.gitattributes

@@ -3,4 +3,3 @@
 
 /secrets/** filter=git-crypt diff=git-crypt
 /newinfra/secrets-git-crypt/** filter=git-crypt diff=git-crypt
-/secrets-git-crypt/** filter=git-crypt diff=git-crypt

.github/workflows/apply.yaml

@@ -0,0 +1,27 @@
+name: Run playbooks
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Run playbooks
+    steps:
+      - uses: actions/checkout@8b5e8b768746b50394015010d25e690bfab9dfbc # v3.6.0
+      - name: Unlock secrets
+        uses: sliteteam/github-action-git-crypt-unlock@8b1fa3ccc81e322c5c45fbab261eee46513fd3f8 # v1.2.0
+        env:
+          GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY_BASE64 }}
+      - name: Run Ansible playbook
+        uses: dawidd6/action-ansible-playbook@260ab3adce54d53c5db8f1b2eed1380ae5c73fea # v2.6.1
+        with:
+          playbook: all.yml
+          directory: playbooks
+          key: ${{ secrets.VPS_DEPLOY_KEY }}
+          known_hosts: |
+            vps1.nilstrieb.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjiNfzZQpN2KWd1LSM/LL+dLx8snlCV6jYys+W4NOBH
+            vps2.nilstrieb.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX
+          options: |
+            --inventory inventory.yml
+            -u root

Dockerfile.test

@@ -0,0 +1 @@
+FROM scratch

README.md

@@ -1,30 +1,39 @@
-# new infra
+# Infra setup
 
-New infra based on more servers and more shit.
+## TODOS
 
-All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
-They will have different firewall configurations depending on their roles.
+There are many todos here. First, grep this codebase for `todo`. In addition to that:
 
+- backups
+- data replication across the two servers. i have two servers, let's use that power. maybe rsync or something like that?
 
-## DNS
+## server??
 
-Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`).
-All records are fully static, generated in the NixOS config.
+Each VPS has a caddy running _on the host_, not inside docker. It's the entrypoint to the stuff.
+Everything else runs in a docker container via docker compose.
 
-## HTTP(S)
+## extra setup
 
-stuff.
+every app needs some secrets in places.
 
-## provisioning
+there are also "global secrets" used for the docker-compose, for example
+for env vars. those should be placed in `/apps/.env`.
 
-NixOS is provisioned by running [nixos-infect](https://github.com/elitak/nixos-infect) over a default image.
-
-> Contabo sets the hostname to something like vmi######.contaboserver.net, Nixos only allows RFC 1035 compliant hostnames (see here).
-> Run `hostname something_without_dots` before running the script.
-> If you run the script before changing the hostname - remove the /etc/nixos/configuration.nix so it's regenerated with the new hostname.
+Right now the global secrets are
 
 ```
-hostname tmp
-curl -LO https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect
-bash nixos-infect
+KILLUA_BOT_TOKEN=
+HUGO_CHAT_DB_PASSWORD=
 ```
+
+## things that shall not be forgotten
+
+there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed.
+
+also some kubernetes config in `./kube`. why.
+
+gloriously not great docker configs in `./docker`.
+
+`nginx`, `registry` with config for the two.
+
+`run_scripts` with not good scripts for starting containers.

ci/build.sh

@@ -7,9 +7,9 @@ APP="$1"
 if [ "$APP" = "hugo-chat" ]; then
     REPO="https://github.com/C0RR1T/HugoChat.git"
 elif [ "$APP" = "cors" ]; then
-    REPO="https://github.com/noratrieb-lehre/davinci-cors.git"
+    REPO="https://github.com/nilstrieb-lehre/davinci-cors.git"
 else
-    REPO="https://github.com/Noratrieb/$APP.git"
+    REPO="https://github.com/Nilstrieb/$APP.git"
 fi
 
 echo "Checking out $REPO"

misc/vps_deploy_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Yl4+vAFgN+d82emRY8tHDgM7Pp0rLIsKBZku+YUsd vps-deploy-key

