summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-01-30 12:20:23 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-01-30 12:20:23 +0100
commitcfc871cce6aefaa0ff64619780a807cba761c6b2 (patch)
tree965e8276ed36f11698b6c7d6eadab9f88d5f97c5
parentaa54fe89b98d354d21141c589332ce7950ef2e59 (diff)
downloadnixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.gz
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.bz2
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.xz
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.zip
...
-rw-r--r--.sops.yaml39
-rw-r--r--flake.lock113
-rw-r--r--flake.nix28
-rw-r--r--hosts/sif/gkleen-rclone.yaml34
-rw-r--r--hosts/sif/mail/secrets.yaml34
-rw-r--r--hosts/sif/wgrz/privkey16
-rw-r--r--hosts/surtr/bifrost/surtr.priv16
-rw-r--r--hosts/surtr/dns/default.nix12
-rw-r--r--hosts/surtr/dns/keys/141.li_acme (renamed from hosts/surtr/dns/keys/141.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme (renamed from hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/bouncy.email_acme (renamed from hosts/surtr/dns/keys/bouncy.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/dirty-haskell.org_acme (renamed from hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/element.synapse.li_acme (renamed from hosts/surtr/dns/keys/element.synapse.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/etesync.yggdrasil.li_acme (renamed from hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/imap.bouncy.email_acme (renamed from hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/imap.kleen.consulting_acme (renamed from hosts/surtr/dns/keys/imap.kleen.consulting_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/kleen.consulting_acme (renamed from hosts/surtr/dns/keys/kleen.consulting_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/kleen.li_acme (renamed from hosts/surtr/dns/keys/kleen.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/knot_local (renamed from hosts/surtr/dns/keys/knot_local.yaml)16
-rw-r--r--hosts/surtr/dns/keys/mailin.bouncy.email_acme (renamed from hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/mailin.kleen.consulting_acme (renamed from hosts/surtr/dns/keys/mailin.kleen.consulting_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/mailsub.bouncy.email_acme (renamed from hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/mailsub.kleen.consulting_acme (renamed from hosts/surtr/dns/keys/mailsub.kleen.consulting_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/mta-sts.bouncy.email_acme (renamed from hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/mta-sts.kleen.consulting_acme (renamed from hosts/surtr/dns/keys/mta-sts.kleen.consulting_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/nights.email_acme (renamed from hosts/surtr/dns/keys/nights.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/praseodym.org_acme (renamed from hosts/surtr/dns/keys/praseodym.org_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/rheperire.org_acme (renamed from hosts/surtr/dns/keys/rheperire.org_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/spm.bouncy.email_acme (renamed from hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/surtr.yggdrasil.li_acme (renamed from hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/synapse.li_acme (renamed from hosts/surtr/dns/keys/synapse.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/turn.synapse.li_acme (renamed from hosts/surtr/dns/keys/turn.synapse.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/webdav.141.li_acme (renamed from hosts/surtr/dns/keys/webdav.141.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/xmpp.li_acme (renamed from hosts/surtr/dns/keys/xmpp.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/yggdrasil.li_acme (renamed from hosts/surtr/dns/keys/yggdrasil.li_acme.yaml)16
-rw-r--r--hosts/surtr/dns/keys/ymir_acme (renamed from hosts/surtr/dns/keys/ymir_acme.yaml)16
-rw-r--r--hosts/surtr/email/ca/gkleen@sif.key9
-rw-r--r--hosts/surtr/email/default.nix22
-rw-r--r--hosts/surtr/email/spm-keys.json16
-rw-r--r--hosts/surtr/etebase/default.nix14
-rw-r--r--hosts/surtr/etebase/secret.txt16
-rw-r--r--hosts/surtr/http/webdav/default.nix8
-rw-r--r--hosts/surtr/matrix/coturn-auth-secret16
-rw-r--r--hosts/surtr/matrix/coturn-auth-secret.yaml26
-rw-r--r--hosts/surtr/matrix/coturn-auth-secret_yaml26
-rw-r--r--hosts/surtr/matrix/default.nix26
-rw-r--r--hosts/surtr/matrix/registration.yaml26
-rw-r--r--hosts/surtr/matrix/registration_yaml26
-rw-r--r--hosts/surtr/postgresql/pgbackrest.key16
-rw-r--r--hosts/surtr/prometheus/tls.key16
-rw-r--r--hosts/surtr/tls/default.nix155
-rw-r--r--hosts/surtr/tls/tsig_keys/141.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/app.etesync.yggdrasil.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/bouncy.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/dirty-haskell.org16
-rw-r--r--hosts/surtr/tls/tsig_keys/element.synapse.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/etesync.yggdrasil.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/imap.bouncy.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/imap.kleen.consulting16
-rw-r--r--hosts/surtr/tls/tsig_keys/kleen.consulting16
-rw-r--r--hosts/surtr/tls/tsig_keys/kleen.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/mailin.bouncy.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/mailin.kleen.consulting16
-rw-r--r--hosts/surtr/tls/tsig_keys/mailsub.bouncy.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/mailsub.kleen.consulting16
-rw-r--r--hosts/surtr/tls/tsig_keys/mta-sts.bouncy.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/mta-sts.kleen.consulting16
-rw-r--r--hosts/surtr/tls/tsig_keys/nights.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/praseodym.org16
-rw-r--r--hosts/surtr/tls/tsig_keys/rheperire.org16
-rw-r--r--hosts/surtr/tls/tsig_keys/spm.bouncy.email16
-rw-r--r--hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/synapse.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/turn.synapse.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/webdav.141.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/xmpp.li16
-rw-r--r--hosts/surtr/tls/tsig_keys/yggdrasil.li16
-rw-r--r--hosts/surtr/vpn/sif.priv16
-rw-r--r--hosts/surtr/vpn/surtr.priv16
-rw-r--r--hosts/surtr/zfs.nix7
-rw-r--r--hosts/vidhar/borg/append.borgbase16
-rw-r--r--hosts/vidhar/borg/jotnar/surtr16
-rw-r--r--hosts/vidhar/borg/yggdrasil.borgkey16
-rw-r--r--hosts/vidhar/dns/keys/local_yaml (renamed from hosts/vidhar/dns/keys/local.yaml)16
-rw-r--r--hosts/vidhar/grafana-admin-password16
-rw-r--r--hosts/vidhar/grafana-secret-key16
-rw-r--r--hosts/vidhar/network/bifrost/vidhar.priv16
-rw-r--r--hosts/vidhar/network/dhcp/knot-tsig.json.frag16
-rw-r--r--hosts/vidhar/network/pap-secrets16
-rw-r--r--hosts/vidhar/pgbackrest/tls.key16
-rw-r--r--hosts/vidhar/prometheus/tls.key16
-rw-r--r--hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil16
-rw-r--r--hosts/vidhar/selfsigned.key16
-rw-r--r--hosts/vidhar/zfs.nix7
-rw-r--r--modules/yggdrasil-wg/hosts/4/sif.priv16
-rw-r--r--modules/yggdrasil-wg/hosts/4/surtr.priv16
-rw-r--r--modules/yggdrasil-wg/hosts/4/vidhar.priv16
-rw-r--r--modules/yggdrasil-wg/hosts/6/sif.priv16
-rw-r--r--modules/yggdrasil-wg/hosts/6/surtr.priv16
-rw-r--r--modules/yggdrasil-wg/hosts/6/vidhar.priv16
-rw-r--r--modules/yggdrasil/hosts/sif/private-keys.yaml39
-rw-r--r--shell.nix5
-rw-r--r--system-profiles/build-server/clients/sif/private16
-rw-r--r--system-profiles/core.nix4
-rw-r--r--system-profiles/initrd-ssh/host-keys/vidhar-private.yaml34
-rw-r--r--system-profiles/openssh/host-keys/sif.yaml39
-rw-r--r--system-profiles/openssh/host-keys/surtr.yaml34
-rw-r--r--system-profiles/openssh/host-keys/vidhar.yaml34
-rw-r--r--system-profiles/openssh/host-moduli/sif16
-rw-r--r--system-profiles/openssh/host-moduli/surtr16
-rw-r--r--system-profiles/openssh/host-moduli/vidhar16
-rw-r--r--system-profiles/rebuild-machines/ssh/sif/private16
-rw-r--r--system-profiles/rebuild-machines/ssh/surtr/private16
-rw-r--r--system-profiles/rebuild-machines/ssh/vidhar/private16
-rw-r--r--tools/.keep0
-rw-r--r--tools/ca/ca/__main__.py667
-rw-r--r--tools/ca/default.nix25
-rw-r--r--tools/ca/setup.py10
-rw-r--r--tools/sops-inventory/default.nix19
-rw-r--r--tools/sops-inventory/setup.py11
-rw-r--r--tools/sops-inventory/sops_inventory/__init__.py0
-rw-r--r--tools/sops-inventory/sops_inventory/__main__.py85
-rw-r--r--tools/tai64dec/default.nix18
-rw-r--r--tools/tai64dec/setup.py10
-rw-r--r--tools/tai64dec/tai64dec/__main__.py46
-rw-r--r--user-profiles/utils.nix6
126 files changed, 1231 insertions, 1891 deletions
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 00000000..268904a1
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,39 @@
1keys:
2 - &admin_gkleen 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
3 - &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
4 - &machine_sif age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d # F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
5 - &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l # A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
6
7creation_rules:
8 - path_regex: ^hosts/surtr/vpn/surtr\.priv$
9 key_groups:
10 - age: [ *machine_surtr ]
11 pgp: [ *admin_gkleen ]
12 - path_regex: ^hosts/surtr/vpn/sif\.priv$
13 key_groups:
14 - age: [ *machine_sif ]
15 pgp: [ *admin_gkleen ]
16 - path_regex: ^hosts/surtr/email/ca/[^/]+.*$
17 key_groups:
18 - pgp: [ *admin_gkleen ]
19 - path_regex: ^hosts/surtr/vpn/[^/]+.*$
20 - path_regex: ^(.*/)?surtr(-private)?(/.+|\..+)?$
21 key_groups:
22 - age: [ *machine_surtr ]
23 pgp: [ *admin_gkleen ]
24 - path_regex: ^hosts/vidhar/borg/jotnar/ymir$
25 key_groups:
26 - pgp: [ *admin_gkleen ]
27 - path_regex: ^hosts/vidhar/borg/jotnar/[^/]+.*$
28 - path_regex: ^hosts/vidhar/(prometheus|pgbackrest)/ca/[^/]+.*$
29 key_groups:
30 - pgp: [ *admin_gkleen ]
31 - path_regex: ^(.*/)?vidhar(-private)?(/.+|\..+)?$
32 key_groups:
33 - age: [ *machine_vidhar ]
34 pgp: [ *admin_gkleen ]
35 - path_regex: ^(.*/)?sif(-private)?(/.+|\..+)?$
36 key_groups:
37 - age: [ *machine_sif ]
38 pgp: [ *admin_gkleen ]
39
diff --git a/flake.lock b/flake.lock
index a120770d..76b91fd8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,33 @@
1{ 1{
2 "nodes": { 2 "nodes": {
3 "ca-util": {
4 "inputs": {
5 "leapseconds": "leapseconds",
6 "mach-nix": [
7 "mach-nix"
8 ],
9 "nixpkgs": [
10 "nixpkgs"
11 ],
12 "pypi-deps-db": [
13 "pypi-deps-db"
14 ]
15 },
16 "locked": {
17 "lastModified": 1674031436,
18 "narHash": "sha256-4+vtkiFvRbs9NEmdQGHJaYpFrH8AbzBYH4U8XU3peMk=",
19 "owner": "gkleen",
20 "repo": "ca",
21 "rev": "2b4abef8f9d02de60be4bcfdfe8be8e5b15127aa",
22 "type": "gitlab"
23 },
24 "original": {
25 "owner": "gkleen",
26 "ref": "v2.0.1",
27 "repo": "ca",
28 "type": "gitlab"
29 }
30 },
3 "deploy-rs": { 31 "deploy-rs": {
4 "inputs": { 32 "inputs": {
5 "flake-compat": [ 33 "flake-compat": [
@@ -8,7 +36,9 @@
8 "nixpkgs": [ 36 "nixpkgs": [
9 "nixpkgs" 37 "nixpkgs"
10 ], 38 ],
11 "utils": "utils" 39 "utils": [
40 "flake-utils"
41 ]
12 }, 42 },
13 "locked": { 43 "locked": {
14 "lastModified": 1672327199, 44 "lastModified": 1672327199,
@@ -44,21 +74,6 @@
44 }, 74 },
45 "flake-utils": { 75 "flake-utils": {
46 "locked": { 76 "locked": {
47 "lastModified": 1642700792,
48 "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
49 "owner": "numtide",
50 "repo": "flake-utils",
51 "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
52 "type": "github"
53 },
54 "original": {
55 "owner": "numtide",
56 "repo": "flake-utils",
57 "type": "github"
58 }
59 },
60 "flake-utils_2": {
61 "locked": {
62 "lastModified": 1667395993, 77 "lastModified": 1667395993,
63 "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", 78 "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
64 "owner": "numtide", 79 "owner": "numtide",
@@ -68,6 +83,7 @@
68 }, 83 },
69 "original": { 84 "original": {
70 "owner": "numtide", 85 "owner": "numtide",
86 "ref": "master",
71 "repo": "flake-utils", 87 "repo": "flake-utils",
72 "type": "github" 88 "type": "github"
73 } 89 }
@@ -77,7 +93,9 @@
77 "nixpkgs": [ 93 "nixpkgs": [
78 "nixpkgs" 94 "nixpkgs"
79 ], 95 ],
80 "utils": "utils_2" 96 "utils": [
97 "flake-utils"
98 ]
81 }, 99 },
82 "locked": { 100 "locked": {
83 "lastModified": 1673654363, 101 "lastModified": 1673654363,
@@ -108,7 +126,9 @@
108 }, 126 },
109 "mach-nix": { 127 "mach-nix": {
110 "inputs": { 128 "inputs": {
111 "flake-utils": "flake-utils", 129 "flake-utils": [
130 "flake-utils"
131 ],
112 "nixpkgs": [ 132 "nixpkgs": [
113 "nixpkgs" 133 "nixpkgs"
114 ], 134 ],
@@ -184,28 +204,14 @@
184 "type": "github" 204 "type": "github"
185 } 205 }
186 }, 206 },
187 "nixpkgs-stable_2": {
188 "locked": {
189 "lastModified": 1673100377,
190 "narHash": "sha256-mT76pTd0YFxT6CwtPhDgHJhuIgLY+ZLSMiQpBufwMG4=",
191 "owner": "NixOS",
192 "repo": "nixpkgs",
193 "rev": "9f11a2df77cb945c115ae2a65f53f38121597d73",
194 "type": "github"
195 },
196 "original": {
197 "owner": "NixOS",
198 "ref": "release-22.11",
199 "repo": "nixpkgs",
200 "type": "github"
201 }
202 },
203 "nvfetcher": { 207 "nvfetcher": {
204 "inputs": { 208 "inputs": {
205 "flake-compat": [ 209 "flake-compat": [
206 "flake-compat" 210 "flake-compat"
207 ], 211 ],
208 "flake-utils": "flake-utils_2", 212 "flake-utils": [
213 "flake-utils"
214 ],
209 "nixpkgs": [ 215 "nixpkgs": [
210 "nixpkgs" 216 "nixpkgs"
211 ] 217 ]
@@ -243,10 +249,11 @@
243 }, 249 },
244 "root": { 250 "root": {
245 "inputs": { 251 "inputs": {
252 "ca-util": "ca-util",
246 "deploy-rs": "deploy-rs", 253 "deploy-rs": "deploy-rs",
247 "flake-compat": "flake-compat", 254 "flake-compat": "flake-compat",
255 "flake-utils": "flake-utils",
248 "home-manager": "home-manager", 256 "home-manager": "home-manager",
249 "leapseconds": "leapseconds",
250 "mach-nix": "mach-nix", 257 "mach-nix": "mach-nix",
251 "nix-index-database": "nix-index-database", 258 "nix-index-database": "nix-index-database",
252 "nixpkgs": "nixpkgs", 259 "nixpkgs": "nixpkgs",
@@ -261,7 +268,9 @@
261 "nixpkgs": [ 268 "nixpkgs": [
262 "nixpkgs" 269 "nixpkgs"
263 ], 270 ],
264 "nixpkgs-stable": "nixpkgs-stable_2" 271 "nixpkgs-stable": [
272 "nixpkgs-stable"
273 ]
265 }, 274 },
266 "locked": { 275 "locked": {
267 "lastModified": 1673481602, 276 "lastModified": 1673481602,
@@ -277,36 +286,6 @@
277 "repo": "sops-nix", 286 "repo": "sops-nix",
278 "type": "github" 287 "type": "github"
279 } 288 }
280 },
281 "utils": {
282 "locked": {
283 "lastModified": 1667395993,
284 "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
285 "owner": "numtide",
286 "repo": "flake-utils",
287 "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
288 "type": "github"
289 },
290 "original": {
291 "owner": "numtide",
292 "repo": "flake-utils",
293 "type": "github"
294 }
295 },
296 "utils_2": {
297 "locked": {
298 "lastModified": 1667395993,
299 "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
300 "owner": "numtide",
301 "repo": "flake-utils",
302 "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
303 "type": "github"
304 },
305 "original": {
306 "owner": "numtide",
307 "repo": "flake-utils",
308 "type": "github"
309 }
310 } 289 }
311 }, 290 },
312 "root": "root", 291 "root": "root",
diff --git a/flake.nix b/flake.nix
index 4913fe2f..0cd53be3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,7 @@
24 rev = "860d9f96de3c02ca3d5121f1a4b6d457c48a3c80"; 24 rev = "860d9f96de3c02ca3d5121f1a4b6d457c48a3c80";
25 inputs = { 25 inputs = {
26 nixpkgs.follows = "nixpkgs"; 26 nixpkgs.follows = "nixpkgs";
27 utils.follows = "flake-utils";
27 }; 28 };
28 }; 29 };
29 sops-nix = { 30 sops-nix = {
@@ -31,7 +32,10 @@
31 owner = "Mic92"; 32 owner = "Mic92";
32 repo = "sops-nix"; 33 repo = "sops-nix";
33 ref = "master"; 34 ref = "master";
34 inputs.nixpkgs.follows = "nixpkgs"; 35 inputs = {
36 nixpkgs.follows = "nixpkgs";
37 nixpkgs-stable.follows = "nixpkgs-stable";
38 };
35 }; 39 };
36 deploy-rs = { 40 deploy-rs = {
37 type = "github"; 41 type = "github";
@@ -40,6 +44,7 @@
40 ref = "master"; 44 ref = "master";
41 inputs = { 45 inputs = {
42 nixpkgs.follows = "nixpkgs"; 46 nixpkgs.follows = "nixpkgs";
47 utils.follows = "flake-utils";
43 flake-compat.follows = "flake-compat"; 48 flake-compat.follows = "flake-compat";
44 }; 49 };
45 }; 50 };
@@ -50,6 +55,7 @@
50 ref = "master"; 55 ref = "master";
51 inputs = { 56 inputs = {
52 nixpkgs.follows = "nixpkgs"; 57 nixpkgs.follows = "nixpkgs";
58 flake-utils.follows = "flake-utils";
53 flake-compat.follows = "flake-compat"; 59 flake-compat.follows = "flake-compat";
54 }; 60 };
55 }; 61 };
@@ -60,6 +66,12 @@
60 ref = "master"; 66 ref = "master";
61 flake = false; 67 flake = false;
62 }; 68 };
69 flake-utils = {
70 type = "github";
71 owner = "numtide";
72 repo = "flake-utils";
73 ref = "master";
74 };
63 nix-index-database = { 75 nix-index-database = {
64 type = "github"; 76 type = "github";
65 owner = "Mic92"; 77 owner = "Mic92";
@@ -81,13 +93,21 @@
81 ref = "65266b5cc867fec2cb6a25409dd7cd12251f6107"; 93 ref = "65266b5cc867fec2cb6a25409dd7cd12251f6107";
82 inputs = { 94 inputs = {
83 nixpkgs.follows = "nixpkgs"; 95 nixpkgs.follows = "nixpkgs";
96 flake-utils.follows = "flake-utils";
84 pypi-deps-db.follows = "pypi-deps-db"; 97 pypi-deps-db.follows = "pypi-deps-db";
85 }; 98 };
86 }; 99 };
87 100
88 leapseconds = { 101 ca-util = {
89 url = "https://www.ietf.org/timezones/data/leap-seconds.list"; 102 type = "gitlab";
90 flake = false; 103 owner = "gkleen";
104 repo = "ca";
105 ref = "v2.0.1";
106 inputs = {
107 nixpkgs.follows = "nixpkgs";
108 mach-nix.follows = "mach-nix";
109 pypi-deps-db.follows = "pypi-deps-db";
110 };
91 }; 111 };
92 }; 112 };
93 113
diff --git a/hosts/sif/gkleen-rclone.yaml b/hosts/sif/gkleen-rclone.yaml
index 2ea2ffa5..4bc07556 100644
--- a/hosts/sif/gkleen-rclone.yaml
+++ b/hosts/sif/gkleen-rclone.yaml
@@ -4,30 +4,28 @@ sops:
4 gcp_kms: [] 4 gcp_kms: []
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 age: [] 7 age:
8 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d
9 enc: |
10 -----BEGIN AGE ENCRYPTED FILE-----
11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhazlZcFRyY2ZxZ2dLb00v
12 SzZmM3paanI1b090NW8za1FKa3Q0bWlKeTJNCllhRGo2bDNaMkxpMHlweEZGU3FQ
13 SlFIQmxqK2trWm5TRFp0SEhVRUNNWncKLS0tIHc3OGNqbHF0eFozdWp1V3IvRFJJ
14 bzd6VTRPT1pqYVFPQ0IyblVQdWt4MUUKtp8FKeOVhZ6DTY0euegOFcmUL6bNYlml
15 1DlbDUF47mAMz6HfsvpyoJmLG/uQBCXUVIpP18ignQtJJx043+vnEA==
16 -----END AGE ENCRYPTED FILE-----
8 lastmodified: "2022-01-31T18:19:02Z" 17 lastmodified: "2022-01-31T18:19:02Z"
9 mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] 18 mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str]
10 pgp: 19 pgp:
11 - created_at: "2022-01-31T18:18:47Z" 20 - created_at: "2023-01-30T10:58:04Z"
12 enc: |
13 -----BEGIN PGP MESSAGE-----
14
15 hF4Dgwm4NZSaLAcSAQdAUKSZSIjnxB4fF01PZ3olACus3BJ1Qp/w1Ce9HXDxnUkw
16 wzWheWvUd0V/yqW7m3zU4XD8fFaRByhlgWJiu7FJxXoeDpnYarxFWB6aeSyPEGrM
17 0l4Bv9XXCd8ko5m+QkzCgSRMeg0oBIJFRX7RMN00T72Um85U2dkG2LxMS+diPhtu
18 RYZf11B5HUcj76GhRgEJUTiONZLskEfTaeB/No5c8A+v1RdKgTm2oHrzztgEnu0o
19 =noMa
20 -----END PGP MESSAGE-----
21 fp: F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
22 - created_at: "2022-01-31T18:18:47Z"
23 enc: | 21 enc: |
24 -----BEGIN PGP MESSAGE----- 22 -----BEGIN PGP MESSAGE-----
25 23
26 hF4DXxoViZlp6dISAQdAhx0jN7OoWV2Vrax1bkkG4ug00AcjP2OZmhctuYllEiMw 24 hF4DXxoViZlp6dISAQdAEEQ+ELalInEqD7WVWPyhz9C2WGOAqYZdW8wHn+i7c3cw
27 smClNFKFOpvVRziyCH39JhRPuEMzId5Y/J8L9U9ecoU0iX75tyA95qAHApYzrFQA 25 HgPkJXA0JJBawtQ+eqWtVBbmZbabVdiZ7xOAlVQWrVXa7tN7s2y4yY6KESB/5NFo
28 0l4B+TmXkZZRMeNmV+r3CXUkYbbkIw19nkuT7wddbWd31tFvww9b3CaEnGCBwvhx 26 0l4BvOF0KdMDkBx9rhVakSfCJ9w/3ZodD2tZ/KgttamnsYg9EwI2xDSsFowK0gUM
29 XdezFGbobmKF+O1NhD8cw/QLAlFcEXeYvOVXU65ryupy0LpBz7OIUd/umpSkjMk2 27 2t7ZnDbDsQCrIR0y/qL5DwFVVKlvbDl5ZGLq5Py/ECMh5WdsEQ0dqBmeytxN44gw
30 =4582 28 =SxAd
31 -----END PGP MESSAGE----- 29 -----END PGP MESSAGE-----
32 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 30 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
33 unencrypted_suffix: _unencrypted 31 unencrypted_suffix: _unencrypted
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml
index 9b888f60..5ac36cc6 100644
--- a/hosts/sif/mail/secrets.yaml
+++ b/hosts/sif/mail/secrets.yaml
@@ -4,30 +4,28 @@ sops:
4 gcp_kms: [] 4 gcp_kms: []
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 age: [] 7 age:
8 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d
9 enc: |
10 -----BEGIN AGE ENCRYPTED FILE-----
11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYkM2VWRIZzZCQUVYeThv
12 eWhHZE5GVFVOSUtLcDBXQmhtdFhuTThBdTF3ClNVcDl3SUdRMGJXOENyNWdSb21z
13 OXY1QUNwUjRrbU00b2hHS3pJM3diTFkKLS0tIEFxV2JSbWphdEEzbE8xbkd2cXBz
14 dEhFSDVKbFJJZWRPY3o2am94ZURJL2cKwJkjD9jarS3zdcNBVpx3cIjh8XmXCL+C
15 AN1T7DQjzQpD65Mdbj9QqXx1p0HmjO/sqr1yNQopub8oQneLbtx8Gg==
16 -----END AGE ENCRYPTED FILE-----
8 lastmodified: "2022-02-02T14:45:23Z" 17 lastmodified: "2022-02-02T14:45:23Z"
9 mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] 18 mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str]
10 pgp: 19 pgp:
11 - created_at: "2021-01-02T19:29:14Z" 20 - created_at: "2023-01-30T10:58:14Z"
12 enc: |
13 -----BEGIN PGP MESSAGE-----
14
15 hF4Dgwm4NZSaLAcSAQdAE/883Tbc7WXuzOxjm5jVrOSbnYe+BEg75ijtZP2L3UMw
16 4mhqzy576jEQLPGrnMpX2zA2MwFAwGnMwC98sQ4vVTp/xgNQ0VHHNM4GnTi6VoUb
17 0l4BLgQrT6p2ul69ADecadWJsGm6roqMHrpNGZeeczDLOBIzrrwN4sL92jQiEPw9
18 Ih+EXJpJ1K4NouU1VRsfQPqJ6y+i295TnEgunlJeYc/MNQgBT4ABiPZgUZXnkhxl
19 =7rOv
20 -----END PGP MESSAGE-----
21 fp: F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
22 - created_at: "2021-01-02T19:29:14Z"
23 enc: | 21 enc: |
24 -----BEGIN PGP MESSAGE----- 22 -----BEGIN PGP MESSAGE-----
25 23
26 hF4DXxoViZlp6dISAQdAGifJ6qk40VdF/WKaYa9v97PdSVkPvHZt+j0G8+ZDJSEw 24 hF4DXxoViZlp6dISAQdAYwW96YVgfK1Y3Ue1EA3qbE3zw4k4gdTnzWeBB2Ljux4w
27 8XC1622ElTWRCZ2bjUwMF77DMgMy3rEr8B7Bj6MnEzDd/Af63Np1cO+7juybxqhz 25 urG4pwe47rkuq3e1TMdZxxDeZe0OvLwaZBVfD+eFVUrnLYbkrm4shvrq+6xv70Zm
28 0l4BO6uZ+gCvKg45jWX0GE6ZBkoUTvh24djTngHFyIHDnpCxSB6s+jcYR9otco2F 26 0l4BvG9W6VvUXNyKR0Bl65K/hqm8A7GOBPfB35npsY+1ufeJJYdmxX6n7dL94SX5
29 ++E2pcoQR4GuOeyYa/8UsW+RzKWpCfskYbSIt4gAXyCt8ua1y5Rw0DEVdw91uJNC 27 he4m9JRuiyPrRxomudU5nrWLQwKQk8WtavExfVq6zIlnkhlGerKbxDVEIsFaDleT
30 =E/qh 28 =7IFo
31 -----END PGP MESSAGE----- 29 -----END PGP MESSAGE-----
32 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 30 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
33 unencrypted_suffix: _unencrypted 31 unencrypted_suffix: _unencrypted
diff --git a/hosts/sif/wgrz/privkey b/hosts/sif/wgrz/privkey
index c17f3415..66ad2bd5 100644
--- a/hosts/sif/wgrz/privkey
+++ b/hosts/sif/wgrz/privkey
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZWp5NWNJRDhGVzEza2hw\nR0dXSVljL2h0V3BKY0NBdHNGMUQ4VWZVQjNBCnMyWElnblBHLzF5VTB0R0xQMFd6\namRDb3JvNXJkNnFyMzloR2VPNFVyV1EKLS0tIDZiNkFFUnFKKzFObjd5VU04eXQ3\nVzdXem9FM2QwMjdvY3JRS1NYZEJHbk0KiyJDq69kk/gS7xMwqJRb3fzvl5wFIXN1\nxkdHl9pCQYGwgLUuHFgrNCseiDIO2n4hf2wEfbgS5F/errO91GGEBg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-03T14:44:50Z", 14 "lastmodified": "2022-02-03T14:44:50Z",
10 "mac": "ENC[AES256_GCM,data:LzYx8LqNy2NPr9+5v/f9ExE2PR1xHm1O1ldK2xPZFc3yMrgOpJpIF+sEHqf3Pv9prLbVC/2pSuAdtKrPqQdTWV8cCtaj8h4aBrnU9WHRESMe/ZkrpipeCEMuzBrhAjf94FQqI0gEkfUAq27nxyXJfaYw7eIfEKBqO6gZPGOiLpM=,iv:I1BGnMxm+R9ci0zBsJU0LbTkuxhZFfvgZ+01QcZCCTw=,tag:jeeeyW1rzt/BbSAbo4OSZw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:LzYx8LqNy2NPr9+5v/f9ExE2PR1xHm1O1ldK2xPZFc3yMrgOpJpIF+sEHqf3Pv9prLbVC/2pSuAdtKrPqQdTWV8cCtaj8h4aBrnU9WHRESMe/ZkrpipeCEMuzBrhAjf94FQqI0gEkfUAq27nxyXJfaYw7eIfEKBqO6gZPGOiLpM=,iv:I1BGnMxm+R9ci0zBsJU0LbTkuxhZFfvgZ+01QcZCCTw=,tag:jeeeyW1rzt/BbSAbo4OSZw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-03T14:44:49Z", 18 "created_at": "2023-01-30T10:58:43Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdAM+OkIgQ+f3RN3I3Hmxg+KXwClm2G1vMDuPGRmA1X2zIw\nJKdwmkNX57Xa6KVOqOMwIt4GJxZe0ZOs5v9l3fcULpSZe9WZf3uQKHU27iU4SZDy\n0l4BT3EoOwoE4qKEQWlHBLCctHsIekfaelvztqKZBc/xulCbske5ccsqtpmBhSXc\niM7ZHvhf9/FgKmqAX/X8wpyVm5Ws/54sWeucXNx8r3s1BScUcyAopjlvvdKRcSgj\n=0sBo\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAiQkff1SBFC/IhgcdXnIFcwOUlY5bd+tDy161X7Yag3gw\nrUrCJwLeE3LWzxIO0oUrhe9J73yjbnQadtGJT+MP8WWa88P7YNKxBULXn6Ry20Pc\n0l4Bi/HYhX3T11Z0buR5nqhO/+j2hAUl3qOTYql2qBxqQkgEf4/hDDuEQUe+5oY4\n/S7TtUJPE3xKreWo1byGqevoe4as98Hb6CFjC3MgIGJyyBZBxLABjQAhYEN+NGrW\n=+dMk\n-----END PGP MESSAGE-----\n",
15 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
16 },
17 {
18 "created_at": "2022-02-03T14:44:49Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAzkA7oGeASZcoz766pAaGRLJfbk2iS+mvPZLVFVMDdF4w\nMMrVGjowWKqWi7tq63g66caN7fPaBSVkQsEnIy7Ad5dopKXYl4Jab7nHVHo1wK2i\n0l4BqxfNxDENQ28qjnhUOR9qRm/tGkVhOmzsEm398fGOSUXoVc5fZDo8xddx+ohk\nPnSjOaQYlDjCepWeRilcsMGvhVJEj41TPyWeKG6boJ/x4dUTLpGc5oMydyHRxUeZ\n=0KFU\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/bifrost/surtr.priv b/hosts/surtr/bifrost/surtr.priv
index e7f2aeb4..a067e65c 100644
--- a/hosts/surtr/bifrost/surtr.priv
+++ b/hosts/surtr/bifrost/surtr.priv
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cVZBZkVpenFhdkhDd0w4\nNGR0c3B1VldHa0VaU3Q1Vjk4SnBMYzd6QUVNCk1kd3pDMkF3eVEzY1RaZTJZcGlX\nSnlvRHB3Z0NQY3N0Q2VVN2g5c0FxRW8KLS0tIDVrR0Rtd0pWZi9DTDNoUVVhTTZx\nck0wNTBxY3lGNnQvSzJBRHk3Sk53M1EKlf4fWXl3KRm5+9Iyur1KR2+mZLf7mekd\nr58Mc3Q3ancdZ4oGCbQQh3RsvXzwS96+89ZbPQb4pg2svgsabiRndg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-06T16:09:36Z", 14 "lastmodified": "2022-02-06T16:09:36Z",
10 "mac": "ENC[AES256_GCM,data:lzg4JDAyy1tL4dcuima26VWqQmCbr25+8AoecVIctX61V2STXiKzd938bEoJ02UVEPYAUzq+NP5fX6IrggYx2A0tII7oyo92EGBYJsvuCBpZWhZKpniXDsRcQo09PH3QJlJ9liSM8bCf6u//ubGU06xvLldt+g4xvvNOVfqMPSo=,iv:Ya2o/hhg18zp7PqLNSHJAAkyz/Lzibysylqsh0CvMzs=,tag:zeZZ0ilsCa/As7VOSCRgSQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:lzg4JDAyy1tL4dcuima26VWqQmCbr25+8AoecVIctX61V2STXiKzd938bEoJ02UVEPYAUzq+NP5fX6IrggYx2A0tII7oyo92EGBYJsvuCBpZWhZKpniXDsRcQo09PH3QJlJ9liSM8bCf6u//ubGU06xvLldt+g4xvvNOVfqMPSo=,iv:Ya2o/hhg18zp7PqLNSHJAAkyz/Lzibysylqsh0CvMzs=,tag:zeZZ0ilsCa/As7VOSCRgSQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-06T16:09:36Z", 18 "created_at": "2023-01-30T11:01:37Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAx1FJFTdMFdAzIAwO1rZ9ikD/cP1nTzfI1wLZf5ufB3Uw\nY8JVtL/aSLaO3tli5eZNuz6tEhTFA0GU8l3c/Ws6ocjC+l3IR5bS2CGZbMHjyIyT\n0l4BgxRFBMFJdpbgpIEPsthgZwJRGNQofSJ7A6/550ekM5b/n77CBZQOHwocuJ4q\n7LCSH6kFUH8GgkSC26OLC8f/QpWr9zTneZP0mBd2CiADDCg6oPI3rGwq6+jQKNny\n=wDDa\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA/rzuZLf8FGjq1l33fDEsqqn4iJzzD56NKBunJanRaUEw\nvTIHj6sXzzjN4cDTj6FlMLvR1HA99S6pqgD9a6KwmqjF5oSn4ygrDMhDNqSF/Zvp\n0l4BlzadFI1u3sDaZY6OqFUNYxuAqoam0vpC6bkYwfAwkwToV5V2L4bSDr9Ni30S\n+4m5RGpsJVfeCNn92iyHZtymHm+YQOVocxwr7oSgfQzHjmS8XpYwUQwAMQiMHGBL\n=adEc\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-06T16:09:36Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdActA18sJwR4mjwyilHzHHBBuReg88U8QVMLphsqFvHFIw\nV5OTgNNvwiCPHSvGiYQ41Fnxa3VVDu0b3HSsq1Xvf5aFf65cRW39t/JHruwkpd1M\n0l4BbBOw5pksAlRcX25PNIIg7WEq4mlJjCi41INKJ1lF5YEu9kVZHT/+ayU6N5Kf\nVH3I6bpZiIKMc4fnF+yiVbCTWNC3EYTeCpe/ZnM8Gd0WLJh0KsLS+QVzMYagMHNm\n=Cc3x\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index fbfec256..e79f4bfb 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -24,7 +24,7 @@ let
24 indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str)); 24 indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str));
25 25
26 mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain], addACLs ? {}}: indentString " " (let 26 mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain], addACLs ? {}}: indentString " " (let
27 keys = acmeDomain: [(assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl")] ++ (addACLs.${acmeDomain} or []); 27 keys = acmeDomain: [(assert (config.sops.secrets ? "${acmeDomain}_acme"); "${acmeDomain}_acme_acl")] ++ (addACLs.${acmeDomain} or []);
28 in '' 28 in ''
29 - domain: ${domain} 29 - domain: ${domain}
30 template: inwx_zone 30 template: inwx_zone
@@ -79,13 +79,11 @@ in {
79 update-type: DS 79 update-type: DS
80 ${let 80 ${let
81 toACMEACL = { name, ... }: 81 toACMEACL = { name, ... }:
82 if hasSuffix "_acme.yaml" name 82 if hasSuffix "_acme" name
83 then 83 then
84 let 84 indentString " " ''
85 base = removeSuffix ".yaml" name; 85 - id: ${name}_acl
86 in indentString " " '' 86 key: ${name}_key
87 - id: ${base}_acl
88 key: ${base}_key
89 action: update 87 action: update
90 '' 88 ''
91 else null; 89 else null;
diff --git a/hosts/surtr/dns/keys/141.li_acme.yaml b/hosts/surtr/dns/keys/141.li_acme
index 77fbc4b2..fbc3cf5e 100644
--- a/hosts/surtr/dns/keys/141.li_acme.yaml
+++ b/hosts/surtr/dns/keys/141.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUVJYODVrSER0QjFkM3pM\nNUo4YW1NQ2NJdXk1U01vZFNqMVlZWnd6eTJBCm0zZUp6RzFWbmVSLzJUQkJXMCtt\nd2ZwZityQytwMFpNSmRnWjhoVTNKT3MKLS0tIDhhOUowby8yZHJCRUJsWUdpUUkv\nK0xLYVVTUElOY2xjUVlTRzNEbXRpN28KELFaZoTeuDpHxSbUmd2CNRSoXdpar5cl\nbMKg2YRV8E2PvcTkJALk3GKAoFYqhq4WFidL8u44+gcEOuZuXtSJAg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:12:08Z", 14 "lastmodified": "2022-02-22T14:12:08Z",
10 "mac": "ENC[AES256_GCM,data:At6rzhjC4EbtTjMaw44WKYNuT2XRniZpDAXGskxi9HW/xIQFghcWlgzXaddev5BUMkitz93gFCFD02YJOzOC12GXjDksoHGtvHKbxmodIgHTbhkXFYLe1JoFPrF14NsiIOmmoqcbrn03+iinNehkbJ2wXEkGyev4IMacQGqV7q0=,iv:7j26jeRvgBrnJRVHYay+3wug+IjOIpjFWLiccXD6Z8A=,tag:esnZH7MLQnqkxNVPdwmx8Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:At6rzhjC4EbtTjMaw44WKYNuT2XRniZpDAXGskxi9HW/xIQFghcWlgzXaddev5BUMkitz93gFCFD02YJOzOC12GXjDksoHGtvHKbxmodIgHTbhkXFYLe1JoFPrF14NsiIOmmoqcbrn03+iinNehkbJ2wXEkGyev4IMacQGqV7q0=,iv:7j26jeRvgBrnJRVHYay+3wug+IjOIpjFWLiccXD6Z8A=,tag:esnZH7MLQnqkxNVPdwmx8Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:12:08Z", 18 "created_at": "2023-01-30T11:01:43Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAvU6MNSb8ky78bJfnRRx14o4rA7Ezylbtc6cFUG+eGAow\nPvRGLI3qm36sDYXo6OHKS9A5DTxIQlQHQqj9U4CHGU/w4X8pCN2ulHkAh767DXV9\n0l4BHa/JTXNklF78vY3zUkySrIueA0QZXvmda2pcd3mO3M78J7812X9jCZ8LwrXz\nR3Wp77iQXW/0Tq83DMEkFwYmueFfZsCtRxQBL5f4NlyuLZizDb2s8YZzeRICz5w3\n=X6zh\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARqDQVJiU556jzyh14VU0PWTwM8duRlyK+hswfrAAlEYw\nd5beRumTiEEd96aOKgOGoKUWrWNs6RSJ0gEox2kV9rmWmgsQciU24PCqMRqSuBH/\n0l4BTuXjqTqe6Q8D3Q3JPvyBb7ZX6TTQcWwROKl92XDwM+skn48/V56icko863ww\n/1wC1bMIkUVNJSRN7Relw50pin1tobDpbSH1HAcy4W5jwWIjxEirpkjGdG9ARF5D\n=5Drw\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:12:08Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAIbKybblH4bBEhKyup4r+KzKdHLZhBmR79o5A2DdD1mAw\n4KVInlvs+LAFksp1oCqSLd3r1foM3/QOrDdB1ExwTXrxlTgk/qM9eTXT4gIdXwt3\n0l4B5rqrDzCwp3DE2dC+UuBFB9g9YtF77xpfOFfcGLB3fKsPYEvrK6MwGMJqUtoI\nq19d8Cf/mir0mlYHBN+Vez/8jFi0HmrLlphhf4m0l0/6XNLdRbuSpb5T20ecJM2L\n=nRup\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme
index f8e0794d..06f3e299 100644
--- a/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml
+++ b/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWFAwQU1TaHBEckkrdlhH\nTTJ3QytZekxMMVVLRzJGbWsrVHVNSXV2UUhJCmYzL2NoNlcrVmI4Q3JibnFKYllK\nTDB0V3JaTU1aU3NURFM4SW51WGJTOFkKLS0tIDd5dFFvK1U1ZHR2TGV0cHhLbjdG\ndzNVdjZLSGJuSTlodXhXOGZ2N0dtSkkKBi+hj5oekvbUaohtKWsHqPYQyOrer7jc\nGKsAbYaLk6YJSYuuntLLVtUiszXck6gceLa8A/vQd+aTmnQxv9Gr8A==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-09T19:02:47Z", 14 "lastmodified": "2022-11-09T19:02:47Z",
10 "mac": "ENC[AES256_GCM,data:1/v1EB5lz/cwKcUuOPVVXPBtEnTmFrZj0hTGv5uQEVU9fd66muY3J6HPEvS68g/YBaaYy6V2QLc2lDwbu9amaukqE1Mq7sv51kSPp7jQs7u91BKfN5K3OtCipFxG1fwjqY4k7zliaYESLwrQWXEhFz3k/nPT9xD/nDNc/czQi3I=,iv:zNUpuirl9gZp/kr/NdO3a6ibjX6Itc0JBpu/xxTpMAI=,tag:0twXpUS+/YCpSxZBfojQ0g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:1/v1EB5lz/cwKcUuOPVVXPBtEnTmFrZj0hTGv5uQEVU9fd66muY3J6HPEvS68g/YBaaYy6V2QLc2lDwbu9amaukqE1Mq7sv51kSPp7jQs7u91BKfN5K3OtCipFxG1fwjqY4k7zliaYESLwrQWXEhFz3k/nPT9xD/nDNc/czQi3I=,iv:zNUpuirl9gZp/kr/NdO3a6ibjX6Itc0JBpu/xxTpMAI=,tag:0twXpUS+/YCpSxZBfojQ0g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-09T19:02:47Z", 18 "created_at": "2023-01-30T11:02:01Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwgUrKA64oejQmFVmq/vVXUtB0cA1QFTD9tYjc47x+zUw\nwClB436nZMlbuVAltWoMwaW6SOF2I6pcl10j1mU2tSBTnAFmhYUKstYNN1QaBcsj\n0l4By0ALjyRuRkvhZI1Tx3pUJ25P4mGux5dIYPbM+tDcb8hwfmCBig6NG47HH3xp\nPxWXzP6LNFkAAzpZidkv9RaI1XDezbqweMHVTOMfgnaQR35bIbFKDBEd/Y7AvGOT\n=P2yg\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAGSr83sNLgYxqN30jXwcCZRCWhROt5jmiW5pvL5ymER8w\nN3zsTpEfXBrPkHQif8utSBs5Lygb7g2CuBU7xTPPmqtIM6M+6tdicGGeHMSZHNq2\n0l4BSUEo1ErdwVLaxewsjb18zbxOZCm75ZbaO84zVdqKzIXx6gy1drdPajr9LhpM\nezWdxI3JCVIBEip3++grsIOYH1aThMAp8L2cyk2du5OUFk/ZDEJbh02gQfOniBYJ\n=81G9\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-11-09T19:02:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAbP0iUr2BYsdWpD0m2W4S8aTz8t4dp9mY23qAY5vbGV4w\nxETSJs6Luv32fHpG+kUFkNKIkkpte7Yq3qtxpFoIKroZAGR3/mXB2f0Nd+BKbDZy\n0l4Baouvj8guk0BxywGDyW3V88qMphaGxAwgVsZSiZ9++HxhGHu2fAozJdsJNNtv\njtQI/IM6TaR5/Ib5NxEZ2zR1AguaoI7iDIPhiLUwZmzk95/+xbNwo/bVjHXyh6vA\n=zxXy\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/bouncy.email_acme.yaml b/hosts/surtr/dns/keys/bouncy.email_acme
index ef900376..e3175138 100644
--- a/hosts/surtr/dns/keys/bouncy.email_acme.yaml
+++ b/hosts/surtr/dns/keys/bouncy.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSGFOSGgvRmZqUktoV0sy\nZTF2bEhpc2R6NmdPdzh3eDd4SWlaeVZKazJzCkQ3RzQ4LzNrZTZKRXlhNUZMbkJ0\nZUV1eWJudjNzYTYydXFPTnMxV2lsWEUKLS0tIHRCSHFyaEpnVG9tSUdSTGRsYUNS\nTzhXNm9vWFRmSmgwSUdTNndpaVZseGMKDRmEUPX6h2+IIvgFvfQK3GeqFi40FSqq\noj5lJktuddWXFRsoG9+MkjSecBEP1nIq9eeEuhEGhwaH5AYAsF2cKg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T09:11:47Z", 14 "lastmodified": "2022-05-05T09:11:47Z",
10 "mac": "ENC[AES256_GCM,data:BeR4eZ9AR8YGYy7eulvod4QwmFlstjS/ic3EIOpNaqDdeHCz5QCWM2+kR47ZQanSmVP1bFrIrnqIbL0lQXhX5a3mclFla61piC1oUELWXcn6jj6kd9QOZx9ZU/VlcKJEtt82nEXb7y8SEbiEHSs3btmAY9pHtYgLB/5grhBVnm8=,iv:3TEVp5wgtem43WEdh7LpMF77cSoP/+FjcH3oHnmmS4o=,tag:JceRss6y1lUbyem3Rqmd/w==,type:str]", 15 "mac": "ENC[AES256_GCM,data:BeR4eZ9AR8YGYy7eulvod4QwmFlstjS/ic3EIOpNaqDdeHCz5QCWM2+kR47ZQanSmVP1bFrIrnqIbL0lQXhX5a3mclFla61piC1oUELWXcn6jj6kd9QOZx9ZU/VlcKJEtt82nEXb7y8SEbiEHSs3btmAY9pHtYgLB/5grhBVnm8=,iv:3TEVp5wgtem43WEdh7LpMF77cSoP/+FjcH3oHnmmS4o=,tag:JceRss6y1lUbyem3Rqmd/w==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T09:11:46Z", 18 "created_at": "2023-01-30T11:01:10Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAN7OICwH4WzjRMo9QTW242OioK0RQufqkN/KbUQUDPyQw\nXvLmJlDZeNKDDw6KWkbb7ZNZuNF1i43BkrwfOQmYAhDDH4Y+vPYhWK6x6umxULko\n0lwB1J0TOLS17TkTO8atGrGo++hu705cokSQ84mpcercl66d7OzpI5N7I0MhM1A2\nfVdlvj7QNM/AnwXYOpxLeoUJl7D3gL/c/LA9/+5WDOMvNQLDgZI8h72J3q10Aw==\n=EdX/\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFiFczzTNmUDPwddTn+X8kQzIzVaVYM3noIn3zwl+63ow\nMH+cdM0DZGr7jFqWMRk08qUBG3KfD9quoE77DGRh+ro6k/VLmtNK6n9m0NFWwWCX\n0lwBy/r6k+gk2d/lP3d+GBZao7VL0vT4XHyxMg6nfVjhjiqJskHm9A9/6hHOUosd\no1mNt4es87KNqsxJQ5awdaauUb3/G2c221jf5ewmUOpFmnonyHEmNTHFkK4I4w==\n=tUv8\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T09:11:46Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmsryLbhFP1Ac3Y5+ROeDOfiNS1E7veMwxHf9S1sZflEw\nQ4/524tpAa8rgikNV5gmVKE4UVxYrLqwJItskzOML8OMqW5QGVKtHweSvPcMhv3E\n0lwB3pOk770dv0wiyxDl4wEWH/NvK+PWwpvcP4hT7PkLRbaUpov63sj41QOxCQMj\npV/Uvzo5/bKN9ZmF5WfPRmRPRsL8CuZoXEV1F9ZxGFyuRHS4pb4TFLHv+rnbhg==\n=xLXq\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml b/hosts/surtr/dns/keys/dirty-haskell.org_acme
index 0037910f..2dd095ee 100644
--- a/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml
+++ b/hosts/surtr/dns/keys/dirty-haskell.org_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXNXRsMWYwYzUvMlRoSUhv\nblRrNUJBbm50SlcxVW9WL1Fqd1ViUmVGV3cwCkFxTGlFWGNrWER4VDNEWERVWmJr\nUE9kWk45VjZRNWZJYVBvSmk2MDcvQWsKLS0tIEszWkVDbDNXWVgyUUk2VmpkYXR6\nQk92ZFZvSVkzWkFISUY0cnpzSllMQXcKhqp1c03vV/RfZ7vubG/uVJC5jvhQRgR0\nq2ipHuhMfDsvDQqnpfuhtbXSjtLtCOIezYuaDTJAeSwcg0qWBEY63Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:20:35Z", 14 "lastmodified": "2022-02-22T14:20:35Z",
10 "mac": "ENC[AES256_GCM,data:pbKzZIor1lRxI20O4yi+h2Vk6yOL1MtTstx5A4Byul06uZiGMrNMFyBaVvGbb8evch9ptYm4TNiWZ3T8xHYTwy4HGV5HgOOqY2vJNwTSJ6Yi0F34UCQMIPnXHT/sqL+T1/etV5zY1eQhH6L7lXPtIh7TiYhV8o5y7tpSwhq2RUY=,iv:ZYhhncJv4AOkKDon/DIAYJUgDN4C/iVyukMDaqzu3k8=,tag:v2U/hTaRxk47UG+E6D4ExQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:pbKzZIor1lRxI20O4yi+h2Vk6yOL1MtTstx5A4Byul06uZiGMrNMFyBaVvGbb8evch9ptYm4TNiWZ3T8xHYTwy4HGV5HgOOqY2vJNwTSJ6Yi0F34UCQMIPnXHT/sqL+T1/etV5zY1eQhH6L7lXPtIh7TiYhV8o5y7tpSwhq2RUY=,iv:ZYhhncJv4AOkKDon/DIAYJUgDN4C/iVyukMDaqzu3k8=,tag:v2U/hTaRxk47UG+E6D4ExQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:20:35Z", 18 "created_at": "2023-01-30T11:01:59Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA/I9pk6iikcFckUsUigf3MJSL1JN6HHUIG/PKeOoEMx4w\n6MoYrjveZeXJbQLJHEVwkanElOfmb7jNFfDQntu6VIEwxvb2vdFDY43JgX6SAuLf\n0l4BvsQcSIPm/3jZu14kLjZgK/S6wrQKbUmymLVQSADwYP2sq+u710bYnRk/QxGG\nRwo82yKyBAZ+EK4DWxB6VtAry8LBYlKY8uhJ17f1/95tc+GeuHEEqzcllz+le67l\n=AxIv\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdApov7yUTmjSUbIXopLSpmMECywQK4ApL+We4MZ7U1bwAw\nLf5btEfenwECDR3Vzl7Uqx1RbfOb0XzMaS23XVdXUkNn+6KnKGGngN+Y/HkQ0GHl\n0l4Baul/OBUAtDpNYXn633PA3BMzoyL01FExIvArNOZuqrtTkrdLDgEC99bd0Cml\nwo5cz7ZDNM0+hSCNLy5QdKKjFB50NSinXXrQW3moL1CIHrAWBG34qlfVXuoMZvg2\n=Bxpm\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:20:35Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACQne60rRG40kMku2GFVQhsrpa3RLAgjJGt2oPKrkgQ0w\nVWHpGyfpg0urSkS7+qecfhqeKAkaQ6CF2F6w2fCgn6Xdw28vs4pro1lHWhwYD+XT\n0l4BtxoVpKHysoL4qO9dQLjwAjHAcYnMPaNONIQMvU8DNrJ9ZiHkzJZPNQOeYL97\nEJCWUkR7V0OP8syMIKy37ii3l2aJd58w1DUd90BwvBrv5JBbNxIPalhZKULWI96U\n=dovS\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/element.synapse.li_acme.yaml b/hosts/surtr/dns/keys/element.synapse.li_acme
index 2835a7d0..43a57e94 100644
--- a/hosts/surtr/dns/keys/element.synapse.li_acme.yaml
+++ b/hosts/surtr/dns/keys/element.synapse.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaEMxMHJkM1d0OUwxZnRa\na3RjaU55Yk1mb3ZlZU5NN2JjcjZ0bGNVSlFvCkJmZXdiVWZxUWViWUtxZTZZRXds\nRS8vMVB6Vzl2ODlZQitnNjVFNDFLWkUKLS0tIGNLUEd4a0pDZUJTZ05IeHlraFc2\nUXMrYUltb1hRVVp4a09yZkgvYmpWU3cKYD9lvi2BYSdhy6OsO2oYvNzlO60JF1jR\nce7+krZMaBv/xz19zULsgGD7fk3tkMyJSjFvioezZKNgItEHIkuL9g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-24T20:22:12Z", 14 "lastmodified": "2022-02-24T20:22:12Z",
10 "mac": "ENC[AES256_GCM,data:M+IxhSEaBsmZzkE8/g38IqnRP1v0NKwa9i7oZnn3LWYnfFT9xkbHq25GHTFt+0XNSa0CT1zpbvqHl1sGL2OgAY9aWIICVFRaikuxPGF5mu6jFn634THzMggCz9u6aOQUjYIBJITaEYkXGaMqy9/+fmb0gM8/P8ruPa0+0HHy0es=,iv:Ga9soOAqGWqr9ndFGOg0+4qU52nvh+wwOXFTr4MhJUg=,tag:W7y5SUhnf6yxhNXkJA9QzQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:M+IxhSEaBsmZzkE8/g38IqnRP1v0NKwa9i7oZnn3LWYnfFT9xkbHq25GHTFt+0XNSa0CT1zpbvqHl1sGL2OgAY9aWIICVFRaikuxPGF5mu6jFn634THzMggCz9u6aOQUjYIBJITaEYkXGaMqy9/+fmb0gM8/P8ruPa0+0HHy0es=,iv:Ga9soOAqGWqr9ndFGOg0+4qU52nvh+wwOXFTr4MhJUg=,tag:W7y5SUhnf6yxhNXkJA9QzQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-24T20:22:12Z", 18 "created_at": "2023-01-30T11:01:16Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA3uYKDAg2a8ybbl8+CWTG5JGrpSaK10MRn6U+7+OjfVww\nGpuUxXdtZNTdluD4oMbnTLd85mhV4cuCLawk9uUAEJDXgVnxf/JtlvQxESuDX24Z\n0l4BMwoclLzAfflqGmOOopodFpU6841Xa6SD7T9a6YA1uwJxUmt9qCAogAs34d3i\nNcf0NI3Ysmu0bwcVAMwHRkfI3DYn4YpwVkkHmXVH5n0TepzZ38+7DN2CdXEjIN1a\n=mcXf\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAUkFzMZeAk3QB6ajpUIJ0icHIgp25ocbWfCWyphJxHWgw\nnJ2wJoioURiB1wF3ytjKb8Ix0aD16AMQkJBydKQ6Xn4GdvEcq54V/ds6NI7gU3ow\n0l4BY2WV289DsMqYmkTfg4f3390syJ4qPEOJH1wqTQPALAZv4sYqbUfRlYAcsrcR\nKpBDnWBH8kOoJaGEzRXOTniB7sGGO2a6Sldf31ldnf7rQOGEpdEP4RGqmEba8mIJ\n=k8Q1\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T20:22:12Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAeaMxIbBT/u8dnmI4SV3MC7p0XsHPdxNWZFJitsBj2TAw\nA1wLYBpbKPF+JFf3VF1FhozlA3cdxvFubDtOLCv95k/X/fqVgXi6DhQKRTD/9juh\n0l4B05OGvMUGTfZul/9xBChi0eTQEY7QA9XfKMqncKlXaCdP+iUTiGdtO1LGB7M8\n6fpufAHsp/nq0vZEs5AbMsE9pEiJOSNL5vQE/TIHzvMR+NElQ6rwBAgrxZoBNYmy\n=Ue4A\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme
index 1c588b07..acdfc884 100644
--- a/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml
+++ b/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQTBudzdBa2luZlR1Wmd6\neDgvaTR2eEMweW1TNlAwUG55aHhJc2lpYUZFCjI3bk91dmpFWTFobzRobWV2YnRo\nV0RqMW1heGVoSTJNWTFFd0JCUjRPVEEKLS0tIGVsUFVUeE5DTnBTaGtuTFpySEFj\nNTRQRFFIMjY1UWo3TFZ2YjdWbnh4M3cKsGlFvuC5DNex8uPOT/pDCvyrx4mh5Tcs\nIZ1bUZTCpuBYmtVLelGWzmLJWS6wIsZxTIjFYAGoCrKYwBIbqeRBEQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-09T15:58:56Z", 14 "lastmodified": "2022-11-09T15:58:56Z",
10 "mac": "ENC[AES256_GCM,data:bLVoRyiCj/t39dC62YuhwDlpVdniufta6wie+bTD3CmC7RxFrSVTIuRZbKlYgue+sxhtIsG2AaO4/FrpFGm9i3tQAi47wHMhr4NRtxXYALAiBKgREjap1q19ePMeN9vdbdxB2SsnnJBhlRAsZzyFqoeKuo67pEWWPuwJz3QXSGI=,iv:fmr313AD4xbQHNP94HLzKzVTGdL7E0m0u4F/oQay/2w=,tag:gs7GWUWuCISO0WVu/C+wuQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:bLVoRyiCj/t39dC62YuhwDlpVdniufta6wie+bTD3CmC7RxFrSVTIuRZbKlYgue+sxhtIsG2AaO4/FrpFGm9i3tQAi47wHMhr4NRtxXYALAiBKgREjap1q19ePMeN9vdbdxB2SsnnJBhlRAsZzyFqoeKuo67pEWWPuwJz3QXSGI=,iv:fmr313AD4xbQHNP94HLzKzVTGdL7E0m0u4F/oQay/2w=,tag:gs7GWUWuCISO0WVu/C+wuQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-09T15:58:56Z", 18 "created_at": "2023-01-30T11:01:12Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdATu1XElbAp1jN1ON1K5dOrePlVtucKDXpu1316bi0pQsw\n8YHSJkrIS0LaAGSPnZkNtxXMOWNcmLrbUhDwLcLnmYG2VSv4oaOhgHJ7qHxlwFTM\n0l4B67lzysh5ah1XEQMn5J/tERwHp9S2s5vN61olviMetrlAV6n03JTHjMSsV2nZ\nM5JflAbE3amxEdlAIcKyRh5pcTz1cnwEk5dVQMN6to8alhBOsEd2j40S7ixvuAmB\n=UUbW\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdArW+prJ5AgMLqh7Z6jPV+mdtusyov1t05Vm9O5q1QMBAw\nQPxCVm34VDbTeTxiCLHK9OEmZBhmri5Gz7Lqyt44QhD9l4OILESWy9PV8FEcrC8E\n0l4BYr81bqmqYyo8Qbpjj5LSe6jtKGFYW8tNQgO2LmbWluo/K9iUFKWmXUaVGaCE\n3Hbrl+OcMA3/q4Gtd1B1wFRfNCeI/6cAvJPZ6wUo55/FTw2KuHINjldjyA9MgW3x\n=ENw9\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-11-09T15:58:56Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdANUUZ//nrQaWaN09s/He7ZvgVDBNSoSoor5PPpeFkogYw\nxtwRVqp4/bqkiBDk0Szgjna98hnC0LKLfiO1zDDzSZ1c8NhUSo2mI52qnq6PAkOZ\n0l4BlYEjEcCYhuZJrGErzFnxWdPVUlTy/DOVN8AWwJCgvvbKKL0R4As7gwyoGg8a\nAPYgA4J9p62dlTCTHFXZNdQ6Iml/sBcgafcWAq5B6anQ6bmFGUF7s/+ntT5Ergr9\n=LVUN\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/imap.bouncy.email_acme
index f57a5b9f..c5c8bc5a 100644
--- a/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
+++ b/hosts/surtr/dns/keys/imap.bouncy.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqSlEvWVFxWHZFSUNpTE9C\nRUJrK0ZiNjM0eVc2WUVBcGFsYVF6TUNGOENnCldHc2g5RXNsMkVUSlJBZHBERzRQ\nTEpvOG0yOXVrdmppUzdveDI0OXNuaXcKLS0tIG1jV0M0SWhra3ZDekp1RW45Skhv\nby9LSGxrREM5QmJndENvM2U0QVV0WXMKNGzUHR3PueOUL0/ZJHtKtU8phZCsxoEi\nzwxmNoMM/AMqGUJ+6KP0BXqm28jhEsdMD9/lf6Y+uIsXI5rt8kVSLg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:35Z", 14 "lastmodified": "2022-05-05T11:44:35Z",
10 "mac": "ENC[AES256_GCM,data:fQmb4Az33ypsJowyPrwBlkDYDNNtJWev5RzOQdvk3FOXINfeVXqBqRmK/FqYTwonWg+oQ1j7HptvEHXnNBXyHSjLs0eBNUwQAGDVYCQO2zGwmvwnRoyvSfgqESAeSWKMhzHvEA67dAm8l1HZuAXOKpnfMF2y2Z2bD4t6Ipz1FOU=,iv:UzpWjwBiC7te1IxneH/rueVKyRQ8IulRQYAQ9AybueI=,tag:s+FpPWQ0qu187LRcFb+7eg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:fQmb4Az33ypsJowyPrwBlkDYDNNtJWev5RzOQdvk3FOXINfeVXqBqRmK/FqYTwonWg+oQ1j7HptvEHXnNBXyHSjLs0eBNUwQAGDVYCQO2zGwmvwnRoyvSfgqESAeSWKMhzHvEA67dAm8l1HZuAXOKpnfMF2y2Z2bD4t6Ipz1FOU=,iv:UzpWjwBiC7te1IxneH/rueVKyRQ8IulRQYAQ9AybueI=,tag:s+FpPWQ0qu187LRcFb+7eg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:34Z", 18 "created_at": "2023-01-30T11:01:18Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAl2GftHJU72CZwTRupXE9S1Z/w7vwrRQlFrme9woZ2QUw\nvan+u4DvpbWsv8jH4rPERxz7aIHcIUMnnDHMls7Ma8rqwE4GzjBnqJ4afYEgbUyc\n0l4B9IVHcML8hwLMRnox+/+DqMw9QJALjiLshid+6lxQOjiKj7AvLCsMA3llsT7H\ncyGwyhm99BaLO48zsXlSmGgg2/YSTPuiJtddwp9CWv0oeOrySnw5Rk0VqdVTzreK\n=EV9D\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0kv4q/YOTY8E0xl+Ppnx71EkCC/4gCYgb4MxhyLkdn8w\nQ/56uGmVxl+WYRHeuc19fN8JhMGkWIIbfLJhnTGfMOFOrWaF0iELA9lYTzAEIxUU\n0l4B5tR2sMveRv7kRfquaH5al1Mtq3JEehu6NoQq1+ASUyGqo/TYH074R5ijjfuY\nl2Cxd6OV7biEiD9Vi/uwxva/+iGboTi0N1p2MXPBJ1e7yvxOQyVjRkJ0pvZMMjn5\n=xakb\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAHdryYLAJhmbfQOq+tXxuuOYuB2stUUnq8/lRg6/nDyMw\nMeq1lqDPZmqcMGPuz1gaopZ+I30FBdASTaLMt2jPhd09mVccpY0nFuyvjJHHV32R\n0l4B2kHMD+NWtWCxPWGAUYBHI73xggVNMkDbr2FhwJgruN/4WRNGlgEszl6MQ43v\nI98doI69oLocwl7ZmXurspzyJA4btFIayAUgKc0uF28k4ulniTPlB75QxLAvXHNy\n=AQHH\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/imap.kleen.consulting_acme.yaml b/hosts/surtr/dns/keys/imap.kleen.consulting_acme
index 37a94693..93c7179d 100644
--- a/hosts/surtr/dns/keys/imap.kleen.consulting_acme.yaml
+++ b/hosts/surtr/dns/keys/imap.kleen.consulting_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBROTZRTlFZRDVUK2ZiM1RM\nVGcrMitKbkU5MjdxMm5EMVgxYlhTMXVtZjFjCmR0SXZnSld1WGIvakhkZjdsZ0RN\nZnpGMWZCeVE4UEV0dThUejFoTjU3a0EKLS0tIDRGYlNYZiszRW42c3QrMTlaeGJC\nUVVrbkRVMHNiU3MvMzN1YjR4ZjdnckkKhb4FXwaRS+e3MJJ5ACFlTrB8Z+jJYpoc\nLjrhkBP2/5hBt5xn3cC967u1MSffYHUOO29liQESfpFkVuh4sF5x9w==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:03Z", 14 "lastmodified": "2022-12-27T14:23:03Z",
10 "mac": "ENC[AES256_GCM,data:EE1byrlNG3y+62hcdTlC2R5s1Q9FJvzpbT8yVIZfaXpK8V/0BUZo3oNfiv43qGeSXBda58XQ0a+WEhoW0PETHZEKwqDMcOwkB/39JRInIIjy4AO73gq+8Q2f0Uz4vFWJszPbuc1Sx/2zPcqjN8r53pG8dAnAtpIxJHBmDBlRp78=,iv:SZOzFjdRdhGKDkg10lM5EeF/1LzVbVL78PCg6+x0nvo=,tag:m4yyLcjMz6yuTEU1HQyzcw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:EE1byrlNG3y+62hcdTlC2R5s1Q9FJvzpbT8yVIZfaXpK8V/0BUZo3oNfiv43qGeSXBda58XQ0a+WEhoW0PETHZEKwqDMcOwkB/39JRInIIjy4AO73gq+8Q2f0Uz4vFWJszPbuc1Sx/2zPcqjN8r53pG8dAnAtpIxJHBmDBlRp78=,iv:SZOzFjdRdhGKDkg10lM5EeF/1LzVbVL78PCg6+x0nvo=,tag:m4yyLcjMz6yuTEU1HQyzcw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:03Z", 18 "created_at": "2023-01-30T11:01:31Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAzgKPZSReVLFxDv5FrRDVvrN/KuaJtilnbXiunrbjj0Qw\nJrhb9u9CEfSbw2Awr893DssCEmBsmcgJsu2tO+WYJLLl9EMqiv/a3BUxP7EdSi4A\n0l4B6dplMxktqE9CTSxO/H2WNYobng32PxfIHtQUfdg/E66QJuKR6pj6ExmITTOV\nlkBfyTOoPreKI5+cdy8hBGH4/5Mfga88UTrB+lk0kXog6s/QaXPz2HDlPDw3gTZq\n=h4Vw\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+G2M86XLy6oYKPEk2dNzRsAPD+ImOeYYYeoorC4O+Xsw\nyUlY3aKp/Hrb4JWHvC1voJ46iLD2Monay6y/wHIo7gyzsKuCArgbUZn5AbHNpE4Q\n0l4BgzoIsI3UzIGJJjEbQ8PYiYUQfe8NESTzPpAKukuHTpdQNzkwI+ru1Z6oV9ja\niaxoUSimR+tNwPBj7gybwMwFHwukz48FRfonXFFzt4lp/iuKBNrLlOaMCDFWiU3s\n=N9in\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:03Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdABNXiiUHXBlVqB/44Z7CkjkJ8BJrp3XfsdFKCU4EClTww\n6kNZVhi3zk5WJo2Rs5FL/8tyAXzzwGF/9nGiN/91Rk+KUW3poXO/ENkxoEacyXqT\n0l4B+4VSajdP7MDVw0x48xr/D6qobx4rsBVrT1YX/YtSWymF3/ytddgVxqAyysWC\nQONCydTfRn0jBAjyLu3+e10zZ961WYxe1Nq5hJZR+BiJ0m/FjU1Z4ukebyOG1ks+\n=MyJj\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/kleen.consulting_acme.yaml b/hosts/surtr/dns/keys/kleen.consulting_acme
index 443533ca..bb53810b 100644
--- a/hosts/surtr/dns/keys/kleen.consulting_acme.yaml
+++ b/hosts/surtr/dns/keys/kleen.consulting_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxRW03RHVDYTlzMEc1b1Fp\ncktmRGJ2OVJUN1JibmdmT01KcjVTamNpQ1FVCnYybjBMdmRsazlFWEJIaHgzL3ph\nMnpsbUl1c1lEZVBCNGljR1F3VXNtSWcKLS0tIFlQeFRVR05XTldEaEpMZDNHTjNj\neGtuSU41Zm10ZnplNmdxNWI1MlE1NHMKcl+I9oAe/9neixl9elJCFtMYGZ+YufjB\niSCXe7uw95ugRFVBE1bjLxH/I60PGKTLtAI2T/dFgn7RuJYBBDaFyA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:22:55Z", 14 "lastmodified": "2022-12-27T14:22:55Z",
10 "mac": "ENC[AES256_GCM,data:7HS406wQjJAkjJ/nessmXyYjSZUvvt3c+rh6g1DGY5Qx4OiMjsqtPdKqwyd8GflaHOwveXYl+l3Ws3hqvVItIWUscrA8YRVuvvLiXNHTOJ35I1xpfOfrJR6R4GjncZ3NLn/uXmT88Rd+5wyVzxG/NSajEX6vRFfJMH1YIZzvJIY=,iv:camTYTuw/huEsNkPudN7ZZPb36rRdIdqVvqhqwVY9y8=,tag:lzAjBUzyok6W7rWxKARs5g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:7HS406wQjJAkjJ/nessmXyYjSZUvvt3c+rh6g1DGY5Qx4OiMjsqtPdKqwyd8GflaHOwveXYl+l3Ws3hqvVItIWUscrA8YRVuvvLiXNHTOJ35I1xpfOfrJR6R4GjncZ3NLn/uXmT88Rd+5wyVzxG/NSajEX6vRFfJMH1YIZzvJIY=,iv:camTYTuw/huEsNkPudN7ZZPb36rRdIdqVvqhqwVY9y8=,tag:lzAjBUzyok6W7rWxKARs5g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:22:54Z", 18 "created_at": "2023-01-30T11:01:02Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAjPnl2v4+xAwAupY8EA94bLsHr0TxTrzos3xpUWzsMy4w\n2D0uNr0+NPuOqMD0psr+Mv/WfDW1SMhHcK9sa5Y0JEmdLg3jBUFrUInyqdYGj8j5\n0lwBcsyp7uvsMDbQHYzrX7Zz3Fo5NInZtgwyAAVoLZTzXTOj7U/mGpl0WFf+7t+6\nfPkp4b1DeORFrgkggciZy9fGqac7eLLn2fcqdXqDFcE2TIk7Ahtf52Y8TbHMRQ==\n=/D9Q\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAX8EZDsAl1e+qxuypr81+0VkaklzmTibZ99m0RPJLTsw\nySGL1LncxNlNnmBJ5xIu/KYDsvzFxXTRgKfb/qSSzZDeCcwJpBDUGuJlLHouUHe7\n0lwB0rnyleIvrMsVIhs5nl9+6yYgKhAcIJVOSoA72CirsS0ZVCgG+B8hy2JMIHb2\nYAVcWXaNfCsM9kzYuyMJzCvD0t3MtnKGIF3peq14I4WslIFx+jMYsL5kNV5MGg==\n=FlBJ\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:22:54Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdApyLDGhMx8Ie5VncLqBa6qOed4Fq9gGXZN+/Y1nlRQBgw\n+8PmRdb+7xggzDcyzdOB9cYfYB1XBj9x7JhjK3O2U1Pclcr0d9G4/AsMm5CJa8cm\n0lwBxpCBkK5GQTNJ8SHEaY+EEmDnTWf+9Fe8yU+bMumq8FX03E2MVj3TX9TIXfpi\nFwF/nlov3ecpG7IYT1tsd5AsXvZcA3l1//o0Xr24ck8qDaWvuEu/y1dvUzTUQQ==\n=EUFK\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/kleen.li_acme.yaml b/hosts/surtr/dns/keys/kleen.li_acme
index 18122f48..9e606fd7 100644
--- a/hosts/surtr/dns/keys/kleen.li_acme.yaml
+++ b/hosts/surtr/dns/keys/kleen.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTW5HbmtybTFOcHpRQ3BX\nQUhRclpPOUF6Ymg4dWFaWmllWWZjWnRYYnpjCmVGOWhDV1RXdVJHR3dMWmVHaGRo\nbzFmOVRWNDkvM0IxQVNHdVRFcnhMWWMKLS0tIFlKUHhveE4vVW02ZDFkR3Y2SmI4\nMnU3bUk5ZXNuZGxXRGJRN3dhejQyNDQKtZZuZ4oYF95R5kcHh/xwFD38LE3HFVXs\ndMFFGoroo+Wfe+Vw4y2hZWM2dxir++XuL24ywuDf2v5veZr0KFG+6A==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:57Z", 14 "lastmodified": "2022-02-22T14:43:57Z",
10 "mac": "ENC[AES256_GCM,data:KGOS17/BCjGbzBXOAJav9aAs1d0ymAISoAu14nGCVdxLrhySM+sRgoo7XO3kG5xCfIn7dJGMhC5vIyLoHLl7il0FuSjhFztr1AvSAvmb09CaQksj/KTSXk3N+Tp2++Lvn8xPtNGcYTu/pK+0WLC2jt52KcbsXTVRSMtZO59+ekg=,iv:l2tcVM8c1HkJ5W4rc8ZPffx5fzAKcn7IjgjU3zxSpdE=,tag:KRabrd9nNhqmN/2YtzzPig==,type:str]", 15 "mac": "ENC[AES256_GCM,data:KGOS17/BCjGbzBXOAJav9aAs1d0ymAISoAu14nGCVdxLrhySM+sRgoo7XO3kG5xCfIn7dJGMhC5vIyLoHLl7il0FuSjhFztr1AvSAvmb09CaQksj/KTSXk3N+Tp2++Lvn8xPtNGcYTu/pK+0WLC2jt52KcbsXTVRSMtZO59+ekg=,iv:l2tcVM8c1HkJ5W4rc8ZPffx5fzAKcn7IjgjU3zxSpdE=,tag:KRabrd9nNhqmN/2YtzzPig==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:57Z", 18 "created_at": "2023-01-30T11:01:17Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAyCmRdezTNHo04OWMJRfeOfkNwA8iN5ORlR4MSnxHvi8w\n5qxpEl+NtPyGunAOm58zc6Ai8+2yuXsCGoTVDar5jL1poNgYMecwCHkMopYBOreC\n0l4BcGGs4AkKTzqEU/tBe4YKqp/6QBZ3N0giPeGWedA248Vnz9Lq9eHynhCkCB1O\n8y0wUf6159s+00MEaMlAHODPKetBTve2xa8W+6OvQqIYSxaaTJ01cI9n1deYSa1e\n=ke67\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAMWLHWiyJuTZmgKVZ0+JljLQDV0Ifv6l8zg3t3KbvTTQw\nCGYKVNHGMKbFNm92CXB0RS3wxA5RyBsviqgPyyCE5BQ9T7GDrnNOPRhtfY6h5Etl\n0l4BKufzu2YJHEVkBy+TmDsKC9nD6GR/Zw7uk2PpgA00Xe24g2QXjSGnOM897ahN\nSs1Ow+orruXNxwU4Ct34XQ56wyZr6kqIyp17VJZ295lCVxQ8UdofBExHHuX8rqwD\n=dx9q\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:57Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPlaZrCGl5FDZ3v+RG62I/FfyPA+qTepdegSTFo6m+lgw\nyEacJxkCO28hMsFgHhLXRveP7tKrWt7WAi91rU8j1LFrTLGV6PogA+jLGbAJeBQI\n0l4B8UDf/vNK7d1cWeScOO7a4HPsJ9jQDxEk3JB1c5funVqbK3h8HUMmbtbBABXF\n9ga0Ra4UC9s3pLUz8ykMQ5C/GCCd446HDHLbi9daXVTTGMnlkXhSgyA7VvCWUjnL\n=mwTD\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/knot_local.yaml b/hosts/surtr/dns/keys/knot_local
index a170ff72..fd9ad42f 100644
--- a/hosts/surtr/dns/keys/knot_local.yaml
+++ b/hosts/surtr/dns/keys/knot_local
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRWVHTzUwTEJ0aGxiSnlm\nL0VCTi8xMGdvREovUVlXYW00K3JyZU80Y1FzCkxhRWZxUkJjVVVjUkNlMGdCRWVH\na3RSd2RDQldNMjdhSFNsV3RlNVRST00KLS0tIDF0UmtKT3RWcE4waVFKdWFMV3c5\nQmFweFFaSTNKWERGdS9UMmxZd0UvZVEKADUXjSonpTZrPZhs92HIz4a0ZqcdxyRO\nD1uYTtBUHwZMvIwG1p49RzOfJX48feZGc7L5foIqbnzaCIHTYE/FrQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T10:29:34Z", 14 "lastmodified": "2022-02-22T10:29:34Z",
10 "mac": "ENC[AES256_GCM,data:wBzMMSuaNfITvC42rOCWznMCATwjLrz66h+0QURoJONGw/GMVejkdQ+F9s0UFz7PyVKPAxWgSC4Km+ve9nX2c+f1lGyo4YpWDYKtVlZuUd7/Alf1ctl4epZLZihZVc0XLRNgH/Th7D4c+7WyHi8XT1l/AHmbixG4Jxwh8/b0TIY=,iv:vTs3qIMHLIt39RSze3YRkJUkuOUganvtIs90qsXekcc=,tag:EaVQq7DyPvM1CufOtrFDsw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:wBzMMSuaNfITvC42rOCWznMCATwjLrz66h+0QURoJONGw/GMVejkdQ+F9s0UFz7PyVKPAxWgSC4Km+ve9nX2c+f1lGyo4YpWDYKtVlZuUd7/Alf1ctl4epZLZihZVc0XLRNgH/Th7D4c+7WyHi8XT1l/AHmbixG4Jxwh8/b0TIY=,iv:vTs3qIMHLIt39RSze3YRkJUkuOUganvtIs90qsXekcc=,tag:EaVQq7DyPvM1CufOtrFDsw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T10:29:34Z", 18 "created_at": "2023-01-30T11:01:24Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAqtTjcOaobAeRPtdIlgNBWcHMyJjWoeDdXI/s/Um0lX4w\nIe0pVT/t8t5vakDey0Mu6uTZOM64UKFyH2mTJCOWtbf96tI1ML+03bJGrKNTKEKU\n0l4BTRKRJwKrnjST0/NBc6YwBYfBeKoStoh60aBm072JlWS5/SprDysqMa9xpSxy\npz9HuF5g3/slPaeohUCh8457LtdQgLzZDBbpOWHwpU55Oix+518qAEZ5AspdnHHe\n=8Y8Z\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAwWqVll2MtAeCbvk45lMh1mmCoWVoiFUOXct5YUkE5zgw\nu6VF6vJpn1t68IWSAy9rM+H7D8B+dCdxehkjNEOUO8jfA2WgDpecmCJUrTqv2VaW\n0l4BKxaOBd9jfTi1RYKkzo99C0RpHaUJqKjVpPYmCqrEw3KpFEattdYS6/TDKuEY\nFOQxbR6+n/X8JcgrmrUpmmlXIeDAQCoNnyYG75MCcJkCJP18E/Vmn68K5JQnyR+B\n=bRoI\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T10:29:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAk0ne1fjj2mV1P+4GDfDE/1SuyvWJ6sqKjkfYgdneNEIw\ns1qLAQzboXcMm073fV/XiegSP4AVL5sa6TOy+ajHGedOk2AkTBa9dYj0QJLJAxxW\n0l4BJdS01hYhj51x2CjAMan37oDZaoNr1Z9V6SPxfnLIs74kPZuAWT9U5YvoD8bj\nwEPGgvJOHPSQbmKpRXsd7MIHxRAe2PEsTGujd6CEv+ZAfjG95EpW5P6Aie73ZZE+\n=1kB3\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailin.bouncy.email_acme
index 495af908..9686ea93 100644
--- a/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
+++ b/hosts/surtr/dns/keys/mailin.bouncy.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSzJUVDljTFNjTmx2Wjcz\nMHJsYlM4bFJNOGM0dzFHRlBKMjJUVjY5S2lJCksraXlSMWJZUjkzZS9STllqUmhY\nb0wvVHNEQlJBUzhVeUp5d0s2a3dtbTQKLS0tIGxkQmgvcEtJZjlpL0Vya3pueFpt\nakttKzkxWkZiUnBEbUZta3k1dzk1eFEK47tV/1zvgLsbHen1SPtTDrCpXZZGxZXh\nyyQnKygL5TQJrPSMxOwfnSYaoTmSoUnKzeQo2kwiKo5XQAt5Lw0dfw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:33Z", 14 "lastmodified": "2022-05-05T11:44:33Z",
10 "mac": "ENC[AES256_GCM,data:o2QxYW9SPIbOWP/iQ2Mk1imSUWBwPOkPUTIVub/Y4Yse0RkR6qp1LlRdhB5aOKirInKNulA0iCm5uiDyGS02N52wrmQpnWjeMcFysZ9rzzRPIaEUa31GIWRQAt11amO56hM9JTBZGmq5bhPVRxRBfMT4PSgUT/KrRJSQCVXGyAs=,iv:OWk/08GxYylbjqcOjJnC81L4P+QyUkyxYaJ+qReGzIo=,tag:4r4eVCB5s462uMbb8lrnXg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:o2QxYW9SPIbOWP/iQ2Mk1imSUWBwPOkPUTIVub/Y4Yse0RkR6qp1LlRdhB5aOKirInKNulA0iCm5uiDyGS02N52wrmQpnWjeMcFysZ9rzzRPIaEUa31GIWRQAt11amO56hM9JTBZGmq5bhPVRxRBfMT4PSgUT/KrRJSQCVXGyAs=,iv:OWk/08GxYylbjqcOjJnC81L4P+QyUkyxYaJ+qReGzIo=,tag:4r4eVCB5s462uMbb8lrnXg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:33Z", 18 "created_at": "2023-01-30T11:02:04Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAymwXeFtQyiAgb+/Rm5jxPCnKWG3n7libf3zmYbQw7B0w\ndAmL/pukd3B8n3+lcdHDZodtr3W4LyatgdSXOUG51hRoqEq16b2MmCM43jTUnYQd\n0l4BWTk98DfAZ/6z7ulexqbCmfJSfJzUJGBnLqTBq2dnxeHHWpY/tpGp6BAi2n+p\nxtooPP9PUC2wbXFyf0FB5nGg+JvsNi4FspDwFYljnDKmXBnn1H3IfCmUhy1chWty\n=a8nm\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAq41eSHW4AL+7p4OKovN/uch4Nh1zmcws1d5hxo40ayMw\nHwPOzn2yIjkUMIVLYqxtlN3KlClPiDUrjcOBhS+Xvu/77SRQeu27X+JynaHqDLt5\n0l4BZmgxTT1z/s8LCyKPK+woRZheVoXlvORbZkzKW1zjObVxXcyFqDytbeFtiS/G\n0PKbfPenf+VfEUN0Qiw9i4ggx41bsS1qKVeiVe7YR6aisThv0ZdXc3Fo2L+Lq7lB\n=Sq6N\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:33Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0t4v/UKyR3uWG2NpFqxZRG7Hj05+akMq5ZnU7B/VrgQw\n4WIpnT+nqxM7c+vFNe/AVyO+R82qQrMbTL0QHpD5rUDdszFVw1UH/ELMH3rrcRlz\n0l4Bf8bWylnKOvPqeyklEktiSUXoMWqs0AbD+LuTUgqz/JvuO6AqvgbfPUvm5eOM\npI2DEW11SZeqiUai3N/H34myzQ7kSoVSfJobUfmBazIq69DBSSWz0sksMw98+yWK\n=q0Ui\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/mailin.kleen.consulting_acme.yaml b/hosts/surtr/dns/keys/mailin.kleen.consulting_acme
index 13bfe96e..d8c92fd4 100644
--- a/hosts/surtr/dns/keys/mailin.kleen.consulting_acme.yaml
+++ b/hosts/surtr/dns/keys/mailin.kleen.consulting_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQW04dmV0cEcrb1crb3NL\nN2NTWTh4K2YxK0NGbkdzVWgwT200blBPUWhVCmRIZ3FjV3FMMzM0MVB0VFJLMUV2\nanZlamIyQzhBaXROQUJzWGd0U0xNU3MKLS0tIEZzNHdSYU9xamNNT0V0aC9DdXNk\nOWxaS1BGNTNKa1pMZlNKYXYxSStuSlUK51CXywenaleKF4p+UYbPzPjueIc47Iak\nhzd9wf0wARTD4Z9UAUtpx1c034x+G7j2WHGaoXAA6KqiETbdA1Jdog==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:02Z", 14 "lastmodified": "2022-12-27T14:23:02Z",
10 "mac": "ENC[AES256_GCM,data:Hm7dawU5Gw9Fm2ERSfaX97q6ia6iw999qofUIWAznEQSqeat8n6cGxiVsXU2scG1LYHUvtyGowFZ9KIbRBXSr1DootH5BzHYqP7Fh3/kKIgk2VToKqr2fUTcjQz0vSxJq9gdIeUpX68qLBptJJYbMtnk0tZUVMcXExiqIHB/9hA=,iv:W4WX0J0jXzixLFBnzvEv/p7Ockv5O7hf/x6WgoIRNTw=,tag:N6zfewA0bIIR3UVqRlUOqA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Hm7dawU5Gw9Fm2ERSfaX97q6ia6iw999qofUIWAznEQSqeat8n6cGxiVsXU2scG1LYHUvtyGowFZ9KIbRBXSr1DootH5BzHYqP7Fh3/kKIgk2VToKqr2fUTcjQz0vSxJq9gdIeUpX68qLBptJJYbMtnk0tZUVMcXExiqIHB/9hA=,iv:W4WX0J0jXzixLFBnzvEv/p7Ockv5O7hf/x6WgoIRNTw=,tag:N6zfewA0bIIR3UVqRlUOqA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:02Z", 18 "created_at": "2023-01-30T11:02:03Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAxGlaM4KVKBdUNjCIY1uBXJgRJhPBOoZTjZ1fntNXwU4w\nu82oB1vDeIzdDtRqvA6iv5QHV7MOAgv9hVtQemiDAjzrhUlzGkw/TGzmmbfhKbtB\n0l4B+HNbxNOqimYxBNHeJeeTAgPU3lu1AI8bDbQqpIyp7WXJ5nuxPKWxFgSEPgqX\nXRdNgardnV4XElgascQdvN7aGgb9qTXu/5lp/4btQ2PdO1at9io7RsE7tvJWKno0\n=lMzD\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAtVYPFDtr+tLgOQBWalYhx0STngd/dRake3RjjX9kC20w\n+B9TCRYK3T/dx6/9JiSr/6/9U4wPiOulI49PlPHtTzoBdovoWG8j5o87EFjWMmGY\n0l4BKdlpdOFwURQMOqsV4+htXH0OjD5lB2AVWeumfCdcDj6BQvCHeFPMoktzkWcW\nr5/2FXp410DokwnEfFa6x/h+UTz3pKCwEp3NskuxdaPLby0Yn9Sx/VbD+oGOte/c\n=XZy2\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:02Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAs4KR4Eed6EPThcPa8ngRTwuj048jtx4o7Bpg18SF/iIw\nih5u3V1RtclZeee/q4fsckoJeenIUGp0YzUUqligWALbxTwyPwJzHQX9yovTtkbR\n0l4BHtPvjbTmb3agauGVPS/xrBJDLu408mrQ6jTE61XwMVeNYwHGo5+FVvNq6xpl\nlRtgKHHrjJ35+1BBZ4tKKrnx3OskdAE9f/ZpNfF2/jPVtJystjOp01sGhpfMD4Nz\n=XbgW\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme
index 63d18e50..5a643b8e 100644
--- a/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
+++ b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpallLaEkxeG4rUHAxSEF5\nOGNqUE5xT0w2ZHA1akJreVpFZ2g1OG5CMFM0CnJGOGFFTTRuVUlyd3NoMEJEVnBM\nbjB0aDNoQmUyMDRlb1F6MC9rLy9RSEkKLS0tIDlnZ3U1VHB2WW9NM3M3ZmFKaDZU\nNGMyRWdsTENUTDR4YXo1eWdZV0p6OXMKVnCoPGLibG1tPHf9Rgn1Nn2yAYaicgE4\nWERPB4CSJ4fWvV9ftunZeDvt6TahRL7J9Lzb+HidpVFLs4GmGEm0mg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:34Z", 14 "lastmodified": "2022-05-05T11:44:34Z",
10 "mac": "ENC[AES256_GCM,data:cCqLh/qhAiicPFl1p16icG8JacpQTYjnRByjRVkD1wZ2i+M/4/LXL1O46GZJvNMNlOTN6Be6IIeazGnO7MP6oxo6He2hovD0Ej5WbSruiwL2cuVvZ3vSpFI8psWS22NBgnNXCcxA+giS5b/jlRI7pcTQ2Knwwzh7Y4Xdp/UBAi8=,iv:6wC4JpdL90zwezMsoLeE5XGwxMvUdHGaVnZqfLcd//M=,tag:7peBKCXYlivsVY9hgNojyA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:cCqLh/qhAiicPFl1p16icG8JacpQTYjnRByjRVkD1wZ2i+M/4/LXL1O46GZJvNMNlOTN6Be6IIeazGnO7MP6oxo6He2hovD0Ej5WbSruiwL2cuVvZ3vSpFI8psWS22NBgnNXCcxA+giS5b/jlRI7pcTQ2Knwwzh7Y4Xdp/UBAi8=,iv:6wC4JpdL90zwezMsoLeE5XGwxMvUdHGaVnZqfLcd//M=,tag:7peBKCXYlivsVY9hgNojyA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:34Z", 18 "created_at": "2023-01-30T11:01:32Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAJ2Nl+Jhuqa6LwqsC/EPuYPU9YzPaD11JMhPxyMnk2CMw\nIJWVCeIbXlUWulQF497/yvCX+gpODsk//xTc9J1Uv02uH0HZPYQaVMVs9sqg1NW/\n0l4BpYd98/J0fFwvjhlu/6AB8zrQ2OEegjlOSGDhrAObOBx5xly3IJOF0dObl3fO\nKuauEC3fXJ/s6dugdGDklNhrdRSlfgmigSErUyB0kjo9mF/mAQ8lbzw6b5OXXBwE\n=U3Fx\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFuIV3AN1SJmuRRm6oPfnR9OHseOTn23Vkh6D2DWLkSkw\nuAJdvUMsYEEIFA7KPUFBWNmr5TbBWlvP+fpub0HscN3zWM49jFWufswqNKFgj3+t\n0l4BRUgiJOcItfip64gJN3tydsnAXFDfPbBq5ctysEF1SLmNVHPK+UveTcY5KurU\nhm5ilR0+uMbgW31L7wX5+utimfzNNkCzURR3QHCw0CO6hai+meRhekw0eabcze4E\n=JX0x\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuAXp4XtRgiQe/Nhs1oBhZxxre6e6R8uBXCUuLgp5IxIw\nUZNOL8NJB94jyqC1yxOr9mILMJw0+cQYFq8CuwSea7Cuz3WOgtVRl1ezKQlpusu5\n0l4BK5ByaesUw7P+wYuXC9VDFnKUCkSn+AA76zikuHHFu9KMd/4p6FcHboQyFz54\nguRNReB6U3y2g9KIwKo/hAk+8NHnuqH9w9Cfb2IIsU5a663AhLv/GKKkCbo0s7Ur\n=jNYe\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/mailsub.kleen.consulting_acme.yaml b/hosts/surtr/dns/keys/mailsub.kleen.consulting_acme
index 5c5fe95f..dce49a7c 100644
--- a/hosts/surtr/dns/keys/mailsub.kleen.consulting_acme.yaml
+++ b/hosts/surtr/dns/keys/mailsub.kleen.consulting_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbkpweXk2VVRCSkkxQXdN\nN2x5WmJJN0hyZUNsQXZINkExdGpYZlhpSzM4CnZJRU5WMlVSMXgxdzZiRzgxZUdY\ndmc0TjdZQ3lrOUFrdnVBdGNPUHVobTgKLS0tIGNOMGpJL1hXU1hsSjd0VkQvaXI1\nR2Y0NHU0aVlHaHl2RjQ1V093WEVkejAKfJr15S8JJpTPS3hVx9DS5HpdD3Qs7BD3\nMi9WHv0smQ1nQd1ENlaaLAudA22YCawRQa+TaGPAYuRcvkOkZFPAZw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:02Z", 14 "lastmodified": "2022-12-27T14:23:02Z",
10 "mac": "ENC[AES256_GCM,data:e9KCj4IT+JozPfGGI+6h9l2XzIp+X4GWd2eJaJtvkh1AwrGeMHrOsODSed7VrXvEphWdp6lpur6RLjRpOjfjYx2pLvSmwlzEmPMNEdXsqUOZ9TBcfvr0GNS9jjqODigZdkV9xk4ewTHUu/mHI+E1YaVvvmxdtY5J5OxPSfp3v1k=,iv:nMU/9cksmCYI3gDqajZgrOJiK/XUMnj/xbxpceHQSVc=,tag:fDnEQC8LGvwQkK3yT/j93A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:e9KCj4IT+JozPfGGI+6h9l2XzIp+X4GWd2eJaJtvkh1AwrGeMHrOsODSed7VrXvEphWdp6lpur6RLjRpOjfjYx2pLvSmwlzEmPMNEdXsqUOZ9TBcfvr0GNS9jjqODigZdkV9xk4ewTHUu/mHI+E1YaVvvmxdtY5J5OxPSfp3v1k=,iv:nMU/9cksmCYI3gDqajZgrOJiK/XUMnj/xbxpceHQSVc=,tag:fDnEQC8LGvwQkK3yT/j93A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:02Z", 18 "created_at": "2023-01-30T11:00:56Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAKR2IFELTa7fiOCfmNK/LQpubb6nfsckcjRI3SkCCTzAw\nEXQlE3uffl5nS5asRHClbAlqMjJ8VUu6rRFn5CA9WE4WRhMwyb43OGjfbq/XZ3Qd\n0l4Bt8aFVuG9qABrJz0Af0fxbMkudvAYfrOYC3xBRRXplfT9C1nsequ8iB3p6P4U\nHPOa8C+x2Nxcdj3LQb5Y9wZPxPFe83FOeZsc4NU8Owyg2JHd4+WZwb/GlsEoyzPd\n=++pf\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+snk/qeL57fTFa2yZB3q3qY/NOP0EwLS4Y9RJ2/aGCkw\nk9SVgaq5mlZn5oizdGQUXr4iS4jhSwYHCT9PYHuKdSKnWizoF8V3AI+S5YKqDEQq\n0l4BSWoU57QJ7VyOY0WmirYfNfbAGHsr8qBjj66+nkR3QrYJ1t0+AyCUJBa2Se84\n8T4L1zcae+qJeNP/UxqlGWCGoh+YQ6gwuxuPLvsQTRfAnv51hCWzGpRxyhJ0SycF\n=ALKF\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:02Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAQA9FxCaP4DlenocEO1QjHxHml29D3Z4Z+kc+j8y8czYw\nLgPW/609sH8154aQ9RetBTKExT6rfztU+mz51lTDt+26Ob5ubTQkupiJW6jLjQ0l\n0l4BNKCAh3wbq8UZrSAAGlAIND2sdln/AgCW1u6Is79kbTOiio3lTz0ANpeex34Q\nmgdAnT4cjMmFUND4DUBjY132VZAO6Mm8hUq/cwLPq30Hw96ziqqKA7QvV/DJTrTy\n=voja\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme
index ee78810d..6f75f420 100644
--- a/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml
+++ b/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwUUhXZjVuUTZHcVBxTXAv\nYkJLeDJ5ZmpSQVJBQ0NxT3h3c0xmZjNKcmdBClVLQ0NUa0drQ0hEaWVwTnJZdXc4\nMENmL2RlS2JwdTBwWnc5bDlibU9qRXMKLS0tIFdLOXhqcXhrU0VDSU5NU0R6bllL\ncmFPVHZ4RmJsSm5xaisySTFueENwVm8Kxy5iDIRnmtJScCV+XgyTSlNYzilN5N9y\nh21w8NCz/8m3RJXu/dYbYZQDUKSis1fsf1Rt/WF1rikYzR3n7NSsMA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-07-10T09:38:55Z", 14 "lastmodified": "2022-07-10T09:38:55Z",
10 "mac": "ENC[AES256_GCM,data:w2Ir2YQgkH0+5jNFW7mHyFVW2VEh98ADI99v6e55U7jKdEn70oF8cv787kMHNqpbwYamO9pSAz14is5Po+n11MH0UxESuU0cE7tfvoaUDIDgHNFVENB9dlKrKmnzXyEbN0+p33EP+/QmKYu4yLGc8t33NqoeD7Mc2McnmXJUvm0=,iv:7N480RaBLjIBXWJZG76VzIEyxm2eIxOi9GoZbGm2H50=,tag:JceWZoMQMwqxTYBRMPRnzA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:w2Ir2YQgkH0+5jNFW7mHyFVW2VEh98ADI99v6e55U7jKdEn70oF8cv787kMHNqpbwYamO9pSAz14is5Po+n11MH0UxESuU0cE7tfvoaUDIDgHNFVENB9dlKrKmnzXyEbN0+p33EP+/QmKYu4yLGc8t33NqoeD7Mc2McnmXJUvm0=,iv:7N480RaBLjIBXWJZG76VzIEyxm2eIxOi9GoZbGm2H50=,tag:JceWZoMQMwqxTYBRMPRnzA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-07-10T09:38:54Z", 18 "created_at": "2023-01-30T11:01:13Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAYwPoDNsPVr3pUAih0sMWoebzWi8KQk6nthYKrBvc5mAw\nnuAjBhLc6Tzr8/vf5JbYcPiopd4qgIbPwqW8KAK28EdAz1+VrfM/mpI3wy0lO2YT\n0l4BQBjlvteoUfgV3nYDVbma7hh78Ip7vn0ebzeYCXbGqfCmhZXuZVG9k9rQ+v5t\nenIL1aLxLOBZSbcuDF415MZvKndU5LoQdciVfsFrex8TVzrYKQ62dBr00uysEgTz\n=TPo8\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdASX71DcGthG2E6rdE7SGC1bCL2Dnj1YQh+ObsyDK1Y1Mw\nqv0NDR2db4HM/hCcaGD/Nw4+94b9UYD5C4LQBw2Yp4BXSR1HShD4NPSwYwXh3XIj\n0l4BCeTy6yLAqxiiY/DjltHbNnff7/lLrc1HmQYYJa9pOefhfs2Lm2ezmr8Mzi7M\n6rJBe8t7b12xd2k3NVdDaH5p9pl+4XQK73nyXEmD9pQt28tMxqoBNNKaTgABQ+qw\n=xHEu\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-07-10T09:38:54Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAxFqsAJsqWvEmwQiLdSmcVP29dwQF9uLgGCwQCTtjuQYw\njFRrmwCYoCAMM0J7jExm6h7bVwy3pyGeIuya8X1sf6ZRJczGXvGwByK16kVdfgN2\n0l4BAlEaxS/5F6pMNJ0TMdYBMMGJWEa4H0xSE8DkF4Ep5bdxjaY3Pz09m8HWzJRA\nelshtXB8QcFLRG9BQRcPYd4ZEM+HqUCWF1C+7hBJ2SytDSHNZlXtxfd7ey3Jxg8+\n=oqf0\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/mta-sts.kleen.consulting_acme.yaml b/hosts/surtr/dns/keys/mta-sts.kleen.consulting_acme
index fb11861d..189d9d71 100644
--- a/hosts/surtr/dns/keys/mta-sts.kleen.consulting_acme.yaml
+++ b/hosts/surtr/dns/keys/mta-sts.kleen.consulting_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRb05RL1RQZGlPeHIzLzZM\nRWFjSDNqcEp5dGJIUjcrRm9yYXJld2xMVmxzCnYvZHNEbDErb2FPY2dROXIzZngw\nNkQxTVNhcUErV3RQL01UVkVNeGdHbU0KLS0tIFpaMG5hYktLL1Z5UTRlR1VzRDE4\nZ2xxaWpvZG9WRWlrYThHaEpDQ0psclUKzmBCBGOa3fZfZ/P0DA04B0eayopclIEm\n2bXxOLc68YRod8jrDvEiDGD4caj5Eq83Et0ffuntpGxasRSwbpfXbQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:03Z", 14 "lastmodified": "2022-12-27T14:23:03Z",
10 "mac": "ENC[AES256_GCM,data:5pc74n2LKOcmkEam04IsaoXsbihL9GeT37N51OH8tL7kBKARebdp4U+/ZALnCWlmlnTwvW1mqIxIamQlITITfPXIfa+oKjB8ywNnvG0EMYSYSfnebjstpz7GqyFJfNMh7nDXm9VdoJktsnzzLDD+iwfIpsfFSkqyJkY92gThuds=,iv:nO4XyZACLjj6V2URqbOBRYlHPuKFlI+B07xq5SPgaIo=,tag:s/4D5K8+SiLCACTwG1Woxg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:5pc74n2LKOcmkEam04IsaoXsbihL9GeT37N51OH8tL7kBKARebdp4U+/ZALnCWlmlnTwvW1mqIxIamQlITITfPXIfa+oKjB8ywNnvG0EMYSYSfnebjstpz7GqyFJfNMh7nDXm9VdoJktsnzzLDD+iwfIpsfFSkqyJkY92gThuds=,iv:nO4XyZACLjj6V2URqbOBRYlHPuKFlI+B07xq5SPgaIo=,tag:s/4D5K8+SiLCACTwG1Woxg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:03Z", 18 "created_at": "2023-01-30T11:01:35Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAPNnBI8+RdSV2BArAqqBQZ2AEjkrvKtl9KA/ZUyEqJyEw\nykVNwIOFa/LkWGojkbuozkvAaZnLaHVq90dAtGmeapfshTwocHWQrwYUpsDKpg86\n0l4BmfY8MR35TAzi8PLN/twTwKJGeuqaelNF8pYA6cLTqfMOCwTBqzq/GxvtLmOC\nfGG0WfktIVqJ2dsg/GSUaef86R4coq4RbzSZ48+9wCqM0M2PXz/ZjoTesmNSpGJU\n=WW0d\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAirfF+yqtqtlN3NyLyHJid6U19bpSVEYuFvy/0ZrURWQw\nVuAiyuqVIqDg2RAm+bf9gwAGE1wpn7XLsqHXmSzSMhMPNBeFWgifSOK9iOQPoeOB\n0l4B6xzTcLTA1E5Kqajzn+d8Hms+AyqarKJyq4JSo978WA0JpTydiQ1nMB8F2IYA\ns8YtU7KjdDA7LDbPurcYxBMMQm8iif7+PtlF07rtX2W3u2pYAnti+rqTdxzOwp2p\n=VblR\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:03Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAysI9J0A1cdISPE6qONk2wGbgmub7Kc5an4XVWUj0vUow\nZW3RIBQXwTDyrcWjGDeoxK4k/2uWCuDWcUUKtiNtitQioaq1RLPrHACKRbfJQrX8\n0l4BzrBvz6FmTFVCgrK9+knE+VxOCkYRKR9qE6OI5I8gLGTeF2HOkxQCtC3ibbEX\nTmvUh88riy613MWe8RbgNgpLINOkBa7ifkUenoDuDbZ5FvcKNzNSv25lYewPFbaz\n=rds+\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/nights.email_acme.yaml b/hosts/surtr/dns/keys/nights.email_acme
index 5bf19aa9..2d557677 100644
--- a/hosts/surtr/dns/keys/nights.email_acme.yaml
+++ b/hosts/surtr/dns/keys/nights.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RTdOazUzbEJnMXgwa2Ft\nbjUyV2RoVWtjUnZJRnNRV3VveUd5a1A5ckVRClRlMWJKaEYvaFhVeWhUc01XY3A3\nRnBRWGZtQXZrSkVKaFlYbjlheDRGSlUKLS0tIHZTOGpNd0ZmVmlDeXI3c1J0Ym5i\nWFBsOU9nUkF0bjlQNmRBQkg3VWxPME0Kul5SVpKrqSybIb3+svKry+YaDPsyBQyV\n0MxplxBegmij+kxe7z6AWE5aBhPHlsgMvatWIAsGS5Dyizou24us2g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:44:08Z", 14 "lastmodified": "2022-02-22T14:44:08Z",
10 "mac": "ENC[AES256_GCM,data:zsV4ZC/+H0d5EVRsGy7niGAXjhw9iEJ2IIT3ED8OaYd/TNDu/pCyCH5YvSnCGfi8/d4caaCUhUUKMCz8SG46lmvVPqHz516MfS2/lp21py8LhGuHReeAa6/xFrbBDmuECiY7RHv8tm8VnwQHOlZNFUpCIJufeZQUoAcYPXW+L7s=,iv:1wq8YlBhnzV6fofpA1QfX4mDcxJyzQUv+HphyjsvzcA=,tag:CEZIlqv0VfyKkFLxH3VK+A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:zsV4ZC/+H0d5EVRsGy7niGAXjhw9iEJ2IIT3ED8OaYd/TNDu/pCyCH5YvSnCGfi8/d4caaCUhUUKMCz8SG46lmvVPqHz516MfS2/lp21py8LhGuHReeAa6/xFrbBDmuECiY7RHv8tm8VnwQHOlZNFUpCIJufeZQUoAcYPXW+L7s=,iv:1wq8YlBhnzV6fofpA1QfX4mDcxJyzQUv+HphyjsvzcA=,tag:CEZIlqv0VfyKkFLxH3VK+A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:44:08Z", 18 "created_at": "2023-01-30T11:01:25Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA4RV9j0rSlCLozIMcNjo3GokziWshqVqu1WWuPDPpimMw\nZs/OH5ejj7cLMl/BddTZ8AAUrjAskRj3aqwYAt+BBc8dZYFVcuRuZzSGGSkMy6VN\n0l4BCBTyyU21D0uv6EEzqG4yiiOfs5JZmny3B7wMc0qh1vK4qClF4IUPmEvEpGuR\nTBOICnfuenUaDktMHixqgXFKx7SSF+8Qs0anlSP6OG8s2G82I2f2cN7lozdgGppG\n=WZxx\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA/BFyVdLikkGm6Zj34k8ZrB2Jx3QAXElfanVrespkmHow\nXt5RTi6flunmXc+PyYNuLETdwqegoDuZ2SN76QU9D30DqPLcFCq4PMK5D5eaPbxW\n0l4BACp6/UA4Eudf9DXfLEpM7O7WycZRVOC037FGNfaNgSxp8OgkS8+18kr4l31i\neSVh6/8zDKjAPFc8kcMWsR9woBI5IgH2B02u/RORXIG016wEFNF7G3BC2zzTM/Yp\n=cpAa\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:44:08Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAgoEDDUeIWqxm64kZ3DLaki5V5MFF3c7Kl/TbbmoKSww\nlZyHJtSACTrwfGBMAN+1NSKkTLTlE/q2FN7CtjfTyAWC0JLU9r3u5FVpQAXbBlht\n0l4BN8jltnkwlgw/CkKoq9rDHxfavDjfNBuSp4+8gzHj5XAvrKZKRWu0/T9LCr2A\nEon5f4kkjm99fiZVbojhjMM9drUrpaiofzMGvZeYgESRSmhTeLa1Qu6u7wb9ARkl\n=fqR3\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/praseodym.org_acme.yaml b/hosts/surtr/dns/keys/praseodym.org_acme
index ab0000c9..617e3860 100644
--- a/hosts/surtr/dns/keys/praseodym.org_acme.yaml
+++ b/hosts/surtr/dns/keys/praseodym.org_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1SUtQQmJpQmZ5OXhScE1p\nSmo0NHU5cTVHZUhzc0ZJNEs4cHRkRnl3R1RFCjVocmpqdUJUczFtU1c4YjA2di9n\na2VaeGtMcXN0Y0Y0RlMyL1BpTVIzVmsKLS0tIHdYWTN0N21BU3d2Vjl4dnN5K0hN\ncHNUdGxFbkMyK01iZStqdjdqd3RIeTgKyWEFQSFVMFyaAF0WnjEvdcCv+v9bIFyg\npKQ735dIAa/Xk7gWy3hie/DEgfJlel3Y0I7qStrm77Zggxtp8ApD8A==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:36Z", 14 "lastmodified": "2022-02-22T14:43:36Z",
10 "mac": "ENC[AES256_GCM,data:YqS+uQXyBP0BMdz9R/SxjidSo7pVUFW78M8cPX6z55+j1gGKfDhEwQMUNZaGly1bvoma+a63NjUi4O4iEYR46fC3PUsVaf8S3Uqk0KYWIedDr9XqAxPBnb6wWFrNo4wwgq2mhaIitziK1QC6pdAgS/iNlGNNbCCbYmjzMLzQc8Q=,iv:BraowcHMeSQfImK1sONbefGIn2VWVGzLBBFLDwYGf10=,tag:oXvnGalny9kvvQpKMx8OcA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:YqS+uQXyBP0BMdz9R/SxjidSo7pVUFW78M8cPX6z55+j1gGKfDhEwQMUNZaGly1bvoma+a63NjUi4O4iEYR46fC3PUsVaf8S3Uqk0KYWIedDr9XqAxPBnb6wWFrNo4wwgq2mhaIitziK1QC6pdAgS/iNlGNNbCCbYmjzMLzQc8Q=,iv:BraowcHMeSQfImK1sONbefGIn2VWVGzLBBFLDwYGf10=,tag:oXvnGalny9kvvQpKMx8OcA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:36Z", 18 "created_at": "2023-01-30T11:00:57Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAWVg759WL5YeSVLnx4g7PlD0DKo1+zBiZUOgnf9RHnl4w\n5wLTfTaYvXhd8j8y359dbvDER4r9isbpBfVZP+MGP4d3FdLgJCKm5WV6K5ES0bFN\n0l4BUX/KQeh0t/Phy2GZkmFyKu+3nr5Jl+veKIWJLZEfUCILX8c+X3e/4bZr8++n\nR2u5ZrFBENtaGxIdUpkxemQhGtd7BGtXyy/aCjRKY3MbCj4pmnAyushPaMC1+igp\n=LMQ4\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA5N60d1tDqQ0Kmp+mQkSgsTePvlmzEZ26pDjENukriVAw\n4TW5AZlAINdptcSpW8qCoUvOqtQuChrm3wnqXJo+suRWzkn51lFoD0zxWLNfyum6\n0l4BhliJoMXOVzD/t1gdoKpjfvTiUX8bnyxQhZTFSxvVOnGCQwRDVxoBNg93jMau\nt9YIir4fEKAr5299GxKflEmF6bj842OBzDvSB8l246Roli1OIyKDWK7KOVA4nlqN\n=eefR\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:36Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAxpKmbaTfh5aDBOZWebVK/eA3T5sxS5fbW+cE/I54zF0w\ne0QDeamgTVrMQaDH1zCqoJcFNNkWnTErQVaOMSDBlwuFQ7KaoghONl8qCbY60MuI\n0l4Bt++Iu5e3bOLOkdl+RugclmGHpdpHAuJxbcnw88BKV/gYX1ntNEGgMHGcOl4R\nC8JjHYFdOtohPAUEbWf1ogkllwxxkCttWGFa01hL6W+ogJxGFhRcOm/zcjBE/3Vm\n=MKMA\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/rheperire.org_acme.yaml b/hosts/surtr/dns/keys/rheperire.org_acme
index 5fb94a1e..b892e39f 100644
--- a/hosts/surtr/dns/keys/rheperire.org_acme.yaml
+++ b/hosts/surtr/dns/keys/rheperire.org_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RmxxTnl5a2NtOXJuTHhE\nSFNVWC9qVklzZmpnejgxU3BrNnd5elorblIwClhlMEZ5ekhpQ3FYekNQSVdGZWhH\nWDZUNHJLZWhkMjVoTDdJck5tRElDYlUKLS0tIDd1RjlmMjg2VjQ0am8xZytnc2hC\nWGFXaVRRdW9NODNxOEkxZlRTazJ6d2MKOOM+J0RLdHulmFxuYdphuHekD4rAmz3z\nUcUENDiEl9rk7HztufpmQeW5po1CUWcVnyA5RlIJhO7s8HkIHfwe4g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T10:03:06Z", 14 "lastmodified": "2022-02-22T10:03:06Z",
10 "mac": "ENC[AES256_GCM,data:W9FBhr/dvXw1spmHe4xKutiFcLtqkv+L/EYd2b8h2YD2ptWGj7HUzArOwGgpce9WOz7mS5WRF22vhZPzpKQ0aE3w8S4g9kxoYLDYBBP6itGJVwuvodZs0iu/dg5RutlwD5mA/iiyjqP9aR6yg/w41zC2Arc0dtHHOP0z+7zaZXw=,iv:62tzgTnfdFy/qVHMXvDdmowuzwX9Hlnmqnkobd7jPGE=,tag:GpjsYHtrsJwyzxxSf7wv3A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:W9FBhr/dvXw1spmHe4xKutiFcLtqkv+L/EYd2b8h2YD2ptWGj7HUzArOwGgpce9WOz7mS5WRF22vhZPzpKQ0aE3w8S4g9kxoYLDYBBP6itGJVwuvodZs0iu/dg5RutlwD5mA/iiyjqP9aR6yg/w41zC2Arc0dtHHOP0z+7zaZXw=,iv:62tzgTnfdFy/qVHMXvDdmowuzwX9Hlnmqnkobd7jPGE=,tag:GpjsYHtrsJwyzxxSf7wv3A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T10:03:06Z", 18 "created_at": "2023-01-30T11:01:51Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAKlsVaoap1ggCLt6/FssPFSQaYVpFdfm1T70mOZ5kGgMw\nH57MoD30qRWwgXWqS6XWRsHtzEcLBs9GepOCHplkiTGTmtiJT3P4xDIIvbFvLCOi\n0l4B0H1Nj+xUejKbkkCpzFZwcr1URP6tdOALMBo+SEqtiEJZjey/3oK+eH965nAq\ndkgBUoaW5V0iF5dOAtWk35m6ZJq6KY5VFcgtqrKk4AEr7tc1QaolIsRRKKlPTuWa\n=tcS9\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdApcCDRpDnVmPvQLemD6z75rKRlfxKfxhu46FkXp4fvCsw\nrbwih2RTCkikT9gyZmYCPoRQrUo3V32PgT9o0UT5WLtNV6EhOSjjL9JB6oYQtT1Q\n0l4BWRo4E0av73xZKq7W+3qf6ufwzKJ2BC7wWM+Tvh+Oggym6dy5ig+cGP80mfLV\nSF6AiH+nC2JMm7aYpLpXpY8zrVIuIsSd0bswycrFD+rOK7G8iK2WAuTInP+zzV53\n=r6TL\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T10:03:06Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0Pq+4uKichWgU6MdnrScKcfKow1TGG42Gb+sbuQjglMw\njEUbtoJAPmkyFXEBqQdJKiOvTQ0SPdA6AxsxvQzVudRe/Rlscmp1831EcMnsb/2p\n0l4BZZvVg+bSCWOKNwrWj66pzNIvLdGpdLn+K42zTreq4jwmfy9Wm855enyXSj/b\npWdH+LT9KQcasjET6+N8jZwTtDcZatwx+n57rJ9N6bG3fvbVy1oC17BrbRH9vzaY\n=JtBh\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/spm.bouncy.email_acme
index abddfb7c..254dca46 100644
--- a/hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml
+++ b/hosts/surtr/dns/keys/spm.bouncy.email_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVWZsVEpuM2Vra2txWWF3\nMEpkL01GV2tHWTB3djUyQktlMk1tWWhxR3pNCm44bkhSSWxGZ2JoZFVFekorNzlZ\neUZSSjMrbVNSZnpkdkY1MkVSZXVUb2cKLS0tIFRWQTZPcGtuZ21MZCtTSTVtU1NL\namN2US9NNnlSdmZoWE1nSVNSTkVuT2cKKWrP20Q/Af6NNat66M95GensgbfiLFEu\nbje31iwmG680e5XI6jAB3COnFUZ33iKeQCDyGD1c0k4fBEbcHUVTeQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-15T13:16:43Z", 14 "lastmodified": "2022-05-15T13:16:43Z",
10 "mac": "ENC[AES256_GCM,data:ctSwR9AUO7jcAto8H+qic4bZ14Zu3Vh/yH/TANLLDomEOcpfUjGneLO2mv5J4RM0O+G0mMULseqMXYWPYPAaXLz91ynkROoX76q/H+yf+mDBl7bfO/tzg8XmAZvQjtBCv7ctLY1OXe144uOoxeYfrM4Tv72K1dehEI/eJPCNIak=,iv:bwhXaEOJte0LmpKS0pQ4nLgrCrcmUNIqCdcrm6c/7b0=,tag:pzCYdGnYC8cPUL/h9V5z9w==,type:str]", 15 "mac": "ENC[AES256_GCM,data:ctSwR9AUO7jcAto8H+qic4bZ14Zu3Vh/yH/TANLLDomEOcpfUjGneLO2mv5J4RM0O+G0mMULseqMXYWPYPAaXLz91ynkROoX76q/H+yf+mDBl7bfO/tzg8XmAZvQjtBCv7ctLY1OXe144uOoxeYfrM4Tv72K1dehEI/eJPCNIak=,iv:bwhXaEOJte0LmpKS0pQ4nLgrCrcmUNIqCdcrm6c/7b0=,tag:pzCYdGnYC8cPUL/h9V5z9w==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-15T13:16:43Z", 18 "created_at": "2023-01-30T11:01:37Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA8Qw/R0Q22h6YqOt3yLHzFH8ef5tc6oBNx+1lGtxOi3Qw\nEJko8z7Lv5DScheFgECls03rlt9HH7cmPnkQhUnqmfbyzYuosLVM+G0bswpu01ot\n0l4BNBsavoLAa68LFtJGBViM1kojb/UteeYC1cvq2TeXLNaQ90QmGnC6GJHZvzpi\n/u7Rl0DdGoagHrTtVKnNGtvOdwFYeG6iPRHl8Ko9D0HTkgW7dkJ77tw2Wqt0POjs\n=BhzO\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA1olWUsnPciRmWYn6JWD43zWVwz+1dHUTB6Wj1nyyATUw\n6qjZASa+xhauJaHCgF6gRNhiNEuN/a+a+jhQFJV096cYQwI6BXfi0pUbACpNwwOK\n0l4B7rFp/0lkGIkZWPYHdZ7Cj1qTIaPXyEgohGp0gjMuaxn9Ef/lE0gx5kQQWXwU\nNCwYFmNm9huNxd5SpMxve12Cikwhlne2J7KjqOfYrDRbB/eKYrv62KWBaMa4cMuu\n=d0Sx\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-15T13:16:43Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFp33Ruo0AivhV6jjRzoZQvtexS5WEkeoKf4xjRjmKB8w\nRCCCUGiwg8+sz9q+T89QeV26yIQBFQR3kvoamPltW+VZfGuh3oPjl6NbL0MpGsr5\n0l4BDJgG7sIJRZokW0/pwdAJ0PZrKlPxtUoaorM//pLGd0eNbIUGlNT2Jcvsc3Z9\nIkMISOK4wcTj/KvCXfPsN0KiedEKYEj4pq80h1hIWu2910yicSKVNjfL7lARUgTk\n=qTBm\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme
index 4523b3ba..2aed1a5d 100644
--- a/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
+++ b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVnNQU21NYnBTY2x2R1Vk\nclNMYkgwbWM4a3JIdUhKcUFFWEFndnc5aWw0Ck83QTBBbEpkVlVZcHpwOEF2bExR\nUlVpaGRiSk02dVJSSGtpNzd3bU0vWHMKLS0tIE5iVU5CcUlTMEhQWlhGeXUzSHpz\nY0pJREkzcGQ4by9JNWhjbHE4eUd6STAKb2qpOMHJuHEieljvyv2Cw9BDGovTwXtc\nsT3yb+nVI6jUIG4zx3G2Bfs0K0zGV5gWRbrKF5tbhWqtBNuKzAMf0g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:30Z", 14 "lastmodified": "2022-05-05T11:44:30Z",
10 "mac": "ENC[AES256_GCM,data:fLYGT6nZqQEE71WV6lhmXcX2HpQBwqRqd4j9D7YwXXCQolK2v4vqND8cjn2Ni71eWxoJRqHSVWOcvK39EM+kphcmH/wqLMYhdfjkP+DisYecO8LSF8MC1mhADz/YAQQfSs1Fp73JBEOruWqeyXsCB0uSfuIk5w6P0oihzZEddys=,iv:kdLy5pPPfOhyT4E0PV+cbb/007A5maBtQ90ZaCvUHGM=,tag:QJrlCAoFTosBYTgqfca/SA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:fLYGT6nZqQEE71WV6lhmXcX2HpQBwqRqd4j9D7YwXXCQolK2v4vqND8cjn2Ni71eWxoJRqHSVWOcvK39EM+kphcmH/wqLMYhdfjkP+DisYecO8LSF8MC1mhADz/YAQQfSs1Fp73JBEOruWqeyXsCB0uSfuIk5w6P0oihzZEddys=,iv:kdLy5pPPfOhyT4E0PV+cbb/007A5maBtQ90ZaCvUHGM=,tag:QJrlCAoFTosBYTgqfca/SA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:30Z", 18 "created_at": "2023-01-30T11:01:47Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAO6YzCUEucOdXkrSHAVb7Evv2ouIgsI44bvG39sM9mTcw\nExiQR9nGBTrVUIRX7Gcb6GbDOHfYiSXhIi6CVzF7gRwe1iJGM1T6fheA30VuJ4uk\n0l4B3F4m/Pqvgp9NaBGQQDQOaCTD5NjwK/2lZtuMckQMUi9df4nEA9khJHsw8nx5\nSGU8QZquE4Kyi//pEFycoQ2q0QvKqg8JoT2m7TG5EBFXea1xfbZOZNIANUB8LnOW\n=vaJN\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAvY/jNy+EebMXl+HC52ZZqpaTbmrwOirWpS8qXq6rozAw\nmdXNMqWkxbOo2P2KzaiSYEis3Wxx3HJ7HQj8rC6tpe9nhzeOK1wJJIgQTsuTXF/Y\n0l4B4OlrloP4ecgEK/atvMR+lNqFKTOIeDT1LFBPipZDsqFdUhThECzALqAIVCnK\n4HVlGO3qL+AitTCEOdr640ntOl5dmR42kSdHcrO58ndoNR4fP1uwD6Qbtt0wxwDP\n=Ybk7\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:30Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAgqn8CAAZu2yB5YUfmQtMxMNJr3D40jzBH1oVmV862lYw\nlEAvxqlzV7xj/pLLfcQm/fxVu6c1tQlD4nA00VceQVZN8bm0kOzwbl+MnCYBiHps\n0l4Bcus9lKpaEpz/SB2no38/VCeM2mFnWPkUuyaLN0+xlosq4/laLhLe4NzXW8BX\nQKv8FLX0GxywRzonaLBf4p9Za8EXKXv9xMf5iYst4vG0epj4MCCxp6IH/uNDJwFt\n=yguK\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/synapse.li_acme.yaml b/hosts/surtr/dns/keys/synapse.li_acme
