diff --git a/flake.lock b/flake.lock index 1c6d191..774feef 100644 --- a/flake.lock +++ b/flake.lock @@ -252,6 +252,27 @@ "type": "github" } }, + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -1162,11 +1183,11 @@ "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { - "lastModified": 1709384560, - "narHash": "sha256-VZpbetW5npjZ1FWcFII81tcDBH03irTboyMVOWzdfF8=", + "lastModified": 1710447185, + "narHash": "sha256-M63b7f5dnGtLAZmgzSepQvcVA++QRJ+h8fSlyowgYcI=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "34ba92f0576a3998133310f070381563448e2b1a", + "rev": "a4f79d7479bf63fb99e1d19cb6502feabc2854c3", "type": "github" }, "original": { @@ -1211,6 +1232,27 @@ "type": "github" } }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709392539, + "narHash": "sha256-cZ7vOO5KmvVQMHnpi1hBX+bUJlVL6cK8I3m2SPHANtg=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "412ea84967cd087fc668ef6994f419bd16ac1174", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1709961763, @@ -1594,6 +1636,7 @@ "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", + "nixos-nftables-firewall": "nixos-nftables-firewall", "nixpkgs": "nixpkgs", "nixpkgs-wayland": "nixpkgs-wayland", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index 5b730fb..f19be25 100644 --- a/flake.nix +++ b/flake.nix @@ -65,6 +65,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-nftables-firewall = { + url = "github:thelegy/nixos-nftables-firewall"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + #templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; impermanence.url = "github:nix-community/impermanence"; diff --git a/hosts/desktopnix/net.nix b/hosts/desktopnix/net.nix index e5e677f..030356e 100644 --- a/hosts/desktopnix/net.nix +++ b/hosts/desktopnix/net.nix @@ -20,4 +20,5 @@ }; }; }; + networking.nftables.firewall.zones.untrusted.interfaces = ["lan01"]; } diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index 240e161..4156803 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -17,21 +17,24 @@ paperless = "ppl"; ttrss = "rss"; vaultwarden = "pw"; - spotify = "sptfy"; + yourspotify = "sptfy"; apispotify = "apisptfy"; kanidm = "auth"; }; in "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}"; - ipOf = hostName: lib.net.cidr.host config.secrets.secrets.global.net.ips."${config.guests.${hostName}.nodeName}" config.secrets.secrets.global.net.privateSubnetv4; + # TODO hard coded elisabeth nicht so schön + ipOf = hostName: nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4; in { services.nginx = let blockOf = hostName: { virtualHostExtraConfig ? "", maxBodySize ? "500M", port ? 3000, + upstream ? hostName, + protocol ? "http", }: { upstreams.${hostName} = { - servers."${ipOf hostName}:${toString port}" = {}; + servers."${ipOf upstream}:${toString port}" = {}; extraConfig = '' zone ${hostName} 64k ; keepalive 5 ; @@ -41,7 +44,7 @@ in { forceSSL = true; useACMEHost = "web"; locations."/" = { - proxyPass = "http://${hostName}"; + proxyPass = "${protocol}://${hostName}"; proxyWebsockets = true; X-Frame-Options = "SAMEORIGIN"; }; @@ -53,41 +56,43 @@ in { }; }; in - { - enable = true; - recommendedSetup = true; - } - // blockOf "vaultwarden" {maxBodySize = "1G";} - // blockOf "forgejo" {maxBodySize = "1G";} - // blockOf "immich" {maxBodySize = "5G";} - // blockOf "ollama" { - maxBodySize = "5G"; - virtualHostExtraConfig = '' - allow ${config.secrets.secrets.global.net.privateSubnetv4}; - allow ${config.secrets.secrets.global.net.privateSubnetv6}; - deny all ; - ''; - } - // blockOf "adguardhome" { - virtualHostExtraConfig = '' - allow ${config.secrets.secrets.global.net.privateSubnetv4}; - allow ${config.secrets.secrets.global.net.privateSubnetv6}; - deny all ; - ''; - } - // blockOf "paperless" {maxBodySize = "5G";} - // blockOf "ttrss" {port = 80;} - // blockOf "yourspotify" {port = 80;} - // blockOf "apispotify" {} - // blockOf "nextcloud" { - maxBodySize = "5G"; - port = 80; - } - // blockOf "kanidm" { - virtualHostExtraConfig = '' - proxy_ssl_verify off ; - ''; - }; + lib.mkMerge [ + { + enable = true; + recommendedSetup = true; + } + (blockOf "vaultwarden" {maxBodySize = "1G";}) + (blockOf "forgejo" {maxBodySize = "1G";}) + (blockOf "immich" {maxBodySize = "5G";}) + ( + blockOf "adguardhome" + { + virtualHostExtraConfig = '' + allow ${config.secrets.secrets.global.net.privateSubnetv4}; + allow ${config.secrets.secrets.global.net.privateSubnetv6}; + deny all ; + ''; + } + ) + (blockOf "paperless" {maxBodySize = "5G";}) + (blockOf "ttrss" {port = 80;}) + (blockOf "yourspotify" {port = 80;}) + (blockOf "apispotify" { + port = 80; + upstream = "yourspotify"; + }) + (blockOf "nextcloud" { + maxBodySize = "5G"; + port = 80; + }) + (blockOf "kanidm" + { + protocol = "https"; + virtualHostExtraConfig = '' + proxy_ssl_verify off ; + ''; + }) + ]; guests = let mkGuest = guestName: { @@ -128,6 +133,7 @@ in { ../../modules/services/${guestName}.nix { node.secretsDir = config.node.secretsDir + "/${guestName}"; + networking.nftables.firewall.zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName]; systemd.network.networks."10-${config.guests.${guestName}.networking.mainLinkName}" = { DHCP = lib.mkForce "no"; address = [ diff --git a/hosts/elisabeth/net.nix b/hosts/elisabeth/net.nix index a17ebce..120a75a 100644 --- a/hosts/elisabeth/net.nix +++ b/hosts/elisabeth/net.nix @@ -38,6 +38,13 @@ }; }; }; + networking.nftables.firewall.zones.untrusted.interfaces = ["lan"]; + + wireguard.elisabeth.server = { + host = lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnetv4; + reservedAddresses = ["10.42.0.0/20" "fd00:1764::/112"]; + openFirewall = true; + }; # To be able to ping containers from the host, it is necessary # to create a macvlan on the host on the VLAN 1 network. networking.macvlans.lan = { diff --git a/hosts/maddy/net.nix b/hosts/maddy/net.nix index 92946e7..7ec89ef 100644 --- a/hosts/maddy/net.nix +++ b/hosts/maddy/net.nix @@ -52,6 +52,7 @@ }; }; }; + networking.nftables.firewall.zones.untrusted.interfaces = ["lan01"]; security.acme.certs = { mail_public = { domain = config.secrets.secrets.global.domains.mail_public; diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix index c10d5a1..dd5c498 100644 --- a/hosts/patricknix/net.nix +++ b/hosts/patricknix/net.nix @@ -13,6 +13,7 @@ devoloog-sae19.rekeyFile = ./secrets/iwd/devoloog-sae19.age; devoloog-sae20.rekeyFile = ./secrets/iwd/devoloog-sae20.age; }; + networking.nftables.firewall.zones.untrusted.interfaces = ["lan01" "lan02" "wlan01"]; networking = { inherit (config.secrets.secrets.local.networking) hostId; wireless.iwd = { diff --git a/hosts/patricknix/secrets/secrets.nix.age b/hosts/patricknix/secrets/secrets.nix.age index 35aefd7..f461b36 100644 Binary files a/hosts/patricknix/secrets/secrets.nix.age and b/hosts/patricknix/secrets/secrets.nix.age differ diff --git a/modules/config/default.nix b/modules/config/default.nix index 2795723..9d809e8 100644 --- a/modules/config/default.nix +++ b/modules/config/default.nix @@ -14,6 +14,7 @@ ./system.nix ./users.nix ./xdg.nix + ./nftables.nix ../../users/root @@ -34,6 +35,7 @@ inputs.nixvim.nixosModules.nixvim inputs.nixos-extra-modules.nixosModules.default inputs.musnix.nixosModules.musnix + inputs.nixos-nftables-firewall.nixosModules.default ]; age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"]; boot.mode = lib.mkDefault "efi"; diff --git a/modules/config/net.nix b/modules/config/net.nix index e399371..b779437 100644 --- a/modules/config/net.nix +++ b/modules/config/net.nix @@ -7,14 +7,12 @@ useNetworkd = true; dhcpcd.enable = false; useDHCP = false; - firewall.enable = true; # allow mdns port firewall.allowedUDPPorts = [5353]; renameInterfacesByMac = lib.mkIf (!config.boot.isContainer) ( lib.mapAttrs (_: v: v.mac) (config.secrets.secrets.local.networking.interfaces or {}) ); - nftables.enable = true; }; systemd.network = { enable = true; diff --git a/modules/config/nftables.nix b/modules/config/nftables.nix new file mode 100644 index 0000000..0d0544e --- /dev/null +++ b/modules/config/nftables.nix @@ -0,0 +1,56 @@ +{ + config, + lib, + ... +}: { + networking.nftables = { + stopRuleset = lib.mkDefault '' + table inet filter { + chain input { + type filter hook input priority filter; policy drop; + ct state invalid drop + ct state {established, related} accept + + iifname lo accept + meta l4proto ipv6-icmp accept + meta l4proto icmp accept + tcp