From 284c7bcc8967ebc8ea12913806f1c6974d1c40f0 Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Wed, 5 Jun 2024 23:00:40 +0200
Subject: [PATCH] feat: homebox

---
 config/services/homebox.nix                   |  75 ++++++++++++++++++
 hosts/elisabeth/guests.nix                    |   3 +
 hosts/elisabeth/secrets/homebox/host.pub      |   1 +
 pkgs/homebox.nix                              |   2 +
 secrets/secrets.nix.age                       | Bin 5815 -> 5870 bytes
 .../elisabeth/keys/elisabeth-homebox.age      | Bin 0 -> 801 bytes
 .../elisabeth/keys/elisabeth-homebox.pub      |   1 +
 .../psks/elisabeth+elisabeth-homebox.age      |  17 ++++
 8 files changed, 99 insertions(+)
 create mode 100644 config/services/homebox.nix
 create mode 100644 hosts/elisabeth/secrets/homebox/host.pub
 create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-homebox.age
 create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-homebox.pub
 create mode 100644 secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-homebox.age

diff --git a/config/services/homebox.nix b/config/services/homebox.nix
new file mode 100644
index 0000000..b025359
--- /dev/null
+++ b/config/services/homebox.nix
@@ -0,0 +1,75 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  wireguard.elisabeth = {
+    client.via = "elisabeth";
+    firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.forgejo.settings.server.HTTP_PORT];
+  };
+  systemd.services.homebox = {
+    after = ["network.target"];
+    environment = {
+      HBOX_OPTIONS_ALLOW_REGISTRATION = "false";
+    };
+    script = ''
+      ${lib.getExe pkgs.homebox} \
+      --mode production \
+      --web-port 3000 \
+      --storage-data ./data \
+      --storage-sqlite-url "./data/homebox.db?_pragma=busy_timeout=999&_pragma=journal_mode=WAL&_fk=1" \
+      --options-allow-registration false
+    '';
+    serviceConfig = {
+      User = "homebox";
+      Group = "homebox";
+      DynamicUser = true;
+      StateDirectory = "homebox";
+      WorkingDirectory = "/var/lib/homebox";
+      LimitNOFILE = "1048576";
+      PrivateTmp = true;
+      PrivateDevices = true;
+      StateDirectoryMode = "0700";
+      Restart = "always";
+
+      # Hardening
+      CapabilityBoundingSet = "";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      ProtectClock = true;
+      ProtectControlGroups = true;
+      ProtectHome = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      ProcSubset = "pid";
+      ProtectSystem = "strict";
+      RestrictAddressFamilies = [
+        "AF_INET"
+        "AF_INET6"
+        "AF_NETLINK"
+      ];
+      RestrictNamespaces = true;
+      RestrictRealtime = true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "@pkey"
+      ];
+      UMask = "0077";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/private/homebox/";
+      user = "homebox";
+      group = "homebox";
+      mode = "750";
+    }
+  ];
+}
diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix
index 4e52ae4..ed02a57 100644
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@@ -24,6 +24,7 @@
       netbird = "netbird";
       actual = "actual";
       firefly = "money";
+      homebox = "homebox";
     };
   in "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}";
   # TODO hard coded elisabeth nicht so schön
@@ -160,6 +161,7 @@ in {
