yolo

2026-01-16 01:25:09 +01:00 · 2025-08-03 00:33:53 +02:00 · 2025-08-03 00:33:53 +02:00 · 68174b4a77
commit 68174b4a77
parent a1187fbef5
49 changed files with 88 additions and 585 deletions
--- a/newinfra/README.md
+++ b/newinfra/README.md
@ -5,17 +5,6 @@ New infra based on more servers and more shit.
 All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
 They will have different firewall configurations depending on their roles.

-```
-
--------    --------
-| dns1 |    | dns2 |
--------    --------
-
--------
-| vps1 |
--------
-
-```

 ## DNS

--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@ -53,7 +53,16 @@
            wg = {
              privateIP = "10.0.0.1";
              publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ=";
-              peers = [ "vps3" "vps4" "vps5" ];
+              peers = [ "vps2" "vps3" "vps4" "vps5" ];
+            };
+          };
+          vps2 = {
+            publicIPv4 = "184.174.32.252";
+            publicIPv6 = null;
+            wg = {
+              privateIP = "10.0.0.2";
+              publicKey = "SficHHJ0ynpZoGah5heBpNKnEVIVrgs72Z5HEKd3jHA=";
+              peers = [ "vps1" "vps3" "vps4" "vps5" ];
            };
          };
          vps3 = {
@ -62,7 +71,7 @@
            wg = {
              privateIP = "10.0.0.3";
              publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
-              peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ];
+              peers = [ "vps1" "vps2" "vps4" "vps5" "dns1" "dns2" ];
            };
          };
          vps4 = {
@ -73,7 +82,7 @@
            wg = {
              privateIP = "10.0.0.4";
              publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
-              peers = [ "vps1" "vps3" "vps5" ];
+              peers = [ "vps1" "vps2" "vps3" "vps5" ];
            };
          };
          vps5 = {
@ -82,7 +91,7 @@
            wg = {
              privateIP = "10.0.0.5";
              publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
-              peers = [ "vps1" "vps3" "vps4" ];
+              peers = [ "vps1" "vps2" "vps3" "vps4" ];
            };
          };
        };
@ -190,6 +199,19 @@
    deployment.tags = [ "caddy" "eu" "apps" "website" ];
    system.stateVersion = "23.11";
  };
+  # VPS2 exists
+  vps2 = { name, nodes, modulesPath, config, lib, ... }: {
+    imports = [
+      (modulesPath + "/profiles/qemu-guest.nix")
+      ./modules/contabo
+      ./modules/wg-mesh
+      ./modules/caddy
+      ./modules/garage
+    ];
+
+    deployment.tags = [ "caddy" "eu" "apps" ];
+    system.stateVersion = "23.11";
+  };
  # VPS3 is the primary monitoring/metrics server.
  vps3 = { name, nodes, modulesPath, config, ... }: {
    imports = [
--- a/newinfra/nix/modules/dns/nilstrieb.dev.nix
+++ b/newinfra/nix/modules/dns/nilstrieb.dev.nix
@ -37,11 +37,6 @@ let
        ns1 = dns1;
        ns2 = dns2;

-        # apps
-        cors-school = vps2 // {
-          subdomains.api = vps2;
-        };
-
        localhost.A = [ (a "127.0.0.1") ];

        # --- retired:
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@ -9,9 +9,6 @@ let
          lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
          lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
        networkingConfig;
-      vps2 = {
-        A = [ "184.174.32.252" ];
-      };

      combine = hosts: {
        A = lib.lists.flatten (map (host: if builtins.hasAttr "A" host then host.A else [ ]) hosts);
@ -63,9 +60,6 @@ let
          };
        };

-        # --- legacy crap
-        old-docker = vps2;
-
        # --- apps
        bisect-rustc = vps1;
        docker = vps1;
--- a/newinfra/nix/modules/garage/README.md
+++ b/newinfra/nix/modules/garage/README.md
@ -6,13 +6,6 @@
 - co-du -> Contabo Düsseldorf
 - he-nu -> Hetzner Nürnberg

