m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re:master
Branches Tags
m3tam3re:master
..
compare: m3tam3re:037df324fd0a12e575513b929a17a9b5470a8163
Branches Tags
m3tam3re:master

2 Commits
master ... 037df324fd

Author SHA1 Message Date
m3tm3re
037df324fd secrets: add basecamp-env.age 2026-01-12 18:06:23 +01:00
m3tm3re
80a58c9df8 refactor(opencode): migrate basecamp mcp to module 2026-01-12 18:02:44 +01:00
85 changed files with 996 additions and 1756 deletions
Expand all files Collapse all files

0
.beads/.sync.lock
View File

1
.beads/issues.jsonl
View File

@@ -1,2 +1 @@
{"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"} {"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
{"id":"nixos-config-n4l","title":"Create Gitea action for nix-update package updates","description":"Create a Gitea action to automatically update packages in this nixos-config repository using nix-update.\n\n**Context:**\n- Gitea instance is already running on m3-atlas at code.m3ta.dev (configured in hosts/m3-atlas/services/gitea.nix)\n- The repository is self-hosted on this Gitea instance\n- nix-update is already referenced in home/features/cli/default.nix\n- Currently no Gitea workflows exist (.gitea/ directory does not exist)\n\n**Goal:**\nAutomate package updates by creating a Gitea Actions workflow that:\n1. Runs nix-update periodically (e.g., weekly or on schedule)\n2. Updates package definitions in pkgs/ directory\n3. Creates pull requests with the updates\n4. Uses appropriate secrets/credentials for the Gitea instance\n\n**Requirements:**\n- Create .gitea/workflows/ directory structure\n- Define workflow file with nix-update command\n- Configure triggers (schedule, manual, or on repository events)\n- Set up proper permissions and secrets\n- Test the workflow execution\n\n**Current Repository State:**\n- pkgs/default.nix exists but is minimal (currently just a comment)\n- Multiple nixpkgs inputs are used (unstable, 25.11, locked, master)\n- Custom m3ta-nixpkgs overlay at code.m3ta.dev/m3tam3re/nixpkgs\n- Uses agenix for secrets management\n\n**Related Files:**\n- hosts/m3-atlas/services/gitea.nix (existing Gitea configuration)\n- hosts/common/ports.nix (port management)\n- home/features/cli/default.nix (nix-update reference)\n\n**Acceptance Criteria:**\n- [ ] Create .gitea/workflows directory\n- [ ] Implement nix-update workflow YAML\n- [ ] Configure appropriate triggers\n- [ ] Test workflow on the repository\n- [ ] Document setup and configuration","status":"closed","priority":2,"issue_type":"feature","owner":"p@m3ta.dev","created_at":"2026-01-13T20:39:49.838916335+01:00","created_by":"m3tm3re","updated_at":"2026-01-13T20:51:43.833041989+01:00","closed_at":"2026-01-13T20:51:43.833041989+01:00","close_reason":"Closed"}

2
.beads/sync_base.jsonl
View File

@@ -1,2 +0,0 @@
{"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
{"id":"nixos-config-n4l","title":"Create Gitea action for nix-update package updates","description":"Create a Gitea action to automatically update packages in this nixos-config repository using nix-update.\n\n**Context:**\n- Gitea instance is already running on m3-atlas at code.m3ta.dev (configured in hosts/m3-atlas/services/gitea.nix)\n- The repository is self-hosted on this Gitea instance\n- nix-update is already referenced in home/features/cli/default.nix\n- Currently no Gitea workflows exist (.gitea/ directory does not exist)\n\n**Goal:**\nAutomate package updates by creating a Gitea Actions workflow that:\n1. Runs nix-update periodically (e.g., weekly or on schedule)\n2. Updates package definitions in pkgs/ directory\n3. Creates pull requests with the updates\n4. Uses appropriate secrets/credentials for the Gitea instance\n\n**Requirements:**\n- Create .gitea/workflows/ directory structure\n- Define workflow file with nix-update command\n- Configure triggers (schedule, manual, or on repository events)\n- Set up proper permissions and secrets\n- Test the workflow execution\n\n**Current Repository State:**\n- pkgs/default.nix exists but is minimal (currently just a comment)\n- Multiple nixpkgs inputs are used (unstable, 25.11, locked, master)\n- Custom m3ta-nixpkgs overlay at code.m3ta.dev/m3tam3re/nixpkgs\n- Uses agenix for secrets management\n\n**Related Files:**\n- hosts/m3-atlas/services/gitea.nix (existing Gitea configuration)\n- hosts/common/ports.nix (port management)\n- home/features/cli/default.nix (nix-update reference)\n\n**Acceptance Criteria:**\n- [ ] Create .gitea/workflows directory\n- [ ] Implement nix-update workflow YAML\n- [ ] Configure appropriate triggers\n- [ ] Test workflow on the repository\n- [ ] Document setup and configuration","status":"closed","priority":2,"issue_type":"feature","owner":"p@m3ta.dev","created_at":"2026-01-13T20:39:49.838916335+01:00","created_by":"m3tm3re","updated_at":"2026-01-13T20:51:43.833041989+01:00","closed_at":"2026-01-13T20:51:43.833041989+01:00","close_reason":"Closed"}

26
.gitignore vendored
View File

@@ -1,26 +0,0 @@
# Sisyphus work session data
.sisyphus/
# Editor files
*~
.*.swp
.*.swo
.*.swx
# Build artifacts
result
result-*
.direnv/
# IDE
.vscode/
.idea/
*.iml
# OS
.DS_Store
Thumbs.db
# Opencode rules
.opencode-rules
opencode.json

327
flake.lock generated
View File

@@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1762618334,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -24,11 +24,11 @@
"agents": { "agents": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772563257, "lastModified": 1767965833,
"narHash": "sha256-hp6Q8TVP9xZeBFgZm51ndCacmVZxucZzLtj12pzD6c0=", "narHash": "sha256-8tKEfJU4bxlgPJwUTUDQkVJMbwWQMiYt+moLjMIFeVY=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "39ac89f388532e9a7629808037791c64cd5fc13c", "rev": "3e20c82603a4ddedf04ff001adf943723a49dc37",
"revCount": 63, "revCount": 7,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS" "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}, },
@@ -53,65 +53,6 @@
"type": "github" "type": "github"
} }
}, },
"blueprint": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
]
},
"locked": {
"lastModified": 1771437256,
"narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=",
"owner": "numtide",
"repo": "blueprint",
"rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "blueprint",
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": [
"llm-agents",
"flake-parts"
],
"import-tree": "import-tree",
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
],
"treefmt-nix": [
"llm-agents",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1770895533,
"narHash": "sha256-v3QaK9ugy9bN9RXDnjw0i2OifKmz2NnKM82agtqm/UY=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "c843f477b15f51151f8c6bcc886954699440a6e1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "bun2nix",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -141,11 +82,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772867152, "lastModified": 1766150702,
"narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=", "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "eaafb89b56e948661d618eefd4757d9ea8d77514", "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -155,27 +96,6 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@@ -242,11 +162,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772845525, "lastModified": 1767930051,
"narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", "narHash": "sha256-YXtqo8h5bAbqC64XAPMMsZdYk8XkwkyNj/7XOsIyVf8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", "rev": "297a08510894822ddd93ee2cfc66d6ac65a3cebb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -282,7 +202,7 @@
"rose-pine-hyprcursor", "rose-pine-hyprcursor",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_4" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1709914708, "lastModified": 1709914708,
@@ -318,57 +238,16 @@
"type": "github" "type": "github"
} }
}, },
"import-tree": {
"locked": {
"lastModified": 1763762820,
"narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
"owner": "vic",
"repo": "import-tree",
"rev": "3c23749d8013ec6daa1d7255057590e9ca726646",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"llm-agents": {
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_3",
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772864581,
"narHash": "sha256-+AiWgqbKkjU1W/S/U7ktSoScMa4+z9APtJx+3gEDcCQ=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "856b24f862d0a19b7764f35ee9a7546309e605a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "llm-agents.nix",
"type": "github"
}
},
"m3ta-nixpkgs": { "m3ta-nixpkgs": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3"
"nixpkgs-master": "nixpkgs-master",
"opencode": "opencode",
"openspec": "openspec"
}, },
"locked": { "locked": {
"lastModified": 1772876766, "lastModified": 1768068765,
"narHash": "sha256-PiikuOqrjyzTAqUbnUwIKCr9+YvKX0xTRZ4q0srkQKU=", "narHash": "sha256-02ZFGjzZxoba0PSeStMyHHe1GPiCUh3Ve6zltevw0RE=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "291e3a0744d4a0192654c8afdbe3d1636c9c0890", "rev": "00b858fbbed6d2ad9e9a4303bdbe96dc249c5e22",
"revCount": 156, "revCount": 31,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs" "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
}, },
@@ -414,14 +293,14 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1769813415, "lastModified": 1764234087,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "8946737ff703382fda7623b9fab071d037e897d5", "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -511,27 +390,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1772847790, "lastModified": 1767950769,
"narHash": "sha256-lEK3FqujT4UPgk31wI90scsZQK+I1GaLa61SOQ2Jirc=", "narHash": "sha256-oT4Tj7O9361bmMbPwuAcH2zgj2fUZao7F32Bkah+AmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9724b991f92022aafa14b3610840f9742752227d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master_2": {
"locked": {
"lastModified": 1772874821,
"narHash": "sha256-ehnRKCc/qq0hjyi5aaE/H4RPUPfSDqjndWqAGZFesfY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10e7894b40eb0ad14d3a3184d20cc1beace1414d", "rev": "3cf525869eaad0c4105795523d158d6985d40885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -543,11 +406,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1772598333, "lastModified": 1767799921,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=", "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239", "rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -575,27 +438,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1772736753, "lastModified": 1766309749,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846", "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -605,7 +452,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1736657626, "lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
@@ -621,13 +468,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1772624091, "lastModified": 1767767207,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -637,7 +484,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1710272261, "lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=", "narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
@@ -655,17 +502,17 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1772875192, "lastModified": 1767950946,
"narHash": "sha256-R706OBJ+nMQsVP2Dni+FaG3UDfhlE2zR4rz+YGnEi8I=", "narHash": "sha256-1uAvkp3rbtF4fdjiiXfGydNOLFcG6J0/LXbHFgQLxKY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "2b3f4e0a0eea5a32dc78204fefba15ee83d437d3", "rev": "3fabc71263f7765c342740db5360a2308ece715d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -674,49 +521,6 @@
"type": "github" "type": "github"
} }
}, },
"opencode": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
"nixpkgs-master"
]
},
"locked": {
"lastModified": 1772782174,
"narHash": "sha256-FBmF7/uwZYY/qY1252Hz+XhXdE+Qp5axySAy5Jw7XUQ=",
"owner": "anomalyco",
"repo": "opencode",
"rev": "6c7d968c4423a0cd6c85099c9377a6066313fa0a",
"type": "github"
},
"original": {
"owner": "anomalyco",
"ref": "v1.2.20",
"repo": "opencode",
"type": "github"
}
},
"openspec": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772182342,
"narHash": "sha256-9Q0iUyZGcDPLdgvnrBN3GumV8g9akV8TFb8bFkD1yYs=",
"owner": "Fission-AI",
"repo": "OpenSpec",
"rev": "afdca0d5dab1aa109cfd8848b2512333ccad60c3",
"type": "github"
},
"original": {
"owner": "Fission-AI",
"repo": "OpenSpec",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@@ -724,15 +528,14 @@
"disko": "disko", "disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprpanel": "hyprpanel", "hyprpanel": "hyprpanel",
"llm-agents": "llm-agents",
"m3ta-nixpkgs": "m3ta-nixpkgs", "m3ta-nixpkgs": "m3ta-nixpkgs",
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_5",
"nixpkgs-45570c2": "nixpkgs-45570c2", "nixpkgs-45570c2": "nixpkgs-45570c2",
"nixpkgs-9e58ed7": "nixpkgs-9e58ed7", "nixpkgs-9e58ed7": "nixpkgs-9e58ed7",
"nixpkgs-locked": "nixpkgs-locked", "nixpkgs-locked": "nixpkgs-locked",
"nixpkgs-master": "nixpkgs-master_2", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nur": "nur", "nur": "nur",
"rose-pine-hyprcursor": "rose-pine-hyprcursor" "rose-pine-hyprcursor": "rose-pine-hyprcursor"
@@ -741,7 +544,7 @@
"rose-pine-hyprcursor": { "rose-pine-hyprcursor": {
"inputs": { "inputs": {
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_6",
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
@@ -789,21 +592,6 @@
} }
}, },
"systems_3": { "systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -818,7 +606,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": { "systems_4": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -833,30 +621,9 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772660329,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,

78
flake.nix
View File

@@ -24,8 +24,6 @@
m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
# m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs"; # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
llm-agents.url = "github:numtide/llm-agents.nix";
# #
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
@@ -38,14 +36,16 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-generators = {url = "github:nix-community/nixos-generators";}; nixos-generators = {
url = "github:nix-community/nixos-generators";
};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor"; rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
agents = { agents = {
# url = "path:/home/m3tam3re/p/AI/AGENTS"; # url = "path:/home/m3tam3re/p/MISC/AGENTS";
url = "git+https://code.m3ta.dev/m3tam3re/AGENTS"; url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
flake = false; flake = false;
}; };
@@ -58,7 +58,6 @@
nixpkgs, nixpkgs,
m3ta-nixpkgs, m3ta-nixpkgs,
nur, nur,
agents,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@@ -80,7 +79,6 @@
m3-ares = nixpkgs.lib.nixosSystem { m3-ares = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-ares"; hostname = "m3-ares";
}; };
modules = [ modules = [
@@ -90,10 +88,7 @@
]; ];
}; };
m3-atlas = nixpkgs.lib.nixosSystem { m3-atlas = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {inherit inputs outputs;};
inherit inputs outputs;
system = "x86_64-linux";
};
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./hosts/m3-atlas ./hosts/m3-atlas
@@ -105,7 +100,6 @@
m3-kratos = nixpkgs.lib.nixosSystem { m3-kratos = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-kratos"; hostname = "m3-kratos";
}; };
modules = [ modules = [
@@ -116,10 +110,7 @@
]; ];
}; };
m3-helios = nixpkgs.lib.nixosSystem { m3-helios = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {inherit inputs outputs;};
inherit inputs outputs;
system = "x86_64-linux";
};
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./hosts/m3-helios ./hosts/m3-helios
@@ -134,61 +125,26 @@
pkgs = nixpkgs.legacyPackages."x86_64-linux"; pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs; inherit inputs outputs;
system = "x86_64-linux";
hostname = "m3-daedalus"; hostname = "m3-daedalus";
}; };
modules = [./home/m3tam3re/m3-daedalus.nix]; modules = [./home/m3tam3re/m3-daedalus.nix];
}; };
}; };
devShells = forAllSystems (system: let devShells.x86_64-linux.infraShell = let
pkgs = import nixpkgs { pkgs = nixpkgs.legacyPackages.x86_64-linux;
inherit system; in
config.allowUnfree = true; # Allow unfree packages in devShell pkgs.mkShell {
};
m3taLib = m3ta-nixpkgs.lib.x86_64-linux;
rules = m3taLib.opencode-rules.mkOpencodeRules {
inherit agents;
languages = ["nix"];
};
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
alejandra opentofu
nixd nixos-anywhere
openssh
agenix.packages.${system}.default
]; ];
inherit (rules) instructions;
shellHook = '' shellHook = ''
${rules.shellHook} echo "Infrastructure Management Shell"
echo "======================================" echo "Commands:"
echo "🧑🚀 Nix Development Shell with Opencode Rules" echo " - cd infra/proxmox && tofu init"
echo "======================================" echo " - tofu plan"
echo "" echo " - tofu apply"
echo "Active rules:"
echo " - Nix language conventions"
echo " - Coding-style best practices"
echo " - Naming conventions"
echo " - Documentation standards"
echo " - Testing guidelines"
echo " - Git workflow patterns"
echo " - Project structure guidelines"
echo ""
echo "Generated files:"
echo " - .opencode-rules/ (symlink to AGENTS repo)"
echo " - opencode.json (configuration file)"
echo ""
echo "Useful commands:"
echo " - cat opencode.json View rules configuration"
echo " - ls .opencode-rules/ Browse available rules"
echo " - nix develop Re-enter this shell"
echo ""
echo "Remember to add to .gitignore:"
echo " .opencode-rules"
echo " opencode.json"
echo "======================================"
''; '';
}; };
});
}; };
} }

3
home/common/default.nix
View File

@@ -3,7 +3,6 @@
lib, lib,
outputs, outputs,
pkgs, pkgs,
system,
... ...
}: { }: {
imports = [ imports = [
@@ -25,7 +24,7 @@
inputs.nur.overlays.default inputs.nur.overlays.default
inputs.m3ta-nixpkgs.overlays.default inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications inputs.m3ta-nixpkgs.overlays.modifications
(outputs.overlays.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes: # You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default # neovim-nightly-overlay.overlays.default

2
home/features/cli/default.nix
View File

@@ -222,8 +222,6 @@
rocmPackages.rocm-smi rocmPackages.rocm-smi
rocmPackages.rocminfo rocmPackages.rocminfo
rocmPackages.rocm-runtime rocmPackages.rocm-runtime
sqlite
sqlite-vec
tldr tldr
pomodoro-timer pomodoro-timer
trash-cli trash-cli

1
home/features/cli/nushell.nix
View File

@@ -68,7 +68,6 @@ in {
] ]
} }
# Aliases
alias .. = cd .. alias .. = cd ..
alias ... = cd ... alias ... = cd ...
alias h = cd $env.HOME alias h = cd $env.HOME

13
home/features/coding/default.nix
View File

@@ -5,13 +5,14 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
agenix-cli agenix-cli
alejandra alejandra
beads
bc bc
bun bun
claude-code
devpod devpod
#devpod-desktop #devpod-desktop
code2prompt code2prompt
gnumake nur.repos.charmbracelet.crush
cmake
(python3.withPackages (ps: (python3.withPackages (ps:
with ps; [ with ps; [
pip pip
@@ -24,16 +25,8 @@
])) ]))
pyrefly pyrefly
nixd nixd
nodejs
opencode-desktop
(qmd.override {
vulkanSupport = true;
cudaSupport = false;
})
alejandra alejandra
sidecar
tailwindcss tailwindcss
tailwindcss-language-server tailwindcss-language-server
td
]; ];
} }

