From 3c1ec0f28789f305e9f2aa3d259471b849b51b48 Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Wed, 13 Aug 2025 20:36:27 +0200
Subject: [PATCH] dynamic dns updates

---
 nix/modules/caddy/default.nix                 |  12 +++++++++
 nix/modules/dns/default.nix                   |  22 ++++++++++++++-
 nix/modules/dns/noratrieb.dev.nix             |   3 +++
 nix/secrets/backup_s3_secret.age              | Bin 772 -> 772 bytes
 nix/secrets/caddy_s3_key_secret.age           | Bin 771 -> 771 bytes
 nix/secrets/docker_registry_password.age      |   8 +++---
 nix/secrets/forgejo_s3_key_secret.age         |   9 ++++---
 nix/secrets/garage_secrets.age                | Bin 819 -> 819 bytes
 nix/secrets/generic_backup_password.age       |  25 +++++++++---------
 nix/secrets/grafana_admin_password.age        |   9 +++----
 nix/secrets/hugochat_db_password.age          | Bin 339 -> 339 bytes
 nix/secrets/killua_env.age                    | Bin 293 -> 293 bytes
 nix/secrets/knot_dns_rfc2136_key_config.age   |  10 +++++++
 nix/secrets/knot_dns_rfc2136_key_envvar.age   | Bin 0 -> 697 bytes
 nix/secrets/loki_env.age                      | Bin 326 -> 326 bytes
 nix/secrets/minio_env_file.age                |  13 +++++----
 nix/secrets/openolat_db_password.age          | Bin 321 -> 321 bytes
 nix/secrets/pyroscope_s3_secret.age           | Bin 336 -> 336 bytes
 nix/secrets/registry_htpasswd.age             | Bin 278 -> 278 bytes
 nix/secrets/registry_s3_key_secret.age        | Bin 364 -> 364 bytes
 nix/secrets/restic_backup.age                 | Bin 784 -> 784 bytes
 nix/secrets/s3_mc_admin_client.age            | Bin 912 -> 912 bytes
 nix/secrets/secrets.nix                       |   2 ++
 nix/secrets/upload_files_s3_secret.age        | Bin 474 -> 474 bytes
 nix/secrets/wg_private_dns1.age               |   8 +++---
 nix/secrets/wg_private_dns2.age               | Bin 256 -> 256 bytes
 nix/secrets/wg_private_vps1.age               |   8 +++---
 nix/secrets/wg_private_vps2.age               |  11 +++-----
 nix/secrets/wg_private_vps3.age               |   8 +++---
 nix/secrets/wg_private_vps4.age               |  10 +++----
 nix/secrets/wg_private_vps5.age               |  10 ++++---
 nix/secrets/widetom_bot_token.age             |   8 +++---
 nix/secrets/widetom_config_toml.age           | Bin 4006 -> 4006 bytes
 secrets-git-crypt/knot_dns_rfc2136_key_config | Bin 0 -> 134 bytes
 secrets-git-crypt/knot_dns_rfc2136_key_envvar | Bin 0 -> 67 bytes
 35 files changed, 109 insertions(+), 67 deletions(-)
 create mode 100644 nix/secrets/knot_dns_rfc2136_key_config.age
 create mode 100644 nix/secrets/knot_dns_rfc2136_key_envvar.age
 create mode 100644 secrets-git-crypt/knot_dns_rfc2136_key_config
 create mode 100644 secrets-git-crypt/knot_dns_rfc2136_key_envvar

diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix
index bd5f448..3df164a 100644
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@@ -4,6 +4,7 @@ let
   caddy = pkgs.caddy.withPlugins {
     plugins = [
       "github.com/noratrieb-mirrors/certmagic-s3@v1.1.3"
+      "github.com/caddy-dns/rfc2136@v1.0.0"
     ];
     hash = "sha256-HdCXbqrrGPZSdHv7bZvGz9T6loVbrfKydTbjTyt5Wt0=";
   };
@@ -47,6 +48,17 @@ in
         insecure true
       }
 
+      acme_dns rfc2136 {
+        key_name "test"
+        key_alg "hmac-sha256"
+        key ""
+        server "dns1.local:53"
+      }
+
+      tls {
+        dns_challenge_override_domain "nilstrieb.dev"
+      }
+
       servers {
         metrics
       }
diff --git a/nix/modules/dns/default.nix b/nix/modules/dns/default.nix
index 815eed0..7d1c858 100644
--- a/nix/modules/dns/default.nix
+++ b/nix/modules/dns/default.nix
@@ -1,6 +1,12 @@
-{ pkgs, lib, networkingConfig, ... }:
+{ pkgs, lib, networkingConfig, config, ... }:
 let metricsPort = 9433; in
 {
+  age.secrets.knot_dns_rfc2136_key_config = {
+    file =
+      ../../secrets/knot_dns_rfc2136_key_config.age;
+    owner = "knot";
+  };
+
   # get the package for the debugging tools
   environment.systemPackages = with pkgs; [ knot-dns ];
 
@@ -21,12 +27,25 @@ let metricsPort = 9433; in
 
   services.knot = {
     enable = true;
+    keyFiles = [ config.age.secrets.knot_dns_rfc2136_key_config.path ];
     settingsFile = pkgs.writeTextFile {
       name = "knot.conf";
       text = ''
         server:
             listen: 0.0.0.0@53
             listen: ::@53
+        
+        key:
+          - id: rfc2136-update
+            algorithm: hmac-sha256
+            secret: QRpeYCJLokRWyzT/tWrxaly5Seb5yTkE6/Ub66edWds=
+        
+        acl:
+          - id: update_acl
+            address: 10.0.0.0/24
+            key: rfc2136-update
+            action: update
+            update-type: [TXT]
 
         zone:
           - domain: noratrieb.dev
@@ -35,6 +54,7 @@ let metricsPort = 9433; in
           - domain: nilstrieb.dev
             storage: /var/lib/knot/zones/
             file: ${import ./nilstrieb.dev.nix { inherit pkgs lib networkingConfig; }}
+            acl: update_acl
         log:
           - target: syslog
             any: info
diff --git a/nix/modules/dns/noratrieb.dev.nix b/nix/modules/dns/noratrieb.dev.nix
index b14b131..a618a6c 100644
--- a/nix/modules/dns/noratrieb.dev.nix
+++ b/nix/modules/dns/noratrieb.dev.nix
@@ -51,6 +51,9 @@ let
         ns1 = dns1;
         ns2 = dns2;
 
+        # --- ACME setup for caddy
+        _acme-challenge.CNAME = [ (cname "_acme-challenge.nilstrieb.dev.") ];
+
         # --- website stuff
         blog = vps1;
         www = vps1;
diff --git a/nix/secrets/backup_s3_secret.age b/nix/secrets/backup_s3_secret.age
index 4dccf37f8014f2d2f923bb9eb8c4ddbee3356845..1c0cfb76f787c1c7cb8b94a6e72b809dd7f17f33 100644
GIT binary patch
delta 683
zcmZo+Yhjz9Qy*BCTjJ`TR1j%q8d_Xo;+q=i8I~2AUyvD6Sm@}TpXcUn>g-tJkslsz
z!R3?Z9hvD@6_6Gg<`$^!6BghYV3t>zV;r97V(4t-mKj#z6mDVQ9poJm$)#(jP+Xj$
zo0?)|YHDbyU}+fUQJSt$VQE_E?NVS+nq+QSXy|Wh=vGwdmYflgV^*x6QIHxQ<YnZM
zVc=`wR2bySRZ--cY@Y7q7oZ=W>0DrBQBvvWW*Fx0>=7B@o$KNmTx^~nYLb=cYhal^
z@uPTnQC3h`QbAyav43i1jzvJaYp}neXHtQec4U@ecxX~~in)G)zQ2)WZg@7AYnZFP
zmxXhHvumDLQl_avPKb75kdw2ai*cwys)tEnR8&|>X0U-@MS<hwct-K??4-mh$MT?L
z*F-0yfHa@<U_(Qn(DHz=TvH<>fB*9QjG)Xa_pJOX?ea*jN=yH2b0gE-!idsfA74v9
z7X#mtu&6vEpS)Bbf8(kuAA{^LOA}WUgCy6<XBoxoE8TpHBh#vi0zCC2{DTZVf<iM&
z!z)b<!t%mPy)!H#lOuA|5;LouO2d7*{G#%LEu$QRER(B}TupM#O2Vqbw2d>pqx4P9
zvIG1b3(^yd5?#_O3_N|gbaizVETZ%S-O{Rj%ZuF%OpPsF12VOZUA_E_jZ!O9%Y9M}
z@`6(8D>F>=15$E5x#CvkN5=fzQ!rWRe!8Cc3;!9%;!3`(n|boQ9>bczpArtL=g*eO
z$Zjh8BV1v5Fm=V+=SLFU%RVbizBK#AK9(|vONJYyxc8fUaP26WFD$H)tvCId!nyn}
z9fy3|bvq|DowC0F;Dku;%Wu|>w_CqXKGpuI!(z&>4HZf+6n8w;`<HvNH%{z?l}WP2
X#I0YJs|NK8%-SK)v!sZ{R?Y|j>OJ<j

delta 683
zcmZo+Yhjz9Q(s}2m>y|b9$8jt=9QOfn(3IVU8!H5?xpRRuI=fc6j_|?<X&Rz6&~c4
z&lM1!oRODOlBS>TlVy<WWtNv@66G8b;#=t(8X1*s8JwSzQ&sF!P-qbv$)#(jP+Xj$
zo0?)|YHDbyU}+fUQJSvclHs3JlICfenqO(`65?#0=ay$?kerj`@9b1*5oDGg7@X`8
zRq5<v=2~UK73mdd8KCXwnP{4p>1t70>X~R@Se%-a=c-@olVoAwo9~erR#*~l>YE=q
z@uPTnXnA%-xJN~HVPsIMZ)spbZg^=*mWiKbrFlqNiK|hBe@0S>L8WJiwtF#GL1md^
zac-EokAb;+igsXfscA`-TUx0}ZgzpQb5TY}exh@VQAC)2h)??Dct-JXqq6j>q+AbU
z3v)xS$|C*paxdr1NZ&vo_o|{OA17^R^9VO%Z^Ke!Q@2pA^did=kEFEhqTpPYj39kC
z3zI<q(2&3kXG`;>!c^bPs4$<Tl9EcttZ?7SXBoxoO`Jl@(hZ{Wjg6hNeJw*vj17H*
z3QIiFvqEx$!(1XuJW@)`O@hL`L!3>xq5>;i%6(h|jEXZ03bieh{33(&jf;X4tDG!L
z1G7ydb0Y(zioNqo!}LwKbaizVOrx@jQ~X^#QzM*xy#fv0DvM1s0!=H-6D$4lii|Sd
zeLPd^qXK-&voj)!xz6jJo7AZAXkzP&2d$sFcP#MUT`44d@r`g#T6f3)s#MdvbM+a6
zttMpNU6%fO!i0}*<#h~~lUuY`udxxl%5!PyMlbJYr;I(!!v!o$_s`Q!a`+d@v8PA*
z<A!rq8ik%;xY-v4rcL%)^Q!53{p@f40;{i1V^CbS*;`4!pejzuZF+6eiJx!(RLtpF
X<>>UYI_S~_?sYTPR2pcVc6tc_u?G4#

diff --git a/nix/secrets/caddy_s3_key_secret.age b/nix/secrets/caddy_s3_key_secret.age
index 00e655f5614dcd156863b0759db4e70f7b42af9f..2db341f1f194c42d2991aaf5372850b16e9bf028 100644
GIT binary patch
delta 682
zcmZo>Yi66EQ(tN7m{nR5?onuv<dWf-mgbg|n^%$STH#w@k?rJJW>RWq>1h#F5FC}6
z&E*ju6{78Krd^!r9*`Sk>F8=$SY=+~mto=(;_R<ql^<9bmX~dq?Cofj&ZTRoP+Xj$
zo0?)|YHDbyU}+fUQJSt$oNk(KP+;j&k!F}&TIl8#;AZCNQc;=~?jBYZ<Zhl8knb0m
z8)ae;8IbPE<(X#a<80&;Y-CdC>sAn`?_QbVQDK-7k?rMY=He6R9O~<0SQX$B;vVcc
z@uPTnQj%MEesNM-Nl|%mwtq=hYI&(&vbIr5K(<-9c1ezRnM<BqXk<XJS-3A(lA&jK
zo`HUFSf;*LxVN9VOL%r+Ub&C9V}4MPQE`}|Yo29#VsUOxNQLj@ct-K?%Fv7yqf+n8
z(n!bb)UwjV9LtJu=b(ZhgL1!c^N14Ta-)K*Ja@m`<cNGOqcT%d&!Vb~0-s=Q52r9!
zL!V%$g4`VUe5XvqAg^qTz@*$_qk`aM!?5hhXBoxoQ**-;!!iRS6SMtG19KuHveUB7
zO|_GaqY~4-lEN}vO-usa(gXC3gA6RVLd<<a3xXqD^8ze0k{o@_Qrr@gEz^xn0>g8I
z1JY8oJ@QOL%kz!(y@GtXbaizVN&~V3jl-Qn19L5k^W4Isit^18laq>r3cQ`o%T2r@
zyfP~4ErU%hLkz>pxf*Y@PI$R)=^x&WV&1b-Hr@2g`?_J)zxPv0*Pos8%U7PK+wj%0
zn77ArYxvC`HeX)6x=6CrF|qB*ZN1;FZ*`uDG_Jd{B3y3SU&j00{4ZOd*qqL--Wk35
z(T_Q0WohOA+5APe&v&>V^|PqRapL3&-Pf5aBbQ6R{9&f}dO}xv;>Ar3ufIOLcF5d9
XQMdl}<Q4Obnk|;S`tQ2VsF();s(t_=

