From 0d39279ac90549e796c8f910568cbe3e38ad0dc6 Mon Sep 17 00:00:00 2001 From: Noratrieb <48135649+Noratrieb@users.noreply.github.com> Date: Tue, 6 Aug 2024 23:39:36 +0200 Subject: [PATCH] registry --- apps/registry/config.yml | 2 +- newinfra/nix/apps/registry/default.nix | 48 ++++++++++++++++++ newinfra/nix/hive.nix | 1 + newinfra/nix/modules/dns/noratrieb.dev.nix | 3 +- newinfra/nix/modules/garage/README.md | 2 + newinfra/nix/modules/ingress/Caddyfile | 8 +++ newinfra/nix/secrets/caddy_s3_key_secret.age | Bin 661 -> 661 bytes .../nix/secrets/docker_registry_password.age | Bin 233 -> 233 bytes newinfra/nix/secrets/garage_secrets.age | Bin 795 -> 795 bytes newinfra/nix/secrets/hugochat_db_password.age | Bin 339 -> 339 bytes newinfra/nix/secrets/minio_env_file.age | 14 ++--- newinfra/nix/secrets/registry_htpasswd.age | 5 ++ .../nix/secrets/registry_s3_key_secret.age | Bin 0 -> 364 bytes newinfra/nix/secrets/secrets.nix | 2 + newinfra/nix/secrets/wg_private_vps1.age | 8 +-- newinfra/nix/secrets/wg_private_vps3.age | 8 +-- newinfra/nix/secrets/wg_private_vps4.age | 9 ++-- newinfra/nix/secrets/wg_private_vps5.age | 8 +-- newinfra/nix/secrets/widetom_bot_token.age | Bin 272 -> 272 bytes newinfra/nix/secrets/widetom_config_toml.age | Bin 4006 -> 4006 bytes newinfra/secrets-git-crypt/registry_htpasswd | Bin 0 -> 88 bytes .../secrets-git-crypt/registry_s3_key_secret | Bin 0 -> 174 bytes vps2/Caddyfile | 5 +- 23 files changed, 94 insertions(+), 29 deletions(-) create mode 100644 newinfra/nix/apps/registry/default.nix create mode 100644 newinfra/nix/secrets/registry_htpasswd.age create mode 100644 newinfra/nix/secrets/registry_s3_key_secret.age create mode 100644 newinfra/secrets-git-crypt/registry_htpasswd create mode 100644 newinfra/secrets-git-crypt/registry_s3_key_secret diff --git a/apps/registry/config.yml b/apps/registry/config.yml index 7bd0787..fcaa640 100644 --- a/apps/registry/config.yml +++ b/apps/registry/config.yml @@ -14,7 +14,7 @@ storage: enabled: true http: addr: 0.0.0.0:5000 - host: https://docker.noratrieb.dev + host: https://old-docker.noratrieb.dev draintimeout: 60s headers: X-Content-Type-Options: [nosniff] diff --git a/newinfra/nix/apps/registry/default.nix b/newinfra/nix/apps/registry/default.nix new file mode 100644 index 0000000..4de51ae --- /dev/null +++ b/newinfra/nix/apps/registry/default.nix @@ -0,0 +1,48 @@ +{ config, lib, ... }: { + age.secrets = { + registry_htpasswd = { + file = ../../secrets/registry_htpasswd.age; + owner = config.users.users.docker-registry.name; + }; + registry_s3_key_secret = { + file = ../../secrets/registry_s3_key_secret.age; + owner = config.users.users.docker-registry.name; + }; + }; + + systemd.services.docker-registry.serviceConfig.EnvironmentFile = config.age.secrets.registry_s3_key_secret.path; + services.dockerRegistry = { + enable = true; + storagePath = null; + port = 5000; + extraConfig = { + log = { + accesslog.disabled = false; + level = "info"; + formatter = "text"; + fields.service = "registry"; + }; + redis = lib.mkForce null; + storage = { + s3 = { + regionendpoint = "http://127.0.0.1:3900"; + region = "garage"; + bucket = "docker-registry"; + # accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY + # secretkey = ""; ENV REGISTRY_STORAGE_S3_SECRETKEY + secure = false; + }; + redirect.disable = true; + }; + http = { + host = "https://docker.noratrieb.dev"; + draintimeout = "60s"; + }; + auth.htpasswd = { + # TODO: ugh :( + realm = "nilstrieb-registry"; + path = config.age.secrets.registry_htpasswd.path; + }; + }; + }; +} diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 32829d6..1348555 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -150,6 +150,7 @@ ./apps/hugo-chat ./apps/uptime ./apps/cargo-bisect-rustc-service + ./apps/registry ]; deployment.tags = [ "ingress" "eu" "apps" "wg" ]; diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix index 40b6609..93497f7 100644 --- a/newinfra/nix/modules/dns/noratrieb.dev.nix +++ b/newinfra/nix/modules/dns/noratrieb.dev.nix @@ -43,10 +43,11 @@ let # --- legacy crap vps2 = vps2; # TODO REMOVE - docker = vps2; + old-docker = vps2; # --- apps bisect-rustc = vps1; + docker = vps1; hugo-chat = vps1 // { subdomains.api = vps1; }; diff --git a/newinfra/nix/modules/garage/README.md b/newinfra/nix/modules/garage/README.md index e1c57cb..cdc3add 100644 --- a/newinfra/nix/modules/garage/README.md +++ b/newinfra/nix/modules/garage/README.md @@ -16,6 +16,8 @@ ## buckets - `caddy-store`: Store for Caddy webservers + - key `caddy` +- `docker-registry` ## keys diff --git a/newinfra/nix/modules/ingress/Caddyfile b/newinfra/nix/modules/ingress/Caddyfile index af05a9a..9045a34 100644 --- a/newinfra/nix/modules/ingress/Caddyfile +++ b/newinfra/nix/modules/ingress/Caddyfile @@ -49,6 +49,10 @@ bisect-rustc.noratrieb.dev { reverse_proxy * localhost:5005 } +docker.noratrieb.dev { + reverse_proxy * localhost:5000 +} + ################################################################ # deadname redirects nilstrieb.dev { @@ -67,6 +71,10 @@ bisect-rustc.nilstrieb.dev { redir https://bisect-rustc.dev/blog{uri} permanent } +docker.nilstrieb.dev { + redir https://docker.noratrieb.dev{uri} permanent +} + hugo-chat.nilstrieb.dev { redir https://hugo-chat.noratrieb.dev{uri} permanent } diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age index fb2c2a754db15c81cbefb5d9e6c296463d9f99ac..b99b7b9439568a18261952572141e890a7792173 100644 GIT binary patch delta 590 zcmbQrI+b;TPJL2&sb@|}hQ7XUv1f>7ahZ3KPkBg~NqAyvq(^#oNL6Zjsk3%rSzub0 z1y@F5ae!-RXtIfRRg#ybQBH)3iLZ8Pv5BE`d4YbiYfgHgd3vIwPqIa}1(&X!LUD11 zZfc5=si~o*LPV9Lb5x*$Nx5Z6MtEU*X?dz!YD7}0zFW3-vbl3|RF%K4kC{`bL9x5B zpLbP;e_@aTS80exmW#fBX}*PJim7|5K}4BPc0@^7K}J|vnvqd*VL^mW-QRykh0R=wh!NJLs;~B;4J&he5BaECg z)60E*(nI~DO8tV3eT;+sD@t99Es8??