From 42bf7aba73bdddfd450d162b5d6660ac81b0658d Mon Sep 17 00:00:00 2001 From: Noratrieb <48135649+Noratrieb@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:14:50 +0200 Subject: [PATCH] metrics --- apps/prometheus/prometheus.yml | 12 ------------ newinfra/nix/hive.nix | 14 +++++++++++++- newinfra/nix/modules/dns/default.nix | 6 ++++++ newinfra/nix/modules/dns/noratrieb.dev.nix | 1 - newinfra/nix/modules/garage/default.nix | 5 ++++- newinfra/nix/modules/prometheus/default.nix | 18 ++++++++++++++++++ newinfra/nix/secrets/caddy_s3_key_secret.age | Bin 661 -> 661 bytes .../nix/secrets/docker_registry_password.age | Bin 233 -> 233 bytes newinfra/nix/secrets/garage_secrets.age | Bin 795 -> 709 bytes .../nix/secrets/grafana_admin_password.age | Bin 282 -> 282 bytes newinfra/nix/secrets/hugochat_db_password.age | Bin 339 -> 339 bytes newinfra/nix/secrets/minio_env_file.age | Bin 397 -> 397 bytes newinfra/nix/secrets/registry_htpasswd.age | Bin 278 -> 278 bytes .../nix/secrets/registry_s3_key_secret.age | Bin 364 -> 364 bytes newinfra/nix/secrets/secrets.nix | 4 ++++ newinfra/nix/secrets/wg_private_dns1.age | 5 +++++ newinfra/nix/secrets/wg_private_dns2.age | Bin 0 -> 256 bytes newinfra/nix/secrets/wg_private_vps1.age | Bin 257 -> 257 bytes newinfra/nix/secrets/wg_private_vps3.age | Bin 257 -> 257 bytes newinfra/nix/secrets/wg_private_vps4.age | 8 ++++---- newinfra/nix/secrets/wg_private_vps5.age | 9 +++++---- newinfra/nix/secrets/widetom_bot_token.age | Bin 272 -> 272 bytes newinfra/nix/secrets/widetom_config_toml.age | Bin 4006 -> 4006 bytes newinfra/secrets-git-crypt/garage_secrets | Bin 275 -> 189 bytes newinfra/secrets-git-crypt/wg_private_dns1 | Bin 0 -> 66 bytes newinfra/secrets-git-crypt/wg_private_dns2 | Bin 0 -> 66 bytes 26 files changed, 59 insertions(+), 23 deletions(-) delete mode 100644 apps/prometheus/prometheus.yml create mode 100644 newinfra/nix/secrets/wg_private_dns1.age create mode 100644 newinfra/nix/secrets/wg_private_dns2.age create mode 100644 newinfra/secrets-git-crypt/wg_private_dns1 create mode 100644 newinfra/secrets-git-crypt/wg_private_dns2 diff --git a/apps/prometheus/prometheus.yml b/apps/prometheus/prometheus.yml deleted file mode 100644 index c251853..0000000 --- a/apps/prometheus/prometheus.yml +++ /dev/null @@ -1,12 +0,0 @@ -global: - scrape_interval: 15s # By default, scrape targets every 15 seconds. - - # Attach these labels to any time series or alerts when communicating with - # external systems (federation, remote storage, Alertmanager). - external_labels: - monitor: 'codelab-monitor' - -scrape_configs: - - job_name: 'bisect' - static_configs: - - targets: ['cargo_bisect_rustc_service:4001'] diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 