From 075cd90fb7cc64b60e69e3e6b31804e9131c087b Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Tue, 22 Feb 2022 23:25:46 +0100
Subject: [PATCH] core01: rekey with MrF, add pve01 hypervisor monitoring

---
 krops.nix                                     |   4 +-
 machines/core-services-01/monitoring.nix      |  12 ++++-
 .../secrets/dexGiteaClientSecret.age          | Bin 1303 -> 1424 bytes
 .../core-services-01/secrets/droneKeyFile.age | Bin 1462 -> 1578 bytes
 .../secrets/keycloakDatabasePasswordFile.age  |  48 +++++++++---------
 .../secrets/oauth2ProxyKeyFile.age            | Bin 1328 -> 1492 bytes
 machines/core-services-01/secrets/secrets.nix |   2 +-
 7 files changed, 37 insertions(+), 29 deletions(-)
diff --git a/krops.nix b/krops.nix
index 351034b..24f6566 100644
--- a/krops.nix
+++ b/krops.nix
@@ -29,7 +29,7 @@ let
     inherit target;
   }; };
 in {}
-// mkDeploy "core-services-01" "root@core01.rz.ens.wtf"
+// mkDeploy "core-services-01" "root@10.1.1.20"
 // mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf"
-// mkDeploy "public-cof" "root@beta.rz.ens.wtf"
+// mkDeploy "public-cof" "root@minecraft.beta.rz.ens.wtf"
 // mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ]
diff --git a/machines/core-services-01/monitoring.nix b/machines/core-services-01/monitoring.nix
index b355179..6149d24 100644
--- a/machines/core-services-01/monitoring.nix
+++ b/machines/core-services-01/monitoring.nix
@@ -19,7 +19,7 @@ in
     text = ''
       [global]
       page cache size = 32
-      dbengine multihost disk space = 4096
+      dbengine multihost disk space = 8192
     '';
   };
 
@@ -28,12 +28,20 @@ in
     group = "netdata";
     mode = "0600";
     text = ''
+      # pve01 hypervisor
       [e245097d-bf52-4f66-9c10-984e8d5ee178]
         enabled = yes
-        default history = 5000
+        default history = 10000
         default memory mode = dbengine
         health enabled by default = auto
         allow from = 10.1.1.10
+      # public-cof server
+      [c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe]
+        enabled = yes
+        default history = 10000
+        default memory mode = dbengine
+        health enabled by default = auto
+        allow from = 10.1.1.21
     '';
   };
 
diff --git a/machines/core-services-01/secrets/dexGiteaClientSecret.age b/machines/core-services-01/secrets/dexGiteaClientSecret.age
index 41ffd354202ccee6cabafde5e5cd7027d76ef859..daef2a2a00c33743ebcd5b46b39b1205e074fc61 100644
GIT binary patch
literal 1424
zcmZY9JImw*6b4`ytkP{KR>QW#Y%;k_5*Cysll$a;nM^<-$z*b!+%ri=1#v;FE%YZ?
