From 68174b4a7774de301d7b226a6adb7349cf99d0aa Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Sun, 3 Aug 2025 00:33:53 +0200
Subject: [PATCH] yolo

---
 .github/workflows/apply.yaml                  |  27 -----
 ci/build.sh                                   |   4 +-
 misc/vps_deploy_key.pub                       |   1 -
 newinfra/README.md                            |  11 --
 newinfra/nix/hive.nix                         |  30 ++++-
 newinfra/nix/modules/dns/nilstrieb.dev.nix    |   5 -
 newinfra/nix/modules/dns/noratrieb.dev.nix    |   6 -
 newinfra/nix/modules/garage/README.md         |   8 +-
 newinfra/nix/secrets/backup_s3_secret.age     | Bin 662 -> 772 bytes
 newinfra/nix/secrets/caddy_s3_key_secret.age  | Bin 661 -> 771 bytes
 .../nix/secrets/docker_registry_password.age  |   8 +-
 .../nix/secrets/forgejo_s3_key_secret.age     |  11 +-
 newinfra/nix/secrets/garage_secrets.age       |  23 ++--
 .../nix/secrets/grafana_admin_password.age    | Bin 282 -> 282 bytes
 newinfra/nix/secrets/hugochat_db_password.age | Bin 339 -> 339 bytes
 newinfra/nix/secrets/killua_env.age           | Bin 293 -> 293 bytes
 newinfra/nix/secrets/loki_env.age             | Bin 326 -> 326 bytes
 newinfra/nix/secrets/minio_env_file.age       | Bin 397 -> 397 bytes
 newinfra/nix/secrets/openolat_db_password.age | Bin 321 -> 321 bytes
 newinfra/nix/secrets/registry_htpasswd.age    | Bin 278 -> 278 bytes
 .../nix/secrets/registry_s3_key_secret.age    | Bin 364 -> 364 bytes
 newinfra/nix/secrets/s3_mc_admin_client.age   | Bin 802 -> 912 bytes
 newinfra/nix/secrets/secrets.nix              |  10 +-
 .../nix/secrets/upload_files_s3_secret.age    | Bin 474 -> 474 bytes
 newinfra/nix/secrets/wg_private_dns1.age      |   9 +-
 newinfra/nix/secrets/wg_private_dns2.age      |   9 +-
 newinfra/nix/secrets/wg_private_vps1.age      | Bin 257 -> 257 bytes
 newinfra/nix/secrets/wg_private_vps2.age      |   5 +
 newinfra/nix/secrets/wg_private_vps3.age      |   8 +-
 newinfra/nix/secrets/wg_private_vps4.age      |   9 +-
 newinfra/nix/secrets/wg_private_vps5.age      |   8 +-
 newinfra/nix/secrets/widetom_bot_token.age    |   8 +-
 newinfra/nix/secrets/widetom_config_toml.age  | Bin 4006 -> 4006 bytes
 newinfra/secrets-git-crypt/wg_private_vps2    | Bin 0 -> 67 bytes
 playbooks/all.yml                             |   5 -
 playbooks/basic-setup.yml                     | 112 ------------------
 playbooks/inventory.yml                       |   4 -
 playbooks/vps2.yml                            |  97 ---------------
 scripts/copy-deploy-key.sh                    |  23 ----
 secrets/cors-school/bot.env                   | Bin 373 -> 0 bytes
 secrets/cors-school/db.env                    | Bin 81 -> 0 bytes
 secrets/cors-school/server.env                | Bin 212 -> 0 bytes
 secrets/karin-bot/.env                        | Bin 207 -> 0 bytes
 secrets/minecraft/.env                        | Bin 140 -> 0 bytes
 secrets/vps1.env                              | Bin 22 -> 0 bytes
 secrets/vps2.env                              | Bin 22 -> 0 bytes
 vps2/Caddyfile                                |  47 --------
 vps2/backup.sh                                |  76 ------------
 vps2/docker-compose.yml                       | 109 -----------------
 49 files changed, 88 insertions(+), 585 deletions(-)
 delete mode 100644 .github/workflows/apply.yaml
 delete mode 100644 misc/vps_deploy_key.pub
 create mode 100644 newinfra/nix/secrets/wg_private_vps2.age
 create mode 100644 newinfra/secrets-git-crypt/wg_private_vps2
 delete mode 100644 playbooks/all.yml
 delete mode 100644 playbooks/basic-setup.yml
 delete mode 100644 playbooks/inventory.yml
 delete mode 100644 playbooks/vps2.yml
 delete mode 100755 scripts/copy-deploy-key.sh
 delete mode 100644 secrets/cors-school/bot.env
 delete mode 100644 secrets/cors-school/db.env
 delete mode 100644 secrets/cors-school/server.env
 delete mode 100644 secrets/karin-bot/.env
 delete mode 100644 secrets/minecraft/.env
 delete mode 100644 secrets/vps1.env
 delete mode 100644 secrets/vps2.env
 delete mode 100644 vps2/Caddyfile
 delete mode 100755 vps2/backup.sh
 delete mode 100644 vps2/docker-compose.yml

diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml
deleted file mode 100644
index f18fb9f..0000000
--- a/.github/workflows/apply.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: Run playbooks
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    name: Run playbooks
-    steps:
-      - uses: actions/checkout@8b5e8b768746b50394015010d25e690bfab9dfbc # v3.6.0
-      - name: Unlock secrets
-        uses: sliteteam/github-action-git-crypt-unlock@8b1fa3ccc81e322c5c45fbab261eee46513fd3f8 # v1.2.0
-        env:
-          GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY_BASE64 }}
-      - name: Run Ansible playbook
-        uses: dawidd6/action-ansible-playbook@260ab3adce54d53c5db8f1b2eed1380ae5c73fea # v2.6.1
-        with:
-          playbook: all.yml
-          directory: playbooks
-          key: ${{ secrets.VPS_DEPLOY_KEY }}
-          known_hosts: |
-            vps1.nilstrieb.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjiNfzZQpN2KWd1LSM/LL+dLx8snlCV6jYys+W4NOBH
-            vps2.nilstrieb.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX
-          options: |
-            --inventory inventory.yml
-            -u root
diff --git a/ci/build.sh b/ci/build.sh
index 7a40715..e5c7a26 100755
--- a/ci/build.sh
+++ b/ci/build.sh
@@ -7,9 +7,9 @@ APP="$1"
 if [ "$APP" = "hugo-chat" ]; then
     REPO="https://github.com/C0RR1T/HugoChat.git"
 elif [ "$APP" = "cors" ]; then
-    REPO="https://github.com/nilstrieb-lehre/davinci-cors.git"
+    REPO="https://github.com/noratrieb-lehre/davinci-cors.git"
 else
-    REPO="https://github.com/Nilstrieb/$APP.git"
+    REPO="https://github.com/Noratrieb/$APP.git"
 fi
 
 echo "Checking out $REPO"
diff --git a/misc/vps_deploy_key.pub b/misc/vps_deploy_key.pub
deleted file mode 100644
index ce48e01..0000000
--- a/misc/vps_deploy_key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Yl4+vAFgN+d82emRY8tHDgM7Pp0rLIsKBZku+YUsd vps-deploy-key
diff --git a/newinfra/README.md b/newinfra/README.md
index fe67e82..4093fce 100644
--- a/newinfra/README.md
+++ b/newinfra/README.md
@@ -5,17 +5,6 @@ New infra based on more servers and more shit.
 All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
 They will have different firewall configurations depending on their roles.
 
-```
-
---------    --------
-| dns1 |    | dns2 |
---------    --------
-
---------
-| vps1 |
---------
-
-```
 
 ## DNS
 
diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index 6410db8..6182440 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -53,7 +53,16 @@
             wg = {
               privateIP = "10.0.0.1";
               publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ=";
-              peers = [ "vps3" "vps4" "vps5" ];
+              peers = [ "vps2" "vps3" "vps4" "vps5" ];
+            };
+          };
+          vps2 = {
+            publicIPv4 = "184.174.32.252";
+            publicIPv6 = null;
+            wg = {
+              privateIP = "10.0.0.2";
+              publicKey = "SficHHJ0ynpZoGah5heBpNKnEVIVrgs72Z5HEKd3jHA=";
+              peers = [ "vps1" "vps3" "vps4" "vps5" ];
             };
           };
           vps3 = {
@@ -62,7 +71,7 @@
             wg = {
               privateIP = "10.0.0.3";
               publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
-              peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ];
+              peers = [ "vps1" "vps2" "vps4" "vps5" "dns1" "dns2" ];
             };
           };
           vps4 = {
@@ -73,7 +82,7 @@
             wg = {
               privateIP = "10.0.0.4";
               publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
-              peers = [ "vps1" "vps3" "vps5" ];
+              peers = [ "vps1" "vps2" "vps3" "vps5" ];
             };
           };
           vps5 = {
@@ -82,7 +91,7 @@
             wg = {
               privateIP = "10.0.0.5";
               publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
-              peers = [ "vps1" "vps3" "vps4" ];
+              peers = [ "vps1" "vps2" "vps3" "vps4" ];
             };
           };
         };
@@ -190,6 +199,19 @@
     deployment.tags = [ "caddy" "eu" "apps" "website" ];
     system.stateVersion = "23.11";
   };
+  # VPS2 exists
+  vps2 = { name, nodes, modulesPath, config, lib, ... }: {
+    imports = [
+      (modulesPath + "/profiles/qemu-guest.nix")
+      ./modules/contabo
+      ./modules/wg-mesh
+      ./modules/caddy
+      ./modules/garage
+    ];
+
+    deployment.tags = [ "caddy" "eu" "apps" ];
+    system.stateVersion = "23.11";
+  };
   # VPS3 is the primary monitoring/metrics server.
   vps3 = { name, nodes, modulesPath, config, ... }: {
     imports = [
diff --git a/newinfra/nix/modules/dns/nilstrieb.dev.nix b/newinfra/nix/modules/dns/nilstrieb.dev.nix
index f804411..1d0fb7d 100644
--- a/newinfra/nix/modules/dns/nilstrieb.dev.nix
+++ b/newinfra/nix/modules/dns/nilstrieb.dev.nix
@@ -37,11 +37,6 @@ let
         ns1 = dns1;
         ns2 = dns2;
 
-        # apps
-        cors-school = vps2 // {
-          subdomains.api = vps2;
-        };
-
         localhost.A = [ (a "127.0.0.1") ];
 
         # --- retired:
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index 9a4da25..dc52c14 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -9,9 +9,6 @@ let
           lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
           lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
         networkingConfig;
-      vps2 = {
-        A = [ "184.174.32.252" ];
-      };
 
       combine = hosts: {
         A = lib.lists.flatten (map (host: if builtins.hasAttr "A" host then host.A else [ ]) hosts);
@@ -63,9 +60,6 @@ let
           };
         };
 
-        # --- legacy crap
-        old-docker = vps2;
-
         # --- apps
         bisect-rustc = vps1;
         docker = vps1;
diff --git a/newinfra/nix/modules/garage/README.md b/newinfra/nix/modules/garage/README.md
index c16f1d1..75b1116 100644
--- a/newinfra/nix/modules/garage/README.md
+++ b/newinfra/nix/modules/garage/README.md
@@ -6,13 +6,6 @@
 - co-du -> Contabo DÃ¼sseldorf
 - he-nu -> Hetzner NÃ¼rnberg
 
-| name | disk space | identifier | zone  |
-| ---- | ---------- | ---------- | ----- |
-| vps3 | 70GB       | cabe      | co-du |
-| vps3 | 100GB      | 020bd      | co-ka |
-| vps4 | 30GB       | 41e40      | he-nu |
-| vps5 | 100GB      | 848d8      | co-du |
-
 ## buckets
 
 - `caddy-store`: Store for Caddy webservers
@@ -35,6 +28,7 @@
 - `loki`: `GK84ffae2a0728abff0f96667b`
 - `backups`: `GK8cb8454a6f650326562bff2f`
 - `forgejo`: `GKc8bfd905eb7f85980ffe84c9`
+- `upload-files`: `GK607464882f6e29fb31e0f553`
 
 - `admin`: `GKaead6cf5340e54a4a19d9490`
     - RW permissions on ~every bucket
diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/newinfra/nix/secrets/backup_s3_secret.age
index 6e4b2ae89ab89eeaad8b566ead2f499e31be941e..4ef136108486d4a9699145de668ab6ed6f918524 100644
GIT binary patch
delta 702
zcmbQn+QK$Lr@lDbQrq0Uyx1}-Ti-Cv+`~WB(b>Q>+1at8G{U9CH_F^StJEUX(NNzg
zohv6u+px%|B-A?~GCkMF*r~G0$jCc4x5~xU**qgKJtH?FFS*d5u*^R!olDnFp}06h
zH#Nn`)YQ;Yp&-CAIVD}eDX_r9uQavP)GZ?*$~Vy@tKPyZB*!E@rz*0lvMfKnGBi8e
zzbr93EXmlHtJK%aDLvC7Jj0~K&mz>n&?6}`)6B!qE7#rIH^Rp&tTHv<$gjl7xvazl
z-MWY>N9U+Oh4gU0l$`Rapa6aM5R<52ud-YZBmKba2uI6IucYAA9Q{($h%Do>Ec2?+
za<1}{kSIqlBNNA<3fF>i*Srt|qvY(+Kuh;@C%+OyGdBZ|VoNt?i`;U@;)x%{!$T^K
zf|E?L6Aj%%^V19ql1eJgQ;e(fN_<oN6EmF5!-HM@&4XP^ibDboxJpdI^K;EiL&J-L
z5?#Ht^DT0dioz@m%u0O1%eCG8vJz9xoH7b4QVl#!CdV_1*ISr6rbp#OWx17w`-Qkh
zcsLhj85L!FWhCmmXNN^4J8HX|nS{9*`{ZU6b2(Q;l(}YxWQLb$yL#q1IhhouRr*Bb
zRHYlZ8F_fSc$-9eM&{<5Wk;2Ha_Q>oD&$s{mu8n3S@@QEWrkKpr6=aN<^}|~=B5?;
zmH3$!nYtG1*XQN>6=Wy-q;uuVuZzq!lRLUuQpV{|hPR*Gj>@GQ{N&sfBD*xbPE;lT
z^xKjn=%L}e+eKhus>r(%gT*Hw*GzI)?LTR%#baX){*)Q|tc>zMFRflF(p0r|>jvj}
zAM{EexOM*O$}oBQV{6<)!BfIZqs@)wi{!qoi$0Nb|M*|_rMr~u|0=)v*F5i|_5B@h
cWm=reUbR26xF_>m*q>p^np1z@sVDXU0Dd?9q5uE@

