Commit 44f8e66fafe1

Vincent Demeester <vincent@sbr.pm>
2026-03-24 13:22:39
feat: Provision carthage Hetzner VPS (CX23)
- Replace kerkouane (DigitalOcean) with carthage at Falkenstein - Add real host key, WireGuard pubkey, and re-encrypt secrets Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent f375c16
Changed files (50)
infra
carthage
main.tf
variables.tf
secrets
aion
restic-aix-password.age
demeter
mosquitto-homeassistant-password.age
harmonia
aion-signing-key.age
okinawa-signing-key.age
mails
icloud-vdemeester.age
okinawa
gemini-api-key.age
groq-api-key.age
opencode-password.age
openrouter-api-key.age
xmpp-research-bot-password.age
redhat
2022-RH-IT-Root-CA.pem.age
AMS2.ovpn.age
BBRQ.ovpn.age
Eng-CA.crt.age
ipa.crt.age
krb5.conf.age
newca.crt.age
oracle_ebs.crt.age
pki-ca-chain.crt.age
RDU2.ovpn.age
redhat.pem.age
RH_ITW.crt.age
RHVPN.ovpn.age
win-intermediate-ca.cer.age
rhea
exportarr-bazarr-apikey.age
exportarr-lidarr-apikey.age
exportarr-prowlarr-apikey.age
exportarr-radarr-apikey.age
exportarr-readarr-apikey.age
exportarr-sonarr-apikey.age
gandi.env.age
jellyfin-auto-collections-api-key.age
jellyfin-auto-collections-jellyseerr-password.age
jellyfin-favorites-sync-api-key.age
jellyfin-favorites-sync-ssh-key.age
restic-aix-password.age
webdav-password.age
sakhalin
grafana-admin-password.age
grafana-secret-key.age
homeassistant-prometheus-token.age
ntfy-token.age
searxng-secret-key.age
shikoku
aria2rpcsecret.age
minica.pem.age
systems
carthage
extra.nix
globals.nix
Makefile
secrets.nix
infra/carthage/main.tf
@@ -12,10 +12,11 @@ provider "hcloud" {
   token = var.hcloud_token
 }
 
-# SSH key for initial access (nixos-anywhere needs this)
-resource "hcloud_ssh_key" "vincent" {
-  name       = "vincent"
-  public_key = file(var.ssh_public_key_path)
+# SSH keys for access (kyushu for nixos-anywhere automation, homelab for interactive)
+resource "hcloud_ssh_key" "keys" {
+  for_each   = var.ssh_public_keys
+  name       = each.key
+  public_key = file(each.value)
 }
 
 # Firewall
@@ -70,7 +71,7 @@ resource "hcloud_server" "carthage" {
   location    = var.location
   image       = "ubuntu-24.04" # Temporary — nixos-anywhere will overwrite
 
-  ssh_keys     = [hcloud_ssh_key.vincent.id]
+  ssh_keys     = [for k in hcloud_ssh_key.keys : k.id]
   firewall_ids = [hcloud_firewall.carthage.id]
 
   labels = {
infra/carthage/variables.tf
@@ -13,11 +13,14 @@ variable "location" {
 variable "server_type" {
   description = "Hetzner server type"
   type        = string
-  default     = "cx22" # 2 vCPU, 4GB RAM, 40GB NVMe, 20TB traffic
+  default     = "cx23" # 2 vCPU, 4GB RAM, 40GB NVMe, 20TB traffic
 }
 
-variable "ssh_public_key_path" {
-  description = "Path to SSH public key for initial access"
-  type        = string
-  default     = "~/.ssh/id_ed25519.pub"
+variable "ssh_public_keys" {
+  description = "Map of SSH public key name to file path"
+  type        = map(string)
+  default = {
+    "kyushu"  = "~/.ssh/kyushu.pub"        # Non-interactive, needed for nixos-anywhere
+    "homelab" = "~/.ssh/id_homelab_sk.pub"  # Yubikey SK key for homelab servers
+  }
 }
secrets/aion/restic-aix-password.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A4naAAkBenp6QVwnnUMSu5zD1Pvj3/klpj0kMnh2mzrI
-VAXlIX+UinWusalEt2YejpU025j+pfA8qnDBZYwMlig
--> piv-p256 cUinNw A4R9GBbGVDc3EuGpShZCrBM82CuLE0eVAUfG4UotAUPT
-u5mELYXqCveqUeek+pbz6I9LJeKYWgifvBFnm3btDzM
--> ssh-ed25519 5bXRbA 7Yjps1lnM2J8xVv6oieQjvHRroNhWd2qmvB7dZnlJlU
-W2ZvTDZ4Sw43Z9DLRbkb+HQeE20kVEOhjx5ZUSVRXpE
---- PLcI7FwdepPFWr5wgB/lVe7Qhu4C5VDxtmn26hg6gCE
-���������[ �(ns�u��9K������O�޳7
