feat(sops): add certs to sops-nix

5 files changed, 28 insertions, 35 deletions

diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix
index 3fba5c8..695850d 100644
--- a/modules/nixos/server/nextcloud/default.nix
+++ b/modules/nixos/server/nextcloud/default.nix
@@ -56,11 +56,11 @@ in
       phpOptions."opcache.interned_strings_buffer" = "64";
     };
 
-    services.nginx.virtualHosts = mkIf ((config.nx.server.nginx or { }).enable or false) {
+    services.nginx.virtualHosts = {
       "cloud.schererleander.de" = {
         forceSSL = true;
-        sslCertificate = config.nx.server.nginx.sslCertificate;
-        sslCertificateKey = config.nx.server.nginx.sslCertificateKey;
+        sslCertificate = config.sops.secrets."cert_fullchain".path;
+        sslCertificateKey = config.sops.secrets."cert_private".path;
       };
     };
 
diff --git a/modules/nixos/server/nginx/default.nix b/modules/nixos/server/nginx/default.nix
index cf97109..d960d33 100644
--- a/modules/nixos/server/nginx/default.nix
+++ b/modules/nixos/server/nginx/default.nix
@@ -6,8 +6,6 @@
 let
   inherit (lib)
     mkEnableOption
-    mkOption
-    types
     mkIf
     ;
   cfg = config.nx.server.nginx;
@@ -17,21 +15,6 @@ in
     enable = mkEnableOption "nginx reverse proxy" // {
       default = true;
     };
-    hostName = mkOption {
-      description = "url of server";
-      type = types.str;
-      default = "schererleander.de";
-    };
-    sslCertificate = mkOption {
-      description = "ssl certificate to use";
-      type = types.nullOr types.str;
-      default = "/etc/ssl/${cfg.hostName}/fullchain.pem";
-    };
-    sslCertificateKey = mkOption {
-      description = "ssl certificate key to use";
-      type = types.nullOr types.str;
-      default = "/etc/ssl/${cfg.hostName}/privkey.key";
-    };
   };
   config = mkIf cfg.enable {
     services.nginx = {
diff --git a/modules/nixos/server/site/default.nix b/modules/nixos/server/site/default.nix
index be603c6..c1d472b 100644
--- a/modules/nixos/server/site/default.nix
+++ b/modules/nixos/server/site/default.nix
@@ -21,8 +21,8 @@ in
     services.site = {
       enable = true;
       domain = "schererleander.de";
-      sslCertificate = "/etc/ssl/schererleander.de/fullchain.pem";
-      sslCertificateKey = "/etc/ssl/schererleander.de/privkey.key";
+      sslCertificate = config.sops.secrets."cert_fullchain".path;
+      sslCertificateKey = config.sops.secrets."cert_private".path;
     };
   };
 }
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
index 03d1bc6..682596b 100644
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -29,6 +29,14 @@
         owner = "root";
         mode = "0600";
       };
+      "cert_fullchain" = {
+        owner = "nginx";
+        group = "nginx";
+      };
+      "cert_private" = {
