From b4ffe6215b6ea0e96c618fa87e0e923290b1c0dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 10:55:34 +0200 Subject: [PATCH 01/10] First try at docker VM --- secrets.nix | 3 + secrets/docker-lapi-key.age | 14 +++ services/docker/default.nix | 208 ++++++++++++++++++++++++++++++++++ services/jellyfin/default.nix | 7 ++ 4 files changed, 232 insertions(+) create mode 100644 secrets/docker-lapi-key.age create mode 100644 services/docker/default.nix diff --git a/secrets.nix b/secrets.nix index 4fcf4be..a7d41c7 100644 --- a/secrets.nix +++ b/secrets.nix @@ -9,6 +9,7 @@ let forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx"; jellyfin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiJb+U6LQ3KglTJqdUzwCVkKWqYoBuJXZ8BXXgCMqN5 root@jellyfin"; + docker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiW/4iymJAZzG7wyUXVavcivjVZY9D2lNqGm4W2iDlD root@docker"; systems = [grafana onlyoffice postgresql forgejo nginx jellyfin]; in { @@ -39,4 +40,6 @@ in { "secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin]; "secrets/redis-lapi-key.age".publicKeys = [tbarnouin redis]; + + "secrets/docker-lapi-key.age".publicKeys = [tbarnouin docker]; } diff --git a/secrets/docker-lapi-key.age b/secrets/docker-lapi-key.age new file mode 100644 index 0000000..114cdc5 --- /dev/null +++ b/secrets/docker-lapi-key.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBsa0Nk +MHQ3cHdNWXE5b1k3aE0xUGtYUDBDNDRlSVVwN3lNNnlDK0hicEZzClc5N0Y1N1lT +dUtRa0ZDd2pnR2tudHoxNlV1b2tIdkhKRFY2NHdBN0R6MTQKLT4gc3NoLWVkMjU1 +MTkgOTNTUHhnIEx1cHJhcHhuNy93MXVSSWZraE5vN3FkNXVvbFdaZ1pWOUZZazhI +Q2Q2Q3MKOFdDd01MaU5INyswVXh4TGJrRENZMkpwMTB4NjlNMDM4Yi9DY0RqaFRU +OAotPiBYa3gtZ3JlYXNlIGYnTzM6OHAgWDIpLHcjICRTLS1sKytMCi9XZFJVOGt0 +Q1BlbUo3cEppY2hrRVo0TDh2bUJlREpiT1BheUZkcjN3YVdmNHovK1RwckZ6ZzZa +MEpLVC83cwotLS0gME9yd1FFbFVWT29PUTA1VnFZbzVxUFVIMjkrMGdhOWJicG8v +a2FvaGVNRQq0Sqh7ZG3QPYnV6XHPoS/1Egrz3co6h0vItVfzN+9HwXgIe8GPPfCH +WtEJnUJUqhhEXwHfwXtiflpR5z2I7P7z1F3oJQQXOEysyE0mgogDAf3Rz0pat+ZO +xHmdLjPSjmEfqSztFXVFNd08OkvQmb5ZsH+AvxN8OasAuV57ANGHgBkuOnXnq6x8 +2fXOGlDOKQnBuUmdJx8E +-----END AGE ENCRYPTED FILE----- diff --git a/services/docker/default.nix b/services/docker/default.nix new file mode 100644 index 0000000..2559bb7 --- /dev/null +++ b/services/docker/default.nix @@ -0,0 +1,208 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.services.vm_docker; +in { + options.services.vm_docker = { + enable = lib.mkEnableOption "Enable minimal config"; + pgsql_ip = lib.mkOption { + type = lib.types.str; + description = "docker database IP address"; + }; + }; + config = lib.mkIf cfg.enable { + age.secrets.docker-lapi-key = { + file = ../../secrets/docker-lapi-key.age; + owner = "crowdsec"; + }; + }; + fileSystems."/mnt/docker-data" = { + device = "/dev/disk/by-uuid/39fb44a4-5c01-4337-894f-a6a6f4212b10"; + fsType = "ext4"; + }; + users.users.tbarnouin.extraGroups = [ "docker" ]; + virtualisation = { + oci-containers.backend = "docker"; + docker = { + enable = true; + autoPrune.enable = true; + daemon.settings = { + userland-proxy = false; + metrics-addr = "0.0.0.0:9323"; + data-root = "/mnt/docker-data"; + }; + }; + + virtualisation.oci-containers.containers = { + "gluetun" = { + image = "ghcr.io/qdm12/gluetun:latest"; + environment = { + "QBT_WEBUI_ENABLED" = "true"; + "SERVER_CITIES" = "Paris"; + "SERVER_COUNTRIES" = "France"; + "TZ" = "Europe/Paris"; + "VPN_PORT_FORWARDING" = "on"; + "VPN_SERVICE_PROVIDER" = "protonvpn"; + "VPN_TYPE" = "wireguard"; + "WIREGUARD_PRIVATE_KEY" = "IJqSQQC2heTOqo0YvqNHq+ZzPmBuKk9vrdo5pZtU2GE="; + }; + volumes = [ + "gluetun_gluetun-config:/gluetun:rw" + ]; + ports = [ + "8080:8080/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--device=/dev/net/tun:/dev/net/tun:rwm" + "--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]" + "--health-interval=30s" + "--health-retries=3" + "--health-timeout=10s" + "--network-alias=gluetun" + "--network=gluetun_default" + "--sysctl=net.ipv6.conf.all.disable_ipv6=1" + ]; + }; + "qbittorrent" = { + image = "lscr.io/linuxserver/qbittorrent:latest"; + environment = { + "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; + "GSP_GTN_API_KEY" = "1egJpY4lciGGs2CkpESR9RR480O4QyLqzKwQ792X7R4plzh5hri0pDsotWqYF1GM"; + "GSP_MINIMAL_LOGS" = "false"; + "GSP_QBITTORRENT_PORT" = "53764"; + "PGID" = "1000"; + "PUID" = "1000"; + "QBITTORRENT_INTERFACE" = "tun0"; + "TZ" = "Europe/Paris"; + "WEBUI_PORT" = "8080"; + }; + volumes = [ + "/mnt/DATA/:/downloads:rw" + "/mnt/docker-data/gluetun/qbittorrent/webui:/webui:rw" + "gluetun_qbittorrent-config:/config:rw" + ]; + dependsOn = [ + "gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:gluetun" + ]; + }; + }; + systemd.services = { + "docker-gluetun" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-gluetun_default.service" + "docker-volume-gluetun_gluetun-config.service" + ]; + requires = [ + "docker-network-gluetun_default.service" + "docker-volume-gluetun_gluetun-config.service" + ]; + partOf = [ + "docker-compose-gluetun-root.target" + ]; + wantedBy = [ + "docker-compose-gluetun-root.target" + ]; + }; + "docker-qbittorrent" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-volume-gluetun_qbittorrent-config.service" + ]; + requires = [ + "docker-volume-gluetun_qbittorrent-config.service" + ]; + partOf = [ + "docker-compose-gluetun-root.target" + ]; + wantedBy = [ + "docker-compose-gluetun-root.target" + ]; + }; + # Networks + "docker-network-gluetun_default" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f gluetun_default"; + }; + script = '' + docker network inspect gluetun_default || docker network create gluetun_default + ''; + partOf = [ "docker-compose-gluetun-root.target" ]; + wantedBy = [ "docker-compose-gluetun-root.target" ]; + }; + # Volumes + "docker-volume-gluetun_gluetun-config" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect gluetun_gluetun-config || docker volume create gluetun_gluetun-config + ''; + partOf = [ "docker-compose-gluetun-root.target" ]; + wantedBy = [ "docker-compose-gluetun-root.target" ]; + }; + "docker-volume-gluetun_qbittorrent-config" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + docker volume inspect gluetun_qbittorrent-config || docker volume create gluetun_qbittorrent-config + ''; + partOf = [ "docker-compose-gluetun-root.target" ]; + wantedBy = [ "docker-compose-gluetun-root.target" ]; + }; + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "docker-compose-gluetun-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; + + services = { + crowdsec = { + settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}"; + localConfig = { + acquisitions = [ + { + source = "journalctl"; + journalctl_filter = [ "_SYSTEMD_UNIT=docker.service" ]; + labels = { + type = "syslog"; + }; + } + ]; + }; + }; + }; + }; +} diff --git a/services/jellyfin/default.nix b/services/jellyfin/default.nix index 6a36b94..8af5929 100644 --- a/services/jellyfin/default.nix +++ b/services/jellyfin/default.nix @@ -14,15 +14,22 @@ in { file = ../../secrets/jellyfin-lapi-key.age; owner = "crowdsec"; }; + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = ["intel_pstate=enable"]; + kernelModules = ["kvm-intel"]; + }; systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; environment = { sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; systemPackages = with pkgs; [ cifs-utils + s-tui ]; }; # Intel Hardware Acceleration config hardware = { + cpu.intel.updateMicrocode = true; enableAllFirmware = true; intel-gpu-tools.enable = true; graphics = { From cd08dd9819fdf6f1de1e056a70d3e96ab587fe20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 10:56:09 +0200 Subject: [PATCH 02/10] First try at docker VM --- services/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/default.nix b/services/default.nix index 832e1f5..395dc3e 100644 --- a/services/default.nix +++ b/services/default.nix @@ -10,5 +10,6 @@ ./postgresql ./onlyoffice ./collabora + ./docker ]; } From 713b3cc7d9ee5dba629ae3e6c619f29507ca2884 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 10:56:36 +0200 Subject: [PATCH 03/10] First try at docker VM --- flake.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/flake.nix b/flake.nix index 8fab2a2..a9ad38e 100644 --- a/flake.nix +++ b/flake.nix @@ -119,6 +119,23 @@ } ]; }; + docker = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + agenix.nixosModules.default + crowdsec.nixosModules.crowdsec-firewall-bouncer + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix" + "${inputs.self}/systems/minimalVMConfig.nix" + "${inputs.self}/services" + "${inputs.self}/modules" + { + services.vm_docker = { + enable = true; + }; + } + ]; + }; redis = nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs; }; From 02a3ccb1a4cd8b61ed76786325d847833f54d852 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 11:47:30 +0200 Subject: [PATCH 04/10] Add secrets env files --- secrets.nix | 2 + services/docker/default.nix | 128 +++--------------- .../docker/secrets/docker-gluetun-env.age | 17 +++ .../docker/secrets/docker-qbittorrent-env.age | 16 +++ 4 files changed, 57 insertions(+), 106 deletions(-) create mode 100644 services/docker/secrets/docker-gluetun-env.age create mode 100644 services/docker/secrets/docker-qbittorrent-env.age diff --git a/secrets.nix b/secrets.nix index a7d41c7..996af1f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -41,5 +41,7 @@ in { "secrets/redis-lapi-key.age".publicKeys = [tbarnouin redis]; + "services/docker/secrets/docker-gluetun-env.age".publicKeys = [tbarnouin docker]; + "services/docker/secrets/docker-qbittorrent-env.age".publicKeys = [tbarnouin docker]; "secrets/docker-lapi-key.age".publicKeys = [tbarnouin docker]; } diff --git a/services/docker/default.nix b/services/docker/default.nix index 2559bb7..42b00cd 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -15,17 +15,23 @@ in { }; config = lib.mkIf cfg.enable { age.secrets.docker-lapi-key = { - file = ../../secrets/docker-lapi-key.age; - owner = "crowdsec"; - }; + file = ../../secrets/docker-lapi-key.age; + owner = "crowdsec"; }; + age.secrets.docker-gluetun-env = { + file = ./secrets/docker-gluetun-env.age; + owner = "crowdsec"; + }; + age.secrets.docker-qbittorrent-env = { + file = ./secrets/docker-qbittorrent-env.age; + owner = "crowdsec"; + }; + users.users.tbarnouin.extraGroups = ["docker"]; fileSystems."