clara/nix-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactoring and cleaning up

Browse source
This commit is contained in:
CDaut 2025-10-31 21:29:30 +01:00
parent 7113bb629a
commit 8df968546d
Signed by: clara
GPG key ID: 223391B52FAD4463
15 changed files with 169 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -11,13 +11,14 @@ keys:
- &paperless age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr
- &vikunja age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc
- &nginx age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz
- &wg-server age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8
creation_rules:
- path_regex: secrets\/all\/*
key_groups:
- pgp: [*clara]
age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx]
- path_regex: secrets\/wireguard\/*
age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx, *wg-server]
- path_regex: secrets\/wireguard\/cube.yaml
key_groups:
- pgp: [*clara]
age: [*wireguard]

6
configs/containers/forgejo_container.nix → configs/containers/cube/forgejo_container.nix
View file

@ -4,6 +4,7 @@
targetHost = "192.168.178.37";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
};
networking.hostName = "forgejo";
networking.interfaces.wgbr.ipv4.addresses = [
@ -13,7 +14,8 @@
}
];
imports = [
../container_config.nix
../services/forgejo.nix
../../container_config.nix
../../services/forgejo.nix
];
}

5
configs/containers/mastodon_container.nix → configs/containers/cube/mastodon_container.nix
View file

@ -4,6 +4,7 @@
targetHost = "192.168.178.81";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
};
networking.hostName = "mastodon";
networking.interfaces.wgbr.ipv4.addresses = [
@ -13,7 +14,7 @@
}
];
imports = [
../container_config.nix
../services/mastodon.nix
../../container_config.nix
../../services/mastodon.nix
];
}

5
configs/containers/vikunja_container.nix → configs/containers/cube/vikunja_container.nix
View file

@ -4,6 +4,7 @@
targetHost = "192.168.178.107";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
};
networking.hostName = "paperless";
networking.interfaces.wgbr.ipv4.addresses = [
@ -13,7 +14,7 @@
}
];
imports = [
../container_config.nix
../services/vikunja.nix
../../container_config.nix
../../services/vikunja.nix
];
}

5
configs/containers/wg_container.nix → configs/containers/cube/wg_container.nix
View file

@ -3,10 +3,11 @@
targetHost = "192.168.178.123";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
};
networking.hostName = "wireguard";
imports = [
../container_config.nix
../services/wireguard.nix
../../container_config.nix
../../services/wireguard.nix
];
}

5
configs/containers/zammad_container.nix → configs/containers/cube/zammad_container.nix
View file

@ -3,6 +3,7 @@
targetHost = "192.168.178.110";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
};
networking.hostName = "zammad";
networking.interfaces.wgbr.ipv4.addresses = [
@ -12,7 +13,7 @@
}
];
imports = [
../container_config.nix
../services/zammad.nix
../../container_config.nix
../../services/zammad.nix
];
}

19
configs/containers/mc_container.nix
View file

@ -1,19 +0,0 @@
{ lib, pkgs, config, ... }: {
deployment = {
targetHost = "192.168.178.65";
targetPort = 22;
targetUser = "root";
};
networking.hostName = "mcserver";
networking.interfaces.wgbr.ipv4.addresses = [
{
address = "10.8.1.2";
prefixLength = 24;
}
];
imports = [
../container_config.nix
#../services/minecraft-server.nix
];
}

5
configs/containers/nginx_container.nix → configs/containers/netcup_pve/nginx_container.nix
View file

@ -4,6 +4,7 @@
targetHost = "10.0.0.2";
targetPort = 22;
targetUser = "root";
tags = [ "netcup_pve" ];
};
networking = {
hostName = "nginx";
@ -17,7 +18,7 @@
};
};
imports = [
../container_config.nix
../services/nginx.nix
../../container_config.nix
../../services/nginx.nix
];
}

14
configs/containers/netcup_pve/wg_server_container.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, pkgs, config, ... }:
{
deployment = {
targetHost = "10.0.0.3";
targetPort = 22;
targetUser = "root";
tags = [ "netcup_pve" ];
};
networking.hostName = "wireguard";
imports = [
../../container_config.nix
];
}

