work in progress

first notes
2025-03-27 13:16:46 +01:00 · 2025-03-27 13:09:14 +01:00
28 changed files with 373 additions and 536 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -2,7 +2,6 @@ keys:
  - &nerf age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
  - &gonne age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
  - &daniel age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
  - &totallynotadolphin age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
  - &bragi age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
  - &lobon age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
@ -15,7 +14,6 @@ creation_rules:
        - *nerf
        - *gonne
        - *daniel
        - *totallynotadolphin
        - *nyarlathotep
  - path_regex: nixos/machines/bragi/.*
    key_groups:
@ -23,7 +21,6 @@ creation_rules:
        - *nerf
        - *gonne
        - *daniel
        - *totallynotadolphin
        - *bragi
  - path_regex: nixos/machines/lobon/.*
    key_groups:
@ -31,7 +28,6 @@ creation_rules:
        - *nerf
        - *gonne
        - *daniel
        - *totallynotadolphin
        - *lobon
  # this is the catchall clause if nothing above machtes. Encrypt to users but not
  # to machines
@ -40,4 +36,3 @@ creation_rules:
        - *nerf
        - *gonne
        - *daniel
        - *totallynotadolphin
--- a/doc/newAdmin.md
+++ b/doc/newAdmin.md
@ -0,0 +1,39 @@
 [TOC]
 # Required Software
 - ssh
 - git
 - sops
 - nix
 # ask Student Council
 self explenatory
 # get a key and transponder
 # inclusion into the Matrix Chat
 self explenatory
 # get added to the `root@mathebau.de` mail thing
 # get azatoth account
 - Example user `dennis`
 - `sudo adduser dennis --disabled-password` to create the user
 - `sudo usermod -a -G sudo dennis` to give admin priviledges to the user
 - SSH-Pubkey in `/home/dennis/.ssh/authorized_keys`
 - Set correct rights for `.ssh/` and `authorized_keys`
    - The following has worked
    - `chown -R dennis:dennis .ssh/`
    - `chmod 700 .ssh/`
    - `chmod 600 .ssh/authorized_keys`
 - You can connect now with `ssh dennis@fb04184.mathematik.tu-darmstadt.de`
 # get access to the pass on azatoth
 Right now there is one gpg key on azatoth that is secured with a password.
 You should get the password.
 # get access to the git repo
 - You need to get an account at [git.mathebau.de](https://git.mathebau.de).
 - You need to get added to the Server Minions
 # get your credentials placed in the git repo
--- a/flake.lock
+++ b/flake.lock
@ -373,11 +373,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1738453229,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
        "type": "github"
      },
      "original": {
@ -625,17 +625,14 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
+        "lastModified": 1738452942,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
        "type": "github"
      }
    },
    "nixpkgs_2": {
@ -698,11 +695,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1743827369,
+        "lastModified": 1740367490,
-        "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=",
+        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "42a1c966be226125b48c384171c44c651c236c22",
+        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
        "type": "github"
      },
      "original": {
@ -819,11 +816,11 @@
        "nixpkgs": []
      },
      "locked": {
-        "lastModified": 1742649964,
+        "lastModified": 1737465171,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
        "type": "github"
      },
      "original": {
@ -849,11 +846,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743910657,
+        "lastModified": 1739262228,
-        "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=",
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "523f58a4faff6c67f5f685bed33a7721e984c304",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
        "type": "github"
      },
      "original": {
--- a/nixos/machines/bragi/backupKey.secrets.yaml
+++ b/nixos/machines/bragi/backupKey.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYWRtOE4zSWdERXdCV1Z3
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESHBiWEdwNVA4UHh3K3JI
-            Q0JGajFZQ09VRityLzYrT3V3UkNXckwzMEVrClRITU1mUzQ1M2thay9waE5XVm1h
+            aXZIaDV6RER1YVU0Tjg5WEtoZGQ3ODNoM21VCldINWhTK1BDV3dQVDBFZ2pSQXcx
-            QlpWZEQ1RnNXdmZ3VWUzbTdPTFN5TlkKLS0tIDBHYmN5d2xFOVg3S2hUc1h1U3U3
+            ZDNEMVRJOVRURE1VRmltb3psRXJvYVkKLS0tIHdzRXFWa1cxcm9QRkFtNlRhclRW
-            SWVDUGdvMm5EL2FyVnFYbmE3TUFJOVEKOvDPkHCmg4N5edpnTwebbPBJZZaNM30W
+            SW9Dd00za2h6RGFBS2JQYzUreW9PelkKH/vpD5kFkUEXjP30GlgcDYq8DLf84Qkp
-            /J1LA9lTqYsRw2zwhR3SwZI12k5zXWE5RXa4dKXHHnvfFoQhsPwR4w==
+            Bz6YfniDXw7EFVFcyXlexxrmDmd/IUxYVZ//uNwkUpal/g2CKZDHPg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd1F5WG04aGlxUVdlWC8y
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOd2NiNW9aZWMzem1lK2NE
-            RDl3dDlyM0RlVWlpWk1KR054MDNCaFU2TlJnCkRQcVhnZG9aS1YzUjVaVk1lNFhD
+            THVkSkcrNVdORHhpRWk3VFZ2aHBKRitTZWdFCmVrYys1aFZJSFBacStVa3NQdTFJ
-            RmpCZWJPU051QzA1bGNRWk5Ka2lIMW8KLS0tIGZ6MVpWcmY1NmVqd21jOENSUE1k
+            d0pYUENuSjYzVDlKdHMyci9NMEFNMWMKLS0tIGRTem0xdmhEbzh0dGtOdW1aT0lD
-            TjZ0T055Qll0UDVLYnBsa2g1bUVSK0kKRYGKOmxPMFiM/PhzKRu2PwCJUXR0x1+y
+            aVFZVFZCNHpqY3VTOWdHNGN1MWZTRkUKYuPEc0sl65pQGVg1UiFDvJwQdf//XkDU
-            cNa/7xJiUkamL6Uy8hfsUQBT1r8+KBR2J5FXx20G+QRxrAHuYlD30Q==
+            qb90DQtC1j71l8wscu7ZuuxzNoK0yUGvI8x6LJ5JLo7ljsIy0pTElA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM1JtektNbk4yd1Mwa2RS
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdFMzUXZ0RTAwR1BsbFRs
-            VXdoSEovMEJKN3krL2J5dStCaUJ0QVlsZEUwCnhHbWw4N0dOL29WN2tOVkY5cFVC
+            c1R4bmxlM2xQeEErYUJTazZYSmphc3pjTEJJCng2czR1eDJNUEdPd3J4dVFwSVdF
-            blpsbVRsSENUSHYwbW5YTzRoc0tITXcKLS0tIFpZZzNEZW4rQUh1N01TNlhYRHdV
+            b3JkKzgxSk5sbXJZRE5FU3NDRC9OeGMKLS0tIEZ4bXU3L1RNTFlzWHVSL0EvQ2d3
-            K0FaalVQMEFOeG9pRm43bzlDQXFiR2MK7GVdlzDcWWH+yIDTyQzBSlraY77HvpNz
+            UE0zVFFpMEEvaHhaYmlRcWlHVXl3dUUKr31P1ovm1MLGQGWCshLJpug0jsxyRqb+
-            BauVM/f9QSFhsMC+Enx4kFq+b4iGXiJXPglfAD7t0pQovtwwMDbHNg==
+            4Y4apn0eutpYfBw3zKP+2huTdMLHk/RkSHJUBs5UxgfOY18StdjIcg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpS0VINzU3VmVKVW9lallB
            dFdMRzE5bnlNTG1qaE9mMGhzTC8xTW1vSVQ4ClR5VlRldU9oY255c3pTOStvUldH
            bGxjTW9JcXJ1YS94OXpDQ3ZwM2VLbWsKLS0tIDRoQmJzTWxScnhwUldBdWp2TlJt
            Q0lXdXRaaW9NcGFSYU9neGxLaE9LYTQK4rHpTOCuUhokrshoPA9XvBrqI0jzl9YX
