From bac191ef2f7b993143a14511ea7b61b22cb9169c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Wed, 26 Jul 2023 13:26:11 +0300 Subject: [PATCH] postfix: add to vno1-oh2 --- flake.nix | 4 +- hosts/hel1-a/configuration.nix | 30 +++----------- hosts/vno1-oh2/configuration.nix | 35 +++++++++------- modules/services/default.nix | 1 + modules/services/postfix/default.nix | 39 ++++++++++++++++++ secrets.nix | 2 +- secrets/hel1-a/borgbackup/password.age | 26 ++++++------ secrets/hel1-a/postfix/sasl_passwd.age | Bin 766 -> 0 bytes .../hel1-a/synapse/jakstys_lt_signing_key.age | Bin 639 -> 741 bytes .../hel1-a/synapse/macaroon_secret_key.age | Bin 633 -> 677 bytes .../synapse/registration_shared_secret.age | Bin 720 -> 639 bytes secrets/hel1-a/turn/static_auth_secret.age | 25 ++++++----- secrets/hel1-a/zfs-passphrase.age | 24 +++++------ secrets/motiejus_passwd_hash.age | Bin 831 -> 862 bytes secrets/postfix_sasl_passwd.age | Bin 0 -> 782 bytes secrets/root_passwd_hash.age | Bin 793 -> 841 bytes secrets/vno1-oh2/zfs-passphrase.age | 25 +++++------ 17 files changed, 120 insertions(+), 91 deletions(-) create mode 100644 modules/services/postfix/default.nix delete mode 100644 secrets/hel1-a/postfix/sasl_passwd.age create mode 100644 secrets/postfix_sasl_passwd.age diff --git a/flake.nix b/flake.nix index b3bf2da..1b69a43 100644 --- a/flake.nix +++ b/flake.nix @@ -63,7 +63,7 @@ age.secrets.zfs-passphrase-vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age; age.secrets.borgbackup-password.file = ./secrets/hel1-a/borgbackup/password.age; - age.secrets.sasl-passwd.file = ./secrets/hel1-a/postfix/sasl_passwd.age; + age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; age.secrets.turn-static-auth-secret.file = ./secrets/hel1-a/turn/static_auth_secret.age; age.secrets.synapse-jakstys-signing-key.file = ./secrets/hel1-a/synapse/jakstys_lt_signing_key.age; age.secrets.synapse-registration-shared-secret.file = ./secrets/hel1-a/synapse/registration_shared_secret.age; @@ -84,6 +84,8 @@ agenix.nixosModules.default { + age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; age.secrets.zfs-passphrase-hel1-a.file = ./secrets/hel1-a/zfs-passphrase.age; diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix index a1f785d..3a09a6b 100644 --- a/hosts/hel1-a/configuration.nix +++ b/hosts/hel1-a/configuration.nix @@ -18,6 +18,11 @@ in { timeZone = "UTC"; services = { + postfix = { + enable = true; + saslPasswdPath = config.age.secrets.sasl-passwd.path; + }; + zfsunlock = { enable = true; targets."vno1-oh2.servers.jakst" = { @@ -371,31 +376,6 @@ in { }; }; - postfix = { - enable = true; - enableSmtp = true; - networks = [ - "127.0.0.1/8" - "[::ffff:127.0.0.0]/104" - "[::1]/128" - myData.tailscale_subnet.cidr - ]; - hostname = "${config.networking.hostName}.