diff --git a/.sops.yaml b/.sops.yaml
index 52f4dee..7314a89 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -7,10 +7,13 @@ keys:
     - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
   - &hosts
     - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
-    - &summers age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl
+    - &summers age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
     - &belchsfactory age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
+    - &dgx age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
     - &eagleland age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
     - &hintbooth age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+    - &hintbooth-adguardhome age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+    - &hintbooth-nginx age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
     - &liliputsteps age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
     - &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
     - &pyramid age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
@@ -18,9 +21,6 @@ keys:
     - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
     - &twothreetunnel age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
     - &winters age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
-    - &dgx age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
-    - &hintbooth-adguardhome age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
-    - &hintbooth-nginx age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
 creation_rules:
   - path_regex: secrets/repo/[^/]+\.(yaml|json|env|ini|enc)$
     key_groups:
@@ -56,6 +56,7 @@ creation_rules:
       - *swarsel
       age:
       - *twothreetunnel
+      - *summers
       - *eagleland
       - *hintbooth-nginx
 
@@ -152,6 +153,146 @@ creation_rules:
       - *hintbooth
       - *hintbooth-nginx
 
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/ankisync/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/atuin/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/audio/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/firefly/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/forgejo/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/freshrss/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/homebox/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/immich/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/jellyfin/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/kanidm/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/kavita/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/koillection/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/matrix/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/monitoring/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/nextcloud/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/paperless/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/postgresql/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/radicale/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/storage/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
+  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/transmission/[^/]+\.(yaml|json|env|ini|enc)$
+    key_groups:
+    - pgp:
+      - *swarsel
+      age:
+      - *summers
+
   - path_regex: hosts/darwin/x86_64-darwin/nbm-imba-166/secrets/[^/]+\.(yaml|json|env|ini|enc)$
     key_groups:
     - pgp:
diff --git a/SwarselSystems.org b/SwarselSystems.org
index 5902178..0b0e101 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -1,15 +1,17 @@
 #+title: SwarselSystems: NixOS + Emacs Configuration
-#+PROPERTY: header-args:emacs-lisp :tangle files/emacs/init.el :mkdirp yes
-#+PROPERTY: header-args:nix :mkdirp yes
-#+PROPERTY: header-args:nix-ts :mkdirp yes
-#+PROPERTY: header-args:shell :mkdirp yes
 #+EXPORT_FILE_NAME: site/index.html
-#+OPTIONS: toc:6 author:nil creator:nil timestamp:nil validate:nil html-postamble:nil html-preamble:nil broken-links:mark
 #+HTML_HEAD: <link rel="stylesheet" href="style.css">
-#+macro: revision-date (eval (format-time-string "%F %T %z"))
-#+macro: count-words (eval (count-words (point-min) (point-max)))
-#+macro: count-lines (eval (count-lines (point-min) (point-max)))
-#+macro: NOTE (eval "This file has {{{count-words}}} words spanning {{{count-lines}}} lines and was last revised on {{{revision-date}}}.")
+#+OPTIONS: toc:6 author:nil creator:nil timestamp:nil validate:nil html-postamble:nil html-preamble:nil broken-links:mark
+#+PROPERTY: header-args:config :eval never-export
+#+PROPERTY: header-args:css :eval never-export
+#+PROPERTY: header-args:emacs-lisp :tangle files/emacs/init.el :mkdirp yes :eval never-export
+#+PROPERTY: header-args:markdown :eval never-export
+#+PROPERTY: header-args:nix-ts :mkdirp yes :eval never-export
+#+PROPERTY: header-args:shell :mkdirp yes :eval never-export
+#+MACRO: revision-date (eval (format-time-string "%F %T %z"))
+#+MACRO: count-words (eval (count-words (point-min) (point-max)))
+#+MACRO: count-lines (eval (count-lines (point-min) (point-max)))
+#+MACRO: NOTE (eval "This file has {{{count-words}}} words spanning {{{count-lines}}} lines and was last revised on {{{revision-date}}}.")
 
 *{{{NOTE(If you can see this, you might want to switch to [[https://swarsel.github.io/.dotfiles/][the hmtl version of this document]] in order to have working links and other QoL functions while reading this file.)}}}*
 
@@ -472,9 +474,9 @@ The nix language supports the following types and how they look in the wild:
     - these hold name value pairs, e.g. ={ a = 3; }=
     - a "chain" of attributes, separated by dots, is called an =attribute path=, e.g. =config.environment.systemPackages=
       - in such a chain, all attributes but the last will be =attribute sets=
-      - =config.environment.systemPackages= is equivalent to  ~config = { environment = { systemPackages = <some list>; }; };~
+      - =config.environment.systemPackages= is equivalent to  =config = { environment = { systemPackages = <some list>; }; };=
   - lists: [ ]
-    - these hold values, e.g. =[ { a == 3; } ]=. In this example, the list holds a single value, that is, the attribute set ={ a = 3; }=.
+    - these hold values, e.g. =[ { a = 3; } ]=. In this example, the list holds a single value, that is, the attribute set ={ a = 3; }=.
   - functions: =arg: body=
     - =arg= can be any of these data types, including functions
       - when =arg= is an attribute set, some special things apply:
@@ -504,7 +506,7 @@ Calling by using a default value:
 
 Not passing =age= errors out:
 
-#+begin_src bash :tangle no :exports both :results output
+#+begin_src bash :tangle no :exports both :results discard :eval never-export
   swarsel-instantiate 'let f = {name ? "Default", age }: "${name} is ${age} years old"; in f { }'
 #+end_src
 
@@ -520,12 +522,11 @@ error:
        at «string»:1:44:
             1| let lib = import <nixpkgs/lib>; in let f = {name ? "Default", age }: "${name} is ${age} years old"; in f { }
              |                                            ^
-[ Babel evaluation exited with code 1 ]
 #+end_example
 
 Passing a superfluous =another= errors out:
 
-#+begin_src bash :tangle no :exports both :results output
+#+begin_src bash :tangle no :exports both :results discard :eval never-export
   swarsel-instantiate 'let f = {name ? "Default", age }: "${name} is ${age} years old"; in f { age = "2"; another = "0"; }'
 #+end_src
 
@@ -541,7 +542,6 @@ error:
        at «string»:1:44:
             1| let lib = import <nixpkgs/lib>; in let f = {name ? "Default", age }: "${name} is ${age} years old"; in f { age = "2"; another = "0"; }
              |                                            ^
-[ Babel evaluation exited with code 1 ]
 #+end_example
 
 
@@ -589,7 +589,7 @@ This looks cumberesome on first sight, but is for example useful when referencin
     - this adds all attributes of the enclosing attribute
     - the following will error out:
 
-#+begin_src bash :tangle no :exports both :results output
+#+begin_src bash :tangle no :exports both :results discard :eval never-export
   swarsel-instantiate '
     {
       a = true;
@@ -605,7 +605,6 @@ This looks cumberesome on first sight, but is for example useful when referencin
 :             4|     b = a;
 :              |         ^
 :             5|   }
-: [ Babel evaluation exited with code 1 ]
 
     - however, =rec= makes =a= available to the scope (also note that the order of expressions does /not/ matter):
 
@@ -625,7 +624,7 @@ This looks cumberesome on first sight, but is for example useful when referencin
     - this adds the passed set to the lexical scope of the enclosing expression:
     - the following will error out:
 
-#+begin_src bash :tangle no :exports both :results output
+#+begin_src bash :tangle no :exports both :results discard :eval never-export
     swarsel-instantiate '
       let
         functions = {
@@ -643,7 +642,6 @@ This looks cumberesome on first sight, but is for example useful when referencin
 :             7|     print "ok"
 :              |     ^
 :             8|
-: [ Babel evaluation exited with code 1 ]
 
     - using =with= will make it work:
 
@@ -713,7 +711,7 @@ This looks cumberesome on first sight, but is for example useful when referencin
 
 but:
 
-#+begin_src bash :tangle no :exports both :results output
+#+begin_src bash :tangle no :exports both :results discard :eval never-export
   swarsel-instantiate '
     builtins.toString -1
   '
@@ -732,7 +730,6 @@ error:
        … while evaluating the first argument of the subtraction
 
        error: expected an integer but found the built-in function 'toString': «primop toString»
-[ Babel evaluation exited with code 1 ]
 #+end_example
 
     - Logical operators (=!=, ====, =!==, =<=, =>=, =>==, =<==, =&&=, =||=)
@@ -1632,6 +1629,8 @@ A short overview over each input and what it does:
   The hydra module already exists in nixpkgs - however, because, I am also using [[https://github.com/shlevy/nix-plugins][nix-plugins]], I need to build all tools that are using nix against a specific nix version (this is also why I pull in =nix-eval-jobs= as a flake input).
 - [[https://github.com/thelegy/nixos-nftables-firewall][nixos-nftables-firewall]]
   This flake introduces a module that allows for more structurized nftables config.
+- [[#h:c88d569e-70c4-4dd6-a959-be649fdeaa71][topologyPrivate]]
+  This input per default provides a simple output =topologyPrivate = false;=. This is the value that is normally used in the config. When I export my setup to a topology diagram, there are some public IPs and domains that I want to obfuscate. When doing that, I can then override this input.
 
 #+begin_src nix :noweb yes :tangle flake.nix
   {
@@ -1712,6 +1711,7 @@ A short overview over each input and what it does:
       nix-minecraft.url = "github:Infinidoge/nix-minecraft";
       simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
       nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
+      topologyPrivate.url = "./files/topology/public";
     };
 
     outputs =
@@ -2081,6 +2081,7 @@ Similar to [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]], we agai
                 inherit (pkgs) lib;
                 inherit (self.outputs) nodes;
                 inherit inputs;
+                inherit (inputs.topologyPrivate) topologyPrivate;
               };
               modules = [
                 ../modules/nixos/common/globals.nix
@@ -2176,7 +2177,7 @@ The rest of the functions are used to build full NixOS systems as well as halfCo
             specialArgs = {
               inherit inputs outputs self minimal homeLib configName arch;
               inherit (config.pkgs.${arch}) lib;
-              inherit (config) nodes;
+              inherit (config) nodes topologyPrivate;
               globals = config.globals.${arch};
               type = "nixos";
               withHomeManager = true;
@@ -2238,7 +2239,7 @@ The rest of the functions are used to build full NixOS systems as well as halfCo
           inputs.nix-darwin.lib.darwinSystem {
             specialArgs = {
               inherit inputs lib outputs self minimal configName;
-              inherit (config) nodes;
+              inherit (config) nodes topologyPrivate;
               withHomeManager = true;
               globals = config.globals.${arch};
             };
@@ -2275,7 +2276,7 @@ The rest of the functions are used to build full NixOS systems as well as halfCo
             inherit pkgs;
             extraSpecialArgs = {
               inherit inputs lib outputs self configName arch type;
-              inherit (config) nodes;
+              inherit (config) nodes topologyPrivate;
               globals = config.globals.${arch};
               minimal = false;
             };
@@ -2362,6 +2363,8 @@ The rest of the functions are used to build full NixOS systems as well as halfCo
         nodes = config.nixosConfigurations
           // config.darwinConfigurations
           // config.guestConfigurations;
+
+        "@" = lib.mapAttrs (_: v: v.config.system.build.toplevel) config.nodes;
       };
   }
 #+end_src
@@ -2512,21 +2515,25 @@ Another note concerning [[https://flake.parts/][flake-parts]]:
                     # trunk
                     [ "eth1" ]
                     # devices
-                    [ "eth2" ]
+                    [ "eth2" "eth5" "eth6" ]
                     # home
                     [ "eth3" "eth8" ]
                     # guests
-                    [ "eth4" "eth5" "eth6" "eth7" ]
+                    [ "eth4" "eth7" ]
                   ];
                   interfaces = {
                     eth2 = { network = lib.mkForce "devices"; };
                     eth3 = { network = lib.mkForce "home"; };
+                    eth5 = { network = lib.mkForce "devices"; };
+                    eth6 = { network = lib.mkForce "devices"; };
                     eth7 = { network = lib.mkForce "guests"; };
                     eth8 = { network = lib.mkForce "home"; };
                   };
                   connections = {
                     eth2 = mkConnection "nswitch" "eth1";
                     eth3 = mkConnection "bakery" "eth1";
+                    eth5 = mkConnection "ps4" "eth1";
+                    eth6 = mkConnection "ender3" "eth1";
                     eth7 = mkConnection "pc" "eth1";
                     eth8 = mkConnection "pyramid" "eth1";
                   };
@@ -2554,11 +2561,29 @@ Another note concerning [[https://flake.parts/][flake-parts]]:
                 };
 
                 nswitch = mkDevice "Nintendo Switch" {
-                  info = "Nintendo Switch";
+                  info = "Atmosphère 1.3.2 @ FW 19.0.1";
                   image = "${self}/files/topology-images/nintendo-switch.png";
                   interfaces.eth1 = { };
                 };
 
+                ps4 = mkDevice "PlayStation 4" {
+                  info = "GoldHEN @ FW 5.05";
+                  image = "${self}/files/topology-images/ps4.png";
+                  interfaces.eth1 = { };
+                };
+
+                ender3 = mkDevice "Ender 3" {
+                  info = "SKR V1.3, TMC2209 (Dual), TFT35";
+                  image = "${self}/files/topology-images/ender3.png";
+                  interfaces.eth1 = { };
+                  services = {
+                    octoprint = {
+                      name = "OctoPrint";
+                      icon = "${self}/files/topology-images/octoprint.png";
+                    };
+                  };
+                };
+
                 magicant = mkDevice "magicant" {
                   icon = "${self}/files/topology-images/phone.png";
                   info = "Samsung Z Flip 6";
@@ -4183,7 +4208,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :CUSTOM_ID: h:0fdefb4f-ce53-4caf-89ed-5d79646f70f0
 :END:
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/hardware-configuration.nix
-  { config, lib, modulesPath, ... }:
+  { lib, modulesPath, ... }:
 
   {
     imports =
@@ -4198,7 +4223,7 @@ This is my main server that I run at home. It handles most tasks that require bi
       extraModulePackages = [ ];
 
       supportedFilesystems = [ "zfs" ];
-      zfs.extraPools = [ "Vault" ];
+      # zfs.extraPools = [ "Vault" ];
     };
 
     fileSystems = {
@@ -4239,13 +4264,15 @@ This is my main server that I run at home. It handles most tasks that require bi
 :CUSTOM_ID: h:dc2233df-cd78-43cc-bb45-57568a83fb24
 :END:
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix
-  { self, inputs, lib, config, minimal, nodes, globals, confLib, ... }:
+  { self, inputs, lib, minimal, ... }:
   {
 
     imports = [
       ./hardware-configuration.nix
       ./disk-config.nix
 
+      inputs.nixos-hardware.nixosModules.common-cpu-intel
+
       "${self}/modules/nixos/optional/systemd-networkd-server-home.nix"
       "${self}/modules/nixos/optional/microvm-host.nix"
     ];
@@ -4262,22 +4289,25 @@ This is my main server that I run at home. It handles most tasks that require bi
       loader.efi.canTouchEfiVariables = true;
     };
 
-    node.lockFromBootstrapping = lib.mkForce false;
+    hardware.enableRedistributableFirmware = true;
 
     swarselsystems = {
       info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
       flakePath = "/root/.dotfiles";
       isImpermanence = true;
-      isSecureBoot = false;
+      isSecureBoot = true;
       isCrypted = true;
       isBtrfs = true;
       isLinux = true;
       isNixos = true;
       isSwap = false;
+      proxyHost = "twothreetunnel";
       writeGlobalNetworks = false;
-      rootDisk = "/dev/disk/by-id/ata-TS128GMTS430S_H537280456";
-      withMicroVMs = true;
-      localVLANs = [ "services" "home" ];
+      networkKernelModules = [ "igb" ];
+      rootDisk = "/dev/disk/by-id/ata-TS120GMTS420S_J024880123";
+      withMicroVMs = false;
+      localVLANs = [ "services" "home" ]; # devices is only provided on interface for bmc
+      initrdVLAN = "home";
       server = {
         wireguard.interfaces = {
           wgProxy = {
@@ -4313,33 +4343,63 @@ This is my main server that I run at home. It handles most tasks that require bi
     };
 
     swarselmodules.server = {
+      wireguard = true;
+
+      nginx = true; # for php stuff
+      acme = false; # cert handled by proxy
+
+      nfs = true;
+      kavita = true;
       restic = true;
+      jellyfin = true;
+      navidrome = true;
+      spotifyd = true;
+      mpd = true;
+      postgresql = true;
+      matrix = true;
+      nextcloud = true;
+      immich = true;
+      paperless = true;
+      transmission = true;
+      syncthing = true;
+      grafana = true;
+      freshrss = true;
+      kanidm = true;
+      firefly-iii = true;
+      koillection = true;
+      radicale = true;
+      atuin = true;
+      forgejo = true;
+      ankisync = true;
+      homebox = true;
       opkssh = true;
     };
 
-    guests = lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
-      { }
-      // confLib.mkMicrovm "kavita"
-      // confLib.mkMicrovm "jellyfin"
-      // confLib.mkMicrovm "audio"
-      // confLib.mkMicrovm "postgresql"
-      // confLib.mkMicrovm "matrix"
-      // confLib.mkMicrovm "nextcloud"
-      // confLib.mkMicrovm "immich"
-      // confLib.mkMicrovm "paperless"
-      // confLib.mkMicrovm "transmission"
-      // confLib.mkMicrovm "storage"
-      // confLib.mkMicrovm "monitoring"
-      // confLib.mkMicrovm "freshrss"
-      // confLib.mkMicrovm "kanidm"
-      // confLib.mkMicrovm "firefly"
-      // confLib.mkMicrovm "koillection"
-      // confLib.mkMicrovm "radicale"
-      // confLib.mkMicrovm "atuin"
-      // confLib.mkMicrovm "forgejo"
-      // confLib.mkMicrovm "ankisync"
-      // confLib.mkMicrovm "homebox"
-    );
+    # guests = lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
+    #   { }
+    #   // confLib.mkMicrovm "kavita"
+    #   // confLib.mkMicrovm "jellyfin"
+    #   // confLib.mkMicrovm "audio"
+    #   // confLib.mkMicrovm "postgresql"
+    #   // confLib.mkMicrovm "matrix"
+    #   // confLib.mkMicrovm "nextcloud"
+    #   // confLib.mkMicrovm "immich"
+    #   // confLib.mkMicrovm "paperless"
+    #   // confLib.mkMicrovm "transmission"
+    #   // confLib.mkMicrovm "storage"
+    #   // confLib.mkMicrovm "monitoring"
+    #   // confLib.mkMicrovm "freshrss"
+    #   // confLib.mkMicrovm "kanidm"
+    #   // confLib.mkMicrovm "firefly"
+    #   // confLib.mkMicrovm "koillection"
+    #   // confLib.mkMicrovm "radicale"
+    #   // confLib.mkMicrovm "atuin"
+    #   // confLib.mkMicrovm "forgejo"
+    #   // confLib.mkMicrovm "ankisync"
+    #   // confLib.mkMicrovm "homebox"
+    # );
+
+    networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "bmc" ];
 
   }
 
@@ -4514,7 +4574,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/kavita/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4565,7 +4625,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/jellyfin/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4616,7 +4676,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/audio/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4669,7 +4729,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/postgresql/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4720,7 +4780,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/matrix/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4771,7 +4831,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/nextcloud/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4823,7 +4883,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/immich/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4874,7 +4934,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/paperless/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4925,7 +4985,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/transmission/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -4976,7 +5036,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/storage/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5028,7 +5088,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/monitoring/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5079,7 +5139,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/freshrss/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5131,7 +5191,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/kanidm/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5182,7 +5242,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/firefly/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5234,7 +5294,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/koillection/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5285,7 +5345,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/radicale/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5336,7 +5396,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/atuin/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5387,7 +5447,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/forgejo/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5438,7 +5498,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/ankisync/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5489,7 +5549,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 :END:
 
 #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/homebox/default.nix
-  { self, config, lib, minimal, ... }:
+  { self, lib, minimal, ... }:
   {
     imports = [
       "${self}/profiles/nixos/microvm"
@@ -5589,9 +5649,10 @@ This is my main server that I run at home. It handles most tasks that require bi
           wgHome = {
             isServer = true;
             peers = [
-              "winters"
               "hintbooth-adguardhome"
               "hintbooth-nginx"
+              "summers"
+              "winters"
             ];
           };
         };
@@ -7028,6 +7089,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
             peers = [
               "moonside"
               "winters"
+              "summers"
               "belchsfactory"
               "eagleland"
               "hintbooth-adguardhome"
@@ -8477,6 +8539,14 @@ in
                         type = types.nullOr types.str;
                         default = null;
                       };
+                      serviceAddress = mkOption {
+                        type = types.nullOr types.str;
+                        default = null;
+                      };
+                      homeServiceAddress = mkOption {
+                        type = types.nullOr types.str;
+                        default = null;
+                      };
                       isHome = mkOption {
                         type = types.bool;
                         default = false;
@@ -9050,7 +9120,7 @@ This system, while highly pleasant to work with during everyday use, sometimes h
 
         secrets = lib.mkOption {
           readOnly = true;
-          default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; }) config.repo.secretFiles;
+          default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
           type = lib.types.unspecified;
           description = "Exposes the loaded repo secrets. This option is read-only.";
         };
@@ -9079,20 +9149,27 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system
 
 #+begin_src nix-ts :tangle modules/nixos/common/lanzaboote.nix
   { lib, pkgs, config, minimal, ... }:
+  let
+    inherit (config.swarselsystems) isSecureBoot isImpermanence;
+  in
   {
     options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config";
     config = lib.mkIf config.swarselmodules.lanzaboote {
 
-      environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [
+      environment.systemPackages = lib.mkIf isSecureBoot [
         pkgs.sbctl
       ];
 
+      environment.persistence."/persist" = lib.mkIf (isImpermanence && isSecureBoot) {
+        directories = [{ directory = "/var/lib/sbctl"; }];
+      };
+
       boot = {
         loader = {
           efi.canTouchEfiVariables = true;
-          systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
+          systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !isSecureBoot) (lib.mkForce true) (lib.mkForce false);
         };
-        lanzaboote = lib.mkIf (!minimal && config.swarselsystems.isSecureBoot) {
+        lanzaboote = lib.mkIf (!minimal && isSecureBoot) {
           enable = true;
           pkiBundle = "/var/lib/sbctl";
           configurationLimit = 6;
@@ -11686,6 +11763,7 @@ I also take some precautions in how I get networking information during stage 1.
         initrd = {
           secrets."/tmp${hostKeyPathBase}" = if minimal then (lib.mkForce generatedHostKey) else (lib.mkForce hostKeyPath); # need to mkForce this or it behaves stateful
           availableKernelModules = config.swarselsystems.networkKernelModules;
+          kernelModules = config.swarselsystems.networkKernelModules; # at least summers needs this to actually find the interfaces
           network = {
             enable = true;
             flushBeforeStage2 = true;
@@ -12154,8 +12232,9 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
       })
       globals.networks.home-lan.vlans;
     selectVLANs = vlans: map (vlan: { VLAN = globals.networks.home-lan.vlans.${vlan}.id; }) vlans;
+    lan3VLANs = selectVLANs [ "home" "devices" "services" ];
+    lan4VLANs = lan3VLANs;
     lan5VLANs = selectVLANs [ "home" "devices" "guests" ];
-    lan4VLANs = selectVLANs [ "home" "services" ];
     inherit (globals.general) homeDnsServer;
   in
   {
@@ -12352,9 +12431,9 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
                 Bridge = "br";
                 ConfigureWithoutCarrier = true;
               };
-              inherit bridgeVLANs;
+              bridgeVLANs = lan3VLANs;
             };
-            # winters
+            # summers
             "30-lan4" = {
               matchConfig.MACAddress = config.repo.secrets.local.networking.networks.lan4.mac;
               linkConfig.RequiredForOnline = "enslaved";
@@ -12453,7 +12532,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -12496,15 +12576,15 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
         extraGroups = [ "video" "render" "users" ];
       };
 
-      nixpkgs.config.packageOverrides = pkgs: {
-        intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
-      };
+      # nixpkgs.config.packageOverrides = pkgs: {
+      #   intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
+      # };
 
       hardware.graphics = {
         enable = true;
         extraPackages = with pkgs; [
           intel-media-driver # LIBVA_DRIVER_NAME=iHD
-          intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+          # intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
           libva-vdpau-driver
           libvdpau-va-gl
         ];
@@ -12523,7 +12603,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -12603,7 +12684,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -13096,7 +13178,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -13394,7 +13477,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
 
       globals.services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
 
       services = {
@@ -13468,7 +13552,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -13555,7 +13640,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -13918,7 +14004,8 @@ in
         };
         services.${specificServiceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -14138,7 +14225,8 @@ This section exposes several metrics that I use to check the health of my server
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -14291,6 +14379,10 @@ This section exposes several metrics that I use to check the health of my server
 
       nodes =
         let
+          extraConfig = ''
+            allow ${globals.networks.home-lan.vlans.services.cidrv4};
+            allow ${globals.networks.home-lan.vlans.services.cidrv6};
+          '';
           genNginx = toAddress: extraConfigPre: {
             upstreams = {
               "${grafanaUpstream}" = {
@@ -14337,7 +14429,7 @@ This section exposes several metrics that I use to check the health of my server
             "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
           };
           ${webProxy}.services.nginx = genNginx serviceAddress "";
-          ${homeWebProxy}.services.nginx = genNginx homeServiceAddress nginxAccessRules;
+          ${homeWebProxy}.services.nginx = genNginx homeServiceAddress (extraConfig + nginxAccessRules);
         };
     };
   }
@@ -14371,7 +14463,8 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -14493,7 +14586,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with
 
       globals.services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
 
       services.${serviceName} =
@@ -14601,7 +14695,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -14755,7 +14850,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -14877,7 +14973,8 @@ kanidm person credential create-reset-token <user>
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -15201,12 +15298,17 @@ kanidm person credential create-reset-token <user>
 
       systemd.services.${serviceName}.serviceConfig.RestartSec = "30";
 
-      nodes = {
+      nodes = let
+        extraConfig = ''
+          allow ${globals.networks.home-lan.vlans.services.cidrv4};
+          allow ${globals.networks.home-lan.vlans.services.cidrv6};
+        '';
+      in {
         ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
           "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
         };
         ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; };
-        ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; };
+        ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = extraConfig + nginxAccessRules; serviceAddress = homeServiceAddress; };
       };
 
     };
@@ -15223,7 +15325,7 @@ kanidm person credential create-reset-token <user>
   { lib, config, globals, dns, confLib, ... }:
   let
     inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
-    inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules;
+    inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules homeServiceAddress;
 
     kanidmDomain = globals.services.kanidm.domain;
     mainDomain = globals.domains.main;
@@ -15375,7 +15477,8 @@ kanidm person credential create-reset-token <user>
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -15433,14 +15536,16 @@ kanidm person credential create-reset-token <user>
           extraConfig = ''
             proxy_set_header X-Scheme                $scheme;
             proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
+            allow ${globals.networks.home-lan.vlans.services.cidrv4};
+            allow ${globals.networks.home-lan.vlans.services.cidrv6};
           '';
         in
         {
           ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
             "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
           };
-          ${webProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceAddress serviceDomain serviceName extraConfig; protocol = "https"; };
-          ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; extraConfig = extraConfig + nginxAccessRules; serviceAddress = globals.hosts.${oauthServer}.wanAddress4; };
+          ${webProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceAddress serviceDomain serviceName extraConfig;  };
+          ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; extraConfig = extraConfig + nginxAccessRules; serviceAddress = globals.hosts.${oauthServer}.wanAddress4; };
         };
     };
   }
@@ -15489,7 +15594,8 @@ kanidm person credential create-reset-token <user>
 
       globals.services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
 
       services = {
@@ -15628,7 +15734,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -15755,7 +15862,8 @@ in
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -15830,7 +15938,8 @@ in
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -16046,7 +16155,8 @@ in
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -16215,7 +16325,8 @@ in
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -16315,7 +16426,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -16406,7 +16518,8 @@ in
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -16470,7 +16583,8 @@ in
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -16672,7 +16786,8 @@ or 2) use classic path addressing =aws s3 cp <local file> s3://<bucket>/<path to
         };
         services.${specificServiceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -17330,7 +17445,8 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
         };
         roundcube = {
           domain = roundcubeDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -17505,7 +17621,8 @@ $ attic cache create hello
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -17671,7 +17788,8 @@ $ hydra-create-user alice --full-name 'Alice Q. User' \
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -18045,7 +18163,8 @@ This has some state:
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -18426,7 +18545,8 @@ This has some state:
         };
         services.${serviceName} = {
           domain = serviceDomain;
-          inherit proxyAddress4 proxyAddress6 isHome;
+          inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+          homeServiceAddress = lib.mkIf isHome homeServiceAddress;
         };
       };
 
@@ -18466,6 +18586,7 @@ This has some state:
               # FIXME: change to homeWebProxy once that is setup
               answer = globals.networks.home-lan.vlans.services.hosts.${homeWebProxy}.ipv4;
               # answer = globals.hosts.${webProxy}.wanAddress4;
+              enabled = true;
             })
             homeDomains;
           filters = [
@@ -18485,6 +18606,7 @@ This has some state:
               enabled = true;
             }
           ];
+          user_rules = config.repo.secrets.local.adguardUserRules;
         };
       };
 
@@ -19412,6 +19534,7 @@ A VLAN can also be used as the initrd network - this is however disabled for the
 
         boot.initrd = lib.mkIf (isCrypted && (localVLANsList != []) && (!isRouter)) {
           availableKernelModules = [ "8021q" ];
+          kernelModules = [ "8021q" ]; # at least summers needs this to actually find the interfaces
           systemd.network = {
             enable = true;
             netdevs."30-vlan-${initrdVLAN}" = {
@@ -19446,6 +19569,20 @@ A VLAN can also be used as the initrd network - this is however disabled for the
           };
         };
 
+        topology.self.interfaces = (lib.mapAttrs'
+          (vlanName: _:
+            lib.nameValuePair "vlan-${vlanName}" {
+              network = lib.mkForce vlanName;
+            }
+          )
+          localVLANs) // (lib.mapAttrs'
+          (vlanName: _:
+            lib.nameValuePair "me-${vlanName}" {
+              network = lib.mkForce vlanName;
+            }
+          )
+          localVLANs);
+
         systemd.network = {
           netdevs = lib.flip lib.concatMapAttrs localVLANs (
             vlanName: vlanCfg: {
@@ -20969,18 +21106,18 @@ Common order values:
 
 To specify both content in Early initialization and General configuration, use lib.mkMerge:
 
-#+begin_src nix
-initContent = let
-zshConfigEarlyInit = lib.mkOrder 500 "do something";
-zshConfig = lib.mkOrder 1000 "do something";
-in
-lib.mkMerge [ zshConfigEarlyInit zshConfig ];
+#+begin_src nix-ts :tangle no
+  let
+    zshConfigEarlyInit = lib.mkOrder 500 "do something";
+    zshConfig = lib.mkOrder 1000 "do something";
+  in
+    lib.mkMerge [ zshConfigEarlyInit zshConfig ];
 #+end_src
 
 Currently I only use it as before with =initExtra= though.
 