66
configs/containers/paperless_container.nix
View file

@ -1,66 +0,0 @@
{ lib, pkgs, config, ... }:
let paperless_dir = "/mnt/paperless_dir";
in {
deployment = {
targetHost = "192.168.178.101";
targetPort = 22;
targetUser = "root";
};
networking.hostName = "paperless";
networking.interfaces.wgbr.ipv4.addresses = [
{
address = "10.8.1.7";
prefixLength = 24;
}
];
imports = [
../container_config.nix
../services/paperless.nix
];
# set up secret key
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
smb_uname.sopsFile = ../../secrets/paperless/secrets.yaml;
smb_pass.sopsFile = ../../secrets/paperless/secrets.yaml;
};
templates."cifs-credentials".content = ''
username=${config.sops.placeholder.smb_uname}
password=${config.sops.placeholder.smb_pass}
'';
};
# Mount paperless directory
environment.systemPackages = [ pkgs.cifs-utils ];
systemd.tmpfiles.rules = [
"d ${paperless_dir} 0777 paperless paperless 99999y"
];
fileSystems.${paperless_dir} = {
device = "//10.8.1.5/milo_paperless";
fsType = "cifs";
options =
let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
[
"${automount_opts}"
"credentials=${config.sops.templates."cifs-credentials".path}"
"uid=paperless,gid=paperless"
];
};
# Paperless needs the share to be mounted
systemd.user.services."paperless-web.service".requires = [
"mnt-paperless_dir.mount"
];
systemd.user.services."paperless-scheduler.service".requires = [
"mnt-paperless_dir.mount"
];
}

60
configs/services/wg_server.nix Normal file
View file

@ -0,0 +1,60 @@
{ lib, pkgs, config, ... }:
let wg_port = 51820;
in {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = lib.mkDefault true;
"net.ipv6.conf.all.forwarding" = lib.mkDefault true;
};
# set up secret key
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.wg_private_key = {
sopsFile = ../../secrets/wireguard/secrets.yaml;
};
};
networking = {
firewall.allowedUDPPorts = [ wg_port ];
firewall.rejectPackets = true;
firewall.trustedInterfaces = [ "wgbr" "wg0" ];
interfaces.wgbr.ipv4 = {
routes = [ ];
addresses = [
{
address = "10.8.1.1";
prefixLength = 24;
}
];
};
wg-quick.interfaces = {
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
address = [ "10.8.1.1/16" ];
listenPort = wg_port; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file (see sops).
privateKeyFile = "/run/secrets/wg_private_key";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = "AJ1nr0/w8OvsNq5Ju//m4856u7yY0hlPGMEGeZtlhlY=";
# Forward all the traffic via VPN.
allowedIPs = [ "10.8.0.0/16" ];
# Set this to the server IP and port.
endpoint = "202.61.230.52:51820";
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
};
}

2
configs/services/wireguard.nix
View file

@ -10,7 +10,7 @@ in {
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.wg_private_key = {
sopsFile = ../../secrets/wireguard/secrets.yaml;
sopsFile = ../../secrets/wireguard/cube.yaml;
};
};

14
flake.nix
View file

@ -12,17 +12,19 @@
specialArgs = { inherit inputs; };
};
wireguard = import ./configs/containers/wg_container.nix;
wireguard = import ./configs/containers/cube/wg_container.nix;
zammad = import ./configs/containers/zammad_container.nix;
zammad = import ./configs/containers/cube/zammad_container.nix;
forgejo = import ./configs/containers/forgejo_container.nix;
forgejo = import ./configs/containers/cube/forgejo_container.nix;
mastodon = import ./configs/containers/mastodon_container.nix;
mastodon = import ./configs/containers/cube/mastodon_container.nix;
vikunja = import ./configs/containers/vikunja_container.nix;
vikunja = import ./configs/containers/cube/vikunja_container.nix;
nginx = import ./configs/containers/nginx_container.nix;
nginx = import ./configs/containers/netcup_pve/nginx_container.nix;
wg_server = import ./configs/containers/netcup_pve/wg_server_container.nix;
};
};
}

