feat(git): setup git server with cgit

author: Leander Scherer <leander@schererleander.de> 2026-03-13 11:48:21 +0100
committer: Leander Scherer <leander@schererleander.de> 2026-03-13 12:09:06 +0100
commit: f08a6c4d76108a5cf38394ce57e480c9ab412968 (patch)
tree: e2544790f51e1f8c22b3f9d90745fc4605bdc32c
parent: ac9c19c49c26e588076e561c726355e1703dc421 (diff)
7 files changed, 78 insertions, 53 deletions
diff --git a/flake.lock b/flake.lock
index cfc25f2..eb4a769 100644
--- a/flake.lock
+++ b/flake.lock
@@ -125,38 +125,6 @@
         "type": "github"
       }
     },
-    "neuswc-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1772915938,
-        "narHash": "sha256-2y7nKZKKWQaxJSuz5ia4VIcR4ibsAt/M6oqDy5jRpg4=",
-        "ref": "refs/heads/main",
-        "rev": "d7a9eda640d4b4d96f6158266099d3c3fe8e5673",
-        "revCount": 743,
-        "type": "git",
-        "url": "https://git.sr.ht/~shrub900/neuswc"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.sr.ht/~shrub900/neuswc"
-      }
-    },
-    "neuwld-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1772906688,
-        "narHash": "sha256-0+rgWrefh19bBEmcqw0Lal1PHkendtCkQ2EIg+LHb74=",
-        "ref": "refs/heads/main",
-        "rev": "235b7b62be7d7c9eefa011eac4a5b78ba7390f1c",
-        "revCount": 211,
-        "type": "git",
-        "url": "https://git.sr.ht/~shrub900/neuwld"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.sr.ht/~shrub900/neuwld"
-      }
-    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -267,33 +235,14 @@
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
         "import-tree": "import-tree",
-        "neuswc-src": "neuswc-src",
-        "neuwld-src": "neuwld-src",
         "nix-darwin": "nix-darwin",
         "nixcord": "nixcord",
         "nixpkgs": "nixpkgs",
-        "shko-src": "shko-src",
         "site": "site",
         "sops-nix": "sops-nix",
         "spicetify-nix": "spicetify-nix"
       }
     },
-    "shko-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1772882728,
-        "narHash": "sha256-PLj1TqZkhaSYgbtWwnfjGjF4ZtDAmkDxUadeEReGwf0=",
-        "ref": "refs/heads/master",
-        "rev": "a21d5b6a76dcf161f1b374b32a93a7e4c1439212",
-        "revCount": 85,
-        "type": "git",
-        "url": "https://git.sr.ht/~chld/shko"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.sr.ht/~chld/shko"
-      }
-    },
     "site": {
       "inputs": {
         "flake-utils": "flake-utils",
diff --git a/modules/hosts/sachiel/flake-parts.nix b/modules/hosts/sachiel/flake-parts.nix
index 6f33503..e30a532 100644
--- a/modules/hosts/sachiel/flake-parts.nix
+++ b/modules/hosts/sachiel/flake-parts.nix
@@ -4,10 +4,13 @@
     specialArgs = { inherit inputs; };
     modules = [
       inputs.self.modules.nixos.sachiel
