From dcaa017e5d838c1cf1c05b355e6a95cf308f1595 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 16 Nov 2023 15:08:13 +0100
Subject: [PATCH] agenix: migrate falkenstein

---
 flake.nix                                     |   5 +-
 .../falkenstein-1/modules/backup/default.nix  |   6 ++-
 .../modules/networks/default.nix              |   9 ++--
 .../falkenstein-1/modules/pfersel/default.nix |   7 ++-
 hosts/falkenstein-1/modules/purge/default.nix |   6 ++-
 secrets.nix                                   |   8 +++
 secrets/falkenstein-1.yaml                    |  51 ------------------
 secrets/falkenstein/borg/key.age              | Bin 0 -> 1243 bytes
 secrets/falkenstein/borg/passphrase.age       | Bin 0 -> 504 bytes
 secrets/falkenstein/pfersel.age               | Bin 0 -> 467 bytes
 secrets/falkenstein/purge.age                 |   9 ++++
 .../falkenstein/wireguard/dorm/preshared.age  | Bin 0 -> 424 bytes
 .../falkenstein/wireguard/dorm/private.age    |  10 ++++
 13 files changed, 48 insertions(+), 63 deletions(-)
 delete mode 100644 secrets/falkenstein-1.yaml
 create mode 100644 secrets/falkenstein/borg/key.age
 create mode 100644 secrets/falkenstein/borg/passphrase.age
 create mode 100644 secrets/falkenstein/pfersel.age
 create mode 100644 secrets/falkenstein/purge.age
 create mode 100644 secrets/falkenstein/wireguard/dorm/preshared.age
 create mode 100644 secrets/falkenstein/wireguard/dorm/private.age

diff --git a/flake.nix b/flake.nix
index dbcce7c..f9ef297 100644
--- a/flake.nix
+++ b/flake.nix
@@ -109,9 +109,9 @@
             nixos-hardware.nixosModules.common-pc-ssd
             nix-index-database.nixosModules.nix-index
             impermanence.nixosModules.impermanence
+            agenix.nixosModules.default
             ./hosts/nuc
             ./shared
-            agenix.nixosModules.default
             {
               nixpkgs.overlays = [ self.overlays.default ];
             }
@@ -123,12 +123,11 @@
           modules = [
             ./hosts/falkenstein-1
             ./shared
-            ./shared/sops.nix
             {
               nixpkgs.overlays = [ self.overlays.default ];
             }
             nix-index-database.nixosModules.nix-index
-            sops-nix.nixosModules.sops
+            agenix.nixosModules.default
             purge.nixosModules.default
             trucksimulatorbot.nixosModules.default
             pfersel.nixosModules.default