5ad7694..3de4891 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -18,12 +18,22 @@ dns1 = { publicIPv4 = "154.38.163.74"; publicIPv6 = null; + wg = { + privateIP = "10.0.1.1"; + publicKey = "7jy2q93xYBHG5yKqLmNuMWSuFMnUGWXVuKQ1yMmxoV4="; + peers = [ "vps3" ]; + }; }; dns2 = { publicIPv4 = "128.140.3.7"; # somehow this doesnt quite work yet, keep it out of DNS records #publicIPv6 = "2a01:4f8:c2c:d616::"; publicIPv6 = null; + wg = { + privateIP = "10.0.1.2"; + publicKey = "yfOc/q5M+2DWPoZ4ZgwrTYYkviQxGxRWpcBCDcauDnc="; + peers = [ "vps3" ]; + }; }; vps1 = { publicIPv4 = "161.97.165.1"; @@ -40,7 +50,7 @@ wg = { privateIP = "10.0.0.3"; publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0="; - peers = [ "vps1" "vps4" "vps5" ]; + peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ]; }; }; vps4 = { @@ -86,6 +96,7 @@ (modulesPath + "/profiles/qemu-guest.nix") ./modules/contabo ./modules/dns + ./modules/wg-mesh ]; # The name and nodes parameters are supported in Colmena, @@ -97,6 +108,7 @@ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./modules/dns + ./modules/wg-mesh ]; deployment.tags = [ "dns" "eu" "hetzner" ]; diff --git a/newinfra/nix/modules/dns/default.nix b/newinfra/nix/modules/dns/default.nix index 085a82a..3326e9a 100644 --- a/newinfra/nix/modules/dns/default.nix +++ b/newinfra/nix/modules/dns/default.nix @@ -39,4 +39,10 @@ ''; }; }; + + networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9433 ]; # metrics + services.prometheus.exporters.knot = { + enable = true; + port = 9433; + }; } diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix index 0cf899e..397f2d2 100644 --- a/newinfra/nix/modules/dns/noratrieb.dev.nix +++ b/newinfra/nix/modules/dns/noratrieb.dev.nix @@ -42,7 +42,6 @@ let www = vps1; # --- legacy crap - vps2 = vps2; # TODO REMOVE old-docker = vps2; # --- apps diff --git a/newinfra/nix/modules/garage/default.nix b/newinfra/nix/modules/garage/default.nix index 80a15ae..13c616a 100644 --- a/newinfra/nix/modules/garage/default.nix +++ b/newinfra/nix/modules/garage/default.nix @@ -1,7 +1,10 @@ { config, pkgs, name, ... }: { age.secrets.garage_secrets.file = ../../secrets/garage_secrets.age; - networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3901 ]; + networking.firewall.interfaces.wg0.allowedTCPPorts = [ + 3901 # RPC + 3903 # admin for metrics + ]; services.garage = { enable = true; diff --git a/newinfra/nix/modules/prometheus/default.nix b/newinfra/nix/modules/prometheus/default.nix index e591593..7541000 100644 --- a/newinfra/nix/modules/prometheus/default.nix +++ b/newinfra/nix/modules/prometheus/default.nix @@ -12,6 +12,8 @@ { job_name = "node"; static_configs = [ + { targets = [ "dns1.local:9100" ]; } + { targets = [ "dns2.local:9100" ]; } { targets = [ "vps1.local:9100" ]; } { targets = [ "vps3.local:9100" ]; } { targets = [ "vps4.local:9100" ]; } @@ -33,6 +35,22 @@ { targets = [ "vps1.local:9011" ]; } ]; } + { + job_name = "garage"; + static_configs = [ + { targets = [ "vps1.local:3903" ]; } + { targets = [ "vps3.local:3903" ]; } + { targets = [ "vps4.local:3903" ]; } + { targets = [ "vps5.local:3903" ]; } + ]; + } + { + job_name = "knot"; + static_configs = [ + { targets = [ "dns1.local:9433" ]; } + { targets = [ "dns2.local:9433" ]; } + ]; + } ]; }; diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age index a9bf7849b5e3c07ece25e82c212440400c3969c6..9a940bb5143db10e3f8ff9b405f4df3acb18865b 100644 GIT binary patch delta 590 zcmbQrI+b;TPJMA{xRHsUV@7g-YpG{=rK4evTVQZeNp_fLepqN=m`Pz!L4jv^zK409 z30FjwlWBRVk)eNzex-JvTcD#`SZZ-_a6m>#Ku(Z{mtRP5iN9BvbC|cECzr0BLUD11 zZfc5=si~o*LPV9Lb5x*0nYml2WwxoYhpAgsV3bi>rdyNyPH1RQq*0n{X{J$Sa+z6?Wk7LQifM6_nVFGyW}Z=$TUv@&q@`oz z#E;_P#?E>E+U|xvd5-0g#Tf;rF3EZ2Y2LY|ZmCsXl?H{5F8);+$sT4IrQzvZPL|H@ z=HVt`mQnioL1ihXCT0E+#Uc3x;hB!w#m0#dg_Q+iL9Qj*ep$(r;~B;4^KwhQ{Gxmc z%Z&2O3qk^o(u~5=bMy0@GR%zq&4Pk+O$^HlD}sxhLqY<%a=ao^J#tKPy~`u>6GM%1 zJS}q4-QE4Now7qMqk;+wgQ_ZW%|eR;q6|X0baizVa*89<(!GM+{4*l63=)GZoGeN# zjEhUn0{lyI{Zq070=>%XjV-fF^^@`pxIE21pD6qm9I`u!gDtt)Ts=@IWYO8l`*=)N zG;U%(JSjx5WMBI6iUV^BFC--w^x5aE%YW;<)*|(`0RQ(N`LSQTw6?OiT&NIRC-qOy zKkR;a8S}2k{sdG@ax1&pxmszA^U}9KOQizLrMxtM( zCzqRFiIZ=c)7o6m}#b) zZ%9yhmRDsqS71;{qKkV#mSwq_SE`%2r)y4XP)dGUvVmoONR**Lae=#$b4IDDerk61 z#E;_P-uf*edMurAlKK_oL zsfj6h7U}ukr6Iwk+GTm}p4oY>Zdp-|1rccxK8Ai~E9Fr5va+6(yql~gFEVUiEbaizV67wod{rt+cv&(%`joqA_3IaU} zoV=5qOH49Tf&(4R^PH;c%Ogw!1Ebs{xy*6}li!^$HL_Zj)boqSL2A+L!<#Qk{q8f$ zDpYM{yqy(uw(P-buS<8IN^kkysgPJMxykEds(UqwWIX>NMDxw*M^QBkgMeyCGvX-Z&`OOk1jS%HOXxPG#; z0asFRxxZy(NI{-+MQTNoM`o0xpIc?Nr?W?Ca#dcUqp69rNk(u=P+n-h1(&X_u7a^& zn7?n3iLbtYXljv%yMC^=MRAdTp|Mw3iK&Zra!HnNnO#|SRbZKkxhvNe*D9MG%jSBP zhX0RP!edkDyY>!G-t5yKJK7DDm}LEbv`pPM;gHWwO~VVvmi@bXKJ1~`-i(O=Te(W2 delta 197 zcmaFK_>ysgPQAW&nNev#qEVu8mbOn~qN!_{o0C~pQHf!QS4xO?VpUjhwz-L4saJ?c zF;`%uu|=^ zGiF^qX+39On%LBv8_vvSxMj=uYmI4p?ZY`=?<`#;YEZT3P5I0(>5`iQLfH5KcbH0& diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age index 6d72f56d4da356804b7d4cfc56f145ea4c17153f..1d1e8f8d21c0fec6ed515e70d6c4544c34c443ef 100644 GIT binary patch delta 638 zcmbQuc9eC3PJNiUQ?8GZadJpSVpd^PQjwEEdO>Dbfs>(YKz2c4a)48Km1}mkUrAwz zD_59rRiTM*U_e;9t4oDXsY$Mxu}^4uzDJHhgjA=qKuN93UYEw z1In_>%@V^)vn(5K_?O0qcbv2i10_|zV<(1dHS7>nAGvL+kbeiZU|gZcxi*^ zMXkx%vPms1r}+IX&u*IjYk_u$-sgSpdww`hiYutF{nR>$*#Wejn0y3atoZiB){CetI76&ebt%I0Po54od5s; delta 725 zcmX@gI-6~RPJNn@mswb5dX-0rzmK;`xR-xuQkH9yk4IWagj2DvSx`_~ZgQxJXGlg^ zD3@u3S9wyfcW^|InPrJvRzZ2WxqF6oSfsw0dx5V}T1I|^Z;?xCrLT*RFPE;JLUD11 zZfc5=si~o*LPV9Lb5x*0dWd0AnqNVtd1XndnVEK!qg#=wL7usLdb){eWL2hlMQK=R zNQOa4UO{;|SBbWxccQ;%idm?iv4vB5cBG%5v%8CzkwsdXzM*AmVQGGTibr;uUuwC* z#E;_PNqLq*rbQuznNgXhIk{OC8DWMIet}-*ZUKc(1!