+      inputs.self.modules.nixos.secrets
       inputs.self.modules.nixos.openssh
       inputs.self.modules.nixos.nginx
       inputs.self.modules.nixos.nextcloud
       inputs.self.modules.nixos.site
+      inputs.self.modules.nixos.git
+      inputs.self.modules.nixos.cgit
     ];
   };
 }
diff --git a/modules/services/cgit.nix b/modules/services/cgit.nix
new file mode 100644
index 0000000..ad99d3d
--- /dev/null
+++ b/modules/services/cgit.nix
@@ -0,0 +1,44 @@
+{
+  flake.modules.nixos.cgit =
+    {
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      services.cgit."git-server" = {
+        enable = true;
+
+        scanPath = "/var/lib/git-server";
+
+        user = "git";
+        group = "git";
+
+        nginx.virtualHost = "git.schererleander.de";
+
+        gitHttpBackend = {
+          enable = true;
+          checkExportOkFiles = false;
+        };
+
+        settings = {
+          "root-title" = "My Git Repositories";
+          "root-desc" = "Self-hosted NixOS Git server";
+          "clone-url" =
+            "https://git.schererleander.de/$CGIT_REPO_URL ssh://git@git.schererleander.de/$CGIT_REPO_URL";
+          "enable-http-clone" = 1;
+          "enable-commit-graph" = 1;
+          "enable-log-filecount" = 1;
+          "enable-log-linecount" = 1;
+          "branch-sort" = "age";
+        };
+      };
+
+      services.nginx.virtualHosts."git.schererleander.de" = {
+        forceSSL = true;
+        sslCertificate = config.sops.secrets."cert_fullchain".path;
+        sslCertificateKey = config.sops.secrets."cert_private".path;
+      };
+    };
+}
diff --git a/modules/services/git.nix b/modules/services/git.nix
new file mode 100644
index 0000000..5be5d58
--- /dev/null
+++ b/modules/services/git.nix
@@ -0,0 +1,19 @@
+{
+  flake.modules.nixos.git =
+    {
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      users.users.git = {
+        isSystemUser = true;
+        group = "git";
+        home = "/var/lib/git-server";
+        createHome = true;
+        shell = "${pkgs.git}/bin/git-shell";
+      };
+      users.groups.git = { };
+    };
+}
diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix
index 68d1511..8bb530c 100644
--- a/modules/services/openssh.nix
+++ b/modules/services/openssh.nix
@@ -9,6 +9,8 @@
         enable = true;
         ports = [ 8693 ];
         settings = {
+					AllowTcpForwarding = false;
+					AllowAgentForwarding = false;
           PasswordAuthentication = false;
           X11Forwarding = false;
           PermitRootLogin = "yes";
diff --git a/modules/system/secrets.nix b/modules/system/secrets.nix
index bd9c2e4..90622fb 100644
--- a/modules/system/secrets.nix
+++ b/modules/system/secrets.nix
@@ -36,6 +36,12 @@
             owner = "root";