${config.networking.domain}"; - relayHost = "smtp.sendgrid.net"; - relayPort = 587; - mapFiles = { - sasl_passwd = config.age.secrets.sasl-passwd.path; - }; - extraConfig = '' - smtp_sasl_auth_enable = yes - smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd - smtp_sasl_security_options = noanonymous - smtp_sasl_tls_security_options = noanonymous - smtp_tls_security_level = encrypt - header_size_limit = 4096000 - ''; - }; - logrotate = { settings = { "/var/log/caddy/access-jakstys.lt.log" = { diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 5185f91..066a471 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -40,21 +40,28 @@ }; }; - services.syncthing = { - enable = true; - dataDir = "/home/motiejus/"; - user = "motiejus"; - group = "users"; - }; + services = { + postfix = { + enable = true; + saslPasswdPath = config.age.secrets.sasl-passwd.path; + }; - services.zfsunlock = { - enable = true; - targets."hel1-a.servers.jakst" = { - sshEndpoint = myData.hosts."hel1-a.servers.jakst".publicIP; - pingEndpoint = "hel1-a.servers.jakst"; - remotePubkey = myData.hosts."hel1-a.servers.jakst".initrdPubKey; - pwFile = config.age.secrets.zfs-passphrase-hel1-a.path; - startAt = "*-*-* *:00/5:00"; + syncthing = { + enable = true; + dataDir = "/home/motiejus/"; + user = "motiejus"; + group = "users"; + }; + + zfsunlock = { + enable = true; + targets."hel1-a.servers.jakst" = { + sshEndpoint = myData.hosts."hel1-a.servers.jakst".publicIP; + pingEndpoint = "hel1-a.servers.jakst"; + remotePubkey = myData.hosts."hel1-a.servers.jakst".initrdPubKey; + pwFile = config.age.secrets.zfs-passphrase-hel1-a.path; + startAt = "*-*-* *:00/5:00"; + }; }; }; }; diff --git a/modules/services/default.nix b/modules/services/default.nix index bb9e45e..c6796d2 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -5,6 +5,7 @@ ... }: { imports = [ + ./postfix ./syncthing ./zfsunlock ]; diff --git a/modules/services/postfix/default.nix b/modules/services/postfix/default.nix new file mode 100644 index 0000000..df07030 --- /dev/null +++ b/modules/services/postfix/default.