common/network/pia-wireguard.nix

@@ -151,7 +151,7 @@ in
       partOf = [ containerServiceName ];
       wantedBy = [ "multi-user.target" ];
 
-      path = with pkgs; [ wireguard-tools jq curl iproute2 iputils ];
+      path = with pkgs; [ wireguard-tools jq curl iproute iputils ];
 
       serviceConfig = {
         Type = "oneshot";
@@ -224,7 +224,7 @@ in
       after = [ "network.target" "network-online.target" ];
       wantedBy = [ "multi-user.target" ];
 
-      path = with pkgs; [ wireguard-tools iproute2 curl jq iptables ];
+      path = with pkgs; [ wireguard-tools iproute curl jq iptables ];
 
       serviceConfig = {
         Type = "oneshot";

common/pc/chromium.nix

@@ -57,7 +57,7 @@ in
     };
     # todo vulkan in chrome
     # todo video encoding in chrome
-    hardware.graphics = {
+    hardware.opengl = {
       enable = true;
       extraPackages = with pkgs; [
         intel-media-driver # LIBVA_DRIVER_NAME=iHD

common/pc/default.nix

@@ -27,6 +27,10 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    # vulkan
+    hardware.opengl.driSupport = true;
+    hardware.opengl.driSupport32Bit = true;
+
     # Applications
     users.users.googlebot.packages = with pkgs; [
       chromium

common/server/default.nix

@@ -10,6 +10,7 @@
     ./matrix.nix
     ./zerobin.nix
     ./gitea.nix
+    ./privatebin/privatebin.nix
     ./radio.nix
     ./samba.nix
     ./owncast.nix

common/server/privatebin/conf.php

@@ -0,0 +1,42 @@
+;<?php http_response_code(403); /*
+[main]
+name = "Kode Paste"
+discussion = false
+opendiscussion = false
+password = true
+fileupload = false
+burnafterreadingselected = false
+defaultformatter = "plaintext"
+sizelimit = 10485760
+template = "bootstrap"
+languageselection = false
+
+[expire]
+default = "1week"
+
+[expire_options]
+5min = 300
+10min = 600
+1hour = 3600
+1day = 86400
+1week = 604800
+
+[formatter_options]
+plaintext = "Plain Text"
+syntaxhighlighting = "Source Code"
+markdown = "Markdown"
+
+[traffic]
+limit = 10
+dir = "/var/lib/privatebin"
+
+[purge]
+limit = 300
+batchsize = 10
+dir = "/var/lib/privatebin"
+
+[model]
+class = Filesystem
+
+[model_options]
+dir = "/var/lib/privatebin"

common/server/privatebin/privatebin.nix

@@ -0,0 +1,74 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.privatebin;
+  privateBinSrc = pkgs.stdenv.mkDerivation {
+    name = "privatebin";
+    src = pkgs.fetchFromGitHub {
+      owner = "privatebin";
+      repo = "privatebin";
+      rev = "d65bf02d7819a530c3c2a88f6f9947651fe5258d";
+      sha256 = "7ttAvEDL1ab0cUZcqZzXFkXwB2rF2t4eNpPxt48ap94=";
+    };
+    installPhase = ''
+      cp -ar $src $out
+    '';
+  };
+in
+{
+  options.services.privatebin = {
+    enable = lib.mkEnableOption "enable privatebin";
+    host = lib.mkOption {
+      type = lib.types.str;
+      example = "example.com";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    users.users.privatebin = {
+      description = "privatebin service user";
+      group = "privatebin";
+      isSystemUser = true;
+    };
+    users.groups.privatebin = { };
+
+    services.nginx.enable = true;
+    services.nginx.virtualHosts.${cfg.host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        root = privateBinSrc;
+        index = "index.php";
+      };
+      locations."~ \.php$" = {
+        root = privateBinSrc;
+        extraConfig = ''
+          fastcgi_pass  unix:${config.services.phpfpm.pools.privatebin.socket};
+          fastcgi_index index.php;
+        '';
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d '/var/lib/privatebin' 0750 privatebin privatebin - -"
+    ];
+
+    services.phpfpm.pools.privatebin = {
+      user = "privatebin";
+      group = "privatebin";
+      phpEnv = {
+        CONFIG_PATH = "${./conf.php}";
+      };
+      settings = {
+        pm = "dynamic";
+        "listen.owner" = config.services.nginx.user;
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "pm.max_requests" = 500;
+      };
+    };
+  };
+}

common/server/samba.nix

@@ -5,28 +5,30 @@
     services.samba = {
       openFirewall = true;
       package = pkgs.sambaFull; # printer sharing
+      securityType = "user";
 