diff --git a/hosts/falkenstein-1/modules/backup/default.nix b/hosts/falkenstein-1/modules/backup/default.nix
index 2fee9c8..db55135 100644
--- a/hosts/falkenstein-1/modules/backup/default.nix
+++ b/hosts/falkenstein-1/modules/backup/default.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
-  sops.secrets."borg/passphrase" = { };
+  age.secrets."borg/passphrase" = {
+    file = ../../../../secrets/falkenstein/borg/passphrase.age;
+  };
   environment.systemPackages = [ pkgs.borgbackup ];
   services.borgmatic = {
     enable = true;
@@ -17,7 +19,7 @@
           label = "nuc";
         }
       ];
-      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";
+      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
       compression = "lz4";
       keep_daily = 7;
       keep_weekly = 4;
diff --git a/hosts/falkenstein-1/modules/networks/default.nix b/hosts/falkenstein-1/modules/networks/default.nix
index 0fa3e18..d2e4c02 100644
--- a/hosts/falkenstein-1/modules/networks/default.nix
+++ b/hosts/falkenstein-1/modules/networks/default.nix
@@ -1,12 +1,15 @@
 { config, lib, ... }:
 {
-  sops.secrets = {
+  age.secrets = {
     "wireguard/dorm/private" = {
+      file = ../../../../secrets/falkenstein/wireguard/dorm/private.age;
       owner = config.users.users.systemd-network.name;
     };
     "wireguard/dorm/preshared" = {
+      file = ../../../../secrets/falkenstein/wireguard/dorm/preshared.age;
       owner = config.users.users.systemd-network.name;
     };
+
   };
   networking = {
     hostName = "falkenstein-1";
@@ -46,14 +49,14 @@
         Name = "wg0";
       };
       wireguardConfig = {
-        PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
+        PrivateKeyFile = config.age.secrets."wireguard/dorm/private".path;
         ListenPort = 51820;
       };
       wireguardPeers = [
         {
           wireguardPeerConfig = {
             PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
-            PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
+            PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path;
             Endpoint = "dorm.vpn.rfive.de:51820";
             AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
           };
diff --git a/hosts/falkenstein-1/modules/pfersel/default.nix b/hosts/falkenstein-1/modules/pfersel/default.nix
index ed013c2..1c6dc0d 100644
--- a/hosts/falkenstein-1/modules/pfersel/default.nix