dport ${toString (lib.head config.services.openssh.ports)} accept + } + chain forward { + type filter hook forward priority filter; policy drop; + } + chain output { + type filter hook output priority filter; policy accept; + } + } + ''; + + firewall = { + enable = true; + localZoneName = "local"; + snippets = { + nnf-common.enable = false; + nnf-conntrack.enable = true; + nnf-drop.enable = true; + nnf-loopback.enable = true; + nnf-ssh.enable = true; + nnf-icmp = { + enable = true; + ipv6Types = ["echo-request" "destination-unreachable" "packet-too-big" "time-exceeded" "parameter-problem" "nd-router-advert" "nd-neighbor-solicit" "nd-neighbor-advert"]; + ipv4Types = ["echo-request" "destination-unreachable" "router-advertisement" "time-exceeded" "parameter-problem"]; + }; + }; + + rules.untrusted-to-local = { + from = ["untrusted"]; + to = ["local"]; + + inherit + (config.networking.firewall) + allowedTCPPorts + allowedUDPPorts + ; + }; + }; + }; +} diff --git a/modules/services/adguardhome.nix b/modules/services/adguardhome.nix index e8a0416..12a87ed 100644 --- a/modules/services/adguardhome.nix +++ b/modules/services/adguardhome.nix @@ -3,10 +3,13 @@ lib, ... }: { + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.adguardhome.settings.bind_port]; + }; services.adguardhome = { enable = true; mutableSettings = false; - openFirewall = true; # opens webinterface firewall settings = { bind_port = 3000; bind_host = "0.0.0.0"; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index fc82c78..3484607 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -41,7 +41,12 @@ in { # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh services.openssh.settings.AcceptEnv = "GIT_PROTOCOL"; - networking.firewall.allowedTCPPorts = [3000 9922]; + + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.forgejo.settings.server.HTTP_PORT]; + }; + networking.firewall.allowedTCPPorts = [config.services.forgejo.settings.server.SSH_PORT]; environment.persistence."/panzer".directories = [ { diff --git a/modules/services/immich.nix b/modules/services/immich.nix index 15cd73d..e6f4e07 100644 --- a/modules/services/immich.nix +++ b/modules/services/immich.nix @@ -2,7 +2,6 @@ { pkgs, nodes, - lib, config, ... }: let @@ -216,13 +215,18 @@ in { mem = 1024 * 8; vcpu = 12; }; - networking.firewall = { - allowedTCPPorts = [2283]; - filterForward = true; - extraForwardRules = '' - ip saddr ${lib.net.cidr.host config.secrets.secrets.global.net.ips."elisabeth" config.secrets.secrets.global.net.privateSubnetv4} tcp dport 3001 accept - iifname "podman1" oifname lan accept - ''; + + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [3000]; + }; + + networking.nftables.chains.forward.into-immich-container = { + after = ["conntrack"]; + rules = [ + "iifname elisabeth ip saddr ${nodes.elisabeth.config.wireguard.elisabeth.ipv4} tcp dport 3001 accept" + "iifname podman1 oifname lan accept" + ]; }; systemd.tmpfiles.settings = { "10-immich" = { diff --git a/modules/services/kanidm.nix b/modules/services/kanidm.nix index 6328bf9..e2c0b8b 100644 --- a/modules/services/kanidm.nix +++ b/modules/services/kanidm.nix @@ -2,8 +2,11 @@ kanidmdomain = "auth.${config.secrets.secrets.global.domains.web}"; in { imports = [../kanidm.nix]; + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [3000]; + }; disabledModules = ["services/security/kanidm.nix"]; - networking.firewall.allowedTCPPorts = [3000]; environment.persistence."/persist".directories = [ { directory = "/var/lib/kanidm"; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 569ed4a..22ab587 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -104,8 +104,11 @@ in { "L+ ${config.services.nextcloud.datadir}/config/mailer.config.php - - - - ${mailer-passwd-conf}" ]; + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [80]; + }; networking = { - firewall.allowedTCPPorts = [80]; # Use systemd-resolved inside the container useHostResolvConf = lib.mkForce false; }; diff --git a/modules/services/paperless.nix b/modules/services/paperless.nix index 504b9c6..113ab60 100644 --- a/modules/services/paperless.nix +++ b/modules/services/paperless.nix @@ -63,7 +63,10 @@ in { before = ["restic-backups-main.service"]; }; - networking.firewall.allowedTCPPorts = [3000]; + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.paperless.port]; + }; age.secrets.paperless-admin-passwd = { generator.script = "alnum"; mode = "440"; diff --git a/modules/services/ttrss.nix b/modules/services/ttrss.nix index 407f9ba..89f9d90 100644 --- a/modules/services/ttrss.nix +++ b/modules/services/ttrss.nix @@ -3,7 +3,10 @@ generator.script = "alnum"; owner = config.services.freshrss.user; }; - networking.firewall.allowedTCPPorts = [80]; + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [80]; + }; services.freshrss = { enable = true; passwordFile = config.age.secrets.freshrsspasswd.path; diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix index 1600528..d0af019 100644 --- a/modules/services/vaultwarden.nix +++ b/modules/services/vaultwarden.nix @@ -105,7 +105,10 @@ in { environmentFile = config.age.secrets.vaultwarden-env.path; }; - networking.firewall.allowedTCPPorts = [3000]; + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.vaultwarden.config.rocketPort]; + }; # Replace uses of old name systemd.services.backup-vaultwarden.environment.DATA_FOLDER = lib.mkForce "/var/lib/vaultwarden"; diff --git a/modules/services/yourspotify.nix b/modules/services/yourspotify.nix index 3bdf69b..707818f 100644 --- a/modules/services/yourspotify.nix +++ b/modules/services/yourspotify.nix @@ -3,7 +3,10 @@ pkgs, ... }: { - networking.firewall.allowedTCPPorts = [3000 80]; + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [3000 80]; + }; imports = [./your_spotify_m.nix]; age.secrets.spotifySecret = { owner = "root"; diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index e4d4bf9..5c3e375 100644 Binary files a/secrets/secrets.nix.age and b/secrets/secrets.nix.age differ diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-adguardhome.age b/secrets/wireguard/elisabeth/keys/elisabeth-adguardhome.age new file mode 100644 index 0000000..dbca36d --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-adguardhome.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 OJ8Lc0YjxJytlBJ14MMt6cuzyNeXkdOnh+mFymRz52U +sqSNr/vm5OZvaoiLTMxCcncIKtsGaZFfgHUXxFEfyiA +-> piv-p256 XTQkUA AhTYzUCOiOKq4EEU/bjl/eAkeDwo8o4YNVGKWw5Fuhux +ryBAAFjmFQM+4BLL66/Uvbb9Rtwb+neZS//aXYtHucY +-> piv-p256 ZFgiIw AtoEavPlKH74ztkeKOqRyPrzWQ7HLgE4yRrPxhGhRBX5 +K1X0z4320HfFUDfNlYVJ73y6dp8ZtUXm31A86lud1cI +-> piv-p256 5vmPtQ AkNdVLt9VK/jBtew/8P70REU+qLxfsa8/4hsHaUD89cI +0odU8kcEA2hLHi5j8MW9twXX8zskKLudJPwyFT4/h0Q +-> piv-p256 ZFgiIw Axrpxh2W6qRG46jz+DLqIf74ZaSregbkUpKGlf/YFxcx +0pPiAtjPImcD+tnw4iKqiUPMW3q/edcX9z9/ZhEo67A +-> L1Uvx5wl-grease |&LSN XV(8oXE S*[P j6 +JxdNfsiy1wJneYw90pf7Nlu7maEmuoC+KEXNpEB65P9TO16LfEobXUd5jwd+qjKG +GbvBchGQbYb5lFuVFbcgQDaI2Smadf4/IZZIfQ +--- UXIgkYtiD7ga9iZQAypc3agc0j8i1lbtdvNUphx2VZo +`~pKbFQS"Y2 ;r#UuOqx{.ߣe[vEE LխIM"mC \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-adguardhome.pub b/secrets/wireguard/elisabeth/keys/elisabeth-adguardhome.pub new file mode 100644 index 0000000..8e838f3 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-adguardhome.pub @@ -0,0 +1 @@ +np/SufIR7ds1sqhdyEOf3bBXmvauVFnvcprB2osMAQE= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-forgejo.age b/secrets/wireguard/elisabeth/keys/elisabeth-forgejo.age new file mode 100644 index 0000000..bb01348 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-forgejo.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 eycLfsdMAUw2tJj5x33PGrfpUpivh/HTPa68TmTPmGQ +sTqEotydAfRHRRjI1JzO04OKBoHyVy0yk1wbdE4Psjc +-> piv-p256 XTQkUA AhCVTIgeo2WfoMZOvjZpf+YrQtruXlc5zt4u7giH6iOM +XYE/PHqHLWdTTYeBa12wIEMYp4dWa1uUkIRVB1SZ32U +-> piv-p256 ZFgiIw Akz/mZ2lQ/ZdzCX5R9rbM75WrMuJNGUYQ/jmsAzD8S25 +a57G5Ceu7PcT0RK3gxbUmkqQoD6x3yjciqOU4JR69OM +-> piv-p256 5vmPtQ AzJjFtgTTuJxJRj2vJGJyOEnlYSa1teV4HPliIpffFHx +mLYOWr6SuCu5kgMUnTMDmXDpUZO6gnwm3V3qXRMxKDU +-> piv-p256 ZFgiIw A/OaBb5aN3DKxTAK4n2WtYvKGLZmRb4YCzlih9re4PcF +b45rIFE73gyGiRimMTREoMVSxWPbho8kwM0NzPGeNV4 +-> TjQN9Fe6-grease 90VQ v=D +p4sbV1E +--- Wv+ihDw2UuzFYlPz6bQN/9kpXygD1+IWXzhM3g/q/ZQ +W+Gd$xz5˕a5zM~7j!hFdP0Mk/p \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-forgejo.pub b/secrets/wireguard/elisabeth/keys/elisabeth-forgejo.pub new file mode 100644 index 0000000..67e34ce --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-forgejo.pub @@ -0,0 +1 @@ +7MnECQQR91RRR4S2M7iW0h8wDn4Ewhj7R2Z+y8AAg2A= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-immich.age b/secrets/wireguard/elisabeth/keys/elisabeth-immich.age new file mode 100644 index 0000000..459c1a0 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-immich.