 #+begin_src nix-ts :tangle modules/home/common/zsh.nix
-  { config, pkgs, lib, minimal, globals, confLib, type, ... }:
+  { self, config, pkgs, lib, minimal, globals, confLib, type, ... }:
   let
     inherit (config.swarselsystems) flakePath isNixos;
     crocDomain = globals.services.croc.domain;
@@ -21028,7 +21165,7 @@ Currently I only use it as before with =initExtra= though.
               boot-diff = "nix store diff-closures /run/*-system";
               gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
               cc = "wl-copy";
-              build-topology = "nix build .#topology.x86_64-linux.config.output";
+              build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private .#topology.x86_64-linux.config.output";
               build-iso = "nix build --print-out-paths .#live-iso";
               nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
               nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
@@ -29123,10 +29260,10 @@ This script quickly switches to another nix generation.
     inherit name;
     runtimeInputs = [ sops ];
     text = ''
-      sops updatekeys ${homeConfig.home.homeDirectory}/secrets/repo/*
-      sops updatekeys ${homeConfig.home.homeDirectory}/secrets/nginx/*
-      sops updatekeys ${homeConfig.home.homeDirectory}/secrets/work/*
-      sops updatekeys ${homeConfig.home.homeDirectory}/hosts/*/*/*/secrets/*/secrets.yaml
+      sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/repo/*
+      sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/nginx/*
+      sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/work/*
+      sops updatekeys ${homeConfig.swarselsystems.flakePath}/hosts/*/*/*/secrets/*/secrets.yaml
     '';
   }
 
@@ -36973,6 +37110,31 @@ jobs:
 
 #+end_src
 
+** Private topology flake
+
+This flake is automatically loaded as an override when building the repo topology using the alias =build-topology= defined in [[#h:91dd4cc4-aada-4e74-be23-0cc69ed85af5][zsh]].
+
+#+begin_src nix-ts :tangle files/topology/private/flake.nix
+  {
+    description = "Flake that sets topologyPrivate to true for building topology.";
+
+    outputs = _: { topologyPrivate = true; };
+  }
+#+end_src
+** Public topology flake
+:PROPERTIES:
+:CUSTOM_ID: h:c88d569e-70c4-4dd6-a959-be649fdeaa71
+:END:
+
+This flake is loaded per default as an input to not obfuscate values that could be exposed to nix-topology.
+
+#+begin_src nix-ts :tangle files/topology/public/flake.nix
+  {
+    description = "Flake that sets topologyPrivate to false for general purpose.";
+
+    outputs = _: { topologyPrivate = false; };
+  }
+#+end_src
 * Appendix C: Explanations to nix functions and operators
 :PROPERTIES:
 :CUSTOM_ID: h:8ea35dcc-ef94-4c10-9112-8be8efd6f424
diff --git a/files/emacs/init.el b/files/emacs/init.el
index 52ffc4e..14e5005 100644
--- a/files/emacs/init.el
+++ b/files/emacs/init.el
@@ -1117,7 +1117,7 @@ create a new one."
 
 (use-package nix-ts-mode
   :after lsp-mode
-  :mode ("\\.nix\\'" . "\\.nix\\.enc\\'")
+  :mode "\\.nix\\'" "\\.nix\\.enc\\'"
   :ensure t
   :hook
   (nix-ts-mode . lsp-deferred) ;; So that envrc mode will work
@@ -1131,6 +1131,9 @@ create a new one."
         lsp-nix-nixd-home-manager-options-expr "(builtins.getFlake \"/home/swarsel/.dotfiles\").nixosConfigurations.pyramid.options.home-manager.users.type.getSubOptions []"
         ))
 
+(add-to-list 'auto-mode-alist '("\\.nix\\.enc\\'" . nix-mode))
+(add-to-list 'auto-mode-alist '("\\.nix\\.enc\\'" . nix-ts-mode))
+
 
 (with-eval-after-load 'lsp-mode
   (lsp-register-client
@@ -1774,70 +1777,73 @@ create a new one."
     )))
 
 (use-package dashboard
-  :ensure t
-  :config
-  (dashboard-setup-startup-hook)
-  ;; (setq initial-buffer-choice (lambda () (get-buffer-create "*dashboard*")))
+    :ensure t
+    :config
+    (dashboard-setup-startup-hook)
+    ;; (setq initial-buffer-choice (lambda () (get-buffer-create "*dashboard*")))
 
-  (let ((files-domain (getenv "SWARSEL_FILES_DOMAIN"))
-        (music-domain (getenv "SWARSEL_MUSIC_DOMAIN"))
-        (insta-domain (getenv "SWARSEL_INSTA_DOMAIN"))
-        (sport-domain (getenv "SWARSEL_SPORT_DOMAIN"))
-        (swarsel-domain (getenv "SWARSEL_DOMAIN"))
-        )
-    (setq dashboard-display-icons-p t ;; display icons on both GUI and terminal
-          dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package
-          dashboard-set-file-icons t
-          dashboard-items '((recents . 5)
-                            (projects . 5)
-                            (agenda . 5))
-          dashboard-set-footer nil
-          dashboard-banner-logo-title "Welcome to SwarsEmacs!"
-          dashboard-image-banner-max-height 300
-          dashboard-startup-banner "~/.dotfiles/files/wallpaper/swarsel.png"
-          dashboard-projects-backend 'projectile
-          dashboard-projects-switch-function 'magit-status
-          dashboard-set-navigator t
-          dashboard-startupify-list '(dashboard-insert-banner
-                                      dashboard-insert-newline
-                                      dashboard-insert-banner-title
-                                      dashboard-insert-newline
-                                      dashboard-insert-navigator
-                                      dashboard-insert-newline
-                                      dashboard-insert-init-info
-                                      dashboard-insert-items
-                                      )
-          dashboard-navigator-buttons
-          `(;; line1
-            ((,""
-              "SwarselSocial"
-              "Browse Swarsele"
-              (lambda (&rest _) (browse-url ,insta-domain)))
+    (let ((files-domain (getenv "SWARSEL_FILES_DOMAIN"))
+          (music-domain (getenv "SWARSEL_MUSIC_DOMAIN"))
+          (insta-domain (getenv "SWARSEL_INSTA_DOMAIN"))
+          (sport-domain (getenv "SWARSEL_SPORT_DOMAIN"))
+          (swarsel-domain (getenv "SWARSEL_DOMAIN"))
+          )
+      (setq dashboard-display-icons-p t ;; display icons on both GUI and terminal
+            dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package
+            dashboard-set-file-icons t
+            dashboard-items '((recents . 5)
+                              (projects . 5)
+                              (agenda . 5))
+            dashboard-set-footer nil
+            dashboard-banner-logo-title "Welcome to SwarsEmacs!"
+            dashboard-image-banner-max-height 300
+            dashboard-startup-banner "~/.dotfiles/files/wallpaper/swarsel.png"
+            dashboard-projects-backend 'projectile
+            dashboard-projects-switch-function 'magit-status
+            dashboard-set-navigator t
+            dashboard-startupify-list '(dashboard-insert-banner
+                                        dashboard-insert-newline
+                                        dashboard-insert-banner-title
+                                        dashboard-insert-newline
+                                        dashboard-insert-navigator
+                                        dashboard-insert-newline
+                                        dashboard-insert-init-info
+                                        dashboard-insert-items
+                                        )
+            dashboard-navigator-buttons
+            `(;; line1
+              ((,""
+                "SwarselSocial"
+                "Browse Swarsele"
+                (lambda (&rest _) (browse-url ,insta-domain)))
 
-             (,""
-              "SwarselSound"
-              "Browse SwarselSound"
-              (lambda (&rest _) (browse-url ,(concat "https://" music-domain))) )
-             (,""
-              "SwarselSwarsel"
-              "Browse Swarsel"
-              (lambda (&rest _) (browse-url "https://github.com/Swarsel")) )
-             (,""
-              "SwarselStash"
-              "Browse SwarselStash"
-              (lambda (&rest _) (browse-url ,(concat "https://" files-domain))) )
-             (,"󰫑"
-              "SwarselSport"
-              "Browse SwarselSports"
-              (lambda (&rest _) (browse-url ,sport-domain)))
-             )
-            (
-             (,"󱄅"
-              ,swarsel-domain
-              ,(concat "Browse " main-domain)
-              (lambda (&rest _) (browse-url ,(concat "https://" swarsel-domain))))
-             )
-            ))))
+               (,""
+                "SwarselSound"
+                "Browse SwarselSound"
+                (lambda (&rest _) (browse-url ,(concat "https://" music-domain))) )
+               (,""
+                "SwarselSwarsel"
+                "Browse Swarsel"
+                (lambda (&rest _) (browse-url "https://github.com/Swarsel")) )
+               (,""
+                "SwarselStash"
+                "Browse SwarselStash"
+                (lambda (&rest _) (browse-url ,(concat "https://" files-domain))) )
+               (,"󰫑"
+                "SwarselSport"
+                "Browse SwarselSports"
+                (lambda (&rest _) (browse-url ,sport-domain)))
+               )
+              (
+               (,"󱄅"
+                ,swarsel-domain
+                ,(concat "Browse " main-domain)
+                (lambda (&rest _) (browse-url ,(concat "https://" swarsel-domain))))
+               )
+              ))))
+
+(add-to-list 'recentf-exclude "\\Archive\\.org\\'")
+(add-to-list 'recentf-exclude "\\Tasks\\.org\\'")
 
 (use-package vterm
   :ensure t)
diff --git a/files/topology-images/ender3.png b/files/topology-images/ender3.png
new file mode 100644
index 0000000..cff711a
Binary files /dev/null and b/files/topology-images/ender3.png differ
diff --git a/files/topology-images/ender3_.png b/files/topology-images/ender3_.png
new file mode 100644
index 0000000..cff711a
Binary files /dev/null and b/files/topology-images/ender3_.png differ
diff --git a/files/topology-images/matrix.png b/files/topology-images/matrix.png
new file mode 100644
index 0000000..b20366d
Binary files /dev/null and b/files/topology-images/matrix.png differ
diff --git a/files/topology-images/mautrix.png b/files/topology-images/mautrix.png
new file mode 100644
index 0000000..a68f624
Binary files /dev/null and b/files/topology-images/mautrix.png differ
diff --git a/files/topology-images/octoprint.png b/files/topology-images/octoprint.png
new file mode 100644
index 0000000..a8ce6fb
Binary files /dev/null and b/files/topology-images/octoprint.png differ
diff --git a/files/topology-images/postgresql.png b/files/topology-images/postgresql.png
new file mode 100644
index 0000000..d7843b5
Binary files /dev/null and b/files/topology-images/postgresql.png differ
diff --git a/files/topology-images/ps4.png b/files/topology-images/ps4.png
new file mode 100644
index 0000000..2054540
Binary files /dev/null and b/files/topology-images/ps4.png differ
diff --git a/files/topology/private/flake.nix b/files/topology/private/flake.nix
new file mode 100644
index 0000000..fe4acbb
--- /dev/null
+++ b/files/topology/private/flake.nix
@@ -0,0 +1,5 @@
+{
+  description = "Flake that sets topologyPrivate to true for building topology.";
+
+  outputs = _: { topologyPrivate = true; };
+}
diff --git a/files/topology/public/flake.nix b/files/topology/public/flake.nix
new file mode 100644
index 0000000..cdea1dc
--- /dev/null
+++ b/files/topology/public/flake.nix
@@ -0,0 +1,5 @@
+{
+  description = "Flake that sets topologyPrivate to false for general purpose.";
+
+  outputs = _: { topologyPrivate = false; };
+}
diff --git a/flake.lock b/flake.lock
index 5731952..f579e9a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2676,6 +2676,7 @@
         "stylix": "stylix",
         "swarsel-nix": "swarsel-nix",
         "systems": "systems_8",
+        "topologyPrivate": "topologyPrivate",
         "treefmt-nix": "treefmt-nix",
         "vbc-nix": "vbc-nix",
         "zjstatus": "zjstatus"
@@ -3243,6 +3244,17 @@
         "type": "github"
       }
     },
+    "topologyPrivate": {
+      "locked": {
+        "path": "./files/topology/public",
+        "type": "path"
+      },
+      "original": {
+        "path": "./files/topology/public",
+        "type": "path"
+      },
+      "parent": []
+    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": "nixpkgs_27"
diff --git a/flake.nix b/flake.nix
index 277493e..f879860 100644
--- a/flake.nix
+++ b/flake.nix
@@ -76,6 +76,7 @@
     nix-minecraft.url = "github:Infinidoge/nix-minecraft";
     simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
     nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
+    topologyPrivate.url = "./files/topology/public";
   };
 
   outputs =
diff --git a/hosts/nixos/aarch64-linux/twothreetunnel/default.nix b/hosts/nixos/aarch64-linux/twothreetunnel/default.nix
index 2b16886..81c5676 100644
--- a/hosts/nixos/aarch64-linux/twothreetunnel/default.nix
+++ b/hosts/nixos/aarch64-linux/twothreetunnel/default.nix
@@ -36,6 +36,7 @@
           peers = [
             "moonside"
             "winters"
+            "summers"
             "belchsfactory"
             "eagleland"
             "hintbooth-adguardhome"
diff --git a/hosts/nixos/x86_64-linux/hintbooth/default.nix b/hosts/nixos/x86_64-linux/hintbooth/default.nix
index 648be45..77fabd2 100644
--- a/hosts/nixos/x86_64-linux/hintbooth/default.nix
+++ b/hosts/nixos/x86_64-linux/hintbooth/default.nix
@@ -11,8 +11,8 @@
 
   topology.self = {
     interfaces = {
-      lan2.physicalConnections = [{ node = "summers"; interface = "eth1"; }];
-      lan3.physicalConnections = [{ node = "summers"; interface = "eth2"; }];
+      lan2.physicalConnections = [{ node = "summers"; interface = "lan"; }];
+      lan3.physicalConnections = [{ node = "summers"; interface = "bmc"; }];
       lan4.physicalConnections = [{ node = "switch-bedroom"; interface = "eth1"; }];
       lan5.physicalConnections = [{ node = "switch-livingroom"; interface = "eth1"; }];
     };
@@ -43,9 +43,10 @@
         wgHome = {
           isServer = true;
           peers = [
-            "winters"
             "hintbooth-adguardhome"
             "hintbooth-nginx"
+            "summers"
+            "winters"
           ];
         };
       };
diff --git a/hosts/nixos/x86_64-linux/hintbooth/secrets/adguardhome/pii.nix.enc b/hosts/nixos/x86_64-linux/hintbooth/secrets/adguardhome/pii.nix.enc
new file mode 100644
index 0000000..97b9fc8
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/hintbooth/secrets/adguardhome/pii.nix.enc
@@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:j4Vhhuinx3xb0YhEvtjK6CmGm4HDmhOZN9ftHJ6IgrINdlj8tWxyxsOfQkJoX+PmIjhloLob61MSBm2QfMGojMsvbgNrvakpPBoTd8w2H9u6IxMH0DpPCnXOq2rD6aC2Y5Xjg6AZJCXQNWMCfkhTgbZoTOen3e/1IUXtPtbURKe7vpOuyaB3d7IIO6NnMGlNpF3ZXRuxoOtu9Y9ZrMjgRH7I5vkE4KkMoFIt//Tx1rtlhu68UrFKlochelXNPxWc+NHNbi1ynibdgeuipak5GmheJ1vY7oKAMogvsZWvn5qs8Ar5juoonWWKsc++dIcFwhDHaxd/xHiak2MhKmnU+do=,iv:LLAaoxXaqVnoCprUfSNLNBU/69ZTxytVswgdz5s2swQ=,tag:B8wC/3YB04tKvBrS2AvmdQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YjFzelZTVE40L2hiZ0pP\nL1o2ZUJ3VmFnZE15alRaTHE0aEU2T2M5YjFZCk9tdUxEdStRemZTdnNodE5aUzk2\nSFlaeklZZU1NYVdTcW5VOHczWkNabDgKLS0tIFJtM0dlN2N4WnltaGVLMFg5ZEJG\nbVdMU085TnlzMmxEWkNvdUxnVUIxeU0KRW+NWgYTqxKUIrK9v3E2zYmZCnAEsUjw\n4WxVqwhGgUoHDeURiKkJNJ4kg3op6pNZg12NJ2JfAngAKfCK4xUNzw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQXc1MWpLNms2QzVzeHRo\nd2NJNVh6MWIvVkFsbEc2b2FVSkxkQjFYMURJCnJGOGZPMkt4L1ZXSW5UbGQzNFA1\nYm5uZlFXNlNjd0VSQVo3N3lFQ3BvUmcKLS0tIFlqQmpOL3VLVzZmcmxnN2RuOEd5\nZXRBN0wvbDB3a2hSdWRuN096ZExCcTQKMGRB1v9Jlilzx65/5yUgWQ+i7ubK8y3Z\n87o23XUIdXAx9oPW3j3HP1OpuYqiJc0FYX+THtmpHln/J9n9Qe18qw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-01-09T13:49:03Z",
+		"mac": "ENC[AES256_GCM,data:cJauc3/EUrx5uYx1SGLTmXdPrsnLY0SYm9vCakX9CUuBOoOp3aA5SGFtzGSjOlbPa22uo5Yt0t25setij3G4A9DjTGG/P/aQq9lLYvEeBxN0oxmBnww0YeLUoHT+04qxSH/5CShwZg26Ycep/43DMO1x3HH3fx4ijenfwmKhuAo=,iv:aZc6KMC2JaxEdKX3uOuSzJ6Bhfu0I77Yw+9t0z+ZI80=,tag:lQCZmxfq+Hp8G0JG/bjhVA==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2026-01-09T13:48:11Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAxNIPrwgDPEUjt+06WWjvh+NYFfxkEdVPH+8o7O1GG/xS\nH+K3iviN+IPdvXeV5zDjHfARVpnnaT0GfH1yb9+4X8731bDPhZk4iYH/RTloByoL\nx+yRhBzo6YfWvLVBHDXuV0Ux5xWFlQmhAoUrsHeBycDmNCEoQV58igBNgHxROpHA\nwwWxkuAk2A6LQRIJkCd3q0FonES7G8Oi2sslYOqlsMzzfTS3OrZfc+y6vjjQshqn\nldZLjFogOPH6YJZe9r/LTaXqoY31t4ZeGKlH5ShfKui+e7va6pZy0X63iNmhLAfw\nccxIJVQCEf7DOtFdohKVrhpLD88nj2PIv618QFLgBW72Cyw0O1RPGRCQkwk0WGqN\nlzm/2MoStUlO/0/GvWi3KN46E1E0LR6FkAOEphxH7gB+1wiJpgnDCSWtR8ow1gOG\n/SNKb6xFD2haKZVl4DyioK6yiOQ2/tHEeYrIDhVfW3+KZ57zd6R5euhaK+QxABVW\niCNDaERqMvwWuwfBUif7g3V4CU1iTkQ6DHI8LbaVH4Vs+YwqGt21kpe/dcIiqtm1\nSNACM5mJ1Q1P7r8fM4i544IxFbl+LHijJzFTjTxdgkEsovwXbOVpWqVl5oQ8xVVx\nkd1FZuQmcNvsS9y1enK5kD3DUZzygvtZwKcKRohLyQV3T+ujUFAh8hhVUwmrRKKF\nAgwDC9FRLmchgYQBD/9AhPK/E4/cmSFSnUYpyvoRqlUhGtXzZMwTzRKjf5hRHyio\npjqJEND+UTIrIMy8rExBFiE39+7crsICG+k03Fawtmmw9Q5zXmhPFW1pD6g2zQcH\nMtGmg2BJBdXXcL6wuaaDaDUWVVhYw8iN9QaC6ma0/i92ZiH7T55D3+0MQeqSrDFx\nISjtg4xU8Vx/vHXayEHSuLzaqU2/5vnx0DUalqYUTE4f9eeaD9e1qLyoDBGRld3T\nHuAXdKulwL1YSKNBe2X9Y3kHlHzK48I5NfMy8NuTkMPUQ442ZZYD7mYM7J3kyjgH\n9DTRC7P2sfacE7f3i3Tnum0kwTEs6a8aeIR/BS+EDrPouKXuHevWLzbqB/pa9cfm\nU0yvZmcXOrLVXsjOKdgHzS2I2jGnbacza/FTkkjS4amDKq5kmkqeBkSol0//oDUR\n15sa+vEWDBFTdDZPvYZAKwndNkPy4prjOsXxHSpLa0oX+vT5UWdLvYy8P6av5Hk8\nNBDePCf/WhwIr3612n7kSBzEdh7HQTtPWapq31GaH7+vgZAw9hVWrWiIBuHf3j60\nN1zHfid7wMeFHqnRvT74vpM7ekvfVf2ab0XLpQmFMvMkZSj7gZllJsiA4TiAqgvg\ntANiOnPtZDr25GDogl+3b6uBEhmTmSi40D0te84zsT18yvZXbJhr23swRlo7cNJe\nAdAi5A4/stmMaLSzFoyt/FZL7+/lwOGmGHo6TMcr2b1UkLfA/c7r9udVnOJGuDFW\nau9MXji34BkREW2gzEaJBqOJ5RkaKB3TBxbl3c6FX0DsFoEINzALM1yJ/B6NbQ==\n=NwLj\n-----END PGP MESSAGE-----",
+				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
+			}
+		],
+		"version": "3.11.0"
+	}
+}
diff --git a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix
index 8e4d75a..9b873c8 100644
--- a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix
+++ b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix
@@ -26,7 +26,20 @@
     # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
     binfmt.emulatedSystems = [ "aarch64-linux" ];
     initrd = {
-      availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" "r8152" ];
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "thunderbolt"
+        "usb_storage"
+        "cryptd"
+        "usbhid"
+        "sd_mod"
+        "r8152"
+        "drm"
+        "drm_kms_helper"
+        "ttm"
+        "gpu_sched"
+      ];
       # allow to remote build on arm (needed for moonside)
       kernelModules = [ "sg" ];
       luks.devices."cryptroot" = {
@@ -37,7 +50,7 @@
       };
     };
 
-    kernelModules = [ "kvm-amd" ];
+    kernelModules = [ "amdgpu" "kvm-amd" ];
     kernelParams = [
       # deep sleep is discontinued by amd
       # "mem_sleep_default=deep"
diff --git a/hosts/nixos/x86_64-linux/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix
index 1d895b2..ddc929d 100644
--- a/hosts/nixos/x86_64-linux/summers/default.nix
+++ b/hosts/nixos/x86_64-linux/summers/default.nix
@@ -1,17 +1,20 @@
-{ self, inputs, lib, config, minimal, nodes, globals, ... }:
+{ self, inputs, lib, minimal, ... }:
 {
 
   imports = [
     ./hardware-configuration.nix
     ./disk-config.nix
 
+    inputs.nixos-hardware.nixosModules.common-cpu-intel
+
+    "${self}/modules/nixos/optional/systemd-networkd-server-home.nix"
     "${self}/modules/nixos/optional/microvm-host.nix"
   ];
 
   topology.self = {
     interfaces = {
-      "eth1" = { };
-      "eth2" = { };
+      "lan" = { };
+      "bmc" = { };
     };
   };
 
@@ -20,21 +23,51 @@
     loader.efi.canTouchEfiVariables = true;
   };
 
-  node.lockFromBootstrapping = lib.mkForce false;
+  hardware.enableRedistributableFirmware = true;
 
   swarselsystems = {
     info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
     flakePath = "/root/.dotfiles";
     isImpermanence = true;
-    isSecureBoot = false;
+    isSecureBoot = true;
     isCrypted = true;
     isBtrfs = true;
     isLinux = true;
     isNixos = true;
     isSwap = false;
-    rootDisk = "/dev/disk/by-id/ata-TS128GMTS430S_H537280456";
+    proxyHost = "twothreetunnel";
+    writeGlobalNetworks = false;
+    networkKernelModules = [ "igb" ];
+    rootDisk = "/dev/disk/by-id/ata-TS120GMTS420S_J024880123";
     withMicroVMs = false;
-    server.localNetwork = "lan";
+    localVLANs = [ "services" "home" ]; # devices is only provided on interface for bmc
+    initrdVLAN = "home";
+    server = {
+      wireguard.interfaces = {
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+      };
+      restic = {
+        bucketName = "SwarselWinters";
+        paths = [
+          "/Vault/data/paperless"
+          "/Vault/data/koillection"
+          "/Vault/data/postgresql"
+          "/Vault/data/firefly-iii"
+          "/Vault/data/radicale"
+          "/Vault/data/matrix-synapse"
+          "/Vault/Eternor/Paperless"
+          "/Vault/Eternor/Bilder"
+          "/Vault/Eternor/Immich"
+        ];
+      };
+    };
   };
 
 } // lib.optionalAttrs (!minimal) {
@@ -43,34 +76,63 @@
     server = true;
   };
 
-  microvm.vms =
-    let
-      mkMicrovm = guestName: {
-        ${guestName} = {
-          backend = "microvm";
-          autostart = true;
-          modules = [
-            ./guests/${guestName}.nix
-            {
-              node.secretsDir = ./secrets/${guestName};
-            }
-          ];
-          microvm = {
-            system = "x86_64-linux";
-            # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac;
-            # interfaces.vlan-services = { };
-          };
-          specialArgs = {
-            inherit (config) nodes globals;
-            inherit lib;
-            inherit inputs minimal;
-          };
-        };
-      };
-    in
-    lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
-      { }
-      // mkMicrovm "guest1"
-    );
+  swarselmodules.server = {
+    wireguard = true;
+
+    nginx = true; # for php stuff
+    acme = false; # cert handled by proxy
+
+    nfs = true;
+    kavita = true;
+    restic = true;
+    jellyfin = true;
+    navidrome = true;
+    spotifyd = true;
+    mpd = true;
+    postgresql = true;
+    matrix = true;
+    nextcloud = true;
+    immich = true;
+    paperless = true;
+    transmission = true;
+    syncthing = true;
+    grafana = true;
+    freshrss = true;
+    kanidm = true;
+    firefly-iii = true;
+    koillection = true;
+    radicale = true;
+    atuin = true;
+    forgejo = true;
+    ankisync = true;
+    homebox = true;
+    opkssh = true;
+  };
+
+  # guests = lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
+  #   { }
+  #   // confLib.mkMicrovm "kavita"
+  #   // confLib.mkMicrovm "jellyfin"
+  #   // confLib.mkMicrovm "audio"
+  #   // confLib.mkMicrovm "postgresql"
+  #   // confLib.mkMicrovm "matrix"
+  #   // confLib.mkMicrovm "nextcloud"
+  #   // confLib.mkMicrovm "immich"
+  #   // confLib.mkMicrovm "paperless"
+  #   // confLib.mkMicrovm "transmission"
+  #   // confLib.mkMicrovm "storage"
+  #   // confLib.mkMicrovm "monitoring"
+  #   // confLib.mkMicrovm "freshrss"
+  #   // confLib.mkMicrovm "kanidm"
+  #   // confLib.mkMicrovm "firefly"
+  #   // confLib.mkMicrovm "koillection"
+  #   // confLib.mkMicrovm "radicale"
+  #   // confLib.mkMicrovm "atuin"
+  #   // confLib.mkMicrovm "forgejo"
+  #   // confLib.mkMicrovm "ankisync"
+  #   // confLib.mkMicrovm "homebox"
+  # );
+
+  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "bmc" ];
 