+++ b/hosts/falkenstein-1/modules/pfersel/default.nix
@@ -1,10 +1,13 @@
 { config, ... }:
 {
-  sops.secrets."pfersel/token".owner = "pfersel";
+  age.secrets.pfersel = {
+    file = ../../../../secrets/falkenstein/pfersel.age;
+    owner = "pfersel";
+  };
   services.pfersel = {
     enable = true;
     discord = {
-      tokenFile = config.sops.secrets."pfersel/token".path;
+      tokenFile = config.age.secrets.pfersel.path;
     };
   };
 }
diff --git a/hosts/falkenstein-1/modules/purge/default.nix b/hosts/falkenstein-1/modules/purge/default.nix
index 92c5abc..5650a65 100644
--- a/hosts/falkenstein-1/modules/purge/default.nix
+++ b/hosts/falkenstein-1/modules/purge/default.nix
@@ -3,13 +3,15 @@ let
   domain = "purge.${config.networking.domain}";
 in
 {
-  sops.secrets."purge/token" = { };
+  age.secrets.purge = {
+    file = ../../../../secrets/falkenstein/purge.age;
+  };
   services.purge = {
     enable = true;
     discord = {
       clientId = "941041925216157746";
       publicKey = "d2945f6130d9b4a8dda8c8bf52db5dee127a82f89c6b8782e84aa8f45f61d402";
-      tokenFile = config.sops.secrets."purge/token".path;
+      tokenFile = config.age.secrets.purge.path;
     };
   };
   services.nginx.virtualHosts."${domain}" = {
diff --git a/secrets.nix b/secrets.nix
index 2f313e1..ac3354d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -20,4 +20,12 @@ in
   "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
+
+  # falkenstein
+  "secrets/falkenstein/purge.age".publicKeys = [ rouven falkenstein ];
+  "secrets/falkenstein/pfersel.age".publicKeys = [ rouven falkenstein ];
+  "secrets/falkenstein/wireguard/dorm/private.age".publicKeys = [ rouven falkenstein ];
+  "secrets/falkenstein/wireguard/dorm/preshared.age".publicKeys = [ rouven falkenstein ];
+  "secrets/falkenstein/borg/passphrase.age".publicKeys = [ rouven falkenstein ];
+  "secrets/falkenstein/borg/key.age".publicKeys = [ rouven falkenstein ];
 }
diff --git a/secrets/falkenstein-1.yaml b/secrets/falkenstein-1.yaml
deleted file mode 100644
index ad6fb68..0000000
--- a/secrets/falkenstein-1.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-purge:
-    token: ENC[AES256_GCM,data:mCK0xAgF4Q8DOTPVRg/O5L8kpDItNj8U0ikoKOOZC3Dv50Yt/nqvq4j4fM0CQ836pxCutir6FkTKbS5xS5XqKoSzu8E/0Q==,iv:JDqyeG+g3RAHmMD4uxS6eyQYYI50X6Bwutp+/v2ngq8=,tag:JkqLWoSwwghNUCD2+I6Njg==,type:str]
-pfersel:
-    token: ENC[AES256_GCM,data:MFxzpT6sqzhDpZya4/eI77LbHXekzfTQWZrjd/aot2MzRXicaCUabEUqnR40QnW9HujOTW0+A+9Be5mDX6OqVDt2ioKVxg==,iv:UTTWL7uSVgpkLnXTkvojC/fotkDISdyBrGDiegXqMuQ=,tag:+8+Th/M9U9mJX6i2YCPBbg==,type:str]
-wireguard:
-    dorm:
-        private: ENC[AES256_GCM,data:Wk6g0UW6onEQYh2Sjoh8pXtaxzQehbYzulS32LHENombOdM3xT6fLBRuI3o=,iv:i5HqTr/WV8tiBud1BApPWC2z1Ck5LiTRJ1MP8/1AH5U=,tag:ISAHSJCNzS/MCiPkPh6CXQ==,type:str]
-        preshared: ENC[AES256_GCM,data:8n4LJb9EeGfYp3VV4iL9O+IadsGok9EWZESXdkGDk/LwYUvKRxkFsfIUmA0=,iv:dAY3h8U+/+Ac4t7HIjTj2LvX2g6LUT9s8U4GU4tvPV0=,tag:UI7mOiQGWVnmIYJe8C1gpw==,type:str]
-borg:
-    passphrase: ENC[AES256_GCM,data:54KCMu574Uj01sqnfBX9BqFc5+dx1Se7,iv:NgodekAUw0pNddA36oIranISkvUQIxZRmZW4s1UIHdU=,tag:frep/WspsozTL1V/OfuTxw==,type:str]
-    key: ENC[AES256_GCM,data:TGwOAKLEF/zy0PTMcdfkgypGR4/HlZ1By8cMT+sUbMQUfcw2HzvZBwbvfchx/abO9JXmbeSC1E7w6yEMIEg5bPAgGkylRdud/X5Ol/fRKZNdc61JyCWO/UT+qiI/vkikRKQxK/cpfB76+8TuTk0dElGOgJ0NTqklwjap200VdS/l5SBOpY50l338V0p4PQAJ50ry7qWlvN5+GKcHypVBTVabmvRUQCBmzK4N9yiW3zBpmA8e1MctmRiwqIBafeZVJ8YzVqC8cKLtFh4sVDd2fkrIEI4TMcGNS+E0VyHD7ZbTY8KBrNjmZPaTZz186g9PhB3rlHv6a6wAHJx3wZgijzxuXeX7yvyfM0NRz4DQaIANm1ggLdddUf6oS5i2kjKuENa2xL4ADpiO/d3U86HC9ldA8u0mHItjGlqZEL5/cBme1qKf70WsrGqN4gWLzMHZM2WkpssaIU3Ws6YksQHGP7iu5gXLIRB7/DqoY5kl2kS7vlyBVfv+G03nVO1981LVMbAWmNrstr0sOpOtGUYcxlCdGRDVOJIuUTfbRuvvuLy8NgVjL3eFHgkMi/r61iNh0e4C5rkbQVzlmwBqobDfizKJ49d4uBPbynDFYsDJwDK+W/BVtDkK4iEYYvfSbpaoKuNpBeibgZ7YOLUR7onxTCI/V5NczTjS1dezFNaF+l+XNLj6EjVWSdhd/ScRdniU0Q1lJU5hsOYPDiwHUPU9WMmaQeo9VezWYYJ2RroALnnw22XdRzfwNHICyGvUkzNqQnvDyUwZU6J2qMy8JnB6ViLWXE0VhsNZSQXFOLrKBMX+YwRm3n8jkeLN7sOnP8ejHYGxcXdKk0NLSdyNChTf9AzVvBGI2k9ky8bZPC5iB9zm2EkFvgtGgrRDpR7OpYJ4u71Xho96chGQ7B9MhnIDdKW2NYFE3ROdDQzfK2yrq18BjPxCaHXTk34JV8bf5LNellr2A80aA3TVmvYC/k2nHied4vW5RK+ngR0ev8b35+wl0HxJ1DnlYl4lSlDzzJwkS7ZlPWL4N2/205Ju8sjN7anp5KDb1jzGB3PTawDXbthiG8xLf2Dyf4ssbe1I,iv:8yl4F9+g+SfjvHVJKCTFXS9JU0Kzy7TqIX3HtQQt/n0=,tag:4r6A1K0zHSycglcZYGnkWw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbVdnVDQzbFAvWTNkNVdX
-            T1JIcXlkVEdiV3FiVlowWFllc2ZmTHZQbmpjCis1bmU1cC9TUGJSWHB2MGtER3h6
-            SVAvTE5ORElPV3ByUHBmL3ZiN2xMemsKLS0tIEpmSmZ1cE8zZXZhd3Z6Wm94c0M0
-            NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
-            20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-19T09:45:38Z"