*~vUhXBy!Rdb9p+=ruWyV=X z<-U&Leg-9hZmt;_9;p$Q6?u6nrJiZoo=yRVK4zvx0fi-Ap`I3#;~B;43o??;E6g1e zv(lq{{VI}jb1SkfveSz)lg&bk(;PFilPrSWE8R-nDl-kZj0)09Qpzp$v7<3z&iI>Wo$6V@r~=BU#qD} zs?zG5TcdVG=ppmtr$4ympUQN$ta;A5j&p6}l7M@KiZ$!5v#fbo^HR|`qh4awS+W0T z>J7hLJ~dISQrPzRw#mz7?@j;oaJ{yfgH4RO$yebkO;bt*J!BF}I&Obone&>pdg>c- z*ZMq?7S!f!hD&aIoiS`9)6vUh(_*Z5O(*+Rqfhw}BD{c?9Vx_z&+SB&{GeWz3Y Up>>|my{5%)TledB@41Y206y~{P5=M^ diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age index 9860b556dd7a0d08cab70a6f4cc2382d89e6988b..2ff5b1e4cca84bcf006b052a76decae130c5e3f4 100644 GIT binary patch delta 246 zcmbQmG>d71PQ7tSv8RuZesGe9MWCfeuuqCdM1gsdbAef*TR}jXuXd(oexzY$x_P-# zF;{s+q@k&oOO&C%m%giia*$tgL5Xv!mycP7SFUlAWnh`5xuv$dUr26lAeXMLu0o)8 zNN`DtS*CwvkYz+pMQ(6%PMN;Gg_m|fRFRRdxp%p@e!g~iQL&k6RV0_zgzeUi6=wHs zr_2>meGd71PJNz3qFbU% zAeV2Yb6Hw)sIjYocCd4}w!UFbxV~dXlvAZanpbj}Yg%fVn^CbruA51w0hg|>u0o=R ze{z1Fajto3c|nDCCY zKNq+-NlzkH@tsvec0!16hkS_kvKtJ)Je8jxN_qKeZER&idhzS^k00(??U=f!PW)_< yiD!tLZ|BOW+z9|Hua=z$$zk3cDwP(!ibZ&**wic}D3ErTkT9v*0 zWX85O##uWi9IV?F6@L4Q%X+Q19_N2gyv3c zorR|=Exit3pZjOIrdnfo)u(4CUgt&}s!|XMK@XhE@SxLZK7vuk;t z0heW7aHg?|cUpjX-H;Dp{Yw?c#vaJF_*5cu7aPR zWsXOfg|}gGMtYvVL4admfOkkL5^u6_Nvi}lI8 zh8r!*HIKS8edRFj6qvB0`M0;eS*DQGak&)^ic-Aqdw*~BZ@#Q=x?-d0oOf5=@Uq8f zI2%lwwn5GCTTO)~Z;!i{%Dfux70=dWGR#d|bzZv7=D~t%TKy4Et(`e-|1$>iWOgsS HpOp&$qqBKo diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age index 5328ccbdf9ee6ca761f7381298d67b6cbe863e8f..a214dcef68cbd58b6e6c6c262a07bb4a6399555c 100644 GIT binary patch delta 362 zcmeBW?q!~!Q(tD}?`cq(RFxLsq@S8xnCxTW;#-_slx5;s?p|(|S)5i8=u(~+RqXHL z%VppnSz;OxYM34sVC3dikZn|2R#lNyTI^;~?3n9e5m4$JWt`@joNAu!$fawiP+Xj$ zo0?)|YHDby5K-mm92KZwk)M@aUT9*Go0V%6S&?XX=s6_ys5onla4pkJ8gS&*4zUg=YjottNA5T0+G8|CTYo8*{Uk>!__5~Ody zrK_u}P!Q&2WL}b1lAK)PROOpjWMmNG?&THYXjYZ$9}p4X;_c#DQEF18Z|ddA#i7d* zVSXfWL$aXW{cF4K9{o3`=XvkNM=NdQjal2`*iU)9eI%l?ayq+?l8eaXLWULT1<{{l zBhTI0oaJT4GxuA&!Oo?Dj7JrY{|db&9<{8fIs0tiy56C|{=(ymvV9>Xe3mivI LxGkuAplAmG*Hed_ delta 362 zcmeBW?q!~!Q}3P>l^^L96;_a{9TwyrSZ1c3S&|WIY!vJo;pS?TZRuic7+DdOY8nz@ z!d0&ASLK`=WMQVCoZ*ra6j^BCQk3joSsrN~QbC-Qjunmo#JNh>*bZr zrK_u}5E7V}>SPjP;G&(Uo$iqxk>VIw%k``84V<*W_1EIuu0YB82baoTnbG?oa%StkLx)?`{%CTU z=lou@s_^g&X5We8&!45fmd%>ZI=x`$Wcew|-cbze_C5%FZ}28#vJ3PQ9C3PPliXfkm2WW^zD|kyAxVpqW9AMQCu6sb6WTk6*BbUv^SPV2XQS zK9^};rhd7ZPk>oTg?X5FrHh%lcchtxez1FPRj6~3sikp1Nu_6iSz1U%I+w1lu0m0Y zdw6ON&(wo!