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 QmW1YFkf2wn5zgzh1wLmb+dLk0+1/D6FWUEKg7mxciw +OR7j2nCl9FxcKBxMsJN0i3jrv5UQOxDGnwfmye7DYxo +-> piv-p256 XTQkUA AnTdNy1t0SAaeHIG91KQmlMVpAKqmalwfktAg91FL4aB +Z+jBzSM0JmJFzcqMe3N7r0HdFGeOnDVGh4ROYTYVP08 +-> piv-p256 ZFgiIw Alks31//hpPgAS3ADktyVTQdT/Ab4Yu8FajsmWBijhqD +PzmjkWcHT8sEeKvIZLWNaUkFhR92YQ0Vs0SkG1c+lpQ +-> piv-p256 5vmPtQ A0t2/mWwCHc/UpwYvkObwJZ1gTqMYyjhljelgQCXNM+m +5q3i0ClG03ASXtlqBHMbhCFYSPem3d8y3lkFeEUW0eI +-> piv-p256 ZFgiIw AxL98VRYkHkM+uDSBWTI8bjdgvboJQ3o5l0M6ICq9IbF +N+Sb5dU3rksUVD4QFNu6U0jgs8Mo71CGWn4GiUb5CAU +-> e=H-grease T :(0"zbb` 7" +TkofyvqI9KJyWtPh3r4GLt0zpT5CJxo720xjJihdUjHeOLp4oVbhV1z2J2dsfJdG +vuZ3EBDXzhYYtLfVyQZltSKRSOw+5za9b7MEdKaulAMPeRo +--- qoqvdfP6fW3lXoN6DP2Qvl1NFXB4S3iipvV8gUiu/CY + Ǐ/hK?8CCWQ{ٹi{,ιCEG\G8jP{6BLbOnR(($ \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-immich.pub b/secrets/wireguard/elisabeth/keys/elisabeth-immich.pub new file mode 100644 index 0000000..1cd5a7f --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-immich.pub @@ -0,0 +1 @@ +V/8fGOARvXPqD+bZmn1n6E+/6R5bhP7kO15eKJctqTE= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-kanidm.age b/secrets/wireguard/elisabeth/keys/elisabeth-kanidm.age new file mode 100644 index 0000000..b08546a --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-kanidm.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 fFaEXRFuLeEW1V7DL243Zno37t1iA/ZoNatPCeh2LAc +bJ0y06//wH8ik5U1bfFifh+pmeOR0YpkZQoGscjMWSw +-> piv-p256 XTQkUA Aidtub6Z2JRPQDYO7Kz6bt+dQ2pmoNmbWxtViDt6F4GK +2sJMJfb4s/7KLjbjscvj7PktYrq+Y63GtAq8FQHiq9M +-> piv-p256 ZFgiIw Aw59iVn6zdxOepPlOge2b7As/G4+xWlVFYaVKkQOGwnw +m5PFMiGMV84Z6RY33ThrInsEKJTz92XFywunORtcw7c +-> piv-p256 5vmPtQ AuWWwbt+X8944l9dQdrop5cU7Yba4d6iNtgDcaOecfsH +l8/suY98Y0OLbYwhuLU6TYr7p9ZgTa5MvH/RvNwkWKQ +-> piv-p256 ZFgiIw A0QKpC1NyUusFefjUhHLQ+/0+nNWl928B1bZuXluWAQl +OcC8nBvW5KvozJSGX9gIyO8sh3DBxo9tOMQUhqjxKSk +-> v6t-grease +XjsK/Era/aby9lXJis4lXJrRGLUyyiwjo+jCOUwazvB5ZegR+2hXI8zjd78CgvXX +Iw +--- oYdppQraw32pbZ3RTXwoIv7A18Ul4wGCECPeZuxxvtI +&'ض.[7~r=sOu2u;hTzO}F,e+zT..+vUD \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-kanidm.pub b/secrets/wireguard/elisabeth/keys/elisabeth-kanidm.pub new file mode 100644 index 0000000..84fcb18 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-kanidm.pub @@ -0,0 +1 @@ +/89yv+rT1lqLAtDoIynHCEgHcrv6lwfoPTp7/4GP4ks= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-nextcloud.age b/secrets/wireguard/elisabeth/keys/elisabeth-nextcloud.age new file mode 100644 index 0000000..c6f3baa --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-nextcloud.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 iEBzJEtJTSmO3Sh0BMklgsGOBgVaiCYESkyvEjNRqg4 +f8QwJYgLHLCrILE3QjeTiRL3B7o/YyzJry43O2m4v1w +-> piv-p256 XTQkUA A9pZLJ7fdKXK8/vAvk0dxotvScae5Y4nNXNDCwIPRm5M +AIsWjvaRKXLsKrPnncf70FmLBzZCoCApDutow7YBYNA +-> piv-p256 ZFgiIw AgeKhANA0G02k3DHnLD6m3fr6JKEDboK5mxScP8azmnT +lLW7QTJRhTlfg1rWl5tmHlkSL3jtU3Q6XcNlCW839Wg +-> piv-p256 5vmPtQ AkkCLbo5aWnOow68CsrVModJBDJmaberAIothw92Uj6W +iwVUFQkCOHg5e+EwuKZq21hkCk/8ZgyT2FrqD1vvMbs +-> piv-p256 ZFgiIw A5ldqhV8Y7KIzQ7iKleWUqirmt9/YC5kqmP7mR+b779K +I2OwnqfBAZOHQ8R3kiz20PUJA7PJlaUsh5Q9+W2XDyY +-> m*X-grease +tpDjVLTPOYTlDyBgstO+1xHdCTwc8iW0rOKpgqNF1iZH+e76Q7fUqt7OSSshyFqf +EZzGvqkemxXNLccD8VJXeeU5zLA4LqBEmNiK36zPzEMoJO8xEJ7SsmTtufY +--- RYsqETvw8iUKHCkw8z5mKPtEUds3e5WRn7o+llL33u0 +wypjl}س/V4"m@yZxu,pn=,:`Ʉ/0>3 \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-nextcloud.pub b/secrets/wireguard/elisabeth/keys/elisabeth-nextcloud.pub new file mode 100644 index 0000000..7565ecb --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-nextcloud.pub @@ -0,0 +1 @@ +qV+5b1yOMnHBE5hgKbJSDWnmvb15yt9XF37Le00C8wE= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-paperless.age b/secrets/wireguard/elisabeth/keys/elisabeth-paperless.age new file mode 100644 index 0000000..f57fb82 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-paperless.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 m8FrH/TJL5v2er4GSGnDNLJGaTiRaiXYtxk7pGMMJnY +o6eINCtC6MdZUy3t5K7jWbWyp66YIILG8ndYxmRp974 +-> piv-p256 XTQkUA Al8tF63UnANIwwup8gZEEcFb4DdF+6LDbe24InqpVfjb +dPAkYSsEe2vqmXx7k84bK0PYxiI8UKFHZzHswnSSQjs +-> piv-p256 ZFgiIw AqUv2b0Mg00xIF9QoCa2u6YBrMJAMJQ5q5TkJlT94pyL +q6LsNNkptP6KHorvFTeVfbhQVWeKRcgl7dnaY23hDGM +-> piv-p256 5vmPtQ AqIVMtD5c/hClFfSEjjEC/YEhuB1yk1Lgmse9yCkfdkA +V9/tCgauksldhaCRp8WZ9WfOSFPq4NOZptk+mp5dZI8 +-> piv-p256 ZFgiIw A3LfSXJschjsAQHGwmkaHDeezim1DjR4T8n9hSpGj0I5 +rHpCP8fa0VxPYV6qAKYQLg6Jreyq++HDV/nUQJzTVzw +-> ]-grease ?+jZ e jc:Xwo$ +O92bCAaMkQpSsOKzFztoIy94sjgyZs4RfFoBz9Zcwb+P3IaHUpTGvW8wyYOGNcm8 +2FLljf/kFZtHxtV8W7GtVnFDj0uwrMnClCnen329/46Ou6pHDcJ+/Q +--- swSl+llzwbh5ymR1l6iRQlTM0j+70PAw0v8xhZA/jlY +6W5B IVSs$#Cl:Ʋ+8+2ZRĥ"㤽o \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-paperless.pub b/secrets/wireguard/elisabeth/keys/elisabeth-paperless.pub new file mode 100644 index 0000000..c6a8966 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-paperless.pub @@ -0,0 +1 @@ +k0IBTHKntu0plDUIApo0ZOa3XlAh2Wea09nih4Ahij8= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-ttrss.age b/secrets/wireguard/elisabeth/keys/elisabeth-ttrss.age new file mode 100644 index 0000000..c40a975 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-ttrss.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 jCMM6Kfzndo9RElgyE/ufEMYrpwsowEpuYQ+U7NypCo +MBpF5pwy9moVqDHGudv0OxxG6UtdbKfvdphs89h3mi0 +-> piv-p256 XTQkUA Asa11BAxSalte9zAy9P2TCw+OlzgPHHmVZJ0idqMUTOq +I7Uc1mXKZZCJ2sJ0vFvXzo0a173AwtO5IBQZ4LTfjuI +-> piv-p256 ZFgiIw AxkNUN4odgmfqbKIddw7LtY5SEDB0oxMOg+/vo3ooiMZ +rX4mq9JYyp6secsjIclReA4hDdSumaEeVava7TtO36M +-> piv-p256 5vmPtQ Au5aRQkGYLFwjjZGs/z/HDpVIwAMLK+O2FHK4tI+gxNw +HQYY3BJvG912yNOhne/e5Bosoa0N9i/d3Arsi1otmsQ +-> piv-p256 ZFgiIw AhGklGMPM/rAaye57Fz2PO1CIMBNjRPyP1sgsBsFhdUL +ITdXsq7gZ/13qqTsvfh+8FReiBmIpRwI+vDL+UBQKGY +-> ^}`pou-grease Wfm6eR *q.w\ ifZ #dT9 +vd8IjtgnVmIKwldS7/Ii71SzniVtW9G6tCCiSmPM3tZE1EaYy0Z/6KuKPyz+tWst +Y+i4j7okriIH645tQXaI0oHcx4VZFn+JyRdX7mYNldwoNW3OKA +--- bAVe+xtXMtXfbGWz8TC+Wvbpmb8d5YVtUtdYqIG6Qfo +CKv3mJ[l~0r)+2?Ѧ\U"MVQ'B*X@$DІXydJf9 \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-ttrss.pub b/secrets/wireguard/elisabeth/keys/elisabeth-ttrss.pub new file mode 100644 index 0000000..ef955af --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-ttrss.pub @@ -0,0 +1 @@ +9kyNM6XKz6HRLBECG/xRwplVZ7o6SEIxTPDuTvcPxw0= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-vaultwarden.age b/secrets/wireguard/elisabeth/keys/elisabeth-vaultwarden.age new file mode 100644 index 0000000..0a46690 Binary files /dev/null and b/secrets/wireguard/elisabeth/keys/elisabeth-vaultwarden.age differ diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-vaultwarden.pub b/secrets/wireguard/elisabeth/keys/elisabeth-vaultwarden.pub new file mode 100644 index 0000000..23368fd --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-vaultwarden.pub @@ -0,0 +1 @@ +SX7PZcM1u/eJZM/ghvBDS7am6HZzlsxhK537HWp62VQ= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-yourspotify.age b/secrets/wireguard/elisabeth/keys/elisabeth-yourspotify.age new file mode 100644 index 0000000..e61e5c1 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-yourspotify.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 8Xu4B4tsiFMALzzDr8aIj1srctAEZ1QKYzT9wTs0DwU +0URbUZ1UlEdZpo8vT/LiJHW5RERO61S7RrJYviO6OYQ +-> piv-p256 XTQkUA A2ZwHHpSy6EzWxhfouDwh+PO//N1isE6TPUwAVPaAW2c +ljLdsmhEgsDRlz0y5Waea2FEm0k1L4W8igzYHz+/amk +-> piv-p256 ZFgiIw AohzN9q6Jo0LVuuYmxzhfizqlRPnuAlYIKx6dvMYvcq/ +lSHu87hQJNVNHDTnMc9Se693+yELopkk6hFmUclLiuc +-> piv-p256 5vmPtQ AsBXiyuQmIaO2+Z2GTyT/rdhai2ahEkYkcO+dYsibZX4 +DE5cSckHALqUdEYBe8Tpioo/DnD+DBpV/0pWZwvd2eI +-> piv-p256 ZFgiIw AgSNI31rf5CH8Gy+3ulIla3MgNkLfaHO/wKtfu4XTG/Y +n10QiolManskviiW3ogFtTpbzr1Mcs7/nFCxO6IQvdg +-> &\+nN-grease +xHRCwm5QRd8kTNpD9BNQflDjSoMEES64Y2yIHfbaEhJlLEp3MR+m2RzayFNxOfpr +zRjUwvQfjlhkS4bXLmYf5HHtBApMMX4 +--- Ucy5PhVNSDJP+v6m5QDaZcomuvr5Z4XveQSTJwCAMsM +Ha -5tTv3D۳^?ݸ\hu9.`E٬ cVBHG̞G \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-yourspotify.pub b/secrets/wireguard/elisabeth/keys/elisabeth-yourspotify.pub new file mode 100644 index 0000000..0285233 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-yourspotify.pub @@ -0,0 +1 @@ +zipMs/ic3IPILamMOvnGWZU+PYdyA1i9UzC9UxRMXXc= diff --git a/secrets/wireguard/elisabeth/keys/elisabeth.age b/secrets/wireguard/elisabeth/keys/elisabeth.age new file mode 100644 index 0000000..dbce60a Binary files /dev/null and b/secrets/wireguard/elisabeth/keys/elisabeth.age differ diff --git a/secrets/wireguard/elisabeth/keys/elisabeth.pub b/secrets/wireguard/elisabeth/keys/elisabeth.pub new file mode 100644 index 0000000..90fdcb0 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth.pub @@ -0,0 +1 @@ +01wz/sO0PIlwtKTfR2z8pQKzFt4kO5CSq57f32y2F0Q= diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-adguardhome.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-adguardhome.age new file mode 100644 index 0000000..63e1d06 Binary files /dev/null and b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-adguardhome.age differ diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-forgejo.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-forgejo.age new file mode 100644 index 0000000..6d65a04 --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-forgejo.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> X25519 qsgCpy8yqEIlPRdfE+Lxs5gOIYX9zIcllgXtOT0bQV8 +GN/imU+Sf+2hT5zzOmYI9TgbLX4QgncJ1SHBjKaYlSA +-> piv-p256 XTQkUA AoLpzcqYmEDQTqFx+W3IBRGp03iJjaRrDRI8wfGbq/1X +QO08SCWFfwpSTUaQCnIKaGGWIgXh0i7w/p62X56ZMEc +-> piv-p256 ZFgiIw AlBi1aYyOCfnmlfVAdDVfvbN6NzEr/ypLeoH90cEwa5G +HZJ9bubfkFIEJbygeuvRm7UeTLppXG4knQFkKL678mM +-> piv-p256 5vmPtQ A3JtC4PRXJTHIuJzHoygX/5X4ok7cIfFF4wIQ2oghhpm +g4dV5vVrjbDt3ysLfBs74sy7yu1ol9PGPYF6uWnIu6k +-> piv-p256 ZFgiIw AuxXXZDLX6G9CTNow/ppXhTJ0GrNBO3RB7p9VC3BeY+0 +QyfdagRgpUghg5U+mTYxxhVKrIIDEcAAzqwSSjwEbrk +-> 4-grease }E2 +0IdsRluyK0F88hpuyJ8yVMFkcBJ6L9z5JBs8lovL26wWtxUg6knJD2vVopGiKCiD +Vol1dGBhU9085pt0C68av0GXXvPzxrsO+SDTz8c +--- m8uTaLg5F3GK5noq8WaqyfWN4bwotHUgnWvOMgzzAII +cF% +LD9Qv W;!˵aƅa ȍE}Z/s87D㧏D!7 \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-immich.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-immich.age new file mode 100644 index 0000000..42a7752 --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-immich.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 DgYfF0fRhZ8YZ/OhLAkh2yTKJ8wJGn3NIWlZKPSouT8 +t0ru+RkJaYwu1182O+7mXUPY//1MfMpWfAZHt8EB0Qg +-> piv-p256 XTQkUA AhsO8VrcSN3C0OvXnQZgknZmPQXkJ/AZLgoEJi8SEb02 +45FaY0/8fSFDe7ICj26UaZU2b7FJ6LwYjA8PAG0te7k +-> piv-p256 ZFgiIw AyajmWcvtlbiql9fmKjAqOFrGXwxE+dKlO450qEzY6gj +ybg/Vq7X6iqFEvNAUeSwBL9MYEZk4PB1rj7m980JQZI +-> piv-p256 5vmPtQ ArpWoKRL+CQf70RgopH6D3atHb8F29h7wjuJcsTSgyQn +JuvfAbnXSwP3Jl1nX1y2pxsoIMuoh3vPr09vO42GgRs +-> piv-p256 ZFgiIw AwrP0evFqosflrXzbYJNx4fdJS9dF1107gPf3NEAoDJl +4TRZzpprOcjoXKMpWCXsgwMiKQHlKPmcFGxEQfq0fTM +-> HYEBa=-grease 5a{m+}I +vCELeWobKeGEIHMdXjqKDVyjrsgrKdp74Z8adOYuFF+01bSwou0bx5NE4PypoY8 +--- Jp0EMbTh9Fm57m+RQGZZ1TQx2si06y00JrDP8a2quCo +%Pq~K!w`/IMR$ZzvNWD禶4`p1S Mj*x`規"%*k: \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-kanidm.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-kanidm.age new file mode 100644 index 0000000..4a0ddb7 --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-kanidm.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 OOfIE0asKIsd83l3FlOAUzVTZ2nyzgVVZ+3eFmVQTSM +Xp86tkjnZahB3SOb+/5/Q74MsCRwj0E5cWe3XyNnJlE +-> piv-p256 XTQkUA A+LfTwtC6M9B5IuzZx9zcSZ6/hblgphmAIwA6CRxk6AW +mYyS2Ot8h2eJbrJ/afIcfOX59aQCThE26KTibA71MQE +-> piv-p256 ZFgiIw A5I8g7TKBSDLsM0FpV6U/JVpabKuuCHHR9HdPqkuZqqa +CkvfGh6xS9GvSKhh/FNW4nKJgQMTUGbuqZtMbJvVyPg +-> piv-p256 5vmPtQ AlNBDeN5ihouDbb7mjNn7f4GDTRR0hf2M67LhCwMRR+x +vffnqgDMvm3OVlBKUvLR+aG5t9vBBJ8ygKTyk314G/Y +-> piv-p256 ZFgiIw ArEwrMQWaBWaOOYzUfB1zTCRQu/AjNiyN58UBSGaNhq/ +ZwryYVzJR3RYGYMZPWmvWkvD5dyGwF1FIsDPSvCTmOg +-> .-grease +OozUcy+eh4uVbpuy/agtDWTCaZeccGlqym5s6L7KE+LqYmNhy61RwRC5NZqBPbsT +7H6EepsguVZzijQBhvPhJOK/a82g +--- 14GCAxnHT3eXYAvqtbaW6qHO2IAANgmVPl6Wlfox6wM +|^bee*PJBֻ|NJJqga=ߏ\˙CMCduMȧj&Ufي?D` \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-nextcloud.