320
home/features/coding/opencode.nix
View File

@@ -1,7 +1,10 @@
{inputs, ...}: { { inputs, ... }: {
imports =
[ "${inputs.m3ta-nixpkgs}/modules/home-manager/coding/basecamp-mcp.nix" ];
xdg.configFile = { xdg.configFile = {
"opencode/commands" = { "opencode/command" = {
source = "${inputs.agents}/commands"; source = "${inputs.agents}/command";
recursive = true; recursive = true;
}; };
"opencode/context" = { "opencode/context" = {
@@ -12,28 +15,28 @@
source = "${inputs.agents}/prompts"; source = "${inputs.agents}/prompts";
recursive = true; recursive = true;
}; };
"opencode/skills" = { "opencode/skill" = {
source = "${inputs.agents}/skills"; source = "${inputs.agents}/skill";
recursive = true;
};
"opencode/rules" = {
source = "${inputs.agents}/rules";
recursive = true; recursive = true;
}; };
}; };
m3ta.coding.opencode.mcp.basecamp = {
enable = true;
envFile = "/run/agenix/basecamp-env";
};
programs.opencode = { programs.opencode = {
enable = true; enable = true;
settings = { settings = {
theme = "opencode"; theme = "opencode";
plugin = ["oh-my-opencode" "opencode-antigravity-auth@beta"]; plugin =
agent = [ "oh-my-opencode" "opencode-beads" "opencode-antigravity-auth@beta" ];
builtins.fromJSON agent = builtins.fromJSON
(builtins.readFile "${inputs.agents}/agents/agents.json"); (builtins.readFile "${inputs.agents}/agent/agents.json");
formatter = { formatter = {
alejandra = { alejandra = {
command = ["alejandra" "-q" "-"]; command = [ "alejandra" "-q" "-" ];
extensions = [".nix"]; extensions = [ ".nix" ];
}; };
}; };
mcp = { mcp = {
@@ -55,19 +58,6 @@
]; ];
enabled = false; enabled = false;
}; };
Basecamp = {
type = "local";
command = [
"/home/m3tam3re/p/AI/Basecamp-MCP-Server/venv/bin/python"
"/home/m3tam3re/p/AI/Basecamp-MCP-Server/basecamp_fastmcp.py"
];
environment = {
PYTHONPATH = "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server";
VIRTUAL_ENV = "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server/venv";
BASECAMP_ACCOUNT_ID = "5996442";
};
enabled = false;
};
Exa = { Exa = {
type = "local"; type = "local";
command = [ command = [
@@ -77,53 +67,125 @@
]; ];
enabled = true; enabled = true;
}; };
Outline = {
type = "local";
command = [
"sh"
"-c"
"OUTLINE_API_KEY=$(cat /run/agenix/outline-key) OUTLINE_API_URL=https://wiki.az-gruppe.com/api OUTLINE_DISABLE_DELETE=true exec uv tool run mcp-outline"
];
enabled = false;
};
}; };
provider = { provider = {
litellm = { google = {
npm = "@ai-sdk/openai-compatible";
name = "LiteLLM (AZ-Gruppe)";
options.baseURL = "https://llm.az-gruppe.com/v1";
models = { models = {
"gpt-5.2" = { "antigravity-gemini-3-pro" = {
name = "GPT-5.2"; name = "Gemini 3 Pro (Antigravity)";
limit = { limit = {
context = 200000; context = 1048576;
output = 16384; output = 65535;
}; };
modalities = { modalities = {
input = ["text" "image"]; input = [ "text" "image" "pdf" ];
output = ["text"]; output = [ "text" ];
};
variants = {
low = { thinkingLevel = "low"; };
high = { thinkingLevel = "high"; };
}; };
}; };
"claude-sonnet-4-6" = { "antigravity-gemini-3-flash" = {
name = "Claude Sonnet 4.6"; name = "Gemini 3 Flash (Antigravity)";
limit = { limit = {
context = 200000; context = 1048576;
output = 16000; output = 65536;
}; };
modalities = { modalities = {
input = ["text" "image"]; input = [ "text" "image" "pdf" ];
output = ["text"]; output = [ "text" ];
};
variants = {
minimal = { thinkingLevel = "minimal"; };
low = { thinkingLevel = "low"; };
medium = { thinkingLevel = "medium"; };
high = { thinkingLevel = "high"; };
}; };
}; };
"claude-opus-4-6" = { "antigravity-claude-sonnet-4-5" = {
name = "Claude Opus 4.6"; name = "Claude Sonnet 4.5 (no thinking) (Antigravity)";
limit = { limit = {
context = 200000; context = 200000;
output = 32000; output = 64000;
}; };
modalities = { modalities = {
input = ["text" "image"]; input = [ "text" "image" "pdf" ];
output = ["text"]; output = [ "text" ];
};
};
"antigravity-claude-sonnet-4-5-thinking" = {
name = "Claude Sonnet 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [ "text" "image" "pdf" ];
output = [ "text" ];
};
variants = {
low = { thinkingConfig = { thinkingBudget = 8192; }; };
max = { thinkingConfig = { thinkingBudget = 32768; }; };
};
};
"antigravity-claude-opus-4-5-thinking" = {
name = "Claude Opus 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [ "text" "image" "pdf" ];
output = [ "text" ];
};
variants = {
low = { thinkingConfig = { thinkingBudget = 8192; }; };
max = { thinkingConfig = { thinkingBudget = 32768; }; };
};
};
"gemini-2.5-flash" = {
name = "Gemini 2.5 Flash (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [ "text" "image" "pdf" ];
output = [ "text" ];
};
};
"gemini-2.5-pro" = {
name = "Gemini 2.5 Pro (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [ "text" "image" "pdf" ];
output = [ "text" ];
};
};
"gemini-3-flash-preview" = {
name = "Gemini 3 Flash Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [ "text" "image" "pdf" ];
output = [ "text" ];
};
};
"gemini-3-pro-preview" = {
name = "Gemini 3 Pro Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [ "text" "image" "pdf" ];
output = [ "text" ];
}; };
}; };
}; };
@@ -133,37 +195,125 @@
}; };
home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON { home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON {
"$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json"; "$schema" =
# google_auth removed - use opencode-antigravity-auth plugin instead (already in plugin array) "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
agents = { agents = {
sisyphus = {model = "zai-coding-plan/glm-5";}; Sisyphus = {
oracle = {model = "zai-coding-plan/glm-5";}; model = "opencode/glm-4.7-free";
librarian = {model = "zai-coding-plan/glm-5";}; permission = {
explore = {model = "zai-coding-plan/glm-4.5-air";}; edit = "allow";
multimodal-looker = {model = "zai-coding-plan/glm-4.6v";}; bash = {
prometheus = {model = "zai-coding-plan/glm-5";}; "*" = "allow";
metis = {model = "zai-coding-plan/glm-5";}; "rm *" = "ask";
momus = {model = "zai-coding-plan/glm-5";}; "rmdir *" = "ask";
atlas = {model = "zai-coding-plan/glm-5";}; "mv *" = "ask";
"chmod *" = "ask";
"chown *" = "ask";
"git *" = "ask";
"git status*" = "allow";
"git log*" = "allow";
"git diff*" = "allow";
"git branch*" = "allow";
"git show*" = "allow";
"git stash list*" = "allow";
"git remote -v" = "allow";
"git add *" = "allow";
"git commit *" = "allow";
"jj *" = "ask";
"jj status" = "allow";
"jj log*" = "allow";
"jj diff*" = "allow";
"jj show*" = "allow";
"npm *" = "ask";
"npx *" = "ask";
"bun *" = "ask";
"bunx *" = "ask";
"uv *" = "ask";
"pip *" = "ask";
"pip3 *" = "ask";
"yarn *" = "ask";
"pnpm *" = "ask";
"cargo *" = "ask";
"go *" = "ask";
"make *" = "ask";
"dd *" = "deny";
"mkfs*" = "deny";
"fdisk *" = "deny";
"parted *" = "deny";
"eval *" = "deny";
"source *" = "deny";
"curl *|*sh" = "deny";
"wget *|*sh" = "deny";
"sudo *" = "deny";
"su *" = "deny";
"systemctl *" = "deny";
"service *" = "deny";
"shutdown *" = "deny";
"reboot*" = "deny";
"init *" = "deny";
"> /dev/*" = "deny";
"cat * > /dev/*" = "deny";
}; };
categories = { external_directory = "ask";
visual-engineering = {model = "zai-coding-plan/glm-5";}; doom_loop = "ask";
ultrabrain = {model = "zai-coding-plan/glm-5";};
artistry = {model = "zai-coding-plan/glm-5";};
quick = {model = "zai-coding-plan/glm-5";};
unspecified-low = {model = "zai-coding-plan/glm-5";};
unspecified-high = {model = "zai-coding-plan/glm-5";};
writing = {model = "zai-coding-plan/glm-5";};
}; };
disabled_mcps = ["context7" "websearch"];
disabled_hooks = ["comment-checker"];
git_master = {
commit_footer = false;
include_co_authored_by = false;
}; };
experimental = { librarian = {
truncate_all_tool_outputs = true; model = "opencode/glm-4.7-free";
aggressive_truncation = false; permission = {
edit = "deny";
bash = "deny";
}; };
}; };
explore = {
model = "opencode/glm-4.7-free";
permission = {
edit = "deny";
bash = "deny";
};
};
oracle = {
model = "opencode/glm-4.7-free";
permission = {
edit = "deny";
bash = "deny";
};
};
frontend-ui-ux-engineer = {
model = "opencode/glm-4.7-free";
permission = {
edit = "allow";
bash = {
"*" = "ask";
"npm *" = "ask";
"npx *" = "ask";
"bun *" = "ask";
"bunx *" = "ask";
"rm *" = "ask";
"mv *" = "ask";
"dd *" = "deny";
"mkfs*" = "deny";
"sudo *" = "deny";
"curl *|*sh" = "deny";
"wget *|*sh" = "deny";
};
};
};
document-writer = {
model = "opencode/glm-4.7-free";
permission = {
edit = "allow";
bash = "deny";
};
};
multimodal-looker = {
model = "opencode/glm-4.7-free";
permission = {
edit = "deny";
bash = "deny";
};
};
};
disabled_mcps = [ "context7" "websearch" ];
};
} }

2
home/features/desktop/default.nix
View File

@@ -10,7 +10,6 @@
./gaming.nix ./gaming.nix
./hyprland.nix ./hyprland.nix
./media.nix ./media.nix
./obsidian.nix
./office.nix ./office.nix
./rofi.nix ./rofi.nix
./theme.nix ./theme.nix
@@ -128,6 +127,7 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
appimage-run appimage-run
stable.anytype
# blueberry # blueberry
bemoji bemoji
brave brave

4
home/features/desktop/hyprland.nix
View File

@@ -31,7 +31,6 @@ in {
"XDG_CURRENT_DESKTOP,Hyprland" "XDG_CURRENT_DESKTOP,Hyprland"
"XDG_SESSION_TYPE,wayland" "XDG_SESSION_TYPE,wayland"
"XDG_SESSION_DESKTOP,Hyprland" "XDG_SESSION_DESKTOP,Hyprland"
"NIXOS_OZONE_WL,1"
]; ];
input = { input = {
@@ -122,7 +121,6 @@ in {
"match:title branchdialog, float on" "match:title branchdialog, float on"
"match:class pavucontrol-qt, float on" "match:class pavucontrol-qt, float on"
"match:class pavucontrol, float on" "match:class pavucontrol, float on"
"match:class class:^(espanso)$, float on"
# wlogout # wlogout
"match:class wlogout, fullscreen on" "match:class wlogout, fullscreen on"
"match:title wlogout, float on" "match:title wlogout, float on"
@@ -164,7 +162,7 @@ in {
"$mainMod SHIFT, t, exec, launch-timer" "$mainMod SHIFT, t, exec, launch-timer"
"$mainMod, n, exec, $terminal -e nvim" "$mainMod, n, exec, $terminal -e nvim"
"$mainMod, z, exec, uwsm app -- zeditor" "$mainMod, z, exec, uwsm app -- zeditor"
"$mainMod, o, exec, hyprctl dispatch setprop activewindow opaque toggle" "$mainMod, o, exec, hyprctl setprop activewindow opaque toggle"
"$mainMod, r, exec, hyprctl dispatch focuswindow \"initialtitle:.*alert-box.*\" && hyprctl dispatch moveactive exact 4300 102 && hyprctl dispatch focuswindow \"initialtitle:.*chat-box.*\" && hyprctl dispatch moveactive exact 4300 512" "$mainMod, r, exec, hyprctl dispatch focuswindow \"initialtitle:.*alert-box.*\" && hyprctl dispatch moveactive exact 4300 102 && hyprctl dispatch focuswindow \"initialtitle:.*chat-box.*\" && hyprctl dispatch moveactive exact 4300 512"
"$mainMod, b, exec, uwsm app -- thunar" "$mainMod, b, exec, uwsm app -- thunar"
"$mainMod SHIFT, B, exec, uwsm app -- vivaldi" "$mainMod SHIFT, B, exec, uwsm app -- vivaldi"

6
home/features/desktop/media.nix
View File

@@ -19,22 +19,22 @@ in {
amf amf
blueberry blueberry
ffmpeg_6-full ffmpeg_6-full
gimp
gst_all_1.gstreamer gst_all_1.gstreamer
gst_all_1.gst-vaapi gst_all_1.gst-vaapi
handbrake handbrake
inkscape inkscape
kdePackages.kdenlive kdePackages.kdenlive
krita
libation libation
#makemkv #makemkv
pamixer pamixer
pavucontrol pavucontrol
qpwgraph qpwgraph
v4l-utils v4l-utils
plexamp #plexamp
# uxplay # uxplay
# vlc # vlc
webcord # webcord
# yt-dlp # yt-dlp
unimatrix unimatrix
]; ];

25
home/features/desktop/obsidian.nix
View File

@@ -1,25 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.obsidian;
in {
options.features.desktop.obsidian.enable =
mkEnableOption "enable Obsidian knowledge base";
config = mkIf cfg.enable {
programs.obsidian.enable = true;
xdg.mimeApps = {
enable = true;
associations.added = {
"text/markdown" = ["obsidian.desktop"];
};
defaultApplications = {
"text/markdown" = ["obsidian.desktop"];
};
};
};
}

1
home/m3tam3re/m3-ares.nix
View File

@@ -53,7 +53,6 @@ with lib; {
gaming.enable = true; gaming.enable = true;
hyprland.enable = true; hyprland.enable = true;
media.enable = true; media.enable = true;
obsidian.enable = true;
office.enable = true; office.enable = true;
rofi.enable = true; rofi.enable = true;
fonts.enable = true; fonts.enable = true;

4
home/m3tam3re/m3-atlas.nix
View File

@@ -2,10 +2,9 @@
imports = [ imports = [
../common ../common
../features/cli ../features/cli
../features/coding/opencode.nix
./home-server.nix ./home-server.nix
]; ];
coding.editors.neovim.enable = true;
features = { features = {
cli = { cli = {
nushell.enable = true; nushell.enable = true;
@@ -13,7 +12,6 @@
nitch.enable = true; nitch.enable = true;
secrets.enable = false; secrets.enable = false;
starship.enable = true; starship.enable = true;
zellij.enable = true;
}; };
}; };
} }

1
home/m3tam3re/m3-kratos.nix
View File

@@ -52,7 +52,6 @@ with lib; {
gaming.enable = true; gaming.enable = true;
hyprland.enable = true; hyprland.enable = true;
media.enable = true; media.enable = true;
obsidian.enable = true;
office.enable = true; office.enable = true;
rofi.enable = true; rofi.enable = true;
fonts.enable = true; fonts.enable = true;

24
hosts/common/default.nix
View File

@@ -1,13 +1,5 @@
# Common configuration for all hosts # Common configuration for all hosts
{ { config, pkgs, lib, inputs, outputs, ... }: {
config,
pkgs,
lib,
inputs,
outputs,
system,
...
}: {
imports = [ imports = [
./extraServices ./extraServices
./ports.nix ./ports.nix
@@ -15,13 +7,14 @@
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
]; ];
environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"]; environment.pathsToLink =
[ "/share/xdg-desktop-portal" "/share/applications" ];
home-manager = { home-manager = {
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs system; inherit inputs outputs;
videoDrivers = config.services.xserver.videoDrivers or []; videoDrivers = config.services.xserver.videoDrivers or [ ];
}; };
}; };
@@ -38,7 +31,7 @@
inputs.m3ta-nixpkgs.overlays.default inputs.m3ta-nixpkgs.overlays.default
inputs.m3ta-nixpkgs.overlays.modifications inputs.m3ta-nixpkgs.overlays.modifications
(outputs.overlays.mkLlmAgentsOverlay system)
# You can also add overlays exported from other flakes: # You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default # neovim-nightly-overlay.overlays.default
@@ -72,10 +65,9 @@
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
optimise.automatic = true; optimise.automatic = true;
registry = registry = (lib.mapAttrs (_: flake: { inherit flake; }))
(lib.mapAttrs (_: flake: {inherit flake;}))
((lib.filterAttrs (_: lib.isType "flake")) inputs); ((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = ["/etc/nix/path"]; nixPath = [ "/etc/nix/path" ];
}; };
users.defaultUserShell = pkgs.nushell; users.defaultUserShell = pkgs.nushell;
} }

1
hosts/common/extraServices/flatpak.nix
View File

@@ -14,6 +14,7 @@ in {
xdg.portal = { xdg.portal = {
# xdg desktop intergration (required for flatpak) # xdg desktop intergration (required for flatpak)
enable = true; enable = true;
wlr.enable = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [
xdg-desktop-portal-hyprland xdg-desktop-portal-hyprland
]; ];

8
hosts/common/ports.nix
View File

@@ -18,10 +18,6 @@
wireguard = 51820; wireguard = 51820;
tailscale = 41641; tailscale = 41641;
headscale = 3009; headscale = 3009;
netbird-stun = 3478;
netbird-proxy = 8443;
netbird-metrics = 9090;
netbird-health = 9000;
# Containers & web apps # Containers & web apps
gitea = 3030; gitea = 3030;
@@ -37,7 +33,9 @@
slash-nemoti = 3016; slash-nemoti = 3016;
kestra = 3018; kestra = 3018;
outline = 3019; outline = 3019;
authentik = 3023; pangolin = 3020;
pangolin-api = 3021;
pangolin-ws = 3022;
# Home automation # Home automation
homarr = 7575; homarr = 7575;

1
hosts/common/users/m3tam3re.nix
View File

@@ -24,7 +24,6 @@
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZcjCKl0DRuOUOMXbM0GKY5JjvmyFpVZ/tRlTKWu/zp razr"
]; ];
packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default]; packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
}; };

6
hosts/m3-aether/services/default.nix
View File

@@ -2,4 +2,10 @@
imports = [ imports = [
./cloud-init.nix ./cloud-init.nix
]; ];
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
} }

11
hosts/m3-ares/hardware.nix
View File

@@ -1,15 +1,8 @@
{ {
config, config,
pkgs, pkgs,
inputs,
... ...
}: { }: {
# Workaround for tuxedo-drivers module bug in unstable (nixpkgs#480391)
# The unstable module has a type error - use stable module until fix propagates
# disabledModules = [ "hardware/tuxedo-drivers.nix" ];
# imports =
# [ "${inputs.nixpkgs-stable}/nixos/modules/hardware/tuxedo-drivers.nix" ];
hardware.nvidia = { hardware.nvidia = {
prime = { prime = {
offload.enable = false; offload.enable = false;
@@ -43,7 +36,9 @@
}; };
}; };
environment.systemPackages = with pkgs; [tuxedo-backlight]; environment.systemPackages = with pkgs; [
tuxedo-backlight
];
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
users = ["@wheel"]; users = ["@wheel"];

12
hosts/m3-ares/secrets.nix
View File

@@ -33,18 +33,6 @@
file = ../../secrets/exa-key.age; file = ../../secrets/exa-key.age;
owner = "m3tam3re"; owner = "m3tam3re";
}; };
outline-key = {
file = ../../secrets/outline-key.age;
owner = "m3tam3re";
};
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
tailscale-key.file = ../../secrets/tailscale-key.age; tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = { m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age; file = ../../secrets/m3tam3re-secrets.age;

24
hosts/m3-ares/services/default.nix
View File

@@ -1,34 +1,20 @@
{pkgs, ...}: { {
imports = [ imports = [
./containers ./containers
./netbird.nix
#./n8n.nix #./n8n.nix
./mem0.nix
./postgres.nix ./postgres.nix
./restic.nix ./restic.nix
./sound.nix ./sound.nix
./tailscale.nix
./udev.nix ./udev.nix
./wireguard.nix ./wireguard.nix
]; ];
# console.useXkbConfig = true;
# services.xserver.xkb = {
# layout = "de,us";
# options = "ctrl:nocaps";
# };
# optional, falls du auch die TTY-Konsole deutsch willst:
services = { services = {
hypridle.enable = true; hypridle.enable = true;
espanso = {
enable = true;
package = pkgs.espanso-wayland;
};
printing.enable = true; printing.enable = true;
gvfs.enable = true; gvfs.enable = true;
trezord.enable = true; trezord.enable = true;
gnome.gnome-keyring.enable = true; gnome.gnome-keyring.enable = true;
qdrant.enable = true;
# qdrant = { # qdrant = {
# enable = true; # enable = true;
# settings = { # settings = {
@@ -49,4 +35,10 @@
}; };
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
}; };
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
} }

23
hosts/m3-ares/services/mem0.nix
View File

@@ -1,23 +0,0 @@
{
m3ta.mem0 = {
enable = true;
port = 8000;
host = "127.0.0.1";
# LLM Configuration
llm = {
provider = "openai";
apiKeyFile = "/var/lib/mem0/openai-api-key-1"; # Use agenix or sops-nix
};
# Vector Storage Configuration
vectorStore = {
provider = "qdrant"; # or "chroma", "pinecone", etc.
config = {
host = "localhost";
port = 6333;
collection_name = "mem0_alice";
};
};
};
}

29
hosts/m3-ares/services/netbird.nix
View File

@@ -1,29 +0,0 @@
{pkgs, ...}: {
services.netbird.enable = true;
environment.systemPackages = with pkgs; [netbird-ui];
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}

11
hosts/m3-ares/services/tailscale.nix Normal file
View File

@@ -0,0 +1,11 @@
{config, ...}: {
services.tailscale = {
enable = false;
authKeyFile = config.age.secrets.tailscale-key.path;
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server=https://va.m3tam3re.com"
"--accept-routes"
];
};
}

73
hosts/m3-atlas/secrets.nix
View File

@@ -1,70 +1,51 @@
{ {
age = { age = {
secrets = { secrets = {
baserow-env = {file = ../../secrets/baserow-env.age;}; baserow-env = {
ghost-env = {file = ../../secrets/ghost-env.age;}; file = ../../secrets/baserow-env.age;
};
ghost-env = {
file = ../../secrets/ghost-env.age;
};
kestra-config = { kestra-config = {
file = ../../secrets/kestra-config.age; file = ../../secrets/kestra-config.age;
mode = "644"; mode = "644";
}; };
kestra-env = {file = ../../secrets/kestra-env.age;}; kestra-env = {
littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;}; file = ../../secrets/kestra-env.age;
minio-root-cred = {file = ../../secrets/minio-root-cred.age;};
n8n-env = {file = ../../secrets/n8n-env.age;};
netbird-auth-secret = {
file = ../../secrets/netbird-auth-secret.age;
}; };
netbird-db-password = { littlelink-m3tam3re = {
file = ../../secrets/netbird-db-password.age; file = ../../secrets/littlelink-m3tam3re.age;
}; };
netbird-encryption-key = { minio-root-cred = {
file = ../../secrets/netbird-encryption-key.age; file = ../../secrets/minio-root-cred.age;
}; };
netbird-dashboard-env = { n8n-env = {
file = ../../secrets/netbird-dashboard-env.age; file = ../../secrets/n8n-env.age;
}; };
netbird-server-env = { paperless-key = {
file = ../../secrets/netbird-server-env.age; file = ../../secrets/paperless-key.age;
}; };
netbird-proxy-env = { restreamer-env = {
file = ../../secrets/netbird-proxy-env.age; file = ../../secrets/restreamer-env.age;
};
searx = {
file = ../../secrets/searx.age;
};
tailscale-key = {
file = ../../secrets/tailscale-key.age;
}; };
paperless-key = {file = ../../secrets/paperless-key.age;};
restreamer-env = {file = ../../secrets/restreamer-env.age;};
searx = {file = ../../secrets/searx.age;};
tailscale-key = {file = ../../secrets/tailscale-key.age;};
traefik = { traefik = {
file = ../../secrets/traefik.age; file = ../../secrets/traefik.age;
owner = "traefik"; owner = "traefik";
}; };
vaultwarden-env = {file = ../../secrets/vaultwarden-env.age;}; vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
};
m3tam3re-secrets = { m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age; file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re"; owner = "m3tam3re";
}; };
gitea-runner-token = {
file = ../../secrets/gitea-runner-token.age;
mode = "600";
owner = "gitea-runner";
group = "gitea-runner";
};
ref-key = {
file = ../../secrets/ref-key.age;
owner = "m3tam3re";
};
exa-key = {
file = ../../secrets/exa-key.age;
owner = "m3tam3re";
};
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
authentik-env = {file = ../../secrets/authentik-env.age;};
}; };
}; };
} }

