phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2026-03-25 18:46:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Setup relay server

Browse source
This commit is contained in:
Paul-Henri Froidmont 2026-03-24 13:18:01 +01:00
parent a1945ec137
commit d04d69157e
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
9 changed files with 354 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1,3 +1,4 @@
use flake
export TF_HTTP_PASSWORD=`sops -d --extract '["gitlab"]["token"]' secrets.enc.yml`
export HCLOUD_TOKEN=`sops -d --extract '["hcloud"]["token"]' secrets.enc.yml`

2
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &admin 3AC6F170F01133CE393BCD94BE948AFD7E7873BE
- &elios 0C143D8AFF5FBCD2293897658E66EDB0546158DF
- &hel1 0f0c4c2f9877cb8a53efadacb90613a2af502673
- &relay1 515a19ef3f9b98442331d89b2997d83ee1948d54
creation_rules:
- path_regex: secrets.enc.yml$
key_groups:
@ -9,3 +10,4 @@ creation_rules:
- *admin
- *elios
- *hel1
- *relay1

26
flake.nix
View file

@ -51,6 +51,7 @@
opentofu
terraform-ls
sops
hcloud
deploy-rs.packages."x86_64-linux".deploy-rs
];
};
@ -75,6 +76,27 @@
networking.domain = "banditlair.com";
nix.registry.nixpkgs.flake = nixpkgs;
system.stateVersion = "25.11";
}
];
};
relay1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit nixpkgs inputs;
};
modules = [
disko.nixosModules.disko
defaultModuleArgs
sops-nix.nixosModules.sops
./profiles/relay1.nix
{
sops.defaultSopsFile = ./secrets.enc.yml;
networking.hostName = "relay1";
networking.domain = "froidmont.org";
nix.registry.nixpkgs.flake = nixpkgs;
system.stateVersion = "24.05";
}
];
@ -94,6 +116,10 @@
hostname = "37.27.138.62";
profiles.system = createSystemProfile self.nixosConfigurations.hel1;
};
relay1 = {
hostname = "rl.froidmont.org";
profiles.system = createSystemProfile self.nixosConfigurations.relay1;
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;

29
keys/hosts/relay1.asc Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEAC6MtIO9yijVyi7GoKyfAz+oXgtXfqLlCzpGbxhhhEHDFgKkwzY
S1nN1GW5YcMjv8orKOSCZkf+pz4o/fZMiLX0jqLomE5fpTj4Lb56dKVJedWfQUsG
HAwX0u05QNcpi3iDlWuEx9WiOzy5nYEJMNmc+CrsWEBuEh88TcbfymOWqJi7FYj+
FJjev6mcPp30qr4nHAe7VtuP/6a2pYbfkWvSUX+WuzLzeISILtkT9pF2+y0XFi7/
8eUHWK5fCDP3IdbkTmN1gk2MJ+smMuwDMRSZTlFM8sBeIj9RBD3R30PsGHzsaNbr
CZ+80zSrjh5YbjYnLwBw1oSXk5xj0WFKPwsdTsHICJVclDqsxmJeo36kqF2o4iwv
36olTSJMEg/rx45+GcVvMV+7PEXcXpMz6R5ENbe0JJKX293biRqw2g7RAiyO8hhf
d9P8Wb/x1WrjFe51CthMe3XImeV1N0ualV14yYgYkrxIyETIbqlHSZsM/1ki2eX/
biSbAppBBpaqm8Q05rYvACbinOnN4LJxuJo+MimCsw+X06dMYmniXwviuOX5FZVX
wLrfEI+6hsI1fl7fUKTSIcNzuCzzPMHXc70haCUKCbG4+YeEGy4rU6nhuRPewp6I
Rqt/Rr7ZPUmSvrQnyKU1tGdCbO5cWXeEuhBS7mXcM5oUZoXbjuIpJsEyfwARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBrgQT
AQgAYwWCAAAAAAkQKZfYPuGUjVQ1FAAAAAAAHAAQc2FsdEBub3RhdGlvbnMub3Bl
bnBncGpzLm9yZ4FJ7kTP9qArngLB4DQlfywCGQECmw8WIQRRWhnvP5uYRCMx2Jsp
l9g+4ZSNVAAAzMYP+IHFwrgTA2mH3aMi2p5Dq8L1kMnfMNRo0g31SLQQ6M4dGoeq
N34vV1brRPy7Idf6jU5yDUGUHsriNviCmGoVfr8QskC0XXpQHZWdWPDYlAy2yYrD
UV6q98Q+1Rg/hgRV+J5JChoA+8nW8DSH2lLG/ZqPVEZ7mTcXXLbZuUMLQhFNs/hu
ckV/KddAxONq4wmlukGZhT3p3zW62x1xxN9TmVlVr4KcKIY1y14HY+AjMO7Q9d+6
jPrdt6pKT81iZnysZ/tldtE6acQptKKzN4pM9XgyK3tlRw9sf/aYPQoDhzDFwoic
O6ai1VhUxEBb9GyUThoWcMUBUM2ZbbzPXZX+upnJSN82ABpm3kSvOxW0RvdXRUPc
LQSy1x7MF+z7WsbJ2LDz88tRbf8x1o6wqXJd9VSFX4QwK8BVMMhVOLqtBPrXOfMH
/sJLD1uZbp9ZKUFQH67qF2HlQXnZKesg0ayw1wAHJhEN26fK4WfT1vMDt6V7d5g6
Jz73fcC4ntZCREfTAVrtEbl+pRRNpDrN317saKlLQ6V7rvjhueGf7NhsEJmd/BFK
PMm4goLAZyti6SFwlanhq57ejZvYzMijz9CXeA41zV+WSxwh20xHmhRMvko7/Q1S
iPpFMWjCp9fkdROPriMw5exR3hE4ADVzqdTpMGnpkOdiWqet4NttcTU9F5I=
=0Acw
-----END PGP PUBLIC KEY BLOCK-----

160
profiles/relay1.nix Normal file
View file

@ -0,0 +1,160 @@
{
modulesPath,
config,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
../environment.nix
../modules/openssh.nix
];
networking.useDHCP = true;
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
time.timeZone = "Europe/Amsterdam";
boot.tmp.cleanOnBoot = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 443 ];
networking.usePredictableInterfaceNames = false;
custom.services.openssh.enable = true;
services.openssh.openFirewall = true;
services.nscd.enableNsncd = true;
zramSwap.enable = true;
sops.secrets = {
openvpnCa = {
key = "openvpn/ca.crt";
};
openvpnServerCert = {
key = "openvpn/server.crt";
};
openvpnServerKey = {
key = "openvpn/server.key";
};
openvpnDh = {
key = "openvpn/dh.pem";
};
openvpnTlsCrypt = {
key = "openvpn/tls-crypt.key";
};
};
systemd.tmpfiles.rules = [
"d /etc/openvpn/ccd 0750 root root -"
];
environment.etc."openvpn/ccd/wsl".text = ''
iroute 10.33.0.0 255.255.0.0
iroute 10.46.0.0 255.255.0.0
iroute 10.133.0.0 255.255.0.0
iroute 10.134.0.0 255.255.0.0
iroute 10.161.0.0 255.255.0.0
iroute 10.200.0.0 255.255.0.0
'';
services.openvpn.servers.relay.config = ''
port 443
proto tcp-server
dev tun
topology subnet
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
ca ${config.sops.secrets.openvpnCa.path}
cert ${config.sops.secrets.openvpnServerCert.path}
key ${config.sops.secrets.openvpnServerKey.path}
dh ${config.sops.secrets.openvpnDh.path}
tls-crypt ${config.sops.secrets.openvpnTlsCrypt.path}
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
route 10.33.0.0 255.255.0.0
route 10.46.0.0 255.255.0.0
route 10.133.0.0 255.255.0.0
route 10.134.0.0 255.255.0.0
route 10.161.0.0 255.255.0.0
route 10.200.0.0 255.255.0.0
push "route 10.33.0.0 255.255.0.0"
push "route 10.46.0.0 255.255.0.0"
push "route 10.133.0.0 255.255.0.0"
push "route 10.134.0.0 255.255.0.0"
push "route 10.161.0.0 255.255.0.0"
push "route 10.200.0.0 255.255.0.0"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 9.9.9.9"
status /var/log/openvpn-relay-status.log
log-append /var/log/openvpn-relay.log
verb 3
'';
disko.devices = {
disk.disk1 = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

