From d784d4eee4e262ecfcedfef62cef793aa26316a6 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Fri, 26 Apr 2024 02:43:52 -0400
Subject: [PATCH] Infini-OPTIPLEX: refactor nginx config and use acme certs

---
 hosts/Infini-OPTIPLEX/default.nix |  36 +++++++++-----------------
 hosts/Infini-OPTIPLEX/web.nix     |  21 +++++++++++++++
 modules/global/security.nix       |  10 +++++---
 secrets/cloudflare.age            |  41 ++++++++++++++++++++++++++++++
 secrets/default.nix               |   3 +--
 secrets/inx.moe.key.age           | Bin 2557 -> 0 bytes
 secrets/inx.moe.pem.age           | Bin 3414 -> 0 bytes
 secrets/secrets.nix               |   3 +--
 8 files changed, 83 insertions(+), 31 deletions(-)
 create mode 100644 hosts/Infini-OPTIPLEX/web.nix
 create mode 100644 secrets/cloudflare.age
 delete mode 100644 secrets/inx.moe.key.age
 delete mode 100644 secrets/inx.moe.pem.age

diff --git a/hosts/Infini-OPTIPLEX/default.nix b/hosts/Infini-OPTIPLEX/default.nix
index 898440e..4f1a69a 100644
--- a/hosts/Infini-OPTIPLEX/default.nix
+++ b/hosts/Infini-OPTIPLEX/default.nix
@@ -8,6 +8,7 @@
     ./thelounge.nix
     ./vaultwarden.nix
     ./jellyfin.nix
+    ./web.nix
   ];
 
   system.stateVersion = "23.05";
@@ -59,30 +60,17 @@
 
   services.fail2ban.enable = true;
 
-  services.nginx = {
-    enable = true;
+  services.nginx.enable = true;
 
-    virtualHosts =
-      let
-        cfg = config.services.nginx;
-        inherit (config.common.nginx) ssl ssl-optional;
-      in
-      {
-        "*.inx.moe" = ssl // {
-          globalRedirect = "inx.moe";
-        };
-        "blahaj.inx.moe" = ssl-optional // {
-          locations."/" = {
-            tryFiles = "/Blahaj.png =404";
-            root = ./static;
-          };
-        };
-        "nitter.inx.moe" = ssl // {
-          globalRedirect = "twitter.com";
-        };
-        "ponder.inx.moe" = ssl // {
-          locations."/".root = pkgs.ponder;
-        };
-      };
+  security.acme.certs."inx.moe" = {
+    group = "nginx";
+    extraDomainNames = [ "*.inx.moe" ];
+  };
+
+  services.nginx.virtualHosts."*.inx.moe" = {
+    useACMEHost = "inx.moe";
+    addSSL = true;
+    default = true;
+    globalRedirect = "inx.moe";
   };
 }
diff --git a/hosts/Infini-OPTIPLEX/web.nix b/hosts/Infini-OPTIPLEX/web.nix
new file mode 100644
index 0000000..70c99ef
--- /dev/null