it��Wb�U���@�O6X@��)�t�@Z
\ No newline at end of file
+-> piv-p256 ItIHHA Awck2XKQ2DvrHtQzSqugRvh3C6d11Z7FF0qHJolglTuK
+VGGgZunr5rSO9stdBL1LqyFY+r3pg05cPblNiivwz1k
+-> piv-p256 cUinNw A5wGIIzDdxmCeUWm3acnlGgQPHfOrElEL/43bPWhYi50
+uUDOBlBbPX3gqIoMvATeCLZz0b0CS8g2dE4Jr7dEXDU
+-> ssh-ed25519 5bXRbA c7Ij9qudy02KFY0XFS/dpD9bvfinCkIbkDVmm5hEQiE
+1LxaTX1ORqbobfBAnCXpGh1VvJpaCs5uc7j7L9pVS9Y
+--- Ijc0NrkW7l+XNLy7NZtuGZyFHdXSAEseN4nwjQ5Y+e0
+0�{��l
+B�TY0#�����i�|�|�N"S��w��qDv��[�L�amׁ��9}nU)��}�H�
\ No newline at end of file
secrets/demeter/mosquitto-homeassistant-password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A5gWCNqtIR6/GM8rteW4JPf7sNXBTeUTv/kJ0alSrYZ+
-cCheNmM436Dy6Sm0KNOILsWCIdu9azZDFUBOI7UbLck
--> piv-p256 cUinNw AobEHJamq8c+8VhykmkWA2NBCwJTt5mMZ3GbVfF0FphM
-p7XF00hsxXqvGnI0mmKYylyqsWOiDs//ZE3v92zRhxU
--> ssh-ed25519 gecXFg 6QiQK6jbZEJk1c4TYSxw5jc+oY1lsebV80TovARmiVU
-zDJioJb/DKqDJtiPgQk+7AHe5ptd+xGQNWvOOnL3Q54
---- F0EfX+Mk0v8j5gbGKKhUIw4VO0eF8CfOnGX0X6ZgTvk
-�[���.��1Ip;��[ma_a�B��~*/���,;����`k	�(�M
\ No newline at end of file
+-> piv-p256 ItIHHA AocsMVrW8vclPmy0V2zlKuGJpLtie76s+qcPZXfR93CU
+/9DZ8gsMBY2pSLaKaO6dQ0/hBI/ShajRCmbfdoX6eFI
+-> piv-p256 cUinNw Ar905PIDTJdSzE2b/dY7vSgIyrMigAFVFZhSQ6/91AlT
+QMBwADqkwAC+UbiUgsJD/1weA6FjVNhlFf4YpSeho9g
+-> ssh-ed25519 gecXFg SgJK1pd3JOZ0ExdRGpqUTJlfRAcFPvP2yeo2tDDO+U4
+/b6ZJCjUXg4y6+nwWwTgOlOCnGY1nXgeke2EEoB1G6Q
+--- h1iTgopcgE89YuRMpnysSKkm0wI3vm0bTVnlNi2ik5A
+^j�wY*Xě�,�������kI�����<S��[u�ȏ��
\ No newline at end of file
secrets/harmonia/aion-signing-key.age
Binary file
secrets/harmonia/okinawa-signing-key.age
Binary file
secrets/mails/icloud-vdemeester.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA An5tBO3Ej/lWelhP4fLCyrWobJ5EBZh16ABf3gMQvEO2
-/a0XjyeTscvD2BEN5d/8cJ5rYGpJWzFBnb3MgpPlON8
--> piv-p256 cUinNw A+yOjjuge12tOmmqFFlSOgkArnXioN6HBFp8zh/5We7Q
-V54jP8guDJTCyZIFTyPIuN6SDh/H0Ib8dSTm8Ysljy0
--> ssh-ed25519 i5EGzg M0xhCZAe4qAnVkPuzWZWu8csLUAdUivonBfz7puvGiE
-dYCNPhiTPHWDXGDXghNp/PecROaXrOhbT2GDGGKOfXU
---- ac+CgeqHM2Gt6464/VPgQ0ka11AfhciGF5uYX8KVF1k
--��Q4ҋ0D�LŽ&y
-Mb��Cz��}�Ǿ(^$b�{kj���J]�
\ No newline at end of file
+-> piv-p256 ItIHHA AqOHYheFEX4RR4bHmrrCZNFeiCxLWnO5Kr/+XTKynOeb
+zaai7ZI4fM4ze2gSLKfexfIu6NolNLVNPxM2cPFzZ+M
+-> piv-p256 cUinNw AowUNQltwPPrlJwWc8y+3prjdtZP/i3zRrRR8spwIrE+
+wQSp14g3s5QC8ZNry3r9nQppzrXjaAdGri8AIZH153U
+-> ssh-ed25519 i5EGzg QKIKFzqcJn4h+KkZbS74/5gPG9IxuVxOkO/u1RpruQU
+lTL//Bg3amyLT9HeMofXDPYGBaOZLw/gYELBXJR7PNU
+--- /nS888LIH0xNT3rPGBd4lC+xFWIrVrcGx/vGHtXVcT4
+�d��_O�e@�l�Ď�Yq�m�7�M�If@P/̔&��6���<�"o�.�
\ No newline at end of file
secrets/okinawa/gemini-api-key.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A3fHEtxe9/4OeuW8FXm/e5KsVzgbTGB2ARiQccP0hyA7
-kE0gbISO1Z/VpjmB4kk0gBSMMEj7bZhZZDewkc57P6I
--> piv-p256 cUinNw A/gvIJ6g6KK/jgrs9Mt5NBwy231oJ7r6DntZdk8bS9yi
-TGcVqkqYuwrmceVvFSsiIWws7lbBAPHPP5cV6e6GrrA
--> ssh-ed25519 3Z+PEA fq9mL8HZljoOC2Kgihde9ZP90IrCrOVT3YRUHjvR7Sc
-UEkzZY1pDy8QRZ7E4MXuMPgZQjfU/OvpsSEmwe1o340
---- D2wfYs58FZBT1qfjbMHYbP3kdx38ZFwYTVSv7qY38wM
-�1I'���?�4s���Q#S�7��'xd�h���,�79�<{޳��ҙ��x�g�p�&�)
-�dݎ1�H��
\ No newline at end of file
+-> piv-p256 ItIHHA A8tLdys8whfwqj3Mc2FpjoWzhjN9yqGMdavT6ZcuMqRC
+0pXcsHgNYMm29D1XaYBTWeEQzoMsJLPsDW93DlvhtIU
+-> piv-p256 cUinNw An68eVru0nJDBb9bcDniZCVYcyjeJw4JYPyN31v4M3dm
+iajAvnhMqj4lH4xEzd0lvFAYyEcRMlYTJvBeBJAsYiw
+-> ssh-ed25519 3Z+PEA X25pkMmw5pCr/SK5TNjGqFotQb17Iv8maOJPQXzgYBk
+tx+uBdDd4RWpkgC+R2LEkYcXmpUgNINl+nP29IfYlMY
+--- wzYkZC7JHs98r5vXWb63KKeQYYo0ECC8hzkbOvzyq3s
+�����qSP��|g�<y���ٓL��n=�
��u]���.��ב���
j�N���8~�9v�7��j�Ì)��
\ No newline at end of file
secrets/okinawa/groq-api-key.age
Binary file
secrets/okinawa/opencode-password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A9JTl1FqobWybB9TSTUgTg8aZf2Kj0NgBbR0oREkH9iu
-71cLdZRzQ4yC8D6cRBc0NNAXapnHg4igyYRjaV1ljbA
--> piv-p256 cUinNw A4qgekq6P7RnQZ2DkGtnLA+JqERDYIEi418bDsX4wDtV
-5dLW2ha+MwhauzUMLurYeGCdL5TZEJWUWQt7Rg7tN+U
--> ssh-ed25519 3Z+PEA OvO7e/qMLqcHvuJysqLNvhVAFF0bnguffDRqMA0wZT4
-+Wdn+iaQqjQFf5/b44ok/VPxkaPVJI61G0n/agtNUzc
---- FlO3nWgpodCUheE2ycLSaK+wPk+g/spCRksrj0GXJ2s
-��D�3��m�U���{��J$Uj×�~�ʜ	��6�;y��rG��|xn�
\ No newline at end of file
+-> piv-p256 ItIHHA Au1TRraeGs6RAMFcs0kDyj46pIkXUT8GPCXJA9dxxbbV
+bobd5/0H80U6DR+yU0nX6FXuSBlG5OHsj+TdK0Wy+X8
+-> piv-p256 cUinNw AgpGfxmw9x7j1nNjRDJqLMysaCun4yh+F5XhOaBZsXIe
+s8mOlyoIvipc3EbM0mF0FLjrcSBcWy2So0bNgrzQgFY
+-> ssh-ed25519 3Z+PEA i+Y8m7rmHc61rqBk7n7/jj4yAZ/thQolCuFUjD56MSw
+qPHe8bqavId44/vJ/q6ZSVeRkppC+5V67GiTVpqUC48
+--- SLB3NL0aO2VozfzE5HYt7JpahRv5w/NuGAF154qAsOY
+}��SYi��=|���C��x��CE)lp��A��#���4	�&�:y�3
\ No newline at end of file
secrets/okinawa/openrouter-api-key.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A+J7Q0Svnkf+Qup3i3vWAKvhOLQ7v2WUWgA/SKsChX15
-s7bw+A9YuQLWy1dd/PFqnOAW6LP6NZPq1UDn6C7sNAk
--> piv-p256 cUinNw AxJJna3MTbqDA9y7OtyzgpQkYymE+M+UoeOI2AUZqoKO
-zV6WYn51PUWfccLsM1Z7GvSjaxzP+6I3LB0IA8kCinM
--> ssh-ed25519 3Z+PEA tODvvH4TtPeWcAT6QLQbQfit+Daljkq/5Y0tLGXpojU
-h01f48auvvVrGX49hOVsz4Jt1IBdCI4qfeB5O0Mwsi8
---- gTronstY7QZJzmTsOnMeBPYvx2QQ1hV2OMRyPwno0BU
-��_�
�&�E7*�����^(?�s?t:�Zn������A2�	�okՃ���w��	͜陂�8=��T�������	�EQ͉�xW����/�� �A&������
\ No newline at end of file
+-> piv-p256 ItIHHA Az3pyKza6trEG+uQqRjoRAw5C5r+P8NGXxgn56Xd4Za3
+v6lPtKt9ifN7GfQP+vmp+RrGemcNVfWnzQBl/rUdUyY
+-> piv-p256 cUinNw A3cBnON+QqAiRJe36nJCJ+gzhqY8BaHi2LfGOYFLSLpf
+hWvsMz4aHiRfbKHldOOW+/gufj20OGC76JOb9bNFu9s
+-> ssh-ed25519 3Z+PEA +MaRV69h4cNG67aOKTBL1w7JiK2ssDxHKStZuG4Y2G0
+B4RaIuqISoliJxVG2k4RxvoLvF+pWd3Q8crDUnf6VB8
+--- C1xBjkD0S+Q5p4FA6SOqbuiXwyUc1O7ws9LP4WgIHXw
+<�i1R[�a���re�y��k=�c}�@���8�V���x,����w8�n�{n��`�U�/0+8������"��(���O<��_�F8�H�u�aT�=���N,q���
\ No newline at end of file
secrets/okinawa/xmpp-research-bot-password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA Ajq+S43Cc0XZZaluoCeZrFoS7HOQN3/RC2bPiR7lMTrV
-eDl1vduveHG4Jom2zPAZt92xC68Cx1Nsh96ZmeRwr78
--> piv-p256 cUinNw A3ChtGPMsY2Rf63XZ5SE/9dfFHOvtxfyMD1tIKCWE3+d
-l/GarsxGhrtRUq4RVavm76y8ZCAQJPQ+h5IQ9/nKI/g
--> ssh-ed25519 3Z+PEA IoXU90fsIxrOlVWEEiCRWmUm61w9Hlkr85hO1VZKUzk
-varTB5c3J7hFuWDogZUoO17/2P7BKIFAwnF3LBoMACw
---- 6Jdg7F2qLSG6NrD0IT8R6tsjyJ7S1DRvViN4l1ORlUs
-Y�󯃱�
�p`zn�J�(�j(4�I���+^_I&�Rۯ�)�2��
\ No newline at end of file
+-> piv-p256 ItIHHA AxYtz+A+a7bEgzUHNYWUb+x9SFQvMcB0gfXPQ7+4f/U2
+Yg4NE8TA3HT1Bhxlo2t4UdjwQhmhbR1abbFw9UAwnYU
+-> piv-p256 cUinNw AtE6GSfsOADAjfJvBSqjs5n68g6QLEiAuv/uptTmX3+F
+wshAihJ08YaY4t8ZgAgZ/fFZXXEz7dSMOBJQKdc9OSY
+-> ssh-ed25519 3Z+PEA T1fcztfGHAiJ3E6bbxfbVyHo7OC59fki/icTBCdDWFs
+Bx9i3Q7EwkqnNGVQZtEkdg+2uzIJ9FfgH7NwFQ5hBGA
+--- 0PSSU7PWxxqwxnYjwXPSns/6FcNh9my8fLNu+hq1Cic
+���m@���� �&,�v-�x#������w�L���=�����aT�qg
\ No newline at end of file
secrets/redhat/2022-RH-IT-Root-CA.pem.age
Binary file
secrets/redhat/AMS2.ovpn.age
Binary file
secrets/redhat/BBRQ.ovpn.age
Binary file
secrets/redhat/Eng-CA.crt.age
Binary file
secrets/redhat/ipa.crt.age
Binary file
secrets/redhat/krb5.conf.age
Binary file
secrets/redhat/newca.crt.age
Binary file
secrets/redhat/oracle_ebs.crt.age
Binary file
secrets/redhat/pki-ca-chain.crt.age
Binary file
secrets/redhat/RDU2.ovpn.age
Binary file
secrets/redhat/redhat.pem.age
Binary file
secrets/redhat/RH_ITW.crt.age
