From e9a411586b6b8794f4c3e7cb1281434d1859c891 Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Tue, 26 Dec 2023 11:05:46 +0100
Subject: [PATCH] Nextcoud: new setup

---
 flake.nix                             |   1 +
 instances/baldur/configuration.nix    |  10 +++++++-
 modules/nixos/nextcloud.nix           |  31 ++++++++++++-----------
 secrets/baldur_wg_priv.age            |  35 ++++++++++++--------------
 secrets/garage_bertof_baldur_key.age  |  22 ++++++++--------
 secrets/garage_bertof_freya_key.age   | Bin 694 -> 523 bytes
 secrets/garage_bertof_loki_key.age    |  21 ++++++----------
 secrets/garage_bertof_odin_key.age    | Bin 638 -> 523 bytes
 secrets/garage_bertof_thor_key.age    |  18 ++++++-------
 secrets/garage_rpc_secret.age         | Bin 968 -> 936 bytes
 secrets/garage_tiziano_baldur_key.age |  19 ++++++--------
 secrets/garage_tiziano_loki_key.age   |  21 ++++++----------
 secrets/kavita_token.age              | Bin 578 -> 477 bytes
 secrets/nextcloud_admin_secret.age    | Bin 0 -> 465 bytes
 secrets/odin_wg_priv.age              | Bin 565 -> 477 bytes
 secrets/oppo_wg_priv.age              | Bin 964 -> 917 bytes
 secrets/secrets.nix                   |   1 +
 secrets/spotify_password.age          |  35 ++++++++++++--------------
 secrets/thor_wg_priv.age              |  19 ++++++--------
 secrets/wg_psk.age                    | Bin 1036 -> 917 bytes
 20 files changed, 109 insertions(+), 124 deletions(-)
 create mode 100644 secrets/nextcloud_admin_secret.age

diff --git a/flake.nix b/flake.nix
index 6cae3c4..c942f6e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -209,6 +209,7 @@
               ./instances/freya/hardware-configuration.nix
               ./instances/freya/configuration.nix
 
+              ./modules/nixos/nextcloud.nix
             ] ++ homeManagerModules ++ [
               { home-manager.users.bertof = import ./instances/freya/hm.nix; }
             ];
diff --git a/instances/baldur/configuration.nix b/instances/baldur/configuration.nix
index d70f01c..cd415c9 100644
--- a/instances/baldur/configuration.nix
+++ b/instances/baldur/configuration.nix
@@ -1,4 +1,9 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+# let
+#   freya_hosts = lib.attrsets.filterAttrs (k: v: builtins.elem "freya.zto" v) config.networking.hosts;
+#   freya_ipv4 = builtins.elemAt 0 (builtins.attrNames freya_hosts);
+# in
+{
 
   boot = {
     growPartition = true;
@@ -74,6 +79,9 @@
               proxy_buffering off;
             '';
           };
+          "my-nextcloud.bertof.net" = ssl // {
+            locations."/" = { proxyPass = "http://freya.zto:80/"; proxyWebsockets = true; };
+          };
           "radarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:7878/"; proxyWebsockets = true; }; };
           "sonarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8989/"; proxyWebsockets = true; }; };
           "lidarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8686/"; proxyWebsockets = true; }; };
diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix
index 5e861a3..2d6a6f7 100644
--- a/modules/nixos/nextcloud.nix
+++ b/modules/nixos/nextcloud.nix
@@ -2,7 +2,7 @@
 
   age.secrets = {
     nextcloud_admin_secret = { file = ../../secrets/nextcloud_admin_secret.age; owner = "nextcloud"; };
-    nextcloud_bucket_secret = { file = ../../secrets/nextcloud_bucket_secret.age; owner = "nextcloud"; };
+    # nextcloud_bucket_secret = { file = ../../secrets/nextcloud_bucket_secret.age; owner = "nextcloud"; };
   };
 
   # services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
@@ -17,23 +17,24 @@
     hostName = "my-nextcloud.bertof.net";
     maxUploadSize = "24G";
     caching.apcu = true;
+    datadir = "/mnt/raid/nextcloud";
     config = {
-      trustedProxies = [ "172.23.4.159" "fd80:56c2:e21c:f9c7:5399:93be:21a9:9fa0" "fe80::3079:d8ff:feb5:7d62" ];
-      extraTrustedDomains = [ config.services.nextcloud.hostName "freya.local" ];
+      trustedProxies = [ "172.23.171.70" "baldur.zto" ];
+      extraTrustedDomains = [ config.services.nextcloud.hostName "freya.zto" ];
       adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
       overwriteProtocol = "https";
-      objectstore.s3 = {
-        enable = true;
-        bucket = "nextcloud-storage";
-        autocreate = false;
-        key = "GK622e38479552cbbbba48fd04";
-        secretFile = config.age.secrets.nextcloud_bucket_secret.path;
-        hostname = "localhost";
-        port = 3900;
-        useSsl = false;
-        region = "garage";
-        usePathStyle = true;
-      };
+      # objectstore.s3 = {
+      #   enable = true;
+      #   bucket = "nextcloud-storage";
+      #   autocreate = false;
+      #   key = "GK622e38479552cbbbba48fd04";
+      #   secretFile = config.age.secrets.nextcloud_bucket_secret.path;
+      #   hostname = "localhost";
+      #   port = 3900;
+      #   useSsl = false;
+      #   region = "garage";
+      #   usePathStyle = true;
+      # };
     };
   };
 
