diff --git a/.sops.yaml b/.sops.yaml index a2f4e2d..999a2c8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -11,13 +11,14 @@ keys: - &paperless age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr - &vikunja age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc - &nginx age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz + - &wg-server age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8 creation_rules: - path_regex: secrets\/all\/* key_groups: - pgp: [*clara] - age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx] - - path_regex: secrets\/wireguard\/* + age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx, *wg-server] + - path_regex: secrets\/wireguard\/cube.yaml key_groups: - pgp: [*clara] age: [*wireguard] diff --git a/configs/containers/forgejo_container.nix b/configs/containers/cube/forgejo_container.nix similarity index 78% rename from configs/containers/forgejo_container.nix rename to configs/containers/cube/forgejo_container.nix index dc09d55..775f026 100644 --- a/configs/containers/forgejo_container.nix +++ b/configs/containers/cube/forgejo_container.nix @@ -4,6 +4,7 @@ targetHost = "192.168.178.37"; targetPort = 22; targetUser = "root"; + tags = [ "cube" ]; }; networking.hostName = "forgejo"; networking.interfaces.wgbr.ipv4.addresses = [ @@ -13,7 +14,8 @@ } ]; imports = [ - ../container_config.nix - ../services/forgejo.nix + ../../container_config.nix + ../../services/forgejo.nix ]; } + diff --git a/configs/containers/mastodon_container.nix b/configs/containers/cube/mastodon_container.nix similarity index 78% rename from configs/containers/mastodon_container.nix rename to configs/containers/cube/mastodon_container.nix index e17bef0..b9f0255 100644 --- a/configs/containers/mastodon_container.nix +++ b/configs/containers/cube/mastodon_container.nix @@ -4,6 +4,7 @@ targetHost = "192.168.178.81"; targetPort = 22; targetUser = "root"; + tags = [ "cube" ]; }; networking.hostName = "mastodon"; networking.interfaces.wgbr.ipv4.addresses = [ @@ -13,7 +14,7 @@ } ]; imports = [ - ../container_config.nix - ../services/mastodon.nix + ../../container_config.nix + ../../services/mastodon.nix ]; } diff --git a/configs/containers/vikunja_container.nix b/configs/containers/cube/vikunja_container.nix similarity index 78% rename from configs/containers/vikunja_container.nix rename to configs/containers/cube/vikunja_container.nix index 3dd1223..7d1cec8 100644 --- a/configs/containers/vikunja_container.nix +++ b/configs/containers/cube/vikunja_container.nix @@ -4,6 +4,7 @@ targetHost = "192.168.178.107"; targetPort = 22; targetUser = "root"; + tags = [ "cube" ]; }; networking.hostName = "paperless"; networking.interfaces.wgbr.ipv4.addresses = [ @@ -13,7 +14,7 @@ } ]; imports = [ - ../container_config.nix - ../services/vikunja.nix + ../../container_config.nix + ../../services/vikunja.nix ]; } diff --git a/configs/containers/wg_container.nix b/configs/containers/cube/wg_container.nix similarity index 68% rename from configs/containers/wg_container.nix rename to configs/containers/cube/wg_container.nix index 22e7c89..b693c60 100644 --- a/configs/containers/wg_container.nix +++ b/configs/containers/cube/wg_container.nix @@ -3,10 +3,11 @@ targetHost = "192.168.178.123"; targetPort = 22; targetUser = "root"; + tags = [ "cube" ]; }; networking.hostName = "wireguard"; imports = [ - ../container_config.nix - ../services/wireguard.nix + ../../container_config.nix + ../../services/wireguard.nix ]; } diff --git a/configs/containers/zammad_container.nix b/configs/containers/cube/zammad_container.nix similarity index 78% rename from configs/containers/zammad_container.nix rename to configs/containers/cube/zammad_container.nix index 3d9510a..042c4eb 100644 --- a/configs/containers/zammad_container.nix +++ b/configs/containers/cube/zammad_container.nix @@ -3,6 +3,7 @@ targetHost = "192.168.178.110"; targetPort = 22; targetUser = "root"; + tags = [ "cube" ]; }; networking.hostName = "zammad"; networking.interfaces.wgbr.ipv4.addresses = [ @@ -12,7 +13,7 @@ } ]; imports = [ - ../container_config.nix - ../services/zammad.nix + ../../container_config.nix + ../../services/zammad.nix ]; } diff --git a/configs/containers/mc_container.nix b/configs/containers/mc_container.nix deleted file mode 100644 index 244b8dd..0000000 --- a/configs/containers/mc_container.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, pkgs, config, ... }: { - - deployment = { - targetHost = "192.168.178.65"; - targetPort = 22; - targetUser = "root"; - }; - networking.hostName = "mcserver"; - networking.interfaces.wgbr.ipv4.addresses = [ - { - address = "10.8.1.2"; - prefixLength = 24; - } - ]; - imports = [ - ../container_config.nix - #../services/minecraft-server.nix - ]; -} diff --git a/configs/containers/nginx_container.nix b/configs/containers/netcup_pve/nginx_container.nix similarity index 80% rename from configs/containers/nginx_container.nix rename to configs/containers/netcup_pve/nginx_container.nix index 9ec30e1..3fb2262 100644 --- a/configs/containers/nginx_container.nix +++ b/configs/containers/netcup_pve/nginx_container.nix @@ -4,6 +4,7 @@ targetHost = "10.0.0.2"; targetPort = 22; targetUser = "root"; + tags = [ "netcup_pve" ]; }; networking = { hostName = "nginx"; @@ -17,7 +18,7 @@ }; }; imports = [ - ../container_config.nix - ../services/nginx.nix + ../../container_config.nix + ../../services/nginx.nix ]; } diff --git a/configs/containers/netcup_pve/wg_server_container.nix b/configs/containers/netcup_pve/wg_server_container.nix new file mode 100644 index 0000000..f4e0535 --- /dev/null +++ b/configs/containers/netcup_pve/wg_server_container.nix @@ -0,0 +1,14 @@ +{ lib, pkgs, config, ... }: +{ + deployment = { + targetHost = "10.0.0.3"; + targetPort = 22; + targetUser = "root"; + tags = [ "netcup_pve" ]; + }; + networking.hostName = "wireguard"; + + imports = [ + ../../container_config.nix + ]; +} diff --git a/configs/containers/paperless_container.nix b/configs/containers/paperless_container.nix deleted file mode 100644 index d10933e..0000000 --- a/configs/containers/paperless_container.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, ... }: -let paperless_dir = "/mnt/paperless_dir"; -in { - - deployment = { - targetHost = "192.168.178.101"; - targetPort = 22; - targetUser = "root"; - }; - networking.hostName = "paperless"; - networking.interfaces.wgbr.ipv4.addresses = [ - { - address = "10.8.1.7"; - prefixLength = 24; - } - ]; - imports = [ - ../container_config.nix - ../services/paperless.nix - ]; - - - # set up secret key - sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - secrets = { - smb_uname.sopsFile = ../../secrets/paperless/secrets.yaml; - smb_pass.sopsFile = ../../secrets/paperless/secrets.yaml; - }; - - templates."cifs-credentials".content = '' - username=${config.sops.placeholder.smb_uname} - password=${config.sops.placeholder.smb_pass} - ''; - }; - - # Mount paperless directory - environment.systemPackages = [ pkgs.cifs-utils ]; - systemd.tmpfiles.rules = [ - "d ${paperless_dir} 0777 paperless paperless 99999y" - ]; - fileSystems.${paperless_dir} = { - device = "//10.8.1.5/milo_paperless"; - fsType = "cifs"; - options = - let - # this line prevents hanging on network split - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - - in - [ - "${automount_opts}" - "credentials=${config.sops.templates."cifs-credentials".path}" - "uid=paperless,gid=paperless" - ]; - }; - - # Paperless needs the share to be mounted - systemd.user.services."paperless-web.service".requires = [ - "mnt-paperless_dir.mount" - ]; - systemd.user.services."paperless-scheduler.service".requires = [ - "mnt-paperless_dir.mount" - ]; -} - diff --git a/configs/services/wg_server.nix b/configs/services/wg_server.nix new file mode 100644 index 0000000..13e3be0 --- /dev/null +++ b/configs/services/wg_server.nix @@ -0,0 +1,60 @@ +{ lib, pkgs, config, ... }: +let wg_port = 51820; +in { + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = lib.mkDefault true; + "net.ipv6.conf.all.forwarding" = lib.mkDefault true; + }; + + # set up secret key + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets.wg_private_key = { + sopsFile = ../../secrets/wireguard/secrets.yaml; + }; + }; + + networking = { + firewall.allowedUDPPorts = [ wg_port ]; + firewall.rejectPackets = true; + firewall.trustedInterfaces = [ "wgbr" "wg0" ]; + interfaces.wgbr.ipv4 = { + routes = [ ]; + addresses = [ + { + address = "10.8.1.1"; + prefixLength = 24; + } + ]; + }; + + wg-quick.interfaces = { + wg0 = { + # Determines the IP address and subnet of the client's end of the tunnel interface. + address = [ "10.8.1.1/16" ]; + listenPort = wg_port; # to match firewall allowedUDPPorts (without this wg uses random port numbers) + + # Path to the private key file (see sops). + privateKeyFile = "/run/secrets/wg_private_key"; + + peers = [ + # For a client configuration, one peer entry for the server will suffice. + + { + # Public key of the server (not a file path). + publicKey = "AJ1nr0/w8OvsNq5Ju//m4856u7yY0hlPGMEGeZtlhlY="; + + # Forward all the traffic via VPN. + allowedIPs = [ "10.8.0.0/16" ]; + + # Set this to the server IP and port. + endpoint = "202.61.230.52:51820"; + + # Send keepalives every 25 seconds. Important to keep NAT tables alive. + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} diff --git a/configs/services/wireguard.nix b/configs/services/wireguard.nix index 13e3be0..a167a3e 100644 --- a/configs/services/wireguard.nix +++ b/configs/services/wireguard.nix @@ -10,7 +10,7 @@ in { sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; secrets.wg_private_key = { - sopsFile = ../../secrets/wireguard/secrets.yaml; + sopsFile = ../../secrets/wireguard/cube.yaml; }; }; diff --git a/flake.nix b/flake.nix index ac48600..741666f 100644 --- a/flake.nix +++ b/flake.nix @@ -12,17 +12,19 @@ specialArgs = { inherit inputs; }; }; - wireguard = import ./configs/containers/wg_container.nix; + wireguard = import ./configs/containers/cube/wg_container.nix; - zammad = import ./configs/containers/zammad_container.nix; + zammad = import ./configs/containers/cube/zammad_container.nix; - forgejo = import ./configs/containers/forgejo_container.nix; + forgejo = import ./configs/containers/cube/forgejo_container.nix; - mastodon = import ./configs/containers/mastodon_container.nix; + mastodon = import ./configs/containers/cube/mastodon_container.nix; - vikunja = import ./configs/containers/vikunja_container.nix; + vikunja = import ./configs/containers/cube/vikunja_container.nix; - nginx = import ./configs/containers/nginx_container.nix; + nginx = import ./configs/containers/netcup_pve/nginx_container.nix; + + wg_server = import ./configs/containers/netcup_pve/wg_server_container.nix; }; }; } diff --git a/secrets/all/secrets.yaml b/secrets/all/secrets.yaml index d24c757..4a45d15 100644 --- a/secrets/all/secrets.yaml +++ b/secrets/all/secrets.yaml @@ -4,96 +4,105 @@ sops: - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaWFLVVVrallkZEJGZkJm - bFBaNzkrRkU4MFVJZUxiSGZWdldSVGJLV2tNCnhod0g5emhQdExiMjhmb3Jxa2c0 - bStqbnN2UnE3S1RIbi9iU21ITWZ4NlUKLS0tIGVrYjFVbGNOUmFvSXFBQzNraW1T - bWdvTG90S1pvVHJ0NUFqd2FCemp5Sm8KuNksM73Cd9Z+ecMGpIAhJieozze37ThN - u8dLFFdnv2MWKqOvK99yNcUCvkKOY5VN2hCT+vfqt/9pek76eUaDog== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZ1huS29WQldXeTI0YjhS + NHB0TStqZ2Q0UTZRdnIyR0U5N1dld3VDRVN3CmxsMGxwY2tKWEVGRkVPdk9MWHdj + cHc1UG1kbUZHQ2VGU2xqejI1WEEzVzQKLS0tIFdxdm9wdit0UGVQSkxmQUxlTnNV + T2hwdHdvZXVDTzNZRGt3YWlqUCtOcEEK9uRwxAGZxS3dEUtmwOf8buol0K3sY14X + g64a7jWbtWsgltDbchs5WabpjQOPnvd5HP9fCc7rivtMQ1dzg2sJ6Q== -----END AGE ENCRYPTED FILE----- - recipient: age1jlt47gkctq7vfrykqlyg9um5mypy872pvtfql7kkpvhnemlex4mq89a3a8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbitVenBHYWswWlpKb3NG - SG5VVERDQkc2Um1GV1ZkN0xzeW1iWlpYR3pBClIvNWRqOFA1SjJPNENqWjVRaXZR - R3ZmSzJxcGhyNEN5eGk4SDdnTnFFcHMKLS0tIFA0cThkTGtxdjUvVjJKVGY2aU1n - WENOM0cxRmF2TlBmRXFqU3phU2tDSDAKOiT/zbpRRmiQstLAJw1Mip4eoZ/OuCAW - qeK7wczzwZOnAcfUOdgjjOBFy9prU/AdcfH0I3THASgrIG8xrmHSKg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMaXVKMVNBUEl4RTVXanE5 + QzlFNDdiM3VrOHhTTWR2dTFDSEc5ZGxOMTJnCng2K3dZb1hrODJqTEJyTXZ3NW9z + U3d2TXpWUWM0bTZYZmdyQ1ZCYjFnZEEKLS0tIFFpSUR4alR0QnJkV2haR1BUQW9q + d3U4MXhBOEo3OUs5RlhFQlJrMG5KT1kKm20+DM0YUnfpz/b4vnQk8URUBGb8IE/A + yuADRQnLaX+bZbn3NWfthXtNJk44odwcnVBXRXg95wSpPy4P8/ZUig== -----END AGE ENCRYPTED FILE----- - recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHc0RiYkN1eFpCaTFlVmpW - TEtyRUh1Ty8zTlZOMmVDTkFVOEJVTHhmTEJjCjhsdjZKQ210am1acEQyZ3pleVJ1 - ZlN5dWdqampvaWl2SnVsRFRFRGw5Vk0KLS0tIE1PV3RGMVZoMitDME00S1M4alZz - TEw1K2ZKaDBMQlhBcjRoSFc3Zk5MRjgKoktTEbB/HEKlcNiS8jYQ5GqqhoL6K2/J - sMW42vi1a4Dk/+dRAMsmVjhSZiROhSA+1XaMByLBCHOVSdFEcdNgGw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNytGbUZ3VGp3NXM3N09l + ZnQ3SWppUXd1bkMrdzVlckRuUkdEalgra3hjCkZtbTVaaUZhTU44RXYzYldhNmtZ + VWx2Yno1NWwzSTR4Y29tR0twTGJvZ2MKLS0tIGpRZGZSbkhDY0x4bjNQZmhUd0M1 + WW9Uclh5YVZPaEdKdG8wSFlIU3Fnc0kKuK47ES0P0haKTIRwHzop57DGntpbsOZu + eNBd19cpMgerEE0Xfj7Z6iey9IkY3RtszMZafWamZAnJQXpF/KA3ig== -----END AGE ENCRYPTED FILE----- - recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUFNuekl6cnBrb0h3cytV - V3Z4dnBuOGZ3SE5CNEp3V2Facisvb0tLUERnCjhuSU9MTnhnYThJQ0dIUzRmNzY5 - S1gzaTMxQUhoTXFTU0NXdThPT25Tck0KLS0tIE1uNVJaaHl4V0RmQWR0TzZ1SW0w - ckZMdVlkWHEvL0RPL3pyeStPNmtiMk0KbIhfCRvpRv+vVrqVfLpjEKdSs68GJ2NE - gbdqKRlnyPe+uZNpZmgP2sNH9QdJvGpvrnxQPZ4j/s7aIFhvHSYY1g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQm5zQ2RmTWRzSFI4OWJw + QU54SmFiZzlSRllvd2RTOXIwWnRyU1FPZnpRClJNMk1CRExhZk5VcHlBeWhDTmNp + UjVmbytNTlVVVW1Vc0VTSVZZYTRodmsKLS0tIFF5TktPNGI0ZHlMdTVrYTVoT1pi + d0pPV0oyYTRNZlRpZFBZSjVQMkxEemcK/N/a2myjrrv8L7CpxDrBhsiSU+hUMs/h + +DKVgFQX8vRuwsAJw+Y8X5T+I8fIj6rvPn5nb6OSJ/BDdDTHwYXE8Q== -----END AGE ENCRYPTED FILE----- - recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Q3JoZ2lPN2s4L0MrcGtn - MjM5ZjdMRzRKVXU5azdmY2kzOTMzUkYzeFdFCk5qbDFGQUtReDNDWUhKWjRaZzQx - NEZqWTkvd29sY2NJSTRWcDJBTC8rd1UKLS0tIGFPS1g2OEdmYmZvRE9jZC9oNG9X - andaVldXZS9Jc3FOTWdvbUhVVUtONU0KThDBMfftZBn7WeoIBx5CTv/hJtjvbXLA - +6KmZSoG3VPMzqdOy61s8RbZqwKMzeWl1ydHIvKcyvo2BmJSAZ/6CA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaXRCYWZ6WkM1NEdjb0N1 + UFNJYXRPSGpXbWh5TmtQSHJZWlBKMHhEdlFNCkVjaWtSMFlqZFdxbVJTZm90V0k2 + RVBhNlJqT29GcW9NdDlOWkxuRzdmNmcKLS0tIDVIb25FVlVqRzdQMGhJcFhkckVt + eWJNem1ubmUrbm9iSktGd2IvRmw2Y2cKfxGQ/dQsdNOkUZk+XPmdcdy3bWy3LU3G + vwo5yU9WKYmRy4Ag/pPPlhG4g+/x1nGVxTL2n5yTx7r9yIGMLeDGRw== -----END AGE ENCRYPTED FILE----- - recipient: age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRWMxSzR4eUJnMFpBOGRJ - RzRIczZxbUdjUHRoUU4zYytwcUlMZWE4Q1JZCklWNXh6WSthdXdZTHVoWHJjTlYr - Um5UMlM0TVBoTTEyaXlyYjVpbXVPYXcKLS0tIGVWRjhaZC9DaGgzOStaaU85ODlW - Zm5ZSDd3MGpFVmtZL0c0WWV1M0ZKT2cKOm+HUuHskz6RsQVsVW+OcRr90yBqeNa3 - PlgWRJ05uh8XETJVoZTkcbvyw7ZWWJzPzYCus1lWg1W9xVcsJwAn4Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTnEwWWw5amg5TXdhNTZF + YnBqTDIyWDdGd3Z3Y0wxdUFUdDVrT3RVaWw4CjBqSEgrd0ZKZ0libnFTUTZleVpo + cjlHL1BvenI1NVlGY0dCSTNiRERvZlEKLS0tIEhGWnlRcXFxUWRHQlpHUEp0QmZY + WHlsblZ3VE9UbSt1KytsWTQ4MFRpUTQKMw5z74qSTlq6EQCXbv630mr4M0jBPBF9 + b7K1jFF5VGXB3ESgjVpaDRW9ug9rfTIAyxhAzFjxHHl3M2/hKkUByA== -----END AGE ENCRYPTED FILE----- - recipient: age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bjVmS1BIK2k5UFZBSnlv - UXNmKzBsNU4yUVgrS05ta0c2VloxME9rUEIwCkRYM3ozVDZxallXRDVpMXpXelQ3 - cWMxbzllYXYwQ3BaVWxHTS94czFWUUEKLS0tICtObVczWlVSYlc2a1dib2Z5YVRx - TVl1TFk1bW9mNEN1ZURQdXZpVDNPWmcK2n2SyP1Hu+kQqJ8Qegu67olwBnAd8Bpz - 2who1jOs6/y7JSuXFTLKTkr60atqpjMwHRJbzL/0/jkij0fyVwmgEw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbllldG5DKyt3MlNjVWNu + dkpJTGppVGlZSDRaSGgvTkR1dVFzVWRwN1JrCis1ejJkek4vaW81OVFJb0lEWk1V + ZTlMNzJ0SEc5Um8wQlJuakhQRjMzc2sKLS0tIGZOOGpUcURXTXE2YzhvL0ZFZXdQ + Ujc2cnV1K1YrMlU4dytGRDJmK3VDWlEKWZ3a9WShCmviAgbzXOCqLi9LREMMPwSz + 8F3dTMaIxgB9ALcDoMng80eFpabU25eBp1zscQ8k4oudSe28mo0Dnw== -----END AGE ENCRYPTED FILE----- - recipient: age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTzZGMUQybitqcFpkcmFL - dnZXOGZCbTJMazZOM3FObXVSZGdpY0xCcTB3CmhnVDJ0OGxOVU1YZzV2Y05tV01r - aDBVcTdaSU5neUNMa3kxTkxiaTd6NTQKLS0tIEJVS2JpT2pQeGNuWTRvYUZCQ1Q1 - TWdOc0g3aEZRTTZCUXVVbCttWjNLcUkKUDAOEIGxztVtG+Y7hyZuedPTvCH25Nt2 - ECZpPN+QeMtwQ21eFC9v95RLrY97SV9TD5DgzZim06hgAcQq1ST2gg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzL0gyRzZFY0sxRVpLa0t1 + d0NIR3R5b0d6NUdaL00vZkFFdjBrck5FVVRRCk4waE8ydWkreHZNcS80dGtqVGVh + MjdWZmxOemtRQWlKdDFmVkpHODZqY0kKLS0tIGh2U1FJNW4rbWx0MGRPMkUzSFRn + TEJBaDd4RG91SlZkalo1eU1EQVROR0UKowKLTT/WyFzNnD0rdgCWVEjuZDYIoz4J + 5Il2kJy0OOyYD0ez5Kf0k7wouhAGSlib6jn4OGlrcmSOv6+5JTMK1w== + -----END AGE ENCRYPTED FILE----- + - recipient: age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q21kMkhnRWZoT1RsdnFl + cHlxdW9EL3dNU0tscUlKdng3d0p2VklVU0c0CjJDM2xScG9TdHhhbWJoUm5ya2lO + TXZFRlZlc3czR3NRQ2VOQ2xFaWxiOTQKLS0tIGdtQkt3b0pnMkpuRTQ4YTRRRDhC + a3BFa3QyU3RJMVBmRHRDVmJUVXZMZEkKm2ARYzkaf4U6StNqfGUIoGJr23gYYc3H + PoSmPPAS9EEmdxPfJ+MwK0Lb7gwCJ0nMwf6CBxzp4dRVhxGbW3+vjg== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-08-08T15:38:19Z" mac: ENC[AES256_GCM,data:IoqrJyCNad4/OFH6y24kYMwnkF3OWfsw77POg00btvw7FoPoaSJ76RySMs6hgWs202bDYSDi44OvbgCVeNPkhe9eyM0gwF0Gf0cE3wirc+qj2qfL9/lMOTZm02WymMglJf6xTcPo3BH00XryR7ptid9+WrB0S2aBVNlcXSBwpzY=,iv:aLI2SyUzWqp/4XFPhogq2vq/u47bs6Gmgc/PRMe+GmM=,tag:jVnW7EkqDRfQluGTiw0olA==,type:str] pgp: - - created_at: "2025-10-30T11:25:33Z" + - created_at: "2025-10-31T20:08:22Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzwtBoBqH5ZOARAAqVknm2mmAFX7nYejdt0rla0inc3/3dnDzVgwoAmMplTH - eI+3Ri43KRz5ohNxKqC4OtalOLdPC4uYo6J+zTY13vkGqJKrryOhdpISv2CABop5 - sHtykv1Qce2mFFn/MBHi6k75E8lyBV5WkTKhKEAi8CFRF53XeQdVk4omBhp5O1q2 - gBO2jo5gR36fHo5xUxeEd1sHGpdYTeKA7YQa2NhuZkL7xoRww1/Olc6oah3wyNX9 - aQHjqYbtbbt9W0VirdHk5FYQb4y1I3HYnbfzOC8e74Ae1ioGwgcS7wLHIChaDPuC - mKjtk/L+nFW+cLMZFykPN6+OHX2zNoNxgWP0u9RHtVxBPqrZixfMcdAA+5Oyab0h - 7u4KKCBcRYpzW1kKXebLzXn56bpiySWVEjS+6JNUU7y4CgIK7iGYLVZTzkVpC2NA - Zva+bje3lEb6Emhu2HBoUtzEzk097BfOeQKCaep5hZHOzh8TombOQRBG1E7gGXDZ - HlQCOdCvJR73Xpl9vXBBSNyykUN6wPZtoJhbcRL/TtAA3wV+IhNJ2tNUxj8qaCVb - Q7zmNOU1OqcSBbXjIPs9zZGizA1mEKPGCwQULuztt7x83y9e1VK+EAs2hd7dc3V/ - va96T17jgcvknhneen2LBgbwbaQLYljnl2nAyPWVlhnXonReN1XwPG9VrSOGsQvS - XgHwxNiW3AtttmLDIC4pWfFuL81dHmtuGyUxQrkVVbH6Q7zKGkKyFDAGu5IkvCRj - 5TSuPUAkfITvdi8U2cgBcBfGUsah5hb1S1aFsNrgTxtvchENR/6lJu8/xatIrVE= - =xCKw + hQIMAzwtBoBqH5ZOARAAuXkdBPigYqSNhd6iO8RNlvz/x0DLIi4DXKBb9cIaYnWU + plHRxDTAQIWYi8TRPWc0tsFVn6h2U0TuC/wBYJQJNtCJVfD6YtJAEoiWG84EwnJ+ + CNeCTfgd8Opni93X2buRtGiibwVPJSeBsTFj9cPcdOwoFSHVP2HnIRF/V8RTzSv6 + PAbbDdl31CoaxMvAxB4RK4zcACoRQjBtg3JnU/JKaisiVpG9hrdP/XxffDcgxlCF + oXtNEr/fB/HpE6Rs0NEMJWfd/jBnklywo6tV9PUlmVuALMOlVD7VUP2HL55G0JEu + 1X5wcPKHAfQ9MHkJPvc8IhbP582xqza9RZNJV9qFVuteQVVX4eTgFdH1TalpGTwa + pvWAZEal0VPIF00Bzmvu9LCeG5NXcvKouAy/+qViXtcMO4fcluzZN1mVVbbh56DH + Av/21Xnc+pkBKl3O7jBwYozg2PJuNjetRiOcJTaHp5O/LkZCHJrKj1RGaZVmJPyU + pw3SZe8HvP8MnsgkcPxhBglqiiPDMaHCsUFFwEbas1jjZTkI0AtLTIuNNs6us/j+ + 5yKe23TJDPUev/mdr5ziwjVy56V50oElwIxsETybgOSYU1ErK1Hee7bdRvOstaVe + s8tT9X1MI3woYJ6j77pEp0CpLZy6n0q2Qv0on0ZLXsAt3QZhGGguipZh9VXvgT7S + XgH0rGqUFwcL3MG10IL1znHCyjBx415dDVmx6w8TYv82FYsY/Y39BNk50bW1gz4l + VfASFvk2QpcU3jzqPzgNeVyBCUZBuQYzsr327LNDM0uobZjrKZICBWLUt5O7sRE= + =+lQp -----END PGP MESSAGE----- fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83 unencrypted_suffix: _unencrypted diff --git a/secrets/wireguard/secrets.yaml b/secrets/wireguard/cube.yaml similarity index 100% rename from secrets/wireguard/secrets.yaml rename to secrets/wireguard/cube.yaml