From aa154d1b1b61eef0e25716892b7ca7dd7a451f50 Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Mon, 25 Nov 2024 15:59:32 +0100
Subject: [PATCH] fix(web03/dj-apps): Use secret tokens
---
machines/web03/django-apps/annuaire.nix | 11 +++++--
machines/web03/django-apps/bocal.nix | 11 +++++--
machines/web03/django-apps/gestiojeux.nix | 11 +++++--
machines/web03/django-apps/wikiens.nix | 15 ++++++---
.../web03/secrets/dj_annuaire-secret_key_file | Bin 0 -> 1537 bytes
.../web03/secrets/dj_bocal-secret_key_file | 30 ++++++++++++++++++
.../secrets/dj_gestiojeux-secret_key_file | 30 ++++++++++++++++++
.../web03/secrets/dj_wikiens-secret_key_file | Bin 0 -> 1507 bytes
machines/web03/secrets/secrets.nix | 8 +++++
machines/web03/secrets/webhook-annuaire_token | 29 +++++++++++++++++
machines/web03/secrets/webhook-bocal_token | 29 +++++++++++++++++
.../web03/secrets/webhook-gestiojeux_token | 29 +++++++++++++++++
machines/web03/secrets/webhook-wikiens_token | Bin 0 -> 1507 bytes
13 files changed, 189 insertions(+), 14 deletions(-)
create mode 100644 machines/web03/secrets/dj_annuaire-secret_key_file
create mode 100644 machines/web03/secrets/dj_bocal-secret_key_file
create mode 100644 machines/web03/secrets/dj_gestiojeux-secret_key_file
create mode 100644 machines/web03/secrets/dj_wikiens-secret_key_file
create mode 100644 machines/web03/secrets/webhook-annuaire_token
create mode 100644 machines/web03/secrets/webhook-bocal_token
create mode 100644 machines/web03/secrets/webhook-gestiojeux_token
create mode 100644 machines/web03/secrets/webhook-wikiens_token
diff --git a/machines/web03/django-apps/annuaire.nix b/machines/web03/django-apps/annuaire.nix
index 16709b8..8c97a92 100644
--- a/machines/web03/django-apps/annuaire.nix
+++ b/machines/web03/django-apps/annuaire.nix
@@ -1,4 +1,9 @@
-{ pkgs, sources, ... }:
+{
+ pkgs,
+ sources,
+ config,
+ ...
+}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
@@ -15,7 +20,7 @@ in
forceSSL = true;
};
- webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM";
+ webHookSecret = config.age.secrets."webhook-annuaire_token".path;
python = pkgs.python3.override {
packageOverrides = _: _: { inherit (nix-pkgs) authens loadcredential; };
@@ -30,7 +35,7 @@ in
];
credentials = {
- SECRET_KEY = builtins.toFile "insecure-key" "insecure-key";
+ SECRET_KEY = config.age.secrets."dj_annuaire-secret_key_file".path;
};
environment = {
diff --git a/machines/web03/django-apps/bocal.nix b/machines/web03/django-apps/bocal.nix
index 36816be..09f2892 100644
--- a/machines/web03/django-apps/bocal.nix
+++ b/machines/web03/django-apps/bocal.nix
@@ -1,4 +1,9 @@
-{ pkgs, sources, ... }:
+{
+ pkgs,
+ sources,
+ config,
+ ...
+}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
@@ -15,7 +20,7 @@ in
forceSSL = true;
};
- webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM";
+ webHookSecret = config.age.secrets."webhook-bocal_token".path;
python = pkgs.python3.override {
packageOverrides = _: _: { inherit (nix-pkgs) django-cas-ng django-solo loadcredential; };
@@ -32,7 +37,7 @@ in
];
credentials = {
- SECRET_KEY = builtins.toFile "insecure-key" "insecure-key";
+ SECRET_KEY = config.age.secrets."dj_bocal-secret_key_file".path;
};
environment = {
diff --git a/machines/web03/django-apps/gestiojeux.nix b/machines/web03/django-apps/gestiojeux.nix
index e7aedf1..78260e4 100644
--- a/machines/web03/django-apps/gestiojeux.nix
+++ b/machines/web03/django-apps/gestiojeux.nix
@@ -1,4 +1,9 @@
-{ pkgs, sources, ... }:
+{
+ pkgs,
+ sources,
+ config,
+ ...
+}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
@@ -15,7 +20,7 @@ in
forceSSL = true;
};
- webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM";
+ webHookSecret = config.age.secrets."webhook-gestiojeux_token".path;
application = {
type = "wsgi";
@@ -54,7 +59,7 @@ in
mediaDirectory = "source/public/media";
credentials = {
- SECRET_KEY = builtins.toFile "insecure-key" "insecure-key";
+ SECRET_KEY = config.age.secrets."dj_gestiojeux-secret_key_file".path;
};
environment = {
diff --git a/machines/web03/django-apps/wikiens.nix b/machines/web03/django-apps/wikiens.nix
index a8ab49d..5ed0543 100644
--- a/machines/web03/django-apps/wikiens.nix
+++ b/machines/web03/django-apps/wikiens.nix
@@ -1,4 +1,9 @@
-{ pkgs, sources, ... }:
+{
+ pkgs,
+ sources,
+ config,
+ ...