newinfra/README.md

@@ -0,0 +1,41 @@
+# new infra
+
+New infra based on more servers and more shit.
+
+All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
+They will have different firewall configurations depending on their roles.
+
+```
+
+--------    --------
+| dns1 |    | dns2 |
+--------    --------
+
+--------
+| vps1 |
+--------
+
+```
+
+## DNS
+
+Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`).
+All records are fully static, generated in the NixOS config.
+
+## HTTP(S)
+
+stuff.
+
+## provisioning
+
+NixOS is provisioned by running [nixos-infect](https://github.com/elitak/nixos-infect) over a default image.
+
+> Contabo sets the hostname to something like vmi######.contaboserver.net, Nixos only allows RFC 1035 compliant hostnames (see here).
+> Run `hostname something_without_dots` before running the script.
+> If you run the script before changing the hostname - remove the /etc/nixos/configuration.nix so it's regenerated with the new hostname.
+
+```
+hostname tmp
+curl -LO https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect
+bash nixos-infect
+```

newinfra/nix/apps/openolat/extra-properties.properties

@@ -0,0 +1 @@
+enforce.utf8.filesystem=false

newinfra/nix/hive.nix

@@ -53,16 +53,7 @@
             wg = {
               privateIP = "10.0.0.1";
               publicKey = "5tg3w/TiCuCeKIBJCd6lHUeNjGEA76abT1OXnhNVyFQ=";
-              peers = [ "vps2" "vps3" "vps4" "vps5" ];
-            };
-          };
-          vps2 = {
-            publicIPv4 = "184.174.32.252";
-            publicIPv6 = null;
-            wg = {
-              privateIP = "10.0.0.2";
-              publicKey = "SficHHJ0ynpZoGah5heBpNKnEVIVrgs72Z5HEKd3jHA=";
-              peers = [ "vps1" "vps3" "vps4" "vps5" ];
+              peers = [ "vps3" "vps4" "vps5" ];
             };
           };
           vps3 = {
@@ -71,7 +62,7 @@
             wg = {
               privateIP = "10.0.0.3";
               publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
-              peers = [ "vps1" "vps2" "vps4" "vps5" "dns1" "dns2" ];
+              peers = [ "vps1" "vps4" "vps5" "dns1" "dns2" ];
             };
           };
           vps4 = {
@@ -82,7 +73,7 @@
             wg = {
               privateIP = "10.0.0.4";
               publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
-              peers = [ "vps1" "vps2" "vps3" "vps5" ];
+              peers = [ "vps1" "vps3" "vps5" ];
             };
           };
           vps5 = {
@@ -91,7 +82,7 @@
             wg = {
               privateIP = "10.0.0.5";
               publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
-              peers = [ "vps1" "vps2" "vps3" "vps4" ];
+              peers = [ "vps1" "vps3" "vps4" ];
             };
           };
         };
@@ -199,19 +190,6 @@
     deployment.tags = [ "caddy" "eu" "apps" "website" ];
     system.stateVersion = "23.11";
   };
-  # VPS2 exists
-  vps2 = { name, nodes, modulesPath, config, lib, ... }: {
-    imports = [
-      (modulesPath + "/profiles/qemu-guest.nix")
-      ./modules/contabo
-      ./modules/wg-mesh
-      ./modules/caddy
-      ./modules/garage
-    ];
-
-    deployment.tags = [ "caddy" "eu" "apps" ];
-    system.stateVersion = "23.11";
-  };
   # VPS3 is the primary monitoring/metrics server.
   vps3 = { name, nodes, modulesPath, config, ... }: {
     imports = [

newinfra/nix/modules/dns/nilstrieb.dev.nix

@@ -37,6 +37,11 @@ let
         ns1 = dns1;
         ns2 = dns2;
 
+        # apps
+        cors-school = vps2 // {
+          subdomains.api = vps2;
+        };
+
         localhost.A = [ (a "127.0.0.1") ];
 
         # --- retired:

newinfra/nix/modules/dns/noratrieb.dev.nix

@@ -9,6 +9,9 @@ let
           lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
           lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
         networkingConfig;
+      vps2 = {
+        A = [ "184.174.32.252" ];
+      };
 
       combine = hosts: {
         A = lib.lists.flatten (map (host: if builtins.hasAttr "A" host then host.A else [ ]) hosts);
@@ -60,6 +63,9 @@ let
           };
         };
 