delta 682
zcmZo>Yi66EQ*YrGk)9XjTHx(xZkF%v=a>`ZSL~nRYFZMJR$LKLV(6Y78s<})>g(?2
z%jN0i8yRkqWfJP>;-PO=nq}k?VPvjfV6L5RQSRbv;u2w!Rg{=t;E^AY&ZTRoP+Xj$
zo0?)|YHDbyU}+fUQJSvc=I<L;R-BgMSC~^^ni>|B;+9cpP@0%;ToI`q>TZ~llM-y1
z@8|F3loRaAWg2SX=Iv!@;*@6Qlj&?x>Kjt%7~~pS<?dx@?iv_T5tb4bmYnAi5t5ZZ
z@uPTnk#9wQSWbasa)oQKmy>Crk6&1se`%Djsh4+FPI<AXe@ecSe^Od{Zn`5^S#WYe
zU`|G*ene7fMMOq!RC1|rig#{MSw&JrMUl3%Yq(E%fU9|kb7B7Ect-JX18)<*5bd18
zvP=V`$h>63u%tvYgCzY>pS)aC<DiJpfQV8H3&T?Pl%Qg+sPNFpz?4dJ<IIrA9PhHw
z&?KV_BU1y%9Ane6uoTn6^l+EFjIb1+$UMi%XBoxoD-zwZO3Dn2+#{;eb1VG<BK?a!
zEKRc0BF)VUJu=gZOT+V0Q_~!^lR^Wz%&Yv9d<qN8ys8S_{e7wo3ri|W6SED%f(=u1
z3;g{YwJr3c0)5=IlY+{*baizV(h7poEGq*of=Uu2e6o^4^0Kq@O!FN*J)I2PwVfS}
zvt3Q<lTH1@%#$ijxT+JM1>E|k&$uBVFO4UR{TlD5^*zN8X7~A&hMx@N{2{YX+j9Ly
zLzgEyJNy1_Ja<p<(5o)*B#vggiAT4${FB(xrt-K#(XTw@ck#_&GY0$HE|1nqx=!tR
z@nQ9$mkYdQ-4?i=<M{gG(yHBsimcWfZQ^`&5^8hvgB91b7FVQg+HyKg;l3T;-8Rl+
V;TI1bzQu9UGWGgHrJ6F0i2%n$`ON?T

diff --git a/nix/secrets/docker_registry_password.age b/nix/secrets/docker_registry_password.age
index d673c45..311dad5 100644
--- a/nix/secrets/docker_registry_password.age
+++ b/nix/secrets/docker_registry_password.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg kxQujT+O6ZGlzTONdS/18DUVoxNapwtxitQo8GKr2hc
-b7KjCjuvhmWcqNB6BvNruL17Ww6yWkVKjjm/MGd+jlE
---- q3EzroLr8b0T2gKQ4xUR67YOLSwFP1V8UxAnKY0PP24
-ßlæ»0›g1½CXqïi“ä{Tˆ÷tg˜úØß­Í‡çÛ•ß‘Àö¦ˆEs5ÿhxk-
\ No newline at end of file
+-> ssh-ed25519 qM6TYg py66rUtQIWm6K163vaJaoAseekNA70yQKMDH1FkWYVc
+rP7T1akj7LmzIcJeoK+mq+GfOjWpnWFnSpUhIA9Vihc
+--- UjRtQl6/Gz3QPiLhSyksrsRvFoCjiCKi4D0HdBb1dJY
+¦àq™ƒ(¯mÑzÁºÚhžØÒàk½šÔHÚ9:¾ãM>c–=”Î¬Ö¦äÀMŠ”â³L1
\ No newline at end of file
diff --git a/nix/secrets/forgejo_s3_key_secret.age b/nix/secrets/forgejo_s3_key_secret.age
index 9e4e8f3..fba1c4f 100644
--- a/nix/secrets/forgejo_s3_key_secret.age
+++ b/nix/secrets/forgejo_s3_key_secret.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg yxVVZ7LOgN9NiKsl1+dN7Rp6Rsf0zlqb25Y6w43styk
-gQ5g7TL8+lyGp0SxdcoRg0nTpu1w6WbZZK0ERyqRpkc
---- 5uKpMbkW4zZ035mNXCuty+64IZ360gly/ezxnwtRX/0
-šËô±ëSÏ¸>q!£ŸìOß·¿Ÿ”ÉT››CUÿ¿¸£ÒºžÏ[ñ*ó…¬Ÿ«’\wŸÝ‹tcÇ×Õíg?|B±ØÅë;’»"*îdƒWþƒþÔvÀ/vÌnqe
\ No newline at end of file
+-> ssh-ed25519 qM6TYg DlJpvGP2I1iGodnEufzr0qCAmmU6XiKbnNCRJmjPsHs
+upNAkX1DPfs7AJi+/hUKKcehn7tTcR0knW8W+kP1u/k
+--- ZEI6vM0+n33fVLPssJyEWYW/xNgoa0/2BIZeG3NzBrk
+¯¾-r `
+ÈgR/n´|òS“\h}•LR£áèE‡Ú@ø„¦ðš‡‚˜OüåjF"VŠ¶¨ëív-ƒqË“ðxjf´ÌŒÂ­f=×ÁaI¤‚8–òÖÑ¦ãlÃàž	C
\ No newline at end of file
diff --git a/nix/secrets/garage_secrets.age b/nix/secrets/garage_secrets.age
index d9d0ee252c173a1e5421132fa165f39680b1a3b9..de68b3e6869e28e5b15787a5b6aaa847d1bf18b2 100644
GIT binary patch
delta 730
zcmdnYwwY~$PQ7WMTTwuzvA>^phEYI3SbBP4h-Xl$MPhoPpI@$_Yg%e{MpBe(p+}Hw
zI#-}UNMc%qNk~OnmVZcYPKsetVt#g{yI-n#a9EJOpL0rPU`~}^xsOk=1(&X!LUD11
zZfc5=si~o*f~8@YM`^l(V`*rvd3b87i>ZaHxo>%zrCV8siGI1Ge@bOoluuBhWsrWc
zWn@*PvxRFYS59!gyLq99N2Q^2P+@^Va<XYsVv2jYn|4l;Ww42%e{!HnQdve=X_>d@
z#E;_PRY3*0rd65FM!unyemNlpk!hhBg`ST3WsYfHg_RZAX4x6pJ{iVgxfKRnq4`OM
z{+=lrsZoXIK54;;m6nm&Nl}5WW<C|ce$Kg`F8&c!K3*Zt+CILM;~B-nO@ku~yaSxI
z!$J~MG6Iv#Jl#u545IwAa{OJ*a~w0PGMrM)osE4n+=4B*O3d_wo&2JlO9S--3XCI?
z{f$DS@)8SzE8JYu0!nf!44u3Z3rY<Q3)3PepJf!UcX4&s){k_ni1P8zDhrJWbPZ1p
zC@HVV^T_cv(f9B-OHVF!Dk#+sOwCH>3NcEuC@%AI_lWXyD=aB=wumTBt_le*3N<Jx
zH1G(F%=CB3(9bIOC`u3I($&>fi173(N-c3p%Fc8z2{6w0ugDJ!EikN1^!6#sEi3ji
zNzU@A&ngTK&rHg7<a$19qWs&`gF)BAYF&>w&4@aqn-I6NrQKHeylDN49_Cvu;q0&L
zQdE+jm&p9CUU@<0(8Y_~%kGDJh>0DS-*7vDcm0BES~u)vx1KB7IDwVp*2UKhkHp`c
z`dYBWFe8-v@2x*CDyu{_{1rAGb$4|;&z6{H!S*QWq-Efj+n44DwMEV}ioU&6q5DvK
zF~7@q>&hrWrRh8UIkMI&N^S1b`^pm}to=uL$Dy4o1W#&5^H=-aSNjq1bwQ2ad)0}?
U<;LBvywzdz#HErBOm))-0Lo7eY5)KL

delta 730
zcmdnYwwY~$PQ8y=L|~X#Wx0NcQFgh9QKo;Qaf)L_c}0$+XI@x{cSLHoX`n}_cX6n3
zI+t&*MOcJ~v9o7LQju3kp;K~Jim!)zu3@&hcU4J>NoJ8pVR)XKL8W)NFPE;JLUD11
zZfc5=si~o*f~8@YM`^l(Q9!<jhgq^|PFR*%Mp}r6nVYtepHG!nazR9fk%3QoWO}Ga
zWKlt+Wq7&?S7vaccY0`khCym@R%(7`lzDD?dY-vYc$lTLWks>CQCfafQGr)fq<(((
z#E;_P6_t_hmImn_zLpUljuoC|M#*lW`r&0!#VJ1dW(7r#0fFg3-i|H-2BDE$5h<Bo
zRfbWy8OFido@I&t&QVT<MQ#=@!QoCtMTMyWS(VyRnXcufiNTJO;~B-nJtHeiOpHw{
zjQs*KL%dzQox_qWQars)^Ai1oD?|0eGt5)`eFDvbgB*Rid<}|?Ez2siTq2E3d~=cv
z%|bmYEpyyli&GQ5DypI~N}S7ztGp}9!-5?rpJf!Uk8&yt&2kR4D2sGUN%2niOUo+_
z@-NMF$#aRw$SiR;OARth%{I|C3^H`(O3SP)ElkYKPRx!nDKYfTFZK*Aj7khL2zSje
zj|g)t_sT5yu*j)0PAX33($&>fs4DaD^GGpE^7l<KNHb3LEXpw~tf~ykFslkpHFvkj
zO(`m>PmFXgDawlo<=QVWUp3RMNP5A=nKu*oYcwxvzg)y|zVFwax&LR01W%u`j<wHS
z?3`b~CcgW2&GxR<*OpBX&rL~ePkAySD?#>3$G&&M|H5wmSx|a3Z_)C#{70k2mtNZ)
zvGLIR&}Y;4*8bXOcOgqKeha(HpLlCdQ<g6Og2YeOoLqtP_uZ>AN%~M8rEb1vtHHCl
z9;3d;+U0Ab46>}}np~|6Nhy%nKGjg&@}|Nj^QhOwNk2aCzpuyPb&y9(WBIbmDdFE_
UdE?sy7Ivp61jo5Qc~I000En~@_5c6?

