ctucx.git: nixfiles

machines: remove desastro

diff --git a/configurations/common/syncthing-config.nix b/configurations/common/syncthing-config.nix
@@ -10,10 +10,6 @@ let
     ipad.id           = syncthing-ids.ipad;
 
     #servers
-    #desastro = {
-    #  name = "desastro.ctu.cx";
-    #  id   = syncthing-ids.desastro;
-    #};
     lollo = {
       name = "lollo.ctu.cx";
       id   = syncthing-ids.lollo;

@@ -35,12 +31,6 @@ let
       "Blechelse"
     ];
 
-    #desastro = [
-    #  "ctucx-music-orig"
-    #  "ctucx-media"
-    #  "Blechelse"
-    #];
-
     lollo = [
       "ctucx-music-orig"
       "ctucx-media"

diff --git a/hive.nix b/hive.nix
@@ -22,7 +22,6 @@ inputs: overlays:
   trabbi       = import ./machines/trabbi/configuration.nix;
   wanderduene  = import ./machines/wanderduene/configuration.nix;
 
-  #desastro     = import ./machines/desastro/configuration.nix;
   hector       = import ./machines/hector/configuration.nix;
 
 }

diff --git a/machines/deprecated/desastro/configuration.nix b/machines/deprecated/desastro/configuration.nix
@@ -1,81 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-
-  deployment.tags = [ "router" ];
-
-  imports = [
-    ./hardware-configuration.nix
-
-    ../../configurations/linux/services/prometheus-exporters.nix
-    ../../configurations/linux/services/restic-server.nix
-
-    ./syncthing.nix
-  ];
-
-  dns.zones."ctu.cx".subdomains."${config.networking.hostName}".CNAME = [ "desastro.wolfsburg.petabyte.dev." ];
-
-  age.secrets.wireguard-privkey.file    = ../../secrets/desastro/wireguard-privkey.age;
-  age.secrets.restic-server-hector.file = ../../secrets/restic-server/hector.age;
-
-  boot = {
-    kernel.sysctl."net.ipv4.ip_forward"          = true;
-    kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
-
-    loader.grub = {
-      enable                = true;
-      version               = 2;
-      efiSupport            = true;
-      efiInstallAsRemovable = true;
-      device                = "nodev";
-    };
-
-    initrd.network = {
-      enable = true;
-      ssh = {
-        enable         = true;
-        port           = 22;
-        hostKeys       = [ /etc/ssh/ssh_host_rsa_key ];
-        authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
-      };
-
-      postCommands = "echo 'cryptsetup-askpass' >> /root/.profile";
-    };
-  };
-
-  networking = {
-    useDHCP                     = false;
-    resolvconf.useLocalResolver = lib.mkForce false;
-
-    interfaces.enp1s0.useDHCP   = true;
-
-    wireguard = {
-      enable = true;
-
-      interfaces.wg0 = {
-        listenPort             = 51820;
-        privateKeyFile         = config.age.secrets.wireguard-privkey.path;
-        generatePrivateKeyFile = true;
-        postSetup              = "ip link set dev wg0 mtu 1500";
-
-        peers = [
-          {
-            allowedIPs = [ "195.39.246.32/28" "2a0f:4ac0:acab::1/62" ];
-            publicKey  = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY=";
-          }
-        ];
-      };
-    };
-
-    firewall.allowedUDPPorts = [ 51820 ];
-  };
-
-  services = {
-    email-notify.enable = true;
-    syncthing.dataDir   = "/home/leah/syncthing";
-    vnstat.enable       = true;
-  };
-
-  system.stateVersion = "20.09";
-  home-manager.users.leah.home.stateVersion = "20.09";
-}

diff --git a/machines/deprecated/desastro/hardware-configuration.nix b/machines/deprecated/desastro/hardware-configuration.nix
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/39a948ca-fa39-436d-b9df-d07e71106200";
-      fsType = "xfs";
-    };
-
-  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/0c98d781-09e4-4ed9-9916-4579e178394b";
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/8758-6FD1";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-}