67
hosts/m3-atlas/services/containers/authentik.nix
View File

@@ -1,67 +0,0 @@
{config, ...}: let
image = "ghcr.io/goauthentik/server:2026.2.0";
serverIp = "10.89.0.22";
workerIp = "10.89.0.23";
postgresHost = "10.89.0.1";
postgresPort = config.m3ta.ports.get "postgres";
authentikPort = config.m3ta.ports.get "authentik";
sharedEnv = {
AUTHENTIK_POSTGRESQL__HOST = postgresHost;
AUTHENTIK_POSTGRESQL__PORT = toString postgresPort;
AUTHENTIK_POSTGRESQL__USER = "authentik";
AUTHENTIK_POSTGRESQL__NAME = "authentik";
};
in {
virtualisation.oci-containers.containers = {
"authentik-server" = {
inherit image;
cmd = ["server"];
environment = sharedEnv;
environmentFiles = [config.age.secrets.authentik-env.path];
ports = ["127.0.0.1:${toString authentikPort}:9000"];
volumes = [
"authentik_media:/media"
"authentik_templates:/templates"
];
extraOptions = [
"--add-host=postgres:${postgresHost}"
"--ip=${serverIp}"
"--network=web"
];
};
"authentik-worker" = {
inherit image;
cmd = ["worker"];
user = "root";
environment = sharedEnv;
environmentFiles = [config.age.secrets.authentik-env.path];
volumes = [
"authentik_media:/media"
"authentik_certs:/certs"
"authentik_templates:/templates"
];
extraOptions = [
"--add-host=postgres:${postgresHost}"
"--ip=${workerIp}"
"--network=web"
];
};
};
services.traefik.dynamicConfigOptions.http = {
services.authentik.loadBalancer.servers = [
{url = "http://localhost:${toString authentikPort}/";}
];
routers.authentik = {
rule = "Host(`auth.m3ta.dev`)";
tls = {certResolver = "godaddy";};
service = "authentik";
entrypoints = "websecure";
};
};
}

2
hosts/m3-atlas/services/containers/default.nix
View File

@@ -5,13 +5,11 @@
./kestra.nix ./kestra.nix
./littlelink.nix ./littlelink.nix
./matomo.nix ./matomo.nix
./netbird.nix
# ./n8n.nix # ./n8n.nix
# ./pangolin.nix # ./pangolin.nix
./restreamer.nix ./restreamer.nix
./slash.nix ./slash.nix
./slash-nemoti.nix ./slash-nemoti.nix
./authentik.nix
]; ];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists web; then if ! /run/current-system/sw/bin/podman network exists web; then

244
hosts/m3-atlas/services/containers/netbird.nix
View File

@@ -1,244 +0,0 @@
{
config,
pkgs,
...
}: let
serviceName = "netbird";
stunPort = config.m3ta.ports.get "netbird-stun";
proxyTlsPort = config.m3ta.ports.get "netbird-proxy";
metricsPort = config.m3ta.ports.get "netbird-metrics";
healthPort = config.m3ta.ports.get "netbird-health";
postgresPort = config.m3ta.ports.get "postgres";
wireguardPort = config.m3ta.ports.get "wireguard";
domain = "v.m3ta.dev";
proxyDomain = "p.m3ta.dev";
ipBase = "10.89.0";
ipOffset = 50;
dashboardIp = "${ipBase}.${toString ipOffset}";
serverIp = "${ipBase}.${toString (ipOffset + 1)}";
proxyIp = "${ipBase}.${toString (ipOffset + 2)}";
# Database configuration
dbName = "netbird";
dbUser = "netbird";
dbHost = "${ipBase}.1";
# NetBird config as Nix attribute set
netbirdConfig = {
server = {
listenAddress = ":80";
exposedAddress = "https://${domain}:443";
stunPorts = [stunPort];
metricsPort = metricsPort;
healthcheckAddress = ":${toString healthPort}";
logLevel = "info";
logFile = "console";
dataDir = "/var/lib/netbird";
auth = {
issuer = "https://${domain}/oauth2";
localAuthDisabled = true;
signKeyRefreshEnabled = true;
dashboardRedirectURIs = [
"https://${domain}/nb-auth"
"https://${domain}/nb-silent-auth"
];
cliRedirectURIs = ["http://localhost:53000/"];
};
reverseProxy = {
trustedHTTPProxies = ["${ipBase}.1/32"];
};
# Proxy feature
proxy = {
enabled = true;
domain = proxyDomain;
};
store = {
engine = "postgres";
postgres = {
host = dbHost;
port = postgresPort;
database = dbName;
username = dbUser;
};
};
};
};
# Generate YAML from Nix attribute set
yamlFormat = pkgs.formats.yaml {};
configYamlBase = yamlFormat.generate "netbird-config-base.yaml" netbirdConfig;
# Script that injects secrets at runtime
configGenScript = pkgs.writeShellScript "netbird-gen-config" ''
set -euo pipefail
AUTH_SECRET=$(cat "$1")
DB_PASSWORD=$(cat "$2")
ENCRYPTION_KEY=$(cat "$3")
${pkgs.yq-go}/bin/yq eval "
.server.authSecret = \"$AUTH_SECRET\" |
.server.store.encryptionKey = \"$ENCRYPTION_KEY\" |
.server.store.postgres.password = \"$DB_PASSWORD\"
" ${configYamlBase}
'';
in {
age.secrets."${serviceName}-auth-secret".file = ../../../../secrets/${serviceName}-auth-secret.age;
age.secrets."${serviceName}-db-password".file = ../../../../secrets/${serviceName}-db-password.age;
age.secrets."${serviceName}-encryption-key".file = ../../../../secrets/${serviceName}-encryption-key.age;
age.secrets."${serviceName}-dashboard-env".file = ../../../../secrets/${serviceName}-dashboard-env.age;
age.secrets."${serviceName}-server-env".file = ../../../../secrets/${serviceName}-server-env.age;
age.secrets."${serviceName}-proxy-env".file = ../../../../secrets/${serviceName}-proxy-env.age;
# Oneshot systemd service that generates the config with injected secrets
systemd.services."${serviceName}-config" = {
description = "Generate NetBird config with secrets";
wantedBy = ["multi-user.target"];
before = ["podman-${serviceName}-server.service"];
requiredBy = ["podman-${serviceName}-server.service"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "netbird-write-config" ''
mkdir -p /var/lib/${serviceName}
${configGenScript} \
${config.age.secrets."${serviceName}-auth-secret".path} \
${config.age.secrets."${serviceName}-db-password".path} \
${config.age.secrets."${serviceName}-encryption-key".path} \
> /var/lib/${serviceName}/config.yaml
chmod 600 /var/lib/${serviceName}/config.yaml
'';
};
};
virtualisation.oci-containers.containers = {
"${serviceName}-dashboard" = {
image = "netbirdio/dashboard:latest";
autoStart = true;
environmentFiles = [config.age.secrets."${serviceName}-dashboard-env".path];
extraOptions = [
"--ip=${dashboardIp}"
"--network=web"
];
};
"${serviceName}-server" = {
image = "netbirdio/netbird-server:latest";
autoStart = true;
ports = ["${toString stunPort}:${toString stunPort}/udp"];
environmentFiles = [config.age.secrets."${serviceName}-server-env".path];
volumes = [
"${serviceName}_data:/var/lib/netbird"
"/var/lib/${serviceName}/config.yaml:/etc/netbird/config.yaml:ro"
];
cmd = ["--config" "/etc/netbird/config.yaml"];
extraOptions = [
"--ip=${serverIp}"
"--network=web"
];
};
"${serviceName}-proxy" = {
image = "netbirdio/reverse-proxy:latest";
autoStart = true;
ports = ["${toString wireguardPort}:${toString wireguardPort}/udp"];
volumes = [
"${serviceName}_proxy_certs:/certs"
];
environmentFiles = [config.age.secrets."${serviceName}-proxy-env".path];
cmd = [
"--domain=${proxyDomain}"
"--mgmt=https://${domain}:443"
"--addr=:${toString proxyTlsPort}"
"--cert-dir=/certs"
"--acme-certs"
"--trusted-proxies=${ipBase}.1/32"
];
dependsOn = ["${serviceName}-server"];
extraOptions = [
"--ip=${proxyIp}"
"--network=web"
];
};
};
services.traefik.dynamicConfigOptions = {
# HTTP services and routers
http = {
services = {
"${serviceName}-dashboard".loadBalancer.servers = [
{url = "http://${dashboardIp}:80/";}
];
"${serviceName}-server".loadBalancer.servers = [
{url = "http://${serverIp}:80/";}
];
"${serviceName}-server-h2c".loadBalancer.servers = [
{url = "h2c://${serverIp}:80";}
];
};
routers = {
# gRPC (Signal + Management)
"${serviceName}-grpc" = {
rule = "Host(`${domain}`) && (PathPrefix(`/signalexchange.SignalExchange/`) || PathPrefix(`/management.ManagementService/`) || PathPrefix(`/management.ProxyService/`))";
entrypoints = "websecure";
tls.certResolver = "godaddy";
service = "${serviceName}-server-h2c";
priority = 100;
};
# Backend (relay, WebSocket, API, OAuth2)
"${serviceName}-backend" = {
rule = "Host(`${domain}`) && (PathPrefix(`/relay`) || PathPrefix(`/ws-proxy/`) || PathPrefix(`/api`) || PathPrefix(`/oauth2`))";
entrypoints = "websecure";
tls.certResolver = "godaddy";
service = "${serviceName}-server";
priority = 100;
};
# Dashboard (catch-all, lowest priority)
"${serviceName}-dashboard" = {
rule = "Host(`${domain}`)";
entrypoints = "websecure";
tls.certResolver = "godaddy";
service = "${serviceName}-dashboard";
priority = 1;
};
};
};
# TCP for proxy TLS passthrough
tcp = {
services."${serviceName}-proxy-tls".loadBalancer.servers = [
{address = "${proxyIp}:${toString proxyTlsPort}";}
];
routers."${serviceName}-proxy-passthrough" = {
entryPoints = ["websecure"];
rule = "HostSNI(`*`)";
service = "${serviceName}-proxy-tls";
priority = 1;
tls.passthrough = true;
};
};
# ServersTransport for Proxy Protocol v2 (optional)
serversTransports."pp-v2" = {
proxyProtocol.version = 2;
};
};
networking.firewall.allowedUDPPorts = [
stunPort # STUN
wireguardPort # WireGuard for proxy
];
}

211
hosts/m3-atlas/services/containers/pangolin.nix Normal file
View File

@@ -0,0 +1,211 @@
{
config,
pkgs,
lib,
...
}: let
# Define the Pangolin configuration as a Nix attribute set
pangolinConfig = {
app = {
dashboard_url = "https://vpn.m3tam3re.com";
log_level = "info";
save_logs = false;
};
domains = {
vpn = {
base_domain = "m3tam3re.com";
cert_resolver = "godaddy";
prefer_wildcard_cert = false;
};
};
server = {
external_port = 3000;
internal_port = 3001;
next_port = 3002;
internal_hostname = "pangolin";
session_cookie_name = "p_session_token";
resource_access_token_param = "p_token";
resource_session_request_param = "p_session_request";
};
traefik = {
cert_resolver = "godaddy";
http_entrypoint = "web";
https_entrypoint = "websecure";
};
gerbil = {
start_port = 51820;
base_endpoint = "vpn.m3tam3re.com";
use_subdomain = false;
block_size = 24;
site_block_size = 30;
subnet_group = "100.89.137.0/20";
};
rate_limits = {
global = {
window_minutes = 1;
max_requests = 100;
};
};
email = {
smtp_host = config.age.secrets.smtp-host.path;
smtp_port = 587;
smtp_user = config.age.secrets.smtp-user.path;
smtp_pass = config.age.secrets.smtp-pass.path;
no_reply = config.age.secrets.smtp-user.path;
};
users = {
server_admin = {
email = "admin@m3tam3re.com";
password = config.age.secrets.pangolin-admin-password.path;
};
};
flags = {
require_email_verification = true;
disable_signup_without_invite = true;
disable_user_create_org = true;
allow_raw_resources = true;
allow_base_domain_resources = true;
};
};
# Convert Nix attribute set to YAML using a simpler approach
pangolinConfigYaml = pkgs.writeTextFile {
name = "config.yml";
text = lib.generators.toYAML {} pangolinConfig;
};
in {
# Define the containers
virtualisation.oci-containers.containers = {
"pangolin" = {
image = "fosrl/pangolin:1.1.0";
autoStart = true;
volumes = [
"${pangolinConfigYaml}:/app/config/config.yml:ro" # Mount the config file directly
"pangolin_config:/app/config/data" # Volume for persistent data
];
ports = [
"127.0.0.1:3020:3001" # API server
"127.0.0.1:3021:3002" # Next.js server
"127.0.0.1:3022:3000" # API/WebSocket server
];
extraOptions = ["--ip=10.89.0.20" "--network=web"];
};
"gerbil" = {
image = "fosrl/gerbil:1.0.0";
autoStart = true;
volumes = [
"pangolin_config:/var/config" # Share the volume for persistent data
];
cmd = [
"--reachableAt=http://gerbil:3003"
"--generateAndSaveKeyTo=/var/config/key"
"--remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config"
"--reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth"
];
ports = [
"51820:51820/udp" # WireGuard port
];
extraOptions = [
"--ip=10.89.0.21"
"--network=web"
"--cap-add=NET_ADMIN"
"--cap-add=SYS_MODULE"
];
};
};
# Secrets for Pangolin
# age.secrets = {
# "smtp-host" = {
# file = ../secrets/smtp-host.age;
# owner = "root";
# group = "root";
# mode = "0400";
# };
# "smtp-user" = {
# file = ../secrets/smtp-user.age;
# owner = "root";
# group = "root";
# mode = "0400";
# };
# "smtp-pass" = {
# file = ../secrets/smtp-pass.age;
# owner = "root";
# group = "root";
# mode = "0400";
# };
# "pangolin-admin-password" = {
# file = ../secrets/pangolin-admin-password.age;
# owner = "root";
# group = "root";
# mode = "0400";
# };
# };
# Traefik configuration for Pangolin
services.traefik.dynamicConfigOptions = {
http = {
# Next.js service (front-end)
services.pangolin-next-service.loadBalancer.servers = [
{url = "http://localhost:3021";}
];
# API service
services.pangolin-api-service.loadBalancer.servers = [
{url = "http://localhost:3022";}
];
# Routers
routers = {
# Next.js router (handles everything except API paths)
"pangolin-next" = {
rule = "Host(`vpn.m3tam3re.com`) && !PathPrefix(`/api/v1`)";
service = "pangolin-next-service";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
# API router
"pangolin-api" = {
rule = "Host(`vpn.m3tam3re.com`) && PathPrefix(`/api/v1`)";
service = "pangolin-api-service";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
# Add HTTP provider to Traefik for dynamic configuration from Pangolin
services.traefik.staticConfigOptions.providers.http = {
endpoint = "http://localhost:3020/api/v1/traefik-config";
pollInterval = "5s";
};
# Add experimental section for Badger plugin
services.traefik.staticConfigOptions.experimental = {
plugins = {
#TODO create an overlay for the plugin
badger = {
moduleName = "github.com/fosrl/badger";
version = "v1.0.0";
};
};
};
# Firewall configuration for WireGuard
networking.firewall.allowedUDPPorts = [51820]; # WireGuard port
}

5
hosts/m3-atlas/services/default.nix
View File

@@ -2,14 +2,15 @@
imports = [ imports = [
./containers ./containers
./gitea.nix ./gitea.nix
./gitea-actions-runner.nix ./headscale.nix
./minio.nix ./minio.nix
./mysql.nix ./mysql.nix
./netbird.nix
./n8n.nix ./n8n.nix
./outline.nix
./paperless.nix ./paperless.nix
./postgres.nix ./postgres.nix
./searx.nix ./searx.nix
./tailscale.nix
./traefik.nix ./traefik.nix
./vaultwarden.nix ./vaultwarden.nix
./wastebin.nix ./wastebin.nix

57
hosts/m3-atlas/services/gitea-actions-runner.nix
View File

@@ -1,57 +0,0 @@
{
config,
pkgs,
...
}: {
services.gitea-actions-runner = {
instances.default = {
enable = true;
name = "${config.networking.hostName}-runner";
url = "https://code.m3ta.dev";
tokenFile = config.age.secrets.gitea-runner-token.path;
# nixos:host is primary, ubuntu is fallback
labels = [
"nixos:host"
];
# Host execution packages
hostPackages = with pkgs; [
bash
curl
coreutils
git
jq
nix
nix-update
nodejs
# Add any other tools you need for nix-update workflows
];
# Advanced settings
settings = {
runner = {
capacity = 4; # One job at a time (increase if you have resources)
timeout = "4h"; # Nix builds can take a while
};
cache = {enabled = true;};
container = {
enable_ipv6 = true;
privileged = false;
};
};
};
};
# User management (auto-created by module, but ensuring proper setup)
users.users.gitea-runner = {
home = "/var/lib/gitea-runner";
group = "gitea-runner";
isSystemUser = true;
createHome = true;
};
users.groups.gitea-runner = {};
# Firewall: Allow Podman bridge networks for cache actions
networking.firewall.trustedInterfaces = ["br-+"];
}

119
hosts/m3-atlas/services/headscale.nix Normal file
View File

@@ -0,0 +1,119 @@
{
config,
lib,
pkgs,
...
}: {
# Define a new option for the admin user
options.services.headscale = {
adminUser = lib.mkOption {
type = lib.types.str;
default = "m3tam3re";
description = "Username for the headscale admin user";
};
};
config = let
adminUser = config.services.headscale.adminUser;
aclConfig = {
# Groups definition
groups = {
"group:admins" = ["${adminUser}"];
};
acls = [
# Allow all connections within the tailnet
{
action = "accept";
src = ["*"];
dst = ["*:*"];
}
# Allow admin to connect to their own services
{
action = "accept";
src = ["${adminUser}"];
dst = ["${adminUser}:*"];
}
];
# Auto-approvers section for routes
autoApprovers = {
routes = {
"0.0.0.0/0" = ["${adminUser}"];
"10.0.0.0/8" = ["${adminUser}"];
"192.168.0.0/16" = ["${adminUser}"];
};
exitNode = ["${adminUser}"];
};
};
# Convert to HuJSON format with comments
aclHuJson = ''
// Headscale ACL Policy - Generated by NixOS
// Admin user: ${adminUser}
${builtins.toJSON aclConfig}
'';
aclFile = pkgs.writeText "acl-policy.hujson" aclHuJson;
in {
services = {
headscale = {
enable = true;
adminUser = "m3tam3re@m3ta.loc";
port = 3009;
settings = {
server_url = "https://va.m3tam3re.com";
dns = {
base_domain = "m3ta.loc";
nameservers.global = ["8.8.8.8"];
};
logtail.enabled = false;
policy.path = "${aclFile}";
};
};
};
# Create a systemd service to ensure the admin user exists
systemd.services.headscale-ensure-admin = lib.mkIf config.services.headscale.enable {
description = "Ensure Headscale admin user exists";
after = ["headscale.service"];
requires = ["headscale.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "headscale";
Group = "headscale";
};
script = ''
# Check if user exists and create if needed
if ! ${pkgs.headscale}/bin/headscale users list | grep -q "${adminUser}"; then
echo "Creating headscale admin user: ${adminUser}"
${pkgs.headscale}/bin/headscale users create "${adminUser}"
else
echo "Headscale admin user ${adminUser} already exists"
fi
'';
};
# Traefik configuration for headscale
services.traefik.dynamicConfigOptions.http = {
services.headscale.loadBalancer.servers = [
{
url = "http://localhost:3009/";
}
];
routers.headscale = {
rule = "Host(`va.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "headscale";
entrypoints = "websecure";
};
};
};
}

10
hosts/m3-atlas/services/n8n.nix
View File

@@ -1,16 +1,8 @@
{ {config, ...}: {
config,
lib,
...
}: {
services.n8n = { services.n8n = {
enable = true; enable = true;
environment.WEBHOOK_URL = "https://wf.m3tam3re.com"; environment.WEBHOOK_URL = "https://wf.m3tam3re.com";
}; };
# Temporary fix for upstream module
systemd.services.n8n.serviceConfig.LoadCredential = lib.mkForce [];
systemd.services.n8n.environment.N8N_RUNNERS_AUTH_TOKEN_FILE = lib.mkForce null;
systemd.services.n8n.serviceConfig = { systemd.services.n8n.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.n8n-env.path}"]; EnvironmentFile = ["${config.age.secrets.n8n-env.path}"];
}; };

28
hosts/m3-atlas/services/netbird.nix
View File

@@ -1,28 +0,0 @@
{pkgs, ...}: {
services.netbird.enable = true;
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}

33
hosts/m3-atlas/services/outline.nix Normal file
View File

@@ -0,0 +1,33 @@
{
services.outline = {
enable = true;
port = 3019;
publicUrl = "https://ol.m3ta.dev";
databaseUrl = "postgresql://outline:outline@127.0.0.1:5432/outline";
storage = {
storageType = "local";
};
};
systemd.services.outline.serviceConfig = {
Environment = [
"PGSSLMODE=disable"
];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.outline.loadBalancer.servers = [
{
url = "http://localhost:3019/";
}
];
routers.outline = {
rule = "Host(`ol.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "outline";
entrypoints = "websecure";
};
};
}

4
hosts/m3-atlas/services/postgres.nix
View File

@@ -26,8 +26,6 @@
# Podman network connections for Baserow # Podman network connections for Baserow
host baserow baserow 10.89.0.0/24 scram-sha-256 host baserow baserow 10.89.0.0/24 scram-sha-256
host kestra kestra 10.89.0.0/24 scram-sha-256 host kestra kestra 10.89.0.0/24 scram-sha-256
host netbird netbird 10.89.0.0/24 scram-sha-256
host authentik authentik 10.89.0.0/24 scram-sha-256
# Deny all other connections # Deny all other connections
local all all reject local all all reject
@@ -38,7 +36,7 @@
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
startAt = "03:10:00"; startAt = "03:10:00";
databases = ["baserow" "paperless" "kestra" "authentik" "netbird"]; databases = ["baserow" "paperless" "kestra"];
}; };
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''

27
hosts/m3-atlas/services/tailscale.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}: {
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale-key.path;
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server=${config.services.headscale.settings.server_url}"
"--advertise-exit-node"
"--accept-routes"
];
};
services.networkd-dispatcher = lib.mkIf config.services.tailscale.enable {
enable = true;
rules."50-tailscale" = {
onState = ["routable"];
script = ''
NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")
${pkgs.ethtool}/bin/ethtool -K "$NETDEV" rx-udp-gro-forwarding on rx-gro-list off
'';
};
};
}