diff --git a/secrets/baldur_wg_priv.age b/secrets/baldur_wg_priv.age
index d252701..dd539da 100644
--- a/secrets/baldur_wg_priv.age
+++ b/secrets/baldur_wg_priv.age
@@ -1,20 +1,17 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA 6cqYwv3vAKb/aZ8T2f0aVht/Vug3thJPKCEvnPVl/hQ
-+F3dZr1zIsdvx2NrG+Tht4PRMi715FL8Mr5Na9rkvjA
--> ssh-ed25519 4behFA sPpsyN19+Dscm/SKbI73Ae3exFUpJXuXSXPxVJSuQCc
-e9nvrVeI97kd5x4GRdijSnVM82FrO0Bp0PnHr3Bm9ZA
--> ssh-ed25519 IvyYug KBNBjrRf+q6w1OUhPR/+9MphcvMmN2apAEJJVahPfg4
-gP770GwL75NciAZZQo2YgjTg+Pazy36lnc/1H5zxR9c
--> ssh-ed25519 v7O/FA WSf4zsVg3fpanzyVx2yKt9uVlwV5NFfrxcGAfBD+3wQ
-OahpWiIzveIkDiDa1o/LeDdFIhs3uxqln4NwrU6CsJA
--> ssh-ed25519 XSnoeQ ktqf1RIIO7+gIGXDkyFCKgjq+2bRzxmbcO/Datn19xs
-4nT6w7ivoy7yHJVxFTG9UROsFpvGiK9ng+bPhhJT2j4
--> ssh-ed25519 XgC3XA 2ugwwgBZMnxTkplLA9uCEgWwZmot13yQLI/Xd40ocHM
-yvZ08YW8evyzUi2Ff31Ii4q62rD3ImQHJuCn3oC284I
--> ssh-ed25519 l795CA dRtbf7RV5TUMuExkK07OSMSJ0zZ9L0ieRiY1XIRGGis
-TON02Qav0BNMO9IO9wPtyAuMzk0otMP+gK7j+aYMXRo
--> mWD-grease
-czmKoeEsoxJQF/4PguUU+nb3ceTshoE6Hxwd3Z8mTUnCWIUQGl2lmtAJuXDkZ4hg
-1xDn2a0w7qucLl5pIEiIrb2Y9GXvezt7pchrhV9LBk8KcPGg/d8ponYJCjHs1w
---- 2QaW1jOkm31TqnjMv47SNoQ0HwzuGftrIdhdqfF3eaM
-2Hv´ïõwÈpÇ5…nê'¢ÇõZêäžnü^!”2˜XPøº³­r}ý~b/¸Äox‚—é$þå˜ÝAýÿm#…vÆ¬1§ƒˆôË=
\ No newline at end of file
+-> ssh-ed25519 hGQASA RJgPMTdCmh07hM8QYq/p+2qF79We60L0ogze3kxUk1I
+PKQMlqhenq5S4tYwLwaB2kNHYKHbtU4yHIbOSljxF2k
+-> ssh-ed25519 4behFA FzVGIP5lU5R3tIYBTcd7zUMWp+4WASK01+74yjnw7nw
+Bra8OUb5H1E+sA16kGO+3XcL2aq+FpknWhTxudrcB8Y
+-> ssh-ed25519 IvyYug 8UzvVGssL7dM1HuhrTzJHUPWRi9W6S+VkTXIXDgKgCI
+Uem8CySY8K6V+z43gbgsi72pAFN7C2aGs1d2aiMpYVs
+-> ssh-ed25519 v7O/FA rj9P/c3sRsLm+tlKunh/7QC4q2p07Cv+Oz1QUanTT20
+rb2UDToORbyVS69XM8lmb9Tpai8YeEIsWb/DCSU8Hck
+-> ssh-ed25519 XSnoeQ O2ADzyl0vSOvH8NfNJaMMYiCSa7jXa9MM0rGD+u6OjA
+0tdjHHqa+E0qFoewrneIzBeRSlBDjY+e6zfuHBQ1hOc
+-> ssh-ed25519 XgC3XA mV8tWAT/QnHxAtchO8fxHO2RLGb/6jO4Ts/9M0PFUw4
+xD6w5jsdfeQD4Mq8MnyzuZ/83rq29OFQOpulWKZO11o
+-> ssh-ed25519 l795CA eV2TaVOtDz55WT/TyPXx/WLRMxwHOYDQlrE20RcDCQ8
+j3snveoF4Z+UmMZV5kR+EDJ6fzU0PlUpPL2DjW+bi3g
+--- MKVjOipDAqgTGNfRLoU2OQFQxgcR+ttmRTKu48qrtQU
+ø¦Xx°‹Ç–#-„Gñ[|_¯QSál¯?óÚ¤ô–OP\v!‚8çðèŠÖXç«'Bå£¹ÏTf5m?´{µþ¦k†ÒúÔ[Ú¶*
\ No newline at end of file
diff --git a/secrets/garage_bertof_baldur_key.age b/secrets/garage_bertof_baldur_key.age
index 097631a..5e958fb 100644
--- a/secrets/garage_bertof_baldur_key.age
+++ b/secrets/garage_bertof_baldur_key.age
@@ -1,13 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA YAF8LXrczCkFAXsanQsY3p7fm+2cl89zm1AKk3Qhvzk
-XyxbKnFrL1Pln6BFBsHng1TnqhrqsKzglh9ki6gmu5A
--> ssh-ed25519 4behFA vwhV7c+nJuru/IVlGvE7OlKw0Y5N++a00ZwpxqBFLiM
-YQtMSmrdOHN8jqy1fvMlcqtkv1+XU+gsaa7hEFbmHQU
--> ssh-ed25519 XSnoeQ Wt4Uez0d/bbv0yE401PyznH9IV9L9F17ItySCcZDCxU
-wiO3mpZO5phzpAM/MxCQLoh0M8eb7t0tOnKCaGgIp1c
--> lIsq8(Y-grease I*.I
-jCD2Z9drhm/sjEl3DvzZcgoAct0sxG5FFdNrWlRk8exUdjODMIDeovHCd1drecMI
-8JVsDm13A+VNvhNKOmQU9vohnS0
---- QZTL8dZB1m3iKdQF0WiXbbh4BYjBpNGaXzSf2/muUF0
-ÈFŸª…¸âWh5‡’9P¼þ-ö`óâåã ØvLÇ~ê>,<¢M\ÐÜL¿^´swfÃ}.nq!wè¼É¼TÊÄkÿ]ˆDéÜ¿(,†VwT[Ë†nãä+yyÄgJÂ5“oc¡$â”^Ó–Š•
-.G¼WÍA
\ No newline at end of file
+-> ssh-ed25519 hGQASA 0yZSF+I/VDQC01lMmzfUMbHmPTTd5KOMu1NUt4tAwm4
+J0SJ+f6WSuEkDuB9ZQZlCM5wB6nE8UGhyJjh8/Px0Dw
+-> ssh-ed25519 4behFA riPeNuR8u/S1j1nf7zbxHaDvD1eKXO+yNwZTzmBFmCg
+x+L5OBtfjsdwl9vJpvzgUmVDcDWD5MnQoYLdp/ZpAMw
+-> ssh-ed25519 XSnoeQ ia2kuI4CYr1gM1JXwvCN7WidWSQU2N7cN3o+KVESrV4
+iHwPtX8EO/NCFZJSkMpSvAKJBr5sTe6DF30DGaWTalY
+--- TzvTa0Z21hNqSS1V4SH7sahDV1pPYJvIZw/WSYi3bl8
+¯’{÷è`¨N8ƒ2Ëê
+7µ©ÓÔîÝÍéåêbn/æNqÙV4^W®WÔ)»l¬mÉIôâãèGgÛ-±ciršÉóæºs²bz´ž‹ÉCÛº£4h†
+Y=ŸŸ¯È›«ÂÆI½[èþ¼uÒfé5ùu
\ No newline at end of file
diff --git a/secrets/garage_bertof_freya_key.age b/secrets/garage_bertof_freya_key.age
index 9567cc3048083a28610fca388f1656af6feac1a9..c185e4d7b2f51802d3d24849a469900443504df4 100644
GIT binary patch
delta 470
zcmdnS+RZXSr`|E&)iWi?EvYKpup&DpIIqyc)7`*0%gw^OGBiIh%+IIFr??=%tSU9s
zm&?02Ew9SlAlawbpvuQF)Uz-$E5yP#DXdao+tfRxG~YS7vMiv|$UMz4kW1H2p}06h
zH#Nn`)YQ;Y!6Yd)!_844$j`Je+}Fb+*uTuH%GA8j%q=1@Ke(#cqTI{eBR#aj#nso+
zGA*dWygVzJD>WxEAlu8yG&`|C-!m`W-`&8a*udG_AT21(GBnY@JjAFXFek6n$3NY1
z;z#lNu!8*5q`(5Vl#0m60>9)E=OT+7=N$K_Ds9g!^E{W7088&O4^MZekdSOH^URd=
zl)|(Oe-p2ON(=9>C?8{k<Y2Gjl+1jibkmg5EdL18Ok-0oKSKj9U0q#;tnf-xpO8GG
z(jZf9zc5!HlaMOIq-3**5TB5w)W}MAFa3ym{qpjtyojJ|u4xhfS2p<UI=`p*cc$X~
zT8+i!Ua#i`S!A8PA8_Z~?U+4BOAIX=JH3+=a_<;@ejVlWXwkXb?nMV(Uh=Iwp!@V-
zMZtdAeU1MM5)NOyx@5P?qn)3GmvOcosocZ(W6R^mN(Y~{PB<xPr>?72KRs%aX10#a
R<95q=KQFQ>)Gv5p3jhczw3Pq=

delta 642
zcmeBX*~U6Sr#{5pJK4P?KdUk+&D*1*EVv@4)F&sx!oAQUsjAp0C)~pz(K*wxw6rR{
zoU6#gFEhO)*vGA~*fdW&+bGQ6$=o$J+$+nss4^)dF+1GfIV{5@C9^a$pG((Hp}06h
zH#Nn`)YQ;Y!6Yd)!_85_IJ4Z#)F~;w*uYi0qSUp@&&@R}FRDD$t=uHSB0s{&H9N>M
zH8Dy%Aj>h3OS{;!Ai^lc+rY;+-7LV!DZ?!-q|C9zCo96lDZ<GwKPn)zA}u*6*gqh2
z;z#j%ee-~j&`ckrKsOUdKW_`mL|4;7ld#h8Ort!5+&s_BoGhb2i@=~nV?$Ri|D=G_
z!0^&y{d_||%ZluhRLe5Y$}IPAUl+H$z@X5I()`HKY$xrajIc<MPr|HyN>!?LN_EqV
zQWJ|)6}*d;OBFQ26&wr7>=aUK5)+LRJ?goNEi4kFT=GJz5`#*D%>By^qYR5vBO>%I
zDw6|C1C#XK%2UFEEYl3DjFTcNLM%KiO`I}<B2tn=6GOrrJwrpdoRduhExl8Xild6%
zEh;0tbHal3vkXn#qRMlfy-M993KG42^8@lLt9+fx6HU`ooV}CN(>;=0a{V16oa-Ya
z9l5x4b#)cWOe(Wd3Jg6xjq=UYlJtW^9gXty1I$7Tax;^wg3KdR%}oPSLc_~EA_KXa
z#qCTi%sf|axc{!}P3L2gY4#zfdZHYEXuSWT;qbGAso>x?(dk^NSyu~E_s?HfWAb%{
zY)&V`USZ~r>MA?WYUz|2@kTl2{&QF-7@Dq26xDrK_U|^^;@_E?pNj$)2i@|OVDBk;
deR602+d6@>bKG>b?J5}Db7x)NHjgP+3;+Yg;%xu`