delta 572
zcmZo+o5ngpCp^d1BE{4qDK#J@B`G_~-^0MN$}ii|sWKxxG0!nHJ;K1lFsLZp-MBa>
zk}Ei*w9qWv(NSO9(ZDOYz%3~-BBv^}AgC}i&^6C1G^@(O$ICq|Aj>D$apFhuaKDNW
z<Io77@N}cnyc|z6mqKsH#3H}K@`9{fZ9`9&@{o!=?IP_kOH<c$uH?#e*GP{-ZG$k^
zK%e9Sv+&H~Vn>(siqN85H`AQF!cf<UjFQ|`Cy%7;$?=Th;elomX~72R#y(CdW|pP-
zp@pW-Ss`wQg&xUeu7=rF#U>^NdBORX5rJWWTw&h%ML`uorsXc#d5+oU7Jk9WL0S3X
ziJnfzk=m)Ih85aAKIW<EMczS<lg~1W*Qciz=Hz>Zn-qAOCwf$R`&N2omV_HQRwkFH
zcx3w*hq_sMSLK=(re#K?b9uWuI+~Q_1Xg4hhlF_tYo{i;X;-Eg1o;|Pxw<8$<fJ>6
zhZmQ+>)a_Q>oDkK#~S(FF3R3!x^xo5ijgogQ)IHm{WC0PUq`&9-;n3?%T)<>FE
z6}tKOgmO)&Xm+)I`plobAndMm#djMQ1`j6BuLde1e=f2q-T1x8P3dvele>$K?7G^s
z{+ZEw<vVYz{{8v>Hhj~v?CaJtO}Ec53H&^2cF=CcE2(=tOLjcVHk@i>bnmC?kwD4d
z2MKG>2{!V7?CD{3eOvu?f}-QUre?dyj20&)ng3T}14Yl52=EF$xwYNy`2Tx*bE9wm
Q>Ch@{RPp+dZZy#Y0NE7T`2YX_

diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age
index a0e5c46344bd48311e3630ba6702541cdd45e596..39bb56043658c765ae2c9759e049e325cd4d7058 100644
GIT binary patch
delta 701
zcmbQr+RQdVr#{8UC#NdZG~KTvu)s5*w8A;WKT1EyE8McIFxWA(vM|gwH_{{^Qrp$T
zm&-WQ#Lqb^DKO9^%|P4VBPbxR#JnOo$*rtBHzd+OEWFIuF*r0i(!0_$luOr6p}06h
zH#Nn`)YQ;Yp&-CAIVD{oDJ#G|$S2${+cDe7Ej-^*yS~CL(cR56r6RyBEF;p`+0!7P
zAUiY4GsUf(D?HmICCl6-!@Sraz$n!$Oy4ie(<iOe!@JD5+{7f(H#5n}+aM|5P2a@=
z-MWY>N9U+Og-Yivk8*c!lOzkTuo4q9v!e2Hw=DC>BJ)HG$D)#4@1jss?evT?=b$o|
zVy?m{{fvktGxxH9JY&n!RO9rLz!HP}h)kynqriYfvwZh}s&vD!G}Ex0{D~jM!*e|g
zeG-%N)BP$VJu`g#vON+_T*}J}-Low6^~1_7!XktHv)oOcvn?u2xGDn*^D2BjoHE>;
zLrN<$E0fHO@-xHqOQIrDL&LQFqf8_7D?-aM1GN1DC&x32*ZVpJMwnRm`b1<_=ob}w
zC;3>Gy1QkRy1MB{c%+r4MmkqS<YnbYrFgq|a=AphID3X0x_OkkWf^BhIHjaVSQeyu
zre_pYn1<z8I#+mF2AU*QmL?e)aOvvmDwHMqniM4kCYF0tl=+vMyA}AFM}?bJ82F^P
zWtwC}_<8uI*L%2m8l;zNdvYDLJW(gNV^Q9RCB9)yRkQtEmAB<Ou1<Fj(9_M^;m`84
z@5<9#^>5^~=5yM(d~aOuF1m%GO>q6x6E;pO{yg+?_p>{&CDWCsVnOfjCmu#xLeA`(
zdE9?vg-)mbb5hUazb5=7yzt>&zyCcNtWWflbuEHK#lm(~%~8yhTzw&Bb7S?&)bCox
Z)mdxB8>6;=z97A+d3!K#x%UFUl>nF$_aOiP

delta 571
zcmZo>o60&tCp;uA*(9(c%Q7b<*`*}4($l{n%Ol9FB*(+I!nDvdqco>5BPz<xDb3s{
zo6Dmh*V3!RvOKcDFSJ72K;Jblvn-^--6b+d-$gsD%+y1>Ai}`M%s4C6b>c_y@DgM9
zLg&oza?7Mr*P<|sj0(qKH%Dh9AGh#;B5hxf#0aC%MBjp(qQDAYt}2rp6Cd*kH}9<6
za-)Ef3`@T-%R=MQa?`||Fw>MWe;@xGOMP#5<7`ut$?=Th;UQ6er4?=wsiwjD+L4Kt
zj+I5B?zyQ&L1vzbd4-OJ-sVp3dB)oMzJ+<^TsiKRQT~<%ZhqQ{IUyGMN%<KO!5JkU
zA=-&~S$S0!5pL;zL4H9lrlpzblg~1W*L%2@c@%^cgrzx^CKiQxmKc|rR2VyZ=VX;T
zMVJ^==sTKLX$NN-6}V)ia|L@Bl@z5`W~W<}hbB2kY5N7GrdvitMkIR&SvZ=MW*K_B
z`Wm}e28D+Da_Q>oDnw+NdnZO21?pQQC+B7O<#|Rr7CMI~8vA-=WJacY1coLR)Mr-Z
zRQiP#By*k8IA^o=ZowG_ZhQV{XT`r~ukf-u&EIZv?5xW&W}7=gyWb~g-@NB3J=b|#
z)y!E^K7S@p+#=p!=~Qd8WYaFEjY^qK(WlN%jkPIv+Ev}Vv#vmjGv~<WR~a_%g~Sit
z&zpC}wIM<JW#jJ|%U&AF{IQsz=2*k?C+ec2!@|$G`;HcVm(B`OUi0=ty*Zcc`nkc)
P=j&Ui8~irxVCn(@sTtH9

diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age
index 3d42d33..13f02ef 100644
--- a/newinfra/nix/secrets/docker_registry_password.age
+++ b/newinfra/nix/secrets/docker_registry_password.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg QziuzHQxmWyRdv8dUPBWTgnMxFtqR6ttP16Z3XdvD3Y
-Krxmha5J+gTU0DjzPDTDIwz1mW0Q84XR2FgQyPm4bf4
---- t4Mea1Y35o5t2dhREnp8Zq1AyR4DAWMFW7Vv3CkgGKw
-ìlTS+Æ³6y­¿rîëOØné&c`Ï°Êü:û³7V»-tf±puw€I¥w“Âøå
\ No newline at end of file
+-> ssh-ed25519 qM6TYg UtoSFhZQ2PW1y3ifXgSdQQswoi5kdRg2gvczlEateC4
+ir2FpFkYo17MGBy+C4thM4lit7vn2CiBi09DcTb6ubs
+--- YvRhsfFzedjeKssmOTzHvKkvIG0zXVVCIJsRNc/LTVg
+:Ë €KîÞ$é†Prm;Û·ûÎªæ ¹Œö+é	ÚqE@Àv]’¢Ôòm =Í™'Sm
\ No newline at end of file
diff --git a/newinfra/nix/secrets/forgejo_s3_key_secret.age b/newinfra/nix/secrets/forgejo_s3_key_secret.age
index 6bfaa64..2c66a3a 100644
--- a/newinfra/nix/secrets/forgejo_s3_key_secret.age
+++ b/newinfra/nix/secrets/forgejo_s3_key_secret.age
@@ -1,6 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg ecu0Ic6o+WyT7XhZPo0Yf46bOye2LAgnJ5MxFPTY/E0
-JqJCtQmtxgktMl/4HsHh0uRp/rzEoqT9Z81H9v1RXio
---- /CmBzuDf0AcCk6rAvEh5SmIMxpwCTjfj9IQtRLv5qYA
-}Œ=5i
-©¨£#ª4bÎpzCaÀjÙnêB†±€ÍN%ÚnO Ž³GKÔ´ÖâõƒÏ”ßÁ¼‹Æçé'ÄZ>T“œìÙ‹Møô<›}//}|–uá–5œªsö*
\ No newline at end of file
+-> ssh-ed25519 qM6TYg GNYf0FjEDEqCe09mS9Hl7OIIjvhKTu8urwUPtY+yyB0
+xmAtm4n3s0rfq3S5OKFEG2k/noXFTKMt8hiW5QrD9SU
+--- HGBYxXQGM254m2YP5twgjgDme80f0uOL2m4uKy19ZBs
+ÖÂ(
+Õ×åÇÄT
+‚®à±Öì{’ÙõF“ü-\ƒ6{mítÏæÊMÑ-óX{‡%bQd]E³’Éàü]i¸úãË}F»2¸$7¤ö#k4“;8ZžGþ_‘oÛ–¼
\ No newline at end of file
diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age
index 57eb61b..af23541 100644
--- a/newinfra/nix/secrets/garage_secrets.age
+++ b/newinfra/nix/secrets/garage_secrets.age
@@ -1,12 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg B17o68OCsoljQLd4yLx1gZbt9zsFhQE8/QJeZ3Gx+AI
-ADxN8iqNN5ApzHMtIXMnMTN4qe/7ba+ZoqkpHDpq9dE
--> ssh-ed25519 XzACZQ Jp5WvbUVmfecvN95vM6+DQmJicVf4u94Vm0mYtBVODw
-XAdVpk6bAwAU7OQxvedepr3g8HQo5sY5efy3lYhf1xA
--> ssh-ed25519 51bcvA DUkgjLS805iAsnaCl3B8BOP6cdKOJCx0aK23UEDmTyw
-dUZhXJiYkCZvassxSg0Cgf9c+ta2Oc2PNhLdvHBP24M
--> ssh-ed25519 vT7ExA 0Z2/GFY2aqO2HJJet3CRSh3yxchGt7AYTzkl0D2aoEQ
-GuMqW7tbsEl/SskgN1hPa0B/aWtet/+pHxmbwsTzPCM
---- vgf72fLRkTVRtJoxh+qfim9YYELE0W74L6ZVjpo+8vI
-åø=ê&óŸC»íÄŸŸ#À¥ÑÒ/nÜ¤è´2Â9†ØÞøo[›S+uWÊ¶¢£4êÕf/hAÈþ#ïþOs_†RV£òEÆÆóÎûúÎVAlžTÏ/¤VÎ¨tµøJNöËUë;ññnGúQïìÝ£ÖO{Áx[ #°¿›†íÏP¨Hß9P®€:z
-ê‰û²å‚yX„Ñ`]%>¨+ÙÞ~)Ø`V–ïâxÛ°€i-ƒã¬Fýªš$xHå)ÒTMcZ
\ No newline at end of file
+-> ssh-ed25519 qM6TYg F9aj1EmsmRSXt1m3a41zpuwFmDBOuuaIrHkqP7PTVno
+tVs8Oxa9gV/HdUf0hN/JLuWhbrXI9BXIrsh5HnsKBQI
+-> ssh-ed25519 pP9cdg dQdPm3OfbWl5Y8kJxmsUZ4rwpUo8w3+P3CHCiXw9VCw
+9yWbGgzgBz9GICAgYiOyPtMjDk/tBb4vsOveTuYP9bw
+-> ssh-ed25519 XzACZQ 4lldtotM16DN/75dRX3QEmOzfIEySHcNOlFWqymI+Rs
+oOaD7dZu0xC0R7CrVpfwoBU7eSgaWyJmAZ4WptCQdes
+-> ssh-ed25519 51bcvA k9eq2Tc3A9MztsdTvt3sDYUj/usYBJMp9IJQZAR67Ac
+ezccfIhPZaHKsVcUrxJL7u3jSA/kCTqLmWuQfxrFQBo
+-> ssh-ed25519 vT7ExA BOCylq1RqaburnXxfsl3xqAmGSJnIxVhXK8H2xeFynk
+OWhqsbJgHWlo3hsRZVQgEaArK32OI25N4Poi2qJ9wQs
+--- bBQkNfDI0onJOyxOJIN3Yl2jkK5iRgYbK67RWsipXOE
+3‡ýåA9â¯ÒAÕînÛ¯t•y®ßÚCj-îž{ÏÅ‡â)ô6¬DfØOÆQ¹Ü}'_n†øÈã‡>UPêNæDRŸÀÁª¨ûÊÆþ-¾„…éÂ"‡´úÛâšÙ?À>)E0™‡v(~7 eÍC¾O\UJJüŽ$SÂ8èá`€F«˜ÄíšQ§0uÙ3õmH•Ž~P÷Ž£ŒÅLqfõ~ºi¸Æn]‘=rSre#²wGŒ ³¥@ß|X#éØ÷’Â
\ No newline at end of file
diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age
index aa33f26a74fb5fdd1fd4659578356bb1359f6056..2d2fac773111dd94484fe9f6291a1d9b437695da 100644
GIT binary patch
delta 246
zcmbQmG>d71PJOy@VNRZ>Q+`lNPDYtyhD(ZJzK^qcaZ0#jq<gukTYi$8W0HS?foo!J
zK9`$&et@r2s$YSbaaDF%NN$d0a$ZDnfn%_lslL0BwsA&PVybVceqwUA1(&X_u7ZBD
zdv1hfriHgtx=(OsnSqD1d7!&jzMHAGvst;5N0O6&Mt;6$xoKvQrz_W6`+J*(cT9^`
z?e^0yO-+4h5qUsF^ukoPd&jeV``1^9s%2|4W%ayS`)%i(=Cp7vxloh6g5qaH?yE6R
xPMJ}e>zB0V*8zJr$K*MgcN^MU9$Mwq+Ni|NINaGY)xdR0?n7JsP&3`Ey#OJTTi5^q