6
hosts/m3-helios/services/default.nix
View File

@@ -4,4 +4,10 @@
./containers ./containers
./traefik.nix ./traefik.nix
]; ];
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
} }

5
hosts/m3-kratos/default.nix
View File

@@ -50,9 +50,8 @@
}; };
services.ollama = { services.ollama = {
environmentVariables = { environmentVariables = {
HCC_AMDGPU_TARGET = "gfx1103"; HCC_AMDGPU_TARGET = "gfx1100";
ROCR_VISIBLE_DEVICES = "0";
}; };
rocmOverrideGfx = "11.0.3"; rocmOverrideGfx = "11.0.0";
}; };
} }

12
hosts/m3-kratos/secrets.nix
View File

@@ -5,7 +5,9 @@
file = ../../secrets/anytype-key.age; file = ../../secrets/anytype-key.age;
owner = "m3tam3re"; owner = "m3tam3re";
}; };
tailscale-key = {file = ../../secrets/tailscale-key.age;}; tailscale-key = {
file = ../../secrets/tailscale-key.age;
};
wg-DE = { wg-DE = {
file = ../../secrets/wg-DE.age; file = ../../secrets/wg-DE.age;
path = "/etc/wireguard/DE.conf"; path = "/etc/wireguard/DE.conf";
@@ -38,14 +40,6 @@
file = ../../secrets/exa-key.age; file = ../../secrets/exa-key.age;
owner = "m3tam3re"; owner = "m3tam3re";
}; };
basecamp-client-id = {
file = ../../secrets/basecamp-client-id.age;
owner = "m3tam3re";
};
basecamp-client-secret = {
file = ../../secrets/basecamp-client-secret.age;
owner = "m3tam3re";
};
}; };
}; };
} }

17
hosts/m3-kratos/services/default.nix
View File

@@ -1,25 +1,22 @@
{pkgs, ...}: { {
imports = [ imports = [
./containers ./containers
./mem0.nix ./mem0.nix
./n8n.nix ./n8n.nix
./netbird.nix
./postgres.nix ./postgres.nix
./sound.nix ./sound.nix
./tailscale.nix
./udev.nix ./udev.nix
./wireguard.nix ./wireguard.nix
]; ];
services = { services = {
hypridle.enable = true; hypridle.enable = true;
espanso = {
enable = true;
package = pkgs.espanso-wayland;
};
printing.enable = true; printing.enable = true;
gvfs.enable = true; gvfs.enable = true;
trezord.enable = true; trezord.enable = true;
gnome.gnome-keyring.enable = true; gnome.gnome-keyring.enable = true;
qdrant.enable = true; qdrant.enable = false;
stirling-pdf.enable = true;
avahi = { avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
@@ -31,4 +28,10 @@
}; };
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
}; };
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
} }

7
hosts/m3-kratos/services/n8n.nix
View File

@@ -1,13 +1,12 @@
{lib, ...}: { {
services.n8n = { services.n8n = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
};
systemd.services.n8n = {
environment = { environment = {
N8N_SECURE_COOKIE = "false"; N8N_SECURE_COOKIE = "false";
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false"; N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false";
}; };
}; };
# Temporary fix for upstream module
systemd.services.n8n.serviceConfig.LoadCredential = lib.mkForce [];
systemd.services.n8n.environment.N8N_RUNNERS_AUTH_TOKEN_FILE = lib.mkForce null;
} }

32
hosts/m3-kratos/services/netbird.nix
View File

@@ -1,32 +0,0 @@
{pkgs, ...}: {
services.netbird.enable = true;
environment.systemPackages = with pkgs; [netbird-ui];
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow # login
pkgs.util-linux # runuser
];
};
# Symlink kannst du jetzt ENTFERNEN nicht mehr nötig!
# system.activationScripts.netbird-login-link = ... # LÖSCHEN
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}

12
hosts/m3-kratos/services/tailscale.nix Normal file
View File

@@ -0,0 +1,12 @@
{config, ...}: {
services.tailscale = {
enable = false;
authKeyFile = config.age.secrets.tailscale-key.path;
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server=https://va.m3tam3re.com"
"--accept-routes"
"--exit-node-allow-lan-access"
];
};
}

7
overlays/default.nix
View File

@@ -8,6 +8,7 @@
# You can change versions, add patches, set compilation flags, anything really. # You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays # https://nixos.wiki/wiki/Overlays
modifications = final: prev: { modifications = final: prev: {
qdrant = inputs.nixpkgs-stable.legacyPackages.${prev.system}.qdrant;
# n8n = import ./mods/n8n.nix {inherit prev;}; # n8n = import ./mods/n8n.nix {inherit prev;};
# brave = prev.brave.override { # brave = prev.brave.override {
@@ -59,10 +60,4 @@
config.allowUnfree = true; config.allowUnfree = true;
}; };
}; };
# Flatten llm-agents packages into top-level pkgs namespace.
# Takes system as parameter to avoid infinite recursion — overlays
# can't safely access final/prev.system when spreading attributes.
mkLlmAgentsOverlay = system: _final: _prev:
inputs.llm-agents.packages.${system} or {};
} }

32
secrets.nix
View File

@@ -1,20 +1,24 @@
let let
# SYSTEMS # SYSTEMS
m3-ares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+M4CygEQ29eTmLqgyIAFCxy0rgfO23klNiARBEA+3s"; m3-ares =
m3-kratos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDl+LtFGsk/A7BvxwiUCyq5wjRzGtQSrBJzzLGxINF4O"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+M4CygEQ29eTmLqgyIAFCxy0rgfO23klNiARBEA+3s";
m3-helios = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyHuLITpI+M45ZZem33wDusY2X988mBoWpD1HDeZNRJ"; m3-kratos =
m3-atlas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBYK1wsFkUPIb/lX1BH7+VyXmmGSbdEFHnvhAOcaC7H"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDl+LtFGsk/A7BvxwiUCyq5wjRzGtQSrBJzzLGxINF4O";
m3-helios =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyHuLITpI+M45ZZem33wDusY2X988mBoWpD1HDeZNRJ";
m3-atlas =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBYK1wsFkUPIb/lX1BH7+VyXmmGSbdEFHnvhAOcaC7H";
# USERS # USERS
m3tam3re = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU="; m3tam3re =
sascha.koenig = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZbg/Z9mnflXuLahGY8WOSBMqbgeqVIkIwRkquys1Ml"; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
users = [m3tam3re sascha.koenig]; users = [ m3tam3re ];
systems = [m3-atlas m3-ares m3-helios m3-kratos]; systems = [ m3-atlas m3-ares m3-helios m3-kratos ];
in { in {
"secrets/anytype-key.age".publicKeys = systems ++ users; "secrets/anytype-key.age".publicKeys = systems ++ users;
"secrets/anytype-key-ares.age".publicKeys = systems ++ users; "secrets/anytype-key-ares.age".publicKeys = systems ++ users;
"secrets/authentik-env.age".publicKeys = systems ++ users; "secrets/basecamp-env.age".publicKeys = systems ++ users;
"secrets/baserow-env.age".publicKeys = systems ++ users; "secrets/baserow-env.age".publicKeys = systems ++ users;
"secrets/ghost-env.age".publicKeys = systems ++ users; "secrets/ghost-env.age".publicKeys = systems ++ users;
"secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users;
@@ -23,19 +27,9 @@ in {
"secrets/kestra-env.age".publicKeys = systems ++ users; "secrets/kestra-env.age".publicKeys = systems ++ users;
"secrets/minio-root-cred.age".publicKeys = systems ++ users; "secrets/minio-root-cred.age".publicKeys = systems ++ users;
"secrets/n8n-env.age".publicKeys = systems ++ users; "secrets/n8n-env.age".publicKeys = systems ++ users;
"secrets/netbird-auth-secret.age".publicKeys = systems ++ users;
"secrets/netbird-db-password.age".publicKeys = systems ++ users;
"secrets/netbird-encryption-key.age".publicKeys = systems ++ users;
"secrets/netbird-dashboard-env.age".publicKeys = systems ++ users;
"secrets/netbird-server-env.age".publicKeys = systems ++ users;
"secrets/netbird-proxy-env.age".publicKeys = systems ++ users;
"secrets/paperless-key.age".publicKeys = systems ++ users; "secrets/paperless-key.age".publicKeys = systems ++ users;
"secrets/ref-key.age".publicKeys = systems ++ users; "secrets/ref-key.age".publicKeys = systems ++ users;
"secrets/exa-key.age".publicKeys = systems ++ users; "secrets/exa-key.age".publicKeys = systems ++ users;
"secrets/basecamp-client-id.age".publicKeys = systems ++ users;
"secrets/basecamp-client-secret.age".publicKeys = systems ++ users;
"secrets/gitea-runner-token.age".publicKeys = systems ++ users;
"secrets/outline-key.age".publicKeys = systems ++ users;
"secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/restreamer-env.age".publicKeys = systems ++ users;
"secrets/searx.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users;
"secrets/tailscale-key.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users;

BIN
secrets/anytype-key-ares.age
View File

Binary file not shown.

BIN
secrets/anytype-key.age
View File

Binary file not shown.

32
secrets/authentik-env.age
View File

@@ -1,32 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyA4Rm1L
RHlqT3RqblNCdEM2clc0eXpyR0NWUTdsS3NaM1g1Zk50QURUVjFVClZ1Vk1KM0RS
VEhMSjFoQUdUcnVSdTlOV3M3N1V5RnNQakFXN0JoU3QyZUkKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIDU4dTBYREd1Ym05akNyb0FpQy9HZjIza2ZETncxbldRWGhTVDNL
R2tKQ28KbG9laFZheG5YbEZkRVFqRlk2VVBqd01YUHJkL3NqUElIS3BkOEpUN2du
dwotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgL3N4bDh5ZDFsOUdFTDgwdmk4N2hZU0lo
eGJCWVJtbXZqTTFzNUhPTmZsVQpnYXlFUUpkU25hWm5oVkJlK0lkWlFuL21HcW5k
Mk1oN3J0K0UxVnJiNlJzCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBpdVV6QUxkaDhz
bXRXNUJ6bTdkWHVYUVFUaHJROE4zMGpiMVRZUE9rOVVJCjNXTFg0aTZLZXE0RWg0
M3BFTy92QzBqaTI2MW02bnkxUTBEYS9GdjhndUkKLT4gc3NoLXJzYSBEUWxFN3cK
bkRrbXZmaysxM0JlQzVkYmY3aWNLR0VlT3dreGJNNnZ4N0NCSjFadU1tS2ZscHVk
Ny9MTWtwb2d0ZnNJNTVZSQpVUmFqTlJzaHBlRzVUeWxTaGpzb0VBNGwxVzI1bGc4
ajUxZ2NUTVpSOTk0QjNKRkNsY1lTNUdQTCt3Tm5PZ3VDCjQ0b3Bha2h0NDBjS1VH
UHlHbEUxYnVYanVBdS9OcWFPb2VGTFEwNEU0WWZEV2pLUWYxaWRDUzJzdGxTZFpp
US8KaWE5SDFuQU5PRjBoRDBVbVQ3c2RWWFNhYUo2TjY1cEFpSi83c2duUFVubytW
aTdZSlJ2OEgyZmNjWnBNeEJRNgpTL2xESER6ZmdSbTVnaXQrazVHSmpVSk9MUE9S
WStCblMxNk9Tc1lFems3bE5zNzYwdHpKMXl3cnJQL2V2WGJlClo1Y2xEZnViUFBJ
YlZER1FqQmUxaFE5VkMwSWVheWx2Nk4zMXd5VzRRR1ZsYnR1bStXSWVRcXRsSisr
aHByQnoKcnZBWlhwRjRUZ0VRQVBMbEtmZG5GNlp4NUpUeEI2dkNnZHZieWhaM2tQ
Y1p2aUgybE9NUzJNYjZMM1FaN3RyVQo1TUJvSTRjQkY1Rm95SExLN1V1dkw4bC8v
SHIvWnpkalVES2JLbGEyQnJDU1psL0VhYzYxK1hBZ3hQRTRncmlGCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgR1BrdTVVNzNPMlBuVVpvL1RhVHN0aklzb0FCMUhRdTZp
YzdZWFVUUVhSbwphWXdFeFlHcXl0M2UzZTdkd0wydlVWOU1GT2ZKa2g5YVhNeEpj
K2FQT0FFCi0+IEFBbSFAdS1ncmVhc2UgKzE+aEs0Ck85U1Yra2FsR0VTVW5LNDRu
MEtlK25hb0p4Z29MRExVakM4aWo1eXRvdmhnU09zWm84bnh4NkUKLS0tIEUreHdo
eTFxSU80Q0lBc1Fab28xdEMrVUpsb1NWdytoa3YwbUM3QVM0bDQKeUu+in8qeaFw
tQRcM/4RNZaA/GVE4WXdDApUt4qaTl4Vd7VxRNE+zJfP3W88IsZS5/AXfKLtdUwE
wQcUouSotWdVnPnhaDkCYFNFHRvdKzKQxN60rn/fUBuc8GMnBWtxW7IPqJD9ahbB
0mw3zJ7BH9qOI7IVSspPueu3IHo6vQgXRiIA/xxJbv3XrJgw7lgmFrCU5AvUsbHz
jbjc3YcfRlHB2XLBdTyosTV3X9LfdY+xIveTmQ==
-----END AGE ENCRYPTED FILE-----

31
secrets/basecamp-client-id.age
View File

@@ -1,31 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBsT3Bq
MUk4Uis4VEFYa3EzQ3RGeVJSakJwUUR1U0xsalNhV1d5M2NkQTBRCnl4a1NpWHNa
REtxd1dCc2pZb2dRTFFiRmM0R2JEMjZwRWpGYXpJTUxid1EKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIEEvYjAxTnV0dUZKWUU0bHRraWhEL0EwNXQrZkNveW5VQ3dxOGx1
N3VwalEKb0FKYjJmdGhPeURDUXBnMGRkN3p1bWJOcUdKdmNvTU5EZWxkVXkrL3dS
WQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgdDcyVC9aQmFnYzlWcUk1OENydXZEa2Fp
akV4ZUhOekw5c0J4R1lRRDhEdwpzR0l3MUljdGszaW9SaDEwNFEzUzZ6R3lqRGNm
cDJlbUk1UDMyanVIalNzCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBFWno4c0l4QXpo
ZzZNMWVLbnpza1dzRktDK293NWI3VFpKUlVDY05SVndnCjlOM3dDT0Y2YXdDS3RB
UDZpRnNCZDd4MHNEcUdId28rZ21rRmRPdU5yelUKLT4gc3NoLXJzYSBEUWxFN3cK
bUZlWUVoSzdEdU42eFF0V1FkTzB0L1hIeWw5OWcyUTkzdXIwS3U4djdJWFQ0ZWFq
dFZvdlA0WHl5c2FOWmNYSgorazJFNUcwdm1od2JOMnl1cDRkOTFwUjRkbTdLc29K
a2FGcHErQUZIdHZGZThjZTU3cVpRYTRlR2NXKzF4QmdQCmxtaS9wK21LYzJJOFM4
anpwTWtrdUsvem1wSUdKUUdQWFpTelhJR0g4QWRjekh0UkIxU0ZDT2ZndHptNWN4
SEwKNzZLY2IvbGRITmh5b1Rnd2NSYTRkZnBxMU1xWHp0LzJ3aE1ldndUMFlUTEtq
TUg1am93eWVuY0NhSFhQV05GRwpiMkpHZ3gzZ0tCUGgya25jOVdHNnVuK1ZuQzV4
NHozaVZiUno1alRpSEpBbHNkcXkwRnNLMm8zbXZLS3Y1MnF5CnR6Uk1VK3FTODlQ
NFhFR1Q1YXJyQVRNR0FwSmJyQjk5cUl5SDNNN0Q5VDlrWkJxZ3Q0Vm5OL0h5a0NG
VDJwbHgKeVovOXp5K1FHd0RIcWZ2Z0RCTzdMbCtzbGpyaHo4RzNKYkQ4dlk4YlBX
WnZEdENNU2VXdTZqdDV1V1pDdkp6WQpaRVZSamlzcVdwNGwyRVpZcjZZMnRVQ2o4
bU5KUnB6YmliWXdsek9oS1RvSUcvY0kzTXZSZTN5OEFWUHVjU0EyCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgQVF5RU0xbHRjc0RIVHpmRWVxczdSVlZZSDczdXF6MzA2
WGdncmZibzZsTQpkRElrc2VTZjZIdmd0YlEvRkhVeGk1b3Vla2lMYmRFdVZxdzB3
TWRRSGhNCi0+IHBdXHc0KWYtZ3JlYXNlIGthCllZenJMa2d3WGJ6L0J6SDQ4RXpl
b3BrTWFZUk1yRUNndHdiWVNjaFFJNDk3WWpaYkNNV3JBMTdRaE5WNjl4ZDEKdjdr
WkZaMHlYR3h2NFZjTUU2T00yNVRuMUxsL09UcmJCTSthWTEzQXU5aWVEWURuCi0t
LSB2VXJ2Mmp3TDZBdDUrZTdhQklqMFUraC9zMEhrc1BYMG5YVzZyVUtLVHVJCkNO
Zdnkf9BzBlANmJu5CD45dAihXKlz7sRIG27Yb0VeDv6zLCI3GgPFeOHRMFMnR9GV
uxxm05ixzAXi8K9Po2d12Xp8cTebSvo=
-----END AGE ENCRYPTED FILE-----

29
secrets/basecamp-client-secret.age
View File

@@ -1,29 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyA0eUFL
VkFLckJIcFNNZWVoaml3Q1BJcTEyYnUvSFNEdG5WdlZmdjNYc0M0CmlXZlRjQVdQ
RXV5UVJUbjU1ZkU4anVXVEpsTG9Pc3MvUTZZN0FacXEzd0UKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIC9ucHAzSSs0eUpuNHpuVlVKa0YrOE5tQ1Y3aWY1a2JuQUJPMXVV
MVpBR28KQWM3bm1odlQ2K0RYdmVPZjIyV1pOS2VkNjE2K3lwdUF4TENNMjVtNisy
awotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgU1BieFpHVDBnUnRDaDEvem0rZHNQMC9B
anV3b3d4blM4aDhDc2xodHZGMAp5Z0NGY0Q5aGpDNzFxTGNyaTVGV1lwZ3I5a0VN
ZG5qYzlwVy9tWTFjbjJRCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyA5a1FFcUUwR3Nk
RzhUcGYvVFNuVFFIcXA2RUhYVGhNb2JWUnRzZ2NzOGlrCkh5ZjN1dE5XNHNVYm1Q
VnlTU21WQ2c1UFZrY3JLWXJWNEV2ZktmajNkcTQKLT4gc3NoLXJzYSBEUWxFN3cK
cDJZRXZTZERhckhvUkJLT1ZaSkt4aFVBVmtXaldndElaa2VLY1h1a0NqeVJxVHpU
RTArWjFtcDgrVzJrU0lrcgpzbHVVMlB0N3VlY1l2MlVXLzRFalJpSEZPZ3lPYzZW
c3RuWk5wVEpTV0hGQllNeGdrSzJwb2d3Z2VtVG1vcG1wCkNhWEhxVXl3WWZSWTVy
MjQrM0x5MWRwSTdpUHlrUEdQQXZneER5dVlZNHlvcmRGdUZ0UlN2TmpUR0hEbFlJ
WWkKeSs3VUduK1g0OXJQcFBwd0RmTmsyYUhYd2ZiVGdUSk9wNXgzd0xianJHNkJX
TDVsWUZ3NDM3NmFUVDgxTllyZQorYkc4eFY0aWY5aFI3ZmthZlYvcmtSRmpkbGsx
TmFSTHVNZy8xY05pQ1FvWE5vSWY4V2dLWFAvaHNpSytITzBwCjJDYXFsYVVqL0ww
aS8xU0k5dnRmRU54a0FnRkJiNkd3RXE0WVRKbm9xVmF2d3B6d2ZYemFPdklCZ1NF
YWhYdXAKNW5jcy9FN21Dek5WeWRSVXJBV0ZhWE5VeDQxTWlITTFRdjlnYlIraFBp
UnhJelR5VFNmU2psSlkxRFA3c05qQwpVSkt0b3JZeGNJb1VJMngwUkE0bHBxZ3Y5
Mkw4L2xoL1pKTGN4cmVsRnlNOE5PVHBXMTJUbElVY29pMXlEdVc4CgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgeThoakE5dWx5NVpnWGwybEY0WkZzcjNFZDlvYUFZVXl1
ekl5RFh3anZGSQpFSDRDQzhxMlBKVllWUlEwRGZWN29iYkVQMlJlLzNoN3p4NGFK
MWNpVXpFCi0+IEdyLWdyZWFzZSAwVkxtUiBlRjFbOSo2IEp+Cit2bFpKNDV6c3U0
Ci0tLSBJR2IzRkZBKzVDUDlhZGFPQjJwYjBycC9DNFF4OUpnU1dvWHBPMTNGODNr
CsCAHIe91MC8JJ2z5inV8EQOyEt/xZks224ofHdSdicQgpqmJzWTROzyehYmiaa5
OEfKKCFIQEjAa+LM+geKj9qnMlvaimy/K+M=
-----END AGE ENCRYPTED FILE-----

BIN
secrets/baserow-env.age
View File

Binary file not shown.