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + myData, + ... +}: { + options.mj.services.postfix = with lib.types; { + enable = lib.mkEnableOption "Enable postfix"; + saslPasswdPath = lib.mkOption {type = path;}; + }; + + config = lib.mkIf config.mj.services.postfix.enable { + services.postfix = { + enable = true; + enableSmtp = true; + networks = [ + "127.0.0.1/8" + "[::ffff:127.0.0.0]/104" + "[::1]/128" + myData.tailscale_subnet.cidr + ]; + hostname = "${config.networking.hostName}.${config.networking.domain}"; + relayHost = "smtp.sendgrid.net"; + relayPort = 587; + mapFiles = { + sasl_passwd = config.mj.services.postfix.saslPasswdPath; + }; + extraConfig = '' + smtp_sasl_auth_enable = yes + smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd + smtp_sasl_security_options = noanonymous + smtp_sasl_tls_security_options = noanonymous + smtp_tls_security_level = encrypt + header_size_limit = 4096000 + ''; + }; + + }; +} diff --git a/secrets.nix b/secrets.nix index 553e4a3..4417a67 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,7 +10,6 @@ let in { # hel1-a + motiejus "secrets/hel1-a/borgbackup/password.age".publicKeys = [hel1-a] ++ motiejus; - "secrets/hel1-a/postfix/sasl_passwd.age".publicKeys = [hel1-a] ++ motiejus; "secrets/hel1-a/turn/static_auth_secret.age".publicKeys = [hel1-a] ++ motiejus; "secrets/hel1-a/synapse/jakstys_lt_signing_key.age".publicKeys = [hel1-a] ++ motiejus; "secrets/hel1-a/synapse/registration_shared_secret.age".publicKeys = [hel1-a] ++ motiejus; @@ -23,4 +22,5 @@ in { # everywhere + motiejus "secrets/motiejus_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; "secrets/root_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; + "secrets/postfix_sasl_passwd.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; } diff --git a/secrets/hel1-a/borgbackup/password.age b/secrets/hel1-a/borgbackup/password.age index ec7b942..f28d671 100644 --- a/secrets/hel1-a/borgbackup/password.age +++ b/secrets/hel1-a/borgbackup/password.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 vDjOfg jXKd84hBLGshv+pBkasnRvAOR6zJOv9kqj3MFhNEfSc -PR634A9Br6c0NTSZUoq6HpHfbIkbZxCrx+QzdK0tnHo --> X25519 EQxm5Y1GnCgOAxq/sWSksofOs4bqh5thYKchFE7AVlY -i0eqmFuXZ2VGMOHqS42vifcYXuBCTlF+Ckp6M2Dxrrc --> piv-p256 +y2G/w AvNFDhoheGvhx1OPcsYjNiXgcE2IyzNxnQa5o92TOfo/ -ORGLR75OPtt5t3ZntdrmKeWNqcoOh9/9l9LPrbNd9/s --> piv-p256 jNqd3A A0hKbEWxWIgzjqC5rPnQvI6C89vvp3Ejm5X3hoSmJwcV -nae0utik6loEuMbOUe7EZoWszJYMsA4aYIT1fBu7rmk --> W3-grease Bi-\Y /Yn -vVlW417ifsv6IU8m3IZWxis ---- 