git: Move to forgejo and migrate to marabethia

.gitlab-ci.yml

@@ -1,25 +0,0 @@
-default:
-  tags:
-    - nix
-
-variables:
-  WORKFLOW:
-    options:
-      - update
-      - build
-    description: "Workflow to trigger"
-    value: update
-
-include:
-  - local: .gitlab-ci/build.yml
-    rules:
-      - if: $CI_PIPELINE_SOURCE == "push"
-      - if: $CI_PIPELINE_SOURCE == "web" && $WORKFLOW == "build"
-  - local: .gitlab-ci/update.yml
-    rules:
-      - if: $CI_PIPELINE_SOURCE == "schedule"
-      - if: $CI_PIPELINE_SOURCE == "web" && $WORKFLOW == "update"
-
-show-latest-commit:
-  stage: .pre
-  script: git show HEAD -q

.gitlab-ci/build.yml

@@ -1,22 +0,0 @@
-stages:
-  - build
-
-workflow:
-  name: "Build $CI_COMMIT_TITLE"
-
-build-nixos-configurations:
-  stage: build
-  parallel:
-    matrix:
-      - HOST_TO_BUILD:
-          - elendel
-          - kholinar
-          - lasting-integrity
-          - marabethia
-          - urithiru
-  script:
-    - nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
-    - cachix --version
-    - cachix authtoken $CACHIX_AUTH_TOKEN
-    - nix build -j 2 --cores 2 -L --no-link .#nixosConfigurations.${HOST_TO_BUILD}.config.system.build.toplevel
-    - nix eval --json .#nixosConfigurations.${HOST_TO_BUILD}.config.system.build.toplevel | sed 's/"\(.*\)"/\1/' | cachix push chvp

.gitlab-ci/update.yml

@@ -1,51 +0,0 @@
-stages:
-  - prepare
-  - build
-  - commit
-
-workflow:
-  name: "Update dependencies"
-
-update-flake-lock:
-  stage: prepare
-  script: nix flake update
-  artifacts:
-    paths:
-      - flake.lock
-    expire_in: 1 day
-
-build-nixos-configurations:
-  stage: build
-  parallel:
-    matrix:
-      - HOST_TO_BUILD:
-          - elendel
-          - kholinar
-          - lasting-integrity
-          - marabethia
-          - urithiru
-  needs:
-    - job: update-flake-lock
-      artifacts:  true
-  script:
-    - git diff --quiet && exit 0 || true
-    - nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
-    - cachix --version
-    - cachix authtoken $CACHIX_AUTH_TOKEN
-    - nix build -j 2 --cores 2 -L --no-link .#nixosConfigurations.${HOST_TO_BUILD}.config.system.build.toplevel
-    - nix eval --json .#nixosConfigurations.${HOST_TO_BUILD}.config.system.build.toplevel | sed 's/"\(.*\)"/\1/' | cachix push chvp
-
-commit-and-push:
-  stage: commit
-  needs:
-    - job: update-flake-lock
-      artifacts: true
-    - job: build-nixos-configurations
-  script:
-    - git diff --quiet && exit 0 || true
-    - git add flake.lock
-    - git config user.email "$UPDATE_COMMIT_EMAIL"
-    - git config user.name "$UPDATE_COMMIT_NAME"
-    - git commit -m "Update dependencies"
-    - git push https://gitlab-ci-token:${CI_PUSH_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git HEAD:$CI_COMMIT_BRANCH
-    

flake.lock

@@ -629,19 +629,17 @@
         ]
       },
       "locked": {
-        "host": "git.chvp.be",
         "lastModified": 1731254890,
         "narHash": "sha256-NPDg6upIPvfp9dMB1HucAfkPn2NkwRhjd99dSRwdq3E=",
-        "owner": "chvp",
+        "ref": "refs/heads/main",
-        "repo": "www.chvp.be",
         "rev": "55c0a8de44be8bf46081c8310fbd9e89d62281b2",
-        "type": "gitlab"
+        "revCount": 29,
+        "type": "git",
+        "url": "https://git.chvp.be/chvp/www.chvp.be"
       },
       "original": {
-        "host": "git.chvp.be",
+        "type": "git",
-        "owner": "chvp",
+        "url": "https://git.chvp.be/chvp/www.chvp.be"
-        "repo": "www.chvp.be",
-        "type": "gitlab"
       }
     }
   },