index 7d219661..8d3e1c35 100644
--- a/hosts/surtr/dns/keys/synapse.li_acme.yaml
+++ b/hosts/surtr/dns/keys/synapse.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdEJ3TXNIWTB2K0FXM0xM\ndGJGWFlYU3F1bStlL0tMRmtseWVMNDg2OEZBClFCRExGNWdUM0RVY3NwU1J2ZzE0\nWjU4OHZjUXVZUm5jRlFIMmVwV055WmMKLS0tIFJVZ3lqVEZ6S1UvZlRBZzdjRTFF\nR1BnYjR3eXFGQTBwNUFPbzQxUUoxOUEK6xuvpXbJOpbSoMjcZ66gMHLLwsO48abS\ngp2peOgV6eJOud3BpZVb4uk7ZURzT/np6oy9NjCve90sW2Vjb6c53w==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-24T19:18:59Z", 14 "lastmodified": "2022-02-24T19:18:59Z",
10 "mac": "ENC[AES256_GCM,data:Tg6sB+/2rO4PpW9bCYGUl2L6TpfsFok6m1e5kHIScfpHc0PBbr6KoMJ17sDnvjFahg7vGBi9abUTX2956+Qrko0MeyJK0iawVCxKJUY0V9zRFQFyqEaCnzSW8raXdLqmWwB7hl8FI/LrNE7+a3b8AmlaleUojXtJ3q+uJ75MxrY=,iv:eweO0KdOPzfYsyWzbDeKWZrbd5kVyJstx6JiMpO0ApA=,tag:Q/SMnAlZs9tEhbAGv9639A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Tg6sB+/2rO4PpW9bCYGUl2L6TpfsFok6m1e5kHIScfpHc0PBbr6KoMJ17sDnvjFahg7vGBi9abUTX2956+Qrko0MeyJK0iawVCxKJUY0V9zRFQFyqEaCnzSW8raXdLqmWwB7hl8FI/LrNE7+a3b8AmlaleUojXtJ3q+uJ75MxrY=,iv:eweO0KdOPzfYsyWzbDeKWZrbd5kVyJstx6JiMpO0ApA=,tag:Q/SMnAlZs9tEhbAGv9639A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-24T19:18:59Z", 18 "created_at": "2023-01-30T11:01:38Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA6+LF+H/wPOo9c9vULtkX4eFIdme1yVr4yXP/Txm1SBcw\nPfZzGMSJ5znMqkCba/+BWKksqh2a2bBWOFVxsuq4r1wjwD60F2EIlag+gT87lArq\n0lwBH3xUvEr6/FFlB8uS/se92tgVveOgxNrE5pvoH0GBcsrPMjwR6LvQkP8dD6Jl\npiFIKSYqCMUAwJ9u1aSsnHgwM1YlmAXHGK96xA4ljlglqK/aQbxw1i7vfL54mA==\n=IKpe\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA6I8VcbNmIhHzbm1VQ/ufL/WQk5o1m3x36Fup+EuViwUw\n1dSGH7lnzJoRd2TwXsBULzhqCblA+i0aw607oyWObO66MdcWbbRWDN5ogJpQzCHr\n0l4Bl83NzKaezqUsZDeZkNRp0dl4dIFdymBFwzwdMYV6pe15wJu7ZH3Dnx6DiRI3\niGxKFulBlcTlEBFLK8HOJTKLVvj3r43ycJYcdtsdbIaeRdFIlj6tR/jbDVaFLFH+\n=cBo7\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T19:18:59Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAa2Z54/kxjkMbObZQ8axkNuKXD9mW4egT3pK+K7Dbj0kw\n10MA6CDqDkERh1sJaYUMSQff7AjjNsnV3KQ2WwENp4m4NuHVL4M2gVeO6sAWll5+\n0lwBLkARkdFvFCYbgfeKKM65RLNSIHLxR6H5gYFfaefjI7Ir5yGu+DhqVziAIF4y\n2UfgSMiaktqbKF4Eq/SUOTHPjjKeACx193eG06/rxQRwWrkwiiNfBtAWURAPCA==\n=2+q0\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml b/hosts/surtr/dns/keys/turn.synapse.li_acme
index 036fd519..9501e970 100644
--- a/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml
+++ b/hosts/surtr/dns/keys/turn.synapse.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQnBacC96WitIMzZBYUgz\nak4rMjNkeGtuY0cyWmNyWkZham1qTElHUVQwClZoRTJGa0tXN0IwZ01uQ0gxdWJn\nZHYwZEFMWU1aL2hjVnFINjhvVy9PS0kKLS0tIG1FOHlvcmdOMnE2RWcwRUZodU96\nQzJzeXlRMmtIZ0xRSFdmcTJIYndwS00KS0fWivBST8JDJDYS/m9I7HWUx9I6pOpo\nJxC2XZIBrgqyfvxjgtdNmgSyIEYDdBTMimh4DvW3Tnmzqtz5oe1iEA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-24T23:02:47Z", 14 "lastmodified": "2022-02-24T23:02:47Z",
10 "mac": "ENC[AES256_GCM,data:zZgvnIrVOELiAUT2d9wWx5PBgv2T/elihv5P+SD8YMZfrykAPalYWeCOAg+yGGlCWhj4G5d6g3jomrHaxKUBhmQWBhKREZJnu4n8dv3xBGHq6Y0K43+EGiqZaKSCPaomkIJ5HKDavT0r0uJFQ+Z6CA+NdUMMsE4mHwFTQrGlPkY=,iv:R0UY3aIwpZojcB8XpQmuxNKDslItb9caUnckdNP05Yk=,tag:sc6aM5eE2zw0XBbX/K6xqQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:zZgvnIrVOELiAUT2d9wWx5PBgv2T/elihv5P+SD8YMZfrykAPalYWeCOAg+yGGlCWhj4G5d6g3jomrHaxKUBhmQWBhKREZJnu4n8dv3xBGHq6Y0K43+EGiqZaKSCPaomkIJ5HKDavT0r0uJFQ+Z6CA+NdUMMsE4mHwFTQrGlPkY=,iv:R0UY3aIwpZojcB8XpQmuxNKDslItb9caUnckdNP05Yk=,tag:sc6aM5eE2zw0XBbX/K6xqQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-24T23:02:47Z", 18 "created_at": "2023-01-30T11:00:59Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAnEe5Fp4OyvdRGfTpEw5j/E60wPULMj9HGvHqYhnPt2kw\nFVhJzEu19VNX/TR66X0PGTXQ0oJjeQzEw3ZOYNXKkmAnwBseg1IpHX5of2f1UrJI\n0lwBe9ZYVeIkWq5Eo1Tt4H98p0sg0O6e84GiUxXcBClJ00y8EJUgCgVty2q6feF2\nY5UctbVtTLCH+STEeD1obeq9S066NBFv0cEd5ygDiJgyaoZ7yVKdyP4ACb509Q==\n=bcFt\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAsBcu5RE/As2XoS8230fLInwaiQaR6R57w/gtDcIAg0kw\nOFnlDgsavFdXizaeI3193CA6flVL5s+7tdjOoUd6BDY3cx29UN+7sXHoOSk5hVmq\n0lwB2//hc3XU5siyUEpfWA6s7yfPZB9eSrmNnBVaRThBFNedIMZh+xWjUx3abUIV\nw1evcFFTH8vQMFepXjdIn3VF9g/+fpw7jHw3nUwKn7eFHakHlL/qJwLzmELzXA==\n=Sgxt\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T23:02:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqFUV4o517EeRaFb6/+cTvvBphr+2PkXLKez7KS+oPgww\nBkaqfdNH8BIw+5a08sH+P26YsX9zDMIJJrMl9WODDB0z+8/Yj0KvXAOaUc5QHHku\n0lwBzCjN+8odiBgcU+SRHPxCAd1FJDWNErjW7Ks80nCuHw1iUSxFo2UzhinyJ2x9\nLIhow3V8OA0Fw9k4kG4jylBKuGXQpwlhL0laY9SV65wWYjQWilmncirDmlv/6Q==\n=HltA\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/webdav.141.li_acme.yaml b/hosts/surtr/dns/keys/webdav.141.li_acme
index b0f05df6..60f02713 100644
--- a/hosts/surtr/dns/keys/webdav.141.li_acme.yaml
+++ b/hosts/surtr/dns/keys/webdav.141.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc0cwalIveUtZVlNsNG4y\nbHVseGNqc2pTZ3djMDlmb0tPVGtUTjNQSTJ3CjAybTdyYTgvTC9KdXVIdHFSWDl2\neDZVbjNMb0NKaWQwZ05kRkhmUitUODgKLS0tIGY5S2owWnVSUkpRYWoyd2JZdTJz\nbWRscFljMXE3RTcxcklPKzE0YWZISEkKmAZ8xfZt+iQzXnb3J8/9v/GVFsp1mRxb\n8o5ppl9+QKtoW0WPhbmmY89cGEG7IiFgMSGiEav/ac/9OT9Yt7bqeg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T12:22:44Z", 14 "lastmodified": "2022-02-22T12:22:44Z",
10 "mac": "ENC[AES256_GCM,data:tGfEoG8C+zqkBRtfaCNrmuR6dG8kmaRexM6szkSmOsFVgzl3wGsPmVai4rFhgXsozOmt2Lchc01uRqERA+HIkkaMFdVDLWzMEGytEeE1s1JYCVNEc/RmjgeKqxwHuAv5cFGn8ZNZ9JKMF566wUFjjWM/AQffNYCdtSni8tV6eWg=,iv:qoyig97CBgl9X9Z6qbKunu8fvbiiW4uRtErM8nrb9MM=,tag:zFuAbP7ZsEgKGDOo9ACmrw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:tGfEoG8C+zqkBRtfaCNrmuR6dG8kmaRexM6szkSmOsFVgzl3wGsPmVai4rFhgXsozOmt2Lchc01uRqERA+HIkkaMFdVDLWzMEGytEeE1s1JYCVNEc/RmjgeKqxwHuAv5cFGn8ZNZ9JKMF566wUFjjWM/AQffNYCdtSni8tV6eWg=,iv:qoyig97CBgl9X9Z6qbKunu8fvbiiW4uRtErM8nrb9MM=,tag:zFuAbP7ZsEgKGDOo9ACmrw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T12:22:44Z", 18 "created_at": "2023-01-30T11:01:04Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAEvqLWBZvD3I4xE6W7MKPD9eDGyKa3hpXracLRTHT4hYw\nqy+itvTL207VL0fU8Ve+rmxFjEaMvowFgwWk7+p98thgtbCcUNTxIF4gH2HjSOWS\n0l4Bb3G2vvDhUv1i0AR5WohSdfi5eyQjvt8HqJQ/0hBBwIL4IEcWjpBE+rX/460S\n4gigrXHpgSKZ/i/Aselm6XZhB0jNUf3pZ3pnCQPJpyrLGnFXwCSqB6EaREKU+6BK\n=dSPd\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFgjDs+o3WlwEXNgAbVe9MLFqkCPz+Z4CLOJd0BtI32Qw\nOnZ1GTzo48Em6VRWvfy+SsE4BEn8b8do7VFBoc2WsHsiMVn+OhB4SJw10Zx+7qtk\n0l4BDcUsnvLPNWt/wucr8PxYJg3Bfkog3WE7pUfTGEFcWGcekPRx6G6u+lBQtKFk\nzysFCkNGW4Tjxdp0nR8m2d/mp4VpUTiqpH9GqXm1L9yMs8gBpQY8tskh4QFjIiFv\n=IJk8\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T12:22:44Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAWXk1C46X8TTkWhHfTMhgo1KnKlCl8A8lzsAo7mqnpzcw\ncoae53lNWGeoCSfOl5E2oSVCgZzEu5R9kC9aLRJgDushXZ56XtTUUF4ggCHogJqE\n0l4B942HOIlWHSlbfOs1/0R5QPnXC1OQ0E6XEVJmBgnUNB3EG473eCTJeabwlaq8\nNgFlL09go4ISjnlKDIgfQZGI9u1j0PyDJ3MtQTnb2j8kzfbcsGcpSLQRn7kzSsjO\n=x5xi\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/xmpp.li_acme.yaml b/hosts/surtr/dns/keys/xmpp.li_acme
index 7d85bd25..dccc30ec 100644
--- a/hosts/surtr/dns/keys/xmpp.li_acme.yaml
+++ b/hosts/surtr/dns/keys/xmpp.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiaWdnclZ3dmZ5NmJuSUV6\ncWtweDd5M0ZjcEl5MlJjdzFjL2IwRUdDTEJZClRaUVIwY3VTQkF2cmFNRW0rN041\nU0ZydXA1TTlHREIxL3pqL0k3S2xsdU0KLS0tIFhXR3NFKzVPT01MZDdIcmszR3Ju\nTjRNTGpLSjQ2elhpa1JuUzA3VitqU3cKvWh3k9Y/GD+jfSELEVGOvslL+n/ZE/F1\nHrLiNjxguMoiqTsfzUCZQaH6sh1VIcsOPjo5905QiM7RZWuQgp/siw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:10Z", 14 "lastmodified": "2022-02-22T14:43:10Z",
10 "mac": "ENC[AES256_GCM,data:RQ9MBn/V8k41ax6KKlCmtCwlVMBsSzYtsG1zpwIutmuWRb39n2v/1oolW3hRkagSS7Q2Nu03d7L09KntAv77yjFKRYwMI3CFqU1JTsKYmW8c3ggTMS9RXFme+tAk85Wl33QzCnIYgI071tgmnlzct8yimh/oR2XyvMrMXm6IsbI=,iv:I6Dxhv0Up7LVUZ7j7SD3gCsiqsCYh3N0GtMuxnMcctg=,tag:I5OqFU1WPBM/m/6OPpUdow==,type:str]", 15 "mac": "ENC[AES256_GCM,data:RQ9MBn/V8k41ax6KKlCmtCwlVMBsSzYtsG1zpwIutmuWRb39n2v/1oolW3hRkagSS7Q2Nu03d7L09KntAv77yjFKRYwMI3CFqU1JTsKYmW8c3ggTMS9RXFme+tAk85Wl33QzCnIYgI071tgmnlzct8yimh/oR2XyvMrMXm6IsbI=,iv:I6Dxhv0Up7LVUZ7j7SD3gCsiqsCYh3N0GtMuxnMcctg=,tag:I5OqFU1WPBM/m/6OPpUdow==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:10Z", 18 "created_at": "2023-01-30T11:01:26Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdANreqp4K9J56f70slxXnpJfHu5evjcVByLbHVYav0FlMw\n17qsPAAo4F0mj0zatV5EfnfYuNSsXR3j/9YocSHcMvBVzLsYdtV61fVtSrHiLt2a\n0lwBTfysYjor4J5h7G6ew7f1zicup3t9/ZPT2Q5fneRukpKExyM8o2ldjjRW7bq3\nt9kbihbTtB2t6k4iZUQRoYsfBKcM3hHeszv2W0xN9yOa/C5M8mOGNDJi48dEDQ==\n=3MEN\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA4uoHDOMNieKQJEXsCZs1SwNv+TSH439TntsxsTMtmHUw\n++hLK0+mBe0jfeNZeFy6sYMeHq/tWHIK1hNpSdy8vAkU//tLaWkVFYEcTyyjIRqg\n0l4BnMPYLSqOp7oPOI1c+OBb1dDm7xmXR6kpBxAyaOlAUKMYpTgtr7CpJquUXnLk\nPyie/AR6H8aJ5PKBUrB1VHc9z2x53FIw/1pNG+38GAbrUccYnY3BaRM8yqlwrGqe\n=cxKP\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:10Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARVdKf6ppaqBQnaJ7WhwBPcdnbmjom9aNrXtymThq3TEw\nnjH6Emd1QLBaXGr1Eb7RNzrWkrU1P+n3ihLEvW0easkceRv8T3+xID1E/+6R06JK\n0lwBw53C9ExWPpy8CUGs6HeOK901cRRV6XWErHXF4QVSoqhNXjjJTzUmf+7zxKnR\npCZL0HOykPazHmkZHcKvkGSKoEiDmK/wStQwHoO+pLGbUvbsCX+GMlYV6ySljw==\n=RPEC\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/yggdrasil.li_acme
index 0eb8f2f4..baca94c5 100644
--- a/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml
+++ b/hosts/surtr/dns/keys/yggdrasil.li_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV2tlQ0lFam0rUWlTZndP\nLzIyVzVOUXZ4aGxreDRXVjNzeVpjTVRidzNRCmdscWVIR0JTbzdDTkhkSWloTlFR\nbnNuM3pWNGRLeENJdlZkL2xKQUFoajAKLS0tIDFDaWQ3TDdhaW9sWUVHN1dMclR1\nNGt3ZzBQV2s2UDU4SHlnVWdQU2FaR0kKPq/2guVhyCW4Lwn5TRSAaISf0tTQ/n9y\nhz//oYZ6Kw7x2qvn9lh5DTbokl6J8K6DnnB9nGEDvDWo9bqdCgbS7g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:23Z", 14 "lastmodified": "2022-02-22T14:43:23Z",
10 "mac": "ENC[AES256_GCM,data:g2DNekY/VbytxwTxxIgXH+RldXCab3wtx5cOYriKxC6MDr3/E1A/rZm6nWqRI6lvD/dsmLsYmfvwEpfkTMvSi3/kFJZSr2y0wUBHMsZSs2cqtmZ7i+9YHMLrb//KTbkZHFw/NiH2pra29oFN1vdVrHwMvf0uVazBXyHABSb+DJE=,iv:jc+4u9sgWfBpF4lJtv2T6vxN5xhG/z7Vf3eADI37rKo=,tag:hhaDRwsOgCUoTDHdr8y9DQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:g2DNekY/VbytxwTxxIgXH+RldXCab3wtx5cOYriKxC6MDr3/E1A/rZm6nWqRI6lvD/dsmLsYmfvwEpfkTMvSi3/kFJZSr2y0wUBHMsZSs2cqtmZ7i+9YHMLrb//KTbkZHFw/NiH2pra29oFN1vdVrHwMvf0uVazBXyHABSb+DJE=,iv:jc+4u9sgWfBpF4lJtv2T6vxN5xhG/z7Vf3eADI37rKo=,tag:hhaDRwsOgCUoTDHdr8y9DQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:23Z", 18 "created_at": "2023-01-30T11:01:40Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAzEmCD9ROaiWV0ludmvPP0qGXznkk2J6bQQr0rWCZv2Yw\nF9JbGeiFyqnlPJKDs6rQyIzqmK/1IDjLNJ7KArQaJX5Htua64Iyb1M+Rxc8ugG52\n0l4BPxSJ76HAI0iHLM0UdGRfeyyYuwnShaqM5X4qEQu7Mh7L83s8Ym8a4tJpv+Zq\nGh1Uz7G+MyevcAT4J+bZY5VDyk6rwuMpS4mrzIMl30gkoiorQMyoSmji4ymLJ8NS\n=tRMa\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFBxGfVOUPq+avm0tzz+CixDxiWR7/sKrDXnhdEKhtQsw\n0IBeg3N1rrLy3QZ49DhBBvez3qQF4zXwyaNKomAT38gCt3qMT+IKMEEPQw6wxJng\n0l4BkbAvXfQctKk9G+ltHMlbAD2avGYBrT/gbGA3cdy7LUOjuGu3Hlei0aFK6teZ\nB567PvTsh/6PiTFSXDPsOuNfvt7MDem0gJKAvbckUgiO6L9IlCTFkjSZMofnZNF+\n=Ym9I\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:23Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmy1AUOAkS9tkTu+GbDAS7SD+cT83CnRYd1O1ZG+eYwcw\nou88Nz3AGUcSa99om+yVY22nvztrIDOmqMih27ArB1Ruqhh4l4cm4mMrt35Jgezv\n0l4BiKZMHk6cwYGDopEfGU9m1l7lWZJofYIJZ8W0WSUtbHBXzZjwh5N7rh6EF2Te\njRJ72f6+/IaVeyhQjZocwQvFr0mfezontWlJb8hTOGBiWt16UPZ2UUgWMNIhepcy\n=AlJs\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/dns/keys/ymir_acme.yaml b/hosts/surtr/dns/keys/ymir_acme
index fd3383ff..a1fc7240 100644
--- a/hosts/surtr/dns/keys/ymir_acme.yaml
+++ b/hosts/surtr/dns/keys/ymir_acme
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSGs3Ym5ZejZUQVhtUHJI\nR3FXbC8wUW5CVTJzellsSmVWZHZ2Wm5UL0JJCkpYMU1qVERtTkt4bUpENWltbDRq\nNk4yM2NmTXBydUU5UlZKOUVrQ1BWaDgKLS0tIEFrTzBUT1dUWjZoQ1N0dnRNcGJT\nS2NNNjlUemtIRGorUTJNN1d6Q0dpU2cKLHJBPscyElneQfukXugFjxWvuWi0wwZ6\nbi+ES1+pxQEC1PxBiOqmKjChwgMNSWA87pdxV+NriCjZS9d1CB6uzA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T16:07:25Z", 14 "lastmodified": "2022-02-22T16:07:25Z",
10 "mac": "ENC[AES256_GCM,data:mwXrUm7h+Hn6klCDmz9ni1bqVpaJlpLTDuUUvXGKnX0RjG763szhjbvI/NVj42e7pkgoArDN83Zf0KdugmTCIEQB15PYsGvc5uRcBK8I28Gktwdz9InCbArOvXGO6BoGF47VxjNDeFy5OnUUbST0pF94WXEIeGaD/QxXn0c5ljo=,iv:koaB3cA9IxyuLY3R1qF7FOwgzh4QnkNrMmVomu4MugI=,tag:7D8qzyGF2hibcumXV3HqGQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:mwXrUm7h+Hn6klCDmz9ni1bqVpaJlpLTDuUUvXGKnX0RjG763szhjbvI/NVj42e7pkgoArDN83Zf0KdugmTCIEQB15PYsGvc5uRcBK8I28Gktwdz9InCbArOvXGO6BoGF47VxjNDeFy5OnUUbST0pF94WXEIeGaD/QxXn0c5ljo=,iv:koaB3cA9IxyuLY3R1qF7FOwgzh4QnkNrMmVomu4MugI=,tag:7D8qzyGF2hibcumXV3HqGQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T16:07:25Z", 18 "created_at": "2023-01-30T11:02:04Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAmcJoxHfANstUX5rNuujHRm1VVe8RNrwMItzqvMyh/Ssw\nha1cGkBRxuVkkSMNGX3A0uMD3bYY/CGS8706ttaSNxlkPERExs+1YT/ds1nmR3VN\n0l4BpTrOGwKutMwjbB30Jmoy9EkqkqjC6948q/lJGl+bCk0ByJ99vQR0hv8KNvIj\nV6TkiKbCHHXy+Z1n/XkKPqWcjjcth4cJBKwsDB2EU6hbc9MGrM7PgVtR9Vce/mGv\n=WPOy\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAj/BpjiWnHwbVPGobLk6OGOqs7bNUHsUpZdriJC6Pzm4w\n4LKYBMgHqPtBaxI5fS3Rk0MNlsUU5txUyMb4kjKNfmWLuUmN7hSs3Kvuup7xLGcK\n0l4B14g+iBso9ZAVYczwIUfhV4+74E5HihnF5yAqrXhgbfv2SjIgxG68KmcgM+YD\n7cd0Fg5ZaPCRk569BLr4ynEKANimbjmgYXUvWgMKjxF5n0d4LfHxxS29JNejo0fQ\n=cacm\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T16:07:25Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdArf8QXVpdQJH0v/0o9KN3LVbtEQAsuVco3mhjnhh5nVYw\ns0YqUAmN6hDTcDvfKljR5D/iK2iEfbZgBLGJyNsy3AbYdu3lhdGbxWerbVgrNA+p\n0l4BEzSmhqAlNqPvTwgCqRBaBnbsI7OLrqxIG08K+SAnRHs+BPc1xB0DLT4OZerm\nKNvcKNeYrEWluhipt9AVwuQzMTo3b/ZLGi97nICPsb8tu9DwS4fjcPaA52q70oSx\n=vWLx\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/email/ca/gkleen@sif.key b/hosts/surtr/email/ca/gkleen@sif.key
index 4578f4c2..5654d1d7 100644
--- a/hosts/surtr/email/ca/gkleen@sif.key
+++ b/hosts/surtr/email/ca/gkleen@sif.key
@@ -10,14 +10,9 @@
10 "mac": "ENC[AES256_GCM,data:A81DUOL1HrVuDyPUvVzqCk0MZB6PfOc0SRp6fg+EIiup28VIi+m3fbaiekEHGGRCAWJpmVJdS6ZZjfME92apl4264RxGZQ19apEYvdS2U2Oz3yC2G46ms3kUPfo2CGWw9bo2u9dOido3SA6SE7gnxzonAW4/JPpiSQaYCDLhJ68=,iv:+d1a55uqKCzp8DVcDypFgLrp8OPRy2i+r++Eu2xhPHU=,tag:wUvunpEkpa7poQsmrFYMRQ==,type:str]", 10 "mac": "ENC[AES256_GCM,data:A81DUOL1HrVuDyPUvVzqCk0MZB6PfOc0SRp6fg+EIiup28VIi+m3fbaiekEHGGRCAWJpmVJdS6ZZjfME92apl4264RxGZQ19apEYvdS2U2Oz3yC2G46ms3kUPfo2CGWw9bo2u9dOido3SA6SE7gnxzonAW4/JPpiSQaYCDLhJ68=,iv:+d1a55uqKCzp8DVcDypFgLrp8OPRy2i+r++Eu2xhPHU=,tag:wUvunpEkpa7poQsmrFYMRQ==,type:str]",
11 "pgp": [ 11 "pgp": [
12 { 12 {
13 "created_at": "2022-11-07T15:55:22Z", 13 "created_at": "2023-01-30T10:58:17Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAnyLj503gWwWQEwVhWGx7IawWB7ISqFZk3EDGrlBLv3ww\n69Kbr5bqYg4guusvifS9KHBun8sIuHWf6QImZk5ugNBDLjHiHgqZq7mfhHXX0dUh\n0l4BqKsVGFprOOKAPT6hfXzXx0riJiaVSHAyJHyJkSygMgtZvROU2MbI0yqpO8RL\no495NGNGUPd6LQZMfQ/vHu6ZDFdz0O+pyuu6gOkixAMZCtvge4S4pCJnyJ4bW+x9\n=ExO9\n-----END PGP MESSAGE-----\n", 14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPvQbjiSDLyHSZCnkrXCCY84/Q37oh4owBhYkV+6KuAEw\nuJnPKkKZ1tSZtBqBdGpQbO3pBPaDsYZ4oAQuyAp7ppjEWS5K2uLzsiaWeWv2tWik\n0l4BahpAbfvJr4tX1PRKixd2RT7rB7NpBv5GJ/5XgwxeMZ1t+Rtbzro3jXz8VQPX\nBS7SWk/TcyR2oljQxKCvQe7PZXmQ7Ue4sa5rtBCQwdYKz4c4OiNWE4lIt208xY3x\n=+UgS\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-11-07T15:55:22Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdA6ksiCbMWMGNLINj9knm+fZSLmCts8JkDWsWxm6VkSCgw\nB/EhaM8A6dWTJYG8T1hSFLak+FVl64g7ZeDW7dCp2sqJAMJ6DOOADsbWv2daVYP0\n0l4Bg39WApIorvMyTuZkmIwAQezucXJpI2rP/ZtximsG+ykFU2xpymL0+nCLbAcU\nRmVEiJERyrhWXVIQo0Czicis11LwS9thp4xseejpFAoSR5yse7oIAm8NJ6SRCpWg\n=bfoG\n-----END PGP MESSAGE-----\n",
20 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
21 } 16 }
22 ], 17 ],
23 "unencrypted_suffix": "_unencrypted", 18 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0d1ccf30..0e2a78eb 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -663,13 +663,18 @@ in {
663 }; 663 };
664 }; 664 };
665 665
666 security.acme.domains = { 666 security.acme.rfc2136Domains = {
667 "surtr.yggdrasil.li" = {}; 667 "surtr.yggdrasil.li" = {
668 } // listToAttrs (map (domain: nameValuePair "spm.${domain}" {}) spmDomains) 668 restartUnits = [ "postfix.service" "dovecot2.service" ];
669 // listToAttrs (concatMap (domain: 669 };
670 map (subdomain: nameValuePair subdomain {}) 670 } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)
671 [domain "mailin.${domain}" "mailsub.${domain}" "imap.${domain}" "mta-sts.${domain}"] 671 // listToAttrs (concatMap (domain: [
672 ) emailDomains); 672 (nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; })
673 (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })
674 (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })
675 (nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; })
676 (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })
677 ]) emailDomains);
673 678
674 systemd.services.postfix = { 679 systemd.services.postfix = {
675 serviceConfig.LoadCredential = [ 680 serviceConfig.LoadCredential = [
@@ -824,6 +829,9 @@ in {
824 }; 829 };
825 }; 830 };
826 systemd.services."postfix-ccert-sender-policy" = { 831 systemd.services."postfix-ccert-sender-policy" = {
832 after = [ "postgresql.service" ];
833 bindsTo = [ "postgresql.service" ];
834
827 serviceConfig = { 835 serviceConfig = {
828 Type = "notify"; 836 Type = "notify";
829 837
diff --git a/hosts/surtr/email/spm-keys.json b/hosts/surtr/email/spm-keys.json
index cefe27b1..92d07326 100644
--- a/hosts/surtr/email/spm-keys.json
+++ b/hosts/surtr/email/spm-keys.json
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UndNL21iM2plWnJPS1FC\nK0JCWDhtT25UaW93azZFZXdRR2V2Wmd6d1FJCmJFbEVzUzNKOHBKK0dvVUJMNjRG\nR25nbHBIU2tKSjVRS0tWdU1GVldkNTgKLS0tIG5yTDJmU1dLZk5VQ2xMSjRJVVd1\nblFkeGVqYm12Y3AyUmVKc3hEWk9Cd3MKkJMsM1B5AYx7Y133EQsMMddMGAqWuFNl\nMGQtdf7dyF2UmKFRZRztJiH+z5vf0UY9pHpQHYvW77NMHbtzo/360Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-19T18:42:23Z", 14 "lastmodified": "2022-05-19T18:42:23Z",
10 "mac": "ENC[AES256_GCM,data:dQAeiVPBGotOd3dnD9P3o1dlDIrOom369SAlzY9VHe4y/Bck8brrx4fUjjxfFB9/Oew83Pdpl1WXbVp6RVrsdY/xTmVD+1bgZJJRJ5KYe0QcoWl4Sv1E6Y1b5jKZVYbeiCU7NI6gITmM5sLNBzEm2WYsYBtRCxWMh3iGV7ZqmAk=,iv:loxamarLwR6NCHaH/K8tq8XQj7Xl+Onbgu3hEYZycKQ=,tag:WojOpPzi/ajmzBAKKJ7g1Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:dQAeiVPBGotOd3dnD9P3o1dlDIrOom369SAlzY9VHe4y/Bck8brrx4fUjjxfFB9/Oew83Pdpl1WXbVp6RVrsdY/xTmVD+1bgZJJRJ5KYe0QcoWl4Sv1E6Y1b5jKZVYbeiCU7NI6gITmM5sLNBzEm2WYsYBtRCxWMh3iGV7ZqmAk=,iv:loxamarLwR6NCHaH/K8tq8XQj7Xl+Onbgu3hEYZycKQ=,tag:WojOpPzi/ajmzBAKKJ7g1Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-19T18:42:23Z", 18 "created_at": "2023-01-30T11:02:06Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAy74slNS/OZAJ2BczfZtCWNdIfrCpT9qg3K17zaam930w\nWRVJeL/4JLyaCvDybqNjyoi7TkCxMtKNu5LzWv+c7iTQgAwyH/aRdaLx4HmEnwqW\n0l4BsKAIB+GNBAO/HUrjrxc16euyNPP0zbguiEUxhzNGb3xwngixbcDBIe8d4yXa\nHQ+mhjG35wQbjcPrQFUvZ5YWkwthL3pY1Jx8l/9V8ajTC3SbHlI2akbun6EMuoZo\n=LKNF\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAlJMfokF5FgwyUTPEyFucysg7qXbeSbIxupFJDtAwqn8w\nq3mrEfNT36IccWSoLy+x0hR+VuQPg5cmptv8fV4I5QXZ6TVVgFzgioVn2kNOuFdB\n0l4BtfZmibSpsdtd+kShIOpf8S0Jdai/VuvByOtJ5fX0UmVxEJpYXd3KtYZcuBFT\ny2RPDdTibNmxcj7KW8R53hzrGM11oumnYMu7DeKPwIFUt1Elzmymw6u0NPRuHAMt\n=SwFl\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-05-19T18:42:23Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAT8dopGD88h4G6EBdFbDWizpUreWer6d7U+ii48YYe2Aw\nh8NZe+WplrMmjIWalVylf/MqQKlAwbOZBj5PpFIxFXKvtRxGGYKZ7mBj7kkFaDKG\n0l4BkYVQRhouZdVFcpTtTPlG7ATVpJQAi8UiBuO0HhQBmxQUGLl5vM9bvb9cY5mH\nBnBOWYzff/f0Jl8gn3tGMr9Sxeg7VRcCm+YGMPMQSimKbEZnXUjGEYuflXzopY09\n=6n0A\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/etebase/default.nix b/hosts/surtr/etebase/default.nix
index 3c71bed0..ca6d84fe 100644
--- a/hosts/surtr/etebase/default.nix
+++ b/hosts/surtr/etebase/default.nix
@@ -32,16 +32,12 @@
32 restartUnits = ["etebase-server.service"]; 32 restartUnits = ["etebase-server.service"];
33 }; 33 };
34 34
35 security.acme.domains = { 35 security.acme.rfc2136Domains = {
36 "etesync.yggdrasil.li".certCfg = { 36 "etesync.yggdrasil.li" = {
37 postRun = '' 37 restartUnits = ["nginx.service"];
38 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
39 '';
40 }; 38 };
41 "app.etesync.yggdrasil.li".certCfg = { 39 "app.etesync.yggdrasil.li" = {
42 postRun = '' 40 restartUnits = ["nginx.service"];
43 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
44 '';
45 }; 41 };
46 }; 42 };
47 43
diff --git a/hosts/surtr/etebase/secret.txt b/hosts/surtr/etebase/secret.txt
index acedb549..e107b0de 100644
--- a/hosts/surtr/etebase/secret.txt
+++ b/hosts/surtr/etebase/secret.txt
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidVRZandlRmhUQlBmQnBW\nU2I4bWwzM1ZoejAxdlpvL1lMMXhKcXg2M21jCkJuNGI5cHkvQmVGRVRrdzlpcTMr\nVC9nMVh5Q1podTVDQjVRY1paeFhGdlEKLS0tIDlVaTVZZmE3MFgvUlNDWUdwWmFu\ncEZJY2syTkZ5b1dzdldBY0dPYUNIYUEKZACWetBikotrKll5VWBDzaCz5lQlFE6J\nSTbnYhwxUIva/QdYGoFIQHaTHRVc5pG8uGSXSmW1QcprQ9BJnHwFNQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-09T15:30:57Z", 14 "lastmodified": "2022-11-09T15:30:57Z",
10 "mac": "ENC[AES256_GCM,data:zb9S3tgUEja6IfCvrh6AJkzoiqAj5RyBtEvHHV7RkANGHxRer79YdDJW39I4qrg2WC8odr5CyJF3sVqw4fUeUeeq0QAJYupJVmINBqIaFcy6f5XtFDpHRNPmHT1WwrN6t5o8pqb4cv8H7JRfjySxlwFNmItgrQIQn6QBqE2ZkEc=,iv:BTzROI/DxqCmRYzsRkMrj+kTG3KTLP+nAF4z0l/dRbU=,tag:S+w0+XL55PBiHWkUKtDggQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:zb9S3tgUEja6IfCvrh6AJkzoiqAj5RyBtEvHHV7RkANGHxRer79YdDJW39I4qrg2WC8odr5CyJF3sVqw4fUeUeeq0QAJYupJVmINBqIaFcy6f5XtFDpHRNPmHT1WwrN6t5o8pqb4cv8H7JRfjySxlwFNmItgrQIQn6QBqE2ZkEc=,iv:BTzROI/DxqCmRYzsRkMrj+kTG3KTLP+nAF4z0l/dRbU=,tag:S+w0+XL55PBiHWkUKtDggQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-09T14:03:17Z", 18 "created_at": "2023-01-30T11:00:42Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfsNj4UmCNc1Qo5hi1YLaRjoeoudRZwNgVfaQTMsOPA8w\nfuIRUgq9Mybq4Frp4U/l86LwekOIwiF5tk1hPcK2HrmHG2z/ewr6WnrhczjFy+Qi\n0lwBMEtZWrD4h8GdTwan7E/jDLytEZYjDmXK72Ep5PubyO86H1BKy4Da5YIZw4Bc\nq3RaJ65wcp1EwIJ7gbEvG7a1a00AjFhXIwtsT/DhKTBy/OwPj9w4mFJ5rka8FQ==\n=2FIT\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAvE9VzEnmrMOn4PvS4PuDFxYaVK+YMTvT+fG1GVJdcDcw\nxr/12h73rdCTfC/a4cBN2z02NMxpaQAN1+HMi1k3C2eeSXS+q3ishXjv7CIaNfE0\n0l4Bs5Nq78QXIxcZGddsfSxQxMJSmdbSv4QvRyesGM6dvfEQnLfG+79O8qppC3BG\nSxd3rwOqPzqFcVXliTe2X4sxhv8xS06z40eyWiJTqP9nuF4BW1wPe08VbP0kVnzC\n=153I\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-11-09T14:03:17Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdATs6pQrq07RGgFTTrNTI26pt3WSSF8tg9ywhepFvxfyUw\nItZrRfQUi42Yj6UC0GuxNmVYcS/Ogv7SngtM+22kofS476gfhkHT45/9gMhqve0D\n0lwBPaW0UHfU8Z3tbA6aRpMSYF20Srvvqfs2Q+PFSEWDFXx06RqpmH72LrhI3uYm\nbK9LykI7ucQAGJSSkHJQEbvEqyv1CMFGdDHkI1LyAetmcqgPZH8JRPx3LDagyg==\n=EsHC\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix
index 0443bc97..c5a94996 100644
--- a/hosts/surtr/http/webdav/default.nix
+++ b/hosts/surtr/http/webdav/default.nix
@@ -68,12 +68,8 @@ in {
68 ''; 68 '';
69 }; 69 };
70 }; 70 };
71 security.acme.domains."webdav.141.li" = { 71 security.acme.rfc2136Domains."webdav.141.li" = {
72 certCfg = { 72 restartUnits = ["nginx.service"];
73 postRun = ''
74 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
75 '';
76 };
77 }; 73 };
78 74
79 systemd.services.nginx.serviceConfig = { 75 systemd.services.nginx.serviceConfig = {
diff --git a/hosts/surtr/matrix/coturn-auth-secret b/hosts/surtr/matrix/coturn-auth-secret
index 95e4b21a..1fdccfc3 100644
--- a/hosts/surtr/matrix/coturn-auth-secret
+++ b/hosts/surtr/matrix/coturn-auth-secret
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3c3BHcjdMQ0FQRy9JREFq\nUi8rNW55NXFIcUN6a056QXZ6MGUrYWdRNGxVCjA1ZnF3ME1YbitxS2h2RU1EU1Vs\ndUorVGpqaFMzRWY0cHIxdFRiMmhwR2sKLS0tIFBZWjIzWjk0ekFjb0FUcExPcmI2\ndlQ1cjFPZ3pGVHduSEVZbFRnU2RYUzAK78yGOcKO3IZlf2d1zBr9hVix/FPIH/+0\nQr3RstH8WG4z92zJcjWVoSyOZ76t3p1nyL7VbCtEewU1miU1S+VKdQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-25T10:32:29Z", 14 "lastmodified": "2022-02-25T10:32:29Z",
10 "mac": "ENC[AES256_GCM,data:R671lXt7nS3uUElvpVOJPLVZJH7FTYPUH5Qz54kKhrMdReFei5dSXr7XwaxhloCMnEppM4+cTr+7xn++j9I9H5S3/bo1rxxPRSRa/AbO8w9VjGXzYIe+SA/VLx6vY8B2zjizWroZnL+SdZuYkUDzoBYIYm6MrLZDuK6m2AYLiK4=,iv:dAl5o087g/KV4l3EJN1okXqN5dDRb3qK3JOZD9S7o8o=,tag:XgFta6DXWgn5pXS5Cm2vzA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:R671lXt7nS3uUElvpVOJPLVZJH7FTYPUH5Qz54kKhrMdReFei5dSXr7XwaxhloCMnEppM4+cTr+7xn++j9I9H5S3/bo1rxxPRSRa/AbO8w9VjGXzYIe+SA/VLx6vY8B2zjizWroZnL+SdZuYkUDzoBYIYm6MrLZDuK6m2AYLiK4=,iv:dAl5o087g/KV4l3EJN1okXqN5dDRb3qK3JOZD9S7o8o=,tag:XgFta6DXWgn5pXS5Cm2vzA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-25T10:32:28Z", 18 "created_at": "2023-01-30T11:01:22Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdArxQlwu//uFR3wnA2qvHaHxH1Nmi2273msPeSK5xnpEow\nVZyeSzDzbXL/EIICUVmvnPaEvQ+hwgSRs6UQ2WUvj4KNTSQkLlcc5DSUF2hI220H\n0l4BMzQzLS9WqZvFDHWxM4A550s/kT8XOknr6EtmNpcUX+Iqxev+nJtIiawrAY2d\nb5UYgOm8daPdfkuph/ckD8fz8lRpAiaOA6c9BAxwcygR9rA5LrTISr06gDegKTyU\n=qnpg\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAEbTqeFLafUwkP+hejHgyHA4q5Tv5YOYac8Ds/BwS6Dcw\n07oIsxZUH+v7e1FmnF1+CJvXLkEwgCVvtOUp2g5vaDoRK8c862NuQmsVnBnthOnc\n0l4BE9p07QwAhBKcRl9SW1ltkjVs1fl1hwY5IyJJ0iX/4n0LgJSdDv6NbWS/bRhC\neq63pYNg0Wr/3t5DXoGgbJjOlG6bR9QeKXNYLP0qNmVy9/mC0zuoj81Lw6U0WW6r\n=dukm\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-25T10:32:28Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAn2Nv11If4PfUagCEXFjiVaqTlFRVyz+CY7PXuyV5iCQw\ng+nkSlqpiEGh33xCVFXFlOzrsfzc7N5oAwvXHdKi6mk1J4nXTE48q3r8ngP87F2U\n0l4BdHhdgp02XXXXRj3Z81rTG1PEOOhjWHTO3fE3SsSk7VB1HTI+3HiaQdkZK31J\nZ0jUT/WOEXDP/0v6jMWspCjSayzYqNW7z+iY0V0qzm/ny1Hc+3/fazsmVMDu45Oe\n=f9au\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/matrix/coturn-auth-secret.yaml b/hosts/surtr/matrix/coturn-auth-secret.yaml
deleted file mode 100644
index b6d08fb7..00000000
--- a/hosts/surtr/matrix/coturn-auth-secret.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
1{
2 "data": "ENC[AES256_GCM,data:IkOhX6yVHpcgEPF1lsSe+ZJ4E6X5eHQNRD5Epub9zQMRBsiVH+Kqdw6zOZcWHXXfcSE72Q44Hv1Xy2qjlC4i9T9K/w==,iv:1nVKgOVpYVMpK/XexGcVEww8GRP6ydpjcVxFyzTJcUs=,tag:j98GvQMrV171Q/2lj4jR+g==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-02-25T10:33:27Z",
10 "mac": "ENC[AES256_GCM,data:3vHGQ14yM2M5q9h3P6OYnJmyBTJ7CsawjBoNeooNwfSMAQfqsUH5NOSNV66L7q42XsBXgD0+U9XB5+FIYNl1wkqAY3Q84S/hlYKdLYc80nhT1YvG8+o+6YLJCNj51ZvL2kN6V3qwk15XpSVXqK5dS5NSllCm+AXyaGQg3s6gyPI=,iv:Vg1R+UU6vvOL2NM3SREvc/jBILqWshQjc+lz17j9njE=,tag:lqSzXErc6Y319E+yJ4H5UA==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-02-25T10:33:04Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAT7ONJCB0zAFZsBxJaltYzG2C7PMvrfihMZFVn55SbXYw\nY6UFWL26pF3Rt+8nwGBUFvS8nW1Oqez7zGRDc5cJOZlf2OfL1tlMYWWf7diEc910\n0l4BNdcLviLG/GShe2d/fYu7UkLnaLEyKsrecF2T8ezF6k3/G/P1qI8T8lIGSMF5\nkfqCO70okg3qdLDxVV75beHOtOVWdT+O3MrteEHCv54Yu4TFe7nwVj41lVYEIaZd\n=67a3\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-25T10:33:04Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAK8sRxj63lDfEn661bNR5YkC8kMpeM06/h+0/ONH5dA4w\nAkZcicFVb++DsYK6W+ixEZO5c8r/TJ57KfeL/Q+oWwPKPfp+wsSJMtRVh+u+1wfO\n0l4BxR8kpEJCtBHU+zdiUNEvS4sAPQaGaUj40lUMmPCYqh30ehGWXJsZcsUfSeV5\n40ArIdljVy+MFK8SJHpH18U+1cRu7cD350Gtt0QRPiTWGbN0u/c6ihIAe29BLZdb\n=GTZL\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/matrix/coturn-auth-secret_yaml b/hosts/surtr/matrix/coturn-auth-secret_yaml
new file mode 100644
index 00000000..a59aee14
--- /dev/null
+++ b/hosts/surtr/matrix/coturn-auth-secret_yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:IkOhX6yVHpcgEPF1lsSe+ZJ4E6X5eHQNRD5Epub9zQMRBsiVH+Kqdw6zOZcWHXXfcSE72Q44Hv1Xy2qjlC4i9T9K/w==,iv:1nVKgOVpYVMpK/XexGcVEww8GRP6ydpjcVxFyzTJcUs=,tag:j98GvQMrV171Q/2lj4jR+g==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGRYV3RFYVc4c0FiZU1z\nSEhMbVR2OFFKTjVUbFBUOVl4aEhVRUtMbFRnCnNjTUxiNnhWeUNBVC8yc1AzSXNN\nQUdkZ3plMXNDeHZxWElaV0VlVWlINjAKLS0tIGRUM2Q0Qi9EK3pQNW5qYW8wdUNW\nM05HejN0QkxjR2t4TnVWR1hud0N0cmMK3crZ+0zqkeMf7y3KJ5Q2qDXOLbAoREim\nq1hlTTU1vbHMpS3ZFdOpsx1aj7zkday7WqIgOTl3Uro5KT02uI0y3Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
14 "lastmodified": "2022-02-25T10:33:27Z",
15 "mac": "ENC[AES256_GCM,data:3vHGQ14yM2M5q9h3P6OYnJmyBTJ7CsawjBoNeooNwfSMAQfqsUH5NOSNV66L7q42XsBXgD0+U9XB5+FIYNl1wkqAY3Q84S/hlYKdLYc80nhT1YvG8+o+6YLJCNj51ZvL2kN6V3qwk15XpSVXqK5dS5NSllCm+AXyaGQg3s6gyPI=,iv:Vg1R+UU6vvOL2NM3SREvc/jBILqWshQjc+lz17j9njE=,tag:lqSzXErc6Y319E+yJ4H5UA==,type:str]",
16 "pgp": [
17 {
18 "created_at": "2023-01-30T11:16:04Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA/y2slhvN579NGaAU+tJW5h9XhM56LcYiF4DjlEXJpmcw\n92MlQtinGuYhSyuJEIWuvi0oRPqGM5S+aUrYB2JzW0Qr57xXZh/cDliF0ZwzyEZ1\n0l4B1O9m3dpny69edGuUo+dBlembo+CljXSFQcQ5/cyYk9e1aZC1cpqoMLjkqiDN\nycyjObhTmwh3hq5+93azbmu8GbRAs0UGObt6nzT4YK1GuDnV4hlqM3vF0Y44blg8\n=AAhr\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index df044622..5b89e321 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -77,11 +77,11 @@ with lib;
77 }; 77 };
78 sops.secrets."matrix-synapse-registration.yaml" = { 78 sops.secrets."matrix-synapse-registration.yaml" = {
79 format = "binary"; 79 format = "binary";
80 sopsFile = ./registration.yaml; 80 sopsFile = ./registration_yaml;
81 }; 81 };
82 sops.secrets."matrix-synapse-turn-secret.yaml" = { 82 sops.secrets."matrix-synapse-turn-secret.yaml" = {
83 format = "binary"; 83 format = "binary";
84 sopsFile = ./coturn-auth-secret.yaml; 84 sopsFile = ./coturn-auth-secret_yaml;
85 }; 85 };
86 86
87 systemd.services.matrix-synapse = { 87 systemd.services.matrix-synapse = {
@@ -222,27 +222,15 @@ with lib;
222 }; 222 };
223 }; 223 };
224 224
225 security.acme.domains = { 225 security.acme.rfc2136Domains = {
226 "element.synapse.li" = { 226 "element.synapse.li" = {
227 zone = "synapse.li"; 227 restartUnits = ["nginx.service"];
228 certCfg = {
229 postRun = ''
230 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
231 '';
232 };
233 }; 228 };
234 "turn.synapse.li" = { 229 "turn.synapse.li" = {
235 zone = "synapse.li"; 230 restartUnits = ["coturn.service"];
236 certCfg = {
237 postRun = ''
238 ${pkgs.systemd}/bin/systemctl try-restart coturn.service
239 '';
240 };
241 }; 231 };
242 "synapse.li".certCfg = { 232 "synapse.li" = {
243 postRun = '' 233 restartUnits = ["nginx.service"];
244 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
245 '';
246 }; 234 };
247 }; 235 };
248 236
diff --git a/hosts/surtr/matrix/registration.yaml b/hosts/surtr/matrix/registration.yaml
deleted file mode 100644
index 44b9ca89..00000000
--- a/hosts/surtr/matrix/registration.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
1{
2 "data": "ENC[AES256_GCM,data:RrFw7leN405vBuzzDi8HMMsZ68gGRNuEJ7tuPjgIsGbcI1eYQwaV1+81J3TUMFhqsgpsF3OuPEVcTEBAAaSSPJbPMiUo2dbS1AzZ,iv:+sfQ9yW+rbSDQiRlaPF5plMxwgKI6qa9o/FzLVeVHV0=,tag:Y1dnxQgFDUeRoELbSCiQBg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-02-24T21:20:09Z",
10 "mac": "ENC[AES256_GCM,data:llCJ+LjuyaPhslNPzdARtBt67R7EcllGER9u/w8NEPd1kC2RyGGsUiO2y+LywO1SY4OO0JG5M3FAIYuXEefKofzeDMCzFlmDjPRdjts9N6e6ObGyVSppOCcRIn7J1lyy+Ml+qbxuV0VrP0DN6OxLGO/dOcvtsYjftPKxcUiplNQ=,iv:ZtBLC4Tl++1yNGK07/4GL+Qzq+Hy25gfRNRxJTvL53U=,tag:V6NyCT/1ZN0qNd1tc+NRQg==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-02-24T21:18:14Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAd77XebsH3fPMPEHxFn2zEVKiHBKkhSsCLESuR2PPRksw\nw8zx2eJsnnW7GnjTF7LH/OPYyDEHgSu73ZFcsUebjESupZKbeu/EL/fkNaVdHfFk\n0l4BC8BYAXh22mgnHYV2ZJp0WAfv2WL0nhemY2uQ8Zs2Zdf9866/j57xvj6RQEXP\nbInXWALV1wdXhnBGlYILdEo7U9RPHRVsbqdiRq7KZVi2gNAn93lBk5qcHsQTgIkz\n=4bf7\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T21:18:14Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAi4YnLeLo0H8uz6DbU8knoDxsgxqFcwp1M7kQp4GllFsw\nNjwT3AdoMxCYOOqFF9dNzcEieI4hqwfeN3pxe8hw5TG7EvlUbiY3x7udzoO0+9Tm\n0l4BdV1+kQsB1tldnVo+II7EvP9HWWtNowmZzZgmVRxHt/wTL2VrB3gS7EZFssoV\nDtHpqD7cQ6Pbe+R1bzg1TDmNRamzvMUKYIaJ8tuUgA2HmZI4SiaNBPLX4XML5Zbz\n=9njW\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/matrix/registration_yaml b/hosts/surtr/matrix/registration_yaml
new file mode 100644
index 00000000..690d6624
--- /dev/null
+++ b/hosts/surtr/matrix/registration_yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:RrFw7leN405vBuzzDi8HMMsZ68gGRNuEJ7tuPjgIsGbcI1eYQwaV1+81J3TUMFhqsgpsF3OuPEVcTEBAAaSSPJbPMiUo2dbS1AzZ,iv:+sfQ9yW+rbSDQiRlaPF5plMxwgKI6qa9o/FzLVeVHV0=,tag:Y1dnxQgFDUeRoELbSCiQBg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZFpSL2VkY0tJN2oyYmRk\naWZPOUNNZmJHUi9CbmwxcUdKcko1RFlMY2xvCmd0YXB1K3JGTGdWeDhpVkl3cjlC\nM3orWDNrQXlDT3E1YlVhMnBPV213U1UKLS0tIHZqY0pxckFwd1BNbHAvcDZLS1dn\nN2V5bHNzWVdTekdDRFlXNUNLSElQYTQKzUaW39wz2nQGeektGar+s7tGAS+2mT1w\n0qcB87XMc7rTIRd/BEg1eaP7gkPGOg1MjnQ08f1yMi3bEcaQTIUK1A==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
14 "lastmodified": "2022-02-24T21:20:09Z",
15 "mac": "ENC[AES256_GCM,data:llCJ+LjuyaPhslNPzdARtBt67R7EcllGER9u/w8NEPd1kC2RyGGsUiO2y+LywO1SY4OO0JG5M3FAIYuXEefKofzeDMCzFlmDjPRdjts9N6e6ObGyVSppOCcRIn7J1lyy+Ml+qbxuV0VrP0DN6OxLGO/dOcvtsYjftPKxcUiplNQ=,iv:ZtBLC4Tl++1yNGK07/4GL+Qzq+Hy25gfRNRxJTvL53U=,tag:V6NyCT/1ZN0qNd1tc+NRQg==,type:str]",
16 "pgp": [
17 {
18 "created_at": "2023-01-30T11:16:07Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAzZvOhQPLBqBlDLWEuWvuVHRVLlFWpPrM2pmNcnGr5VEw\nok3er4p7bzIvWcUIX+7hifHaDpGIN7K9eJmDN3RSfdmDZhL82KaFwizHBNfYJzf6\n0l4BgUkKJeakv7qCUBuI8rp3z/b/puMp+hy4N7bgbMEOZ4m2y+ZWdZs9L6xTR9bX\nYhq/9wz0p1QAgNcamt8f/lMH7ef/bn/7qaS6byIeblveWIYnhPQS/h0Dpay5khkX\n=JPSD\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/postgresql/pgbackrest.key b/hosts/surtr/postgresql/pgbackrest.key
index bc2af12d..c7057e6b 100644
--- a/hosts/surtr/postgresql/pgbackrest.key
+++ b/hosts/surtr/postgresql/pgbackrest.key
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzM08wK2tWTGZqSXlkZkNC\nZmZGRVZONm8rU0tpUXVrQnZRSVlUd2JuOUU0Cno4MlVyYk5ILzB4TEtyMTdRUzJl\nUTdnOEcvMFkwZlZ1QmpEREJVNFhNYTgKLS0tIFg1QnlxeXZBYkpXVEppTUFEcnNC\nVEFnUnEwWjI2aFYvZ2EvRW5LR1NVQncK3K1sspt2zHemubUglQBkTRLvXUQyndiv\nQtaU/f5m3f70UoydE7jK1WfEbpUujjaTv5qZeQhA85OtsjRs20SRdA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-21T14:30:27Z", 14 "lastmodified": "2022-11-21T14:30:27Z",
10 "mac": "ENC[AES256_GCM,data:Dsfc1XrGl4abSnDqRl/IwC11bVy+kHz1RaI0V/nkkaJ3fM/qTXPVc5mMoWCiPn1nz5BTABQRSnrf79qHc0wpZ1WUpn07yOf7JejJ/T/bUC7D8BuoVdWRh1og+NzWCEIwaGXg0Eo04yli+GXisdM3YVM9g3BrxYrSInjnNZFyB+Q=,iv:T5QprwIhB8ZWwmmfWVtxkXqbMB1onW+wX7GPIFMn+z0=,tag:zMi77nMepajhg2Djgz8rBA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Dsfc1XrGl4abSnDqRl/IwC11bVy+kHz1RaI0V/nkkaJ3fM/qTXPVc5mMoWCiPn1nz5BTABQRSnrf79qHc0wpZ1WUpn07yOf7JejJ/T/bUC7D8BuoVdWRh1og+NzWCEIwaGXg0Eo04yli+GXisdM3YVM9g3BrxYrSInjnNZFyB+Q=,iv:T5QprwIhB8ZWwmmfWVtxkXqbMB1onW+wX7GPIFMn+z0=,tag:zMi77nMepajhg2Djgz8rBA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-21T14:30:27Z", 18 "created_at": "2023-01-30T11:02:32Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAi3pfg9DA+1v5r5sEijbkdwmOopWh05IuhRJxuy1btyAw\nuo0iV7VpngK8tFcBHnmhx3QsxIJo/gU+xrOwczW3RoSGrWo9tV2FantQPRp6f1aS\n0lwBEJSxmTApD/YDu3M6WhxN49/ZVEXG+KQ/mOdoBo0ITGKa6No0btMolzJ0bCJU\n+/avVdlDdZzfXo9XP0iJUoqh+1yMn+XdnD5deGac8a/QGvXZkxsYQ8KpK9sONA==\n=QyKr\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA8rLHh5XmLvkM8spHa/iIxYYSecBwXitGydVcegMQQEgw\nKKxjDQ+6ffkdVqRt/9L9rg+LVcU5q0a8cxr6uRrTOVwdLyukczh1cj0qX+fjfLXc\n0lwBmw3j8IKtFLQYYiK8z+IAaujhlg8vRQyCaMfMWO0ZXA8NkhZlYhEBcwbvV/M2\nCVCcoUXeo+kimv+8eYg0jrmegCr2FI9f/FQSU1QnEg4sQiVe2i50Im8MC/8TTQ==\n=1j/D\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-11-21T14:30:27Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAYU2U/anEJ8JSiG7NBppmsFeogXN3ynOEdq2tHXf+mUww\nIS7kW1pqcGMjnf7RQNuL91Wek5GEk4T498IFadiYDImAfIdS5jeX2w7UvxWLX5OZ\n0lwBlnxOwkYRWZzAhB6jHthmk2zEc+0JKuFolXhrwXqsFwFGoLTO9fctJrV7ry0u\naM9DqXru+/cEUZJDSq5GYDQaxTjyaFMVwLVdfxrtFwc8YMlqU8vVoWTqLaUVYA==\n=Tg80\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/prometheus/tls.key b/hosts/surtr/prometheus/tls.key
index 95e28db2..4366bcec 100644
--- a/hosts/surtr/prometheus/tls.key
+++ b/hosts/surtr/prometheus/tls.key
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5MjE1LzBubjJaTWVycFdV\nRWtWYWh2REhlVGpVd2pYSnFFMmNjcmhmSXlBClhlOGRSZVpkbkxsb3BIZ0l3S0lz\na0o0a0RBVXVKSk9KUDlaQzVrTFE5VXcKLS0tIE1ZeGI2SFgyLzNyWmlXMVMyd2Mr\nSmw2Yks4Z1kzLzAyWFRlU3RpQVZTNWsKtbCGcpHckgqUv7ZX29J4ueqI8l+GYRjU\nkY1GuueuM68ATrBn9GhFOuI8EQ5rZg9ZNMAPjbqrmcJ9Y24MZrU1NA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-04-08T20:09:16Z", 14 "lastmodified": "2022-04-08T20:09:16Z",
10 "mac": "ENC[AES256_GCM,data:UW3ngxCjYl2kmOinRNmwNliBg2Xm/5rCrLp39bo7PXksZcuijV800IKuY91PWjkgaIbjD2jlU0ycJNDw3MzxfVim6gz91kUXQgQV+me8AEXAiO6Sf2j08jEtTh1SCr4qqdw0FE5aULDvGRtTgR+hhNk0xbbeG9fPhU95eeLW8vg=,iv:wG54336E4PouNgXhZbW4/onqbecsRrdYzTXSXDft/VI=,tag:BASCu9YNPMPfbScepLDiRQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:UW3ngxCjYl2kmOinRNmwNliBg2Xm/5rCrLp39bo7PXksZcuijV800IKuY91PWjkgaIbjD2jlU0ycJNDw3MzxfVim6gz91kUXQgQV+me8AEXAiO6Sf2j08jEtTh1SCr4qqdw0FE5aULDvGRtTgR+hhNk0xbbeG9fPhU95eeLW8vg=,iv:wG54336E4PouNgXhZbW4/onqbecsRrdYzTXSXDft/VI=,tag:BASCu9YNPMPfbScepLDiRQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-04-08T20:09:16Z", 18 "created_at": "2023-01-30T11:01:36Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAfzL8SSjlYxe8e5yOipQClJffUgxFnlew+N6VK4UhRGYw\naHaDmOmusuTRoBOX4V4PpRg3gLFRoPPy+q9L4Z+gtX97JK+9UgN1mxYPkB9X5M8K\n0l4BQ9caVjtlmMuKp3EROUYrSjau6Ulkzd43P+BwwQ6jv8T52EtKO8WLVnQEheIV\njOMH4DWaxKYbad7lXphix1oFhVvQQVGEzawceWolKDt/T+QS4spJBFoL7V1ml105\n=Cdh0\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA/nDUY7M/3POBOzPF9mWneVrKCIg0q6CXI2+GpJuHPVcw\ns486diOZ9gSZ0dhh6CjKNotuKpvfV18Py9ih1vXtLMMQxfl74uewS3hstxOYMYjC\n0l4BZIQb47ymfUelKhE/wMDOPnxaBhWUh5nOXX5Q5qgJzXoBIB1klQX2+44joB7U\nAzrBkZzDGVwLBcEm7+oZvokQDNv86D0n9WU2zXyRYpI0YcVAHaL55n+C/I0APA+D\n=77fg\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-04-08T20:09:16Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACGP5pn9MiRCa7CJYqosY9Aw4TJx+/9tOsdO5YZn1ZSIw\n/xOMfKjHvT5PlMT9gnk9187MhjR9G/2YcW5ggfyEypo8ei65RkJYzTG2m5Pdneg3\n0l4BzMEQtYAbmZBp9XSkqjacCTpc2y6YV55qcuFudtRfsFFi28JSb5NxZ61AKy0g\nSk/e+IHQvTGahD2akrHBNIPncUOo4GHHzEjADvdDuJNpMkYUgnhEUod2JPYBjFmL\n=JN/O\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index f1a515db..b1c05888 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -3,111 +3,94 @@
3with lib; 3with lib;
4 4
5let 5let
6 inherit (customUtils) mapFilterAttrs;
7
8 tsigSecretName = domain: "${domain}_tsig-secret"; 6 tsigSecretName = domain: "${domain}_tsig-secret";
7 tsigKey = domain:
8 let
9 tsigKeyPath = ./tsig_keys + "/${domain}";
10 in assert assertMsg (pathExists tsigKeyPath) "‘${domain}’ does not exist in `tls/tsig_keys` -- is this a new ACME domain and you forgot to generate the TSIG key? If so, run `gup tls/tsig_keys/${domain}`"; tsigKeyPath;
9 11
10 cfg = config.security.acme; 12 cfg = config.security.acme;
11
12 domainOptions = {
13 options = {
14 wildcard = mkOption {
15 type = types.bool;
16 default = false;
17 };
18 zone = mkOption {
19 type = types.nullOr types.str;
20 default = null;
21 };
22 certCfg = mkOption {
23 type = types.attrs;
24 default = {};
25 };
26 };
27 };
28in { 13in {
29 options = { 14 options = {
30 security.acme = { 15 security.acme = {
31 domains = mkOption { 16 # This file introduces an additional nixos module option
32 type = types.attrsOf (types.submodule domainOptions); 17 # `security.acme.rfc2136Domains`.