119
secrets/all/secrets.yaml
View file

@ -4,96 +4,105 @@ sops:
- recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaWFLVVVrallkZEJGZkJm
bFBaNzkrRkU4MFVJZUxiSGZWdldSVGJLV2tNCnhod0g5emhQdExiMjhmb3Jxa2c0
bStqbnN2UnE3S1RIbi9iU21ITWZ4NlUKLS0tIGVrYjFVbGNOUmFvSXFBQzNraW1T
bWdvTG90S1pvVHJ0NUFqd2FCemp5Sm8KuNksM73Cd9Z+ecMGpIAhJieozze37ThN
u8dLFFdnv2MWKqOvK99yNcUCvkKOY5VN2hCT+vfqt/9pek76eUaDog==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZ1huS29WQldXeTI0YjhS
NHB0TStqZ2Q0UTZRdnIyR0U5N1dld3VDRVN3CmxsMGxwY2tKWEVGRkVPdk9MWHdj
cHc1UG1kbUZHQ2VGU2xqejI1WEEzVzQKLS0tIFdxdm9wdit0UGVQSkxmQUxlTnNV
T2hwdHdvZXVDTzNZRGt3YWlqUCtOcEEK9uRwxAGZxS3dEUtmwOf8buol0K3sY14X
g64a7jWbtWsgltDbchs5WabpjQOPnvd5HP9fCc7rivtMQ1dzg2sJ6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jlt47gkctq7vfrykqlyg9um5mypy872pvtfql7kkpvhnemlex4mq89a3a8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbitVenBHYWswWlpKb3NG
SG5VVERDQkc2Um1GV1ZkN0xzeW1iWlpYR3pBClIvNWRqOFA1SjJPNENqWjVRaXZR
R3ZmSzJxcGhyNEN5eGk4SDdnTnFFcHMKLS0tIFA0cThkTGtxdjUvVjJKVGY2aU1n
WENOM0cxRmF2TlBmRXFqU3phU2tDSDAKOiT/zbpRRmiQstLAJw1Mip4eoZ/OuCAW
qeK7wczzwZOnAcfUOdgjjOBFy9prU/AdcfH0I3THASgrIG8xrmHSKg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMaXVKMVNBUEl4RTVXanE5
QzlFNDdiM3VrOHhTTWR2dTFDSEc5ZGxOMTJnCng2K3dZb1hrODJqTEJyTXZ3NW9z
U3d2TXpWUWM0bTZYZmdyQ1ZCYjFnZEEKLS0tIFFpSUR4alR0QnJkV2haR1BUQW9q
d3U4MXhBOEo3OUs5RlhFQlJrMG5KT1kKm20+DM0YUnfpz/b4vnQk8URUBGb8IE/A
yuADRQnLaX+bZbn3NWfthXtNJk44odwcnVBXRXg95wSpPy4P8/ZUig==
-----END AGE ENCRYPTED FILE-----
- recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHc0RiYkN1eFpCaTFlVmpW
TEtyRUh1Ty8zTlZOMmVDTkFVOEJVTHhmTEJjCjhsdjZKQ210am1acEQyZ3pleVJ1
ZlN5dWdqampvaWl2SnVsRFRFRGw5Vk0KLS0tIE1PV3RGMVZoMitDME00S1M4alZz
TEw1K2ZKaDBMQlhBcjRoSFc3Zk5MRjgKoktTEbB/HEKlcNiS8jYQ5GqqhoL6K2/J
sMW42vi1a4Dk/+dRAMsmVjhSZiROhSA+1XaMByLBCHOVSdFEcdNgGw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNytGbUZ3VGp3NXM3N09l
ZnQ3SWppUXd1bkMrdzVlckRuUkdEalgra3hjCkZtbTVaaUZhTU44RXYzYldhNmtZ
VWx2Yno1NWwzSTR4Y29tR0twTGJvZ2MKLS0tIGpRZGZSbkhDY0x4bjNQZmhUd0M1
