From 047d68a998b5957580da8ae2cdf4bd7f09aa5d82 Mon Sep 17 00:00:00 2001 From: Xavier Morel Date: Wed, 25 Mar 2026 21:24:08 +0100 Subject: [PATCH] feat: add terraforming of authentik --- config/_ids.nix | 1 + config/dns-adguardhome.nix | 2 +- config/papers-paperless.nix | 16 + containers/auth.nix | 1 + containers/papers.nix | 30 + containers/vault.nix | 2 +- flake.lock | 698 ++++++++++++++++++--- flake.nix | 3 +- modules/containers-terraform-authentik.nix | 42 ++ modules/containers.nix | 9 + modules/terraform-base.nix | 13 + secrets/auth-authentik-ldap-secrets.age | Bin 575 -> 575 bytes secrets/auth-authentik-proxy-secrets.age | 16 +- secrets/auth-authentik-secrets.age | Bin 724 -> 724 bytes secrets/db-postgres-initscript.age | Bin 506 -> 506 bytes secrets/finances-app-key.age | 17 +- secrets/gitea-action-token.age | Bin 479 -> 479 bytes secrets/matrix-maubot-cfg.age | Bin 886 -> 886 bytes secrets/metrics-pve.age | 18 +- secrets/mqtt-exporter-environment.age | 18 +- secrets/mqtt-password-frigate.age | 17 +- secrets/mqtt-password-ha.age | Bin 449 -> 449 bytes secrets/mqtt-password-mqtt.age | Bin 449 -> 449 bytes secrets/mqtt-password-z2m.age | 17 +- secrets/papers-environment-file.age | 10 + secrets/papers-password-file.age | 9 + secrets/power-password-file.age | 16 +- secrets/proxy-dns-provider-config.age | Bin 596 -> 596 bytes secrets/secrets.nix | 6 + secrets/yarrr-env.age | Bin 1508 -> 1508 bytes 30 files changed, 819 insertions(+), 142 deletions(-) create mode 100644 config/papers-paperless.nix create mode 100644 containers/papers.nix create mode 100644 secrets/papers-environment-file.age create mode 100644 secrets/papers-password-file.age diff --git a/config/_ids.nix b/config/_ids.nix index c2aa540..2fe6985 100644 --- a/config/_ids.nix +++ b/config/_ids.nix @@ -18,5 +18,6 @@ music = 1031; dns = 1042; z2m = 1016; + papers = 1032; }; } diff --git a/config/dns-adguardhome.nix b/config/dns-adguardhome.nix index ee6b4ff..d3e5db5 100644 --- a/config/dns-adguardhome.nix +++ b/config/dns-adguardhome.nix @@ -58,7 +58,7 @@ in }; systemd.services.adguardhome.preStart = '' cp /etc/AdGuardHome/data/leases.json /var/lib/AdGuardHome/data/leases.json - chown adguardhome:adguardhome /var/lib/AdGuardHome/data/leases.json + # chown adguardhome:adguardhome /var/lib/AdGuardHome/data/leases.json ''; services.adguardhome = { enable = true; diff --git a/config/papers-paperless.nix b/config/papers-paperless.nix new file mode 100644 index 0000000..66b1f09 --- /dev/null +++ b/config/papers-paperless.nix @@ -0,0 +1,16 @@ +{ + config, + tools, + pkgs, + ... +}: +{ + services.paperless = { + enable = true; + configureTika = true; + domain = tools.build_hostname "papers"; + environmentFile = config.age.secrets.papers-environment-file.path; + passwordFile = config.age.secrets.papers-password-file.path; + port = 80; + }; +} diff --git a/containers/auth.nix b/containers/auth.nix index e48c6ec..112e723 100644 --- a/containers/auth.nix +++ b/containers/auth.nix @@ -5,6 +5,7 @@ in { my-lxc.auth = { container = { + enable = true; cores = 2; memory = 1024; disk = "8G"; diff --git a/containers/papers.nix b/containers/papers.nix new file mode 100644 index 0000000..9a4d5bb --- /dev/null +++ b/containers/papers.nix @@ -0,0 +1,30 @@ +{ ... }: +let + db_pass = import ../config/_passwords.nix; +in +{ + my-lxc.papers = { + container = { + cores = 1; + memory = 512; + disk = "6G"; + swap = 512; + }; + db = { + enable = true; + password = db_pass.papers; + }; + system = { + port = 80; # open in firewall + expose on proxy + importConfig = [ + ../config/papers-paperless.nix + ]; + }; + logging = { + enable = true; + metricsEnable = true; + }; + private = true; # available only on private lan + auth = false; # true; # auth overlay + }; +} diff --git a/containers/vault.nix b/containers/vault.nix index 80fbaba..3b29113 100644 --- a/containers/vault.nix +++ b/containers/vault.nix @@ -7,7 +7,7 @@ in container = { cores = 1; memory = 512; - disk = "4G"; + disk = "5G"; swap = 512; }; db = { diff --git a/flake.lock b/flake.lock index a5b1600..9217831 100644 --- a/flake.lock +++ b/flake.lock @@ -26,11 +26,11 @@ "authentik-go": { "flake": false, "locked": { - "lastModified": 1770333754, - "narHash": "sha256-Yyna75Nd6485tZP9IpdEa5QNomswe9hRfM+w3MuET9E=", + "lastModified": 1771856219, + "narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=", "owner": "goauthentik", "repo": "client-go", - "rev": "280022b0a8de5c8f4b2965d1147a1c4fa846ba64", + "rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d", "type": "github" }, "original": { @@ -56,15 +56,16 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1770931530, - "narHash": "sha256-g6FXanv0FlUc7eWFJ9C5g9ZbMtWA8dSNGwx0mia3uyA=", + "lastModified": 