commit d27c38cd2714a7165ad08efde38c51134429d572
parent 4afcc8702cca380938d19f57e63f89da4c8ab774
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Sun, 26 Oct 2025 14:44:06 +0100
parent 4afcc8702cca380938d19f57e63f89da4c8ab774
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Sun, 26 Oct 2025 14:44:06 +0100
Merge branch 'wip/zaphyra/main' of zaphyra-git:nixfiles into wip/zaphyra/main
21 files changed, 390 insertions(+), 302 deletions(-)
D
|
69
---------------------------------------------------------------------
D
|
49
-------------------------------------------------
M
|
70
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
M
|
133
+++++++++++++++++++++++++++++++++++++++----------------------------------------
A
|
138
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/.sops.yaml b/.sops.yaml @@ -2,6 +2,7 @@ keys: - &void AB27F5D1136B20D3149FBCC00389451731A3ADDD - &zaphyra BFE6386C8D66BCD4DAE14FC895F0FE7CD7E6A022 - &huntii age1laajqafnm4ft2m73wq7yqug4ts04ddn59wlqs4t30upeqa35dpdqu8fu3n + - &haueri age1enkp0mlswl30s4h7z4qvyha4cmc2n2exs0v97276q5mx0jc86ggs7g2dyq - &morio age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn - &novus age1tud4lvpmpx5nqceyp09ls9ej8l80zlh29d8cpjxcajfnnyy85fvqs63snm - &pratorum age13f7t27x326hamq39qps2ygrftq3ylyn2nx8xga2kqaxgra2p748sphmetv @@ -12,6 +13,7 @@ creation_rules: key_groups: - age: - *huntii + - *haueri - *morio - *novus - *polaris @@ -24,6 +26,12 @@ creation_rules: - *huntii pgp: - *zaphyra + - path_regex: secrets/haueri\.yaml$ + key_groups: + - age: + - *haueri + pgp: + - *zaphyra - path_regex: secrets/morio\.yaml$ key_groups: - age:
diff --git a/config/home-manager/zaphyra/configure/xdg.nix b/config/home-manager/zaphyra/configure/xdg.nix @@ -1,38 +0,0 @@ -{ config, ... }: - -{ - - home.preferXdgDirectories = true; - - gtk.gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; - - xdg = { - enable = true; - mime.enable = true; - - userDirs = { - enable = true; - - desktop = config.home.homeDirectory; - publicShare = config.home.homeDirectory; - templates = config.home.homeDirectory; - - documents = "${config.home.homeDirectory}/Documents"; - download = "${config.home.homeDirectory}/Downloads"; - videos = "${config.home.homeDirectory}/Videos"; - music = "${config.home.homeDirectory}/Music"; - pictures = "${config.home.homeDirectory}/Pictures"; - }; - }; - - xdg.configFile."gtk-3.0/bookmarks".force = true; - gtk.gtk3.bookmarks = [ - "file://${config.home.homeDirectory}/Downloads" - "file://${config.home.homeDirectory}/Documents" - "file://${config.home.homeDirectory}/proj Projects" - "file://${config.home.homeDirectory}/Audiobooks" - "file://${config.home.homeDirectory}/Music" - "file://${config.home.homeDirectory}/Pictures" - ]; - -}
diff --git a/config/home-manager/zaphyra/programs/celluloid.nix b/config/home-manager/zaphyra/programs/celluloid.nix @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - - home.packages = [ pkgs.celluloid ]; - - dconf.settings = { - "io/github/celluloid-player/celluloid" = { - always-append-to-playlist = true; - draggable-video-area-enable = true; - always-autohide-cursor = true; - }; - }; - -}
diff --git a/config/home-manager/zaphyra/programs/nautilus.nix b/config/home-manager/zaphyra/programs/nautilus.nix @@ -1,69 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - - home.packages = with pkgs; [ - nautilus - sushi # quick-preview for nautilus - ]; - - home.sessionVariables = { - NAUTILUS_4_EXTENSION_DIR = "${config.home.profileDirectory}/lib/nautilus/extensions-4"; - }; - - xdg.mimeApps.enable = true; - xdg.mimeApps.defaultApplications = lib.genAttrs [ - "inode/directory" - "application/x-7z-compressed" - "application/x-7z-compressed-tar" - "application/x-bzip" - "application/x-bzip-compressed-tar" - "application/x-compress" - "application/x-compressed-tar" - "application/x-cpio" - "application/x-gzip" - "application/x-lha" - "application/x-lzip" - "application/x-lzip-compressed-tar" - "application/x-lzma" - "application/x-lzma-compressed-tar" - "application/x-tar" - "application/x-tarz" - "application/x-xar" - "application/x-xz" - "application/x-xz-compressed-tar" - "application/zip" - "application/gzip" - "application/bzip2" - "application/x-bzip2-compressed-tar" - "application/vnd.rar;application/zstd" - "application/x-zstd-compressed-tar" - ] (name: [ "org.gnome.Nautilus.desktop" ]); - - gtk.gtk4.extraCss = '' - /* remove 'starred' in nautilus side-panel */ - .nautilus-window .navigation-sidebar > .sidebar-row:nth-child(2) { - min-height:0; - font-size: 0; - -gtk-icon-size: 0; - margin-top: -2px; - } - ''; - - dconf.settings = { - "org/gnome/nautilus/list-view" = { - use-tree-view = true; - default-zoom-level = "small"; - }; - "org/gnome/nautilus/preferences" = { - date-time-format = "detailed"; - default-folder-viewer = "list-view"; - }; - }; - -}