       (blockOf "paperless" {maxBodySize = "5G";})
       (proxyProtect "ttrss" {port = 80;} true)
       (blockOf "yourspotify" {port = 80;})
+      (blockOf "homebox" {})
       ((proxyProtect "firefly" {port = 80;} true)
         // {
         })
@@ -269,6 +271,7 @@ in {
     // mkContainer "ddclient" {}
     // mkContainer "ollama" {}
     // mkContainer "murmur" {}
+    // mkContainer "homebox" {}
     // mkContainer "ttrss" {}
     // mkContainer "firefly" {}
     // mkContainer "yourspotify" {}
diff --git a/hosts/elisabeth/secrets/homebox/host.pub b/hosts/elisabeth/secrets/homebox/host.pub
new file mode 100644
index 0000000..0412d8b
--- /dev/null
+++ b/hosts/elisabeth/secrets/homebox/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBq0dfFQA4Fs6mpzbAnM3Qa9pKoLk6eUezOvnp2iVA7W
diff --git a/pkgs/homebox.nix b/pkgs/homebox.nix
index 5f5bfec..4f41a34 100644
--- a/pkgs/homebox.nix
+++ b/pkgs/homebox.nix
@@ -128,5 +128,7 @@ in
     '';
 
     meta = with lib; {
+      mainProgram = "api";
+      maintainers = with maintainers; [patrickdag];
     };
   }
diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age
index ad61f8eee9046de88740d0a26642ae5db2ad50e9..5ba8bb9ce21a1fb4c2134195e3a7d96535a951c5 100644
GIT binary patch
literal 5870
zcmV<K77^)TXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zVBQ&eSDMn*I;P;qi}
zG-W|AQ#naEQA<}%M{ZAWI9OLyQ!{LII80eDY-b93XKF=iO)_tBRbxjnL1Hj-Xi{-S
zG(l`dcX>otc4I_VHhO1dIbt|sGFb{OJ|J*ub}eu+H8vnvR8ebHK_EeGMmR%bO?g#p
zZdzeXW<o)5b7EmcS2j&{D=>3vcuPrbXfJL@ba-q*c5@0>X-P(KVP-@#PgG)BH)T>Y
zOHXZVXiZ~LR53&~T1h!Hc1cllMpjQXZDR^8J|J*ub}eu+H8vnxMrUbBcOXG+SVmQ0
zdT}{3ST8m?RaSI#W>rUFW;s(*XhUyfNme&&Lo;VXbapj(aAyiqS~X~QNqBW{STjgh
zZ((FhYj8_?dQ@>}MNLz0G*2{mM@MQ{YifBxGdKz@J|J*ub}eu+H8vnMc5P5}Q6NEZ
zYBFj~Gg?7KX-9W3F?vL1VtGqpId3a?GjVWAP+?PdXL4##NH1Y$WkU*fPEIp!LTGDN
zGIdmSYkF~dRc&xjG)Zc5ctR^wLTN}ZPf~6$ctUnWP;Uw?J|J*ub}eu+H8vnxMrUbB
zcOXG%W;Jz7K{7~AS}`$ZQ#4^XPfKSjL`ZHjT1;0oMqy@AXF*YGMNxJ(bVmw9XLdJN
zL1s^OZf#IfP*yl|bva2xNHJ(`PEuD<RyJ`(S8R7~aZ_+OIco|nJ|IIwN-bw{Wnpt=
zAW2I&AazeVJ|JvpQ*u`zVm4Y>MkNYEX?i(UW=mQ~cTF>DGE+x$L~l1)cWW<jWmzz1
zNKs5{Mqy4kH8ycCQgTv3XG&IdQFB=<Nn%WEM?qCDcSCjxWI|3hYd1x0H&jJ5F=0<N
zbwWvQS79?bLMu@*K}bz*c{OJ>Y)DdZM>l#@Y%o@CF;h)1ZD@37Sul2VG*Mbb3JNVP
zEg&&TX*o%8L~~V2ad%F1Vm4+%VNPLMMPg1_P)bc%H%fLzLrzS0Pj+l{I108lOW||4
zTZ4>JZd_^OShX~It|OkMwvhD$a8W{cDAA-SL{pCDU~eUPHE3`2zk-}nU?ENIcEAfH
zv0YPNx@Rbi0X?P`<yGQe1`u0!HAxy}Q=NS%v93jP26}eb(&Uw!`hJvq4i2V?Ga`QR
z7y3}8g50)1=+F?5C~*yYUr%DF`Gie#<$h0y<%HJzV=y8yuY6R_F^I$@Q_pF}q#TC{
zQ*H`y)%bx0o{l0`j{$*-M1ZD9i``FwXD}ieV^|dq$O68iwOd9?^Z6Y{g8iju=bk#^
z1##P`%V8etkPle3(hZ}|@fvQOqEqiHrA!_e8`~iz)b<1<9N0d?4{8QY)1sz(`rm8X
zDaxcX^s%&>5~kqRK#b^zpFP=*e(uy^LV!l0s4LjUAntqSc;r_dYU{ZYEN#||wnl*7
zK3<_O+39!*_3+a9R{;;G0+|8ZTEdIKlbHY)2%qD(7&7+D?o0D)@6_bhkxoZ(Oqt{V
zWMDy{ARA;yliB!+8bB8-?p^tt-$n~-mY(i>sk5<!IJt%92MR9wYaB~a8jY$jJpvlI
z2>QP|zUhc5vfHBvOaGg@Cv;yz^FfeEsa9HED*w6=P?ki*%5#D}8g1}EVLb}FdM!*4
zdW+u<F;gv%M>PfEjM2<LOtxkh;Jk1@Z>_L5{LOPwHLs_L)iZ$UN2M~d|4+ew_<1rT
z`B~Kjab9H6SZ;nO`91u7-U3s)#O9k|Y$am3AH~ZYrr(xgPgMSC`W`R3vo=pD?xFoQ
z6Z_#BMYphOUa*nnxi53kl(CsW;^tt|Ws-o?H6CkMibC>o&1x6v>)_l^t3^}*9D5GL
zG3ac6fhOF+sn^!d#p6K{b9XE+z>FBfQFT8V*dG>g=aAbmEhR}aYG&Df^tEp?-3%YD
z?N&!f(h}A8rewi0o*Zvu5=l#)vV2^0&#D82Kol?2WkNl#TouUZoX3^kb}2H2j&1X5
z&t|aV{hRdr&4<}Jk_;@wax&OAz^M-a3wv}OYGTz$E-*T?ypT-}2m*6KN}L6T%C)%1
z#H`Z*Y753%lK)In8lT<jV^8T;3mrH+IP+lj3GT2U;bEo<3Su>zV@2Rr8GX=8yX}pG