       # should this be on?
       nsswins = true;
 
-      settings = {
+      extraConfig = ''
-        global = {
+        workgroup = HOME
-          security = "user";
+        server string = smbnix
-          workgroup = "HOME";
+        netbios name = smbnix
-          "server string" = "smbnix";
+        security = user 
-          "netbios name" = "smbnix";
+        use sendfile = yes
-          "use sendfile" = "yes";
+        min protocol = smb2
-          "min protocol" = "smb2";
+        guest account = nobody
-          "guest account" = "nobody";
+        map to guest = bad user
-          "map to guest" = "bad user";
 
-          # printing
+        # printing
-          "load printers" = "yes";
+        load printers = yes
-          printing = "cups";
+        printing = cups
-          "printcap name" = "cups";
+        printcap name = cups
 
-          "hide files" = "/.nobackup/.DS_Store/._.DS_Store/";
+        hide files = /.nobackup/.DS_Store/._.DS_Store/
-        };
+      '';
+
+      shares = {
         public = {
           path = "/data/samba/Public";
           browseable = "yes";
@@ -75,9 +77,9 @@
 
     # backups
     backup.group."samba".paths = [
-      config.services.samba.settings.googlebot.path
+      config.services.samba.shares.googlebot.path
-      config.services.samba.settings.cris.path
+      config.services.samba.shares.cris.path
-      config.services.samba.settings.public.path
+      config.services.samba.shares.public.path
     ];
 
     # Windows discovery of samba server

common/server/unifi.nix

@@ -10,8 +10,7 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    services.unifi.unifiPackage = pkgs.unifi;
+    services.unifi.unifiPackage = pkgs.unifi8;
-    services.unifi.mongodbPackage = pkgs.mongodb-7_0;
 
     networking.firewall = lib.mkIf cfg.openMinimalFirewall {
       allowedUDPPorts = [

flake.lock

@@ -207,20 +207,36 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731278633,
+        "lastModified": 1728193676,
-        "narHash": "sha256-3yxgMFssoDGm9rWJiAGfJRPctr06gaefjnpUltphkAQ=",
+        "narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "871087c18d344abaa569e7d1b7c1af576aab877f",
+        "rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "master",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "nixpkgs-frigate": {
+      "locked": {
+        "lastModified": 1695825837,
+        "narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e",
+        "type": "github"
+      }
+    },
     "radio": {
       "inputs": {
         "flake-utils": [
@@ -272,6 +288,7 @@
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-frigate": "nixpkgs-frigate",
         "radio": "radio",
         "radio-web": "radio-web",
         "simple-nixos-mailserver": "simple-nixos-mailserver",

flake.nix

@@ -1,7 +1,8 @@
 {
   inputs = {
     # nixpkgs
-    nixpkgs.url = "github:NixOS/nixpkgs/master";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+    nixpkgs-frigate.url = "github:NixOS/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e";
 
     # Common Utils Among flake inputs
     systems.url = "github:nix-systems/default";

machines/ephemeral/kexec.nix

@@ -29,10 +29,10 @@
       text = ''
         #!${pkgs.stdenv.shell}
         set -e
-        ${pkgs.kexec-tools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
+        ${pkgs.kexectools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
         sync
         echo "executing kernel, filesystems will be improperly umounted"
-        ${pkgs.kexec-tools}/bin/kexec -e
+        ${pkgs.kexectools}/bin/kexec -e
       '';
     };
     kexec_tarball = pkgs.callPackage (modulesPath + "/../lib/make-system-tarball.nix") {

