dynamic dns updates

2026-01-14 16:55:00 +01:00 · 2025-08-13 20:36:27 +02:00 · 2025-08-13 20:36:27 +02:00 · 3c1ec0f287
commit 3c1ec0f287
parent 56cf4e9212
35 changed files with 109 additions and 67 deletions
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@ -4,6 +4,7 @@ let
  caddy = pkgs.caddy.withPlugins {
    plugins = [
      "github.com/noratrieb-mirrors/certmagic-s3@v1.1.3"
      "github.com/caddy-dns/rfc2136@v1.0.0"
    ];
    hash = "sha256-HdCXbqrrGPZSdHv7bZvGz9T6loVbrfKydTbjTyt5Wt0=";
  };
@ -47,6 +48,17 @@ in
        insecure true
      }
      acme_dns rfc2136 {
        key_name "test"
        key_alg "hmac-sha256"
        key ""
        server "dns1.local:53"
      }
      tls {
        dns_challenge_override_domain "nilstrieb.dev"
      }
      servers {
        metrics
      }
--- a/nix/modules/dns/default.nix
+++ b/nix/modules/dns/default.nix
@ -1,6 +1,12 @@
-{ pkgs, lib, networkingConfig, ... }:
+{ pkgs, lib, networkingConfig, config, ... }:
 let metricsPort = 9433; in
 {
  age.secrets.knot_dns_rfc2136_key_config = {
    file =
      ../../secrets/knot_dns_rfc2136_key_config.age;
    owner = "knot";
  };
  # get the package for the debugging tools
  environment.systemPackages = with pkgs; [ knot-dns ];
@ -21,6 +27,7 @@ let metricsPort = 9433; in
  services.knot = {
    enable = true;
    keyFiles = [ config.age.secrets.knot_dns_rfc2136_key_config.path ];
    settingsFile = pkgs.writeTextFile {
      name = "knot.conf";
      text = ''
@ -28,6 +35,18 @@ let metricsPort = 9433; in
            listen: 0.0.0.0@53
            listen: ::@53
        key:
          - id: rfc2136-update
            algorithm: hmac-sha256
            secret: QRpeYCJLokRWyzT/tWrxaly5Seb5yTkE6/Ub66edWds=
        acl:
          - id: update_acl
            address: 10.0.0.0/24
            key: rfc2136-update
            action: update
            update-type: [TXT]
        zone:
          - domain: noratrieb.dev
            storage: /var/lib/knot/zones/
@ -35,6 +54,7 @@ let metricsPort = 9433; in
          - domain: nilstrieb.dev
            storage: /var/lib/knot/zones/
            file: ${import ./nilstrieb.dev.nix { inherit pkgs lib networkingConfig; }}
            acl: update_acl
        log:
          - target: syslog