125
secrets.enc.yml
View file

@ -1,5 +1,5 @@
hcloud:
token: ENC[AES256_GCM,data:cLSwCwwtCaSn1eewHeLpCj4eS05z5+p5fpi0qZRj7/aNnKvugcME/eG3VR90hvpsS0g/EIWGmYK9Bv6thWEn1A==,iv:X9r7bQrNqaGRK7QwA6OtwyqUnoNCAf+ZbnMe/26cF2w=,tag:emGH0SWvFTE3AmYRNHKXcQ==,type:str]
token: ENC[AES256_GCM,data:hC0jbTzLR5n14EGI9Nl6iy7hz3wMB+NtuAyp506bAoOKQxGQMaQo6lxnL5DV8LfNUz/x9w3gl/AFvW7fqq3HLg==,iv:1bk3wQcaTjmBs3S4L73H3I9iAaUjioVPogobrITliVY=,tag:uin+HS4kQAdYN+Z5xVcAkQ==,type:str]
dns_token: ENC[AES256_GCM,data:v41w2CkGH1bBDIv0MfhOKEYDn842zLoG8tpuVcuspic=,iv:+8fH5X0b+K4QOepvxFMOZIEUqeF+eCBZVfznXoefEUg=,tag:x78M9UQ0klJeVxtnPwMHGQ==,type:str]
grafana:
admin_password: ENC[AES256_GCM,data:seXajvIHrEU7XR/XVD6uG/dmZ5I2oiL5IxsM+sMlV9awLwnYpDI0u0gJbYqSYvMRhXS/ZhXuXaTJhgXD,iv:oavt6HtbCCLznPgpSSLKHcHPuJSP+7hPPLepu5orqm0=,tag:Gubg8LEYUMInZpXE1SDYtQ==,type:str]
@ -8,7 +8,7 @@ nix:
chisel:
auth.json: ENC[AES256_GCM,data:R2Lpgkn+OgYYKPWZdmvI16oOgVamNA4SVVm5x3A45hcHhVE4t7izDMkkgLHybPFZypBeSI7WPvrJBrK+xxt3Ykpt47GfiSvWv7aU1g==,iv:SX78DpzAZheg6OppVoedtr7FnDXRJSEgw7eEclN5IOs=,tag:iW7SJKkaHaLwyMUvFQld2g==,type:str]
gitlab:
token: ENC[AES256_GCM,data:zZ77gaLg2/YDc5BmKvO1AzwzY6JM7cBwyCk=,iv:kb6+lyRxnH5KifLG49t3XA5jDAgjQFiYUnE0YyAdla0=,tag:umVKw3x3MPII3IqIUmAmIQ==,type:str]
token: ENC[AES256_GCM,data:w1sn55gAYBTj03wzVBHmDS0IT9Y6fRTu+ONTLfirA0XuiReL5PNbF4HL5UkurBNaKhMWp+U3tOy+,iv:j2WYxFvkHmoJfmtqTZG3BI7TRxuE/faMDTLedottFwc=,tag:6kraXBaasziA81VzWxscXA==,type:str]
runner_registration_config:
hel1: ENC[AES256_GCM,data:fQ3mOmS4eC1ocvXmGKB4f3sDedw6Lc6ekqe2QzL8nxdvjfrbiuhujxrVXq2iPPQz0Jc90N0/OfAH1qe0jtKQZc604PO5rhQuzwJvoZcjNvPq7bIbkLHaQSkc/8wIssm0+wBxCr8naIrXsdDqA2/kNSWYM/bY073RSFqD,iv:iWDYxw8hwVrCGDGg2WB3nNxCcZrAk1lcauDqo5GUqo8=,tag:UQ+DfqDBigAGB1em03yS4Q==,type:str]
synapse:
@ -52,10 +52,17 @@ wiki:
users_file: ENC[AES256_GCM,data:glllwv0+KnPOeJ4eFNXECZPZvL6k5RODxIJNfWjQgo8EUKF7UsVyRvHcL2g9TAEpXKT8RGLekZim+Q467eKKGPpdj2LlrI/XYPyMvk2ShaTBO2ivx+6e9zowpdJNclBMmtKGgggK+r7LeXGunCl06oq86LpKq9ddiX2zZnOfxU1b0ZAG+tmqSVfkgi7cOs5DGagSaco+2+SkCOGThahGquWMrPmVULO0Dz2w98+7uSbmFmXlJOOZjKCk/q0ou4Bi0gK6lQ8/fKleNJLJ0x8Vx0WPYZgz6109RkTYznMl2HSIZEcNp81PxQvr66Vumc8ZO+OXWbNyY064/LXFJB7sEA57r4ccHHkH5+FCKFQJzCA=,iv:Ki0MCTJ8jwogDNL71kiMY4EGrfBorxB2rpBJAid6QOQ=,tag:q/mfK3Dm0KFnK4AHjzsP7g==,type:str]
scifirpg:
users_file: ENC[AES256_GCM,data:bApVa1CJkHToft8LyO1rWSF4fEbOl+KIHUxFkiWxgzpaX9VuC3fnqGK1EVALktdIW4VkDlUgnNrRS/MY5orXzVasiYK4pzpKUxehCwcDaqB1qw==,iv:cQnMr/XGYsnDiK7ehRW/bPSKGvkxY4SAWvzrUOkuVSI=,tag:g/lmBp2ok6wkVYRkwW9A+w==,type:str]
chroniques:
users_file: ENC[AES256_GCM,data:lnNy+O0EoaohYx3Q+bpnEtpsMtsTC9efY5+eVR1M/hUuj2tdbeQRS+H4UGAZcK0FYkUdf4lZqWQPvZL6/oHg61a7gfyXlRQ4QktW9B54CBef3g==,iv:IPsmzv9HxKEZysOoez8i+EPrC9BA/j4gDNX5w+09JhA=,tag:KWiplISQv5iicIJ+w3K8eg==,type:str]
wireguard:
torrents.conf: ENC[AES256_GCM,data:xmiIpECVRdZ7yXs+3bVXc1tX/vKx5NSFxnOE0HQpmF0c97rd0ztkVtoLO1a6HWgCnxA/8TQbJo/B/Ij5fOjJ4xa16PCmhHY1Ba4/qjTykwmtvHctFRMTrAxQqx9MGqf/TadiorvYvUVomvas82W2+fPQb+wmxYsoM/Tq/dXy6Os933znEHtcfBe+qCXYijGqX9ob5GbXL0DvxGnJaQIxji00XiDXXhfVBCI5jHWCI/S8XD3PmS0RwZ6cik9tqeuB3PuOxVj5ofXEM9T+YrIXsj7dCtNiY5bifADScPYKw/VmDW4tT8NOuYFTQYkwY3O5psUSZUbMAdJYyygFhDoW8j1tifxdh4VLHmsw8MrYzNOFiZxv9VR/XVDSbxA/yFaIn+JqKw==,iv:mpUekPnpCIr/NcE+kOW4li3itFki/lVVtf/hkBKtM5E=,tag:rAyp3kzzvCX3YRWkrDODHw==,type:str]
openvpn:
credentials: ENC[AES256_GCM,data:AZRmAhGhqsCs650ExArM0nVX,iv:Y6vTMjIC5s4gIwDWgYfEOUPGScPpj4jhk4XYeyRjpUw=,tag:vkob+Q+Mv6O2GCFvY+adRw==,type:str]