delta 246
zcmbQmG>d71PJNJ1c5z^ML{*NqadEO~Zdie@pRcxCguX|1rJq@5NwH-{MtHVKrKM+Z
zK9_r5v0GNUTa;05sefo%YLQQhWu8a5dv;!tuW?Y7g+*4NaacuhT4aH*Czr0Su0nE@
zW3f?TKuK<PPF}ish)<P^lW&xTSGZ$APE~oOpJ}+Wdw!C+bG}<>UNYCch}xG*uA<A>
zEQ|L^Tn%eTvfB3SG~-wQg3pXmA5OCiEzDtM@mQtiUYRJ>y?ccdL(zQih0R6(8aL#1
zxa_<+XKG5XXOvRQR6d1ePmdm)_}za0!<5ST;@{L)EjzM3DgB+z?k(r%|KSAykg;N;

diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age
index 1c4ea9543615e7d25d11a2fb25f979adc786766e..3e48ca0a11e4e05788667ed74dfbd1a9842aa19d 100644
GIT binary patch
delta 304
zcmcc2beU;_PJNW8lSgT#pQmxTXS$(#qFYINl&^MaQlzV|QDuIjuR(H>yLLcorgm~h
zB$rcxNky7xm3cr_uA8Hai*~t1T3(d7v3I#+epZN)QMjW^X{e)dc3`qaAeXMLu7XEd
zR;fpUud{hXSyra6ex*TGx_@Q5frUYUzp+zNd0ue1UwwK~RIq1gcrw>n3B?xY9j5c7
z_RJQD{3je~mz>|DZ5lK2_3_8Iww@KuayKk?<31N~M(*zR4VUjrcWFr)U)#KSj*iaX
z)uH<|;^eFk|42%2NKL<7a=~ia<`s9>B|Q9{$S53dC#jVB(>B9-VdHI%(}&|1IPAQ3
z`POEsi7~;>`90B^i_e%;sJ%M!U(~W8azW3t2}jR!I=o$byII{kMLF>aPlxQzxN9Zi
I8;-OB0QM7oAOHXW

delta 304
zcmcc2beU;_PJK~DVxUKMkx8CUkf~R&t3`y9M~S~nQC?YDP<gpinvZL)sil)kSZ=7J
zD_5v<np3t@xn-0`TCQi5hhIp9rAwl_c|?$YUS3*Gu5Ye)ZoYR|T2xWFFPE;au0pVd
zS$KtiUV(e0sZm5qR8Bxint51Cc|=fNa8z-Qzjjnee!YcTl!dWHnJ<^zRPDQ}KQbDE
zbvb`X6*!%k9%OIxZRW10S@-`q{P0m%4G~@OEJ4y^TKC@{M>K2yb>Dk_|HAVdT>kfa
zwnn5a-MjX5wx!nAqnr1;X|``*Fr60vMlO-xo8!k7hNx8U<9Bu|{%&Vg6@6QON_=s!
zB>(FF9k)MU*&!RFd9ARN)$7;_z5Nf$Yd^nLDmB@wzn^EtnYDl7>Nn)9+|+c9WB;-D
IdKtP_0B?4J8~^|S

diff --git a/newinfra/nix/secrets/killua_env.age b/newinfra/nix/secrets/killua_env.age
index 54a0777bf7f3d3a03f093ff050d5489d772da076..d9e3d98d9999924b5aa2d2c75f8d1af7c615368a 100644
GIT binary patch
delta 257
zcmZ3=w3KOrPJO0jxOa$4UUp<rNI<qnm8(ltQbD<^L1<NES+R$^UrK6~vx#xGrJq@a
zBUf%<il<|xpTD+YaY1pVcSK65NmzxOp@mCMhM9j*wr8G2VPIHlxml8dE0?aWu7a1N
zrIB&6yFp5sQ-!;;c~x;%inp70luxopSxA;~KzgNTaFwT9fork1lPj0C)j_TukK$^R
z&s;lqx^#}@yVc)P7IW>Ey*1S*clMzWp=niBz6L>e6K%g{@|=CE7%G$b@9j5RPgRGT
zM_LQIzOQNeC2^<I`}gdNN21qWbGwk+D5Kw<m{k$CBH87jfzBP)*4w2zHyb4a<^SEE
Kr+a=+*lPfQscFFg

delta 257
zcmZ3=w3KOrPJL9FV^Tqsg}!A~azI9EcvP-oXp(lIK~R>TQ)swFa&od+RFY|KaZYAX
zB$u(PesHK|MR{?FZ@7n1MS5CMkXcz#Vp3X}enh!>MSfX9g@t~Kp=GX@Czr0Su7YoY
zW2t4fX_T*TVTMn#Noii5lY3>FNtUCpMR`F^uwRi&YL#0`a+QCnn=99<pchLQy$IYN
za$au!`7Z7woC*1A%cIu+Oyioj+l!mQ`eW*`2-hDzS@R~QZVfd3Qo!l{r?q0@Q?r(<
zQe4(u+YP$+1;?%G3dx#dD6ZT!xzzu5b%bv0^E}<c?j@()R>y?w{B@PJC{Tr$$zN-Q
JWA5smzX1~=WlsPA

diff --git a/newinfra/nix/secrets/loki_env.age b/newinfra/nix/secrets/loki_env.age
index f071802002c65d2612df5f110b40c8e4b41314f5..010ee2828561c27bb424b59146df646de731f950 100644
GIT binary patch
delta 291
zcmX@cbc|_&PQ6J{qG5@@cX~-qVX1qbg<qISs%dywfTezgaYkC0g_%>Kc|~xUagtlE
zCzn}bK%l>IaI&^`j*(wMZf;OUK)y*(a*B^}QgM(^a#Ep(n@Li5T4bSDI+w1lu0oQz
zv88`*Noq)tew4A7u}4&4a&Dn_WSMVia;0BzQb=M_VSRo<NWPaxK_r&}-;#aK%l>qA
zHR#B;#~vup+P1jo>OC8itnRMj_YVALno`3p<+FC|D;KX>7HM?btGfBB!0H8)cdre3
zY24EMz45i*l!vl>J%8EE=4oEy6jV{OF1T3o#o1Er6aVE(mG55jH#kl|m)z#L_vJ%*
t_m>$~Cm8)V9zP{B*W*W6o{Z{=8MQ^m9y{9CEl*^zxNyL7+Dg#^Qvg{hb@KoK

delta 291
zcmX@cbc|_&PQ95^UWjq2XJx5VR7jy&rDJwfh=I3znMZkOwuyH{NqIr3S3#O@V!20E
zHdm^<V@bHHVT5OKQh82TVt!7TW3Y#hS(2wou5(Jhr@MJ_u(Nw=NtH#qCzr0Su7a6a
zh)<e%dPancV`7F^c5$vrWO;ExMWB0lL}Y4!S6)Vic70K{Php@@umzX!N};Fv^+K1X
zlr1*(Wm=T+IY735=AM~K-%h{nwYkN=ppl`+;qcu*b#tP+&)d%niw!@)n|nB~&|>j=
zqqS9~hpxE(m?zc$L@gz6`SpLZ`(@JaO!&R2{ocV#annsySFZgSek%Rm%e{q`(|xX8
vVLqr~RLT+ebnV)yG770XC&`{VJY~<Nqh|T3r~X@R3=GvcFx|HMyHOng)}Vc&

diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age
index bf78046dc5413d876071b7ce137dad5be22ab36f..daf2e339a9f7dc45cebf201b83765f762a0de51f 100644
GIT binary patch
delta 362
zcmeBW?q!~!Q|}f~8XRJr6Q1Saom`odonerh6O<H~Ymwt?WKo`+YT}e+q+e8ESXFA2
z&6S+%Xqgz~W>MvmY8Dxp>*VZVUf^GnW9XKa<6TkinCVgC8yOO4;2-Xr&82InP+Xj$
zo0?)|YHDby5K-mm92KZw<ZJ408kA+^;}~ohVi_6{R3Did8dX$ioavP5RjO|g65wA_
zWm@U1omc6~<!I>TR#s$~8J1<_n{47{u3wquUXhudo8p+1pB7T;?_1_+5m-`L6;fov
zrK_u}VD6Qe?Qh^+T3Vc)Sz2K3qMaNWVD9f7Sdx=so?%{`m=o$7l<)7JXkih^wdGIt
zc2j<Z3CZ;eyS<+KhwAqSmneSuJuTa)Z270$*!w*B`~H}AhjAa}=ee}q$yHJCdSJ;R
zFU6YZlcLWL95vN&t2k&=m957r#ngG#TCbKT_2LTK84GH3R6Lt6iO)L07X5JLip~^{
JRjVR(6adf*fkprT

delta 362
zcmeBW?q!~!Q*T-1lN}sn<m}{W;_Ts;lN;e_S`cg;Qsio8XrY}~keZbjkWrW&oFA2E
z!DZ;E?UGwqoDyMJk!WZcRZ$vJm>rRmYv3AXl#_3k@9dIPQeNVnol=tG%B5?kP+Xj$
zo0?)|YHDby5K-mm92KY#<eTH+6J(ZO6jqs4Q0iO|SRdtMYF_T1<CJ1joD$)u9UhgO
zS?Qi`pzUhH6%}C?;9BJyP-x_xSsd(L<>{TNpPpl0;g)Y~9AsXUR+wvM;aZTI?p&JB
zrK_u}pr7JYTBaW!QdVphQd($ikYs4!X6dM(=v-QET2|)jQ|go%?h>ILoaOGzrF!}9
zqsp$MOOn%;ekiyvZ66byC4TN^@{huk*SgPGg-xD6^XIXaTjfv6Yn8T@v%dSw@bbFP
zy`>d<Pf!0NT&TC<w8hWU>h~^XX}r4e_kHp?hDHG{udFtYBiw2;FKH}4f4wt0ZWXh4
L!t1pMoi&>QhZl^<

diff --git a/newinfra/nix/secrets/openolat_db_password.age b/newinfra/nix/secrets/openolat_db_password.age
index a9e307c829228daab18fef85d96b7d3b0ed89753..f202cc0df878f8211869d1b7dbf387986f6b30d0 100644
GIT binary patch
delta 286
zcmX@ebdYI+PQ5`+cye$`a8YKmlV7Ptra``Mo?og#x_@!LOHrhyOIko#uCr&bnQ?wb
zGFMupfv<M9c|}C1X<m*`NN|!@pqqK7OKMqZR$y2~lu?dPa-yYkrc+3wCzr0Su7at5
zQdDqaYIt!-PIjSpp{a{SS-5v`QKUt<b9SjwUP^FIQGJ$^cTh>7s|DB9&wL%8Gyhel
zsszsXUNiUIq4S3(WT*!k1}@!h_|p07)lc^tas#by1nTYodoFm7^t*YkD{PZ<TPN}^
zebVJ{Uw4V+wXAhLpUu;b?{d2pa!09AD*w^XdZn5@1`RIfChhBd%AvDZbmm01Q{Tdm
qcIRr{KeOg*o#`WW@#nKesui;C=9ISVKRBgyf%v8SmD(+fz5xLHU3@?Q

delta 286
zcmX@ebdYI+PQ6R1cd}P_L{+X&MwWX{x|2b6kc&k{W{`Q6TSZcifq9x`W|2vzzL9=;
zAeVW$f2mJ|L0Xu8UTHzHf4;wGNMxdORDN!`Z+L2=K}K1sX_}*Xa7v-01(&X_u7a~q
zVM<AHRJdnFN=TwXV6kVow_~7ziIK5aL70nQSfGb%dA&)2XTFI`kO9||ivgKEmY3SN
zn_W4dJ}s)9_gl;Gs*4|EsrZ!3D}uQ;DTl=}oz2?$PcZ1#o$Y&ey}G_~L!TaJ$j%bm
zD{ZHbeY6d`aa*-5*+?~^De<M2{fwoOXWlJbKj+6*A<xxv8*7(Lj8e5;Ae$SrVPmua
oqa%}dOyv_U2W16uhSvY<gp21TP75_Y-kHwez?IIb?|Hoo05(@}BLDyZ

diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age
index 738862b0c24d47e472f35185af6c80b47ae191bf..9d1e5fda7a0233a3cea78a05f02186ec0b2af095 100644
GIT binary patch
delta 242
zcmbQnG>vJ3PQ6Q^VSb6JV^*0#eo}F`k6UtzwohnUK#GN<yHj9zkbY2kN>OQ1QF>N+
zD3_mEh<<=;WTA7Ur@vW5YL0oRd$L7XL0M3UnU9mcQ;MZmSgE5?MpCe6K9{bpu7X=q
za*C6ydxc|CW?GT4x08RdU%7X<ez=F5SxK0ozNd>{MRsPelY3-ZMKM?Fwfj#a?=>()
zW>|Y!+IH-J?{Z>>>a=-#kMy{HIMi~xY>}Z!vX%d|1uLF@x7prtQRI@?K|6Q*<wsuc
vE(*NqaqhicV7E8t1D_vi%g&T=&rv(3DLVU;(D&?!PEGBSB{`i7wsQjj_Bdb@

delta 242
zcmbQnG>vJ3PQ71Rev)B+l~Y(qVN|HMOR=S8V48VmaH2tyQ)F;%hJJFHuW?Y3XL3cj
z1y{1KQ(}=@nqfqaX<$-eMMYX#lxcy7hpSP#o11%jVn&3gkFis^n`>p7FPE;au7Xcd
zm|H<egmz?Fnt{8sZ-7ghpGiSlMn-sfS&(<Sd$5a#advucs=0}!n=4mDg4*fZhu{9u
z{pTLc5Oh*@$;^}TEjdi-%h@^I`i}{2`EdSEcl_Vqu|FrU@Rv21-g&cb?w7Evh2NAz
vS0s3y)vJ2<-9_=d*iofvSzc46B?VtyUHI-mz^A1zb(e9xdoErVmBI-C6F*?l

diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age
index 3b6cb41f5a8e30cb56aa45bd50be5a0fa1943647..eee2e12624fb4ba32967bf349ec0409b57fc8324 100644
GIT binary patch
delta 329
zcmaFE^oD7IPJOa(YL0neUO-rsn{il@zo|>MMYg+sYDI~UXJ~G?Pq2PyWMD`|wrQn{
zBUg5AYNn@0uCr5Rae7j+b6HAAnonV|MY4xwU|48srlm`9YJp#7innQSIhU@ku0pX}
zR6uT6WLk*7x2vC9RCt=Dn^#bkp?ijVcyLK_U`mdse!YIGi9umdK_C}%wt2zhD>)nY
zecl!K?Cib5d?neor!!K1bNmx{d*!Rzmfaj17~~u4Km9)ab?VdZI5}g3xm)rsAM2NP
zYYtv5zdv|W_4knUUzdKQAC<Goy=nXZ?~IlhnF+Bid<DUoCuE~L{vPjBe`$5(n#VJv
zvOr<h$2V<mJ<dpTI-8N?shxAYZ~E=`1wQZf8@_hWVte6Z6lr=vZx-K`TV;zB#7Y@!
i|J!~!Y1MY|>BXXX+=gw@dP^oNwYb|YN{p^IISc@dz>j1A

delta 329
zcmaFE^oD7IPJL>!No2N9a&d%@V{ueOk-JBFj;DV?UPi8Qa-K_;ms6sTcCevSlyRn;
z371i2ZefOjo2PSbeps%)Tc)vVNp^a^NnVh9KtXb_S%7n5d5EuvcagWF374*}u0nEh
zM1W&@xU+{>pkK0nRBotKK~X_ikbzH-W0hZIfwyyZMtzoLNrZNkM>$vLmBp_f%sl<K
zcjMFKT}F-PGM_T<=e5nPX`A#+&RZ^tX~E}NMqAgZ`p>>&I=k)RlRnP!b4;CzN1mtY
zRQvzaQuw>daH^m4D(`v+L)+$4JO(xoVt=;RGWhvaKfa~>p?;zlU$o#o`SYEvY<K52
zi3hB@Y8xlKYO=JGeC0<iuP0}h<V8#lw!gVgQZt3&QPo_b#kZ&PH>IzsnYH+eky^O&
i>f2e$ZhW;1IFH`$+#Ni9#{CP9!f%W=vCkDT<^uqMp@)0`

diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/newinfra/nix/secrets/s3_mc_admin_client.age
index 719f1ed829bbc6f788eb8863fda54a97adda9040..2cc88626492607bfcc510256ff7986934c731a77 100644
GIT binary patch
delta 843
zcmZ3)Hi3PDPQ7z(fJ;<Pc3QTVb6J#EVp5`0g<F|Xm5+N`vS(6Jwo_?EuA#Q6X<>zv
zCs$!+VoIQiS5lQ<vU7^LSEZS@L4;A2Yj%cNMYusoh@WwOP>E5Qud7KxIhU@TLUD11
zZfc5=si~o*LP3CKa!R^_XMlToMsBKhMt*r_L~6OIV||fZsF{C>wz+Xux__0sM`3oQ
zPflf~uTz8tSEYw}flG#Gez2owiK{_SK!91Hr-^x1pnpWAMWvZ>R$!=Cx{rmEMP8N#
zx^)p%j?Phm3f|@!{t-cG<&G(7-tNBHIT4N}jus*1rkQ4yRlb4A0bW6-o}SrBJ_at8
z#atFSF5VetP6Z}mM#Y6`S(*MW8TlSr=BbgEP8sF-!R2noRVf}}MUFxG<r6=OhnHlf
z_<OmVC6!f~XeYb7L?$MsglG7M6b5=HdYD*-2If~}gqOIx2bh+7a^+ekrdkGvmYbOb
z8djJUlsX!gMJAW}7zKpoWtMuUho@y2XnRJOx`a9fPL5|3uMgLc3Q3C6cK0>+voOmr
zFv~Y6(asFYN;h&f_AAXX4E75%iOMq02rf0w=L)Y(%uh2kE)NO}3ePAD4>dO`Ff%YI
zsqhTQ3pRJl3v|u%v-C}l(swHN<kHpERWL5f%61HM$<E9)cXV~iEssi1GYtvK_b>^y
z%+n4nH7hnLt}k{^ElA9cFyVTb8D=6cm9Jd;&vS>Acdp-ok_Bv4m#jC;X}tW6E5|-l
zr~G`x#jWcXiS3RoxEL64Rk2~FlkuZjGxjbH3KlT>5jej)_=ASr#?OCGRvt{_J3Z~h
z!mfI)jNOXndMEbSO*`%!>)o<!s#^aS<-mkzx8j#R{ZS}wQS!K6Hg}S*&JAzB@|_Hi
zL<5d+x#v|1{Bi!lBz&v=Sn94$kwZodJl=l<yp;ZJycDRiXkmZ*M?T}j_4iM%aWG01
zKKoPh|JQ(3(;h7G^SAK(meHZZS8^o!j83-H_g{%x)8B1Sy|TmV#D%@j^bCrkS&sEd
z1T{Epuj14>{VDy)uZ~BOP5O2dYI*iO60x4Noa3wI+LIRH1=sx4o4EacZ?rBFa%Xqj
UH@{zOvHxx1H@8(U&N?v_0D{CotN;K2

delta 713
zcmbQhzKCstPPn5>SXN4gsb_{^glVzAUt(~MUvfo(r9o9%O0kzoR(e)uqD7v6W?_Vp
z0as9@sh_rMc2#9zm8X+IM2Vw$SYD`~pHZPfVuoR$Sz$y}MRtURaj=_X^2Cqg;boO&
zVJ4ZORi65pE;-o-1%dj(o<>HcZl0yZ1?5FyIWCs^;l2SL0m(V#TuCOS?%F1iiO#9T
z`N0`QWd(+bDWPR10pUeCd5LC*m4W8k7Fof?AyH<Ilj9l1!$b269F3jxj5FPf^wSEG
zD*S>=(*vBtD?QxH0~7r$6W!d5oXhh9DvR7Axx5miGRvaUQ-ZTIA~Q{$ybQuif~(BR
zLrUB|a?^7|yqt2we9Llt(u`6~CZA;#uQxU*b`2}Y32;izEeZ3;&Pc1U^eA^pFYs}4
z_VNx&DfJ6Bu{5?YElYJX;HpS>Pt-T53^Ovx^$7P4(RWJA4l6Y(^~}zU$}e@T@G7ZH
zamsNHPAbbP=hD^HRmgO$FtI2z%Z~K%s`O7P3MeQw%X7^uEXm5$_H@rJ%?eI0tk0`7
zEptk8Pv(j&<?jx8w_xEe<H>=?zq5-i|MXkf@*$IZ_-4DqyI9f=CMNq@>0g_lSit@#
zJHRnTf5QwD`v*s>&M-+kP7-5&d%QG?p^|q`%HdCK55GP=F=^F2QAg<`t@Z~vd2>tt
zs_$BO+vLiNDF0@+M)ln42cjpQUEAl#dw6%fxtFif)?-iAY$oO$joM<$FyYcRp|T?X
zsgg0?3w~X$6c5_u_tJe`ii@+!>lc%H=G^!Ceel_t&&zNBJ~017aQv%_w|&m6IqVhf
z!n1VVenZK|yCP3GW~|=Qa%^Xl`HJ0t7ew>#Z<?<8aLJ<F-4zO3eobUBERo#2b#2(E
zmJXR?l1`%f3U@>nvKzgApg5&|F7LMsI-!SWh}iwGS$0LN+$d-R@0Zq!=Z~-Sy>(jE
KwBVxciunLhHX_3S

diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix
index 1d3b484..456c560 100644
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@@ -2,6 +2,7 @@ let
   dns1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBKoyDczFntyQyWj47Z8JeewKcCobksd415WM1W56eS";
   dns2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZ1yLdDhI2Vou/9qrPIUP8RU8Sg0WxLI2njtP5hkdL7";
   vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R";
+  vps2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX";
   vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C";
   vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz";
   vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ";
@@ -13,20 +14,21 @@ in
   "hugochat_db_password.age".publicKeys = [ vps1 ];
   "openolat_db_password.age".publicKeys = [ vps1 ];
   "minio_env_file.age".publicKeys = [ vps1 vps3 ];
-  "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
-  "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "garage_secrets.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "caddy_s3_key_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
   "registry_htpasswd.age".publicKeys = [ vps1 ];
   "registry_s3_key_secret.age".publicKeys = [ vps1 ];
   "grafana_admin_password.age".publicKeys = [ vps3 ];
   "loki_env.age".publicKeys = [ vps3 ];
-  "backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
-  "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "backup_s3_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "s3_mc_admin_client.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
   "killua_env.age".publicKeys = [ vps1 ];
   "forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
   "upload_files_s3_secret.age".publicKeys = [ vps1 ];
   "wg_private_dns1.age".publicKeys = [ dns1 ];
   "wg_private_dns2.age".publicKeys = [ dns2 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
+  "wg_private_vps2.age".publicKeys = [ vps2 ];
   "wg_private_vps3.age".publicKeys = [ vps3 ];
   "wg_private_vps4.age".publicKeys = [ vps4 ];
   "wg_private_vps5.age".publicKeys = [ vps5 ];
diff --git a/newinfra/nix/secrets/upload_files_s3_secret.age b/newinfra/nix/secrets/upload_files_s3_secret.age
index a556152e28e6c5564654e09fe83728cd0afb4ab0..01042a4a3e7d24a71a46b013a924e5a8c8e7fda3 100644
GIT binary patch
delta 440
zcmcb`e2aO4PJKwBMPX%TwySfHcSb;lZ<4p0ONw@6l&5=kg=J}$ahZR3ws~NXhii78
z1y{LCQns(TcT~8$i<@z-tFvpOp>IGyh_k7id1*zeMV@<!XH-;nm~(ij0hg|>u0lpZ
zkZ*WdYE)u?qi3**iC2+XQINZbuYX`#P^NjFTY;ZJUVVi}s99Qoe;`+h$)1E`pEg_R
z1nidnd8&7-UyJ?3Bb#H^oY?qs_SXGtOC3GpkFeVZq@Pn>p}@(!IYfK?tDu9ruTSiX
zIHsc*nHuG`fF*Z#%CtoXnkMi1u{6fyY?6y(_I00m*-H$As!rYcI>W3Yzg|}3kj0Vo
zs<5-##WkCo7O?Bp9}cme;J<B!uNik^RrfZ>6_Wy+mr8yMTQ_sz{JNGetCr`o-1b}D
z6>-6nw=jFt=@N-6%Ab#TP2;QFRTTW8^pyR{cekeb@m%dl`l0AuTzRK{!Fe48$I7(u
zBNq=aDYGgoolaOZ^I0Byz_|z=l`6vzecT$X0VmG#_HrLlsucd+Fu}0qMDd5-5b^nk
u{#HD7ax2MEG`rm?vE<DagPVf+#S&V29{P9kUq3PJm%P39Le6s*jspN0$-X)O

delta 440
zcmcb`e2aO4PQ81kOF&MResE@0ML?)uSyEm|hG&*zc|cWup|?wZU`j=Xqo;O`e@b~o
zGM8CSsJXF0dSqy1g}<>`sHKH>p?QR<L5W#NQl({Xg?nyMMnq|bNls~KD3`9Tu7Z1*
zV_8^bMMh3;vT<%+a)yzGTTp0rhPFYfOR{^2r9rW0c)g*yQKW%eunAY>8xK!Ip3qHy
znWgP7<}TG1HPKAaU9P6{-e^G@gDoQ;<B9NtFCT07xvrR*|8U{d9f37AY)LK}KdZVA
z+wM=z6#gcXy#MREryWnUm3iLGKWEVtyZH*QapI!$-=4&;eDGSKKVYWj-gi8gnD;kt
zE3(L+%~q~)Id)6^q}|oRpOn`xsZscA=Han%(_ziI7f)LpGrf0K^l`Gv+Z`U;s|q*9
zhF(9ja9SeAGl%ycnbAhSwlAM1Uwf^2rmyRMfr7s)7gx=9y292xQ@FT$-7<dVhbE=z
zUW<iA&-xdASs3_wTf-J>v7l9#`?jkr3oAWTHFfDF@xG<Uek^Kc&zNkuGx~~Cz-hjK
vyL<h2eC=js%`6lAmBpjk@4}~3z3#`FOj+T8QtR?8mFb5S7N*H(&rAjYV>7+E

diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/newinfra/nix/secrets/wg_private_dns1.age
index 0f4a0d0..e9a0be3 100644
--- a/newinfra/nix/secrets/wg_private_dns1.age
+++ b/newinfra/nix/secrets/wg_private_dns1.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 LZU5Eg dlH/b9FXAowA5m9KYdF+MirRu9fKXhf76jHXuKA6OAI
-ADHjmdwYkyd24vbi2jbeI9GmFZuf86/Twm48J3g958s
---- WVLjItfhBqlv55yTzq0/OzfTSfD1ypQfu9EGFf1vUUE
-œ‚Ì<ñ{©„\VLv
-Î+Ôv_#PI§¬ãF%(ã„ ¶²ö>µëôãÈŸ–C'nËõ1|jNüÒÔT^6ÇoÅâ
\ No newline at end of file
+-> ssh-ed25519 LZU5Eg C3IfbvL4t0pOHEb3Bc54+r6DZESgN6K6zPDhBlDumXk
+UwOtrqp8I90Vux6L7CsV5K+2SDFB8LBiyLO8ud7IsQU
+--- 2tIecoG70broXFTtgjCUMcvk2RdKqpe5tihO6meI8DY
+Ÿ—AkÕÚ³&Ð`!ÍåM_’v`äý„´Ï-¡ÔEp^„öƒU#:©ë]Ñ—Dm»Ëyìñ™Î^Oõ+t8§€ä.ºûÍš÷; ®
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age
index 8495f12..d986ea6 100644
--- a/newinfra/nix/secrets/wg_private_dns2.age
+++ b/newinfra/nix/secrets/wg_private_dns2.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 5bWSnQ Li1ITKUHcUQFJX0NQCaz9Abjf6NjyVGTwE9WAzjJAU0
-UekGYi4xmM88U0BX52iKGWnBTWCGrxMyMeN6zed12D4
---- MUD9AikW/zNM+W3GiR23pw95ZsDhsxZVn5EMqr0X+DU
-Ê‚ý×]?@¥êTHôÀ]~œ?7qéãýŒÍ"W…+`·Ñ¥+Lµ]ö­‚»Êaœ­ÎSx*¥¹]6’Ð‰f¹îÀ
\ No newline at end of file
+-> ssh-ed25519 5bWSnQ wqkRMdob+7G2mTNKySF2kiGhOKt4GLN/ne+4lM3pIwA
+Iz2Brik6I6YHjVxQcoDL0UTJOWcjuiErf5kCeWpnaV0
+--- 1ZkP0GiP78eGKl8te1w+o5I5kEbyPaiJFq7WGH4k1LE
+á61zIìTÂU/ò5ã'|Œ½ûÊÌþìhÕ>z±ñ¶Ýr^É‹wanog´lùX„º,kÜ¶G
+cÊõ¸æPÇ!Rh×»fW¥éhä §
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age
index c4e3f87452f570738a202f154e18c540ee6cae8d..089fc55446b71ae8c46c6793868734b15d5f29b9 100644
GIT binary patch
delta 221
zcmZo<YGj(AQ=es+?Nm^h=8}`|>uVa|kr7ako1JIrUXtePo9>Za=<MO0;T~Gy<e6t|
z!WA6unjM+$QQ(?kl2H+5>Yf~E=2jTx7NMONR2CK*nOBh<VianSoZ(aK$fc{RtB_t&
z?wDdwR_<1wp6VCjRG3=mSX><J?%`LQpY0!P?yT=s9_A5J?qlK~=*h*_yFTm}*A7`(
zt@qb0!xyb{N)@}vkRdH9o44bdlUeR-KBi4iz8*KL*37H2OiO=Y;w!%TcjX-K>;*Q@
Xh41kl5(^F9B_ZaQoEdrLbg}^e{83Qe