            any: info
--- a/nix/modules/dns/noratrieb.dev.nix
+++ b/nix/modules/dns/noratrieb.dev.nix
@ -51,6 +51,9 @@ let
        ns1 = dns1;
        ns2 = dns2;
        # --- ACME setup for caddy
        _acme-challenge.CNAME = [ (cname "_acme-challenge.nilstrieb.dev.") ];
        # --- website stuff
        blog = vps1;
        www = vps1;
--- a/nix/secrets/backup_s3_secret.age
+++ b/nix/secrets/backup_s3_secret.age
--- a/nix/secrets/caddy_s3_key_secret.age
+++ b/nix/secrets/caddy_s3_key_secret.age
--- a/nix/secrets/docker_registry_password.age
+++ b/nix/secrets/docker_registry_password.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg kxQujT+O6ZGlzTONdS/18DUVoxNapwtxitQo8GKr2hc
+-> ssh-ed25519 qM6TYg py66rUtQIWm6K163vaJaoAseekNA70yQKMDH1FkWYVc
-b7KjCjuvhmWcqNB6BvNruL17Ww6yWkVKjjm/MGd+jlE
+rP7T1akj7LmzIcJeoK+mq+GfOjWpnWFnSpUhIA9Vihc
--- q3EzroLr8b0T2gKQ4xUR67YOLSwFP1V8UxAnKY0PP24
+--- UjRtQl6/Gz3QPiLhSyksrsRvFoCjiCKi4D0HdBb1dJY
-ﾟl貊0嬌1ｽCXq<58>謎{T姻tg傅ﾘﾟｭﾍ<EFBDAD>ﾛ捕詑<E68D95>ｦ<EFBFBD>s5<13>hxk-
+¦àq™ƒ(¯mÑzÁºÚhžØÒàk½šÔHÚ9:¾ãM>c–=”Î¬Ö¦äÀMŠ”â³L1
--- a/nix/secrets/forgejo_s3_key_secret.age
+++ b/nix/secrets/forgejo_s3_key_secret.age
@ -1,5 +1,6 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg yxVVZ7LOgN9NiKsl1+dN7Rp6Rsf0zlqb25Y6w43styk
+-> ssh-ed25519 qM6TYg DlJpvGP2I1iGodnEufzr0qCAmmU6XiKbnNCRJmjPsHs
-gQ5g7TL8+lyGp0SxdcoRg0nTpu1w6WbZZK0ERyqRpkc
+upNAkX1DPfs7AJi+/hUKKcehn7tTcR0knW8W+kP1u/k
--- 5uKpMbkW4zZ035mNXCuty+64IZ360gly/ezxnwtRX/0
+--- ZEI6vM0+n33fVLPssJyEWYW/xNgoa0/2BIZeG3NzBrk
-šË<EFBFBD>ô±ëSĎ¸>q!ŁźěOß·żźŤ”ÉT››CU˙ż¸ŁŇşž<C59F>Ď[ń*ó…¬ź«’\wźÝ‹tcÇ×Őíg?
|B±ŘĹë;’»"*îd<C3AE>Wţ<57>ţÔvŔ/vĚnqe
+¯¾-r `
 ÈgR/n´|òS“\h}•LR£áèE‡Ú@ø„¦ðš‡‚˜OüåjF"VŠ¶¨ëív-ƒqË“<C38B>ðxjf´Ì
ŒÂf=×ÁaI¤‚8–òÖÑ¦ãlÃàž	C
--- a/nix/secrets/garage_secrets.age
+++ b/nix/secrets/garage_secrets.age
--- a/nix/secrets/generic_backup_password.age
+++ b/nix/secrets/generic_backup_password.age
@ -1,14 +1,13 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg IBVFRlOVLHcuS6xa7UVGA1z9NTBtNwGbt94c/yTB8wE
+-> ssh-ed25519 qM6TYg SrZQBYLsUcrDu6ds1fJAyjM+mHPpAW04U6yRqA/TjH8
-T+VtsTngND9kAd6DAtksXN4xYs+E8JZSxDeOm+G23tc
+LZUTPquz+YNmlRWrXwY2fvXsVwOEM/uhzWcaf7WsY5o
-> ssh-ed25519 91VHug nUkRwHgpn2i56NNY0VAuG+r3CX1rjt1M0ZVKj+ijwGo
+-> ssh-ed25519 91VHug sVXnaD5sruvFKnPwldWzlH8KUIeZ/toWqYe/F2tfBX0
