From 382d9e9e9b550e0c01b1167a06b07b68968cc892 Mon Sep 17 00:00:00 2001 From: Patrick Date: Fri, 19 Jul 2024 22:53:10 +0200 Subject: [PATCH] feat: host pr-tracker --- config/basic/users.nix | 1 + config/services/pr-tracker.nix | 38 +++++++++++------- hosts/elisabeth/guests.nix | 2 +- hosts/elisabeth/secrets/pr-tracker/env.age | Bin 0 -> 924 bytes .../pr-tracker/generated/maddyPasswd.age | 17 ++++++++ hosts/elisabeth/secrets/pr-tracker/host.pub | 1 + .../secrets/pr-tracker/white-list.age | 17 ++++++++ hosts/maddy/secrets/generated/pr-tracker.age | Bin 749 -> 0 bytes pkgs/pr-tracker.nix | 4 +- secrets/secrets.nix.age | Bin 5870 -> 5824 bytes .../elisabeth/keys/elisabeth-pr-tracker.age | 16 ++++++++ .../elisabeth/keys/elisabeth-pr-tracker.pub | 1 + .../psks/elisabeth+elisabeth-pr-tracker.age | Bin 0 -> 764 bytes 13 files changed, 80 insertions(+), 17 deletions(-) create mode 100644 hosts/elisabeth/secrets/pr-tracker/env.age create mode 100644 hosts/elisabeth/secrets/pr-tracker/generated/maddyPasswd.age create mode 100644 hosts/elisabeth/secrets/pr-tracker/host.pub create mode 100644 hosts/elisabeth/secrets/pr-tracker/white-list.age delete mode 100644 hosts/maddy/secrets/generated/pr-tracker.age create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-pr-tracker.age create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-pr-tracker.pub create mode 100644 secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-pr-tracker.age diff --git a/config/basic/users.nix b/config/basic/users.nix index 8495664..e4dd4b4 100644 --- a/config/basic/users.nix +++ b/config/basic/users.nix @@ -44,5 +44,6 @@ ggr = uidGid 2002; family = uidGid 2003; printer = uidGid 2005; + pr-tracker = uidGid 2006; }; } diff --git a/config/services/pr-tracker.nix b/config/services/pr-tracker.nix index 0fcbbf3..5199c43 100644 --- a/config/services/pr-tracker.nix +++ b/config/services/pr-tracker.nix @@ -6,11 +6,16 @@ ... }: let prestart = pkgs.writeShellScript "pr-tracker-pre" '' - if [ ! -d "$DIRECTORY" ]; then + if [ ! -d ./nixpkgs ]; then ${lib.getExe pkgs.git} clone https://github.com/NixOS/nixpkgs.git fi ''; in { + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [3000]; + }; + networking.firewall.allowedTCPPorts = [3000]; environment.persistence."/persist".directories = [ { directory = "/var/lib/pr-tracker"; @@ -24,11 +29,11 @@ in { owner = "pr-tracker"; }; age.secrets.prTrackerEnv = { - rekeyFile = config.node.secretsDir + "/pr-tracker-env.age"; + rekeyFile = config.node.secretsDir + "/env.age"; owner = "pr-tracker"; }; age.secrets.prTrackerWhiteList = { - rekeyFile = config.node.secretsDir + "/pr-tracker-white-list.age"; + rekeyFile = config.node.secretsDir + "/white-list.age"; owner = "pr-tracker"; }; nodes.maddy = { @@ -38,20 +43,15 @@ in { mode = "640"; }; services.maddy.ensureCredentials = { - "pr-tracker@${config.secrets.secrets.global.domains.mail_public}".passwordFile = nodes.maddy.config.age.secrets.vaultwardenPasswd.path; + "pr-tracker@${config.secrets.secrets.global.domains.mail_public}".passwordFile = nodes.maddy.config.age.secrets.pr-trackerPasswd.path; }; }; systemd.sockets.pr-tracker = { - listenStreams = "0.0.0.0:300"; + listenStreams = ["0.0.0.0:3000"]; + wantedBy = ["sockets.target"]; }; systemd.services.pr-tracker = { - after = ["network.target"]; - script = '' - ${lib.getExe pkgs.pr-tracker} --url pr-tracker.${config.secrets.secrets.gloab.domain}\ - --user-agent "Patricks pr-tracker"\ - --path nixpks --remote origin\ - --white-list ${config.age.secrets.prTrackerEnv.path}; - ''; + path = [pkgs.git]; serviceConfig = { User = "pr-tracker"; Group = "pr-tracker"; @@ -63,6 +63,12 @@ in { StateDirectoryMode = "0700"; Restart = "always"; ExecStartPre = prestart; + ExecStart = '' + ${lib.getExe pkgs.pr-tracker} --url pr-tracker.${config.secrets.secrets.global.domains.web}\ + --user-agent "Patricks pr-tracker"\ + --path nixpkgs --remote origin\ + --email-white-list ${config.age.secrets.prTrackerWhiteList.path} + ''; EnvironmentFile = config.age.secrets.prTrackerEnv.path; # Hardening @@ -94,7 +100,6 @@ in { ]; UMask = "0077"; }; - wantedBy = ["multi-user.target"]; }; systemd.timers.pr-tracker-update = { wantedBy = ["timers.target"]; @@ -103,6 +108,12 @@ in { OnUnitActiveSec = "30m"; }; }; + users.groups.pr-tracker = {}; + users.users.pr-tracker = { + isSystemUser = true; + group = "pr-tracker"; + home = "/var/lib/pr-tracker"; + }; systemd.services.pr-tracker-update = { script = '' @@ -121,7 +132,6 @@ in { PrivateTmp = true; PrivateDevices = true; StateDirectoryMode = "0700"; - Restart = "always"; ExecStartPre = prestart; EnvironmentFile = config.age.secrets.prTrackerEnv.path; }; diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index c771863..2c9e08e 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -172,7 +172,7 @@ in { { virtualHosts.${domainOf "pr-tracker"} = { locations."/update" = { - deny = "all"; + extraConfig = "deny all;"; }; }; } diff --git a/hosts/elisabeth/secrets/pr-tracker/env.age b/hosts/elisabeth/secrets/pr-tracker/env.age new file mode 100644 index 0000000000000000000000000000000000000000..bceaff96e8383ca50588314ca08c912755052861 GIT binary patch literal 924 zcmY+>-;3J>0Kjoi*-J&7=*h$fv-#ttcFm8bxo&tP*Y=twX_Ed(n+9K!HqGxeP12@~ zih@j?w;f}6FqkI@`=P8TY(qCD40l5Yj)~wlrklP@1|H*f$l;K4(>?fbf5DdzUrALG ziqrB&ZlHIa?Ojhz4xm_K8W3OEyb)Gm84O%iGFVZqf02^U7wfHBUc+J;hJ`%AX`r&htA@;@Lqg;=yOO2MnmWsOY(fs>B|KT{gb!WDv@{zeR8Nt7 z1;7A^L0Sak0-PJObkY+n4{rAL87)as5-8PLASWfM=6|OX2>?rmnYuO0H!KblS=EPi zsznH3YJ^BK7fo4iC0=4Y2x=9IG3@ZOf8G6l?YZE|PsS^!U;lWL`0S?gm6p2v>V@~; zX#Z{hcKhJIEjQ1N7ne32xc}Y@t!