diff --git a/nix/secrets/generic_backup_password.age b/nix/secrets/generic_backup_password.age
index c666d43..1e0c2c4 100644
--- a/nix/secrets/generic_backup_password.age
+++ b/nix/secrets/generic_backup_password.age
@@ -1,14 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg IBVFRlOVLHcuS6xa7UVGA1z9NTBtNwGbt94c/yTB8wE
-T+VtsTngND9kAd6DAtksXN4xYs+E8JZSxDeOm+G23tc
--> ssh-ed25519 91VHug nUkRwHgpn2i56NNY0VAuG+r3CX1rjt1M0ZVKj+ijwGo
-ea8Ry6JIJlPOObY+v2Q5MkdcZqCeDLAOxC583WY38Hg
--> ssh-ed25519 XzACZQ 7f+8YcecMvwnOgwxjRMUUUm9Sp4cyKpIZWWMDrrCtzg
-Bqhd2kpuTg3Xchme5wHfg4zkuikeM4H9GdOZVUv+HZk
--> ssh-ed25519 51bcvA DUk4CsGXhdj4uIqzYpoGmtHs5dnjIBUb0c9zj1DEum4
-hGe3j5Ycn/WVV5wgg+vZuh2KhnamHACkHrDWcVgkSjo
--> ssh-ed25519 vT7ExA Zf67OkbMvOpgABZDuXw3U94KqX32VG8nnjo3Xmkbih0
-5K5fnBxkQDaYwuMPhyNU5ZrZLjkgknG7dzMzyuANMuU
---- Jon4j4/xeZqS/6KsWszsVOoVOgJgsPEKxmtC7PcocCA
-Úì†³—µ’~Š…
-¢íNŒ+jKþß¬Ÿ/á]Ó !ä‚¶Œ¢.7\«–„k~<÷ñfÃCÖT.ªOŸêÅ¥*aÁ•Û
\ No newline at end of file
+-> ssh-ed25519 qM6TYg SrZQBYLsUcrDu6ds1fJAyjM+mHPpAW04U6yRqA/TjH8
+LZUTPquz+YNmlRWrXwY2fvXsVwOEM/uhzWcaf7WsY5o
+-> ssh-ed25519 91VHug sVXnaD5sruvFKnPwldWzlH8KUIeZ/toWqYe/F2tfBX0
+CapfF55c1MvBDcDywNpnS4blYwD0HrPyrcncMRbl5lo
+-> ssh-ed25519 XzACZQ WqU7ebK4SnCyxP4zxIdmMDAaH7mk2HpgvUwbFWhoNWs
+wm0ZtnIQCKZW+WJIDtAIdOQkvp5LLyvTQ2vNFC7C26U
+-> ssh-ed25519 51bcvA xtMa2mIZ7GHOFJEcpZjr13vOovJsyo9fMWAnm66pxEg
+DqNSop7GSDMvsDzu9NK5ubf2xWMLX1fFLSiZUA42RUU
+-> ssh-ed25519 vT7ExA 24tU87648MvZgbvt9PNWBUQsQBDyeBd2QV0jiKGMwWs
+mSuA/G6ZjRYhG3TMGt8SQ8aqK8s9s81YBslBwQLr4Fg
+--- sr5nQObjSdkQ+eILGm+p/nnD1XxrcCXwVY70INFlZMU
+ÚÊ›.ê)¶½uT}nw?”ñ‡]4^žjk„ž…*y"©#Oû÷N*6}ÿÏyIÙ†.7ÄT˜¥ïSéº- ©R©
\ No newline at end of file
diff --git a/nix/secrets/grafana_admin_password.age b/nix/secrets/grafana_admin_password.age
index 59a4c17..f208dab 100644
--- a/nix/secrets/grafana_admin_password.age
+++ b/nix/secrets/grafana_admin_password.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ OeTS5wU4ac+Qh7s1PXbdFH3LDlRW1LV+qFtoVGI47XQ
-JsixYPLzpnF45ODQH7nuVowXzwbNQi8lWx1Bp2YFVWc
---- MEG4bfGwoFRm9HizYdqtK7KApYhYH+QjAIEp7CpLznA
-CŒ¢µÍ/wC
-F‘zÙ?ŸMÀõókÙr‰ Žx£N¸©'NTzùà¼WŽÈb¹åº{›ÞóÕéAj3X6m¹Ý²²J@í¼OI—{ußý”Ï?¹ A,CÃdûý^
\ No newline at end of file
+-> ssh-ed25519 XzACZQ 8I9FjYxsWRwFE9W5eUEA3CdAG1etcJsYrT/QIFTkf18
+bmwA4zP6sG54vh1l8tAW7i7g5L6y7bB6jj43YaGIC9U
+--- c3xQGTTlsALUeTz+FbECQMUPmp4/PHTaosgDRzOIrk0
+9Â‡,˜ö$ÃJE%Ù³2×`¬ÄŸœøK:a¼þ]ßÞ,ÌTM>µŠ°Ò›xŽô-yn€¡§ö|®Ý/‚ŸŠ+òµêO²¢×Z‚¨QûWÅqh^÷]Ž^Ì€½$?
\ No newline at end of file
diff --git a/nix/secrets/hugochat_db_password.age b/nix/secrets/hugochat_db_password.age
index f5e1cd01dd7d5b4e0af280999ded36584c31a78d..110f6719572dff4a80591201bbdc34af2743b614 100644
GIT binary patch
delta 304
zcmcc2beU;_PJNiWnR8)IfN@H&Q>tsRV^OI=SxI1`QFxYTMr4_VQ%;Ien4hVWZ$L^#
zIagIdL~dznZnAHBc2cEhPN`3(XOd}<c9K_QT3KXxzQ1KjWtB-`v5!G;HkYohu0nX8
zUzE2+a70<Cr+>PoNnmJxR(h#HX}FJLRg`yCQ9y-DMZH;$lSQaWnF*KKdQB}B(Iki1
zDQxMlOddY6P~Ui??EE7&hoYQ9o6me=YPXNi%zdJzsbYOW{dd)x%O>2Ox~IBd@ODN`
z`(b?j)r+W0|E-0tc?r(zt&Mvu{_b_qr0}q^%8sdL0~WCV)jBbyEnvZISIKZ8H}8Lf
z+D+Gdxr}9hoYvONexkwRCK~7bRa#znvi}dEoBSshET5PuAN*+=%N*+^8f_Ps`0wnx
HzQzgw<Vt$X

delta 304
zcmcc2beU;_PJM1fky&1$Wonv7d6mDTWnP%Jfq8JDpK(Z(Z<cpfZgHSvqN97VNm9Ot
zFIQEvTVR1}nnzl?qr1Pqc3!!!kw;ZPT4}0&si#*#P;p^IibZ&mnWKr3BbTnOu0pV>
zU$&`#m{*p$i%Y&ws9Tj!uA5`Ahe2tiiDzVXwyRfSWqoQ+aA;L#WigjRm9fh_LH&8k
zyoK`(EDOU{KisxLisf7^gOcBr6DJStHa{8cw_)dnbv#prSGmoT(LSm;<H4*)tjl}-
zntyz4nWHIc9slc*=Fx8XSlbw$93{VSzd1{;zPic#qwb&e>zBMKHkLeT?+oiNHpW~F
z7g=E5Ci3<t`;^6+%RlI6ed_sU)XrO`beqlmlk!A;cjo^_u~$ERoHzR+gWK9KHJLI;
I`sOVI0A?+F#Q*>R

diff --git a/nix/secrets/killua_env.age b/nix/secrets/killua_env.age
index 3ac6770437142fd8e75f73869d3ceaf93e8d66ec..e0ebd1e3e654160fa26ba220908da8296fad9b1f 100644
GIT binary patch
delta 257
zcmZ3=w3KOrPQ9r|kawAnv0-UqfuVM=PhOdUX`y>gm{Fc%p@n}+X|}PuUqF7KV`yb~
zK37m=Ub<O%wvl#3Vos#1zLB4~p^te=XhC9Dsb6KXcd=PsVq~z7Wl&U!0hg|>u7Xi;
zrHhYQu3=PVxVcYau7$a&evnhRadCKnp}D?=b83Epc~!ELNosk8em<A#xyP3UDlWPl
zVA)>Rwv_APoBvyS@2GORF5<n{zEj-q{S0OE4;|N^^sI6<68+?G>-Kgf(bdnRcX-W;
z&^nfA@VDSwkcOMHxxdecSGSg&Utqib#_#I<ixb(I7feX}9&Os}ydt)5?Y7guKUhWC
LZJAm0T`U&>Qa@<;

delta 257
zcmZ3=w3KOrPQ9hSXJU9no}<2-bAgeeqp5$fS5;AneyX9Rk*Sw)Rd#+@rHfCxYea^T
z30F?4c0^i1xN&NrziU=;rE#EnaB*U?eqL6op_hT7afC^wS$>Y0vw37hAeXMLu0m;!
zdsU9VV}(<8iA!!oSh#6ffLElExoM=EwnsrxsD5dtL6yI2qQ767qa#<#ZsB_sE0*rN
z(7%E$aOUIn(*mm}{1IT;@#n4c3aQ@cFkz**J7J%nMrGY$II!7M%d|g#`k91v5vnaS
zvi<XVs`ovWGJ2D9yiZN4;Tq4M36tY9ZrgXPQQd#;xY69dx%*9%o2N(p_T5-@Bjw3y
Lu_u3LUvLHh(Bf#t

diff --git a/nix/secrets/knot_dns_rfc2136_key_config.age b/nix/secrets/knot_dns_rfc2136_key_config.age
new file mode 100644
index 0000000..06a17c0
--- /dev/null
+++ b/nix/secrets/knot_dns_rfc2136_key_config.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 LZU5Eg rwUOiYywkv8pql/vl0b4K10Ic2oTijgDY3j2Y4e5elY
+8HAY4fQqjST5LqwZQIw83Z3cLZqnziq/czDpkJ/ncaM
+-> ssh-ed25519 5bWSnQ E6u+2wa3+f3iRxFCSa8evey5D703lNTGrsMT5hJhSGo
+RRuKjTOOunRLD2re/Vy87maIkNLiFa0p0AugeYbGpEk
+--- +5iOAG1dYXmUdxXY0dN8bhFpylZhVn90M0/OSbNTSL0
+(¿‚"`4*€¦7gY¼šØ¤±ÞNš9§TˆpžÆZµ•Ë,¡ç<²ÞzæeŠtÇ³ëª²œÄÐÂó;ãÓA‰õB¬’.[õ¤ú*N¶	
+Œš¼éZö`jM¼Íÿò+=ÕÝBq=³ ÅEŽ¥Q{þ™Ûƒ’S~
+ßÊF	©a€¨­IhD:¯pA{
+îµ
\ No newline at end of file
diff --git a/nix/secrets/knot_dns_rfc2136_key_envvar.age b/nix/secrets/knot_dns_rfc2136_key_envvar.age
new file mode 100644
index 0000000000000000000000000000000000000000..f52b6246f090ba0c842649957f2ecdfdbef0aee8
GIT binary patch
literal 697
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^fe2KOjq!(2z3iK
z3ygBk%XTr$D+n^R%*xU(Hme9IHTFwR^DQeY_K$RR@yalaFyP8H%8c~T_b?0ga0&6z
z53;cIbaFEYH1jNQ_BP4%$+nCr4Gs=0Do+o}u|T)Y(lE@UG+m(}G|=7LFw@v1FeoU)
zr@SP!#H-3BDLK%@%{a`$HOI0%DKjY}!!#nvIgqQs)G?(n%*!_{$I&RzJXycMH@~vb
z)h)TWEYmC4+1Db~yVBSxB`-hG$rIhSh$=_ts6Ykn{N#{G!_s08Q$Ot-lSD^j_cWt4
zzx3opw_+bN?Uc%7r*adEV4r+b0|TyPeb3^eNaqsEPz(2@qM$PUJWJP9?Wmmc5X&l$
zDlcdEvXCkRbC*=V$aHkuObwHg%N!MQBLa<rw4=-lolPSHLbJ^xJaUX9LNl@o6Qgo+
z473Y^gCdjiEwa*cjV-tegCa64gY}CYz052_!yI$Ub0hMDqKsU!@;pKd%>2Uxw9UP|
z3Q|1-Qw-2;D+@7qt#DL`NXyf%^0jaccS%nzNiD9ZbV<xfiZTl?4RtejG|O~$@~SW@
zuS(AHFiPf1Gd3zr(>FB@%FN0vOb^O-&5O*n2rv$<H1!H{G|nva3dqPU^{n)cDs|=3
z)zwwVFE>glNGwnF^{L1<bnz)HF*3}|EJ^Y7sx);hDEBc-@k{p2^v?};O7`V4Fk_QW
z=$pl=G3~rzUT4MErazB57&y<%{k<{4XX37f92q9_|L!~~(>ZCWN=x6*rws+>?rDL=
c$9xmym&CvP`|{~Ex3cuWFCHO^LX-PL00GPCLI3~&

literal 0
HcmV?d00001

diff --git a/nix/secrets/loki_env.age b/nix/secrets/loki_env.age
index f55d3a3cf011d5697d3d0f3d9d39d33bc7803a66..2f5e05d5f475539e830ad34eadcf7a168bfea261 100644
GIT binary patch
delta 291
zcmX@cbc|_&PQ9hSW1)VzZ;GXUXq17rM_`3VmQitDWmJ@9ghfDFU{OR_inDoSL4ie;
zE0>2;S%rsVWn`GUepE!Zho_;rZ&E;Uuy?v~sil#xV|ij&W{!4_g;#oMD3`9Tu7XRZ
zVRlJgM4EwRl(&I*kbi1OaaB>Id19nzSxH_%afzRYU%j`XVX~z~aUd7-<)yJ{g3W%n
zC-`n&HG9wYN2ZU8wJdhLcdxE-X4hxnkYhVlap_oB(~?@H<FoH8Dcfoo&i~@{?%-Un
zg%ylO+KtBBb}ycKV2&DZiVSb}?5)*lpXKMy5MTCL$ly+F?Me5-xrKAQSD2bC(^qN#
usFRUfer)TPTP{asnpS6AWPF=>HUAyo!5e#%l0H@3-F{6!vMsgwbTj}q3wDnH

delta 291
zcmX@cbc|_&PJM7hc(HSEK)80MYhY$#ez-}FPi~;IV@bJ*d4W-KvbT|&XOVwuK&YE*
zK39r%QgBgvxM68(c}j-1zK_3)wpo?8Nm+ifg{8l7RDf?pps`tYj#*J!IhU@ku0lwv
zQG}suX_RYueri!lnv+jOKuL0GRk*u<m77_Lvtd%ETfJjyQbB}ib|lxV2?m{8411UA
z{JoO>>ARqmoAkjo`YTT!I2Sl~ul&vY(@9Z_s}zdd*9fc<*IHdy>*Hn=@TE#o$^62$
z54uZQ&EqP6?wmc-K1rg={FdG?))ju$&jjXKO;FU_r7H34MdZ4NhO_T$w*|yAKig&_
uUA~j|t<nE^61}N1Cs(aevib37m)Gp2DoTqd&0(E%Zk};xzxmB%^JV}e7<Iw`