delta 221
zcmZo<YGj(AQ*V+O6ltXG?VIhMAM8~Ul$Mem5>)P)WtJ4_9vtXZ=9N`wW@c$*Y3}Rc
z%H^GvW}cOAX`E`3?;GTu>t|YO9Fb`399rO6V3`yZkRR&kUYM1V?q8Zy&ZVoXt5BX;
z5Sba6R1jj4o)%T<X`1Yt=Vaoq?UUkb8BkUnTH$M+7Zy@xX=;+^m(KNd*4$U$C6=Uy
z<=J12U3&1~kE4y#jTLhYrn0oO^<R8+W8;R8pI5*B`q_qM;ezNn&2sbe*Khj~ZGTs8
Z-IKY}Yu?IjUv}9^UFJ>rr|BB)QvuTKS@i$_

diff --git a/newinfra/nix/secrets/wg_private_vps2.age b/newinfra/nix/secrets/wg_private_vps2.age
new file mode 100644
index 0000000..a92b028
--- /dev/null
+++ b/newinfra/nix/secrets/wg_private_vps2.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 pP9cdg GI2CXAYTJWUqmab/Fnl/cFZVCCBxYZX/snQ+w0aPjSk
+8D6TxN4VYH14GQJ/XhUqyfKNLjM8f3LDmykLAvtl+IM
+--- 6ru8v60LKlJjpy2PnmcwBdV09KMEh+neITYyuFscSIQ
+F Ð™¿y#<ï¯—Ö‹màß˜žº¦¼Q2Õ^T2Lâ9µ]LÄžµhž[b¼rß¤!ï³jEnS?¾ìjCRà%„ÓsŸ;mœƒ\R
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age
index 0e7dec1..2536ac0 100644
--- a/newinfra/nix/secrets/wg_private_vps3.age
+++ b/newinfra/nix/secrets/wg_private_vps3.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ J67LUjHa64q/z1K8zZpx1rsnoQ94NzhkeXEpfNr4ZVQ
-dy5Tre9IicxhLBHoqvQAZepG7bNg2dEXFT5iPRcWOcA
---- 9dJKhJeue6VNi0Sw05BX/t8jsxXyRIKz0K3/sy0kT7w
-Ýh9ÎÛËi£·ÀÍs¡ØâM=TnÕw€W)õ€Ûòêã²›îÃ\ÇÕ<2*%æ_ëå×Ü³¿«ôgÇLñõN‹5c—D5ô@áÍ»ÂØ
\ No newline at end of file
+-> ssh-ed25519 XzACZQ pOD3jNWIufLkEVtkFJu6W0QjdzPJTK+t1MwgACv1zXU
+EJQ+9xPw6MnB6nJW6nDBUlzfHyY9XlfBIQlgje+FVE4
+--- BmTwJED+mJ/Qr0WFDELozwR2BgGDkHDcR2I9eSxuVn8
+KêÃ~alNh.€½ù «kiAÛF*Ã/MY±ñ¡Zd†¬p”AÉ+-²Ù¬A¹Ü¢*S¥Z¶ï„ Nê­F­fˆ‚bô3tª×rûÇy
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age
index 414c14b..ca2ab16 100644
--- a/newinfra/nix/secrets/wg_private_vps4.age
+++ b/newinfra/nix/secrets/wg_private_vps4.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 51bcvA P7ouUh98Mfi9Jsu6MDWaWH0NB2alXRIK8hxBIs0Nylg
-tUZ1sWLlvPizsSWhK3fnVVhr4C9Ign5rwowxePGXFII
---- PHPizXT8GPP9mIFg1paqqc8w3qsX63XpLkeT0APybik
-—´B§?*8-nËLsÍj<‘ k*.@¯ªœé6K‡Ug ‹×'8¼Ñ#Žòíhç.l~Sà3£%¶šÀ!ŸVYK•l¿R¾ ´ÔØ˜o
\ No newline at end of file
+-> ssh-ed25519 51bcvA mzB9FcwUgPczK4/Rd2DZvCYoQfjT4qE+Z7HE9yHjgGU
+sPDlr+YNhvbjYagyJb/kua9dWeG9tSt6KNjKh+/p+ps
+--- uZVoWpqKjapTtWRGpc7cUoifwOVFfd5DU+9pQpwruuo
+Fv6¾œÚ‹Ëï,ø»K¶¶Ó†(ÍÝè‰kÙ~Y4Á.`z(]w2²MV"¼%À³JUÚ$ô•È«ÁÇ¸CïG
+_:F¸Ý§ S
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age
index f677cad..fa70bad 100644
--- a/newinfra/nix/secrets/wg_private_vps5.age
+++ b/newinfra/nix/secrets/wg_private_vps5.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 vT7ExA 9+j3VYkFAW1obbLc31nv+45SyPMqH1zZPkI+PU4lVH8
-G9QkkyTNH499EWhjiXCyXt7HgHlzJTZsaLiR+yOF18E
---- vq7bT3yTioJ1UsD7hSu5jyYKhOE6UMIMsosu4f5pK1w
-Q±žž¹ýÁ˜ÅVÐé#(7èýÎEYÉÛÅÌ\ú££Z¨?GÙ«ç_CÛI¦îÐ‰gNi´V¯å‘e]•¢tx@¸w+
\ No newline at end of file
+-> ssh-ed25519 vT7ExA WsT1cFerSGwOnhrLBTN62zydQVC1oPQxXtwQxGUSY1w
+Je1zd3NJ16yaOHQD8iPX7eaPJV3WH6Z3eiDkFip/2FY
+--- J6ZhIFcXF12n+pV4JEaAut/QB2c5ycYSIGo6j3nLICQ
+S‹ñOÆžsIµ½öüÜÇ‡ãÞi—=Ùm|,gõnYÖ‚Dv·æAâd{Á·áq)~Ã3Ó!ó8¶·«ÞìñxPçÚñL7™"
\ No newline at end of file
diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age
index 105c8e5..d3d06bf 100644
--- a/newinfra/nix/secrets/widetom_bot_token.age
+++ b/newinfra/nix/secrets/widetom_bot_token.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg sAwuep3NgetXEKK5N8ZFP6Y0IDAGtTLIXH1hh5L0Hyc
-8pB7uytmRSkJMKi5S9YSLHKLgpYKkv5w2WaKaJL9sT4
---- JucAnOMMuFLpIyg9t+Azths9ttk6by6SKcMWA6Cwa+0
-v§õ‚Ð(TR›Í˜ä´JpÂDòÀ%J—*^îl–—ß±‹½ÂY…/‰§ê'®zBÙž˜Áë÷4§±GÛ6Æ·(å‹/\,Wérææ7ééeón€%á²@
\ No newline at end of file
+-> ssh-ed25519 qM6TYg n/6/3HfVk0IWfGRbgBB7qLkEXylLgYDxNzbLTaJWyhs
+jNP6viJqbOgpNke072hDeaGmApVc51wAN/O+8Gc58U4
+--- WoF4XMNOMMwKJ16Q7QrH97cGdyJ4nB4Dw04dyznfmL8
+þÿ#ÙÖõ"ØLËÆi"W€µ•AEŒèû-?Ø•´ìæ´~Z¿\‹±éÞðgO¨&Ùõ¥´õÊx¤»³vÈç—¼þ¹¢&w]ý"¢¿S2‹VÉ¯Á/”É
\ No newline at end of file
diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age
index 13998d281522547281dea22749b31da205b595f5..aa4e0f9a7b21f017ae63ccae56b00c56e42fc334 100644
GIT binary patch
delta 4000
zcmZ1`zf69DPQ8hTenDc9n|Fz~qlb@0slH3OfpeBqh<1r-c2<E?XjYJZNU*zWmRY!S
zHkYGUiMMH?Nl8R;PNbi6ph;?Rq@R;Tc}j*~Xj+a(c6oM=t8qkjs$qDM1(&X_u7a^?
zRidG@kAFmkc0^f_V_vYUnURNEXnAO9m`|#UnRA%8W4)W3nSW@JVLn&s%Z_~^dgj8r
zz8qjon!D&Vr^*S_W9%$_Hhu@6+kUK?_#!y%_gsgMkN5O-&R?P-9-FoE*N@}OB5jep
zPv4)C;9S4Oz0G`)>Za)Xo)W!<aXme1T(|SSh3Y<f7iM!YY;CkU!}MKq`x7by=AF@F
zO?hhHuE832|G9R3`oxo|(_S`6uG(-)t@HS)*p7Lc%*vN+rpvdV%S<j0y}arL%krHr
z$Fx;Vtv{9Or)W>^HOk!ha`m2-Aq)Lo<=1`cJ$^v`=wx55kiTAjFWRnbTGrj*T*Z*j
zRV}?OV()@lfjpN(X6LQiyVUx&?YQ)WwZtj$N6htSiyxLu%>49p+o}3A!C!~>Bw4zD
z-tST;`odmxZl!3EZ21FUiy2QXOz%8h`|1DUb*!r#ep==zZ`69yqjhTL^CwT{wtHtL
ziJv|auHrc90$=F6<Cmk0eubQ!v14-4+rPIAJF;{cFG{|=Jip`g`2&q!4WBcPG8QdR
z7p$ty4wlf;6^iBR?235Bx0pxoOZ}qA`kZ!d=9I|3yN&Y>=6zmyO`RiG;*{my_eaf}
zD>Z|c+Q)g=?f829rTMJccklmOlDWm?<BZCP!sNJ(>v;s?T&|uHJn_|Y!ugYm#b?4=
zmp@T_@66KMAF(xWiPfv>e4Q0<yDMLO|LMwb;~Uf0#W{)RW0uu!bnC56?0&&&lBT<{
z{?L4}nM<ZzWtYC}vA@ppqVR)#muoE^P5N<(XY+LDiQMAtC4XPC<h#f%UYt?Sw(;-w
z<QrK(>YR^Vw5|KCqb8vqTp_=@e(A;s<?e3}oaujg%R-Ltcyf%<j7{q2?ROfPO+TWr
zE;Pqu=Ju7%2QR-oUUAxQQ+@i6Nrxu)O*}Vm=1ys;dTR+gz8RtO?*Df_Qe$pdH1*zp
z?H1!V>;E2nt$(hwM?f}uGhctZN<LQ?>pc0>8-un=Ug4Ir+5U5X-L!3zW)Bw2*_eg8
zt;n}Jb^1;6l-_j*A5T|*lkvmzr>5e)a+?RHRYK9ZXI?fYOU_?>+|qHvKCTmPmy&<J
zvQ%^ykqN9_akQy^Rlq0D4wkQPBxC-TPiAF`voMcjHo0n_XB0l^E~}Whw)*R5yo(fE
zZE9v(7)icZ^#7ckFL#t@_YteFUOxS6Sl=!dGhH;}#Fw9?&DBEp+>(BoPfB~rEAr>L
zV%6^6X)Pz4*6<xJ+$(V_N`3ZyLrFgW?4{`~nOqW+@+2Q`V()VHt!I)c+^M3VyzKE@
zmB;PVlgxIu$|bGu3;emmR_u&h=}MQ0sz3Zz@O^o9v1#L<sn-)%b<fQI)7i4;?bO`W
zdM~ejwJ)o6;yHV8G1H&bf%_cJoHCWa5PW!jHbYO?NtLTbcZ=>t2FA?{S@us+&hmDC
zQ{=Do7d?mcoOySOH1FrVeOWE1{-<Q4``?xMKawMsx~WGe^=&X%6XCL0=I@S&iQAub
z>wVX(I>4Hs;i57xAoF;++Z;KQyE~mj)IIioD%^OyJ8oa;slQKTj#`wsw2NFR3SV69
zvZDX<W|KIL&!-c)f7xg5v;Vef-jT~U^Tnz&!-ae%?sBSRyHHWI^||ahmoBe^D{AYb
zik?ZmnG<(FS(f8qs_^zRZ;p%BUgy;fVXSjm^~p9W|5M>E!z+hsjJ4++xw^ytRxW4h
zY@H3o^7psCD_nhseMN`Uj0$zXW#<p&_b)$aog<WE6=A-K^XIkp#Z#o}pFL^2xXt)P
zPR?4_W7V!6_NqtbY^;gD;_x@K=ip+l#fyqJCe_QXODQb*rNxjorLV&9#;<a7afh_U
ziQjkhC>HJ7EYj0{&%8E~=S30UYjLHGcNWccY4~Gx#9zYt*pj9ao3CA$Ekqqe#f(^H
z1)r3-Af<lm?Zl|8+oxs-{}g!T|LaD?_GjsB*@k|a8dX(}^UBUAXFF88YW`B@SmE)q
zreyZ#T#n{?w)Kq$(qZy{drFovUgPm}PcZlMyEwr_{L^l=#hC@)9xf~2-tZ%Q&32oO
zvmfgB2*0X0v&ket=Ze#!1@8GjL}Tk}ANyX?;5~TMo~h;GoO9QH-FADGw5>ZpJHaVX
zqfcnwORbB6>lc3X_whWxL(bp8)powfh4-1AKc;g|?M%4Gyr}-o1@1YvF5ln0`ct@E
z>!Gyrb+LVquGSfgC!f7yEU=&=bi$fTp}$=|YhI9J{;;Ux>0kXHEK3ee(Dh>6WU&3=
zG`$D*HlmzMrMh;V;bz+$F|nF^TV<Tn)y@0v+N|^WyJweq9iPuF=a$@xnudsHdo!Ny
zd0hQGj$_?=E1e8g)vpW9zt$hn{E=@Q^@u4T=Pv&%ul>7Tt4MWUij7>{{B3LWdPReX
z#www%&4Efso@L$VspQC#c^l8Nc~1Sopw2tLy4NSU9-DOG^tHd613bESolI$1w{p&v
zo30Xt-qTxF%v_U|vhQQx@m#@^M#t|+MZNuh(CG(*%wnZ-4*SXdKfQ0Qy#L+dcfFUn
z-LX#QohQ|wT|OD}pz?2I;P=M`buMM;D%@@N)}`9=&a-fN9Pf4anbh?njsxFq4_8P;
zib{PIn3X%rLF(q&$;UoDo1=0og{|?tWOMR=eTS>7uC&kI>YOTgL4KFgOkLMUR}MM9
z+;(`=QKpYS4xiR<5IYh0GP93GN90dI(;0?m_3Y~zmi$PU^}2Ctv+ib*5TW^nk8Wla
zURt;I{|%+<b7bbYSEjeRY~JTmqI0ZimfOUn=2ayX`oS!lcYY0jZNU)WeK+pM(cSZV
zI&2%mk3YJgl)G^`>w&^_)dF4iO&hLfEKFNBv20S<_y0-@5*}=4eez!SbbIhRz5R<^
z(=>N0?sVK!&wTY<(423}gbSE99h-OSy-1qOvYt+xRV+&FkI(7n%xQ6!G-eD?`q6W<
z=ys~I&!nGj!hGG8@2}o>yy|@+-^SIM{pfokYpFwCTcRG$zW3#A^23k6lW#vPxA^OI
zU19rmtLL{3Cm8<=Y7vtze`9a>pV@Fb%iRZu?;QK)CuO@SxpYmvaIdQC_9wx5-~7#F
zw4<gOI@J8v|6Kh|diQQF3B@0E&IZ4(Urg+5b-H-xd-f~m+8v31rdQ^t|FfL^owL)2
zsriX*UH!H0r_t%!3w7>^UT4}qr|X!kdAGK%S7G_&S`&v;6|WaIe_F0)H>E@Qy?fHy
z-;<J9W+sWQn;~Bpka_F6Tzz7M`re?vj)^CJJ7rvoWLS1~Gi%n;;J4<h=4bJ{>CWEU
zy!C13QeDqbx5>I6l0JW#w(WxAeTijLHi&JNxgmeQ_C+H9l~BihtverCaivawdac3T
zzuUFpR`AqR>8G-vZgN;ndcYKUtwqObF{gid&$eq@G<2sXFODfw)Kul+4PK*DzmuWy
z<;!a#8q>49&YcpySe^2veT{Pa|NO97e<pKn>NaQbTA%d#fKbzkZI{0J_;wvXbZzF=
zm1`@4Zn}yc%AS-^ee?L-+y~#T$L@Q6@}#EEBKM{x(M#X#IoKGp@a5^O;`GLxBi1`_
z-8%n>SDCLdfKkuDyJo4)nahtO7$+x9_77C7cPff?cx7|v)SNvsxBeZn-<~ccwZZRF
zLZSG+THe5QD;`>{v3c&7D{f)?p3~T(-}IeN?}{WZzfiv>gE@tFA2XUU`Sv}z%d288
z+@l`<kF%8PyM<_3#)4PLzW!S||3^u<CQWR<suFNu-A}_chc~ctXHM$Nv)A6!bME@S
zgDkHYm)AS}7wlzm=iJsCHQVG*O{ha3N1wLwO5qpMd&TQ#=RPjd-mCWId4W&E%s@V;
zjR$X4KUrzb8MNVyQPTRA^LP&5lU7>tb>Va6>C$f-mhX{YS^d|-dF|>p<MrpomEC_W
zmORJpQJ25D&~nGb6~&8r+rKVpoOjzN{!Yf;y9|8pY01{=^$ArwrMD+9yMJXXZ_4kz
z5!>0ri@X|aUK{P_-sHQ?^825JSf+yNFB@F<CvmSj&0PNPXre{z<j#XN3s+mu-`U9a
z$)z;-a=5HS7>mB_n(3c1jQu?%f4q-Bw5X^{RR5kgr`@JiSGO<Nrf_2R|6e{G#|*FS
zu)X)`TzZG!k>dPwl1(e?JKJ7xR~S692~z6Ket-OdpmTivo4)+O<Oj(MCmokt+3SAA
z+$wy1n?6U^Esij&=r?O_NiMLE*VOx=Ve0nV!{qGi>90ka?%w)WsIyJ|!)ck0X(yI;
zD&#+j`OEQ~E#Ikbw&M3BrY4DtKc&C#%ayt`?W;-=>r$srXMGrN9NlDhN3Z_KB0IJ1
zGhe>>`MmA#^sjd8uP;n)NlLVw|1#~dX?j~#&%V6}dF`G)Rg3M}cf^n5R#pUW-i5sD
za-ThZ%x+cXk2c_3RO|90-db-Br-dx{VY8ISz1gOFE5!fLzA14`^+#eoZ_nk=edpIr
z@2QDiW-a<KV{zrQ;NH01Q<nAJO?SPSSbtTbCtZBn?jLN&kJyBM{i|c_xZZcp-?G5V
zGySVVdelB-sTI%uz`IANTWZ4OxoK}c_umh4DJfYKaZQDN8l&^y9TS-?&)(R2{`Zx)
zYlW2z&Pzq_nEQOs>Sd3g8(enV_4UIU#W*(Bc8mW<#X_G=5#kB6<+^+Id$yYp|MVRO
z=^vCm>;EtK;mo_WyW-I7TloySH+2oVSl6VM=&5$-?|VOu>DEssDPwp4L+TSb=9FwJ
z*k|W1w9LO<qUid4Ef$$Vi>`g^w!Si(7rs_d#c94w%eJdNHw1UwV(V?3{U<;rYAL(t
z^=t1QZ!qFaxXSv|r(zP*^G#f@)81Lu>~LLH?Z_#U{Af~r-2W?k7}hu+@VXFEF|~Ha
z!(-|^=T+J37q7ay<odfC)7^Kiw=^@Dmb(0~_N-&AZwh2jdo=UyP^yZEkALbbzvrFQ
zc@-z;wq@t|HYH8ES25RcYSO-_dkGKH_MSZU)kO9ARtc3AHzH5`V)S45Ptt_dGF2%f
zvOw<i-}X-{na^+gt({Q+CFk9PatUSOO_%OWw&&<NIwxv_iK$VX=385J&;A#muEd4S
zs|<c^{>S7|w9Qr3+!<^BdS~@4y5XlU`6c1}>GS@M`E$(|Mr&>j+j!;5#YvCS87n44
zMH}vvo^z{R^1kIQ@#mQ{SXky6O|j96={jq@GGb|R{Ijn)v+S1Xn<~ZbSyr#1<MHv-
zoI58!KX$#5IdR|Fhcl0DS;3Q`J&`wdk$jlj_timSDz!T^!*Yz)1b@*NuRF=88K);K
z^|dIl{&(&US&{!CYfJZjGhT4M{?AQ~!-eab59Wks3w>FnEBfug8s|ywYxB;?be(kj
zdP3q<^o@n9+v{eX)U}$lpt0Dq_0pk-0h0W4!oDnJaWA+S+7a{Nw?pcdiLzHd${pc-
F1pre7wmkp<