 }
diff --git a/hosts/nixos/x86_64-linux/summers/guests/ankisync/default.nix b/hosts/nixos/x86_64-linux/summers/guests/ankisync/default.nix
new file mode 100644
index 0000000..e46d3ee
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/ankisync/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    ankisync = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/atuin/default.nix b/hosts/nixos/x86_64-linux/summers/guests/atuin/default.nix
new file mode 100644
index 0000000..7d4eeea
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/atuin/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 1;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    atuin = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/audio/default.nix b/hosts/nixos/x86_64-linux/summers/guests/audio/default.nix
new file mode 100644
index 0000000..5f2ddd6
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/audio/default.nix
@@ -0,0 +1,44 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 4;
+    vcpu = 2;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    navidrome = true;
+    spotifyd = true;
+    mpd = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/firefly/default.nix b/hosts/nixos/x86_64-linux/summers/guests/firefly/default.nix
new file mode 100644
index 0000000..592424a
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/firefly/default.nix
@@ -0,0 +1,43 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 3;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    firefly-iii = true;
+    nginx = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/forgejo/default.nix b/hosts/nixos/x86_64-linux/summers/guests/forgejo/default.nix
new file mode 100644
index 0000000..8efd8f2
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/forgejo/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    forgejo = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/freshrss/default.nix b/hosts/nixos/x86_64-linux/summers/guests/freshrss/default.nix
new file mode 100644
index 0000000..0d43b72
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/freshrss/default.nix
@@ -0,0 +1,43 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 3;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    freshrss = true;
+    nginx = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/homebox/default.nix b/hosts/nixos/x86_64-linux/summers/guests/homebox/default.nix
new file mode 100644
index 0000000..da4d446
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/homebox/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    homebox = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/immich/default.nix b/hosts/nixos/x86_64-linux/summers/guests/immich/default.nix
new file mode 100644
index 0000000..b2362e4
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/immich/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 8;
+    vcpu = 8;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    immich = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/jellyfin/default.nix b/hosts/nixos/x86_64-linux/summers/guests/jellyfin/default.nix
new file mode 100644
index 0000000..7b7701b
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/jellyfin/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    jellyfin = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/kanidm/default.nix b/hosts/nixos/x86_64-linux/summers/guests/kanidm/default.nix
new file mode 100644
index 0000000..7b0f882
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/kanidm/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 4;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    kanidm = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/kavita/default.nix b/hosts/nixos/x86_64-linux/summers/guests/kavita/default.nix
new file mode 100644
index 0000000..4c06623
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/kavita/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 1;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    kavita = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/koillection/default.nix b/hosts/nixos/x86_64-linux/summers/guests/koillection/default.nix
new file mode 100644
index 0000000..31a62fc
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/koillection/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    koillection = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/matrix/default.nix b/hosts/nixos/x86_64-linux/summers/guests/matrix/default.nix
new file mode 100644
index 0000000..f406585
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/matrix/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 3;
+    vcpu = 2;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    matrix = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/monitoring/default.nix b/hosts/nixos/x86_64-linux/summers/guests/monitoring/default.nix
new file mode 100644
index 0000000..71dea57
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/monitoring/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 2;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    grafana = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/nextcloud/default.nix b/hosts/nixos/x86_64-linux/summers/guests/nextcloud/default.nix
new file mode 100644
index 0000000..09bc775
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/nextcloud/default.nix
@@ -0,0 +1,43 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 3;
+    vcpu = 2;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    nextcloud = true;
+    nginx = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/paperless/default.nix b/hosts/nixos/x86_64-linux/summers/guests/paperless/default.nix
new file mode 100644
index 0000000..fc66f5c
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/paperless/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 4;
+    vcpu = 4;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    paperless = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/postgresql/default.nix b/hosts/nixos/x86_64-linux/summers/guests/postgresql/default.nix
new file mode 100644
index 0000000..663af81
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/postgresql/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    postgresql = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/radicale/default.nix b/hosts/nixos/x86_64-linux/summers/guests/radicale/default.nix
new file mode 100644
index 0000000..3bb36f9
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/radicale/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 1;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    radicale = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/storage/default.nix b/hosts/nixos/x86_64-linux/summers/guests/storage/default.nix
new file mode 100644
index 0000000..cfd5fd5
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/storage/default.nix
@@ -0,0 +1,43 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 2;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    nfs = true;
+    syncthing = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/guests/transmission/default.nix b/hosts/nixos/x86_64-linux/summers/guests/transmission/default.nix
new file mode 100644
index 0000000..e5629b8
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/guests/transmission/default.nix
@@ -0,0 +1,42 @@
+{ self, lib, minimal, ... }:
+{
+  imports = [
+    "${self}/profiles/nixos/microvm"
+    "${self}/modules/nixos"
+  ];
+
+  swarselsystems = {
+    isMicroVM = true;
+    isImpermanence = true;
+    proxyHost = "twothreetunnel";
+    server = {
+      wireguard.interfaces = {
+        wgHome = {
+          isClient = true;
+          serverName = "hintbooth";
+        };
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
+  };
+
+
+} // lib.optionalAttrs (!minimal) {
+
+  microvm = {
+    mem = 1024 * 2;
+    vcpu = 2;
+  };
+
+  swarselprofiles = {
+    microvm = true;
+  };
+
+  swarselmodules.server = {
+    transmission = true;
+  };
+
+}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/ankisync/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/ankisync/secrets.yaml
new file mode 100644
index 0000000..8e3d14f
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/ankisync/secrets.yaml
@@ -0,0 +1,58 @@
+wireguard-private-key: ENC[AES256_GCM,data:oJkwX64LSXAaGXvEKbK5UPVtgFbFZSh9EQD3s634fUR155TT7yxI2YcHd1U=,iv:y666pwtBDTF7DMWx4vJu65VEBnuPBDCirGeVkntmVyQ=,tag:OZR6wxla3YYEZ2KtNbKnDw==,type:str]
+anki-pw: ENC[AES256_GCM,data:CVZxqubgfojCeA0=,iv:Ux7k27srI1bMh3nBlGGkuimcJkKkmkjaNBph0X0o5vM=,tag:yUfVrCl1srD1V+3wXSbFug==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:02:47Z"
+    mac: ENC[AES256_GCM,data:bZ0SeyqYFrtn5P5lkuK1aVTKxoMVpN3+CHnvMFp+bIYW3eoDTEAey7otLh8psqS+0r9KnbsDTODTfVn2fX4xmRCI2bchflcJ/O6bnGhFjx0dVlmQXVzZg8LJe4+qvFxdGbwh5yXJnE503wdF5xN6xuvOBLa0Z5yOIsmd+X8c63c=,iv:8BXVbteOxr8ZA5Lo0sGN6JhFZF96gdwy2RjLMgfWPbg=,tag:pBCPHAUeleUaOCMJgGjx+w==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/atuin/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/atuin/secrets.yaml
new file mode 100644
index 0000000..3ae8d33
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/atuin/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:CBL7h5Ip5Fp5tnY0Cg5iRC2MKlPjh6DG9BRVHbD6wuTO/EAV7O/OpSXxxG0=,iv:WnBTR+0GwmUO++JhMd/2alVuIPhXBT50Qwc7Z9umVC0=,tag:4j5ieGF0gedQUD8SWBEQ7g==,type:str]
+sops:
+    age:
+        - recipient: age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQjFBcFdBNnB4M1NnT2FL
+            R2JJd0tKME9IMXZzdS9XckJGenNZNUFHaTBNCnJZUzlNdHlJbUdJeklSWDZmS1lI
+            MHNTbmY4Z3pvNmE1M213QlNGOVhnWVkKLS0tIGNRQkIwZklxRkMxVHZnZXJldlNy
+            STVlb2VUNlJqMktneTE4SlhsdEVLaW8KmPgkeyA3S4BI2zaU2QCcpAXrkG5pRMZt
+            5nVp+cIBVipDRak+ZmFWpghVUAd6J4rlW/U/t+S6mzRfP8Ni83zOsw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQkZmRE5YRlVMZUsrano1
+            K2VaNnQ0MlVhamx6TWtNWEFtTVczT2tmc0U0ClcrUHJJa0NLR3pYV1JhL2R4ZFF3
+            TDE1VFNVOC9tQ01ydVdGTHlHcDBwRlkKLS0tIEpVOVVGZVNMeUJlYWQzc1ZuSzR5
+            Q2c0eG9Jb1pVZWpVR3FzdzJXMXI0TTgKQ5u0O365QUiNPXsopBVSwwhVLyqGYp3i
+            16Kbj4C0S7tuRzOQObuHgd8zlvgNM+qmqQ7J1mf5VNLn57jLcfYgGQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:32Z"
+    mac: ENC[AES256_GCM,data:TQWNPos7lbjMFN3w8gMUBdik0YqMjW6Wa0qBPHwrnnJZvpOJqzKBmKK4boHD/7kvrOD3yo7RKdp/n2gAJBa0+atSdV6LLf8gFBPOHFa6YWEu2adOjtayDetQiCy8G9ygjC4x/RDt25SUC/+UbgeKuoMKsjN2lOZFe+/zwAYpF0A=,iv:6l9Ev9WQZQMrLhC26z6ydBmbBtQJpJHBM/s97X6I3hk=,tag:QTQVTjOz+R19xWgWOfWC2A==,type:str]
+    pgp:
+        - created_at: "2026-01-07T13:15:42Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTAQ//VjPq0XFqmIXs5IQqTnCCYVYYF93wOrBagxx2NjI7/f4B
+            pOi0v2a5DJyBAgntCLTCP+AdglEz9QvbFOcDPseFVukmg6c20YYaI9gsq4wI46JW
+            Ws3j1nHe8nsh6TGJEpHw8Tmx9YrNymXaiwMtpsCfFvEhKrauscSvU4D2WTR2XrTH
+            nMmLZZkeZ/i3upivrOIMlrogBMN0/Zv0Cb/LBW9ifXen+Rq6LieYuHwJjOtyL9Vj
+            gpUzqVNutBwlLpoDbb+mRMWUl4G0rVckB6CIsuoKL8YXZEflWF4xO4jxBoa9OIGh
+            ty5faencnlUWCg/e1NwdoD1U55Qu2Qclu3sfPh4eIdIjcJ4AOhWlfAvybiANiJJO
+            7OOALbo1/JJTv5cghVOtOhG7xG5g43WwqH1g9uV1cpUhvyB49Sg28b2qIvi4j8bj
+            zv2jMj3yceWstAmnqBW3CSWzO2b0U9+k8O4xUo3eJ7Qz1rn5rR1gfsYRT6o7+ev5
+            VFRBaY5ax/y3/hxCfvXHsi+ZkvKfoh9a0t2zZrSU9eNxkPNoQTEDqqag0+/+aIJ3
+            kesULKl1aANNlk7y2K/B3Ycwta/zSN4lAmMUM1v0H1TlgXBsrQHbv/7gvtrmIcBS
+            i5fiS4S3o5PEv3dj00LRHYI/mc/yGiwrn0Lhdn5unE8HiQx9f4o4iopE+Q4foIOF
+            AgwDC9FRLmchgYQBEACGP6RDBC9VrrJqwqXHba8GTgKvjvm1NdHVkswtbBEjTjRp
+            UCV19Tv1XLBF5jw9eom4ltTgf7PnOxvgadtTptGbT5/TzTPp6nFmAqjOwbyb9OZ5
+            VQ4vOyJYXyTokrPAAO1zVEFL3dWVgeZbaGBCD+SoP5I5MkHBTvOiNySZajjyMMzd
+            rdLwx0HGYHVqhYs9cz+kBitPHino1rFvgWXaWGOb7Oi1IrxIF98Qt/xekST7MK4w
+            zXzVU1KJBbInvOzx7wISSknK3R5TeN0WIxRZgADgKa26nc18UrzBggx8l0iach0N
+            GB2vUsiNRT4DlEOG6qDrA1PlYpSWvV15pH5yoUF9bhSWQCIxpO9BOEI8DJ3FnM1l
+            cjA4GcoaU/4eBQdsW7cJ6I6w/8nPHQbrCjZ+XHQ+a6n6RBK6oNdvj2fnjXy8KwV9
+            o9xd4w0ogDoN6h3qjlUxmYqTeZOw8cHNRVcG5fGNPg6jkZINqeVemh43sjeSt0qu
+            fMum7u4lFFrUElJasFec6SMDPgssMf+9VKpBDc33+hiY/g7i65zeTbfFMojBmt+O
+            7MFSguUeQZi5ULxj7FWXLdpnl3nfXK0mhRbuoG071Byo4zMUfNVdeTInKlHxRiPa
+            rgXqrAJHoWngo9AKuNVQ8VaSE4lPCz2yrmsCHNkRkmNuGwu8lJgLGSEIvzXaVtJe
+            AQy9uc7cH1zjV/t5MdU8AThSyWnKCp8S5yAAaNAWc1zBj3xrqXuzTJurK5EbwGnt
+            i/r6xnHZtVW03VXM9KU8VvgV0mJHgEiOu5IjLpGq/16b2Wt8xBn5FI/a7hsO7A==
+            =DDOY
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/audio/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/audio/pii.nix.enc
new file mode 100644
index 0000000..c6f45ec
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/audio/pii.nix.enc
@@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:wIROKHVWuV052x4k858oCq+xZnub2DyGwVWEKbw5lwvIbat7q7GXawrYlX2owKXaPUBGjOmktOHdXIlal2TVvO1+9cXleYtcEXBsK7ifSfxTmLzDa3aOR9c2jqFehvxUlZ0NdFcAbvy4dAi+I8Olt/29gruDmRYZGXLUb129FeO2ugdzpNL2nAg9SAR5p+QWpo86TwwUFf2Lsil0YBBtMgdVVjcPHk2CP+BnZM3PNNqh+m1fU09BNpwTyXw0nEsL7L2eMYm3bjP/A72WqJckugdX0etN9ohqs1DdunQyuYnfOeMVMYlPQKQ=,iv:O4rR6PXzF5gflvcez4kjdPr718wDOacAhxVVMvZFKQo=,tag:n4xVVTe42NiUx7Gj/52mwQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwajBWMFFQNGkxMk1SVFI2\nakJnNVErdEEyNmliRVBwZ2tYUXNKeUVRU3cwCmhWSm5MbWlBaWRYRzNXODJ0QVhH\ndjNOVkNFdlZ2VmlMTVJmQzk2MmUzc2MKLS0tIHlCalVTaE0zODlzdUlWK1lHWU1L\nVm4xWllJeStzekwyMVlqdWxhY3J4NVkKgFf+DpK5+ChVdS9Mz7Xi5/8hk+IH0BrW\n6rMWdhK4uq4leM2b9UjJf9JJSQFj5/ZDmC+WF2naewVFwjM9B5rQZw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRTBWTi9yOU1icTFpbnR4\nKy9ES1FpbE5Gb1FTekE0aHVyYWdFTE1GUDFnClpCeDA3RnBtYzV6YlhRaEkzYjIv\nQW1GZHJ4b01ReFIvbGpmU2hMMkxXYjgKLS0tIG5tZEx5V1BnQjdIdE1sODhhOHor\nbFZmSy9Ya0FlMEtxcXRtUGNlU2VjZkkK4/ejnIqhbdC8BSDVrW2uw/Xrxh/lzX5N\nB15g52lsvdCbIrUdHzdXQwOQuqBfQ67sHpUZxCHoJvojQuc/dwB8qA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-01-08T08:04:51Z",
+		"mac": "ENC[AES256_GCM,data:xEn7TvlAZnYUuWOoI6e5gB5lNYC+xAmmRNdPis+2m/AGNhH+++c/hu5xfLTqYOMXfs1QhD50Y93xXCT9C60J38cFRjnSO86NGB8hITYLVVBVMCd5LIhYoAhUnwg1+6bZ+gTjvY+sseh7WJ1dbfLMa7liWwtpKEY2PbioekKOnjc=,iv:X7O1YAaFkB/+aKd+EP3HK9JHJeLb6jRTCkVKLoaNlW8=,tag:hydcLTO6vj6TIS29maniaQ==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2026-01-08T08:04:26Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/9E5jKJGSxjC4tTGfMXcn7y0WeP6ieFqFUev+wKhv2Ko8Y\noODbbdmsv+lGF2RfgAnOUdZ5TlKxueMg3npLlSRDxCPretpkOaEjxwuhTkRK69O+\nZUClaiL/LAg7iVq8LSo/gDH4w1ObXPB/wuSguMuEqaVyqJNqIbOU+kKCy+jSMwoH\nc+65puznN5jUYd4mPKgoY0mLMYxuK+RBmRWMwDwLmRvm2ZjOqx/mgv1zdb7LZOfX\n4z5XRFfNMPV1qUo0tGC/KBxAXKie13qJu5diAZTWaqlf0s+rhZWCVdqlyEWmI00m\nUeArRnw+23uSKQgHOJ7dlqNiSCRdoKtcH1XjyQNfGMTYinnWQBSvHYuA5K6mTsEL\nQ+flp3jLj3AxlIPn4cV9KX5nZtRluSlnA2V3oY4U3amsFeJ1GhJ8+veNxd4YcIyj\n2ZY8lLfCS9saVf2tAWBdKjvhbLD9k3pTUXLNrbknAZjoVzqkkujUfmkg6oOyb4JK\nO1Q5h5EFlRyIs281iWR0u3kLyhA3Xi5s1NZWSGd51E9Kaf1y8wfGMK4xC1r0zBAQ\nMwOJcrNjlNQGfKdANkWfjnOC1RmGELJ9MoKR6TBDhtamShrdNRatFWxsPo7FX2MT\nzy2xWPx/yi/bbjjj98hyiKI6n7Osan/DQuxC17B/5FghjTXjO8QxY6ueF3Bj4l+F\nAgwDC9FRLmchgYQBD/0QnAEJRsUnyknJ+csmzHaLzYOVPXNcEaftkMLDFSrtFT5V\n2TLARxyBaOWCdszX1VnMNrlLfdMLzGO7oX2GnwDrR/K2e0m2RZ/Nj7InWFhatLUS\nkCdrqkeJmOTNVqN67jycCKthfiSp12sYjR/Ib1l8Yelf8NlVr51ULUlonaRcP7ji\nXr4UNlg+012M5sosE2HRx1f92dQWv9we9t5ZQz/y9RaDnOlx5jgFkOzbTt/JSYHK\nEoYNLfvzebwwsfuZU9++Q0TEcAQGJ0vGoqx6ijb8fHZ6dlV/PLZv2G2aFpr7A2bI\nXhgBT0e1HPR/UsLy+iqInjTNELL1DX37DPYrwCgMMQqtCuFOhm0PvHxWNHKHXYLo\nMKN5dnapaNTKbjaZxBjCEv/PGWkiYo8Ho3HAPrI5XAfGfvOQQfpNQI/vdFZ2YxjX\ncw/waW2gPkDz0UlsUeAo1FzFsu1esz7P1BIX4Xm8v+dplZqTv9rZ6o7qed+0vka/\nWIdHvYgcaSgvzhz6W0NQqGcOLaOX8pqYJ72ioEjuwXZjAaY+/ZVkoYeFHAa8Ujzd\nRvv7nYA3WQknaOeUALruaOXZUMT2fpxNylRYaGZ9sEgXbyTh7TI5x1QssTJoNGmI\nxYA/d04CAVGBvqMMT0n0TL/QIdAMfyO7iKNhcjaakgQi3CMwYxMRq/NkgZJxQ9Je\nAeG/i9KsMknPTDNndFNOO/omjosqhEOA+FxeWWbT+FHdtxvPbVvKHBt9+CBIYDru\nOca/A/eslrtYbiJkBaGzrZtskPi+opIf6Nrn417B8fl4q8QtaFK4ndq5B2YYbQ==\n=XdD+\n-----END PGP MESSAGE-----",
+				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
+			}
+		],
+		"version": "3.11.0"
+	}
+}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/audio/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/audio/secrets.yaml
new file mode 100644
index 0000000..4c058cb
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/audio/secrets.yaml
@@ -0,0 +1,58 @@
+wireguard-private-key: ENC[AES256_GCM,data:9elXuNwaA1gJ/KtVnlkFbovrDGmPUfiUAlzejwRzUlCL1nL5klXsjn5BUWY=,iv:38u4rFzoidMYBhEs4xXeeJH5RgnpRqdKKjbuVU3d1bA=,tag:HJqn/RqdSh5zDyxwBYST2A==,type:str]
+mpd-pw: ENC[AES256_GCM,data:prKWr8XWo2jc3DBwqMcplwS5tUadHx4RWQ==,iv:jmUj+89dCc3cHjejikTfYIXlEI1K2/Uy3uSxzcx0wbk=,tag:/hXqt2ZH9pU0IY0gMmPl+g==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:00:54Z"
+    mac: ENC[AES256_GCM,data:QMkeCVeiq7+b4ft6ykag3VO5FDqIQp0hsBTnSEduYiA0FIR4QYmDhGVHUipUSZH/xllflxMv/CXNQqtW852LWWy8PXn7GzEXn3nEjRBZi89sEOoh03I6SfQMDWYR5wjKBy1hL7e8dZfEGONZobViM7U9YynEFqYpkvd1fK97DB4=,iv:MbchKNzaDBMF/YbBxkEUwxA0Uc/+fju4dgl/28trVV8=,tag:VwfuskgULOyBdJmJ2LCVxg==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/firefly/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/firefly/secrets.yaml
new file mode 100644
index 0000000..8be7ce8
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/firefly/secrets.yaml
@@ -0,0 +1,58 @@
+wireguard-private-key: ENC[AES256_GCM,data:PGK3JHj/xacJgxx6Ubwz/3bQlE2hYQXM6A2LvGlI+MeRzdLErTcZ4m0jJKw=,iv:fvDsmOJGvKzfoLhJzx6kab5S2kPQ+YwB4sXG+I4baRk=,tag:i7hHSnUA2n5fj4YK0L+9jQ==,type:str]
+firefly-iii-app-key: ENC[AES256_GCM,data:Wu/gr1vzVcRXm96hTvSO9bIRsvZ//2ZsTVJ9igrPU1h5dGV0fkI4rwQfb+5zhy4f56Na,iv:5+c0DYC0qVNRQMwibCpWfN/ZIiDUTtjXhKuZxMq+qs8=,tag:Jx2axAZr95/EqvH2gl+rYA==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:02:26Z"
+    mac: ENC[AES256_GCM,data:lqey6BT0Wf/manMLp7LyApRqtnerCHrPndo3w/9i3GBkpWeas9JLx6+sXZFdodc3tLjA00FF0MLm0sjDSWSz3fDfSclVNEYWUdrspH9W0a6p95GAdclJARna9ncVG2pn+Hk1QoD5EjEhvOayz2A7e3yIO2aBh8U6coc21h9L0lo=,iv:n68z6eL9UYI28eBJzYe+1QLOfkE4Fba69VgOCnFVELg=,tag:a6jli1+cn8s0Mlg65sVy8w==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/forgejo/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/forgejo/secrets.yaml
new file mode 100644
index 0000000..1b59023
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/forgejo/secrets.yaml
@@ -0,0 +1,58 @@
+wireguard-private-key: ENC[AES256_GCM,data:2/usWvtboQJ3Yc5ixT/7ZUvk74aZqYr7ZUZVE78jvlSZzfsMrXWjWxC0Bug=,iv:4nwdd+4Cr2Kjbia/5s0f2C1O6vyaBxQR8TUSKyAqJhA=,tag:ymJLP2d6SGgVsw52S7q6uA==,type:str]
+kanidm-forgejo-client: ENC[AES256_GCM,data:0S2Wt2/hP8e5qMXgI2cM3GApWoQ9pEHwiA==,iv:Utq8Q1LWk0TefpcwhSvXrulrgslCSnPanGGHSMPi/pA=,tag:ou/1y+DtFi/z4P54zzZ2Uw==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:03:05Z"
+    mac: ENC[AES256_GCM,data:Ko12SPrZ65B+T8JIERI8a08uN87wwVndIweIxbr+TkcEsRyLCPziB8tMsTGtDIZkTG7dJywT/SeZ9gqnMgiH9mvsk7Uqi0hrmEf65fsqCVGTOi17DBRGS2rwbXkEmT3xiSL2LSe6+9rjlZ5B9ZUfO3hdhw+jy7rSdcaLu7R8LL0=,iv:GPBDabdBLbCYuKr//XlC578Mpw9LGJ/gM1etek/PtWI=,tag:5/qXhTCHxiCRka4N2qYVzw==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/freshrss/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/freshrss/pii.nix.enc
new file mode 100644
index 0000000..590bc94
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/freshrss/pii.nix.enc
@@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:tGnvFaZgx1Gi59DYlV/4+VswuvBY5K/XN6yomaFk9AnsslowtKAPKHyH5dM5rqe0n+Ua7kI=,iv:qwXybQUGanHXQXzDU+jJn/FI5mmi+PNUOCTsh97tmDg=,tag:jQtXaFNJL5jeTtSodMCmiA==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TXJSbjhWcnVqaWlKV2M2\nQ2lNUW0ySkh2TFdLblhmMWxuWXhJSndFc0ZvCmkrRnBxT3VRc1JoQzMzWUVHMTlr\nc0N0R3R6SzVwOHYwQXI0eFVOakdQWlkKLS0tIHcrMXBBS0lRTzN3Nk5YaUhxOFk1\nS3FpRXFQRTBNL3hRMTdlSlFXSUdSQ0kK3OhWMXUSPhfADCmiuRfsIv+GJ0SY0sar\nVchVKmqPjGg+ALF/krwjaIcE2zrlK2tsngGja2rO5vZ8YS5BFzVQ0g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeEV3YXJqaCtoTUtVNzho\nNk9Dbmd2bmNXTUx2VS9rNzVhTmR4WEM2Q3hBCmo4QnlMN0ZuUHRvUjhZTHdET1o2\nTmw3TUZTMEVCMGpja01TSGRCTTExY1UKLS0tIFAzTDIwRHplNHFyMkVmUjVxNjNL\nWTQ3YWRkVnJoWGRucTJHaXpHMUN3VkkKFWSY1u7Ksv7SO04f0pzRYSk0GWz0lvXv\na3Pd+lGrH0q3CX1i7beq587bNgqxTdDlWzsSQSAxWkacqwb1eB3KAA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-01-08T08:05:49Z",
+		"mac": "ENC[AES256_GCM,data:sIUIH1PfvCnm2nlmUOCHX/CihlLTcNP6PWCRH3tqpwS13uYF1DHv7Km0DiZJ48YOBbCiXNwEVzCttem+BXCvi0eDkqUasAIjBOmWBp+W9Z8bnDk5luztxLeb6OKqO5/8rrR+bXgb5Z3cRiV4VquVMA0nOkHq4f7HvQ3UyTWtJTs=,iv:hmKYcWSfdnI+mjUvH6zO1PP/wDj04H454arzROjs/tE=,tag:zY+CBOj2DNRhKNkdwnYhPw==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2026-01-08T08:05:35Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAmEfso+foaYdccWYWrumexWByHdZHdC2PzyiIWWUIddY2\neXifkUu4/x5lI2eRrAGqUTJqbtwlMloq4uUcZChkTRXhOv7NLLstnE6PAfhsCOOq\nG76DjeI3cVQnFdIP7krTHPyZYBrk/iq2KAh91EDYQnmBBKy8RT77/b0tzyJgpKOp\nIs1YqMQfP6RQJeDJXFGJy+KljTsyn6lxRjQ9Fa8N+UmbZjX8QW8ZNU+Za9J/r+5u\nlznZ/V02jB2tRpOOnJSORrLMy7mIMBN6j08hbb5T2dcHQUTnz9VEJx10FTHCY43I\nMFGzt6Etv1Pd/TkGQILlY6goIeyTzvlfa2Kd+M0N5YzA64MBhOHCJ00yB3rIAy0R\n5a6BWl6t9zlU+YxMTaC0bZdclBp9E/4uDJBVHWcWTRHKgiYndFbIq0uc+FUSQnXQ\ndXM7f6wSLOR0Gk8pUXSGyoi8rTYri5DKyVeRg6H0JddIkEKMLBx7UD9Z1u9kFpTE\nqlJuYip+95DSr7UbE3WSuoFmX+ZHv2XCK+rW9k8MNYu9EY2VbE+dmHCytITpdrlU\nJyAHfIvzteRm9Ub5KyYkZU8O2ARfP7V49p4IGZDVPM42IcERbpmYUORi83e3VlWt\nllYrORH/l4qYLd6LPQJVhPOguNlHk5GomWo5ozd1AQWmLXbX9E7uG+zvo3QVAgqF\nAgwDC9FRLmchgYQBD/0S7E4be6vcAb9P9WfwPWiYR2SGa5qZCGsgnXmroAYft3yc\nxFM0T/NP8Q2sFT4DU8rn06jBQnKG9sb7hIfMTOTbBzrERQEPwNOOlhRMesM7DlIi\nHG5VTvkYk1k3akYjk5L9WCE7GMU6ZUb93K3DamESt1bxwdRm/UwrcgdbEu8YHX4c\nm7rLg9T/f4OVojMh/gKZ9RrwkpZE+d769FSOql42gTLheYjGWarntE9TMFZGnOZ3\n5KTvl8AfZwN+j7/LIu/6EtMhvmHy4UHNR4wiadY1ONQ1hlPPapBbFdayy6ap1azb\nK4e1vYFOj+8FnDO0TUGidZM7JUoOSb039Tc6lcI6qc5dtusQTJyD6kBX7BJq+mgU\nCDbgMjmLdSU8d4nTHB1KWZimIDoGvste0+sF6f4cBHfYW+QzqPikYlw8TdZvRQ/1\n3Q01dEgg7LrgNBjMSUZvfaYYkcSz+Uqkhs0vq65XLmAMfGKIvqFrqPSjRuJ5vQV7\nByrRj+rL36th/3Jew25sBbR4RIjo4otfSWIga10epijVs+14D2g6c+bKPf3vk6ZF\nT04KP80pLpk7zTlYJI1OqxJFLMiONZs5LxHdfNSMFGw9euHuODQVPKZBE5c52KhQ\nn05tWLkOBzyiiAd50fzaVQxa628VBhCHFlIG75ZC+wCgV+urFasooBRoUhxAntJe\nAYhJ1fiT5W/vhYZy8AVDnidVPv6EpZ4DwF7E4wm0rx/Vy/np2jXiavraMGEL/m4/\nM62snldKaZgGFc6K8DTZdbrGBGySZ2LvAP8QYNGckQ5CW/5CiCCS+NEqEVKhZw==\n=FEUR\n-----END PGP MESSAGE-----",
+				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
+			}
+		],
+		"version": "3.11.0"
+	}
+}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/freshrss/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/freshrss/secrets.yaml
new file mode 100644
index 0000000..b9b6f62
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/freshrss/secrets.yaml
@@ -0,0 +1,60 @@
+wireguard-private-key: ENC[AES256_GCM,data:NrUaY1DMA+fOLEZ9kPJmrCIHUDZxg46XFjcxTkt2Y11WOTl1ky4BYEXElgI=,iv:VAPVXRtIsHQX2DitGwy24dK+9zq2IY0nL7BuZvl8xXw=,tag:bKC4BGI3CDl7qhM80ak0GA==,type:str]
+freshrss-pw: ENC[AES256_GCM,data:nOwhGTTUN9tJkU8=,iv:6urp7o0LewW2yQep6LGEWUn7jxk92pLClOwWyT416R0=,tag:5V0xDwwjeEdIlaU0qNJ9nw==,type:str]
+freshrss-oidc-crypto-key: ENC[AES256_GCM,data:nEoIHlKXpgKlJ1iFKLUdb6QVcU8fMRoZ+oghGlrnH1q39HjBrNrzmA==,iv:7LWlVkeaviBlsU6aEevF/icHgROR4uThxCD59txUmTM=,tag:P/+UQHHz+t8BckaWhjKYig==,type:str]
+kanidm-freshrss-client: ENC[AES256_GCM,data:BTPaUyI7qrBpiB+0zQKJw9odT0fRLc+zFg==,iv:9u25+thsHm+0Ganm0z5QtsgFBGccpAIPQa0aYqqHkXA=,tag:cgCvMIs7jUMe7QiDPznbtA==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:01:49Z"
+    mac: ENC[AES256_GCM,data:+RtsIjA8DXxCGeTqsb24DQdP04/8oEvviiYp+SSfvCiUL4nu/WkAIAHdcC+Gvw379vnq1N38JPycB3mQbyabC2lUJ85oEMmfn6YDdsoIxvdDuJuN5VGhLkqXdwgkfJZU+e1XUDkGmAalWeNFTlE7i51qecVevdjPf10YW/V1QZw=,iv:TEYHADkS50xgUCQ4ftWv5YcIqSX+cYgeNbPxSbp0+fI=,tag:+PoSBjFfV99vOZIkNJaXcQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc
deleted file mode 100644
index 8605563..0000000
--- a/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:pGWiWA==,iv:sVpYJiphhvVPEo2MUMnpjlJmvf58/UJTTVVdU9dpqzM=,tag:2AsQRCyN9Pc/hnqviCo43g==,type:str]",
-	"sops": {
-		"lastmodified": "2025-11-06T12:11:19Z",
-		"mac": "ENC[AES256_GCM,data:NBAgy3MNd+p8Ih6v/JuxuMWgh0k9xj5Trg7mggBE/LrxfCZg+BpbhYcmAw/FW9Du5gq3Pcynnql3dqwKlzHEtkEOcI1MJSnBSWexgLxwEtRwbTJVOqEkCxby6dcQ4HWD1ZZnwa9Q7Cg1vcPD/yZuzVUH15mFHic7s5M5Xzdfu/w=,iv:tv8CFuXJ0iqh/Vho7vSoOpfhcGfCElMLWNvjxoE3fMg=,tag:pGP3CjKFFm0UuVgSCnn4RA==,type:str]",
-		"pgp": [
-			{
-				"created_at": "2025-11-06T12:11:04Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwZd6dmNcZqOWY7Ro6DXCRAD2LJuzR0AA26cRRzPgTPcw\nOwvV+Nh3hBWcZb5qkjKysZKGlIxzs4f02dKI172vUyIWQ6P5skygOOOpbr9g5171\nY0XTrmemesSKNfoUhsMFMCbFUc4HUxkUK7zadLk1AiBUqZMIFtx/riFMUBS2qTpR\nuLWiebt1Dw+rwcR8rBNxXPbeclm7322YOQDLUk4sHfi0vTvn+3sfGkbJ+OcJckoD\ndjVhWFqGUAbbELoR8yHpb+Ps6RYjKRNFNros9Yx9zQ18512gxOpRSzm0MTkKFyrz\n1UYVcv4Oz4W/e4nh1z2/re5X3l/HFUzwBG6AUTrYVuRo580kkZvWYFxHT6R+goVC\n5dhkqZpowrGpDIE/C7hKLenFIcOl1Nw5wgJ4Y9EmfZzorUnjJqT1Et2b2GU0hxvY\nKny+fiDeCfNdLzJejSNNg1/whoVmHbw3Q2aBJP0NL3nmNvaykO8RSA8WmzvQa+MA\nXweflh5G9lXOdH2vwb6EelOXpxlTjI7K/43Nbw/SXf/e1FKYK5l6TscyGEcHpFux\ns4ufYkCqTgxdKZjKwh0vqbdmbPUOCe/jqBOz6s/L/sR1/+8c2iIs0JVZd1VJSvDu\nIdfDfQh4wmso8L0qpjWimmkf0Y9itLWZo/oyioIqjVQ9+Daj2mvMkbKcSa486b2F\nAgwDC9FRLmchgYQBD/9lVmkHkPz5pbJV5U0nL3h/xx0JSyt6YYtLDacW8fw135GT\nojHijHvJAd1MqbNv391LcsZ1jtnUawNf6GAkr649lRuEH/WhNitXq20Z/06v5lwt\nGDhPMMf5uh+Uwgjxbeg/PFeTKILS2VX0tjJ8yeos2jNMOrmmwIg74V6mJk03E85K\nId06e2qNjzWlESyWOCFkfLQfSOTajQWmGyil8vNglmjuZdzLSE8eL6nA0hePnfJW\nOwewWcXEzHeeJsaevKFBBDpimAqi3XbKasQbZNSSFlkmw0vzAWKw5mzcdTMseae1\nLafjem7uw2epr4HIhwCZ47pCFrKcbweZMuUY557SomIGmv93OvglnZC40AYkJuNU\nIAVwNc8W/pd+jyiHh6tMlXfQ5/n25AcylDcacxxalNcKI0emNC90TsFc6wDpLh5D\n+R6kJ7GK8tI5BwIwtGIQmFsRREKE1x+IYATtKwQskb0Rng/D6eqNEvs8pjD1nGO3\nfNTG9G8PgC07TXSKGcNGytZy/GNSW9mnFgDgoiqh29bgfoJfSTWWvwZlzFXdWm0c\nzOiV5JSDRLewaqzhsQ/etms7qJIccRD7WcvM82x7UF0VYGd92EVsZxsq2aSVlMob\nCsxNXxij3qqNHdFgUuYYDzFym3/zmmi2wltPOZl7qYMhZI9P6wCsvDpxlFv16tJc\nAaBkBf1oOnjDvJm5i62KCEcRUmphKOB6Odr9/VHkAtgjPdWCOyge7ktbcwgsPw8L\ndemiSrNAglDX9RnPST5ggShZWn1Ik2mFfocCapvGBi5Hj9I/4xG/oIKREYc=\n=Ty0h\n-----END PGP MESSAGE-----",