flake.nix

@@ -88,7 +88,7 @@
       };
     };
     www-chvp-be = {
-      url = "gitlab:chvp/www.chvp.be?host=git.chvp.be";
+      url = "git+https://git.chvp.be/chvp/www.chvp.be";
       inputs = {
         devshell.follows = "devshell";
         flake-utils.follows = "flake-utils";

machines/lasting-integrity/default.nix

@@ -36,12 +36,6 @@
             fast = true;
             location = "192.168.0.1";
           }
-          {
-            path = "zdata/big-apps/git";
-            remotePath = "zdata/recv/lasting-integrity/big-apps/git";
-            fast = true;
-            location = "192.168.0.1";
-          }
           {
             path = "zdata/big-apps/mail";
             remotePath = "zdata/recv/lasting-integrity/big-apps/mail";
@@ -60,7 +54,6 @@
       };
     };
     services = {
-      git.enable = true;
       mail.enable = true;
       matrix.enable = true;
       nginx.hosts = [

machines/marabethia/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ lib, pkgs, config, ... }:
 
 {
   imports = [ ./hardware.nix ];
@@ -38,6 +38,7 @@
       tetris.server = true;
     };
     services = {
+      git.enable = true;
       nginx.hosts = [
         {
           fqdn = "cvpetegem.be";
@@ -65,4 +66,5 @@
       ];
     };
   };
+  services.postgresql.dataDir = lib.mkForce "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
 }

machines/marabethia/hardware.nix

@@ -57,6 +57,14 @@
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
+    "/var/lib/forgejo" = {
+      device = "zroot/safe/services/forgejo";
+      fsType = "zfs";
+    };
+    "/var/lib/postgresql" = {
+      device = "zroot/safe/services/postgresql";
+      fsType = "zfs";
+    };
   };
 
   swapDevices = [

machines/urithiru/default.nix

@@ -63,7 +63,6 @@
       containers.externalInterface = "eno3";
       data-access.enable = true;
       torrents.enable = true;
-      git.runner.enable = true;
     };
   };
 

machines/urithiru/hardware.nix

@@ -49,10 +49,6 @@
       device = "zdata/data";
       fsType = "zfs";
     };
-    "/var/lib/private/gitlab-runner" = {
-      device = "zdata/big-apps/gitlab-runner";
-      fsType = "zfs";
-    };
     "/var/lib/accentor" = {
       device = "zdata/big-apps/accentor";
       fsType = "zfs";

modules/nixos/base/default.nix

@@ -18,7 +18,7 @@
   config = {
     system.autoUpgrade = {
       enable = true;
-      flake = "gitlab:chvp/nixos-config?host=git.chvp.be";
+      flake = "git+https://git.chvp.be/chvp/nixos-config";
       dates = "01/4:00";
       randomizedDelaySec = "10min";
     };

modules/nixos/services/git/default.nix

@@ -1,85 +1,97 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [ ./runner.nix ];
-
   options.chvp.services.git.enable = lib.mkOption {
     default = false;
     example = true;
   };
 