/mnt/docker-data" = { device = "/dev/disk/by-uuid/39fb44a4-5c01-4337-894f-a6a6f4212b10"; fsType = "ext4"; }; - users.users.tbarnouin.extraGroups = [ "docker" ]; virtualisation = { - oci-containers.backend = "docker"; docker = { enable = true; autoPrune.enable = true; @@ -35,19 +41,21 @@ in { data-root = "/mnt/docker-data"; }; }; - + oci-containers.backend = "docker"; + }; + virtualisation.oci-containers.containers = { "gluetun" = { + autoStart = true; + autoRemoveOnStop = true; image = "ghcr.io/qdm12/gluetun:latest"; + environmentFiles = "${config.age.secrets.docker-gluetun-env.path}"; environment = { "QBT_WEBUI_ENABLED" = "true"; - "SERVER_CITIES" = "Paris"; - "SERVER_COUNTRIES" = "France"; "TZ" = "Europe/Paris"; "VPN_PORT_FORWARDING" = "on"; "VPN_SERVICE_PROVIDER" = "protonvpn"; "VPN_TYPE" = "wireguard"; - "WIREGUARD_PRIVATE_KEY" = "IJqSQQC2heTOqo0YvqNHq+ZzPmBuKk9vrdo5pZtU2GE="; }; volumes = [ "gluetun_gluetun-config:/gluetun:rw" @@ -69,12 +77,13 @@ in { ]; }; "qbittorrent" = { + autoStart = true; + autoRemoveOnStop = true; image = "lscr.io/linuxserver/qbittorrent:latest"; + environmentFiles = "${config.age.secrets.docker-qbittorrent-env.path}"; environment = { "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; - "GSP_GTN_API_KEY" = "1egJpY4lciGGs2CkpESR9RR480O4QyLqzKwQ792X7R4plzh5hri0pDsotWqYF1GM"; "GSP_MINIMAL_LOGS" = "false"; - "GSP_QBITTORRENT_PORT" = "53764"; "PGID" = "1000"; "PUID" = "1000"; "QBITTORRENT_INTERFACE" = "tun0"; @@ -83,7 +92,7 @@ in { }; volumes = [ "/mnt/DATA/:/downloads:rw" - "/mnt/docker-data/gluetun/qbittorrent/webui:/webui:rw" + "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" "gluetun_qbittorrent-config:/config:rw" ]; dependsOn = [ @@ -95,99 +104,6 @@ in { ]; }; }; - systemd.services = { - "docker-gluetun" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-gluetun_default.service" - "docker-volume-gluetun_gluetun-config.service" - ]; - requires = [ - "docker-network-gluetun_default.service" - "docker-volume-gluetun_gluetun-config.service" - ]; - partOf = [ - "docker-compose-gluetun-root.target" - ]; - wantedBy = [ - "docker-compose-gluetun-root.target" - ]; - }; - "docker-qbittorrent" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-volume-gluetun_qbittorrent-config.service" - ]; - requires = [ - "docker-volume-gluetun_qbittorrent-config.service" - ]; - partOf = [ - "docker-compose-gluetun-root.target" - ]; - wantedBy = [ - "docker-compose-gluetun-root.target" - ]; - }; - # Networks - "docker-network-gluetun_default" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "docker network rm -f gluetun_default"; - }; - script = '' - docker network inspect gluetun_default || docker network create gluetun_default - ''; - partOf = [ "docker-compose-gluetun-root.target" ]; - wantedBy = [ "docker-compose-gluetun-root.target" ]; - }; - # Volumes - "docker-volume-gluetun_gluetun-config" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect gluetun_gluetun-config || docker volume create gluetun_gluetun-config - ''; - partOf = [ "docker-compose-gluetun-root.target" ]; - wantedBy = [ "docker-compose-gluetun-root.target" ]; - }; - "docker-volume-gluetun_qbittorrent-config" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect gluetun_qbittorrent-config || docker volume create gluetun_qbittorrent-config - ''; - partOf = [ "docker-compose-gluetun-root.target" ]; - wantedBy = [ "docker-compose-gluetun-root.target" ]; - }; - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "docker-compose-gluetun-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; - }; - services = { crowdsec = { settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}"; @@ -195,7 +111,7 @@ in { acquisitions = [ { source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=docker.service" ]; + journalctl_filter = ["_SYSTEMD_UNIT=docker.service"]; labels = { type = "syslog"; }; diff --git a/services/docker/secrets/docker-gluetun-env.age b/services/docker/secrets/docker-gluetun-env.age new file mode 100644 index 0000000..9ae515b --- /dev/null +++ b/services/docker/secrets/docker-gluetun-env.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB6bm1Z +R0ZuamUzUG50b1QvdllrUlZ4YVRKaVRhanFWRlBPbDVKaXNRbkdrCk1Ob0VwZFRK +TE53cWJzVmNid0MzSVp3TkFjOEt3UmE5Q0o3cGgwTFdJL3MKLT4gc3NoLWVkMjU1 +MTkgOTNTUHhnIEFia2hJY3lCOEc1czBlNEZ1dEs0OUQwYmowQXVVVlpyTzFheFVI +ZzA2QzQKKzY3aFBjWkJOeHhFQ2xsUGhvSHc3ejlraGVnS3B5ejBua0k4Rll5Y0U0 +bwotPiAvckJxYXgtZ3JlYXNlIF8pQSp1Tl54ICJwS2pNSig4ClJKTW5tUXlJTXh3 +bldUbVQ2a1dMcXJTVDBBCi0tLSBXSG82YlFyTFU2YXp6M2pjK1IzMHZCT0RjMlVv +Smo2dTlwN2RxYmxDelA4ChrTlil3hnuuzsiSzo+XIjDKo4Qev/q2T0/DfhDsHlOv +loSNU91LEm6C00wf6uNt6YuVjqumlui42z1b2R79S1HHv06cqGUFyFQxn9F4LqTR +Q2+Xq+M16I3wUevztCoTRLBtBPX2fcOcdKjigyYT7X/hXAOIU1GGMXEQKqkgtTzg +jzJd5exlYbEFRsfMuVrpWc18dkZfiwvYNmXXERJe5xZpcqi5B15qrPi22/xH8KUC +cCNZ46KH5Q7p5qi3XrdxYSzgszpr+Cjg/eqkhsXRQIKv3CCZL+Frzycn5ybHgDWm +w9/wh73jcngAscWN9gDaoqysxwz65hkuNu07a/56YjQ30F13sXR92Bq7McaGUqM2 +rgSAPYEW9qT5QV7toTiB8gZAUCcz+MyjK4vh964EPdQc0975VRIp5KsLhFufc2AN +fWEbS/cCNKpHFq5oMR/MWSz7dnLpFDVObQ== +-----END AGE ENCRYPTED FILE----- diff --git a/services/docker/secrets/docker-qbittorrent-env.age b/services/docker/secrets/docker-qbittorrent-env.age new file mode 100644 index 0000000..d2638f7 --- /dev/null +++ b/services/docker/secrets/docker-qbittorrent-env.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB0L1JE +YkhtRG5yeWZnQzBSblViOUloS2Y5OXhoVFpSaE9IblJTdllXZmdRCjdFd05tWG5M +b010ZFZBQlc0TVg5SEpoMWdpMjYxWmR3QTFTekNkdUxvdzQKLT4gc3NoLWVkMjU1 +MTkgOTNTUHhnIGt6Z1FkTk9xdFBIckx0a01oSmxPUHN4aGhNMTZvS29UTk83ZlB5 +QndUajQKSG5jMWt2eXdMaFc0VEkvZTRLSFpBeDAxaXpwUFl2Q2JKOXF0VVgwUWRp +UQotPiArLWdyZWFzZQpYZwotLS0gYXdvWkVrc3dubHJzZ1UydUdYYk1IZ0RKcVNo +Ym5HOUg4REtNUHRpRDVOawqrsuUHQH8vgSluKn6/fdMSLhws0h8TTJJxaMjUdBk9 +FWyvRqf70W/p3X9P6Waasb97uIbOzcMtlnuljw0WLV9eNrGQ/AQWyyrWavw7UORT ++C/9c7pf7+pzeUi+uXRhTpJzoM25PAowmorEDcDpiRpdUcENy4PZJE+xTZUzZKnH +oMYK6pmAByzCSTt7DOxLRoSeWejSESOU/uBthVEr9YfO//7naImagz+H8zlBXU+O +MzGCmaVTgqmByKm2sSg43bwfOuOkvegqT4H5Pq7/gvNbl4VBNNttsgk5WDi7ekfg +HweTD/0fEojvPUfRt+s9Tz477hR5L2Sq8A/UPUI9O3/YLTcsBBQLRwE7aHwlJU+0 +oNJ5RMAvmSp4dgIQgZ0/X1fR7k35qUQ2gEGyM2ACeNCPmpMYc7c2IeEPHPHcSsXU +fKkLPSMuWGPVA06aoiqs07MR+A56rcU6dgg= +-----END AGE ENCRYPTED FILE----- From 03300b37aed41b978bf0f79dcfd9e532a76b20f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 12:03:19 +0200 Subject: [PATCH 05/10] Fix typos --- services/docker/default.nix | 22 ++++++++++----- .../docker/secrets/docker-qbittorrent-env.age | 28 +++++++++---------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/services/docker/default.nix b/services/docker/default.nix index 42b00cd..fc69f6e 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -27,9 +27,19 @@ in { owner = "crowdsec"; }; users.users.tbarnouin.extraGroups = ["docker"]; - fileSystems."/mnt/docker-data" = { - device = "/dev/disk/by-uuid/39fb44a4-5c01-4337-894f-a6a6f4212b10"; - fsType = "ext4"; + fileSystems = { + "/mnt/docker-data" = { + device = "/dev/disk/by-uuid/39fb44a4-5c01-4337-894f-a6a6f4212b10"; + fsType = "ext4"; + }; + "/mnt/media" = { + device = "192.168.1.125:/BIGDATA"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + ]; + }; }; virtualisation = { docker = { @@ -47,9 +57,8 @@ in { virtualisation.oci-containers.containers = { "gluetun" = { autoStart = true; - autoRemoveOnStop = true; image = "ghcr.io/qdm12/gluetun:latest"; - environmentFiles = "${config.age.secrets.docker-gluetun-env.path}"; + environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; environment = { "QBT_WEBUI_ENABLED" = "true"; "TZ" = "Europe/Paris"; @@ -78,9 +87,8 @@ in { }; "qbittorrent" = { autoStart = true; - autoRemoveOnStop = true; image = "lscr.io/linuxserver/qbittorrent:latest"; - environmentFiles = "${config.age.secrets.docker-qbittorrent-env.path}"; + environmentFiles = ["${config.age.secrets.docker-qbittorrent-envpath}"]; environment = { "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; "GSP_MINIMAL_LOGS" = "false"; diff --git a/services/docker/secrets/docker-qbittorrent-env.age b/services/docker/secrets/docker-qbittorrent-env.age index d2638f7..72bb6f7 100644 --- a/services/docker/secrets/docker-qbittorrent-env.age +++ b/services/docker/secrets/docker-qbittorrent-env.age @@ -1,16 +1,16 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB0L1JE -YkhtRG5yeWZnQzBSblViOUloS2Y5OXhoVFpSaE9IblJTdllXZmdRCjdFd05tWG5M -b010ZFZBQlc0TVg5SEpoMWdpMjYxWmR3QTFTekNkdUxvdzQKLT4gc3NoLWVkMjU1 -MTkgOTNTUHhnIGt6Z1FkTk9xdFBIckx0a01oSmxPUHN4aGhNMTZvS29UTk83ZlB5 -QndUajQKSG5jMWt2eXdMaFc0VEkvZTRLSFpBeDAxaXpwUFl2Q2JKOXF0VVgwUWRp -UQotPiArLWdyZWFzZQpYZwotLS0gYXdvWkVrc3dubHJzZ1UydUdYYk1IZ0RKcVNo -Ym5HOUg4REtNUHRpRDVOawqrsuUHQH8vgSluKn6/fdMSLhws0h8TTJJxaMjUdBk9 -FWyvRqf70W/p3X9P6Waasb97uIbOzcMtlnuljw0WLV9eNrGQ/AQWyyrWavw7UORT -+C/9c7pf7+pzeUi+uXRhTpJzoM25PAowmorEDcDpiRpdUcENy4PZJE+xTZUzZKnH -oMYK6pmAByzCSTt7DOxLRoSeWejSESOU/uBthVEr9YfO//7naImagz+H8zlBXU+O -MzGCmaVTgqmByKm2sSg43bwfOuOkvegqT4H5Pq7/gvNbl4VBNNttsgk5WDi7ekfg -HweTD/0fEojvPUfRt+s9Tz477hR5L2Sq8A/UPUI9O3/YLTcsBBQLRwE7aHwlJU+0 -oNJ5RMAvmSp4dgIQgZ0/X1fR7k35qUQ2gEGyM2ACeNCPmpMYc7c2IeEPHPHcSsXU -fKkLPSMuWGPVA06aoiqs07MR+A56rcU6dgg= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBIdXdZ +V1g4dm5oQndROFRRd0dETVF3bzZrVlYvTzlwOFoyVllBSTRQbkRzCnQ2RG4zRlR1 +b3YwMkpSUjNWeGIvaFRvM0hVVU0zTEtidkFiMGFPajFrczAKLT4gc3NoLWVkMjU1 +MTkgOTNTUHhnIHo4RGpvL0lia2RHT3h2QTNxaWlGTWVScmJuMStpY2liSmpFeW9m +U2h1U1EKM3JRUFg5cWdac0FnY1FmNmRRNDM3R2FhVGlPZndpMEY1aWl0WFJlanBV +ZwotPiAuJzFwcGohLWdyZWFzZSBnJjdKYSBVWVs8LWYgNiEKYkxUbDVQSGUzanBy +L3Q2aE1VOFVGMkpPY0l3ajZJaWJCWWkxN1BXbUxvQms3UW5FTmxVZ1Y5NDk0MGpa +SmdFMQo5RTI4NEt2RkkrdUE1Y1NHSUtaeC9oS3oKLS0tIGpoQnJVb0tOZkxRZ3VH +aWwrb0R2R01oejdlY3UvODJ0M3JmZnIxZXpXV3cK9mWMaIpNfX4NQBrnbwawb/Jb +U8DyQrUAz5efY1WE/02ag2dXrekFN47WbwbHSy2m75DJ13FQg17N24sCM4UiClg7 +p6llginA7D8S7X25NtgWNrAGTHQrwgM1c+KmPA2L4y6TE9F9SRcyUTyd+AxbeDo6 +p6hklgMXIKiDtkJdHA9NOxgUKxqGteolk3frJ0WvMa71NbFSL67AosMmeq0Y+O8o +HwML72wdPk1+PYBEgp6acIPgVmQE3+kSO/bY7QWSenoDIS5ar9FWVO5+Yjkecvxz +wvMxCmR3PjEajsMBu+fJOLeQTw== -----END AGE ENCRYPTED FILE----- From 75c83260c64969eef3e369898e5f202c929ff60c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 12:05:13 +0200 Subject: [PATCH 06/10] Fix errors --- services/docker/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/services/docker/default.nix b/services/docker/default.nix index fc69f6e..e0af5b1 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -20,11 +20,11 @@ in { }; age.secrets.docker-gluetun-env = { file = ./secrets/docker-gluetun-env.age; - owner = "crowdsec"; + owner = "tbarnouin"; }; age.secrets.docker-qbittorrent-env = { file = ./secrets/docker-qbittorrent-env.age; - owner = "crowdsec"; + owner = "tbarnouin"; }; users.users.tbarnouin.extraGroups = ["docker"]; fileSystems = { @@ -88,7 +88,7 @@ in { "qbittorrent" = { autoStart = true; image = "lscr.io/linuxserver/qbittorrent:latest"; - environmentFiles = ["${config.age.secrets.docker-qbittorrent-envpath}"]; + environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"]; environment = { "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; "GSP_MINIMAL_LOGS" = "false"; From a34a18d5ad2c607ea4c70f44ff4d62516c415600 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 12:06:11 +0200 Subject: [PATCH 07/10] Rekey --- secrets.nix | 2 +- secrets/cs-lapi-key.age | 45 +++++++++---------- secrets/docker-lapi-key.age | 24 +++++----- secrets/forgejo-lapi-key.age | 24 +++++----- secrets/grafana-lapi-key.age | 22 ++++----- secrets/initialPassword.age | 42 +++++++++-------- secrets/jellyfin-lapi-key.age | 26 +++++------ secrets/postgresql-lapi-key.age | 25 +++++------ secrets/redis-lapi-key.age | 25 ++++++----- .../docker/secrets/docker-gluetun-env.age | 30 ++++++------- .../docker/secrets/docker-qbittorrent-env.age | 26 +++++------ services/forgejo/secrets/forgejoDBPass.age | 20 ++++----- services/grafana/secrets/grafana-db.age | 20 +++++---- .../grafana/secrets/grafana-oauth_secret.age | 23 +++++----- services/grafana/secrets/kuma-token.age | 18 ++++---- services/nginx/secrets/cs-lapi-key.age | 21 ++++----- services/onlyoffice/secrets/office-dbpass.age | 20 ++++----- .../onlyoffice/secrets/office-jwtpass.age | 19 ++++---- .../postgresql/secrets/authentikDBPass.age | 19 ++++---- services/postgresql/secrets/giteaDBPass.age | 20 ++++----- services/postgresql/secrets/grafanaDBPass.age | 21 ++++----- services/postgresql/secrets/netboxDBPass.age | 18 ++++---- .../postgresql/secrets/nextcloudDBPass.age | 20 ++++----- 23 files changed, 264 insertions(+), 266 deletions(-) diff --git a/secrets.nix b/secrets.nix index 996af1f..98563b7 100644 --- a/secrets.nix +++ b/secrets.nix @@ -9,7 +9,7 @@ let forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx"; jellyfin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiJb+U6LQ3KglTJqdUzwCVkKWqYoBuJXZ8BXXgCMqN5 root@jellyfin"; - docker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiW/4iymJAZzG7wyUXVavcivjVZY9D2lNqGm4W2iDlD root@docker"; + docker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2n8jioazInEa0vfXY5gGcntOH4+yBV9VkdxvwEKCqA root@docker"; systems = [grafana onlyoffice postgresql forgejo nginx jellyfin]; in { diff --git a/secrets/cs-lapi-key.age b/secrets/cs-lapi-key.age index 6a07387..6d6946a 100644 --- a/secrets/cs-lapi-key.age +++ b/secrets/cs-lapi-key.age @@ -1,25 +1,24 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1Yjls -VklpbHBxQ0RuVW54TTlGNG9lbFluMHVlVFRJeXBoaXZXeUZUQzJzCmF0bTVpVFQy -TnMzT1l1aldsd0NoclVIREthS0JxYS9FL29Hc1hjbnVja3MKLT4gc3NoLWVkMjU1 -MTkgd25FVXB3IGxndlg5MU5wMllIMUppRUtOZmpuWEtuOUhWblVsZndjVVJIZW5I -ZTkyekUKQVlrMWxMWmVFYWFEL2dCRlM2NGc2SUJ0bnhLVisrWDFpVkduNXRmMzZF -OAotPiBzc2gtZWQyNTUxOSBubUtTK0Egc0U2QlVFcFVMR1BGN0FyNlJGbE1GZmhJ -WWQ1ZFl5UXdmbXNRNDI4dXFRcwp0NVZFWWhSTGNuUk0yNkZtdzd2cTZ1TEh4V3h4 -aDRkRXp1OThNUlQyK09ZCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBLMnVvNTBrNUg3 -UU9tenlrYjZHeFJZNkNJMVc0NlpZK3FJL0hMcXFzY0NVClRIdWo3T1VCeUkzcDdG -T0kwZUZXZkFlNklDdDhjMjdrQy8vc0lRZUVWQTQKLT4gc3NoLWVkMjU1MTkgeHFt -eWpBIDBnSlpKa203UnRKYVk3UitLOWh1UFlxYldCMnpWOTA3ckxBT244RWRUMWcK -ZHJTL1ROLzhITnZQNTVUN3JKUjVQZU9Qa1l3R3BOTnZvVFlvRzdDYmMwSQotPiBz -c2gtZWQyNTUxOSBtdTBmbkEgck55UjFlYWNuYWRKWXJmWjFWbTJMVHR1ZFd1M2VE -QklvOTVKRjBxbzJXRQo2dEZSbTdEOE5ncXNEbXhDUjFHbzdFcGQ0bEpkL1ZtN3ll -d2ljTFNTWUY4Ci0+IHNzaC1lZDI1NTE5IHVmRGxIQSByc0ZxSEE3N3QySWszZ0pu -VlhSRFdLaTVlS2ZPbHllQ050cFNmYjhCQnpjClprYmNnQUxsZU5FYjEwQzVWUmFD -RXE1cTc4bi9GRFh1TkMvblJVUmthc1EKLT4gVUUtZ3JlYXNlICcgMjFoISdbTyBv -cnF9OksyXApCSk5FcTdIVEF1Z2lQRkRtbkVkR3Q3WDA5dWgvZ3BrRXNKUmE1UGw2 -QlliTnlrVXFLSEFZOGo3V2VpbDQ4azE2CmplM1U5aldGaWdKRVJ0ald6Mnk3U1BO -dkNKWWIKLS0tIGdrSzdZVHp2MTNVdytBS1k3L2QyZG1WL0haOHFBb1NRV0dveThq -cjFEeTAK5GOtOjPuKvlecufroT4yxT5RzekSn6NROdou/lY2azjXG2GJPqqtveaI -efkDFupYZaJeO2N6dkyrhJlMqZn0s4hAsTPBdjg/IfUnatGJjfLTWOywyC2cRb08 -F+TbN9V1zcjyOloHgUKmvp0agY5ayJYbHTBsvfsqQUk2yG1g6Xi9sBGF7fLrP9I= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBTeC9L +dDlTUDhwWExuRU1GaWhrR0RTM3E3SkZyK3VXUlpFQWViWEFJTFNrCjMxWjJDdlg1 +aTR1Vi92R3BzdWFLMFYxRW13YVVrcjAxaDE2RUdmZlBxTEEKLT4gc3NoLWVkMjU1 +MTkgd25FVXB3IHYzbjFyTENiY3ZCTVFEWFlMcnJ5MGc2Z1VGQmxvbk94MEZkS1B5 +eTJnUUkKc2VUV0tTZFFiMWRPa3daSVFmeVl3SW5uT2xTUlpLdW41SHpTdUp2NUh5 +UQotPiBzc2gtZWQyNTUxOSBubUtTK0EgZmFIUmtuQU54ejQxUGF1aU9jcVp2SnAx +TWptT1hGNmtoZndLM3JmKzdHMApqVlhROWc1b3dNRnpoTHMrV29la2c3RnJ2RzNI +Vy9mZ1Z2Tjc0UlJZeTJRCi0+IHNzaC1lZDI1NTE5IHNpbmd2USA3VWk5WWl5Si9D +N1dkWlFoVXgwZXN5bDZJcy9SN21hK25KMWVtU0RZTHlNCkR4K1BjN1lHY0dvSkU2 +TGswZEZueW93K0JNRGtaMXhSVndJZktlcFNBc28KLT4gc3NoLWVkMjU1MTkgeHFt +eWpBIHkvQ0k1bUxQaUErYkpMU1dwK2cvUjFLSUpueGUrVTlQdWVDZXorNzNSMFkK +NHRhZG5hZjErQ2lTclJRVG5ud3ZLWktNbWRFZ2h1OFhzSTZjNlN4OGFzZwotPiBz +c2gtZWQyNTUxOSBtdTBmbkEgZEgyZ1FhV0xhVVVMeXRXWmNLSUVzZHI2RjdWcGQ2 +YzA4U2tiQm1oUWlGcwpUUkZVYnFLcnlkYWlsNXA2L0hxdWwwL3ZRWjRsdGZUTWJX +Y2Y2b2x5WXFZCi0+IHNzaC1lZDI1NTE5IHVmRGxIQSBySi9TY2tYTmsvd3lrVkhh +ZVd1bnBFbm90T2dvR1FNL0ZsTERnVjVaRUFZCi9BaHR2alBOaW9mbnJKb2J2MFBV +anB6UzBhUzFwbkRhY1lBMFhGay9DZGMKLT4gaVYqJW9NPS1ncmVhc2UgeiBUc0kg +JCB2CllDdUdSZVVWdU1TTDJlY293TGZzanFJCi0tLSBGY3RVdzZDMG5USmZxcE1I +Rk9xdUpqczB5MEJXUVMyd1lkbmZWYjYrczA4CrAQGr9QSyzybAqqLdopkIUKVBYx +vGMVaeEqz8X0q8DpSmlpYf9Ye+kUEoZghd9gdw53aA3mUwwa4PDH93X5wuaYTb/Y +8s5CaQFo2aMbqkwGOyk2L63Ufa7cKNTFYH9ExyG3qDWawnak+xPOjtrxmWY+SOHz +OtcgVEZiyTlZawn5E+hINmQl6vNB -----END AGE ENCRYPTED FILE----- diff --git a/secrets/docker-lapi-key.age b/secrets/docker-lapi-key.age index 114cdc5..39972b1 100644 --- a/secrets/docker-lapi-key.age +++ b/secrets/docker-lapi-key.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBsa0Nk -MHQ3cHdNWXE5b1k3aE0xUGtYUDBDNDRlSVVwN3lNNnlDK0hicEZzClc5N0Y1N1lT -dUtRa0ZDd2pnR2tudHoxNlV1b2tIdkhKRFY2NHdBN0R6MTQKLT4gc3NoLWVkMjU1 -MTkgOTNTUHhnIEx1cHJhcHhuNy93MXVSSWZraE5vN3FkNXVvbFdaZ1pWOUZZazhI -Q2Q2Q3MKOFdDd01MaU5INyswVXh4TGJrRENZMkpwMTB4NjlNMDM4Yi9DY0RqaFRU -OAotPiBYa3gtZ3JlYXNlIGYnTzM6OHAgWDIpLHcjICRTLS1sKytMCi9XZFJVOGt0 -Q1BlbUo3cEppY2hrRVo0TDh2bUJlREpiT1BheUZkcjN3YVdmNHovK1RwckZ6ZzZa -MEpLVC83cwotLS0gME9yd1FFbFVWT29PUTA1VnFZbzVxUFVIMjkrMGdhOWJicG8v -a2FvaGVNRQq0Sqh7ZG3QPYnV6XHPoS/1Egrz3co6h0vItVfzN+9HwXgIe8GPPfCH -WtEJnUJUqhhEXwHfwXtiflpR5z2I7P7z1F3oJQQXOEysyE0mgogDAf3Rz0pat+ZO -xHmdLjPSjmEfqSztFXVFNd08OkvQmb5ZsH+AvxN8OasAuV57ANGHgBkuOnXnq6x8 -2fXOGlDOKQnBuUmdJx8E +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBEZU5j +ZG9pSGN3aXBnOVhPcUhua1B5a0wwaUFlVXlLMUlPVjBCTFRxS2hJCkhtRXJLSW9T +OE5hTFROTVlDODBSRm1XMVZ3RnQ1Tk1kcFdMOXU4aVNGZzAKLT4gc3NoLWVkMjU1 +MTkgWWc0YkZ3IGkzNFRZVU9GcTl1UEFVcWZDdGVNQzFlcFN5eFB3a2crZDdCWSs3 +Qm94R00KZG1pMjlseVpBWlhzQk0xUkFzdkR1cEgzWFhYa0VxUVRuUWhMWGNadU5t +cwotPiB0QnMoIn4tZ3JlYXNlIENCMVhTbjsKUHBkelpXYStBQU9NQUNSaFFJb2Jj +WjVyZGZ3c05KNVp5WUdHZ2hxckpSQnF5V2ZkOER5SEI5VHozdElGbnJkUwpJNE5Y +N1EzajJ2SDUyd3FOWFl2aER3Ci0tLSBSd1VGcHF3WWVaUHZRYkFGTlVwa1A1UHh2 +SVRYUFdvNC84aHV4SE1BV05zCm4hDmCyzin4u57lE9dhfpzztY+vUK47cIM073y9 +6B+Hs24harrrddF8G3kDcO/N0TNwTgRFVV+lsd8Oa9wuT7+2SR+pnwF2SS+Z/t/h +lOv4xRYAXDaJbt9jf9fFxLprqDVFbl/SUHsZDpZi6rzlACQXeFLQr/Pf7TC/yYI4 +48x5GPsfY+cTHqRoRdnLdI5Ft2nSQJeBL7I= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/forgejo-lapi-key.age b/secrets/forgejo-lapi-key.age index 4b0742a..7fcb1ad 100644 --- a/secrets/forgejo-lapi-key.age +++ b/secrets/forgejo-lapi-key.