aboutsummaryrefslogtreecommitdiff
path: root/modules/hosts/ltrr-block
diff options
context:
space:
mode:
Diffstat (limited to 'modules/hosts/ltrr-block')
-rw-r--r--modules/hosts/ltrr-block/age.nix10
-rw-r--r--modules/hosts/ltrr-block/configuration.nix467
-rw-r--r--modules/hosts/ltrr-block/disk-config.nix39
-rw-r--r--modules/hosts/ltrr-block/hardware-configuration.nix32
-rw-r--r--modules/hosts/ltrr-block/secrets/cwa.env.agebin0 -> 821 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/explo.env.agebin0 -> 3721 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/navidrome.env.agebin0 -> 351 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/rekeyed/1c8822a2f185737c765ae9a5ce0d3879-soularr-config.agebin0 -> 2790 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/rekeyed/550a141b44c76106807b541c1987996b-wg-priv-key.age8
-rw-r--r--modules/hosts/ltrr-block/secrets/rekeyed/9288d02fd4269798567444d076247538-explo-env.agebin0 -> 3760 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/rekeyed/939083f61f3167ef5aff27bdba700e8e-xray-config.agebin0 -> 1750 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/rekeyed/d5f4d0c5c7b3217d008be68e8ad757e8-navidrome-env.age7
-rw-r--r--modules/hosts/ltrr-block/secrets/rekeyed/e9669da1b38fb37ba09edf8fdeafc4de-slskd-env.agebin0 -> 507 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/slskd.env.agebin0 -> 491 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/soularr.conf.agebin0 -> 2711 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/transmission-settings.json.age8
-rw-r--r--modules/hosts/ltrr-block/secrets/wg-priv.key.agebin0 -> 294 bytes
-rw-r--r--modules/hosts/ltrr-block/secrets/xray.json.agebin0 -> 1752 bytes
18 files changed, 571 insertions, 0 deletions
diff --git a/modules/hosts/ltrr-block/age.nix b/modules/hosts/ltrr-block/age.nix
new file mode 100644
index 0000000..e22263b
--- /dev/null
+++ b/modules/hosts/ltrr-block/age.nix
@@ -0,0 +1,10 @@
+{inputs, ...}: {
+ flake.nixosModules.ltrr-block = {
+ age.rekey = {
+ hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINe2bfzslwh9DwNXopmaiRKVNQMIQNuMlP/jJCDrwSbc";
+ masterIdentities = ["/home/jerpo/.config/age/keys.txt"];
+ storageMode = "local";
+ localStorageDir = ./. + "/secrets/rekeyed";
+ };
+ };
+}
diff --git a/modules/hosts/ltrr-block/configuration.nix b/modules/hosts/ltrr-block/configuration.nix
new file mode 100644
index 0000000..5ee4711
--- /dev/null
+++ b/modules/hosts/ltrr-block/configuration.nix
@@ -0,0 +1,467 @@
+{
+ inputs,
+ self,
+ ...
+}: {
+ flake.nixosConfigurations.ltrr-block = inputs.nixpkgs-stable.lib.nixosSystem {
+ modules = [
+ self.nixosModules.ltrr-block
+ ];
+ };
+
+ flake.nixosModules.ltrr-block = {
+ modulesPath,
+ pkgs,
+ config,
+ ...