-ea8Ry6JIJlPOObY+v2Q5MkdcZqCeDLAOxC583WY38Hg
+CapfF55c1MvBDcDywNpnS4blYwD0HrPyrcncMRbl5lo
-> ssh-ed25519 XzACZQ 7f+8YcecMvwnOgwxjRMUUUm9Sp4cyKpIZWWMDrrCtzg
+-> ssh-ed25519 XzACZQ WqU7ebK4SnCyxP4zxIdmMDAaH7mk2HpgvUwbFWhoNWs
-Bqhd2kpuTg3Xchme5wHfg4zkuikeM4H9GdOZVUv+HZk
+wm0ZtnIQCKZW+WJIDtAIdOQkvp5LLyvTQ2vNFC7C26U
-> ssh-ed25519 51bcvA DUk4CsGXhdj4uIqzYpoGmtHs5dnjIBUb0c9zj1DEum4
+-> ssh-ed25519 51bcvA xtMa2mIZ7GHOFJEcpZjr13vOovJsyo9fMWAnm66pxEg
-hGe3j5Ycn/WVV5wgg+vZuh2KhnamHACkHrDWcVgkSjo
+DqNSop7GSDMvsDzu9NK5ubf2xWMLX1fFLSiZUA42RUU
-> ssh-ed25519 vT7ExA Zf67OkbMvOpgABZDuXw3U94KqX32VG8nnjo3Xmkbih0
+-> ssh-ed25519 vT7ExA 24tU87648MvZgbvt9PNWBUQsQBDyeBd2QV0jiKGMwWs
-5K5fnBxkQDaYwuMPhyNU5ZrZLjkgknG7dzMzyuANMuU
+mSuA/G6ZjRYhG3TMGt8SQ8aqK8s9s81YBslBwQLr4Fg
--- Jon4j4/xeZqS/6KsWszsVOoVOgJgsPEKxmtC7PcocCA
+--- sr5nQObjSdkQ+eILGm+p/nnD1XxrcCXwVY70INFlZMU
-Úì†³—µ’~Š…
+ÚÊ›.ê)¶½uT}nw?”ñ‡]4^žjk„ž…*y"©#Oû÷N*6}ÿÏyIÙ†<01>.7ÄT˜¥ïSéº- ©R©
 ¢íNŒ+jKþß¬Ÿ/á]Ó !ä‚¶Œ¢.7\«–„k~<÷ñfÃCÖT.ªOŸêÅ¥*aÁ
•Û
--- a/nix/secrets/grafana_admin_password.age
+++ b/nix/secrets/grafana_admin_password.age
@ -1,6 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 XzACZQ OeTS5wU4ac+Qh7s1PXbdFH3LDlRW1LV+qFtoVGI47XQ
+-> ssh-ed25519 XzACZQ 8I9FjYxsWRwFE9W5eUEA3CdAG1etcJsYrT/QIFTkf18
-JsixYPLzpnF45ODQH7nuVowXzwbNQi8lWx1Bp2YFVWc
+bmwA4zP6sG54vh1l8tAW7i7g5L6y7bB6jj43YaGIC9U
--- MEG4bfGwoFRm9HizYdqtK7KApYhYH+QjAIEp7CpLznA
+--- c3xQGTTlsALUeTz+FbECQMUPmp4/PHTaosgDRzOIrk0
-CŒ¢µÍ/wC
+9Â‡,<1C>ö$ĂJE%Ůł2×`¬ÄźśřK:aĽţ]ßŢ,ĚTM>µŠ°Ň›xŽô-yn€ˇ§ö|®Ý/‚źŠ+ňµęO˛˘×Z‚¨QűWŹĹqh^÷]Ž^Ě€˝$?
 F‘<EFBFBD>zÙ?ŸMÀõókÙr‰ Žx£N¸©'NTzùà¼WŽÈb¹åº{›ÞóÕéAj3X6m¹Ý²²J@í¼OI—{u<15>ßý”Ï?¹ A,CÃdûý^
--- a/nix/secrets/hugochat_db_password.age
+++ b/nix/secrets/hugochat_db_password.age
--- a/nix/secrets/killua_env.age
+++ b/nix/secrets/killua_env.age
--- a/nix/secrets/knot_dns_rfc2136_key_config.age
+++ b/nix/secrets/knot_dns_rfc2136_key_config.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 LZU5Eg rwUOiYywkv8pql/vl0b4K10Ic2oTijgDY3j2Y4e5elY
 8HAY4fQqjST5LqwZQIw83Z3cLZqnziq/czDpkJ/ncaM
 -> ssh-ed25519 5bWSnQ E6u+2wa3+f3iRxFCSa8evey5D703lNTGrsMT5hJhSGo
 RRuKjTOOunRLD2re/Vy87maIkNLiFa0p0AugeYbGpEk
 --- +5iOAG1dYXmUdxXY0dN8bhFpylZhVn90M0/OSbNTSL0
 (¿‚"`4*€¦7gY¼šØ<C5A1>¤±ÞNš9§TˆpžÆZµ•Ë,<2C>¡ç<²ÞzæeŠtÇ³ëª²œÄÐÂó;ãÓA‰õB¬