1772909021, + "narHash": "sha256-hcstQ1Z9aQSJM3AVCLb0/OPTicbME9nhP01GiPrOjZM=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "0487b4db05bddbd8d163f3fd85eef9c9413dca11", + "rev": "7e4730351fb6df479c46a1bf7e23d46a0b0c5d46", "type": "github" }, "original": { "owner": "nix-community", + "ref": "version/2026.2.1", "repo": "authentik-nix", "type": "github" } @@ -72,16 +73,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1770911230, - "narHash": "sha256-alTyrMBbjZbw4jhEna8saabf93sqSrZCu+Z5xH3pZ7M=", + "lastModified": 1772567399, + "narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=", "owner": "goauthentik", "repo": "authentik", - "rev": "19ad8d3ae3f266ec1096bc4461fdf6bcda1aa079", + "rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.12.4", + "ref": "version/2026.2.1", "repo": "authentik", "type": "github" } @@ -105,11 +106,11 @@ ] }, "locked": { - "lastModified": 1760971495, - "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", + "lastModified": 1767714506, + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", "owner": "cachix", "repo": "cachix", - "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", "type": "github" }, "original": { @@ -119,24 +120,142 @@ "type": "github" } }, + "cachix_2": { + "inputs": { + "devenv": [ + "devenv", + "crate2nix" + ], + "flake-compat": [ + "devenv", + "crate2nix" + ], + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1767714506, + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", + "owner": "cachix", + "repo": "cachix", + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "cachix_3": { + "inputs": { + "devenv": [ + "devenv", + "crate2nix", + "crate2nix_stable" + ], + "flake-compat": [ + "devenv", + "crate2nix", + "crate2nix_stable" + ], + "git-hooks": "git-hooks_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1767714506, + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", + "owner": "cachix", + "repo": "cachix", + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "crate2nix": { + "inputs": { + "cachix": "cachix_2", + "crate2nix_stable": "crate2nix_stable", + "devshell": "devshell_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", + "nix-test-runner": "nix-test-runner_2", + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks_2" + }, + "locked": { + "lastModified": 1773440526, + "narHash": "sha256-OcX1MYqUdoalY3/vU67PEx8m6RvqGxX0LwKonjzXn7I=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "e697d3049c909580128caa856ab8eb709556a97b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "crate2nix", + "type": "github" + } + }, + "crate2nix_stable": { + "inputs": { + "cachix": "cachix_3", + "crate2nix_stable": [ + "devenv", + "crate2nix", + "crate2nix_stable" + ], + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "nix-test-runner": "nix-test-runner", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1769627083, + "narHash": "sha256-SUuruvw1/moNzCZosHaa60QMTL+L9huWdsCBN6XZIic=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "7c33e664668faecf7655fa53861d7a80c9e464a2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "0.15.0", + "repo": "crate2nix", + "type": "github" + } + }, "devenv": { "inputs": { "cachix": "cachix", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks", + "crate2nix": "crate2nix", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks_3", "nix": "nix", "nixd": "nixd", "nixpkgs": [ "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1771610023, - "narHash": "sha256-GfaUN+8Eg0ShJljq5ZIf/ateO/ry9CL0b7wpI+5e/6U=", + "lastModified": 1774428097, + "narHash": "sha256-yQAutPgbsVHsN/SygZDyzMRxQn6Im53PJkrI377N8Sg=", "owner": "cachix", "repo": "devenv", - "rev": "3631489b8b3b8a7b4948824b621d02a420b58cc7", + "rev": "957d63f663f230dc8ac3b85f950690e56fe8b1e0", "type": "github" }, "original": { @@ -145,14 +264,59 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768818222, + "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", + "owner": "numtide", + "repo": "devshell", + "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_2": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768818222, + "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", + "owner": "numtide", + "repo": "devshell", + "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1765121682, - "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -162,13 +326,41 @@ } }, "flake-compat_2": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -182,11 +374,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -199,15 +391,17 @@ "inputs": { "nixpkgs-lib": [ "devenv", + "crate2nix", + "crate2nix_stable", "nixpkgs" ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -217,6 +411,49 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -237,21 +474,6 @@ "type": "github" } }, - "flake-root": { - "locked": { - "lastModified": 1723604017, - "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", - "owner": "srid", - "repo": "flake-root", - "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": [ @@ -316,20 +538,82 @@ "inputs": { "flake-compat": [ "devenv", + "crate2nix", + "cachix", "flake-compat" ], "gitignore": "gitignore", + "nixpkgs": [ + "devenv", + "crate2nix", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765404074, + "narHash": "sha256-+ZDU2d+vzWkEJiqprvV5PR26DVFN2vgddwG5SnPZcUM=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "2d6f58930fbcd82f6f9fd59fb6d13e37684ca529", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "cachix", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765404074, + "narHash": "sha256-+ZDU2d+vzWkEJiqprvV5PR26DVFN2vgddwG5SnPZcUM=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "2d6f58930fbcd82f6f9fd59fb6d13e37684ca529", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_3": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "gitignore": "gitignore_5", "nixpkgs": [ "devenv", "nixpkgs" ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -339,6 +623,102 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_4": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "devenv", @@ -433,11 +813,11 @@ ] }, "locked": { - "lastModified": 1771532737, - "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", + "lastModified": 1774103430, + "narHash": "sha256-MRNVInSmvhKIg3y0UdogQJXe+omvKijGszFtYpd5r9k=", "owner": "cachix", "repo": "nix", - "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", + "rev": "e127c1c94cefe02d8ca4cca79ef66be4c527510e", "type": "github" }, "original": { @@ -447,13 +827,44 @@ "type": "github" } }, + "nix-test-runner": { + "flake": false, + "locked": { + "lastModified": 1588761593, + "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=", + "owner": "stoeffel", + "repo": "nix-test-runner", + "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2", + "type": "github" + }, + "original": { + "owner": "stoeffel", + "repo": "nix-test-runner", + "type": "github" + } + }, + "nix-test-runner_2": { + "flake": false, + "locked": { + "lastModified": 1588761593, + "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=", + "owner": "stoeffel", + "repo": "nix-test-runner", + "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2", + "type": "github" + }, + "original": { + "owner": "stoeffel", + "repo": "nix-test-runner", + "type": "github" + } + }, "nixd": { "inputs": { "flake-parts": [ "devenv", "flake-parts" ], - "flake-root": "flake-root", "nixpkgs": [ "devenv", "nixpkgs" @@ -461,11 +872,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763964548, - "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", + "lastModified": 1773634079, + "narHash": "sha256-49qb4QNMv77VOeEux+sMd0uBhPvvHgVc0r938Bulvbo=", "owner": "nix-community", "repo": "nixd", - "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", + "rev": "8ecf93d4d93745e05ea53534e8b94f5e9506e6bd", "type": "github" }, "original": { @@ -491,11 +902,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -507,11 +918,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -520,6 +931,112 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769433173, + "narHash": "sha256-Gf1dFYgD344WZ3q0LPlRoWaNdNQq8kSBDLEWulRQSEs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "13b0f9e6ac78abbbb736c635d87845c4f4bee51b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "flake-compat" + ], + "gitignore": "gitignore_3", + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "crate2nix", + "flake-compat" + ], + "gitignore": "gitignore_4", + "nixpkgs": [ + "devenv", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pyproject-build-systems": { "inputs": { "nixpkgs": [ @@ -536,11 +1053,11 @@ ] }, "locked": { - "lastModified": 1763662255, - "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", + "lastModified": 1771423342, + "narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "042904167604c681a090c07eb6967b4dd4dae88c", + "rev": "04e9c186e01f0830dad3739088070e4c551191a4", "type": "github" }, "original": { @@ -557,11 +1074,11 @@ ] }, "locked": { - "lastModified": 1764134915, - "narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=", + "lastModified": 1771518446, + "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "2c8df1383b32e5443c921f61224b198a2282a657", + "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", "type": "github" }, "original": { @@ -577,10 +1094,31 @@ "devenv": "devenv", "flake-utils": "flake-utils_2", "generators": "generators", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_4", "terranix": "terranix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773630837, + "narHash": "sha256-zJhgAGnbVKeBMJOb9ctZm4BGS/Rnrz+5lfSXTVah4HQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f600ea449c7b5bb596fa1cf21c871cc5b9e31316", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -643,18 +1181,18 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], "systems": "systems_4" }, "locked": { - "lastModified": 1771504637, - "narHash": "sha256-qPYBCcvws0cqVf4blYyxQ6JNxOdvUPK41s2sfqk6wL0=", + "lastModified": 1773700838, + "narHash": "sha256-6KFxpxyXjcqhOexc7ZeaXVWdDtGb6zO8HtjBEci9DfU=", "owner": "terranix", "repo": "terranix", - "rev": "f3d77064bd135823a30916a1e63b90b7fe4453ac", + "rev": "306ce146bf0324dc3b3c45c095036b6f0e26bf35", "type": "github" }, "original": { @@ -672,11 +1210,11 @@ ] }, "locked": { - "lastModified": 1734704479, - "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { @@ -697,11 +1235,11 @@ ] }, "locked": { - "lastModified": 1765631794, - "narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=", + "lastModified": 1772187362, + "narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8", + "rev": "abe65de114300de41614002fe9dce2152ac2ac23", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7560b1b..501e76a 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils = { url = "github:numtide/flake-utils"; - inputs.nixpkgs.follows = "nixpkgs"; }; generators = { url = "github:nix-community/nixos-generators"; @@ -20,7 +19,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; authentik-nix = { - url = "github:nix-community/authentik-nix"; + url = "github:nix-community/authentik-nix/version/2026.2.1"; inputs.nixpkgs.follows = "nixpkgs"; }; agenix = { diff --git a/modules/containers-terraform-authentik.nix b/modules/containers-terraform-authentik.nix index c0d1988..4377737 100644 --- a/modules/containers-terraform-authentik.nix +++ b/modules/containers-terraform-authentik.nix @@ -4,5 +4,47 @@ lib, ... }: +let + cfg = config.my-lxc; +in { + authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) ( + lib.mapAttrs ( + containerName: def: + lib.optionalAttrs (def.auth) { + name = containerName; + authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; + invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; + external_host = "https://${tools.build_hostname containerName}/"; + mode = "forward_single"; + } + ) cfg + ); + + # dns_provider = { + # name = "dns"; + # authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; + # invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; + # external_host = "https://dns.plg.m0rel.eu/"; + # mode = "forward_single"; + # }; + authentik_application = lib.filterAttrs (_: v: v != { }) ( + lib.mapAttrs ( + containerName: def: + lib.optionalAttrs (def.auth) { + name = containerName; + slug = containerName; + protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}"; + } + ) cfg + ); + authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) ( + lib.mapAttrs ( + containerName: def: + lib.optionalAttrs (def.auth) { + outpost = "\${data.authentik_outpost.embedded.id}"; + protocol_provider = "\${authentik_provider_proxy.${containerName}.id}"; + } + ) cfg + ); } diff --git a/modules/containers.nix b/modules/containers.nix index 837df2e..4128c45 100644 --- a/modules/containers.nix +++ b/modules/containers.nix @@ -314,6 +314,15 @@ in (import ./containers-terraform-proxmox.nix { inherit config tools lib; }) (import ./containers-terraform-authentik.nix { inherit config tools lib; }) ]; + tf.data.authentik_outpost.embedded = { + name = "authentik Embedded Outpost"; + }; + tf.data.authentik_flow.default-authorization-flow = { + slug = "default-provider-authorization-implicit-consent"; + }; + tf.data.authentik_flow.default-invalidation-flow = { + slug = "default-provider-invalidation-flow"; + }; nixosModule = lib.mapAttrs ( container: def: diff --git a/modules/terraform-base.nix b/modules/terraform-base.nix index fdf23f5..097b647 100644 --- a/modules/terraform-base.nix +++ b/modules/terraform-base.nix @@ -10,8 +10,21 @@ source = "cyrilgdn/postgresql"; version = "~> 1.26.0"; }; + + authentik = { + source = "goauthentik/authentik"; + version = "~> 2025.12.1"; + }; }; + provider.authentik = { + url = "\${var.ak_url}"; + token = "\${var.ak_token}"; + }; + + variable.ak_url.type = "string"; + variable.ak_token.type = "string"; + provider.proxmox = { pm_api_url = "\${var.pm_api_url}"; pm_api_token_id = "\${var.pm_api_token_id}"; diff --git a/secrets/auth-authentik-ldap-secrets.age b/secrets/auth-authentik-ldap-secrets.age index 206d611d185edd8afde0abfd084240163f6eb043..9199f4dce29d6a4998d84d14944be0c07c388a04 100644 GIT binary patch delta 542 zcmdnbvY%ywPQ6!7QI2P7sXBVMMNghSU1}4tAC21k42ALt1hT2KRiN;Z7W%-85>8>7$o?M@@*KhazSvzw< zrpA`1TeCxbAEmv#Tqjd#R-ZTFuz#e?T`k40Wl9(svqYnDY9NlSd&P1UApY+ zE0c7aY2m6JY(9sg-$^LExqjmPAyvNg{Q1wH%3b@A9@d!LcVDo5#fP9`6{!