+++ b/hosts/Infini-OPTIPLEX/web.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+let
+  inherit (config.common.nginx) ssl ssl-optional;
+in
+{
+  services.nginx.virtualHosts = {
+    "blahaj.inx.moe" = ssl-optional // {
+      locations."/" = {
+        tryFiles = "/Blahaj.png =404";
+        root = ./static;
+      };
+    };
+
+    "ponder.inx.moe" = ssl // {
+      locations."/".root = pkgs.ponder;
+    };
+    "nitter.inx.moe" = ssl // {
+      globalRedirect = "twitter.com";
+    };
+  };
+}
diff --git a/modules/global/security.nix b/modules/global/security.nix
index 77a1beb..c510d5f 100644
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@@ -8,7 +8,11 @@ with lib;
     '';
     acme = {
       acceptTerms = true;
-      defaults.email = "infinidoge@inx.moe";
+      defaults = {
+        email = "infinidoge@inx.moe";
+        dnsProvider = "cloudflare";
+        environmentFile = config.secrets.cloudflare;
+      };
     };
 
     pam.sshAgentAuth = {
@@ -87,8 +91,8 @@ with lib;
   common = {
     nginx = rec {
       ssl-cert = {
-        sslCertificate = config.secrets."inx.moe.pem";
-        sslCertificateKey = config.secrets."inx.moe.key";
+        enableACME = true;
+        acmeRoot = null;
       };
       ssl-optional = ssl-cert // {
         addSSL = true;
diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age
new file mode 100644
index 0000000..8b35a43
--- /dev/null
+++ b/secrets/cloudflare.age
@@ -0,0 +1,41 @@
+age-encryption.org/v1
+-> ssh-ed25519 sQ/0YA bdZLrpAhgDR1cGuqvtygU/g7qz44celBMfdgdKs5pVU
+u4MR7cphuJPrXxE4O4KxHKe5hA+yfpAIXCtLdFW4X7g
+-> ssh-ed25519 i9xGKA ApbIyzP1obW6xTIc3k2yCAzu7OS9GL06PFfq+7eWUBo
+4MLF/wXnyZKT5oW6w1KnyGs0CMpwRiF45uUPPeTipUk
+-> ssh-ed25519 ydxrGg 1wE5Lzoe2WFqd4b3U40eZKirZDZFplYcvDEQRK8ZaFY
+Fgb8zdH1nPhylAiZisJcCjhcXkFDiyvtjE1+9lHL2JY
+-> ssh-ed25519 gIJNbA nay7hM7gy/4ttHKSGFBX3M8Pgk0/mV7hQct1iYbFEVw
+rTsEOXxeS0uodDKl5umZWShsm1Wmix+yYSo1ClvVL/w
+-> ssh-ed25519 hjL/yw 0yvxOOCOp1ro1GhWIGI5FlAuwhzJGGjlGO2gIvT8508
+i5NhIa6RV92PCc2BkZc3IK3E3O9ijX9bAQE+r3wMvAk
+-> ssh-ed25519 fUfJ3w 7CoXChndV4w6ABTmurE/utz6YF/u5UJYRB24I+oJszc
+9Cjmu5lxhBvjrp9TUlLQv1D8kmSc/RrbDKU7BrbHqhA
+-> ssh-ed25519 GT2Stg f47FuTxMHH/276mt+ZPyxqy8EWAFjbmJuQ1c7+7v4ho
+AyaTVIjz6wYasq5jC25I04rELuzPxH1dd+toK0YcmWs
+-> ssh-ed25519 oAMyvg A163J4rwX4GpeRXsSAh6yPMGYwKbV1sFxV7+7hIFXlw
+1xCZcpxMa+paeetDRrBzUCt1IyUovqKrcy6yoy+I3hY