   config = lib.mkIf config.chvp.services.git.enable {
-    chvp.services.nginx.hosts = [{
+    chvp.services.nginx.hosts = [
-      fqdn = "git.chvp.be";
+      {
-      options = {
+        fqdn = "git.chvp.be";
-        locations."/" = {
+        options = {
-          proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+          locations."/" = {
-          extraConfig = ''
+            proxyPass = "http://unix:/run/forgejo/forgejo.socket";
-            client_max_body_size 50M;
+            extraConfig = ''
-          '';
+              client_max_body_size 50M;
+            '';
+          };
         };
-      };
+      }
-    }];
+    ];
     users = {
       users = {
         git = {
-          uid = lib.mkForce 963;
+          home = "/var/lib/forgejo";
           group = "git";
           isSystemUser = true;
           useDefaultShell = true;
         };
         nginx.extraGroups = [ "git" ];
       };
-      groups.git.gid = lib.mkForce 963;
+      groups.git = {};
     };
-    services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
+    services = {
-    services.gitlab = {
+      forgejo = {
-      enable = true;
-      statePath = "/var/lib/git/state";
-      backup.path = "/var/lib/git/backup";
-      databaseCreateLocally = true;
-      databaseUsername = "git";
-      databaseName = "git";
-      user = "git";
-      group = "git";
-      host = "git.chvp.be";
-      port = 443;
-      https = true;
-      initialRootEmail = "charlotte@vanpetegem.be";
-      initialRootPasswordFile = config.age.secrets."passwords/services/git/initial-root-password".path;
-      # Hack, https://github.com/NixOS/nixpkgs/pull/135926 broke stuff
-      pages.settings.pages-domain = "not.actually.enabled";
-      secrets = {
-        dbFile = config.age.secrets."passwords/services/git/db".path;
-        jwsFile = config.age.secrets."passwords/services/git/jws".path;
-        otpFile = config.age.secrets."passwords/services/git/otp".path;
-        secretFile = config.age.secrets."passwords/services/git/secret".path;
-      };
-      smtp = {
         enable = true;
-        enableStartTLSAuto = false;
+        stateDir = "/var/lib/forgejo";
+        user = "git";
+        group = "git";
+        database = {
+          type = "postgres";
+          user = "git";
+          name = "git";
+          createDatabase = true;
+        };
+        settings = {
+          repository = {
+            ENABLE_PUSH_CREATE_USER = true;
+            ENABLE_PUSH_CREATE_ORG = true;
+          };
+          server = {
+            DOMAIN = "git.chvp.be";
+            PROTOCOL = "http+unix";
+            ROOT_URL = "https://git.chvp.be/";
+            HTTP_ADDR = "/run/forgejo/forgejo.socket";
+          };
+          service.EMAIL_DOMAIN_ALLOWLIST = "vanpetegem.be";
+          mailer = {
+            ENABLED = true;
+            PROTOCOL = "smtps";
+            SMTP_ADDR = "mail.vanpetegem.me";
+            SMPT_PORT = 465;
+            USER = "git@chvp.be";
+            FROM = "Git <git@chvp.be>";
+          };
+          "email.incoming" = {
+            ENABLED = true;
+            REPLY_TO_ADDRESS = "git+%{token}@chvp.be";
+            HOST = "mail.vanpetegem.me";
+            PORT = 993;
+            USERNAME = "git@chvp.be";
+            USE_TLS = true;
+          };
+          session = {
+            COOKIE_SECURE = true;
+            PROVIDER = "db";
+            COOKIE_NAME = "forgejo_session";
+          };
+          log = {
+            ROOT_PATH = "/var/log/forgejo";
+          };
+        };
+        secrets = {
+          mailer.PASSWD = config.age.secrets."passwords/services/git/mail-password".path;
+          "email.incoming".PASSWORD = config.age.secrets."passwords/services/git/mail-password".path;
+        };
       };
     };
-
+    age.secrets = {
-    age.secrets."passwords/services/git/initial-root-password" = {
+      "passwords/services/git/mail-password" = {
-      file = ../../../../secrets/passwords/services/git/initial-root-password.age;
+        file = ../../../../secrets/passwords/services/git/mail-password.age;
-      owner = "git";
+        owner = "git";
-    };
+      };
-    age.secrets."passwords/services/git/db" = {
-      file = ../../../../secrets/passwords/services/git/db.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/jws" = {
-      file = ../../../../secrets/passwords/services/git/jws.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/otp" = {
-      file = ../../../../secrets/passwords/services/git/otp.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/secret" = {
-      file = ../../../../secrets/passwords/services/git/secret.age;
-      owner = "git";
     };
   };
 }