zSZJf$EP{>xfGxBU|An=mjm5X^ImH9-dpJQ7Z{jNImS)K6>UrHI;B5<RK3MgAx{1#)
zhHc4JDRk(`SY>OU98jg6>GR#|QwQ|nVpxacS&oNBi<{uotMPIryQ~Hd{F)G?hsA)3
z48Om*kfUZncpvMdr+Ey$RT$hjbu4kNA8YB3N<wPI;Hb}JcL#)(Ddc;ISy-66H(X|7
z4tz>@-m6O$a>U9lfOFv^%9`|Dib;yAoy#~h896F}N2-{EOS4mx?o`Y>37j5l$B~c@
z#!3<<%yMEuy(c0>;vrEbzIlju2P<u&WQw^xS@B|ZS_%|kmZlaxRpSsl3Bx6$6uTf<
z-{g4&I~H0?)fB6mMLQjn$69o=X)IX<Jbi>1E4uPCgp3MvRkg%n;>M;Gcid61E=x!+
zz-n1dfNQH5enTE+VU*B`D-NE!y;E^*o5?<C!yUiI`}LefO8-~`Z<7%jtD?uHJhm@z
zSwmT#S2sKoIT^a@4s*X8G<iI683vt)9#H_lv}negRCo?8GpBB%PFzh>0Wq`yJ7!I^
zxk%a^Yh?Lby>+oI%G2t$gD6xLQUMZs%sBB{ax3*K$Tlg|l(MAv-ae3a`hYk!0GeJK
z&`WpjbZmcB&phSU6|}YY+wG8w@VawzZeYnQ@88l0?3nS%3hlQAYW3_E=Q*|3mPr81
zeBH~J?BeA`Ivnp-X!xVoJan-~c5+M%hmH<0E@{J)Mq6mA@u{&-vT;9+X$%Qj*?GwS
zNp^j(D!L<cFn~bTTOVDnwR~m+Ptfy>NJxVZsyY(!Mzck25t<mPg-j+J3Z<K)<dQLb
zRVD`^G`Rvy(@A8DLVI~X)2fg4`u<8fs!DW?jD$p65us(2F%~SfqM#lmaYL4MSARXH
zH)wJapw_1pH0}f)ZFO|fFFb?$TxaQEhlYnKlMbz!BH>^j5Bi#{z};1XExtOG!{s*4
zc6tWnL7kw64IxaIE1ZWZ6iqS6xHL7oh49qI$p~~TSuQL=Mx@C($*klUN4$(mE(*aE
z2!qy|>3|7DXZBn2G!VO75MV**T4P}#ni%-w`5|#W;lN7Z#)L1Y6RAwwNu|b2&j9fV
z<8h3-b$^p6vc89kT%^W-ce{r+Nf!rwy!!BYBv3BCdUgk7S86>mFl!R#I`EurDbJ4a
zGh4#if|UmqZYg4>%!MtRCGq0K6OpkMSZ+O>2cMX8V7yh)EJQ9V8Hf`IRADzHdhcZu
zw;FH`=~kQX;=>o)P3vjbH-X`DGdoLhbW(uLX0zg>T6DLO<mz{gsm*+1nz`W?G*hk0
z*N0eVZX+0HdoL1!Kfc@wub=$z`iq}G{_V~6-8WCau3!FSzvw>u=kMP?|CLK~<n-+?
m=l7lE<$-+l3N1eQ>#OgcK6&x!GwLHjdgss8_dkBaz4tFf<<m_7

literal 1303
zcmZY6xy$4P00r<;HkBZYh>JvA5DcHmWG0yeJjl!>lgT-`k3!6yOs>f>IR@9p%0<w^
zMy#ytL{JcHl(n<jKVb#C?Zkh;&%)-je#MXXo|i;7Q5CfFxzFnA?Yd3iVFBE{2X<Y0
z({>)1x7Jor0J}`Nq@JbJZrKqbj=Ch~!e%}W>#~fS9CbN-*0VH3hn35Q6)TZ&b+M{V
z&0{=QhYNu04QVuuvPffAhTUC0oK-WS4c10AW$n<xB=(1E9k`t1;2fPUbrf=Xw$TPz
zPMX35q+G#A;poV$vJfInGex{spbql6`c%PDs9_A=9L3!!+lczQPR8bJIwgT9v&Z%5
z6azAmG5K{Y=SkHX{V+2&mhF5pYx(n$U&Pl1?4)7uND6eISs|EALmXo98dc2{?(M7v
zgvH=c>kU&DNgiBrWb7c>UoQlwz2!}AYEO(&pLn$u>E2QjJJmHpN0B8)*7<}&As`C-
z#N=uziV|kEgd)#5$n5yv+EIvN*n$KJ%*yr&XdW`ZRW4q&UrSBhul&g0lRKMV>#2B_