%r|b- z`11A6;%!WU5zVp1twk5+Kld@%)Y4`oHfi_cZI;5F`k&+XmR+CJvi(q&!aDnZ8$C`` vD(`r?txiv+%W|vlx*Z<_FEMEFEC@MqdDEQ!4AsJw&PnX^8$4~3S1JPlWBFd* delta 242 zcmbQnG>vJ3PQ8hFW@MmQeqd^{v2$L5c2Ho7b4E(4n`xrHQLe9VX0BPKv3`C^R;p)^ z30F~JWO!Cul3zrzbFg!9rnjeSWkz^ZM7e8jYED3wzN1fao5oYXt-l~PPuzfm1$*CfVoe&zGFpEd3H#WYq4RGiwRfsjuJa&-7{(C z>}%Pi%`WXuJRJIGQii`&oWA(}lgUq_U5w5|=!!peQf+bnziGzyJwH7s7u;yOvHrPU uR`bJ6>wB2)&t=a!Rm#wmTBmFFUA2kR|Jl^P2jb7%eP%7~Sy`-k!U+HZE?wXN diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age index e967f6204d1acdcc372d4bfabaa3c8753ef918b8..f3b5145324355543eb07badb25da9297ab32f56d 100644 GIT binary patch delta 329 zcmaFE^oD7IPJOUPSVmTmfk$R;Sh2Txxm#gnS)gUIVL*7Uxur!=T3C6Zvs1o)sJ3Nx zB$u0`ze|$4ONDWjUs1M)rGBBQxwfl*WQ2E+Q-o1?zK?H_nPsxGahXMWD3`9Tu0oQ& zYm#TMXMtB@NP3c6iEETWrD=Fsab#7#V?;(-SfE*@e!XX2aj>Olu`kz!jUIbG@6GDp za;C+6_fJI~eOa%{MLRj#S1Ok8nU=WVsP2a($0y<(N<|u0i&lBeRJ^e!?%&7a8yOoe zEO3>Ht2p#WuTWwkW534yyT{^^j(Dc7$nsk}DRj~``M1}YrtbVAba;Q3;^7=Kr=TRc z2$|@Dx2|VxBX;#W$=Li(*P0kC=yTDnX>;7h<(J#u7Z1E zN@_^3Q>d3)a7l@FrN3ElUT$inb7`c1Xs)ZaX;7wHczsS{W?6+{cqG@}jO)_jKd$_? zVNcl~eKK8^k-N}SSK3a?D}RgkD^b%AH ssh-ed25519 LZU5Eg pVN2rgdPyq31DrUEiwYgqNyWrFie0pvW5g1gRC8o4lc +asCocO7XssxBm9XbE7H0OfOekU1XkdZhyFwLEfVRAy0 +--- nlmoVm1A2xNAD4bZ5WHuI9sJbbr3RKyAa02d5aZUOzg +iٜBvL<^UTڮ ' yܱY]OR#O@г|W$_y+<̍&v{ \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age new file mode 100644 index 0000000000000000000000000000000000000000..8e6bee9f5aae9e2005cd0afd90794f48dbd55960 GIT binary patch literal 256 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSPO$rar3sfl2Gpce= z&ocH7%PTYrEUGMXtMmv-&UVX73h@ujvoxy+h)PZ~(ymAkP3Ouka5Z!Om$2($n!8U3k&p#$aPHhDKbb*_vO;n)m89u&eIRePc8S%iU>DycS}ys zE6U8MwA6MAcS-jt_3}0eO*8jQFE=oVaOKkRiK%doX7Kn^vi6qgO$nTY6D5?L0IVUZPCnC~2rY8+wY z$Yohkl3@{H9O`7`g_zQvS z)^*-in8$wN`mHMm-&_o5xEPjv@M!3)#aF^l6c&r#X3}ilK67#8VkU)fJ8khJiV|B- Y3rZFIyuPvBZ2y+dfHu<^HQMS@04PdRdjJ3c delta 221 zcmZo=ITI;_g>emY$d#k!n^MW#;A+Wa?Mp z$Q4W6%K4H6%SMz6v+SLAqOvk-LAGb|h%jkZk)@x?INbmlZR}$ju4%Y~p_-gIA YvNE|*BUZNN3*Cd08@uT#t3 zD7`**>80?-i6`!d^M%~;^NrK4-nhYB?_*T2NkzZl*WMCFjk?WydoEzZo>>C!I5t`|iUs>jC z!DU`j;9X*1=Iotj?vs;~;!$cDQWRqBn^|ZaVeC=iV(guoRbCoW8JJn&$)&5StB_n- zVCdslVW3}Tze?6qf0l9v%?r5z6(U`Ay*SIgfw# zNY}pH?=!07}tmE9JtOft4ia=#Utx(U#qgyJYpBF8X{%5#-K1) YXOo?Q!Xm!Y!V{&Azr6n7 ssh-ed25519 51bcvA cvlpm3reQDmA9Faca2wB1M8a4diEUTAYnZ7scmbt+i0 -DNQrAzPoVvbDR7UVCft8m/6kjHySIpT1l+xl22TW9bk ---- PELEXNV7Ottz1Jgc+5U0ew9t2YEKfUVSsiaYehvwqnc -WLe7M?V69)Y%y1J(u눿0)x@Y~h┈Y5Nd \ No newline at end of file +-> ssh-ed25519 51bcvA ji2zWkOp9u2bor9xScXWckGZN3733piHLN/gd+quiW0 +uzciBDLzZiizL3fFbn3vjiIoHGJWdFlHff3vjSWHs7g +--- fE0bz9m5izwJX90w3RjhmzNaCPuKjhpM5M0qngI9c/A +/3^'%(֡!keG`bڍ깯J0L.дʝpes,1ȷ \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age index 39e89f5..5a1296f 100644 --- a/newinfra/nix/secrets/wg_private_vps5.age +++ b/newinfra/nix/secrets/wg_private_vps5.