-				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
-			}
-		],
-		"version": "3.11.0"
-	}
-}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/homebox/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/homebox/secrets.yaml
new file mode 100644
index 0000000..57e3bc2
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/homebox/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:uDvv70RDyd0DEA0IAowsBLKew2k1TzMPmrVmIW1ZuMtSYxpstq8x5l2MPN8=,iv:02HfUl4lUkhlBzgOfvv+hRoyMMAaGcf9PooRAZzgjK0=,tag:dL/qhDLjzMP/4ENUcF3WHQ==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:38Z"
+    mac: ENC[AES256_GCM,data:4ZeARGvSyuzNT2vFJ9ou0JeZ9wyTU443BLHINsEzchHDCB/xlMjhrt9N0DIX+EfkMZiRukUw5C56HNgBfD5uEBgt1lbdBfLQOnUgVlP3EC7HXPZXYEOtS9kj2j2VTBHnGFOZKDiBVgQNJkJ6QBmJtx2rEwQcCax3DeHO/RyLleY=,iv:sCrpoKKTN6X6GoxPQvSaCaiY3b4o9QzLWCus62ltLwk=,tag:kN4UXDS68/OvEi8ZYafLFA==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/immich/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/immich/secrets.yaml
new file mode 100644
index 0000000..00948b6
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/immich/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:rTVAsx0XyI7i1coICpFjANV6CpWSjDTlvdOxu1yLggei/XZKeRuDmv1PsE8=,iv:P0S+juvE3LswavDMPpoxUYkKCzGlYaaEpIg7DBwvoc4=,tag:hIrOXG4F5qkK10VIjtiggg==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:39Z"
+    mac: ENC[AES256_GCM,data:KYqOMm6Xk04/1nwEXaX+Htkovwa+RbHtZH3Nd9S/K1bjdZZESpka7Kxib+mf9ezBnTdJTBzwacf0bgQnU+rpQWxBvWz65K8RAHcJms0JoNYEPWJkIeG9/KdV2iefPcml5SOFID8Xr/KpISfnayS4CGUWRFU8DyDtb30g9DQ2Peg=,iv:3QT6PqinySd6lUWBNxpxBxsY7VVmrnFqUxjLbsMMYR0=,tag:SLkWHWnnxNn0j+lnGnJGeQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/jellyfin/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/jellyfin/secrets.yaml
new file mode 100644
index 0000000..9f10fb0
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/jellyfin/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:5o3vhdHriS1Iau5/wS/QM2IKlIGn1Aua+M9blroPrOgfBWLtLxzhBcAzJ/A=,iv:zv4ZvP5gIJ5Y1dC2H0AqqMRIGFE/QJ8ztp6yG/QfDZE=,tag:W6BWuHk594xqd6WwEN6n4w==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:40Z"
+    mac: ENC[AES256_GCM,data:Ep/6toPN64tEaCGEnO8dIUd14x5JB5TSfw9A5J3KFkhCAhCoMW29yzuqHMy7iBRwS9VqJS3R0g7SL8x6dIzsHmT9sZ3m0gihGZsM9Psc24NOi6iWfOLyNApwTsI+LhL1CEcspb/quvm4Nh+xSnYXhap+3+rPtMGpyVtgyNgN2eU=,iv:zhi6NU4lPOJ+X5KIbVpDS3mz418psH9nu8qtguKQ7po=,tag:FjePycuZddog47Wwmu94wg==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/kanidm/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/kanidm/pii.nix.enc
new file mode 100644
index 0000000..a3d55ea
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/kanidm/pii.nix.enc
@@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:C5d6taSxlSq3lOQMomUiIHWgibkiRuDYRSdmf4vJaSVdXcpEU5QfKsebaJOhRm4q/Z7A4QVb5s3NYeid0OTrAyt8hwjferxNMQpENsW+biIV30+c1u+B8Ft4b6kHO4B0qkDaAg5aFXJIc1hSGz5AKzq1RSkGH5psegcvKUymi7vEDusmPSKeesYHXMmkibrpRaZ4GkAScROFA07q6+3Qcn0unf9NTqH3zaAiO05IcvfetLCzl355BmQbiCdTZOLoooavk082oxzfKlYomgxnHaj0qaxjxCQ6sju3Bl/EsVdoRbAN2JloWJzUyGztVf1rHfTzAuswgBkj+VOmTajPqKiUK8oayL5FoCvHsZW2EAFlTCGsxtPEizqEAA5eXLSpWet7JleVTDh8jCCz6B/uonJDKi3SlE2b9Q4Pqm30c9kULcqSHppBoEdPF7wXCIcVCg7X2DGdAcjzi/UP8uOVHOt5XQEELRH3qXLQnVq1i9CtjRZADyBBFTASMm8WBySHIq5igKo+NdxKR4BxXERjTFmteqhBT4X5JfyUKc0gOkoN3OEuTgfWVTUATiLBJlGx5gUMWusfIPwog0g99D99J8PWJsrl4qrIH49Ns/QvNxEHUBXgdWvquZkfOiLMdjyapG+4yXM6yESz7+I4zGb7IC3VE4WPQAwpIzoy/wsioou1xOKtkFNX8fTszHY7GnkJVUcSGlspFCMLtF+zr5c1kEizVCEbu35i6gpP9+INAsy3LvJIFF4iegaSuD2jmCCpD3dK27B9bbwEHwrwYBHKexVlrbDrtcWBQSwB9jKTlVMhK0UbQU/+2yZ2/OZEgcesAl2q+sTG3hctddL37vnFcRR7FNvwGyEWorn+N/gpa6gIaZwCIzih1eHeraLq5cdzhHhRUtAbnBscfPntKTPOu7EMb/y0F/cGwV9iX/BSy7pbIfaiyOoVB4snyrty5r3tEi9ujghcqi7GObuySToGhJmekQbREUnGG6CRRel/9f0326FOCsiS5MEDXiaqO5mNVI0IcMunSnf9dGlwNAqi6B5+Zifrv6PPfi97LHklGjoLxG892R36lM1nqoU1VmEJneP6mmCJ695bTaZT8mUmasvoJJyhz67xrhEFLrRVl0gd8b5S4eXlghvP/WDBLd1mPe3uKmFzzqouhIO/JtbkL0D+IZWvdqShlGOWm+Sz17Au1YP7GHMWR20Hc6JLTVW+LMLk6UThzM3TnEgEyFgk6Xc5HsJG7L3Jn4aVzI1Ye3m18sHB1cVsWS7R,iv:sgvuk9gDz4fAzPae/pTkIklwUgI2h060SfBYRwcnzsU=,tag:cOUYD7HldKqLL8rxPElChQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUUh1YXJ0VXh4UHJkWGxy\nNE1nOGtnZDhGRjVDdmhTQWZHSGhWY3QwT1VFCkU0QkhicDZpTUdDMjNGY1NqR0x0\nYytac3ZZbHArZjl4MGZRWGVIQWkzREEKLS0tIEswTnRpT2hZdU5sSUxUcTFYMGxR\ndE1DNlh5c3g0NXorZTM2RUk0YmF3NnMK3JvfEq73WuuzrAXPbR2BB4orj39P+KU5\n0ICepOK4GXYWXbmTDqTb/vn88uB8iaTl3F93Wv7VC450miouEYmcxA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5elg1N1NoMDVXdGU2TzBW\neFl4K2E1dXlWZFlQUnhSekV3a2k1ZjNKYURJCmFZZ0taWFJuNUlrTjZvTUxTM0Zo\nZEVNcDFvdjhBN1FGRkpNWEE3bHpHM28KLS0tIC8xVFR2czNqd3FoREZPRkpqcStq\ncTF1dXJQWHdEaVF4YzNYREFZRVpOQ2MK6XoP4eXUJr/eHh9OwPoPzeYvCT1yAqBC\nY3Xdw+crV4XXR9PytImJua6j+eHdCeB9qPyHFcJOB0oOhhae4XOjxA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-01-08T08:04:16Z",
+		"mac": "ENC[AES256_GCM,data:QNIiEvJR1UTFt2Rtk5GBl8ALPx2DvSWUhl4Q9O96aCMTbJt6iwQpisGN9O8o4m4a/nHdeOV8auxmNnQ16j/HhPLwv6cEwdfvHcKZcB1F7e1bslBufA9hgcAnkfng9nbMIMmn6RbCF5vFjcTwCrNYNQ4QqluuuuSHrA8TQ+gkiOE=,iv:vmOsmY90VjkCULuorn3sKxn+JQKNXKo5INax66xa0n8=,tag:nIYcopB+0C5hkzvVao6Avw==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2026-01-08T08:03:56Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAzdR1BVqaHG2eDsDqPPCEA/jeKqAW6claqA7Ggx/aEeE2\nJlvka3MvrBS3YT9rlDbks/bMWoWeKWBu+dVW3lsMJEhAPhmJ6rWUg+13BPQWKblj\nli7xFqT9EOtlea9i/xZDDY+wjRAtj54dNZGft3X27IZLgWxaKMjxhmoqCzHk8Erk\nW+2Lwjfrs5u3v6f3l7DafzMr2uEB5QUOsLGvvEwW3pd9SLinZqRMqGxkRHjhoppD\nB9BEDQmkWFpm8QJWvlmixpgCVKYAB9bwyjmYbXvzpMS2Of2tgDcMTu3EC4Rkl1z5\n+SyImout9P8/ns9xur1u5NG2Ib8r3ydH0k3tmjTHtOl90P7jqvB889VpHXGj6YVZ\nCpFsGV7agvdG7LpxN2JdMouDirve2OLCukTc9Ksd8Z2VlFdg3SirEd3t57FRPxxQ\nFkV/iCNb2ajbVCNcPQzbtdCVxNg9xA7NKsISkGIy2hOnixklWRDYuagMkokx8PNM\nGWUAw3/wCFb5ugF71NQeuolpaE15cWoy02XQ7OwOP99nZS9ldavmQkTZkhcR5OeV\n1ka1/UyhW3tccWf45K9rCf+jVqgyhA4tp3u5wGfA/0Xj/7JeKCqzlhgyBwLPF3Ie\nBdjrzmCusU/HMnp0PphxGkOqiPkeCg0UkWVp/duYvVLaGr4wO+GJiCttSpHif0KF\nAgwDC9FRLmchgYQBD/9BeEvF3GN8Ns6cBfWswbfl9eY2XW+AaFZO8pRFLQshzm+n\nOUb3riii2LuPdMSKc2UkkdJugLem+QuRnf6fkoer08itQdP3KNYYS3Kr4M4aQwlh\nqPx1pmMSS25RFn3SlhKLRZPvK/x0zq2aiwkcoLkVUHgnwTbzerO5MLVmkvwlfokq\nPzwv43KzLCeOQOEMoalSEW4ljqQs/kziLSPHZdoTcsNx50vTpCl4P/cFdhugMbqt\n8YZzQIw9KTMcT7YXT2y86ZzZKXkfqpX6bRkT/JiDjp8iLqj/ILxUEiHjANQrQGSW\ncYOY52XTxdU/WVjfefzP/bnTz14Ww9vC99QQyZwgU+PgV4NwLP1IdmpsGZGQFlHk\nz3iDdGvB905i6Oco+dTBBbHRFUvIYO/PC2oVsOS2eua/IkZhtHIz2qmiC6RJHETh\nvBTVInfcz8PFuMCo9rjbXghy9E56RuOy3qVqTtypFrTzGF2hG8j1+s2ygCIYokIy\nRYHDZELy2M8dtgNNQiGvYFFFK0+Ww9K3i2IeESxjQ7mkCGVIiOadM5J1tLlWP9uf\n+ehkZPvCiPWlL03rz2jXdcufqwbcT0SMdsN+iq+a6v1YEAh639gD3kmM8Bk5W/AO\niMIxmRpnszvdO6sdZsdjcxtlm1mwPGixImVoGPWiGElXsx+hgFk7VYwrMqePetJc\nAdy8BhEL0rmZ8zNkZ3s11shzcGFxnI8DU5a4anK26WUaeRVdCIQV7cq7uZr2O6ob\nz3KOPtFS7CegmNnrO6WCGh5Dvixc3EQ1mOIwCt9DoY0tLZo8lUpILbc8Uc0=\n=YxFO\n-----END PGP MESSAGE-----",
+				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
+			}
+		],
+		"version": "3.11.0"
+	}
+}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/kanidm/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/kanidm/secrets.yaml
new file mode 100644
index 0000000..5eb407c
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/kanidm/secrets.yaml
@@ -0,0 +1,67 @@
+wireguard-private-key: ENC[AES256_GCM,data:R8o48IzTOqAdSDGpdC+euQo+TdvxPY44iHgO7NGCwQnqnv87Tqbyqn/e6r8=,iv:sWhQJ3JiZRSFQoydNiZJ1UB0u+qdKdRoU9zapswqsbg=,tag:d5W5NOl/sB0MpZmaUiAAYA==,type:str]
+kanidm-admin-pw: ENC[AES256_GCM,data:S/iBo56ONAB/m3Z7LfsD60cN4jx6rKdpMw==,iv:zX5g2yf8cL+YNv/rOKxaUFst49jTNv0/RC7dCmDxRq4=,tag:/+dXYKm1fIsWxPNf3Dte5Q==,type:str]
+kanidm-idm-admin-pw: ENC[AES256_GCM,data:f+kENj9pvEzg6i0zdiNwVRgRXYgsNITlsg==,iv:+8rN4PJ6wdk8N8LZTlcuhv4lzY/ydi+mBfg4jp3kp4k=,tag:kVLFM845aNePnCWBlAhUFQ==,type:str]
+kanidm-immich: ENC[AES256_GCM,data:5mLDFJ/8gyX7Ij2KjpqWbtMjB8v9ek0tuw==,iv:eUMCFjTrAh/Ws4pDYf6T2s1OgNLQnaDXMvbTDbZ7Wfg=,tag:qlp5qRtgdl+TYy8TK2kteA==,type:str]
+kanidm-paperless: ENC[AES256_GCM,data:Jo/uMujrq5eHLClGoxVSyb4kJSIQW7MxSw==,iv:Ck6Z9V3IXUBpSF4RCoqKF3J8Vyo71PaS4itXOf3NNHg=,tag:/u0C34IaUlm0oOGHCgwN8A==,type:str]
+kanidm-forgejo: ENC[AES256_GCM,data:DP6nGFVL/7lwANf2DyI3E+Qfh7b/SF+SrQ==,iv:zuNS5Hq1N8ntEi9z1fCz2Hpzev5F+WEGn8EOTwj+4EY=,tag:8/j1AWi+JUcp6YyBc0v1Vw==,type:str]
+kanidm-grafana: ENC[AES256_GCM,data:o74mBnxhNRuQbqmKEWG/o19JE9M0bBNxKQ==,iv:J5HzDasytKMIvC3tLvWnv2Cu4HPlPHtukE48i2xwWik=,tag:63zpBuhRpnVL4oQjfA2f+g==,type:str]
+kanidm-nextcloud: ENC[AES256_GCM,data:cDZFLh316tIQhsY9osPBvlc3msj+8h/cBQ==,iv:e0nEiOdjxy2an0J21wuc38Tns7kzUvZ//RxnQ0hhjfM=,tag:vKyPRlfFRyLA/PARXlWnFA==,type:str]
+kanidm-oauth2-proxy: ENC[AES256_GCM,data:H6PS6WcMiH+gMsp1CYRYHqSdM9SqR4V/Aw==,iv:WnaEy32YxenO5KqQsEqhQm3jzsq0/HztYZrE99lVbb4=,tag:OPYDhTTKHJ63rHNLyjG7tQ==,type:str]
+kanidm-freshrss: ENC[AES256_GCM,data:t2iIWLeyChAPFKfWeLkEnWC0zbpuSP/tmQ==,iv:fPpjO8RhgIHNRq7V5pYZN1VNeO9NkUi/1HWsHrS5iS0=,tag:v+W0yPtWNpl0CQIdyJuaBg==,type:str]
+kanidm-firezone: ENC[AES256_GCM,data:/at/1dhYtPzeh6F7/juE1XyY6abq1OQIgw==,iv:Qp1QXBKHYoDJfTbZZYDRcdM+/GFu8WonhO6uSI7NdVA=,tag:lvSei5/yGk3aU7HX9KOgaw==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:02:14Z"
+    mac: ENC[AES256_GCM,data:YRVfa2nuKJ392zbrVDB8XILDa7zsdmdKak4tXAiru5SY9vGzY68sHSu1R0pBr0RxPZ4Z0NYyvJwiH1ni2PKabuJzAIyZLV0KL6ekKIFg2B+2o5nMUT2s2+7yjQ8VJ9nZSdjN+Qk4O9yF3L6GTg3CMKk+wahrySAPuyMn4rTMzcQ=,iv:JoGWfR4Ld0QsTIWnm5bZKwma2vPutEsSL0x6Siz5eGY=,tag:zzGyZs2wSwEo2yTUgKgcpQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/kavita/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/kavita/secrets.yaml
new file mode 100644
index 0000000..ffc70ab
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/kavita/secrets.yaml
@@ -0,0 +1,58 @@
+wireguard-private-key: ENC[AES256_GCM,data:rZ4bOiYyBa2Pq9TuxNRifoZ9uRSeL1cRA2JK1FDBK1Wa2ZAd0ZHQfRI0D00=,iv:3L8JLV6D80EbI1ArawwQ77ndepEoq84JfvM9XAjg+/Y=,tag:nCXsqWAXhB9xTnKn8ZbL2A==,type:str]
+kavita-token: ENC[AES256_GCM,data:yKwv9L24Ek4q8KNaTJcW3Xx6d1GCnEZ3LS+GkW2i7C+eE2XgBuG1Ff0L8xcdTPGFVkPPb2bvCP+CKVgnSVd5W+FFek/XQtVcFgWQVDUjG4mBbonQ3VnTKw==,iv:b/UfgHVBviUEMtt4Q6RQSkTVujH+qMIyuiZxD4mwMTc=,tag:rIVUGYOluyXU8fEd/dgQEw==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T07:59:40Z"
+    mac: ENC[AES256_GCM,data:MpnXoqLkHYbPHvA6ZdfgJ2sPzM/BtmhbzEjymvnUp4zLIojE15pTEvYKXOedr2RKYZk1BCF+ksfyyVgJxy+HFZ28baC3dPXRMAHH7InEkf144N2Kmodv2czohz45gnbBz38d2DBU1/7pbpktc2Iuw1bQZTBbg5xAw5Nkd3pzKJw=,iv:O2vkWIDuzKzStrDLcVnVnWBa8Moy48fPE3YeSlV1scA=,tag:OreHXW+REVZC6sOa0t7idA==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/koillection/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/koillection/secrets.yaml
new file mode 100644
index 0000000..4f4e244
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/koillection/secrets.yaml
@@ -0,0 +1,59 @@
+wireguard-private-key: ENC[AES256_GCM,data:VOvcwYy6YVQ+QxTqiWD5bbnH0qNDZ66ZRfq2gY/W0DpjBlJiIcSx1zgaggA=,iv:d6TMF2DAebYt1mNZ0ijzIYNhub2P7sCkD0WRuVPupMI=,tag:9R9N7/rDj/9OHWF2Y3n5eQ==,type:str]
+koillection-env-file: ENC[AES256_GCM,data:rELcMMdigW1SSCgyTyD4Tugqmv8nZCMnI1Pmwaf4MKA=,iv:/g/L+GfYR11rCg3QEJwIQQKXov4GqRIKdJvPcA1mst8=,tag:y6UMG24UdzONssovtFdbBg==,type:str]
+koillection-db-password: ENC[AES256_GCM,data:GxqSXFrTR1am4vmJtW162v8ekM8=,iv:b4T8Rsy7HOnQt0OnFPuKKSByrWxzYKdIsSQntfbh9Pc=,tag:xZHJPexSvNQb9EgmTyxvEA==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:02:37Z"
+    mac: ENC[AES256_GCM,data:rjxF+XnvVS7Yo39xXq77aeCMttnMaIOB77o7LrZdTMlcL+doTJFh9uOA0dh7vfP4Q9Aq8JWS7IHP1f4D99+uAKBf0BxCmapPgFnFxomFLqxVXYnF0iC85XGZXdWSFZY78Lo7Ilfn7ahyjcvJI4UUdshQVULbJr8cpJfR+KNM3h0=,iv:XNXXxHLQuncyHp7rPiyRXlYBoqfsv1OSv9Z+ktvFUzg=,tag:SFmFapugipfG7feXsuUYfQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/matrix/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/matrix/secrets.yaml
new file mode 100644
index 0000000..4bd4392
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/matrix/secrets.yaml
@@ -0,0 +1,62 @@
+wireguard-private-key: ENC[AES256_GCM,data:yWAKbF6rsLOCC/DfLH6F+XQLGb3fBRTN8asmyRgbkwSjk4c+BFYAt5+QBlk=,iv:6Cas9BbNIjoxgIB8Y+ILFjdMTRFtGz2dI6oiEiOLqsc=,tag:8+hgOBQAlMJOZ7Qhp/D+Sw==,type:str]
+matrix-shared-secret: ENC[AES256_GCM,data:JW7AOGGD6faDpXflV5zOUppOFIswq2C6ydxwFYYMqmnypKrGN/6HPI9pkrsAQYnnJrkEKp6SGVIKClc/+QC+wg==,iv:UW67HFNDqgg3uOFA01xR0btzWnDrgxMRG2SSKwXBQzU=,tag:/OuKL+e6QGlEHgjC/o0xXw==,type:str]
+mautrix-telegram-as-token: ENC[AES256_GCM,data:qUhoSZG6wY9XBc7FzM53Ia1jYb4pd0nnMJy4CXiQyUQKu7b3DJuQK92nSdb+Enlwrboui2Cs+zO3yzK69Evntw==,iv:jr7e+9JUSWUxOj/XiLTctc47Ticndzaj1dWBcT6KkHM=,tag:gRC+Bdn1rHb16LBxb0dVvA==,type:str]
+mautrix-telegram-hs-token: ENC[AES256_GCM,data:PEeMGrKEV7+EO4g5GgFFIAeX2XUU3PbcKt/1Lm9bjTThmaDGA7eUSEObJMolVOmTMwyQc5szyjqOQ504rCZK/g==,iv:ycjxbl74QS9Y3ZNc0rvsbR+llLKaaUQtcefTfGbPbKw=,tag:o/BC/VLnzvsx0QuQulsHdw==,type:str]
+mautrix-telegram-api-id: ENC[AES256_GCM,data:qAYbVdgeUw==,iv:D5AjnZdDQyDMGQe7FSVoPxWif9sfbkznXgBGDg+HkYU=,tag:5jQI9brdup/uQSaPVOWfHg==,type:str]
+mautrix-telegram-api-hash: ENC[AES256_GCM,data:bwfQP/EuyS+iWGlx6IoC7VrJPYbYtsU5cmtnCn+L8z4=,iv:lardLJjfWVvQqXcPm4b4b6iS+U8De+P61GnyfqjkKDk=,tag:YbsSPAqeSqIWsUoxdjbyGQ==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T07:59:58Z"
+    mac: ENC[AES256_GCM,data:ZT6hdEn/UkUqa2SMgbN6rUj1Aq+x4kvmf8wyWdgnPiCM4+EzY6N9AP0QcaVTssPH6hO5jj37jPCY8W6FCJQFOkxU0VsF/mYUq0k36xuPMyS4ztZ8zTVSW+0oV6YHZFzE/epbhcIiXIHaoFSyIoVtlMawl/LeBZ92R8MU8kUn5MU=,iv:nDA22BM9tpFAMflconxFsf6mj07W/+tcS3nJHhzqpS8=,tag:jYEm3IpmlwIEGpQZYJ0mJQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/monitoring/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/monitoring/secrets.yaml
new file mode 100644
index 0000000..3030b81
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/monitoring/secrets.yaml
@@ -0,0 +1,61 @@
+wireguard-private-key: ENC[AES256_GCM,data:bHFzF918KWIY7abTp4B71liKBpowEfdyPb2RmFhnER59ito1px5kccZe8CM=,iv:A/5EQ2NVCtPuDfJFAQgusd2Na95a6p4oWbIh78x/904=,tag:IiPzjZNwT7ZyPB0R8/AIjQ==,type:str]
+grafana-admin-pw: ENC[AES256_GCM,data:lTpusl8gd7R7FP9QfIU=,iv:h+xtTtDp03JHHmZ3hX9czEqSWq4l8tRrB52qaKBX3yw=,tag:0MIWfhrkfhmL0Jn8bqY7Zw==,type:str]
+prometheus-admin-pw: ENC[AES256_GCM,data:bdfXLIyuW2N4w5EHd4QD+js7KFF7RBv1mg==,iv:E8AseMXVEcrkCg2fzp2IGphZsMZiCPvTj8CGD2v1t2s=,tag:H+hgftqGwHpdEba5UAjd/Q==,type:str]
+kanidm-grafana-client: ENC[AES256_GCM,data:ppEqUFZC59A1Fv55l6VroWPzUiKtMO+5XQ==,iv:8SUmgijE1PEOiyMUSbZuKUfLifTD3bsdsSGFCQiPjgQ=,tag:crHqsVLK3uC7vA/wkCXZLg==,type:str]
+prometheus-admin-hash: ENC[AES256_GCM,data:6qIEAwDQQdMeiJ8oQsnRxvMV/x+p/rgHfViLMgGh9Lg5FoarzAoZjxNeyE63X87UzsjXY3+7/9khJ9PD,iv:O0VsqAUyiQ3YwLHSx2Pje3trlinz4CjxZ+h4lPPPRN4=,tag:fo2U43uEtfB8LWjP3zpkDA==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:03:30Z"
+    mac: ENC[AES256_GCM,data:k/1raTPyx+paIzNg6vIuOh2GwAwyBuejMe8QTjRcmOU3Cb6rLovI4kElP8mmC5lNPZtK/z16UKONw9Wj4PJyXpeFr06wUpN64P7qHZ104lJWnixR6kisZ7Vv4AUGAUaRCVC/IebA8If0/Sm6/Vtz+QqoJXNY6vZRg/e4POavwOc=,iv:X40QnY6vzU7E5QmJGM7pHnPreLqUoD6shuqMnE0C1bA=,tag:QqTdb0hUjtWF5bBIiS1PLA==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/nextcloud/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/nextcloud/pii.nix.enc
new file mode 100644
index 0000000..a495fdc
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/nextcloud/pii.nix.enc
@@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:0clUhOOUsJ15FkS92KGVth3EkH7TgSS0yb+FTEFpsJtUYNCziXVlXZvoFn0jicnSQw0=,iv:ekWADW1QtWU/Kge0avvMeOromJFsGzXNXNWsymZkZOQ=,tag:qoax3QtqzKoxU+8egb9lNw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDNHWkRJYmszMFZSaHA2\nY0NmMlo0RG9waTRTL3BmOWRtY0Y3dlNDZ1JJClk3TWkvVDRGZCtJVjF1TldycW1U\nV1lkQjNxOExHcTZ0YXhJd3hZOU14c0EKLS0tIHhqY04xdTMzK2tSQnFGSDVnM2pX\neGhtL1N3VVFnSXZNQkJzTmUyTkhTN2MKkWFj7pEdbD+pPqR17MnYma8EC9PeXezX\n8sRLSVGlWb2YobSavwbA9AL+WFsXsT71gSFgTkAtsPh9paDTKSAMjg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTnFJMURBQko0ZlhkZ2VO\nT2dNenNGU3FvVjA1VzRnQVJ5WDlTQXdoWkh3CmZOaWY3SUdNT2Rib2gyN1JKU2J3\nUEpmV1lqSlJiV0FsUWZpcmJYNHI3SFkKLS0tIHZ3UlFOOGN5T3VjVmNkaFkxY0FR\nQVRpRjdpVU1GWVdNMGdHSU5LYU1rUkkKrT+HGA8QauJT2U5RfuSIAOmQ5EHTlr6R\nLmGaKGPVoH1UrQJW7JpTKA9knYgweCPy4aEt4UhTrZxx7r3FKlM51A==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-01-08T08:05:30Z",
+		"mac": "ENC[AES256_GCM,data:EilwuLJTnz6pgg8tn3bNc7MxYc+RQQodCoyHAb5RRLSNDqIp90XaWKgXwBdW2lMJxYnnkprkFTOZHGW2IoSQ04S1oeYRya/NvBCSnX45zd7wQxL8k85/oYsCFZAqEV29QXoJmagO2isiFN6DXEf6IJGtzOD+MJuYjj8PufaBzaE=,iv:l7LlbYrSY4mJaQeJ1uN8MKN0z3xu5GhzGmEf/femROc=,tag:QxyUjkSbOcKBqwzGcXV6tg==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2026-01-08T08:05:15Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/9HZTVACE+U8I1i4bcSX7umSFfi6qEX+Cnpe2sbBQAddz+\nFAIAoImmymvOnBw/oF852vU1a7W71IHZ9723NH8yqngil/R4taLZGRVpg+f4ogEn\nFz1a2yJEjNy/Pkm32Y9w0RvKuVvuYaSk2XRj/GARSlwAgn/lGF84r2zUofuD4jnh\nzlVzvwDbc90GoFVN7rOAzgD88IOMHEC244IpxeQ0oVPaun6xhTThZD9twRUWVrqc\n1lpwMjdcNfr+AbL2BK+35uTxE8wA+kyF81yGXCGQZY0pGncUBCmXSiitMXLuU0V4\nXmydcKpB/pKQgdsIkZtfhxOEN9hdzb62GXiESg2jqF5fHBN7Qw7Solf5xtAHnUxD\n/yacrR9/uqhInVxVlxHzwZN4iZBQxQmtIz5uoA5NSgawrUf2DULLknYCWo6L5W2m\nIlqfzWnQIRDFKvpFjtouencQsdAM3jsxRPcq/+/AwoUdSsDnJsOhzIm7SfQmlr71\nMp3bD4M5ccZYVm0dH45N/fXssfWdFwRCBJ53veLfTyWRGpWiaS1ofsAkmVXemqur\nG/w7Dm4H4D8vn8mxPGg3l5VftxbjXU7mbq1PzzJBvktZM3p52VesTIAE91p17d6Y\n6zKSjmTMLKeWAnR/vXAFIJMXPROVd8jIrNHjhgflel+frBU2IGoo2jJNPr46Kw+F\nAgwDC9FRLmchgYQBEACqaN73KchQPMGgND1AdR/vupph0JF1uG0g9qA61xmvzBYa\nCfJob6Esb7wd5mf2ohfVkgEVNs36qGJZJ6/nes2X9BWb9InIYp7d5exVFI3uXNuZ\nccvGSUefPdZuRIK8XvdXWAsxCitcZZHNkJSstDUwpdDJpWMz+u+HTbRiLYp722QB\ndKTGhnsbpk9pnsIQPR3GHJh9iPLFyayM/Ej3y6N72ywQUN/pptZo+boWla3NO4JM\nHTXZHcUKbcNiCnhPgVK+xhP1gfgKjlyAC/STq8x1pOVvhNjtT/N1YuGiNQtxSLbE\nekLBkFK4VoH+fyDaHB8TFXK8dqq6+189Eg5kiTYGkMihR2g6g+0Sp5mbdHoRQEYv\ndpjHYauaKw4/V4c/UgcuQOT9WOUGqH5Lw0QohIhF+JLRU/GvppTxxk+wQm/yYWg0\nGrHU50wvV9udxIGxYxi/HICZ2CgqanWGOJDaTLejMK/Qi5bI3eAKkN4MDIJd0G+c\npVnr+Ry8uaKlmIzI0HV0LKdV5dAS4sbYOzp45Ze0M1geZrTwoWMUOyUNgjdGVj6/\nOz0eIXPK3e5IowfPUBW25sW0ztIg+Q3lfivC7xqoYBL3HCTgKevOGXgqnf5i1kZD\nrncVehBN+e33dnFLmLICPiawd09xWIckpGYlQ8NgtIXa8JaZPj27M04erhqzBNJe\nAS3cV3cwtBkuf16ZRgdI5CiUoSN5IyVuGb+q8GwKh9Hh5VLS4mwUNL8t034U/Azy\n68rN25cuZyAOcPmzTMW9xIhNacO4+gEW+X8MKalzbtOubOeGrkleTYuHyiuekA==\n=bjKZ\n-----END PGP MESSAGE-----",
+				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
+			}
+		],
+		"version": "3.11.0"
+	}
+}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/nextcloud/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/nextcloud/secrets.yaml
new file mode 100644
index 0000000..f3d8a99
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/nextcloud/secrets.yaml
@@ -0,0 +1,59 @@
+wireguard-private-key: ENC[AES256_GCM,data:k8HHv5NRBKJRNWRNHeQGr49ZrBrz/gwGL7qYXifmObYOeT1o3MfmG7wslOM=,iv:EYrcKjyRVxndG3puJ2HS++O1UbJSU4WN0vlD1yQQ3fs=,tag:Kc6VhUSw36ksSlfeZTwDIw==,type:str]
+nextcloud-admin-pw: ENC[AES256_GCM,data:paK35a5bPIHioXMzGPZ9XU6t,iv:VkSLO1VhIbDTGs/NRGYbKcThP/uv6LzuptJcXFmY398=,tag:VC2q6p38JI2a9vBehoJeQA==,type:str]
+kanidm-nextcloud-client: ENC[AES256_GCM,data:QOl4sP/+N3GIxrQMyD2TmyveZo4Wm88u7A==,iv:S409ur/y9j8HYLEbuVhUbSPO0JwD1zQST+J5035Cd2E=,tag:VgQs30NNosDdxwEL1iAvbg==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:01:15Z"
+    mac: ENC[AES256_GCM,data:UdaDVFUew2OaFnmdD+sULrrXQlvhASqomUt6kUxCoyXydotNL//X8tc6U9iUOhrXLKXsLB1fWKpiIQGGTtkK02p9F/IjWtakeSN8AiSCw60vVBueIdG4dDFXpOvLf4JVkLG2FkRqcLxLqyWLGzgXSFEIaaCTK/tRLWLXlCxitZo=,iv:1VgXeCIlQx89J4dW7Mldae47yvmej3Wu1NRnKK31oPE=,tag:GKfotJ6uoq+Jhf5uh2L6OQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/paperless/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/paperless/secrets.yaml
new file mode 100644
index 0000000..c279f6a
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/paperless/secrets.yaml
@@ -0,0 +1,59 @@
+wireguard-private-key: ENC[AES256_GCM,data:51Mpw8Wgq4SsUokL+AFRUwuKQq9UmXHc2glmiMdjKwa/kvu0JeI8R6pPVMg=,iv:VBqyAk1kNX8IAJhCjBnDNeEEGEKWmUHLkG4l10PMvMU=,tag:uGQ0u+11GuJ7f2T6AA2FHg==,type:str]
+paperless-admin-pw: ENC[AES256_GCM,data:2t5nZmpPblts6nZ6Pm4JZMBpwxVMap2NGg==,iv:IbCUeNBX4D0tOIOVGVv71fLwzC9NZZaD7M153la2eIk=,tag:L1FbrYOuwHQBHcBwbhm5Qw==,type:str]
+kanidm-paperless-client: ENC[AES256_GCM,data:mEJBDT1qEz6vHrjnT5b9iBjXYbRwcoG2sw==,iv:SL91pO4QgtD+458dy/7ra7+mQgW5P+n7qUdVaXxYbHM=,tag:dGD5mzVRNFLORrMgiVYJbg==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:00:28Z"
+    mac: ENC[AES256_GCM,data:ssSrHidYu6SUIVk07FMJ8p5W64INqRLdynQdizq+n37c69Ogj02LjcuRCH9W4vI0vIsbZv/Az0PnQRUfPwW9nHqJPtvWb5cUS9AK/kpQKRDd60QK8Le7+PPEzemvR61xeUv3CiUE5qh5Lf/AGUs0g/Mw1Ur8qSaj7FZUkKWMp7o=,iv:5KgI5vbEfquerHrKo0JpJbJaoAVJp7gblaUvQyr8TPg=,tag:BiGm5Lk53F0w79gnrBglbQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc
index 764e678..d911ed6 100644
--- a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc
+++ b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc
@@ -1,18 +1,18 @@
 {
-	"data": "ENC[AES256_GCM,data:xPgUMSYz77DhqS8Vvv5FawLGZOaoI+yVqyK6NIqqF5Z+eVN1FyYjg6tPRB56rq4/yPtI69fKpQyEvnrtOZRFp1L6R+blweXobmeG762a/FxoWmh2CaF1QutFKtS94xfJmci7De5h67miKRy7rGWOeMs8gvjspvLtGrmDJQj+NQCwTvUDcibMKL59GttYTUhTxeGyN2R3utEQeIkI0Sf0mJmQUWXXMsjiMrQGhGx1iS9KJHlU2izl4pZMDsGr01d/seV7O2xspfhf5saJk9yiTwxyKLAW0ueSAnstfQJU+CD4zDXxbxcl94dzLFkJm+WTYV1X+IZJtMODLYf2XgVsz4Ihf7CuzYXHGw==,iv:3eohgv4d8CUuGPb8ODmEeAGeBsfwZsmFG2ZuxWkbKRk=,tag:31eaWzlcCslHMTeq3kEvJg==,type:str]",
+	"data": "ENC[AES256_GCM,data:l0LIC8IP4wVA8wI5Ef1yKYfvJw4b4izz7HemWgoKjx34GWLnVYKYqrsXuGD8QN0GzbK9ZAPsWXYa3VejnVXv8Qe1B9GPEJbPtP//ExZ9lDYoKICLpy/yLxSiG85xSQQ46UcipCpA5ZjJPnmYeimTlW+PH5BmuL3LD/OteGVcIwRVznBaQwQ/DnzxE7eBOyF3l0apIIzk4paMswF5OSh0+0EfIS0wKJ1zBLW3OfVc9N1npC7nn7x01X/fde9k4s0gt2XjPQ/Qo5HdBfEfqzzOTu1jiYuvuoiQ4KmlME75HWfLoGLjCYCespoEnH0v45vJALiKNk6wBbHwidY00HH8DSxRujYxl23IuW+r6x5B/rpXUanrHzfKmQyx3crYqDl3URHwycW49GXxWBy8PPE49SGmWMh25ceuLjIgqQaGppza1X/V3RV7tvA96/L/kAIvmoDaYJMncFv89Q+fi0obp1YqVNkxsdGuBawOnCzyL2RAhf9t1no2ak7zJnMqaiHY6BU0Sg2OSwWEJQEEBzmj4P5k9SXqVBF/MUL65sp76hq7Wk6mqtofHvzY0ugLw/b2G4+RlWNAyDQnb3dSmldSc/U7bLZ+2Z6IFlMrRGg0niZd8g2283CQACvNBSonZ9v1SMfgN6ChG2U8ry6McYwsrO0dDshiFyyyvy1GxPAzc8nf/n40i0ipnTydJ3vxlaPq3rKZPfsXQdfiqDDu5tGiF+7JpdBtoJQ2Pp8pRKkS6sVPIY2OsTdu/ZQ34aW9aBKLfGMB/YPm9vid1Nlp/5TSbmbXfC9Lwz5s3I50N/iLI9F8W+hhR4RpOQLufkS0+neFqK1N38s6P/lXAfIrDdq9+QNZvSE61bZqjx7oxl6QKJKvZCFmkTIZOP/xANrSe17f2MZ1ugh1MBMb/5/Zh9BznJBEjNMsaCdEEBe8Anbum0oO9CXlldFMqUf+LufI1VDWj/68oBjNmHgHFVzUofxD7q4EZ/8HTtfTWOivVLg0F2l4fR6JIdTqKEk/g1tVll2gWfH9H/xNrdZQ9PQI/XKiSa6LIWEdlPz3TuH2Fw6bo6UC1YfVMvoWPUQsUhqrCBv0eb7snvYBkUJg+/BWhWelL9W8FD0gce3WrJfAe12TXqgWb0zSHtPk9C9E0+UkXEM/SAciBJTSowR0edM8QyPzT8nP/9qrHz390V8EIbENWU9AYDuo6o5fh0E34FHNCuX/+toq9VrZZLVUR1pb+o4=,iv:o6qAis1FnoabxGMQDDXrubSFHIgP0XHkjO4Usx+eQoM=,tag:rC+nrChrFNfT/3C71szrfg==,type:str]",
 	"sops": {
 		"age": [
 			{
-				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RjVhWERrSGtvYUhYOFpo\naDZ2UGZ3RlQwYVJaR1cxbVRRYVBVellBWXpnCjcyYjFYdG9YNk5mNWdIYnN3d1M0\nWTVLM0RyWmtyejg4T0YxNFdsTElLTGMKLS0tIGR3d21SS0Y1MHBsQjdJaEpzUUNk\nVmhjRHJ3RDhDSEdTWlpoNDlWaHJxM1kK3KsLvzB4QGCqKS1pq5jQjXU0tkS6CDat\nL8emFbAPLKPEafb/dZP+AXupztod9R0feSaDxTre5m8ljplEnE5Lew==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcWF5cDZnWlZBYko2UFV2\nNGRMNlNzejVGR3hJSXNjaFQrWk1FWU9WZDM4CjZBRW9PbG9XY0V2T0dZTVhGU1Nn\nOXpXSWdaeHRNbmd5S0xuUkVuLzlidTgKLS0tIGNXckVXK0d6R2dNKzFzYTNPZWVW\nT0QzY0kvNEJvSC9CWExaRjBsQjdVYU0KavAD19+DC502a44wxbtz8fbxwIgpgE2c\nU4LlkgvkrhtTTiu6d/LiAKfqM9PrSajBdO8YrTpFxkqYgfi1tMoC8w==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-12-17T22:56:04Z",
-		"mac": "ENC[AES256_GCM,data:+UeKJoKrYLGMU0LMOVvBTYCrwS5gs4dWIIi4ceUnnbs3Q2vqtyn52Ht8ECH6EAHnEtk9G5IBj72NmLgu8Hr24mDc0SFpJKqFuemvJHef9t6eB3ZGYFNwbEJ6HOjmmp6+Xrt25b/C1q7mw/ysnb0g1Fs1I0GzsyQAjDeYWYTh6Y4=,iv:ndTm8UuVgt/O44vlKafu7F9knSNNO2+RoH/GoEhTCqA=,tag:PQMhJlANkxAgngIdzuGEdQ==,type:str]",
+		"lastmodified": "2026-01-10T11:23:49Z",