+#1K00;u$4{qkTzgI4|K&T^&Td}YQ9E`0moFxB z2X_5=+g+RAKEJx$Gs)atKR84__+z~H){DP?e)i{}ylh8&)}DL(%*yE-Pd&q2ot(I+ zE(ynfow&+QKGO8Rxw2{NhwUTB7BB7G=kJ``|6pM^A<}o;Tg3BshV1%dczA?ZK0n@j zd3^W^c4+=$&W7{-NmY5ZesnX^9z=IY0JvjZ{Ity=itl0*6^RVC?-jK pJ9KBdZ(={(^Ur;>dH(4=C(iVqxGyZj$5;C=t$wiR&f&Wk{soN#Uk?BP literal 0 HcmV?d00001 diff --git a/hosts/elisabeth/secrets/pr-tracker/generated/maddyPasswd.age b/hosts/elisabeth/secrets/pr-tracker/generated/maddyPasswd.age new file mode 100644 index 0000000..4496015 --- /dev/null +++ b/hosts/elisabeth/secrets/pr-tracker/generated/maddyPasswd.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> X25519 U5pEv18rB3zNF10c5Evt74YBjl6ebM+jqYuWqr9mAU0 +/TvTIWHrqbCZ5ujaG+diSsJe5XE6lRcQS77bY6a4b/Q +-> piv-p256 ZFgiIw A+NQEsOQRfWXXh6JRa6BEcP7UtkhKJ59z9wpX6jyxZnX +GPD1/WwG52lY7AmRDttsv4o9XP1uPW3Yx7i0oPE980Q +-> piv-p256 XTQkUA AkfTy8tl43wHRIk/ngK36EAwX9mdOpXpfp/JEGhzEMPv +AN68T7tV2kiDfgcHB/h+IiBqz3lffwr4OkHLG7LP/VA +-> piv-p256 ZFgiIw A8lV/rIMV5NsOA5zTKZv09mTi3Sgddps0JkyET7EB1m0 +em3orzIidOeLv/YG6ANDWUki8jCd8ELicDPWLh+OWP8 +-> piv-p256 5vmPtQ AtsNn3+AoZQ5o76NOVlsmFx4LeMgu0enqnHrITz3gWws +AaIrGLPzMFZlP4yLG/dOD/TMDIZG9qbDQsuJm+RcD2I +-> Ck-grease W(W~n :k +K9daT5dj0mqkpMGKVLmMGI6Qx2x3k27aLADTYb/a1cJPfNbDZKAsN31/haAXr/62 +hh8 +--- fJtlUiysfb6UAKgPUJsb8ARuwDuztAXGoh0MOgswVb0 + (%1ܬ|@PV +\Bw穤r߫v.3m#d#9vL\\S7V?s{XtUv"h \ No newline at end of file diff --git a/hosts/elisabeth/secrets/pr-tracker/host.pub b/hosts/elisabeth/secrets/pr-tracker/host.pub new file mode 100644 index 0000000..dfed316 --- /dev/null +++ b/hosts/elisabeth/secrets/pr-tracker/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMHvbb5M9On2JdROGrpjgYfQ/R0gG8yuWuQFra4AHmG diff --git a/hosts/elisabeth/secrets/pr-tracker/white-list.age b/hosts/elisabeth/secrets/pr-tracker/white-list.age new file mode 100644 index 0000000..81f5264 --- /dev/null +++ b/hosts/elisabeth/secrets/pr-tracker/white-list.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> X25519 wOf49STmWvYTvHtLqT/8mNOmY8BLzOvM5NwsW6JUtGQ +p43LTBOa+rqWM7HhdzK+/+tuXECZYMhRycd4KYeeHDY +-> piv-p256 ZFgiIw AqUAM0bkhzEor6JFYcbctW6s3v17g+Gyz3+qvjL8ODig +lg7C1TCY2VtOO5FVxn7Qb3uHhoDwVZnaZnhAozl1y2Q +-> piv-p256 XTQkUA A2ntX3eQk5U/Yi+UQ1frmpDgOxrUKumh1Wy5BeTyauUl +krvmwwO0uFdrrw2pSBVdISHjGf0av06zFRlYygwfYSo +-> piv-p256 ZFgiIw AsR3cbG6BR+bAYv4u8fp86faaseTQrWNu3tMXVPZjYmQ +EU4rLBSy5vkrjIbUL3kO3GrFKttK6EjcBJWgOrawKdA +-> piv-p256 5vmPtQ Ay6lxP005c2h7JU6gcId+2YTGx5E8NkDyhnqyoFZpVyI +tv/FMRq3SdVDspcInA7nv0i6S2sHmsDtZD4WGfxKLDQ +-> NRp-grease j65O ' Pg6Cw ]~Jilw +dWRZsjvCv9cV7xBLC4U8oNXw9aTa8OZTqFsALKqBxcgri56n+gSn1MEOrfHa+pYc +moslDzDwxwa7UX8EcIzjLCsZJl7+rPYqSu41yhNGLI6OnyiS2EYaOJg9ZR+/seGd + +--- FZIPmNz/IAyDFW3/LMdX8neUiZfNkZ008pl6jb+SONE +Cd{bfT_y@3勇a|1 Ma Rf0ifDt9sbъ \ No newline at end of file diff --git a/hosts/maddy/secrets/generated/pr-tracker.age b/hosts/maddy/secrets/generated/pr-tracker.age deleted file mode 100644 index 7bc0096f13363b00e547da5a4241c495e5072268..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 749 zcmY+=yNlCs0Kjn<2YU{Jf}A=;9BVI+OWFqHAeTq;OVT!N^Y(G3&AVySOOv!I=peWW z2ZED>94F%9rov4QE;af__eMij!BUnM9UWfI(z zW>^NwrDSHVA6WRP0rWwo3g_D$#zK{V_Oy&HayNz}*pq;nil>hgA;}yNV8L$6`+=NqM(xHFax==xL~EN$K@TIBOqI zv>NuXrBq9*){MzwlR$aUsQBQ!-a{PU24cghdn+IqN}GAq362 zP-nS*Mq_$)&I-}c^Jg8p71MS%hw;8Tj1er*qh`hGiF(jcv<4rC6L~hIba|fJObB!6 zC}tO+(95(QMq!6Kwt|hCpSt$kg~XfV?b=mn=l-30j(=N%t~DxfPGM181&qy5Re&~( zrj>IzsS-|!av+Yp?%y}H8sur7T8c4URm7oDwls&NLu(lqyy*Ip=Qr79w}J3P8gH@{ z^v0*N>-?LqFAv^*c>Mk}R2)A2dFs)V^;fO)zi&O4wfe{X-e%Us)g*7Dch jp80Za|HY3R-yR?j53gK0`la1XjxJtUU*oRt9en=-f`j%V diff --git a/pkgs/pr-tracker.nix b/pkgs/pr-tracker.nix index cbf6420..e62eb15 100644 --- a/pkgs/pr-tracker.nix +++ b/pkgs/pr-tracker.nix @@ -12,8 +12,8 @@ rustPlatform.buildRustPackage { src = fetchFromGitHub { owner = "patrickdag"; repo = "pr-tracker"; - rev = "54d47f277df81bfe82339ec3d2ceabd9c371aa91"; - hash = "sha256-C3dGaxxEH2acM1Ozvk5BcU+Gq6vPjSEzBVWZcRKMSzk="; + rev = "4cd2e8216f8c98441c74a883833ee73123fb1042"; + hash = "sha256-OOohIvqPsCBtMXbg3D3GUdZYsTR13YPyWERGPCGZwa4="; }; cargoHash = "sha256-pcIbL/mWhvQpQcVgyeNccW5cnHGKPKBpY9f2eeSrcjk="; diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index 5ba8bb9ce21a1fb4c2134195e3a7d96535a951c5..a3f6e9d8c00a71d4a9a32998e53f691920ddd219 100644 GIT binary patch literal 5824 zcmV;x7C-4>XJsvAZewzJaCB*JZZ2M>%UldSePLJ|J*ub}eu+H8vnxMrUbBcOXG+OITGlH)&}v zWHvTPN_1;WG|A+SvhV>X;NWXNI6Akad%2#cVszAGFeVVHgIr3d2KLHb1Oq^a6<}Nab#h1PfIZkN?IvK(chmuNc< z8hBIWD4fqoq*;(?E}3mQvJ!PhKP0MQTI(jyV~ts5?$#SYPX1^BK>A#LH#)bz?$5R{ zYiDMT3n8C^BI7cGcl2=Xdr01o{7Q)-Rp4 zKJ`AG6|Wg`WuPhA1Dm@F9OHqyD#qno1=@**j;87qQo01{k5lllYfOhIuu}y@@lqy> zk)9U+mmFG60(u;t9Gp*Q3UqwZmJo|_fx19QBLSL~KrPIWRH;8mj9nYy8Laq6v>}^7 zHNciG0_0QYaAjAfF}+OmkXyy=>qZdgZHW+nf!_mkkN)utYmX$kQ2?I)6X*e`fG*Vl z>s;C~q-meP$bjkF49Jy`8JqeylY!Q4oUh=0y5yXcn20!KOaHt!4rP+z+#Rd7j0Pg9M{BP`@UBR&)#c$=>iGgT;3Q z;4ch(lk|xMO}A0^y^~J1lw{o2HSV?h62$9$CeP?U288KK{?Z1e93=E!3Owf{MM#ji zG3d8hL}3M9=nEiS?lYv@(0euDH_&-!D28L`uN9TGt9wzZVC11phdX@Z;ZA!41Taq) znY1rXNBx#&MW?Kf7?u&OHSygZ%4ATJ|`=KArzPvE|JSkK~Ipg>k` zj>v!v))G{pxd4XuSQ7ju8+jhwd_m*8$1XQps?VO4FFc1S{+Lv0Z|h}jS^uXa(<=53;1ZOOj8X|3pllJ|FANeO;lkw@}s zt9wod29xl76f$SFynG6j1C`kD&Z)8n4349xD`al+HAuB{Oh^fK;WC<6pt+^RBoU8N zlZE~)7*Zhe@VG-^2uer$A#m!C2G&mMcU9yyg=zKGhUi#Np0mxI!H^%eLmCq4FZ?a2 zqyyKpjX`+DPS$bb9Aeop?NDI^rP_`ip_qK7$SrM>$~#nFo_db>*H_^zF0YX}pE-kZ z?pJvi&^|99D$6PcK)%!Dx%`Z=;TzsS-9x1ESX62;L9$Na4|ixp^tJ>vf?