            Kc1zMju0Y86RFSgE/RK9Hx2l7pKboI2BqacwNCy8AC3grdcTLz22yg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnY1BuWUdUYTBoUGpMN0Uy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZk9LVmY0SlBpMWttcitK
-            S2VjUmNZRWtldEdVSWFjVEM5dUhUMS9lSkE0CkxjT0NlVlhOdG1NdnpSYmtIYU5Y
+            L3djYzlCTENvVXFrZTV5MGd4TWF0WUZkWVQwCjVJLzJsdWVmeFBtd2x4RGw0SmV3
-            clFPeXFxWWRmeTB2UGY3MXZjUVVIQTgKLS0tIDBHNmVHSWVpQzg4YVliaHN0dHVX
+            clc5d3FtRFk0VWlqbk5CMXFCSllKbHMKLS0tIGRwVEJwUzBMeGFwUnNBVFRJQjIw
-            QStVb0tWRUtSSDRqOVgvQmNPTzVIdkEKcl0AByrV+94EZ8ppxhO4xQoYe9mD19V0
+            UFhDYVF2ZHhldFRtUFJEZlBLTG5zS2sK9vvB+5PPSytzN/wNTxzXwYfXxQPEYFeq
-            zDx7Thq7Hr6OPnU/nSpJTwxRJnSKr1w4dGDN00v3v3KwBekI6H49XQ==
+            IAzVWchShU6uTMMZeO88qmkZjz1kYIdjPHqny3g/ZqsW18NCtLYqfg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-03-21T16:38:08Z"
    mac: ENC[AES256_GCM,data:kEVWd988Ia6T8v3w0slQhM0lh78VhnP8qJNa6IZg0NF2B0JQbFRnQNbUfvG9Rf4mkAR/O9PD+r6HR+b3LCwzb/Ok/eD4/M3+oPaEx/JnoHrzF/1N29VEAvBHjQgw6DL05toqu5G03UDcDUFGc111AeRsexhONQRHJx3zqWyWGy4=,iv:T5Pkhl3vhSAIoKkC3r3VQn3tC4t04WxvAZDQ4PMvD84=,tag:h0/aB91SFr5q0Or5daxWUQ==,type:str]
--- a/nixos/machines/ghatanothoa/configuration.nix
+++ b/nixos/machines/ghatanothoa/configuration.nix
@ -4,6 +4,7 @@
    ../../modules/jitsi.nix
    ../../roles
    ../../roles/vm.nix
    ../../modules/vmNetwork.nix
  ];
  services.mathebau-jitsi = {
@ -13,5 +14,6 @@
  # System configuration here
  networking.hostName = "ghatanothoa";
  vmNetwork.ipv4 = "192.168.0.25";
  system.stateVersion = "23.11";
 }
--- a/nixos/machines/lobon/allowlistPass.secrets.yaml
+++ b/nixos/machines/lobon/allowlistPass.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTU9oYXNXQXMwRmlMVk1V
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQTRPaXNNUWlwU0hTdHA4
-            UUlvZi9PY0RhU3JFREhmZkJ1UWRIUXdkakZvCkZ3YTNrbElHalRKRDlqbjFBZHJK
+            RTAycU12SFZXRGJqbTZVV1Rkd3NFQVJrWGtvCkNzc1FzemkxaGNzd0FjU3hPcWl6
-            QnBBMm14LzBtS0R0SGZMb2RuY0E1cG8KLS0tIFJuZzFZUTdLOFpYc3UzYUhYYTdT
+            U3J1V3Q5WVcwNVZ0ZTUxckY2Z0RBa2cKLS0tIHBHVzVGVHg5N1FyTFhOd3JPVEJy
-            TUlxS0c4QXp0QVF3M21sS09iTVBiLzgKY2PsrhMeS/OZ6YvRsjbSMLnVJJ7MyyqA
+            Kys4SjE2cGpVeGZDenFGN3VsQjZLUWMKThmZnM0wYLVh0xEsr8bqtgvo50sPn4rp
-            0boT6Nx539FxKQUd9uXSAsXIlkolKRvXEBi7jujg4wgxqYb8atXhKA==
+            vo4Cn+7osvABl4BJKKhcrLoxgIrz9NcdQLToOZHn7YfHRpAGH+VIAg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSnhSbURXakcza2lBVDBQ
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNUhhM1NlRDFoMHQzYVN0
-            amdJdVNOSlpTaEdvUXB6a3VuQnNaSTBGVHpjCmNtWllnL3MyS0JyVFVscWJrdFBr
+            MW9hcUZPQXc1YTJQeWRsL2pXYjBPSUZJQ25zCnNSREszRFo2cnFVd055WWlMR3A5
-            dUprRXc0L2lkRnMwTFhzYVJoMTRkcVEKLS0tIGVYTGcwejJVUi9FdHMvTUJyY3A2
+            NWdINkdKRnU0M3ZIeEtXSGY3UVZkUGMKLS0tIHpUeEc5Yk9sMkVucnlHeWtTaHdj
-            ekxiK2cvMHBESGhrZjU2RGVicnJVY1UK2FCXLTqHhgYZl0vCG1V246FAicBkg2CY
+            TVdZVDd1Q3UrS2JoNHR3RVhoZFB1VUkKmo0HHSwh1pzqoeKUtiDD5UAa44efv11c
-            Z8PKxVEOchBptR6y64EXoeUKFN+5jMoTj/+vUC7bJjNKlNrM9gnI2w==
+            9QymycpZ7e//69uKHlY+r19TIvBz6s6jTguFY6JhQ9VeqfIlFLuokg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRFJlRWRRa1h5UzJpR015
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvU0QvQy9jdmVRTzZzSnFI
-            akx6SlpVUEY2L2x5SzdteTN3T2ZxSDM3YVhVCmpDSDEyTkJON3d6Vzd3ODhRR2dk
+            NU1rQjRpWWV5WFUrMWZzV2huVGhIUU8ySG44CjllRUh3T3MzcmF6cjg5RjIxZHds
-            Rk1ROVBjdHNGUWVsR01HN3RNZEtPT3cKLS0tIEUwT0R3Q0tIKzlPSkkxYnloVXlV
+            QUc4b3krZi9CWjRjUENNUnZrNTdlN1kKLS0tIDNtRW9IZlVxVlk1THBNMzhtQmw2
-            dXBmNXJhbWZrL2hZV1JIV2dIWFBrTEUKfKy7+dfkl76D2LiOOKRCsUVsHT/4Te+J
+            TTExeG5hMnNOdHF1djlmM0xaM05XODAK2XnV+iluWnpC7snAEpGaYRADKbZbNlx2
-            SEb9rRE1BSS3E2+F6zlIhbfkklH24dXMcgAtkQ8wX+tNAnpTecASdg==
+            yIplp4Mj8nakS1OKMTK+FdwP/qmEs7e804AfPFtI9j/ljYKub4gKgQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aUFheWFyNk5MWVZzYXZR
            OEZkUVFQcS9SdEpZMU04ZWtqL2k4SWQrRlRJCkhxdUdmbUQ2UTJ4bEhjMTRoTXlO
            ZGJMZTN2TDh5cTJjZ05aMnh0RzJSczQKLS0tIFpMT0Iza0FVYi9NaytWN2NaZ2x0
            YWUydW1GRHZQdHE0eWhlc3Z1d3hUd0EK5UOePSGLZy9viOP4Opuq6r0S1n9U19IB
            Q68mv/8LvRXKPyqKBDJk9UgNo5L6tTHxYkrByXFV95SMBiTC0NrAXA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZndKQ2I4MldzeFVkL0Za
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUTFrbUh3M0JNTDQrQVlv
-            QlBnaGN1djJmQXRZN3F2bnlmQlFESXNaNmpFClJUL0x5RnJ2UlFoUlZNYlk0Smk4
+            cnRrQ3hsN1FkMkUycnNxZXQwYlg1YldWdERRCmZZYk1nQk5RT0orUXc4UzlIcWR3
-            emp1M1RUQmkwdWQ3Vzc1RVFzWnA0YjQKLS0tIFVNMXk3OWo1bmVhTGh2RmEwdys2
+            L0VJZHNRSW5VdDAwVU1GWE5FUm1DencKLS0tIFhaVklqSUZoNmRqZkV4YUJoTTZi
-            dlBBSzU2UWlQbWhIWDUxcERrSUpLdUkK9USI2NzWc6iTIzlUV9Dp5KktVpz50n2y
+            cEtEN1ZCZW11eFZrUGlQd254cHVIRXcKiYx1tsJ5Y6kuOZLMooV2lNXb83q9FCvr
-            3/AjjqMJXZK5BNVGxfyFVuLW33H+dlWFCZgeEuseF1dbYTeJgd2NxA==
+            sOm7rWsMjWb083QgbiWpkY1ndMA6bOODDVII5HEKypy6rp1IIytScQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-03-31T14:34:54Z"
    mac: ENC[AES256_GCM,data:sjWiO96NcFUT4L9mdBuQwt6Zl5cS16o73zes30SYJxzM1R3ZBIg9oOmhXxY9BC3yKjEb6bVuemj/bnnopSR/m3RPH7xfaYCBfz97Zgc4SGtoqLIra5OUCRpWnKSsD6Nf09Qss5Pbla9EIrI0kQt7fpf4iKLF7VJwrQryslnvfcM=,iv:ilnbLK6sttweEyqszVHxVnjbTq8jF5ZTO24OEIPMprE=,tag:3XgAlXMl/RIaUfkVwHJeBQ==,type:str]
--- a/nixos/machines/lobon/backupKey.secrets.yaml
+++ b/nixos/machines/lobon/backupKey.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdGtWbFBMbnp4QmFzTjRE
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TjF6RzNpTlVOMWlmU0pm
-            N0Y4MVhoRXU0bjB3N3MrVFgzdmNhbXNsYlJJCk5obUgxVFlkRHNXcDE2L3BjZnFS
+            YUJTZzNBMU9PMlFsZ2dyTCswR3FJRkwvb0c4CnlFc3lWeHpYRVl3ZlJYWEtVNnNj
-            ZTlIamtjS0h3OXhBTUF3dG1yeUZEa3MKLS0tIFM4cnUzd2U5R096YXlkVkVEQ3Jm
+            RE9RTWtmbHFvVGJ5QUkvUUNjU21zWmMKLS0tIFVJMnladmwreGJFYWkwZU5kd0RE
-            VnV5SDRmSm5wSHBkTnpkeE5sQzdWTzQKTYVpaggjlDIjwi/iKGyZlQL0LnuPGucG
+            L1REeU44a1dkbDYyMFJXSTRZaGpzRG8KtXgSQsLBYln5IvME2hL9ih8arLZBZS11
-            BfL32bECad27F/QWQi9Jvr/7DAH+Oxww95+qNL7GTByNGtnHNXPbLQ==
+            dKAXCO2HWxP4lOBOO4Mpzc/q4iyLzq/n7HLamrfyfT9HhjDtP39MGg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL0F1MnZyaHYrNFZ4RHdk
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQS080clRBemY4bnRhdm5o
-            MDdGaDkreUpzTURwdU1PRitLeDE2Tlk3VHdzCnpoV00ycGxPMVl6bmIrM2hwZjNh
+            dXpjVjI3YkpTdVZHbXpsenBweUtMT0lZTWxRCmNzbk5GVHdpd0V3V3JaWVYwZEFM
-            dzU5ZnJacTFBUEtURTBHRTRzNVc4TzQKLS0tIHBoM21PdWVFV3FQRXhHQnJyMmdK
+            SEdRV1hHRGRpNXh1TTdxZmR4VlpXRkkKLS0tIG83bSttTDJLa3NBRW9tMjRKR2FB
-            eXlYdHdJdlBFTjdHY2ZQc3dSUXFNeFEKXAIdZNGusMHSgNwzRD+grjTcVXIoRR53