diff --git a/config/home-manager/zaphyra/services/wpaperd.nix b/config/home-manager/zaphyra/services/wpaperd.nix @@ -1,49 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -{ - - home.persistence."/nix/persist/home/${config.home.username}".directories = [ - "wpaperd/.local/state/wpaperd" - ]; - - services.wpaperd = { - enable = true; - settings = { - default = { - duration = "30m"; - mode = "center"; - sorting = "ascending"; - transition.bounce = { }; - }; - - any.path = pkgs.buildEnv { - name = "nixos-artwork"; - paths = lib.pipe pkgs.nixos-artwork.wallpapers [ - lib.attrNames - (lib.remove "override") - (lib.remove "overrideDerivation") - # removed because too bright - (lib.remove "binary-white") - (lib.remove "catppuccin-latte") - (lib.remove "moonscape") - (lib.remove "nineish-catppuccin-latte") - (lib.remove "nineish-catppuccin-latte-alt") - (lib.remove "nineish-solarized-light") - (lib.remove "nineish") - (lib.remove "simple-light-gray") - (map (name: "${pkgs.nixos-artwork.wallpapers.${name}}/share/backgrounds/nixos")) - ]; - }; - }; - }; - - programs.niri.settings.binds = with config.lib.niri.actions; { - "Mod+Home".action = spawn (lib.getExe' pkgs.wpaperd "wpaperctl") "next"; - }; - -}
diff --git a/config/home/zaphyra/configure/niri.nix b/config/home/zaphyra/configure/niri.nix @@ -33,7 +33,7 @@ in programs.niri programs.swaylock programs.ghostty - programs.app2unit + homeManagerModules.common.programs.app2unit programs.anyrun-launcher programs.fuzzel ]
diff --git a/config/nixos/modules/presets/zaphyra/router/systemd-networkd.nix b/config/nixos/modules/presets/zaphyra/router/systemd-networkd.nix @@ -65,7 +65,7 @@ in wireguardPeers = [ { - Endpoint = "novus.infra.zaphyra.eu:51820"; + Endpoint = "[2a03:4000:4d:5e::1]:51820"; PublicKey = "J+kRRNU65JGc0yk04v6P3tFwHSQOIfq8EkfD2gFupg4="; AllowedIPs = [ "::/0" ]; PersistentKeepalive = 10; @@ -73,6 +73,28 @@ in ]; }; + netdevs."10-wg-dn42" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-dn42"; + }; + + wireguardConfig = { + PrivateKeyFile = config.sops.secrets.wireguardPrivKey.path; + ListenPort = 1718; + FirewallMark = 1718; + }; + + wireguardPeers = [ + { + Endpoint = "[2a03:4000:4d:5e::1]:1718"; + PublicKey = "MRXPP//j+BDCiUyrYHdXtdULAsCZyfgumas8pxp6oiE="; + AllowedIPs = [ "::/0" ]; + PersistentKeepalive = 10; + } + ]; + }; + networks = { "5-dtagdsl" = { matchConfig.Name = "dtagdsl"; @@ -137,6 +159,30 @@ in ]; }; + "10-wg-dn42" = { + matchConfig.Name = "wg-dn42"; + linkConfig.RequiredForOnline = false; + + address = [ "fd6b:6174:6a61::5/128" ]; + routes = [ + { + Destination = "fd00::/8"; + } + ]; + + networkConfig = { + DNSDefaultRoute = false; + DNS = [ + "fd6b:6174:6a61::1" + ]; + Domains = [ + "~dn42" + "d.f.ip6.arpa" + ]; + }; + + }; + "20-brlan" = { matchConfig = { Name = "brlan"; @@ -150,6 +196,7 @@ in address = [ "${hostConfig.networking.ip4Address}/${toString hostConfig.networking.ip4PrefixLength}" "${hostConfig.networking.ip6Address}/${toString hostConfig.networking.ip6PrefixLength}" + # "fd6b:6174:6a61:100::1/56" ]; routingPolicyRules = [ @@ -186,16 +233,25 @@ in }; ipv6SendRAConfig = { + OtherInformation = true; + Managed = true; RouterLifetimeSec = 1800; EmitDNS = true; - DNS = "_link_local"; + DNS = "${hostConfig.networking.ip6Address}"; }; - ipv6PREF64Prefixes = [ - { - Prefix = "64:ff9b::/96"; - } - ]; + # ipv6PREF64Prefixes = [ + # { + # Prefix = "64:ff9b::/96"; + # } + # ]; + + # ipv6Prefixes = [ + # { + # Prefix = "fd6b:6174:6a61:100::/56"; + # PreferredLifetimeSec = 1800; + # } + # ]; dhcpServerConfig = { PersistLeases = true;
diff --git a/config/nixos/modules/presets/zaphyra/syncthing.nix b/config/nixos/modules/presets/zaphyra/syncthing.nix @@ -54,6 +54,7 @@ in syncthingDevices = { #mobile devices huntii.id = "6YZT5PZ-EKXZBMV-C2MJL75-OCQ36LC-L3QIRPW-VJ5EU3C-2ICZDDO-IZ7IGAO"; + haueri.id = "YMIK4FX-2IVSTHP-CRZHAEM-2KNSZTP-QR5JTSD-MSSR3XV-SUCJF4F-T5SSDAN"; iphone.id = "3SM3LJV-XMHYW2D-MU5WQ3T-KGYUJOI-LXOL6YI-BSVZ2B5-QJ6GVXN-MPWMKQ7"; #servers
diff --git a/config/nixos/modules/websites/fedi.ctu.cx.nix b/config/nixos/modules/websites/fedi.ctu.cx.nix @@ -170,7 +170,7 @@ in }; "/assets/".extraConfig = '' - alias ${config.tgc.services.gotosocial.package}/share/web/assets/; + alias ${config.tgc.services.gotosocial.package}/share/gotosocial/web/assets/; autoindex off; expires max; add_header Cache-Control "public, immutable";