diff --git a/nix/secrets/minio_env_file.age b/nix/secrets/minio_env_file.age
index e1d3f36..336a71a 100644
--- a/nix/secrets/minio_env_file.age
+++ b/nix/secrets/minio_env_file.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg k3jtd2qoiQCsKZYJliH9ySFuO7CVQQ5Sv2ikFYcaD2c
-TSIg6y4C2WaLQJUyNT3HQOj09VmKSkQxlsVlaDc+1tY
--> ssh-ed25519 XzACZQ NZhP9TD5nYxBMgO1O3vDOITeh7qxq4vhjG7AppQmRlM
-I1JiT8ISWLVUgoCphHSbhYvfssfP55NuBI2jclG3DVQ
---- 6UR3wbSTB/f0s8hP/YHaY9HFDpnLAts0yksKCv7p9BA
-¤­iÓÆg50ß2LQÑî°káL†
-»vÃ›B×$5ÑËµm²¾#„{_8Õê‹ÏÞj&+Ñ;Zûç-'ÂƒÐWHSòÑ‹aÄæ·f?óÎ56[t8¿¥&Zë¸_/î3BÀ”Ó_4½n
\ No newline at end of file
+-> ssh-ed25519 qM6TYg t4OIcjhlaEBxFFK/VibGcE0D5zb4LrMv0zS1vxMKxHA
+/OIYeC0s9Jd5R6MaLQPHlgscrSkNwpdK1doADIZwmHE
+-> ssh-ed25519 XzACZQ 7ieKRLiY3EzGlRcAzxnhzDQkUMmpNutUViBeMrSkWkM
+qxeyBVm6aHDH7oQXDShuEqUGY9W8bp2vHfWvJEssfLg
+--- RuCRpuvvN5pIBe4zMaF0X0J5oW2z9ytkSfwKdkQlqo4
+t9Í†“¤¾™¿áî/¡ý‹”/d3Žåù½ÚñfùÁ£Y.hÝdg"°Á,<ÉZc„1ú“EÑ¼š•(ÈÖ}ô›ÃâÏ¥ÄEÖ ®}tMÒü`H¸]w¸ÑWÁ?ú~(T]~'
\ No newline at end of file
diff --git a/nix/secrets/openolat_db_password.age b/nix/secrets/openolat_db_password.age
index 4073e15563f547ce8ad0b7b2c7bb145fa195cf97..ba64245db2aa10f7484d35a63a46ae52373808f7 100644
GIT binary patch
delta 286
zcmX@ebdYI+PQ8y&QchHXnTxksn!dY#d4#r4m{)+GX=qxcsb`W?SZ0R4k#=5GkwsB(
zIahH(S)^rhvcJD^PI9q}ae9%dYi5Oaes-Ccwy|$^ZeD<8uwQsdWm2}A374*}u0p9-
zc#dC@zDKs1Pga>*T9~$xwxMHHQc9|Eu3KbTg?6f6WW9%HqDe$ink$z=SSE-6u0X}L
z`xOcttDp7XdSb9U$1?Vq`~N4et6xX&zW-8Z+RlV8%2o?%W^L%+ef?kHrq7<n3dynB
z2VTiF2-*dmW_Xx%{YI~*&ZY@naSzQIOcXYnNvcR_o$EXIZr_5)`jDOPODb(<EA<%s
pPkO9;AV=2j_{|C83oZ)1Ei5cww3AomMP=voK$E{GE^j%<002FEc258R

delta 286
zcmX@ebdYI+PJMP{Wk9fjlUtsDkV%wLfp1j4en3%3M!sROWw3{~ueW<-zDcNSRCr=|
zIahd*uVH3rutj;HS7lC$Nl{vGQC6j4l}CwVwsxvPhL^9Yai)ofg<(cYB$uwPu0n2T
zK(c#SRiS5Kq;FVyva7eHnSo<+gtkGRuc>Q}iC=+HVZB#rh@qixRz8<|wt`f}{o~=w
zyJr0ldc~l(>(ioD?q4R>`FB3uSQmP?Z?T%~L$Ob443D0#30|^y?K-z`wt$J1cW0an
zy2kic$47Ls+Y2E{nJHQaZ94pn7g&jYEb=<@_-HBTwWi=EmYVQWm$oTfkUplaWG8#p
p;f})Qvq%0{E;fH6{^VG_%DtnG$JPk*WR~45(zxCbYph!S6#(kyba4Ox

diff --git a/nix/secrets/pyroscope_s3_secret.age b/nix/secrets/pyroscope_s3_secret.age
index a2c7dd5a58639b5b736a1e0756ffd89c76cb7e5c..65db4ad53003cf3dd5cd39d3b8a8c6b9886d9b77 100644
GIT binary patch
delta 301
zcmcb>bb)DtPJLKvSXfYYx_f4jo4$FFi@%$TVPc7!V~V$lWpH9hvVNAQr>CP&T5hpH
zI#)qrL9wNur=wf0c4$a`ZfapkxvQUrQ$}%$TX4QlnRa++p-EYYSA}~>HkYohu7YD|
zx>KO9fnQZghJk5BdTxogeonEGg-@_WNOrDgRis~TM17iXZk}IdK_r*S$E^xBK@!(n
zO5b$F%G{5im}-1<@kZmNA<aqm-#jwQ=bu_xqVV>@-QwtH5|^Ju_1#$`DE%<rt%_H_
z^XDc1y1l-?|2=*6uHAJ(OiIKAuClIIha-AUBt1IKoMYv?NqFYoO+6daLmwnw*!t&W
z#I&S2I?vL2Z%JNMV_LKEd&ZfTwzVSiT5|j5vMM;77MNqqaH4hd_cXi8e<^d;#otJL
F2>|@AfouQ(

delta 301
zcmcb>bb)DtPJK$cV|bNodXP(cqQ1LPK#6&&X>xIeQBtslXL_Y+R+W*vSBQ47S%{l)
zAXk<}m6NuYYgvkyenEs`YG#Udeo?MPSYc4Oqot!|rGI*eNoZb3lu?#JHkYohu7Y`X
zcA2F`ZdIX6N}g#!S-NFphCy;cv3E|owx2<Iex!3%Nqw5LcX>o=a3I$)ofj+L&2fuw
z{-djYulPdBMjr{rON(b@Z`$<hM8-DD&&o5GymeTkx1+CKq+=TI?00()3m=r;SCe?P
z@caXvqtO%IhFzCfa`simeD#l-t`V$1;sirEXZV`MuWjAoR;e*vVC@Af4?fPkh|?c<
z@4sd15vX;1_j$<#we~O72EAtYxEY*JZ0vu;Vw0AxlbW-j>^tB5zW$C&Z~ouc=3C{w
F0sv|%ej@+?

diff --git a/nix/secrets/registry_htpasswd.age b/nix/secrets/registry_htpasswd.age
index de9e94aba7921b8ebbeff0e436749aec108abe2a..fedeb0326af831b574a80b52b7bd75bdffb0f530 100644
GIT binary patch
delta 242
zcmbQnG>vJ3PJMBDVvv7IsIya0XjWo&W`2&5esHRfmw%aekw<oMSYly*czIb+RcS_!
zE0<A3a#Xfcu(?S}Re*DfQJST*sZ*klQ$U7Cv5Sjaa9NgFQb~nZQeH@q0hg|>u0pa?
zWR`z<cAlB3dAff{pryHQv43t+nOlj4zP7JNNK$ZcV0LkMg-K9qa46Ri;S-rDO9jjN
zqu;-BnD&h?o%!u<6-~Z7PK;H|dmmK_M_CuG`ojHwUBz74rIL-$F0e$h?yzk=dFo?g
uO0nMuhFLjt-dyvK>+R-Ppfc^g()tbGS(}8mbUN%k=9RXs?(4_8`LX~GWM8=e

delta 242
zcmbQnG>vJ3PJLo-nV(m-k-LGHmq)t0f4O70b4jG9S9)bmp_5~zOK?Ppw_l`pd6G$P
zK3AesM3H%xpMic@s7pwNvwK;dc79Tov6pA4K~lbVa;}L}Qn{OBW=gJMK9{bpu7Z<U
zu|-~Dma$i6U`m#gOG<fFq;^1IxPf6{lv}#DZ-IBPe|A`ehf7+LM>*G~ke!BKjs$+#
z#9YXJ?(d~3J@%U6laEg5oZImK#;qAM*reJ`UahIRm@J^=%yC}(XphI`+(6B5eA`*r
vPG9L>sNBPE=<)de-$QxHtJlOGOT6>jeb?-bdNa4GAL0^HS&)>xMe+;)3khIH

diff --git a/nix/secrets/registry_s3_key_secret.age b/nix/secrets/registry_s3_key_secret.age
index fbd34507c893059b97c403ab184623ca2b21475c..8232f02e33ef2f5d6c3d998d8b8674d106da4eed 100644
GIT binary patch
delta 329
zcmaFE^oD7IPQ7oEd1!V?qOo^&R-|i1xRZs8c1dY?rm1UiR-vO;WVw-vnX6M#a&AFh
zK9_%~S6-@FRCcyUS$33@bAYRUexPMoNP%OzvzLiqrgvUou3<@@r%zx&F_*5cu0ob+
zq<&<jMPz_sKzeRSo^yVpuW@3fv8!9IX=H`Dey~w~M!j3IhmUq}WF%MDC+oh>3U4+?
z*QlidUp@%?ESNmMf=%J*rK{`z`Mpv4Rp@Yc)tf!1g)3P2!jf87Z<|}f!E4g5H?=l5
zDb)GPT<sU82c0|O6q))$kFJ{9owrAC&C+S6)17-fSapk^dYjhH*4TG3_3=JE?o5r?
z&|vrM>i9i>EhalPMlQU|{9?tMlO0!*ZiQWzXnW;8Jvd@-*4%(YiM+P)Gb>)Moo;gA
i`OXtT`{$oN<hhYu;l1VUYZvv+S3KE%b+hz8m)ihXJB#oD

delta 329
zcmaFE^oD7IPJL=cj+tqyPhLb~U~0ahnQ=yxWxhpKxnaJAhj+P`OQ>6#scV6AMQMh+
zBbR4-PLRJrRbYyfsj+2-NpPi)MNW=cwtkwwp}BjAVMR)Ql6gs`OQ5TfCzr0Su0lk%
zqqk2^vUaw)v1M7IacF2!iI;D=e`J+YURY$IM_6UPNqs<Ks&|NIkqOs+xkIi$C+uyM
zF-ZO|@%Fgji}wsa`7JYQtj=FQbL=z&YlCL_(VcPI*1MNnJ-zbd;o|#&EBAAK6u271
z!BfYg)1p>h-NB>bbpB<I+39A(tC7ntFjWMs`u29&_Qsa_C%5;!o!YWT#p7lkM?<sJ
z64MK3LVoz|ahkB(sq~TF_TxRR!J95w&GX;S_tj+EeH)HAmB$kc^E*!*@|BpxBb4U<
iYh_Xu>&q&&{|@^zDr*+T^*wwRU;EaO(O&F`m<a$K4~#kh

diff --git a/nix/secrets/restic_backup.age b/nix/secrets/restic_backup.age
index 0465e54a5aaca8786602cbda8be77ffe60132300..dc88b9b2ed0958fea3f2fe5d6934ed7c105518d1 100644
GIT binary patch
delta 695
zcmbQhHi2z|PQ6EdN~mvQMxl0EVp_RRL{(^_vwozJt5H%(QmV7Dk-l@eQ-F_orD;Y^
zI+vMwkV!~NRG?pCa)FnRhjXH~drEO-a(TFWYIbI_b3jJ2zhhu(k$GrpHkYoQLUD11
zZfc5=si~o*f~8@YM`^l3TAG(hd3lwKiMwHWQm}bMrCXq{Nm*cdR%Mw<PL8`re!68)
zg{P^uS5$;6S7nk%R+hGrOJQP)n~|YkmWM~7lbK0Xsdid;adMKMTdKZkRav@=r(1x<
z#E;_PndU*xo}u39x&G!(B`%f4X;G%-#ZEp+5#^;u6$Xh$h5mWDxt5M8P9Ei4+F?O%
z5!%L;X(r(wzWIsiiGlvEImS^2;Ra#heg<WR0fnJOrFm(AMNz(!;~B-nE6X#(96f?V
zB1=7TOMT7L404KsJY0e-ES-!EoB}fSOAS(sef@Isy#kZD49b&=GmJcq3aT;^GYWFe
z%#2)(OLNN2&GaKH%Su8boJxWXa!b+;^$UC_pJf!UH_!C8C<%6RuQGNmD-J9-Neaz&
z@eK?POz|$xsBjAm3G#8vH!IH#D=_xuN-54StV)eY^sop|v(yhOk4iDIFfPk9OG?U4
zEB8)L4Diay@yK^^^K*6O($&>f@Cwon&n^mf4y<%ZcS;O5Ff<F-&&taWF%L~i^$Cr1
ztSTw3*RF~(@ya$0<w{m7Og6stO`0ov^0!?Hb6T2q^dHX2*R}5b7SAYIJwr5E?yu#-
z?3qjDj%cwZFn&o`s1zC-{XqQKexHB-9x842lR_l!@7U4&>W9k4>>20f{4N$fQJQv&
zdvRSvkW=ln*QUvZ-Xf7__-t7x<$wJ<^S_4@`y;keF1>{pi#aDInu{Mjlj^v$O8MUB
j-e!Sqp0`$Rx%48f?uc)l<DAHOMo$)9e(a>Uc(OeJKdAhf