_EAX3bq0 z&bzLN`{k7}v0ZP2sxRzDQFYnWs9q>siOl#N`94xzG zwG#c7%1*ZBO<$Bc>T+K%J?$=oXTIXTjVzbk1nVf{18x&IU#|s5o)xD<5P3-uJxi&R z#2n(`kj8vGB?Z9}U9E(0uk(;0dwSDP5;)BMF4@n5ayE1kN3TA~45d7uLc~jv``L-3 ziSa8O*}%|WxjGGvZD|3eU*DsKDIE{xKEg4g_P=D?%E;X15q8`$FiUAEo-e?mYhz>bfJEa;zwN{DHQ7R)A ziDtcSKQp}E?g=WRJ2No|X+kpDrO-)!*sW4cAcnf1y4D^N5kvm;Mxrax?JdjIqF88P z+z3@zUCzubO|!4Wu)uQm`i0r>621ATt<7G!rdZE>Sl5a0@ORyQnBuOvn}~(gZ{Ki~ zFvL8;o2MML?-yDmyT4huG~I`wRYdm2xz}`#*n}Gx8dHAZx!w(nz%|sSrrXrF`S_s6CKsn}^3_BgwDCUg{u}) zmPp_WMtG?J&f9)1n3mhPFs;NS9dJ`tyNJdwp+W^nVyQN)voGT&-H;;PU5bkBw=;1* zGJd>yz_ZpD(~m;yuI-0sjf3}0IU=-u{!9dsumFsn zp$d9=`6X|Hp>JCtlTH6;ywGoe5P2VBX9y4dem2_)jCW=mqVtQzTkJ$au}NsSDECNw z;ki6c$)G;6Q6JfDKUy#xBAVMT4prJR|Xh8&y=Wwdossr1aDX z%DCDi%`?Fe6s=(GY0kJXx_}tN|7>HZ8*S9bJGq?rTB(VAqDTpNEmdhib^hQK0i>(> zXE>$Hn;e3;x{rZQQ+-s_4vS=?Q%cHSOc#IM&fi7xcJ|&+*He1zVo2q__CqW0u8uOu z3^a11?Zb|c&q{zSN9fncY&eg{qQ7CseiAK7P0xb#=h-bO4sFg6xwti_x8FoqgOesz>ViCsVWLXg-3s(2WYURs^JoD zsWw^StFh`C^S|-kUE}8rxP==BR^4wv#%1>fJQoeYBLF-Q)mB}n^vMaL;*OOapWAY% zMR{8omZIgd-q&qm`O?YNNcOGND-{yeDozz05|WMA#_}%=Tk1zvJNeR@V4^RAvInnq zOY2Wdzfs|LaLhrT>$mxs`PA8)TC&8_Ft_cEh7hQXxiX;=gJioI6dG3#saZ*RiMGAT zLOWSJBHHD`97;9#zn%uVq5lDy=ML6e`+kR7UaYgV22gVsX$w`xCwvK6w&ZT8Dz7bi zV*3pNsD7Q-uCpK!BfZxHExMfIn1FD|4UM@o zK0e6brFr}P%`M;#dg;~ivY#f;YW9L8b`t@=YVv$k5*=#%0Mo$*9ZhqV{Qf6G|9Y}9--Q?PgW8l{ z^Y{%~MtUf7m#%6_-V^}r>5jG{mM^o1OGe_zIcek zW(=xpwqW15=sy=>YAQu5hIVqLcdgRp+Kg-E>BymBw*xm-D>B|BS7Oci64Gkj3umSJcM_9!ml%fwRFDtTY_tN@qB4 zRGSg*VO9OeR_AU$^*%6z9ZBh@(R(TCF?>mb%2tI~7-5%=IiKfz+sw8K3053e36piK zQnWBSstGDm{%bFCOTal55f-XjS{~hv88%o9#j$+77+ek`8pNPfePp=)}^I zsfWq8oDv9Sy#%M4wx9y04Oqj+IpLOF+ofb)0M^_@ob2Ukbz}U>54Hg4$r3a4jun=a z4cteQ!0R%d6%`x4c$lI|KfyVf*tTaYh0rp>9`kJ_v^=HnO)Vrjkog?4fz+*Nr}9$c zRWYp4uy22D!nlhDgFJj}Sr4NGqD8U7wO)1ONYwo_x~YK-+~ntS1GvlM@+`>#5bm)7 zwx)kYdpvMrGd$Y~T2AR0>ynQJN?j-fmj?WX?@+%*)Yb7I?c{E;3#;M}&_{Z~=`dGw z0vReF0b&Z#KMHs2x-0N&g@=%KaHxbwx-s_s+WF?$HZf0;{gZ(fL@)>mK!U7C4XUe$ zQ)A#yq+&hKekaHQ2_pxBW?{XX0^$|K! z+F*~EJ)!eiGW$b6xbPV91U;X8!&m_!vaN={7&Pk*q(cS2PTrjQ+Df@`tZwag6lWIqA3~;k%w-UYl?af`)5!JLYq?|RW+T_UJ13y6@AOREw%>}!QYa$Dmu4G*K;jNVI8LMA_Q6oPysfEAwUM;f zA^POdJ_mZ~eE$A+@7*4QIG2?I#fYC#12I?#Fs}Y4-D%`iT$*!0rO!##?60yX_m4j$E#6sPlB*JZqlvilTSVMQX^%`V zt`1ILLw|VFz={kRC=Oc@m-2G+%|qTJ+nwN71#!#GlR<2bT;+c)+3+YZMJaNYA>MEY zp1GZK$SD1BuM$CWJ7ajrzfcNc5@AB7bXslnd#O^Pg>FJE-Z@iwvJ9*L#V$hGtdSYZ zcCJ+KzuOrU6fxtdEb`310M+FI9{k5UZ?4SfKl$yRv|eLY7v%(gsv)aD@{LYRjA)vE zJyOX2Jix+n&}qPOD5Sg#G+mM!kTjV$*9yNCtjPFmH7zZ>Y0K=!!TponGam)2;hrlM z*#zIekqesqF0=kzgMWy&pp94Ej&tdnmTXWYA}_>q1P0m%Nz6iAb&;BDKu>s2db416 z%i~cav}owGUxm~hLhL!D4t^6E78WTzxE|D3CYzP6=vd^>W%1!6e+(~RgWa2Ka24&w zCA33uzWth02LPwz00;inZ*pi5+g8+M#+3LpL>c7Q_2#!hsxZH3Qp3tn-!