18 # The new option is an attrset of domain names mapping to
19 # additional settings.
20 rfc2136Domains = mkOption {
21 type = types.attrsOf (types.submodule {
22 options = {
23 wildcard = mkOption {
24 type = types.bool;
25 default = false;
26 };
27 restartUnits = mkOption {
28 type = types.listOf types.str;
29 default = [];
30 };
31 };
32 });
33 default = {}; 33 default = {};
34 }; 34 };
35 }; 35 };
36 }; 36 };
37 37
38 config = { 38 config = {
39 security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email" "bouncy.email" "kleen.consulting"] (domain: { wildcard = true; });
40
41 fileSystems."/var/lib/acme" =
42 { device = "surtr/safe/var-lib-acme";
43 fsType = "zfs";
44 };
45
46 security.acme = { 39 security.acme = {
40 # Some default/global ACME settings
41
47 acceptTerms = true; 42 acceptTerms = true;
48 preliminarySelfsigned = true; # DNS challenge is slow 43 # DNS challenge is slow
44 preliminarySelfsigned = true;
49 defaults = { 45 defaults = {
50 email = "phikeebaogobaegh@141.li"; 46 email = "phikeebaogobaegh@141.li";
51 keyType = "rsa4096"; # we don't like NIST curves 47 # We don't like NIST curves and Let's Encrypt doesn't support
52 extraLegoRenewFlags = [ 48 # anything better
53 # "--preferred-chain" "ISRG Root X1" 49 keyType = "rsa4096";
54 # "--always-deactivate-authorizations" "true"
55 ];
56 extraLegoRunFlags = config.security.acme.defaults.extraLegoRenewFlags;
57 }; 50 };
58 certs =
59 let
60 domainAttrset = domain: let
61 tsigPath = ./tsig_keys + "/${domain}";
62 isTsig = pathExists tsigPath;
63 shared = {
64 inherit domain;
65 extraDomainNames = optional cfg.domains.${domain}.wildcard "*.${domain}";
66 dnsResolver = "127.0.0.1:5353";
67 };
68 mkRFC2136 = shared // rec {
69 dnsProvider = "rfc2136";
70 credentialsFile = pkgs.writeText "${domain}_credentials.env" ''
71 RFC2136_NAMESERVER=127.0.0.1:53
72 RFC2136_TSIG_ALGORITHM=hmac-sha256.
73 RFC2136_TSIG_KEY=${domain}_acme_key
74 RFC2136_TSIG_SECRET_FILE=/run/credentials/acme-${domain}.service/tsig_secret
75 RFC2136_TTL=0
76 RFC2136_PROPAGATION_TIMEOUT=60
77 RFC2136_POLLING_INTERVAL=2
78 RFC2136_SEQUENCE_INTERVAL=1
79 '';
80 dnsPropagationCheck = false;
81 };
82 in assert isTsig; mkRFC2136 // cfg.domains.${domain}.certCfg;
83 in genAttrs (attrNames cfg.domains) domainAttrset;
84 };
85 51
86 sops.secrets = let 52 # For each domain specified in
87 toTSIGSecret = n: v: 53 # `config.security.acme.rfc2136Domains`, configure an additional
88 if v == "regular" || v == "symlink" 54 # entry in `config.security.acme.certs` containing appropriate
89 then nameValuePair (tsigSecretName n) { 55 # settings to provision the certificate via DNS-01
90 format = "binary"; 56 certs = mapAttrs (domain: domainCfg: {
91 sopsFile = ./tsig_keys + "/${n}"; 57 inherit domain;
92 } else null; 58 extraDomainNames = optional domainCfg.wildcard "*.${domain}";
93 in mapFilterAttrs (_: v: v != null) toTSIGSecret (builtins.readDir ./tsig_keys); 59 dnsResolver = "127.0.0.1:53";
60 dnsProvider = "rfc2136";
61 credentialsFile = pkgs.writeText "${domain}_credentials.env" ''
62 RFC2136_NAMESERVER=127.0.0.1:53
63 RFC2136_TSIG_ALGORITHM=hmac-sha256.
64 RFC2136_TSIG_KEY=${domain}_acme_key
65 RFC2136_TSIG_SECRET_FILE=/run/credentials/acme-${domain}.service/${tsigSecretName domain}
66 RFC2136_TTL=0
67 RFC2136_PROPAGATION_TIMEOUT=60
68 RFC2136_POLLING_INTERVAL=2
69 RFC2136_SEQUENCE_INTERVAL=1
70 '';
71 dnsPropagationCheck = false;
72 postRun = mkIf (domainCfg.restartUnits != []) ''
73 systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits}
74 '';
75 }) cfg.rfc2136Domains;
76 };
94 77
95 systemd.services = 78 # Decrypt all `tsig_keys/*` at runtime
96 let 79 sops.secrets = mapAttrs' (domain: domainCfg: nameValuePair (tsigSecretName domain) {
97 serviceAttrset = domain: { 80 format = "binary";
98 after = [ "knot.service" ]; 81 sopsFile = tsigKey domain;
99 bindsTo = [ "knot.service" ]; 82 restartUnits = [ "acme-${domain}.service" ];
100 serviceConfig = { 83 }) cfg.rfc2136Domains;
101 LoadCredential = ["tsig_secret:${config.sops.secrets.${tsigSecretName domain}.path}"];
102 SystemCallFilter = mkForce [ "@system-service" "~@privileged" "@chown" ];
103 };
104 };
105 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs (attrNames config.security.acme.certs) serviceAttrset);
106 84
107 services.certspotter = { 85 # Provide appropriate `tsig_key/*` to systemd service performing
108 extraOptions = [ "-verbose" "-num_workers" "4" "-batch_size" "2000" ]; 86 # certificate provisioning
109 watchList = map (domain: ".${domain}") (attrNames cfg.domains); 87 systemd.services = mapAttrs' (domain: domainCfg: nameValuePair "acme-${domain}" {
110 logs = "https://www.gstatic.com/ct/log_list/v2/all_logs_list.json"; 88 after = [ "knot.service" ];
111 }; 89 bindsTo = [ "knot.service" ];
90 serviceConfig = {
91 LoadCredential = [ "${tsigSecretName domain}:${config.sops.secrets.${tsigSecretName domain}.path}" ];
92 SystemCallFilter = mkForce [ "@system-service" "~@privileged" "@chown" ];
93 };
94 }) cfg.rfc2136Domains;
112 }; 95 };
113} 96}
diff --git a/hosts/surtr/tls/tsig_keys/141.li b/hosts/surtr/tls/tsig_keys/141.li
index f94b492f..d1e9450d 100644
--- a/hosts/surtr/tls/tsig_keys/141.li
+++ b/hosts/surtr/tls/tsig_keys/141.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWDVoZU9sNzA2TFlXMHlJ\nQ2dncVpWK3N5ODRicEhZWTQyeTVzVEdsNUF3ClZPTlI1dTJsMGM4VzJhRm5OUXF1\nNG5wK29lLzFpR0N0ejEyYTEvd1R3L00KLS0tIExkbUdaZzJOU3J3OFFyU2dyVTlR\naThkdnkya3I1eEJ4ZmVRS0dzeVVmazgKJ+WBIR3A7Gu2zT44H9j6eIcOaBAuPFru\nWU4dEGzS8aGP1e8PGdNqvFt8Cb9JvQVSwo1mxpM6wnRKro+PSwXucA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:15:30Z", 14 "lastmodified": "2022-02-22T14:15:30Z",
10 "mac": "ENC[AES256_GCM,data:NVzJqLoMPP1I322E002PPHB4hp6K2FpZTz1+E+eggsVnXtcU3da0zzRZTe+1JRRRLgTp1nFafxkDZbOF53byUgcuA+YVD0lIcX/Zk4JtkihS/AKBgCFSDXox+WFPulT+Jy8piRQuLFIj9m//FrPqbbZje4tT9MqtU8GFtQ/RZSA=,iv:ZXv5MXjUH939pbFZTHLICovdKgDxN3HkJWjzEBu0mIM=,tag:0h6XiH4oIeFEH3dFivHe2g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:NVzJqLoMPP1I322E002PPHB4hp6K2FpZTz1+E+eggsVnXtcU3da0zzRZTe+1JRRRLgTp1nFafxkDZbOF53byUgcuA+YVD0lIcX/Zk4JtkihS/AKBgCFSDXox+WFPulT+Jy8piRQuLFIj9m//FrPqbbZje4tT9MqtU8GFtQ/RZSA=,iv:ZXv5MXjUH939pbFZTHLICovdKgDxN3HkJWjzEBu0mIM=,tag:0h6XiH4oIeFEH3dFivHe2g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:15:29Z", 18 "created_at": "2023-01-30T11:01:00Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA3LvoKvgJIXhXYc5cnoUHE4k9EnJzrSokuwHX6vsXMF4w\nl/Am3E8SYCRLW6GH84v5nRogvRi4/njDTUMltRil4AreR8AKs6O22K/dotFDFpm8\n0l4BjzIFo5lin5t/fJQnam+Q9N0sRu6CKe74id93IEWn4fh8jnGm2z45VQf08edv\n5TT3atYJPXK3BoOGZqWLbYk1zZMxlj/yNDC/gsoNzkv7tFfQyd8Rk0pbGOELrvlq\n=QUbV\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdANQMH95wliy2z85pn7Ld3nc+u2XcaJgGoNpyU+4c82kYw\nHqpVBNY4K5mCJw6mVoH2X5dTpdxkOq065YAT5GCN3X6V7a4AalZwjBLyv01iXoTW\n0l4BSaj41+nbru4qEbUAgGw8q7m/MYVFw+chSjRXlAmJjDrhHy2nwWQbjN9DHy74\nz8dfB1n3IHKDVtmWOiVuIT8shqzCu8Q5tw8QBv2QxypIVFS4pIeQG+CwSEsBGzF9\n=/klc\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:15:29Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdApyLjA3a/6MiK3911+Dp7+GldIgztIqDfePqSVGQ9Tngw\n8ojc86qm6daCc2aceZGmmvt28kPX4XNmd5KOnFhF6B33o1tSI2duoVeYMOMY5sc0\n0l4BXL2CeNPvdX5To1I4OAUV6t3HEhgnW41/b6B3LqaGg34KBI4i7xNb8+djVSxu\nMEtYkD9QoSkDdNOpDAlH5GnPmrIVPHY9ml70agC1ctwET+P6L9qt0lzwCs2K1oT2\n=/Ukj\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/app.etesync.yggdrasil.li b/hosts/surtr/tls/tsig_keys/app.etesync.yggdrasil.li
index a50469a0..41b4a51a 100644
--- a/hosts/surtr/tls/tsig_keys/app.etesync.yggdrasil.li
+++ b/hosts/surtr/tls/tsig_keys/app.etesync.yggdrasil.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVW5qUytpOTU4VFNydzFr\nMTE1MjcrK1dlWmF4SlJrZS9yMVUwNkc1WldFCnErS2JmSTY3aXllOHRxams5bkFw\nWDlBZ3BJeGVwNC9wb1hUMnpPRitERlkKLS0tIHlhNEFtRHFBM1lmSHBqMVdlTHpl\nelN5WUxrNU54MUtIRnZwbmZVWEl3RkUKSDOhVUimHUJoXjsApIO9Z1mXdf6Jgw5E\nvdDkMUsh1MBbW97wPYej8jiBTM5FW6cUkbimjonyncmNAF8l39iBfA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-09T19:02:47Z", 14 "lastmodified": "2022-11-09T19:02:47Z",
10 "mac": "ENC[AES256_GCM,data:9yn9o50V7+e09RBZfNgjaPeoDDv0cdSZSSH5QV9RJUaFbV/5razGbqtDa3aASor2o9aGRdxV8aTS8r0HUnXBvAtKvj957PgRprf7D9J3iU9iHmitrEStuRIQTz1u9rbxxPxi45Cp136n6XcVoRUrIO9XmpzYZ5lPSGCu3CXyk98=,iv:8HPj8B9nRzlBryt+gPNvSsl6YoF4zl3VvI5+aZ4UkLU=,tag:GJKnHL5mt0rO73HUCxC8Qw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:9yn9o50V7+e09RBZfNgjaPeoDDv0cdSZSSH5QV9RJUaFbV/5razGbqtDa3aASor2o9aGRdxV8aTS8r0HUnXBvAtKvj957PgRprf7D9J3iU9iHmitrEStuRIQTz1u9rbxxPxi45Cp136n6XcVoRUrIO9XmpzYZ5lPSGCu3CXyk98=,iv:8HPj8B9nRzlBryt+gPNvSsl6YoF4zl3VvI5+aZ4UkLU=,tag:GJKnHL5mt0rO73HUCxC8Qw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-09T19:02:47Z", 18 "created_at": "2023-01-30T11:01:39Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAAEW7XxblC2ra6d6tKyiJczKy6sX8iCQzzJq1uenZH1Ew\ngRZp56DapGmV1+Ihb2tasyVRTl07QLc4dP+OmO1/pKNnMLaPk4djy5YWNyGvNyUK\n0l4BSfhJmO+Jxwq21VCefaA+sFr1bkLaQUILzyr33QSXrwnunwj4BV3pKIvXT0mB\ncJdyoXQlZbHkGxLxo/0qxfpERfeGluOSA/J59Qf4oAGT5GkTqfyFkNMmQJFb/kNn\n=cIev\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAHIHVuCydtfWRzGzvzHUlw8wV2s9epzr6b7l9JO7TUCMw\nPV4ptrzydVNuH7bOjsizCpzFkmQB1a0PhDWNu81Pd4T/UItIf59AVQlK1JZPI3os\n0l4BDHWHEXy4kbGkiobBVNKiyikCFkNkKOVpmHOVxNXHCUBNVekCA1rjOQBjoBsz\n4KdrUPw5XPuOsG4G1l+NQIQIa3gLCDdio75o5LsvtB4P2OklM0Z2tMhGaYSWvDrs\n=G5TX\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-11-09T19:02:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARJp9uSk59SGgYyNwybohjzbjTak/OdgPogdlHM4ui0ow\nNIONcLnzKHX7NFv0BIcwJ8iG5/R2JQ/CKkHi1c5D8RWi6fHEcGYeGk78VDaUT5vi\n0l4BT9vPO/DWHQxw+C7XlUTAwUD3g78W2AkV8H46fMaUBQNITkcXdV1E4T3oNBkv\n/IVY+C1l8NpxzVHYQdo+BRICZ3CKpRXci3ZwQK00epXd6uPyUEpWrVh8bN22oxJT\n=aSHb\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/bouncy.email b/hosts/surtr/tls/tsig_keys/bouncy.email
index f6b8377b..dbb8a54c 100644
--- a/hosts/surtr/tls/tsig_keys/bouncy.email
+++ b/hosts/surtr/tls/tsig_keys/bouncy.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQWhtamJqZUVuT0ZGYWdB\ndHNNbDk4NURKWHp5UHVXMDM2ZHBzbUc4aEQ0CnN2bGdFSlB6YVBPMW1TZFZ5TTlT\nK0ROYnlFUTh1ZVA1Z3BCZEJPa3lhbGcKLS0tIHBZSUFJeUNFTEJTclY5S0czUFd3\nK1FYbWk3VGFtbjZBV3dsUDBTeEtFdDgK/rq1EpWafGEBzn/oioVJ6Z3RdYEwQcVr\nADj11pRUYSV+HDQn5d9PYH+eZ7jWG/IIsS18t4S31dXtGPUFSQQjdA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T09:11:47Z", 14 "lastmodified": "2022-05-05T09:11:47Z",
10 "mac": "ENC[AES256_GCM,data:Rp9OZdZ83nXKJqZGq8bEgkrjdDzGIWD1SsaPSEzKdTmL5+N2aqv0hQhmlKqgINSipy3pPr27ojQgDUqSGXNkiOdxOMn1wwxBFL7DBAFOW294KxU1uCXhQMLcYwGHlaEVrzGrNvPE3SEfjgWFTJHyT7j+hI7dVUfPiGYxWJFHg6A=,iv:IQ5x4u8MeChI7Mf5vfUv4s9Y8EaUja8En5yzPP6Vz/U=,tag:64Xu995aal53KQLWl3UOgw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Rp9OZdZ83nXKJqZGq8bEgkrjdDzGIWD1SsaPSEzKdTmL5+N2aqv0hQhmlKqgINSipy3pPr27ojQgDUqSGXNkiOdxOMn1wwxBFL7DBAFOW294KxU1uCXhQMLcYwGHlaEVrzGrNvPE3SEfjgWFTJHyT7j+hI7dVUfPiGYxWJFHg6A=,iv:IQ5x4u8MeChI7Mf5vfUv4s9Y8EaUja8En5yzPP6Vz/U=,tag:64Xu995aal53KQLWl3UOgw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T09:11:47Z", 18 "created_at": "2023-01-30T11:01:44Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAAg2F1LygQ9z7q2KuTamS1ZyAlKrSsFXevqRRN9LZrzEw\n7JXermDoMQzMuTPdjMUL6E5Rlfk5j2UTHKqa1SoQyUDgmF1hCOny/8+gbVqQySLw\n0lwB2MNRJGOcLWSoxEXHU+bIRiwLX5QZ8MFFrtxkk1hd28RL8JozFio/ZwuNSFSK\nU3jNEajWwxX/Y1ct0KmcVvhhCOwKTinZCebCocB0I12V7ZRMbDzKUc1avLIoVA==\n=JlNZ\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAosu3wR3thEqsYsO0BcYOaDEKRMy5f1KPJaH4l5tERB8w\nstKrIvy7GWv2D1enuMuxoHFPfHxCauiBudDDCvU5ic/KGufMoOWpQptYYWRoYsvG\n0lwB4p7Xq2FYCJDhnu9BJihD58VyehMyMydai84on6bYXVDSxIznfMTHB4W9+N8D\nFzFhcUfOW3/Aw3C8TjWq8CUDtBU4dut5T3PQBVgQy87CKAtrpDrhZAi+P6n/0A==\n=vwZc\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T09:11:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfoOzVooUt/RCvN/Gyzfg/Ci/6SPOavIFz6a1VY8RCTsw\nbdfL6HQaU+I14B6DdJYV3ThZTvchspexKCt/3tve4fQtLS4YP43Yc/cKyuvJjKhi\n0lwBdH92sKoNZCF8sC+AoH8fOP20jR6DvIXcvvnYrlpOPolQ2xJffrzpFnDmxSC5\n5tKMotnX5iPi0zNR4riAf+li0vboFYpOWyO1vJWtF97EaMdrIaqqC5i98/5qlg==\n=iFkv\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/dirty-haskell.org b/hosts/surtr/tls/tsig_keys/dirty-haskell.org
index b9effeda..6ac1b071 100644
--- a/hosts/surtr/tls/tsig_keys/dirty-haskell.org
+++ b/hosts/surtr/tls/tsig_keys/dirty-haskell.org
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSktzT0V0bG10SUNoZFFU\ncWIwemg0eEZQYmVoZ2hnVU03bTgzaVVJRzFBCnFldFRZYi8xYU85cGNNZEVYTnNI\nYTh3NkQ2SWxPSHErRFJnYkI1YnN5M0UKLS0tIFBhbFk5Q1ZLZUQ4MXA3STJFL1R2\nQ2UwTGsyb1hwcWpXUmJiWUpLZ2tpYkkKDHKtfjoxmsdk7jya3mbWnZnyl8f4K7bG\nJ2ZOrnOBRDcU30s0wu+xUTcT9XbTyfbbzdvEmjuxTBr1YxE2NiwDbw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:20:36Z", 14 "lastmodified": "2022-02-22T14:20:36Z",
10 "mac": "ENC[AES256_GCM,data:AZxoNR2oE7c5LXEg8o3cBYTflBMeGadPWr1cJ5GEyBJUJUloN9V9iTjnN/62Pj1zkTQvOhL4vkoOd0q812mOV1QgCi/RbLTPIn55dDWJ8d8jYQLlqrMV3LR+xtsGDDBDOPWJ8pNIug9D7f3BwVQpbvj3W2WOnJvm3oAZNHa0RJ8=,iv:YVFNSC74bZQgGpVLxWFCkC1oouSYwJjQ+k3beSeXUJc=,tag:oi7bSs83GsDl4qpsJ8zqCw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:AZxoNR2oE7c5LXEg8o3cBYTflBMeGadPWr1cJ5GEyBJUJUloN9V9iTjnN/62Pj1zkTQvOhL4vkoOd0q812mOV1QgCi/RbLTPIn55dDWJ8d8jYQLlqrMV3LR+xtsGDDBDOPWJ8pNIug9D7f3BwVQpbvj3W2WOnJvm3oAZNHa0RJ8=,iv:YVFNSC74bZQgGpVLxWFCkC1oouSYwJjQ+k3beSeXUJc=,tag:oi7bSs83GsDl4qpsJ8zqCw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:20:35Z", 18 "created_at": "2023-01-30T11:01:52Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAhNF59zErbJlEDeJjF5kFLUVeAF81ageD34K/7NjVf3Ew\nFAn32mbWKZmoY4ekfOyZesKWTvpaYH8vnLj0r0vTc4nnqIejrVbz5T7nxl9mKgxX\n0l4BS9jVKuC7mGvTlKvpABPEP7uQS083JRVdTQ9nLFF3kOgf3rHWTX7I+QNMT+7E\nWqdm0q8OV09wk0I94lpRVjQjeosZmLGV58E8Q1D5x9xKjwS1Z9IT2SHONaZDAc5a\n=jdQT\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA3VUCkxqxcGqpwgpOIt2PFyk304lJtUi689Etl8kGYxEw\n1PhanLg4Ot806akBnXAVbaGzSw/pbQ4lKwj5f8XPUpz3WZXuAiYrwxr25RzQot8/\n0l4BPPLAr8rsVfLVL6r2Do9/Ae7UV/Ko23SLl6cxT+JTgXy5e36eZJqMNJ4v/Jti\nL0VHuThIdgdJodFNR5AJFpEYN0OrLvkW/vB7sfB/pQrWIWhKOow/R285ESAuJqcO\n=s0pn\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:20:35Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAMpNL9Ff2tSQLZYJlJCc3zUeTIiJYBwPXngz89tnrtxMw\n7cBQezv8MW/nKS5+8VPsr5NA2EfbPRlPAGDs3i7c82iNyaq8wjlZ7E5kJt9Cp1UA\n0l4BUddH560+QD8JZ7Tas943jI0GvBSrP3gm/dpILXS6APmIo8cY1Ex8Qkyvp0vn\nfumu+TRaUIjgSo5ZbqbJx+/duUjTg+j+p0Zu1xvBDQizbP894y5LFfsEsWQB2tkC\n=QZbr\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/element.synapse.li b/hosts/surtr/tls/tsig_keys/element.synapse.li
index c633e1ed..a4c60817 100644
--- a/hosts/surtr/tls/tsig_keys/element.synapse.li
+++ b/hosts/surtr/tls/tsig_keys/element.synapse.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUzkvd3N3WlpVSDhMNlQ0\nTmdrSmY0M2VZcTh3ZkJmcDVxMHBOcitIT0VFCkFZcURzWHBhQkpSUFZiUTVLQ2FP\nWVF3SHpERU9JSm11ak5HOEVIMytQb0kKLS0tIGE1bTVEYndVR29uakpxYktvZStD\nTU5nb2owWnQ5Q0NOM1VxdW41eitxMjAKotJafHfIrUuOhplV4WA2M0bMplj7FTBg\nZVX8/+4Vh8jb7latiARsa3XiicKG8QYT1g1Vv8K8f26LJsCn3pG3vg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-24T20:22:12Z", 14 "lastmodified": "2022-02-24T20:22:12Z",
10 "mac": "ENC[AES256_GCM,data:4X+aOHyoKN6CvrGziOeQ24pqi3xTP6Hsl+32IcCmFvRNr4Cb3mSj8pU6kP0S1PdLpgfUdzWU97B9W2ND+1IUkMOI+g6DKcQKvegT7KAt55FVnpH98Ls1dxL/eFQxufQLMymTNiE7uuVKPpsFkT6iVnMSfy8JHHQPaw2zfgW9Awk=,iv:VwJGG5tpBD1RxeOoaGY4W/sMS1Pmd+jc2FH4X2MEmFE=,tag:0kUj6f7zfcx/5j5bum8DJg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:4X+aOHyoKN6CvrGziOeQ24pqi3xTP6Hsl+32IcCmFvRNr4Cb3mSj8pU6kP0S1PdLpgfUdzWU97B9W2ND+1IUkMOI+g6DKcQKvegT7KAt55FVnpH98Ls1dxL/eFQxufQLMymTNiE7uuVKPpsFkT6iVnMSfy8JHHQPaw2zfgW9Awk=,iv:VwJGG5tpBD1RxeOoaGY4W/sMS1Pmd+jc2FH4X2MEmFE=,tag:0kUj6f7zfcx/5j5bum8DJg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-24T20:22:12Z", 18 "created_at": "2023-01-30T11:01:20Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAAyA3QRnlZfj/s/gnHYyA5DEzz1oHnpWD7hc2eOayNXQw\nJugmUWO9a6nYeLIAZohvh3Mi7+BIPHr8tAgHsG7593nScxFYxq7dbE9SiJFKIGuo\n0lwB5qUtK8Cs0vXXsmrssMZ95TmUGizBhCvseYsZa0RAr+5BMxHfE/qokpOuBPW3\nnD6va9cBvpjta7rrUf10z2vtQvG2ViVfDLiN2YTz+F5WkJx0Ut/wQvxh7WhE+A==\n=l3pp\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAavy16vyK8hEuRECWVZwmMeG3JEUF4rCEKeohr3kFymEw\nxNjefxqGjBZzvqiluzUJODjHHKygH4YngQwwzXoyx/mvDsjCatq9MiyZTV3uW1r7\n0lwBpGTnf3/uvATij6q5wZIYQyRLElfwgWVA9IS+3PCvCFcQQCD5oF9pt+JQsktl\nM57WWjNHWWqD9v0n9BwkDykluUHyqTwYOODSvxbe1guoA4dzW2xFvJ0v+/54rA==\n=8IZk\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T20:22:12Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfDVWe9yac8vCFP+Rt+99kqGK0TBrL43QqTylQZm8hDAw\nDo3L3P1rUhFU2Ubgaf2NsVo2Eu5sC+OW3SGtUtd4YvUXYO+ntI8yYNmWG+Dm7Gnn\n0lwBXNGWaaObwgIHZE3znUk6r5Adyfxw3eP+0ct5MRd/OaRoUjsvBa0Lpz5zvPJB\n6/lF3xiJsjcQy8u27J93d3oEdtw3YtDr0PLxYklv3pZdTP/6T7RYEgPmd5Tsrw==\n=Asam\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/etesync.yggdrasil.li b/hosts/surtr/tls/tsig_keys/etesync.yggdrasil.li
index 36b088ee..99ef24bd 100644
--- a/hosts/surtr/tls/tsig_keys/etesync.yggdrasil.li
+++ b/hosts/surtr/tls/tsig_keys/etesync.yggdrasil.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWWNEUlBjaTBNbzdSOUZG\nN1NRdEhMVUgwcGdMZHFyYUs3RmozdkFkZm1ZCjNJT3g5Vmp0VWg0WjY1SEM3d3B5\nL2NrR0VwdDB5L2pjTVRGajZJVkp0NUUKLS0tIHh4Nlk1MXlzaC9Ma1JJNjlYRFlC\nam85ZHN3aDVMbXpJVStiMm45TUlMRHcKx6WDswKNT3ZxfInYArClVV75p/2skgp/\ncFZ/vfPObSrI9L3+XIFeAQLqyR5EaFZhoYy6+2XGtAh+WHMzK2bZ9w==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-09T15:58:57Z", 14 "lastmodified": "2022-11-09T15:58:57Z",
10 "mac": "ENC[AES256_GCM,data:jnayMaU/b7Ga0LY8aTT83ZfveBpyZQONYxZg7m7wtQsJ9R9fBz8Hj8RCTe/kQHI9J6QjDkM0BRtQjKWkth3BJMyzsLpBWvxdYen3AVROs/MHaX9rQ2MlKbZT6sQHiOgJaYiKem6cogMmLgQvb23I56gJNPGaM+0av6evCyu9+Oo=,iv:eiJQQChxu9ncxt8v1DXFFCRHMBuOnjOkOAVLv2tZjgk=,tag:14R6xM+2jIN03ZnleF788Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:jnayMaU/b7Ga0LY8aTT83ZfveBpyZQONYxZg7m7wtQsJ9R9fBz8Hj8RCTe/kQHI9J6QjDkM0BRtQjKWkth3BJMyzsLpBWvxdYen3AVROs/MHaX9rQ2MlKbZT6sQHiOgJaYiKem6cogMmLgQvb23I56gJNPGaM+0av6evCyu9+Oo=,iv:eiJQQChxu9ncxt8v1DXFFCRHMBuOnjOkOAVLv2tZjgk=,tag:14R6xM+2jIN03ZnleF788Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-09T15:58:56Z", 18 "created_at": "2023-01-30T11:01:15Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAKFpHfMQJnP8nDjHzxTxavExHX5z7JE3xPL6RCAJIX3kw\nbZ01Kd8gS3K4o69Nmfq8pXnPi6Oth7cuU4sQMN6TDz7/TCbyGSfdeh69A6d5WiU3\n0lwBNIuAyXvDIbtfOO3hqlQSzyBI0FBdj95DkyDu9el5KFHgD9VYm+of//pcdFV6\nVvoRQV2Cgb7kfzRQJxb//XqGZ1X/+TeETAoHVeEwCTCyi205tdH7eKJ21oGgQQ==\n=ovuM\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACZpzi5O6Yv8PiiuPftPmcUyLgA5qHZjKZkYKs1elZlsw\nVjQet4Ky824ivYE+AXqLvO+3duqcokQg9yaMcaY9QtfY621T+Imj3ntXUgyzMysG\n0l4Ba2uRZFFj39z2Xdm2eGHxkKmGNHt9V83dRcLnEXy0Ecfb49xq6Miiouw/qfzb\ntdND8qPAchlZSmyw2zbHbgyqxdirukonkO7rbpA9SmtIh+RQsEvT+S3dx4pbBRHs\n=69Qw\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-11-09T15:58:56Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0Dcxxnlrr5jyhG3c2391EURXEHWCozH1dZwVXjE9pkQw\nL4WrL9LBnUBNgNXse83Va20k1VQxZUvOQ/xlLhCoFgJX/oa3++BIzuZSA2/Uh/yv\n0lwBmpMYnHdoFYxlxLX5xYE9wo7cye/eNHcoZeP/InOGOEkQc2dbIari/Y4z1+2Q\n18Z8eCRD/iLCbFXJmH+/pHhQhjzWM+p08DSxQqKAfYhEN/cAs6e2T9Mp85wU1A==\n=X+4i\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/imap.bouncy.email b/hosts/surtr/tls/tsig_keys/imap.bouncy.email
index d3f86b23..4c7e8f2e 100644
--- a/hosts/surtr/tls/tsig_keys/imap.bouncy.email
+++ b/hosts/surtr/tls/tsig_keys/imap.bouncy.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVUhCcDlNdXphWDNNaUVo\nWDIrVlp4aG1QRzlmMTdia29VLzBZRFJ3bXhJClA2aWRBY05TN0Z4eTZuVTh1WHk3\nVU1id2kvMFZqSUNVUVBvcmFpYnFML28KLS0tIGtDd01Pc0ZCVjI0dTRnekpBQ1gz\ncXRCNkhUUWQxYkJUK3RuRWJoL1NSQ3cKpUUX0IcwtrQT7KhM7Arhrt2DBl4CYxZn\nXwCJzXtQUTDeNtqPs1WOlK5ZwSK3ZtxTpiH+mUZrcv8S6fl0l3WkkA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:35Z", 14 "lastmodified": "2022-05-05T11:44:35Z",
10 "mac": "ENC[AES256_GCM,data:C8C327hR+CdEZjqkQUoPNCXXmUbNSl2oHChLQuz0MOSvU0laN7rLcdJ2Mb/WodVgHdVNXtzAzLdOluXi5ikW6pZH4ZAkV1Dsr5E/WLR3TuSr0ULJx3+ZQnT6XJkzKn0MSS5/u/ctUpGoFki+xG2S4yQiGqArqXUktEF2XAROBSw=,iv:Sp22bqbXBBWX3wLWBqHuZaQ4ki3PNx7BFKb16uHHU7U=,tag:OxVOI2K0Tliven8sPXnzlw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:C8C327hR+CdEZjqkQUoPNCXXmUbNSl2oHChLQuz0MOSvU0laN7rLcdJ2Mb/WodVgHdVNXtzAzLdOluXi5ikW6pZH4ZAkV1Dsr5E/WLR3TuSr0ULJx3+ZQnT6XJkzKn0MSS5/u/ctUpGoFki+xG2S4yQiGqArqXUktEF2XAROBSw=,iv:Sp22bqbXBBWX3wLWBqHuZaQ4ki3PNx7BFKb16uHHU7U=,tag:OxVOI2K0Tliven8sPXnzlw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:35Z", 18 "created_at": "2023-01-30T11:00:58Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAg+bD8OFCZiufY4QRUyLA3K0UMJS9rEbyE7vCExAazhUw\nYLPtQLtH3MFfS+HoDqrOtTy/1FadBbSBO8YC6bEeBpTksLpH5o3dqYCOPEzYWTKN\n0l4B66Bq+BgNuR+Ld4A+TdzNOfsmjIsEtVh2AKyfKFsg4+29MH5ImX11Wd4ek/5R\n1qD8evoz8DT+1sE2mX7gpGZj24x4A8CzhOPU/zQBaD7tf8omw6okERIi03jCpfml\n=C4Vt\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAVUsf+nO2XReMWZXUqW4YpeOm7oRv2RewCZlksB4zRTMw\nhGANiT9E6qhcnf/j+lq9UtjUSMti6LMaXbMxhKXn9/Brhlq3iYZO/TDxtBIm4Qim\n0l4BdM179Ytc1vH6stFuAMBmICqLnfk7vbv+zclllsttzTB8BumMZuu8bEV8FjtF\nHuNz55zHeIgJiFBoe95KJ0ZBgjNiiNu4Dn9YKoWXIim7w2UdF04YRABV1o7dHYnn\n=slnj\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:35Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA2g2y4txmaQ1pjMKcRqwjqCSzdOeyxqgaO7hNzVzRvwgw\nXggd7yj7dSW+JZ1/SOmeMDR2aL28B6lB89q2IdGDORBaa8/m6mSSnP/aNiMtj71M\n0l4BgV6lelcYvGJfqb9TDZFZVsCYAiONBzhOjJ4y31H09BTFrFEnTOK+iipiqjti\nlM4ejpSuKPrSwx16+7B/Pa/OEMWfRWn7tIIoRC8rEdWKCm1utKLlOoqpR4OA+5mT\n=VcqH\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/imap.kleen.consulting b/hosts/surtr/tls/tsig_keys/imap.kleen.consulting
index 4274b6c1..c64fccbb 100644
--- a/hosts/surtr/tls/tsig_keys/imap.kleen.consulting
+++ b/hosts/surtr/tls/tsig_keys/imap.kleen.consulting
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNMldUMTBmTzNnK1RXYUd5\nODBKT2g5S3lwS3NCeWlzVkhJTzdoT1dhNmpBCjl2VFljSXNUSUc0UXBlQ0lLWDY0\ndStXS01DR0JxQlRqVFhjZVZwYVN4WEUKLS0tIFppb2RERkFsRjR6OXJpa3E2WEhE\nV25BV09kNTZjVmhVakRERWI5WjBaSjAKhz0vCrRcCGIO+t/kfg4QRVqXKNpXER7A\nW4Y3PWyEdSnOVhUmNHTi6mAegG/ytZFojf8gdCZfnoffwgq04wn7hA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:03Z", 14 "lastmodified": "2022-12-27T14:23:03Z",
10 "mac": "ENC[AES256_GCM,data:A89e988MUk4M0hYPjt+rkidTT9G2t/pMvDWbA1pLp6ejuaDKOyqt8+4Z1ijA+ZWotam/+PS4OwiLYPWUv5yQYRZXEgIC4X+9zUqTzrk4YfHNzz5CxHv3xVRXDAv+THAuAZqpFcJHZsfwlrkJ8oT7aBM0QzGEYhRd6DqXrDm74Ec=,iv:rMrjW/5doBtymJipRPfS2HrAVOXmNLSESAmGfGrfRtM=,tag:hnnZaRoAajlaSs94Y1VF9Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:A89e988MUk4M0hYPjt+rkidTT9G2t/pMvDWbA1pLp6ejuaDKOyqt8+4Z1ijA+ZWotam/+PS4OwiLYPWUv5yQYRZXEgIC4X+9zUqTzrk4YfHNzz5CxHv3xVRXDAv+THAuAZqpFcJHZsfwlrkJ8oT7aBM0QzGEYhRd6DqXrDm74Ec=,iv:rMrjW/5doBtymJipRPfS2HrAVOXmNLSESAmGfGrfRtM=,tag:hnnZaRoAajlaSs94Y1VF9Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:03Z", 18 "created_at": "2023-01-30T11:01:42Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA1Z/0PugoNJs50gvZpRdFzp5vykDq3WiLr5TpMMOcrm0w\nwzLloHyQzuZixmbhj0zJ8JEW38kaSwjiJhkifIYI81ab49SJKzrJk0/+QhFQwgQQ\n0l4BwWaAGzxg+VCvWVasXpFrxD3XTIa2d1PntLTNkrnLO0W75rWBuAOrKR74BS8y\nnKPFtG+jRW36ziESeqyPF+Grb+lMiVhqEBe/W1eeeUtCL8HVVfTBnNSBrWockDnj\n=FOND\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAyP03+VC7d21C7NHi32qnfkr3jZDcAZgmWvrtdx35Plsw\n63/4kdqtWedhlPM68CDOmweaPhCV2osEz3f4cOHToz7N8eIcBpbyx/bNaYgAfil5\n0l4BgjZErUUSnrevrk5kKvHIN5KBYVBR1SIW5L5xKVRLCLYswHSQiLUtekPQ1K4r\nt6J2eRmVnDuIdGNB39m0UKTQ3NHrcYUe2o94KsQqiVNjEBdRmzgoVw9h2noiTTq3\n=voMP\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:03Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuAdDkZ/i0CzkC8BtxDVRKXRYIPagMBUTue4T9hrfZjow\n2hCdSqXoiO9Nafl4p6hr+z/+hgvtd7+Vi6Vsx/hYEYyQGGMj4kBjtrCLaIXrNwzk\n0l4BWzYVis9DReZ4b9dQjqOqFOFXTNjjdDvKT2XvB6UC7Ak92Urp0aASQr6cOOa5\nr5k3j1AYlhMeYpSmz7uzWjLcIAqH84KFBAEvsm644ymmKkM0o6lZfzYN2TsoEjnP\n=CXUK\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/kleen.consulting b/hosts/surtr/tls/tsig_keys/kleen.consulting
index 48b6e4b4..3670a50b 100644
--- a/hosts/surtr/tls/tsig_keys/kleen.consulting
+++ b/hosts/surtr/tls/tsig_keys/kleen.consulting
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVlJpcTJ3bDdQbXMyN0hm\nSHpDN3F6cVFWdVc4WG85TDRmdllWWDRadkZrCnBVR25wTEVVWkxqbHdOSjArVVFj\nRk4vSkZRRnNEL3NyMEkvMkdoUHJqRGsKLS0tIDBiZzFuVG45RDI5Z1dMb2F2VWJ0\nc0FlMkMrSGswdWNneTRad2g2RTlxWTQKooHU96GOlHCACaOz8edd8fxDj64clksV\nD6BlMp1eW6u43NCMJfUSSM/A6Oj04eBw9nCuGA1ADDTtACeVowOctQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:01Z", 14 "lastmodified": "2022-12-27T14:23:01Z",
10 "mac": "ENC[AES256_GCM,data:zDAuZdupb97yeKlS8j1J0SkP3xHMi62SVOgc4NAyqiQgSRnRVhO0uxf3Ms3nVhijqFOS0IeaHsEQM6cCcfq5Hf5/073XHV9/QTcCQsQxPqabwHLvO3Tkzc+lcWicwm0PUt3Plh4QybXwKSaYKJr8RZzlgltOl6CJN7fERIyNayY=,iv:G2te52MStm0o7+qjzIHs335x/PQHdcfiIrnF534+0sA=,tag:FwZRHR8vQiyhls04Ic97Aw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:zDAuZdupb97yeKlS8j1J0SkP3xHMi62SVOgc4NAyqiQgSRnRVhO0uxf3Ms3nVhijqFOS0IeaHsEQM6cCcfq5Hf5/073XHV9/QTcCQsQxPqabwHLvO3Tkzc+lcWicwm0PUt3Plh4QybXwKSaYKJr8RZzlgltOl6CJN7fERIyNayY=,iv:G2te52MStm0o7+qjzIHs335x/PQHdcfiIrnF534+0sA=,tag:FwZRHR8vQiyhls04Ic97Aw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:01Z", 18 "created_at": "2023-01-30T11:01:01Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAVnsoiamZ0mwkgB/VDWMxCME/uxGYqZc50h332nFBGSQw\nhPTkYSghPXdCPzBAcFglpBnhTiluREUp0oWJuCoimJAkOmECLM6wACZPjit3cvSw\n0lwB0zzKGtRNsnIwy5pM70am1Yu54JAkcqdOGJZFEH24m3gNdJVWnnMcbXNNfxnN\nIgQDDmL8gw68lpw8wKOwGi5XIfwQwwSBm7cesLa2X4a6UKLgBRSYkwtkEkskJw==\n=bhXe\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPsAXdEPbuoIOTnR2s3naYv4IeJFO/8ubGtb3Sibuiygw\nBStM09B7+ZfFZD9MWcl+V6Z/SlLVwUWsTQcuP19ngcDvIrnODo/MiQ83x37YAJKD\n0lwBI1h7CUTm23CEWcRjfZIHhvnW+eoEOdcnMYkEq79LvNpap7oR7Zj//b2IbO3Y\nDxKJYszrGxrYLzAtR2oT+XG+Z948UEq8/A26itnvV/Afkhs+7MONNCY2RjHz+w==\n=U3bV\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:01Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA44YcVmRcpMqRAdiZrtA/cXds6gPgRFbu1QokzhovUTIw\ni1bumXheuSh1EwgV+ds/eP03LRwWjkRWApzl1h7D2SS3R+1U2e43kzIORyi33Cwb\n0lwB5GGeLSRPirj1WSMe1WEXCizl330mEwgNYGs2HT1r9tHESTIO9CRnPzed3EXP\nhfH92t4HMCwIzWI7D78ExR/uNHiHhOhBs0Jz3V6HSOmKpPReLtb2sVNMjO6fKA==\n=ak0g\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/kleen.li b/hosts/surtr/tls/tsig_keys/kleen.li
index 3f31b1ec..36f0b43a 100644
--- a/hosts/surtr/tls/tsig_keys/kleen.li
+++ b/hosts/surtr/tls/tsig_keys/kleen.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORS94M0xaMWcvOEFqaEZi\nU3hOVVVZWEZOL2dzWUc4MWdLaU5TYm5aWkRJCldHZmE0UjRvWU5aVFVpUmRnMHhu\nc2QxOWQ4SXZYQVBjbjlDUmJYRVFLTmMKLS0tIDFNaVlJRzAzcWcybVREd1JIQU9J\nN0dBQnJvRmZaOWt2RjZrQm5rMFFwYjAK1gpceK9NaHPd8/9BQwnZyEY7+SGYStqN\n/jq6f8+tTZalR2eM1nTTUMtQerSckf1w2y8mlvZ2FXCI5+JK2xCU7g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:58Z", 14 "lastmodified": "2022-02-22T14:43:58Z",
10 "mac": "ENC[AES256_GCM,data:Ws+LHpDFB9tKzfV5zVg5POTbzwb5KNFigPCQON85yIupazVMKesW5mpBZTzbknL0IwPfVnCQNX92bnJ6RBqJ+vIdOdax/eZzuIMvXyUGw1gjafkE3F9gv0CWu3n34SoLOynEIHXOrM/nTVWOLs6+DP1fH8MmscjhvaX52yIxe8E=,iv:OhYYyc0tcI2BrL8i2ZWADso9AcHzhb/wNrqVEnTXUJY=,tag:+GoBXxlveNe2puCbFz2foQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Ws+LHpDFB9tKzfV5zVg5POTbzwb5KNFigPCQON85yIupazVMKesW5mpBZTzbknL0IwPfVnCQNX92bnJ6RBqJ+vIdOdax/eZzuIMvXyUGw1gjafkE3F9gv0CWu3n34SoLOynEIHXOrM/nTVWOLs6+DP1fH8MmscjhvaX52yIxe8E=,iv:OhYYyc0tcI2BrL8i2ZWADso9AcHzhb/wNrqVEnTXUJY=,tag:+GoBXxlveNe2puCbFz2foQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:58Z", 18 "created_at": "2023-01-30T11:01:19Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAHUWRBd0g/lAt4SNSRTyY084xlAmLVFiWY38oItiWEzUw\ngFigoJRqCtFsfRgmPC/VyasEAsUCSmmA15rGH+C1DA0HRyXLNUVGEcsnL1J7yNxS\n0lwBVaPi+AgmKtV48v6YzArTeY36TA9CInZl588Wy/YFitnTX6wqIuoZeJlDgEhN\nVF4XQVjb1mQhHFHbgD7SJSW6fHi8KWb+B3Tr6qt+p+CzwCycH/IaDbWbhIRSZg==\n=06jP\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA1eo1M2eXnofs/Y+/2XQ58fNPfaui1PRJkGHUFJusDgMw\n/qmqzz8vR2cydHrPjjYiQL9qigTsCypJmy6b9Nmmfad4NiyThZ5dbctQkhhQFTDq\n0lwBpGVmG7SzsX7KmWmguT8vfR90cLOwpvO+c0o05ggIYevw3OLfWxnwW79N09o5\nJh6vUmL0bntNL2h7ows+Q+xMtg+kaZ1ltZLGq6dKNZoQ2eSHHnvi+R5Pmz5+TQ==\n=CThx\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:58Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAZbcJU1YXpht/sVq+NgOi23+BCjuiT/DH2Q4o9oQwEBkw\nLlQGzqtLfKPAjZWCECgsgz7ssAQVY90S9MDM3fUYWX56TXZabFkgz18Bn0cq1Ywa\n0lwBeS1RQX6gyjLNrO3B52eL9t/FW01RtWWS51nGN0WafVgoIaohV00lDCFZPAD/\noajw9vLd7Njjk11Pqv6H7pUanQOk69+tX5pKpzwGlRE0eZre6OSPZp9WTgfLTQ==\n=Af2i\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/mailin.bouncy.email b/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
index b7dbe8b9..6564f592 100644
--- a/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
+++ b/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUamw2MFhOamFMSFhialcw\nNWR2THhiaVFZM0h4SDAwcGZXY0F3Z3p0UGw0Cm5tRWx2WTFXL3k0SngzdTdyOGts\nOW5EdUpFamhKN292TmJEUThtSmxiOEEKLS0tIGF6UytZb1hKWE9rd0pUYVV0by9t\nSklSaENheXhZUDY2NXNPZzdiL0o3TDgKdgrdy8hIw3AIqsUCbyz61zea2vNO9EA/\n/658KGtbC1qnJuQF6/byUuxAMpdcuw7psV3WwaNYHD4R9kaWTiTmYQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:34Z", 14 "lastmodified": "2022-05-05T11:44:34Z",
10 "mac": "ENC[AES256_GCM,data:bIjM+KaKivOu3xy4+p+zXaQtzRGO5wQ/tZXCgEBA9TEjkTli+ypzUlaf8gtjPOED2nCie9+GX+6kKhopP+P28/PoIGVmTpMLtRgInpNh8/APlTN2TQoVyCld2zEJDi+Cqa+nMBispyQF06bB3UGeOdGnlZwgW2IlYH5wUcgGBng=,iv:SMJMogMoLmCFaBqMjgB2P+pVhC8JVZS3BzZyEjqhDM8=,tag:07SSpA0HP3oIpTzyUExr+Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:bIjM+KaKivOu3xy4+p+zXaQtzRGO5wQ/tZXCgEBA9TEjkTli+ypzUlaf8gtjPOED2nCie9+GX+6kKhopP+P28/PoIGVmTpMLtRgInpNh8/APlTN2TQoVyCld2zEJDi+Cqa+nMBispyQF06bB3UGeOdGnlZwgW2IlYH5wUcgGBng=,iv:SMJMogMoLmCFaBqMjgB2P+pVhC8JVZS3BzZyEjqhDM8=,tag:07SSpA0HP3oIpTzyUExr+Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:33Z", 18 "created_at": "2023-01-30T11:01:21Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAfNwDDkgU3oYgQQzWu808G0xd8wwbDdRPzAvZpSW4ZUAw\nGKXrug34UAsJoCezXIArCbAXq8DGnsejkca90qS8JQAw94QxW/EVwjXXG1aUs2+2\n0l4B1WxA5Lt2/nQyeJjTOBcbTz07SPBlkdG5tZQEmJvoP33CTUUHNMQ9D1n3BFwZ\nOuWzFDBTXLqOzseL6PYCdjHMaU5fIll+GCIBufG9lZuqfP1YTyqLhgPLNpaO5kCX\n=4dC9\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAb+Hi6mywx0nVrfdpNy7VrYeHabgw5KbUiAG5xrwc+EMw\ncZLM6tFQ9dLNsK241d//UD3rzvco580eK3DNICl/ydYKpIjNoLFDKNA2Szqn2yfx\n0l4BmTHWDQ/Slel86p8MbUJxtKRlSHELfYEAzVZIR7rTc7VabmiFviZuI+MMuPF+\nLprLow8bPzcGmkHITZUFuz7QAdVrFN4fkPKPnvGiuVwU8nhXHY6/1p2hiXPzkh81\n=fGa1\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:33Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdActPNakdiaMdVMhHlp0L77VgtR6x7NZmJ2RU1pKcqCnsw\n4hJbSauDdaUXirG6ircfJeKfwSOobdDjFmrVfkhpV2JKRc8XQyKm9nx8B3nHLPRb\n0l4BY8LfKmiH4lSocO/3thKurtZKOCmk5kfvCTVC96aWOFab6+YapJvRIqvgupap\nM+bRH+xEqS5rmooQBwsFFya5kykVVODiwAkh9dIV0EdGhqJgChjd+LHetch08iyw\n=KnpG\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/mailin.kleen.consulting b/hosts/surtr/tls/tsig_keys/mailin.kleen.consulting
index 70fe6f95..948b5cb9 100644
--- a/hosts/surtr/tls/tsig_keys/mailin.kleen.consulting
+++ b/hosts/surtr/tls/tsig_keys/mailin.kleen.consulting
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOclg5MnEvYm9hRHZTN3pa\nNGFLdjBWUFBya3BmNmxMeXJzcWQ1ZDJSdFNFCk9RSW5IQnlURGlHWXBCZkc4bE03\nUTNSc1BBUnlFdXhuVjhzV2dHeGRpR2MKLS0tIEdhYXRlZURuUGQ2L1lZNG5zbHUy\nekE4cTFvY253blJBd2xhNnNDaFN1K0EKQ6zOlymScxgmi/Q+wOciN6MpGLLDLsun\ncH37Fp9+cJJ4dunL18GOmapoiepYWGWJdvgr4dzoehiqgs7Sq3n3fQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:02Z", 14 "lastmodified": "2022-12-27T14:23:02Z",
10 "mac": "ENC[AES256_GCM,data:e4oe95ZDgKZv6/Zy4P4r4u/fWHHLTsL1ieB1ut6Ktg4B2L/DPxuxEO0b5ajXFr8tkmA9/DL1Bfv5TT2145v/Kyy1NeXYGUGbg/BtrTYlUSekYVbHIHtNBYLgOQzNL5tlrhyFXsVHx8a0BZKVEmqMocNiz4kIjU4JJ1ORHxS5M4w=,iv:vN/y8TXg6RSxi7OyioIVA0NoiaPpIZU94tLEOCgvXHI=,tag:uAf7psK/HZ1cs621Y3LOoA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:e4oe95ZDgKZv6/Zy4P4r4u/fWHHLTsL1ieB1ut6Ktg4B2L/DPxuxEO0b5ajXFr8tkmA9/DL1Bfv5TT2145v/Kyy1NeXYGUGbg/BtrTYlUSekYVbHIHtNBYLgOQzNL5tlrhyFXsVHx8a0BZKVEmqMocNiz4kIjU4JJ1ORHxS5M4w=,iv:vN/y8TXg6RSxi7OyioIVA0NoiaPpIZU94tLEOCgvXHI=,tag:uAf7psK/HZ1cs621Y3LOoA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:02Z", 18 "created_at": "2023-01-30T11:01:05Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdADTdcU/shxjYVUAxYWJKSM3oRDpYCCJ9al76z3glcNQYw\nmIlrpVfT3O+lOSgr1s07giFe/WEJb/A4ctYE7UUSpnowZbOHn8bia0JG/t58791I\n0l4BV7zeiWadAGJHDIRHZb2BRev/b4ho/UYnHG+LTaGnAa9phfeOlRn7k6+sw8Ad\nDUBe1MPbsnBD7hT5IACxNZ4neXDaSJ9mOe5CP9u6SuDwFlMicW8XV3INXBcRQKZY\n=7Uw6\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAc/ZIB/lV+wb2f3Zxh5Hz73eThS8AABIFDaTwWXcjT0cw\nENrjQJ+TfwKgv2ltDwICf/6MhPfyCSw7NTQES093Ua8fH0kf7a980mDREtccTXiq\n0l4B/zqWiyZCabBHaEdKSHzx4wdV5ZC9xJc5p+nmt+f5urC8xxXz+C5Kpmpj/UlN\nfyJ0A1JScce8jVB2wF5qpu1HSY+AMwnpW78XjdyTjmYM7UivPP0H4ptb8frlovkV\n=zRrB\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:02Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAgQrdU3Dqlv5ZuGkbBdroYvAFRbKdKTzG4gCkRR85DgUw\n8vPKNv3d93sWLqrvw1VqMKvmIfVGLujqM4j9ZuecHodUPiMuSgLmbzsGS5HpiubB\n0l4By0O/oVeNWAmFNYRMyfZ5CH+YYyOZ8u8tBTR/6eHjOp7wlKpCqcFVg8UILkbn\nrRvpNEM1PDh+oZJ4nMA7pQkm7297H0+uyTioGxHq9DLAODepnlfz2ofCKd/jEO1+\n=Fh1g\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email b/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
index ec2fa339..da9c623a 100644
--- a/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
+++ b/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUHJtazJTS3AzU3BqdjVG\nSTRNYUcxZU9VSjZMOStQWjNIejFUSjdpaHo0CnNmazllWlhZSFM0bGhxV0JiYXVO\nUmR2ZEtkaThaWEpTRE5mTEZjUHFDcG8KLS0tIC9Zc2RGenltdUJOSmxGSzNRL2hp\nZ1YyOGV4NXZSa2lBZ2hVNGRXRno5ZHcKCAOvHRcuog9OH8LIo3zQKaOsdv1RDL8V\nJGb/XR6NgAryuCdUXgpk3SIwP3oKKqiyOUsOUKPeOhTJQG4rkuAC1Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:34Z", 14 "lastmodified": "2022-05-05T11:44:34Z",
10 "mac": "ENC[AES256_GCM,data:4RGSNI/aLfDMTH2r95uo+5bYNj1oIaKTSIuLu+a9jnihnoJgh1BIpi6q7ayTV25J31WvpqUdYtHmAqp0cgsgPnxleCA0rmL4KupMPPTx4RNmMDzPfHb+mez6iFwepkLpPSqLMs2hPvc9PuSJDY7r7gkGvRfxqT5U+1+d2m/31LM=,iv:5fEkvnz9HzUAV/Nxd0Y0OYUdNiqEkMwPkgQ+wA5u6nE=,tag:/LyrsMWedbpLOifj0/k9Ug==,type:str]", 15 "mac": "ENC[AES256_GCM,data:4RGSNI/aLfDMTH2r95uo+5bYNj1oIaKTSIuLu+a9jnihnoJgh1BIpi6q7ayTV25J31WvpqUdYtHmAqp0cgsgPnxleCA0rmL4KupMPPTx4RNmMDzPfHb+mez6iFwepkLpPSqLMs2hPvc9PuSJDY7r7gkGvRfxqT5U+1+d2m/31LM=,iv:5fEkvnz9HzUAV/Nxd0Y0OYUdNiqEkMwPkgQ+wA5u6nE=,tag:/LyrsMWedbpLOifj0/k9Ug==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:34Z", 18 "created_at": "2023-01-30T11:01:55Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwar8wbCJkkIsCWa4ADR82XxMQ9uywWi+1kOv0Hz3cSAw\nk4KuWWFjXhuRPGN+ueRrWaZbL2035RL9qjz6AzTf7dYd06q9uY/StQ4iwFGTrSWk\n0l4BSx9tzJ17BfrmDc8gHi7iJJzVWrSQS2BEkjQBvOqOz1RUFnyboe/whdBe3GLD\nTKN0tMUts9wliS2w1qtMrZJhHS4vNRICKlNcmVlShH42En4T9hlcIjwcdeX3Abjb\n=0DrA\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAYMVjjcgVJFl5WZoqzXSCzo5fGBaQlt3xF3hYxEmnPkww\nwYyNvV0WvZaiqZoSccKwkPmotNUzThb5gS3Jcb78TSNqBaI1rtkstuZDkGrYn2AC\n0l4BpyOw4EG70KBbVm6e4mIC6srvxZFpesG1Q0RcjIzxHuvz0MH/nDQgF5uCLGNg\nemZs5jo2CC6P4xVeE0bUHrzlEnYm3tVpbLcjG6gmLt0LIgtixd3aNV3UbLEU9d2M\n=qIGU\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAkd4osWJcn0o+iwi+92bCRf5PvZ++tKLOgUmzZ6AUIQ8w\nRRLkK9U03T6UFMeWvBv5oHLJIgtaseqQJ7P8YG3fhFFdKYkjpoFSvz0ofcdPpORE\n0l4BqBwoLFoVNF9vmjdm7Ggb3JeSRlp5dvn4ihppN5sMOVNMP9iVjFGZr4lHO6m3\n0sInfK2Gz1HZ+u74RaR+urMzr5kfD5ZAFymE93Ae9QASBBj98qM462w6vT2izVgV\n=ZDDP\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/mailsub.kleen.consulting b/hosts/surtr/tls/tsig_keys/mailsub.kleen.consulting
index 23da47b2..2625c5e0 100644
--- a/hosts/surtr/tls/tsig_keys/mailsub.kleen.consulting
+++ b/hosts/surtr/tls/tsig_keys/mailsub.kleen.consulting
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1L04wa1g2WEVMKzQxaVJC\nWEVEN3ZmTHB2V2s2cnMwSW51U0FIeWl5bFdNCmpFUjNLY3lpUWZmZ3NITHMvcVIw\na0hNdDRoMU9pL1pUZi9TMGNBeU9aUkEKLS0tIHlCTzVCU3FMUXhEeFFXZFNCWDVX\nV2lCakhQOVBSTEEwTERCK2E4TUdSTkEKOsHN78WMFBn31TL6Jt+1xkVMx+oroy/t\nmTI/p+j+3RBNZMSLWLfy0I4OWN9iWkUBSQzhOFk+QwXLEwW70daZ4g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:03Z", 14 "lastmodified": "2022-12-27T14:23:03Z",