$$6_=u` Z2U0K0F`E#%^^4V${asrVRmqSWx7#*j($OMrM_!wmW7vPepp3VPD)XlZ$w!@N={aVtBZdz zx^<~VE+tWc3IRz`PG%Vy#?E2sNv=WWseUQ0C24M11yOm$=~eE=mQG3aL5>!t-Y&TY z`CP>jiD^cL+4^SMrGXXM{^@C!K1nW40hPJsxy6n~VFvmo21Ny><=JNXu3Wmhx(bDv zk@;o%l_@T+S?QrwK~bh|!MX0sCp$rUwM-G|I+!aPnJ@l$%?khk diff --git a/secrets/auth-authentik-proxy-secrets.age b/secrets/auth-authentik-proxy-secrets.age index 136b5e7..8e238be 100644 --- a/secrets/auth-authentik-proxy-secrets.age +++ b/secrets/auth-authentik-proxy-secrets.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg muZOUzcVx96uiYp0jOWq5CR0m6CVSRi96rEaPFdgrzQ -HbDEF9+XRu6kd5iuWINTwxtPuLus7E18ymj1gI5S+cU --> ssh-ed25519 tqMvRA 2i2ChgxFnDNyG03YDuu0sWlIo6wQsssEJDY4fj9X2SQ -L0taheT33bLlVtfe4e1V0lH2JvnNusRClCEU2OCgA1A --> ssh-ed25519 erDtZQ Xs0aSLQ9Pu3sNvYfYBhoL8uIfSKz+izO46PNFlNtqHE -SHjUEBeW8sByazFvfvH3JmYVQBM2DvAgwSG4JtfL0u8 ---- j/UZqF1rwUa5keVrgyONkEhdoYnXNAo1AnMHrnqAw7U -y4l;}i;!P8fr: =X w@}Dÿ;cDbbQk-,Z0cjo? NlVFfL\l*g3d^v!GU \ No newline at end of file +-> ssh-ed25519 jxhkLg y+ZvVestQQBHkFaxhXGku+mCAXO06tmuhMyvk0X5OEg +yY+ZoEnnTw8jBBMn/LowuLju49p5T9jCyR9Vyfq161M +-> ssh-ed25519 tqMvRA +VF5ophQfPfQ6EtL6G7e8eVX8z9asKYPQ5klOXYVD2c +pwgP+tcsowrOWu6iOqJgGo/j7fuSRKg8cWoHRmJbqXk +-> ssh-ed25519 j3ZkdA YVApUGVportZXaXudzsfm9kkO1OO7eckgTMqRIUtZ0w +PHTcAsc0j0ehEwfaR9wsgVSZCvwhhCMODJjwEclcjnw +--- Qsewyjk8CeQrZq9EUi83rZ5oAon58p7kKHVpbivrZKY +L\Ghun\dD>q{ğ=6MGW>1N-{BgB{ٹDBGgAJ"92Id޳EB>c &a(h1 \ No newline at end of file diff --git a/secrets/auth-authentik-secrets.age b/secrets/auth-authentik-secrets.age index 79f3ceb12cf8413ba7331077157dcae57f090c33..72f58b61b810d0a3e65bbfe2b9340d04a2ac7d20 100644 GIT binary patch delta 692 zcmcb@dWCg@PQ7zjS+b{LsD4surIWW?p<{8Sp{sv|nWJA>Xr5VwzHw=kc9p4nP`0~c zHkXrUU|PAOe{e-^o^f$biHlK6XqstWX}vUIE4>$y~zLlm2~vcEfDl z_ODHu3#{a|-YWA|`94@|SZ}@Q(1rV&r(Mm3d45a8bO^tncAHU$d#RaYcRqXI#g>cK z&JsTJ)1404q-#%?ci7FCFJJ4m(C|b3A&wRQ4LuW=lrdiVAoS_mmdpFPT9z+8yuQ+5 z-Q@JC0sTGG=1;OcxO2YQr}AX2xqvRbA*etpfAo+a4uiWDd3Hvtj zOMabqX`|ffDWROd$`4!iot&@Ru>W`D$L^CXu3x6Q-oL-IdrBf>?fSEBkGJ0Y!@5-R zji8wF8O?+Ptt*q~UD7pd?)u&D@X)=jOz8O~-7+!BUt4eWr)Oksk>0?-IDh%UZ*p^< dmf8P^n*EGjba94;)9RGzn_d51b2VM+0svl(8i4=+ delta 692 zcmcb@dWCg@PJN_Xu4B4>mAj9LTd`|_W4gXunrBsFfmv#{afq)$u5-9awnbTHwzGSV zE0;xaVxVhAdR}CDu!Vs|acWqVsdsr^Qiiis>g>QOTN>G4>fwqTZKz>k; znRAj~sZ*v2S45hBq+5<*c6yGhQ-OP6gt=RQX-KHCheuFpscWfoQKE^yN11V6X;N4@ zx^<~VE+tWc3cfBrnE~NmmgQBBB}OS_mTsY$rn!;nmibYYSpfkd6%}6f*~vbkdHIRi z>0CwrK1l}VMiv$k1tGcFf&L!B7Jh{lE@hGWzLnu_`cS$W=h6~5lC#az0&x(exe zRhH)ZWkC^@d1)R-PJ!+wmZkxo#)%aM5#@y@m66(h!Np}shM5K-p*r1S zoO3z9R>WU@drw=Q{+i4CjEc|vl#fssyC9#)YOv>Tx2N>wQqO&2c5L?zB6R1+a25PJ z`Dyvv=AhFHAAC4iv1+A=-nnlfM~`OhR`zw$3VOu4`2L1DOzOdpn6rD=d)(MxFY93u zGk5KOvBh_tw7--dU%mMYqs05d_-BGsKKeGw+7+p)s7CA!ddvCp=g-*HXSAjZ?vSwb z(r8xBLqBFg4dJl3pEh_2A0PH96M5SpJ=Le`jNI bdNtqHm;C?k$?~5FI$0WaUh%5=Wr+#^OSu{9 diff --git a/secrets/db-postgres-initscript.age b/secrets/db-postgres-initscript.age index 04af41d495967a137a03d248961d73d767b01b2b..bcb620faf7e2ea5bf0f5815ac8f7b445c7a62768 100644 GIT binary patch delta 451 zcmeyx{EK;lZhcm+r&myBc5+2&Npe6zx`|PxXSse+hGAKNc41+5V1`p-WSDEJyN^pG zm#>+hlYwPfrh!3vl#6#_mU&u!esPhHw?}xAiHTuphH-?kX+c1Ea&BQhm#&>cadC!j zYKoDmsiCDpNuh69kfTDSe^FF{d9IOHRaA07L_lVarE6G@uR%_!nZCD^dtrfJZm_dK zg;|)le^@A2KygKtd1Qofl&N!IzJWn-p@&~!xNdX4=A$jhGzUF046&Y@3K9R}Vp?TU>fx+P+f%#lskuFhw zZpNi0<`qu9F2?DVm4=RGNnvgkZWZQX8Ko&X{vl&zpRv!Zs*p$O77Y}MPl`Qw?)Fb#|(Q< xpX>djHs#aCmP@%-0k<;*(w{T!Iw@=Zz47F9Ilrsig-74l9pep{U)S~V0stQltXKd5 delta 451 zcmeyx{EK;lZhdN)afV-bNRCH_Z)&iqcXozFj&?|9K$&G)j#*TJv!9uNK}tn=PGm?Z zSAMRxhm&WflWV1WhIwUidTFGub3k5ZhGj{nn}2SJbE#iiN^V|&gcadC!j zYKoDmsiCDpNuh69kfVZcPI#n#Qb?YKYks+7T5x7@o~wn2rC(ucfTc@npixeKv3q5> zWwDudVXz~Yv4@ADt9G7YWSVD5MP_Jdwqc-ArFTWLS#n;!ep#+(m2r`ii)U(amb<~k zkK*-4;f99(*%nDDrBV9+{;tVpiC*6RZpDd~d6h+>Wqw{xRfUxnQHD8&dFfn25w@MlR+h zx%nnVMw#v|CIJ=6$=W$#9zJeV+k~hu z8^5bnPu&>NT5+|$Y31F`G4Z0e{gxeG9sO*58&Z?;G(90II8`(*OVf diff --git a/secrets/finances-app-key.age b/secrets/finances-app-key.age index 04e396d..36a308c 100644 --- a/secrets/finances-app-key.age +++ b/secrets/finances-app-key.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg siu1onWEkn06ZdVB5qkuOrlk+Fsr2SQ10s0ud2HsP3w -UYkuj+XhDYUQWuMClqdc26n6xNLphhtpC1iNjigkb6U --> ssh-ed25519 tqMvRA aR3BkyZt48dG6yl726hO1JmaYkazCOXR+QXnCH0GFFs -qMQG5Z69K3H5mY5V/IW+HnsUV4b34p/qFv0b+UFzOog --> ssh-ed25519 UJuwpQ 7juQeBBVw4rudAhL7tpw8hGp7TIbwMpy7QNLA5zUYFw -Eycs/SIKthKAu64fPIuDhecrPo1txnivIyogcKcshT4 ---- LhRKIUY4H5qQXnROC06jy/K1eS3q4+6H0NQhI03WFwM -W2Uʺ;Lp1n',dkU;YQmǁʔt֐1ڙ됢?/}W}ϗl _?