+}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
@@ -8,14 +13,14 @@ in
services.django-apps.sites.wikiens = {
source = "https://git.dgnum.eu/DGNum/wiki-eleves";
branch = "main";
- domain = "wiki.webapps.dgnum.eu";
+ domain = "wiki.eleves.ens.fr";
nginx = {
enableACME = true;
forceSSL = true;
};
- webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM";
+ webHookSecret = config.age.secrets."webhook-wikiens_token".path;
python = pkgs.python3.override {
packageOverrides = _: _: {
@@ -40,11 +45,11 @@ in
++ ps.django-allauth.optional-dependencies.socialaccount;
credentials = {
- SECRET_KEY = builtins.toFile "insecure-key" "insecure-key";
+ SECRET_KEY = config.age.secrets."dj_wikiens-secret_key_file".path;
};
environment = {
- WIKIENS_ALLOWED_HOSTS = [ "wiki.webapps.dgnum.eu" ];
+ WIKIENS_ALLOWED_HOSTS = [ "wiki.eleves.ens.fr" ];
};
};
}
diff --git a/machines/web03/secrets/dj_annuaire-secret_key_file b/machines/web03/secrets/dj_annuaire-secret_key_file
new file mode 100644
index 0000000000000000000000000000000000000000..d32c2f095049b0cd37e2dd75b3d1535a625b1621
GIT binary patch
literal 1537
zcmZY8yXy1=0tIk8B@ZBo76XDTgul7p3WZE=ll$a0xnN<E$vu<IB$;HAWtVLQv9Yn-
zc3)uIwGgbVgsqlkSyU`U6cj7L&*E!7pWw&goD&z>Q`V)!dY!7id%GVBXhwjicX#7h
zK4oW=AP{C(%Rzo*cc9MA_0WTcev)yeTe2H|;r*@P*EJs}$UW=$rYpi3Ul*WP9+0PV
zD3$Ohw!pKskhd#LNuIjiHX@ik=u}Ncy*YdKMa^pMJ!9?ef-qc)>ey;h(}g~FAzTqT
zPH5P|_nGZlF-?~tHw)Q^fg9}Lx`1uxk{OqhVwPL#Wvz|7LoEhT>?#y#orh&UjepPv
zuu~yxM|g)o$4;)#fyH88EDX1fu!NE<P9yR*Cy+tr^Qs{?aREH2cOvxe#?)RoC$fss
ziVKU2*hJy6wnn86P8xo3F-B;fXB)<N*9<<VS%BD0OpIHgr;USz)m8zX`9&Z>ObO#e
zISzU`Q;AG%Z6Q85lhnrIL=*<EnwVmHC}RL%P#BeM(@~-wR&vQ0QBZD`u&)zu;vN5R
zLPKnY4`vzBjB!lNThvO{p{A)i<nO&^0JmneXAUnWSJ8Sz-0NAeSa~AT+X1CXeOxtn
z@K8mE(MqL#?w&3M|18p^B2v~u`UseZZF3LE)+t<)nftRngIb?+lTAy<Ml|8@g3~mn
zV)t{k=Ff&wfDCk@MM71K8liIph&9_*4FZ}D+$@SNQAQ4@C0=A3v6`y4GkES&-jdwP
zT7<0SOxH`@8w@$ZB7|@#wE&K;Ui^S`yX|-pHjvZx$RvO07Md3;wRX3ME@!Ba7>TAp
za(PtSgTB%};l)f#RaL%M)VOt#18JoIF{#U~ypOD5`P<%?jc&SXO)-bEnqR_55~t&Y
zB@53i!t-vQzXY}!>e)*~1DWJVER|3n_lkF?RaVMj?E%$`1x*`Cdday%p&G1ufFz==
zuMC_^$yIg7yhXD8W|8|fHBHx|SzX?H-G&r3Uc9I&(t|RJoe?b;5W!)+smodj%Ftm<
zp^}<{Y7He_AU5wB@6?nj3j@aXfa9~fG+vc2E6OLtI!eS*x`uoi<EOiaM~a&hWrvP0
zYKd3ZRk5Sokqf%z;#?E+s2{u%W^!y#y639~d+QX~Qapu2X3#+aoP>3gE8f3z?VxLz
zdx>mj;~&0_sC}>{8`h`MWYydu3}4hvmJ=Jxj?-|ASFa*jFYanhL$3>_lh)En;1+-L