+            WmJ0Ky95eC96a2pTQ3FjaTBKTVFhTEkKzW8WguQ2wO93DLETao6FDxaVRshz+aqZ
-            VT5WsLnfY3iFxMcfAMRonG95hafFRK/O3qCjwxr8+aOwXSvn5sq2kg==
+            7pQnbun/Q+Bu3GT7PX1zFKjNRem4pUI7wYzvhpAUwmrs78bc8TUH1A==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSjN2ckZ0b0QzSHM3d0NY
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxcUpQMmZDdVIzTmdNUnM3
-            VE9XMU1zMDN1R1g3VGRJenIrZmpZOVRpS3lNCnNreS9TcmZlMmx1VnM0YXFDamg0
+            ZVdaQlVkTmdjT1dBZ2ZPbUppRkg3WlFMYXpnClMrU01LOGFNTmRRMmsya0hmQ3VZ
-            Mk92YXFRSlFPSmdlNUYvN3Y3YTRHaGMKLS0tIFJoS21UckNMVnVNSFVjUElWK0tB
+            S1k3bGFSemZDYzZYUVlXUnFSYzVyejQKLS0tIGR0ZjFyWmF4MitNSlZZdk5lYjFH
-            ZFdaQjBNZTZJQWlVY0prUXB0UE1KQ0UKFEu9mgN+g/JZQNzyFGwfcmPMoBAtw4sB
+            STRvNTZ0RG5pNmdaNmcrZ3AwYkFjU2sKlynGN6YUeNQiyWWuspphLpgcZbC2Sqkj
-            aIS9IF/V6VzirGTDBfZwpAvSWCAosLhIMXzqc32ffIKoJstarI6r+g==
+            8E7tWHSWqIc6rmuRi9+xu83MDL4197wlidT0IIZm/tNO36u85fruXQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SDBWWktlT2lIamFyWW5z
            YW5lUjlzZFFPVlFYUDlVc3BCSUpqa1AzeWxBCkxsZlN0SFdJc1N6YlBheURLbFI5
            MkRudDQ1aEVtU2tsa1NqNWoxU205ZXcKLS0tIGJpT0VVb2FXOFpGZG1QdHFBalNs
            aFJzZkFqRWFZdnNKWUt4dkVKRHBmMHcK8ttinrMTIUDkw9boyeIecddjMR7rNZFL
            b8BFgRRj9AxacoimSx/zfyHCg88Ls+Jdj1W+wmpJBJKEoxZPVy/nlQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dEdJZURTS2ZoTkRKTVh2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNHNhUk5zdXlGS1huUjk1
-            bE05MG9PbU5nZFNTWkpCR0YzV1dQVGs3L0M0ClF6RERNaW9HcWFPNFU3ajN2elI4
+            UnUwb2VFOE9BaEp0ZHlpcDJ3M0JtdytFQmpnCkNKYmplSDRIejVoV05BdTE2Y2NG
-            OU1oL3ZuK3NXZUFlNW1vR3pIaHRxWm8KLS0tIHd1WCttVkJoWnhVa1JFRnk2T093
+            SXVJWFZ3b1hrVmwrUDgwanVHRDFxb00KLS0tIEtLMWZDQzl6aUFMcHlRUi84a3ps
-            SDhGU2NnTHlvQVJIclNGNjh3SGt0c0UKA8qAglvfcHGMSeaPnU7q4LD3ao4NbIl7
+            cWNaUEJJWFRQU05RcS80ZFN2YnlKUGMKdBvUcdULwbsoo/n2tgow+qDlWmJAJUqP
-            4q6UEWS7dREi7JtFvsW2wy5BdjnmG+kwRavKx3fVLslnDGXXF4RFYA==
+            wcPf1SiP0i15jza2+MU1MzAfv58uwfvAiA2kdHawLXtqv9nZD0qeag==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-03-31T16:01:00Z"
    mac: ENC[AES256_GCM,data:AawTzIXyX+3FyFpw8pXFeVJJtXN7ZpTFnUqhedC2vcbbNUzMMt1X0SaxtNNJ5chZI/tYHn59FT6zznl1eO4Xn29Zc2Up4dkT1BE4yqkEG0hiCFXrXMz/PaHfROzBhIWCVyF4fYj6MZKg1iBBxhWRqhJlQ1q4UVkoaITRUKpFJgs=,iv:3lTPOQ8VjmP3WNGbFK2yLU4Ks1KviNS/l7TH4SnvSUs=,tag:KUbAU6+76/Uxj2Wn9EnqnA==,type:str]
--- a/nixos/machines/lobon/configuration.nix
+++ b/nixos/machines/lobon/configuration.nix
@ -4,6 +4,7 @@
    ../../modules/mailman.nix
    ../../roles
    ../../roles/vm.nix
    ../../modules/vmNetwork.nix
  ];
  # System configuration here
@ -15,6 +16,7 @@
  };
  networking.hostName = "lobon";
  vmNetwork.ipv4 = "192.168.0.22";
  system.stateVersion = "23.11";
  sops.secrets = {
--- a/nixos/machines/nodens/configuration.nix
+++ b/nixos/machines/nodens/configuration.nix
@ -3,6 +3,7 @@
    ./hardware-configuration.nix
    ../../roles
    ../../roles/vm.nix
    ../../modules/vmNetwork.nix
  ];
  # System configuration here
@ -10,5 +11,6 @@
  environment.systemPackages = [pkgs.git];
  networking.hostName = "nodens";
  vmNetwork.ipv4 = "192.168.0.18";
  system.stateVersion = "24.11";
 }
--- a/nixos/machines/nyarlathotep/allowlistPass.secrets.yaml
+++ b/nixos/machines/nyarlathotep/allowlistPass.secrets.yaml
@ -12,47 +12,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R3NHZDJYNmtPTXRuOTdT
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL2dqdWhPRmFHcjhqeTE1
-            N3RsRFhGSzg0YXBRQ3Fhb0lSWGdXQU42QmtJCnpHVVFOQ3EvRkcveWFxTlJ1aE5v
+            YzdPbEpHMmhzVktPVGxKcVpZYTJ3WjFhcWg4CjEvclpTYVJ6YUhKeG1VbzRYVk05
-            TkJCalROOUlXUGlTQWtMSHBFeldtT3MKLS0tIDFGbk5mcEtiYWlmU2dRbU5mQlUy
+            RDUrcS9NbnYwRFlwSXY2UlVJNDRwcUkKLS0tIDVoaXQ0TFJONVM1WVg4VUF3dkdu
-            Y25Yek4zZXh4eEhTRFFKL1YyV1JMWDAKq+RQgWaaHRbkCy1SRG88fq67SkZZVvWS
+            SVFIS2taSGV1K3o3SnpIRERaR2YrZGcKR3QRXITbg3rKZLAiZk/m9saT/46jULEo
-            5dQEs08WfnIucemMprC2TC0+M9ULfow8fugZfj/bg5P3qmt3W/eHlg==
+            a7HnyFBYYdEcHxs1KT3FfGTRjr9vLRmU5+KNcOo1AYM9xGERmqOjrA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpYzdPd25RTTd6cnVISkRE
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVXZoaEtpZGF1OWViK1A2
-            alFNVlk1L28yZUtBbnVJZCtwbVFkMG9IZlFVCnNSMWpqS05CMWRNZzh2bjBUak1M
+            OWtQK0xGT3crYXZzZUhpc2hleUNmY1VKc2hBCml0RU1zL01lWWhpUmYvQmJqKzZF
-            ZmR5a3laQTI5bFFjajg2dnd4QStPc1UKLS0tIDhiNmUyc0hYNHdIdEt0KzMrQlRx
+            OFRMSkU5NHVSL0hiY1B3RXZvUTZtZDAKLS0tIFM2T2szQUFCR1EwS2FLSFRsTXhI
-            aXFyc1A1Z29SRW54bnpBdW9JMVR0TWsK0bd4nTajZj0f0wEba/SJfVTNlSn7lmgp
+            dFFEcDFWT3pWR2JUNFpmTDdaZm85aE0Kh4PD2b/cMOtL5k/mBzqvympY9iD8KP28
-            hsp/D0/s5SHeCas327RqJi/9dlyPzJdKc7x5nwLpKZqUj0IihuVBdA==
+            jF95w5ED53hpTjYJmeTC3Buk1FcTzSitt8MT1RGI4SqlF4D/230bbg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOU10VnphenQ4T1orajNo
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRmNQblgyM3hqQnlTeE5h
-            d09GSHJwWGlmWndOM2gxcHREaGZTaFFnMFQ0CldzcUZoMkVuS3RoaXJLRGRHQ3dD
+            d2xOQ1ZUbDdGY2VJR2tvSUdBYTIvYm9zNm1NCldleVZQRHc0bktvcnAxSk5aOVI5
-            WVl0L1YzYUtVdDV4Z3JRRU5wbWFIakkKLS0tIFJlclRuMEJOV2R1YTJ2VHVQdElT
+            UWpWOGdxSFN0V2g5TVRoc0xGaHhZL2MKLS0tIG0zNmRNbWp6ekxjTDZzMitJK0x0
-            QUpVcU1QYm5xbGhVSFoxY2k3NVlBMWMKRtC+z5uOAIxZLKoVNcHqrZgLbYRyHmCs
+            Qnp3ckswMmdzRDhBUzVDQ0NLVkFzTUEKsUE9u8fzqEOhbIffeF1nhP2yPv21yZoN
-            Oqn1KZheZn7e66Vx8Yddt87DY6Gd0nUYOogZY3yoQFeTFbw1/jVxAg==
+            llKJ5FDD1/SFmRlxTLRaAOXxTFbVwwexh17i9bGAUKyywyXXijZcSQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcm5wMERZMCtiaGpEWWxy
            MExUZGRUU3hUcURrOWROK2FIQnZXelRlU2xBCmJHWEhqOEVGTFBNRktEUUVsRkxj
            TjZmVHFkdTArOU1DZ0s1dVpmRkw3djQKLS0tIGxjNXB0N0kzSUZLc1RQelFJZmIy
            RFc0Vkw2M3VkQjZMOHJDd2ZTUWh5bjQK0VcnCr0PwnVh0CWfQZTJIVsyRu1jmcuT
            ntr2M+xj1dtbAiLUffg4T8qszb8fDMr0X6y11CJ1AZGC1Kgn8AwJiA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZL2xVWjZGZDViTHR4dEFi
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMUNURWlHYnExZW14d0Jv
-            QXRaNGtsWElTYWt2K3N5WDd2QjgwQ0prRVQ4CjJ5azl0WWc3UnRDWkVVRThTWW1R
+            QXIwbklNOUVUQnE4MFUwWlRxcWQ5d3BlQVJnCmUxbDVhVkJ1WWlrT05FUWF5cWQx
-            TlVSUXhBM2JjVDVVNThpZjgxRlEvelkKLS0tIDRGdGFFYVlqWUxzbTR4U0ZBaGwx
+            K0RKTnR4bmlBSSsxYnIyQmwxT1MwNmsKLS0tIGlxclVTMXlscTRNRVFsdjBUSkZF
-            UUVnU0x4cUFDZkRJMlJHMFc0cng1bHcKKFz0Jo5h+7bn+7x+aQ4FxkrgV1q7BZuZ
+            MWhDMU54Q05EK1kyNU5pTjRWeGNtTjgKNciChLoT3SoVSSVNUqQwLxTM9HeTQeHX
-            qCuvYONfNW2AHZX5Lik2zmBfrze34ELBaOECcYhTVk7RfiNuyH+S0g==