WW9Uclh5YVZPaEdKdG8wSFlIU3Fnc0kKuK47ES0P0haKTIRwHzop57DGntpbsOZu
eNBd19cpMgerEE0Xfj7Z6iey9IkY3RtszMZafWamZAnJQXpF/KA3ig==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUFNuekl6cnBrb0h3cytV
V3Z4dnBuOGZ3SE5CNEp3V2Facisvb0tLUERnCjhuSU9MTnhnYThJQ0dIUzRmNzY5
S1gzaTMxQUhoTXFTU0NXdThPT25Tck0KLS0tIE1uNVJaaHl4V0RmQWR0TzZ1SW0w
ckZMdVlkWHEvL0RPL3pyeStPNmtiMk0KbIhfCRvpRv+vVrqVfLpjEKdSs68GJ2NE
gbdqKRlnyPe+uZNpZmgP2sNH9QdJvGpvrnxQPZ4j/s7aIFhvHSYY1g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQm5zQ2RmTWRzSFI4OWJw
QU54SmFiZzlSRllvd2RTOXIwWnRyU1FPZnpRClJNMk1CRExhZk5VcHlBeWhDTmNp
UjVmbytNTlVVVW1Vc0VTSVZZYTRodmsKLS0tIFF5TktPNGI0ZHlMdTVrYTVoT1pi
d0pPV0oyYTRNZlRpZFBZSjVQMkxEemcK/N/a2myjrrv8L7CpxDrBhsiSU+hUMs/h
+DKVgFQX8vRuwsAJw+Y8X5T+I8fIj6rvPn5nb6OSJ/BDdDTHwYXE8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Q3JoZ2lPN2s4L0MrcGtn
MjM5ZjdMRzRKVXU5azdmY2kzOTMzUkYzeFdFCk5qbDFGQUtReDNDWUhKWjRaZzQx
NEZqWTkvd29sY2NJSTRWcDJBTC8rd1UKLS0tIGFPS1g2OEdmYmZvRE9jZC9oNG9X
andaVldXZS9Jc3FOTWdvbUhVVUtONU0KThDBMfftZBn7WeoIBx5CTv/hJtjvbXLA
+6KmZSoG3VPMzqdOy61s8RbZqwKMzeWl1ydHIvKcyvo2BmJSAZ/6CA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaXRCYWZ6WkM1NEdjb0N1
UFNJYXRPSGpXbWh5TmtQSHJZWlBKMHhEdlFNCkVjaWtSMFlqZFdxbVJTZm90V0k2
RVBhNlJqT29GcW9NdDlOWkxuRzdmNmcKLS0tIDVIb25FVlVqRzdQMGhJcFhkckVt
eWJNem1ubmUrbm9iSktGd2IvRmw2Y2cKfxGQ/dQsdNOkUZk+XPmdcdy3bWy3LU3G
vwo5yU9WKYmRy4Ag/pPPlhG4g+/x1nGVxTL2n5yTx7r9yIGMLeDGRw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRWMxSzR4eUJnMFpBOGRJ
RzRIczZxbUdjUHRoUU4zYytwcUlMZWE4Q1JZCklWNXh6WSthdXdZTHVoWHJjTlYr
Um5UMlM0TVBoTTEyaXlyYjVpbXVPYXcKLS0tIGVWRjhaZC9DaGgzOStaaU85ODlW
Zm5ZSDd3MGpFVmtZL0c0WWV1M0ZKT2cKOm+HUuHskz6RsQVsVW+OcRr90yBqeNa3
PlgWRJ05uh8XETJVoZTkcbvyw7ZWWJzPzYCus1lWg1W9xVcsJwAn4Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTnEwWWw5amg5TXdhNTZF
YnBqTDIyWDdGd3Z3Y0wxdUFUdDVrT3RVaWw4CjBqSEgrd0ZKZ0libnFTUTZleVpo
cjlHL1BvenI1NVlGY0dCSTNiRERvZlEKLS0tIEhGWnlRcXFxUWRHQlpHUEp0QmZY
WHlsblZ3VE9UbSt1KytsWTQ4MFRpUTQKMw5z74qSTlq6EQCXbv630mr4M0jBPBF9
