From a6298ab5fb91a4fe5ab51164c26b894de3b8a875 Mon Sep 17 00:00:00 2001 From: Malte Tammena Date: Mon, 15 Jan 2024 14:57:13 +0100 Subject: [PATCH] feat(faunus-ater): split into modules, fixup nginx access from local network --- hosts/faunus-ater.nix | 343 +------------------ hosts/faunus-ater/modules/gogs.nix | 57 +++ hosts/faunus-ater/modules/home-assistant.nix | 47 +++ hosts/faunus-ater/modules/hydra.nix | 108 ++++++ hosts/faunus-ater/modules/komga.nix | 30 ++ hosts/faunus-ater/modules/mealie.nix | 51 +++ hosts/faunus-ater/modules/nix-serve.nix | 41 +++ hosts/faunus-ater/modules/paperless.nix | 47 +++ hosts/faunus-ater/modules/photoprism.nix | 66 ++++ hosts/faunus-ater/modules/timetagger.nix | 42 +++ hosts/faunus-ater/modules/trilium.nix | 32 ++ secrets/hosts/faunus-ater/secrets.yaml | 29 +- secrets/pub/cache-home.crt | 11 - secrets/pub/cache-tammena-me.crt | 12 + secrets/pub/config-home.crt | 11 - secrets/pub/config-tammena-me.crt | 12 + secrets/pub/doc-home.crt | 11 - secrets/pub/doc-tammena-me.crt | 12 + secrets/pub/eat-home.crt | 11 - secrets/pub/eat-tammena-me.crt | 12 + secrets/pub/foto-home.crt | 11 - secrets/pub/foto-tammena-me.crt | 12 + secrets/pub/git-home.crt | 11 - secrets/pub/git-tammena-me.crt | 12 + secrets/pub/hydra-home.crt | 11 - secrets/pub/hydra-tammena-me.crt | 12 + secrets/pub/listen-home.crt | 11 - secrets/pub/note-home.crt | 11 - secrets/pub/note-tammena-me.crt | 12 + secrets/pub/read-home.crt | 11 - secrets/pub/read-tammena-me.crt | 12 + secrets/pub/time-home.crt | 11 - secrets/pub/time-tammena-me.crt | 12 + secrets/pub/todo-home.crt | 11 - 34 files changed, 664 insertions(+), 481 deletions(-) create mode 100644 hosts/faunus-ater/modules/gogs.nix create mode 100644 hosts/faunus-ater/modules/home-assistant.nix create mode 100644 hosts/faunus-ater/modules/hydra.nix create mode 100644 hosts/faunus-ater/modules/komga.nix create mode 100644 hosts/faunus-ater/modules/mealie.nix create mode 100644 hosts/faunus-ater/modules/nix-serve.nix create mode 100644 hosts/faunus-ater/modules/paperless.nix create mode 100644 hosts/faunus-ater/modules/photoprism.nix create mode 100644 hosts/faunus-ater/modules/timetagger.nix create mode 100644 hosts/faunus-ater/modules/trilium.nix delete mode 100644 secrets/pub/cache-home.crt create mode 100644 secrets/pub/cache-tammena-me.crt delete mode 100644 secrets/pub/config-home.crt create mode 100644 secrets/pub/config-tammena-me.crt delete mode 100644 secrets/pub/doc-home.crt create mode 100644 secrets/pub/doc-tammena-me.crt delete mode 100644 secrets/pub/eat-home.crt create mode 100644 secrets/pub/eat-tammena-me.crt delete mode 100644 secrets/pub/foto-home.crt create mode 100644 secrets/pub/foto-tammena-me.crt delete mode 100644 secrets/pub/git-home.crt create mode 100644 secrets/pub/git-tammena-me.crt delete mode 100644 secrets/pub/hydra-home.crt create mode 100644 secrets/pub/hydra-tammena-me.crt delete mode 100644 secrets/pub/listen-home.crt delete mode 100644 secrets/pub/note-home.crt create mode 100644 secrets/pub/note-tammena-me.crt delete mode 100644 secrets/pub/read-home.crt create mode 100644 secrets/pub/read-tammena-me.crt delete mode 100644 secrets/pub/time-home.crt create mode 100644 secrets/pub/time-tammena-me.crt delete mode 100644 secrets/pub/todo-home.crt diff --git a/hosts/faunus-ater.nix b/hosts/faunus-ater.nix index d460fd6..5a9b2df 100644 --- a/hosts/faunus-ater.nix +++ b/hosts/faunus-ater.nix @@ -6,23 +6,21 @@ ... }: let sopsPath = key: config.sops.secrets.${key}.path; - - mkVirtHost = certificateName: - lib.attrsets.recursiveUpdate { - addSSL = true; - listenAddresses = [vpnIPv4 "[${vpnIPv6}]"]; - sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../secrets/ca.crt); - sslCertificateKey = sopsPath "certificate-key-${certificateName}"; - sslCertificate = pkgs.writeText "${certificateName}.crt" (builtins.readFile ../secrets/pub/${certificateName}.crt); - }; - - vpnIPv4 = config.state.vpn.ipv4; - vpnIPv6 = config.state.vpn.ipv6; in { imports = [ inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only ../modules/nginx-reverse-proxy.nix ../hardware/asrock-z370-i3-black-box.nix + ./faunus-ater/modules/gogs.nix + ./faunus-ater/modules/home-assistant.nix + ./faunus-ater/modules/hydra.nix + ./faunus-ater/modules/komga.nix + ./faunus-ater/modules/nix-serve.nix + ./faunus-ater/modules/mealie.nix + ./faunus-ater/modules/paperless.nix + ./faunus-ater/modules/photoprism.nix + ./faunus-ater/modules/timetagger.nix + ./faunus-ater/modules/trilium.nix ]; config = { networking.hostName = "faunus-ater"; @@ -52,36 +50,6 @@ in { cpuFreqGovernor = "powersave"; }; - # === Git.home, because everything else sucks === - services.gogs = { - enable = true; - stateDir = "/data/dirty/gogs"; - appName = "Malte's Secret Git Stash"; - cookieSecure = true; - database.passwordFile = sopsPath "gogs-database-password"; - httpPort = config.state.services.git.port; - rootUrl = "https://git.tammena.me/"; - domain = "git.tammena.me"; - # FIXME: Remove after upstream fix of database type - extraConfig = '' - [database] - TYPE = sqlite3 - - [auth] - DISABLE_REGISTRATION = true - SHOW_REGISTRATION_BUTTON = false - - [server] - SSH_PORT = 22222 - ''; - }; - services.nginx.virtualHosts."git.home" = mkVirtHost "git-home" { - locations."/" = { - proxyPass = "http://${config.services.gogs.httpAddress}:${builtins.toString config.services.gogs.httpPort}"; - proxyWebsockets = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; virtualisation.podman = { enable = true; @@ -97,260 +65,6 @@ in { }; }; - virtualisation.oci-containers.containers."timetagger" = { - image = "ghcr.io/almarklein/timetagger:v23.2.1"; - ports = ["5873:5873"]; - environment = { - TIMETAGGER_BIND = "0.0.0.0:5873"; - TIMETAGGER_DATADIR = "/root/_timetagger"; - TIMETAGGER_LOG_LEVEL = "info"; - TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm"; - }; - volumes = [ - "/data/dirty/timetagger:/root/_timetagger" - ]; - }; - services.nginx.virtualHosts."time.home" = mkVirtHost "time-home" { - locations."/" = { - proxyPass = "http://127.0.0.1:5873"; - proxyWebsockets = true; - }; - }; - - virtualisation.oci-containers.containers."mealie" = { - image = "ghcr.io/mealie-recipes/mealie:v1.0.0-RC2"; - ports = let port = builtins.toString config.state.services.eat.port; in ["${port}:${port}"]; - environment = { - PUID = builtins.toString config.users.users.mealie.uid; - PGID = builtins.toString config.users.groups.mealie.gid; - ALLOW_SIGNUP = "false"; - TZ = "Europe/Berlin"; - BASE_URL = "https://eat.tammena.me"; - TOKEN_TIME = "8760"; - }; - volumes = [ - "/data/dirty/mealie:/app/data" - ]; - }; - users.users.mealie = { - isSystemUser = true; - group = "mealie"; - }; - users.groups.mealie = {}; - services.nginx.virtualHosts."eat.home" = mkVirtHost "eat-home" { - locations."/" = { - proxyPass = "http://127.0.0.1:${builtins.toString config.state.services.eat.port}"; - proxyWebsockets = true; - }; - }; - - services.nginx.virtualHosts."todo.home" = mkVirtHost "todo-home" { - locations."/" = { - proxyPass = "http://127.0.0.1:7372"; - proxyWebsockets = true; - }; - }; - - services.nginx.virtualHosts."config.home" = mkVirtHost "config-home" { - locations."