z$7xwBOGSmX#nk|6W!uKqWsN|`a(zCjk}hL)CTqqvX%7SM3>PIL7KVl;&RwmI^aDSF
zTy<#2k~C`0u2qHL@z$#9-Of6@4RjHuxfKcmPD0MT27rpos@vDerZI_1><D~-9P`R{
ztxXoTqWjW(*dnkeKpb*cgNIQG6!2>GP)1EcZ)xGdkEs<zTka-iC@n9^Zt0PMs*drp
zUD^nc-<~Mi9=zJIXTq%{zt}d#F{j05WaU_Mr#e7R(bxs-|GEW(zQGc3rlV2ndfH_=
zWUn@Xc*IB;a#5KR-~#DW&t2i=Xx0~s2E1b_Xeun?iM(cpw1Guw40S4tSANjNnLx&6
z$qN-zGREC*)`j2%1za;MceW$!qD#C)*@g=37rl^ER@FIBvT6jKDrn10nTh})iWCH2
z5@p4n2R_?f7GZeRXk^?F7oSbZ(Gm!EzCCp#-qi}WT{#LE65LD)#rCqVPvOA}vRLKu
zMC5k(>6l-NqQZ7p7D2MJHUft@UwT~-w%arqFakRb67S;{OuN}MA;nBMgO=<XlA7p$
zwc`Dcvzwcwjl3=bAGtmFh73wqUwyp+AHMbBL;W4V5=%~Cs?J=Wy39i<bPUttf@tni
z;tM+3n*M%&t%`0ynIJYxY8z%L0&`15)^iS~9l+FGoZGA_t}4PJn5K>4;%V8R>z0cQ
zh89oS?aDVdAcirX${DwDExO0jQ!{gWp&*r(ld~~kRy$|tw2)ABGJxN%(39hv&whPD
zdiMOaN6#Ps@!%!#={^6KufHXK`0^na-T!&>)#In%Lw|q%%8L(v{|o=@{N3`KFJAuW
T-lso3`SF84m#@AXd~*LE7tych

diff --git a/machines/core-services-01/secrets/droneKeyFile.age b/machines/core-services-01/secrets/droneKeyFile.age
index 00703c2e6c4f86e7d398c31242300078cdb21abd..2c12d704a2edfc6737dc35ad655b01c9961898f5 100644
GIT binary patch
literal 1578
zcmZY7>F?770LF2Rcfmvra`|S8!DIaFwYIA!$hx&%yYA?^ZtJ2Xz1DTzx~}Vb%ovZL
zi7~zrV~moBcpCwUAW8^o#1MsO03~Q53Tgxs&>-;&Ch8ks{QL_(Po8{L%bYV^-A}y0
z9=W%Td<zU=U~YA4GU?5k27+NQnHm)Rj3TDgfG_Z9((r2|gtuH_IP~Fuq;#R7P?qB)
zUkN>3>ZL8*(gDLnX{86b3Qh<Ob=E*sbE=dQuL!sGyfP+b4-fJs2_a~1zShHYmX=HL
zTE1BZNxtPJqY`Hp3+cXzwLGiS7ufPp5aN0@O+lUJ*olCsIYYUCChBF56AhW;G_8S_
zOmu99CCZhYZcnV#S`g8d_4!(Bn&kyCH6Rgt7{_1^ZBcN(*36k5-Nze&Tl9Q|@+}fY
zxop2Zs<a%yp_#m-DSDQ6BteQoi^pemDlul0dQ0hR(-EblK?x&Ugfd^#!v=*}DZMZy
z^J1+^H=-`dkW)h7O1%o2Hc+~jR~b1-2ANr1gXuaA6vm9e8T?Ehvylsvc5zhB@gm~E
zbO!2|%W%g~8*!c02DCU|1H(wv#T1J3xqKrS__PZr=`Iy%HHwqO9yImfTpF|5IX<$B
z&34$b08aCV<*sBWcpy+oscmPfoPvQ_wrW&Oe9#>8ZW&DMA~BWcYrfgwN>K{7qE@va
zDABB{q-$+T@Ar%vHbAq6!-|y#;-z8MRmqST<bXf~>$M3A2}L4_D-C8GXb>05St&*>
z*4AXYE|Q8A@R`B?v@F)LSt~_C!*XngktvHRueY)U8EcTw(wNq+8Px$1LnA$>V<O6M