modules/nixos/services/git/runner.nix

@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  options.chvp.services.git.runner.enable = lib.mkOption {
-    default = false;
-    example = true;
-  };
-
-  config = lib.mkIf config.chvp.services.git.runner.enable {
-    services.gitlab-runner = {
-      enable = true;
-      settings.concurrent = 8;
-      services = {
-        nix = {
-          authenticationTokenConfigFile = config.age.secrets."passwords/services/gitlab-runner/registration".path;
-          dockerImage = "alpine";
-          dockerVolumes = [
-            "/nix/store:/nix/store:ro"
-            "/nix/var/nix/db:/nix/var/nix/db:ro"
-            "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
-            "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
-          ];
-          preBuildScript = pkgs.writeScript "setup-container" ''
-            mkdir -p -m 0755 /nix/var/log/nix/drvs
-            mkdir -p -m 0755 /nix/var/nix/gcroots
-            mkdir -p -m 0755 /nix/var/nix/profiles
-            mkdir -p -m 0755 /nix/var/nix/temproots
-            mkdir -p -m 0755 /nix/var/nix/userpool
-            mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
-            mkdir -p -m 1777 /nix/var/nix/profiles/per-user
-            mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
-            mkdir -p -m 0700 "$HOME/.nix-defexpr"
-
-            . ${pkgs.nix}/etc/profile.d/nix.sh
-
-            ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
-          '';
-          environmentVariables = {
-            ENV = "/etc/profile";
-            USER = "root";
-            NIX_REMOTE = "daemon";
-            PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
-            NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
-          };
-          requestConcurrency = 4;
-        };
-      };
-    };
-    virtualisation.docker = {
-      enable = true;
-      storageDriver = "zfs";
-    };
-    age.secrets."passwords/services/gitlab-runner/registration" = {
-      file = ../../../../secrets/passwords/services/gitlab-runner/registration.age;
-    };
-  };
-}

modules/nixos/services/mail/default.nix

@@ -45,6 +45,9 @@ in
           hashedPasswordFile = config.age.secrets."passwords/services/mail/noreply@vanpetegem.me".path;
           sendOnly = true;
         };
+        "git@chvp.be" = {
+          hashedPasswordFile = config.age.secrets."passwords/services/mail/git@chvp.be".path;
+        };
         "peter@vanpetegem.me".hashedPasswordFile = config.age.secrets."passwords/services/mail/peter@vanpetegem.me".path;
         "postbot@vanpetegem.be" = {
           hashedPasswordFile = config.age.secrets."passwords/services/mail/postbot@vanpetegem.be".path;
@@ -163,6 +166,7 @@ in
 
     age.secrets = {
       "passwords/services/mail/charlotte@vanpetegem.be".file = ../../../../secrets/passwords/services/mail/charlotte_at_vanpetegem.be.age;
+      "passwords/services/mail/git@chvp.be".file = ../../../../secrets/passwords/services/mail/git_at_chvp.be.age;
       "passwords/services/mail/hallo@estherdereys.be".file = ../../../../secrets/passwords/services/mail/hallo_at_estherdereys.be.age;
       "passwords/services/mail/hallo@robbe.be".file = ../../../../secrets/passwords/services/mail/hallo_at_robbe.be.age;
       "passwords/services/mail/huis@vanpetegem.me".file = ../../../../secrets/passwords/services/mail/huis_at_vanpetegem.me.age;

secrets.nix

@@ -56,6 +56,7 @@ in
   "secrets/files/services/phone-push-url.age".publicKeys = hosts ++ users;
 
   "secrets/passwords/services/mail/charlotte_at_vanpetegem.be.age".publicKeys = [ lasting-integrity ] ++ users;
+  "secrets/passwords/services/mail/git_at_chvp.be.age".publicKeys = [ lasting-integrity ] ++ users;
   "secrets/passwords/services/mail/hallo_at_estherdereys.be.age".publicKeys = [ lasting-integrity ] ++ users;
   "secrets/passwords/services/mail/hallo_at_robbe.be.age".publicKeys = [ lasting-integrity ] ++ users;
   "secrets/passwords/services/mail/huis_at_vanpetegem.me.age".publicKeys = [ lasting-integrity ] ++ users;
@@ -70,12 +71,7 @@ in
 
   "secrets/passwords/services/acme.age".publicKeys = servers ++ users;
 
-  "secrets/passwords/services/git/initial-root-password.age".publicKeys = [ lasting-integrity ] ++ users;
+  "secrets/passwords/services/git/mail-password.age".publicKeys = [ marabethia ] ++ users;
-  "secrets/passwords/services/git/db.age".publicKeys = [ lasting-integrity ] ++ users;
-  "secrets/passwords/services/git/jws.age".publicKeys = [ lasting-integrity ] ++ users;
-  "secrets/passwords/services/git/otp.age".publicKeys = [ lasting-integrity ] ++ users;
-  "secrets/passwords/services/git/secret.age".publicKeys = [ lasting-integrity ] ++ users;
-  "secrets/passwords/services/gitlab-runner/registration.age".publicKeys = [ urithiru ] ++ users;
 