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBUL2hC -dktGMVdCYzFrN2prV1pqY3pGU2pLU1pualRkcW9pRTBmYytPT2pVClpRU1NRdmRN -dURvcVlzUFdZelZPMFA3MEpuZWhzMG8wd0YyZ3p6clZCOUkKLT4gc3NoLWVkMjU1 -MTkgeHFteWpBIFIxS3Eydmx1YjRtM1lRUVNVbnl3YzY0QnpOVWVSdGR1eXVZZDg0 -cStqaE0KdEFTUXJiMmwxOHlrQ2F1RGo2L3Q3R3RQWVpCUjRYOU5MQ1pPSC8xQVpQ -NAotPiAoTFRNY318cy1ncmVhc2UgYWR1ViB7IEZsCkJRWEQ1ZlY4bmxPV1hON0hY -eXlmak1KcEdDa0lhZzNkTVpncXAvTmpBdWUwdkVPWlFZSy9DK21sdmNwaUo2d2gK -dDNDN3EvWmxJQklhcEEKLS0tIHczaHlqQldyeExDVGRjdzlUbUM5eUJEcXRnTDhG -R2VJOVlnb0tBRmVsWFEKYaR5oAAX4xVxa2o24MoSON/Tl6+0UG0uWtTu5AKrwtTc -rMgNkDd/vQqea8Gxp89LN2hPpD8RUb41/V4Eflg07gRP8mMvVRDxFxHSqT0CSwU9 -YGFF6o9WlSjqvdnSDZK5L4/+D0W5Au9rsY/CR4YtZuLr9RDKG1VpkxH+0IJdjXKc -Jakzw8LuDxjhXzWNAe8Rci8YfOdRetw= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBwRTlD +a0s3c2w1b2swTEc3ZkhEYUtMK3FBWFJyVTNIT3FpaDZNeGJwRURVCnZycXRCdzBB +T203ZFBZWXFVM2plbXg1VSsvYU40NXZ3dnN0ZGN3RzZieFEKLT4gc3NoLWVkMjU1 +MTkgeHFteWpBIE40ajZRWXRPZ0RFcmF5VDZNbHd3QnVZM0tqNUx1dERqb29ZRnFN +bERrRTAKeTcvQlI0WVVITDNwNm5OUUJmakVia2pZVnZYYVVHelJ4Vllmak5rbnhX +TQotPiBjK1k+aHN7LWdyZWFzZSBcXyBeVF8gTmFmQFZSITkgL3J5ClNzZ0p1elJB +RTFTclNxL2xnMWdmQlJId2h1TFlDV3Rqa2Z6VDZXZlFtWnhSWHljV1JkV2pyb0pF +ZGpLawotLS0gaW96clF4eTVyT3JpbjFmVWJ5Q1pZSGFNUFZkUExRd1lnbFNRVmdh +Y3ZSRQoTzzpfRjZe7uZ3BC0Lvho4KW++AUfNLfvlf8wTTUj8sezhveHjsBqVUcjq +RoK4ny2aRgcHVvyLnn4bKKDL9FMT6mCmMEAwrVNLTD5wpYZ906eKRxiF6+snMysm +YcNDaQJY7suVbgTt8D5AgXf1nPLtZraKMPE+HUbzqp5SARjpxahMO8qAGa5UHb+B +fQRUL74hO+cgL4J4wQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/grafana-lapi-key.age b/secrets/grafana-lapi-key.age index 70ef376..d9548e4 100644 --- a/secrets/grafana-lapi-key.age +++ b/secrets/grafana-lapi-key.age @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBaRGRE -dzlLdW11azArbjdWV0ZJcXFvSWlqcm50L0RleExnbjgxV2t4OWxNCkgwUWFUaXA4 -blkxRVY5YVc1b2xmVjAxZi9vY2ppbmQwWEczOXc2UzZnV2cKLT4gc3NoLWVkMjU1 -MTkgd25FVXB3IEs1VndxNEh2czNHK2dHVVVPVkpzZkpLcUc0V2tpanVQblIzUVA4 -clI0eTgKMWJraVFTenZhOUpKU3IvQUY1aW5sKzhpQ3N4bnMyVFRUSlVEaTVOaU1C -cwotPiBeX1hrV2stZ3JlYXNlIEBQIEx6PTBvMCgKSS95YnJWSG9neFpSTmdDRlRF -eCt4akJtbFAveW5RQ2ticVJFQjBBbVJJVzJ2OWRzZjhBSDNBCi0tLSBzeHNXR0dy -Ky9pSHhwS2J3WEFuWFFxZy9mNDJCYi9xc1ZkbzJVSWJDZzU4CoQaB2kPIB7X7tT9 -kp4iN8jGrZRZIi8aBI8dl1lFGShZ28HYoeHYnLxoKtkB6ol8uNFZXhhshzfepTns -NBysRPI9NjLC2UUZqGXw8+HooGsTfaKbgA9C4gsRf2ACeB4XV83ozeVXK4drDSnP -va+V3pqZ3wCRYNtzWaeZHUHrLPif2E5kZn1relwvGWR5MBHeesOMWjr+k+2T +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBNVGN4 +WnFQTG5xRjBCSC9hdlJ3WHNhY0lRT2hPaFlrODRURzh6R3BlZ0hJCnFmWjE4eEdZ +M0c1QXNvMDlUL0RTRGRjb3BNS2JtZVlSbzlOTUpROXc1U0kKLT4gc3NoLWVkMjU1 +MTkgd25FVXB3IHZhbW5jbTRBMTJ3ekZFTE81T2xCc0wvU2V1SUNzcVVlYnlRRDE0 +c1IyVjAKQ3lqNWFqZEhEUTZDMWVVVk05cVpFVHcrRFJZMGVkUEsxZG9jY3pJeTVC +OAotPiAmLWdyZWFzZSBfNUhxJHM9IF5HCjN5L0JQK1I0blFyUVNHUzVwM1pRCi0t +LSBWbGtSSTJsc1l3R0dCdFdZMjYwdzhZSk85NldYWGkvL01MeUdVaVJJaVBFCs3o +61mjNELPhHlDDQTlcOy86JHNywq+NRi5bEVQPrnVcOogLuXHi9U+xY1kMO/mHb1j +VVrDgIMrdiKiCyyuXYIcf/gt+i9Nkhkkpv7j6bgZUXEXsFqgvAqQaWiWqJnTnnyC +0VIPzop9q23bgTYNpk7p7u2X6Uv6SprjwY808iw2LxMb11VgmVC4KylkarPRVqdI +7gz3J9RB -----END AGE ENCRYPTED FILE----- diff --git a/secrets/initialPassword.age b/secrets/initialPassword.age index b55ac36..48b087d 100644 --- a/secrets/initialPassword.age +++ b/secrets/initialPassword.age @@ -1,24 +1,22 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBVN1dD -MjZiWGgzcjVQVG9WWlkrWk9haFZScVRCL0RiMWhESDV5M3M0WUFRCkI1d0FGMmVr -Q29iVS9BRXB3YXBDSU9HTk1SRVhWcFBqaDJJTU4wZEcvZk0KLT4gc3NoLWVkMjU1 -MTkgd25FVXB3IHBkaVZTVEN1UUcyUXprV0RzekZkbktwcHA1aWU3RGJwdHBNKzF5 -UnBYRWMKVXJnaFdpSW0zM1ZJZi9lWHN2M0R2WEFoVUZmUnFTMkR3SG9idndQZnls -cwotPiBzc2gtZWQyNTUxOSBubUtTK0EgNjhRQjdIczM3MzQ0a05LbUxwcXloL0JI -aTNMSlRnMEljd0lNUjRIVit5WQo3ZVFtY1haT1JLbURRUlBhaFNPSWtCMWc1M1o3 -bGp0anNQQUNsOG4vbDdRCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBZZmNXeStad21j -MzFlaTN4dkNsS3JZejZTRG9RM3Q4NEVqakpDWmpvdldrCmpEcnZtMjRRcHVpblZa -Tk4xTEhQTVI2WHgxRWVLQm1Nc0owY0tXVG5ZcUkKLT4gc3NoLWVkMjU1MTkgeHFt -eWpBIFdGK0dRQmJtU0E1UEpCNjFUSm93eUpVWEhTdUErZjJKM2J2WDlhOTBuMDAK -YVZOTGRCbUEvU1d6YVlWMkZ5VVNqSGIwdGhmcVVrWEdlWmlyQ2duWFgxUQotPiBz -c2gtZWQyNTUxOSBtdTBmbkEgSENzY0RNbm9CWjNReVp4M0RpaEdiZFhhbzU0VGlJ -OHd2enpKby9JZ2VHNApYMnU1Zm5uOTJHR2lVTDF3OG5GRXlDT3lhOGRGWjZnWGJ1 -bWV0RDB3L1gwCi0+IHNzaC1lZDI1NTE5IHVmRGxIQSBySUxBbCtESXlWNkpzcGRs -WnI5N3hwcUhaT2tGZjJqa0lWNWhhcVpwN1hVCi9MNlFvMmdJNWV1V1FlSk5XMUsr -My9nTzJEZVlTTDg2Y1F4c0FZd2xnRDQKLT4gMF1eS0xENi1ncmVhc2UgRHxFT1Ag -RCBsfDFuIVUjUyB6PDFsVlRhCkU3MWJXZmVmTEw4WW5VMEdlQkI4czd3ekwvdjU1 -bG1FVHc5T2w0NC8xY1ZjUGY2dzMrMkF1U2JhRDZTN0NJY0IKajExZVZ4ZEEyZwot -LS0gbndZaUVKTjhRcHBsd3RYTm5kVWNLU0hSSkhMQS9mTUJ1YVZrUVlLZVlUTQqA -dmIG9YQUgT7B3y0LPIw5AyNsoCl7L27/0kDTJtKWPG/zMxS7089jpCzwHbdkwT8h -rKgHSg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBZMDho +OTdpK1JCTjI5ZGZzd1lqdndKZEcrdHlMTUxPcW5jelZRUTI3bFdVCndIWVZHVFdG +eWNmK2l2R2k3SVNScmhad2NmaHAwdDl3Y0p1SlZNdnl1Rk0KLT4gc3NoLWVkMjU1 +MTkgd25FVXB3IEZRZGxwUDlsaGtvbXl5VzRYL200OXhCZkZaS3pYNWRjRDd2b1pO +a0ZWejAKMDhwalIwczlXdlZ4OXBmVWRlalNVa1FCTGVIZGRwZGhDZG1INzl1MGFN +QQotPiBzc2gtZWQyNTUxOSBubUtTK0EgWXFJemJXQzVqK0dVZzBRelk3WTF4RTZI +bm9EQ0JyY2QzU1FBVXJIU1ZUQQpuWFBvbmhoNVBpR2x1OXp4V1MyaFZEdTVZNVV1 +VnNPV2xDdnN1WFB0L2tNCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBnczc2NXhwbnR1 +SVU2MlcxdkZTeENjTkhSVi8za2tyYXIySEFOYkpkR2hRCkdFMUNJeFV3OVlwREVu +bVBuaEI3Zkx3RkRXV002YndES1NjS2RYZ3BpRWsKLT4gc3NoLWVkMjU1MTkgeHFt +eWpBIGEwTmJMU2xvVU5iMTJWc1VSL2lrdDF2bjZyWGpyKzRmYXByT3ErWFlJRmMK +RVBpd3lmelJ5ZHphY2d2Ri9mMldHcTIvd3R0UTc2Zk1zb05FWHQrb2ZacwotPiBz +c2gtZWQyNTUxOSBtdTBmbkEgalY4MVdNQkVjejNqeUovd2VObGx6dTlGbmxldDVp +OWVLbFMzYWlheVpTOApBcXBtTkFTRGtFZTJobk5jVGJ4bmFnTnVXQ0VPMlhENFI3 +TjhnYmw4UTQ0Ci0+IHNzaC1lZDI1NTE5IHVmRGxIQSB1c3lGY0txL3VYNzRnMGl3 +MGpCV0ZuSklCN0M4eW5qWjl2RlBzajBvTFUwCnZZWVR1aC9SdmUrRHR5R3ZscHlN +Zjh6aVp1SDVsdlhXMjh4WVU2eHd1TG8KLT4ge19wK0FQKS1ncmVhc2UKVHRXQzBs +bGcyYUV2Yi9za2djUkwKLS0tIGM4SHEwMU4vVHdRWmVEelh3aWl5dU50b21zZkkz +ZlRBVVRyWUkyNzBCRW8KFnyLH2X+Bf2NEPrgx7DMjK1hAM/VYtv7EelaeGrc0V72 +1UeFeYdpyRW/hs/jTiWEP++ncLw= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/jellyfin-lapi-key.age b/secrets/jellyfin-lapi-key.age index 7e4984e..9273c7f 100644 --- a/secrets/jellyfin-lapi-key.age +++ b/secrets/jellyfin-lapi-key.age @@ -1,15 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBUTExn -Ukhjb2dyVHg3OGYyYTM0eHRsUnZScDRHTVI4RVI3cXlYMXZSNVhFCmR5ODY3c05J -UTJmNFl1WjJ3c0o4aFBvc1FPYTRSUXdiZURGN0hqZ2ZPVUEKLT4gc3NoLWVkMjU1 -MTkgdWZEbEhBIDdXdU1qUlJncUFBc1FtOWpONWtCWjNTYVRpU1pobXY2R1NjUmpx -RVhubUEKT0NMUmdKcGNKMmp5YnVSTVNrUFhJblpDZG9XUmlSNWZDR1FqSWs3cjFx -NAotPiBsdS1ncmVhc2UgVy98IHQjK3MgNj9NSkktICwKUkhoOXpLREhLcXVRY0RL -QVBXVWJqQ1d0Y2trVVV1NDNnUm5yZTlhaFRQWDhSaC91dFN3a1JSS0hlWWFXc01X -WApZeFJxSFM1NU8vRGFFZmFNU3FEeWFKKzVPSncwK0RWMDdxYUYrdwotLS0gTStZ -L2hFeWlMYld0bFJqL0VvR2pyamxVa0FVMHk3alBWYitOc0JIdGRKQQocJQnky20p -swuSedtzr6TTeXAQHeyevvFDqjyRHTmGpblitxZJ66SpMMDUKeNE7q1pJJmZF04J -9Ne8d42JQJBh/5i+8a4wS9xRkeLxVoyyxE+pUsq/S5VxtfNJl1ZI+Xq2S4Ma++X8 -kqQoZcQzWw8cG3xFBdxz4/MqMgwMQI7JdDLi8PiJWq/e3faMb76LzkNxR+vxH3rR -BKI= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBHOVkw +VW9kT3RZRjlzUEZLY28rQStkNkU0NDR2NzRNcFgwZStici8xS2xzCkxwMVcvbmNh +WnpHYXNkZlJxTE1yRnRrQWZaekRZQmxJUk1namt0dVcrVlUKLT4gc3NoLWVkMjU1 +MTkgdWZEbEhBIHVXWUZNellQaks4UTA1MHMrREFvYzQ2Y1dmNlpXdDNRV1Z6SGM1 +RnZ0Q3cKNXA2OWJhY3FkbmpUaWJqTHRDd1hBN1cwcThoZkcyNW8vWkpiSC9lVTFv +WQotPiA4e0ktZ3JlYXNlIEpDLG88cGRLIC5MZjFZIDQvRy9McTkKenVjRlZMVlVu +TENlNVA5UnpkRTJpTVFuUi82NkpPV1BOcDNwSmo3NUluYnI1QjBobW1KSDIvd3N0 +b3pnNnkzKwpQZzRBSEFMemwwT0xlZHh5YzFqeENKcUZWN2hJNWlSSWFKam82NjFF +L1hQZ0MrV3R4SWJpVDFiZDFnCi0tLSA4Uktla3NhSldnY0tDOGp5L0xmWHZSbEkx +SzFtSXFUWjd2bUNRQlNuTktNCjnAD+73psC2aliaFpyWJSEt/VSmBpRV2nyzmURR +TWZAGmPDt97llnhdsdKY24nfQ76Kfx7UcZgKtqDmfspEonqpBpyrISrZ3llj/xeo +IjCQM3TuVF/kUmBOduAc+Vta0cMWjxwq7tsloZigxYiADH/xkuOJJ4InjAwAyOfI +qTyGwLW0zWeY1e28+VTg7Yu5cMtI70qsTMB3JA== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/postgresql-lapi-key.age b/secrets/postgresql-lapi-key.age index 5bda4e9..26a93ff 100644 --- a/secrets/postgresql-lapi-key.age +++ b/secrets/postgresql-lapi-key.age @@ -1,15 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBhbTY4 -d015K1A2VmpDUitOdWZ6bi9kVFFya2VlaUU3aGVwWmlrU2R0a1hzCmw3enBEc1pF -Y2kxTEJqekpkTkREdm0wU3luUUZYU1BNeDc5TncrdWpxZzAKLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIFFIZWtTZXZJejQ3RmdJUGZpVzlCT1d2enE1dm5uQVUrd0ttelYr -RU1maGcKWC9helc0TWpqNHdDZWxVV3BYMWQyaTdxbnZXVFBCMUlTRlhhRURYcTBy -cwotPiBYLSgwNTQtZ3JlYXNlIDkrXGAnVlc+IDYgPE4KeURHNEZpdkw3Qmc5S3lI -VDYwRUdId2o0VFZ2Z0drZFE5ZDVLSm5ZYjY4T3NUNHJ0SDZQaVJvd0wxV25rL05O -cgpWUW12SXk1b2pMWEw1Y0FGQjVPT1lVWnU3QVlOUERHYVlqM0VVbUtMVVBmV3Zr -RUF2dwotLS0gWWR4R3ZoSHJ0QUJCZE9sNlMzaks0U2k5UVJrQ1BHcmVueWt4SXk3 -cWpUUQr7lLTLdht12eGKrFFFWekyjOFSOio11lwh6HLJzEp9pm8mw7z4ZKiuo5cl -CElGulhx0usvDGT8EJulH4yFLNePonTJ0W7DBmA0/ZbZ05akeS8Z4FoiIcS5WdcQ -DJzxir0Vr9zhkkcpckptTKqJHiVP1BAwk+dhUpmjo9nCGmzictpx+F9bVPVtaoB6 -4nUvX6J+CXIVbuUkZZ8fKw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB6OUJr +UkdUU054UENBNmdSNXg5Y0RnUHcwbWhCWkM3N1Q0TnRuWGpEbXpNClAxcUM4djZm +M0lKckxFbXQzU096TlRmUGRHR0FUMDRZZzVicWJLZE4xaTAKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIEQxcTNQY3lWQTROUEt5Nnhqbm5xOW1kSE03dXFhYi9YTHM3R2kw +TTh6MVEKeUVzQThCd0JzUE9yMTA4MXN6amtRSWs2RDBxV3FidnczUTNId3BxZXAz +WQotPiAvXDVCXDlLLWdyZWFzZSBJIHZJVyFPIGBYNkJqKDwgUiJsXAp3RERPaDc2 +K3Iyb3FmVm5YQzVZYnZHMkF6NkdZck5FbE1PQTFycHZiWnBDSwotLS0gWVpaK0t3 +bmxTMmVuMisxTEFqaUhjQlpkbFV1Yi9DcmsrSU5uUkZJdFV1TQplC1Y/g+mjQFGR +BxROLytGhPllX4H46z0YACaXCmmCrWFvihAUgQBo2lufE7GDTS98RlCKAz9wRpMM +Ocsq3QsmlCbMtpTrdRDxSqkuO6kNK6xUeXctJhwl/hXfhAqOX7YsU/kExC0oEpfM +OYD0iv/s6+sIB3z3kXywI1ENDUZIKj/olJJESyKtgrsuqcZZ9USWC+vOYzJnTyD+ +Nw== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/redis-lapi-key.age b/secrets/redis-lapi-key.age index d60a764..96382c2 100644 --- a/secrets/redis-lapi-key.age +++ b/secrets/redis-lapi-key.age @@ -1,14 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBhRHg5 -UW43bi9hZWRjTzRBNitqTzRwNWd5VVFEMVljZHloSEhWYTdlb3c4CmliZUZ2UVo0 -SERLREpYL3JRRExXTVJXYnVNRmVZQzlta2pqWVJrNS9xMXMKLT4gc3NoLWVkMjU1 -MTkgK1EraUJRIFdZS3E2djNFR3hzWGo2TE8rNkh6MnRNVnZZZGdrNmRnSGNLV0xX -Uy84UlUKZDBXUnFSQ0M2Qnc2VjZtMnp5bWNoR3BseWI3eDN0dk1uVjdCUGFDQ3N2 -bwotPiAsPVRSLWdyZWFzZSBRaT99ICw5KycKVXZhL0lpbW4vN1dqMDJiTTZJY0d6 -Qis5K1l1R0UveDdRZHBjTkxvSkpCVXJPWUJnLzVTM1VuaWxRVm5UdGZXUApKN3ha -bS91eXRRNHBGTUZoRDh5TAotLS0gYXRxelJTMzZRbFZsNTQ5b3JaWEd4Wmt3TWVR -OFFiSUpjZjBnUzlVK2NjbwqogtLabu/FHTxCHFjOFLOGawQAe790oMQGCtlZFvwX -3loshuKZK4+n2t79A3kT4PRb2V6caahidpNDJTZO+EebPbV8oQS4N8mJUfcNeuWO -SSRbutps9K1CitzqWeq4DUqs03/NN0mXPrCZ1ZNRkD9gv40H0Y8E57CxEVimEK4A -WCWlL0ijl+uN1PKuGwtbrjCmxPkIJn4= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBJTVlC +NHBONUdHWGRwZlphWlJBWGxtUFZmd3UraEluUjJDU0xpT3BWU3lNClgwUHRMUVlC +eE5lVWFDODlNTUlLaTNQZ1VkWWdhUGlpYWdJeG0vZ2svK1EKLT4gc3NoLWVkMjU1 +MTkgK1EraUJRIE03ZW1MRG5LdVFBMDRKYTBYSXhwVU5Sb2gwRGl6Zno0cnhMUHZP +alZHVlEKQnRsa1dSSkRVak10elYrQlpPR0hNMG85cDArRzh5dTFMeXk1TzI4TXZV +SQotPiBBWCM6QWheeS1ncmVhc2UgWz84cwpEYzcwdmdwSHJxR1NURmNITG1MSnph +ektrZi9jSGRCd3pYUmx3T1ZOS3kzM256TWxaTHZacGwwaE9uemkvbXl2CmFFRHp6 +Y2lCQm55UGpqbnUrb1NUSHdtZnd3Mnd6T3NGRWZOVjVibXNNbHFRc3c1aGQxNVJM +b3g5dTZXNAotLS0gQ3JzZU5pUG1oaldhYmpqS1lhdlF5NVZnR3AzQjZqUHlqcm9X +ZzQ0MnVFawqOoQpTdrjGSS+aJOem5fmQOfziuhuckXgw8gqTvjnNJZuGyJ4BUz1D +z8HC1dR5LIDLDfw1OZPLg1I3GtYodDtlrMybQd0Z1xbOzWlNP0xQSVlyuCtL+sow +5n/YH8Q1IZASsgeEgbu0/3Edh0DV9IPT6l2eWhtRXh0zxmObare/y2wXqUlRzZeO +oiB7S0hIUPpBU2qaI3Y= -----END AGE ENCRYPTED FILE----- diff --git a/services/docker/secrets/docker-gluetun-env.age b/services/docker/secrets/docker-gluetun-env.age index 9ae515b..f3a03c8 100644 --- a/services/docker/secrets/docker-gluetun-env.age +++ b/services/docker/secrets/docker-gluetun-env.age @@ -1,17 +1,17 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB6bm1Z -R0ZuamUzUG50b1QvdllrUlZ4YVRKaVRhanFWRlBPbDVKaXNRbkdrCk1Ob0VwZFRK -TE53cWJzVmNid0MzSVp3TkFjOEt3UmE5Q0o3cGgwTFdJL3MKLT4gc3NoLWVkMjU1 -MTkgOTNTUHhnIEFia2hJY3lCOEc1czBlNEZ1dEs0OUQwYmowQXVVVlpyTzFheFVI -ZzA2QzQKKzY3aFBjWkJOeHhFQ2xsUGhvSHc3ejlraGVnS3B5ejBua0k4Rll5Y0U0 -bwotPiAvckJxYXgtZ3JlYXNlIF8pQSp1Tl54ICJwS2pNSig4ClJKTW5tUXlJTXh3 -bldUbVQ2a1dMcXJTVDBBCi0tLSBXSG82YlFyTFU2YXp6M2pjK1IzMHZCT0RjMlVv -Smo2dTlwN2RxYmxDelA4ChrTlil3hnuuzsiSzo+XIjDKo4Qev/q2T0/DfhDsHlOv -loSNU91LEm6C00wf6uNt6YuVjqumlui42z1b2R79S1HHv06cqGUFyFQxn9F4LqTR -Q2+Xq+M16I3wUevztCoTRLBtBPX2fcOcdKjigyYT7X/hXAOIU1GGMXEQKqkgtTzg -jzJd5exlYbEFRsfMuVrpWc18dkZfiwvYNmXXERJe5xZpcqi5B15qrPi22/xH8KUC -cCNZ46KH5Q7p5qi3XrdxYSzgszpr+Cjg/eqkhsXRQIKv3CCZL+Frzycn5ybHgDWm -w9/wh73jcngAscWN9gDaoqysxwz65hkuNu07a/56YjQ30F13sXR92Bq7McaGUqM2 -rgSAPYEW9qT5QV7toTiB8gZAUCcz+MyjK4vh964EPdQc0975VRIp5KsLhFufc2AN -fWEbS/cCNKpHFq5oMR/MWSz7dnLpFDVObQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBwbTZB +MW8yeThzVXR0bldiOVU3cUw1bGxUSFZHZitsOENXeldSK2NQY3o4CmRXbkRINGU0 +amk5SExnbnlmZm5RdXlJWThib1dtL1ZNOHBaZGRlWjh5ajgKLT4gc3NoLWVkMjU1 +MTkgWWc0YkZ3IGo0Q0N5NnlQV3E1ZjRhbE5DWXJtOXlZRDkwTnhtNGxrc1pzZDNm +bHR1UTgKNVZ5a3FNbEU2WDc1NW95TVF0aEFJdm5yamIzMVF4SUtIdXdMRXI5b01i +RQotPiBgXGItZ3JlYXNlCnVMT1Z5N2N6NHRJSDM5VEh6N09BS0dtQnlHcmF5eGtm +VUQ5QUMxemdWdXJaeC9zSkJFZDAKLS0tIDRLam8vTVE1VzdoeU1NZmRZSmRzVVdK +VWZicTdhRFJybklrMi9Bb1dJR0UKx6uHdoNSwreAv+GKrxyGtA1gC+YkIpZ9QESK +C69nGX2nY/JJWRnBnm5bxTc6YQ4Vg6dTI0HogYdTI9m2+HXkYkB72V2g+v6GlIfu +tBtrBeI+qUNcDzA0OWpte9SkBgqfuZPI8990wZhkkXGmUo7HcX/GNOavlov18ils +ZCaEU1UIa46Mk7hTeZFeyjFAgC+pbDCb+1ZHeOzVc7fTsD8H5wCma2f4QUp9P6Wt +zo3DPQwZbN6QKd95eYNCEmp6RNvWy+/CYTHLJyydphZ+8psegyxZ50WWr1jJBE97 +hgdgQ/fm+bt8TUwDi40N5Lmo6jJemll2TYxYkxYQWewOT0rKu0z/M/aywlHyI66T ++2OJzNFzQ94x9EEesyGGBdvbA/sm+9daeOng4i8jnEoBIco8eDnk0pVvifNENLI+ +y6TfBV3ckgfFynvCBP05WCGTejUW9tcuXVclcgYP -----END AGE ENCRYPTED FILE----- diff --git a/services/docker/secrets/docker-qbittorrent-env.age b/services/docker/secrets/docker-qbittorrent-env.age index 72bb6f7..db73592 100644 --- a/services/docker/secrets/docker-qbittorrent-env.age +++ b/services/docker/secrets/docker-qbittorrent-env.age @@ -1,16 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBIdXdZ -V1g4dm5oQndROFRRd0dETVF3bzZrVlYvTzlwOFoyVllBSTRQbkRzCnQ2RG4zRlR1 -b3YwMkpSUjNWeGIvaFRvM0hVVU0zTEtidkFiMGFPajFrczAKLT4gc3NoLWVkMjU1 -MTkgOTNTUHhnIHo4RGpvL0lia2RHT3h2QTNxaWlGTWVScmJuMStpY2liSmpFeW9m -U2h1U1EKM3JRUFg5cWdac0FnY1FmNmRRNDM3R2FhVGlPZndpMEY1aWl0WFJlanBV -ZwotPiAuJzFwcGohLWdyZWFzZSBnJjdKYSBVWVs8LWYgNiEKYkxUbDVQSGUzanBy -L3Q2aE1VOFVGMkpPY0l3ajZJaWJCWWkxN1BXbUxvQms3UW5FTmxVZ1Y5NDk0MGpa -SmdFMQo5RTI4NEt2RkkrdUE1Y1NHSUtaeC9oS3oKLS0tIGpoQnJVb0tOZkxRZ3VH -aWwrb0R2R01oejdlY3UvODJ0M3JmZnIxZXpXV3cK9mWMaIpNfX4NQBrnbwawb/Jb -U8DyQrUAz5efY1WE/02ag2dXrekFN47WbwbHSy2m75DJ13FQg17N24sCM4UiClg7 -p6llginA7D8S7X25NtgWNrAGTHQrwgM1c+KmPA2L4y6TE9F9SRcyUTyd+AxbeDo6 -p6hklgMXIKiDtkJdHA9NOxgUKxqGteolk3frJ0WvMa71NbFSL67AosMmeq0Y+O8o -HwML72wdPk1+PYBEgp6acIPgVmQE3+kSO/bY7QWSenoDIS5ar9FWVO5+Yjkecvxz -wvMxCmR3PjEajsMBu+fJOLeQTw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBSS0Fi +WVpaK3F3dmMxM0VlK0pwSjBUU0FGVmtIcW1HeUY4dXlRdDByTEVFCmRrMjl0cHJa +bFVHT3pFNHgyMFJIYSsvUWtDMDYrZS9DS2o4bnJOUVMwcWMKLT4gc3NoLWVkMjU1 +MTkgWWc0YkZ3IGxSYzVwUG5JQ1JvemtLc3IxbEg4d2VzQ2pTNnFhWTRUYjMzci9O +L1FRbHMKaEdaaU4zWmdCaXo0Y3VVc3dscUVYRlArZE9hVEUyZDlMMk5pZTh3TTR6 +TQotPiBPLy1ncmVhc2UKS1EwUFhCSlgwRkNPa3cKLS0tIElVcDF4NmZrZUdsYVNt +N1l5ODcxaG5KdnRQVllVckZlL0Z5NlowVjdiQk0K8l1jN2I/a6266Iz7jweateSh +wiT0xGEI0HZObqSGEupUibfT/39w+RZCYMzIB8fCHoxQ+I2b7+E9Uz1gHwbJRXOd +gYprLQ5SJFtjtZOhhJ9RPIZzMOHCcUdlD854t1m1Vpr65lfst6tFfbEGAUQO/Z/a +s9MtXyeiSSQVT7ZSTzhs902mUdOT8byBIcJKgyPtogjjEx9JwChK3wtD0gs1k0lJ +r0WeR6UNqvyuLBrLPAfm6on48jgefMBs9au2wMi9ME+4aDFY9Vc/EoAl7VA3ygEF +LAyzmxa195D5Ub22q5xBbGz0ig== -----END AGE ENCRYPTED FILE----- diff --git a/services/forgejo/secrets/forgejoDBPass.age b/services/forgejo/secrets/forgejoDBPass.age index 5f909b1..09df4b4 100644 --- a/services/forgejo/secrets/forgejoDBPass.age +++ b/services/forgejo/secrets/forgejoDBPass.age @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBvZkVj -end0dWVWODE3c2t5VTUrUDhRSHhyMjE1SVh3NElBUEFjR2JWSnd3CnBNd0hkc0Rq -SHkraGNCa0JzM0hJL3hRRm16ZXpYWTdLbmZEMlFDSjVremcKLT4gc3NoLWVkMjU1 -MTkgeHFteWpBIHVWR0puQnovNkFaVTFhYWlVUk9GeXJDcTFDM3Yxc0dKa2pJYWhY -R0VPREUKS3YwaCtGLzNxdTdUdUNMamlxU2ZtL0Z1ZWRoNTJoY096ZG9iVnUrTHlz -UQotPiBVUkAtZ3JlYXNlIFU9UkhKLQpFZFdmTVdGSk5ibXlPd0tSZFNxVEdrOW8w -L2YvNWlzNHBJSHcwZDhpOHlQUEhNVVhsak9ObnBQNm50cW1jME41CjVqMzc4QWRu -V2x5VG1SSm8zZjI5WGVYVmNwZFBla3l0Y0YvNDExbmsKLS0tIG1nN2k0Z0NKZVNj -Mzkzd1Y1MlVyd2RjcmVXc0xkZklKVHpycEkwdjRiR1UKnDgztdWeoF36titMX/B3 -Jtip2foKvWv07swLRK1Ff+PC5+HgQDPcVkBN1Mw= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB2cWhu +bUVsZ1FRc3RWUlhUTVdEMHkyR3d3YXlMWGxwWkZrRzIvZ1B0TWdVCjZIK2RXaEZk +VmdaK3hxUTJuSTREcCs0bWJDeGc4SWxZblpPbU5vZ0I2ZkkKLT4gc3NoLWVkMjU1 +MTkgeHFteWpBIEd4K2VrT3dYYlo1OUJNQ3Q0cDFSdTZXd2trU29rQXZnNUl3MG5r +bmtIQVEKOE03RGNESlBLMEl3Y1gyUVJVSzFTZWlpOTZvaDhpV05kbzB4QjlRR1ll +ZwotPiBnQGJAITYtZ3JlYXNlIFlYQy94IEonLGx1dkwgIl19bAorWHdHbDJaY2Qv +eGVWQ2ZrR2tLd3d6SSthaktRNzB2cVh1S202Z2tyMGQwcHRCejg0a0ZCclFmazZ6 +N0FWbERuCi9FK2hjLyt1SWlPZnhBCi0tLSAzUWo5VjVjdlFiV2V4WDNnZ25ZeVEw +NjIxSWZ4MTV4TjhFSXB4MTJuL1VNChmbwSyyuM/VIlkBBcL6DMR2je5P3jp0Y5U1 +8Eyi7mjXzWqOGcN1HfPkI7yg -----END AGE ENCRYPTED FILE----- diff --git a/services/grafana/secrets/grafana-db.age b/services/grafana/secrets/grafana-db.age index db6f3a3..fd44f2d 100644 --- a/services/grafana/secrets/grafana-db.age +++ b/services/grafana/secrets/grafana-db.age @@ -1,11 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB1MkFR -UHVXajUxcjZZaVUrelVZQXNCVUZNK3RqWE1yVVJCSkpxQXl0QVdFCkNHREYzN3lt -YnFTbEU1c0lnaDJIeG9nVU56T28vZFh6UUxJeXRYOW8xUm8KLT4gc3NoLWVkMjU1 -MTkgd25FVXB3IDYzZUl4U2p3bU84WFdocys3MzJDZ29yTDRTSTZwVTJNVVBGWCtY -SERkQVUKUnZReDNVb29hM2MrUUYxWEtMS1JSbC9xNEQ4eFJoUlJ2bkc2ck1Razkw -OAotPiB8Uy1ncmVhc2UgJlNDZCB4Nkc3dVwlTyBcRXF3enkoVyAjdEBsVGskIQpM -VmJ5RzdQOUVDRjlNY3p6Q0NwalB4OStFSjVHS3ZVeVpaZwotLS0gWXQxZ0REbXM5 -aUNTeUtiblVhNjBMcE03VnR2ZlVuMG81TWlQOExqUlF0OAppW1yUbOYp9PvPaMAw -XFy5lE+5bJJNBLoKSoOa25MbbhreG5/JydF9DIClPhOC +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBjS2ds +ZWFOLzdIWTFhbjNlSkt3ZWxpL29lRDhkcDlIZjdYSjdMRTlmRHpzCnhnNm5EaWFj +bER0Y1ZaMGFQV0NyRlZRMTF4c3JPRWFhQ0krRk1ka1RQZ1kKLT4gc3NoLWVkMjU1 +MTkgd25FVXB3IHVlS2wxcjNsR1RSbUkxTmN5T3dqMjA0NURSVjJNN1drN1NkSHln +L01yRlkKRjVsc2Z5WGZXQkdVVFI2ei9JbWRHcVFaMjlIYW1MOXFwTVM0WSs5RGdr +YwotPiB6VzUtZ3JlYXNlIDk9YiE2XS02CmszWGp5MmsyMG5zY2dXOXlRaTBqTmJJ +dU95TGRjUXNOVlRsVEZHdDZQUFM4Sy9LaG9NSkVXQm1CdE50RDNNRWUKMGNjVlln +ekViLzZYUDRwS01jUGVCVk1MU2o0UG1nVlZVeDR5Z3l3TFJnVzl6NkVHT29CTWNR +ZkwKLS0tIHRlbXBGSmZmZGs3dXdTQnZlTFJsYnNpeVZOTk5CeFlxYmVHMzhvQ0F6 +b00KDza7BhzounjsRDE3FdNxQSwLXK3pgywlicFNXIsxwJ1aW9coocuiXnFvcPwa +SQ== -----END AGE ENCRYPTED FILE----- diff --git a/services/grafana/secrets/grafana-oauth_secret.age b/services/grafana/secrets/grafana-oauth_secret.age index 1535eeb..be46c69 100644 --- a/services/grafana/secrets/grafana-oauth_secret.age +++ b/services/grafana/secrets/grafana-oauth_secret.age @@ -1,14 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBEZjN4 -dStQOHFTRnhpSVIzaUw0VXQ1d0gzWlo1amtTNHFZZjQvUzRKZ3pFCllGUGZwc3Ex -MWNrOTVyYXlxQmtSVjNvY0RIWHRETXVXNUIvUWhVeWZiSjgKLT4gc3NoLWVkMjU1 -MTkgd25FVXB3IHhLd1N6VGFBeWswKzR1RVlWVERBL0hQdVlhc3RSc2FhU1U5MFJl -cmNoRXMKN0swVzN2VGpsZVMvN1ZJZkJCdVhVRVZ0MUJMODVWN3c5WjFCK0R1czZD -ZwotPiA7WFcsKS1ncmVhc2UKS0x2NFZUdFlocmRmVTNsbVArblRocUV5eXdxbzls -NXNPWFUxVXFkMmVFUEg0UkJEV01lNlMzSFIwRTlJMzhwRwoKLS0tIG9VQ09Lb1NY -V3RLZnpjVGdab25TNHJWWG5kM2lOZVZuTGU0ZDhkK3JmVzQKplp49XSQvgkG+ps1 -C6nQSeLK/JnL+bBDqbQlDMyLJl4oqocZs/V+Dm9oRzpYYzFgS0JDxTa13ZMFSEVF -9jQ08ckzPrIIUM7EtZwAHT6OSmlqRjs/RTumDF2pUDehaGp5DBwdTsOwkGflJjjj -/R/Mma1Vrq803ykKsLUCjv1JsdDodGMfeUx6XPf3sIYXSN+VuWQUICyyBy428yZD -ExJa9UQ= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBibWFa +alBESTdOeEpsdFAzTU9HcVZuWXFVSFd2MzN0STYzUS9hb2czVlVBCm9naGtHcnFW +alc4TllHSUZuZ092R0xWbHl6Rk5jU0pjVlZmQmxMNkgyeG8KLT4gc3NoLWVkMjU1 +MTkgd25FVXB3IGo2MVhzVnhaU2ZZZ2lpcFE4andjVHZhMksrTXcreFFvSEQ1M1Uv +dmcvaWcKWXRLY0g1T0lYZ2NsZ1dsdVFtTWZ2N2NxY0svNUh2UkpVR1c5ZEE1RWox +bwotPiBTckxXPXdleC1ncmVhc2UgKyBVXUggajZzWi8+CkQ1c2pWM3lxd0IxalpY +NjF5dWFSZDZFcXpoYVdyL1hrCi0tLSBOOXBtNzN1WCsxb3RtV05XQ2hac2FsNHZM +NGdqVDZRa1lBZnpJQ3hoeHQ4Cjo9jxuFoH1ao5OiCS4Gi9qmfv8lVpyedf8+o3Xx +/a4YKnQcDtwYMWaLPLj29bumQpDugHzFTju3ID7oGPDeb+1OuQ429lHkWz9S9Umg +3okUCfFAxDwrxGOdJdm9Zsw8AXNC05WT9C8nSsqt4bS77/0GJElSRy9XJhH0vzUv +MCb79JH5ZHNhBuvZk9g9wmDQuY13mRukmtHhTf8gBwre0Lcq -----END AGE ENCRYPTED FILE----- diff --git a/services/grafana/secrets/kuma-token.age b/services/grafana/secrets/kuma-token.age index 63fa6dc..ebfc5fc 100644 --- a/services/grafana/secrets/kuma-token.age +++ b/services/grafana/secrets/kuma-token.age @@ -1,11 +1,11 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBaK3NN -SjFOamFDRVFTamV5cmxEbG9aMk1wbS9pMWkvUlpNMkFUMmRiNzF3CnBaSHF0LytY -QzI1QVArSFZuL1RodlZiL2s2MUpFd1BCenBJZGVKaEI1ZFEKLT4gc3NoLWVkMjU1 -MTkgd25FVXB3IFVLbTNFUmd4VFhvYVRjUG5ZQ3Y1TWVxQmVtVE43WnE4YjdlTExK -MURFelkKWUNYQkpONFpjamR0VFRpTXFsUmd4Y0hpMk9VZEJkVWJQb1JGNFAvQk16 -TQotPiAlQS1ncmVhc2UgNzFsTzNsfjIgfiI+TyB3CkxPLy9HYnRJc3FxdzQzK2p3 -YnZCQmJVCi0tLSB2K0VCTkhLTXc4U2JsYXNEV2lveERHZitsa2VTMytkYVlJVERB -UkJWdWQ0CptkbkxdWB9xkUOpgoWjTerd3bXJCsERFCM8T5BQePixc7YYwPkFoBgO -2rz0GxVad0DlCFLkQEmIr3vk5s5j2h3VHDakM6UI2ueHbg1M +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBiSlB1 +M1o5OHY3aHUxSnFGZm1LNi9CNGZ5bGMwbXRnSGhOMWtmYXR6ekhrCjgwdmtnSUZV +UzJ4Ukp0SGZrNEZYa09ES1E1UzlqcGFoaWg2b280cVl5TkUKLT4gc3NoLWVkMjU1 +MTkgd25FVXB3IHByb20rbE1MaGh0eDZKaDFlc2dsYWwzemUrMVNVRjBNYXN0eGps +ZnZHbFkKbHptbGV3ekh4bWtzWnAyKzQrQ0hqTklaUGRLMlFyS2NwbEUvZDdwdEFC +UQotPiB6WmEtZ3JlYXNlCjRHWVB0bGt1OHNrCi0tLSAzYjZWd3pmVXlkMk1IMmlX +VytHMXNHbGdxSE53MFA5VEJXbzJRQzNpZ3dvChuiuoQW8/l+A39tVRSC7uH67MNC +Bjx0hoEPquAfCXsuwTbbL68/5VOqVgp5J9tpSizzjwZ6h9oDIcSrbXJX6SCSJ0QW +q21t7SO6yIAa -----END AGE ENCRYPTED FILE----- diff --git a/services/nginx/secrets/cs-lapi-key.age b/services/nginx/secrets/cs-lapi-key.age index cd689d8..d32e3f9 100644 --- a/services/nginx/secrets/cs-lapi-key.age +++ b/services/nginx/secrets/cs-lapi-key.age @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBzU05n -c3VLaG41bmxMaW5nU0lkc2xpblN4cGd4ZWU3aTlvZ0JqWkRnbDFVCkJrUUx5Q0tN -L2FYUHUvU05yZEhwN0w4VmxUZ3gvNEs4WitQeEY0TnlzelUKLT4gc3NoLWVkMjU1 -MTkgbXUwZm5BIG9MR093QU9EQmF0VlJiT3dad2F1NHJhL2pCWnBPQ2ZvMHkwQitF -T05QazgKZGVTcGpBM1NwU05lc3NoUlpEZll4M2lqMnYrKzZCYW9BVWVDTHJMRkZQ -cwotPiBfaCdjPi1ncmVhc2UgWE5paHIzICZyak43UyAoIENpCmFBCi0tLSBFei9i -RCs3MHJmcDhhV2Zsa0NpOURQWVJINEpqQzZFa3FCd05XZjgxTWxRCmpG/aPMApbQ -4QhUuskdSHBM4tC18UwXksjPC5hRSvRY7GyUqEW/RxTWiFnhh3qJCfFNj0ALBbqK -lQKjFEXwYpo+xlIhPWsNeRrrGnuhYbfG3TUU60ceEI8wtmmvLnMdjp2rkGD1GOOy -uT6jLoeIXr0L+3TCePEBH13Wvi4UkovSSYubAMWt8E0r +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBGZmgx +andlM2dEbEt6eGE0N3BMcTVSZ1RmbXpPNGFqOVNQdTNWQWw2bFRzCmw3SHZ1TW1n +OS90ZndnUVJIQUlJWTJlM2toTjdGM3NlVHdMTmZld1pEMlEKLT4gc3NoLWVkMjU1 +MTkgbXUwZm5BIFhvdmdxT1h3MFVFSVVHVTZUZWhpdVkzcnFsQk5CN0hsZzh4SUlv +TnN3RnMKTnBLb281eW4yK1d0dDNVZTczNUVpUEt2eU9iQXQwQ2ZnSHdrYnJsUVl0 +YwotPiA0bi9BcEtdTi1ncmVhc2UgPyBBClF1Qmt1QjE1UnVTaTBER0IvKys2cERz +VmRwOGpHTzMrMHM4V2o0bwotLS0gQU5JaVEzR0FUY3kzbi9KK2ZDRitWaU92OXNL +c1o4NTdCZlJPTm5LenV6UQpB4QGezu29MW3IFhvBgTPpySodCaXDyV07L11IYC0B +RczB6k9ALlkpey6w5OGi6L6A5LLtEcqALfFZU+wHhYrMUBHLZ2psogOVupY3W7XH +m4P2xLD79OddvQPYJwaIaemyT1W2Qwak6eeMEfQ/KhCXkOHnzcr3bdIPL6GqZH+O +dY8n7qx0ekqloA== -----END AGE ENCRYPTED FILE----- diff --git a/services/onlyoffice/secrets/office-dbpass.age b/services/onlyoffice/secrets/office-dbpass.age index cd91a12..d73ba65 100644 --- a/services/onlyoffice/secrets/office-dbpass.age +++ b/services/onlyoffice/secrets/office-dbpass.age @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyAxVCsy -MUdydjBTc0lvRFRCOXEyQjliWWJGbStHZjYxdjVKY0ZORndMYVYwCitlMG5nbDk3 -MC9IMWx5bDl5aERhNk1HZ2gyOFc3THVwZ2NyQkhLbEQ2T0EKLT4gc3NoLWVkMjU1 -MTkgbm1LUytBIEVYVFNaY3RYMjlpMi9QU3RUcGRIOFgvaVM3K3lvbmVwdERZZUNr -ZVEyMXcKN2VacGw0VE9rNDhkZHArMktpWG1qcFUyRFdnS3lKRUpSOUpHK0hZY1Zo -NAotPiBFIzMtZ3JlYXNlIGh5SGJpTwpoZFl4THdIWmRNVXNmdWhHdHB4Y1NpaTFs -ZzBHWHNaVk83TW9oeTNRdDlhTTdVdGUycmJQRjJuQmVzR0ljZlRhCmFiek1qdFFV -dzVHdFRLTThQKzBnaWMwSwotLS0gLy9nWGNZZEphcnd1SVMvZk90VlcvTkZLU3Ez -S1B0N29hL0FnWHdoUDlidwqjPSsrfTIKXusCr5OekmcZtDjGwS4y88UOCFLlYftr -DkOIpOHlfrS/6L0emUowO9g= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBOYUUx +dTNiK2J1Y1ptZFppRDVrSXZjSVdVQzNhVGlqaXk0TWNWeGFWWGs4Cm81bVkyeUh3 +bnM3Mm4wVmMxYnVxTktQSmhia2xPNEdiaDFxd0YwbTZZckUKLT4gc3NoLWVkMjU1 +MTkgbm1LUytBIGZuYWFxQm43YjZOdndMOG9PMkVVNGNKS2NnSkFtbHdrSlpES1Ez +Mk1FbXMKMHN1dVJwRkFmdUhVbDlTRWhrRjE4ejhPeUNhcTYzOXZQeTFBR1FtQW9v +WQotPiA1VH0ofS1ncmVhc2UKTjF3OHdQNXVxa0VBTGdhZ25Cb0RJTUdyeGxsd3FB +eTJzS25ISEo2ZHJCd0lHRVVuTWx3S3hyVWtjOGJwK213aQpkOWtoMlRWQnE0MFZv +WTJ6RjRCUHVYL24veUs2TE0ySUErbGFyaFlaQ09QVmpQaW0KLS0tIG9wWXlwVEIx +Rjg1d3Q3a3ZEdU0rRk8rV1RVcFlCOEE5MFZYU3E0YzlOMUEK+3DtLdLySGpcBmCp +aCa6FmS8vTZOPL5/6HF0cg4Fwn3LwFZxerK5Ff/NUDjZKDXZ -----END AGE ENCRYPTED FILE----- diff --git a/services/onlyoffice/secrets/office-jwtpass.age b/services/onlyoffice/secrets/office-jwtpass.age index 6972687..69ebd69 100644 --- a/services/onlyoffice/secrets/office-jwtpass.age +++ b/services/onlyoffice/secrets/office-jwtpass.age @@ -1,11 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBXMG10 -UVV3R2hSTTY3ZU9WVjFsU2trQ2ZmWXdvTis1NjkrcUVIMHplWTMwCi8rT3o4cjNt -MkRLZEt5MUhiVktxdkx0MUlseWtnYmptaFEwaWZlSzBscFUKLT4gc3NoLWVkMjU1 -MTkgbm1LUytBIGFvNVVDK2pOY3NoSFE4Z1FNRFdGMkNYbCtJN2E5R0QzOEhmcFFV -bXhpQlEKbXVqNTltU0twN3RzeUY4c255WUJoK24wL0VMVktHOWtlMzZDcVhjbHJY -VQotPiB0IWs1Mi1ncmVhc2UKeTEyR3Vzb253M1M2V09KeW5JSVVBUlhEdnFkOWRC -V2w0UTQ5OTB2eVBYc2xqZlZ3TWliZTJGMnlUQVVTTWFZCi0tLSBWbTZtUFBwU1hu -cjBJbyswSkszQ0ZiVytrMkluQmg3MEZ0cmRnZDdmUnljChdmM0dNCFyZzoHZN5wX -y1rKrYvNPpsSD0Wel1S419drfapspUDOLkcB5N7G1+SFrtE= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBvNTBW +aU0xMnVtSVEvdzZzemwvcE1sV3ZKMkt0OFY0VmxldjR4b29OUVRNCmlyckpXdHZP +YU5zY24rRFZ3Tm54em9ObERiMUtxTVZib3RQUGxZTUhuWmcKLT4gc3NoLWVkMjU1 +MTkgbm1LUytBIDczMXdGSjFRK2k2KzE2dDBsK21ZK2pVV0R5VVBKdXVIV3FrOE5S +anVDemcKaTd6MVJheGM5Ung1bm5qZ2Q4ZTg4MERlcVRqSDdiSUNUTlBJWjcveUtx +WQotPiAzSkI/VWYqLWdyZWFzZSBeKFcgayBbblQ/X3JYJyA1XUgKR1FZaTVITlFY +Si8wUFhnUnN2THpLY09XZm1mRGdFK1dNRmppMS93eVk5WHk1U3Y3MWFFMFIxdjNa +MFFDT2RVRgpOY3YremVFdHVlbVJJN1NzalFMK1M4eU92NEtzQmpjCi0tLSB1ZWhn +QTc2MW9VQ3c1aTBvYkJ1alVGSlhOWk9oRTdyYVduZDFqSUJqOVZVCu/tTYeyg8lc +WcRxWgK7w/ERtzBGuE/gg9a7DAA2+NcLEaVHcipWq4o3dhOJGJPti2s= -----END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/secrets/authentikDBPass.age b/services/postgresql/secrets/authentikDBPass.age index 5d46e72..61453b0 100644 --- a/services/postgresql/secrets/authentikDBPass.age +++ b/services/postgresql/secrets/authentikDBPass.age @@ -1,12 +1,11 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1Y2xU -ZUdSdEgvTUJtSkVVUFVMME9FNDlRdUtiOVZld1V0dnBzNWxuWEhBCi9vRDZWRGpX -SnFIdlc3QWYxWmZNYWJZdXNvTUtDS0ZvSzJINCtBOE9Yd0kKLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIFJrNjdQYlgrWVpNVjNVVitDUW5ZZ1VqOWptdnZYYlBOc05lU0g2 -MG1zVlkKekVkS09TVUV0Nmd6Ym9lTC9Sa1duQzE0ZVhqemI4UzAyd0NNaTNxZDhI -YwotPiB6OVBLLWdyZWFzZQpuVUxEcDZiamRIR1lXVzZjYjBERnA0VndGTXByQWh5 -TFpVYkJZajAyMFNyOStZdXNFNVJnNVgwdW53Z3ZxNkFUClRnc0R2QytyS3NZcHl3 -clpMNG8KLS0tIGtueWt3K0V6QS9xOHJ5cW9vam1oNlBrOTBBeU5TUVAzNXNuVWdm -YU9wMGcKgOLtfhNGk3xgTFtx7Rz+qPp4D7pQnKdpb7aU5F20fY1nemljn6eCAfKj -ixjhQEqX +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB6TGlW +OEtUeDRObHIrT1B2RmROdVp3NndON3lyajl2R1hOaVVlT1BPeG53ClVxNFBLTEU0 +bUpqdUM5R0p0ZGRYY2d3aTRoNGlaVUcxU09WQXViZ3N6dzQKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIHpod2JQbGN0ZW5GeWt4cnBxQm1RR3ZvQ2F1cEU3S1JxVk9sbmJV +clUwWE0Kdlpla3I2TEtqMFVwSEtoUDZJSllERElWemNreDlGdWJyZVpMeWY1SDFz +bwotPiBKYlotZ3JlYXNlIDdaVlFya3M4IGUKamFkbHNReGlNcENCRnFRcThRMmt2 +S1h4eEdBK2lvTmg0TE1tVUtyeXR0S05Xa2NKCi0tLSBMaXdmSGhDdm5FdFdNaFRK +NUxtUW03ZG1Cc0VzZFRLQXV5YUhPSldKbWFjCh1j/LqLKIQVRwUEs0iH2ChOimo1 +gKYKGzOQZt3jrHztiMW5VcGQLFyFVbXw73AFXQ== -----END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/secrets/giteaDBPass.age b/services/postgresql/secrets/giteaDBPass.age index 77ea728..abfb0a6 100644 --- a/services/postgresql/secrets/giteaDBPass.age +++ b/services/postgresql/secrets/giteaDBPass.age @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyAwNXYx -WHNtNUlOdU1mTnltN0ZkVisxQ1JnNytYSGd4YU9rU3UvaVpmSWpRCjhGdjEwOXR0 -bktuRFh0MnpGam1ndFZHZ2ZScXZSdWw1YXNaZlZXZHlnc00KLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIGREc2V6RWxYV1NrSElKbUQvN1RJaHR5QmM4cFpoY3ZqOU9kQ1lQ -ZEFJeVUKak90Z3I3ZmdJZ3gvTDJJLy9XVm1KQldEREIrZHJIK3M3SlRNNVkzN1Zx -awotPiA4VCtScy1ncmVhc2UgaWRiZiVkZXEgSlAxCjFEb2V6eGlCUGt2L0MzWjhW -V2Irdm1iRnovekxXY1hGeW1lWmV3WWJKR2xZRWFBdFlzTnlUMzRGSERLRXBVa1AK -ay9HbnU1U2Eva0xBU1FFQ2liU21FeXkzRnljSEtEWFRGTmxiMFJndHdhcwotLS0g -bFRiSFZ2NitOc3ZkTXZoV2ZSVkcvZitGZWU4b1g2WGhCaXJibXg3K1ZzQQocZWV7 -wmp7pXPPiW6/+pqL79gR6EtCu3LbY4UJoKOQmls6PZYEa6jtWEMxZw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1MDVt +V0FJbkJTUVVjUFFRY21sd2JYeUY5Ujd5WTlzYzVMYkI3TWRJWWpnClp5VGV0VFUv +a0hMQXhRTzNsOHp2LzhrajdQVW12WEQ3enZWMXhTcS9ySEUKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIE1adVVTOXhjd1ZJK1ZNNWFpeTlReWh1a3ZCWS9NU3M4U1VDUTZu +RU9UUzQKOVVHYXEzeTdZZGZmeGoweTd2N0VPaWFZN2lEdng4ZzFOVXB1T1BCUHdH +RQotPiBqK3ozTjJ+Qy1ncmVhc2UgPyo4IGhAeC5tIEQuXUp4WwpSYnZNbDB2V1RB +QkZWUS84U3E0Ry9iT0MzRmFuTHdBV3pQNExPWk5LS2ppVnZTZXYrbTBzaWIyeFZJ +Mzk2ZwotLS0gZFBmajV2RUkycEFFdG5ld0ZxMWlGSENUUWJ1RDNsYVJQaUFPSXZH +OFd0WQpp/Ff3MqpyQ0QCEnYuKa1dsw6JsfUFoDG21LINLeKeP8guhIDQzE7jVO0x +Ow== -----END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/secrets/grafanaDBPass.age b/services/postgresql/secrets/grafanaDBPass.age index 6bb042b..b4c9deb 100644 --- a/services/postgresql/secrets/grafanaDBPass.age +++ b/services/postgresql/secrets/grafanaDBPass.age @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBZWUpw -NGk1MGNoVTBPTmtlV01BMHUzcjdaTVZjQmY0NmJmMWsyaWlMRFZNCnc0UkEyN2l3 -WnhPNjdkUEw2SytscWNtZVNHNmZQWFBTc3BtcUZpWVNtVUEKLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIHFzbEVuYWkydy9JTVdQSzhQVzFaZnJlbTloRm8xZllUUzB2MmZX -V0dKeUUKdmljUUpYTkhsa1VFekh2LzJzakgxNzJwcXVLd3lsKzFheXVLZ1Q2M2Zk -MAotPiBBZnJFVFMtZ3JlYXNlICwsOC84CjR3RnJ1RHBQM3ZRYVBxODFaTWgzTCtq -ZDJRY3libjYvc05OK1kwTTRLbkFEUVVzaFYySER0WDBTemlIWnFpaWQKNGVhQXRK -UFZFK0dhdDdOU24zOVdyaEdDcVEKLS0tIFVsNHNrUkJXOHcvRE5sYW8rL3ovRGww -cWw3MW5XK1dlT0d1ZnF3M1p3eEEKbxqpJQuKtZdYLRHgg9eI5WT2wMixSOnsSth9 -Ah8uYlAFRt/T0g/2RWZN1PTe5w== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBzOG93 +S2dhQy9naHc5K0dqcG9zUUpvWTlaSW12cUhzVEdqOVFRaVE2bFY4CjFlOElPUmlj +azlrVkZoT0ltWG5OdG5RNkNLS25lTy80dkVmbzdzQk9QTmMKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIHg5aVRybVAzVFhvSll1SlNGNDVOcHIxT2dqcStqR05yRytteisx +RCtqdzQKWERZSEV3cWtLcWFOSWJmU0Fud3Y4Qi9mSkhVSS8ybmMrQkhValJXL3lY +YwotPiBCfSJaVy1ncmVhc2UgfHVhIHkKM2RxRFJxKzRWSHF1Yk1jTmxHaHRFUUw0 +N3FaN3ZwSG9uVGZkWG43U1RUcDZYdDZtMGowZkxEOXE1VHFBa2htZQpzNXd6UUlC +TGg2ZUNjem5HYXFrQ2V5eFZidlUyaGdLTU0yaXNwMmhiOWEwZUtGbEJqN1V3TGRB +dmNWMlo5eEQ5CmpXawotLS0gU05Bb2prNmxtV0NzNk1VUWhrb2ZtVXVKZjB4V1ZC +SDNJNlEvTUk4Qk1ObwpLk/tP545qxrUFoqPn7lfEuo5aezxkRgwLJsHNut17zCGE +IfueXBxKdYJV2vfz -----END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/secrets/netboxDBPass.age b/services/postgresql/secrets/netboxDBPass.age index 6bbc127..c560851 100644 --- a/services/postgresql/secrets/netboxDBPass.age +++ b/services/postgresql/secrets/netboxDBPass.age @@ -1,11 +1,11 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBLUURq -ODhZY3Zqc2JnVWo0RWxvVFpQMzFrUEl4SldVRnJxOXpnQjFzWFVVCkJNd21xZWV5 -TmxuSjJOMm16RkhlUzMvRWIzbFVwNVh2Z2l3VUlVbzdQencKLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIHRscjBZOVZMZVE4bUp1all2SkdoNFJ1R1N1bXIyOHMwdkNqZUhE -UGZVaEEKYzRUbERKU2Zhc3NwMlpFU2NiaFBjbFlMbWlaM2tEUUFzdytGNC9iZzhV -SQotPiBsNFotbC1ncmVhc2UgUDV6LmBdXkwgQ25NcHRBY0EgOzMxdCBDeSsiMmxw -UgozUHhTYzhBZkhYNFJBcW9yTVV1VWh0T3IzTk5TN1EKLS0tIFgyOEZFZGhNak5i -dWRXNmRBaEtXTUlMZHVmMVZCWXlvYWVEdjVHbUIwRUkK5Tx3z3J72HY4RB/mo6/w -+QPlLUaV1clcKYmPS8AR1NX/G6bdH5P7O3/b +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1a0RH +aUdMTGVqblJEbTdWNFN3TitvUDF0NTZUa2FYM3RuczErL3ZhTWtFCjJ2RzhvS0t5 +eWNiTDcwWXM0RkRuKzA3blJUR1JRZFJONk90TktrdmxMcGsKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIDBCczJ0RkQ5NWw4WVFqNUhLaUNGdTlJMzAyZkJmT0tRRzFYZXBq +VE94Q00KUEpzeVVyRlZkRWNBY1NlSzd0U2NJL1ZxOUtBUzdsajBJMWYvTmJHdjd0 +awotPiB3Wi1ncmVhc2UgPyAyWVF5OERzLwpLeUgrNmxyWFdXNHFXOW41SmRuWC9p +ZFFVckdaejdvOG90VzRLMjZtNDkxSkRqMysKLS0tIGhyU25wakNlMjNMV0xxb2E4 +c2JUTUlXRERZazRSK1gwK3FYVmZsQ3dVZ00KJs2tJTCre81wGsHAnKxPEipIEGp6 +hnfaZm+a4cVSbh2HAJlVvqEC6Pp7 -----END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/secrets/nextcloudDBPass.age b/services/postgresql/secrets/nextcloudDBPass.age index 6795478..22d5428 100644 --- a/services/postgresql/secrets/nextcloudDBPass.age +++ b/services/postgresql/secrets/nextcloudDBPass.age @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBvM2lV -UGZvVitYUTJpcDNaV1VzQVYxTllQY0NYQTIxcmN6VlZZMjFBUmxBCnYxaWhSV0Vx -S210VlVySkRYVGZJd3FnYmZRcnpvNWpPdzVjSW81UkhaZlUKLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIDVPeU13aTlGakN0RHlVT3NuME1qWTMvQlg4Nld1bXB5N29qd08x -S2FVU0UKR3hLYkwvK2p4bUNscW1ocytHeUZnMlo2TGNLdnpuUmJaeEZwdkZiNHFn -RQotPiBaLWdyZWFzZSB1Ck00VXlub3BmK09sNFJoOWFQbUJBb0hMYTJJVUtxVDIy -U2JZRnRnL2Z4L0JXWVN2NzZhRi9vbUQ3a2FwTUJsWDIKbWE4ellvRzBBVm1VWHFi -NkdIY3ZqV0dndkNWRTNrWUVScFc3SlZwL0dYYW1qeFV1dGFKb2c3OFFvanh4Ci0t -LSBkWCtDWktaZjJvdEI5NThDMjVSZEo2K0tUSnp5MkJKQzFNc3JxaDk4RWRrCh5a -ybn9L45z/U188YVYNQnHO2YwDEOxlmqMFZ2XGbsFJzD8yiHIzdsqOvxIspd9jQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBzOUFP +dXlpV2ZQOHVRaU1YYktlUnBzNVRmSVZyQnhmQlU1QnNubysweUZJCkFJYVdmVXVX +N0MrSVJ5TldZZGwvQS9JdWdEVGN2cWhncjlTSW5VSEJGR00KLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIFhSN2xRekNPV2tOUHZHNGRGSjdSdUYzZDFtb0ZDaytKMXpYTkZj +UUtnRGsKbDJIRmZYMXlIZ1RHTE9uVTJaM1g2VjZZWHBxYnlBcUtHU3NvNXdqZ1lV +cwotPiBjLWdyZWFzZQpkbmUzZG9qVEdIWklkb1dyNlhDZGpMWDgrZU9NWGc3Ykw0 +cGhvUUpEN0VqQ1ZQOFVGR3VMVjJ2US94d0YvbW8wCnlPVEU1bUtRSnJvOElmdDl4 +Sk9kKy9PTWVWREwKLS0tIEZJY3hlQmJvbmhoUWlnaHB6OEt5ZDZVNnNSQjFnbFJ4 +dGQvZG9QZ3NnYzgKm2v2y19GNu0jhRxJaVIGCYDPwBfYWM74laaMsVjBN5CE4fPv +Us03vEciC5HLJp5G -----END AGE ENCRYPTED FILE----- From 44ee22062786e4453bc3980dd5a9ffe8d9c9e606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 12:23:24 +0200 Subject: [PATCH 08/10] Add arr-box to docker VM --- services/docker/default.nix | 100 +++++++++++++++++++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/services/docker/default.nix b/services/docker/default.nix index e0af5b1..ab27375 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -99,7 +99,7 @@ in { "WEBUI_PORT" = "8080"; }; volumes = [ - "/mnt/DATA/:/downloads:rw" + "/mnt/media/:/downloads:rw" "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" "gluetun_qbittorrent-config:/config:rw" ]; @@ -111,6 +111,104 @@ in { "--network=container:gluetun" ]; }; + "bazarr" = { + image = "linuxserver/bazarr"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/bazarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "6767:6767/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=bazarr" + "--network=arr-box_default" + ]; + }; + "jellyseerr" = { + image = "fallenbagel/jellyseerr:latest"; + environment = { + "LOG_LEVEL" = "debug"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/jellyseerr:/app/config:rw" + ]; + ports = [ + "5055:5055/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=jellyseerr" + "--network=arr-box_default" + ]; + }; + "prowlarr" = { + image = "lscr.io/linuxserver/prowlarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/prowlarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "9696:9696/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=prowlarr" + "--network=arr-box_default" + ]; + }; + "radarr" = { + image = "lscr.io/linuxserver/radarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/radarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "7878:7878/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=radarr" + "--network=arr-box_default" + ]; + }; + "sonarr" = { + image = "lscr.io/linuxserver/sonarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/sonarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "8989:8989/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=sonarr" + "--network=arr-box_default" + ]; + }; }; services = { crowdsec = { From d8ccf817fe28a66c9c7508a91d48d74555b581bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 12:37:19 +0200 Subject: [PATCH 09/10] Working docker VM --- services/docker/default.nix | 347 +++++++++++++++++------------------- 1 file changed, 164 insertions(+), 183 deletions(-) diff --git a/services/docker/default.nix b/services/docker/default.nix index ab27375..dfd1064 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -14,17 +14,19 @@ in { }; }; config = lib.mkIf