$DhrPu0y zp52!?I}c@9`@?A&gi4vx-jBl?mGWA3rLpy6v&7vKF6)FUTeJdv|#(buyYTg!Vx zDqBThd$0$!m@RMbba7+GzRvL-uO zI|!day7ay@Ft9bxqT3tLIp@1<3!W(pA!;GNWO%pZX2%DgYl>n zEK!R)^zAL5f5mpf;k?y95$jNabW(~T1IRX=HE2*aHoUveQ(VTl6fE*+CTXM2rqX_D zW0P0I)n2`Jb17qDSILJp5**WG&x2t{i&W3W!KF2A`zc+V=SWD*djE2`!i*rkJ_^C5%thtGWIB8A+f4MG^py{ZYiE(jtM4^xB?XXY1liP4pt&a1qFsce#sotx~ zmmgo~;Z#>DK$oK}&oVHhJ$~Q3>6=_m6=LL!CT3H5=qeD7&M1M?$W%Y1}EHHzAwB6}> z*5*U$HNMp8MDI!+Q7`%wB!s0SR%0D>G8(YWwbu}&vT1DO5yr`QU#iLKc(b&7?X%H& zlx@y2*!@ThdMA8swv7RO%9wb6VpW0twG|YtVGEw8Y5FoNgpc)I_B+k@kb+=E+b5CD zWX#2S5{tK!zbWFN<&5xofRo9{>c-UNUB^Ss8bt^?63TV9u7k;>*R;V(|J+XGNL}I- z+L^r5+t_DUg~r>a98xE#*3|dnKz#tH5;p`{PQq9C)q%m~DKPc7>JUnzk9Rliv@U4+ z_K5uY2vxWk$t@%X&eT?oY52VdU2Po2SmuOTyTK$-(X|Je8tQZfK=!ua%H8vS>TchF zB9{NiEswVOW&`!Yb2r269hS$k#syTt+&s&GO>IBh5dz`zH}~`{{|bFGx)AuVxYSGU zBOvHTq1}b? zT?}F4M0lFt*ey{$wB%v$OB%1v15@ecLXuo|L>#~m30-uUT{&nFnQm3aoS!MmT)Q(^1G9H3UkFocz%8RLmy( z6H{uXz7k_91Y^C6)L9nOY8v>f*N)x2NxWEfnrbH=u6V}Ep+F-1tRYuE5#Wg&A>;&} zlORFp&G1^#3gaaqcna_OMohTC%TpCBFx8%;=P*5DWu!8`^XU;QHXT?kw2&jrGJXTe KI$|C!DQX2>O!8C! delta 5857 zcmV<779Q!qE$%IlAb%@URAp60Ml>=|adLDtWkD}fIY~HCOIJ-tZclJHSXWe2Gi-D? zOj$2%X9{{}YDH>IGH-EJV@EMTVlZ=PQgKBzL2N~Lc|=!sV?3vcuPrb zXfJL@ba-q*c5@0>X-P(KVP-@#PgG)BH)T>YOHXZVXiZ~LR53&~T1h!Hc1cllMpjQX zZDW&90Tq93SVmQ0dT}{3ST8m?RaSI#W>rUFW;s(*XhUyfNme&&Lo;VXbapj(aAyiq zS~X~QNqBW{STjghZ((FhYj8_?dQ@>}MNLz0G*2{mM@MQ{YifBxGdKz@J|J*ub}eu+ zH8vnMc5P5}Q6NEZYBFj~Gg?7KX-9W3F?vL1VtGVMVL5Lrcr$TuN>E`_cV}{HP)ILf zXJtbQc1}(+ZbE2lRx))|b!&QYdR1+3Pc%tta(F^3R6=P;FHcf#FnB_CL{M*&PXQHw zXl6BaOF=S7PFgWBW>Yj_I8RGwD?~_cGFnVmG)7@&QD;F>Yei9ZHgrb{LuYn3S3zb^ zc5ZD@QczYnb9FgMLr5`bZcb8HQC2o_MOSQhZgEp^I5}$yEj}PaLrN`Ya%Ew2WgtmQ zI3RUTIzAw5Xj5`mAYwLJSVkoZLuq<{IaX#%T1adMQt}!MKm#CPc?Ny zNp4qRGdV&lQ87VCO>TKLXEkg{QgKH&dQ@yMR&FsyQsvwbBiv&hZ*o4Y4;UqbUikVvUkT3#yux)4y7M8wK}bAmk@ZSX*0Jqo*e zEld!4i{B10Q!S52H3i{}(ab+gwq_ULyl_8nt*|%z&2v#TucwIBGl1zwr82VrPr-ip zc`_sUS=9t_US!c&Zhk2FJ^X#%0#mxg=9^$_C1SZB#mgL~-o&1x6v>)_l^t3^}* z9D5GLG3ac6fhOF+sn^!d#p6K{b9XE+z>FBfQFT8V*dG>g=aAbmEhR}aYG&Df^tEp? z-3%YD?N&!f(h}A8rewi0o*Zvu5=l#)vV2^0&#D82Kol>3(`7osv%HW^4hRBsK}wtj zhRU_L$Hc7D0BQ@yT9W@vQW~G#>SIsoRtp_CJ2>-T^$G5u&Xncw0$gw#A_+9-_X^&bfU+JAv(H~4Tx;JBg-cUqaJSAD1&kZ`oikbo|dT>KGbnCrw@r6S!I_K?s69--cp;mqCj)(ywIBo;mk&R*cV{`hklIR-dQQxcJR+KF!ga8}ttVb7 zA#h8$v|*+&c3-na$KA{p?miBtbcjCg?5EXk$gl_9U{B_g4t^`X1-w}5$j#Az4XK5H zm+WzxVS)5Al)hc7?*t-^hhlwS93#h4n|Ip^u8A(=TCgJ*@D7lVCp3kkqLU)!z`*;L zvT>4FQV7gXtDaRV+xD%Y(x}~AQD7!juST?XOm%BJ)ZKE2&AiHhbC?Krdv-uGqyS|h zC>qU!FBN@q73!>^wWw_TBy46IU@MA$%=tSz9RCLsGNU~S!uZ?o(!3t1v>v6IYbKWb z$^6Qk@P-lWfU2%wE#DI?