commit e4b4de6fcf3adb3f6167cc0835177b3477864821
parent f0a8d9abf6d38ffe63790a78f110e6acf88097fc
Author: Leah (ctucx) <git@ctu.cx>
Date: Tue, 13 Jun 2023 19:38:52 +0200
parent f0a8d9abf6d38ffe63790a78f110e6acf88097fc
Author: Leah (ctucx) <git@ctu.cx>
Date: Tue, 13 Jun 2023 19:38:52 +0200
machines: move `wanderduene` to a new server, keep the old server as `wanderduene-old`
13 files changed, 269 insertions(+), 101 deletions(-)
A
|
145
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configurations/linux/services/dns.nix b/configurations/linux/services/dns.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ...}: +{ nodes, config, lib, pkgs, ...}: { @@ -33,8 +33,8 @@ # TXT = SPFApple ++ [ "apple-domain=8Z4zfabXhvO0cjZi" ]; subdomains = { - ns1 = (host "89.58.62.171" "2a0a:4cc0:1:2d7::1"); - ns2 = (host "46.38.253.139" "2a03:4000:1:45d::1"); + ns1 = (host nodes.trabbi.config.networking.primaryIP4 nodes.trabbi.config.networking.primaryIP); + ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP); blechkasten.CNAME = [ "blechkasten.home" ]; "internet-of-plants".AAAA = [ "2a0f:4ac0:acab::103" ];
diff --git a/flake.nix b/flake.nix @@ -47,10 +47,11 @@ defaults = import ./configurations/common; - briefkasten = import ./machines/briefkasten/configuration.nix; + briefkasten = import ./machines/briefkasten/configuration.nix; - trabbi = import ./machines/trabbi/configuration.nix; - wanderduene = import ./machines/wanderduene/configuration.nix; + trabbi = import ./machines/trabbi/configuration.nix; + wanderduene = import ./machines/wanderduene/configuration.nix; + wanderduene-old = import ./machines/wanderduene-old/configuration.nix; }; nixosConfigurations = (import (inputs.colmena + "/src/nix/hive/eval.nix") {
diff --git a/machines/wanderduene-old/configuration.nix b/machines/wanderduene-old/configuration.nix @@ -0,0 +1,145 @@ +{ nodes, config, lib, pkgs, ... }: + +{ + + deployment.buildOnTarget = false; + + documentation.nixos.enable = false; + + imports = [ + ./hardware-configuration.nix + + ../../configurations/linux/services/prometheus-exporters.nix + ../../configurations/linux/services/dns.nix + + ]; + + networking.primaryIP = "2a03:4000:1:45d::1"; + networking.primaryIP4 = "46.38.253.139"; + + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP); + + age.secrets.wireguard-privkey.file = ../../secrets/wanderduene/wireguard-privkey.age; + + boot = { + loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + initrd.network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ /etc/ssh/ssh_host_rsa_key ]; + authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); + }; + + postCommands = '' + ip link set dev ens3 up + ip addr add ${config.networking.primaryIP}/128 dev ens3 + ip route add default via fe80::1 dev ens3 onlink + + ip addr add ${config.networking.primaryIP4}/22 dev ens3 + ip route add default via 46.38.253.1 dev ens3 onlink + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + }; + + networking = { + useDHCP = false; + nameservers = [ "8.8.8.8" ]; + + defaultGateway = "46.38.253.1"; + defaultGateway6 = { + interface = "ens3"; + address = "fe80::1"; + }; + + interfaces.ens3 = { + ipv4.addresses = [{ + address = config.networking.primaryIP4; + prefixLength = 24; + }]; + + ipv6.addresses = [{ + address = config.networking.primaryIP; + prefixLength = 64; + }]; + }; + + wireguard = { + enable = true; + + interfaces.wg-mikrotik = { + listenPort = 51820; + privateKeyFile = config.age.secrets.wireguard-privkey.path; + generatePrivateKeyFile = true; + postSetup = "ip link set dev wg-mikrotik mtu 1500"; + ips = [ "172.16.0.1/24" ]; + + peers = [ + { + persistentKeepalive = 10; + allowedIPs = [ "172.16.0.0/24" "10.0.0.0/8" ]; + publicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY="; + } + ]; + }; + + interfaces.wg-briefkasten = { + listenPort = 51821; + privateKeyFile = config.age.secrets.wireguard-privkey.path; + generatePrivateKeyFile = true; + postSetup = "ip link set dev wg-briefkasten mtu 1500"; + ips = [ "172.17.0.1/24" ]; + + peers = [ + { + persistentKeepalive = 10; + allowedIPs = [ "172.17.0.0/24" ]; + publicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY="; + } + ]; + }; + + interfaces.wg-stasicont = { + listenPort = 51822; + privateKeyFile = config.age.secrets.wireguard-privkey.path; + generatePrivateKeyFile = true; + postSetup = "ip link set dev wg-stasicont mtu 1500"; + ips = [ "172.18.0.1/24" ]; + + peers = [ + { + persistentKeepalive = 10; + allowedIPs = [ "172.18.0.0/24" ]; + publicKey = "Sh5le4IsR5jW1+jSrR5N/dcuTE+OEcEB6ou7bqwriAg="; + } + ]; + }; + + }; + + firewall.enable = true; + firewall.allowedTCPPorts = [ 5201 2201 2202 2203 ]; + firewall.allowedUDPPorts = [ 5201 51820 51821 51822 ]; + firewall.extraCommands = '' + iptables -A nixos-fw -i wg-mikrotik -j nixos-fw-accept + iptables -A nixos-fw -i wg-briefkasten -j nixos-fw-accept + iptables -A nixos-fw -i wg-stasicont -j nixos-fw-accept + ''; + }; + + services.iperf3 = { + enable = true; + bind = "172.17.0.1"; + }; + + system.stateVersion = "21.11"; + home-manager.users.leah.home.stateVersion = "21.11"; + +} +
diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix @@ -4,6 +4,8 @@ deployment.buildOnTarget = false; + documentation.nixos.enable = false; + imports = [ ./hardware-configuration.nix @@ -20,18 +22,17 @@ ./reverse-proxy-briefkasten.nix ] else [ ]); - networking.primaryIP = "2a03:4000:1:45d::1"; - networking.primaryIP4 = "46.38.253.139"; + networking.primaryIP = "2a03:4000:66:f61::1"; + networking.primaryIP4 = "89.58.41.187"; dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP); age.secrets.wireguard-privkey.file = ../../secrets/wanderduene/wireguard-privkey.age; boot = { - loader.grub = { - enable = true; - device = "/dev/vda"; - }; + # Use the systemd-boot EFI boot loader. + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; initrd.network = { enable = true; @@ -48,7 +49,7 @@ ip route add default via fe80::1 dev ens3 onlink ip addr add ${config.networking.primaryIP4}/22 dev ens3 - ip route add default via 46.38.253.1 dev ens3 onlink + ip route add default via 89.58.40.1 dev ens3 onlink echo 'cryptsetup-askpass' >> /root/.profile ''; }; @@ -58,7 +59,7 @@ useDHCP = false; nameservers = [ "8.8.8.8" ]; - defaultGateway = "46.38.253.1"; + defaultGateway = "89.58.40.1"; defaultGateway6 = { interface = "ens3"; address = "fe80::1"; @@ -144,8 +145,8 @@ bind = "172.17.0.1"; }; - system.stateVersion = "21.11"; - home-manager.users.leah.home.stateVersion = "21.11"; + system.stateVersion = "23.05"; + home-manager.users.leah.home.stateVersion = "23.05"; }
diff --git a/machines/wanderduene/hardware-configuration.nix b/machines/wanderduene/hardware-configuration.nix @@ -14,18 +14,25 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/c5db3732-3c1d-4b93-96be-ee288525fa31"; + { device = "/dev/disk/by-uuid/2aa59099-e383-4a66-acfb-37cd85d31d64"; fsType = "ext4"; }; - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/b19a5e06-b540-4c2a-acb9-dcc969c50fe6"; + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/8d24523f-4d43-4354-a46f-de7a449e1ff4"; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A855-01F5"; + { device = "/dev/disk/by-uuid/0A3A-948D"; fsType = "vfat"; }; swapDevices = [ ]; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}+ \ No newline at end of file
diff --git a/machines/wanderduene/reverse-proxy-briefkasten.nix b/machines/wanderduene/reverse-proxy-briefkasten.nix @@ -20,6 +20,7 @@ let "music.home" "wiki.home" "things.home" + "travelynx2fedi.home" ]; in {