10 "mac": "ENC[AES256_GCM,data:Un195JsFhtA99AEx89SGdZflAYOa/AHbcDxyQaMPiBI01ic7/EsYe6M6olv4E/PS1/+5b6ki6IeObl66Fv0ikKa36q6op8bJK/S3Mvza80FKcC6YKjmZp8R46MqxlntpIEtl1SaxeWlOf6XFSGS0HMfnCfnZ6+R/MXGM4ZHTofM=,iv:CP9JM+uSmKSskwD7SHEQGp/p8NwPu+c2eg+s7XKn+YU=,tag:LnhFimxAvhCCxYztRhjfgw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Un195JsFhtA99AEx89SGdZflAYOa/AHbcDxyQaMPiBI01ic7/EsYe6M6olv4E/PS1/+5b6ki6IeObl66Fv0ikKa36q6op8bJK/S3Mvza80FKcC6YKjmZp8R46MqxlntpIEtl1SaxeWlOf6XFSGS0HMfnCfnZ6+R/MXGM4ZHTofM=,iv:CP9JM+uSmKSskwD7SHEQGp/p8NwPu+c2eg+s7XKn+YU=,tag:LnhFimxAvhCCxYztRhjfgw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:02Z", 18 "created_at": "2023-01-30T11:01:26Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwJ0Di7OfQ+O1k/D/tA3AzQAmwl/+8mN0kdLD/hAHyVMw\nSetR3yQECXHycm8uw24INYUg1gmVgSg8uunM06F9in15qC89nTBXyTwI37dvSRjM\n0l4BcfRGOenwU+XCRacm10eqZUtVTkgcD43Fz/wjghN6G6j4IGap6tJq6lnA21vb\nIM+qaaR1s8Abdd2CEqsvmB0vF4lacmr7yu1hr9c8C9ooe+pP6MTb4SOpoOjVIqqW\n=r9Oo\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA885WGCj9sDXpCSaCz05BaMm0I7jbqruKnUh8JY82XmEw\nJJwBBNgwaqws+FSprsdUSA++EzU/CUVGAtcegyDar6eKSgEw2l/JyoeF0OUTyrc7\n0l4BcPy4VZzA18OIvLKEWfGaMIiaB8YzCz+V2Z7Hv1WnkMem81QVueUkGSd40sg1\nr5IrqslwLwd1W6WTcY/aHd/L3mHFIeQeM3zkbz/SFieRRNg9a7ium7lf28lBZ9fT\n=7uWW\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:02Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA2xewM1PTAgVs4hggZclYUf3cElF/X1N/sDEsygP54UYw\nTby6Gv+iooRsVmE7FJbvFAVBYEHbNquHdyuSVs8KujoeunEB3xVqeARktC83dKaF\n0l4BzqnrEbTH9R3bnPKOiN8kGiOXS6UjmQZYfrFNphVGGOf/YcTOuGjUISsKd9K6\nDi3zyFY6NiY85Fb0U4LUtAlqz7mbqmjBho1kNezEFvmwLf12XdKE4SXmnnJMoruf\n=bZIq\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/mta-sts.bouncy.email b/hosts/surtr/tls/tsig_keys/mta-sts.bouncy.email
index ce10db57..300cc17f 100644
--- a/hosts/surtr/tls/tsig_keys/mta-sts.bouncy.email
+++ b/hosts/surtr/tls/tsig_keys/mta-sts.bouncy.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU2NwRXVxRU1LTWsxbnNW\nRUhqTTJuZisxaWR1ZHlKZHVhM1pXTFVGcUU0Cmp2alZPMUVmUGRYVUo4T2U3c3Fv\ncnNZR3l6ZWdESXFkc09qVS9adThlUVEKLS0tIHB4dTVQOVRoWTZwSDVMeDRML2tU\nWkRBZ2d0czhWS1A5NzJvVE10ejcxVFEKqp7YMzYRSinAJYsgpwYxYoRPR3qRkeKs\nTwel36wB6VUbpclgkmqBG/GP4z0clma6ZCD8jwGmA5E3BSaHFr4fiw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-07-10T09:39:02Z", 14 "lastmodified": "2022-07-10T09:39:02Z",
10 "mac": "ENC[AES256_GCM,data:7dvWXtZd++BwWH6Qaw0WzRhxVVT9U8PFyE9MJ1E/NssSfkAZHaxDpV1kgRaHJav4lIjvUq83oWxBkEcnasfg6zF12xawxbCckf597r3ctndGtyyHLk0b0xBciiJRR8rFKeB81nKTiDzEA7ydfgbkPIktB/4xgi4vke5WHWPQ2Xs=,iv:NTTWRPUFvhDL5KndTwPEB4c3NCw6X9nDdWVPcowVN+Y=,tag:BO+TEaTY0RvptmlF9yhQfQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:7dvWXtZd++BwWH6Qaw0WzRhxVVT9U8PFyE9MJ1E/NssSfkAZHaxDpV1kgRaHJav4lIjvUq83oWxBkEcnasfg6zF12xawxbCckf597r3ctndGtyyHLk0b0xBciiJRR8rFKeB81nKTiDzEA7ydfgbkPIktB/4xgi4vke5WHWPQ2Xs=,iv:NTTWRPUFvhDL5KndTwPEB4c3NCw6X9nDdWVPcowVN+Y=,tag:BO+TEaTY0RvptmlF9yhQfQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-07-10T09:39:02Z", 18 "created_at": "2023-01-30T11:01:03Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA1eY+DFYwuexG+2C53SzO1qsn60d1UOeBgeBojLbKwSQw\n55k9cM4vYE50bRrnqEfEXn45u2qYj4NIl2WhfJ4luwvNcmLmqvQCKDOKblOEe6Qi\n0l4B6zMGpHNTSkbaKB/Y2zRpczJxRBJz/cEuimbHs57nMQKpFGst5tMvsGilq4tq\nE8iC77K6S+OFJmJulJ/Rw4Yrg+raZ0KkpVKo+hOOKEi2QaWdBLf6dL+NdH2Qpxqu\n=iJRT\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAUgXR/6eJRUx7HCNrYFtq3kz6G88i7aliUNkWfvjebQww\nBqNToO/cRnulEjZyLygIUpMPM5lqq3LuNA8bqRiX+0s3Ybj5D0iQRTJwWJ+bBeW4\n0l4BymBPiYKemG/txn2wuEB8A18U/yWd0fSkG3yHIKvRflgikf5aXb/mjkBZtxHw\n4Ym2ytuyaSJOO0wQ8e/z8DB6JhpiMBk3O5qC2zHik0Sp+lifQczVacVyK8hxI10w\n=gf+H\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-07-10T09:39:02Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAMl+sivtfp0HDutQ2ENSGsoqeIG1//4F0TrmX3GlFVysw\nSA3Env4jdFAtHplG9/6J6PTtnRZNvnqlwoq3Gz1kEIdf8DhQP7/8uPzi2mJz916n\n0l4BOuQfwtJn/M6a7T4xWW4fPh/CgTD8e0TNV4lYboW/YwAhCgOSaRKnObMzGquR\nJ6Fx6q7+y2Be3zpHdOMHpQ1OmEVmysLRo4DeuV6WYDqSOqSklNMVi6D9b+KIQAJo\n=jbRk\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/mta-sts.kleen.consulting b/hosts/surtr/tls/tsig_keys/mta-sts.kleen.consulting
index 6f146483..93c39a0f 100644
--- a/hosts/surtr/tls/tsig_keys/mta-sts.kleen.consulting
+++ b/hosts/surtr/tls/tsig_keys/mta-sts.kleen.consulting
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZ0tkOXhSaDlTQkxZOVhv\nTjdPM1FkQWlTUkgxVm9aRlJPV28yZ0FWbEJnCnBDV2FTUWZRbDBNM1pNaytUYmFt\nWlBrdC9OaWxVbWxDU3QvNHphV3NObG8KLS0tIGs2THV4VnM0aTJvWVNlWWlvVXN0\nbWlrQjB0eXNrSWZteEJnN2tvRVR6Y00KVvFzgda5dFKadaHUj5JYriqJZc4VOsKp\n5ySPhmVlD2u0yvbvQ3tk6YpmcXKpKHC5t/5K8DjUhx5MJbJNhXRDIQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-12-27T14:23:04Z", 14 "lastmodified": "2022-12-27T14:23:04Z",
10 "mac": "ENC[AES256_GCM,data:8EPTej63BLWSW1h6bGPBymbmxn/MTAYGlQXfNAZYOG7bvOT/OJEepZGM+GpwbTDT5adDC9BIwjIaIuvN2YxyQxamC0v2kt64JIfOJqNcL2YDkKF6GgQkdo86T+5N/xq/gma6JIrl1ZHromiUJIU/nTgkU4ouaX+syXQ+H3TgxFE=,iv:nUNYWMXB4QHKT70B01AQiw4utByAMCSY54Zo5XJ6C3E=,tag:NsEyfxPfgCIQZsKIFQTuiw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:8EPTej63BLWSW1h6bGPBymbmxn/MTAYGlQXfNAZYOG7bvOT/OJEepZGM+GpwbTDT5adDC9BIwjIaIuvN2YxyQxamC0v2kt64JIfOJqNcL2YDkKF6GgQkdo86T+5N/xq/gma6JIrl1ZHromiUJIU/nTgkU4ouaX+syXQ+H3TgxFE=,iv:nUNYWMXB4QHKT70B01AQiw4utByAMCSY54Zo5XJ6C3E=,tag:NsEyfxPfgCIQZsKIFQTuiw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-12-27T14:23:04Z", 18 "created_at": "2023-01-30T11:01:14Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAeGtiVx4eUHTbjv3xB+wVYZawZIS/a2EmY47xxDX8O2gw\njMHI7vF4bQGlWbwnJLMXIfxtK5gUontCZgTHneqClXPF78hibtCUBuhvAvsu5DCs\n0l4ByzrIpQSjo51JYx0mmaPifSN30EvYbgtYRgExQ+b0FAUAzh7DyNvb++3kz1DI\nOUJ5Fwt6nwVdBZlgAPHIJaCF91DNhav833U/tY8DA9IzigAA5dVhB4pR0OMMsLND\n=nJtD\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAI65l3SKWWGi1IOgxYaQLiM3swc6u/jNYTk+knGybPVAw\nQgeuw6ixhrUEoWQbnV5oUqErP3LE/p9tduMr2pDRY4hD7uHR0LsdRsx/hM0KpHm+\n0l4Bjc0M72aLujC2iyEfgc/cBSeR/I82/sgU7TGL2VA51GIF2rDTqLvPHkdlUw3R\nUwCCRZ6k+AqdqS+QWMciy1K02ddth7dTbRhiiruGkZ3/qu6/iWZAgwCG7f9yHyxD\n=mvtN\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-12-27T14:23:04Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAUE75g5kvTpMz2+wm0CKP2P0AfSMADGKQ/GW5kz4Rkmkw\nqUIe0vaLueUkbvAzgHvoNC+og+CUQo9qhSozK/vJLfxmKZ0gNbc2H56w3IKexoZs\n0l4BWF9JMxJPysnr19GW9kEstGT6cLCEzumojbsRqtOkEsISrHhHUjv2IYD1Tvpt\n0s9gdLIrr9ovwJV09LeUZOZZS+a4hBa3tGfFnWw81dAGnuZlXeC0kmTYV3Xn5cH5\n=i4Df\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/nights.email b/hosts/surtr/tls/tsig_keys/nights.email
index 5e387091..72c2615f 100644
--- a/hosts/surtr/tls/tsig_keys/nights.email
+++ b/hosts/surtr/tls/tsig_keys/nights.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeUNmVzJ3QVo3UzhZMEcv\nZnBJNW54SVRnSDUzc0h1emhyTTE4U1hTNEQ4CjFhOUxFdkF3djE2M092QjlQcE12\nZm9ETlJ6MTIwdFdTVkJaYUZkaHJENUkKLS0tIEJmRzFrYjJDMm9CMzVjenl2Q2lW\nUmwybml1cmo3TFZMai9JTUFwWDcreGMKmA2EA/jyJCYwfdzvRPdNQnTtcmYF0Zsy\nfQ3Aue3U6gZvOjllAdTszWb+VsJ+sgUlWu+GSJ7/mUk6F9HkCqZz0g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:44:08Z", 14 "lastmodified": "2022-02-22T14:44:08Z",
10 "mac": "ENC[AES256_GCM,data:+/9QfW6yc0AXNKu73Mkp7hK98lWWyNn3WLJ2wdi6mh7dAR/pYxcuIa8a9b8Kv41WrExwExVbWbI886v2hC63GMI+rZeiOXAZEEFNCpYQwyog0bzWedZ9gE5ZmymaErrPsVJYauys+8NYomhtj+3ufB5FZNwfmEOO76dzcr10qZY=,iv:ecyJqhBYHHNj97JvOCFgFg4jxaBySUdj3ZgZKY6ulLw=,tag:a62hRw50887xQarS6O/GgA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:+/9QfW6yc0AXNKu73Mkp7hK98lWWyNn3WLJ2wdi6mh7dAR/pYxcuIa8a9b8Kv41WrExwExVbWbI886v2hC63GMI+rZeiOXAZEEFNCpYQwyog0bzWedZ9gE5ZmymaErrPsVJYauys+8NYomhtj+3ufB5FZNwfmEOO76dzcr10qZY=,iv:ecyJqhBYHHNj97JvOCFgFg4jxaBySUdj3ZgZKY6ulLw=,tag:a62hRw50887xQarS6O/GgA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:44:08Z", 18 "created_at": "2023-01-30T11:01:45Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwkyJitOwmF+FeN4F3Z72t5wf8vTizR+TjlBPU/OwRUYw\nYVBQCma/uqjRj4UZeWXo6lq3weKI+gRp17z3Fvzc0YCWdtGq7lKyVtmwPltrvEXc\n0l4B4h6XT2+EcPuqtvkpNwIUoNphYZV8xGUD4v6lAQqUOYFsJvZfZbYe7tukcAQg\nwvbuWE2Hht0cxPpY65cVURA92wEcs7aP6Bp9Mqb/lQn7Ju1sv1a4bAvYvNVFnqu2\n=OkoI\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAi1CUE79Nkerp0l7z2nYt25pekhsH/8EsIvc3o2g5cTUw\nRWRz+UMg9N7zwEoNvxbTg8EWQXUAW5TdjmrtxhgZ38+UDMoGeQw5Dxn6cvZVHdGs\n0l4BqERiLgVZxA2qF9SXJjRcqLEtkvBTN4wu3WhXv6N591ef378XCNescZ+Vf245\n047EuVXEwhOwzfz/v/NeelKRCrtbh3I/ezCP4Eg6EfDN2M5++RsaVW8KXcKVbcqH\n=BJ++\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:44:08Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFIJLO7eo3lhEVg13E2zI8DMn3ljuQv9JggBD2mHk4Xcw\nDjk54ugbH3AacQN4zsoGJsAjZEUpfCBhGl/fpVZYEVzgMLzA2SRqRol94YPyNpM3\n0l4Bived0rDJwIYAEhpCplpX/JKAN48BaauPC14QuWDxgBpZTWSKqa+BoYpTbBoc\nN0amWuqWp7WGLrRizpfah1w/+Og6QycgccXzG/dz5aRVC71ddxycvjbR2k6sH3tr\n=m8ZH\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/praseodym.org b/hosts/surtr/tls/tsig_keys/praseodym.org
index c4afce5d..b3034ac6 100644
--- a/hosts/surtr/tls/tsig_keys/praseodym.org
+++ b/hosts/surtr/tls/tsig_keys/praseodym.org
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdnNYVnl2cEtYSWZ3VnFj\nR2VhR3VqL1JHRW5CYkwzNTludXk4Q0lIYzFVClEyYkJKYUdOSjBzVENhM0ZpUmJG\naFZOZ0NYQk93ckFXdEpMNVRKeTlYSzQKLS0tIHI0SHZZdXI5TEZ0V09EZGFjSWtN\ndUFGcTU5eVBGM01TZUxnWk9TRnI1T0EK+xCGB657ZP2rVuBV3UkLn9a98UwdvFwm\nuy6k+YTca4O+Lq3ZILdFnieAbZBV4G5/4MTK3m8Q7Akv3DCjRTJsaA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:37Z", 14 "lastmodified": "2022-02-22T14:43:37Z",
10 "mac": "ENC[AES256_GCM,data:dMgOwAv7CWEsP568dNX/1mGOcVIXc/eU92gJUSkZaQBWoJExa7Y1K0Ocyin9YsdQsFGcBFgjyo1DtdVUrf8j5/V69CG8xXiWwf82O247lifK+V2/Etgys7W71GZXxX+C5+fnN8SgsVQeOKX47ljiDeajKMXOptQEx7Awooe1vYM=,iv:GP57gibgf20yrZTgGzGxewOEWnu+1E7uJUYYJO85n9Q=,tag:Zhl9FmLYUyydiNzbXjLN4g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:dMgOwAv7CWEsP568dNX/1mGOcVIXc/eU92gJUSkZaQBWoJExa7Y1K0Ocyin9YsdQsFGcBFgjyo1DtdVUrf8j5/V69CG8xXiWwf82O247lifK+V2/Etgys7W71GZXxX+C5+fnN8SgsVQeOKX47ljiDeajKMXOptQEx7Awooe1vYM=,iv:GP57gibgf20yrZTgGzGxewOEWnu+1E7uJUYYJO85n9Q=,tag:Zhl9FmLYUyydiNzbXjLN4g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:37Z", 18 "created_at": "2023-01-30T11:01:52Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAEwneu5Lzspri3SHXIFgp8G+nTOpl3DGEoQTCaxeJvkgw\n/q3IUfiNFbpH32V7V07oOk3CD3SIlVVLNcxD/3DuOLHLeCehnWJ6OAtzaakvR2zW\n0l4BEBu/NBzhrtxbOt2vJnUyIoPwJIQuzQ92nUppd3gdaMoHyA+Wk/CAByTZ6+Gu\nq4jPWyeVwGeItpQ3PfpnCKJJQGhs/2E9TQrrovr2vhurnaxiEW80U/NdCQ3eMXiw\n=vKZP\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAsvVWb24Xl8qbhctmiw+9epiKCSm6e2HPEu0kg49AwS4w\nDsXjZ5lMCFX6Rhz9IXkLF9Xm1JcM5pHzwYEu4C+eeChKF8/HkILgabGW5fIfK1LE\n0l4BDPMbqy1cOPlAc3o4sFz3Kzf4e4G3/lVYLa/lOSrlMiZezsVQuxjEUESdI20J\nZO95PoMdX0fRx27gwGt9TS+6vA1Ij27yR/ud5zNPjbwm8GPPKRxqVn/IPsq9YFJ0\n=L6zq\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:37Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA1KY9DWpdJsUWLsvl4jJWel1tsdiNJ4z1VJw1W1Uiti0w\nLBhjFCiX4trrvYZf/s27t3CEE3j1xHpk+nhG+5rvh4PKOy9+4Z4dQ7ePr3khWK8d\n0l4BrSZXnmP1+i49AjR4F94EvezVS5MMNlqbHOfChBaybXO95oXl8CamSu2X0kSC\naJJe/ovfYblK2QCD1+kAb/e4LOedAHkL/YSOFtKa0WVhKNJoRIocAAYfCAXuQSRP\n=GWol\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/rheperire.org b/hosts/surtr/tls/tsig_keys/rheperire.org
index a6af56fe..7c23d714 100644
--- a/hosts/surtr/tls/tsig_keys/rheperire.org
+++ b/hosts/surtr/tls/tsig_keys/rheperire.org
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNVVWaUxxR3JDUXJ6dmEr\nN3BtdHFkakVZTWJDSVJVYmVvZGx4bDJ0RHhBCnREeE95VzlheUQ3cjloUEE0K3dG\nOVJqSW5memYwWnR2WjBzV1JpdWh6TmMKLS0tIFV1VDFNZkREV2YxbzVSYmZ4Sk11\nRU1VbXdzSDdJL09uL1BYeW54Ym1YMjQKfCIdDhNwqz5lZVpgAZTIfZ1K3MRxnY5/\n9YV3sCQ58KkkDpCDzNT3MSA+PzKCdhXWDJmv98ZyUhBX9gTu2FYA6Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T10:05:06Z", 14 "lastmodified": "2022-02-22T10:05:06Z",
10 "mac": "ENC[AES256_GCM,data:QJnaf5EFcTRk0tTQy9ZWUxEdZvfPZY3HvHkGLTrBMoNZf0rA4gwwhl7/TQhxmlS79/PS3eaf0QsLCwJVuuGJwsdQBfB516pl6F3kcFfGU0H1ydFpdQb7Y69UhHcOGCfep6G9qBdYGlM/u2c2xpLd3J52WwDfstrV/W79S9x0M4s=,iv:A9U7zI4Qc5AexJymJoBn71UQ0I21crs6o783JILQkhM=,tag:GDctWmgNNoQvRP5X1fPbGw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:QJnaf5EFcTRk0tTQy9ZWUxEdZvfPZY3HvHkGLTrBMoNZf0rA4gwwhl7/TQhxmlS79/PS3eaf0QsLCwJVuuGJwsdQBfB516pl6F3kcFfGU0H1ydFpdQb7Y69UhHcOGCfep6G9qBdYGlM/u2c2xpLd3J52WwDfstrV/W79S9x0M4s=,iv:A9U7zI4Qc5AexJymJoBn71UQ0I21crs6o783JILQkhM=,tag:GDctWmgNNoQvRP5X1fPbGw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T10:05:06Z", 18 "created_at": "2023-01-30T11:01:09Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAGFBLAv0AjRVBrt6bx0LjjXJ+F1HMItYH+ARVivmvqn0w\nTu4haSHe/+Y5OGppPz/AKscUahtKlD9Xc+wDEO7VwnGeqYmCmtfz71s6Mnzx5J4Z\n0lwBmnxPoyq4n3gObkaK+w/sXQCtrPzcr3eb7WwsEtOapNg1NOgveTkMGivhSltv\nEHOxA3Zb3j64VRFeiBEUhwo45QT8+XIkSogAtTsMtyJjsDdlSx9Se5hm9LuFaQ==\n=cFm2\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdArLLFwpGwaUp0zA9W8zwRHDCBlwqY3ve1L6L1Tqrt+mow\nMv/kpMcKUVePFd2PMP/pGBshfolivoT/xOzm4UHLErOwxPNlmocsz2KzdZo3BwPu\n0lwBpIJWvKl5kLP86YY3UlPGr32ANZrmj9obnnFqnI8Bxvn74LzQNdwnlx6Cz7nL\npa28EkwKuru7buUQlhXrhV1xTXUN9bI9+c5WDYwyszDV4TUrsRL1sa1lCpweEA==\n=Vuyo\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T10:05:06Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARVp4AmaIEZyYrmVaTjF+qIlyB26EdjC3d4D+Jv5TkCMw\nQ8/pshECLLazpepPPxsQ2SHNNqlqiyIPkRaKIcCxp0ViMVG+C0C82QE5oJemnryW\n0lwBhYa5Ug65KISzIy2LsxiaXcyH8qTOa2vvza8NWdFyao6qH2N4MtdN4PoHo4k4\nSsxxtPtOrNo2PRjqSqg1WhCP9HQ9OOrTxXXL1Cei1LySN56/IBmTHs/CnDIjUQ==\n=gG/G\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/spm.bouncy.email b/hosts/surtr/tls/tsig_keys/spm.bouncy.email
index 46756f68..83bfe4f9 100644
--- a/hosts/surtr/tls/tsig_keys/spm.bouncy.email
+++ b/hosts/surtr/tls/tsig_keys/spm.bouncy.email
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NzBFVG9CR25EcnJZMnNI\nRFVEL0ExSTB2M2FFeDlGRmNsVDVhOU4xS3dnCjdHNGhhc3hhQWtBcnZmSHdma0xJ\ncGJFbXdPMkpHVVVVU2xUTEpzVm5nVEUKLS0tIDlZRDQ1V2NmYkZPMlNtZGxVWlZu\nWU8xUFR3SmE1MVZwaytZNXAxb0R4aFUK5Ds4ucb8CanfQOctQzqcrHThZQyvUCWQ\nGM6V/WJ/m3tJpILn73BbNPUgAWPirmf/ouOGejrZxGzwWm4i98UgYw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-15T13:17:01Z", 14 "lastmodified": "2022-05-15T13:17:01Z",
10 "mac": "ENC[AES256_GCM,data:/iqvcLW489vCFnTyVldH9IniRZ1cSavzoAqpkTtVT12ur9vIC9H38psHypgMRqSCrMTciispQM/gLTHFkUxMEFlm44zEbcsI2krJaB+PV+LGy+1gpJksD7JLQp+o5jCHB3CcY8pEk1NaCLMxekJbOj2Kd3LYnMHXk87LOdI9cfk=,iv:m20mpovM6sjDYeuCdRSCEUDz0/orhLlKYLsenxshl6g=,tag:3XaAxA4B2rN3ugLUTlA6tA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:/iqvcLW489vCFnTyVldH9IniRZ1cSavzoAqpkTtVT12ur9vIC9H38psHypgMRqSCrMTciispQM/gLTHFkUxMEFlm44zEbcsI2krJaB+PV+LGy+1gpJksD7JLQp+o5jCHB3CcY8pEk1NaCLMxekJbOj2Kd3LYnMHXk87LOdI9cfk=,iv:m20mpovM6sjDYeuCdRSCEUDz0/orhLlKYLsenxshl6g=,tag:3XaAxA4B2rN3ugLUTlA6tA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-15T13:17:01Z", 18 "created_at": "2023-01-30T11:01:46Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAVKePqPnN7JgcDtSPrtJw+1Zdkf/fQwzxfq4WC+lPzhEw\nSJSOsfh2jv3z2SmbYPCpi+T2Gu12C5rBwP6FeB3s8IZpNs/+8oxflG2gH2xtAPmd\n0lwB1gaDej+yLf1GmVLI3e6aSa5WsWEmDgj8jcsjUqp2Ws2LYlTcyDZvhyd1G4RN\n2G6k8TjdKnTsrXHVqwTKdYtND6U8Bh6wqXFhFWNvqFc8wtrXcz8Nfx//gbQGdA==\n=vu0v\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAlguvr8HermknUjT0pIGosZTOjwubwlWPpHJmcROChTQw\njjGRPu0MuTa9iah74rpROqzpvCcoq4cerHTqnRHyXjPUP2xEb2ppCsy8bfPQWv6B\n0l4B1eiwfDpHS+fKhgRVI7kqf7m9yqvbgExelQ+pwAm4xOfu/lMNoCeJ826iaejp\ntwVvjE8rnmeB92zXQKO9BfxJwjCd77j7dgP4jFpYI0eHjcg2RshdJFMrtOxiIYBL\n=DlAy\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-15T13:17:01Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAaeTRfIyydnIVadNeupg2ZyNyS+j6wuvaIrhLgFyNui0w\ntGLO4P7iVXgyWQXRfowRzJPBrDvfE2P8mLTwH4nXVtpILZuZsoASMdmy5Fasc3eh\n0lwBIiucRLpz24kquPzeS0mN8gQ63Cfk5jmc3lI65g2yxmVNhkdNH7V8tk/h0lHZ\nPASmxnPxNfPTBJYYQki+vBWOgqLm0S5W24nRDAUrHWdPprj1Umej7/vg6Edx5A==\n=N8cz\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li b/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
index 6b3648e0..23e25fc9 100644
--- a/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
+++ b/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERnpoL09nWU1KSmxlOVhL\naVdtSTA5TkdTbU50UUxhMWd1V0xkczRMTUM4CnRKdSt0N3hOYkV6OEhjQjJHdFRY\nMWVtSXB3RDRKQ1pPNFJKRVBsOWdEWEkKLS0tIGxQY0djK3Bya1czdFZLL1NxUDgr\naHhxTllmeWNKQjhiclR6LzZUdGx1cTQKSW8X6ndiX2kciF5DZsHAk1EO9ndU49lq\n0yvxErSGOwXNakQ25PTAVlP0iVyJsuBtStZEK7lDfYT+GbzLptyBFw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-05T11:44:33Z", 14 "lastmodified": "2022-05-05T11:44:33Z",
10 "mac": "ENC[AES256_GCM,data:LffMGjgzNp1gQQPBF+hUDh1YvgZqRYnS5521s0P1I0/1QlXj/iLYhNwIaTdBxYWFoeBcmvdkOXJV4YcTNqCmw8XaV9bNfezQTRlbskvAKZ1NPU6RRx6horWpguSWONnCMoFk5eaqeQA2Nr5rJ4kn8MSo46TMmHfR9Aj0fctuY1Q=,iv:E6Hu/jyY8WV+lm1AzRHVhI2Mdj2vDDwZcdR+KhM6gkc=,tag:I3F4gAQ3Eo86KL3fdeBz3g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:LffMGjgzNp1gQQPBF+hUDh1YvgZqRYnS5521s0P1I0/1QlXj/iLYhNwIaTdBxYWFoeBcmvdkOXJV4YcTNqCmw8XaV9bNfezQTRlbskvAKZ1NPU6RRx6horWpguSWONnCMoFk5eaqeQA2Nr5rJ4kn8MSo46TMmHfR9Aj0fctuY1Q=,iv:E6Hu/jyY8WV+lm1AzRHVhI2Mdj2vDDwZcdR+KhM6gkc=,tag:I3F4gAQ3Eo86KL3fdeBz3g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-05T11:44:33Z", 18 "created_at": "2023-01-30T11:01:57Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA37udf4bGP58tefZPCe6GXJMyu+cCzmVwUh0Y78MZ4BEw\nC0kHrjRb/2EZHrWPiFrEuTipIw3GVe5THmQfQwA6AJnmYtIZywCB07SFF+myS1Qz\n0l4BY2H6MsZEhPUxEK/ek83XMzLdcm0uLbIoEZFjL6lM47v3C8/MipxE2+zqzzUr\n7KWtpZekshX3kc5Qgj+Brs+X+Vz35PheGgHs6mX1rOFbHGxcOcNlu1UK3n8p3W9i\n=B4Qz\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPA2L/PyEDznBEhms3JO2divEwewzwS8B5EEIMYGKbXgw\nbX2dIKEAoT8S0FkjkWoBnUwApQg65CVGTV/Pz6WDBhIldAPQOqMVSMtMapleZDR1\n0l4BTEcWYCanDctCuKPTuz2ncqrVjVYxOvO6H3mjVsWvak/BU0Ou/1v/+udMU3pA\nUJ8Qd4H3/pA1ZRZSAlCUqZrH0JEYwYGIcsLpgwsnICwpty7dMlAsbDb3iRKLqOr+\n=UKGj\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:33Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdALq2tsHKjoVkxuF2LubirDKj1mXBL8D9gEtBAgUL+e1Ew\nCircY5+tjUj067L94tbr59tyqVdbXhEXZWfk+yqarIErIlwW7VKYM4RMc+0ePUjA\n0l4BYQIILqERGv4uJG7nZhDVu4YMatMR9ALgED47OhXwjnVG40Ncwt669YpRqmcF\nlxCgqbcBcCc1MfRn+C7Q7hYmruqc9cIBRYlssZmMC10CCETRASxTgeNcDve24AVo\n=z5ML\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/synapse.li b/hosts/surtr/tls/tsig_keys/synapse.li
index eaa5e4a4..9304c0b4 100644
--- a/hosts/surtr/tls/tsig_keys/synapse.li
+++ b/hosts/surtr/tls/tsig_keys/synapse.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoalBTMXQxT000VHF5eVU4\neE53R0VWc3JqaERRZ1VuVTZ1UWliaXFpYWtVCkhNaWRiLy9zaFRQTjhrNUdDWmE2\nN3pOaWpKOEYrcmJVMFJNSDArUUF2UlUKLS0tIFoxYllRRVNvcDgvUnp5ZCsvb28w\nSmxLWjZybXoxREdoVXRNS2VRZjJGREUKDXtG2FxGidWW7DFt4EEsppVZedtK7jfs\n12Fqpa/26q9OhuqAUCdxQsLfPkJodIBCK/Dd3uQpiCc3LuuFn6rS4g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-24T19:19:00Z", 14 "lastmodified": "2022-02-24T19:19:00Z",
10 "mac": "ENC[AES256_GCM,data:T/ta/YjbqybvlnRxiTNskvfiZxWGcMmwwOA4zrSOIqLe4pSX7OEtg42rZ6hU/jQldaujesFRl/Q7PSqcQGuDNstMW1XmRLYfSevJXthgpMRjdahrm3N8/kjWLlVaBbe7gP8p1d0GyWB3Aq2WGPAQS/WtKcmJQk5ObsIdImO/XAo=,iv:+1uBDXXOSznwhtcqa8Bh5qqwhgZlR3oz4lrIH8RyN0w=,tag:ejSDocMdIoCvNRjBX6NrDg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:T/ta/YjbqybvlnRxiTNskvfiZxWGcMmwwOA4zrSOIqLe4pSX7OEtg42rZ6hU/jQldaujesFRl/Q7PSqcQGuDNstMW1XmRLYfSevJXthgpMRjdahrm3N8/kjWLlVaBbe7gP8p1d0GyWB3Aq2WGPAQS/WtKcmJQk5ObsIdImO/XAo=,iv:+1uBDXXOSznwhtcqa8Bh5qqwhgZlR3oz4lrIH8RyN0w=,tag:ejSDocMdIoCvNRjBX6NrDg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-24T19:19:00Z", 18 "created_at": "2023-01-30T11:01:21Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAGfbmtH5MpFqWJZfFLndsjMh8zjPjpuYQhNCdqf+rYTQw\nUBmEjVr2GuBpdGmT8De77gexEDWWo6JnQ0FhRtRJhQLz1BSWutn/nOHNamPKGrsA\n0lwBBDMpQ/7jO37Y/utTPwRZvRITGSoSBFTgxL+2bDQJf0vh48+bl4BxpsJcT/pA\nMHBi5qfnbQcGqMEOOJUWjtMpL8st1VUVo5IP5hJq0z20b9dq8CKDnH81q7pQCg==\n=Js+/\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAumgr0KIM1Je/FraKooXprl5Q8IAixOAPMgSYVXC42Dsw\nUX2EJTk2bj5OWJGMgygaGqJ2XaWwcFal6oQWneM08wgMcX+cZJbgqT/KdZVa0ecw\n0l4BVPwaXZLpXmRN4QuPCQ7qlEpk/e9VGgsbAVV5jQR20NWtzwhbWKdM+oZieEF4\nSn2zogkvajR02VaTffbHPITYPQh+6bF6RmRYP5kR/TWtH0Q0u0fYLV3DP9FZOfa8\n=kHMG\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T19:19:00Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdADkUSyKMT5advcJw30bHEQ7qcIyNLb7+gAlOjJJPt3l8w\nUHNJFp/aquvlMwVmfXkPFRbV27oDOjC7HB03cOMZgcNLWZD7121ocDNaJPERhLRk\n0lwBJJm3tQwPxsEUGoqbzt/YY6qXMskWfKqDP6WkKCNjbTWob99zR6ygukPzRnHy\nvI7Cd4QHQ9di8GMSG9bpch/wcsM1OV/hcB15qVj5w5F0uft9kwgCIQ4GNmsYZw==\n=F66K\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/turn.synapse.li b/hosts/surtr/tls/tsig_keys/turn.synapse.li
index 019a03ab..d71d46a7 100644
--- a/hosts/surtr/tls/tsig_keys/turn.synapse.li
+++ b/hosts/surtr/tls/tsig_keys/turn.synapse.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTN05Xa05BMURydGpDN1lM\nUHJMT1h4YkJHNU9raWlVU09HVFNjTmhtbzEwCnVIN1RhM2ltaE1hQ1lFRUVITzNQ\nZUMyV1AwOFRESzdTdHRUTmVYV1YwMlEKLS0tIEwvQlhEaGh3MHBPeXVjOWlpSThW\nclBaMkFhMnJxMEIxRWlaald1dWxJWEUKTtit7dcWmikpppnrf3UFopLD0aKiRkJy\npTJMX2AoBo61P0eYqIIupT4MMvRHJ/w6JwgDw9+kXrMY5K63o8HETQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-24T23:02:47Z", 14 "lastmodified": "2022-02-24T23:02:47Z",
10 "mac": "ENC[AES256_GCM,data:G5hTMG3zfk2AIoKuIXZoQN8oUo/Zqd36B2Iz1fhsJg5k/Ns1kgHu3emNi0inhkryPTY8+4kNlLLk8T207RMn7mmu5Ya6zEMASxHrMp/1IgES1C88CZNAqIAmTVlmLEzXsh6O/8f7xtPjgNzfgbbDb6td/CNBQPyBfsuGeB9XM6E=,iv:3El86ZrV10IK0MTikO/Zs85afOv7t6Mz75sbl6yUNew=,tag:H4bNDQoF8Q8lTHImP0YFzQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:G5hTMG3zfk2AIoKuIXZoQN8oUo/Zqd36B2Iz1fhsJg5k/Ns1kgHu3emNi0inhkryPTY8+4kNlLLk8T207RMn7mmu5Ya6zEMASxHrMp/1IgES1C88CZNAqIAmTVlmLEzXsh6O/8f7xtPjgNzfgbbDb6td/CNBQPyBfsuGeB9XM6E=,iv:3El86ZrV10IK0MTikO/Zs85afOv7t6Mz75sbl6yUNew=,tag:H4bNDQoF8Q8lTHImP0YFzQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-24T23:02:47Z", 18 "created_at": "2023-01-30T11:02:05Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA75TO939bjxbE1DVdU7jxN92WBA9+FXLGzLVuYC9rjmUw\nB3jCi3+Q5Ig1N8moAy5SbuwvWuwunqksLipygk0zQCkrQAP5Yw8zTuaed1TUj61Y\n0l4BAfnWJkhG66fNaJ8bYLpnPelF/q5A8Ttqj6Yxj/NJwpqn8A43uOIgYZwUH/d3\nr/o1fT6hmsVgwRZsk7wTqletauc29SyA79nL3ObsP+3Mq3WSLaxoXNN/41+aPAyZ\n=oSp+\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAe/lLJGWEfOKVw1m9vbSFCSPajE02t27+CD3mobqrkxIw\nE4U4fzfPfmyb8TcIAYWBmgEf1w0WDCFLcW9a3Zk83ObimhsRmpDM9sf8lkSC3077\n0l4BQtnQxGxNO24DsMVdESXTE98rESxoacuC4lKDA9sTZLddGzv30969yyECVwv5\nFsvc5vjdKoLaSlrywwhinuxsiEv6+HRCvLG+xeNjyFvttvCggNT52gInxs8r1/ed\n=N9mn\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T23:02:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAEjr8onFpTD5dlA6pFGE8Z7JWfIzZMK3APnpY84e1iVQw\nlWIlbx9T9UjPpp3TgTgDz5ve1ZeQuKm95VcjvfWOamo8Nf9rgX8+yaNjFe9Cl9EX\n0l4BKcFRgwZoiNPyuWFlPGbW9K/GmPY2DX/KKdPuCWjDktdDzrgD07RyIdXnlaob\nPBjFDkMDpFMt6meE/Unux9fNE6MeyAsJvEHkKjNq9AEvqKZgdrNkzmUzjWm4DIsx\n=9W7b\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/webdav.141.li b/hosts/surtr/tls/tsig_keys/webdav.141.li
index cb2e332e..be790436 100644
--- a/hosts/surtr/tls/tsig_keys/webdav.141.li
+++ b/hosts/surtr/tls/tsig_keys/webdav.141.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbnM5RTRVajVUcGtpWnJw\nTjdxMXdMTjAwVldwak91cWxXanZtVk5vaTF3ClFuWVhVYjgySWkyb3dpU1luTjZ5\ndG5CRkIzZFpjS0h5TVVqdC9OaTJWTUkKLS0tIEJJaVFoV20zaEZzVCtxcG1qQ1A5\nNitTUVJnTWw5VERkcnhIVFhnUFp1MlUKELulSZylWR+SqhA4a5EUzJum50bSdraG\nbPQNQP7TGrxLRyV7Q54lcyOz9pe6nOuFVNpj0QizGaqLat7wr30TlA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T12:23:26Z", 14 "lastmodified": "2022-02-22T12:23:26Z",
10 "mac": "ENC[AES256_GCM,data:XwQKJBBJ3luAqk0S6auD7q+QLPwxG6Gnn/Aim5AJIO4FzgiluvuL8oNk4Ez/5Q/FVOtbMDKCQbwz+tgWJN6i2mlu8W4xR+bLOlGzcBQmnY5QIcmyRGDNhumrThoHtE+3agLwyVhWrvZmpeSruTRZ5n2EkGshOnSAi2SGZulVrPg=,iv:pInwne4YHzWd92gKgoNB0VBVMH7Hmu7q6LZMU8GO1yw=,tag:Y8J6cJommccQTR7guU4Rmw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:XwQKJBBJ3luAqk0S6auD7q+QLPwxG6Gnn/Aim5AJIO4FzgiluvuL8oNk4Ez/5Q/FVOtbMDKCQbwz+tgWJN6i2mlu8W4xR+bLOlGzcBQmnY5QIcmyRGDNhumrThoHtE+3agLwyVhWrvZmpeSruTRZ5n2EkGshOnSAi2SGZulVrPg=,iv:pInwne4YHzWd92gKgoNB0VBVMH7Hmu7q6LZMU8GO1yw=,tag:Y8J6cJommccQTR7guU4Rmw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T12:23:26Z", 18 "created_at": "2023-01-30T11:02:00Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA0kfMkCzKUHK7Ox8TXe/Z+RNrU3yk8WNk5Gb0LKgc/iow\nQHecugi4Gk+ZEGLcko5MXPDXee9PDQDLGNCxLiRcClc4lLC/AgWNwfSL5j1Gw2Mg\n0l4BJGJq5dK5acKKuLjgmehIDEi2ZJZl2/Sgw3TymUZyc9Y6Xw8k2ouAidSQwyuh\n5pLkzGAOS9qeHedOR7BuZSHVkPzFeM2JE/bkQyVx2im4UBDYMw3sDc0VMsQgV8Gp\n=ZqOO\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAQSNzTmennWMvLbsjtI3EHve5UbY7OCZTvPo4dWRvwTow\nh5puystWA9OsiIwY2Foo/L3Fg2oL4KpOup/Mz79y8HDl62561Rj4IDSXUj+6ybtU\n0l4BHjz6MHLMu/dUmnBPacUrF7gxknF0TINAeGVi4rhiCb7+hQntLhURqswGzccW\nlpn/wVITcKnLbFEeT6JmxTbVHd/BrHV9gEqApT7Apha/swZE/tpiU2Dk5Ee6fdbz\n=cqUw\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T12:23:26Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+tTfPKdULqJRo6n4UDMGJdH06I5iHTnNf0slTxfhp1cw\n0DUkmp715+saoXFTACUEiiiBv+8r7cLTb7qOWXcRq5LP7kAPwHZ5p++9vzePyQ84\n0l4ByVQ5Ywn0t2nyYKbnRktvg3Ea0XUErBVVg1+iGpnfVT6rcUroHqqpkb8KXfBL\nQ1Mg/pHXMCHlbjnVRG/zyO3Mu6mvWpLgw39j6S3jtAFhdEmTUXSd1tdZXYPKWpyT\n=1egy\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/xmpp.li b/hosts/surtr/tls/tsig_keys/xmpp.li
index 35acd462..560d7e26 100644
--- a/hosts/surtr/tls/tsig_keys/xmpp.li
+++ b/hosts/surtr/tls/tsig_keys/xmpp.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMjhwcXN2bXM2Tnh3ek53\nVVdhemxPaktZUEZmZUl4SEVTKzRGNllMRDFFCjJpd2Zuay80U1pTdVFMdy9oSkFv\nakJaTDExVVRmL0lOQjB2bDdubE05cDQKLS0tIGYwLzJvUzhJMTMvbFlZbkNDdlQw\nUVhlMjJrbGhORUFqS0c4U0Y1QndKckEKmghm31+4wGiyRtUuyUM9ews4JK7EeXHJ\nPEYTZDJ4IpOcPyUKKZAnFEvp3/Q2oodLie/5ucj7somfBlXQFQXw1g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:10Z", 14 "lastmodified": "2022-02-22T14:43:10Z",
10 "mac": "ENC[AES256_GCM,data:IACasoGWgaouc0QnJAztTJkRnD60D0r0pXdxhXnDqpsz3qeS4Nnc5wgjMjSC6iTLNTDsGHw5s8egoIYKNhMVv1Gi7jYPgaIMGkjtg5iGIGmd12dqQTT4LPTfvrA0zqvu6BjzjO1BEBaJ26u8SBWw6yIg76b0BPpmM6afmyKo4X0=,iv:el8SzvnpQzURe1POMWNI3d2vYbAHqgfWzkzFi6GTQx8=,tag:HWABf4iOAZZLiJiMivGQ7Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:IACasoGWgaouc0QnJAztTJkRnD60D0r0pXdxhXnDqpsz3qeS4Nnc5wgjMjSC6iTLNTDsGHw5s8egoIYKNhMVv1Gi7jYPgaIMGkjtg5iGIGmd12dqQTT4LPTfvrA0zqvu6BjzjO1BEBaJ26u8SBWw6yIg76b0BPpmM6afmyKo4X0=,iv:el8SzvnpQzURe1POMWNI3d2vYbAHqgfWzkzFi6GTQx8=,tag:HWABf4iOAZZLiJiMivGQ7Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:10Z", 18 "created_at": "2023-01-30T11:01:23Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAqBgOG0dMrKdKrPfL605eIH0q4zc/qLSepP3Mbi4wUCAw\nwVXV+LDTZKtCiT3RioyM3Vlf6blY1i5A8VgCKPHKFSy7TEMmhsHKKQGExahE35tm\n0l4BSmNYGiyW6mdiOlVS4uHlztG0SkzxAKoWs7lgwXufP97M0c9GaGLwVUCaOrWj\n416XfTI1wL8HmLBHaa8s2GyVPo+VWRKUpPu9gXAjTpqmRxeFjt7j749nIK8X27y8\n=2zXf\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAw7q4oSlYjhOZfndyOD6CJhb+hCSBgGZW0erXn0DBUCww\nqGF0jaW2UPBLy3W0TSbJL+3hoouxPZp5r2h32RnLkAWIa9UIiqqLon+fGsDk3fNO\n0l4BaDhDaujb46lPAAxiYaRgsphxr9S31Of7MDIbIMTXqAHhBTdhtKjjikVoXaqT\nRr2ePkPjvl+Kr3Ox7O41bgG4u6V775AEm/zjwXBIFaFZiGBjRP3RAGQv45Pza3Xy\n=K2kK\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:10Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA4FILrqlN0ta93yHezBedT+3UuCQqonGlarHvrwi77DUw\nIi4IxaLcYRwqISIhsjz0k7MzJ/BlP1/Qg/NMaB9CoSQIoVc8P7TK/gdP81ORE+r2\n0l4BT9n00HJPJ4IHJKcKmG+Ta5xOPHsVqRNgLSp7Ss71I0HLEa6YqhE/4z3kwvcE\nD7fWKVLkMuA6PMzjEa+ZGY/baqHL0VFW+Vy3/Fn+E0nStUT17Ya0ANB5kuyRp/v6\n=cwHX\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/tls/tsig_keys/yggdrasil.li b/hosts/surtr/tls/tsig_keys/yggdrasil.li
index 7c75602c..38759315 100644
--- a/hosts/surtr/tls/tsig_keys/yggdrasil.li
+++ b/hosts/surtr/tls/tsig_keys/yggdrasil.li
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmc241aUxxcUpTSzAwVHRG\nUDBGVU81Z1JtT29QQ2JZSE0vemduMm9xVG5jCkR0Ujl4VmlSa3ZJay9oUUNwZFBi\nSVFUR0ZKTFBZc1JCYllxdXhOblZ3T2cKLS0tIFZSaWwwZ1UzNTFXTVR5bTd1M3NB\naUNqZ0I3VWs4eUFFRVNrSWUzRkhyUnMKct7qRvIfNSuz/zf0WwamkiTOh59bCKB6\nzmkAOCtRzMCAN/Lcc9nBLdSF8tN0ZPmgQmqjs4iqgRwPmk1vsPbyFA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-22T14:43:24Z", 14 "lastmodified": "2022-02-22T14:43:24Z",
10 "mac": "ENC[AES256_GCM,data:DzSO3ir1Q2KWzwcmrW9ksw9GFRJXOVkb2tuhgDQxzV+sHC8O6VLMvYUZCNrYSKlZR0i2xiGuQD+3cO09YRYMF9MoR3ODl1BAGi5C0z0UKYPxf8BE/8x1qj2ak4Qdp7BHtaAQHo+IU+dX8AK64DJ5b2pJ/ThZzRSlfaeYp3X8cgA=,iv:FeuDzZzI8R2sZxWry5Jr1eoUWQlLkSqiNLutrvBviKI=,tag:VQJoQSodDkHIkrDXsnPG7Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:DzSO3ir1Q2KWzwcmrW9ksw9GFRJXOVkb2tuhgDQxzV+sHC8O6VLMvYUZCNrYSKlZR0i2xiGuQD+3cO09YRYMF9MoR3ODl1BAGi5C0z0UKYPxf8BE/8x1qj2ak4Qdp7BHtaAQHo+IU+dX8AK64DJ5b2pJ/ThZzRSlfaeYp3X8cgA=,iv:FeuDzZzI8R2sZxWry5Jr1eoUWQlLkSqiNLutrvBviKI=,tag:VQJoQSodDkHIkrDXsnPG7Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-22T14:43:23Z", 18 "created_at": "2023-01-30T11:01:41Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAP/YAe2yfGvQ3TcChWjoRsi1bSezMKA2VDWPgRZuA1xQw\nEXhjL2Iu/ORRaktmd6ortqSxckYo2WOosqLXLLWXSnSpBK0mpSFO4/DJbMeKapCA\n0lwB0Tq0hP1Knh7jrTm/9mj2zcqonJY4P8mDwobBI4p1Ll29HxG4KCExrsxFFV6S\nQj1/r9Sz3SLsA9+z8hS8SQO3+877ITmAF518LTjs5clelO4I3KYCQqezXTVOSA==\n=2jir\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAZ9qFpH1UltHmoZihHJM38H1twVPp9R6ShAQjSuqvGz4w\n7ps+sMw8o2Vy8BsnEHVF/pFgz4VXQ5FjkWiERqEoMzorugz29dnK4SivnZ6g5thV\n0l4B4EdX3Oo/8stFNb/M5rVn2l8f86U62mPaNTICjMYT1Up6zTUDyGkhhTcXOKDX\nm4k76TDsLgNhOrgFAUzep5YD/PJk/MyxdBxcQ8MxyVsbAQZSgRLfb56PDIDMsv8A\n=N796\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T14:43:23Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdArOyejysX1GDvK5g928BoioPtvEz1VzindL8Ng3Ta/Bcw\nUCB1/NKkCM8Ex2jALoGrBeZ5GdL2eRAOmQysaYPpeYRSG84/6e3DUixsbavL63tO\n0lwB+fVTe4tsLKFQ/j+GRJrBkHWNLVSjq50t68OhqTMQ31e8FejeTdAmsFG33MjH\ntumC/AGjz9qAGR7G690wu6WZaJRFD+aPMAJdFN2Fu3A+Imdra3hlTExs8ZAVaA==\n=7NiP\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/surtr/vpn/sif.priv b/hosts/surtr/vpn/sif.priv
index 30a08fcc..a3c13416 100644
--- a/hosts/surtr/vpn/sif.priv
+++ b/hosts/surtr/vpn/sif.priv
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVzdKYllJMkJ5TE1lY25D\nOTh6WGtYcmRhY244MUdyRnFCa3ZTMGx4ZVFjCllRaElWVlZ1b0dKL09qUWNEYkhS\nNnowRFdjSDVnSzNLQVByQm00Q1NHWFEKLS0tIDhiN2pjeU1nL2tWMFFrZUl1TGto\nY04wY0o3ZEhsR3hrQjh1eHREZHgrUXcKhd3BZiC6NfQ1kDvpN+HG4z6xdLJZaR7B\nvyEQ/p0VpNKXW83BhiM+FFzJ0WLP7nS7gQ89RyjAOQ0/oIb+b29xiw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-07-29T12:15:02Z", 14 "lastmodified": "2022-07-29T12:15:02Z",
10 "mac": "ENC[AES256_GCM,data:MQFmmdTgHlwYplUt51VdMUAnezhypB0Yh0PW5LX4L0lsF0/qlHofRXvqHYI6sx21r8UuTjvLIZ+7LSo8px2wELDol77ufh1zxSDBdbGq6J2ITPEMtmqIXwGJQKweEBr4B4H4mxoiIVQUgNj5TxzxhL7KTm+sVi1uCqTcJjnSY5o=,iv:YJ1GuHd3I4QaJxSJitLrUagaBth1jcQNlIAIahiOCgs=,tag:pcFpscLzTe1egToIzcZh8Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:MQFmmdTgHlwYplUt51VdMUAnezhypB0Yh0PW5LX4L0lsF0/qlHofRXvqHYI6sx21r8UuTjvLIZ+7LSo8px2wELDol77ufh1zxSDBdbGq6J2ITPEMtmqIXwGJQKweEBr4B4H4mxoiIVQUgNj5TxzxhL7KTm+sVi1uCqTcJjnSY5o=,iv:YJ1GuHd3I4QaJxSJitLrUagaBth1jcQNlIAIahiOCgs=,tag:pcFpscLzTe1egToIzcZh8Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-07-29T12:15:02Z", 18 "created_at": "2023-01-30T10:58:41Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmyIyOWJBhIOV4q1b/e2SQdDJuN+feiBQKvYxXPUICyUw\nZ4+HZhYYxERG5FC6fH0dK2UDuL2lSzda8YPwCaVYnvjBGHef7fe+8VvVIGZw+Ymc\n0lwBlA/MBCoUXTVAIxySC3yBpqHu0lPZsLExjlKYWuikvKYC4tkre6MgYhQOiAAz\nM5rlatVv3NC978MeoLjlqYz5kZqIfo8OBllPGMG0ig1q8ZiECrWion03e8MyUQ==\n=TJ+U\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA8xX+2sUmk2pxjs8kIEoCSijlD2Fpc+4iDBfFbT5Apxkw\nTQYHXzajO77NqiRFu/6s/pzZRhzqlWb6+SqZ31BCws/IZjChXQjrV3p1biAQh5Y7\n0lwBVMoawwg2glvW1CanysrUTC4T0r70CViYhoM7RuwRp79FA4r7xKWct+Igsk8V\n6wy13zSRhPqK5yC9Xk5GmMlUiSu1f5SDTQ+dD+QNjHp0JninoNmTxfPrBbLfpg==\n=eeWj\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-07-29T12:15:02Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdAdTUxSzzwhgyqWg+wtBDJDOllNljRAel4HSuEEfBs9Wsw\nFa6AQYYnQl4XbE4TRQzJ3iqymVDDpQ5RbF/EWhSV2391VmAXznl6VT5u5+8mdbQh\n0lwBcsjy3BnPAFbnQWaYe6MTZocnCSi1Q+YOVKzHYBiAkbKiJMmbnGKIgBmrAa2j\n4Gv+bYCTm8gnmqvXQbVPe9sU9Vaiv9geMj1SQ3YaWe0lOXIpIRvjg8+9WjuDlQ==\n=xVuX\n-----END PGP MESSAGE-----\n",
20 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/vpn/surtr.priv b/hosts/surtr/vpn/surtr.priv
index 707287f5..ae0d707c 100644
--- a/hosts/surtr/vpn/surtr.priv
+++ b/hosts/surtr/vpn/surtr.priv
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMkxKZVF3MVB3eWxsNzRm\nVldpVXlvOVZhYTY5TXFrOTFUMWZlZ0pCaDAwCnpsdnFLMHpBNmJ1U3h6YVMrNUo3\nYVVWbnBrcUJNamkxamh6bkhIaDFSVU0KLS0tIHg1UWFUa2FjOTJSMjk3Zi9hbHA3\nMitLd1dFT3BoMkFtMXRDcG9EL2lETW8K28FtN1p//w8W0nbu0c0qZ9bOMr5tcE9T\nUYUSAvGiK9FkS5RazxIBZO5l7o+NJUcHk4alp9DYS6QM8jI1/8P6DA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-07-28T19:09:57Z", 14 "lastmodified": "2022-07-28T19:09:57Z",
10 "mac": "ENC[AES256_GCM,data:Q2179Mp3h/FXVzM1T5sRfci+mo/gCGfUm5824GBTbCzwIsTMjSpPz/wByg0WQJ/WB3wnns+VfCh+epqnKcP73KKUmNysGNJ9DH1hNukmTWMZEI309yLE/GgDs76xGyt9hXdHClq30qhKT17bXQ7Pq08c437vfSwSCcKoKOcr6Ls=,iv:u81NRHwKSKb7Nfz2gC1tjdYlfrFETjF/gEMGAha4Y7g=,tag:zdxYtbiKtY46MGP/nO8S5w==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Q2179Mp3h/FXVzM1T5sRfci+mo/gCGfUm5824GBTbCzwIsTMjSpPz/wByg0WQJ/WB3wnns+VfCh+epqnKcP73KKUmNysGNJ9DH1hNukmTWMZEI309yLE/GgDs76xGyt9hXdHClq30qhKT17bXQ7Pq08c437vfSwSCcKoKOcr6Ls=,iv:u81NRHwKSKb7Nfz2gC1tjdYlfrFETjF/gEMGAha4Y7g=,tag:zdxYtbiKtY46MGP/nO8S5w==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-07-28T19:09:57Z", 18 "created_at": "2023-01-30T11:01:34Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAa7ohlS2wGvuH11I4GvYZQmKbQVZUcwpV1XX6YMvLQV0w\n8fMshflTFWUnmHAR5ERg6ZpESFiAXAlkUMTLIZBhDTAN92jCu7+nnNFK1QgBVE07\n0lwBilABJT++m953o6ic4h/9yeyx5Wc6+XxS3d1Mc4qgNBzX/TBVEoKmuUgkHwET\nd0nftLYbKmICgCBgDgllWJLSOU4XSksmYIeMwiSpyNzv8oKz8u73SZz20rJ9kQ==\n=phWI\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAa28I7wQMXDsmmmfk7NVap+Ob858/4lAXIwX3z366yy4w\n+TqIbP63OBAhhMfyX8hMexe1tpY46/aAYN+Pvgv3bJWlijEke/kH9jfeI0iMVFUH\n0lwBh1vt/22QKd5w/oj0uYsV5LTnndZ4u8HcLt86Bn/8hWii0hRJpNK2UJXJN5fn\nuy9uEPItjfUnk0B9ItqPBnTpbTncOhKQNW06Gc71tmJTKgyKaic5uPJ794XJrQ==\n=XTmI\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-07-28T19:09:57Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAV4pW8CJP/QP0S/w5e7S/Xrox+Ix/NBvw2N2fWp+5FwAw\nATp3d/QGyk+vwuQpQj3zq/cEzrWrrq19Gl+UUjSyI2rkpUnxWboA2xICYVkb91Oz\n0lwBLu54X/3X5Nd2krPv+Qa7AWPBKF6BkE2PIjjrvPgyJ4/XiFzawJsILH37QPqs\n7PcrteF15UNR416omVNZoWpF3Tq/j4Jw+ewRhU9WjOXe2GO8/X9zjTD9fRrpIQ==\n=YtV+\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/zfs.nix b/hosts/surtr/zfs.nix
index 736d5cc9..583ab8e1 100644
--- a/hosts/surtr/zfs.nix
+++ b/hosts/surtr/zfs.nix
@@ -10,7 +10,6 @@
10 "/root" = 10 "/root" =
11 { device = "surtr/safe/home-root"; 11 { device = "surtr/safe/home-root";
12 fsType = "zfs"; 12 fsType = "zfs";
13 neededForBoot = true;
14 }; 13 };
15 14
16 "/var/lib/systemd" = 15 "/var/lib/systemd" =
@@ -25,6 +24,12 @@
25 neededForBoot = true; 24 neededForBoot = true;
26 }; 25 };
27 26
27 "/var/lib/sops-nix" =
28 { device = "surtr/local/var-lib-sops--nix";
29 fsType = "zfs";
30 neededForBoot = true;
31 };
32
28 "/var/log" = 33 "/var/log" =
29 { device = "surtr/local/var-log"; 34 { device = "surtr/local/var-log";
30 fsType = "zfs"; 35 fsType = "zfs";
diff --git a/hosts/vidhar/borg/append.borgbase b/hosts/vidhar/borg/append.borgbase
index 4ed28024..78ee4fa6 100644
--- a/hosts/vidhar/borg/append.borgbase
+++ b/hosts/vidhar/borg/append.borgbase
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVY0xSWDErclZlRmk3VFg5\nbHkzdDk4N2Vjd2VsMXNUTU9wa0tPZzZsOURVCk82ZVhkdTVUZkszL0ZpUXVrd2dj\nN00vQUp4UHJEK2ROQlRweHVVMk0xcGMKLS0tIEM1dDcvZ29xU1FWc1FJYnJGbjIw\nNGdSdFpIeFVaNlRuamwxWmVEQWlvWTgKiBj2EieX98o6Sta5qIisMiuH371i45vJ\n4ZqGkpdyBQdPeWVV0NemC7bTNwjZQDaoDRc/8pfP8rvf61dacQQn2A==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-17T11:54:23Z", 14 "lastmodified": "2022-02-17T11:54:23Z",
10 "mac": "ENC[AES256_GCM,data:eURkhSdM7cEno4+W/TSQG7C64D+j5spR8aykewF3n3CyZDDqJ3AtJoyzQePZ/XWd28nx3z4vdZQwSJ+PNkReKUDfJpt+Fe8FVIFDIEWylnY4FmcgVrOTABoNwRkJwqNGeyJTBQNYx0jdr/cuoCyJuVw+/S+WdJ9uNSr7fXlBvJ4=,iv:xf/86Kf0ZWgEwYP8fQOHfPuVMuF+Q3abS5RSF8XXL+g=,tag:ns48lDgX/jmdtitic5fwPg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:eURkhSdM7cEno4+W/TSQG7C64D+j5spR8aykewF3n3CyZDDqJ3AtJoyzQePZ/XWd28nx3z4vdZQwSJ+PNkReKUDfJpt+Fe8FVIFDIEWylnY4FmcgVrOTABoNwRkJwqNGeyJTBQNYx0jdr/cuoCyJuVw+/S+WdJ9uNSr7fXlBvJ4=,iv:xf/86Kf0ZWgEwYP8fQOHfPuVMuF+Q3abS5RSF8XXL+g=,tag:ns48lDgX/jmdtitic5fwPg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-17T11:54:23Z", 18 "created_at": "2023-01-30T11:00:40Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAy60KUNPr8e1Dd7OQjJeU8ejdznNEClAXAhzN5xLLuWww\nLE7O/7glpApHO2r7WMRRs2rn2PfjC51DakxU/6KnQ9HVZKcaxukn8qLzUwzCG++g\n0lwB2gl/kIY5EM+E6S+1Fx0lXK8XVKcbkiySsg+OogdKLbbBvTtYidke2y7FDb/B\ngH3UyuqFl5+v5CdGeMqttn/1pHo2Qw2Ig1FHIu93PR2PtQZXf84jrSi5NLARFQ==\n=Wwcr\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAk9t6xQ807lXCjNOGMmIr72E19DTMSDQPqoMPPTDh+Dcw\nZjXYbwP9Grh7r5Ft8SPeH0Lde8lmR8XmPBYcPlCGBIaip0e8s2q5qLPDvBIanR9L\n0lwBjpjiemJmFpNtH0FFV+a3GqNX/SkNVhwWY1d8HbH6moXP8QUxIyMqT/uuM/IO\nQODUFOnZFipbUaGFcYCr7Q03/g5Rh0o8TzL4D191Tr3Kflw8+fwyzUAl7w1MbQ==\n=f6me\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-02-17T11:54:23Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqC1MAhMF0UJH0SzcnMhybD1hp2RFkwgKYVJCL075214w\nFmpGt0cjolC0tcRVGrgvar4PbT7C/2SdYcpjMPT++7mYDyirsrQbSrWKqlxaBsrP\n0lwBdK8CP5+xfJxlDHxn4g9Y0YM6TO+96gfEPYW4wiBJRyLDyVGB91hq20ln1vvC\nNfMYuvv68swlB+YpvBnXw3bA9tNtve1N/coX2azFRgWPwTdPlGGpzpc7oewNCA==\n=8A0o\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/borg/jotnar/surtr b/hosts/vidhar/borg/jotnar/surtr