-| name | disk space | identifier | zone  |
-| ---- | ---------- | ---------- | ----- |
-| vps3 | 70GB       | cabe      | co-du |
-| vps3 | 100GB      | 020bd      | co-ka |
-| vps4 | 30GB       | 41e40      | he-nu |
-| vps5 | 100GB      | 848d8      | co-du |
-
 ## buckets

 - `caddy-store`: Store for Caddy webservers
@ -35,6 +28,7 @@
 - `loki`: `GK84ffae2a0728abff0f96667b`
 - `backups`: `GK8cb8454a6f650326562bff2f`
 - `forgejo`: `GKc8bfd905eb7f85980ffe84c9`
+- `upload-files`: `GK607464882f6e29fb31e0f553`

 - `admin`: `GKaead6cf5340e54a4a19d9490`
    - RW permissions on ~every bucket
--- a/newinfra/nix/secrets/backup_s3_secret.age
+++ b/newinfra/nix/secrets/backup_s3_secret.age
--- a/newinfra/nix/secrets/caddy_s3_key_secret.age
+++ b/newinfra/nix/secrets/caddy_s3_key_secret.age
--- a/newinfra/nix/secrets/docker_registry_password.age
+++ b/newinfra/nix/secrets/docker_registry_password.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg QziuzHQxmWyRdv8dUPBWTgnMxFtqR6ttP16Z3XdvD3Y
-Krxmha5J+gTU0DjzPDTDIwz1mW0Q84XR2FgQyPm4bf4
--- t4Mea1Y35o5t2dhREnp8Zq1AyR4DAWMFW7Vv3CkgGKw
-ìlTS+Æ³6y¿rîëOØné<6E>&c`Ï°Êü<>:û³7V»-tf±puw€I¥w“Âøå
+-> ssh-ed25519 qM6TYg UtoSFhZQ2PW1y3ifXgSdQQswoi5kdRg2gvczlEateC4
+ir2FpFkYo17MGBy+C4thM4lit7vn2CiBi09DcTb6ubs
+--- YvRhsfFzedjeKssmOTzHvKkvIG0zXVVCIJsRNc/LTVg
+:Ë €KîÞ$é†Prm;Û·ûÎªæ ¹Œö+é	ÚqE@<40>Àv]’¢Ôòm =Í™'Sm
--- a/newinfra/nix/secrets/forgejo_s3_key_secret.age
+++ b/newinfra/nix/secrets/forgejo_s3_key_secret.age
@ -1,6 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg ecu0Ic6o+WyT7XhZPo0Yf46bOye2LAgnJ5MxFPTY/E0
-JqJCtQmtxgktMl/4HsHh0uRp/rzEoqT9Z81H9v1RXio
--- /CmBzuDf0AcCk6rAvEh5SmIMxpwCTjfj9IQtRLv5qYA
-}Œ=5i
-©¨£#ª4bÎpzCaÀjÙnêB†±€ÍN<C38D>%ÚnO Ž³GKÔ´ÖâõƒÏ”ßÁ¼‹Æçé'ÄZ>T“œì<C593>Ù‹Møô<›}//}|–uá–5œªsö*
+-> ssh-ed25519 qM6TYg GNYf0FjEDEqCe09mS9Hl7OIIjvhKTu8urwUPtY+yyB0
+xmAtm4n3s0rfq3S5OKFEG2k/noXFTKMt8hiW5QrD9SU
+--- HGBYxXQGM254m2YP5twgjgDme80f0uOL2m4uKy19ZBs
+ÖÂ(
+Õ×åÇÄT
+‚®à±Öì{’ÙõF“ü-\ƒ6{mítÏæÊMÑ-óX{‡%bQd]E³’Éàü]i¸úãË}F»2¸$7¤ö#k4“;8ZžGþ_‘oÛ
–¼
--- a/newinfra/nix/secrets/garage_secrets.age
+++ b/newinfra/nix/secrets/garage_secrets.age
@ -1,12 +1,13 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg B17o68OCsoljQLd4yLx1gZbt9zsFhQE8/QJeZ3Gx+AI