diff --git a/secrets/passwords/leah-at-f2k1-de.age b/secrets/passwords/leah-at-f2k1-de.age @@ -1,16 +1,18 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmazcxQUp2NlBnWk9qa3g5 -RjdYU3NBU1RRZjZlci9UVkQ3MGFnQlZJZURRCk5tbTRVa25ZdFhTenpsb3NKcDIz -dnJmQ21Oeks1MkJaMEJkUFgxRVJnYVUKLT4gc3NoLWVkMjU1MTkgVjB1VXJ3IG5h -cFRScXVSUDFmcVdTeTZTbldiQ0gzcnBoV1hpV2tNeTdscFRaUFFTaUEKaTNhZ0tl -ckZuQ1RYNGVMS0JRcC9JNmEraXhCOWtTQzd0Y28yNGNaRUlQRQotPiBzc2gtZWQy -NTUxOSA0aEtDTXcgemNBMVdkd2x2dmZEYmdZZThRczkxMllCckhHNS9ObDV3KzRn -TUtoYUZ5cwo4Vi9oZkU4QzFadWhBN3VlWE1oZWEyd3p4a1hMTnhoTkN6Sjc4NnZs -UHJ3Ci0+IHNzaC1lZDI1NTE5IHNoOFBPUSBBOHRkaUdmUFBhbnk3Q3R5V2l3bHU0 -YUlpRnExTVdCaDh5ZHorcS9qSXl3CnBWU3RFV0Q3WjluUXl4bDNmMHpJNldCaEdF -WmwxanBTb1dBNjRaTUhJVTAKLT4gTGJ5KS1ncmVhc2UgRS9+ZCBKLENScHcgTmNA -IC9bPmZICkxZNzhIeTI2dWJMVVpIZHVMNmdBZ2FCaHQyMHR6OGJQMm9lUG40VjRx -TmRJTDFQUWhZSmZxMk9jazZwY2t2MGkKQkVvCi0tLSAxNzFzQnJFa0NqdGNRL1B1 -ZktTT3YzckVmeUlMT2UvYzJ2QTIwYnhWOCtBCmAutLM8zpZ2B2utUq2D2A7NX2W0 -bHS5maw752QURlCtxXWQosCl9pZ1imOptMTWo64= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGd09SbG1NMzZ1R0o5c3RL +cTVoY3Bwdjh4RVk3MlJMNzV2dUIvc1QxMFNvCjhPUXpldThpN003QmdlcDV4aS9L +QjdkMUhoQXlXMWo4OU83VHI2WXNqZmMKLT4gc3NoLWVkMjU1MTkgVjB1VXJ3IFFL +d2Zjb0JtV1BCN2doS0psSVlUaC9TeHBqOG9WMmVTRUVrWitGa0FURmsKSEZONE80 +VGpyUW8xenN1Yml4WWgxQnJPRU1LWDc5K1Y5dWp2d3RqUHIvVQotPiBzc2gtZWQy +NTUxOSBaY3hiNmcgcjBmVlQyWEgzR2ZsbmxPUm03d081RkZUQWtZcFg5SlNUQmhv +TVFuN0syNApNWC80RUVnY25uMTJuSjY1KzNYWGRRSzZXNlFic0FPS0pmSWVpN3ZZ +NnVNCi0+IHNzaC1lZDI1NTE5IHNoOFBPUSA2bThFcjJKTG8xRmV4ZC9hbXlqbnY3 +TUJIdDBOZ281cVRjbDMza0MyQ1JFCm05WUhKUTNKajhCWWFxSTNCQmQ0TjlxTUUv +bTF0SkRLSE13c1VGaGxOTHcKLT4gc3NoLWVkMjU1MTkgNGhLQ013IGN5SVo4ckhs +aFh1cEREdk9yZm95Z0ZqekREWFErWWpxb3Qwb3hhMXBaVEkKME1uQW9aU1VNNlFp +OStEQzN6MGNBUHNZdGhOMGZUYytSQ2Era3htWEtwYwotPiBNamx+U3AtZ3JlYXNl +IEJdK1EgaDdyPS4gMmA+bEkKNlJNQnFIODZ6TFkwWDI4eXNaZnFNWUVnQlJadFpX +MGZBWVZkYUg1eUN5YwotLS0gc1owbFlaeHljc1lKdHVYT1c0RXlzNEU5WW1ldHpH +ZE03NFdzK0pVVGpQbwp7bqmgn4/0wfymYi0say3UcwKwohQYld4mMaYnAsGPNVXm +CT+gWsdN+DOmQvW9C8PI -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/passwords/leah.age b/secrets/passwords/leah.age @@ -1,19 +1,21 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cTVUK04wM01sYWhkNTN5 -UWpvOXdvN3EvMHlNdXV2L2xHbmNYNm9iWGhzCmd6MGZCb3BrOStmeUxJZU9PT3Fs -azZ2TXhDK3JxTm1MM3ZFOEdFb0VKakkKLT4gc3NoLWVkMjU1MTkgVjB1VXJ3IHhM -RUFLT0xKSkQzTFVLYlpQRzN5UURMZThFR3c5cCtGekU3c3hINm5reW8KTXNVb2x5 -azNNSnBFRFBVZFJ0TVRYc3pQTVFFbEI3VzhvMmRxYVFoWEZpRQotPiBzc2gtZWQy -NTUxOSA0aEtDTXcgRGQ2cHR4cUFFaXY5a2lYcXJaTms3T3Z5emRTUHhSUlhSQWpY -RWdHOU5GWQpJcTBNN0FJSW9rYlhoNEpDWit4emZMTTcwNmlrYm1kdW53dkFuYkVk -Z3Q4Ci0+IHNzaC1lZDI1NTE5IHNoOFBPUSBCWDNtc0RPbnQzYm16SVF0ZmZlYVdK -eE5ZUmhMU3VsMWR6VlVadzUvbGcwCllNRDJVTEVJbGxMdmx0VjZWM0lUandEbEps -KzFPYXQ1QVcwZXRqcVVEOEUKLT4gc3NoLWVkMjU1MTkgbTNIanVnIFh0djV1ZnVC -ZjZtTE1XRlVKWXFCak9rUkNWK3dydHZJVlhuVGpYVEF6a2sKWHFvbXYvb3FrS2tz -NHRJK3ByYSt1Z0MxWGo1dWpqWitQRzFWL1VmVmRkSQotPiBsLXBceC9ALWdyZWFz -ZSBqJy5rbih3bwpxcisrNDladEpBCi0tLSBES0RPZnoxN01QS0N3YWZWcHRFR21K -bVI3MjNYc1lVTDBiam5YTDFQeWNzCnVoWbEmrnbOwZ41Lu+kL/XXSBmqs4E74sHk -nELMrbwI0L80vS0u0PIKjEU7IG6ln33ogXC6ATkOZLfBCATvQ5hXef/yEfLMLNdc -ifXEPQeabXXkSeBWCCSIY/bzjdqszChAMN+SfKxeA8zt2U7lNbzZWYC0tM/J5ngU -0O++aD5uAhy3YWVALqJpkg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUU1iVTBTK2d1cTkwNEpY +MnkrT3dLeko1cUtVNk8wTnROSHJLNnNMK1dFCmdvRURyYWZHbVRtRlBvM3FRVzhi +Vjg1UksxSkxWdEdkZnBUd3ptZnVJMDQKLT4gc3NoLWVkMjU1MTkgVjB1VXJ3IGV3 +Ni90WFRibnhHTmIrTkpWQXpjNzdObjNQa1dNejNZS1M2WVBHQ2J6bDgKcU9YeDJr +VlpXMFZSaTRBSGdpWXVNSHNHMmppeGdtejYxK1VMSnNYQ2VxRQotPiBzc2gtZWQy +NTUxOSBaY3hiNmcgOEZ5TjZpb3ZFazBuaEU4Q3k5aWJiajVCL2NWNFN0d1dTbC85 +VW9FajQxQQo2TGM4WU1nZFdEaDBzRWdYYThob2NCMUovRHBLelpQeUtaQnBVUE9I +UmUwCi0+IHNzaC1lZDI1NTE5IHNoOFBPUSA4V0xyT3BwODl5SlBNSGxENlh2MWhP +cVd2WjdTRCt5N2JqZXdlKzdxaVQwCnVFQUtHV3dkMllxOG9jVE1mb3AxQ3pwS2ZK +TmU1M0R1T3BUV1pXRE8zdlEKLT4gc3NoLWVkMjU1MTkgNGhLQ013IGZnenBiWElS +cm9Ud2JISVJJU3AzaDBZajNOMFp4UUx5L1d0SjFGUzRzQWMKZ1VBUGpYekRJUXhv +Y3Z2ZlVNM2tNR3lzMWdqTE9BdDdYbG5qcnRxZnlCTQotPiBzLnItZ3JlYXNlIGl2 +VQpydEtzSGpCTStMcEZCMmFTSmlDK3Z1YXgwT3B1WnlZbnBkdzdoaFgxK3RCZEJU +S043bkMyTGxkMmJOYy94OEc4CjlaTGxxV0Zlb2VQTnpUR3VsbDRvc1BZS2xMcy9j +WTVabCtaWGo5eWpQZ0JPMlBVWUNaOAotLS0gaVVQbXVTckRaUTNsbVFCeEZUYThF +dlhxWk95UEwwM0lzTmMwclAyNFRScwovV9odv9RliL7A9yIJhpEbFRcub05mAFAj +vVZ3wb3/ndfhQLbFItQ98MKXz7ngm1HfGmlCXMzTirn+Fxx7KeLtJI8SpdGWl7h4 +UE5FB2MRcNaSEko5sN9rpXHV/JvrKTm9ZHzra2RM1NF1gE48DHgDfLDnmXWenZJ2 +Qw84LVr6y4rfGR04Nwz8MyE= -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -7,12 +7,13 @@ let briefkasten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8mi9ZKPdhn20g9gyxE7NYBq/vAKemW4lhaQlLw5QVc"; briefkaestchen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6TmPYuTFIVnLZx6MxnGcRkxC6fRuEqKlLQjMmQHHkE"; - trabbi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLBBZJ9/644d71E8A7IFU7dvDHI+OR/7q79KvqmI/i/"; - wanderduene = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+HWYkFCmuHR8HeExYXc2L9CxRdvYZ1UCkbbeDCvF0u"; + trabbi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLBBZJ9/644d71E8A7IFU7dvDHI+OR/7q79KvqmI/i/"; + wanderduene = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEff3QkAesMYwquc49H5e2CjRH9Dv50/DjzqpCw97lPQ"; + wanderduene-old = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+HWYkFCmuHR8HeExYXc2L9CxRdvYZ1UCkbbeDCvF0u"; in { - "passwords/leah-at-f2k1-de.age".publicKeys = [ leah trabbi wanderduene briefkasten ]; - "passwords/leah.age".publicKeys = [ leah trabbi wanderduene briefkasten ]; + "passwords/leah-at-f2k1-de.age".publicKeys = [ leah trabbi wanderduene wanderduene-old briefkasten ]; + "passwords/leah.age".publicKeys = [ leah trabbi wanderduene wanderduene-old briefkasten ]; "restic-server/briefkasten.age".publicKeys = [ leah trabbi briefkasten ]; "restic-server/wanderduene.age".publicKeys = [ leah trabbi briefkasten ]; @@ -87,8 +88,8 @@ in { "trabbi/mail/password-mail-zug.network.age".publicKeys = [ leah trabbi ]; - "wanderduene/wireguard-privkey.age".publicKeys = [ leah wanderduene ]; - "wanderduene/restic-server-htpasswd.age".publicKeys = [ leah wanderduene ]; - "wanderduene/rclone-config.age".publicKeys = [ leah wanderduene ]; + "wanderduene/wireguard-privkey.age".publicKeys = [ leah wanderduene wanderduene-old ]; + "wanderduene/restic-server-htpasswd.age".publicKeys = [ leah wanderduene wanderduene-old ]; + "wanderduene/rclone-config.age".publicKeys = [ leah wanderduene wanderduene-old ]; }
diff --git a/secrets/wanderduene/rclone-config.age b/secrets/wanderduene/rclone-config.age @@ -1,23 +1,26 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZUXBjZ2kvYXNwV2gvcUhS -ZG1vWkhWSTNQdnl3OFhpQ0hPTEdTUm9hVHpjCjFEZlE1b0lpVzRnYWxJQkxvZXBF -eENnUUpIVDR2anlHK2gvaVZsL3FQaEUKLT4gc3NoLWVkMjU1MTkgc2g4UE9RIHVv -amk3aHRlbG5jUFlNSzIvK01NUy9QNi8rL3c3SEF2YlNiR0hkd3I1UmsKZ1M0eWJR -L1FMeXREK1BRQ0xVL1ZFcnV5cVA2R1NJLzJFOU1COS9RbE9tUQotPiBgWEN4aXdd -LWdyZWFzZSB0IFAyN3ovL0REIH0lU3steSkKRDJDc2FuTXQ1VXJHbkh4VUNYcW1r -QithNDBQSVBCa2NEY0psS2JySmozZmsyOUk1WDF1ODJnCi0tLSAvSTJhQXd2Qmt1 -R3UvM3NSNzBPOWRYT0E1bmJIUUEzT1M0N3BaY0RZc3ZzCpb1gfdpKDvMVVmMtf7P -l+RX4oU52nXyF9+5tC7zQbIPnUUcb2yzZK7avNwpB06kE10bPaQXGjmPnC2gUcij -cu/h/MJsLThE5C2dD3Qi2jC7s2om1hEPc+3NdUC8uv6oF/f0OofwE4GGo3Eo6nWe -P/Pkshhp2yJWjCU5S+pcLpAgeWrsHDpMOkBkFsZ9CPsr8aq/b83ZfsQvY0W8i57x -ZuMq7MjGvVDsP/f1WJxV4eYkHxv0RCNa1+AZB8Wv8/K/K+/viuKljZsq8zT0zNDu -gcET2go+MswvzXinz2WQML6eK2LRlDBZVzUkvx4f0M1r69jMoc0U5StMJKeFaTq8 -KV8EpfY1uXuReQIOHKSj6v52BNFadwnMQkqHcYaByj+Ph697mzLbWwbcczUGm2cr -Yv2HHcqlmo97BV0LumLzerLnpYRMzu57VmJ5oITYpQo5eRlIxIv8B/GB7u7bzgQ2 -4AQCS9YbzTFFImxWmdASN9pRzV8YR/96FwUWz9eG/YEhQoAynEwka/TriFzligUW -NNDNTxthjj4ZBfBmTC80hmgmpcs5e+YDJoo5Gus/jTIfD644m21vcvfqCN6y8p7S -I5L6LUTl7kgSjLF67wzmr8Np0sK+rL39wz7vqcbQVwzUiqnAhmRNrK2Daen0Yvnl -aefTCUW5xSuSikthtoGFzFxklZW0lAal1BmZuFNWWgOKepgT+wyihpW9Yvbj5I2V -gtKFZAxhrFNLGdpzmukMA6iUcgo61r4iQZzScq4eQg0xEip7ej7B2uRg9L1uS4DU -ceUJltxBHD4+juxH3l22 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNWR6YjFyK2lDRU16cVAr +Wit2UzByOE5CQWhEVm42dUtPSlB1UmFGRkFrCmVJNVRLZlJGZUptRnd0bUZ5VUNv +TkNTemlDL3NpQUpIZnFUSlZxQXdSUG8KLT4gc3NoLWVkMjU1MTkgWmN4YjZnIG15 +YWRPSGEwNUNCMHFxa21pdExRQUdOdHZ2b1lJTWkwRXp3aGxma2JTd2cKRVZmenZm +MktHLzhjdjBRR3plcUVBNTU4MUxWRDhLOWFGTzZHMm9zblRJTQotPiBzc2gtZWQy +NTUxOSBzaDhQT1EgK084Y3grZUxXMHkrUkFNKzYzNmtSQ0FOTEhMeE5za2JmakVQ +akRHbXZRVQo3MUVDdGxHa1FXaUIyeWdaaithbldPODNISlhwbWlDemtYV2IzaTVs +Z2tvCi0+IChvIVw8VXZBLWdyZWFzZSB4T0kyV0JATyAhJwovejVSTngxRWdjRXV2 +ZnhaK0ZZbkd0cktMRUd0Y2p2YWVicVRleUVwcU9vZkhSZFBrQm9zUktBRjdoY0gz +MFhzCjNKQnhSQldBRWRmd2krK0ZHOVhHVmtZRnExZlJ1N2djcjAvRmp6ZFBpR2sK +LS0tIDNHdWYxN3FCeGZIQzB0d3RKdStHaGpnbk50dXhISGtBa3ZjZHNiVnBmZTQK +fNdxtnPYTbC5dTecqheToRIw/wPohVCYtxlMTsh3i7OiUBMINTaUlawFKBHPHXdv +t4hHkscGYU7XPKKjTLIOO60Mkir4yZxajRgV+76oAyK4xfsh9Rsa2lhOfBRyuWG6 +2uoXB4tDq1yoq4sc8VJBHZ/ixhXsb57d6URagTDr1ywnLrmO3XyK/kq+8q1Tb8YU +SQ59QCMwqWhogf9eHAXMF0sTyB2kIrq/rp50HTzYY3KimD4+t2n1V3RHEUHu+s5j +S463b8UKLE9k+GGmE27RiBSVDTglT5te3/0O92yLpakC0UmUn/caRgW40a5TNebh +dXgQZjQaKhdfirM6qnIFurp5AUpdvTsbHJxB3tGR411/4MYVCtIaF96ndlYHm9Ss +obu9KaRQ7YseuZNp0HshvtHQVLqkicfHsMHLUYeU9S3XcClmgF1dZSlUr9qq+wyy +nxcAaIWestv/+EZlokCEJRs4rZ0dpIe3l/lGzsym/PQ7jc9Nwb+wTTjM0OaZ0u0q ++eVlWT7iq9YFiCq1nTHp15N7GB/o2VCls7IhGcHUrk32jCiTVtrr8JkehtePXrD2 +nAoT+xFsf92d7kVUPafS7rN0ceh79/mCGGKd/g+O97ESxgUHnXmjUPQnqV0EMPyN +LBUi8bR+dcBbW9GXythhVnDtKX4NFj25DCYUev2OiKyQX3MTFpV9cqUeND4Krd88 +n8OeQAu5gtldlqFSH4bKkaMMkl3m2MpwcZPfjIPjLQIZyUnB8umkouarnTrzzTGb +GM0+L/zuIMmY2EChjTwiREJn7qYnwlEl9RiFVeo= -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/wanderduene/restic-server-htpasswd.age b/secrets/wanderduene/restic-server-htpasswd.age @@ -1,13 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMVdvQ1FnTlUrc0hJa1JQ -dk1TUjJNRHFsNmVEQms2SlBiQXN4NC94L3pBClkwclQ0cDBKSms1em9wT0pkZDZU -czJGNXdDL1kyT1hvNmg2R21lcFNZcjAKLT4gc3NoLWVkMjU1MTkgc2g4UE9RIGEz -MXF0L1ArdWJCaGZ2Q0FaeXhQWGk3OUNOU3prY3MyVEpjbEovaTlKelEKWHIwWk1v -NWoyZGhuQnNDdHpFY01DS3E2cmExc3Axc3lVZWltRHZXdW1aTQotPiAkLWdyZWFz -ZQpBTjI5YTBKSjU5cHNiTGFvV1JKb3JxNkVtdTVQN2tCckhQMUpCaXNnMUQ4Qk0z -T1VYMFpmWDg1QjBuVDRBVFNjCmdNalc1dTFJVjZkZnRJSTEyZ2M0eVdFCi0tLSAw -SVNyQ3FoZkhUWW9mV0pmMVNDSVBEai9sa3pVbmJvYm83ME1xa1lnY3MwCqmlSlA9 -znkgED5fSvxfZPZ5Ui1/yRSlD45fmHUnzcyaeLUCXawozay9FyQfWQOSHXYMbb/g -HZ5VTNxgPj/7tvW1AjDJJVUEHS0qivCgaZajS00fIxBFLjf3QamIA0NW9/oR02yH -mLx4qLzvmfE9 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WkZSODBhcm8xY0owUVl0 +K1pNK0V4QWJNVUlia1RCbUxDdXR0OWZOVGh3CmhDUFVBeHZtUzVvR21aTWJBbVJS +cW5CNDR1djJWbEQ5UFU2RXFSSXZPaW8KLT4gc3NoLWVkMjU1MTkgWmN4YjZnIDlM +aktadWM1Ky9sM0JEN1VPYTJxMVN6YXN3QTE5Nk1PWUNzbUY2R3JZRGMKUTRIeDFi +VWtlU016ZzRXaDZlaWNBUE80MkFZdFF2bHNTbFI5VUdZUFZwTQotPiBzc2gtZWQy +NTUxOSBzaDhQT1EgQXdWMjRTeDJmeFNETWppeXVSVi9KcUZCTUtJZHhCZXBoeFFH +ejFBVHN6OApWZXpWNDBqZ1RmejQ4eFkraG1PdzRmTEZET05OZkFaSDhoTXhqZFRE +QVdjCi0+IGUtWGJ0Mi1ncmVhc2UgRjgzYC04IFUKb3IzK3BEZlJhSUV2ZFlzaGd6 +UmlCaEZGendLWU9YcmtlWDdGNnJQVjBDV3lLd1dYamlqSWxKbUJMKzFXRDRESQo3 +YkJzalRMc2ZsZFRMSENuaVJLeHIxZ0haN2ZCU0EKLS0tIEZzUnFMa3czd2xtaUph +ODkyTzFabmU2bzJCS1FHdE03YUVwc01WWVhXcXMKvRsMkcj1Dds/3MQuLt82H5me +8f2LkaGCJLIVrX1sxXHfjROUwxIwQtxaytAMOLaSCTvUFxoaa+5rxsccx9mNe9Lc +5K86XxajOlJk98Mz/dwsf2Z/Ii2m6WemxzATHBTWch2Ki+gDx3mbFRRbeVg= -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/wanderduene/wireguard-privkey.age b/secrets/wanderduene/wireguard-privkey.age @@ -1,12 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMkNSa25mNzNCQmpvQXp4 -cC9qRUdsRkhmWVRxVUxWUzNYZ0RWa1RjYUZBCm5CejhjdXRvRU5sWTdlNTZTQ2VG -Y1FRT0pIM3ZheUQ3V1ZTTVAzbjlzcFUKLT4gc3NoLWVkMjU1MTkgc2g4UE9RIEI3 -bDRHVWtyUmVQQ0hzeUc4NXNEcVFPKy9mRUJ1aVphd1UzOENCc2UzeVUKaUk2SG9a -enJxa0FxN0MzYzBzbzVHRk83Y0ZEcC82Z3JpMjA0aHBmY0J6QQotPiB0ey1ncmVh -c2UgJiAmK35Ld0YKTEF3N0tDb0lsK29JVlkrTkkrVEhtUU5RQUJWM08xYUY1cDBZ -ZWtWTlJVQzJRMUxKdkNoeVNxK0JXaGtUNnlLZwpmbTIvSHh6enE4c3dXaVFXTlJj -d2E4dwotLS0gdTBSYVMzWVlnb1RZV084N0t1VzI0bWFGTThXalpCQms5ZXJKeDg4 -RWQ3QQr2xdeYC7+xwyBXkfDJAIUS9YjtgMYBFMiucofG6wZhlVot7tyF/jr+QHDI -8vZTox2BBRRYsY6nqTwrngCU6TcMRjgh4cVRLTOycUdN +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeGFneU03NUJ3aU1CcFJB +eFNMaWkwUnFXdHQ2aUFuZ2MvZHNOeVA3SFRFCmNnOUVRVFNRa3dyWTFVNmhZZUN3 +WGVSLzhEblp5eGhFd1lvbUEyV0ZNYlkKLT4gc3NoLWVkMjU1MTkgWmN4YjZnIGxr +eUE1eVNqTk1BYXVBaXphK2RieWNYRkhtYzZ6ZTFQNHd6ekRURGNRbGcKV2dhVEoz +NWxyeXk5dU92N0tSbzk5dVpiM1dtWXdJWURtRGdRQU9rQzFFWQotPiBzc2gtZWQy +NTUxOSBzaDhQT1EgUXphUTc0VWJBdm00a0xsQjFQY2VIL2RTSUxuVG1xc1pBT0F1 +WmR6RUVoZwoyNXFFMFQybUVEdlRiTVBXYWE5cy95U1B1cWJXd043QVVZL3UwaEVV +VExZCi0+IDgwLWdyZWFzZSBlVy1dIygKVkoweGRaVXRSVGsrUXNjRFI1VjN5eUxQ +QlNxd1gyOVFKNm0xejZpaCs5d2hubXptaHdUdAotLS0gSUxMWW4raFJjSjkyakE2 +YkFBVnBtb3JDalljLzFtaHBJWGYxVWF2L0RkUQrJs0TMMqvIdIUpJvebBa66+0fT +lD4m1XpYQ753cAO60M30hKjkzI2UW5yBzT4pQC7cDSdauCncHoQlFyd7XfVZLHGj +PKFSvo7cuf2t -----END AGE ENCRYPTED FILE-----