zKq*7HIaZOYh*yw9SK=(Wfgljv$z?4LF2o(YA?qNbG;9A=;!o6+<G1pH2<Ws2nd5TF
z^fV^wX;sG_wQ&M*4Rcb@cT}QkgvIPo?&di{6|G^z%V<PWgp8Oeg%ehi0H)VsL0lM`
zToaW@J}ig&7@}$Pp8<|zPx_MUG8#MeE2si>3S^`pl%t6Qt?#(qDdP75438>I$?`Z<
z9ZxN@K#Zyu8{jgl4QsS8pe#^i+MqhldXer5^?_G)`(PS#1DwI}dJYFXwcmv7>7bBQ
zBv<Q{qcYbN##x61F;gaF+k+<|TJPkI1XqG4?P&p1!)hb9%7ZhonY94bNG7qWNC?6x
zQ;lh%6{^5@8Kb2$L}hHLM68c3Fd5<=nPd@Cu4DvW$1@%cX}n)IVW3;ET%1EHTCIsX
zHq;1FCqJ_OElEe_EZ<ZoX37Rr*8_-D4_&(7O9-F0b>A;^!YZoEC`%VA&cvE^qkb{(
zM!?+MTncoi6*p0J4~j9Z*zWnoZ2q4=Db!UgG+XX=C}!xAoguA>!1_DyKL5}G<VqlZ
z>gcUUK6~MbP5Y1E;q|_~{>6i<_iS1G_1u~10oZ1o<?5N><@X;Hmv8!X!J-X&x1IiZ
zMfV=(L*(YS-+lJfTYr=u{p92IA1$qmTTQjJ3cU!rWy=LSp8c)6vT&by<idj&U-IVZ
z?N7s(z5;#!#vbn+|J?Y2-qNS8Te$6~KK<Y;&tI#TUki?|TX*c8yP$pBR&F?^Z@z(E
z``z;=xo?QYd~U~~hnKA0{n*0Hp?ks2yRP2(!M+ozNAACT;ql!1bI+_J&kfpN?tN^-
z<2Sx4ul(xN_80!74_|TqWb^dyWy_vCw`=3p^YVM@=<_9O;~$T48!mWh|4qN&d~EHX
zD;8d+on2Ghu>iaM*Td(R_Rcnc-^i}r%Xb*h<&_(MSiA_o=E@W4myVF7>sB0C!~M0B
TQJAaNt<iq@qFr4TynfZ+UVkn*

literal 1462
zcmZY9TddOr90qU{lw?MU0W=zcp$O42*LH2!B_Ot4*UN5gPrG$H0_nPTYuC%x-FpJ~
zpeT9-(P-2VK{<gF(Rhg{8VLj+h>-*@fQf*Y69Z9EFly9jqP+Nm@BieN@5`6JTGykx
ztNEi=*Yw<bJii|6gQ4iX;ZCO!)oT!ffXT4U_;6VW8*U|$WC!Vr4ZD&9W`Q#5Na?Oq
zYPG9`(y7V;81Y(avC_~&6~2XIY$mTq(p+bdN(h+FkVc=5lxtlSCy7js#G5&1)QZSg
zYNZ~=WrZ*u&j77zI?-s$Qr5OPMU104D3@!&2Al^-)^{*cmsQ_w2%+RqPD4Eps3oX&
zvg8v=j4M?KnS{*RUAT-wiU4CM+Cz*6ex;`MB?763IZ7N^Sps1_j?l9X*i!-~A}Rz@
zYk8Sb0h5T1*foZDh8cu{h!vqyeb~WqIcQ6&*osupGEK-mvWE}LcAsdeE><^Mz1)>r
ztUnMmAzTl@RF0=bp-#nv%jbl_V}RK$w~&Sv8}%fol~XmT1P$;`C|z}s!q8)V096GG
zq9xBM7%pRjJl^XjV`h&@3k6fnqr>`@ny*W2W)RkWSEx3Ju*EV1F<ta)PMil!G!WD#
zs#-*es^?jm$?L)x9-?uW!NuB;m-<$gOC@{hCg?c>Hcxn-fYkwx?7%s@lJ&CxYZ60B
zCS4Ev#fqIy1i66-1X#m@$sx_~Sl+6QX-Nc4@CDE?%?4AT8ghs?7_x+6I1D=@u*uuG
zCPg*6Qb|LDN}H`j@StfI5S<8Y_P=a?M-4aq5}6f3wrds9{6KZ899R}o48z6-%`{XX
zwG<jhMwFtMJl^K3m>_6mS2SUw(;uU_X3<v%pdDjFSv6iwb4EkVm=+8uYPlGIWATDo
z$W)lLr2<gAoAb*JXh6yk)r3_tX}P(It64%4V-*PrDeagK4LOBN2=zjPj#N`@*09X@