diff --git a/secrets/garage_bertof_loki_key.age b/secrets/garage_bertof_loki_key.age
index 91364b1..5394cfd 100644
--- a/secrets/garage_bertof_loki_key.age
+++ b/secrets/garage_bertof_loki_key.age
@@ -1,14 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA jjYzDwbkfaziwdvIeH5T/6rKvhy2mX43tGQcTnmf5Xk
-izRVOXEmtm7lqT8ehyyIBejc8GZc3QrX8w1fPbrq+5A
--> ssh-ed25519 4behFA jGfDz7CRp84ES3i/y6cOKFuTp5sFquzywfHK6iPLyww
-EJ0MtrnW8OP257ogks1Q/I4/C2Jy0KAD3azHT6QsLP4
--> ssh-ed25519 XgC3XA F9uGSJDuw8nwbqk/+i1kS/LNk7rOi7XRBssv0XdytUQ
-WSseYpPU78uAWF4a8+mScIfRToU1tCuOfV0wFN7FAKw
--> /l2di-grease P}Q`mG = Ka#
-MeXIZL2AxfvGpmQoA/J3Sqgk4zzHgmasGJhqsMe5zPCRN3/kveOjP7KYateac+Jp
-oTuJqerutr/+wP00fhSYxNjELu3l6lw
---- +U6ETty0U9vrhYSf9Q43PLSbRqgVuvmF7Yy5dp2nfLQ
-8®#díöÙI˜öÂQå½LþO¬ðW¡2%Â¼
-»:¼x³X>\½P‰wÜ†â«ýKRq³Ôzÿª7÷Ô<Pt5îÛ$ñaOBK7ñƒe·%w¢o˜Ÿˆ¡bP'Pd6Ü«`ü
-EÞ€ÑÝ&Ô›=p—ƒi=Iÿ
\ No newline at end of file
+-> ssh-ed25519 hGQASA d+1+ga86jcZuxoFVxn/KZgWA+XhTLPeMFbLDeALrwmA
+0MjWcH3dQn/G3+LsaNgqu6wknIww6QS13v9PNrQ1uIM
+-> ssh-ed25519 4behFA QmwS9/DYWhnSc7l5zqdlS5Kus26HicSokF9lJxzIvQQ
+cu95hdn5njjTleyzVTS/FDriao9Z7Uv/aes+5vGcY4I
+-> ssh-ed25519 XgC3XA 5xA8FgSIGIqhkTplmPcE2X9KSoD81Yd7Oojd9E2PLE4
+p+/yyT6RFdCIXRyCu4E+ujpOWG7EDfNZQND2i7pJWsI
+--- dn/EI3Zf6WC15TqlYTGQOSwftfcAozb7/FfbK2XMiT8
+N_æÍÁ‰’ÉŒ—Òó€B‰ô´}Ðá5*LµF,öDy§ùdéJâ1rX[ÆÍx><Þ&0ùY£0‹Rý6<È¤öU\ô/p=ÆýÕáÔQñNÜ¤Î$/JŽG·˜«2ésyÌŸÀÅuÑÄ8è/huæ•
\ No newline at end of file
diff --git a/secrets/garage_bertof_odin_key.age b/secrets/garage_bertof_odin_key.age
index 83832c7320975eedfce799a232578b4e235a54d9..a7f870fab7e508ad909680cba0aa3c394fb66a71 100644
GIT binary patch
delta 470
zcmeyz(#<kKr`{sWJWb!+KgBVu)J5Ch$T2-5Fr(7M$kf-zGomcjpvWXDrM#*<G|(@|
zk;}!sJhaHevOK$_($F#7Kc&bxEGaTe+sC)kHPtdG(b(C`BQ2#WqAI1*f=ky<p}06h
zH#Nn`)YQ;Y!6Yd)!_85l*dnB&&?_v&K))a_JtEgF+pW;8I5p9yIJCI5uu{Ls!{5jw
zBd9W<!r3FA%QZ{e(KItB(%31_(>&1MEhNO*Ah6WDD!stCB0M$HG0(d|ztFd&)YLtH
z;z#j%!}OG}$}BSzZL`uc{mLk#vI4_wkBExGGWVjCaIfS*AM@Y{KePOZRQE`(q%^PM
z!gSNHkm5o|_b9&*^KkvbjPd|4V|{}P|H2eA!>EWbuM+=)5VKG&U0q!T1IJLOOh1nl
z=P0urlai>yV9P)s6K9`5qjXoNv|!7;)Uc}hfPxfvN5_zKt^}c4-ld-vnBOmc-M;;-
zv^vw&E5Wh?r&)LTElj`v<X-(Y$G1Kf<_8SbD?i-Wc<!mF*{e4#7pjk%Yh0E-aLKbh
zsp9&?S)BGU`!tOl?Ppqi{IHQ{Pm1{zbD493bs{F7zyFr~FE&(VkT2=$>v|Wt@@KsK
Q!yLYM-&s$8H8u1B0Ja;gf&c&j

delta 585
zcmeBX`NuLrr#{iMz%bWHKghs1x75VK)6dZ~IlZhhDI>+#*i+j))F974#HqL>RX@|w
zm#ZMaqN=K_D9pgHvaG_W(9^{=Gcd%m*fc8B!ZO9P%-^{xFx0!ur^?*XkxSQ3p}06h
zH#Nn`)YQ;Y!6Yd)!_844Ffh%-z}wBj!Z6gWC?F%)$*m-~$TB6bB)c>`vLf58G}O~A
zD78pGxgx@qE66M>C%G)sI3U!_GT+qOJ=w*@+0r1m*v~lFBR#^f*g4s>Ff_<L-N!6)
z;z#lNBoD(9ZDWf7W7E*kjAS!kmx{Cu51+KKG^acRPq#9EU;ommRD)psq(EOT0}HR>
zU@wzYm!go8!jvdClN<vVgN*c4*DUkG5F?L}^l)RhVyDWG{G?EjPjvKjJoEi@(~D9Q
zi&GT}6;iUwxZL%VQqp}QGPHw@it`Ne{OWVP0*eaL!pxHcobxhFtAf+A+#I8_UDBK!
zJ<43tLUS$h+}(pSg1rp#jDoYGB7?a6O3IwV@*Kn5%KekPOhXJyGMr0-Gcw%^0=aZ`
zbrp;(BP+`a-14(Ct9;FhoiokdwB1YdoV+s&Q_>TCLw!A6-2+lme6k_~9JwM7=v8d7
zm}YC$&p!8tdrI)u3IC=Z3ax+UZuQ=@Zt8ZH{4gfZt=fHmI8wg3biP|4_CvY)XIHC5
z|B=HYe<xYluivg_E0cIK^~su==!Cbo7Rz06w3YKHotgN6E%->l2Hz0j&aNN5d-Kyj
Z{;O+f`Z-^D>AlQXYQKHfo=}*V0RTHY()0iT

