configure staging.diday.org

See:
fe647da3bf

.sops.yaml

@@ -1,165 +1,123 @@
 keys:
-  - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
-  - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
   - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
   - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
-  - &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+  - &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912
   - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
   - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
   - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-  - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
   - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
   - &admin_gpg_dante 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
+  - &admin_age_lilly age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
   - &host_age_git age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
   - &host_age_forgejo_actions_runner age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t
   - &host_age_matrix age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk
-  - &host_age_netbox age13fqs76z2vl5l84dvmmlqjj5xkfsfe85xls8uueul7re9j3ksjs0sw2xc9e
   - &host_age_public_web_static age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0
-  - &host_age_mjolnir age1ej52kwuj8xraxdq685eejj4dmxpfmpgt4d8jka98rtpal6xcueqq9a6wae
+  - &host_age_yate age1kxzl00cfa5v926cvtcp0l3fncwh6fgmk8jvpf4swkl4vh3hv9e5qyqsrnt
   - &host_age_woodpecker age1klxtcr23hers0lh4f5zdd53tyrtg0jud35rhydstyjq9fjymf9hsn2a8ch
   - &host_age_penpot age10ku5rphtsf2lcxg78za7f2dad5cx5x9urgkce0d7tyqwq2enva9sqf7g8r
 creation_rules:
   - path_regex: config/hosts/git/.*
     key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
         age:
+          - *admin_age_lilly
           - *host_age_git
   - path_regex: config/hosts/forgejo-actions-runner/.*
     key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
         age:
+          - *admin_age_lilly
           - *host_age_forgejo_actions_runner
   - path_regex: config/hosts/matrix/.*
     key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
         age:
+          - *admin_age_lilly
           - *host_age_matrix
-  - path_regex: config/hosts/netbox/.*
-    key_groups:
-      - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
-          - *admin_gpg_jtbx
-          - *admin_gpg_yuri
-          - *admin_gpg_june
-          - *admin_gpg_haegar
-          - *admin_gpg_dario
-          - *admin_gpg_echtnurich
-          - *admin_gpg_max
-          - *admin_gpg_c6ristian
-          - *admin_gpg_dante
-        age:
-          - *host_age_netbox
   - path_regex: config/hosts/public-web-static/.*
     key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
         age:
+          - *admin_age_lilly
           - *host_age_public_web_static
-  - path_regex: config/hosts/mjolnir/.*
-    key_groups:
-      - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
-          - *admin_gpg_jtbx
-          - *admin_gpg_yuri
-          - *admin_gpg_june
-          - *admin_gpg_haegar
-          - *admin_gpg_dario
-          - *admin_gpg_echtnurich
-          - *admin_gpg_max
-          - *admin_gpg_c6ristian
-          - *admin_gpg_dante
-        age:
-          - *host_age_mjolnir
   - path_regex: config/hosts/woodpecker/.*
     key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
         age:
+          - *admin_age_lilly
           - *host_age_woodpecker
   - path_regex: config/hosts/penpot/.*
     key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
         age:
+          - *admin_age_lilly
           - *host_age_penpot
+  - path_regex: config/hosts/yate/.*
+    key_groups:
+      - pgp:
+          - *admin_gpg_jtbx
+          - *admin_gpg_yuri
+          - *admin_gpg_june
+          - *admin_gpg_haegar
+          - *admin_gpg_dario
+          - *admin_gpg_echtnurich
+          - *admin_gpg_c6ristian
+        age:
+          - *admin_age_lilly
+          - *host_age_yate
   - key_groups:
       - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
           - *admin_gpg_jtbx
           - *admin_gpg_yuri
           - *admin_gpg_june
           - *admin_gpg_haegar
           - *admin_gpg_dario
           - *admin_gpg_echtnurich
-          - *admin_gpg_max
           - *admin_gpg_c6ristian
-          - *admin_gpg_dante
+      - age:
+          - *admin_age_lilly
 stores:
   yaml:
     indent: 2

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) CCCHH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -73,3 +73,8 @@ Build a new NixOS Proxmox VE Template for the chaosknoten:
 ```shell
 nix build .#proxmox-chaosknoten-nixos-template
 ```
+
+## License
+
+This CCCHH nix-infra repository is licensed under the [MIT License](./LICENSE).  
+[`librespot_PR1528_conflicts_resolved.patch`](patches/librespot_PR1528_conflicts_resolved.patch) is a modified version of [librespot PR 1528](https://github.com/librespot-org/librespot/pull/1528) and is licensed under the [MIT license](https://github.com/librespot-org/librespot/blob/dev/LICENSE).

config/common/ssh.nix

@@ -20,6 +20,7 @@
         "ecdh-sha2-nistp384"
         "ecdh-sha2-nistp256"
         "diffie-hellman-group-exchange-sha256"
+        "mlkem768x25519-sha256"
       ];
       # Macs seem reasonable as the default of NixOS 23.05 is a subset of the Mozilla Modern guideline as of 2023-09-09.
       # Ciphers seem reasonable as the default of NixOS 23.05 matches the Mozilla Modern guideline as of 2023-09-09.

config/common/users.nix

@@ -6,14 +6,9 @@
 # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
 # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
 
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, authorizedKeysRepo, ... }:
 
 let
-  authorizedKeysRepo = pkgs.fetchgit {
-    url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
-    rev = "686a6af22f6696f0c0595c56f463c078550049fc";
-    hash = "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=";
-  };
   authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
 in
 {

config/hosts/audio-hauptraum-kueche/networking.nix

@@ -5,13 +5,13 @@
     interfaces.net0 = {
       ipv4.addresses = [
         {
-          address = "10.31.210.10";
+          address = "172.31.200.14";
           prefixLength = 23;
         }
       ];
     };
-    defaultGateway = "10.31.210.1";
-    nameservers = [ "10.31.210.1" ];
+    defaultGateway = "172.31.200.1";
+    nameservers = [ "172.31.200.1" ];
   };
 
   systemd.network.links."10-net0" = {

config/hosts/audio-hauptraum-tafel/networking.nix

@@ -5,13 +5,13 @@
     interfaces.net0 = {
       ipv4.addresses = [
         {
-          address = "10.31.210.13";
+          address = "172.31.200.15";
           prefixLength = 23;
         }
       ];
     };
-    defaultGateway = "10.31.210.1";
-    nameservers = [ "10.31.210.1" ];
+    defaultGateway = "172.31.200.1";
+    nameservers = [ "172.31.200.1" ];
   };
 
   systemd.network.links."10-net0" = {

config/hosts/eh22-wiki/configuration.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  networking.hostName = "eh22-wiki";
-
-  system.stateVersion = "23.11";
-}

config/hosts/eh22-wiki/default.nix

@@ -1,9 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./dokuwiki.nix
-    ./networking.nix
-  ];
-}

config/hosts/eh22-wiki/dokuwiki.nix

@@ -1,165 +0,0 @@
-# Sources for this configuration:
-# - https://www.dokuwiki.org/dokuwiki
-# - https://www.dokuwiki.org/install
-# - https://www.dokuwiki.org/requirements
-# - https://www.dokuwiki.org/install:php
-# - https://www.dokuwiki.org/security
-# - https://www.dokuwiki.org/config:xsendfile
-# - https://www.dokuwiki.org/install:nginx
-# - https://www.dokuwiki.org/faq:uploadsize
-# - https://nixos.wiki/wiki/Phpfpm
-# - https://wiki.archlinux.org/title/Nginx#FastCGI
-# - https://github.com/NixOS/nixpkgs/blob/84c0cb1471eee15e77ed97e7ae1e8cdae8835c61/nixos/modules/services/web-apps/dokuwiki.nix
-# - https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/commit/81c8bfe16b311d5bf4635947fa02dfb65aea7f91/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
-# - https://www.php.net/manual/en/install.fpm.php
-# - https://www.php.net/manual/en/install.fpm.configuration.php
-
-{ config, pkgs, ... }:
-
-let
-  # This is also used for user and group names.
-  app = "dokuwiki";
-  domain = "eh22.easterhegg.eu";
-  dataDir = "/srv/www/${domain}";
-in {
-  systemd.tmpfiles.rules = [
-    "d ${dataDir} 0755 ${app} ${app}"
-  ];
-
-  services.phpfpm.pools."${app}" = {
-    user = "${app}";
-    group = "${app}";
-    phpOptions = ''
-      short_open_tag = Off
-      open_basedir =
-      output_buffering = Off
-      output_handler =
-      zlib.output_compression = Off
-      implicit_flush = Off
-      allow_call_time_pass_reference = Off
-      max_execution_time = 30
-      max_input_time = 60
-      max_input_vars = 10000
-      memory_limit = 128M
-      error_reporting = E_ALL & ~E_NOTICE
-      display_errors = Off
-      display_startup_errors = Off
-      log_errors = On
-      ; error_log should be handled by NixOS.
-      variables_order = "EGPCS"
-      register_argc_argv = Off
-      file_uploads = On
-      upload_max_filesize = 20M
-      post_max_size = 20M
-      session.use_cookies = 1
-      ; Checked the default NixOS PHP extensions and the only one missing from
-      ; DokuWikis list of PHP extensions was bz2, so add that.
-      ; Checked with NixOS 23.11 on 2024-05-02.
-      extension = ${pkgs.phpExtensions.bz2}/lib/php/extensions/bz2.so
-    '';
-    settings = {
-      "listen.owner" = "${config.services.nginx.user}";
-      "listen.group" = "${config.services.nginx.group}";
-      "pm" = "dynamic";
-      "pm.max_children" = 32;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 2;
-      "pm.max_spare_servers" = 4;
-      "pm.max_requests" = 500;
-    };
-  };
-
-  services.nginx = {
-    enable = true;
-
-    virtualHosts."acme-${domain}" = {
-      default = true;
-      enableACME = true;
-      serverName = "${domain}";
-      
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 31820;
-        }
-      ];
-    };
-
-    virtualHosts."${domain}" = {
-      default = true;
-      forceSSL = true;
-      useACMEHost = "${domain}";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      root = "${dataDir}";
-
-      locations = {
-        "~ /(conf|bin|inc|vendor)/" = {
-          extraConfig = "deny all;";
-        };
-
-        "~ /install.php" = {
-          extraConfig = "deny all;";
-        };
-
-        "~ ^/data/" = {
-          extraConfig = "internal;";
-        };
-
-        "~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
-          extraConfig = "expires 31d;";
-        };
-
-        "/" = {
-          index = "doku.php";
-          extraConfig = "try_files $uri $uri/ @dokuwiki;";
-        };
-
-        "@dokuwiki" = {
-          extraConfig = ''
-            # Rewrites "doku.php/" out of the URLs if the userwrite setting is
-            # set to .htaccess in the DokuWiki config page.
-            rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
-            rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
-            rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
-            rewrite ^/(.*) /doku.php?id=$1&$args last;
-          '';
-        };
-
-        "~ \\.php$" = {
-          extraConfig = ''
-            try_files $uri $uri/ /doku.php;
-            include ${config.services.nginx.package}/conf/fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param REDIRECT_STATUS 200;
-            fastcgi_pass unix:${config.services.phpfpm.pools."${app}".socket};
-          '';
-        };
-      };
-
-      extraConfig = ''
-        # Set maximum file upload size to 20MB (same as upload_max_filesize and
-        # post_max_size in the phpOptions).
-        client_max_body_size 20M;
-        client_body_buffer_size 128k;
-      '';
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
-  networking.firewall.allowedUDPPorts = [ 8443 ];
-
-  users.users."${app}" = {
-    isSystemUser = true;
-    group = "${app}";
-  };
-  users.groups."${app}" = { };
-}

config/hosts/eh22-wiki/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.159";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:37:F0:AB";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/esphome/networking.nix

@@ -11,14 +11,14 @@
       ];
       ipv6.addresses = [
         {
-          address = "2a07:c480:0:1d0::66";
+          address = "2a07:c481:1:d0::66";
           prefixLength = 64;
         }
       ];
     };
     defaultGateway = "10.31.208.1";
-    defaultGateway6 = "2a07:c480:0:1d0::1";
-    nameservers = [ "10.31.208.1" "2a07:c480:0:1d0::1" ];
+    defaultGateway6 = "2a07:c481:1:d0::1";
+    nameservers = [ "10.31.208.1" "2a07:c481:1:d0::1" ];
     search = [ "z9.ccchh.net" ];
   };
 

config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix

@@ -7,13 +7,41 @@
 
 {
   services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
+    package = pkgs.forgejo-runner;
     instances.ccchh-forgejo-global-docker = {
       enable = true;
       name = "Global Docker Forgejo Actions Runner";
       url = "https://git.hamburg.ccc.de/";
       tokenFile = "/run/secrets/forgejo_actions_runner_registration_token";
       labels = [ "docker:docker://node:current-bookworm" ];
+      settings = {
+        cache = {
+          proxy_port = 45540;
+        };
+        runner = {
+          capacity = 4;
+        };
+      };
+    };
+
+    instances.ccchh-codeberg-org-diday = {
+      enable = true;
+      name = "ccchh runner for codeberg.org/di-day";
+      url = "https://codeberg.org/";
+      tokenFile = "/run/secrets/codeberg_org_diday_runner_registration_token";
+      labels = [
+        "docker:docker://node:current-bookworm"
+        "debian-latest:docker://node:current-bookworm"
+        "alpine-latest:docker://node:current-alpine"
+      ];
+      settings = {
+        cache = {
+          proxy_port = 45541;
+        };
+        runner = {
+          capacity = 4;
+        };
+      };
     };
   };
 
@@ -23,4 +51,10 @@
     group = "root";
     restartUnits = [ "gitea-runner-ccchh\\x2dforgejo\\x2dglobal\\x2ddocker.service" ];
   };
+  sops.secrets."codeberg_org_diday_runner_registration_token" = {
+    mode = "0440";
+    owner = "root";
+    group = "root";
+    restartUnits = [ "gitea-runner-ccchh\\x2dcodeberg\\x2dorg\\x2ddiday.service" ];
+  };
 }

config/hosts/forgejo-actions-runner/networking.nix

@@ -1,6 +1,8 @@
-{ ... }:
-
-{
+{ lib, config, ... }:
+let
+  runnerInstances = lib.attrValues config.services.gitea-actions-runner.instances;
+  runnerCachePorts = lib.map (i: i.settings.cache.proxy_port) runnerInstances;
+in {
   networking = {
     interfaces.net0 = {
       ipv4.addresses = [
@@ -19,4 +21,7 @@
     matchConfig.MACAddress = "1E:E0:4E:D0:DA:BE";
     linkConfig.Name = "net0";
   };
+
+  # open ports for runner cache proxy so that we can use the cache action
+  networking.firewall.allowedTCPPorts = runnerCachePorts;
 }

config/hosts/forgejo-actions-runner/secrets.yaml

@@ -1,233 +1,149 @@
 forgejo_actions_runner_registration_token: ENC[AES256_GCM,data:gAR2ffrffeuuaOwO6mWcif2e6csKIVoLqrux19iBlrTkFHgo/IlHVL0eSUGqnw==,iv:i12yx/quwT9kj6fPECszo/iG9cVhKX+7dAA6/N09URc=,tag:eO+mWhumgvWzQxYqiRUXbA==,type:str]
+codeberg_org_diday_runner_registration_token: ENC[AES256_GCM,data:thTsLo/eXVPbXt4b8ldae+kGnOR4GbYKOqr1hVJgaL7wZ5GgqWSPcOuhow96Jw==,iv:Fzi+DsKj+4PrwQGEosUntm9l7s78NwzhkmF6e/sfF+s=,tag:oa7mnbGR0J5xi9ruCgRJtQ==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZEFkeThaUkhoVlVXV1V0
-            eXBja2hueWJzZm5RNVdaNTdKNGp6OC9mVmt3Cit6S2tBQjNGb0N0RkdDdWtpR1Vv
-            REd5WjJrTnJYR0lGRkFGU2RXTjZkdncKLS0tIHJoV3I0YTNkcHdZQWZySVNyVm4y
-            TGR6Sm9uZ0ZQeEFNK1lJRE82eUluclUKL4mGDJkQ3mQu+7Xc2KflVqLUjbr/5a16
-            VlYUplTqUCYXtkzq/3RKZV/pM4RVYBDHvuSzVr4hXBSxW5j93dhezA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-26T00:29:52Z"
-    mac: ENC[AES256_GCM,data:c0261ungapxYViyviTpNsSJZs6OMQ8fyHNqBpvTBp9jEEbbvJBSbqJtwJvVDg8Kv3xrZjC0jZSQOWkvYJlb2PFuW2/GXy5YpLCo7k3ZhXhUbotsDFPe30bvfVxZWhMpaS2rEXlxCqHeVmqoslL34jpLuFx04FmoBh91yjDMoiTw=,iv:njo4Bu4FzAbU6t7CSbqw7hcJ960oqsIKuV/qUGF8c1I=,tag:dzFxW8vyZsDFkd/ARkt5jw==,type:str]
-    pgp:
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZEpMZkt6OU5nMEtYcHc0
+        OGdsVDZBcE5nK2ZLbDhaWEVMM2lJcllLVnlzCmNUTXpaVHBLMjlILzJwdDFLMVky
+        ZXdEVmE3aTFMZDJnQ2tqWGRMb1NnZUkKLS0tIDhGWGpoYWNtL24wRnVRejQ5ZkVN
+        YjZFMTh3OTNkOUE0SmZTQXpKSmdGWlEK+Xb6blAdiWoKvffLEQagu5tFpWALJaXm
+        F65M+RNNkJ/YsSJGAWFJepw3ncCMFbmQgGXw5XnyqTlYFhrQ8x5qJg==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQblJIdFAwOFRqbWEvQzVF
+        ODVpQ04xTVpxTERGU3BOMjV4KytBU21neEYwCmoraHhlNjhDelAzR0VxcVNlekhT
+        QkI5ckd1dVFjMHBoTVFTQjlzbTdnTzgKLS0tIGlTY1p0bWxrQWoyM0RwSmx1aDhy
+        TklLZWM0cDBKaGJJM2tQQWRLZXhFYU0Ko7cyvzMvwlGCCP3UAX1+5uTI4srhZ5l9
+        DPaHySiC+rLy+8R9UqEuTKbP4/Aw4NZ/UcfjNnVkqqqNJIODmLoOhg==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2026-02-18T09:51:37Z"
+  mac: ENC[AES256_GCM,data:4fWsE3U6WxRqlKHKC4ipE+RQ7MPjiZZcTFMSblxty7JjJHAdKUHbthFB+R8gIWxZEjX5WG+IPgUP+AcCLSI9fdcXMqIFMuDun2hiktwqxzLPGYAoCXdTBAd1uCUagvB/rFty6y8umD4J5ITgEGba9pvGdUcng9WVRV+LGDftS1g=,iv:tD9tlcylQWapNCARxPXrKofZXf2BHTt2c4PQqFNj6X8=,tag:pQ8lOqJEFCcCcJot3BYTmQ==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxK/JaB2/SdtARAAoDySYGJ2Xf27El8y/UTYOUaM51stw95ZfnU7JtKfPNyM
-            Ct+xymnyxAwR2OJ7oDluxwEItdPufp/Mr96zkw+TfrqI5lowTiH4YGtDsbioiScN
-            qxiZgHN4qVZcRHwzgmLcDa6GSIg6rEcDcBygakprmoI4Qeqp3Bioii0/OMuLeleN
-            igauRUzroFLIlS0QCgI5PaUSIPtSMxgKiEc5yM91EBh6w93RaoQmG0k9TWpfLmgo
-            ZVB164SYCCW45vts6T7WQ8cE7Pxkkti+rrOrjaDfB4ape1u4gS6xKc4dFJ+nWcE8
-            5l6MXoDLRd69VWRN6P+G5YGQzB5QRicNnuwk6H2q7CwIqZyi7ZqaCIZfcpvuUzCJ
-            OGJQInCFFVSdLj/3WFyXk+wemmZPna5xFxFb6WVwfSU1ikM/umrZ5yBly+mvDGzs
-            l+8YGcsZ9D//qjVIsWbiRwhGgeA3eU6f7SwdZdX/zOFy8bP85xwDcbwdOSkhifAA
-            l3Ud3rswmAnzSYAw5wK9tcSxS+G4JeCPU1iKABifugLohgME09Z31ljvyqWPBRe/
-            Rct5zvcQV2yjMbToudXafvRUb9nU+uJuWUEUe8xFSrAC1ijA3mBYfIrGNvD2eVCY
-            MTYK1ugKA9X7Sgls3vQ0A7fLHeR6C3+zhl7SzGHUZC3bh5+oXTq6cuXD8DjCwV/U
-            ZgEJAhAkZc7MICSMkACItUHxyyEMbBYNpIJ6P7GQA6ErhLcV1VpKWo6abJVVES36
-            j97RpaD1tL3OyGPfiivMkk650MkPrgpMKR0hasl770B8jkjVPyDV9mSn+sc7N+tK
-            D7IbDW18mA==
-            =EhAw
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAz5uSgHG2iMJAQ/7BFboCbCEG1DY5Twf+1cRSAmXs8CSrnoJcmyxrF9daqTB
+        GAqItZcym6I7YbtYMb33jTZDAMFcexvJ+V7+WVBK/v/TISzinJ3m5BafE0DrgsB5
+        HQT8tsFzxIdu/KsUp0C5VQg6gsb2u2T7aFG0wTS4vas2FjcsoJRKNWTv7a1sNWYZ
+        dFRxeyklWEX14kCHeKIxO7+Qe3NVV+6MuwYR8X3YJaAyLtVMIdBp/poE+7Gcsa58
+        rOewheWW/FROTxLZIk3sren6z7M0ZrOz5res2evRDMI9noN3pYMnkNCL/XIvRf9U
+        GqFSruzDoC0a2JcEvSmthSmEHA6wXeOY/EuzXKLoW4luZDsSXshFgBxK0qqGvzbd
+        jIXXYvBWPCMYWRMSqQenLkjfhOQXuSXcywGfKpuQblUL8RiflIqia2o68Vbd9Hq4
+        x9Od+qkauMHZUzsKQoym9pkbrEWpjckg6FevZ1W4o5Qhe9i+JMmE2KIvoYH8tK9F
+        5KQ87jktx4i9df9TJy3n/xbbrWXpo76y5Aoa2LaiD9Nc6lo7sFs3Pegq4wKmYSIh
+        6uaZxa5sto/5kywHrJQGqEyh/fDdNmsh5FlDW7gfFEm9Ti2KSE3m9IvIwppFD4j0
+        xFkHiwHvNn/WMLciVh9qG8auGyxjoXnRRx61QHF31RIYprxWgDoyH/rVz95IuxzS
+        XgEIJk7MnHv9tYCy/lOjbgqLAUGO0+xuO+IfmsvtiD4nfrnaEJAh0+SW3wuCKzaF
+        tx1ZHCYH9j3s50Q624pUgtzDad5QV5IIEgCRyr0NvEvrXvG6U0aXkOEbOcFSZsk=
+        =v3FY
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA6EyPtWBEI+2ARAArCPbAnHJrNpP4B755wKuDEzwVMsqCR+gumSX/XcuQJMI
-            O3/34FJOI+++S/+z94y4O+A7XPsG4xr+UpDIGdGFAsOQBrbxyqD7c0BIToJgq6iG
-            22j7y6N6OZFo0g8hGkUVSMeAZXCkg/t70e2POeHeEwnlsNX3cRuFWC54KxfVwr4w
-            UjlQmjV26+r1uZd3DKj/+eMi5E63XTsgUhAlJqixpHt3PEKZ5UNtnCAbYXqF2FOF
-            qqNyB5X1M2ncee+RGzLqnXaQTSEdKmlEwteVlXWtsqBs4gICOz+6ehfA+gk6r+si
-            Hv5dW5W7OjHsZfRfLxaF05vBUqQ+M5FdYl0hBFZzco3zuNQ+c9om+c/3Fd+B0tZC
-            0pUs4JiNa/chjuSCiJ0ZJE8kh7xCmmjIrFqsvWi4ZiTk2GWPEeuPq91TC/azfQea
-            ZV/Ozh09wAMGnGYUY0OqH7BIGsV6mEFKy/oEpwvoPuI1sNLiMig3ZAMHcIdqYzta
-            S16/JVmVirTnOTCL7p0CZLtiQuQH158gn9F2T7WCfX/XA8ifVSAyjWnYL3+rJUr1
-            zuhndbJTXD+5K9RKVM+FXC+G5VRzmWKNN9riijtLFhPKuOqDwPDst81XGsO23gGn
-            QIFGGEfQ8vuC9lmF8jDPHZfgUWy3kMVaLW+ti7y5IWhWEJASYVXF2JknKeOw2zjS
-            XAE4hG6ck97ZiT9V5bKC/fk/Ep/GWPnQTMdISinbak9hZigPPQ3KCyf4WZoJ1+sE
-            r+rk9v7NO1N5rnVQokL+kO/sBCV/t9XrHuFDx16cZrSHpHubQUi9daxc6EQ1
-            =7d/s
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAw5vwmoEJHQ1AQ/9H+Kn4rF7yUsIdTp5rYhG6EkYkJ/jCeUBJvaOuA95b8HM
+        6csTXj+ttVcFvbU1hQVbOsd7J8Wpmuj/TqMrpFvu/0EYUW5n04y1YI8kpNXDMrFF
+        X/0gk+I+w2eF2X3gJQasVY39DNx56KSRJ0BwGYw287rdeKh8cbiFw64r0rs6zX5j
+        2nqrWgSqxXtWcjhC7Y4Rq8ysWv7dEF2E9Tt2cHYVjn5cs9Vb52PWUA0TxzBzUUqa
+        M1YWat3fwLah6qEs6/9c89LB66SbgH088lEzQHtRIXdOZ9tPOu7/E3iNqYExuIKB
+        eMV0bdW0/tZlnWxAwXrL4rptxjGDqB+Ynv36IeLKZ86ljqSPqaQA7ihCVXnMo2TW
+        IfdlbOtAJiE3IliQf8C1Ajyn32epePBAUyw8o0k2D6UyNyvk8fe0z9++H6Uz+Z7G
+        oLRrxzOHjh6oWK9WBwJQhZ9dnb1n1UYZfvCDwFZBTmUkhIs6UQllIiF5ZjMy4/cc
+        E3FEouu/6VPPjq9d8pGEFcjOvXkLtUErhXP+A8Xvl/fHmtfM0/o1e6gPnMmxGn4k
+        0yXvU+pNO/ID6fc6qMs0nBZRAKGraaeH+wTjpm1exUhhNB2yJviySnElJFyq9vtr
+        AfacrbuW//JQ+19rSKViV9xStRG//xfW7EpknOh3juB7WfnyOXqdfZqT2zQwrvjS
+        XgEoHXmbR7aiDvBCc4CGTmBhWD4An+p3m3m7iSOp27kBqJ3+YSKdVA7mdIo0tpTn
+        9p5Pgz6GHBA5eMwZCb/z3Y7+20PuuEb4/tEBAniw9/Rp0sDJ+9C+V1SdHtbYq8k=
+        =kkQW
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAz5uSgHG2iMJAQ//QF80EGvpode+J0kDjrrFKdSXREPhfCtFU+EpmE+f+aGO
-            mMPZ0SEuBX4g+5K8u0IdeWR2weqYqY0O9Ar2m18YlpniSWFBZqzmW+/yk7vmDzqr
-            l9pV/SdRomGrKyXk9JehkLm5vwUrj/xlPAU0DQEKIPLZ/MMRh7bIfL5Fdujc9cLD
-            nybCqSXccYy59SDqVku5Q6A9FTTzLL8uFf5D3mthp/FgWpxIEQIau8G16PZm0aSJ
-            cBu2eZ3XDjmgIQLG+TMrW77lp/2AhFe23RtK4y5aZjzGhzO+Ax3Cn7pZI9zTGW6X
-            iF/ePoR+AQeXMWfwIujGR5Zy4NvdNKSfniFrjgXpsWSMjCp8pKTOlhkknL3gE+HU
-            etQDmPPCYvaVUwITpmrEAswTNPw0xekXGUe1HgETfhWAGw8zAEYRlOqw3Jt9mMX2
-            QczfXc2sA5Z4TcylESIUcpTAFQVMVMB9bZM762tZu3bM9qg6qybNVJBk9UPpi0RW
-            ZFbXA6lkOnJLG5/m/Ie4UDoxXxtOOqkFzjV57GEBy/HtYuC15LeyOuAgDp0Ta57L
-            0f/ufET/T3z5qBE8GN2zSTO7gGnFAEQ+028ZB0vGVR9C0JdCwVBMlGglC6NiaKqP
-            xPDLPdBqrCczUQyIJ4f7JJaFCfndLszuchb7IzCy95I7nMmATREpP06uRbnuRU3S
-            XAHno1TtKtfy/+T536cmGhke9gNLZXBjSg+W9ndHPo7r115Ytap5nlQqhM84qOyE
-            bhKZlipM9hkhfeT/6X2NzYL48/hsxJ7nh2sbmJQ0d/2DtmXT2gRGkbYq/f9+
-            =tuO+
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hF4DerEtaFuTeewSAQdAdgME/v0CVfcRZ1zr9SRZksN7vDHDk63g+5k5a/FOvmow
+        0l/6kH1l7p4aOKaAGFbMHzDzljuACB1a4IOJypRA2DokYWRUgqBKwvcHplgXr4l0
+        0l4B2vxPl9W1kcbAg4m+V4PlvXTBGhPUglljtjWy80TisUL1zCXpl3PEvmrypZs7
+        NM47K09RsDiicwTKjxd0Oii2Evz8riLFIth8IWOKXPHoKhiYwN891g1qLSvsrDzE
+        =6B/b
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAw5vwmoEJHQ1AQ/+IK+UPsLOltPFjdvN21ICHY4De1c6qqMrrDAskqeDWZet
-            9eoal403d0fY6E03o1Acq3XlTzR4srWLp9qo+soAhruZ3+W5M/6zBaq/f2XF4fu2
-            U+bjVplM5U/pHTtGb05nHJ+UN7dgq2OJkURAe7aLSwLLScxTH9cggHAo6wpsaUTQ
-            Uujbo508P5/Vt0efbnyNbk54M/UMH0s93YmWSuxu4XvyUPaVFcjXkh61Tfc8vY+v
-            l5P1qDEjQrRjSE11/xzqAmZ5x58cMK1Q9yB+cy5Lw6K+rFT+5r1jdJem5NBsIRFP
-            eJjmTj/rzehujAciA1EOCF16ZsVIG6HFb3SLcNoRRL3DDgQIHgjHT38qbKrobjGr
-            Ww2Trekg17t2C48+qa/fGZO8dSz+/97gfAMMA2DdWHPlZxVCraucZMG0p9CkNxcO
-            kEtpD5hYJE456MqJQJoF2x2m+/SylJntfeKstKDhD5MZevTkNhD3MRE/8XPW/abE
-            byO8hxz7g76l2OKSjJdOUkYTDsjr23qKAuYq3/tENOMC+Z0eTKjQbzyLdSitQkM4
-            eOxRMm1qJZM7Y27kYLZcLadkewuBgmXqpDePcH6lHuLZp6S9o9LmrzvAsG79RjGs
-            wWiITzj4oG7ROT1Np9h9iCrfKiQ3fM/5/4zJvFvGm62DaeqNSwVT9NSLodrpj/XS
-            XAF3ozQWD5ib0d/yUKcwZZcbbJyn7HyaCn/95zxOMu+C4K0qhJLZeMyOYQOj2pfb
-            T7EnwyXB5vdL3JJlhVmnFCTMFv/RjhNOJX4qbDnV1sqTj5fFMgcbA067BLEQ
-            =TU7Q
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAxjNhCKPP69fARAAjz8RObyKYVAmNwiBsNVNGt0qSIexSYpsMR5SyuBMKShJ
+        NSD4yA6B7Tj+h/ik4VyggOT+9Qfr7zFvFyEHYFXI7k/r+Noyw4uscqr9gNnz0t9N
+        rx4/ZNowsW/3dL+Gab3hjDKObHF41Y1lzojNwcieU8qZmssHZMjIIzyAUePL210f
+        2i87hix9PkK6kKuisORDShnFifEOEPOcijXFL4kH9DilVoZ0Ut5fJoiA+QkQQpaa
+        uHd+Q7F6u9jZrzRLN1SJkb76ElxQAvJYcgTN2s3+c4002DkKVdwCW0qyPlF9wOxT
+        xTngl46NyZ1MH3ByW2xeOgaDYUcBt8qUF4gTMmIaDTIZ+K5XWGu3hmCzNZHD5Nxi
+        bhVKJ8jGENUhM/IfT8CjppRIg5wwU0K/EQE/QQHhIykpz9NaIjikDCxcraBa9DkA
+        rgjp74W9vgR3pBwXJIAsylOZZHy+35rca/JvWWxm2tdeao2WxTA9jdsNdsUOhNyz
+        3xQGGM63ZSUcV0ZgCyhEYeKBzCyRWpFX+GQHboZDp7IaYK68qYZgxnQtoSwl3lJR
+        Qc1IaADnncIDyGEIDTciLbjbDx7TId4wrpRWUPxVY2FVY+hV+oRNaoYMuT2jiDVw
+        PimQ5iVUhl/ThHWPLqok6d3ypROZtVS6EUFzd4ASUrYRYB5Twvoujr7Yg7jSZV/S
+        XgFcxQ31/i/Vi9owjwX7u0/eclU/3XE2/MqUCcoMntnq2dCN/IpF3rROit5Tzs+W
+        BT7i57cpGh9ZXf1dbNSyRwydp/C8tjnwDqf3RJ5hj4fmlK6zLJqtPFPdusOO4SU=
+        =z1tc
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA4HMJd/cQYrVAQ/8C0go1iw89B1ibjbrJTxnmYD6iep01wAwZjHNm9/cC3BV
-            yFRj/D7d84gO2YX2hZxnjlnFQYRsNez7HpsjZvUmp6FN9LpJNDp2NvukebtS5v86
-            hrcqODTdHNa+/ffHIhUoXVSjw5kwpQNT0JI6PR3EyV7kjCGkFAFMzHbaNRbdup5O
-            vC5cD6Ty+aihB/E0st7/KUw2PH7bMiJ+lAlx53Z4v7xZYSxS0vFXRDAJRYd6Bt2t
-            LvHO68aRMF7czDB0JoV8BOSohSvv+ZXBqe2zCZwl8kUZoW3n9eym8iF7yZ+itT2M
-            OdLTOg6SIhhtxcm7qFRHsOsBMjmT+MuzQVNGKDQ6Gga6NiiboyuURso64L7F0SbA
-            3MnHeYoTm39hUs50xqWXdFfi8G3d/SfYcxYghJJx+SwlTd1ZhdSDxQ1uJtUi7ccK
-            8pHwIVCdkOF1hvko3w0/B9kHmnlWKBUF1wN8QHTmlViCOo4vIpepowzN4fLlpTug
-            VtyW08lbdMWqq17OcTUK3O7Z6hDDUaIKV8vGvjxrJ7wJp3kok5cI7jXOYEPjxfSr
-            ZjJpcdrAuJTZjSIsFFopGXFbUkI8bqRpo75lDuK2fA6x38WQqedwNo6YTXvtMn0V
-            bhYLeEt5VeRSohGWNsdGvpjB6BtPhKoD6hK+aQAeOhhxyuF2cH4o0/lFZSkDo0/S
-            XAFiYzGNuu1nJulLjaAGGeoiom42N+MEmQvlIfG7AR/XgMSXs5d0JH/COJkL3V6W
-            zyhAGxTzEmDYmddbhelxXn38obOnsAJU92GXwLg+PXT7ZkFHrCfg9jEvgwmT
-            =98Lv
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA1Hthzn+T1OoAQ/+K1+QTZ8N3Ha0nErrRWClBu5Cxec5/eb2Q/n4dfNGkrxx
+        xBk0thoGAyoYpifSqhXbVi/MA8+tzHdtPlKJFCn5NETrnEdu84+sJQE4zfDljLiX
+        fXZZ/+YQ0P3VosR2NI3W1r/hJWs4oJ9oPz4FfMlfPK+/UOOdQEtGkx9rjYaus9Ax
+        VI6s5qvYM6XD5rkLxTqZZhEa+CjLtSjD5WqNbCT/8fX5ErnU06jW6jXvRNQSq1Mt
+        hpqMIBygUE39K2apEuphE9RRD3bS1M2VjCB882yVSM2QZyepilRBjS5ryyQhKK/9
+        Q0mdIw9mxhdgaCzoglN2k1c6WjddZ409osdnYcMtsH4+NlHDtNfSFLIk6JrxAXIQ
+        bNR8gtr4D85LoQki/RvEweUd4M40DneIO1dTK4/WG71Lcle3B6p0ynDMjmXq1coY
+        Qn0c4KAh1RIX/eEJGS23Wle/XZbp89yaFFEF667+HmwL0CY6I5pcVEn/iuXLoNHI
+        93y/9h7mhB8ZGICPbF7nXBfQQTrxjfc9vZq0PVdjlXPIMRjZcbZOzlKByYLsQIW0
+        UtzLScfFyKsogcUGJIlGrcQyAmLb3dr7i1elVWlanggCXdKnecBRbSkEfK7SmwiN
+        t8hRaaM06P3kRbTHWxt+4sjTQWofo+C76qsMZYHFpI0TTOP/jwnn/h3E9dQxdaHS
+        XgHzVEsJkQiQ51w7pPP1LcKkCxQv1KA9QC+LAFGhmWXnQ1m8E3whao2S07UjlTVw
+        XMAtuOVT2r09dYGgpcEaMiK2Hb9UNg/ma9o29fSm+2rLuxw3qSldgNNx/s8hyzc=
+        =0kev
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxjNhCKPP69fAQ/+M0Y24jgYhl4VEAT8ymoiCiNIsqGuk4yIXO6LrTIsNGlc
-            6YwkJu9Gj52AH8XKdvLuBGtWstjVoVrBOFyTtS2vzW01Eh+sFKfm3tF8CywjSMZ+
-            Xg/v+rtbj7s0EZ2JeE0DOk2X1zg26HsNd4X0HkIqTAm89gNVSTMWGGhDbTBSxtFx
-            ain5e14rUMM5qeIZg4IEMlY0mEbpGC7AqV1LKclN8pp2e0/6AS4fxamoMtPOhwld
-            /feF4/9AwZ04HIwF0ucbrDDkoZrW7YaYZPapxBTCMU0alkX4c+WTBMKTWICC1DkZ
-            lVF1zmLm2rhxebM0AaIw+eT2MymaecTcVrEHdhbtCGbfIL0sram2Qw0ZfeYDxIas
-            5W2z0a+qSQtlaCZfq/kc3UBQpRgv0Vrc0CBoZJhFmhfsH0F7uPE5rThqeT1w6TMd
-            bc6Y09Yorfyio+ZhbB8BJ5fzlolEo8opSZLm1K3YAik5Tw7toIvZqeXZoS6DfZhk
-            o7K/uUJTDKHuscxRLAfFKqBoZOBuf7d+ski5arMcjMqOYvmGKCn2pzs0TuO0ZaDG
-            gKbvSz2a6KyUSU822W0l2HSfM36HxxH7bDdJ12iqbBtWPcob+KcKrLowpbzzHpMT
-            o23ct/g5qpKpEvH+AkXQ9nOO9VKXx7voQyFM0gS0LXZGJcXeeeVbttcD28Td7WvS
-            XAFWumenh3Yc2VUSF4PUICL4g7o/4sLPjHhctlNHQ4+iaF6beZljWD/lwFkKxbqt
-            oHFjNx+ajtTxQpzpBQgqO6twKwLjND4lQ1yRlXp3mGm3U0BI7QUCRp+D+RcK
-            =N//k
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA46L6MuPqfJqAQ//ZYw2qRn+YhiEoBpbUsW95NJpZJFizwssh1dC/Lda5qFs
+        55G1Jls9FHHQ+LmRnE6wyx26bbpQ257FNzCsxsfwAuiznx31j1yHc6LZbuJ3+DsJ
+        slRaad13RdLyGgo2psaXbBMEgr22FAFDm+S98aYnyv8yvtOZvutEljGm9yhHLGKy
+        XnFf8LwvvqdT4RolfxiPncGsd9hbFYZh7/zcJTSzfYSnHI30Ly5Na74vSaamuIwR
+        oPnSxlf8jIX5RUzssjyOHGLQLd327fKuveVxX9CUK/PGWLgQYuTL5PWZwQGhzgSY
+        E+2EerpGLVJzSQB0TUU5xGwOQkDlPveSSUg0IoDlivMnrphWUFd+bcIMbipVXolf
+        qpiJeO1t0YW1WAQBzkQ3J+uXgX0dJqWfzfMsbn3j4/WZq5ZlEX6x+ovHv6Z7ZXTz
+        6lcF6Gn0dH/omhkqduK3bLwBWAkmh7gWNssEXdPQWGWA8j3WM+IPZKIegpecflKN
+        pv7jOyD95othMUul/iiH/E3aSbCggN5maoZHG2Cp1TGXkGOLFCNs143LGTVligOU
+        yD8n0uAQ8e50J7YwytSi2g0pzFkZyriLmrZqKFt9UUOfANivrO9p8J0Bo9wEHjY0
+        OdKKu8ASgjYk0t4VHGeZF3GPSaGE/k7LaUb9+5t02sxypxeVqQXpvjU/D8c/0wPS
+        XgGQs2bjszJIyRwcTmUHD8YAvuxf0MkyKCKpJSsnbJ4XmgkI+gGQpg0GLQROXjZ4
+        8GqLzKb+3d3QDUPQmh+z5Ur1nFcVS214wycICWSTsIUyam59+4rVxV1i33DcAs4=
+        =BJfi
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:21:57Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA1Hthzn+T1OoARAAtsPz8vCvZ84eAoI3bZwP69V1coDW0SgSVqAi0XDfsRbo
-            LJIU//nkp4pKjUMoBgc++TdLa94/mqeFVhXozAW2T7nFhYOOK2HoVl+JqvgvTGVy
-            ZhGEWTud++inzjSAKAEll6x89dYE07DLtbLNaLs8w3X/cSDF9fZekmTvyaks9AwQ
-            oI+RXPK1ao3Nvgw0pkvRzFze7HJansA25+Ojcr3wnhP3qtKqfHjbXRs5Qu46fB3b
-            mz3SPNcN/JihodKBhZ0suCk+HZx69EXbBV8i9EDBOX+2Azxn3aCGh0jlDAyCMMNp
-            CWiDuYduzYFV0mF5vAGQC8ifrQZDOjvJR1qqJ2115c2bB9cP0asTS7ZoJEEqfkz1
-            mGLHsOhhuP/DkHhX2B61nDl0LQ+eoc1ZdZEcDV0hrKptiFlxmPySlOXD1LpOU+uk
-            JFBot/Sc9GEZzaInyNSmSvd2Y6SiNOl9t7QAwIPwmGYGY3iNDPD6RRl/CQb7raLG
-            rfNH04BYltboG7HQeEqiEEijn7xctTSNp1O3EKrcdEpg/sAlQzarCOmEUvLXWeBj
-            YhPRH6Z3+PMyn7m2Jb8VFO3hAX4zfb7eJcXhsKHBhfYIXViyuuzJNBoXYnorqSRK
-            n5OobCGQAhxeLHOrG2J059HbfUgGtfD/4MJNiGxuCGmXJc5oSJVRhy3d11ttGIzS
-            XAGuD/Vw5GUqWVZKNp/k2Kfuxauqu6jDPI534dLf35qaROkvbWz2bbfwPx4hxtkE
-            dZCVWILFq/BbXXiCVEMeJf6FrXcB2rJETBgknQWtxRP18Q7Rb4a2jybv5TDk
-            =ATJq
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqAQ//WVgNIjTv+F0kaoyM5stNqV7lDHPNF3jKVLOZBV1d8wbL
-            NhHnNRiadls8SwazCHgds/ahoaUTv+4IF9hvmyLvksN6iEN5/YnyHa1nFDBC8kow
-            pzA97WD6/bo5SjCk5oqLHjbR7ApKAYHOnI/XDum3QyWUV3KzO5wQQBAVki736l6q
-            ccUVeYLgjcnlTSlz42TcNnPw5DbudAizU4DRu4KyqQX1hBJEYA9lLDvFxvjrSidb
-            TzGWzyY0ERkrgrW73K9il9xqGsnyDZLvHPZ3f+nwEuNjM+ITxliZrsfxmqbWZ29f
-            sid5Z8Z9lZ88jIC2VR4+XW1q3LAe4WPhp3MjvhELfKLUWTRp3zRN6kabxuBtJcuC
-            0s212dm2ctKbkTaDbn7Q0NyJ2CLX+5IMjWs/i1NoLAyjre6hFmie2Ldx0RGwxrJp
-            wCA7EiZ02UJcLQw4QT3o/2Pxg8Spi+eGmqxSmMV/PDJ1gSdUv85gPobdDcotky6n
-            ng3I3G1o2XRUKnfDwv//4mFbDHXsCPXs7fMLwsSYZi5Cp49NhfbCbQHeusCdchLY
-            dA0Eik9ckUDH6ihyEN8DyVcZyspxoIFONFqly21rNECcKy1i2HxTsq5SbkZmmUS5
-            XiNQTGoLsx0CKI78oAXNfgY3wdpi02Xykkctjga4U2L/u8Wg7dVRgUFmq64rJfDS
-            XAGHB1X4194RVvPcpYP6tScEDnmQCs55wsiEuWPUyvclwb/aO8y5K1o6Uz5IW7/o
-            8lfAj6gHs775Z5xZE3FD8O1NkXVOyLmzkH2bJbkZAQ+JVfQS2UKshMtnQgz7
-            =dG/+
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/9He59UueuO4GXg4uBxLASQiaGKS/F1pPfTU9W4E1f+C4k
-            Dw8hwiLIZWRDsj0huYd+klyg2VJnjmPf0tB8qj5nrHo0bTKH0oJpiDpX8Bi/8j7d
-            WBNyS8LmUrSub3TdM3Ob1muUt/nHvgGQmWKt3dH+Jkc/um0B/+Og3Yka/JcKRF0Q
-            IAYkzVFlPdh95IhPEJ0Lo7zyN1FU0UwlyMasjB8Xae7VoyDhtgwur60gTktNIuyU
-            tAvLPKSSyu//Uz9olGW8RKw5//5A/EYNlP8WrVV0crDNBGegTlX68EsZlZQp1uXc
-            GK0ZB0OtphMUJiF9dUXNfzbGz02l3voLs5DUIpE+EAyEDu7hZEDgU8e9oTJRv05f
-            TumOjDlgSrhALyewO1ig92fU407JxxwW9aNl8gFv2Ph9lEbSaQWpo/VAHA178x/p
-            j5caXUUh5qUFGYhtOoHB9KtxL9X+F7Z5FjHmHxFQBtLrxP/olmQ/5jjbiz5sgf8A
-            iW7bRu2tBmiT5TrMcDxFSf3d+v5o0kOngwPl+8e9NC681uXuddI9g4s76f7KrpuE
-            bb483XW0CZUdpt8eFXAvk6CJ97gi9H9iZBrqhMKjGnWbE6e0683PE8WNTwCafoYz
-            mCelVHHjX1Qsk8Zg/vI0EBEHkeigCiev9O85dUVbCxHVniBkvIF4ZNo9n7NRnAbS
-            XAHQ23ARYRtF676DYWSH50sHJ5v98BTKn+Ca1QWMRCb2kyqUSfn+XzgyP9Sv2nqx
-            dT8DO2oTOraOaFS2+j9N3wRjbocVRuTV2EPwdgPVPg9IakNaO3qBUwEnNM+b
-            =EzwG
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAy+TLSybMtug+TfJVBd4WJP4q5V6Qf0yPtgj4YUF4YCsw
-            rUctAxIueheQq5uqoPm3bTeLUYeticEVf090hr0613uh+l5DZcD/vqoHUK5dx7Zs
-            0lwBTi6sRElMIJiXplIvCMyYAOne/QZG3WaLx+LqqaNlNKPz8OVPhbokC++VNpwz
-            l5GE8Cv1ZoEDxbjLWurS772NiIumo+lAnjQMAxhHo4lVPXTxZZCqx3/98agyKQ==
-            =oiZp
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-05-26T00:28:49Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CARAAvnyyMeBLfWLFU6dBK2lNAzJy/gHb674YQbCe4W/w9Cjl
-            2pbiw1Hhpe0P7d7MGy2mB3Hi7cLygklFZADkHnrOoRIaJ8KqJELsNSHjapIE4+jW
-            8NWIcRSyZzOQFeKGFPNCJgyYd68clNmiLNlIAI/Xuxf4xSb3BLkBDRx1cIoug5gZ
-            pn7RrWYDPgrUyn9YfAJDr5OJsBcJD70sdi1TmCK6X6UCGZpNUI22yqS40LX6aCvj
-            WzZ6gd+nyjLlHXBBSG8R2lywPdoEVo4Y0pWvd5oK85Xl80gtlXSpFBfEg+EWbLCa
-            EkiAXthSAWwgBfjV0UCM+Qd5aiwNb8Q9j90AqPhIAawnsGWRrSL40finvJOdf4lW
-            f8R8Xk38RovBlHii1u0iw9O3Efur0UJ+aEntIEjaoND6K+32oJI56CWev0ARgR9N
-            ECROL+57Z1121S4QfDGp3LuClgAJDPB/LTL9ly39jOVaPZ7Ym+8qe45C0nkO3SDI
-            nyIkv+GA/gz9EuClfShc4N3T+XPjSe+wz7gt9hACpSai+Muea+2ruUpa9Kn8hasi
-            1zq7qR+3+ueJc5+8P6xIyCKxBTneBM2VNlh2e0GZlCxqCrx5Vt0spr4fijM/JvEo
-            +/2oIRv75NtF9zAwk7foSbyw8WQCReW61hLr9rVnYMoCkhYhlEIEGBZiq/94SHzS
-            XAEUZMZIyLdgzXVIoP8GVEqCErVYT5qCpo8Ett/v8efm27ucV797SrRibqiFEwIo
-            SsEKMoULNyHXQfnuKviNnuG1ril/azjsAtiucJvTdol7pY2nRWeYXIVecX0G
-            =Dlro
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+        hF4DQrf1tCqiJxoSAQdA7rerN+IVKpzyAdXVuAN19+CIjQ6DnHatGr92/YhAEiQw
+        J913tdR+Yb/FdPWQrn0NR2eTUuKm/Es0NRvJY/YEnhQble+3qYvxFP6dI+vm1cmz
+        0l4BNxMhGqyOmsDFf58yrJmrHdnapBOmiqCkJBTc9gAQH534di0Ps+grV04jzkXW
+        DUO/sIPANPpvqqCJNt1uekKNH2J57OMaagnBTivMBTq0HAuRN1RhcrjGof9ttCj1
+        =desh
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.11.0

config/hosts/git/forgejo.nix

@@ -7,13 +7,20 @@
 # - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
 # - https://forgejo.org/docs/latest/admin/email-setup/
 