zzFes$YuayK91WWmekQjZJD&<-EZ5znA*BatAX$|SF=;x1$jhBfsnycQFBAZ~D{h74
zhO+;!4(c+W$osDtck+TddET(Aa7rs-*7a%#S@-rH=U(?>K*X<5sk)8HH$SPe1dM2W
ziRQ?$IRW@x{ZMI-S}R}aol?;sOf|YUW8P3iTRbIMo6ik8+(Z-ssM4vGv21cQR!R>Y
zb^ylNxaWeV;Fx9E`}0!5^aLTFv^2N)XBA!WR50q&1=jz`OXHWLGZyfoUdL6c3cvZc
z$&?ge1S)kqUsxY?`KK_m2`vJ8zYn+bb_AdSz8+rbklR!W!ptAZ)AG3ebq=%$-2<mQ
zfe5vt@12DMPX0_UN4^M9*8px%`9thS8cG%ZUzobRih@Lef(<ZL0A0%YaY(iBU|&}k
zum#>oikbo|dT>KGbnCrw@r6S!I_<CD^Z{8V?HGU*3Tv0*?mUQ4mv<%4cs<MdZAe+h
z_?BpD)yzzUE*g_>K?s69--cqBL5nrguVl`iIsiba1?#x5h8vW*xSs4Ffc>}#G=idX
zAODcG#qmHr>=PJ<GjO2m5k6mcXF0u)+DegnPRx)zBARQ$b+Es!CtfKba7(zfVWu#4
zU$aHW-OLv5J`SdIh(7M@r`2xAum{~>Pv(;jek;BOyjbeU&C!1isfCy9ahhR)^fHvb
zU90Z|B8`V)eP0|S$5NYj+X}9UF5_CTBNy-vkdG%cg`%R9BIUrq`<JqDl2}p*%ulPH
zRVv%|t)bGW-CI#$CRMLSw02B&Ydh54a)-^l%7Am22zGmRKr^HOWg#dU&4Vu$eR37*
ztf952Z2Tl_W*cBDip=>tI~@N96EdSc3Bvf>@6x;;sI(rXnQJDN{K@>vobZMb?0~AS
zU@hMhEZU~BHSu!!Bu}1`s$Sw&%eMu<lp3t3bP{!8a|<hayKv#Fg}X%;p<a(R=33gY
zWE>AmH7e~T0IMFa$3W!j8o*wU4oUYjj}1(w0for_b(fGya=&(r6`x3>d4b$Ms+6+E
zQ@_B=URe`=CjV>V<KZ^~^hT)65bkS4#qukzo`S#<`YeZAt+{e!#d8~qQDkdpTa2PM
zU>&%(y8E+T$$o(KPJNK)7ThD{nfD%)tVD-BXPr2~t*=Z2iq~aOg3`tzVMv0`UBCT)
z>~cp^A<=V8#Dgo0vyO14qwI52tlAXY>?(Fd<h%^)!gI$d*@FXL`)td~B|9MZPd|~#
z>=*#h7G6O$@!wh#7oGcqAvII(cE~CO7>_T@{wMR^WZ+1COR)+LM|gkM%x5#I+Ff}O
zDwCvE{OSzl6w?<8#9GZgSHa?M73w20Tf7xjTVU!VGSnhz=U-D<ITRh+^ZsW3e~}(}
zrH3h^OBtK^B2Kf6=;+V7no<8k5D*El7rYtXn+CV#sd_HRx=U{rUQsN|yA!LI@X*hH
zu*P+v(0&6_ZcCbgzSIw2{UT)r%VxC?waG2cl`DH`ZBHC_Cs`?tQXkQaH6bF9X#ZXt
zwCC#-c`&M>l`7Z^QV9JPR&TOaMn>TGuwybc15t#f7O<>?WH@}%>5lCDgRvlurprc)
zCpJ{Ygvk`0L3$Ig9-xecXJ?xZ$<s|b<b>rl=G!$o_&<eMkH!-xy}_<Nc87Ycgi~DL
zKZ28YvQpJkMfdBFrXc@jSszIsFuj(z0m17ifjb!OqDOX=fA?2OqpRsoKT6U(hM2q{
zu>RIlFR2eP!J=ZtWp}GrHWw-$b(o0BJUtDLf$xB{Tz+x8p-gcB`rqvypNy~MJ_A<M
zA_?C|eSFgFFCCc`j?7XSt6si<#yv+DqcJM3Gmgd_^TNJUV?cuFJ+e-0odpn9QVM%p
zHdANPlK$9Rg^(H+Vr&s8-s`^d{Qc14oqqa@)GVywU=dm!<D3G0|CigDXL6T%^+jm6
zfm*7})unD8)mAbHG3a0c9Joz}fGA_z(!8?Xvbu*CxwF(6&%{l>chJQ0VY}hfL4gmv
z?1@hbNZJ)oHc_K}9PC}wUW5r`r-WB2TUNopl-2AqWo+3-blq6BHn8QIn)=Uc7|pT~
z_;%E(C~RLrHihActQKXH0y*n$l=oADPd{aVBgpAT>V?wNih8!ejeo-T0~uvFyy4rl
zx@_tZn?Gyyq;Coo2`zeax`G_xg9WXk5lJ)i(y29BD{ySM`jx)SL+o*!lt!1JN~~tg
zhC?LuK}YHwNAJ8r*e0b*Z>x<4YRC`$GYd3p5gWpce#s|nR!y|`FeoU5>`k_0zpSPb
zX%&>gT|`n~Yfll^N-gFle#pHqH}Yu>r^r^WveU9ZayO<bi+$Nn$p3!8+`oCn?1?G3
zRsFHIN<ZLG7MX^y2uf<xiWQ2LTC*n9P775nX27w|tLbkYAjGVsj$N`w&^)~)>cL%k
zX_;m6yWCl3Meqa*d2o>Kn3g(G29bLdd~_^LgRW=2a#Zi$K;%mR&su>e&tIp;oLq2?
zET34No|Z=rQfVqYCzJePH?t*(EF{g=iD}$lY$bb5SKPFdMHVk;T~)o78VJoA<*Ypv
z4veZcssartX#l!Vi;`=%*{%J1HK@9D0vVFjf*EQj&Sw_iwPy>G->V+JH9*}etbGOI
zZBhu;Sxb$1VV2Xf<XnYk&D<FutIl^=7Z;!7dcJv&HMq6Lmd{Je#f9LWONt_+>}3R2
zS?_fa%pt*0;7Rc(wP=}{cjvg0y@tWzG=sDnU3}G#prtsfv4NQA3uy#Ypa{h>hy6}W
zNA&{miSSv7^7@Z|b`T?ole~y_=H!AtoTlUy?vK<)@?(AAz6v<_Gt7jXm-2=?9C-v5
z-Vy9iMT-?WhHMYIPkB}clbMctjAk|ybC&fUR;v~m+G#l06wPw)i|p=1(Z_|Z&hK*X
zXQWG__{au~fHo`D2U-{ZvwhcIP1scpo|c8=j#NwKZ4qODLGL~LL(@!}Af!r@n4<oX
zlFjgR+EVjCzxg2G@9O1_JHYqmh{i;r0SyDZ+6Rf6hprie8jYk+coDA{cF<p-%)!^c
z5N`qwE_q3&<;X2@zROHuf|zor>Q4W-zMGWUIvFS3Z^IZ9kWMGPprJ6NPK&zXJ;H*1
zla;Co0YGbUxqeQ2l?n@&rt+xS<};l~pU71r3`_iO+0~ntWLJ67RAp8*E(k_|3gASD
zu8l|E^d<Dgm5uNYI?3ubWG1HNxgq`Oc%=Ty0BTG0j4*~z>#A01O`1QQ4g_j24T<XU
zy#Z~`4y{?U-8f&1iAfAyu9k@sdI^N*jr0J5Erjl;B&X30FOVYhQGj**b%mWuG&Q(3
z^?mraf=4a9!9oA?pf1#2wG;$3;qN?Prh7)JQa*v^n(Z;O9O@Ry5XK^=ATfW*-WNHH
zrEvi)m!unZpXz7nDOFuiQ+t#P6wc%spMw(&dj3^-MvPl1uo#cSpn_bJNpDUARb@b?