4+ia3CXXOvu7hPj9GLiTnzqQWwNPc8osiIysKZl1ApI -y?sAEoFk'E2ά**Zc-qS -JI6u,D \ No newline at end of file +-> ssh-ed25519 vDjOfg vySEUwrEbfzV/E9EKMzF7il7gSKxn80EQKSTSKE4WGA +++iFPSRIhJ3nRa2AKoCqctDt+gmQCrmrZeDt8NXPjRI +-> X25519 aFkDi0dqTmG0ZRK3x/GwJgktpCXp8H1+UqHfGIZ2Bzs +DXdwjN9xu9c40bdMyJmNI/iE9ejsQGxJrrfutrFBOIg +-> piv-p256 +y2G/w Ay2OS/A9MQ8kz4GFqGA2Jqu+qw2r1RkY7XDX8vRIM/bp +6jE/jqzx8Z7KFoX6OerNLqEXi8oEsQSzbu/4UTDfjt8 +-> piv-p256 jNqd3A AtoS0czOJchiKvrVfng6DWWdjdtyObdkwn3p5T3D+1uf +i62iUXpOEN0nTgcYe/YrXUki6QG9cq6hXRv2Ar/JrAc +-> g_@F2fyi-grease mXj +lTRFX2OWma7s/ER1R0NLRL//r2j50z4Hfv/ka0HJhg +--- YbEUnvdIuGKWPKLybsHLoDH5uBbnau59aiUJk72V1UQ +i;u1tyXhL +J|ռ䖰9~mAU_ͧB7@}3 \ No newline at end of file diff --git a/secrets/hel1-a/postfix/sasl_passwd.age b/secrets/hel1-a/postfix/sasl_passwd.age deleted file mode 100644 index 1aa8836aaad23cbdb393f1c6d93d7851622c79cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 766 zcmX}nO~}(`0KoBG95cu5=)@vJ(9-3jPud1y^J$v2P1-a~8JWcZ?ZN8eMP1Bs* zeS4LOP7nkS!^18rB6#p1co64h=s?EsAWVjM@$|y*u)Q02|HF?za_ov7TFGv;UPR%S zQR0vpO;o-rrKwx7=M2lzTq$cU2iPeoP)FpF=Nt7AA`OaC0S%f=Z%h{vyOIntG;8u~ zpo#ftNbFkcqP($-9tR4Rg3v8XT`nA2Srlcu1B%#2JUsxtg>D^a=Kqi%2@`Y4Y2j?J z1RV|a178>!eRE2Y)-nR2nWIrh@LD#c2!#yFG#-b7s*~S;a|gl-h(lRo2#gUJJcmm$iqX)aJW7rn_>P$;Bmeb&9IpcIw9)CvQsC{K@fOpTB-{@5C=OpGw!Nuip0`oZr8__t<%FUVM0dtG~sUe*5Xq zKT>>o&%g8C$M^4k@z>Mq_!(=WlLPnB^y2t?^U8}o>hz%_x0q|MGGqVPH<#6;7Y^@V kefh(&)rS1L`{a{%zkmAZbM)@BBko6&o2P`UUq3zf55GbT@c;k- diff --git a/secrets/hel1-a/synapse/jakstys_lt_signing_key.age b/secrets/hel1-a/synapse/jakstys_lt_signing_key.age index fa1f1595140fe82aea0fd2f6a4abc6754f1e8cc8..d2a1a880993cdb1392966dbacba6ce5ac2f1f842 100644 GIT binary patch literal 741 zcmX}nJ&%(B007Xs4LZiTLDp^IgN3DtPFgOy5sesJ zLQN~ymW8QN2V*6U3xJ=5-L$8&3B1qGRxuemS>gB=TWNmQ?3G?r^wZ&zE}ZgQ$ovw@ zP`nK`)+h^CAVro7jW2Y!nG*f5k4M_tv{;QarYs>!j=Hd?{(1-IaBhhK<58wLo<X7nE9>HWrA8IROt{TS9a;gl@ zU(l_+(9R(*cg(^8`?Mj%;7vCI8BA|Spfvzkv#yusOy~>5Dqu@Dw8h*;rEPdTsNz6P zx=AI+D@ih`LDSNE^pew5G#j8|E|mzSbb+uQRnkJ5wNPQg`cs_mkThRSx@%@S3@70# z-Y4?B?U#flRiy0lBI~Gh1war4wsF#RE!16)^-c@s8M-Dlrh$9uHly^2TBEn`%YOmfUja=3 delta 590 zcmWm9OKZ~r003YGWg5_vI>Cdz4UDl((xl13L7Jp#Ynr54Ud=5@mo!P+q)nPW1dA81 zDg(jmK$u=Uh^Qw;h3RgJkJ}D|fg-3V9>j^VU-0qm9{zXe#`(Eh!#Y_X}v| zPi!