+ }: let
+ domain = "kcu.su";
+ in {
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ (modulesPath + "/profiles/qemu-guest.nix")
+
+ self.nixosModules.nginxProxy
+ self.nixosModules.directories
+ self.nixosModules.booklore
+ self.nixosModules.watcharr
+
+ inputs.disko.nixosModules.disko
+ self.diskoConfigurations.ltrr-block
+
+ inputs.agenix.nixosModules.default
+ inputs.agenix-rekey.nixosModules.default
+ ];
+
+ nixpkgs = {
+ config.allowUnfree = true;
+ overlays = [
+ self.overlays.unstable-packages
+ ];
+ };
+
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+
+ services.openssh = {
+ enable = true;
+ settings.PasswordAuthentication = false;
+ };
+
+ environment.systemPackages = with pkgs; [
+ curl
+ gitMinimal
+ ];
+
+ users.users = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru"
+ ];
+ };
+ };
+
+ users.users.mc = {
+ isNormalUser = true;
+ packages = with pkgs; [
+ steamcmd
+ tmux
+ steam-run
+ ];
+ };
+
+ users.users.files = {
+ isNormalUser = true;
+ group = "files";
+ uid = 1000;
+ linger = true;
+ extraGroups = [
+ "music"
+ "images"
+ ];
+ };
+
+ users.groups.music = {
+ gid = 991;
+ };
+
+ createPaths."/srv/files" = {
+ owner = "files";
+ permissions = "0770";
+ group = "files";
+ subPaths = {
+ "music".group = "music";
+ "images".group = "images";
+ };
+ };
+
+ networking.hostName = "ltrr-block";
+ networking.firewall = {
+ allowedTCPPorts = [80 5030 2049 25565];
+ allowedUDPPorts = [51820 16261 16262];
+ };
+
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "notspl3g+acme@duck.com";
+ };
+
+ nginxProxy = {
+ enable = true;
+ domain = domain;
+
+ recommendedProxySettings = false;
+ subdomains = {
+ "slskd" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.slskd.settings.web.port}";
+ proxyWebsockets = true;
+ };
+ "immich" = {
+ proxyPass = "http://localhost:${toString config.services.immich.port}";
+ proxyWebsockets = true;
+ recommendedProxySettings = true;
+ extraConfig = ''
+ client_max_body_size 50000M;
+ proxy_read_timeout 600s;
+ proxy_send_timeout 600s;
+ send_timeout 600s;
+ '';
+ };
+
+ "music".proxyPass = "http://127.0.0.1:5692";
+ "navidrome".proxyPass = "http://127.0.0.1:4533";
+ "files".proxyPass = "http://127.0.0.1:${toString config.services.filebrowser.settings.port}";
+ "track".proxyPass = "http://127.0.0.1:7093";
+ "tube".proxyPass = "http://127.0.0.1:5410";
+ "torrents".proxyPass = "http://127.0.0.1:7317";
+ "jellyfin".proxyPass = "http://127.0.0.1:8096";
+ "lidarr" = {
+ proxyPass = "http://127.0.0.1:8686";
+ proxyWebsockets = true;
+ };
+
+ "prowlarr".proxyPass = "http://127.0.0.1:9696";
+ "shelfmark".proxyPass = "http://127.0.0.1:8084";
+ };
+ };
+
+ age.secrets.wg-priv-key = {
+ rekeyFile = ./secrets/wg-priv.key.age;
+ };
+
+ networking.wg-quick = {
+ interfaces.wg0 = {
+ address = ["10.1.1.2/32"];
+ listenPort = 51820;
+
+ privateKeyFile = config.age.secrets.wg-priv-key.path;
+
+ peers = [
+ {
+ endpoint = "${domain}:51820";
+ publicKey = "1RwEOL8br97Mujhz3fkfYKcxUFNHYAmt5JbWTbR3ihE=";
+ allowedIPs = ["10.1.1.1/32"];
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+ };
+
+ services.tailscale.enable = true;
+
+ users.users.filebrowser.extraGroups = ["music" "images"];