zk|n!q*rN%^KnK)xvi-t&w6<f8c~{ZI!&xY@GKeHTSXZ>P*tB!?5Y4UMwfEnm{w&Q;
z#gN5gw)-n!ceDUC5$c?4Nk3<6N^i|<V;-MHt}n&&9>+b_>T^<6RVByBlq2K_!(hU^
zOtczjfKC^z*p?pKHz4b1kM4@DDW2;=HaSi7pwvYTtL&(wj34&*baf|UK7lbOQ6UIC
zJw5Hp)hea2TUL^xp^*;KlMt|Cj&>7SI^O<>;5b{x6&|TN@Y;{Be-Hof>5Vu4^Ahp*
z559f(!=I8rz4Asc_whGBE5E!2Dqp|z(I>{={tbNo&*iIE|0{m>>lfd>3?+Y2KK=g>
WEqnXyWB;Z1*zwDM{OgskzxoZqzxa3n
literal 0
HcmV?d00001
diff --git a/machines/web03/secrets/dj_bocal-secret_key_file b/machines/web03/secrets/dj_bocal-secret_key_file
new file mode 100644
index 0000000..4493ee5
--- /dev/null
+++ b/machines/web03/secrets/dj_bocal-secret_key_file
@@ -0,0 +1,30 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA HF+w4Kuk7Wo2s94SeNxAB3zFZhKNn1fPabJhUK/xGH0
+KY5tknNrICYq0HTfNRX760OPyWPJ8B4Sasq8BjN9a6k
+-> ssh-ed25519 QlRB9Q OGcCe/S1aIQckJGzt4Wz+DFebTZpNV+YCevnVOPDMXQ
+keDckjD4Vjhj3gmQnW0V8nJ1Soubkhb9WP28fsanhMA
+-> ssh-ed25519 r+nK/Q lO6xwuhfQ6gMlJzFBF5J9c2elEg1J3leAt5x1uTYGSk
+HQG0VQXvn72CIOqe6FRGrSX8TIa7sBB3cOZZQzXBl8w
+-> ssh-rsa krWCLQ
+pvF18GVS3dHr2jiss4sn00UqVVM2f/6BmkpYMgAVQ3FNpgnimQGsgCssuBo3Hjrc
+BTO4v2U6cQ28LTUsruWdPhRChT0zfGRtx1QIn0tPzy3XKUxjt2XkBeblxtLhCHmI
+muQ0yA15bP+aQfZn0dE1Eb4krw1unKWE4f82L/BQ5Y/i1P2rubhyBhBoQRb6atHv
+S2EWBafaNr3orbFl9FPMjhWW3WZX/zKJxlu0saN88I6ZU2967mdR4PogMpL9iqST
+atraraA1jG6mR9Ojloyrf8FG6wTlplDlZk8Sgtg88FD1iHMN1q0DQv1LwRoD3QUa
+ywIn9MABMufNXQ+jm/DQpw
+-> ssh-ed25519 /vwQcQ 83MxgOJhIBBGU6IRcTQPtxtyR4MapAxhdKT634w/em4
+scNxodN5j1HXOIPCB3glvc08Gb4wW9gmZ5gkWMCbm4E
+-> ssh-ed25519 0R97PA LBFUS7zx26+rjiWqVwQ4UBqRxr+3Sx+j+GGrRaBbz08
+fnFwvJz36SiKnEoJr+0+enNVcT7wduZUrYe7bWhyxfE
+-> ssh-ed25519 JGx7Ng iXjAn4Y7+yHASx4ZbIrvFffLzgX52DbQy9hIcTScHAs
+6AJZoV33mBryiCaquKTAkw8yB1NQs38QlG2p4LIcoMc
+-> ssh-ed25519 bUjjig 0cqMXUVHqhyYhygR7meIyWRr/c7H8ZGB5eO7tTHhRUk
+GYKKGB02ElJXpObmBJKF4Bvoswd3o83vvVYIHIpDprg
+-> ssh-ed25519 VQSaNw xHhzKnYeKxrN2MJz84v7Mjg3Nh69UJ6Q/eAyVAvC3V0
+/bvauGesQw9/tl4DhCNFY9Rq+qWv12O4TcqzdxTCWzk
+-> T:){{-grease NuQ <}vLGT%
+0JSFYPMWs6LXpWacfiHNdwqvs/eHecFwj6cg0eLZEQe96shxy8/WSUBMpgasKufB
+Nc4tpfiOVWVRGm4arhunwJ+1sgg37X35PWde89Qpg5g
+--- Y6N6GuCpRLdD25EWW+05qbUAadrT3z2Pzc5golCBHJw
+�N���3'8����@/�0,z�W�S����;���)�e�������
+qMj�όr��HB��R2����E2�H�+d�%����Җ�
\ No newline at end of file
diff --git a/machines/web03/secrets/dj_gestiojeux-secret_key_file b/machines/web03/secrets/dj_gestiojeux-secret_key_file