`}b%%#XG$T3^!K#SD&g2$M0KTeNL%X~Z@QqB71OqDuWk;xp-9V2emWzhPh=Xf- z1||&vTFw~=hQVY`GmvU)g%lW&rAOtl1XD;`C`69c#06)LG&Pj2#WFG=-4zNjFo}qj z9-mGoDyaqTYzA}5umy&)=dx`X%*;A$kNTRDCi_I}XHbk_cn+K*Tz;IRdJ*MM=_V!W zrot!F)rj|p1tF|*BcdgyoWjGTtak=|#G3;Ctc@!0bYUcEl=wdGmb|iWX><`pwWyspKyFajkF@wg15G9uA#b>9C98l@OYypa zjEcDBmR!7|TH;_%ORy<=S;CNfnt1>OK{?!1>jRm@`r}y-@0xT37Mxlo?4TZNcp6`1 z$FkBBX+pkK1b&-WuU$Wty)5m1yzp$1TKx9-_42)~yHAe=@q=~S{(k)DoBI#dz3s-I zbIA{`erxl^^Ys%OOGmIPpFXtqE-##U_jUXBlhYf&&VIh5Z{6I4zAU_5d-Qkb=z;gI F{sXf+(!T%z diff --git a/secrets/hel1-a/synapse/macaroon_secret_key.age b/secrets/hel1-a/synapse/macaroon_secret_key.age index 132f06b5f65690e9f142ab00b9a61d2c248e3644..54b14eca0a9f9e0864452a5e96e3ae9f58772f82 100644 GIT binary patch delta 628 zcmWm9O>5I&003Zw?UIWJ5gCXS5k1tBk2Y=MK}qwbYx?G(xMZ`^YVORV|wVWPt#b< zrDtggH#FEK4anD{zF{llq#HYBnFEA`A-If|bKjL^12RW%HHDigLtV^V0!fviBns+&l*M2MH{QJX^Z<)P|?X_-=TQ#5TQ zxH<)o_O8CkShD6^<7z&JnXaKC;KflYq$YUcr&42QcS5)z;j(@m663}g#d|i92s8B45nt!H<2I)P-~O; zY${l)KdllPP$S=GMQ2WAD`rFQ!wN^Mpg2xfMw*N__<+qS5?|?c6T8OgO=Mz(aKH|b zOeT}k#2BbNkI{^7c_opl#JXO$fZJvycEIIoN-*S^mal;zO9$rXz06Cz z@@nyJu@PN4xUu!~z4cxAah(xXHa~^%!=se}{_Vkq<->UY&i?Y=?#|BJXV>oEo8udg lw|Bp6?>&E*Uwl0}b0nWX<=nk}vVS=J_xje^#mzr2{sSWD;4%OJ delta 584 zcmWlVO=#0#06-n6ha9|35HFqh1IE&PNz)`Ugfz`hmv&v+Z*4jcGflE|-`X`z(q;)t z#nV6-f(I2rLGYq7MA$`{;P9Xx1~O3;Jj{dWLGU7D;?(W-ZjblwAK2c1?aZL6spC>M z)^h3?68jNM=@P71HcC}GRxyy_c!$7~>4MpyTM59BCgLAA|glvGDWMLy*? zR)7%M?iRS95NcTRTtX*l8gK~!Sx|I)Y|WMgHtYLp9+_i8z21hiPIW-C)I1Z>8adHq z$|BY&OHipORLu~4BbQs?2r8V)iKShX8Go|1z<{pF=`p)t?kU{ae$plBOahNcITa@O z0D*2+wMwq3&8DpYTKNJ|5LJZ}9M2rr>x_gdVx}?CPFFCS2ihss&oik!UUG8r>C&F+PqWlkg=&o+EJF&#HK zYz$6;un~wwvE=wOy)ZYE_6GFs)?_k~cFDQERqnKnQd!}7V{XPq8cEDco|$pom=lz~ z6vsptw?%Ai^zF*a^OcQP)Aycky?OHYrhIhYMS87fe_7pnjo*59_;>R5`+r|=oWAfN zbL5KV9Q%0H+`P0ta_2*|^mymFIyb4I&ASy9^J*SV)}(2hrZ8udX3g?%)1*zGDjhqB z7hyw0ya`ip3hH53MFtZQgna>#9d`0A2$Ow+AHSbxj!$phnAM^Nr^vA{7h82LPj^Fi zR5H>XcB(cgcN}9rR$OKU++~?86evAlk41%b@{XqxXe40DfN%oBPPlU1Wf`_;0g#eS zsRAK);2K7fXbx^inJ{w7AQ1`ySFL9ZK06dWnhrF@ZqFobNO7Q#7g}MZYCr|j>*RW( zq@{ecC{zThA*QUl4}4b5C8SRiRyRpUQ(23_2@$Oikq9FxI5ok<^ay4K%R?Vu$JBr+ z1fwZ0Ps|`T(Tv>b_(q!b^tEnA4m3OVS{cY~@x?`;)%C8-x|3!tAe%G^I$q3yL@`Cx zFf7-keFYd!|Cw>>;tbDIz42&h=w-JAc&lxfC-O9OLaQld4N&Dvgl9+%j8=37LP6h} zh6!3KP;r^c2fVzT>*l$&TRh zqm`l!ucm3VVnG#h=9&ZA?d2EMx`ynS|V{)qhyQP=-I**y5Qd*S%Q+`)KZ|J#~=>(lKw F{{h~(%S8YH literal 720 zcmY+-yNlCs007_{&LyXy2)YKHG}OGBOM|E+m$a8xA4%FYg&UIe*Yus_mo|?B5pi)+ z+(Zx+#6iJ9+*Hs>2Nyw95Cjo)5m6jO9hAe#?;rTw0F=Pohefm)h4W(}4DgghN+;1I z8J0kwVi=M`Q*qoF1SsAjy*P_W%cyHp9IGyJI`DF4TeFfzS6D(dbCz~e>t?)z6r162 z;E!MvHB}jO%tD>obOdFaNEZ{cg9ofy3)E^Wk1?qKca7_DpXO0MCDpD#*QPdsS$aC- z^=V*gV&Yv3PwbL)5A*DHX1@bsY{`;FxVDS zDwWW>%hYuiX4rJh6r78fXP8gp60ZR;35jjDx1lno$tm`zjoe&)bmjIyhu*Ec{M?M+WMB8a megOA8T`SICO}?EYv$c<>;}fqAo9}OJ&F+6k4!