z5XugDuf|EKWJ<(qy44rCSly5Ww9N+?UvNpu1#pEAxh9Qj1G?kmmMmIG)v31yIB!7_
zokJojiWOrenpaAF5oC-6O^mc+$3`)^;Pf+YpBWWHRLxF;lr&N+y_$)}dzmJwYb=OD
zr6L>fJSWP1ts*e}j^fpTA_ysXvF)=~rEU%55nfb7bWF`ydL{0r`kj*Dp}7{-xV(eQ
zA7ITIJ6iX3wWEizi52(v!a+Q<GNiFeSvGy7pmEJIS{k+RQC!qKE;9&4qtP&)j~P&a
zaJ6Q;66loU^l8~dc}+vLY)OgLi5k#rRvj5B;GykbeL&*gyv6UVJ+<Wd-xnPC@#3PZ
zC*N3k+}t|<%NcWBbe5ahJ+pD<7V2AJ`G!ya+_?Y9+Fj>gT{mZX>r!IZ=IalB?*#iE
zU;5sp_1oF;i8N%+-g)1$Is2!UonL+Jp;@P`dDWtCbWWdr_U-k+tPA-)3m+RDSbWvb
zmsTDBddY*pqccC$-rBKa^11QrjvbTt9$EeHyjRZbfANub(Ye4co71z0Kb4!~n{K<t
zJLmB9`u4^AwxhpBH@&|0g*(nQqJO!YPq9-UE}9CrPJEZjKJ?PM-Dl}L_kDWnrTGi?
zY}sviJ2yPNVeb6Hhd%#<zVyWVT>b%YRpjyMk1uSe(7hKe^W<mKH{CcB8^3$%@51Q7
zzJDe^n($9Pb8yScU)&X&&<`EiHk|?1yf%5miNo8Rqp1_CZ-4Wttxqo8yWpFRH?Jrz
HPo4P}!lMd8

diff --git a/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age b/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age
index 4a352ab..2007cba 100644
--- a/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age
+++ b/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age
@@ -1,26 +1,26 @@
 age-encryption.org/v1
--> ssh-ed25519 lHr4YQ FHOLoe1idBzwzFB5v1UqrVIgIjmyVMqhC60F+7bsslY
-+4jeqlOONU712hstLOOU59dHgx48CB3+Z4xn1faH8Q0
--> ssh-ed25519 Wu8JLQ hqwTH7IVS1GTep9tNy6vrUUVtPcVXBxDnJj77S+l/Ek
-gmnQhE5wnxQgEhyE18RKKemMQr4ewtRkQRt0bJo8O7Y
--> ssh-ed25519 cvTB5g bw+GZVk23ok4lgUF86PqTkZOM7BPNY7foMYYMZSEemU
-6BAoCmLYb1oJwPPW3X2AaS3ZOttSxAykOeKIJM/03+k
--> ssh-ed25519 /vwQcQ Kqg5WdWhAuxCxMgWPpXWk77utvbIbBdcZXNSOF+a938
-4361sLVjBWOoWqTl7sIktNiulSU4gHnD2Q5gjDkZ2po
--> ssh-ed25519 reTIKw abLB9hwppWQhlkAHx3AiFgePvigajethU03CjTu6SUg
-sueQMp1LPmF4h1EPsyGrSDH6RoXVXoWm1i3OISZlyPw
--> ssh-ed25519 85WiGg T6amGqzBiF7BLhnhPrz8BCu/NDikWBDnRv+UL2Y8mXs
-xghk5e+D3O4rX4FT4TNu/bowSj7HCn3Wi4E6F7pseiw
+-> ssh-ed25519 lHr4YQ S/Kuy8PdLoLLRDvlDDyuDaGXGb0RMBJKo9XyHK2I0Bg
+VFjemRE9hOc/fEol+2OAjM6d/5QLPeeo0ytdgcwa8Zs
+-> ssh-ed25519 h6AgbA ParmcGdbVHdvihrEuV+nLBLDnTwKR+zoxc/O0LdrUhA