new file mode 100644
index 0000000..5ccdcce
--- /dev/null
+++ b/machines/web03/secrets/dj_gestiojeux-secret_key_file
@@ -0,0 +1,30 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA tuq63SvMOBnLOZNkIA5RenFt0DTg6bwCX4zJ8ISYRxc
+B1K+kEO/JC0t2EL+2od+UiVNlzBbpRg29lsp2L1DhHw
+-> ssh-ed25519 QlRB9Q r3M3DQi3xJiP+3nTpwm+2PQipnAaRyaWSH+mb0es6kE
+codqvk7AgptYBRyz2BFVH0FcQ7ebZGGdJ6PJmoWWXTk
+-> ssh-ed25519 r+nK/Q Ah4Oim/N0Tdkz1KPbQiHJQaqx614/jjlMqCxtYqjBy0
+aTrlmm3TbWN6pyDEHf9uGy9H9CyyChXGKL0RZr7U3W4
+-> ssh-rsa krWCLQ
+ZbbBqvj7L2XFfJBCQrn799m7FQDrFDg96Moev+Uab/U5caQoJIljMldkfD7VphEt
+56dyeJ7IdKdnwyt07213ua2gZ8Cmjyffi4b0mYhHkvRI5aSmfUtfiomXU0HkgZvK
+rk4+AVQYXTLZKlGaq5KkTt4i0ltwzjA9ECNirciqi5JmORkUD1T41xBKCSb+7N5b
+34Z/uka+oacxt7q27GnSonyFQIm7/owS4bTWV7vxoWLoOYTJcg4Oki/Op4gE9GkK
+1y4RDpdVsHcRZbi7ewB9UKbvMzH44TN5VJARUf0mFQ/OHUo5IJcm/glS898fSLu/
+mrjVT6XGAmPELB8uaVhSkg
+-> ssh-ed25519 /vwQcQ 2mD6dstuZmOkYlBajNevQkeCYAGWshp0h0F1TzdcJSY
+pzjxW+RZDSqPAHm+c5cMJZOdIfkwTmSLw2BktGh/kHk
+-> ssh-ed25519 0R97PA /vOiTSDwQVYTX+tFuJD0M8Enk+4b0ViZUnrZ/WhUKiI
+83r35uyZ/XELwTXZXzlU1yq+xzsNTUYNwK9aGGlOSAA
+-> ssh-ed25519 JGx7Ng V6Xnn5q1hSvWHjiWtWJAD7as5N2fdtWNKWi3JwhfYgQ
+aL3fX67spVrgguVtNNrfJ20fy3LRaDgMZldw5D1fKuE
+-> ssh-ed25519 bUjjig RdTpxQYpmEtG2Cn1EACf85/ZynfPbZhGfoSF+sfw1AA
+YovrKYRtwRPco3luRBVA0IA1qAq1jKxoS1UdoouhLGE
+-> ssh-ed25519 VQSaNw F4hYo2UaLzV8leVHx/oY9aIcZkZ9Fap5HiuTvZy+Hko
+Qwf9JDKqLXmIzId7gAtG5ERirfwZlQWCV6YiKgbexS4
+-> v>[->`-grease O {|u& 2o9 {w&!Ev
+jZPBNd6e20KQYli80kXK9D+qfmIVbOw9Y0aKXB3uvyNJPWDOoYTbzanjeXLuJdN+
+pB/fgMX7znIg+VP87n2qMR5jFVj/x4g4vNgKTUtglw
+--- j4kt4DFy3r3y6IMvNakNkmlkeb6iHYI5xAK8CZtbPD4
+EW���S�|p^�/� �?��Np%��eFU/>���0bcc�vr(����
+�.��V�dg���ADZ3"�� ��(�\5����q<
\ No newline at end of file
diff --git a/machines/web03/secrets/dj_wikiens-secret_key_file b/machines/web03/secrets/dj_wikiens-secret_key_file
new file mode 100644
index 0000000000000000000000000000000000000000..babdf8a3fd678248fff44b704521702f3a90a3ad
GIT binary patch
literal 1507
zcmZA1JE-Jz6b5iD4WgBu;*`p8O(w}?5(_1h$z<|=O&&8=c_)+S<e$l76icxXOLbuz
zZG|nYWQ8s4L_|v)o3+=KtppJ-!Zx=)#ShN+o#Q3ZO;iQ#)O1;0y;Zjf+%KS;cV+;j
zH&KW#mkVlk;@w!IXJp|UoMM?}(!*sd)}?H(+a)#*>b~05In~pdM=gX%as%jaunToA
zvm?Aqvxy%)Tb;XGT3;TEji>la#q>`ePlwvtx~u7hv8MDHjBkR~FpXBa>6JMHS7i~W