+        owner = "nginx";
+        group = "nginx";
+      };
     };
   };
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index ef5d9d8..bf55b89 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,21 +1,23 @@
-borg_repo: ENC[AES256_GCM,data:+8MKQ8KKkEFbN56C2eiSVULnZHlSQfWEq2J3WrRdM/rLkrV1EebBAFqZfeOeBpfm,iv:u6nDMDiaDcJ1nAwQhxSFCvQF0/8jUArUAMMeP4Ce/Kc=,tag:lYpjvbBmLABqQiw2ntzdDQ==,type:str]
-borgbase_ssh_key: ENC[AES256_GCM,data:+ovWQxScrxvNQPYJ7LC3pp4TWiC/dgyNMKu0GTSB22jLSfHIa2ezixfqOPzsftvey6K2zzcVM1/4mo0CUllsUSqos7RxW2FB3j6RrVhfLWqu8x5cku0qD8Avevd2F0isGC464dpF7QnF5RREmKzuOhxFHOtBjtLkCtX5tMM3F2yebnHSTW23LzG8QtbvFoyy1pgETWV4v6c7D5/kal4CZC5hGVsw7fDA4KojdCMn7g5zS1Qrja0ZujEcDL8EuMc486kuKbhQigLVgLtd2YlXQdWFaTsszdjDNC4nhjXQTGao4aXm4N/8YRFEOTYPED5iH7zu29fCW/kZqswHhJdlGQ5TrmZu2rKOD7A1rKXA96DZvyCiclsJVtoUAznMYv/nrAy2K5xfAuAf5bNAnqIIXiSfk+RNWmIj0yVw8NsKn8nNTgXe8CQGOJPrqZYfAtmOpOddsR/2KGMXuHOfBDcFHgtZw+libIw/t6QDy/kFkT0Wt06OmD12TP2UGwyJJXsl+VAfSZcfwzeaUYCIrsy4g/fQVcywNDQ6I5kd,iv:8ERX2w9nffF/JIB6JzY2UgJ8NEuvElBkpKm/R5WRa6w=,tag:TJbuqYzi9JsV8Iujwh5G+w==,type:str]
-nextcloud-admin-pass: ENC[AES256_GCM,data:82mMUrB8dzkEN5hwCZAlnAf0ao0=,iv:0G7hGeOlv4pI8lLoCh+6C+iznNaWw6byNqWlEE3Bsy8=,tag:77X3zTJ6mZ6UT+4AnUEuOA==,type:str]
-ssh_github_key: ENC[AES256_GCM,data:JRuUR/VJFKbDJCKovdb1aZDqjfbRbcxdu14QNbC8jco7YGF1hktB9F9J+XNCvnfvoTMRFo3GY5t8SodeTkxedUpGUQhVgMLQ29T2t45wclYQm1Xxr7Fo520nUgCW9gzerU5aBt1asaJkOktd7orluUGErGMjl12u4Fwi9ux/mMC/+2sUmbbxuub1amnA4R+1wpfcF1emC2xSg6hhGbdS6Ke9CqGgXNraXxrfsp8Z/orzxHC8CmAx48cKvLUZmhNCV4zy5gX0rvRZ6v82WlHmpVqnqD2MP8DVQQ9fR7G3li0wlSlK7z4A8q5fcwcbPN4YWn9h62PbOGNNlX+pL/lOeXq+w0x0bqbyQbi7JlPUNpeW/t6Ao+JMAMUhHLYoGRUCblXoSnw5jJpZHfpbJs0tPGYOx2uCV17EVIbH+phq0Rxdh1rnfqxsGlnpHpfcHTyZzKbhNlcgJyseSC6SfQX7FNEVfud+4ylRAVRJ1hRahbqwRfCvin4ILM8xXMgWC4XAM7cUA7C8R9TAHtXBTXGZc3LNMlL7HAmY107WQcFnUlL9Kq8=,iv:mfs3HAefsG2q3wAjsmspyDKyiiG7TXu13Zav1jDWAjc=,tag:KSt5lCMQJPk3AYqUTvoo3w==,type:str]
-ssh_jonsbo_key: ENC[AES256_GCM,data:c4KiQMqAny8og81vcKV1hNjsUksObjz+wEZvrkYTovZJpxLmvBn6R3IDjsYMZThbyC6IC62AewY+AiJQ4tF+yH7lTQpqs41OUsXcZTcND39kUfJjWoC0NiI4XarkgFLjz6cVxpQFYZcHmS4kCUamvEGiKkz69oATFFO0R8eDlpsl+Fu7KsTT+LGkLrcRumdXUhs+VoQYANMeEAPkNQTz4YeK2B2sGeWJoiIDXbO3UvjEY8nTxv8ydp1x8Hnwp3DQQXfxx/D3m8Hz8z1Aq6gwz3axHWxMe/wuvFnleTY1i/GSZuyHJ7NgDB1+yeh2s/hnQ1fr9TkJCCylgH3hP/JG+sPnb1HXBArVphyQbnHYQQSIQ8qVr3KxWnm4kh+psVu0Dsd6RoMoPbeYpN890OfYjnuZNT2fKXl66+PL4yod0v5UC6h8H2rIijFLddIRS95BZAZprT0TBb9CCaBji9umeOAb+h2+e+a1/EL+poxmBIYIocNfvsN270ztOSV3ozj6O0bme8VM0Upz4EOYJjkhhw3cUejYXMlQascg5is1gHF/R4i7SuY0HAvO88Lrqi+VT4QeUsG9A6JnefMk,iv:W+Sk8kk9iHls1it1acoNVQcV61UmB1/AESk2Yd3KB28=,tag:zI57i3wPTVy2o7Tt+NKWnQ==,type:str]