ט"B7 \ No newline at end of file +-> ssh-ed25519 jxhkLg HBNoBPj18v5a5MSdCP4/VnU4a607zLDkprsZtX3EBh0 +0xJhdvf7jRUMpec3Njs0DLip497Suabp54LU0IVdusw +-> ssh-ed25519 tqMvRA St0z5SIZ8qf3eKCa7wl4Ql+IhN37ouq3gUEh7+JIeHI +nWeLvYz4roV1Y6cRl7rUeryrv0al5sfdd1+KWepFvB4 +-> ssh-ed25519 UJuwpQ E8EVqw0Kwl3dGXDO+qaoupO4R4/Ka9M474JkC3CfV0s +6G7rfv+TbefAHj1mJdQEmBcjRcBRPWsyEky6luR3bD4 +--- itaJw967vN/bfUNP5/Uhz3nnbTGXBxy8cuJJK5CBEco +3aJ%y_vbӌp-.4a}(4xl4eFms?bxlZSb>Z(go%R)lt$S!8~2NLf&lvrCe5 zBv)p+Wu%L{i<5=BbCFYikxOWaM@3RbYN%6Uc5qUeqmz+QYJpE-qL+VpK9{bYLUD11 zZfc5=si~o*LP?=-S&*ZGYlME1yIFF9U$J+fTexXbn457_kZEFKs(*T>ak`g5es)=f zd2(PuxJytVSFTfPzN@EYc~Oa*Q;>Ojq)|{>R=TTqfn#QBil5@p6u7 zZE5jzM@FlazYnhCU-^PLZTI{YHqtiws{pk}; Vi|U&fE-IgmceJ{r6?&cFGywj%nk4`L delta 425 zcmcc5e4lxOPQ7-XS6XF7UWsR7dU{l1xNl~aYh{6}K~9coWm>91wy8^@N2+gbpi@Oq zC|8JQWK^P?etL+3L6oIymQ#44S#ptCnOBjqX|i^ThkuY|dZ~|hRj!$Z0hg|wLUD11 zZfc5=si~o*LP?=-S&*ZGS%8sofqzz1rjtR4d$GG^zMHR^U%0o0XL(U#o~MUvK(@I_ zX>hV@cv+YUS5By_xwD5!hDWMpzE`NRTe*cxPHLrvVMKUZc4)Y-Ur>2Up_!MLPq16^ z#E;_jp{2XT+e28H+bAQ%YIN?S4c%G z>(PRO=6B^2<}|!bTroF6xb)t-_;3zOmwoG$4_sThu3vY`kt&<5uY`QH|IOZa{(twU Vu=gt4clRgAuD-zh=Z@ntO#twInZE!4 diff --git a/secrets/matrix-maubot-cfg.age b/secrets/matrix-maubot-cfg.age index 0a0e39368553c635034c6760c34e3cfb24f1dc95..c84579e909d618805145d0bcfc6055c6c9dd013a 100644 GIT binary patch delta 835 zcmeyy_Kj_VPJMtuo?CK;Wngx;Q?RRxb7Y=&PEdZjpJ%$Cd3ta`k*8N?c%V$o$M{u#FqiIH1X}WVsQISbOu~U&*j*&@lD3`9CLUD11 zZfc5=si~o*LP?=-S&*YbnYN2(WK^0#RY|aAs<(cXhg*3_aX>+cS#o}kZCgMh4oMMQ(0M1;sgukrvK*-foe;p+4GqVab{16+VvH?q-Nv5v#Ud2Uje&#{xTu;~pzt3D+EBS&$IA^1k zfN#R925$3zC2~(M%bNSmedfKIBW20<3n!NH8@*cKc+vQcUBc=72VYK1x_PeJ^Ywxi zQQP! z=ik2nlX~vz)ZPB^KjVFN_;s)Od~d={_Qlc4{X8m>9{$3w_U|}fBI)^5$9mG?ACcV8 z92zdk-g}(>JdBmwBuV4Zt+{VJCPkkA8EJXBa#PNV`5Y7D*47ty_;zH;7wxm$&i6U- z`0qfUOEx#Am3?Be`5bjxtk~b5Q8w#C_L^fy{10!v(*Cd1Xrbt%?jPxquV*D>aG6?X z`9u^sv+T4fYMC5hb3$a#yZPq7#f{De%R1-_O3l}CI4dguGsrb9E>VAm|L>BT**m(f zPT%}=ji|cI?fE+u|AgHvn&5AK=56tZeKFF8cBM!2npW<2`#YtwZ09Re%Z5Xb)(TJC zGV|f=va&gw?ef>pKlDnm@>xWx>x4p%G=@>mYlg9_A!W0k0I~9@l$^uQK$dAe**xq{$}X_ delta 835 zcmeyy_Kj_VPQ7umdx1}wac+oFp`&?8VMKXAg_((IWUhrzlxvcgwo^oKg_~2JQ*p3! zC|62}c4eVueoC=Hs*9hgM^-^(dT~LOL6u3MbGb)`k6*sU z#E;_j&IazzM%hV`Nls<1=GktAmKK5feh~p4o~ioU5&C|PM%pDg5$WlrLBR%GrP;|I ziKdmAzS`!&COK}!nWY7OS($!8mj0F@Md6v2E-5Kh`9bDBW(CPyy1Kdw+QDhw!6s1_ ze(5Q$1)13%{-KFM#<`ZsM*gnBMwY(ru9*S#W!^p>krsvdT!{=!A$e~-t}#^C6)JyJ z4pt36xcB1}&pF5apCt)tOn!H&5wco+hi)U7KM66oAjG1He zy;D8f(Kiy)8)h|}erdBvLg&Zr)DO4cYpO)5{(Sx5a^11%=4LDWxBN9`o2t9cF{DD< zRMvM7$L;#H=g(=ge3+4LxaDAEh+gFGC12%lR6Fmj{ru!>k%3-TcHP~akN$0Sb6!k3 z_wRU5>Z|#0r{&$8-YUU6apFXQ852F*{9d8GKVA37BC(_A;bQ$_rGmBhcl}#;>O`>;_pyT2#V2KD&rGc^S@8Oh`aQ3MqD(iQ zf3RJo7O-iS8Rz5Mr+IZI9JQRM=1s@Fz^x5mjZy&E^AF1vBxoG0n_or(! z-W_%R`0(hFz0FIHZe&nhKfALi$N0U|%;P>9ia$5+_MFUf)^vK^CQ~oJk4p7{%318j zGCOU*ZJQdN?0VCFy3+af-GbhS&PT+U$A=nt&T5mN_*#Uoo`<024H9Bme*a diff --git a/secrets/metrics-pve.age b/secrets/metrics-pve.age index dcc6d23..1ffa6ca 100644 --- a/secrets/metrics-pve.age +++ b/secrets/metrics-pve.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg uJnDmE99mLaYH9pL+eHhoY8U0PHOz5ISj2fF8N0HCwY -+Nuk+39ZVdDVfypo5zPItI51Ep0ztYBVGEshYe4oJJk --> ssh-ed25519 tqMvRA 9A79nIinxtnfDR5IqU1DpFMLEmgD1ukquSQwy9xrgQw -HvytTNHUPMCF/SrLu1GIMqAihmSnKGeXWU3XQbOEVTo --> ssh-ed25519 hKRBdw 1the4xRyYnb/JkSwhgx3ToUNfHdDJ529oBJQD/h2+wI -newJdp5+Q8ktGgCM4ismTRzAM9Fb8pbiIM6CmHcFZ4U ---- EGRZ1p0FNtLwNsUz4HMmqVwg8RTvJGxRyTMlyraVubQ -۲r72ϓ;km"xxRQ;%ZID*W߯o PH޿ϵvuS)BڐNXtB [2} -5q#᷐/ sXD҆ ?]J \ No newline at end of file +-> ssh-ed25519 jxhkLg lDvEBof8Z8NdYv0+TUdhcQIHX1mSTZNYfOnIkV4WnC0 +OQBTDRK8D063oFBQxKOE3nH0wGVukxQe5HFOqwZAmIw +-> ssh-ed25519 tqMvRA 0tqaXft6QOaUTztqC149AyyLnBU2LGyGDXV2Bgcan2I +ap1NbbkiULXhgWgCBXt5+oZ/kq/ccDyt8Ftzc1DGXso +-> ssh-ed25519 hKRBdw OpDyUUjQc8QpDQYnzrZa0xpon3Xdf8Q6iCJLypxc6BA +l15CtxwEHKYWTvRyn+A1op+/eeZIIJQ5kdVz4kw4Fhk +--- Ib1OF9MqqSb7+oBIj6Fa1HW+LPWw3Ah/HY0t6HJp78U +ŞweP=7wrռ +,xv-1 ssh-ed25519 jxhkLg FSTFFz4Mm+x7AxDxwbxj+/lMb4Fkv+iZsyH2OEzSFUk -SSjo0GgqU6pvGHc0x1pF4SmYhsU6U2oPd7Y5gzJ0ymQ --> ssh-ed25519 tqMvRA GAnhEWv/rQUTFEkXpB6SwdTrDRYC2Qt779bOgmbgGH0 -SYQNpeGfl2Tm3BMujTa7zSldKy2KgEtwERa4LPS6Yz0 --> ssh-ed25519 5VK9ng ODLHF2pTlRAxAbenhcu8DOMek585/+DELiQLNbS5rxE -LGrDab6vZUfN3aKtLGPEI9xtY97i2PDu8w0J+jMaMOQ ---- 6zu2BQaxC/wqbqVYThd47VBVTCbhn8/3CobsymC/4tY -+Qo,nTr hu^HG3W}î}VZΒbE=X \ No newline at end of file +-> ssh-ed25519 jxhkLg dH0UPIVd7ReJiXMcuVbF13858MZMgPGdXbVpbY00oTg +sJCnzd37uMjFRXsHRKDHCi2d4olDaPxcekmhfjSBNyk +-> ssh-ed25519 tqMvRA 0F7r6MNH8PvrMKg7HO92LF3xDCWHnLMQVpOwwgyTjQY +/PoytzE04AyqsuYDpIOeA0Q2YwHArrzXphgeEHTQ/VE +-> ssh-ed25519 5VK9ng 137e4+ZYfM4514YetVLhhYcAonNQivG3V15q9OmekCE +JOltFBnXVQOIB24LMy5OZX9m3DG9IRC+eF3/vKs7U+s +--- NuraArpkhHrHGoNHCbd7HO/Fs9Wjm1MxSzs8gic5h7M +~/Xk#giRp~qDL +51۷1T +HBH z ė \ No newline at end of file diff --git a/secrets/mqtt-password-frigate.age b/secrets/mqtt-password-frigate.age index cff0608..4070ca9 100644 --- a/secrets/mqtt-password-frigate.age +++ b/secrets/mqtt-password-frigate.