{R+!{61}rsv@_DV%)JAQ%EAp(jUy^^ee#mh zEHiz*j02pi!V3J7{5>tQOmnKz9R13CDwC4AbaizV3=P9PiVX@2vqLH?tK2gDi!8h{ zwG%VV46{9RgM%W<3%rZ#jSR{IO58F-xn8WQVbk++{d?5XzAay^^*y_DTova#MIP@B zDPm{XlO?hYYUh01`$*`A`tvZRt^;oJXIvZkyJz{We6}aKGd5mYbLhjSi%S?BBd*JYzCWIOC~dMb>(zeV2cjo}M5Isdh;8>cqU{Z2%keO?F zAeVuwrDai3X|9iDih)mVmS?U@Zbp`NdXhF^`hJJvFMTAqjkH3F- ziI+!urbl`)S9(g2v1wtTf3Rm!dZl-Yc4odsYG|=ZXn9Fcq?xz2gMuw|rqH%uu z#E;_Pk&(gWQ57NK`mXstX|5ICzJb9OkzoZ<232_lxt`@Ao}Q*zjuGM60l@}b&H;r! z`9WzB#om$m+7>3JB|Zj~jxLt|5zhL_>CR<|ZrS-2ndVjAIYxn#;~B;4qr8f%+#@VP zlcKy`v(mCNild4vQr&}c9ka?R{q)@mb3M$84J?dOLaQvef=s;3eM&>C%2U0KQ-jQ1 zeZ3>K^DHfs!@Uesaj52bAN?mg6gM;$@JhHR%xzW<`ge3I9LT hX`ZdEnY3NZ|J{`OxG$4=AHIL~KFa$p)0Ly%T>v~5*FyjR diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age index 954d1ddde8b1b76285c6896c863a73cdb961c5f4..18f4fc9e5a65bfc65a2f53e6ed5bb2715b1a51a5 100644 GIT binary patch delta 197 zcmaFK_>ysgPJOYtV~~qcWR6RUc|dAzQiYR$pru7dxPP&ir%8pcOM!2)TUbT8VW4Gp zD3^IunOnZLn|66gN_IhEx=)UWp+%lwc%GwqSZKLRrlYn`PI+);v3p^Z1(&X_u0l?R zr-fmDnq{eemPcAjQbj?efw^N)Xt`x@dSaqwXlkXIt6e~le|}JLvIQ5{4TaVhZkOye z{5^6QSRciFTj0&I>%^MyHBaA$T=;j_ysgPJLlsKweI6cD}obsZXI{Wx2LtVNz5`W}2B_Ntj1aVREiXm~%;Ks(XG& zHkY$!ai&>mN^Y=WXnMAGnrWVPgh{e?c~ORCQgEf2pR1FxQ@UGTpmVmVE0?aWu0mu+ zRYitTq;HyGd1+asS!J$~V@gs^fQMI*xqg9xhp&rwn4NZDxxT)ob|hE$`%;GWSMIzz z;r03LhD8UMCtVlY`Jn&6XFI8{V!S)}KKE^jJAKI0R90Q<+aH@VS;>Lrn^!LZ00PiV ADgXcg diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age index db044a1984dcc104cdb93894fa84e85265a8306e..4ea886d4c5b91171137307154ab2a078dc27309c 100644 GIT binary patch delta 725 zcmbQuHk)mNPJN1_nM+B8cZHd2k$!e^vXh~ATBS#1UPfY;o3FE}c2ID5u32P6kZ(v< zC|7t&M53`-ky%=me`ZX6a!?IhK)rWqw|1g}GJP7D0(_f$ovvp_%D{DOs+CMZwuzE}>299h2Cn`gk%7hqL8*BmPGQcTDM=B==0z5h;~B;4vy$?B-2L)P zf4ZwxuQJ&#H$?F=56_CeC`x`D;h; zM8BmM>l_wOa?}?6XS$M!&m+i_XXPHnobvNp@3wujyG3Q&YXnXCKKU zj#8F+J8;Y{MhbUJGobWx+3ktFuC#G=4(o?CSKZGp+4>P$=||8+e(b4 z`kw#Bcg0?8^ZXNP3ru$1$y^vI^V&QuXM%?JTp{s@P1+m^As_C%FARD8n)`@d{>tjc V&d1vCTMyb?sqAQ8T>P%(0sv+09`*nL delta 725 zcmbQuHk)mNPJKjRR;F{Av3qer~dS!Sd`xPePpdZn+UesXc5i%V!xdA?6jNUpg{SeZ|@evXSlAeXM4LUD11 zZfc5=si~o*LPV9Lb5x*0zJ6jsM3|v@N@;MVqi=1%(c|}pFv#Y*Ac&U?rT3%F6MMOkOnOQ|~a$A?8{6xgm~R1p)4v zp5@vmRhfPPE}q`yzOE@%J|$&E`Nqk)+BwMq70%ibX2D5mxfLdp;~B;43-Zj014=A% zgM)IMOB3@mQ#|zp!#ym@at)FqGLu{bO&zseQiCG1t18pEijBP^y?qKjih_cYO_B`! zoh?E=4V^PBEsTANi%f!j4MV)$QvD;f-CfJMbaizVGKzDGj4T5(jIvz=EPO4^)3r^5 zf`f94ybFypQbYYy{G$x((+ZL*lPk1Cxk{dL?>t;CRKMk1+a1Rl+<`G055z`Y*ep^P zyk>h{J&*0RGrg~lrOe1UYkn7%|HKc<>h^O@8D$-{|Ot4YxxbGpB?5}H#a!k zvQ@w8m5`_0o1{pExT6hs*Cd|2P<-QJ{qB9yB5$ufw&e6KJQXG@m2GTy)vR8diO+1q z_Zb{}-39YK7n|*6;c>nhQ@&+=+LJAQWp=Z&+-;s2^ltZGcJl1KpwpMvh}s8;>}c3< zeZvC3wru~W-&Q9@6*H?uuX@Ryzh~E`YsWVSMl)_Yq-P^-n>CNe?dSVhGtEw%ntI7x zAWMBmqoLfS)px!ZX{7spkL$9VcvFaFi3Z=P&U^kJrDr^Sv+4{BSKGyksEc8uhGOC` UqGQkTd$V`?1>C)H`>f~+0K>Z+5&!