+		"mac": "ENC[AES256_GCM,data:p/kSeOGsEFw1NxehT0UVNOrf20K+YEK/heZakNf+X4C4GabctvCTyGouoRDDq3ea/O7TeTT+uVRiveZ6TOE7S7rKwFX5yTuB1wKDqsFLjDgFidwzicHIBmfceB3XolU/l0cIkEH4UcYYOelfiHr5gtjLefnCUojttlUhRZz9CD4=,iv:2QDqwkwlaKZwtnuzfkmBDYmTTvt7FN2op6/O8JcHSBA=,tag:cOgrxorAFDwpBF2NfxxuVw==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2025-12-17T23:34:30Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAA2WAZd8mTmgXn8X+MmMTgSXZX0TJSV7gI1U98+F6ewg7Q\nDB0Q36UVEtbpYaQi+vdP0g7lzPo9ubEaO4U38LYiumxlYZASmn3faYLvgikSpDM5\nnE9Huhff5Z9gP7tY0Kq37xEOVLNx5hI019ULk9r/7T1g2bOh4fWyBVvCseQ+8r3i\nR1IN2QPCWP39evzL/FUHtiFH2XD/dFtHRLqV2Zd7JXJ57FOdwROc5omKh1bN2Q92\n9BCJ5vE32gpPcBxmAz5VY4lgF2SYps3Er9ObgTv5ux7hmqspQZayIvpYeERXTeUp\nePAqzmbbcG/MabpjuUboy5KoWsbEi4SsohzJC5r/oCnRCbu0PCz2Ip8f7CyMUyhB\neOjAJ7zrY8XW/ee6X0BYIZwUZhZw8Z/Qf2x+GSamamkhEA9AhbQcyW+c2D99vM0P\ntAqVqaPNqNeMVpmUJtgprZP5VjbckIkLsgtRRqopKjM7FkzHykwhI7hNJWJmUnC6\nrI/y+xGTQ16kge0NMbgwRuGyxFQbB9FKB5VP4vsJ227XjrEZ5HaOd+XOgj7Us29q\nkIl9ZGKbEUn3I5sxI/0ijTG/pPN+H3ROvXs9cRBkBa/T3uL4Gdvideet7IxIAOU7\neamskzNS5OosEyafAibD3ctB4wI/E19HS0JKoRNsA7CUqzVXhx5ipeLXec5tHMmF\nAgwDC9FRLmchgYQBD/9V20QCxpY8lFdhbiN5n3dnlsGAIQtYTYKXWqTWb/iq6Mhu\nUU+/2Czu1fpjOEmPcvKk3XxM2wclzpTG+7NWvtHuDLe9HCai6eujY+1Jrek95AqL\nDzm83PDONp61nGj0mCHDgyEcnDK6ViCglofjjAN5HmfZxw6NI71GIk+c3qLx1pem\nUR7ETjjBbBW3gv9BXAqe+NYRbFx173lf6er4ogqYWRFCRlN7IQGlMLhAbbYfiwIz\nsnyyCj9UEekFcsVkQHoIHFeuP8xmsOjL7AAtKAMXVL1UdHfgJjK7bI669tzmcJJV\nakECPeKDwk1/C6CwHtKrnAHoUHPLw99WEPThQ4yselDBkf7yFibnHc6dNd77xIEG\n7lVyZFFq/a+gOOWdN/6mxqumD6LgQexoatY+8shQEJ7tfcNKs3ptJZX6zLiA1A1e\nzLxpVqtAmU7H399M8Q7Q5wiJh7wlF2ssADnAMws9ybCzKqBAsbBDhlwrXvZW5lic\nQTMZoeYBgZp6l59hHppcaUXTFOCR0fW10VNyyKJa0/fRegptxGAmvVQzSLLJODw+\nXHxabaeuF8IcU00GqIC/7OuUY3yN2IHYjxkB90F+rOHYj6nF6zFxBVRplqvgbzbq\nSpx9/JEuzVqv7cwmix0osmru2NrY/xvmtJq+8VZooU6JcXk+wY5MtD7sIG/yFNJc\nARwQJ1fSiUBvXVBM46O+XQIPk4aP10cxhz0NF0LTCXttJJnHqgjjI3SAGvpAq2mH\nCGPu49vKjzW5l3Y8SfHGPe1vU11l0KZeXfPSijhupM6V45N+YBkwDLNj0Qs=\n=zt+q\n-----END PGP MESSAGE-----",
+				"created_at": "2026-01-10T00:38:26Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAxZP0/unKQe/AK8lpaLcPSttcLwSXosaIa9PFoBpW1iJC\nZSGx+HcWufN/aniE5PMEa/ibI4VUESuhPtqolAf8DD1ofhIwMIHTcEFvZ8bLQscv\nt31mGECunSwMhmmszRkyJb6Ic5tx8I2mhcQ7Nn8BVTlTRUeq/NNk2gKVuadd1MLG\nb2C90uk2DQWgU3/Cu8k9s8xrxSVmDwUEDliyY9tKCStL+E1UKbsc7iR494eDWrc1\nUjV6e0DjbWVaMAJWCUSHBSaEEQYHEWYoaQHjLcosZoq1ihgmEQK69r/vKl5tY6/u\nkAwrjWK04szMJ6fWI8a/56lwtUTKP8+tP9afRE5r4D8/xSKbbwIFUCAFRoIMRJ7/\nRst5q/kiS5G+9UTkT5TrKp0sxTbEyfucREMzUiuaMK0hh82DJM3DoYl0BhtFiNUA\n0xjDbq9jDdxxf6qVc2+j7G4oBZsEpSGCGeBB8V2s60A04HAcPDl6KuJgdNn5UGKT\nztleh7CzQxupByprHh/a97XDvvNpvzz6VGYtsIv42IW4sINgDIImhUdYFYgmRn6j\nrtJ4f6WWC62YENjiwR5GRm3tPjK8iyPh4XtSokqKSLe8NRfLK9+Ix/ZAS9woEgtb\nyLejKc35I229Cdq79uDqzj+oDr34q2M5+4Q3mU/Hk4AO3BGb/++v68z6r7EeqziF\nAgwDC9FRLmchgYQBD/9pH6hLvPyM+pGNuRVWYVKg9xxLVu17hBKV1U+VR1flfT5s\nRhz2wvCE3/JRrTyNDKSwSnFiZDDoq9o1tGmHn+C7pgZGODTIBiIYdQoweF1h5l+o\nc0gdWb8PJROTHGJvl4PGZEeGsav0vhHlSvbh1MtmbldGgZQ+LFwdZWUMMXRtHzGZ\nwihOD+dyurdPHmyqKnylna/uvI6SYwLoW80LzZ2HDROknu21q3P61Pz27aUIX+9S\nBfM/JAlhdz21jgmWNinV/zKiSze2twFtpjniz92lb9avPNs34MRbOCp/q5b6rai0\nanEcSBigxcrZR8Og0cPTKYlVTwuHej3wjVEtH9PUTmihMwQoU5RQloySlaEyAKZR\nL9h8sdl+PVh+Yc+Em8WM0XvdFwYKwpVUqAbUeYQV1sBL/oE8qTKNG4xDXBnSUvwF\n4zSzZ2ulkTl2J3t7uNUKI3suU21T0A5+MKB2Tl1n6lK90djfKnlQnbvUsVu/l4HG\nOvOZgaR64wx7ZQymSinjqNnITuIpkOEZ6Gu0Kg+hJPOiXPBRwskpn0P5piUhsbvX\n80fyWZZvKxealQyqUCf3ZFKir/CNat6QDvPRvGgGpgYfIC9zOxznlcEMSZE77ZvG\nCHQBsRjgn7EdI9I3OQZvZuVBtuSQlPcUJXuOUqyptPG49frMtg9cOlI3Z7xRyNJe\nAXuQhlSzBIdRD/Calc9dlJE6ViFePryA6VAUYyF2KAsPdSXK0AzlG2tAQY8nbxfq\nLn/J5HToEODGX4W95mkBl/+qgjbDVQU53fZ7NDPrQLBBXiGgR2pZKMShs/jtzw==\n=Fg87\n-----END PGP MESSAGE-----",
 				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
 			}
 		],
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/postgresql/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/postgresql/secrets.yaml
new file mode 100644
index 0000000..47270a6
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/postgresql/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:iSjQO7EUVOYgh3378FTGPOf7fUFLBoA7KhxroPv3iyWfbDI8r0yB/ewoMOI=,iv:Z9KlHucjpU44VvYWkq443njeSs0TREKTIeq65ieUXv4=,tag:6fjf3Ce/tuvK4vHvBaQn4A==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:49Z"
+    mac: ENC[AES256_GCM,data:FVo2l0qd8E0G4252lmbPqhBKBu1WRXdqD5iYNJ5VTcFwM2ErC1RXVFFzX5jnBdq8yPUozS5/Vjm5p4B+N1bxwDe8nmKUJcXFy5AdMMgrVmXySPqEF6+uMQM5Mfh5yLgLnxscpCo6SV0kESfD86TeHI/HJ73EL4L8tD5V0tiDcSg=,iv:igf9D+MLI0rhagUP6IZLe6sP2HL5UpT5Z0DtLbXVq50=,tag:c0CGV69zbtIUxZMRJHh8yg==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/radicale/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/radicale/pii.nix.enc
new file mode 100644
index 0000000..2455158
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/radicale/pii.nix.enc
@@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:+gy58+DZWMwnfjFLa9rIoV1lpk2NtEd2OnTOKRgNqzTqYPo/DHsBhDNMvSDPpa8=,iv:pax5GFmUDJURjSoYVpuWPtTJHFJ938jb9+GlzFqtl9I=,tag:5VmVjszfJhNYPpa1FsDXiw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdk56TXBTMnkwSTVpcjJa\nQXVqbFBrVXg0alNVRU8vUTE0WVVhVWo2OWpNCkF6WTMxSHNpVS9HSThzbG1qckdr\nQjZscm1SeDZJRVhTbXZ3L1drbnNyemMKLS0tIDU5NW84dUhhMm9lcUFTeE1JSWtM\nZTRIK2RBZWFFdnFwRGRpVmFZa1p2ZDAKoTVtGfVUCibVZMdmSPuSB4+V/v3JoLdN\nJhkUyG4ZLlB0CVP/o8Iscs2R1+2uMTVGFtHISUpKv7pskfUdZgWGag==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UnZna3gxQ3JFTGRDMVdU\nUGtPWFRoWXNoMmpSTW5wWXl3RmcrOXdwSGwwCjYyVyticEllVlJhZHc4SlVjdkli\nOGJ2eGFrL05OTFJ2RDFGNENCZTJmWW8KLS0tIHpmcDN1bFpRSVkyS2ZkZHBiMW5L\nSGgyNFkrYVlaZGprZ2ZnQ204dkJLTGMK0A6Un1SDu0ipQZXfOALR/3izQLhr5u0x\nhNtU3Qgbv8LrO78PGxTq4bj2SSRvlQPnA66Nk9OCft1Tje50KoKciQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-01-08T08:05:10Z",
+		"mac": "ENC[AES256_GCM,data:dqrPYwYaz2xcD6OsTrqjSkyNT1g5ntlGr+3WViuhuV+UcwmGFSQ4T0M/vJE8tGiopoxElfxZJyYGZ97BnK+WppIUiFGOQc1hcJhzFavo/gzz6xQsourq17DiXJS34VKjejneXDY+ieIUG4xXUlGWsiyNnBCGbj3STGLYcxtvKt4=,iv:mozuoTM0gS8peTfe2Pm+HANZZJozenRCdQFcq2eCHC4=,tag:MrCV9VpZi4gKMC3eWYzgnw==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2026-01-08T08:04:56Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//QXKt4eibQonofUjKAWjH66ZuBNN6sVY9ioqAQH9SaKob\nOPZVTSxNn/4zcMulticYpPyQuSdvGx3GTAYx3gVOSXKHnHo8nKRiNEq9ZDx4A8CN\nJkvJ3R74/XLay6sO7gCGsfNe+nXeNiObanyV2wNwsigwr2NjItERHMCH4//sFm2N\n0Y0LnuxcRL6Bty5gQg29NZaBiYNWw2viaKIyhAqeC7ner9iIYeHre9eEhU8+Fouh\n1aegkvFSgDqzPAtBSFW2rP65HIiQEh+4FB6FlJmXqnIK/FCozDpH96xn0L1CMxVk\njRExv7K8s2tCKgkJ1pdbs1QBPJGuXKMFDagNPl1vVj9cTBG8XAaJ5td+Ye1Kf61f\n7SLdBu5Rov2kp8fhW2tKBWySpcPUxiVQkS73kL0j9L8xZMcw5e/d2KOSwXalCs6p\nxMF29SmraOSG93q4dFAyO73rbVwueE6MKe5Q+h/zFMK/V7U/WWprDaL3VoYHoQjZ\n6dknrYPPUcgAdMqGYGllY0CVDeysrQQ+QFgWnTPa9kfBn8EUSbNzhxaISrUJ6xYX\ndTkRa0f8qYCiGNZ5BuigA/yH3VDMIaUmJYB9XbpPAWi9ltZuA2Tt8cQ1oPWm5SDU\nq3ct8KP6UqwEXXawC75D57Z8R2mUz8dZGyACRKHWnkjEQZE892Rymq+R+BW/cu6F\nAgwDC9FRLmchgYQBD/9+U7ducieN9QpYX7ZBs7RP5xUCtzCV/dL4Ps7m5b3ZzlE2\n867eFCSn6TMu6/KBi1WmsJJ2eSkBvYw3S0fEp8O3n8pvVyYZBIgmUM49oTx+Xnjb\n/FKRj+TxMYjlQyAXIMFCXsrk49genJV0mGSODn5ZAKj5Rhx1Kaqm1tkZ+ZJ0zzJr\n79NYypQjMsuhA3VL+MkxE3zoipOeU60KPaR7o7uei/PHBtcUtSOLmJEvaZ1XVM2s\nwtnRQXeyQwxzzNE800wWGQF6PDMvjFp63o0Pj+Ie0dyVNS2UbebjJl5uR0pn22sq\nUtIFTi/IwwwRYUFI1i6Kkw7igfyaI6ThO3thxfVcBzi1/7pMNbD7yiIOBdZlcgoT\niCqrK0+uyfPQztJiseX0Sn9xhA9bQK6ob4OnZoHRF7EKXC7CU9C5ReGY+W7EKSJy\nrJ94IeEPHojjnkH1RgK4h5gxDiVJ+d6mQhbbmPmXomBHaaViL4y8gs7cHNXL4v2/\nDH46EUoljeyUxvxIQe5UDBaGB1AwoIrCQoByCmMVGZos1w2QKG2cUXWRfLY4vUgo\nA//hfPyGCwsM88265ohNqx1kMb9qFHd0P4uXaM5wX3hqnP8NlR9JhHOmtjXEXj0U\nPXuqLvNw18ytb1lQ/6lvIfB3nTz6Cd/CiiMtgcJU2AMFY1etgztcr7ZvvfcMVtJc\nAW4txy8U+ulr59a9uMFcjWl8MnEIW4fT2NqJSk27qWMxdkcf+O2prW9wilkazctC\nFIw1IKw0y9ahLQmCdjYwHw0iTqOAvpcJ/eQxhTAWrGY1pCAn7UZhpOmXMn4=\n=xDUO\n-----END PGP MESSAGE-----",
+				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
+			}
+		],
+		"version": "3.11.0"
+	}
+}
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/radicale/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/radicale/secrets.yaml
new file mode 100644
index 0000000..ff5dd8f
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/radicale/secrets.yaml
@@ -0,0 +1,58 @@
+wireguard-private-key: ENC[AES256_GCM,data:1yvGiPIViIM7PZc8fi4MRFo6X4ZP0ospI4bx0SwduI30Lk+eWMeutvSjUso=,iv:mcefti2M/qe39zzLp21aMfMI5CrUXgl+c/BvncRHGdU=,tag:pO3TR0utUc55EEbQFiX9vA==,type:str]
+radicale-user: ENC[AES256_GCM,data:BBo1TscIK622Whg=,iv:yRxEy4sVlZNzqGGML+dCeGzN2viMT7N9Eg9lWYSGljE=,tag:3cX1cfTzhxNYrtk1u3lLXw==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-08T08:03:16Z"
+    mac: ENC[AES256_GCM,data:z+ETj7inVkrg3lniueJNw4VwMp52S0wH+6kEH3bWPvMjml4Biy9wUqatlayi4cHsYQaEL/2ok8bi9rNuMrYYWs7qieLDZfRQuHEJNdylPxIKrQn0xn91ihbQJRyGMCweEtaHNR6uZY0uKH/wvvBlBLcZmuiXtPU9CGPIh72fTdA=,iv:41h4pi70SArumCJ+RqdLKlaiPwyqW0Kzro8u/GHNvxI=,tag:1kitWfua42WtVlWRrGJ/TA==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/secrets.yaml
new file mode 100644
index 0000000..f1ff4a4
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/secrets.yaml
@@ -0,0 +1,106 @@
+resticpw: ENC[AES256_GCM,data:duM1dMkCRdckaOg=,iv:mPRxC5KgBMHRUcgHJQTfLA9P5EfGwnbnfzCp8CNIr9o=,tag:VZlFcaVnm4eay+JM0Sd7cA==,type:str]
+resticaccesskey: ENC[AES256_GCM,data:Jt4uKdD7WqjaRjnKLeJhYoFSTtpwqPuARw==,iv:s1Ff5h2uKVxZY0hIZObZLXDlxgoUIFTYSiO17JKPUWY=,tag:DenvTp2ny8i+XjgTF3MPNA==,type:str]
+resticsecretaccesskey: ENC[AES256_GCM,data:ijvux8Uldkct48gqVIC+jtfJ8m2oQ8ZbIZUZbyY79A==,iv:BxC2CZ87hxZhf35xqLe4ArGO8EnsYCABmiN+OM7t6tk=,tag:I61Ne5ztK5CUDUu+yvBcig==,type:str]
+wireguard-private-key: ENC[AES256_GCM,data:lP5wnI1YUSb2PJUo8LvCogz0gfwwnqgYtNEly2i8P4geQVGnsxCz2c0ZKgM=,iv:55gjJ2K15EB8i9iwNNsuKwzHZsX3RvsTKNAnr+Ac4to=,tag:GPscRLTJSj+TNJ/15pM1mw==,type:str]
+#ENC[AES256_GCM,data:D3AMwX0rBg==,iv:4AaUSc9Swp4RJIqeNzTW7MvAi5cZ3c53alWY3P4wS5U=,tag:IUzpcX38+495WM3O7L0uGQ==,type:comment]
+kavita-token: ENC[AES256_GCM,data:coBAnDN4tWB0b05z+SRv8tGau+KrvMbEBICpPPYrjAqS/jVIrsKfpiVp+jJ2ruKnrwFnE8aVzWMB423fFk/GzpLDJZHF7oPjlr5QQVsGQ+NP7Ls7lAu6/A==,iv:pk+sZqRcx+WgS0Nwa4z4I2RmTobL7QME8E77bYdlcsw=,tag:XJ46v//ploErgSNLlUfPBg==,type:str]
+#ENC[AES256_GCM,data:KxuybG2VSA==,iv:5HnK8dQsTW+shG+EzGh9BomfoBGl5cdSQpZjD4OF8y4=,tag:S2EgHIoHyXpxpU48hWiiYQ==,type:comment]
+matrix-shared-secret: ENC[AES256_GCM,data:wCDMXzV18aFk4h1tf60N61K8j+gRJxIfbQLvqbfoDWPH2gbuNsg3SfDyFgDZQUzAzfaYC+jcbUAFOPm7ZD6axQ==,iv:9Rpx5jHyxqoyLSD39zPopj7m5ZZcPIhiRTh9tZXIero=,tag:JQg1uOorQvN3m7Cm6fT0vA==,type:str]
+mautrix-telegram-as-token: ENC[AES256_GCM,data:/34XoVkm/8o84PUDXGWzFphEu+0LyvfEo+HOEbEB5GfrHzJmPpWgdGmedAYLpupvOzWWjODXgNk0zC3l4a+4gQ==,iv:7AdLQ3/SCJM9VxEFOBZnmVWKeSDTKyFLq+dysahlErI=,tag:NP/iV6aVZLy4RFOK1OqOPA==,type:str]
+mautrix-telegram-hs-token: ENC[AES256_GCM,data:6je3dFrFAoNCbUuZD7C+kMoQpNeqBxoUusEJBFM0IYcVAqsmclMktHWLFDerkfzgGmKverqnf+rINDVEX8Df5A==,iv:iDqeYSsw1OTxu4K+zAEU+eUz+TLnXSzXbr6J4cLp7KQ=,tag:PBHqaqJEVEN8nk5hmIVEpQ==,type:str]
+mautrix-telegram-api-id: ENC[AES256_GCM,data:R6C4gFh+NQ==,iv:30LZQR0CRmtAxqXVu/GOihdvdsWqGqiLMQJAM1yaSg0=,tag:9QM9VlCqSFuDo2k0WJx7/w==,type:str]
+mautrix-telegram-api-hash: ENC[AES256_GCM,data:m6RhyLX2wNtMG/rZtLtwPVYiF9rD6bqsulJTE4tNkeA=,iv:aGq8TGQCOVlf55XfM4A9V0eDF75E8Rg8Jg+Vc72NJ00=,tag:J2fJ+Q7KToQirY87t4mvzQ==,type:str]
+#ENC[AES256_GCM,data:6lE2jJal,iv:n6GbM2CZy9KSVRPJvnYYhcN81P77TUoy9ZJwplbtPLg=,tag:UaI3x5tu9meuZc2Wj+s82w==,type:comment]
+acme-dns-token: ENC[AES256_GCM,data:Q5rGOFLYvCQ0h8BZKC3JlcWHp2q3ucIoE1E3NujEGoBltdUj3RpY3Q==,iv:T38LtQ02/11zlJUUahIeDNXyd9fQ7MYAOYgAY5ioLMw=,tag:5G0emN3Oje+Otl4uBxe8Ow==,type:str]
+#ENC[AES256_GCM,data:XTHlwp41c52pmg==,iv:P82FtV4f+KziNF5QNca/xx8ZvdeZu+4tQmtePvjhKGU=,tag:AdVhiRLboyDT3jaSBjD0Mw==,type:comment]
+paperless-admin-pw: ENC[AES256_GCM,data:mfk+N/cxddgUiandSNIYvbt0X1nDLaWOzw==,iv:CbHsz5ldL4sdnMCghh5DFbIBeR7e7c8ftuB3cTRBXBQ=,tag:SGk6QsUO7+H30Mi8fFuaRQ==,type:str]
+kanidm-paperless-client: ENC[AES256_GCM,data:9mqdKyyuPyezSiNIVBe4/ViHydfkfZmAiA==,iv:frksTnlKbIHG1XdXUTQwKHLtlpRdZeQOOCBFRQ9DY1o=,tag:DBUy4xV0drIxXL9IxV30/w==,type:str]
+#ENC[AES256_GCM,data:4n9xtQ==,iv:Qa+X5jJ/PQLkEB/EdRoB6pic642twVkt8zTIkHLOGz8=,tag:cZP9TyLPNACeHRMqTsRnlw==,type:comment]
+mpd-pw: ENC[AES256_GCM,data:umt4fAgqaLBIXLhLLGUAay/YbSKC2r4uZA==,iv:yBOe8MpJZGrko30+zmP6LYI7uPJvQUf9+KhZAsSKk90=,tag:JWpGwG5trY/kLyQo707jDQ==,type:str]
+#ENC[AES256_GCM,data:mHqhDMd0XorN,iv:LFGTMK375H8QenyYVSSF0IfummbSa6XPSCrrQryy0/8=,tag:r7qqAYPVfVkgZXObQLYMGQ==,type:comment]
+nextcloud-admin-pw: ENC[AES256_GCM,data:WIS+dK+6sNa8l9sfqILcVXpI,iv:pAOX6uUusKKOGrzHzij6tNOHJkacxyac/YFbU8ZmFhY=,tag:NQByvZhCu1qf1Qb/Eor0sA==,type:str]
+kanidm-nextcloud-client: ENC[AES256_GCM,data:qEamdf1+i9Je6l2uswgDfrc/KkbLDDnZ/Q==,iv:T9g7V86o9sTIWZ6MwRg2Li2ntpR5B+DgvXbrM/pBHo0=,tag:OH4FKB6qgsdAEVb8wdkKCg==,type:str]
+#ENC[AES256_GCM,data:mRjlEtwcsjs=,iv:l+6IJr+nyIUF45vhNAw84eVoypF+grcKvXa3Z4mDntI=,tag:A8guEoZcPnAzlvsbQGI1NQ==,type:comment]
+grafana-admin-pw: ENC[AES256_GCM,data:OZRhYLC8mKGT1dLpYNA=,iv:JWLDUXsHEgISVX5qPOY/SyEyMbd1wBPRcX4aB9V1VY4=,tag:UnM7Ki9rqcv+QKEkbD5geQ==,type:str]
+prometheus-admin-pw: ENC[AES256_GCM,data:zKtPGDIDN/pJxdRuQthIOkvVgjmx+FrEcA==,iv:M/gY7JGCcf3qOR3abTOhW4oK+cEZ+qrA7Ej1dXXWXnU=,tag:LD4faKNGJnJSPv0w2UtCqw==,type:str]
+kanidm-grafana-client: ENC[AES256_GCM,data:wIPvYpMuT3cJKImJ/NrvfZg4u841DQNjow==,iv:BMIrNgd5p5kaQOqC7GyCz6tF76HOx7GHJ5TcWL/Qeaw=,tag:pfhys3Q1WBzv8lcaz4gSZA==,type:str]
+#ENC[AES256_GCM,data:jWNwieXkgftTIg==,iv:3fYUvETktHqHxg1MR2ZK6Bkz4DGjILS7gIU7taGj534=,tag:cLIde4jkQUo2kZ1nxACQ2A==,type:comment]
+freshrss-pw: ENC[AES256_GCM,data:+jKVUjkpNCjGSgE=,iv:SZu/AZxue9Y4xEdrAEHkwzuoL7THI6MS8YQFwcoRPMI=,tag:M/iBUKcKe1d6gW1cUpeBew==,type:str]
+freshrss-oidc-crypto-key: ENC[AES256_GCM,data:bsnB53+pm+1AlPx6kvQ46GUtocDZJW2+MyJDC7tuSbgY3hnFOhmbbQ==,iv:9gF7OLOTxva4znYIEsdvrfI9JFPhuFucuH3oK9Rj3f8=,tag:TY7QfUpI1GmkNYXDNyl4zQ==,type:str]
+kanidm-freshrss-client: ENC[AES256_GCM,data:7CO/LL3uKxQHFjfC3VR4JfL13hT7T/OG5w==,iv:Q5BZSrxMgUM5dXKKLeTXG/kWUgFb1RCmUQSg+B0H32w=,tag:gX2O/2l9XFk2r9HfGzWliA==,type:str]
+#ENC[AES256_GCM,data:fs3hYmSnPA==,iv:AO/BtxZ//pNQESSDYSUZzSWc1daj6aa2vXteC04HivI=,tag:HfRZ2YUWO2XNtjN8IZMmvQ==,type:comment]
+kanidm-admin-pw: ENC[AES256_GCM,data:OF7rhjmg0I7V5qc2nWfQzSAIMlowXapbvg==,iv:I3Ig16YFPP2BeoAdYmRLQe8fqdV/MC+GW3T61kNiftY=,tag:n/WcJsNejgoZIK4GmnaPlA==,type:str]
+kanidm-idm-admin-pw: ENC[AES256_GCM,data:UdGmzkgeDVWzFR+jqmwzxB2U0yjbOMf5ZQ==,iv:dB1rS0d7/hgA4UGSu/P2OIu43PHZbif3UkNd9vZ962Y=,tag:6mYDZUcobB0Vi/sZ+nOt/g==,type:str]
+kanidm-immich: ENC[AES256_GCM,data:9vIcSVknbeitmmj5SVWcfOkji+0tTyvEJA==,iv:cMorkTF7swSLShonZqkuPl2RfrGBOQVnR2XTFr8Rwy0=,tag:BK4QRnCsxNPpdqQk03ghMw==,type:str]
+kanidm-paperless: ENC[AES256_GCM,data:IjB3ZySYVS3OZU3pq4dE4qzm4F3enTEwYw==,iv:UZyYN5zyyvsAwLf55mAw32/CdygYbtfZvQY6BBzlchE=,tag:Tz3TOqf7oIyw1j414bvHDw==,type:str]
+kanidm-forgejo: ENC[AES256_GCM,data:hDPeC5CPg2yHvxtw5Z6uIwr9TtiJM+PjGg==,iv:+pEDpmePUbbH9H5edZ5IPPXY1g2Daw8lLgyDM+h/0Zc=,tag:tugJxGP2LTYrHnNKb4/wgg==,type:str]
+kanidm-grafana: ENC[AES256_GCM,data:+tfJr1mrfD7Kza9R26av7G+QgzzQhjeUmw==,iv:StWa8qivQZFhA1V5pSskeXL2IF8QkZd/tdOdAmWJLL8=,tag:U5A137+ACOWl1LdmLwb+xA==,type:str]
+kanidm-nextcloud: ENC[AES256_GCM,data:yTBSlSN7O+ywGB6j8dvORE8C3xabayg3NA==,iv:kprbm7NR/ukczINENzdLOgBl2fwSs1CWkW+XFmLYxTw=,tag:U1fwlVRwcJBMbxCPAqovBg==,type:str]
+kanidm-oauth2-proxy: ENC[AES256_GCM,data:Wj+tqtfxI/JDZwM8dFKvWaq6P5xrdPeszw==,iv:9WNcoLs4zMzVgGAMIanS8IAJKZU/IV9AY4YXw8gsl4c=,tag:JTZMI7xmzlVbpoN7T35bJA==,type:str]
+kanidm-freshrss: ENC[AES256_GCM,data:pO6j+ZAD8NXUiHMZ5jg1Dsu6OcFr8BUIfQ==,iv:2vxDhyGqafbOBLsmQFuiBVN/2H4h2ZIJfG7h4iV/dIE=,tag:cYO2ANzUMAwVBiq87SQ0wA==,type:str]
+kanidm-firezone: ENC[AES256_GCM,data:5QcRJy1kn1bk8zBqPznyq6vHHukmIIQpiQ==,iv:GL0QkqhsgRIeE+1rIDqVuC+UyIKPJTu5AHALBMZq2Yg=,tag:+kF/HQexEgg6JJyv3LeGvw==,type:str]
+#ENC[AES256_GCM,data:nkfK+2JT/zAFEN5r,iv:zhequNAlsknCC1ROXYm+tzaUy6mN6XmuqS13Q6HU0a0=,tag:FQw0dwMR/yitjGSFWW6/RQ==,type:comment]
+firefly-iii-app-key: ENC[AES256_GCM,data:1jLFVD8tMVF9hYiNeUZn1ZpPcKuvpYEZxLJcylg415PXl7ngmDa6H3ruYKFk/rt0sjh7,iv:uFBKrNOa5NdHWsLW5knd16tF0HQH7j4nsoF2TGEcrl0=,tag:X61hLERJNS//sSkhtkBEwA==,type:str]
+#ENC[AES256_GCM,data:ZeR7BLj26KJabuQx,iv:Fp8Etgu5tg9xmqT421n7vvQvL27evPslZmVgIiGCGDs=,tag:DjirUtjNCh09D2JGJXqaYQ==,type:comment]
+koillection-env-file: ENC[AES256_GCM,data:G/Nwzw5wQAr7aUfM+JclpmXaVwLKr9DV4M0F69Sya1U=,iv:gAYrD2XFKl0gWyU0wQ2JU0Vrn9bXVLJf5p1HdunZxqw=,tag:y64flWvqJ2KGETBnnnSDOw==,type:str]
+koillection-db-password: ENC[AES256_GCM,data:vKHnmcvSOKhHOt6Mdbw+uT7GdM8=,iv:/pHI4ficUG81gkAUTATUt1SLDxiWYZoONqXUrIuEjcM=,tag:2kRNBut9P8qSGvy1D5mJzA==,type:str]
+#ENC[AES256_GCM,data:QgzAs3Xq1wgb10RNZzl0uJA=,iv:oCIr3yh3iiaskY1en7QPZvRGhC4wmzGI2MQ9qJ1FoW0=,tag:Fjcr+5Xz3gmEckizaUczgQ==,type:comment]
+anki-pw: ENC[AES256_GCM,data:TGKLFfBD9UEZlvc=,iv:8GsOAxr7DI4uEsGREfsbRPA6p6/7Jl9oUXWpCmobBZ4=,tag:ZpmubPgfwmLw817sMpHRcg==,type:str]
+#ENC[AES256_GCM,data:g1yoM9Q8wfA=,iv:Gj/srSIg6aI0lybHMQGu8wu2KfvzdKJ3XetoTaZwJpg=,tag:N1lqDLoqhiT7YNu4hyvwmw==,type:comment]
+kanidm-forgejo-client: ENC[AES256_GCM,data:eQwwaqdWAHQ+1HgfKtx9v/5kT1rzbFfUhA==,iv:HKylHTkifgSIuq4tKPIsyOzDCn5ynl66/PLDyWW/pEQ=,tag:k3ZjA0BvdLvpbogq+e9JUQ==,type:str]
+#ENC[AES256_GCM,data:7ZIGRjWPgI9l,iv:YXDxvRZ9SPO9cJBsGQ2T1i5DojjaghrlF5h53ECgukE=,tag:uXvmB3kINl4jg+18OoSpHA==,type:comment]
+radicale-user: ENC[AES256_GCM,data:jsrSPQ9bk5IPSaw=,iv:4o4BYlQlWONCv5M51C1EhgbxGvg8Bir/rIdMjGO+yeo=,tag:oxrSuJS9LKRQurSM+0gfYg==,type:str]
+#ENC[AES256_GCM,data:MiKHFUmTDvnrjhw=,iv:Y72pVFthqLq+LVj5bmy7dNDvXMxvTtFPEHSAfB1Dcoo=,tag:802/jEiC4zWXmvjXPwSYEw==,type:comment]
+prometheus-admin-hash: ENC[AES256_GCM,data:Zp2yXBiFudvD75Yupi5mjQwL5wai+atnJ0ltzM+TnzFNzFgYv8hdilsxYSD0VDo6CZJWhEtp9ozfiETs,iv:jidoobYusa5RfAZfcdVSNj5yKBJvlRRCfcN7MYkN6Ko=,tag:2tYV/SFajv9VE+lIOuH/5w==,type:str]
+snipe-it-appkey: ENC[AES256_GCM,data:6nsXRMr2Fr7e0b/0WJS7ntlg5HEedGMCGe/69kwfyb6llSp4Pn1H4eQc0Mk=,iv:ZtL9tTNZhUT+YL7Ps7ZyUBKd5W0i7ZZAeqyZbJB6ELs=,tag:nJnqHXg6OhQhRnRtraW3bA==,type:str]
+snipe-it-db-password: ENC[AES256_GCM,data:Jpk3Ka4/Fk3CMdUZDf1SbaUbGbmkYl1L2YvEpGR/H4kq32Q=,iv:7t4bM8c2huTEYxUJDxu72dTueiGNOzwFjoedcQK5hdY=,tag:IHXqtICjjd4O/9MqqCyu2Q==,type:str]
+#ENC[AES256_GCM,data:Z2MArzHJ5g==,iv:5IFG5SSmOOQU8hUiwLXG2UBRbPmgeq09/XU7UcPqoDc=,tag:93YLtbQgBMdDWCSl5BUVvw==,type:comment]
+garage-admin-token: ENC[AES256_GCM,data:XZ4OVmqy4O2+NBqV+TlVCYb9Lk5bNoKFLcCNaNIRv0YEKcIgAlnL3bTuIaw=,iv:KvYTpvnmupx5DIVIh/EkKPkX3yr/3eLMzWB1vA5KM9k=,tag:L+kMrGSHXUsEqH0oFuBB2Q==,type:str]
+garage-rpc-secret: ENC[AES256_GCM,data:uTLsZv1viatNX3f1qdDvFDKfVRgDDLv2+AUHCPo3lx/cUiB9HMcuUHJoNP8sLeuX77WXon29ZKMd5fKnydo77g==,iv:IJgDZZkA4QQfOWTWh7OLtWRZi0yE4dKE0BoJCqopWl8=,tag:wh9aWZhEehHx0nQ8UBBNKg==,type:str]
+sops:
+    age:
+        - recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVEgzdnZUTjlOM2Q1M3pI
+            VW1OWEtGczU3cHlXaU45MTk3MzNYNnh4L1FJCkVNOFBlVUFpZFZqOGhBVVBQR3gw
+            SzRXbEZyZWNoZlVwQWxZWVZUSFBEd00KLS0tIGs4bnd5M05DMWtOaFJDYlVaY1RU
+            cUpZZzBOZHlZdzRoS0l4SkRER1JQeTQKBeYA2sVQab9moaYlT0jE7/zMJvOJoC7V
+            QwHXwnkjZCavAC5HIn82PzJ0DNrMKSZ136AgA+F99X0ZFyFnEIFZCQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-10T11:56:45Z"
+    mac: ENC[AES256_GCM,data:3Y124JX/6MsyIeOv9t0DPSv6YUICgvQn688LpXvW2jSWYRuJCbSWG67cPQHCNYP3NjFWXuASlKhDRJQicwgamh3WrE7gC7QxtqCVtwL0FTfZeOQ+vRoIejWIldcKC3YK6vKYW/O//Uhd+5rG8ah2b7XqRvgv8bwIdUKFUQqG0EA=,iv:VfsIS6+QTbv4WhykReXOGkGul7dWj0Voux2vrkv6Ecw=,tag:h7zZqbe4NAZ0PlcWBq0r2w==,type:str]
+    pgp:
+        - created_at: "2026-01-10T00:38:27Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAupwKI+ZxJSXN856THn/72D4Exl6hY+Xs2SlU/MO3USYV
+            1/2SuZK6x/yl8tXycUiAJ/G/2iPEkE7QIpou0Ck0Q5dCzGyEyjh8d6myEGpCXTyJ
+            +41bMOHrnRWpZ1IPeU2qfbp4RNF6i3i0VOSzT7Hi7i7xDGQCMoD6yRwo2NH5T03P
+            DNkssIZ2V4SbCF+uHF5wbNgOlBZcLex2I/0vfgQXBz2wClaVY/YAkKarjroARhI6
+            K8zaueup2/uJr6UBvsbBXdroYSJDKkzl9cMl+g16RnqQKPj6BMKD12c3w/U9Jmb6
+            dXGWjs2xLQJ0coD9pl7hpSuYBBZk3h4/wpI1Tyxf9s5qra4ARtJbvlhztkYbTnby
+            vrOR6zFrbqHuTqPIil2rCTkMGXxEgyJ0sMIWDWRF1PUb8LODBBhgfYSUHOZM3rvK
+            1txWY7Wz1SOO2J+MjCmgvEUakW1Pp4c5hIDtmRTBwlEx0s1/Yb6S6sTPloNepDnW
+            ev0YJIDX4zdHn73yZaYOrPX6NsUSSHC9SPVHIZSOWO+nO7DdX/eSKd5NbZJEyKcf
+            xUQoKvF0+3Lg7Xh/p9yLfmaMEQvTxBcBhBmYOxboiKOFacJBVz4MbfSkCXm4IAeb
+            YW6ToixrOv7Dm92ii5uqfsOtnwP0LlMa+x54wc8S7lqND1Yw+CHGgt3AGoN9hDCF
+            AgwDC9FRLmchgYQBD/9OfpyzNpwlBkbqWXcygmkd9n121KhPdIWd174zcDmln0h9
+            3+1CM4MPerCOpqrLKI9KpYUct7b1ObwEcG21famUR3scKFSSgaPWst2sSz1W0YmT
+            eRJ3TZrO7gVHkWZ5pBjBFbYa3E7P0LbDYcXJrEa74OKiW+ukICYvtQp7s1bLMoH6
+            Gy23xglPpgb1tMhLk6TXbPuj3p2rErUjhR+f/TNmStliVGfFmnYSigGlG3MZmhSp
+            q6/SFeTCbWg6qMqgCxz1xvG7zRTVxTKdTop5YF7lcpY25Jso+z9TPGfWV9xzOejy
+            ZKE4Jako6mrkNmgYZPL5E8y7R3n9AZnieXzgKC19d2QFergy5wp41Qwwpk+YCcpR
+            vSBLcIIgHDizDI1+1878MvBM3soRcyPhkq6Y/eg5SuUATvG8k11VxznO+iEXDv9B
+            G8JkK6IOYwYGhaawcsmwZedyrRq97DEZYgONemriaY/UB2MT3uY369NDV0UrIZgz
+            FNXp9GwuaXj+M5MJaG6//G36IKnhEBJqVvmqpR/FQiSIddnGYJrW7WkGEIYsHLEy
+            sF1vmblhE8f/4w3IrNv1SmBnE/IwrKe+OIT4b5SUFQaTFe8m1fuj7M6i+LRcsJmi
+            QQ/G3OFbZVycjjz+3Wm17sOez5UDzTCTgXfIxLlqselCPjEmNgB/xF/XNKvcxtJc
+            ARnZYFJHNPPnyvGgT5UO0unihVvYwjANSspdUVo9kYfgO7DV4ptN/eRYppZvnSIn
+            bGBYIVuHzTQyfjNzgukghJANWctbyaABv6wZPTO6/jjNtkMAI60+vjfKCTI=
+            =OxXr
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/storage/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/storage/secrets.yaml
new file mode 100644
index 0000000..6978c86
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/storage/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:IsQLebLnWOCmERQLSmZAASOgxyg8itWr0o3rt6062cbWIDLO+TPJTDtlWRE=,iv:bhhFTLjhHMTfEyynklpWPTU6KCpBZJZoRLlr0o+Pk7Q=,tag:j4pCfGDo2CQPpKmpn6gVyg==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:51Z"
+    mac: ENC[AES256_GCM,data:eRO2+uoeWo+qeZR1gf7QJbydXvrLWwQQytNDM0Hxo9S8ONrSK6uA6Vac050Tmo9JM3606pr9RR3RvtRn20jcKI9X1PNVayE/hhdgug7O2CzpR7Xnekh7PM2N9hLgdH8lKdOASPXTYMQxnvKfX0oWEjLnRa28kK48GzdyrLh2iU4=,iv:UQuaMAcVjgz+fD99lJPMRvcWNduYxCccKDnwPT1ikf0=,tag:7VgsxiXcYaHnQyUoOSvmoQ==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/summers/secrets/transmission/secrets.yaml b/hosts/nixos/x86_64-linux/summers/secrets/transmission/secrets.yaml
new file mode 100644
index 0000000..054393a
--- /dev/null
+++ b/hosts/nixos/x86_64-linux/summers/secrets/transmission/secrets.yaml
@@ -0,0 +1,57 @@
+wireguard-private-key: ENC[AES256_GCM,data:o3wV7UI5BSV9YU0uaumgfFWBJlgMewpUqOusvcGWxOW8dSrT/aqpT9iu1K0=,iv:fNf6fOL8KcYBxmfFLi5K/qPmNfon16HE1fgQ86qNDNU=,tag:BoRbtrw7jvENAn5wiP/sWQ==,type:str]
+sops:
+    age:
+        - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
+            OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
+            WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
+            QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
+            8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
+            Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
+            RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
+            d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
+            HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-07T13:36:52Z"
+    mac: ENC[AES256_GCM,data:Sb9HItfMt5WaTYJw1/OcPVR3SBKzAifgK0NTwSb59ByxAsaOhkXrGL2cx+6p7QpVBw2V9duiFVmZhOp9vW2clCQX2RwiSAxaRLcDtVIoqB7YfmiNTdzrEDFHJNndbT6Vs0qOb42tjMyKXGZIcrA55G3Vh8S5Qy5w3IW4CSwI20U=,iv:pRjPa71yPRy4X29IPjk9Jju4JZkhIK2uucgK/dBX4L8=,tag:2RD746vX1mlQu3GyDELF8w==,type:str]
+    pgp:
+        - created_at: "2026-01-02T21:12:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
+            Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
+            W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
+            IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
+            8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
+            IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
+            B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
+            autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
+            zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
+            g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
+            Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
+            AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
+            5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
+            ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
+            VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
+            X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
+            nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
+            GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
+            lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
+            rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
+            znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
+            KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
+            AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
+            b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
+            =wYdb
+            -----END PGP MESSAGE-----
+          fp: 4BE7925262289B476DBBC17B76FD3810215AE097
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
diff --git a/hosts/nixos/x86_64-linux/winters/default.nix b/hosts/nixos/x86_64-linux/winters/default.nix
index 557cae0..a167da3 100644
--- a/hosts/nixos/x86_64-linux/winters/default.nix
+++ b/hosts/nixos/x86_64-linux/winters/default.nix
@@ -72,35 +72,35 @@
 