+L1kL6sr4ak1DTTaui9k6tpPJ1p86bKAoOcPwCJu7vr0
+-> ssh-ed25519 Wu8JLQ hTPuIn+IogmX6U16p3EQ/9C/L+X7dZaQaBrEAdq4twM
+QhnuGbpuqpFFujNlXSDUDMEGHK875Sr5hHX/q2ShkhU
+-> ssh-ed25519 cvTB5g P8av9KTsR9ccIRPz0TABQF3EfeO+cyn+Od+shxeatEk
+GnExLTBOicvRs7neFPL/GLxE6hqpdqNV8P4nWRbMjKU
+-> ssh-ed25519 /vwQcQ WE0fxso39H7ZyYwJ8eNnmrLgf0xL5AdpHZ1mrvbiPyQ
+y4GjFZuYtiGg6cY8ZTOKHbYjjFJoFI5W4IF7np/OB/8
+-> ssh-ed25519 reTIKw LxM4ihcAb5u6rKqtrOUZ7/4XXoMVbf/HHhby/i9Xbn4
+O8KkO/99T2lBttsADSTJE/18ljFrUjrJWhK7peehei8
+-> ssh-ed25519 85WiGg +GtCSdOR7TTwu+zTvwOoRhOE0iLwB7JuFaZkP8cP+Fk
+0GCjcBgOPeynvAUDmEioWPJMhZWGchKKukGGXHCBEUU
 -> ssh-rsa krWCLQ
-KDsZM/5myCVtb7RL9Mo1F2WUKzBPhwillBvrIONZKH0dh3mCMjeVfyYTto1NxKxp
-GsvYltgLbDggo3ittwQedB9s/JXL5z0+f3DroKVJzw82ti6w3SMpvKiCR2x+5DjH
-D4Wzt/CQFujxAMOghKQGlFuCM6nVkpmL9ucgUPEp7ApbNWuc4patJgLpvkE0yj7X
-Q4ScTPg86Oh5RFf4Qwa3QhG7IdnIoSSJxK+rK5qZb2vPST9zc2OKZKQXOh2h6hBy
-tEAhRYBTu6oqprwYlEWL7dCsbBeHjLmBE6Zvovp51PizZhzub1jCh/fuka1VTFSq
-f1oWAdTS3Ow5gXWKoH5TkQ
--> +_u~Wjak-grease cU8 ?4 8Y(inxl+
-h+7nxip00iflkCYBX2HvbHYc0SjsLvn4WVYUPzhDGjyauwARfA5zCfuIbGnEcxzF
-FOWG9QQzr90JDCkonUjGTJ3N+ykLpiYCvLDJgXZB4MVEONyutwM
---- dZ6ca/xXQAOh82oeOyV/EkjTzK+oUj0YgzGTqyzJ8Rs
-a™éæOvF·âŒžú‘ÞñÃúÓÊ›
-¤¦ÄÃJF¾»ÈÐßjëjŒ+
\ No newline at end of file
+bSk43qTcHFgrS7AeXTzUbx5FO/1YrLuRlm58lcXpTTKcRMZWKmFbPTVNdIvkT4xt
+B6HW0OqV/Ks1pbeJUCPRdLwYHYULEC4quRGlgeToXoUQ8zCvcPT6uikpK0Hzne7e
+WI5MLdS3vvAPljlSSaPN8gb3yiPgA2IPrHjqIsMNkotGFjUQ/oIyJ8YcDsSfGE2T
+Z8+TOj4ZNxPda2hX7mL2x2dJmmQW5FkOVtSpSyvwpkOqPOi6b5vZaWu/GtXzGEhD
+SD6SALiqmWkCHb8n588XDqKj8Lj/741R24f8IM8qW9cBz4QClh3Bnrl4gendsUCp
+PkQPjniidi/aF6sHhfrSNg
+-> |#4-grease y%'e^I RB nBNinf \dob
+L2HkuH7S3KtuQN9AWLBL99nJPxVw
+--- +QOdyAz8FR0RecYvvkzxv2IzJ9yt89/xePALK3l7sjs
+¥&,ÙN—pJî~êÆ…ßÂ˜*,Ø†5:i W}Žÿm"„Q¦-FJm
\ No newline at end of file
diff --git a/machines/core-services-01/secrets/oauth2ProxyKeyFile.age b/machines/core-services-01/secrets/oauth2ProxyKeyFile.age