diff --git a/machines/deprecated/desastro/syncthing.nix b/machines/deprecated/desastro/syncthing.nix
@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ...}:
-
-let
-  backups = {
-    audiobooks-orig  = "/home/leah/syncthing/Audiobooks (Originals)";
-    audiobooks       = "/home/leah/syncthing/Audiobooks";
-    documents        = "/home/leah/syncthing/Documents";
-    music-orig       = "/home/leah/syncthing/Music (Originals)";
-    music            = "/home/leah/syncthing/Music";
-    pictures         = "/home/leah/syncthing/Pictures";
-    media            = "/home/leah/syncthing/Media (legacy)";
-    windoofs         = "/home/leah/syncthing/Windows-Stuff";
-
-    bahn-richtlinien = "/home/leah/syncthing/Bahn-Richtlinien";
-    blechelse        = "/home/leah/syncthing/Blechelse";
-    cutieshare       = "/home/leah/syncthing/Cutieshare";
-    wiki             = "/home/leah/syncthing/Wiki";
-  };
-
-in {
-
-  imports = [
-    ../../configurations/linux/services/syncthing-nginx.nix
-  ];
-
-  age.secrets = lib.mapAttrs' (
-    name: path: lib.nameValuePair "restic-syncthing-${name}" {
-      file = ../../secrets/desastro/restic + "/syncthing-${name}.age";
-    }
-  ) backups;
-
-  systemd.services = lib.mapAttrs' (
-    name: path: lib.nameValuePair "restic-backup-syncthing-${name}" {
-      serviceConfig.ProtectHome = lib.mkForce false;
-    }
-  ) backups;
-
-
-  restic-backups = lib.mapAttrs' (
-    name: path: lib.nameValuePair "syncthing-${name}" {
-      user         = "leah";
-      passwordFile = config.age.secrets."restic-syncthing-${name}".path;
-      paths        = [ path ];
-      targets      = [ "hector.ctu.cx" ];
-    }
-  ) backups;
-}

diff --git a/machines/lollo-old/configuration.nix b/machines/lollo-old/configuration.nix
@@ -15,7 +15,6 @@
 
   dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host "195.39.246.44" "2a0f:4ac0:acab::44");
 
-  age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age;
   age.secrets.restic-server-hector.file   = ../../secrets/restic-server/hector.age;
   age.secrets.restic-server-lollo.file    = ../../secrets/restic-server/lollo.age;
 

diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix
@@ -35,7 +35,6 @@
   dns.zones."ctu.cx".subdomains."legacy.home"                        = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host "195.39.246.42" "2a0f:4ac0:acab::42");
   dns.zones."ctu.cx".subdomains."home"                               = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host "195.39.246.42" "2a0f:4ac0:acab::42");
 
-  age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age;
   age.secrets.restic-server-hector.file   = ../../secrets/restic-server/hector.age;
   age.secrets.restic-server-lollo.file    = ../../secrets/restic-server/lollo.age;
 

diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix
@@ -28,7 +28,6 @@
   dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host "89.58.62.171" "2a0a:4cc0:1:2d7::1");
 
   age.secrets.restic-server-lollo.file    = ../../secrets/restic-server/lollo.age;
-  age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age;
   age.secrets.restic-server-hector.file   = ../../secrets/restic-server/hector.age;
 
   boot = {

diff --git a/modules/linux/restic-backups.nix b/modules/linux/restic-backups.nix
@@ -102,9 +102,6 @@ in {
                   cp /run/agenix/restic-server-lollo    /tmp/lollo.ctu.cx;
                 '' else "" }
 
-                ${if builtins.elem "desastro.ctu.cx" backup.targets then ''
-                  cp /run/agenix/restic-server-desastro /tmp/desastro.ctu.cx;
-                '' else "" }
 
                 ${if builtins.elem "hector.ctu.cx" backup.targets then ''
                   cp /run/agenix/restic-server-hector   /tmp/hector.ctu.cx;

diff --git a/secrets/desastro/restic-server-htpasswd.age b/secrets/desastro/restic-server-htpasswd.age  Binary files differ.

diff --git a/secrets/desastro/restic/syncthing-audiobooks-orig.age b/secrets/desastro/restic/syncthing-audiobooks-orig.age  Binary files differ.