-ssh_sachiel_key: ENC[AES256_GCM,data:sUkVvsPVXBxyAkiPVBT4TzBlySzBy0IrSAN68OPz4+yFoCPyuN+uQqygKXrYrfeAyeVFnMsw+65inWuxtjh1pwW1anLvadva8+RmfTrThTQd3D4iUyo2Psy98hGDQuoBYMAyEL9pUxHaln0kis6j94c0G6DvJRc/MPllUtffkmVnoZbjMKGCyJj7kh3eYPUoFYGTsIevhuQshppd0e4DZV4IcNKIEsUq0J4U7xdYLAXAuAoNoBUs91jceSEV/MCFs5fSmgJaf+krS+mqPsSOTZKKZfmzMHcAiS+PVvTECG653/WDSAWmeBPwu0ymBX8zvBQ5klDH1yYo9vjHoq5ZKjwD1Qr1XXQy04AQrvW5QtHfTvRHx+LyOYo3T3a+nXLUIAVBykNbvsLBDxlnd3sXb7yfMCc/GIpCj4acGy9lkM6Y7NHCVBZDX3QHZbupU51jnBOODQF9+TPstL5mxdxC0jwDBgdO7FTFZgnTatC9+WV6kgiNMN5HQAE21TgEWiKG4m5yf+mJlapulzC936K0P2ec89Y5YCN6Ki3LufHGuZivcrKx57x3UYMQqH2fqy3kz0fNjhzFVJvlMIwS,iv:wxVf/T1PWz5pkWB8EtpaDM1UUJ2wvkBDKNmWCRo1ziE=,tag:Sk4+T6SAlFRAdfRq39EpRw==,type:str]
+borg_repo: ENC[AES256_GCM,data:b270WmC/oTkNGfb2CEFUN4PisCzv0f1ClLZiX3BxKDby2Mui8DoeuhRLr641Fj0p,iv:sj6BSyLGkQcox7AYQHqStB9fe690ODfLtpmkotku4qY=,tag:pTAHUYr88ynXU7eTl3/xmg==,type:str]
+borgbase_ssh_key: ENC[AES256_GCM,data:pol6aIUYCdAKif6fP5eRHFpEDwstgFJkMe5/QbwR3WTjt1JYkKCtEo+/MZLaCemwkcu6XA1v6S9Ldu1reJaFoQiTlE6WloxOguDdVAxN9iz4zTzT/3BsyMEOQLMCvQYBgk7fnzfpjDQfIRT6gnUuNPxbrPgjkuiSVKBFBhU09kvU3BKGtdS9yBJUgiAfjdCOZTz1Bvvs6w3X9MpCjmFjIA7Jo0+ocKFVt2qMPE4MoaIrYF9WcEHqnDK8AcnSaGH0ZKilXgFquOBTJ1FAFc7iYN3dknisyEh5zC9q9a7E/ZrLkcBRYOI/ttifyiEvrQfalW8iArvPPA5Z1dgmwccKoaZnBjEOXzNChvpHTILQbaXh8kBoq8dUbAlMVvZzPLa8zUmHYd54rBbXvLAZUAasSNBfx7P8oqfrRzfyUS4skkn+0rCIjx0nzSgW3Qz1iZp/YBASIuFsqAxcT+7k2Ng+LuOuIk/ndHyGYc1OYxbjpenQpfZXlJjAQ8ZhdA34XOxT6pRyiGiRd7rN6Uj+32s/hs8HSGwbh3Px8kUD,iv:U34aPbYbjNryaxJj3S2ZbpO0sdPtqd1qxWI+E359+N0=,tag:AtKiBge0crs/Y6XwfDBbLw==,type:str]
+nextcloud-admin-pass: ENC[AES256_GCM,data:gGANNnn8E/Hb0VwtKOm0tAP3XkE=,iv:gzMuai8ERd78ScdXspUb6JWciMuIdQa3XTTVlLMrWdE=,tag:zTiD2WViJkFNb43ZtBSp6g==,type:str]
+ssh_github_key: ENC[AES256_GCM,data:iybFHFsHp480YGXO9W+4mP8ItMQg+alhuR9jivFdZ8ObNwXPTwpEK7BtLeRYetym9O+5F2qgXYurr8OiqlRLQqdXtQ6n4KkHL5osVgObiJ8e5eOq09VjU3fxDPaEQ1kIi/EduXowShG8zO36/v5iyswAiexcVGvUBNCpJ5jqqwwJoqle/eXLlxmcQWEadqMpq5z7IVEIBqN0lQs4Dj9XX3vWeCoIoLLJw2z0+7hy6lgWc6cMF8JGJrxN6GsHRtQHXj2QfckQieci2O0QSeGBo4XwNBsznl7NTZ21PHkwvaEEeINpT9kfQLr4T/3j27pyhr93GcpjT766rqgqTXfaoOelKE64hUL+UTnep+ASzQqBF1u0H7gnCr9cqhJLIyRtxD05l8xkueqHfDzoSIcWgqjgWuIaEXnzqgEJLE3o/0tOs5bvNhYP8qLRlUkd5gRHtIZ1iQSXxrvdpbMiQxcYI6GcoLVwORXQ7gJ/iyu7wLulT8aeJNEOn88kpFykrOq9W+7eYkv17nKtiIk0aMubfZLymgTXO6lHDlABwpQvRGXBJZM=,iv:6qRheni9rUgnKjbwsFu8UnnLmjQh0h7T3cwUtH2Zyaw=,tag:E+rdkdVxmfk2B5VqsWEdLw==,type:str]
+ssh_jonsbo_key: ENC[AES256_GCM,data:U6M+7984sLz1xrgPFGXy3rZx2ryyLnoC/JvtwEcB3jHP4sTPq3doEkSJdt7Vdw1Mm0KCCJnvK8GEMt0u06bIchjOct4ACccyBqSqysrDe2npj6XXiYrknMjS+zpjUqxfiAzT55d/uRO4kQUWv5x/UOP8TGm86K70lZmaHmYjvHFLg7MP+OaWHpB7zGYUvtwua9oe9CSEKsUSXM/dKDtTUxglExkP5KXRaWpt+rzISACQ6Za+BE3sUixuHYmmSI7I8oNJA2dQt2ghurxS7yuWVIICohJYyvWrg/Ph+x2hHnnAm9zObChQjJ5ThFDFEF8AE9Bj+k0N76waL5lldhMtyDPYVWGomBXbdqJh0Mi2aTJFtEZoYeZmIwS2Isu5Gu6t/CrS8g7OTYWjHvk+24yaT7cEYol4tgXSjnCED2hoVFr36peESXljN0gYd2Pb05gDDleHFjEuHbjsXCBh7z6ZES835lMByOOEQv+IE9YnBtCRtvExzHb59b5xQKWj4HagolgHDkLFew65l5UX+ljkiiF2KIFtg+I3WrC+dA3AvrLxkJQNa6SKS/rvkM02+R9cU6Em0G/A2TZ1UP68,iv:a5xO6h49yZQoKc6tn9GVGZq8z/nh1v2q/WdSX61HpPw=,tag:qnoQXSWSqh0o1FGazh1ydA==,type:str]
