cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'secrets' into 'main'

Browse source 
Reorganize secrets

See merge request cy/infra!1
This commit is contained in:
cy 2024-12-17 04:22:33 +00:00
commit 696471d777
26 changed files with 471 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
.sops.yaml Normal file
View file

@ -0,0 +1,61 @@
keys:
- &chunk age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
- &yt age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
creation_rules:
- path_regex: secrets/de3911/yt.yaml
key_groups:
- age:
- *yt
- path_regex: secrets/de3911/chunk.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/services/ntfy.yaml
key_groups:
- age:
- *chunk
- *yt
- path_regex: secrets/restic/yt.yaml
key_groups:
- age:
- *yt
- path_regex: secrets/borg/yt.yaml
key_groups:
- age:
- *yt
- path_regex: secrets/borg/chunk.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/wireguard/yt.yaml
key_groups:
- age:
- *yt
- path_regex: secrets/wireguard/chunk.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/services/caddy.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/services/hedgedoc.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/services/miniflux.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/services/gitlab.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/services/vaultwarden.yaml
key_groups:
- age:
- *chunk
- path_regex: secrets/rclone/chunk.yaml
key_groups:
- age:
- *chunk

10
hosts/chunk/borg.nix
View file

@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
config,
...
}: {
services.borgbackup.jobs = {
crashRsync = {
paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"];
@ -6,7 +10,7 @@
repo = "de3911@de3911.rsync.net:borg/crash";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /run/secrets/borg/crash";
passCommand = "cat ${config.sops.secrets."borg/rsyncnet".path}";
};
environment = {
BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519";
@ -18,7 +22,7 @@
# warnings are often not that serious
failOnWarnings = false;
postHook = ''
${pkgs.curl}/bin/curl -u $(cat /run/secrets/ntfy) -d "chunk: backup completed with exit code: $exitStatus
${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "chunk: backup completed with exit code: $exitStatus
$(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \
https://ntfy.cything.io/chunk
'';

54
hosts/chunk/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
@ -24,38 +23,57 @@
./tor.nix
];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
sops.secrets = {
"borg/crash" = {};
"ntfy" = {};
"rclone" = {};
"vaultwarden" = {};
"caddy" = {};
"hedgedoc" = {};
"wireguard/private" = {};
"wireguard/psk" = {};
"wireguard/pskphone" = {};
"miniflux" = {};
"borg/rsyncnet" = {
sopsFile = ../../secrets/borg/chunk.yaml;
};
"services/ntfy" = {
sopsFile = ../../secrets/services/ntfy.yaml;
};
"rclone/env" = {
sopsFile = ../../secrets/rclone/chunk.yaml;
};
"vaultwarden/env" = {
sopsFile = ../../secrets/services/vaultwarden.yaml;
};
"caddy/env" = {
sopsFile = ../../secrets/services/caddy.yaml;
};
"hedgedoc/env" = {
sopsFile = ../../secrets/services/hedgedoc.yaml;
};
"wireguard/private" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"wireguard/psk-yt" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"wireguard/psk-phone" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"miniflux/env" = {
sopsFile = ../../secrets/services/miniflux.yaml;
};
"gitlab/root" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
group = config.users.users.git.group;
};
"gitlab/secret" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
group = config.users.users.git.group;
};
"gitlab/jws" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
group = config.users.users.git.group;
};
"gitlab/db" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
group = config.users.users.git.group;
};
"gitlab/otp" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
group = config.users.users.git.group;
};
};
@ -148,7 +166,7 @@
services.caddy = {
enable = true;
configFile = ./Caddyfile;
environmentFile = "/run/secrets/caddy";
environmentFile = config.sops.secrets."caddy/env".path;
logFormat = lib.mkForce "level INFO";
};

12
hosts/chunk/gitlab.nix
View file

@ -1,4 +1,4 @@
{...}: {
{config, ...}: {
services.gitlab = {
enable = true;
https = true;
@ -10,12 +10,12 @@
sidekiq.concurrency = 10;
databaseUsername = "git"; # needs to be same as user
initialRootEmail = "hi@cything.io";
initialRootPasswordFile = "/run/secrets/gitlab/root";
initialRootPasswordFile = config.sops.secrets."gitlab/root".path;
secrets = {
secretFile = "/run/secrets/gitlab/secret";
otpFile = "/run/secrets/gitlab/otp";
jwsFile = "/run/secrets/gitlab/jws";
dbFile = "/run/secrets/gitlab/db";
secretFile = config.sops.secrets."gitlab/secret".path;
otpFile = config.sops.secrets."gitlab/otp".path;
jwsFile = config.sops.secrets."gitlab/jws".path;
dbFile = config.sops.secrets."gitlab/db".path;
};
};
}

4
hosts/chunk/hedgedoc.nix
View file

@ -1,7 +1,7 @@
{...}: {
{config, ...}: {
services.hedgedoc = {
enable = true;
environmentFile = "/run/secrets/hedgedoc";
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
db = {
username = "hedgedoc";

4
hosts/chunk/miniflux.nix
View file

@ -1,7 +1,7 @@
{...}: {
{config, ...}: {
services.miniflux = {
enable = true;
adminCredentialsFile = "/run/secrets/miniflux";
adminCredentialsFile = config.sops.secrets."miniflux/env".path;
config = {
PORT = 8080;
BASE_URL = "https://rss.cything.io";

10
hosts/chunk/rclone.nix
View file

@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
config,
...
}: {
systemd.services.immich-mount = {
enable = true;
description = "Mount the immich data remote";
@ -10,7 +14,7 @@
ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --transfers=32 --dir-cache-time 720h --poll-interval 0 --vfs-cache-mode writes photos: /mnt/photos ";
ExecStop = "/bin/fusermount -u /mnt/photos";
EnvironmentFile = "/run/secrets/rclone";
EnvironmentFile = config.sops.secrets."rclone/env".path;
};
};
@ -24,7 +28,7 @@
Type = "notify";
ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud";
ExecStop = "/bin/fusermount -u /mnt/nextcloud";
EnvironmentFile = "/run/secrets/rclone";
EnvironmentFile = config.sops.secrets."rclone/env".path;
};
};
programs.fuse.userAllowOther = true;

4
hosts/chunk/vaultwarden.nix
View file

@ -1,8 +1,8 @@
{...}: {
{config, ...}: {
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = "/run/secrets/vaultwarden";
environmentFile = config.sops.secrets."vaultwarden/env".path;
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "8081";