-{ pkgs-unstable, ... }:
+{ pkgs, ... }:
 
 {
   services.forgejo = {
     enable = true;
+    package = pkgs.forgejo;
     database.type = "postgres";
-    mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
+    lfs.enable = true;
+
+    secrets = {
+      mailer = {
+        PASSWD = "/run/secrets/forgejo_git_smtp_password";
+      };
+    };
 
     settings = {
       DEFAULT = {
@@ -42,6 +49,7 @@
       };
       service = {
         ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        ENABLE_INTERNAL_SIGNIN = false;
         DEFAULT_USER_VISIBILITY = "limited";
         DEFAULT_KEEP_EMAIL_PRIVATE = true;
         ENABLE_BASIC_AUTHENTICATION = false;

config/hosts/git/secrets.yaml

@@ -1,233 +1,148 @@
 forgejo_git_smtp_password: ENC[AES256_GCM,data:ZRj5GpQKRlTxdu5CfbJirRGAKPCLAIG1F0V5USz5m5D49V3lu5uLomxHapmEwb0yYoE7e7ZLYK4VQUoQgpUnSw==,iv:K7+9E2gi8cdYu0lX/HgWitLxnxARywIwh5glEL0uOsM=,tag:s9UC8e+E5E3vM6cTKW7Vqw==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZFhrMlF1YnV6bHlJZFp1
-            SExjNXk0aTE3U2pBd0lHODlkZW9La1M2cHhjCjd1VTdKWkE2ZWxoMWFjREsvLzdS
-            K3lSSkRMZ3lLZ0tSaDZMRkt4MXBMeXcKLS0tIDFlVjNXcktpbHdJc2hraGNrNGJh
-            UHlJWFN4NW1tNWFCU2EyNjkveXZML3cKrKk1w3IBAgdmicuFyGOaU26fwpULAcy9
-            eZPlcbRPUPHoRhy9GhNTAcXXDQzimKL39XZGAd0U29Kt9AvWAf8Qpg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-25T14:17:29Z"
-    mac: ENC[AES256_GCM,data:JeqYsVtogbB4oMWNEpLsF6zxsgUoAt7UzRUL2JzxDUtXDUndW/AxJxVxQaipYvblA3q2MzRyQN+j9khavlL02DR/ANtZFLQmH3OREV7M9eHmeeCa4Lm5D7gFYmqWkULJ7yEJsKz5AaiJTWlWgCcBITB901H3Z12dsz2a1+4WrUc=,iv:5Xm5Rjw8PS7hkTcRD1kj5XS5uiOgsPwXYeaMqUReB7E=,tag:2Y5R1/Why1TQd+ZYTF0qDA==,type:str]
-    pgp:
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeGkrV2d0clRqTnNVa25P
+        VUJTQ1I0YUtSYmRwVWIzaEUycjFkbUQ4NXpZCmNnbTVTdGp3R1VET0k1Z05ySHg3
+        M2NWaVNiMnB5RllFb1FzOVRRNkk1c0EKLS0tIHBQL01BMjZNMkFBZU43SE5Yc2RV
+        SEtGVldxa0l5c2t0d0Z1ME5SNlFPYlEK75G9DZxOUGIAEVtUo6BDFZ3NGB6/cfm7
+        0leD7YW7g4mJ+raI/9wVb41BmGdFrYzr0xSjj/1vjJ2aTJEB7pBiTA==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTR21UUEdiZHVKOVBXZlVn
+        bW8xMGlSbElYQmxQN2IrTzlIeU11WSthSlRVCitIU3ozV0ZDUnhTTk9TRjR3V2Jh
+        ZDVvcjMzMjhkUmlKSjI5Z09nV3VzSTAKLS0tIDZNQldPcFFWeTJZVWhUMDNKWTVp
+        VmJxSU1Wa3orQ2tTNEFWdUdKM0RhQmsKfQm3qBSSY/7Pt98HNgXp+THAkOSRRrDF
+        8QE6EboB4EJql1hcu2ZHgCGqLNpW/YO5lD3IHt0ujNI0Pd4uYIL1tw==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-05-25T14:17:29Z"
+  mac: ENC[AES256_GCM,data:JeqYsVtogbB4oMWNEpLsF6zxsgUoAt7UzRUL2JzxDUtXDUndW/AxJxVxQaipYvblA3q2MzRyQN+j9khavlL02DR/ANtZFLQmH3OREV7M9eHmeeCa4Lm5D7gFYmqWkULJ7yEJsKz5AaiJTWlWgCcBITB901H3Z12dsz2a1+4WrUc=,iv:5Xm5Rjw8PS7hkTcRD1kj5XS5uiOgsPwXYeaMqUReB7E=,tag:2Y5R1/Why1TQd+ZYTF0qDA==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxK/JaB2/SdtAQ/+Pw0v8i3ZGw4QNjAu9NX6ZJ5hvBHJgtcOWch3ZHlIAuxs
-            rNoPYhuKaYZL6QJcPTjP8AHVkFIEp+mVbXnsS3PCNUxPnwBS3DfAk+b9OmIJ5U8i
-            H0VYv4FpdAblyq59GPYx5cBaKUxAagATqlYmMh8b530DYBGcoAHPtzhCaZj+aJI9
-            ybakmmNfSqtdhJoWwRaRekqhbZ++wmS7axeefawuicXpdlNxhypEMKBUpGA847cH
-            lI4hw1/+KvyN/BT1q66vQanYpM8NNFLyyamT6HeBxQ1lP6gfb/T0a805qnaCXaZY
-            z2Ui6XJL/lbUWzG/0xnSJIFiQc7hIqMGIz+EHyYep5NBu/hiIUK1RpIFL4ClEOh3
-            kfVlWC16ys3fGHlFOTTBc3yJPGtyPjd5lGGfFmawwnegPH2wdNIt5tjrA7+vwKRE
-            f+RFNzvfc11o8rhGnbGd4ZGNgexuhxVaRGDSNqO0aixprSurcOa21Z1U76tvnJGq
-            IoeFtZf5KutqqLIyLoK0JM0YkSb92S/BHkIKpUO9fsKLRdQdnvm++8NRLJ/jXLVz
-            lZZnLxMC7QvKMyxE7J8GKye7nQa6S6CkEcqUsgXSMaxB3GMe9MiGWS9nqh16tHDX
-            p9YR9FVj8BUKWsTbIPKkomIaoxhRJvW6cakVcM7RG0rySVjGxrc2oAvYgjpVmmDU
-            aAEJAhAxPM/qlV+JghqnmnjP9Kn6KTIvGV2NGvX5YbY4k/NgL/sZ7VLsGZldemiu
-            1ogKtLzjRnvtruPhXBXPv3Ivw+a4ie7YBPsyyyh4RFfnZq7abAwBVDZDVXPA2GUS
-            9JOUdkYe2Q1T
-            =1km6
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAz5uSgHG2iMJAQ//aGNw4mAzDqvpfu1FOQwoU6q3C7RlL77VIy6xw93BsahP
+        c8yIEoTOiDa1wtsLKHMaqxNADsxuQBmx4lQYQZ786SUFMVndfJzU6tf59SnOF+5U
+        /FztmZQsDEzKzKWESIEQMMavEAanr8DEGpACOITZAe61mTJAn8vcc92jMYhmnsHh
+        zlhS+ryg+j6VRp5i/s1Yocec/iYR9GlUKn3FVHrVDA0TBxOHJ8KjneN7CG0XFuBg
+        YmRpokZJrLxLntSyMZVSfksuOK8ORlYYpsGvKZNyzA726WjrYg8bJNN10iZHIbwR
+        PBmDvvP7SWDcJ1/YuzHE2vwJwbRupE3RLQoFRtmANi5QE0mzyMZPz7IF7d/TrXSV
+        fW3Hb/73SI+QjgdMtHJCtsxBh7rbGTJMP14TJzmETP7eCwLF+92goz/ruhG+HWFf
+        vc2g/SLAzUjoiX3MjuPjaLZTfgqhC2b/OnZ+MbFMbpgBtXlNhOkDSb75g/gOaB14
+        9CHmQoJt2JeeCCVkH+YQeq6oK9S5lD2WUhigFxdFaHjE6fmKkwxIBMwPwZ7QY7Ep
+        ljxJuSfMvl3XkZxpxD1+Ep9C1ZIvDXmvdhXx7H/3SaUtefCHO6Ab46ibtKa8wh2w
+        4gzPinJJdDYJfzylNDVMZxJ/P9y8XcYSSDGasG7QOGVNm4T2MrLjFaFhrU7lN9TS
+        XgHr8/8XgnlBIupmjeJTpLpcF0u5zeKIOiKkJBRQR1aUmzmi76lJVStuEJzfymXl
+        baOviVQywJOe3bVilDmUuVc71FVICnKgwdAvvgG15nOfOUBagLhM0IrgRrGmGSM=
+        =+Oww
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA6EyPtWBEI+2ARAAiyKB1LVhFUxkC/bKs7TmtXGbA+2xWwrtt9gUACD+GNlT
-            P0jQJ4N7x0xpvgo+ELNx4Owq4EXFYH8bI27zUxW9FmJu672uFVIpud4nZX+2AfFs
-            +Iy7VBp95kfS77Mc9VClJTJEaLMZOvciqlY58p1FB6C4pNwOuEhMvZ7athLVLlEz
-            hOrKkJAAtnjWXOFLBkq7BKCBVsxSLOUXMBgmK1Fr4dTJPifiXIIbO2BdNXanzMpv
-            8ANtENZ4JpqBHDW/DGoACkAh/hqu8p4B4TBC3L7szvFktsxy93w3i59CDXUroKXO
-            cG//41R5OH/EguctfO84qUWCe+eqA2D2ZuWIqSD6Aa4izQE+aTl+WDx/oxKuQcJB
-            UgKiLm/HXI7w1Zp7v2oRUt4BFr2EXHicsEkV+ztCGDMMPw0zBA3EE4fMFDmM9BXh
-            Y6bOT1cV/TQ1IgWvH6gMe4qdJscqYEfNMJNl6kZzylUSLBxK0YAfqxSnvV6lZ2D7
-            82KLl0TRZOiCWO0EMcRuN2L8AasrO4PaBGI/kbU2dCr8q4ku3qTjW7b77d6pVW29
-            Gh2eV+goXcdnk9tJt4hPcmz3vYIFJL8Pbmy5mSO0BetFdFVFnIhBuQzrXwe+Iq7z
-            nQ2L1eeDT0WI4PMEIz+YM0QVCMM52d0fK+JeiVz8H/bO7NcPCYTylcK68BA6QaLS
-            XgEP7Vp6aB2qQPbLYI1CfNrjiHLyCHXBJwyWGR3sSFB6LmvHsfx3tsHWdKxyrz3E
-            9AM9WvP+taIpK0F7OjDBcadaMo3Bzl74WVEtznaEmu9Vex7HxNXIMXXBHMj5RAU=
-            =CbYz
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAw5vwmoEJHQ1AQ//VsCz5H85LzK29rlmzv1BZaZb6tj86PsO0TydE6+re29Y
+        i7uu7i54BbjhyC9C2m2J2dzfDsIZyt80n7/1/QooWw4+/h+CD1aFYFb/fiwV6/oq
+        IAwdnoEio96r6LZcA1t4MSuAcRlrVMrG+OPh0QdCE0uFNiaDcmD6m0XiKL17m6Mk
+        F9xoYe5e+QMQdq/IcRLVfnlOWMn9qkqixbe4s6YfwttPV9Zx9fDRNz7qf9JiOdbT
+        sDbnbCDUVyHaRwQ5KMiJOsv0+vVKmDLqlHuFp+21k8/CSAOHzqD+4x9+JMNG5tja
+        g7Oh2n62UAsCHAr1BPiiWdRpBpIpEbF2/aKjdnlTKaR+niIg4EllkL4XYiFfz3+j
+        E+IT439U4eqj6AZyblrNgjL2BKUOvR2sQ/PvKA/JHuHCO8C7md0ID1BGlusuN8qX
+        AZh73AXe5vrrK16k/BX6Pbq0XOAPv8IKa115ZTmfKNH1Iy/LKiwRZT7/QYvYF+Dx
+        4RZJkRZgR5gQ4iDytyKUOeMLZyhEQCmHYL4jGvFVa95eNHM87PqI7Eh97tGyO9V6
+        FchBk5MTWXnqyXbaC+NEhFduNOh7lNDGNkjjv9PnYdOAgyFY0x4dkKK7bA0Bnzvj
+        cSiQyCsnF2epK1t5vmbu74vOIfJrXsvp/JwilqEaIiYLywOuVstKFmDyBWnqblnS
+        XgEhibKGUk2lqS9CmIAzcTsK0GSRkQaI88NljE2zQfORQcEKQ8HziKFf4NrDRYf+
+        heln/SYu+bas1gZQBtQRippUbje9xe8uCUez9tgTwbpxYywcq90LvAUZ9F8lVQM=
+        =cFEl
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAz5uSgHG2iMJAQ//RSjkwW/PxItmHjB0luZ8pP6sMP5iTrgvwie04F3y1gu6
-            mIdAvh8QgCn/5Q/IqKZo7zdUzTQhyuq03DNUzuKyB/Sel6klohnW0QXes8Jt3vUe
-            W9bFFmIaFTk4mDc/tD5Vleph0ruNMXHlQRO4ia5wcYpVw0LtT3pKM5XApNl/9UKT
-            UFZ9/Fvad2a/p277Ai/N5dPUwM535s8H3Kkz473BvoS4Az7cjVnyxKHhguNQH9pw
-            n6hgXEjvyzDrzWvJwrX1T84KvCsPh0idAA9W5YfMU/4loL4RJUqvjkUvn2ErsPrl
-            gNoPTRY+BiivW2HV2uWRkiOyKTwVLdgs/oawZX7LB4aIaI9b5y8rcmHV4fKP8OEh
-            3q7LB5HU1peGmd6agwu1/ejbIc3+4WytVfoqHDI7MJ7jPE3iyfAxaZm1x5PFbVhA
-            7zmYs6tXs891l3ZJps84I/S1uSHjxJbMuGh954RHMmPHCrnLosS8yeNLEO2AHpQi
-            m2FFxbXCRFx7Xd8SvW2lAaKfeU+x36yUYCf7APaQeb59QLTnustIle6i4XQl070m
-            7GK/Hj2uanq6TEhAKWJlyVAucw4gruCfrjC7extPyY4pC4yXVUpM0jqJO37yCw+F
-            k64syU8yhR6whTmOPA/c2JsYoGKbV22NYRj6WIK9cIyiL34ellZVO9Ccsz6QGgHS
-            XgHve1EpLmsR1h1OKCKyUJNnNjvOnehZwyjCFwqT/DrIS1NUgoOaFr7As50YMfhU
-            ymMhQyDGYjjMHdmGoqmgPMOrJf/MJIECdzx/K/0e+eKM1RsC5XpwZnwKme+cVJc=
-            =5GW+
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hF4DerEtaFuTeewSAQdAo/PITsPBAKUdwzsLGOegBkKgjkMyuBM9ghjsu+rSl3Yw
+        AmuZrtFRAB1ue+eAkEHRUbw4VzxlTVib717P9JEnKED+MXhoQaJiHT9q6qH1SFMk
+        0l4B8FmPdQMGgXuLVGmJuGqcSLiLlFnBR+GXSbMT5mv3JxfTJhdslAss3eaWIeg+
+        3hfMVA27mVcxxmenCpi0tSFMXQqh3mSGtb/p93fFz2bi5uFga+CfmyuJTPClJIyb
+        =tRXn
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAw5vwmoEJHQ1AQ//djObFBa/PnDRF/Q9ngtQy6VmuyUfErLqj9x1OOojB0g6
-            yMCvqH9zrN4JT82rb2xqvjbqEtZGq/35B2GccMXBifJy5JQj3SHOyTEPuoVr+yVK
-            4fzZ9k6vEUYl7FicEZABud8uasfoIGC/jn7EpYgP4v49RtXsESF0aTCnrcwqg03E
-            /cVJW4ovtIQM6UiE/BQPIdbUNPgVrwbDSxilNQrShvJvu3jVfCkdXuyOqlhF/lnH
-            weR/P1dNRhtNzZKLFYHNJRiJA3RuS+h2BFxG1pKhBfMfI/s46g74GkP/R+SEX3o1
-            l83P18t0br2pqqEE/qGHeLQ8PvEsTVHzxAzX8Qgx6qJQQfCDm2jDb6FlsxX6HT0y
-            TC3leI5q0u1A7Oj6nEl7p70/NjW2+W+cXWw4hmwMMnV0xNXsOBBDqk3sA9rJ8Mwx
-            oO6CuLqsWMsO0jGWptLebIzGnwMvaSWMGTMRgweW4gKNzcmiOXUrv5OT4ImJxgwt
-            7rFFPGcrVWUzBdGtTquLryAN1Gf1Co59ndG2SS0LKxVnY1sYspwd1FINpJA6x+99
-            kX4zJlK5qA8wcqkgj5WhTTXIQGLKD+R58pGjizEJzDt4aMB536uZa86ntP4bd1/5
-            Q4zjzwF0aIMWX9FdaCilFMjWjT+iMOl6m2dI3EBcUuTzqL8JTKbBxQ9z+Hc+yELS
-            XgHe79QN5IUbyoH/Fi7jNA7XEUwI6WIrhZ8TWF4nS3HgZkVfsZ/oK1DFBdVcZ5Zd
-            /rJaKqgeQLCxoRFroI1vZYsBRKInRs+7yziK8YtbFhmX0azW5G0NiUtsYXBOguU=
-            =YSsr
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAxjNhCKPP69fAQ/8D7Ili77aorhPn6Eg3+9wpxkhd1KU0a0fZh5O8aV0qQk/
+        oAvq3+NZYULpMzPb2utLvFKFmKS2d4odbdTV8BhE6rWukRR7Kv5YZYksVjOobCTj
+        +uhpSA3BSccC5PNNYODRgUF+2sQkzis8raF/El7f+/Ec/owB5qnrWd7Tja4uW5Qt
+        5r5q4nH9tb1HtIalrpI8tRcpZ+0JOzdHm2w65eCEirF+12gTSX1QP71KtjkjlKGy
+        +20ofHdjXpkUT4E9SsVVHpRK70IrPCqi7iv6dwKzUGhfckHDfGCoPEwk6/0WZsjX
+        r8EU50QxJIJxXkSBIcNVjvw3NviliJiwtPHR35noyYkXJXWlS/FVauxF44sSVvO4
+        T2uTCdMhmKp1on518/bUcYWtINAy5w74hOZ+qojo2g5bAAu4mQ7bFwCK8bs08bL8
+        beASn5XYkTr/a/oE5kdj1+EB2/VdZZED7w57NiiOEYXoHXNuHAd1DTCeoPz4VvqM
+        TrY+Cjal7YBg9GAGm4L8ZtqpfqmU5NQnmEYHhzXZhOjhrMtu8QyvlM2KichKnSfW
+        /AcADQSYwR6O+pLui9tXwUPNGEYQGHx8Wlmjvq6hvfcD+IlyzK5iM9Jg03nerQCf
+        1IlEmyNLVt5kQqdtNh8V7kskgPrDsKuQ1kQta5Vq5btbCbIOlIEuzuv9RWXgNerS
+        XgGH29dML0Fta1z0/LKkWSA/U4V+jUviQDNpbQ2t/WaGQAAK2Mhj34WT55BFcVCe
+        CvqsHQ28CjAKKaLZ77Wyy03zFHEZ5HwdmJhpXAJFzUdM8jNBQDqc99iNlerFHxA=
+        =BLfs
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA4HMJd/cQYrVAQ//byQSYLjXciKE2ryqYXiz3/OgDd0pIVr9HZLlxwUFJFMR
-            DLuxWPK+SxUj6F81mi4A9xq9CmTa3jMEVkGgblvjGoWjtEKKgJrdllMCvo5Q/Gcu
-            CLbMPXGfs/eDEjqEbX1rAdzR31TcFl9FI6bGUIXxGE21DeLIDCgInl5gNzVL+Ser
-            M5OAxpQCqe23wUMPya16XTzpaxug+mertfyOxC3XUk2A23y/8gey0pjAnaDTPIhD
-            q35ni2gA1eigiitJv2IWxIfbZ7rFuwmb9qi+vpBeqMTNLBBbhKgbSg4PUl6usFeC
-            65uRvNJOeMeXfwpPgMlphtz7pABg4ihW7tusVe//Utrph7QJs8bsiokXA/RYtTQO
-            uMK8oYdre9c4FboINGL4hznzUi02ZRiMh2Hf+V4cf4VK+YoBKsRYfO79lHytFHPF
-            6XCv9hh6qLuzTCHlUrAfOYbXbduS5mMLcfX6OYay4lYTEpx3dKBZz34wtg3TtMpP
-            eDuafUXNOfpx/E+4ZtB5X8Y99ax+3resPv9IQMTNOHQJ/vPa4JT8Avkrv/q4wIsJ
-            yMOixzR2bIPjetZbY4ykOwJxL2b0F/Bm5yu0rVHQp9+lYqrypjAzt5vhbdAMkDZD
-            CPxhEU/Kq7DC4fSE6ysTGEBBW+s4i7lwqvfds6RqHbQXL/0jginU4zSxZuZ26xvS
-            XgFinTWqnia1WkhfAZsH+UobDK92lKDiQRtM/xhWkNCB/WZQB4Q4EpJJeXIidTse
-            xQpG0tREIIuS75dJ6nD+Kh2CkOnalSVVvb3VVN8Ft9PEPLf76mE+x9Zk4Mu0vOc=
-            =BDOC
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA1Hthzn+T1OoAQ/9GiQ8HBWqxVKFiWt1Rpltpjqp2wJG+TSP/6RZNcJxn/Z0
+        n6+SYdeeIIBr/cavORPlaY19bMD3NQMgqhNFiLo2q/ZXTm9QF1YJPRFpzEVovia8
+        bF6K022kdEQYFirKNXPtyYsqbZ0hHiJG5cTlacfd2k2Nbx6QTWq0f3Ksm49zzdJh
+        or1hCoPHTqnuRwiBQtkwx+4jo0SAAe0xO2Cs5jCcNt8j7KYwmRKmH1Qgtclsb3cq
+        vqhh2WQLXD3HoVJxnjcyIElkCPCDpWtLYT+ZEqiWbiSkLwzsBHjtavgSAs3b8ZV1
+        v7zq76ofB0YKN2LRbcpdygvFseqNBpU6uukcScpwhIsfj0DrHZQ9sufl/JIFF97S
+        27pf/9hyJLmjTclaUfTREtPb8icyhwOE+d/Atw0sZxOKY4+hV4WF9pbDGiUOgZqi
+        a7E3qY+Iywk7jDgmU1eQGkY+G3PPXHbdhYr8v+Ig2lbp4uU1H+ab+d6r4C83pJzD
+        PrDXcletKkA4APwq/duyzox6CoxCpoBcFUtz7rHcYi78EfdFi4oMWVYimAlQCdng
+        JqeDXAArdoz1rj/yDwlFYybnHtXb65T01wF53brPtOkAVq6tE11hxe9dCiD6klk4
+        SI5j9VE8wUEV0lf73AFW+gectZzkr5+7/QKe0IG2G5DkftK/J1nHA4ERFw7w0R7S
+        XgHrnYShza9Jovn/qGjZrvZFf6Pcs/KK92CpSBi1oMl7Lhll4R0tH+uG4b8pWuXF
+        uLSpKPsnhnxkfVczNRIFeDZ51ZuyjmYSrpt+YZnDGf7H853ROAC83gej00E4Mcg=
+        =SVTV
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxjNhCKPP69fAQ/+P1WAWxpVnCVQpoHmEFNnK8x1ZeDN9IyYvFFpFRbRJ4f5
-            naL0ROxP/E19LGtD/bGbdBfVU4nNXdiXbGYtAlvAybAky9/8a8AJ97n2KVULR3xX
-            JnsXIjavi57MB3ty+Nop4Fgmv4p4AAsPOzDQtc07Uj5xzxrK9ARtv7w7UyJooOiG
-            Sp692SFChyskAjTVHWU9WKomqsqZY7XvbHJPQT6Y+wUbAjx9iAhpv0CEJcxX/irF
-            D3SkUD1tCJ0NHlzCZ0ORLdhDos+FNCASbhYZiCyUJn1mBfW6PcHmNevzaqSQQaoM
-            hd3vOxx5MFO81K3GtE/r1RA0waY/7knBHk0cBuscBOLhs6MC6i6mMfY711WoiOTj
-            Y9xCjAIYdOeK22fceg0Wk/FMtivFbgddpk+jOrAR6Wh6n2qJZDJFdxFpcaSF2fHj
-            dBZuJ/q5vRedjdLYFnL2uTejAKkQLthqL3F4m2Fzyr5wk80eGRYqQHDtSlwagVLD
-            ZoTLCtGp8qnSLF6Z+nnS9lmsf+X0286wAmRtxHsrTTGm2CDhBmvQjNeq086Bdhp4
-            z6S3WlgX5oMbTS3hD0BIr4euKIUT3CZcbyXzicuS4iwYOq1iaQEMGvXJ2TKkaOsI
-            9W2CPSySkIzp/z5Cpet4Z2JFBcO4QwgCvScm3yK53ZXkRoSwkUWBiWUO8GihgWzS
-            XgEGOQGCaBNxYr/B1ePYUTxZG7gz3qe3QzzrYebHUmYlEFcC1BkyD0CfWZy59oM6
-            mHL30p7LuuoQbO0VocvsnxR8ObQhXsncc+EyZx03zyeDSIbOFqs1sSQ/w+K1708=
-            =dnme
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA46L6MuPqfJqAQ//czgS1KbONIAv+/0g6iwcMPmBld0BDwJw3G0jlJCuSW6g
+        nSa1bq87WQzXUL/iM5XzURGzuMY5picYy/QTu/fi/XNG04lZpN7ZzATEkSwwyNzC
+        JsAei0QKAWPRRFTKSnsoL8QEhKD7asJmgfBDFhj0iYxClBQIXOSjQlAAfeK9o+Xw
+        oM7EfRSY9zUtJAziZs9LpkQKu7eJlq+n6IGGH9Jy1h0hKcxRuSujgz7MepNvLFc9
+        wJO9LGieAgynZgOsvVLHN8N0v/PKew5LXnbDo6I35z4ASG76n+zlFDwYp3RDkU4q
+        Is9LqLJUAxPtIa2NLGRuFOO7fOg9IhhdRHdhylah1boM7+ElACDDbbt+v9d5qu/L
+        /GBZIn1pgSe0hlxfa2eAKZCS1cYlpBIKen768hJncKuTzV5LGDguJcQMKaBmbFOH
+        tCfvNFzWmWZBc/h8xkBpm0Hp9c2XFwcvzTL9BmaOgGzjUbZM8DSwFE+vlg/O7Ggv
+        lyoi78OEWktVLYUXxSBq3XhVxncOgNifL9w9bIb4lTJLjMVYmughFntHwSZH/8eq
+        nLw6sPQrINcjIMJEw/LUCnO4kmzrvCgqY5GtDvyV62c8k5nWXhpkl938EX7DZOCe
+        q5ZKMUfu0cUvyIQWIZly8ZsPDkPz6XQJGu3pifXs3vIiARUJY4qv0iAKRD2u85rS
+        XgFf4gDAoga+9rJD9Gj4Vhyjps7YmU94588/CeHesl1/Zy9+neRTrHMoo+KqUpC+
+        O+CTgW85eVnRT9mgDlLDsFqZElZZWkdn1yJfD9NlhMvswsn/NkbB2yT06HbeKAI=
+        =Uh/J
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:21:58Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA1Hthzn+T1OoAQ/+IDsMHXF8Xpm7Mz8EuZ6OjINDfe1aVJqkq6dislIuniSn
-            z62K3gIlYKVCkPC4uQ5KAQBC6mCv/IYmy82OFmexeaHO1uYhLiM5z+5efxkbChK6
-            jxKYudsVe0l0vd7JpJVCO+GSw/jelALUhwtrr/A5URNQ+fQZrTAd5SE9bFEFf0P7
-            exTBlw6Cus5671R+s7G7OGbKgx47Kf4CDzMizYruRBvjwDPkKOAPAGnoNApjl598
-            m2uR4PmlqUJ0z/aFcBtcs1au05vGmVvckSMz8BiqpGsmlbZEVIQRiXqsZ5A7X88B
-            D6Nx0nb0t4WM1EV1UUbSLPFwwcVkOSHHfs8SGk3gaStCNWunkrPGQStUFBmU1TpL
-            2exHEKopll2gQ+XKfvE+mPF0cqd8dq2SfZpLZgp80pKieuHXN/DJhEHoBSELixDe
-            zRXB5/s6Gr2Hlgd3lfp910UndiycP5ROJZbEwJ6O0x8QRxeIqbpk4eXiIK/4lxiK
-            ENepdeFSk8/DS/yEMc4M1kWxxm0rkQO/dxn3SvYV49eNFvkRMWkWimMrSbaIUKNM
-            k8KSLYr6JuoKP0v3NZHGcBZUGd8KuDi8R0A9KZtqz0pHyRIh/Ox+to+Gmlw7EP0r
-            ARPQOBQBUjcxqW6BRJ31onE24AxZN0b3pAAPMt7Z7KXmveHGGqolU1peZfeATKrS
-            XgHJDBQkCm1SOX89yw0O0DVZ43z0b9UqyP157R4JgdyEleNsMbPl+KDPCPx6vAnm
-            iGrsjpWeKMwA3s2biSYUb8T00KD48vH1nidc+XEjfQ/fBDJIsR8Ku7YMZtzKmNY=
-            =xEYv
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAAkAuIMiq8rw37IFlLlVv1tzQbGMmWjNhQndBAlwA/dAaf
-            zk8dNuKA8wlmAFv6uwbmfOzvdiwunoYq8cgIRdaP7ieNPRppHIm+pbojWKOvXoZZ
-            6b2+ILacE6JBHpk5o+KbrILrnn1ciyfhGq6CX9gCi9+vvQkZk3+WexgaHEOfFL6x
-            zCp5jVEIbVeDMZIxVbDDVHMiXBy2qmpYrSDMnky05/szu9BBJodcsqZFAqgumVf2
-            kBFFvnzdhJgKWBfJ2H2CfVOWx3CUhLXidqJyFgzs338aGhSNO4jGKvOn1Yx/PLlg
-            LSRphptnmzM83BS4ev9/ejvYiWbxorKSBTPZBqehpKFtPdNNUqbWMpq/lmAn3yLu
-            S+yAVAklCHSDtKEdS9YHAFqycgxvj1VNxLx1DI2mNPyUBoOgzfdD1NiUDQp2s3j4
-            EX8EsH1+b1eKk93751yLKMaSfLjU6lnd2d/h++WIt5tDx71XvIJ91yV3NJVr2wIo
-            MVIUJFh16+zQOWvc6rKCQh8U5cu3AVcB8EfoRrn5fCNh6tu7Aw/fHxz/l/U0vzId
-            cWFZCYFrg4i3T5w3U+ZV5kgoMQaRDh6T8yVXZQTzKSi5qAQW/qeGn6h2zHWARznC
-            J3IJ6M9pX6zibz1ao9oc0ePhU3Vy2vNFdFcpGgLe3gl10BM7GbU7rrmAlHFgG4nS
-            XgHhWFZtUAcYwEuhuOVDfmN4J/QNWlzl20RML92pf0UNCx1VHrStAbA64MqyvE4V
-            Dgallu5Dr+u5SHLgAaNj9HfgAGuDLPCXGrCoYK8KLUR8fIYwkuO13FN2A0YnHOY=
-            =IKCU
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pARAAomxJSaPmNrFFIiqfWzwdemWBUK4oujqRSvfRmnK3fg7s
-            p+Q/eV8/jYqxPk1q/P9thQSu9gq3OXLkgT2TlMwcsFBG1+xnksu3Xcqr47ON7N9H
-            J5K6a0KPX07O9fuP6VZtn4cDatLq6ag7RYLp2D7v68eRMi1Kyc3W3mZyz2AlbrUO
-            7T/tOqQzD1Zb/vwIy0Vfn8w2KMCPBi3TxlfSdohPsZWehrIAAKZHDRp2931iKPXQ
-            0gDwjTd0sEdXwi+sfXxq00988R4uXIjJhBd+ZFOxIHg9yEcXSW02eUauVwETuLzv
-            2ohAB/LOKQx59mVyE9gFxtMM7oo3vb5zWcnX9pHG+N0UE/RU2C+aR8a3KCOtysk9
-            cHwBLT6Iv3zijeJCeKG7IvSgsp/WW71rqDZCMphs5cFZdzEola+lRXNPIpz6YJ/t
-            qyTFbu4BG76LZyRRTg+i35NhS/GiQCUMyZoUxW0mLgjDsbYS55FQdFP3xaH5BaPg
-            81UrfF3hV1Vrwe6DHbSEYe3qutk3p4NMruHvIIJJLwimIe3i6+MP3/N+ACLV1wBl
-            caNH/e7H4KStDwuNFb3BjXEXHBLPgnnbdkTSTHZFtmEA0o2avrM/EzVDvvVxTCT2
-            e9pbfNCAoXCNo6nstaWRPKjwP8u5HN7RCxjufpZnySt0H/5Ux4qy2v/01i7OARrS
-            XgE58F0/szyLPmsigEpWhFPIunfIF6esq+4u9OVyqBicYFZHfUddyqTLl64swDHk
-            r7vxwxH/A8QMGj2GSmQez25MDU/NBTBTotEzRSyxvqZFTxn7IOxKDblSYPhEfCY=
-            =Tf91
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAhuqKLIrt0ortv8L+5ex4c8h3ZbiIDTLSGhML7jbMAUww
-            ntvI7quM3pEBFfdBT4BuPCrgka9gA9KRKGRwxYX3uSe5jPtgnH8GI1+gImeyWIu5
-            0l4BEMzlg3LOwADrDONa9xStlwAIlxgH53bqmCVQ2t6zHkxAcSGeHLn2y+aCh6wI
-            9oicvnC69DuQLkMwBFMEMUNiQwwGH8EMfQRacoFAEtH5YqiwBT1qxsnOC8ALfZ+9
-            =1uoR
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-05-25T14:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ/7BfqXXAGvvQVGeGJDi3+XhvZ0wKQvfS4UmjP7FFa4gm26
-            4W1eS5hM007yxpjOH7NAsVbWpej8jYA6dDfeuo7P34owws61F7LQLa0X61mC1qOZ
-            IXx4n4kdYSV/CyqJa8HrDe56B0dpou01vjbVZ383Pbf8+VzxaKeJ2X2y3ioRijZJ
-            +T+rCkDHx4neOrrUkutOTJhiezQaeOnFWPEAbNRVfdLAM9jFuuG0uKtnd7hkXf0W
-            8sv7z1xEYN8VF3bE70IGuyZtiTeXwhbTD0gq5kze8LldMLwBIxsrTd/xrH/Oc5Od
-            nY8vvdiLMlAwBrI4z+JI12Hi+b1nglldk3Hu34KaV7jG8DjgBGBy8yolqvKo0cT/
-            9T4aAe9eLANvyHpYfA1CkcFW4CHWOBRS79rC2HcHM1tQ8+coq+jxrzlYEBRwQcpE
-            2jBcP7mnIGPm1csIhB6u/UUKVMqlnZ57MdKHwwXja1vzxfnRNBqFdzq5uZEyU+OQ
-            dDJmURqxK4zCdhk+De7Nm/wR8J7xtIJLUszu2lDJ6SWQEsut2cNUVUvmd5XV1BWV
-            kZaIFKADZI9qcbivci6fpCEH1/qoU5jIZJ+zvOEOZLsIJXBw1M1/fgfSZ8Aosl2t
-            RpikITTF0S1HL2QLbWoogdgBp6X+6xjpoWIhHVi5lqm5CX8HTRwqrJL+hPi0GW3S
-            XgGQv0OqaxGfD6lwyVjokWvCSEoEfK0e7se+ZyJifwAlarGaLvG0PU/iW5cVUolV
-            QT3TwrxD94ZB412nL2+4/QPCT/ZtOXcO+9dhLiSLneHrNrSReByIAOE1s1ZU8MM=
-            =XvKN
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+        hF4DQrf1tCqiJxoSAQdAYl5yJyayyLJfKcs7YoVj5SorGPw8k+39iR3k3bCbSwww
+        PKSvjI7m1dLxzGqsYIfavX4sYqP1az/ljDxKKgMI5fX2FUGcWT6/MXF0HTLxDPLR
+        0l4BbD2ZIYnL39K7vGc0OY4qi/BkPh1xKY5XMBe1tBsTqTHNboIpW5vKYO/lS7bu
+        PXyFZTolOiZfefybYoD1DEoPgNUCCnnqq+TM6g1eOtTQ4IsoUH3IjZS/QjPy/jsE
+        =uSMN
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.8.1

config/hosts/hydra/configuration.nix

@@ -1,9 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    hostName = "hydra";
-  };
-
-  system.stateVersion = "24.05";
-}

config/hosts/hydra/default.nix

@@ -1,11 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./hydra.nix
-    ./networking.nix
-    ./nginx.nix
-    ./nix.nix
-  ];
-}

config/hosts/hydra/hydra.nix

@@ -1,15 +0,0 @@
-{ ... }:
-
-{
-  services.hydra = {
-    enable = true;
-    listenHost = "localhost";
-    port = 3000;
-    hydraURL = "https://hydra.hamburg.ccc.de/";
-    # E-Mail configuration requires some work/investigation still.
-    notificationSender = "no-reply@hydra.hamburg.ccc.de";
-    useSubstitutes = true;
-    minimumDiskFree = 8;
-    minimumDiskFreeEvaluator = 2;
-  };
-}

config/hosts/hydra/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.163";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:45:7C:D6";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/hydra/nginx.nix

@@ -1,58 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  domain = "hydra.hamburg.ccc.de";
-in
-{
-  services.nginx = {
-    enable = true;
-
-    virtualHosts = {
-      "acme-${domain}" = {
-        default = true;
-        enableACME = true;
-        serverName = "${domain}";
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 31820;
-          }
-        ];
-      };
-
-      "${domain}" = {
-        default = true;
-        forceSSL = true;
-        useACMEHost = "${domain}";
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 8443;
-            ssl = true;
-            proxyProtocol = true;
-          }
-        ];
-
-        locations."/" = {
-          proxyPass = "http://${config.services.hydra.listenHost}:${builtins.toString config.services.hydra.port}";
-        };
-
-        extraConfig = ''
-          # Make use of the ngx_http_realip_module to set the $remote_addr and
-          # $remote_port to the client address and client port, when using proxy
-          # protocol.
-          # First set our proxy protocol proxy as trusted.
-          set_real_ip_from 172.31.17.140;
-          # Then tell the realip_module to get the addreses from the proxy protocol
-          # header.
-          real_ip_header proxy_protocol;
-        '';
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
-  networking.firewall.allowedUDPPorts = [ 8443 ];
-}

config/hosts/hydra/nix.nix

@@ -1,10 +0,0 @@
-{ ... }:
-
-{
-  # Allow Hydra to fetch flake inputs.
-  nix.settings.allowed-uris = [
-    "github:"
-    "https://github.com/"
-    "https://git.hamburg.ccc.de/"
-  ];
-}

config/hosts/matrix/default.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     ./configuration.nix
+    ./mas.nix
     ./networking.nix
     ./postgresql.nix
     ./matrix-synapse.nix

config/hosts/matrix/mas.nix

@@ -0,0 +1,124 @@
+{ pkgs, ... }:
+let
+  masSettings = {
+    http = {
+      listeners = [
+        {
+          name = "web";
+          resources = [
+            { name = "discovery"; }
+            { name = "human"; }
+            { name = "oauth"; }
+            { name = "compat"; }
+            { name = "graphql"; }
+            {
+              name = "assets";
+              path = "${pkgs.matrix-authentication-service}/share/matrix-authentication-service/assets/";
+            }
+          ];
+          binds = [{
+            host = "localhost";
+            port = 8080;
+          }];
+          proxy_protocol = false;
+        }
+        {
+          name = "internal";
+          resources = [{
+            name = "health";
+          }];
+          binds = [{
+            host = "localhost";
+            port = 8081;
+          }];
+          proxy_protocol = false;
+        }
+        {
+          name = "admin";
+          resources = [{
+            name = "adminapi";
+          }];
+          binds = [{
+            host = "localhost";
+            port = 8082;
+          }];
+          proxy_protocol = false;
+        }
+      ];
+      trusted_proxies = [
+        "127.0.0.1/8"
+        "::1/128"
+      ];
+      public_base = "https://mas.hamburg.ccc.de";
+    };
+    database = {
+      uri = "postgresql://mas_user:mas@localhost/mas";
+      max_connections = 10;
+      min_connections = 0;
+      connect_timeout = 30;
+      idle_timeout = 600;
+      max_lifetime = 1800;
+    };
+    email = {
+      from = "\"Authentication Service\" <root@localhost>";
+      reply_to = "\"Authentication Service\" <root@localhost>";
+      # Don't send any emails.
+      transport = "blackhole";
+    };
+    passwords = {
+      enabled = true;
+      schemes = [
+        {
+          version = 1;
+          algorithm = "bcrypt";
+          unicode_normalization = true;
+        }
+        {
+          version = 2;
+          algorithm = "argon2id";
+        }
+      ];
+      minimum_complexity = 8;
+    };
+  };
+  # matrix and secrets sections in secret
+  masSettingsFile = ((pkgs.formats.yaml { }).generate "mas-config" masSettings);
+in
+{
+  environment.systemPackages = with pkgs; [
+    matrix-authentication-service
+  ];
+
+  systemd.services.matrix-authentication-service = {
+    description = "Matrix Authentication Service";
+    after = [ "network-online.target" "postgresql.service" ];
+    requires = [ "postgresql.service" ];
+    wants = [ "network-online.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.matrix-authentication-service}/bin/mas-cli server --config=${masSettingsFile} --config=/run/secrets/mas_secrets_config --config=/run/secrets/mas_matrix_config";
+      WorkingDirectory = "${pkgs.matrix-authentication-service}";
+      User = "matrix-synapse";
+      Group = "matrix-synapse";
+    };
+
+    wantedBy = [
+      "multi-user.target"
+    ];
+  };
+
+  sops.secrets."mas_secrets_config" = {
+    mode = "0440";
+    owner = "matrix-synapse";
+    group = "matrix-synapse";
+    restartUnits = [ "matrix-authentication-service.service" ];
+  };
+
+  sops.secrets."mas_matrix_config" = {
+    mode = "0440";
+    owner = "matrix-synapse";
+    group = "matrix-synapse";
+    restartUnits = [ "matrix-authentication-service.service" ];
+  };
+}

config/hosts/matrix/matrix-synapse.nix

@@ -41,10 +41,13 @@
       max_upload_size = "500M";
 
       admin_contact = "mailto:yuri+ccchh@nekover.se";
+
+      default_room_version = "12";
     };
 
     extraConfigFiles = [
       "/run/secrets/matrix_registration_shared_secret"
+      "/run/secrets/matrix_mas_config"
     ];
   };
 
