From 87ce8e0d1cf84b5a2603dbb9117e4cb8e4c5934f Mon Sep 17 00:00:00 2001
From: Daniel Patterson <me@danielpatterson.dev>
Date: Sun, 19 Nov 2023 01:07:45 +0000
Subject: [PATCH] Migrate danflix to hetzner

---
 modules/dungflix/default.nix                  |  47 +++++++++---------
 modules/monitoring/default.nix                |  18 +++----
 modules/synapse/default.nix                   |  14 +++---
 secrets/danflix_env_file.age                  | Bin 0 -> 1005 bytes
 .../danflix_hetzner_storage_box_pub_key.age   | Bin 0 -> 1219 bytes
 .../danflix_storage_box_crypt_obscured_pw.age | Bin 0 -> 909 bytes
 secrets/danflix_storage_box_crypt_pw.age      |  18 +++++++
 secrets/dungflix_bucket_account_id.age        | Bin 1030 -> 0 bytes
 secrets/dungflix_bucket_account_key.age       |  20 --------
 .../dungflix_crypt_remote_obscured_pass.age   |  21 --------
 secrets/dungflix_crypt_remote_pass.age        |  19 -------
 secrets/secrets.nix                           |   4 ++
 12 files changed, 62 insertions(+), 99 deletions(-)
 create mode 100644 secrets/danflix_env_file.age
 create mode 100644 secrets/danflix_hetzner_storage_box_pub_key.age
 create mode 100644 secrets/danflix_storage_box_crypt_obscured_pw.age
 create mode 100644 secrets/danflix_storage_box_crypt_pw.age
 delete mode 100644 secrets/dungflix_bucket_account_id.age
 delete mode 100644 secrets/dungflix_bucket_account_key.age
 delete mode 100644 secrets/dungflix_crypt_remote_obscured_pass.age
 delete mode 100644 secrets/dungflix_crypt_remote_pass.age

diff --git a/modules/dungflix/default.nix b/modules/dungflix/default.nix
index 4e5b70f..90df021 100644
--- a/modules/dungflix/default.nix
+++ b/modules/dungflix/default.nix
@@ -3,21 +3,21 @@
   config,
   ...
 }: let
-  mountdir = "/var/media/dungflix";
+  mountdir = "/var/media/danflix";
 
   rclone_config = pkgs.writeText "" ''
-    [dungflix]
-    type = b2
+    [danflix-storage-box]
+    type = sftp
 
-    [dungflix-vault]
+    [danflix-crypto]
     type = crypt
-    remote = dungflix:dungflix-bucket
+    remote = danflix-storage-box:danflix
   '';
 in {
   age.secrets = {
-    dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age;
-    dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age;
-    dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age;
+    danflix_storage_box_crypt_obscured_pw.file = ../../secrets/danflix_storage_box_crypt_obscured_pw.age;
+    danflix_hetzner_storage_box_pub_key.file = ../../secrets/danflix_hetzner_storage_box_pub_key.age;
+    danflix_env_file.file = ../../secrets/danflix_env_file.age;
   };
 
   services = {
@@ -40,27 +40,27 @@ in {
     MemoryMax = "1G";
   };
 
-  systemd.services.dungflix-mount = {
-    description = "Mount the Backblaze B2 media store";
+  systemd.services.danflix-mount = {
+    description = "Mount the Hetzner Storage Box media store";
     wantedBy = ["multi-user.target"];
     path = [pkgs.fuse3];
     preStart = ''
       mkdir -p -m 777 ${mountdir}
     '';
+    environment = {
+      "RCLONE_SFTP_KEY_FILE" = config.age.secrets.danflix_hetzner_storage_box_pub_key.path;
+    };
     script = ''
-      export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path})
-      export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path})
-      export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path})
-      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount dungflix-vault: ${mountdir} \
-        --transfers 32 \
-        --vfs-cache-mode full \
-        --vfs-cache-max-age 336h \
-        --vfs-cache-max-size 120G \
-        --allow-other \
-        --no-modtime \
-        --rc \
-        --rc-no-auth \
-        -vv
+      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount danflix-crypto: ${mountdir} \
+         --vfs-cache-mode full \
+         --vfs-cache-max-age 336h \
+         --vfs-cache-max-size 60G \
+         --allow-other \
+         --no-modtime \
+         --rc \
+         --rc-addr=localhost:5573 \
+         --rc-no-auth \
+         -v
     '';
     postStart = ''
       sleep 5
@@ -71,6 +71,7 @@ in {
       fusermount -u ${mountdir}
     '';
     serviceConfig = {
+      EnvironmentFile = config.age.secrets.danflix_env_file.path;
       Restart = "on-failure";
     };
   };
diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix
index 86b7231..b61f594 100644
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@@ -29,15 +29,15 @@
           }
         ];
       }
-	  {
-		job_name = "caddy";
-		scrape_interval = "15s";
-		static_configs = [
-		  {
-			targets = ["localhost:2019"];
-		  }
-		];
-	  }
+      {
+        job_name = "caddy";
+        scrape_interval = "15s";
+        static_configs = [
+          {
+            targets = ["localhost:2019"];
+          }
+        ];
+      }
     ];
   };
 }
diff --git a/modules/synapse/default.nix b/modules/synapse/default.nix
index 3d75a07..f3319e5 100644
--- a/modules/synapse/default.nix
+++ b/modules/synapse/default.nix
@@ -29,13 +29,13 @@ in {
 