   "secrets/passwords/services/grafana/smtp.age".publicKeys = [ lasting-integrity ] ++ users;
   "secrets/passwords/services/grafana/admin-password.age".publicKeys = [ lasting-integrity ] ++ users;

secrets/passwords/services/git/db.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 hKAFvQ ZVhecA7WqkdJtCPqWogq3BIXz0f6T8OOkhxCJmckgw4
-BmAAHthltoycUvNO937WlLyVhMkzenfgUas2TFWS6Fw
--> ssh-ed25519 s9rb8g PuELrS+jvvTtamgHyT6BI9grwyA+OCCChOETZuHDA3w
-6rxMTIjrm4Gg9A5gGioHica0TuYkPKWmOs2f7FosGRw
--> ssh-ed25519 +xxExQ qweX701p8BB8gZP/+oK82nu8Tn0reKzIpvus1uL3ZSY
-jp8pFcpW9gcZvrHEGzbU3+JG7kLuUdiV+d+auXJk9Ps
---- Y/2AE4wTZCIE2jnC3nfVL3hVZwgA6sxd96fp8JZm04g
-x®QACä
ÊÍ«<C38D><C2AB>Á†×ü<C397>óó9å<39>ã‰c¥Ç<C2A5>Pˆ'ÈkAÜŽV`‚<C382><E2809A>‡ùöW¾H4ð+W|»Ö<C2BB>nj¡ÓRDó°R‘„Ô

secrets/passwords/services/git/initial-root-password.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 hKAFvQ NAloVz1/2nhA/Tylkqk1jaoZ04COtGsyugFtqUnJVyo
-Vw7Yz5w1WbogYerquzHMuwnZRRBWDa/4JEO0zo9OejQ
--> ssh-ed25519 s9rb8g T0kuaPtRyeer8T01X08FHMwbKxX87oKeJ2w5a/5AsDk
-qA8Oge3YtH6SJtW4GVgiBLQVqgXKx+ypOCieaG+DNyA
--> ssh-ed25519 +xxExQ gBLYbrHVhCyx7nvn+i69oi/iZW70wBcV8GoLPDF9yzU
-sUDuTRJh3MiTAJ/EVOpMQCZAPjuoFwTGxf91N1T1CBs
---- pJVcCOIbaPm712oDRpEYQ5zNVODSPhOezU12H2o4yN0
-Â	•
i¾—»»b5Êœ]äÓZy%±;݆B<E280A0>7±Ë—Øýxû_g¾¹òÒçfÂûtà ÇÊ€ƒ

secrets/passwords/services/git/jws.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 hKAFvQ fAdo4hmm+lE7cCnRA9cWu8ZQyVT0QFrM7OBDQOFHii8
-LkujzHJa5S9+wLmkN7H2gCqXBjLbi+ceXjYCmDjtptQ
--> ssh-ed25519 s9rb8g 2+ei83GJw5PDOxF7uAYeNzVX5QscOnJmuEt2QwsIuGE
-pXYPeFQ4yE1GA2sKl9xLqyEY9cZa/CcygUbbRUr0B/g
--> ssh-ed25519 +xxExQ Lf8GosHlvVuFmAvtr/Nwg5JcGMmH06qmZjSw7odsDS8
-BdCwcBUWwl8nn7BDGWOCIcy+sRPjNEmkHd4QvqwfXOM
---- Y55nps55U8/NQ+QK1E+o7YeufPJIQZ/k/d+/iLGulLE
-W×p¨c¾YgÖZë¿! Ë’ØÆ*ô~Ðî3g=£ëê<C3AB>6<æaŠ`ëÞ§äX¸aGÄ¿ùC¤ñ®PXÚ¬wQ”
™Q<E284A2><51>