machines/howl/hardware-configuration.nix

@@ -30,22 +30,22 @@
   # disks
   remoteLuksUnlock.enable = true;
   boot.initrd.luks.devices."enc-pv" = {
-    device = "/dev/disk/by-uuid/2e4a6960-a6b1-40ee-9c2c-2766eb718d52";
+    device = "/dev/disk/by-uuid/c801586b-f0a2-465c-8dae-532e61b83fee";
     allowDiscards = true;
   };
   fileSystems."/" =
     {
-      device = "/dev/disk/by-uuid/1f62386c-3243-49f5-b72f-df8fc8f39db8";
+      device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
       fsType = "btrfs";
     };
   fileSystems."/boot" =
     {
-      device = "/dev/disk/by-uuid/F4D9-C5E8";
+      device = "/dev/disk/by-uuid/B087-2C20";
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
   swapDevices =
-    [{ device = "/dev/disk/by-uuid/5f65cb11-2649-48fe-9c78-3e325b857c53"; }];
+    [{ device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

machines/storage/s0/default.nix

@@ -154,7 +154,7 @@
   nixpkgs.config.packageOverrides = pkgs: {
     vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
   };
-  hardware.graphics = {
+  hardware.opengl = {
     enable = true;
     extraPackages = with pkgs; [
       intel-media-driver
@@ -262,7 +262,6 @@
     openMinimalFirewall = true;
   };
 
-  # TODO: setup backup
   services.vikunja = {
     enable = true;
     port = 61473;
@@ -272,9 +271,6 @@
       service.enableregistration = false;
     };
   };
-  backup.group."vikunja".paths = [
-    "/var/lib/vikunja"
-  ];
 
   boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
 }

machines/storage/s0/frigate.nix

@@ -82,11 +82,9 @@ lib.mkMerge [
       settings = {
         mqtt = {
           enabled = true;
-          host = "localhost";
+          host = "localhost:1883";
-          port = 1883;
-          user = "root";
-          password = "{FRIGATE_MQTT_PASSWORD}";
         };
+        rtmp.enabled = false;
         snapshots = {
           enabled = true;
           bounding_box = true;
@@ -147,23 +145,11 @@ lib.mkMerge [
     systemd.services.frigate.serviceConfig.SupplementaryGroups = [ "apex" ];
 
     # Coral PCIe driver
-    boot.extraModulePackages = with config.boot.kernelPackages; [ gasket ];
+    kernel.enableGasketKernelModule = true;
-    services.udev.extraRules = ''
-      SUBSYSTEM=="apex", MODE="0660", GROUP="apex"
-    '';
 
     services.frigate.settings.detectors.coral = {
       type = "edgetpu";
       device = "pci";
     };
   }
-  {
-    # Fix bug in nixos module where cache is not cleared when starting the service because "rm" cannot be found
-    systemd.services.frigate.serviceConfig.ExecStartPre = lib.mkForce "${pkgs.bash}/bin/sh -c 'rm -f /var/cache/frigate/*.mp4'";
-  }
-  {
-    # Don't require authentication for frigate
-    # This is ok because the reverse proxy already requires tailscale access anyway
-    services.frigate.settings.auth.enabled = false;
-  }
 ]

machines/storage/s0/hardware-configuration.nix

@@ -22,6 +22,7 @@
   # zfs
   networking.hostId = "5e6791f0";
   boot.supportedFilesystems = [ "zfs" ];
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
 
   # luks
   remoteLuksUnlock.enable = true;

machines/storage/s0/home-automation.nix

@@ -3,6 +3,7 @@
 {
   services.esphome.enable = true;
 
+  # TODO lock down
   services.mosquitto = {
     enable = true;
     listeners = [
@@ -24,13 +25,12 @@
       homeassistant = true;
       permit_join = false;
       serial = {
-        adapter = "ember";
         port = "/dev/ttyACM0";
       };
       mqtt = {
         server = "mqtt://localhost:1883";
         user = "root";
-        password = "!/run/agenix/zigbee2mqtt.yaml mqtt_password";
+        password = "'!/run/agenix/zigbee2mqtt.yaml mqtt_password'";
       };
       frontend = {
         host = "localhost";
@@ -38,10 +38,7 @@
       };
     };
   };
-  age.secrets."zigbee2mqtt.yaml" = {
+  age.secrets."zigbee2mqtt.yaml".file = ../../../secrets/zigbee2mqtt.yaml.age;
-    file = ../../../secrets/zigbee2mqtt.yaml.age;
-    owner = "zigbee2mqtt";
-  };
 
   services.home-assistant = {
     enable = true;

machines/zoidberg/default.nix

@@ -33,9 +33,9 @@
   hardware.enableAllFirmware = true;
 