diff --git a/secrets/garage_bertof_thor_key.age b/secrets/garage_bertof_thor_key.age
index 53cb8be..c9cbcd2 100644
--- a/secrets/garage_bertof_thor_key.age
+++ b/secrets/garage_bertof_thor_key.age
@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA 1hnoDn2tM+rYi21AjQb2HIdyDgVNGdZ51hpf4yBgjRU
-I0tI2kBLkyQTlqbLDlTU1vhpbBKAqNtSTdeKzvn0FfE
--> ssh-ed25519 4behFA p2vY3LMTulcru5tKvp7V9S31qCuOwAJ8nC5kzGD3en8
-pbNgdjF10/XyVOfBK3vILBOQyNSeHkluJBNGpQnp6BU
--> ssh-ed25519 v7O/FA W/2jcCrblvcXGTDdVp5EAje+ByP0llHpTtwJQvtsKls
-LHCj5sI6Vi0efLquGN/roB401Vb9YwuyLcx8foqOWlA
--> e&IQZCW-grease b7{($R
-uugSq+epepHfI9tEAT24ZoJCv/oX2Cj1C1kUnySzniXu2NK6rcI
---- +dEN1Gzi/QadtL1vCw/y9sNLu3y6ZMLdDxhDcrVrduE
-Á"`©ÉY~‚úwm[ƒÌÆÉ3mÊmR€B<·XD~Ýã7-ÇÖ”ùÔ„õ(á€ùq.×„WCÃAöåæªðÜR·ˆÌÕ¹°‚3­ùòÔk‘Î ô*dä*>kÁœ¤î·(ÂlAàUvÖ?Å&Ú£}
\ No newline at end of file
+-> ssh-ed25519 hGQASA EKeqHiFfalulKVpbUS+A4/0/rjvNFRTBEzKaY8812lc
+sU9HKMtzAVV3nvEjarOZYrSR6YY8GYhVZUZkTfo6mZQ
+-> ssh-ed25519 4behFA bOorsvXyFaqLBhjroqRwpqJI52sNH95UIQ4ttKy7vA4
+CId1K0dv726Cx0EklR5yas2cu1+wJ7lukdJwSyXNEqw
+-> ssh-ed25519 v7O/FA +nbodDmDni/0GzAmmJjzmaqAKmUHhBgt1CQXEDKqNA8
+Thtj11x6Qx2iHIJP7lGVb/3uQv5ZtYya7457Cm142q0
+--- wKkzD3VThGvrQc8g3QFFjho4GqYfRvZ9Yg5k6hkAYyc
+ÞyßAÖ@6°cÌo/MfÎäçSŽØ+ ¦pÔSLh9ùýñc¶}}…+—ƒˆ´ÔõxM¥jƒC0¶TŸm6Gh8ã ~Ï½5Œân<ÙAPM`fÎKVnµàïûöc¥*Ú']àñBâoW“Ó©˜5Ò†&
\ No newline at end of file
diff --git a/secrets/garage_rpc_secret.age b/secrets/garage_rpc_secret.age
index b2404749147fbacdb7e7475f95e06a5dba99a00a..345f0cb4627a0b0b019e0b8be82f088435feb34a 100644
GIT binary patch
delta 846
zcmX@XzJh&%PQ5{3Vrq_4Kv;&cws%NYx@T0Oi>ae!W^zbDsIyP8WoU?FfLpLznOT8r
zC|6{nWkGpTu5nSRyML0Oe_@eDSc<1xrjdzJX^OX}ueoo&ex+xipJ`@DHkYoQLUD11
zZfc5=si~o*f=N<phMS{8o?m!XL|I^HxtV!*h-HPjn_IR^VVHSoN_L=6R#ilHVsJ!Q
zma$Qqg->oaS7w2^M^&MriG{Pbxwe;cRe55*e?eJcMXpDAT4_K|VOmL+iHUn)X<32A
z#E;^k;r^8#srt_OE=DdHh32Kn8Kt>K1qLoA+2Q^{jwXSL?gpvusZl9aL5?O|i7v_R
zxn=IfZk}01=57@}K0&F5rA5X$Sw&?A1rdeD`bHk56@e+q8IxlfCBxnQEYg!xDgvBM
zD$<L+{R}L9%<^2Te2sidjLUpYvrIkAQY*B>bE+J}Be^P#wF^@MOmag_4MQS*+=2>=
zoWe@WUG$?|O4EXTeDd=AEmDedEz7;lO(vgZ6tB;5%`(i&$u}v>G)ndNt#HXm&nt@z
z3P~~zwoDJ!E=q|CF*gbb4KDF9HsDJ3&bDy#FEep2_V>~ca<%jbNb_|GP0SAn$Sg1`
ziO2~}ayD}h&ZtasDMt_gh;(P;2uB5jq~eU6Dt+&K*T`hQ#Go+4`t+16e<x!@w@{N1
zS8b!f{Onw#K$pM(6Q^XZWD6Jbyb@zKH)m%P!$@zZbhAp|G*dt4G$Yecr{KU069a9>
zr~vm$Lr)Cra?CAFogEb%^-V*){Y%3lGYtY=oU2^?^OF5T!YfPiz0KTQU6V_~Lh6Go
zU2;pyf}OItQVN1Xd@9`{gNu#w3NqX(QiEMmf=#R3(+fjFjm^@^BMp)~T^!BQ!%OnH
zbaizVT%FuPJd4xwys|7Z^i%x}OuPefTr2!S!_Ct3jgs_B^PLNf-QCL~%?n+*Jf19n
z<+?44Em2w}*Lj<1>L-ci;i73z4qR~0yrkNqED$OzdB{+9LeTE=XM3-Hdcb1pGtpDv
zq@(xNcfS|k?JL=H*?95QHP=6-zL-<l*-)$7zGFtjA?~Z6g?gT3^apJCdUPcKtM4NR

delta 878
zcmZ3%eu901PQ8(1Xj*n+skfzjuth~!rG;gZsi9?AcuKf?WRP*FQ>t^8PeEpSX+edt
zD_5miNTzvVae!r5VU=@6sat_pa;b}%iIHP*dRUfUs!K&)PI-!Bg}<}5Czr0BLUD11
zZfc5=si~o*f=N<phMS{8ps}};k85T@uuG9&rb&80uA4`yVMRfSe?YiNYMG(GL1JEh
zmVa?&h_jIaSDuS$RAQx(bBa%@vu8<#mtUoRzLR5KSaM)QL_~5{KyHwKWNv71QK@g>
z#E;^kfhE2sk><t$MQN$|;rYcS<(6d@5vCcg$rh;<DLzJ(MiDMS6_(|pN!bQml|{)#
zmLXn6xkiP>mVs^_A-?`@iSC|>S)N(R<rc<?jv0|97Umh|rjuhCCByU6eDf0hGX0Cv
zE8WwLa&wIR+;W^8O)NrOQk()kN~%mVD~cm4ijqrnBe{|@EVHwGO+C|cJqryg{G3Dc
zeNx;iD#Kmee6uo(vI|TyLM@7nybZF=LMNYP6t6c-bII^FaSDqnbMmh;uqZDrayBco
zNY2SJG51Y&at}`R(+^H}N-qjCw%`iQEOyb)&&kUx^2to{&o9$YcZu?FHp?>42v00@
zajS}`@-!(4vPdflPe%{`h;(P;2uB5zsE{-_pZxTEpW-TK52qZz`qWU5qTJ-7O8smX
zLyM$5%P?(^u-r_S%B*CrMCYvV<g~z$EH|IX95<gx?U0hlvLef1gEUjaqKdpUKckG0
zWUmOnRJUYw>vGI3O`RPTJhCIwEDJ2l3PZf3d_zr&J&g?lqfCPW)BGY#a-!0T`~vDj
zoD7PKi%XnCx!hemjjK{~3(PH}Qe6rR^dpm;ybLlTeG5D*eB8@3a(z9$%PJjRjGYVv
zLDsqGrWd6q7N>G$dYAa7W*8Tgdqz5?W)@`>M0#@R>gp=^dnT5+nuQt{l?8+pyXGWY
z<YYRhC5O0IIj3ZLho)qd75GLar#lsBr&s24ncx1k+E2yk;)$-^zBT<TC;1sVeVcYa
zFi<|GK`7YA=Ez?mxjM(4oCl^KW#WGtADu93|5-gIo2ROpZ9kH{pDs<7$^F^)qH}3C
d!`7si3<)x2e!+`wWIEVBzc}sqa!w1AqX4jWFC72?