   swarselmodules.server = {
     diskEncryption = lib.mkForce false;
-    nginx = true; # for php stuff
-    acme = false; # cert handled by proxy
-    wireguard = true;
+    # nginx = true; # for php stuff
+    # acme = false; # cert handled by proxy
+    # wireguard = true;
 
-    nfs = true;
-    kavita = true;
-    restic = true;
-    jellyfin = true;
-    navidrome = true;
-    spotifyd = true;
-    mpd = true;
-    postgresql = true;
-    matrix = true;
-    nextcloud = true;
-    immich = true;
-    paperless = true;
-    transmission = true;
-    syncthing = true;
-    grafana = true;
-    freshrss = true;
-    kanidm = true;
-    firefly-iii = true;
-    koillection = true;
-    radicale = true;
-    atuin = true;
-    forgejo = true;
-    ankisync = true;
-    homebox = true;
-    opkssh = true;
+    # nfs = true;
+    # kavita = true;
+    # restic = true;
+    # jellyfin = true;
+    # navidrome = true;
+    # spotifyd = true;
+    # mpd = true;
+    # postgresql = true;
+    # matrix = true;
+    # nextcloud = true;
+    # immich = true;
+    # paperless = true;
+    # transmission = true;
+    # syncthing = true;
+    # grafana = true;
+    # freshrss = true;
+    # kanidm = true;
+    # firefly-iii = true;
+    # koillection = true;
+    # radicale = true;
+    # atuin = true;
+    # forgejo = true;
+    # ankisync = true;
+    # homebox = true;
+    # opkssh = true;
   };
 
   networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "enp3s0" ];
diff --git a/hosts/nixos/x86_64-linux/winters/hardware-configuration.nix b/hosts/nixos/x86_64-linux/winters/hardware-configuration.nix
index 492d7d3..13a956d 100644
--- a/hosts/nixos/x86_64-linux/winters/hardware-configuration.nix
+++ b/hosts/nixos/x86_64-linux/winters/hardware-configuration.nix
@@ -1,4 +1,4 @@
-{ config, lib, modulesPath, ... }:
+{ lib, modulesPath, ... }:
 
 {
   imports =
@@ -13,7 +13,7 @@
     extraModulePackages = [ ];
 
     supportedFilesystems = [ "zfs" ];
-    zfs.extraPools = [ "Vault" ];
+    # zfs.extraPools = [ "Vault" ];
   };
 
   fileSystems = {
diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix
index 5b90606..847163f 100644
--- a/modules/home/common/zsh.nix
+++ b/modules/home/common/zsh.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, minimal, globals, confLib, type, ... }:
+{ self, config, pkgs, lib, minimal, globals, confLib, type, ... }:
 let
   inherit (config.swarselsystems) flakePath isNixos;
   crocDomain = globals.services.croc.domain;
@@ -46,7 +46,7 @@ in
             boot-diff = "nix store diff-closures /run/*-system";
             gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
             cc = "wl-copy";
-            build-topology = "nix build .#topology.x86_64-linux.config.output";
+            build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private .#topology.x86_64-linux.config.output";
             build-iso = "nix build --print-out-paths .#live-iso";
             nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
             nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix
index 4466f77..82db167 100644
--- a/modules/nixos/common/globals.nix
+++ b/modules/nixos/common/globals.nix
@@ -189,6 +189,14 @@ in
                     type = types.nullOr types.str;
                     default = null;
                   };
+                  serviceAddress = mkOption {
+                    type = types.nullOr types.str;
+                    default = null;
+                  };
+                  homeServiceAddress = mkOption {
+                    type = types.nullOr types.str;
+                    default = null;
+                  };
                   isHome = mkOption {
                     type = types.bool;
                     default = false;
diff --git a/modules/nixos/common/lanzaboote.nix b/modules/nixos/common/lanzaboote.nix
index 8492eba..41204ff 100644
--- a/modules/nixos/common/lanzaboote.nix
+++ b/modules/nixos/common/lanzaboote.nix
@@ -1,18 +1,25 @@
 { lib, pkgs, config, minimal, ... }:
+let
+  inherit (config.swarselsystems) isSecureBoot isImpermanence;
+in
 {
   options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config";
   config = lib.mkIf config.swarselmodules.lanzaboote {
 
-    environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [
+    environment.systemPackages = lib.mkIf isSecureBoot [
       pkgs.sbctl
     ];
 
+    environment.persistence."/persist" = lib.mkIf (isImpermanence && isSecureBoot) {
+      directories = [{ directory = "/var/lib/sbctl"; }];
+    };
+
     boot = {
       loader = {
         efi.canTouchEfiVariables = true;
-        systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
+        systemd-boot.enable = lib.swarselsystems.mkIfElse (minimal || !isSecureBoot) (lib.mkForce true) (lib.mkForce false);
       };
-      lanzaboote = lib.mkIf (!minimal && config.swarselsystems.isSecureBoot) {
+      lanzaboote = lib.mkIf (!minimal && isSecureBoot) {
         enable = true;
         pkiBundle = "/var/lib/sbctl";
         configurationLimit = 6;
diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix
index 4c5d1f5..17d8130 100644
--- a/modules/nixos/common/pii.nix
+++ b/modules/nixos/common/pii.nix
@@ -53,7 +53,7 @@ in
 
       secrets = lib.mkOption {
         readOnly = true;
-        default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; }) config.repo.secretFiles;
+        default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
         type = lib.types.unspecified;
         description = "Exposes the loaded repo secrets. This option is read-only.";
       };
diff --git a/modules/nixos/optional/systemd-networkd-server-home.nix b/modules/nixos/optional/systemd-networkd-server-home.nix
index 58da2b7..0204411 100644
--- a/modules/nixos/optional/systemd-networkd-server-home.nix
+++ b/modules/nixos/optional/systemd-networkd-server-home.nix
@@ -21,6 +21,7 @@ in
 
     boot.initrd = lib.mkIf (isCrypted && (localVLANsList != [ ]) && (!isRouter)) {
       availableKernelModules = [ "8021q" ];
+      kernelModules = [ "8021q" ]; # at least summers needs this to actually find the interfaces
       systemd.network = {
         enable = true;
         netdevs."30-vlan-${initrdVLAN}" = {
@@ -55,6 +56,20 @@ in
       };
     };
 
+    topology.self.interfaces = (lib.mapAttrs'
+      (vlanName: _:
+        lib.nameValuePair "vlan-${vlanName}" {
+          network = lib.mkForce vlanName;
+        }
+      )
+      localVLANs) // (lib.mapAttrs'
+      (vlanName: _:
+        lib.nameValuePair "me-${vlanName}" {
+          network = lib.mkForce vlanName;
+        }
+      )
+      localVLANs);
+
     systemd.network = {
       netdevs = lib.flip lib.concatMapAttrs localVLANs (
         vlanName: vlanCfg: {
diff --git a/modules/nixos/optional/systemd-networkd-server.nix b/modules/nixos/optional/systemd-networkd-server.nix
index 76b2bf3..2ca59f5 100644
--- a/modules/nixos/optional/systemd-networkd-server.nix
+++ b/modules/nixos/optional/systemd-networkd-server.nix
@@ -25,6 +25,7 @@ in
         in
         {
           "10-${ifName}" = lib.mkIf (isRouter || (localVLANs == [ ])) {
+            # address = lib.optionals (isRouter || (localVLANs == [ ])) [
             address = [
               "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv4}"
               "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv6}"
diff --git a/modules/nixos/server/adguardhome.nix b/modules/nixos/server/adguardhome.nix
index a3d37be..3312db8 100644
--- a/modules/nixos/server/adguardhome.nix
+++ b/modules/nixos/server/adguardhome.nix
@@ -24,7 +24,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -64,6 +65,7 @@ in
             # FIXME: change to homeWebProxy once that is setup
             answer = globals.networks.home-lan.vlans.services.hosts.${homeWebProxy}.ipv4;
             # answer = globals.hosts.${webProxy}.wanAddress4;
+            enabled = true;
           })
           homeDomains;
         filters = [
@@ -83,6 +85,7 @@ in
             enabled = true;
           }
         ];
+        user_rules = config.repo.secrets.local.adguardUserRules;
       };
     };
 
diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix
index 78f6af5..65e928f 100644
--- a/modules/nixos/server/ankisync.nix
+++ b/modules/nixos/server/ankisync.nix
@@ -31,7 +31,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/attic.nix b/modules/nixos/server/attic.nix
index 31a280a..e4d6c30 100644
--- a/modules/nixos/server/attic.nix
+++ b/modules/nixos/server/attic.nix
@@ -28,7 +28,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix
index 6998aa2..19b706c 100644
--- a/modules/nixos/server/atuin.nix
+++ b/modules/nixos/server/atuin.nix
@@ -20,7 +20,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix
index 943077c..8a8ea3e 100644
--- a/modules/nixos/server/disk-encrypt.nix
+++ b/modules/nixos/server/disk-encrypt.nix
@@ -51,6 +51,7 @@ in
       initrd = {
         secrets."/tmp${hostKeyPathBase}" = if minimal then (lib.mkForce generatedHostKey) else (lib.mkForce hostKeyPath); # need to mkForce this or it behaves stateful
         availableKernelModules = config.swarselsystems.networkKernelModules;
+        kernelModules = config.swarselsystems.networkKernelModules; # at least summers needs this to actually find the interfaces
         network = {
           enable = true;
           flushBeforeStage2 = true;
diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix
index 5c32aee..f1ed188 100644
--- a/modules/nixos/server/firefly-iii.nix
+++ b/modules/nixos/server/firefly-iii.nix
@@ -35,7 +35,8 @@ in
 
     globals.services.${serviceName} = {
       domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6 isHome;
+      inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+      homeServiceAddress = lib.mkIf isHome homeServiceAddress;
     };
 
     services = {
diff --git a/modules/nixos/server/firezone.nix b/modules/nixos/server/firezone.nix
index 22ca0f2..f31532b 100644
--- a/modules/nixos/server/firezone.nix
+++ b/modules/nixos/server/firezone.nix
@@ -53,7 +53,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix
index 666cae1..ea246b1 100644
--- a/modules/nixos/server/forgejo.nix
+++ b/modules/nixos/server/forgejo.nix
@@ -34,7 +34,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix
index b1d06cb..dd764b4 100644
--- a/modules/nixos/server/freshrss.nix
+++ b/modules/nixos/server/freshrss.nix
@@ -52,7 +52,8 @@ in
 
     globals.services.${serviceName} = {
       domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6 isHome;
+      inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+      homeServiceAddress = lib.mkIf isHome homeServiceAddress;
     };
 
     services.${serviceName} =
diff --git a/modules/nixos/server/garage.nix b/modules/nixos/server/garage.nix
index dacc0bd..8f08fef 100644
--- a/modules/nixos/server/garage.nix
+++ b/modules/nixos/server/garage.nix
@@ -108,7 +108,8 @@ in
       };
       services.${specificServiceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/homebox.nix b/modules/nixos/server/homebox.nix
index 9e1ca26..468ce7d 100644
--- a/modules/nixos/server/homebox.nix
+++ b/modules/nixos/server/homebox.nix
@@ -24,7 +24,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/hydra.nix b/modules/nixos/server/hydra.nix
index 44ff2b0..ddb3a2f 100644
--- a/modules/nixos/server/hydra.nix
+++ b/modules/nixos/server/hydra.nix
@@ -23,7 +23,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix
index 891c047..bdbc739 100644
--- a/modules/nixos/server/immich.nix
+++ b/modules/nixos/server/immich.nix
@@ -25,7 +25,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix
index c1a6c0d..4c2a972 100644
--- a/modules/nixos/server/jellyfin.nix
+++ b/modules/nixos/server/jellyfin.nix
@@ -11,15 +11,15 @@ in
       extraGroups = [ "video" "render" "users" ];
     };
 
-    nixpkgs.config.packageOverrides = pkgs: {
-      intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
-    };
+    # nixpkgs.config.packageOverrides = pkgs: {
+    #   intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
+    # };
 
     hardware.graphics = {
       enable = true;
       extraPackages = with pkgs; [
         intel-media-driver # LIBVA_DRIVER_NAME=iHD
-        intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+        # intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
         libva-vdpau-driver
         libvdpau-va-gl
       ];
@@ -38,7 +38,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix
index 4cce673..e400172 100644
--- a/modules/nixos/server/jenkins.nix
+++ b/modules/nixos/server/jenkins.nix
@@ -18,7 +18,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix
index 218f26c..bdf247b 100644
--- a/modules/nixos/server/kanidm.nix
+++ b/modules/nixos/server/kanidm.nix
@@ -72,7 +72,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -396,13 +397,20 @@ in
 
     systemd.services.${serviceName}.serviceConfig.RestartSec = "30";
 
-    nodes = {
-      ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-        "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
+    nodes =
+      let
+        extraConfig = ''
+          allow ${globals.networks.home-lan.vlans.services.cidrv4};
+          allow ${globals.networks.home-lan.vlans.services.cidrv6};
+        '';
+      in
+      {
+        ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
+          "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
+        };
+        ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; };
+        ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = extraConfig + nginxAccessRules; serviceAddress = homeServiceAddress; };
       };
-      ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; };
-      ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; };
-    };
 
   };
 }
diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix
index 6507053..f952f49 100644
--- a/modules/nixos/server/kavita.nix
+++ b/modules/nixos/server/kavita.nix
@@ -37,7 +37,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/kea.nix b/modules/nixos/server/kea.nix
index 9f331d6..93eee37 100644
--- a/modules/nixos/server/kea.nix
+++ b/modules/nixos/server/kea.nix
@@ -29,7 +29,7 @@ let
             rapid-commit = lib.mkIf (intX == 6) true;
             pools = [
               {
-                pool = "${lib.net.cidr.host 20 vlanCfg."cidrv${x}"} - ${lib.net.cidr.host (-6) vlanCfg."cidrv${x}"}";
+                pool = "${lib.net.cidr.host 100 vlanCfg."cidrv${x}"} - ${lib.net.cidr.host (-6) vlanCfg."cidrv${x}"}";
               }
             ];
             pd-pools = lib.mkIf (intX == 6) [
diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix
index 2a99efc..d7ad07c 100644
--- a/modules/nixos/server/koillection.nix
+++ b/modules/nixos/server/koillection.nix
@@ -41,7 +41,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/mailserver.nix b/modules/nixos/server/mailserver.nix
index 2cb1328..b2f910c 100644
--- a/modules/nixos/server/mailserver.nix
+++ b/modules/nixos/server/mailserver.nix
@@ -24,7 +24,8 @@ in
       };
       roundcube = {
         domain = roundcubeDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix
index 98da084..a2a7aba 100644
--- a/modules/nixos/server/matrix.nix
+++ b/modules/nixos/server/matrix.nix
@@ -1,4 +1,4 @@
-{ lib, config, pkgs, globals, dns, confLib, ... }:
+{ self, lib, config, pkgs, globals, dns, confLib, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
   inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceDomain serviceAddress proxyAddress4 proxyAddress6;
@@ -59,6 +59,20 @@ in
 
     # networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
 
+    topology.self.services = {
+      ${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
+        info = "https://${serviceDomain}";
+        icon = "${self}/files/topology-images/${serviceName}.png";
+      };
+    } // (lib.listToAttrs (map
+      (service:
+        lib.nameValuePair "mautrix-${service}" {
+          name = "mautrix-${service}";
+          icon = "${self}/files/topology-images/mautrix.png";
+        })
+      [ "whatsapp" "signal" "telegram" ]));
+
     systemd = {
       timers."restart-bridges" = {
         wantedBy = [ "timers.target" ];
@@ -99,7 +113,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/microbin.nix b/modules/nixos/server/microbin.nix
index d64de1c..ecd9550 100644
--- a/modules/nixos/server/microbin.nix
+++ b/modules/nixos/server/microbin.nix
@@ -58,7 +58,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix
index f9d720f..3e4e3b3 100644
--- a/modules/nixos/server/monitoring.nix
+++ b/modules/nixos/server/monitoring.nix
@@ -68,7 +68,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -221,6 +222,10 @@ in
 
     nodes =
       let
+        extraConfig = ''
+          allow ${globals.networks.home-lan.vlans.services.cidrv4};
+          allow ${globals.networks.home-lan.vlans.services.cidrv6};
+        '';
         genNginx = toAddress: extraConfigPre: {
           upstreams = {
             "${grafanaUpstream}" = {
@@ -267,7 +272,7 @@ in
           "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
         };
         ${webProxy}.services.nginx = genNginx serviceAddress "";
-        ${homeWebProxy}.services.nginx = genNginx homeServiceAddress nginxAccessRules;
+        ${homeWebProxy}.services.nginx = genNginx homeServiceAddress (extraConfig + nginxAccessRules);
       };
   };
 }
diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix
index 1e4456b..c202573 100644
--- a/modules/nixos/server/navidrome.nix
+++ b/modules/nixos/server/navidrome.nix
@@ -50,7 +50,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix
index 064a509..15cdee8 100644
--- a/modules/nixos/server/network.nix
+++ b/modules/nixos/server/network.nix
@@ -27,7 +27,7 @@ in
 
     swarselsystems.server.localNetwork = netConfig.localNetwork or "";
 
-    globals.networks = lib.mapAttrs'
+    globals.networks = lib.mkIf config.swarselsystems.writeGlobalNetworks (lib.mapAttrs'
       (netName: _:
         lib.nameValuePair "${netPrefix}-${netName}" {
           hosts.${config.node.name} = {
@@ -36,7 +36,7 @@ in
           };
         }
       )
-      netConfig.networks;
+      netConfig.networks);
 
     globals.hosts.${config.node.name} = {
       defaultGateway4 = netConfig.defaultGateway4 or null;
diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix
index 72298a6..5b9bdda 100644
--- a/modules/nixos/server/nextcloud.nix
+++ b/modules/nixos/server/nextcloud.nix
@@ -18,7 +18,8 @@ in
 
     globals.services.${serviceName} = {
       domain = serviceDomain;
-      inherit proxyAddress4 proxyAddress6 isHome;
+      inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+      homeServiceAddress = lib.mkIf isHome homeServiceAddress;
     };
 
     services = {
diff --git a/modules/nixos/server/oauth2-proxy.nix b/modules/nixos/server/oauth2-proxy.nix
index 21b33ac..f6c6a23 100644
--- a/modules/nixos/server/oauth2-proxy.nix
+++ b/modules/nixos/server/oauth2-proxy.nix
@@ -1,7 +1,7 @@
 { lib, config, globals, dns, confLib, ... }:
 let
   inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
-  inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules;
+  inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules homeServiceAddress;
 
   kanidmDomain = globals.services.kanidm.domain;
   mainDomain = globals.domains.main;
@@ -153,7 +153,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -211,14 +212,16 @@ in
         extraConfig = ''
           proxy_set_header X-Scheme                $scheme;
           proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
+          allow ${globals.networks.home-lan.vlans.services.cidrv4};
+          allow ${globals.networks.home-lan.vlans.services.cidrv6};
         '';
       in
       {
         ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
           "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
         };
-        ${webProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceAddress serviceDomain serviceName extraConfig; protocol = "https"; };
-        ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; extraConfig = extraConfig + nginxAccessRules; serviceAddress = globals.hosts.${oauthServer}.wanAddress4; };
+        ${webProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceAddress serviceDomain serviceName extraConfig; };
+        ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; extraConfig = extraConfig + nginxAccessRules; serviceAddress = globals.hosts.${oauthServer}.wanAddress4; };
       };
   };
 }
diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix
index fe71d04..0bd12f6 100644
--- a/modules/nixos/server/paperless.nix
+++ b/modules/nixos/server/paperless.nix
@@ -34,7 +34,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/postgresql.nix b/modules/nixos/server/postgresql.nix
index f059e6f..97850c1 100644
--- a/modules/nixos/server/postgresql.nix
+++ b/modules/nixos/server/postgresql.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, confLib, ... }:
+{ self, config, lib, pkgs, confLib, ... }:
 let
   inherit (confLib.gen { name = "postgresql"; port = 3254; }) serviceName;
   postgresVersion = 14;
@@ -7,6 +7,14 @@ in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
+
+    topology.self.services = {
+      ${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
+        icon = "${self}/files/topology-images/${serviceName}.png";
+      };
+    };
+
     services = {
       ${serviceName} = {
         enable = true;
diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix
index 2d3b852..ed09675 100644
--- a/modules/nixos/server/radicale.nix
+++ b/modules/nixos/server/radicale.nix
@@ -42,7 +42,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/router.nix b/modules/nixos/server/router.nix
index 77663e2..6e69770 100644
--- a/modules/nixos/server/router.nix
+++ b/modules/nixos/server/router.nix
@@ -7,8 +7,9 @@ let
     })
     globals.networks.home-lan.vlans;
   selectVLANs = vlans: map (vlan: { VLAN = globals.networks.home-lan.vlans.${vlan}.id; }) vlans;
+  lan3VLANs = selectVLANs [ "home" "devices" "services" ];
+  lan4VLANs = lan3VLANs;
   lan5VLANs = selectVLANs [ "home" "devices" "guests" ];
-  lan4VLANs = selectVLANs [ "home" "services" ];
   inherit (globals.general) homeDnsServer;
 in
 {
@@ -205,9 +206,9 @@ in
               Bridge = "br";
               ConfigureWithoutCarrier = true;
             };
-            inherit bridgeVLANs;
+            bridgeVLANs = lan3VLANs;
           };
-          # winters
+          # summers
           "30-lan4" = {
             matchConfig.MACAddress = config.repo.secrets.local.networking.networks.lan4.mac;
             linkConfig.RequiredForOnline = "enslaved";
diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix
index 848941d..59d9231 100644
--- a/modules/nixos/server/shlink.nix
+++ b/modules/nixos/server/shlink.nix
@@ -94,7 +94,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/slink.nix b/modules/nixos/server/slink.nix
index be92992..398f099 100644
--- a/modules/nixos/server/slink.nix
+++ b/modules/nixos/server/slink.nix
@@ -71,7 +71,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/snipe-it.nix b/modules/nixos/server/snipe-it.nix
index 71d7b31..a9c105b 100644
--- a/modules/nixos/server/snipe-it.nix
+++ b/modules/nixos/server/snipe-it.nix
@@ -32,7 +32,8 @@ in
       };
       services.${serviceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix
index a2fe215..8a1945e 100644
--- a/modules/nixos/server/syncthing.nix
+++ b/modules/nixos/server/syncthing.nix
@@ -70,7 +70,8 @@ in
       };
       services.${specificServiceName} = {
         domain = serviceDomain;
-        inherit proxyAddress4 proxyAddress6 isHome;
+        inherit proxyAddress4 proxyAddress6 isHome serviceAddress;
+        homeServiceAddress = lib.mkIf isHome homeServiceAddress;
       };
     };
 
@@ -129,8 +130,8 @@ in
     };
 
     nodes = {
-      ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
-        "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
+      ${dnsServer}.swarselsystems.server.dns.${globals.services.${specificServiceName}.baseDomain}.subdomainRecords = {
+        "${globals.services.${specificServiceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
       };
       ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain; serviceName = specificServiceName; maxBody = 0; };
       ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceDomain; serviceName = specificServiceName; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
diff --git a/modules/shared/config-lib.nix b/modules/shared/config-lib.nix
index 83cbfa6..9f91ae2 100644
--- a/modules/shared/config-lib.nix
+++ b/modules/shared/config-lib.nix
@@ -81,13 +81,13 @@ in
                 interfaces.vlan-services = { };
               };
               extraSpecialArgs = {
-                inherit (outputs) nodes;
+                inherit (inputs.self) nodes;
                 inherit (inputs.self.pkgs.${config.node.arch}) lib;
                 inherit inputs outputs minimal;
                 inherit (inputs) self;
                 withHomeManager = false;
                 microVMParent = config.node.name;
-                globals = outputs.globals.${config.node.arch};
+                globals = inputs.self.globals.${config.node.arch};
               };
             };
           }) else (_: { _ = { }; });
diff --git a/modules/shared/options.nix b/modules/shared/options.nix
index 28f2e2e..8f56f94 100644
--- a/modules/shared/options.nix
+++ b/modules/shared/options.nix
@@ -29,6 +29,10 @@
       type = lib.types.bool;
       default = true;
     };
+    writeGlobalNetworks = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
     swapSize = lib.mkOption {
       type = lib.types.str;
       default = "8G";
diff --git a/nix/globals.nix b/nix/globals.nix
index cf6ee94..b088464 100644
--- a/nix/globals.nix
+++ b/nix/globals.nix
@@ -24,6 +24,7 @@
               inherit (pkgs) lib;
               inherit (self.outputs) nodes;
               inherit inputs;
+              inherit (inputs.topologyPrivate) topologyPrivate;
             };
             modules = [
               ../modules/nixos/common/globals.nix
diff --git a/nix/hosts.nix b/nix/hosts.nix
index 0bab7d5..29de26e 100644
--- a/nix/hosts.nix
+++ b/nix/hosts.nix
@@ -11,7 +11,7 @@
           specialArgs = {
             inherit inputs outputs self minimal homeLib configName arch;
             inherit (config.pkgs.${arch}) lib;
-            inherit (config) nodes;
+            inherit (config) nodes topologyPrivate;
             globals = config.globals.${arch};
             type = "nixos";
             withHomeManager = true;
@@ -73,7 +73,7 @@
         inputs.nix-darwin.lib.darwinSystem {
           specialArgs = {
             inherit inputs lib outputs self minimal configName;
-            inherit (config) nodes;
+            inherit (config) nodes topologyPrivate;
             withHomeManager = true;
             globals = config.globals.${arch};
           };
@@ -110,7 +110,7 @@
           inherit pkgs;
           extraSpecialArgs = {
             inherit inputs lib outputs self configName arch type;
-            inherit (config) nodes;
+            inherit (config) nodes topologyPrivate;
             globals = config.globals.${arch};
             minimal = false;
           };
@@ -197,5 +197,7 @@
       nodes = config.nixosConfigurations
         // config.darwinConfigurations
         // config.guestConfigurations;
+
+      "@" = lib.mapAttrs (_: v: v.config.system.build.toplevel) config.nodes;
     };
 }
diff --git a/nix/topology.nix b/nix/topology.nix
index dc22d6f..0196de2 100644
--- a/nix/topology.nix
+++ b/nix/topology.nix
@@ -133,21 +133,25 @@
                   # trunk
                   [ "eth1" ]
                   # devices
-                  [ "eth2" ]
+                  [ "eth2" "eth5" "eth6" ]
                   # home
                   [ "eth3" "eth8" ]
                   # guests
-                  [ "eth4" "eth5" "eth6" "eth7" ]
+                  [ "eth4" "eth7" ]
                 ];
                 interfaces = {
                   eth2 = { network = lib.mkForce "devices"; };
                   eth3 = { network = lib.mkForce "home"; };
+                  eth5 = { network = lib.mkForce "devices"; };
+                  eth6 = { network = lib.mkForce "devices"; };
                   eth7 = { network = lib.mkForce "guests"; };
                   eth8 = { network = lib.mkForce "home"; };
                 };
                 connections = {
                   eth2 = mkConnection "nswitch" "eth1";
                   eth3 = mkConnection "bakery" "eth1";
+                  eth5 = mkConnection "ps4" "eth1";
+                  eth6 = mkConnection "ender3" "eth1";
                   eth7 = mkConnection "pc" "eth1";
                   eth8 = mkConnection "pyramid" "eth1";
                 };
@@ -175,11 +179,29 @@
               };
 
               nswitch = mkDevice "Nintendo Switch" {
-                info = "Nintendo Switch";
+                info = "Atmosphère 1.3.2 @ FW 19.0.1";
                 image = "${self}/files/topology-images/nintendo-switch.png";
                 interfaces.eth1 = { };
               };
 