12
hosts/chunk/wireguard.nix
View file

@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
config,
...
}: {
networking.nat = {
enable = true;
enableIPv6 = true;
@ -9,7 +13,7 @@
networking.wg-quick.interfaces.wg0 = {
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
listenPort = 51820;
privateKeyFile = "/run/secrets/wireguard/private";
privateKeyFile = config.sops.secrets."wireguard/private".path;
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -A FORWARD -o wg0 -j ACCEPT
@ -30,12 +34,12 @@
{
publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g=";
allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
presharedKeyFile = "/run/secrets/wireguard/psk";
presharedKeyFile = config.sops.secrets."wireguard/psk-yt".path;
}
{
publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k=";
allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
presharedKeyFile = "/run/secrets/wireguard/pskphone";
presharedKeyFile = config.sops.secrets."wireguard/psk-phone".path;
}
];
};

7
hosts/ytnix/.sops.yaml
View file

@ -1,7 +0,0 @@
keys:
- &primary age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *primary

30
hosts/ytnix/default.nix
View file

@ -1,7 +1,4 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
@ -11,15 +8,20 @@
../common.nix
];
sops.defaultSopsFile = ./secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
sops.secrets = {
"borg/yt" = {};
"azure" = {};
"ntfy" = {};
"wireguard/private" = {};
"wireguard/psk" = {};
"borg/rsyncnet" = {
sopsFile = ../../secrets/borg/yt.yaml;
};
"services/ntfy" = {
sopsFile = ../../secrets/services/ntfy.yaml;
};
"wireguard/private" = {
sopsFile = ../../secrets/wireguard/yt.yaml;
};
"wireguard/psk" = {
sopsFile = ../../secrets/wireguard/yt.yaml;
};
};
boot = {
@ -183,7 +185,7 @@
repo = "de3911@de3911.rsync.net:borg/yt";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /run/secrets/borg/yt";
passCommand = ''cat ${config.sops.secrets."borg/rsyncnet".path}'';
};
environment = {
BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519";
@ -195,7 +197,7 @@
# warnings are often not that serious
failOnWarnings = false;
postHook = ''
${pkgs.curl}/bin/curl -u $(cat /run/secrets/ntfy) -d "ytnixRsync: backup completed with exit code: $exitStatus
${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus
$(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
https://ntfy.cything.io/chunk
'';
@ -284,14 +286,14 @@
# wireguard setup
networking.wg-quick.interfaces.wg0 = {
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
privateKeyFile = "/run/secrets/wireguard/private";
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [
{
publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
allowedIPs = ["0.0.0.0/0" "::/0"];
endpoint = "31.59.129.225:51820";
persistentKeepalive = 25;
presharedKeyFile = "/run/secrets/wireguard/psk";
presharedKeyFile = config.sops.secrets."wireguard/psk".path;
}
];
};

29
hosts/ytnix/secrets.yaml
View file

@ -1,29 +0,0 @@
borg:
yt: ENC[AES256_GCM,data:CGcdcA9LnDDlTYJwsT25uY9h70yJtKhxgA==,iv:F25VTezkd4RQd7BZ3DD39hPiPj+Z3H01IgPhCGUQ5aM=,tag:mxLPXR/ffBXkByk1R1PYvQ==,type:str]
restic:
azure-yt: ENC[AES256_GCM,data:s8TJ5cNVW2Jr7kyul8mrBGwdLoTlNTb2MfpZgPU=,iv:sC0DbgFbFl6vvLqwOFDwRa3nabrIWxOTuz7GXn17IHk=,tag:2MYprYgNhh1aFlzuyw5eGQ==,type:str]
azure: ENC[AES256_GCM,data:UdHmasRElCFC66dxnnGTOw6vgOzrOIMiSLsczK0Qew2WBdZUKVnRTfSCxQrB7P8k+j3N2CDt5Y4GXvf9GVFrWCMOInOqYXcyycGXsdli2DbqpXTa3f13ykvc/aoKyw3YuFQdrNci3Kae9PYZ4v5f7fH8n4WgOKuYj3mO9k7WHxM1JBzYRRZP41Jghnb9SqVhl9UXVPI5ONBd6JI/FiezSMZPYC2FxNgQ7zHUQJ7qQ6aJTgRljslJK9I=,iv:bRoYEA1hbEXRG7PoU7Dfba9uRu3cAqfeuvSIfavZZ8M=,tag:cHXUe/njZNoG6EuHYYz0Yg==,type:str]
ntfy: ENC[AES256_GCM,data:ZfTVhdzA1+L3B+g7tw==,iv:1dXDqYi5/zBQ9iphzjn/GHGDcl90J1NYHvHQpTsVPlg=,tag:RfB1/Zz9ITJQV89cuk9OcQ==,type:str]
wireguard:
private: ENC[AES256_GCM,data:hPfJis6gbPPguuhNBViiZDmeFSaUXsgRrCGrhTFzbySIytVuaieU0BJSJQo=,iv:tYU41JTeB7Y50RQr1b+zGCgB5voZec2Vfmd350J1Tgc=,tag:aFMZoJhMToJDuuV8dc5Acg==,type:str]
psk: ENC[AES256_GCM,data:NhQ1lYFpjTpqbkhYyEpEcBTf6vewSeGevUnvCmruoZMSGA2ZWs+le8a0tAA=,iv:aBeVhzUwzBgochk4vtdqnUv61dZ5jELh28amx8XqyFI=,tag:9TvGx+sJaicX52FitOpOdA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUmhsRDljYWJLS2tzUC90
a1oxZGZBUy9LaFpJeTF2MmZWQnl1NU0vQkc0CklnTGszaHRCRW5GYUU1OU9NVjVH
SW02OWVXNDNSMTFyV2NUU2xTV1dlTGMKLS0tIGpKT3lQd3I0T0xEMWo2ekd1MmM3
a1MwYjB0Tm03bzJnWTdoZ01KbXBPUkUKUr6hOsdZDJK6bFyEnBf4Vkms8EJsIvZY
ML481g9d9Vlm5x7X74nUcWemFSzttSdWEM3Y/IOHpXDbvC/Tbw+z7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-14T23:07:47Z"
mac: ENC[AES256_GCM,data:GQUbR/ApVo6E5jqkGo79GDkRv7nj7Sa16ROCTg0uYO0xDmv9h/bPWBTUOfsU0G/0g3OvohLkBbmYA+hMx24xlLQzQkh8Z3dyAn9CcAJ2j9JLY7qHtSBpvafyPptvKzmPU0mnQpShgqYPCUhF6A2B2YAAvW+TknBih7eiKKeidkc=,iv:XLKIad/LZWuWUrrcXtF0UyNccLhoB0VSWXYCGDq/7Uc=,tag:lNyMV8Ses28gOj+KINem5A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/borg/chunk.yaml Normal file
View file