+ssh_sachiel_key: ENC[AES256_GCM,data:xszs/ATHhLI+IvTKmbifPxVYNIYKTN70CP1V3ETHHXbg2vYhlZ/5Oo4hbxCXwg0j/5qSlBOwt63fnDPW5xmoUibuRGTFaKgvP/6yEfHb/8pK0v6RV2H9G8XkE6Z1NaZgrl+co9bKKxuMa8rAu/HSoXedibqcbNQ/8Jo5C4vaUqYlslPwJq0YQiPaWRVlbvdZ5DSDqgkbOPZgbIAUd5SDH3Bszt3vO2Mw2Els75C4nD1Ox8gtITaCXrFWLwVQzEvnw6j2qfQ3uehoVEXCcSYxmoQKbfCq1YGGWz/JfcdFxBa1T+dLXt+M3dDecNJ/p8LWgXKyV+WaYz9ONU1TaUhSup2Y+z3Bat3A3ea4E84B4h4jKt9z5gZiqG05ypfOmj9GDJwB3upF1CptOhBjKBtlFxrQY11ysR6hc0Piv1COjEmQvZAtaxuBjNOFIb8FpKjqJfTVJfz+N/Bo4dnSc7blAgx5T+ITOJMNNoU/T0CHhAZTSpn3mjXVFp6M5UzlbqA9HiUpDbL8gr8VAreUVRz4H569qeq9jtAafyikNV4MLjhs+g4td1QRzu10JZvrkmh9rMxXLD7bukTcAzbc,iv:IrYXFEZCDMCBCvnvTAPh6FT1z/wn2oy0IVZDZaKJ/z8=,tag:70gcECtTR0Uifv+PINbm0g==,type:str]
+cert_fullchain: ENC[AES256_GCM,data:ALUOUiX3xGuAkBhWGSnsUrrLbE/xtfR+nMhhpVrv0f9MZWFUwmNghOmnGvrHlyGV+tyK9ArOMbEKJsZa5VJhCFUUpycjim8XLaBQZygcf2mJ3fKIjPA262NNBpXI6i+sxKm+OD8quHgUBFgTZ3IDgIrHVcgUJccM+5VzW/6XGtSxUBu9fvfPxHEf0+s1Xp1tEUC95QASjCI0whRRk2gq0BeOl10UDQq8rlfG9QFO+sBLYgX0+gPzlohXh8UkVDEwS6k1dahibXkZol8g5MN9UCAolq3ezF+iyLo4l9FIxayuL4+ahXd67yc4O97u96vE+BGpY6Nk4ekbNh48RHdq3FI7gBpxOEwUd+VwrZG4tjZ+vNRNBmno8fsh0SWFKQqR+ALnu/C+IY/XDTibSnnrhtI3VqrtslUXF/87UDUipq+lZyWAgiFBtIDFwLHfsLBd6Gb92KH3k+j7zGmKQOl173GgVEJgLaej6/HVQVynpID+Ess4st2HNxGIrgW2x4YKztII8lB9ii9kynNRKNjqLUGKbhip5fTfcJfAfI+iNZkgYXvpZHMku2aq04SRmNCk0YoVAtC/9DLcsRBJfIF1T35SBHrKGeiFgaKlWZ8xjYrMgnsfgvSaL0nXMcExz7W3V6gcu+Xn/ozDX9eRrKsD8+/8ytTxZcPPtvbxaw7wCk69gerp1fXBmidnr/V3mi2oqlwphfWHrULrCkbYD6t0CDUeJxm7qWuuNsHX3HZwiBxtpGxifMpdYOQQg0T3EO59pplfdh+jJoCSR/MVX5aWnaZARVjYICDfFnYRvJo3CCwdEBBjGWx70laNqJC1jPoEog0wew+PpB9bliy7avAmvsWubA/rppfQOFPJXFwtZc3qcD06N+I7De7MGAYu+fVXvspLwdndnyLaDo/+8OHcs3zPMzbeuJ7F4Mo1HiltV+rTaQsK4IPMne6KDLgEbXq2dcl9bgs74EfQc9Qx2OkbnhH4ZR5ggJecK/Ym2jdiBiPQuEQmYdwWX55cHBnUwLruH6acNTa+LNIhrbSmJNpR63qY+Tt6izChdl0wIvfCKTtRKUG+CFT99LVLDWHvKQhqfW7lGx4S1zyyHBv+1Yp4mHgi/X14eohpGp3jlAJ+OTthi2PfC7QOrCP4SO4PdvGh5DWAIeXCGe70k3OcIWk5hv+jEnRk886+eC32nGUHeUimwGVqhOt5qBIOTA6atQurYR/Lbi2eDzgisiIaEx11hNVh5i6QcWtwk45umQOoWgyZDoyY2gLZ/N9W44Ab6GDP6jvapLr4XPG+M+a6n4bHfOQL/D3Yh7HHx2l7eV3vXAgGepgle65F6LiUPIW1z1ZX2MuFowxMvMoaCc2OxggTQk4FjyZ5DhcjbvHT4CGsgi6Ktd3ViopnB/QWrr0lAPGDt/a7L1HMR23jeM0SDQG/WWqDkiivA1OhaAp3CtL4UiHnSqXB8SCsXufWsUfSwYF9JZZ8CMqEyLoU6dZcBiJ08ypA3cKBKrdH1y3F6ptckdoQUwsktt44k3d6hNeYSyyQ5fmkYYcqILHtv8xceIGiAe1bqXyrBxO17O6ViRmzKMuJUPJ44BjDLQtlZFPWwxZ0HI6ONKctMGX0YCF3fJ8uyRt4ROzk+ngiOSlWPSP9aJEDHuHyikCxOaahzBOJtS9hS9B2Qv+nv13wDE9KeNrxJMpg+WWcto7PAcXa4EYFh7nlh3Y03RbM2yU63eVZoAOVY6qc8QvFpnCJI5m3Of4BPmc6xVt/snNtzONt5EmF9dkYMnrhtHsV7nLMGBZKGwjn76pNu7gu4Ns3TyMvrlsOXv0AdUReWf+KR51mkuebU476GPJwniBLCXsYppEnKyD75h