ca.crt: ENC[AES256_GCM,data:2F9u9O6+X3uKLFuA17q8bJ4D1wT9O8xQZjwT4VS5qc4vc6Fe2ocmOjP6psyylxlrU1ckhdjqIw8glbpEGyKbZTPBLF3xeCvP0aniP/BLZnfAUnksLgKeO9IqpysFGeFBxbW5z67QNReaK2vrYFsrIwYvyZQekFqhBSot9qC7WGw7BNcCqnlsho+sRC5SvJ7PLVfOd78qQF57UkZ38pNqj+lGYPTc9D03zxotM/0qgRTyrVbpjVOuygMBm6eQx6nUFIIZ5W5gApXO4lpY1rCpPVj7TN9E6aJ8ezcuz+wI/A4JN7KDrv1GgOGAZhSLodTMc7rw0RZ0IfqWIyb2Yffl0EHftxckgUuRSNrrUpsbwsvIjRJg1gSif0E4WNdGqTLbVv7UE/M7+K92BBqo83RhN0LxD9s81BgdWr8I5HsNZ08w1YF7vo7JBssKSgSINm+xPlf0Q3HXZUb7VREYI02UKPMLPUkJcxXipb2tfV5RlZzEjl2CplF43K8w2ES3wCD7xk3l5h5EAovsHY2nroCo50Q2igaNIYDqn9IU7KeqklzNZboFd/9bDn4MwgP27dFffJuOtD2dv3Xc5yBc/exRmII0N2lM/v5vgl1goSre7GPrH6oaOxve86b14PwYnf8zvYOD1hUALZPoLRP+cC7WRiHuihaTLKvQq/FoRyqDTF5XvatldZrRSkOqa4iQbM4RA/uSEXxrBWURqhgrWJ3VL/avHrKOA00zDVHe07U2iq84B5ywblSMae6Cfew1bx7Zi9b4x+B41jc1X0YxHBmtNp6OMRw8LKnW1juzZXw9UhVt2rvZdw2IFEoMrultUkdqVMMyjw7cOHJS3BQzQucxUSTtUMGFRNLtUNmHthQRDRoEYV7A9aIYUawE7rfR+5S6kOiMsjn2VdBsGjyOs5tUplJXQl8ABJhMaFR6wZNbetbvZHWgg7CuW6x+VqvFFts2Vn+V8u5F8LCsLfhpyRXYuof9hBKuIIOh+EHdSiLgmuO8n5mixZBCx7wvfg1h4DUE/n7wk9tIzbcEaQE2i7amd07zDiadHpP2zZttz5dd279Ww/kYs2GP1xsY9rQ6KWyOM6qieQEdBxcWsv+kb+c79YWjtGqbchVo/OMHXaKgD7XPkXOQ6mQGQ83kAJZkXzooJarweN+GJIKX6UKvocCJ1ebQRvLoh1QwFaFRkp9gW5esNjTpP628eErbRpBCTsW0eGQLgB7qeodNaBw6bAV0cEh3jxkfa2tMiHQPQmTSFBCohnlp7PDX+/c1JrMSHPDoBeIeARB7jDWxOtEhZfqt9HO0MgBF0W7ka9uBdMqTj81ZF3yu6J3qbsxRqaOp01Uq8c13zP4E809jgpc/S9BbgA7jnz+EEc4RuCcmV9A9ZbdTf6thMq+ag2ujimxPAHwiA/PU2OkLu6T21pnlVRo6NobdZcRm7MADZxiR6FuplWEyXk6hwkogefEVXGDq622Ez/Oqg7ZojFBKr1BFvC4AjXQUFPDihobzpvCh+bGNUYKFUfm1iKXrZ19onvhV5dpXqX0GRFOVxZxhIMcvNpY9x7zBKq79X7x+FZt01epG1gHSspEYJF0uaVLqrdjkw6juKLkuCw==,iv:Pt11SZn1shfmZwSD2D0jg+5KUSMWO69eiomN8EHlbT8=,tag:hIzS7aIbN+7QHmi020ZAWA==,type:str]
server.crt: ENC[AES256_GCM,data:WF6g3nroT1rcEAZYahzsVOcwaBFXgG/BQzlMRDhstdSrMnwZsRLgRTYn/JdBiVc1piakYFdBkGY8sA96+EFZus6jjaiCjoD4yNtDJ5DlZk9hOQw6i0nKi++Xb+AMoCVe2x74bYLi6Pidqm3zaSaApC0NoyfZPY0HVfldryL5URh4NYutkRMTBbL/WThGV/7UemaQKvWRuEzWRJt+m0K7bBgFxR2fX8TXYpM0ids5kX4sQk62KMVvVS7tIKR+z2VjXQITa0XHPZ4iqdbdKdcgU+lxIHaDsU7/5hxtxjygqjclw97UoNhYwh3trhLjnW+sGT6JA3nPyiTb4+9Jix0NHO4qrdq/H28cpDdycTIIOm+LuA4hvt5v6O0Ky8YTkuiMHeX9x5a5up0o5rTsSURI6/uhNJtm0+fFanRTPLQ1+DO3sZ5xD4Hwd0YQ9JiWIsAbfs+3sxLuJRxH69vA5oFRpRHMccGlOGc7FxveBNtRY/o9L/QY6sVIxgLefVNMInbPT2Xz7W/VWfx0ZwmFiWtJgcDwRScoF+nu0hWJNHfqvUo7TCRhPmBQaX80tIzAQIHn0Ljn2PphvJTYDsZhTtLzZYLGyYMd70EuniDlq2AOo5hiAzZGYq2z0RXBFkBfMrv4fLDXvNdYdmKOf7IGQ75o3iql34XBoKobmEFrQyWziA6EFhnnk1ya4oQW8ApMxYSjHMvAG0xe92OziIXdqnC2Ei87ctg63pDwvHU77Uym3VsEFBnAlTxJKpW0xYdXco5UvxX0cncP6qGB/n9s7wDWkiSjjF22KkiX+qpNJcSguXtXqD0Umz7jEnoaRPhXT+OCJezooUYPlDrPXJoqaZhnQxWfA2oLKzLK3exvHZTJX3gbCxfswCbUb/mt4SRvYa7dqCXs4cxR8uEjhWtahMcICrYTx+HTF63/cmpHxVDl5qdSxO47wqn9bqkaURq0ocDaZ6frjMWSorvWACunM1UMgOYqDrFvyURh2cWOJIPuR5pWSCcrcEal/oQ8YF/hxI1JhfgKSzE7OGoVZy8P5pIZnGcQ5W5kGA6Iz7KgSKb7nl+cBYBADEmnS7ZsQq82++P5AQJyEnXIF9HAuQQjPh4SjjQ4VEeLP48D10vPojbXMlFcd0cLj4fOG5qCEBbsPBcnBw13b6QydBpLrWyZ7OCaFT1g19bIScRXJNBqRx8c7hz/J9p1X/EsG+hUwCr1griOMnv2uTdUfmAU70yVIO2CTm96Gpzn9K1RciAL37F2ld178/8Fgw1mvZJ1xvPOksLfK7SFFD0gCwn92b4VYFsOBNpQOWay7e85p3pS7vH+7JLv0hP+g0kouFIBlK5ZwQ1aKRV0ZfbUU1CsnpZFvf4xRXajnTkm2FQiC8ac7tEqKsXeVi5o45ypyWt6+BbKIQg/bABMSBY8+YgPsbpbViy6Phh4Z7WV0PiZYYTkkgjMeaRI+lJBpcXDaWwXh9RBoQgJFsCoxsRpoGbay6Hrls4ilgUcOy4Q9n5Rz0wDhPLGImaJ+QPCYCpplj4qQqLhMkQNxdeKcFPxx7eWS+4/MLq1inSP1Gf+ed3XYj3i7EcgHCSvK37SeUFlr+QCJ7jL6xF/3Im1FskfqOM0Exjw5ioEeQ==,iv:hW0+CnQBDkVPlE3ITQPJxFwqEitlYA9JCuaHefZl2ok=,tag:BQoVy7XLvLFir0kdJ38oZA==,type:str]
server.key: ENC[AES256_GCM,data:Ae5Q2rVQpKPytWGubEucHeJw68/skBXMsKxndbX2RiBd9Axj6VmYJQ8K+GnqZeG8Z03zuwxVoMEjgEIPkpzmxgEzWi+jClPmP4Cha6XHZxWS3AISsmkhIJdoemoUxtfcXMdpqOIiR8CYSAHM43MXPKArSjlyDf9r5XoojoEKYBv/sZKeH4uchC/gan5cCnF1hcNvfjHX9zo7x7U4wrOp9lDcbE9qrhuWYmIKLY1ETW/Oy0aDcm5VrKxOomB14D3Ln2+slugLT4aDU1t0KeNSm1DFNde2ZbNbUKuGxW3dWWhisW33YO49+0NmRfgey5SYgxYTdkcLDq7SizqjNWGb4hNvXis2T54Q7cH8zS3xrWzYIuf95+BBjQ71NJPgHZ9bbkNSX9/7hr4IuF80M8m4czOB7iHDGuHGAKEAgUwD1bxyGrYBnblMn7gpKNzMJY8/z4zxQGL6Lo0VRDK7OoOXB1ve/hQGV9hpJNLvTm8e1O4BgtC3o0Eej/ZMTEw/cFW3ifZWpvx2O4q8QZrSFdFb3delr1DYXQLUjxgyPLeXvIlSVDStVgK4+f/feZPMcTWu256mU9IFKSRpbEejRhi1j0fa4ZPL336wnOE0jrzL/eunqHlzN8cfFkJ9vsP/jB/fWAXzJ7ojzPPhNjzNTJhZf5TEYgi7rFph1iz6yj22sd/KNdjN+DqJYiQS2vjauGpwLTfVKnxqga9H7hK6cOMHVtFmoLYUBNoo4AilcLdynZQevsvWL6HFXRjXnfNcByAtX9hkVPc9TS1zxk5rvU/hU7Vjne4tKjcDa4F09RmL2Bf7FWQ1hm1nbS6+IiGenpF9UEyRm+Xiw+x8vC8DcZg+brcLXAi8RuzjcZaBV9f70fNF0sOIfkjcKETJiF6tXPMMN3ZkpRndglIjHAzmZ/xeWxwe0dwlzHP6I3nyGxR9BpPlDqvJO0pr/JIV2JD7sY3ppwJafakBc7Yb9n1O3rR91maO+AmC3o2YhnQDuiGworrCiBAQRC7Y6Rb6OztP5PL159DpAnkGWlhKqT4EeUmWhq9CsSEw29gsKtU+gHRzuGHNNvFjssxljaRF1lAjMhjqLRC3VsVAAba2A5qAObaDgD1mWVSlC6e4MD/ztJmi3i5lrRLcaUwrSWYRH9St3BHuw6/ov9fnyirNtwwNx0Zj+y5mnGhYT2JnQ+sTnJZUjpFMzf20Wh1h3il2ZLE6X9uy69bqrCmT7eDXJjcIN18AxdFiojQOEPQAYA5ObXqGPvakCswKs3XznglJhaUXbSsA+FDJz1j4JM+roE0h64AuoEM/CXBun29wE3HLrdBm7sqDvaXJYa2hvkywgm00AOl2PZ9nz1QSSTsLM66N/HHcLdKu9QgjuIIWcCCMvjDF0WuZ2wMM7eZpshtYIYgmpBIqncD7KhJrELfX3LSqAEwJvZ49/zUp2i8klUavBDXjJb0tC4PHrIJfdt5kNNUoiwi5FvrYerQzxQzMXECU9PLng8cav+d6Hp8tib/Vu2WPT4o/sJukCdBG2cT+6HEruCYeeaXRxIh6O49dMoWp3sVjeTuDEQU2DvxhCoHB9wGCm925tKvONWzZQ7YN2KMLO7fTG2HXSKw7letHedYcu0GCQKbxe3M/8jBwCjvW7f2lvYz2YcAWoNdrsZgtCry9hMtg2VPHWxS41bVQUfZSJqM0PwJ91+7Zw/QbGP6GXKlofcH8pd2upvCysGGCwE3VePqDmNe4CG4l3CW+3x+7exNBB8r9J++DKOjw8561WMe+sMYOSlyF95CTZa9g0pKkkEnQHhyzi4NicXO/5PPmHabr6kAZX0+nzSz2Ntv7+xDF2g24qd2oITA0S8YqKUOE+rzuK7u1P3bhRtw9b8Za0DuNkdWEP9F/IoGt8jTbypQb177qdRc9fVSA1zBgwF0FqlpUr7SwLiLLYnc8eZ3TVBrnh8KbY33MtgaPS46Qf0x5zFyG7AYGzCnmIMG5aWIKvXGi7ge6M2dhFZZffVNmp49gVJHuwITH0AG1TBkR+CW6SxKOcDwKyGyeyK8YJOibk+epKPgovYJ1t3QDB8x45cjL94olG0Rd52ajVOCgZZYPNFNKx1u7tuuWoOkNB53iEG1yi8Z+ZFrToifCWljBA46DnMoV0/R2OYmlaIJj8CChAhajyOBHJYW+s2ZiMtZzyY2aH3/1ih8J3XiYhIc1AeLnOOdohkvJwacuZ7ilkXR4R6ZXA72VQCJj9dcxsiVu/ZShO6Q+Kc5KLRuiFdrmQTPpGbm3cZFMvPQA,iv:kXdrnvOI2wi4pKxYryM9vcFqV3epKtL2/NhNzOUUrBo=,tag:pV0XCyLKTN6wsJ12Z+RsqQ==,type:str]
dh.pem: ENC[AES256_GCM,data:n7faEmrE3NvHESW8PRgnQQJj703rcyRTkE6HfbycfXwDphnTtJFpkLbkMPiHOKe7zTlCNjRXqtJPS6NY7QVvQ3rxYUxjG8CDD8kMpwHWZB9Aegm3yV5lM5qXOmfS/y+POR+YTgaG80GuM9n0nKLkCuwgUFDtXZLWbOFpsooCEdlTV9vfRLH2kJ+RfagI5lX/1/TLzL6X3zysmR0KpKtkAn26EPXiY/3sSdudZtHcRAx1r6M9kum5ESwPbJo6n3bp/Pwhu5ysGYhZH5YviW1veqlt0LyJ/KS8q8uhQBnP0KY/hQt07/jd0/nJtBzuHoffmkLNwXUuQHX0ir4Vl+njYuCkdVBPEfec1MkYJqT96B9DXzmuzF8vHFbxSjcPrDVBbHu0obSsQT3LSGKGZ3Sb7LQtw/L7G1LBmX4+Og34AacT5Ghoscfbso6J+ue9F2H6TPHO6jn6Q8bucm6A7LvMH3UwrVl7m0d8EFZFBsSuZaaH12vq45TlSMCjMfXkvGNdhATv9vUbG36OdKAo3vDG3MhFqpJ9FKga9T1tGsPKTLlK2Nh1hxUU54/OwU4=,iv:3EQ3WADja0DCWp4I1OHdSKnOs41nPH6lfMONC7XzOE8=,tag:TFeLbsMBXzOp7oN38dkEHw==,type:str]
tls-crypt.key: ENC[AES256_GCM,data:mdyOH3vhXSbm5S+BEM0KTV5gDNQxONvNMakaDERoYW/gmSeWNkC7wgBZ02UjqKMBlOSMK8F87xee05vjb68nGyH9CL/vvT5v+IXOxl5tp2bNcWhwsAT+S0IQf//dfhL+LIrUbn9x/C7a6g+eYX+detpQnhq/4B0ES0EoLPtKNkwKz9MiIFOX5EAKbF5C6iSp06XcHm3AUgVQhNQAuy98ndsOPPM8nT/u5my3UOInpqLXV8hOpqnvAxlqSH9slmqn25FIoEIbdANJ9YSGCW6YcfQItS7r/TtO4uSqBVfmdByDjE1+aTf2GsdcbUC2AaAjPWxH5ycSxzL7ryXi/eITHo8u68F/9vMsbHgmFS75Z1Ayncl1evThdGlWeUBAH2XSmZnKdLsSHqPAmvhBwKYbX1rYB5jxmcako5Rps5nDZHQNnUR5xDtRhshKbh2bJYi6I6knttuFVHm2dJ07qUpmRhs0TcPeQ/fxwtH2EcoWFxhHYPb3764dwBITmV4RxQkh5yXzbSWkSVn3YbW30PfHFz11XXOqsn3rx002O/XwKE2QnfGlhNINfrzRQq1BKa08rxi5ptX+5DFsP1i8ylNmuEqE5T26y4AubtpgvpSu4kWEuCqrI17XC1ub3c1EPfZkPi4dHE6z2oJyPSNMVcLYpEay9oaMOKYuVlzdiR5/tRuBM/b7XcFZBr4l28YG04e5NRSo80aEgd99ktv+bexwWMHroE6/AxkawjLm6C0OzDwSP9tPwbvqCSX5x3/atE9A2T9EBY5AWg/43chQ5JFPPaUwGLpeYk4E5yc=,iv:w0cPb/BqAU/vddwIC5+dui2YE5uLM38UiehnpQr4AQQ=,tag:5pt39V9JdvYUitqpjjtuIw==,type:str]
borg:
passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str]
client_keys:
@ -72,68 +79,88 @@ sshfs_keys:
public: ENC[AES256_GCM,data:/68JE+/xr4WhUNghjenqkqnB+keotQs+IVa4anFbe78AGrtWXWVndGN+GTDxh6oiETmndV2S83SnlCU6xnOTJwdctDISNlulPj8SH7gZ22vhOa01AbD9r635HFVc0sqJO4xhnQrymuMj/0yvnFb9i9+4iTqQpaY4sDfM0dDQ5Hj29FP6tRVSKE0+e9JS/e9BHnJdSHoL+IPD2YxQYDWKwWayeQwAPVfi0X0AjuZvhLq65HUP7EeqfExAJfMfGk8AB3tHEFR52aq/c9u2TfTxMAqPKMyWEjrcsTu3oQObOuj+nZEQOZuoJoyxpQlLqe3BkMXEGvL+jeehyMWA171RapstWkXEoFd6p043OlVOXw1w+Awz9VmI9Du7l3AWJUABhCCwyMPR/jwK3vRnNrxPxyS2ophFuboTuVCr9AXkTaEiGH7dALtIPHoP3xQD89yYkqL3BABMi7ymUEERecsfwgP66sk+7VXQri/1LosI+g3NsAtJP4kIyjXP9ZqJTv0VsGOxOGgbtVbrBsw7UWYPuuknGNTStmF54VBf77BEg6wVqOEM1WM9JhoZsbDvBvGIqV2PbSR4UBJg04sHtcRQoCp4h8B6b6djVoI5YZ5N7SLNAy8e6t08r6/7iwygrafMGLxXPaSw6bcBksXeT7BNRRsKFvSbiNPKax0yOpIJiJMgoM7Wo8wOgekBaG+s8+7DkI5MlXiyX/6XWUtBhJqBGUEUJTGufiIspD4RjKPsJeFTMXAUVOjzjZqg4jpv4pbhDtBgbF58zdoMpcqbWuvxfaur7gHOnCPpWMJN2VeWxLdk0Nr66yRvVzqCIVA2iFuZj0Mulmqmj0i0Vh/CHzesXZODi10wauewxv19Iie7Bjo0v3ahxjTSfvG3T8emZ7Us+Q06W8gLZ0IvHHXy0yKvsg9VgFTX51RaW1KHHBO4DehOvwLcJRcuADfHlZDhrwtUbQdA6cWAnZoezQy2np/Dp7hMC34m,iv:kUKBtPeLWola7isgEo+QDq1RZkbR26G0AoBzy7iubiE=,tag:/kUG0/G7U83dp8p9AgyJXg==,type:str]