+ systemd.services.filebrowser.serviceConfig.SupplementaryGroups = ["music" "images"];
+ services.filebrowser = {
+ enable = true;
+ group = "files";
+ settings = {
+ root = "/srv/files";
+ port = 9337;
+ };
+ };
+
+ systemd.tmpfiles.rules = [
+ "d /srv/files/slskd 0770 slskd music"
+ "d /opt/traggo/data"
+ "d /var/lib/traggo"
+ ];
+ users.users.slskd.extraGroups = ["files"];
+ age.secrets.slskd-env = {
+ rekeyFile = ./secrets/slskd.env.age;
+ };
+ systemd.services.slskd.serviceConfig.UMask = 0002;
+ services.slskd = {
+ enable = true;
+ environmentFile = config.age.secrets.slskd-env.path;
+ group = "music";
+ settings = {
+ shares = {
+ directories = ["/srv/files/music"];
+ filters = ["explo"];
+ };
+ directories.downloads = "/srv/files/slskd";
+ permissions.file.mode = 770;
+ web.authentication.api_keys = {
+ arr = {
+ key = "mahChufaeweipemeeheexaoDahchohZi";
+ cidr = "127.0.0.1/32";
+ };
+ };
+ };
+ openFirewall = true;
+ domain = null;
+ };
+
+ users.users.jellyfin.extraGroups = ["files"];
+ services.jellyfin = {
+ enable = true;
+ };
+
+ createPaths."/srv/files/torrents" = {
+ owner = "files";
+ group = "files";
+ permissions = "0770";
+ subPaths = {
+ "incomplete" = {};
+ "completed" = {};
+ };
+ };
+
+ users.users.lidarr.extraGroups = ["files"];
+ services.lidarr = {
+ enable = true;
+ group = "music";
+ };
+
+ services.prowlarr = {
+ enable = true;
+ };
+
+ services.qbittorrent = {
+ enable = true;
+ user = "files";
+ group = "files";
+ webuiPort = 7317;
+ serverConfig = {
+ Preferences = {
+ WebUI = {
+ Enabled = "true";
+ Username = "spl3g";
+ Password_PBKDF2 = "@ByteArray(drq4VxxcJLLK0Bma9mxUeg==:47J+BVdVlmpJt0Hb9LqiAj6rTK3ZlFPvy00PdGPtmeXO7SslNg/4Uej7Vmwn3+oFPuE1q/9tm1z1UogfopREUQ==)";
+ };
+ Downloads = {
+ SavePath = "/srv/files/torrents/complete/";
+ TempPathEnabled = "true";
+ TempPath = "/srv/files/torrents/incomplete/";
+ };
+ };
+ };
+ };
+
+ createPaths."/var/lib/soularr" = {
+ owner = "slskd";
+ group = "slskd";
+ permissions = "0770";
+ };
+ age.secrets.soularr-config = {
+ rekeyFile = ./secrets/soularr.conf.age;
+ owner = "slskd";
+ group = "music";
+ };
+ virtualisation.oci-containers.containers.soularr = {
+ image = "mrusse08/soularr:latest";
+ environment = {
+ TZ = "Asia/Yekaterinburg";
+ SCRIPT_INTERVAL = "300";
+ };
+ # slskd:music
+ user = "991:991";
+ volumes = [
+ "/srv/files/slskd:/downloads"
+ "/var/lib/soularr:/data"
+ "${config.age.secrets.soularr-config.path}:/data/config.ini"
+ ];
+ networks = [
+ "host"
+ ];
+ };
+
+ createPaths."/srv/files/explo" = {
+ owner = "files";
+ group = "music";
+ permissions = "0770";
+ };
+ age.secrets.explo-env = {
+ rekeyFile = ./secrets/explo.env.age;
+ owner = "files";
+ group = "music";
+ };
+ # TODO: write a module for explo
+ virtualisation.oci-containers.containers.explo = {
+ image = "ghcr.io/lumepart/explo:latest";
+ volumes = [
+ "${config.age.secrets.explo-env.path}:/opt/explo/.env"
+ "/srv/files/explo:/data/"
+ "/srv/files/slskd:/slskd/"
+ ];
+ environment = {
+ EXECUTE_ON_START = "true";
+ };
+ networks = [
+ "host"
+ ];
+ # files:music
+ extraOptions = [
+ "--uidmap=0:1000:1"
+ "--gidmap=0:991:1"
+ "--uidmap=1:100000:65535"