zfig#T=j%$?qsW9E6DNZ=#sHZEyUn(xggdCYCwRj?fK^AE@PKayIm^yC=l3L8lcosn
zYVEudVSTpq@_}oKP;mELaS}tTu&Q9SOw-Vi3YOYr2WwLDYj2`D1dCOdZajZHIokQ$
z@VPE^s6gS;wTnIOcst&ZI*<98Pe0RI;LY;ZVI&>0BY+q{&H03mRWWBSbh<|a3Esk>
zbQ^{s6v4k>cHl>(+!URc4o;SL=l%%Lt}b>m#9z8BZzg(Qq`RnNM0!Y7R>bEkb{sOr
z8YenGbk$@FD+-vq#<BDiqo$o%<Bq=;nh^5T7`T@x-tH5onA>Lx#jQ@Ef+0gs18K98
z$<Kp*Ts5A)i}RyFg?Lws33(-SbG_hmNYPyb^?4XXp<~r0v+(;Ui&{3NlBG3V{CtPY
zD~2*-Sy$X}Ymqqc9RwxeXjPu!<q6uFG<7CD=`eX`+YDe<>&`Nmw=x&zOVaky;Ka>K
zGt29PM`wB2ho=CQYYw)(>p?6mXn!Ic0a=A8f>ii<sKv{MVD)F)e%4#KAM`+<;cB4e
z24`9zISe&xi^tsXE}?Nu;q4@NqPV8HOdyV3IY0}b@0_ALA2mW<<r?q_i_SDJ*SLAA
z^cy&-ub^GSKJFuTHN>D+w^zdGDd=kfaUHsJzz|t#<Hzb8W}`zNU8-2M7h-{(mpNBM
ze5qz(*4_3@BGD2}i=#p(?%*O#)vCU4@rA!{GRzk<{H`W&<4Q?py|%iPDn7Z?IO1$S
zUyCw=hT0etp&TUF2w})85=6tq;E+rbkw#qUE-o-p(vJz4c-Bn7sZ|VV;;9fLoVJ5)
zTPE*nzI8ff$;>H@sGk5hUbD@(!c5%cGj5K=3nOFLZXpawQjRs3xLFM?des_fxlpu8
zl4FYO)rD|5qA7L79Y^PQT5z#T#%msYxU1Q^=_$i3-(sSC6l=Sw(?h_TU9BH|JM)6u
z#)RFD(49j{losZ0bEpbzrx8#6*2d6-cA&tO_CZRs>V}Li4ec7ck{*JkPRjr1_MzL~
zByHq@Xa;7~o9OiZ?Cpa2pfIoyYRV<GlpU!J_Pp(rqm`sZvEk`>8tKIZrs$dv?Y5r#
zKC@mcrwUXibFDW~-vdV8jv`cqr5R{xiLco3(f}L2eFHZ)v&CrkB_~lj8mjpek|q~$
zwQJQ}+aeoFL;Y&GM7AL<AUgE;jjy1upG5cH{o~x6o<6?!@-LtNd+$g5C+fj>uRp@R
zfBM3EUwnD<>ZdQxrQ!K+|NiK&KVN$Fxz|2<^dPwT^$GOZ!_Pnd{hyx~ul#oZ8|C2-
F{{c9m_$dGY
literal 0
HcmV?d00001
diff --git a/machines/web03/secrets/secrets.nix b/machines/web03/secrets/secrets.nix
index 77b8726..a689416 100644
--- a/machines/web03/secrets/secrets.nix
+++ b/machines/web03/secrets/secrets.nix
@@ -1,6 +1,14 @@
(import ../../../keys).mkSecrets [ "web03" ] [
# List of secrets for web03
+ "dj_annuaire-secret_key_file"
+ "dj_bocal-secret_key_file"
+ "dj_gestiojeux-secret_key_file"
"dj_interludes-email_host_password_file"
"dj_interludes-secret_key_file"
+ "dj_wikiens-secret_key_file"
+ "webhook-annuaire_token"
+ "webhook-bocal_token"
+ "webhook-gestiojeux_token"
"webhook-interludes_token"
+ "webhook-wikiens_token"
]
diff --git a/machines/web03/secrets/webhook-annuaire_token b/machines/web03/secrets/webhook-annuaire_token
new file mode 100644
index 0000000..afb8d7d
--- /dev/null
+++ b/machines/web03/secrets/webhook-annuaire_token
@@ -0,0 +1,29 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA NovhLzllQnEbnI7bno+zDoSRFJyZMfVVYPQMReUIymw
+sefGtZ8fbYVqtKgMhrEj9AlwP70YM5MGkQ+o8Dmfb/Q