private: ENC[AES256_GCM,data:NVKHVh5Ap1of3j3xAXbscIX3Psa6EolJ/wuhZu0ZkvcgLLS+Oi9NFqqiBdMQw6DrL5Os+GeA2rVSlCh5/mfntUMH5FTqnRRMeiQ0aaXPS93fxlD5jsrJH7BfTLkH7aijANiAf+Hy3pdfVELD5iiKYEGimRAU3UR3Yf0t/D9TbikO+alyZ6SpaDJMSpccYLD9riEqAUsWsWOc8Gd7K2vB7h0D5uePyFFcVw3pvYweRs5S4KlOisdz9eG6CNVaG/YjL6dlvILVxWwAx34AqY3Ul7FkpZ0tennba8Yz/i/fMp3mxZX7FcDmga2DekvybU4ff30SPv9xEtnFenI/ElKIH/duSjo3wBf8xJ0+EKHXulwhmR9lpvYCfjXYvjtJDhoof2Yw9Tc+dCUcTSdTex92NJBAXLEfL2BTRqszFwhJB3RQ5xNItLilSdmuDElPvhMpNfX1c1RsqjMmlxd4MJYDIo6TiBAQ1eEP5CQG8nWfZesmGCefSBmRlAAy+rWHT2gpGtVCUUwhcBlCHs9X5MmsBHDKrcmQIrMfoQHJ7etVRjhW3+s+np7ldjnTadVqo/or53wpHWg/SCMCaAdMKxPU+APEueaIPxKP3ce3WmMaH7qrgHUFo8EOx0FYaoqxuN2JAW/Ap00JOfN3fvwvjHZwvg47SO/F4hboRqsWaryHIFhlaCcBnMs0/hszbc/w9nkhJdirqCYss8URUvtoKYa1G6quCswd+BC+5aQyQP4SU+VMhw0ESWbZXzOzqypFvr+DH1BvOX3/aGZfN2aCJTbHqaoLaqwP0b5UTEdt/uW8vH9iApnQqsOiZhdB+RCLMkKNaFRR36k1bbI+RQibLOq9QL+bwoSQ9eA0bPpPBLPrL8I0zPBv506f72mqiH690gC/wtdRn6ujXV298nvMRQc1HbjCIexyALS9v/mvhUalxUmYlkf3eLribleQmbDtf5Ehg2oCcx93Zya+mSB9zgR2WRNq7AXO6tm2UO+3jr5xG6E6+J7lhUh0kmJBY7ScFU+LgogtwyJml4xAbNxCcmx+1WKUFCctlvOBZiVo8QB5vTMG6WYcOZZ8of3EeldiodCD14vQ+dNhmagiiQmFk0xBG2LjwTJvDkq3dRET7VZfRUnhrGdibLGykT9HvflVX+0kvBsYLvwKUvuy/HM2dvr+aNvhUm7H03tHygZK3cv0bq/v93jqo/5tvjNxDW4Fr0qHvRMsbwFXURmzuw5SMTx6dtPBKoE65oR0Ueo1yh+r2rKzFMKjfVFSq9HReD2V9iqUoTWduTMzsX0pCSiUvIPMNArt5szJtC3uzZRLOedz0bKR9lTfOG96M9iFpy9sLH0CNekvGy7az2sD++PVqzpsPVUlmp11+AQPFF/F9wPsjuoQiEOh3gIEuUsqyyuBqaFUmEBhWnOoNb8RGOIDF/TXzWvvrRaDw3E5RJ6ATS8SppPK2vYlzaS1Oj9+KX2JWCvuYgOv4NJkQ8R4fnKPKTmuU4D/BEaTfkbPvsYjocgfU6ENxtFHsCqc0Am/5NZOjwZVhcoIiEBbih3g8N2+Kqv8+1/HbaB4NGLwh4GLahYIzqRyWT8IoF5Qml160h2vKZCH7BK01bCSbXppWxs7Jbs0cOnb0cLsuMrHNnYlgGTQUA6A/zUq9pEipjT0Sheu6MQrbEzGCosvKHikJ6UoDN8SGgnVZ+w6l/TairatvG9guEyfM7uG6oF2ohLSEtqmzlyS6VsiiU3FIup4awh1g2fq//DKrttUX3dOHx2ByVR1xESBbQZaK5zdYlVxuBqZjWLBLi/c6eUkJobjrbcx8kvdCc4Yeh/tO5k+Ym+gdgO/V68M4cg5j8qlC8J/YsGtMgSlmE9FbScGT8VCfCfaZAC1gONls5asEMZHF5/HH2Q6nNwMtlvfIJ4RHwj/EyoE/gC9kr7Mv1OIMl14aBx1OFzGGUtlssdyQOhGfBJIthQIwq+kRqRDSSyvLGxlvidsUnmrs6XmJQiaIxflj1aCbhmN3QgsT6klXtnn+959x8TX+TvLW7DfS6PKJyeg5DQKuV1A2hnBdyDAAHJuur/k3YbJxvp0nMWQfGGo+nCvAfSpN6hvyUYbriD/pduk9qTcICZJFI3IDDQksF82HanaMWtQnoIUb+TKiDHi6tYr0r6JCtv9x/LLKFjJ0Cq/cjMOxv5a69XNRvbQq7mhwv9bLF2XS7g6CNFLYFxVymJx/OIEXtqmq0AV/C0CRXdW4BYctJCRU71W61VDc16Bb7lfG0deuU3ufdfDaT8MQE0R2/97nAF4sdurpqLLAeP5T/AzDTHk1dgL/cDuKrQ7RSX1SpPgKZPMzSQ/+LjRI0sqHff6nQpdothYLgC2IQZAwDWrI91Xg8OeqJcDQTDVUolMk/+qiGRmMT96dl03hUqyrPpWIdipYqAXKw58djQ2wvcVz0h6ksv03W33ZpwQEqsHBYlA1nCxoCxTR5VlO3uhRNXLPVOrP2BmnnfeknlNevTwRQWA1pQuvgB2JWdYbtnJvdLK+dSvemZhAqOqQSCM6zyh4tUaw5R/oHlBgTosaj28oEQQqQ737PsAcyhpjZUYJ4TWyOg8ng5DH2Js40jomml8VsWIS8V9Cw3vmwn4FUeeKCw8DqzH+LIX6omtzgAQHUVSuOah46u6Cuuw8+adoVy81vXW45uEIj9YpKjrmu5bplWJQrGJMuZAmHOm/F6BQphMVtOhncmpzhghtKjpJhMUlVGvk5WVQmX4YiihBg9el32bTqGEPrpuGZyfrYj6+gB73dP3Ey8JpHIxlp0QVpYUvGbxsgxYKCuETweJfh/q+hby90E7FaHkDkFPBKrWYHD+A4p/AVgmKiIt4rP3pb05EkMUv0ujz8Oro0BmidEKJS5N2diIr5tB6ao3y//FZ7beuLGp03P1Ann4YDxrRp+/75g/xY9zc1WTWe0ugA1Ine4kAH+1wE//NzLTIrrI0J0TJFzpta76jf/S7sWDYyXnUHl1OSBVVUeVpgQGJeaGMLPZrkUD3fNnAf4mntEy0WTLQcCuSPDIRLftMzTb+rATGGK9edwAbF/L4JwMt+n5v0nfcNLnJUwkSvFYTL0gHf3kDxisIblx/gdFT6BotJFz0uQNOoBUMdpXMtC5XcmbmqznKMSlBBkRrrftjqkWslUgYWfu1OB+Uo17yI3yPZpD/PVsK8Q/uKx2VW3sTA5+CilLc5+TVucYWu/hfArgqgNtI4Qo16Cyv+2gnQE13qHGfC2IAnrynnPcVqpG8KUaF3F8DkC9aAoOP0C+c1s6vk6e2iFU2bB5eUKsCmgu1jToVZEacXG4v/hjfx+XunMAELPp6CRV9MDp+7MoGPIIRHcDzlqL8uOKe84CM29qsGBShZXEc03ZyAf/45fVcppO0hZJbmQIHS7AOy56yW/TziH2IlGe+iAr76Z3/EZjxHDpBhcp3flg448Pg7Cwssq8Pd5UYQ276wgGeO05ZbdAPPdhvsEFuU8SXcVXakBO14qKBKu8GlFFqk4n9z69hMCsTw63MD+KDTQEMuJ6DAvW7RUKBKKrU+xWUvE+n+GAg8A+Ff01ttjf1xJNhNKiSrAxZAHnnzBHIR7Cj6aHmpZvgQSYdTfpX/nhZ5jMc8Jfkg5oA34APxmZBxHK5/E4wJecYMWlfcuLfNn7FyVCN7JRM0iNUS4trCdSX4OhbNIAfzXEbwuGNdBRiGqha5xYV4Z28KxzyqFtXupOHYiZNtZyYGL6f1m4ZTNbGweEk0632hpaJwc4I1AYaWHZ3o02/qzczr2hjfVGKVODp0r6gX64LfuoT/m4/123qj1maJ74zVaP/LnEZJXks3LWu5TlIIt3Cq80/73am9fsaoWNFnVVERfmG/vrBfVO40fJT89Bh5QKPAHCC4nbie/WDGshImVKFHoMT0KH5NFZdIdHSWGcvnc41dMNuwowd6Z/Aie3G2PDPrOr2n/Dv7DxYfB8HgP87l5mirhxlNS1mQOH4DkKkUFkBFNa2+0vIBJmdrf+0SBxev6yZgZbO6GKDR/Fkd99p5qaGd5bRjFg/7A3ZUFiYYnX40AoRR6bhkEyECEtW3B+jd7GOnF0jZFC9wUt3mgpi+v/EiLMoi887nQ/a2SotRd7+y3VKA7hUMAsbM4VfkzPz+LVhhrSU/LF3XkEMlWSpO2fBja8t3xZVtdVaZiFkVxfcla+TBcKr3Po0b7fmzbqVdLvgz/9Zle1s042m+5wKMotHyUMuG/N+78/CGpvqwdad3Cpz8g8C/fX7OVjoVTmhKYOr98Zms0Dr4xOD+Hnb7dNRfojGyuJ3x9UPOzu5zGxkv365iskiBJliALT,iv:BO+OifdPxtMUb83G9By19/O6DtF4D2jT1tmPjXdsNvA=,tag:DVj+JfIeBs3VFwhgZqzTeA==,type:str]
sops:
lastmodified: "2025-12-26T12:09:51Z"
mac: ENC[AES256_GCM,data:Gvoax7ZMLV+TPiHM/CbUphR8x6p9C75Tr9RJW3CMTugEWRlQGuuDS0Q8BWIAOJ/eFEU9a+xC03QjuVb2AykntkOrf2KQYGSMiqkP944CKTn4CrD9c34+koZ9QFmJb5ICVtwGN/ZQevgffSXW/2h8U7gjCj4V/XO47CO0sTPvHYw=,iv:ddH0If9PtDlUJWqK7aV4UyiUxXfxKSWTcT7HypCjYlk=,tag:aJbSurfZIHKiX3FTfozneg==,type:str]
lastmodified: "2026-03-12T22:05:00Z"
mac: ENC[AES256_GCM,data:senWpTbLAPfc8QqH3YDG/lPqFf8bMmA+0Fi1j6ihT6P7cdkSKN+QeBSiV1eYeFynW5nfVOGDXx0dDmFiD3oPW0UTPZ1YUt5dGTVqPmtegJKa4Mv6Yh6Y+Q9NZo2mLLs1/etOTqDo8jbv/B7oC2tNdb6mjahY9ifTgxjP49Hnlmo=,iv:WdbvEnUrIHMBi4A/Bq6aq/dTJFg7Mbhv78fcSfOkyYM=,tag:+3rZT7N4kFbyDMxO0qzQ5g==,type:str]
pgp:
- created_at: "2025-01-17T21:38:02Z"
- created_at: "2026-02-27T16:44:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy9TuQ4zAbDHARAAqOla+gYyHsbLreus848fUZ4Qy1MEFaS4MH9CQYA3ysMh
Mb+DmxMlh3waHni/0pqAjNULLZzSOg/TUCHWKcrxC+ublxm9oC5z8K/MSvJJFHNu
hA4qQfN3Cl1w7XXZZmfp2+SaTQPKxED1InPt4Nn0Ay73nmo0ze4RM7LBvM17gqYH
GnYLVbj12BB1TlkLwTG0OAttIVKcOHYxpACoYmztT5vtgqH4isDe1ukYNpxTBs1c
g7BKxEOkPmOYBBUvBspDCkpD7aKuWCM6yA4cRBuR+NxJhIF46fTgfq1PydhR7YLA
6etcZfA6ZDcJsuSeZyuUUuqikjvJRWW3ERP1+vkvD/w4muFk3gwfHv4DfmiY/k/k
RXLV0VMuZZpd8iekuJHFqc8lszC6jnos2AZ/g8KfwA4WZhZnNau4F6u8jk1KcUHt
eQ0A96qbNS5cWhRgFuvL3YzJpG9R5WcKquUEe0dRqqAsX+uMfgKzk6VcESD/bSqs
EygLVmnsoh3DaJqtLldcELkGCzty1+sMXiyDSpR1OaYvJcVIK9BjEjXbYu4k9StJ
O7JDaV4BTHw6IwDdQN2hhlFTLEWGtJN8F3Ovhscdwo8GiLSTRF4NZ7hJaUKPBGJA
dm+yUjej7cjoyD6QhzYj77SQ1c8EtKSnt0VTWJtaDg1jN6bvNj8nCYZnJ4Xl4D7S
XgGVf5/2UofoyOw9JtVkk99wUHN9nFJgxwDMWGDm+3qWqY4wp6Ak39Wo6M/JfzWO
yFH+d6kqkMf605/+uq150QpeolqbVV2c0jZcIFA+etYix9iyvZdxHA8RTVy0Bgc=
=jZST
hQIMAy9TuQ4zAbDHAQ//Qb0DRkQVFdX1U6qkD5DrgRrARk1WCH8K5KaVNFWPleqT
VrcEHO2x5exclSmhJ1YKlUsQezs/55FDgCoN+mykjfzLUDhhVvHbvd87p97t9dkh
/taXAT4nsKleUMtSorVDyRGSaJQFKu7aDSi7iD2CYRbGCSqWbnAc/gr5FcHkFnzj
U6pPcPWVZYJfAL57kBdEawMdCmp9ins1cfpCZoZS1SH2FcCMbSojkZSkbRBW0xwW
SVLT1nGwEuQZk109XAsEpkc72rlLpvoQKgBWh33eqvJRCqrNImzyPeKwYJftAee6
5JcCUVGPtvcmxHgU41a4vn6ff5CeeUhgMVcjInm0pQrUWWFFpi0VGlr5smxw7NtZ
puba3n1gRD9v1uNY7Mru0ZLKqe1W/cjTNXGuvsk/Xy057Y/CEZj5+EHvBQJQ/tzF
R7cBCBL689aZz0CTqk580icftPqYCKJ/CHPEcb8cjHQ8/Z18p+JDhKfFxMIRNXFV
2xwcodPM4VhQ392ySBvNYOKrN+lvdTxOJLSbt+yio7cIslvVmIZoYhgn+a8SxAQk
boG7F+sZ/RM43u4OmmJsI+rL42+px5LLByP+OXYW2pBFgT1VcEAthzP6T5G3aHdy
ZIc3+TA1ioec97kARLtO3j1BasktT3Fx54wFMu6X45x2TOGLrPMWGSFcARG2RDfS
XgFZcD7OM728Xo1aGOFX7KSGnw+MmFNmaNYFvUGWtJjxY/bQKwenFt+YSMysXFU1
ZICJ72lkBTwLzzKfv9E6VGa9+8TJJlkeHZhmPHNdQTlQvtyo7zmkxBo1Z+y0ayY=
=s253
-----END PGP MESSAGE-----
fp: 3AC6F170F01133CE393BCD94BE948AFD7E7873BE
- created_at: "2025-01-17T21:38:02Z"
- created_at: "2026-02-27T16:44:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA5qa+llcB15aAQ//Qxav8CPF8zNzSIYd1Nut5wVTYHy4cZBoXdPxFQ3O+okJ
QNR1w/xbPtNuFRukPuHzBuFjS7bXe97WEIgFf7eyyifXy1xO/J/WYSXvzP9R/Lwk
nYowM8UCffLCHMsiSL/lZIPkU1rXYQQBMUOENSkU2tMJhI6SWoAOObGv/MDyX0Cn
AOlomUerPPIFJ5FoRMOe1fYs2vLn5soOsFlgeeJYzp93q+USPpYlB6nYVP22TsD6
bnB7v1wR3zgP/iDDv9PfF9qXUyWJcsVZ3v/Ze8V4t8d3X9DKhl3IV5W1oIjbsaq8
IKqpgX9qmO+p+zLeUCx11Mj1I5tfL70xYB6/F+pZUY6GOl9A64iuNMJ7mfTgNaeU
LwUgblZpovhCi1ExuItAOKRrNwJEg5zEPGf9BmRJ89ZOztxlkqevVzpTi4TRYPn4
FGXNLHGevcJjPBPwiWQADVavz/6Kw8kUzwiWQtdfYSJbPI0mb9KPJ0btVGp0hSL4
4T/Fw70LHoluA6yjqPlZQESRuoCquYlJSZiZ20E3ktqIwzm48INu32JuqXF+msfP
kV+saikKZZoKIxeUB4ZAg120nhgR3riZBRw1iBJYqYGzn8woCtPxeFKh483Rowqi
yFOKCSy+DC8EPq5+MbBuksnKAynKxs69JnU+MCvqUkZjN/bheNN3ONXOV7aP1X/S
