteGY5DA3jcvErzXKB5nSRTiEyVP03+c5Ra+v/wGu6+KrWPImJeQSEZ1NSoqz
+TP4+cLbPIjuQM7yGV0+KXiB8zEOxYF4bYSA1bdi3Na+lHsuvkS4eBY7ZTz3cfCmS
+qrEe5mVz8nAFF3D3M+RiJU8aNPPOH+5FjLU0c3p9SPsX98YDO7GFR5YvCuBg1kZg
+W52WX1YD3GI1or8unVPVpso7/p5Y7SLuae4uTfMLJR0jIE7MVALI6PW2DGsQ2l0/
+U5AdAb34HPt1Iar8XkGMjtC40u8EaWEt9wTOVLYKVD8bn7nycQymPK2NkRJrfdLK
+02o/jD3znmCerb2yFoa8Ap0PYCh6Oh6v8qbTECjtKhAq/XQunTcbzfgPae4j7XzQ
+1iudAWTcOUY1LBbMK5O7YmAZTw7QSgew41LjsOoQDGVNRLq17zvX9Dapnmk2SIEW
+L9UpnMKYIUXftGHBaUVqN7Wpnbx8jQ4UXANaeL9c6GyzLerkAW+H82KTLpA23dgZ
+C6lFeeqd8JyeQxTjFKpv3A3lssHuSBQY3R3gezQF79mq4mbOKL0F8g5k9n5A6zDQ
+8iQSejkPN+yBm/lYdYvODwoBJwjF4jdHG2WdF7b84CFLdeI3/eWBeBeJkUoonjSH
+5bsMguSt1kEjtjCGsaYdxIHJjsXkcs0kkWQ226z1Xbi62Q6ZsUatHer1FbBtR29B
+BNBVQL+FkFjRPBuuUv6J6CTewy7k4NPWC+/SDgBMEu5NHNeTHSPK3ZyAMUq9tiG4
+5+WdEVaBBDjTBX0lk97cGDR16H10bzZ3fLzzTyQ3cqP9sSr2oKOPCkfWHo37RSiy
+PpjUQx8pX1KL4dc8AqypNK2Bic7P5xn3NcVHWNBMMTj0qadrjF9sBdHD/hwgsD3/
+dj3VaQVU3tzHy8dlYKV+pmc2OWVsRx0e7lYJff8a4fW7kvqGULnvey5W/E7cdCR8
+TTk2lbyoosBNLbTZAagHYbBINmdLDjsGSpe2mUCDNXE6bPAL+/2bnD0i6Z/Hw0w2
+Ywaxi0BGK5piKZPeDOCU49TEC+HoyKcQkRtayUhfVH6xNCKKtahewrzD4lewLOB0
+vxrI25rL3xXvfPAxDwss2lSX4pTycKuCf29et20hwBWQk2PRVTDGF7Q0PflPY3Ar
+fI0c1OG06m7qt41OlxpC3If+Z6Lel3+5nN4BxjxgCGAVYvI9QPFfWMMxSKgeUN0C
+ASRh/vcibxzQ99KXIl47h6s6cmwzpsXKhz1Np5vzqFZHKJpdmZF/540EYQ04sPWH
+fwBDdqpMQEzbFN3crD31XQovYkYvbRwKALys+Ia6PlWhe4tpip8advv2kf5s+XDA
+z9JPAUQfdu3R0SKXRcJq4Hf402UYMJT4eyXZ6TBqaZyLjwl1ztT5CyLqgD+/i0JI
+0l98cfVBohNgdnDAMe9eIH/lU5RhcoZN3RCXIL25R1XIofwnTuqCMXSdvFZutWGd
+lv7di/9Zqf+uXyUbvd+r5yFASFyucbH7k+VrdPDVbEIrqhrWCXCJpv3RepL6cosH
+ElqrH5Kk5p8JZmoDHiqzWyrBp9knuLsZ5w1JTZzuWkO0mCEv4zFhg25d2nLkQeYj
+c/ts3JQ6gyy5FlySxP6UyOxUS9A6ShcbF507iZV5jWe6T5yG+DpvLE2s7q5FQZL1
+EcuXPgMDysjWPn/gZSYxxiRDn+ZX1VUyqtnXEVu5NZD5icjKrTNwXpfLiXU++BwW
+BOkl48qdNlKfu0ujgIW712Vp+o6UBg44Ea2KF9MoOYi5acijJNomGwMrn9Vu37q2
+wt/LXrhYd+IX8kYA2MMcGGlgnKJsf6Zxch4FS0S9Rae5XO9efgFcSR6sy/bE81mx
+QX3ec1Z2Bzdj1Bp8DZ4EcnH491Cwlhv8LcgrUWsz3H95Plr5JYlxROD6eKow2naV
+1KDbxyCfThvD8inNmMZajBDWefk6JtQwxfhrKXRLVl4iK+GKStlJzo8Ih68fEpCg
+llhQ6HyMHVo8nW0iEsuI4ZSdZsWvYwxBPza2GlJh2mc9bc3D9JRe7c1m058nwYNV
+fd9lgzPcxqwP96saBVvXdq0j9m1VhzjwcQ8sNfI1NJ1TOuvLjnPc+KTbqMgGSjWE
+eIun/cFltaT5OXgSqJctDOtptA==
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/lollo/zigbee2mqtt/secrets.age b/secrets/lollo/zigbee2mqtt/secrets.age  Binary files differ.
diff --git a/secrets/secrets b/secrets/secrets
@@ -23,9 +23,7 @@ case $1 in
 