-    mac: ENC[AES256_GCM,data:b4KtXV64oYJu1VO63NQFJ16O9q509YThkJZXTbqnhgLlxmoZ3HEwQRYnsg3MgBOxj3Im9RhIj341f8p3JFnz/WM56ii9gJHPP+uaYJit4Pln6qqwa69rd+OLVUShz0NESNFCHuTYzPyREZOz5Y2N+QPIbhSE8L+2uleIsB9Lv78=,iv:qSs2R569Vp4BPuYpGedDxo19Ua4bhHzP1fFUdMtlvkk=,tag:BlWL5Dyh+AqDYDZHNglyHA==,type:str]
-    pgp:
-        - created_at: "2023-04-12T15:47:07Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            wcFMAzUXo8ZPJwGLARAAl3zDxzwqZFW6P9/ZtKPqby5wiXYXro/LQd1UivAuTTLD
-            FFMCZNufGTGsEgatYCiljgFao7grpZxnPPMhX7q9fbVxM+DKT2D0Zs3zeAHlwXAi
-            VxZh34AOKXMQR1s7Xo2KbiT1zikQqvSp/EHbNQOG+Ivi1rMCw5/woobNmfEidmp2
-            TRlM5EK3hxYmcfXqOQFPo5/E+B87qsfD2BdK/2+TMp6eCvHnESeSPXfB/3Fwqv13
-            t8HI6RRm3Iz71aFW/AQxVYaPm+NiFLYFZqWDCeYjXw/90DcsJ2MkRHSn3sc2pCAL
-            7uip2qvEopUTNoMTmFiLo71/uuof0PBZH9IDmmIGzxH79eri11uoTm4CtN90Up+d
-            pcijNgbtwQXkxZmmhvitJG3rcncMkvMUZk6tOI0WmBkfxSWtVZcrieTdeBixnDOH
-            MRTzpVejz/5bMRybjvWtEj/z7GpYnfWX8auCdqCTz6C6RK3XEBz4/o1z17VA3Rjc
-            Ixs8otpEzKXUBsUY7MSgokr6+YveBmOnCto7r447elKLmlBDL0NB5yKbQZJjaniG
-            4BSxhGNxB3wJgMv01XOVBkciJ05qIGIZhprA+oyBS5jBzRJyYfOoiDtxp9S8rCar
-            OmF9RqdaiXfBNY+VGz+1kIzuU+5UT8wOSOKIzXMtqD0/QEmXTySg9JAiCF+U483S
-            UQHXKfb1LnOhV430IRANtlpaPSwoNR4/UVynaQvg+OIQmLDqNKRVd30ZgMp5hujq
-            w/osV7AXq987ayqexjfIKyqiNZJBuPB5XaMwenHaSD04kQ==
-            =CmnW
-            -----END PGP MESSAGE-----
-          fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
diff --git a/secrets/falkenstein/borg/key.age b/secrets/falkenstein/borg/key.age
new file mode 100644
index 0000000000000000000000000000000000000000..dc9f514b5bd7d81d21b047ced18a4da657f40cc8
GIT binary patch
literal 1243
zcmV<11SI=mXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9Lbys3RNKqhZ
zL`6hJLn}-~c6c#CLUv?EZf!L)F>O^=H#t{PH$zryL^5YJD_LfDRz(VWaZ@!pcvEdx
zOj9^WMOH^-bu?pRML1JVI7o9wb6HepD`Is`Y)vb0c54bPJ|J^*Xf0)AGBq_ZIUsXv
za#Cq$AaG7{YiCwMax_m)QbSWxR7X%oL2O}acQ;IPN<lDkOL%H$I94%oZZmF83NdD8
zGfzTPY<XrvI7&e;SW+}*V>onJc5Hc7O-pPudSx|lPjhiqM_E)b3N1b$B5rh5L_B#d
zXL4m>b7de>PexEoWFTKOHaIH^c5HZhGD&MoQ*$+UOlwGMbWL?MGkQr$HEddJc6wTE
zXDe+mRaH+kXKY0^I7e@3Gh<YBFk&|=M|WaKVQO}93Pe*yQF={!ZcR}NEiEk|a&lRC
zX>?^_bxdY$Lu6(%X;W}-cU5&$Z9+|HZdhk9Z&Nf@Z8J7=WKDAl(tfmpc*SJjXx1};
zcYE9@w9tJ?te?b)a0@@SD~D#eRgy|}Q&-qs)06QINixtCT!rc5XO_;nR(7bX{|75L
zSv!|<T_UPP-NJt9bKlGvA5<0Uc2m{6Y#t+s$vI%t(=P;B;obL!SN|)q!b^$9T3|YE
zQCFCsh(7NsvlN-Bs;E@+5bGCOnL>xK6p6)LIie8$bIoeZL3+TRh97!ij>JA9F9cHB
zDVbLq(;YYJdzGvdx9TmvSZKf6N+W4U_Y}ceMH%z87MPrk#7EShPWa;FMuPWv1AJUS