@ -0,0 +1,22 @@
borg:
rsyncnet: ENC[AES256_GCM,data:sBqE+gZg58J1iYO5hww8SfqDj2MMZMux8Q==,iv:jjw2Z05BdbH0kB1EN6R01rD1bI4iELKpuIMEGYb+1gQ=,tag:tBDd6+wxEuBgyIZzjJIl1g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadVRSb3R2Y3h2WUQvbUJp
SlN1Z1E0dnN6YkVnczVqayttSTNjRkJ5SndvClk4ZmY4cTM3dVV2c3BMMGJOaXRr
bENjVHBNeXZXZFBZNWJHL3hYT1RDd3MKLS0tIC90RFlxRjNTbW13Tm9pYW0rdVZn
NlRDMzBHZEoxVndneFJldFZMWWgzbXcK1tCG0a4wlTDSiDC6v6eJvc/REJ8z5ZlI
PxXOcrZNKwFwYMsh29U8iZNBGO6ykSJYCYjac50d/me9QC6rFlXNWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:22:24Z"
mac: ENC[AES256_GCM,data:6OGZTa2SpLSDmhRqYSgJn6BfsPPvkpIamNGemq6nh3gKUVm0GvQ2FFE5w+X2o5BmQhzTtU0zfbjvV0Z9utH0wrO9E2f7yI5FTb+AoZKl0Y2W/uXAEne0+L4Y5NfRimiLc4yXp//GK9eORBd9jcPx2MQFi3jRA3vrn79HEofVIcg=,iv:A5srnfngS5HCzgPuRdGtrRAbj8o7WxaPwcbIHn/6j2s=,tag:uPAFfjOTz0qKzidd4GMlhg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/borg/yt.yaml Normal file
View file

@ -0,0 +1,22 @@
borg:
rsyncnet: ENC[AES256_GCM,data:o1z9xwXqjceO6b/k9da33DyltLt+k9cS5w==,iv:Buu2gHB+MH2Ma/d0cGYyoNAZxcHE7dK/uLZMR9y2VDo=,tag:hNZyZQqAqRF7HXkT7ypTHg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMS84NVY2eGdUWHBPNjRG
bVY0UjRaci9kMTRHa1o0V3YzN2VtNWhJaVVrCnBma2xsLzVKOERLVXNhQU1vTCth
azQyaUpPbHF5U2dMbEs1VUhFeUI0RGsKLS0tIGNtTjEvWk9ZMzVlVmdURlU0cWZy
bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k
sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:08:48Z"
mac: ENC[AES256_GCM,data:Zxdfy547x/RQF7Q3ip6163nD07F2L49u9yNvCQcxrjfFbVQNYspkX+aZJNOW+9KzIpmMcmVe9llN9IyA2b3R3Yzz6hBzP2LCxO9iQt+XQVpv5rCQRC3E+4SgkX6KpZ0TOhjiA9+4KvwfYkXH5P6JS6jjw5u4v16i1X121quBemk=,iv:86EoZpSSqZ5q2DZP4B9NTASFOzX1ptdRcw5o+3eQKkw=,tag:c/D7Mus6d8X1Q8hMPziGqQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/de3911/chunk.yaml Normal file
View file

@ -0,0 +1,22 @@
rsyncnet:
id_ed25519: ENC[AES256_GCM,data:+Pkqd8Dpl9/VkE/+/y/sx9EFDWjYNVctJSUDtE3NWlBAqlnXifXOHPxRL00NUJv+zsLpCk9eF/0N0ygzZhaQP76Tsv1fB00LaBfnMMDaC0aaHJoV+RnJLVMNYfddZ9ZeNwFmFnO2UQTZNVmcxgWc/okkmrsf8ERepb9AZktmLjq0UEGm9S+GifLmaL7xWtIPjtOs1HHQmODW/2oUL+ZOfZGZ4YM629Unxm44KTVf0ffY2nBkCpXcJVssXCqANYVtfDRq8s+PKppppEdmUPQkr23nqVldP71BBbYVjHNRoCHf9O6ag4+aFVlLiJyj9YDVtGRRNg5xORonOr4pcdvBdxC9GNgo0+XpMTBMnP1eqU2+lTPWBLiHx2tpNwl1gv7F8lBHG3yN3GxK02otrh2aheiEE/gthohrk6XzCcr+0C/BHEilB6MqhBw0TYJKq0r1ooE5LWmlh64+BSsOYXCSwEoo4Rgxkwagl0/JRkjfHhxRPJgitdOP9AugcnihYJJ8iVcYWOUuxWNtB4oXM2iZ,iv:zB/1QrQ6j/kJYfFdQFFYAVbZSm0AYARXjUtfgv+nems=,tag:49eeO5FyD301SsmB2OlvvA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWFFJaWVYZXRPa05pcVNl
VnB3K3YrbnFuS0RUTHBFRVcxS0hpcWVYRzFRCmpRZUhQSGRKS1BPd0l4MGFROS95
eTBsYU0yamZYbEZGZTl0ZHNRVTF1UTAKLS0tIHVwN0d3SVJDSEFnaUhVQ1VsSmYr
cXJsSUtTVW1xWFBaMGIwNXZpSjhwSEkK1q5yXlJgHrnyuvtuzTXurl93LDXqWSaV
g09SQVF3tzU8zye6aBidhJJnMBrR6jHxK0P6rPYYE8a0U5DMP7D5wA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:22:54Z"
mac: ENC[AES256_GCM,data:iJyPss8kVZTI6f8WXZbNgVKBR8fbTWqFjPacXfzVthSQEbVAmEuldQdquWWfY/EiqPQO9WRmbqSXAED/AtSRu1up3C29ZByyWETxm9O7K0iLVDsR+9Rv1n0Dgc3YhHU8GUS8RWbe6L731FIpq9Nqv5Nw6Xgw2ZteApriT1YMVgY=,iv:t4wAeVuvk+C1ebWSklT4L/+Xy5tUVHRfaUh2uSjnZbE=,tag:Tj11XkvTfoxNd8znGM33cA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/de3911/yt.yaml Normal file
View file