diff --git a/config/nixos/modules/websites/fedi.home.ctu.cx.nix b/config/nixos/modules/websites/fedi.home.ctu.cx.nix @@ -49,7 +49,7 @@ in services.resticBackup.paths = { gotosocial = { enable = true; - package = pkgs.tgc.gotosocial-unstable; + #package = pkgs.tgc.gotosocial-unstable; user = config.tgc.services.gotosocial.user; passwordFile = config.sops.secrets."resticPasswords/gotosocial".path; sqliteDatabases = [ @@ -71,6 +71,7 @@ in tgc.services.gotosocial = { enable = true; group = config.services.nginx.group; + package = pkgs.tgc.gotosocial-unstable; settings = { protocol = "https"; @@ -82,9 +83,6 @@ in "172.17.0.0/24" ]; - db-type = lib.mkDefault "sqlite"; - db-address = lib.mkDefault "${config.tgc.services.gotosocial.stateDir}/db.sqlite"; - storage-backend = lib.mkDefault "local"; storage-local-base-path = "${config.tgc.services.gotosocial.stateDir}/storage"; @@ -117,76 +115,75 @@ in appendHttpConfig = '' proxy_cache_path /var/cache/nginx keys_zone=gotosocial_ap_public_responses:10m inactive=1w; ''; - virtualHosts = - { - "${config.tgc.services.gotosocial.settings.host}" = { - useACMEHost = lib.mkDefault "${config.networking.fqdn}"; - forceSSL = lib.mkDefault true; - kTLS = lib.mkDefault true; - locations = { - "/" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - proxyWebsockets = true; - }; - - "~ /.well-known/(webfinger|host-meta)$" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - extraConfig = '' - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri$is_args$query_string; - proxy_cache_valid 200 10m; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - add_header X-Cache-Status $upstream_cache_status; - ''; - }; + virtualHosts = { + "${config.tgc.services.gotosocial.settings.host}" = { + useACMEHost = lib.mkDefault "${config.networking.fqdn}"; + forceSSL = lib.mkDefault true; + kTLS = lib.mkDefault true; + locations = { + "/" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + proxyWebsockets = true; + }; - "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - extraConfig = '' - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri; - proxy_cache_valid 200 604800s; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - - add_header X-Cache-Status $upstream_cache_status; - ''; - }; + "~ /.well-known/(webfinger|host-meta)$" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + extraConfig = '' + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 10m; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; + ''; + }; - "/assets/".extraConfig = '' - alias ${config.tgc.services.gotosocial.package}/share/web/assets/; - autoindex off; - expires max; - add_header Cache-Control "public, immutable"; + "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + extraConfig = '' + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri; + proxy_cache_valid 200 604800s; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + + add_header X-Cache-Status $upstream_cache_status; ''; }; + + "/assets/".extraConfig = '' + alias ${config.tgc.services.gotosocial.package}/share/web/assets/; + autoindex off; + expires max; + add_header Cache-Control "public, immutable"; + ''; }; - } - // ( - if - ( - config.tgc.services.gotosocial.settings.account-domain - != config.tgc.services.gotosocial.settings.host - ) - then - { - "${config.tgc.services.gotosocial.settings.account-domain}" = { - locations = { - "= /.well-known/host-meta".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - "= /.well-known/webfinger".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - "= /.well-known/nodeinfo".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - }; + }; + } + // ( + if + ( + config.tgc.services.gotosocial.settings.account-domain + != config.tgc.services.gotosocial.settings.host + ) + then + { + "${config.tgc.services.gotosocial.settings.account-domain}" = { + locations = { + "= /.well-known/host-meta".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; + "= /.well-known/webfinger".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; + "= /.well-known/nodeinfo".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; }; - } - else - { } - ); + }; + } + else + { } + ); }; };
diff --git a/hosts/haueri/default.nix b/hosts/haueri/default.nix @@ -0,0 +1,138 @@ +{ + + system = "x86_64-linux"; + nixpkgsStable = true; + + domain = "infra.zaphyra.eu"; + + sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzfyv5VewO+fMknvDOm1AneXeIynPYC3DsvY5XRpvsa"; + + hardware = { + cpuVendor = "intel"; + allowHibernation = true; + }; + + networking = { + hasDN42 = true; + dn42Address = "fd6b:6174:6a61::10"; + }; + + configuration = + { + config, + pkgs, + lib, + ... + }: + { + + specialisation.gnome.configuration = { + modules.presets.graphical.type = lib.mkForce "gnomeMinimal"; + }; + + boot.initrd.systemd.emergencyAccess = true; + # boot.kernel.sysctl."power.pm_async" = false; + + sops.secrets."environments/networkManagerProfiles/cccdaWifi" = { }; + + modules = { + boot.secureboot = false; + filesystem = { + impermanence.system.enable = true; + impermanence.home.enable = true; + rootDisk = { + enable = true; + encrypt = true; + type = "btrfs"; + path = "/dev/disk/by-id/nvme-WD_BLACK_SN770M_2TB_25242V800503"; + reservedSpace = "3G"; + parts = { + nix = true; + }; + swap = { + enable = true; + size = "33G"; + }; + }; + }; + + hardware = { + video.intel.enable = true; + cpu.updateMicrocode = true; + fprint.enable = true; + fprint.disableOnLidClose = true; + + quirks.thinkpad.enable = true; + }; + + presets = { + base.enable = true; + zaphyra = { + enable = true; + networkManagerProfiles = { + dn42.enable = true; + }; + }; + + graphical.enable = true; + graphical.type = "niri"; + + networkManagerProfiles = { + voidPhoneWifi.enable = true; + voidHomeWifi.enable = true; + zaphyraPhoneWifi.enable = true; + zaphyraHomeWifi.enable = true; + grogHomeWifi.enable = true; + cccdaWifi = { + enable = true; + username = "zaphyra"; + envFile = config.sops.secrets."environments/networkManagerProfiles/cccdaWifi".path; + }; + }; + }; + + services = { + earlyoom.enable = true; + systemd-oomd.enable = true; + greetd.autoLogin = { + enable = true; + user = "zaphyra"; + }; + }; + + programs = { + AusweisApp.enable = true; + yubikey.enable = true; + }; + + users.zaphyra.enable = true; + }; + + networking = { + useNetworkd = false; + hosts."127.0.0.1" = [ config.networking.fqdn ]; + }; + + hardware.bluetooth.settings = { + General.Experimental = true; + }; + + services = { + #userborn.enable = false; + resolved.enable = true; + printing.enable = true; + avahi = { + enable = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; + gnome.at-spi2-core.enable = false; + pipewire.raopOpenFirewall = true; + }; + + system.stateVersion = "25.05"; + home-manager.users.zaphyra.home.stateVersion = "25.05"; + }; + +}
diff --git a/hosts/huntii/default.nix b/hosts/huntii/default.nix @@ -58,9 +58,6 @@ hardware = { video.intel.enable = true; cpu.updateMicrocode = true; - fprint.enable = true; - fprint.disableOnLidClose = true; - quirks.thinkpad.enable = true; };
diff --git a/hosts/novus/default.nix b/hosts/novus/default.nix @@ -95,13 +95,8 @@ }; websites = { - "restic.novus.infra.zaphyra.eu".enable = true; "flauschehorn.zaphyra.eu".enable = true; "ip.zaphyra.eu".enable = true; - - #old fedi-instance - "ctu.cx".enable = true; - "fedi.ctu.cx".enable = true; }; users.zaphyra.enable = true; @@ -134,11 +129,11 @@ }; wireguardPeers = [ - # { - # PublicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY="; - # AllowedIPs = [ "2a03:4000:4d:5e:acab::2/128" ]; - # PersistentKeepalive = 10; - # } + { + PublicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY="; + AllowedIPs = [ "2a03:4000:4d:5e:acab::2/128" ]; + PersistentKeepalive = 10; + } { PublicKey = "CdnaBQL7c7zX0ORKhYyXp3HZ1kjqoEIGW03/mCCwAgI="; AllowedIPs = [ "2a03:4000:4d:5e:acab::3/128" ];
diff --git a/hosts/novus/dn42.nix b/hosts/novus/dn42.nix @@ -209,6 +209,14 @@ ]; PersistentKeepalive = 10; } + { + #zaphyraHomeServerGrog + PublicKey = "CdnaBQL7c7zX0ORKhYyXp3HZ1kjqoEIGW03/mCCwAgI="; + AllowedIPs = [ + "fd6b:6174:6a61::10/128" + ]; + PersistentKeepalive = 10; + } ]; };
diff --git a/hosts/polaris/default.nix b/hosts/polaris/default.nix @@ -3,7 +3,7 @@ system = "x86_64-linux"; nixpkgsStable = true; - domain = "home.infra.zaphyra.eu"; + domain = "infra.zaphyra.eu"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2bluHGMcdKEremjLq3aUEeJlWHlGSjL8nuAhkeEl1f"; @@ -18,8 +18,8 @@ ip4PrefixLength = 8; ip6IsPrivate = false; - ip6Address = "2a03:4000:4d:5e:acab::1"; - ip6PrefixLength = 112; + ip6Address = "2a03:4000:4d:5e:acab::2"; + ip6PrefixLength = 128; hasDN42 = true; dn42Address = "fd6b:6174:6a61::5"; @@ -81,7 +81,7 @@ zaphyra = { enable = true; router.enable = true; - smarthome.enable = true; + # smarthome.enable = true; }; };
diff --git a/hosts/pratorum/default.nix b/hosts/pratorum/default.nix @@ -37,6 +37,7 @@ imports = [ ./dn42.nix + ./floractl.nix ]; boot.initrd.systemd.emergencyAccess = true; @@ -169,8 +170,13 @@ }; websites = { + # "restic.pratorum.infra.zaphyra.eu".enable = true; "music.zaphyra.dn42".enable = true; "continuwuity-migration.zaphyra.eu".enable = true; + + #old fedi-instance + "ctu.cx".enable = true; + "fedi.ctu.cx".enable = true; }; users.zaphyra.enable = true;
diff --git a/secrets/common.yaml b/secrets/common.yaml @@ -14,60 +14,69 @@ sops: - recipient: age1laajqafnm4ft2m73wq7yqug4ts04ddn59wlqs4t30upeqa35dpdqu8fu3n enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFays2OE9mVVA0aytkUko0 - M0pYbjlSSUJHaDFFdEN2TzFHZjhMa0FWeG5nClE0MHBWenYyNWNtWVdKRllUb1JB - TTU0ZEhGVkh6ODVCUDVEOG9aTHpWSkkKLS0tIGx4UWFDZmJTbkZyaTUyNjkxcTNV - TkVxZVFCK0g1djVuU25lY1lzdkhwalkKxtyC6ayV7qCXniEYWdjO2p3b/Zgw/NM+ - /SfUrMhH9NR5Q6g2hzVxcWMA5WfJVR19ZCQSafchhRQxceMNGVXADw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWWkyVkZhNkVBSG1pZHFX + R21HT052S1hnejNTRHRJc3pCKzN0S1FqWHhzCkZXSXR6SmE0NzN0eG9pY3BIM3I2 + eHpOTnVuZ2RFbVNDWnI4OHREQndjZlUKLS0tIEkzSEIzbjd6QXlSa0dsM2JlRHdu + VFdoMGxwa2xoNTdub0pIN3hNcEZOUGsKnAuGfxBHcnD0QVIYLr/oI4t0riLtaU9U + kGFM3Rs0jjm3kGJTXIzWxXTycdEBS02GdY0k1ZXiuK9T8YxDf/7abQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1enkp0mlswl30s4h7z4qvyha4cmc2n2exs0v97276q5mx0jc86ggs7g2dyq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBER0RSbDNFSUhXbTRYRzBh + QVIwYkpJeEV2ZlJwSnNvMm8rVlJ2cS80VWdnClphNTBaU3pxWS9ZMXh5VDRyZjBV + S2hBYUh2dngyZUpZS2pZYUhMaWR1dWcKLS0tIEU4S09MOG00aTNrUkMwTDc2VXpY + bW94Q3p1dWZRN01naVdKNmd5NisyRVEKxsOaYRLJnDtyTJK5EDC/uFbPZ92PGagn + CapHNN/8GrFlMOu+juLDDs9NByQsUMUmpxmn6+GuqM38yfFJEawlBw== -----END AGE ENCRYPTED FILE----- - recipient: age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkZlQkhKU0IzeW51RllP - T29YMnF5VE1YSnFDMEI1V042S2E4MkJNYmd3CjlEVVphS2FaNDRqWnhWZFdvY0Qy - cXdMTitobHNFeWJjd2tVc21LVTFNT1EKLS0tIEZrcGFuL1JoRWZPcnVGbFMvUWlv - VFFYSFk4alVMUUJvQURUYXViUE4wbTgKCPOwUHEZE/hs/eRV9LC8ixnySNZT0Q3S - Ia4YrZH47lcvMX0pGYxJoHv5lpBA6VdVDbGxpesLu3K6R1VpHFcfWQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArN2ZqNGFsbXZsekt1WHJY + bkVETTFqVUR0dkh6azUybmNkZjU2cnZ4Z0hJCjI3TnZTL1d6cEpmMDd3VDlNdTdZ + T25TOTVmM3llYnpoNGpFUDdyZHgzSUkKLS0tIDlMYkRJcVl4RWU2UXNTQ1B2c0Rm + eERvNVZxRmhPRHQ5MXR0U0VLZS9sem8KKIahcGm8IcBg76z9DOUmsJMru3Q7iQt1 + u5r8TF31xhYEKwNC/5lYb7t2amX2T9J2LIVV8xK5ORQ8mW/mT3qYtA== -----END AGE ENCRYPTED FILE----- - recipient: age1tud4lvpmpx5nqceyp09ls9ej8l80zlh29d8cpjxcajfnnyy85fvqs63snm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZb0REUk1ucGM3RzVCSFpL - aFpzQVA5UENnZk9kT00yV2pLTkczd01TQkhVCkRDY1NrWXJPcmdzb0xucTFKU2s3 - SHpTWVA5dFBPUVF2czdYOWxXTjlESWcKLS0tIHpydTNXNk9jd2xENXlVSi9IWnpt - RUFTN3NCblZXRmZ5a3F6Vk50N2Fkd28KpHRRj39B0pa9ox6epEfhmVYgeHXZEkTF - d8IJU4hqRQpN7D6lxSXQm5ky+0afUIaHvkSgBE8ilJKjvM0ZFFnpOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UTBBSDBTV1ZyRkVyRG00 + Q1J2THhHMFFSTEJMYkthRlZOU1BVSmFFZlM4Cld5R05SYnJXVHJ1ZU5Gc01BYUlC + K3J2UENpNlhuWEM3amk1YVVqTmNPNEUKLS0tIGx2RjE1eEtBeHRRdnluZHV6WTBj + NnNSZEl6bWpia20xcFZrdHNkaGdKdlUKGT9+ew6u2G9otjNr3fTHVt8BF7FeS8nu + riM1pbmIWUNL3btpOMdPTNn699Z7cFgFqddwRJf7tV073H0c50IiVA== -----END AGE ENCRYPTED FILE----- - recipient: age1qyqy5we7zua06ppj654rgd6t7kyw3gem6hnexna98j60klyus4zq68cjlz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBINkNROExHY3hkd0xHSk9V - NXRYSHZRcGg0S29Xb082MzJabDBmZW5kbVVzClo5Q2ptbDlmNEZTbGFDUWFLL0tJ - VHRlV2tLaktmak8yaFcwMEhKQkxab1kKLS0tIGtCeTFqUGpRUy8yd3BLUWQwbmUr - c3NmU2pWdkgydFQ5Yy96YWIzaldydlUKwf0NNkiFDweXedjs4QHGnNTQw0X2EtH1 - LvvbKVggRkd7MLXGsL3j2Ovaip9F3gfZ4xfEdAUXJgxnhW77qVEdOQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEK3lIbWdFeWI5Um5ETXU5 + RW84aE5DaVcvMHFodEJCWEJGVjZodURMOUZFCm9uSU9OU05NR2RXYUVSVi80OTRO + ZEE4elZGYlk1cVRPeldYQXZyRDFxcVEKLS0tIG9EbmRWbkFOenNtUGh6RzZON2p4 + aTE5dTNuU3ljRkxjUTlESDNEZGRDcE0KLBrWE1I7zaeDheJOJQAuEKKA/oHHG9XJ + rYnvNKz4dcvZn8C0+bgQlQ4Ukk++xcbSWsh7cwXctDINEhMsQe0Qrw== -----END AGE ENCRYPTED FILE----- - recipient: age13f7t27x326hamq39qps2ygrftq3ylyn2nx8xga2kqaxgra2p748sphmetv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WDFZaWs0Rkd4QnF1Uytj - K0UzM0k0bnlBV05kQmIzWkRYY1pObVl3bXlNCm1RMHUvb1ZISTI4bjZUcncybzg3 - K1dFWE56emlTQ2FHbUJ0MitGdmxGS0UKLS0tIDd4UnFJaDNXY3ptUUQ0TTlGSnlE - U3c3WEJOdDQ4dFlIU1VVN0h5akZvVW8KcRX3hw529g7RL8pMeb0IEoDXMsfatUpR - qcU0GedBYmbIUWyU3zXEXK2U05s6cn+03dHlE+0j50sPGCkVFewDhQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcG5mSkwzb2xYVzZEN2o2 + SndDd2tOc0JncTR6R0NmN0FkeWJpaWlRbVF3CjJmbEpXUHhiWHpubGQzSVJNanM5 + a0pWWk5SQTdXVWF5a3p3Q2Q4YjVHSzQKLS0tIGVCU1R0cjIyRlZKZUYvTGtFRE8x + QXBJdEpkbDFkdUh0bWJhdDR1UHZ5Y0UKZkEq0AX2Sc6l1/+kly/YDMA6A7vEKW9/ + R5C+ruObp7M/QoO4uG715l357cvZtVsXxaPnP62G/fYb2QG89waAbA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-07-08T11:24:38Z" mac: ENC[AES256_GCM,data:ZDjPpLKJlu/EtuL+SSAInl+4aKkGKH1QZRvRYuhQLWuL3/Vcydjv5aG2Fy6F73o7NlMUubixufdgsoITpH+SNndtH6rEQkl12Oo0H7MNGTdecJVjXtpLmHdmlVZvV1binbzOSfD+SRzXILQlzKq/jBqXC0TW0YUgPvIky12dSCs=,iv:KQw+K0px71dkdVpKom0+tV9CI8jczkLrd4HUuTkdkKM=,tag:kH2DYck3tVZtP1o6W13wDQ==,type:str] pgp: - - created_at: "2025-09-21T19:21:11Z" + - created_at: "2025-10-22T15:41:56Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DfdBfTP3jZzQSAQdAcc6eEZcZ+UtBmv/HleKF298Spdc1oVdejZQvRcHNnTUw - w5Azf812NC+R1Qd1TYZ0gpwqlOLM7SKbm/c6K+ys8jYuXkRE9jxKHFXDJKZJfJtE - 0l4BLbLtsjhs5uIZSomtgabr/DChsJ3eMTCFTNFt8kArpXCNjlB371i0Dk3WJit2 - 0ZGtM4zljVeCPKd6y0SA9V8DrponoFS+6m6uxIpHMaeDNLMa0JL+N08uJ+bjTBV/ - =T5Oq + hF4DfdBfTP3jZzQSAQdAN5xZmTxQHxZMXWRjRSWrjfPm1X4jTBez1TZxWLqb/Xcw + 4EJgs6qMNYU7fWWf28G/upCXZSwQh4bUH+J7iF4dPZzZOTS5PrJk0QuUmpC5cxjF + 0l4BxLfTpzNzwOiNXOmjhhW1hQZDPHJxO8PaSegrm+nn/1U+/bOt8YJw1xNToReF + FDj7MNvtId+gDo411o5TPDrf7SBELizna0M+CjLbw2j8hC5gMrg21LmwWMUYfxbY + =wLL/ -----END PGP MESSAGE----- fp: BFE6386C8D66BCD4DAE14FC895F0FE7CD7E6A022 unencrypted_suffix: _unencrypted