   "-d")
     mkdir -p /tmp/nix-secrets
-    git -C /tmp/nix-secrets init --quiet
     age -i $tempfile --decrypt --output /tmp/nix-secrets/flake.nix flake.nix.age
-    git -C /tmp/nix-secrets add flake.nix
   ;;
 
   "")
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -25,6 +25,7 @@ in {
 
 
   "lollo/mosquitto/passwd-leah.age".publicKeys                = [ leah lollo ];
+  "lollo/zigbee2mqtt/secrets.age".publicKeys                  = [ leah lollo ];
 
   "lollo/syncthing/key.age".publicKeys                        = [ leah lollo ];
   "lollo/syncthing/cert.age".publicKeys                       = [ leah lollo ];

@@ -64,13 +65,15 @@ in {
   "hector/restic-server-htpasswd.age".publicKeys              = [ leah hector ];
 
 
-  "trabbi/restic/gitolite.age".publicKeys                     = [ leah trabbi ];
-  "trabbi/restic/pleroma.age".publicKeys                      = [ leah trabbi ];
-  "trabbi/restic/matrix-synapse.age".publicKeys               = [ leah trabbi ];
-  "trabbi/restic/mail.age".publicKeys                         = [ leah trabbi ];
+  "trabbi/matrix-synapse/registration_shared_secret.age".publicKeys = [ leah trabbi ];
 
-  "trabbi/mail/password-leah-ctu.cx.age".publicKeys           = [ leah trabbi ];
-  "trabbi/mail/password-mail-zug.network.age".publicKeys      = [ leah trabbi ];
-  "trabbi/mail/password-hi-f2k1.de.age".publicKeys            = [ leah trabbi ];
+  "trabbi/restic/gitolite.age".publicKeys                           = [ leah trabbi ];
+  "trabbi/restic/pleroma.age".publicKeys                            = [ leah trabbi ];
+  "trabbi/restic/matrix-synapse.age".publicKeys                     = [ leah trabbi ];
+  "trabbi/restic/mail.age".publicKeys                               = [ leah trabbi ];
+
+  "trabbi/mail/password-leah-ctu.cx.age".publicKeys                 = [ leah trabbi ];
+  "trabbi/mail/password-mail-zug.network.age".publicKeys            = [ leah trabbi ];
+  "trabbi/mail/password-hi-f2k1.de.age".publicKeys                  = [ leah trabbi ];
 
 }
diff --git a/secrets/trabbi/matrix-synapse/registration_shared_secret.age b/secrets/trabbi/matrix-synapse/registration_shared_secret.age  Binary files differ.