’.[<5B>õ¤ú*N¶	
 Œ<EFBFBD>š¼éZö`jM¼Íÿò+=ÕÝBq=³ ÅEŽ¥Q{þ™Ûƒ’S~
 ßÊF	©a€<61>¨IhD:¯pA{
 îµ
--- a/nix/secrets/knot_dns_rfc2136_key_envvar.age
+++ b/nix/secrets/knot_dns_rfc2136_key_envvar.age
--- a/nix/secrets/loki_env.age
+++ b/nix/secrets/loki_env.age
--- a/nix/secrets/minio_env_file.age
+++ b/nix/secrets/minio_env_file.age
@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg k3jtd2qoiQCsKZYJliH9ySFuO7CVQQ5Sv2ikFYcaD2c
+-> ssh-ed25519 qM6TYg t4OIcjhlaEBxFFK/VibGcE0D5zb4LrMv0zS1vxMKxHA
-TSIg6y4C2WaLQJUyNT3HQOj09VmKSkQxlsVlaDc+1tY
+/OIYeC0s9Jd5R6MaLQPHlgscrSkNwpdK1doADIZwmHE
-> ssh-ed25519 XzACZQ NZhP9TD5nYxBMgO1O3vDOITeh7qxq4vhjG7AppQmRlM
+-> ssh-ed25519 XzACZQ 7ieKRLiY3EzGlRcAzxnhzDQkUMmpNutUViBeMrSkWkM
-I1JiT8ISWLVUgoCphHSbhYvfssfP55NuBI2jclG3DVQ
+qxeyBVm6aHDH7oQXDShuEqUGY9W8bp2vHfWvJEssfLg
--- 6UR3wbSTB/f0s8hP/YHaY9HFDpnLAts0yksKCv7p9BA
+--- RuCRpuvvN5pIBe4zMaF0X0J5oW2z9ytkSfwKdkQlqo4
-¤<EFBFBD>iÓÆg50ß2LQÑî°káL†
+t9Í†“¤ľ™żáî/ˇý‹”/d3Žĺů˝ÚńfůÁŁY.hÝdg"°Á,<ÉZc„1ú“EŃĽš•(ČÖ}ô›ĂâĎĄÄEÖ ®}tMŇü`H¸]w¸ŃWÁ?ú~(T]~'
 »vÃ›B×$5ÑËµm²¾#„{_8Õê‹ÏÞj&+<2B><>Ñ;Zûç-'ÂƒÐWHSòÑ‹aÄæ·f?óÎ56[t8¿¥&Zë¸_/î3BÀ”Ó_4½n
--- a/nix/secrets/openolat_db_password.age
+++ b/nix/secrets/openolat_db_password.age
--- a/nix/secrets/pyroscope_s3_secret.age
+++ b/nix/secrets/pyroscope_s3_secret.age
--- a/nix/secrets/registry_htpasswd.age
+++ b/nix/secrets/registry_htpasswd.age
--- a/nix/secrets/registry_s3_key_secret.age
+++ b/nix/secrets/registry_s3_key_secret.age
--- a/nix/secrets/restic_backup.age
+++ b/nix/secrets/restic_backup.age
--- a/nix/secrets/s3_mc_admin_client.age
+++ b/nix/secrets/s3_mc_admin_client.age
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@ -28,6 +28,8 @@ in
  "pyroscope_s3_secret.age".publicKeys = [ vps3 ];
  "restic_backup.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
  "generic_backup_password.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
  "knot_dns_rfc2136_key_config.age".publicKeys = [ dns1 dns2 ];
  "knot_dns_rfc2136_key_envvar.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
  "wg_private_dns1.age".publicKeys = [ dns1 ];
  "wg_private_dns2.age".publicKeys = [ dns2 ];
  "wg_private_vps1.age".publicKeys = [ vps1 ];
--- a/nix/secrets/upload_files_s3_secret.age
+++ b/nix/secrets/upload_files_s3_secret.age
--- a/nix/secrets/wg_private_dns1.age
+++ b/nix/secrets/wg_private_dns1.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 LZU5Eg o+MPatbYPM3sZq0MCqvvxlvKMQwlbajHURPQ+0g0qm8
+-> ssh-ed25519 LZU5Eg 2I80UG4n18vxvqUJXwKeAPqelD83nX/n8XHi/XVq208
-UUurAYkPWXCaow746EV4dAQ+qTJnHIehcorUmanBc+o
+mDoUzJu9KfUFyzJPoLPU+xhSbGesECEQZSSrc38HA54
--- BV+bxd0OIc3J4uT39al2odyn8ScDpq58SiwnW5pvRj4
+--- J9+vPA8z+/8jcO/V9iVZ3tWJF4TUe+nD6fmjH6f5dmc
-òçT7W
 í|õfJÞÜ%"cõôäqÁ{TãP~f<>v,;Ñ:å…<C3A5>¾êŒ-ÓÏšÛ4þ€a† æ-¯uÌ\Lƒ_-¼VHâøûš³½%
+ŠsÄt´÷	v¶@<(xÃÞ÷Eh»µ]8eÔý-$<24>K00”T!Å“ÀŽŸÄ<¬"5SCÔ#ÆFÐÃZ³¼¾é©wabèû
--- a/nix/secrets/wg_private_dns2.age
+++ b/nix/secrets/wg_private_dns2.age
--- a/nix/secrets/wg_private_vps1.age
+++ b/nix/secrets/wg_private_vps1.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg yrPEC7nKTt4PKp+tbxOQhhSHkd3Y5U112Tr1Vj8NUjc
+-> ssh-ed25519 qM6TYg VKztNtIZQAJuwFI/DeAmW4RyaoGxMGpYmBPJRJYLzww
-ke3GsnxeaGLvKNknBY8SQZj6zOh2c+CiCf3sZXyapn8
+0zo3XFJ/tE5O+AFMhhJUP1iCpIgC/d1qr8qpJ1viPj0
--- 0VBTTW//qOcMYVLZ2jFekgouWeZx4h5JPW1H8Sa4bIs
+--- Wq8DPbQIPnB46bI0allcQdlFZIOGK8Bp1sAywezGVe8
-Ű˙	÷&4'_Xr#X<>ó^drľŻ	TY%u!.v)eY‹ŐŢ•ŃGŢż(AP·ˇcÜÍôwOśf"ŹĹŢő¤yÍmŕqŔ1Çe<C387>UŞ‹
+“`¤Ì8vM d<>(hy, V+=ÔQ×ÏXðå¸#A‚q½¸—>	ÙZ˜6®ƒ[AQŠé[éëf&°Øz¨eu*v>d½·ÓÂzÄ 
--- a/nix/secrets/wg_private_vps2.age
+++ b/nix/secrets/wg_private_vps2.age
@ -1,8 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 91VHug cjq3el2rlJCWS3VwM5Dt22Ot/PoCdU5wJWTMosYQ6VE
+-> ssh-ed25519 91VHug YHHrtch+bKHxenRqMPSvqqby7odUGontauTfAfTAhlw
-w/IyVNNAObRJxpV162CojPRE8yYbXJj1kaCBoPo3rNk
+VDY1jPyeClwpg7Tq604rU+Po+nue7cBRqhIEdc8iiAk
--- EDM/kgV9ewXhMvrQfHDtPLl7W46VCbZL5ciBO/B+Iu8
+--- mUabX/gruf9Erp4OeRmCEwd7KR2aTApviipXyCL1P+g
-cL>¡‡È&ð°Â²=°^³$Úüm TüãÃ4õ&
+“š¨	ˇťŚ‹É¤R<C2A4>-ĎGuÔÄű™:7€+"SŇ5ěÔSSÇ3\ÁRpMď?s0±Ś<C2B1>$ć’@ţ°±ń…řűÎČô€Ň$§…) ýí
 Æ§ÀÀI–¢Ç)
 c
 ¶LQiŠµá6ÓRÞÐòS•Üøÿ+T@ó0=ÉÉðö
--- a/nix/secrets/wg_private_vps3.age
+++ b/nix/secrets/wg_private_vps3.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 XzACZQ lm64+fQEWa9hF98cV/x1U3Mz+6zuM23dAV3XkwE7iz4
+-> ssh-ed25519 XzACZQ YPlkpgsyOotrVR/rKOrNqPSBcLYF2U+aZWtPzB8RsEs
-7Rgqd13DThp/JLryCe5xTdXwDujaTj4viR2CBTdXYLs
+zJkNWK8QjKC/DfvjrU8Js1p1ajm1fnrdcNr5g4+rTS4
--- pwebssA2O2VjzPFRAQ0/65+qiiF/MijCIIXexwH5mgk
+--- 7xKrN9yAcMbmvdQwchhkaT8CZTGguUTDPZ2LKxSxppY