delta 695
zcmbQhHi2z|PJNkod8t!|Yo51<S(I;3fmeD|MRJv~Pf}iDWr>qzYFVyjk$<q8wvTpD
zB$sEleu|m1b7Xo_c0i?{hgVgBd2W!lOOUpaUy_@zQ%Gh>cDR{kVuqKy1(&X!LUD11
zZfc5=si~o*f~8@YM`^l(nVY$ji=}^hM1Z%CVRBihvs*-dm4$0SQI&C4Sz1xJWw2j?
zN0nb*keg#MS7NH6uaRF~l%G+qiI2XgtFuvYX;P+}UrthvahRb=k-JBvc7Bqhp|g+Y
z#E;_P0U55Dl~I`~ex?QC{^6-^0fqU_=|!G7+G%cvo*pIT$$74ce)(ZlhPl~XX3l;d
z2ALr~QU1x{`9?vJepOXT`K4Y-uG(fM2C4p~-dV~1-sJ^`MyA=5;~B-n4e~RzOI*T(
z4FmIx%uC$;-ThKhEmNFaoSc$ELL<EM(*1)Y3?q|VG9uEsOe%97{e1!~ouV>}0#efb
z!i#-<^eggRl2VPr$`kd|N=%b;OOgtL3^ENSpJf!UH#Ug$GY&UQO%3rdFbFJ&D2*zx
zv@pyxH}ERY^LBO*at}@MFYqca4s|o(N;5Dt_lqoYDl9Ea&nn1CEle{h@y^ciGD`C>
z3er!k^sg!lNOU#JadHgg($&>fNODa#HY|$>_KwIk@XF8dbBqe{)K82s3Q0E34ogod
zj|g|G&o<O|HcT`3<r0s6ENwsk3fGfo9yNN~R;2MvJkn$4=&fMBByPt>_ZiAZEn<JX
z{D1Ltj{V#I&XbmvDFxbZ?B{c8Jx>x+)&2HXtRvXz9naBt=ii%{r`5iX-m@WZvx!cT
zuzyN{lwI29=++rMq6R+?l$VytFkHE{`uHinn3q0zzIvOV?38T1>dyVmQdzFg;PK5V
jU!G6?^1=76R`|1rol9@VcRHjsux*G5<oUDf_gN<Z1qJ;P

diff --git a/nix/secrets/s3_mc_admin_client.age b/nix/secrets/s3_mc_admin_client.age
index 3e366bf2886f78e3c7c8a8e05062f3b7c7c8a9f2..dcd87036fdbf986fa24a926d41f7a58c697bbfe8 100644
GIT binary patch
delta 824
zcmbQhK7oCLPQ7tRa+qt1kztaFQ+bJgex8q6K#8BZkEL6&Uzl5=kDF6QVwh98zF~TH
zHdnYwadAO}v3Fj2fU#qVcanu+xq)kuS9Z3!iBo7vpjVlDl&`*PURknlB$uw8LUD11
zZfc5=si~o*f~8@YM`^l3fq$}5aH&PQhh?RAhIf{>yPH8tph;OtQmAv5OPZNcjz_6~
zQc_W=qhVDtS6N1IkcD%Ef4F0^SxTr=R-}u6aB6OjrE`^`NpN7kerjk{Qm#*as8PP>
z#E;_P0Twx-nI)0Qu6`92r3Sg~+6HAQL1h8PX2~8#DbC?0=}x(o;St^$+3Cq#Nd{iI
z8J;EOp@n(LMS<bkN##j7Y59@vhT0){X&&BHfk8z%0ab-bg^7`q;~B-nivlZ?a*Hy9
zw6$HM42$!Nef+$0E32FWeUm+0w3AAmgOZI3LoKpg0z)mhe6{_O@_fy*3d0<;!=eJ*
zT>Xli3|tIK3e(*3(t;}8Gx9wvB1#Rk-Hco(pJf!UugG)_)K5$H@eeRB$qjK$4NvsX
z_DKqL4|Q`h4L0$yFfh$?&B-Z9b8-pf3i1gLOfvV&N;OL|&#^QOE-H^qjmS%O4=-@^
zHS+Q|%{5J{ayO1D$xJQh($&>fFfXh$Esm_PaJ5YF%gxBtF9`K>PuI^$w={{2$}1}K
zE=hB*uP96`OZ4-~=khew)%VhPs=4W&(ldeE)2_H>GQ?aGoUr5VvtvHTb{PIxpgaG#
z+tdQP@YBbGyXNbr`S46i{49DbOPcLh<AK|A>XdCXMC-Yx>u%@KZ!r^`;BTeQxi7+A
z^@^iN0pHhi=Z;=--RGY7nDg&~uLmq=evL2Ma>Y2$<ZS)9OFkCCyj8i)-<Y-;G#^a(
zeB$*R=f@vTA5mML<=?pF&6cHqbe+;J)(ah0krQ~@SQwCG>67|ABX^2T-LW5`Wr6-H
z^dc5WUzsrNV1wxm0lv&Lx^LEs=#{MSO1Hl+#%w1NdUew0r;5uS?K!nT@$2bS*6H&K
zHGgdVJ-J4C_S)nBne?OO`L8&a>{<8rxP^b(Yw3^^sRCOaS?lk<aMn6K?Yq(A<L7_#
Q2;bM;;g)t=zIs<T0F`q;j{pDw

delta 824
zcmbQhK7oCLPJL)VSzu*Bc12Nzn@LG<MXq+Csf$rnYIuH?pL>L}c}hS<j&XLSK~Y9{
zK3AYwXn0VXt9x2nU|3OAfV+RWSxHh(nyZ&*uD-vvS&nB`xlfrzVx~cAK9{bYLUD11
zZfc5=si~o*f~8@YM`^l3Xs}^~hpTsPN?2r$uXAdJr<-X?W>B85hh?F^w{~i2Re3;~
zMNomiw|+%AS7mChn~70oP(XlwdRDeiWw>c_X_m2jy0>|mZ*fGFvwviIx_(A#WomNy
z#E;_PW@gFGennwE9;F6(<rdnmNd@6%VP;7d<^GicIqt6B+U90yq1h$|9!|wvX`z-z
z`6c>>$^QO<`9=OFPN`-k9xf3D$;nar`i3D%UKw5i?#ZQjC0@ys;~B-n9ld=DJW8BH
zL(K~_os3+4vJ)+G!xAl$lk&ntQnOQvjV(ew%~OMtEy@GAJRPHqN<xyVqH-*&g4{f^
zQ$jMFQp(dz(oKD|T_ZfogQCoe1N=igiYl@vpJf!Uk1z}l2`#X2)6e#?D9*_#H1cyb
z2ug7;%rGgd$TJNvOLh)O2`?%t%rOe(GBJ+w%q|Iu(hjL|);0(VFsdw!bhGp;aLsb@
zD-5)#EXwiDaW^c8(vC{!($&>fa4E`<tO_+NiSYFI4l1;W@;5bi^K&bxD5=UX2{3V~
zs;YFWH_*;WEi$f3=jz_PG|uS4m#<7MZA)|fW`=f~s(G?Z^lP7~Hrc`~E?;5N)P)5#
z;r0(Xelg5!XjtCGH~rzqvkA+}w{;a(lqVh8_dNL)>!r&AOb6|^X&>~G>ym8f;pS4v
zSo~(CP|vriVV`cB1sOJ1J#SdI`^XCo;l*5^CPhA|npJNwyF<p^D*3w8gME89yiX8V
zyV<LtkniIQXR9&=&P|LFuh$gBiO!M|n;g7jVuugQ%69dA7E2ZD)TG2NGC8V--Z$W@
z-f*g-XzR;u7yJU(f7IS`aq|O-4-9h`W=O6+lG7;L-E;Ilcfu{d2d47V5Av?R;=s0n
z$55`M_0Wol?k8LR==1C~U;gg+lZ!s*rbK^^zxSYLTQGn9lCXK1Ja4_uf8uMt>dILC
QGgg&j4|ny?ch64&0ITUf>;M1&

diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
index 8e25b6b..8209c40 100644
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@@ -28,6 +28,8 @@ in
   "pyroscope_s3_secret.age".publicKeys = [ vps3 ];
   "restic_backup.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
   "generic_backup_password.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "knot_dns_rfc2136_key_config.age".publicKeys = [ dns1 dns2 ];
+  "knot_dns_rfc2136_key_envvar.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
   "wg_private_dns1.age".publicKeys = [ dns1 ];
   "wg_private_dns2.age".publicKeys = [ dns2 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
diff --git a/nix/secrets/upload_files_s3_secret.age b/nix/secrets/upload_files_s3_secret.age
index 3bca9a4fadce6f01116ece8b34b25b714483809e..f976afd080b40e53b35c5331497e2064eb32691b 100644
GIT binary patch
delta 440
zcmcb`e2aO4PJLuxp<B5}WMaN?l|flhd7fuVxnZSOc2u~5g|Szrfv0h<cUoYep?*+M
zI#-r=c4cT*VU)LPX`s8mua7}hfNy?IroL-_YIb^7nU|M)YPfe`L`15m0hg|>u7bB`
zWpR40XPLW?uYs3uVPRl!RhnyrlVO=xu3=QJOS*fYNxh|8x@%Q-RW_IY_L=u*2u^=^
zR<2ISGr46&*w&s!Uw7=W*A6~+jM<KZqg9dVbsf7+ANQ~4ceC2nqd2y#WA%*u?!><D
z^IbjH#|kWYl6fI7T%4MJtrPou;Nt4YzlGawr_VWk%Y%R6lx-Hb)_tygxc}%6t50)&
ze!Hm4;AL((%Xi+6deM11{)*ZOB+l_lDU<3<-5z19IQ>EJwoQV$6&51tdOOzLG2h<5
zi=if9TUSleN7)5E8)oXYT;f=K=KGu}C$Dz*<b1ht{oc6+Oow?LlfAPfHuCo0+#jD7
zzU#&@9Yv?!SG*TXpP$%zF66Vx6tDAL+W%#PPNsb{nZ2m#*NaK3-GrwYdN}m5_c*Sf
wV_BhEG4G<^qU`&}-bo(Zyl0&SbJfdA_rsTsx#mqt-gl#&?+#y1%BE@30Es@u@Bjb+

delta 440
zcmcb`e2aO4PJKjFm3D5jX{d8%X{2eswtiKiscS(<Rd9ZeZ=kQYNmY2UTWMu@L7{Vb
zF;{wGVUc-eSyg6%U!ZYFxPM-8UP-Ecp|7i3kYkvBSayVgQ(2gIjzNWcHkYohu7Y=3
zadAj#X}L#4R!L-1zF%Q+Vo{)viBDx^uxo^?mr0~wMtyc_c2I7PXF6AmjMck*dyU-r
z0S)rqB7EPrUe?LG<ZpR&KeJ){f^zM%+O9?$DpHnOemdej!7*BUe)|2{SK^ntO}i3U
zpKMe3;Kh+E>bKR`$Je!2T@u;jynpiosX4-z1Q}|d6@5AvcE~LB`;CylS0hCBsvq&Q
zTosZg?54)L_V=v%3HOY29Q`dXsws#3*}HtLrf_F`Ol4^D>lJcpGtAA-UAr8>bi-ZZ
zp<(VFy9*ZGJ|_JFK0j_no_fEac+N{n=Ia8n3m7i164{v>J;_{&=koSLnT+W{67x;U
z!xq`ex2B$bs;O~Cs#VrOc!fLj?}z8O{g?F#cH34aKHU;gTFY&!W+?qWH<a`2%g)8U
u^ZPcg=Szudan9X2(}6YgfS~_7%`Kl-bd~>!;n+Rz)(z8@+nwVU*Z}~?wY)$8