   # ROCm
-  hardware.graphics.extraPackages = with pkgs; [
+  hardware.opengl.extraPackages = with pkgs; [
-    rocmPackages.clr.icd
+    rocm-opencl-icd
-    rocmPackages.clr
+    rocm-opencl-runtime
   ];
   systemd.tmpfiles.rules = [
     "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"

machines/zoidberg/hardware-configuration.nix

@@ -17,17 +17,16 @@
   boot.extraModulePackages = [ ];
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
-  # luks unlock with clevis
-  boot.initrd.systemd.enable = true;
-  boot.initrd.clevis = {
-    enable = true;
-    devices."enc-pv".secretFile = "/secret/decrypt.jwe";
-  };
-
   # disks
+  remoteLuksUnlock.enable = true;
   boot.initrd.luks.devices."enc-pv" = {
     device = "/dev/disk/by-uuid/04231c41-2f13-49c0-8fce-0357eea67990";
     allowDiscards = true;
+
+    # Fetch key from USB drive
+    keyFileSize = 4096;
+    keyFile = "/dev/disk/by-id/usb-Mass_Storage_Device_121220160204-0:0-part2";
+    fallbackToPassword = true;
   };
   fileSystems."/" =
     {

overlays/default.nix

@@ -3,7 +3,13 @@ final: prev:
 
 let
   system = prev.system;
+  frigatePkgs = inputs.nixpkgs-frigate.legacyPackages.${system};
 in
 {
+  # It seems that libedgetpu needs to be built with the newer version of tensorflow in nixpkgs
+  # but I am lazy so I instead just downgrade by using the old nixpkgs
+  libedgetpu = frigatePkgs.callPackage ./libedgetpu { };
+  frigate = frigatePkgs.frigate;
+
   actual-server = prev.callPackage ./actualbudget { };
 }

overlays/kernel-modules/default.nix

@@ -7,5 +7,13 @@
 
 let
   cfg = config.kernel;
+
+  gasket = config.boot.kernelPackages.callPackage ./gasket.nix { };
 in
-{ }
+{
+  options.kernel.enableGasketKernelModule = lib.mkEnableOption "Enable Gasket Kernel Module";
+
+  config = lib.mkIf cfg.enableGasketKernelModule {
+    boot.extraModulePackages = [ gasket ];
+  };
+}

overlays/kernel-modules/gasket.nix

@@ -0,0 +1,36 @@
+{ stdenv, lib, fetchFromGitHub, kernel }:
+
+stdenv.mkDerivation rec {
+  pname = "gasket";
+  version = "1.0-18-unstable-2023-09-05";
+
+  src = fetchFromGitHub {
+    owner = "google";
+    repo = "gasket-driver";
+    rev = "5815ee3908a46a415aac616ac7b9aedcb98a504c";
+    sha256 = "sha256-O17+msok1fY5tdX1DvqYVw6plkUDF25i8sqwd6mxYf8=";
+  };
+
+  makeFlags = kernel.makeFlags ++ [
+    "-C"
+    "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+    "M=$(PWD)"
+  ];
+  buildFlags = [ "modules" ];
+
+  installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ];
+  installTargets = [ "modules_install" ];
+
+  sourceRoot = "${src.name}/src";
+  hardeningDisable = [ "pic" "format" ];
+  nativeBuildInputs = kernel.moduleBuildDependencies;
+
+  meta = with lib; {
+    description = "The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems.";
+    homepage = "https://github.com/google/gasket-driver";
+    license = licenses.gpl2;
+    maintainers = [ lib.maintainers.kylehendricks ];
+    platforms = platforms.linux;
+    broken = versionOlder kernel.version "5.15";
+  };
+}