51
secrets/exa-key.age
View File

@@ -1,30 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyB5MGVD -> ssh-ed25519 4NLKrw BJ2iDD2cLf/qP+VxEHz6Y+8GJ4s4I2wP92uBMG2ttQc
VGFBOUwxWnQrZzUyamx0S0JrZWlEeDJEcGdKNEdBYzI3bmJ1RVJZClpJUmlTZm5p Nea+eK5CELL0eBq8+xuT+qDEbPyRzUgjnhDY+Mk8bjA
UVVvN1BtT0xoOGh2N0ZyN3Q5Z0Y2a2RkaUwwVG5KMllDNDAKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA kpzfRai9rtonBkKVpYkD5kSYTsxbpwAliLO6WnyAgx8
MTkgNWt3Y3NBIENTSnBQOXhUUlNmYTZ2eE84TjVyTDlHSFJoSmYvM2lBTHN6TXNM BXG4c2yGwkaXPCkKAiOqrNJknz/tN1jOXmTuj6mJvzA
V2w0MmMKdS8xYi9RTmxHTWw5WWpQRE5kajRsWER5T3VvemJRaG02SEM5MHZQU0hz -> ssh-ed25519 9d4YIQ fRuLFIYDaY7JdtZs9BP4xm7zwDdBYGrzuueuQgS+QWo
VQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgVVR3Tit6aStybW1VRWYvNGZOS0REWWJZ YM65b3HG43cP7EvcbX+WIn76a9I427MaeI0kJm0ZjHA
azhFTUU4MmNtdDZhbTQxWm1TbwpGekJtUWNkWHdWNUh6dUxvSWU1QkRtMlp4RW5k -> ssh-ed25519 3Bcr1w /zGBacmchTtDaaCykhuJkMatDzuo7Hi8iefvnqYDyEg
ZGcwL0pwUzNzM2N6UUlNCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBpWWgyVFY0eVZh bK+aCK8cN7gDqLo15z6BC7WaWA+xXXSjP/eoe3ch71M
U0FQdDQ1ZFV4NFJSNk1rNTd6NjgzVzNMWnozY0tMaFJjClR0YzRCRlRpYXFCTTh3 -> ssh-rsa DQlE7w
SVJ6Y0t5Q0NVV2NDeEVaV1cvcjJpZm5YQU9YM3cKLT4gc3NoLXJzYSBEUWxFN3cK JRj461Gh8JYOykv4J2ce6W+q0y4imNfJgAF8r/1FvIy1VYSpDPtPqX6zIldKZ4Fs
SEtsWHU5UVBaUm1mRlZrK3RUcldXL3d2S1V5T0Rmc2NUSGwyYkVqQ2xaTWZwczZz dcTpL4AFyQHysrLlMeTuOf7+91vWxBAPqMUR4DtEqxrnYKDpDMy6Addonx7ZhmwZ
RVlEdEt3V2UwbURQbmwySgpZWTV5K0d2dzMzeVZmMGR6STV4Q0plNG1NMEJYbFBi gl1dnfx7W9OxGrYZm3YsV5q4lvK1rwzDIswFduOky/kH65SUzdLl5nm8AcSQbKjy
cW1mZlZZNWxEZjNrNzNBUml6YXlsUHhBbE10WFBTYnBNCmpCVjUvYVEvZEkybEZ6 k2jR57/0+z2wmHdxrjY4aEredqTXZNfWRbrX3RQc3xlzka4qajVKAuq4V6EsV3h0
UVdDTzJzdE9XNFJEZ3NUcSswaVZYRC9LYzBoajdyT05DdFdlRGhPaG5wdGtLREQz SjQfRgMTnqMyTxqbURl2L5juZrLSj3UAFvYLi7nLCfKjBeRmezG5zZ58eJPnq3co
Qm4KdTJKWkFQbkhQdml2VEFMYjJsRWhaZzVTTXRrZGgzekRLbXNwRUx2WXZkV0wx A5Dy884MXuciLhc8nDUcTCSJap50P9HlyETq6ptzBV8JAF9TSpxY/gzbMt77VZFb
dkRrQ0J0eG1rRU0xOG5Rbi94aApncXpqRlQwcndkdjlvQTdDNWcwZGVkdDFLV0pP MKf+3gtUIOaXzmzkFp6u90XLN+0n6kM+eJw6PMAPHxHfRDHTtPXE7ZMxRt/TKv1D
eCttSjZNSTMwTVNHOWJlbGx5Y0pQa2crRllpV05qM01TV3AwCmpQV1F5Nys5L2hP Pi/Aqmi5Q9t79TfcNsIT7DcspefCSf4NdTrggxOxo0jmKNw4mdN5SLVqnZ/Ij72R
bGNEZEpXR3BjZ3YwekFNQ1NYSzNmcm1VaS90dkVtQ1Mya1BpSHRONUFucUFjNUFt
WVRLcXMKano3ZFFEVHFxbFAvc2w1bjUxb3hJRkpuU0x6TWpKOUlXd01ST3ZGcnhq --- gwpY8yhU+VJSvw2xbmfKHrp8lJpb/0LuGaFDRIA7ORI
alNvcFlmMCtOM2lMT3ZFaDNiK2RieQpvWGw2NEJuUXlJY1pRcVFJSEg5OWM1Zm5y ¥.ÑÉ®Ÿ ùL,rðRjmÚê<ûo
NVJXTzhoZSs4WHBmUnQzTEVFT0hSZVBYVm1xY0dQdkdQYUtoTWxBCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgQXJnZXRFYWFCL0Zwa004a1FVZzVSQjlsL25TY0ZVVDB2
ZGdHczBmT21XawpmNGkzdFNQb2pHTi9NaWxDam42U0NzUy9DTHV6enROWGVQaFZ0
dnFCZ3VnCi0+IF5baD1wSC1ncmVhc2UgZmFefHsxRmMgIyBebjRGYHAgJGhqTiYl
fApQODJxRTlsUW5QaGd6a2prdXlmNFZycUs3MzNLUVZQdEY1ZTN6dlVjWUp5Y0tO
VFhNM1lDRXVpY1BRRmgxTzRBCkN3Ci0tLSBRQmJaN0IyaFRFNjAzTUlkQVg5Z0M3
bEFtMG1GeWRYenc0Rnh0YU12d09BCuk9nJPaV77UQ/31QCaI9bRuH1kKgVBsgL/K
X5vSWh/tQjaXn1cKGxRW+ioa/IECid7Uu4GuhFlcttAURX80hFZiLyGB2Q==
-----END AGE ENCRYPTED FILE-----

BIN
secrets/ghost-env.age
View File

Binary file not shown.

30
secrets/gitea-runner-token.age
View File

@@ -1,30 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyAwcE5K
Y1I3NG5vbkhmZ0pBZFB4MjhlOHgrdTc5SG9wMkFQUjBtZzFpNjBjCmhPK2VmbCt2
cFBzanBwQjFGRHhrSjlqeFNleGlwNTgxUlFNbmxjVnZVUncKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIGlrUXRuaG1nNy9IWk1KUDNuUVBLU2t2SHNxNFRSL1dOZzRZTS9s
T0JrREkKVUJHQ3NiTzF6L1RjRHlQNUJIS3JiODI1eWJZK0x5ZnRnUW1ZZjhLOHlO
bwotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgZE8wdXFpb1BOcE9ZS2ZSUHFQVVVWQ1h3
Vk5mVWxpT001aVlUeTZyWTEzYwpRY0pSOTFJTEt2dVN0eVBZY1ZMQ2RLZHNPL1o4
Tkw1WEIvemJZODdzTTA4Ci0+IHNzaC1lZDI1NTE5IDNCY3IxdyBlcjFrRlVrTncx
OGxlVlA4blBRKzhCREUwNmpaMnA4ejMzQnZKZnVsVFRVClExTzA5RVkvWXFOTWlJ
c1VzNW5zVHJYNEhTaHgxa0F4R2ZNQnVZSE1tQlUKLT4gc3NoLXJzYSBEUWxFN3cK
RzQrR0RhV3VCRWRVREM3V2QwL2Rob21HQ1JCYUNPWUs1MjBYd1I4Z0RNbFZCQzVD
bThHNDRDNVVZa2pPemUxYwpxbjFIbjQ5UStyaWpJREdLVEc4THpEcEhqeG9MdElF
R1R3RFBWSG95VWRFT0pTK2lRd1p0UzJ1U1NVYm1XT2xjClhQdnhQVHFQRnduSFdW
MnpGY0NOYktPenlQZG9pUnBZNStJWElobTh3RVJnUnJmdDExWnAwWTR1Q2RtSmE0
NTMKNEZ3Z0FFdFAvTkFKVyt2a2Z0VmJrVlpMeGk2QitNMDI0RmQ4TllINUR5L05H
MVR6eDRIaXhUMzdNNVFwcyt4Rgp2N2hSVWNoUGt3SFp3NWowdWxQdmNvSno0emlp
Ui9XVmxPbjgyUFE0WngwTFRhYTRzNUFQWGNiM1AwL1Z5UWtqCmswcGtFVm1xMGZN
M3dQNlZVbU81a3hxNjNPbmIwM3pWRndseU1OQnlHbE9MMGROOURwQURqeUhFVDFn
Z1NUN0cKOU1aMjhHUFdIbHU3MDltWTAySFRqSXN1Ym10eDUzRjFpeTNQdGlobFl1
ZlZKT0FQWVZHZHFKRThvVjFVRVpvQQpRTjE1S1dhSDgwQ1BpcC9OK2VBQ29vT2Nt
OVNwT1pYL2RjbmNmcG92bHg4a3JUUTloMkwwcUg3VjE5cUkxM1hRCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgZkc4bUJoU2kya1NVZzZvRXpOUlg1WlBGQmoyM1laOUFD
VVhmTWZ0MVRuYwpaNVRXbHNrU3orUTVRZDdlMm1jOUFONVBNRVRPOW93MnFMRnhQ
UUJtb0M4Ci0+IGRSZ2NHK3RbLWdyZWFzZSBKI3MgaWhKWQpUd05qemIrUTNIK3VU
ZHlWS3E4cDBHZVpGZHZhVXpBTGFKcHRrOUJFTkEKLS0tIFhSanJDZ2VPbm4xNFAx
YVorSEVKS0pnSUl6QWVna2NkNEJvZnRBS2dMZ0EKeQpsgHF697S5LUJOsIaB+uS9
wLQZ5RlWhuUdugIOEQBkkOOx3+LDRliy2q2iGKAzQrxxlGv6I3K6rb9HoKtbHczI
n6/22k85WIXE560Xog==
-----END AGE ENCRYPTED FILE-----

BIN
secrets/kestra-config.age
View File

Binary file not shown.

BIN
secrets/kestra-env.age
View File

Binary file not shown.

BIN
secrets/littlelink-m3tam3re.age
View File

Binary file not shown.

BIN
secrets/m3tam3re-secrets.age
View File

Binary file not shown.

52
secrets/minio-root-cred.age
View File

@@ -1,31 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBVOXNX -> ssh-ed25519 4NLKrw bgUEh/FVWfivAo6uKPiDHEdmfdpD3br6mIrN4/tu2B8
eG1LSDBrbGRCSTlFZk14TjQ5RVVaYmhLdFdkNUUxQ25ZOG5DVlVvCjgydlZoOVRn Clt8sWlK9pyiCBjq3F+10JlPtKwapENMlhEDYRX2bIM
LzhyRlc4alFYa08wNmpMNmtmZUVOakQ0WFh4aGJHTjRlK0kKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA x3Q+WtnwvaAUbTW1v+2zmAALSlBaYvFNli3hCHi8wxg
MTkgNWt3Y3NBIEFVRFgvUWt5N0VwcWpxeEM0NmEvYUdYUjh3WXlNSFgxd3Vva3RU V1T3gO5eWtxdg/ykaLNESXEZ2MYeWqJUt5L+G6cUIZw
OERsd0kKTFR2VWlxanYvL3BWRXBuekF1czJ3V0cyajhXMkpRcUQ4ME5ZcGxMZFB6 -> ssh-ed25519 9d4YIQ 9KzUEMXjzu/qPc6bdArd+KnY7rwbZ6/CEzM+lwF0C0E
awotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgaGxrYllDdk5RbTVQb1p6c3UwTkJUeDJJ 8KNfU9QYYyufDhHMgLdrSx6jciukaW7t1I+V9p1Y66o
ZTBvOWJwY20wT0srOTlyR2xXcwpSbkNBQUJTWDNBWDFNZDJIREE2NTBQOXJ4Q3NR -> ssh-ed25519 3Bcr1w X8vjb8VCjEI5BJHGWcMJWKwygGvvlVf0BjpijxN2vjM
VEhycDg1eDNjZ1hMV0ZBCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBzTUl1aFU3OFVk dslcuK2/dWB8XB5oYycjcv6evB2c2gcrsXQga44m7Rk
ZysreUtUVm5xc3FxaC9BK0JkdTVNeWJlcFd4Rkk1SlhvClNPd0xubHdhN3Y1QVo1 -> ssh-rsa DQlE7w
akNKVGtjTldxYnZiM0cyZkNpZG9yaUNHeTNHMmcKLT4gc3NoLXJzYSBEUWxFN3cK rGLyz1BUE4mMXUiBrpvJkcfHFw6CJKVvqn+6PK3dJ913miQJvPDvAJAzmYb4GPaT
aUJ4U2FYWDBkb1RYV2UzeFUvTW9VRWpka3BFVG5rbDRHKzRiRURYcTJLeWp4UFhK bRy3Igeh+P59OWWVXIdW5V3jZkUdOmkzU8J0+XW+mA7GkuuYgY9DddKwBRsuhZLL
NVNGbUdzcGUxblcyUzNsUAo2aU1nWC9TVm5lRjNKNzEwT2dmb2xhekdmcXVZdGxt aQJghfobOd5fGEJyU1JmHJE/fD2qaQjspvBr1SgWkTfFGguRR3DBXWEocMW9ggDR
Vmxjbk9Ob1FBcXZWUVQ0THptNmh4STJzeVd2b29KOVJSCkN5ZlFqc2tmbmhUWi9v gLrt/exLJz6IVN8oZ7jZ1lNL2xETZtsFckCWZPqgH696DaeOq00Zm2SDIiP4WfyR
OXIzQ3RHN0lENDBacWE3SjQxc0lSUWtKbXkyVEhYM2RXWG8ySG5sOFl6d05CQXNT yssym4yNtDnmkGGgowr53G0yNDgz0mOHvKsAaVXTYKHUZn6EbWm3YzfSjf93K5YT
VWoKbW1URHlqV2k0bUlLcmZIRUxzaUp1YUR2OTlFaGpsVkIzYlZKUnFZQ0ErcnRO sDowkgLVpgaGlbpuNV5QTo4bRxR5E0Nxt48Fz3bqqZ2dhMFK0+jNokeXDS1aoMbM
WDdCMUM0ZERhY3d5N1g2Qi9EKwpqc3VqU0xudFovaG5mbm4wMVFIVGJTd0EwZm1u QItR+fyRgfv65krMnYVNflMBedbp9wUpDrePLOkvu3U6gYOSc2yXr+/WPABJkcMD
SVR3VWM5TjU0bE9SWUR5UEFGdXhDRjdZY2d3YzkzTjhEdTYzClJ5V2JZcTBnMmt5 SFcgmmUN52zOJk//innJF6lEw38WQXrvWpVtR/rs8YAzsyU4PomD7x1jKrvyvlpJ
YWMraURJSmZUbTM1cmlzc09mMzlGOXRteTZsN1IwZzd0T1Yvd25mamh3R0I2czU5
VitRdTcKeC9TSUFjb00rVTB5a3hrWmF5L2hueFlyc1Z2M3l2OE0zc2VkeWZjK3VR --- /jB268IK9QX/iUEBxzb94wU2LlPT7bl9D9dMbykMaQs
ZDhnRG0raVM4NzN4ZWJrUjYvRXoxbQpnOWNXWVVVR3NxeldJWjRBNG5QejRtWit1 PjÙdW!£êcJØ9ûÅ.µ‚Ùóî±<5æ,t¦•Ž ;2÷UžüØþ©e¡õ¥ÿm„!÷
eCtUd2RzSXpMaTJ5QjI5Y0JNVUtDTjJDcW5neTdBZG5vdEJNMmZPCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgOXRvR25JdDBvWU5ySXN6V3k2eDcwd1JYMjdjRkpoRkEy
YmpyQ0E5bEpESQpSM2sxak1xazgxSzlZR0V3RlBPVTZ5SEx4dzB2NVJmdTFKZDE5
OVR6TXhvCi0+IEYtZ3JlYXNlIDIgPS4gZyhOfGpDLgpEZm45TWNCRlJKUm01THVl
YjN3VVYva1pLYTIrUDcyUTZabWw2N2lmNlVnL1cyNGlMeWtUU0J3SDFPTmxwdXh1
CnhsOFBjS01qTDYvRlE1eDI3QW5NQ3VVCi0tLSBMUnlNUE5ITUM3RnFkRE0vTVBS
SXp4L0VZQms4WEpERE5CVnVidHoyU01FCgN2/Wgb0rxsPsiGAFb7lphaW2QMZ8UH
C0Ab8vLqqCcjeNNyU1AyH8MG0z3s1BatdpD+XTGMGG1c3poOJ6zhsSWG4W2Td/aD
+vTc8es14IYJ8irM0q6E7sJ2xXxNKo1rpwZr
-----END AGE ENCRYPTED FILE-----

BIN
secrets/n8n-env.age
View File

Binary file not shown.

31
secrets/netbird-auth-secret.age
View File

@@ -1,31 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyA5czE0
YUFkZmJiUjRXVVRlTHFkTkhrVFBnMklpbStSS2lvTjFWeldVS2drCmgvc3B0dmlK
Q1FiTmtUckNHSmE5RnR2dmowZEx4WkJSNGpVU05FMnYxUFEKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIHk2SDd1ZUNSS0cwckp5dy8yN21ESUxGSGJNTWpORzF1T3lXRHov
cTIrQkkKZi9CSXlCeEE4V0xBdTRDUG44WUdHZ2QvZ1NqNi9JOUVVNURhZHFCKysv
RQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgam5Nb1ZEWGNxUWZnUWk1a20xcDRUSXE2
Zi9GbjVTUE93b0pUenErcjVESQpBbUdFZzBMYlhDUmFSVnZOamYvT2JUZGJjc1Q4
MVBSdU9jaktRczhQSmh3Ci0+IHNzaC1lZDI1NTE5IDNCY3IxdyByRzBJUXZxQWlj
Y0NoZE5OMC93eUlubkR0K0hiR1A2Z0dYNTlSbHRXcGcwCjVWbkQ4bnRPQ2IvN2Z1
Q3lKUGVyVUNjcDhUazRQU1ZORDdLNlRTWXAzTW8KLT4gc3NoLXJzYSBEUWxFN3cK
SnNBNnlDeFlGZzBxbUVmSlZ6RTFJWHRJTkZ2R3p4MDdrUE9YTUY5ZFhVTWRDZG9M
bmJabmFMV0RDbUw3eDJRbQp0eFJEaEVuZXAxTXNESlFncjBSdC8yM2dyamZQdXlr
eUhNMEM0NjFSeFNLdW1NMVZ1bjJvSmFQSEY4NzZaTGtzCkxndVdwb0Yyb0FxWFNX
cU1jMXFEKzFOdXpwdEFqY25oc3VPbVV1SlhDSW5EcHcxVEoxR3Y1b256RFRpaGNC
NzcKanJ6bmFmVncrVGxuSnpMOVNoYXBWbWtMbFdDQ0dOUU5GZDhTZi9pMkkzSUdY
T1B3b0hRZ3dsR3orL1hQbTQ2UwpTdGkvRC9UUjFncjN6TXZkbmkzK2ZwOCthY2ll
T1gxemt1RHo3Y0JsV25hdTlLVm85MDdneVoxa1E1Y1A0aExTCjludHdvNDRGS0Ni
d0pXZDZXcHdZcnV0RDFJTTNXWlZWeWIxYVFGM2VHTWtyVk4wdTlwczIveG14SWJJ
L3RWSE0KQ096VWNuV05Ub2tmK3VGZ3pGV2t1NEMwSmNzSGYxd0tMNzh2Z0E0UVU1
Z1VhS3h2VTB6eGpFaXdSc3kwQXJhSApTWFIxUVNOOWhUNVpHT1VSV1FHZUk0Mk1k
a1B4U0UyaTVBK1FyckRBSHV0ZmxFVXhScm1lYTQwWXlBb1B2WXptCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgMFJnVGVtSnNxcURBNUxsMzV0M2VhT1dmS2xaOTBpS21C
emM5blZrVzJqVQo0UXNTYys4TUd2RUEvcUI5enp3WmlWTFBnTTA4b09oVUE2Z2Qr
TnVSK0ZBCi0+IFJOMEIzXXEtZ3JlYXNlClFGMXJpcTN5dks0L3pzUzQzcDh2OUwx
U0VPMTc5bG41c0hGUTJLNmtrL0EyWW80L29tS0EydkQySG1sTDNOVFgKbzdWTURO
Yy9UWS81T3NudTZGTmsyc1pOK3hJRmdFR0RoT21XSVp1Y3VhTkFTQ1A4c0NUWUxs
M1luNmJBR09MWgpGa0JlCi0tLSB0TjlpK2lZU1pZSEJodmFqeWVYK2lTTGJmZWVt
UG1BRld0ajlmdTJCUllJCqVpsdjXomzGNO7FJZSQYfMBTafn1twocRQOh0GoFH7B
dVqgO1AKbR/qBskLwv9VhwVjcF5lcd4eMKV7GesllD0UOh7gSy82LS8rqsyg
-----END AGE ENCRYPTED FILE-----