z)_!Qi{9jZP6RJ6OEMZ!|t6qLR;><S#ksggZ3%z18eE)D1ie(xJ8${<qvmj7z`4t-2
zj4~wmzK9t5yc;<A(}pr$8Y^1<^)!r9%U%hx&}w`jkhrJ@o}ekq5Ef5l(|V;I`8Yxp
z!N-bhxQQ*`>`s7$8~jDP%7%Fz^`IN++6>HRj1u&*KtmD@)-G-m@f9<kTu7zC0%Ld!
zh7IQ|N_g|tz8=g%P36SUu~ZDRkbwLzeloLX>lA=jMRiQ}{VbUd`hwTj1#A6+0c}AD
z=!SAi@`6-`MZCVzO_CQWj#w<*gKk@bT!o?Q)AoP=Khh*1DMBh3ilyyD+?~XsUp`4|
zyuF$sb{$)lwk^4HB$+d&iyKZ`a?bY2Y*k4M9t;5?KIn+?Tbcy4y@bA1E1*ITW}5hA
zV_ftDQ;BQqmptXWa^%7ZZL+|dX$9mE37r4Y<aD?(CS}GX2q+`hKtyO}MGXpmUpRpY
z(GBmjV=khJgO)ZHBG@wRm_g7xr%(76GXSL%;c%I!d)t!v+{uvp46_;%n9A+$8v=AX
zEe3x*$XYnzB$gSKO64z!?e2>X1S4#tV|a$ccBQ;de~s!^*LAm*?6jFIr*M5ekS*`h
zljylU=lb3iAF7i>oHM!1Z`>N4OXHt~3;fCz1Ws|vA=2y=1V&7ZHCWT}UlJgD;f+z=
z9%iAP^kOJmQ!(^tsf*_|Fm(}cQH&hT;c7^{Lo`e{>K|%}=qO-(4gQejQI2Thod0Lh
za{8QeRzSd4BGGb|w1CR!%2f!$v1|`#4G)Fm;|hK0A_CvNtPOM_N}=o}RR%>KH2h4E
z-`&dCls}pMTrOe>_YRY_prrJ9p#(*p`IT($^0C$9Ax%YZ#EwO&Z;#+k0$vBi@zx#W
zyDJrlt1*Zq4_Y)O;@*Eq;3iX;X5UcEz0l(2t-x*2DMy;pUck$Qd_BApRXtQH>U)LV
z69`la!m*FlRk)@r6=YCcYE5xMymnc+fcCIlJN*oGeUf)ougfA<e*c@K#B6#$TKXp<
zeMzvAZ@i=5Q$UyNWO-1S3^bu(794cg>a}CPxDc4}D04gC@BOoM-MSxm^?r_eQIc8Y
zm<Jn14BqPg>pD5ol6N8kba2O~g@qH<&oBX5JNWPpi-e)-0v&ry^ekQ1mhs`VGLQOm
zuAO3dY?gE`2gP}+fE$IqC#XUs12BZZF{~6<jaL46qcj1=y5~_IX|10X1>JDY5PWOw
z?bbGZrM0vGjW~0Bx_6y67y{NhppEX-*2>SNoa|%J_t|@JTu6ZVepAhtm2Z>CH|2zI
z;$i`$s{`G4sa5y&;{Z_+UZ=-RH$l%MbLQ9AUVfpftL&NxTv5pv>Py2$d{}<@lCpho
zjFS0^M$Y_rCC8ZqLi{aO_F@e=LIfoIYke1F!v7O5S#M`mG3{4x>p4fY3QMI|9Q5i{
zJP2P+J6wZP(r0&?HHne~b#G}U;6tfg;Gfkg%H?wmt0$n&lxNvcbugsG=TiBl9be*i
zFgPQ2%Ub)0LrDpFrnf-&6f(+hZJv9K<inORP{(M<LCHeYMZB6il#P~3Av%R5Km6UP
zY8>@@P@fbhQ;efLZr^%1&M}TcYfh3^zu~N8Iny+5iL6r`7{B&gB7GsN(IazGF_0Nc
zKPjr0#ZJgGI56PYN$~3%B<FJ3)!b$W1bd!F<?(~3kY7^lW-&aRvCi#4&~&{PhHJr#
z9T<`DsLU#=X<CZ2eb!OA95v2YEzso^AS8SeOu!ryWQjKvudoW<=C>qYZ{=t}=C+4;
zdxzVnuX&ymgM!uoHVJu%gqYFw3sTHuUCG~L$lDWNJG{3Es9c2?<xYoe$%X>+>|GVO
z{O?;IE9N0x+{2d(p(V72oK>_q0ybhjGKDeH%^=A2I%tL@C>`$S{n~zAHXd5Ox;Y9-
ztseIKCzRSu4c`{Wf(qU%PkCSR^-AVI>8T)h1>X}S0<Ew{3Jea}$oDwC>42+dlnY6#
zv}>x1X{K2;p(<4k?YgKic;*@2g%dy-7tC@2+mcLHFy8}?Ct$AA$_cu%fdjJZEo;R*
zlcVz{dAk4l@94G{@Yhh7cjm=a^F<ZIL$Lmsf&llwu(uLxCa!v~C;WcV64j-#t!%fa
zr4W3202MD3ekX|<r-=dCN@cYAF#Fg38_0^)v1}gK1T<>FZdldMxS?l`3p3m*b-3x`
EOV%60#sB~S

literal 5815
zcmV;o7D(w~XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zVhG%GSUW=vB}dTCZ-
zWMfuGHaIVNcXUf{Fk)GCZB}73GIVlhFG)f|YG(>oX>V{(F;8bfWi)44Fjr1mGh<R&
zD>+eEH85Cic1%@EV^3H!SvFy9Z9xhxJ|J*ub}eu+H8vnvR8ebHK_EdgRAOyTc4uyQ
zLvToVZcuqdYgc1*QD{|bbYXKjZ*F*DL@zjOc`r#-VNnW2Q$kTqXJs;0SwloHc{ea)