index 26d286b4..53bf27dc 100644
--- a/hosts/vidhar/borg/jotnar/surtr
+++ b/hosts/vidhar/borg/jotnar/surtr
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweWZMbUZaRzBkUUExT1dM\nWHNrVkZEVFkrRlVFQ0FteDVuak5lSzBFYm5FCkxZYTRZR1Q0ZHE4VUVMM1Q0dnNO\nMFpzbkZ6TFRMZjg2NkMwNlRaSTdjMEkKLS0tICtweGNwRkJGbFNhNmh6eGlGZ2ow\nWWpKOTNLZnFaQmdWL0dWaGVZblRYNlUKF46CcNq0QaGjfjSptQGaFc9+f1BN35OT\n+9kVmbf3xL2S+6u8zdK+XXLKR8q/aQUNcET4K2AfsmyWes+Q2MuFNw==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-06T19:43:25Z", 14 "lastmodified": "2022-02-06T19:43:25Z",
10 "mac": "ENC[AES256_GCM,data:K3Y96+TM4/Jsl8JQ56tpJNHmkDVuetUtQbUpDqIHbqm65d+RKoL/Qy/IWVGqcfUxZMUvzM2J3fEo/05q8mcxn+wZd2tECSJEUbgFDhGrpPZV8Ir8cQCYlPn+UBTS4rNUfEpSBlymND/vFjQ0lneqMo5lapbetSs4h/GvFzUFw8M=,iv:TyzMk7wKzZpq8TrE9uHRFXi+JzvNePcWrmyogcoCZo0=,tag:KB6ZBlGrBSGuQFg4fB407w==,type:str]", 15 "mac": "ENC[AES256_GCM,data:K3Y96+TM4/Jsl8JQ56tpJNHmkDVuetUtQbUpDqIHbqm65d+RKoL/Qy/IWVGqcfUxZMUvzM2J3fEo/05q8mcxn+wZd2tECSJEUbgFDhGrpPZV8Ir8cQCYlPn+UBTS4rNUfEpSBlymND/vFjQ0lneqMo5lapbetSs4h/GvFzUFw8M=,iv:TyzMk7wKzZpq8TrE9uHRFXi+JzvNePcWrmyogcoCZo0=,tag:KB6ZBlGrBSGuQFg4fB407w==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-06T19:43:24Z", 18 "created_at": "2023-01-30T11:01:58Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAWSCnyt9/7PkWecNhcOwuw0TRJMld9dmV0Ti6KjR6bkAw\nQxTdj0rMaXFayEyyXxotbjxb/ZMTesYCqAce7RKoj0GS2GngmP6Xzpt151uSmyPs\n0l4Bh5Ohfln3bAq6iJvJfOZvwYqmoIicRZFFY7afuBDO7oad4fkoWpQWDRtuLc9M\nIC0ReFXCuQOI5eoFF3V8xT+X+icjFUCVC2OktO/6AlAtXxi6BSL+574CUMivuQz0\n=3v/M\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAz6SbyhB/2PnlB6PSsC/wgwRiMM+bAfN+naeRhJpmxW0w\nm2B0PgujNzYESth3KFfo5z5AYdL+Pwyd2Kptffw4S/wwbI8l0lnK5mfNbP3cVqno\n0l4BPeNP+Vv+a1HCXFdL0iYbWSeG3jid+UlaqXrVMlL9npR9T9bSTeVzWEeOSzA6\nxf/BJISSDm0XuCiNHxifgPLbh+0gs2mVusESkjCwGiXKgK412LFemYD/LEJZWqWv\n=D/yv\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-06T19:43:24Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqlj4zYxkXgnJEEt/RfxQORgOzyfiZdQKzlhm78OhsBkw\nc2EdfAgpGwIm1F8tpVtwYcfNXYgfaJdADMzYSHL8qqn8DJrvhCArJdT/m7ZPWKy2\n0l4B1hpQdga7KQTD/iDlIrTJtiZ9/AMtUJM/HU9KtCl9AFGRNEGTAEdlHTUBDzOP\nTSF+R4NAqoY742C7Lf7pkHbVhhpXige37qJhvu7AMgnT5TT17McsXUj52Sy+Qv3z\n=cBYd\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/borg/yggdrasil.borgkey b/hosts/vidhar/borg/yggdrasil.borgkey
index 3540792b..9d2b54f0 100644
--- a/hosts/vidhar/borg/yggdrasil.borgkey
+++ b/hosts/vidhar/borg/yggdrasil.borgkey
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYOFdvVzlHMEE1T1hMWXI5\nY3E4Z3NpN0pGVEZCcitNd3grUGZSRURLcFNNCkJJU3c2NHVKcU9wbG1GNFllSHRx\neXhmTlJHWFdxWEtuMWNDczUrY0djUGcKLS0tIHpEbVB3NDlrYWpQQmV2RDFicFhv\nazAzK091SzZnTWxTUERlTEkvM1JvaWMKPuPXehQ0RcoeSxZ4ZuurxDX1Ln4hgB9P\nRFFECBev0IrHdBas6BCwh98HUGv+zR+9PlQLA0l3G9NZ93KTh2GM0Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-17T11:07:24Z", 14 "lastmodified": "2022-02-17T11:07:24Z",
10 "mac": "ENC[AES256_GCM,data:5dmDZTT0+xwtUMLRHxQ8O8pviyzZOtcZXufdRkpbQrCImhk1B4eSm2gaT8GavJYswu3I/Z7Yt6BNeiKkccf/PXWAFsOn7L6R2B52X5TdgUD49HXiLcu9V5Sy2/YDqlCcC1IpxwylilxypP1ht/M19VdPl/vFClQTwsQcwpBujtE=,iv:u90ozqlzOnvp0ly/x1hZAnR67XPo5pWGSvPSbzI5eA4=,tag:WKc64wNitiU/x0Baugky9w==,type:str]", 15 "mac": "ENC[AES256_GCM,data:5dmDZTT0+xwtUMLRHxQ8O8pviyzZOtcZXufdRkpbQrCImhk1B4eSm2gaT8GavJYswu3I/Z7Yt6BNeiKkccf/PXWAFsOn7L6R2B52X5TdgUD49HXiLcu9V5Sy2/YDqlCcC1IpxwylilxypP1ht/M19VdPl/vFClQTwsQcwpBujtE=,iv:u90ozqlzOnvp0ly/x1hZAnR67XPo5pWGSvPSbzI5eA4=,tag:WKc64wNitiU/x0Baugky9w==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-17T11:07:24Z", 18 "created_at": "2023-01-30T11:00:35Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAnvb/5Kls/HsLN0dWxkew1E9ppPKI3IDS8fHUun+emnYw\nNJ4XjE2VbM2sdPaAsdeEtmONof8r8k0EEmvV8YFb2iH4EvuwB/LE3sb5Ldjp2QHm\n0l4BS/e7YzESnua/yHA26caeRaqBBbD8mXpKjTaA40v9mbOkpcQpqqP62WO1ox6J\nXLBuV7O1gGjaoWfN/xjkzB2PVsAs5WeTBelMQc0M0/RmlPgOQmOD19SWQop+4npR\n=qLw1\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAie63YKU3IGnr0x0Cgp8WrZfZhOZW463d+M5daEvutwUw\nbkmueZVrS9Vfk6ofsbTZbP6arBYnVVSKFgyy2mKNZF0nsH5w779rAbLMK44lR/mf\n0l4BHEUCISMVpCfpJ9MoZCB4ZYQzb6qxfFD9+qAQSHAL9K0htewsrx0VutwXe6+b\n37qlJDNBqq9f6UgHW/DBg2BRAkn1jPBYdgI1v0QrG/oyBq4HSbvwMNpc0f2HE/fl\n=0S87\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-02-17T11:07:24Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACICrWK61VYsHz08d5cUN4S0zOsmas6/KMs9Eok2+hyAw\n5H5cWdUMtKXCG70Cws3pP9Xq0fRrAQ4ta+HBd38w+fDhm/y4HQPcdv7T7ekcEMHH\n0l4BDO10UfkHAiVrhp5jbpdolkH/0uOb90tZPvN1RGJkDoyJjqp5XTn13c9kfsFg\ni5txaJPTp7XvIBiLLwhmb2z3a1XCDjd1qS2hiaD9c7+fxcanU5a9QwlT5ANnzm/X\n=/xps\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/dns/keys/local.yaml b/hosts/vidhar/dns/keys/local_yaml
index e66f4b61..f682f05e 100644
--- a/hosts/vidhar/dns/keys/local.yaml
+++ b/hosts/vidhar/dns/keys/local_yaml
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RzluYjcwZ0lzb2dkQ1dW\nTi9WUVNzcFl2SFlKOWhydDRJUDZwV0ZiRlE4ClpJMi9iKys2c0UzMC91aDAyUmdi\nM2hGM2pEbldvWVJxVE9xTGkzS3k1M3cKLS0tIHZ6amlrK2MrTk0zbVM3K0hud2R0\naEpTUFdLbTJDeUdtV3B3ZlRiaEhRVnMKnhQlTzVT4SexBeLOfr2lzmt/HNLX3i8L\nMzy38YXRX7zlyABV7ARCUfv8iJuTEdwagmN7GNFKjBYJKnJdx/I5KA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-03-15T13:30:32Z", 14 "lastmodified": "2022-03-15T13:30:32Z",
10 "mac": "ENC[AES256_GCM,data:PG4ywF/U6ITmdRB4OU5uXu54YabYt9Yyy2oYEMx0XpMlpKWH5bmg2qQNFakxBD6wCy2H6e3LmwcUl2N692crm3n/qQRNPQ0ETHVlaPlRFG85tiz/Ngi6tasoKG+ciLAXMy05c+yY6oENN7grm1TTMZRGSIyxo27ZU+k4kmz4eVM=,iv:fluwCnXHAJ/z2oGWCLXbjooymXbViPrZdVJOnoSrn1g=,tag:QtNGIKMBDtKnb3JPuRqmiA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:PG4ywF/U6ITmdRB4OU5uXu54YabYt9Yyy2oYEMx0XpMlpKWH5bmg2qQNFakxBD6wCy2H6e3LmwcUl2N692crm3n/qQRNPQ0ETHVlaPlRFG85tiz/Ngi6tasoKG+ciLAXMy05c+yY6oENN7grm1TTMZRGSIyxo27ZU+k4kmz4eVM=,iv:fluwCnXHAJ/z2oGWCLXbjooymXbViPrZdVJOnoSrn1g=,tag:QtNGIKMBDtKnb3JPuRqmiA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-03-15T13:30:31Z", 18 "created_at": "2023-01-30T11:19:26Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQAK54tXtgsLn6MmWQC/4irGRJd160lpAxCIT+nt/MBUw\nznjpLnbZXSft1RQI6/B95udkm0U/MBKt7wSMe9I/Po44qJrqHqb4jofz6NCeqxD3\n0l4Bl/DpnWfam9knZFQ9NIEaKYWXSmVuxVduhpYYGopXUrKol8BVTdXU6qHaPKgV\nQc72FvezgyHngZwXNEggvS1IWPq4m6pamLi77e8hNGiQx5CiaFXWwCP4gY6A80pS\n=FNi5\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA3cFA0mdDezP+pRvGq6iso68awdx9b7MBBUIiHEzcBEow\ndsh5K9hQX2fe7zhBkS2wqt9uMvfXrohAgibJj/XmgFoiJFh6dg+t5AQNNZ1YPZ10\n0l4BVavPT6fUC2xusU7XH0oJ6ALL8WEA5PEipzxANTCgZZ6mz9H2inYOJAFLvWeU\nQoZVGQVAIU1HksNi2gC671IkfL9yLQpxafOVYIsD+aP/D7unXcZ4u30nJa/ACcsk\n=yXpx\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-03-15T13:30:31Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+/lLWPxgadpnWQlbAVbdzpbevoVKuaGrQmp79m4wKycw\nBeErMZugDNzHWXkTHXez5SpS94RYlGzhLcVLGfMg7C0h3wN192QaMrcH01udnjhK\n0l4BRYt9+9CCZL+Nb/ss+BIyOAFCZi2RkwzvXl9wVk+mb1As9/UYml9zqh/juU5F\nBZXqwNPA5RSNCoB0wy3A5yIB3uniMuYczTs67VHJ5cw2VVSQvXF5zue90i2F4mC4\n=IsU1\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/grafana-admin-password b/hosts/vidhar/grafana-admin-password
index 56a69070..c27b0fa5 100644
--- a/hosts/vidhar/grafana-admin-password
+++ b/hosts/vidhar/grafana-admin-password
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBac2NVdkNJVlRVMzZoQmNy\najZpTGx6eGJKcVhqNnN3TlpsU0orN1Rja1hRCi9RWVBwSU9LOFBwSFZaWlNmQUxS\nTm1FUEhPWTRoZE5jRzNZY3BHa1lwQVkKLS0tIHBOMnZmN1lYd3Y2UGxDWGg1UVJB\nTWs0M25aWUpucStDa2hkRWF1SUZiTG8K75EbaiWS5ew+HCxbJaHPgc4lopxLScrW\n6t6+sjtI+RpFzx/ZwEoc89jJ6K2AcYHamlG6zlDQf7g9glYC8d9FsQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-12-31T15:57:51Z", 14 "lastmodified": "2021-12-31T15:57:51Z",
10 "mac": "ENC[AES256_GCM,data:Dqp4zA7D/hV5FQsp0czjym4MOjusC1CkmsitIHsD2XE87PN0LdAKTL/8tYSH+UGRdoSAnjyPYL5EastF5l4ubWNibom0R/it+TotvFBfaD27DWquZ3zvrwgjBXjaswGPYD5YbRocUmi1kOmZQtjegb6KTGpKicxwKbxg0xU/oHk=,iv:oHCqnCCSmwz23FItsThtNZC2J4doebMNVdhNkGv5+UM=,tag:u3owTxS9FHCZtG7YmDGbuw==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Dqp4zA7D/hV5FQsp0czjym4MOjusC1CkmsitIHsD2XE87PN0LdAKTL/8tYSH+UGRdoSAnjyPYL5EastF5l4ubWNibom0R/it+TotvFBfaD27DWquZ3zvrwgjBXjaswGPYD5YbRocUmi1kOmZQtjegb6KTGpKicxwKbxg0xU/oHk=,iv:oHCqnCCSmwz23FItsThtNZC2J4doebMNVdhNkGv5+UM=,tag:u3owTxS9FHCZtG7YmDGbuw==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-12-31T15:57:38Z", 18 "created_at": "2023-01-30T10:58:54Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQzuwBJzuzxQRohpEqMZtMaJo3c7FWAxJ1BrC0zOAJCQw\nzLfsrjUWCsxqBJkbK4h84Iun8OdulMHyAbg2knSGNWOQoe7ec1cGl06gFhuxkXzy\n0l4BEW/pamCejbYKw+OISBBB6atjs4b3aOzSbnJSBjauommsCnn8aJtZt1ZfctiY\nNo6tawcodNzYCzVmVDjfBM1270yrIP3W0hsttoyO/DQeZn2vB9YiFI59xnVqhrE7\n=tNlA\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfYLfpXL4DJbkUsnSoqDJUbjkTcRUKdk6JQyaUe8IOTww\ndD4rgm8nEf5HBLnsqos0Y1pmfscxCYxh20kdWFUF1OWQy+VAUXmTl4NtfLMb+IKH\n0l4B6QxDP9mSgEccj7g2hv+FgDGD3g5/bY5dAQQsx/3SxveQ/39Zwy+7EjZF+L++\nsKGOF6/9JietP1ySsx64Kmwk7nhZorQCc0FNb7G72fy6motM72DqKEgDiKoyPNm4\n=rPJu\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2021-12-31T15:57:38Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA10EukKZpWrIMHrNrhbGBjKMvpco+UusoYebYNuSi9RAw\nc+UuuxmshOxq0n0RTjNBZvhixPcj7P9t12ldk1V1NYlHOocMFf5te1wPbkMoqZKz\n0l4Bl93nSz43RQYjeoQWleUSrBchNQ/WOs7Wr4DKgoZ5nC3q+Pn6qQ/yYayhDjpW\nHR+06wk41uF3lnoa1vhu43eK/7CbaqzUZPInBrYbkat7MvE33Mq9rcoXBomNT4eO\n=dSyp\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/grafana-secret-key b/hosts/vidhar/grafana-secret-key
index aea7a8b6..a37b1dcb 100644
--- a/hosts/vidhar/grafana-secret-key
+++ b/hosts/vidhar/grafana-secret-key
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSDVER0NFNDBFc1RzejNp\nQVduV3gwaUtlTWNtZkRJR09vZUViVXQrMkhRCldoWVd6S2FvVjE0ODhSUW9vWlBh\nRHNDanZIT1ZlUlU4SUJoam95bjJGK3MKLS0tIGpkbHppamhmZEZIeW9GNmFIT3hp\nTVZVay9NdXkrUUJYeFNCc2JoR3l6SFkKS4+gfRkPk/63HX+wzJOIMlFkgeK2qS25\n0F4qYbya2vAA8F8+ttAEs0lFpuVPZokuJmxYg9uS4shVmtHIB9nz7Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-12-31T15:58:23Z", 14 "lastmodified": "2021-12-31T15:58:23Z",
10 "mac": "ENC[AES256_GCM,data:6UhUWxJ1IAgM4tubK0dD1bTQwmJZCZ6KkLTlkPRkbVRpN6zQAK/RT665Ok2lGpxEZ2yYrAMUMGs4Kvpii7NwEd6vj2Ad+4rKZygJ1V2hnmSCN0AUC/EdzGorFheMy+yjqJSJIZTc+ZIpQ7n/mtdPe6SyxJfzJOLXIZ6xFlteAhQ=,iv:3Xwa0pBwieGDmPTCD1i8qavRI5oa1Bm8AIz+EA/l2X4=,tag:X0s9WfxtlaR6GKtnmnFvDg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:6UhUWxJ1IAgM4tubK0dD1bTQwmJZCZ6KkLTlkPRkbVRpN6zQAK/RT665Ok2lGpxEZ2yYrAMUMGs4Kvpii7NwEd6vj2Ad+4rKZygJ1V2hnmSCN0AUC/EdzGorFheMy+yjqJSJIZTc+ZIpQ7n/mtdPe6SyxJfzJOLXIZ6xFlteAhQ=,iv:3Xwa0pBwieGDmPTCD1i8qavRI5oa1Bm8AIz+EA/l2X4=,tag:X0s9WfxtlaR6GKtnmnFvDg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-12-31T15:57:56Z", 18 "created_at": "2023-01-30T11:00:39Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdA9CYiNCA1h7DNMvPg4qeFT1Yg1v3HdQRgUEj48QIYrDAw\navNJMsqFby1udTs4j80eY7hUm6FbD98MIr/Od0Pb1RznrLPcmTWYbSM6dHKLUjav\n0l4BJkl3Q8AiLsSWMfg9YQ7s5kBpzWmdajRJnV41lbMBKph0tRzzf/DvGjm9dDe2\nUS+rzi7WzWlmQS1ekMwNKAzz3ip4yJA4J591JOhtt96SqmQAHV8ww2q9IE6bOw6k\n=LmRs\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAX74SROmIM9R/4BORJGL2xYh3dUhBQuS1FjuZPu7gJFQw\nGTDgmi3R066bF6BLhuxu/cEKSsvHovA6ZJHIJdphXYR90l/ewmwVCwOh5EdiA9C1\n0l4BfixOgLLVfJF+qQnfENKV+dnSxzhCEBfS6d4QM6pjmsnNncOHOG0dkXsOOx7A\nzWX5GkY1n+Q3H8lGElqdnrx+b6pzRroJz4el89Q+qd9P7Pabr028k2ni4vYEf+Xx\n=+zmI\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2021-12-31T15:57:56Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAQbyLmRaWWln+lPYj5lAtbcQ4KQ7ntPyJJIsMl2kkBFYw\nIedaJ+SpExs2kXTlAWxa5B74RFmAPRlCq+ByErWDorovhn1uYI2ljeYIHKvrcgbY\n0l4B7XQlAV3pz3v/ZwUhB20zatPCprUWdJH+3Gd8xQr46djdHGK9WQSetxxEuL8j\nyfENUOu/jnPlfMVyDwRHbweq7Ar60GXVfs2UrjsL7yRjr0FpMNu3Ho4O4kO9HBn6\n=B+g2\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/network/bifrost/vidhar.priv b/hosts/vidhar/network/bifrost/vidhar.priv
index 273e9ba7..a83a1509 100644
--- a/hosts/vidhar/network/bifrost/vidhar.priv
+++ b/hosts/vidhar/network/bifrost/vidhar.priv
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQkw4UURZS01wSnh1MnFI\nSThmRjhlblNXOTQ5M3B5NU9tZ1hFV0Y2RlRJClVYOEdvZ3F2Nm13NlgrZW8weUw0\ndmk3VU1tbzY1K2tGcnVnWkdiSEFWV1UKLS0tIGtiZStwL3l0QnFkZ0dibXNTWjdQ\nOGVCR01kUXQ0ODd4WnQvRGRXdk9rZ2cKi3rihCktaZBl3UVeoPk3Xb8CEtTkFMFa\neoOo77sm9AGqI1Dle4fFwomm4d0WjtnTY3yBn2nSEn2MpOWT3AmoQA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-02-06T16:09:08Z", 14 "lastmodified": "2022-02-06T16:09:08Z",
10 "mac": "ENC[AES256_GCM,data:SXCQKrqkOoXlm8Mrs7UZ1CGJe/HnHhvNCuGpt8yhsnchWICfGGWEIrh99TrKkia2X1inoElwXQYYPfyKHFshLaoNjH2GduR287OXluxZs+Thnm1Fnq6oZUBO9mDDUlykZAB3Mjm4WmUnirKB87Q6DFtTRZjh26amt3oC6GwnEfE=,iv:NtPsuStBnJuVfnlbxunL9PxbPdlYktJtV+MYSa53Oc8=,tag:HKJayT/YNP8PJ/ZIlKdQSg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:SXCQKrqkOoXlm8Mrs7UZ1CGJe/HnHhvNCuGpt8yhsnchWICfGGWEIrh99TrKkia2X1inoElwXQYYPfyKHFshLaoNjH2GduR287OXluxZs+Thnm1Fnq6oZUBO9mDDUlykZAB3Mjm4WmUnirKB87Q6DFtTRZjh26amt3oC6GwnEfE=,iv:NtPsuStBnJuVfnlbxunL9PxbPdlYktJtV+MYSa53Oc8=,tag:HKJayT/YNP8PJ/ZIlKdQSg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-02-06T16:09:08Z", 18 "created_at": "2023-01-30T10:58:52Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAnjYlc0bHToon5ayDJk+08sRPPEww8MBOprZZswYU1V8w\n5+QzHJXtSbb4lEwKwdwxkkSg1wBiW+kwrV2L2yyYOvoMhWKQsntjQuzaK7I1Kjix\n0l4BOIcMVJEyJk49CEQQyFlqmgJrh9L/dMhl1D7pD842GcpGFxlB7OHRXsLo9axj\nFAuLUc35LyVgnHd2InqDwG0JKiySdI7fN3dXWiD5H3feoCDisBZvaH/5DlufdIl7\n=sLA+\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARSKDb7ilKfOz7fIo+KWUT98zMY0IFiRqBVjeWNHbB2Yw\niLEpRKl2uq4Ul5eaZnpllWHwmP7F4xLIyxvK7TyoV3qgDlZWhbM2raYCmRHm6kjc\n0l4BiYr0WxLIR55j0RdQGtbfvh9cWroOwl9AEaMDbTrmcZMsrLldfoAQQlW2rzqj\nhE9HrY57bAJqjUO6krtttt3sWyHk9LDzP3WsoDaSIz5SStR0+bTcGdvVe5NSu6d2\n=PxGo\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-02-06T16:09:08Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAeG22AYCyEYq1Fvqj853ZE7oeuOWOrpDOXiAvnSl83EUw\nofhjhoZ9nMyZlsy+nD06hIvaYdcFeAuSV8iHwANAjarmKlnKicT7b7mBCkOjMJDX\n0l4BAox2QUqhcYbGUKT+/Ei7RXYMP8ht1N+iisBVnzN055VrGQhvDadpcpVzQGKH\n8Hbmmdi9O2PQWRYnvRK+0I7GJFiC4Q36Kzf8X9MojMhb/GIwiBKCU0ZK2BLM9FtA\n=WbKA\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/network/dhcp/knot-tsig.json.frag b/hosts/vidhar/network/dhcp/knot-tsig.json.frag
index 75deb41c..c10115cf 100644
--- a/hosts/vidhar/network/dhcp/knot-tsig.json.frag
+++ b/hosts/vidhar/network/dhcp/knot-tsig.json.frag
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCYk5tM1lPRXc0MGpHZENQ\ndDU2M2VKY2t2VGFrcTUvd0NrU3VMZGQ3NHlNClNTaWVjdDNTQXh6WDFmMDk3SWtn\ncjJjRzUxODFFL25Ic0dabyt1ZW5xRE0KLS0tIDJlT0NTVDlXNWphQ1B0VTQ1U0NH\nNktRNlIrQzdhRjZ0SjR0T3oyRkZiWXMKX28S4SySQguT1cgMZpDY4o/OKY6IvjT9\n1oUzwx/BzBbC2JbpGYvQQgp/qfiM2k0oXmQlfdTv8kD/MoOqPO8E1Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-03-15T13:52:17Z", 14 "lastmodified": "2022-03-15T13:52:17Z",
10 "mac": "ENC[AES256_GCM,data:rTelaGx5S2E2oYPNGfctFbgDKdyRX8tpVTqLtpcCAJ8MS5ppFTjnSwYi4yQHvTicfAPNz7hGJYAnTdyC2QDTciJgkS6KC3CCXWCimkTybBdVW4Azwz9iBZCpWu+rB1vcQhSLlLCaKmKskkqDZZ5+mfuaXc+TT2uwTA0SDtZWvnM=,iv:ANCZ1fHy6w/svEE53o7rWsp5qU15qoriqyVMzClH6J0=,tag:H92RM5GuLIl9/kslq4tzkQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:rTelaGx5S2E2oYPNGfctFbgDKdyRX8tpVTqLtpcCAJ8MS5ppFTjnSwYi4yQHvTicfAPNz7hGJYAnTdyC2QDTciJgkS6KC3CCXWCimkTybBdVW4Azwz9iBZCpWu+rB1vcQhSLlLCaKmKskkqDZZ5+mfuaXc+TT2uwTA0SDtZWvnM=,iv:ANCZ1fHy6w/svEE53o7rWsp5qU15qoriqyVMzClH6J0=,tag:H92RM5GuLIl9/kslq4tzkQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-03-15T13:50:52Z", 18 "created_at": "2023-01-30T11:00:34Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdANAtB0un04iI+foGRefRK249LhT6Mz+yzdhkWa0UYoxcw\nUGDSh6la4ijiaqdeVfJ3vckXfAqee7dLseNQ64dafdlk2hVI0ZNv6mjfwgWk698v\n0l4B4EOHfDrmFNhZFcj1/sCRnukgx7PSeybZn3miTLQgMGOydrfYuisA3we/4EUo\nU55PGINdtAu268OUHQjj3yF1S72Yeh1MXEdvajRQdqorQJ4TpsPUtJolM25Df/kK\n=etIn\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAW2hoabFaeKDrI2eHwiIS9/StK+WxwPR3S8GEZmuHBFsw\nIJY/tRUsM7RWc50pQAAGtnlx0NoJksVv8K4bqzPHZ3pfBUxkNmXneKLE5qhxxIGL\n0l4BNd566uIhDhpvI0mLOeLePKO8d9aARXdwkuG9bohAfx2NyWSWqo7tdvfgWQAu\n05KLdefzKH3eC9XARIJSAAM90QH+tyojxoFIBSNgY17f1T3TNz2KtzERKHOKvemB\n=7+SI\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-03-15T13:50:52Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdABm/Qf3pX4SxvTzq6sJKWc5o3Fzu/nH3XAH1WE2L/BUMw\nMFFmYmq3399ZcZ6JvaHdbJFUdavo/+wOg3ecWok039wbsr9qwn8YA4cR7VBsUPLa\n0l4BxuaiT3M+mTVvr5WpGFc3Xj7Mp4/z6hBUS+qTFIFZI2U5JsmZgC7VGTm+dlSJ\nexN6yr9mlQXvDIkx8w5/eaiYGViZ90SxN9BPYDqfGGigAw+xdXaafcOx8uBldAL1\n=HLRI\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/network/pap-secrets b/hosts/vidhar/network/pap-secrets
index a7937caa..3516de6c 100644
--- a/hosts/vidhar/network/pap-secrets
+++ b/hosts/vidhar/network/pap-secrets
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYTFaTDZRbDd6cFBRSTNN\nVk1kcFJXRG9TT21IMDZsVmtoZjBTNDNjeDFzCkhxNEI2Ujd6SW1STG43eE5EdzZa\nS3phenJZN0RxajBXQ1BnbUhTa3htdFEKLS0tIGVlT3lReHJSQ2UvQ1FST0M0RzVP\nNmxWNzJmNlFPclJTeDUycDJiUzA4Yk0K4JHtkEPY49TGnKPZzEoEZ131RxeQEWkR\nK1ftH2ilr2tUhiErhpqxoTqfAm33xvruqTsePxh1uC7svzKtKBlS2g==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-11-15T08:30:09Z", 14 "lastmodified": "2021-11-15T08:30:09Z",
10 "mac": "ENC[AES256_GCM,data:TAgZ4ktdN9sZPMo1UtwjKdTM2QBjLorcm84HYXTGYNNEorPoqrXAWOvyWRLjx+zxzpRuDLBPQHCkjwkVO2CctxnTaWPMwITbYtQqj/5ZxACuAeX8MaSximB8s5MJK2faCuVXEnFehbnnPr5Fs8ZsgHwu2iH6DU8ScLEkgckzGV0=,iv:keUbKwWfoIIBsp5Rsm2lEba1ZHAozQY2YpA6p5qDBiU=,tag:1llGytMGvOjSVYKJXGUmXg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:TAgZ4ktdN9sZPMo1UtwjKdTM2QBjLorcm84HYXTGYNNEorPoqrXAWOvyWRLjx+zxzpRuDLBPQHCkjwkVO2CctxnTaWPMwITbYtQqj/5ZxACuAeX8MaSximB8s5MJK2faCuVXEnFehbnnPr5Fs8ZsgHwu2iH6DU8ScLEkgckzGV0=,iv:keUbKwWfoIIBsp5Rsm2lEba1ZHAozQY2YpA6p5qDBiU=,tag:1llGytMGvOjSVYKJXGUmXg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-11-15T07:45:08Z", 18 "created_at": "2023-01-30T10:58:50Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdADLXtluBBuSsm9CIPG1mEJnOJ0IQmCpwQPcU+Bl/zOE8w\nseSG0fcoBnRX7ngWMoJZ7a0G1ARjBql63SJN7OJ8E7OLcMBeaRkjl/F9jRM6gfIJ\n0l4BCu/V/objPnHxlQ9ETKheAjr7aEH+Wuttut1U+a8Ad5kl5/hKtkK5gv+q0WTi\nRBCe8OIKFbkzd8OvvzZlQBBEa4G/2Az2lVYFrxHq0a7XyJOxmnUJWurbsPUK6EMk\n=ksU8\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+cwEt6Gv5oKvym4ceJek+J/5guNpmsLLXWIY5CCCSXUw\npXyQpqxm7LQnasIqYNNsNCVbB1mAu6WU6MKn0BG03YWjr8buLB+7PpwZcxeZzRfD\n0l4BAsl+vKwa2YSMCR+EWYSfeEzEVHqoGBJ60dYXuiFiNZInCik+g69PdhsGygNH\nRtIcRiCB8t94GkvdWySTq5ohi1wKOe224l9evbt4zXntVngCHxixuufLrr3Cj+EE\n=3lw4\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2021-11-15T07:45:08Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAf37n8FlEvDjECfajRNxIh+sLj+VZOSYfzt+GovJN1C4w\nQRkd//w4h6CqMcVz3LzNZIn2Pa8lhBLFV2tBfFqZDa80HcBWCtBgDivq8l7onmJm\n0l4BiAv4DzVVjBOZqhBnzla6SmRqAZDwE1WO7gN+R3/7S/0DXUxopjvdFaheLVj9\n/tKup9Dn2n3mr7gCvgvuPIaoJqdJSG5v8rgp1IrFSIlVtLv+ThgCsGCKZ/P9ef56\n=aqGg\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/pgbackrest/tls.key b/hosts/vidhar/pgbackrest/tls.key
index 6ab308ac..9218b7b0 100644
--- a/hosts/vidhar/pgbackrest/tls.key
+++ b/hosts/vidhar/pgbackrest/tls.key
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcmNKbVA3VnB1eHZVcm9u\nWTFMRTlGdDRWM01TYUNmK3lUU3hIYmx4Q0VzCk81RFVWYWx1ZFYwVW5sRW93WWRU\nVVJmSWpmcnM5QjlFczloMjBBRE80OFEKLS0tIEVDdEN4Q2E2bDNuMDQ4Q2s3WnF3\nVW84b0JKZ0xGdzVZd2NQOGgrMEpOczAKoorQ99mTL66IEp2Ckl+lYirbKd6NPh6Z\nJ7Ygv2BIKhHsgEhx4sWrakapEUeze88hDd+9oaofZvENx5xPgCzBCA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-11-21T14:21:06Z", 14 "lastmodified": "2022-11-21T14:21:06Z",
10 "mac": "ENC[AES256_GCM,data:OQnaCFEsi5Xka2L7KoC0UX0L+NtihG1hk7koxH51WiiL/JF1NrOs7PpgNbhVzqiAPWlBF1X/2ZhWyEZris9iVZ9RKa1lgF2VXjuwVHZNGA9G9Dr0ipriupOEdQABRA2MM0PlfdW7CdbzxmBcA4uwfL3m4b0uMB87A/cRG8mSm3U=,iv:2yuhHIjWRHipcOx+2hFUx2RJG/L/icGMH0QxR9w+MTM=,tag:pnwNVPzyqu4t6AklWd6HGA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:OQnaCFEsi5Xka2L7KoC0UX0L+NtihG1hk7koxH51WiiL/JF1NrOs7PpgNbhVzqiAPWlBF1X/2ZhWyEZris9iVZ9RKa1lgF2VXjuwVHZNGA9G9Dr0ipriupOEdQABRA2MM0PlfdW7CdbzxmBcA4uwfL3m4b0uMB87A/cRG8mSm3U=,iv:2yuhHIjWRHipcOx+2hFUx2RJG/L/icGMH0QxR9w+MTM=,tag:pnwNVPzyqu4t6AklWd6HGA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-11-21T14:21:06Z", 18 "created_at": "2023-01-30T11:02:25Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARaz8S4iFbM7+9cUv/WGQDsbnv51AKznQzs3W31w4Cy0w\nh3UzddwF0lH57GYBnVN6S8h5zEjbtz6tRHVsim6ltnVGmsT+t+fmEbASoPF0mvmc\n0lwB9JoMB9l32cFeCQ6Y1Hxryvu/FeL+iXe+7zouKpW67HQ235+Zx5481xxOg1fy\nwmDb+iZ9R+iNO5twraf1BOG+3y8yrJpZV7SZq4H958Kk35QnHlRiPqDfkx9NEg==\n=GAV2\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAraO/4uAAKwQ6+Cs83SuApQ4xbR5QcTp2zlVWzoxoD1Aw\n+67QzvTMmAr9tayCv/HjYJvnjT7vQfIHaRFr/ewXh37B05jfPUFe17hdlT8lUi7Q\n0l4B+WTgJH+d0pUaCo3RedCEFR+pbemaDFIosA6z//cpbM4nNc6sI32BUBw7eQC1\neVjR6n2iNiYNPsk6vgrKnF1/TBGnNAjap/eJi0Ro5J0ng/BFu4SFeEAvMocrDkJ9\n=isPu\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-11-21T14:21:06Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAgjL9+LcR5m5vHngB9DWE2zfkjsQDsIKrEw2RLKrKdVMw\nQ5B131gL7QKEfAc0vd+HQDANo/pfB9ArI/lNkVvlBYfbO8paadJWvDt9fdmOtJ9J\n0lwBcT1xLhPxCrUVEY1Clsv4y3liNZ78iOBuqaOx0W1A7CQonM2B9ghTDq4bsEE0\n8CxD/mNCn/D8WOqu4dJg6wvIzkk6faSBCbxBjmzTcJ6oDj9RdnnnZ6M/uNWw7g==\n=jZqN\n-----END PGP MESSAGE-----\n",
20 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/vidhar/prometheus/tls.key b/hosts/vidhar/prometheus/tls.key
index eba3bb5c..1a6cb5e6 100644
--- a/hosts/vidhar/prometheus/tls.key
+++ b/hosts/vidhar/prometheus/tls.key
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUW1zb1hDOEtnSG1lWkxN\nVHBVN0xzSDFzdWg4bk9kTVNIQnFsYkVYcFIwCjlGSjI3VXF2WCs2TEZkb1RqQUNG\nTmo4SzJRbmlsTE9Ubm9HVW5sVDM5SUEKLS0tICtibmZ1UWJPaytFdHQwZGRqODZP\ndnE0SnE0cmZ0dGloaXZDMWJZaGh4MUEKN6D8v2hhuOwzaJPU6AbE2RAPM1h2aZ4/\n6GzrqsRGgmLAvZd96B2sbADP9xkBHzLty414Nt004/yOSue026246w==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-04-08T20:08:57Z", 14 "lastmodified": "2022-04-08T20:08:57Z",
10 "mac": "ENC[AES256_GCM,data:UfFRVfPGtGle1yHVj3FrZGb+LKzIBdAsAWJY0qzJTXR+uMxAjCOIBmtBBmzGViBX4mBXFXVbYHvXVlpJPYw1kUhQW+uVERJHvhsRsC9cg3MyNrGNkZIi+QazJaI5Xe+9yO5yjy0NE1e6jia/+BxOZ2tGv8uItRQxfyDCRT0+sWU=,iv:yDgjpubvnF2G07ulC+bopb90wMhfop3z3mEXgeIRQxg=,tag:+J6campz4SYk5xec1uHMog==,type:str]", 15 "mac": "ENC[AES256_GCM,data:UfFRVfPGtGle1yHVj3FrZGb+LKzIBdAsAWJY0qzJTXR+uMxAjCOIBmtBBmzGViBX4mBXFXVbYHvXVlpJPYw1kUhQW+uVERJHvhsRsC9cg3MyNrGNkZIi+QazJaI5Xe+9yO5yjy0NE1e6jia/+BxOZ2tGv8uItRQxfyDCRT0+sWU=,iv:yDgjpubvnF2G07ulC+bopb90wMhfop3z3mEXgeIRQxg=,tag:+J6campz4SYk5xec1uHMog==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-04-08T20:08:56Z", 18 "created_at": "2023-01-30T11:00:31Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAvXcM76hJxWHJ0i/XMqtIUSxdT6AaHqduia7V1qUmEA8w\ntM89Pshkp8atxmCdRgTiS1e3qgGHRqp6pYEjt2gT6fGDh8nTmswWDNBqmAUw7gj6\n0l4BpBZgCgGsuAL49qiezBuR7BsrKmRxIPV7ZZFl5CNofy/38qjxY8FxJl+GsiHn\n3jkXh8kJEO3dPXSU+7ID7syxifFFkLcKhRcNXeeZdvz2J/8zYFUhqE4+7+S3AKjs\n=7IAZ\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPPgzdDykRuSybzSrDHRFBaaArK7YbUd09yWMO5pO1Xsw\nZJiCHfuTo0tzB50ZFXbPKFMHAeN1Zu8CbCi2g0tdbzy708T9BML3I8GtnVnBJoCO\n0l4BxmQ8aI4WYJ1oCRy8YriEM/XZVkxXlFpPw+vUYTMUSt/gswVnCgHesnE3Gb3z\na/iFTd8G4qway+jlnmYxhLdZW1lNXCQfi7ZwWEtzpbwjSFyGNOqxbqJKrYRXOM/k\n=nVAU\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-04-08T20:08:56Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfS68HcCu+AgaXTG9VdIakO+Jr6Y04INcZTJ6vkNQPFEw\nclmmwVcjylP6BHUML9tSHsgxyW9IK7CYdojtmqRsYF4NCvbWlFRBbehjPlLL4yKs\n0l4Ba+3HaHK8w+lCdMWCLcxzzd2dfkTPNAJUzIAl/AIOx6EwdZseitYN9EkeJStt\nNXcoDPDmnntVlqpUYwHkTKaLSUVuwesaQ8LdHHInvvOXZ97xEcN7575vI0Stde/u\n=dNgh\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
index b455ea50..1c9c1fe0 100644
--- a/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
+++ b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaEE3bUFBY0xKSDUrVnc2\nbFpjSkNOSm56amJTNjdXcTljdDNRREhITm1NCjZrOUEwNFpxN2FmTVV5T2xCbENk\nMEFmVzlPZ29CTlJ4dVNCRUsyRFFseXcKLS0tIEhscVZ4VUVsaG9OUnBIRFE4WXA2\ncGFnbWpNMlNIQzFLc1Ryc1Z3NUl1bVUKi9zYBlF2vslGKu4GP368ApbvuxjZnQpF\nuOujXSNoEps21wY6xUENm+CbYbgaJjSgmb5c1IjAmnubVI4JVY9OyQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-12-31T15:00:33Z", 14 "lastmodified": "2021-12-31T15:00:33Z",
10 "mac": "ENC[AES256_GCM,data:sw2NVXHLibbuOChgScLhSTjGZBjSoHpzIuRqfCW0eL3DwhL5CekG6T/oYu06KjNmxVjxwb3OmqECSU0TUvPn9ySOWwMSoBfyJpDoTHnZ+YOjOH351IOAMBNcBDJse7aLGRWW5YXKLDfmp8Dhg2hlMhCmkVwAquQjPhfmAdJfj64=,iv:wgM/BlRU2XJSGj7KvAo1WRamecffUDnFvv2+4twtsQY=,tag:0mXblJtTGMTvxndedws94A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:sw2NVXHLibbuOChgScLhSTjGZBjSoHpzIuRqfCW0eL3DwhL5CekG6T/oYu06KjNmxVjxwb3OmqECSU0TUvPn9ySOWwMSoBfyJpDoTHnZ+YOjOH351IOAMBNcBDJse7aLGRWW5YXKLDfmp8Dhg2hlMhCmkVwAquQjPhfmAdJfj64=,iv:wgM/BlRU2XJSGj7KvAo1WRamecffUDnFvv2+4twtsQY=,tag:0mXblJtTGMTvxndedws94A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-12-31T15:00:06Z", 18 "created_at": "2023-01-30T10:58:49Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAn++RT4a1DwWe5FutYxwjV9kCaXPnKYjgNK5T5NQthF4w\nnWprU35P7saYuJqxXfReNxFDahkdju7GyDJPEo1sqtzUdBJilcykTlpno3KgVt5+\n0l4BB0Nab5e9oOx5XdoMLjpQ023qbmOCVdt1/Sny99qFWwCdxubJv1R8nQlCpD/p\nkNnMszzuH+UjYHDap84OQPuD92zbowqljBe3lC9/dHfg3yK+ajRnK3jpZA2V3aBz\n=DY6n\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAcwl1Blp3J5wgpRJKbYI1G1yEZrRYeYuoDtYUh3ToMAQw\nd92/bIJJR5Ml91eDym9uBN0fFRRy72r6FOx4qZT7S4DhmuA84qCbASjF8bKSclc0\n0l4BBXvDS5Dz1Q7iYc+LxZjHASV1v73A+MaeCFvG/pjmHzF0z0EzBiAJD4ZWGcP0\nX2dDbjl+n9VFrvmeLRxQNh4XZW43iTXdRjwHDgm16zhd9X6VOVhr5UkC4Nyjq2Ar\n=4ZEa\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2021-12-31T15:00:06Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAU2jZECgVflkSbtQkNYD4aeOHEEahbJUJNmXncqoBt2Ew\na7dVkHlBp1WdUF9UBAbkiUEP364fGttFFUf6xORhWiNnWok8gwkzaFKF1Y/zNEjV\n0l4BpY/GSUIFnD92AW/ymrGGDODnDdoLKiyiptkraZO74Ox/hezHJyNwKX4XJq68\naedJ+Xz6JYfYMafHSEMFQsdhihwESt4eIjGM4y8fNEQ97RuaN82tIbUjkWJASoS2\n=ExBD\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/selfsigned.key b/hosts/vidhar/selfsigned.key
index 8e6d0e2f..9b7bde7a 100644
--- a/hosts/vidhar/selfsigned.key
+++ b/hosts/vidhar/selfsigned.key
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWVGaHhUUTJGZFFuVExU\nYmZTQTlzS1p0WWZ5SUpORWI1Qk45YzJDRkdJCmR1ODdFREhUNHpvRUswdDdCRWlS\nWHhHTEw4RCs4aElnRzhKKzBiV0FJQzQKLS0tIDNZMWgvSDRTbVVlbVp0OExwOEEv\nWk0yb3I0cnBjQ3JrMFRIS2RYdStRQTAK74DHR+kJjwad/L5PmZ/WOWuktDtmKk9k\nAp2d8uQiNYIOvWjCOaD0yX4FUr9e04q12DOVHtksLkYDYodK1oe1ug==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-01-23T18:21:33Z", 14 "lastmodified": "2022-01-23T18:21:33Z",
10 "mac": "ENC[AES256_GCM,data:Djr/AQmBawg4DQpbOeUPqPlWhU/sBjjSWWzF1wB20Aq1FkM+po9e0Gb4G7sDuBlJUqbggfZd3SoivVqTZtPAvVY4JDqVsOPMXwuelDuyrjgvLxyTlq4BkCZBszSqqgSH3JqiYixr1Ll9Mb03mzDUKyxvLoiaOMyB4FDwyv1kf/U=,iv:t00OtWQh2Le9f9IG6XbuIoWAgTzeXqhv/VrGc3oHUv0=,tag:dekwpHTSFTVIR6oaLWawwQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Djr/AQmBawg4DQpbOeUPqPlWhU/sBjjSWWzF1wB20Aq1FkM+po9e0Gb4G7sDuBlJUqbggfZd3SoivVqTZtPAvVY4JDqVsOPMXwuelDuyrjgvLxyTlq4BkCZBszSqqgSH3JqiYixr1Ll9Mb03mzDUKyxvLoiaOMyB4FDwyv1kf/U=,iv:t00OtWQh2Le9f9IG6XbuIoWAgTzeXqhv/VrGc3oHUv0=,tag:dekwpHTSFTVIR6oaLWawwQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-01-23T18:21:32Z", 18 "created_at": "2023-01-30T11:00:41Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAzS1Wo7bBBtUQE1UO3ToaxuYzpYOT76xCedRzNovNtQMw\neQuVratbHcuAPYaElry4ckmDTn97oCf+5XreAdfn9pKqosLhcgvg3fz+tMYo6Df5\n0lwBVUZimeibwARxk88XbPUqcIhh5a25v9Q31mk7fpxV3Ynm2/3Blhgv5mbLvn0u\n0LdDSga7LJRj/n2En5fzgpwn/X+K6fHmLtStbb7lQfmDhyxF3Crlb1thkmS7RA==\n=tkqB\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAcSSxwRnKC5amFllI4GiRHceaZPiGKKZ/pX3kJEnMkWcw\nmTEuyZ6wyOG/0OkXMNipByGYW6mZPsJz8ETobFsvTvZSSTrGi8fbc2QbRVP60ra4\n0lwB9yRbsVrkPMPL5Jp4BSvkD7zVdYcgvfiDz8FqTtdk5BVVHt64E6sxOXPuQpVj\n3bteXoQiNCnRIbxm6N5kGR0EgU0THqk8fE98X/oG3G5gdpyl6Xyl7+otI9ad6g==\n=mrLv\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2022-01-23T18:21:32Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdALOQl2LfVp6B0oJTEgtj4y8f2eTLj+DzTE6tUPdOR8lMw\nV5ECy1s6PBm49+nsU8nGt5gJsZAWU00CKg0YJovlXcNrsZP/Yc6Ta5vfjz5ENCI5\n0lwBANrOIuqrk4WzrIbImWHts6M10TPdbx7//LIbU1tDdRpCoRTG/1WeSBJci0VO\nCSDFzjhvH1EgSO+nNfGCBpYwYJ0ZqDdUolbdYpaU8U1n6EHwkI47syV30BkpNw==\n=tSEP\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
index afb155b2..b490a6c2 100644
--- a/hosts/vidhar/zfs.nix
+++ b/hosts/vidhar/zfs.nix
@@ -15,7 +15,6 @@
15 "/root" = 15 "/root" =
16 { device = "ssd-raid1/safe/home-root"; 16 { device = "ssd-raid1/safe/home-root";
17 fsType = "zfs"; 17 fsType = "zfs";
18 neededForBoot = true;
19 }; 18 };
20 19
21 "/var/lib/systemd" = 20 "/var/lib/systemd" =
@@ -30,6 +29,12 @@
30 neededForBoot = true; 29 neededForBoot = true;
31 }; 30 };
32 31
32 "/var/lib/sops-nix" =
33 { device = "ssd-raid1/local/var-lib-sops--nix";
34 fsType = "zfs";
35 neededForBoot = true;
36 };
37
33 "/var/lib/unbound" = 38 "/var/lib/unbound" =
34 { device = "ssd-raid1/local/var-lib-unbound"; 39 { device = "ssd-raid1/local/var-lib-unbound";
35 fsType = "zfs"; 40 fsType = "zfs";
diff --git a/modules/yggdrasil-wg/hosts/4/sif.priv b/modules/yggdrasil-wg/hosts/4/sif.priv
index 5641c1f2..bb1ce86a 100644
--- a/modules/yggdrasil-wg/hosts/4/sif.priv
+++ b/modules/yggdrasil-wg/hosts/4/sif.priv
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0R1AwUUR5L1dXN0l6Rnhy\neDZiS0g1MGhVZXBjdGNNTkg3dC92NlNScmlzClhRbzZyb1MwNFowK2JsMjJ1b1No\nYVBUSXd1QUwxaW8rMXd5akpJWkh1R1EKLS0tIDIwK1BLRFhabXpXcTRXU2hnKzhr\nKythRTh2QVNwRFdHeGcxYlIzelRuajAKXyDuk9GmR0sTYwfiCSFVMBlva4Ee1RpR\nF112J+L7NevzdcO8i0pFKbDiMZGvKuokl1YyQicbBno8iGgNiLwGPg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-10-09T08:19:12Z", 14 "lastmodified": "2021-10-09T08:19:12Z",
10 "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-10-09T08:19:11Z", 18 "created_at": "2023-01-30T10:58:39Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdA7ENCPeYBw3QHeCIVeZtjnX4k1iWK+NZPP3uUQkh8JWMw\noxlc9S0yqG7AerCJszSwmF4hC7B41Zsq97QFVQ+vecohermef7ZZZclw7adnMYl1\n0lwBT1RNT1V+9Tow0uNHKJpMzAwmlG0t5KZrXqsSKnjyvCkdTSKWg0yVMtLgy4lN\nnjk1P66Q3vGEFd9aVLVvtxrJ1TBtN7MTVtS/g0yMzz0WaZoTL4kFRjkaoBDSVw==\n=eJe0\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfgGtpp0c1/CtwtJvq7LeuFdSjI6XsFAWN6fe3V1rI0Aw\nttJyvxQURQ3sm4RwN1Qw9ut+6uoEds/8hT9xLMpzYbuM8zfWVZQV0vFufo67TPt/\n0l4BppAN5P0G0zWHFzKsxZOJl+uUfRRaO76CvW6uR5OuyLCKo3twyQqHQTQqg/3e\nPnZlYOJaDxxE8voNJHLIdwynuwdd4Yv7W0t+/sm8P2MnDpbw5F4iSzfvcOZ2xLRE\n=t2pN\n-----END PGP MESSAGE-----\n",
15 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
16 },
17 {
18 "created_at": "2021-10-09T08:19:11Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAv3YnirqRXgFoLz/XTNx1gccOW/lylh0iEDGNcr1seVsw\nJdrmxN8sAsDKIsem8JEBNhT9RFHtUfVY2SjWpwWX5Xcm5EJSUFaa9lTDA8e6q7SB\n0lwBPFnboct+bXp22xpahkz5NOgbnNNIS27S9bizGfUu5w6cHYs8BGzaXXdLRjuh\nSKX57025OXD9sEScsQoakFMKbAgtMIDbhArCFRdxNLCNqCn7Dpy+R4DbKcWc+A==\n=gLxH\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/modules/yggdrasil-wg/hosts/4/surtr.priv b/modules/yggdrasil-wg/hosts/4/surtr.priv
index b5d107f5..547a6d05 100644
--- a/modules/yggdrasil-wg/hosts/4/surtr.priv
+++ b/modules/yggdrasil-wg/hosts/4/surtr.priv
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVWdmSW5LUEhxOThUVCsx\ncGRjcWlyRHFkckFjSlpvQkJTbUNSU0VOZ21zCnpqMVRTTGhLTDJiL1ZsdWpzWjBH\nR3c2a01ZNFpJQVZjNDNQdFVWenFDcjgKLS0tIGZPKzlYaXNhK1ZKczJabk5LVy9t\nNk9yYjlJZzM4cnlKQTRLRWh4OXkwbWcKgkfqv1DybzCuOxg2Weqfi7VhzStwNiEQ\nVxQ0Cftdza3SM/em277BH73yVvBsRaKeDc3bL4iEFbVUzKS8eMqr6w==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-09-29T19:10:07Z", 14 "lastmodified": "2021-09-29T19:10:07Z",
10 "mac": "ENC[AES256_GCM,data:/hFdwXsAxrt3SCU0rbPPeBZ6mBsWcGkN3IMcOP3c28Df452/H0FM67/54NXwSErubnfIY4RXyGfj1dgLBV3A3r43E/F3uN4K8Qt1Ms+dJJdMjKiYpsOuCMgLe27yvI6LtUu0ePPJAPu+me1dOMSdvlQAMwNByrtKmLceMFVJ7gw=,iv:UauO61EBRWvVxYU2vlMI8nqIWw+KO1lEVIc82vVs4ZA=,tag:BzYnM9XcefVd/2T0JcMM2A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:/hFdwXsAxrt3SCU0rbPPeBZ6mBsWcGkN3IMcOP3c28Df452/H0FM67/54NXwSErubnfIY4RXyGfj1dgLBV3A3r43E/F3uN4K8Qt1Ms+dJJdMjKiYpsOuCMgLe27yvI6LtUu0ePPJAPu+me1dOMSdvlQAMwNByrtKmLceMFVJ7gw=,iv:UauO61EBRWvVxYU2vlMI8nqIWw+KO1lEVIc82vVs4ZA=,tag:BzYnM9XcefVd/2T0JcMM2A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-09-29T19:10:06Z", 18 "created_at": "2023-01-30T11:01:33Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAoHdrbuBJjuTnrUDbeAf7aeb6Kz6HbLuLiHZmSt/rSlow\nfgcSqsdYKMdSFeemRzAw++dBuIeduye31GGNDpsZUYyK9r90x0PJaFL3AABudAsj\n0l4Bm1YyqMDv/gzZeK87QDGpYZPu7+dkSrYO1sRe1qHrdI0L1WUs38l0eQM1qSUR\n4Gv4JBXNipoVTH8cfcGRvAy9y2+deEdzDtNK8rqLaQrc+q2TdV8Qlngp/EZqsQef\n=PM7q\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuqiDxCHFrVmb5qQox+HVmv8L9t6VKRxd5QSpQs4F/2Iw\n49oXhoqsVK/yVWiJ7HwpnqK7aSKAP4EjnRcMtk01kl45yZX58Q1GB3iUQy8h/k+t\n0l4BA3v5B+rWtWPifc7VZRnA+T97rgQdPVCKTIaijVeRx1j/GqrzH9ZiVAT/kuKV\n7TnbH6Jzt04hH5684zViJKqYPBwAufcLv5Ezay4L7gHkdZxWKKa/ttC5sIe46Yr5\n=ItrL\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2021-09-29T19:10:06Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAIQL7kGdUkG3CgEyRFdayydeTJGxjD4epYvaQBl4L0g4w\npKoTQuDf8FD3HeFI6ZO/jaE0BFX9Ifd3TYINK/XtqePOkYteos8aqJ/83t35aCIa\n0l4Bq2wt9BRR1pOQzJxnu8Dn9BsnOAQTp8JpwX5fY/FuPXTP8SV2XwWuHKnRd0j/\np7cSOUrog9agk9pc8tjwR+M451xN5AOpqdbqLkuNhi1b6QuxvI+sGsdh3sMz0UBs\n=5ozm\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/modules/yggdrasil-wg/hosts/4/vidhar.priv b/modules/yggdrasil-wg/hosts/4/vidhar.priv
index c5b2ea99..efaff173 100644
--- a/modules/yggdrasil-wg/hosts/4/vidhar.priv
+++ b/modules/yggdrasil-wg/hosts/4/vidhar.priv
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dnRQUHYveW56cVJHajhX\nYjdxRmg5SkVJSW1xZFZUaHNYTk9nM0d6Snc0CjhwSzc1cWZXRGk3TXNGVUVsdTZH\nTkV3QnEyQ3REbGd4NG5ZdEd3Rkc5SzQKLS0tIEpSUGNjMm9aYWdVdkNlaEhDc05K\nUWtKMThZU2tEejhxNTRNQ2o5VHZtQkUKqEtBGxwWfAlgHNsqW4ZXc4Ujw+Wf9HRW\nK4xw0foPTrL0XivkYcU8DomBS/77tjWgHe1BcK5DrqpjuZDJnS5log==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-09-29T19:10:37Z", 14 "lastmodified": "2021-09-29T19:10:37Z",
10 "mac": "ENC[AES256_GCM,data:iglf4GccydO5//TZbw2TWndqeIuZz3G1k7blAW1fNgoxdEDGN16NtsH+/iduQj27BsFhRdPXLO9JWmpeOjwzUMnmkuEOhmALYMZGaZRBzO/x6k5EICFacm6lGUHDm307hexzWtIpNaViuZJiWVlT4IDi5k3N2QaUCYp02AqzPeU=,iv:c5RCIl4zLxrWewc37QIwKIyK5lrBWwSe7Me/yP3UCoU=,tag:LfjGnveOB/lMGhOYk3Ev3A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:iglf4GccydO5//TZbw2TWndqeIuZz3G1k7blAW1fNgoxdEDGN16NtsH+/iduQj27BsFhRdPXLO9JWmpeOjwzUMnmkuEOhmALYMZGaZRBzO/x6k5EICFacm6lGUHDm307hexzWtIpNaViuZJiWVlT4IDi5k3N2QaUCYp02AqzPeU=,iv:c5RCIl4zLxrWewc37QIwKIyK5lrBWwSe7Me/yP3UCoU=,tag:LfjGnveOB/lMGhOYk3Ev3A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-09-29T19:10:37Z", 18 "created_at": "2023-01-30T11:00:36Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0wHAgvPYDG0FBH2rql1gX37YtzsK1K/AUNSarn71dAQw\nJ6FEldRQ6M+hN41ooX9DSebEtumtiLNQHnvShICw8ULFhrsgyGdUkZAb9eJ9pHnO\n0l4BDS9/MbcTpsZWW+LfFPAZCGsVi1eF5abQKDFDt5RMvxERefIR7jHd6vmjDKgy\nrESOG1nGFsvLnU5/OKJtSmWKDsnMh4ohJ1Agojh4YeVRUnFkM0vdihdZnEAlMz6E\n=DO1o\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAlKOiWmlABA+GmrO2WYQEpYH9iET0+VNv9s0nrOYH6jcw\nzmcxvYhJo9nevOjZi0iggw0oCJvPsrQWr0MDWvvivYIF+WYTwixvj2YOO4qUfaX8\n0l4BN24clzpL89V5jVQjM0xN4tKOrEH4RqVSLJ7Fd3JH2A7271OxLwhC4ZQtG+QZ\nugKRFCloZ5+lSiTMeywdknL5F++m1p5+tRVek3jHJUYCSXEqkck71QfKIo+HdBAu\n=dq2a\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2021-09-29T19:10:37Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAJ09HBaaPhDdTOfpzVxuhtzG7s5ZjVrpZWmKKeO23bGYw\n2ctQ4YdNJt5Wv0AhgA0XVZK06rHtBV18utaeXhP7DYZID+wyMUkO7UR4/hhEGmb9\n0l4BzTxnL9liRwH5zB9r7erJYcDOUixtqtriRaoHUM2hDemprMqg+GoBj/Js7V52\nOKCiNGx5uDZ83W6+SFITIExm6I9pvBIcKUNc5aXSov3IWRRik46nU1iqYqYg5n/0\n=2+px\n-----END PGP MESSAGE-----\n",
20 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/modules/yggdrasil-wg/hosts/6/sif.priv b/modules/yggdrasil-wg/hosts/6/sif.priv
index 56a4c6fe..c2df72f7 100644
--- a/modules/yggdrasil-wg/hosts/6/sif.priv
+++ b/modules/yggdrasil-wg/hosts/6/sif.priv
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNW50elZTWklNMGZ4TDU2\nOUlxbkN3SlB3U3ZnL1NJRW9XbFBoWW5yUEFRCmQ5VE40MUVEOEFkdHJHUHJMTmR4\nVnlMdmJ1M3d3ME9HY1NCRGZyYTYrOWcKLS0tIGdCeG8vM3lIcDRPakR5d3ZKcjhl\nN0xndjlOZXdiOHovbmJPZGhLdklCaHMKQycxaXqGVYh4ghuiyTJVQuNJxbNbr2Jw\nTUKmEZFYnrU+t+5uucSar4B/sxTHEcPaFOY9UDNMLa+n3rydJzpleg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-11-03T22:06:48Z", 14 "lastmodified": "2021-11-03T22:06:48Z",