diff --git a/secrets/garage_tiziano_baldur_key.age b/secrets/garage_tiziano_baldur_key.age
index 75433b4..dbb8c86 100644
--- a/secrets/garage_tiziano_baldur_key.age
+++ b/secrets/garage_tiziano_baldur_key.age
@@ -1,12 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA 8nVzw7fp06zLT7ds8yY3fXjP7ROr2QAhknaEJ0eNDhw
-jD+bN1Q/G+oPvdcOVhIXzwHFbdY0P9c0KQfQBxKzJ4w
--> ssh-ed25519 4behFA s7vGl4q06zgP5GfDGvm6hR3TxQpTgxIjC9Jcv1JwkUI
-/L7cs4ieL79kOwOV2+PZogi26tapefrgXq7BUt1BMbg
--> ssh-ed25519 XSnoeQ cQCHARqbAsznV1KqFnbQdG/X49l5EtCa1Kn//aHRNzI
-s8o7YJL2UTr94HseEnm2axBEJP+woKJCXasF2aCGKdQ
--> /F:9s-grease j :m
-8zpD3IswMerW5eOD4afbGaa+2u2/fifWCQ
---- TD5unvKMzt8oqlK347CT/O+ewsNq1sFdEaY6Gd8uvy0
-Ï‰-ejbÉuÅz’³½Sû;e±˜¥,ˆ·žã£zX¿ø—=µv„X+){Q#Ý"¸*l--þ»	Ê “‡@c¸xÈ%–£ËøvFšM‘ êKfí;@	Ô:^?G&‚8Ñ½‰*”†Bƒ‚çŽ
-âÞRx©œ4¾
\ No newline at end of file
+-> ssh-ed25519 hGQASA PkYgRjAnCa3nvntxxUZAyN8xQR9Dwx7M3Xki6YpLggM
+yynQSd9ZQjvbc5AGesgDO1nZ/msw+d28YTFfHtUu0X8
+-> ssh-ed25519 4behFA 0gVZvAfYf9o1vhyhf53kmM96WytlpgJVEQt03IvyIxI
+JBooxj+OVLjSrdrBiFkeNbBEjKcciytqR1ICvvmhsNI
+-> ssh-ed25519 XSnoeQ 2/1iRtr3vJ7Nn66yiUVtpwTxYQ0l3PRkKURRKMlZ8Fs
+bprOMpZykVRr8AvbJeM6bkHdQ6daZTToUanuzqAEn+k
+--- 38ICz/y/nBJ1mc+cQkYZY2nnaUz+e77dmsZdKH/7LZE
+8dyQÈ¯â‹I°¹ç ¿»ùf&w<Ç$úº.ÝºðÁ¯"¥Xÿ¥;Û¸øË†äÚqßá¼)“àÝ;¦:/p¹öÿ”¥ˆPƒRv-_×õFsº¢JW8É‘ûª!tùc;l•’¢M¬‡3ò5r™^¹(*=È²„sDô!'Ç
\ No newline at end of file
diff --git a/secrets/garage_tiziano_loki_key.age b/secrets/garage_tiziano_loki_key.age
index 909f07b..5bedfa5 100644
--- a/secrets/garage_tiziano_loki_key.age
+++ b/secrets/garage_tiziano_loki_key.age
@@ -1,14 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA 0t3L/8xBVslG7PhVPxDIHTp9rB5m50shjV2J9LL04gA
-2tHsvHjXTSJt9AXZtZYeWesdUa6MOo219f0qFmSQWTw
--> ssh-ed25519 4behFA ed+eqSpK/GVKYnvwc0wWcH72ycDFrHgWeIUoiufvuiQ
-j+ZMEFedFZWeUchQafIND1jtWSdWI2BfZMGxqDWXdzs
--> ssh-ed25519 XgC3XA A49RW/YxI3N4xRcu+tX5BUCXyV647e+ey1QkTHHVRXs
-OKIQSrXeAGXz4n6N/IorFm5McXZDVzCM12cY9PFYj7M
--> -@W6-grease y] ~#eK$BTy
-Hsr3+HFX4Yna98IodaKx1uxqQk3gsV4NEtDxOHlJIwEuZPNWYVXDxzqf7QNCTQYB
-iZzp+2rWDnwaKhXX9Qk3ABgrfWEEHIeDXdWKNKWg
---- flzE8DlT4FCz7Bbq5bl9PYVkKtCvQbnVmhYT0Lbu/Ig
-|ÌÍË†•ž—ëš…ˆ­™4Þk£Ï_+‘0ù‚XQÁøf*ŸEba–‰P¸´QÆF•µtÅ>D_^CsYÙÛÔq‚*]ŽÑ~ƒGIk×Ç&ùÔ¬®ÛC–ª
-
-ãù¤<2S |të61Ú¡ÆAÀ¤½`,å²
\ No newline at end of file
+-> ssh-ed25519 hGQASA QoTvCImxWGpHaoYwVCJyafM0D6/4DaaQsx21mO2rDA0
+jjirm3NVk8U+L7rLuscQ5T8JJic3Y9QfzCe+1O3/oZM
+-> ssh-ed25519 4behFA 93S+8fmMYTbcSsTZNeCdUY9DXEivHyooOFkWLUjb+E4
+8ceLTot8/kwNerBnas2V3PZ2RzPSK+oP6W2+tpQQns4
+-> ssh-ed25519 XgC3XA 1aHp3WSIvAQXpEg14NLg0GPbfCBOo76HkwbYA/WckAc
+OyKBAjN7CmqzBeBPEMzLyPAnRFpiRqM5SUNAehE6j5c
+--- 8OJoaFd2CzZS8dUIgL8J1QVRKj4PKlScYvMlBDoZU2g
+ßï·ÄàhÐ+*,ÞˆFB+±%+Ðw­¸b°´LQÅºß! ÏîRueÈP¨DºÒ¹¦²z€à£nŽˆuIì×±l©ŽÊÍþêœX(Î$Q–8^4æ¦zK’)ÌÆmÓg—'Çn¶oWwâ3˜ÅþhzÏ…RÂô¬ê–ŠÐñ
\ No newline at end of file
diff --git a/secrets/kavita_token.age b/secrets/kavita_token.age
index d344cf1bb04f127cead4943a84856a7f29e0325e..b24f80b628b7a2a82b99807178a662685ac4c723 100644
GIT binary patch
delta 423
zcmX@aa+i66PQ67$cDQN2fq`d9c)EK*lCMXmOJ!w5Nq|9kVqT<?zjsQYuS;TRPGwbu
z0asRupJ8!gwsWMpTY+(rwt-WTQB<O<r)8LVP^EuxQd)3ks&Tesfrmw=E0?aFLUD11
zZfc5=si~o*f=N<phMS{;L1<8vdqq`-e@H;EzfYcLiJN<tuVrvpa9N&NMY2<=MQUMA
zx_Mc0sD4g5S9(B2MMbcuc1eb5T4=dNg|U~DpQV0;en_cPxJhuNzDIFLnp0_NNI-D$
z#E;_jW@a9y76n<wfkg#jMv+nZ`IY)9W#&0iW)X=_>F(Md`sUhBe#JS#-UgmrS-~Y)
zUS*apo`D4g;fAG_X=S<oZU&B(2AMe)=B{2|z9HsLDHWxqx#<>My1Kdwj!~5s$;DYI
zPNja91`)|&dEP}9et982CPrD>W}d-`2A1w&?g3dAMtS)LT<QJ3GVynL?8GY~Yz`dX
z+OcU*P<ZJYUQd-IR*l1lE!65K2QVzCRb@PPG0Ek$L3m5)6Yq1`w)0l6=j?3s*G>|g
R&$H~bbf>?cUzF2c3jmjJkMRHi

delta 525
zcmcc1e28U&PJL8<x^YQKQC3PonRZTMQlY+Sm8YMZOL9qtnNLupN3v^JR+Oi^Uv{`t
zAXijmP(g%edTEh)XmEg;hecUlig9LHu&HleR#t&wVS%%UPhNUefqr1FCzr0BLUD11
zZfc5=si~o*f=N<phMS{8nPGaEZ;*wDdx?>`pSfSMwp*5kWmK|xgt4z*zF~PrmA`(Z
zXLv+Gm}hx8mvLxTR+_%MzLR@ya<)@&uD4lak!N9=zEhr`Nv^l2Wk5=?p^vL}c!^o^
z#E;_jRi=rdMkT3U=I%L;rQwEA=EYfFe!iA|9)><81rhp2+FmA6CQ(`5Zh0nLp;b`^
zW_eK&xrON=&XI+Yfw@5irco}zIYv=NW>x;-dCvZxeyQ4iK_<Q+pLm)S7T9H&m+7V#
zr6v}qDg@Ys2jv^ZYIFJJ=LcGN7z7z>r_~o!Soj5&g`|}Elv{Y|SGt8*IvctaxMuiO
zhMTA7Cs`I$1*K(`8WniDRh0&pdZf4ol$MloWtXPqCwmlg>FVk#RF&xml?Oy+`G*)*
zS`;OhmHQ-H1~`U#8ziPjmZpcMJLbC?mz4Te8oP#aDKWGD3=<YL7PeQiYU_FTGR%hg
z?f0K|Kfa!Fc7asw#OPZJH~9{p_0xYl>*mEpeqZG^N_s>8Ff4s-W8ieFQt!rY`Q+OQ
P@1s+<PL!XotR4XX;P$s~