zLNiulWma!kR(WP*R!>qmd3bYgXnI0ILrDrPJ|J*ub}eu+H8vnxMrUbBcOXG;QF2!~
zGI3!mMpZd8O=Va{P(^o0FEDO+F;-z#Z8ua_Z)I;vb4g)kPGbsMFj;wRPi9eBVofhr
zaZyNEZe~w6PfJQiD@}K3H8V_eWO7<CPD^EPSaS+3J|J*ub}eu+H8vnMc5P5}Q6NEc
zWHLo(dTCT{d3S4QMs9L1NpWjoSW-e|RWou{Wo|S?az-;kVrMW;Qg;e;Xl7b%NOx^D
zLvvMiGk9k;R(LX3NNhJWPGmDxMng|!bv0LTa6?yfc4G=HJ|J*ub}eu+H8vnxMrUbB
zcOXG=XH_&vPg87cMq+t6Xlz$&Y+7bRM`>0?QaCYiPGM_kYD8={bU{~4MKlU>bX7HS
zVoO(4GH*#)Pcd<GD|1nDSY>cfazQk9P(?>JbahuzSx!t#Hbn|8J|HtKXL4m>b7de$
zYf4feQa@}+LvbWc3T`=9F*hqVXIWEGIY=^WL0U3(MsZI!a8_wWacpHzbXGV_R#`JL
zR!mQJOh!ylcXnuVY;rj?QCUrBW;8c?cM54tX>2PvHfBgMa4SVMS~gKqD_CYVabj~+
zWKmjaVP#G-T1a_WV`6r1I5tOWYh_4h3N0-yAVo<-Mo~&JQcg^8Q8QC^P*yZZMME}7
zFfvS7Mp$KeS3_iLaAR3#K{iBL3a=~MHN8+GHnHYSg-i$KVKvKhm2yT7O*d5*24?Xu
zWdj@Wb6pJIPbkR_6f8E5DlJyrl&kHSP`eu?*>s|QuVvTLv&p71ldbzGJ3FVw68EU#
zRA|1z4&$f;`Ky`L#k%TGo)>(mD)=gl{3qu*J!TZ+gAN=jM)W&78A**OYTzX;_!o$o
zXhEcKU#B$GOPtdO>0%bls@dPgJ(5y!;cwO(YskGb){j7&;6UUZ@7+obUGN+(3lq}K
ze({JU;&l2nP4IMB^go+;uY(PM-n=u`>)5E+*TrppX<5~ZjlWxcr{`X`p~aVgCSD_@
zMV2o`h(u$xq%6%Sfwm>hjT##ybwtD)N`V)O0je;&V^k@B{_7RTPJQf{P#3Q2{tn2j
zxQJLATT2hy8$%@V+{6SuHg%1L-I<naB=Z&FuZl%ll*}7UGEX{GlA*x;b>89P#+3=b
z4c5zeTJdI(M|t2Ir>z@+G~(65(>~cFy9q8Ic3ALH<cnYg=tAChd9+u1^scJ8ttxx&
zH%UPNit}(BZeDTMwGZ;qth5ynA-0!&fQklO?MLbECqVGpkdW*`O`m4I9<}+*PjT9!
zBi?uut`)|1>Pcg7r4-~`qRSpRy(e$!tM=E8*R)J6;5m9WH>WpdN{YFy)29e(T{I?|
zL$d=FF+Ycsz@P9KzSv<0pK=ts#dHtCGlua##Z2hbE(?r=I?!}Cck>l%hfuRSR>B^a
zucIzmWzl-DBCT;~!*EA4(&76{iQ1D}F3b`Mu{NkNFmK2jXdaQoUo)7_*ej>;&;j^_
zG2xqvUCqNotdG{*xo=iISk$WaD<>1J{^^fkvCw|BWm}wy<{I4*5tRoJ31ayS9J?*t
zZ=nscUTFOhF7X(8`pqa9&mQ;!P*lqhAY;RA8Z|z&7}RdHq$p^d+zBA!s9hx|ZF2d9
z85r3@uj<SSaX$}pqa{?-D~4U+y2COA3-mq)9cb->;HBKf+?LO3k)y|amsHO7p<iz3
z%JBU&JA8_#2RX;rRm$fwgk4hc=GeB~=J;I89lvcdNqsY@9Mehj%fFx(7Sxn?l&&O(
z(BE@wFVF;yO;Nm7C0GG))#o{LrQ}Rxi8XgOOB3Z2Fz79fo<b&kCN<+n&e%vhxqQif
zSP~v*T2Bo?tu1re?>eKo4;5_V+GJ)`^vN`=p#PU>qM>@^1_);@{r?^!n3+m1qPm%o
z)87z{suD}-jLrX)B(hALjZk1ehkT4GvZ_Y}l(DIfZjvvl0aS#ZXLbK3T$5~C2>>kb
zo!ZF(3<~N{#o6{}C?Tjy9q*h(&rX98vcK08!Hq;Mh9WTWquu4mHWQ$p!tXo_?ZB%b
zzxYVBs}7B$dAtH5Jkl~1-14zzQq;lYu!-xEYk>jLi56T4VBMQM2rMW(2PaoUVnD_H
z3+r?HlJas;hHwQR_Vy>k*aH5ik%rX}$OB&hamf2YOU+7P#bvH*&`<D*K<D=yU^`|>
z=*?SdYr7a$MREwH57eV&<JDFPY7u?MG5Z9*obno;DeZ@13gpv<G?YGyhMZ5nu+|ft
zj{d46^YWM430tCNdT+fOoxT>_7Tik#Q%A6pC|02zfg16*Mt~3fa?Kc|n8Ml1dG1P8
z7!{F%8A(}XXje8M?|&Cn(>SwS!hBVF3u5Ks8@dmRTf!uAzAa4(L?M1@*Xy?es34Ri
zcs&J^<wIP{RN=&bg4LKA*~w=&ZbwqgeNbdfLW~2gN`zs>P9UK#v-KFg2EIudA^`j<
z_0AE}t>fbp+{v-3n@=X5%f_cdlMLH~FJ4V=jOyt>>ZFQXqal(c?-H+TlePF*E*yh#