@I diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age index 4a96015182cb7bbeae870a2e48feb4747e8b672e..63e13b00d3c483305a21a63383323104d3f67cc7 100644 GIT binary patch delta 304 zcmcc2beU;_PJM26o<~GjxshpcS(R~4UPWbbrLRRsR#9?jvUa7XOLlIGV_vDJk#Syz z30HVUNk~vxp|_=PX{DJ#Zkn%aL56vfsi(JvhhbS(Sc+$Wo41#xf2LucCzr0Su7Y-0 zex9kHWlmV7lUZ(hSc+GAQE5n`L1Kt=afZ2@NoKB_S-pN~dRByCMK;%It_ar!x8014 zF8$wY`Oi5&ZC}+i`Ac=bjLueP8H@hX_l`XKM-M4p+BcE;<;^qZ zTb2d=N{^FfTWh<->F`IVnZ~O#r2LjV^+Pg|p_uZeAJo)kED+2EU!} zhXy?ku2)>OST3PNQ=tCbj1S);a_VpYC|EXGyzcQj4XNw?>NEen|K8=v=p9>q-g8pi I-6W?s0Ew}LGXMYp delta 304 zcmcc2beU;_PJN`QuSuYjuYsqtu~VRVp|*2&YG_1Mk&&~xWrT&JQ&3)VW>vDYS!6+& z0hf73WnPw3a6!JgrC*tWXI7v^X?SL!L6LD|E#y>o$m0vLZ1%(Dx2&ld+*2U#fej4e zZ3_O)>b~{Ms}j4km$i1n;(|xF)P1@kyHRO+gY%aSaht=I+=|_|xFGfKFWJfL-vd)h z7S7x?JGaN*NzO!bYK*^B(N;eGmhgF(gM?SvZ}2tMJQ@?(R^70Rahv7FDB*|8SIqb^ Hd%Xz&R?d8n diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age index 8c5e8e2..e3facf3 100644 --- a/newinfra/nix/secrets/minio_env_file.age +++ b/newinfra/nix/secrets/minio_env_file.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg Jtt9cLPGha9Qs5gEuKSwU3E1bNMhrjlHtnj/I3dKqW0 -0iDfPorED8lq0Rc5LVDNWID7l2F+AnmeEr7Yik/OC44 --> ssh-ed25519 XzACZQ Q9WpNGn/k35J0/LzGAlcf1ktN2/VG3nZdpfMbJXAnWw -bl2Pasbxmb6LNbWiZrEVBQ99gYYC5Md6kdvIt4VAf7k ---- +B0f8ilJGkB7Qj+BdzeKfW6HRl9yzMd+iT4sOAmJI5Y -\ȁ'ZtbJ7AL⛣&C+LMnhІ]R; ԆJHKO7B\(QmΒU>r4"XhIdcE6G_oN \ No newline at end of file +-> ssh-ed25519 qM6TYg EI4ZJijnotHTHevfFPYRvpl7ccKd1GX4v4TnIeg9OEk +12IpJojvydgvYEKeH5czeHqxMYiczVoVOkhDsXnLBI0 +-> ssh-ed25519 XzACZQ x9w42tznOiNImwa1SHDF8VgC2yMDUnmsuy2Abs8OAWE +BurhfH8j8eupgIB6+r/VRCbTB+wCtyHZqxFLedFIdBM +--- QIt5U0Kjpaw7cKhuUZoJMA3l+P0th172NK+LxWw/JZU +\zS3Òe0賡OԔק'}7 +uM'j̍V(׻A{[3QLH@>2q֏y7+ +&.T \ No newline at end of file diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age new file mode 100644 index 0000000..8414c47 --- /dev/null +++ b/newinfra/nix/secrets/registry_htpasswd.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 qM6TYg suD780CXmj5jE1zjQ8yFPBx/mJpc+qtrSnx21GNPREs +woldNF3/BqEJFZebSL+h8Trd4ULoCXEPGITJ+M6miY0 +--- /TVDLF4l3t96nTkcA6kPTggtto1f7FbTtMNXG+7u4HE +eMMkw=XE=@,3k*|'bhl\^{6o s?XмԔ= 1@ہwZTC´,"* \ No newline at end of file diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age new file mode 100644 index 0000000000000000000000000000000000000000..64047ebd2688eba0c003e69a959e960f25dfe9bb GIT binary patch literal 364 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^fe2KOjq!8smcpZ zj?gwS&-2I&amf#=h{{XPHZL$ME-fhV2=faKjC6F5s0a!52<1vMF!szWGE0thFLd%S zDKL$63r!C2^>8Xlt*UZM3{Q8-EeR}*%&W)`G2qhG)m2E2EVHQcuq-slHZ1q>w=_<5 zaq}#QO7->f38^YJGjyu*iU{-%@i$KN^yO;%!