diff --git a/secrets/desastro/restic/syncthing-audiobooks.age b/secrets/desastro/restic/syncthing-audiobooks.age
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> X25519 fSR5Dqnchk6oH/zxBlRjv6nhxCQhhaMUaIDbwUDNP2c
-9P4aZqC8sN5RSBjVMhbBpMawV2w+3wI8Bq0P/v8k/L0
--> ssh-ed25519 VgQ62A k+hbJJSOjh4CXtxOoQe5s9jqSylzuFPHYHhG+I30F0A
-H0vlggni+OzJkoydqkpm041cXl97SwWxge8xRTB6Qlw
--> KNu-grease
-L9PgU6GV2oIXfhmoHFAoj16EH4rkrEfB0fTBHKYnQFxfjswbs/RWb0ls2rDSrKiu
-EMY
---- r/skch8YnhjrKAA0ci41aENgMTgDOm38LRxiAqsbClc
-�qh�����щ2�Oŀ=��UO�����d%�ƃ
y�p5��2�����-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-bahn-richtlinien.age b/secrets/desastro/restic/syncthing-bahn-richtlinien.age
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> X25519 PQGZdBI1vUCz6cPtqp0IWlAnSuv9jWXS7UDJuwaITV8
-ea/8PDHSuA8sv72/KexXeK7i3ReLbrJ8kEg0zipRPqI
--> ssh-ed25519 VgQ62A tEGkGit2P5aXRn6H1BBAZjXf7eKvaCmBL31n+LibfE4
-tlJeqPOBpdcAjdZUuRYvcX1iBiaCAG3xIgifMBzkXI0
--> 5%Kuf0A-grease #|h- <_O |N[ *\-K"
-EcMrFUZo4D9oMYI0Ka7MbdR6ERDBXSuE62Tp95T85KRWwVznkGKF1lZE+7EuOFUu
-zalQ42rm4w
---- Uu+7m/5GQWSPmCoBaXojeLaupnMeyGbxmju8AguFUTc
-B�%��D�x	�:
^[e�"�F�9_pf�tU�s_�]z�ny"!��X(-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-blechelse.age b/secrets/desastro/restic/syncthing-blechelse.age
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> X25519 WnrAOPOhphsgiMAtragJ5bRnNxDjRXkDy2XB6aYeRW0
-9Gy1qfeDww0cRlT+rT3d6uhpi14lTAun0R3yn+b7adM
--> ssh-ed25519 VgQ62A 4HlBhp6xBuvtpftUZ/yr6FdVCgsKdsN8K0DXuM11Ex8
-wFWphYprVBIZB1K7P7gCRI974KzarIyj2TIMuZU8xdk
--> Q2Iq-grease LW^^@?in
-6F3GlGBq8Fia5fHhtk5sVewex4a3jCbGL+0IO0pPGNFnr6E+EA
---- BWMCWMNg4kXDOdxmHn4HysmsOnoTDnON8+Aqf9A2K/Q
-�
-��r��q���T�Q<n�92�Qy뺧������-G�IL�s�}�1���ԙͬ�+f��%��^�:-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-cutieshare.age b/secrets/desastro/restic/syncthing-cutieshare.age  Binary files differ.

diff --git a/secrets/desastro/restic/syncthing-documents.age b/secrets/desastro/restic/syncthing-documents.age  Binary files differ.

diff --git a/secrets/desastro/restic/syncthing-media.age b/secrets/desastro/restic/syncthing-media.age
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> X25519 jsZK1bhzXjR+0l/USiPjjetowJfUC7NUHGjvlCp2cGM
-+j8brl/4sN9yTCvvv3woIY2cHLGov814E5TBb8SOfLo
--> ssh-ed25519 VgQ62A 44VFsxZxNAxIzBNEDM5xY8rk7f6Ceaadbln250Qye0c
-3grbs2qaVFKejiso2sYpPM24CG2rJbS6NWGk5wuFHJM
--> ^4.^4D-grease P &Dy m0K^; i>y|sV"
-z8htFD+iGmyH5k0aQ2i+v8U2DVOT+Uu9w2UwFa84WocvcsnvXsSmry+4+ycGukW+
-54wPxZBhRKoyVPWAuLI2N8JFWPMczKhrVeWPBw1YDAy/MoXzUw
---- tNFytdoG5B/BrzDbnxr2w3jEVmxVf59jEVRUXy806sM
-Kk�ҭz��wy�rg���q��v����zVi#^�WL�>"�p�)
-��\-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-music-orig.age b/secrets/desastro/restic/syncthing-music-orig.age  Binary files differ.