40
secrets/netbird-dashboard-env.age
View File

@@ -1,40 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBSZUxm
V2ZMdVJjM0s2UUdOM1JmVDlhYnkwc3doRGJJaUxYKzhIUFgrQVQ4CnlTc1NjMzVS
SW5yRWtneUxsZjNXdTFoWUxsdlVpZHB6aTNyaTYrZGZHUlEKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIERqK3ZYcTVhU2VmemlQWm14ZWR6Q1gzeXlxVkFhM2tmd0N2djR5
NkN2QzgKNG9rVUEvc3dLL2FQUkM0L0h4c1NYR09nWHY1Tjl2WHB2UUFQMnlHZnVL
OAotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgTWh2ek5RVEgzOEJaSXRWR1pyZU1FZndu
Z2lYUm9vdXJhMGxqVmJ2a25HTQpoL1hKK09wRjJXd2hXa01nRFkzeFhoQ2tvMk9K
dnRycFFHR3M1RDhoa05vCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBRQTArdVhtRzh0
dXdET0ZxcW9WVE85ZWd5R3A5a1NIRzh5cWJSVFlUUlJjClJrREVyZi9FN1dvcXBE
TTZSV3gxcko2d2NVMFJIQmZMcXJpWXVEODJwdGsKLT4gc3NoLXJzYSBEUWxFN3cK
VW5CNm14aitjK3dMblRteXMyeFYwYU1kK3BoTW1BNlc5U3hKMXFtbFJXSTdWSVln
R21CTE1pZ1hhRVBkU09FVwpoL2tqem5ObUJhZ3B0RlM3aGZmWDFoTUdvY01zYXN0
Q0o2bndZQnBNZXpDd0tiMlhtUEg4MXp5ZWZ1NE4rWFNyCnd1eXVKblJjZzZvNDA1
K2pBbTZUa2hCcDZKcW8zOEp5U1cwTHZ3SWZlaXp4UFNidWpMN0ZRRE42N3o4czFD
TjcKZHR5R2tpZ3dYN2c2QVEyZU8zQmY2a1ZvSCtBZ3RiMldUVmQyYk9iNTBpamtQ
dGtUN2QrdmMvU2psRU9TL25oVQpNY21GUDJCdnVtOTJYbHp1MTJ1V2VvNlR2bDRJ
VnpFTUEyVFRpQ1ltMkpVRjhoQldYeHJ6bmNSQmY2Z29DVXpuCklsUkVud0IxMVk5
b0Q0TGZSU3NqZWsxS3JhQlhrTzZ0Z0FRczIvNDhqREsvbU5UNjhEZG1GQ1pHTm5i
RWhFOHcKWlA3ejg2dmhCTlRpdEZtQWNYTktqYjduRUdDWFBFWWZyeDB3UXNCVXpM
UDd1L3VFTGloRjZKZnVUL1VkWVZsMApYNHhpT2M2aEN2bTVIOTNDZkdmYU0wL1JT
aVFSU3V0dVBGY245WE8yY20vSXRoU0RrTTV6VkliYVF6ejQ1K2g3CgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgUE1HVTFsZTg2UUd4ejB2VGp2MzB3c3YwSG8yOG85MzFx
SXdIckdTdy9odwpJYmtsc0J2dnlIWFFoQWljLy9yUGVMcnhpQlBmd3doRFEwNXJO
RVpaNE1FCi0+IEprSC1ncmVhc2UgNnJcZzssblUgKzlJCkRLZmhmZlhVZ1k4WE0z
eUJTRzFDeWp3VEVheUhnUmt4dTBOZmorM2VMSENJbmxoV2R0QVFORXZUQ2lmRVhQ
bFkKd0lhY1JNMmFFYTJ6QzI0WWNKK25MWUh4QlFFclJBV2pqT3NnWVdQdEVrVQot
LS0gN0VYajJBRGVDM1h6RGsvajZHbU5FNWlTMmR3dEcxc1h2dTlIanIwQUdVVQpn
NKFJ2fxJEwLS71oPYhLJxN8fedFcOAuXCqxTKfa6MK40Kcs/9IV6nmgaA7XQLRfR
aMXlWuay1karZlojoZKPHIRduYEc0GbFS+0mYE+RsSHzn/enxuTcvE36pkQg0bsV
BKyXaWnXKMWRSfNNt8Wb7+54B4Y40qGLGLDWBBxiPhNe4ys0Hjq6PESb1ghuBiGh
wa8rUASELYeMzyiGNI3yA9zP5pdk7YxqsjEx37egLe3unmSjzKY0z9+eJK3bRk/e
emI3KGtIdb1QnhPg+1BaHiqe4u0v0DwD/JbUhzB+DBuD0iLMUQ+jHhX84x0b6MGN
mzK4yTFEkOZVHLc670dnF/Ye3L4DwFVCzx7jqq8Ci3wy9yNev9D+uDMypO9PMqXZ
dfREOVrj5gGMKaNM6hOCw7IsAk7UeZfVCJLXbS7mZAkxhHyomKzeLzvnsUCMAEOE
TEuglM/dWVMG9UJ1tHQ7L8W0+cgA0Pmj+9QffeM85aub5+31bWMkaecuvIjOJbNA
jTXblFB4MV07+jDeCDf8Pxatd0zzL5qshXsejSjYC7ywZ56eJxi/yFJLkiS7Q2Uc
6SnR2S8C1T+KTIZLlU9rHZMqqHoeF69eGa5CeAEg3Rrp4MBQEGaqhYoaOWbjOL5B
JVaHvaePhoEG
-----END AGE ENCRYPTED FILE-----

29
secrets/netbird-db-password.age
View File

@@ -1,29 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBmQUFK
MFR6Z1JTK2dER3hPMmlQeGRBTjBjT3dMbFozeTNvZkhrM0JKTW1NCkcvU3BLWnR3
cWVSenNnWkJBREQ2enp5ZngrRStnQlpvOWlScWtxUVVIV1EKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIEpROXJYZU9BVURFenQzZERsd1l5MnRHOHdaSFV2V2dHZnRPbHky
eVZ5Qk0KYjBtY0lJSUhaRWlYN2FKNHV5MCtzWkdhd0ErdG8wNmc4V2F4ZGMvK2Z2
RQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgZXp4YWxGbmd3SG5RL1JPRzc0ZEcyUTZK
TlVGTi93c1FscGVhTG9qYjZUQQpRTFovcHFwOTQzcERuaGwvczJnVkZNWmUrSEt0
L05OK25Zb3VpMTY4SG5ZCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyB0OHAwNVp2M3c1
a29QUkFBcHZxZVhoaVFUNXpndktCUzlON1N1TWJ1R1NnCmtsMDhuc21XdWh1U2kw
dTdvV3pNbW5GSFNLaTlpcW5sa203SW90SkptejgKLT4gc3NoLXJzYSBEUWxFN3cK
ZGNtZ1lqSHcySGQzbkE5UE1ieGNvczArdnJsY3JPOHErNXZwV0E1ZkRHbTFVMmJ2
bFpzaFkrS0dmWlp4QXlaYgpUSjcxNE11Tm9YQmpPSWhQU3FlYy9yMW8xUGdkYjVG
SDVoUUtHMlk3MVErc2JBRVRtS0pyTlorNk9aVUNZSno2CnJmYlhlL3UzWXpiNnpk
UnZIZHMyNkdBQlJ2akdDcURYWUxBNm1mMFV1dXJYUWQzR3VrVXZIenRtd3gyQjdw
RlIKYlJMVUt6ZEdKdUN3ME96UDN5d1MvbDQycklNZXJLZllJZThOSmZaQ2EvZFF1
RHNSOExsQ1hLcUxKamRSOElDcgprY2treWJxYnJnNVJFejhtMUlJdzZYTEF0OHpY
eGI1VEtWcU5CTTlUME9RN0hXTXRsZE5kWFJQZDV4d1B4OXc1CkxLYm5qaVJMMFNL
bUU5YlEzazJOb1U5MnJjdldFSC9iak1tRTk4a2Q2MXpKMGN6UG16WEp0Z2RCNytV
KzNtbkoKRGt4MDd2ZGxkc0M4c2lmbVBpZVYwNDI0Q05oWTFWQ3ZqMVRDbnNFcHM4
NjJCOW0wYW01MUwwVU16bHp6WGg2MgpnMXREWHNoSm9kbWZQZDRFS2paUm5ibTI3
UFBxaXhsY0pPYnZ1WWhuUFhrMllIbE5ua3dxYkkrNFB5S29DTFZ5CgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgQ3NhNHJuQXVoVUt1TDhDQVFtWEJhS0VxbFFablV4V1hF
WGtuaStCMDNpWQozU25UQndsa29xMWFOTXFlNzdNd1Jxd2tzbjcvTG43bGlWYmda
TFRVQVZjCi0+IClzUy1ncmVhc2UgISAyOz9mQz9WeyB8NWp9N2oKL1oyMlRBY0JM
Vk1UcTRqQ1ZCVHZ0TC9zQWs3eFdkZHhHekkKLS0tIEpiRi9naXFBQ0U4U1JwdUlB
OHRDNlVBYWJObnBYeXZibjVLbDdiYlNKREkKXE0A0Ikjrggw+RQhdQWwUK/lajMI
9FcD58IL5PUrx6Sx7BokDbFXr5JJOY+rQs8=
-----END AGE ENCRYPTED FILE-----

31
secrets/netbird-encryption-key.age
View File

@@ -1,31 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBXOEtX
YlBXaGZrTDRMSFpHbExhZGl6b2hGRVptbk1OU0JhS3JhUDBhdGdBCndpMGRNOG5i
d3dGUkpEM2pwTGswS2pYR1RTZ3NHTVJjSnpxOXB4VlZ0c2sKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIFFvWjA3dzdKU2hQY25WU0R5V3U5MkZPNFZ5WXNzQ2VxUnZtc2dY
QXpqbk0KV1dleDhhUGhBaytST3ovMm5CNWFkcGx0SnpCTm1MUW50RTh2a2x0UTR6
TQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgZVBkT1N0aGUvYTZVaEpnNlhmY01NYjlS
WUpkUWorbUhva2pSYzZUQ2hoMApUcVNYcExtejhpeXRabVY5U3lsMk9MelJIdjMr
aDBGN0k3aml2Q1l0ckg4Ci0+IHNzaC1lZDI1NTE5IDNCY3IxdyBaYk52c0VQUFVD
emFIcG5IWEk4SzdmeWJzZy8wMkY2SHM1d0JBUjNzaGdZCnR3Skh5eXE5ZVRIeXNO
TW93N3FtTVFLTzFJblFpeVlqR0pWd3lwSCtBTVEKLT4gc3NoLXJzYSBEUWxFN3cK
cVVaODhZRzgyKzBoQVZKT0RhTmh3R3M5eHJzVElINWZ1QmhiU3dMaW1zYlQ1UDFH
YWhLTGF3aWxwclJidGtUMApwUnVRRnEyY3ZUUDExb3RNdXRHR3cxWEVyajUvdHFD
VkMydkFxMmJwYjViQUZXWXdCWW4rK3RzWWttamFMclRFCmxHTlVBMGxzajJRY1Fm
LzVRME1sZjgwSnBsZzlZOW8zNGNxWDdmdTZqaE53bU1WRWYyK3UzT2x0bEc0RWVO
bkoKTW1qUlVMQkdvY0Z1WVNMZ0NDVkNvNFZZbUZ6UFNVcHh6ZjVkckgveVFWc2xk
NXhlVnpZMDcyV2d4eUh4OFlPQwphWjQ2RHZKUjNwRjZWTXVmTXl2MHE2OWFDNVhR
RjdzbEZwOU1Qb0gzQVA3dlFEbjcwY1JnNVZFdHNxdWdsaDU1CmdhS1NsbHRFOU02
cXRjeW9tanRmeFI1TVJ2QnRsYTd5d2dPeEJKZ2RsbGY0RXRDWXplN0E4OHp6MkMy
a2JZRzkKTFIveEkybzlKMjdaUDE4VWNFZlZqbmNGMENIdVM1RGMvRnlPQlMzdWcy
eHBRc3B5WVlXK0M3MkswNmswaFBHSApqY2g3cmxLVDRlb3FkUzVBSGRoekJlVlBj
UHE1QVYvM0hTeTYwd29XV1JZc00ySXgzeElNa2V5QnJJekdJc2UrCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgMldyS0p3SlB3ODJnNmE5Yi9BK1kyZHNoS3JraGxHZDlM
djlrMGlteExDYwp4OGI5REJjZ0V5b1Foc3ZLTWEvRFBkK2Y2OEEzU3ZKUVgrTnpj
bXVPbGxNCi0+IDIuLWdyZWFzZSBvJy5MRyFsUwp5Y1FoZzQvZGM2ZTlKWlcyVHJo
TGxwMmo1dkVNYW1abFJlckxMM2FMSnNKcVpJb2p6R3Yyc2dHQUhRUUpldGd2ClU2
RWNocW14SThFV0MyUWZLWHM0VG5RejFmM3c1V1lzUDRxUGFjRGRMTXorZGlYdWlp
dmFMbHg3Ci0tLSBCc3Y3WHZiZDRIU0FjM0lEN0p4eG4xTTlPeUtpVDJhb1ZTQVps
N0NlR2x3CjTFZbgGgHvPtO2GvG9spzW0aZ/JqM2NB3k61s0DowyUCLo6t7FjBMHB
j4A3bLf9aVbqD7AD9BK6QAz8aQe10PuAWdd9zqd3EPF8bZNe
-----END AGE ENCRYPTED FILE-----

32
secrets/netbird-proxy-env.age
View File

@@ -1,32 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBOcU5W
QnZVZXRnQ04zckRJQ00vU3c5eFVjSkNQNFVuSW1XU1E5OU5lRkdnCjdHQk5oSElz
bCtVVWdyalcvR09ieGpFSCtOUStVdEJqRWU0R1BCZnJCa2MKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIHVaWENvOHp3b3lxS3ZvaU9IL3R3NUI4cUFTZ016U1JMYUJtT2Jt
L2g5aVUKVmhuTnVlTWExZWpTNUVqMSttc0MxQk9zRDFBdlhhYnVwVzhRTXNQVHRy
MAotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgSUNLR21DemQ1TXZ0ejF5WWh3L0xCbGwv
bVBndGlwbEdSYUQ5dS9sblppNApTZTd0MGJON2FtaWZJZXpFWlZPSUZaU0xEUVdQ
VEJWWWNnVmRTVTdpRmRvCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBtdXFVa0IvaGVY
ZGNyRVNENThWVXdTaTJmSXY4OG5OTmhtYkJOelpPbFJRClp1UXJMSzBMMzlkMlVp
T3RGc0VtWXUxc1BvS1lyd1VQem96SktQRE40NU0KLT4gc3NoLXJzYSBEUWxFN3cK
clFleXkyME1XMytOYi9LY0RCNjdPOUZaUVJqUmVyK0NwdytKaTN5cC81N2NBQUtR
N2l0VCtRK3FtcEhrcU5pMAo2bmh3Nm1rN3Z5VGdyUHhScWE2WUJ6YXdPZE91TG5z
NnQ5NG8zb1NEZjVZUm5QUDc1TmdlZ1RBOVZhSG13Wmo3Ck1RUnQ3Rk1Da2VTSGth
bWNvdUpQNTNLMFcxMlFmNERGNEtjRGhCc3c4Z1ZiNGpKZkREY2VlaXMyZXRaQ2NQ
cUsKYUFjSkRMUGZuLzdNVmNob1QxYjJsb0gxZmFob3Q2T3BhbzZRbzZZVTZJUURF
YUkwK2FWZnYvbFJ2YXJ2bW8zegphM1luNlVXRUFSVWEwN3pmK1ZzZGxGYkxHVEta
YVZSOVF4V0VJVWNYRm5aSDNHVnVwc3JCZW9RVmtxTjBJZFlzCmJXbFdPM1Q0bThj
cXplQWhocGRRLzRCL0ZWRndxZzdQai9jRlR2U2FwanNJUTM5Q25IaXc4cDVXeXlq
b1BwYVEKM0t1dUxDSXFMbW1wd0Z4VGxxMFRXWmd1QUVsWTRCbFBZSXhGMWxKN1JO
Qmorb0hnckptdkhKVUNNdWR5anhtRAo4TmdwTzltMmQrd2FxRG1IQVpZcmc2VlFm
Nk9aMEtsYTl4L0tyTk1NSzlsRit1UC9WNk5VQ1YzcnFHMG9GYnliCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgUXZ2bUpQL0JOWXNJdHdiNzlPbHhQUWJ5TkxocU02ckpH
VFBDSXMvd0R4VQpsWFZvdjFObkIwZlE4Q0g5eWJySUcwdUg1V2N0c1Rxc2MyVEpH
MmJodjFjCi0+IHBiaG43LWdyZWFzZSBRZFQ4O1UKOFZ2aWpwbHRtc0daMDVHREUr
RWp6K3JlbmJxL0l2dXVCd0pYR2wwRnBIbnBIdWJkN1VGQWJwaEMyZ1hyUXBVbQo4
c1B0Nngzc2t3ZjlueHZnaHhCZnBWK0pzNWxRaitZcjhVWW1maGJ4K3dBU2V3ZVFi
UkNVQ1VpK3hlQU05RnlpCkdBCi0tLSBSazBRS1F4YkJlMTVTejhIY0k1S2wvVkl6
YjJmQmc0RjhxSnd4UmErUUJrCgEDmxWBtnorNPAFQLGAiW1WEuKPhH+pDJuwcD2N
Ez+2PF3281HyF25y529S4NGXi9NMGdbLHosc0bMbtiDHAaEzfBq/oCSGZwUZSH41
XT0orh6e99GMo5I=
-----END AGE ENCRYPTED FILE-----

32
secrets/netbird-server-env.age
View File

@@ -1,32 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBJank4
cGVYZmNPVHVZQ1ViczBBQ2hIZG9SNG5uY2pTd0U5MElCdWhjZ2g0CllzSmVETDc0
aHRmOTV2VCs2aVA1WUVVVlhlOHRCdjVtZGNaSG56dG0yUVUKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIGI3ekxmdkpRYlZuK3dlL2Y3QUppY01qUVBmSDl5ZHE1NENyRlhW
QU45blkKSVpCT2p4UjU5My9mM2J3eGNyQzZWUnJoSXJWSFhvMFZBQ1ZrUGNINE45
awotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgUXpib3BTcEtjZXFxeEZYSHFFS2QxcXFa
THZIOENFZU5naWx3THNXVUdUbwpxR1hkUldMZVdObkNqSUhuSGhoS0hycjVOdmM5
MDNkNy9lMmpIamlpRTd3Ci0+IHNzaC1lZDI1NTE5IDNCY3IxdyA2a2owUWRsRFhL
VTVYcjJaMElYdm5mSnl3WHRyZU1SWVluMTJpcUczN1JrCmxhQU9pZUpXVDM5bWgy
VS9VZG5EU0VCakw2eEhBY1ZTbHY4RXgwTzRibFUKLT4gc3NoLXJzYSBEUWxFN3cK
VWlnc2M5WHBkWEgwSWtkNUkwZTJNSENMUDBkaGlmT2MwVjE5aDhCclQwYVpxcmpK
ZklMZ3hVZnpxc2NtbDlnVApJYks1STRzUzk4c2F1LyszdnVwUDRnNmZZQW9Qd0kz
cjdPQzZJTE4zQzVtcGJaaWdOd1NSKzgwOWlOZ3hhQWI0ClRoaGV3RXNoQklFZU9H
Q0NpV1NQbnBkV0d2WmJKNDJWZzBhZEFIdzVkeDFPbk5TRnR6NDZYZHpuZVFSTTRz
VzMKMGFZMlI3VlY4UTlPSkNtcm1HcTZBRkhJYWtOVUhsMjUyUi9XVXEyUlF1d3g3
YWZXQkdRd09JSWpKMld5U3N5OApuL2c3eGR1OWttMjRVWXFmL0NPajNRVE9lOHhG
MFlHRUlZcThkeFJkdWczbDhMZWhZa1hrOWpDMU4vSzlaaVF4ClhRZTVES2JhcGhl
SFlBT1hyRjNuRmdQM1NIK2tXcEFucURJZWVNb09ZakMrZEhLMHVTMDllbVRKVWx3
MHNFTXcKc0dEb3R1TXFaVWpnV3h1aVZSTUdJQ2t2N1dTSGNMa04vUnE5M2NKTW1y
ajJTS2c2eWRDelQ3WTlIaVAwRGNUTQpzT1BWcG82eW9VR1lqZ0kwSXFsNkxVTWF1
elQ1SFBEaWo2Z3BTZGNMWmEreTBjNjJxcWptdTA5S0ZTRnJUUGh6CgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgdkhReFZCWVIyMVZlc3czS3ZOckErREtxQlNUOG1SVXlZ
UXRya3N0ak1uRQpNSWI2eURrdElUc2Q5Mk9UNk5rU1JVQWg4U09kVm1ZaVZhQlhx
cnkwU3gwCi0+IEBxLWdyZWFzZSBcYDssYEEqIEk3X1tKaSspCnBpRzdVTEdnTUtl
TFJEcXRad0p3WElWNTZmdUM5WUkrSVd0SWhPL0NTRjdubXFXQnA3ZjlpZzRwYklz
Njc2OUMKcnVmeTdKNlhUZWt5U0dNQWw5bC9KdwotLS0gY3NmaEFUaW04bjlCYUla
eUFiQ3pXdUkvS2RqR1p5dlpJeHpjdkg3enVNMArtP6Q0zNE7GmNslMNC+jVr0fHy
hPpDQaVsZEzCyKo79FvFRtHikuLOPUd4WA9Gp7Ggpw4zuCvKmcWEenigDRNuMljT
Ny46zYxx4iQvkCBlID4a2XaeYY3WYZEzb8F4QHU9hTT3Zzp6nz2x7WV7LZtoHfYK
948qYA/q8OlWRrGGM5gdLGyoBv3m
-----END AGE ENCRYPTED FILE-----