   services.matrix-synapse = {
     enable = true;
-	sliding-sync = {
-	  enable = true;
-	  environmentFile = config.age.secrets.sliding_sync_env_file.path;
-	  settings = {
-		SYNCV3_SERVER = "http://localhost:8008";
-	  };
-	};
+    sliding-sync = {
+      enable = true;
+      environmentFile = config.age.secrets.sliding_sync_env_file.path;
+      settings = {
+        SYNCV3_SERVER = "http://localhost:8008";
+      };
+    };
     settings = {
       enable_metrics = true;
       server_name = "broccoli.town";
diff --git a/secrets/danflix_env_file.age b/secrets/danflix_env_file.age
new file mode 100644
index 0000000000000000000000000000000000000000..cb2315fb0bbca98cdaac55fbaff1351afa25d85c
GIT binary patch
literal 1005
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnjf^Za3{>z92=FrX
zOioIvFfocMEXr~>w+QerG;z((u?+Mzb<T0m@+|Q1Ht<g~HsJEii!#kgE+{K;2{jBV
zbF=g;G4V3@4oxj~G0jK|@iBD`(RMQo@hq~)j6}E1sle1T(NQ6?s>sDRDk{g)#Yj8K
zAhM#kyu!o6GT5RbtRT;_qOhW%C{o+l$HY%R#F4Ag&D-B8J+r*Z*~`$_!>lCLyu>@X
z)X~t{*dn_!Jvb~sCDPH+#WS+F!UWy65Pg?|bVr4d921Mw!qT$b@-#!Eps*B^d@tYP
z2m^~k4}Wc6LznVAV>eR+Kkw3t@?@?M*YdEuf`BAP&#0^n&$Jx#B<~cDP$MV(lB%GT
zO#NaLef^BIv{Dy?DhqVm3VqXq+|m_-%EI#uoV@j&wH+fei_7$#Qha<u%Uq&d&5g57
zJafv7lOr;Mob$pW3<9~r(v$MtbE4cU-9w5zwOu@_9MdWcopS>NQw$=*f}PzAd^7yY
zohq{uivrPYOYx10@GDoy2rSPkH4dsU^>>aawg^uRsi=y|O)|(S&yMs6C{HifFAfeb
z4#>$%sWjjUD=aAwN=pw&t_(LYH_kTnEwA*?a!E?p_b^X!OercYu*lD<tcVDYj4DUB
z&D_AR#3)c9!o@K|-zz+_%s4I5)u`0S$GJ4U)YUyOGSJ+u*iXAKMBBGgJHOb_$S|EN
z%FHs$F*h~O*xk)3r7Yj4w7@LXGB45JJi^7qBtOH+AivzZA}!Z1#KIS3Tdk^wZhBE_
zVsWa1zCvwutx0B?LXK)dg^i^NSH8B1TcwAyTac5RyRmz*aay^#LAa?!VYq>xyKi2U
zetEffW=6WDaf)$Cn3+Ye1(&X_u0nWZZjf7IRE2S+woy^4ae8=VsFR1ESzd8&sefT|
zn!CAWc#unhrGBPSGM9yv(B`ib&8ElJ+?t$q{^EqweO{)^-W;x*b*8{?vV^wxjrCbu
zzrLR@p!P-b&Dtk+o-Q4WEDWu7HkYlPw)tP>|2WZl&#AoC&t^J(WcsQTXZd^TiHJ@9
z@&PZig7c>&UpN0DeXqshKEvW~^A)?#te5GNIJs9L`MO%PdSG~8Nm~`;Ch?+0l6@bw
zqnf7O&3%31|4i496TJ@XoY&iHFl|q7f8*o>)t}Bxb6FNy`rj+`qrBMb`b!h@-zhLn
R`f=7)_S9Lq^D~$I2LN38Wi0>z