diff --git a/secrets/desastro/restic/syncthing-music.age b/secrets/desastro/restic/syncthing-music.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 xIsmw27ie6u5vbtvbA3HxwIMfnEuBaRxfr9a+GE5WF4
-myQf45Z5hG+7F1CFMnYtxUY2DX4S9V19Jw+Qn7/Tjl0
--> ssh-ed25519 VgQ62A WTzKwaZHTBaQHgDr/Dp7AKVripMa1v9y2BZt2aDPInM
-2IJR1ouBMxqwRyuhpKHJJggFYyeXnVV53xydrOb05Zg
--> _2l.8-grease
-D8sS9wV5d3pkwmHOaw8AfAlycbLbsjfUOscl1n1D
---- 0T4eaYArAz/pUimE8jDbMh0chooUPt3QQZ7LBcJozjU
-���O�T�X?%%�v���̀,o*Ư�h�g���t׎�U��@��]E-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-pictures.age b/secrets/desastro/restic/syncthing-pictures.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 cZXR1o7Ich4mB6OxwK301PKecpxTXET6xyIt0x/P5Xg
-qyVdcdAZUMlGnq5RHpPiP2bRWuq+nvI9RMIQ2IajOGQ
--> ssh-ed25519 VgQ62A LIUZ8ji1xIlAhcrZfOMWbHYCnw3wvvZ5M6CP43jJwzQ
-1pT8dzX44VL/aopBvA7IUvTzkCwq4rUqIBzahHhHtr8
--> HgHU9@Z-grease J- *ull
-99MJaGJlVp5oVSkrQrbaYNuIIBmn
---- 4zJm3R05IBicizdliew6shP9zn/j7e1EUVDuzwm7msA
-�;:�n���x���hfWO)
o� sC�A
��
�o{�g>~&w\_6\�-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-wiki.age b/secrets/desastro/restic/syncthing-wiki.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 BWOkhN/WsI7rgiH3Z1URZM0mnkNJRnPBsThTO9/nSmA
-c/Ajs6/5INmGqBlTqoxB5XlAS9zn6LJEnNQ57yjmU7A
--> ssh-ed25519 VgQ62A savLtaQdEnolt38FoWb+LQavHo5itE4pSQF3OZFbAHs
-/oVLPUApxyKmf+M5yx9tQVGpuqQ37vGaUHUna3mMOCc
--> kH-grease i d s|rt.} PdA
-MHzmSAk+uihCv+gK2Effb1iPs5gzmk0fswEBdFNR
---- JwOaOBezocDzY9qjyT7x4xkBMIt1KMJz/1atNOEHA3I
-���W�
+��/Mp��j$��aI?n�Y���L�3yį���(D\�t�-
\ No newline at end of file

diff --git a/secrets/desastro/restic/syncthing-windoofs.age b/secrets/desastro/restic/syncthing-windoofs.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 aAxZtFiwKx+1F4D7zUQ8K2Iu3NW/jzBsBGyZ30dmH3U
-4309tNMtE7rrN1OGYYjv2YiO+j51U5F31CldqMC9iWs
--> ssh-ed25519 VgQ62A tuN7wafThsiQrVFPmWHozVCBPli+2RGWz0OErevyxGM
-0ZeOQx09A2iqqzw2CcUrUH+Ws+/cJKK8wGB8Iyut5aI
--> tQvLVC-grease
-
---- 2yTecx3LBjz+1CH41ATHurDm81JHpCqgrWJLO8rwFZ8
-�^��:��+`��
J���Y��E��qf�A��o�6TL��Y� ��Ι-
\ No newline at end of file

diff --git a/secrets/desastro/syncthing/cert.age b/secrets/desastro/syncthing/cert.age  Binary files differ.