}HH-j@ehMhUQ)Ocbo51V{vFY+NGZ`-lbNF&UOy9HR>G6-kR#w}Kci-cfY`~Cq#LunbKqwny$F;tlwhukp z=Plu`Z_In{DzDp@e{AQe>xwo@mdsyKEXpK*s;zBHymxG)umFm07JT!JOBUy literal 0 HcmV?d00001 diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix index 3d82c2e..4cb10d2 100644 --- a/newinfra/nix/secrets/secrets.nix +++ b/newinfra/nix/secrets/secrets.nix @@ -12,6 +12,8 @@ in "minio_env_file.age".publicKeys = [ vps1 vps3 ]; "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; + "registry_htpasswd.age".publicKeys = [ vps1 ]; + "registry_s3_key_secret.age".publicKeys = [ vps1 ]; "wg_private_vps1.age".publicKeys = [ vps1 ]; "wg_private_vps3.age".publicKeys = [ vps3 ]; "wg_private_vps4.age".publicKeys = [ vps4 ]; diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age index 2137537..d4740ab 100644 --- a/newinfra/nix/secrets/wg_private_vps1.age +++ b/newinfra/nix/secrets/wg_private_vps1.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg xCaglRQkcl1+kGIVjPEn+NlnrBUvcWLSH7MMPLXK9kU -78t/Z81+NaXQMW30EQH8WMhed6Lm77+atPTkBQbDMd0 ---- AsnraeejCWHj1iRI/1btRXI6tqdnBW4S+twfx35eNEI -61KqH\vélWIX{K;#S&g^.KQ8a7V:e)9Ќ!O \ No newline at end of file +-> ssh-ed25519 qM6TYg O7IcxaeSOGfOmQJudTMomwnl/bsPhAUKCPeidwbThXs +e4Llj1rpB0QtY08AOQYSr9450fdLd7Io8MpXzCAma5c +--- DnobWf9zRcr2T9fV32wFhZDmHoXdrLGoEbiOMg+ixyE +ZeNKh, $! Ϲbz/:q^u1 qEF-F=7C%Іڥq \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age index 7a46f3d..532de45 100644 --- a/newinfra/nix/secrets/wg_private_vps3.age +++ b/newinfra/nix/secrets/wg_private_vps3.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 XzACZQ PAqPA1RpuXwjKCsn838qwsuRmuh8ES7BPiyCIFdhMmA -QIAC+dfBMSZwzHwcQpO1IyDPKwTvr/iG35PkrFOyzwE ---- zNejM9ypNWH1Bg1J1V4UCqMIyVP+gIV/mmgBaCfFCKk -y2yv0W}qYmhZ{B|t7,@6B_V80iaz9@j) \ No newline at end of file +-> ssh-ed25519 XzACZQ 8C7hL4eGkNUafD4z3KDlduzt1gLrEMZbHGD1ax8D9hQ +IR3sdzbh5ho0switjmknCu4VoPXrBl4uu8wGOjxqpaw +--- UCQLDGKp7Q8pB2MVuT/0/lff559GE/pSzpLj5WXHrvs +Y60uh ssh-ed25519 51bcvA mJYJJnaKusYBpSL5qAokXISlrXkBZ0QPKZVPkiyKSnk -IAsX5+UPxhap7ehB9za8Q9aEfeA0Ypd4Tw7XiU4f2eM ---- VBlmFpr+g83UfZ4rftOkNzKL/ZxSxAi7/tBl4TMaln4 -m侒AWcNW-F6ȆyT=~kg%U ;Dݲi&[j+_ - \ No newline at end of file +-> ssh-ed25519 51bcvA CjxIs41xJfD5FLvhNePVx4Z+oxLNGs18rIqA1oePZUA +vbbgC5XDSpheko+opZcGdGOLRTkpy9oOKUDqJB5mHrA +--- zIA/cJR2IvTe9PrxvsqYUtx3CVDMadur9Zab5yklQHk +9_n5~\C'q]+~jw&O4N vUo$ʐbEͅGkmk\ \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age index 156b44e..5529669 100644 --- a/newinfra/nix/secrets/wg_private_vps5.age +++ b/newinfra/nix/secrets/wg_private_vps5.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 vT7ExA mzVnSgeDMMYUVe1J50PKFxwcpW9/XrweIyrOP8YtEF0 -N5vIpmomADBhQ0OXXw5uDcPeAeomaL/uyeAqCGewVMA ---- QBH8lw1hB2qVKXbd6AfQ9M5JlyPRCgzcHrVNjyGDfiI -7YBÊ1^VKx`z}9 Waȧk W[ +"_o%rlR \ No newline at end of file +-> ssh-ed25519 vT7ExA hiEMWjjGY/Elfd8oc9gB7p1bcV0G4u+NpvcChl06Kko +TANojl91jyH5dIjj0e7FlyvWfblRWd1psLerI3AxKe4 +--- EZL4OcGAkc70DMOiFaiZab64IX+Cv952bGXgF/5XZNc +{KNn0ojMrTOq3Map&;D