@@ -56,4 +59,11 @@
     group = "matrix-synapse";
     restartUnits = [ "matrix-synapse.service" ];
   };
+
+  sops.secrets."matrix_mas_config" = {
+    mode = "0440";
+    owner = "matrix-synapse";
+    group = "matrix-synapse";
+    restartUnits = [ "matrix-synapse.service" ];
+  };
 }

config/hosts/matrix/nginx.nix

@@ -17,6 +17,18 @@
       ];
     };
 
+    virtualHosts."acme-mas.hamburg.ccc.de" = {
+      enableACME = true;
+      serverName = "mas.hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
     virtualHosts."matrix.hamburg.ccc.de" = {
       default = true;
       forceSSL = true;
@@ -37,6 +49,11 @@
         }
       ];
 
+      locations."~ ^/_matrix/client/(.*)/(login|logout|refresh)" = {
+        proxyPass = "http://localhost:8080";
+        priority = 999;
+      };
+
       locations."~ ^(/_matrix|/_synapse/client)" = {
         # Only proxy to the local host on IPv4, because localhost doesn't seem to work
         # even if matrix-synapse is listening on ::1 as well.
@@ -48,6 +65,66 @@
         '';
       };
 
+      locations."~ ^/_synapse/admin" = {
+        # Only proxy to the local host on IPv4, because localhost doesn't seem to work
+        # even if matrix-synapse is listening on ::1 as well.
+        proxyPass = "http://127.0.0.1:8008";
+        extraConfig = ''
+          # Restrict access to admin API.
+          allow 185.161.129.132/32; # z9
+          allow 2a07:c480:0:100::/56; # z9
+          allow 2a07:c481:1::/48; # z9 new ipv6
+          allow 213.240.180.39/32; # stbe home
+          allow 2a01:170:118b::1/64; # stbe home
+          deny all;
+          # Nginx by default only allows file uploads up to 1M in size
+          # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+          client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
+        '';
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+
+    virtualHosts."mas.hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "mas.hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      locations."/" = {
+        proxyPass = "http://localhost:8080";
+      };
+
+      locations."~ ^/api/admin" = {
+        proxyPass = "http://localhost:8082";
+        extraConfig = ''
+          # Restrict access to admin API.
+          allow 185.161.129.132/32; # z9
+          allow 2a07:c480:0:100::/56; # z9
+          allow 2a07:c481:1::/48; # z9 new ipv6
+          allow 213.240.180.39/32; # stbe home
+          allow 2a01:170:118b::1/64; # stbe home
+          deny all;
+        '';
+      };
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy

config/hosts/matrix/postgresql.nix

@@ -11,6 +11,11 @@
         TEMPLATE template0
         LC_COLLATE = "C"
         LC_CTYPE = "C";
+      CREATE ROLE "mas_user" WITH LOGIN PASSWORD 'mas';
+      CREATE DATABASE "mas" WITH OWNER "mas_user"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
     '';
 
     dataDir = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";

config/hosts/matrix/secrets.yaml

@@ -1,233 +1,151 @@
 matrix_registration_shared_secret: ENC[AES256_GCM,data:5fKfTqwoUreSIPbua5t1lYZFRnQQjNzFvrIBVIBfKWu20kH4BhlDboL/zYnhWLELq/KykX/EUvijoZxxTnUiN7T8H3L6fKOCQKacZkIwKfg/JjqLVnXIaY0JOwg=,iv:Cazhdo7YR0zSgiyQoHLsk2e4dWGSoSfEtOuMA1LEJcg=,tag:KsbnGvEyRbzbIXuAayQk5A==,type:str]
+matrix_mas_config: ENC[AES256_GCM,data:FxZHMYlqAlr/0rtjO3R58h2Au7hXY6zYv56bQD+LufA9Jrzi2vIDQe2RPQmJdkQ48sDgFiSGtJ1kqZVCDc21FPtjbYcJuCYKZK/opJag9MnXae/ZKBlsWk2QWtxGtWM48mwIw+8aBrSctOHA9Ibq76yQb8l2ubyjtHn3wYM=,iv:0YRfVkim4NNAUmV9MzErQoXZhdVKwa102D+hBT1is/w=,tag:l+9NkxOjXoxD1WalDgQlJA==,type:str]
+mas_secrets_config: ENC[AES256_GCM,data:lgfGW/zkJ3sdmXehzEMGiBUjIvcjnSma+BjBshxAKTPKTxQtllk4GN8VI7AII91u9mG0231bcTb+sq7wm+nuVLxOY9wCuCGA4/Tsa0QZmphXqWzRXx0yuHawW6WCC3U3EmyPiG9m0/a+Xt7by7+ep1p4n4QrDKZBCFkdANCera2MA1VuzVUr0o7xCul26khpdN0dZ539wrUGdocKNw831s+KUdqadB6I9iQ7f+/l0EFi7HlWQ+vvF7/KAYuoUh2jS0MGhBTRgSDqr17QZ9TB7PEQRpztQygqgoqYIl+IVYi/AfmiyY10Zf7GFE9yHn3cd7N1gRRGj7jpKlW38QP/GOF/6w4pOJxovdsNzJRT9lAuFSyQqudgXgM3/uJQwQbguBf/aSGS5pWDp1LxQffLiKzQnfC5RJnYJ87f9n2908eZ53jlhSRYDtAqfbbwQNUsVvATOigcUFKmaDMwGyKKdyiDE3+mXH9Twal5K48pl3LgjOtajR9E23fR/3lJ5HfFCqCdL7rn8AYxFzS0B5G9r59ik7yhHSWiB1jPVhIQTBtbPzdeuIQUkWmRjpxi/I1eMgPGMoHlPNRJowg7Rsa0hvfYrV8caO/TVILd927MmtmqQ8BRDeCxHNNRC3fZVkqcVcMe5vFzafH3NlY+spsNPUJiA3yQX3ahKpByJP/NM5zlSR+y2ZgyM+eXVFW9ORJT6gvZnAtq6rWTEyMXk3iIQUgbw9ume1VN7H/TQur2Vwdaz646TqzYSn2KSXCOwoY/mNNlSbufXvK/76XrW9Ckhhl+tdvHGlzbVTzZJJM8j5/PI9XukCEgPbbrvL/DzXv5KlSme1B6JmGJZlqsaJTBrYBItWzAxiGKQg0e/f72Ay9mjoYqVCPVYG0ms8WECfw4S+45Q9gNoPvG1XLrOzlRNDT0UKnuE0am5H1x6vlmketzgnPMKSZVkWqNcgPA/6BlUkxF7Ne/+Q+506d6w7AyXgXfhFwg+cEyAqXjBtB3paFSLkm0U1OHfSBWsgbgMK0Xn8GyA/KLBV8bLINwR+qTp5Gdz+WgBQTfTb1m4OWhyolx1SkxjnUFveLdZRon3CXH/K34S7X4S8B4y/6z3UHGmQcK5g6HOYNQtuCGKlLAbZHBhQgmNJpdGFuwcdC2bdgHfcNl6eEazB9k90COjJTU030N5fzYq5hOGVL3xBUmvj1LaYEsnJldsfXjfas3JA6iAB9lcOfK2su6F1M1v+qr1SJbbGjeUmFt6q7B7LjrPnZ34Q/CO3PDR+UiuQD5dMpHGc+L6yB5VbMYs6hirlWVQlySvFYnOhaHiUbospLMzxwSi8nWKiMRiFGYojg/2YrpFlVv3T684vBGGGdL/MG7docgEdBANsOrf52nsvvT1921A09z/mL1PxHHJN0XkaSV5cUd1vLv2Ba3dHMs046ls/TrCKcMXQbl3FibSBP+yEg75xzk9aWzjSPUfnQcaslOo1T3UIrYLaPGjmzoMtLBhtNB1hOQh4tQpybHL3sMr52zxzj0vwA3dCZTy8+5SS7tD5hmy1qlnk19+aXaAFPgUZXETBk3r8c208Qi2lbjCHI/zgeQD/1J1ihtSu0EeJR5Kz9a99ztUD5AnyrZXpawsPYDcxjhAVFDmqMClV2pjO/Bt+QcFVMt46XKFftzGk0nXhN/9ziVwTpFYxegq7hJoebU0qG37tTHol8KiaZ6RtsVNwDAuFY4lGgDbnS4oLDxzVDoqY2vsk6WldowAtk8Gl4sicsXmC0WtyVF3KYn3h//nUty+KgxwxF30PMzrxaiK2BmJRSmUQecaYfv4xtcq4DcXkreG4HsnsEsExcMMW1xURfAVG5OC75RWW6yKy0mSVkUGUox2TSEvvJWuvX0yyYXaU0VfXqUTfw9ZFQEHKC0IvP/MtLxyCh5fWGuTGoDyin99b9v+Rf12LwZtkaLxqdzGz8ZuR+JVIhfE0cy/1/M0JEw3NexIPUf9b9svppQA/VGzRAQcwCfeZ4/S4LDC1xWPZCZi3+B4nrCYV1L6eZJIKhGQQzrF33abQ4KPmY3+NyGgA65308G3PhIerJzpvpq+SwRBtrLjXIM5wH2t6Azk8AEVYruZ+2SqLAyFXmt+Zn1uuMK+Zfscj+ji7rZ/Qyfr/r0m2Vc5XVZth0FCQHdL1Mal8bIW31q6tF4LVtMmK/7KrjypjRqCH7D1kUiaafQ74O60YYoS+sPF7emz7xTZ4PNdY5w50qBWcdm3WUW/ObBFR1YZyGd/OEEQXqcUzsSYJ5aMS1ohyIDMkWeUUAvu2digiQgHzyY1XrvjWzHGL56nsWe+x2VTS600d6aY9FYZ5/yY+h3B96hcs258vn9xTTJsMZHIV8V8ZoC1f6Gb4zHpulYNiAA9PjXHHORU3N4DXNjI4jpFmIgQvF7ZQAd7CzUHXXbdwHVD9IQeKrDTrcvl3ErmQumuM/fVD77OtegrBKDYQ/VVS1bPQfX7rnaQQ2hD2LEchJAPXTfI5eiEuH4nJ2TK0uSWHG4Yxau72gx8ASPeNsX5sHf8yIDlx9wlNSRnO6A1rs65uYfSSwTtOX9irkWvDvBUQvYJGtenk2mABAJf9+qoupuF2WfpOCYc1dWka9+vWxj3g+sxIN2KV4HUoAk5fkWOffsdiNVKyxKprrKHZX+X7e3+6azxVbEqQoEQo4yqE31dOPfZBjPntRwt1dVmpKGAQClrVcBfCD7J0+8J8R4r45a4Svwe7zAmef5Icvk3RHCUHKm0ZD+yIaDzoABDLXX+68vwrM2AgNNw2J3QcoKakpyyGtCC+oRlutqn8wAodC3NvnNmeBMuCJaZaTvypDoTnOyvNTmgK6rJZPt3RWACpZvq81tBrEgTjdWFLqPwlFzNhXGvKxIf9Md/ivau6pREa7vBxT1fBqV7ZjGOD1nWsXuq2FM0tKJXNL6cU3DzxVzK3Vll60qFa0s/MZjKL+1lKJaDTtQA156en2mQJo23fQ5uJxZt6mDOY6Qrty5/L5BkiY/vRDp/78orTh7UyW0zLK4Bgjk8/lfiUodliFjTgDnV619XyUK7J2PLzg9HAlbOTFczZS2JImEQKzLGSe3Byy7U/I45bD6TUFlzCBmDqmeIAmIbiu5IVGedqdbuLSJHp3JweR0/Hjho4SzQ3evgMMPG4B5wtYzKhASBcqLhny7Vrn4LmXGlIgRYSp5SxbgsufkORfa1IRviUFoePRVQahCTU+O6DyrwqFWIrAIk2W+O7rYuw83OjGDdFJtU8KDh0AQ6SAry1XLFervHwEtj125Tav9+fg622VnClFpkJV+7QxbtejulREc3BjmTqsPuW99D8lbQrne+BkAFSvNdy/DnHMvPNRYGoU9y39qvGWawfiE9bi39UNDDr+7oPJpnQX4AvrDlF9VNHFB9W3O5772Nh6cd3R39Jzb6jnNg3wC/WRgchKs5kS4WR0T/xhNFDMoAk1Hx59MdhsR/BKQKCUHZGW2tuUBH3Mls90xx4cmZwPQrvaR4NbanTc6MhMkXBDD9828lMC2UK3yv+VL66g2Q2uVTLjAlQaXDVIlSzzpgHJyi35o3CupTDOhUhS80sYA68dcNEcvqHpwoZ1apL98kc8XPQvf7I/885NNLhl3K3MHLiasFoLsFlp7xwXUFSuFz0sI7l/xGkotazDvWdhCS7uZJY+zVxV6Yzus2+ql4fh23kFVVNni9OVGcrDbv0zIWUH956KI0u4r0n3+QinCcUinTTFbrlDL+/WX3c7VlzRUcQ==,iv:DdcflAdm5G82WzP9hDBK+Cy2X6ncETdYdxYJmd8LG1U=,tag:3lp3SO4WI8/gRp0OJLYK2g==,type:str]
+mas_matrix_config: ENC[AES256_GCM,data:W7tyChbHM+LWYJYuuWSXL1wg8hKFA6UWHjVFOBQMSnFgguwcE7cg5LSnt1Sr/6TaPQP7+2y0sma0fyKlJ+zcUc1k2OPbJLjsrdjNjz7eMSlzmDESRLo3TBSyNjAKjlgWkEftMZRrrwFmA/cR0PdPchTLfBJnvP2vcLpDPEdoitrQFKk=,iv:FvkXV9emW7l1q1KRk2CP2Ec2pIZfBJ6JlpcIx37mVcg=,tag:p/NaElAD08dSPAWOA/Htvg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZzNVUm1keldaNExycVNM
-            OEV5SUZQNC9uSW8zMVNZOHQrMUQrNm01Tmg0ClF4Wm9uSzRTL055ZnlHUlplUHFO
-            QmhXQU5yMFJDMytyMjFiaWFXa1RuR3cKLS0tIDM2d014TTRySXVtOEJieVRxdlVp
-            NG95TjFjUjZFMXh2STIyakxqbUJnRlUKQ64ahDiNJ4nPUQ5pLH4Jb5yidNrK11dT
-            YSg9QNr++FTdYaQ/TXmYTg0d4kF3yb/xyG1vZMcpZP6+omwN73DSfg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-26T00:55:05Z"
-    mac: ENC[AES256_GCM,data:ix01bcc6i1dTxoYkXbnEbLgMC1bcplI/hZhyO1mFzPAyjfn8h2d4AHUS9CG8UnIDYGky8Wx3BqrC6MmWMtt829m8bS6t83JTPxOEm1pFEa41sUkW9NYuNPL4LQ8X2BzwteQaI8nfscIuwOZ0nK5CmArZneuUookQEszAGX2R0Mw=,iv:mZlEG2pPfKLgZ+6k9iN+NexRzlibYi1HzqBzbrVFj3w=,tag:PIXA+vyOSaZdU0CaI+03/A==,type:str]
-    pgp:
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTHIvZ0ZPRTdrc2VmY3F4
+        T1NqMWU3NzdKSEdqQy9OOWwyaUErWG56MEdJCmpFUmphd2lhUEluT2NrSjE3YWJO
+        OVRHVk1YTWQzdmgyM3dmMWtCeUgrT0kKLS0tIEZSWlZGVWpUWHQ0aUY2VkdWb005
+        Um1hd2FCUzliUjlvY3JGVTJtV2NxWkUKYShPlhmFB3f/8fSdJKue61LR7NqSW3bq
+        JsmPKkofk3bzMbkUGm9fWey273nOLG3SNcx+ANDCxJUhOQ8KutaOVA==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcFdrdlhNYlVmYmhoMU9Y
+        aWZxVVVmOTRHNkJWSVpGSytQOGNSOWZ2NmwwCkdENlRPdnk3WDFRMFM5Z0xEMFVT
+        NVBJWXo3L1lRNTc5eko5dHdyMjEwajAKLS0tIHQvZkticURkNFp3MlkvazlzN1N1
+        R282OFVBVXZPcGNWQllXRS9HTXhobUkKpyfxx4gEcWFX//ntF/pWc7HNmeRIlF4K
+        DxjEnRn+PJol8kpBqttXPSYr5EydboA2O2Fv4EmQc7l3VQKdncrlOQ==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2025-10-12T02:48:54Z"
+  mac: ENC[AES256_GCM,data:xmxSQJ75JwsMPzPIGUgmtijRre7HnU3wpCvaPJo+XVXsC3wRnSwhRGc38DWxKIljx9HAKGMXV+n0iT3+bnTkeUNYGaUMROs82cyfqxfCd9pn6Qi9ytUb/Oec+oignDlojg8sMKZJGyUguN9sdSRootgSe3/Z4Di/IxhXhW3cDZ4=,iv:cLtqVhLcFxrlzFim+jgVpFlmJaRzmm4zdPkRCKOd6CE=,tag:MnZrm5lwYH/7YEjG+vCIKA==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxK/JaB2/SdtAQ//Zi8QfQ8Ahr8WyEeaJIvXBRGUzmyg84aboRweI9D/MeJ2
-            CnVm91xr74HylD6sAXbGcTnwTtWChrrgSJ7vGBj5t2UOuW9zpKFl/pgs7o4jzwoc
-            C2Kmgug7S/chaQJsfKTkAs0t/MTHO+DZru+O/pT90zgdQEig/19i1smnrseBuAiU
-            zow7lc9mwBTIEsTlkYoIr1+Ihoiizv/q9oeMvfaZr8hKV4wYTp1Cx9xCgXxVcv+X
-            SpzIqqTT/lm87znJcSWCQY9fTRrhAQu4RdhXzEIxTODljmFhQcx/Nug82EAc1Xjh
-            B7qMIsblbabJyrBUk5BypvDHJiso8qLd/6/i/rRztzK1q3vtT37XPKk8KIJz84cy
-            ZDqAGDWj8jWDctwac0xTAFKVr/5oF4TGIf1Ydwv7+GMOeXvn2ZInmiMGUKxdGhwW
-            vg2azqqatmRQxI+kHUHz+FBiQSTgKIkVplg8daCIhQVK4r4CkOU5dPvDjw7FLahV
-            LN7XVNVCZw7p9yACd5KkjWX2E7bfpHr/EADOr5epc/EZwOmblFmGPzFPNR/IfF+E
-            QJrw2bTDuMGZRzvn+6CozZOnOFpSrYtzbUHTvdt+iskHS1jD237NOvPe4j2Od401
-            c2LjekRPo9BpkrufIlDQrgjflH6RGHOLdgqPE9j2zIOfmKjdIYiQlIIjNlh/xeDU
-            aAEJAhCoQ0WS+mj/YL0Y7lu2/GEf5FxjkOwa0o6SOd7iR17zrTwRkBdSfsSUAiu1
-            pw4vkDFzgvwR+80vYfZcnYyCGOQKMYcn0PLtmnQfy/LUUGW+B1/kxqSHZDDhCuWr
-            o287s9GBxBoQ
-            =BImL
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAz5uSgHG2iMJARAAsLBqwVkmgFjAHkgg1Js4o1G0wxf4wSmWfBqGGlQYzuZo
+        Wn/RojGmly81Vx3GYc9qC9+H+1UKdOGOHeAeBftaverwJdpAay/DdAKaZ5FJxI0b
+        OgiACiQxaaSTVLAPIZYw8xCKkVItoR6i1M4d0GGwr26hFNUgj4fSdVR2348KFNmZ
+        tKZIDipjS7WMbAW1etMdY0oPRAxQfhxRVp7lW/Z2bJYbmnug8FGaj5EwzRrSqGrI
+        li907EswOElX7YijnjrJ2I2B3Et3sHkwxq9jSEZX89EBHJbwy+fFWD81oKugDkwv
+        HP6a6qMhYBmp9D+hGcHAyyHYXmdQa6HXSv7PJvicHTAQ0iLodPEFz+Z9gblHV1Y9
+        xq0ciM0N8NbTmGl6JOfeg4dB1CzH9N9TH6q/+Yp+ZZnMJfzjx+dV89VCPvt8KAH2
+        +fj5Ru3gwGD6NpvNP0aDIAIygzlJE0Q1b8AtMXzHNKfA8jlGqGalkNM5/Q0+rJAA
+        IleUVMXJz07o8QvrDZKTq+FYq6qbcPFGjvV7c9mBcW6/I6rT59OLiX/eJHbfvUAE
+        SrLpGDi7kOOiWlFmALLG7+pj7XNxxNlmeG+UBWa0ZEMW6onc5HufjpS6FkPeSfAQ
+        dXSHq2wamtt1o6B3TsBmZAliZ7b/DbFKTl8ErE/XnWGLNAMqJD6pCDtJSwvDpC7S
+        XgE11hisql+hIYGrjXrHe9DeNtgZlKd6sYQKGhaMtA/GeH933XVXjA3NsN3GyXDG
+        MzJjKPkRAGCfRu2VfLv6hnqjzREgsiBpS+XLitZezW2/MtkEVvYN9BwWbe+MUsA=
+        =v4J/
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA6EyPtWBEI+2AQ//VYKib9HvGAxzknrRfI15qFSHdvRxWDiR0M8Jo7JWTOCJ
-            e0BGytT/dkYAKXeZvLX4W/65jQ4GhBMi20NSnyfqsWt/ENoLc3v9mXX3JleBRceX
-            8Gyz7tlqjg+pVW7lUtotz4vM6TeKBJUT6tHm5K0OiQBeAtjitphIkmakw4wrS0+Y
-            +3Y7dOpktefQDSWVDPtbDOImcMFS6EYn5JCPG9xOhsX7XoK7/wCmZuSF3p/q6/CV
-            3NgTK0W2L68CiUye+ajrtn4545f3jnQXiu+JkZGcHdKsHaexW6dzpTsSgsSc1S+t
-            NlhEty6Q7kXXylG3OAtoEhsA3PP2Av2o0oaIpn1Syd5czHvmV7M+QT1M9HU6U96l
-            Nwio5cSX7faMrlGfaBNY681kVtOiOSFDMvDes8oPEqrqKEDkIiIQwMnh68iCTXzX
-            jRj+dpCLLfrHdo1+oB1JI151eB3ofUPbvTSdz/pASJ9gkFJBgGCl89atxZ7BDNQZ
-            oCbk0NxorDG4RBA2mliITnctqAe8ZcpBrOJoGO8oJ6u4fH2SNNuoc5A+7tMEHCqb
-            2E06TYmUASROR87g0yZdtffK6+ZlLZzzNI4riTUGaGUu3wXDh1ZbXB1CwF5LJ67d
-            4P3gJApHJ+ZDrJGnWr/4Tx0NlvPJgJ9bKNT6F45ZZcQzq6bt+RUh6RC1Axvdns7S
-            XgE7EN6IttIGME/AAeNdGh6O/1XnE2CEiqwqTePb9kgwIufoJWLarnz19qcbnMp6
-            mfHNrJlF5FSVuipVtgCYgfWDos7ft1qDqvgRSD1awmdFIk/2ct3wjXKxyB52Vxg=
-            =5zOY
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAw5vwmoEJHQ1ARAAuY3IZqvQw2evpOBN/A+15eqpxK7uS8YCzxxQC9Bjn4LB
+        kwO1b7eh/Q3mTYAG4Xl5tix0Q9uOFM5epftk165xCUu9p388V4Hgx/pGvn4ODhwH
+        AqIRdXiv4rOp3uN22ZLQPQE9hdLIg8AUK2s87R/vUaB79vZttY76N5ucBDRB5KGC
+        tPQvggsMi6vCXs59o75nlUbMtVTRZMvERwf+0bv809vGLX81QaZUItcGZyOvpM2t
+        qhRjYZCI4g7ZDLact0nJA79msJqrjSBsMifmvcfUFoaWps7P1S3DuvBzd6tt2dzU
+        LKwS/e0BLluawwla9FdoPXy8Dd57zPFVnO0FmsDYtC8qZGQl4BiUtQqvmDxrVmV8
+        VvcBMdyyLWyYbCvWLqpxpAN40whis2zGkfN3llK5G6SAhIqhX/KnlOLmIj3HN0pm
+        HuAls9/y5pebxgBFrPdhYRvsxehQRGmffjr3WW2Co5o6y7Mazss4KLO8FiRvfbRa
+        OIBEkx+V2CokjRnNnCaOFgBbpzinabfW64eP/6F4pTcYerRVp/EEgioa6iYA5kJE
+        vPjc6QRh15hdjLKpdGXOFS8JLMlk9mrTECmuQZNb0Uo2BJtbxbOqCMSdX0woF6/M
+        zRNZJfTvRtaiUFCCXOyU3RhMtqMK+Qwbw57DMDklh2qHsAR1UpS6k9RtYN3j3PDS
+        XgEgaPSPrGE0E68ydgguomvtl/kVS/P5GGSo9DQ0YhXMPyBV/MIkMD3mIpNmbEbn
+        nDNtvDvOjCdmfEotALsWs5VeRTqO9J/GcpPxC/+b0gTIvAjnWj3ptTsz11Jnf1E=
+        =Wkdq
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAz5uSgHG2iMJAQ//cBAsMfpoC02vbVtRPf02VS4NIVu2lM1JdB/IcPo0BHSF
-            PHNaVh3bl2a3cqbfMvNG9nquFVpDgtAXcSaIvozlsWgMuBIukfYKgeoFNh4fhyy1
-            Wgcl26wZj15Tpu4rYHK27CmXBHVusQUyTZVx2CUZwoSdtI2zveWqs7+Qvfhdjb6r
-            Yt1bDr+Zkrd+AxUuU5Njlp2eGOcuxINGLln2lh8jrdSytOzKll+G/nI8yBdk1Vql
-            P7iTQ4hHlCzs6HBsgeA7mpkJMP/h0Ts18DQ9sOYCi1SB8JR1eOqZWUu/1nSAk/hV
-            ntHk3+FnOta4wx7VqYNjRi2JROpvi935JBu0UqwGkVVMdqQNB33/qnJdzcdcfoa1
-            3o5UtsQNuFZW/SgJ3uiPYshIZZGujH3j05aKZV2yULyBRfP7j4KrIq+3dQLlW4J6
-            TihPL1Y3aqVvlU0rGOjjKeBL/nTEbEQtbkyCcIrW6WjdWvUYtTeIGnBJt+ExkyH2
-            cmuoch5XjiwMrXDnIFzOqeKbLsIZIAatFOzP0jsy66w2VAeNY9AyXCJI4cTqE6py
-            RVc1QK6+ynhrQ/zJ5XKJD4ATequVJidshC8ci900KBW/1R3XLm7zGQtw3gj5QQ6M
-            lMfA3bPS3H/DzFHq9NWbQ7Lfkm8N5W8ZSQwBKum9o1uWJC/79lFkyfgf4JqDjDzS
-            XgFfOjk/KKVSrS7P/3V6YHfQscFuq+Tiepr3LCNt8o+0IbNJbsr1Zg+sutuMFhrq
-            2lblr+MKkvUpYBhUYYen/PULpr8c6QZYiVX14xJQqFzYk4U/4WoFZm/8dXuAQ8s=
-            =z9Gs
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hF4DerEtaFuTeewSAQdAWCQaHsUsVRZ81mhzxREzdj0xMReLH38JmXu515OSFSUw
+        76iHcTSqMeclrg1Uio4xhGTctSMhAv2t4yic/ocP6EYNsM4yQUsBLtM+xm7Bu2Qu
+        0l4BXcl9T+kQ+xICQySM1g6g+sHxrKCgtzNB22vG/jqeQatdh19OOWlibCXhicTl
+        Bv4qKPSBGBdk9KYwAN9fstUfmbGX21E5DXJlFGhfdnvWIh8biw/0aJ4floOk1st+
+        =dh/i
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAw5vwmoEJHQ1AQ/+JcEj7POTdpKoqBO0W8sxpvNafGlxWBmGF9nVMKsCe6r0
-            +z2iyj0TF2ffRe822djXoG0Kod4Gf1Ihg+u/EKGgoL41CRt3DhszervSesm/pHJU
-            9+IMJYj7Wz64GekkIVkYgcLkJr7AeIYM47W9kr5XGWCI4ogQLHJEVgrwFMWVsynV
-            meIBjn8ntS1aI9xZQC0EePlBekD6zvwQHOyEkar1MD4NaMqLKf+9x7IAErY0msXz
-            czBfBVZY74q0Aq27YqfUcl2QkksxfLsti3WrB4Nb2YIqzGJ6bED9TsqRhy9CQRBf
-            TSN+jh9Snit8NgLMAD2eyBgGUcQbwvyW2OHEYWpDXqsMbGmXQ21wygBAN0vfSCyx
-            v9m2+DSJ0jG9icBj31JqZcztI5fRsaForxIRmuT6EwGHc0YfuJwk8LWW1YOTRhYq
-            KbOMzGZnB1aNI9i7jVYHgraU1vB6u6R3hU2hOJq0zzqP7w/XuSitzb4+EzwuFkw8
-            zVRNJ406ZYJvMhZp8NQ878WkJRqsV3C++LevnLkHLNfMOfDcD+nltmctVXf99Fc6
-            ebc7FQj6jOsUlbNQMxnqOZ/6fV9WesjPgCsUMJFxC7/5/5th8CU5VJHYOwwMUEMS
-            +zbwM41MxUeknII7dc22MHUXxMocVkhlmGPYNc+jRv85nuDwbYqMa9Ht4JychK7S
-            XgEZyWSvHupNW3XMwspeyYZMS3pSDO+2YExopgpP6c9Uq1TgvkHo2L66SXj/E4EA
-            RaUR/bY7EoEdNTrqWlHpuLyRihgqHLHzlRsdJZYBinaIfwmKzvINRiQbGjqhKLs=
-            =mbJg
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAxjNhCKPP69fAQ//VnKyJB+ogP2eCVpjvzkXs8ip5xe1aYj06M/cIw8I8Awf
+        aVVBo3DTYGrX1ke+E0WbTvwbd37T/M2RyYHlFQclIfnZCfa12gSrg+5ggInZGRl2
+        D/d3Zxdz8HjML5DpXGQ3dLGi1SbWn048gmdx2V34JLWvxu5XpOMv1RBBLcDIoqVS
+        HWGa+/tXAbyT9xwZJAOEVErlrTWXKyCYPLsTL89x8E5jqPijJoDTFle2G8+uv70J
+        /Gn2Cs957jFocPrZEqIDVwkf0jgQllkTELTNq08dm4wqCHbScxLgUxUyCSobeCk8
+        yedGAJ6tFrXywUb3fEoKcnGF/5TG+3XatJC1aefsnsBxAkDT8PX0nTlBxhHwu3RO
+        IEBtlU5icVKenRPM3mFEkmEIR3B3+zONLGJ+8PqbZ6OCZuImxHgVat8FI+vXE509
+        1Dd/l54an5jskXpqreDJEDfeZpeUYkMMxjHdg8x+ilZlxMHoi+NeF9ocEfTrLA2y
+        U0bUguEmqW7thA+J6bcoJNHlXsd077+97mN1l8paBctsllVwzZYoQp64ICAx7PPY
+        N9GvWBuupnbrWxMS0nnMpF0oPKnN4tknflrC3ZacPtscRo7BISy0RHhvJG3SZ212
+        eRCM/maYnV8omAaIMuFfbuv45yPKkLq1MPE9NID3wGHkJqmIpm2ggwA0A6g/h+fS
+        XgHmJuXEV6v9lxtaRD4iFsbLL3+hqfVfQ9W2IPbARNbOKIYplgJu0tWw96y6fnIf
+        R1h+z00a84R27N3NmuV96Vyg4TvWKTAmWZzmZYIM/QfzQtMszwQ9PWOUZeHGVXs=
+        =TcqO
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA4HMJd/cQYrVAQ//Vo1ZEeqpfN2gJUEKHZs6L3dXmRSd5RedwTxivQSDUZaw
-            CS5CQgBHd6H8ly5Phc2+QrXSjn6sJubDPaCAVmWKOf4WTMOATgdbp7eNEKlX06iT
-            igr5UuptY04tM6AauuXNLatD9F/2p545VkLUYVNQriVMgXjrSd2MWo7/J3P7G7lA
-            xupGHMQ/L3gwU2A50sJUtAc1/SW6h9RMNwHjx6FVRvQtdWUdAoRYCT+r2fICKs1m
-            MKYOUzOA4CW3uURM2NZEFrVdmES0izv0vNAQqx0lVxAL/qhqwsGqTAZkXryef39J
-            WkIpqwQWWutvwmpVu07yBllfWU5XzoxaH+ye64p7+3SyrRwdrZc7IVW8NM9NSAru
-            +2lio54b/dp1Sh7GGV2Y3hNMmGuPOym/PEOLVG99mkfZaPDG+Ui6enV1Ol+dFRaJ
-            9VqSa1zIo5N1QdW4iy/Rke7oMlTINcJDCA/KgYeLXK5IRz/iv6q1QyzhR+dNH/pu
-            JzxDSru/ZSTP+oMXZ1AgGf9UDUy258A7oDRt/ECN2c3oggj+Oh/HfnPXfD+9Mlzq
-            c/FGIRDQE7lLQoHqBaEgp9pejepAAocCci3UMgAO3ZTgIlXwJyE7fWZKrbATIqEX
-            GYr/tLNIyb1df4Cg2Pp+kS0i5+KnPqcbPkN+IhJq1BA3qG0rzFJiQtIR5Yn7BxXS
-            XgEVc+mwjUlUnQuVxFzfyZSlVh8tipwLZck6aG3IrLn/9WSHMY22GDOprsy3bMta
-            OOy9KLyPgZIdPr1v4BmX77x+2Z5EeijAEswFgfPvSPEuWKSiqkXvaVDy9w+U8kM=
-            =0phM
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA1Hthzn+T1OoARAAmnSREMlYFwDLJ/9LoUAO2NqrylMZhIPvwU7HQleKe7u2
+        cdhGZKXbPCMLlWgCM6Z7wpVFeUT2OPI0vkDIL6NNlJ/l09j6CunNfWY/4qKc9YzS
+        J4I0tfY/cvnDRQrpPcg7rIgM+ukxpOcxmfc02NGqK8EMyZurFNmrmJLdob8nsoIl
+        ZlyPHMEw2KuSzDsX688OzO9HozcHAJVlG5Aw1lD4TCq4Fq9HTPRnmq+oem0gteDT
+        VZ2Np+Q5zc1NYXU36lmkBSHPAc7KDIplkc7eC1g8w56xk8mMrrEwz/qUhgIYNQ1L
+        wicf9nVHxaIiPdUpjznL0yGJS2BEbFfQPV9p1dkKX+X+3rBJiVXvGWzlIT1v5AhA
+        ixXNMYjwpQ6hgytw372q2FltXAcwSggBcmIIgq9DNHP9YtCmI0v3jfu2ZY7HVJNJ
+        MIJlozlrUrzKjmjhNUXjAjct/N8rKkBtjwruKWWaPERFs0OT7oHPjVphTHo1UDd3
+        OhYBZ72cjYCDZyNYk1z79OiGey83o9JAFZv3yWx+LDVJ9l94dGkO43ONXOE50aSE
+        VSvZlDL12IRg47b6gm+a3DtP7+8mFMaHhvCxNiOpkoFZJQVtZdoFXtwdf1ZAOUXa
+        sx9tdnWLLGEAR6d9MFXEYyJx4ykfp+Ew8+/eo213ZL4ns3ASGw0wGw78SQebUn/S
+        XgHeLtKQqx5qhIRcFz78GMZZUkMyljFVddUz3rMy4npPRQoGkyJYiY/pQI55rcHV
+        8ShFKDpZurafdf1kEk045SqFzwWvubet+k3VpkxPAlFBlLwstpvz1CQpRqhwZCk=
+        =HQM8
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxjNhCKPP69fARAAleXLoRXh1RP5u4Hk4zsVpSbbhKKW8dypXDBVMa4trCi/
-            Xq5Z7XM/Nip1iBCUHoLRaJdi2MlM2aDfVFo+PEx4JagpjxFjzqW21WUa5vqct9Fy
-            UVgdsssSVq8hNrMvlxDJwYVYfyQIOUqKyzDMbXOGh6AaOHaZsNsWtOBDJRqHMSXy
-            ULXMH9xxHmheDDV/ZnlOl4fOBJT+qC/F02Yo92Q7rMHWMcNs5NITGN3DDYrQqs6i
-            uHopbwuTpRMggnHldaMM2l2n4eCBiKxxz0dGit7FlpFL0kgsZROGBkQUyAZdkkwQ
-            LKnaqgodCv9t/6VZNATp8+iJP7ji5IvXeW6WQOztb8+h8JV3j8pHdadNzgXxH4av
-            LVnqAABQMhay9jEGlPzgQFT7zDbaAiUd3bSLz1i02Dyi/FYCIylHFEmBErr5RBsn
-            lqbG/vAxJPKOkiDL31nkjugd09UeFYNp2WqO1DpeoYQoMltFD26TvUnbOAQo+v/y
-            xxl7hhCTzbd6kF1VxSCNtv0LhDdirq0+eiFN89E+5ijLjhmpg23S2E90etuRgjuF
-            b050aoEJyXosRqgXVl0qkOEnXgQDbAXrEobbbRixrIQRHmNN1NjRCudzJjxs+p39
-            tucfUPZJO5np8ITgE7XCt82IYxW7b3HO2kejJAluIfUxOkdBgORKuc79vEaP+rrS
-            XgGAqi7CdzN/lfoLononCBOhce9XgdgpbpQRohO+jLp+abqmbnEzI1ZnzxpWXo8Z
-            taWKvUIySWbN8bWhmiIky9TyUXEfRVKe9I0MUC3Q94NAnlnj+dNXXr3mS/AxNcQ=
-            =ZYXj
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA46L6MuPqfJqARAAq1tt3Yc0tQ3alerxjWUNSBzpa3Nq5W1bhZ8d+qMDWm8f
+        SsIBYUMNbPHvWOA6tLIzeMBIoBFneQwWW7fw5vpGzaATURTaMiu+Ws8Q2h7JhYaH
+        cTO/0QLTNtrwCMJOWkofgauf/3eQCwz+QNBByULSMESyyxYqaY/Sp5Vkfp9ddNUc
+        dy6YOKWGwxpUU3OrKvSeO08aIXL1dpw2bVaroOW34xf1MPBX/hEV4ix1bfkPUrDj
+        Oc+kXlCLrJSf5TqQhiYYOijRWCNmy31b6ww03mb5OKOHbs4zGAs6Wa1KFxy3b5C6
+        AV/v+JWHMOBvbU4jhhrIsPXUzp3AyZfTmFbOFn8LHQmlB4wS/poEU5qczJbzVsyU
+        OlZE8OVsdLDn7KvjoUDk4PClxLMk8LjQWDdoB9XxxmCV6jtou1GB8BPecoa2zknT
+        BSzC9JDGmoKnXk53YiPe59YNTs9Gxk9OeuCovmygaQbKXeKNe4eg+3UH6Kd6Illz
+        osSutJjTJC6dkq8oV/7YkMgDodNyrVE6QqrY/F/FOMfqzftMfRg5S+B3NFg8r5JA
+        sgxxzGYTEpWv0PlK2nuWo8M4tWoso06loMBfRR2ViNmOtCvu+TDHJLAFim+yJOk0
+        vzGifrUzvCRysvfXLj09gWPCoG8mNWLWD0xV/XiKLzE2cONRXMbuFeqqBdxkDZ7S
+        XgGdbwGy/jDBXe3422JPimFUhUKxTuFlcinjL5BhBUnaU9nKtvKj58eKoyfjPPfy
+        NpbR/flIJrQyoHpe+DSbkB1x88mOINYy8STh88MPAdvnEMqiYMH7RBL8hEfN/JE=
+        =zAn4
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:22:00Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA1Hthzn+T1OoARAAsBC/uAbTVpBWv3dmzvVglih0Zlnumbz6wcDbeDTVP3r+
-            XiUyiDFE/Hdnm5J0be2jSj7s5RIXj8Gb5BkXPoytAkGF6NMtHjZJLmeo7NciQ6Bo
-            wDf5IXCmv/PbyuydqkHJEztsSMWoCQbGQo+dMeWoAY+WKt+dQGyGmoB8BbeUjuH+
-            lgKlUk3W1INTV74Qz6avuEQpwc+6hvb1w3Vb5kdzgRjplLUB4w45wP+79HE8Ub3V
-            7PhhEQMza/CIyYqHEGQ8fKzd+tuX/naYXnbfTCu64eyKCz2fQZOMdqKNA49aMWGC
-            vo8K38Nd8haQ+tcJvT9Vuis3n5X0Qdzpk/8u+M2XM4UQLHSaKSQRnJLpslumLJGK
-            fI2ErQJoD/TR+vvwrKXmCOEeiFjs0GC8zQEVP6Qa1JE7Fr8iKIEtYYXmGK0Q5Sku
-            5eUkrzJC9Lh4rBvGXLX1PZefBVxnnlBMNk0Cae7vGnKKKuARE4aYgRkIhzIp0GuG
-            pdwSir1iTVMKtfrkpJ7BqPANKxApbLzYHBi9rFWJboA7HAXe/E73HD4Ov0tIs1La
-            9rwRiJ0LYUixsngf6YvtGuj0ZiuTe0t+VhYzg9sYOcBWW8z/AAuZ3FQoBWLdOFPA
-            GBVI2KV+vr5h4dy7+yCqPxpqhkKe5ObCdwksBrl9tiaPVoQuN6Zv63kLlCtkP7jS
-            XgFYwBL4tKcCPfG+9J61T3LqItNLmzrT56LMN6LIz3pvRtASRbSRRnqKuuPgAL9g
-            IeFHe8lblLErRwKz+iNre6wwQCEfwbVf5NPF+rLh3nfEIZzCf/CF3qrxBpdYzwQ=
-            =P+bx
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAAtl2tC6rlB5O8+4t+b7ZEo4GU578OHN06nJKxxFQHG5zn
-            mkcANcm5gVDSRAOecM2FyZe4ns18rH4OCvp+uegEQyMVN/XNUEj4/+bGzgXX0NZf
-            AazE5s2+0i2NETv9bhPjJB0RR+U47PEgx9vKf4EnvL9MAfWyPbGwzR6HdXXDEE/I
-            c3GNaIOY7YWBgXEuX5LnZbON5hQhbFADY/BRhP1S0d7Wzff6sYgtJhbtaTQFSX2p
-            j2+pTA3D+tI2h9VvKnZw3n1t8Jc9apP81KNFCURpNpdR8Jh8KQ0aSEcYWTusjah9
-            QOX8RmsnFnvWKTN+gU6tffcSbu/r76gmXyUCF47mWvn89ETVA8azp/66zfLTTTvO
-            CmFVx8+2X1TK04SIKa+MQcpAuS5cTHH6bw7N8u1YfX6O8mbHX/ZH7NJi/Bhxmube
-            Cau4DtdZ8mX4yz0EjUF62skJoaYYUl3UBrkGXl5A4NXK75ZHlBHT9Cn4YQYIPP1b
-            5MAnTsy6UtsGVBZPf6O/kvkA2gAQNjtOjQ2nB1FF6fjqEFFopzmLnAgGvW7lWkeo
-            lTbrylmv6SrrvX/0wN5Dsayni2iRb7pisEAFs7JAythm463PDrzaRmLoPBNBmJz9
-            l88QlYWDQaet4QbJ1AnEaOu5K03coEy6CTzJYqgkTWdLuFC4tUyKsD3P/1EANonS
-            XgG1y8ifC6F27sgwQribg28RPRvwoiRSGszAXCAeIwo834NQLIvswid5C4VCvPje
-            XG4X8m9pipP+BoXF8UuX7naRFnIGfXBOVH9N+1+SoTeZtXRX4GIWUGcRtk4nrJQ=
-            =FQZ1
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/+MLPIERHeZTiyNPEUc6YnWYcfW3Zgnsnc7EzfFn7NJla7
-            HpD82Y14w1gpQrUiPu7wdjzh7xeOQ3fnk2819g4wEXU32M5rCUay9XUWqWFnzpMZ
-            /Gy0tdwE9TgwrSQ6GDNd6JO93hLNByq1QqhsIkKEL640Wv6doLVfQW07O59hDrPd
-            AQ3UxWnohbNbD333yXa3kjfYcNugjtERM2wZ6qqZoXp58SG2RE0A2wMV77H0jOQj
-            Rx0arENCNBS5XZlIJW6v+I1Ak1wYnW5vAlVRMcUXo8vJNu93WaZ906EnmVCQ0cYn
-            LeNVH2ajcuOud/uiVntwdYKMr85rMBl9eOlsPP3dHqbhsrXn/+Oqagh7YUwEvJ8g
-            LK1krKc4Jlj9a5J6dPl0lCsEAv6vGaVCICJkNnd0JikTViu7DhajImfGrSLrA6y+
-            81hx/TTKqisAL1xBwOOu+LbwlhFZrkrTQaKnueswKzwrS3utxSX7OIepui7Ib7JK
-            h5R5VDq1bTCbRvo/rRpCaOt1KI6g4ZX+o5TI/60TUcGvzLRRAv7jZZ05PKhcfRuJ
-            4ZrKoRu2qKVxA6+kcOfy4Gi5MgkI4Keue4tgJsYJ+LCP8tV7+Jntxf4XXVMLoFCH
-            jQDe3vIHOxNKqlPUEnLlVmv+g3K9Y7N5uBLuk3xkVYrxWRhBmY6e0WtTVEF/lWjS
-            XgFWqfLHx/JAJgIU2tiO9oLkJWcdHuXAHNYDvTKP+a8WLcJDZdS8X1feqOpWYbaH
-            zVbYkg4MGJqO7K9f3jlCtyszh3Kpu5CFbfXA0MZ3M2eRoJTv91iWViIWY7UP3VI=
-            =vsm4
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdANu3CeUuv/SDkBQG+aROPeiWBauWaQBDUm6UdXAhEBXUw
-            Tuj49QiBBCQ440R3SBkHOzOOUUTMPkWo/wESnJm+EPla800tb9B8rOvUj7PnkbiY
-            0l4Boe0q5XPHSysz9eIQ7zRwSKoClgd+zi/GOtcsvxkLWlISoBzAVOVEvk55OeKb
-            7J70fuIMl5rZPPFBzbF9gjnCHxAtfSyze5774nPfFI/zoQo3WaDfL/9viRhP7Eqb
-            =i8o+
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-05-26T00:53:53Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ/+N5yVnEm3ejyw10aDPkLjJoUIoxZl0Nof6pGZxdWYgiF5
-            VrEsLv9vYQD8Wp7/nXuI2HW7OoA+vTG9KBZt2Tw9R0iPIMXpEf0fewPSBZ2n10lk
-            KJPvkMP4w2OV1AfGT+PrRPLaX8/2E4p6dE8BPviWEh9HptYKodhs9lRlcq2C3Kjh
-            sE88eJOSA+fQpASVZLNHKYn1UrXXENRTHE4tw3+OIpE2KSxHvIv7sI8LuXZb8Jxy
-            OpmUP+v9fmhsPJYIlP7SAvITMgZdMHceH7SDgOZn0kVU0inr7MJ+FCcNQkQOl7aP
-            jMp2B7qSXOdC2NHUmdYvzeUx6B8O9Bn19VM5LGte9n1RBnknw6TQfQO+fkQTjUyl
-            3FhVqQAxrutOBjud5xn7H0Grj+7oqRI51LLUjLQdOzpEi4hul9Of3FfGnKxjOxUf
-            yVBHqZzFco5rcN2fzMgWytjuSED0AE8UPS/tcd01oXXEsTj4YBSKWox0gZuyn9B1
-            mspU7vr9I39igceGVE6LJQ4EBnpR8xC7v5CDFpEbCr1qt4VlaH4nUgfN2tEGtOGW
-            2mmrX2nGC1r1VRm0K+ACRW4htDsOsBzSxQttVJ/5IWkP5fqegcwIajjo18VXz8IH
-            BtZdJKzXuhQLG0B+sXndOAgACWkVQw4F2hD5CYRpiFtungAqUbtSDbeb43x7ICjS
-            XgFrmwLxkGfZYKOPehbp8L9glbHpfHYE4CopRHPtUkhLTNWTqzEyE7YQYYVu9Cui
-            E9Q3v2/+2swn6nKOQtB1Adu8ItCqu8Om+d3IJQvKVS24k4+fKPWa7/ccmkXz7OU=
-            =w7hs
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+        hF4DQrf1tCqiJxoSAQdAE/M7osrxnQX/N0eV4PzXqrzXLtblLY+Gr0znYJSpPiMw
+        Pw6O4Nw6u8JkVgZCo7/lG+Y86bsI412vnZxiq3pERlxQVHgNea3ArfbM7y0fH/pb
+        0l4BQkt6yleg738hV8XY1hbJG2xruiw1p+Ts71v2qaFpSazOyz0RPrIIcWelJjkP
+        P5IV9g83IZMv3AWEGnUByACe8VpWJlFJ578tYtJIfnhsrDryCBubQ0gPsXGqTPPI
+        =mE/U
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.10.2

config/hosts/mjolnir/configuration.nix

@@ -1,9 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    hostName = "mjolnir";
-  };
-
-  system.stateVersion = "24.05";
-}

config/hosts/mjolnir/default.nix

@@ -1,10 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./mjolnir.nix
-    ./networking.nix
-    ./sops.nix
-  ];
-}

config/hosts/mjolnir/mjolnir.nix

@@ -1,36 +0,0 @@
-# Sources for this configuration:
-# - https://github.com/matrix-org/mjolnir/blob/main/docs/setup.md
-# - https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml
-
-{ ... }:
-
-{
-  # Allow deprecated, apparently somewhat insecure libolm to be able to update
-  # the moderation bot.
-  # The security issues aren't real world exploitable apparently:
-  # https://matrix.org/blog/2024/08/libolm-deprecation/
-  nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
-  services.mjolnir = {
-    enable = true;
-    homeserverUrl = "https://matrix.hamburg.ccc.de";
-    managementRoom = "#moderation-management:hamburg.ccc.de";
-    settings = {
-      verboseLogging = false;
-    };
-    pantalaimon = {
-      enable = true;
-      username = "moderation";
-      passwordFile = "/run/secrets/matrix_moderation_user_password";
-      options = {
-        ssl = true;
-      };
-    };
-  };
-
-  sops.secrets."matrix_moderation_user_password" = {
-    mode = "0440";
-    owner = "mjolnir";
-    group = "mjolnir";
-    restartUnits = [ "mjolnir.service" ];
-  };
-}

config/hosts/mjolnir/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.161";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:C9:F8:C5";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/mjolnir/secrets.yaml