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 vT7ExA ZtMI/PoOE6fF7heY5Eq12bhzgn/ViE/PzeLRJlFOZxo -kdRK08mwj0vCjhvJzX4TmI4H0dnRbnDC7kK+U7BW4mM ---- QSYK8SFsCQK0hrCG2ZjAG3KIpXPQTJqolMLj6aWHkcs - ՚bCCxT>Ine3Fn.=V~(G8ӚGi(3Yd:eu \ No newline at end of file +-> ssh-ed25519 vT7ExA XLzlq29RuNTBKTbK/zDa6hISekIGx+deGh34/q+jqWU +OsWQtxeRD+6ILJ+X/PNvYFV4CO+BJ+JK5VCHjRHSseY +--- LNaTQFOLpwFhtjPmpUsgrm0zhmNcAPMWG/AuhCzQJsk +̢*[, 5*qD_76D6R-m:0) +~dхPb%'] \ No newline at end of file diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age index 0fea19d2281d8328b96c5086c76d218abcbdbe65..8fedc8f665a604272bf6dc1ad6a00f611527a589 100644 GIT binary patch delta 236 zcmbQhG=XV?PJM~Fhl_q$aABCUey)XcVRpJxc1A%)hEJ%UWxjVvQJ{BmT2@I(m|s+7 zI#-s3m%fizM44|%VueShNtSo1lXsz0zCngzwwpykVVb{rm|>=YSA_C-n_EV{StQvw|CaI0-wWr%U*2;0K@uQ%m4rY delta 236 zcmbQhG=XV?PJMBatG~Wss<%%_qI*zCxl>4nzE@yrWQ3!(uUS-phrfT0k)^k9M47&O zIhUV>zJ6qwW43>wb4pQhkY`r0iD7D$hrdgBd3kAavZ=qbZ%|@scxs55374*}u0p73 znYW*zxsz9-X<=DVkdwPnS!!`wNQ8w+i9wKWMrOEEWol_*QDRtcDrNxr#HTBV~)vP(vxZ?3;-c9d(bp=pk-K|eO zDo69Kb(s4ZKAFG&vt`}ct(y-_T=-?ugUsc{ua@{7kvQ@CM8L+sE~ggfR_Zepv#%^a zYjGszZ3hSEN~6p*^>a6|=C17)Jp6Y(Ys+Ldo3hx3e#TgxxxrsFy0UcNMjD;m{CfGN zjo(&?mmF$V7s#_%#T<2$Rkhqo@`d=_<8=)EchnBtm3iZzsd!}FMB~4@T890K{@ms{ z8NOVn-aDKUU8;5EeBOW0xC3W@s#$G|*6MTJ8anS=?%(4Q(<@Ua$2Ql;%;{i|^ZNEK zT#Dn|>-so>B?~XS`5e5Xa;=Q-dAtTjM2${tMkPo>d1tlSTiS`gvWI zo2GI4lchsuUQl((+xu!Y%k<`+4?eNBD@#VszUsQ8VVOc?$J$G;=byBh>?YNEokMJ9 z*pG@v#g!4SHX2K_J4M^x;+m)Yu0D{Rk1t~PtEydL>)bl)Uv`&@i{Ea%G+8Z{qv6?#Gtv5-j2cEQ+~pawTN<`cdTB8? z|B2++%3_w-1=A1aX|pGD{>^>e!9H(ibZXG z|AMJfQiuiF zoz8DphCSrD6I&*v+*7&y%Z^KdvqP`z^!h(~zIwHQ+M_kSFAd#XE?KKE>B%$yywDS1 za>uCkm)EL? zF-6&C_d;oA)}q)0#~v(yljX3#L})(m9QC`64U73ic8e%A-M{cs?(~93N;mF&Qq(@& zcAgLPWmB1d1)g29Prp0udC;Lf-iK~| zG>`~jKbm*!{M68+TUfVDa@(L{@-jkar&~^Z;v?>WdD8=&w(Z)jY;;fM!pXkpRu(V9 z_*L&c;3-RcUSqee|FFH#(vw}s-pp;C@O`d^+`Fkpv*LXpPOqz~FJ-xLFZSa7NhY^8`3EPFUy2Vt9KCGN zAf)o=5p(9c%dx&IuNmww;=2*2xpBib#p|sW+iyqzRooF5uXV-c*7P;(_DbK`6Qcjk zeX03pvh6cHN1==bJ_>0@Lfenl8^7Pae&7BN6CY~sh;)0jpbTMe-Y1@Xt7uI zYW!?VS~g8gbj`Riy|CxG^@$KCwa@$Q>?Z$PoA*lli&jPFJC`JH^`8+j0n`3Y@;kA3 zlWxiX=G#dZdQ|V8KD=#lb4tAOFU{gclbhFW2c=k>d^k1NH!ek3>wm$K-@ip(M=bp@ zb6(#%pX1>{oY!n7%y5Z#*8bq&)z0np0%AOG&+67+@|nb;)hd!5;+yv0%`BXCL&Rq8 zu-A*Xcc|~(c3l5=?z)Vye>@s4?YHkRAfd#%EyK3{*wy=J0K@XL=C45hJ?U76}{ zu(|5W*Im=uE#3S6AYYkA+(f|%i?(Yio}aP!=HK^j>*t+w*>v`qWxaAfU;m%P*kj@z zsW)|YFZy79WWKAw`FwZlzebP$^zPS|KEKFnw|xI^+f1!BXV%>o`}%4@aDWFx2lr1k z@42hLJ1=iYeb2IinPHcnnWgglR-rR{@BNsbx@@U$?&{uxYy>ZzkH0VZl8?URcBj9=@3?7?F6+&%kq1RO5{WrK2Vjo zGIgoPs?15dImBOTKU{-oN#!L`$d6CKp|^MGv0UbMZgsZ}D^veeu~Y;AD^MwZP?% z+7G(EcA2BN^j@L=ozEdU<)&qBmwHx6TkLJ<^DU72rz8={8e+*^+G0`sl+!f8l1HO@ z{&&aTj+w3^&s9&{<*VKI<8!9B#u3r$9rLoy>i^ZTZy(uZ9Rt z(^5A3buh^F+{8ssk{GY#y|_N1fSLD0^kI$ZW(y9rq+I%DIZ-{{W;4%^9$h*V!Qj_c1)R!SAdQ~q!