Binary file
secrets/redhat/RHVPN.ovpn.age
Binary file
secrets/redhat/win-intermediate-ca.cer.age
Binary file
secrets/rhea/exportarr-bazarr-apikey.age
Binary file
secrets/rhea/exportarr-lidarr-apikey.age
@@ -1,12 +1,11 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A08/08KsRv8gpxE0GfWO9wVIhEv1qbMq4OU3h1dqoyNS
-QEwyYvaEF/Wj0Ap0NOgkHVMMri0noOqGWmcpWlNexsg
--> piv-p256 cUinNw AvdiRN8w3R9rn15lNzX942iXGDfOxejnsVWMko6M1T1o
-9oUWE72HOenHygvjiP1pX5EuYLkTnG7NE+UaSv4MwHo
--> ssh-ed25519 EboMJg oS4Yt2TmeHX0VCxHAed2RZxXjNNTRYiqtJ6YClR4r28
-qq/5NM4z/xWFljFUeHlG+EVcTMQ8C0nhePwpS/aNgws
--> ssh-ed25519 5bXRbA 01rDUXaZ37wWmaLBaRHhZd2cwJmIQKH7cGI1RU4nWkQ
-S6D7Lscfp7fne3kd9wyu5O2JlnirSZMQGfKAi9nRqR4
---- S5SWG1U8s0SgQpZyW7H4hUKQTcfhjVeOAchkruhYqCY
-Y�9c#����fT{��YM�����k@����D���������L}r���H��6���
-&�^��
\ No newline at end of file
+-> piv-p256 ItIHHA A9MwemDW0Q5ZIB9OGNnXlscQ/CpaWnN2BLFcYEQ+waIu
+qEKC3f3G6EzF3C3lcngr5NlNL2Bnp9Lt2H9gmE6M4GU
+-> piv-p256 cUinNw A9uaU4BNycCEgib9Jfe5NP4yheY2FUSWWKQac4kXZxfy
+3Fxrw31GW5Gv/5161E58rBM1KyYcsVvhBoDddrCyFmA
+-> ssh-ed25519 EboMJg cBkovK+o0auS5peLGfcXP7eXhswqIXA0fbpFmPAeBRU
+gw2B7vIhrSJgQXexcXcPRbR7n8p+JrMS1ryfeZZvozQ
+-> ssh-ed25519 5bXRbA Ok+t5pUUDK25MyE2CtclgxXdf/dmAiBEXNNNEh6LkVU
+HJ2NA7YMC764g6IbTYivpg0M8+BGJ/fHFHzOixo+hKM
+--- UdhBpi7pR0muOYXdrmgy9443H5TJMKAYIW/U++vFjhs
+[Hp-[7�����������c&xMAk
n��wYp�=W�ǯ�)h2�Ĉ��|��2p����sk��>�
\ No newline at end of file
secrets/rhea/exportarr-prowlarr-apikey.age
@@ -1,13 +1,11 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AvTGMwxhcCKntYGFF6CJZdZdavHbGxRy+7I9SPojAABj
-XMplzBenKGf/DjzFZzH+jzJSLYeUB8UtuO+MP+N0lDU
--> piv-p256 cUinNw AhRDlt5qOn2dSTFlCa2kXo60il+T/kh5ngcB0Zi3KTwW
-bOS40d+b6Sh+KXM0JsZmMKgP98trsX4G/8j5py09Zgg
--> ssh-ed25519 EboMJg Popkj0DbDz2pqaEhHQPLTTR2dCl9ONwBLmnw6/TtJRs
-05M84lWBsVNvnvAHl+Ee8kkmFx+ideNlZbAPPn6OyXI
--> ssh-ed25519 5bXRbA cAkVDGp/Pg3y01p4y3nuZW0JP1IAOfYfq41WYOMzXyI
-a68GxQfikujfFKGvXrYuH515a5LeORCJLsUJA70X5pY
---- b5YXLJQ1KAZvbbxezT7zY+fQefk1wql0Im72rjc8hIM
-�
-�&�+]�QK4�8'H���������,��9�eJ���׼���οt����K��u
-�H�'
\ No newline at end of file
+-> piv-p256 ItIHHA A3ByCknQSYgBB7RIUoKPepIsjGWd76EI+HV0QNkJmyZa
+7nsSRnKejNUKRMBWS46G5Vp7ODuQI2Sj0CWSVnVuQCw
+-> piv-p256 cUinNw AlFN/L7kGeT315sK94htDJxO7399smrohZgLHzfMhfFu
+tjQtYveTfdzQdCc6x7B2NhJHJaoqaNGfPy2CSgjgfK8
+-> ssh-ed25519 EboMJg OU/p+4tdha/5XHmDtUAqI5S+Fxy8UshaNiCzN8EtGVo
+JS8BlTHtspeApww8miRIr1QI3z1qsK8xBfluR+l2ptQ
+-> ssh-ed25519 5bXRbA ZqflyF+ELJD4HSbfMWZIMuPxPzMYM3MrAtvhBi53VkA
+3Er17Adtszi0IJjXblzJhfTYpFs7RUthnVcrm8wfXXY
+--- uGNWZSCEbXnvdRcZXvOY2MrB0s7Oc/nGz3T2ynTarA8
+�X���No|�Ac��o�(��>/�}�L�pI�^w'���pl�\��n�s��'�j^�B��2}n
\ No newline at end of file
secrets/rhea/exportarr-radarr-apikey.age
@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A17V/yWc/srTwhaYHY4ZRCJ+ejAABMjKm835HbYiW9Kc
-sXel4QBv5nPA1T51yp7GzG1MaapSTxrfbRRYZMl/4Lc
--> piv-p256 cUinNw AxAiBn+1MNylMuCodZ1xpBdkXLW3A+Puikyds+ZB+/y9
-c8WKUtEhDLTh0OMOgS8A2GAYb5TnZyN5QfYcUOvfaWo
--> ssh-ed25519 EboMJg d3RrP0RLNXzGABXUaKzi43mnl0g464SmqsxJL5eEVSk
-+SCHwnJcJ0n1qf5G8C0kEBHnn6ovMI7KwdbIz84gGvM
--> ssh-ed25519 5bXRbA JIWV/wbagkyn7XkS776tDOgDfpMJuPV/QlRzV5MUYVo
-rsOE/3pw20yzK6/4BVOlAFuAFeLu3B/FYumAg+Ea9FM
---- 1yzSBC6fyNffXdoZv5VwO4/9rV6wlM6/O21Hi9hIeEc
- _����
PdL-�ȴ��I;�\`Y��@žC�68MID���cWu2}ɿ����JF�?8�
\ No newline at end of file
+-> piv-p256 ItIHHA A5xNhaNc1/OtN8yHnXhzItr+2ZDvALrScoUzWu7Zasmp
+iX4oqjt7yNr7XCS+Wr6ghPlmBDlQC3+N2Co29BUQLfs
+-> piv-p256 cUinNw A+V7HK7ZR1u2ntjWopJlNdR07/0ZBFoR+uH2E7lZj0Yh
+ASeKe997SKR2+bYkhmK3yXGVFEB7XGz3wOm7aOTMG7o
+-> ssh-ed25519 EboMJg 7bauCKy5LHgetVLhHtxfs25WggrbkjsfQhYpKUqRHX0