31
secrets/outline-key.age
View File

@@ -1,31 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBRRFRK
WnI0bWFxY1ZXdkpsaldRSUpNeTBobzhCRWpGMWRCTHAvRVA3UWc0CjloVmVJWUls
ekF0cmNCVGxMbHo5WUFIZ0ljdUNZWi9Lamc1OW1xM0NrMGsKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIElwMW8rOEVISEVKVGJYSnJHc0RPeTE2YmFqUGxXVlg3cDdMNXJh
aE93aTgKR2Rwa0d5cjZYRTN2SllFOFBENXE0VlZYTTVjbUFnUzlpMGs3Ui9xVU12
TQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgZTFmZkFOSkpFQm1FYmozbTQwaTN3ejdq
WUVHbHNsd2FOL2x6akg3enFoWQpFbkJKZmQxQjhZZHBJeTE0bzR0bktvN3JMVk5F
M2NoMVFWckhZaTE0eGFRCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBMbkR2cTVMbFpL
enY5eGo1d1c5UWo1MHRKMDNRa1IwZ3Z5VVZZZ2ZobUFNCmx5V3ZhMVNMZTZEWFlB
YTREbE5LeGozY1YwcXJmK1oweHZ4aEEvQWNMWlkKLT4gc3NoLXJzYSBEUWxFN3cK
ZWdZTE92N3hrU09sSFJkVEpOcUs0VEtUNGN0bi9NMWlmb1N0T0pKSlZKK01WMmJX
MjRDQnpEZVVjL1YyenRLagpqU2R1Y0JnT202dWNDdG81VXpUbE1hVlM0UmZvR2hT
Ukt2d20yQ1hJWlVQWXpXK2llMXZYWURUaUR1OU1xNGN5CkM5R2F4TDhPRzdSemd3
U0VQcll6V1B0a2FXZVlVbjNOK3dhbE5ieEhKaGhDTTFic0VGdGsxeXErYjYxMUZD
R1oKZm01MllwQlA2Wm00MGJFTDYzSFpOb0ZSaWVDcVh0YURSRFVwQ0I3MEZuSS9L
TW1nUDFEVmNZMUU4THoyazBLYgo1bXlIY3VzUlA4UEpsbnhuSE9sNWtuZmk0MlB4
dDRJUWxqNWlZTHl1U3loOW52RGYyaTlzNHRPblRFMkhpeVgxClR3cVJhRFNhMjVW
NFdQcDRmNlFmejZLYXRvUWx1allhNnI4L2VRVDNLSTU4MFlWclg5cFd2TFkwY1hz
b1NGYlIKVXozS1hEQlZuMzZJd0JkSDZFdURpa0lxS0c1RGJuTzR6SlBBcDd5S0dl
ajNIQXF3dUJkZUtBbU1lSkpHVTF5MgozYlhlK0V2bGpweEUvU20yWHdMejdyd3FN
NEt3ZVNwM3pLbkpqbTNNbjdaaFAxcTJGQ0I0NVVmR0pBYzdxdW91CgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgMGhMSTBuci9GVTUrOWVRZTZDREU4U3JDcmlDZzlkWklm
TnlPMGFOc0dqbwpmL2pwYUhWSVZHK0ZhMy93amJIeWovdkFKNjk2UUNucjYwTHc1
RjJrMHc4Ci0+IH1LLWdyZWFzZSBUMyBnPGJ0a2EgLz1qMFsgay8KUFZaNkRhbDFZ
V0NrOHY1VDZIUWwxTmozZHlRZkJCRktySlZKbllYSVhablhRTlF5cC8zY3VRVU5o
eDRET0V3cgpQMlE4MmprVkVlRWUKLS0tIEdPbnJWZElBSkx3R0JCcW1YNnVqUXhn
UUdTcDJ1UjNZWmt1QzhTUkhXTHcK0Lq5VAIe+/28uSWpeUK/vupdV9XUGCJc4iDA
1fbi1NfgUoTAVPEhygN8IC2uM2Q02MjHQckKGeeOylizn2ofGS4M/W5F2oDEL40l
pVBh
-----END AGE ENCRYPTED FILE-----

52
secrets/paperless-key.age
View File

@@ -1,31 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyArRkZv -> ssh-ed25519 4NLKrw +gTzzublNrJqte2A+JoeQ7pm8AbvHHFpEkvKDgKnrQE
L1E5bmRYejBzWGZ4bVo2ajMzTmxRU0lld1NHdVlHdkwwV2tYMFh3CnNxbGtuM3Bt TXRy2FHd4f6/QHgrayNBLYnL7R7fRi8oQCg/1SovnDQ
YWJaMXJPaEJTK0RleWhCWXVnUFR2R0VwekRkem1Ea3BDT3MKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA zlGTm4IOhoSWSU0GjRq6deElKp+Oa7blT7lD5zTW8gI
MTkgNWt3Y3NBIHU0Y3NmK1c5T05Ud1pwdkhHcFJZblkxRzRCWk9PTDNZVEkxb0JW wexSSiMFP4wgBW4OdUXX6w/0hSM5bnw0SFseB2iicP8
Ukx4U2MKcjc0YmhXVTVSUDc2TXNzbDJNZE9BZlRCOVZZTEw1N25tWWkwWm1FbDNY -> ssh-ed25519 9d4YIQ tHtlFaaNFLOhwftQycfkLvGeuMb6+Vf9avd89H/Y/TI
awotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgQWZudkZCZ21mTnNRelZPaHhhSTE0ZDZ2 F0Odk63tfaDU46W4GSkfthB2mhGUnvGxkM9uH6MxveE
NzFvV1JSaTVvZEt6ODZkbCt5UQpQQlhWODExYnpYNUs4KzBKNmZEek53ZG1Qb3dJ -> ssh-ed25519 3Bcr1w pN9xpC1+bkMgKfLwWq+mS/Nfns6OvLmMJ8Gp83yZ7wA
elpkY3B5bDJGRTBTU0JRCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBiS1IwNVA4dy9T poHvRg2RAlzTcgXruUz4bRCna3/Csruk7we78WFr6ps
YVYrZkU1eXU4NWVNWTMrTUNRd3Z6aExBenZOUmZUM1J3Cjd3YkpYbTlHOC91ek5N -> ssh-rsa DQlE7w
bmJ4UmljUGQrTm1DZCswbkpKbUZYcFBwY0x0aFkKLT4gc3NoLXJzYSBEUWxFN3cK T/3AVPmmUZWnsSMBo09oYfBjNfN4C077mFUeHQP2TJOUFIPFxakWoQs8ge6wM35q
Qy94WVJmbzd1TWNVc1RDUDhmS2YvNTBsMHpnckM3dHpiVG5pUDBCVXRvNVZVekY5 zj+iPFYw/QhRWYn525dcc3szBMQBk7dpcQ0ioX71L6aLR50jTVDu+kdRzgIvIrnh
UWZScmd3WVE0WE9vaGlFNApMZjMwcTU3WG9aRVdFRTM1aXR3STFOMXpjNXRJM1R6 YvR0u0H1JwNm1j6w6yRumG76hXyWmqBHRBY6pUwgObXX891rsLZm66cpM6rCkWKu
ekdmRHhMZE94TWZRV29ISkhYdTVObmN1ckx6NnRMRW0yClpGS1BvZDJUY3NTbTBv lOAfrtfQeLxco+8LIbjyszUZPAOQDyf+agD2TLEncpvZuMM31XX+wc8fWFs8hEI1
N0srT01aWmtFanhpR2pQV1I1ankxbXBCV1RMenhuTGFYNXVKWjhodkEwbUpYdzhC jnaIJ/xku1dMVazks1v2p5ydrddqyHj2xXunB3Vp0se17qm0oupOGLJfYg2cm0h0
SmsKRTV2K3k0ZmI3akZNL0o1TE9OQ1pRUnAwajFyeEpBb2RRVE9Genl1b1lRZGlL Lr1MnGMG/rPyzejFKq5aBX/eiK3Vbk+eez6StR6jBDPYvfU1nxuX+X6uxU6PKFrM
bEFYQ1RXVFAvbVBHMkdBSStCWApIejU0RGYrMzFkZENtQ0ptV0E2Mkt4NVhPSDAz /XF8Fdjq9vRGr15GGWDvsWGqR/tpdH8IzQTuoh3A2tkQPqjpDGztWzlWWoX2fQEt
YkwwaDFicGVrYmx4VnZleG1HT0kxM3RXYXVxUXdUcVNzQWlHCk9VQklPNkpvVHJL aWGdZvXOuW0ZngeoGnqTkCzWZ1Wi6PIzZEWBhxYaHKtcM84yP4o1P1hcybpKU7wK
K2YzYUhOT2MzOWN6ZWJnenV4bTZoc2tLTmJRNkVKSTNJQ2x0YXA4RW9URmw2MWdK
Q3BKeDYKRXV2VGxsWXRjdWFtUDhpN2NWaUdwbDlJQVJSSHB5dkFFYm5kMHgvU2Jt --- oYnNUuCYBsE2dkKN9H5VR+lrnnwP2sM/7oia0ss95N0
bjZVT2dObGRaZ1FHMFpHTGRLajRVTwpBNjlRSzJEbHk5cHF2emQzYVN0Y3RPamht <EFBFBD>ON-‘¹OïyO먪ìÏ»bÒ;6P‡XKÛ—þ¨ùuS/œÛ©Ý,—ƒùX<C3B9> w+_+ù*ɾýâXçx¸&Ã<>å­e}å(»ò
U2I4a2hJNnZIeExSZWxvdDZQRUoyNTBReVhuZnM4aWU1RVdUQ1hZCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgR1dlTTUxb2lnNHNFQ1JmckxFV1BXK2x0cHlYMDU5K1g3
ZU9xekRHT3NEZwpEYUxyUCtYUEpibkZyMWthZlJXc2NidnJ0RWEyc0swU0NYb2VC
WGFpQ0dZCi0+IFsmeXQlcHwtZ3JlYXNlIFh9IGsoKC1gU00gfT41NSA2CjIyMGhC
eW9LekVNYzRBeDA4RWhTczBjOUhPNytZQ2dyWjFFZmE0WUNUL3ZFVVBxTFJBRkFw
S1l5TXNKVlBNY2sKN0pvZTlnCi0tLSBJdDg1WVh5S1NvTndrRUNpcFllOThYdXpi
bmVwRnNkMDVXOE9ZK1lJOWJzChJnwfn1uyUG8MarT+es+9QV/16Aba3zUdGvCgaa
Bg8uQ/mhXtTQi0E+rfIcXWO2xzaUKBpwTqPH/7jd++RqtBAjHt106tWHkMBHBkn5
y7WkztM=
-----END AGE ENCRYPTED FILE-----

52
secrets/ref-key.age
View File

@@ -1,31 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBma3hi -> ssh-ed25519 4NLKrw ARySQU5NWBIxM1sICZMk/SU+kPMrvd3M9zs65v42hVo
b0hZUVROY2F4ZnAvSGM1bGZmUThBT2hoVVRqUWdTOVNjQ0hWUmdRCmdXS3ZvRzNj 3/SeIH0CpIicYOjG3Swrpt/4Nplo4parVWt3qIoW7SI
bmdkbnFNWFQyRXF4SXR6MlNuaWo3T3dvRGdJZkhBMFhLMDAKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA M4GABkszkaU5TmeemgEp/iJ4myYL3fmZFrNP5wYq1iM
MTkgNWt3Y3NBIDBXTVVyL3VzRW9YbzVuUXFqUzJxMEFvS3lZSFQ1c004ak9jRTYz rOyGrD1hAMzQVBJeDTDXZPyaIyoEvDisGe7Te491Wv4
ZEkvaWsKMFVrL200bVJaU1dBOGU2NmxHMkpJUzhxTVViR1ZVU1RpUVFEcThCaito -> ssh-ed25519 9d4YIQ eyJigzNeLlC1YxambeZYE2bMzUUgMqJHtpPxlZheERg
awotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgUGI0VUI1dnZ3MHdIV2M0dUw2QTNmcVZE mZsYy9QTl6EnF//u2Agt/9cKxxMZw7nJDfJV/n+dVaA
U1BqaW5iOTBjSXdzVXFqa1AzMAp2U2VadUptS1hCVnhkclVJNEUxb3JnNXpqWEdr -> ssh-ed25519 3Bcr1w oEZnh+FPv7EqyKLcX5rmvTGRIZlSj1ycaFg/cTCIqiM
OHUwcVFoOHEwT0swSmhVCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBzWW9SSDJVeGtD AlOvpd+MAAe43hLfcROQ+QIkUOPmjc1SPu3NPIEhlyc
aDE5U2lFbE1sanRhcnRQdGllZXkyTGtraHZ6YndpZndZCmZvNzJyRVhSaVZZNWFP -> ssh-rsa DQlE7w
NHBiMG1XNUd4QnloSzhIZXhkMDYrUk4weXlOSmMKLT4gc3NoLXJzYSBEUWxFN3cK WgdDjMGNKWgxa2QxYh33HO8JrkNeYtTqMs5Ninb0+FzJYTD+zCYWUlFEPcytp8Dl
REJXbHhZVlBFbnNjd3lJaTRHVFRLVVZRTHRzT2Y1cE4vVDZ0NysrUHdwNHZuWXJX gzGH5dwTG1Tvjig5a7IWcw8sO7AAklpU95oauq3Pi1rBq8IBBpmAjvCWb8Is9UsQ
cjFpK3I4bzlSdU1KaVkwZgowSlRvVFE3M1dZVW1xZXFpWlJIZlFkTXhicEpxTFNx cazsOmFHYQfmCWfd1TugIOju4ovJMmUxx6acAN6McD723Q7Ns+WVmLGS/ot2LsKE
NUlEa1hmRHVLeUJncVpwTElyMFZwOWkwUmNsbWRySWRnCjlUSE1USFRCR2h4cG9l WMXTVarDk++NhIHlwmHbVk7Nej8OwFt2xTJM3ihENtCLb46wDcBfEO4GaYHxY2dn
eFFiKy9MNGZWWS9lNzhPRjcwMTA1SUFDamlZUWNnZlpUMDRCQmUwN3dtTUIxeUh1 AjuGFTgv5U8ZjdSuktw0gMV0Eldgwk04NfX1+Ey0dDSJ2/f4i4O1AqQZ3ylhBrhv
NmgKbGVONWFNNktPNHA2MmhpODhoU1pxRzVqU2IrTDhxV3hnQ1BaekxTZ1gzcXcy aVS/XQxmJphSlSux5puquGtJIyI+vTUWPlQ0zIAGuKCmXQ9K5FKxdOmsl73/fBqj
Y2tmS3VDc0xuSmJKbUt5SWpDdwoxMjZRalRDdXRnenBCajlIV0x2SUJKcXgvYjZo rpWUX6YQ9993fUpVvnCRjOThG6x8L90J5MfksgJKNP6QPDc7r2aV8p5vzY0ssE2B
NktGUUVJZ2N0dXBNaDBHOFdrekcvRk55eGJjSG9wZ2RvRTVECkdmbmplZWlBYXZs JYvhRYGp0esP/DyMSczExQRpAfhNwS6ONhDjcmTRJAeaxuyteTOyypGG5morzQq9
MEdXU0ZnVGNrczg3eldIaHNVV3NDYndKV3BxWllHR1hnZENNTy9tTXZsSi9La1FO
YXp5aHEKZ3BzejNJSkZtSXk0Tm1aZGdSQ3FTemNJMEVuRFBsNjdVTTkzKzRrQ2Nq --- 3dwuxoM7PjwyPI6fn5lRwxonntFxBNCREh0LipP7IRI
TE5mS2NiYVRRUXg3ZzEySE9iZzk2UgplOWhYc0QyeXlvTkFVV1lZd1kxU1RrQXB2 V‡lÝžŽçU[´Hxn~¹:šŠzi\Ñ¥ƒWm«Åc_ÞÓfÍå->
czJpT0E5VDBQWmpwdytCUTRidU53UmJ3OG83T2ZJdlk1V0I0ZDlpCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgZE9vOEJXNVFVcUhpZTNHR3MyeUtTZVZzV2tBZ2VrWXhS
THFSWE44Qjl5YwpEeVdWNkJhVThkeDdtZitqbnJlZ1BHY2VqYy8rWFdKVlhUakhl
Y25saVprCi0+IG1sdy1ncmVhc2UgWFlBYkY9IEMhIGQxPXdrJwpvZndKMVFRZUdl
Vks2UHlKVSsxRWNucVptbG5CWjVFYlhXL0VSUXU3c0ZXdnUwRmcrWE9SR2xiRTUz
RHEwc0ZzCmFNK1JicUlnVjl1QzdoVmhQbmt1cEY2RjJ1UHpqVXBVL1grWEkwMUhm
NTFBT1dZelFFdUl1WTkyemZVCi0tLSBteHozY2tGaGZyV055TDlIZGdlcjByeUt0
QzhDVnZDbjE3a3VFNWx6K2dZCmfJoDWk7T4XzmXiJGzJ3ZkDCprW1zAxnXRjeOPP
dgFyBuvVkHJE9j+CD6wGkaiF9ExXLjmBSQ/J9A==
-----END AGE ENCRYPTED FILE-----

49
secrets/restreamer-env.age
View File

@@ -1,28 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBIRkFx -> ssh-ed25519 4NLKrw ujol4VLzOhJQkOLACge18IshC59mKHSYtkrl2sEGc3U
b3ZsODk4MlZzRUc0Uk1EdkxtNURQSytOa2hKRzIvZWt5c0ZsUVRNCkVhL1FpSUsr G7Dje5m+l2LVvLXsP2dxI3zlg0ik8781/mQHM3FVPYU
M3NaUks1TFVWMjJKVHR3NGtlNU1YWG53QTNTQ0FLNWlHZUEKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA cCSwI5ONGu9JlzfPEdd+fr3fdtRZMVUucEQ9FGIK8EA
MTkgNWt3Y3NBIFlBajFYdlJyNkMrTFRGNkZLaTRJNW04WmduS3lUb0YvaDRpQmRq +iLecJaAv7uJ3hgwkQqLh4S9u18r2oy8ZAwiajVRYhE
R3BRVE0KTWgrd2c0MXUxRmZSbERxREkxc21UNjFZRnNZdkdIRXNOQnBwVDNNNjZZ -> ssh-ed25519 9d4YIQ kHP8FhCx52peMGRQ8A0qmTEf1X3sGzraqR+sYaqJmnc
NAotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgUjVodzBabXloTkZITTZuU2dOYmJrZlBP YQ1mGHRD4viHfIyIDBuvGQHsyi3M9z12RNWvQD3ibuo
NHRIV1dxUUJiT0t5aERnWEFnawpHWDNHSlRyTzd0eGVrNFNldXZtbmZiRVJzY3ZK -> ssh-ed25519 3Bcr1w bB1R7kZRTmlsj6oMAuTTcVHwUgY5QqydLpzYGXUe7BY
c2drK1NpTmsza1FWR1kwCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyB2ZmpZcVJKR0tv ARhxY2AUp5DYgsq31gYwiDNj+bA4s03ctBxl6ipONHQ
elN0cW5lbDRvOElKSDc4ZlVtaW1DditlcHIrSzFab3c0ClB5REpzOWh5QWF0aWV1 -> ssh-rsa DQlE7w
Q1E4OVhtMytaN0JUaUNESmYvc3NNbzdpTTJ3T0EKLT4gc3NoLXJzYSBEUWxFN3cK oVCEFSMqyvoWY0SkJZOENUDgmvNsaCdfna6QYGvQQTh/XC563ODIj0WiED6AAQqw
WmZOSndtbUJjZlRyQzRmMVpxZVRLcEtnbUJZczZLK0RydURxMkhhR243ZkYxcG43 N/FxPdGdbsew3BCOB0pyvsOmv9ql8/cpiSAM8J6SMw78/9e+ri3F6PVKbTEY9aXP
d1UzVGJ6QjQwem5WeFhUSgpYZ1NvMi9UQWxsUit1NFpaRzJxQldFd2lVM1FnVHFJ Ds8uttbjozy5kWJcZf5dGfB5BXW2v/6WRo9PUOUUapJgJqKXD5hjthcOurXoj2B6
UDEwaVFXc1AvbFdxd0ROWmsyZzBBS3QzV1pnYjJiOFBOCkVIM0NjRmxuTHQrR0Uv qQXAWr+hYwy8saQWItD6hOGNKbYzqkAXOBkwSRvdmXpc9e75yUw7KPHHng8QrrYj
YjJCcXJMSm8xUnQrUTlON25DY25nTTR5akhwZGhsTkFSQnpmYnFYeU9hclZMYjVk /gM28qBo6cyT8cEsV/6XRo4LxzqCGiCqup+YpY80Jxk46hh7O1rMXW/IjeHww27f
dEkKTHovUXNpUnFoK3ZkcC9YVkx2aDdXL1N6SkNPeS9pNDNsWCtrQWhraE8yOURl CzwIdi37IE9QCviuuGjqn7kbKkg9jhcPKbktfNF+9urUDnCvoYT8umH8bfRa/wSB
WndZODM0Z1BnS3NST0duOWtGWAorMmhvdEZGZkhmWm83d3hpUExtSndvYUlySmF0 VVqIzpjYjA0NrIqRfon1dK/LsTgKSeExOsb8wQDS4rpvX/Yqm0lBfmYJ7DaBmwpj
MEZYcVVhTlR2c0ZibnVqdWhpSWNPWEFFQllkeC9RZVJxUmJsCkJqYm5mVVhxYXpY XTpOyn1wGu4/cgFz9BO6WEhrxXum/67UXGwxisV3pmGXLIHqshMkgYjGl6gvUe0C
TnlTeFljeCs0MDZrNUJtRjh3cEJuU3BGS3VyMFNqRkVkSjNiVFZQbTFnUnZmVVFN
UEdKd2kKaGlTNlhlNmhnNnp1WEVnb1VISktiaVBBNGI4SFBVWjFQdEppWSsyRk1F --- QM3r5pYRyC4nnhf/dO/zFwzwye1pgLNOKOPAowdYQBM
SXFGTnhha1pWQUtzUjlqRDhWZzhmUApsbFdqc01aV1N2RG1mdGF2cEd4NWhyMSti f泇髎鰉螤毲裰饆+鰲?渚<>}5蔟@
ODM3UEtmMjVnaXIydnlYRndDRGh6Rmg1RVMzNlZpYUxXUjQ0REdiCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgaXppSmVaeU9PZnRKSjYxSG94RWtSUHhKWUlhZUw4eGNq
TmdMRnlqb3QwQQphZWhFNUZacnJoWkFnbk1FZ01wMmpRRnlHQW5uQWs5K0dkckx2
V1p0eDhnCi0+IGxnNTstZ3JlYXNlIFIualwkcyA3fXVFIG45Oi0mdG51ICQyT1UK
Z05LUFZBdUZNdwotLS0gR1dzT0tMdk5JdVNrTGE3SnFiU0ZPSTZmV3U2Q0QzSXZl
K09FTzVsVFRCcwpmNiPpr1N4Cx697kp5LSOqv9a0vNcOj88MmyXopEc04A==
-----END AGE ENCRYPTED FILE-----