+-> ssh-ed25519 VIHjXg 2buiXKx7aS1wSKIVNGraweUR31yYLsVUTd26uHepElY
+SoXaUi1v3XoTWiNCVT6JXaJZ+p0gS6LSNiRiqNGK3wY
+-> ssh-ed25519 VEv3zg V+S6jInBcxRA2fwlxjhl7Bu0HqbNWi2EHS7d3v5dXH8
+t+3xDF/9B3lgD8pczmK/b9ElQnuPlWRPdQQkhkjNiuk
+-> ssh-ed25519 6ZS9Zw e/aOo/WXzxRY9CRh3IlkBeMr/tN/kgmX2DdsIXtcQXc
+4knjs6vhjd5anSGiVU8Xkw49pKTTh+mmUhQZx+Tm2ic
+-> ssh-ed25519 2S7Wcg DMp9L3D184vO4blhskKVWeqYBFxwRMPOgapcw+iGHFA
+o6v23rnOrDIKpTbk7bi2+GEsgD9NfGRgyRJrN8nlPuE
+-> ssh-ed25519 izZ3FQ +CqAN8J9OvdBdoz0AAoLSP81NPCp/iPxEzgelyz5zmo
+ynqnOYuKTqA6+FgqTzojd+UYyonU2c7obcVAkD/gZoY
+-> ssh-ed25519 GB2MZQ toUuXPu0EFlgHgnESSG4J0s/ChMoa82Zqkz1kwlkGCs
+z38Z4tTTjQw5840vkMuKQChHeKS3r6+9o0p+puB0Xck
+-> ssh-ed25519 FelIjw QtRURTihkW0eL6FPar1Q6Y76xFj67kMCEUr5XQ1Usww
+Gak8ABMc44e+YEVPgmlaGEhGWABChtZI2YwK2oug5t8
+-> ssh-ed25519 TRpHkw ilJeOrPo7n/iM/XgN2sD24n/o8fneML+GJVMFVNOuBQ
+Ew/321uCIjFYoribgxExiJFJLrDv/fF+Kks3zQc527M
+-> ssh-ed25519 rKpRzQ hLsDhwmTjPa1jiLEtzh96bZBN3FJtr+YsiYGqQmtknQ
+BFOzDQntC7GMV76gIP+gVaOn4SdLqstvk5JpbPz2Zgc
+-> ssh-ed25519 8/Dzqw VEwMGvZBHXWmdRtpZLC2W3DlqjMl5ijLNPp0SgXiPz0
+kj/pFxZmhLsuBR3IkXXRzVx2XiGvIF8W1McWe8EQ+5c
+-> ssh-ed25519 tJyugw lqgZqyfXbFz5YtethmfvQF22KBze5lVBS14M05Q2DlE
+jU7DD9p8XyNiLLtDocAJv1pUd8WwJCRsF0e/FjmfRXg
+--- qMZs4WoAlwA3d4LeyqTZfMxSDDWagtEn0HtVUiZ2fJI
+„¨w«äÝòÕW×'Õ–e°)‡Ž"uÛ¢øæƒ0¶˜ËdV%‹š1ì^±yµ?ó<©V}ö(Øå,ê&¯€¾huš6µTñ˜RáÌì‚W2Ðø¯þøú¿«�Ú|êl›Òz¤+µMõsÜö4ŠDYãõ±î€„Ü/ÚS˜>§«¬ 2X&°’÷×› hÚ$h>™d‡qöV{:~‰˜}éUæ
\ No newline at end of file
diff --git a/secrets/default.nix b/secrets/default.nix
index 2105d2d..6e195a4 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -33,8 +33,7 @@ in
         "borg-password" = secrets."borg-password" // { group = "borg"; mode = "440";};
       }
       (mkIf config.services.nginx.enable {
-        "inx.moe.pem" = withOwnerGroup "nginx" secrets."inx.moe.pem";
-        "inx.moe.key" = withOwnerGroup "nginx" secrets."inx.moe.key";
+        inherit (secrets) "cloudflare";
       })
       (mkIf config.services.vaultwarden.enable {
         "vaultwarden" = withOwnerGroup "vaultwarden" secrets."vaultwarden";
diff --git a/secrets/inx.moe.key.age b/secrets/inx.moe.key.age
deleted file mode 100644
index de86c448d3180cc6acf4cb7be688f640a42d02fa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2557
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4%9b@bW{lTFwf0)
zE~s=YEiN#~jx2M_GB*p<4~Z;|Of1TAGIZDXGzc)ycXZA7Nayk>E{!Y?$kx|4wk!?t