XgEKD4RJS2qIMZvogw7po6ZokC9b6/hFfIuPA3twbu/Ll5sJLySQigNgUp/MnEMi
j+yO03/SVtimS2lkR1CB1+YIiI4IDGyw6FHlU+IFx70OmR+uftboSA+l3tp18aQ=
=kpwG
hQIMA5qa+llcB15aAQ//WC6hKdcyWxHa6Y0dhjAadUb77DbzPRi7VYGCoZ33PibN
crg/dgst0VQJOzf0VSpFwrqs7epj3OY1fz+ZegxB6GImkzwdgc5bifdaETR1i5E2
FYRulz6BNh3iLvNiHK4T3oGNb0a85Lr41XUpjousEQSZkL/Hq1h2tWYB+IoqCn3r
KZqtfJI5Vyv1Ls1WNrFtLzvGgtZAoXSpuxuGtgTuftLR/m5pTrkkmmNpqkfsTYrT
QeWwsAnp9Dg0caliRH2kz92tyH0NOq7Y0K7tMLb15ns+29GR17KPpGDz0I5sSJZn
PEcjoSuEzr3XLcR+g/QaqNoOffyJ1tTOquozgHOs4Ks52ilE9aSY+oNvWD3qk4zc
v29J1drH+07igVFfr7wrmDKDkCTfotIawejq99WR5/roSaBupCtkXZh/WfG1XLdq
M9SxID2vt0FRPka58zFJMRpgFZe1TihHYCNBt0nPh/U3TzrT0X5fG+23S9kITYt/
lXowiNusXVJ4ppQ2c2rtq2JezJ5wp6xhp41bYNCvbRK6R50WwYxG/LdyqzfjDzLO
+buTtYA7X8d1hDlW4FekDIzZpoXztfwZ2qisHfkCbhWkRBp0mOL1iVOy3JRwPSqO
Zg+yKkX8ajVHFNE+TnyjufF1eXizJqPLWcvMT5TE2Jq02ywXhqDcYmvgnGi3olTS
XgEmLcqoM3AFnJYM2wWUw2y+PwjC2hobC8rZbpgzpk92kdW8Oh8fhwnlUAcY51Zt
/UTHzAbN5JzqUhaC5ABTXMnUJd1kkG8SND0lVOecFQSyF4b5QEBSm93zXH31sgA=
=IgdZ
-----END PGP MESSAGE-----
fp: 0C143D8AFF5FBCD2293897658E66EDB0546158DF
- created_at: "2025-01-17T21:38:02Z"
- created_at: "2026-02-27T16:44:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7kGE6KvUCZzAQ//WWbM1yyL0ldJMvpHtMEnsuUMOjbT63pxoThuep1UclRD
7M8B0Hvi6GU4HzayXfkpW1fUalpJSwsP9Aeewq0pz16nnoHGukQjO3CHXQ2gtvip
JwinImuSfAnQCGGUvaly1JRny9ytZJE7o6DCMmQFQDCjgrgA2ZaUjAKcMnGuPSZs
IwnThW4NMjooZhhCBvnWLq9A5cGuhhMVQ4tzlQEUxZZJV1ySiAGu9QkhdMeyHUQS
88LYdKpujVlmXYAtkqbwZ1YXcC/DQZnLnt3bVf6i/SzWuvbezAM8BTXn9PJTK58i
nw720g7XdEDmH/1Uy6vxQEqsh/lJQFFpuNhnELRQrf0Co9CDUFODQHNz3ZhD1Oad
irakoPR1iEdaDPlVlB079GEteoxKdewJZFPEjRgB2U8+dhOED/ZDbU+0ECRtXQ7F
Ctd5nq7AQTOWMj9BXvm3wTE35nhpL9ov/NX1My20o9JULoixsYpYSGP1QZhOK2Dc
O1wRgsU/R9p6bEDW/eGJ8FlavPkoy7lLaZC/GFtFUa72Da5jAvDIB1sAn5ArhOrx
lj1m4g+HhMitrMV7TSJ97kqM8o5REdEbs+BhwIdcYdmScf9qotYthBkJLz+SIyGj
FDd8KLcMxoFVM/GQSzoAdqfeoycQpbF6Tmv4NrKzj1ID8EzCZCIaufcT85L2ohrS
WAGwruMsuu6FNgdvrZXyOu20cba1055Vb96Q9ESrjNdDE542b+MeNcdc9Xk8N0HE
oxmj0k50D2Fm77HvwKOwwGdRQcbFFynbB6mJ7LYOkjgYJN4Z/9zgtEQ=
=p5J/
hQIMA7kGE6KvUCZzAQ//VtWatqX53BTQxImBo3HRWNhTVx9zW1DNi0GvUYIDUoyb
4x5XG5eGbP6x7z2hdvV1Gd8rzBcAL81O8k917Ax1u2+YGVfwTo83OPFrjoLU8qud
XyMu7vW2qjBlgWmDjNyWYUjFiJx32m16sFeS5cf0w3ozGUgn8frVkYiAWDRWvpHE
SpUuJqxLLPwgwIIT1d8QncHWe7uPLzxiusI0eAeFqkd4BiI5R4qDSldj/PNQYHYi
yzoMmkhAZaIYjYsDkUGJAFXjLx9WKnD14s5PeqX/VNYLFRjgAyht5HdKVq24lL64
DAwlZoraObiSocr3La2NOAwQHpRCggH3eMWyRPCghnTWO3Axlin85OFxhLzurWQj
8DPFP3Mynv45Fz5SzIb7aHm0pFbjrCiRnEGyVtDbTzdvB7IzffBUxHqKng5Hi9y5
7tJjLEM9nS4bXbD1dlU51voARKRM2uLph3ALvZhwpe1XLYqBW4VEzJsPhcaDf54I
3kfCrnewTf7yaH/isv/njut2XaSYw9nCxkjAyNR3A2J7Vge5BNequP0dVJZWPIKU
/jBVh6K1Hxk/KM9lXbdz2sdy37YDm2KDk9k74Fzpt+NaE8FNZW0/XETgGAwksiK1
yxu8x+79qmUX0RhmYwFeri47/uydAPUWF4XqQmw4g2G0FwHSCEqOECHkSKTa8ODS
WAGTLhr//YXMNi+JvBDFcKSW/N1uOETNxnL+rEmJ2AHJkAF8EHUugouhPprFYYDd
0fFWHMhSkW4TCq2YoHBc8LN9Kpf9As019euYrROgNgQ0kx80qzsPs28=
=g3EJ
-----END PGP MESSAGE-----
fp: 0f0c4c2f9877cb8a53efadacb90613a2af502673
- created_at: "2026-02-27T16:44:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAymX2D7hlI1UARAAslfFnR3hd4wjyEdkqNG33yccH/Sj1LLmkHOumOF9zXDt
q3BI7LwFhTjjAWV59UO8neV/449P/5B9XR9gEd7USCM80rnSv5T0wcKPUfclq3DI
EN348d95fWvOOBos7UnPlCABMCvc4+8oWYlLIVUWFxH+pakSG3zr2EpyvqBzbZqx
n+FilMsxf5Gd5bvqwQAhDjPy/Pjr61y2ksDZpkvbetcve/QRRGL0smjl2dS1k1Rf
N79LgPFxtkfo4CURjUk6hkMfb5ZoeHQFfos1B48pmxKaBmeX2f4Wt4UktzA/o8MY
PubLeFJQdyYF3WKGYssvgFI/3IdiotQ4R5EKJu71ww0eSMZ/jt2a9cstdSFz7OWp
AoIlRM9MnfyafWlztzIByyJwedLSGyd/o8ZrRX7xYFYWgobabC1bagECL3/tU9WE
vzWIG9c7jKDEm7M0ijESuYCsSdKhCaQbn7pu4kzPcoFIlrwLx4ONO0o+OBTyDxxL
P/UWOb9yM0YaGuhgQwJq64e6QBd3af1FmhR6Jwfz2fYq9QE+OFYPFx7DVz4QPRKI
Wi6sG01Q8gMGU12DfFdBoTSBAGREI4RCw4qs9lRMPEuTb8S6vZXc2rlg3BStnJWA
FYijdFlxqPpMJ2I368r6MfFgxCnBzxwVRp0ON5QtOX/NanHJKUCgHj+EybFDBNHS
WAGOEBJ1ZPAyAc55PVEb+QlhO9+J/zFGD+bZTQB3SZwHZUgx1DdwT8o3lOjLDeng
eGP4rPdhA/ZwC6SB4n2HzdYBMc6aRcMpm6++p1PrMHYaK4S65sQenOI=
=mBZV
-----END PGP MESSAGE-----
fp: 515a19ef3f9b98442331d89b2997d83ee1948d54
unencrypted_suffix: _unencrypted
version: 3.11.0