diff --git a/secrets/haueri.yaml b/secrets/haueri.yaml @@ -0,0 +1,38 @@ +machine-id: ENC[AES256_GCM,data:zMeJc1acTyBxjhhhsvl0J9aMZux3V0HZNcOJcigi4VQ=,iv:AaziydEJYpB95xNU90ZKURPEAJeshktdHxylo6oCaGo=,tag:LY0hOz7hG790t1gRHIPe1Q==,type:str] +acmeTSIGKey: ENC[AES256_GCM,data:LLw6+kgHfEbCuLJ9aN0DY4iWGlPlLrB/c+fSEVVfSAmHNkYzTa/UoFBDnn3/98zij2YD0V/CjHjfrL8R71UrWA==,iv:0XDiJp/F9aw8/qo7tOZqhd1HWe6q0Fc3RYH2AcJHx5c=,tag:OrQJZnAm6rxEgXA+BNsgKA==,type:str] +syncthing: + cert: ENC[AES256_GCM,data:pezA/81DB+DSRgJdGX6afiSU+XwSyigTjwVBxzFtaS3Dy2wY4LoNxO7NxsInsnHjdsenrGxyuq80rCBKxquCUIOjFUBH78tmpT2tgh66K3exTbWiV1V1dAHTXdXilW0BFQZQG0YPk+LxrHGqAQ/8YT1Bc2AsLVfqqMALEE6e3lanrrsrnUuO7h/2lWA1sZeFfk3VMaLP9nBSoeckplLTIrzwGnVwFXCqRC6e3BDsHk0YTW0hc1VXgTSrE5aIZiv/dMqJEHxI3/KnXVc/U5GwLMOYadlt4YHTL95bx/f8djAn21ooPY9KS8EN+67dlFZ+xvK2D07aIkujCJxbNxnKxrcoPhGTzfqtFbYcc+S9IbGHa/macMDnkogy4HdAJPkcwMm+LDG41GwFU3MA5L9AMMyX8lPkMnz+L8fdeRfMRV/IbHkEgzgc2MPOdwvHRpVYkqjwL86fiz3Q+spaJfTbMazcWc3wiNZwCnTLu0jh0gI0QzVhY1reI667trFHEBS2BTf64913kcIBHH7FtAX7xBKPFT1Z0lM87UsPlPbhNZ7WoPoJ+bO9B4u7SlV9/FBu9d/sNSKxzdBIA3ZnmScaj7U/GBWEKyQir4TYdQP1iMN3ajAo40oGiBYwzzRhUyGatLW+gfriBPFLciVXkqFqd2bIpbuUs95EZG9RATTQVS2Isdu3zirPeIUoB/bfULB0xsnL2HfJ4srQE2FMxooCe1Oc8jfnElgk5qQEh7z4HPzj3CoeYc+vLzL6IYU156QMv6Ib2fH0vrEyav731xLXwmILFHEPb1O2OKk9aWQgXWFaCtlCDJ226ghV9dEoTczXbViwo3yXSgt9XCTZl07MzVpXvFMLz+3xVJWHHvXvAtdiQXMhGRoWOdSZYX4+laa5XmjLRieT/49GcZY0tyhwl66nwxzyV50otYtTXiZnRsaxRnxOuUGRQhEE91DtPQkqcQxhQYqUFqJzCKajCAjrXKfch32jiUzJcBllOOI4ryI+gOEBMmgdziTordAThD5rQKxzy22KLSXChqtP0XH4nEjDPjIA/Swk04c=,iv:naBPACKGdAWfiSWbeJ74PAxb91MOq0tV78REzENhot4=,tag:K2sxeLHJivgczpyt90KqhQ==,type:str] + key: ENC[AES256_GCM,data:jNAzO9Bb395D03nqfDFBTSrMVyN9wtp4B5Rq+m/7/MKZt5Ah8Gmum8ffARw1K26nLeow/2CVZS+jCj6j8br68a7f2e3fCvDFoqPR0CgXVL5LNObu3sxK/T+DGjuAZMG64jMcT7lIexouxT/5z8vEH8TWKOxl1RkcnnKCMJGFt+EBnTEoyI5QJIXY0IwiQyFmzAB2S4VK/ORVs498IohvPNy+1pYMp8gfpBF15eBjveEXRcpbiBXXo3VeAHGowU495PXhm5XUw8W9l3I+h1SYcz0QxXx8Ffe3ctSNTBnshnMZ+g2kWbVfBbhWAt+FNDqi/0eEzdRJw8kY9sPBcLN4wJUKSZPDfDKFRmO5zVYUbFAoa77DxdGBvjex/D29198G,iv:1K3AQM53/Nw7k6T5l5gO8g2vojh4pMMZbOZckRTAitA=,tag:Mix7wxs8KkwiLxE+YqMbwg==,type:str] +environments: + networkManagerProfiles: + cccdaWifi: ENC[AES256_GCM,data:XD/cBFq8WVCgBcTT48uZxTXMfRGrpw3t9cSuYGnO,iv:opCaN8mw67eYIHD6xqVtf5d6n3YQBXIIvhDKsO034nQ=,tag:n9rtr1muWtuKOiWVHjKi1g==,type:str] + dn42: ENC[AES256_GCM,data:j0gIxTtfHYN2S07RXrh5A8FTmUAz8Gw5HmbuxdcuoJIKYEsqpw8IfG/RsuNET5j6Q5RwtdAkzznY3tWEbks5h0Lfgg==,iv:00KHSGuc6mZx76TZPkJV/1oUylUkdPnc4Fq+0yLaGu8=,tag:MRSpE2HXIo24//m5AXNbdg==,type:str] +dn42: + wgPrivateKey: ENC[AES256_GCM,data:T9r5KTlbOEoUlbo9F3dK088m+WKJIoWbWMiJDGcfDnletzSwksnuq5eDsRw=,iv:HcVoCWYGJnRuYjU34wsp3ZHoX75h/0/p1b0WXhUF7xk=,tag:+KW3rkNnwbt9xuif21Vvlg==,type:str] +sops: + age: + - recipient: age1enkp0mlswl30s4h7z4qvyha4cmc2n2exs0v97276q5mx0jc86ggs7g2dyq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Q0lhakEzeTF6eGk2d0RB + NVU3cGwrS25KTVJhVFF0TWpkQkxySGxrY2d3CmVMcnhuVHJWWlEyK1orWmFVT3Nl + VzdKRzVuUVJ3NlpZTFNWLzN2WkY4RDQKLS0tIFBNQTdtSXhJVUhWOFFxTDd0NmNx + SFk2UTJiaFpnMFFGRERZb215SnVabE0KYP/xmm9uv+qIwS67tCIOSoXqr9nZFDKK + Mss4OlDNWuJmQw25tW8P1Cr/VumIjFCVC5wRybV/NpUay7fTHf5GaA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-22T16:04:52Z" + mac: ENC[AES256_GCM,data:S+DXeF2kUqiCwUwnJN4+01O4FejizGc0bQvfT+UaxQXZLjiDYKZSCLUe7ZQPXBQW1x4dnKyhEymxYwIg15uEICex/O++RnvUIolBr4RywlYWuK8V7ifnI7sMYVGUkW55Hkw+viWSTFOjs4ZdNyq6Rf1R803T4K3suioJhLEb8X8=,iv:/QSh6xKf/k1S7aOjjfhJX+pHRBb0VxyfMFUbmXW0s18=,tag:6+Uk4YHmzGk9TAxUIUuAvQ==,type:str] + pgp: + - created_at: "2025-10-22T15:42:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DfdBfTP3jZzQSAQdAfAhHymCYkYZjU0xJOrf6kFuP7dOnodAWnNv9Q3qmiXAw + C20kEL++Txpr6GZzhPFFyTQlJtb/mLvc1z87LmleEXs7C+Hzvkmph3T7ypyZ3e0M + 0l4BGcA0U54EZlwd+mcpp4oIJY/XjLvVU/9mAgAmJNrPv3uybLKOp0iiHonKxQaI + uIpftksumO65tSoqg30lc2eYy8bGtMlr32+ORuvnSwDGKNrNuN+kL0Xee/ato9s+ + =z08k + -----END PGP MESSAGE----- + fp: BFE6386C8D66BCD4DAE14FC895F0FE7CD7E6A022 + unencrypted_suffix: _unencrypted + version: 3.10.2
diff --git a/secrets/morio.yaml b/secrets/morio.yaml @@ -14,7 +14,7 @@ resticPasswords: grapevine: ENC[AES256_GCM,data:ElNtJC2elPstqJ1vTJRJpNr0OyhTuTxCulh22qq459c=,iv:sgQCekPMcnyFzir/fISJAQZvV91e+43z9D9xShAz4Pg=,tag:LVjr6ZxFO9VmPXZWtz20Uw==,type:str] vaultwarden: ENC[AES256_GCM,data:MmXXWit37MC4dpJG1654IpxfRdw0b+2mpfu7K80ZTRQ=,iv:4wRi3ovrLrzCkUjiGpEpWWPSDkHUdpI82joofhoIP8U=,tag:zgTTK+h/vqLmxCNNtfrxwg==,type:str] things: ENC[AES256_GCM,data:9jjtqiUHwtCJKF1Mfg5bNZQhGHDFNZlAm04umn0SqnM=,iv:5sx+9tOTX/GHk7KwEZo1r4vJVX8LTe7clNsjxIhRAYw=,tag:D5b7/H4CWCCnAmTPPyCMyg==,type:str] -knotKeys: ENC[AES256_GCM,data:MkbkQA15mDcnNPqmcMyVj6rKU+pXGjwtgZQK087w/K1dt6Xfi/ExkZd6rUFzj7w1Jd6Y9MKXg9G+veUNLg17jhcuyaC2VIX68ycWCIM8F/dtcAMlrewtegY1yzii9Qwdj4TJaealQ108K2oQotF062GaZtm9lY0pVAnC3/4gO970C8gvrpfS6vKtktU0qFUYmksduF42EOo8n7zk7lAQF8Zezu1Txar396kPnoPnnV+xIdVdoW6vT6WHBcbFhqE4Mw9vyOrMv+I+nHQIthTVDKnDhuhQW63H9y+DpNXztshN4JMgHnwHsj215DWKFZWXraotVdij50ZKDrO18N/Hei6D8WIenD9jsshwRFx8JpMoU9w6AvCoiI9WhxkJSBaeqk50nZUOCrQAmrZP1xjgTxoPUUGXG+wiXPL1EsJwT3C1Cj4hn98fKBiApFBm+6iiKCASLXvLus0sGOYt7ucxC0flcLUf2tOHBG1p8JhTRZDmDf63zYcGhYekBC8hTSsHUB2NzMVKHngjAUXqw8doToPiEFwwuW88fEL7/ij2h+rVKzqppnNYXX5kJ//h6RLKMhNwW2YwUnmCR/ngqrNr2dBoXLxuuimoPkWL1GXvwJLlvtFpQDwTRaYC5JDORbu8/jGK5uuVhW0sVGs0WwWYCT2R3tpZnP0bcCaYCCEuWk1sTY+l+estsMTHz1yXP4FdMe9wNkCetBYm6IHi8gvW29eMaWTD2wliSGB1zoigTMWZPfbc1gNUx5mhQfzfqD0w1xtO125Yz0zpsKug8z2UJbiegmHtTpacn0o6VJ4WVPyO0qmQU/MDz0isbPSpf9CwJp3Pv1RF+dL/Jx+kh4kD4UX5nqeZJLl8ec0I5k5yDD22e4uSYoC/ECrud2PMD7aaQW/tGrAMHDrf+Me6iba+QgRcr/KPLdjAet/P3RBcDjg7Hd33UVz2UGw8CAcISN4EXOD0lY4Ng89tmIkErGtVZvdsN0pUdBsO9yp1cUHkYNwMVLsr1Jj2ukaKvqZ2EWqKXHiAKuopiK7hR+05za4YQFWdFwsKOMjfoki0eWk01xWBCbIq40nA0D5hhwuTDtZ77L+qL2PBL9FuXxlP8h8CgUCnGGjHJFw51lOFbWvaW/NX3MdVUylk/QgWxTGuwsJJx1Bh8jgI6vsUu/LmcygIHKXfudGhO6K+hVB5lgdKfFhHULgIt9WirVGVb5VFXyFGyMaV6IJol+S13P7X5VDif93mzjOJwjELm44AX/lkhlXTCfJY3+7JGeMjnLsGNXJOqIxsq51EXGHu9nqOa0r87okf5o9Qm3VUoSamQIOIqX3U/h8x7vmNrxO/aH898YQVP9IPcQVKH7BrxgT2gw9oWzrmP/Tumx2+QRXEtrlxwaGysXr4hZIOxoiCWh9xRLBD6D1skoQrN5CRT3VOAuGKq+yCDdw8WtQR/a9zn8U1D5y8A8DYrOo5tPuGCTeIiyyUwN1e3siwzDbPkg0gKDzg8d9Clv+cFl2Mp9dmW8Us8CeicoQsP+CiYHAojcqwUooWAQulQd+0uv0aAnTNydzRyAi7CY/JC09HOexGz2hKjZLAOIBi4cE21L2HVYvXjJyOB+3WfJMkjJ98LQURZeyIsfeMOaLI2KGurtTvOHbH3O4vLeWRh2bdiJbSe+yi/j5Iy2UDFGU02gRUe5h6cOjd5WR6iwGTDYrcnyWxxUVJ,iv:G+Xxn2Z7ll/K1rn0rJDowrhTNV1SOTbnFcw3TCB/xnM=,tag:2iY0+oIHvczvr6YOKGdRKw==,type:str] +knotKeys: ENC[AES256_GCM,data:jilIpC4cs1Dl738Nh4QM9kwzPz14Pof17vnOVf3Vsp+oFjXIQWRPBz28LtsLPfkMSOvM4DAucbsyWF900J3fWbA2XoxS1Py+AdRkfmzno8k5tJfdZU+hogWokvbfhKgRGk6UBSFFuCAvuV5r3lLXtmSuDWO/wRBQHskiK/j3ZnjlenardP9rH2vIDHqwuEdtzEfaU8Ax3GxAZRpDj0pZVoC6Gp3+F1U1rDLTlBeCJLFIosxz6BoTWOXv6GMyMTsSb6gJYa3cIsuO2DmSCoI5wKyk4cJDONA1jh5I/BljKu/y9KmAqmlXqGS1h5XDR2Za+GUQzVmLBqSuTt7yL0ISG6TvrYIlwAn1iTQSv6VnE06bZZWDnv1HRyR8cIpot9wjowDz2T1hnRfhS+YOzGf72JKYLvRIw1xrReSA2L3aIo9iZWjsryVZV/EdAFu0AA0JdSAn17D4uLsr8UTOHcATtefePRr1rcYusI13nPME0jgsfzWiTaNJ+P/DDiyR+p0CsW3w8rU8WoeYn07GRpusNmc0xtyRUyZIqcPhu9FEmYFElUHzXuKFva3J+x1jDukqR9Fr0EjNL/SBffZUt+5ODDjgFS3GQIPm2nq/98bnWFJnvNbCijtQDxZtu+mxO4EKiboO2orJyJFJ9GxoV6zv0BOiOkPnWAELUelESsXZDfsdmE2VxfTtkg9DTkhiEANY1W/kaeMD+EhbEGpAvxr66BZMuhkQtO9D1/chKbrU4JHtuICSnXuJ6EhxJ+Orfn6oFfK/CTUvKIfyEBxXOhqyJc07w7rwcI8aJy4F5VFIY2MzMrm1Ha3cQbHapoUk3iBO6fUxSs7oAH0Cy+//PEycgsthn4tfNuINX8t0VLGw1cRCcKvSQVT5L8Xd6BF8VWvY3Cs294hZVxv1hoV4c4vAc0aYH/OXsUVmTAY1U1qzejnk+GxBg4b3zopLqtk0lIfRuB2hbUFeFvCRYCwpyhSuOjiBAtXEoo3jpbhI1u8BSCZ9R7xNVRimV9FixnLEvTyqJzNCid2e6uZJPiPvFwzSU8C6KQZAlTCD2XAiFXA/SifhOcoXzFISdkTd98LLmuBMqU9ZYppQUY/eMzYYj2ciWqVQXl4h5zx3Ou33Se8J3p7JnOgvFnE0dl4ST9fyAOxjVUXO57w1NnSHA06Go/HlySrBc5pZSsjOUUo9ov4C+c9E55V99qp5Tfi/G5HdxY5Y06We7rKkfpeO6yhNZsadm9n2phr7ROQF53lqMdyZVOcmdMa/SjkHi7eluoRvKtzTQbXs9Uf9HY331c0FM9iW+LzM6MlPP+Npvkb5KBzhGpZjG09fSDYVo2bRRyL4MpdglTW+dALCFNd7TmZ2MjPuA/Ee/Ik6Y6Wjdk/Dtt036NnOFDfeBww4PnVCF09Pijid6iQn2LfH9UI78UP3xY6m9drhbKIy6hDqNKhTzDD/ooLpr8ofScs6H/fzWs+sKXtaLmdEfhI1QG5C2y7HuCmrVh0JUpf6pXg694LyBCqwR3Q25Mk0Ve9lDZHpn55BYff+bfwhaknOq3IcdP7/mh5JftBAbKbN0GFjrAtlEISY3HnEQewr1Bn6jF32/F+iks/8rSC0f42xpyPEoceu6urnfbQVc2P87p5v1jYFwjKC1RRaEFg9I3U+b4o7/mmLuIblFnMIULG4mirOrw/S+8FqHAM3osuD0hNQL5WORwRU352i12jOKNRIiERBmk8fE00OR5x0Y3ywdvmnAIpbw20MXLO2wbU1JBIj+dnmrHMWL82DkM/irqN4fk2zir6yrftgZJU4Ja3NBa/ro3MPRsvONfeWT8hbjyReKvrrPV1x9TOPmRtwc1BbQfa60P2DEecVMwbc+kOMSTWgC990rfFsvQyFSLcCK42tDibchX0ZUwx1WLBA2onZ+L2epiiH2ChX8NEMqsBsabPPk/P568V7EQTOUi3lMsMMR1y4fQ/vMS1BJDb4rVjVgkdyY33G4d4TZk9l8xbsQNrF17s+ltY=,iv:QunWkACa8csdZYKevo+jjIK24kHdXRBVH3cS4LMiyZE=,tag:6s2YOd9P/YYP6NlkYVIXBA==,type:str] radicaleUsers: ENC[AES256_GCM,data:lsVr2x3jZJY8nqJnIEXcd9qNyQsVF4OvcFUwUa+hdlXyACafN7wtDYuc6lvNp7eD6eMz3AD7BO9A6X5SVLQ6bMxUQ8hJYpm0+VeBQSTFFMDdXcVRbad5ymtS3D5sG3v20rlzrLC6tQCkrY7uyKdSKSBCEVcY1BDQMea9uRDi3bRRpiQC8Vz/frxhDnAiVGWtWTOb12KBJPs83STF+IOdZoEZuoKFzuzuhIUekuyEl/l+k/SbXAYA15q+4xK59lbMrJE=,iv:exwd7GdQrYCOFBIi6urDBC3xERo7I1YATN1e/38BIa0=,tag:CtkpxDz5kuU/6/nWEYB23A==,type:str] gotosocialEnv: ENC[AES256_GCM,data:5hvURqX+EqN8zpjirBmh5TIWWgaCga9QxnAfyW1rwOXELnM9ZBJAmqwLdxUa2j2DGrXsqw==,iv:nhVyiAoOJY0HtjB13FnmnQyLB+BWSRwDVrwUiFHBrE4=,tag:P207zPou7yXJKJBf+pxlHg==,type:str] environments: @@ -36,8 +36,8 @@ sops: Ym5kdER1cTdYM09ydEgwUUlhQ3lXUEEKVjdcjjDXUhmpszI5i3NsjrsF6XRHf1a6 qzqyN7FQTuwy23N9PBdJMTe7aAcw12vbvuY2v7UfmNzxkvggaDXJ0Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-15T08:58:00Z" - mac: ENC[AES256_GCM,data:A6jC61FAwUQ8pieELbnirhsx8wWrCxnGemnQg6zM98t5ToDZPNoN3T5xmxnUeLw5H5CuY1HII5App8OQ5mDaTUovgrfdxISjjZKzWCswq76+m0I7Yoa3wu4W0yZ+ovNAt7AOsLuFT+ABJ5L0QkQbOhu/f2UudriZErGr0kvdrBQ=,iv:bBbGS3NbR/BvU1rPTEyk7M0UZzCtlz3WYZH1BzAsqRs=,tag:GMgIQvTvadTZWHXMyK7AtA==,type:str] + lastmodified: "2025-10-22T15:59:42Z" + mac: ENC[AES256_GCM,data:bvzk8vqZe4KJm5Pzwx2ojWl2ciU0EWFLvYDxniqoHpUovQz/Jwl9CE6jBNsAlA9pj86w35WaR6HDkPQQiMIssiQLKbEA5LYDs9YMndk2UpPKYJgj97RITf26sUL5F1q/zlNdisDsIzArVzsey7hlhK/UKhJJ4bIV+Ch4Atch/EI=,iv:7pUqMVDcy/cae8fJzZBCzzgllIwiBSEVHe2O9aA4vDs=,tag:f8X/yBzNckrxnIoWEZj2Mg==,type:str] pgp: - created_at: "2025-06-16T13:06:52Z" enc: |-