+-> ssh-ed25519 QlRB9Q 9mh3vQVo5tPorLYBVCcZUJOlcEftQKA94PxNhh+pDwg
+GXM67qitYqnxbFoHbsfa1lNNLIahPqshosIY7h0fDBA
+-> ssh-ed25519 r+nK/Q BOXck7k9AH+KvmoicI/fmGzWcna0nwnJ+uyteUjIukE
+Hyts1/6EAdruuBilhifl/HwPTWEBe+Kr1RL6SDjHaaM
+-> ssh-rsa krWCLQ
+1ROqUHCkbkEgRTQUha0cVJVAqLu0nvfKik9yI392sbEQYgmpuf7F0gzA97BXcoi3
+2BdZWu/cJ6m6bfMvXdZ04cUjRcNrnpPHsoqie3G9s9p6aa9XIrLO5K6kH7S6f5DZ
+pZdOqfSYldtJKRx7F8k0D/pscN5qB1Tb1x0CIULJVo7uKf9X1MnZwapOOCY2q40U
+Ip2aefr40h3EO7jBlswx2/fB8aqW95BR4JQzJZ/uiIsBUQDqvn39GU7R0JaLdAPB
+6kJXaJ3ORaDDtslcaAVZWLqFbOlINXYHr/mqYNTZMubE4BmNjvJL3aRozQQWraoJ
+q5rDvgwUXVhpGpcaNf4/xw
+-> ssh-ed25519 /vwQcQ FHYnfCad1imFiV5tRIfe9mtJ2ouiu2l19th2UD7j3gw
+Xu+Sk9GEQ9Wyf7iU790yxv80vLYHp2StArPkfRqfRhI
+-> ssh-ed25519 0R97PA etwCsiGmvzufJGMw8aDN+M931lPlE9fTUBQmk0X4DFk
+o6xJbfNjQ3Lko1MSJ9JBu6FefZ8267dZ+vL1Gpd1eH8
+-> ssh-ed25519 JGx7Ng h0XzejD/c5F2M7sWS4vTQL9OoRG73ACwlWCtK51Dcyo
+diMDy201IpwL6Ec+Zb4pH5f1yyMOMHT3jg6yriopCRU
+-> ssh-ed25519 bUjjig 2Oh5FhWfrbA9c5TisXuxasyYF41YOlNdurZR9QowETA
+706/MLiPT9+9xHZPZQYtvKm8zbN5qS/9XJ+TK15etIs
+-> ssh-ed25519 VQSaNw YbtnCoySon7jNBq7IFOl8UfxuJXRjzLrgXp238q4RRE
+10au0QwFP9ntPMU4u2bMl3KLYBIPy09xVoKNLxWvpw0
+-> Vu-grease !oqb p1-QmV
+i1WmaOmxmdAX/se60fnUL41n57c8tN1gnUjjBjSV7GkQGzhKnxTplJTUpifP9Js3
+8D+xe86sN2l2JQ5R9QFOAbsvSa5eXSo
+--- JE+yvBRH9Jz6Sdz46AzWuhVI0kXWObODKSiNWz5L9As
+_n�(I ��6��P�C�a\�U�=����@ ��?6��P[T���jk�0���r҅����-�(]/�a��
�8�=�i���
\ No newline at end of file
diff --git a/machines/web03/secrets/webhook-bocal_token b/machines/web03/secrets/webhook-bocal_token
new file mode 100644
index 0000000..0314664
--- /dev/null
+++ b/machines/web03/secrets/webhook-bocal_token
@@ -0,0 +1,29 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA Ju7YL9wvvYr9VPLmYtYTniyuj9JTVqe2V8eRLISkIH8
+EJjZPLOhspyyrx7a+fYlPPH+1pr93KzW7E2Ztkic0cY
+-> ssh-ed25519 QlRB9Q X+TAfiEk1d67rkz6CgIO66bBrahY39ZTnmj0cBGGrSo
+kBLFu6DnN7rIzP3mSlPEc+yBN+yU5toLeA069vuNW6g
+-> ssh-ed25519 r+nK/Q wcXXCuAS9bOp3GM6c0pU7sxpylFEHFPmnibQTEwJ1x4
+fR41b7fhZCzuNP1jst3vx3wUjIkBDsz54VzubwNX6+M
+-> ssh-rsa krWCLQ
+ySG+OgB3gMW/ijdWqlGr1LnkfqeFD53ChxkOUfAe4+Z1VsK0FkVaBmqvW38SFMw9
+S4dcOkO6Km8umsaZBZi2QaItm+p8Rf/j7+W2WZPoyoKE1l1KW1ic/wGOY7uqeucn
+YZRq7rWX+DaH2VLbkl12wUlVgYwJGcH6VrpRizbq2z0jcdTak6hgzcXo7WhcNAit
+DY8W8X5Zv34mpj1VO7n2LJs5V7gzfSLq+KVMIi++QphVv2VkFpvaOqlEP2neVXnV