literal 0
HcmV?d00001

diff --git a/secrets/danflix_hetzner_storage_box_pub_key.age b/secrets/danflix_hetzner_storage_box_pub_key.age
new file mode 100644
index 0000000000000000000000000000000000000000..30a71351611b90eab42ad972c7ca9ab6ae6e8d86
GIT binary patch
literal 1219
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnjf^Za3{;4$@(rxW
z&nyiMPxs2tPK?a;4fPC&Dk$;I4|ei*amg)At}@C<4>2q?a^&(#3@XSD&2TF4($+V%
z%q$O23N<zJ@HQ_B^K>aRDKQK%$f*nq3ib#z4n?=ksle1T(NV#;tT4;a$2i@k$}`h5
z*}pu~IXAf|)g-4P*|9J?DA?E4$vML#+0n$i(t<0hA}`D+E#EXFFSy7%KQk*ZEIYC&
zx6;M0(!wV@HMlS+GSb!0!>`ymvmD*F5Pg?|bVmgrzp9inOTS=)#KPd@G`}4Ew4hQS
zlc+-DfSk~Z2q#0|(r^n?%S`uR<3O&+h>Frg=c*(R|2*T02$u{$Ut|4{;?SzX!u+y|
z$ReZUY`^3TBd4^&L<4l&3VqXq+|m_N^OEx_3Ou}wv@4VSqH<iEEzHWo{lbI&f{cvy
zOPv!-eJxEQ4Yf<6a?`nTN|Kyhl1fUW$_k<~GgC6kEu1Y4^}}2$95c-g5}jSlU6PHm
z%u6dW!!bfK#WyO#uUx^is7k-UKOiI6!XU&s*U8_@$ih3gD$O(_*hxRpxWM1B%BaN5
zJIpOVH<Zh>DAmg)*v-GhJ=4+Lpft}tO}`|+qQuECz^_c((bS?i+pVfF%f-iBKO5a|
z<_3NxMu7@``F<&(`A$(qmSss^W+_GK25I_LfjK_D`9<3LNyR?S#%9HS#_q-uF2!6y
zRXOFUg{~ncDJ6v!Y2lVR+7W@4sbPtwc~wRRj@l+JrOD>$K~8D8mA)X`Ty@inQWJ|)
z6^v|E)s=h|G{X~%6jHpba(um<bQBV!Y`NTu3Oq|Pt3tVSb#)cO4NEKZ!~Ff6P4mOG
zlXF7+oZQP&(=)uoGeRm$GmHJI$^*@f&4XM@vhumaMGtI!uKJ~7s~*FSlh?D=+LyPf
z$sWABaChP!ts=E1b8+(>S5i&)-xSJ!%v1mE_l3rNiTC-nvv0Iy^R5vP?s8Y!r+Y~0
zfAGbq1b?pTNn0PBxV>=2k{g%gljKgNo^n`Qa>U_nv$DXEQtd4{Ha8dooy?y83g7k9
zztU3HwsXVsmx4!qO++H+tLJ20RW|X}-n)5|t@*ocKX#n(o5UjO<DAr8|I*leOGEMv
z#X#kj`5KjaC*@c#z16t*&h3L{hj4;v=LOFRW<knni{7mGrrvsO<}E|D)f$uc%y+co
z&RCIrD`_2%VZWAAtGexmt5HeYPc7KkG<WyWmo>ca*rngy?|bw5$HQ%bH4amab*HAC
zmKCw)Wn0;+Q+Z|HRP~%Ai~ZSIi$h}`IF;4TTgg?ky~Nqy)L;_R!3p9O=VTwgS$H8n
zJ}A^WAkXHARKberJZpn>pKZEt-S@{w%WpxHZ042p$xGkMhwihfJd?V7uf-Zi*5gwr
z&T|U%vT{mQF3$P6OiV&5UMA<oVJ9x9W4}MR2wR=*l+1WwENi#n(^<jd{|~S3+tAo(
i^8C`jr~`_#eILxP;=O)#D$B?7t+FhOR$g#p2mt`Nx64Za