@@ -1,233 +0,0 @@
-matrix_moderation_user_password: ENC[AES256_GCM,data:NXJrbRh0A+NQh6Jy9iVAfYhsGR1BSOSuk1LjmArSiVF6jnuJAP9f750cRP7bu7Ai8xgxTlhjAtv9ck6SqlJ6Vw==,iv:IN/siIPCFKE+Nfl/aogYRYAHVgEGhMtTbmEZKZWQYgM=,tag:xxlnl5GU+uusSeh1OvoU1g==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1ej52kwuj8xraxdq685eejj4dmxpfmpgt4d8jka98rtpal6xcueqq9a6wae
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTEhUMThoY3Nuc253NnBX
-            ZkplNmRzOGZFNWlQNDVpL08yRk5VTHZDUkZNCnIxMUJoUHJBYlJpbUViMW9GUmhR
-            V1F6SWh2NjRGWk9RWjMycGZYZXFZbkkKLS0tIE5MNk0xekwxY0NYYm9mc1ZGZFlH
-            NDN2dUpuQWFFMTZQRzFIS0ZieTRzQm8KUDRpPJwcWwePKMp6KQMnQLhqqyvuhgQh
-            rXpKW5fjxyT0Sh2u3FM2ET/9U0TUfpBVYBJojAJBFs1ntI8kFmqSYg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-20T20:02:16Z"
-    mac: ENC[AES256_GCM,data:5BhSo3YpF3QNqgGnx6YnymaEQB6pchMhokaJqk4rHg22xhbUAzOhWg4BQepT7vrCQlfOZIq4o//dGO+NQxqliiyyywrSYm3CBWD4xfZ9cdfinHC7Pc9lj6Dd4uPNxRjgTRNFuMyC+ATIABI2mHKpg+T2bxSalroIlvNr4vXWZo4=,iv:yPHJZ5PvI5zJlQIMRdbJ6eKGe1xN+teKF5GluD2pyK8=,tag:s4hO9RCdkHDsQ1W+KfXq7A==,type:str]
-    pgp:
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAxK/JaB2/SdtAQ//Y/GVthqtuK7bY8Ne5CNfn/CD1RUTdX1+KwX1zy3YsgUC
-            CGxhoFFy1UoXR3QB4Hxnk8R/vaFVHezCWKWY45MAuPtwM1VGwjVsuknrJnSs8k7/
-            jrzVO9xXgTd26H6DLmPVfH1hKB0/lh84hwVgF5rlPS/P7l92LL0hDIIwZz3dB0kU
-            d6jLa1Fajqd4MSdLWbZRBPcioC5v1Ip/SXYAJp7IGLDgXm5MN+MnAdybAFsl1K5p
-            dCUmGqK5IjyPVP564TqL0ZEIXMxSSwex47in3cTYPaOO0L8P3kbKDNWxZQLaqZkn
-            4RZC4/aBqlfD2STxMez/ksi6kCcPuC7UPRzuq4oH3kOcJHxwIN8Df+DZYA4PJKsl
-            T9QDL1EylHBhsPIZCoxpmnGl3j+hVmONj2V1awlCaOagbgDlClEUEMyw7QCVVbtK
-            CW4DOgVnnTxcUaLHep8BgHxKkYjIDIbDMmg315h2ekT86gGgZavL8IiFTWSLzSrK
-            XChIjUdjpKZhanmSWpj4w8ZpdGOOjernL2EBWtSC23AibBZmQe9OB/QzMpLTdCvV
-            9t9mMoSayP61oJylBtOKhDnEW0Xib0U7tqzwpaow2V+CU2dr27qie1jh5GqMaoJR
-            qpu1KT3Z9eqpF3Dl8aI3dEovbmvDMVXErU3pmFu2zRJtm6TOXp4NNOYWCetUfxPU
-            aAEJAhCFerTI/ow/LWkCQ78cCMFjgKrYabA3lHu11Mr/PiHirwJ/vCmsUMiOhdRw
-            49lsyqJlO3IA79yW4exG5tYXvPgeJMTdz36fseUEKsewfrPEqMUa2T4onet2+GN6
-            GALPdepytjg+
-            =v+qv
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQILA6EyPtWBEI+2AQ/2L7fbbhBH3BfgD7IbgtVn+nEhNJw5tWR2+0z1k72TIr9j
-            rPAvV6NQY8oVV2+uNLa4fMl+ueqYTFd3/E4IsRXkmexjx+vos27LjDNSu6w0OPJU
-            BSq5TFqZWYIPiWaivQz4+rt+vbxvpv4Lh3FAXlV9YubprJ4GRrlwyheve/l3F0BN
-            3vCDLsfXijZjxaptb9nf7WiT9vvWrY0sD4g71ARZdWi7Lb+TgCxzbQMue+4VC0Zu
-            y/AWIymVo13BD+apoYltVYYvkn7yz3REzsx3NN4bkJyoCAevr6UeO2fGvlT7b7eG
-            F7CN/TusFlOqWV9M0VbiOGLfL7Q9tGAG3xDAyFh+yMQNadp0M3m9UiYUlHps5DRT
-            CVsIPnPUr3V/oycRm3s+UeVyBg3rpdzWyNtETOjNY/AqVmRQ0toqZOm//ZOg609U
-            6+EX1Oc/GosfNoHWJuFmfKJRhPpy2gXZX2rQuLWaVJUXzzKM5sbLnycCV03S24PU
-            Fi7Z5lIu334QTLG8PV6agO5UprZb946qPmW+b/QnUol23XXcgh1GIgMV+lEK8+83
-            UPT0aUkdtOTaKbWUg5xokx+0Ni9syJ4Nl7naQq57qOGiecMnBbeE3TYxaNOcjTBh
-            CY0/hdcrZYH6VPeDye4yghSDF9WCaNUvzZNePGzdqKK3F9O/NmBSiYd/cToyDdJe
-            AZMZCKxSw0/HyBqTRd3wC/VhC9uO2I4HWE3LuqBPUXYFWc4W1buJs+P8pFjqT5rZ
-            puHPH8IxIeIiVNO5SFhdL8ecSu/nawakvih65aMGSa102e6B2HfP6tD4SmarmA==
-            =tr5G
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAz5uSgHG2iMJARAA02rGmKxyQkvxoXM1i2dLOiH6Gw/pUcdDxYSwKfdkNU3X
-            zc0He4FNG8CAURVq5jARD066VecamkBmlr+rwFJlaeqDPEiITfkz7DEGO8pPxKG0
-            GBnFVA9r/+OU351yLjHYB+72jvw1ey0PPHvKg6/sKjovssYvQLipUcktH33kPqVQ
-            yJzuQWFMWA7Jn/wTa/TP/53o0e//Kw9df69J3BSmnw9F6rKHGsIXLBmyR9HpQsLR
-            KAuClMzjPqHszCICND7vUDEzUvCcOVyizZAcRzWfDi/llwKGUanvEGUVXvyDXw/E
-            Q/FyR+VJXCzRlhsFTTuavjy6nhDsRf/N8N0Vsd9euDXOPQ4wuPAgpvdi58CPBmzP
-            8jU3xpFSXStYBIMt5u7t+UJT4IwdbjnClyIrSuyaV/7N5UQdYTv0fBy1mRrYLBAj
-            VhlRDa1y79n22Kg8mvDqJ16rC3VypkkQ6DaPvyDwlrG8iRLG/xi3Zz8HHnXxAGAm
-            SzliIolwEDHJZHI9ZE3YzpFJkB6UyOpXS1zMsDycupFvQ4jd2fQ0C7w5OaJHCkeQ
-            3zTKgtufjJGo7R2Nf0bTWTfi85GU3jpMsOHCEcChgBVXcO32ZZ/zzmqtXa/u3m5v
-            sjUstyBXEmG9eyIaiEtRAMAblwRsJPMszLaCUuBpzQw+mm9uTCsIaf5Xdud7GFzS
-            XgH+whlmbv/UeUC7bo65uxrG8SgTVAaPZpcQ2dP3rXYs45zYmYGKJaZuW+Hrl+nZ
-            pd6zT6rb6R8TMmXkNA1TjhvZ/A+ONlza1fH0dmsh7U9oqINXNFJU7Qm2r7imFvg=
-            =ZIDr
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAw5vwmoEJHQ1AQ//f51KkC9oViW/0EA0TLdWgXa76ZXMeu4b3UhWaQvYDT9+
-            8wuWE+slGEWsRnFZ+pgWZoV3HIv2p+xisX2lmBvepOufaRh6cyNpQaZNl0kFtpBo
-            ShQ66SmkorunYyM+OIh3ceI4PC7ca4KsRKB8nWkA935NWssFN9zMlkVW6GjqzTft
-            2JVJFL8GRlhIRMhJwSzp8zZ3XiYD0sB/2y+ffCMAOSCnDVcDjANyiSds6MPxfPy0
-            /kaNTXuUI7H50tHQP6vzJ3q1mRpAhUTIxubnmBTdvAQz/kaD0qPt55z+Q0xSXsLa
-            yfb+Zd2g/2o+IFiCrwqcki5yX49Ol89l69JRyIWe1T2VtqBSUVIiiYreX5OnmWPQ
-            OjJ1mAn9tpIlVSHzlaONtmJEmAJ+n55rP0itBMs1CrIBiQleLaCbSWqp6q3RfaJr
-            gpXnfHQpsU7cKEDQeyvxmH8qgrSR9AVh/knyGOJy8LnJQ93aQpr3xr/2MiFPYiKz
-            dcSrxHesrfx2Zl7bNB5OZ7VZTWFSunZQUnOn3F3+7yaaT9ePsvWsyTKBOSGUiA7s
-            VMxT5+P8QM6UOC8KxJj/q1eAVrWvN7vYbCA25+SzbdTtr1RweOVHzNgqZH5/Q2ZY
-            fguwHlCGg5Q7UKYKBk4QJFg6oClDgzBYCFL76K4aymtR7rxKl4sJxWoug84oP6DS
-            XgEZvNS3xsY8Pxm0bAmor93Q08Mii1svnNZ74Eqmbo9GxBjHReIGKDDZ08SaPhbc
-            NJxAP2C2sRUda2R4GvsNYmXHzGYfFTrfe+AXqEV42ZSD9vHDJMCiX9JrY/r4uSM=
-            =+F4l
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4HMJd/cQYrVARAAq/cP9y/7kxSXDFOD/xhI/3RjGzIN5dyHlfrmEQWJ8J7z
-            ov0VfBCJp6gFht37dGWuLtWi1qqWRgN+9hiBnkj2zONoph0SRGP9uNfadBSzYSD4
-            wvlOFrWeM9cswnk4i0q8Go+qdCC6U0g1szjirdifF7I9KdqKpOFwXzjnzsPTF42o
-            9oFCP32esOYv++DfTBgrSv8/STublJYABcs+lzjvURqBsFvdz7PBphH66++yxt7v
-            bTTmu8O9WHC8/5QTfUzOBAfgyu4CwF3YLRZd81ERtzO/udNYgGO3bifofCfpv+nY
-            MMyCbGxoiAfBWcAHhka+8nMnBj0as+ln220O99N6zH1rTmqqDxRQkEiYek1MqEU1
-            f319u3KqB6STWmZvjlwQ5AhwSLCLT2VpIJX4CpMClWlLb3E2rpZ+B1uBRMQQ3fMe
-            jSynatL2vXn3rKWzxIEIxA/BkVKQ8zXgOT9JyqyCZdHTvjEmWuQitILi7wKWJb7/
-            qhTGEBoQbjIKP2Bpso286RKhS3erE0wqLeXXFb7e6bkEEHXa/jVHCZk8/qDcAAIB
-            3eIb5SNnLxQwo07JlWdDPzCvqeC4fx5AWxXmHsKWI+91PA0jdNjcEPt2sxwAEQYq
-            LWBW6BL22Hqo/VOBXhM1T5mFKomqySLSrxTYeWXtJLZwh0aHbm6RyGGMjHpCiU3S
-            XgE8EQeKefLHoTixb1Rl/amIvtOUUcTtdqlyat9hhIdMl/7ZMesmNuD1ZsEzdCJd
-            20/DgHzFE7WvZKrjt73GDETUjwLHZSl5fydQMgcNFgzU2mdV6nYNhF18gE/af74=
-            =UA8K
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAxjNhCKPP69fAQ//RVzQX4Ua5XZHTIe7ffYiqMxy/KoJdbCxpgjbdD0sx2ou
-            zCB13t13UkLjLo5GkTE7kRGtyKOdhQ/7NUA7tOZ+rwWOq3NehOTLfU0wMkgT7tOh
-            byWwNHrY9VHz3ndFnya5nNcnrqILA1rEn32PnioNyWcU6832jyUWvtRqwF+JRrKr
-            yRJMvz4T8vmLwrxqarB1uqU0OVHXy8bq8d9/pVrAmk6+C/H5FINFlApD0dKYftd2
-            phoTSA5WG8j1e0v5p4+r9cRHlYXFMinMMkpzD/JMyNB1WVZ9aGQxU7WiuYzuv1bh
-            PKN/LEgfh3ypI8W960NHv/OMRjVs/VxA+G3ml3Lw6acRnaLr++MhF2G7ZBTx8rgi
-            fjyF6m4XtacwIKYZ7SNt9eQewGI8VU30o8np33qb9KeOt7v8PrMH1G3X+bTLnJGw
-            VjxjvaBaePmPplYYS7xaPuUnzFNabDXTE8XCQpdJMy26ef77gaWr6TQwXbRlZXrx
-            S60EecMLwUj+daR0PkVBkCDxXkW8+0uPkt6EEn5rmPdMXoh4DUw+4A14t7yyUU50
-            j3M9tv6DuYs/KhgZYfLe+6hVD7fY4lAs5Ge6QGLA/TljAatE3zpSZQK+b7C4HKJS
-            3eRpcAt6CJFhXaCBwl4+gigrg3voX1ykh62oqY/4ecKbAiiVXLIrcflv9kx2Ht7S
-            XgEDhoIRIvXoOUy6j/qjp/OFxwu5y6MpBX4vHxlpL36daL2yShMkCYyY3ajea4eX
-            9k7B9fpRu3sjbDTNr1heffI+5n/HKc8j9a52hzu5eF0e+v+vKY32uk1jlUhZdj4=
-            =R/pX
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA1Hthzn+T1OoAQ/+OHZshi2zBfbVQ91WKLqei7bT4CZGiPxQsl7aogv8JkyL
-            D8p+VgIReMvq4F5QFaIsA8yqMSnjxfIi5bFd9SKjuhOKvuQjyh1rSsFb0t8ESuYi
-            fHBnVw4tDNfTEGQa9YhNJPTq60TwR4P2xYFEgc//AQqfs9XH0cTbvkFS9dkug092
-            u4yJfB2aZEJa0Eh0AenUYzP13bFH0sJwL1hQop1v9gF44JeKHpRNd0Yixlp0Yucs
-            Ccww+WaNFVQ4+zvyW7MnI8/D27/SQGRXXqQE6sOQlsg5SUzF2vIpYbIeuu1NR5WK
-            v1ZB0DlWVuOshIB7M9WUCZcAS5cMAWKc1vvZ/K0l+6tNskZvGE4p/lv1bmZ5zfc3
-            gT/2L6ENuoKW7RoF071SsG9Xn7VJync+iNTtg0m7Je7HRAZAGGc8vfIkrTXAmoIE
-            QkGuog0R+EZxq9L1WMbppV/bnbBxiutFxwWOGTxzsn+DksVrVLvyI/EbHJvcEwzN
-            hISPFmAiCEKzGAGfaO24F5Xcs+U6AgumS5V5kwY6zA/kZpJEdQm38rcC12ZpXR9C
-            oHGs9ACtgf+g8H3/Ks5DL48FTbYuZADamVA5+pV97B7xCS8TxYChuFNPLwU2s52G
-            liiZV9NevlFlbsXFZS/EWgR8b0aH9Nhjl5TAPOajBOu0Nm/83XEP9nbbbjJjGRHS
-            XgHop/OMkJRuZZ35JQjUS6dIBzSivqplpr51wHbyilxbvOHdvuu6w9kqGY9VhuVt
-            nCszg+IQ0SM8YFuu1M5UPO4txYQTHx8zO5SD/d8kh5HEu9fmTNyJXblRcyAzYZc=
-            =TxDz
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqAQ//co7jg6v5QUB7eHXJPMLxsgtbC/VYp7C7QqXQda5qhohW
-            t0F9lysBybhIGoYuvfZGzNMYqqkVpFxzlOO2vFlcYFsQhjCpJrHBWYT4XOmIBR64
-            6Az/iKqNLS+cG+rFIIuc8BqRk3r4lrM32dCqz0a+3qRkdmbff4yKuzg8FTPlv1RI
-            O9SzRqfptcKDXItnQF+8CAziqcGyy4jL2wnl1Q2I2Pksr+Zw1eZVbFfHmCpG7A5C
-            TVihozz51jeXlggDp9/NPJOQDsmV+KdpvNx2Eqj6PQ6aGWtyYv5YZG3X/eRKW90+
-            qUOJxwpW5KGcROnuvQt1AggcXquOTLHFyJ85M8tpJcl+JYVZsIeNDo+LO8sbrCTA
-            cjp/YSLOms+GullbGAwrJh4TYtwJE9sEKr9OAFUvd+AxVFWj08BqMe1eN5YBbwwB
-            vNurVdvjE8jaTCmZgPPOIP5KXSrsG8bA02YlZ4MnzodYidIhTudJ8VB4NYCtNgOL
-            G/x7h/KA5KYgDWEtr21z2oy0QkGijtrcNa02GpslirjufZ6TPGCbJjAeEsPbYBm7
-            mDXm5+PzZpb1pbcSVNlVG5Ry73JrZxBpYCPGnxLs5yAmWOlNa/xcgDHBU+iXyVg0
-            Wm8pHRAVNfbvL7NB8yeaxSDoTSE7/BsisL6tUHoV+bdlpVsTF26bQZBc/zhxiZrS
-            XgGJ8ChRZbpi2qUzP4nA2jPkYtQ4cquA+ftDx4i+ZqVNtAhVSnTiBZoYu/21+BUB
-            oxDa5m2vD0s0t0fGfmmIvpLZKZIF7NcwnCdNVQve/D3qNNa4T3YnXb8JTGH0PYc=
-            =mu1s
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/8D4mAcC6vsHLkSryz1yIYoBqqtJnG62pITFEbafhVLR6V
-            nWAw/zP9DqNj15MsrM67xaQxlMVgkVM7QTchgp0CjXsyZ/gWPgDl0NaC92Uj93Ov
-            Gi2OpkfHQFaAW6JsAFl5NrF0ZBw/flx8X0l2klIxBV+ztpkLADEtXWsoGsmz5L4m
-            n41icEp9+nb9nwy7p+Je0s4jZCBB0sVlbkX9i4IpMOgEhA0HcWemc940VJp3UyRg
-            LkOs5C0J4Y4qjS12248y16gV/IhNaJ4PCPgVwSj1Xzz6VXauQosmWhnUbnqJbi3F
-            KWEV0IJJO+dlj5VShzFDnkN2bM1GeyQx1S+FkNp+Mmm6JNrUK+CZL8fUYka06O0V
-            DD/sg1Pyq8VawNG5RxwAWA5F1F1SIrJzF0T4HyIN1UFRCjWC466sdrBTQLtx472k
-            NdBCvabHS/bx5miPKF5iglJYzz4biUdevc3EU7q4hwgMYM2oep3m2EsaTbKWzjnY
-            PLB4d0bCsRlya0YfHaFX5f3xSNb/FzBcUlTHzX2asyB2DolMug1VqS3jCEkWGbk/
-            vfNfR5yRuwkwNlJRqHbGIfH7fYEgwSTW+VW2iUdY7Dra7xjgTzqZgLi5W8QwKJqq
-            1V5H4KlRQNYwloVJzQZCwoPcY+tBfTZ4LsDKtjyJzFY9vdTGGGqb9lAG7YBUdubS
-            XgE72UuZvbPQZuI7uVKMEORGVssQjwZFhs4InR/Ixe03a7hb8fdRHfu/ueS/3KQx
-            mRXVino/iVQ6M936mtibfeH9TpBpjqH8sBKNHv2hgnoap9QpkrVn1yWqrOcpht8=
-            =+sXL
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdA/tIZCvQv0E4dHN5jBHsAGclKEeLFhyf4lIQx+xa+uwQw
-            /VGCdNT8U13EawRC66KLXRrRgsNPpwUg15wAoTzQ8gW/tLpgvL5nsEYPfaowYwBD
-            0l4BmNV4o4J+NHF7Tk1af2kx0pp6kF9eJynn6irr336tGzY004lZfZlqwgeOk+qN
-            93XcSfdAOlIktfex1q1oTPrSpGIv32zsLPoRNVa50dO+IKu1tmYAxi9N9sQgbWa4
-            =rnF9
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-06-20T20:01:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ/9HNG41mTgq8VavF9DBX7+upnsmoDtwblck18l3rurJ1mo
-            k2ki7tWwIxRyLLHtsUxJ9S55cmXuhhPJK8Kzc32SnY5irDkqK/4JZnDvofg+z68B
-            8pQOunN1BQp50k8vd4Mha43re8s24iqrM+fj59uHM2YYsQYt9TCR/NvUopOdi6l2
-            8OnKI2KdRvYhtzzCY3wmQKhG7p0hc8y8pP/0DmPW5IGQ6OP4zO+Qnc4EbVnA9Uhr
-            tZ4sTNn0o80kfvILKANkAm81v86KdSRXdd3+1IpH1c7rTqm9o+DEm8nKnwWOF63O
-            P0klsYLlfqiZyQ0AyS67RHPTw/y57mAyWVFbABDLtXQQHWcIkADMLKTJLpnhKkRn
-            Cp94EXBBBwViAUBUzzskE4lgKXncl1h5ogLum8btU+cLky0qa8Hzie5QqszlErf8
-            fci0AEHV8u+Kf5EARf1FiY6K2aVnFOJchdeL98qllwRu6f8zz7+bfLq1UXcGBlQS
-            JnbAlXiL4vEBxQyW5awYYzpaMUTW1ejjujZUitdaUeIQJdv/IJvHe9y6/F0uukdt
-            AMrDI7E+JKa6hLPe4g6H1hUzh6GcaHuNU9z2NSDfzxcOHkqALsCDLVDxsjPhahCc
-            UZkSn8ebyqv7/jpTgWnsls0Fx8XqvKKJNoqXfK81oIvWlJsEwqSaBczkq9HQbO7S
-            XgH2N8XPOJWmqDc+xS26eERNJ8ZlhYaODWwatgqt2si6EdBpVRZL4PXsOrOlI8Xi
-            Uaag1/Uljqbk5mN18+CtSfSt0ded79d44B9zAbc70hgvkRrpcotDBnO8YQ9MxB0=
-            =O0Sg
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

config/hosts/mjolnir/sops.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  sops = {
-    defaultSopsFile = ./secrets.yaml;
-  };
-}

config/hosts/mqtt/configuration.nix

@@ -1,10 +1,10 @@
 { ... }:
 
 {
-	networking = {
-        hostName = "mqtt";
-        domain = "z9.ccchh.net";
-	};
+  networking = {
+    hostName = "mqtt";
+    domain = "z9.ccchh.net";
+  };
 
-	system.stateVersion = "23.11";
-}
+  system.stateVersion = "23.11";
+}

config/hosts/mqtt/default.nix

@@ -1,9 +1,9 @@
 { pkgs, ... }:
 
 {
-	imports = [
-		./configuration.nix
-		./networking.nix
-		./mosquitto.nix
-	];
-}
+  imports = [
+    ./configuration.nix
+    ./networking.nix
+    ./mosquitto.nix
+  ];
+}

config/hosts/mqtt/mosquitto.nix

@@ -5,29 +5,30 @@
 { ... }:
 
 {
-    services.mosquitto = {
-        enable = true;
-        persistence = true;
+  services.mosquitto = {
+    enable = true;
+    persistence = true;
 
-        # set config for all listeners
-        listeners = [ {
-            settings.allow_anonymous = true;
-            omitPasswordAuth = true;
-            acl = ["topic readwrite #"];
-        } ];
+    # set config for all listeners
+    listeners = [{
+      settings.allow_anonymous = true;
+      omitPasswordAuth = true;
+      acl = [ "topic readwrite #" ];
+    }];
 
-        bridges.winkekatz = {
-            addresses = [
-                { address = "mqtt.winkekatze24.de"; }
-            ];
-            topics = [
-                "winkekatze/allcats/eye/set in 2"
-                "winkekatze/allcats in 2"
-                "+/status out 2 winkekatze/ \"\""
-                "+/connected out 2 winkekatze/ \"\""
-            ];
-        };
+    bridges.winkekatz = {
+      addresses = [
+        { address = "mqtt.winkekatze24.de"; }
+      ];
+      topics = [
+        "winkekatze/allcats/eye/set in 2"
+        "winkekatze/allcats in 2"
+        "+/command in 2 winkekatze/ \"\""
+        "+/status out 2 winkekatze/ \"\""
+        "+/connected out 2 winkekatze/ \"\""
+      ];
     };
+  };
 
-    networking.firewall.allowedTCPPorts = [ 1883 ];
-}
+  networking.firewall.allowedTCPPorts = [ 1883 ];
+}

config/hosts/netbox/configuration.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking.hostName = "netbox";
-
-  system.stateVersion = "23.05";
-}

config/hosts/netbox/default.nix

@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./netbox.nix
-    ./networking.nix
-    ./nginx.nix
-    ./postgresql.nix
-    ./sops.nix
-  ];
-}

config/hosts/netbox/netbox.nix

@@ -1,42 +0,0 @@
-# Sources for this configuration:
-# - https://docs.netbox.dev/en/stable/configuration/
-# - https://colmena.cli.rs/unstable/features/keys.html
-# - https://colmena.cli.rs/unstable/reference/deployment.html
-# - https://git.grzb.de/yuri/nix-infra/-/blob/33f2d9e324c2e3a8b1b41c20bce239001bcce9fc/hosts/netbox/secrets.nix
-
-{ config, pkgs, ... }:
-
-{
-  services.netbox = {
-    enable = true;
-    package = pkgs.netbox;
-    secretKeyFile = "/run/secrets/netbox_secret_key";
-    keycloakClientSecret = "/run/secrets/netbox_keycloak_secret";
-    settings = {
-      ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
-      SESSION_COOKIE_SECURE = true;
-      # CCCHH ID (Keycloak) integration.
-      # https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
-      # https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
-      REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2";
-      SOCIAL_AUTH_KEYCLOAK_KEY = "netbox";
-      # SOCIAL_AUTH_KEYCLOAK_SECRET set via keycloakClientSecret option.
-      SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB";
-      SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth";
-      SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token";
-    };
-  };
-
-  sops.secrets."netbox_secret_key" = {
-    mode = "0440";
-    owner = "netbox";
-    group = "netbox";
-    restartUnits = [ "netbox.service" "netbox-rq.service" ];
-  };
-  sops.secrets."netbox_keycloak_secret" = {
-    mode = "0440";
-    owner = "netbox";
-    group = "netbox";
-    restartUnits = [ "netbox.service" "netbox-rq.service" ];
-  };
-}

config/hosts/netbox/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.149";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "62:ED:44:20:7C:C1";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/netbox/nginx.nix

@@ -1,67 +0,0 @@
-# Sources for this configuration:
-# - https://nixos.org/manual/nixos/stable/#module-security-acme
-# - https://git.grzb.de/yuri/nix-infra/-/blob/33f2d9e324c2e3a8b1b41c20bce239001bcce9fc/hosts/netbox/nginx.nix
-# - https://docs.netbox.dev/en/stable/installation/5-http-server/
-# - https://github.com/netbox-community/netbox/blob/v3.5.9/contrib/nginx.conf
-
-{ config, pkgs, ... }:
-
-{
-  services.nginx = {
-    enable = true;
-    # So nginx can access the Netbox static files.
-    user = "netbox";
-
-    virtualHosts."acme-netbox.hamburg.ccc.de" = {
-      default = true;
-      enableACME = true;
-      serverName = "netbox.hamburg.ccc.de";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 31820;
-        }
-      ];
-    };
-
-    virtualHosts."netbox.hamburg.ccc.de" = {
-      default = true;
-      forceSSL = true;
-      useACMEHost = "netbox.hamburg.ccc.de";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      locations."/static/" = {
-        alias = "${config.services.netbox.dataDir}/static/";
-      };
-
-      locations."/" = {
-        proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
-      };
-
-      extraConfig = ''
-        # Make use of the ngx_http_realip_module to set the $remote_addr and
-        # $remote_port to the client address and client port, when using proxy
-        # protocol.
-        # First set our proxy protocol proxy as trusted.
-        set_real_ip_from 172.31.17.140;
-        # Then tell the realip_module to get the addreses from the proxy protocol
-        # header.
-        real_ip_header proxy_protocol;
-
-        client_max_body_size 25m;
-      '';
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
-  networking.firewall.allowedUDPPorts = [ 8443 ];
-}

config/hosts/netbox/postgresql.nix

@@ -1,7 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  services.postgresql = {
-    package = pkgs.postgresql_15;
-  };
-}

config/hosts/netbox/secrets.yaml

@@ -1,234 +0,0 @@
-netbox_secret_key: ENC[AES256_GCM,data:7cVGSlrCo3MEjeLjfeZrL0VZi3+yZqsC3qI+rx+xadic78H0egWCCNaYEHIgtilgFjw=,iv:gnearzPduWcrVLU/FuzS05eNPZ5srX0hqZyElq+19ek=,tag:9MKgFb4eVYE6a5ncx9sgpw==,type:str]
-netbox_keycloak_secret: ENC[AES256_GCM,data:WLPCwl6KmHhyGwpqchZUmTr0XwA1T9asAEXNOSQMfGU=,iv:fsO+Ho18Uz6+y2iohbve1bUKhCR/c2zNrbODR2Jrh3Q=,tag:MWeh7GhdyUJnSzrndA3l3Q==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age13fqs76z2vl5l84dvmmlqjj5xkfsfe85xls8uueul7re9j3ksjs0sw2xc9e
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaTJ5OEJPeGVPTHp5V2tX
-            c0xYcWtKNG00d3lCQ1JZRERkUFZsaXpyMERJClQwdDFnTVdCRjB0S3hEYkVmclE5
-            dGRUQThYSWhpK2dCQWxSVjhuNEY4TUEKLS0tIC9RS3hSdFZCbTd4eFNNSTgyaXdU
-            V1lQK3YzTWI5ZGdyeGtFQ0E3QXQ3YnMK8sBStC8xBKwpeWkF/HrryWi0hZA69nuw
-            a73HiZuED8KEp5OPME3yC6Ode71uEEaE/av2zp7WUYbCqVpWnwcjSg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-08T23:54:23Z"
-    mac: ENC[AES256_GCM,data:6KwBwJ1uTuOaCTcBs9sgvX+E/bV37ylJmDqYupa3545ba5Y3VMuF2Hx72zzRYPmh5/DmwzDxc/f7TZUheO5jwwwMGGNCYuX2c+nkzLgtovT/yCXTo8vPHNf03fQRHlOq28ztQIG8Ug1s/t4XkA+iuqPdbvyNKLbsJfJBqg4SF44=,iv:SUXPFtW3/pSTBnjAh77G6pJTucHy4VEhUVkELiMJ4JU=,tag:SfLCwPpJuvL7RrIRmN5PGg==,type:str]
-    pgp:
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAxK/JaB2/SdtARAAgiNMTfquNZeRDR0p1DQbGPVx/tCxKng4aQ+6A8x7H3Ul
-            UFSjn+85rFBqTRswDnFM4gSfokBHLW1Ltztqw4aKuYoNLs0vUGJWrkf5dHsJv2Mb
-            YJaHm1iqSwIrgmyI1PWvrZ+cUjgUWBriJOTNlYi2iHWBWqDSQ7O7TUqpeCxiHAp9
-            e6UydzIxsLjl+7gaDW2M/FRJNVKxtq8UBEdg33xLi/eE6O5/fNyo8qBjUUWnG4xb
-            fiuKWgn83n7vsVsmvNJPlsOUrrZoYJAOSm5nymkXlAEQv1LPrSXXYHz8WoOTPDs8
-            29YAX8gvIwK+lc7xFFZAsjQ8JzqcVMyFHsT9N8zWSdaOyGcFcsDwBEICOvVSabb9
-            g3yrI8PKoEkQigeLnzKrkLZX+1vqVkSO7MBWn5xAMMhTTZvH0+MknlYO0pU3ziME
-            Yp6EbvU4OeRbcB6gMt21KQDhiEkPNdwcyxoOtFIWw8tCK57Leyyyb1YU2W7T96M4
-            2fcoAzr5x3xapdvOEgUr7OFzTrc2DRrpx7FKoJFBIy4HEvtJKJvKxcq4aUqznSPG
-            ILpbnH3CEQuWmcGu5fTZ3ggQZW7bM523cz+cwOJjUokhW49D+h7wZjffUuSK1AWS
-            7FwncFVVkNcLAs77p1DFn4A3mUjdh3jl+VAXudgQfOGtLeLDY4+qlMMQSGPoj4fU
-            aAEJAhB0l1X5jqjGE7o/PRwgoaeFl/zwiX8n0k26++hPw2+Vt/b3sT3Ce0zNr30p
-            Yc7h4H8UoN9j6zD96R9MAATHikz7a5EprAshqzV6uy7VNI6bcKVKilLoxVa47Y1p
-            6PA24RxtGxVm
-            =ES/O
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA6EyPtWBEI+2AQ/+OBSrAP5xkjanku4jcpbYrYDMTWRxVfEgNesvuTyQsxVr
-            kKK9THm7MUHbVBkx1xirvpv6XLcLtCwdMnYlBkSCVaztGmb1aowmCn5tWZiVDyE+
-            UPCF0bTXmxjLM+Cav8aweylfD3vAQsPvFLS3XvCBHKWqZ7dNkro+5VTxKmQ+XiZ6
-            t67M5DtltUm8IWOE2DScAgGiBQlCSY23O/zy4U5Sj3Ii+eRHxC1B7NB0Crj01pi7
-            2v6J7yNZnw4vfH3UiRO5Vg9q0QLPp3XR6Xb1J/TJJS6vCUarSbL1/oBjujHkF4hK
-            MEZ+Q3qGnv+dGOzUch4xkEkuWyfIcMTY6JOa3TpkhfkbQwXsph/sD/SaHpRD70Ra
-            PX0vBzSdbtEMea8/pVTOxfFEjPGQIFI1+pdNmCfzhWNbrH6EqjrSOyZXSr6+U3dI
-            Xhpyv2wKuNho0c9jWYqPzY4vhSGRjc9416nfV/o7Ebv659ypBKHtMDcL5kebkCB4
-            W0OwscSRPUXUz2S9XfSa3J80Aakv5S5xvlXo6R/8TDaMWJtZP2vtF4y0elNGOfZM
-            Vn/zlv1htaezQDNznJK+E8bHEF3p92hiuSjO8yMZByIFrAV1AyqY4kiMmW68scA6
-            NBOlxah9xCV7XnD8B1ZCR9FruuYYj9cpwES0lLvISBXJvh1viyHN8Js0uApePInS
-            XgGzDhaZWWyt5TK+Uv2fu8wh6hbX8hmzT9vBLfPz0Gx6Z78RnwflsTqF8svtjSuB
-            zv4z9d/zrysfHY93Gd8kdKkG955f1THz9dELEpYLIwyLoTx1vHlymVP87TuPqxc=
-            =zG3F
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAz5uSgHG2iMJARAAjT7YVbq2/QthKii2fmj1EZgsDm7ZkcAKJ7Bo0jm7Vgxm
-            wGeBULB0bBoYEiFFO7Kc420Yk6IK+uUG8S8X3bJHUbMzvY/K/kG0eVpXwDJwJPf8
-            o46blkjpmhIiTvvQ4K74AJgsT9W0yXRrPxGz5HIuOG8P8CAqOabZ79ORfd3KFebJ
-            yOvBSyor//XoMB60a7uqQoaWw/+UwRKpz2yncLafD23nyuS5uXsoHNuySHLsI4va
-            y6Nhp4LdpYjjx/DIuzrl/3SCeLgisHL5u5kJ1QaGsfd2z7Tjxk+GoVgs/Wb51uHs
-            vPk0diKrv/kouW7rN20a2ywQETenik7/z2JcEFyZiOPH9KhHk3QGoXdlVVqESz5O
-            OMV5d/ijFW92Z7yuis1jSewGKDDp1FqyR3gIMONl2vK7Pzl1A8v8yQBbY5/fObuM
-            xTs/qwwoqYimokqM3WrjjKgx8oFFstWWzKBT24aCQTajA8vl83v1jfjR7EjBrrAu
-            +J+wBFNpnJiXgECPmJgOtQB+4IA023X1cdgDm2GlR+sPKKSBP+AySMOOp4zMoS4J
-            9xd30ltQp1ncNvU7KaTV0VXRaGb7CEJnlhiN2naYcpcsX+G8bfcrCuZwxtBFiZvY
-            9Ey47LLHP5SPPOWxhnsrPOYidNJd056+uyvnnbUYArjb6s5JUh6KQgjELKCEOIXS
-            XgEUryr5jMrBHLQi7wYHEqWkouH8cFsPAu5O/KOIYvZVIoOzB3DDPtJ4CknNfAMa
-            CTvlOJHJSuweQ4Mq0c+247aWu12V9ZMcTQT4e3g5DYq5TWm58Uidbd/g3FDwLgg=
-            =PqbF
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAw5vwmoEJHQ1AQ//baYynNo2MfmuqEKles0xnZpfPemIyQUnPmRKEtZUl6T6
-            eweGXKF3Ms32ErPhZaT8RNYAk2XX+RRlpJvTcMvLv/rxVTf2QcCAz6vxukmh5una
-            5CJe1H1tcDmXrQ7zkGffktkGcT90/OpRbhMJtp7MKcEzfpdgcw5yCeDpYCRn2r9E
-            /0Eaf72R60ecnr6CaOSIdbpy1QiDMydgmg/QCONBT97RQMJaGN+qAuPz1Fpb/Z+N
-            E/bmtqS39ADYZoB36sy+LCzp+oMLI0DpCHz2ngfFnKbeYeNU9gMXCAda9/ZyMbaI
-            aFjvwlTBsvAklWN36pvG/YxoO1XkN/Mj1N1QBvxP2LYg28X7uBnVUZAyvvQPL6xN
-            U110qThvDvLxgHC1DAfoMygKCDig2oSg3njf8LS1y5XkTag/B1JJT3NcgFI+MMvT
-            5NMaw6HRAgOwWcJ1pJokFZ6zIpLlIbToutJu/Ep4tisyg/G3ybbthqaywg5jkbCT
-            vbhzXpsbqkE+jyx2dWziBbQR9lOoTycRwIs6um+pKuPF7TzfD1GRyqTwtU9TN58D
-            Yl1GN3oz8ZFeGkdy1dXBxMP4EXR1BTdLk14vFGFPbjQ0bAAohOgTSgtGm+iZ73Q/
-            PFNf/3gGt8/Gk0cMl20PFzk3FMyUDOLFl5dOre0THGQelpVbN7fvZuaXOSZjuYXS
-            XgHGFmChf+zsmbKnT0tQfzGtFQb0cHHvkenxC5MCCCPibxwVeHEwcJTtPvvF1QqF
-            9kR3XEpuVFMNFrxsQd/31c5RUTC+sr7W+PRIVgIhdU6RtikIMsmekrunnPeB99U=
-            =o7cj
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4HMJd/cQYrVAQ/6A6ealIO6x8Xq3xzjIvZt1R4TvbnF+LmKpW2iG1nO3aVY
-            QOEGUCVdEveWbQBOexKXl1TgfhxIOrPVixJ2KgIZnNxobhgABfF/H/EqXsxUI6n6
-            2mZt8r0ibknzoPn7MmC7ceJt0t8UVFgPlPuT7zb5T2nDrm61WD50tbubJTYTuWmY
-            NE5qhd051/Ohqf1RGB7MEfesDNj0S+J3E0TAjOsAcFoAUwSohUtxONcCSwjiygqM
-            vCC9Z51tMe6pC9n/2MNgb47xd5eqFs9rzfKXxPlnhhRmS1jOmE5fVfmOg9KOkGCu
-            PskiO+hgyQK3q2a+/e/MGuKv3ChCrTloTUBarQW5oRoQnWdoiZh7rVwyNVasGfHW
-            FLEhZuBlyV8w9JqOQTiOx3FN8IhVL2lJIa72Ng+O+AMYuvuSCxv5r+1D88IUlF9B
-            n01qAMC7fUfOpkUPM0yXQ9GTIWt02Mp/7z15t49Uk3izYCGluxVNhLNFxvAZOZh8
-            nfT2Hpf5mkJHMvUD9F9rWFVWPyCD0ORN8k770ziOVEYMadSJ7/HpCHxg5m+TqNnM
-            TNQXID/f7AyoO10zcS8TD0IgDLEjTaPMTPZ1EZ0MvgLQ7MgzPdjdvXOGc0g8L6oa
-            ac9a/NDWeZGDNfj5T88pZStoLJKnTvuuwxk0haabClxCAOysifxINqJ7U6AfkpnS
-            XgHR1vDF871X9kwm/c2zrbJca2sH5pNU/HiLf3IMRTAnmIewYxQAvn3JH+0jUUKH
-            fEt+fZuW9dgfvDzaw4C3FbGxFViRXXFrjqSDGN9JT6VprCmX3Or0RdIjHwdvvhY=
-            =4agQ
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAxjNhCKPP69fAQ//R+9lFm16WjGtRkq3zcPbva2SpijBjVBfuL2veFyeDq5G
-            H09EL0+A9IJ5rPI4Y6HJ2LhnqUWg7NRHbmM48bHla5NDtCNB+YsU1rNc4oGIf/TJ
-            JRob3u660+BxRiEO/Agc925BeQS7xoPSIQTTkzMKEGih2aUj3Im0JHBd6p3UWnsn
-            ZTUy4rkZHhUot1vHSOh1RTRDQHdDMTFpzPA66nH2y9tyz79jhqEFUCZIVIB5dGWv
-            blFqZgoVf9Piw/7ic9FHuNRy/5tia7SGN6xIu3OlR3TU+z7fvjUAHG9Afm0FINfm
-            fS7SRg+y/6wUWVGL8NSQWQLdnMnUt7E2DSu5IY6S6ToZTDxpNM9Waw89GQbUe+Jg
-            APzUtmXt2VNZ7faIE+tE0LJs2x5OGNxALKgj+K9ZFl6oIL8E7PB4ncxDlTsCRiz/
-            H15LzKYMWcYAntMVuVbyyzKUh/3KdZWfs31PV+JIQuazVUQgO9R3myn1Y9SnvZdQ
-            dIwvfYBOmwhC6oCkJB3Pj4yOoE6gtacZBeeUZwScDxH6h+D3MFrF/1bgiKZs26m+
-            VfuTS2vxUAln9werKIGAbQWZmtCOkRdyVIJyeo31zO3hy/xdfzlZdBijcOqZDeho
-            FP+WDUAySkSahqV1pr+jIMsaejRglJo/GfCGPdtBYAuB872VpdiQ8g3i0CW7eSfS
-            XgH5YBfA4EgJSxRdCpBO25i0SyxlNK2WJ9INQbu4xyfBfsZYyhKo1RbmD+60t/xw
-            Lxeg8plFAuBPvQCRCGvda1y9uw66Hmxt0QKtScd3MXwOk2Q2u04cIPDZ/KAtC4g=
-            =x1QX
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA1Hthzn+T1OoAQ/6AgZkGRrZDbtTDEkksKQ84CsGyRBMioOrYfHDSyRb7URZ
-            RDVLfqr25Iz48kYR1n2nMo+O7QyayjTwaEAwFLFSTIpRKN6/9fT2ZVJxUfgLUWhH
-            I1OYMmRr9f/30OUMw8uTlCMqznkdoSjBmm0CX2Mu3YyRDUokzZa+ixRHX9TRBrKz
-            GSfJvHm77HTamvJLZcHnrVi9YH0KL7cQ8ileNHbUbCqmG+rrhiwz+gRp9aJ7pbnw
-            Qp7TaafrQKFh0Zsbmwuzcv030TJvuZboWpMIuGoeOWqv6tzSFhUV8eUu6UnM/2fg
-            arflryayYFRDUkysHONGoHviygefHr3+dIkneVO7tJ4ePYnFYhLvUsps4KASoHMF
-            dHMOwaPQDnBYo/ADiar1fgagYD/1Yns2SpsA1eqWwTE+hp+jwQi0mzYMLM3xl9YA
-            cMuqIOnXvpnuXYIRmooFtf/JkoJkYDV+8gbowZU52FJbB15QsPUgN47aixkWzJxj
-            6iV34LoF783DGQTnoMzgV9bDXa3RE1UgxjdFV6TNsPQvmWQJe+NNhqdkhH3MwLTG
-            jMGAwUNsPnmvCg4xPZlZMiuGhi3vxC4Fj6MWUw8uJbxCv83FPYwmpHCGVNwpDhFC
-            rRLk9vo1Dsm0oMHHLDxS9gTlg7FCrEyXinHBEq/11wigACM217oyg28nWxd6iA/S
-            XgHgxWlTQiYOWBRdJuJrPwXpNIHlsNDuE5YantoGFx6ykGT5H42HFlll7xGq6xVq
-            pssSfJK++lqWpvX076vh9tfwa40N2neO/vQ+8jBXr3dP6Vj/FUA8IUDVjc9xxAc=
-            =FXTF
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAAlG+nZhDVZX/+nHA+dPdw2RSGeXrIaxe0gjkGShZOVhmq
-            /iOfY7IgRzfp03BCJxRZwTYZu9hcg25jmW1havkmv5NPMDrmhgg9nX1AgyJaOgTo
-            FCPlXAvBSyWPGv+xgi63ttakHhobOympBj4hSzXdLg3RhkZ7KHci4Qz7XVfOpJ+j
-            wl/HKkNmkLiPiA7kYk8SOwJMFO89dMphHQBc81cZAptwfz9snTP7v6iBVvQDvF8h
-            3y5QPpfKEJZy0+GlqbMvRASHNx+w2GXIk6F/ldMt9rq9IJvR0od0p15aXCcO6TzC
-            Yzo7lIyyxqp9NQyN0S/DwzH0Uqj2CFMYdoKeFTNXG4a9fkVorj8+4rmJPewDxc4a
-            6Pc1hrQc6qoN+7o0Fj4xYkSO615gmVwZprWLQqgdkSMSPklecMX1d7WmkmIHNBk8
-            wkFUT0yBoedBiOTIHXRXhnQ8/4fkbRw7HYA3R4CqT7njtvqC0VWfwLISubuQ38tf
-            wbGKg5Bzzt+T176VoOfjau4aDoy3S1aGQcVKD19egj4l/eO+SvHl3UVZNUipkB3C
-            7MUqORS2kOh+IIqdSjYKvn7+MuAM5UP5GdzIoHaPPSCTUPdUjOLFPb+bjonTReQM
-            N4slvyssD3pgy9cwNofVtsmgVrc4Cv9mTo6rygeAq7wWxkl5hvVcmkhRN6zXD4TS
-            XgHV1a+C7ZWICtKI1u19NVYkjDkRrbQx96UdAkKquofpaQjxxXsz4SDi94BB2dCS
-            z+S2ZjOtweynhey1QPOLLmNUvZLE+SGsKmwkrMCBdtSyTbRXHSqPHt0Lc77tUhE=
-            =7WGw
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/9Ek8xSUknHMyj7pFgR6oME3Q/az5CykwxpkKFZgafhxWQ
-            nA2Ge4y3Px+rSoPPPtxtb32lw4PcWV+P1Y4EdtpinsuW9xlSWJvE8Yp6C0BBFceu
-            3k3O2sPHlF0yeJgjS+rhpqPppRn5nlvmD+E9ZiJGQNOEUxmrdgoNLonazlLqcgjO
-            07CQdgHp9AuBthhlEU+UgdVdfHMV83KhhyOIf+mhEUU4cQWL3X/J2Sm6jtAowA92
-            fiAA7U8UXEt4lFEXle6Xj/1LtBI5zI8YHrE3xX6kN0Byf+ydtAM1eqjGb0dL7u6W
-            24CavCODfgWepuK97Jo++umTfN8wkLlfpbaNro2EpAdD5Q9CeGSzXk1PjFmsZgAb
-            QVOxo8kiTULEgMTI55pqg4GT4pglbofsQRMuk2IZPj1a9ScJjOxZIm0VUXG9AAZi
-            BogAuiObch3orMm2KGeSX1s6HyHrvQjuXDNPHoC2yFJ2oBu1QIHy/hAFLnOcNW/U
-            3JfhWHLpMHQgu9lFzkTlobg+4Lg1MHlXtSApwdmMIcrAJcm/l/7+x1J/TVVRQAdP
-            zyzWLA9AGjRv0Vud6lhCnL2FjsUVUWA+S8G+OYqxpkp70Ku1a5z3e7P8CoAtzDoe
-            RZLRwjawjgfyKpEvbN+s2UvWqtgvRPqiudG4cAZs5GecLxO8ItahyklRZ47G8JnS
-            XgEdyiiO06vx5LMszt/tFXtoIKlaWnbB0oLyIwm8un55VnJija5OVrFfdQYhp4fQ
-            yvRQ9uAM32WVjQ+gKVVQ3pAHgF2Lu67E7HtZtdmdLkWafybEWUsqGZyDzDvchZs=
-            =pFkW
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAeCb2j6cmTulJV2huSow62xTILgzf8/OOo5lED9+T5VQw
-            kBqubSVgy3jiW7lfjAK8U5Wh0ITb+6AR9kDLRE0WCxNbrOaeGado1VEalTw00Q58
-            0l4B+PeAZBg82rPUegAvU7UnnUIC3nGVzN4CEdPRpPcrG99V6VvXOks+s4DLky16
-            5FOihlYbf5nCD7OFbc3yys3MbUVuHda8x8H0BkuxDR81Wf4Q+HXCg8OUhncB57zN
-            =Lvnj
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ//UFokgDfUkScPVlJ+YnFw+W8eLk6y2YVI+nTCCZO9fhPB
-            77aDFY+yJG/BfEzjZNwQbISBjt+OuxVSSam52B+4FQkolr3KRhkfkuS16Fe9PwOg
-            XLMRoDba416ZtwAKz9HznFnPAzyPOwAn8yuF9RMp0KFP3ko+NSRAvOgja+jjPOl7
-            4BNkH6w5SAoE8u5jyQKIV9OB4W8RCVX30bYo2XzxjOcK1L+9EygoR+1CVOkbx8p/
-            T2i3mBdy3EtQ+86nSMPjGrSqURaUaKbCN/ygrSMhN/Pl/FvLiEEHamj2dVXPdHRV
-            k4bR51ZjO+U056PAB2Z5yK1Mpp0d0xpi5+QdOdi3eEqnGCXFq4Xz7NHUrmdy8Zug
-            QPnlMqibC3Wqdee4uhPbCHe0veF/VLaNAlyGkBHw7q66Ln2MY8coKPoiR8K4CD8o
-            9dtsV/qDvdFhziqsWCBjTwtFct2x/qEcRnzm1kvpyKwe2zV15lHA9WLafZVQ8eNk
-            U8yxBDETa8Bwd9voJ9NqYTcnyQLRJ3sZcvfkWQ7D5NOvmdHD5vF+gm5zJzR4EGN2
-            kSiqwZvztVuQCm6EOe0pJqp774KZXWW9eHc6CaNwkT5cmWjWu1wdHYhRk32HdhxX
-            1FQF3MxxACwDg9kj/s7gpWLlsofN4NM/QtHoGRh1wDQJGm8IZyH2qxpsgcXX9YHS
-            XgGX4oCWpHLRyRuHPb0xvjAdVX20WQKLzAtXvJkRMUd+Xt348nkZ4ZCqqfQ4eKPU
-            02FoWeCVqWTUyoaaHC87HFXUNJ4Gc+9AsWlbB9yA8nAm1z4wWHHFqZS2duu28ow=
-            =WqHP
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