10 "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]", 15 "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-11-03T22:06:44Z", 18 "created_at": "2023-01-30T10:58:16Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdASEiKC1/IWGM9kw+rR9wQTooxQNjFU80myZmmK/qIBw4w\nM3oBU1Jx3XLmbbkx+okzwzHI792Mfgb2dPaMnoy7GaiwdBhDcZQBg6wxJ0bV0WcR\n0l4BJ+3IQNgHRbmluWrb6WOmwfjMQoVP8apT4TMrJ2RQVd4sLNjucgqZ71qKlPpT\nVSEsff0EwQintmGU7+9xeTJSqbTCjyGph+S/ZvWPb8yRaw+RfGlV5XpJzuETx/Y1\n=GASC\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAitUzFTAXY988U9StftlD4hFZFBwOtA/cMEjigFuy/GYw\nnVNFcTmvW8hLny9TP3NyCSIq6jv9RI0c70ipvatw0K7P+EDxbGUyGskieoBSUU5w\n0l4BIHzI2C7Q0uOl0y57zwxd+Xc6ZqQbKxIaszZ9hZ0qA3F29hk7pKHGtKfe1Z/q\nX7T2yYcedDzG0hkfuLxCoWEBKt8luAb40vXP4Bas/NUTZfpqP2hNF+TLzqNPEpxe\n=l8qu\n-----END PGP MESSAGE-----\n",
15 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
16 },
17 {
18 "created_at": "2021-11-03T22:06:44Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA6KDXI2M9dQVaCTfbixQtx3TWEp3nsJrzX6xUOiVjs30w\n3dvPXRgVODNgkqg+GJQGgkyvrnnNjZU222Y8HpF8HBuFMjAigsUdpI0BoKTwSo82\n0l4BNgxO/SoxxPfekvTcqrTTL71rNjNnsR/aU3wOef2K4MUT4VpPPOsB/aGFAXNf\n/wi7sPXR0zVpafqI8ZdAupKjF+/A8wtkI2hnMi19P+zkZuG5AQ8ymlHGaCsUXWPZ\n=BfQt\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/modules/yggdrasil-wg/hosts/6/surtr.priv b/modules/yggdrasil-wg/hosts/6/surtr.priv
index 59000d34..e74eebaa 100644
--- a/modules/yggdrasil-wg/hosts/6/surtr.priv
+++ b/modules/yggdrasil-wg/hosts/6/surtr.priv
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VXF6TURLRXIzeVVreDY0\ncnRCbStjNDlURkJFN1NYcXl0dHRmRy9FQldvClFwRzlmdGhIZitEc0o1c3U1MDRX\nbzB1UWlGOWZuM1dmbTRpZWxNbXpPcWMKLS0tIGh1MUlVcWdCcW5uWWN6R3hBOWpB\nNEFRUnBOSDRKZitoTVFNUVZIUWdlb28KpxpB767bmLAD9uuWWgnwt48uixC3eCTj\nDhoGzo45a4FNnvIBex/NxLe2IpLl1ZSS5ISXmOFUnxsfzUrIFFlLPA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-11-03T22:07:35Z", 14 "lastmodified": "2021-11-03T22:07:35Z",
10 "mac": "ENC[AES256_GCM,data:ao6Sw1yljXJ5MtiuQx7/8Dajrvn1bs9qivA6z57nAjdYbRPulLMlwq4Aqdp3FGUdw3itIqO2GLGxfdxsNcOmN73+sR3ElLJB0VfD2uPpscR5JAGtc/Z9zTyjp2n+8X2ZcxpRIK4C/v/8kI7ruz0/DDf+UyWXmEYuL2cpnuCp2T0=,iv:RpSJjMtCZPamyQN8BVrqWMc8NWz8Ni+ktTaS7eEQABo=,tag:mr736mcGxje+q20NdPk2gg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:ao6Sw1yljXJ5MtiuQx7/8Dajrvn1bs9qivA6z57nAjdYbRPulLMlwq4Aqdp3FGUdw3itIqO2GLGxfdxsNcOmN73+sR3ElLJB0VfD2uPpscR5JAGtc/Z9zTyjp2n+8X2ZcxpRIK4C/v/8kI7ruz0/DDf+UyWXmEYuL2cpnuCp2T0=,iv:RpSJjMtCZPamyQN8BVrqWMc8NWz8Ni+ktTaS7eEQABo=,tag:mr736mcGxje+q20NdPk2gg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-11-03T22:07:34Z", 18 "created_at": "2023-01-30T11:01:11Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAocjF7FLoL3ZmU+TYqYNFeuA7YYueJ5lcF73p/+/Hclgw\njBsAZP7kDzZaQ+40cLfHwRFn6N0SoLlOI3P/gcLbC8hpGGsbRIDHQEPYDML1Aodu\n0l4BL1xwtqtVkdfr/YxCZgUeBgjuN9wcCqzKy+VeWNGOpM+l6A7Fnn51ycFLLiCg\nzHzBhYhkpHwU6wE8DAG7w1awvbZTSGpQhruoQu3TVCgdIdpgEdbCRcDptDDoAKS7\n=BezJ\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdALkvn+9skYnaxT0BfqXP+Uy9oNvleKZpq5PzQYNm2BEgw\nPK7jStEfb76FNvyj1ylHl85MUUZ2XXIecjB0z/IeAWL8YT+yeDz3tmouQ7FkhehD\n0l4BfGhKgZuIDLhTz5fBbZYVJ3Kud1vpwwUOLpGZTLpE0QaGS9WNL6rQJMl14sSF\nvG/sX53swmxAltJXZx8NHVYH26hOgRa8q9Du6+n+Fk/LOQG7argkhasqtKsUe2mh\n=g+qu\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2021-11-03T22:07:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAzqWPGgn4kKXUIsZscibGXyyihcISJDam75X5lZMfVVsw\nht/PSnpV/U0K8N7ABJ4YLSadxrCZ3L3EdoQWovAVIZpDf5slFN4C9RTgHQ4QOl4y\n0l4BoUau5bHJMvNXERmjCSg5dNrF4EsYA6qd1hRlSOj8Vfgl0rwcrvt99GGSXs4l\nqFRb9khKkN/dPrUZEynZl4xo+gyGM5PIwNkre+1SGD9AYTqN91WOFVHiokpsSxId\n=InEY\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/modules/yggdrasil-wg/hosts/6/vidhar.priv b/modules/yggdrasil-wg/hosts/6/vidhar.priv
index d2a30501..015fb7fb 100644
--- a/modules/yggdrasil-wg/hosts/6/vidhar.priv
+++ b/modules/yggdrasil-wg/hosts/6/vidhar.priv
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVVBsVG14MnpiZ2dxaU9m\ncXhBa3lCemdMWHNPS2RqRVF6WHJpd3F6T1drCnNjNVlTdnZIb3RHRTkxL2loNzFG\nNXJpMlNydzRxT0N0VWpJQ1I5ekQvSEEKLS0tIG91L2YzTXViNGhDM0VER09kVGcz\nNHYzMnF1cS9Nd0xCNlU3WHlJYmkrNnMKX5KbInIp2zVP8VJ7GmbV9XaUViZzyyye\nc57m/QMfLoazq4+5TylqTELYiwXmgddMaAYOynLP8fskJegVHw8O9A==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-11-03T22:08:03Z", 14 "lastmodified": "2021-11-03T22:08:03Z",
10 "mac": "ENC[AES256_GCM,data:DYVkiZUQgVXacVTab21+RqERTrwbKt4eiHB1pWpoTx9gyJIpNX4zOYOeWzye5u7oEh6Gsd0+LepRt3k5ne0BvkctDrVcElHREaIOh8+Dt/kC6x3RzZbyIG5IhVz1WPePAYXIIAtbYy4Ummp4gOxCsQ7mx1yod/tEEQ8bzNy3nhI=,iv:IpFZrxS5s6cx99DAifT7JDfTb0Kcu02w5ffTv+IPkYs=,tag:OwqBZC63PGbshj0W+JZa5w==,type:str]", 15 "mac": "ENC[AES256_GCM,data:DYVkiZUQgVXacVTab21+RqERTrwbKt4eiHB1pWpoTx9gyJIpNX4zOYOeWzye5u7oEh6Gsd0+LepRt3k5ne0BvkctDrVcElHREaIOh8+Dt/kC6x3RzZbyIG5IhVz1WPePAYXIIAtbYy4Ummp4gOxCsQ7mx1yod/tEEQ8bzNy3nhI=,iv:IpFZrxS5s6cx99DAifT7JDfTb0Kcu02w5ffTv+IPkYs=,tag:OwqBZC63PGbshj0W+JZa5w==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-11-03T22:08:03Z", 18 "created_at": "2023-01-30T11:00:33Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAG9h5v/5dQvH2I2F+0hRLWwKbTBeQgq1+OA2v0tEk9hUw\n4vt1Wt56cx4BbkhagNVX35UVS+yrJjJB9d+CDWSJCMegicew6IHqelnCv8Zglrxm\n0l4BI866f5QVEEP4+UVJeKlxqcwwW8xgJTvi1rgmACBhvnwDoq3ImO1S+PEDJx/N\noQodaudvWTCkzAq2ChpITv3KMF8IV9n88ivk7n40jj8siECO19J0GOTAxGsG3Dfv\n=R/DA\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAM+eVI1kFPyRhNcySQuM/lxseyeI0oOA0bk/JRNshUzgw\naxqY1yQzaCaqQR+uxZIffqWTfON6V9L+KOPi3G7G75rve1W65XRnWRr14ahUblqj\n0l4BU47uZ3EhBMMQyZwSdxbtup1E58ZPiMskyl3OckSSzIDMGyAtyHl/ldt+t/TS\nXo55zXaamS1evuMnGdxLIzuL72SvaO3TJ9JJFXcRuMdS/RPhx67S6TiM3z3vD4dM\n=6Blm\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2021-11-03T22:08:03Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA6n6jG3A5oRo5VrJeXejiFKmEibWZ32O5+m1FrfXMrhUw\nxAIy7qTBKl4jU1zlTFF8up45vzSTZTAvOhG4Nt3hmniJOXZpc6L18HVMLU1ka6CH\n0l4BvQ6n//4okOLO97OhInFijX58u5v5QbNdrcHYte8yctZ5bu9Ssqo0PpJo5MWZ\nX1SLzAdllgHbAdHgrhq/F5o2SN9tAbaxREKDQzV73TLvfIGOPjDRgoFgQHXRhu6N\n=OQrL\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/modules/yggdrasil/hosts/sif/private-keys.yaml b/modules/yggdrasil/hosts/sif/private-keys.yaml
index 9be82bc1..d48eaba3 100644
--- a/modules/yggdrasil/hosts/sif/private-keys.yaml
+++ b/modules/yggdrasil/hosts/sif/private-keys.yaml
@@ -5,30 +5,29 @@ sops:
5 gcp_kms: [] 5 gcp_kms: []
6 azure_kv: [] 6 azure_kv: []
7 hc_vault: [] 7 hc_vault: []
8 lastmodified: '2021-01-02T14:46:16Z' 8 age:
9 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d
10 enc: |
11 -----BEGIN AGE ENCRYPTED FILE-----
12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscEJ6K01KUDdNd1lTUSs3
13 T3FKcS9ZQ1g1UHRSeDBqbWJkYm40dVVPSVN3CjNIY2JHL2lrcXY4TnB2Ky9tcUZl
14 emRiMWUrSFgwK0FLUHpKelhvaG1jRzgKLS0tIExaeVV3OTBJVm5WL09hMnV4OHU4
15 ZkszeE0vMlo3WUpJNmxkNTl5YW55VEEKA+so8j95RSMcjx6yUrTmrovPBFAXiV75
16 FnAME65A9Mry+OyOwFPDhC7lvMY11Gw71H01Mo2vXbR96eCBS7K0og==
17 -----END AGE ENCRYPTED FILE-----
18 lastmodified: "2021-01-02T14:46:16Z"
9 mac: ENC[AES256_GCM,data:Phng7z7UlE6nO3FFIQPOHgKCqDm2uOGL57ryJbokjipSSdoWPinpz0zIJv9Z67b9uOf3CQoGtV4YwcudNkzDBKOyD8uA6RYwCKpbYcZIdiy8DLL46+VT/wq9toTkeDXM6jKupzzOARZhHT8DCOLqW7u8Q3S645cbTJmw0+LMIGk=,iv:y4KEh0+bKhtnSobKVdfaPuRsueNC1lcrEbUGfEAn+Bg=,tag:3Oi4e/hSgPVsoFQpnVQj+g==,type:str] 19 mac: ENC[AES256_GCM,data:Phng7z7UlE6nO3FFIQPOHgKCqDm2uOGL57ryJbokjipSSdoWPinpz0zIJv9Z67b9uOf3CQoGtV4YwcudNkzDBKOyD8uA6RYwCKpbYcZIdiy8DLL46+VT/wq9toTkeDXM6jKupzzOARZhHT8DCOLqW7u8Q3S645cbTJmw0+LMIGk=,iv:y4KEh0+bKhtnSobKVdfaPuRsueNC1lcrEbUGfEAn+Bg=,tag:3Oi4e/hSgPVsoFQpnVQj+g==,type:str]
10 pgp: 20 pgp:
11 - created_at: '2021-01-02T14:45:04Z' 21 - created_at: "2023-01-30T10:58:15Z"
12 enc: | 22 enc: |
13 -----BEGIN PGP MESSAGE----- 23 -----BEGIN PGP MESSAGE-----
14 24
15 hF4Dgwm4NZSaLAcSAQdAwWM12Zara3T2xDIX3rhakGxXFyme4LE5QZgE2GjnnWEw 25 hF4DXxoViZlp6dISAQdAtt8EY8x8Ue/kqTgv49k+1RhZ3U3MJ9i8UzUmwpaq0mIw
16 T/vhPfsKFCjA2kAmj41NupjvTPL/nzfd7+MrdHRfC462Jrq+UF1W8A4bUa3OMH5J 26 zHXj+7l+QuHHuI1SGraQ7GwWYbOK/BGhY6GgsjKGNPOBe0tVxjqIu9d6l2VnvI4D
17 0l4BuFhl93w/VBftvnG8oSBAFCPNDapNADjTVJQStgsZa0/uD93NnCxyQmtuJYsQ 27 0l4BfCR6ClScDi4Me1+rGaZz5NVLZZKeXKIXmPXWixjk0YXJEtVCfcp5oQHIpd/F
18 URlH0KMT6Kouaec4qk3SqkAHzaIIAukahBHAPf2C5cvXYw7AAOOBOdRaWycsmZDc 28 i1JniOvH9lEMjNkM3BuwNlG+5bVVlx2vzOqm/U6nUqMRw/KtyIBMpr3olq3rQjwp
19 =S4Ig 29 =ZA3T
20 -----END PGP MESSAGE----- 30 -----END PGP MESSAGE-----
21 fp: F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8 31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
22 - created_at: '2021-01-02T14:45:04Z'
23 enc: |
24 -----BEGIN PGP MESSAGE-----
25
26 hF4DXxoViZlp6dISAQdA7apd+ipJ0lUiuPI5Sq6uj6iOQYFfuNDuzse1JFJMfn4w
27 McsGPcbMorZV0OVFmg9vuZ0GP9sb7mkm+oRuY9OeMDEifjWGHJ2UN4TvdEcCO1zx
28 0l4BvYyzFbShlQjge7+nrzVi2lzEvqsozEW76K3arWb/iYLCRyl0/Vhw5WT4K/UE
29 fw4cbqz7JrogVLFNeWSRPk3Y+Dg4Pf9rQnw1EJhUEIczYjnfajPhYe5K4M01mOby
30 =B0n7
31 -----END PGP MESSAGE-----
32 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
33 unencrypted_suffix: _unencrypted 32 unencrypted_suffix: _unencrypted
34 version: 3.6.1 33 version: 3.6.1
diff --git a/shell.nix b/shell.nix
index 5f883cd1..c50c1991 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,10 +1,9 @@
1inputs@{ system, self, deploy-rs, nvfetcher, nixpkgs, ... }: 1inputs@{ system, self, deploy-rs, nvfetcher, nixpkgs, ca-util, ... }:
2let 2let
3 pkgs = self.legacyPackages.${system}; 3 pkgs = self.legacyPackages.${system};
4 utils = import ./utils { inherit (nixpkgs) lib; }; 4 utils = import ./utils { inherit (nixpkgs) lib; };
5 inherit (utils) nixImport; 5 inherit (utils) nixImport;
6in pkgs.mkShell { 6in pkgs.mkShell {
7 name = "nixos";
8 nativeBuildInputs = builtins.attrValues self.packages.${system} ++ (with pkgs; [ 7 nativeBuildInputs = builtins.attrValues self.packages.${system} ++ (with pkgs; [
9 sops 8 sops
10 wireguard-tools 9 wireguard-tools
@@ -14,5 +13,7 @@ in pkgs.mkShell {
14 knot-dns 13 knot-dns
15 yq 14 yq
16 nvfetcher.packages.${system}.default 15 nvfetcher.packages.${system}.default
16 ca-util.packages.${system}.ca
17 ]); 17 ]);
18
18} 19}
diff --git a/system-profiles/build-server/clients/sif/private b/system-profiles/build-server/clients/sif/private
index 3b39664f..11a4bcbc 100644
--- a/system-profiles/build-server/clients/sif/private
+++ b/system-profiles/build-server/clients/sif/private
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1c2cveXlHRC80NitqUHAy\nTGpDZU1POXVqUVZGUENwaXA2UzNRUG5IdWpNCjl2Nnl6S3dqbzA4VGp5OUYzVnBP\nR21tVTRSMHdhUVdHUGZ5MzNVWGMyTGsKLS0tIDR6UW5rTjBqSXZieUpZd3NMSWNl\nWW1xTDRtbWpxQTdDSlVwcnJBUmtlb0kKY3ArjYsxohdmy+fJDY65jgvUea73ECdC\nmro/2A+vpSsFGijCKoHnXL7/gcwBk7mY7tai9sjNdvam1BvrmkdPJQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-09-27T18:11:41Z", 14 "lastmodified": "2021-09-27T18:11:41Z",
10 "mac": "ENC[AES256_GCM,data:LeLaxKnUhMpXXlxiZaRw3pKnd8tzcd8I9CwO2SRuzvzo/Bi8cBHq7IrJUmG6PWrTHhwTEI2Ul4DEF4PygRZybjRYUEVLbnKqYGPf4P0nZPhBBH6Ogpdc0o2C1t7A+HIka99A75oXx81k0bEaj6WuqgtPpOA6JhirCyOCJ7xDQE0=,iv:5XNCFDirM1NzS56AVDiJxP+4IuSMComezM+1pD6rayc=,tag:8ECDILhztr3NAVl0RhiwfQ==,type:str]", 15 "mac": "ENC[AES256_GCM,data:LeLaxKnUhMpXXlxiZaRw3pKnd8tzcd8I9CwO2SRuzvzo/Bi8cBHq7IrJUmG6PWrTHhwTEI2Ul4DEF4PygRZybjRYUEVLbnKqYGPf4P0nZPhBBH6Ogpdc0o2C1t7A+HIka99A75oXx81k0bEaj6WuqgtPpOA6JhirCyOCJ7xDQE0=,iv:5XNCFDirM1NzS56AVDiJxP+4IuSMComezM+1pD6rayc=,tag:8ECDILhztr3NAVl0RhiwfQ==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-09-27T18:11:40Z", 18 "created_at": "2023-01-30T10:58:12Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA9mZ6ZMwa4Y4QmXMM1nMeFT6grP/xRfoObWlejEHcBC0w\noDm5V5YffnpSqTEKE8AzYbMvZqjme5Xwyxy79pqAbiHaThkQr8YN8HhHyRFIrLIq\n0l4BwKFGlxfxbmEcxx0B4NuUhOzs1S/lMvQhqhr38naFht3Bz9G3GhSrJdDiHVDb\nUwxvqv7GFnacRf9LMgIVCsi6485h2jbOZfx+xB3jT3p11eMyPMgEW1Q5Hwq+NM9k\n=DWiW\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAIyaBar/+e4YSSPS9eelsVpjzXf5kBSh1W3EgOZjblAw\nuIKrr4Qds/bgFHSoKZtzC6U8fbMddn6ua+tlguj8m5GCihUF0PgvtMb7tvZO0mGV\n0l4BrRfRDAr7THk5C1JCF2pWOpgyMVZP3X4kBt7Adbtg7HBSP/VVnRqlUUdwGAom\nt5q7Q+jdGrFdhoVczocAwUkypWF3GhGmAxAwAr9WgQWo3ruWBAcqFsbOSFhC5EQE\n=bfnH\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2021-09-27T18:11:40Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdAt2OVBFZSyyqqZtXnwN2h16edqa70UBrhDGhsID6jpnYw\nSuFSqkEZ7uGe38JDfA4fbhYHCMPIwt2E8o35Sr/UbzanKhjWu9+7R2v92zBBzBcG\n0l4BDU29ZKhQ65In2PhURs+5G3/qB9THB5vKAmP43RtS4pphFGH3uKwY1T7JSDuX\nYytSMKKBG4OnKlbMJd4SMRICD7aBuV6VPTmA6B3p+c8m5qcg7Uh1eDN0AxWJKr5o\n=pUaa\n-----END PGP MESSAGE-----\n",
20 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/system-profiles/core.nix b/system-profiles/core.nix
index e6c0e085..4d39d7ea 100644
--- a/system-profiles/core.nix
+++ b/system-profiles/core.nix
@@ -91,12 +91,12 @@ in {
91 91
92 sops = lib.mkIf hasSops { 92 sops = lib.mkIf hasSops {
93 age = { 93 age = {
94 keyFile = null; 94 keyFile = "/var/lib/sops-nix/key.txt";
95 generateKey = false; 95 generateKey = false;
96 sshKeyPaths = []; 96 sshKeyPaths = [];
97 }; 97 };
98 gnupg = { 98 gnupg = {
99 home = "/root/.gnupg"; 99 home = null;
100 sshKeyPaths = []; 100 sshKeyPaths = [];
101 }; 101 };
102 }; 102 };
diff --git a/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml b/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml
index ea424974..44ff123a 100644
--- a/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml
+++ b/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml
@@ -5,31 +5,29 @@ sops:
5 gcp_kms: [] 5 gcp_kms: []
6 azure_kv: [] 6 azure_kv: []
7 hc_vault: [] 7 hc_vault: []
8 age: [] 8 age:
9 - recipient: age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l
10 enc: |
11 -----BEGIN AGE ENCRYPTED FILE-----
12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRGR6UlVvdVg4WGZtUjZD
13 bU5LemdRQUdtZ0diVDdGdkc1TzVqOEtDWUNZCkVQQXIzUlV4c0pPSTZDdFZRRytX
14 NFNJYXgrU1JmSHJmdnY2bHNEeGFoS1UKLS0tIGZpRDdLUytQbmZkeHlodEE3VWJF
15 UGdOQmU1elEwM2lXbnRDNWtsTXVsY2cK9yhnGeJDWMPs9ibCpgfN0+NItG1Yy9aV
16 SyZsDQ7p+rg9n/uVji45ptNUN9vTvJAopyjo7fByRBc0YkYpCF7dlw==
17 -----END AGE ENCRYPTED FILE-----
9 lastmodified: "2021-08-03T14:47:32Z" 18 lastmodified: "2021-08-03T14:47:32Z"
10 mac: ENC[AES256_GCM,data:gWbmGMZ+/Ts7NP9J1q/kjQmJ7V6lJ5xFpjZNJ+aTOmkz7a6sG8SRvNEW/qrpJfCzEFdQJYhOW3X9FhWpb5U6j4gINrgqUGdusQpw0PmIieC5tCPQPlTPHMReK0xaZ3NViMdHJhGdtehGfPqAtA3Bifn2ZZzOrzTOaPN2fH11fZw=,iv:FhKERfmDPmWn5ZKkuHWMc/vINpmJTr0jZ1iCkSgAUEs=,tag:ibe+m8vz6b+a+as5mz4+eA==,type:str] 19 mac: ENC[AES256_GCM,data:gWbmGMZ+/Ts7NP9J1q/kjQmJ7V6lJ5xFpjZNJ+aTOmkz7a6sG8SRvNEW/qrpJfCzEFdQJYhOW3X9FhWpb5U6j4gINrgqUGdusQpw0PmIieC5tCPQPlTPHMReK0xaZ3NViMdHJhGdtehGfPqAtA3Bifn2ZZzOrzTOaPN2fH11fZw=,iv:FhKERfmDPmWn5ZKkuHWMc/vINpmJTr0jZ1iCkSgAUEs=,tag:ibe+m8vz6b+a+as5mz4+eA==,type:str]
11 pgp: 20 pgp:
12 - created_at: "2021-08-03T14:47:02Z" 21 - created_at: "2023-01-30T11:02:30Z"
13 enc: | 22 enc: |
14 -----BEGIN PGP MESSAGE----- 23 -----BEGIN PGP MESSAGE-----
15 24
16 hF4DXxoViZlp6dISAQdAFyVws/2vIBK6ohlM93FpgKt6RXI8RPgaJSgHKsSeMB8w 25 hF4DXxoViZlp6dISAQdAsxgiRdcehq5VsZ8SjbHnUW5oSI1k72TvbWFhM05k2Row
17 XJqXQ2YGG8X6kHR/SW3A//1hBbLAaT6cRj7PLtkabr/5vgJ1Yk+k2mCFg+fte61o 26 K9eYEtHiS9RItCQiJz78EeIbHNVX2Mj31kR8f068hyFPKE0s806uweRyQ4NZmUzl
18 0l4Bppl+iqVjECSJlrRp/GtbbyGlSS+pAItDZKAZOnrIYbx27CFfxNDDHv8EAFDP 27 0l4B0WbbQSieq7+Y60b0VhRfwEQZ2HDu48b9vSLezX2maK1+Rig7P/B0cfnbENt8
19 HoYtgpeVxgRuvIBMHexMiuFExExkddHpHkSDoT1iJOsK+SQEqbxSfZpEJIRLcjb9 28 koOItAU6YRllpNxMI4Amof30K2FELikTmVtTDQI5v3etcAsZoXryq2BczE2oONrG
20 =hvve 29 =/on8
21 -----END PGP MESSAGE----- 30 -----END PGP MESSAGE-----
22 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
23 - created_at: "2021-08-03T14:47:02Z"
24 enc: |
25 -----BEGIN PGP MESSAGE-----
26
27 hF4DbYDvGI0HDr0SAQdAvLR7Ngh3gqQAnmlCeSwKGwWXBNlBZxxliQBOkhhKcSow
28 V9mWDn01Iue3qHQwGCd7Om/9EqU7SkFrkxzgAIBRJpAmj0eP1zsgiWepawzQ4glb
29 0l4ByB+6R+V2SyGI9HcABJiLcTOIjVLgn1QzK0l4K2ewS2K5FSBGNzVKoT+p4J5a
30 ja6A7vM0u12ddlqkifBsqN7900gI2ZTUz00rDZqis3sJk9J8dyWsAdkscig7Htlg
31 =hZHL
32 -----END PGP MESSAGE-----
33 fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
34 unencrypted_suffix: _unencrypted 32 unencrypted_suffix: _unencrypted
35 version: 3.7.1 33 version: 3.7.1
diff --git a/system-profiles/openssh/host-keys/sif.yaml b/system-profiles/openssh/host-keys/sif.yaml
index ddef6dd5..bc66c1a2 100644
--- a/system-profiles/openssh/host-keys/sif.yaml
+++ b/system-profiles/openssh/host-keys/sif.yaml
@@ -5,30 +5,29 @@ sops:
5 gcp_kms: [] 5 gcp_kms: []
6 azure_kv: [] 6 azure_kv: []
7 hc_vault: [] 7 hc_vault: []
8 lastmodified: '2021-01-02T19:05:26Z' 8 age:
9 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d
10 enc: |
11 -----BEGIN AGE ENCRYPTED FILE-----
12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMzdPNTFsSmJtVzIrV2c3
13 aG9HbVo0Y0F2ZkRaclhuTlR1b0prVnVpSDNzCkxweHkwYnVaVnFLQWJkVmw2cExD
14 VEh2TU9NUzJkRzBlQnpUR09sUkY1RHMKLS0tIDhsWkh3OXRrY3JDaXR5b2ZzWWhN
15 MWVzNlBTa0xkZDZrMWdsU0lvemVRb0kKbTUwFHMXZqbVdKqBWSa0B81ymVGqS7G3
16 ZhchZZpZdQcKMQ/I/rkvJqFstuOuEHYvUWeKz04zL3W2BuMp/TwOXQ==
17 -----END AGE ENCRYPTED FILE-----
18 lastmodified: "2021-01-02T19:05:26Z"
9 mac: ENC[AES256_GCM,data:yJGzs0W0R+b6WPkUaQc9cxeTBBEXot0ffUAG77Of88kREFsD5ams9qEDCs8LhPhMtLSH5L8bqMLF28n2w6d9gf41NDBl/oj+XTJE26c4D+MWF2A0fqTvwv1l3524TfavVU8iur0bCbytNfcHSZ3zCQAYElswOGupO+K0Y3hwKKI=,iv:jHSgQV6Jg2Yckp8G0Z23Ny74ZQxZ/+C/neXKrEWUVak=,tag:DhOr2cVhIq8i4JAO+fdXxA==,type:str] 19 mac: ENC[AES256_GCM,data:yJGzs0W0R+b6WPkUaQc9cxeTBBEXot0ffUAG77Of88kREFsD5ams9qEDCs8LhPhMtLSH5L8bqMLF28n2w6d9gf41NDBl/oj+XTJE26c4D+MWF2A0fqTvwv1l3524TfavVU8iur0bCbytNfcHSZ3zCQAYElswOGupO+K0Y3hwKKI=,iv:jHSgQV6Jg2Yckp8G0Z23Ny74ZQxZ/+C/neXKrEWUVak=,tag:DhOr2cVhIq8i4JAO+fdXxA==,type:str]
10 pgp: 20 pgp:
11 - created_at: '2021-01-02T19:04:29Z' 21 - created_at: "2023-01-30T10:57:39Z"
12 enc: | 22 enc: |
13 -----BEGIN PGP MESSAGE----- 23 -----BEGIN PGP MESSAGE-----
14 24
15 hF4Dgwm4NZSaLAcSAQdArkswGx9w0Rbfp1N89qALAbPMhboirsnlNvms/FomXiUw 25 hF4DXxoViZlp6dISAQdANv2DNGghv2Kh8xkNTxD7zLoo9CA0wg3QKJ6MHIFfDyMw
16 taW9n4oEJ5oW2UYzNNn72SwF1jYbrqczAbxt3dM9PSz1gHFoh+ZJhGokVFJvJ7sO 26 v6VzYeLDETRzJnqbmNrUD4iumJJfLUsbiBdCFNYsuiGgwrzRKLRyFYZ/vU6WGetm
17 0l4BEOkWmL/9uyOiCq574nH6OxxTPu9C4GNU8lv/Z/qJ+oAocJkGknsIJzd8M5ax 27 0l4BK8qWw4Te7oRdHymqckpf9G6elyM+5z7ZDVqcFp8frmKJexP3e95UJU4I0rOj
18 Fo/HqAGGfvnH3RI5FO3tTxfAKlfxlO2MJ2lsCypJuez5WewPnaTPjTbogjhzG2aQ 28 MM6S/XcDsMVdxDo9hliZ1t6aTiBizqpBCK+YK6SrQ+OuoS5PSpSqfq2w5sLIDGiJ
19 =HXLp 29 =cLdo
20 -----END PGP MESSAGE----- 30 -----END PGP MESSAGE-----
21 fp: F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8 31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
22 - created_at: '2021-01-02T19:04:29Z'
23 enc: |
24 -----BEGIN PGP MESSAGE-----
25
26 hF4DXxoViZlp6dISAQdAUSTwFAciB+Yh2IieFoN/xmQd+GU/g+cuKej6cZk78TUw
27 ETM8c1TSovML5q9usUX0pl/AbRBwp2In47RMkTn4Mul1XxJuXhgCnrc5swwYrS+h
28 0l4BOxJ3bF/yYyKfGrmc/mNe51sdHH+fgQ9IXaQhcopw4kyZqvBXhJF/oP/mhnOL
29 VMhsfg50ol1XmXVefyo5JPedbzABm3vRZv9U+/zvKNJxIro2hWchd5CxvzN4l/MR
30 =30r5
31 -----END PGP MESSAGE-----
32 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
33 unencrypted_suffix: _unencrypted 32 unencrypted_suffix: _unencrypted
34 version: 3.6.1 33 version: 3.6.1
diff --git a/system-profiles/openssh/host-keys/surtr.yaml b/system-profiles/openssh/host-keys/surtr.yaml
index d31fda3c..0f52b912 100644
--- a/system-profiles/openssh/host-keys/surtr.yaml
+++ b/system-profiles/openssh/host-keys/surtr.yaml
@@ -7,31 +7,29 @@ sops:
7 gcp_kms: [] 7 gcp_kms: []
8 azure_kv: [] 8 azure_kv: []
9 hc_vault: [] 9 hc_vault: []
10 age: [] 10 age:
11 - recipient: age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
12 enc: |
13 -----BEGIN AGE ENCRYPTED FILE-----
14 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtSjcrWU1JMTZ6QW10WHN1
15 bE1CSFY0elZJMmFkeHk2RUc4T0NUc3FRNFJRCkYvOER1TkNCVWdnclBTWTFvSFdy
16 cC9Cb2x3WE9rbXE3T3VmRndGekNoZEEKLS0tIHlpVkltY0sycjFEOHlGTmxaekdw
17 MEUyS2pPNEVzczREV3B2VUg2MWtaZG8KERalK2XJUSaM869qorBm7HedJyh/K1er
18 31FqcarjOFG2TYMqWfxiWwA2bU23+QW2r1u+gld+KBUVblHB230XsQ==
19 -----END AGE ENCRYPTED FILE-----
11 lastmodified: "2021-05-15T13:05:09Z" 20 lastmodified: "2021-05-15T13:05:09Z"
12 mac: ENC[AES256_GCM,data:ATdT6u3dMOgaBVg7cS5tpaA0fyoQdlW/jSzwPjm1mi7j5rNkilIiqIR+C159MrI5eeApkyOpzQP2lIAlANjbO+TlO2YIYd0Ue8pdoEZGQvDyWv3AARLfdlaPzFAGAnBnjihVmKp2kQjfmcSJkASBQM8e89R1PsAKGhH5xS5b0zM=,iv:UyMsuxYWVs/Q9/HTfPtjDNf+tUOHSAqA3klFt7yewYQ=,tag:Vu8xY4NVdw6MvjDWZwiO4A==,type:str] 21 mac: ENC[AES256_GCM,data:ATdT6u3dMOgaBVg7cS5tpaA0fyoQdlW/jSzwPjm1mi7j5rNkilIiqIR+C159MrI5eeApkyOpzQP2lIAlANjbO+TlO2YIYd0Ue8pdoEZGQvDyWv3AARLfdlaPzFAGAnBnjihVmKp2kQjfmcSJkASBQM8e89R1PsAKGhH5xS5b0zM=,iv:UyMsuxYWVs/Q9/HTfPtjDNf+tUOHSAqA3klFt7yewYQ=,tag:Vu8xY4NVdw6MvjDWZwiO4A==,type:str]
13 pgp: 22 pgp:
14 - created_at: "2021-05-15T13:03:47Z" 23 - created_at: "2023-01-30T11:01:54Z"
15 enc: | 24 enc: |
16 -----BEGIN PGP MESSAGE----- 25 -----BEGIN PGP MESSAGE-----
17 26
18 hF4DXxoViZlp6dISAQdAr0a9IJdY95UvcmMkCS73pQZVdjqHnVTTcpCXYuqkmiYw 27 hF4DXxoViZlp6dISAQdAjSdETS6d69a1/oKUI8daYrFlgxUoZFio/da+sNKNXQkw
19 rTIqyEsqpoSrkR57LBNX98ix99H/hvj6x8+dsv+K/nJQ9Jjs921UW2HJ8hPMD44Q 28 RmSdXtBEyeAbWVG7kakE175ZebeL6OR75bakr/iwfEzEx+B9mkwgWVcLbTkfPpBg
20 0l4B2MyG+We3OClbt8BJmDo38/+/k9zSBdW2zbYEr4zhG7SCw0BryrPJwGAW54KT 29 0l4Bpd+/q0P/B6S2Uzbr1I3IKWUFQP42nTVyqZu3BK226hLbZo/JItVPZdduKyX1
21 1fdnNwzN5jdFRObhkq8I725IaU4d7GYrpVebw29HP2fd0Uf+62iBToraRJNj3sxL 30 c4I991LRc8Z5wSa6yoS8fLem+GTiLlgCyfGHOt2j0WN8ofuhYP0qfLHtiFeF1ys8
22 =JRkx 31 =vUaH
23 -----END PGP MESSAGE----- 32 -----END PGP MESSAGE-----
24 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 33 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
25 - created_at: "2021-05-15T13:03:47Z"
26 enc: |
27 -----BEGIN PGP MESSAGE-----
28
29 hF4DyFKFNkTVG5oSAQdAINIHQVygfLGVo2gdlKCoojmD5layNM6K/QlQR/CsaTsw
30 SY+3psZUwnwwe7QRnt2gHSOUgYrG6/nhiCAfxoZBQZ6zm+v0IUdbRKEJhhGJnHfV
31 0l4BUMxGLYHapIPjzTUwYQv9rF30zO7pJ3vU+4zkReNOcPzENLGX1uZu/1aULOcO
32 F33lTLP2B9B7pjvPoetJiuds3jO7JZrN3mFhIf7MTZyg5dMBbDSnUMJ6NIW+ug5F
33 =SAFL
34 -----END PGP MESSAGE-----
35 fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8
36 unencrypted_suffix: _unencrypted 34 unencrypted_suffix: _unencrypted
37 version: 3.7.1 35 version: 3.7.1
diff --git a/system-profiles/openssh/host-keys/vidhar.yaml b/system-profiles/openssh/host-keys/vidhar.yaml
index 23c43194..c1411bb7 100644
--- a/system-profiles/openssh/host-keys/vidhar.yaml
+++ b/system-profiles/openssh/host-keys/vidhar.yaml
@@ -5,31 +5,29 @@ sops:
5 gcp_kms: [] 5 gcp_kms: []
6 azure_kv: [] 6 azure_kv: []
7 hc_vault: [] 7 hc_vault: []
8 age: [] 8 age:
9 - recipient: age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l
10 enc: |
11 -----BEGIN AGE ENCRYPTED FILE-----
12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaFFEWHNodTZOMkdTampi
13 QVpJSWdtUXFBTWZ0OC9MQzlheTNScEJ5WGhzCjQrVit2VjBaUmxGSXJQNzFRc29F
14 TTNKV2Q4MkJCdXVHYVJERkVmVkIzblkKLS0tIEx2SzZFK3plc2E2Wis3WE5xQjI5
15 cXA1aWpKZkFkb1lRckEwdnZUcnloNHMK8UEdVQDvisvcmZQiUqz+IuRfcTIXkKBS
16 UM8G8/VCmw5Dns2Z5QnpcjYrnGNFKj7THbTtzIdgBT303PlThj8dyA==
17 -----END AGE ENCRYPTED FILE-----
9 lastmodified: "2021-06-17T18:42:01Z" 18 lastmodified: "2021-06-17T18:42:01Z"
10 mac: ENC[AES256_GCM,data:Mqnozqkhcfom0F1lSjZbCJDPXKLqWnRKwHh9tpbhpVYSmSeGk3iHVR+qOkL5/cTCnaWyzsAlJuRm5rmKGuKVqXSXWYSzphZ37c0l8NfPgDKomu5iHyQ6oEJsvSv411zdgHKZximeEwZhVfNf9I3FmTujXK0JiZwDRPoOTwnd7wY=,iv:zjfELB9DmW4vhVg6dbT6vf8SIBLfZod6JAXYkotiiL0=,tag:PkgF5uTST2UkM1ftl8ggmQ==,type:str] 19 mac: ENC[AES256_GCM,data:Mqnozqkhcfom0F1lSjZbCJDPXKLqWnRKwHh9tpbhpVYSmSeGk3iHVR+qOkL5/cTCnaWyzsAlJuRm5rmKGuKVqXSXWYSzphZ37c0l8NfPgDKomu5iHyQ6oEJsvSv411zdgHKZximeEwZhVfNf9I3FmTujXK0JiZwDRPoOTwnd7wY=,iv:zjfELB9DmW4vhVg6dbT6vf8SIBLfZod6JAXYkotiiL0=,tag:PkgF5uTST2UkM1ftl8ggmQ==,type:str]
11 pgp: 20 pgp:
12 - created_at: "2021-06-17T18:40:20Z" 21 - created_at: "2023-01-30T11:00:38Z"
13 enc: | 22 enc: |
14 -----BEGIN PGP MESSAGE----- 23 -----BEGIN PGP MESSAGE-----
15 24
16 hF4DXxoViZlp6dISAQdAQwuTgiFIyIrS4Qc9tUIsLuh4RtjuoVRgChVkCs1Svyow 25 hF4DXxoViZlp6dISAQdAlWuohv2wVcF7jjPke0PDChWc4zsft4kU9v1P6Gq9ZDcw
17 KBGrbWCC5tqnQfCySglrwK7Zz8vg8nsGeDAshQvCf67YDaj+FUrdz68DH0WYRZ9D 26 pAC2BNsjeQr0Pcg/rf5kf/m2dh/+9B6eVf4TkdNtc/PA/6jqryNvBFHI3OG5Hux3
18 0l4BrmFTOnCPZHY/488E14BBm2lNWYwEimWx4FnEQmoTL+ph/XdTtizgQkQlQLc9 27 0l4BCTURwauath8oQMvnJz9LX9YzZ36NSRH74HzNNu1KM/0BoAWUkAkZL9RLXzsR
19 tXdHGbeVkEACKE0znF4pFrBs3qKmp9EPJQ4aFUkvdJkb7aadnukUUFzO7/WgMuSN 28 ct/0gk/jp+SvdaGUCYIjCPdqNU8I/oAhNs0ANPzJEMjcUEfJJ8nFOObck5j5u2mg
20 =G8tT 29 =HSQH
21 -----END PGP MESSAGE----- 30 -----END PGP MESSAGE-----
22 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
23 - created_at: "2021-06-17T18:40:20Z"
24 enc: |
25 -----BEGIN PGP MESSAGE-----
26
27 hF4DbYDvGI0HDr0SAQdA9zTLIX+OV+zv8R7SrXOkrV1koa1aYkg+164QngxWpwAw
28 wyhwHxqISWYeSAmM9xA27vsJ754sXGVVMB5V3FyUlFTWuIVUkUuhq4ijY/PIJle9
29 0l4Bryp2R72fLE9W82DmEE1XWlxSrAJ15HGIjMI1RVop3UDXQfYdlaP9paebLVaY
30 cnGncYKIs33GzVDXfaMFmPqamvwpwR5yw25KYGnUfBhaIgSQgcpmU3zwua73ICH0
31 =bvYm
32 -----END PGP MESSAGE-----
33 fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
34 unencrypted_suffix: _unencrypted 32 unencrypted_suffix: _unencrypted
35 version: 3.7.1 33 version: 3.7.1
diff --git a/system-profiles/openssh/host-moduli/sif b/system-profiles/openssh/host-moduli/sif
index 185611ad..334d23ff 100644
--- a/system-profiles/openssh/host-moduli/sif
+++ b/system-profiles/openssh/host-moduli/sif
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacUpEWGR2Q3pwekRiYllz\nSWlsbG9rWjFCMlRZd2lXNkI5QmNZekFrRUhjCmxDamlwK09EMjFoaC9IR0hTZnFN\nOXJpYkg5clVvVDBabGQvSzhTRHZ2Z0kKLS0tIDYyTXJIRUV5TTdnbllTTUVhemV6\nVFlxaXBZUTYyNlUwRk9YWlA3NDZRakUKYHKZf7bYI4xm2plyI4QFGzMJMnQ1Nipu\nbR6jbSnHJTaYCJLUZTa0lVcrHBdbHK5gjV0tWOjAkG7z/PUXc8oInA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-12-15T15:25:47Z", 14 "lastmodified": "2021-12-15T15:25:47Z",
10 "mac": "ENC[AES256_GCM,data:21q8E/Ngod7Yp2eqtJXlXuYnxfDiWI4xvNGGX1kqVwj+4/7xUOHh9ieCBNrbJsF5q4HEHom9XIrMJBbDzqcNq0vlyw/KdYKP68bKUEQsaQh38tRgYpAnpRdXCOtzsfP8mTX2uIZasHM16HHLNkEo6K/poGxUMUdf1xrBnhOIwes=,iv:vFfGnkEkn6+UiFni1wGQexdB6I2VXmt7ZgMkXT1mDU4=,tag:f3f9PY8mF+CG2KnOL60n0g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:21q8E/Ngod7Yp2eqtJXlXuYnxfDiWI4xvNGGX1kqVwj+4/7xUOHh9ieCBNrbJsF5q4HEHom9XIrMJBbDzqcNq0vlyw/KdYKP68bKUEQsaQh38tRgYpAnpRdXCOtzsfP8mTX2uIZasHM16HHLNkEo6K/poGxUMUdf1xrBnhOIwes=,iv:vFfGnkEkn6+UiFni1wGQexdB6I2VXmt7ZgMkXT1mDU4=,tag:f3f9PY8mF+CG2KnOL60n0g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-12-15T15:25:47Z", 18 "created_at": "2023-01-30T10:58:08Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdAW6DaLuD3PBHWOi/FhLypLG8ztlLA7iEM9dHpaCWZQ1Uw\ncQWK+bwQ5OqJmdpwWy7h00Qg7H54s1wFEhfd5ahelvh9cGJhPPTQ/7N2M9T4RmiH\n0l4BAzeYWqGMZZMIm3x7Z2iWYPyUhDauWyfI7M4Q6sRL0rIZbM5uoVPfKSJI5xQO\nUdfxo9HYaD5WqTwzv/nvJppLcEKiXmxBI8BCdOsj0brwZqxddsj/0LxbPZZX6qm4\n=KIzd\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA6BH/4ATbobDju0iNWQyZrkXSAiXzj5JI+5rHFWCoJGkw\nmTl6Z+ztLz6lq/07WTDcmbwaxe9G9bvgiAy5/DBzLdBhBFpYb9CYK5zg4l5hBchA\n0l4B1gS8DB8WLlCwDECr9TwEvF/GE9IPU/tXL4/Gw8ELsiXFFfJbpQo67AfJFZyq\nBbzlLi22Wiqrs1TycFPDMBEb7s1uD5hRYgNxgrBiZN7HGI9AWAx0FIMIWnMddxBv\n=FTc3\n-----END PGP MESSAGE-----\n",
15 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
16 },
17 {
18 "created_at": "2021-12-15T15:25:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA/UzNxEltkfAAR1sGy7xW8A2VFlpzmenYaO0yBLOtUScw\nlebIwkrypFVgFFoF9IKWP/2BF0iK9IWoEvmOMvNNvXqA25m7NGFc4T1JIPbGQxCn\n0l4Bi/jbkWH1ONXVUvRqluHT9mrLRsSmxOZRRQgoaeagziD0Lk4lbGumY18/vdEb\nzH1U6a1ut8NdfpfTPsRRQvkcKVP5WskTQaC9dV+pHe8ilAJofM7JHDamZLgFIs1H\n=SIt/\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/system-profiles/openssh/host-moduli/surtr b/system-profiles/openssh/host-moduli/surtr
index add17d92..354835d6 100644
--- a/system-profiles/openssh/host-moduli/surtr
+++ b/system-profiles/openssh/host-moduli/surtr
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdUJjR2dONzRFaUtuR2hj\nSndzVzcwZlo4bkRYc1p2UjZubW56MG1wSFdVCjJVdmVGYW5yc1JFSDFoMXlvSCtD\nbHBwRlg3eHFtYU9YK0Nyd29jL1p3azAKLS0tIHFHQ0pxQlYycFdUbWhSTUVmKy9a\naGJXZU4wb2ViZDVIU0NYTlV6eWF6MEEK7OP2gCsPOQ+5URsVfmyXn2RVW+/Lp2ze\nDfqeVo4M34NdYbe9mDVR1dCJYaan0EKemXDlY8F1T2HPS8feIvNoZg==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-12-15T15:25:43Z", 14 "lastmodified": "2021-12-15T15:25:43Z",
10 "mac": "ENC[AES256_GCM,data:YMeb6szcGvurFuuvlb8L8AKQHH64r6a3mY/KQdjSf2vkdQDDGC6EzsH19Ct7QAmJaMRPS8zL4cTSF8TMrKqEfvkOl0QDuyUZmu9rKVJsZKdgxe525BbJ9v/FwmCA3vu8HQvWG3tX8GQrWMzPzGWhLFBqzAKl1OENfuF6xsCxznE=,iv:h8ARohKVaSZ1uejsRW2o1b90W8Z812UVIdfC9FCRRWA=,tag:FmMNB/eSVYJuamezhH0MLg==,type:str]", 15 "mac": "ENC[AES256_GCM,data:YMeb6szcGvurFuuvlb8L8AKQHH64r6a3mY/KQdjSf2vkdQDDGC6EzsH19Ct7QAmJaMRPS8zL4cTSF8TMrKqEfvkOl0QDuyUZmu9rKVJsZKdgxe525BbJ9v/FwmCA3vu8HQvWG3tX8GQrWMzPzGWhLFBqzAKl1OENfuF6xsCxznE=,iv:h8ARohKVaSZ1uejsRW2o1b90W8Z812UVIdfC9FCRRWA=,tag:FmMNB/eSVYJuamezhH0MLg==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-12-15T15:25:43Z", 18 "created_at": "2023-01-30T11:01:11Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAX8kv17uqd4B748RbahV3p8ACfHYJNcbISk+ixdujmW0w\nlNVl6ApjAuL/NetnRAKEFDYOO5SkFvF7Xg6pLtDeb0Muj5U9L9QJthaYcflKP63t\n0lwBQvZiNLHGLIOVDy2/2f/vHOxHoxnCb6F9Kxwbvkn/UOSYvzPgYRGnIoloEjG8\niA4gVX3gp+/Qa2EZOpnGRLLawrNyQEWh2xj1uNQigDC72YZq4MFetMaMVoMhcQ==\n=rDe4\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAzwTfDBoUHh6BK9+gIAZ9y2g2nnc/KnqafmI8NX1L31Yw\noU45Ov8YXFOU1fvxXZhgABOCwol3i9qUqVIo1Y2bihy46pmxle0tZhABsYki2ZaD\n0lwBQ0SrmGJp21FiV6iT7BhM23NrqrEEoIjSQh4eOaYwiAY9h9D7EM9vm+vhqZDr\npTE4pgV8JVGFYrc3caZQz+bZS0bV1/k8D3OKRVbsBUzt+G6XYP4U1MvRgmJeLA==\n=r38R\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2021-12-15T15:25:43Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdANEPf+2mPvxZFAflTwftmQ4xOnfwxtjZORevRbzaT+yQw\n1K/u+AiK/3FmBcyFL+eQlaVDSxMk+CkeAqOC/4Mt/yGhnkUmj67/gqexKu7VIHVI\n0lwBK2KxGTtR3qmFLDVfEVBBd3OP38t40oV9izR8iFNuT7JDp/6QcZ/mczamLRdf\nJst018V/2xJ91tP0ROswFKLkAnLcrg925G2ug0qe9ImQxYcW9qf6VRQNYAGIJA==\n=Mezc\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/system-profiles/openssh/host-moduli/vidhar b/system-profiles/openssh/host-moduli/vidhar
index 1a14d907..9fc11fda 100644
--- a/system-profiles/openssh/host-moduli/vidhar
+++ b/system-profiles/openssh/host-moduli/vidhar
@@ -5,18 +5,18 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdG8wVDREaHY1b1FIdUFR\nTnZXSWRVZkp1S1UyNHdCeEJuZzY2M0dET0RBCjhPOW9KWjJkU0RUUG9HZyttR2p5\nNkVMOXZtdFhWamdaRFpwLy82U1BwOXMKLS0tIGtrWXlOWVhPK3VmZ1VuZkVENHM4\nS0VyMC9nU3RxbjlWV1UvVGZQcFduVE0KkVGPZsy6lgvkDRf72D5nTdeJDqn1X2hf\nXXkMELfSavUPWbCytAQ8nLQ2fGpOfFQud3OSbNSVOSInimWutcCe3Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-12-15T15:25:22Z", 14 "lastmodified": "2021-12-15T15:25:22Z",
10 "mac": "ENC[AES256_GCM,data:TGN7cJWHvZqLSN9LsrzdtkajrFMVI82s4F052ujz6q2aU8R9SR0+kw/tOV8Pe3SyQ62RSDykxjI/ONaaJXtPx5U0QcIH/v1SLliox3q/RfludXdz1DBLiKxG+8DMPgT/vfIweAk3409qgfbiE6EIBw+WaBJY3LbAFDsUUaulwno=,iv:lcie69ZCGKTykv41ZKfcqytt4T9BDIGPlDA2cqtbQiw=,tag:lDnq5X9G8deScusDcat3ew==,type:str]", 15 "mac": "ENC[AES256_GCM,data:TGN7cJWHvZqLSN9LsrzdtkajrFMVI82s4F052ujz6q2aU8R9SR0+kw/tOV8Pe3SyQ62RSDykxjI/ONaaJXtPx5U0QcIH/v1SLliox3q/RfludXdz1DBLiKxG+8DMPgT/vfIweAk3409qgfbiE6EIBw+WaBJY3LbAFDsUUaulwno=,iv:lcie69ZCGKTykv41ZKfcqytt4T9BDIGPlDA2cqtbQiw=,tag:lDnq5X9G8deScusDcat3ew==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-12-15T15:25:22Z", 18 "created_at": "2023-01-30T10:58:44Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAOMM5qr8oIMrwC9XnI81qXanL+mNES3BUtSEQja2rIxkw\nUcPUQwHVfdLxORsWvBST5rxAl80Zd7OtEIwW/8jv+rWrPin3p/QyE74QjbteGP1N\n0lwB/jfcWF/gQ6JNl8npLzJjhAsKcF48F73LZNIdgPN0y18Bsw769AvHfnnoEv8S\n7QkOGvsxcxMGbOF3MC6KQS4/v9HB5WYxYYTv64ghv4fiLlsY4pWC++YKhRU0ig==\n=mXew\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAlMB0ggiMSddBEhLfCGK3gOlVH4aRkbGeE33oFLHUYE8w\nxCPwrLtRWk5RY07DNgY5YqPm7zQbLl92XMrPoQCH6wT3cLioTp5xnqZYeg8hcEKp\n0l4BwhTdbPpaxOPsM/yL+to5/azduvt4Kkoa98biYsaHKBBP7ftargoRqpfZpAtH\nz6lntvvN6dZxzQZPJOxhtyBWSJrD07RwOAnH8mISQeGZ3TtI/H0XX2TMUtk9WUIW\n=ugnu\n-----END PGP MESSAGE-----\n",
15 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
16 },
17 {
18 "created_at": "2021-12-15T15:25:22Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAS1MGd9uGu4TkT4lhQGD7+xIJc/aIDnJ2BTpugL41NGow\nuwl7T9uPfzD9Z4VR8kkHLey9aTHIsEloeKwc3RSZllSI0MPLMxOT1m5f4NDKikoe\n0lwB0BQEjwS4TDzzlAKHZOjEXLH8nnjCwLMvphgcZv577NQb1PK5DxJYwOY6IPA3\nsVw2WqO6yejjn2aKh8ysCd5PFpT27W/7YCotleS74rZ+4njMtro0nFEetoq8SQ==\n=U6E0\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 } 21 }
22 ], 22 ],
diff --git a/system-profiles/rebuild-machines/ssh/sif/private b/system-profiles/rebuild-machines/ssh/sif/private
index ffac520a..47c6f5e3 100644
--- a/system-profiles/rebuild-machines/ssh/sif/private
+++ b/system-profiles/rebuild-machines/ssh/sif/private
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeElJa2JFRHoxcy8zL24x\nYVdkRUVmb25ZYXBmaCtOZG52MzYybFcxUkNFCmJlU0swY0tTSFlPRnQyaTVjTDFW\ndTF1RE5wRDFXNDdOWnJWSWtOY3haYjQKLS0tIDZwU2xiSUttTHNGclN6YitiUmtE\na2hBTzJSWVJoYnhiUWpURVZQQ2ZFeU0KzftYJbiS284NdmxHpFSiqiZSem4qhAOU\nhdZKbLhtiuoZbTfDqcgyfjh8CZ+TULRGIFD5Jl7N18MXhGql+BY0qQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-06-06T15:05:54Z", 14 "lastmodified": "2021-06-06T15:05:54Z",
10 "mac": "ENC[AES256_GCM,data:Cf8WbqV4bqkg+W84hRSjMsrqzV7QZqAJeU/DrlN94NRaLDbayXK/kbxz9gMWY6Eyv3D70ulc75EBojZF1SXfk/WpDHpVJ4DEizb28oIfE4x88MmQ7ZJuskqXQaFa4MohJVQ/7ukr9bTjNMm7RFtq+yNKkIy6mj2YBk6BYsPgwic=,iv:kq+FpwQEWJo18QEEqG1uZ3uJ1MpklqN7Oaj0fPw8/0k=,tag:FYHLHjzeD+28KHD7x5JwGA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:Cf8WbqV4bqkg+W84hRSjMsrqzV7QZqAJeU/DrlN94NRaLDbayXK/kbxz9gMWY6Eyv3D70ulc75EBojZF1SXfk/WpDHpVJ4DEizb28oIfE4x88MmQ7ZJuskqXQaFa4MohJVQ/7ukr9bTjNMm7RFtq+yNKkIy6mj2YBk6BYsPgwic=,iv:kq+FpwQEWJo18QEEqG1uZ3uJ1MpklqN7Oaj0fPw8/0k=,tag:FYHLHjzeD+28KHD7x5JwGA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-06-06T15:05:54Z", 18 "created_at": "2023-01-30T10:58:10Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAO0QzeTgAkvdr+w43Yk9a0X1AmwQd1b1CFPNbINQbvSww\noa85a30JfMy9r2LRfTd9S8sd7rAfOaRCaPrJVWHQBXd0s36Ux8gSktcAM+PzYBCE\n0l4BkVI6bLaO756h5ru+gANRuqMRKgpV8PB3PMmIlhinUAZFsmNJb1T1O13JkMsM\nMuygJ8cg8LukjEeXM7jnWO52cX1NcoquhJK7f0eVvFMNW3Iexf9pI0XC0iSYW69B\n=lQQZ\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAoV2p3twYsmVqs8zC/TxZzLuuPS3ElbJA+rIZdrZj5mUw\nc0Kzc9WxaJidh/1lx5FN3wNC7qe+jAhpOVmgrWt9oMVoFXutXGSXu+aFi2jk3AM4\n0l4Bz1nkRfku/MLer7zbJPFe+FrIiOxZOvakES7SnAci6nWUn/yaUNJl6R18tbLA\nJ71CF5TzpQaRYeR3a3EfAgQaZiTX8KJrlUSnCl9eNphgQVbgB05eRI74O40tQb7k\n=X6e2\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2021-06-06T15:05:54Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdANW63iv/Mn2irKYdSZxX7iwIPyDGmGDUDUnbWEgel/jcw\nLILXuiWOkgfG2G4tvqdM4AHkYoKEA1mAfH9ybFJMhiS12WI60or6Z8e0cd23mteo\n0l4BU7FiVt9p8/96qJlVuGUS3GRlhnczFN9GIBaj9BkzuifFbC+S4iphvO6u59m1\nGodFjFZ5ayfvgSRLb93DN7cGUfhcZ80oQHSiuJxFC7I0xnTcg/LKxYvX49yHE6/I\n=63VB\n-----END PGP MESSAGE-----\n",
20 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/system-profiles/rebuild-machines/ssh/surtr/private b/system-profiles/rebuild-machines/ssh/surtr/private
index 40651674..2eacb9ca 100644
--- a/system-profiles/rebuild-machines/ssh/surtr/private
+++ b/system-profiles/rebuild-machines/ssh/surtr/private
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdGlIZTNtS2pZZ1NSc1lo\ndnFnbEI4WExWK3VtV3dPNnAwQUc0eHViSWdjCmo5Q29EeXhaRnZiWTVXUFhsaHda\nTmhjUGdXTTAzYVdUeEhHZllsbEdPbncKLS0tIEdLMVlxS1RpTER5WFlBdmliVG13\nelBrRUR5b3pxYWErWE8xcmVtOEVqQ2cKS/ypNZ76XCoN1v3x9ls34MHVk0J81QZ1\nFRwUzfbdDls382UpMqf67BqMqnG2O0+4VlNT/ciTN0x5pf8JXEHxfQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-05-15T17:58:53Z", 14 "lastmodified": "2021-05-15T17:58:53Z",
10 "mac": "ENC[AES256_GCM,data:N/CM/+4b02tRBFqFioX/FRPPj4bG3QGltIg7KZk7BYrl+5rJ/6QKL1g+CqsLTteRAbHiluBNFMT/dUBSmiQ+So95sUTc+rICRNKmxCX5GFxw3Kr5/y4r9W/sw/NOSXQD4+dctkhKmzg9NFR+T4pLM8W4KErtV384Wy3ccAW/g8g=,iv:Rr4rDloQRRsLTErUNbB1OIKbi5qyh2gU1y55sU7ecTY=,tag:sYHPOKcAWNfjz26X+w4r3g==,type:str]", 15 "mac": "ENC[AES256_GCM,data:N/CM/+4b02tRBFqFioX/FRPPj4bG3QGltIg7KZk7BYrl+5rJ/6QKL1g+CqsLTteRAbHiluBNFMT/dUBSmiQ+So95sUTc+rICRNKmxCX5GFxw3Kr5/y4r9W/sw/NOSXQD4+dctkhKmzg9NFR+T4pLM8W4KErtV384Wy3ccAW/g8g=,iv:Rr4rDloQRRsLTErUNbB1OIKbi5qyh2gU1y55sU7ecTY=,tag:sYHPOKcAWNfjz26X+w4r3g==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-05-15T17:58:52Z", 18 "created_at": "2023-01-30T11:01:28Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAJOYE8FC5GREn7xoQfuSMvow0GwajGfi4bw+FEydrDhAw\n+F8ryseAyQPgVouzlO2aItBy20dYYNs6zkcfnuZemDdBSpQQmahtXBs5Dt3wGhvg\n0l4BPJeJ3cpuLDQMFnNfTOLJRdoR0kvxVHJBBYJ+Jn4ArPrpiMReJvyLl7i83wDb\nsb+WCcu83IFLM/oInb22cto3shATTLgr30hq65+RwAXlGBNmoAT0HH9MDsgq+VQw\n=nsV9\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA40dzVUKC/3L8oY/Kz6rz1jLeyMEWoVwf5GdRIuWmITkw\neZgjGQ2x3QDigyri7XOzQE3lTAyQbSAPKnzn1KqLPNqskA7tpKVnQz5l2N83BA9z\n0l4BTaEWMVlENuvkfNuEUB9ZVBKmy3Dogq+1OnlGGmsdq8Dtp3Go8lhXvlUrrwEW\nDwKCaPBUtUFqv5U57pNCvDuDp66jTue+xzHI7G/hJHGXOuGVGKspqWtVQm21XSGA\n=+l8H\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2021-05-15T17:58:52Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA12ftTan1dZSX50t5H1/LdTse+nhePZS6RxqV7WcRi04w\nyiqJt+C6AFBZl4esCqHQjpPnmkb5pvI2/P9e8bvK8uszIF35KC+r55LAaB2RXkr2\n0l4BX0fPwE6XNtiBn2hQo7KYnci6s25itij+uppRyu6Cnc3Hi4Emro4MFBBJlot8\no773ulk8jmOeR2k9fLDSMQ0EO+3zZbm7zz/fK46SyFzBIAPvCx0fEpXi0ZdLES2k\n=rULf\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/system-profiles/rebuild-machines/ssh/vidhar/private b/system-profiles/rebuild-machines/ssh/vidhar/private