+        # --- legacy crap
+        old-docker = vps2;
+
         # --- apps
         bisect-rustc = vps1;
         docker = vps1;

newinfra/nix/modules/garage/README.md

@@ -6,6 +6,13 @@
 - co-du -> Contabo Düsseldorf
 - he-nu -> Hetzner Nürnberg
 
+| name | disk space | identifier | zone  |
+| ---- | ---------- | ---------- | ----- |
+| vps3 | 70GB       | cabe      | co-du |
+| vps3 | 100GB      | 020bd      | co-ka |
+| vps4 | 30GB       | 41e40      | he-nu |
+| vps5 | 100GB      | 848d8      | co-du |
+
 ## buckets
 
 - `caddy-store`: Store for Caddy webservers
@@ -28,7 +35,6 @@
 - `loki`: `GK84ffae2a0728abff0f96667b`
 - `backups`: `GK8cb8454a6f650326562bff2f`
 - `forgejo`: `GKc8bfd905eb7f85980ffe84c9`
-- `upload-files`: `GK607464882f6e29fb31e0f553`
 
 - `admin`: `GKaead6cf5340e54a4a19d9490`
     - RW permissions on ~every bucket

newinfra/nix/modules/prometheus/default.nix

@@ -15,7 +15,6 @@
           { targets = [ "dns1.local:9100" ]; }
           { targets = [ "dns2.local:9100" ]; }
           { targets = [ "vps1.local:9100" ]; }
-          { targets = [ "vps2.local:9100" ]; }
           { targets = [ "vps3.local:9100" ]; }
           { targets = [ "vps4.local:9100" ]; }
           { targets = [ "vps5.local:9100" ]; }
@@ -25,7 +24,6 @@
         job_name = "caddy";
         static_configs = [
           { targets = [ "vps1.local:9010" ]; }
-          { targets = [ "vps2.local:9010" ]; }
           { targets = [ "vps3.local:9010" ]; }
           { targets = [ "vps4.local:9010" ]; }
           { targets = [ "vps5.local:9010" ]; }
@@ -41,7 +39,6 @@
         job_name = "garage";
         static_configs = [
           { targets = [ "vps1.local:3903" ]; }
-          { targets = [ "vps2.local:3903" ]; }
           { targets = [ "vps3.local:3903" ]; }
           { targets = [ "vps4.local:3903" ]; }
           { targets = [ "vps5.local:3903" ]; }
@@ -60,7 +57,6 @@
           { targets = [ "dns1.local:9150" ]; }
           { targets = [ "dns2.local:9150" ]; }
           { targets = [ "vps1.local:9150" ]; }
-          { targets = [ "vps2.local:9150" ]; }
           { targets = [ "vps3.local:9150" ]; }
           { targets = [ "vps4.local:9150" ]; }
           { targets = [ "vps5.local:9150" ]; }

newinfra/nix/my-projects.json

@@ -5,5 +5,5 @@
   "pretense": "270b01fc1118dfd713c1c41530d1a7d98f04527d",
   "quotdd": "e922229e1d9e055be35dabd112bafc87a0686548",
   "does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1",
-  "upload.files.noratrieb.dev": "0124fa5ba5446cb463fb6b3c4f52e7e6b84e5077"
+  "upload.files.noratrieb.dev": "90f6a6a82fb24c61fd19643d383ea7c8415f558a"
 }

newinfra/nix/secrets/docker_registry_password.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg QziuzHQxmWyRdv8dUPBWTgnMxFtqR6ttP16Z3XdvD3Y
+Krxmha5J+gTU0DjzPDTDIwz1mW0Q84XR2FgQyPm4bf4
+--- t4Mea1Y35o5t2dhREnp8Zq1AyR4DAWMFW7Vv3CkgGKw
+ìlTS+Ƴ6y­¿rîëOØné<6E>&c`Ï°Êü<>:û³7V»-tf±puw€I¥w“Âøå