             mode = "0600";
           };
+          "ssh_git_pubkey" = {
+            owner = "git";
+            group = "git";
+            mode = "0400";
+            path = "/var/lib/git-server/.ssh/authorized_keys";
+          };
           "cert_fullchain" = {
             owner = "nginx";
             group = "nginx";
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 9e99de4..78592c4 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -5,6 +5,8 @@ nextcloud-admin-pass: ENC[AES256_GCM,data:AuC/2YDhOb4+nkOEVuWie+EcWF8=,iv:gZXdpk
 ssh_github_key: ENC[AES256_GCM,data:XqmRX1vlQmF/dldJXBAUQ2R+0J5VnJdRZWNh1PSOiO89GKcl6mcVH4zxMWpkFxM4BkEUABIE60ajpiY+TNYgk/WniBUP/9ivOCYmMaBvRxPzzjft0Y0KEZS/VGKcRpCfJzf5DOlqa+j4o512U8Sh/hYKH8YSUPr4FuJkpQO8tp9h9EoHI4dhauL5MVRcNX/XYr8MPSkOm7Fy0yZXRYNdJ1T6qLwR7pkrkP+N5FWwJDEwbS1l/FhPBx+/tjvnUuVZLGJPgZxRQV4mchDhD/Y2IRRU9TK99QSM+4TsAy/FGC/v48xvBW1C930RsskXj90uSKFvu8BMksejLFS9cdVB19cQqki1Wr5LBMtyuwBgwu/fuuwuyQ3v4wKyacM37ZAb5gtHt+6U06BpMl6YpSczlvpYyIlMjARa45zZ+QkFLV+zTFto3DCsPUzTX8V/OFTkOpRf7j28FPtDPvxzT23nVeouEPERjkZQylKCXZaqZ6b05ShREf/TOpbs4sftndg2wrqnV3VE9f/qNieIwgWTpRI7JNLCdKGzY+4yEtHdxbaoHy4=,iv:dwZjKaybpGeTIIPT93UVH81iZU8HPOYy2mJxSKopha0=,tag:L53zwLN7ZZ/1qm8I9uN1vw==,type:str]
 ssh_jonsbo_key: ENC[AES256_GCM,data:rsQwANaJKjjH9rX1ffUCVTHJzA9n/k5Y6+09+/gMqNr66Zc72N9QgJyM0fAejuicV37A+BNJs0gxdR+3DhgfN2V9o41llCXWAPtAcCaC9ICd5shRgdquQHn9rwjf+gXGShAf4/5S0IDRx3epHcITr6E63x5QMU+jzVWYSMjDiDo85kOqOkQ+tUwEGSERnRiGSte39AP61l3mpc/mGuDs/eSgGFOI1pF8E3iXQvCn/+JesznrqiN6rbZtxCZORPDLcd5oxRjRB/XHiMk02w8uuOte2+0OxtH8ZqXv776YpE8WpXXkuiYVPPV4m5fm+gYJsQPiqsl3aKXOp2I5Mg30OTZiMfP8dnUWzaKRq7NvhaKPsBvo+xUq42zrO4JAbi/0sgAGLWDZOpP2II9vwMrsr4FWMTeld78l6YbaBh8gaZkYw3BxJt88IWdqXdBRsyQMPhc6XmS9xqsvBZMbCQspXx2R1Lfg9au2RoOrFOZ3HcJGlsY3yTMPYT5cF39dvGFP6QrlS+vbDx0/v0Y8uMT1iyXEeyZJifw2QG3HeByGLVclnc4ovzIi2UFIvjU05E6Y+hTrmVd+9l2H5nM3,iv:z3hSRMnTZ4BmznHlrKMonG3drw2GxjddOa5eZ8kswPE=,tag:dkyhi+oVa44oU8Gs+657Sw==,type:str]
 ssh_sachiel_key: ENC[AES256_GCM,data:88pGKYefpt1JUq1FGCcoAMiQ911sFFCj0SN/xn2BPMQh2jNTibdnxvkxjRS83Cnypi8mngLZzQRF0JkQvSP5kbRivKmd6oSKbHY8Tg5Hfbhzv276hZhYre+7dGnEKCFnxBgesioFoYztrubRh6XdlzfXpNiNXSYMHPkGAMRyiWhTB367eEjx7z/dH6H2FP8ROB5RnJpzj+18TrS7oU6xKQj2eWZtZQi0mej7WVqGHmcClnprKHcem0OjlsrmLiW1vzvuB616uzqUMGlM4npVu03y67FGbi3mOCiUHx5dRVdI2KsgA4BFmAyWw09K86Gq/dwyXUl2eckQshALQ775Zik5ouI+lKDrcOvfLNxQ4p8uSR4PFIWt9LccqHDmVeRui1B0akiJ1+ai2aL04bTn4wYuzXzYGX6AoUJNHrGU82kSCRgIhysms0ZQabj3Ylbce3414ZZ7ofzeA9UttlFGg0HhPDJ2U3SaYWAQ0tU6Wf4VgS7+Hcj/1np9tieRodvMOXNiQ1yaqOIaXkgfczaGyULtjc4HYQbnR85U+l5TJXlkKAwI1D0a0vAqDAB19pN1DM+sADqccBD9hi1R,iv:KY6jMTR4hY43Mjy/CG2hFskTa/pxcd+A/u6KGgpNLlA=,tag:0qMuDI9m4lmpGPV9QX3CWA==,type:str]