-\ ‹fóËæÅv×Ì¤ä[§ýÚŸÆIŒ´†[—5á÷*×·90²'ý4Âôî+áV<C3A1>;L›‹~jÌÂà¦
‹úœ†;ÝÒSÁª2y·b
+¡éñq›C”µk˜P»eŠëè@}p¡2qÏU¨n!Â•WÁï<C381>¹íßáØ‚käöžZè¥Ÿ3Ò÷ÞžÐµù.ê€<ÊðãQr<51>î&˜à…0¨Á
--- a/nix/secrets/wg_private_vps4.age
+++ b/nix/secrets/wg_private_vps4.age
@ -1,7 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 51bcvA mVJPirZJQxHgpX6CkMckYTpJk6HYN7CZYlUPPF1mYDM
+-> ssh-ed25519 51bcvA kyLCrT3jFu1BszuLMnyP0ej1kL5OvnAu/R6vR+PtYWU
-XVZqovyalftEtV//FQM11Za+YAEMAuBTypcPQz1+G3E
+n70Krz1NA1BHhMrJQprm+LBBhY8AeQwI1PvHbF628OE
--- 7QAtADWyWr8SY3jLLzKxPsedOLyasfLs4lK3nmhkOi0
+--- VbdM9HH1CM+4f6z/5oSId9DW6Gi1+q3IuCE6qPKg1mM
-]J„éÄÑäXt‘E¬šŽæ)<29>þ–ÿhS<01>ö¾º»ÈF·
+Ą@T˝YÔ(ÇčQŁLYŹŮGHGnk†¤	,®]&§ď%UfÇĺMő±W“´qx”őźJkÚ_k¨ëh(yŚk|<04>»*=ŇIk
Ź
 ïÈÓ×þ¤$’Ò2"ðTö‚¾aû`’†Ä®ùÒ{ŸŽ<>:=
--- a/nix/secrets/wg_private_vps5.age
+++ b/nix/secrets/wg_private_vps5.age
@ -1,5 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 vT7ExA G9mqOZiAvq+ot4OUevoxvNPIkgWgS8KqMY76uGsxeGs
+-> ssh-ed25519 vT7ExA 2giKg2lnsURC0VqDT8Ibfn9jvkIJUOwIZkRN0Px8OSo
-AMEwoZoFc+axirDc5q+FM3e76IedkxblC3vVqUjmPL8
+g3ZQzVSDVUl/BX3tAktgkFk5lVKgplZa+vtLYSd+RW8
--- oXGSsFKfJRPvcU1X3zHN7M6vd0IxBpNowyh4sPesq3A
+--- 9ZTtNf9EG2B6oDyWYST8QiNGQHdYgQ5PoHzEHwW2eY8
-¢¡i3<><18>¥Ÿûôc—ÿòØMÄTN0—‰}r"Ð—s˜Œ§ö~þ<>OrP˜®ÃîFP`Q•˜¯<º%å:7ø3ç‚
+ÝÐœ?Ÿ<>Mâ-<2D>À€b÷>[Á;°^]·v|¤.
 <EFBFBD>IüòyˆlþM’<>¹s|ÂN5úUÑój
 ƒä:¬á€ìÊ¦ý¤›ò<E280BA>ET½
--- a/nix/secrets/widetom_bot_token.age
+++ b/nix/secrets/widetom_bot_token.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg oaTrhtYhEl2Za2fhNt0BgnjXPCkzo1Or9jsLLCnJhzA
+-> ssh-ed25519 qM6TYg Xds9FlVzv4E6ZFFTH6zZwG8ewomPq5R3S3/8jDN7zw0
-Wk99OfMEXXG+cV1LEvC9wf0GeVgT1Z2GA0AtLYCRKD4
+l1EWvQR0RK865mVQVuCFuo+02HTzrHHlsY9r+E2/Nfc
--- 4U4dwN+tJ2LFpIjxEaoZ6HHV5QQU4kr0r0pDXKKcTgE
+--- n9KSdsLECG7uH0yD5GsWC/1mTDMXi/JLDJ++oUycTEs
-NäÖ]èn<C3A8>Ý?óã€àð‚ý¹!ý|!ƒ³:Öú»ÐÁMlØ*Èý
Ü'÷×?E ØùôM@Ér_iÎvo:Niõlk<13>¾8S(ÿ:øÖŠÇR/0^xiÛ[x‹Cå
+ÉL«wÐÜð-§b—}ó¶T6ÁúkíÀX›SŒÒ¢óF3¾q4Ÿèy·¬hzÒ?hSÖ8<C396>Ïb=ƒ1)ÑP*{˜ËºS>Ø(æ<>Vë+<2B>1yð#*ÂiêBS
--- a/nix/secrets/widetom_config_toml.age
+++ b/nix/secrets/widetom_config_toml.age
--- a/secrets-git-crypt/knot_dns_rfc2136_key_config
+++ b/secrets-git-crypt/knot_dns_rfc2136_key_config
--- a/secrets-git-crypt/knot_dns_rfc2136_key_envvar
+++ b/secrets-git-crypt/knot_dns_rfc2136_key_envvar