+NQEK@pAbjPo9&iUgB2Ew*|nI8my;u5_Ms73oClNaN(d4b$Ms+6+EQ@_B=URe`=CjV>V&%(y8E+T$$o(KPJNK)7ThD{nfD%)tVD-BXPr2~t*=Z2iq~aO zg3`tzVMv0`UBCT)>~cp^A<=VxOvHmLjI)k#rlah0Q>@w)+w3ZKMC7~->%w!#DcOSq zU;Av!$|XA>_fJ2O$?O;a&=y`nHSynC6BnKPgCR9j?smv31Q?Gm%l;?x-ellNeoL_m z4o7%@*34%!s@h$75h|0UR{ZJ=Jy*fvZx!kzGF!YARa;LW7LB5CJe zQ&~9_9ozH%X8wPX9(kpQDWXdmoA@G5vyABI&$^mX|3VND39uKu8Qz-)x8ljTZ?aZKM&S3bV=^@ZQG}%yu&je* zIDFFSj_mw{u^^46%SMYQHdMug$rPPIdK0i7pp1oQXPXYm(@i?$gyl8n+ci4)KZRJ2 z#uF#K!LB}bhkC7qQ(WLbf|GZ$Qq@yM_v?_RApd4rA4wlDy_UFt0m17ifjb!OqDOX= zfA?2OqpRsoKT6U(hM2q{u>RIlFR2eP!J=ZtWp}GrHWw-$b(o0BJUtDLf$xB{Tz+x8 zp-gcB`rqvypNy~MJ_ADBkP7^8EeK;+=l_i_|Qv;b0M3 z9pjt=egBu+nP+mBdi6zUw}D!!%+;lC9@SPd2r=kj0UWqZhJYwz+tR$U-m@sC+ z*+z8TShY5=<(iuM&ubXXvJv=p)Ttu!|yQ-V)FWq>2d=|}2? z($k81w!w{m!uJCiWjMUy+qAlD>JghiYxSgW3KR(~dULvh9N~int)dZ0GxO4^HCZcg zY`FTBzRW{^>~WlwMwg&UtY*xHLnQP;N9r6$@4P|SCZ$VntBnR~$PfK93p8sH8^Vl! z$tP@9O|N6!ec4XP|9-&Szj?*%i7B{M{js-7Kj2UnnTD``2ufcL%kX_;m6yWCl3Meqa*d2o>Kn3g(G29bLdd~_^LgRW=2 za#Zi$K;%mR&su>e&tIp;oLq2?ET34No|Z=rQfVqYCzJePH?t*(EF{g=iD}$lY$bb5 zSKPFJlSLLUXkAskmKq4n8s)4#6b_84HmU**C}{w?P>Yglx7n@zdo`%KbOITY)Pfmm zC(dUU-?e88lHaQyzBNGIDy)44;%!n0)mcl8d102*vgBNaXU*IhAFIxHSQi(c<9fb% zk2Scp#+J`Z%f*G@o=b`%qwHk_R$1?L5X>Qe!BF5y@h7!tnVEOzxRSkw!QnK6v>IJ} z)sLX1II6LMnCJ^>1XQ31#WIKePE1Gj0`Q6OS%~ubkAHR$BZ!l{h<4`Wf`z6D6*`7&54ulzRtJ-rj(dz|HWPD}^&VD# zs}>mAX*k#v&2sOH?CwO-$AzxW?{e>Fq)Vds$OepnHY?Q!S{MJbeb-)1*i{XlmWAYw zR7>S;5o3Ts?>+lN(@dHmq)L;RqW+PR&G2;EQu9E+`5@r$>gA3*!1v~e#zdh34FkN| z2Z@@8t{HQ4W-zMGWU zIvFS3Z^IZ9kWMGPprJ6NPK&zXJ;H*1la;Co0YGbUxqeQ2l?n@&rt+xS<};l~pU71r z3`_iO+0~ntWLJ67RAp8*E(k_|3gASDu8l|E^d3F36 z$^dFh^o%fuPwT2yX-%3xoel(QFb#?7@x1|U&JL|vv)wpfi-}1LU9Ogi5_$=Q=Z*9L zf-QvZrzEG*4KI))^HG3x{dI+%N;EaNHuZh@w}MA4yum^L^Pn!&UbPeiHR10(V5WOU zs!~3I=9=v>vmELc$q>dOrXVqYf63k#IgF)o0W6oK8+M=SXXzTPUy?kHesXT$4#}P6JhCK&IAyXv6$pR1*`bId&{zTEDAaem&yMHv^F# zjXMjyVlsUHa1@GV8VMUj=R&g}P;U7Z8rY07B=^3E82Y>$IQi3tGF}>gD_Z{bG>lTq zUJ0_$YJ4D&xTpr6pef4`7Eff;dZixuI6@S`$BJyYi7nvlPJo0P{6)LUhIt+Jpd0Dh z49sVY67;b^LlO6*Hb(NTtC7V|WXO4d*OMc=Of19?U{b<;2jjR1C9_fc!6h zGP7sv6o6MnbxijCESU~}`hwTj1#A6+0c}AD=!SAi@`6-`MZCVzO_CQWj#w<*gKk@b zT!o?Q)AoP=Khh*1DMBh3ilyyD+?~XsUp`4|yuF$sb{$)lwk^4HB$+d&iyKZ`a?bY2 zY*k4M9t;5?KIn+?Tbcy4y@bA1E1*ITW}5hAV_ftDQ;BQqmptWvyK>~h32m~#n`s5) z5DA?B(d2ZvF(zfkBnT)Y*FZ#QW-PJfMm>Q>ivx0UR)nJlMpeLavZ@6wa#xjpCl-W4CJlS7;{xy*0e8l6ky zpM?wj$`u4oampdm>=Xn>OpG;H)A3&tAba7BQQjVAp`G+%C|gr8^k}Jz=QS{O5pPk9 z9L?csNW4QdOgQQvYKiD5V0;b!kmXU1XyTmzXVG%{oO4!xK)_cb(Q=lwfXe8~RS3ed zY!7D*4~6673VrD!0^hx?4Rj$&q3k7921On;{7jJF-OAXMKbiepE@BDy4wJQ@r1W{A z1Vx?sm2B?vvDM=tO+|0Sjzy_&kKj%MUI)bS)*a-#D;0>VF^D7&S~Ml%-hW8oCR3PZ z-%!lG(BkEPt-x*2DMy;pUck$Qd_BApRXtQH>U)LV69`la!m*FlRk)@r6=YCcYE5xM zymnc+fcCIlJN*oGeUf)ougfAa}CPxDc4}D04gC@BOoM-MSxm^?r_eQIc7IH-~mO!O>W*Ou|&v@(zSbFQ6Ycx;w*E(gVVs(>4Xy(g$b zBm*#nz%i^8SB+Nwc%w7{#=7TG9%-$g6$RaJ&JcWS?CsVzeWkUu0F5|ve7bj?HW&id zI-rez?