z+mt?o1?~V!%_qZdm9Csz7`->x&SZxXw<2N`SJGKGoi(h(Xz=<0YCN)bACCd6t6vxj
zSH$7cQHi~Z?cVpse-MQ_4`U-Dq(xU93wsUBNPZXyYvE9Hewi77zoPm1eBT_Iba`7>
z#fOFOkgw^BbZ{Qv?&{a)({q-alpsCT8{eASc9Ts{r`#ylAX3-x)48PH<L@iP1GaUz
z9_&?1Ll!lWZepwG3)(#payc;0b+52O#-p1eHq;Z!fFipqIL+<r^Nz~=g;XtHtS^2+
zsLVcSX9W&xgu3!b;06bmR*R40G?wxL*bofkRuB|REb~6n{iT*7u?NZB0$Wg+kgQhG
zHa19-Xx&4Sb`0xLlk?oCU;x`o9#0l45|Ty<a7iLD{=$93?p@cO^-fQ;V>zSlt!Sm*
z(<WU>FTg`XD}(yQJ{Ve1O%he^GV9)Q^W{J}C6wxzAyj9Rm<e-dUa9oUTf!LtjmqLI
zvCuhA6jM>E_Fd^1;x~U{B6)sQeeK>*41+1;C8+Yn6F`?ck&!golPFe3gGW*rro5CZ
z;>dPun*!6>TF}??FYI?aFn@SXS~&>3Yo{VoToYw7=hb%-ZMM`5L{Y3g9Mp8R!!<~=
zhtw3KUp%-fx7R(I?yk1r7N`(^itMEM*#|xpCE7a^kLCi;SzixS{1M_5eJc#&DdxT=
z>y8`428Nv5z(~jg@4aaoZ-H*qQ1end%+*lL9^5_kqTenmYhc4LeI$$2L*u_Y-@?UY
z{=`=W@QrL3+^5RmRdpt_VPfd}S?W-`w7J5))2Qa?*@Be>Egtt9djNxjb@;sp5}6$p
F^b%(8BJcnJ

literal 0
HcmV?d00001

diff --git a/secrets/falkenstein/borg/passphrase.age b/secrets/falkenstein/borg/passphrase.age
new file mode 100644
index 0000000000000000000000000000000000000000..04ed83140d6ca1e014fdc086bc1001a5894c05ab
GIT binary patch
literal 504
zcmZ9_xvSG~003aYExb(-;VluNONhDJq(KpW&DkbRleS6P4Dxa{&1;)9S95?MIJ&q9
zy1MumI5`TA;wmaGPC6;hqOPvr^0`rnhKZlI$1+Zn+i4zQCjvt6!9}q}!+;zN2o|nv
z56A`_NeVgEMYA!GP@&4r{BX!Hj*##+)iqmP@$;&5aim-kYp7cwU^O(16tiVX74rg*
z<%%<tW$L&2GM8BsP;}eM&Z7VSR_yb69Kp!E11^#Q9rMSkGuW6&7O^~XVh)=jC(^0{
z*qES{Q4rS<wbU4E67t4UCu&Pm>$b4lh!QuK{v;TBMP!TedRkN&zy7xw7uo#*8s(u|
zgs@=Z`PPGb(fC$xc2Plc9c~)Sipc{vvtpT`<i;Ne6`rVUtM9s*!LYnWOgtbQ$fLHU
zwng6%7(6xBN1J5%93mBAPB-Jfn$#U;Ej%sT*_b|#SEdkXNtbS?t{6H)jN1v^iI-Ni
zL?4@dyex+hilVRxypu~Z_9D%gwv`OF46DEmL>t(kJ353j1(zqs*V3pDX%CpM!uLDR
znh!UxzIl4~?Z&IoBkA*%v;9xE9{r+UJ9i%v@87++{@Ya^zrFV4Q_p(&@j3S8$N3+A
CV5y)0

literal 0
HcmV?d00001

diff --git a/secrets/falkenstein/pfersel.age b/secrets/falkenstein/pfersel.age
new file mode 100644
index 0000000000000000000000000000000000000000..3240fc26213ba0eef1b710fbef3133e675bb508d
GIT binary patch
literal 467
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4Nr3P2vkT($}@|!
z$c!qAO!o2!uMGAx$@TCm%ht{e_DeHzaw&ID@yQL%3N)*%@Z|C|aLVwjDoo0Wa&)#V
z*AMecGOA28u<(ow4>8Yht_Y0C3Uw|v@pj6KG(oqmIHxEmGhHFGI3mQ{F(R+Xw<IH|
zqO2^aGC#lE(%o4*HBvh=)G?>TJF+yp$}6ngIhiZWHPSM~#634T+qpC-->*C>(K$IK
z#oQv-$<WKm%PXTK(5WcMDaatrI1*%Afo^(HYGQG!f`NijS#@n#zCuR0ih^mHr7@Rw
zl(TtiKw+e-zG+TbsArl}abk*(g;{=HuuoBeS9!6ibEZp_MNVppS2mZfuC791L6N(A
zL3vTAWu`@%S72JAyIFRczDd4eR)v94ag~0ho4#AHuWx~iWgyob{?6))E!TH^cJli?