zcrN4RQ|$v{wq-r-7R`Ufnx6LX+`{(!AmUG+##}mtWSocFuO%2~Y2jZwz5!kyk}`8{
zG5Rp4o@B!W6rXzGtvJi+v<FJ#)kF!E*!0OC#F>1ym39<WSz^%;cmHjJW#0$r3*AzR
zuIu8}cr}@K;J0JJSt~n_nJ;Zfr?#53yMS03xf{G0SDmJ7joE{sgO^jkd2(mDFh#c1
z<5%c0w;5t_<9YiOX{Z@CfmoJ{G-Z?;skGg_NtLC|VgdJE%X;B202vV6OQE$VFu3=~
znJ;9sx#%;RVRD`*buz*>MeKxUmX*d7ziX9nDly=*@IZMc84^wBT>YIM!+#=LY~~Ul
z^fakeII0<kc=YF%V(o8DJE8UTQ`YbqSI*(*iUZG%7}pRwP#(=^V)ghgNweS7IkOaG
z9~J-W`gdPUMH(`V%Y2350JYwgOesKO3#}cC077{fO>x$qczWzXjaAF-JV{@nF$(7K
z5tgK;=JfGOrmG$Q%Mr;90Ww8!^<$32_o%Nc-XD`PDnEHoVb(G4fu2nz3SoEBPN?Uy
zDK8NT6fnnG<YyodZmKQxjaSj`Z}o|((Z+vFhRs;phUyWs;W2tlEwmo2KGsvm1N7&r
zjg(sYiKXZIW?<L(xlJ36_la}0uA!rqu1L4wLps)V6xFeIKdb6F7vfA)hPlK1eyg*9
zXbL$%VsLq0H0!l5IT;56?fo~TQ<eO^AMbGh72kGsi+Fn|=Rci9eSC>aRL-Q4M$Y8m
zEu>0;<)^vPqq<*SAxpLpJdu~pmZZVpMg_^=?K3f!dZm?01!qVaooGpG)Fwtm>4E^f
zHMtTljvvYqkUz)V;k7M_hf{aDv=buE?QBBD7K_wDnW)<7dqUCixxJYP$5x8P{aFzM
zYzzpH45RUei8cemhikZV=okmqgw!n;{Y5aY^tFMIWMuwuU+EfI@@&Roqnwkux_!H5
zwGClIz(HOZoTAZ}&$=~hi)%rTBA<uOswLN+RdR&O1U4L?vU%;8MzvQQ@%RzTUUV^#
zxGeS{vUb>XT)v298;?5TTW%@NB`sNvw)yaeG0v!@ou{td_hn&tt^xJ*FaCx_Y}oz}
zYbq5JmNY%$`0Dj<We-Z|lsa!Ze-t}n+epfdEVSE+LY(cf(PETPuBDw1qy6#l$LppD
zJ5(uImzb+#BFx|A6`%V;Q`$y1^Foxq#bWfB8VLR#j73*#zZKgQdju9ZtA|BpF<`3P
zxy*5gMgM`%HM~eAH89{{Rn8p3niVk=APwejZ+BZKUs}w|!Y03od~Fzd4XHV)kiyF<
z_DOtW(sY?p$Qkk+GiYGfvN3YKjHP3cq$~Na6nD@aeuBPo(N{5O=KTR9zqm&8E}keK
z(J=fhUNDWS>1^8ELD9N-g4b^z<+Jkd*GiWDj(f^?Cjkj^RLhkc^@ds|MGd}c@ROQ%
z2L3A=goq~Y|Mx{?PcewZf;3bQrOm@tupZ%dzjy&DU^;SQtkIPg1R9L3k5N0KJ9Q8j
z5KrmKFo%+n^-3)NpbtU3{OLL(ItRIV)rbM8-8Svvx8Qv1HvmsG;)#dFQhq8PpTs_I
zW%jvfAVJKRLlI#?*Mh?V!a(D2NSK(frkD19$6g}Nk_DWYG*;Z6Soi17gBP&LlEs`B
zKkf&=229$~tcYQB3{zLvZFdlBB7NY0<#VBpF(%{VX9@HKK&S=H8sx21g_aT26NpAo
z3<6m&fy#^`JSWRy4Nt*w!UedDzNVn8v^6_0j45fX4z5oTrU-e`qCOnPEq_C^c0RIL
z{(ZejN*PLVV&M^`EFX;TW6rytV|q<9%>n_$h|PLsjziYmwz~><?(1<x*0*@zMDb^b
zlDjlv-`^MD<lH%RooTi!)fX7@{cc}xl>&Wqu)7uD=XN~k4QGW$8k7-We8L3*D8S72
zha&UgvE<3xs!T9&FqnN83~!`2xs-D&D+?1sV4!2?jg$foaTm-|qIDV>t@Y|GBto#&
zJw)fspna^|+O&K$xiJ6f$Ji4t#Tsn&k;34Qv)Goq4jb}MgnR+KX&-9`mb8Vz&|>2E
z^hdds1|?W&rjUIq{4vC|(W90R%{?SKdE^}ZW^1^V69GK|jSe{6>!Nv(oJrmk9$&5j
zU2Jmx(g0B0n>~9I3)`M>h6X3iN7?ZZ<ao6;@b?3RE5HN|1Gfgx*Tfu-K!a|j9&l@>
zT($@QQhH?6Az~dcywqv_H0zO|HNQNm(-nu&H1~EowdgcepCo(l3om47_+O>mpj`A^
z{)7EMGoIoc7_PWuA61i84p`rS5MZ{0Ri|AW#NcQ4M2e=CL!iL5a1YeC==u~}e;kY@
z=J*r8K!9tCK-m~D_&G4g{!;J$8p;k<aVs_%ElE%BYW~xViKVvKsoO#&2=*XGKO2-B
zTtUw<1MP3GRM6^Go)=>=9;xnmWg4RxuN})hqx8$xp6BBFJ~AedO^;)Z^ihqQJ;Hx~
z5{_wLpaX!JyLNJ<aof*q*-z(3#fo8B2x3t%J)UkkCwbjJC6TA8$Lgrj{{ca0UOw(A