+P7wgf7VUnvda48sQXKVC86gdCgGBUNH5WuV5WdvVifY
+-> ssh-ed25519 5bXRbA Wunx33qyw9QC1k5N2ZJc5ioQkAds4Wi81Rt4KgIN62g
+DvhQKuo0fG9y7PFSrhhpMH6rKVv0qdVBLdF2GRoQ3gQ
+--- u2HlCM+zlp2V72WeTHebcJWDLNKyg+TSBgS2vr0qeT8
+*p˂�Z���-Χ��.����Q(�k�J�6IA�*"�-�n4�h��Ta"['��M�ť�Ӣ�@C
\ No newline at end of file
secrets/rhea/exportarr-readarr-apikey.age
@@ -1,13 +1,11 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AnHuyeQ9nYFthzuQJzjrTEaoNDnq2U0mN/i773Ed70Ts
-kQuWztj4Kkm4TUcYJubDQOew+kHfZcSr2Gw1lF8x/V0
--> piv-p256 cUinNw A+pyJNvdqedIO/DrPXCHCgz1KXaPiHxHqlq81v0r0pG6
-VcjOD6PVYajuM/dVMxxj0lYCkIPfjoctQXGljmJG6Mc
--> ssh-ed25519 EboMJg X7kL56+muF0+DR9E/BNUOtrVpTCllSNYIbV20vbiT3M
-ANGCyivkHq+eJD/1wsqohLwzEOplOVNbfwYu9HylFhA
--> ssh-ed25519 5bXRbA gIfkumWvdvzkTZO7R67gd237FVwH/sBCu/81i1xOq1Y
-BoO0cUVIWSfOTNzE87Bx0d8tR7NXBiXz+WTHwWwk8e4
---- SvmVSwUpZDgmaNY4q1XWPtKNDoqTl8uUE7q03Iq6zGg
-��+�ԇ�a.L`F2��^1[���.�
-�<d8=�2m����oBrtj!�8���9
-�NJ�o��
\ No newline at end of file
+-> piv-p256 ItIHHA A6Y0N+GJ3kKvlCWJyd8J574DU8uD8E3IGA4yxWDzwgL4
+6cM7sALDVOlRYb/a4l2D3TwRrGpoFvQ45bJmjerEULw
+-> piv-p256 cUinNw A5R9wV/vR4SjL4z3jEU7qNz9n1zZ8HBblILLCjbaFqlR
+Xx3Ae467hFWARw83IQxMb0szaFb0Z88Wk1NhkxNpMxc
+-> ssh-ed25519 EboMJg TusbIRd10Ftl14eAnMiFp9VUGx/2wTVZlluGU2/R9nU
+EW2gNhcYv9BOGj7zoyKJlUdDyGW+Ztsq1YxfEhQP2TI
+-> ssh-ed25519 5bXRbA WlTgHvbSV/u0/T9GRF4vp2JXj8qcU2eOBicNmclQr38
+8ApSq/dZeQWPA8sq0m1Nad0HSwGHS4DjgHUcUjSdMj8
+--- 0b3OZidMpE2Sx/WXsO38vlrLGhdMUKyZdJLDHNkOYS4
+s��hTR�Y����!2&��/9�(��vr�����|�s��s�|�'p^iR�X_~I2�g���?�
\ No newline at end of file
secrets/rhea/exportarr-sonarr-apikey.age
@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AlU74xtBeBJc6ZEXkdH2JRLiE+QrhsKUME6Yd6j+BFF1
-8MtlLVmbZUxaEVPtayemPkrP463Z2NgGq/6D6XEkq6g
--> piv-p256 cUinNw Aw8ANmWeLCizqVUL5T1ulOzn4HztxhfGS14kD1OlgZWz
-iJDx/tRuWfZ5sCZ6PCqeIIhNwilpAEVlT1C6xY0naW4
--> ssh-ed25519 EboMJg o0iKTjgQ4mrcWA9T2Bp3nmNnVXkgg6IJEmyLkEh6F00
-t6ka2EzQXYz+uevYua+YCo6+c1ni10nwBXHIzRSukOM
--> ssh-ed25519 5bXRbA z6PWDzkJnXVJjge0HVS49AuDPLTlW3hXYxI0TItZgn4
-xZ9rfGnSo3wt1oiWzsdFCGMvIuZLNedmPwg6R5XPcSo
---- Jt2ctG/605Kl0ye57IejRfy/eBZVFREI/VjG3vBZU1o
-�PwU;��Xi}�g}��0�k�j�\�F/gHߪu��y��H���`UmG�q�ߺ�i��zX���
\ No newline at end of file
+-> piv-p256 ItIHHA AgzIKLY2SYMQpXWhG8LQyzt0ddmbeQambzh6LilVgp+t
+2VO90GN9d143mO/1eoQHVuGuItHotAg6NltpQBYYNds
+-> piv-p256 cUinNw AtVJi3ZNdowGvgshouQ3BQ0BcWC6IFk/2tO1o6cmWFYL
+fk5BohNoBlXqqlpIZHJwpRolIumnhH+oyveUrLY0wSY
+-> ssh-ed25519 EboMJg Dny2PrO4493ItoUiPtVPW7g4OJEg0eKODhIN7LdxFlQ
+YEDXvFvhj9PdxXcYgTzoa/H3AW1kBotarDbQXMHdKFo
+-> ssh-ed25519 5bXRbA NEwNHzbKuQdADI5rsQPVtmU5pIK+FusGihmjPL6O3Fk
+sCRHrcy/oC0jNsb5N3nNIUewcqVYNWKPcKUT/KAGGh0
+--- /rut1CBaRxF74rfeP/cLVeRA9wwU9HCG2WnWEwQ03ko
+`���nګ�5�M��*?���p�7�F4O?�e�������n��zd��e�#U�r�4օARʬ�
\ No newline at end of file
secrets/rhea/gandi.env.age
Binary file
secrets/rhea/jellyfin-auto-collections-api-key.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA Az7CKsfrcLa904m4QF3Nhbbq/UYEsofmXCDYZr2/589H
-sxXBlM/1iL5Qzsjg5EX9HWAyeYVNJlebRYjbP53uNiI
--> piv-p256 cUinNw AjNBeqm6e5D8hPOQdxIo2C+3cpUmhGTQGN9DHB2qgEu1
-AkSEsilK76foamFXzSxpqhu4Q8KJVYIRp4HUCVtEOI4
--> ssh-ed25519 EboMJg nE/SkHbL8hhKF6Qm92+HyofYSC0YyTegxBVmptdmJEA
-GqURHBBb3UZA+FKcQ3fBIWEd9g4NmfX6zJdpgwoarHk
---- 63qs/D9bUSoC+Uob7nnf35JjWI+EKhQSB5dmaNU90Z0
-��J.G����XWߦ���`!�N
dm/w����,2��3��9��n�K�����g��+�
\ No newline at end of file
+-> piv-p256 ItIHHA AwyTIXbe84VMrd7miyZoX669AbuOLpvYwNPI291YYzZ7
+7sgf4f75W5JDTdCgkFnk+1Db+/gJCGqFzlemSABrVZs
+-> piv-p256 cUinNw A+a+bJNyRlJAAnJznxMvpCHdx/r/tp0XrkNTmmGelLx3
+JzOJrEXk6uvPgpN4QlrEtLBuCoQsRbRUbQpOxRPkGBQ