literal 0
HcmV?d00001

diff --git a/secrets/danflix_storage_box_crypt_obscured_pw.age b/secrets/danflix_storage_box_crypt_obscured_pw.age
new file mode 100644
index 0000000000000000000000000000000000000000..2c7541b17b39b467e8f1ace48adf05addc39aac1
GIT binary patch
literal 909
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnjf^Za3{=STi!yNv
zOsgtSb}e)&D-JX<sPNA$ElxG|a8C<J$}`L~bPINJsxZ`!FyV48^(sxSC@={R(@#zG
zO-Tx`NDFlH%L`5nOe;wb)i(~UObdweb@I$`$ws%$sle1T(NRG^(jc|ey{Iy!G9{$I
zqS(baCCehqDZtdkJ1r@<Af>p%s3IxS%{4J3&w$IsG|<J+BFx3G#4jZ|EiA1hsUkB!
zDLg1S+aw}AC99~^G&n!Zy{g1N55u+)eV2lCM}@3F!yMBvukdnTuf+U<fb^tFXOFB9
zuau04^wRL;T(4ADOP?Hfe>by?P%aO55983XU?1PSstWDkBDd_Uf-t9iWA_SQH(%Eb
z-=eGtix5*|Fa1<US9HG>`lbiDr7NU`nz<xfR%Ql8lsKmw7i5$~rA8Y2R+R-hmIS+*
zMVk9LS7v1d8>Sef`*P){ntBD5MtV9Y<z@K=6h)R<=DHagrzYo_<(Y;WJNozr6{S^W
zXSjO!S)kjN;u{s=SFYe~;2P*;RGAtWZdjHRkXhj28(x{5<Z0@z?`rJp?BVR;l@yX+
zrfr#*<H%)_?Pg{Wk>?lX9gyT?T<&739~Pcb<m8rXW};tJSzr|6=$+)27;Nfk7Km<}
zxq)AaQJ_MkiD#Z;RY6crqJFwduzP55Vt8PLQ<P<jVU%G;NReSksGE;Pa#4w4MmCp$
zyO*iHQ-*J5P_ThlT7I^lg>g|*mSssure{c6L19EnVMVZ$r+!|MGdLtYt#ox${B_fd
zQWJ|)6^cWXv)pR!70P|HT~gJ#OpA;xO2dOP^PLPWv<(a^!t~3E94k{JQ}jIy!ZMxB
zOP!MoJoNpvU5txL-2#*I3!>73BmBLJ^1>ZmE7Q4jb#)c=y^M{@O`Wp5-104p@=`<d
zlEbt7D)o(Bw9|6JTmrnqEzAmhO7i`4Jkz-j%N>(u)h}1va=@40_x;UHoG%&FDwVXD
zm^5!`q$ZqYaoBrzN6@9soLzUzJb!cDRQ&vn<5Yj*rE4|kdCNcL-S`^5-DTh7A7@UM
QJ>k>NGty%#;MFq%0Gfy_^#A|>