+C3YNJTkVx+R6wANCao+9a5VHC261Bkm81dKgzceW2OCHkwOP6XTbDpj59sMRxRuU
+B7jrvre5S1WZN9jc16Dv/Q
+-> ssh-ed25519 /vwQcQ TW560PIrbJV3ZB55w+EvH2PEYOoYM93x3aaeeShYKE8
+LC6pydBK3yCq/Vs7MUoa0xjDSn3WjRaZuqwvhX24YJQ
+-> ssh-ed25519 0R97PA zyerO6EIwW90XVSBVP3Y/7Q8hK+7uPe6kKENGCdDJRw
+WEpgo8Y64YXnat1OJU5qtpecf+Zu2P2LmB7DEtmUuAU
+-> ssh-ed25519 JGx7Ng 7h4q8ztQ0BFJSfavV4l1pKjbNRZveOPIJG0KF98vh28
+mYcUEL4n2+bkjpvJylIvzXSxoa71YZKMSgN21ONnvko
+-> ssh-ed25519 bUjjig 9wKWtLWD+9LlAOO24iQiOdvpSDIWpL6Xo0Wt3QOLIQY
+Kq2QLFB7E5tiqZQlsn5pZRM52v8XqUyYsvwNHXZspRs
+-> ssh-ed25519 VQSaNw 3tJNtvi0WK9iAzx3Q7Q0Ogj1TGH0Zrm5v0ERhQILBVk
+4232/j+xnbhQpId7ZS6+xAQBDxtumeOp4c1HVeMRqB4
+-> Pug13&(-grease 'w0JG}JF .t`9lMF v)8}4qW
+yRriwE//abKvQgu962F7URbOAiHDFMipnsq22itGkLDvmwIRY6Bi83xOzx72EV4y
+27GNdxQOni+z8NPt0YTskqq4fHfZky/EMFUvXTfteB7izYxEliHLRKA
+--- JNvexaDwzwOIUCxanJRLunfhBh1/PE8ssFCytr8nPjo
+T�X�ނx�d�~KS?�I���C�e���3�J�� ���C��F6q�v~D�q���T��55�bj�f��5����"������p
\ No newline at end of file
diff --git a/machines/web03/secrets/webhook-gestiojeux_token b/machines/web03/secrets/webhook-gestiojeux_token
new file mode 100644
index 0000000..04b19d1
--- /dev/null
+++ b/machines/web03/secrets/webhook-gestiojeux_token
@@ -0,0 +1,29 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA dBBF9o4SBTHNv495PFZa6dszbs9nEARwg0EfOlfFwhc
+GkqX8sjLqFHGm4UA+zyVRB7FGGgAxilFYHarEQB0YAk
+-> ssh-ed25519 QlRB9Q DEu91DA+qho3Zs3gSQbWH/hOKUfgP5Qd90+9ZzYs1So
+aIw1ygo/e0tpqW2N27Fl8WRe362ronzqy52vSzD35Tc
+-> ssh-ed25519 r+nK/Q JUurf12UYuJKvKusUh/GOJryFbA8lWaS8v+/pRb0kys
+VsgsBSwjBXTD+tmP3jxCPVeDY7AHVFx5o57y+ubEjts
+-> ssh-rsa krWCLQ
+o08ZnFZIj37p5hpWgl8FXwPwHKjoBD7Z0UxMRsF4CUF0sLOpwVHD4L57hAA8a80S
+063e48OJ5OsrtueqqJwPT+wjXfmEarLUqC+rP0X+JDW8OLwSImBcYC5DQJZLUFSK
+doF8S8Bo0MbuB4eKnXUAJlhdZOk/iqYK8TYuuSIwWQxHwF/fT43hrYIkj6lmqdmG
+IqSXA04KpQFoL15INIAtsnj5xXJlI0gCPp0pxMNUmVyTTrNLfaEiKH191D+Elmjd
+xcdvMX1yzIPI/mI/+/OjeYspijY0XpRHLJ9ljfEK7E2N8IgpyzBx2BzxYhRHoQmi
+6SbZu9Tirw+yv5wv8oIaHA
+-> ssh-ed25519 /vwQcQ M6QID8DMaFMnF97UWwbSYJ7Sh0wvj/fq7cszu82/oHI
+T+aT4NCbVfGXnvPK7w8fbojAwDTE41h40q0tDwnGyhE
+-> ssh-ed25519 0R97PA XyZvyy80nv2tGe1fBzM0LeiIAGuyV22CzBoCPFMMrw8
+9VPiRV3GCWbH1So5LBrjBeRzEtErPM7BwOF/zaD/yGk
+-> ssh-ed25519 JGx7Ng OPlQBKO+Wub+PPMNPoRGWTeSZfGF3kYCD8HLbLbPR0k
+ZhBUT5ig0FnLCau+da9bfEkVjFxfZXG0mXW1o0yZ+JQ