cfg.enable { - age.secrets.docker-lapi-key = { - file = ../../secrets/docker-lapi-key.age; - owner = "crowdsec"; - }; - age.secrets.docker-gluetun-env = { - file = ./secrets/docker-gluetun-env.age; - owner = "tbarnouin"; - }; - age.secrets.docker-qbittorrent-env = { - file = ./secrets/docker-qbittorrent-env.age; - owner = "tbarnouin"; + age.secrets = { + docker-lapi-key = { + file = ../../secrets/docker-lapi-key.age; + owner = "crowdsec"; + }; + docker-gluetun-env = { + file = ./secrets/docker-gluetun-env.age; + owner = "tbarnouin"; + }; + docker-qbittorrent-env = { + file = ./secrets/docker-qbittorrent-env.age; + owner = "tbarnouin"; + }; }; users.users.tbarnouin.extraGroups = ["docker"]; fileSystems = { @@ -41,6 +43,20 @@ in { ]; }; }; + services.crowdsec = { + settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}"; + localConfig = { + acquisitions = [ + { + source = "journalctl"; + journalctl_filter = ["_SYSTEMD_UNIT=docker.service"]; + labels = { + type = "syslog"; + }; + } + ]; + }; + }; virtualisation = { docker = { enable = true; @@ -51,178 +67,143 @@ in { data-root = "/mnt/docker-data"; }; }; - oci-containers.backend = "docker"; - }; - - virtualisation.oci-containers.containers = { - "gluetun" = { - autoStart = true; - image = "ghcr.io/qdm12/gluetun:latest"; - environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; - environment = { - "QBT_WEBUI_ENABLED" = "true"; - "TZ" = "Europe/Paris"; - "VPN_PORT_FORWARDING" = "on"; - "VPN_SERVICE_PROVIDER" = "protonvpn"; - "VPN_TYPE" = "wireguard"; - }; - volumes = [ - "gluetun_gluetun-config:/gluetun:rw" - ]; - ports = [ - "8080:8080/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--cap-add=NET_ADMIN" - "--device=/dev/net/tun:/dev/net/tun:rwm" - "--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]" - "--health-interval=30s" - "--health-retries=3" - "--health-timeout=10s" - "--network-alias=gluetun" - "--network=gluetun_default" - "--sysctl=net.ipv6.conf.all.disable_ipv6=1" - ]; - }; - "qbittorrent" = { - autoStart = true; - image = "lscr.io/linuxserver/qbittorrent:latest"; - environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"]; - environment = { - "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; - "GSP_MINIMAL_LOGS" = "false"; - "PGID" = "1000"; - "PUID" = "1000"; - "QBITTORRENT_INTERFACE" = "tun0"; - "TZ" = "Europe/Paris"; - "WEBUI_PORT" = "8080"; - }; - volumes = [ - "/mnt/media/:/downloads:rw" - "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" - "gluetun_qbittorrent-config:/config:rw" - ]; - dependsOn = [ - "gluetun" - ]; - log-driver = "journald"; - extraOptions = [ - "--network=container:gluetun" - ]; - }; - "bazarr" = { - image = "linuxserver/bazarr"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/bazarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "6767:6767/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=bazarr" - "--network=arr-box_default" - ]; - }; - "jellyseerr" = { - image = "fallenbagel/jellyseerr:latest"; - environment = { - "LOG_LEVEL" = "debug"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/jellyseerr:/app/config:rw" - ]; - ports = [ - "5055:5055/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=jellyseerr" - "--network=arr-box_default" - ]; - }; - "prowlarr" = { - image = "lscr.io/linuxserver/prowlarr:latest"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/prowlarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "9696:9696/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=prowlarr" - "--network=arr-box_default" - ]; - }; - "radarr" = { - image = "lscr.io/linuxserver/radarr:latest"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/radarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "7878:7878/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=radarr" - "--network=arr-box_default" - ]; - }; - "sonarr" = { - image = "lscr.io/linuxserver/sonarr:latest"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/sonarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "8989:8989/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=sonarr" - "--network=arr-box_default" - ]; - }; - }; - services = { - crowdsec = { - settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}"; - localConfig = { - acquisitions = [ - { - source = "journalctl"; - journalctl_filter = ["_SYSTEMD_UNIT=docker.service"]; - labels = { - type = "syslog"; - }; - } - ]; + oci-containers = { + backend = "docker"; + containers = { + "gluetun" = { + autoStart = true; + image = "ghcr.io/qdm12/gluetun:latest"; + environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; + environment = { + "QBT_WEBUI_ENABLED" = "true"; + "TZ" = "Europe/Paris"; + "VPN_PORT_FORWARDING" = "on"; + "VPN_SERVICE_PROVIDER" = "protonvpn"; + "VPN_TYPE" = "wireguard"; + }; + volumes = [ + "gluetun_gluetun-config:/gluetun:rw" + ]; + ports = [ + "8080:8080/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--device=/dev/net/tun:/dev/net/tun:rwm" + "--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]" + "--health-interval=30s" + "--health-retries=3" + "--health-timeout=10s" + "--network-alias=gluetun" + "--network=gluetun_default" + "--sysctl=net.ipv6.conf.all.disable_ipv6=1" + ]; + }; + "qbittorrent" = { + autoStart = true; + image = "lscr.io/linuxserver/qbittorrent:latest"; + environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"]; + environment = { + "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; + "GSP_MINIMAL_LOGS" = "false"; + "PGID" = "1000"; + "PUID" = "1000"; + "QBITTORRENT_INTERFACE" = "tun0"; + "TZ" = "Europe/Paris"; + "WEBUI_PORT" = "8080"; + }; + volumes = [ + "/mnt/media/:/downloads:rw" + "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" + "gluetun_qbittorrent-config:/config:rw" + ]; + dependsOn = [ + "gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:gluetun" + ]; + }; + "bazarr" = { + image = "linuxserver/bazarr"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/bazarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "6767:6767/tcp" + ]; + log-driver = "journald"; + }; + "jellyseerr" = { + image = "fallenbagel/jellyseerr:latest"; + environment = { + "LOG_LEVEL" = "debug"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/jellyseerr:/app/config:rw" + ]; + ports = [ + "5055:5055/tcp" + ]; + log-driver = "journald"; + }; + "prowlarr" = { + image = "lscr.io/linuxserver/prowlarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/prowlarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "9696:9696/tcp" + ]; + log-driver = "journald"; + }; + "radarr" = { + image = "lscr.io/linuxserver/radarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/radarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "7878:7878/tcp" + ]; + log-driver = "journald"; + }; + "sonarr" = { + image = "lscr.io/linuxserver/sonarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/sonarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "8989:8989/tcp" + ]; + log-driver = "journald"; + }; }; }; }; From e0622a450e9e2c1b35adf9bd9e50d0328ccf62de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 14:44:37 +0200 Subject: [PATCH 10/10] Working docker VM --- services/docker/default.nix | 9 +++++---- systems/minimalLXCConfig.nix | 1 + systems/minimalMicrovmConfig.nix | 1 + systems/minimalVMConfig.nix | 1 + 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/services/docker/default.nix b/services/docker/default.nix index dfd1064..86ac2da 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -65,6 +65,7 @@ in { userland-proxy = false; metrics-addr = "0.0.0.0:9323"; data-root = "/mnt/docker-data"; + ipv6 = false; }; }; oci-containers = { @@ -72,6 +73,7 @@ in { containers = { "gluetun" = { autoStart = true; + hostname = "gluetun"; image = "ghcr.io/qdm12/gluetun:latest"; environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; environment = { @@ -85,7 +87,7 @@ in { "gluetun_gluetun-config:/gluetun:rw" ]; ports = [ - "8080:8080/tcp" + "8080:8080" ]; log-driver = "journald"; extraOptions = [ @@ -122,9 +124,7 @@ in { "gluetun" ]; log-driver = "journald"; - extraOptions = [ - "--network=container:gluetun" - ]; + extraOptions = ["--network=container:gluetun"]; }; "bazarr" = { image = "linuxserver/bazarr"; @@ -171,6 +171,7 @@ in { "9696:9696/tcp" ]; log-driver = "journald"; + extraOptions = ["--dns=192.168.1.90"]; }; "radarr" = { image = "lscr.io/linuxserver/radarr:latest"; diff --git a/systems/minimalLXCConfig.nix b/systems/minimalLXCConfig.nix index 3185198..5540ada 100644 --- a/systems/minimalLXCConfig.nix +++ b/systems/minimalLXCConfig.nix @@ -16,6 +16,7 @@ enable = true; allowedTCPPorts = [22 6060 9002]; }; + nameservers = ["192.168.1.90"]; }; boot.isContainer = true; diff --git a/systems/minimalMicrovmConfig.nix b/systems/minimalMicrovmConfig.nix index 78df377..35d7459 100644 --- a/systems/minimalMicrovmConfig.nix +++ b/systems/minimalMicrovmConfig.nix @@ -93,6 +93,7 @@ in { enable = true; allowedTCPPorts = [22 9002]; }; + nameservers = ["192.168.1.90"]; }; time.timeZone = "Europe/Paris"; diff --git a/systems/minimalVMConfig.nix b/systems/minimalVMConfig.nix index a475e17..771c02d 100644 --- a/systems/minimalVMConfig.nix +++ b/systems/minimalVMConfig.nix @@ -15,6 +15,7 @@ enable = true; allowedTCPPorts = [22 6060 9002]; }; + nameservers = ["192.168.1.90"]; }; time.timeZone = "Europe/Paris";