-ADxN8iqNN5ApzHMtIXMnMTN4qe/7ba+ZoqkpHDpq9dE
-> ssh-ed25519 XzACZQ Jp5WvbUVmfecvN95vM6+DQmJicVf4u94Vm0mYtBVODw
-XAdVpk6bAwAU7OQxvedepr3g8HQo5sY5efy3lYhf1xA
-> ssh-ed25519 51bcvA DUkgjLS805iAsnaCl3B8BOP6cdKOJCx0aK23UEDmTyw
-dUZhXJiYkCZvassxSg0Cgf9c+ta2Oc2PNhLdvHBP24M
-> ssh-ed25519 vT7ExA 0Z2/GFY2aqO2HJJet3CRSh3yxchGt7AYTzkl0D2aoEQ
-GuMqW7tbsEl/SskgN1hPa0B/aWtet/+pHxmbwsTzPCM
--- vgf72fLRkTVRtJoxh+qfim9YYELE0W74L6ZVjpo+8vI
-åø=ê&óŸC»íÄŸŸ#À¥ÑÒ/nÜ¤è´2Â9†ØÞøo[<5B>›S+uWÊ¶¢£4êÕf/hAÈþ#ïþOs_†RV£òEÆÆóÎûúÎVAlžTÏ/¤VÎ¨tµøJNöËUë;ññnGúQïìÝ£ÖO{Áx[ #°¿›†íÏP¨Hß9P®€:z
-ê‰û²å‚yX„Ñ`]%>¨+ÙÞ~)Ø`V–ïâxÛ°€i-ƒã¬Fýªš$xHå)ÒTMcZ
+-> ssh-ed25519 qM6TYg F9aj1EmsmRSXt1m3a41zpuwFmDBOuuaIrHkqP7PTVno
+tVs8Oxa9gV/HdUf0hN/JLuWhbrXI9BXIrsh5HnsKBQI
+-> ssh-ed25519 pP9cdg dQdPm3OfbWl5Y8kJxmsUZ4rwpUo8w3+P3CHCiXw9VCw
+9yWbGgzgBz9GICAgYiOyPtMjDk/tBb4vsOveTuYP9bw
+-> ssh-ed25519 XzACZQ 4lldtotM16DN/75dRX3QEmOzfIEySHcNOlFWqymI+Rs
+oOaD7dZu0xC0R7CrVpfwoBU7eSgaWyJmAZ4WptCQdes
+-> ssh-ed25519 51bcvA k9eq2Tc3A9MztsdTvt3sDYUj/usYBJMp9IJQZAR67Ac
+ezccfIhPZaHKsVcUrxJL7u3jSA/kCTqLmWuQfxrFQBo
+-> ssh-ed25519 vT7ExA BOCylq1RqaburnXxfsl3xqAmGSJnIxVhXK8H2xeFynk
+OWhqsbJgHWlo3hsRZVQgEaArK32OI25N4Poi2qJ9wQs
+--- bBQkNfDI0onJOyxOJIN3Yl2jkK5iRgYbK67RWsipXOE
+3‡ýåA9â¯ÒAÕînÛ¯t•y®ßÚCj-îž{ÏÅ‡â)ô6¬DfØOÆQ¹Ü}'_n†øÈã‡>UPêNæDRŸÀÁª¨ûÊÆþ-<2D>¾„…éÂ"‡´úÛâšÙ?À>)E0<7F>™‡v(~7 eÍC¾O\UJJüŽ$SÂ8èá`€F«˜ÄíšQ§0uÙ3õmH•Ž~P÷Ž£ŒÅLqfõ~ºi¸Æn]‘=rSre#²wGŒ ³¥@ß|X#éØ÷’Â
--- a/newinfra/nix/secrets/grafana_admin_password.age
+++ b/newinfra/nix/secrets/grafana_admin_password.age
--- a/newinfra/nix/secrets/hugochat_db_password.age
+++ b/newinfra/nix/secrets/hugochat_db_password.age
--- a/newinfra/nix/secrets/killua_env.age
+++ b/newinfra/nix/secrets/killua_env.age
--- a/newinfra/nix/secrets/loki_env.age
+++ b/newinfra/nix/secrets/loki_env.age
--- a/newinfra/nix/secrets/minio_env_file.age
+++ b/newinfra/nix/secrets/minio_env_file.age
--- a/newinfra/nix/secrets/openolat_db_password.age
+++ b/newinfra/nix/secrets/openolat_db_password.age
--- a/newinfra/nix/secrets/registry_htpasswd.age
+++ b/newinfra/nix/secrets/registry_htpasswd.age
--- a/newinfra/nix/secrets/registry_s3_key_secret.age