+-> ssh-ed25519 EboMJg qH9AtEKkBI+ZtCKU2ZEuyd7P8OuMe4G/kp/NNh2plkw
+nMLRi1LTfmEruXtpnvb0o5k9G0ngtOaz3taCv5DUXCw
+--- ZaBxAYRJOfhZwwLuKwTHVkEYfElfevEG1y7adPx9FgE
+ǣ3
���!Z����Y�ؿ�����Y��	K�n�J!>�ӡ#ڸ*��?�[49�<(�,
\ No newline at end of file
secrets/rhea/jellyfin-auto-collections-jellyseerr-password.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AvsrbomeEOnHdu669SMjxGKhtg+/ZVOortiiHrgwCq6a
-4guHxc3IAN4+XpbJqWYLoDRRcEO6kZFN5HitozwW2TQ
--> piv-p256 cUinNw A/juimRM48eyw4MH3waYt00Q8JDqNpZaEqOU204WLtKg
-CBt16Jj0BAzKBdmwckAyPNYSwlNZ3S7EvYPm/htJSkg
--> ssh-ed25519 EboMJg 7oVwK+kRPVrrjXRwzvXrxVYYd+tamFb9QyIRimmM3Tc
-n917DKEaTXTWQAj9C0loIYEONrB2utsNbzf4kTMua00
---- NT2GEuu+CHbLHYeQf7E2dAhusKPxXFqc/SXHcYVzO+k
-�Ge��B�*��N�5�̻.���˺B��'"���T����h�0�`��
\ No newline at end of file
+-> piv-p256 ItIHHA Ak6gLECpZ+hKOoWY14+QQyLmIdijeCsmz+IzFF+6MQoT
+qpePm+bsLrrlYVpmD0ix0yiPPlSZ16iU/wdP6B16nOg
+-> piv-p256 cUinNw AoF6oRS9Z11JGRc7nZ57lpH6bY1atl84c/TS4JxoEr5Y
+K9ibqZzJJtSFnLpRyEwKb24u54VkhifeDS1a0oFHk/8
+-> ssh-ed25519 EboMJg Q2i0Q070VH3gZeGDP487/aTh4ImX+v8mRS0HewE4qSM
+QSaQJ4ipEWYgBgyqK5kQfS0iKTt4u88hTDFVnEqLZ4o
+--- V+D/KTSOkyqzgXcaSA2JCb/37ojANnBE2FXaScUfHcc
+��*�z
+}"�D1݈*������2	��)�x��p�Tr�2�ztLR#+s�
\ No newline at end of file
secrets/rhea/jellyfin-favorites-sync-api-key.age
Binary file
secrets/rhea/jellyfin-favorites-sync-ssh-key.age
Binary file
secrets/rhea/restic-aix-password.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AnqIpnupAv5jEkRahT23IIH2aQQmF4kn3BHHuiyRYEI1
-DGT2SrXEcBignIO8zBKdqId4eJwdLbTxqRaDHVpJdBU
--> piv-p256 cUinNw AgbyRxYxCf2hYhMZKbVojhBsNd0CTy8Ym0otdeIg4Xpy
-eFB/Fw9gnJjYL9AcrJtZd99nAa+W/sr91CmsOyiGoyk
--> ssh-ed25519 EboMJg btuwkJS0I8H62I/Qw3Yk5Q5JSxE2++ngPhJOP4vZAFY
-p9dqJY/sCjRPoCjeZpyqVa29SvMTzA4cCuOL0KUdx5M
---- TL4TMwygJ1GnWPc9u9OlzDO9Y/qvXpqyGKwN8xVceC4
-��=l���.����Ӫ^ઙ��
jБL�JTk��B9���2A�� ���7����=hy��Q��;Z�
\ No newline at end of file
+-> piv-p256 ItIHHA Amed40jA14qK5T4Ag2rspusHDRhDGX5b/4X4CpMLZpnE
+u2i0bvE1WunmKlaaLNn54aE2+3Htc+/md3yVjBVBVGA
+-> piv-p256 cUinNw Av3bSOExaGNJh5llTtpjoMCQD/n6C/rz3+MSWDLQxO9g
+qeae/nHAmW4Vc5rSB7vToDjknugKmqnK+LALMMi47h8
+-> ssh-ed25519 EboMJg YFMsrOrdqNwLiwqxUan75TUrXHhSibkKU/yBRhETLG0
+I1SM32xbrAx1yP/PwqaWdQf2TKZ6Fg2TQ1IFnpg5h10
+--- +jSkApUQhevFNs1aayOnkq0euOBq5IitnMMDteouqnA
+�9ZX
+�.���d~WN/SuY����~o�[�)}&J0��~8i؁���d�3",�7���K�SC��}��l2��
\ No newline at end of file
secrets/rhea/webdav-password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA Awxr2DD0FY9xWpTzfRBWgHqgvihK+B30EaMuNINxKA0r
-QF1U9sRJszLj5SA2YtRRwBif4G5vQznxMo11+Vmrqt0
--> piv-p256 cUinNw AmGlQG+VDt3Er9WiOJYQxq9PGRtKS9Bk1jVRdXTPjlMm
-0Jq3Qz+/GgaBUAQ3vYLsColGQ6f4/ugg+SSXLm5UK98
--> ssh-ed25519 EboMJg dES60XODVR6ehDjhCIg+JxH6yACWMJR5H4hDWAjmMDk
-T80ujorezEsqZZO6wcun3/xUR//vr3e8kNigSeOH1cY
---- rpeMgw+giG3QdwW/JLuQDuIrYFolc1+1eMpkd7nCGio
-u*�:b�4�D�22��ll��𦎌��5�D"JE�e�����X���<�(���q(�q�[R[���թ]��mҾñy�b�l�B��u���.%�m�"r���i�<���po0�7E�
\ No newline at end of file
+-> piv-p256 ItIHHA A6ldjRcGvpojI1lM6skt5AAcB2c8ZFwPejWLlrPeA85y
+chgolmmkS7fcHHaH2WJagrtwUFeTEHBUZ/f6lfOR8kk
+-> piv-p256 cUinNw Awc1mqhDJC2VdgXYR0JOe4iqtSc354+5WhPwRdONGjLj
+cMRxkCPnQyJtFBlxUJH1CSXU8wRWGjtqmTFXI/ioWx4
+-> ssh-ed25519 EboMJg /RdQ0VwJBDrYRRi/4JeYgYDugkpWgLkjRP7K+cdXaCc
+wKqEyT0XiwPhLO3g4ev5d7qGEUnFfDkP2VuLyxkPFp4
+--- qiswcjUK3P89ciiTspSBZCJr/03SPplvE2EhGBTS7yU
+���Ο8�"����7*�2�u��#��),�[H}�l�� O�|Jրf���;�x�,��z܍,zk�>.�rAi�g�>��<N���7e���$����T�n�l�"�~k�D�0�g�;
\ No newline at end of file
secrets/sakhalin/grafana-admin-password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AhwJ5h/uq1iI35hJUDq3Xx6GRf57lygZYXX8QbCazjXT