diff --git a/nix/secrets/wg_private_dns1.age b/nix/secrets/wg_private_dns1.age
index a54f3eb..6b10eba 100644
--- a/nix/secrets/wg_private_dns1.age
+++ b/nix/secrets/wg_private_dns1.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 LZU5Eg o+MPatbYPM3sZq0MCqvvxlvKMQwlbajHURPQ+0g0qm8
-UUurAYkPWXCaow746EV4dAQ+qTJnHIehcorUmanBc+o
---- BV+bxd0OIc3J4uT39al2odyn8ScDpq58SiwnW5pvRj4
-òçT7W í|õfJÞÜ%"cõôäqÁ{TãP~fv,;Ñ:å…¾êŒ-ÓÏšÛ4þ€a† æ-¯uÌ\Lƒ_-¼VHâøûš³½%
\ No newline at end of file
+-> ssh-ed25519 LZU5Eg 2I80UG4n18vxvqUJXwKeAPqelD83nX/n8XHi/XVq208
+mDoUzJu9KfUFyzJPoLPU+xhSbGesECEQZSSrc38HA54
+--- J9+vPA8z+/8jcO/V9iVZ3tWJF4TUe+nD6fmjH6f5dmc
+ŠsÄt´÷	v¶@<(xÃÞ÷Eh»µ]8eÔý-$K00”T!Å“ÀŽŸÄ<¬"5SCÔ#ÆFÐÃZ³¼¾é©wabèû
\ No newline at end of file
diff --git a/nix/secrets/wg_private_dns2.age b/nix/secrets/wg_private_dns2.age
index 64b2ad274dd5725d4edd1ebf5374b6e0da2ed66e..d713bf5602062686b7c688dba8d683cfd794160e 100644
GIT binary patch
delta 220
zcmZo*YG9h6Qy*1TTojyFT%qq*8tCTg9b#G<;Nj`#Tw>yp6q;me8Q^Uk7330_=Uiyy
z%T-jIo|KqpQ0(N9<yxGY<QGv=RAA_p>XlOA<yxGZkz^X>Rcu<}Q4m<3&ZVoXtKb}&
zU+xnUnp>P@qHmg39O~$%pIzbTXPOpn6y{`PX&mL48tR%@=pI<<70I=7;m*P=KFd6>
zdq*bS5Im`Q@9)_b9s9;5ro#JGwQpTrZ#_lSz+rhx|3mQx|K|?xSr!M#-`;yDzUQ^E
XxLMfU%7Xd{!d0R1-`+OZ>be2|8;Mh0

delta 220
zcmZo*YG9h6Q=by*T&^8vSm>0b?d|4~?wXt%QdD3ZP?8v2SzK7=Z0?kAX=YK86KquO
z%jFVLkZF{xpW~F`8<AM#m0jc-W}Fjf5}9OX7FH6Glam-&l^$MHndO%6$)&5St6=D6
z9-3TH8j$7h6Q1nlR#oJdTa@mSS7NGPQI!=GkewQ?AL^YSnvt359Ld$|ZJ(LwSKd9J
z?Z4)&hR=_F74QFABJn5eNX838v0??K=iRmnvFhLW66V-XUw1;~!tRSLYu+u{pQyE_
X=v=pIeYIWDkGBC+7+f53b}Rw_mFiZz