z*3V51wJ<7o&D9R`H_Ql6$*at*O!hJfaSIBnG(fj4)3U<d+fkw1v#2;q+cV#|*gPUR
zJjb9c+~38rG*3G_ys{|D+rlX-(IP0!)H1}=u$U{@z&*GiR6D}O%{R)oz#uiOI5OSE
z$vw}!JUOYP*gPqq$~~m2&?KoSqa59~%9M&C_jCon(oC1ch^(~8lAvO@VDHNG%7Tb&
z)3Th(Fvs+8i_*{{pHjcDf^<)#+;lFNWTyz{i2RJ4^2!456z}}<bmvTO<MPa$e8WV;
zs8S<u&yXN*_pqSsqEK|((mlQWk{lI0Qlng>GE346Q=RlvJPW+j+{;YT%)>n@^NPF;
zy<PkZyi>BWjI#B!bCS9A1DyTLGcEjrodZ1$0`p8OQr$Alwf&>=f-5YYvoZr6jia<J
zwA1oTv-8ny%gFN4uPj%{jH)n=G&K&l$T0HB@O8Cxw={9i$w^HL&-cv>&4_R>FwfI=
z38^YI%q!=rNG}f#v?$HaH?Ir~w(yM%EAh$kt+Wg)Oo=peE-y0oD{u>}Oe!_>Hcm&k
zEiE+7%eY*@)X*@;qRP40F*qVUEionB*V4l@BP%(upej2s&C4getjy2A*V4Z{*w}z8
zAT-!4*vQ<d%&o%PCn8e2JkT^dC^f*Mz%kp~+bp!qEhxpPGQZN_Ex;GuHun&t;F5HO
z@_bYO%5vwVB&WP6<D5z-Bd5%aLX%um=k&15Y}W#}V(r|@p!9OD>?~g{_d<_kv$QM|
z?V#+W3XhO7Q}4W@jL?Emv%q3A7cbwc@}y7`*F4999A}J>%y;yyEK65NHz_eTE^<wY
z3M!3=C=V$Q4e;~Pu5=5us0@sZO3u&ou}m^8C@)O$aZcw-&M;52OgAqK%Qe(5$@VS|
zj7s%%k1BC4FLv@N4G1gqaY@PW%rNxMa>Vdkn5RcpM7ly?u5Un~cCJ@aL9kzjOJI3X
zj=oE9hFf-lSxLH=cSNayc0`qBWV)G&lPg!av9Vu<V`*|gXrPH-d7-;UX|b7yp{KEL
zma}<;L7;JPg;9xRxkZ?Tk0W|WhPjp*SEVad<eHdd2byG-`cxTNqyz*wIVP35np>pm
zyJZDi_!gF1WSZr;Te_rs=DBhi7I^qXlpE$dTNe9-8fNQ<<U|zvn7f4+_@)@78D-~1
zRccqHN2OMoc}Ak!W)>A}8C9-Ok>zRZpB|d0uOA$kR2kx9Zk!q9TasE}nUoqH;g?*T
zoM~xn7Mc-NSz*8x5uBgvA5s=+Y@QwHnQ5+VZdu@J>|7XWYLVxro$Qq37L;!4neS@g
zmtui#n^CZNcyhXeQ%;$sdrpd3Xt8rnu0>*=ho@_Zds?2GUs8#gXMRz3mak)Ig>i|S
ziID|YRf&0?QCUc6u!VC(j-O9?c~*{vf3SIJxPHD_RGD|KwqL1vgin=MYDFNrZJAY3
z#%_TMfrZWnnaQrDWqy?rVR<=4mPMtG!IfTx!6v3r#rheQUfRa_!S22xPPyq^j;U^z
zB?kJrIc3@fK~;_>Mj_hiQRdkmX-T0u<-P{~j%F5Ssg)&`=@!Z8wz)eQ`9=jQXh&ul
zmK#)h`Gu618wZC+8b(GsnwwYUR(X^ZxR@sS1{8!j=6Z!2RF;=>nRu4?TLydPBvn}k
zdj%TmXGR*N8>G2g1ZHIVq#9Z}YI~*l7ggkxoA_gtlWwUwo>}Dz;o1=a#wN~%u4aZM
z+2K{erM`ZCW!a@}MQQ1Y$>mO=DS>6$RX&-fhR*q18NTIS?jdE~;o7c6xqcbursl!M
zDen2nh5;4EMY*0)Rf#SI6*<1e`Gy!dAS9^3BfDI|EXUZwML)+iG1M^6IM*=9(mb>%
z*(cqj(%dM-$WOl@-7MEHB+sYHB_p3JG%L^1B*i_cwAjO}DAYg8G$Jp+)G5R*DA>R(
zq%_#kKgh(q+$}%RJqRNQ6nPf}RRt=zmIak1`Z`xsl=~DWCFU5r`er6NB^DVay9X8&
z8M<aVR%8|wCps2|g$8nId*)UaMU^EQWoBqc<W#z*_<8ATTP7BHyA(LPlsg%OxcWP~
zhnQ4(xnbC5q3=>vSgw#=keFne?dTX`<W{QhoMC31U#4G~ZETbqn3|NHT$Ji(Y!YDX
z<D8WgQOp(Y>15=s9g<@Zo{>?i@2u@xnjNB_>1I)An&A_b?V9E37-Sw1l$H?{icxZv
zcvY6Bmn#_in1<yRCS?>?=$B{*W;kb9WaecThZ$NV21L4t6&kyRM-~RUlv!qFWOD^)
z82hA~SwtmUI3;<emst8nSVTHTIcdANXCzmamb*uk8&?E-o2OYuWrNbBQ@BNhZhBE_
zVsWa1ahY{!nJHIDMNVmMPN+d}c(9|lOM!=%g_)6awsv-?XGn5DM0l8wqoaXWsZW8a
zzH6CLc4?WvS5QH2rekTYQ*yG4qpvHMMP+$FSWtdqg^5{mfO$q%c!hg}TV#-TUU*=!