+            VUEooMETXOkdcnRVbJMz1nIO9PCqFNXK0DA75fkpBSYpAGRsVZZ2UQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-05T13:49:19Z"
    mac: ENC[AES256_GCM,data:i7t/Hb5aW0lIvPLk84geQ792uUGP25vX8FC7kK/3H19tz5i4zsIcvl1d+oB5gJ004gP5pRogcuKL1xHUUl+A0UXXNzRpxc0BBVZaxnIhjfPunORbmZeJQRP298tQpvYYqI/pGhjrlit37U9jecGf1l12Cgv97sGW42d2F+S2Soc=,iv:My21fMF3SEr6mg2+eh8KA6B8tzmQVEDy2BG3hfkafrU=,tag:xdU6j8ti8Z68rbiRxkj7Pw==,type:str]
--- a/nixos/machines/nyarlathotep/backupKey.secrets.yaml
+++ b/nixos/machines/nyarlathotep/backupKey.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZV0pVY2FUV25sNUFTU0J1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwU20wVE1YVEtYYnl6OGNu
-            amxNYnJ2ZHd0c2psZC90aFVDWGVlUWZVSG44Cmk1VUZiWGR0SnFxdGlQUEUvLzIv
+            NzZkNmxDQTNzTXFNdDFTM3RuZWdPWlhLSWdnCjhSVTNjUzE2bGF1KzhpT0dLSXZN
-            Mkt3dTNQbTREblJEMFRNY3FNUDdrOTAKLS0tIG9UTTMzRUhLbU1SQjhsTmhmT2dz
+            Wk9BODZGOUR6d0dzQ2FFQ01tTS85bEUKLS0tIEVYYU5jTDBVZkRkZTFUUTJmTGZL
-            aGVJM1hvbmNjWkpGMnFkc20wRlBkV28KBANy0/l04snTsNHWDnxEOObMVsLzNmYx
+            eUJUMGpjSE40SXZ1SXhKQnRJN0p3OHcK+VCaqOcWZcLA4NW2G6xRGqZE4pMet5GF
-            gs3yXgXGAHFWKLGvrwXPo3qRsW63hFt9Ujtd1YnjMLobisbi6KyMlg==
+            68v9wJvY765fZbBMo1GS9ImxOrXSxqqXPI7XMbFnUskNthd6y1y5QQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZEhvWXdNQkpEaWd3clk2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK3MzU2s2QXpOblNSRUJ2
-            RTNkSHZEZ2hjNy9ZWnRFUHJQcURhVWVWc0RjCktWZFJScU5vZmlZSEU3dkFPYlc1
+            Y1RPM1p0Ky9xZUtJVVdEWksyenVKTG0vekNvCk9JZkFHeFhhM0piNVJtV1JqcHV3
-            VFI1Qk1rdWJwNG5JVk5XQmJCZk12WWcKLS0tIEtqYWplZ3cwT0JnYzJHUGpFYmhX
+            WVR4Q2Jkd1hxN1N4TUxoL2lnSEMrMDQKLS0tIEVjTUZNd09FQVpxTXo5SXVoenJv
-            UVJSWHAyUE9iUnB6NVdQN0ljQlkvdlUKFHT3cOT3qQ0LG2H0ve0yY+KYr1y+Flir
+            UVpqSW9BN3k5Ti9HRWlZQjdCVjBZK2sKv4EDhNZp8i6X3kh9ZHprazDUyeMwxeZv
-            LFOfTga5xhp1P436tmpJgLHz+XiGh9Y+tjw+F5Rga6WWDAONPSaf7A==
+            +2cPHo8n2onlYBayDvjWrh0RhId2s8WOC592GMoyVx4U1YY/qxTJFw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Q2d5VkpkN2FwUVhjaTFL
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRTVMZWllUVhMM3FiRjR5
-            dXZ5QWdCanJ3c1ZsNjZoZzNTNWJoeVlFUzJrCk4vQ2tEUWJXYllNdTF5dC9wazNC
+            dFRuRVZ5b2dxNWxQYTFXOXJvZDZLcFlXQkg0Cjc5ZUphdmlybEgyYWc0dWhzdUhn
-            T3dsbGRRN2tlMmpSVzZsbkZoSlJ4RW8KLS0tIEUwdEw2S01JUVVRWmgzbnJZcjBm
+            ekg5bnZKYks3c1JBRXpLeWtyUWt6M1kKLS0tIEN1dHN5TXU2azgxZ1MzeFEwVmM5
-            M1BKdUJEbllIRHFEcFFOd1NZV3hENmcKcefMMU+/yirj/fGLBoYDJpU9Mjdt20m0
+            MHZ5SmxhcjZHMzllN0phby9McjcyeWsKSljECJAJ6A59UJFR4uzZU2o6cmAOhB8+
-            +ZQHIrFTlucKrRu4acI5/6aFZOGElRZMPx8aH1eMOPsubIdzAqnQzg==
+            jIfZYIVoKt1GSp6vPBg7XejkeZ/e1FlREWEZ+9NxNwG1G+2fps68AA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcm9GSjdKU09Cc1VocEFF
            R1l6Ykxpa2dQSWFoT042QllyUFAvOW5Wem44CnpzM1QwRzQ4SklOTXA0QXpDSEQy
            S0JPbmFESGI5TTA1eDc1SUhMYUk4clkKLS0tIGNEalN2bURhbzlVWFdCMmRLdC9y
            VnBRZzdBYkIwdzJObGZyVnRLZ0x3M3cKYA8mXXkJ3ddD5feXkFYGY+vHsfexLKSD
            TFrz4O/ttG6zjKo3cfC+0ngVWaMgEb7K5LVK5A9wUu709+mGARUdQQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVU9ka2JjVFJzR3o0bE95
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeWhCR3RqVHVLTnl2akox
-            dVBkTDZxQlR0d2o5VDNCMC8vVmlvZDMrd3pBCitSYnAxbTh3eTZYTE5WNWZ3ZG5v
+            Yk9tTXNnM3B6aUlLSFVyM3JCLzh5cVRkcVZnCk95b3FPVzNGZHo3Ty92WE0wMWFK
-            WUs0em9QWllvSkNLVkxmK3hXb3hOcWcKLS0tIGkvTStodnBYTHE4am1mNzhnTWx3
+            Vmk2ZHllVG03aXNFZDlta1BWcFNOeVkKLS0tIDFsRWJmOEZ0ZGN3THF6U0ZqUEFG
-            aTl4TVRMcy96aUpwNkJDQzRTc29FYW8Kz4Rx+5TqSWgP5J4L22qzMXT2pvUxEe2N
+            cC9ZVEFxUUJIWXRvS05PdXI1MzJob28KoehQSuQwkbOQyYMLj0wnHKo2fsqF8IA1
-            c0BRgL1aN8koscQxmuB5lYiKhWtuiCfCMysnCX79C/pLVcbSRm+FUQ==
+            m1MhZbCeBti8dYshRc6C7ktYHQgZ011+Iu1v7eZD33wLvNPf7CUxlg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-23T09:05:51Z"
    mac: ENC[AES256_GCM,data:yYBzhvg1g9GQk+Os6wkzNE3FyXIp7N2AnxuzPfexoA0aWXhYD2zQ7ylTiRGZLkbSODezXT0pD9sjYFN8yTXuY5HMIlCYSCPQGIUblZKRqB0EES3JyhQ4bULCMO7pXrsIuAICzoWM9vn7RQ9cVbL3N2rocYiSURhsGuMA47d3QFk=,iv:xS/am6/hLq2sQGB+vMzS6ZqmFr1ZOIDj1l6b56nVMhE=,tag:erNYX6U4/uSlSUBpN7kKiA==,type:str]
--- a/nixos/machines/nyarlathotep/configuration.nix
+++ b/nixos/machines/nyarlathotep/configuration.nix
@ -4,6 +4,7 @@
    ../../modules/mail.nix
    ../../roles
    ../../roles/vm.nix
    ../../modules/vmNetwork.nix
  ];
  # System configuration here
@ -39,6 +40,7 @@
  };
  networking.hostName = "nyarlathotep";
  vmNetwork.ipv4 = "192.168.0.17";
  system.stateVersion = "24.05";
  sops.secrets = let
--- a/nixos/machines/nyarlathotep/dkimKeys.secrets.yaml
+++ b/nixos/machines/nyarlathotep/dkimKeys.secrets.yaml
@ -9,47 +9,29 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJekVDYzVJaHFlYlNadWdQ
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VnhvWHdsZWNHemlueFo4
-            cDlueWRlZWcyTlB4bVA4dElZWFVpZUF0SHpvCmJCb1F4VkJvV2lPdmJMS3J0eHBn
+            L0xCTGp4NlRuU3YwRWJiSHFBbmtURTNMQkVRCnlSbFc0Q2xINjRvU2tQeStQc1U5
-            RFVyWUdQQUtONjAvZVJSUmZpcnFMUWsKLS0tIExuOUtCTC9Xb3g2YU1kVUdZcDB3
+            VElxcTVuNm9MUm01RkpGYytrYWg0czgKLS0tIHZqUWhkMGRNNjJvUTQrOHBpZXVS
-            RE14Ri9yMVExNDJyek9JWVBqZ0sxZzAK3HkF0UMZqsrbtyjXO7i94sgsyJDHRIw5
+            NlpjeDQxbVZIRHFCcmNtT1JSVHp1K2sKSNcC0fcOar/KKzs1twaozB8wfdFT9OdB
-            Qgupvo8KZKPRgCUiyqoyva8VXPMemaMnfzPb9Pt/0nnMaU33SFiV/w==
+            4quV/ycNpJpfs6+2r0RTLBxYFyusybu1swosAni+PJsRXS82+PTXHQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSGhxN1ZId0lFbDYyYVJn
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsUTUzYzZuMkYvcTlrUmRK
-            USt1eUhsaFk4d0IvQVZDYUM0SFBuNmZkNXowCkxySWdpKzJZR0pLMHkrSWdVVkRx
+            aStnak5IWitFUSt0eVBQOHIzcTlrMFRFTjA4CmlYUTdobXFUK2tYMWtFekNqNnhp
-            c0w3WTIxOUNpUFh6YWtJdVhxU0tFK1kKLS0tIEZLVy9obEgrWXd4Q1hmR2lhVHJ1
+            R2RRRFdHc1p6bFVjYU9lbTRBeEM3Y2sKLS0tIHdsRW1wR25pVkZIYU1yMm9sQXpr
-            dzdqeERoRktBQWZuZ3RhbkFYVnVIZ0kK062yYrrdVo9SOuyY8LgfUl3lwBC2S3M+
+            NFhiN0pyaHVWT1h5eVFXMWZDb0sxUGMKIVkYYheD8F9aaAyCA+m9ZGlV8vKbAW4r
-            oa/osBnxzY6Wcp6j9/Yf5/pwXLdHHhkOdgS7K16Woe32t6//boG/9A==
+            H6FUe+ats30abxoYfHZfMJv17BxJtpodksSxWjnPYm0dfRf/EF/vSQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOVlzM1BZSzNQM2hLUWxL
            cHNtY2syUlozZ016YjFBcmxSS0FLajNxT0NJCnQyQkxXY1pWOWJmSmtoWUNFeFlk
            QXFnb05UYjhrclJWb2tmWTM3dFFSSk0KLS0tIEluWGhZdVFkOS9nbUc3bjBidzVV
            YlJucVlacmk3WHF2Q0Y3V202Skh1VWsKVuOTu7m9aTlXtLZTSW+WRm2Y7XkeLZfD
            IozmAev+C1qf5KHoSL2mlhpzWFge0rZJpAPMxbSykGaOuPW1wXEPGw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2c5YUpNTnIyWVRLR2lP