+ "--gidmap=1:100000:65535"
+ ];
+ };
+
+ age.secrets.navidrome-env = {
+ rekeyFile = ./secrets/navidrome.env.age;
+ };
+ users.users.navidrome.extraGroups = ["files" "music"];
+ systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/srv/files/explo"];
+ services.navidrome = {
+ enable = true;
+ package = pkgs.unstable.navidrome;
+ settings = {
+ BaseUrl = "https://navidrome.${domain}";
+ MusicFolder = "/srv/files/music";
+ PlaylistsPath = "playlists";
+ Scanner.PurgeMissing = "always";
+ EnableSharing = true;
+ };
+ environmentFile = config.age.secrets.navidrome-env.path;
+ };
+
+ age.secrets.xray-config = {
+ rekeyFile = ./secrets/xray.json.age;
+ };
+ services.xray = {
+ enable = true;
+ settingsFile = config.age.secrets.xray-config.path;
+ };
+
+ services.invidious = {
+ enable = true;
+ address = "127.0.0.1";
+ port = 5410;
+ domain = "tube.${domain}";
+ settings = {
+ http_proxy = {
+ host = "127.0.0.1";
+ port = 10801;
+ user = "";
+ password = "";
+ };
+ };
+ };
+
+ virtualisation.oci-containers.backend = "podman";
+ virtualisation.oci-containers.containers.aonsoku = {
+ image = "ghcr.io/victoralvesf/aonsoku:latest";
+ ports = [
+ "127.0.0.1:5692:8080"
+ ];
+ environment = {
+ SERVER_URL = "https://navidrome.${domain}";
+ HIDE_SERVER = "true";
+ };
+ };
+
+ users.groups.books = {
+ gid = 1001;
+ };
+ createPaths."/srv/files/books" = {
+ owner = "files";
+ group = "books";
+ permissions = "0770";
+ subPaths = {
+ "/library" = {};
+ "/bookdrop" = {};
+ };
+ };
+
+ createPaths."/var/lib/cwa" = {
+ owner = "files";
+ group = "books";
+ permissions = "0750";
+ };
+
+ # age.secrets.cwa-env = {
+ # rekeyFile = ./secrets/cwa.env.age;
+ # };
+ # virtualisation.oci-containers.containers.cwa = {
+ # image = "ghcr.io/crocodilestick/calibre-web-automated:latest";
+ # environmentFiles = [
+ # config.age.secrets.cwa-env.path
+ # ];
+ # environment = {
+ # TZ = "Europe/Moscow";
+ # PUID = "1000";
+ # PGID = "1001";
+ # };
+ # ports = [
+ # "127.0.0.1:8083:8083"
+ # ];
+ # volumes = [
+ # "/srv/files/books:/calibre-library"
+ # "/srv/files/books/injest:/cwa-book-ingest"
+ # "/var/lib/cwa:/config"
+ # ];
+ # };
+
+ createPaths."/var/lib/shelfmark" = {
+ owner = "files";
+ group = "books";
+ permissions = "0750";
+ };
+
+ virtualisation.oci-containers.containers.shelfmark = {
+ image = "ghcr.io/calibrain/shelfmark:latest";
+ environment = {
+ PUID = "1000";
+ PGID = "1001";
+ };
+
+ ports = [
+ "127.0.0.1:8084:8084"
+ ];
+
+ volumes = [
+ "/srv/files/books/injest:/books"
+ "/var/lib/shelfmark:/config"
+ ];
+ networks = [
+ "host"
+ ];
+ };
+ services.booklore = {
+ enable = true;
+ subdomain = "books";
+ uid = "1000";
+ gid = "1001";
+ settings = {
+ timezone = "Europe/Yekaterinburg";
+ booksDir = "/srv/files/books/library";
+ bookdropDir = "/srv/files/books/injest";
+ };
+ };
+
+ services.watcharr = {
+ enable = true;
+ subdomain = "watched";
+ };
+
+ services.immich = {
+ enable = true;
+ };
+
+ system.stateVersion = "24.05";
+ };
+}
diff --git a/modules/hosts/ltrr-block/disk-config.nix b/modules/hosts/ltrr-block/disk-config.nix
new file mode 100644
index 0000000..52c5070
--- /dev/null
+++ b/modules/hosts/ltrr-block/disk-config.nix