54
secrets/searx.age
View File

@@ -1,31 +1,23 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBLbGNo -> ssh-ed25519 4NLKrw StoVt28gDfCQw796MXA4wToPMT/JZG3lNNav7tkaykQ
MFk5cXdzNUYrQlRQNUJEMDFRNlM2dUgzNU1KZG0xaTdTcUh3d1NjCmVPQi9zTFQ1 kI7i+623lEOlLTAf9HvbkeuS/h5sI9iKoivVbrt2R2M
QXR0MzhFTUQxOGtlS2swdjNHeXNpWE5FaGt0NGRYRWRvNjgKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA DGWAqEOUf8x3L5oIvaARXNXugcPrFCg27kPZFOyGI3s
MTkgNWt3Y3NBIDdUcFlCanMxS0RkMmdVLzZNdWdvZEZJamhxZGd0TXZQRGdQU2hZ mL7w3d67LiAvYWid86obfhQykFTwy7tFEz2GdaQllSw
VHlaZ00KL1o2ODJXMzFBb1ViQ0ZiQ05BTkh5a2xhbUdXcWpZQ3Awd1haRlc0QTVP -> ssh-ed25519 9d4YIQ BjLOvH4m5UahL7hANEnuYUFraMZoDYM4Ohpt6GC48HQ
cwotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgaWFIV3ZiakUyZDhBVU5ma0owK1FIQzF4 ypVz4aARz49+5jmC/sWt8mS9HP2VFly1aFcU+VD8bkg
QTR4ZUxGaHJML1JJMFJsdFh3dwpLZWN4d1dUU2kxcE1sRnVuZWc1Q0UvdWpsem03 -> ssh-ed25519 3Bcr1w +tB7V+TobxlWMWqMbSbR4p4MSLwidUNaSqVZJa5JK1o
RVVtTGRPM0xzYzFRRERZCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyB0bWR3UEo5WjAw 7yZNvLRE6H2qmHsbB3C81oaW3U+ub1QXNHIkbo7K9mU
dkw0N2dDRnhRcTk4eW01RnN0cFppR3hhVWhoNGFIZlNvCnVyS3JsdVkwOTF5dUxy -> ssh-rsa DQlE7w
TmxXSFZLTWhqL1BZSnhJWmVzaUw0NENYb0xkVXMKLT4gc3NoLXJzYSBEUWxFN3cK eDfNLuOLxrhfm6t7RqjbDwL+DUSZiEiBg5LtIhKw0LiGotFjj0jXa7SeahNNipjL
YUVKZEoraHFNY1lQNWh3NXlEYTJJRC9TLzZQZ3pFNHM2MVd5NE5Vd0ZmdGo5d0E1 bneSIf91mTBtiDxmsSdV+93BBTtuOVEUmBr/2A6SuZ4ttXKRD4wN2fiFTTwjcNw8
K3R2THk1blpwOGpydmxhTwpCY3pIUkRNclI0Y0Rxa2ptMStlNFhuWmRvOUludXJR xlkK8uyw4jVPupsE0cS/wWr+yyPXHenMB+1QxJLeEF8o8iHhlkA/YUkDWHVfq9Pb
SUx5c3JjWmp6MkM0L1UxT0g2aGRxVmNYS2ZSb1h6L1hIClcrQnVLTmgya0xOR0Q3 ekGOaeVDbiuzE1iSGIhQ9d2t+LkoE5UCkLEAYoXD0d5vV2ayK0gitHLvxQvJC1Bw
b01DZjkxRXJJMnFISE40ZkZwWnNPSjZ4WDFubUlSMEJGUFBVbEthWjBvUnB6WFJo Q4qGioTm9XIf8O15lrw1CY5DL1qcwvEGO8AQrByoQ58szm3EcyxJKL3YxsICDujd
V0wKc1h0YXpiYXhLN0NaMjFnVFN1THM2dDBvKzV0RndINWZ2bFhSQ1A1bTRmTjM4 +VPUdIUgCbw7P24wjzFohTfdWO2NcCRiQnCyoALJyzSCdLXHwKL605eX3TiEgJL4
RHhnZGJwZzlJYlUvUDc3N1h5YQpicnRUaWpLMDJEdUxETngreHZ0dmNhNi9sanNt igJxbEfPH5heXGOUfOq7RX9PfHGsMdQLZlqS29/h+NAWHqF50JIy9zzUopzTrAh7
RnBaRWxPRmNrT24rcTQ0T2dSUmtDKzViMGs5cSthMWJqK2xZCkFvemFNMDkrSkZK e6uCU1v+IBjyWmfapK1UCJ5dWBZTVEZr8mNYpaljRzw6TqxS0GRLPybOCawC6dey
YnNxNlgwWXlzZFU2UjdjaHhYSVFycVR2dm8xV1hyUjdZWlI5eHFZK1lGd01rdmZ5
VUdlbGkKZXRLZFArbUtBNnVPWFdVaHZsUTJFT2hGWnB0MkpFVG45cEtnaWJhb1Ns --- sxcuCTgVI8Sxdz9AgyUDPHSss9ExX2HY487yt2j+EQc
WUJ3ZmhHZTFUYURlZWRqZHpZT0VySgp4cVFyS1RKOElMazg4aTlWZHBYV1BiUVRv =D¥ZBðvä9 ñöho²jÒfH}r%J=Þ
d0VmQWovYU80ZllsTFh4NTVNUVVOU3pnRTYxK2tFTXJWUEpYQVE5CgotPiBzc2gt í6ªÕƾàþH»Á±¢§¸I3Šÿ’]áót§vLì´©Omëûdõ(±ü.ç½ä*RÙÀÚ\wî¤5Ïýa¢ :Mü+œ
ZWQyNTUxOSBDU015aGcgbGl5RGIrSWpKeWVmQ2k2MWZWRWQ1dHpmSXN3VGd5eUxZ v[|ЧI t}ì
aFJ3bXUrMUltSQpiSHBHRWR6aTFLMFY3V3lhZWwva3RFTXhucmpoejlYZHNoMzRa
RTIzZ0RvCi0+IFh7VHAtZ3JlYXNlIDkqWFIgV1NAQjpCaSBgQn5uOy5vKQpTbENu
cUxVS0hJS2t3RWJORzB4cmhUdzZESGk0elE0V3dpemRFVEJVaTlsK2wrTFhMb3cv
TFEKLS0tIFFhbXFsQ3RFK2pHY1ZUK3owVjVxM3dJQ0ZmcTE1SkhOVUVxV2YxOWoz
dTQKeNKR2CTcJF9YlJGxdA/Jd94blNFanWBCKv4B19pueO9dj+WTamwUE204Xxpw
eLOIK2j58jcXX+QW7niNtSUNk39FLsWhyw5LxpB50zEIozoAq6QwpN1sofJlhD3q
aZ7KADz898/l43s4rnGZgyFUzQHX
-----END AGE ENCRYPTED FILE-----

BIN
secrets/tailscale-key.age
View File

Binary file not shown.

52
secrets/traefik.age
View File

@@ -1,31 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBIaStX -> ssh-ed25519 4NLKrw 4W1twcJwqyd1r5JGdkeEM7fVuIMkdcKLpDQ9IcXoGVY
b2F2VVdLd3FJMUNxSHpIVjAyM1RHMTl0by9DU0tJTFdKc3JGNXhjCjFVK1dhcTdw Ah6Dd31bzeFJ/KrcucHlk6PYH038SZVVqfB3vitt4t0
eXVhR2hjMHZuTE5PQ25xNDdjd2tGMnZ0QjIwVnM0NHhnZFEKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA +/R4MlAGV6UzNvandAJLDTevMJtK4WaduRAVmrM4n1s
MTkgNWt3Y3NBIGVGaWVwdEx6bFFVb0JIQnZDRFJaWUdoNTE0L1Q2MUdFL3hGL3Vt UGAjYzO/gjKYhjiVwgVt2T3wvHoPAcyMLuPu89Q+0cE
YmhzVG8KclZwZ2ZadDJnWGFSWXBWbXVTc3hLeUJBMnlUR1dpZ3pHYWJWT0ZOY2Ex -> ssh-ed25519 9d4YIQ P2A8L74BB0Zio6gEPCAcmaZPXHAP/wAPiLwmvzQuGzg
TQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgbHZKc2JFSkNzQU5IVHoycEZ5R2Z0Ympr XC/+dfw7uNP4jsO/bwMf3y8BfirnjligyqdVDvrLwkI
YUg5V1RjSUdKeUYrckc3QWd6TQpxcTY1QXkrcVlDb2tlU3ZlRy9VcU01UmRLQjVQ -> ssh-ed25519 3Bcr1w 0Pqs9nidGLBeACXrsbu2KGzNlKVaZ1R2GdDKLiP6DRY
WGN0Z2dTSEJSSTYzay9zCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyBpRXd0aXJvVlNU lU6dfn15jJxlgfmR0wCYyhL5fzaB3jSvLMiGhB+ht20
NGVab2Nqc3Y1akgxTWREaFY1Mjc2VnVFdDB1TGxKaUE4CkR2cjIwaHRTMUFVaGh4 -> ssh-rsa DQlE7w
K0xBU3lmaTBnbS9YY1dCL2FsYnZReHdaSUhIQ0kKLT4gc3NoLXJzYSBEUWxFN3cK fIfiUhZpT7bHQssxFLc76YgeVX8Aph2xluyF5Eb3wdoks3r3H2gD4WBKvceBxZ8R
cDNLaVpudi9rakVIZXlPSWRJUW5FSE1oK05Bay9mMGVNRmJaNUJkTFpPSnZVS3hn xIIQ7PKnNRyPmIAHTuOQvDozTxAqMRzLOpDIhCY5//FT9Lb4h3J6I7EiJsK+1/pB
QkF3djZzeExMVzZ0a2FDUQp2U29iSm0vcHZUOWtNMHlZSHByYzdEdElmWUx4SVJ0 AbtRXJrTSLr+qIKDx8YW75YPgmcluzV8h82OcyyzTd42TNsoaacC4ihEJ0XMec/p
VjJmdjhnVmVYSlZRNmpIUmJZN1lUa3JaSVlXVUF5QTJSClBEeW5FemVXZkxvZFN4 +zJGZk2h3TC6dn8SjPdFn4kTNuwt23wkFV9vIxHHU5/Duod6SyoyKS0Bd5a69FRI
T1ZWT0U2U3lVYU02V0M0dERvQWdCSWxGVTRBTi9PTE5WTFE5bVBYVzN2L0YxcjNE VjeWu3EyN4gq+X+jw8E8NZm0TXcYv5hACC0LPxNECwhf55KyttV+0IWxNoT2Qoys
bi8KWk5wenB0aGlqMkprcm1mR1RWdGNXZUxMTkVyUmNTWE56Q2laRno4d245STEw aIZAFBkXLQ/stUoKYfA1kw626nynUIqAeJTb8Y3SkkF4CxOl9CZ/uqoMByys5KOv
STlEZkFtSXJwckxSWk1abkJYRQpDSWEzcnByMXdGOStOMXNJU1gvV25xWnFNVGRy pbi/tRGp6IuNbUJPed+C2+65I+jZGEt4BuDTd0/vpQvhf25nhZSxwXcEHX5TNIMT
M3p5dlNUSUlxU0l5KzVMUy9URmFSTTVXbkx4UmxzTWlIMEx3ClBTb0RWNm54KzdD 3Ky94rExZgj6GRyuWk7myEQKvL47naEElBLu5X4goWaWxQIJZThEGsOQjVHoeDhb
eGxoV2k2MGZaMDhSRC9aQWY1YnlobEdCOVFDdFQ0UW4rcWdhMDd5UFVzdGVVSFE4
WnRKNmkKdldjTmF3WSt1RmJGUkI2QUpDQlo5NHZCRGU2WW9tSEhCcUJycWNnVW5s --- bpQsB8ArJ7UeY/50Yh6Cxr8dBE3cKE1lj9/WvG7M0Rw
Z2duUDhvNDdKbldrZEZIcnB0djFOWQphb09XTlo2bWk0VzJPR3NLVDA1ajlCVmhQ ˜î– ÏÌN;ùöÅÑYí·”˜È§ƒä³â”¦cˆ…šnî~vý(«3Å`è®ÿŠî=ày~æ're†ï& N™u<17>kÒ#…sq<73>Æ…ÕOQâ}cl£Ø:?gZ=|VçT0iŽÞ`™B 'o
cnk1UUF1SGtYdzdVNVpHYzFaWlRGSmZ5OWlNQmpBbHhuTXg4TDNyCgotPiBzc2gt
ZWQyNTUxOSBDU015aGcgNkFhWHNXcWd5WU42cUFOK2M1b3R1MklUczZJdDEwVXRq
Wm05T1ExYU9pMApobGJwejhINGpJU3RLdlZFcHV0QmhjcFdHcTdRR2UwZ3JzMVEx
a29YemwwCi0+IGN6b31dRC1ncmVhc2UgLW5KUCBcO255NXIgNX5XMiAxYlx5Jmw8
SwpFV0VMaCtMT2lhZSsrbmNGCi0tLSBpMjBJMjhXZ2FuSFA0ZjNuMEtJb2N3ZFhI
NGhVcHNVRGUwZ3ZzTG4rckRvCvr9n7y6/sKH/aRKNaOOzfqMydnHoeWxPyciMChN
zUgoLZn179w0K1ogUbGR28lz+hCSQELvyWkiO4+OgR9OaSO0MJZ3wIGdqcS3mUPj
ufZbixxgiiTjMBn8e6sFm53dXcXqqnTDm6+1BNixsPmxMwzRV6nM7uXCh31TWLzG
TiY=
-----END AGE ENCRYPTED FILE-----

BIN
secrets/vaultwarden-env.age
View File

Binary file not shown.

60
secrets/wg-BR.age
View File

@@ -1,37 +1,23 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyB6cTBQ -> ssh-ed25519 4NLKrw CkxFQBZnYhZN0KvtsQePp/wLGPNjArr8tyG3MficOC8
Z0tNRHRzc1NHZ3ZrN0hUUWViZDV4U3ZveDdjdjFyZ3FQYXNxdG5FCjRHOHcrdTIy wNEF3t38J6yThhhc0d5F1hIsEvLJa4TdH0YtPt93AZc
ZUkyeExNZEZFSTB0MUVTZHhMSUEweTJjNkF6YVcrNDRaQzQKLT4gc3NoLWVkMjU1 -> ssh-ed25519 5kwcsA o2PUZZXwJHhgKm0MNEONCUSQGL2uCYD52sw59OqgMR0
MTkgNWt3Y3NBIHI3RC9oQjc2SXlwUHYrZ1M2YmNvcWdyZTQwaHBFUS9LQ0E3QzRh wARXC7AVh+cNGlsDEc87JPj9CJmUK87y6/mhOU6y8HQ
eXhNd0EKVTF4dzE0ZDgrRWVwSUtQU0h1SFVvOG9tM25LRUNLNWJqeUVhdmRaWSs3 -> ssh-ed25519 9d4YIQ lZa0HTqpoOBo88sXEyVsu25bQqsNoP9vIAWFS+9hpW4
WQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgLzVtWEpGb2JQcUVCSlJqdDI5UHJkSHhh enuKpztdcHMQkJxooj/6pFpPQmsXlNLAMaCAoo/wZBA
MVpWdkJvU0EvRm1tcEdrRyt6dwowSWFmSW9OV2NFSGNCZXlqRTFYRW1BOE9OOWs5 -> ssh-ed25519 3Bcr1w pffOBbY4CEdYLCj7DIJWT/2Dr9IZYKJP9nAaMlXqmj8
MnNOdG5jN2lRMzR2M1VBCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyAyNVN4MWxrSTYz qexuDvtIfz3cbFnFlmIe2TZ0PYpDUsmu31M1Eccoipw
a0VMeU5NRGY4dDBJN0xDeTRqNkRVSDNPS01uNm9LTm5BCjBXQzB1Lys4YzQ5RDVv -> ssh-rsa DQlE7w
SXZLNEo2KzcwOHdVeHE1eGtxam9jK05FV0hiSUkKLT4gc3NoLXJzYSBEUWxFN3cK NuDXmJz0pcSJ8dbnZlCSbM6vBMgeKmr6c2S7NiLyn99BGJ9vMh7MJTQqlxqjMKR1
dHdTNTEwQ0FWMXcxM3NhZW5HcE8yZjFZckFKVUsvclh0aGNDeHJRak9ic2Jic3Fh JWO1Llw0dwqaZ+LqnTUFVgaRRxsT/cONU2yVfs4gOS73ut0QlTDFYb3HZLa26Bvi
amJyZm92VDZucGRjZnhmNQorVGNCWGJDZUVYZERudjVaSmZiM2IxRXR2N0FZY1l4 FkMWfYCu5VXTNsuXiUSjnOtey2PUxeUgFgjoJY2iqxOdnua2sIkC7XiP83YskjQl
M3ZVNjdCeVNCUlNhVDV5T3NYdzMyRXN3cERSL0dXenYyCjZSKzN6VFBjaFo1c25t uDRzkxxaZY42sDTCigvVcWaC2N83WY7JkuD7lah2ST5vhL2gDHpL50FHt3r3S3tk
NkhHeEpTQytWdDVjajBRSEF4QWx6TUo5K2QxLzROdmdJaGpQVEFmVnozQkRKVnBP fR/AVr5Bv2uIZbtwSQM8XF3yTIJ/lGPtCSrrHSkrivr/kXOqJP4R420fVoBtLJCw
ckIKbGRqZmJlNFpLTTRpTzRTNkpUZmtRMTlkZFhkSm5UNkVrT3ZSNjRNS2RicDI0 2QPVxutV8EUUSIDqHuyU1eU2fHhhalkRWfJApM9geLgZmcWFhtvvyw2a7IdHqEaK
c1BiU3dSa0FYcHZsOWtib0RhMQpCeCtRbllkWDZ3UEtFcjVhVkZzbzcxTFU4bWxD n3WgsXGxB6NHgihoOy0wCHJvCiQ2W43wDd51op6S6SlpcaMAVsnp6N1HUNHZBZ5P
RXM2bXdIQnVwbVU5V0p2UGROZVdJMGNpTHJSWTAxUlhYQ3B2Cms4d29ranBaR2Jv pAGRYM0bcxZaIPvQ21YTtMTBvEMyCsiBvUeBZjCfG8JeiQ/GPBDIfTbkeCFQngcD
eGV5MEJsVEo1VDRGSFI4U1k0SFhNMEtKdHM0UWsvZEdYZmJWOFBKdC9ZRjRLR1dr
SjY1Mk4KQ29mak9RWlFJaG5WQUV6ZURzWExiU0prSUp0QUlUUXRNdGgwRW9zR2Vk --- 3LqWn99/9jDZ0l2rzB/TbIOHwnn968Znoyjq6C3cKNU
c1lRZVU3WXR5MzlHRXp6a0xDeUJMaApmM1pzTmlzbXpGTXl0VkV3ZTRGZzF6SktT KBj8(Àòö¢¾:èÒ«e¸g;ÜM
UHA4ZFBqejV3WlFKYWd4NW9yelQ0cmg1bXdLTHNJZE13VU5vL213CgotPiBzc2gt @<40>™ÅnšjjÝ÷Bìµ­òÜ<> ¼?ô$ïÎ÷7!ì]ù¾qxhui~ŠúXáê0ïPiØRÂç0²Æ—Çu%ÀSƒÌ õ÷Bƒ·>r§½—‡»—š$\…°Ìh
ZWQyNTUxOSBDU015aGcgKy9aZ09zOXZua0ljd1Q0dE1lbm9jTWZXYWdZcFg5UFg5 x¢às -zpzõ"ÚJgßÔZH<ƒ˜g'}á¢rS­·ô$Þ `ëþþ1´ú¢–®§ [Í9Ÿ©÷ch±QÂKbè0Ñ
Vkt3UXNWL2RHYwpFTHpWR3BQb1pZeHFTakdySmRZWE8vNHl1d0RVaEhqQlVrUTNv
c0lNa3JvCi0+IHN2JylXYy1ncmVhc2UgNTY8KiIKTldkN1VEdVJkalNsSWlLdWVM
aWxNYnBieURmYklnL0h4NWgwek02K3llMjlkZzQKLS0tIGNFZDk5Z09KaC9QM3VG
M09GbWN5Q3ZxTzRkTE1TN21sRTYwT2l4V1ZQQVUKKIZUcGsHN+qmBNXzFlmF8nmt
6qhMa40ZXAy7G6t9i9hIYBWtizHRi/zUCd+SmmqsKkO1H2J/XeZasO3o0avA0dC0
o9bl0iGtAmK7wHNSWuWtwvi7QfE5nhSVq6V9uGwc3/MDSjjfLhti6qgpEGexBLS9
EHdohR5a9S7XL3mwRTqUqrSlQgDWzi3KvpuxbMZzWUDj5Bbc++jNJNglypps7wAx
MOM9Y+7yhPmnMDr8uEj36MSb9u5K6iEJhVpkVUjb+UOvKJG3kTCKkWnkff2zK56e
xCQisxYZh6LEkGqCH6OFYzwlhKZvwNDa0sPuccwhSmgsB/SLSnHVLHK7XlRzzZNB
LMrQfZXDDpPKKpS5KgmIPkxLdL+P+6G8BgqSyxyd9fz9okNz2TOHb9v49ujm+mSc
SwqE7dUpighhE9YehI4VY752CPhs9oToTR1sDKs37x7TKmUSk+cuG/tpoLCBnJLe
qRKb+cuYpiUiiGVOZNiB+pKCOHgiI+NS3hNyyOXB23Wnmdq42I+15HE4sM2AL3Lo
wg==
-----END AGE ENCRYPTED FILE-----

BIN
secrets/wg-DE.age
View File

Binary file not shown.

BIN
secrets/wg-NL.age
View File

Binary file not shown.

BIN
secrets/wg-NO.age
View File

Binary file not shown.

BIN
secrets/wg-US.age
View File

Binary file not shown.