            dzhuUHFxVDBIUHh3M1l3TlVmV3VNR1ZyWUhjClE0STBSYUtTUVRkbmNMRVhpS0U1
            dHRXRm1CbGhqZ1cwcWt0L1NSSGx3RWcKLS0tIFBFbDZmWDVFc3lrSi9Kb1Z1cURI
            d3hmZXUyTUxQRjlMVWhPTjliM0FMQ0EKkKAwVQUpLXly+lYNTgqFWc8uYv288nHv
            Wnvdx2S/6CkdzKfcrSdb75hm3+sWlrYkD8bSWRneBKytVawhMZOThg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SzlST1h5bzhMOTJ5OWZq
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvU3NzY0Uxc0NhY2xJZyti
-            cXJJbTRjQTFDLzZvemt2WUFEcGtCbytJckZnCktsK0NXejgwbWtETnduUXJ3alNm
+            TCtTS1crV3hzMXZNV3k4cm0zUFNuY2tBL0dNCnNpYytoaUI1eERhdG1PUlZ2eE5C
-            QjFVZDJ5UXovTllkZTVDY1NRK2Y1TzgKLS0tIGxWYjBqNkZRYXpja1Y5UzBNWEhk
+            R2UrVlBwcXR2L1VNR3RJL1lEQmlTSDgKLS0tIFJyLzhZeG5zejFmL2VkYy8xVEM1
-            cGdtejVQQ2hsbWNlTkMzVWdKVm0wYU0KVPSnMAsMt5QlArKokgmHbRp/+UcFnWzi
+            U3QwOXlRdU8yd3ozL2hUVzRXNGE0bDQKT7SLAqICsbFmRUF+3s2avpBt0dLUbHLX
-            PWA1Ypkz8SrHtZA9XNeXeav2uRHFVHn7gYuSi9aGojfYJmwQTtbrRg==
+            AgQzx5v6GpMMNwCkCrOnpFX6al7zkRSYHe7hbn03BBORz9mPHek5ew==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-03-02T07:58:00Z"
    mac: ENC[AES256_GCM,data:OvERjDFfHTJbTfwq9BmXBQy6pjeyIhao6zP4we0KeYL3skbw4+aaMixjUFzjauby0C7nJjEPBSk6pwK3lN+rScS5g7J8tTNtmhfEDQbfsS5zNDKzIQjYxbUbDr2cTPWwCA73gRGMwLbyNvdfuEp46jNV8OJ8km/y2nyG9lDcBb4=,iv:0RSU2MdZWiYEapwXGzevP9/vc/Sk1MS6a0MnCRQyIs8=,tag:vvngXS2IRzH999yzo4JyFQ==,type:str]
--- a/nixos/machines/nyarlathotep/koma.aliases.secrets.yaml
+++ b/nixos/machines/nyarlathotep/koma.aliases.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtamVaWThoN0ZpbUpQRDJw
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYmxCQk5RdGxjb3YraVhS
-            bGpBemtNb3AraVBzSmowY1NhUlp3UFI5WFdRCmpPNGtFUSszWXZsdzhVc3dNK1JX
+            NGozeUtNZjBISFArMk9iT013azZUdUtkMVg0ClJ2dFpsUTRoWmlaQjFTOFBuUnJ0
-            ZDRITHVYaWp0Rm9xRkh4N21acWlQazQKLS0tIFF6S0d4czY4a3VsTkUyOFIvbTdu
+            dEZhSTd2c0JRdjJDdTRacXRMNk5rWGMKLS0tIDQ5eDk5NWdiQ29Qd21jcXE0SWFI
-            YXVTZzlFMThxRzE4Vkt5a3Ywb0dzV0EK8jYbkEosl+jhUB9HooENR7afTYEjf6FM
+            Yms3dVFmT1NBbEZVNENraDVzcmdCYkUKXUpP2S1BNrZNVJWpHOeRljieo0WnGsfF
-            ntxN8+Ik0ui66nZjQV7p8B8bEa2VObWp3QkkJMHu2RzsfcvybyV8bw==
+            DKsc+3Xa2T31ISsErnM2nC+ie3Xwhd/W+kzvWaIpZDw+jYHreVTM9g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNW16QTFva3R3a0VseWFB
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVGN4bW1FMGI5elpkWHNK
-            QXRaQzFFRmE5RDhsZThpeTNoMW9YeWN6bDJZCjRaOWZTVCtsMWVYTWlUWlpQcldI
+            TXVEOFh1bWVyemxzS0VOdmNVZFp4TSt1d0JzCi9ZQ1ZJd0FoTGdWSlEvTVh4VmVU
-            YjFTNHdVT3hrbm44eW1JdjVMdmg2UEEKLS0tIGJRTFkrZlpPZlJSZXhTckxDNDV0
+            MHNDVk9oYlpVWlBvTktJbWRJVXFvSXcKLS0tIEMvTCtmdldOYk0wTlUxSXZqVGRn
-            elRuK3pxRWVJU0YrY0tQbDFtVDF0ZXMKVjD832/sHWsq8wVNdCG32aOxURoC/GMI
+            V0NZYmQrZzQ4c2t1OFBKazY1dnJmU2cKHDw0nsK2EODeR6/ouZXAgxIXTf55iI87
-            RaBkivFaY5VH62wBiGxysVR0wAzhomxotaXBQb1oOd17V3vzzqgbKg==
+            mvN255aANofIKW8/by2mECU7fRRkI1gZn3lp7vy8iUPb0979A795Vg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWnhTM3RpUFNyY1ozK2ZB
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUW4xTi9pL1IydVIyL1dj
-            ZVBaYkQyN1QwdHgwUmRXYWpvV1BFOU11bTE0ClYxWFJCVFQ2MS8raUFuL0dmVXNB
+            SmJGYVhaM0swZVRSNncwdjY2ZlJkeUpCRFZJCk1jU0NnbFBNdzBTVzY5OE5MbE42
-            UXJwbzZLV0FEVkpHdmM4OHNHWnVQakEKLS0tIEdJczRjU2x2NmltbDFPanNreFZz
+            OGtTTy8zcTlkZlcwY1lpSDBQNEluZUEKLS0tIFVTWHZCZ0gxM0x0N2FPeHNuU0VO
-            UVByUUtOZUpFQ2lZL0FRMmZ3OHdNV1UKpCl7y66hRcrfXEbzdWmmqGalmLF3mtpb
+            U1JReVBqMDdrTlJ6NWhsUWpqUU5RREkKjEBva2DIWC8b7FdE/78zWeBCjHqBXY0S
-            I2SBDnFrDXwGzvEm4ws/kmUtgwgs1d3xlHfLpLlzEXr5yv2V9o2weA==
+            c2gEh8aHDoI7MRndSqoye6SLmqZsF5SDAcPT8BJs9OnXjB4V8t+iQQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZmRpZWZCSlFRblpKSDN5
            Qyt1aHVITE1MY2lqQkdjU0k3WTFkRjhpcWxrCloxcnpXMDViQ0g2SXJKYnRIMDkx
            dXJjTnRaVmx2bmkwRzV4UUMrOGljYTAKLS0tIEZibUJGQTdadUhhZ3FlUy82ZVAz
            NVJKdU52TEFqdzN3aytDSXZOWTZadncKSpoePt377xcWNOQDY0vC5NTAi4eez4aB
            FHEcwI3IVEaqBT5BX+JpZY+JWNDwmZWPS9oxyvAmMXa9XRtzbYElHA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHdkYnAweWQrbEJHYlJs
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdWNRN2dRSHV1a01pK0FG
-            ZXJndlhJenVkRnF6N2w5ck01TUxPN21GVFdjCmlhVXE2VFJyY1hIT3BPOW91YWk4
+            MjR4MnEwTmhQQ1dKQUNoRnFvT1ZnRGh6UVZRCjJsdDg1QkVyMjB3SHVlNnBITDFB
-            Sy9CdHhCeXJIRHpvZ3drZlJOY2xYOWsKLS0tIEFYWFZ5UlFNMlRxSGVIcjNrejJ6
+            V3d4VUVhNFVieHpTUkwrKyt0Wm1uNzQKLS0tIHRpZWZaenZWc0RPUDF4WFUzTWlQ
-            RWJIQ3dON3lqQWdtdjdXWVZwZlAyS1kKuP3J9QpVen82D/BRksJyk8TQtsWp85yQ
+            cEdrMFEyL1doTjA4Kzh5cDFvbGxFUTAKplJpFXx3UJ102IBvvaTyNPbZ6t7MM1kr
-            3wvod1vT5Sg4wW7ELejgXJG7M0UI++47z99/LF9vZ8xU84ameGDNlg==
+            ORpuT7HHgMSfT+5EDEbUGjyGbxJIZu8R+bv56kW0nJpXHXUPdLqQ/g==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-02-25T17:41:29Z"
    mac: ENC[AES256_GCM,data:lZ9AXtJzVuc8Jg9L0aGhS18cs8pTjOG/xNP2tG25/7/PEdEV1SNwbxubGQOFAHrNbiDbmJMKJq96mhV8e3tHszlrzQnU1uyu9MrWiAYwV3CjmwSqC4J9ezSm/AY9e9+OWKn6sb4RVsz9A7aDGUhhoZMycnPNRKlpTuzdTIJK98o=,iv:LxSsZoHkJ2HFXBLWkw+SUb/LYW2ciE1DtzpoV4YLOwQ=,tag:QeYmreRGZk4PqlLWJLLD8g==,type:str]
--- a/nixos/machines/nyarlathotep/mathebau.aliases.secrets.yaml
+++ b/nixos/machines/nyarlathotep/mathebau.aliases.secrets.yaml
--- a/nixos/machines/nyarlathotep/mathechor.aliases.secrets.yaml
+++ b/nixos/machines/nyarlathotep/mathechor.aliases.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZc2dLY1c3bnlkYmVtTVBh
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnamd0eEV5ci93VE0wYUFk
-            MGs0Uzc1a1kzR2hEYTJvckV4eGN1eHRNNFZvClVmL3E4ZmhXQStUamhjU0dtRGZK
+            WjFKdHlvdUUzcVZKOXZqWjlibFlWbzNyY0EwCkdibGxsU2I4YlhkTXRtRXpQY3RK
-            VHVnL2RuS1puMEo4b3RxWHN1MWpCYTgKLS0tIE83VzFBUCtDZzBjT3ZDQ2hjcWpq
+            V0E5SEZaMVJHOE1xTW5ubzdvZEJvM2cKLS0tIFlhekt6b0loZFkreFRVQ3gxVHhp
-            cmxZSDVQZ09ZaTF1eDdva044VFZJTGMKVWfLUnzuacKEApElMrf1zFNUh+g9d5Ub
+            MFZ5YjRlTTBuUU8zS09wU2pVakpXc3MKVg6OF8lgYRzlCgQs0/YADdQkKeXITevl
-            u5ZM9ykLVZrY6XYr+cP+OlDfdOW6+DcDqeCu+wpUoj7NqJYIGTRTjA==
+            LnA7J6/rCLt04YXlsp2GzvFJpXTdSVU9E7MV+bNS8e2ilgpFiBpZHg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSmtOOGtaY0hJY1REaXdq
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUkVPMkd2UWJha2RuSm5B
-            NWIyWTJ0V2NLMFhscStURFFJVVQ1bFVvS3o0Cm1hK0o4WmFkcmxiaGpnb2xyclpx
+            UlNGNnNiSituMldmYUhyT2RqSU9XZThySFQ4CjE4eHFIdTJEenVGeHJDaG9LY3N1
-            RnRIZEVUcHc2cmgxTkk4MEVMNHVtajAKLS0tIFduNitLVHhRYkJIWkNpRWRlaVE1