@ -0,0 +1,22 @@
rsyncnet:
id_ed25519: ENC[AES256_GCM,data:KHFv0P5JLHCXKXb3UFmZrgLG7mrSDSi6CAYZTMSxJH6FgakFhPY/u1VE0wlHaBEwUSHbh6xhVbITiAgrqQXbPeo72moUhBD1/+X1fGUV+0rbHHhZecaEoqXseNEWfxAypUWnmKQ3DwCjO0wb9A+UohLCTMUzHBucX0AKVBxW2VEYkvMXu3du2ryWCDNYKukdwLYXxTxrBmIbjSJ2Myq22vcqLpMAIOJ85QWoCrVypVxB6TD7xi6KwQmqDHpE7KEdDg6Eq0Gzu7RWIdUiUddvWJwBFr/v+dJguk93er/K6azFfbzPMXL8IuogAr/Aly22tu5MQm0i1oSmMgovQqfYCQdaDnelVgopWn0KRrlmEDHPyA5aiEg4sPfUDGmyRIFLy5avKv7bPo+Xk9iRt0tuu09lUJl9PxiyDGoeLoh2qD+jJA76DO57A1EB+JdoKJZiRgkfSg1IOtYXUkV5XQfK0sIkc+VdoDKOdVvIqM7stoSSIqycbf8knekYVpgSVQkrPg75lQd8soOFJoID8xB6,iv:pidCcX4V6PKCNnUDDq11zTGOoketZ80nCqm0R5BYx4c=,tag:Z3Sq1+FVAAqQikaBFQ6M5Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bWFJR2JmY0JIdzU5OURp
MHVDbnMra1hCUklLMjNQVVdyYUZwaFFaMVJjClBsWlIwNm40RW1taGVLaFB5d3BH
VHNVUEJoOHNwSWRUQlNjUTk2WERieEkKLS0tIDlVZ2I5VEdJa0hIQ3MxT3RZb0Z1
bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce
Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:07:54Z"
mac: ENC[AES256_GCM,data:d9k3j80zF6yvIBWy32HUt4d26DR4ygrU8kRxlWutPd2pcEnyGOFq8mbgJCQeqpngek51ECwnuCGemVvTBJq0szy9zExeGRtZ8wWIDReTOCPMAKITTEsiwr14eOpeNbjKnbMz9RNI4T7Uwy7JV+rPaZh2AzG64ajkTGv4uA0JT3U=,iv:79AEtjqS/Bf79jdFasEKDJrWN6T/RVUvdm03N8rg694=,tag:ZDS6dwH7TEp5pxTuZ/LUBQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/rclone/chunk.yaml Normal file
View file

@ -0,0 +1,22 @@
rclone:
env: ENC[AES256_GCM,data:e8O4cUbgFMseJTvzGyBhsD/beCkhuh/Sl4ZHqV/kQodcuKi3V9XHyeCAnBb/,iv:rOySfX7vQ1mduFEL4gSbM8rYk9Gp7aEcieV1CW+aGDk=,tag:aWmdde3Xv9IqLRigPZBH1w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUnBqMU56ZS9QZnpETmZ6
a2tVRURyTU1LakR3bi90QXNpR21JcEI0ZFZzCm9jTDlCNk1xSTgwcmRqc3ZNbkJG
RzloNTZHQUJXU2J4UUttcjdIdFl6dWMKLS0tIDNaTUpZQ3lwYk1lNTlZMjF5d2VR
U09rb0kvcU1FdVBsanQyM3grTWdKRkEKAxZyWISPu4XUBevUhdOwd6ZJHfbvpAch
+jGrLXGBYlvp2oKdWHBXjv3HZ3N0IyEj07LyYsPBLchmUxhOCn4Piw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:32:29Z"
mac: ENC[AES256_GCM,data:TTaw6wv7cidgcB7c2igUPo6urQ87d0btr5puTr9yA8ppJ0iTKdLQT2nIZI0OHnP/cFE/at0YrhDNNk5AL1y9fuATRWveu1Y2KmjlYNXLlZS4PdAr3rsUs3FqSECdTqXR8ZYGodA5mOSjzWu1eYuoubVk2wtXV0alMUY7bwrnr6E=,iv:1zslrT0FX6SIEIRHPloLa2Fy8pVJVqMDIghR46l5+xg=,tag:qpw9iQAetUIoqvDQzufh8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/restic/yt.yaml Normal file
View file

@ -0,0 +1,22 @@
key: ENC[AES256_GCM,data:1yjpaRXeie+8nC/GcVk2mmMDdPTHOyaAWLuilWE=,iv:sAjl7Q2o0ELfysRGnM3182dI9eRo/XjZNLi3ubLY734=,tag:BYDRqd3Zirg0FQgKRRQg1A==,type:str]
azure: ENC[AES256_GCM,data:zcAeDgtNEffH/sPNfYfT/9xZuIn61maVUNA/PNIYE5nY159gIOmJFR8R6zaJT5Ij3mxx5KUCeChjMbDtb/ZnYbKeiaNRd9Xw1zVOuuBZAbONhCU5iksUGLzJzJk0j3j9MnRTIwl7903m/052DvbzFcFdCaKvKZn7KRH2sggGjqQ+1UxSb/yez/QtF2I0duMBvC4SKI1Gr6GXoV+sYDckpGKj5mdnxMu+rZsIFFICtFvpmIObk0l36Zc=,iv:XRcNGGEX81KC0+EIoFqBnMIMMvi7yJmSpZjeCG8TutU=,tag:rBq1SLuZrys8kxJqWcjoyQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWFZ4dEFyRVhlMnNHampS
eTJUcTlVWWRVNG8vSjIvaTkzTzBLWGVmT3lBCmhONUhjZFMySEMyY1VXeGJwRVJq
bVlNcUF6ejBTK3Z4WEhXenlvY3plSVEKLS0tIFMxUitCZC90d1NOTzFLd3pic2I4
MkhJUGxHRTBnZVFFbG1najJFZno1YVkK+R5gpmJ7Tx/tdFRvg9TIa0yIwAqT8Sah
ib5ORCby6GwhW2J2r2b9qCd1827zQH/2hngk4D7Y7x7ys1yifrIKww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T02:17:42Z"
mac: ENC[AES256_GCM,data:tdKRHS6RDKYUF2hM+/XDvezt2iNuT3IXBxWPnBjDfYEoanJEeT4LgqvSz9r/Cu8XNMF78bWykuSDgj+KNo0XUfLqv9AxYS5EhdBdMHcJKj4T6FuQ5j7hMPg9vKzv4I3ZzDBUJeOV6qso7VhLkaZXzqIsuDJia2V0rJ3nwhkTvzk=,iv:uEJ4zE73E+kbFYmTl/PNjv9CKbi2b3qtYk4Bth/iy6I=,tag:8/+3hdG/3MVLgfyNNQuGUA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/services/caddy.yaml Normal file
View file