/" = { - proxyPass = "http://127.0.0.1:8123"; - proxyWebsockets = true; - }; - }; - virtualisation.oci-containers.containers.home-assistant = { - volumes = ["/data/dirty/home-assistant:/config"]; - environment.TZ = "Europe/Berlin"; - image = "ghcr.io/home-assistant/home-assistant:2023.9"; - ports = [ - "8123:8123" - "1400:1400/tcp" - ]; - extraOptions = [ - # TODO: Fix the path of the zigbee controller using udev - "--device=/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0" - "--device=/dev/ttyUSB0" - "--cap-add=CAP_NET_RAW,CAP_NET_BIND_SERVICE" - ]; - }; - # For SONOS - networking.firewall.allowedTCPPorts = [1400]; - - # === HYDRA & Friends. === - services.hydra = { - enable = true; - package = pkgs.hydra; - notificationSender = "hydra@home"; - hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}"; - minimumDiskFree = 10; - useSubstitutes = true; - }; - services.nix-serve = { - enable = true; - secretKeyFile = sopsPath "nix-store-signing-key"; - # FIXME: Remove once fixed upstream - package = pkgs.nix-serve.override { - nix = pkgs.nixVersions.nix_2_12; - }; - }; - # Build on other machines aswell if possible - nix.buildMachines = [ - { - hostName = "localhost"; - maxJobs = 4; - speedFactor = 1; - sshKey = sopsPath "hydra-overseer-key"; - sshUser = "hydra-minion"; - systems = ["x86_64-linux" "i686-linux"]; - } - { - hostName = "helix-texta"; - maxJobs = 4; - speedFactor = 2; - sshKey = sopsPath "hydra-overseer-key"; - sshUser = "hydra-minion"; - supportedFeatures = ["kvm" "big-parallel"]; - systems = ["x86_64-linux" "i686-linux"]; - } - { - hostName = "murex-pecten"; - maxJobs = 4; - speedFactor = 4; - sshKey = sopsPath "hydra-overseer-key"; - sshUser = "hydra-minion"; - supportedFeatures = ["kvm" "big-parallel"]; - systems = ["x86_64-linux" "i686-linux"]; - } - ]; - # TODO: This doesn't seem to work - programs.ssh.extraConfig = '' - Host * - StrictHostKeyChecking accept-new - ''; - nix.extraOptions = '' - allowed-uris = http:// https:// - ''; - systemd.services."hydra-initial-setup" = { - description = "Setup hydra admin password once"; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}"; - }; - wantedBy = lib.singleton "multi-user.target"; - requires = lib.singleton "hydra-init.service"; - after = lib.singleton "hydra-init.service"; - environment = { - inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI; - }; - script = let - hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user"; - in '' - if [ ! -e ~hydra/.setup-is-complete ]; then - # create admin user - ${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1 - # done - touch ~hydra/.setup-is-complete - fi - ''; - }; - services.nginx.virtualHosts = { - "hydra.home" = mkVirtHost "hydra-home" { - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}"; - }; - }; - "cache.home" = mkVirtHost "cache-home" { - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}"; - }; - }; - }; - - # === PAPERLESS service, save me! === - services.paperless = { - enable = true; - address = "0.0.0.0"; - port = config.state.services.doc.port; - passwordFile = sopsPath "paperless-admin-password"; - dataDir = "/data/dirty/paperless"; - extraConfig = { - PAPERLESS_CONSUMER_DELETE_DUPLICATES = true; - PAPERLESS_CONSUMER_RECURSIVE = true; - PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true; - PAPERLESS_FILENAME_FORMAT = "{created_year}/{correspondent}/{created_year}-{created_month}-{created_day}-{document_type}-{title}-{tag_list}"; - PAPERLESS_OCR_LANGUAGE = "deu"; - PAPERLESS_URL = "https://doc.tammena.me"; - }; - }; - services.nginx.virtualHosts."doc.home" = mkVirtHost "doc-home" { - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.paperless.port}"; - proxyWebsockets = true; - }; - }; - - # === Komga, for my reading needs === - services.komga = { - enable = true; - port = config.state.services.read.port; - stateDir = "/data/dirty/komga"; - }; - services.nginx.virtualHosts."read.home" = mkVirtHost "read-home" { - locations."/" = { - proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}"; - proxyWebsockets = true; - }; - }; - - # === Trilium === - services.trilium-server = { - enable = true; - port = 10302; - dataDir = "/data/dirty/trilium"; - }; - services.nginx.virtualHosts."note.home" = mkVirtHost "note-home" { - locations."/" = { - proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}"; - proxyWebsockets = true; - }; - }; - - # === Photoprism === - services.photoprism = { - enable = true; - port = config.state.services.foto.port; - address = "0.0.0.0"; - storagePath = "/data/dirty/photoprism/storage"; - originalsPath = "/data/dirty/photoprism/originals"; - importPath = "/data/dirty/photoprism/import"; - passwordFile = sopsPath "photoprism-admin-password"; - settings = { - PHOTOPRISM_SESSION_MAXAGE = "31536000"; - PHOTOPRISM_SESSION_TIMEOUT = "31536000"; - PHOTOPRISM_UPLOAD_NSFW = "true"; - PHOTOPRISM_DETECT_NSFW = "true"; - PHOTOPRISM_SITE_URL = "https://foto.tammena.me"; - PHOTOPRISM_SITE_TITLE = "PhotoPrism"; - PHOTOPRISM_SITE_CAPTION = "All the pictures!"; - PHOTOPRISM_SITE_DESCRIPTION = ""; - PHOTOPRISM_SITE_AUTHOR = ""; - }; - }; - # TODO: Why does it not work without these? :/ - systemd.services.photoprism.serviceConfig.User = lib.mkForce null; - systemd.services.photoprism.serviceConfig.Group = lib.mkForce null; - systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false; - systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce []; - services.nginx.virtualHosts."foto.home" = mkVirtHost "foto-home" { - locations."/" = { - proxyPass = "http://${config.services.photoprism.address}:${builtins.toString config.services.photoprism.port}"; - proxyWebsockets = true; - }; - extraConfig = '' - client_max_body_size 800M; - ''; - }; - # === Restic User Backup === services.resticConfigured = { enable = true; @@ -381,43 +95,8 @@ in { # === RUNTIME SECRETS === sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - sops.secrets = let - nginxSecret = { - owner = config.users.users.nginx.name; - mode = "0400"; - }; - in { - "certificate-key-config-home" = nginxSecret; - "certificate-key-todo-home" = nginxSecret; - "certificate-key-time-home" = nginxSecret; - "certificate-key-hydra-home" = nginxSecret; - "certificate-key-cache-home" = nginxSecret; - "certificate-key-doc-home" = nginxSecret; - "certificate-key-read-home" = nginxSecret; - "certificate-key-note-home" = nginxSecret; - "certificate-key-foto-home" = nginxSecret; - "certificate-key-listen-home" = nginxSecret; - "certificate-key-git-home" = nginxSecret; - "certificate-key-eat-home" = nginxSecret; - "paperless-admin-password" = {}; - "photoprism-admin-password" = {}; - "nginx-cert-key" = nginxSecret; - "nginx-cert-crt" = nginxSecret; - "fritzbox-exporter-env" = {}; + sops.secrets = { "internal-restic-password" = {}; - "nix-store-signing-key" = {}; - "hydra-admin-password" = { - owner = config.users.users.hydra.name; - mode = "0400"; - }; - "hydra-overseer-key" = { - owner = config.users.users.hydra.name; - mode = "0440"; - }; - "gogs-database-password" = { - owner = config.users.users.gogs.name; - mode = "0400"; - }; }; # All services that run here, that should be exposed need to be exposed on the VPN diff --git a/hosts/faunus-ater/modules/gogs.nix b/hosts/faunus-ater/modules/gogs.nix new file mode 100644 index 0000000..d74741c --- /dev/null +++ b/hosts/faunus-ater/modules/gogs.nix @@ -0,0 +1,57 @@ +{ + pkgs, + config, + ... +}: { + services.gogs = { + enable = true; + stateDir = "/data/dirty/gogs"; + appName = "Malte's Secret Git Stash"; + cookieSecure = true; + database.passwordFile = config.sops.secrets."gogs-database-password".path; + httpPort = config.state.services.git.port; + rootUrl = "https://git.tammena.me/"; + domain = "git.tammena.me"; + + extraConfig = builtins.trace "Has upstream fixed the database type for gogs?" '' + [database] + TYPE = sqlite3 + + [auth] + DISABLE_REGISTRATION = true + SHOW_REGISTRATION_BUTTON = false + + [server] + SSH_PORT = 22222 + ''; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."git.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-git-tammena-me".path; + sslCertificate = pkgs.writeText "git-tammena-me.crt" (builtins.readFile ../../../secrets/pub/git-tammena-me.crt); + + serverAliases = [ + "git.home" + ]; + + locations."/" = { + proxyPass = "http://${config.services.gogs.httpAddress}:${builtins.toString config.services.gogs.httpPort}"; + proxyWebsockets = true; + }; + }; + + # Secrets + sops.secrets = { + "gogs-database-password" = { + owner = config.users.users.gogs.name; + mode = "0400"; + }; + "certificate-key-git-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + }; +} diff --git a/hosts/faunus-ater/modules/home-assistant.nix b/hosts/faunus-ater/modules/home-assistant.nix new file mode 100644 index 0000000..1f42bb4 --- /dev/null +++ b/hosts/faunus-ater/modules/home-assistant.nix @@ -0,0 +1,47 @@ +{ + pkgs, + config, + ... +}: { + virtualisation.oci-containers.containers.home-assistant = { + volumes = ["/data/dirty/home-assistant:/config"]; + environment.TZ = "Europe/Berlin"; + image = "ghcr.io/home-assistant/home-assistant:2023.9"; + ports = [ + "8123:8123" + "1400:1400/tcp" + ]; + extraOptions = [ + # TODO: Fix the path of the zigbee controller using udev + "--device=/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0" + "--device=/dev/ttyUSB0" + "--cap-add=CAP_NET_RAW,CAP_NET_BIND_SERVICE" + ]; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."config.