diff --git a/secrets/nextcloud_admin_secret.age b/secrets/nextcloud_admin_secret.age
new file mode 100644
index 0000000000000000000000000000000000000000..bc7fb7da1eefac962b50aa408db4a15414fd8b0e
GIT binary patch
literal 465
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7a1V40c2v-I^EL>H
z3@S77HcmEl3eWR&)VJ`|t}v}iDsf9T3(fOMF)b;}&nyae_T)+r@-rx~s4(*L$SN}}
z_S4QTOAYilG|0|1%+HDR_HZjo$u@HF*AH{?h(x!|Bq=q+%~2u4x5T2v-`^r6*gR3Y
zBq*;UIKM2-LO&wgA}X&c#nP+D-%C5Zu)^5f(3LAG+|<L%qfEOvH8VHM+t0Tk-7P)E
zA|>1`$+56RyWH8>#InRf-`(HU)D_*f9CJ%kXGaC!Ak(UnpxnyfQsbmT!&IZ<C?i*G
zH?I^&&qSvXbA1EjLKmapl>A^1<4`Wgs3e~XFYVOi;>4f|?VR%Pu;jpuV6$A4^paHf
z0#^f%GT%xU$H>5la9=K6U0sC&)AaIG|KL>P)a)Fm65}BM?6eTas;Ejwv$BAqT;rlB
z-yjon_fpeBuTU;FM*r_#KYbo5#qMh0zjSkt)zQ~W!WL`q^)sr?k-B>%X2(fo`7DM$
g$DYd%%u8fn33$eCxhJd_d+F+fr1u<?K3|Cf0FUOKF#rGn

literal 0
HcmV?d00001

diff --git a/secrets/odin_wg_priv.age b/secrets/odin_wg_priv.age
index bf0785b35028ce24f40bc567b63c24f4d22e2abf..00b9f3e8e84a12ccdb92e58c609a618433b18794 100644
GIT binary patch
delta 423
zcmdnWa+i66PJNc2Uq(qpQdN+1V3K}RPLO^?zJEooe{Mytv0Fr$rK3k_N{MSmMtEg<
zC|8hggh{q<P>R2+Z@7DMu}eW-Wp;>mW@1%vk#A8!Sb0&ISE@^Baeiv1BbTn7LUD11
zZfc5=si~o*f=N<phMS{8N{)}4WmQpGm49G}Q*d^^zFVnlZnjZzsd=uCNw!;wiMdO$
zi%EdHQKq{iS6Pa0x`CrXR8ewqh_|16wtlI*Uvf~mQJ$%JVv%olV7RB3cBXS-s!3}3
z#E;_jerZ|3=8?hrfu3m*Mg|_fSphl5$tIqGPMMjdA*tpT2Emn8P9}kYRUxii2H}CB
z*~yNsi2<3$o=G8<0qMaWMJ2wL0hXZ=Ic{Zv-jz-n?&$@-X<5Epy1Kdw=BcJR-sY*L
zK4Ffj<z*#-0g+)<S&pf0M&`wCp>9=$q2)<o#sw8&rV+0BT$^0QP9L`TwC(ZEzjZez
zPZkraG<f;e>y=E+lFMHr-uK<P8@S+p%KF6B=8H|GD)WEm#9s^RjThnxuXg`CH=!qU
T<)pI#39Q^7d<*w#{`m?3e1x2n

delta 512
zcmcc1yp?5wPQ7D9m`RjVW<+G6L4aXlmAPTEVWp3UnQ?G%Ub$O_e~5p&iL<tMMo36_
zC|A0BXi}hmpoe8<iCM5~mZ?`^VwJbEUqyJ1k*i0EPf56WxVKMQUP)q-FPE;JLUD11
zZfc5=si~o*f=N<phMS{;u}fHDxoePqYH_f$hgXiVmzzhSxn*dUQI(}{MOa8qc2;p}
zvSoOZtA0f!msxO9ih;R>Z+N;zpld*3cxI?)q*;|~xv{=^PG&?&YDr3QNtH#SV^vA$
z#E;_jX0Ar25q_EO+7YE*X+FlKCf=q#iNRh;rTzwqrRI^D&QAVe5s8V$VHMe2MFu&J
zJ~@RZ*_Oo>zJ=xafhHw}J}G61rP+=?;T8IY5xKqv!A@zOxn_|dpSZi}rWd6q7N;td
z7AM-PW^=h)gjW_Ng?eU%hMS~>CAl~mCD-R`yGNE77;6XQCux@&2V__J=jK!-nno2T
zmYPIm`kOeF1_k;T=KE&mW)(SdnU{0v>gp;~`DbaDdHK8Prx}GiIcZzw1(k$WM0guU
zhPe0|6lVMTc~q7<d;2*Xm1cA8WKn9Uc{*uFZ;s1#yE}%g>s~+J{w-);TU=!Rs%`^)
zd!{GrMZzZNWuJ+v%(}DaocVNH)|*eCud2AeZ|2>G`&W7xo~2&@C)=SC=y*zVN*Vy?
CMYU!C

diff --git a/secrets/oppo_wg_priv.age b/secrets/oppo_wg_priv.age
index 28c7445b9f5c130c3f9ffef3ca13c7553cafd4fb..ebfda0f4641ca799859609e2544979a2e192a23f 100644
GIT binary patch
delta 829
zcmX@YK9zlfPJO1Mabb#uNpPA$N_nBaL0(vaX>e44MMkN!p=U@*QffqMRI-tGZl+&(
zK9^BaR(ZBbnoqb}iCd_jn`LHrh-pYjS-ML_cy4%JSyrf1Xk}?)ft!AgCzr0BLUD11
zZfc5=si~o*f=N<phMS{8n18-=VOdaVqPe+$c&M{wo?AvnUP@)Eb5Vp}N@jjWQHq;?
zRZe7Nu&;*+myc0oeuZO3N{&ZhQlf{qQBt8vv1e9VRzRkYafx}5p{b=|c4SCtRIroh
z#E;_PF0QG5ewh}T1&;nch0ZzphE93eiJs=6S>92u5m8YYzFDr`;ZB~0hDL#0CT6B(
z-l=9~Ng?hP;g&8gE~X~wj>VRRPF1-k+2s}H-Y(9GrJhMqRoVHI;~B-n{rpP|LOqO=
z%k|R>(wvKmf(%?sEzBJYBMfs44NCng-29A7y$bR@imS4@(!-rBLQC_reS=*CoxH-#
z1Dy=~l2X##O-f91i+w9xGhGWq6OD4SGAxTHpJf!Uk1%!*&Pmrc3Cr=!sWgl9PI1qS
zGWHJ6FbPNt(T|8M4u~@J^E3~SNH_50@=HuKD-JYB4|DZ1_AZGE3keR%2{TJ~cQJR%
zHc$04GK`8cGz<ujbo28?kAaAEXX6M*g(wT79Jf$Q7gs}{;Pl)K%glPGNRyDvz_Kd0
z#K6cBuX2O1D)S8gH2>g`WUeTq^iuzfQe*9)FvG<3Ja5a)h?I~3cgqN`yxb5=XSd)2
za|_o>zqIl)M|A6Q%q>lw9TiO7vh;&|d@QpwD*{7|E5j_aGgHb-O1!cYD*`hkypvOX
z>Wz$zO|mkof?T=s%rl*QJ^YKK%sdTJ%RS8!T|;x6D^r4V19BtNf&z*>(=)QYJd+|T
zw2QfPb#)aYa;w7AGYp(lLdvR=OS83$eJvAHTr*5_UA;<^J-iIPJyQI`ToV0~3yZmq
zO{)oDvrOA)v|zs0R+p|1YkC9uY^_#V?lyTe$7EWO!-pzfA+9>{StfrnZZ1uYx~lZO
hJb0<>uD`Q?1~rGq=dv12*HnJQQ10!ZI{&SD4FIyI7Eu5I