literal 0
HcmV?d00001

diff --git a/secrets/danflix_storage_box_crypt_pw.age b/secrets/danflix_storage_box_crypt_pw.age
new file mode 100644
index 0000000..6d0ea6e
--- /dev/null
+++ b/secrets/danflix_storage_box_crypt_pw.age
@@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> ssh-ed25519 eYYv1Q olD4OIi8YC5KZN7rVfOcis+OOvmJI27FsXN19tEX5lk
+493ZDJgwYbzPsthtQtIzzHpVtj9ocje15w9wq5JtHSI
+-> ssh-ed25519 Bp5IaA FbriZLB/tTQflwwqgMrJUgcMibx6vG+UI841ZjiOmlM
+l/rutNoo4EnL6qr3wkMNGbDHcIC+CGZgfOcsoSoHCAE
+-> ssh-ed25519 T/DpgA M+PqxOvScPQU58bYwQqtQaLykzKW5fIibAfoKNDPUHM
+1l2ZBg3naogcGeQhzDgonuPEFA+zjL/tZBCMwa6rIDY
+-> ssh-ed25519 qMgRFg e3SJOsknOfqOdyqXvqTJ3+xo6ueWYSEyicj34+ufjDs
+oOGb2SzADeydEtCO5eDyYGxJG0ZCLseAwslR3E6LsUs
+-> ssh-ed25519 dMZXNw N/D2EAYhGZkwtiDDf+0Krb/pOVjG66PLLBdeSAWqo1k
+vs2fnH6CAcyvoDuPTmgjmMkUcIK9VHmQGfHOcpy71hU
+-> ssh-ed25519 70Nt2Q tr8TufTCMfU+8KtIdkFjyczVRiKUvFZ6rwGOPYUObVY
++akmkrm1+GIONvR3dR+Sj9d3Ajj+PqzYVn4SWWEKmo8
+-> *_-grease |uf+h
+NP9bxjUd03lJnmXKlH7wx0+1E2fQit01FsnXk8MtCzbSzf3DZUi5pHk0KAOUIpOE
+uu81CrNA4J7InBlX56qNDqGMuQ
+--- vE2U4+bAt/AmUZdwD05PYzzxeVl6IVGHjEOgNfqfAWI
+ü» ¥Èk1Kãq™ùí_•?¤±ž°•øTp8w1ê0<ìhjXæQ•úËÝÕ•®×bG›÷
\ No newline at end of file
diff --git a/secrets/dungflix_bucket_account_id.age b/secrets/dungflix_bucket_account_id.age
deleted file mode 100644
index 6e328111a8965cec67809c60f4d8d8803ff18ea8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1030
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnjf^Za3{=Q0HpwtE
z$_@4Mt4c~O_i|1S$PLIV_RlUdcP&h`@C_;q3H1x|ipn)}&gKemaZ4%JHq6WP@h>nb
z4+{=<^Yu0I&CB=6Ese;}$W3$2Og1gftPJ!s%SX4(sle1T(NV!Cy(Gn?yd<a~Ffk|8
zHAOqk%rw2yEIB*FFUmW&(Ad*EHOD*0JgU6P*_SJ%AlT2$z%M;CB_gmW$+tp3FVQf-
z&CD+&EwD5-Ey|@NJ<HJC*U%`iAQauU5Pg?|bVr4v;E24;q(Wy)<BSlKoFuafce7xp
zvWlWYUvJOy^kDDu6f@6^)IbmIU{|h?kUSq}@9-RhR97R<LhT4MkMJx{M`JU$aQCFj
z@{%Oitnh#`Cqqxed<%5j3VqXq+|m_1Of5Yu^SoV4i;6vx-6OPpD&51AjeIJq+ye^?
zecaq!^ebG0jeNYaoszk-oTCCgD#JbV3kow0!^$hO0-~xiiVHIQ^^GG8J$*_%y<7}K
zoU#o(%N@~eOYx10@GDnH^7BnfGtF`hs`7F%i*U_za&vRfNp&>y_Am@6tju-Ii!#h8
z@bWUv3iahO^h`?k$aN{R@OMu$@z1jGb2fL)cMEsV_w`E5iu4U~EOsjnEYr_QEOAA*
z&ArOQJ)&G8$l1`+w>U7Qv^X-|EW=UTqcT6lyec!pEud06u+qoVIm5`aBq`rB)7X=%
z$jHOJ+$<-<(l^4g#5K(<-_XRu!^^^@G|ej|G_Ncx(A^--%RD?c%PAY(Hgf~N5~Dx`
z!_s`$aJRgi@cewUyz&Ci2>%jCKW8WNu*xcLv+{t<qKZ5N?JOT}?TApWoOGweOl>oF
zm%_rph^T_JqLcu`$b!nMe7_tI;}j3GoQO~l-=qxB>@r`FZA#iEG08r<=|!oD#i<I$
z`i{W{Ds{FB$_nmbj;6_6L6tck#$n+hh0gg-#wMPg`DRYZi6Qzasg8l^Rc`5)6;39Z
z7RE&d899}Ksa~c26@?i&5&B6{F4=`?zV3;+TyB=>A?}eO+4_}vX{ABhneN(oS&61z
zA?c2VrP<z*SzNlhx(XI~fkjb1i7tMXmOjpDZaEe{hCV(fuCAuOk?!Form0C$>BY_!
zUg=R@kz5z~7%ndIDhPeRuxatvi?4GpJXyZmV%a_0dq3}+uQ2OXZORDWnk07W9fPrQ
Uo572q;3;nuR-IY#g>4QO0DC-BU;qFB