9
terraform/config.tf
View file

@ -8,6 +8,14 @@ terraform {
username = "phfroidmont"
}
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
version = "~> 1.49"
}
null = {
source = "hashicorp/null"
version = "~> 3.2"
}
hetznerdns = {
source = "timohirt/hetznerdns"
version = ">= 2.2.0"
@ -28,4 +36,3 @@ data "sops_file" "secrets" {
provider "hetznerdns" {
apitoken = data.sops_file.secrets.data["hcloud.dns_token"]
}

8
terraform/dns.tf
View file

@ -382,6 +382,14 @@ resource "hetznerdns_record" "froidmont_a" {
ttl = 600
}
resource "hetznerdns_record" "rl_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "rl"
value = hcloud_server.relay1.ipv4_address
type = "A"
ttl = 600
}
resource "hetznerdns_record" "website_marie_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "osteopathie"

44
terraform/hcloud.tf Normal file
View file

@ -0,0 +1,44 @@
provider "hcloud" {}
resource "hcloud_ssh_key" "phfroidmont_stellaris" {
name = "phfroidmont-stellaris"
public_key = file("${path.module}/../ssh_keys/phfroidmont-stellaris.pub")
}
resource "hcloud_ssh_key" "froidmpa_desktop" {
name = "froidmpa-desktop"
public_key = file("${path.module}/../ssh_keys/froidmpa-desktop.pub")
}
resource "hcloud_ssh_key" "elios_desktop" {
name = "elios-desktop"
public_key = file("${path.module}/../ssh_keys/elios-desktop.pub")
}
resource "hcloud_server" "relay1" {
name = "relay1"
server_type = "cx23"
image = "ubuntu-24.04"
location = "nbg1"
public_net {
ipv4_enabled = true
ipv6_enabled = false
}
ssh_keys = [
hcloud_ssh_key.phfroidmont_stellaris.id,
hcloud_ssh_key.froidmpa_desktop.id,
hcloud_ssh_key.elios_desktop.id,
]
}
module "nixos_anywhere_install" {
source = "github.com/nix-community/nixos-anywhere//terraform/install"
target_host = hcloud_server.relay1.ipv4_address
instance_id = hcloud_server.relay1.id
flake = "${path.module}/..#relay1"
depends_on = [hcloud_server.relay1]
}