-G2w83e8E/zmVjGRL31URuXjztjGHC+uz4yH4Nc4VovA
--> piv-p256 cUinNw Al5CKe4yu8bWqrhEArfWhQquGuAmViXBai6RO2L7Kep8
-Fo89sH/GR9SCqC7sVCcVDeTsGzvAZVXUpnVb43a/1uo
--> ssh-ed25519 /TxA1A BZcywYzoMlJZEF7WDnwchf/VVZjZ068PRW6mNI/mN18
-+xNvg1AhesUW9C8qOdD/GaxzQO5m3PYmDPncP8xu3SA
---- djyBGFGaxI/idU51ajO9ACv/Ol0+EugNSybhHIX5FvI
-�D{����y�?_�I�bac5�A���w@]�o�쁹����Ѹ�+X��
\ No newline at end of file
+-> piv-p256 ItIHHA A6Lo1JYgSA7xKc9aEd6gXRf+xghBKLQH0G/SblI4o5Ly
+8/NWGC3/WGhhkVcCc8NkkuPwsxhJUf997FmDMLvesg8
+-> piv-p256 cUinNw Ag+HFOBy2wxh47EjpfWdH4IdL9UMXb/XAxQLeuD/j7qS
+NQo525TBTDnMnrSzI5r4qV8Lu7GUUIe6Zy8V86EeVaE
+-> ssh-ed25519 /TxA1A yT+t7uUFuxuKFGpot91tE2obeOlnI/AtHnxkJVvAOAQ
+dvwVuhMqnZijbBYIr4f/OTjNSUuBqs89mnrAvtTOxmQ
+--- lF/Onxgihs2QKfSAjaR55SnMl/SlPBz5uFhdBiM0BQc
+OpGv8�"���A�]��T�����Т=�����IU��<I��=�
\ No newline at end of file
secrets/sakhalin/grafana-secret-key.age
@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AmSE7Cy9POkNkvdYi3yxe/AvbpubXbS8wIrcsV7g9Xwy
-SRdRH073hXGzJuoJ4uLS3uJNG+JSCfhU+4xjWwJNl1w
--> piv-p256 cUinNw AjYwxCfYygZyIhxI3zAp4cmzDl0dCqOH/WoUW5hSQatS
-1KqKhWEEHIjqBp/z+5HOifyVJ7W5/nqMNFLxbZDjoUg
--> ssh-ed25519 /TxA1A P6VJOmJaqurtrbBNajTwKnzemm1TbYvXxVuauuKZZEs
-TkmMtSVOYDPk8E7Zib5yEumu3w0Ts88W3Hh9qeOG0Vw
---- UvVT8vrdW5vlXBPOWtplUeXq3POctnM80JSPB62cnXU
-�3��v<)��-Q��ô-.7�m䅠�O\W�ފa�5�r� ���w<��!!ԩy����[�<1�:�
-�Y[�V��g�������e`�'V��ʻ
\ No newline at end of file
+-> piv-p256 ItIHHA An5bEGWntbL9Ov3ZxPz69OUH64u+hzau50urApxmX8t2
+HD4ernxm/woaKwmrk2sON/JMIPxV+yV1wezSLkP3b74
+-> piv-p256 cUinNw A71n810CCnhqTBCF0+Kqu+AU80OWAZMnIcQKMGnjduuc
+OQzeQK/MwKiS2BmHBcTTCyXVKgw/QqchTZefuenR3lQ
+-> ssh-ed25519 /TxA1A 95/5+KbFsJ9w8noOVTObkfVC7aYA0pnCEv2lTKMXSk8
+YrxQP+Ymzx1yQ66gXfMqvrV1ITeWlTjs0/M9JytZYRo
+--- 4eE9ueSvIGr7b2gmWn822QDePtRAD2t3xyIS0yt25PY
+�����GZs����.3B�d����!W�}h\���@�=N:��
+�k�0dp�֎ng}j��:[�������-X����>��g�a�.#.����>'
\ No newline at end of file
secrets/sakhalin/homeassistant-prometheus-token.age
Binary file
secrets/sakhalin/ntfy-token.age
Binary file
secrets/sakhalin/searxng-secret-key.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA Apms4uiQ6Tg2wE/owEGFHfCW8PpZeBVDQ/nzLVwsQ50r
-WDBaeYuiq1UMQsimDsdrMscQbJogZShcL+jFRxonC2w
--> piv-p256 cUinNw AjoNvxZMYx799vasyL1TutgrnKCj3EKgy5XKWn6axxuS
-swMXSk9r3t84mcmEgODcshXLaIqb87fqdlR3s8zHZqY
--> ssh-ed25519 /TxA1A U12L4epyzAfoo0nLN5TJc2Cwl9D/3RwV98AlqvjlVmA
-Cgum5CNSCPV8HAnltM4vOJ8VbAMpJjvKnH+E5v+2dyA
---- v5tLfr2ts40InZEcpwHXl7Qm3Hetup8CAVoRGZ4iIJA
-��}�̶/.�-y�_�b�JPh�8���z��CC�C30���vO���|����-@���J&�'v�*����B�wi}�x���k2�%�)��^s&?FsBs�0�\E>e=F�
\ No newline at end of file
+-> piv-p256 ItIHHA A95ewyKMDtIILTdqt78OUP37w0TiEgwdm5xYsBjZOOOt
+fMST7Xi9RRVJVmO7gi5iXYRm+LVD10/mc1KSuFUbteo
+-> piv-p256 cUinNw A4/Qaspq27iaCBeJuzLhYswRb2sxvkHYjv0r7xePsTqX
+U/brYN8RmOCxD4zeYpU0Myhky2bUP6D5APci+K2zkD0
+-> ssh-ed25519 /TxA1A Mqgpodp3vyQx5Gr85A7LGy62MZj9+4FLf2Zm8IlXYyI
+qyy2EKkCfrC7l0qEmGN2Ljb/WubsgSBNeg9sUUQnKPw
+--- 94vHzOsJBGrVV+QQ+AF76LRHO1jLWxfItyV2BP0ipa8
+�+.���F� ��%��[��Wښ_���X��1�6bh�v�F�7~u�/5�|PA����1���IT�Ң�;�NH�����	p�M�PS��u�!W� B��=u.( K)��埇S��
\ No newline at end of file
secrets/shikoku/aria2rpcsecret.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A0TQBn+ovQekJulE1nyoUibZ5PdWD/Oon9dtyhE9i64e
-QjOogxzkHQIlOppj6yaUA8c4HBKZd7vN1GlFH5LIEIA
--> piv-p256 cUinNw AnaTe/KH5RPYFgIkr7btMtoAyDX4CJQNaA5DtilfBcNF
-OUCMDCVLOSDpGUiTUSiKuVARGrloR24vy8KNOjHKm8Y
--> ssh-ed25519 WaDo1g Q4svqBrqEi5rq72gy8pb7KpHoLYLoX3+XFvLpmIgTnc
-Zu7VJWVX1ThSwlPxmwSNgTDue0eoBscco871VqHETFg
---- TK81yVHc+9KmxPxOTmDVRM+LAE3AuZqm4MDHMER3Yts
-ػ��o��fyhTX��P1%���w�4�5ф��3��.�-�	