z7gDZa-9{#Ff%g~*CaN&7)h|!1Vk92Vc}{I^)ei|`zudI7u5W!tpIl3yAVb|{i1p2*
z$K9ik8y`Jah%;L3XJuJ3Xo3S6J(Wn}0c0IR3b;DtmUPtBAh8L+gm}BcKLA7H7^*rY
z$f3r8i*|%(KH@i?gCe3Gj!mJcF6cdw^B#IymKn-r{iPiDUiI=xCix$K->3;W1V0le
zO{WOw49M`e<YlP@s_bcKV0e25x7%V37W$jI5e-MwK*S)IT3`XQ&E3!fNg&QPw84^t
zuhWiy|F1cObY%uWIYTiRgkk@(kN)NFB^DDqx51u#_zy-0>b=d`s%KK%E?oUT^jZ}$
zqq%tm&m(Dc@Xs-ZpenAxw*uVO=zLQBShS$R+eW?>#6FA3KO0a=78IyKV2L5S$QKW_
zDy3-O8O7BR{KS@Z4O4$fzHUTsB)`&29>54Ml-gvE@ss#-S~=Snq$ApO*~c^|E!}5P
zpp>kT!l!qtnMzS(OT8j%JSVvtrqR$=$Go%){##fc`HAb3jS*Fx;^=|BDxLRr5>&``
zcx8k6U`7(<x)uS!@_HQIFHxn0OVbi<(jG&+l_c<7^5$<51f4j?wOc4tOStHGsEAn&
z8i<WP3AfPYi^tT6mxib|#EkJ&kviXN6UtQmmz{av8;_yd^C_IWPzYWz8HM@jnV-IA
zUV0oalAlnYEpwO=6ny?H#{3D)d3C-w4{jdw09;ejE2xP6r>!ToKO_$S?|vqGlG8*+
zt`3Y=cV#{rl;-os)QCiN#&m|YP5*kKP8p#)oSK^y)hd2pmRQxQ;t7ob(0@$57X;n|
z`ZR_?;B@BTq<M30JnOGiKDQ(KB5zeC4^@s2-+J-oT44cU(Aez*HRs@;m&DYNh@e*x
z4od<yNdEq5`QZdd(HP_QhTxyM3*4T?&bA)me|RDSK@^D2^<bDyr)-qGP`mXh9EkPv
zqa$1Qyg}?}5Fw8s6V;t@%s#*r{E2+*X7%zUk(UGxCFKMHn}RL0FMpulr<-z=d4-i8
z*OzWdI?&rH9u2W%L`$<Tkdm1heHe3~wk>4-K1G2pTG?&V=O9qxU<{CPhJPd9qxNsR
zBQvn$==!;cfAd%u@%THr2S3@ebG^t^!-6PAI)Pnl>FV9Q>Ejr?1-OeG7&rzZ1=HmV
z!|mOTsC*}nE5j&4wL6cpf#nZf{?{A-RO8tGN5hTZZySIY<<~yKxY4~Osalp2o2&;l
zQg%256WX93eQ29LYa@cBvVOyqwbC)fH5dlhQu(++$@yX1jA@0Ci{R@8%Hx3Svp?RC
zV`tAf5>>cgG@j<8hiF*J#>!AHjin{c?Vk-G7yn-~pE!F9L9~2F$$#7oe;RfX@Nagw
ziEWa3HJme~t(Zs#)n}R<r-Wsn;!fLf&WEoe(E*9-I(25uZe|zO<enk}xn7r6rA6@r
ztn*@ZG2gVf>*^;D=8UmM6!s!TGC%op;Kd*`BT`R55j;HfYMse|!gBqbNXdc8Sg%+8
zs=Mj&ySgea(X`EIVkLO6RIl?f+dB>sjRj`h{Rk|D3(`3`*^K7+lnryiHDZ&kj>gzz
zv<`AY{{hPNVp!6zd`60KqMpD$1km8eU~FnONBcOLSK`)hrq)H)8NRIOsJNVEbEt~E
zP(<1I(t;s<)0tmHm)Q(PRxD`%VWHZsjjfoG$t>dJjub_fQ(+@+|5azHKDi`AMW_*p
z2n}+=lhkiuPr^XZT&VQuNLgg=(tuXTaLK^TaWt=)ER0L6U;uBRO0*s~WNR0?-8^=l
zrRF=fx>J_eqscD@9TvEOQ7V{bE-8%ZZp>i>NS+=j0<i|8A_drqoTXmgmsh1-I&r0}
zdvK;uGz)RrYswGmQ){SZW`2$vNpa#Dl&cb3Cu^U|>uxwe)~*x8xIc#xaJ8>@nW`#L
z76N3X)0Nz(6jwc}DkAT{_qy0{(v{Oub$dahI^{CJY?9t>cShmh4SUQ>IQrV&Dst=f
zcyqi<yZ1^4aE~3%F$=!+z}2@h=(N+hb5UV+gTtb=+lNDmv`rijPIpV4DnlXv9y2R$
z-RZ%!UxE=zYBYW&D4`stKwD}LHUbPT@&n@!KU!zHH>tIOw$hW~5=}K-A;5#QR`0YJ
zL5~mKlV_EFf)Gtr+bT8I^?Zj(o3beJm3LeS4Imc?_mSvYH3N$)wL&8i-N$wPf@}L7
z-$FKo$_I_P54^9L?Oh{#HbRP{xVri1s3Fb%V!^tjgA&!;=JjMz!gNIbp2NVE3VszC
zGkvzx%!Ps+gWN=<QdEqTWN3z5?!?&<je?s9BlTS3T>OcJtUsIJR+EVGeDCEEauii%
Byt)7Y

diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-homebox.age b/secrets/wireguard/elisabeth/keys/elisabeth-homebox.age
new file mode 100644