index eb729b2e73acd38c84e188d8175df2a70cdea4dd..a62c1af71b7bdad19991f49ff4102777092cf4b4 100644
GIT binary patch
literal 1492
zcmZA1&Fk9)0LF1d9kYs?A}T1X3?0MLrAd=CRZx<&Nt&c>k|yad0g=2XZIkAuNt)nL
z7{0JwC%Xv4De4r2;n1t6F`Z-R1R3hYfyxjM+d&XKI0P@hzu<HD@;rv;w4KOGt9TQv
zqa*9o0}8Owe!iJye%rAj1OfZa6_di6*mS#Fo{_527F`RtoE1n#B&~QJ50)hhZ8u$G
z>lEY3Vx)L@L*gKl7j)1r2g7Y*is0DYKze^mGx2sN4|2Ka;9k6nsJh&(`6%w0c+(Xs
zgfCFt(un?cP&v#*&K-%9i-JU_6`3xXn!*q}^nI+M*5hS_1_s&k%E8XkAZx!j;$?e2
zCK5#}v@jI~Gay<RwA`)DbByK1CNYbUxHHcSjLZXuMRA+Y34WSw00;;<(9K$P=xN3p
zU3!fWn7Bm3*H$GPHl~=tU^X6ghoQyHEi3j^pp-bynN3ks+^t!KOdwv97P>>BwZU?h
z;%J;B%5vHx!yTi`(lX@;GCrA&CW0;IINlhnX@!e(T^75jKZc2(la!`Q)7-cfZ!>MP
z<`HEvbX0rL*{uOZDOzHa!`OaeDhomIb4`Z<D5drJ4osP7XRhO98BzkhqsV=2Q8p&%
zO4ikZx|LmBo*AAo4Pe_;>uR-Hl=K|8J1A{B>S`@%yS3DjM_k!#^&$jy!@Aa{OFZ2$
z9o_LEv}RUAU^TBnFR9j~J{*sw0p1v*fX&mYkyezOxUJqGEIH5L(BVc==y*&~rJ-Bh
zX~6>4ZVf}`0qr#nh6pl$;mqW`0Ax+Ibg{;H5*sjrsWEQfUbF&l94(g-++fO3SdS95
zs{vgYuU)JUas7y9LEneCIqr8yH6PF_=S;KzwKOxD%XCiiVgrXp%#Z+A65uf9bPO7{
z5EYuPglwO7F?^sG)3|2Btx6)WDj-9hkLuX6>k+pa!^zZX6k663Y??*TfVR8r3|jh?
zg{(;nm<+WXLju^TI84LXaWbPSO`XIHlByaw${BxD&f$g`@UuejIcKr47W9(UX~ztq
z3h&CfKSN?imlVQ>icaRXgoU}v6h4jfcqVCh296?IZ-4-irnw0dE*1E?59H(o43gGr
zzEx<1191sf{B)<60Z9UZ*+^*lD?gL#a)Hd(&P-4nX{yyhZwMAxB%oR*^if1uOsE8@
zSdEi(y9C5_77kYu1><Q~5L&J@rFa*I5k3@S-fz^90Ejv#_6P%?B%2yctC9ZSN}ioO
zv-Lu~?WK;9In7xUHII0q)7*eZ+Akblp$(P|5Kf?aTBm2T&Xz;S$x2rpEgH85hNL9g
zg7k55+JQlGS}a|a0?DG}WlhI3-Mn)$?RHb*#BMYbxAttYR*B)pgXMI{cRTC#RE{eh
z-;oj7n%=23A2#;Z7v4udVI@Vn;orUqJaFhN^0UR!Z@%^Pna5B5^_hPwes}cT{$EbL
za_quCM{Zrc>$?jR@nmxMLI0j>$;+?5(~CYN`<HK=hk&aGzx?#IOIN-)l%L=pJpI*2
zx58IR;_r*?U$q|}`}*U33;D_A^1e5?NB5rl^WqODUOamK(tE-6W7N?-`>&n8-oF2X
zv!7$o<mkn>zrA_pz~OsOpL*gC_A-9)`vX7OFCE|WF!N2&k#8S-<Pvu7sCeb6<NJPl
H==XmC*O>kT

literal 1328
zcmZY5NvPZe0LF2(waOekD0)$Juqf#Gn#p96NhmF5wq&wRl9_B{L9@RkljS9uWD=n*
z=s`iD6{}DzqF9Rv)e3qN1Z|NPr4>C1q7@H%5EpQPTDOCj=lz2p-(Pp_4LdT^D#^V#
z+7qWPP=Jk%{mm@f+_0?<41-v6Nv2&*Xv#DOiixvS=Y+i`;kr}Cz;KomQ07aUV|OgB