newinfra/nix/secrets/forgejo_s3_key_secret.age

@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg ecu0Ic6o+WyT7XhZPo0Yf46bOye2LAgnJ5MxFPTY/E0
+JqJCtQmtxgktMl/4HsHh0uRp/rzEoqT9Z81H9v1RXio
+--- /CmBzuDf0AcCk6rAvEh5SmIMxpwCTjfj9IQtRLv5qYA
+}Œ=5i
+©¨£#ª4bÎpzCaÀjÙnêB†±€ÍN<C38D>%ÚnO Ž³GKÔ´ÖâõƒÏ”ßÁ¼‹Æçé'ÄZ>T“œì<C593>Ù‹Møô<›}//}|–uá–5œªsö*

newinfra/nix/secrets/garage_secrets.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg B17o68OCsoljQLd4yLx1gZbt9zsFhQE8/QJeZ3Gx+AI
+ADxN8iqNN5ApzHMtIXMnMTN4qe/7ba+ZoqkpHDpq9dE
+-> ssh-ed25519 XzACZQ Jp5WvbUVmfecvN95vM6+DQmJicVf4u94Vm0mYtBVODw
+XAdVpk6bAwAU7OQxvedepr3g8HQo5sY5efy3lYhf1xA
+-> ssh-ed25519 51bcvA DUkgjLS805iAsnaCl3B8BOP6cdKOJCx0aK23UEDmTyw
+dUZhXJiYkCZvassxSg0Cgf9c+ta2Oc2PNhLdvHBP24M
+-> ssh-ed25519 vT7ExA 0Z2/GFY2aqO2HJJet3CRSh3yxchGt7AYTzkl0D2aoEQ
+GuMqW7tbsEl/SskgN1hPa0B/aWtet/+pHxmbwsTzPCM
+--- vgf72fLRkTVRtJoxh+qfim9YYELE0W74L6ZVjpo+8vI
+åø=ê&óŸC»íÄŸŸ#À¥ÑÒ/nܤè´2Â9†ØÞøo[<5B>›S+uWʶ¢£4êÕf/hAÈþ#ïþOs_†RV£òEÆÆóÎûúÎVAlžTÏ/¤VΨtµøJNöËUë;ññnGúQïìÝ£ÖO{Áx[ #°¿›†íÏP¨Hß9P®€:z
+ê‰û²å‚yX„Ñ`]%>¨+ÙÞ~)Ø`V–ïâxÛ°€i-ƒã¬Fýªš$xHå)ÒTMcZ

newinfra/nix/secrets/secrets.nix

@@ -2,7 +2,6 @@ let
   dns1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBKoyDczFntyQyWj47Z8JeewKcCobksd415WM1W56eS";
   dns2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZ1yLdDhI2Vou/9qrPIUP8RU8Sg0WxLI2njtP5hkdL7";
   vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R";
-  vps2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX";
   vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C";
   vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz";
   vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ";
@@ -14,21 +13,20 @@ in
   "hugochat_db_password.age".publicKeys = [ vps1 ];
   "openolat_db_password.age".publicKeys = [ vps1 ];
   "minio_env_file.age".publicKeys = [ vps1 vps3 ];
-  "garage_secrets.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
-  "caddy_s3_key_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
   "registry_htpasswd.age".publicKeys = [ vps1 ];
   "registry_s3_key_secret.age".publicKeys = [ vps1 ];
   "grafana_admin_password.age".publicKeys = [ vps3 ];
   "loki_env.age".publicKeys = [ vps3 ];
-  "backup_s3_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
-  "s3_mc_admin_client.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
   "killua_env.age".publicKeys = [ vps1 ];
   "forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
   "upload_files_s3_secret.age".publicKeys = [ vps1 ];
   "wg_private_dns1.age".publicKeys = [ dns1 ];
   "wg_private_dns2.age".publicKeys = [ dns2 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
-  "wg_private_vps2.age".publicKeys = [ vps2 ];
   "wg_private_vps3.age".publicKeys = [ vps3 ];
   "wg_private_vps4.age".publicKeys = [ vps4 ];
   "wg_private_vps5.age".publicKeys = [ vps5 ];