delta 4000
zcmZ1`zf69DPQ8D!r-g4;VtBZRNn)~PR%m#!i;JhHOS)IEXL(tYS&E-Ys=h~NL}{dJ
zIhSupVQ@)yRhXBbUx2=ui?4pTQ+7~JfwPxWuv1`CWn_MUt9Ef(m1knE1(&X_u0pb(
zVUACsZ@GzKa*m6>Q(kheX<m46US6tpMUj88t50ZFK)qo~uAgH?P%+n3gFF9Xx{nuq
z2<@z#6Tf_UK=!2nu^aXFd9Qe1RJh`&amcs(QYAcxjkg-z@osfEDtxwK#=I}NJIWt;
zy4+RC-)3t4_R2%gt9t9t3kiH%k+#BWz0q1vu4ISQ_{dg!u|wHQuiiZ%l)o^=-st%A
zz29D+E|v((`~51qUPRs6%}ULGr;z?Tb(4QPZ{I#pw<?Qe<Jyq!r;+naXP$VgbkWRc
zj>~gX)|)#HuG->duyRvRg1Lj6>^HkQZlQ9P*sr#%QiZ>QcFu5ot$%k_&Adkm54Qye
zUMOQK556@o<Cgg}x2GGdkIsn?d8Suo?&6bv&EnlN)76{(ekB<=yPd5sIX+XUqvj~{
zo5`I;A~PSQt}n4t?b*kYx80gSbE?gsy=!(JSr=G&?ATM~$EQxtm+jiNf4=METLO%Z
z4H92(?ml?&$npiz*=f$_s+41d;<+`R=l`?PSzmW+w_@$b8LXA!@^h#By1gj$A?GI@
z`%;yq9~bF(hcAj;thass>8VMJ+K<(zALaSL;Wvrlis$@=Wh#g7tgL?W{;I-FQ6a7+
zJJ%(b-u4S*EWW<7oN38a@0(u@8oW(4FQq^H6}iZuP(Ps|q51ZkzZ%{K%$M(p=XDw;
zD!qBWGdX;}%30;wq{?R-_GM(pJE*E?PSLyPv3%){J~^GpHQ$UFa(GuemA^5LWB$-_
zul~cAo+{6udtw;()}*g&`ZdAA;H>kN6S6#qtN6_HvlC}s>J_MQG(55}>cUK^-=?v;
z#S$Uha|$+oVLH3)>7Cj7Lfl5%Oc%=U+9;vrRxLfDBZ9Y3Xx`DJLr=|QY;?QSC+VhF
z+xPjVMXtYe&VjXW_f$u%Ta|t38t-|V>?AA2O-<@uRf4~-FiK4dntkoUmK&zU1<!YG
zVhhu;-dxhSg;no|+O=a-GVi6&xm0!SpziaPKYK5I{q#opW1piyZvE=lS6FBI`uTWk
z{_eJkyubPIM#)2Z=E6CrHXJhEVA#Q@c1NHh>if@ww#S3Z0%j%L5qEejvT7fntEq8J
z%0})h5_NK~t?C8$u-hs&S6wX>{ULYtIit-@QE8vLtw;a4gdc71E&BW`u%Pqp-PhN&
z`%d}XJ#)^TV-081^G{nR9+_l%YP)nz>;G;M7v3AG&#!Mk=TkDrT&m+Q%bq!EtIgOC
zGikj#CCK49>&(fJ8%y;}+$5_?Bm<;>TQG3kOP!{&WutWWrivwr^+yY5{@alqee8Ds
z&yepdNi%sZFUeovm-1T1bk^NtU(kb=Ta0G5K6-h9O>BqP&G_+nzvvUc3sS5S=iaDU
z8TS;fs&-iZ?b3DWuRRLgYhPRax+0i-^Ks^<yL;?j?0EnF*o0~6=eteXd4tSTVvdV=
z+H6znc)RiN!!u=<PH8SZIbpF+y<_ywz5RQ<V^foOFP&=pQra@_-SwH7b9P)`=&x+C
zd@jfPnG9uI#%!i?8OIX@Eskp`bv()5_vluWfcX7`+df>M%NBb-V{fRb-3I|FQO+p2
z#_GFG&HC+b*<ES%J6EN4WK1)1`%`>Cl+$d3V)XUOcnyushnHLln^4#uD78&LQMmqH
zqLa*<l}po<zq=Q9{(JHN$&QTndkIC8w#iJYs5_m@Chm1)KDVmV9qkPg@h|pjTe<zn
zaaYPsoaD;hd-P|pSIR+;^-s%^Uj3-DNEhOs@;&8sf%T{NFB(3kt4?{MJ+UL^<g~Yf
zEF#WN9Q(ME_Syd~$@*k!*cRASrk}Fg+ilXfdY^qOgZwsddTUSLdUSfRrg(}=<#w41
zi>6JM4-%EX^5bli@S%APPdxYSoiStgf(EOfc7n^@KYp73ergHZ@lNqP#kFp!w`6|B
zToErU^0>O$ndR$`v(M!>Ei+wJ_u;}ezLwisuRj;bS{y3v>-s0N{qTRaEoqm}xUUst
zxO2N<!gG~#^=uxC58eCc#guk<0@r%K7kau6_4X?DCq4Z+A-QyQeck7Slg_rMzH#B)
z<NoB!rIm+G^_H{8yn5ZO`o%o=UWexVN7BDTpF4`!r?y-ZE>er~I`Qf7CvWW~^B%ta
zvMopWOv*#+E=k2S-r{PD!^Lh>q;oPKfBo~sOH((()<^1HXl`%)i}h<)RT!~1skfJy
zOkE(w`k{B7jkVXQ`_b)>e#x72)-T%?ac*g-eDsaiN!Lz)*u^aIyWzw;6T2!_i{^wM
zRqBE#Bc`}@?(hqpeTn(wjJ*%ol~QjDRv7sRu2_8Kd8+g0K&e}&X4u~}-pKV@b@`iL
z7E8t1eN=e<TlTuC+lEe#E~$@ftgqkA;(T%PoRxL@70SvVUs=q0c1JXfrQcU>Zja?w
z?QfbXjAE_a|1_RfJWw*cW@4cF<hx<c+OB6FIv?kMH=lgWa-(_Js;HXOvWtiRvzmTX
z2;T6AQ?$+Wn$wK``>p4-oS&B|#@+bzgXN=R_VRlcYfrqC&{a9{dis+v4Y79#_31S;
ztNd^7XcwHA5%hD%^Ps&cMQdI9*JjsCnwvkf@krZT(R8Bj+riIThYsvnmJpYINo(P!
ze`|O}n2IKbv(++7<>#tTpI0KkA|Pa<z*?hunnJ3{d#wLWcC>h6aAWntJy{j69-QGi
zV)?A2D){flgQ<T{o|Txwo9o_Xd;b+zU0z)Mx+?ds&C={9F-lLeRQ_!&?K72`y`1^P
z3q_7+?Xyp~%~gxAUAxn0efP_DH~p=8-dtw;r8sv~&zrxxMn0zOpsv%?x2du=o^hYJ
z8_Jf|-o7<Ku;R2xLBRKec{y90Hl8>CzPNhIxysIFXRQFUszoQCbn#{^?rst(SbcJT
zu3TR3{QA{}tY4nLTeSM%GQRUUfm>hPHfEWY5ZlNhHA&pAY093>&i)3wS7fFB`ufD%
zDd+L0C;_3`<>l8r&PAScuYAIx@TYx;9JA_{+`RHeJ^oBP&sXdpehSQU+sm|mVv?r7
z##Y1Xf>maU%avxv#U1>qr~PKpEy2j2_6nIi!k3ft-h@x7-_~+xxx~MhK69SRa!Rsn
zjr_6tiO!Z)EqrJALyxW(-|F?SH}9CV<g~YM=6%UsxP&8o3d`nX>Ei|`KAD$<<!wF@
z6YDqIaf!w8X8X5S=3iPaExB<G|5rQ3ZC-og-sw&1N^%Q)yQF3HtLMM!ip}S{dkC1U
zGT!*peX2nli}RKv9b$I%zs@e$=XP>y^3#dIa#J?@D>XgJ_-+*vYjRrnv#;#mCzD^@
zz5D*>-`$g3&p-94ZL4QDZogN>_$7N~5vRh2$zjT2))uO7<2hYKmrb!cd}`JsmeOn&
z_Dk~f`tC<(+uc}tt+(Y{M7A!IPjOCr=e}#HC(VyYJbGZh`+EKAr-~~Jb?(&{PM>A;
z)bh=e%z~ZYtLE*0sylh69@EsDakBq=Yprh-27c$-@YFu}@YeGB%83FwFN;>5sVuC2
zR%>{zcYf~8b>?qvoT8`wN_e9fkleXFOK+Kxjm_tMD^q1<cfV-i?K*9D^PgQ@>D3Np
zuc?a)G8@(A-3aY5OuE1G(4@uocajfI=Bn@FoO(&^e%tl;$GxNT6wYY$AK&y&#XooJ
z)6xmcO?#$K<T}f8?>5)F%0p3a&u`lO=<$XF&-hOyy=ecSvD5t8ExiI&uk&_owu=of
z9-a4iSsjzrSMIYcDoahLMM*w>Qgi<7{6ij|1;3xaWSFiLS+sTG<-e(ny<+JP7%S@o
z@;~VReN<nyr|VPgD*@g2A+J8YF7inF?eo`oRrrG`iXRmJ?>Q?b@^Am%#N_Me?<sLL
zem%Q!bBfs-`_kp=jot^A?kL?o^G8+g^_V%UwudX`oK9Y+|JYV!!rI&a%sU_Gxs@5&
zwX5WAyPm<jk>lB+$~T5G+b11#^WT&A)%j|c!F@xaxS~gyHuZV?*G_q_lJKg1*UBT`
z_eM-{o_^^>?2@~!ZhTETop1fOTb|goX~r_g7P(I|J6I-t{*zg5!n@t+S_Av9gD>LV
z%v747YkYNOanGw+U&Yo%@{~)f-Cf?X=!7b-u3K@=_u|RNkBL5cdq~WT@uI{(CU^7O
zIjc>|BPSbj+`e*?+ve8i1@+55J^J)~Mr3{N3x?K0v*_63hI{^rCc57q2=BHpU2EeX
z6)<JH_wTgp>z40jW_b3-u0%0aMvGf)R@<AW&y-S|l;rz2CY5xrng8`#-_oXy@gKE*
zKFSi3x|Hu+m(}H{<Z#Mqamdz4HVs~7tylhOr{b8Ib~AnxP?F)F;&R$d)9-wJ{h7NT
z-1KC8^m28!>Ob-OYnGQ6lK8l|!eQ5qZ4vDblj2|B^NJ|C9p}#RJwE1a>!Evfe=;5w
zam4Qb(y)68Q`@@b-brf;i`QK~s@tV^ApU*+h4t#E_s;QKH*dw!^?Ud-9Iov8!@~0C
zCes;)9nsux=O^mCXgWCU-Tc5awP_1>x&5qX+P*N_Ug6;6BinA*cb{n8w%t`|NALXI
zw&D7dd-Uercq2b!S?2V83AQpm-?vz?i)^*8+Wl0?<9Dg4%d+(<7Wdb=XngGVnZNnO
zc}DNJ_9C~VKT;3>k%@dA^zv-qy@vajBj3&4!{4+!=}b4ziOC74*B=RyIF%Xm>fD!k
zUYk=qE-KV_bQoXX`|fnjn#@Iwr}h7CzoI$Sy4dgLQ_-*A1Y`FlFlkSS|GaD8;f30_
zrz#nLXXBOSw(d?!$Yy`}@9yhc0e|QEop|ue!Z5!|f@}5U$2|8k4ezrvthnRV|JK&y
zz&@4Kr6rbD`Ljx$*Yb65{t{JrXh(;`!rGi0Wnugm=EsXq7pu1u+V^el{k|8+@@M%-
zU;6qsXJXUw85cj+8y=hdY01;ph$(?Q+{X9UF48=)Wr^#mR`I89x7P0$Qk1TZyHPaN
z?37wS(u|03rM8nfJle4q3UYPXvjv|YQC-07r*|gl`mc2J#p_t3jM?j2ZSF>DOgA(<
zuyeM>f>IsL_uO;!Pn1i^*Yoh_ny35?>D_Wvf6+13yy-=gUOj1%7dhYX%=X%I0jBtN
zgF>U1Gh?-mPPA>i6mv~bbJhx{4M~?A45z8qa_-#|KGS>h>!OY?h2<}szI|R6d~&i@
zXTub^q~e?d8mfW&m)?pG`M6!@!`)e~m0zYQeRF%dLNvF3X^OpMrHN#={t~5nEuOp=
z-yZ58Pn$fCL*+uSB=5rD?8cBkGnUE}uU)vw_JZH?MZeE;*6U4S>1gxPRB$l$vx;t<
zt-Ewn_pW0S*V*&KKi#xdObT-Dzn)+BJow~>cSqM<dVP7SBJ<=&i_aIoS13&~Tw3}n
z*)Ul=a@uq`?|TX#Hp<Aj_%s_tWcMa4ag%)e?AE{Eq0GhJf7b4H(|%ITU?A$1d)uJV
F1pp4(w!HuV