+++ b/newinfra/nix/secrets/registry_s3_key_secret.age
--- a/newinfra/nix/secrets/s3_mc_admin_client.age
+++ b/newinfra/nix/secrets/s3_mc_admin_client.age
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@ -2,6 +2,7 @@ let
  dns1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBKoyDczFntyQyWj47Z8JeewKcCobksd415WM1W56eS";
  dns2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZ1yLdDhI2Vou/9qrPIUP8RU8Sg0WxLI2njtP5hkdL7";
  vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R";
+  vps2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX";
  vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C";
  vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz";
  vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ";
@ -13,20 +14,21 @@ in
  "hugochat_db_password.age".publicKeys = [ vps1 ];
  "openolat_db_password.age".publicKeys = [ vps1 ];
  "minio_env_file.age".publicKeys = [ vps1 vps3 ];
-  "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
-  "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "garage_secrets.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "caddy_s3_key_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
  "registry_htpasswd.age".publicKeys = [ vps1 ];
  "registry_s3_key_secret.age".publicKeys = [ vps1 ];
  "grafana_admin_password.age".publicKeys = [ vps3 ];
  "loki_env.age".publicKeys = [ vps3 ];
-  "backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
-  "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "backup_s3_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "s3_mc_admin_client.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
  "killua_env.age".publicKeys = [ vps1 ];
  "forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
  "upload_files_s3_secret.age".publicKeys = [ vps1 ];
  "wg_private_dns1.age".publicKeys = [ dns1 ];
  "wg_private_dns2.age".publicKeys = [ dns2 ];
  "wg_private_vps1.age".publicKeys = [ vps1 ];
+  "wg_private_vps2.age".publicKeys = [ vps2 ];
  "wg_private_vps3.age".publicKeys = [ vps3 ];
  "wg_private_vps4.age".publicKeys = [ vps4 ];
  "wg_private_vps5.age".publicKeys = [ vps5 ];
--- a/newinfra/nix/secrets/upload_files_s3_secret.age