+            WTNmVWNTcnlFZkptTGsvdzBLeWNqdkkKLS0tIEhFTUYxdW9ERkpoUGdVYVg2ZGFv
-            bExKVWZDSjdOK0U1L2ttUXRyL2U5MFkKFXFLOQ/6wyWyI/XEkgWOE5IQ9KzkpBUl
+            a3BWVThndTcySTNWclZ2bDZqUkhMSjAKcwml/zw7suq80SiC2ll1g6TZ0Z+lYA8w
-            yACV70Wl4kGNs8U3PIPf3UD+M4WwbKGcZS3cLTmXlijbh6bCoJdC2A==
+            cKrVjXRbF8hZJUafcqnkeX2UlAWEriRfSFRksWlJvU3bKpXcpr+eGw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZTNXdi9GYTNZV1JZSWp0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTGhoZmhBcHZMOUxhSEhR
-            ck11Qmpzbkl3TmZHTXdKT3Z1cEkvQVg2NjJrCnRPVm5yTFBWb3Q5QWljWm9Eam4z
+            TXYyd043S2ZVWlA4d3dxTjEydXQrR1BHQVNRCkZab01nWlVtUyt5ZkxQeGw4UEd4
-            dUR1bmY4WUl1SVQ2S1lJK1JsL01sVmcKLS0tIEUzY1p3WmVIOHpvUnE3TkVnN1lw
+            c2RwY0IxVkRweXhoazZEU3hqRkEzdG8KLS0tIGhLQ0ZXaDdTVHNpcjNYWVZBL3ky
-            anNNNFg0TU9hRDZCM3VWelZYRlIybU0KymqMqMpBX2yYvjEc1AnbhDqhxWSp18zs
+            Z3cwSEo4OWpxUEthMUs5RkdSRjM4eTgK2H3gbR7LFy4H93MGVeuYT1KyIfJVT7Vv
-            YQCL8kXndPzpKnPrmPFrTMEVjjoMsQWdYl6NydkVyi4eqnzoEUPfnQ==
+            vVj+uj0iWvEhj7KRGzai8KenwqyQh8bjLdV05HvV+EBNNRpIvukmEA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4anlTZVBTT1U2RVJ0SXBT
            cEh3SVd6cGk3OGxoaFJCTldkb3UzMFZvdXdzClpzRTl2RFNvWlhBMEhUU0pvd3Y2
            WEpIZmVGa1FpbmJxR1dWaGNkRTBhQk0KLS0tIGJZb3dJbDE5YWxhUzFzZEtVR1Ur
            TjJERlNCbU4vOVkxQWxUQWhCVE1mRkUKlM45rlmhxlwnxmJTyT7Ee+zZx+DBgYIt
            gj2OsZqRMSbY+zsKm/fvihb7iQm6hN9NSNjP+raCeS+w3RGi0Q1Fvg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3VDhFZmpzOWhyNkdKL0RZ
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTVQyRDdGQ0E1VkNBZTNZ
-            MHd6cUk1aVF4NEsyQ2N3REJ6TzdtdzhmdXdRClZYKzB1T1pHei9ydWpLbndCd3Bl
+            cWVsYjN5MVlKcmR4c1VOVnp6UGdDNENEdng0CkVVZ2orOTgwMC8xeE90Q1d5bkNP
-            cFcxWFVIQ3Y0ZUhwaW5jbVlCNTZoeGMKLS0tIDhIeTRvUzF0WEh0d2VZdStWV2wx
+            OUh6L0FzZ2pzclF4TVpwUHIyRWNYRzgKLS0tIFZLVU9wRFl1bW44d25zRmRqRHJQ
-            anpiQjlYYnVKVUJHNkFwK2htTDg1TDgKd6cVLn+S6og9RPr0mzNzVZlYFuLukfae
+            Z1I2c3h3TVIyeTNYSzhGbkV3TVZ6dWsKdxp5Lqlkk3Awa/G9OwaCyHBM4OHxu0Gb
-            YD/4tkL5SKLEYWXO1FgnoO2G5/hC4Z8i4sLpKsV45iWm+AQZk9zWvg==
+            cmzw0frdL7+EUiLzxoi7okXhMluj9R3G/lQicDq0+5tCjDRPkuOHcg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-23T09:05:51Z"
    mac: ENC[AES256_GCM,data:Xnulo0681LtgH9SZt9DL3nd9bSDH+TCQDvbKdggVBJ66rxBiKmlbu5MAblAWqxbdZ6EelldaVeX9OaL2rYJoYbTWxzw2iuPieldp3Ah3PsTI2C8W+UD9KVHcB+3AMOmVmJZzFlZvTwyfPfZRNNb0HAijkN97P3fP0r1Iqf3YjiI=,iv:vhu38HM4e+PyyChXvI87LWSGtKQQiXUr4MKrI7kotzk=,tag:eNuQD74kUO+duqEXNbLJBw==,type:str]
--- a/nixos/machines/nyarlathotep/stalwartAdmin.secrets.yaml
+++ b/nixos/machines/nyarlathotep/stalwartAdmin.secrets.yaml
@ -8,47 +8,38 @@ sops:
        - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQ2RyL243Q0Z4U0ltWHhY
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTDh1UjRDemo1TjE2VzBy
-            UmtxWUEwekdHanVNQk5CczhvVCtJTklYM1VvCk9kcWxmdjhoakpHRGFnVWtvak92
+            Zkh3NTBVVmhVL0oycHJCRXVnR0hnSWJTakhnCnNza2o2NTFHTGd3WjliUlp3M1BR
-            Snl6eWN6aTRIRS9RZFZCOXNxMFJ5WE0KLS0tIDlHUGhoQ0hlRWNkSElsei9WQk82
+            VVltaldhcjRUSXdtWTd0RHBoNS9UM2MKLS0tIEJTOWpxRURGcStmbUs2TzBSN1FC
-            dmtWZEJaSXBOVERMeDFTSmdycWtSb3MKlJXD4NDOQJlnlmroVvpnUjFZ1TtUQZhi
+            YVArVzdqODYvRTkyVFRVSERiU0pFMUEKxiFM8xnNtQvAPeuSd/rAhRveqS8dlp7Z
-            tRsCWvuF+HIfp42wlxsQG34T5ql5ngleLvAvwksKYTugLzD36BRDQg==
+            N6q3vXaL72Fb3KOMKN47OXE1Fevra5IyB51Fc3NDX2VQ/H5dg7xN+w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqN2hpeCtBemdrdmpQMGM5
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYU50QytQQ3hVNUg1cFp2
-            ZXFSTTROZ25QMThDeFhRZllXdEY5bWVaSEFjCmFFbFZJbHNabzBrdEg3azNtSTh6
+            V3lQUWJJczlzTG8zc1BoRnZEYTFMS2NYeUZJCjRPRXRnMDB2ZGx5ZGFpTHB3Zjgz
-            WW1GekpVSzgvUTRSVTM3MHhoRCtCcXcKLS0tIFdwMDFBb3VyTmVrbFBOU3QwbEF6
+            Qk9XNzN5ZjRpWFdKdndEd1oxcTRUYXMKLS0tIDBZYzc3SDdHVXVHMUNkV1RaZ2tz
-            ZTBsVWlaNVZqWk82Njh3ZEo4bjF1V1kKFi97lFr4i4vZGhRf7a8gUZoQar2BmOO3
+            NU9JWWtxdXhPZTlQODFZM1FpbW1mbjgKJzsaoeNZSumYRWUbxEgdgtNZ/ykVr/Pp
-            XkLhtoPLQnSZJDYgH/mfHtdLUoI7OSKA0HtJpST/WGYXhkT+pdSCNQ==
+            ujlm5Te21pQ4Xna5yyTPdVecPPGFmIuF70F0VjwCdgESV/KbeYj32w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaTIxd2VxM0NzbXRtdlVl
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZENYOGx0dW53b0pFSUZk
-            WmZHaDFTbnQzZTFpNnE1Z2RYRmVjZGRyNTI0CjVERGVTR29IcDl1Q3VxUVlZY2lX
+            YytGRDNyRmJWOUh3L083TkdNQ1FOTUhSSUZzCkIrbk5uNGlSdXRQM1pyYmhZZHJK
-            NWZXZkRmSzNPWEFJS2o5QVpvQWZmQkEKLS0tIElwR3lDR21URHJCQUdnVmlCQUpK
+            SnIxZ05oT2xSUXdjQmFMeFVqMzluam8KLS0tIE1EbFg2ODBveGNzMWZlaHZwcXpn
-            RnY5TGV0R2x0emJjcGNGRWsranUyRXMKPfgDEKkyX+IerMp2LGgbVQgLiMy3FrJ0
+            UWNKREJ6STc0RHR4K0hIbkw5UG5vczgKhcGeG1kYK3KLAid9oQzPuJml3PEQaYwf
-            lzRTIynAl6xDd8Ux7yHrOxmLdLo1ocADc9nvHEOFjVmhojeLlyRr6Q==
+            Zc9PmY7aA6Gww9RY3aUGneLSUrpcdJRY7bDsYDbwve+CNO1Ln/+oPA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRDJ0TVA5cVdYVSsyT05O
            OWRwdUEwSmZSOGVjN0UvLy9td0NSMkk5KzNBCllMYWlBU1Z2ODZ1YkpTZmYvUXMx
            NGtZMWZLdGlISFBkWTBTNTNRdDZxNGcKLS0tIHpYMEFnMFY2TE41TC94RlJuUWJB
            M3g0WlJSM0RhWHpJUk9jZnZzajJKcDQKADZakgsCYlv6WiBPQ/HFBADk7UG4/NFE
            TWWlsjfIT4mTytnr0CYWgBLYV/XoUlQD/V+ta5n6kr2DNZGHVJ7fNQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByS0NucitnNVFDZXNGR1Zu
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd3FTMnEzU0xuVnZtSUd1
-            Sm5qTk9PR0ZVcTJMclVjQmJod0J5K3hZcmtvCi9tY1YyQkttc3hUZytkNVRDdTlK
+            dU1YVjVZU2dST09EZDdiMHoxZ0RXTUU3RlJNClU5UXRPRXIrdkZzRkxtK2RUSTEr
-            VVp6VUQ3TUE4QSsyd3VBZlBqdnhBamMKLS0tIGo3Uk5CZFhMTDlUSWJqallidVph
+            UEltNTlnWVRzOFIra01PNk9keW1YU3MKLS0tIFl3Z2szLzREN3ZBeW5pUUE1VmRh
-            VlVrUUFFVnF1eFlUb2h1MkJqM0I0NzQKVi6jGebwn2AFkTVLF9OkdWJ3wWmNgKpI
+            YytJNUt5NWRncmJua3o1NzdtK3JnekUKHgzr7iAqCfPT+oi0I3yn7CrhRLSXsKv2
-            IuJramt9a9I72F+laUpjtX4hwwlRLIU/GicUux3/y8j7GjwkoxdMNQ==
+            TfXTa4G88ume9S/awMF+iZigX5ubGHVOeuvOwuPY+EdIDY4E3RSfgw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-23T11:43:23Z"
    mac: ENC[AES256_GCM,data:GZ1Q67n43WU3fDQd6SGsD2EZgoaq1mzh5biy42cx6FQWlveK5lhb0F2HUuWWv5zSHKpslEPD6odvkQmMNCRY8NsvT3+KBAnHHU0aHzM9AEV27cDL4x6oBvO52EMxsNCMm+fXPD1CubQxfbfvx/aIuqb1sovgKGgwf4u6yqIrHJ0=,iv:ExX+ySMXhF/c1w2IP7y8mdlcy8W9Zxiy6X67b2f4AeY=,tag:shxQJdaW3HsG6sNY+zDNCA==,type:str]
--- a/nixos/modules/mail.nix
+++ b/nixos/modules/mail.nix
@ -98,10 +98,8 @@ in {
            domains = ["fb04184.mathematik.tu-darmstadt.de" "imap.mathebau.de" "smtp.mathebau.de" "mathebau.de"];
            default = true;
          };