delta 876
zcmbQreuRC3PJL;Jvxl#bd2xDFm_?3%WN>OoqGx`hVU}}|S3y~FqHC~0Np4V<c7ShH
zF;`TsX@*N?MP5>AdYOrKp?A5Lc9ElhYQ9fdMrBq|g<-n4yHie9x{rCD1(&X!LUD11
zZfc5=si~o*f=N<phMS{8QBGC4uXm+kft!0_PC=ljzFVQEmqlq=n18WXs-<B?Wl6So
zc2bG9yHmI$S6-rJR*HU}o3X!7U}jNTd8WRBNt9)hQ%FfcnOC7{fKh0Lg=494m|u>?
z#E;_PzQJzpAwGr9CLumW=^3Ri=H@PzhN%I*#l@+XW?s4Oc`5lp+9_ow$*zuE?!H;2
z*?}&uPUQt<CTW!!&J}5uftgO}{)H~#xq(rUX65-gK82~tK^eZ2;~B-nEls^$d@7Pm
zEWA9coXdkkf-O9qJc^PFOHvb^l8qe$-HS`Y3rj=X!W~1of_x3Vll`-@3^TI~l3g<M
z(gO2C%tLbW^bLZt%+pQsGYfsgvt11%oXpE7pJf!UFU&AAOY}~!D$a8A@bNQsGR(<{
zGR^gg3`;ey2=`0M%q$A83h^^H$jc7pvNQ^GGPiKGboBQ0FHF;RN--#L4A3?#@h<mw
zHOwq1PR_0}O-?e_FLew=kAaAEXX6M*1uuX1ydb9}@6>|yOf!?ha{c=7tYW9Ez$}w|
z^N^%c=kVZCj||tMoRGqZY%ce3U;V)FRQ&+Ulpw#rOh=dWoQ$GSbJIMdV9%&5r%<zE
z<KQgklr$gha&+r*%q>lw9TiNSvn?tO3$-JR++B)NgUUUF3NsT+LUKGx%uMo&4D<8K
z>N6AbN-DLBDqXqUi;ayVysGjIA`Fwv&3!T}eO(IN94jrd3*5tsvvV>FauW;Eyt9)F
z(|keJrR$~_r6v}qDrg4TRw*RgaHSWgI=fW5c~<(kml_v@Ru-k32b2aH=eVVF>FVk#
zWQCf9MR*4n<++<V`sA0EXBzwDn^q-j7w2VLdi!~~R%IIp25YBkmt>eZa&6@~qGEez
z&wcC0h3q_TD~?WQd$DnPbo?5XMNOu2i=!hLruD>{&REcPydv%D6Rl+m8N21z?dxIY
b(Jx!%pH`J3-yAhtRNr~mo*B~)%sm4DWZ5ZT

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 06a1e7b..e019ff2 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -23,6 +23,7 @@ in
   "garage_bertof_thor_key.age".publicKeys = devUsers ++ [ thor ];
   "garage_tiziano_baldur_key.age".publicKeys = devUsers ++ [ baldur ];
   "garage_tiziano_loki_key.age".publicKeys = devUsers ++ [ loki ];
+  "nextcloud_admin_secret.age".publicKeys = devUsers ++ [ freya ];
   "baldur_wg_priv.age".publicKeys = devUsers ++ systems;
   "odin_wg_priv.age".publicKeys = devUsers ++ [ odin ];
   "oppo_wg_priv.age".publicKeys = devUsers ++ systems;
diff --git a/secrets/spotify_password.age b/secrets/spotify_password.age
index 98e3eee..12aeb01 100644
--- a/secrets/spotify_password.age
+++ b/secrets/spotify_password.age
@@ -1,20 +1,17 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA XCi6L7fPdccLrtRtI4aExPHyMg7g1wV8ED14M452FH8
-6rqpNqK1d/MwGm5kz0reyNhVFi1uzJ6s3gQMjPn8OGM
--> ssh-ed25519 4behFA Xj/kapGYB/A6ws4Rk2Bt/RKg/bPF6ecQNSmy9E1ZCwY
-hKv9j2FvepG8HmagwrLrUc9fAoffEeQxE+RygiO4zfE
--> ssh-ed25519 IvyYug yhTZgQxTW5mE3aa3pl87nS2Cg9zowLJ/7X52ulvwNQQ
-Ina/Bfx8ds4oEOW+fZBD+yTEpbSA7CQf2jAIMn+ntHg
--> ssh-ed25519 v7O/FA K+9pYRCgPV3rqEZBBCHi0ivYJyOtc5UKb7fBWJyi6VQ
-lqGx6JRbeLKSGgTOqOfTKOcq4c50aOIrF/hYbCcJd7k
--> ssh-ed25519 XSnoeQ OCQfC4zZIxTmLicv04JI8/LAIdItnOoSHG/JObPl8iE
-nAx0553+6QrgzuOzUXtkUwvDvFSrphrfmqpF5D9m7uE
--> ssh-ed25519 XgC3XA tRaPn/d4ZVVJ9KiVbT/HcaLiAH0aod20h7dLRSCaTRs
-31hHw+JGfuVcFQiidC2M5uRoVfNqBla6dEKSdOw7LUQ
--> ssh-ed25519 l795CA wsToGDKjHndKB8aO6Y8Tv6Su50jZ6HZRDqn/vDoW404
-tsINm+zIBigU6qmvy6ArYtNx8okcUhXYbcUn5lyCMbQ
--> pIU98H2S-grease hk, 6hccti} ]w]Bym5
-sVnSQ7E5j7to9SMdKnahmxTTjvQsTIqV6KXyDjWJGhAZZV7Xgem21F6Bh0YALVsX
-nw2StgulGO6o2w
---- 8AiQIyHaBJx3IGd3qA88M4BjgBJv2EhZksO3CQpehYw
-ÙÑso[¸N™kÄîƒþ©Ðž„ä+XhÆ¹Z“ŠÞÆ5~­Pø¨ØÎ
\ No newline at end of file
+-> ssh-ed25519 hGQASA /J/2zMvnnL5JWiWQQZZ8d4CMbinVeBw5HwNtTxF6bTI
+4F3B7fnIiLRi4qBFEMS0X6NrxS7cLwCG9e/KMUFJoi8
+-> ssh-ed25519 4behFA ni1m1pnb3ULk2uZLhKcajHAIy1UN3Sc2IynTbR7HIXU
+C3OLRhci6xFoxX2uH7ntDcOOdYRxY5ycMLKPBi+QHvE
+-> ssh-ed25519 IvyYug EZIQSyawmxg2rRiCHEJhxy6XDqQbUcMxikrhwBeZYD0
+6Pjl8OlKYvwli49ekDWQuP0knOOWlJZ0l8RGz9oyb2s
+-> ssh-ed25519 v7O/FA Uj+UlLduljTSdQVocvdREl5O8+9rbi+zrSs01C/FqiM
+dM7Kf641KxB4I33H0waGo9JzNxVVcVykOYefWKBubxE
+-> ssh-ed25519 XSnoeQ qATrX72PIBb61myL51TmithzzTGO2oTSJQO3gtgrjGM
+mzUuYx4goPzhz11PCgAoQyQZfOK4NjdjejsQykDNE+4
+-> ssh-ed25519 XgC3XA upD2ax2gPuPn3mrLxvjCUQOAvkzsDojmwrg5eX36jEw
+1ie+wUJJBe5CA3RZJ8g+t+H4/8Jl2l2ENbhnlE2Zk9Q
+-> ssh-ed25519 l795CA llFbKxa5P+kKFUSaOAU4GncvEkmkSYr0/0GTUolyiAg
+boOUnKPoGN2w1GzhzfnYXi2hcywRU/qClWH/Mk2SEPk
+--- P2deGATg3Oo9ZpWDRxOYtYfkZADMd0aPAQjRXMhwuGw
+³)v	TŒhöågB¾²¿h.¸Èo<Lúëñ67¹á°U0¦úZŽeããQv
\ No newline at end of file
diff --git a/secrets/thor_wg_priv.age b/secrets/thor_wg_priv.age
index 9335e05..a9e87f3 100644
--- a/secrets/thor_wg_priv.age
+++ b/secrets/thor_wg_priv.age
@@ -1,12 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 hGQASA xAHPSIkTD9v4QAz6LbiYJ3hN+MUramkySUgKWm4Bew0
-OFIm0PrP/gD+WAEfOW5WzhwGQCixAyDPPAFFONrAgno
--> ssh-ed25519 4behFA uMKAn5ESDaFr4m4QZ6hYyeVTkx7mXwgRiE16u+NdiEs
-YqC+HPuiT2byHhmdMgYwQN/o2lSj8gl3BMsitxDxGRs
--> ssh-ed25519 v7O/FA 8h//2/NIBmW0EciyY+DZBPmZfI+a76lDns3Gq1v3z2A
-8nYofnAUvcVJcRWLdRDos9k4c0Wlz91ictj52h1gZis
--> Fe~S{*~0-grease ~Z
-DhZKevKCft+A5DdNy33gShUlG6jqWQ6dS73jSF4KyOzwmki+IkFF6uwZ46ThYabx
-Yqw4SnWONlNjo0a3fznkpoEimzNHKvz17g
---- qSfcnaqZmIR6Av3HBF5BK6LfVjkoeMFJFczNxe2wk5s
-È¢GUžîXŒ~ñ…±Œ¼z?}ñy¡¦ŒvÑÇ¿d1H½éC` ·^ú#æ&óPñä8k3b£ÐX Ï#ãe;ŽiŠñÐN›EmÈ$
\ No newline at end of file
+-> ssh-ed25519 hGQASA +547qOJmNPJFb+wRjVcjm+hDHTm0rgiac7hfxPI54w8
+t9ZYnDHZsmiMaiDIM71h8dKFLJECFNIGHcvGSP7vkvg
+-> ssh-ed25519 4behFA Ex9h28uRt2gl2p/E9+irXX8IOrducVNDCB1KgN6DAA0
+J3oTUNlhOv+KzlUv5zJFf79cMPGiHcw25XH/k4vQZ2g
+-> ssh-ed25519 v7O/FA os0//TPJwRwMbwIfEvTsyflIKD1tGCFt0HuBmr043wU
+pwOzDUk8MTvqZf1hnuMT4kAcZ1yB2ubdRnqeqecavjk
+--- LltfQDw1/CXAYv8r/8fiZrTsHHaekRPd3prFZyErFzc
+­¹o³ÜUÄ#Ø¡¦°<¶F‰™ìIÙÏ‹”¾ÚKŠøW¤Ä'	—.é½m‹¡øA6+Ê•}†E¸or¦‘Bn—ð‰MX!†âÓÐqþž
\ No newline at end of file
diff --git a/secrets/wg_psk.age b/secrets/wg_psk.age
index 508ba23d19166bb90a2ead9733c9f8f5477efcee..93cfb4d53ded00d413c1157d506917e5922f2e59 100644
GIT binary patch
delta 829
zcmeC-n94pur#{NaDbpw0+0Vn%EThoHyRtY<-_6iBDIm-^)vq$wvb@SMCpgzUFWbn;
zmn+@ZJitH1+&wWjD9th3skqX}JJie|)WbPE-7+mCJk-M?$1pVCJEb_#giF^>p}06h
zH#Nn`)YQ;Y!6Yd)!_85_$;>0K!rj=(-`FS7qA<WG&@HnpB(yTS!Zpm?D9gV%r^MC7
zEjic4+0)g8%iYK=H9RrT%d#RVvOL?}+1EYS$I~w?x5O#U)F;E--!#wP)3>a^FU>D-
z;z#lD%8KOBqF~STsO)@yOV>!B^3t@#knpsk!ptz!kfaFTC>Jl6vZ_e)ps+|T|DdE|
zLw$c!@8XD(C=b74vx34BZzI!!%5Y!Tk_boh$g*<x6vN8&lHByk@r>f(xmnKsK2c6(
z{wZb^Vg7De`p$V}Wszl-Ihke!d5PifP60(O0WNs~+To5|?vaURS#J5sQOU*n1%)Q*
z{)vTAE`}k7X=Q~0$&potr6wkonT|=N$)1su&oYYFdnXmUhX?tlYF8Den&_A5=jR#t
zB^ne*IcaBmWO$W1W#t4GBxh<TmsYuQ1xJ_}o0w-=CWcg|dKj3Qmpi2-m1Tscm0EaP
z7?=l?xTmK1285SIrBoWA$3R57vvGu@LQ+{-WmaW{Tcx&%dvHl=nNPisr=g{Zeo;Z8
zSCW63VL@qrM3IqUctJ^KF_&jmR%(fdVRnF1j$ux4Mp0f`N@`(Pu}@HtiBCkNznix~
zVn}FqYEfcwB)WAu=9Z?;jtYs|NmY&kj>Q$GSwWH6`Ii1+E@=TCW))=xMM+MTK2DLL
z_2I!riTZ)5ZrNP!`eq@i!NG>b*=bcKNdaEIxxs19UVdJ#Iq5l3{-ze%1y!jYDT$dW
z{`p+Gy1EJ}KBfUaNq(-0p%E^XsY!vRW(KAqY55*Sz8Mjb1`%1I9)ST)$u41LkrrIH
zp4Ojd5Sz04rTyJqcMt5E_Uc{#$Jv2DQ*WAdHcHq?a57ykSAP~CzWmf0^|Pv7hUFfM
i{x4i<c>l4+;k|$R|CIFxC|nddao~ddq4cSO<{JSfJ|JoU