config/hosts/nix-box-june/configuration.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking.hostName = "nix-box-june";
-
-  system.stateVersion = "23.11";
-}

config/hosts/nix-box-june/default.nix

@@ -1,10 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./emulated-systems.nix
-    ./networking.nix
-    ./users.nix
-  ];
-}

config/hosts/nix-box-june/emulated-systems.nix

@@ -1,5 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-}

config/hosts/nix-box-june/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.158";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:6A:33:5F";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/nix-box-june/users.nix

@@ -1,59 +0,0 @@
-{ lib, ... }:
-
-{
-  users.users = {
-    chaos.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
-    colmena-deploy.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
-
-    djerun = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWXk9N9GoDyvaB0mnX448IvzKKsMv0eFZKvjqmsJ3In djerun@chaos.ferrum.local"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQsu6WSAXsF45wGmw2spQUWopsgioUuFI8hKLBW/WVk djerun@chaos-noc.ferrum.local"
-      ];
-    };
-    june = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
-    };
-    jtbx = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBQgnQAq6FUSDK8bxtYPjx3oRCAKG+xy9J3Gas2ztJk jannik@Magrathea.local" ];
-    };
-    dario = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtJwNPEIfNsAxBfWgxAeoKX1ajORPvs6L5S+qipJ7J dario@ccchh" ];
-    };
-    yuri = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ 
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
-      ];
-    };
-    max = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHNGDzZqmiFUH75oq1npZTyxV0B7eSJES/29UJxTXBc max@iridium" ];
-    };
-    haegar = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhWTkvLI/rp6eyTemuFZRbt2xxRtal7fu668nnb/ekU haegar@aurora" ];
-    };
-    stb = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgVuX9phyXImxqvof+49UXhiSQ+VGizeU4LrPcZY1Hy stb@lassitu.de 20230418" ];
-    };
-    hansenerd = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxujzHK49IBtYKPgnTCDQEiIxgzzlQ846tmU+6TcMIi hansenerd" ];
-    };
-    echtnurich = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWxkGFje1CJbZTB2Kv8hxZpvRR8qyw2IarRIHnQj3+ echtnurich" ];
-    };
-    c6ristian = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgfWcCrsVSXvYEssbfMOy2DnfkGSx+ZRnPLtjVNSxbf c6ristian" ];
-    };
-  };
-}

config/hosts/penpot/secrets.yaml

@@ -1,234 +1,149 @@
 penpot_backend_environment_file: ENC[AES256_GCM,data:+MJbbAjzslBIYlQ9xe0VzM8ON2U5dktJGGHmoUu0HW0mvU4pRYrQXlWdW85RXAyYU9yOiL6TNAHOWUQyqOdo23whuer2jL/Qe17DEhapE4b9W9JqBX7H0VZZKHS70AgGZdWmbj/bWAROg/qGPVKjZLhgKxoVTVbvAIJEXUDAbGfvHlY3BP67yUTXvbmtd/Rdhn6i1HafY7YHFNAW8SkikglW6wR5igEZMFAefMOMgq7aYmNXOr1bImjCPEko0DvumJZM4YMjmb3Wc97wL7OMP9G/V0k9fRclhOj9+lNpeeCKL+VL3Bgo8vqgrB+WIi4a0EwerT8srx351txrU+ITxoHciRQtOpeXVHWL1snW9o7xCoOcil0NS93D9GhW+Hd75Is/xHN08UHmahF1r71nbDK4CmSiUzZzFLl1oWkSTU/31zBUnllHOt5nDMKT42xiniAJcQ==,iv:vtIlNGIh9+e9W+OebTac+UUQp9glBIolC6KQwQMzDn4=,tag:kBBTu7LVp+3xJ/MstLyomw==,type:str]
 penpot_postgres_environment_file: ENC[AES256_GCM,data:VT36kHkRH8ghnU1oyPpAQZW2LR8GNmG1cQXVjU4f+rGy9hViTivd7qxzMusisy7IcWfVaQuXFvUCT+pCMD/fhSAQZOY/1Rs8LBXJtsuPButOG9Q=,iv:pUjAkvvHjsnzn0xRRmdZXatOgLm9dx8Ggt7lEfiQllQ=,tag:FZRqlcxQWu/FgnJfoukIcA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age10ku5rphtsf2lcxg78za7f2dad5cx5x9urgkce0d7tyqwq2enva9sqf7g8r
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZVA5WE9JcDBOQVdPbGkz
-            SnNkWEJvaUtGaWVOajd6SzJ6aGNxSXZQaVhnCmgwT01kNFRZa09Gd1o2ZURyZUJQ
-            N0dwK21vUmk1N1duOVNtV2wrVmlyNDQKLS0tIEJtUENHdXhGcXhRRjM5VkhpdEVG
-            Z3UzOGFFUDhwUndoQWtCdHlMenZETW8KI0FjoFG4E1fhOxYiCIxY2BnLOmGcpoyK
-            EbDdNFQEMngwppEm9r1KzG/1cGMoIij2qpmK4Jz1Hzgk/6dZwvGxzw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-10T15:40:27Z"
-    mac: ENC[AES256_GCM,data:hxVxH/BBwYcvbtOH4aOUnI9NnbCfAGnnwE3VQBJBJliOWo9WHm/hx4Eol4vaS+AA2t6AUU7UmzjofX2wSTbqQliDCFCSgbpMofDXP7tmlat+M9Du91fQmfOibzCd84tkqS+TRTFCFX83LmQ7/Bb2mHl77uGVAFYyHX9+IPPEUMw=,iv:w2Rdl2+o7bZRQsOogU6U5DK1UuHn+bL4Ouh3XbByYHA=,tag:6sqJal6+kzk0stP6vK6oOw==,type:str]
-    pgp:
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBicGt5U2pkOVoyeEVrWUxP
+        RG42SVYxMmhjM1lvaXp2a2Zwd3FNL3l2bUZjClpibFhCT1JtNWp6akpIQ1V6YW5L
+        SzBHd1lPais3eDQ4OEtiYi8yeGVZK1EKLS0tIE5TeTB1MjFmVVh1TUYwZ05YZWor
+        aUNxU0xKVTNScEl3YXEvZmlVcHh5cjgKTwC4QsYGq/6Z90oxfYakHM0Uiym1KaTP
+        UcigMqnMlz3z94/cIHZKF+jFFRITq44SiOg8/yAMmR+MPtbTZ5ZnSA==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age10ku5rphtsf2lcxg78za7f2dad5cx5x9urgkce0d7tyqwq2enva9sqf7g8r
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1bVFvQ0xKMzdKY0MrekRp
+        NDJ1TGpFb0RJQWJZSys1ZUE1N2JYUDhRUzNJCmw4N3FKRVZ2M3FtdFlBZGZscVBj
+        NGdWUDlPZHI5ZFErY000VlFsVUtLYjQKLS0tIGo4YmZWRHF5RVpuZzBKQXhrdDN2
+        UllmcTIrNXJjcnNSS29BMWlSNkhOL2cKaPzeAO5y8SiU/Oupf3hVbhm5qlz08Z16
+        vaGXmMv/NjhSM2Xevk8BYuU9CH9rIVqNDiQXBKeIVD6VhdtoJV2pgA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-08-10T15:40:27Z"
+  mac: ENC[AES256_GCM,data:hxVxH/BBwYcvbtOH4aOUnI9NnbCfAGnnwE3VQBJBJliOWo9WHm/hx4Eol4vaS+AA2t6AUU7UmzjofX2wSTbqQliDCFCSgbpMofDXP7tmlat+M9Du91fQmfOibzCd84tkqS+TRTFCFX83LmQ7/Bb2mHl77uGVAFYyHX9+IPPEUMw=,iv:w2Rdl2+o7bZRQsOogU6U5DK1UuHn+bL4Ouh3XbByYHA=,tag:6sqJal6+kzk0stP6vK6oOw==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxK/JaB2/SdtAQ/+JKe4fsuAKMJr6kuDt5vjv+hrXamWEwRLBfYPHHZHEUeK
-            AQBs9fG9Ni7Qpelv8RIbxWyophgt2TCEqP2d+7EcGTgDZkdLxx5s2LJuCh+tEZwT
-            bm0sPt+8eYY077MxA1ZtlBgkslMugvdnJaDckGc8xRPldUa7gRp0j3yaLULRxjA6
-            T0nyALAqAaDa2uHgB7mTB3pXJYk4GxZpYbVc+wxAWXEDRLR/bpT18ywAcA6iSerd
-            KGDzWKjgOr1TTJqUxsguqDjnVp1c+xRPirC9uENGqW8mxI7h1+4B//dJvuXV/cYh
-            LKi0aDUTnma78mo2v9faUSJl23LkIehWZwbVG/+Mpkk3yxscLV124Vbwj56IFCzI
-            AiJ7m2QVxY5eXoVLodw6Po2S62gkwg7H5Aw3J4pppNuIAIr/8mJBpJoBy6poTsG3
-            QhbQdEdsF5ikoLu/OV/H7mp86zJt42Q+74xGjKYx/qvLq6SDmDA03kqk9N71URyu
-            FRTEDysEkeAzreFFkxn3Q+K/cXvtv/2Knte1lmDTfpmhg4cFwsLPLPH37A2veaxJ
-            JTyWDLHgrJ8NFgii3gLrwj+XLOZOwmCY0puJKtdAnPaaQiLfyqYfeLVlt7Se4MMJ
-            8XaFWcaQHBxL9nRZnx7WkE9LfHIG0e+414hT0F/aER+8iKboIbt6rdEHpEMGDWnU
-            aAEJAhD/TpW7E+yYjFVi/xSQ3kCAruHcm6x4BDTE7by0VeTLiRFW+culxiInOYiD
-            kdp+dATm5f7IrQp/qemL02/Me5yqURZlZrDHra7AiCI+MVBJiCRIY/x6xZSew7PX
-            HC+p9sB+PBFL
-            =1qbt
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAz5uSgHG2iMJARAAynwvOJFE4hlU6Cr/HwoXK5TqrsdZbJjsK0dBhMJjZCXo
+        mQiGbeCmq6ut9LpSL399eXSuZ7MGzk39JBQ54PXUeB/3K02E43tIAzPIrJGXVW9n
+        Z9QvdAk5B772WgjjTMN82GeQ7xGTp/KJ8MjNvob4umpqYVvkX7CN8glvldHoeqbH
+        oBwviYU2YEnNgqWYCby0OvwT2Ouky8QEXiKwlI0fUfGd3EHtnLCwegouAUUBKCqb
+        2SMPLpSFeJuZiGxTsS889CJWMQxXdfqVDS3aedt7SJP8TyqdDlIIJ+fJ5Vt429vN
+        Af/drBfpViLVHXHh3MQNF5kQXgLt+LSecuj9ubZHXLNm34nw0ldtjf1nqAcsMDRY
+        gM3FQSuBZUU3vpbisFHzF63tiotwdjQf2BR5r9McnSKyHNHvd0m6DN9l9W5xNlKC
+        Sdf+cuQOdtsYFxeGrkl7j3uvxsjEyfPJ7lokfRm3vC43GY6MoBBjVqUIe1i4ynUj
+        nLwtps6AkiTyhkDUXomCqKNiZNAGwW0VI2lMgnva/atWNI15VuD3gOU8TrAfBRcU
+        vpD82HhBGvyYgcqvn8WWwkd508OQsAHlQlZbp+ZFjbPgzqriSBCv1Z6C74Yhw1Gg
+        vmfcCCRw70Vmz0zXC4iWJxxFH4SUla7YVOCdwrKhF/6thJSfgQ85bsFkSzUcvV7S
+        XgHhXgm71Ah6fFzrkOTo58+8RJBwXYGhcOvotq0owzuski4RtdLKWTtC4cT0oMlR
+        hbziNLYPYo7aogsZ+FxYlkQ4YTleKJUkrUuwBPYqYKZsbCG0un0R5yQrf4/hlfo=
+        =ekfn
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA6EyPtWBEI+2AQ/+Ijn18W+K2je/hpolpY6HmQMTTRpQJZ8YtJ5G35o5WoVP
-            hH+znQMrBBAtnTWeFBeIuIzk4CHjPS0yfnsE4/rP7/lSa177A2xaeiCb74F6k/Es
-            MtDE/TApSlNdPFruN5nkd2I8jAWh1k37nS+/NUhszReR39NNmgA+aCSc2OK04aAz
-            dpPXmaJ+d3zMr7eFoL2NyhNI3A/ZdVP3UmZCp12juckDRl8oeei4PBlw2T6ODJP4
-            tY08I9EyK/5K4auhYJyvayl1RWwRuShFV732ZjztkawLw152W0Rrg75Qoukhs9mr
-            TdyF0zcnVxAcOV4e5wRe13dDV6Ue7zeWFc9bb577thGzUm2Oue0u+oisty16qt9K
-            0vw0tVSDtT/suodG8HpvSwGQ+/xcV7w8XCH8Yx28N9iO49VZCB1ZYXQBxTHVDl2b
-            J/8AivaK4OOFvPWNr4u6oLaO9nz1aaX6Qsap5zn0Qa2Ls2SSBwWk2Fp/f1dq3KOy
-            /jGR89ocuEuImVacr2G6zxPnbukfa4S8q/FUUDbswQUqmWMcDDq3dOQ1fFPRd7vy
-            5a9u3P8LFW+ZPPHop3kgozgZ9pBGDOlw3nkjGjFl39lE33E+049gLE6I6+1+umG0
-            EWkNI9y8X+HmHMthVuYapq23Ix09H6Wa452hZmEUxNgp33M8Zx+l3s6D7o7jfrjS
-            XgElPJuUWyGKPoUY9mFaINyVqjOJGEtEOYRP7jvCpFWDq/xQ8jbJvvv7qBy8+i0b
-            cpqRrMJrvMB2PSLeD6cNWymrNhKilLLFOcG9yaIEudDhiuv3L4/ub08QMroDmo8=
-            =80AM
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAw5vwmoEJHQ1AQ//Rl2w61XcbW6YhwDThbwbcpaKzZegAzKnKa2Q25U2UfNP
+        jhqwqay/PUbJyt/G/9ukVNZ1ujTu4ffbzlV6wD4TJ6baLn1NL1Xkjz8rqoIlXy9/
+        ZqpyEZxyQAsaP0hBgE3x4UZdD6jh/NRUUlrnPRFVqXxHSCL5XHmHdjCaY58OgB6H
+        /5LFGjYdxFomGEozR5fpgBuA50B4ylh1Crw+xiT6VPB50/mWRw7GSO4f6iwB/2eR
+        VeGrK7nqHf6dFS/mTDUxw2jrSoyjDMTgAPHwl1qJ+Pug8fmp0cIdLf3ZGBlulsL2
+        9DHCvXNeNGmk72Ag6DWh1vxLBOGYAzar4hXSxu216ppJh9ym+3SZRmEYhP33VBRp
+        JbufVtrRwK3wU3+o88DXZ0Z58Pt+IlH652qxHqJlC7H2F/gX7B5zjH+Uz+1IeEK8
+        YudPIH3Vo+saCSpKg0RLqHiNXE9ia/wvnWNzw4U5GGikle8LNnzy2TMnwq8I92GP
+        RUVzWH3vFOWMSt+ilrA4nhjeVlzMBMGBvmQiJypAUAj+fm/xEJTkasa0a+GVpZtH
+        zHMwTFV/A/7rtXFrtcjTjDLBdlVMqSNM3FYHnKKlZLYUQbqhQNaINdxjrx2C/19w
+        +WLI08wqrPMZSa5iA1q60LLC3WkiTka1K5N+8fT6HxH/OuuiBJJyxMWsoIcSpYTS
+        XgG3jf+BR/9y8kDxqiGCwwU7fzRGXGvCH5i7CJzwrWtc3FmTNb7ct3k+tMbEcrNc
+        frd6gvm0u8+I5CFmHsdZFrDy55afTOoT4DErO7vmUGRKh4JfgKxsn8lzzfLcYjc=
+        =hjjX
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAz5uSgHG2iMJAQ//Vv7IVqc9ReeFgo8RWbYpl1W5atAHerZuUh0oYc4otGpb
-            UseJ2JInyykcUeQWlOGvTK+eauBVNET0E/6jylCoWb8lzffhSMJ4FFpvpsoYjPG9
-            Q8s3r8soOCYB0xscfhinZwJg5to+I2MSd8mppWIp4UCQhxv7MqQpbqEzNTfVP7YO
-            QEUZ/lesVovLvxMzKc2YVWyZFSW2G6HK3LTaJIg8gy5ym/crlUB+awd2ZDePGk6F
-            Y7DcKwL1EpCL+hoPWGF9PclYKrOBIZVznYQuwHAqG+Bxr9Ln/NmS/OoCrJDMN6gG
-            2YMZ3Q7GQ82zZESxYA7g+ef9/lGCm7DIkt80or72x7eS6/OP7c1bjGFgKLQNyHFU
-            Th6cOy/TzK8Sq2g1mWB2zyV3xk6mb9C0ETAFD5vvPGVC3Sb4549Y+epe1T3ZLFTA
-            t09nUIpTC05PEdGsWs5Z5MDp8ZCsPZpipbVrWENesNOfaFYG+p7aM0LjgTqZcadD
-            B/Foejayc3XYI0T/NoP43mAZ2nEOw2Bz9lBpwz0PeTfzyrhz9XlJ7Dw462XTFA3i
-            voTHA5+DzGNPf6zC1fH9GcESmpC2nqXit8ZV+Y7Zb9/cAsx3E05S8ayxdBZUrOtJ
-            JSWGOAfPuzGXgL6Ht3iKcmCxQ/pSi1aH0h+bYqlrxTvP9IMyNCrxmP6+YsXCv8XS
-            XgE0NjzRMClq4/HhQ5X0ANGHWxbZJLAbm8yfgK5rnnmvi53RNJhRUHDnNca93brF
-            n27gnVLKM+2FdwRjwNIznkbZV/iNM6zIfRWwmJs9gHRuX/J/XWzD1KjDsn2rmiQ=
-            =bAYZ
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hF4DerEtaFuTeewSAQdAhOSneDEqtquUzQxEuKsOmmBWObvr4JDzmoijutbNFS8w
+        dixZ92+6rfNthVHhzDQghzyU8dYNqQiwfcrXNWpJ4fJRE1g8nTuQApvxTF4lC4Vm
+        0l4B/YhYp2JGWdw1dllA9cD/HMAzKJ4zHSL7dCcfP6k0b6CUYm1GuO/VT6Bx7ygC
+        gfLuQKGFRPomTHNan4S1rhW0q2zvQNGIFMTDo3eR6Uyb2UVDTIdbaICsuaEKssEc
+        =JN/I
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAw5vwmoEJHQ1ARAAkdXjf9h4iyYtKPwR9V8hgIfpt3s3zMduuJN3u76ZHdfE
-            87t5K8eL2yIVN2DeOqtXRG28Broy3LLwMlLOJhxVxS5LAOEjT4ScZyb9H7MLnDsp
-            boW210SLkeQ5vTW9hgjAU9V6wbemxoiNPYTcBUsuirI8a+jpnALLY0jeOILBEmHQ
-            c+wbeo+VnlTQkTKCFI7TwlG1JnRnv3DMATVkOjC2PXmXPNkhr04Ivvf0+yBELY/1
-            hLirTfk/W6vFodPaoaRaeWjGJOo+FbqKLxr2xYzVu6SkF+i4CvDPb1x0t/laTpPA
-            qC6KJ1wyVwG4k7ZBLgRcf5Scn1zgGFzZexUAhdIYp0tKPycphUQxEMOI8/OeBP1V
-            68gBcilvv42zs+ed2RUK4j1e9YklxazZgaUhPfdrBrw/HiDJ8ILaq6LQQZSNrxZx
-            koAV/qw8ylU7vkciyA8bGLOiWc/Ub9vkRSuEi5TMOhmT7bVZ+W/26bWgDcAMmCpa
-            13H1uLXLuHnfDavdesh+RAxRgEavPTMz+HFbqhvkv8sy0RPCodyJv69J7dsS7a2C
-            71Ub7jyZIQyRtTGGZH5EjMQVStBMccE2KrJRzZCKbCmQDofKb4M67caaHBnVrs7D
-            vyx8V7JQGkNOWIgWFb23dtCtRiMzFaRk31mihFmFF2tSgg6XMqNmTp0pc3zQBarS
-            XgFZKRlYE7H1tMUCDwyKB7G3r1jsxBlUSbH1J6XjUBWKkTD4iMHI/4YStvghLjm2
-            0qqgKH/Njd9xBXc3x4Ut7kh8tFMMa07xF7/V0Pgwq+7J7EgckEfKHKA5vcQt17Q=
-            =23io
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAxjNhCKPP69fAQ/9GhlagbbuK9o7QroUgY9gcimdxp1PTK4HOsjRgnf56PNm
+        vTpP3We62o3+ohIX7yGKbpNKbnf3n5Ecx3ItJbBRniUDr3G2AnnxpynJJWmZGsn3
+        HOsgQqqYtUeSgf6KIhaeebP9drM2p2qPYmGfa+9DBb+Li6FESOlzOmZeiUoaZUlF
+        lHys0cTsBE2iYepR34NYwv7qrkt8tkCz1nrKraAmhiNWFoUFWVN617p2NQICpsFD
+        Wk5m9gJtWlgQHvSHvqEgu6PBArOFclBcY+bb/XC0srWlAVixwr60iDy1IRRuKz6r
+        9OukM9Ng1V0bZhkGyjB4ti+RmQKiP9SPAupxmCe5n+ZkweJ7gb/nE9lodNJv8IkK
+        3o9h653H1hCbWKeKlaAggCfopAyEn1mU+7l37AWUGh3sh5jz7aFrdXYcAIuum88/
+        Zpa0ALYIABoevjJwV6NyFtAsQpt7YQ3/0wJe/BC/6XQ7QI44DlUYraIaA+CLT9gp
+        C4h2olOPtCXHfNRM4VK4pOJ0gwQVTI40snlCNzq9TfZPjC63MxzinRLs8PUVvM3r
+        CXYTwxkOI3IFdvoTIefdVjoOxvGR0tUyYTagtJ0nihh4ymKlxPS2F2FNAm/oDQvm
+        kx1AjAci8YuYZbS+DSFpi5djN2nxoQRfiFhm08ruBRnX0SI1EYLMShO/AO5fJrTS
+        XgF86MBuDd9XX2E1OLWamMpgobsAHLgUd/kny8Nz1+VFRmME+FKicrOOvm3RVPWW
+        D5NGxvlHPMfeE/xqPv4Oog1qkvUdDQoNSc1D6h8uh07XW77mJr0kwnmhk/zDsmA=
+        =Tlzo
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA4HMJd/cQYrVAQ//RH/jOrYE9MD9IjkUfsQZ79rjEwDdtmsXs+gS/XUr0MpI
-            f/aDyw/vfvD7ZgY86yqp68x0OQLIyRIx9O05FNB3giVN4YFvZpFblLotpMzCFa2d
-            5xKLIQ1oviDSnE0kKpNM+QKITKjCxyke7MgW/laXvF0zMaVdPj0qo3Zn07MUKULs
-            btxZgPhzwWLjveZGn+72QiBGTF0ce49TWoh6y/l7PDsXhojau2KP556hI3rp/nC0
-            PunbLVRntpz+bOoyOk+xvKen+8b/Vwp+GYA2NBDbZSEY9H3YF5ugZBR/jUc8da7D
-            9EBA35udmQVKtD2XZrIyfhETC1eqLXORo0JKld5oC03JPkqvV+QpMF+8JBjXe1Cy
-            qI4pBmdhTJYFoJHpvMH7eC4CWgZZRMD5mB2nk1hYd9oIiYUPABfdeGxKiFnC8zHH
-            cEY3jgGzetZTxnpk2mxZvFMMwFqyOJA2PnwMTv3IraARkFrLxGzUIG4uOjo+l2fp
-            igOKsw9p46RR1gkuKF4u3yB3/1RloDyqGCU1/n4BCWy5/UkjSQpWKShZt3qMd2G2
-            A6si2zgSHIQ+ubR7MPB3Q3U/Rnw7pSbTbdDc73pZ2SPZfUuJplPSDUvXICGlj8cO
-            jO8s926qp4X9C4mi5um6EX5nLG+pfuKowIBdB2HWmxu2idwyrmNdlIgAcWcteazS
-            XgF9W6THXau4lEmrBqWEiC0K/9NA0cDJqRdvj6wqZ/OIAo86q3yRlm8yY8U7D00j
-            wNS8WSHq+EX0K9LpwQiHAJoxNXABEx/DbRqVeuLn2FaCocZigbvu3k/pePuOsK0=
-            =ZLl2
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA1Hthzn+T1OoARAAlUaspaXyF0VUY+9YYAZNTO9FcqybRLNMCNfYqxjOc9EY
+        CtHqfMOaA2fYO3Jz5cY3u85ilKovHNpUTQN2AL5B/DnMthQy8ooGrvabeZ4qYeuq
+        EgKDgzsFw5BS2eS1t6A5cl7OS/tSMnN83Mmy5zYT0eBApkW0uwucv5paNvi4v0XS
+        nxkfpjLx6Bh4lZ1S4elhkkoC3NQp9oi/xQD3xQue6i0hAw1fKjHXHcluN7gBYfQ3
+        dgCuPC9NGdNJ3O6k8zn5b01wyLKISt0noYy6XQfZkac/7YKJmfYjaDjwr3G5GPJN
+        5qDvb/NER/wcPMPiH2avFFPxy8MetG44OS7F2sqUumwxPAKCgrLuGvX5zNf2FdSO
+        hYPaOveWxGfoAP4IkoGlnp7+DdcWplWE/zyA8vk49JH/cac74+tUkI0AOflJVU2y
+        EGJ2egD2ThL64+V3Ezml5QQnVFwgWWM46w1X6fhx1wWD+o9mZovj2RF2WkGa2dp6
+        vP5PXDvTioFt40v5sYjN/19sfeuT+QVExdRZ8yBLgPj430CtF2TvCNNP56h1GB4+
+        oId9LNlhjSLl23dcA80C3OKLJhFMFC3EhJDXqyrUFXf4rUF/rN/Bd/ig0oq/d2+7
+        LE7xJE0TYQw83ReW4Amcy4rkLOub64JiNEpEBqZk246MkZoH2IT6gh8sKJ/DHdPS
+        XgGcprhx/8L/jM4qS0nGaFvkMnOWqZfv0By/CHCl1KPx9p+6m+a5oyA6NUUbYZsZ
+        6BF0Yk2CEdlM8WjUilQWIYBJtpXqGRu+z4KkaosyNmAem0gImPxQQA2bBdVTQwQ=
+        =PMud
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxjNhCKPP69fAQ//dCKpiens8kqp+I9HtwP2CQOVMLLAle1VYB7pJ5pfcyzI
-            /3tAmwcxBmg+jhkFiqheBQYV2yNmBMHc5ulx+MxSDKd9mzCTavlGlE+intPjON8k
-            sis68RnU5OFsnGVXSmJji1vN37cCY4jHkf2vYzz6HJ6FLPrda/W3ZfXI+ZnOCao5
-            wGYrqPcYUj+7gnN1S42HM492oqeCNLcENDvegf8AxtBEgfp7UQ0V3ZC0wZEYhz0V
-            p9bdivFoEZ3Zo0sJTWKj3Df3IA5T6c4dbSPj8r7IZ5iNDguKAjvegXujco7pow51
-            fNNJB02hnYHLMRAbeRqaWyJ7qUQSWbQEgb8NuonspnXnajKc/OddgoTN91gTRgMb
-            op2T3HOFv3lKZPA/xIeDZpIm6GqOW6eJLjqiLP39VGvvNRYg+zxhNg/ZBVkFuSAf
-            U5uDPUyIAr10zdm7NqJKL8wKRbQzBg5OYovrXqSl96+KNenJqbMNv1N7kfSF6FuF
-            x8joEDXIaBSwINE4oXD5SN7Z5L2SuuMJ2nvuXFmmXKerRlrBiGsBzUVMt1bGqKEU
-            KoAAwbInZ9SprSxqJ1EkSVXpNGnFFNlbBB1j2u9BoGygOkVM4ZxIS19DBDLG0Tls
-            Fq6GI5d3axcf7t024UmwcU9yaP1BzrV0bDvDg3X+Azuo5JqpT3pSUvqv+Sy1C3nS
-            XgHK1C7XTOfcvmcxJ1f++xELwRkgNo1OqSG3cIZ8i1tKZFKTyYCiNHa/ajSr+wER
-            4phM7Tdr6ubjLkqvDkMeXvtiGyUoAvbtLC0wqSaE8sEZ28eFGEAaECV/uOW81X0=
-            =0jv9
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA46L6MuPqfJqAQ/+NWPka8B/F/sZkJ2cVtVLywIPhHNIroBiyA5n/8TOjWjF
+        Q9zII52FLTjOrNozJb6Vf09iNTBqPGnde5vW/98aa4v6XaGL/rpHG0TS7uR7Y26Q
+        DQbYlxZIMwdlhkrb6OHgTeocl1q/XDruLqUaEpqxDjRrtwvFqtEPIMkIvJQp5g9U
+        qBUqL0gZz71hx7M4V/cxCitMY2bmINueF5TIF44THHGu8QbZaoAt7vXzkxvn9/Jj
+        jkQYCw128bBWWOTgZ8Nen+s5QuV0jRsczZGkwg7KNSkYi+XszxgcamXIPkKeGhcA
+        kTyKDNotOeKyui5Mh/MVGSQDi/njWua8ZiPUarORef53ndRY5hkd2dQVjZm1kZvY
+        Hfi7Nxd8Uxl7ru2m4W8+MXGPRCnm7jFFaVtcwKdGyIASyTtJBHG/wbXDVfsfQVSc
+        /YLuS10B37gd3innwndPTockCHsuOMHIbNeM8RD41OJSV3opEQlf+DCxTQTxQMZg
+        n+J61eflGMfkMHSU8yj/7b9NX2IFka2w3GO/hicZ2l2GrM7fNUqT+ynaO1lC1xNX
+        ALReI0DQUdRd2VHn3cBoduT2j/DM6RaVH89nf7Euj+mzHGSR0DFNxHFXyoHAJJmF
+        8J08ATp68JkbahHs7swa9Kh3Z4//LILHYcdDiiJNP5NJRG65OlIcTro08NzPg5HS
+        XgHKbiW3ZXCowpDempWr7UawruY3O1SSvgC3YsHlslrm6RD0uINCKxJL7YjBjIqD
+        u4M70/rHNiGJefJ2xACNQgdTzPl6s1LpG3c8ANEBLVE4irqFTE6mgfErOMb2Qzo=
+        =JZf1
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:22:01Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA1Hthzn+T1OoAQ/9GTEI65w8icqppqTuvQD50vaR+lCY1NjWT0HekgvNuCLV
-            4gL1cYv7tJ5UU6jOnREoScamWnUTYf/sLINIfa+FgvH+apswQeQCFrdCb8/61/Xc
-            3hsJ8gwmguP1zJabKFI6/Yo3vPPa+kpj0Am6M7dUUxEKw4Lqy6Hc32O6ULNJOvdo
-            56oqr6KoemrpU0TzqkKTpgAZaQjFfVzPWfC8moUL1pvxrHm7rqDPiYcl7fZP3JFD
-            gQMZokH205u1elxiFxuQGtW8jbeBqCZUm1UorEgD2EJYEPfyphIaHaQnCpW8zXkI
-            gt9QT3cqJpGJAobCPbh6vKPtbGPEqZOzOaCMFl07pkOSGPAVGMVfV+FdsfszPYY6
-            Rqsk7zlCFv/iNFWKpkdfI66JLvhmgNwXRv+rkYzH3QrQikjLmAeTzyL69SPujgDK
-            qXBRZiAPwEDScr2Qcum36jDVrT3jRfC1opzwpRxM2ompJ0F6caBPNVjY10BScl7Y
-            RWVmkFrPL9MdEelFLscG17K+y5S/50sLcU+sGbMkmPsmizA0boK5XBXJz3cTadYy
-            Asr2b4aWTqBS5iW1vbWIGJVrUUk3U1S4fFaSvsL3I6O0E+sOB3eEEpQZqpF9Genr
-            hCE8GVE5yQWb3YYK0ZA7j4u+dwA+QfRIuQuMWFoRKp8oqEitjjix3je2R3u8/ILS
-            XgFcAp8Jh+VbnQg/pq92u3dX6afGv6nENpMVPn73yob+sfE5xUFEfEzE1E1WCWdR
-            HiLZVOgpVOYmo2s8/UW60hLNBULpqyf6ZTQsr7IqaGw4g+Ew116cwDawywRSJMg=
-            =T0nI
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAApsnPRzTCIkbKT6jaVHixgP6wyCjfVmvgb0NnMrN2Ygup
-            pafb6GNWoFq9WdiSqwFIJPZlZxJFiIgSxplDI63Wj1MgfvQBEnKUQvnvR+UtnB22
-            bGr9mIrq/wKgslhPLFB0qT81RK/GqJKvRNpI3trGmB1pBnDdb5jiFeDHStv41XrP
-            hezAvmDGBKlM74fehu0pKOanIspyvFAjs31NULSHGJGzBxyM6OGcg/XLt9ea6bI5
-            jHwu3+M/7nixjtaIdCtEFPv/Mdimq9p64+c6AvbEVikUH/omRebRFIRrJCotYENT
-            ak6/2F+Fze2cof6pJPaq1KTF7LQHi1ZaQ/N+YNDsMJIYYuX3lVg/ClEjeo5k1HJ4
-            Jc+ul2KF/dAh8UsJPIdhJDlxIPdnof7xBLax1xmOQTHpqsfhZe5BP/0KMeeXzG6s
-            TlozMaCY0ok4JiQmiJcs+TjHX+uiiih6Wi756v7qwpCk5u3/BM+veHB/slD5Xezn
-            KmuHzwcbaP1n5JlOtv1PLAPfqX9EDsAVr2xhYTBISZiIKXyfagUWzPNX6toYtBfV
-            cQ/m9nfc5/STna7XGucnKkYFG5U2a+olIqCcbbNkN4NcW5ly0M5g1VW3oh02NO8r
-            A/4aU8ECj+79XXx0XCuVojnkGdTT3SQex7bkV2stBpuc5xfESbuOMWXgK0qZrYrS
-            XgEfX0ySVVrCxhtJgsQvZl0zrOwIttomV6hlQgo+n23HNPwjEf4nf1p2sje0uPvb
-            bPC7u5y1eDdy5E0XyWkAg4hxPLg7yOj7ET84Bg9S3NE8cE0nM50qL0N6aCAb4II=
-            =Is94
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/7Bx/s7WlB9TE30vyqVWw6H4DoZS8s03Z21tDAtrUEK+k5
-            QtMPvAIE0SG4lXersM3L6VMmhvPQlwZf+zSzBnO0J5vacvMG8dch4/ZH7YTM0VX6
-            T0Ix9ScamEI8J5Fr1LAeBoqtTa8n1/3N2ILBVPRTTX5Wu4lSUw/voeePXAYxSSMv
-            9vzrxJNcRgzbd/8Fbo3i2vzn4GvrP1JzsprLrUMVFaek5khD0hRDJMM0IhBWFRRh
-            L241zX/IBZDQVz0x1QVUBFmkoUjyNn94CTezTmGvqCXfkLRmcKzTZXd0dhORBPFa
-            LygVSLdor0v5ru70rMds6YN5WvqbmG7KUY8M3gcVXutvID58vw6ZE83T8ZAYj9S5
-            r9hXegeb2e03tCvSrHmQFf37+298/E8/kBrBQgoevnHmm3p0yN3ZbrWLIRhbx2iF
-            NzL5s17PnGzmuSigoZERsN2Flx2fzUbtwVDP3AyLVpQ7NoqTZkJTcGQuvkYawnEa
-            3RxUQySR+a7bED38wJ6zEpVg10ye7c8mVkzQnda1Qp3lnPZxz+1qg1n25I9hjNO6
-            X1E8gtXx2EcwaoWcPO0W/sNBwE09SCM68KWSykwOLvZb5tq/HnhrwSisps5sAg9V
-            Z1c0OCwgJvYoTY46rqk7scN9YkE16LDCtAzgppZerli179E/f/7O3d59CA1mCEXS
-            XgHbdM2nxaBPCPgXXNRVq13R8JXiOokuxUZofwl6FaG8A6yc9z5F4Ygr/KKDeT0i
-            YMBezxQtQ5uKY0jIx5g2r6aSdly3QPNKiFS/rxDCrmtaBqw+OvhvLrnCn6IaRVY=
-            =XAoN
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAFvRDMKG3Vjs98kRqcs4ep+bYoUcBHbMA7WgzI7CcaGQw
-            FjdmSwvWaHJZQGEbGk4uDHKPHqXRD3HnD9d75Azu2HXnCA29aU2c0zn0PziIi7Aa
-            0l4BbcavPKNBkZpJNgW0uII7xMYJWJ/9vStTxXG/WzNia6nk/Cv7PMJW7EwIeUga
-            +PWB4yGfPXgqJGnJj0H1EdCVPrM/+f19GcFxNKKzkGaKTyVTW9NxntlsFl1vbmRx
-            =YRc6
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-08-09T01:28:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ/5ARLA8sAZHMwNhHJycVof+ZergR58hXCBjbIy5zgyAwYU
-            IJ5OwhTpWqniZjt0b9pvlzU4JO1k73B1WrF7mAYEOKET32GPVatrQ64yInQbORSZ
-            zNQgX3aQ8tEtyBsKAWqwqRjOaP6Plee6G0RCksJBAkjIZik0diTOBwi+ZhgYSRLE
-            G1NAETqMKkLleYQbUWCFNveJOd/7pfhE4xhAEaSxL3dgXNPV2TOngvjCqMXvz0K2
-            hEz6OYC8idpmAJv+S+HOaZbKV+giCopsPyFnbeu8jf1UpbsBRbHPnLOO6lLby2gf
-            2P9MhwSeMjjCZFX/ys8vHQ2jUwXK8jfW3xfVie4hVJgh6vO+uHcomjnk2b+34SRk
-            7ttoozLbMFxwrcP9trV0TgT2uzjFCe4fHccpY1VLTCX/O0eYtlhDhur0Wojp1z9v
-            h5mcqySEtJfHXJbTXkgMA2+QSyUaTTfvZ6oJqX3yAoq5eIzC0CcF+IMa6NS1XkY0
-            TNd3FEhwe7TvKGCy/3bJx6jMUnhT71r6KW/w7RVIHgdp1hfUS9JBhxVB+agQVyRv
-            +HBmvWHqUdwnFzotGRzLU1g6soWa+fRVQQ80qAi1U8e+u9IX3EG0KoIXLjpkvXxK
-            y520NcOdN4wR0xILPP/+47QDN+kM6lunm/EMgrff4YDE8J83qMhH2IP5s/tV023S
-            XgH1hiB0U4SYt0Rp6OGDV+CjBCFaCkPPlync/SVuXddfLC1owGlY9L3jwu7j2PR7
-            jy2jPPTWrOvT0wZKEh4k501LRb0n6LGqW6gDTgOnZKNg2iQ6jybv2HeyyExYllg=
-            =1o5H
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+        hF4DQrf1tCqiJxoSAQdApX/THvWws8d2Tijx5RrGIh+CYcqDI0T30rttyxT8Mw0w
+        /7TkFc4D2eSqXQW57YWEACwd47NGyMlW96JEeMDCqwNdGQQLaSseoYrS1hxI9oVB
+        0l4B0/igsdF1GICTtToMkS8aWwVHXQLu2AO0wNyKjXAyLtsDposdx+UtLM0y0v6X
+        HfXqQmyHEK0QNr17oqyTKiHQ6rnuX00W42vwxDCGs9RuLvI2qCWeNzC6C6j62vkI
+        =8osW
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.8.1

config/hosts/public-reverse-proxy/configuration.nix

@@ -1,10 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking = {
-    hostName = "public-reverse-proxy";
-    domain = "z9.ccchh.net";
-  };
-
-  system.stateVersion = "23.05";
-}

config/hosts/public-reverse-proxy/default.nix

@@ -1,8 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./nginx.nix
-  ];
-}

config/hosts/public-reverse-proxy/nginx.nix

@@ -1,68 +0,0 @@
-# Sources for this configuration:
-# - https://nixos.wiki/wiki/Nginx
-# - https://nixos.org/manual/nixos/stable/#sec-firewall
-# - https://git.grzb.de/yuri/nix-infra/-/tree/3896d34f4f7f3b5dd5cbd270a14b56b102ef3a2a/hosts/web-public-2
-
-{ config, pkgs, ... }:
-
-{
-  services.nginx.streamConfig = ''
-    map $ssl_preread_server_name $address {
-        status.ccchh.net 10.31.206.15:8443;
-        status.hamburg.ccc.de 10.31.206.15:8443;
-    }
-
-    # Listen on port 443 as a reverse proxy and use PROXY Protocol for the
-    # upstreams.
-    server {
-        listen 0.0.0.0:443;
-        proxy_pass $address;
-        ssl_preread on;
-        proxy_protocol on;
-    }
-  '';
-
-  services.nginx.appendHttpConfig = ''
-    map $host $upstream_acme_challenge_host {
-        club-assistant.ccchh.net 10.31.208.10;
-        netbox.ccchh.net 10.31.208.29:31820;
-        light.ccchh.net 10.31.208.23;
-        light-werkstatt.ccchh.net 10.31.208.23;
-        thinkcccore0.ccchh.net 10.31.242.3;
-        thinkcccore1.ccchh.net 10.31.242.4;
-        thinkcccore2.ccchh.net 10.31.242.5;
-        thinkcccore3.ccchh.net 10.31.242.6;
-        zigbee2mqtt.ccchh.net 10.31.208.25:31820;
-        esphome.ccchh.net 10.31.208.24:31820;
-        proxmox-backup-server.ccchh.net 10.31.208.28;
-        status.ccchh.net 10.31.206.15:31820;
-        default "";
-    }
-  '';
-
-  services.nginx = {
-    enable = true;
-
-    virtualHosts."well-known_acme-challenge" = {
-      default = true;
-
-      listen = [{
-        addr = "0.0.0.0";
-        port = 80;
-      }];
-
-      locations."/.well-known/acme-challenge/" = {
-        proxyPass = "http://$upstream_acme_challenge_host";
-      };
-
-      # Better safe than sorry.
-      # Don't do a permanent redirect to avoid acme challenge pain.
-      locations."/" = {
-        return = "307 https://$host$request_uri";
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.firewall.allowedUDPPorts = [ 443 ];
-}

config/hosts/public-web-static/nginx.nix

@@ -1,7 +1,17 @@
 { ... }:
 