+ssh_git_key: ENC[AES256_GCM,data:D8m/Q0+D5lPkFnBgfmtRM71xkahRQV08zz5WQ/YrdvQwNijM3ex0jGHTF8rGyRKVsnwpdsnk+YMCo1DeVaAE0xRsaMUuVLdhd/bAP4ql1TZhoCUQNamxiQ3ZL/7OSrrJSvvi9Esboq2HnASZVKeJucr5ViNlPLC3R1INJ9YVrYZbei3x8mlYTMAnlaJedIBFiX0gu/aQRrNviKlcVi96sKm9JgEc470aGJQIhEm8UM+VepbprCOm8lM+PQ3nMq+GrV7xQfuKkI3laGTriXQXKElEY7SfGMCnPBqpiDoZ+XZmXhVspao8lp45yp/y6byFaEuG02Gf0neyioicSkllQZfwvlNIaCZ8IM8P7/ydRGCbOMxg71ojUrIeD+WIEw6eWluadZC9hXKJ9/VDxMYcOlqLsUzuNLviA69XIU8K7lIuRN9YZunZUT+9gXICV5ofY5VcCoDPTvwhH8eP/4/r9viLyug3iw/ZdoDvkTbr8sGAHQ+AVb17xnxuuiFOpMIQxTDWf9pvzUYgI84ZvJTVN4FfbTCIAcUW0kJ5gCt4a3C9rWU=,iv:LP7darsuh3Uz4zi8jAGwytlsrNm/DTivZpAdeP1ijEg=,tag:4euWrca3LvaErHJdc9Excw==,type:str]
+ssh_git_pubkey: ENC[AES256_GCM,data:Nj2wDOm2JOMF22EaCitjy2Dsu74XGgVNFttdpnFiOZEnXgYqstW93StDQtjLE4SROvm6fNxDRb+HPTVnCVUmU4ObadLeg2qHFczZLfOuUeBm9Kb/82DN6NoLC4+HKw10qOjKCnNodIXSaEc=,iv:ktqCI4Vpl8EHYr6KLfTq5/C3czV8OrOrJ8RliDJtt28=,tag:1vS4VSRTqKHldVcj3DGNtA==,type:str]
 cert_fullchain: ENC[AES256_GCM,data:Qf+3zey5MgFHO97cwDf625tpVw/39ywynL+8oii6XbJMFrq0euJydg5amVIiHi46NwwC6TU8gBiQBcX8AoaLwqe92knfH525ccT8MAHuOCBfdE6509G4XygHkAGBx5OlRUiAR6NCIyNitgKhuomV/Q6ykgTDfLYoZKJtyFh6cOpXgnwpixiJk6Wt3vOEc/TsyDl1QBWfhAVkHjnHFhmpC3h0ZIaWE2b1dU3lhESLlSBiYvMYDR+aTKUqYWmfvsWNw9udnWdOtjwoiZcmbTHvO6n7jmdDjtBEptEdmMODzAD126SibvEALDXInYH5NfxfulPAMvrO8cnZVEK95TBsVlt1fMb+YG2vPlX3bwL91QWnC+wZy8ZdZB91ZwK8h2fgpeISaM3p5/cYrY6tf2/mRwlBL2w5w8LsvcpSR27yPGcEkiduu7LfGsjQrVOobUH2WYShiyJCtLOS1QJsu3XTPckjBCtVWU0/fPKbUaJ3F11a9+NXfnWmGs+gnRozDNgVlBOPlL2FSG0LkZ+7dys595aT0nbGdBm+hfur2+QujXX+al77sEn8BYrfgMo0pbq4gyL2hnXUshgBkluvJ9YljA9eFiH/xqkCv0Ra7q1GP7KYC4n8RmEgdRqSL49VMbeRRIha376vYEKg088o4nw4BNMIldmak7FWbVAyGvwAtJZZaRTW+Z3WmyGWTIA6D46hxw4eftqq2tUfucDcFNcdYP4ujLPx7U6Y+gSsIOpxFXLT0/ZW8i7/bSSxAN6+oi/M4azDkcoeRkzT4QH+j2dhSVfy90YSs4ca8qV8gTGbRuo8JIIstK4JRLufb3pZbbEZJpjaVqg2rHLx+uGMpZN7VFko7fpXkf0HYdCaPsfwWjJoyHofKh41c0dkCoBQ92f/JbAYaQZl8zpyzpnS0VAmXxdmyPQmU1yDWyNcdYo/qB/UcqD0YHvCLuqaTwNdb9cTZy/HjpXEoRaQXlfIic/JBwxiLjFf86bfDQJNPY93qJIJMjCJ+kEIIGFBdajd2oBLfJ6KOb4Raxta7K3oBafOoDYsUhPy5aW3jb477KXljouwI74RMKuN8hVAcxgTsHzRcSx9+FX9+AdNCOyFb7dRTrwsSCnJFFSrDqD3nr4xcs+Fcy2yvuxtHK9/RJhAVO331KaGSDM+IRoOxKG3Ct6YHXGOeDA8rS6daIRhX45jDe83a3jbliiqKk5He7kqcVdkIRDaSxV3Wl7Zzp1amBvdNec6yQIyGutJZ2ohh4V3+81XZd0IIJU+x2bo30y4iGdm1jF3DQ64vwTylN0xOOiNA09ZesV03NrB/F0jPHRmgp/EIFPnaz+Px7KH64mQMe1Rl6WZ0Xl7K/ODAS91ru1RLh+K1mcrWdFfC3c118YYqSx6h4DlopVplyp4j4rUXG237sRLwIYHh+Vox791cKnMV072KrSmejeL9Az/4vSznm1OkgOPqnj0PZdf+AI9MO1Z3a/uS65CSqnu1byBZ/wVpY7Rvb09SnwSMxXeorYSviE6wQ/hyA3JNJnubbEsHw8k9vV8AWfQ+0EkPwha3Yhm6NGCOzrQTqnlp/v1Z4PmbMdM444ZYjT3MyKz9g2W+Wua9DVgS2QOeMTYLEsylvZwli9hqm9Fc96HPhKUkkmQl86YWStCONUFlgQzJuzSDdPRoLWq2lSPdPA4Ln+YvD1n5aBtxNfafFE/twjV6L/lVPb7Weltbipdwnd5/mDDGPvnHpp3rZnwClZZ2jxYe3J04nJYzEviPI4JiYUWSCvzToiXDZtFiOpqaW3xD8fDY57eXeKiPMaBV7fn9FIdB0kVB5AMo4ibZeJF+D/FHSKI3C77EfYxLOCop71C/2YG6OqYDhNP7