qAStrY@ m4rOm \ No newline at end of file diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age index 009e9f6f1f8272e54b680f4801fa741a52ddcff2..08e20fd941d24c7428a261bc1a42be4792a0965f 100644 GIT binary patch delta 236 zcmbQhG=XV?PJNz!ly*{5h`&>Ax^a$Qj(&lwW4UEYvSXH$LAq-}n08uerCEw;VP$GX zK3BM-i+^5}YkHnjNOFL=i+Nx`n6|cIc9fHLs<}Z#nRkktex6fFVwSnSCzr0Su7Yu4 zT5wQsSaMKlut{=2Vy?DPj&XWqhNZ8*fxCsPV}PZ3R%&jbi$PkrV?GzF9`o}*8~>HR zfAiJS|K5eAn|*8=tLoAhxSQ#UNBD<)Z(X&Rcd5!*uDA1MCkWpTcDS$GL_tBWS#U{NsWf>wIg?7PSsL)_gkj;oiLgom&Dc{MIdU+kV-1 o@~2P+#dduGt-Y5eF5T;$Y`S{g<^5Awn-|Bt{C~Q=I{Tv_0Q{m~cmMzZ diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age index 273d1e16d9502028b7b12ab526f64cef67412fc7..3180cabe366e8364fa881d77e29529e995da9bb1 100644 GIT binary patch delta 4000 zcmZ1`zf69DPJLB!igT)WT5(undWlg$afwHEqNAUAnOkN+wtl#YYfx3Vf2B`xVoGS3 z30GRBp-*zCab8+UnVWf-nT2swP=tkVSb&jXVn|`2r%P#Ng?_SeNNH$rHkYohu7a_C zNI+?3kgu_`yNgA!drGiJxQDh+a&ClMm|I$bv4@w7TfK8ZNw7t>lLgnd@b!%+7U;0P zmN9s{h~@CwN7rA7OjX#cEMDcZsO8goHbwn#vp?lE?DGH2p4qS5`{~mGp$~@3>(r`3 z&Si&f<2wELp6^G&nM-ekSe|BTr{Ow`?d;9%(z zGrJ|Z3OhMU^92;@XMVJpe2QsC$?=yVo+{f{_5a|JXV1U${QBI7H_oWAFI>-jQ0~wX z-J*j$<^G?i6xBVcHhZ*XMi%4cnPFSHo6f&he6Vw)>kFQL(elfumRp{j5yc|cdos2Uq{>(@myNZYgYKPt6t}5 ziu}5gjBjDnzupp#nqktHbMHa_stG|-`8(M@+x#h%Em}46f4cJKwR5&_xNGB6(|-MX=9y z`QS^bsV)M?_IU4QpLN%9&Cd_VPS$@t{%RvjFT;Z1;;qvyPu9+4D^jx~jk8#M5PmR{s*Sc=G4$x3bNeOYSYN_-MCp#S-B?Qz8PE9+MJW{C8@( zn1=Vs^_`2SuDe(M+~}aO<%t&g@76D~ln-C9_@dIZsN>2u;T^2`d!3Z#L|?58b-Xp< zNtqNQSAAS+q4d8lkArO@vMjfs*G9fP?!w2DbbQs-de^4>_DLdnFMprE!u?}bzd>J3 ztyS3jn`#$X;v(+^E^JtncP3wCgLLzq+$8n(Lz7DWD3|NMlm8^kF}YUVD)HNa;=LDt z^v?dvnyRMaR`l0)&z!p4o;$fewz{nl*3&#Br8YU>B*SB&yL;rS)K3{s-q>09MlxA> zf%fB5@9)oEQ_xV~;yI(KQAK5*zET|f<)ao;x`V%d^=(=rwl(av{WO1tA7$I0hRj>C zq)KwduI`epJV}W$JR9C^PI&cFNGZ%U>51s3(ADxeoPr*=zFAeiQQi6MaI{%&QBcd= zS=L?EUf;IVsa31|ZC3YAw9Qvdm#K!pj?$x_1Ce;gA&2BeuXXb13 zKc4;2wOcH zPKYhyG!9L(-ESd#B|O?}zPEsxaN>`JMTd1h=`-_xe1G@JuN#Y`MR^sjPCj=jYI*2- z^94CMQ67@~R^j{hX=j%REedno?zb*%!^92gGb(s|BR5^%z**Ii!ElpLZrxhpru_PL z(+Rt_&A&MF&z*Aa1;?jL{=C$v9&q!VRdcsQX0x7Tm?6(JAw!Y&Pz|9IudHLPr#MD- zwz;M7XOh3d-`({0 z-Q@>XTWaTqecW!a@Tk>2p9%cc-*3ciuiKP(xK*kwVm<4M_Qb9maV7uw1S1@8&N!Co zl#-c!&$~Tn^UcF$sdcKNE}i?I|6Xu+;%<52H>ix00de5T(GJ6{sax=-4F>w9HU|Md!&E)eXUx}>9xnDwsrGWr)e(#*%`RaOvCNS;*YPm z5)RLF)LCd3x#Yrz>C0wnym612>b3a0s=Ld&#>Y(;VoSO&*j3dh*?jWvRj->j(frrr z&s{st26G>(QGPfhBW>61y7UXBmJg3S4sTNP46V{X68lc`{^8<);+`Fjowm|}O$Rv` zC-BP{Gflq1?-#2T(32j2vFXziv5YFO=k1GFT8}D6Dm)L0`#wAR>Au;!9n(E#yBfzN zooUD&mU##SoyAfA>ksU7k2cD>zpd-&_$P%jQ%ENs~@Zn-#usN zBDqB1c^Ip7T*Mq0~!uvj*?R=J5X{9@9-nBV(6E7SIFs#s;ZSs-b zEvLm@y>O3p&dx{gHdrhIKa5$(}|EwO?wxW~>Z6o5O!8+S6L+Zo;OWk%GzjziC6 zXP3uITzx*XAcK!Lug8x~>f!_cZP#4G`a-LoTQG?RL~%})XwcP^_*5)2D_`+Sf!h3^ zuSI4qntHYH-h4xu9PxuZyr<{YwQ|3e|E_W~W~o5bITw@qClf0g;uuAqGrPRM*8bwp ztsRA}UcCAnpWR+r_ufNsMs{I`#0N*_8(R|Zo!8&K?pAZCW}!t>hQZk8y2En>RFRR91Y0{f z{Rv+=qkT?