diff --git a/nix/secrets/wg_private_vps1.age b/nix/secrets/wg_private_vps1.age
index 6354b7b..b1907ab 100644
--- a/nix/secrets/wg_private_vps1.age
+++ b/nix/secrets/wg_private_vps1.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg yrPEC7nKTt4PKp+tbxOQhhSHkd3Y5U112Tr1Vj8NUjc
-ke3GsnxeaGLvKNknBY8SQZj6zOh2c+CiCf3sZXyapn8
---- 0VBTTW//qOcMYVLZ2jFekgouWeZx4h5JPW1H8Sa4bIs
-Ûÿ	÷&4'_Xr#Xó^dr¾¯	TY%u!.v)eY‹ÕÞ•ÑGÞ¿(AP·¡cÜÍôwOœf"ÅÞõ¤yÍmàqÀ1ÇeƒUª‹
\ No newline at end of file
+-> ssh-ed25519 qM6TYg VKztNtIZQAJuwFI/DeAmW4RyaoGxMGpYmBPJRJYLzww
+0zo3XFJ/tE5O+AFMhhJUP1iCpIgC/d1qr8qpJ1viPj0
+--- Wq8DPbQIPnB46bI0allcQdlFZIOGK8Bp1sAywezGVe8
+“`¤Ì8vM d(hy, V+=ÔQ×ÏXðå¸#A‚q½¸—>	ÙZ˜6®ƒ[AQŠé[é­ëf&°Øz­¨eu*v>d½·ÓÂzÄ 
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps2.age b/nix/secrets/wg_private_vps2.age
index 4d30264..c83e0a1 100644
--- a/nix/secrets/wg_private_vps2.age
+++ b/nix/secrets/wg_private_vps2.age
@@ -1,8 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 91VHug cjq3el2rlJCWS3VwM5Dt22Ot/PoCdU5wJWTMosYQ6VE
-w/IyVNNAObRJxpV162CojPRE8yYbXJj1kaCBoPo3rNk
---- EDM/kgV9ewXhMvrQfHDtPLl7W46VCbZL5ciBO/B+Iu8
-cL>¡‡È&ð°Â²=°^³$Úüm TüãÃ4õ&
-Æ§ÀÀI–¢Ç)
-c
-¶LQiŠµá6ÓRÞÐòS•Üøÿ+T@ó0=ÉÉðö
\ No newline at end of file
+-> ssh-ed25519 91VHug YHHrtch+bKHxenRqMPSvqqby7odUGontauTfAfTAhlw
+VDY1jPyeClwpg7Tq604rU+Po+nue7cBRqhIEdc8iiAk
+--- mUabX/gruf9Erp4OeRmCEwd7KR2aTApviipXyCL1P+g
+“š¨	¡Œ‹É¤R˜-ÏGuÔÄû™:7€+"SÒ5ìÔSSÇ3\ÁRpMï?s0±Œˆ$æ’@þ°±ñ…øûÎÈô€Ò$§…) ýí
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps3.age b/nix/secrets/wg_private_vps3.age
index a63f54e..e98d0a5 100644
--- a/nix/secrets/wg_private_vps3.age
+++ b/nix/secrets/wg_private_vps3.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ lm64+fQEWa9hF98cV/x1U3Mz+6zuM23dAV3XkwE7iz4
-7Rgqd13DThp/JLryCe5xTdXwDujaTj4viR2CBTdXYLs
---- pwebssA2O2VjzPFRAQ0/65+qiiF/MijCIIXexwH5mgk
-\ ‹fóËæÅv×Ì¤ä[§ýÚŸÆIŒ´†[—5á÷*×·90²'ý4Âôî+áV;L›‹~jÌÂà¦‹úœ†;ÝÒSÁª2y·b
\ No newline at end of file
+-> ssh-ed25519 XzACZQ YPlkpgsyOotrVR/rKOrNqPSBcLYF2U+aZWtPzB8RsEs
+zJkNWK8QjKC/DfvjrU8Js1p1ajm1fnrdcNr5g4+rTS4
+--- 7xKrN9yAcMbmvdQwchhkaT8CZTGguUTDPZ2LKxSxppY
+¡éñq›C”µk˜P»eŠëè@}p¡2qÏU¨n!Â•WÁï¹íßáØ‚käöžZè¥Ÿ3Ò÷ÞžÐµù.ê€<ÊðãQrî&˜à…0¨Á
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps4.age b/nix/secrets/wg_private_vps4.age
index dcf6aaf..0bd98e8 100644
--- a/nix/secrets/wg_private_vps4.age
+++ b/nix/secrets/wg_private_vps4.age
@@ -1,7 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 51bcvA mVJPirZJQxHgpX6CkMckYTpJk6HYN7CZYlUPPF1mYDM
-XVZqovyalftEtV//FQM11Za+YAEMAuBTypcPQz1+G3E
---- 7QAtADWyWr8SY3jLLzKxPsedOLyasfLs4lK3nmhkOi0
-]J„éÄÑäXt‘E¬šŽæ)þ–ÿhSö¾º»ÈF·
-ïÈÓ×þ¤$’Ò2"ðTö‚¾aû`’†Ä®ùÒ{ŸŽ:=
-
\ No newline at end of file
+-> ssh-ed25519 51bcvA kyLCrT3jFu1BszuLMnyP0ej1kL5OvnAu/R6vR+PtYWU
+n70Krz1NA1BHhMrJQprm+LBBhY8AeQwI1PvHbF628OE
+--- VbdM9HH1CM+4f6z/5oSId9DW6Gi1+q3IuCE6qPKg1mM
+¥@T½YÔ(ÇèQ£LYÙGHGnk†¤	,®]&§ï%UfÇåMõ±W“´qx”õŸJkÚ_k¨ëh(yŒk|˜»*=ÒIk
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps5.age b/nix/secrets/wg_private_vps5.age
index cbd582e..e7eefdb 100644
--- a/nix/secrets/wg_private_vps5.age
+++ b/nix/secrets/wg_private_vps5.age
@@ -1,5 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 vT7ExA G9mqOZiAvq+ot4OUevoxvNPIkgWgS8KqMY76uGsxeGs
-AMEwoZoFc+axirDc5q+FM3e76IedkxblC3vVqUjmPL8
---- oXGSsFKfJRPvcU1X3zHN7M6vd0IxBpNowyh4sPesq3A
-¢¡i3¥Ÿûôc—ÿòØMÄTN0—‰}r"Ð—s˜Œ§ö~þOrP˜®ÃîFP`Q•˜¯<º%å:7ø3ç‚
\ No newline at end of file
+-> ssh-ed25519 vT7ExA 2giKg2lnsURC0VqDT8Ibfn9jvkIJUOwIZkRN0Px8OSo
+g3ZQzVSDVUl/BX3tAktgkFk5lVKgplZa+vtLYSd+RW8
+--- 9ZTtNf9EG2B6oDyWYST8QiNGQHdYgQ5PoHzEHwW2eY8
+ÝÐœ?ŸMâ-À€b÷>[Á;°^]·v|¤.
+IüòyˆlþM’¹s|ÂN5úUÑój
+ƒä:¬á€ìÊ¦ý¤›òET½
\ No newline at end of file
diff --git a/nix/secrets/widetom_bot_token.age b/nix/secrets/widetom_bot_token.age
index e414467..15060a6 100644
--- a/nix/secrets/widetom_bot_token.age
+++ b/nix/secrets/widetom_bot_token.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg oaTrhtYhEl2Za2fhNt0BgnjXPCkzo1Or9jsLLCnJhzA
-Wk99OfMEXXG+cV1LEvC9wf0GeVgT1Z2GA0AtLYCRKD4
---- 4U4dwN+tJ2LFpIjxEaoZ6HHV5QQU4kr0r0pDXKKcTgE
-NäÖ]ènÝ?óã€àð‚ý¹!ý|!ƒ³:Öú»ÐÁMlØ*ÈýÜ'÷×?E ØùôM@Ér_iÎvo:Niõlk¾8S(ÿ:øÖŠÇR/0^xiÛ[x‹Cå
\ No newline at end of file
+-> ssh-ed25519 qM6TYg Xds9FlVzv4E6ZFFTH6zZwG8ewomPq5R3S3/8jDN7zw0
+l1EWvQR0RK865mVQVuCFuo+02HTzrHHlsY9r+E2/Nfc
+--- n9KSdsLECG7uH0yD5GsWC/1mTDMXi/JLDJ++oUycTEs
+ÉL«wÐÜð-§b—}ó¶T6ÁúkíÀX›SŒÒ¢óF3¾q4Ÿèy·¬hzÒ?hSÖ8Ïb=ƒ1)ÑP*{˜ËºS>Ø(æVë+1yð#*ÂiêBS
\ No newline at end of file
diff --git a/nix/secrets/widetom_config_toml.age b/nix/secrets/widetom_config_toml.age
index 4d13ac2e9e13ff37590f06995fd3836eb76b5e79..d5f7e6fc3cf62ee0cdda32411fb65e8550bd0d5c 100644
GIT binary patch
delta 4000
zcmZ1`zf69DPQ7++WTZiolb?HdwxMT{TZX5TyQ^8UiAP~xQBg!-MrNo}pqqPHvYTH<
zGMAgSueZNRa+ZO6WqH1~UrBDck6B@+f2ebSK}2SbN04__L{4P7OL$nMBbTnOu0mO1
zn7NO3sJFR~kEwQ*e`;}7MM_pmq_JmOfm5PKx_PdncD;#ZaB5nTV<^|3map@lChlk0
zr_BAeY|iojOB`Inlb!~t6|cLm<Wj<;ds?9De$U*M*W90km=p>}tqPQhn=1Uw-Z5NA
zqwl=z6n`n}gtoacUFu)^%;t;peNx@&zj}GggS8S{eA1^fE%~M{)2}gc+SEJMU#3XS
zoaJ4^*z-^_eQj&K_L4hO&r~V?|1)#L+@ndWX8iTvy4A@#eaX2`=L+|+J<Hf`>X`fV
z>mLDmjT1F3_T00l%uTav{b`gfa>g^t#OoI4p|mH;o9k96s)zi@DLBnJBV8iSz)nFz
zZ-rUzF`lGP2b*Wxn6JuwJaK{5`I{5MlT!cgT)DQ(xN%ksXJ?$p0h9VA#oN9beA`%c
z@Ywb0>CO|FET=4ySf2j!?XtuzGc#&(FPC3_SMkQ#`xNuv%vA<WWj6XV%%81F{VV3R
zU5M-PhgHRz{yZhz&%A`2#cp5RX?E?5l*55I*QYaMeG@$N7w)+-A?v_Lzsi|!=f-7k
zn6-ED9NmXI+b>)_z$i7T<uO-(LstDP-c8p!HwMp<*?%k}e$)TST!K4)?cKmt#uepy
z^x-+S$*p`%)kl;Pcf|R>{PZcN^Ih8}yEA8`84{}$Yrk|}77tWROFbE)R6S++moK|(
z43b%vmA-hw9N>J#(IdUlJJ9;tlvCl8Uwv9-zGLZJi@vzVS7%$N&VD3t?(XDY`43rr
zed{Imi=DRDS?V=K%xH4Z(Tg_0S59p$mT}o;H(h<}Jdc%bE;9tSiv~AbknxW>le7BX
zrX!*$EmO3fKFFM^+|_oF(~Ft?!z!&~fBP3lpFNW+lzsM9#F0ILH)mbrHxB)Kb%|JA
zS$yUEd9E9L_1Wzk7?^i05BDvSnj`f|VUwH6OC~j?`Z)==y+oK_bj|Z@-`XAdo7wgM
z@BRmJZHpYHvne~@w4ZzPC---jrQzHP{+V10KU8;qynE|!(q>MRb9*FwmoE9Xsos$N
zWn+WW>->YuXM9;zl&h3{z51eVi+ktlGg-3JR&6@6VU4KZC+nO0rp5PI@0}^Fe|zQc
z)g6z2>|R=~IyvcF{r8t2HfYAJ->hBp#KvR2QL4(iCT*q6sDm>WHyb%hUUWORR^ZkB
z=aMHf_Rm|rj?enDeTCDB2fGhmns!{)VbR>(oDDo-S7pQP<fgwr?kcDKAoNf7pPU}K
zcG=H7!8YISXg%A|P@ghsddoF?7l{{vr<C(dPbO41JeoG;k>0HDi#bi}tr?{qQ`Yiw
zOf8<iXzP5pt&Qz9yP_rgkCxqQRh!4MNr3<3#y=lS7!ThMIn>PXK7Q(DlP`Sx>tYjG
z*RHQS7m@n*+R6P}Wtb|g3#%f}8kcu(bDhrK|NqP7^|s%&RpWP7h>Oi>TC#ACdGxI_
z#ewC8Wg8qrwsxFbvAv`tN%(E+d(ZlElgqb1d4*UA$5q??mN_@;*_NcgH*TD|zKi|k
zZl;R3`WK-mR@PKrGX1$Q?#0U4OC~Z-tlq$_wWs3ElrMMR3lv(#wZ7(>HTmA5-h&Do
zHJ3)!9e<K=D(vOmxZej<|6d9fKC|T3nYf7(_KBtY3Z2)#S}${L@s!)!Ej4e?yra94
z%hs{pqPgk!9fN&5u3d8T_q<M@e_Ck%;j=65vE1WoQgpv48~Zl@@OGK258X;W|9=p}
zac23pZ+ATwbIXVBJh^_$v#V}v+m=@*oV|14-{~_E+-e1`$--+>yIl__J2upBsG6{=
zuqs-PMVe_9Pc=)mH1m%`=BrN}kJ<TIUVmOy$ddou)fV+(x57B@RHbj)`o=<6(ct~E
zh`wq&Pq+4YxhH2|f1*2a#g$oIWr+?wiTxiY^;yJm7QA}3A?BQr@ymZ#{^(t7<A~0F
z=0Eo_$9EQPw|%=;a7T&1t!CoxVVa^gJ=}H8FGik2E4aTT-rgWlw8mCDtL^#xhkM?Z
z@9gt``0Qx^_jyJ;ZR)LS_Pr_VP_=)4<fTlsUNM)+f+^b;URu@Ndha6lEETP?yZh!Z
zjEVYJFk=zZE0smB4eJ?B+`k)oS1v#5x0zPoX@7;yf8T#S?e96K`es&=mG|aqPb0RH
zz2>TCsz2Y~E$17-8{yZLw)|JZGXI+8bDk_p(*8Sf)6#Q35>Cz{k5_&%tN-_WdP1qe
zDl<h%V_)tWr+?P|-Y4z6+tSy;%x3P}o7&7-oVzPe?}>SP`n*qlB!_9q?vh_$yK{`>
zTPzLu{j4lc_7r%>>+!ApP_;e!`T>=I-UY!2pB)PQo@1fCs40z$p}2K9M<)B3%67J6
z&y#$Y9B}$^+FC*E#^)thmTGu)t=?Q8zcMZ7(340(h3g7m56?>58Fy*#nOB82Q&M$g
z+5`95?6T$!m04u6OYQ;N_UC*bPyK81;oZGYt4jUQkNtbY!m=ZCjYH<i@p@-=Onn>M
zsPbghHnrYa_pav7zAM?2>@P2xbwT-)T(d;EZt5*f&3_iW_Src_wLc`S9-rh|&sz3o
zUH#=-(L0<ormz2_nR1Jx?ek>I${Uj&yyelFRD0Vnx_8=&-ZBm!gLsjYlOg`s=ZE#l
z96ceICpOU~^<$vG$@%|M1zA>aEHPm>x*2x**P@U^TRwEDglcNN*tPM_%4<<Sgg*b8
z-t=*KWd*<b#l?01|FXICv~NBwwmC}oOnAvcPUj}&dXs1MZPyOWPnxR6f3WFP>-L07
zW1;Llt~Qmw<@bLP{jhu8GPZk3&nHEw<%Wy&uQXQpZMXEy`@rMpnKP_kM(uj0_vYWu
z2^>z6v-a?dyUMN>-}&t4l*8(K`hQ*iFVnbDOM24GN5?;_m(KUyU^J&PXE*CI^DCT|
zljqJeIIwongc7@R^^SX0j<IOZI`b#AWsh#LYqr6|cku@#-XD0iJ$kP6s-$%;-2WB*
z19BTo7VoWox+S-1{*HG?lO9TZS;eb2{ZEsl^17DW%SvONeP=(gow|0ddEA;^LGNC1
zR2V!m+`giFv&@DWzMC#TySC}?^{&l_t1f@|8P>S})2(;L8*k6Lb@F&|Nxj5s<MUaw
zro^^zOX>LJU2%yHm}cv5!kMjmwL1IN+F#Sk1s1w})t%pe;tNx%?zg_c)yLl-mP;_n
z_<MPmuw&%1+s*Hve=wC+(0K4XaTfoVlJ87T$-IZ87v<dfXny;P{b9?xUxHavrE+*p
zs<OXGGiP!gS6Zz$S@d$Ccy!lZPXB53f46PFy(C!UUef;W>wUiJ&XwJ8IzK6l-+jxC
zxsF?oC>?v|{H*7q8f)P8*FLK&Ce2*@YuVZ}89_dJ>$yzJLk}<(KGr(var~L2OTpfb
z%-BDr`fL$z?>a<P%knRrb^KsD?@6USLZ5CvXv<WW6t7y|YmvA6qqU5}yu`cGHIG&H
zTdk?L%+=mI*Xf^#zjo#M{C?>rOE=U^`!$1&?du=j%}=Ga)GRRzy=wfYkZ1bTL>)~%
z!5ti4<?}^jq-U_Wyhw>P@2M2Ob?0}A`^A^FIlOLjLO##_%oY7>Kj$6C`Qkx#F}H#i
z?@F;-`%uw&g5b*4(^885-oDIt?3E$Ij?`rHhEsx?7WESjUAwSp!>3Y?@ckWMOqZt3
zN`KjT@?2HM+KS3kck}=DhJ55@w|^b_F*||X!do!fbKlZEf<7_2lB&}d#GbsbrdF8f
zc>3Q?hc?TwQ>H9M4_F`B2u?4GPEUQb|AhGuzvDJfZZ1Ck`FU90-bU8XvlrTms>@3L
z+VxZ6!8^|UKD{#+>Jv3Lwab{Bezlagt6p%m`F3X<Tlfz9B@Z}_UW6{tR^jx|Jo)C0
zq-i<#g~_YqSBXY%Yl&9ayWsJCff=4(AFnZwU4M6(@s5YKUea^ry&e~K^j6DE34dd1
zrhGA`&R4A{=STW=ZKXFZg&Ub7UNBcLeY%Q;C8<Z0m3g|vZ*`ZsC)?}mY!?=Kq{b<V
z7cTLi%as4a#QkNI_5O9;%f-KU#pru%TXm~=-HvImqb~kun0s01(!EvHeXdgeerF{b
z{oLPvT)E;`)S~5S?0cW9y^XlUyjF2h&b&KL547zjM74B832wOl{A68;$s-5u)=NhX
z+5ZaaxplQjas4WjUD)Ysx4q*MYyD@vINR=6F11{tv}~Q;ebZ(iny4Q9>bLlYnRT~%
zZW`WAjXNoIV$u6)mp1s77|dRwx-`dwW%~uY>s%`mo46GvguP?F+lO$(KZ(%~QxQ`-
zs{O6bO0cubSfNJGx$@=1$y454<V+4*edAQ-bfv@%PpkuGJ9cPH+i~H{uiS@MJ2ri(
zw`7{Z?X-2$@oNjD!;PN!+Bt}xGgzW=;Q5zGtLD2ti&7P$ZcfzZGmBd&&GkUP<z@-b
zN$%cNw<Nb8oyz|+EAnY==<~M=UxvO|dwt@~4Hl32pH^)2)Un#=m~wRg>Bo0-O)aIS
z$vL}o*WYQLy76j{o2YS`cJ<c!vlo9!YS%ws_*}344SR*K>6Ff()5|yPH+PFQ{IOHj
z<i_>aeQTa@28Ua`4V@O~{Z?w%-N@-t3->jf$-c|^B{$Vu_NK$m$IpJOZW1kd%GV%q
zp0E8<puOgPjb(brmd-XRSQ0IpI>-LvfzNIIl1H}&r-r%B?JaZI`oZ+*-{-A6<jT`M
zPYZNxu{)Zkc)q?-X5sA2%A?5|+18UCW143#-Z;;8>Zz1PUt?E3eZOjbVZe5#iBTN0
zXH5OS`E26v#E^pux1z6DS{{A%Iq!e=cJI>Uoz>i@zs+*Ey5`b7;q4kbOuy7Um(|v*
z47cQb&QSF=E5)y@;?G45ZvIP}(H@cB%um+ni|HPJk+J#Np$OKl2lXkPdzdyHm{!)c
zNN(wC)xL?3O}7+@z1;PqIipOnkvr#xx^QCu8$P#|HJ>gy@4Ml=nRim%EGAo9MYZ?c
z$(oDSKUY63?D{Du-{ZdF>6{npR`$Y`mBuHQUvL*WmzE&Cc23Arw#xFrre{xz&9-eR
zd%!U#rZDtQW1@!hCcDaKA?M!KNA5ll@xJof)D5@RH}B3(vp9E&?fTw%veIkU&c9uA
zb@h%tUU8yZzd1k4Tl&7@En~FcblzP5q9h~notpI>lbL4h*19958MH<zpP@+j?_Pm2
z8{5PGAMWco-}K-e{|(<xm9GaommlBlD}NzZgmHSGT4w!0*6V5izB_D~`nD%2_|DXN
zEo<{HH;&z^71cOqSkRQX<#UT-(c8I4^@^P146Z+S=?nj^qWp9A;$Urci?92R@P2Vq
zsH^aLWK{Cw%RGmUX8Apm!g5=te~mRN^PF#?`-VkQzo~G}QvDa^2I&hwB(Sb*YPol6
zT8-{y^@$h7uca2*1h3ka_MvQr4gcj&jvbj3w@M!87GX1H{-4*-c<Rf&i#t-g-Aea1
JuF6~T3;=v(xk&&3