 {
-  services.nginx.enable = true;
+  services.nginx = {
+    enable = true;
+    appendHttpConfig = ''
+      access_log off;
+
+      # load the DID redirect map from the webroot
+      map $request_uri $did_redirect_target {
+        include /var/www/diday.org/nginx-redirects.conf;
+      }
+    '';
+  };
 
   networking.firewall.allowedTCPPorts = [ 8443 31820 ];
   networking.firewall.allowedUDPPorts = [ 8443 ];

config/hosts/public-web-static/secrets.yaml

@@ -1,233 +1,150 @@
 spaceapid_config_ccchh_credentials: ENC[AES256_GCM,data:5IClrKKMO/AztQuGabrnoRFItYNeEmVWGeafomVO94pL1RKzL1sCxBxnmzvJFPb/8Y+6FXMh+Mim4DP8B2RaJMLpmqCv+76N/5+527SZ6gn9i2Klg6q0kD9RzJv40qHq/NYLCa24tpcZDt7eB0EOgqLsKUmtX2LrQjjnN3NzjAevJGKQ5ypnb7xygjft2KrpvlR1hMnZ0XpSLDTNR1AmImxE24JtDaJKzwXbptr2IZvm1UFkNslxdqHPjN+N8+MSSLhqHy/FdcY2ADvsTX1jtjnjkb+9E30QOeCiFPKSmWtSGiQ9sPcQna1yr717Vk0EiNSAWDQ2fMZyJUgBXG6w3wiZbxfJmxvshLPs5KguF9NHER+Seps1QiE0p16c0IS/0Y24UYrK2GyUIcSReGufjxUFGTJHFSsNANac34H/RTs7BkoZ,iv:8WzTRaXVeH5GKmigMVTLVBnhy6nXZnTZHLAYHcqDs2s=,tag:jTdgz0gmruMWWDBQ3h70vw==,type:str]
+staging.diday.org:
+  lego.env: ENC[AES256_GCM,data:FHCHBrjapNGSAtUnDTMZfeAZJqZV65d8COBJF8lzZmNBiw0jXyrmJ6rnUbYmnPN54T+1e8V0dzkdqmYX708tpFWagOPPQ9Ko+D+lV5yJ4hj/lhunuPSetWC/5dGBfN6CbA==,iv:WZ8CWu40ToF2mbpSUR6pDdUa6jcWPIUsWhVaGGBwx1E=,tag:8CohD3CwcUm2LzAJ8Lfimg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByclhsVmM1TTVCY1ljcmxz
-            TkNMQnhUMGsvWlQyTkZtQ1RDTjhoYVBhOWlFCk9ERUdvaTNBQ1QwamtleTJPbUo4
-            dkpYYjVSR1J0UkJML3RtUlRXNEsvTFUKLS0tIHNTdEFGL01vYStRaVVmWFZySWZM
-            MzEvb2IvZUZwSTgrL282VU9WUVpGNEUKFg1INcr/YbkmV6/F/4hWbTXj3PCscAMY
-            dlr4Pii9Tbhn39yOXyzt3DF+XivkdMsG7fQTHSYdvzMAnvEJ1CLOtA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-26T01:21:16Z"
-    mac: ENC[AES256_GCM,data:ENLJIlcUXLEt+vXp/F2YATUZrc9ZjaE4AWwvG280etdsufEw/vGAWBhG2KT+CkcZLaJ4ctVvNlJEqU/pRzae+m/43SV3GNAG+jjT2VmNm0NyNYN27bpsj4tq11D27LPn7CkfBUB0gnmGJXVKalxhFkHBf+eq3ted8dPIv9YNRt8=,iv:Yfz7scjN3qDY9lV1SYOqrejiEwf4dVSPJhiFRJyFPio=,tag:SOw4Nhx6wwYIisRJl0SSRA==,type:str]
-    pgp:
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaEZqOHRMMko4S1loUXdm
+        aTlsS1RDNHdjdkZWSG1aR0d4Vmh4dVVZQWo0CmJUbm9hZzJqaDBOMTVObG9HWFF1
+        RDlCcmdvR1RGbzBKQytZK1lSem82SWcKLS0tIEZUdFpldVJpT2RlVThjREVqcUV6
+        OUJkei9zWmhyazc5T2FVbElFRG9RaFkKu4lZrg8UWVVk75eY8HBdLIT4BNw2UcyV
+        +7X2L7ltv2z31T4cKnnZrsyeG6fBGCLvuI5EQBd09OCZEUZ4u7qPOA==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMkdGQ0tpSUlWQ25ERTMy
+        QXhNdUYzdlBPUXR0V0NyOHpZbDY5RVd1ZXg0Cm40TjQvMXVGamM1akMzRUFuc3NO
+        K3lJYnpVQ1I3QjlRZUJkUm9QK0NuRFEKLS0tIFNuY2NXU002bnlvVHZKRCtoc1NS
+        ZE9rN3R4aHRXR0dBc2oxcEYrL1lxZncKuVocF84+ge1gyzfNjIxhwNgd8+kJIpxh
+        yREbS2mrQ2zvSMtw9OoA0KJSpoHZfIiCwn2uYkQDPiGB/721JmA12Q==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2026-02-27T20:40:06Z"
+  mac: ENC[AES256_GCM,data:Nsburro0nSV8CLZsxLaFrwsE5EIz8qQOlclNynbRT03XkfaPN2Pup8UWg9QL34KGcGUweqtytxZvLWjwfJYEsIkLqi4ZfrpXpEfBowq5aNbWHzDJDW5QqZKaUPmMQxiPVm1EhXmyvfVdFEueOhfFLbuNUSvNWaFk/7l2utTeLrs=,iv:dSJDVYGdaunvRqj+EkPGy3qxR9suV0s2Mm26silX24M=,tag:hqA+4FpP2PwatRMnZUcUqw==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxK/JaB2/SdtARAAkz8cMmtau9sLQQFafUnjIkuq8UWKn9TFcAfjAWDjnLTx
-            WAP4RQE56FXzVCo3DXWvucOjOlVNR9Y86x99eXaMLgYLtJfOTZOCbn2nSIDxQI1S
-            XNHAPEXEH/UXEoQ2lffIjR+VfSOpJlwD6acfVEu13NZMvxlO9/51EOvAAo+qKa0L
-            EwMczgDh8QsYohBV13UIxC3Et1Hsj0Guawrx4M6pzL4OvXGUKkpDfw4NCx9to0XK
-            3L4k+DHur3KhpZJg4QhrM1O1XJeb8RdlkCBMCrcteXkzKMQotVeee6Avr7kfti9s
-            R0hYuVswmiRJP+dxkQx1n84nnFkakY85LOxXIv7Mo3CT5xV/n/teUgZhyU+97aK0
-            Soq68sBMBqo8v3Izrfi1wp5iF7nnjbkMBzkDVFsRkA7bqYlEpTqZenzTzdEhm/Kt
-            e+A1mY+hcWI5Gr3kkz8+LGOXgBHHjXjVslK5+KmOxzcpm77IBIQCXaTViUwTJPbW
-            kmrDT9MSiS+bpTHS6NPLgRz21FltbCL4d0QD7bCiMnLjdeYwfRzT+if/yR6YIGMb
-            1I2odrB2Qf42CXHZooB/fV5OO5ziUXBpos3HZLxIvCUjOHyCYnoL1s4M3A6Zjf3v
-            0rZvSOy0UNwYwSbxRe5G9Z2xfFddFCTE5dp0cPV2RUEVMVlNU/kgpsMtxCFwIN/U
-            ZgEJAhDOqBVfz4bsqSMs4t2I4Vys7oeOfYJveNT88qc/PNPqjXgEoWSWp2DZdSvV
-            dNHaoVQHHRyZbRxfIwe0q+xoNjv6H5NafDIMnRk0gWl0gCSJQpCIQ9j1IQrXUoPq
-            cArG8aqHSA==
-            =rUJB
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAz5uSgHG2iMJAQ//QUk96h2C0nYHnswgF7hInFG+w+HC0v6sCTzwacAOCwMG
+        a4otLktg51S/iBqP0VYNCQSfBc0iX2YhHrrROHTRGrxMecVWi8hw3q6MMkBjw49x
+        wHpSdao/2fSzwB7j6llJNAkpR1RTZkmOimyaWAkH8Er+MNF6xClPuxN3IrPvU/C8
+        Ru1uZCXvG0jh48NzvXk7rK/KRhPWlcYkgPWAEWQdeNMyxW9Ha0lQhSOhC/lNOLMJ
+        Q2pZ0zQxeQqNApe4nSs7AE9OGd1U/DNXAAriEtmXRHstPodHLqSjSfO749KLZuQA
+        ruSMz3tf+FFJspyY7DSleIiiJvu5A5SnU4aaFcrqfhDKNAsFfziG6ze2aq0YHf38
+        1KxvKvtQP+qT+8pKMFPe7Wz4oFEcHBjxFLyJZ7DwRDkzdMvdAQLLL/kcP4fKxFPx
+        tNDfJX45CM91soY9N6zHYk3MZ8WXCdcGjP+/XFit3GGeJCV3qNjy1mTalPZbVUE1
+        uqNgqwG7IZaPup+3TEtIuGb3r0YNy4kWlJcaQ2bz5pPtDpbzcf9Fr+jxTod2LIky
+        X25qzKmAwus6aWheEyPQ5AHZVT5l2Sgdf/uBBJjh7yt/Y1OY/EtbS05fE6VVdiUq
+        oFq3DQ8L+MGyUTfQqIxpremwdq7pNp+XxdF8v1O6H5t0ByqcQt0UjsDWpv0T+k3S
+        XgEMQqbP81OTPCSwL2ePrbj92C97zkScyAyur1lrducU0UPGulQ9k51gIm/1nV4C
+        04NrhKIlCqNHqx3DY8oHk/rnFrV/Ulrxqq5Hc1FRZCEJIbyV4e+uQQggWSxuqVM=
+        =uorx
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA6EyPtWBEI+2AQ/+PCUJ7JMkGZ37gSURfBI/fM9Ow1oRp1MH8mHiflICRsio
-            RJhrcuThlqWHYYSFE1OlQhha8Uu+s6oaps153LKS7ZH1dzomqr5H8LfuKsaO6GDg
-            QyuiSGGAfudtyQ5ILN1CHjO8ifh/4469J7P/SyKkQ2AhZGQePbGkrR4kqGhj5axn
-            fY3Ar8HreWssm30k797x6zSs0z3BDS5vUd8JZjpt2E1nmbVTX5dLcDud06UwE3ae
-            B6lC+T/lxwp4LptskgsaBiikPTYspPAL8M1yG5XxKvvQlU8a9Lta7jOoXWnJ0kYE
-            mLoSRFBxsQsrpir4msR3oEXS7H30gkCT5j8bLdON+vbbK3d6nE5v3SXkOZhJKm8P
-            Zhk70lkj1HWe1uh5XRRAjn5YDelnipuml6dQMUJdxw8YrUmnVXjL+AGT0p0gcf3S
-            kMU6FZfELOmdR1zqCt1HicVQDmQJA2wct2+2hXRRQ91M/FAxCILOA/mqq6jZNrw1
-            uz1Sa43IlI5lz/ts9bIhR8rZj/Iuq18tRgmKdLhxtuJyZKcN1v1CDiIgNOvlc67x
-            ydVbVHygWVs95WZyya/PjF1+K5Tuq+VkfHMIJz3cW5xDy4PwYS8GsTqG6r8gEYbx
-            Qn2NC3h2gtrJ76/Qo8xs+8KCbQAUgST/uSJRK8peyhvqJXSrbhFBvq7ewvJbroHS
-            XAHl1yNdyWNwC9t2G9twEd9c2FjLuyXGhrincAcQ0gdH1jhKHY7/LoBiVIRMBJDe
-            kDD+RjcCB9jXRGln/l4teKs5TeCKzpaJiONEcecl2tSqjSaOzNE8rJh0kihH
-            =Edso
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAw5vwmoEJHQ1ARAApCd7a+rHgICU4yfYOorWORysVsifvZpAGVTJJGWfeRdR
+        CQiqubBzEMN2Y9q2WnjYqmk5j909VCxSXO8zWpFjJZwLtA9eaAMftja2/1pLtGQd
+        AUPUIuTWxKjrP/aoL8tC+I7W2TVsU6Q2GSYqm6OZ0WLDP5kR8YQRSOKzVSDsDkOt
+        jphtni6zQpE8XLlJRhyPiLX+96Y5geDYj8KD19DBl6vSMFudMhI2WK5imak5PERk
+        y07w3lJ0/FXGLAdR/I2l8aaynkQ53Ft4IEXNoDtf89nO/8L13AImOZtpoIv1nfVr
+        QMS1jKys9bfo5lIcJ9bIJQ7hMQwV8AZQziBDDZQjDclZxcxC353zx8sjWjUWzUeY
+        229b0bn6yutQ6hu9eIU0gxepyvNz9lAN6EHKb2cgp/UJb4IXnn3/ktmPq/wOlVIz
+        5xOH0ue/BaIWmp1xjC3oKLbJeTw8zvRyzk8jGFDhmhDRUwMoLiPvR9XkQ7cpGGYy
+        wkb/URVBXLGT2u7wWVPZL0zUJ7zO1wCZ27lBwLgSAvVNSE87Ldsj3roxtr9nOQif
+        /qmCxHkDbhfhWMFl3PbCYY3hkS/ANQPhGyiBaU26x8o/0Vgajq43OLU0KO1+Wxbr
+        xvfKVN4m58iPHsMXbgvyEipFu+eoiNvEA68+pCRXrS0om2oE913XNEalVJ6F5f/S
+        XgGxibFQj6MyvJChwsuFx9YmdH8/nnb0eb9hmZuXctFNZCdlVrv3fhEwBoA6FnrA
+        RoCdOB5Djl0jHSk66Jto1uwfDYdcPZR+1tgRT9xVeK4PtM+c0Q1Y8dv3wjAnqr8=
+        =lzNQ
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAz5uSgHG2iMJARAAzGzj3TJVDsnArDe7GziE2avL5WHkHFUJNoQcEBqNhfTU
-            PNu8RKSpKelWeOFEFzgr3Q1imapoR1+UXzTC1dP0QL+6sEWiqImxrbHygpm9tPSp
-            HvLMIvAvS0zPjX9q7HFgsw2fm489To0tuEK0oTFcayatAAijpWBl63KyslFbk5f+
-            tHSnaYTeRZq9QkRZlNGI3uJgMXyrHnmoyUUIb5wdKKQ2tpt1nR5okh307kU6fwqb
-            vT5ylRSTEZ0eWDyQbb0hThJkQS2j8QnsBN/xabDN8QGTFORrPDDobW3iro22SKJv
-            iVyh1yAm7QiA9yTdqcB8J1QuYvnP4RzSoCSNCAK0gZ+DklPUGC9DIEK4VTdmUaWs
-            cJM/dZw861D8Jnavf2RToEa4binehYHvi/+TNv7vBE+2xe9cp2Y3UZq891gHKbmr
-            OdlaIUv5yvU6dJfV/aib33PoGxcim1jGmRnDDu+aYv215WqoUxfNniib/HcNFb9M
-            JT70R4Ixo6Hnp9DyvSh+wGKPGg2WRuwrspbAjFucwMdBuY4a3XoBE4QE8QhFjLWc
-            2JTegdfx4yKovY9raJ1U5LxYWkErpfdvPgYOpn2xIvhHBy9Y9F8RgnI5CIyQ2haO
-            KL82cNunEeljvluG+vH5bhbWNOjWKcRXfy474+KOBGSu8UJsZJr3s8n6RSAjmN7S
-            XAE8nvvN86y/RxvwxG0qUX3tEjVZwvipqrzxeAcY2lEX1zFpW8HyHzqWlnpN2LlG
-            pfqdqn6A6wocTpuaKhCWNc34Ws4uJ+XJd59nrNP6j/4Wl6SenxcJef7bgqru
-            =X/V9
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hF4DerEtaFuTeewSAQdAMGn63OSW8nVLoTMXbLnQdYJuP0cD0exmbpSakMw9PlAw
+        MTJF0o46wKf+3F84IOf35LwWwMuMGEyz3pvcRXVa1OfPAFk53PMo1P9TyWRoHrgW
+        0l4BNK3KuE4zB7YNpu8sYtJ4a94qKzTOgUTPdBNOQyZR60BOVyGFDRLo3hHk0opV
+        eP1e3BxevL3rj1b2WoCewT8lNO+y8+x8bu8JY0WMBVrwjSqYlWENbtuG4eFhNGrN
+        =3yKD
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAw5vwmoEJHQ1ARAApyVhDae44C6aOlE8j+oAmoPWBiTc0j6VGAwo7y6OzRVx
-            p6W/l/ALDRd2eVfttzTtS/J3EZ85gQEt1RTOVTR/vTTL1j+XzNF6adPuC2+uJBAb
-            FFhiReuD9YGyT7aW84qmfI797kKFfdkjIUiUr62iGr+kJ/urC9JK2mNSnhKJVTct
-            lP0HA0vrUlEHzU1LACUWw2FylyOpO+248Nxx+SXgP8ol3kQk0hAGtEq3+p7ViQdl
-            K9fYMM5bxlNGmMav6WVaR8ipyjf7Q6jrwOrtNymVlxKoWfzuQy8o0ACsn2PADeG9
-            QZsKAmbp33S1hVYdTeXajTlPwtHhNewkxIQdahP2Ni1netzV6I8kp3HHoGO1XN0i
-            TtHlqZnd9/aJb5Uvuqsz4Ei+nHL0WGS7UJYKphWfw58MaYGkJ9xwEZVxoEWY9+ZQ
-            prQrXbIwbt6XJnuDnlgO/XZQs76/h/SAK9JQoXV13mC00SwcNqB9iav7S9+d5U3H
-            QOerfUDzEOjE9AehSmeruaNIdqr/V54dY9eQFGQ5hrM30JTycWdhxl0TZkAYsT+d
-            qd79FKXceBSodL00kg4OUS1pGwI7w6pe7RsQZ0hl9O8X8JXsRebe8Ardyh5oGe+W
-            yiKKGj0xi63MdzVm8r6FH4HoWPnmfTq5gcI8urUB/157aU8jlJen3TM4i4bwydzS
-            XAEldvNa4/1McnNpPAWGDNPGObSg71kAIR/opGGkS8atywKgkNSCUJ6wAJhyksqd
-            FVdrCl5Mt3GSgk5uVWeYfDuuIxM/aZ8WMjxjtxQMyOnkXQYmQD+D6dgkqiTb
-            =q5Tx
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAxjNhCKPP69fARAAhwsKIIhLW9DXZlOfg7a+6crdjzTv3EH+8dCcSk5JiRGG
+        QnFQX+14DCLTX9kmEilDXWwawKbIdabqkF/+LbGyRjd7IrcNe5a+ggzkry9cDPb0
+        VKts7T3Ti3BFcgNis8ku/W9l17Fm4ngdHA1F47ttByjDcfuAZURtnf1Ta2Lx8XwV
+        w3Cc09xtsKo98Bfrhel4iI0WZjj9+U3pHE4WeKm7bieLEpwtoxfdmPkGLGaGP8I4
+        4lIKJG78DTbrbsEP8FpWTTy6gp9N3Q7ZAjpZnuolZp7uZp1I4t+Z2SuHPrsLNwS+
+        fxjOJnigl8hwPHGm030xq2/tcsxyfNGD13Z8ZG85KBa4+ziN900WZe6AELtMFCsY
+        HTCEe6b1oe+rBIWsxNNswkakb0w12hZlkZP59/4iahHYaTIPKfmkZTtNKFxeGW8U
+        3/81nLtEUVn9EOjIL5uHO1zSeAxBBDZb5P6aajdVpKMa4HFFk18nbE8UnPYOoAHm
+        IJ+xwBs3FBN6nEfjMoq0P6RaszocK4lcTJ9a/8WqWHouG5s2Zvz3sgxBcWd0VQSJ
+        Eu2HUVPYn/R+87X5ExZ7n4Pv8z4obz+c9oPtjsJJd2sy8laKK1u1gEF94SLovNcJ
+        Xe/CaW0lpbJtglF4DwqI02WyjUJ4w1p7fgnVO1gzLRPRIbQc4Q/LtEv/rxMRUsbS
+        XgH6WzB8yoRztIy+0ZFPlcyvGwU+ZniK18rGPnj9FBMC5IWG/zn7Hqro1K0wxMB2
+        HPwiJkwy+ckIgskVYOdT6b3K9qDSZ6sXe4gMmTNLu95enc4HcaINHt4pUvePX54=
+        =n02T
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA4HMJd/cQYrVAQ/8Dc0JtpbZLDLway7kk2YWhLvjTmBRzIZCAaa9WSEuDVWg
-            u1koIDIaeAi1Y7xNUbDeEACMo1gT23mRG7Dy6QSqi+6DUY4f4v7/UCwqyJdwAb0V
-            ig6ENedYzYoCKZ3t/kqeeZmKnQehj2hzmIci1avzQjUmsI+u1YGJOZGDCPK9W1CA
-            nkZ69BlsI7ZWwkaO7J9KKd8wLp1/XVcSnRjYxvowOHmUyDd1Mlm/I+umcqWZU9De
-            hXc9/4cPkUk+h5c4M9XeFFqxorOozMK0dyEBjFw7Dd7BMyPfyh5OnxPazp/aqgz3
-            T6SxedaTv0kH8U8dNkPkGc5NYv+D8gfZb7kLdzDglGvcHwL3HTwq7JUCFVvzCD9y
-            PN5XvFYIzwd1cxAbozhzX54almMFgvd8d1v+03ioEjxOJbAqMXRTgd8C5xUbFvH8
-            SJ8v4YsN5XksT6AME3MyZAZgWgbDqdQDAtUvP2cWlBFFJz4+43+71sec4AK9bqph
-            mG/aTXDHAQ+JjLUGH+hul87F+mIa5WspbSYJ0hky1Sz7JBr1153X1xutFMiIqafL
-            GwfUzkDqIY2AKZPocqyRthLUkSaf2axLdWMi3VfErzD8fu9XhpM7xY/sI1S7sCBs
-            HGfjBTF2zTvyNo4cS5SPW1QXGrGoAy6cpxJDkuOQMq/YvW2kIeO4Wv+as3TUtLzS
-            XAFxzoYXYbes+SGlxaRYY62CONNdFpvF66q8IgDN1/QNC0j8g0gE0bNc14KOamxr
-            Qg43kRmxOVlB+zbpY5lYI4YL7XbFusFGM9dKJVg9g390nRgDnD4yBZXfqkq/
-            =rthq
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA1Hthzn+T1OoARAAvH00112Z82i6jX1U2jeHDSBkyNT8L2tgCO3pwKpbvP/i
+        qiq1FWod53sA4l9OlrrshJttmBLjra53fOjhEo/qITb/YQ0gB4/EOHgc/AVkF4Cz
+        kj0bvUaCwR9vhqla7exG+O10i+OpWXPIeGT0BZUo37XUZ/wPFztR4/GP5qhiC6ZF
+        q7aZVwCaMKE9YQiAJHGqKPUmsAaEbxQIzZKEkyn9/GMy1YAgMtmfVoZgp8FmiG0k
+        L6OwMv9BU7gS/4DY82KuF/rtJMGjjio8tLa9Bu/VsHhdREvvXDBjyl78g4wtTUSc
+        S2JRIdM061scpIoy8sn1VFVbaMP0zgrsU7JvBO9/hLmS6M4Dp5a43OP+hNdWg3X2
+        VxtzhGKLlOn6ycO96lMZflz0YA07SM3pw/EFhWszv/GTQCciGUojv1Gi2u94OQQl
+        YwbePXWF10IUWK4KqMBHUd6H/oyk4wahS3FDBlB5xdUiO61fH1o72ejQvy/d03mB
+        e4X3ThvpSg6lWJdXvRi3t4Nnk1deGU6NM1CRvZGsASkLulhsVYDsH3vW4NAatUyk
+        6g3I5HzJilgLj0CLEyO9dA8m/15Uq8jC2WmBMxqp667QFUuPkKnm1ZUl/vX7Vra+
+        yazYNtesU1eAP42IMA78irER+kOpi6AbQL7L8SXTcm+rQvhccNZz2/SO5eDDrHzS
+        XgErn65EfHWhgyLmkUPt6JPiGSoRgsEyEDn2EF3sxJVkCuwp4eVenSrzhtKTR5To
+        TIY/KGISC2AXccYlDMOicVE8j2K8NrvM6k/lNYhkaiUfhxqiOrFLK8Ku8YU9oPQ=
+        =JgVW
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxjNhCKPP69fAQ/5AXvpR4o2fsfev/U/qdJ5Zz8jKwGpZ+xAhEEL8E64+f/P
-            Y542Oqig04emeGgvZat+jnc3ihKa+Z6k1ysSd4cod/yDUAy4NVtYzTsTziDekmaF
-            A1nEkbZoBrwXHQVGnO0PtFttqa0JEr5LcFlYgF8NIQRTQSQQgKp8p3llUFZYx+Pb
-            vuhOtWbZMFtl+yq0p03nDP3mrj32nPyyLIngvj82jMRQmw0em+Zw1JAwIIg3svWq
-            bp6F9a++PP2Pboc/piEGT3BIq/41gjKoIwz9m+p0NoSIcDRgmIIxflS9vzG/APC9
-            E4lVM/U/px0OmLcrmlBTjQ7HwHhVEVEYjZiByeHCm5UjSYWF6yHcmyLp9etD3GsR
-            pPwFsmc2PWFiEWrM0aV+3EPGkSV1Kwkvd7v34sRqAsGkb8HO5KxtfIQMccMqwMRG
-            kwBUgLcVuft9H6k2N+MHY6yidr4LLopGfd2FZ8BkQGNy9kIVNdZw9v+6R5HkVpoD
-            cY0NpzwvX21M9CPuMoXzjwXLnoKHHt9sWoxL7L0XIjyTkvKmETFqvKIY7cPFU837
-            4uxnsPhVESL3UfXrIk3maCgIZfFFL60eglVHdSLUy9XvAIXkLrLzqZLTW0LVYsuY
-            ZAlqUkkqZ4jjrF9OlmHsjgn5znOiMlW35bcKppC+MonrNXCJHjCdGmpj1v0cc4nS
-            XAE0EBSF6XDG2rxXETyWzKJurkfveD1njjcRwYeBiBRZEXKKqWuICLIgR5h/WBQI
-            KPv2k2RhxjH6Zk6FWgc6EWhIWUM/6+zN24m5VnAgMg+DRp8d1mO6t4ZaS+WU
-            =p4B8
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA46L6MuPqfJqARAAuPJGCikiP9NTaQJ60FgpC1MHVwBet0RdK86Q3TLHtrfN
+        ib6ZDZCczv1L/nijEA9sznTHuATnUtd75TrHH1DCKVzFs9fqZx6y7hvnfeJZz85M
+        iIVybAJwk2Q8xoEf+6IVzFVXwic1RnPCNN1ZYsrfFIWpyRIj6VgP3D9lX10Np/y1
+        x4QyxO7+gDG/vcNRkFXgnG+i4bekQwC/4vJ9jX3XEpXbTTPBqhW2OnMPX/T/mMmo
+        ll9NdBq+dw8OZ9zRCOtht5/HOI0uyP2pa/ooX/nfYiGZHzkIfENl1GID3LD3wHGl
+        qic1aSx0YkW19fZMQ9cTkoHXzrQDyv3QaSPFljgP3ibSh64k1Tp/lcc5Gn13qIMq
+        ORh2AeLlBwVSzlvr9FjulLzOJhoo04ZxHbi3OG6Exq9AOk61zGHe6xSa6sA0FoAS
+        SXAouLls4lqrF1RJhUMOJbX6Iwr+52z3JYgUmYqW1FP2iNnwU8Kfs/lW/3zn7IIH
+        oYimV6F7+5pqW85r7XMukEZB3LSFVviH7l/4pcxXbGCnfStACENngmd0Rkim6Bog
+        JYEF17naHgnXHJYsZkVGSnlxDfmaJYjK2YKQA1sFtQw0YenUDaewyPDeoCjAsf+O
+        QwzfLwJhPCZKRvsCAaP6Xj3DaisofI9fJWGKf8GwfbSFkISBY/RYLh4nTTauwlfS
+        XgFNQ+YXPmD5bCIO7KD9W+6MOVgyAu8Hyr7eMabydbzkMQ+OfeZCOQ535r6/lpzN
+        3s/9QYu0lYN104ZbZTfu9ZrLnp9ULxw75H019o40YyXE5rx1Qhf9K/Ml1LZgdZg=
+        =Y9gd
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:22:02Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA1Hthzn+T1OoAQ//Z0+gyWwynvznK8WbrU9aP583JpI53BilDDl+dJ34P28f
-            Kd2wr/l/Aw6QZ43kp0JGA3ZMB9SbWKy56L6MXPcDXHM42ojRCN1Z3am6NZEx4M+K
-            cstyV9qHZp/bUQjlUna3eZBlehHgRM0tRCKn/83Gi08nNK15wRlfZR5tg0aNbdXT
-            4ymxyUfA3+n8k4K/rZlBxJ59UESUcuUJCb/oPiUCrS7lXJwA8f85F5/M9t7D1xwO
-            2AfkoYl5b2NU48JrICY7SQp+xYg0jwEB2nAC/Gpmk9FGxCMIeFIT4MfpGmMah0t6
-            +2qDWQFQ86TEoAHVTqcW77Qmw7WLjNm8oLh0FWYb8VxaRo2B2jnbTtC0cosLWyl2
-            TrOwSYfzOOclQQchbmoK1JQb5+dUV+qUN4BO4MuI0mSXk85QFys3CY9a9X2pRXSh
-            SW7uMCj3SQ784uoYDBNprIYv4qsfzTEgCxrG9Ev/h35JyuNUr/oKGVsVfsLETJC/
-            Leepo2FjQIzr9qe52AVcUe9JH++jrPOgUM6JQEHHz+jp+N9arsuTGakxu/5saNjT
-            +E7WtWdBM5mtr82DDoTKsKLEUJKsMKFpQovFjvz5tgCAsoMhFP5oem2gbfOVi2+A
-            uQjQH+xJow4OMjb58Qx7fILcky6XYDTNWn9hlf2zrXmtEnhkSwf6U/Gyo71qCtDS
-            XAHIEr8bpFS9ndb1tchTO8mcDANnKLWttuqs/UdN/W0nl895hIP7C6esi7vLF1gM
-            OfYLVy+X8FyS5hpjd9rcEd5jj7XBMJ4kHaW7QLMGWHYS2zLjGOhYHS4rt7nk
-            =hag6
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAAi01+TuUHgBT2UH75pacaptBmEYedNUkzqhUn98AA1yr5
-            PtYV1NGNP/rq7LDXP367yXhCslrwr+1BO7qnfAsEsEFr6InAyhOyZmAs18u5ilwc
-            RxW5EXrANm8SQLODBPH3/gxltpW7vzfayxdTOTNyCUH0x22eKfYknawOfpaMevAm
-            95nhILE05Unqd4FSoQId+Zw6djuMdSdQ6iAANKmvRpgs1Y8RNb9P/JG1TmbVvqQm
-            dbx5hfoLuNnLR4q0r64tGej0iVeBljSjUDrxusjMkhwgiinFTTz8oNoLoOuPjPMm
-            MymkjV1m6HzdwB9JMU7kMcHDEsqhXiKcxZ5mPDQJIXSG7TTuIZndRsln2ske9ibm
-            uZusIC7y1868R409UWhjGXjxsoFzqOKpOCo8tFoZSdE250E6o7U8PKOgSUxRAQlb
-            va7LUhP10ODZof5jM9xUDorrcamT1kbnmz4SlYDIOSliR0ofsmX0ObyxZmL3CZhN
-            /iC5BVv9D14U7iU0PsKZl0XUOP+urJwSZSCid0zq8rjUXdqy0YH81eBG9Y360ZHB
-            AlfhfeaYindnJYkPpZe1XWyI0yaKOjrKgdz8/vuDTZWyNseKAcofA7cgjUHtIUvu
-            uMPhFk+RHd0xZnk3yrlTnEOht8MiAZxVFPk3NK/P7W3D3r0li5D5f7+2ph8RsI/S
-            XAFXDSRXTIDsHCWPjvTAftTKbS8dq4A28yFHJg8+Ber+RxBbOWH7NpBIgmO2SNAJ
-            9CkU9neCROJuNBY9h0Xl4Yp7g6XNOeFeWdgxqJgZWhoKYSR0W8ILzQD45PXj
-            =ALYc
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/+L9uVnDe2jK1unhCFjKv0YhHobPNSQAhXaYoIiw2qTJ/q
-            ntduHgPFvLjQdeGT6EsfS+vxGcsLtS2FlG8woiLzX0iyc9sB0AmcwwKdG2FwyemY
-            +ZPE8BfjVKrGq0oiYASIceYxTfdp1kNX2aTIpuBzm36ccHQb/RSzUhEeZjyN4xtO
-            c6j8HJ6TANoh4eBG+X4LDVGFQPMToozqw/2hX5HPn+EDqP6Egprf/6hAetX4VcCk
-            csbP2AB2wl75U8Q8xSmlNUj/CTz4wpOpNj5tjsADP/ZlkH6EUcGIPk3+BC6ovy54
-            zoydEnTi6uy+gMAZDLP2bRdSgjW887TIh3qPsZiyG0SEygC3B+Fb1EY/NIL7Yh5R
-            mJDdMbrAb9rBSXYS1ptLvq2QSjbyIpVK2n+PLtycySsaktsAEopotlwxlbf/QSBv
-            FCRgws0djwZ4+qtXJ/D1pMNSHD4sdRxGANPdqNJem7S4fHmegtlVWNphDP8V2bUa
-            krGYBc0pn/cTusEJgkccp898ghJQ7bjKxD41qtIkfceB8FnaKgdxBrNfIrucaMjb
-            xv0NLk5NLTCbv/ES5R6Pb4MDKEBpInUp6gygcbaDybyn5lu/jT+6pYFp8Sq0F81B
-            +Vk7+iz9MsV8Yz9dHJnqIiypZREF1KRPWpenNAK9XGdy5SxezfBS7Zz1VShYgoPS
-            XAGKmeK4A1VarYym4wSb/AXhT6HXLBM6VWB6OFvz3sXR02sAUI7GXuZOjY2raezt
-            Usn+dhqFnRUHgUqgtLYGXlgyXiSjUTGQnh4c18n/mkbApUKcTdX2VigoivLo
-            =Xjqf
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAEZMgepQuERqKK4S8uiXmIYIRdeN5swy6S4hmzdL3yj8w
-            E45ScSNMVsvKD3pQq8EqxTFPb5pQ+2LfpP8gbbhYoDomGDm4tcbr8pyH3AXXoFwl
-            0lwBFFDJa1GSmHSgnJqrIaqmOZJgBE5t3IEIiDQksVjV7KTwPMwoU+wx42AAU/dS
-            hjxQwPAfpwO9mH6FN4JC8OTVSU1VfWLCO4e8HroG44c2gOxFfnflaMjaXuIsDA==
-            =kkiD
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-05-26T01:20:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ//Z5yRTQUt73bYUIrnaBPwQCLB4lmlutSICdQvdlQFcqDZ
-            Tw0kBNBS+4dEhxlYuEmCJgM6H+2KEH+6/M5IdFErlTz8Ly0R73adlSMu0R+os/6i
-            clLQQAwWIyFVuRaaNxSDdJ06sl4+hZyGZlbpo9kYBjslTUpJC4urvc+6xlRnlIuf
-            gae9+Zmh1K9+BpUH5svExyTERwWQI1HzvcqSc+tsEYugNvJitBHTyfpFN8xjtbns
-            h1aDXgKo4riFHzlZHftWfaLdot8++0jgluc7fCNXfnNVYf+nREIP49A/bkDFH4Re
-            Lwhq1iQte48KE0JKiaXDsAwLSanNYOfEZo5LSAFYAaEGJ6gUwnyoRgH+2T9FiWoJ
-            Z3myWbrm0SUr8Za2k1AA1FGz8tmGppxGZp3llyqaY/hbP84myfnfpvis6IUAzyfl
-            xMZOGs0Q3VlOJRAYXOWS64oM6cvCg9rJiOsPMr75P+9nWhz+Ur/X8hPTPr4ku/D1
-            ewUhDd406/a7aAGe7m6RyRnVCK2mybuKKYt3BGu0usYvKcPIMUYq+g2zqt6/fQ5r
-            gS2c+uuvMqM6o9dxkRxZWt99o8E29cGH51yl9IdrXsr7F/EyymjBENQxbDApp9mG
-            DHokBg9QdRvwRyyC2YBttgob8QrkZTI4xE7oRFaq9wuZqhjv6VGZXO0jauIRYV7S
-            XAFidvRJ2EMZlPeVpDkosbXLsux2q4v0ECXy1ciRRYJn50vLN8Fqk2fKg4aKkqeV
-            riCQgu8aliCMtTRTa+/NQoTpXbqD9XaPz8hf9betygs+6y3zVyBn7k7WQqmj
-            =yfan
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+        hF4DQrf1tCqiJxoSAQdACJe1cOwJNh+yCqthzmRCGIO0eKIAdYjrJHDxsuhVB1ow
+        5wFPVzDJ1ERhKaur4wEPRwIe1FLznKHF4bR7F6+yIqgWiUhtMpGsrrezq0vS48C8
+        0l4BwPMgJVgLgfGRH8hZUcM3MYpSQcVKay13eOeTD8kH2rHOY5bq+79l69Z25qXf
+        46O7DP5sQ51DLGu6t6UBiifyFWZD+WEbkoa5knvyzziYBoQM5hEeUWj9KSHKBaBD
+        =zi1G
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.11.0

config/hosts/public-web-static/spaceapid-config/ccchh-response.json

@@ -14,7 +14,6 @@
     },
     "contact": {
       "phone": "+49 40 23830150",
-      "irc": "ircs://irc.hackint.org:6697/#ccchh",
       "mastodon": "@ccchh@chaos.social",
       "email": "mail@hamburg.ccc.de",
       "ml": "talk@hamburg.ccc.de",

config/hosts/public-web-static/virtualHosts/c3cat.de.nix

@@ -1,10 +1,19 @@
 { pkgs, ... }:
 
-{
+let
+  domain = "c3cat.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "c3cat-website-deploy";
+in {
+  security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
+
   services.nginx.virtualHosts = {
-    "acme-c3cat.de" = {
+    "acme-${domain}" = {
       enableACME = true;
-      serverName = "c3cat.de";
+      serverName = "${domain}";
+      serverAliases = [
+        "www.${domain}"
+      ];
 
       listen = [
         {
@@ -14,9 +23,9 @@
       ];
     };
 