@ -0,0 +1,22 @@
caddy:
env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ01HQ01LUVpTYmx1U3Ro
QUpRQjdkMEVIK1RpVTdxbCtTVmZoMmo1cUJFCjhMajlWQll2MHAwZ1JXMmJ0Ym9Q
RnJ3QVBUck9tblRrcVVibmFmVTN1cnMKLS0tICs0c0FSYXo2Y1g0TG41ZWR4ZDNY
RVdNL2dWQ2JGL2ZlTTZyb2dzY0V5bFUKDd0iSl1f0Qm6H3rku7zf4nNZhe/mdaai
t2xTH0mSIOzy2D8TYSUG7EwhdqSa8qa21TRKppCRIClYl1/DzoDl1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:25:37Z"
mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

26
secrets/services/gitlab.yaml Normal file
View file

@ -0,0 +1,26 @@
gitlab:
root: ENC[AES256_GCM,data:m5eqqSMECu1wOIdtY4pJ4WwAWw==,iv:fK1ZEtzP0vqj6S1yqsetDVJui80NI5GBlqyJ1a8vVV0=,tag:V7zTH+O2Q4SWdPsEbjoEVw==,type:str]
secret: ENC[AES256_GCM,data:rDYuTSE/mU/61iUUMOtegt77OLfb6udkn2f73HuN1SCoqLo=,iv:Y5L7PZbsoCQ5Evv8G9S7Bm5OKKrHEPb/jjgTKgFKlfo=,tag:Bx7UUERT0dRA6DM93ZpA+A==,type:str]
otp: ENC[AES256_GCM,data:xQqNUbGbjYUYAfy3E1yaFh9Xms7B0hDal7Y/U7GaxTV4Cpo=,iv:hWcyYorFPHBJoGVB9Agc20qUkY8LvJCIxI4AMwtB6U8=,tag:tqLO/NVIZ+lr3vy/ctI4mg==,type:str]
db: ENC[AES256_GCM,data:VTVxgJ5N7jnbSLC62fHqhlo9BHJsfmqvoBrM+BKaHfglEz4=,iv:2lhj3nRfx1efLZR8PWczs3NOxbjm1nQ2Rsp4TSZAC20=,tag:WFAu5SE6pBboxKHHyooJgg==,type:str]
jws: ENC[AES256_GCM,data:cOpTmTxcQutV0gRZyD44NTqYcuKo+amH0tm6nifViqTDjNGgOuaSMW526+FB66eg7fJ5KK6UVVwuv1Vkv1gNXc4AcVJiFxMRAfXB+68vQivqCJvcN4YhgiuyRcfJCvMciELBySiJs9yckCwVd/PZrZGwRbJ2NGuDiZDxobfzVsH5lJWPAUzv8+kuhKrb3IVRS4ahluZY3Him0EnkU8ZWQy09iOjYP673zEyvSQutAbzDwHFKk9amV9RZqIfN68f1VL+lqNInU82ZxudAYuFDeoSJYol8d1D28gnQBZy6UutZjQat3HTktVwW/7I79eohXKKMt2i8lJtgJgmR0ht3f2DEXyI4B7r7ORlA0qaxrPmiVIjareRwswEkdpumjW1GtAHqvBLHrEHtJtELMm2JuAF5my90m7TWdgPIxwLzwCP/YqnRixzW7ON8tmamHpVIucmHmaSdTTJMhJH/WXLEzYEHcH/0M68jd3GHjvNM0lhXAbMWPJ0nx5eRBXGnEzSgqAG0AwGUEPHyK2WKyhtaKWz9TDo7yiJfRd8uaprdgCyQPbiBGHCNJkwD55oytqCKZmruEsR56VzZ5OBSWSoWKCr7nt8rCmOKVpWyI0wxW+7zFjETFhnHYPqF6Ms+9DeUmcFI8rxFNFpcCpGUUlOxjA/dWdxpQaw5AoQw3OCQYG1FzCLZc2GfFKtHor7UzmoCpp8vPdVp7tE0s9vwVffGyPxoyzGm2sJWe5vCrk5Bo4E9X+U2lcGC0jfKA3K8e0m8EBBujuhBFSrMBzylY7F046J7GMQqbzMBM+TFVg3IeA24yTxkuzUqypYkSRnQPCJtcr6alvzU840FcRwBHigQvPMW+X/kg6W6Krp9ocbjF41pYQaM90Ba5JWYCnEl3/I2fyjDK9+Vm3wYwso10e6DmrIFVAx6uH+ZOxE7JRaYJGDYGRes6q1BBr9vEgD8+ghQZ5wIp0/BZ/gzvhH22Gh6YuAUPiG1bjeECXAXF5e9izUIoR2MdYD0ljKFJp5/qeMoP/ncbUYzh3qUIRdhHrPJs5E6IOXFHLR0tN9K/IdtIyFuz9c1Y6IfnX97/P+teH5GANTJl+E5lRHxGWpkwRksqkuyOY7ND8oggHpXjl8QqsdvfgaPHknoc3AJnTQcaU6R/BOmEwv5JQt3HKHhiv+1Rk14OawRj6P7sHv0Nwgb3r/lpBdyRCVeHZoZcRSKMh7SS2M6teDqkCpBOrSugf7iFPWSGhR6QOxC4T73V1D6NjAi2doIoUbPEZIvLOB4Umud032gWJ9p0oRMQwObe345xQQHVx6qnDI8FCKt7JD+9YhI3qCWIe892kKY3UotJe5a4f+0ZN070ZPfdHegzu+CETl9TZIB4AERaMejC45A0d2/ymtuP7cYeW/swdxGcyLUm56rCj5uafz/Qsvra3dOsPbilh1+FYb+5YjhJrS80ixMC9RJ6YWl5zCopAmbXXPaTLSXNwc8LT1IXeIYAWp/IjMqtMGxiiS7N7PNpYZeNnpkz37jDlzFbY99WvxAgIvHWi52JamdztCnZdzfeF5FDqCnSGV0IdB0IfmiSbIF9erP00A7xcPPVMJvUo0N/7OtkyyqreowyUC46zuC3cQBWodd2HF4mfhXzhm5jBs8kHZW+ZX8z8LOgvpAoGiXQMpx4MeqERZpdB8z83okzdj0E8XfgjJ1XYuz3IH6ziiyVwCetn2hc+LkOA04VB8IPpMqAtNB0O9C3M8DU2t+3ob+kZ9Y40p7JeCX4JPmPTIWOtoVi5Vf3cLfEDiu5D5Y0L5Mpi6dZhL8F17M0gNvUA5pjFRZNz+qsJXc6UteUqaoyKxBM3B6PEJV4trzwRGQz95cu35w5TW18Dj9iA9ypkguqyQU4VTTVjITnNauhbYEcsz0bhj84d4KcEAxb0RuhP77b4rIQAAji70+qW7JFBNa+0Vt+zhMSwWbNNcFWPOrUsgOcB0Gh1XaW5UJvWSID1olF2ftbVChfgnStbCk