*4&SosTA5cnbh diff --git a/secrets/hel1-a/turn/static_auth_secret.age b/secrets/hel1-a/turn/static_auth_secret.age index af7b896..40ab080 100644 --- a/secrets/hel1-a/turn/static_auth_secret.age +++ b/secrets/hel1-a/turn/static_auth_secret.age @@ -1,14 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 vDjOfg DGeT72n4VsH43Ns9yEnxfgy/uYKynfQGUzAtDPf+2mU -LPe1Uwll/Ee//jfjz4jRryl0Fej3jyev6QnYAtcEGD4 --> X25519 LYVUZF8IQa2pfNevLpSI26VfzRe4wlMy23FeTIH9eVQ -HYXSzjCz7aeMm2BzGrD96m0CbWjLH/XYskhMNYtbX4g --> piv-p256 +y2G/w AqE+qszNsNVu365Jq5MwieKVzPG2rAYMrO1bOF2z7Wh/ -KUdsBS22jiqWPB+9PoNSugsOKRk5PnFacCoRI05dnRg --> piv-p256 jNqd3A A+sbeoWSbRRLu2mtTWPX/DJHjB19j7T7TR33zP0tqK3M -WCsLFXjWeDBNEnBwITpjAQz2HJjcv46YFO9OSB/0psc --> -.}!Z;^n-grease K -fpu7Uos5Lia2hiTlW0SixCdyJP4FXRmmeHP5ufJGbk6qy972vmOeacC4M6/6Ck6h -eex4qQEs2epkNf0tsYvfeA ---- b54YQan0Bm8INDPrhn8N9LIt41/yGKQ8HeStn2Wqf5Q -_b6!NP%Ep'pp,VȊe6E \ No newline at end of file +-> ssh-ed25519 vDjOfg 7IvjFsGDpA0Y7YQzvK1LKv97Aytio3P8QK6kP3zVoh8 +/HZv5HmuXHpJvB8qBUSmJ2qEqPDV4dIzUjQuEC5yKIU +-> X25519 n2ZwLm3NBIPJ8fG67O292YwQgMfMrOpMsfD9fvVKAEg +Wj5y+8NuPl5VtyzLAt2qk3qY44cxqfr7IknpK8jzAMs +-> piv-p256 +y2G/w A8uQrdSqZAQQxlPUCpeJIR4vwmG3raRCi1Es2ORARLXl +G4bx1broyBxj7ARPQ3uOnzD9lrxTi8wRTW6h71SVmz4 +-> piv-p256 jNqd3A AiclfkktevGeKEIhwiAl0oghZEGeA58GBm+kWlD98ev4 +Y1Gu7nDRipmXehp1uYiGhCLRo0gt06+AIZYZ6ZkF7UE +-> ;\NX'-grease 4{cJ&fP +5oT1NHoPUeN6JtDhuGYhtE/Jipo6u5qRTdLJCpWZGZ2PBnQ +--- DaaAQQvDPetK5SpVDe5BehckkP7HgdQQdHKB7IBa1rs +8 ,1dҏj% ZrdwA]CWAݕ*JЊ`Q(I \ No newline at end of file diff --git a/secrets/hel1-a/zfs-passphrase.age b/secrets/hel1-a/zfs-passphrase.age index a12f1f7..5c4bc50 100644 --- a/secrets/hel1-a/zfs-passphrase.age +++ b/secrets/hel1-a/zfs-passphrase.age @@ -1,13 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 gJrHQg DsQM1OiPx2mZ5zCIoWhswaXAruIyjeYvDT/NpCfQang -ExnIjettDSsT1BhtrOiuKTHmkuG1UH2oJVFvtaxcskI --> X25519 cOjSCW3bPvgvXwZ+OGhYqmuuzTyBG5D0EUA9aSPIABE -7dzr3eQjQcF3buVLfn66yiv4Oo8gVATjngSn3JtYiEA --> piv-p256 +y2G/w A9mCDRKigSM1Bjz5UfNn6pCge9Ifip1qEuSi8oXrqxFR -v7VYoxTUZhVwjvo6HwGuLwppz808rVadQV+uSTisKc4 --> piv-p256 jNqd3A A+IpWq0hEn3lvkXGhdA4HwzOf7qMUfP8h2Ulyw6RJWr2 -VKT5WZBnNscxcu2Bv3JyvRzzs9C1PwrrdHOW4mwJbg4 --> c[,kV-grease -V6pw1EYTT8KqLcGIVKZWTAGr5gjj1J3O6+jElQ ---- rU4We/c5iA84jdP6PP46PtDHPv2hFUnKIQd7d8C2AR8 -F;D`A ΁cHѝV oJ9y_ZNڌo/+ijF ssh-ed25519 gJrHQg mQiy3u+UMFfs61WPlbo0OHqLxahWNfpYACeYIo267BA +TW0fW13NrjYjj3iwckwEzXjIx6IIckCh5r+UHw8Ij3I +-> X25519 rt/IGRSKAZ5ZkGv0pWmhj86+Uq9e2GXAmIv+HBZ2ZHI +C1j2j2U+HCko+ohp1gOY4Ng70pE3gOS6REm4/PQzB60 +-> piv-p256 +y2G/w Al/4EHKxjWqlWu15ijrzuh9wMq5VMiVP/W7Le4XxzV33 +X1kHLFt0LrGJkVNS5Jb2s/mYzoNgLye6Cxi8uu9lGLM +-> piv-p256 jNqd3A Ak1e2RkiQSLkIdP2GVE4P59DZ0I5eSdVD+bxpsezr3d4 +9aZR3+vmaOs3SH/i3ZOjl03VBwYvYByPiqLRJsHztVM +-> #iyKy*r-grease I~l K,!{* +36alLYkZaIJjAYgaw62ulNfYAj8b8Q0 +--- 0E+LmPXzbCtwllF5uDoIEkYI/qMLWdmfLwdtY1/iYqs +t $nM R8fjg.6$WvW=aP@$ yq' z \ No newline at end of file diff --git a/secrets/motiejus_passwd_hash.age b/secrets/motiejus_passwd_hash.age index 35c446456ab831bc8b5995b0ad8428861abdaa3b..b3d26a223f6fc335d344e7ce28461f5b419d7477 100644 GIT binary patch literal 862 zcmZ9{ON-+K003ZEQ8cTJjLc!tUBe!nkxVve+9a(5LNa+ZnIzLBO_S)sv}yBdlIGE* zt&0pOvYvdP?m-a5qYpf};6*QkdiSs=J&btpAgnkdq9B7O{RJPN>rdfnIw{tRD$LRw zS>Ypf3xJ;m%QAqc9){zs9#}JxI`hFXZ^ny2ElV3wMc-U;YoVoAN)V##@gNK%rei?d zl4p{n0lai5>vRXNScfW_)c~5NG$W1EyrLvb>#_r3V-LH>6Nn zbbJl(A~I>GT}-~vtbbdMLAlP6%KG?Hvt)(BN&;~`LpDlnwbleu@wiztECkh@04i-_ z$|kh38aH#xam;=k3fj8k&4wCcwwpGqCsDbuM#$hoScEmaz;FVD))bZp`rY_|UVaR5&Iu2QgW|NffUB)j#IM^s*%i$EShxFPkUU6At4eAYBjX`U9+Wi)Xkv) zl$^WDA!yOBUB?zJN!AoyQd*WgCw;EJnI1D^|{@>k?zdwD~{_CR$-~aaYx1cwR z8xQO~xpnimm;a8&p*8S!V_D!h(CV(>b*~2 zJZe7sVSDRD-@AGH>Z|sp@3tSYZe4q5eC=eX_2>sboqzq>-j#b_+Gpo)KYj(-fBNB1 JuD>!k`3E^CA~pa3 literal 831 zcmZ9|%ZuCu0Dy5Ro^mLP2R$eoD(;}^bSBx!3q?rgkz^*5Y&OpsFU{ngOdgZxWDZ3< zsD~;dD0q>j2M;1H2%-lmDp24M^x;i6gS!*SGSymiIz^5XxRH_che1KY~gJl-et z;TBR@{BV*=6Iv@*xsDk_qDl!KQEip9vDN}uXts6(VPUD|gp{^g+RD7)v;)RBUP0N&KFEW5we1^e3sD#RceE|E-zzW7-Ks`Ry@vDAS-qx;N;7@zptJ;119T z-Lp6DMJM*Fr=Jk!$@RCQJ0Cr=|I^3D-nGRdb36CXFE2p1pSY<0VGH={uU+K#-rLXb zU;X)A>H4kHQ~jH#n+mvT-0d76?FG-j|L{TQ-f!n`9DgnU^4F~w-+uhZcYeM4+@mj? hi=TPy(o=ylvx9+vI6}G-;ls`O(JV zUA=e^k=MP71AX-@Ud9-*gWy44d=&&e3_&~yii6>X2T`}v_7{Bk@|~E7Knp!wUgXqJh>R<-0Wl7MYN=m0*%0u#-H+W$4P6&~xE`4F^g zAkvJepkT2t`_xKzy40i&q|Ac;u-A%abUZehNThPSjT`|?1H?#jyjASDSZuo*)=tOczV}!kTW7X|_*~kd({LI7LdVG;Lvp+>xZ=x?wE4u};l_0RHJZDK<7wR|zvjlO@WFgj{bh zIW4K;KE*hdQlY$<`b;O~KTjoyd>B>}M)VZAknrqWo?DPr1GiZkV$|fys>pCXKGoei zopL#DbgOj!?axnN9XNCD>x*ZfU3heV@68|Q-k-Yj&G()$d*bX_JNGtTY@R%L{r6u_ zo$znp_;~$9x_kcFMSShjfis64_wMnlKM~5k;g26LAKkUSJ+!