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-config-tammena-me".path; + sslCertificate = pkgs.writeText "config-tammena-me.crt" (builtins.readFile ../../../secrets/pub/config-tammena-me.crt); + + serverAliases = [ + "config.home" + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:8123"; + proxyWebsockets = true; + }; + }; + + # Open ports for SONOS communication + networking.firewall.allowedTCPPorts = [1400 2342]; + + # Secrets + sops.secrets."certificate-key-config-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; +} diff --git a/hosts/faunus-ater/modules/hydra.nix b/hosts/faunus-ater/modules/hydra.nix new file mode 100644 index 0000000..5b8851e --- /dev/null +++ b/hosts/faunus-ater/modules/hydra.nix @@ -0,0 +1,108 @@ +{ + pkgs, + lib, + config, + ... +}: { + services.hydra = { + enable = true; + package = pkgs.hydra; + notificationSender = "hydra@home"; + hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}"; + minimumDiskFree = 10; + useSubstitutes = true; + }; + + # Build on other machines aswell if possible + nix.buildMachines = [ + { + hostName = "localhost"; + maxJobs = 4; + speedFactor = 1; + sshKey = config.sops.secrets."hydra-overseer-key".path; + sshUser = "hydra-minion"; + systems = ["x86_64-linux" "i686-linux"]; + } + { + hostName = "helix-texta"; + maxJobs = 4; + speedFactor = 2; + sshKey = config.sops.secrets."hydra-overseer-key".path; + sshUser = "hydra-minion"; + supportedFeatures = ["kvm" "big-parallel"]; + systems = ["x86_64-linux" "i686-linux"]; + } + { + hostName = "murex-pecten"; + maxJobs = 4; + speedFactor = 4; + sshKey = config.sops.secrets."hydra-overseer-key".path; + sshUser = "hydra-minion"; + supportedFeatures = ["kvm" "big-parallel"]; + systems = ["x86_64-linux" "i686-linux"]; + } + ]; + # TODO: This doesn't seem to work + programs.ssh.extraConfig = '' + Host * + StrictHostKeyChecking accept-new + ''; + nix.extraOptions = '' + allowed-uris = http:// https:// + ''; + + systemd.services."hydra-initial-setup" = { + description = "Setup hydra admin password once"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + LoadCredential = "USER_PW:${config.sops.secrets."hydra-admin-password".path}"; + }; + wantedBy = lib.singleton "multi-user.target"; + requires = lib.singleton "hydra-init.service"; + after = lib.singleton "hydra-init.service"; + environment = { + inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI; + }; + script = let + hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user"; + in '' + if [ ! -e ~hydra/.setup-is-complete ]; then + # create admin user + ${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1 + # done + touch ~hydra/.setup-is-complete + fi + ''; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts = { + "hydra.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-hydra-tammena-me".path; + sslCertificate = pkgs.writeText "hydra-tammena-me.crt" (builtins.readFile ../../../secrets/pub/hydra-tammena-me.crt); + + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}"; + }; + }; + }; + + # Secrets + sops.secrets = { + "hydra-admin-password" = { + owner = config.users.users.hydra.name; + mode = "0400"; + }; + "hydra-overseer-key" = { + owner = config.users.users.hydra.name; + mode = "0440"; + }; + "certificate-key-hydra-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + }; +} diff --git a/hosts/faunus-ater/modules/komga.nix b/hosts/faunus-ater/modules/komga.nix new file mode 100644 index 0000000..9e900a1 --- /dev/null +++ b/hosts/faunus-ater/modules/komga.nix @@ -0,0 +1,30 @@ +{ + pkgs, + config, + ... +}: { + services.komga = { + enable = true; + port = config.state.services.read.port; + stateDir = "/data/dirty/komga"; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."read.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-read-tammena-me".path; + sslCertificate = pkgs.writeText "read-tammena-me.crt" (builtins.readFile ../../../secrets/pub/read-tammena-me.crt); + + locations."/" = { + proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}"; + proxyWebsockets = true; + }; + }; + + # Secrets + sops.secrets."certificate-key-read-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; +} diff --git a/hosts/faunus-ater/modules/mealie.nix b/hosts/faunus-ater/modules/mealie.nix new file mode 100644 index 0000000..c7f659d --- /dev/null +++ b/hosts/faunus-ater/modules/mealie.nix @@ -0,0 +1,51 @@ +{ + pkgs, + config, + ... +}: { + virtualisation.oci-containers.containers."mealie" = { + image = "ghcr.io/mealie-recipes/mealie:v1.0.0-RC2"; + ports = let port = builtins.toString config.state.services.eat.port; in ["${port}:${port}"]; + environment = { + PUID = builtins.toString config.users.users.mealie.uid; + PGID = builtins.toString config.users.groups.mealie.gid; + ALLOW_SIGNUP = "false"; + TZ = "Europe/Berlin"; + BASE_URL = "https://eat.tammena.me"; + TOKEN_TIME = "8760"; + }; + volumes = [ + "/data/dirty/mealie:/app/data" + ]; + }; + + # Create user and group for the data + users.users.mealie = { + isSystemUser = true; + group = "mealie"; + }; + users.groups.mealie = {}; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."eat.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-eat-tammena-me".path; + sslCertificate = pkgs.writeText "eat-tammena-me.crt" (builtins.readFile ../../../secrets/pub/eat-tammena-me.crt); + + serverAliases = [ + "eat.home" + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.state.services.eat.port}"; + proxyWebsockets = true; + }; + }; + + # Secrets + sops.secrets."certificate-key-eat-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; +} diff --git a/hosts/faunus-ater/modules/nix-serve.nix b/hosts/faunus-ater/modules/nix-serve.nix new file mode 100644 index 0000000..fce0dcb --- /dev/null +++ b/hosts/faunus-ater/modules/nix-serve.nix @@ -0,0 +1,41 @@ +{ + pkgs, + config, + ... +}: { + services.nix-serve = { + enable = true; + secretKeyFile = config.sops.secrets."nix-store-signing-key".path; + + package = builtins.trace "Has upstream fixed the build issue around nix-serve?" pkgs.nix-serve.override { + nix = pkgs.nixVersions.nix_2_12; + }; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts = { + "cache.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-cache-tammena-me".path; + sslCertificate = pkgs.writeText "cache-tammena-me.crt" (builtins.readFile ../../../secrets/pub/cache-tammena-me.crt); + + serverAliases = [ + "cache.home" + ]; + + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}"; + }; + }; + }; + + # Secrets + sops.secrets = { + "nix-store-signing-key" = {}; + "certificate-key-cache-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + }; +} diff --git a/hosts/faunus-ater/modules/paperless.nix b/hosts/faunus-ater/modules/paperless.nix new file mode 100644 index 0000000..aec9016 --- /dev/null +++ b/hosts/faunus-ater/modules/paperless.nix @@ -0,0 +1,47 @@ +{ + pkgs, + config, + ... +}: { + services.paperless = { + enable = true; + address = "0.0.0.0"; + port = config.state.services.doc.port; + passwordFile = config.sops.secrets."paperless-admin-password".path; + dataDir = "/data/dirty/paperless"; + extraConfig = { + PAPERLESS_CONSUMER_DELETE_DUPLICATES = true; + PAPERLESS_CONSUMER_RECURSIVE = true; + PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true; + PAPERLESS_FILENAME_FORMAT = "{created_year}/{correspondent}/{created_year}-{created_month}-{created_day}-{document_type}-{title}-{tag_list}"; + PAPERLESS_OCR_LANGUAGE = "deu"; + PAPERLESS_URL = "https://doc.tammena.me"; + }; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."doc.