b7K1jFF5VGXB3ESgjVpaDRW9ug9rfTIAyxhAzFjxHHl3M2/hKkUByA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bjVmS1BIK2k5UFZBSnlv
UXNmKzBsNU4yUVgrS05ta0c2VloxME9rUEIwCkRYM3ozVDZxallXRDVpMXpXelQ3
cWMxbzllYXYwQ3BaVWxHTS94czFWUUEKLS0tICtObVczWlVSYlc2a1dib2Z5YVRx
TVl1TFk1bW9mNEN1ZURQdXZpVDNPWmcK2n2SyP1Hu+kQqJ8Qegu67olwBnAd8Bpz
2who1jOs6/y7JSuXFTLKTkr60atqpjMwHRJbzL/0/jkij0fyVwmgEw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbllldG5DKyt3MlNjVWNu
dkpJTGppVGlZSDRaSGgvTkR1dVFzVWRwN1JrCis1ejJkek4vaW81OVFJb0lEWk1V
ZTlMNzJ0SEc5Um8wQlJuakhQRjMzc2sKLS0tIGZOOGpUcURXTXE2YzhvL0ZFZXdQ
Ujc2cnV1K1YrMlU4dytGRDJmK3VDWlEKWZ3a9WShCmviAgbzXOCqLi9LREMMPwSz
8F3dTMaIxgB9ALcDoMng80eFpabU25eBp1zscQ8k4oudSe28mo0Dnw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTzZGMUQybitqcFpkcmFL
dnZXOGZCbTJMazZOM3FObXVSZGdpY0xCcTB3CmhnVDJ0OGxOVU1YZzV2Y05tV01r
aDBVcTdaSU5neUNMa3kxTkxiaTd6NTQKLS0tIEJVS2JpT2pQeGNuWTRvYUZCQ1Q1
TWdOc0g3aEZRTTZCUXVVbCttWjNLcUkKUDAOEIGxztVtG+Y7hyZuedPTvCH25Nt2
ECZpPN+QeMtwQ21eFC9v95RLrY97SV9TD5DgzZim06hgAcQq1ST2gg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzL0gyRzZFY0sxRVpLa0t1
d0NIR3R5b0d6NUdaL00vZkFFdjBrck5FVVRRCk4waE8ydWkreHZNcS80dGtqVGVh
MjdWZmxOemtRQWlKdDFmVkpHODZqY0kKLS0tIGh2U1FJNW4rbWx0MGRPMkUzSFRn
TEJBaDd4RG91SlZkalo1eU1EQVROR0UKowKLTT/WyFzNnD0rdgCWVEjuZDYIoz4J
5Il2kJy0OOyYD0ez5Kf0k7wouhAGSlib6jn4OGlrcmSOv6+5JTMK1w==
-----END AGE ENCRYPTED FILE-----
- recipient: age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q21kMkhnRWZoT1RsdnFl
cHlxdW9EL3dNU0tscUlKdng3d0p2VklVU0c0CjJDM2xScG9TdHhhbWJoUm5ya2lO
TXZFRlZlc3czR3NRQ2VOQ2xFaWxiOTQKLS0tIGdtQkt3b0pnMkpuRTQ4YTRRRDhC
a3BFa3QyU3RJMVBmRHRDVmJUVXZMZEkKm2ARYzkaf4U6StNqfGUIoGJr23gYYc3H
PoSmPPAS9EEmdxPfJ+MwK0Lb7gwCJ0nMwf6CBxzp4dRVhxGbW3+vjg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-08T15:38:19Z"
mac: ENC[AES256_GCM,data:IoqrJyCNad4/OFH6y24kYMwnkF3OWfsw77POg00btvw7FoPoaSJ76RySMs6hgWs202bDYSDi44OvbgCVeNPkhe9eyM0gwF0Gf0cE3wirc+qj2qfL9/lMOTZm02WymMglJf6xTcPo3BH00XryR7ptid9+WrB0S2aBVNlcXSBwpzY=,iv:aLI2SyUzWqp/4XFPhogq2vq/u47bs6Gmgc/PRMe+GmM=,tag:jVnW7EkqDRfQluGTiw0olA==,type:str]