~O^Bs79b02U2a`mr= qkFRaK{1YqOp`GK&ha<0lyYg=P!S)Z&mA`L(wFk!S#^r4P@QY8q#2Iq{ literal 0 HcmV?d00001 diff --git a/secrets/root_passwd_hash.age b/secrets/root_passwd_hash.age index 2055dda80e9eeb5903ace93acd63ac5732e94e1d..cd6b06a6fa1b9444ceef73dcede9457c80ce9b06 100644 GIT binary patch literal 841 zcmZ9{IjiIZ003a|D#GFc3O2ISY8)rYyc|>b++=c2&dFpZlN2jSCdo|ROzz3WdKAJo zVjfJrAwMQZa%FspnYo0Bz2gF*v#SPeU|Q5mR> zhDZkaP}`EP4Koiq5(Frk2#XIR8|C|oX7WF6tD>~}~jENp+V>)>o00#24U=uEIn zBy(JtmD@Ex;-zI~Z(ST;N^yXa89$Z2#WQ<7U2eUkBq?7h<$bIWLtjg z;KIH#Z9;>^aWnMNF(U0W9Cq~1Oo#@cNLI-=JPP@x$P9G48OVjLTT;v6k}^XILQP1I zme+MK|Bn?Z*=k7k$l7Ixv44~tAkBzUM0O*Wg;AIW6{8sMkUq$*Na6bSZCH#F9i}0_ru(G3Lo&`N>Iin0n59! z=#2JLe_islR zzdoJ3a{TFEKd#>X?#8*hz4QE?Z?4??3G~LTSE1zc?!t9!Xm8OZp3f{_u+@ zzdU-E;68rht0#Z{;aEC(;I&8oWM6-}IeF)cUl*Tim!(>N?A?1l{Qk~+Z{3RSd#3;8 l#e=J#UD`eL5&!$?2<)!k0B-(v9(?}F;qja2ZoiCw@HYXHBuD@N literal 793 zcmZ9}NsH590Dxf;3sN@*K@b&!C!y5jOPWlgqnNalr88-#ZJMS<7}6y3b<4iAi6DZ5 zf(u^s;?0{!@gj)3XHPnwL`B4-;6?D@GAelR7d*VYI<$(GV+5%e4PED`8$dJx`Qk|= z3;`qyd{?> zg9c=z3A8iMOv;_50f)*Jwx(vL7zRekSRrwm;|GoZHCPSA21K%eiR=p36$Bn_McTM0 z$2f4}0#$NQ0A^H-PffSx3gwQQZ)B|*p3?rHQC;yQrJeMnkXkG8v^K9y)QonmL2pT= zSr?UmYueu|gCC4*IBHZDM;X^Ip|oVScrlK;q!+cc@iK@(lXP3-juz(mc}d1FiD7z8 z7{^VgI`SYZ^>lwWUTLtItWt_pjz-JIX8We#4U?jWlN3@&aRHqoY$DNorS7(|C7=V( zRYNYY#A;Hr@NVC#q9LdwWP%QavJP~cp#E5A#UczWJ+u(Jyo$tqcmhe0yDi@@-noH2dNtg8efz1o>)URvOVaW^ zbK~aS6E}pP7aw=t_H$dk^vA>d4-V|!@xwXO^>dx)A2!bI&tBhuvi0MGU9Ok=eDZ6~ u$X&X$fBnGuPh~84apvV*>&~~Y3rFxpW$uEGnd|# ssh-ed25519 vDjOfg yX0zrlNsaJBSf3PqD4ccm/9z5tQhv5d7vbGQbITKNGQ -1adV8hkhSTQPSlPuKQypvWPAcker/kjObBxDfos6x2I --> X25519 TASHTwnBupJ72eFuJs4Oph68Js31AyjtpXcHDR8xKl8 -/181mos15wmANSJwo5QPZRUAx3vFoZ4wPpimbIfvC4o --> piv-p256 +y2G/w A09p8H96e0/FfHSTajYQZTvSYXwT7EvzFf1qVZtdwsax -Mgkl6t5uDGN8cYVoDXjEYB+RxeXyyLsZrWvGP7KMCNc --> piv-p256 jNqd3A A3Rh+tYvU/vfS6+2GXyOOM3auOu4KfXWFhyvyXgojBbf -l0whgIauEX31OqPyDMTZ2OLUBOzPVFSVnjxbYu7JeSE --> cD-grease u8 9nH (N(2JYW 'd -mAo1sjuzyaHtnQhYLApV9g ---- QcxzgeZhzogykC09MKj4VMVOZdq6i8N1OOcFf0nkABc -k{n/c8 gQ~1vq{sōO \ No newline at end of file +-> ssh-ed25519 vDjOfg DSA11LD9kTPJXL6q7ezsCRMlN3QBgcEA+i7PpYbn1HM +002pudzzJdq69RLzbnmEu1uXaF578FCwpUEUeQvrE1I +-> X25519 k+nrZinBJQOsxyUC/qw+UQ4F0EFxs4Dt2oPvHMwguS4 +zEYUmyjLq5gU9M0sTx2CVLMTaiLXw6O1f6kWz6tG01g +-> piv-p256 +y2G/w AnR7AVB8k5lZ+6DuqVvT+6tR9rw24Z7GZ15wlIWAakMq +1bvu/AJ9DkZ1cgL1crnhH8gi5SkE8hW4sjVNWw6znBc +-> piv-p256 jNqd3A AmqhEzPN6+LvtcYHlF26ygzX3lgdNY8alH5SHECivjnq +jb/Iv7sHqn3FCBgH65YoKsIE0GT390Zrki5mPN2NRyM +-> ]IKx--grease +0ZRby4OvsWGHVKCIhG27byA9hQw2a1xgQQgxrYy8QbxvmcY97+zbYY4nYThDUsA8 +/oJsg5IfHI3ukFzek3SoLw +--- ceQ+78jo/wEnqKEzoDo3dYvkISTigadwZ/R9U9e0Z5U + ]Sr9lP E?f(kvZڕOd =ug \ No newline at end of file