6Gzt2RfKpz78/vPNJIYc3Mh+qesvupsTkP713AYwP6k4+YKkLOYUw5fsFlosS9cS4PDgo8BG3wC1mW5GbwzXQFJC4dbFSxx06kY5Js0s09otneuQJevmwBQ7B136Oj3IIDYq3s3NyH6OabXtMsuowUvV7Z4kxvJ40eqMFf+tCfWNnlqaU2Y2iAWmijzPQHjpg4hnTPElNZIz9xosJBveFogrVCden7b9zF2LzD41lkwE57FrqClMkiWYMagCl4DznXS5L+tO/LIdfRnk9R8brDMGA8kDR15LtTu3K6uaKEH3COkAQfoKPuQG8ym5ZaUUGGpyi7dB/ZFaJ+nID2CD7FWO6xZW4nlK8dk3D4+5ReG0EnxMe4hOXJ/RqOzNij1xBArpwG2a9yK4FK43F2BqXq1ew9qHRXkv7lsxKvJUIjkn+DehUpeXPX3I2tdQX8rCC8fmHYixu6cj9sx2IfIJN51dwSwpDHUWb+gEQVNr+M5xzBcKS+fBAaHdkZhEAgJdWWKx3NoC19ZN7qZhRaVAKYPCW8RofeSGffaMEeqvvBpwtdlIAlods7VGIKVu3zo/yTEcIEu0SkZleb3TWHP7zpkdntt57zENSFhOa3HfvW6W4bbYp0yMstTE2CjL9mHQNrwiA0mVlv/JJZvn4db9pqb/UeEsWDmG1lg5VA5+5/qkUKdc1vX5hbp9tB94eJSuUwNuM0VTW46/Rpn4gIkrmV4kzWEQMVcbZStT6v58RodicQMtQodr619wT3bw0we0HTTSZAzXPO8y13BxxiSTlD0rIMrrB8KwGyg4FNfswZwlnKzlh4xRwoY1kkoJXrZ+kK61rsBjt9cZQZ1x20xxSBG3hS4EJmGxN9ZMUs3xGTi/T82s7F6L0BpDRNy2bY5/Jko5bZQ11HLeM2B6giFeodwa6UDIr6c9BusQXA1/baEJvOAo/ASSOaQt/z3ua4zJugTTrYeDdLCjUhmfDCJOtTcxlNW7jNwCpRQHBa9lhEcTCeSOpyUaKXSrzXBuhLjFDOkSDoE3rL/VqN0oLfje8FV5g+qIFkFrAjVBRiqwUKD3bgG/Uju1k93k4kMyvVWhoucZ/YPqLWORZX6pwZXOuGbwtOx8A37IwfAejwuCItOTFNO7v8o1MrYj4O5BLTae/DDkEQShL5cci1DgBH1npmJQjXwNlgqK5d1OVeDKOtyjzyY5r5mGMR+GVZenjlk2zD9K9Cp2f/nCptrb3Hvq43jOfIdWYRFWfYdDiXJsUYr9JV1OjBVGAgY6eCVv805M7DeGriAwpPTzjnwz8zscmLn76S7Tu0KZQgPpTZZMYvWzVyhhyU6w8/D5ZYhhbsdd0wFmA7jSvfqtfFUMUy9zEu24Qc1tLvRZqX63i4QPiZlVjmu9VBac8Ru6g8iPeaS1acLKKOaug9pkcteF0Iduij/jedKY2dkmw8CYKuhg7z3X8dBMpcDl80VDrPCW+8f2eBw8BgWeOhFX1h5whQzvSorvhNZmPDpZy/lWBZPLgU/ldTgAbXsMkaTBYpLf50Con9N2mTp/G+FqeKuFHLwLzjhjURq61nWX6kYDz6f+WTUXbnsNFiPsAOrfh3t/daxcZVq6rGZdmQVOBwOeKiSeNQF0nuharnrHKlylDVhux8/Yh9oKN6y3HVHVgP53aNQ7plT6kINkT022VIGcZLHHIP2YPKRqSvVnzSJnb1CQC8cK+BT1TyTlLJheLF6qGZls39IkMQ5+W9DVg/mThnicconmj80kLBpWIyOVmCYelFH5d8b97bEP3q0OxFfbeU0sVzqb3igPuKCaPG0CXwQKAwDEe73LW1h0wicbYKji9SqFAciOzHi87nS/C6W5bYZbAJ8S6LF5SC8g/dbAdRGEuicn3d379Tz+KLI6FqStqr4ZDyxkk55DjmfpizvPvpQ8iqkz4l+firEtOprMvranSM9Xi3hrxBR8qREIyziutVHdThaD8lk5M3gHo/pB2f2qS/hprWF7tXmE/WwNwqBQCkW9NAjqJIu64ZR5gxDqca19aecL965ttOcR1NDSwdQYyhLt+YHdvkNx0V3iYsNvMR+qNKC4IFGQE5Bqi63h4ce+bE692HbFH1Y0eqqDhIpmZPtSnz9vFoPyXLBTWxVg2rBkz6gjBjnMsLRjGCqiiCzSoi147pIHDiPsAkMWnJKgeaGGHKc+bShkIuJxiOL6X9OqjbCpqjOcRuDLIbVPhFm1v9EpPV4PjVaqB68brOZ74UeR2bv4R1NeyRQ0n0ZiTvTp0Boi/wqdLuvvmmJzOsyFCCF1QShMiODaVcOcA7jS5QnL/LChnjbDB3SM546lNuvKQS59KowgH2UKr35ptB4ibkG/5+lXdxkcrGmkcUr3IGUMeIqB4TNhK/6fV02Cae9jGoXxHpB7HPEgJtDPZPpMgkhOFpfuQL0C/LiU475TmLgFz+bO7nnqBg+NA1f5OrXaF3Y5mHamfZh//BhABbF2qkOv9xMjZg9eoOFsAZSDnwx9YQW5JRqpqeb++B02dcAn1R39I3LcY8RWko6JvGjNX3IenGUMYt4a9eZi5GfU4qehBAakLR/ltkackbJpC9e6BWKyluDx+9S6wrO4XimgtM/pUW9kIw/j0XiN91rGn4uf7aS/PwEusNtUV7rQk7x0BeLY6q0WUISu+E7MzE3BRs74I9Dx0O8yHjHXMqHxc1BrpUlsSudGXFl3P46uhq5EPX8O+bn9V4ijPBIYvF9SGDS6MI0/lSSfQGxOWMZiijnRjzzd08Q34+VmPGoi/YxAlQUO9fTcNv6z2VSejyjtMUqanumHtxzsHj1e1LiyyoUNbUMdAwOtScACPyym/bw/Vnyk4LD8n530VdZOfAlEYInr7lZmgPRq59zNnKMN9u4ut7aoZd2tDuZuo1hgVjSpPoEu/6WIE9U6cdrx2z9MBIP4vt7y6sY2xt0+3ZucARoMbJE+Wi44MQ1WXo4h0TiAx6zkevILkN9sd1Haw88c02W/SXtTYjPOhtq6gXKEyR7LDiZO3qYegESM5MRnZZZg3UK1dDaOG0oYfMXJGX+ddkQiOnTbtWPL6RhsJdY66pUsPz/ETGat9gaiJhIET/BOm4PPgBUAMAupBVFXvdNkiBBNKwMOT4kWuZg6Ytq3hdPUS53sS9kIoGOSEFXC/p01XQ52xZvmvrULT0faU/oxCArPZg2VJXG/3m2uRc4EFEsc6Q25Iq06fA3dzoQ0KFFcWL9E/16u3AwVgLNRQFA0+SslYcVH1X3h3NOT3i0AjwmXLz539Ih9MkYFnNW9UzIAwYl+6CDPdDLTlSefg/LmW+8uvOKayCFuew3CtHZhA+gnDWjBA4av5ayZslvMcJAmJDe/sBNBsFVqAcrIl2tlS94VutGycWrJPk4zbu+il2biuiqDOqkz3Aoi/yAs0KVw3zNyD2AY9e95Ar7CWqHuinuWzNj6lpIsoFvxSO4YcnOFEkANIfByAgVHgudCUhwSZuwE7KIFJcvjlO6SooGhVUdz2GSR3SWCdtOlkRnePG1sHKeMiKYS8KIKEsRm511rUZix8HUXf8XcwkZYLw9hxnYsUB+s1hlQJJ3yDqURykrJkDbJUUry+1N/SjfAgKwWie0XokA6MMyGNSGkrGjeeBYX5Iz2battK8OQ0Ekqj/YNBmAReTtcpGYlrgWvJ6lOHISLKyYHlsP2ZYustRV+4GD/GxcLCdkJdjdH0GWXCPdLPdvpSLXPhQI0Kex/EpNaJnqIkiOmBfn4OnHYIXpNslvKgH7k0mH9+6EGzS3xsJnDw4PJqXmVBButp8CM0wJES1SsIbizLfVpoNITDRCjWj0J2lk5BurNwTswOr7AGtqG3Odbdt+MkiQEqfFXxrFhVdidfbJnAaBqGLP6FFpav7RWrh1WCH15/RsEzlcdXpgkfaG80BAhHf2JJhd2jmDtwRS93xWE9fJzyJM/JP7vM0pdXzBSjWCCQa+CS8MQtr0yRPcrkc/WcFy/O5F8XJZSMykJkL4zY41f7x/RdHGlgLfANS+RVu9hD1LPwiUz61/UQHXVbvL8y10VQlbX2kLT2gz5PuBXKm2n2cu3aOVtZyqOOep0br5xwi0PkvYm2yD3BbL7XkPUhtJlQ73+gjdL2/+XrCRl/tuSKomKF0QygaDFv8BT3HbfBn3XARgUHfL5A9K0W5553//9aXhJ+b63yQUa/pefv6ypS9ye0clIBn9SJHxe6EtsjPiZcTbyM1EeoFgi3EHx12CONo15F0tcMGMonaAQJF0bNAaOSyT3r3W0mR1o+MNmNOVpXFmq4GnF/HeztmBIbsdQWfaLEgSKsApg1kBO+IoUtvPGPOdQKVrOslOG3BVXxHvKwApxe/4rPwTu1Es712lk97zxcJi7hG77zWduBSTeGz9NJexCV7lVF5ZevQaHijZiUaJdsES2PQexYs6jD2fXM9B5EvDF93Ds4w3eel/yRGIkLNyro8GVkwWk6AIdkg5P4q8RcfmenKiVXJ3GEjLbFC/eR5aJMGx+nER8f5uXMCNqWj/9I9wIqS4qtnp5kUyPRjTpHABLz1YuuGGsV5V7RuhPn+2/USi2lm39h29Bez6Aa+ebiogjVe9UnQD9fYEOPhzSbHzVkrB6Ua1fYd52t9OXqgeSE5KVWVut0QLZlbhIPF1My9WEyvcskCgGVaX5+rlx/G0BPKgqs5aXUeetNz/ODj5onm41HsVCOBdZt00SWib2uZU0e++wetQrm9XdHkdywK2ERV27+J5KWXeldkvkek/SSv1qY/MFQ+Qo+Lr0Xe5/aQ7SioEGNEY+hOftdqsJakAzuemjsCRkFsHHEVY4JkwxKoQMC8RxNaPV0h+sTsXI8SnWM0AWJKBUsSCZb9WdISGEphYjCrI2IxFQOOy2covzPovSW+EXTQrhBKltGadk8LDO3RzvWlGIOtrIbTNDGgN5VGQtwbEMjNgKpQ+wblcxU+giE9EmjUSu508ucZJvI60wvdAFeW0BsEzZoiKrkEwFANk2zzz2aCCxR7IwifmcYZFEPlkhvY++CzUVDocZvGzTCtNK1fwibzOWPgEp49uMgMHxbS43ixS5+VICf/cNZ2bzx+5iSm82UGH139CQ1aEJ2X85YIq031jYHnv0P3fsbRDj0BcEmemuJeGJBG5FU46X/nxjm7Wr9TT6C9H/WWhLQwo2P7HwbXK365BYiqHOyYh64Q3AJQrb8oEJDhzLT8GRtkVGRZ14iRBYnl2VlZDlg9QpRp27muKHst2uMMpgk/n+JJKRtD+TFurLfUvXNGXhJnKYs6WlV0rwX/AlMBA7JOIwied6BpKXPfOpn2xJbUA2AuT8zuz4rbmcSoyzTrZS96F3216RN+8fwQnIZg6+ql11v1beqeK/+PJnabvQhhpsWuP4vpLNLfZjVso2oJMtt+aJ8D9B7VKkwERRMOMMK9jF06PIMVVi4Lv36fFnYktWlrlbzj8Rt0470ozy3xWMdNt/rgWZKGwmkJrxTj0mzjs0RKofT9QWNFthHgl7s96Y8eqqa/dVPC55EETZpyQB/dWguTYVmDnTg/6R5MxXtIpqLBWcaswPkVLneBHt8IP6vw2Z75Kyx5kjC+YgwzAUaTtk4hKqUIXp4MBjgC+9+eCHAoifdMwJ91ua1QLorYmY76uxkpmKB2coa1a2XSWq4EDXbfeCSIg1iWgvskTMvrhYNmudYPlO3jYf1sQoNh/30n593MZhCxwmquxDT+1vgBpg5VrPmX/3JMM89Q1yvh5DtVCcqvsleGjmSR3xjvY6f+Q55RPXK74i6g8Q7BmC98HCU6fTlLkL5ZpjAQg9TNhsEQIVFbcjEMMt4O/B1P0zMe1lFu5McRrDA2gWzEHCn7kWHYfI4zcYc12lEhiNAFES0QkBuUnAOvSEIsPYO/JrwYR3QdQ2L84NJA89pUcJVyPpaaPzikiQWaxpnQSOYnOxotpJ6Cb+N3JJRhH7zUK2JXb0pA3y4rAP1qeUYP+eQY6YXqaw7wWqQLkayR0fV6IW20SoU1nIqgqS2eBVB7g3wGbNN+Y8W7lVlcYNkHtOuaRCHQB+F9k1D5Bm64sTK+3ilVxj2XQXjgAxoIAG9N1EFZd+6YXguQFNWpreKDuQOezbwFgmxL1f6FOu9GkL3dIEWm3+V1r/UrzIz3mTxG7zYvUxIw841iT4aq7g7a6nFT05SjFR2fYasz+er097xFcjKCjOw9klq2JF0ixOh0sQ2MWJCJgTz3WgeVgZ5eDX4yYy8NDvwkV1dk+hklbLIoDTczwJtwkLT0aowQKS45uovlfu+Q1GMQnCRKy0IHoBgruUDJgDfMP4ELipztns0Tuy0nTmRnoeJVih++wApsi8jJCttyeEjolCX9E5Ai2HqC4x8Tt6IhJbJR5pqnwTu2Fwkf5LcwjWefgSQM6uHu5yGPN+9gv8ZWbN5LcC0h32+nb11ZdeWRFhYXJmENoxj7vd8qYiUJte7Q+mKD8iAtllirHNygTMPZkFGuwtKHLi7IvVFrdAnkFFzUjxdUQ0uM1Uh0pAIppLN9gghL5y1GRvpFvTiLYGb5xHSciiH9tXWSZ1K62DI7owfijwgeZYmovBhmnHa1aX5QJc/gkkWjdGFNF1/3Pz9onsaUQ7izzwta/+/kzjy0jr0VAz1qVCLWHXVricAd2hml4NEd18lEhYRCfvBm0xtiJd64yEpZar6rjho2lJs5jlNCOISlpBh2T9fe7TOumdm6Xb0Rp5Qtthw1csV2RHEV8l7/UQcOmFbFcj/PDQZF+G+JFSREXwM8w4lasrc7fHKjzzXUUjDkek6Urs2ugRsO+1+fRfbrY42j1k9XJ7tD1bzNqyUXyeG60T+6b9oWu3NjT5CUhOQSsk0w16Fuugb/rRQNrbY0107ObIyQ0YK/yxo4NnzEsCuKaHFOKpCPbcul3rW/YngjIHO6xkw2VLT6A2rZtza9HWOSRS6dMov5vJgeOj4Vp3VUC7cIqpjcoR2S/Dt7emav2JJljjq9sqhlv6FPQ6MbAHj4Ad92yP6MmuCbSIZf3vfbZ8/iKfZNn3o3q6wI3GDGTo45mH3X7MZW2NKMeVdjjPRvHjAkTxOWMnevrht8XFFcmDGBPjpWffSzH8Usz0si2GaJ7ZzNPMKNupDEm4pNQ0b/vj1XaAZN5B+KwqqS7uaj7yg=,iv:rplTDQBXilYM7A6N/r/1Z9H2uO5nMU2UNHvEcJI8vX0=,tag:GdaHAreloN+kjpibBNNlVg==,type:str]
+cert_private: ENC[AES256_GCM,data:XbQ/eLHB0BAx6+nvg5qX2hddBRAKWZDKfihRdWLXpsR3tR7Sz9mmS4TxO27b9ulZiV/+4vwWfTTKXQ+usMH7s4qE5JN4qChVJviYz/GFOhl6pRy0yY5XEsxxrQGCTwboETr2dlrude+FdEPiL09OLED8t7CtlJfa5hSz8tRxX4LrR7CEb+uLt2cEAssOHnmb7Uzam/IZ5iDMhkIN36BrrAGmGIt3BKwtHDWAGMfhWTQOqxl31LV6NLgZO1KinGJEjHrKI6VS7zA3hjBTaQc/NQOnyfXTEkeA4/a0I/UhEdebXLZbUs3RtFbrJmd73TCHKIN1KFHgNQ+4tLeA6WP1mAl9Leqeog1ONgfN/4478Vsph/22zmKxn8XUuTZsFNoFDEbcTxj38uX4AbXhkWzzHMWl54ztbuRm/CWmThjKDrkAEM4v52Ea4GXBPnnXThGm051A3/wpEYt1HaAHcuRe32QLfG+ZPhTjsuCsPLZ66AW5/xv3evcO+0Qj+34KQdvDXm+kVphJcYk9CvUbtYfo0r6ZHoztuH1M76Py/0v5CJJksDz2Yoea9ZGy6mNhzAYmHrnQ3E3NN4rHh7SlWqNeSHk946eSEM0t0bo/1Pjes0z2EC1QsYj6bWzUxBNfURzCFuXo554WfkYlgFMd8NOBgm3pKa5Yj/LuStC1xJxA1ou4BoJoIE2KWfONPJPIjsO7VW6sJNzMt3IyxTmbCKxfBrlifFCB7I7DYfnqyIrwxOWYLFtzVRc0w8+T8EkRQO7LbwjSlfwIKpBxVVjQzw7FfIb8z81ZvR4vOF7jaDOVaAstEhNVgq6fYc7HNnEpmx3i6Kx6YwcerX4NYziFV0ueMRUo+u1A5UxHxVUjAXP6KbI9ZIfNiz5Qy4byhP7VQwfrHk74GtzY52prZ/612cr5DfK6te1HdVnoaDuYQWB4cv9Fwb6Ckod4/KZLQvfdtwkoDLX980noazAMqTTNupLfDoU7kXwHAjmKulB65LYtmux9BeC7tFOXcduRFCzTNMftSdZgLsv5r+TTPHIFxQfVwYT1xy/mOathj0yukYA83Bys/2ABZojtL2JNuCAGIklfcXuUtNCxvD9i5SJiibmb3ZyyCN5xkLnc6Mv91ymQE+H1hq5Gt97buS68aQxtvCpy1FvLaRxZiiPxIh0UD+ua6feKjEk5dFCs/zRKozL3VEbNkupSO6PpjPmQBFA5PqwiBVbXfwedr+0GB7BjYwFmr8qN0InndDaqH7k2OWDgUkdPl1jLLpMlMMBeKd5lyEQ45c2cWWzfFEHcC75ohrq//UTdDtDVxXEzdm54D5PspmFa+OepDfEyBwHThXMJbEynnhO9SX4wFdVX4PG/8+xzRv7zyS8Mp5EoIJHjPMRMrkS63FYSNxLBuPMnpYJifJH8Opau/cgSJUgioXnBalo7+04VTwfY1LtGmDS/fCUfAi44OfhZcpTfyehvO5N7IGrrjW2LgOD9/FhiUs91omVZXwDTSj/alXMxbcDmiNmFxqw9SOIJkfbnmAvKi6YoRHBA00XNPwSD5VwjTDmXfVPkfB2+ompb/X/yaOujFYB29YGsFBk/u4cpokcoX4ZcUd/E5PG8sey+uM34Z42LNVsmqV8ml+W3hAKRKTUgJrLKKVI/L7i0TCvLs9YotFMIU1pJAwOI9KKnaBanC0sXi14515U0QABavDLJnr+ffvMRtB8NDlqihCdnwHgo1vwaXZAzuyf+VYJhlNA2nQmU/sYKZ/4GjUXUfr+K6zy6pwXEVRk+d1WwDn/iEQhRirkc1AJ9u4gdqPbyPzVMF3gWcDpU42XSgPl7V+Ts1ptfqjfyli5j1VLCOjE/hhGea9CcWmnppoTjSiFPIWbp8u/qEl5ArVxaNnz3yWAJ+UNGH/vQxhB6jb6BMSA8q+yrXq+B+XaYPthNJ9yihJu4XliaQL5IvHyMg5BG90hIorJK+TBgCL0gJZUwBPVRPvbdWUZ3F7DbX90rAvEwM5NcsX25Ri32EB9J0cRFUoxFkr7cIrJ5bTQakvpHHd7F7gMqDjSstQ8GNYnluIMLGlN/pFCXGYX6F6d+jTO2Ch9d1CMG4y3PXEDe8nj5hVBFa8BKYZ5gS+n51j2xraNMfvTlJuLXcTuEC6hujxd28TFNY7hPNPqcOMLbonNm0UeSV6sDTjGIblbM0nOleg3YAuKRbhnOk6v7SsA0LtGXqf2zJWUL4ILTDoZeO/hPmNv9oX2tQX5XQIg=,iv:HBItAkf5G5o0KTpNrX6p/pNvMubkcnQhWotqdRFRbio=,tag:QNVx9i1RRvWJ9Kzm6KV3Wg==,type:str]
 sops:
     age:
         - recipient: age16pq5hgqmcm04xenxfy3ec4pxzn99ayypva9t6jamfsk4x2qta4gs25whaz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWmdYemZmUkxaSHNXN1Rt
-            NUFLQWI5OXRpZm80K3hTZW1XVXhWd3RZQkZ3CjNxa3hTMEljWUpSVWMyZFhrc2Iw
-            UitCZkZNeVlzMWJWYWllRkZrV1VlRGMKLS0tIDl3elgxMTJaYjljQ0ZZVllkVm9U
-            RXdOWWxlTmNUOUhOMlVianIvVHhud3MK6I4Zy1pA+qjBuLTiYIL53XzyIcsgbhpt
-            zEhBPkZPg0SPQcgJ6n2nVMw03GGmKEFfixjCrd4fverFpDPy7FfcLw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M2QyR3R2TUV3bDlXL2Qv
+            bDkwSWlCNG9YOWRyT0cvVjlLbHp3UEVqUldNCk1pbko5Z01TdzBOSU90T0x6aXFJ
+            TEt6cjBveEtYRzdQeFFDRlE2aVNtMEkKLS0tIGN2UmpKYlE1dFNVMzJ4Y24ybEoz
+            aW4wMVBJOU8ySlRpaFUyQ0x2TzZQVVkKb4Ml+KG1SMo7Ol8cGTK6M6OSEwLJiH79
+            rOdQskwiCtItNfXpOocdTE4M1ZG25is8P67fp09Gs71Nunbhe+A3RA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-03T18:34:43Z"
-    mac: ENC[AES256_GCM,data:6wDSakfzHhVaYWnh4OK+4MfdGy90ePmvZHptlcHJUxNsetJlWryWyow9kW+8XiSU8N0opTg2MRj0SiF+VGUuC8QJuLvoCzNDdE8yk5UMY/T4ImYypFvoZsTecICKEooAVJbxWGMF40gEDKmXFXaZSeNfgg2LSKw4kjwAREpF6VQ=,iv:1Z/fGirfSOBsCR85n6nY1x7Ngfo+x3tjN3RAEQxQjyU=,tag:wVNo0zeiT+F2oUz5IfZQ9A==,type:str]
+    lastmodified: "2026-02-03T20:03:46Z"
+    mac: ENC[AES256_GCM,data:KDJ/G3xez7k3mzbd19vvB1jicjL8avZSZ32kw9tSvgp5Nkcqo7kPgMj/tIeoPKNZ0F+DqHgh0oVvD+9JJrFT3i+nAcbJLn0ZMj/CI4HXSi6/QlJ8cMfcq+RR7sqkaFwm9tgXeaQE+BFAFSxhbqKkG0hjPfDpciOnMtbuPlLLSDk=,iv:sqjwfGZPLya5hB+MgaWn9S00LW8iiLQmuDnXnAHOSuE=,tag:817e/ARjTPs6BcIlIGgyPA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0