6GT9w8864sckNKOfwbQbDmy6AgFGR10BFUWY4fVQjl36vzowdje6DgtW85weJ58xoAtOxrXgpFJK3+m+7kJHdkwE1A2Q5OQk1YsMnJWUU2nhU+/W0gdm4HpRq7ltQe5RfZGd1vKGbXY7NvPeO4GUnp564ROuijOCN5IXFpDkhPXNPRiQNY586Upq0iU3inQH3GAp11ZTRlf25IkrOC9dI50vcGNqFzvS2GsAfLZptdVHYXVZw1wo9ZJqpW04Skstspfb6jR57WgTLgAvBZi+wSM3NtcW7jbjmJR/qjqZr6Dk/jE3R0Lf1F41FrUltOR56u5SRQsLF5y9CvTG+wiGK0tk25OPlRFLqrv61Nrnw0XN3bTIps0JFWPGZi9hKyn7kFFAOvWaXcpoPwiw7rNupKvrw4tQ++xW/7xAnodtumSgBn4lpee/45yieFJLQLAaU9qwIqerFbuioKxrcAoYdqMNMM9oswmamiAw1CzpOKl3brh0ttTddZ5waLwxBLk4YdPqjTVQk0mBaPBaZXwWiIVUmm5XmaN3Wc6PdlIHsv+h32zEXadJCdArOxEw1HDAq6ZBivbHRF2DK8UaTg7zu+xG/okmUgeObtO01MPXIxOJa12rlAXOf3KvZPFstTL35BTgQuoiAUCsNShZhm8IxxDSt1F9lFljMzZ+Ik63mC1slXZLijWAi10vJMBIB08uex4AfpXNCN3Ur0+Hs52jnEvYJXg8inq5dOcLsmK1CgI1jX0vUfh/5R+/SJSOgqL6bX16ZIRr+BsS5Qj1ls/yreEuGmhlggf88mAAf0D9Y6VUF2I9rl03QmRFhX1uIIeo5lOG7FZl0E9w4a9iBQB8axmO5cym5lddVXqsNCR5aqVt6m+BqHNaZIlz6vgKKwwC4L6LoU6PGpmMz10PvU37EQ84NimuqGNbQJ4J8nr9Jxi3TPZ0mXwW6GpqJTNji56fapoDydN4Pu3t08Xn1QLnI8Z97BFGUJp7ypIWbW9nL0DA6vhO5+Mfhjm39l5ef31l8nUitot/xUpRdlmbR+tUNYaxcUh2N2c56pNp140ZRM+BEObWhKiQ62R5RhqjUJk8A67kRYFyifMemPuz3wqMrREIkIGJn4MmIvDMIcQkzhtV8b3WBCwbt35kg8AhF+4/X6vQd0rYY1XDIjl9PppyOJXb9T1bkninyFZRQxUHk8cRohsfGApo9sWGr8r9afapVOxj0Y/oMjy+oWH5+4KU4PEUcYnpFi/MpD8YtBUiEhvmqSRCYR8pjTkgC+QSjFv4bz+9C7ALN7Mk0o5n5sCxqBUCwb94K4cYAiKatVWs330Jawsea3I06pMw9XO5yflDUhsQJk45QNFaXNrMDfDitDje3KnfaudC3oV0aGKQvGj71O/Km7VyWx7H8Gray4jVGleVqwflbBeaBerVgm7dhbVislupydeJSmXIv4MvacFTTu0SJK2qAb/6FV+29ZvLUyFGk2W/NVog13dJmoSw9lYJppGAiLVBLkOUloFe5YMaPnl89I+8n34Mfl9TM8Bey1lZbT/Z6RjjRQIrfJNKrq5x0t/duAY7g7Y8pIkc2UnjaUr+BUpruRR2M3+4caA5qIiRW8lePvQ149NkIUGLEuK5RyB4Q2nhfbXIwhb8tTh+k0zv8o7ePxkZKTWRth4ZJ/PTzYKzGJENpd4cy10BE3GM53kAjp39diBwhOFJzN1Y/iNVgTMchtAEpxj1ry4PhYynjTdZpKQRrsMkzUfrMIQpIpUIr3JJBG6c35Vof6hM51QIU/b1wnbH1XPQtgDoHPuTNJooyYrXYxxOXzVnOJIVERe/IVNJ63mFQ+dqxAn2aYKrZyayG/R3Blc8WOlZGQNirBkd66W4K8dtdQTkdfHWapd9LZ9eoZKekSmaLzOUCJZV5IReVOLxp4ZjPAubSLBTtITfW7TVtylbHMjCEwV18/1u1pb3vKIYwoGfCIzGMJ92V3QmuMbtKUs2brre7ZeT4TFfiPlBK6qUkqSVMeArMhG84hsyZ0lCeqi5BXVy19NYODZayC7c6WAXXV+ws21sPSzuunjZuEMPJCoJs16m+NLzTvozot/hEZyTTS7866aA6TP+DF+/b1RJmaZvaec2hECBm8Qa+jOT8beT2JU/y7DsykQMyAUhV001nPpBpLF2734Hk+77hdaZIJRDLxhyqLWBXCXH7JmYx74NZrXKOrj+4JPyS4UFnWn33Ci475KaBwlY8djHaf7t7BZMI+bFhwCvZjdqPIam4LcpkU6T98803oBXXodoTZphvAYM4E3UqE8cZsz5BfaA/HioPW1d8d3/whdIqlN48ZsoTMIdI+OPjxU+dSTwIUQ4GoRDiCF8p9wwwNIg64g=,iv:oD/HCuULodDgHrJepgm4b2TXGT/Fxj0ak0mfIRh6zfs=,tag:Iw9O/DK5FBQBwV6qYd0qAg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocHUza3ZYMXF1bWVpTCt5
bFMwY202SVFpbHl4MmNaVitUa0xVaFRGRFVBCnRua2NraWdwK0IvZW44OVFnWk9y
QU1kQ1FLRFJ4VEpOcWZRTnFrZW8xL2sKLS0tIEEzNzNvWWZ5QzY5ZHI4Ui9CTXox
NDJub0VsOHBWRUdmaS9MVjdsR0w0TWcKakkE1WPj8foCbEvhgy08yQXPUzGEYxiM
m92v1LS7QiCNkzcrN3CvqyTS+StgGK7W+TMrTDbTSpONnpHC8DH7Kg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:25:06Z"
mac: ENC[AES256_GCM,data:HWRWYCu0iNQZxHnYJyfgtW7pvDjgnl5+lnRL649WkbsvsA4zuw32DdUwyTa+lmqMBNwVa6QOHIde+gPzHH8aieXQ6q1QMzytu/X0t5AWcAIhzrWL2l8MNQcuatMF2aPyt45ip1Ojv4gdfpeTXINgEU/AIUPP3ZYmGSH88xhCdGo=,iv:lVJeCiPNbICou3EqTn6LMaqtNoLRfZiNd4hyORT0Hgg=,tag:YCtvl9Cx00/3NV7QbPM97w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/services/hedgedoc.yaml Normal file
View file