diff --git a/secrets/dungflix_bucket_account_key.age b/secrets/dungflix_bucket_account_key.age
deleted file mode 100644
index 41e2412..0000000
--- a/secrets/dungflix_bucket_account_key.age
+++ /dev/null
@@ -1,20 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 eYYv1Q NfUs85CEft9jTh44fnAnN/PcdOQ2mdEByoNkyUCNrWQ
-MvA9BA3RoV2DRovXvlJzbY1E5lXdNSvkV82gtNCh6PA
--> ssh-ed25519 Bp5IaA lSrjQhwuY8ZiwVC82azl8rqN0/WasK4ZGRq9ohWDAVQ
-CPBY/Eq7MJ6Em+h6ro3HtfRqn9gn5BR3z//dA+SHjxw
--> ssh-ed25519 T/DpgA cv9z3Ihe/GydTPMSXXiNFxNFQwVYyZBDO1TVGCygoAo
-t4yCcPpM2Z7sqN55GbXUuLE0hvD7jXU1dCqOHcDT400
--> ssh-ed25519 qMgRFg jAcoxq4wyu8rYQGrt/rKUFSwp0Hz4QL4asEuJdA6nl0
-K+bqqoheMofX+iwcZYCE4Y558m/kzqUHyieaDQ8jJgw
--> ssh-ed25519 dMZXNw imeVQpYX9guxDPulzYYeHedYxZsmTngy+jgpQulRo1Y
-kpYgC6nzrhZsXkYHAl1273fwZ345towB1K84riX+Y+Q
--> ssh-ed25519 GzHGXw fgC690PsBF/lgRF9zwZqhvRkrK9Pm65tcZUWKzxookE
-haaWg3MNhKl1+CodRS+4MzwRVsKgVaox/Kf2YnmBNVY
--> ssh-ed25519 70Nt2Q 46a4VTEFv80jOpVl/54J3sJhBUS4G1XqrAoPReb3gjs
-ihr26HDZ40F6WJEqJmQgkjAUnnrz0Tc0ck26yLW0wOY
--> @c_kw-grease Au)%'xOy C/ A$Rd
-X7eu3QrQyKDn
---- pqgV/pzN+qsLtrbL2382/1056D925Ko5y5Oe3vwWmoc
-’—þh¬3±|¹¬¿wzb÷¹Iì0/Ù:U•.m(/<æxÏPã¿¾ÜoçÀ÷U0ö\
-´'p;
\ No newline at end of file
diff --git a/secrets/dungflix_crypt_remote_obscured_pass.age b/secrets/dungflix_crypt_remote_obscured_pass.age
deleted file mode 100644
index 3cd5f75..0000000
--- a/secrets/dungflix_crypt_remote_obscured_pass.age
+++ /dev/null
@@ -1,21 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 eYYv1Q IGdoQqDAFgxgWVlqEpZJvG9gE2KCKoXpMmvburw8Fhk
-66QE8kwl63xnvYj7nwmT6qR6Jj8fCfrzf/iAB7U+AU4
--> ssh-ed25519 Bp5IaA n3lgDi3bCV0t/TOjqdsNTRxnAlCs0GxoPPjpnaeIrzQ
-Ip98hCbmz4W8+NY85DWv/nHHmLANfwo0rNaI2N6N0kQ
--> ssh-ed25519 T/DpgA VGDYHrof8rh7WTZ3DOrTIVcfyKkVbLJTL8bDDSfS4C8
-3o3A3jfTL8L0dbpv9Xe3Oy93U3XkkjhRX0tqQtSZDtw
--> ssh-ed25519 qMgRFg Jchcic5fvRBviRtbdUyMl76Ea0aGW/7tRWkTt2habAg
-91DpFYKWqA4rawbzkEEkLNRay352vkuU0srVBwYFkco
--> ssh-ed25519 dMZXNw Sa+BZdY+YLrlQkX7G7VSF/k6oVAVo17zSgXbq1OiqR8
-xu894gtzqTFNDyvzwtejNw3WkMnVQLcpIaVF0CgVODI
--> ssh-ed25519 GzHGXw 2WNPWILkiCseWMN5GHpfNs9T566GV6dUxqse+YVXTSA
-W1MT/CHcZKefKb+7UK8PWwDP0cDCOU1JKpiXTk0vY10