diff --git a/secrets/desastro/syncthing/key.age b/secrets/desastro/syncthing/key.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 Ntwn5N5FV43MLBHPHixscGr0jT7hngAe1WaRgczvBXE
-NTregt7VaQCrM4PmKUdpEWZafzJw32WqJqJo60BP5XU
--> ssh-ed25519 VgQ62A eI58MSc49M7WQQDQBZvaM61W9GKd8KyuQHBnIn6Pfw8
-fsIl2EkIyqTe+0qEGhr7kfdevs4iQIUC5kJrLx0ccI8
--> `/@}-grease Glmq nvr; 7% {nt]fR_@
-nyjr8+ytjw
---- Uozu3EKsC/s60vzyOw81Ks442S27W/mlL/skyZKFYTY
-�lYƚ���lG7�D#�|媴�K�E�g lT���������Ra˓�0���H����>-I:�X��,�+�z���]��z�h�i�!ϻ�1_�@����	����y8X��o���ÜqH�����Z�[�Gm��&Mq�w��h�=�y��T��O�������3bu��OD88W�t�����(�Z؟�X����Ɗs��e["�����R�97رuy���̫h5xAQ��#g8���	�^����+}���$�:��;��PNbe�y+�?��Z�l�m�٪''OVeq��{��}�y�e4mבk�
 ����-
\ No newline at end of file

diff --git a/secrets/desastro/wireguard-privkey.age b/secrets/desastro/wireguard-privkey.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 WbsxXRTbGUYpa7nCc67mTbkPYX8tfv7ZiefQfqfYCg0
-R8xPk7D4ez/Ai3kHAWik0BuYdTgWZCZb05PPBcs6s1o
--> ssh-ed25519 VgQ62A FH0aknKzK3SV74OIgCHL186DYbdsODGEnm4XeYgdzFM
-AHKf35Id0SQHSZ3IIWpo2DwDsGmv4ySfCjrWlIj1tIU
--> e_dSL-grease }KyS|N2 H7SS k
-ZrqxiFZUW+TUzaWaKLq1Kwk3h1E306Azo08Jeg
---- aLunpxQrxYj+Avv9QTwCC8d/g5/FNto3uUh3WQD0b30
-Q5(ĨP�7���]�S^bH�xg�|Z�*s��Is��z�%�*\��T�U�K{,_ �}��\zl�Ҋ��^d��-
\ No newline at end of file

diff --git a/secrets/passwords/leah-at-f2k1-de.age b/secrets/passwords/leah-at-f2k1-de.age  Binary files differ.

diff --git a/secrets/passwords/leah.age b/secrets/passwords/leah.age  Binary files differ.

diff --git a/secrets/restic-server/desastro.age b/secrets/restic-server/desastro.age
@@ -1,16 +0,0 @@
-age-encryption.org/v1
--> X25519 Lph4an/k60lKHqAKO61VHXfni3hevXDE9LRxI9YoWRc
-GmhStNiTZvhdi7KXQwlBWQRDMDC4aDfKTMEIAawT3nM
--> ssh-ed25519 V0uUrw MwLUXRcYy3duiKQRQKMoqNaH9bVlAsXxIGH+rgskC0A
-Kb12RzlGbrB6c4BFYKLXGRbwbr0mdqFG5uG6uQvAtM8
--> ssh-ed25519 NrwbpQ cWRDzNAi7Kyzg84Nc3+Pz4B2dF6y+p91gcLEzi4X11c
-nCgI9aUhOQdt7PqNk7ievglZrNgqfDw5CoWvI+SPh1U
--> ssh-ed25519 1rccKw C10ylqKblVjuG6ogytnX7gwsU4EaRWYIcDKrK0WBpDU
-rS27EzL9JkIgCyLQ4zM75XWCh/qLnFYWo1Zlp3Lm6QM
--> ssh-ed25519 2LuoZg BpJdUQ1aSjkB3WR1FY6FAmpkc0d0PSMRR5j7gqNIqDA
-uWfJw1Hce7gB137y0Q/rBp7qT386yxs42k+kM8Qa0z0
--> ^1TniAU-grease z?= ~&=2FJL 7=
-JiyqtYH9040TXnCI8R7NmR4AFPivPuArTMMwsX6K1D3fvTjGR6A7bvWbgj8gXBDh
-jaWG/5P+
---- l65XrrEONj/Ia5wrZ7A+CrlWerlPehIJ2sHdJFmwxPo
-�!�
㎍]U�{|���]4��1B(�tv��~E(�wW�s�ϩ-y�pW���uٚ��b������n��8�Y9�&v�7��Y?-
\ No newline at end of file

diff --git a/secrets/restic-server/hector.age b/secrets/restic-server/hector.age  Binary files differ.