pgp:
- created_at: "2025-10-30T11:25:33Z"
- created_at: "2025-10-31T20:08:22Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzwtBoBqH5ZOARAAqVknm2mmAFX7nYejdt0rla0inc3/3dnDzVgwoAmMplTH
eI+3Ri43KRz5ohNxKqC4OtalOLdPC4uYo6J+zTY13vkGqJKrryOhdpISv2CABop5
sHtykv1Qce2mFFn/MBHi6k75E8lyBV5WkTKhKEAi8CFRF53XeQdVk4omBhp5O1q2
gBO2jo5gR36fHo5xUxeEd1sHGpdYTeKA7YQa2NhuZkL7xoRww1/Olc6oah3wyNX9
aQHjqYbtbbt9W0VirdHk5FYQb4y1I3HYnbfzOC8e74Ae1ioGwgcS7wLHIChaDPuC
mKjtk/L+nFW+cLMZFykPN6+OHX2zNoNxgWP0u9RHtVxBPqrZixfMcdAA+5Oyab0h
7u4KKCBcRYpzW1kKXebLzXn56bpiySWVEjS+6JNUU7y4CgIK7iGYLVZTzkVpC2NA
Zva+bje3lEb6Emhu2HBoUtzEzk097BfOeQKCaep5hZHOzh8TombOQRBG1E7gGXDZ
HlQCOdCvJR73Xpl9vXBBSNyykUN6wPZtoJhbcRL/TtAA3wV+IhNJ2tNUxj8qaCVb
Q7zmNOU1OqcSBbXjIPs9zZGizA1mEKPGCwQULuztt7x83y9e1VK+EAs2hd7dc3V/
va96T17jgcvknhneen2LBgbwbaQLYljnl2nAyPWVlhnXonReN1XwPG9VrSOGsQvS
XgHwxNiW3AtttmLDIC4pWfFuL81dHmtuGyUxQrkVVbH6Q7zKGkKyFDAGu5IkvCRj
5TSuPUAkfITvdi8U2cgBcBfGUsah5hb1S1aFsNrgTxtvchENR/6lJu8/xatIrVE=
=xCKw
hQIMAzwtBoBqH5ZOARAAuXkdBPigYqSNhd6iO8RNlvz/x0DLIi4DXKBb9cIaYnWU
plHRxDTAQIWYi8TRPWc0tsFVn6h2U0TuC/wBYJQJNtCJVfD6YtJAEoiWG84EwnJ+
CNeCTfgd8Opni93X2buRtGiibwVPJSeBsTFj9cPcdOwoFSHVP2HnIRF/V8RTzSv6
PAbbDdl31CoaxMvAxB4RK4zcACoRQjBtg3JnU/JKaisiVpG9hrdP/XxffDcgxlCF
oXtNEr/fB/HpE6Rs0NEMJWfd/jBnklywo6tV9PUlmVuALMOlVD7VUP2HL55G0JEu
1X5wcPKHAfQ9MHkJPvc8IhbP582xqza9RZNJV9qFVuteQVVX4eTgFdH1TalpGTwa
pvWAZEal0VPIF00Bzmvu9LCeG5NXcvKouAy/+qViXtcMO4fcluzZN1mVVbbh56DH
Av/21Xnc+pkBKl3O7jBwYozg2PJuNjetRiOcJTaHp5O/LkZCHJrKj1RGaZVmJPyU
pw3SZe8HvP8MnsgkcPxhBglqiiPDMaHCsUFFwEbas1jjZTkI0AtLTIuNNs6us/j+
5yKe23TJDPUev/mdr5ziwjVy56V50oElwIxsETybgOSYU1ErK1Hee7bdRvOstaVe
s8tT9X1MI3woYJ6j77pEp0CpLZy6n0q2Qv0on0ZLXsAt3QZhGGguipZh9VXvgT7S
XgH0rGqUFwcL3MG10IL1znHCyjBx415dDVmx6w8TYv82FYsY/Y39BNk50bW1gz4l
VfASFvk2QpcU3jzqPzgNeVyBCUZBuQYzsr327LNDM0uobZjrKZICBWLUt5O7sRE=
=+lQp
-----END PGP MESSAGE-----
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
unencrypted_suffix: _unencrypted

0
secrets/wireguard/secrets.yaml → secrets/wireguard/cube.yaml
View file