+++ b/newinfra/nix/secrets/upload_files_s3_secret.age
--- a/newinfra/nix/secrets/wg_private_dns1.age
+++ b/newinfra/nix/secrets/wg_private_dns1.age
@ -1,6 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 LZU5Eg dlH/b9FXAowA5m9KYdF+MirRu9fKXhf76jHXuKA6OAI
-ADHjmdwYkyd24vbi2jbeI9GmFZuf86/Twm48J3g958s
--- WVLjItfhBqlv55yTzq0/OzfTSfD1ypQfu9EGFf1vUUE
-ś‚Ě<ń{©„\VLv
-Î+Ôv_Ź#PI§¬ăF%(ă„ ¶˛ö>µëôăČź–C'nË
ő1|jNťüŹŇÔT^6ÇoĹâ
+-> ssh-ed25519 LZU5Eg C3IfbvL4t0pOHEb3Bc54+r6DZESgN6K6zPDhBlDumXk
+UwOtrqp8I90Vux6L7CsV5K+2SDFB8LBiyLO8ud7IsQU
+--- 2tIecoG70broXFTtgjCUMcvk2RdKqpe5tihO6meI8DY
+泓、kﾕﾚｳ&
ﾐ`!ﾍ藪_致`<60>╋ﾏ-｡ﾔEp^<5E>ザ#:ｩ壌]ﾑ優mｻﾋy<EFBE8B>厥^O†+t8ｧ<EFBDA7>.ｺ鉷奘; ｮ
--- a/newinfra/nix/secrets/wg_private_dns2.age
+++ b/newinfra/nix/secrets/wg_private_dns2.age
@ -1,5 +1,6 @@
 age-encryption.org/v1
-> ssh-ed25519 5bWSnQ Li1ITKUHcUQFJX0NQCaz9Abjf6NjyVGTwE9WAzjJAU0
-UekGYi4xmM88U0BX52iKGWnBTWCGrxMyMeN6zed12D4
--- MUD9AikW/zNM+W3GiR23pw95ZsDhsxZVn5EMqr0X+DU
-Ê‚ý×]?@¥êTHôÀ]~œ?7qéãýŒÍ"W…+`·Ñ<1A>¥+Lµ]ö‚»ÊaœÎSx*¥¹]6’Ð‰f¹îÀ
+-> ssh-ed25519 5bWSnQ wqkRMdob+7G2mTNKySF2kiGhOKt4GLN/ne+4lM3pIwA
+Iz2Brik6I6YHjVxQcoDL0UTJOWcjuiErf5kCeWpnaV0
+--- 1ZkP0GiP78eGKl8te1w+o5I5kEbyPaiJFq7WGH4k1LE
+á61zIìTÂU/ò5ã'|Œ½ûÊÌþìhÕ>z±ñ¶Ýr^É‹wanog´lùX„º,kÜ¶G
+cÊõ¸æPÇ!Rh×»fW¥éhä §
--- a/newinfra/nix/secrets/wg_private_vps1.age
+++ b/newinfra/nix/secrets/wg_private_vps1.age
--- a/newinfra/nix/secrets/wg_private_vps2.age
+++ b/newinfra/nix/secrets/wg_private_vps2.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 pP9cdg GI2CXAYTJWUqmab/Fnl/cFZVCCBxYZX/snQ+w0aPjSk
+8D6TxN4VYH14GQJ/XhUqyfKNLjM8f3LDmykLAvtl+IM
+--- 6ru8v60LKlJjpy2PnmcwBdV09KMEh+neITYyuFscSIQ
+F Ð™¿y#<ï¯—Ö‹màß˜žº¦¼Q2Õ^T2Lâ9µ]LÄžµhž[b¼rß¤!ï³jEnS?¾ìjCRà%„ÓsŸ;mœƒ\R
--- a/newinfra/nix/secrets/wg_private_vps3.age
+++ b/newinfra/nix/secrets/wg_private_vps3.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 XzACZQ J67LUjHa64q/z1K8zZpx1rsnoQ94NzhkeXEpfNr4ZVQ
-dy5Tre9IicxhLBHoqvQAZepG7bNg2dEXFT5iPRcWOcA
--- 9dJKhJeue6VNi0Sw05BX/t8jsxXyRIKz0K3/sy0kT7w
-Ýh9ÎÛËi£·ÀÍs¡ØâM
=TnÕw€W)<29>õ€Ûòêã²›îÃ\ÇÕ<2*%æ_ëå×Ü³¿«ôgÇLñõN‹5c—D5ô@áÍ»ÂØ
+-> ssh-ed25519 XzACZQ pOD3jNWIufLkEVtkFJu6W0QjdzPJTK+t1MwgACv1zXU
+EJQ+9xPw6MnB6nJW6nDBUlzfHyY9XlfBIQlgje+FVE4