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -5,20 +5,18 @@ let
   #servers
   lollo       = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9YnaIwC5gjlp/ETI6lmpwCYfstnX+DZEt0ZDhQKuwM";
   lollo-old   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNCdn6aHCgxG1tq5f0XPvQ+lIgsQ/3gzT6FNvokOIgX";
-  desastro    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEniZFbgj9w7fQ+MhTnE83MatgcuDI7c7qqx05DTQcun";
 
   trabbi      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLBBZJ9/644d71E8A7IFU7dvDHI+OR/7q79KvqmI/i/";
   wanderduene = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+HWYkFCmuHR8HeExYXc2L9CxRdvYZ1UCkbbeDCvF0u";
   hector      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWH8uGtxkYfv3CA5Q3qqOvbaTvp9KItrdSiKXZdDUsx";
 
 in {
-  "passwords/leah-at-f2k1-de.age".publicKeys                  = [ leah trabbi desastro lollo lollo-old hector wanderduene ];
-  "passwords/leah.age".publicKeys                             = [ leah trabbi desastro lollo lollo-old hector wanderduene ];
+  "passwords/leah-at-f2k1-de.age".publicKeys                  = [ leah trabbi lollo lollo-old hector wanderduene ];
+  "passwords/leah.age".publicKeys                             = [ leah trabbi lollo lollo-old hector wanderduene ];
 
 
   "restic-server/lollo.age".publicKeys                        = [ leah trabbi hector lollo lollo-old ];
-  "restic-server/desastro.age".publicKeys                     = [ leah trabbi hector lollo lollo-old ];
-  "restic-server/hector.age".publicKeys                       = [ leah trabbi hector lollo lollo-old desastro ];
+  "restic-server/hector.age".publicKeys                       = [ leah trabbi hector lollo lollo-old ];
 
 
   "lollo/mosquitto/passwd-leah.age".publicKeys                = [ leah lollo ];

@@ -49,25 +47,9 @@ in {
   "lollo-old/syncthing/cert.age".publicKeys                   = [ leah lollo-old ];
 
 
-  "desastro/syncthing/key.age".publicKeys                     = [ leah desastro ];
-  "desastro/syncthing/cert.age".publicKeys                    = [ leah desastro ];
 
-  "desastro/restic-server-htpasswd.age".publicKeys            = [ leah desastro ];
-  "desastro/wireguard-privkey.age".publicKeys                 = [ leah desastro ];
 
-  "desastro/restic/syncthing-audiobooks-orig.age".publicKeys  = [ leah desastro ];
-  "desastro/restic/syncthing-audiobooks.age".publicKeys       = [ leah desastro ];
-  "desastro/restic/syncthing-documents.age".publicKeys        = [ leah desastro ];
-  "desastro/restic/syncthing-music-orig.age".publicKeys       = [ leah desastro ];
-  "desastro/restic/syncthing-music.age".publicKeys            = [ leah desastro ];
-  "desastro/restic/syncthing-pictures.age".publicKeys         = [ leah desastro ];
-  "desastro/restic/syncthing-media.age".publicKeys            = [ leah desastro ];
-  "desastro/restic/syncthing-windoofs.age".publicKeys         = [ leah desastro ];
 
-  "desastro/restic/syncthing-bahn-richtlinien.age".publicKeys = [ leah desastro ];
-  "desastro/restic/syncthing-blechelse.age".publicKeys        = [ leah desastro ];
-  "desastro/restic/syncthing-cutieshare.age".publicKeys       = [ leah desastro ];
-  "desastro/restic/syncthing-wiki.age".publicKeys             = [ leah desastro ];
 
 
   "hector/restic-server-htpasswd.age".publicKeys              = [ leah hector ];