secrets/passwords/services/git/mail-password.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 9+Fe5A dkY84Yi+0kp/3ZYCfaHb6eVNnGXE6hGTMCOjTEycO0k
+bV3X0xC7CAx04QkBDmC7ouUfOAZ73gTZ/Pf77dG9smU
+-> ssh-ed25519 s9rb8g oMFYhGP47mmRIfW4Ieke7ADL5UMd19FPW0K9v+gXWBI
+SXUuVBycL0tfcytmBJLEUnhx0k2PqGoybdQ4IY+g+GA
+-> ssh-ed25519 +xxExQ Qew5Y618JDQ9ezzVubYJzSalIXrcO7oEVRxlUjTxsUo
+mioVSgP2WG77+G7oCk4VZf0Yh2KkBXtKHrPllpMYDoI
+--- N77wrr24gTjK3UoPwMsYLn1h/DthwNGQkacfFW9+6L8
+]oÔìô ~²‡C«ãK΀§X¨C)q'´uä¹èëSäwƒ ”D•ÎûI…´(A¯¢ÙôŸ

secrets/passwords/services/git/otp.age

@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 hKAFvQ Uf5XlXE5rUYTeLkFAHQx2KVOPo+rzAfTzjbRDvkf+A4
-Eue2lFwmyhtePy8CtGu7s0/4fwsi9PriOl1sNV7ez1M
--> ssh-ed25519 s9rb8g gKOpmXpWPy0hIBE+cd6nt1RwS1f2/jRhrd7lTGrn7CY
-6v8PjWggChytw/NcWlLh8Bci33Tr5mnZOBVnf5FQGRA
--> ssh-ed25519 +xxExQ 12aXAHYDRK+eQLSBJPjTRGv7+7J+EjHbQYRK8iIoukw
-ap5SDT+JAezbXUd03V4IlGLQfEBLPmHTDwZZsxD3a7c
---- 8UQMy0zO2pYh3ZzqeT60sXMqlje9gIgIMj1SUfjLKG4
-â·jnKÉ‚ß‚• ½³v·Ûþ*rÐ7gÇKŒ+¬0
-‚’RJ(5ÁVk<>>LS¬³ëïꪃ
~¾}î¼<C3AE>*Ÿ~þh»f;U

secrets/passwords/services/git/secret.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 hKAFvQ s2suXggxzsl61J2fcnH94hdDpQCg0ZHZILxN5WyUWVs
-Qg9mTJIE7POh39BqiC7jPksn8ncGGD6kdXz0+7g/8ZM
--> ssh-ed25519 s9rb8g roGwJ+X5ftT83LFyMAM0VRY49Ga/5jVoPG9Fk5l+2zI
-BWqL0tsFhkf05cwvOJTUityCItOkRJhjxXDeVgG2Q3I
--> ssh-ed25519 +xxExQ oRCPfHlpFpKy4fRzm3zSrK48M5JJTAIbAzXqkO0MYWg
-nB/9TFZYesLAjsMJcAUGPG6ZVfiEaDswzvZrpkgphC0
---- mH7kNna5eUUagtFVyIjyTFj475KccUyqE/5JpMPLi+4
-ÿÄíõ»sñá׈”¸¦<C2B8>bKaž½C%™›¯BFö?wéZcit,¨
<01>çÃão¦a*ûþŸ>U‰”š<>Ì<EFBFBD>n½8®æGyúŠ<“

secrets/passwords/services/mail/git_at_chvp.be.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 hKAFvQ 0AplpK8Xy4o3zZ78sitPNAjYXkGgSqLMgoZdJFoHXVU
+86qq+2RzCUu+wFN1yw9puCtDAw8TquD+nVEgY+f4CaQ
+-> ssh-ed25519 s9rb8g pWvNGEZ2Ua/Msu4EfYWPWmB9VY/fWOdk9xRGR1m4yUE
+o9t6DntRQ0XkeDruhbZOExfMRDpxbbQlljZC0GZYuKg
+-> ssh-ed25519 +xxExQ RSVmRQkQg0nvVlNH1UqxEnSH7T7zh3QvKM3OEbBOTRo
+woRvGZQV7jhOgi354ZVwfHBtCbm1KZvJ7bnLRLmitzg
+--- ugu9uWM0HSoWlhsUdgA5Bzx0cTzvOsMXfu64pPAPXlE
+ë±(ÿ&Vò‰J÷Ï•®¹ò9žŸÔ˜*:—>LË kÒUï?e‡Óe‡¶ß"x<>žÓÍæÎy¬º»^®O‡¨°Qr#ûÃcvm±<6D>gîf[í©ûüqÍ…