CY7MTw0TFZVlBZgnHfjTpsGRaZMWaheMBlLfTdxTAP4hd9Fa+4EDoIOU8eaK5M542CtP/6HjHIxF0nffNm6xPXZYZKDntavy+KKAD+sAS7ADVbXRf3cyNR5dVvhFmHoYLyJgZiKZMUUbTtEWDa4QLw372URqt15xjft6dw6eMK/PAfNp39r6MItqA4conFZWFhis8c9goIopmWITGfSsRlC/YQA3DraIoU0NrK8P+nxQ88y47hfIqexndwLSEUsDFrH6greo/SMjKIoez5hl5tXjPm3AnYZ5z6kAr8Vlu+RFJjN2CkfsFrolanJcFkvgZYkvAKZeGoLlGN+5qPfz1PB+H8msUfJjezgkELTocVjHXn9akGcNMPeHwle9zXcTNzixkT4eTj0nB8/uPJWF5ReyPtowJQ0TchK2tpDf3Fc6Q1rPfU9sYqPFSxBR/86nzX6lmYC5NC3LgT2+N1fDU+t9Cc1ovrkbrIitrFx7zOyEmiHc6J9g+aO1Fs62yLJevdgAYXVd9bZzGPoYUy6k/kGUrE0BkrVWDQ2gN60W/F/770/LBF3DFO3aOVlVjbaegy/3MRP2jkB1/isELl1ePUfzxhWFle02ze/PHPbcqM5lMBGsKd5pUgbostYxRE4O1Y0V59FUVIPUf4UH+uhQw/cAgxGQtnMO6YfuCnSCrEzgGjSFPoy3f6s4CTCPTvSC/LNGUGvYaPFSQq2SM/u8oeNaNAa7Tk9d2WiESDbwGT8byaQ1dkikGkriNzbaJccwatYCw09fWiguXEJSThB0OnP3BDsbCYYaorDmmKUFlj10MjK4lJgYzxywdxs2M6pLskdSUfqRDYH3KgiTj8YvIs4CqVBThMXpu8Lbgy1E0Z34usSpJqtBDdiEJIkD5zDv89U6r2jjJQz8Wi7wxdNAntKD77eJFfw6JK1nXyirq3dLwkJmdTB1gRJHtNuTtOSzvrJzPSjx9MZqI8grprhqneLP9C0o44TP6uu+CjHiyPp7AKg/cZUsJZjVHkEjRFbo0kcrsuMW3ZWwVdooopQpe0teUKNQDL8efeMjYsMPts382e7qMbIuIx/I3nJNxmsyNWOUBERU0apIRAwE2YyOMLMAw7JBOtzEgkhqyqTZMob/q/InZ6wvXlDLqWbsNbLv2uDciUQZfnRR/Q/jBozL0fdyq1ZhpmpHY/+Npm8nEe/I1fgmsbCuaAa/o3SHAW9I3DQ9ZqT49EtQdJUoO94RfuR8rRe6XTH2X00UaB9J3zFBPPxd/Q8UTn7xnj7BzP5EBV01JIj+0IPmcWLhbmOUb6kFpXYkmvdGi1BkTQmyq5D7+tPCobkNmF9wgFqA+UdDSDho/TWSgh1oIO9bziKcoUZc9/9V+G/Dv49urKGRojPtA6SuZtuFrsyoguCWSLPXw49ndbmDC7ZQ6DnrKUkdue+6yPE2EvKm5I2yeOqhAhX8oAf0kLNZvrLdN2FxICR8GpRycT9ESGNYH8I19mvmKgyOSfvza9C66ffvQ/8lbL6q7BL3tY9Tv3BBWzuGROJjT2QUFz8lyA6efwCk8Wy+1v+LfJirGf+LS0nmFwH+szX3YISp4hHHdEnDLqzMpYx5H++cIL5xC+LiVi8zKUE0VCVeeEprAvMkICw6aaFB4gpFx3oVtIVSrTW3oqcuiJIFpd6tGIvhReHT3hWSlhbtvq6i0CoHTkdpdqhlBDyuMhu7EydIEIDLJKn6NQCRfrWEW5cetU1avfPrLXIz8l5k/h5wdJvVuaSFgnCqB5uvjsrMNouQwhDe3YOiPizNIpBxip3XLz9iKQInv+9EcvqOiZYH/mFjtGn53Gnzxa5+K0Ta/ubrfT2vhEooQlT+04O6j99tUsL3ZmJaQmc/tyHULWKcHnt531i2rubfXw13kdYQWpThuG95ce4dn/cKo1rRzqpoPsRzF0WxCqVEcR7NM2cnZAStXBkIdVkOJk3+Z0kieRJ/wzH1fbrTIkI/f2cjjN2TeTaiij6yTk18YF89AwSTx/uDKnEDKJUCBYfwbjg4HdeqKcHM7nf2ZMHBsnH7yT1EtbDGipJIZfYxxQIlZm1Tq9IDmxkPaqWxtzF57CvQ5qLp1VZfx9pYkKCGMSlsA6/EsbGTIiyr0E+GbVowF8e8whXgZRZuOmekrbh5lQ8oNipBhkdixZgxK6lM7NL9vPPO6GEEe5MMLxODfeva+GsxW+us93BbAMTcr8xPjE6tf2QmHfmHKu0Uknz12OPA4JN8IyNWz6SHzHV1J8THx49zHbVw1IXzzCIs1UDJMesd40X4L2ey4Y7hWZVIa9k3QSZsKjz9w2s8qQONIcFBq0BOvW1hbIlOere6i8OJJb04GyCZq+R79hD2HRrEue1hm7pI62+4kwJrHLLFxFp1Obi5BbqfKZkDwpkGV4oJClYiym1CK1itdtt/fiV1c8Zw6O18TGc1HkTEZbBi+jmC1bJ4i/JEOW5duBhZdUjAI8YR5KzUnQGzT3oiMtqfu2ar2ipotO0frfDqyiKO85wskG92MX6bfPPA4vtUgavQCbsJhAOJQ/jVOpr+7ZS5L2x+/xdY3fyOPvd8eviC5Hu8jFm3qmn+pDaUhikMak2euFzjEeOWoQLmpe2rrnZcOHl5dD/ENSIGP0IsGL9xoUtXhSBHBZENYESZCKTo6VcJaDimwr49MysuYNaDapD4Vc70ASrZEBh1XHf4aQ+DSHMopbC86faN/gJMDirmFdeKmY4vscQ2z9Uom6+agAvcG4o/DNrWUYjfRnimFgVfHzILqaUU14MPjbohfTPtDfRm70+r7vkanOVRVX8ATAH8f8FMsKnVIWyy0S23DwfBcN2FfqRJsia7nhdRt1iZIajrXjEuwq8vyoTfoqGSj1aiu7w+CR1TpYoMQXGGkALNi/nMdiTHW1Ri5PDjThAR6NVL+SLAXXu1xK7NyFhKVkcCd59voWuWJvdXT+bSWpPVXyapR3ZlNYnmvrYaDUPsLFn4rUfRWGqD3jvJAVTuHKAi/QXpv7M8L2oNk/781OKIQZb5Fc3DLAZh0T+Qg3ABawQwCQrL/lPaNOteilusGkFuxvoXufTkUbX69LEZHov4UHjY3xVGTdzuBuw6/lVV6SaclvvlrXwuTlub0bVEzT9WJOoBElQk5LB+naWAnWuKehxxxoXPUYmya7aKJ+SVW6o0WiGm3K0vJnk3CWLvlaiDwjROGHm95CeAV+g0bSoRGke44zzzz+Fu3y4WWOtcDMeZSDDYUGZ3PuZRF2pPdCIgrjeuzOPimhsO3qMnl0gZXTU2hHlgrY0iWMGjpszBjDIgxwWGIPA4lEi+BdiIUtGAhIarcFqob+hpNqWogeysnUIjZyNpdB0UUVvJ03w5kjz7L59GpggIELExc+RRioSgoxrVrub37UZEbuD+bctZbV7oxyerZFjQoCb++svi2E3rmq6lsUQnNb8rM/6CEcEMLQHw9nzygiclQNQd1wC5pulxGpaR4pDTH3LhaTEK4kBWxzBwe2XICFgOK8eL1KBvabVmWDwcujBJhor/NeoI2NoiCL7AmtQE7440FSscAwVH5SQ++Wuj+D1+lMBOO8MNqvpwQkLC0xpw2NUlmyAqFb/Vyv9xae7Xc9nJ1FNqjYliBqx69NAYQYAvDzZxTeptnXY2yjnicisYXIVfQtvsAwrPkGtxMAzjVwCQoJgMssS/tOLpjKufNAB6lg66TwkpxA6W5VCENfqOTtSPyxEoN0xToJSkjMMnPT8XPxjiGVQDKstL41alxmqllB7GJdpoC0mh5GqhGxp/KTu5DgojH/R1JPry3hj7FkN/Zv9UVwCNEnzsDIMugLEBBOVEWaJHH4LICS4P2H6evw5WaX066fWntO3/+W6rcBQreyg+7lZQ2ZA49PjsELwpJ/u9oSqPJDR9rPBz2Z/ck60bQU6F2v8Umu2bZpWFgxKKEWwP08imMFVMnkjijWFfE+yKuETIIRdFNPpLG8/mxvuODy97wb141pqlqq04Sklc0hKMIQTkiAmoDl3Y4/2x76M4H5yVV1716EJtJx9Pxv2FtbEAH4tnLFl8JkeYcskzRCRoU4VcY4+i0xSAJGszFf021DjHYQuaOPkjfp/vPMCPC0Qe4cWJl+V/S6NbE9d9pDEDubnvkGlwgNhTSbfMVciy+9aWO91xiegys6BoOfKXQVO/PBrmvEg6XX6qrWRp+bBKLdvRHvEvrnishMUssTjM82tXN9uh4M/jBtlpL/mff85RbZjw71LL/rUM45lLHmGlXq2PGWrlRl8f/CZ0SmrOA8CpIr4csR1Re8hIkawV6D08zePMUPg2ociVWIX7eXY7VbLb+irR2LBPkbXOQdAzioTDfiVHYkn3282gu4InhV2fE7P4JQNa9upL8GF9kHOuxKzypLhzgEA6Z/jZU7jTEqJ5MM8T5FcJxOHeSywEdvxdsGMG2mpZ7Pc6C10aTUxovI+2RXTsT4T2n5A7wnDtp/4Iu+scbjqs0VA/n+yZzWQSx8Vb073Nhk3e/WlKocHzyxz0ZC3q7vQVP4Sg64x3FzFyoke3kwJ8SOS9zz8ozI+ytyiChux80nvefcSMO2JbGYkiaJh7k62YtMQmWg2Gz+gBjBpE+sCsgKLIQXqrx/87QL0Lau8QtomYnGKvwDmdBakui9n2F+2XIJOD6kVRi9LLuuqpw/Qbhwsl5Pf+PaH1o/DNot9ntfR667xLKbtipwaZ3G3bjDhNX4AQ+HQtWljAdQqb+K5YF80nIyeHIa79B/4hOHo5A6P3Lu4KF8cPwRMurDEd8A7TStE4qH+rwohwvNZ72O0fRSn5tIYn00GbuJypmLVuPPR1wvz1U4kvtXiLzUId9cNfZDNAbYgkShKqN0sE+emJf0tsdvNm3enRh05Td4Qg8OlRslROK+qjaHhXdUnvX8mFfcr4HEMZnjqWN96rfGmJ7/+blI5WW8UZZnbHXXbZzcR/Ow8p631TqTEZsyD5sPNX9x1EOn359NWS7XxIzsqpc25cyYzyfP1ZzWinyjZHRAvdwEV0ov1ldQd1RJuUFHzqew0Gcv3JTrpnKkhy1rl1n1b3Xf7ol+Jc9Tl+5YYmHTmop/r7Yg6HovzITMEUkeWHnMGlWGm5Y98Q1XpwRfF6PV5eshVEjV0G8pdSoeEJ20I48SaFE81NCrXIpR8D2ERaTR30/Gy2v2uC2FvtaNzdFEdrSPdeETIwpnyWeAsLh77XM2qV6U0LlUmUz0mNJ1w993LQikvm6K90KxB3FH+834I+C+qCP+BdGWW1lrL9g8GaDwVItMCaKDB5jXidkITXxKzBZyCal4Dg4PIbrFE9v0NeGIotmXIS+YSW/Vpo+E3g3UTLbWvAaykDBQ136ipRM0E5e8HF5DCm6SV0j2g645J0GsssPQfH1rvRq1cf35bErg1JRdY2A1OCVssOag7wQOqZ+JWokGhPOFQPKEwUK6LzjipOVroLsUO/E/6RRiuqBTiA0sTPVKMCa5Z2HcFe4xgAomG1s1FeboxfFxOHT9wje+qpevO