index b45a1172..10de68e6 100644
--- a/system-profiles/rebuild-machines/ssh/vidhar/private
+++ b/system-profiles/rebuild-machines/ssh/vidhar/private
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhNi80YWo3UDdtRGFFZ1hw\nYTR0VTdaUzRsVzFtdGNSTDlTcG5oMk5pbFFnCm5UamRLb2RlVmhnVnJMbmRKNHRv\nWlMzZE15WTh1L3cyTVJEaitWMVB0MlEKLS0tIFA2dlRoK0dFY3Y3VkJLWmlGTWdY\nU0cyeUhSOUFPcDFUcklINlZVTk5BZlkKfbwlfqSqH3ilgIVNZOFDve7fK49kIT6C\naBi4iloIv7RXOyMhVDZVJDjNHzmYxWEnvboQ6KoQQ6b7z6Wk+JWeVA==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2021-06-17T18:39:16Z", 14 "lastmodified": "2021-06-17T18:39:16Z",
10 "mac": "ENC[AES256_GCM,data:6E11CWkKpVxoPDw8jpg7Q1Jp+oIAS4W5PVTqzFJXeOOz2ZstVTlyhWdSRFJ/Xd09NuIRak+vAcOcU/t7v2d/mvNlogjCPdQE3ypRtm1HbawZUXwGgml9PRt0iMwS6MchMLWpze+eVu1j/hHvtAuqgRydMTCbT+T+qJOpax9olws=,iv:5VxHFHEFuTWYbKbwNIJAMYDDBoKkHOYLbe+l8amizhU=,tag:T7NBal0l4Nw8Pxm64CPDaA==,type:str]", 15 "mac": "ENC[AES256_GCM,data:6E11CWkKpVxoPDw8jpg7Q1Jp+oIAS4W5PVTqzFJXeOOz2ZstVTlyhWdSRFJ/Xd09NuIRak+vAcOcU/t7v2d/mvNlogjCPdQE3ypRtm1HbawZUXwGgml9PRt0iMwS6MchMLWpze+eVu1j/hHvtAuqgRydMTCbT+T+qJOpax9olws=,iv:5VxHFHEFuTWYbKbwNIJAMYDDBoKkHOYLbe+l8amizhU=,tag:T7NBal0l4Nw8Pxm64CPDaA==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2021-06-17T18:39:10Z", 18 "created_at": "2023-01-30T10:58:53Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuCBzgHL7hYw9643MOm4Y3Zunz2N3cKg5c/RoPzm+D10w\neaMjK+pjFEUrGgptKyNEDRwaWnhtqXfHOvF/FCTKzr0yC2TRR1GRAEcz6vSJhL9f\n0l4BsshxfcB/ZUB5jE2F8No/MbD/beSKvUwgXlEMz8blOBbGUqkpp5zwjt91GXml\n2Fwrxzi5j3T2DgI8wH6XGpN9lNfFNk/JudFm0Y0yaXA4dFou1T+4hKWTb1mfTcTd\n=phfT\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAriP7hopf6z9zKWgURzDv1Bj4wR05udp4oX85/O64+xww\nrEs5BuLN1hB3nAb+biMUJUg7xlEvjXpWv0I/JxjRIJmVmnVAGiB90RejqFSoUYcU\n0l4BldpmYxeihoqFxE8awR8uKuKiGImJcPlECnHn5lIceF9CkCSndamt2CzSqZUS\nHhsIDG5kXSM+x1RIRj+S+fgeNCpnRGmZHKznucfYviuyjS9KmTghJCZWSnH6CNO2\n=tJda\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2021-06-17T18:39:10Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAwkrIrbqgFCr75iDMH94Jv7rmJ87i6YUF+DUHOU6zF0Qw\nHXDlYeeEagxRch/WEkWiRM/g+5oZFLHDPIL86MenyTt0HbACekRNIqHxA6Q5uZLK\n0l4BzVzVxjusQolYvvWiwWxMmqVc19nrEqNHYDmxKAZqNiLUGBDO2KHNNA+6MAAP\nxAqmhmdWD/Kk7/X9WqOSiLvL6bsvHXOdmtnoqiXiuRDfPCJMZ3rma15WXjEe6EXq\n=3pEu\n-----END PGP MESSAGE-----\n",
20 "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",
diff --git a/tools/.keep b/tools/.keep
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tools/.keep
diff --git a/tools/ca/ca/__main__.py b/tools/ca/ca/__main__.py
deleted file mode 100644
index bfaee63a..00000000
--- a/tools/ca/ca/__main__.py
+++ /dev/null
@@ -1,667 +0,0 @@
1import sys, os
2
3import logging
4import argparse
5
6from inspect import signature
7
8from enum import Enum, auto
9from contextlib import contextmanager
10
11from cryptography import __version__ as cryptography_version
12from cryptography.hazmat.backends import openssl
13from cryptography import x509
14from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID
15from cryptography.x509.extensions import ExtensionNotFound
16from cryptography.hazmat.primitives import serialization, hashes
17from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12
18from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
19from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey
20from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
21from cryptography.hazmat.primitives.asymmetric import rsa
22from pathlib import Path
23from atomicwrites import atomic_write
24from fqdn import FQDN
25from datetime import datetime, timedelta, timezone
26from math import ceil, ldexp
27import re
28from getpass import getpass
29from itertools import count
30from tempfile import TemporaryFile, mkstemp
31import subprocess
32import json
33from leapseconddata import LeapSecondData
34from collections.abc import Iterable
35import ipaddress
36
37
38class KeyType(Enum):
39 ED448 = 'ed448'
40 ED25519 = 'ed25519'
41 RSA4096 = 'rsa4096'
42 RSA2048 = 'rsa2048'
43
44 def generate(self):
45 match self:
46 case KeyType.ED448:
47 return Ed448PrivateKey.generate()
48 case KeyType.ED25519:
49 return Ed25519PrivateKey.generate()
50 case KeyType.RSA4096:
51 return rsa.generate_private_key(
52 public_exponent = 65537,
53 key_size = 4096,
54 )
55 case KeyType.RSA2048:
56 return rsa.generate_private_key(
57 public_exponent = 65537,
58 key_size = 2048,
59 )
60
61 def aligned(self, key):
62 match self:
63 case KeyType.ED448:
64 return isinstance(key, Ed448PrivateKey)
65 case KeyType.ED25519:
66 return isinstance(key, Ed25519PrivateKey)
67 case KeyType.RSA4096:
68 return isinstance(key, RSAPrivateKey) and key.key_size == 4096
69 case KeyType.RSA2048:
70 return isinstance(key, RSAPrivateKey) and key.key_size == 2048
71
72 def __str__(self):
73 return self.value
74
75 @classmethod
76 def from_string(cls, s):
77 try:
78 return cls(s)
79 except KeyError:
80 raise ValueError()
81
82class SupportedKeyUsage(Enum):
83 SERVER_AUTH = 'server'
84 CLIENT_AUTH = 'client'
85
86 @property
87 def oid(self):
88 match self:
89 case SupportedKeyUsage.SERVER_AUTH:
90 return ExtendedKeyUsageOID.SERVER_AUTH
91 case SupportedKeyUsage.CLIENT_AUTH:
92 return ExtendedKeyUsageOID.CLIENT_AUTH
93
94 def __str__(self):
95 return self.value
96
97 @classmethod
98 def from_string(cls, s):
99 try:
100 return cls(s)
101 except KeyError:
102 raise ValueError()
103
104class ValidFQDN(FQDN):
105 def __init__(self, *args, **kwds):
106 super().__init__(*args, **kwds)
107
108 if not self.is_valid:
109 raise ValueError(f'‘{self}’ is not valid')
110
111def duration(inp_str):
112 delta = timedelta()
113
114 item_re = re.compile(r'\W*(?P<value>\d+)\W*(?P<unit>(?i:d|h|m(?!s)|s|ms|µs))')
115
116 match = item_re.match(inp_str)
117 while match:
118 val = int(match.group('value'))
119 unit = match.group('unit').lower()
120
121 if unit == 'd':
122 delta += timedelta(days=val)
123 elif unit == 'h':
124 delta += timedelta(hours=val)
125 elif unit == 'm':
126 delta += timedelta(minutes=val)
127 elif unit == 's':
128 delta += timedelta(seconds=val)
129 elif unit == 'ms':
130 delta += timedelta(milliseconds=val)
131 elif unit == 'µs' or unit == 'us':
132 delta += timedelta(microseconds=val)
133 else:
134 raise ValueError(f'Unknown time unit ‘{unit:s}’')
135
136 inp_str = inp_str[match.end():]
137 match = item_re.match(inp_str)
138 else:
139 if re.match('\w', inp_str):
140 raise ValueError(f'Parsing of duration resulted in leftovers: ‘{inp_str:s}’')
141
142 return delta
143
144@contextmanager
145def umask(desired_umask):
146 """ A little helper to safely set and restore umask(2). """
147 try:
148 prev_umask = os.umask(0)
149 os.umask(prev_umask | desired_umask)
150 yield
151 finally:
152 os.umask(prev_umask)
153
154class BooleanAction(argparse.Action):
155 def __init__(self, option_strings, dest, nargs=None, **kwargs):
156 super(BooleanAction, self).__init__(option_strings, dest, nargs=0, **kwargs)
157
158 def __call__(self, parser, namespace, values, option_string=None):
159 setattr(namespace, self.dest, False if option_string.startswith('--no') else True)
160
161class ExtendAction(argparse.Action):
162 def __init__(self, *args, **kwargs):
163 super().__init__(*args, **kwargs)
164 self.reset_dest = False
165 def __call__(self, parser, namespace, values, option_string=None):
166 if not self.reset_dest:
167 setattr(namespace, self.dest, [])
168 self.reset_dest = True
169 if isinstance(values, Iterable):
170 getattr(namespace, self.dest).extend(values)
171 else:
172 getattr(namespace, self.dest).append(values)
173
174
175def load_key(keyfile, prompt='CA private key password: '):
176 key = None
177 with open(keyfile, 'rb') as f:
178 is_sops = False
179 try:
180 sops_json = json.load(f)
181 is_sops = 'sops' in sops_json
182 except json.JSONDecodeError:
183 pass
184
185 f.seek(0)
186
187 if not is_sops:
188 try:
189 key = serialization.load_pem_private_key(f.read(), password=None)
190 except TypeError:
191 pw = getpass(prompt=prompt)
192 key = serialization.load_pem_private_key(f.read(), password=bytes(pw, sys.stdin.encoding))
193 else:
194 cmd = ['sops', '-d', f'/dev/fd/{f.fileno()}']
195 with subprocess.Popen(cmd, stdout=subprocess.PIPE, pass_fds=(f.fileno(),)) as proc:
196 key = serialization.load_pem_private_key(proc.stdout.read(), password=None)
197 ret = proc.wait()
198 if ret != 0:
199 raise subprocess.CalledProcessErrror(ret, cmd)
200
201 return key
202
203def mv_bak(path):
204 global logger
205
206 bak_path = path.parent / f'{path.name}.bak'
207 for n in count(2):
208 if not bak_path.exists():
209 break
210 bak_path = path.parent / f'{path.name}.bak{n}'
211
212 try:
213 path.rename(bak_path)
214 except FileNotFoundError:
215 pass
216 else:
217 logger.warn('Renamed ‘%s’ to ‘%s’...', path, bak_path)
218
219def tai64nint(dt):
220 global leapsecond_data
221
222 have_data = False
223 try:
224 have_data = bool(leapsecond_data)
225 except NameError:
226 pass
227
228 if not have_data:
229 leapsecond_data = LeapSecondData.from_file(Path(os.getenv('LEAPSECONDS_FILE')))
230
231 tai_dt = leapsecond_data.to_tai(dt)
232 seconds = int(tai_dt.timestamp())
233 nanoseconds = int((tai_dt.timestamp() - seconds) / 1e-9)
234 seconds += int(ldexp(1, 62))
235 return seconds << 32 | nanoseconds
236
237def write_genkey(key_type, sops, keyfile):
238 if keyfile.exists():
239 raise ValueError(f'Keyfile exists: {keyfile}')
240
241 key = None
242
243 def genkey(fh):
244 nonlocal key, key_type
245
246 logger.debug('Generating new privkey...')
247 key = key_type.generate()
248 priv_bytes = key.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption())
249 fh.write(priv_bytes)
250
251 if not sops:
252 with umask(0o0177), atomic_write(keyfile, overwrite=False, mode='wb') as fh:
253 logger.info('Writing new privkey to ‘%s’...', keyfile)
254 genkey(fh)
255 logger.debug('Adjusting permissions for ‘%s’...', keyfile)
256 os.chmod(keyfile, 0o0400)
257 else:
258 with TemporaryFile(mode='wb') as tf:
259 genkey(tf)
260 tf.seek(0)
261
262 with umask(0o0177), atomic_write(keyfile, overwrite=False, mode='wb') as fh:
263 logger.info('Encrypting new privkey to ‘%s’...', keyfile)
264 subprocess.run(['sops', '-e', f'/dev/fd/{tf.fileno()}'], stdout=fh, pass_fds=(tf.fileno(),), check=True)
265 logger.debug('Adjusting permissions for ‘%s’...', keyfile)
266 os.chmod(keyfile, 0o0400)
267
268 return key
269
270def to_dn(alternative_names):
271 def go(alternative_name):
272 dn = None
273 try:
274 dn = x509.Name.from_rfc4514_string(alternative_name)
275 except ValueError:
276 pass
277
278 if dn:
279 logger.info('‘%s’ interpreted as directory name: %s', alternative_name, dn)
280 return x509.DirectoryName(dn)
281
282 addr = None
283 try:
284 addr = ipaddress.IPv4Network(alternative_name)
285 except (ipaddress.AddressValueError, ipaddress.NetmaskValueError, ValueError):
286 pass
287 try:
288 addr = ipaddress.IPv4Address(alternative_name)
289 except ipaddress.AddressValueError:
290 pass
291 try:
292 addr = ipaddress.IPv6Network(alternative_name)
293 except (ipaddress.AddressValueError, ipaddress.NetmaskValueError, ValueError):
294 pass
295 try:
296 addr = ipaddress.IPv6Address(alternative_name)
297 except ipaddress.AddressValueError:
298 pass
299
300 if addr:
301 logger.info('‘%s’ interpreted as ip address/subnet: %s', alternative_name, addr)
302 return x509.IPAddress(addr)
303
304 return x509.DNSName(alternative_name)
305
306 return map(go, alternative_names)
307
308def initca(ca_cert, ca_key, key_type, subject, clock_skew, validity, sops):
309 global logger
310
311 key = None
312 try:
313 key = load_key(ca_key)
314 logger.info('Successfully loaded privkey from ‘%s’', ca_key)
315
316 if not key_type.aligned(key):
317 logger.warn('Private key ‘%s’ does not align with requested type %s', ca_key, key_type)
318
319 mv_bak(ca_key)
320 mv_bak(ca_cert)
321
322 raise FileNotFoundError(f'Key does not align with requested type: {ca_key}')
323 except FileNotFoundError:
324 key = write_genkey(key_type, sops, ca_key)
325
326 cert = None
327 try:
328 with open(ca_cert, 'rb') as fh:
329 cert = x509.load_pem_x509_certificate(fh.read())
330 logger.info('Successfully loaded certificate from ‘%s’', ca_cert)
331 except FileNotFoundError:
332 logger.debug('Generating new certificate...')
333
334 now = datetime.utcnow()
335 name = None
336 try:
337 name = x509.Name.from_rfc4514_string(subject)
338 logger.info('‘%s’ interpreted as directory name: %s', subject, name)
339 except ValueError:
340 name = x509.Name([
341 x509.NameAttribute(NameOID.COMMON_NAME, subject)
342 ])
343
344 cert = x509.CertificateBuilder().subject_name(
345 name
346 ).public_key(
347 key.public_key()
348 ).serial_number(
349 x509.random_serial_number()
350 ).not_valid_before(
351 now - clock_skew
352 ).not_valid_after(
353 now + validity
354 ).issuer_name(
355 name
356 ).add_extension(
357 x509.AuthorityKeyIdentifier.from_issuer_public_key(key.public_key()),
358 False
359 ).add_extension(
360 x509.SubjectKeyIdentifier.from_public_key(key.public_key()),
361 False
362 ).add_extension(
363 x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False),
364 True
365 ).add_extension(
366 x509.BasicConstraints(ca=True, path_length=None),
367 True
368 ).sign(key, None if isinstance(key, Ed25519PrivateKey) or isinstance(key, Ed448PrivateKey) else hashes.SHA512())
369
370 with umask(0o0133), atomic_write(ca_cert, overwrite=False, mode='wb') as cf:
371 logger.info('Writing new certificate to ‘%s’...', ca_cert)
372 cf.write(cert.public_bytes(serialization.Encoding.PEM))
373 logger.debug('Adjusting permissions for ‘%s’...', ca_cert)
374 os.chmod(ca_cert, 0o0444)
375
376def signcsr(ca_cert, ca_key, clock_skew, validity, subject, alternative_name, key_usage, ignore_alternative_names, csr, output):
377 if not key_usage:
378 raise InvalidParamsError('No extended key usages specified')
379
380 csr_bytes = None
381 try:
382 csr_bytes = csr.read()
383 except AttributeError:
384 csr_bytes = csr
385
386 csr = x509.load_pem_x509_csr(csr_bytes)
387 name = None
388 if not subject:
389 name = csr.subject
390 else:
391 try:
392 name = x509.Name.from_rfc4514_string(subject)
393 logger.info('‘%s’ interpreted as directory name: %s', subject, name)
394 except ValueError:
395 name = x509.Name([
396 x509.NameAttribute(NameOID.COMMON_NAME, subject)
397 ])
398
399 if not ignore_alternative_names:
400 try:
401 ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
402 csr_alt_names = set(ext.value)
403 logger.warn('Using alternative names from csr: %s', csr_alt_names)
404 alternative_name = set(to_dn(alternative_name)) | csr_alt_names
405 except ExtensionNotFound:
406 pass
407 else:
408 alternative_name = to_dn(alternative_name)
409
410 ca_key = load_key(ca_key)
411 with open(ca_cert, 'rb') as fh:
412 ca_cert = x509.load_pem_x509_certificate(fh.read())
413
414 now = datetime.now(tz=timezone.utc)
415 cert = x509.CertificateBuilder().subject_name(
416 name
417 ).public_key(
418 csr.public_key()
419 ).serial_number(
420 (tai64nint(now) << 24) | (x509.random_serial_number() & int(ldexp(1, 24) - 1))
421 ).not_valid_before(
422 now - clock_skew
423 ).not_valid_after(
424 now + validity
425 ).issuer_name(
426 ca_cert.subject
427 ).add_extension(
428 x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_cert.public_key()),
429 False
430 ).add_extension(
431 x509.SubjectKeyIdentifier.from_public_key(csr.public_key()),
432 False
433 ).add_extension(
434 x509.KeyUsage(digital_signature=True, content_commitment=True, key_encipherment=True, data_encipherment=False, key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False),
435 True
436 ).add_extension(
437 x509.BasicConstraints(ca=False, path_length=None),
438 True
439 ).add_extension(
440 x509.ExtendedKeyUsage(list(map(lambda ku: ku.oid, key_usage))),
441 False
442 )
443
444 if alternative_name:
445 cert = cert.add_extension(
446 x509.SubjectAlternativeName(alternative_name),
447 False
448 )
449
450 cert = cert.sign(ca_key, None if isinstance(ca_key, Ed25519PrivateKey) or isinstance(ca_key, Ed448PrivateKey) else hashes.SHA256())
451
452 output = output.with_suffix('.crt')
453
454 mv_bak(output)
455 with umask(0o0133), atomic_write(output, overwrite=False, mode='wb') as cf:
456 logger.info('Writing new certificate to ‘%s’...', output)
457 cf.write(cert.public_bytes(serialization.Encoding.PEM))
458 logger.debug('Adjusting permissions for ‘%s’...', output)
459 os.chmod(output, 0o0444)
460
461def new_client(ca_cert, ca_key, key_type, clock_skew, validity, subject, alternative_name, key_usage, sops, output):
462 key_file = output.with_suffix('.key')
463 cert_file = output.with_suffix('.crt')
464
465 key = None
466 try:
467 key = load_key(key_file)
468 logger.info('Successfully loaded privkey from ‘%s’', key_file)
469
470 if not key_type.aligned(key):
471 logger.warn('Private key ‘%s’ does not align with requested type %s', key_file, key_type)
472
473 mv_bak(key_file)
474 mv_bak(cert_file)
475
476 raise FileNotFoundError(f'Key does not align with requested type: {key_file}')
477 except FileNotFoundError:
478 key = write_genkey(key_type, sops, key_file)
479
480 name = None
481 try:
482 name = x509.Name.from_rfc4514_string(subject)
483 logger.info('‘%s’ interpreted as directory name: %s', subject, name)
484 except ValueError:
485 name = x509.Name([
486 x509.NameAttribute(NameOID.COMMON_NAME, subject)
487 ])
488
489 csr = x509.CertificateSigningRequestBuilder().subject_name(name)
490
491 if alternative_name:
492 csr = csr.add_extension(
493 x509.SubjectAlternativeName(
494 to_dn(alternative_name)
495 ),
496 False
497 )
498
499 return signcsr(
500 ca_cert=ca_cert,
501 ca_key=ca_key,
502 clock_skew=clock_skew,
503 validity=validity,
504 subject=None,
505 alternative_name=[],
506 key_usage=key_usage,
507 ignore_alternative_names=False,
508 output=cert_file,
509 csr=csr.sign(
510 key,
511 None if isinstance(key, Ed25519PrivateKey) or isinstance(key, Ed448PrivateKey) else hashes.SHA256(),
512 ).public_bytes(serialization.Encoding.PEM)
513 )
514
515def to_pkcs12(random_password, random_password_length, weak_encryption, filename, temporary_output, output):
516 key_file = filename.with_suffix('.key')
517 cert_file = filename.with_suffix('.crt')
518
519 output_handle = None
520 if not output:
521 if not temporary_output:
522 output = filename.with_suffix('.p12')
523 else:
524 output_handle, output = mkstemp(suffix='.p12', prefix=filename.stem + '.')
525
526 key = load_key(key_file)
527 logger.info('Successfully loaded privkey from ‘%s’', key_file)
528 cert = None
529 with open(cert_file, mode='rb') as fh:
530 cert = x509.load_pem_x509_certificate(fh.read())
531 logger.info('Successfully loaded certificate from ‘%s’', cert_file)
532
533 with umask(0o0177), atomic_write(output, overwrite=False, mode='wb') if not output_handle else os.fdopen(output_handle, mode='wb') as fh:
534 logger.info('Writing to ‘%s’...', output)
535 common_name_attrs = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
536 if len(common_name_attrs) != 1:
537 raise InvalidParamsError('Invalid name structure in cert')
538 subject = common_name_attrs[0].value.lower()
539
540 pw = None
541 if not random_password:
542 pw2 = None
543 while not pw2 or pw2 != pw:
544 pw = getpass(prompt='Password: ')
545 if not pw:
546 pw = None
547 break
548 else:
549 pw2 = getpass(prompt='Repeat password: ')
550 else:
551 from xkcdpass import xkcd_password as xp
552 ws = xp.generate_wordlist(wordfile=xp.locate_wordfile())
553 pw = xp.generate_xkcdpassword(ws, numwords=random_password_length)
554 print(f'Password: {pw}', file=sys.stderr)
555
556 encryption = None
557 if pw:
558 encryption = PrivateFormat.PKCS12.encryption_builder().kdf_rounds(
559 500000 if not weak_encryption else 50000
560 ).key_cert_algorithm(
561 pkcs12.PBES.PBESv2SHA256AndAES256CBC if not weak_encryption else pkcs12.PBES.PBESv1SHA1And3KeyTripleDESCBC
562 ).hmac_hash(
563 hashes.SHA256() if not weak_encryption else hashes.SHA1()
564 ).build(bytes(pw, 'utf-8'))
565 fh.write(pkcs12.serialize_key_and_certificates(
566 bytes(subject, 'utf-8'),
567 key,
568 cert,
569 None,
570 encryption,
571 ))
572 logger.debug('Adjusting permissions for ‘%s’...', output)
573 os.chmod(output, 0o0400)
574
575 if temporary_output:
576 print(f'Temporary output file: {output}', file=sys.stderr)
577
578
579def main():
580 global logger
581 logger = logging.getLogger(__name__)
582 console_handler = logging.StreamHandler()
583 console_handler.setFormatter( logging.Formatter('[%(levelname)s](%(name)s): %(message)s') )
584 if sys.stderr.isatty():
585 console_handler.setFormatter( logging.Formatter('%(asctime)s [%(levelname)s](%(name)s): %(message)s') )
586 logger.addHandler(console_handler)
587
588 # log uncaught exceptions
589 def log_exceptions(type, value, tb):
590 global logger
591
592 logger.error(value)
593 sys.__excepthook__(type, value, tb) # calls default excepthook
594
595 sys.excepthook = log_exceptions
596
597
598 parser = argparse.ArgumentParser(prog='ca', formatter_class=argparse.ArgumentDefaultsHelpFormatter)
599 parser.add_argument('--verbosity', dest='log_level', action='append', type=int, help='Numeric verbosity')
600 parser.add_argument('--verbose', '-v', dest='log_level', action='append_const', const=1, help='Increase verbosity')
601 parser.add_argument('--quiet', '-q', dest='log_level', action='append_const', const=-1, help='Decrease verbosity')
602 subparsers = parser.add_subparsers(help='Subcommands', required=True)
603
604 subparser = subparsers.add_parser('init', aliases=['initca', 'init-ca', 'ca'], formatter_class=argparse.ArgumentDefaultsHelpFormatter, description="Generate a new selfsigned CA certificate and associated private key\n\nPrivate key is only generated if it does not yet exist")
605 subparser.add_argument('--ca-cert', type=Path, default=Path('ca.crt'), help='Path to file containing CA certificate')
606 subparser.add_argument('--ca-key', type=Path, default=Path('ca.key'), help='Path to file containing CA private key')
607 subparser.add_argument('--key-type', type=KeyType.from_string, choices=list(KeyType), default=KeyType.ED448.value, help='Type of private key to generate')
608 subparser.add_argument('--clock-skew', metavar='DURATION', type=duration, default=timedelta(minutes=5), help='How far to shift begin of validity into the past')
609 subparser.add_argument('--validity', metavar='DURATION', type=duration, default=timedelta(days=ceil(365.2425*10)), help='How far to shift end of validity into the future')
610 subparser.add_argument('--sops', '--no-sops', action=BooleanAction, default=True, help='Encrypt private key using SOPS')
611 subparser.add_argument('--subject', metavar='DN', type=str, required=True, help='Subject name')
612 subparser.set_defaults(cmd=initca)
613
614 subparser = subparsers.add_parser('sign', aliases=['signcsr', 'sign-csr'], formatter_class=argparse.ArgumentDefaultsHelpFormatter, description='Sign an existing CSR')
615 subparser.add_argument('--ca-cert', type=Path, default=Path('ca.crt'), help='Path to file containing CA certificate')
616 subparser.add_argument('--ca-key', type=Path, default=Path('ca.key'), help='Path to file containing CA private key')
617 subparser.add_argument('--clock-skew', metavar='DURATION', type=duration, default=timedelta(minutes=5), help='How far to shift begin of validity into the past')
618 subparser.add_argument('--validity', metavar='DURATION', type=duration, default=timedelta(days=ceil(365.2425*10)), help='How far to shift end of validity into the future')
619 subparser.add_argument('--subject', metavar='DN', type=str, required=False, help='Override subject name')
620 subparser.add_argument('--ignore-alternative-names', '--no-ignore-alternative-names', action=BooleanAction, default=True, help='Ignore subject alternative names provided in CSR')
621 subparser.add_argument('--key-usage', metavar='KEY_USAGE', type=SupportedKeyUsage, action=ExtendAction, default=[SupportedKeyUsage.CLIENT_AUTH], help='Allowed key usages')
622 subparser.add_argument('--alternative-name', metavar='CN', type=str, action='append', help='Subject alternative names')
623 subparser.add_argument('--output', type=Path, required=True, help='Output path')
624 subparser.add_argument('csr', metavar='FILE', type=argparse.FileType(mode='rb'), help='Path to file containing CSR')
625 subparser.set_defaults(cmd=signcsr)
626
627 subparser = subparsers.add_parser('new-client', aliases=['new', 'new-client', 'client'], formatter_class=argparse.ArgumentDefaultsHelpFormatter, description='Generate a new CSR and sign it immediately')
628 subparser.add_argument('--ca-cert', type=Path, default=Path('ca.crt'), help='Path to file containing CA certificate')
629 subparser.add_argument('--ca-key', type=Path, default=Path('ca.key'), help='Path to file containing CA private key')
630 subparser.add_argument('--key-type', type=KeyType.from_string, choices=list(KeyType), default=KeyType.ED25519.value, help='Type of private key to generate')
631 subparser.add_argument('--clock-skew', metavar='DURATION', type=duration, default=timedelta(minutes=5), help='How far to shift begin of validity into the past')
632 subparser.add_argument('--validity', metavar='DURATION', type=duration, default=timedelta(days=ceil(365.2425*10)), help='How far to shift end of validity into the future')
633 subparser.add_argument('--sops', '--no-sops', action=BooleanAction, default=True, help='Encrypt private key using SOPS')
634 subparser.add_argument('--subject', metavar='DN', type=str, required=True, help='Subject name')
635 subparser.add_argument('--key-usage', metavar='KEY_USAGE', type=SupportedKeyUsage, action=ExtendAction, default=[SupportedKeyUsage.CLIENT_AUTH], help='Allowed key usages')
636 subparser.add_argument('--alternative-name', metavar='CN', type=str, action='append', help='Subject alternative names')
637 subparser.add_argument('--output', type=Path, required=True, help='Output path')
638 subparser.set_defaults(cmd=new_client)
639
640 subparser = subparsers.add_parser('pkcs12', aliases=['p12', 'pfx'], formatter_class=argparse.ArgumentDefaultsHelpFormatter, description='Convert existing certificate and private key to PKCS#12 format')
641 subparser.add_argument('--random-password', '--no-random-password', action=BooleanAction, default=True, help='Encrypt PKCS#12 file with random passphrase -- otherwise prompt for one')
642 subparser.add_argument('--random-password-length', type=int, default=12, help='Number of words in random passphrase')
643 subparser.add_argument('--weak-encryption', '--no-weak-encryption', action=BooleanAction, default=False, help='Use weak, but more compatible, encryption')
644 subparser.add_argument('--temporary-output', '--no-temporary-output', action=BooleanAction, default=True, help='If output path is not given, generate output file in temporary directory')
645 subparser.add_argument('--output', type=Path, help='Output path')
646 subparser.add_argument('filename', metavar='BASENAME', type=Path, help='Input path')
647 subparser.set_defaults(cmd=to_pkcs12)
648
649 args = parser.parse_args()
650
651
652 LOG_LEVELS = [logging.DEBUG, logging.INFO, logging.WARNING, logging.ERROR, logging.CRITICAL]
653 DEFAULT_LOG_LEVEL = logging.INFO
654 log_level = LOG_LEVELS.index(DEFAULT_LOG_LEVEL)
655
656 for adjustment in args.log_level or ():
657 log_level = min(len(LOG_LEVELS) - 1, max(log_level - adjustment, 0))
658 logger.setLevel(LOG_LEVELS[log_level])
659
660
661 logger.debug('Using cryptography %s (%s)', cryptography_version, openssl.backend.openssl_version_text())
662
663
664 args.cmd(**{ k: v for k, v in vars(args).items() if k in signature(args.cmd).parameters.keys() })
665
666if __name__ == '__main__':
667 sys.exit(main())
diff --git a/tools/ca/default.nix b/tools/ca/default.nix
deleted file mode 100644
index c5fe0cea..00000000
--- a/tools/ca/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
1{ system, self, mach-nix, leapseconds, ... }:
2let
3 pkgs = self.legacyPackages.${system};
4in mach-nix.lib.${system}.buildPythonPackage {
5 pname = "ca";
6 src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^ca(/[^/]+.*)?$"];
7 version = "0.0.0";
8 ignoreDataOutdated = true;
9
10 requirements = ''
11 cryptography >=38.0.0
12 fqdn
13 atomicwrites
14 leapseconddata
15 xkcdpass
16 '';
17
18 _.cryptography.buildInputs = with pkgs; [ openssl ];
19
20 postInstall = ''
21 wrapProgram $out/bin/ca \
22 --set-default LEAPSECONDS_FILE ${leapseconds} \
23 --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
24 '';
25}
diff --git a/tools/ca/setup.py b/tools/ca/setup.py
deleted file mode 100644
index 3342a7a6..00000000
--- a/tools/ca/setup.py
+++ /dev/null
@@ -1,10 +0,0 @@
1from setuptools import setup
2
3setup(name='ca',
4 packages=['ca'],
5 entry_points={
6 'console_scripts': [
7 'ca=ca.__main__:main'
8 ],
9 },
10)
diff --git a/tools/sops-inventory/default.nix b/tools/sops-inventory/default.nix
new file mode 100644
index 00000000..94c455e5
--- /dev/null
+++ b/tools/sops-inventory/default.nix
@@ -0,0 +1,19 @@
1{ system, self, mach-nix, ... }:
2let
3 pkgs = self.legacyPackages.${system};
4in mach-nix.lib.${system}.buildPythonPackage {
5 pname = "sops-inventory";
6 version = "0.0.0";
7
8 src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^sops_inventory(/[^/]+.*)?$"];
9
10 ignoreDataOutdated = true;
11 requirements = ''
12 pyyaml
13 '';
14
15 postInstall = ''
16 wrapProgram $out/bin/sops-inventory \
17 --set-default SOPS_INVENTORY_BASE ${self}
18 '';
19}
diff --git a/tools/sops-inventory/setup.py b/tools/sops-inventory/setup.py
new file mode 100644
index 00000000..3ea2a5d1
--- /dev/null
+++ b/tools/sops-inventory/setup.py
@@ -0,0 +1,11 @@
1from setuptools import setup
2
3setup(
4 name='sops-inventory',
5 packages=['sops_inventory'],
6 entry_points={
7 'console_scripts': [
8 'sops-inventory=sops_inventory.__main__:main'
9 ],
10 },
11)
diff --git a/tools/sops-inventory/sops_inventory/__init__.py b/tools/sops-inventory/sops_inventory/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tools/sops-inventory/sops_inventory/__init__.py
diff --git a/tools/sops-inventory/sops_inventory/__main__.py b/tools/sops-inventory/sops_inventory/__main__.py
new file mode 100644
index 00000000..68f72b60
--- /dev/null
+++ b/tools/sops-inventory/sops_inventory/__main__.py
@@ -0,0 +1,85 @@
1import os,sys
2
3from pathlib import Path
4from collections import deque, defaultdict
5
6import argparse
7
8from yaml import load, YAMLError
9try:
10 from yaml import CLoader as Loader
11except ImportError:
12 from yaml import Loader
13
14
15SOPS_TYPES = frozenset({'kms', 'gcp_kms', 'azure_kv', 'hc_vault', 'age', 'pgp'})
16
17
18class BooleanAction(argparse.Action):
19 def __init__(self, option_strings, dest, nargs=None, **kwargs):
20 super(BooleanAction, self).__init__(option_strings, dest, nargs=0, **kwargs)
21
22 def __call__(self, parser, namespace, values, option_string=None):
23 setattr(namespace, self.dest, False if option_string.startswith('--no') else True)
24
25
26def main():
27 default_base = os.getenv('SOPS_INVENTORY_BASE', default=[])
28 if default_base:
29 default_base = Path(default_base)
30
31 parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
32 parser.add_argument('--list-files', '--no-list-files', action=BooleanAction, default=False, help='Only list sops files')
33 parser.add_argument('path', metavar='PATH', nargs='?' if default_base else None, type=Path, default=default_base, help='Base directory to take inventory of')
34 args = parser.parse_args()
35
36 inventory = defaultdict(set)
37
38 queue = deque([args.path])
39 while queue:
40 baseDir = queue.popleft()
41 for child in baseDir.iterdir():
42 if child.is_dir():
43 queue.append(child)
44 else:
45 try:
46 with child.open(mode='r') as fh:
47 yaml = load(fh, Loader=Loader)
48 if not yaml:
49 raise ValueError('Could not parse YAML')
50 if not isinstance(yaml, dict) or not 'sops' in yaml:
51 raise ValueError('Did not find "sops" key')
52 sops = yaml['sops']
53
54 key_info = set()
55 for k in SOPS_TYPES:
56 if k in sops:
57 v = sops[k]
58 if not v:
59 continue
60
61 match k:
62 case 'pgp':
63 for r in v:
64 key_info.add(r['fp'])
65 case 'age':
66 for r in v:
67 key_info.add(r['recipient'])
68 case _:
69 raise NotImplementedError
70 inventory[frozenset(key_info)].add(child.relative_to(args.path))
71 except (YAMLError, ValueError) as e:
72 pass
73
74 if not args.list_files:
75 for keys, files in inventory.items():
76 print(','.join(keys) + ':')
77 for file in files:
78 print(' - ' + str(file))
79 else:
80 for _, files in inventory.items():
81 for file in files:
82 print(file)
83
84if __name__ == '__main__':
85 os.exit(main())
diff --git a/tools/tai64dec/default.nix b/tools/tai64dec/default.nix
deleted file mode 100644
index 380c22bf..00000000
--- a/tools/tai64dec/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
1{ system, self, mach-nix, leapseconds, ... }:
2let
3 pkgs = self.legacyPackages.${system};
4in mach-nix.lib.${system}.buildPythonPackage {
5 pname = "tai64dec";
6 src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^tai64dec(/[^/]+.*)?$"];
7 version = "0.0.0";
8 ignoreDataOutdated = true;
9
10 requirements = ''
11 leapseconddata
12 '';
13
14 postInstall = ''
15 wrapProgram $out/bin/tai64dec \
16 --set-default LEAPSECONDS_FILE ${leapseconds}
17 '';
18}
diff --git a/tools/tai64dec/setup.py b/tools/tai64dec/setup.py
deleted file mode 100644
index d936796b..00000000
--- a/tools/tai64dec/setup.py
+++ /dev/null
@@ -1,10 +0,0 @@
1from setuptools import setup
2
3setup(name='tai64dec',
4 packages=['tai64dec'],
5 entry_points={
6 'console_scripts': [
7 'tai64dec=tai64dec.__main__:main'
8 ],
9 },
10)
diff --git a/tools/tai64dec/tai64dec/__main__.py b/tools/tai64dec/tai64dec/__main__.py
deleted file mode 100644
index a8854523..00000000
--- a/tools/tai64dec/tai64dec/__main__.py
+++ /dev/null
@@ -1,46 +0,0 @@
1import sys, os
2
3import argparse
4
5from leapseconddata import LeapSecondData
6from math import ldexp
7from pathlib import Path
8from datetime import datetime, timezone
9import secrets
10
11
12class BooleanAction(argparse.Action):
13 def __init__(self, option_strings, dest, nargs=None, **kwargs):
14 super(BooleanAction, self).__init__(option_strings, dest, nargs=0, **kwargs)
15
16 def __call__(self, parser, namespace, values, option_string=None):
17 setattr(namespace, self.dest, False if option_string.startswith('--no') else True)
18
19
20def main():
21 parser = argparse.ArgumentParser(prog='tai64dec', formatter_class=argparse.ArgumentDefaultsHelpFormatter)
22 parser.add_argument('--random', '--no-random', action=BooleanAction, default=False)
23 parser.add_argument('--ns', '--no-ns', action=BooleanAction, default=True)
24 args = parser.parse_args()
25
26
27 leapsecond_data = LeapSecondData.from_file(Path(os.getenv('LEAPSECONDS_FILE')))
28
29 now = datetime.now(tz=timezone.utc)
30
31 tai_dt = leapsecond_data.to_tai(now)
32 seconds = int(tai_dt.timestamp())
33 seconds += int(ldexp(1, 62))
34 out = seconds
35
36 if args.ns:
37 nanoseconds = int((tai_dt.timestamp() - seconds) / 1e-9)
38 out = out << 32 | nanoseconds
39
40 if args.random:
41 out = out << 24 | int.from_bytes(secrets.token_bytes(3), byteorder='little', signed=False)
42
43 print('{:d}'.format(out), file=sys.stdout)
44
45if __name__ == '__main__':
46 sys.exit(main())
diff --git a/user-profiles/utils.nix b/user-profiles/utils.nix
index c04e3a03..48df50ea 100644
--- a/user-profiles/utils.nix
+++ b/user-profiles/utils.nix
@@ -62,9 +62,9 @@ in {
62 }; 62 };
63 63
64 home.packages = with pkgs; [ 64 home.packages = with pkgs; [
65 autossh usbutils pciutils exa silver-searcher pwgen unzip 65 autossh usbutils pciutils exa silver-searcher pwgen xkcdpass
66 magic-wormhole qrencode tty-clock dnsutils openssl sshfs psmisc 66 unzip magic-wormhole qrencode tty-clock dnsutils openssl sshfs
67 mosh tree vnstat file pv bc zip nmap aspell 67 psmisc mosh tree vnstat file pv bc zip nmap aspell
68 aspellDicts.de aspellDicts.en borgbackup man-pages rsync socat 68 aspellDicts.de aspellDicts.en borgbackup man-pages rsync socat
69 inetutils yq cached-nix-shell persistent-nix-shell rage 69 inetutils yq cached-nix-shell persistent-nix-shell rage
70 smartmontools hdparm nix-output-monitor wrappedLess 70 smartmontools hdparm nix-output-monitor wrappedLess