@ -0,0 +1,22 @@
hedgedoc:
env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY0NtM1pLd3FvUmpkZWxv
bVpOTlFXVE1FWDdaNmpPd2owdUQyaWh1d1J3CmNDQWdSZE5MZnBhUjdIMUlodklq
bXkyMUtBSzV6L2tqeXFtdzh3NFdxZEkKLS0tIHMyZ0dGOWwydzlSdVAyeFdxc21C
NkFoeERWQkNGSU9yRTI4MmlrK2VNS0kKb+aWjkg5OlNanSNrJtwR0Whxg3EEYXyC
ZfZFYeXyheCPiu9/rYiKssVrHpJZFHR6a2sE1yKw0+3BP6DiKIp/nw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:25:54Z"
mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/services/miniflux.yaml Normal file
View file

@ -0,0 +1,22 @@
miniflux:
env: ENC[AES256_GCM,data:KwV/iinyB+B/QDtXpY0e2GoC58PaVnUURa0gk028OKwGGvGtVXPse+QyfYD8Wu5A,iv:JZsgfwnAwMF07HREnrSEeGYtylx/ua6Il0plSryLeRQ=,tag:hSnm/Qb2lnzbOVGwM5lSyw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL05LU3AxMmowM0cyQjJX
Y3VkTzZmNU84K1E1KzNLNXFRR0xscVpKY1JjCnR1aGh5bHFpcWV0RXlObXhFblhO
djYvYVdWMS9rWWZnRkwxSHh5bWE2aHcKLS0tIDJQcDBUTEpMUVZlMGJEUGtWcVps
anFWdCtvMU9ZMitRa1JtUjJvWTBrVkUKJqNVPXLEC27RKYICFySy9ZRfp8na8P7G
vf0vJ5y0mmlNOiETfQEaHNYu+cBlMr+sfNjgsLtff00LHHnmkE8WQg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:26:08Z"
mac: ENC[AES256_GCM,data:3dysNrXhu+T5ke7INsjx+erobRZ7iMTRDY2BkxCC/LBNFbHlBnZpPffmAdWNDUT9QS6p7a7cHR+Xu7e+aHkLIxVpJrx3tN0YSvN9u6kCwRFSc/GPIDi++bdxwRuq6WwiswJu8l5oXrWFta61XeuNQucPyBcrI5OXGRXoPsZXvvo=,iv:d7glk+gNpLYl7U1jGWDvgLJGX2eckCvaRZgAkab8JZ0=,tag:r8TH7eTAEg+n+9RDGpyh3A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

31
secrets/services/ntfy.yaml Normal file
View file

@ -0,0 +1,31 @@
services:
ntfy: ENC[AES256_GCM,data:94sCR5zF5ck3R9uvng==,iv:fRtWRzx5oGXxMRpx1Iv0vMELlwB1T7kiujSQu+AXQXo=,tag:3f6WgbL+Xfy1X36/9Cozgg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZjBEMjlmZnYwemdjcEov
V0xRUnpUZVNVeUwvVmJrQ05FVThjMUJNeFVjCjZUN1ZXQkZPY3lKVll4UENGM3Qz
Z0xxVDVGRWJ5WmtOVWw5Z2hQMUpOa2sKLS0tIEM5bWxzaE5RN3gyNjF0WFlBanFz
UzR4S1BQLzVhbXo3TnlWVXZIVWFxR1EKZTLkZXWc/7ItdcsMSj0HgbRsq3RARU4b
lPsGhz/h3/D4xLnkkA/l52MAiL76SDflU5AMbNQg1iC+BHvpWD8qpg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVU9MSkZIaDArRGQ4bHVR
NFRZc0VKSGxnQm1HTkRrMm1LVDZ1cWdjUWxZClY0TjUyVmczNEJNSC8vUGNxTmY4
c3hBNTBrZy9nSGE4K1V1aFZZNzl6VFEKLS0tIFhpZlVla01vK0dNczR0T0VyWjF6
NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x
ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:08:24Z"
mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
secrets/services/vaultwarden.yaml Normal file
View file