@@ -0,0 +1,39 @@
+{
+ flake.diskoConfigurations.ltrr-block = {
+ disko.devices = {
+ disk = {
+ main = {
+ device = "/dev/sdb";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ boot = {
+ size = "1M";
+ type = "EF02";
+ };
+ ESP = {
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = ["umask=0077"];
+ };
+ };
+ root = {
+ size = "100%";
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/modules/hosts/ltrr-block/hardware-configuration.nix b/modules/hosts/ltrr-block/hardware-configuration.nix
new file mode 100644
index 0000000..ed72c61
--- /dev/null
+++ b/modules/hosts/ltrr-block/hardware-configuration.nix
@@ -0,0 +1,32 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+ flake.nixosModules.ltrr-block = {
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+ }: {
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = ["ehci_pci" "ata_piix" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+ boot.initrd.kernelModules = [];
+ boot.kernelModules = [];
+ boot.extraModulePackages = [];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp0s29u1u3.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+ };
+}
diff --git a/modules/hosts/ltrr-block/secrets/cwa.env.age b/modules/hosts/ltrr-block/secrets/cwa.env.age
new file mode 100644
index 0000000..25e9486
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/cwa.env.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/explo.env.age b/modules/hosts/ltrr-block/secrets/explo.env.age
new file mode 100644
index 0000000..1c0f605
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/explo.env.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/navidrome.env.age b/modules/hosts/ltrr-block/secrets/navidrome.env.age
new file mode 100644
index 0000000..5a6b99d
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/navidrome.env.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/rekeyed/1c8822a2f185737c765ae9a5ce0d3879-soularr-config.age b/modules/hosts/ltrr-block/secrets/rekeyed/1c8822a2f185737c765ae9a5ce0d3879-soularr-config.age
new file mode 100644
index 0000000..608846d
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/rekeyed/1c8822a2f185737c765ae9a5ce0d3879-soularr-config.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/rekeyed/550a141b44c76106807b541c1987996b-wg-priv-key.age b/modules/hosts/ltrr-block/secrets/rekeyed/550a141b44c76106807b541c1987996b-wg-priv-key.age
new file mode 100644
index 0000000..52a14bd
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/rekeyed/550a141b44c76106807b541c1987996b-wg-priv-key.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 ptoveQ ulI09UBOLtapH3caDEteDd52zftMg/7xb9XT2N643A4
+JxzMCCqoLhPIuF7uas7xs1FhX3oqwm11a4r7mV56aiw
+-> pXy7_[-grease H=# dQnNDe%G ] o
+bT0nTM57IpqunS1CNyc/DXpM3f5L3n1887I++YtmrFZQEiU5liKv8Kr+aUD6lK7N
+S44U1Z0Y3VmTeWbN1iV0f5KMk2ZIFXtdjf1kw5JGfFWWVoGXJAxQuQ
+--- 522Kc0bJO1nPQ7bKfYj2+dNqArZpWbwGHRQCLnjbspI
+vν1PʾPMqkI6!vj/)/OZhGxnUš9cL \ No newline at end of file
diff --git a/modules/hosts/ltrr-block/secrets/rekeyed/9288d02fd4269798567444d076247538-explo-env.age b/modules/hosts/ltrr-block/secrets/rekeyed/9288d02fd4269798567444d076247538-explo-env.age
new file mode 100644