zL70AqPgPzRm#(g^LV7?+uw|;5Ye8zBzp-{ynRZcycXF0@hQF_&yL+;MuTiQ`QIe5I
zqDOK$*D0myEBh3x9^K!g(6_`&<91`*&w^U3N&cA!&Z#Y0d*;HkW7f-Vix*BTJ<Fhd
z@MwB~`+xI34&8&R-zM2dit{X<YPu)U?WRLZ`hoLuO19>QPNttYTUTqoJl=x;hV548
zFD;I*#Ql9f7kj2EvY78V?lI-t7X7ok)<$Y31aq@<Uptgr)a^3!fTkDAyH{qCokFpd
znG;KYZD-49`nuw0ABR+>-Z3qmzYN<OU2hAqK3lH*xJ5r{$@-l$Z-?b?Up>QUZj0;Y
z%?s~W`}Ayl{q)t%8RtU-Z(H!+4xU%;|NB;9{Pi^FleWL!Du+$*ov)j6hneNt=J?2m
lOImrKX`eN{Ghy2MhAU-u+V}Gh+&&&0qaY@GFLL#pNC2<}Uxxqy

diff --git a/secrets/inx.moe.pem.age b/secrets/inx.moe.pem.age
deleted file mode 100644
index df668dfb9f6f0490baf5716772ad1eacab06b52f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3414
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4%9b@bW{i{GdIid
ziOlgZ4Rc8>&+;fK^RTQ8DJ;lvG<V6!&JM^iGk4WCEl-Q62<5UcPYo^$4G79I%1IA$
zHgGi0PINTN&&{atGY%}S$WG6Q$~X1)HFPR8ibS_9)3U<d+fgAxJ0~(FsM6BgTR+dF
zJl)ID-8?ZWJUyzS#MLy*F(4|}%v?LlATlU5G?FVlxTqqc+`}NrB{SUJJHpk|H^exy
zG~B}9qAVjREjY&_uhJv9IM5?CDIMLm%9M&C_jHBObjR%AOgFEHfJ#IEGB>9rlhhmw
zi%es;sC;d|!r~~ysH9T=(yWM#@^UWc3WF$@qD&Wys#G5n?J$?D$jssbW7E*U0+(>l
z(A@Np$S_l%!hGlQ#6Wc0(mlQWk{lJBgDQd|lKj0>z1;oN9m`FUle1ETEL=QtlGDo5
zLkj|ek`rCh^3$A*(tWwyoP7+F^wSeF{mZhV3{#5@f{K#TTvIb5tBT59N&}-popLja
zeH`<ABFfQi%gFN4uPj%{_bDkeG%xipuFP@tF$vBrit?$*@h_~(iwt%)vMBLMw#*I;
zaVbbo3o_txPfYSHH;5=ncGotn3`)1qcaBI*smO{9Ds!*0G|e_JEHHCPHVp|gEXD}Q
zw9qs!<8lRy%)%`Fpy1Hd{3QLd?BJpbx1c~zR}+s6cjKtSaOWs(U!N3HXKhQf+(@p#
z{EW~DM{^hd6nDdtD#KKR<m>>;QWsC}boa!9$jZEmtPHav(+dAGKa5o39%2++lCEH8
z;aZ???vb7s;cjB?UlQdS5uTW2s9ju|=Tl|w8<F9Z7i{Y3RAyF|S<IE=;o?&0=vt8%
zl4BSYmY!kgVOrslt({*`U~FDgR*`ODk?Ck*9uW}iW`Q1(`HsGoW$6lD=8?XYE(Q^~
z+Fog%83x%=iDjjx=9W1r2C1c4E@s)~5hdE$d7=77PRU$8sa5(WW(7WF=EeS59)5ul
zLB`<`p(&<i{sjf*0pU&|8D7PnUSVNA<|gR2g?V~pMWic~yLx(*dj=FZ8k80k=cWaO
zTa@|-Ci<D>IOYfYl$3dSq-49LyLhFRIt6m&Iwuwxgk~D~<heS!MClhs6=WKjRhk<Z