@ -0,0 +1,22 @@
vaultwarden:
env: ENC[AES256_GCM,data:VBYfmsrB5LLcEyFqKGvMz9U7LRix8Yo5IBoyIelwKY0g/TfaaFO8QTo84CQrkgB1faFex2xX/nbnsaUslSgxYu36f4XmaMUzMJ6FneDUnbAU2wp09bxek7iEqfRSrennfwAa3cTpOr3RkWG8AfW9xDMFhduqSSr3emqrXSGSnPSI5BuDjru5NbVmcPSdw9U396rkGZd5znxnIa+2f63+ox45tHxsOsC9iVlnnX4KMfJl+8QufX19atxGZwH2OVWn7ehesOd+DuvRMWkProoUERbGz51EvBQm3Ixm4WSQ3M9vFSIuup3ppNBYKHG6a9XAGiEyFDZEEiYhVQ==,iv:tCE83OE3c9bUXb8Z4sPJc/YwjOCftj4dmW0M//3ncQU=,tag:TyLR+5hNcQnXLZUxZiIKmg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcFBzNi9lcFNyYVM0VzF2
UGtralRTNi9qVG9waElST05BZTU2U1Y1endvCjFRT2FtbEFKZUt5Wm1WQ2lITzlL
TXNjZlMrNnB4K0NsSVd4TnFKa0thSTQKLS0tIElkR28wMUNKd090Z1M5eG9nVzFO
L0I2TWZackFkbDMzRnN6NXV2eXNjOGMK3jJFBU/aMtH11l9V2FgHgAJdGRJvYfIQ
DAwMwUM+pz7/uJJ/PmDx1aF8SRGPbG+CjcNz2SSo/u99GX5q08jVkg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:33:07Z"
mac: ENC[AES256_GCM,data:Voh0c1sqoT3CBGyjDXkFAjuHRlQG8JwNLwWF0TMBaQ/Ihz1zplEeHfsM23IceEhBggbEHqhcRipqTkSH24tkXD9wqvg0GsZZLiQ52o+JYPmPCaXZFqfLqjNKFS1y6+rokQaFy4rphWSBv0uS52MaOx8WIZr7m7s3/NNnaEy059E=,iv:Q8EswVeJdsQUDxnj4fTJESCYYHXn648sKVghLtRtBpU=,tag:cveD+MXcTn+xfU8fBkRZYQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

24
secrets/wireguard/chunk.yaml Normal file
View file

@ -0,0 +1,24 @@
wireguard:
private: ENC[AES256_GCM,data:ki5PV+6YoVtvafc+1WbD95hhOwKUOi6FrnymdeFcAMepngwv7s+IT2LuhfE=,iv:r08egXi+QmLS4oDnoz3sxfhTO4Z5pfWwsIt435TxyJk=,tag:jrbLbN/An/xokIRKCIKJsg==,type:str]
psk-yt: ENC[AES256_GCM,data:iAE6vh4jowQnoS+qqNqJh8NtjP+pBowVpC6ItfgAoL4W0sn8rR2V1aKYQxU=,iv:MK5Xum3L9iYSmfYxkVpkWhCsVsnKR1tZgtPQ5dgjc3c=,tag:nXCJihnlkuoLcS0QW9oAPg==,type:str]
psk-phone: ENC[AES256_GCM,data:UzL+T7D+huI+m+eH/JsDOi7LD8MfbRSsnLaeMUyJXLxBRLpcE+vcVX6j9QQ=,iv:XtSYHcYtg+B3/Cs7pNTcZrSP599VMQC54c3y4h2jEZY=,tag:/BSk3OxkiYzFlm3xUsaA1g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMUliZlRiaXN4QUlvM2pJ
YkpiTm9iSnhLZnY3QTdwMWNKRUE1K3hLN2pJCmVOUE1QbnUzU0lPQXdVaDlHaVVH
S0xhK2FBb3o5OC8xK0t2OHoyeWFSSDAKLS0tIHkxMHIreG5QS3VsbUhPa0dXRVM3
ZnBkTllKWWwyOXdaTEZhVndVNDhtV0EKGCAYXiYwbk0b0w/FuE5gkp7597YjJMRg
ukIHh9za/HI6PuR/uNGSOVZeI9AKx9ZeokaDa7Ysh7xsGjCpBj0Qxw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:23:53Z"
mac: ENC[AES256_GCM,data:WwC9G0vMI9SRZzTRoR1GEkDo8E824C7I2XzaG2CDyfWPx9IoviYxIGMLrJOtsG20EmYOndeFT4Zi+eEC5hK+9+ns8Yyl2/SS6jAblV4egdHl6n9OyJL3kjYgpd7Y43VRI3RORXOh1Dn1uY+fM18SyTon+QnuZ5y0+8gggQAmSUA=,iv:osio9+NcHab3GXsOw/aP9qRVityZXKQsDbuk3YJ3unQ=,tag:arNGu/HzQPbSuRxeeJwvUg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

23
secrets/wireguard/yt.yaml Normal file
View file

@ -0,0 +1,23 @@
wireguard:
private: ENC[AES256_GCM,data:hdGsRnF76tNlmv+bqn2xzykBwskDrtYis9f7RKCvGXRnjJxuLhdVlYPf93I=,iv:UT/u+Qei9lODaMHLiHu0xmzkW2iTLqG70xfpMYAKJ7w=,tag:PfNzJBr6l92fwlakxEmwTA==,type:str]
psk: ENC[AES256_GCM,data:3ILdJJbYWwj6fY/6d40EPFyij3f/0RiZBlnGGTkhvQVll+pqksSLck4sBKo=,iv:0nJZtSH9nIDMCnoksfc8PmNJ9SGPkvKxh3j7NlNWQj8=,tag:cwvgTyeyQgEobOfEgzNAVw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RW5aazBWNmwycnIvbjc1
a2tMbnF6R295bGdWT0hhYmx4aVhFWkllNmlRCkpjVFFXZW85QlA2ZTdRaWlud2xk
ZmorZjVwNm9ndHZpMXduWDh4QTNVdFEKLS0tIGpPdnZCSFRyMGFzcVZyaFZ3Q3U4
aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U
QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:09:22Z"
mac: ENC[AES256_GCM,data:zkbor5pSdB0eG4dM5i0DrYDDgrw/Jgi4HWXQkOpGXhJIijm4L1I8gC8T6LFkEC3GGs8If6CY0dzuKkNDTA/r4hQ6oMunZNfdg8cV8+NZFNUJpca9S4IwUgPf35kV2QeDSB5w2h3pxz0QL/cmAOugXnI6LCrqZsbTzXfA9g51dkA=,iv:aO8zj3bqmmHdJq0Km02/qDVqnFxJv8ocGm/6CnAX5BA=,tag:2ziWeBd49Nr76f6wBDgF0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2