index 0000000000000000000000000000000000000000..d611b919ae5e399086a0aa612d26f9502c5e9ced
GIT binary patch
literal 801
zcmY+<JCECR003|#7G%b<bRws#SghdqnOI0CIex_dvmL);$L9{nkG~zqcKk~0b9Mw`
zWkI5%1Mm%iu|vmB6&or`2UJx$seAz>1QNr2f}egt3a9W8wPStEs>7#Mn_@kVOs^&$
zLDM)p8O1h<^_#?BCYeMAtD&<`V_F6C?pjYHa(xRjbk+?#VFLtRDZB*(Nzr;WGE#t&
zdrI)~QK43)-?b6pI+8--id|Cw3U$^`Yl3Db-p0%wZo;MVFf?e0yIXm0P>}{2Ge7R^
zcn+C7yjA^d4q3r*mzxG6tmZ1&7WmappiU^}RK!sg`i|yW&O_Hav4|~urHF*NcJ5ie
zlxAR<aC7wb7^1Qd#Gs(8Rt<EsUd$}9VJy2W7Gsc$!)zUgyP`lOywPhd$uLf?Fkhf_
zlTo#np9M)_u#CpLj?eN&q6L0*&!YR%IGPjgNUq~}>1+u+NCq#{db{lL=Hw3o(^Myl
zlW-hn1W;~?5m|N^%^1qzd}Jc83R$7O!E%wvOxn!LvDvC}?+KQd^5lK%|5w$D*GaAr
zy=a`yY=Y5>T-(yMZ)eqJTrE(uZii@yXj2-HU{2&KR_*EeDUO;<&PCvJ5U7^psqB#n
zO97Okvw|J>pXGQkf81Y8(-sCDoP2V5iD*%=I3(qsl=b~$D`9S{>hq<0u9gMB<P{q3
z_5#?GT|E-rvak<$uxLuFw+a)_GuiZz4c4-uF*<lGVc-lQ0fzI<I75{L#>-s~LA42x
z>2x}YOqjd6w#H2sBiDSx0SxC{p{<jdrKOa_v-l!P*7jkZA|KohzaZZ{x_b5O<?o+=
zeV6|618O{d`}pEJJo)U(NWOpLK78Ik`1tM5uYU}cZ}~5u{`m@f^8Vj1E`NRZ(=~JY
U=)<q>USEvAeev);|F0+i06WzSXaE2J

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-homebox.pub b/secrets/wireguard/elisabeth/keys/elisabeth-homebox.pub
new file mode 100644
index 0000000..e6178b1
--- /dev/null
+++ b/secrets/wireguard/elisabeth/keys/elisabeth-homebox.pub
@@ -0,0 +1 @@
+QZ8sx7wJ0pMAfxyA1hDgcemyI26/Vfaf7TICofiXPhM=
diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-homebox.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-homebox.age
new file mode 100644
index 0000000..ca80602
--- /dev/null
+++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-homebox.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> X25519 h2wNST4+qSw4uCVCUqSoprjByli3t11plBHp9y7dRGA
+DCCsXoA+stUFmu0aNcNJSClOFTF9pNjgN6hsZjHkOrA
+-> piv-p256 XTQkUA AvmTYpnMbBf4FiesxT0+RahR55nXJbmCsPh9jSXCk28K
+AUOUpit2AsUMCh3KRqwMMSLJlSUlGBeoJZWyey3S41Q
+-> piv-p256 ZFgiIw Ax8nhmzow+Pshj2paySHEdKc+V+BBP55FpwNa/HOumWu
+1vnybx4PiWiep4LKISh9+DQzDcv46iTf0BytjwsVPqo
+-> piv-p256 5vmPtQ A5l+gaNbTzurlEnGVdjdYBrXjF5R+xdxBANv3V9W74Tq
+AmWUmtqPpGCG2G9xEswFwnCLNWS0iP9wdaS7UhMIA68
+-> piv-p256 ZFgiIw Aq2tikCz8rv/r8PcY/3PKws74HTRdKC5WP1Ht/0ifeC+
+kSiDUso530lPlYN2P0JIVG1LgEbL2TkRK9v8YQpUQ7A
+-> =3mcTXky-grease |'ZI-R @E>y{ m){w =.h
+yyiAGQon2cSKl+YqqZzrHRtsAnSVkg88UlO9Oj6nAdMc7/X+kNmoV0roz471Qcst
+5WRDl9zm+ZUTS5bCqDdLThdKlxe2BFc4vp5WWd/QBVrlGuKPza8
+--- JfX5HKp3fQCfBufji0c+DBERd4JPBp1v/HG5vXkRUzY
++{�|�\X,�50��t�+�Kc��(����àp��N���[�d
+�W:MȰ����J�㔭*�n˙a�9x�-]
\ No newline at end of file