diff --git a/secrets/pratorum.yaml b/secrets/pratorum.yaml @@ -2,6 +2,12 @@ acmeTSIGKey: ENC[AES256_GCM,data:qfY0SbY0rusU+vCr7oiHTLHjICZBU1lYlBn7D2BLY5IWJbg syncthing: cert: ENC[AES256_GCM,data:fOMcvmhu9QkF99SD95kzZEveMiwAR/R8GDffsqW0Nmp2gW2ThYG7pVi9TVnFwkPoncxEor5+vPDtDlTHuMHt3wAHvCZ7gftorvABrzkyhVEqNRLDln3JlgZ/YpAzjutXRCiuliE85AgOMB8WsniBSPQihCDIe2MolbYo8JlLJXL/5D6p9CGQqmRzlbmw2Unxzk7Xjw9Cm7RjaszK4SuB+loPdI3suVrCtfKQxQkCzDwQUdBnfeCyesYoPXJBBMDAtForu9i65LOXibDmvKj2rH5/zoUvvV5NO5wncMLED3X5Xyasz5ALJwxmOC+SR9u80emqoW6oN++V/IK8vG5/iiOSdTc7VYHjOgwzgfk47RMS9180cfP3c75Dap4uztdI3bMVYCt5UUkd4bqKI1IEOXG+TL2Ouorcti14G1JlIS17L+KLwnKsc4Ggend0fC7TQz/zAMkG95FmR30YK9G4dzsj7IKdQQeXBpMl7n/WY5byG3qAWqJbOK3EX8glZUHQjUlGCQSokk8CRGB9AhS66wisRNR7BQoYR2c9KjUD/xwVUCIeRDt+6ysUiFOhnhoGAgsnFTZtiuk+JOGhLx5LFWCV/l1kDzwtPa0lSUGeuoMb6rrnEc5HmFzmgKNAD+safXkuEt5ZoqjlCcI2XlnwLsLqQucroky6XhUomFqjesZj4cu2Y3OlkXB7sYQUGIOMBi/lvBKja0Bj0/MzSZp4Mj+8aiMXDdBgoTnIAhLVI3Y7E2x9E31z8I9SbxzxsN+aTyY/XRpF94m5bH3Z2P4MF4Ffk8k3UBPu0iFR89xgTq1gvrG/QMTDRWUtGBgWmf0g/u8St5Tb+Rb4xSew7pGGX6QAmcpsbcyAbEtDxgefnK6RXiPT6YjPJbtSmAxy3GMvOT0STy4Jh1mnqvZhCoxEsx2p8JglrdIe6JA2ShWaVxXkaLJpYZOxgVFJkjHi1xQxKPeC26Iqj3UlKNbmvcstYslhdLAEgmPTqurJoTUMQTvQI4zCe7/3IkVNfA+su269WpdK22Jk7QkHOyk0+BNJ9RF7kLDma54Rj7o=,iv:tO+qA9EMtzD4fCQjSlu0X5WqKZnsWmVBU0mKg6Cp1X0=,tag:N193+z2RwjSwruEsvwIBdA==,type:str] key: ENC[AES256_GCM,data:VvshG8n3LT/eWm18iCIQkHc9GRZQsBWdq066ttqI4JoTohEB9IXR7dQDOC6QwTg8LObLL6zSUFTk2NAS8LyVZfQ4VMmqa24Pf+amwQmkXEv7w4h9ZEaBiU5b8i2JYaV1KDJvr5d+Svt2ZIVnLrIuu+l7C684xHRkX2yFkMh/XBtKRYT/CdhJeM0F4wfVZheBxdokJUlJdDueABaPOoo6PBWyNy3hwFkqInSHC/3aSk7HvB2d6eVDTZN0r27hlozD+JxWMtGhteJbmDZX4fL8oeRyKnJLW74jfxdipVWGw2bp/mQMVzU0JsbdAACDy4Gw5HsEW3+3F0G8xzW+vPm1r60M4+frPO2FbkT9nD7RpSPRKaRy4mYQtHujSougQhn4,iv:MGOWNw1aGAoYCWWgliInm6u2Nu4178OHIgrlD1TeO7s=,tag:p81V6XQJ9K1ux/W2NpAIFA==,type:str] +resticServerHtpasswd: ENC[AES256_GCM,data:EhrJExZEIl9mWR3iDNdMHmh/UEDDJOhTaPUp0fATaM8z7lTPSMiSdFbeg5mmDNNy2CZzSHOORBgOytv6OJeWtERvEzUXOfiM8OxL2imb,iv:8A5QmY4jnfwY2yohjRxNTv7WhUBiPYeAObLkOc7xG14=,tag:yTFFd1sPPcEKimQ+qbyRSg==,type:str] +rcloneConfig: ENC[AES256_GCM,data:zC+TP+zVmtxABi9H99OSjn+IzTd16ub/QT9bqgsUpJKZSJiH1qC5z2gdnSIe2C/lcKFOSLk+MrBCYirtkQSrMYSTDmJU2AUJFtNJlkl199Z6mvLYFwBA8g+5H10Ka0bVPyAGKOew7fzFV5qTY3eqbTYffaiXflVOAusmTMc4Kq5/bdUv/HO4AepMUMWUuGOdl1Hz2OmEjj5iKamgppPZgylIU9pYs4HEtcDhPVvlqKK+3HDogRX245jRAf9N2dGkyMA7YA5JQ+xCWpRX9DhrtqseKuuXDD6wpaiHJWgmkFZle/J9zHJWqDZZLABjpHWAm+V7lFUxyPhnRnHhcTVnTNsDzMQVyyeJ3eIDN1RcyETCPbZUB95n/NJeI0fCOfM1MnFBCd1Tci2a4hOrlrii6mCAydLyv7R2CrUCk6h0wCba9+fkKxilBMk8oMST5C9jZwkZTtW8pc3IXAk3MzAkxk3BiIMk/nHUpG9RiF8EKFKXXGdwVCO6MYFLSGZTAlLrmqovISh8MD2V64IFSAVM6049Hn9JCyM7syqfRV6TvFesmtQ3u8om2e8B2NPGyiyq2RNYBHeElEjsOa0CVY/07s6xU7IeUbF+mlSKCz+3ArRQf5nw0s6M4P2br9aQCC/Jqj7joXpgroYkEgWcWV8kdd0GnP97IGWo/lXoyQ9GZF0u/HWNK8XMbslHcmlgHEYU6PoM5ZQMNs9IXUQdcTp58vPMiPrJDYSJAeAzQl69lDbDQrNWQA==,iv:S904FWeorSSZ5ZrBFubJ3FBn7zw/kxQmrpjSOlZzo4Y=,tag:qg7RXGli/TG7+Ps9nl9zRg==,type:str] +resticPasswords: + gotosocial: ENC[AES256_GCM,data:qfhk9u5XGjLA2TILO+t/jjOGsigM5Cxpgbpo8ONzda8=,iv:Z5TopDhdvGLxsr3/z2odz13FI6e/N0PChoDWLkvToQY=,tag:vqO3/OS7Ts3CStSkJMBQVA==,type:str] +environments: + gotosocial: "" zigbee2mqttSecrets: ENC[AES256_GCM,data:XuRVNV4gVr5FLgqGRXxgyaMAVJIt38adDOzJnY0GWaN52Lb9/E7Sx/TWB41cEO9D4/+LRlf0VbE2B0zehYjQGw1dHlf4rvS5OH8PefKdqBv6w+G0BKRXGh8daERsU8v2r+Vjw7kWtyiADzKP2NRJrVLnJiITwq8kmHHsrYNcs+/492Z1/ElDTe3B32Hq7ATHaP+G7xbfgxMuxIcf9z1EFl39krpgQaw/5eWq7WT7QZIHKD7tZqSpgAUxSDBSNjE+M3wq8PmaqecvO1h/+UtEq5MzxnzfpF0yopJa9cch5SwQqT6XHrxzbM2DldZctuGGmcTJrWpcqHkT4mcO4MfwlanJ/YaT70H25ukJEAHKG/rU86QCk5pIUwGSH15GSxi8ze83QFmJhskzMAoJuDJ6h1AoS9bRn5wY,iv:kZqhnTlwMhIvXg4deiC1D73Y+gspZwdu08yoyeAEngk=,tag:GuzryBSDNke+5jXOuDtwDw==,type:str] dn42: wgPrivateKey: ENC[AES256_GCM,data:CjFgiBZieQdWPyDPl6gcz3xarWR5GTYJ9Ruee7/9pQLlypm+RWRys/3WOFo=,iv:uC7A58MS0zvwKMc74x0xSTIAJS7GbvoJN5N9KfXFVyw=,tag:y9sNo65Qk1TxqN0ReKDCAQ==,type:str] @@ -16,8 +22,8 @@ sops: TndyejhxbVZDTVdaYWRXT1htMVVsOTgKWAOJekArzYzoJF/JcPTSWrhQnvQrl9bU A7H0mCdklZZ66jiUo4iKLwocBn7h9VJ4p3lBdRxyqXuN6dicdQfafg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-22T17:42:12Z" - mac: ENC[AES256_GCM,data:oN5xWdhk4JTJ9x6YjnIfuPlc/h59XKacSHZqPJPd6Q4b7M4zZqZ+SlZ+4E2UAI5w8eoqXHCJAGCSEOzYZ9MBW+zVu9oiWTWWDWBn0D6KRct+NAN+hDisGWBS1dL2uTNchdQfBsFp81Yc9HvLjQ8R40vqp2i/y03JjZChYexpl0I=,iv:Zj2Uj6cra7GXZzeJYj2z7Nc2KArPuf2/dUvYwCAZuO8=,tag:tb2a+0JqDz4u+i2/bAVXAA==,type:str] + lastmodified: "2025-10-26T09:31:13Z" + mac: ENC[AES256_GCM,data:KVjp50vGTtvOQOYRXbxmcEcbenJuWA4mqrsy0OVKS7MPtvmFBcQk+9joJG7yQrhMUxqndtM31md8JjvPRTOIfRVCwrsYAqwM4ZHOIeZp5fNFX7/QJvAMsc8kb1zQN2PB2KdxLIsqOoOuF6P2cjxTRMLdqjR2aMnzH/Cv++9iAus=,iv:KBzCCu5fSpz+T6rOCTgviGss1xvqrJLQapLwoo0brZA=,tag:ql35SeUmEHOjbMBdDWCTFA==,type:str] pgp: - created_at: "2025-09-21T19:21:14Z" enc: |- @@ -31,4 +37,4 @@ sops: -----END PGP MESSAGE----- fp: BFE6386C8D66BCD4DAE14FC895F0FE7CD7E6A022 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0