`Ly@mU#Ygq`YUf}KNY=~9P*~!nq6{B z-@y}2EQ=n-&r&R^6S}Z0*FcNE*2!Ks<7T%`i@{5Nqg{NgX+8Co6QXU`nXe04yiQA^ z|3tT{tWsy+^Fl_;gw6b%j?-0IKTlt;)f=VdYU$#gD?iOaF|6y}i9HOfQlFoguP(JC zTKI8>iA{Fn=gqgTPIjMeB&1SO^r^{LPN>UbdHmb%_bX5IsU**MxlFG3%E28)Y@VKr zQ^&)lJ!X=7{(1`qX!R2OOq(#2*Yd-1fYXWrd8wp{E@TU7qcwN@pAr*p<^x zO22%w{lY_r3<>Acf26bL=N>%%^3viPeA#Z-1kxUBNtv8ZvrakCef}L^ks0?E?-d75 z&-y)ar%b?wDe8U=E3|VjG%%-}@ipW#^2a>YZnCet9>)|pOIO=?AY-y zJfHI0rC)7%(IRf-a5>paHZXWC^ZZ*Ec-Khmn>RV#eV)|K!b@gR94sr|+@EG`#VMFo zzUpbsikb0j>n$_3C|wl$^Wv)1?8T)gQo`zQ9Cg$me6JF{BTP*^tfh=@SM%j?^w8tLo~{LTVnY&TBbTEfB!o1?1rG{Z##qaLW3kM zJK{1;%w{c3+@Zg1Vwpt!I;OQNUnf0(d)oU_O%Hn|@41hj4P|G~r>^`K9dqlcankv*^|Q!T#V<)Oqk|*`QIKf+v%me3Ul;6G874{@_4m0 z_D%A_BH>*VtW)*NjxAyQ^|SWci*NHKcUnlb%(+tRm97=SuWPkYqL-LoBxmBuq$+K z-{$8>PN>>nGc{ebxHP)3?D&%R&isixP4fG-tsgY0> zx+eFH;dd)51x<%?b2q={S9L`)hIUVGt8A~XKN;d`Y4@zXR`s8vr?K%5-<`HIpL0HY z(Yxc2NuxsC!`>|$6Ta2Y+n>_75Rn0yxnWAp3YuKZqQSW7YaY-Vo)t{<0b>D_G^FvoYn*_gkZRw(Y`KPOV= z%a`%EJMp6I_cvvoNpce$7}(9!t!G%xiCr(cQET(Oqqii_+igO+8 zx$joHi#^`T?ADrAeD%bm2NlPAKJul+DDCAn-YV_1`eRtD&>ZWAM=Sk*yp7tN6O+9q zR@kP|`V!N(SGT-ExO-c*dKW42S^us1%+e5foTuIQ@rwn8s(M;a?}R;nf1q9KTl9kK zR`qe;UX@g|nZC045mPE(YTQ=)TJG255W~jM3njaQuJlSVbFA2;s#C}R_|*aP_0kKn zmK^t%-LXZ-7Bulu@bVN1rEmnX`MZi_BvmM@uTb-+pOA8jJU~tTXoHhE9{VuE%9A)H} z{$fj>c;tjPx~_R78RXU*k#~yvA(Elf4YSENx|fUlG4gw&-~ec^6~fIKM#Eny~f28~ zUbo4Yd>;vD~GQQ_CbQ|6v-Q`7 z+J4+jo3o?iq*M0ckI!ziy?AADgUjKz)xMIJ|9@r6=A8KMy=yAdAH9ElYdAwq8K!J5 zzUlM(=9%Js6Ky`L)mQDAb?Vu@{_rh%{}vqAE8NXB$;j1e@y5TEQtl!_*;AezcdaV7 zxt8erWTIZ`i|fK^JK2hqA2c=I@L$ok{;+)j7w?NxeoJ|dCfu~xG9mhYRNdlV->(R8 z?O9gR8l`g7)m2~o0%!2~hCSgC8=pum)KO&1QV5B9-v8oXaos7^ttT1llRHIQi*pzef<;@RP+65#Z z(J=Lqnjc!KXyswIRCH1NF@r_frAK+%UsRr&$L_cCVzkSPxg}j4(`WK+aadCA`)= zt3Eid#*FKH*n{f%m$L8uYcE${wBt%G=fAROmgkk-H8 ztKqDhOP)v;JM7j=&AT5l|AWT4I|47aJPKKV=>4_B_1j{Ke(Po2%C`KO82Hj;%94F| zQ|Ne!AtEn=gK7x z*9_0pyx!}VoW4h~zK-|2(Cq~i*lb-EpWJ#xZI|u>pEaujV^=Hg+xYbbM^VLwqSK!z zxbn<1?$}ko<9p}IFq_bQ&*S44v@B}bEY8IHS3EelVmvV@<~H4L?mmGNa>&6DEcRJOE=stWLU zJL%g(`K*od=L*D*d{E;%zAvBkETjHK`)WqMws)NwaXh`Q)>4uBvI%cD@~@uVxHvQ5 zXUzZdG<|38r;C>Uf8+OJ-yLItON#~a2rXAmMV%;zKu+P&}`aW9Cv%l^Bu}4Sfmfs6W&(*(vvd_|= zw|4%Wi$-FXeG7~qpI>r%pFQ7Xy*x_9CwI%D1|5sGZku{z0OXPj3t*Gt4ro0ln@$9nSS)M~r6Fm6ZE#h+yZo30D@+A*!i zjVZ1`?e}A;9L1ugZYK}r{5)FG-Jq!bti@)&rOgSO`JB>Mo=!bt`m`T*z$V~L(PG@iM`9%dh>t#Y*;^m-~VDw zo88+J-bYND?LS-$^SZD%Z99*1%8_^C*~Y1lzSedK_0N9r_tSw3Vr80*KYHEze|fDu zvvT+R3s3e1?RP6oewO;{xLi<^oqZ9b_2=`N|5ZHdiI{v*roO51>(AEdyQCFWdYcBlu%-eWpK(6S7CvRCp zYv=xXGbdd!ueB+YtD^73%z{-Rv;Mc0WJ}and`LBZpWt6$T0YljHa+YXALP zzo2hvZ1CDIlkz$1&78hP^Jt{4TBN*8Jol}Cf53WatIk041&302+vNFQYTelFw6cCR zD+Bw+ld;~fzRX|2Agwgvt!nq~6ISOOq-JV3%oJo0meP5#$5S&w>Vot9j7-ielTMY@ zeV+8@eD-Of=J{{i?bFt+n4gp1cyrnGc*s&(I4mB~7>Q(fit+p}%E;c&*vLz)Yg1k8>Qm%b`rO0c_`e#FkTM&EPR=3^cS_j`=%nKQZ+xhsr2|J>AT z@UGf@XG+-RJvBkEf?