diff --git a/newinfra/secrets-git-crypt/wg_private_vps2 b/newinfra/secrets-git-crypt/wg_private_vps2
new file mode 100644
index 0000000000000000000000000000000000000000..77cd1333d0e1e4f764282c4564ecef95566a3e58
GIT binary patch
literal 67
zcmZQ@_Y83kiVO&0@Lg9CQ|06PRBofzr8vKypzh$U6Xvh;pZWaNmt$&N4<?-Zv-^hO
Zt=qDepB8?X@Vo6brS->}QXi#beE<YHA-Dhl

literal 0
HcmV?d00001

diff --git a/playbooks/all.yml b/playbooks/all.yml
deleted file mode 100644
index 94e52dd..0000000
--- a/playbooks/all.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Generic setup
-  ansible.builtin.import_playbook: ./basic-setup.yml
-- name: VPS 2
-  ansible.builtin.import_playbook: ./vps2.yml
diff --git a/playbooks/basic-setup.yml b/playbooks/basic-setup.yml
deleted file mode 100644
index 3116e49..0000000
--- a/playbooks/basic-setup.yml
+++ /dev/null
@@ -1,112 +0,0 @@
----
-- name: Basic Server setup
-  hosts: all
-  gather_facts: false
-  tasks:
-    - name: Change hostname
-      ansible.builtin.hostname:
-        name: "{{ inventory_hostname }}"
-    - name: apt update
-      ansible.builtin.apt:
-        update_cache: true
-        upgrade: yes
-    - name: Install fish
-      ansible.builtin.apt:
-        name: "fish"
-        state: present
-    - name: "Change root's shell to fish"
-      ansible.builtin.user:
-        name: root
-        shell: /usr/bin/fish
-    - name: Install useful tools
-      ansible.builtin.apt:
-        name: "{{ item }}"
-        state: present
-      with_items:
-        - htop
-        - awscli
-    - name: Install keyring packages
-      ansible.builtin.apt:
-        name: "{{ item }}"
-      with_items:
-        - debian-keyring
-        - debian-archive-keyring
-        - apt-transport-https
-    - name: Add caddy keyrings
-      ansible.builtin.shell: |
-        set -euo pipefail
-
-        rm -f /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-        curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-
-        # todo: show ok/changed
-      args:
-        executable: /bin/bash
-    - name: Add caddy repository
-      ansible.builtin.get_url:
-        url: "https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt"
-        dest: "/etc/apt/sources.list.d/caddy-stable.list"
-        mode: "u=rw,g=r,o=r"
-    - name: Add the docker GPG key
-      ansible.builtin.get_url:
-        url: "https://download.docker.com/linux/ubuntu/gpg"
-        dest: "/etc/apt/keyrings/docker.asc"
-        mode: "u=r,g=r,o=r"
-    - name: Add docker repository
-      ansible.builtin.copy:
-        dest: "/etc/apt/sources.list.d/docker.list"
-        content: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable"
-    - name: Install docker
-      ansible.builtin.apt:
-        name: "{{ item }}"
-        state: present
-      with_items:
-        - docker-ce
-        - docker-ce-cli
-        - docker-compose-plugin
-    - name: Ensure docker is started
-      ansible.builtin.service:
-        name: docker
-        state: started
-    - name: Install caddy
-      ansible.builtin.apt:
-        name: caddy
-        state: present
-      args:
-        update_cache: true
-    - name: Ensure caddy is started
-      ansible.builtin.service:
-        name: caddy
-        state: started
-    - name: Create debug html root
-      ansible.builtin.file:
-        path: /var/www/html/debug
-        state: directory
-        mode: "u=rwx,g=rx,o=rx"
-    - name: Create debug webserver file
-      ansible.builtin.copy:
-        dest: /var/www/html/debug/index.html
-        src: "../debug.html"
-        mode: "u=rw,g=r,o=r"
-    - name: Copy Caddyfile
-      ansible.builtin.copy:
-        dest: /etc/caddy/Caddyfile
-        src: "../{{ inventory_hostname }}/Caddyfile" # TODO: Choose the right caddyfile depending on the server.
-        mode: "u=rw,g=r,o=r"
-      notify:
-        - "Caddyfile changed"
-    - name: Create /apps
-      ansible.builtin.file:
-        path: /apps
-        state: directory
-        mode: u=rwx,g=rx,o=rx
-    - name: Copy docker-compose
-      ansible.builtin.copy:
-        dest: /apps/docker-compose.yml
-        src: "../{{ inventory_hostname }}/docker-compose.yml" # TODO: choose the right directory
-        mode: "u=r,g=r,o=r"
-  handlers:
-    - name: "Caddyfile changed"
-      ansible.builtin.service:
-        name: caddy
-        state: reloaded
diff --git a/playbooks/inventory.yml b/playbooks/inventory.yml
deleted file mode 100644
index c1e8d80..0000000
--- a/playbooks/inventory.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-vps:
-  hosts:
-    vps2:
-      ansible_host: vps2.noratrieb.dev
diff --git a/playbooks/vps2.yml b/playbooks/vps2.yml
deleted file mode 100644
index 4435e61..0000000
--- a/playbooks/vps2.yml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-- name: VPS 2 setup
-  hosts: vps2
-  gather_facts: false
-  tasks:
-    - name: Copy backup file
-      ansible.builtin.copy:
-        src: "../vps2/backup.sh"
-        dest: "/apps/backup.sh"
-        mode: "u=rx,g=rx,o=rx"
-    - name: Configure backup cron
-      ansible.builtin.cron:
-        name: Daily backup
-        minute: "5"
-        hour: "7"
-        job: "/apps/backup.sh"
-    #####
-    # APP: karin bot, /apps/karin-bot
-    #####
-    - name: Create /apps/karin-bot
-      ansible.builtin.file:
-        path: /apps/karin-bot
-        state: directory
-        mode: "u=rwx,g=rx,o=rx"
-    - name: "Copy karin .env secret"
-      ansible.builtin.copy:
-        dest: "/apps/karin-bot/.env"
-        src: "../secrets/karin-bot/.env"
-        mode: "u=r,g=r,o=r"
-      # TODO: Mount a volume in the karin-db to this directory
-    #####
-    # APP: cors-school, /apps/cors-school
-    #####
-    - name: Create /apps/cors-school
-      ansible.builtin.file:
-        path: /apps/cors-school
-        state: directory
-        mode: "u=rwx,g=rx,o=rx"
-    - name: Copy secret envs
-      ansible.builtin.copy:
-        dest: "/apps/cors-school/{{ item }}"
-        src: "../secrets/cors-school/{{ item }}"
-        mode: "u=r,g=r,o=r"
-      with_items:
-        - bot.env
-        - db.env
-        - server.env
-    #####
-    # APP: minecraft server, /apps/minecraft
-    #####
-    - name: Create /apps/minecraft
-      ansible.builtin.file:
-        path: /apps/minecraft
-        state: directory
-        mode: "u=rwx,g=rx,o=rx"
-    - name: Copy minecraft secrets
-      ansible.builtin.copy:
-        dest: "/apps/minecraft/.env"
-        src: "../secrets/minecraft/.env"
-        mode: "u=r,g=r,o=r"
-    #####
-    # APP: openolat, /apps/openolat
-    #####
-    - name: Create /apps/openolat
-      ansible.builtin.file:
-        path: /apps/openolat
-        state: directory
-        mode: "u=rwx,g=rx,o=rx"
-    - name: Copy extra properties
-      ansible.builtin.copy:
-        dest: /apps/openolat/extra-properties.properties
-        src: ../apps/openolat/extra-properties.properties
-        mode: "u=r,g=r,o=r"
-    - name: Olat data file permissions # TODO: a bit hacky.
-      ansible.builtin.file:
-        path: /apps/openolat/olatdata
-        state: directory
-        mode: "u=rwx,g=rwx,o=rwx"
-    #####
-    # END: docker compose up!
-    #####
-      # We want this to be last so that all app-specific config has been done.
-    - name: Copy .env
-      ansible.builtin.copy:
-        dest: "/apps/.env"
-        src: "../secrets/vps2.env"
-        mode: "u=r,g=r,o=r"
-    - name: Docker compose up! ðŸš€
-      community.docker.docker_compose_v2:
-        project_src: /apps
-        state: "present"
-    #####
-    # POST: things after starting up
-    #####
-    - name: Run CORS db migrations
-      ansible.builtin.shell: |
-        docker exec -w /app/server cors-school-server diesel migration run
diff --git a/scripts/copy-deploy-key.sh b/scripts/copy-deploy-key.sh
deleted file mode 100755
index 4a30d19..0000000
--- a/scripts/copy-deploy-key.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-# Copies a base64 encoded deploy key to the servers.
-
-set -eu
-
-printf "Enter private key (base64 encoded): "
-read -r key64
-
-private=$(echo "$key64" | base64 -d)
-public=$(ssh-keygen -f <(echo "$private") -y)
-
-tmp=$(mktemp -d)
-echo "$private" > "$tmp/id"
-echo "$public" > "$tmp/id.pub"
-
-delete() {
-    rm -r "$tmp"
-}
-trap delete EXIT
-
-ssh-copy-id -i "$tmp/id" root@vps1.nilstrieb.dev
-ssh-copy-id -i "$tmp/id" root@vps2.nilstrieb.dev
diff --git a/secrets/cors-school/bot.env b/secrets/cors-school/bot.env
deleted file mode 100644
index b3a54fd4689c84550480ba8d489f2a0b298b632e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 373
zcmZQ@_Y83kiVO&0=+_aq-EDd)^j%4rRmAnj!mbZwca+`|O3>Ij?Q~#!>5J4G6QZuo
zSs@kY_s(SB+b_nhKkX$gE<R&)3(np7Wc{prTW<Nq9o@Pl#Jn)f`Q8<;MMn#kvfkyq
z+WY0S;O2NeCgTsgIwu_9;QDun+0Sjx%S)=db=}>?SNe}_ES8&7yhglAM>+n*!$p&o
zyc3;&|97ukF3a__-~MQ993RL16nA4`Rf&|x$DV8d-@jvi)Vs;|ZsjgMx@+C~_>8!c
zMe#NLy*m?3LW9Bu&YG!tw!9MO4w(Kf@~5+Gx6p&Qh(6YPy_4i-r#Q>}ln6iAl(Xkw
z#`{H?-{Zfy>&y%FODOL?_Hw7o!~YhGZd~eaoFVpa(&l}erc2ccuipJ=^7TsxB2Jy)
zxA^Gx!T*{ZQ^i%eQpv0Do?ochlvo*+sh>ZGMdw}2yvTkB%XzZ38=p;8o!F_Gw>8sp
j6Zh4HjOu!-OR|^ABo}>4-d9~_Bi2yLpg6O*;&3AX%VW2D