+-> ssh-ed25519 bUjjig T5/dZtIRaXmNg8pajSAM76cVANM7MvQ7f32fz2fEqx0
++6kRffMJX+8QAOf5jA5acGihgw4q8yJda0EzVGePD+I
+-> ssh-ed25519 VQSaNw InflFPtAwYwQFWqd+KK+ILwMa0XTNkVB+xEMtUXW8Us
+XZ6LVMCpvq+QBo0EHAlnC8uBhQssixTLVCpul6ov4Dk
+-> YKmn+c&-grease EA5d$ ="1d }cP
+3u46NE2SdfO9ugNN/41PeU/65CRgmDiO54B9ZQLNRQtVyyLlcmvaYHCQach+s+Rs
+tE0Gc8MD23hPw5ZhWj0nq7xF8VHtRQSTLQ
+--- UkbfAVgnLkeg6Zdb3bsdPtx9Wh6HOjdB+qmTvrAWFuE
+5_E��/e)����C�7ڛ�Y�wP��Tá�t6>l_0:[�P��H5���j����P˸�=v��F��I�4���D쪘�p���
\ No newline at end of file
diff --git a/machines/web03/secrets/webhook-wikiens_token b/machines/web03/secrets/webhook-wikiens_token
new file mode 100644
index 0000000000000000000000000000000000000000..df57be96232365bb7c25810532e11e9f5215a2a2
GIT binary patch
literal 1507
zcmZY8xytMW7zSVuC_=8l!e!cH{7q)EBZ%2%vP_c6I!Qz%Gg&5kCYi~mjo4Xep*A*F
zM?_Gt)JjCL5IL3>iWVwfg?bQ9^Lqsk-}}B_kVH38b!?~RlGfGpb(=u_61aJB(RHVr
zC|qIKl3HY<8}I0akIxbjwvZ5XR|Bm<i9l_Ur~NLMU1>ujERq>!2X8CZ2K;_~s7n*x
z$d$xphZNrnyNhJ!lMpM0U?YAvxtF1`Rt$ez(+h*4^aWa=<s7Yd#dvI1l9|p#If{fH
z_L85LCFUpQyquF_pH>MFv&mj3a~^Z8(T?Oj*{zk`x`WrP)uRdO5_0O3>N4)4|7k5)
z$&kJXj{)q=s@S?iQXeuZK5)Y5iwGF+YVNdZt}5Y@t0~xL3b2+jvpj5_<t~d9B&O;s
zd_1OfcbPQ*pj;_faZX7bQ^8hzcw5^Ai@e>lTOBY~2mEMdc`+g-%B$^c;%Pd&HB+N3
zOrmjP(b3t-bPSX-2HUPNkbpfKS37E7cp*{(mEX>VL6wCkGFQO?I~K}4>R<{nKB5+R
zU5DjxXqr(ekvgiiw#c&<lNy2bnX}N>AOP~dQc8UZEq!TrVi%$NG!YCfGxRWM3*yY3
z{cEFR6(VmSb7LAdo8_kmQ@G^$JRn=Zqurpw6KCgL;kZI9tl-WRrtq7UNKtahES)y8
z55%!BcFj@E;;da!8~32D+sSNqege>06f+@&(=Eo-u{XBTOxW(MhAgM|tUWdsZpBiy
zQ3V>txdCy@fRfDFmOQ1n65Sc-NjZS>lWp#Xw4?2me2@n|JWTuHZlQkAkNRRg(B2U}
zYpti4LcX^)?PXF@mNQUK@$^$SpK7ntT7q>IpvLzOzB61kq6n$*(G$y0zDQ}RdZGIj
zZmzqn!7xTVVCZcPHYno3mna|(Qn6Uk$mw*j2FG_wY$5~sVBi`7xt%*h6Edlg4~u|&
zRL`|4(kybt32ETNWzRs|&YzahhTvvGu!`CfHP$HT+nTf)2{l<Pjf;X_QXRfVe#6^F
z=x!l%7wL5>w9vY%`SZ5qN&kH1bpUQl6j9uitvEE9TX5qzjvcO|F>i)YGr99&)l8#K
z32c5_JJ?y4CJW02Q&B*R01b1-E>wsvtQeJG$*wrRC7clKdWHf!$)*A3G<xUd6(2#D
zRx~-acg4n;dE9NGDIuvVG})c5*;-e_w>3vM19e!)Gjh62r){xu_p8eB2wt)(EAE91
z+XnvLmzQ-qPsA!@P{2q*8foH2-JXL)DPv=287QMln$fzwE)iF3o*`M`arD35UcK(g
zo1~3`E?USY{@Nuz0%OiBO%oyGaoGhsP8<`P()3xKaDFUGk+YC+cIA^dso2~T9vkx8
z)v#2ulO3|hRwe;Ay%Z#EBC;scS)M=*IwbM|4Z{Suxw%>7f*9l`m5}5-V4Az^5vWNi
zF6&CvjWbeDXDw+!OAc8S`1Ss0#>dcI<eOif`r@spAAjbD*I$0_-cR>_f8mwmn}2ES
zKOa8(#3O&-ed+7>{`lv~@4u>l{QS$0-htl#_WloVc%Odr_WkP7-~NQ({ot`re!g?(
GyMF;qbMjOG
literal 0
HcmV?d00001