+--- BmTwJED+mJ/Qr0WFDELozwR2BgGDkHDcR2I9eSxuVn8
+KêÃ~alNh.€½ù «kiAÛF*Ã/MY±ñ¡Zd†¬p”AÉ+-²Ù¬A<C2AC>¹Ü¢*S¥Z¶ï„ NêFfˆ‚bô3tª×rûÇy
--- a/newinfra/nix/secrets/wg_private_vps4.age
+++ b/newinfra/nix/secrets/wg_private_vps4.age
@ -1,5 +1,6 @@
 age-encryption.org/v1
-> ssh-ed25519 51bcvA P7ouUh98Mfi9Jsu6MDWaWH0NB2alXRIK8hxBIs0Nylg
-tUZ1sWLlvPizsSWhK3fnVVhr4C9Ign5rwowxePGXFII
--- PHPizXT8GPP9mIFg1paqqc8w3qsX63XpLkeT0APybik
-—´B§?*8-nËLsÍj<‘ k*.@¯ªœé6K‡Ug ‹×'8¼
Ñ#Žòíhç.l~Sà3£%¶šÀ!ŸVYK•l¿R¾ ´ÔØ˜o
+-> ssh-ed25519 51bcvA mzB9FcwUgPczK4/Rd2DZvCYoQfjT4qE+Z7HE9yHjgGU
+sPDlr+YNhvbjYagyJb/kua9dWeG9tSt6KNjKh+/p+ps
+--- uZVoWpqKjapTtWRGpc7cUoifwOVFfd5DU+9pQpwruuo
+Fv6¾œÚ‹Ëï,ø»K¶¶Ó†(ÍÝè‰kÙ~Y4Á.`z(]w2²MV
"¼%À³JUÚ$ô•È«ÁÇ¸CïG
+_:F¸Ý§ S
--- a/newinfra/nix/secrets/wg_private_vps5.age
+++ b/newinfra/nix/secrets/wg_private_vps5.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 vT7ExA 9+j3VYkFAW1obbLc31nv+45SyPMqH1zZPkI+PU4lVH8
-G9QkkyTNH499EWhjiXCyXt7HgHlzJTZsaLiR+yOF18E
--- vq7bT3yTioJ1UsD7hSu5jyYKhOE6UMIMsosu4f5pK1w
-Q±<>žž¹ýÁ˜ÅVÐé#<23>(7èýÎEYÉÛÅÌ\ú££Z¨?GÙ«ç_CÛI¦îÐ‰gNi´V¯å‘e]•¢tx@¸w+
+-> ssh-ed25519 vT7ExA WsT1cFerSGwOnhrLBTN62zydQVC1oPQxXtwQxGUSY1w
+Je1zd3NJ16yaOHQD8iPX7eaPJV3WH6Z3eiDkFip/2FY
+--- J6ZhIFcXF12n+pV4JEaAut/QB2c5ycYSIGo6j3nLICQ
+S‹ńOĆŤ<EFBFBD>žsIµ˝öüÜÇ‡ăŢ
i—=Ům|,gőnYÖ‚Dv·ćAâd{Á·á
q)~Ă3Ó!ó8¶·«ŢěńxPçÚńL7™"
--- a/newinfra/nix/secrets/widetom_bot_token.age
+++ b/newinfra/nix/secrets/widetom_bot_token.age
@ -1,5 +1,5 @@
 age-encryption.org/v1
-> ssh-ed25519 qM6TYg sAwuep3NgetXEKK5N8ZFP6Y0IDAGtTLIXH1hh5L0Hyc
-8pB7uytmRSkJMKi5S9YSLHKLgpYKkv5w2WaKaJL9sT4
--- JucAnOMMuFLpIyg9t+Azths9ttk6by6SKcMWA6Cwa+0
-v§õ‚Ð(TR›Í˜ä´<C3A4>JpÂDòÀ%J—*^îl–—ß±‹½ÂY…/‰§ê'®zBÙž˜Áë÷4§±GÛ6Æ·(å‹/\,Wérææ7ééeón€%á²@<40>
+-> ssh-ed25519 qM6TYg n/6/3HfVk0IWfGRbgBB7qLkEXylLgYDxNzbLTaJWyhs
+jNP6viJqbOgpNke072hDeaGmApVc51wAN/O+8Gc58U4
+--- WoF4XMNOMMwKJ16Q7QrH97cGdyJ4nB4Dw04dyznfmL8
+þÿ#ÙÖõ"ØLËÆi"W€µ<E282AC>•<>AEŒèû-?Ø•´ìæ´~Z¿\‹±éÞðgO¨&Ùõ¥´õÊx¤»³vÈç—¼þ¹¢&w]ý"¢¿S2‹VÉ¯Á/”É
--- a/newinfra/nix/secrets/widetom_config_toml.age
+++ b/newinfra/nix/secrets/widetom_config_toml.age
--- a/newinfra/secrets-git-crypt/wg_private_vps2
+++ b/newinfra/secrets-git-crypt/wg_private_vps2