index 0000000..c11aa4a
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/rekeyed/9288d02fd4269798567444d076247538-explo-env.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/rekeyed/939083f61f3167ef5aff27bdba700e8e-xray-config.age b/modules/hosts/ltrr-block/secrets/rekeyed/939083f61f3167ef5aff27bdba700e8e-xray-config.age
new file mode 100644
index 0000000..7cba65e
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/rekeyed/939083f61f3167ef5aff27bdba700e8e-xray-config.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/rekeyed/d5f4d0c5c7b3217d008be68e8ad757e8-navidrome-env.age b/modules/hosts/ltrr-block/secrets/rekeyed/d5f4d0c5c7b3217d008be68e8ad757e8-navidrome-env.age
new file mode 100644
index 0000000..954c2bb
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/rekeyed/d5f4d0c5c7b3217d008be68e8ad757e8-navidrome-env.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 ptoveQ OduiFfXpTXdPiFhmwROVjOSFSPSE8ViVFKpDKbkU4GA
+SOtXYB7vqxYAdiZ81YkQJPU+EBljy8q/5xfUwkQE9FA
+-> GPDe-grease
+tK3q1L/lU2oMO9AzA2cfa5OE36z3x2YCGAu5SVyajQ
+--- Y//hhULEy1uzl/p289AiDRGKFuR4GufSVa48rrgD8Ck
+&o$)ʓ\StkಚJ+J=}a8~ҪCY*O@%:<x !V8eOȁnOwmMԊߔ`m-V,8y TDFjM 2߃U \ No newline at end of file
diff --git a/modules/hosts/ltrr-block/secrets/rekeyed/e9669da1b38fb37ba09edf8fdeafc4de-slskd-env.age b/modules/hosts/ltrr-block/secrets/rekeyed/e9669da1b38fb37ba09edf8fdeafc4de-slskd-env.age
new file mode 100644
index 0000000..37adc46
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/rekeyed/e9669da1b38fb37ba09edf8fdeafc4de-slskd-env.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/slskd.env.age b/modules/hosts/ltrr-block/secrets/slskd.env.age
new file mode 100644
index 0000000..1744660
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/slskd.env.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/soularr.conf.age b/modules/hosts/ltrr-block/secrets/soularr.conf.age
new file mode 100644
index 0000000..d02e1c7
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/soularr.conf.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/transmission-settings.json.age b/modules/hosts/ltrr-block/secrets/transmission-settings.json.age
new file mode 100644
index 0000000..f9811c4
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/transmission-settings.json.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 OUnJLswhrEjV/CylaDqKGX/VqhxhepjCt458Gk0wBgE
+AN2//RRPB5aF+UMSF7ezSXza3t1dr6AGuTGhVzkDitM
+-> 2f#v;H-grease dJa
+ErP6N46d+W72CKSHEbgxzWSiCjN7VM0unjwAE/LWLXt+GNUGEN3I+DaPTWf46v05
+EA
+--- URehB3fPuN8jXQoFfe2YZTyT6gZVs44slp/F7pXBYXM
+=T̈` AMwƗ{ #荂w֬5Ԫ@A܇91{,k{B͆HfSn^;Lew`W41K>hfY \ No newline at end of file
diff --git a/modules/hosts/ltrr-block/secrets/wg-priv.key.age b/modules/hosts/ltrr-block/secrets/wg-priv.key.age
new file mode 100644
index 0000000..7ea39e9
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/wg-priv.key.age
Binary files differ
diff --git a/modules/hosts/ltrr-block/secrets/xray.json.age b/modules/hosts/ltrr-block/secrets/xray.json.age
new file mode 100644
index 0000000..f50d67b
--- /dev/null
+++ b/modules/hosts/ltrr-block/secrets/xray.json.age
Binary files differ
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-24 05:39:42 +0000