}st@11{Blx0$kP{7Y?;Zf}paY0$3*UU3ju5v!Obwp&>^}|`F zcN@=sy4+qO#QtYuk9VNSnbaj`oh&CQ@Y*li`Ju(|%09+fzp|FCU4Hu@yO^ZOewoEe z8qH;oIw#FI>!yat1IfIR;n45s&0~>((G%NS?%N;!I>;~xMzK`Sn!Tn-(|GI zPBdrtSQ_WUpIFER>$mNxBH^M$`| zi_)e3{qH&4y*B6g?{}&@Uu{u(W^CHIsk?uM^1iBxWf|wLh4~&{Sn^)Iy2z|}MZIGT zchaM~A5T7P%}F?ECSk6;cVVrP_%rpymESMSeega~XSwv#JO7Wp^qDUf=2hdi`z*tn zzOQQ;Gn;#+u)e&0_S^QX{i}YQlV>)b=DAPq=EnnvHs6^rU*TEI!x;((?)L654132F zZs(UIFLD3c(abhOwE%NrLH|RxJ4_2VN-0gdUcctF?x}FD34O{TixT%|)}2vz`>!i} zziIO&&w~-4Tgyy79JCgkRTr;lHfveme8w_2#_hT4G8H{n&!ju-l@4%Ne|RmEs_*^h z!9s@~?_2+bE7`c)^CkD{Ss4M>mU9~?E#cyhoVxeo|5IPzrmgds_%vo#msxzG*5T`i zf;uvI?x!BAU+8u&v*_p{g*C0)^5*fkcU}s#6jJ`>lD~3ZgS<;^_(JQy{hvA)I;K3j zs?9Ll`r@(bWhZ#~oAwwbKV5YoZQc9CrOn@3tgqKytJolWaPnuL6@G43+5HzJe+ler zf8n)qqoJ)}n8>5{$BtjUuc$E}JrpZ*VNTX;1{MaB1CfU>imB9VRi#G9FFmFIPv4}| z;#qT+#pC&Ys^+=x2)t|5;`f)QuW7VA9u|Ry;V*NkH459!eesk zyB|c!3SKsnGc;e zQWsj6SbgdK(G{+?dgT)&EhB%qYF<@)BK@jf-+xi&r?V?F}d#rT1vM&JQgE5{3o-IIPhHoq1t_3n)O?*B>a{-nzsDR;^_+a7A#PSmUWpWIsZ z``XRVm+Mn~ZDhVX{EgRlS+Xp0R#qw77ME$3oW`fce&oOA$tZMQS$_HEH~k&%J{^jF z=NrprKG5A|SW$icK;X`)htF|jdgcnfjGipH_?%IF8@Elsa*rE#%Qk6>h?YojGa9!~ zu({H3AvN(`!^Xn`&2DN**)qqj8WtXQTX&5O*qH{O>1I4izL_+?GE_?JM3wUzg8%FLVh zFYL_Bq=3-LvM1NK{E}TEdw=elJGBQ_9NMpw+dQFi)@NZw(UK6QuP2%=+2tDbFAO`& zwda7d<)^t8b8l1|Jg=X*ao^n_x$uySA=O8vxT_L;mzBLV>bxE_@kvxfrCRUjz5J#N zZcol&vh~XdIXY+K#9J$uwEuT~^7@>W9P=fnwY8gHuaf*?7}FH9={;NZoSa#~Q_ZjD z$TNTcJ@=~Lx@lU*73;5S@IDITZrFOV{iIdrn`KA0$!M|uR_^5Ax^#YUZvA8ZJuZ3E z`V048dnT;Q>~LxQy>xffy?o-XxW9Psjlf$Bf@ z3rktkB3@}F)oiz1k@WMt%tb~)3;7B~$$gfWzTafmIV*azD#xC0xqB%`*}gaYOS#Gc DEF!B` diff --git a/newinfra/secrets-git-crypt/garage_secrets b/newinfra/secrets-git-crypt/garage_secrets index 428cb5a1d3d17adf12a7daf827a2db20963c32a9..f1a12aba87464e134df57f2439a0fe9414563b45 100644 GIT binary patch literal 189 zcmZQ@_Y83kiVO&0cwBjYsZ#E$_k~9Kvx@uX?g|us^82y(fr|dv^etOcY1t461(Chw|#kH0=swfm#Ng=`ku}|Q!k8{`@po@s+$-b^KYw9 yooC&{a=f=e%d~ROFYZGY&%S!uzr33^A=><1O2V<3auyB#OJob@7q)2MRt5l~TUoOJ literal 275 zcmZQ@_Y83kiVO&0Xb@nRuB<+}AW7wd@9YiNHhflElG#`ISLWZ>wAs;9*VaE-xHi=7 z@N&Z|cb|ki%iTIC(o?%Gzs2@N%EC)Z$6A`L)XfvDnM->5Qq1qZuFctTng7djpKS-4 z&Og~3yQT9jgOXxpaQu(xKf1r(Xx^(j@KQ}}o|bXm%j?fo+gIlaT!{PVZ*6&Xvbc(l z?z?BgOATfmJE>UVS#zW2j#H#$=vvlY9+|@19Paa^7e) zM_$QCmlpYSkD7oFOEH}Canm~?f?xA@E5Yi#^1HvO0q665@(aP@nw)ggatIwlFq kEOc5BlK-jT+=DvV1@U(mnTeU&zd4RP7ibADP`kM7G?uKE-I&ivy70MsrZr2qf` literal 0 HcmV?d00001 diff --git a/newinfra/secrets-git-crypt/wg_private_dns2 b/newinfra/secrets-git-crypt/wg_private_dns2 new file mode 100644 index 0000000000000000000000000000000000000000..6b1311d07b0b762c0fe275787da55435470ea8d6 GIT binary patch literal 66 zcmZQ@_Y83kiVO&0Q1GY;)vRi1IjGBACOqjxj%