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-doc-tammena-me".path; + sslCertificate = pkgs.writeText "doc-tammena-me.crt" (builtins.readFile ../../../secrets/pub/doc-tammena-me.crt); + + serverAliases = [ + "doc.home" + ]; + + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.paperless.port}"; + proxyWebsockets = true; + }; + }; + + # Secrets + sops.secrets = { + "certificate-key-doc-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + "paperless-admin-password" = {}; + }; +} diff --git a/hosts/faunus-ater/modules/photoprism.nix b/hosts/faunus-ater/modules/photoprism.nix new file mode 100644 index 0000000..4bd57e7 --- /dev/null +++ b/hosts/faunus-ater/modules/photoprism.nix @@ -0,0 +1,66 @@ +{ + pkgs, + lib, + config, + ... +}: { + services.photoprism = { + enable = true; + # Use the port specified in my global config + port = config.state.services.foto.port; + address = "0.0.0.0"; + # Configure paths + storagePath = "/data/dirty/photoprism/storage"; + originalsPath = "/data/dirty/photoprism/originals"; + importPath = "/data/dirty/photoprism/import"; + passwordFile = config.sops.secrets."photoprism-admin-password".path; + # Additional settings + settings = { + PHOTOPRISM_SESSION_MAXAGE = "31536000"; + PHOTOPRISM_SESSION_TIMEOUT = "31536000"; + PHOTOPRISM_UPLOAD_NSFW = "true"; + PHOTOPRISM_DETECT_NSFW = "true"; + PHOTOPRISM_SITE_URL = "https://foto.tammena.me"; + PHOTOPRISM_SITE_TITLE = "PhotoPrism"; + PHOTOPRISM_SITE_CAPTION = "All the pictures!"; + PHOTOPRISM_SITE_DESCRIPTION = ""; + PHOTOPRISM_SITE_AUTHOR = ""; + }; + }; + + # TODO: Why does it not work without these? :/ + systemd.services.photoprism.serviceConfig.User = lib.mkForce null; + systemd.services.photoprism.serviceConfig.Group = lib.mkForce null; + systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false; + systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce []; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."foto.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-foto-tammena-me".path; + sslCertificate = pkgs.writeText "foto-tammena-me.crt" (builtins.readFile ../../../secrets/pub/foto-tammena-me.crt); + + serverAliases = [ + "foto.home" + ]; + + locations."/" = { + proxyPass = "http://${config.services.photoprism.address}:${builtins.toString config.services.photoprism.port}"; + proxyWebsockets = true; + }; + + extraConfig = '' + client_max_body_size 800M; + ''; + }; + + # Secrets + sops.secrets = { + "certificate-key-foto-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; + "photoprism-admin-password" = {}; + }; +} diff --git a/hosts/faunus-ater/modules/timetagger.nix b/hosts/faunus-ater/modules/timetagger.nix new file mode 100644 index 0000000..f562f20 --- /dev/null +++ b/hosts/faunus-ater/modules/timetagger.nix @@ -0,0 +1,42 @@ +{ + pkgs, + config, + ... +}: { + virtualisation.oci-containers.containers."timetagger" = { + image = "ghcr.io/almarklein/timetagger:v23.2.1"; + ports = ["5873:5873"]; + environment = { + TIMETAGGER_BIND = "0.0.0.0:5873"; + TIMETAGGER_DATADIR = "/root/_timetagger"; + TIMETAGGER_LOG_LEVEL = "info"; + TIMETAGGER_CREDENTIALS = "malte:$2a$08$NAbUfqRJhoy/rI9MoAHyNeXNQ2v7mh9zUbcG/naH0W6RkP9cCxfH6,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm"; + }; + volumes = [ + "/data/dirty/timetagger:/root/_timetagger" + ]; + }; + + # Configure nginx reverse proxy + services.nginx.virtualHosts."time.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-time-tammena-me".path; + sslCertificate = pkgs.writeText "time-tammena-me.crt" (builtins.readFile ../../../secrets/pub/time-tammena-me.crt); + + serverAliases = [ + "time.home" + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:5873"; + proxyWebsockets = true; + }; + }; + + # Secrets + sops.secrets."certificate-key-time-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; +} diff --git a/hosts/faunus-ater/modules/trilium.nix b/hosts/faunus-ater/modules/trilium.nix new file mode 100644 index 0000000..52f1d61 --- /dev/null +++ b/hosts/faunus-ater/modules/trilium.nix @@ -0,0 +1,32 @@ +{ + pkgs, + config, + ... +}: { + services.trilium-server = { + enable = true; + port = 10302; + dataDir = "/data/dirty/trilium"; + }; + services.nginx.virtualHosts."note.tammena.me" = { + addSSL = true; + sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt); + sslCertificateKey = config.sops.secrets."certificate-key-note-tammena-me".path; + sslCertificate = pkgs.writeText "note-tammena-me.crt" (builtins.readFile ../../../secrets/pub/note-tammena-me.crt); + + serverAliases = [ + "note.home" + ]; + + locations."/" = { + proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}"; + proxyWebsockets = true; + }; + }; + + # Secrets + sops.secrets."certificate-key-note-tammena-me" = { + owner = config.users.users.nginx.name; + mode = "0400"; + }; +} diff --git a/secrets/hosts/faunus-ater/secrets.yaml b/secrets/hosts/faunus-ater/secrets.yaml index f0aaacd..4756b59 100644 --- a/secrets/hosts/faunus-ater/secrets.yaml +++ b/secrets/hosts/faunus-ater/secrets.yaml @@ -4,22 +4,17 @@ photoprism-admin-password: ENC[AES256_GCM,data:q5hfATh3vUCXMnjiPHw7aoeuaXsxgPg0R internal-restic-password: ENC[AES256_GCM,data:TJvbnuPgrCCRznqHAs7R/WYTgZ+hKiNUnpHTqroNgw9p0w==,iv:JtcaM2bCtZzM91IdkYrmbBhWQ/wWdFzX2fxDGuFIWrY=,tag:5HesBXgxu28QOGYS6WjJdg==,type:str] hydra-admin-password: ENC[AES256_GCM,data:VzZdQDAspirq2Ad5cd3KV3+06966aSEHrXTQ6A0=,iv:06fFTSaH1o+q+PioSbEMU/VutYwj+Jin/wXnAWOiV/w=,tag:cjoPs0oUJ437URwBpE5vVA==,type:str] nix-store-signing-key: ENC[AES256_GCM,data:crx32AFBIwM1AS9aBUzocK6YHWfNqoJuY3N6S4NepuVOYwOj+IgcGc2o1V1rFRyrfAFYo/eok2HE0et1VTVMMgkVLvSuCpH6B+Ehv/EIXZNA4EsvSinLaU0POsDZw6LkmGqX,iv:icNWx1l2j6yHRrby1TbVBXNpKrz9vyqwZ//Vlb0sJzI=,tag:zAg7jl6w8pTlwrG/ENFtvQ==,type:str] -fritzbox-exporter-env: ENC[AES256_GCM,data:8FtqoSCvK6z0Jk7AN0MWGcdBT4h6Xak4BOf4FKkjtisGLE2UYCyh8Gg6IA5gKajuSEhhAV3fhK0QhV/o9BleSQ==,iv:sBfszNAZAtBSTaMqJuKXry+hjUyWeXE3j0jTv8nKQpE=,tag:rbLEnZRRSs1eHsZa4mfOdA==,type:str] -nginx-cert-key: ENC[AES256_GCM,data:uwghAFbTeYMYuyd7deas2BkeQITcADGfYllZvZuFeaMElF3S0ySJ3+F5HwblhRyP1OzIujgxd3xSTkclHqrKrNrADiEkjLalITn1UMRL2EWcEOmLTEZ89K3P9WyEXtPkaPBSrPS0zT4F2JaZ+dlS81svZ2kAokAS7P9v4Pu2g5PJ7vQbgrKdTGMBmcfF82JG/eef6AxGsVbCWJnPeOFd7Qski8LPcd3ZfDua5PofthaKD0Do9BnXlTsKdetLHvzUnS4kt5b5baBr0MF96zpLYLALCuuhicW8nMrfC4uZMjpnEMA++N2czihQWp5wnV1CNZUNkfqQEKhd8r6trKoJqEacHCUsPDvAQ734fGFUYuzW76t5z7QcpvY0ZAKDJGXoWhqAS1QXop9jM5UTGOY=,iv:kR8z7QXGJh72SIezOH90H7FOzW+XzIf5q87Q8nE1rkQ=,tag:XYLJ3IwBUm+XCqMnESfyHA==,type:str] -nginx-cert-crt: ENC[AES256_GCM,data:F0hG8DEhFfA+VlpXIB3dGoo9GGSPELBHjFwYrTkqRFtIrWqaAXguRAR+Su5nTghKnMBPOnp7h5We5+whf2S6V5uPfbVfsWpQ1Q6rQWXtZdCHGhBlB94z/LI7cDIsthwPkdHX9wdAOweu99VzKuftnP30bKVTHK1vGnsxkV24d4CwH6mTrd8zhHdC1fVp3ykZ9+hUmyO/hc9tMgXYSiXcPnpQShPjBXzn23YxYlEKOFDzGnTVqcLrSycdGgpuoXunV4UP4esgjYPL1wJ8kZfAUbJac6iWLgk/UFcpOoYiktKr3pXzatvrZZ0pc1lG5TpfkrH2pGzKV+r0V/PMHI6M409kHWEfR3MyQ3IP9xTIjgohA6BMlsb1fnq2qR0pnwSApqXpuUGf2/DqDjkoV5TLSmQntaWhQt/PFSRe0lhfSrsDBY5Fpf+9DVwTqRhvyDiorrOrcTDY2XVpWY5c3QK2hkRq0+FkIR3qGBCffHZmC5hCvoXg8Bs1lxyEM/CXOXPhaxSwvYttaW7wcEj/E8Npu6Hctl8BjqiBC/ldaRp7qliOsRib77Wd8CwKcFmaGFEYxmkDLhvwHphHF0vDSy1j41KCF8jjKZVfM2kzb6LT6OmEDjPzEACL5Jqr/yrgb89cG29dqTX79UyHBp2OqC2v3Q4fQy3eHJz28asbhUgRZJXj21iUwZOv2xtN6tYfQbSstr0g8916nKasv8tWTXtVFdToBUYTR3mBSWyS8KGujRXEVwOosI5kBXYGMpCpz02HmxSNw1uxcW8VF2ctOi9ou4//xDARLg869OFHb6FgUi7SevAS5ee7yxSwD+wL3+TSQJZLDEv4lQyA3vep41QUKMxe6DsxYRPqD1ev0EWEzrcNXQVK,iv:s1oe8pU0/xZfHfvDUISG5782jx5GzKrbk1o9J/66G2U=,tag:pG1D69y5nWx0v9ohPwSeTw==,type:str] hydra-overseer-key: ENC[AES256_GCM,data:x0rp0SMYvQcbivYFz4H2gyEoQbiVm0kCKmeYu8n2ALPMR10Q0ynOkj16UkfJIVAXnI8j8NhGScBjXWiwxi2WUhZI0r5HiAF+BvBFp1mkcWrP+N5/ulLuR2YS71bJpb5OSiJ4q1F4nmO1Kmhv2rylcQWB1BeKj2WLXsxo2W/J+9wOcJ10BU77vgfpdgE+7W2kVPbaX6C2F85t1wu4mVy9gdSp2U4r7j/+T5ZZ8DFAiHUAhZ8OoVSDuwHj1Ud8siEHff07ACsnQlSO0Xt+1m0hq03gY26LnepzdkFkncb/D9K7NlbWZzVO659fW4262wQ2dJHO7+dIMy4tK4/KdYv5UX3kTK734UEYruRRHRcRcWzLjFq1MpQBAdratCmDHxfuyFa3nkPhO8twqN4b51w0J7stp0uTAD/YF/dmuv0vUFPqbPzH+grGEhfs/qp1vnrDz0G5kj/78jp6IdQP52I2ukEMZ29pz81o9WA6AWrALwgaHG+UPyskSLFNBuY/Mux+kXCZ+rZtsLqiEp1PIt1vxGUMtKhVIN6knLOcOahVuja39KINczNytB20nsxL8H3pTsIQV3XXRPFz7bikBLWoqA74zq6IxT5wCZtTwoYmE5PiPLCCDUETwPEHJqW1tpDOLEBpn+3bnQbX35vwz+w0qAad0ndXYOiVIZK4vBbkjH3AEYWCCfm+KuduqdVU01E8kZakB15oK5IGHSMeNrz9iEv4hpG54FK5lh6eqS2iVeqj4uKN0jEUzVSjTBoI3iZbgZKEjxD+Xz1napErAtuZu1iCt5cW6HCeKBOVJQk8WsMpmgrB6wT4pOFvY5zPfRv+4cs8Cm8jD+i59G+S5J+TD+rlRSSPLPUSka1pPNeUXieP53TTkoB5LV3sSfn88+SBkNFbOIoy2Nce6eNzkYvE2auGZ91GcHqbH1OEnzutQqBqdZUmDmLlHqtfKWA4oaGCv0yTOxouzqDfokeMklsXBnWRs7UsfCkR+1qrG9IaFJxOYFEKR7yAsqnmkLlVgmH3GYhgAOwNugRXwNzD3UaQ16b9xlE8Oe7DZZdDliOLZbCUpjvg6Ud/EwbYudH1nNGidKrgz+6dY4zfw4MQm/Gl9XHg7euTJRSVTZQxbw3DyPIykXA50HmnPZi9B4AFvUI6sZtu3e2ZgWo1D+SasAh44fiQYGwVPWLvONiWO/3EIwiL1wO6kGxCARhcUmyYGazwwgjVVr1NuSgmri6hSeuJLXbat/S2p69zIKx3NBTFUZ5xiVLxiB+XCPttcoAckauTghubmT0HvINwaZmec7ABZxEUP6rJUTfhuZihOywDopTp8KoAlHXJjNm9+f2EJzxphOyG2Ke1MBIR0IU4551dERmwdQTrQdMTMEIooRMT4IDbW6b+JUYgQvV3WLujQ6YLuHDuwQ/tivIcegIkwsc+ZUOYiZ+naoTIkgjSQsXrsgOjULKZDgFcnMwY+fJ2lAcm3pu3wse9qYDKyhxpf6/fZJ1JD/9hvEyJaH+h69TKsRRkJo+PlFGb2DjaYUi3j9lujjDvNNX0MLidguQw9Mi9jYXCo6o4MwQXKMizjtTXEVRg8RSi28BsHijanLXnXhSwgFnAo3Usb67xzP11rKBG9af8kJBNvXaVR0pjhC6un+JI0LuJxiu3dVBnZMB18z5C+rqX3RJsyGIL/RLN/xhSG9i4R5hdzaO08G1qdcLtzK1ym6j5oDwXQVchPAeY//BxNtgIo3oqHSDpPJqnXg2rjK62WIMBZxya/0QSyjTHu06L7z0rjSLv/YI/vsbIn1OxsVw4fu1lDG/o5CnQKr/9FDEsZd/PHBJSAhjmg5fVl6n0E38pXuiXNIU8Rr9SVimvER3muJXc6yIU7uXpnMwkH/ZEwWMnT0o6p+SlaxzU10e67PGbW1ovGGCUemz3yg0qjAnIxwnYxtDPTwFVl8BhEIXcN6MzMC7Ncq5JlNr2rjqrbwYO8LeagfDiq8KWygGKP+sZZL7eVkPIJB8cK1NIS22uXNzvsVXKSeksh14jRs/QAAiRM0hfm3CFIdULu5k8DNSmGgjxLf9gNjS8Ej3x9/V828aPyGrBrwZm3Tri66eufuxnNNteBAuzTjU5Pzf/hEai737PZTeRq8sizAn501ZiBUvslalsOw1VB2c+MukgCKzCKga3TUqnSx7HIkWv0C9TXJeXRuPs+czu/9/0SidA1p4mv6woK66+EHXJiTLXbb78DT390e3EHs/5rTkP5udVOpLLP7b4fjGVU959fIQLH5MOTIdINfj8XCQ1Ujts63Jor1RZeNErWADOVBcdnqjT03uh63G0d3A3RUBS+fUu6evx0ChEntbX3QbkDwV0P2rBtDhipccE1rW6tWPJhv278HysTPiwwsQadmdkLGMrJm4XQsYvAaTDtKnNzJUuVSKlnUilzEHEpBfiH4kKBgoXz06ZMEL8ameDfYFEyQwVU+NgRHtJtYE8lZErGYz0a+JJCgHPUiR13VGiNsO5eGBK04Wu4QjxCz4Wu347NOY0bR4Dj/d9td+TMeBPjfID1Ru5txZkuNzhee/qzU7Nqdw7BoOnOxf3QPWNv89vgnpQawsDPfGV6oIPs9hddlsxiNWFaQ4r+a6KdVBYw45XaHZ1MVdHUaV4SfIm30oRWkHWwiFjnlvi1VMxfXvpTu1CxkCSbtyWBRIcVDsypdv+QECsYwYY2KDFZETTm8Vva4SgGJohpprOlgUNuINSA31vHERg48Qbi4XrZeyi61B3I/1GWTOQ4WGAQ/HNnI9VnxTgcC9IcincadoRadhk7qHAtnZA8W52vxbjydJRQxnP+lxWkayxYhxXwAEn0eYP0t1qvhF6V6iaD69s9ZEqhhQkKpjwDrtKnJgPvv31YOCr6lLYmkzp+oqIYSeDzpf3Z0DimNFzL/URtPzeFt2VSAw56eXPze6lHe3+I5RbL7AIDhKwlqeUC3qOZvYm810vAeCmU74IIZ7C11tgIIK16Cwq8CF1CPRlthEfFI+76Q+3/4Hot6ev4naBFVxjqfays6CwoGaA7IYKkYX8yZvCZhi3y/lnO70yt8KFrVQKOgAUTaxdv6Y80uGvburcuHH3N7XmVljJFz8htbD0/qv6O7hfdm69g01V2dIuHXosUuqUT/RQgV+IeLJniMrKLxN1m1PHMncumA6nF9af6a4ua2H1thNjt0OwIBzx0mifWl511YyoUFZYmypVvdqHmo3ljns7GEA0RycAZxpeiVwwiQO6h9WbgbtVwAJnh1t1H37JkNNX+tSAd7n032ZWpczDQUpjxgM6wGPbiZYl7T6tR6ecEV8w+kGUaV+u7AV97p45tG7KMeqYFSItE7kJE1yoAaK4C8hcct7pK6ehdyyy4zjMtOzAKaql5z1oVrjC0OkQ/WI8BmOk39GKOGlrJFVbS1XKrOXRKZP+vet0IRPUhwQ2l90r7O30MmtWgNuPorIUgeY+D7/PJIGehx20azEIOBclJbwxG9UalUhorZiREMakgvocSw54NUXcZcMAVVYB45j+yXSuLVI/zGaMn8IzC13tAf+E3LKrUgeDa5nFPq5GNprqEKnjj3+fl5CwZb9vZYXNeLq7FY5/3deWwiPsJG1e4M8H4a0bPFbyQscj93bD1QiL8eauy2NtoGpopXnEteWtjOiMXV2oJ0soHsDPhEu0xiIlSS9QloDdNfYeJLRuQOHy8DCNLCaRp491998truKk8zMUOpQPFKEi1o8CcoIUvADF7i+EcNPMBhdy5+HgVZHus82mPv/e0+GYi/wQ+MIc93BT2R5KslAfBpSKw+VCv4dKP3TXkkH3krsbu2V6k15bhyEB22UCWQ854drhqFL0JtLOx1IzNElHi7r/jZg6Gd+XSrKll3it3BRyY2XKDEsvfaDTpn47y2ae2htzF8adIe9YNPVzcqVyAfY1+xjmXdiNRRVtq3L2+hNLIedtsG6vbnWXmqUWLeptTbshUckQ77O/hw4wfkqMDa0yxRDFMZUbRiGyFLwz1GmhI5TZ2b2cL3HCO4p1vQeLdKFWsCKFrjeJ6BzYRBn6Ba1U4cb4ZNknxtuJ33J5YzE2WiT7uV8VcAYLxwdAhGktfu1LDMIgztCamkZGlpqkzT9VcHT4QWLi0/WL/7ff0ukL3QwL3O0H9NDXciCTR2HQsPPXq7fzv4D9oE0wAibmJbsI0P0cwnfgeTlJLY0ffN7+ZPs1SzWz7YpaBoxKm4g5rRClh23JCXqtPD65VPtZijaoB7gafGvkBWNy7ryyqSJc1TeCJ5qa8bRHajkaDv9PuEIA9AJ/SODVIdRxyJj8wbXMQuGohXLESLZxPcJE/JBKWfrVAcl0ctkRNXWrbFeQo89NgdT8MWMYiWMfNE3EJqBP5h16FkRagrDUq8HlOpHtFG3EU1VSNaNGlRPmirgDTdQHOvj8kSpnGdyXOrptiWSdMgYWqhqlXRaK8yTMyb0Aot8wg6NuuICsuHZ3rhzi55jcCC9htT3lionJ2qh8eD705mF/c5j9,iv:hQyOucsZMBQoWJXDWs18C9pzcBtk69RaHjD4vZFqzCk=,tag:ncYl3yfCOgUsFTBdoCVypg==,type:str] -certificate-key-config-home: ENC[AES256_GCM,data:aUjZY1dOKYqTJmilVb8vfGKwwZAFYGny/F2B9AwI1Z7TiyCL5Z4Z7tO81+ZHCM6Cjbf3GgArmc1ulSxQXem9DY0wmo0GY6FFs2qSVU5XYs0D8psIrDrK1evQujZmHWlVzPVMyjmbZ2Pwxak15G33AIg4PDt7PsqlXWtPL454BEB07qOQg8qVx6LOPb8TKvYRk7nToZsMjEzxbufZtiFMfyOY0tFjU2anaycuUQ6OfS/9Yfx+N8yf7hDJUh84NkaRSYm20hLOBxIwI/J7tsgB+la3MLc7EVX9TfbwBPQj557dAY+kLht35Oi11/MsGjkvKrC+GTEVi0C94N5Rq9OmDxvp4gtpeiTy2O5WtBw9c4knyy1DtoiVDXSoeh+2f8rMgDdUUaph53oR+fXLtkQ=,iv:Ewvqyvn/FZYwRlT7OSQgg/UKdgHIaTlojf9Fv2B4DM4=,tag:134dToZ04kswk9v/9oikfA==,type:str] -certificate-key-todo-home: ENC[AES256_GCM,data:/Lwf7FEI75dR/RdJELdmYayXYJxY5cb6e9XZ/ISAgk94J1e6UpI2oDW4kh2IImnbwpZrw4OaBH0xzkGoVHtzPDO7rV3MqyLxl6JnUl/gox7sOAIMB/9CsEnhX0/clOUOwbYi4ndVtkywcxMnNei7mw+2LMcGX8x2uxw+RNT0nnA4c36laJ3AOBcpew0PCm/RYiFY+xqiE6X27h3DostWFWXItuPk/ZeOIc+0VsJwy01aU81UftZnivg0E8yJkaUfgcDxsK0iYJ0llxd+/t735TeSayNDUdn7koB6+lwdqbLiaSwvEZ4CzdR5CvodkwXEuLCIzpjzGaBHZWOrASZd60D62zfP1IRrdkn21A2GtO3VOo5im3TW2TX6qGSRsiE7VhYmvMuzN2pG7v6Q/1Q=,iv:eeTW1LIEVpbDMNT0cZQYtilJeK3KO1ZkIrYAjgfIyqk=,tag:/1n0nwGf3ruoorZrexmv4w==,type:str] -certificate-key-time-home: ENC[AES256_GCM,data:q0p5xKoYEPX7Xq4XA7SKdDb+CUiibHNOseMgyQS5uGqanT+y2R+x98LqK8aNXRiZtxiDxEoWnhTJCjLZhOkqSg97VCnlwYDfJsWL6Zxj3kxbTfrziq0fN+prjAV3DTt8S+wPoabsq9bvla0q5yCZdAerc+AkGfYhZmpb6piL6D8Atrt9L7sW6o/HYUOk9VJifR8vJXJQKgdf+K70P0uLwOUPnqcEtNMj+n14oYL32/st7wDi9gbcUp3WIEh6Cf/9zl2PKeUA+uCX6TdtKvfL55QyF8Rs/VUkMbmfwJpS6iCb9PFo5rLqwMAzSqgJCMiMg1Zs9bCYP0+1D2jJ2nPYu5owxnAzVfTmNBMUHLtfDhlGokFEn/cd7z2K3t+fsUl2CtLG6+x7Tq3C/MFu3hM=,iv:xPHkMyDvCmKT7cqrCgX+9GanfWIZw3MPnKc9KQANXFs=,tag:LmV+a+SRbisI1p2aaYqE0Q==,type:str] -certificate-key-hydra-home: ENC[AES256_GCM,data:3/T2Gmfn89EBn2zRo2iXayeVpVjvDyhVfmNO/1M6z0Iy4eP4liOQKSc71GrJ+2JJS+DEb0wBGuuWs4NoeNPsVyO7wAEms5KWi5/puO9WHvLv3tJaW5AVCTwQZj2FzqfLNALjx4iG9GilSbVadElK7SDurDTHB4KNFR6DzS38Hax4PF2mPIhhI2+0I1V8xkcnsfcyorMeS7ROQYvAqCG48k24U0IVVJgwjX3iDcM87udlZf4Ne1EtIN0UnJzxr7tbHqZd45axSPRRe11jrtE0OdMPyoXkwE6ojHT2L7v0QJX1RpxSaU/UmIBEeY0MMW7DG59U/9fPdKkfayJVkvrS0ilS2NN9kpJO/g4ljc3G5DgUvchPfrF5dNUHGTv4yD25U2LQ2B4CXEbIZTQd7f0=,iv:LCJqB+wh+itHcHkFUQR1uUcSWKBWcbkW+rIC95Ml8RA=,tag:IouMHFRjwMqtMdSoMHa7Tw==,type:str] -certificate-key-cache-home: ENC[AES256_GCM,data:6PuGHnP1jIoEPQSc01Rs07kiBwevrTlEQWJv4Gx4Y3fFra3e64VlAo6XEvYsD4XBfS0Uz384jfiRSDjeoqVNA88BCV+Xlg+IyhIKAYSx246ubWuVYW47NtRvPajU8BS4I4Tnl1D1yPPom7teYhfcWxDievaq/43cpArdZUHnRSzxplQ4nBeJDIdE6VD0Gy8txrFgYnakQIEvpsUszwaerWYwZRSPjezXMOideV2UCYkTpjkTYt+a6jwPpJf2/mwkAhAd/QAgsxgSd4d3VHgdgwh4TLeVBSUumEKQlpZ7izQCiV0KwNQvwZEzbT5P6UgyzW7fcVLNrrJOMPBy040EschSgkUt8V+HtY2fDQ+j1N7QT78pvFQvzoybcRAKq3u3oaS0Pmpmf7f45SDvCNI=,iv:bwJlkjdiPbQgQ752/Igkwo8T5zpWvNj0NYMzTx3+cI8=,tag:To7kbDtWtr1bIKLXyKFRGg==,type:str] -certificate-key-doc-home: ENC[AES256_GCM,data:PKCbbnYCizvUljhqVqckVYhmTXNTrFQrRGEvZi7r9Ji+wJvcuKR7ddoVKR5Ubegc3nYR82N1hKe1XU0eUNyyxVxXwf1c3FBuPCyxhR2pPKIosuwPoEzhcDlFq8WCQEn5cmZFpUIqh8IVQY8ePc4+WFs0FaQiGb9ZYjA3JIZtR8UXjkuizU1JBjVEngjLA23cXJdnwZd6HOBq6Lae+78KqTdg2TG5iHixMG7Tr1NV/OyPJ235+Hqgl/12+qwby4NgOyDS73ismE7RRwJYpsHhxOYWbuJryVyCwwSxW3tVTwF1xYDPkgftxIuy/AdvpGTk5rxF/EDjKt92Ig8yliUF0VN9Ej8e/cREgztuoFE5jj4hfWZaCne0QA/GrovWa8JXL4Vf5JzV5638O9Dr0As=,iv:y8ZVLFsr8a7PX+NRsEUlX/bri8Jw6ne1EJ18pz0adHo=,tag:WHaJk8P9jVKGhuFjIAcEzA==,type:str] -certificate-key-read-home: ENC[AES256_GCM,data:36IAlvuk3n8MX8/5OtULkUM4X7xntkmDXTAkfTmmU4wNThTBs13zaAHPclT9T/bxBQE5Wj42M1E7CLNQ1YnX823mp1ySmnIf4gKr2yisLBfeZdel+swapuEcGFh4dwo39uA8hajg5PTSJnZN50a34y8l0gqKh7p3RBlfFSwtZYUoKCeKu47Wz5bCNRg5WPfFf4iUoDAAwgAO67dvZ8VjsaJ4Gms0UW14G8TRAGdoFYB+gT4SDMuRrbxJl5EA1Yfi3btCYjlrAzJzR97cmG9WwOOGHWbWxcKsfc06ApXykR1rLckkjc2FsulsCSZ6g5jn4OhoeM6lJVWE/hW21vX/xnuPtMvy+dTq1/GW5NyZPiJJHQ/TwHYzeJsThsjvszYm2vSze3JIKZu48cW/aEE=,iv:hiRA0asRtgctHiyWrrFOXUkqCu6WGsdZ0IKyFv7rJYA=,tag:ImKlwKLNv/X0+IP99wS7Rw==,type:str] -certificate-key-note-home: ENC[AES256_GCM,data:yuJwbgO/i6GzAawc9s6CAhwd/59vurhtbBA8DhL6Gq+jPVf7ttHPDWcpJzcF2STAQL+JkL4Ap2/rcW6YnEzYZHjfeHX60l8rW6yItPlmlrYmwIiaHFYGt2bF9awSepB5pAR2P3JPUENlC0kgpVwKGQ/OS0YFEBmprXZ/kjIuEN7SrrfBA4m+c5W5/yaWq8TiuVRmyL+1ak2I9WK5qPmbjX4qhTkFuzQzvLQM6K1LtzmPHwni3z3gNCFKE0onm2Ns/+neSP/zRJNlMkIzAb/Ab/en0lGJEklOMmbn/hNezZXzxe93rwag8Am8Kdo382gGgXnUrgU/Qr9tdxtOAuy0r6YnT4KCIs+jF37KCYYsppjqrRKTRqivZQxwYjEIAj45ATHSNd+gNSM/aAlQnd4=,iv:9AH2y48oPvjPxMdxyDFdpUYwydAjmIQRcb1vi80eMTM=,tag:iWZwCIkjPYzztdo0bsXcGw==,type:str] -certificate-key-foto-home: ENC[AES256_GCM,data:0qAB2o30aHbpUQQ89YXWjMK2FBf1vtCHcGm/4Z6VcuhwdUV0wRa0Wb+WKuuNoT4Bbp6tZZqbjzlU68lv/rHqnKReZ6sr5u5HZwgbWpxnVORrfF7JEgkaP1F8NRsyodqIblwMP9bir6uQWRxof0OTXgnJhZU84QJItDBfsD0pfExmDQW5WlAAyrAVL13z/TBfddVPn3vU+CQIRnYt5RKtDNvaOa7XmXu8V7DuZJYYxUhnJfejFSpihoBo/Oxe/TwXzvxfTVYgbFYa/SZiBm6eGQbhO5ST3WJ0JDP3kT8mSmfqzXBLdBPJ2R+A8fF9ayLlRq4aEdFjUJQi1ojIuR6F1eSoxrIdSrDbz4+gZM4fJc2LAxjhdfg4j50Xwf6xOcdpAcz/GVGP93R1jWwo46I=,iv:SV0gXtwKTpVo3FtD7W0NpvZfaS0eFoNVP/F6k6zm+vw=,tag:NrDCn8QDudEIIbWQwPxI3Q==,type:str] -certificate-key-listen-home: ENC[AES256_GCM,data:QhQnk7LYQqfel7aX16mZW0b7SEH7/BacwZVPSnLVqtnTQu3/05cu78K4svzE3p0Gw4alV1w54SMds83ly6orUKP5I+4yqNUlxyXW+U6e6biQy5cznZxbdRtjygb6TKkDB7uYq+f4VSGZuzXHK0YTSzrwcIRjztEkvNVZgqlAt5dlz+tnkSa8Gn+lN2zoC2HTS4OhYJIk/d7YCE47QChC/+2joTeyrogSbq56uIvv5eb8G98iDiUcrTYr91MyNH21S0BVGD0X2C3lu1iwdmOs5t5D9nl7KBdvj82/paK78U00fzIwlKgZMLQK0Qm2/O2JFyVNy6I/vFbQ2ORWGIUyHqK61IXgq/4ugOeQ5oINpNF64B9Z5Jv3TXYXMYivBwko6LUmsaBhW6vBc1rRmh8=,iv:JxeP7NEPKErmKu0+q6IxaxLoUTc6wsDUPWxwdrprEoM=,tag:nEcOYrZwCIv6Sx1Y0MirLA==,type:str] -certificate-key-git-home: ENC[AES256_GCM,data:w9Cs0pepymB5P9SxF7eA2LdmnZO7jYUX355oQgJm94UsbNaleFE7QRs64qmv15jjMGNdie+Ux9LUSmqare3QCSS24JwErBHy1RSnwYwCKhdw8MtOBXT9qq07oO9lakd47SCb7rZLlxymwGPbvryOyPOKzb/bXyRc+c+3mYzac0CoG25WQjSbs8Qe18BLdgPCMe6o1i8qJeqBn74b4PDPgphNY3sbaQolKCyMYRk1aI72hARnXd7yJ2i8aQzSk2wsK0t71EMqaYo8k9uoOfMppcdrswHiNsc6TytZJNhSeqVCgrXIhqqeIvrXh706QmP9lgHA6K+exmkx7tL12tcNzz0BFJf8ayV5UPG58HgRqThvns17EJlbQN+e6pPFTI2Nxlfm7+53hD53TIxkYK0=,iv:LOGPPpteywTk1xa0Uhpl+W0WyAm08EqPFKbnsh1gBL8=,tag:ogMS5FZCdT3+ndOVMq/1wA==,type:str] -certificate-key-eat-home: ENC[AES256_GCM,data:UdXwY5wuF/o6ybUfZjKQpN8BcMr9dR63aWjzEgEh+WEazoFw+utzXODxGx88f2Bldyc6aQD3YptPiQZUd/2t2cY5BDa5rX8QsSkMVPlKkT91+XqilFDM3nK8rEQR9W5XS0hoSXdzmO9+IJ39yEm1riyf8QIqKzRjXQ4FW5M+AfbBWBk3Y80QUHZqu2FQfrhikJ7qz5ZvnZ+yOYF0rhjlr/sIVBMycyPVbdak73vGhpfsBIBKkq1q+4xsDGkx+vfrMLi80en7HFAdOg7TLL1MtxzrsNgiSRbokJUMhnryv6FBX0WdKsoK1aG1P1vtzqT3+jYwOt4Tf9PQcEd66hzUpnBk3m4MVB1hM53gpmNEaYEmDQ7cLGEc1BNyT0Z4m8TAAHPVnkESqZrXUirpfXM=,iv:RiuPEkidAy4pmvgAhv+kTi46DLpKy0xqAKSRL4RonvY=,tag:mbV6h1U2wWvMiGfIid/u4Q==,type:str] +certificate-key-foto-tammena-me: ENC[AES256_GCM,data:BNabWgck7TKuH9lRdmdqiBrN4nFHXNsWey1B+o3sIFRbKZGzNDxsfOBm0WH3W8m0IGq/pls/dZhfoWegZdxcKoSjv/41XOP6+feB7XONGkQI3a8Hn88JttoY5OV0VoLP93kDFqWQchFDpsd5JR3g7Mpci5YB8YXJPSLyZnsTmDH97I6yoXTw40fwy5IfjnXhPWTzPKMNkfUFEZqDUiMBRs1+/mYeaNMu0LVObutjY4YgUi9jN1CPhyhOdpqQwOQ/jhvxmyqyNmWikmlyTi+BiySz3baQggIW43Ef9Zc6a+d5RE9Qo9zw7C7jNce0hR0R4yJ5lOt7C4bXpZPYYYGrsgyCTRaeF3P5PX+9OgvJJY7a7x+mCROeRxGdP9Rj/3qaO9B6fsDM5O1gpBIXBYw=,iv:DPOKS7NTqkXDhGaJt34CPlhw+wkjg9jh4ABe2153Trc=,tag:M6GLgUBosz9YcuFDeRogYg==,type:str] +certificate-key-config-tammena-me: ENC[AES256_GCM,data:0+iGC4CzS9iYSXyk9IU5Wz7W3LSrzM0lbaMIUNZ90dV4/njlXkUVXaolouRK0taMgIS8OT4QmRaOD6LlHQfyy512oKoWw6y6So599Qj3jlZiRLGVrrJ8MlRJ4Fnl0tZa9YPOEKquNo1VBpoPhazk743YUqVIySxOOynl+P9qv5f4bDXCG6Nj78cWj75QcB4to3Zzkx+yVeTc2jKwWtLxSxdCGgJtxgCokkVZW/bU78g8Th+zdICXYweZsmj0MuSD1+j4akauHJykyvjt5Lu74laR6vwDQ0EC/ThJr7OiaBKzihYcfAO7zh4EkF7gBTZfiDEcBoxEcLwB6A8NXxFqdg7lTvkhyloVLN0yTOAh3nnkBaVmLAO8n19qOuPLRfhf9FFYJmAR48XZCHT20kM=,iv:kT9DEeX5yDpA4UpPHnrd1vFOD3QvXKrYetO0Ssz62tQ=,tag:49P+3XqjlwZT54KHyJjKQg==,type:str] +certificate-key-git-tammena-me: ENC[AES256_GCM,data:L+2OETTRnyZ7Ce5xFVrBs24GaGqGyvllk9g1K5XgMzRFx8ygkwrUqAVSOgvHJXWEOCud1sJ9SDujd3d3/DnM158Bd3T+Lp5fpD4g8gI+4H2+alHx92T8TrhwbEruj0Osb27i++nqg6yFdUD6OlRQ8YDoB2RgR0wXKsHpBwwZmyZhUKpXNDAlWKYisgtqpIUApBUqbpOJS1wlMtoELYwtW2UqZsLLWK8/Xw6DVRc8U9CPhKPzj5HERTI2cxAAhifTHv7k7dQsUi5U1YSCofeKfGoBL6DkBi4CtEpQX5CxTZ76VzkQxaKlkoheivntnps1vm+hz/RRY5iL4rBlIpzFiGqx+8K9ydEBGW91MKxv5rrgtVAb0/tM3hW6GgchHgm4oB8rJV9kEz+jkLQ0vAo=,iv:9IJG6uIGj89ZbI4Y2F7fOki7abjWDwKFUrLy5HX4eMs=,tag:pTBW7PLUfBqB441kv83gsw==,type:str] +certificate-key-time-tammena-me: ENC[AES256_GCM,data:KUKXyyC6E3ki7TwEyvthDZbW4PU6IOBLr+w5T6dXRegfKvqvgkK8rweRrf6qFQzacw0oHJNEbqv5l0cZdbzzF5OemGVa2F19yZ+VFPfPHwmtwnif3+JOzx2i6myN8PaYL5db3pSLv+QrfCr0G44bYYNEajx7g5Ce0EJkpE7UjZgod9X8JY1EkXoqAd+C2+0bVQnLi6mhp8z6dmVnK7EmXlmNva3en35Nm4YzqG2H0BUlyzSpoO+vWBgmG2Skbl4McHO7LIwAoWRuIyERDn48osAm7is3RfMMnHXCAlRqMWtojhMnRxmkn/SdEccEaaZepu6Q3anuMKZrARe1xJobaRMTe0cM47Ui0IHVhEE4dYQ/nVAoP7gj9fowvQn+GsqdtCho7kkI5gJiEQ5K12Y=,iv:zQ05Rwsg185m/G9XD8vSwtcuao/2Av7HNRfw4S3hpmU=,tag:jfpROZrA8SYIkp+kbLA4pA==,type:str] +certificate-key-eat-tammena-me: ENC[AES256_GCM,data:5/kzPG/J14NZbO/dTWoc0hsUBes07w9IIYOtyqAVdZ4XnEQyX2ZdYQYg4RWZ1ipFh1cMRbmgC5xhcp/Q+LY6OYovXb8Gw3TwDmwVlwbGZNo5UUcik1W0CnhzXw2y1XIrTF9efJBMgxwRAZQiYztu56lST+4BjC7pcwRMciftXUhYJ9XETblQSUxKww2aPrBfBwwAPRA/yazDJCqWbEU3vWewqSou6vaYDXSGBWif1/Zdgqt7HVOfwj6WJzy7k+9JT2Bg2FE7hwBtM9siDS8lsNj/l142wCWDlN7f+qME4C9wEBxuyJfpBUEQoNCscMmUnMkEmWLDZ/g+8Ez5PqXVel40tzq1pohO4xZVv3VlxiPMOXuijxSGslT0eYAp62vXue1Ii2whs8uonxmheFE=,iv:oodyOk9HESC4LsOZ11a0/DeD0rYltDH3+iDVlSsC/n4=,tag:hXoZId9xjFTC2DQSLU0SPw==,type:str] +certificate-key-doc-tammena-me: ENC[AES256_GCM,data:OzatonCK6tOI432B1JcvWoCbWP85hSkyKwJ3YkQk/G1yyMS1Jlk/TOc5+Cn5fegSDvRL/Qq+dTKEAE5YvPt4o9Ytg+WlQw6JjThquHHhAiR3sEz4y3/Jh+fLPQazQfwdHnU1onpclTuomAQCdIGdBu6fROevAhkaGRkZ8Hd6REzFmexcGjl1Ed4sllsxtNNanRTaaYYUXHkwGnJ2NzSGOoH7BfLookAzLxjwxyOmSZTKSAKDUKNEJnUcKQPAx50kUMgF5KIzctaHcpW091w6QQqp4zN2J2tdzkmnWl3Yl9E9otUDJ/3snmM2uRo/t7qpJYlNiqDeEeT8oWQ443N9FX10KpbpkmLjtlg4LnmbKRlnzQ3gGaXz9lIhxTA7gYPP0sis+0Ws+VAJdZMims0=,iv:+/+/kXxu8DgQdAhxsXBgBxVe9JMBINcq2L2/UnMaN1g=,tag:1yEr4EOw7ta1t7kH9qMtwg==,type:str] +certificate-key-note-tammena-me: ENC[AES256_GCM,data:TWKmWVmHWp+hSfcwNKUAlha965y7rvXI1XYJGr4Vr/8t37xxsXwzRknKkDb944IgOJD5j+b/RP7GVnoZgF7bPdEigvSFN6RagYE3zaqobYlXGSB+sWJc8d+z0jguiiNIPkGpicgoX6cM/Sh8v34IcgHiKywHoRC8YFjktxm+NoxUMYHNErjvDayORSjuW2mljyMfz71YC8KzCGmawXhEAz8x9vuwBqIY+XSRD72pMTC5kT7jBxMSZzpWI+XzLVobmPFBTIftfqHmCJqRlA15ZAwEiMOlDjDiLOYQHjAIHmWDJAD8bvYxF6ANSEaHRb8/r5K0v0o1V0WiCD3PKAUrZPQQ3u9nhT6OpFOs88iVgOqDHHN/On8FK0OlR6G3KWW6K65rd24takkSXHuQaVI=,iv:Rm3Bx3DCAM7fJ0py1sxumJCsInd+E6hP2kjhXDBcYus=,tag:COhpghXTmiKr+2J2BVLipg==,type:str] +certificate-key-read-tammena-me: ENC[AES256_GCM,data:Cb0SZkaqArT1GCXsacNBOaIG5BwiyjxtGU6aMJVp4I3/ccITcTpIyQlQWKaGDoSK0CQOl7LtbVBm0BlqUvTDXAyWJx1/doaf3Mlzdx8T7NhAWw7He6Lv1ntayqi1sQLGlY3rD7yqF+hHALfVoQNRd+MsvD7r6QFV9tsKYHART+RZJNPObj9Dznddzv0KIUnO+vEdzuMzbTRraVyjYN2Mx09ueKFJiVNQ5dND/EzA8m05A+ezCvYSqmN66fjuHPxycIkI5BbCq4PPbKUFLW31GMLQ73TQGdkhF6t1hzBEcmZfiFNyBUlWy8WwkIqHUxawDsPOc3o3npoMRixlpSowo6FRunQ+gmAVw3AoTw1OmwsMAPzrlSCRHuoTCnCHIvN3CzCmPyUTxjSMlOtWRas=,iv:LEfleSXCK2sOTWOLQ4CDf9XiojEIESyChwp/gXmCQo4=,tag:DAHl9c8b5Nj6H3QSAuqGkA==,type:str] +certificate-key-hydra-tammena-me: ENC[AES256_GCM,data:CxAvCuYu8Ftz4ths00roPjsK81/foNbWnQwolButgyAFrVh0Tx3ATpnpF5ck4W1Fpt8l9f5zQ5S2OykDlZu9loB9OkW5UhvdjxMqUxXJ76258NTVgqOLH062BAPLJmX4Oq4LSBJLMqj9teb9tFSkbEb7xnrba/PCLTJk6gP94TumkcYT/LZUfLl/7nQOqDckzem/7/pDcjkvVO2MO8sd5kbsTwzqfnW4hj6pTbhAmTa6X/o4pWMlcEZXclGOmQNN69vKWYKr0//t+nkvAujQ0g7FmJKIEysDCiaG0L5ZYCvtqmq32deGBfJRrZxS/x49Urg4cUPk5cj8/wP4ByEt5ykwDm1p8MP4E5Pz4PtlLYRMz4XFA73blR6U9aERAu6Mg8OcyJzmCYvqpfN8BTM=,iv:5A3J5yeCI2JU2GXdH1iKNWAVAqirdGzXCwoujwOB2bk=,tag:B073+3aobpOA2QU2BOjdHA==,type:str] +certificate-key-cache-tammena-me: ENC[AES256_GCM,data:ieanG2LnohzctjLggzx1b1IVcxcAaDQi/HPEAg7M8l8qespVKwSLBe31gIEQ2fQXtpmpESy6P4IhSPhVw7W0XyNe4656VycgFuo3JasjeGzfpH9DqXWYa+4wjT62p2gW4mnE8QbpKQ1s17hDkWPgNhrK7ya50ascXsazKD/XMoxdoIBKhFjfICWl+RqL2j1tRmB4U/w2MNQ3GVHBwK6xGy1uauDStR1Ndpz+Ed/fpEmodYyjvHrN2czykab2kD4BCqHISYgyf9y2wkBHSKMj6o1xJWRqAavOWW9YkQTlx7MbFypUOP6j1TYeeJZGAPNhiOFBeMTYapM645spoOECM0KSdAVHQmzIhl9zZ1rA5hx/wXk6OsIjbLRTd6lm8aAr6M9aN5wqLQpcu/ybFq8=,iv:8fP4uxYrZQ1n+0VYhX1Z6lae2GZu/PPqGgJjjtlAzrM=,tag:T95fhh7fTaVN8TR/2dU/0g==,type:str] sops: kms: [] gcp_kms: [] @@ -35,8 +30,8 @@ sops: ZzFxdmlXaTRCY2tUZndBSDlNeUVROVUKH1CxbcdwHR3ELn9YlGvO6YbGGg++wGZv 97ez/ErXEOq/6IF6HzV3I9BsVV4WCJI2VTP8Lbiwt59qg5riH7CGJQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-08T07:11:51Z" - mac: ENC[AES256_GCM,data:reqpsliDo+9wAkc6+SAwKrbyZH5oDI2O2qrJ3IfSJt/dGdFh/VupAdRIgaOMPmfdf+QREVfhIrQ2vHlEf7QrHUBcseTusuojgItrBw7r9xrwD0q9uPLxFFNhV7Oeo9iCrH/+uNZIhqGqJqeMglWROPx9mLQm0ZYp92skgWRJ06E=,iv:seRleBnn8hZvO8wfK/jPOw8Ts+DNOJny2XeZGU00W5U=,tag:pa08lf1CCDC4DOxc12p+zA==,type:str] + lastmodified: "2024-01-15T13:55:25Z" + mac: ENC[AES256_GCM,data:e929YjmaBHOYYtSIN3hcEQ1+qWfEZ1hZjexixhCqmLH45zDAes0WIKhtSBWrC5YS3GZ0Q3hQi+1oYz+DVy9qJRwYITAZP9okn5+7+rRT7A4DoNnUf+v3vsXJUQ/ozRnOxP2UWupMBUU2BgKpESeyh4jqhSnp3GSuXAzPThhEuNU=,iv:GjZJnvQf+xvGLu/x8w9YXxx+hE+aI+Z5l+S2HHD5JQU=,tag:FTb6rhDx7sh5rOECxS/hBw==,type:str] pgp: - created_at: "2023-11-06T16:58:30Z" enc: | diff --git a/secrets/pub/cache-home.crt b/secrets/pub/cache-home.crt deleted file mode 100644 index 8718437..0000000 --- a/secrets/pub/cache-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBozCCAUmgAwIBAgIUGpvnmF34XGE9m+FiyJWUtpACo/IwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM2MzhaFw0yNDExMDUy -MTM2MzhaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABKFpzCJ0CB3y+ecW6K08E1LWnN2dXLFzfQrblIP+2/q1B9+x9TltVl9XAHZ+ -KHDt4xtBH/1m9pHIq1o4i1eI3xyjezB5MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAVBgNVHREEDjAMggpjYWNoZS5ob21lMB0GA1UdDgQWBBQxM8gI -E08BQOT+TeOeyaddOUDjjDAfBgNVHSMEGDAWgBQA+twP2yay+C3XJDsZsiKtZZlP -qzAKBggqhkjOPQQDAgNIADBFAiEAs8aGInkoEZj3VOn9EhEipcU08jLPE4IogKZ0 -P7HTxF8CIEFJ0GCDzH0BGIkXPzSUqp+VPSUVB++0MUD6c3xZZymU ------END CERTIFICATE----- diff --git a/secrets/pub/cache-tammena-me.crt b/secrets/pub/cache-tammena-me.crt new file mode 100644 index 0000000..1b126f5 --- /dev/null +++ b/secrets/pub/cache-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtzCCAV2gAwIBAgIUAihiVIfcHwp5k/5AQKQc2vfOcakwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMzU0NDFaFw0yNTAxMTQx +MzU0NDFaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABHmnodW1K3deu+YD9Ehqzd64PesSWJjWSBjF2vL2dYRx1H5ey2sHmWNesA/u +oleD4qgGwpiZ9dBDkjpXF7DiQ7SjgY4wgYswCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCcGA1UdEQQgMB6CEGNhY2hlLnRhbW1lbmEubWWCCmNhY2hl +LmhvbWUwHQYDVR0OBBYEFPMaOh5/PTMCoeNoONj51+k+BpmYMB8GA1UdIwQYMBaA +FAD63A/bJrL4LdckOxmyIq1lmU+rMAoGCCqGSM49BAMCA0gAMEUCIQCi/j0slUib +RHcseQdx/vlpXM3JGqjB2hZyNWtPq7+6nAIgWGZZNZSC1aoHhlNNlqZK8N/6EkWq +jsawPYL3y+KvscI= +-----END CERTIFICATE----- diff --git a/secrets/pub/config-home.crt b/secrets/pub/config-home.crt deleted file mode 100644 index aebfe35..0000000 --- a/secrets/pub/config-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBpDCCAUqgAwIBAgIUBe0/igRlSLxWtYVB6xPKncE5YJIwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM2NDNaFw0yNDExMDUy -MTM2NDNaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABCJSihwWx0hbnJ2yRoEkQQ395bYunBUUn5YM41Lzbeg9vHTuFewwDXwXJQnm -K9PNZrnKbB0zSfl2JZqeSPnVhqmjfDB6MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAWBgNVHREEDzANggtjb25maWcuaG9tZTAdBgNVHQ4EFgQUXMd9 -uBsy7oEgQUMbvgL+0pShvggwHwYDVR0jBBgwFoAUAPrcD9smsvgt1yQ7GbIirWWZ -T6swCgYIKoZIzj0EAwIDSAAwRQIgXxwMmnhlKp9g5RfH8DY0jfZC09q6PpceAf4G -3lgDkJ4CIQCbM7jzCEHbOhhKaacqyrUzkqKlXbKyCFMcd0GsswPWvQ== ------END CERTIFICATE----- diff --git a/secrets/pub/config-tammena-me.crt b/secrets/pub/config-tammena-me.crt new file mode 100644 index 0000000..292ed04 --- /dev/null +++ b/secrets/pub/config-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuTCCAV+gAwIBAgIURzwwBAEwaT2hwpHSkIJ/S5aP39owCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMDQ2MjBaFw0yNTAxMTQx +MDQ2MjBaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABLGvXF+e+H277acWRTEe1GTq+uBI3nbwS0B8KDS40GwhvxqqTPcLb2RdEY5R +bfTzrI/z64AqD2tnuqZmlO+raWqjgZAwgY0wCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCkGA1UdEQQiMCCCEWNvbmZpZy50YW1tZW5hLm1lggtjb25m +aWcuaG9tZTAdBgNVHQ4EFgQUCrC3WomB4WMhuiu+cwYEMnG26OwwHwYDVR0jBBgw +FoAUAPrcD9smsvgt1yQ7GbIirWWZT6swCgYIKoZIzj0EAwIDSAAwRQIhAL5YqX0Z +Sfb6aAIU0slh6sBDKR2uDBrIyBxpFIpcngc5AiBvcxM83useEM/ebpDDLmrNuuN1 +1hhoial90jAb56Ilow== +-----END CERTIFICATE----- diff --git a/secrets/pub/doc-home.crt b/secrets/pub/doc-home.crt deleted file mode 100644 index a28f27a..0000000 --- a/secrets/pub/doc-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBoTCCAUegAwIBAgIUW/AL1DY1Wl1feUogSmMApjII1lswCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM2NDhaFw0yNDExMDUy -MTM2NDhaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABMAEd5oBHECI17m2N1ijHK0SCtLjp+FJjSxYr8RPK7odWmaXZbG970LonW0p -SPGxY0f4ob9wGRKOafFyXw7Nu5OjeTB3MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATATBgNVHREEDDAKgghkb2MuaG9tZTAdBgNVHQ4EFgQUskMR9iLb -kBosNZT/puPMtgw816wwHwYDVR0jBBgwFoAUAPrcD9smsvgt1yQ7GbIirWWZT6sw -CgYIKoZIzj0EAwIDSAAwRQIgVhl81ZO4N+gykDY41pSD/OT3N9S2gQ4JJdA/ya4L -FSECIQD9oIzu8VpWvlggjLQIf6SOuRTLWngYsHwuNpnCv8pCVA== ------END CERTIFICATE----- diff --git a/secrets/pub/doc-tammena-me.crt b/secrets/pub/doc-tammena-me.crt new file mode 100644 index 0000000..082f926 --- /dev/null +++ b/secrets/pub/doc-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBsjCCAVmgAwIBAgIUaZcBhcj0tgq+rDHQX3fpl1T6C4YwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMTU1NThaFw0yNTAxMTQx +MTU1NThaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABEe4rsuV6RtMDwsHj9T2fHkDzp55yeuxpB4ArmtTYXdUXcpuLgeO4CC/Xnzi +8H3jm0YdVM39b+YEQtvEQ8QCrsmjgYowgYcwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCMGA1UdEQQcMBqCDmRvYy50YW1tZW5hLm1lgghkb2MuaG9t +ZTAdBgNVHQ4EFgQUZn7af9gGy8xMoaKmkupgnn+QzkgwHwYDVR0jBBgwFoAUAPrc +D9smsvgt1yQ7GbIirWWZT6swCgYIKoZIzj0EAwIDRwAwRAIgCV5d3o6rB4xJ47S/ +c9aGrjb/V/JVECUAGuImzHCKe4ICIBoWg0C9uXmDmN1Dzwk2Wil3IhLaQbtpS/Xl +JrGneSNv +-----END CERTIFICATE----- diff --git a/secrets/pub/eat-home.crt b/secrets/pub/eat-home.crt deleted file mode 100644 index 8f6c6b2..0000000 --- a/secrets/pub/eat-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBoTCCAUegAwIBAgIUXX7hG5icEqtRroxsclad4zGeRHMwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMDgwNzExNTBaFw0yNTAxMDcw -NzExNTBaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABAEQY2ndpQJA2uAWFj6UYuW+LBqE5UWSEBcOc/AWZke1htTWRJXSxtpxSWvS -AAGka2IIcVhDEQl4dwrfBlRZcjajeTB3MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATATBgNVHREEDDAKgghlYXQuaG9tZTAdBgNVHQ4EFgQUMS5TV1f1 -K1YW7kOwDqr7ify+cbUwHwYDVR0jBBgwFoAUAPrcD9smsvgt1yQ7GbIirWWZT6sw -CgYIKoZIzj0EAwIDSAAwRQIgGqLC30CZIXw5yjKXfK2kanwr9t2C+iv1APZixiVR -Rw8CIQCLy+lN8DXyl3hVau8LSoYT3Rb1QqiUownWc7pOl8YZwQ== ------END CERTIFICATE----- diff --git a/secrets/pub/eat-tammena-me.crt b/secrets/pub/eat-tammena-me.crt new file mode 100644 index 0000000..b11a430 --- /dev/null +++ b/secrets/pub/eat-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBszCCAVmgAwIBAgIUFI2uY4gltCP0DqsDtFdGAYADGGYwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMTMxMDdaFw0yNTAxMTQx +MTMxMDdaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABAtZWWDUZWsSiKqVQ7JTL8GD6btHnmnsX2ASpPve8hFoKkOC4J28uACJrpKt +XqjUBfG2sbbRGtlnUwDYcXbqAvWjgYowgYcwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCMGA1UdEQQcMBqCDmVhdC50YW1tZW5hLm1lgghlYXQuaG9t +ZTAdBgNVHQ4EFgQUPqP1CcqpkdGXRA2e8B2VpUgfWdIwHwYDVR0jBBgwFoAUAPrc +D9smsvgt1yQ7GbIirWWZT6swCgYIKoZIzj0EAwIDSAAwRQIhALHPWMFUuv9v+l+n +Z3a+QPj45ZQXO+sGTov7n0B6sj4zAiBgjPp1l0gc3X7UHt6cg1tPmfjTo7ihrd3J +akVc0wtO6Q== +-----END CERTIFICATE----- diff --git a/secrets/pub/foto-home.crt b/secrets/pub/foto-home.crt deleted file mode 100644 index 46f6404..0000000 --- a/secrets/pub/foto-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBojCCAUigAwIBAgIUVpjqyd+Edrj7vTHsbo/1PqLKDAwwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM2NTNaFw0yNDExMDUy -MTM2NTNaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABJgbnt2+Ay6EfPb+Xl7ip+f1lXvUoVXzmM2GOEMZU+MrDfyaRY8eFAydrM2V -Uter/vMTkK9zt68PaISJqqE2bJejejB4MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAUBgNVHREEDTALgglmb3RvLmhvbWUwHQYDVR0OBBYEFMHGabKi -4aV8dWe7QeHEn0MYxma5MB8GA1UdIwQYMBaAFAD63A/bJrL4LdckOxmyIq1lmU+r -MAoGCCqGSM49BAMCA0gAMEUCIDbgZQuV/xN147/y7TPV+o6Lfke9hIKhVpyqSz8H -66UwAiEAzKbn46lCU48tU+5kLBvtb8+Rp7lGvA6BUSEZT0Nh1U4= ------END CERTIFICATE----- diff --git a/secrets/pub/foto-tammena-me.crt b/secrets/pub/foto-tammena-me.crt new file mode 100644 index 0000000..9e3a3e1 --- /dev/null +++ b/secrets/pub/foto-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtTCCAVugAwIBAgIUQ/doNRIc6CFrvfrOYaKOkeZhr54wCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUwOTUxMDFaFw0yNTAxMTQw +OTUxMDFaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABCfwsATCkahm6hK8yXj/AFAFl2PvHK8mP1wEIwqaDkAMB6NZxGbIXRWV3EWh +mO2FOtcAzw3BZJ9JRqONUt4Tqy2jgYwwgYkwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCD2ZvdG8udGFtbWVuYS5tZYIJZm90by5o +b21lMB0GA1UdDgQWBBT+Oqu08k9fgdye+91GnTSmVXRQ3zAfBgNVHSMEGDAWgBQA ++twP2yay+C3XJDsZsiKtZZlPqzAKBggqhkjOPQQDAgNIADBFAiBvviDi3DE2Fw47 +BIeHuXKymB2T2JzzWNWD3M/7Ev9p4QIhAIDwhhiQsQGycvWGbv9pTCsdhcQUvfu1 ++uxBDy+JeCm0 +-----END CERTIFICATE----- diff --git a/secrets/pub/git-home.crt b/secrets/pub/git-home.crt deleted file mode 100644 index cfdfa48..0000000 --- a/secrets/pub/git-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBojCCAUegAwIBAgIUJ1TbroT/cDUKvtV76CxQ/HV+mmowCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM2NThaFw0yNDExMDUy -MTM2NThaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABBFvb2rQueGRAScn/iECvKyfrfLgA/QcXslYBRotfob4MEyX4Cd9qHWoXjEu -TX0hgWU3rgX2nQW8lfKm8FCzWN+jeTB3MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATATBgNVHREEDDAKgghnaXQuaG9tZTAdBgNVHQ4EFgQUhOaWUQ1g -vjWPHsU+Q+e0RSuX6wgwHwYDVR0jBBgwFoAUAPrcD9smsvgt1yQ7GbIirWWZT6sw -CgYIKoZIzj0EAwIDSQAwRgIhAIQ4LJ5u5kIoD9CW91j4ZaNrTrbIOBk2iGdJ6Jdq -JMo6AiEA51DWhjj4QAP17zl3EjlHpn16fmcZgaPN6EXW8DVN99g= ------END CERTIFICATE----- diff --git a/secrets/pub/git-tammena-me.crt b/secrets/pub/git-tammena-me.crt new file mode 100644 index 0000000..9c5a61b --- /dev/null +++ b/secrets/pub/git-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBsjCCAVmgAwIBAgIUOicGfKYRE93gnpPrYFkjGpJp1cAwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMTE1MDBaFw0yNTAxMTQx +MTE1MDBaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABCwVBS2jduRyQT0cfv4j12/vH/hPTsaCyxcP18JzS9T48OvKW0E4kAU16naT +Nhs2VHD5iVALvfx7JGN+wjqlY6KjgYowgYcwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCMGA1UdEQQcMBqCDmdpdC50YW1tZW5hLm1lgghnaXQuaG9t +ZTAdBgNVHQ4EFgQUrsm2SxReJA38LOQQ3FSfFKKJDAMwHwYDVR0jBBgwFoAUAPrc +D9smsvgt1yQ7GbIirWWZT6swCgYIKoZIzj0EAwIDRwAwRAIgUxuBWqwiiL39N/R6 +8WLk8WCSTBqcbTVMvLthi26P2GgCIF2mm7L8hQO1PyaahCMSYSl1bPY+dasjrbIb +TFNSMcnf +-----END CERTIFICATE----- diff --git a/secrets/pub/hydra-home.crt b/secrets/pub/hydra-home.crt deleted file mode 100644 index f5fbc48..0000000 --- a/secrets/pub/hydra-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBojCCAUmgAwIBAgIUO//krssOXRxiZH29f5q+Iv/iCtowCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM3MDNaFw0yNDExMDUy -MTM3MDNaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABDcUAK23ojmiy8JB/js8P+8hIBwoqP4EL4V8zL4FUIYdqlX32IXIe78up+mk -EQ+zR/MoIdzUu5mzcRA4+M/9n4ujezB5MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAVBgNVHREEDjAMggpoeWRyYS5ob21lMB0GA1UdDgQWBBTUMAAP -VtAE9zn6nTBy2HlSAc03KDAfBgNVHSMEGDAWgBQA+twP2yay+C3XJDsZsiKtZZlP -qzAKBggqhkjOPQQDAgNHADBEAiAcX6Vmne+0om+DyPbwNC3OWR926H93NIRfX7AL -ZrjGYQIgUc30oiGeknUroTS/nyvlAMgY9ppmJIhPLJhUWIV8Noc= ------END CERTIFICATE----- diff --git a/secrets/pub/hydra-tammena-me.crt b/secrets/pub/hydra-tammena-me.crt new file mode 100644 index 0000000..7b7fc4a --- /dev/null +++ b/secrets/pub/hydra-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtjCCAV2gAwIBAgIUZLSvgkuc+bseO8gUyXvUPNwilfowCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMzQzMjlaFw0yNTAxMTQx +MzQzMjlaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABGAVj6fMw4lqUQq6w2uXuA0T2zeXztYRuTs8cYCSvS8tLf+48xI1t3LSAVDS +sCkyJKL3IeMbVd7bNQB2wixfrzejgY4wgYswCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCcGA1UdEQQgMB6CEGh5ZHJhLnRhbW1lbmEubWWCCmh5ZHJh +LmhvbWUwHQYDVR0OBBYEFB50XIm1B6tLpXrYi44CYTa4v5cyMB8GA1UdIwQYMBaA +FAD63A/bJrL4LdckOxmyIq1lmU+rMAoGCCqGSM49BAMCA0cAMEQCIC0wwVvnpSq1 +jWufW3sol1+hTRVuvJ+0qFkliYyPldMFAiB5cPXQkNzTKsGLs7vB4lSFCDTLwaDM +9TQL+09ZGLtwZA== +-----END CERTIFICATE----- diff --git a/secrets/pub/listen-home.crt b/secrets/pub/listen-home.crt deleted file mode 100644 index 03b39c1..0000000 --- a/secrets/pub/listen-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBozCCAUqgAwIBAgIUGIp9MdhcUu2/TP0Y8SvTRdjKIbcwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM3MDhaFw0yNDExMDUy -MTM3MDhaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABBkKuR+zl254Fnj73EzckBLZQrnBG1mPG7ZdD5rDmLfBJAamwZ+rAJPEiLU6 -YlRq+qJXVPxzBXSl/tb7FR90kLCjfDB6MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAWBgNVHREEDzANggtsaXN0ZW4uaG9tZTAdBgNVHQ4EFgQUrXPk -d/UHZXennBLNBrMAaM2/e30wHwYDVR0jBBgwFoAUAPrcD9smsvgt1yQ7GbIirWWZ -T6swCgYIKoZIzj0EAwIDRwAwRAIgKsTz8xbWW2SJ6JWrOxbYWjdEoHNHtUPRz63g -Sgd25QcCIAV7hyUMlK82n3wISb2p7cJcr3neLw+9FnjqMSYvfZAh ------END CERTIFICATE----- diff --git a/secrets/pub/note-home.crt b/secrets/pub/note-home.crt deleted file mode 100644 index 4fcedb9..0000000 --- a/secrets/pub/note-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBojCCAUigAwIBAgIUKpRgJ/eny+erl6FSDFFl5oVH8bMwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM3MTRaFw0yNDExMDUy -MTM3MTRaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABJTvH2lfhUu6qSLXxUEfTrPhGac5/GVTqdkcZnLpyHVTi2R8+Y1hYBw9YJ+K -icU716roI1iHF5QXrzbaIHB0rdqjejB4MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAUBgNVHREEDTALgglub3RlLmhvbWUwHQYDVR0OBBYEFLE6OzKR -8RuyLLP1v6545EkC6m28MB8GA1UdIwQYMBaAFAD63A/bJrL4LdckOxmyIq1lmU+r -MAoGCCqGSM49BAMCA0gAMEUCIQDxLku/C2UKnUJp81gi1pD3I/gMbhvGmM00/iLQ -Xn8MAgIgfAvLgmeBbpaTpbHjL4OZUb952grxBlhouUzwZwzjxjc= ------END CERTIFICATE----- diff --git a/secrets/pub/note-tammena-me.crt b/secrets/pub/note-tammena-me.crt new file mode 100644 index 0000000..12ad74e --- /dev/null +++ b/secrets/pub/note-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtTCCAVugAwIBAgIUSLhaixi7eqlkH7q6qlIEI4L5o5wwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMTU3MzlaFw0yNTAxMTQx +MTU3MzlaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABIVE0bfzak2x5Y2L3DKzp0IOZRE7xibe4HICvI7inlw/H32oNQ6wcvJpnM5e +l/BHRCNfak+5Jooay1u6GQ164/ejgYwwgYkwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCD25vdGUudGFtbWVuYS5tZYIJbm90ZS5o +b21lMB0GA1UdDgQWBBQHz58dp3RToVngbtQ44oezzzYCjzAfBgNVHSMEGDAWgBQA ++twP2yay+C3XJDsZsiKtZZlPqzAKBggqhkjOPQQDAgNIADBFAiEAj1bNt0dHVVqU +rUxDSR7/cWghSIG3q/qzAiXaN2w999sCIDZuuRKamVtewcT+X6XQUzDANS3oG8D6 +6HJ/bs506bcS +-----END CERTIFICATE----- diff --git a/secrets/pub/read-home.crt b/secrets/pub/read-home.crt deleted file mode 100644 index b732239..0000000 --- a/secrets/pub/read-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBojCCAUigAwIBAgIUeMK7eDYAgZhaRyrQtNHsJfbcuBowCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM3MThaFw0yNDExMDUy -MTM3MThaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABKB/xWm8HLXXpYvl5mqQo/So0P7cKBrFiLQcds4yBKLAconO0K+Wu00nhr2Z -fqJQGq7Cwutzmg1k0g2HbxDCRqyjejB4MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAUBgNVHREEDTALgglyZWFkLmhvbWUwHQYDVR0OBBYEFJwlCbpi -vPO7WzVzKcd0vd0xcCJHMB8GA1UdIwQYMBaAFAD63A/bJrL4LdckOxmyIq1lmU+r -MAoGCCqGSM49BAMCA0gAMEUCIAcB1FlC0kwIOhU3EzzieMTO9gg5U5ivw+QLVjiS -VbJxAiEApPVNQ3guRw2HRJS7dEboEisEQ+1QhN0Sc70jqQsvhJg= ------END CERTIFICATE----- diff --git a/secrets/pub/read-tammena-me.crt b/secrets/pub/read-tammena-me.crt new file mode 100644 index 0000000..7482d4d --- /dev/null +++ b/secrets/pub/read-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtDCCAVugAwIBAgIUSdrPXvzKwL0R7NBRlXOP4LWiUYMwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMTU5NDFaFw0yNTAxMTQx +MTU5NDFaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABCZVBuM+qy2EpPo82XOyITL0og54D0m1jO8Ntopmr0reyEgYBx1PXPCtyF4Y +R5gyWTb3Zbky0mtQtAeDz2Pg+9ajgYwwgYkwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCD3JlYWQudGFtbWVuYS5tZYIJcmVhZC5o +b21lMB0GA1UdDgQWBBRHuT6FvppOR1xWrACauZenrMpJJjAfBgNVHSMEGDAWgBQA ++twP2yay+C3XJDsZsiKtZZlPqzAKBggqhkjOPQQDAgNHADBEAiBi79sOuE183Djy +VOViIJ6gWxT9SFpZb+KcD5U6wX8IVAIgT/dE8rJP+TKuxK4Sd4Iwlqmnt/tnWGfZ +HkExA+gYgDo= +-----END CERTIFICATE----- diff --git a/secrets/pub/time-home.crt b/secrets/pub/time-home.crt deleted file mode 100644 index 9f03a82..0000000 --- a/secrets/pub/time-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBojCCAUigAwIBAgIULs6L9cehoEJOEwq+Z8Q+Sw9AciMwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM3MjlaFw0yNDExMDUy -MTM3MjlaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABC5/10Uf9s19Bj5AKR2ql49jc0D2SlQg8/iRBA92wgvxP0N9nMZMgbVlSkQS -5WKDb26CUIqg2r5BzQWRxKCwRRWjejB4MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAUBgNVHREEDTALggl0aW1lLmhvbWUwHQYDVR0OBBYEFJbh/q3u -AjraRSJK04xMEQyEWDEqMB8GA1UdIwQYMBaAFAD63A/bJrL4LdckOxmyIq1lmU+r -MAoGCCqGSM49BAMCA0gAMEUCIQCGUk6CYBN+tWKT46UEEHLy73dz7Q4ZSH+WmKBZ -F0YVzQIgDQRR9rxA6rJuW13JRLkWzo9GQmE1JOWlj+/29z144gs= ------END CERTIFICATE----- diff --git a/secrets/pub/time-tammena-me.crt b/secrets/pub/time-tammena-me.crt new file mode 100644 index 0000000..460a39d --- /dev/null +++ b/secrets/pub/time-tammena-me.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtDCCAVugAwIBAgIUUEIYVksaJsjInYDel3Ws78iHQNAwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMTUxMTE5NDBaFw0yNTAxMTQx +MTE5NDBaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABN4R4Mz3f0/DzcS3I/LelbwLLxBv++uaOS6H2uIyOCPPuxkNXpC88y1IIEBC +UmORM3vzWHpUalTjnCKyPPCNtgujgYwwgYkwCwYDVR0PBAQDAgXgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCD3RpbWUudGFtbWVuYS5tZYIJdGltZS5o +b21lMB0GA1UdDgQWBBS0W625dKWNkBYcHFvT1lvVUtUziTAfBgNVHSMEGDAWgBQA ++twP2yay+C3XJDsZsiKtZZlPqzAKBggqhkjOPQQDAgNHADBEAiAsSG0+7Y9qdm2k +VTJlKaX8fOAWs716veznghb4qBXIKAIgOl6C9EQlIr1ZiGPI+5SqvH4hA0OIXMlF +963ulXUw6ew= +-----END CERTIFICATE----- diff --git a/secrets/pub/todo-home.crt b/secrets/pub/todo-home.crt deleted file mode 100644 index 1e5bc86..0000000 --- a/secrets/pub/todo-home.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBoTCCAUigAwIBAgIUG2UOR05kg1jHUY7EEr5stkdtoHIwCgYIKoZIzj0EAwIw -FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzExMDYyMTM3MzRaFw0yNDExMDUy -MTM3MzRaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABHCThIGyNATeoFwfklHdzT93CzyVcQFL8N+sw53pyxZJQUUk3M719NNyQ9qM -TREzrqe1XrLocd0goF8ArOb6KRCjejB4MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK -BggrBgEFBQcDATAUBgNVHREEDTALggl0b2RvLmhvbWUwHQYDVR0OBBYEFPmAYh9X -/0Tgdxxnj0bz+fqOcpT4MB8GA1UdIwQYMBaAFAD63A/bJrL4LdckOxmyIq1lmU+r -MAoGCCqGSM49BAMCA0cAMEQCIBOYNBJByszSG4jTf1l+6NIC7yc//C7KxQ5M98WH -WSQUAiBcyyi0Cu6MpnVm7aiuDW5s3U+2NwPzMT64/8nDjFj9xg== ------END CERTIFICATE-----