--> ssh-ed25519 70Nt2Q QnL9dyxLSG64ncFRCoLOEWtBI1y0qRDj0a0TESW4bXY
-kHHQA72guLb7YYbU7/CTawylq1uNzcgNRwpS2z2WzeA
--> hg3-grease
-O2O1JT79k6zrpiuexN5i/1eP5cTzjOPjHS3BCvprA/JxSxUNrV+a1RFFmLb6OTad
-8cR0wG66tw6xaYQLvxWiKCzh2AqXkQ
---- tkk6rwRnFGtrrl6Z0kDoqS/NPV4hFhlKvwJ52zGuy+U
-B§]$Soõ­e(kV8caèÑáLGñ¸(»È—F°åÚÍYômÉ’h¨ÿ1ÏÄ³yúöÅÝLžÉÑ©zJ!gDþ{n•U
-ÒN0ª
\ No newline at end of file
diff --git a/secrets/dungflix_crypt_remote_pass.age b/secrets/dungflix_crypt_remote_pass.age
deleted file mode 100644
index bdb1132..0000000
--- a/secrets/dungflix_crypt_remote_pass.age
+++ /dev/null
@@ -1,19 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 eYYv1Q HzNRL7zq6Lrum/2tHKjacsv1Y0LlXmgOZNWLXAk2lWg
-no6sDeinVG3TPu3UVOEDauVrHqmJGzMgHB6Dr6UNrDE
--> ssh-ed25519 Bp5IaA 9UvpQHut2BFiXIkR+q1A/Ik4AYvwghddk9Fi5+rw4mM
-Zs/ggJfYh/epVFRiJEnvICceCnlZBifeGLRDI/Eosj0
--> ssh-ed25519 T/DpgA k40Cb32UbfjsApxi0ccO4u8xP12uWpTot02BSCUvP08
-LfXJLsRtNklus14Pg3TsDt9MMbRi9SrH7uvefK9Hxso
--> ssh-ed25519 qMgRFg iS9incss6tduf58gxdA8R5dqnwpXFy9PB8ZwNVWbvyc
-e4KTD8Z4fUeaLAiqKGQXi/AIkyjlYEUNraHSB+TFhiM
--> ssh-ed25519 dMZXNw DKMC+uCWkUEOF2fFL6o41UuggAzcWHwM5TwYzw+5sjQ
-zu/YdI+pzudPH7azRqwmDvf81m48EZYK9c3UcVPTaVI
--> ssh-ed25519 GzHGXw OX7ylQzBuyzErkhOpiUrBPhlGx/TrAgK5KuI6yEo4EY
-DxeylfaVBkDEWxxRz3KCr5UZsREfqXwoAnC5tAdyFL4
--> ssh-ed25519 70Nt2Q pcGNeTUV7utxnH5a4H78YOvr8cpORGkQ7p8hh569zz4
-STlbScxYbWXV3B8T+2PSiLfGkjKudkXwkRG67ZHlwtE
--> s-grease
-FHLY7TFsme9Wd43MaAzpXiolSX0
---- b2uVM8dc8IXnmG4fb/DjApdEJ3yngTDN8d7J0mbYYYw
-B˜Ñ™Ÿú÷VªŒ´íEMÉ÷NãM»=Ý«Ù?]õA%¦ˆò¨5Ê2/èXv5`[
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4a4b4c7..bf2fbad 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -29,4 +29,8 @@ in {
   "sendmail_email_key_gitea.age".publicKeys = users ++ [system4];
   "gitea_actions_runner_token.age".publicKeys = users ++ [system4];
   "sliding_sync_env_file.age".publicKeys = users ++ [system4];
+  "danflix_hetzner_storage_box_pub_key.age".publicKeys = users ++ [system4];
+  "danflix_storage_box_crypt_pw.age".publicKeys = users ++ [system4];
+  "danflix_storage_box_crypt_obscured_pw.age".publicKeys = users ++ [system4];
+  "danflix_env_file.age".publicKeys = users ++ [system4];
 }