diff --git a/secrets/cors-school/db.env b/secrets/cors-school/db.env
deleted file mode 100644
index 6954a69f5775a9b1da502539fa80ff5d9ac92d8d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 81
zcmZQ@_Y83kiVO&02>NSSnOG8)y<~@}^Q2JM>WX7LXVMNo+4(WUxGB3<!Df=DB9Bgh
n;ex&XU%zzvYhCZk3n_Y^yJfoG!?`Vje-}0HS2!B_Xq!9$cfBP}

diff --git a/secrets/cors-school/server.env b/secrets/cors-school/server.env
deleted file mode 100644
index 44ecd7123d788b616f95acb13ff46e55cd49f1a6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 212
zcmZQ@_Y83kiVO&0cs-x%ij{JC&a0}@`7?vpy1ih@`XX*&WFz)Xnpy75F~+Xtcl3jG
zb{iR9la0Inf6Aq^dpn}M-v}JPTI1H^@3WZEZs|rfmL(T8H@;Y~E!XngtE3RA&t=hm
z{ZR(3zW*;SbKdW+{Z;0|?z#P2EK400`u=oe+WXYUO7=weN)E-CX~CA=${PjjF7>5*
z{VCd`+8CPSHmz-+iSDDr9X8p=7!!23<6lg1Z)9G7Phj7!bNrL-WrN*Asv_s!Q*!OP
Vuuax)qr9tJ+`jfT{ZI6M0RZRPVLAW+

diff --git a/secrets/karin-bot/.env b/secrets/karin-bot/.env
deleted file mode 100644
index 14409114d112a93623b9ee6ce75a2d0d4527c9d9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 207
zcmZQ@_Y83kiVO&0*v<Gaep#aHE<yEc+wbU|i?x4XuURL+qQ0#2qnpGf-}a50jy+jE
zWs&sP9u|S$FF#sk3Lc$s^3j2Z|JDYdE5BWHiz)l^o?GASSN3hHIGNJc)u;SxYlEFY
zJoj|Hqzz}BmmY9TSgCOSop$3lS(oLzJ{<4cd^>SnM$nxDssf*WxQN$q*R3&m$o_d%
z=h0@Tf39;5+}702^S<yld2PV53+Loto}0ibzrCPbGHl-5zs75_{?<h@->I5?cXh1t
RZ0|ZDVarz`3bU#cy#ZDLX(Ipt

diff --git a/secrets/minecraft/.env b/secrets/minecraft/.env
deleted file mode 100644
index 86936a70c6b52d74c361d39eacd33b183a295d21..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 140
zcmZQ@_Y83kiVO&0SkZhd-ss&96<z<VlJeaPpIrLo*&(#5wCU3y|IDUyzdGOU`>Xic
ze%tAPG84>yWV|*GeY$*2h2d6H8-vJ`8j>kDzFml`eAjXE&|dRJ@xQau^HWw{oU3wg
zU)9kl|J@5VZ<tbTA-lu!)r0uP<9{SJ^|{S_*YdH$LEvKKZW)H-9EnaReg6Oe2&hUI

diff --git a/secrets/vps1.env b/secrets/vps1.env
deleted file mode 100644
index bdcfc28dfe75eb0d0c67863793a766a696ef10be..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22
ecmZQ@_Y83kiVO&0cy^(~`S+uilf74u#{&Ri=L)I-

diff --git a/secrets/vps2.env b/secrets/vps2.env
deleted file mode 100644
index bdcfc28dfe75eb0d0c67863793a766a696ef10be..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22
ecmZQ@_Y83kiVO&0cy^(~`S+uilf74u#{&Ri=L)I-

diff --git a/vps2/Caddyfile b/vps2/Caddyfile
deleted file mode 100644
index f5e1903..0000000
--- a/vps2/Caddyfile
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-	email nilstrieb@gmail.com
-}
-
-# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3
-(cors) {
-	@cors_preflight{args.0} method OPTIONS
-	@cors{args.0} header Origin {args.0}
-
-	handle @cors_preflight{args.0} {
-		header {
-			Access-Control-Allow-Origin "{args.0}"
-			Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
-			Access-Control-Allow-Credentials "false"
-			Access-Control-Allow-Headers "${args.1}"
-			Access-Control-Max-Age "86400"
-			defer
-		}
-		respond "" 204
-	}
-
-	handle @cors{args.0} {
-		header {
-			Access-Control-Allow-Origin "{args.0}"
-			Access-Control-Expose-Headers *
-			defer
-		}
-	}
-}
-
-vps2.nilstrieb.dev {
-	root * /var/www/html/debug
-	file_server
-}
-
-old-docker.noratrieb.dev {
-	reverse_proxy * localhost:5000
-}
-
-api.cors-school.nilstrieb.dev {
-	import cors https://cors-school.nilstrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,token,refresh-token,Authorization"
-	reverse_proxy * localhost:5003
-}
-
-cors-school.nilstrieb.dev {
-	reverse_proxy * localhost:5004
-}
diff --git a/vps2/backup.sh b/vps2/backup.sh
deleted file mode 100755
index 560d54b..0000000
--- a/vps2/backup.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/bin/env bash
-
-set -euxo pipefail
-
-BUCKET=nilstrieb-backups
-PREFIX="1/$(date --rfc-3339 seconds --utc)"
-
-cd /apps
-
-function upload_file {
-    local file="$1"
-    local tmppath
-    tmppath="$(mktemp)"
-
-    cp "$file" "$tmppath"
-    xz "$tmppath"
-    aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/${file}.xz" --body "${tmppath}.xz"
-
-    rm "$tmppath.xz"
-}
-
-function upload_pg_dump {
-    local appname="$1"
-    local containername="$2"
-    local dbname="$3"
-    local username="$4"
-    local tmppath
-    tmppath="$(mktemp)"
-
-    docker exec "$containername" pg_dump --format=custom --file /tmp/db.bak --host "127.0.0.1"  --dbname "$dbname" --username "$username"
-    docker cp "$containername:/tmp/db.bak" "$tmppath"
-    xz "$tmppath"
-    aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/$appname/postgres.bak.xz" --body "$tmppath.xz"
-
-    docker exec "$containername" rm "/tmp/db.bak"
-    rm "$tmppath.xz"
-}
-
-function upload_dump_mongo {
-    local appname="$1"
-    local containername="$2"
-    local usernamepassword="$3"
-    local tmppath
-    tmppath="$(mktemp)"
-
-    docker exec "$containername" mongodump --archive=/tmp/db.bak --uri="mongodb://${usernamepassword}@127.0.0.1:27017"
-    docker cp "$containername:/tmp/db.bak" "$tmppath"
-    xz "$tmppath"
-    aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/$appname/db.bak.xz" --body "$tmppath.xz"
-
-    docker exec "$containername" rm "/tmp/db.bak"
-    rm "$tmppath.xz"
-}
-
-function upload_directory {
-    local appname="$1"
-    local directory="$2"
-    local filename="$3"
-    local tmppath
-    tmppath="$(mktemp)"
-
-    tar -cJf "$tmppath" "$directory"
-    aws s3api put-object --bucket "$BUCKET" --key "${PREFIX}/$appname/$filename" --body "$tmppath"
-
-    rm "$tmppath"
-}
-
-upload_pg_dump "cors-school" "cors-school-db" "davinci" "postgres"
-
-# shellcheck disable=SC1091
-source "karin-bot/.env"
-upload_dump_mongo "karin-bot" "karin-bot-db" "$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD"
-
-upload_directory "openolat" "openolat/olatdata" "olatdata.tar.xz"
-
-echo "Finished backup!"
diff --git a/vps2/docker-compose.yml b/vps2/docker-compose.yml
deleted file mode 100644
index b66cc6c..0000000
--- a/vps2/docker-compose.yml
+++ /dev/null
@@ -1,109 +0,0 @@
-version: "3.8"
-services:
-  #### Karin
-  karin_bot_db:
-    container_name: karin-bot-db
-    image: "mongo:latest"
-    restart: always
-    volumes:
-      - "/apps/karin-bot/data:/data/db"
-    environment:
-      RUST_LOG: info
-      PRETTY: "true"
-    env_file:
-      - "/apps/karin-bot/.env"
-    networks:
-      - karin-bot
-    deploy:
-      resources:
-        limits:
-          cpus: "0.5"
-          memory: 500M
-  karin_bot:
-    container_name: karin-bot
-    image: "docker.noratrieb.dev/discord-court-bot:921be642"
-    restart: always
-    env_file:
-      - "/apps/karin-bot/.env"
-    environment:
-      DB_NAME: court_bot
-      MONGO_URI: "mongodb://karin-bot-db:27017"
-      RUST_LOG: INFO
-      PRETTY: "false"
-    networks:
-      - karin-bot
-  #### Cors School
-  cors_school_db:
-    container_name: cors-school-db
-    image: "postgres:latest"
-    restart: always
-    volumes:
-      - "/apps/cors-school/data:/var/lib/postgresql/data"
-    env_file:
-      # POSTGRES_PASSWORD=PASSWORD
-      - "/apps/cors-school/db.env"
-    environment:
-      POSTGRES_DB: davinci
-      PGDATA: "/var/lib/postgresql/data/pgdata"
-    networks:
-      - cors-school
-  cors_school_server:
-    container_name: cors-school-server
-    image: "docker.noratrieb.dev/cors-school-server:bef75a80"
-    restart: always
-    env_file:
-      # DATABASE_URL=postgres://postgres:PASSWORD@cors-school-db/davinci
-      # JWT_SECRET=secret
-      - "/apps/cors-school/server.env"
-    environment:
-      RUST_LOG: info
-    networks:
-      - cors-school
-    ports:
-      - "5003:8080"
-  cors_school_client:
-    container_name: cors-school-client
-    image: "docker.noratrieb.dev/cors-school-client:bef75a80"
-    restart: always
-    ports:
-      - "5004:80"
-  cors_school_bot:
-    container_name: cors-school-bot
-    image: "docker.noratrieb.dev/cors-school-bot:bef75a80"
-    restart: always
-    volumes:
-      # DISCORD_TOKEN=
-      # CORS_API_TOKEN=
-      - "/apps/cors-school/bot.env:/.env"
-    environment:
-      APPLICATION_ID: "867725027080142870"
-      RUST_LOG: info
-      BACKEND_URL: "http://cors-school-server:8080/api"
-    networks:
-      - cors-school
-  # minecraft_server:
-  #   container_name: minecraft-server
-  #   image: itzg/minecraft-server:latest
-  #   restart: always
-  #   environment:
-  #     - TYPE=VANILLA
-  #     - VERSION=1.20.1
-  #     - DIFFICULTY=HARD
-  #     - EULA=TRUE
-  #     - MOTD=baden
-  #     - MEMORY=6G
-  #     - MODE=creative
-  #     - PVP=true
-  #     - SERVER_NAME=hallenbad
-  #     - USE_AIKAR_FLAGS=true
-  #   env_file:
-  #     # For example, storing the WHITELIST and OPS
-  #     - /apps/minecraft/.env
-  #   ports:
-  #     - "25565:25565"
-  #   volumes:
-  #     - /apps/minecraft/server:/data
-
-networks:
-  cors-school:
-  karin-bot: