From 8b45dc4d7e2777da2928aa007b05e5741a87b710 Mon Sep 17 00:00:00 2001 From: Patrick Date: Sat, 30 Mar 2024 20:34:44 +0100 Subject: [PATCH] feat: actual module --- hosts/elisabeth/guests.nix | 13 +-- hosts/elisabeth/secrets/actual/host.pub | 1 + .../elisabeth/secrets/kanidm/secrets.nix.age | Bin 1977 -> 1939 bytes hosts/elisabeth/secrets/murmur/host.pub | 2 +- modules/actual.nix | 81 ++++++++++++++++++ modules/services/actual.nix | 16 ++++ modules/services/kanidm.nix | 3 + nix/devshell.nix | 1 + pkgs/actual.nix | 6 ++ secrets/secrets.nix.age | Bin 5730 -> 5767 bytes .../elisabeth/keys/elisabeth-actual.age | 16 ++++ .../elisabeth/keys/elisabeth-actual.pub | 1 + .../psks/elisabeth+elisabeth-actual.age | 15 ++++ 13 files changed, 149 insertions(+), 6 deletions(-) create mode 100644 hosts/elisabeth/secrets/actual/host.pub create mode 100644 modules/services/actual.nix create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-actual.age create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-actual.pub create mode 100644 secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-actual.age diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index 4f94739..7870bd6 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -22,6 +22,7 @@ kanidm = "auth"; oauth2-proxy = "oauth2"; netbird = "netbird"; + actual = "actual"; }; in "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}"; # TODO hard coded elisabeth nicht so schön @@ -57,7 +58,7 @@ in { + virtualHostExtraConfig; }; }; - proxyProtect = hostName: cfg: + proxyProtect = hostName: cfg: allowedGroup: lib.mkMerge [ (blockOf hostName cfg) { @@ -86,7 +87,7 @@ in { }; locations."= /oauth2/auth" = { - proxyPass = "http://oauth2-proxy/oauth2/auth?allowed_groups=${hostName}_access"; + proxyPass = "http://oauth2-proxy/oauth2/auth" + lib.optionalString allowedGroup "?allowed_groups=${hostName}_access"; extraConfig = '' internal; @@ -151,12 +152,13 @@ in { }; } (blockOf "vaultwarden" {maxBodySize = "1G";}) + (blockOf "actual" {}) (blockOf "forgejo" {maxBodySize = "1G";}) (blockOf "immich" {maxBodySize = "5G";}) - (proxyProtect "adguardhome" {}) - (proxyProtect "oauth2-proxy" {}) + (proxyProtect "adguardhome" {} true) + (proxyProtect "oauth2-proxy" {} false) (blockOf "paperless" {maxBodySize = "5G";}) - (proxyProtect "ttrss" {port = 80;}) + (proxyProtect "ttrss" {port = 80;} true) (blockOf "yourspotify" {port = 80;}) (blockOf "apispotify" { port = 3000; @@ -268,6 +270,7 @@ in { // mkContainer "ttrss" {} // mkContainer "yourspotify" {} // mkContainer "netbird" {} + // mkContainer "actual" {} // mkContainer "kanidm" {} // mkContainer "nextcloud" { enablePanzer = true; diff --git a/hosts/elisabeth/secrets/actual/host.pub b/hosts/elisabeth/secrets/actual/host.pub new file mode 100644 index 0000000..36ebc73 --- /dev/null +++ b/hosts/elisabeth/secrets/actual/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOcPKlxhRrF8gfAqI2yj8THuT8OTG4Yt5Rj8mHXR/vq diff --git a/hosts/elisabeth/secrets/kanidm/secrets.nix.age b/hosts/elisabeth/secrets/kanidm/secrets.nix.age index adf443c572620c4fd7624d9bb8a4d8a419da665b..c807785c33704cff330ecd1f457776a416634787 100644 GIT binary patch delta 1912 zcmV-;2Z#8%50ej&Ab(L)F=lmQPj*pva9LVTZ&`S6M`AcZPA^bXF?4uuOK?hMD{MtL zMnqIna|%{OG)XvVbyqNJW;aWCMRYevHA`(qNL5LAWiN4VX)9teW<@VKT1ZDqSqd#a zAaH4REpRe5HXvA3QEOE}AVG39MmaBUSvXKyZ$oEBHgi>HX@6ErP;)dnWo>S7VNO|V zSy_5Yb3rRsP-hBtQA$x&cu7Gucy?|~SWz}`cT{s)aB56WVR~jyM0s~tXi{idT2@p; zX-Nt#J|J*ub}eu+H8vnxMrUbBcOXGCQ*(1qa#2h%bYWy|b5t@|Olem}b3`~uLsE84 zX;)Nsd1Fdwb}?vTXH!`Ua8yt6>&cy4e~aYA!CPXQHwc0_7aZAeHsV`D{dR(E(YM@mFudNWKgG);76Ryj6xP)I~~Ia6{_ zaY0B5HdAd?HdbgsQBrg-dUb1SR%CQ#Gip#-Xf;tvF;p>4G)*>YXfaJ^c55&SEj}P{ zX?87eGBq|JT1IDSNp~PYGD%QZbYpi-S#VDwdf&!D+RZZ1LbW0$izyIjX>ziq}(} zFOE>nD}u1FFp{2oX`Z+Ujz%@0M>5pY?t1uqkcsTgn^L|G-lPy@=D&_V3eE$2$dZ_U zGyeeHpxLYhhB4170JV^@FSgWTGxh|s@G0ojt9D&~l*CDY{pKhn!b*I%jqm0T8;#5v z+dwO$9Rbv9*h|!7T!CluD3C&VDvB3V>A6c@pP35p=H8Q8r?HSeUBoJXTNJB}Z`g&| zJ@q=ti&s(e$N6sDIq~=6bO|gLUHaA3A{0Ez9vL*qGHaORSRyEi!s)+~iF4NIk&o?& zPlef3cBa$|-oAI(f7))o?}twevl!AR*2!{zE%e!BmZ0WX&=b1@y&+qqP;r>o4z+{B zXg&{v(5mQYwH(01@}4QrBvjL;Vgln7A1b4N(o1J)5wB*ym1Jfc=xX1dL|t1 z1}+)7tn3c33LO1~9_aJyNXwZHY;yP)L+jMkjtMJeg{#XRF8ql{uuLoB8f~oX`8oKbDs`9OqxDr&Eho}Q_JAX`k9G*;*zn6< zqGDnGzz}IuUd<@l-T79Zw-G0QN55wm)TcmLR+)LHDHDJ0&wUUlB4FtCp|m}V6|-W> zYvO4k&|EMy<@ZGa1$yjVY<_gsPTg65>&OB`B^hhnrE>krfKIeC&}xMp*0fkc$=fpl zAFa}Mn-Ftat9SnOD;ME$oFB(fJoXJtP8I+vr2&%BAGX&UrWkTR%C{bPKX<#_Q_J`MWG|Tymtj@)DqbAwET- zn#(0Y2EZFER4yhylE=#y)T7xsK(sQcenm5JVZ~k{Qzc5_N#1KSic>n(YW(qn{|y?S zhXUo_wbB1ukjPd+vrwT!ERu_gQ($51k$Jl@qp(xxUSP`bqVtkDeJBi2hi)uL#sJp| z6<3_A#kFKeeSA$*{VBi$YSrR@z62O7bb-p}Z0fTU_emV+ELb04IC77u|r3}PW5 z8Xj=3VfmJ$I6ef$Z`uyX7b{!QGkimZ)4?LsGoOf0^_J?xC=xT7a>bQIz&(kbNA(P3WHKSFN za+G8P<&BkrLMJAU=IIcB)QZ6i^}z>D^>;~1qSOLyfY{fAJ_T!+-!wmAKO`bKW1b#& zlWNr+{oh8RS-qgZr;guN@K7WY$7#$D%Dx)Fw6o|tJs%G5Pl71KxMw}#o;b$C>NF0o zBGoJ0eK;P!mw$9T-dC?`Cm8md0hi4LCZm%QFgSXniLEz}0K>~W#kREYe=6jLJUmYY y^ZmvE_b<#*Y6UP6h8AG-*;jZhYgbf>GH0y#C2H7|0n~gpKJI{Cgt;vWT_=^r!Ax8L delta 1950 zcmZvZ`BRez0zjdt)F`M(xKzm6fJdMqH+T>ea*_K^h=?Y9AqffO{1S*tY#mP7Mnn(= zMOv>`YOOaSf(n8nhs6;UrJ@i8WU7TCDze+@Z#%Pp!JGG9*`oSIdtojkhhoXpNHfe* zogo&)tLzTI&cLPPY#P2DCl)hR8YDvE$W+OxaS)UcNwx6ldK?|WVJT?{cC3MEcZ&H= zjZQ=bGXb)lhc*ecI5a~8iAjK&boLk%8i$9;#R9#A1S9DzJTn25Q5h175o?lLNhq?* z%2Q~01cxd~M?jegR3tr?qo7mba1gf5D%J=9r4}SpY(_#h6@x{`+Y|X*5mRcD#AoP~ z0troJ!3g=r|A8rJ8eNhDMvBGe;L;Sas+?qzoX$&&HPfoC-BTpAA)Sv*Z$V?Mz_y!x2n}r4`JdlFM&=Q$Aq*4zti$p>LB@qy*9U4Wl0V72^ zoKg+|B5jOpJ)qBuqv|*UhxYF(j{hqXhf3sWj95jiUO>iB@j#pa?NS(Y3bsT~VcAuN zB)eS0*D2!TO=b{+)!Ho>8dk^PA<<|OSwX_YqAdVUho?(u<_tRqnaN4Rvh_?}&OeLN zV>A}E(yE5hh>mqKm~N#xdOJ)B13>}AVC4%ylEjXPS2^_=wsa{o-7Hk6nX%^V92Xzq zz}VG#id3Z1%Kz4o3s{L+0!U0u42*@>YmhRDnByd~1d?<>m_ar%uo7mxLxxV`ndDpp zU4Y0m*m4jg$Z}Z!>uYzHKmxZ+*n@*&&&536Q~2tMb<)f6^IC1Mu`2V$^y0v{J+Fx* zZKPN;Hr*MZo9+{(*0^SNN4#Dhj6&heb=FI*GVp3gV8h9T4>QYTH}I0YyuVgvbe$Q7 z??;JKO15`2=q@xSRc~B2+<5r@^3J{O$E=;nQ$Y;OIb1e}Y+135kvM{|7TM&N4BssOTsCVFmJZq@+ zIX-;@Qwo6Y#eVSd5o_(`!gjUYoB5Ldk-|AH- z-d1I+tr}%k1%}lVcAv{-KO5ZA=J0RwD=-Uod5-0CWJCN-rkAIs&*)KjkhFuV zO2fZ8vo;~(cr&x{o%6u>;$S@NJ}|$1I4I=nF{s~}+#Y`#`R$YOSq$&_E$Dw99|=(( zTy)jjR2!A*!s1%T2Q^8p*pVPoZgwB})r&Mk0gG7jWi+nvd!Xm0|4kY}{xA$Oaz+s( z6r8Z|BHs|}NwecvFtUHJfrSA@V19YYnxf5pJpbgUbGp`_Lc@?hTqr9YUiaYybNzWY zp16Lxe7GdIB=y$$rp;em_P9KlsgQ=-sDM|2j~}>JU*rlOyy@#^jqjgxU_5Wdr7L$9 z-wZ9kY4dMWS9fNOGEbnMmcI=T+2QBLi7)TG+dNkE7Hk;!l;(F$5ZqkrUcM<|*XlcN z#jB0H)4Fpvc7U0uL-L%dMCqNKWzpVO0(X+(*TK10yiUXu*PRy!4?oLK0jKxj%Qmnc z20Tc==6X}Qb?J^nZb?x(>%+%=J|CRw@fxt_b8eYu@~!ZIapn!Qb4|fe_@x;Uo39vk#%kkgl@RXonssm^}NuX>*hmxpDpsJO${#aad_nSMIIqn?R`-%&@&aLlL(g!S=K) z)I%piJ(D}$vnzZ{)@Wx-BKf+Wqq|x$ESY=Za8g2bp%=SCTO3u@npp=AyRB)eFPqww z;<{QEQrunMi}GP_Oq#Zi9IDEbTm!cTT(yVPt>tA_kX z+ogey(A9Y0XvTOD?!~i@FUPVdKHIusO2bO(PiGgMyfW&F5T#!9z9?@a6nI)ADefn`Zp@#gj%GEDGa-x5%; diff --git a/hosts/elisabeth/secrets/murmur/host.pub b/hosts/elisabeth/secrets/murmur/host.pub index 6f6fd5b..047e9af 100644 --- a/hosts/elisabeth/secrets/murmur/host.pub +++ b/hosts/elisabeth/secrets/murmur/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDfJQBQg5BlE03TZw3MLGGPK/YjYqR59OpYOEsvJX3u3 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGzGvzKvKZAODPCH5qsV6USwnbeEMWfDGIXFMRr+HsU diff --git a/modules/actual.nix b/modules/actual.nix index 2c63c08..1041ec8 100644 --- a/modules/actual.nix +++ b/modules/actual.nix @@ -1,2 +1,83 @@ { + lib, + pkgs, + config, + ... +}: let + inherit + (lib) + types + mkEnableOption + mkPackageOption + mkOption + ; + + cfg = config.services.actual; + configFile = formatType.generate "config.json" cfg.settings; + + formatType = pkgs.formats.json {}; +in { + options.services.actual = { + enable = mkEnableOption "actual, a privacy focused app for managing your finances"; + package = mkPackageOption pkgs "actual" {}; + settings = mkOption { + default = {}; + type = types.submodule { + freeformType = formatType.type; + config = { + serverFiles = "/var/lib/actual/server-files"; + userFiles = "/var/lib/actual/user-files"; + dataDir = "/var/lib/actual"; + }; + }; + }; + }; + config.systemd.services.actual = { + after = ["network.target"]; + environment.ACTUAL_CONFIG_PATH = configFile; + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/ln -sf ${cfg.package}/migrations /var/lib/actual/"; + ExecStart = lib.getExe cfg.package; + User = "actual"; + Group = "actual"; + DynamicUser = true; + StateDirectory = "actual"; + WorkingDirectory = "/var/lib/actual"; + LimitNOFILE = "1048576"; + PrivateTmp = true; + PrivateDevices = true; + StateDirectoryMode = "0700"; + Restart = "always"; + + # Hardening + CapabilityBoundingSet = ""; + LockPersonality = true; + #MemoryDenyWriteExecute = true; # Leads to coredump because V8 does JIT + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectSystem = "strict"; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "@pkey" + ]; + UMask = "0077"; + }; + wantedBy = ["multi-user.target"]; + }; } diff --git a/modules/services/actual.nix b/modules/services/actual.nix new file mode 100644 index 0000000..752269b --- /dev/null +++ b/modules/services/actual.nix @@ -0,0 +1,16 @@ +{ + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [3000]; + }; + imports = [../actual.nix]; + services.actual = { + enable = true; + settings.port = 3000; + }; + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/private/actual"; + } + ]; +} diff --git a/modules/services/kanidm.nix b/modules/services/kanidm.nix index bb387e0..1bbe790 100644 --- a/modules/services/kanidm.nix +++ b/modules/services/kanidm.nix @@ -89,6 +89,7 @@ in { }; groups."rss.access" = {}; + groups."oauth2-proxy.access" = {}; groups."nextcloud.access" = { members = ["nextcloud.admins"]; @@ -136,10 +137,12 @@ in { originUrl = "https://oauth2.${config.secrets.secrets.global.domains.web}/"; basicSecretFile = config.age.secrets.oauth2-proxy.path; scopeMaps."adguardhome.access" = ["openid" "email" "profile"]; + scopeMaps."rss.access" = ["openid" "email" "profile"]; preferShortUsername = true; claimMaps.groups = { joinType = "array"; valuesByGroup."adguardhome.access" = ["adguardhome_access"]; + valuesByGroup."rss.access" = ["ttrss_access"]; }; }; diff --git a/nix/devshell.nix b/nix/devshell.nix index 865712c..8bcfeff 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -22,6 +22,7 @@ in pre-commit rage nix + nix-diff ]; commands = [ { diff --git a/pkgs/actual.nix b/pkgs/actual.nix index 79d7e08..2b172ad 100644 --- a/pkgs/actual.nix +++ b/pkgs/actual.nix @@ -67,5 +67,11 @@ stdenv.mkDerivation rec { ''; meta = with lib; { + description = "A super fast privacy-focused app for managing your finances"; + homepage = "https://actualbudget.com/"; + license = licenses.mit; + mainProgram = "actual-server"; + maintainers = with maintainers; [patrickdag]; + platforms = ["x86_64-linux"]; }; } diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index 43657ca2d198cd15c1d21cc1ad08b8b50b0c5c01..a9eab46baa109d2d71f5dc78fa20e98e18112600 100644 GIT binary patch literal 5767 zcmV;27I^7lXJsvAZewzJaCB*JZZ2qgsD^zPzadUWiOJsUMW=>j9IB{@ScVbR+HZ@mJY*`9bWMnr;Wmsx2VP*A_RccXgYcy(COLZ_!b5}|@dU{V~Sx0qgS8ob7SW!c9czSv{W-)Yj zP%k1SXoSCXHIWSH%L=ZT4r`tZZdi>F*HjtHgj57WZ!2S#e@EP&HLyHc4b>H#KQOI5&8ARbvV*J|J*ub}eu+H8vnxMrUbB zcOXG)L0MC2Suis+PHT8fQB^WaHBm7!Y*%?&c`!{cdPQn^MKLfqX>4+5PfQ9jNq8`6 zOgMT%FlTx~S7ul_F)uQ0PGN0zYFI%}Nq8%Gb7?kKGj?%uQ&9>nJ|H12XL4m>b7dfQ zAS*{mS$A+fAa*)!EFe`ub1hV8Q3^R?Fim$!c0z4SXGTIdSvE&kcsMplQBintOi^xC zb4FTMOgLh1OiE%oOMr~nDIZ{MqLo_s3Heo__O?6^=HZ)6FV_9l4HcT~m zIYA29&!Dq}UjCdwsgG0%Jhw*NwV??Z&yWv#AwIuMv790Pd!QdLm*{{WFJ0*v0bNK;Q%joLaD+dHQc?#q)h>s%6L=gIv~8^pwv?>s-KXpEFIm{@YO zDv)rNBC~9#WZT9a2x3{kB?VSjL<7_|b_NWE0OuLkAGFFRK=tsV>c!c3!@2S}y9qoo zVQmX~2+vIk(g4)-*I10|w8B8RyE9YCv4IC{!~!$UWw(x0lJoOofu)sK007aQJc1}N zn?7*0*MnYkX53T0iSCic;vUQ6W>y^pA5yWwsIDBwCV#pA*GqQyVk_I*SwD3IC*z-88zz89 zi5^^sNL8yM-jyDkP5@R0&&5BB4?e*@AR$k_raNrG#$i#7TQOtkwCqy0D_&bmoQu?j zsM@Uedz4PGF*AzLjK6p4TsumyV#n01dX=7fs4{xBO{YGT-_aIz1u#_^y??Q_M+#rT z;p>N@blme9$=CfuPMKaBEzDVNxc_D0W)jI``-2m&7wxH4wb`Dc(^u+|9{g10U~%U^ z?drUc(#z2nm65IX?59lVS+pY*CRSu4ZInCzCdp`SGpA%M)3tKOl$Yj@AB5ON3}!37 zimx$Leg$^bpJhM18x@A3%TF=#&gryAj+|DHTf3DOv(>}gO=f>@KSnT)c}!$Dog+Qd zYi_z%ewgzV;@DqDN_yuF7P#9Hh0cBBlLZwU%}q+8#EQh|Y6+o4Dm!+=-v8PD@eKWj zt6Oe%hmt7nYz1M+;Fo`IK=GltYq_~u^6%SNnY2y9t}AAHGaf=Q8Gijl6GW!Ij0(?o z^d6-rK|{N6#_za=`sWM4N_@|u%VhXYNCv`A`#5j{ywP5UTVmk17Tim?(6q~+Bk-jJ z1`cTi>LqtVK)3(oEO3$=0l%Z_3{!yrG0cF@CqC|h4|@o&ajK6aBPkVj0nAdIwr_S? z;uj_}6?s_Exmsru`S#KlKC@`XJs%>?cd7r(e!R6gjxAL_zZ@yc?JQb(Y0%q1=tlTOrCvGf^ouCvQ*(-J{N>90&YdS~mwYLNyJ z4VYgW*s_p@#@Y$_3JUnN1fTb!+*(({{L1i>Lw_Y|YG8y#L}cR5;$lTa!0#W=Y%mP0 z249QqH?VZWn)H|Z3<8ueL9F3Yn@5Mf0N;Q-(txqJedO77gao4*+ueRH`=fhCb3*pO z@oZO|?g-cs9enU9p;M)TsDrCMZga*KPukI|ezal8S5ncQYX@+T>EAeHl9|P|BbE);D*z1Hu)G+6n?jnRbXHu z-HMNweptqGp@PWl;dnHFlk;J2{{K$l%Mw$;ArxhRdKOLd)2gNDer|t+qs^!j*#aJ+!{^x)$V~sJ@BigSil%kIG$tC%?5R9J%4UPMj zLf@OkIPC})!vNpN)X~BD?WTTzAz?Fz5yTwzS37x2TWE$ar+^|9Mh8Qh_SJ&pXQlg# zURT(1d!Mw&n?b>DH+4(#JK?Fa6=QQI_X|KQIxk_LfhrCfH->?w7 z$2Y|Us)nj^nq)?_S2AaX+0 zaBvMCv^1xSzl=fmg%=Gw5Amt0M4e3Ou-Q2&zv@3g`?0wYGL6ol9;o+jM-Ikct%b{s zVG|M_-?&!7c4+3Pch%8F)7KBM83<(0+9#{$)hpXbd9h%q>VaUuNx=g(AFr zP4n?ruB~JuIFm7e!uwn;+8{pf2#oD$_f<*y7tPV9>u1f5z@O`JAfyX?Do zRe>tsgDUJAKTpkKMk!_g4ikUw!DkE!+#6MzBcULcjHmYkTx@ZixEqpKBSPYfgTRh zH}qLoq$#f|ljM%6gK#AmRfC+HIa^CNhyvVAtCb|YN=+a8f?agBO@D!_R?zgQn&Tj* zgC@*j67*yDOXkmuMo?2*wOt#n2qzHt1Z;1ITfvr0%HIi&piu> z+k-0?v_6ki1a)eW%PU{q6QsWk|JCBb*g<}Z9iB7UO72)O+;Adr^X#>BO?>L!d1&+> zJ2$we$ioE!>k*u@$G|9~meazij)vg1o*y$?(Q_Dbik2j0oZgA*$XIGA2`Ms}oqf9| z3{%W1LU)A`pqxSB!rcj2qq{8>VLG<90a7NH_X>IpRQkW)q&Yx72!WR2nLjR$l2-u* zL4LRJn@%1GZ8`U~$10&h|L0l|Q$D|LWWv^q6Sxj4>Z zJkSKog>yaPuYSQTWmDNc81Xf2!dGS{9dy=DpV+%~th zto-{lBsGQ}FCh$G@$8f^J%ifA&J5N&ldEGKZ|IRaQ`NUq{Ciw{n%MLNQuh1%i4`7R ztN?rbLMFMW#+AULQP4|cel8xX#SHOeB!B-Ose$0Uy*cY32ThDHjsYBH5P%=qepZru zJ#xrBiKB!tEw!R$0878|?{mgQ(s?o}H%`&EPrq9r`Qw0yGgrmSxk&&e_Pm^oD;%-M zHl)~L2&$ppm#iB*t*;86rTy0|orKgExD5cy=ADoa-|570nnq_Yu{*`_9p&!Hpbt>d zl|q4m8gJIZnGQ&^FI9ib6HHKH=o<<}&l&BJ zs(IOnY7Myf5)ctTwi>hj7551Mw7XZd%DKCkrScSkFJD*EfdGa@=eP0h6_qc91V^&+ zdDR5B+zQdK20T`E@e2=rYj0;F^^^flw~4THkNho${m!(tB27#TgmcXfVb?UFm>TLSiJ?d$LBy5A&x3|@j0Ii;x@ zOL4Sa?;@V9EVQi5Br#JC)k{mRGoI!%<-TLnjrVLxq5s`zhENyMDn8#sg0axIXPiFZ z40d}vSh|RuVi<^(?avd5C;wDk1&)7Ce1|#{YXe@*&{F`Fy#~PyiPJv0+53QnH$8)8 ztdufonG6d4v2woP74ayaY>?qi4LOixyWL~q0Gm-GVj2L%p#|M$3_=|E#1vH1TR&9CB8$#6hA=*4dwvCPmL zAk3R2FC%j|X)^>AY54|XInZHhm%L^s+J}u3F?&Fc`pcJewDA#40;8>$Eg|`{ocXo5 zV0V&C!0#1-%Sw%&cf$o-tnsf$cpo8ZCu43jxO>S6ELJn@d{}i{>G@O9-D+n>U7J`d zCMbOGzgZB*V0J#0e*(BhCh6pNMZ%#Q(?M^z#>1|$gWzNiJw)+15z)wFb z4j}D(M*h$ZBx=0n`D=S~{M&`T^e4n5w?&EN)5AcmG&*K}ae#jjlRv{j+?1WxN|ZQ* z!P*au*iLNuikmaG9bhy>IGy(URjFA3U$?#>SVr*C68rubqieIna_U+&?pj`BIFS_t zBc9{at?3EGqo&>6N@?9!19LFB6d=WMX#;pptphpIFoo;yRSG}5W)-15wb{J4;skFz zc7TYsHCTt~w`l*huk)g@ItY!DafaB)EVebYUj%&W!A_XsVLv27tXn^hU&n#6Q&K}Z z3GKO?J75o*yUd%FoD#6{GWCz!9BELvGEX=ljYtE0j2}b>eu{TNRV~;bf?g~P?cH(R^XuifT=3& ziBhQ|5pyx3cn$9%a8sW*;R0s{wqx=Yu<<$7{oW$x&Hj@uQqe{itvT0epCVG4{8$PG z1QxTYF_1mCu@PVpidnO)pglATg@JOshc$I{bv@>&_|j~tWFmAjvv177Y;Xq}3M&5+ z$pueMxAS@sKJ*qT7ow%-(3&&bnX%M9U>@osYjDV!IF^!UjUQ5_Gon1{ra`SHg|r>I zap0z|WDACiv~}ZwL}@vax2)R>Uqdif^wnt?1?@#agWsA&-0nH4vdDX_xpt zxs&jc_xK2|I6&CC#d3oyvbs@6TI*W%zTqgMtQn>HLfPjvw6omQ7s4(&@JR7*l?#0@ ziMsNeBb%$x;pZb3*mV2tNnH_MZLXva`)O|?^kn>(;ln`G7zo@IPLRL&YKDE zie$530>gz8#b;V?oR4>z#oh;g(81rh?kK)aA3mvdTdutJPJiUBbNjh$k-qOUvWQ&{ z54AfJuFDI96{@wma>-NepvBQw7JIt?N{!ChIZyfMJzqWPox%0Vnf7Ovj(PSeuxC>C zH7m-V2nCJt<-`$PntyP%8zjV?HIAppP2*@S#Z%x;_;-T6>^2%o*u25QFLp<_hq~xg zS8ywbCgQV(NE({2!UF(OwcFYyQ@qAeaThyCr-DunyF6>x9mr$J8cd zM^nAtppiBn;ZA~(&OWb7MnZ>*gjEnjM{gKnis??LNb8Rcyq-&72i4Stms?Krmhrsg zL$9IoRS5QSdE<$ng`P-XB`$Qg@92$Z66;UuRN>qnlfpMhtQucFm*>V2SpY3;d`!WH z6&2sSHFqeiF`Qa^OpR*V<3Ln%!`!DB)Bn|AotM9$Tu8LjUe^*7WwQchwNq??@k!=% zKDTq2_9AXv`-d=v@dH^B|C1yFkp}6imVp&xk18~h;>m{mFBowtmqO|$BSYfJwlM+< z3d=r7QlWZwqX6SwKrO^I87}Dxk_FhE%mqIfk>Yp&s$pDLvem_Fnl(g1!f&fb=ZG2H za|fW8k>a2(0xG+M(1!ncA@PVxpikU;?)3G0>#8q|#AQ6YBFuJneTu$*2yKUVmi?dC6MItGk2pS zhQ#M<{?<-NG`KwSn>%R!Raq2QHCg&c8kH}v{VUU?BP92l?h)eOnRMtiC~J=MIN{Y% FaYAKKtPlVI literal 5730 zcmV-o7M*f6MRqf2T5M`!Pit6DdP{gsOJfQxJ|J*ub}eu+H8vnvR8ebHK_EeLZ%tE8cW_Bc zac+1+aYipTD^pZCSvg8cY+*-hW@B?WIcRWIHh5KdbyNy3Hg9M+YgaidaWYRyQ9)K> zYDrO7aC%Q`N-<(?W;HS}L}+F&aawd`T2%@yJ|J*ub}eu+H8vnxMrUbBcOXG%HBLum zXgD}xH&a4dRYYu5H)>)=X)tJ1T5E4=WOGqZVN7yTHZyBSY<3D{IBQEUQ%YiFaY<8c zWode3HC9$gR8V7fazacpXhcjgXHIr!ZCOJ|RY3|ZJ|J*ub}eu+H8vnMc5P5}Q6NEj zWOGhsX>(>}Q+jlFa9V6LNlaO3P&ZL$F?um!He*zSYuFGR#a|Ua#KlFa!m>?J|J*ub}eu+H8vnxMrUbB zcOXG}IAvvVWim-^H)2^;MMgq#FLqExcy~rsNKi#>Fh^}cOie~GH6I^H){$lJ|KNdNib$4EoX9N zVRL05HE|$3Av;-dP9QH}ATMK1OKJ*4Olnz4YG-D5HY+tpNi=FTc5h-dd2DueMo}_v zVlX){dNV?7ayel^Xl-+6QhHD^Hbqz~NMb}aFETYxWNd2+Xe&x=K~X_fGj&B|M|TP> zEiE8wZ%bNaYG_3oaRWD{jYiva}SaS*&+XmQ4 z@0ff}9g4^W$iY$^wM36-Z-upNa z;;2^+!gaUJh4|3fS3RYvP;H7E_`VWblbEI|-M1n}6{NAsZ(u~>gFmH(P*D%-cCiKY z-V=;9(SfEK*ntG1k~wMM&ahaeoa9Zfc6(y$Vo zb|!h@X-~u8wm^uBVmZ2Y(RP)s2MRrI8E0o}7TUMwhW2(p`@W&QyH^9=_jSv$yQn>O z+76mqJv7>9bE8KR+D5XyCWg|hepO@1wr2OQLQ@t~)^@$kxm{F|`{&CwEq3@q{;mtU zlxO;R7Zv_IlM!RyK6n?k6}OOWZpXB)2{@i* z@=Ac^!Zq)PQmH6?=<|PCptfrhc9j6+b9(IM$yH9~_JaWZA)Q zvgsddt!S1N$s1xF%=NRBM{7$ zfJFHlOur@px<=ZDNG(T0UVkixEmEp&Ps(q|guoWw`kcV~C=CP*3q=I{80E8`p0Fuc zKyE^s=9GzPkAFA|Gy06PM502GM4tg)GfYODIRmevzk9yWaX;)61cx^Bi50q12H;_@ z#>$nuHt6U}mCAaNjI`Yu=faqws;Suv8=5ls*%{|5ExCohdtNX@ti?D-`A%UzN^@+Q z?oC`THnbZo?1)Ac-R;m{rWEYtt?g&%<00V3RJ9q&p+4+X*AB@4xy|K{g9-SxEx839 z;z(|`FK%(fw1F%~cXI)IT%DA$46;F(Dv#a8tSv=B#0zB4p)e-(4rDnpHk;Ji> zQ`OZ%PS=4S<9vxmDDQbX+eqW=^M#KM{sXb#b=3iVx9yYT&8zbr+oq%xSUr`a5(qm( zVxtRO%uEZMiMKWkY_&D@cC0*sX8C7}+g?Vv@f4r0{wNtNCj!c;bjAq1^A8E)No;pm}e+~%mcq`xus}}Wv3k$ zC&&2yk`%jMnXtJpviKHfyl_{8RT3Q-pS}MuB`$fr0*a9W6Ws%owIK0}V2S6m)2coa0FCaum07w9CBH}>B@E< zY5JeN*MO z?PQ&=@MTLju$U>@CBXGy?LJ-cNktl?jS4`-4U~rEW}mKE;8U(=e&&ZtZ{3cN7?@>-WG~ zd?Q327yI$XI>W>$r3es<;#Kd$R3v{WII)KiT?y?y9sEECTU!My3N!Tt`+ zu+Hg3pjbM9zN0Z{Os){8EMZ0y71zv0J!Lc2@ZIBsb*>^t`%4LI_G zBu!<(TfX?!0DG3!s>AJ>osPh{h`|fPnoFZL-RGw|f#02q;-?V&9$Glg?ysRPXJZOL zwz@NlMXYaXAq>)Cz@2mk-fq^i%rMXEtg6k5z12cj5vlSM@lJBqpqzP5ohvVdJ^;5q zjBp^_Gw(V4`GG}gNjuazY;$iD`Z_K*k0O8LI$s+q($H*T6j4-b&jNOWpIVwX7Ir&p z;6X_64W22{kMxZ}rrvfIwh?GM{KT#bXT7@su5Ta+yFRM|qpO~Wa>G30w+wY!Ih`l5 z-Oy9%*12gOLZ=s@GD2H0bd5mD^|$54I!bgadu1W_NH^7it9S9~nB387%axIa3X_7T zJX*n$a)N}gI6V+Ek)(Z7FY94nLCU%U;?FgL1E{rj1!>E<*UKP+X%=sBwe4Tp`uUXN z>m6p)6^78GJ%2_A%tc6ruKTO8fyOP*H(k&<){)O~WZ77;2v@rTOb#Q|i>RwJ&0Y5$ z$FcqK{!yMiLSb}KFrx?B=6fYOwRM6{3CEms#zeloZ*ON&bQ7FbkF$1o=-u-2+UU2x zRPG%yy>jb$gdz;LhEzf;g?*u~3F+WpySHTM#+43S8Qknw>LmLAw+y)Mk?Bh+5Vvgn zJ-^_SBArXP0d8SR$+Go$k|6s~%da*Q*cRwM$49Y!b2fWI%1%q|z!`H>$D9d|fFwNd zLtal+Sh=7_p~QT_#8X9ggL^L!vKB#%7)W@Prgz^7jB(@hsFF@z+GJ?;C1rNFad< zNWl{pggGE15_@%i?r8C*BC(E%ERfJV?%+Acqco)HVg+ozI(i^#HkR~QptRwQwt-^f zsnHf&o!S~$;Bsg$zj`egzg$Q*QCf%%JDClwY9X0XtHPc-@4BD04qlLXs;2|LJOA^_glUfoUJiJr$H=X6%5# zP6|2SV|L$7UFFKH46+x=+qv6n1c$I@<-Ebz6kq9hJ&$mrg z>icVTnAGyU{yZa%7RSbgDcF@am@w9)D%KR8qv{nK-@Y$5d=7|Qg_hh8!I6C}4S?t_ z{RhHGIwBwVyg9liJP8yxZKiK$o3ZJC!}b!w6i_y+maK%IBTk7rdua3=Fv2VZ?yj(? z%(09;5V7Ej!LW>ZS7O+UpH0!l7meM2&WQwRf>l~J0i$?OaNzZKTDTAs(g8(vaq}+p zI^y&EPR=X0_H@Ipe)O~#&Q~Q4Ta$Bw)_$CF^ColZkrNV?noC}mukH?7h=kFGG{@g;& zbJH1wQr7@)BW_n3{%T$`h^Wr0DoJDpjB_#lCTOlbl=3Yp(*@=fF}m60kNLq&25Dj6 zaIR4wQ`&>~t`x%G=Z&L$Lw4!)&MdRV*&LCI?47`?#K$hUh4Ittt#c;}N0(IZhVoMU zE!?5@BUt1w^zJTG33)uVYg>XDP-bNluUL}36408LjCUddQIfTJ^nm($vLy^^CdApl z3Rcw_Zt?lS{!j!U^qrJ2kjFUuAOA(%l7MbO`N z$y#FQ3y&Lh&Q~S<)kRu)$#7_x-DZ-7uKM*r4sJLDvjGilKBEC40wKO}vy;bH9n6{{ z$k$hRf)Z+KzXpQgfv!;-xYn@)i~GXGiUxByW(Ja^)X+x*=A1REw~S<3ES1_e9eut-_&$sWy_WY59>K!I zILb*xvFzlD=R0K{;z%)eL7LLbsVQ9ecbo2*xCh4(O`$dfa1#ktJ`u;!se%0A6}~R; zJMA`rs{~Kn?+jc*PXeA4Bq^j4=e1=^SADlv-)>4NonQlsZwW2^t>lB*gz9XCm8^GO zVUAMbZWzh z%bM0Ld?1yl467D&Ox{|SfAFGCNDXX(yPR(*Y39dZo2?^1%IJ)Nx?0FvDaj5PSa~(A z;{V$LS-eEOs4pT`o2JfWzFiOG7TatX3n}RmTRRs=s8-i*a;d%gJBn6tR&{6Ed^s*; z_(!sJtcp7 z!*UjZ2$fy=n4D_8T@K!817~X8h?Jk8#J*#IV$+@}9$2O?U>pIxi!s!q4AXCz0{o7B zfR6;bu`C_;kQkbFhjd?tK?9>_hbkaIU`~p)Vw>OAFb;0xxq55@iKReVx_M`WS2(MW z+Je;^XG^do5|&=~6B~`5R8ms_EWGe6@&P+ezQf{jOXy7%y1UFIOQTtb{-m~|W2DEO zNuMu;r}&U1qaBWu-TAo_aa3aDHi8Usq{Tj{ajZe53UJ1LeOGDhGKk9lOPaf?85vZf zboKV@Ql^RB6u+@4Q15XZS(%j7gZBO`c1<`qTngV|_I}er03s3hxhDSjk4=)B zE#)qG7(r~)bnodDF_E#|Kd0eVf84kT#G7EQMlXmimvI$7XE(n)YA#^FM84Dyr<`2L z(YLr(xn7stL^aJ>6I9<@@3NM8h7@Zlkf{rd{U=7hm}0~cBAQ1S${q`y48hYh;$>Iy z<&mn+cvmDD2D4xYdNK_hgH2a+Id$*M_*=K{z9Sn4k5V+Thnc`h)*InCr-SH7r^#-2clG z`ntOepx&+ZbZyBzk%>N;h`uhy+5Vmt2V1?}r@uuASS?{QTi7r|$YM)#0KQwQ2fE>S zn)UOCc3RznSft6cTtf|pRzq(k7n+2Dn86$P3y9$((4Qe|7pCHEc&F z+?P1A_a^>4z8RgPe9mWfx+zi>d^i(RB>{h^`q#|hVo(&Ck13e5H8<_syF^D3EvU|9 zpkR9LpN8Fzr9+N4bGF)%P6_Q&K&0;8)XDEZ^!eE#iZVk2hk9#KwRM(8PFp9Ld6fus z0I`xMF&S`+kALyjnssJ2XsyWYVQSNu#>oL<;n-$_z*qg#aF6{_}G;(;7n9 z@{xn6ux;J@=sy@v+%Nh^c-82me;Tn`47Y*g_@2g#gg}R{{(EtAh;rdro`G&lTQ2Tu zHy!3trL0*=!CxZkaT|CGL#C@H2A8NOjA?ooqDHq}Fx5XWko7RkX}au9M>8Q4h$ZOr ztccko#avIa2~OR_8d+$biWn{zzRH?kSpT$RS*K1Y0S(K8ewiNH8#1zJQtAS9VqP^G~qOAap)c z%wKFWZUTC@5<;bH3-fbqeJaM*piife!~T zm)^p?o@Kn89f>xH<0biRzkw*NEpuGYQ6KDgebeob5IJgY+In4{F{Tn6Tkl#)BeQg{ U+nzHu!(a;2w=#A2C{ME9;bJDO;s5{u diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-actual.age b/secrets/wireguard/elisabeth/keys/elisabeth-actual.age new file mode 100644 index 0000000..d292df3 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-actual.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 Mv11pZInyrNKXp9yT3maeq+nLpYWEKGSTog8bpa/KWw +ybH+dojanR8n4Ubq1H9D7CE5ipz9y3nqUnqw/6h9VNY +-> piv-p256 XTQkUA A3oYQXSUKuRPADT5kQEcZdgnkWuquWC2IMTYY7PHxU2g +dHajYp4/VOsBjdhQD1+UmX47F0v6q54zAFtJk82H1Os +-> piv-p256 ZFgiIw As8XHst+QSiFmM+jsDEPunagwwGsy9XG5ECAH3p4nUzp +qRxV2IOLGyMvsGIIKEj5wsjPzv8VB3s8UsXZ5tSJwxE +-> piv-p256 5vmPtQ At3pi/3ckCTfglnBNUOo3Iw182iBhm4/BdpEo6j51FZi +hJlqdt9g3g/BnvoXzjpjJgaRaNQlNgebF1SvGxLFTkw +-> piv-p256 ZFgiIw A3idLYAMWytoYJMcEl3wMbmWYxkFKMgQyBBp6KT/+OsY +29hfrgCAF+wRMQD4f+cItT63oOp0lx05FqpCKZTNyXs +-> 9O-grease < `3z5 sj+v +Qp3zpkMRcdwm62T+5GuIsMOd8dP1UetRc2x+z95NyQGM4lgNwjV2yoGPFNo8igPR +Hd7p4XkjjEcYtS9jv8m+pZbIi2KRdVCMLRC8f+Av7Y2ONQI +--- ViopD9rjKx8zdT8FHjYlB+N0MUsQT9imiTv8dlzF6RU +z灹 ~{rːƦo]-!;$dJ<|Is*ӷv$ \ No newline at end of file diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-actual.pub b/secrets/wireguard/elisabeth/keys/elisabeth-actual.pub new file mode 100644 index 0000000..db258a8 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/elisabeth-actual.pub @@ -0,0 +1 @@ +n3HlzW2vkFj565rNTLcZHgJbBip9MXe4s1rctRWi1TQ= diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-actual.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-actual.age new file mode 100644 index 0000000..f33733c --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-actual.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 EYthUGeAWjYiRRcvPvVuWppnAnVEKvbBgkegeGFGzGQ +STGglgLwWiYP0Plr69RVxlIGVh0ZohPCaUy0Tl2rnbw +-> piv-p256 XTQkUA A1Tk7Xmx3KAxWakrxXyjLHzuAvwc0Y7p582tV/i45s/0 +nhkvRnz7+lr0df84MMoHQJbpUoj+0UrdTw/XISq8taU +-> piv-p256 ZFgiIw A4rpsK3V2kcIQ2DRRL3Vj9nZUgANguzqvtHuLAVsCVlP +3V0M6j9CU/LWRkYaDI+3qvynu3s8UU91pjCaMEG8sTc +-> piv-p256 5vmPtQ AsD/VOJLQcHSoOVtJ8zdHxSnOv2JX/MsAGP0fB3SPvBq +yy4YY33Tzflj3rQg9xVAfJe47NNeX3GLBn4iZa0+aVM +-> piv-p256 ZFgiIw ApTVTCfJLHfVGA1Qbi44CisjSX4j/tJINa8xRDnEGYAN +4Z9/mK57H6JH7fsAlQTcEX/JjdzDiA+XgsA8tvcqM7U +-> Vffv6Z%t-grease Kc1"0ol xYS0 +SOTywmAk8Z0fVaBEgVlPJMVWYNrN +--- GsqSM5RXgbGD3xulF6piH/NxH7AcVRVJT6rHQUqV/sY +xA,AfYUR!$9QUcNjn%HnuVAtbJ ^ \ No newline at end of file