overlays/libedgetpu/default.nix

@@ -0,0 +1,72 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, libusb1
+, abseil-cpp
+, flatbuffers
+, xxd
+}:
+
+let
+  flatbuffers_1_12 = flatbuffers.overrideAttrs (oldAttrs: rec {
+    version = "1.12.0";
+    NIX_CFLAGS_COMPILE = "-Wno-error=class-memaccess -Wno-error=maybe-uninitialized";
+    cmakeFlags = (oldAttrs.cmakeFlags or [ ]) ++ [ "-DFLATBUFFERS_BUILD_SHAREDLIB=ON" ];
+    NIX_CXXSTDLIB_COMPILE = "-std=c++17";
+    configureFlags = (oldAttrs.configureFlags or [ ]) ++ [ "--enable-shared" ];
+    src = fetchFromGitHub {
+      owner = "google";
+      repo = "flatbuffers";
+      rev = "v${version}";
+      sha256 = "sha256-L1B5Y/c897Jg9fGwT2J3+vaXsZ+lfXnskp8Gto1p/Tg=";
+    };
+  });
+
+in
+stdenv.mkDerivation rec {
+  pname = "libedgetpu";
+  version = "grouper";
+
+  src = fetchFromGitHub {
+    owner = "google-coral";
+    repo = pname;
+    rev = "release-${version}";
+    sha256 = "sha256-73hwItimf88Iqnb40lk4ul/PzmCNIfdt6Afi+xjNiBE=";
+  };
+
+  patches = [ ./libedgetpu-stddef.diff ];
+
+  makeFlags = [ "-f" "makefile_build/Makefile" "libedgetpu" ];
+
+  buildInputs = [
+    libusb1
+    abseil-cpp
+    flatbuffers_1_12
+  ];
+
+  nativeBuildInputs = [
+    xxd
+  ];
+
+  NIX_CXXSTDLIB_COMPILE = "-std=c++17";
+
+  TFROOT = "${fetchFromGitHub {
+    owner = "tensorflow";
+    repo = "tensorflow";
+    rev = "v2.7.4";
+    sha256 = "sha256-liDbUAdaVllB0b74aBeqNxkYNu/zPy7k3CevzRF5dk0=";
+  }}";
+
+  enableParallelBuilding = false;
+
+  installPhase = ''
+    mkdir -p $out/lib
+    cp out/direct/k8/libedgetpu.so.1.0 $out/lib
+    ln -s $out/lib/libedgetpu.so.1.0 $out/lib/libedgetpu.so.1
+    mkdir -p $out/lib/udev/rules.d
+    cp debian/edgetpu-accelerator.rules $out/lib/udev/rules.d/99-edgetpu-accelerator.rules
+
+    # PCIe rule
+    echo 'SUBSYSTEM=="apex", MODE="0660", GROUP="apex"' > $out/lib/udev/rules.d/65-apex.rules
+  '';
+}

overlays/libedgetpu/libedgetpu-stddef.diff

@@ -0,0 +1,12 @@
+diff --git a/api/allocated_buffer.h b/api/allocated_buffer.h
+index 97740f0..7bc0547 100644
+--- a/api/allocated_buffer.h
++++ b/api/allocated_buffer.h
+@@ -16,6 +16,7 @@
+ #define DARWINN_API_ALLOCATED_BUFFER_H_
+ 
+ #include <functional>
++#include <cstddef>
+ 
+ namespace platforms {
+ namespace darwinn {