          # HRZ/DFN does spam checking for us and this way we don't need to deal with their possibly broken forwarding setup.
          spam-filter.enable = false;
          # Reevaluate after DKIM and DMARC deployment
          spam.header.is-spam = "Dummyheader"; # disable moving to spam which would conflict with forwarding
          auth = {
            # TODO check if HRZ and our own VMs conform to these standards and we can validate them strictly
            dkim.verify = "relaxed";
@ -360,7 +358,7 @@ in {
        # We don't want this in order to not need to persist borg cache and simplify new deployments.
        BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
      };
-      repo = "borg@bragi:nyarlathotep"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
+      repo = "borg@192.168.1.11:nyarlathotep"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
      startAt = "daily";
      user = "root";
      group = "root";
--- a/nixos/modules/mailman.nix
+++ b/nixos/modules/mailman.nix
@ -117,7 +117,7 @@ in {
        # We don't want this in order to not need to persist borg cache and simplify new deployments.
        BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
      };
-      repo = "borg@bragi:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
+      repo = "borg@192.168.1.11:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
      startAt = "daily";
      user = "root";
      group = "root";
--- a/nixos/modules/vmNetwork.nix
+++ b/nixos/modules/vmNetwork.nix
@ -0,0 +1,48 @@
 {
  lib,
  config,
  ...
 }: let
  inherit
    (lib)
    mkOption
    types
    last
    init
    ;
  inherit
    (lib.strings)
    splitString
    concatStringsSep
    toInt
    ;
  cfg = config.vmNetwork;
 in {
  imports = [];
  options.vmNetwork = {
    ipv4 = mkOption {
      type = types.str;
      description = "the ipv4 adress of this machine";
    };
  };
  config = {
    networking = {
      interfaces.enX0.ipv4.addresses = [
        {
          address = cfg.ipv4;
          prefixLength = 16;
        }
      ];
      defaultGateway = let
        addr = splitString "." cfg.ipv4;
        addrInit = init addr;
        addrLastInt = builtins.toString (toInt (last addr) + 127);
      in
        concatStringsSep "." (addrInit ++ [addrLastInt]);
      # https://www.hrz.tu-darmstadt.de/services/it_services/nameserver_dns/index.de.jsp
      nameservers = ["130.83.22.63" "130.83.22.60" "130.83.56.60"];
    };
  };
 }
--- a/nixos/roles/admins.nix
+++ b/nixos/roles/admins.nix
@ -29,15 +29,6 @@ with lib; let
        "nix.mathebau.firespike.de-1:OmST0YGbAaBjPo5xSM5Bqwk6/W5o7B5CnW/NDr0NacI="
      ];
    };
    totallynotadolphin = {
      hashedPassword = "$y$j9T$7DJ8VXEx1oB1holOY5U5q1$rSeGtWxDCWeOLpqmmkxYe8DCnb6uowUWafMGODTPQL.";
      sshKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRXBT1k40iWHwMVcStnV8jbpXbT3DXrwRURC+GkxEuc dolphin"
      ];
      nixKeys = [
        "ocean.mathebau.de-1:G3Jz3mErIy8Mq8Ih+A5pbwDrx7vREcOpKgY8JCQ9dAk="
      ];
    };
  };
  mkAdmin = name: {
--- a/nixos/roles/hostmap.nix
+++ b/nixos/roles/hostmap.nix
@ -1,57 +0,0 @@
 # This data is taken from /etc/hosts from azatoth
 {
  bragi = {
    ipv4 = "192.168.1.11";
  };
  tsathoggua = {
    ipv4 = "192.168.0.13";
  };
  nyogtha = {
    ipv4 = "192.168.0.14";
  };
  hastur = {
    ipv4 = "192.168.0.15";
  };
  cthulhu = {
    ipv4 = "192.168.0.16";
  };
  nyarlathotep = {
    ipv4 = "192.168.0.17";
  };
  nodens = {
    ipv4 = "192.168.0.18";
  };
  uvhash = {
    ipv4 = "192.168.0.19";
  };
  aphoom-zhah = {
    ipv4 = "192.168.0.20";
  };
  dagon = {
    ipv4 = "192.168.0.21";
  };
  lobon = {
    ipv4 = "192.168.0.22";
  };
  yibb-tstll = {
    ipv4 = "192.168.0.23";
  };
  eihort = {
    ipv4 = "192.168.0.24";
  };
  ghatanothoa = {
    ipv4 = "192.168.0.25";
  };
  toth = {
    ipv4 = "192.168.0.26";
  };
  ithaqua = {
    ipv4 = "192.168.0.27";
  };
  cthugha = {
    ipv4 = "192.168.0.30";
  };
  sanctamariamaterdei = {
    ipv4 = "192.168.0.92";
  };
 }
--- a/nixos/roles/vm.nix
+++ b/nixos/roles/vm.nix
@ -1,6 +1,5 @@
 {modulesPath, ...}: {
  imports = [
    (modulesPath + "/virtualisation/xen-domU.nix")
    ./vmNetwork.nix
  ];
 }
--- a/nixos/roles/vmNetwork.nix
+++ b/nixos/roles/vmNetwork.nix
@ -1,46 +0,0 @@
 {
  lib,
  config,
  ...
 }: let
  inherit (lib) mapAttrsToList;
  inherit (lib.attrsets) foldAttrs concatMapAttrs;
  inherit (lib.asserts) assertMsg;
  inherit (lib.lists) filter last init;
  inherit (lib.strings) splitString toInt concatStringsSep;
  inherit (builtins) elem toString;
  hostmap = import ./hostmap.nix;
  myhostName = config.networking.hostName;
  # To turn the hostmap around suitable for networking.hosts the following simple code almost works
  # concatMapAttrs (hostname: ipData: { ${ipData.ipv4} = [hostname]; }) hostmap
  # but breaks as soon as we want to map two different names to the same ip.
  # So the code looks uglier than one would expect.
  globalhosts = foldAttrs (a: b: a ++ b) [] (mapAttrsToList (hostname: ipData: {${ipData.ipv4} = [hostname];}) hostmap);
  # We replace our own ip with 127.0.0.1 in /etc/hosts
  myhosts = concatMapAttrs (ip: hosts:
    if (elem myhostName hosts)