_awksrJGgqLfAz$a<$KKQRy>=s{ny*uk{Kq`+a4^<=R7IW`-OY!4C_6u zud^AmZk*xU5p0^-*u;B0f1e_^yhTj?ivI4}|Ico2NE7To&|Nv_@mC-{zL%+rDml zxxIeJad{?J)?K+%zE|fykh;gaRYpqHlYbh^71JD9?aex0i(AfIFP@uQp&0%tf5z=L z$v&5r#`l!vn(UTEL})%2zaQ)`^qxcF>;z^FzT>*me`>pUq_*m9Typ#W0Rv+NzQB@7 zg^Dym?B zd=g??%Jl85@4L;n%=zKC-}l;^8<|+6Zm)j zG(J4*KC_W&=UJaiq0(D=(_SibGE9xm5q|H^@H0%R%4B}Y67G#|pO43_nzl0`_i&QV z`|LTPk_*#iS*q)Qt`v{sXYs2(-@T{M-|mf0>hq#6!e{Ltyk&dd@u@UBX`5Wb{L{Br zdAa$&X5W`!`PKi(@7LQON*FLRR;gH=xNZBb!R+G!UAL3#Zic)4Tp|2H^8=sN?;4+L zi~XwkT1?JezB)C*L_p|EStLiWr0lN5r&s};y=&x>C}8RT3EUB*y8#GfwlE# zwkh9#^SEi#E_>eihhM)gG5q_|`CQF*1D?J@qpre?hJ9TRN@gcmM9=40f3GujChKRf zdP9~qY*tKS)*<3=1lmltHBRtdzBRAae_?&YVgByYqPcP!k2jScYI+oXx!LJ~?Cnc@ zXP3?R(aw2UM4rcDt;`g=(4-r6Ch2O4+oP><X+vEM1?sy=~K*j!VCSd8WkgGdV97 zd^Aqyj&#pv%P!lE3a1aI?Y?ZfMfT}I$#aZ5h40sk7_XI_ZuK%+i(OAS zWc|X63m;9o99z%Epu4@G0jn0rWV|#q=yd75Qz@7~+{A2_I)OLTXim$CE`v5VR0tXaRhwf@D9`>Kx$9T!Ob ztPV0%}b6168r{de?ae8fW!t>!$Lf4@sca_64lBH^Tlo>>{&|H!9=Z9CsT zr7K53!{ka=Yin`l4j;YwvzTVf6UzR!Kw=nOjh2!ymaqU$qb2h;{c5Zes<B;L#K-nbyt%BpAKWd9rh>r9?K delta 4000 zcmZ1`zf69DPJNkskWYb`g?6@opns~rrC(Keq+6(8pi7cdp=EMbQkI2NdTx?wMv0$c zHdmNqVN_slj=p(Vv2%K;S*WY2bCP$dXG&Uub5fe2TV%0?uZf9%kb6+30hg|>u7W|4 zn@Lu3g_(YUOQlIfaF|Phvw>@+U${ktNmhAIcA7`JS-qp7UtVyqTRzu$?G<80&1x5C z@U-{4emgQPwPLXnv&k%@+hsG(+s}Az9V2L5tn8Vl>+5P_+%ma7y~_AX;ljP^g#;~2 zK7aYKE`VX#J_Y7uJZyUGw_Id3j-7Ee5uDdKK~Q0;#ijR(57#BeIoB0R#xSV~`sJ(Y zZ2x#h=!@3jt1|U0eqP0TA68zUxuxWs@_NG;oeP@N>b5AoZ|O3xs8X6cyF2jG)8%XX zk7X}x$k~7J^&(cCJ1?*Lo%MR5C9gR5aevZ;*y;msZ)Z(3kM3gmvu@`5E8icoet73% ze&B#?t&8-l;^)c6;!eDC4+a)DuiLcL;~oDFxhZmTE3fQ39n7}MF0=m1*Ya0sem1A9 zw%*8FGi^oCT-i^tHI8#XPjtGRZQB2Bp(|hB4~D9!MfWFn9Zm56S2v&S_We7RuObE2 zMcr3*)(Bfo*s=J4Ud+S07kKtH&qGyn|_4g!sx@^vbt!(|I($5{7IzijPfxqo8kwTdlA1&-!xbF=y^V`@9nTD^p8!mOW{4=k2p zK60LGf3aS`b1Ch$_m@pwP?#^LhPuo_=e;v48r5hOK7vl`b!3{r>RGfqy?{ z@+j%nnmv7-uyRpB>U@D!lXh7DVdYxO)9}=86aPuemc!{y|Nq@|E>22ud?Pu z97@U`C7u&%wa-0&ic_xNZtwJUxxBo=9ZfrT>A5}I#GjybyZ%XpaK{~+Gwe^k%$TFG zTJ4KYXF~U8{y+AYW?tY3*Jf}Nw2D686mY?P|1#cv%4bY`H#~|u_@F-ES-gce&%W+o zCe;EL>I0%G=l$jh-d1PVvA$R0&wjtXTjHNL2mim_D3SBIW!99Z7D|PecKv&|?t@|E z$K(VDk&c4qm4CmAd8?+)Hha5&a`(nHimVS`YJa=?&8J)O>K};>DIJNyRp~d(C*M0g zPcUM|hX1Sdd*+tEsERFB3S2tpd;PVP<5vo&o%h`9nV6Bu^)BuCt*1sTFVE+x9Vk40 zWhuO46NRJHT-kEAKwu1_kJPP}cgyXu&Go&2_GO7m}Id{BJ8JYhvfp;v-&n2Sway5A`i;&&%pNV;EbH|29g~1gW53lF;2^xJ6 zm{Sq-m_`4_ao&d6rqLb~ZdkwF=Dfe6)UiyiyrKT=E#A_#d0+R=D-i37)@S{;tW!(# z*8#4ASqD12=Q+M_D%mM7;&rC2%dLIm0;4y!T``NkJjkA<)3r>JF@N{T9}$~9ofjeVtQmwCgkKvV@ZZQrk=G45y`rI9!?TzpM7rCyO&T1AcLe%Lo5=-nQo3R^hV;)U6)YTQZ4P?09=R&g;## zil>afvNu07?%S8Mf5)o1=Wc$QVJy)kdH(UqShfq^cBkI1_*=u(9ke{{c@ysqLo1Wx zY3mvDS6XIvDJ#lNeP{ajl1!NOLHRW~HQQfAad#{^yl|HVbL%d9i%pJ=A=N>p3xD1= z{?wxyAou%Ey4#B&{+Jb)?XK0&u+@9>*5{>t?y}m$*@BfS`_^~O?