delta 4000
zcmZ1`zf69DPQ7bYxpQb)WV&~FT86)?e@JDfZ>qU-dSzr(gs-=+k+-{HN}*+$PkDM}
zF_(F0P@cPaa)o<Av6H{CTT*3KKx%MBP)Jc;kXw<bQDLBmi+;Iph_;D|0hg|>u0ob`
zX=a4Jc22g7b5Kd5seg*Ifp4i_QdxOPU|3pVXsKbCe|@B7S)#s|k1v;Tch;YcI;;NI
zd}-HLf4-FU@PGS9+fEjJ(c4|Pd}5F8d1i^&y*K5#w(cxlyn<Kx=EODPqW9%~ceO9b
zztxg%_~h`*BYq3tZ*x%cPp+A4u=bXb!dixAi=zb%>()Hg?>ziQ($u){I8*p1{+g{9
zxBdE~bF<>i;U}{#>o?yiley`=imm@ca$w#$p8jN$%0m+#{Bn3E^7Y~y=2@#$B%VgQ
z=dSxK##&eR+4OAJp#>YHcCzf`jr_C0<jaY9F+n-znNK%Io77wVW^+8>yHb6LBU|8k
zra4b`I|)eDJ~3u@@Bgop=)B_Q+8C9O*9+O+vL9#(Th}oA9(VA`oWLXX(m&U5wOPe`
zzpGD6z4Nl;bFiVg@MVFWqBfEr9-L1(uHeq>_xOGmJKM)s9||{D?@G<?{rmL(pOAu8
z|9d}tPy4?!@NJ}NxLo&yMQgv6esMCsbHd8jSv%smm)s49yWd!Hd>c3wa+hmxi)tTe
zo&0}Y^S@sWO=YXtM7x$aC8@`Uy44qEw-`mvFD>C%w8y-?>?CJsWqrzC#@#cg>KvZ-
za{Y>L(`xT2zYCGxd2?ShhfDdVb%v`{SIpiYbZWgt{j|Wli_CANJiEo-uX=0c`U$d+
z@0@VD(o(qgyu-Gh6DAsWMUJ}Oah`qq&inS*oa`SgrkpA3I9B~Oz5Q*+2H6x_g&uB|
zU-fQJd*|3FvmCqZ+pFEebE`ecsxVSp=KNd%-?E-%OMdC(+<0~Iy?qDMN|g)cA-;?9
z`acFFC!UUOJ3XsL<i>i}Wrz1&O1QM=$1?pB>yCEo#>W)3-dmp$roLx>)5(Ao<%0Kh
zPtD3s`Y%;H@c(8g&+Nb~uO9a=Uk_X|xOdlLf{S%j{Z997X&&zt7P(q*F8+IA{n3Di
z{jLw5M>{nN?wF$>(|Mj-{P$0;O=-HTZDShco;*MAy7a#ZS80GlZH&jcj+vRx6K#Ur
z#gsVz#D**L{;PT8ByrH}E5p5vS&QAC$^W!1=<8WvFmKk%Ep1l(YrO7jNd&HmDbJTm
z-jVSBom+}rbYwk~vHz!pd%XWwMt@;_-+snJB4c`nN3F?q<M_Wf8<p&|7dvSGQ0(CT
zb!Ew;hOfuxE~tIX`tw<_xH>0ifM0UW6sCC=A)z03y?<qGrSEt0ZQ;w^PrkeleW!YF
z{oi28rC<KOUY#i@b-dTwq<;D$kqhB{Q{<E~llFH!dhvFq@V);jC+q9Zq?Ro(jgOgF
zI*;wX<u@hn``w{E6FS%bTGsUV<NPHe%Hiujaj!Fx?^b8BzrUB`^TAq2q4ybP_I(c=
z?|4o!T4K$-<x=hmW6miO26mU_!mSM+O>KLlwWi>)xcY(m?b~a!7u-$byt%dE?}a&=
zc6L|`rM#cM!9s<xO^neeDbHzYeQbbvT($BUk-9~1w_FjjjW&6|yKoi9CTYv|hM1Lh
zN9RV&>9#kQZ?e?9?)5IRqhE5Te8;=LJH?X?FBM<-eP8q9oG$P3yvO?POwOJAe2mhz
z2E^|yTV{FcbaFK#%TDG;>uNtF+*_k)w&G~Ou>zev>nF|j*qq19@q59u!&!0vy4dQ)
zbC&V<3;t{MF!=JEoBvOS(7TeFuJcPCOaEA9X&*J!=bqW+dlC}14%OGx{~n+6;o&UF
zU`IaHhNQle-!f)h?i79g=j6(BbJdy;AN{oK>e02o#Fsn7OMJU7GPm)nnQi?t(_Yi{
z(d)i{5M-ZQlcK!R!q9QzVV^lxmoztCdYZhP=XSlA*A#;zr*i&;s&uYC|G3(ImqpCc
z4W4%^wksN*KD8)q$<t3IKhBsey8dj|`z<Ff&i{7XB+iNb!L3KjW-op))qm>L+g#1R
zh3?-jw-;+M%+W}BBJym(uG0Hqk~?$03-U#Kh|E(rtX`ki*kQYUDnp)mr}xPc&ugv|
zA0{rJv->>r%F_DZJnqF4nRa@l-r2{Zt^OiOQ>9R5MS%bEe|^R3$1WHyQqHJspA@(D
zz_Lw(VW!(2eygaK*qXKCu#;C#@z*!6US!u^O|$UhkyD;|CT6Y8%E$FfFYB7Do8mn4
z%Cm&0?;nVMQeSq+*JWd;mc-l3D-@Tno3mX}&*`Jbe&*5`Pv5rz3H3|ze%Xsew5`+4
zoVow}5yeXTum3qjuI_l1x~jtMZ()ViPl4bo>tZC%n6FfsvMO!U--$cVC{)(&t=jPP
z&O*J+SBHuxhCeWw7u{>Q%yP@-{(B{L8C`-$3};QMo5$#Sc#49E&kX%t-?Yx;@w72k
zr<6H*J+1n;=-uxHWs9As&*PkATAy*%xW;C>K4*#9smka_o&QSY*UfObDU|g*)8t(8
zB#D_!9k;?8e+UUT3D1=bUb!LtiVgp%JvmQGwobIJmS<mlee;f^iZRm-y%YCe_#VJ~
znU{a<C9{ax$;)`eTJnUqY~0touj*cbn1q((O=-RIpZC`!znhu2nL#k@IrBkd*6GLU
zSJ(tI+C?ev=?!FVPp-Kb-df$+n|c2Ka*-qc>;C@F5(|p|np=J<=tbI}_0bpO)3_R|
z*NDHBsTVgeDA}8>yY<kq6qW@0&HvVLZTY(BeapVhg3Ahv?*(0JGduO)#$4us$#TP*
zJ<RUBwIP}(c>WZIemHkT!(rFQz$ssLzKr|UmsKyaJU_-*^QibXr?0B#7Tj209ib!<
zl&2J`!+-VD&BvwJrR})m8heFybS=2qHT#sr?ttYn`i8=F_x>5LPbe^aGc#<@qH2ys
z3f~l;Zk{RWf9~Ht1N}P(eO_<~u3Dd%##+~2#^~~+Z0C%+&SiC{!+tgAZ$IaKecu-@
zCwb`)Z&hZn*0=X29DRL2XYy?sxrU{y%%;!h3tp=#FRvzQ8$R=H{{7iMCOM^bT+Qm#
zFAk0T5ay?^ENXs(<*pO!nw&a@dZBp-mtK}K+aT-p)i<E)bSCE+_B;0X1Ric}zEL~f
zE~~!#VNtG6(v~@ul@679Uth%wcx4_F3uG@T|2qGt-St_Yw;!rsaV~3C`HVJZ*5|Q%
zZ6B|YiP?2$f!Xx(>I;39-$HgVdL*yt&w90Jla`+MrKK5eb)FBi)K5n5e;Xkzut&+%
ztKm(4K}fB6S5^iOSH5_XSL`Br!HS!%=bp|#W6R35`R(z5=(I*tfwMQxf2>;3>vZn<
zyw!{kyjM%;uldhy)Dj^hTK}z}I7?gHt7ZOu?swNpLvPf?l$qI;tyt&rtt9!|@hFd+
z4{IYjSekAhOZ>d}=OTHr*L>xhm4Bt4nZHSX>*giP@AlZ4I^WzH*kk@!t@*{8wu<W7
zp6;}O+xvEHe%8>UU&Bzrdb?)#$7Yp?$(*N)f5kJ+xL2KYwd{vyyWFOZ+|7sU+s{PK
z;(TVVJZHQ3F20@Y-vs@q{>zxrDf&U?^RFG2VX|TdaXT9#mrwiXctgLOk-5z8WK85D
zV=)(>1J}DNVuZzlcl|ro@bMMjN|wyhT)sG!B`-y0UonZcwGKLeemQ$>Mn#*uhk&Kn
zfd@*d8>Y>-F8F)$ctO(lz}Zr(yj@sM=haU#^r_#ba{l9H5rG4DUUo=4eZjW=p!O?K
z<0%453ws_Kr7w+}E|8-4_egLcZ^iLvJPbxRDjz1K-)FU-%Ax5f$D(0%e7<*Z-hp|Q
zfr5+lIa<3C56#^4Hp*P-4~zE!e)YNLx|6%>|9yM3ZHE22>wY%<H$L2$TWajT#i6E-
z<$&nM`pD))V^b6Pc>>qNZpIc1=&e7+lDg!Vt%2mb-gWm&4{Hm{?b^R6^Kqr(I<A*I
zJMOI);W<_id`#Xw$jf8a!S&Nv9<dqs8`oPe*miUcm*l*IH6L_$=T7%hRa!CQd-4<k
zKJ)hFX2#dPDa(HJVeZ|Ze%4v*>7>Ox@AiKxEI4-UBJ=uso`ofwi{~zq_+jBy^e^dZ
zuhlv$jl*J|DZ6=_IJvC8Yb(3l-FU3)o9xuW<B`HFM+Bb#y0qyt-|jUVf4-J#51!qB
z;=ggm)i&pJ!N*p)xq%<q_Vil*HQ4!FW{uaP>w5~yd~cgnF03kv-J!9mGEY~*|5r~<
zVjx?zSm~GiH+7TJ&(?>X)~j7}OCU;MYv|>y+~anF@^^Xe7Ht%^$Xw`NcsO?c(zBZ3
z^#_FPb3fYJTKZg?zdkU0p75qm2SVO{mYaGhCHda99EbKz`9iKQzOtOXrf=F|F;mOX
z%;jDD{q}2ZTdPkyUbSpAi(VA>^I|Of{#z~2{Q3CSiLTS#bnf2#CXv2L^}ANw>^4%~
zA@V9MY5Ie!{M&ORT%H}dbz~9GU%_9~Hf-FP8FA(Fl?ei|FK*6Cm*!)!Z+)k{Zoja@
z%u9Q+<fFUX&ly>@#hf|8`|a@lf7j0KNPhdaspR(h*v|^}iL5qrEpkrUtIj?uGGWEq
z%1euMwj8iClPMDmc+x2n+;6*b#rG$M^=E}Ycxp;3G%h?HxbH%*+T!h#SFCUTxO{r=
zuSd6Ig|-_pKJ!W3YrEuXb!OCR3x0|G3F^O#mubhSuNJu}YAxni`Km@PSBpPtmD<;6
zr!?`u^|J-PPMY-X$GROX@0|XB{N(mnT08%skZs<Uk4xpGbQr&s+Wq4G`JnFCu5J4^
ztX^SRKRx^Jho>d03pU?h_%<yu`hi+S+V)l3qi=1i6i(Q2?b(&5OmQwvr=B*ODlDFv
zuKBa5Hj{hDhN!R2cMGNFuYMzvk?Jp86y^27^c%zBDPG5W`TRF%ODrfcx2k-<Q}9Vq
zP`2coyT7llZhM|}_Ji+^I^+44`o2xU8a+q9y>EPb=*yb=Ua75uGt8IW_P@OBn@6GC
zf(em<4?TX(<cd!$b1i7QbRbV<inMaQ#-~4Gb3$Y1S{v_-H4vFp{I)eD$3VS$QTij>
z#u+}l>vs8Uy5wuo@oGPtwy9C!)Ne}*U2h!H<Tcg(Tz{20VwbS)Lzlqm0!?!-yexgL
z6ZNCR%wgIM_7#D)JL~<E?a!D$oqpoW5$`Y!yDNEl!uPg`A1S#KDSaunW2MNJOJN$D
zdiK7*bZydKKTp}eX@(-LvtuTS|B(^@@#*QOZ6{h-x-5E2t!A+^);+o1A!;-2wn~w~
zuZ`Jj+8JLgUX_2_d;PXno7E;p&NU*93&WP*ZTQk@_xZ}pV2>qX+I<J+*IzhvEcQa{
zudDWdSYr*Yy2$8RzQ4NU^+uyEwF5V|zLfQte_^^2cQ^0y$!|^zePd|#O}E$>veGw`
zQCjz)VW{cMHT#M-8UI`I;7M-?HxujgrrMwr*P5O`%ieg)lSQ1>{7gZ->bpsTV)xxo
zFPOem#o+w56UG920`AX^&Yybl_QN<;$#tgl?;50T`rGnz+Wegx<@bD@cP$~@N%NZ-
E0Ojwq#{d8T

diff --git a/secrets-git-crypt/knot_dns_rfc2136_key_config b/secrets-git-crypt/knot_dns_rfc2136_key_config
new file mode 100644
index 0000000000000000000000000000000000000000..61b3a36d237bff406f13e3dc15ff34ebdc0012c5
GIT binary patch
literal 134
zcmZQ@_Y83kiVO&0DC=SS8fm#-SoOQ-!ar;0Em}H7p{lfs_qU);taX0;{LRv<<9vlB
z|HS|1?iX7n$sMqN?<otPlBd2#Yi6H)bmEwzbI`w&+h5IdxzzA{mpZ@Imkgd>{pM41
sLJqIHtZyxOW5qeu8ysH*4xG5mpL+er+iRll^fS!=NEoy#e@g!a0PL$k&;S4c

literal 0
HcmV?d00001

diff --git a/secrets-git-crypt/knot_dns_rfc2136_key_envvar b/secrets-git-crypt/knot_dns_rfc2136_key_envvar
new file mode 100644
index 0000000000000000000000000000000000000000..5bb8e79a0efe14fc85b94c13d4e21a0e027b6d23
GIT binary patch
literal 67
zcmZQ@_Y83kiVO&0@DY)CC2OB~;$l?&{>z*%_BCqVn`a&*6jiojaY*liOz)$9x)bN#
ZdMsBP(sWKE@T2+LE%s+lc=TOw0syQv9}xfm

literal 0
HcmV?d00001