secrets/digitalocean-dns-credentials.age

@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 WBT1Hw TGdD8Nw+GPITDOXGhevSu+880DWET7WYN3nIyJ0xy2o
+-> ssh-ed25519 WBT1Hw wjZGPvilRXGZsC2+7dWm/Nbau8Allv29WwQCr0XSAWU
-69xepRTnmaFwa4IsGJjDdwZqTSf5fz6EZK0/q3oz/ZA
+uTOf/sokutOGDyc8fbTbBWXqCVQCFhGdHxwA6SXqhdA
--> ssh-ed25519 6AT2/g EmqXrXXsRxSS6AsH+7VMgoJTYo9eGj8ebLiLT4IWNxg
+-> ssh-ed25519 6AT2/g NU068qwqOWiKk0QwqP9vU4xJaND2OR4bo8xkmdWATgY
-eKs5/3tQMdg5bGJKNz8PFh9C7HiV+IlOU9dzpYcGIjo
+uGd0sb5PH+rREn9pgLOFwk29CX66aPBQMvr4rBazylc
--> ssh-ed25519 hPp1nw wsIF676is8FquF6oANNauPrumsMnfVUZpPeVKEtBOzQ
+-> ssh-ed25519 hPp1nw r2JRiZ7fsHPYDlte6Oh2Gx1KkugekFeeg3xSjziI+hQ
-qZR8LSF+TQ2K3K0An69NHfk53ZqNEWev0IVcb71SR40
+xnO0gscMdR25mj5uAX7D42FCbCQhqbU0wkiLX4OmVqk
--> ssh-ed25519 w3nu8g TKHY/5JuzFMhbW9CQAOI3woX8M9b1H/XXUpIMT0Mylk
+-> ssh-ed25519 w3nu8g F03mPU63WwEs1SLUFErLOVCkARoggGIvvz9TFZfMOBY
-byJV0/BJ3ftG5eYv5BeyIYBi0VoWG31HRiENUxSeYE8
+HOdVA3xW9pqUPhclO6VueSfXg3ux06Ch3fucF6Vr4hM
---- fwHXHtE/sMLqCLSD8tR0oCPgNuif9Y/ncHU97hbf/Bw
+--- niyo231HPT/+2dzflP+zhYjL9XiWsk7svesCYdkU1jA
-f"+ÉŒqc<71>H†Ñjï!JSšË¡Ì|yMìðX¼þMl<4D>ýçCy™îUXn»Égk¨ë)¤óOY§uº„¦²¶g%è Håvn·œ5ô!$Jœ¤Š…¶›$<24>#Dö;±¥àÖ	}ÏŸcçKšˆ{R/
+DÑØQî¬5–-ô@<40>¢¿—ßÐN5<4E> Ãÿ$Ø‚™’Çž…êÐ<C3AA>X=ŒHŽDÁ`P×5ZA´÷¼YóäÓ?¡é^[³1”6ÕK*mP݈ª­æ1æç÷ß›ƒ:$^ÑfDœ*î†ÿ“š-zi´"·Tàuÿüò

secrets/frigate-credentials.age

@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 hPp1nw zOXF7NsZjm+DCYrJ+Ap2mX35JUt37CLJP1RhyOjB/XE
+-> ssh-ed25519 hPp1nw Chke1ZtpXxN1c1+AnJ6Cd5kpM1KfQKTwymrfPW53QCA
-ePprJM2cnhYZhP8aJUXOZeGHJm/DHlRYomWN+lFaU6w
+jUcw8eitC7r0rwefjllndZjARIqpWoVqGCnefHfjQ6Y
--> ssh-ed25519 w3nu8g gjeFAbFWXyPdGauKHXAzuIP9fmaj2Oysq9fHO8q7u38
+-> ssh-ed25519 w3nu8g KY/5bU1B5uvmfGHF2d6qBL1NYy64qo324rdvkgnXoDA
-KiMR0pgEPtsfZnYAIsH7UHNhnsB6rtsW/hqV03uS2dI
+OBvuFtzZXQ0RmmEXelyzHMMiVqZir7zQJMA36ZH2siE
---- BPzPECz1g6vEv4OlRn6+FnWP9oq3tn6TN2o867icxYA
+--- CSd7lYSYQ2fCTjkJLPGdaNGL8eVpE9IBEyFo0LW907M
-}ìjºùŽ+l&þàx<C3A0>-TïÝ‹b‡ÅèØÄ·<C384>€Dg‰ñgc’*ˆ0<CB86>÷µcp
…}uþ‹7Íßã%9Ð%ŽÒú›©S¥ ‰|šôêöQœÃ*9Ø$ä ŽŠ
ÍÖi;)c?ÍÍýGh¤VvªnlÚs¤Ç)r }Ò­hE5K‡bg­–-<2D>®
+£³$šO†ÈIß/À//Êw*ƒ™õD¤@u5o[¼â:·äš¥t¾˜]Jñ쮸™@Ùhþu£Àk;?·XüÁHRº’Ñ°E5¥ÍçÜ9