-    "c3cat.de" = {
+    "www.${domain}" = {
       forceSSL = true;
-      useACMEHost = "c3cat.de";
+      useACMEHost = "${domain}";
 
       listen = [
         {
@@ -28,7 +37,42 @@
       ];
 
       locations."/" = {
-        return = "302 https://wiki.hamburg.ccc.de/club:c3cat:start";
+        return = "302 https://c3cat.de$request_uri";
+      };
+
+      locations."/manuals/eh22-rgb-ears" = {
+        return = "307 https://www.c3cat.de/rgb-ears.html";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      locations."/manuals/eh22-rgb-ears" = {
+        return = "307 https://c3cat.de/rgb-ears.html";
       };
 
       extraConfig = ''
@@ -43,4 +87,17 @@
       '';
     };
   };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  users.users."${deployUser}" = {
+    isNormalUser = true;
+    group = "${deployUser}";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcZJzQO4RYinJm6YDUgCELe8OJA/DYOss+8xp7TtxM0 deploy key for c3cat.de"
+    ];
+  };
+  users.groups."${deployUser}" = { };
 }

config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix

@@ -0,0 +1,118 @@
+{ ... }:
+
+let
+  domain = "cpu.ccc.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "cpuccc-website-deploy";
+in
+{
+  security.acme.certs."cpu.ccc.de".extraDomainNames = [
+    "lokal.ccc.de"
+    "local.ccc.de"
+  ];
+
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    # https://git.hamburg.ccc.de/CCCHH/cpu.ccc.de/src/branch/main/nginx.conf
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      extraConfig = ''
+        index index.html;
+        default_type text/plain;
+
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
+        port_in_redirect off;
+      '';
+
+      locations."/" = {
+        tryFiles = "$uri $uri/ =404";
+
+        extraConfig = ''
+          location /feed/ {
+            default_type application/rss+xml;
+            types {
+              text/xml application/rss+xml;
+            }
+          }
+
+          location /rss {
+            default_type application/rss+xml;
+          }
+        '';
+      };
+    };
+
+    "lokal.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "cpu.ccc.de";
+      serverAliases = [
+        "local.ccc.de"
+      ];
+
+      listen = [{
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }];
+
+      locations."/".return = "302 https://cpu.ccc.de";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  users.users."${deployUser}" = {
+    isNormalUser = true;
+    group = "${deployUser}";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnO7g/7mVVKnvkszto8m3nPljO/6qQc/34aEbrhKOvn deploy key for cpu.ccc.de"
+    ];
+  };
+  users.groups."${deployUser}" = { };
+}

config/hosts/public-web-static/virtualHosts/cryptoparty-hamburg.de.nix

@@ -0,0 +1,97 @@
+{ ... }:
+
+let
+  domain = "cryptoparty-hamburg.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "cryptoparty-website-deploy";
+in
+{
+  security.acme.certs."${domain}".extraDomainNames = [
+    "cryptoparty.hamburg.ccc.de"
+  ];
+
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "cryptoparty.hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      locations."/".return = "302 https://${domain}$request_uri";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
+        error_page 404 /404.html;
+
+        port_in_redirect off;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  users.users."${deployUser}" = {
+    isNormalUser = true;
+    group = "${deployUser}";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz+Lxi9scblM/SKJq4nl64UwvVn8SuF2xmzOuyQrzR+ deploy key for cryptoparty-hamburg.de"
+    ];
+  };
+  users.groups."${deployUser}" = { };
+}

config/hosts/public-web-static/virtualHosts/default.nix

@@ -4,15 +4,22 @@
   imports = [
     ./branding-resources.hamburg.ccc.de.nix
     ./c3cat.de.nix
+    ./cpu.ccc.de.nix
+    ./cryptoparty-hamburg.de.nix
+    ./element-admin.hamburg.ccc.de.nix
     ./element.hamburg.ccc.de.nix
     ./hacker.tours.nix
     ./hackertours.hamburg.ccc.de.nix
     ./hamburg.ccc.de.nix
     ./spaceapi.hamburg.ccc.de.nix
+    ./staging.c3cat.de.nix
+    ./staging.cryptoparty-hamburg.de.nix
     ./staging.hacker.tours.nix
     ./staging.hackertours.hamburg.ccc.de.nix
     ./staging.hamburg.ccc.de.nix
     ./www.hamburg.ccc.de.nix
+    ./diday.org.nix
+    ./staging.diday.org.nix
     ./historic-easterhegg
   ];
 }

config/hosts/public-web-static/virtualHosts/diday.org.nix

@@ -0,0 +1,151 @@
+{ ... }:
+
+let
+  domain = "diday.org";
+  dataDir = "/var/www/${domain}";
+  deployUser = "diday-website-deploy";
+in
+{
+  security.acme.certs."${domain}".extraDomainNames = [
+    "did.hamburg.ccc.de"
+  ];
+
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "did.hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      basicAuth = {
+        "preview" = "liebe";
+      };
+
+      extraConfig = ''
+        return 301 https://diday.org;
+      '';
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      basicAuth = {
+        "preview" = "liebe";
+      };
+
+      root = "${dataDir}";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
+        error_page 404 /404.html;
+
+        port_in_redirect off;
+
+        index index.html;
+
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+        # return a redirect based on the map loaded from the webroot
+        if ($did_redirect_target ~ ^301:(.*)$) {
+          return 301 $1;
+        }
+        if ($did_redirect_target ~ ^302:(.*)$) {
+          return 302 $1;
+        }
+
+        # deny access to the redirects config file
+        location = /nginx-redirects.conf {
+          deny all;
+          return 404;
+        }
+
+        # dynamically redirect the user to the language they prefer
+        location = / {
+          set $lang "de";
+          if ($http_accept_language ~* "^en") {
+            set $lang "en";
+          }
+          return 302 /$lang/;
+        }
+
+        # configure decap-cms content-type and caching rules
+        location = /admin/cms.js {
+          expires -1;
+          add_header Cache-Control "no-store";
+        }
+        location = /admin/config.yml {
+          expires -1;
+          add_header Cache-Control "no-store";
+          types { }
+          default_type text/yaml;
+        }
+
+        # configure asset caching
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        # we are using the Astro Image Pipeline, therefore DecapCMS can't access image previews
+        location /admin/src/ {
+            log_not_found off;
+            return 404;
+        }
+
+        location / {
+          try_files $uri $uri/ =404;
+        }
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  users.users."${deployUser}" = {
+    isNormalUser = true;
+    group = "${deployUser}";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBitESG5AvHnHLPo+kdsV5l+wzSTqCltkk0IFAWGqBcl codeberg-actions-runner"
+    ];
+  };
+  users.groups."${deployUser}" = { };
+}

config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix

@@ -0,0 +1,115 @@
+{ config, pkgs, ... }:
+
+let
+  elementAdminVersion = "0.1.10";
+  elementAdmin = pkgs.stdenv.mkDerivation (finalAttrs: {
+    pname = "element-admin";
+    version = elementAdminVersion;
+
+    src = pkgs.fetchzip {
+      url = "https://github.com/element-hq/element-admin/archive/refs/tags/v${elementAdminVersion}.zip";
+      sha256 = "sha256-dh7tmzAaTfKB9FuOVhLHpOIsTZK1qMvNq16HeObHOqI=";
+    };
+
+    nativeBuildInputs = [
+      pkgs.nodejs
+      pkgs.pnpm.configHook
+    ];
+
+    pnpmDeps = pkgs.pnpm.fetchDeps {
+      inherit (finalAttrs) pname version src;
+      fetcherVersion = 2;
+      hash = "sha256-S/MdfUv6q+PaAKWYHxVY80BcpL81dOfpPVhNxEPQVE4=";
+    };
+
+    buildPhase = ''
+      pnpm build
+    '';
+
+    installPhase = ''
+      cp -a dist $out
+    '';
+  });
+in
+{
+  services.nginx = {
+    enable = true;
+
+    virtualHosts."acme-element-admin.hamburg.ccc.de" = {
+      enableACME = true;
+      serverName = "element-admin.hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    virtualHosts."element-admin.hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "element-admin.hamburg.ccc.de";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = elementAdmin;
+
+      locations."/assets" = {
+        extraConfig = ''
+          expires 1y;
+          add_header Cache-Control "public, max-age=31536000, immutable";
+          # Security headers.
+          add_header X-Frame-Options "DENY" always;
+          add_header X-XSS-Protection "1; mode=block" always;
+          add_header X-Content-Type-Options "nosniff" always;
+          add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; connect-src *; object-src 'none'; media-src 'self'; child-src 'none'; worker-src 'self'; manifest-src 'self';" always;
+          add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" always;
+        '';
+      };
+
+      locations."/" = {
+        index = "/index.html";
+        tryFiles = "$uri $uri/ /";
+        extraConfig = ''
+          # Security headers.
+          add_header X-Frame-Options "DENY" always;
+          add_header X-XSS-Protection "1; mode=block" always;
+          add_header X-Content-Type-Options "nosniff" always;
+          add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; connect-src *; object-src 'none'; media-src 'self'; child-src 'none'; worker-src 'self'; manifest-src 'self';" always;
+          add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" always;
+        '';
+      };
+
+      extraConfig = ''
+        # Security headers.
+        add_header X-Frame-Options "DENY" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; connect-src *; object-src 'none'; media-src 'self'; child-src 'none'; worker-src 'self'; manifest-src 'self';" always;
+        add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" always;
+
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
+}

config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 
 let
-  elementWebVersion = "1.11.84";
+  elementWebVersion = "1.12.0";
   element-web = pkgs.fetchzip {
-    url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-z2qaKKyUq2S/r3xUUU3ym0FgFbiQr6bcltuKvUMPbH4=";
+    url = "https://github.com/element-hq/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
+    sha256 = "sha256-2kXQFUhLYyEKuXYw+n94JGlTN2VJHRpjmu78u8gdaro=";
   };
   elementSecurityHeaders = ''
     # Configuration best practices

config/hosts/public-web-static/virtualHosts/hacker.tours.nix

@@ -4,7 +4,8 @@ let
   domain = "hacker.tours";
   dataDir = "/var/www/${domain}";
   deployUser = "hackertours-website-deploy";
-in {
+in
+{
   services.nginx.virtualHosts = {
     "acme-${domain}" = {
       enableACME = true;
@@ -21,6 +22,10 @@ in {
     "${domain}" = {
       forceSSL = true;
       useACMEHost = "${domain}";
+      
+      locations."/shop" = {
+        return = "302 https://tickets.hamburg.ccc.de";
+      };
 
       listen = [
         {

config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix

@@ -4,7 +4,8 @@ let
   domain = "hackertours.hamburg.ccc.de";
   dataDir = "/var/www/${domain}";
   deployUser = "ht-ccchh-website-deploy";
-in {
+in
+{
   services.nginx.virtualHosts = {
     "acme-${domain}" = {
       enableACME = true;
@@ -31,6 +32,14 @@ in {
         }
       ];
 
+      locations."/de/posts/faq" = {
+        return = "302 /de/faq/";
+      };
+
+      locations."/en/posts/faq" = {
+        return = "302 /en/faq/";
+      };
+
       root = "${dataDir}";
 
       extraConfig = ''

config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix

@@ -17,6 +17,7 @@
     "hamburg.ccc.de" = {
       forceSSL = true;
       useACMEHost = "hamburg.ccc.de";
+      default = true;
 
       listen = [
         {
@@ -83,6 +84,11 @@
         return = "302 https://$host/blog/index.xml";
       };
 
+      # Redirect /calendar to the Nextcloud calendar, as this location apparently gets used in several locations.
+      locations."/calendar" = {
+        return = "302 https://cloud.hamburg.ccc.de/apps/calendar/embed/QJAdExziSnNJEz5g";
+      };
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy

config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix

@@ -1,4 +1,4 @@
-{...}:
+{ ... }:
 
 {
   imports = [
@@ -9,4 +9,4 @@
     ./eh11.nix
     ./eh20.nix
   ];
-}
+}

config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix

@@ -6,7 +6,7 @@ let
     rev = "74977c56486cd060566bf06678a936e801952f9e";
     hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
   };
-in 
+in
 {
   security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
     "eh2003.hamburg.ccc.de"
@@ -48,7 +48,7 @@ in
       }];
 
       locations."/".return = "302 https://eh03.easterhegg.eu";
-      
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy

config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix

@@ -48,7 +48,7 @@ in
       }];
 
       locations."/".return = "302 https://eh05.easterhegg.eu";
-      
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
@@ -60,7 +60,7 @@ in
         real_ip_header proxy_protocol;
       '';
     };
-    
+
     "eh05.easterhegg.eu" = {
       forceSSL = true;
       useACMEHost = "eh05.easterhegg.eu";
@@ -71,7 +71,7 @@ in
         ssl = true;
         proxyProtocol = true;
       }];
-      
+
       locations."/" = {
         index = "index.shtml";
         root = eh05;
@@ -80,7 +80,7 @@ in
           default_type text/html;
           # Enable SSI
           ssi on;
-        ''; 
+        '';
       };
 
       extraConfig = ''

config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix

@@ -54,7 +54,7 @@ in
       }];
 
       locations."/".return = "302 https://eh07.easterhegg.eu";
-      
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
@@ -86,7 +86,7 @@ in
           default_type text/html;
           # Enable SSI
           ssi on;
-        ''; 
+        '';
       };
 
       extraConfig = ''

config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix

@@ -54,7 +54,7 @@ in
       }];
 
       locations."/".return = "302 https://eh09.easterhegg.eu";
-      
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
@@ -86,7 +86,7 @@ in
           default_type text/html;
           # Enable SSI
           ssi on;
-        ''; 
+        '';
       };
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and

config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix

@@ -54,7 +54,7 @@ in
       }];
 
       locations."/".return = "302 https://eh11.easterhegg.eu";
-      
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
@@ -86,7 +86,7 @@ in
           default_type text/html;
           # Enable SSI
           ssi on;
-        ''; 
+        '';
       };
 
       extraConfig = ''

config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix

@@ -0,0 +1,60 @@
+{ pkgs, ... }:
+
+let
+  domain = "staging.c3cat.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "c3cat-website-deploy";
+in {
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      # Disallow *, since this is staging and doesn't need to be in any search
+      # results.
+      locations."/robots.txt" = {
+        return = "200 \"User-agent: *\\nDisallow: *\\n\"";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  # c3cat deploy user already defined in c3cat.de.nix.
+}

config/hosts/public-web-static/virtualHosts/staging.cryptoparty-hamburg.de.nix

@@ -0,0 +1,94 @@
+{ ... }:
+
+let
+  domain = "staging.cryptoparty-hamburg.de";
+  dataDir = "/var/www/${domain}";
+  deployUser = "cryptoparty-website-deploy";
+in
+{
+  security.acme.certs."${domain}".extraDomainNames = [
+    "staging.cryptoparty.hamburg.ccc.de"
+  ];
+
+  services.nginx.virtualHosts = {
+    "acme-${domain}" = {
+      enableACME = true;
+      serverName = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 31820;
+        }
+      ];
+    };
+
+    "staging.cryptoparty.hamburg.ccc.de" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      locations."/".return = "302 https://${domain}$request_uri";
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+      '';
+    };
+
+    "${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      root = "${dataDir}";
+
+      # Disallow *, since this is staging and doesn't need to be in any search
+      # results.
+      locations."/robots.txt" = {
+        return = "200 \"User-agent: *\\nDisallow: *\\n\"";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
+        port_in_redirect off;
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  # Cryptoparty website deploy user already defined in cryptoparty-hamburg.de.nix.
+}

config/hosts/public-web-static/virtualHosts/staging.diday.org.nix

@@ -0,0 +1,81 @@
+{ config, ... }:
+
+let
+  domain = "staging.diday.org";
+  dataDir = "/var/www/${domain}";
+  deployUser = "diday-website-deploy";
+in
+{
+  security.acme.certs."${domain}" = {
+    domain = "staging.diday.org";
+    extraDomainNames = [ "*.staging.diday.org" ];
+    group = "nginx";
+    dnsResolver = "45.54.76.1:53";
+    dnsProvider = "desec";
+    environmentFile = config.sops.secrets."staging.diday.org/lego.env".path;
+  };
+
+  services.nginx.virtualHosts = {
+    "*.${domain}" = {
+      useACMEHost = "${domain}";
+      forceSSL = true;
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+
+      basicAuth = {
+        "preview" = "liebe";
+      };
+
+      extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+        port_in_redirect off;
+
+        error_page 404 /404.html;
+
+        location / {
+          if ($host ~* "^(pr\d+)\.staging\.diday\.org$") {
+            root /var/www/staging.diday.org/$1/;
+          }
+
+          index index.html;
+          try_files $uri $uri/ =404;
+
+          # deny access to the redirects config file
+          location = /nginx-redirects.conf {
+            deny all;
+            return 404;
+          }
+
+          # dynamically redirect the user to the language they prefer
+          location = / {
+            set $lang "de";
+            if ($http_accept_language ~* "^en") {
+              set $lang "en";
+            }
+            return 302 /$lang/;
+          }
+        }
+      '';
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
+  ];
+
+  sops.secrets."staging.diday.org/lego.env" = {};
+}

config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix

@@ -4,7 +4,8 @@ let
   domain = "staging.hacker.tours";
   dataDir = "/var/www/${domain}";
   deployUser = "hackertours-website-deploy";
-in {
+in
+{
   services.nginx.virtualHosts = {
     "acme-${domain}" = {
       enableACME = true;

config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix

@@ -4,7 +4,8 @@ let
   domain = "staging.hackertours.hamburg.ccc.de";
   dataDir = "/var/www/${domain}";
   deployUser = "ht-ccchh-website-deploy";
-in {
+in
+{
   services.nginx.virtualHosts = {
     "acme-${domain}" = {
       enableACME = true;

config/hosts/status/configuration.nix

@@ -1,10 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    hostName = "status";
-    domain = "z9.ccchh.net";
-  };
-
-  system.stateVersion = "24.05";
-}

config/hosts/status/default.nix

@@ -1,10 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./networking.nix
-    ./nginx.nix
-    ./uptime-kuma.nix
-  ];
-}

config/hosts/status/networking.nix

@@ -1,29 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "10.31.206.15";
-          prefixLength = 23;
-        }
-      ];
-      ipv6.addresses = [
-        {
-          address = "2a07:c480:0:1ce::f";
-          prefixLength = 64;
-        }
-      ];
-    };
-    defaultGateway = "10.31.206.1";
-    defaultGateway6 = "2a07:c480:0:1ce::1";
-    nameservers = [ "10.31.206.1" "2a07:c480:0:1ce::1" ];
-    search = [ "z9.ccchh.net" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:79:D3:E1";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/status/nginx.nix

@@ -1,149 +0,0 @@
-# Sources for this configuration:
-# - https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
-
-{ config, ... }:
-
-{
-  services.nginx = {
-    enable = true;
-
-    virtualHosts = {
-      "status.hamburg.ccc.de" = {
-        forceSSL = true;
-        enableACME = true;
-        serverName = "status.hamburg.ccc.de";
-
-        listen = [
-          {
-            addr = "[::]";
-            port = 80;
-          }
-          {
-            addr = "[::]";
-            port = 443;
-            ssl = true;
-          }
-        ];
-
-        locations."/" = {
-          proxyPass = "http://localhost:3001";
-          proxyWebsockets = true;
-        };
-      };
-      "status-proxyprotocol.hamburg.ccc.de" = {
-        forceSSL = true;
-        useACMEHost = "status.hamburg.ccc.de";
-        serverName = "status.hamburg.ccc.de";
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 8443;
-            ssl = true;
-            proxyProtocol = true;
-          }
-        ];
-
-        locations."/" = {
-          proxyPass = "http://localhost:3001";
-          proxyWebsockets = true;
-        };
-
-        extraConfig = ''
-          # Make use of the ngx_http_realip_module to set the $remote_addr and
-          # $remote_port to the client address and client port, when using proxy
-          # protocol.
-          # First set our proxy protocol proxy as trusted.
-          set_real_ip_from 10.31.206.11;
-          # Then tell the realip_module to get the addreses from the proxy protocol
-          # header.
-          real_ip_header proxy_protocol;
-        '';
-      };
-      "status.ccchh.net" = {
-        forceSSL = true;
-        useACMEHost = "status.hamburg.ccc.de";
-        serverName = "status.ccchh.net";
-
-        listen = [
-          {
-            addr = "[::]";
-            port = 80;
-          }
-          {
-            addr = "[::]";
-            port = 443;
-            ssl = true;
-          }
-        ];
-
-        globalRedirect = "status.hamburg.ccc.de";
-        redirectCode = 307;
-      };
-      "status-proxyprotocol.ccchh.net" = {
-        forceSSL = true;
-        useACMEHost = "status.hamburg.ccc.de";
-        serverName = "status.ccchh.net";
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 8443;
-            ssl = true;
-            proxyProtocol = true;
-          }
-        ];
-
-        globalRedirect = "status.hamburg.ccc.de";
-        redirectCode = 307;
-
-        extraConfig = ''
-          # Make use of the ngx_http_realip_module to set the $remote_addr and
-          # $remote_port to the client address and client port, when using proxy
-          # protocol.
-          # First set our proxy protocol proxy as trusted.
-          set_real_ip_from 10.31.206.11;
-          # Then tell the realip_module to get the addreses from the proxy protocol
-          # header.
-          real_ip_header proxy_protocol;
-        '';
-      };
-      "status.z9.ccchh.net" = {
-        forceSSL = true;
-        useACMEHost = "status.hamburg.ccc.de";
-        serverName = "status.z9.ccchh.net";
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 80;
-          }
-          {
-            addr = "[::]";
-            port = 80;
-          }
-          {
-            addr = "0.0.0.0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "[::]";
-            port = 443;
-            ssl = true;
-          }
-        ];
-
-        globalRedirect = "status.hamburg.ccc.de";
-        redirectCode = 307;
-      };
-    };
-  };
-
-  security.acme.certs."status.hamburg.ccc.de".extraDomainNames = [
-    "status.ccchh.net"
-    "status.z9.ccchh.net"
-  ];
-
-  networking.firewall.allowedTCPPorts = [ 80 443 8443 ];
-}

config/hosts/status/uptime-kuma.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  services.uptime-kuma = {
-    enable = true;
-  };
-}

config/hosts/woodpecker/secrets.yaml

@@ -1,234 +1,149 @@
 woodpecker_server_environment_file: ENC[AES256_GCM,data:68Wu0UOHBAGZHSJ0x4wbeDLm626jpumv9w6A65FNKsmzYp6P4/c4g1MF1agQd7l9nKMTRrgyJyfoEZYFQRX6lYSmcsQLfn++uh1JpFoClT5p/5hBkiDq4owUFU+NGUiyl6yjYlEiaxLwC4ZdyISHeEYpbrvGyIXLsFgdrQ0rVX3cCRwIMxFcyCG6d3MZVoqAw1A=,iv:y/+X02aRPBOoR57P9s7y/SijvXVLuiBBfFYqeJLvQEU=,tag:DNwK+M6s3moglkMkrWccyA==,type:str]
 woodpecker_agent_environment_file: ENC[AES256_GCM,data:rwp6TYYFJ/IZH+3pGhPxjdZMLoyPMr/W1RXm4IkUGn+SmIjHZcdFZ8nEhvOfnkfrXNPc2MR+X6NXUmVOcBjSCbcBjh9sC653UpKimt9I3/Ec,iv:X9JH7dmTayw8BaEsXYil3PrykCdd+/ANGHVfEyRvc7A=,tag:/ErkX1WnruanNgTTBUT6LA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1klxtcr23hers0lh4f5zdd53tyrtg0jud35rhydstyjq9fjymf9hsn2a8ch
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQlN5NmlaUjR5dGJ3Y3BP
-            bW4rWm1KaVFsbytwZDQ1QjV1d1VEOEZlSTJ3Cmgxc1BmMnBmWjRyNmNDWmpWcnJt
-            Q3lBZUFOY3FtREFUYmhJNCtKcTUxY0kKLS0tIHhKbVVBYjN4WHRzdERNbkRQeHlS
-            UExiNFNCdkQ4YTNMdEdoWTdxOFZOZVEKZZbNpbyH31z5tyXeINqoNyqy8zvS3mp0
-            YFq6P8kO8CaqUG7KH6yWV0Vq4DryQ9vMcQBnboZOfPf9pZUvhacE/Q==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-22T15:55:25Z"
-    mac: ENC[AES256_GCM,data:UmDbmxSRj8YfCkKEelQNMJ8mzbu5aQdB9yOr9JfUh5TB9r5Z5ttZ1wgJDJqHNtsII3JGXUvbgHbsmbPikkrj4Ege1rrgr4UttN1rtgeaAKlZIlqb9pOnV4//GJL8jbxCgFp2h2O80G05nAXG54DaY//4Y5hfTyPzgyDlGQ6jlhg=,iv:5e8lpFfGAJh8lTFcY4MlZG7PgnzM0UycsU0tB2KN+zQ=,tag:4xUEHg04wjDbhc9MOItzuQ==,type:str]
-    pgp:
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdUhjQUJIS2QvWk1Yc3pR
+        M1daYlRubnlsQk9tcytBNWdYMUU4bG1DVHhZCnVKK00ySDdBZFhzRXlaQ2xVaTBh
+        bVVVNzRraUpHSFFuRStzWFprUGRoMGcKLS0tIEVBUWh4STBIaGdTelFKcnB0TkNR
+        SEd1VTZQZWlkYXVKcVRPbVA1U3VWbFUKnuaPGc29kKE86nh+xEto0Jb6BQ0uH3pr
+        Q1QPgfiOCYGkuUewy3LlGnLTuMxHBBWAjg4zgaYPHU2F/HCS5DB5nw==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1klxtcr23hers0lh4f5zdd53tyrtg0jud35rhydstyjq9fjymf9hsn2a8ch
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdVJNK1ljNWwrTy9qc1p1
+        N1MweERxdkNXZVZITWRRdGFQRHRQeTNFTTI4CjFkSVJQMFBKY2tRWE1DeXdMOUZY
+        Qm5oYTU1azFzVEpYZUptcTVhRCsxL28KLS0tIEI0czljekgvQlc1SlVGSUpGb1N3
+        NytOaE5nQ3E4bFhCQ1ZDU3MyM3p5cmcK3LGva0vDjitqOBqBo6jHqRBaH8T8cOim
+        IF8ygc0i/dbaec59ZcCMhS0n8yv0lVHO2WiUwPaKTh5hkti9LhKlaA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-06-22T15:55:25Z"
+  mac: ENC[AES256_GCM,data:UmDbmxSRj8YfCkKEelQNMJ8mzbu5aQdB9yOr9JfUh5TB9r5Z5ttZ1wgJDJqHNtsII3JGXUvbgHbsmbPikkrj4Ege1rrgr4UttN1rtgeaAKlZIlqb9pOnV4//GJL8jbxCgFp2h2O80G05nAXG54DaY//4Y5hfTyPzgyDlGQ6jlhg=,iv:5e8lpFfGAJh8lTFcY4MlZG7PgnzM0UycsU0tB2KN+zQ=,tag:4xUEHg04wjDbhc9MOItzuQ==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxK/JaB2/SdtAQ//QR84p3zGjW2CtPcPxlmdYui5nx8FV3MHog4R24s4RKNK
-            y4n9993z8m3y2at4yIWDi4LBKrhm/6mSLBHfoxnuiptoaSXSWXfaXebXkYiinkyP
-            GMvwegN6KkRZh4stJMD7W0g7w/trkNEAvPDoInqCnvT4NomrKIV+ZrZuCBLd1tXn
-            JRd2tsH8yYzoZr/PJBBDTZtke/nbosb6drjgG6ow/eHyF++HxKNTWfjCiWn4AWSb
-            c/E1VWsigYdBs8XSTbBkfSLr/b5FcXYb8tyy4gpGe9zOrxc7cW5diK5+x4bM8FHz
-            85ShPA5S3PXXEnuifuk/ZK8+CEYWUS3MXUhuEFUo7F3Pt/Eb+5CtfTX6kvMe1xe9
-            iqFAsRce/qm9Evns4ygZ4+LoI2ro2HFwgQ2fu1gi7PyZsDyW5eRL5P+vfxPUOxYY
-            z9cXXo+U1NEzWMDEBWt4mgoW9URye6O3k+WLQmYbQIhDkftUYmvRrPYQvP282m4k
-            NMucRIRUMkx7rpRQQP8yU6AlgZ1LsOmruV4XJYVxsTpSZq7YgTQP4kd3wMgBhwOV
-            j3hGc9gI9Sq06SdyU0C8PuUHt+mZGkVnYIOTw6BXHgY1tK8X5XnWK4NJXL9bR0pY
-            kfzDWLjD0hiiM3QYqieTbnDUiVTDGyf7Cop+EifYvy7um+CPjlYLLkDkEsWcy/HU
-            aAEJAhDEzP5eiU1e01GSNbWL49ghD7DqZiYdo0F/BGMk6jQloM1HUDnkhgBhVSZo
-            TjNPV3UFBxeRnT5DvouD6uJ8SDs42ARdb4F80vJVHknt0yBvGWfCQsXqKwuRDd1j
-            zkj4zG7btJRv
-            =sgSP
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAz5uSgHG2iMJAQ/+NzRul1VZa2BLnjCsdUP7YErHvLsJqc/KwEFgGX8yN1Bg
+        VOHgm0MBYC14KtMu0Zb+Cm6ypqyaa4j+MXNVWLDTOLt1aLibashBmyPbwHNr0XwO
+        6tr9qYAPixaoWFeiCtATKLUzWzQ68eDv9JHNNQvKGNjet9E1yOIxWHj6RxyV/EeZ
+        50nf+7AO7cFkqRGFxrGKAYchzetajNPLtbS2htFCc3Vt9m38jusafvYdjeG+HQHe
+        6INzdNqvM7vhfWJlIiTPCXGKvx0NhLg6sVvcXpq5mKbMAhja80KyUdl772L8Kr6P
+        ZYvmj+Ey8+GM+opGGxcaSBmgw3ZLRIZ1tks3LlRf/UiAZD5MqJoRL1DEJMtHzYnp
+        IqxOEiuMLAL1/TxG4KhJfT5Gs9Kf3Cnr6djhhsYg3GYXSQdhiyaBDaLpu68nEIRN
+        JSdA/7pCjxhvlgFl9XvPaMzQD5GZNlVapJPn1c9Ambi9cs4kB8nds+Xx4KgIN3li
+        85flJnEtQWRI2DL8qJgoYJ1cXevkPVzKLFnQEHfLuozIzfPl1Wq1Sb3EQk9YZer9
+        yfVHRngBBhmfNMtFy9gq8FLod0Odas3KQDAa7ndPMMx6oL5DoNeI3DpuYW4eQIZK
+        EbT5iHLMrTXHb2XKTHfXdjl6ttED+12GAby69jdGXjt6UVAM6b0UorWfSLLoqabS
+        XgG1w128eegSl4tqdYO/KDL30c9J1K8LqaJmg+9eFAi9Da/zmPAck+DlS7XUkeiX
+        OqZiOXLul0N2Qe/tWkpJD8F3HV+K6Xt0MSx8VsmeliicG4Rpme1Xysau+7kht3U=
+        =KUjN
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA6EyPtWBEI+2AQ//V6IIW3Hr3xuQWOWitDGn1bo+x95jePPpXNayKGJuaSMf
-            00gaOyMpqP5hRd3lEQRyqHgPtmszlGrxq2y77CxnnZMbE6n+axwQQLoMzROBGyGF
-            iqe6hNbNFZPjWv5BTAl3iOHWrw3x/TpgcNmSBDfctU+CZlMWzCMuXJw1bK57wQd4
-            B6xcoBxidK55Ubc7GQ8mlAEuZ89fYorTRBfv2rBgUh8ZAAsUmn1jEz7HsQMMd2a8
-            5V4TzicdzXO2cZ+0DqU8Xqt5U9C0IjGgZRPzDYkh7slkbyYomAIfCq+zN5ieecz9
-            Mp8vvuMYfT66P+heNRZ7w/sgmGlarcmNKlOcXlakVYm5qVddPMx6M5Ovl4O5sABz
-            V4O4NRehYx0XFbjzXr59LCzpusS9xQoh49288dLTFudOInHUYq6ss0TbGfFJMDYU
-            mjHokzdG3ds8C9/lMR82X9rbyZDchUytHUwX4eGxUDMmhydFpgJko0bbozPbE2ll
-            NTlWegCc1yrkSGn6U9EYKtibitJnIMdas5HapcErMH2vYILsJOl9ifG1GIsuWe1+
-            ipPyZy7jqP7p18WCcDnUhgaGdQ67UjSLqX2zz0SZDcfI46SUeyeSelFVpTlmKriS
-            4bW6hC1FSe+bLkPZ0y5aRLgL5ipK6jdlZepAj/DNXdKAtchLHcddF3rKdBdzsxrS
-            XgFvvZPgj1JleYr+q/+ju4k1d4cE0HnQZIBnkAfKXZHwSPCw1d9vbeLipuRTJrEH
-            2CpOjtiXl3S2ZcCS1ama9lgAqPBOOoH7jgHvoCzqfkBsi3/QlIpQs+C8ro4hXE8=
-            =KZWk
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAw5vwmoEJHQ1ARAAxH+TtzvFlUZfD3U7BNRr9SyWVxnkR3U2zvvDG5A3I28K
+        fI1U1am6Z+gSvYdId38hiMPxDmDIMl2wCYCXd17q+PSycsJ1Bbzy1zaht6KcpSJb
+        s9jmNmf+5mazSRZ/COBy4mMq+2mam4/vu+xS85IsgxyxK9ygnCurmzMqn3lxatm0
+        ICxvoLMAamA+tAfxtw+a5lEMok7pHdKndZmrKvxO7nLXM0292sJ3VHp5Uy9k487W
+        PznpjM1st/f/0gTu1mgb8rnUkSszw1odBeQ+xw2JvcDHE6Ow7PpCk83oTWXil6c4
+        bEsrtvaFLWXN9/gssnayoMWHb/TCHKVe4AGrMevFkRdEFDRV5FRZGqzuGDP++X10
+        KYyMN0/Wo/XU7Rn3+7HmKvz0qeaAI/IRTrhdXUDtQQ13/waxGrJEquwS5Xuwea6l
+        LlA6hwnAERSVrVkMQ60ITOD6n7lvAPA7jD/HhI3P2Xy4mDFW9ZnfnWi0xI9pRCsk
+        w+ZnQ1Ckacv0gJUirvsVSdUYHwvEvpFEVSsZsv5QbNsaWi5jn5XDH0eqlXQE80aO
+        o3vPFTNCHNixspiaIO4V8etyv6nSh7BxwDvIH4nZVxr8HmxILs0Occw9anvA81md
+        roF3pyb+ZFRIwcBh72VSdAm1D/n4h14lnmMj+19HEA3zvbPnZQejtGFMY1Oe2VTS
+        XgHMI0aRJANXczMA7LSg9vxDYvWXE2KR526oBsC1E7otCNGkxj3hhmng25K3tmIU
+        E2AAaAIk/RukMnydb93XGciPquCZsWlmpwlTGXCqoqiNBilvIE1lXH6rhym78ko=
+        =nRW4
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAz5uSgHG2iMJARAA5+vcORn/YX2bHcAno9KCUGTzeiCP/DOoSePMdsCAmABj
-            P8XoYJOyZoZgW3qgvtKZ4pLGB26FuJXC2y6Z3yyQ4Xj2PeBj1og9xM8p7GnF6T6n
-            7wqALwJOamyer3A+OXx2Gc8kZ0ObqgBbbn5QTPnHzsRljC3Irgk+ZZE8ZRshoPmu
-            6TEuMW0NT5INmijtPAxer/eaAor3KKxMTf+sqqr/VGNopAyFUCGZynlnjcei6X+T
-            tVKh6zqr/eaTlnhoP2kr4u+wKcHvLV8an8sfsyIGL90O11LNcX8Sf4EyPDYSXOe7
-            AXTFcvfw9+ALu3cbTVPN0aI2e8fCir2S00F8x28Ffc2xDSrXjWEDCXLuRNVXz5KA
-            Mjq4afyQN6mtVZ6ZmtvaLQoG8D2f2sGzvrsBjaXwxPLHKPpUFZVBiiP0C08yokUR
-            7FrYaOjnvQVALLxGJMAhMf02g2dYDFxMw18cY2a+bLrYUVd9EMbuFwCJNzmU0of7
-            EpSvXrA0wTKddk+vL3JoJgIrOxz2IQbaC24NiCUzbyakhT+qDX/oXXILxL2x0GfR
-            RaTL1inkTQO//ooAjlPeMA3OIDQo5CdoV4VlvSUgagYfDvMfDCAO04Xxvezh1uvz
-            //4Jz13+LFoUgbtVUYiT4oqWyfTKOV0D8ILYWKZJtjJt4TeYpEfbQFEzIYyF3OHS
-            XgE7aGyB0ArPBovSr55eQGmW+FaeG1VtH7TRLU367FyQmGep5O2SUxQXqFFiWyDy
-            bseIYdRqNsmlgdXBnADdkVCFJtF4C/VA2DOk+wOO8XtQoMQ8zrIl+0Viq1s66OY=
-            =xc00
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hF4DerEtaFuTeewSAQdAPWizx2khKtlshnLwE5PRszAdTvTlsEEiWVV5xJx3PnAw
+        9Gj2lZZX4F0AXoKInElg2N02FXpIo24ZZUPXGqpswfSv93NFNNK+FWwqUCRZhuCM
+        0l4Blkyy4PthGwIAtXqZ8GGxjoDGBLIAE/zrY9tdNB5XAnkiy7J82kora0dphpkq
+        Llb1Jgh0+ZK8RQzaf5wcgWf867MhJLhv0N+qLsFVutGpqFy1W/1vaLQ5au5Ty2Tw
+        =460I
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAw5vwmoEJHQ1AQ//abtgoFEWd+zbeSbiwey8nCNQUSklHV9kbLuBK8+ipX/Q
-            qjweWnnPVN6ODhgfXm93k1tSqeJjYqjqfxVsAEUiXC61UhvS6JBZuVUt4nRUWHk2
-            cdu3eKlBx7Nhm6th1gZ+Wf7PcryT5fmJQP5a8VEM/nUuRjnAmG7RuSiWbNzBbTDx
-            4jh4GTvlFkupxZvLsXYf2T+7qn0eHymdQI8+5WSHQH6kApBvINYoq1m55it5ilEp
-            M0tYNFMzi10OjKVbNRQXuKhROzzYGtW8qWGtc33WBB5rvkRVelSDmleTbRywWjE0
-            rNo7vj97SbmGdCHydzcEwPIBOd11ZgFWpamX/36ALeKCxgHgc3HsnjIkDsEffpoN
-            SFHAhyYqXTDRqq5/HuBQBDBJLVVcIbqlJo3us47gI3rhojjSayzTBd5TnGOZt5N0
-            rFOqoZ1i3vf3C5sjKivTzCJ/P3yFgD271hQjv49jSqXgSF8ZIvzaDr0xLiy+XnZ+
-            EsUyqxZBKWy246BtyZ4qBvRjVKbezpxQFh6MzxccY+toUaG2v2I5muvFJRHe7qEA
-            fT6XDl7W6aQ/RBL/Ij9OWYvCMWS27mzkLQi0uBH5gyA1t6Bg9O6+CjGpK6Mmd8fx
-            1Q2Ml5ClzLnEq94FX3f2hpqLdSlwREPoBYULeJNr+WhayDvfRjuh5+MvN+wjbs/S
-            XgGYwgGCrFmzXN1mWElNGc3+3sMEpiuvJp6Z1nRfr17YvIPUrtCU7zVHWR1lWFKU
-            gjJacBX/Qw9Kly+5jADM0UorWkZxaby+q+j8rN43nPatjDlDRI+BrNta0l0ulOA=
-            =2cbn
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMAxjNhCKPP69fAQ//Rzcsq0Yay/3g/MzqHI1izkSWsdycz3LE6qM4qhX4f7wZ
+        4Ymzu2jbSq43IavCjGPOLIKVJ4nlnPd7rcprYNV5DOcGAkXG5x7PbnVta3SPI300
+        CXnSGQB1KHUCCYZN1BkL9ZSQyTx0ex19mnsSEtZh8NB97cCZx9zMowdHKd5ySu/O
+        +CMFkQ6Uoh2FxBtqM1y1YbDiuDJnAlAQSKlDIVdCdMssutWRs9Nf6eiLtcmb4U5l
+        sNyKQnPrr3vjkaTbVdBKQjjMSa8Z/1Tf95GxNhzrUGm2APLKVYdHkMVlQwcr/ZfH
+        jGiZqxgBmrtNe3EypdKCDnlPvlxs8mnO5whxzDZW2NFV3piMmOmvLI/Po1ASi/t1
+        PW9h05Foh2764Jfp74BkRTvhBfi465wKkON0VOckwWBkl/n7w7POfHCXdK1/AnGj
+        9ywj6P4zg50vKiTMkZStq6YKXAEkVcN6YzhVVDFwDwAE1VKFCMKlmwuYT1FuKXBp
+        7maF578qVyb0lXP9jaX10Y9dhC4vU2rJB3vtRhxjqeMEe/WOyhEyalrC9phPfBKS
+        wVKzdd3vvaNGfQSAwseFAn1upvELFwccPw1aRIqqLhzWTY2m48yyW2aEN6+7SqkR
+        dOBJpZDE4NxOhbQl0rllZdeLUznIgeOKM2iNg/3kM7cWcsLZRm3+l1ZuiCEy5XPS
+        XgHbwfJlyZYoQyKCntbdA/5VRS/5s0oPJIjuofoBZb35fIqtYPIpUeNccpklXYsO
+        atiSRwJeiluCFUag0uV3nq0zltOlqdS6piEVqU6xiGLAZe04jkaMBxL6VQQHYU0=
+        =811X
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA4HMJd/cQYrVARAAu8l79uJlVLz++foLhk83zrPSZsX+1TQduJl06Kx2VrJ+
-            dZX/0okzpHmHeZGhGH+e1Gv7MpyM4UxAGwE03NIk32p43LF/biad0zc4TB8yr9r6
-            N3Sr/ZbaB0oYC/K4r1Sj8W1XWmuYZB8lc1dyfwhf96KIXGutvG22O5XI0pOA9yHL
-            x4AWt8OHYsaWCt941M6pbFtBsJEl/TaKgYF7YNITvsfj/oG7cPESKLOkcJdmhN1r
-            ADpJRcs6rVvMLWxUBjZICqZvDlwnXK5gCu30MmLs/oQbFmHjBRB01Ird+Mb5e6l4
-            vrYC+zO3RG3dZ+VXJD0rBn+56nDMtiKISJCy4I4Vz/ekwx94cIci+BlD9/3YYix7
-            HVgR6flBgInZEvaBxyj2e0G5i2gKvYTfea5+6bwPpszLUaYba/YLQQ2mSXcwWPsV
-            ipuNSjJ8swK2OpOFTfzs7Ua1OZChCOhhduxiKCwASYrbncfexObsQfeobj3wrwXH
-            N4M+h5ghm+y7UFKDW+gfN79WGfltWiMdy9vZNwwEYF0NE8jkwPfIt2dLvyU73MFU
-            NivYWp6kUj+gbLkb3gLClAi4CyYqNQyBjbKEbt+470UIMZ44WWMEJy7bMwAVzLBk
-            VxBHphqSuP04pgb5a+PHPApCZC6KEntnW1zX+DKrCn3/+NhoD6COhCvetWxq4f7S
-            XgFop4XZPWYJb6ypqkFLbkHIg7tCbr/xae4HABncVj0BaS1Z7TBdMiGi8SQvHti5
-            70rNGZIpQe/59DmBrLT06VdQRY5rt20bDoN+DaUrE2tc0k5h+uwI71TG4//Db2A=
-            =m4ec
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA1Hthzn+T1OoAQ/9EvULxQSjfO/V600iqRhsQsuuHWY5IfVN+XBCmzmeUX2a
+        8qFN8L5gk3pYEoIu4khSCSeIpVyOdX1XeWMMNB15C/pAvgi7emH0y8UxAvCLfW5L
+        CzP3qLQsbpKUGntPlHaye/G16M/+m4QPc6Y7qwEtUThOei9haPhIU06Tb61IpfLk
+        AKticUro4ap3Xt/fjDH0NHZsGG33V6LprTt+8LaEcpcwZK/yOWdG4wTV4j6X8LbA
+        ueCmKunAr1skJrd+hVuwP2e8UkasYgo33pcupsS5jcyXJT9Kf3p/nqOJ3QGlwOtP
+        lf0DUifdd/QrEXWcMBu+zc9HgtUzpyU3KAoVrxo4JQLaoRlq3kwk3mOOFA0Fzd16
+        neuJL2wp/RPuL47StHwA9HxQP+3znXkNxmt9yXGzeyeOBpK4O9qoQ9y7Rbd/FR2u
+        wEl5uAjhhH2xmAUnIKp5Y1UAFSLqZEaiJjjCHMHycaTpCucjEcChpaBGDAXYS1h+
+        x/r6R46UgIzMvjpd2vy+C1aQg0p1Z6P65ifOkdAYIghpSkp+F6SUHHkL3w/kRRjE
+        dBF8YWFm/yl9P9qenakC5NsAA+bR4ZpNWpv32sYuVjIuoV20GdS7UIVQnvos8bBK
+        NfqoFmz4n8Eo1jLRcCJ376ow7bSEhRIJlJxdq7bFjZ/3Wtk9vt9dG6XV7wLdJwXS
+        XgGRxjv94TYLFowYA8/uu9fWxvf2i2lLqctjrvbZkW0Rdn2Ym5GXjg6St3Diug6r
+        y87PJPSN7CYE4jzCDPaSnGcBvwDHrQsLHLAmenfrAi2Jnweg/THpm9UAftoC7AY=
+        =Fxot
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMAxjNhCKPP69fAQ//Tz2g90bOkkY942MaLO5/k8MFMf4QEDMZAiw9tVZ39Rqf
-            udMTcGyOX6zLzr+xxNX3gwn8X+bl0yw4Tg/FiyOzl9RjMZDxvzUaj1gYZI9kKPne
-            aEmAYcP2mv+ITUDnApZonDZE5hUnLGAyfEZMU6ExF9XkU94dXFdU4nd+gF5XHzou
-            STiNryBYaxWP1WMkW4SlZqdJiCfrkI0Z7iTF86QtXN5S8qLSIyjP3hIv5QxJg5Xo
-            NwK5IXQhV/0ZHp1Wl8Xys2iUw3iuwPga7sBrMHdJ0PHVBg3Wg/bG7YtrfEAfUbcr
-            UHt9rNGFZluuqNctvcvkSUjv5DISCgl8lSSbzC8DK/vT9o0DQYWvySNpVwXO3tqs
-            9aCxKc8trCXrd9qePnO259Ni0ALRjyh/GHZipzhZo/mgyUWc5nAdTLM49MsmAKHc
-            PnBBSntXnVHfFoFvgyBAmyISVuH/L5j8mezQ/37AevcTfuWemjDRGWIiIJZ73CyF
-            tG6ida5En9QouMO18gKBBzfR/2s6tt60bEp4bE3j2rRgEhwblBfl1NtGSw2WGVVZ
-            bU8KormLDT8aurMIp/Rd1pzAxDpEhDa13TV1IfRECOQvY35aBC59upt+XLwJ83ch
-            Zgi5cRGtSoj1G9OziQGCtJjGqkZoFy7Htou6AyFUEln+2Px0EKGJC3yCUcOF0orS
-            XgEtK2wEJNnJ84LctjrRM4ZSeb/8nycfWiR9riJi1lq6J+WSeiGME3cvhgObDTtG
-            EwuAjG6vhwUdr3aovsENQhvHnQWID844CeBtB9jMHbFJy41vbt0rC0JJG/6RoRg=
-            =5Ijl
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
+        hQIMA46L6MuPqfJqARAAnZq75P7GPcuBCBLUOVPK8w1IBxd4XzoEWW3+T80bFTZE
+        ZjPAvfiGcOqIfc8CPzpS1drviWiRkuEV4EKCuDmX9GReI0SUlvaoiddUA9V62f4b
+        akBrzqR0nNnWWvjph4/5PRAQO+xO4wQy2r9thCw4oej3QgvKtLRRRY35TkGqlS0t
+        ej4d80KaqGGsfIPQ5L9f+lqarrKvYx3DMK6CujN13Kot44Uom4L5TeIdPSAW14jS
+        13fa/I1Irq56ME9kNctsuAkRkhrW+KchFJqkYXSS82SbXUDDNcVA7knXSzxVR+iU
+        NJXb8bQO4Ymi8sWPWKHW/GXUkReiTLl8MkLi+mCwL7qo5fMQcBg/KWo0hReQYCj3
+        G9DZPs3xWYFcwcmrSV86LSqjMt5g8ZKjPm6ODQcZVA/ZsGlmdTkjsWNn6WRZI55m
+        8kkg7BoRMq7p6b15tW4e/w2rr/bTmGQ9dV03KIpmBG6+OUzwgfB2/w2dGmB7Vor6
+        JMzvt+1I/PSHsCC/7GurTurAP63x8NO/9HYX2Qg0qzsOusnTKrCoo4lX/tA5YfIt
+        OKr6zqy8s5Dv/lGUhofkJrhHr/QTRHFVrFtPNn4yfSzo+8uhomHGsmxBGOOiY83L
+        3zwYm+9BlzO/ve7PIvs54hIHQaKsP9Ktsgq/+dM7PVlIb5qfwGNvgoS2QXFqCF/S
+        XgHWy41J0zTGoyEpooGkheVKvgEPvv6YIlm9oTucYP03AkKWxBr9MTNq/+JcLRvw
+        Zey10uVJnYPUuH2b9f8N8lNBZlkQCBq/AEu0MsygsK8bcVfQL1Qs58xh1uA7gL8=
+        =wduB
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:22:03Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
 