$p-G&!wE~W6<~6dvIJxfcbt?&6kyLlgKyagmB_w0i>$~-FK-~_x0ldQ4wCJ z$4xgu&m(i@*VkTtp{lFwnh0D`$rtKN!$y2qe)*EJeQ%7C`HDu){CFkDnFB)nEmrno z4LL#tB>ZcA7i7Z!6E9hBXH_xnS8wY%N3{xnOQlyF^y*bS2wzP*T!T~6XLp)4iIM|# zZ)qjqL#bTgpVcYK<#PxjQu(DFU*dN#I3sq;TKkAYNeOwTw?Oz5 zGRkjlo_mbs!}XQ6N7@*05%DE zh=iEY^$SwWV_nJLW60YRUpu_F38-9!7v)ZeY{`ZK^Xy#}xcu*1A1me|UEIT$3!x>n zhMZNjI080eJu-zc(#;^q^*U&VBq$y3=l$A#T{a$CzPdRINv$6C`zMszOby?E7RQ1L z-YZXeU-I=z=0NGGAa@1d6C?tyuto|D4%x`}IKAnBt7eo7NvpJLs*7o+Su~+4RSoUB zs4#fu8Qz5xKp7Xzask_tOja=81CA$PuG7j1y0U=-vg<8t#XOUv^Co$^|N8Ifwioc% zP?&e-#Z~h~6~jZY{+NOQ_rI`6w-Re6u6nO0{C?3A)upkmY`3SS5PW(76)zNiCy5%T ri2>P4WwiP*``7*($cojmY#!GHG-| X25519 sJWb1AB1ani7iSARBKiza76F4BZ/1RT+nYo+h3SCvDM +G9r4LID6JVa+CbM+goWlorWNAutTfCWCRXkMKe68GnQ +-> piv-p256 ZFgiIw AimY8gt/sR16sX1pmQ7KsWjklSprUl5xQT51DJ2CBrmo +35Gchuo7PlxnVg7nCmPX2l+Hwpqkn11Deh/gINotDK4 +-> piv-p256 XTQkUA A4Y83D0/vdl4f2gr8g09YO5xTM2en6/zdXTA4tlXTzse +pt0/k460n/rw0pGQVmbBvWkmscra5wL7Q4pUfC1aqJs +-> piv-p256 ZFgiIw A7kGeBnc71Bei30JFsrUPlhOYRfP/WwrtNYxyZ94blmd +tQcInK3OPdN5uYugFZc6JNMgMMrBHrNrfPLgK1GQuOU +-> piv-p256 5vmPtQ A2cBNFJA8IFoZcUGhwpTCrrh9v+ffe6UhbJkhYvfv310 +zf161XjBEKWYDLwaWw+wGuCGJJFD6NatL3BgSQACB38 +-> --grease \tv Z&IiJD *{Xl~2`' FOEGQ+s +hnw8ilMQCmjeH1dsP0p0Y6fY0X7l5goCmTR07RFMnXRH2Y7FQzSe5Ipg16+V9Rmj +1+RZABaebmFQFAJwtfFmeLXzsFVn0sMtflMR/wmunn+RuZ0XfzHzM0QOU2g +--- rdxJZDoceAdq9YF8GoDLcHz5UInJlcXCrOgr3/XxI/Q +Ч"V\ү/SwqH(H(=aPiǔ_:KS1tإ \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-pr-tracker.pub b/secrets/wireguard/elisabeth/keys/elisabeth-pr-tracker.pub new file mode 100644 index 0000000..a8a442b --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-pr-tracker.pub @@ -0,0 +1 @@ +HKftlC7tQXYToYo0VLHqvdnZxQfNtJ8u0QDN3mLgqiA= diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-pr-tracker.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-pr-tracker.age new file mode 100644 index 0000000000000000000000000000000000000000..7be413a90062d04bc87e7feecef2237f39224bf4 GIT binary patch literal 764 zcmY+=yNlCs0KoCnlN++T2fRUuz2@Ci@R6ozk~YsKZPQLRZC?E)X_KZ&dW#@B_y9pT z5Cu^X91m_$aMjICR~H|DfU78|gTws=AHLtI@7CO8mTgygxJ(X~nO`q3sCE^$af-s4 zuq&n|XVOCH;~c|feFIYpx2-0PF5Ox0t-m-GFWdE@K0EUMQw#sG(73}p;W?bGqGcZC3#Xac%dy%>X9+11AWbG z2+~B`is}Ixl)y6*6dD(Hgs4uqo?8Js=c$4jBGG6$)Ha8ts}NzEN;D89Z3IzHS+-?> z0SmMFddlezDlP;TBO7zA>CsHSGz)dN8;GK=v5|flUW&Q7p=n)$xu~$iM7uB|Ok?B~yOSUR2)jHH{l2+?3 zI(Cpn+=6)5TF^r$JDk;55j_D~>tSlqHjyzndkltmS>o*RE35)F*< za3x)#?N)kdV7|^1ka*5ca3xAr8&>+ox9@j~GhBJe) zh+$bmq#(ei632}HS@`v9TQ#ZqnLAy(@D=p}b>rX?e35Twwng|*3+;rcQslzcnT-%j zH_5))*c`?p8E38_moe;<7466&j+vm0Ibga1poj5 literal 0 HcmV?d00001