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg RWH08YdNHhsdgZ9YZrAWqu5huQgj14jkeqVjpuN+lyQ -lMFUOLayKFT/CFJObzv+iBCNtD50Zkut3V613VpAZlw --> ssh-ed25519 tqMvRA bw7k2SUQgI/0VuBLFb9DCcIhkMOkfi6y/F48VmioR2c -J13aDSFG4MsSbws6fvOgw1yMj1SKPCtwhDGCJuqM9G8 --> ssh-ed25519 5VK9ng fy3OVO8F4TtYtht0S3V6OFeqsVgC/0g21VrNDrYJSUk -ahlR/jiWB/M4ZIoVkuyByM9Z6v9ILv4a7d7NnY2Sb+0 ---- q3dyXg0DIpWfmLsEeAtwvp7rjZ221mO9yU5jwiu9+FQ -%/7oK5%͙0 x[vdWNsjU?/ \ No newline at end of file +-> ssh-ed25519 jxhkLg MXKjE1qU4ALP35d0MnCpun5JCRqcoIS6m3j1Dd00LX8 +20T+vxTYHwsH+1R/UDZ72MNUVYy0h1BcvTDn2yXgrzc +-> ssh-ed25519 tqMvRA 2JXuTbsqDbV/y6ST7mZsrbWe55bRnqhOs9JMDMDLvkE +31lxz0EvusDT201zD15LnpiJ2Gz+cAnCN9RgglIJs7M +-> ssh-ed25519 5VK9ng 62Be1rbyO3L1ZdWQFc++i3RScPNqQu+qUxkHxL+nYDk +kBZqnCmx67zkKLNys8/JqeXYKC/NJA1M19EcEHK0nZM +--- u3uc7HWvt2BRK1b9BqBTtNxjkjwpfH/wkc6qK7N0T2s +ʰל:3v,#('A2;w{ + \ No newline at end of file diff --git a/secrets/mqtt-password-ha.age b/secrets/mqtt-password-ha.age index 3141be6ae214367bfcf81f6d27d63f0683c4082b..cbf79c89e313ba41782ec7c42e227ecb6083e1a4 100644 GIT binary patch delta 395 zcmX@ee2{s9PQ8DkdroDdrKxsyWN40&rDsx*S8zmCiFaU`dAOx>SiYA*xtW=1hD%yS zHdk7ms?OpiGEJ9qi?u*WtpjVxJkN& zS*E#9grRdemq(hfr;k~>c|b|FYffmIVOe=tWLib4mv@9oMM1cGxkX-hfQ5f}L5`p6 z#E;_jAp_mU)#?p-G9!7P-k~Udc{{f$koOUhc_Uy1Kdw=6?CP!TOfP zUXCGo6-DM*#>s(s8C4;E+P&+w{cWfc0gplOQ}bpPfor;Ua@bcN3c&pI+w1ULUD11 zZfc5=si~o*LP?=-S&*YbL8Oz3g@L6-UcN`VNn}oTl3PKfSDA^aaY#~ur?F4DUq(`v zYe7~~fPs?%SCxlvagnE)bCsv3zjtt6a;QaGv883GVPICCcCl+>qGMTJs86IvPGYIa z#E;_jj)o^hPrkP=Bt_E4f1%&}=A;p!!`retP#)-kj+UdDY#qQz$MG^ z-dR~iSss>Y`lVGaNxp_=*`+RC#)hFrfkxR@?%qEBo|%4uT(@pV>^e5dd!>TThcctq p)aV88CK*P5v#`^+;T3Rqx!u#CPr`ise6tsSh?`H5M`UD(etwcqK!kR3T2)}UtDCuFsZmr_GMBEMLUD11 zZfc5=si~o*LP?=-S&*ZGwvkChnX|i(S5~0DWx7dPkz1}yl8;wdR9T60rki0&iV%F$tI>jC0=EQ`TCA|Y0j0#mEmrtPR1d|uCCeM!GWP%Mp14S zjz*awP8CL$p@zPZW-gXhQTm1@;Z-RS&MxVxkvV3;CB``s*>1^Py1KdwNflKoCczfQ zA^G7sl?BN;S(Z5!+OCc+X%?OaCc*x$W+`b_e&LbHX8LKqT#9^;HoQJ?TDK|r*yZ&F pizcP3|MS%_k+~&5(K4>#dZw^q&&(6oO1;&cl`=Mp@crK#1_0@$hLr#S delta 395 zcmX@ee2{s9PQ68%WmdU`lcjH3lD=<5KyF5Ekhfbvj*+2xzMrGFu~E54VU}TdNuaex-g; zdU1YHaB4+4m%h1MiE&;)RC;N-r%RDbl~Z}1k6A%*q^G_?VTzlPSyYB$N?>W2Z-9@< z#E;_jUTKBCdH#jY>CRro9tBZ($w3wo`d%4MxrP3bh57m=rXFcYZkd*jhM}HZ0U_ln z>FI9y8A-Y385TY!mf_yM*^X6)nc;qkK2C|bIh8q;H0=yC1IwPK~A2Iz9vTL?&bkjj(IK_mW4sZT>2B!@{NPP2PsZH)bjhG piy8ZgKTFx>r0fsM41Xke`D$%P&EuEl>Rqdg(xf ssh-ed25519 jxhkLg vh8sd9xV/Q806xIXK6cYV79dGcCYhS1AopbQHyOH30I -AfuLD7D5vwEaC3v7t5qtQ8EsYvRuDWqz9wjkJGydE8E --> ssh-ed25519 tqMvRA JJHGREWSqoATkr6vEkUk7dGvLvc2ElNa6KWBfJcIWQE -0mJazOmYK8K2sMmpXf8u0PujNFNVOry3xXZu8rHnMJ8 --> ssh-ed25519 5VK9ng w0rWKarqUMgE6PBNL9wKTuCRRxyR9b0oUFtGPsPzkmQ -4wsCPHpcvTl3GfRaU2HNZxHWAdMl212GpVOsClPVyJo ---- LIZN/jw180wunsNYZqxoUV+jSFQHV8Jh/MZMxSRE0uQ -Fmgj -g>J̓[6+fڮyt \ No newline at end of file +-> ssh-ed25519 jxhkLg HoHPdMhlcF85hfUtrKuGlbkcxygcyZDZCn0EhhIirHM +12KyYrP2wmHs1/CE635MzKv5qRo0xK+WLawM1hd1DvU +-> ssh-ed25519 tqMvRA Fxxbhpg8TrBIfUvcY0JNfTIuw+4Om6gM+yoeOFZxOxE +sjj9lvAURU6JB/j/5p3hTVt+67rT/GVmWXb0MWre89Y +-> ssh-ed25519 5VK9ng pOgq9aQdsXmc7ICVr0OyjTAclV7BtYGzYrbPItnV3yc +mR3WBTVyGcsfMVTq7o/EiByhE/9I+lhQGXxrK4SIHF0 +--- Y8ucZIjnHoNU6tXzAclggxVzXc2S0PGnkMYhpZUrUpY +{_iPJPS,߾mRmQcn$a,pKb fF4 \ No newline at end of file diff --git a/secrets/papers-environment-file.age b/secrets/papers-environment-file.age new file mode 100644 index 0000000..32b0cd0 --- /dev/null +++ b/secrets/papers-environment-file.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 jxhkLg O8bzJm7lVjxAcL/PJl5qAVSiHuQI2vsvRJRepG21C0k ++kqMyy2KzhyFiBbNf64be+28zGcRQHDYZGixvokCxgc +-> ssh-ed25519 tqMvRA +MYKh8PVUOfMGTVUvk2QOj4adCkcMyNqd5UAa5A2dlE +8qm63tCIB172dHnjUkQyCAlq6tstulm3dDzFgTH9uWg +-> ssh-ed25519 KkzjXA Dd+uUaDF0mFr+ZPBdgnxuEQbvN13eKWWYDqpofaH0XY +sBFqWVkJ6+1eBIrGq8Z5gobEOFxnDZSqyJBHeJCLc5s +--- PRZMGeyoL1d7Dw3RaTis7zGm8m/mFm0qeh0id9U9o+Y +^#"ZvJf~ gŠsIÎ!Z]H+7cCO ʿML`N *21{@xs?a"Cu߸cH0x.PǕ~$*x"8]JNB_]23mt|ݾ4'2lF瑚7 + \ No newline at end of file diff --git a/secrets/papers-password-file.age b/secrets/papers-password-file.age new file mode 100644 index 0000000..6bda619 --- /dev/null +++ b/secrets/papers-password-file.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 jxhkLg FWZgI9vn+GpipSpJAkZXojtMeXQoAxOKWJaOao8S1EU +3waHB+6cP4CgaawnxyEZLqFO5NWPEz1qFBvzK3Mz6lk +-> ssh-ed25519 tqMvRA ylmjCPtXDh2VmTWQ3rDVXbHvKQhjL28HpxYG+iuFPF8 +6rBaRbTrOTlpRtD725Eir5NmMGK0Hw784PKRoBdmh5g +-> ssh-ed25519 KkzjXA ixLUMjsVw+bxCXT3ZVIgXaPLbMf+a6sbjXsbfnz14gA +MUs8/LcCNhxbOx1+gTKsld6FrdeZVrs9dBR0dvjp++U +--- 2Z9NM3b428PQUuNaS9uyWWmOKmu44/fJ0VPov3wtAXY +"\9.z`WĠ!y5ꌷKs[k<1e \ No newline at end of file diff --git a/secrets/power-password-file.age b/secrets/power-password-file.age index b44b378..2519941 100644 --- a/secrets/power-password-file.age +++ b/secrets/power-password-file.