z1s7x{r5ZZAyJzHQcp12qTVljpm}{AFRk}iPM7f!3X|jHlzd?zwi<6g=d9HRuV0fOX
zXL^=_ce#nTg->L<OHg8}dmvX{y1Qwbhi_SFh(&q0kBMhwa-Nw<mb+zDT9Bbfo=JLW
zm8-M1ez|_2S2DWa%%XxVqskQw1M)M9OT7vzid@rjQynvk!cttEN)pRF%tOMQBAiQ;
zs$6}F^#lDAT>`lhLz7+7EfSML@_izWBU4=5j6>40%>A@IQc|)q!#(`mJ-pH#!^2au
zwJ~ylQLuS<a=JpWiEmaxer1_{Nw8ybNl<B;SGku*j%#UlSwVPmgsF36p;K^RnoEv<
za50yAftk69p|M|9Raj6_c1nQ0d%jnxVWvw?aHe);N?BxDs8>*0Zj^I@cQLx(GOMDD
z-2xR#l5;I8Q;b~-!a@r(vwYIRLwv&Y&5R@SU3^M?T+367BO)u3(#*5MBa*q&)2os*
z1I)5RO)JBTg44~)eACU7$}Rj24U(NpjElo7U31(j0$sGr%`tO;laX&!pn|buZh=#Y
zenyZ<Notw4e^7RMR+UevvuARsZ&t2Zp?Q!;uxX@+e_3&kFPBecrg3s!q;Z5>X>O=?
zqPK;6PD*5QN@$6TMYu<{qeWzDl5bQ}Ws0^xMh<XG&GF1CS176|cgZTwE{w|5PmZe0
zcC1Kob#yE(3O3Wv4~>ejh$@H-4bjfePE5_s=km;|NOQCZtSt5n$a1U<aV+&T3QYGX
zOLcS)G}8_$v(zszbt&~WPY%%zMGwi4paPHVas{_k|Du#IkCcFNk3`3E?{I%tv!qma
zzx;{_|MK(z!`zI((1Id2)4)(;N3M!gbN4hCm!LwgBGV8TFQ2gV%1p!LU=I&{->9OL
z%oKyD41*xADzlJmjCd>ZE(od$RH)1h^e;$E_f7XSHVk$1ODgg=aIP}-@HTZ0%t-Rj
zNJ<Xz_pI<L%{Hq_=F0I6H8-g6GH^_C4=^u_GAm3gaB&Y#3o*^hii*hfuBs}^_e?W!
z4|Mm%$Zr<<E>(r)3Px##q56Kg2Ch*CK~a$r7J=H{E-6Ny5$XErF5c!YfkhP_kx?Fo
z74B}?Tn5Je#U827rBR7S1^y|8uD<1|ZXwxWCcc?@o@tdSNm(hu-c=^<C5e_8Wl4!w
zWodf3LT;(4OF^Z7NMd1%x0jJix@T&#en?nGc%G}JTUfDokePNtcAB?&Mns?imqkEY
zV3L!&S!7PCqf3Bxn7@%xfu)C~acG{Ci<fUeS!Q6FNmYTRr;olPDBh|aD|OS0QWJ|)
zx%@rT%zTZ?3<8r~{7Or_0*y@*JxWs2D~b!!1C7&y3PXdmwJVIn{Q^@wjm;trTwPMb
zA_E<>9DThk@{MyXQn?bNk}ZoJEx2@bbrsSaoumBBb0Z7ga+5uB9g}_aeWI#7yow5<
ze7$}2^L#3Ud_p5i%(F_fEV!QEvyPWcOtRP~W?XqsA}k|6I>>PP4O<V(W!6Ub1d}&<
zx*Lgw{|$8La_AAYZDsm?GqYiRZ)`*HHd(QS1;=B~8*m4HKV$LfzsuFHu@c{_@(O#8
ze3hU7u36vnp2(HNtzX_veEF(pMU=q8gIC|Adw(vB)4Y(h{K}LE&4F98XNAw~KatP9
z=XUb}BlF-HNBVipmL9$x+;Txa=(@Y~;|Pbqk1?#CqVGA?mH!|1R<78)RWHn=eDnO%
zKd$~zpE2R;sqeg|FLK`>_STsgVilCQcFMjTmt$SuZsU~Uv3q#vQY5Q+rjEsF)n#ig
z+_m^Lw}t6Z%L9|8m(nB3v#TszQtk`8Up)NEz295={w2<LN?9*uCSSFA&|AZ_s>fX{