10asil7/PTwGxG2GApiaHJqbWJDJ4Tc1ukgC4S/cnq+KBJp6XvsOqq35hHcw14J6RDuJ7zu1glX9s4XjHHExFOHo1TR7WZxImU5EgvhTZfiEo3ukeaqhnaiBaOC1qDIW14AvdwzsZ4loDbBQ5YvgJd6+mYFzFbjM0HjkrHq+aAtVCuqnStz4isqvdpbSBk41PdAlaI66EiAzuwrd1yKTDdnxRIyb9F7XTrOjf29aW72Qj663l0SqCIS3Lxur/RlCCT2FVuh1WgsfYqH4cOyxMivji2NXxV+0Z9jGhaJZHBDKcvIaryAMatqA8Qqkw5sSiR5iMHrc5IOedmZZAI6mGaK17agGINLNM7/J5e/GzMAdJOQt6wRqUQrKIQ04mUdoT5AFWp2weA+ZTIP1mHkrSmne8HSkD+QnMUjRr1qofZEYdvQ3Hi6heSoCgDmd/HxT6ZW9heeHtyf3U4R6VPXt66Yg61BJS0NndwW2yAasEgqf+nE19PXOh0Cvni+4Sa55OlLB6JfvpJxM/9ws6GuM3ffjZYBIi+Zr/xzkhXgzzVy3x/KCbbC9A5bbAwLWXaOrKRKB1F5yKaWEHCrs4Afy3e480iUbDZu69ts1PpJLqzb7jK0eeVtJB6U2hzFM8XYxaiJeVidGAKrKlJ+9cqYa0b1//Hpf5KlutN92/6Q4QgEqe3t0yCnOuUVul1dLuIHLtbiQB3bZC0cA8+c2MoTc3fHXfZtWq51KXTcmadI940TlPjw969xxOv1p2B0uVgKYMQUfPwEIlHQoBIw6bDSoW/ovCMaOHd/rw3P5o6/apkpyl1I+pvMbEkGDPR0VCSURydUo24S3KaZZO2D2B/Edfx8+/SOGAV/OeytZMZ0MCInfdgeW3WNm1pra6Kx7ao34dxOePDdI1Rom24ttJ6h11Q2opKV2VE4k4TTi9RSE5r/HJVwE0XgGkrH9DjoIYq9jMUXIl4OJVxCF0uMArtzWoNUe1emX0z9t6iq9XON2V+W7a62bbdKWw0q+XLY4Kn8GLzdla20ssn3SunRc/q9MP5RoXAz6+EbC3/ezlg++dxyByyQMdSfuBysYMZmXaNywAYi5oZC/i5QNlIxGLzHK8XTFByYjU2bNQ4pWVf/4AYwS15sKOO2g0hWLUuXblJLffN5cB3b7PyNsygK5ikQLpHIYAu2Z9yLmFX483rf/hZ62cISt9gUxeFS64sxH5ZpHs8p5E2LTwbHU1dUlR1JJ5khp+gS0m9VEx5dI+tmKEGHi5/guEmJN11AClhjNvde1ZSJku8KLcWSJX9/6RfeT2tG51mqaIUjnUzQD59142cHFzGr8Fe/c98nAuu1eyPatzbUK5q02NgPtpW+7aC+B8tXkDdy7wh7zYAyjgVZU2ZilmuUs9O5mdd3eAqNDDbOmSBn7OmUHhuPCEqL/lRYxrLSogUMx3iBj5KQl3HuwX7PgyaSBIn0ocb+OtL5rXH4W7JZ11e2BRG1/HszyjJ+QT7J7TpMqQynfZ11zGfXB9QWmZkvKX90ejYda0+n3h/ROBHcoTOOr1notnJzjM9Ndt0TnwBmVg1sArP/ODn/AMp0xud6bdxTLJ/SlHvQ5GLwmZ4lhbWXkDz2L8RQnXiz9B/Z4bDwUz27NdGlWQCEGw+6izBXEv/BnkZaHmT7zcH4njbpfnLADQwgsZ3F9yIroSUvYS9SWgnT1uLxeAA7l9b45ETwKOIRDLzUZD89CMknpmgfmEYDz3gsD0mRsZhGQKBrtltS391xokam9ZvqSuz8R2K5NhXVvscJRi6hUXFIdNoIArzNGORGCeMT897hBeXXyfiVbaRGFvtGiSeGWWvlm+b1Io0xDy24=,iv:ETYujkLOuvTdtmh6e7rO4uppJUQoyeInxE6GNkUe/Lo=,tag:bgbRWDdP+fb1Q1P/DB9ghw==,type:str]
 cert_private: ENC[AES256_GCM,data:2f7I8o06MPi6IMbuIYsLHCVfQ4PjwKu6fAfkPw8s4NaMHZX6fs26oPGB4K/fsMHW4PhDG2nrAALFmWMY/ngjBdp9puh+nRKCtbUHwnkZ2zMRhGYlES1UeMdwnUuaxfRN3wMQk4vnVW96Pz7+lIPm0yMjQgBT/z3hSdLOYHdWk0MdUpw1+Al5HrMlrv2O9bmxiM5pxE78ccdbTuiCYOTXRtq0F5xDVAL4+EBPaLBMdevDUdlL79YotYHvxSggVnjE8NMCIozCHCz640+8O6NtA6dr7Oe+WjnQJTmifA2TMEF0grDEhFs2WXSszAotKdtrt2Jk2CYw10Vg8rbJL+acw1ncgMDlueEoeg8NRlRRDzCOpDFn1syW6o3DrYijLhkF9MV3xOk7NuEbIC8+JJyDPYaql4qeX9dK90+6AtCryUo8aYUd8ZDFco7O63hx4zkYEd51QpVQUvnxXWyOb6N3S9yE3l00mswSRj/4I7kKWhrQvL+k8lCJJRBb6/4VvqhTEwrsbNOKDHT7v/i5oHqTJ7x4paXnj7WdTH6ImQHm7q/HnWDjuD0/ezp8sig3hd6VEUZG7egf4wa7M1QPlw8d7/8kQ4wJz2QHlbjLb3PQd8hyyoxnnYCy8mmgD6F8WN0XNdLqFU6aA0er6ukOE9q9EiYYo7L1EB7T/cn0uUEYMjg+F5QDJI42M26pLxYD8NKSeaiwE31EtD58tSE7VgAaasHiQHf77tSKcJNk3LE6mHMRecaOo7aBulkuUPZa0FQ5JM9Zq2Qbw8gvcC9xmwnKl