newinfra/nix/secrets/wg_private_dns1.age

@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 LZU5Eg dlH/b9FXAowA5m9KYdF+MirRu9fKXhf76jHXuKA6OAI
+ADHjmdwYkyd24vbi2jbeI9GmFZuf86/Twm48J3g958s
+--- WVLjItfhBqlv55yTzq0/OzfTSfD1ypQfu9EGFf1vUUE
+œ‚Ì<ñ{©„\VLv
+Î+Ôv_<76>#PI§¬ãF%(ã„ ¶²ö>µëôãÈŸ–C'nË
õ1|jN<17>ü<7F>ÒÔT^6ÇoÅâ

newinfra/nix/secrets/wg_private_dns2.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 5bWSnQ Li1ITKUHcUQFJX0NQCaz9Abjf6NjyVGTwE9WAzjJAU0
+UekGYi4xmM88U0BX52iKGWnBTWCGrxMyMeN6zed12D4
+--- MUD9AikW/zNM+W3GiR23pw95ZsDhsxZVn5EMqr0X+DU
+Ê‚ý×]?@¥êTHôÀ]~œ?7qéãýŒÍ"W…+`·Ñ<1A>¥+Lµ]ö­‚»Êaœ­ÎSx*¥¹]6’Љf¹îÀ

newinfra/nix/secrets/wg_private_vps1.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg 4aRY2+KMkGoSJtRfdkTRwIj6bYGSQJvJjq669297MHE
+Kjf7jo93e4oMRKmN5u3Xa3CUpIp9bZPoUAGqjdgOulw
+--- wapYiQbpT4gfZyI5cMnB4O+LdM9PvsUxM7nTv954nNg
+õš<EFBFBD>ê÷¤eVn?Õ]¥ÁÁøÅ<C3B8>—3!l0•„†<E2809E>Ñâر°ñó«ëõó<¡ [œƒŸo¯¶ø[?Ý®ä<C2AE>¬í·¦ÓB'ìWò—(‡•

newinfra/nix/secrets/wg_private_vps3.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 XzACZQ J67LUjHa64q/z1K8zZpx1rsnoQ94NzhkeXEpfNr4ZVQ
+dy5Tre9IicxhLBHoqvQAZepG7bNg2dEXFT5iPRcWOcA
+--- 9dJKhJeue6VNi0Sw05BX/t8jsxXyRIKz0K3/sy0kT7w
+Ýh9ÎÛËi£·ÀÍs¡ØâM
=TnÕw€W)<29>õ€Ûòêã²›îÃ\ÇÕ<2*%æ_ëå×ܳ¿«ôgÇLñõN‹5c—D5ô@áÍ»ÂØ

newinfra/nix/secrets/wg_private_vps4.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 51bcvA P7ouUh98Mfi9Jsu6MDWaWH0NB2alXRIK8hxBIs0Nylg
+tUZ1sWLlvPizsSWhK3fnVVhr4C9Ign5rwowxePGXFII
+--- PHPizXT8GPP9mIFg1paqqc8w3qsX63XpLkeT0APybik
+—´B§?*8-nËLsÍj<‘ k*.@¯ªœé6K‡Ug ‹×'8¼
Ñ#Žòíhç.l~Sà3£%¶šÀ!ŸVYK•l¿R¾ ´Ôؘo

newinfra/nix/secrets/wg_private_vps5.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 vT7ExA 9+j3VYkFAW1obbLc31nv+45SyPMqH1zZPkI+PU4lVH8
+G9QkkyTNH499EWhjiXCyXt7HgHlzJTZsaLiR+yOF18E
+--- vq7bT3yTioJ1UsD7hSu5jyYKhOE6UMIMsosu4f5pK1w
+Q±<>žž¹ýÁ˜ÅVÐé#<23>(7èýÎEYÉÛÅÌ\ú££Z¨?GÙ«ç_CÛI¦îЉgNi´V¯å‘e]•¢tx@¸w+

newinfra/nix/secrets/widetom_bot_token.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg sAwuep3NgetXEKK5N8ZFP6Y0IDAGtTLIXH1hh5L0Hyc
+8pB7uytmRSkJMKi5S9YSLHKLgpYKkv5w2WaKaJL9sT4
+--- JucAnOMMuFLpIyg9t+Azths9ttk6by6SKcMWA6Cwa+0
+v§õ‚Ð(TR›Í˜ä´<C3A4>JpÂDòÀ%J—*^îl–—ß±‹½ÂY…/‰§ê'®zBÙž˜Áë÷4§±GÛ6Æ·(å‹/\,Wérææ7éé
eón€%á²@<40>