zwPk7I$+-!W+vn+YO%{5XvQmWk+TsJjB2&3%nEUQOE5pgbd{et<&m)%>xzw5|6Mx_J
wo^vhw9EU@!wqvZ^jc4|^?wot<I(fId-d=C1E0TG&y?gr^N~#V%+*iR50N8S;z5oCK

literal 0
HcmV?d00001

diff --git a/secrets/falkenstein/purge.age b/secrets/falkenstein/purge.age
new file mode 100644
index 0000000..79d5035
--- /dev/null
+++ b/secrets/falkenstein/purge.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 uWbAHQ /f7KCfInXMZTdiOfqdjhUNESlLE8E5I33tQXWZEW1UU
+WFOxiMW2ejkS8+Xd+7AgtrNQ2OwT1eADcJ/ksXxWNaI
+-> ssh-ed25519 slrRig yYjvDl6lr2JtQRC3AvwSg0j9iBdl64i1V5vdD7bAhQ0
+vUbfUbVV8iVAsWzyzbXNOhgiZVM716i1T3o+CnHY7MM
+-> d7x4-grease AKG{#;x! s^5 bs-I$3<
+HBnmeOkncFXRxxgxsIRiov0wTfmpEN4xJjPL7YwGtu9EQ8g2uPtMpX9g63KqdQ
+--- SJNRQFMTquAWvFtmQYivrb79m0pLapCzIdcKCGkoQzg
+Ò1ÚiÙÿ4Ý>Ïc&…nk_½®TÅÖ]°§d³™U ì‘z¾Zÿ>€T¯æŽ}3ŒÝ—’ñ®%.>‚_Û“ZŒ½À\™ßcw˜öúí‚‚jù(í{+ŒI…MtîâIç"“
\ No newline at end of file
diff --git a/secrets/falkenstein/wireguard/dorm/preshared.age b/secrets/falkenstein/wireguard/dorm/preshared.age
new file mode 100644
index 0000000000000000000000000000000000000000..505f09f591a3ad15f3e04d79ef67aad42456006b
GIT binary patch
literal 424
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4Nr3P2vjf*Hz_jB
zv<S=1&n>MgEOXY6axN%Kta2<!cXP^diPH8+&2;zGHqO`2HsEs1DsXcwEv>4^NOY<!
zbq-6_5A{om$Sx=ek1(n9OEfkP%yM)qNb--$jYPMtIHxEmGhHFQxGcjW(mOrCur%2%
z)G^J;%(dJx&(Ghl($F!ZDl)3Xqaf4U$s(!BrI@S2FwvvTw5TAbq%<!r$iK?0!qeTX
zFf%OEz}TWB#l6@+Grh7@+s)S?#1mv&VzGy#OLetwdQoa(ajHT^C0C+TKyZ3ss7YdF
zQLbyIwy&vIR&HW?X-Q5|X_R-WfqRvuE0?aWu0nA|j=PUpS(Sx(g{5m!aF|(CdWm^i
zq@zJ@Zf;1jPk^gSYHoQ&rJreTGM8qi!SPzNAcoURmI*CT5!`xjcJ_*c=@+aPc<hwF
z^CbK1AN_-7o6ic)y0-pSx9s<t$h1>EFXqh-dwcs{|GQODN^@4k>;03wk*#Om8`{1P
E0MH+tBLDyZ

literal 0
HcmV?d00001

diff --git a/secrets/falkenstein/wireguard/dorm/private.age b/secrets/falkenstein/wireguard/dorm/private.age
new file mode 100644
index 0000000..b0e0df6
--- /dev/null
+++ b/secrets/falkenstein/wireguard/dorm/private.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 uWbAHQ A/s5+yPiVZuHo/Xv12T32m/besBeYxvmpv3xm02DhzA
+98fj+vaNvWrldQQlDCnggwopkYp3Bkk02/cQ7UzKSfw
+-> ssh-ed25519 slrRig BGDI83NERkziioPPySGZXXLK1mErLfXhHbgABhq5KTg
+/ofrSvbO3FGaq5O4OlKwbzz6M8J/auJ5xlRtYLSf6AE
+-> a.%y-grease =mU^
+8B7GCear7tUUXTjo4quSeeDnD/8rkr3/39p9RZ6qnH+rWmQAZE+d/9NZ9BheuCD4
+BOmsbsc2DEHf1mVi/QMF285c/5WujllNnQ
+--- 2cThrg9xymCyM+uA69iNtGGIJoMBj+/Oc2ZjXqX6QQQ
+Ï¯T	H÷_R'¥ñ“<»ÃZà±H4XÈŠssInáWfQeâ£MþÕ¿¸¸ÐÃìŸHèZS°“	ØÔÙÅ¦FÒó"S¸ KqDÇ¿š†…
\ No newline at end of file