5bRMIXLuFLf0W+fCxYUzsN2eynCkyx7Bb/sqMOVL0B2+8vhIwWe+vIQEhvhdYw5+ivzBpthgtfcsLQ+ru78zIQl4TjiJ3vWZWU3HEDOnzL4HoVKWMchh94h8T0i+wSXngce86jSjkz1SHCBs3YK9RfdqKIV2mvCGRwMN+0U3hpLd/nWHAdtQLckzt0uwccUWxAZLJMBdzfklomuW1i9brwYu0e1phwPzR0zNhuJEARytlxCMKdOZV1F7rY/JbGPY9n8h8rU5FHXBSEs7sAjJF+V4FxvmMV8c2IafAN5ydB4TxpzpejIWy2Oq88xtRMJgKlr2W2nSZZLX5WPHddSUEtmmTGgIH2jKEFPi/7GP6KEj8S0lAqIK+WZ/K7K81YQlM3ZTX/8e1bD+gUwqJzxgtJ7sxHFkq+H0+YEzrqT6MnxWbDve61G2a4nrJfURvleFWsNZyJE+TQxtIb8RQPTtl8SPqdxtimTVLMfUFvlbgFfrskMRElD0g8nUE3ylPyeoTbiHwC9jLyLKZ9lR1KeMZNfN22CGgLvND3DuEANjwwoEU9y34dOS+/SSF1S9rQuL2bSJEQ3I5q87kEYuXyvthXQ3XOOOgQhyx19TzVbaRI29dCQ+FS2ozAML2eKGFfcXtKgABXoUg7GJcYVp5A78eBcu3Kc1XTGdb/PJVMawIQrFRrwmXwRsFt53mYNdD1FOCXY2AwfLPi5pEzd9cu2oiP9ssDXRF9RfpiQ1ciLjZ7RCA0RCcP9HFcx3fdo5iJ2p+aM3qR9qbKNkL7TNZyogdl22TUpq/RUSlZR59SATt86eRUUOZXtfUrHwaNgAP/SSUBWrpPt0O+BM+M2uGYuTuV4P+G8FVulnoK3/2c24bSdBgd1uC2fEGAYKpxmC9AMSZeN3x57TtZrJKZZKui0E3OmHcDkTWuK8pvO2BWE9ScYG5Bg6OGFmocIEwAu6RLT7vwg5EJl5IdhP6p+lMcc6RUvcP88tdif2nCx2wBtlSKh7REtOYjEx+Uh7CLizOxTmKGt4/R0QAH78CM203bZCNggeO8DrYQbKYMV6VEpoVOkus78D2C5ozccAYTTvEgsDH68LSdKL0+T3qiVhTxET0OsF6fIgApNaiahhGeLGuh85YDsEn/twgbYBHl6C3crOl0lhfeQY2jsZeTSk8BU1HyuzlIYWdFhPmgYpdpRtJDDs+KwjAXPx0JT6YUXLEhgJthIXG2JHnOGiL1Mpg+lDrgnaXh6+aKzt/RP1XxWWC/mudKb0y8ZbKJXmUCFoymXrmoQTdluJ+PjrmvojUVmhy5ae+wqIEU3U0y+OmBsDR79Z6kzQcpIxDY0BmSPXsZFsew98OqRGpEH6sa3QNGZfOvYEcBDlnpdmy3Um/Ogpcm9/MS2z26a6qBy2xxF0hHQ/zFJQRtWGJTJo9/K5yygu9k8cgEHHkAJ8OzmNg==,iv:2N/bKN+DQOLBG235mJbB+s0KYlsKHf8waPpEcDyj5D8=,tag:exyNQV8Fggg7G0AcuaXCYg==,type:str]
 sops:
@@ -18,7 +20,7 @@ sops:
             ZFlTbm9EalZ5aitWRmpYLzBrNnVsMmsK5cT7k+lu+zGjYKnzffbsuaDXGvSUc6E4
             4rzDV9Jf7V+aHBWfDgtwbpehC4vzvN6nwQJ5P1p5BnsKY4dj4/ba/w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-12T23:11:57Z"
-    mac: ENC[AES256_GCM,data:6GEhJz7oYrPAQVR8EJYZl2pGA7OklfoMrrtNSxZHGPV5bWiAI1uWQBTexl2OMHhihQF2BEhdaTUQoyG40q5sA4aa2MqciIf/iYRsibkhjDaX0LbikpetAyx0a4SOHofUEwyYpgwgCS9Wpri70EC48u3WpgZmhrNQ2hCuJpmC63E=,iv:Tw/wcgag5rYkduOn8WKvwf2yABTJ9qdRMbFXZG8C3QY=,tag:amDbTTN444cHaKetYkq7lw==,type:str]
+    lastmodified: "2026-03-13T10:31:26Z"
+    mac: ENC[AES256_GCM,data:lvmn72LatvIGUMd+cv2Tq24+XmyMTA7nli0bfSI0oWzsecQtcmDKY1XrHAMuX2yJPOFg8V2FfjfJKc/RYl0Szg5PWl9slVkhmQaOkKBf+WP5iSOrJdazSo3T2MStpbQgX2dk3FsIoT6XoK2vO9DoaqNZLF/GNkAo9ofs20lLDqc=,iv:qKkW3JE+KhimJKZDaSMNVSj65m7BirH3igNjzbADbJM=,tag:cwuVulae/bDelPojbCWjlA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.12.1
author	Leander Scherer <leander@schererleander.de>	2026-03-13 11:48:21 +0100
committer	Leander Scherer <leander@schererleander.de>	2026-03-13 12:09:06 +0100
commit	f08a6c4d76108a5cf38394ce57e480c9ab412968 (patch)
tree	e2544790f51e1f8c22b3f9d90745fc4605bdc32c
parent	ac9c19c49c26e588076e561c726355e1703dc421 (diff)