nix/secrets/docker_registry_password.age

@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 qM6TYg UtoSFhZQ2PW1y3ifXgSdQQswoi5kdRg2gvczlEateC4
-ir2FpFkYo17MGBy+C4thM4lit7vn2CiBi09DcTb6ubs
---- YvRhsfFzedjeKssmOTzHvKkvIG0zXVVCIJsRNc/LTVg
-:Ë €KîÞ$é†Prm;Û·ûÎªæ ¹Œö+é	ÚqE@<40>Àv]’¢Ôòm =Í™'Sm

nix/secrets/forgejo_s3_key_secret.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 qM6TYg GNYf0FjEDEqCe09mS9Hl7OIIjvhKTu8urwUPtY+yyB0
-xmAtm4n3s0rfq3S5OKFEG2k/noXFTKMt8hiW5QrD9SU
---- HGBYxXQGM254m2YP5twgjgDme80f0uOL2m4uKy19ZBs
-ÖÂ(
-Õ×åÇÄT
-‚®à±Öì{’ÙõF“ü-\ƒ6{mítÏæÊMÑ-óX{‡%bQd]E³’Éàü]i¸úãË}F»2¸$7¤ö#k4“;8ZžGþ_‘oÛ
–¼

nix/secrets/garage_secrets.age

@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 qM6TYg F9aj1EmsmRSXt1m3a41zpuwFmDBOuuaIrHkqP7PTVno
-tVs8Oxa9gV/HdUf0hN/JLuWhbrXI9BXIrsh5HnsKBQI
--> ssh-ed25519 pP9cdg dQdPm3OfbWl5Y8kJxmsUZ4rwpUo8w3+P3CHCiXw9VCw
-9yWbGgzgBz9GICAgYiOyPtMjDk/tBb4vsOveTuYP9bw
--> ssh-ed25519 XzACZQ 4lldtotM16DN/75dRX3QEmOzfIEySHcNOlFWqymI+Rs
-oOaD7dZu0xC0R7CrVpfwoBU7eSgaWyJmAZ4WptCQdes
--> ssh-ed25519 51bcvA k9eq2Tc3A9MztsdTvt3sDYUj/usYBJMp9IJQZAR67Ac
-ezccfIhPZaHKsVcUrxJL7u3jSA/kCTqLmWuQfxrFQBo
--> ssh-ed25519 vT7ExA BOCylq1RqaburnXxfsl3xqAmGSJnIxVhXK8H2xeFynk
-OWhqsbJgHWlo3hsRZVQgEaArK32OI25N4Poi2qJ9wQs
---- bBQkNfDI0onJOyxOJIN3Yl2jkK5iRgYbK67RWsipXOE
-3‡ýåA9â¯ÒAÕînÛ¯t•y®ßÚCj-îž{ÏŇâ)ô6¬DfØOÆQ¹Ü}'_n†øÈã‡>UPêNæDRŸÀÁª¨ûÊÆþ-<2D>¾„…éÂ"‡´úÛâšÙ?À>)E0<7F>™‡v(~7 eÍC¾O\UJJüŽ$SÂ8èá`€F«˜ÄíšQ§0uÙ3õmH•Ž~P÷Ž£ŒÅLqfõ~ºi¸Æn]‘=rSre#²wGŒ ³¥@ß|X#éØ÷’Â

nix/secrets/grafana_admin_password.age

@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 XzACZQ g3qlnIBoRdlhvAhDd1oLC7sdWAYGw5FobFAbOp0Eamo
-FGoPMBeNp63zkvTml9cnXspAS65/G2+3hzaeMu/ack8
---- /cGmX9i8KBgLSiv0HC7QGJoF5+C6wBHbBOhoIw5iRIE
-í?Þ³¸–[%‹N+ueeá8YÀЕFÞÇkM<6B>¯x&k+jŒì­ö¹œƒfW*U4½Ìß&“d˜ymNb¬úÀ?AcœiÝ€‡„á:n}<$]˜Ã‰Œ•0E¤má=/U6-j½