delta 949
zcmbQr-or6Lr(WBu#MmSy%-y*vAUN5>$s!^@!n4ZQGu&I>IWxB;HCemD-`6s@v>>#~
zf~zFl#2`OBwV=d5!^t;2vBX8YqA(@OG@!uJMPJ_}#VOp_MLQtSG}|Djm`m4Ap}06h
zH#Nn`)YQ;Y!6Yd)!_85lGQu^_qOv5_z%(SKG|(}})6F+czpSh<($mX5&m+*IG_0`5
zSliVlB)l?^%Prg@!>}Nwz%Ms4sK6;WAl1+{qRczMGbJF|(#JpBtE{5PE!{9T!#~@1
z;z#jt|3s4r55vg7%5cLVSHGg1l2UDh%(8Uvz(7mivSO#CY@gtajMSuJ{TxrOP(#<K
z5buaWXKz<a=g5Ep)3jXgq)2Dua;L)d5U)gwg1|73tngePbN}qg@r>f(!KTjcDH$c@
z?q-JNPR_|*X?f0RVP-BtnPpYsfkk1?DK0*tf&PWThLxUNo{5pUKFPtkQNEeQ<=T-|
z!Bsxq`fgdl<@x5>g(Xqx27XBazQ#W0mYx=q&oYYFC+A01hLl>m`IZG#=!dwvdOL<2
zg}G$-7w6;#nrCFXWR?XNRV5{cW>#8om4^n0q&k<Rmgi>q<OG=q7#C+}Iw$J~l^0}s
z7DX1Ax+i+&IO@Ac`lnc+$3R57vvGu@f@hXXK%{X}nNwa+W{|l>T6ld`VR62jziVWn
zQ;?x)iJ56gs<U}ugh5rdCznx(g_A+ClV@3JsF}HsQ>ss}lc~A4cX*DIr+<n|Nmiy$
zsZo}fmv>QSB)WAu=9Z?;jtc&vMqZ)$`5F4j<;HnoWlrw-eiac>$-Zu7p~m{f?oO#8
z^<KWgg_#-U8LnJzdFCF$l>wf)z9l(%`9_YRkv{3Ep(UmHE?$Z5#(AEV<;5kQW~o`;
zhUp;dQgv;0(~D9Qi&MG$yhF@V%^dyxgWZZOOAAb+(sF%`%1eWTDyuSra@;CQogEz`
zs!Ai1!h%dg0zDl~Gs{z*qRhS1Gc4<UN<6B}xzf`seTuw%iXvQ+%>trK-A$tM3ld9{
zQ~k^{GD;1?sw~_b%c8OzxpZ}P6+FW{vYm~>gMuTYLPCsE^#cOT0t~VOf-M3w4V;TY
zqe>#ed{X@q)A9<FxfXvelj+u3aQL3=(T|nSYk#j~Vw{`);Ub@!=Hs>Qr+oR8b!K|J
w6+XWC+zfuDH;Un+j#YeuO76=nr5K-VD$Tsgv;EJJFW0lV1)t7%DJmfi0M}+fOaK4?