zhjDhCY^40A-J%@1H*B9RJzC3qR9VF{S$l@=rOO-jZGIm3&h(tQ!#a_-!1=PT*IPdq
zVc$jD5>)HEm?v+Hycb<!?7D30S+8o3%6{`F?uvZ3?-if<v_@%(|IPy`8-y&v^c-e+
zit6(?*(QtgNB?YStv;@t?#udt|8*HtWg|mv=gT0gt(uD(_h-j7m5M!NojBwDGASNe
z*4&xLbETssnG{Yj{*m{8d7fFsMe5V4m-dD+CH9%Kw;%R-rJl8Oam}CCW-Xdwn(84^
z($~}Se@^)CoHTPq|C`lqozGw2zICTtSU05mc4Y>$OjXZT;q|H~4xZC|eY-At(V?6F
z-ODAEpB>)XTkNxT&bgM%g)hac);x4$H<Im}&QsSC@WbZ*)q{SVt-s2gB(k}q6gKQC
zPCIhr%KC_9PxEU(s7fikJY}}1S|E(~@JAmu74cjn$1lyI=htf{r^ja3ZFEWNFk&i`
zcyNICoyxPcz1y^d1YS&Mh}bztVX4>AnI^GI9faN`+P?A5P&lFD7Ww{l?PtzMzjuB3
zykue>`|K&Eu{_?|8cpK9CDHz|M=tJ&I`G;i;DpnZ{Ty4O&i8mt(L8<V+=cJ0uMWRD
z^uk-*@|Vhb=IDE`Kb+9nzLmwo<TUFUM^lIA-UkkNu9nc|jmfUBEv_<~oyqRrEB0iy
z>-#yDUxfQIUo&P;Ecjo!`|D1BUG03;#w&@Ono?7kX5=h=_3K#W=Ki1aXW#q4Ia^TZ
z+?A^_T8xvYyYT!wR#Uzvbiu9Sw;LvCY*<kpUv}2HySnV?4zo$DDm=yE9y9cr9~`<6
zugbQnN;6NX;>@<+r+8a;RefG_^>%`_VE(iHSyG${2d}Sh{wAH%cWz3C@e{>+`wH(a
zc--%mXS+__<jg(2qc8j>t^24s;og$H3dO5A_cE9EEz|n`tfxdYd!Oxt_3tL6<<0v2
zQu=Ded#>8AR&|^EJd^WRvC4VfKeDo3d77oS$)j~z#=$=&_peyLz98stnBS4Fi87tD
zETd1xR|{A^V><KCJ8q7B<n6PI`W7bhEm3sIu06d~QtgW4so#f{z6brA{6YH0iMV}x
zW_~X|8nyT{^QqfWlE*K)-raCN`{5s!kS!tZGP4rZ9<UT_&iv%tJ<IsR+NfunIM^qw
zRmqU~c~!nNuJia3w+m;ww_BZi_3ZY!*pl|d*pJC4mrwiS^65&Ia^qPMb(b#+JcUI7
DDgO<*

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 34c8636..d1a1839 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -27,10 +27,9 @@ in
   "infinidoge-password.age".publicKeys = allKeys;
   "root-password.age".publicKeys = allKeys;
   "binary-cache-private-key.age".publicKeys = allKeys;
-  "inx.moe.pem.age".publicKeys = allKeys;
-  "inx.moe.key.age".publicKeys = allKeys;
   "vaultwarden.age".publicKeys = allKeys;
   "freshrss.age".publicKeys = allKeys;
   "borg-password.age".publicKeys = allKeys;
   "borg-ssh-key.age".publicKeys = allKeys;
+  "cloudflare.age".publicKeys = allKeys;
 }