-            hQIMA1Hthzn+T1OoAQ//dwisvTFgYUCFICbaNZ+8jttF4lTQ2fjdP6UHb0evav84
-            PUYpqUfmMF1BUvxDx0rwzzP1OaSKuesxAG46i1Nha1Tq/LOURtzZtXPW4+xSHWge
-            ifbcbGTBkACviKkRuVUqaQBAbzDnFIHtcQy7nbILmzM0aRwm1IC1WzKpPRBgzAy0
-            o/UE4geZjPuNqkix4mcLz8sXvKMz11FE3QpZ44JqiRhmAITTDVo2ymhbvA6R2C1w
-            AL0tjJwKRb0qfoBegyPbuUW399l3CCtEE7voW8AxZ3Y6EGO8DQ1i/MkR81zymFep
-            PUDVYDmhqmh38Z79v5iKqnruzS+rOaitzMRqsUfOJfa4UoFkjO6tYdi5cOY8T4cD
-            w0rgCpvWriaGKGHDuRIdu031GFyf26+SvOWEbiOhMv+h18Hj5P7uT+Is+VuEhHEo
-            i7EYTqzsRwyIfybNkb0mBVluvXb4CpZRdRq5AzC49qu4IezvKoAT99KG1yf7XJvI
-            Ijc/ZITFqCBxE7REA4JBDuivPHfML4CgxG+5PiBJ3JDdaP+xRuoVQQv5E55Y4YwF
-            NM+NTNcvsTv2vKXJ8mmWLBn9xMxN32gmDyy7jW0elW46AQidIL6C+W2Zhxn6GNvc
-            2faDhNQ3yV0A9mIsgQjdWeQemqhsiVU6Sg4Mmattm/b6plGCM1DIcJgMV2RRAobS
-            XgGt7zD15Ju4S+fQqL7MVGGD3y5v0C5eLx78MScygpNQKS0vfTfTE2+wRCzCjZAG
-            /6HU85E6ru1VeXc0TwQBrpX3Wi2ga/momalsCGoh3oHBd+jRqzwpRxojKLy65qU=
-            =g4RA
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAAmTOXbn+qa0wgjSvK3juGqVemxKvaD2zFG57ivYdC1Jdn
-            PIVi5aBCvZ8KY/0W9k83LVcGUY1f8eRkCU8ohJU+rmRbiTvT0qo1hfLzxrqaNbke
-            gN+YsYW8bgXioF6nHVWI158GvqNfmvRl4WyJzBQ41cAyMpdGXiIzUoCba3Y6f+1N
-            muljMhgvEtWUddf4zheZX89xV+aLa9Mga6aQbwRcL451UcKxmE2nk4+00rMn7R7R
-            vmsC677/RrKkI7RxubzCVFFlzaH+ZZ1Ott6ozKUWs2vCcB6vTzwwvmrJwmr760lC
-            pozfNp/+WzLZOkA3rO2qAvIUc1DxYA6CgukrAAObCbvmcgMeLtVR29wwWs01qxI+
-            cTxmH+btbiM0PL8+/sW2KlC19hfMmeryiJXxbUN30a3fMDJz1wVor54DsaqG9kIJ
-            zIxGsQ6t8fzfaVfeQwoxODnTWqUClWCY4is251O4Gxw3C0oPWZvzoPvxljaPrYYY
-            SE3dcktWmGoOxLj56lLfceKq0qAtYmJD4Q5k2GDYYU+8dwp95UTf0lbRwauMBROT
-            OMe4r/emH4Z1LiG2/HLoM4QuV5VVQGSAqoE3c42YjjS9uh/aOtmeNNLehwS93F5E
-            J/bXNY6VnHcALRGMZF60g5OxM3QUioNkGqcCWGjSaRPcKhwaXvvIaTCdz8apnBHS
-            XgHeuszpU9/O1nCsNPF2vQUjcNxz+KsL39RwHCVJBVJskxd4HcJQUM7uArV1Fjbk
-            fl4nQuueBrZ4tXzimRK2QOjgy8F2n/Kxpjlr4rXn+Pi9jyhx0Jq4Blu3wrR4LAg=
-            =4Xvm
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ//fo1yfBspyD2O84d8UCHWoUJTNYql2p26H/vC2BsVzAmL
-            6nylQACeslISLlXbrW+ILPOFZ5x21THOFcJdvCGAQAkY+jC7Ry3D2gwsZi/RLFpP
-            wbEgbzk9hcimmvuHW/NJtrqvXiTJy7GH7el5Zwqe6rtUkTW5IUtaOmZjn2fQBVoq
-            9mMT86vOYlqgIISG1o5x4pciRd+fb3JPiPeJiLcyUBEXYqg2THlyYwwp2paFomYf
-            a6Ls/pVT9ICSblFlnfILOexDpqhxcPH+V2nwlbSlOETq3ACcVIgufIRndTkGhDzi
-            HS3GlD5nIb/ep12Gj+qOgKZBsbUdNIAVojNY2qlK2yQJpE5B1aDjmkAZUkk/LqF3
-            76ZRBDzigU0jfYKh2iGDY3F8cWDsRqjqcTjVB9KF32+1SeUAO4NqDnDpMZgBh2i5
-            rvDOJCJfTgo7DfPqWPyeFM58sow9EEglygASA/XTaDV+CmLzRlqxwlJwpbRrz3OV
-            Mp1gewfGASLPS4xh6gtROac9DAuokmN5VgNg2g+emN8lUNJ/7V7u30TvCEfGP0j0
-            1Sd6RrNn/ZDMJtOoE8gDua6njbOi9Zk/RN4Y4NKWcmiNZxz/Xi/8XU7F0yk0yEL1
-            DUxYsCEHImib+lAESQ0fF4VMXx3DSXq2/Yt5z782ZvgNrGoGw3B9qVA5FyG5Bt3S
-            XgGgfz/6fGZ0DEtTv3B8Rhqbm6TvwPFgIg+3WuQRXxf3rjjoX1AN0jcuz8OIIfGk
-            o1GuRG0/sYg7P32ysgQMvS1F+rX2PR/myHsz4YMM10soG7OduHgXmiJ0eUq8EtM=
-            =WLCQ
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAUMjy8rV2Zy5nmeMOBsANIUVyhAvVBUF1yunc+EgVeVQw
-            yd4hPHMnQSkasXmcMDS0y2gwixgTOeQbG5PaOr0FA7eGEItLlqwSxz3+GnuD/gEw
-            0l4BFrUbimEX+/tfI8aymapMVYXFXWe4dUZw9foKN5HqkpPKhusozd9bqPPNKggZ
-            09tvIJViKP/QufK0WyLYZGWrG+leogDX39GBtAU1SOllFqtq2G0X1qH+s88GVpaO
-            =hxWV
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-06-21T22:42:59Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ//SK6MVXhRsRxYV8jL9HrVTovc84kNFr24nbHHi5z6fuCA
-            6ZjPr5Btx5Xxi716mEmdDBUSGfeJOOSt6hw4fCqj5ehnCeMLr9GvmJdZx9s2n88m
-            h4Fzd1XF67NMbSAYMPrXpk5dlxBNsgmsAWTaEet9gqGWWYsrZHWPvae7z+GaJJzz
-            h3dix5oVV3tM2OVP9hFhRtu9tv9a0sj5Eu6mz8UsDFwEPynlSDPKUQA0jFTXJnYo
-            yT8UTPSZAUlwnU88JPIhHKCmU8nqUIgDURVNgK4BsuoKSAZ27ueSHr/4IzBiavVD
-            6V1b1Ttt8usKFp21OCqfNuoiIeEipUdLMFSTjSXqOp38QTaqoDaCsAPc6j3HCvlV
-            vMm1lbSKK+Llpk9WOmqvHQriL50lQGYpa2X/jS8FtlotKFm0uGJoJXZ5Ujc4Wmy9
-            J79/cXLULGFCxdPsoxmd8wJFqz0eiVPHIBFB2Y8Tan+Mg44WeBuY8sAWGzYPp+kB
-            sEOIQ5I9N1Gt+58i1hDTRlqO4I8ihusqKeRemJa954rlzz8YTmZL+JAD5gsMtzuH
-            gMjnfBnNJKw3UmnHMMQm348CRB6SuF6rmjc7Xk1qsnie87HtYbM3dJYh7ixddr/a
-            kTHy66zDX4j3e/y2JdEPQw8/WhhdGnyj6eDioQLNFfvApI7doi5C+XDCR08YxJnS
-            XgG0kP/bfDBkwzzHkr3khuvdtmUEmsxGbR/3abyjLfvM+g3HM6Eqq0uDwuGgYinR
-            DYfWUZTas5uWrgxAWYbBCbhPcevu7CsyJFsBtG4ExTXPSsP2c79+LwtmJjbLQqo=
-            =9C2P
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+        hF4DQrf1tCqiJxoSAQdA4Y8j9A4ECAds0oJlP50Td1HpYIhywjXKi+pT7CTPXQ8w
+        95+hUucTE8WQO/9u4HV2Y2nuyQPwmaYK0iGbNV3YxgI3Zdtf1T680hQxT4y55E1/
+        0l4B+70h9ojiHZkpVKVmFFZdY+tS/jQIFIRxqTW1AAfDf+chO3sUxbRe2qZhOXoY
+        b/QKU11wFpmOZmzznurOoxkqdNgGNcFm9+Ntb4ZSLSYzx7wrjzmWsaTdFd+coO1j
+        =V+rP
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.8.1

config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix

@@ -3,13 +3,12 @@
 # - https://woodpecker-ci.org/docs/administration/agent-config
 # - https://woodpecker-ci.org/docs/administration/backends/docker
 
-{ config, pkgs, pkgs-unstable, ... }:
+{ config, pkgs, ... }:
 
 {
   services.woodpecker-agents.agents."docker" = {
     enable = true;
-    # Since we use woodpecker-server from unstable, use the agent from unstable as well.
-    package = pkgs-unstable.woodpecker-agent;
+    package = pkgs.woodpecker-agent;
     extraGroups = [ "docker" ];
     environment = {
       WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";

config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix

@@ -5,14 +5,12 @@
 # - https://woodpecker-ci.org/docs/administration/forges/forgejo
 # - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 
-{ config, pkgs, pkgs-unstable, ... }:
+{ config, pkgs, ... }:
 
 {
   services.woodpecker-server = {
     enable = true;
-    # Use package from unstable to get at least version 2.6.0 for native Forgejo support.
-    # https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
-    package = pkgs-unstable.woodpecker-server;
+    package = pkgs.woodpecker-server;
     environment = {
       WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
       WOODPECKER_SERVER_ADDR = ":8001";
@@ -24,6 +22,7 @@
       WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
       WOODPECKER_FORGEJO = "true";
       WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
+      WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
       # Set via enviornmentFile:
       # WOODPECKER_FORGEJO_CLIENT
       # WOODPECKER_FORGEJO_SECRET

config/hosts/yate/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 {
   networking = {

config/hosts/yate/default.nix

@@ -1,10 +1,10 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 {
   imports = [
     ./configuration.nix
     ./networking.nix
     ./yate.nix
-    ./service.nix
+    ./sops.nix
   ];
 }

config/hosts/yate/secrets.yaml

@@ -0,0 +1,148 @@
+git_clone_key: ENC[AES256_GCM,data:Wss8NtyYXOmQ8fYbqKfbGQ+5l+ifNznis9OJ4p2HRPsExOFvgHH60t+D/gsOPTiwL0fEQKQn008Zo7VpIEhKIQM0fW3cd3ED3Tk8QX4hDRxyLl/lql5MlhTm4UMY58rNMBXgA88oR1lozgAa39KMH0MRUoSzrhvecwnAHO+RjZGXBN5zYIorqBVEk5h+1wUGSlV1TroZX9u0cWt11eH59AgKY/oP5mOrgA++E623Oc/DnTxlLbR//lFHW1JPiBSUFMP1ck6fg4PwnADYITgr1B1zdJz1J6jNC+n6S9bKDPnH5bvqmpvJIRmimxR4/R182RkIC+TBhD850cD1y9KSZa0Lh3DZ3LPrqGtZ6MHvpCgY/wPiTUANv6CJPcOAoskaaW57EiFl0ev3Jc3A+XFM6yqQOmmvNXx0hYz6ltlvtsltOcmz5TWooijwTaPS5UEwltYalrT9RNmC/ODkBRkSvuLEBWYwnu8aeo2f/+IxciG0PldDJED2ud6HSkDEXHcPCwodScpnk032Jrc+0qtI,iv:tCo4f5u/y/ZrAfT1N+eUNLy5pKAg/U0xa3cNQmzUgFs=,tag:03HK65hWjYnVzz+7C+HmsA==,type:str]
+sops:
+  age:
+    - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeklHTk8wRXZUWDE2bHdV
+        LzJSVkJMMStpMmlud1VZWjVLUVdLejNXWDFNClM2UjhMaWl5cmxjRHdpakowV2hZ
+        aVVxMUtoSmdJU2p0MzZORC9XV2U4QTgKLS0tIEM0RUhRTTFBcjNsOVR2Q1A3bEFE
+        cWNJR1kyQkVMbElBdTkvQlkwWk8yTDgKK8XqGA2Gy7b7dIS4Zas/t8aK8d2qCx5p
+        cDHyRqqAfMIn9fRmiRGL0VRXCTZcPZ8FcaDx5/CuOgxe4hvNXp9U3Q==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1kxzl00cfa5v926cvtcp0l3fncwh6fgmk8jvpf4swkl4vh3hv9e5qyqsrnt
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd1ZQNytmcTQ0bC8xMlAz
+        QXlibmhQZGNQQnV3QktoVGtxOHA1eEtnaHdzCnRiMVl0Nll1V2ZibWdkTnBoYnFq
+        ZXNqUHI3eXMwYkZvZkVEVm1Ld3RFdkkKLS0tIEx5RVc5WGEvdlhUcHVQMXdXcUhS
+        Y2t3K3Vhckp4VnBwOHQwVjVpYjkxU1kKuvtNN9eHFvBBjZmh/L5yxeU6rRtz7KMy
+        q/5pLyRVAg/LjXKnFH9SZLbvWyffpfG7U8CUQdBmVIzYhrj/WEKwcQ==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-09-08T18:35:07Z"
+  mac: ENC[AES256_GCM,data:tyrfhBaTKnp1lqSPfkErk1UFoI7v/1az+zl9g3XoZ5Apo3CRixdLUldM9sYXqQT5WNrgO2NyZHqvyQOnFZiJuNhlYFSQbgwFFm3gz45BV8Do7QAhAG7+Q6q/Gz9VAqePQJlmzbfeL5iqJC2jhrcGIutO2cI22QULLkBzVVDg1/w=,iv:ayLonGC1F3vp6bh4pcAps6BvMzrG/yT2rPGAcUQ1Geg=,tag:1fIaRIFrzDTSP+oIUHABgQ==,type:str]
+  pgp:
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hQIMAz5uSgHG2iMJARAAg1t+aqAh+rbcjhyNZha1ovJbcM6FoNr55nmdFZQnqwi5
+        sCIct2zE/lQzz770bbkplJaEAM2mQnPEGYJ6hQApF4M8x4HKVWaA68qM/dP2ZQQs
+        oXysCouuUvypfU+EeZhN6Lke8PapFls+iLidcb8fFh+FHAEe3qOKHfwFamjkxz0T
+        N7/hCInKHFNeOOq9QpH+2dtpo3+wL0ImwSO/hfnhLc8f9eCgXYQZEArT9mhm4eFp
+        AWkkN34dZJcRa/n0NcZhMWhEDgepXO86h3vuXSfGRzuj3QEChSgm1paVOv5IWtCP
+        e9H66PcpBC0v8lnf6sk3uwTORH09rAuSDgEFcFHzdfZAL6c2O0oleMTVXDEQ23Ci
+        8/X6N/qZjIJNBQogcRSCQijaYgSeUuMStvizzOK6hRKS/DSMK6Zbw2eM5SHXen0h
+        GVf8XvenfZF0U4MvzTDYzYnDh/1HA7NvfhRcvHo4TjkCyzuekGaE8WC1JtWA3DQD
+        IQf2q/7p6Qka+duMeirJcM+c71c7so6EDrlbFPI6A15F/vqtD4VyfmwLJm2YZZ4S
+        DfKKJHIQDzXh0bqiyNtAQyyo1H9UhJehXOod70Nz6EZkYz3F67Xo2fO/5mCrkRJH
+        tJEbSz43IHaT1AkB80mEy59+WCrT02mpuwsdsoLvhLokiCNFPHUR/YaWqjwJ5Y7S
+        XAGF4ku196vpnW9Ce+9rYE1UZ/Uh9xHBqPdc3tnufhKIwAE0UyF+fqFY89iwcMrb
+        WLcN+Pt7KhWIe2lJ3R8jKbzceTLIpxoHUtXGLutu8XM7tWN/obE61a9iWSTK
+        =s5xj
+        -----END PGP MESSAGE-----
+      fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hQIMAw5vwmoEJHQ1ARAApGc0RVQyE+NzUrw0yVctMi53dHT0fSC48WhVFuX77r97
+        oLcw2/gzVhOGXHfuyPgkis16QBcMaHX4BNfrTonk6sXC/WOPBsRCAZ/h2YazK3Nt
+        fv/Ve8oNC2kDmCOIn4RwmXVS+QXPp9pgZA2b9wuAlU0SLbYq+t0lgCTZZb3lfL8m
+        DM5Y1xbXrwGNEqjkxEdU1Secd0oUgTWVwZlmjhnH+1e5tZe5sDLkUP28XBQB0b1j
+        BgV6dEERl0lxgTPYlcC0LHI+gD7gG3rmzMudJJBZzVomQK/VfKWqV7UuaT4x+ejQ
+        tVbkGZcjOAmb8A4xXQwkRgCBBS8CmiRGhx/BwJlabEMHW1QBOJB9+PYWD78rgiyY
+        CdjX4xFE80Wpdh8PDZXAe93m/4DlGKntLR5GVtZrk9VHuDL1CAc40tJkCuvl3Nig
+        bwapAGdGQnRRLMg0mPLI/isc7PmmBs2M+3m38mhdqjttbFpBrvD6wFPmhWmOw0YR
+        fiI7QOMOcihoX937S6jVTrUGVLFtR9Esl5LadYQp93le3GjZw6uiANepIwkeaX81
+        ZanuDJGJXhvtgLfBByxWiuJxKRkZ1jyOVcbq9BEv/FjgFbxPEKq8vevuEAcSoM0K
+        PyRrav59UciQ6BUGy8jM7caIu9hZhon9BZA3bWFekXAjWWyfL/2SkIkjyo+B0hvS
+        XAGvaOrp3aF7mF6XyyxxNC7IjVifnlElFzv594o2fPQdRKGfcLIETADMUaMskrD5
+        RSEe4ldP8KQOlmKn2yG/fhQw04D+RdhatWIfszGjQwo84g4SIBOzI8Ut8fsd
+        =W/jm
+        -----END PGP MESSAGE-----
+      fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hF4DerEtaFuTeewSAQdAUr63BpqUMMezyhp+cq1nWfUixaQPB2XZm2ZM6/OfHi4w
+        583JukURVqiCDGyMmuMvx1c+7txy3BImR+ZcX54CyLi41pAJYM+t0GCYUX+N1iUh
+        0lwBGLwkDC83Go28mRIVf2VJex6MaW9F6scWat/FDn8QLzsL/MpWpTTbOvCM9eF3
+        p1MMmqV2s4NkdGaXKhMWoc84CQZgEfvNyzmObPSj558ZIcvdmuu+gxBbm2jJUg==
+        =pwG7
+        -----END PGP MESSAGE-----
+      fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hQIMAxjNhCKPP69fAQ//UrQNdx+LIIf+GLfmG5wCjpa2CSBPRta1AT6JUFSaImwm
+        d0qDFyTSf96SqnyPFh2GlHuR/s2OZjF92a6EJidq8FDGJWCwlhJIDOD5B5veCPsF
+        kGB8CqXod7ZD1z19p1h5WiWdSLxYoseDEsnb2SDeONaZjOklNgpWT3dhTjVD2ca0
+        92pp3xHfMHNOMyTzC9f2cLPdfUr7/2sHk5h84wH+4IOoXyACQmbCDQjrDg0FoxUh
+        KR3Tc4oxrAEhSkipuFjqZceihLx9tb2peZmBUMzLh/N71hAQ6aNav3EIBEKcyy3k
+        W7M9BS3yX6pBD1FWDdp0l7YlJTNXPDRF/c9Q5CgR7S7Td6/zL/Mm0k6Va6kvjBN8
+        slRTiqsjT/W6h6scnihFEcPTKUdmZKx2f/Hj5EE+cM6WfULeIAawJxoWBOoSi6cq
+        RdlJzpkCqridarADKMy226Isj9QH1qmspL5HIJQ/lBHO7lRx17MvB2JkojYsHxix
+        LiEEQUdAkmVmV0APLNV4Uh9fkyi9FfDgtzhKBmF/4Hue2ZUCQcsuTzzy2TyF2YZi
+        pYLJ8dlsSUFIr1ZmzDzf/x/v87GLJuuHjOGVPiA26ipIeR8w3u0yFjf2EFQd7KXm
+        3viDYhGBdVfntgfJL5o5VVGeIv95x0ZXlyi2/6r1NL+KZJhiZ4drE5DfrQ9Z6BrS
+        XAEhAjt4mAGphYPQnygGYxrcGDW18akLE2BXjqnQZlxyt5I3cqubSciz85mlcvXJ
+        KLaxFI/A8jl+eDlNqhrNvR5E8vPOBi1253IDHLMzsYtAgZ51A3UPN6BBCmSL
+        =+sro
+        -----END PGP MESSAGE-----
+      fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hQIMA1Hthzn+T1OoAQ//V5CtyaEMACLYe8t4AWFkPOfKnZ6nLDSzYc+AgDdzk0Nn
+        8EK6KOT+m0d65Sbqg1D2U+n1/8dyqFB0cnUmSUZzL5iYfQF/Zry2sqncmX5dO4ne
+        k8ZSc+s1QL7ed5fq0MykOPhopxwF8UWHRMTggPXm1JZ1+QrNXrGveaZq4IS0hjbj
+        k2TgvFd1svf/xqlWN31wdIuNVtpMaI01gTW0XX4ECVOc7gJz9xTJtzB6imBb3yHN
+        cRB60rhtbeIx24wJ9yro9HWEaOLaqXyMWFCrH0J4pXFvtKa3iPxZCJpE3YNUnX48
+        pGE6ZUleHhAagsDZMabwqsfLZdmJCc+C8fJEIhC+uBS9vtmALGUeKxnkvWbfPAVP
+        sj6QbVmiyVnK/X4wNguMK+AdTGElvu5yB2ejypD/kCKI1RbVPXqTYS/gY0Vm+OKL
+        kYKuz7gC72O72pC577usHYeUkptqjYIKD66+N0OkqymkLmdTFsISqmVodmp4WD1I
+        r1gDGFt2BkHziG2FbnUbYv187q87yvHf61f+P0NWcPV3XnGvd2eHURPhhrhQtOzl
+        DaPwoTZ4EY042mIC4PoScxs39eSBSFYeO5lXyh+5Vvtcb0lt6aLmXWNkVbq+JEft
+        tLt9WnBGcdF/gbMWMG+OnFPnzt9YH9ydOXFoP//TbmubNV6rUCd99aKLcPdg7LrS
+        XAHR9cSMAaq74ZebTw/gt3oBD4Yewwpnna0X8i9xy6VGJz2ja/hWI+gYdlsvyNT4
+        bwbmdFbgJtV9NtMP7c5CxlOBbwjmqpy9/syjgieNfMVI7BMbkVm4Tp9P/X87
+        =+JD1
+        -----END PGP MESSAGE-----
+      fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hQIMA46L6MuPqfJqAQ//Y35T5AgDswhpSVOMPoAToapHzH9rZan5nzqDhfJrVe/A
+        xxCHoJY1YTRKjG9cAtmYm22oJqWZqmoXUS43KW0jzwNcfKBE06u+3VjVgnkkn+Q9
+        ceDUycbqbYsiwBdiYC/2mKjgg4xvbz55ZmOLvjLljlcNXQOHb9XO0ggqX2t50GEh
+        4RaieL7d8/MwgC9RLz2i+K6Bqf+W4kjGtBiQF7D4cI+mZbguCZ5AptMKXCFBHQrV
+        Lu+WKzPTVFmpRnnK0nIrlHa9WV7h5gYnu+qK4O7Jgs8HYiNOtLQJMhuUnos+psDG
+        y9GzHU7VoGAqYth9Nn8IQE2bdQOde+bTTaPxvLA3coCqTNjw12FyPQ7cppWwn+iK
+        NuTxdDPj2GIRd32nBONbpFpjdFv0FINOXKJB2HnbjiHz1vBT2sL530TuTuDl4G6n
+        3vz0rRb1lOZHiSPNsinz/hkSEQMfwV6AhC/AW/Y6Zsoh89WJMCBSlyc6VmHBHq+y
+        r0ZWfbGjBciPXbDA2SXgrGN01txTkps4NP6rxaLIgJZpPtmYNhe1JCMvMJcLvVNe
+        wtChGFj2Hyn6eDkh/JKkvw0RZ9ktWUY448+DYuOpO+KtkO9kQZw0853opVivcmHT
+        CF/GWzcoSP18HIaCvYmdNyvsQDPgs5g9m5nXp+3AK6oUwmPAbUp4lR81CpxWFh/S
+        XAErwhIXCJFhsS2C47V4kjy/5wGi6LrcquNGTtYxbVIRzZv+LyCSXNeRHbxlbniD
+        fUD0Rjr6EDxEe9Apsz01Ko92GRxs3ihRtUBwyNHqJxX6nqX2icpDsEsY8U5o
+        =t63I
+        -----END PGP MESSAGE-----
+      fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+    - created_at: "2026-02-17T22:22:04Z"
+      enc: |-
+        -----BEGIN PGP MESSAGE-----
+
+        hF4DQrf1tCqiJxoSAQdAU9KcQp4hcBjhmB52+zjDjkNyrzF+vj4B+yWYAwj6dnIw
+        xp2nTCQJHck8AJgvQbnm79kMvDjWmZ+BKga5Djudq9y0h8pedsWA7F3SC/Pd2bsA
+        0lwBmJgvzUo9+lkCVVByyfPOPYgvd3SYFFTvLrYLiuHsoYLsLBKMtURqeDwSGCRJ
+        eqbE5Ebio0ag+tKKKLtfnvfTZKuyB7kDOu0hdbhQ6+bNHL+Q76c++z1zZl5MTA==
+        =5Gin
+        -----END PGP MESSAGE-----
+      fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0

config/hosts/yate/service.nix

@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  systemd.services.yate = {
-    enable = true;
-    description = "Yate telehony engine";
-    unitConfig = {
-      Type = "simple";
-      After="network.target";
-    };
-    serviceConfig = {
-      ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do";
-      Type="simple";
-      Restart="always";
-      # ...
-    };
-    wantedBy = [ "default.target" ];
-    requiredBy = [ "network.target" ]; 
-    # ...
-  };
-}

config/hosts/yate/sops.nix

@@ -4,4 +4,4 @@
   sops = {
     defaultSopsFile = ./secrets.yaml;
   };
-}
+}

config/hosts/yate/yate.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   environment.systemPackages = [
@@ -10,4 +10,69 @@
 
   # Just disable it for now.
   networking.firewall.enable = false;
+
+  users = {
+    users.yate = {
+      description = "yate service user";
+      group = "yate-config";
+      isNormalUser = true;
+    };
+
+    groups.yate-config = {
+      members = [ "colmema-deploy" "chaos" "root" "yate"];
+    };
+  };
+
+  environment.etc.yate = {
+    user = "yate";
+    group = "yate-config";
+    mode = "symlink";
+    source = "/var/lib/yate";
+  };
+
+  sops.secrets."git_clone_key" = {
+    mode = "0600";
+    owner = "yate";
+    group = "yate-config";
+    restartUnits = [ "yate.service" ];
+  };
+
+  systemd.services.yate = {
+    enable = true;
+    description = "Yate telehony engine";
+    unitConfig = {
+      After= "network-online.target";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
+      Type="simple";
+      Restart="always";
+      User="yate";
+      Group="yate-config";
+      StateDirectory = "yate";
+      StateDirectoryMode = "0775";
+    };
+    wantedBy = [ "default.target" ];
+    requires = [ "network-online.target" ];
+    preStart = ''
+      echo "\n" >> /run/secrets/git_clone_key
+      sleep 5
+      id
+      echo "$(stat -c '%U' /var/lib/yate/.git) owns /var/lib/yate/.git"
+      SSH_SUCCESS=1
+      ${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG  || SSH_SUCCESS=0
+      if [[ $SSH_SUCCESS = 1 && $(stat -c '%U' /var/lib/yate/.git) == *yate* ]]; then
+        rm -rf /var/lib/yate/*
+        rm -rf /var/lib/yate/.*
+        env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
+        ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory "/var/lib/yate"
+      fi
+    '';
+    reload= ''
+      id
+      ${pkgs.git}/bin/git config --global --add safe.directory /var/lib/yate
+      /usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
+      /usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/master
+    '';
+  };
 }

deployment_configuration.json

@@ -3,9 +3,6 @@
     "targetUser": "colmena-deploy"
   },
   "hosts": {
-    "netbox": {
-      "targetHostname": "netbox-intern.hamburg.ccc.de"
-    },
     "matrix": {
       "targetHostname": "matrix-intern.hamburg.ccc.de"
     },
@@ -18,23 +15,11 @@
     "forgejo-actions-runner": {
       "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de"
     },
-    "eh22-wiki": {
-      "targetHostname": "eh22-wiki-intern.hamburg.ccc.de"
-    },
-    "nix-box-june": {
-      "targetHostname": "nix-box-june-intern.hamburg.ccc.de"
-    },
-    "mjolnir": {
-      "targetHostname": "mjolnir-intern.hamburg.ccc.de"
-    },
     "woodpecker": {
       "targetHostname": "woodpecker-intern.hamburg.ccc.de"
     },
     "penpot": {
       "targetHostname": "penpot-intern.hamburg.ccc.de"
-    },
-    "hydra": {
-      "targetHostname": "hydra-intern.hamburg.ccc.de"
     }
   }
 }

flake.lock

@@ -1,92 +1,57 @@
 {
   "nodes": {
-    "nixlib": {
+    "authorizedKeysRepo": {
+      "flake": false,
       "locked": {
-        "lastModified": 1729386149,
-        "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
-        "type": "github"
+        "lastModified": 1761076425,
+        "narHash": "sha256-EMUF17MVENJoX8bmxvWLB0TUPhFqlq0szXT0M7mkwWU=",
+        "ref": "trunk",
+        "rev": "7d9c3a683a50d109ed8fd3f75d090d5403967f7f",
+        "revCount": 20,
+        "type": "git",
+        "url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys"
       },
       "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixos-generators": {
-      "inputs": {
-        "nixlib": "nixlib",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729472750,
-        "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
-        "owner": "nix-community",
-        "repo": "nixos-generators",
-        "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-generators",
-        "type": "github"
+        "ref": "trunk",
+        "type": "git",
+        "url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731133565,
-        "narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=",
+        "lastModified": 1768621446,
+        "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2",
+        "rev": "72ac591e737060deab2b86d6952babd1f896d7c5",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-24.05-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1730602179,
-        "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-24.05",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1731265036,
-        "narHash": "sha256-e5I+glVZwQvLT6WIeMFi0Mk+N/jkYauZ31ir2NRZcf8=",
+        "lastModified": 1768661221,
+        "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8aed22ecd71e5b67e5299efae8b9dc580dec711c",
+        "rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-unstable-small",
+        "ref": "nixpkgs-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "root": {
       "inputs": {
-        "nixos-generators": "nixos-generators",
+        "authorizedKeysRepo": "authorizedKeysRepo",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "sops-nix": "sops-nix"
@@ -96,15 +61,14 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
+        ]
       },
       "locked": {
-        "lastModified": 1731213149,
-        "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
+        "lastModified": 1768709255,
+        "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
+        "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,23 +1,19 @@
 {
   description = "CCCHH Nix Infrastructure";
 
-  nixConfig = {
-    allow-import-from-derivation = true;
-  };
-
   inputs = {
     # Use the NixOS small channels for nixpkgs.
     # https://nixos.org/manual/nixos/stable/#sec-upgrading
     # https://github.com/NixOS/nixpkgs
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
 
-    # Add nixos-generators as an input.
-    # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
-    nixos-generators = {
-      url = "github:nix-community/nixos-generators";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    # # Add nixos-generators as an input.
+    # # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
+    # nixos-generators = {
+    #   url = "github:nix-community/nixos-generators";
+    #   #inputs.nixpkgs.follows = "nixpkgs";
+    # };
 
     # Add sops-nix as an input for secret management.
     # See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
@@ -25,100 +21,108 @@
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    authorizedKeysRepo = {
+      url = "git+https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys?ref=trunk";
+      flake = false;
+    };
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
+  outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }:
     let
-      system = "x86_64-linux";
-      shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
-        shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
-          # See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
-          configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
-          buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
-        });
+      specialArgs = {
+        inherit authorizedKeysRepo;
       };
-      pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
+      system = "x86_64-linux";
+      pkgs-unstable = nixpkgs-unstable.legacyPackages."${system}";
     in
     {
+      nixosModules = {
+        common = ./config/common;
+        proxmox-vm = ./config/proxmox-vm;
+        prometheus-exporter = ./config/extra/prometheus-exporter.nix;
+      };
+      overlays = {
+        librespotFixOverlay = final: prev: {
+          librespot = (prev.librespot.override { withAvahi = true; }).overrideAttrs (finalAttrs: prevAttr: rec {
+            # Build dev branch.
+            name = "${prevAttr.pname}-${version}";
+            version = "dev";
+            src = prev.fetchFromGitHub {
+              owner = "librespot-org";
+              repo = "librespot";
+              rev = "dev";
+              sha256 = "sha256-s9JpIbqXiVXMlhEuIuKio+rD1rM3kc7bAT0+8+5s35w=";
+            };
+            cargoDeps = final.rustPlatform.fetchCargoVendor {
+              inherit src;
+              hash = "sha256-Lujz2revTAok9B0hzdl8NVQ5XMRY9ACJzoQHIkIgKMg=";
+            };
+            # Fix librespot failing with "Unable to load audio item: Error { kind: Unavailable, error: StatusCode(500) }".
+            patches = (prevAttr.patches or []) ++ [
+              ./patches/librespot_PR1528_conflicts_resolved.patch
+            ];
+          });
+        };
+      };
       nixosConfigurations = {
         audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
-            { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             ./config/hosts/audio-hauptraum-kueche
           ];
         };
 
         audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
-            { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             ./config/hosts/audio-hauptraum-tafel
+            { nixpkgs.overlays = [ self.overlays.librespotFixOverlay ]; }
           ];
         };
 
         esphome = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             ./config/hosts/esphome
           ];
         };
 
-        public-reverse-proxy = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            ./config/hosts/public-reverse-proxy
-          ];
-        };
-
-        netbox = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
-            ./config/hosts/netbox
-          ];
-        };
-
         matrix = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
+            self.nixosModules.prometheus-exporter
             ./config/hosts/matrix
           ];
         };
 
         public-web-static = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
+            self.nixosModules.prometheus-exporter
             ./config/hosts/public-web-static
           ];
         };
 
         git = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
+            self.nixosModules.prometheus-exporter
             ./config/hosts/git
           ];
         };
@@ -126,146 +130,93 @@
         forgejo-actions-runner = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
+            self.nixosModules.prometheus-exporter
             ./config/hosts/forgejo-actions-runner
           ];
+          specialArgs = {
+            inherit authorizedKeysRepo;
+          };
         };
 
         ptouch-print-server = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             ./config/hosts/ptouch-print-server
           ];
         };
 
-        eh22-wiki = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            ./config/extra/prometheus-exporter.nix
-            ./config/hosts/eh22-wiki
-          ];
-        };
-
-        nix-box-june = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            ./config/extra/prometheus-exporter.nix
-            ./config/hosts/nix-box-june
-          ];
-        };
-
         yate = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
+            sops-nix.nixosModules.sops
             ./config/hosts/yate
           ];
         };
 
         mqtt = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             ./config/hosts/mqtt
           ];
         };
 
-        mjolnir = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
-            ./config/hosts/mjolnir
-          ];
-        };
-
         woodpecker = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
+            self.nixosModules.prometheus-exporter
             ./config/hosts/woodpecker
           ];
-          specialArgs = {
-            inherit pkgs-unstable;
-          };
-        };
-
-        status = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            sops-nix.nixosModules.sops
-            ./config/hosts/status
-          ];
         };
 
         penpot = nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
           modules = [
-            ./config/common
-            ./config/proxmox-vm
+            self.nixosModules.common
+            self.nixosModules.proxmox-vm
             sops-nix.nixosModules.sops
-            ./config/extra/prometheus-exporter.nix
+            self.nixosModules.prometheus-exporter
             ./config/hosts/penpot
           ];
         };
-
-        hydra = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./config/common
-            ./config/proxmox-vm
-            ./config/extra/prometheus-exporter.nix
-            ./config/hosts/hydra
-          ];
-        };
       };
 
-      packages.x86_64-linux = {
-        proxmox-nixos-template = nixos-generators.nixosGenerate {
-          system = "x86_64-linux";
-          modules = [
-            ./config/nixos-generators/proxmox.nix
-            ./config/common
-            ./config/proxmox-vm
-          ];
-          format = "proxmox";
-        };
+      # packages.x86_64-linux = {
+      #   proxmox-nixos-template = nixos-generators.nixosGenerate {
+      #     inherit specialArgs;
+      #     system = "x86_64-linux";
+      #     modules = [
+      #       ./config/nixos-generators/proxmox.nix
+      #       self.nixosModules.common
+      #       self.nixosModules.proxmox-vm
+      #     ];
+      #     format = "proxmox";
+      #   };
 
-        proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
-          system = "x86_64-linux";
-          modules = [
-            ./config/nixos-generators/proxmox-chaosknoten.nix
-            ./config/proxmox-chaosknoten-additional-initial-config.nix
-            ./config/common
-            ./config/proxmox-vm
-          ];
-          format = "proxmox";
-        };
-      };
+      #   proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
+      #     inherit specialArgs;
+      #     system = "x86_64-linux";
+      #     modules = [
+      #       ./config/nixos-generators/proxmox-chaosknoten.nix
+      #       ./config/proxmox-chaosknoten-additional-initial-config.nix
+      #       self.nixosModules.common
+      #       self.nixosModules.proxmox-vm
+      #     ];
+      #     format = "proxmox";
+      #   };
+      # };
 
       formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
-
-      hydraJobs = {
-        inherit (self) packages;
-        nixosConfigurations = builtins.mapAttrs (name: value: value.config.system.build.toplevel) self.nixosConfigurations;
-      };
     };
 }

modules/services/audio/librespot.nix

@@ -19,11 +19,11 @@ in
       enable = true;
       description = "Spotify Connect Receiver Using librespot";
       unitConfig = {
-        Requires = [ "network-online.target" "pipewire.service" ];
-        After = [ "network-online.target" "pipewire.service" ];
+        Requires = [ "network-online.target" "pipewire.service" "avahi-daemon.service" ];
+        After = [ "network-online.target" "pipewire.service" "avahi-daemon.service" ];
       };
       serviceConfig = {
-        ExecStart = "${pkgs.librespot}/bin/librespot --name '${config.ccchh.services.audio.name}' --device-type speaker --bitrate 320 --enable-volume-normalisation --disable-audio-cache --disable-credential-cache";
+        ExecStart = "${pkgs.librespot}/bin/librespot --name '${config.ccchh.services.audio.name}' --device-type speaker --bitrate 320 --enable-volume-normalisation --disable-audio-cache --disable-credential-cache --zeroconf-backend avahi";
         User = "librespot";
         Group = "librespot";
       };

modules/services/audio/shairport-sync.nix

@@ -17,6 +17,7 @@ in
   config = mkIf cfg.enable {
     services.shairport-sync = {
       enable = true;
+      package = pkgs.shairport-sync-airplay2;
       arguments = "-o pw -v";
     };
 

patches/librespot_PR1528_conflicts_resolved.patch

@@ -0,0 +1,223 @@
+From c4c968e594edcfce231682db5563f7186da7c6f0 Mon Sep 17 00:00:00 2001
+From: Timon de Groot <tdegroot96@gmail.com>
+Date: Thu, 7 Aug 2025 12:22:56 +0200
+Subject: [PATCH 1/5] spclient: Specify base url for metadata requests
+
+This fixes #1527
+---
+ core/src/spclient.rs | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/core/src/spclient.rs b/core/src/spclient.rs
+index 87a6098..56c4287 100644
+--- a/core/src/spclient.rs
++++ b/core/src/spclient.rs
+@@ -55,6 +55,7 @@ const CONNECTION_ID: HeaderName = HeaderName::from_static("x-spotify-connection-
+ const NO_METRICS_AND_SALT: RequestOptions = RequestOptions {
+     metrics: false,
+     salt: false,
++    base_url: None,
+ };
+ 
+ #[derive(Debug, Error)]
+@@ -86,6 +87,7 @@ impl Default for RequestStrategy {
+ pub struct RequestOptions {
+     metrics: bool,
+     salt: bool,
++    base_url: Option<String>,
+ }
+ 
+ impl Default for RequestOptions {
+@@ -93,6 +95,7 @@ impl Default for RequestOptions {
+         Self {
+             metrics: true,
+             salt: true,
++            base_url: None,
+         }
+     }
+ }
+@@ -449,7 +452,10 @@ impl SpClient {
+ 
+             // Reconnection logic: retrieve the endpoint every iteration, so we can try
+             // another access point when we are experiencing network issues (see below).
+-            let mut url = self.base_url().await?;
++            let mut url = match &options.base_url {
++                Some(base_url) => base_url.clone(),
++                None => self.base_url().await?,
++            };
+             url.push_str(endpoint);
+ 
+             // Add metrics. There is also an optional `partner` key with a value like
+@@ -566,7 +572,12 @@ impl SpClient {
+ 
+     pub async fn get_metadata(&self, scope: &str, id: &SpotifyId) -> SpClientResult {
+         let endpoint = format!("/metadata/4/{}/{}", scope, id.to_base16()?);
+-        self.request(&Method::GET, &endpoint, None, None).await
++        let options = RequestOptions {
++            base_url: Some(String::from("https://spclient.wg.spotify.com")),
++            ..Default::default()
++        };
++        self.request_with_options(&Method::GET, &endpoint, None, None, &options)
++            .await
+     }
+ 
+     pub async fn get_track_metadata(&self, track_id: &SpotifyId) -> SpClientResult {
+-- 
+2.49.0
+
+
+From 2b72f3fbdf6519321feeaaecc1ea6e1bb042074e Mon Sep 17 00:00:00 2001
+From: Timon de Groot <tdegroot96@gmail.com>
+Date: Thu, 7 Aug 2025 13:51:55 +0200
+Subject: [PATCH 2/5] spclient: Change RequestOptions to &str
+
+This will allocate less strings and makes it possible to have const
+request option values.
+
+Also document why the metadata base url workaround is needed.
+---
+ core/src/spclient.rs | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/core/src/spclient.rs b/core/src/spclient.rs
+index 56c4287..11bcef4 100644
+--- a/core/src/spclient.rs
++++ b/core/src/spclient.rs
+@@ -87,7 +87,7 @@ impl Default for RequestStrategy {
+ pub struct RequestOptions {
+     metrics: bool,
+     salt: bool,
+-    base_url: Option<String>,
++    base_url: Option<&'static str>,
+ }
+ 
+ impl Default for RequestOptions {
+@@ -453,7 +453,7 @@ impl SpClient {
+             // Reconnection logic: retrieve the endpoint every iteration, so we can try
+             // another access point when we are experiencing network issues (see below).
+             let mut url = match &options.base_url {
+-                Some(base_url) => base_url.clone(),
++                Some(base_url) => base_url.to_owned().to_string(),
+                 None => self.base_url().await?,
+             };
+             url.push_str(endpoint);
+@@ -572,8 +572,11 @@ impl SpClient {
+ 
+     pub async fn get_metadata(&self, scope: &str, id: &SpotifyId) -> SpClientResult {
+         let endpoint = format!("/metadata/4/{}/{}", scope, id.to_base16()?);
++        // For unknown reasons, metadata requests must now be sent through spclient.wg.spotify.com.
++        // Otherwise, the API will respond with 500 Internal Server Error responses.
++        // Context: https://github.com/librespot-org/librespot/issues/1527
+         let options = RequestOptions {
+-            base_url: Some(String::from("https://spclient.wg.spotify.com")),
++            base_url: Some("https://spclient.wg.spotify.com"),
+             ..Default::default()
+         };
+         self.request_with_options(&Method::GET, &endpoint, None, None, &options)
+-- 
+2.49.0
+
+
+From 73ed5c50849bb660834cd0d7aaa7110c01397055 Mon Sep 17 00:00:00 2001
+From: Timon de Groot <tdegroot96@gmail.com>
+Date: Sat, 9 Aug 2025 09:28:51 +0200
+Subject: [PATCH 3/5] spclient: Make const request options for get_metadata
+
+---
+ core/src/spclient.rs | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/core/src/spclient.rs b/core/src/spclient.rs
+index 11bcef4..cbcf092 100644
+--- a/core/src/spclient.rs
++++ b/core/src/spclient.rs
+@@ -58,6 +58,12 @@ const NO_METRICS_AND_SALT: RequestOptions = RequestOptions {
+     base_url: None,
+ };
+ 
++const SPCLIENT_FALLBACK_ENDPOINT: RequestOptions = RequestOptions {
++    metrics: true,
++    salt: true,
++    base_url: Some("https://spclient.wg.spotify.com"),
++};
++
+ #[derive(Debug, Error)]
+ pub enum SpClientError {
+     #[error("missing attribute {0}")]
+@@ -575,12 +581,14 @@ impl SpClient {
+         // For unknown reasons, metadata requests must now be sent through spclient.wg.spotify.com.
+         // Otherwise, the API will respond with 500 Internal Server Error responses.
+         // Context: https://github.com/librespot-org/librespot/issues/1527
+-        let options = RequestOptions {
+-            base_url: Some("https://spclient.wg.spotify.com"),
+-            ..Default::default()
+-        };
+-        self.request_with_options(&Method::GET, &endpoint, None, None, &options)
+-            .await
++        self.request_with_options(
++            &Method::GET,
++            &endpoint,
++            None,
++            None,
++            &SPCLIENT_FALLBACK_ENDPOINT,
++        )
++        .await
+     }
+ 
+     pub async fn get_track_metadata(&self, track_id: &SpotifyId) -> SpClientResult {
+-- 
+2.49.0
+
+
+From 6adca21fdf64bd8026a2d6df04c42dd2b1239358 Mon Sep 17 00:00:00 2001
+From: Timon de Groot <tdegroot96@gmail.com>
+Date: Sat, 9 Aug 2025 09:40:20 +0200
+Subject: [PATCH 4/5] spclient: Simplify base url init
+
+---
+ core/src/spclient.rs | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/core/src/spclient.rs b/core/src/spclient.rs
+index cbcf092..272975d 100644
+--- a/core/src/spclient.rs
++++ b/core/src/spclient.rs
+@@ -458,8 +458,8 @@ impl SpClient {
+ 
+             // Reconnection logic: retrieve the endpoint every iteration, so we can try
+             // another access point when we are experiencing network issues (see below).
+-            let mut url = match &options.base_url {
+-                Some(base_url) => base_url.to_owned().to_string(),
++            let mut url = match options.base_url {
++                Some(base_url) => base_url.to_string(),
+                 None => self.base_url().await?,
+             };
+             url.push_str(endpoint);
+-- 
+2.49.0
+
+
+From 0b5b1eb6c73a9291057b3856939f416113fdd8bb Mon Sep 17 00:00:00 2001
+From: Timon de Groot <tdegroot96@gmail.com>
+Date: Sat, 9 Aug 2025 10:14:02 +0200
+Subject: [PATCH 5/5] Update CHANGELOG.md
+
+---
+ CHANGELOG.md | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 560de2b..b62e9f8 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -51,6 +51,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
+ - [connect] Correctly apply playing/paused state when transferring playback
+ - [player] Saturate invalid seek positions to track duration
+ - [audio] Fall back to other URLs in case of a failure when downloading from CDN
++- [core] Metadata requests failing with 500 Internal Server Error
+ 
+ ### Deprecated
+ 
+-- 
+2.49.0
+