&6$LD)lR|mCXK%XoS8x4r z=U2_;o1|-HE5!3wy4yHbs;mE`#o;>^(%Db5Lnf8w6`2ZFncYn1s9F8sX3AWdtM$A0 zobT`n)s1j5?M^n6QR#I)C-bX${>;8VrOMOxzAxfm=-#l9V}G*B-zIw|&ILW{{IyX_ zzUD=B_TIe^$bX6})z^4R>hnZjp9jtpb-lZvIlSyHdzH2Qg~87){U<9VvuU_u4s(c@#l+nP)u9x5vC46(Yil%?! zx2&E+JH#thSw0-mbk%QTx;XK-aY}0U)5B&_?H60(SuQ&+nZ0lO(*CWte0O|w`z7LG zz3T0j`!TKW_nvC1dMW5#5ooNoXUh@mWs?jf?G$%qZN1fy9e>`?uKoP&yVhNqA!VIM zZr}FQKVL8X_sktV#Y@His&(JFZdj;QVsLEQ^f~(u?`)pX(-wX+aZADdbNl`sPg!&9 zO0Mx?VUy#}{;u6wckmzE{hw?l&pe%)-U;nntCjvK>T*r_qxS{3g)4&GSo05GUu{2Y zO~UHk(i0c5A7E2mb?<$olU1FE+uJ=EvVl=-6zU_|Aqi|4BU?>#qX&iawbd<od|NZAUWY zrx?w(eZO@|rQo~2PjXY+xyt@rX>iki&9ySzSG4^dN6~Xz_m}%S4m@dJm~%*Y^USk~ zg+JE2yk8b`M9E$0;M%vlbnEvl>n-WG`{xAl~BrVng#HJ^kkb>b;-Ljil1FHNFM-{J*>8{FPh2^>Pn5 zI4^m0EMI?}_rK|vUq4t?u%4TDD_FNB|Oad%Hh%+dAZjn9?AQ(^}Ql~-)pl8 z_u1TT$t^JTgny&N!N~OPz+YjL8-JTmR(ia0*PKr_Vrgv-j9lx@B@bnX2ycDbrrAE{ z`HtJRx8!f+Mm;Z@(j&3RR=&7-YkF5mXk`7-k8Cq-MfWX{dv{7?hswg||0=()KlFG? z?9-Opm-OFVUf^``&ISifxkKS45qTzSbQy#ftzW#vzvYmbnuqNmy1hIelHTJNe|0N7x((*D6rCHvC^ti z^)%yD|K%nH7Csx=TPx$!tEVig`!aj?u`-48*Ul}SYw|eQGD3FI!7w>H&fkAN?Jzi~ zc|WS~-O)0g#`S@mYag>sbJP@@?cAvSDm*fwyGS6Zu_JMZ)xYNl{qFUK79=<(EeI?>=un_ydF!vJ+2X0* z2Bp!m63>zr9lrN&#r)z`XY!Se1GJf5>{$CM&(!7p243EktP9LFJcWust8HcH@>|l> zv)jNxZOvWHzHO=;LAL(&uP<`2@5}C9&B_e4Q`tITL;N3_0NM-SN^1}6hZgF|=bWT&Yd%2PA?7^AkuBt1%Pt}JWeUS71QuJzF{e2p>$yuKF|K8r}Cis+PBh0~wkZBX`{J%h6+%fd7)ULsoZL}X%XrjX%eJ-fuI(A)mgH|Y&y%pQdp2d(&5Lbk zd8^su`(`N}KfSIYe}&y-rL~%;4or|yu8Ne9zv?jWE-!n$V;4)KY+du|vZIyHo>iXq z-?85DcXOrF%#ZVT)<1uJ#_`V{{@$m{++{B{m3Agr2x_1BKfxe;>VvwaH;+_nc}&*I z7Pg+^Aa*Y(W~yoO?B|wWUgRFPU2Xci{eHeO7xS*2{5Myb%q-=5FT6BmRbuDsw7}oD z&c2*orY58Da#Hf~^G-4SH~xMQSIb$ujdioy##K2V4qTdV7r3h^JNIU4{p&CBo6`*L zSnKcEaExPCu=*{ZbKmadJ$!Zg;1j*Mg3}L{{r}j|IBDZl*66im{ad~rD&EFoai_7q zTGjN{g;nlX-|Ka~3+>;?e_)SRy6S6X_Cz=2N D$(pkm diff --git a/newinfra/secrets-git-crypt/registry_htpasswd b/newinfra/secrets-git-crypt/registry_htpasswd new file mode 100644 index 0000000000000000000000000000000000000000..26970ab38db05db0c09d36ff4bfc40de3179c858 GIT binary patch literal 88 zcmZQ@_Y83kiVO&0IGTRshM!w?VoKhfqgPMeWAXe{%O1iqHA7$>_lnPDX|+PTWWSiD vt#G=yEM6@_$l!*5itmc(Ki$)pu3q;^^c>SowdK)o%Q}iyNnU809Lf#=!Xqf1 literal 0 HcmV?d00001 diff --git a/newinfra/secrets-git-crypt/registry_s3_key_secret b/newinfra/secrets-git-crypt/registry_s3_key_secret new file mode 100644 index 0000000000000000000000000000000000000000..70c9bcb30f113891e6a77f2edc6f93bc86d6605e GIT binary patch literal 174 zcmZQ@_Y83kiVO&0=wCPWzR6jO@9mSts%{!?+9DPieBGqbuJzBJClB8-T;HO4T56%d z&h_pM&(X7#?D_b~!*pLw@jWx$?ABeh`JCChTDh$2ZG^%Wj?%Xt6XqmG i9e-LFJ~+-%uDLqchlS9LoA2)>K6bUN>|wc literal 0 HcmV?d00001 diff --git a/vps2/Caddyfile b/vps2/Caddyfile index 2246e1e..a2e9f34 100644 --- a/vps2/Caddyfile +++ b/vps2/Caddyfile @@ -33,10 +33,7 @@ vps2.nilstrieb.dev { file_server } -docker.nilstrieb.dev { - reverse_proxy * localhost:5000 -} -docker.noratrieb.dev { +old-docker.noratrieb.dev { reverse_proxy * localhost:5000 }