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-nextcloud.age new file mode 100644 index 0000000..11a29c5 --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-nextcloud.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 Ad4PXco+5B9c2AD1Or8CnplkpciVxGock7+WrxYCxmM +UZ6Qjrju7OKu81xAdYLv7lpmtl6L3rvnVqCSAXX0ZGU +-> piv-p256 XTQkUA A5k19RTBbIY8lVRKXWlLLtoVCYWZ7adSpt3RtIK8xzVM +pM2y4h9LXP32/iOQaNuT8kPgndteg5g/9Du8XvQwL/s +-> piv-p256 ZFgiIw AzL2s+0s8VyhLDcNVgrHmRAEOHbd5QpNoRwffzo2V4ji +1hbucvL4Brpbya4Ap0cr6YvNuFPMZA8qVbmOaGPX7rs +-> piv-p256 5vmPtQ AtRh1kFv9fbB/oPHlTA1W/jTKrjcbiOUheXgu+iffxln +qVYlRQC1gqALtZ5S2zh07rlo7pjrQ4/9Nh7NwOX7ZG0 +-> piv-p256 ZFgiIw A/kR3csWEfvCoRuLv7y3f05zb5cUIhsQPSxFBTN2KLBt +qhmQrvTue6AXqb8afNLsFeo/WfrRhyfdK51P0M8MzOs +-> BCPe-grease )aY'd` 'NV =%exsTxg +3N8zy3WUb6utyQNJRC4rdYQaJNglA/gxRyy4OyO7UYw +--- Y0VIvltNSGuknvacNAYJWBZJHoJyFQSoB7V9IzXYKJc +Oӭpq@g(bEmJmflZĕKyKŽ +2)whW@ҹ k \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-paperless.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-paperless.age new file mode 100644 index 0000000..7ff8769 --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-paperless.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 ovQyB1pE7B4dWOfW4mXs2cYE0e/5iUgWfpql2YtSuik +tYSFFtkR0Lj48k6eZr6acFtcSvshLWBKCxx+EpucnrI +-> piv-p256 XTQkUA AqJvZdB0KAIr13bAQmUQSC6pjUHt9ZQO3RCRyMCz0MNR +cqWBp2e2Bi5ipk1pEuoIXhK8xkLrhH/JoH+IfV7Zczw +-> piv-p256 ZFgiIw A/PY+B2QmEeUh2y+YYx7k8NBBfpNxbnPSlXyNvwKrgBt +bWgDU8b/qEVtzbxqWogWn6ZuyEqNsNEeNoa9CBjpheM +-> piv-p256 5vmPtQ Ah/wPcA6G5yP+z/hOV5vgYVLO+F7P23jE9dYSjd8obcA +2hs5l8ODrWvuMA3VXINAZPk707QZFT8ZjFEUXxlRgyA +-> piv-p256 ZFgiIw A2ZBRuRIP+cLtT88EMZaxOu1LZtxfn8eGo7U1hoR+kdN +oGMgn5IdL4l9CMOv3y0xCeVdFVns8uuw5zjTIUABUGM +-> "-grease N)?O+s >Su< @nePY /f* +/hXO+aPBuQVXoz8 +--- GvrIh66NUBSdx3JUZqRykyr7KMVeTMvetKyLUKMmL1g +\=hro):7t:+j X}r̞Ӿ΁Qqwfi#)]:z \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-ttrss.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-ttrss.age new file mode 100644 index 0000000..4574afa --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-ttrss.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 RkCaqch0lqy7arlIQbV2cXRRlNuxZjXXogBflg6RuSQ +R4PmDtkphByfYPe71szV3qzMVw4+oFsHRxtj260hRqo +-> piv-p256 XTQkUA Ar/9nnl57J3AS+jUN7vy5Xv2PjyX2WlR8SDXk3FB2NCD +Bg/XJ/LQwzZIXe2dCnymKIoo6S1LYLFmvEbsQHxoFWc +-> piv-p256 ZFgiIw Akpu6vABO4u5e/o0zJd6iE2WUcMOMC8O1gc2wV5Ua+Ha +CyFyzLu9xZUptclh1EGpL1EJDMOatp9iJg5Iz2OHYFI +-> piv-p256 5vmPtQ A6DfB1Lh2ephQSKgJVWAufKmCXPrEuJNgGyNSFA5e/CC ++O4VzxY532k9vJfGupfj3rAcx4maBkVZmpWZNWu7oiU +-> piv-p256 ZFgiIw Ay4efNI9Did76VQu4N+UAQ70B+C5AEQJe0qo10MI7CM1 +DHccwQadZLZdYQO+FqlCaC97WCCTe8Q/jLhseb9traw +-> +U-grease +OzpFIwnSjsHShHvAuMuT2s8dQyN8DXWNPun5trVepaIs3c1e2K8xXZ2AjdTFW9Q +--- hOcwOL8B8bmh+CX1JxYK9zFcbfuI+j42o5GME7qLGkg +XY/n}c9("2Э4(4<\t"J M!g/]qmmxjz'mǗ>E'XO \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-vaultwarden.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-vaultwarden.age new file mode 100644 index 0000000..5ff7a70 --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-vaultwarden.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> X25519 Ii4S+FNipCa/HB0J3Y1u6k3VKKlWX5IKz3uguLuWeUc +SSmQIkLmksjZSGhY6ncAmtgX5yJSk3FjKmiiqmn4nDU +-> piv-p256 XTQkUA AmmDqtToqzMfbpjLm9qg2Na97Mb5BPmDRHaDQuCGQw4K +KzREWE1O3TODAeOxvue5M+lMzPPOEFmPQRRTL5xaAhE +-> piv-p256 ZFgiIw A6WkjATHzKjvd4Pn1534Ce889ezEMze3e7AVDWYnaPP3 +LbuuGl4nG6yOpmIAPCh4GTGIsrD1RVq3q0RZUpU3dpw +-> piv-p256 5vmPtQ Asu8eb7ok6vncPDby5WMpUJCUoyjVszEoh1GevEMhC69 +QlRdrg9KnrZtNQLpr8rzaBJ7u6AKEgyYepym95DjAHE +-> piv-p256 ZFgiIw A/5MIAnVpa4OwiyRCyKmn+xbW0KMfmViLlMNF3rUWfwk +D+KrTU9vIXtl3bJgm7Yq2BrRO9I+H88HapDtYRTRJ6s +-> ,;x7y_-grease VVPu- +iFtLoiXhVFydr3IucJfmwmeLxoiq76rCSSktYpYhFErBRwBnx6XPNKWfnj7fbcIt +VGKIuU01vjFfY8MHaSxkQyWN +--- 3XacKJICruaC6avttLYos8NPsjmH5K6StH1wnuNs9jQ +%i-3wuq1_i*OKOPK>q4 /I#hC^{j=ji +uUle{*|_E \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-yourspotify.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-yourspotify.age new file mode 100644 index 0000000..a399451 Binary files /dev/null and b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-yourspotify.age differ