    # nixos maps the hostname to the loopback 127.0.0.2 by default, so we exclude it here.
    # there is also a default localhost to 127.0.0.1 in place
    then {"127.0.0.1" = filter (x: x != myhostName) hosts;}
    else {${ip} = hosts;})
  globalhosts;
  myIp = assert (assertMsg (hostmap ? ${myhostName}.ipv4) "${myhostName} has no ip configured in nixos/roles/hostmap.nix"); hostmap.${myhostName}.ipv4;
 in {
  networking = {
    hosts = myhosts;
    interfaces.enX0.ipv4.addresses = [
      {
        address = myIp;
        prefixLength = 16;
      }
    ];
    defaultGateway = let
      addr = splitString "." myIp;
      addrInit = init addr;
      addrLastInt = toString (toInt (last addr) + 127);
    in
      concatStringsSep "." (addrInit ++ [addrLastInt]);
    # https://www.hrz.tu-darmstadt.de/services/it_services/nameserver_dns/index.de.jsp
    nameservers = ["130.83.22.63" "130.83.22.60" "130.83.56.60"];
  };
 }
--- a/packages/alias-to-sieve/Cargo.lock
+++ b/packages/alias-to-sieve/Cargo.lock
@ -85,9 +85,9 @@ dependencies = [
 [[package]]
 name = "fqdn"
-version = "0.4.6"
+version = "0.4.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0f5d7f7b3eed2f771fc7f6fcb651f9560d7b0c483d75876082acb4649d266b3"
+checksum = "3e7cf4b6cb33615d9adab21d74fd820753c532ef7c15ff556e382abde22e4023"
 [[package]]
 name = "generic-array"
@ -101,15 +101,15 @@ dependencies = [
 [[package]]
 name = "libc"
-version = "0.2.171"
+version = "0.2.170"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
+checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828"
 [[package]]
 name = "log"
-version = "0.4.27"
+version = "0.4.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
+checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"
 [[package]]
 name = "memchr"
@ -119,15 +119,15 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 [[package]]
 name = "once_cell"
-version = "1.21.3"
+version = "1.20.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
 [[package]]
 name = "pest"
-version = "2.8.0"
+version = "2.7.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "198db74531d58c70a361c42201efde7e2591e976d518caf7662a47dc5720e7b6"
+checksum = "8b7cafe60d6cf8e62e1b9b2ea516a089c008945bb5a275416789e7db0bc199dc"
 dependencies = [
 "memchr",
 "thiserror",
@ -136,9 +136,9 @@ dependencies = [
 [[package]]
 name = "pest_derive"
-version = "2.8.0"
+version = "2.7.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d725d9cfd79e87dccc9341a2ef39d1b6f6353d68c4b33c177febbe1a402c97c5"
+checksum = "816518421cfc6887a0d62bf441b6ffb4536fcc926395a69e1a85852d4363f57e"
 dependencies = [
 "pest",
 "pest_generator",
@ -146,9 +146,9 @@ dependencies = [
 [[package]]
 name = "pest_generator"
-version = "2.8.0"
+version = "2.7.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db7d01726be8ab66ab32f9df467ae8b1148906685bbe75c82d1e65d7f5b3f841"
+checksum = "7d1396fd3a870fc7838768d171b4616d5c91f6cc25e377b673d714567d99377b"
 dependencies = [
 "pest",
 "pest_meta",
@ -159,9 +159,9 @@ dependencies = [
 [[package]]
 name = "pest_meta"
-version = "2.8.0"
+version = "2.7.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f9f832470494906d1fca5329f8ab5791cc60beb230c74815dff541cbd2b5ca0"
+checksum = "e1e58089ea25d717bfd31fb534e4f3afcc2cc569c70de3e239778991ea3b7dea"
 dependencies = [
 "once_cell",
 "pest",
@ -170,9 +170,9 @@ dependencies = [
 [[package]]
 name = "proc-macro2"
-version = "1.0.94"
+version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
+checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
 dependencies = [
 "unicode-ident",
 ]
@ -188,18 +188,18 @@ dependencies = [
 [[package]]
 name = "quote"
-version = "1.0.40"
+version = "1.0.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
+checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
 dependencies = [
 "proc-macro2",
 ]
 [[package]]
 name = "rustversion"
-version = "1.0.20"
+version = "1.0.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
+checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"
 [[package]]
 name = "sha2"
@ -214,9 +214,9 @@ dependencies = [
 [[package]]
 name = "syn"
-version = "2.0.100"
+version = "2.0.98"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
+checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
 dependencies = [
 "proc-macro2",
 "quote",
@ -225,18 +225,18 @@ dependencies = [
 [[package]]
 name = "thiserror"
-version = "2.0.12"
+version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
+checksum = "d452f284b73e6d76dd36758a0c8684b1d5be31f92b89d07fd5822175732206fc"
 dependencies = [
 "thiserror-impl",
 ]
 [[package]]
 name = "thiserror-impl"
-version = "2.0.12"
+version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
+checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2"
 dependencies = [
 "proc-macro2",
 "quote",
@ -257,9 +257,9 @@ checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971"
 [[package]]
 name = "unicode-ident"
-version = "1.0.18"
+version = "1.0.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
+checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe"
 [[package]]
 name = "version_check"
--- a/packages/alias-to-sieve/src/lib.rs
+++ b/packages/alias-to-sieve/src/lib.rs
@ -12,59 +12,29 @@ pub struct AliasFile {
    pub default_domain: FQDN,
 }
-#[derive(PartialEq, Eq, Clone, Debug)]
+#[derive(PartialEq, Eq, Clone)]
-pub struct AliasEmailAddress(EmailAddress);
+pub struct OrdEmailAddress(EmailAddress);
-impl AliasEmailAddress {
+impl PartialOrd for OrdEmailAddress {
    /// Create an `AliasEmailAddress` from some alias entry.
    /// Return parameter for complete mail addresses and append the default domain for local parts.
    pub fn new(
        alias_entry: &str,
        default_domain: &FQDN,
    ) -> Result<AliasEmailAddress, Box<dyn Error>> {
        let mut addr = alias_entry.trim().to_string();
        addr = addr.replace(',', "");
        // The domain already fails on instantiation of the FQDN type if it contains an apostrophe.
        if addr.contains('\'') {
            return Err(format!(
                "Mailaddress {addr} contains an apostrophe which breaks the script generation."
            )
            .into());
        }
        if addr.contains('@') {
            return Ok(AliasEmailAddress(
                EmailAddress::parse(&addr, None).ok_or::<Box<dyn Error>>(
                    String::from("Mailaddress {addr} not parsable.").into(),
                )?,
            ));
        }
        let unsortable_mail = EmailAddress::new(&addr, &default_domain.to_string(), None)?;
        Ok(AliasEmailAddress(unsortable_mail))
    }
 }
 impl PartialOrd for AliasEmailAddress {
    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
        Some(self.0.to_string().cmp(&other.0.to_string()))
    }
 }
-impl Ord for AliasEmailAddress {
+impl Ord for OrdEmailAddress {
    fn cmp(&self, other: &Self) -> Ordering {
        self.0.to_string().cmp(&other.0.to_string())
    }
 }
-pub type AliasMap = BTreeMap<AliasEmailAddress, Vec<AliasEmailAddress>>;
+pub type AliasMap = BTreeMap<OrdEmailAddress, Vec<OrdEmailAddress>>;
 /// Read a virtual alias file <https://www.postfix.org/virtual.5.html>
 /// and convert it to a map of destination addresses to a list of their final forwarding addresses.
 pub fn parse_alias_to_map(alias_files: Vec<AliasFile>) -> Result<AliasMap, Box<dyn Error>> {
    // File must exist in the current path
    let mut redirect_map: AliasMap = AliasMap::new();
-    let mut destinations: Vec<AliasEmailAddress> = Vec::new();
+    let mut destinations: Vec<OrdEmailAddress> = Vec::new();
    // Extract all pairs (destination to redirect addresses) from the alias files
    for alias_file in alias_files {
@ -78,23 +48,20 @@ pub fn parse_alias_to_map(alias_files: Vec<AliasFile>) -> Result<AliasMap, Box<d
                continue;
            }
-            let redirects: Vec<AliasEmailAddress> = line
+            let redirects: Vec<OrdEmailAddress> = line
                .split_at(line.find(char::is_whitespace).unwrap_or(0))
                .1
                .split(' ')
                .filter(|address| !address.trim().to_string().replace(',', "").is_empty())
-                .map(|addr| AliasEmailAddress::new(addr, &alias_file.default_domain))
+                .map(|addr| to_mailaddress(addr, &alias_file.default_domain))
                .collect::<Result<Vec<_>, _>>()?;
            if redirects.is_empty() {
                continue;
            }
-            destinations.push(AliasEmailAddress::new(
+            destinations.push(to_mailaddress(destination, &alias_file.default_domain)?);
                destination,
                &alias_file.default_domain,
            )?);
            redirect_map.insert(
-                AliasEmailAddress::new(destination, &alias_file.default_domain)?,
+                to_mailaddress(destination, &alias_file.default_domain)?,
                redirects,
            );
        }
@ -128,11 +95,29 @@ pub fn parse_alias_to_map(alias_files: Vec<AliasFile>) -> Result<AliasMap, Box<d
        }
    }
    if iterations == max_iterations {
-        return Err(format!("Possibly infinite recursion detected in parse_alias_map. Did not terminate after {max_iterations} rounds.").into());
+        return Err(String::from("Possibly infinite recursion detected in parse_alias_map. Did not terminate after {max_iterations} rounds.").into());
    }
    Ok(redirect_map)
 }
 /// Create an `OrdEmailAddress` from some alias entry.
 /// Return parameter for complete mail addresses and append the default domain for local parts.
 fn to_mailaddress(
    alias_entry: &str,
    default_domain: &FQDN,
 ) -> Result<OrdEmailAddress, Box<dyn Error>> {
    let mut addr = alias_entry.trim().to_string();
    addr = addr.replace(',', "");
    if addr.contains('@') {
        return Ok(OrdEmailAddress(
            EmailAddress::parse(&addr, None)
                .ok_or::<Box<dyn Error>>(String::from("Mailaddress {addr} not parsable.").into())?,
        ));
    }
    let unsortable_mail = EmailAddress::new(&addr, &default_domain.to_string(), None)?;
    Ok(OrdEmailAddress(unsortable_mail))
 }
 // The output is wrapped in a Result to allow matching on errors.
 // Returns an Iterator to the Reader of the lines of the file.
 pub fn read_lines<P>(filename: P) -> io::Result<io::Lines<io::BufReader<File>>>
@ -205,23 +190,6 @@ mod tests {
        assert!(result.is_err());
    }
    #[test]
    fn apostrophe_destination_detection() {
        let result = parse_alias_to_map(vec![AliasFile {
            content: read_lines("testdata/apostrophe_destination.aliases").unwrap(),
            default_domain: FQDN::from_str("example.com").unwrap(),
        }]);
        assert!(result.is_err());
    }
    #[test]
    fn apostrophe_redirect_detection() {
        let result = parse_alias_to_map(vec![AliasFile {
            content: read_lines("testdata/apostrophe_redirect.aliases").unwrap(),
            default_domain: FQDN::from_str("example.com").unwrap(),
        }]);
        assert!(result.is_err());
    }
    #[test]
    fn basic_parsing() {
        let result = parse_alias_to_map(vec![AliasFile {
--- a/packages/alias-to-sieve/testdata/apostrophe_destination.aliases
+++ b/packages/alias-to-sieve/testdata/apostrophe_destination.aliases
@ -1,2 +0,0 @@
 # Apostrophes are not allowed
 'orga me@example.com
--- a/packages/alias-to-sieve/testdata/apostrophe_redirect.aliases
+++ b/packages/alias-to-sieve/testdata/apostrophe_redirect.aliases
@ -1,2 +0,0 @@
 # Apostrophes are not allowed
 orga me@e'xample.com
Author	SHA1	Message	Date
Dennis Frieberg	cfa1d45b61	work in progress	2025-03-27 13:16:46 +01:00
Dennis Frieberg	74a64b6791	first notes	2025-03-27 13:09:14 +01:00
		`@ -1,2 +0,0 @@`
			`# Apostrophes are not allowed`
			`'orga me@example.com`
		`@ -1,2 +0,0 @@`
			`# Apostrophes are not allowed`
			`orga me@e'xample.com`