\ No newline at end of file
+-> piv-p256 ItIHHA AtiEqDb2UrLkT/o0RKF7IbvxplfA3geW4tDkUx8NIHPL
+4HYz8k7IKofbonQbwWYy+2py/A6da0NFc+PjXV60fLo
+-> piv-p256 cUinNw A6uhyglj+NmvY8VPtp/L1aoSu0TFfNquS6uO4T0DUVpY
+0IQYjHnoqSeP4DFsT5iY4OQFgEZU5+MjNdCgJ2YddFo
+-> ssh-ed25519 WaDo1g 4O5dXkegglmIGWJ+QnzN6UnbCkeA2LLXgntlZgeT7x8
+NMZRb7x+5gJmLaVwNQ4puZZzdNYzz22YFrAIAnZ/2nw
+--- 4pWYzTpnHNIJSmrDxofm7UDnSl4KGnGHtP4cF/SloMM
+��
��[��v�y��`-~~�ء���Lz�dT�*����
\ No newline at end of file
secrets/minica.pem.age
Binary file
systems/carthage/extra.nix
@@ -396,14 +396,20 @@ in
   security.tpm2.enable = lib.mkForce false;
 
   # Override common SSH config to restrict to VPN network only
+  # TODO: After WireGuard is set up, remove "0.0.0.0" listenAddress and
+  #       set openFirewall back to lib.mkForce false
   services.openssh = {
     listenAddresses = [
       {
         addr = builtins.head globals.machines.carthage.net.vpn.ips;
         port = 22;
       }
+      {
+        addr = "0.0.0.0"; # Temporary: bootstrap access before WireGuard is up
+        port = 22;
+      }
     ];
-    openFirewall = lib.mkForce false;
+    # openFirewall = lib.mkForce false;
   };
 
   services.wireguard.server = {
globals.nix
@@ -333,7 +333,7 @@ _: {
     carthage = {
       net = {
         vpn = {
-          pubkey = "PLACEHOLDER_UNTIL_WG_KEYGEN";
+          pubkey = "PQD1dtxhy9NMbmfy2OQPeLiQg0Alcfa1Mo4HVN5WqgA=";
           ips = [ "10.100.0.1" ]; # Takes over kerkouane's VPN server role
         };
         names = [
@@ -342,7 +342,7 @@ _: {
         ];
       };
       ssh = {
-        hostKey = "PLACEHOLDER_UNTIL_INSTALL";
+        hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDurbEy1PiidOirbiPXz84ySdv3rwosPTAlCqacc73a";
       };
       # syncthing = {
       #   id = "PLACEHOLDER_UNTIL_INSTALL";
Makefile
@@ -50,6 +50,15 @@ host/kerkouane/boot:
 host/kerkouane/switch:
 	nixos-rebuild --target-host root@kerkouane.vpn --flake .#kerkouane switch
 
+# TODO: Remove IP override once DNS/VPN points to carthage
+.PHONY: host/carthage/boot
+host/carthage/boot:
+	NIX_SSHOPTS="-o IdentitiesOnly=yes -i $(HOME)/.ssh/kyushu" nixos-rebuild --target-host root@46.224.100.116 --flake .#carthage boot
+
+.PHONY: host/carthage/switch
+host/carthage/switch:
+	NIX_SSHOPTS="-o IdentitiesOnly=yes -i $(HOME)/.ssh/kyushu" nixos-rebuild --target-host root@46.224.100.116 --flake .#carthage switch
+
 ##@ Local System Operations
 
 .PHONY: boot
secrets.nix
@@ -21,8 +21,7 @@ let
   aix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoUicDySCGETPAgmI0P3UrgZEXXw3zNsyCIylUP0bML"; # ssh-keyscan -q -t ed25519 aix.sbr.pm
   nagoya = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfep1SkMsAPHggXFLfEJNzZb7eoihtkqDeQruG+TbhF";
   okinawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8vCZ0h6geJZt6i5k6chEDZBggoyq91Z+oNSjvVeSfW"; # From globals.nix
-  # TODO: carthage — add ssh-ed25519 host key after nixos-anywhere install
-  # carthage = "ssh-ed25519 PLACEHOLDER"; # ssh-keyscan -q -t ed25519 carthage.sbr.pm
+  carthage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDurbEy1PiidOirbiPXz84ySdv3rwosPTAlCqacc73a"; # ssh-keyscan -q -t ed25519 carthage.sbr.pm
   desktops = [
     kyushu
     okinawa
@@ -32,6 +31,7 @@ let
     aix
     aomi
     athena
+    carthage
     demeter
     kerkouane
     nagoya
@@ -156,6 +156,7 @@ in
     okinawa
     rhea
     kerkouane
+    carthage
   ];
   "secrets/sakhalin/homeassistant-prometheus-token.age".publicKeys = users ++ [ sakhalin ];
   "secrets/demeter/mosquitto-homeassistant-password.age".publicKeys = users ++ [ demeter ];