z>C#@oj3*0?#b7as1%cBhsKw(hBIz|X8c-=sO=ENwXp)ZuP@-G)z}>DXE0kh{ro^PI
zm0(0CSawKtFoUXvV6lj@0+)~wE{A~OY_=EUL<i#rvl2uy4_KvdIK#P1Q6h*IRpg?w
zk*bud$c_TQDXGnz?sm;A=6%?0jxnB<N|{uv8D`dL+YZ<%!6@1&nwzT?A_tf-Bzq}J
z&7=mgsE4u{;#nY119V39L!a(U-BAJol&ow{yQtzBf}TfGxm^Q_QZR*PpQ2Z_#~XHg
z-iEN6VtZZ|P2|X%X}L*(j*v;g8V16&FEoY}m(dPe!my=n^#e}w!jeS-ehZ-NeiyJ%
zo{Ob%8Zqc(yO!GX30*e3$zaNIWM?8OhzJUK&ks{+%BV4lCF;7Z0!e2?cT0<{%0|c=
zJ==(LdKH3Ni7(dCSoH$IDtVc&5;057MU<$+tOoyA5``6yaGR@v1B7Bt;z5Vt{o2Qc
zmQ~>?lLH7dT|#VDrBzrkMn?@A^;}NWc`gjSp3xTyyzMQzi2;o&qr<P9<+xf_zF44u
zZw3E-OEbM0q{@I18Xj3;CLZ=UB_l~^Qw%{rs#%VXsh+guVzeE$C~@qjei^4TXjX_a
z;F>5rL0o!JjJrUibZY?MQgH^9g%0CL)DyUVS#N564UnChBp7LAiY4X3y{&1)!O2t`
zDw;T_T3f)nT233#bV8d^*D~})N*b-w2XM{giD`~OJwh!ay}L%B+z?`<ZPD5?A}|+^
z@XAGby`Mo5({PuDYtby0TOQ0W#d5tVEygRvWV_zdQPRAlW1O2RH3Wg2H;pyk>BxhT
zv3B9S5K4`1)Rdw-^A>@(ThWwNhJ2S`{SmnU6FwS^O^YeIVGU0}$Tkt8U(b7$Dv>oZ
zhd0y7Fk9-4e1=J~MMG-A`m@<6Fh)jP;{VnrdV{@>q#JH(>zUoC=6ZpMWVzKJ7jET%
z3dX5086b1xpYg^<6PCHeuyqIZ+mI!vR-JXTjB9HPd{V{WijF%yGj1=W!7OV$adG!=
zPrh~A=_5D1f6wu+@9d3F?!C-@bNs%S5-hj?p4jJq@-bB&8~qu5|H0b2esbvQHOd=5
zzIcFt`MMT*6J@maJb(YGOTyh(c3pV;!6RpHzU%RWJKe9|eU(s8e|Z@5&K-ka35iSZ
zoj-i^G;#0l*PmS+{CSsk^@U&l8sGQ;{o${#U4HCy=FO)LoOpD<`0efP&huy7AKv-n
wmWxLp+HvUQvFO4xXIj^ud-c1Ip8Mic<g<OPpKk5!xZ~8r%31XHr_W#c8_TfI1^@s6

diff --git a/machines/core-services-01/secrets/secrets.nix b/machines/core-services-01/secrets/secrets.nix
index 013b959..9fa8644 100644
--- a/machines/core-services-01/secrets/secrets.nix
+++ b/machines/core-services-01/secrets/secrets.nix
@@ -2,7 +2,7 @@ let
   pkgs = import <nixpkgs> {};
   lib = pkgs.lib;
   readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys")));
-  superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd");
+  superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "mrf");
   core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";
   systems = [ core-services-01 ];
 in