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg qQcbA0bt9+M+B9Ve47SNPHr1uPX+m9HOE2vfI339eVQ -5hx8LMyklnVrDJVqW42+UNvwQrwFuLvIfMvQYqbbB1U --> ssh-ed25519 tqMvRA s1/g5UQ4VOr2ZCVFjtFM6sk4xblYNJ+aJNRXfkeECS4 -cknku8Vrpfwrnfluaky2CXY8ICgCm8taS92nfUNoUkM --> ssh-ed25519 DVDL4g DYSwyQBH/o+vCDpm5AJ2IBQoCZjABtGSJxEH67uPXHw -cT7jG7jy8z71GvxJFA7B2yRK/vofWvmdr6CIju7D+34 ---- 5lOmaEiAcyK1Mmwfy0c22ygTnaJVio9CRiavktGFj28 -GN?WAba0x S'H]nlIonOt \ No newline at end of file +-> ssh-ed25519 jxhkLg ARlKAdvnmzIEQudKKY9wbDKuyYCK5VhATQt625Dp/lY +HHf0zpaxSX+NZgiX1Q0gh6Y4GCLtSsPkkhFmKSxWB38 +-> ssh-ed25519 tqMvRA /L3+1t5XzOSFpK5CHHEe2fdrSeQfDTUJb6A6CFDd2Qs +nw+Xfs1nLed8axWSXxeHShOdagau23IrnqBIvrGwGMA +-> ssh-ed25519 DVDL4g tVL54fCFcCpdtKa3LVBLTTovogAJX/Z4mbwB/4hHeyE +47q48scCmnJUFV7Ie9z9KP9UTF4yipas1i9oFdQdhiE +--- Y9C2Z5eq4oNpJwHgPtGajhb/cMaczl3Z75D7annBdtA +׮8 E8Nw@z9d qm>O369 \ No newline at end of file diff --git a/secrets/proxy-dns-provider-config.age b/secrets/proxy-dns-provider-config.age index 8fbcd98640932c15eeddf7bf44d247eac303be19..b491db37ce89a572cb6ac23933b785e860e3ac79 100644 GIT binary patch delta 543 zcmcb@a)o7rPJL*llWS6dL6$+bzIm{Ak*~R#k5g&7g?CxLw@a2ma!`<0V6LxOSyYir zHkWUXNl9ROn0}J4W0q;Ac2KalMQEwBL1JZ^NvL*3Xui94W_d)4Q>uArIhU@TLUD11 zZfc5=si~o*LP?=-S&*Ybv1>$zTcAmhc2QMTp_6~2v0I{#PjISHKt+_dk+FAHfsbE> zcVSh&PergNm%CR|eyV1DxXfu{P7;jSJY=7w&CPDZ(5;X#(^+EwXX7L_Gt zt{GXz+0F$?mM-2d8Ad5i+WEm5Wf4&YS>=(bWsxNjNl77T8Q#TQy1Kdwu9*e~WzGhf zP9~mCCGI&s8Ks#KA)aCSsg~|l=>E1b=#adTyO*EWybJc;@hth?iXjW4JYE#LO5Ec&An&Yv~8Wae;4D_ zO2tB3c0ZQnn@7SFUerz!m?!ktjb+xOZI7nAR=SlfIBY$kt)W-KJfL8kV@+hY-lpYB oUna3fzuu+qX!v#3k>JRy<PEW;_)*Us~BJn07)201?8><^TWy delta 543 zcmcb@a)o7rPJM8yS&3JeWq7GmdO&HOS58?(P>N+>XoPWOK|xhwX+W8YS!iZ(zE56m zK3AlLxpsJ{bA*SsMPRqcJ1(&X!LUD11 zZfc5=si~o*LP?=-S&*Ybs&jxznsbJeg+XdnMX6y_iCapcTS;X`n7c=1rDsuKRDN1! zxl68gVRo=DmtSO3zLRB{uTN@NiMOkNR!EL_rgwgsS6Zk+X^^vaQAk0lo27fcc}SM) z#E;_jQ6=u4?j;t%q51haA;H0+i3JrI+4-57CJ|x&VTqQxhJL1jd48!bPC>q0$x*r9 zj)wZ)ewGpG7Un_0zFB78;l4%LUlrlTZKO_+$UUSO#xl ztqHRq|DR*}LvGr~zM^=aw&EHe_V>mg10>r0?;4k9&0fs2YV`*>^F9Lsb~XFHf92<+ z-Hu3<oXsiL=hl;fB<9v_nJUmiYf{(;5o@5tXzb(|LR-8Y&wdc9Yw zh}`cz3Vt1LJXKFvu`ozy*hp>LwtDwvHlai1TkOg=U8?-$a^b0svY0yKw3r!>XD?fO oM^8Frm8!*;%D#&4Y|O`6n=*g3NA&eGxrH!2o_tbPwlaW_gW}1FwgsFC_uZu^4msy!%W^u4~L0Y1b zCs$-~nn!uANrp$db5dAno}pVnR!~$`vU5ppgkh+quV;E?d7!JmkC8=4AeXM4LUD11 zZfc5=si~o*LP?=-S&*Ybp}TffSw?zASb9>vw^xx{lv{{tc7$1|Q;vC|S*Ba6S9p0z zv1MgNwo_&#mt}=vsgXfeWVU6#i)Vy;dWug*S(T@@mupCoV{%DANtSx2BVg9~cy1Kdw1zr~Bff<%= zMVUp~sXhk9=>eI^o;g+CZmyQT?vZ9Cm7yi|ZeCt~z7ZuRTpJGdDW0z|lM;{0-Qe36 zfAW@zfwD`^$tgSLEPft3J4k0M-|i=R4Ob6IrOxBNGJoM&%OkTJ?R3ii9-7lK^<%&3 zSp$*h=NLBr^pQ*Y8w2QE#N)zW;2#U+ULz%kX7k z-pp@g))?2yuk?;E4AKAimirXL*Y`b}a%?;|7oYa*{&3su(jEc(#wW_EH>`>;^De$S zVavYT$#!z=8CU=P|9x|orZ~@!UGi7Lerkjp zyW$zI0<9-xcEmLDtVpP;e;a!%g?~=m4`r`<#{C;)UQ9C)IR5R_{q)5NJKbE%a+v0< z&9YhZ_}#R|A2EFsRZm57ZhfoEwy)SgHF3pyHlwJ==h%NU>^Wq6d+ojSnVWUq2&|tL z&85H4Xlc>IFaM^-r^W4&F5;}VjxQ2B5T)90TAKU(7lZo& z{yOq*hYWjjoY`{wWV?v!%1zm`}Q%bW49yly1sYCH8|OONcXc!MXpZIJ=`4ckga4 z3g8du+W)S&@a{sx{S$7zlUpslwU%Sc5m~bxFV`PgQMLbBedAWs8t%_Z%k!@|ZGCbr z>9{wK!Mzq2UjB3Z_fH%xH(Y*fGq+{m+l4M`-yU|5S^7I?{ngp0qZ?+hbgIbxJh(nB zT(M|>L`GlI{<~i|LheP{Y>~Jq*0T7?-j6~>esvsCtG}t8k56%3$j7_Y{`1qY1CvcY z-ptS3BhU2W(I34n=BHk!?zj81aYEE5(@qBCWTr0Pt4{7ZbHqi8_cFf~*4ut7ZOYo8 zGvjqDg6DI~CRvnSN$&o)&4abruzb1MEX%CIm{6-(LMrcGEZu+kU+=n8k+LtIYQCDh Xb_I8k@skRT)hWqmy_b7NAJ7H>V`rZr delta 1462 zcmaFD{e*jhPQA0Exv4=^luM#%Vn&6Bk)^YHQk1tzx^tSRzk5iQr@n_tWJs!Ik*imZ z30In1RAGg8VSZ(PYE*ejk%3dHue*zHxp#PEag=#ZN^X|FmqDe6fl;WFBbTn7LUD11 zZfc5=si~o*LP?=-S&*ZGTYi2~W>tQopJje=ageFMo14CWa!R(5k+)%as%dyZnrpG2 zOF%(>L`ZHjSE+?|Zdr0jh-a>wPeDdtm1TZNpr@IorGIvDwtr}NWvQccSZ0osabl|H z#E;_j`4vIIN&Z1*mcgmTCi$gVfi7m|72%0d0Y>QoRTeHmWmQ?}MaJF{!5Jo8>A?{u zMx};M9@%C^K_yNG-dV-Yj*+Gj#>Hs{-dTy3rcPcVh8Ftn;gykGy1Kdw+EFPkd1gV8 zx$Zu}W$7jX?tY1>#(|}k#-VNj9zOZuh54!Vm01-&=@kLlTy?GKQVRl;+_^GyYLh|@ zLKj_n{I*E@MDvucrP1ASH@l*SlP8op*`29$Rw2 z+lX8n*g+^vyKbg}}-{`)nt?3Q-L+y5dt^3-4RYQ*czdT2P>)L-gkKX6+Gta)8 z*uz$q*Obk_$*=TFe@Wxd^D2gpvnIT#k4tf|C`+1lXQOX+fP;DPfkj`By^LO5E}X75 zr`S}`^4~`?69eM5t|wo^T^??)tg6x3hUBZ$0`Nl&cS&_2^#hjIABT%~7A1>elE>)^F;ar(n??bl)rMcGMBI?G{ZJHb(?#x_(^A zSunfdvu|UKN!{!zQ#fZ@8ou^w!Mhc7TkOD z=H|Q~E@|#-dHNIn@2oJ1{j9*B!Q#Ru;VpCgQDRSwbl%;)5f9yt_OX=+{b-fiKc}`~ z?it%;Qq2xqy6jl? zyfkU%GCln%>8Dmd-<#d#>3U0M`x4hPXC@zd;XeHouNz;kcK<`;i0N~tUvDe@^|M1U zg2~oz6-T)G4n~WaE9w~MvB&Bd#@v39&-43d<(`9o`|3AoSjpKMec5;KQPKykH9q=5 zS2sUN{1Lr$XVyU&Ba7v8cdKg_*VY->|{S;dmy zD^~i`v7bxS-xn{tw1!9IymPYW{Z|YV{=HCx~@zjIQ zJKG)VBv!^8aSeMqA$6M!Pqg$it@(y4&R!N3ToL5wXKJ~$J3nepRYmT+Yj4{>rf!|b z=ACLLx%^Lu@3!EpVRN4z=gQbFd27=4jQ)SkZa0p$YcQ9!WN*%2@My;5lPkZ^eNy!E V{Y<7wI-w0EQ<|2}TrTmp6aY&YpB?}J