+              ps4 = mkDevice "PlayStation 4" {
+                info = "GoldHEN @ FW 5.05";
+                image = "${self}/files/topology-images/ps4.png";
+                interfaces.eth1 = { };
+              };
+
+              ender3 = mkDevice "Ender 3" {
+                info = "SKR V1.3, TMC2209 (Dual), TFT35";
+                image = "${self}/files/topology-images/ender3.png";
+                interfaces.eth1 = { };
+                services = {
+                  octoprint = {
+                    name = "OctoPrint";
+                    icon = "${self}/files/topology-images/octoprint.png";
+                  };
+                };
+              };
+
               magicant = mkDevice "magicant" {
                 icon = "${self}/files/topology-images/phone.png";
                 info = "Samsung Z Flip 6";
diff --git a/pkgs/config/swarsel-sops/default.nix b/pkgs/config/swarsel-sops/default.nix
index 43a0bc4..856825d 100644
--- a/pkgs/config/swarsel-sops/default.nix
+++ b/pkgs/config/swarsel-sops/default.nix
@@ -3,9 +3,9 @@ writeShellApplication {
   inherit name;
   runtimeInputs = [ sops ];
   text = ''
-    sops updatekeys ${homeConfig.homeDirectory}/secrets/repo/*
-    sops updatekeys ${homeConfig.homeDirectory}/secrets/nginx/*
-    sops updatekeys ${homeConfig.homeDirectory}/secrets/work/*
-    sops updatekeys ${homeConfig.homeDirectory}/hosts/*/*/*/secrets/*/secrets.yaml
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/repo/*
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/nginx/*
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/work/*
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/hosts/*/*/*/secrets/*/secrets.yaml
   '';
 }
diff --git a/pkgs/flake/gen-sops-guest/default.nix b/pkgs/flake/gen-sops-guest/default.nix
new file mode 100644
index 0000000..bade2fd
--- /dev/null
+++ b/pkgs/flake/gen-sops-guest/default.nix
@@ -0,0 +1,30 @@
+{ name, writeShellApplication, ... }:
+
+writeShellApplication {
+  inherit name;
+  text = ''
+
+    if [ "$#" -lt 3 ]; then
+      echo "Usage: $0 <host> <arch_path> <service1> [service2 ...]" >&2
+      echo "Example: $0 hintbooth hosts/nixos/x86_64-linux adguardhome nginx" >&2
+      exit 1
+    fi
+
+    HOST="$1"
+    ARCH_PATH="$2"
+    shift 2
+
+    for service in "$@"; do
+      cat <<EOF
+      - path_regex: ''${ARCH_PATH}/''${HOST}/secrets/''${service}/[^/]+\.(yaml|json|env|ini|enc)\$
+        key_groups:
+        - pgp:
+          - *swarsel
+          age:
+          - *''${HOST}
+          - *''${HOST}-''${service}
+
+    EOF
+    done
+  '';
+}
diff --git a/secrets/nginx/acme.json b/secrets/nginx/acme.json
index 6ec8ba0..b21df16 100644
--- a/secrets/nginx/acme.json
+++ b/secrets/nginx/acme.json
@@ -10,23 +10,27 @@
 		"age": [
 			{
 				"recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHU3ErUkRteVpGV2lFWUg5\nZTlwTWthRkZJRk5sR2pXTzZDdVhOSFY1T3hZCllQalcyR0E3UEN0SjhtbEVsTmM0\nNGxrRm1mUHFYVlpWaEpYYjMvbVlyRTAKLS0tIG5yV2RuMmxFSmFiVnZmaklBRFVY\nV0pDNW00cUdJdzFKNEN2bVQwT2FoVk0Ku1Rk8wsXyxWtgPZFoPpXB32IRRcTXLO5\nz+8H54pCpj+8+5Ew5GQOXW8wd3HXp4iggYuedp828ZjMbFbrZTTQBQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MkVWMVVEUHhJa0NNT1dm\neEtFWGo4NlpKcFo3d1RPNXFMNWJPNWpEa2lZCmpINnRRcW1qTjJTT1A4bUtMYjFN\nZHg3dEgvaDdWaGwyU24vL21UVFlvZkUKLS0tIGtYUExVQS9YMkR3V3N2WnZCWkN4\nK0FZU0NUSkc5cSsvS2dsT0czRm4vczgKxmpG1GnT2grZ2puDH71vOnWho3q/DFBm\nGdrD94R/urKL6Ij2A3E31DOdRj+y4kcXFkEu7n2j40bS8ImrbOfLkQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBicGgyWFprbFZjS3FSU1U5\ncXVPbVltRE9nYWlKTUJkZjk2RlVlT01ETFNJCjdaMldRNGlPNWVkc2h6cVFQTVAv\ndGNiM1lHSmZSdURoQTRJWUFCK09VN1UKLS0tIEV0SGJJMlRIc0E5WVFxcVVkQ0dh\nNnFBMGdvL015YTJjMTVubVdyMnhnNUUKWjSqZ23dCPsHC2qfg5TVmbfQpe/vZsFb\nMN7AWzIVXq9KMHhQT5SX/XWhzIIoOkk5L7UwX/mYDqBsbUs0r2lXVQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSHVlbXJyMG1tUGI0SVN2\nQW9CamttbFpySm1XdWRuVTZxcUJaQTV4dmdjCnhVcTVaVHZFUmxiMUVycXc0cmFP\nQ0pTZEJzUjBGaTB4VXd1RExTaDVWdTQKLS0tIDFVK3UxMHVQMkNsQjMwWW43cjht\neVdNbE1iM1h1UDRuLzRIQWJJTXpTTG8K8cn+NWUEHDGUWjqyt5fkNkQffOYLcrYM\nDsxuV9NeRwJ6uoTmeDVF+6R9HhZ4cz6TlklcXclfod6DOhu+rio81Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVDhmVHhrdkhVb1hrT1Zt\nQkRNMldNVU0yT0VtTWFEeDUrS0VBamRLNWtFCnpTYWVxeVBSRkNZbThpSyszWkNY\nWFB1WDZUNUQrTHlOeGtLSlVoNGhVR0EKLS0tIDFnRkdaYzhYMCtGa0FBM3pOVTVG\nV2VZUFl0Ui93YWMxZlhZaXNxc2orWHMKPiJUyWXMZKAbNkBD4JgIrLuj0+CyZI95\nu2O3WUvsEUgorhY6L1HhlU8K6qMaNhf7XFoIJKCxI0t4utm7iKxbgQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU09YQkFuK3JYZnlsOFlw\ndTM0U3U4MVAzMXpBckRWSk1ibVdkME5lT1RjClNIZDJUQXowYzljQ2hJSTdzaGJF\nRjAvekEzbHVtSzAweWtBSjVmTnBHNDgKLS0tIGp4MjRvWnJQNWNvWW1uQmRNbDFk\nZnpXNFhXcDdOQVU1bUdTa05XaFJYd3cKi8/U+tAGtrPL0RMc5HMFrViXW1lQhli7\nBBc98cm3GhzvbJM3y0Dcjy7DWkXTiFXbhplqFjp+spz9LfYP5VuafQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NmVndGpWMVB2VTNWQ2Nh\nbncrOFdYZVhRQlYybG9HWDBuRm1Ec1k3b1NrClBIWUxESTArQm5tWUx0MzdudFpS\nZGtBemFXQmcyb25HR253ZjdWcmlEa0EKLS0tIDF2akdkRmFYRE4wR25Qa2Y2T1pw\nWUVxOG5RTlBmRTRSZjZKcG1rSkcrT2sKf0A4MWMScwtJFo3Q/9e/Y7atj15qW1ux\n8iCCRpTwyDZbEd+ZXjGi6ys5I42hYtuSPob9+WC0oyFqYRaEJSRtZw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2025-12-04T19:04:02Z",
 		"mac": "ENC[AES256_GCM,data:nWV/knCo/MeWTBrfq1VlV6SPEQ2i2P+le82S2So0BIxPfz8tqan0MdaIaKLFlapsT9VRJOv8ZCCXSLWeGcbEvfmEz4MP1E4iHcU/4YaO+n895D1JrjeyP1cgGisnXqe01xMXCsDY178sqxHcnDDlXp9foCem+mGjIlKGPYGu5Oo=,iv:qbavbW3MF4fx+E3aybBYaz/T/Hb63ggWml4Oe9WFz+I=,tag:05vBbBGDGRNaXJWoZn1bVw==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2026-01-04T22:59:24Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAA0D1lQY8D94Q1cu8g0UihoaImiVUXK944yuayfPO95rlj\nb9De1VOUKsUBE2wGpxwisOa12NG1a52bVVFbVUDBz2vLy4956/EjgP7CZds7OKHj\nbPxIdA75fA8QVHUVkI4AHKFebQU6OsLdOcB5pjqDlkKzmPUihwgtLCI6UfOyx4Se\n7ADHYKj24igh1Xxd2G3HzngYAQ20zn434TK/dr48yeQfNTYODtMJCdfVoYU4/bWD\n4jDdoKA0B/WdvPlJtYar+yvQxQiom2myXeeLXt8yUN5ugJkGNeFYl9JtlpchuyU4\nXvSFAKemAa1DrwFb1zakzOozZqb/i5MRFK8xGCK6CXy5YzwWHlKwW6HbSS95tWvO\nWUqVYdLplRuZ9eif+szrOXm0yQbABeVEGkyo89n3ytsirUTY+gPHpd7jiWID3d+8\nxi3oPDcxaTkfYehaAEn+LBInd47gXTkYTVizxFbdREARRI7qS/6gMXQY6EXnc+FU\npcP+dEFH3fRA7raFW3kL1Bzg1sDomAp8L0EgEaWOdTDR8f4ub3uvBPShQWFgl0t/\n0UwuR/UI//z6FiG66HiDd2ThDzeceRwyZTdFUjDH5CcS0cBBmFhYi9TxvjiJi8D3\n0Ui0h4jA1Y3/5S9Qk8nBfD2sbtzNHMEH3JVotunwTKu7BoZFHZD49SW7dGzJzjyF\nAgwDC9FRLmchgYQBEACQm0ujn9b1TG5gn7P40qv3nrjAJyH7nJXPEYs5TWXFMabm\nKnj2FYPAdynClaA2FVu6puXhbpN2aDWL9qg7iSpvLT1HZcgdudItj3N2sWJIe6Vs\narO25eKSzzJMAwOsOVwJJPCk4LCNPTl+M/o66lru3rSltSHvYJXQmfbw/iesgBVY\npq+4yGy9HxxKx7fCkpaK0cvZ3X8zpyIzkHIjoRcHWzKiW1dirmaYcRahFDOwSGx0\n91RmLpONp67kzrV603jikhsNNppGGUslv91FivK89jpTy1ZwFDw2es59tzdAapxm\nySXf1PTWAdm3VZaEixmQdMYJxrbwN4HrsyDvMmQWM3yiyYbrzGwSISxeYkPEfT8i\nWL+N1tfdM9PhQMKdB1onoyt16e6ga9nkHYDeaVgyNP4yfQedFV3ve0WOjeTqVODu\naSzBVVDTcc7mFd7IoM8cLj82FGBxI807tmBX3rHa41kVDQ7NvL+jVmz2Q4SQ+PHC\nmrifYG+GjvEIWinx4x5b6vmeAWd8nGDmMg7pUm7cVR4ryQHrF8FcIck/qMZTh6Vl\nIbZRuqKkiy+pAlPyS21wx6dqj4EBdxwtyDijrkuIgtbdMiJ/kuSqQAKlkSODVOit\nRTitR8JVHL73usPIgkzdGf16Hc+29HDlON4gaF6CdVwdVQc37oATDT6bzusWD9Jc\nAdYyhlpx1RU+o2PUWf3g4vBthXiybvNkvyUMDL6M58ehaX6UusCGV3h2zcwG8qDC\nBfD7F6+dLMblwf3vOiD3w8Pjn3nDhA7W+r8Ls33fAONg0DrfS/d0aCVCq8U=\n=baij\n-----END PGP MESSAGE-----",
+				"created_at": "2026-01-10T00:53:12Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//aS1VDtyD3Eqw24nd9zrvKJfQ6DLX2Y8bi1Stm9yeLHTY\nwjkDnzROehRd4CxN9RcxjefgApgTg0q5Bsk9h+qLy+t+76jAHdTv2WYx+1HLPeRA\ndHcmNNmpfy+zy1Z3aGKFYr3cTzPsQ+pZ2hzrSxK44ULTWcYrU34LsVXyxu/aZsS4\nllHHHYMOdVtJD2PG6lj4uToMqkQ1Gt56ZOCigj3gG78sM2mI2halSVp+af7Xs5Sp\nROntTv6mzbKbczrnXi8cWCgcIbe3K9xUOcE80I8YH1nCltc5VfZrmzUelCkXiooa\n+DVeCEP7B4J/kniL7o67AYHf5V1maTiK7eu/cLlSqir7o/f1UjL+0J4CUc92AE+c\nhmv7iORCMsT5qBwVTL3yP+rqbShGeVdjqbRUfq4N26kUGDfJBMUrrtuUx5Q8CUk/\n6TRxnhDQw27pH25EjxFz2HYc+wRHZl34B3ovAGyv+Wm0ge7PZS8WmkKbyAHC8YeS\nubvlUkgaKgYYfnWwjEcT/IWBrtF0dFS6wGZGfDbkiiCN/Ex55N5CD7LMYDpGaA4g\npUw+2iINbqaoENItIa2UnKwO/COmEAa3+WMlspSXsxd+ONhpdaiXtrdqCjlV2Ig4\nHwBdEXxWopTAouCOuE+snes9orVP+Cj9EwFsiIdD5frB1oSI2KahDeAEe8tlljqF\nAgwDC9FRLmchgYQBEAC+TheTgdKq+E5Z8++e8Mk/U2SMwG3WjWBpAnSS2jfCZwpA\ntjIvVtCgwMk/cM4rQ+SGex5kqFQapF3SqHb9+kFWVv7CUVUZnGOMvp7gD0CXTT1l\nDC8d3SsD4SpytqJc3ywtulZyUSRrxzEUYHU5lHuiy5u4WBsGDelr/2JcYxwhZ9H/\nkJBWxAJY7KfyS4Y/6dcR6U59C6G58PjLnhaa3LRFr/iXiRc6KML2dluLskudhzgA\nnlbdclXVPJK+zH5dxbgzso94GlVDYMCCm+oPT1gxRtOQn00+PnagnOioosOfRCWZ\nAmnrnZm8uM1W6kzx0ARVLv+gzFZm+PkTFdMNkXOXjKa4m4pZ07o3LoBPrgknpj7s\n2vIzMAJkgrnraFrg2pqjYQCQjteuhz4RU5hOuWR4gWyHwgKPJAM1JYgJj/c2IOvI\n4M6jw8FpWQMF4B4GJbQWaSBqcC+NBHOnGFhFygKZG2DITPBitDkY3GwDVv1XyEKU\n1Tz5nSHuwol+hIOq8/GcyxaugD+IOVuiEomhbeXK/qiqCSmNUy4iEsyeRzqJ3Q/0\nw/WGEkLyIe74W1h+Y8zMxW13YPf39xRR5/q+w46hW5/ExRGY5+P1Ri8qIBEbAl+M\nvelvCg3Ia0pA0cbgigoua6sDZ2ubzPU9sy+G8bASExN4k6dIrdrKPOy0dnhdTdJc\nAcTSN5P4AdRvGAirQz9eO/CvGHOleRLAouYMFFPnbc3c7PA+hDowRAUmTR4q2ktK\nuXujMoFluEzxzDfuTexibx5BzXwSydIn7pbF3eogy+jIB3XBeLO9t+lFfGY=\n=Rd5L\n-----END PGP MESSAGE-----",
 				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
 			}
 		],
diff --git a/secrets/public/wg/ankisync.pub b/secrets/public/wg/ankisync.pub
new file mode 100644
index 0000000..defa9ea
--- /dev/null
+++ b/secrets/public/wg/ankisync.pub
@@ -0,0 +1 @@
+mlMUYsaU36jLPMlD49HAGj11j5NN8ngIfW7DNKOPEX4=
diff --git a/secrets/public/wg/atuin.pub b/secrets/public/wg/atuin.pub
new file mode 100644
index 0000000..3cf6c7d
--- /dev/null
+++ b/secrets/public/wg/atuin.pub
@@ -0,0 +1 @@
+ogEsaFi3xzsh8fdZmi3Bfrk8cnfWBuWFens4tN1PPHU=
diff --git a/secrets/public/wg/audio.pub b/secrets/public/wg/audio.pub
new file mode 100644
index 0000000..370affe
--- /dev/null
+++ b/secrets/public/wg/audio.pub
@@ -0,0 +1 @@
+wTZfD9kRr2IIqtkZ6y+2dSPOuA/8yXex9ZmavzZf3Fk=
diff --git a/secrets/public/wg/firefly.pub b/secrets/public/wg/firefly.pub
new file mode 100644
index 0000000..58e7c02
--- /dev/null
+++ b/secrets/public/wg/firefly.pub
@@ -0,0 +1 @@
+/RpqQJgsL5lbpDDquJefC+ou3Zd4RCsEVW5pZYNI2xY=
diff --git a/secrets/public/wg/forgejo.pub b/secrets/public/wg/forgejo.pub
new file mode 100644
index 0000000..dc949be
--- /dev/null
+++ b/secrets/public/wg/forgejo.pub
@@ -0,0 +1 @@
+Ph7ILph8QjkFtf9o8GAViYXg/hy+EJOKsTBttQSG0jw=
diff --git a/secrets/public/wg/freshrss.pub b/secrets/public/wg/freshrss.pub
new file mode 100644
index 0000000..ee591da
--- /dev/null
+++ b/secrets/public/wg/freshrss.pub
@@ -0,0 +1 @@
+BSiDLbtfcZ961XIjV4BT9ZmEWgeO8G8u30yqj9GZBRs=
diff --git a/secrets/public/wg/homebox.pub b/secrets/public/wg/homebox.pub
new file mode 100644
index 0000000..4dd8594
--- /dev/null
+++ b/secrets/public/wg/homebox.pub
@@ -0,0 +1 @@
+AQE55CLRPQBsL6pkUxkZv2PhQMeyfTNQtE3JbIfbADo=
diff --git a/secrets/public/wg/immich.pub b/secrets/public/wg/immich.pub
new file mode 100644
index 0000000..fb6c87c
--- /dev/null
+++ b/secrets/public/wg/immich.pub
@@ -0,0 +1 @@
+3dPj3ENbf9+/Szj4YL7n0VlQw/0B48r6QIO979oL2As=
diff --git a/secrets/public/wg/jellyfin.pub b/secrets/public/wg/jellyfin.pub
new file mode 100644
index 0000000..f4234d0
--- /dev/null
+++ b/secrets/public/wg/jellyfin.pub
@@ -0,0 +1 @@
+bil6yazKZbPZormCj9y+2J7TYaWdbQnFjVDsJOgZBx4=
diff --git a/secrets/public/wg/kanidm.pub b/secrets/public/wg/kanidm.pub
new file mode 100644
index 0000000..a214f79
--- /dev/null
+++ b/secrets/public/wg/kanidm.pub
@@ -0,0 +1 @@
+lNvma78QejQQh/xhC+6a281HWjtcgJA0C0fla7PAGGw=
diff --git a/secrets/public/wg/kavita.pub b/secrets/public/wg/kavita.pub
new file mode 100644
index 0000000..e915fe5
--- /dev/null
+++ b/secrets/public/wg/kavita.pub
@@ -0,0 +1 @@
+hLoJxuR4HTfkBsRRx2dv5UTMpI1pBFMkwmu+qFIR4RE=
diff --git a/secrets/public/wg/koillection.pub b/secrets/public/wg/koillection.pub
new file mode 100644
index 0000000..36eba45
--- /dev/null
+++ b/secrets/public/wg/koillection.pub
@@ -0,0 +1 @@
+rZmY1K1L0HZlywPEMRT+wLr60wZRj8gWe/NjpyE6Lhk=
diff --git a/secrets/public/wg/matrix.pub b/secrets/public/wg/matrix.pub
new file mode 100644
index 0000000..a3d9f2a
--- /dev/null
+++ b/secrets/public/wg/matrix.pub
@@ -0,0 +1 @@
+pSYokBO23MeZ38RW4gvOz6scZ1BAUOJp4Tndo7MgVjk=
diff --git a/secrets/public/wg/monitoring.pub b/secrets/public/wg/monitoring.pub
new file mode 100644
index 0000000..a342b13
--- /dev/null
+++ b/secrets/public/wg/monitoring.pub
@@ -0,0 +1 @@
+VuNusa6BiQUA0salk6WAtUfKXixox4Z6hbUjA2HQj0E=
diff --git a/secrets/public/wg/nextcloud.pub b/secrets/public/wg/nextcloud.pub
new file mode 100644
index 0000000..9aba944
--- /dev/null
+++ b/secrets/public/wg/nextcloud.pub
@@ -0,0 +1 @@
+tJtyotp9S8n2y0NtZZ4fArP+tDGnsKBqg+99zEdFZAU=
diff --git a/secrets/public/wg/paperless.pub b/secrets/public/wg/paperless.pub
new file mode 100644
index 0000000..301a864
--- /dev/null
+++ b/secrets/public/wg/paperless.pub
@@ -0,0 +1 @@
+Ihd6Sqcc0A5JWYxrxU1eJad9z62mm8B+nqI+SVmGFWg=
diff --git a/secrets/public/wg/postgresql.pub b/secrets/public/wg/postgresql.pub
new file mode 100644
index 0000000..eb8eb51
--- /dev/null
+++ b/secrets/public/wg/postgresql.pub
@@ -0,0 +1 @@
+u3xx/1xOWwjqBZaOkLkW66cotkwEpEehGMGGWvRk7Co=
diff --git a/secrets/public/wg/radicale.pub b/secrets/public/wg/radicale.pub
new file mode 100644
index 0000000..3f7eae5
--- /dev/null
+++ b/secrets/public/wg/radicale.pub
@@ -0,0 +1 @@
+VWcQF9ZOgHbc0PFRH4PqxPNP5o7NznxxxB09D/TvZxQ=
diff --git a/secrets/public/wg/storage.pub b/secrets/public/wg/storage.pub
new file mode 100644
index 0000000..502322f
--- /dev/null
+++ b/secrets/public/wg/storage.pub
@@ -0,0 +1 @@
+1yhwpZid36a+zZQsYQcj4Vm/owvEkSz1bZPArwYjqAo=
diff --git a/secrets/public/wg/summers.pub b/secrets/public/wg/summers.pub
new file mode 100644
index 0000000..8f5f4a9
--- /dev/null
+++ b/secrets/public/wg/summers.pub
@@ -0,0 +1 @@
+GpP8HLVz/lWA8YNfnCTCutBzQUf07Gx+MAM3aosDEm4=
diff --git a/secrets/public/wg/transmission.pub b/secrets/public/wg/transmission.pub
new file mode 100644
index 0000000..f9f6dbf
--- /dev/null
+++ b/secrets/public/wg/transmission.pub
@@ -0,0 +1 @@
+R4HtfIJcQwvwJljl1hRFk6hlKjtgH8/xYgvtgrobsBA=
diff --git a/secrets/repo/certs.yaml b/secrets/repo/certs.yaml
index ea74d3d..db504d7 100644
--- a/secrets/repo/certs.yaml
+++ b/secrets/repo/certs.yaml
@@ -8,170 +8,170 @@ sops:
         - recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRODlCSHVFV3NESi9XaTFz
-            SDcveEUrNzVVSXBISHVxTTQraXlIbmFtNGlVCkVGZXVOY0gxT3NkeW9kRVZzdEZv
-            S2FPRTRSVDBZam1hK2h3ZXdsb2VCV3cKLS0tIGFPOVh2M3FaaTZ3MWp6Mzd0Qzd2
-            YmM3eWhUbkJVbE83UndPUmhxd2NVcFUKeS38ytvWf/XRwh9TCcO4joL28EE1/Yn9
-            F6aPK5RJ0LJQ+fdbl4y3uQNuJ4bjOL0bkW0RAEOUt2LCtUm6qJqPWA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWWx3YkdrRklsM0R0M3Fj
+            VmhDNkpicjVPZmgwUzk0b2JseTRoVld1TXlzCmRIVjZTZThVeHQ3NCtaVGtTN0RK
+            UmR2cksrT2xXeGNKT2FTRXFiZE82N0kKLS0tIFZLVjh6Tm50a1g5b0tGMFB5QjBQ
+            aDNib1gzUGk3MGk0N3BWbEhOUnRoRG8KKNX9e1cc3kikcyVmKcAr0b2vp2catXrA
+            1W8aaTgB/V7o0c1ZfxLVCj2B+Niavs2UZ0hsl2o/LEPhob5NgmGxnQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl
+        - recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bC9jT2VEUDhISkRQN2RW
-            ejZNcHE0R083WXpCaXRvTGxLNHhUbi9aWUZrCnNqa3hPaGxWaXM1UXRnVldzait3
-            S0tML2VTelhzM1hrN3JuV1k5TlFPNXMKLS0tIC9Ta3pwdUsrdFllaFIraW41WmlP
-            V1kxSm5LN3lmNU1XSk4yRC9ObkNGSm8K+Z+j2kv+webiouIJDtKlyMxJjmPpapPJ
-            b3LLdnB8/8637zXU4flWcTE/YHA1fMQ5aiF5OmLsZ526a98QJI68yw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZnBLMmo0V3FJQktqY242
+            YVZ5Z3N6cHZuQ0dER0pyWmNzOUhCVGpJTlhzCmtXeEZRUGpYYkI0UkZ4djJBRThJ
+            OE9Ibzl6TzUwQm4yZ21yN3ZkSC9kdjgKLS0tIHF5bkNvWlNOMUd6bzF3QktYNDk5
+            OFI4VFU3ZEpxN251d28vK1V3UFNWa2sKwcmJy3nLqX9OiH6yCOOcheQTasu1LKUk
+            nXvG3SESEEuhuzJHOlREgF8xiZz3n2t4uJGcdVsrn7PGdytpgvqmgw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaFd5RVFUbXc1U1orLzBu
-            ZzcraVZYR3RIbUQyNmgyT3ZkNHJhQmx0dEFvCkdVbDFzcENMYWRMM2t5ODdkMTNl
-            dEVKdHhuY2hGSWVnU3c2cXlhZmp2bTgKLS0tIEVCMUN5blgvaDlmMDFNQmNqSFpZ
-            NWwvSFBZVUlPUUFobXJQVzZZK1RSOTQKY4E+x3y2t6h+y4oLEWn+zcDnRYBaYjq7
-            KOHxDiutX+vbnpMtff6fTZMm3+aSSHrzZCubT8Ysy82RZ5bBzVyJtQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdkFwbCs5ODZTVmVRVXBp
+            N3RkUGUrcU4zNEZXUDN6ZUhsdjIyRWl0eUZRCk5NUkNXQjFuTjhYRG1vRWQzRE1X
+            OHc0RzJYaSt4eGlSZUl0aXEzd2RXUWcKLS0tIEE0cklRYzNJYkx3T0hOaXJET1pM
+            RzVtWU9OTmwzMXV2SXZ1RlhtU1AwaEkKnPwyerahQb+dQExCvYYTQLpCk759gY+K
+            bErEkJiwnE2B8jScPjRcv5lHxFjXkJDhWDf9yiwfdpChYa5TsdNXOw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRnQ3cEhySFBsbUp0VXlM
-            REk4UXc0SXo3akxPZGQrWXc3T25zbFhwNldJCmp4ZzhwZVlEYkFnRmtndGdKSHEz
-            QjJJK29PTi9JYkhtaGxOOGlRZ2IvQWcKLS0tIDhGREJWQjkwVWVsOFlhSlNjLzBr
-            cGZTQkZleGE3Z25yOTZtUUVyOGFjZmcK1ayFsX88StLCiYJi9C6aC/y9NV452oR4
-            Hpg4xrLYxVdFEOzKNzz5W6Z3hU3830n9RismzsF3Qgsug65KraP/dg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRkVxajBrWStPU3d4dEo4
+            bEVkemZPZ0I0ZUhVMlh5Z09HR3VhRzhTNWk0CkxXeUxoanFUa1U4VnNsT08yZU5p
+            Ymp4TG4wYUtYajB1ZnM4cE1qaWtpdE0KLS0tIHVFTU9wVVgzMTVEWk9QU2pLUXhP
+            dGNEbUN5SHRDNS9lUEtWSjFZVEJOL3cK17zNZodyRDHyGhdPjhQ1y4GD9hgZjv6Q
+            I6aG92b3PqhL2djlUCZWz3laec1n0pm07N2BLeQipukiTUBta2opeg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4YTVqeExJL2lCUjIvY05E
-            ckZqWWhsQmcvaHRmZ0QvSjBGSkZCRUdHbGs0Ckg3dDcyc21Fc0ZxY0NhYzNhSmRr
-            TDFBR3JJZWhZS1h1VTF6UVFTUjhCc1UKLS0tIE1TUEV0ZExFOHhOOEMxckxuS295
-            M28xRktSOFZaMzFabElNWDB2S2w5ancKuVkMJ6gT5HHezSOa5i4fhT0IJv8EQniP
-            B+o175EyLw8/tIWgKgB/L6RA5Wg7Q7r7P2C4vnSY1JOwa65It9tGAw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRTNIaXg3OTd4THBLWlUz
+            RXJNVkhSekRiZVIrVU1RYlNIbWhYMjNDSTNzCmQvQU1FYitZMUpQS0tLS3ZjMjJV
+            aGg0dTBLMWJRRWN2ZUV0dklLSVdXNGsKLS0tIFAxY1VpWE1pd09HeUFvdFBPeHdl
+            eFBHK0RaL0xwSjE1MVZ1VDN3aFlHbTgKUfl/Hcf/ZPgQkBQN8ZEPdHEZvBuGcmCS
+            ZWEYmMAM5GDdfv0Uei63b6JEiwoFIOdzOkoGczYuINo7bjgdG3aKQw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOUk5TkJjWTZ1MzVCK1RY
-            SWM5MmIxZEllZFJJQTk4dmpuakZCWUNyOFhRCkpvMEI3RDdVYkZHbmRzYmRjQ2dZ
-            RkVpN1EzTEJmK2VjeUFqMFFPWW9pUTgKLS0tIDhQeTZQUVM1S1hxdlJZRUN2WjZy
-            WTd4czkyV0JmN2IxNXZSS1VnK2NsRVUKzxoG+YTZKEDzBdRmOJjygD7Po+i/wTiI
-            RM3U+LpsP96i2vAsOKoJjNOrY6iOH8Iwbj0c5Q/OwgIgLcUQtDq4HQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWGRnakRiSFVYdU1uY0Vt
+            cEMvVkE4VVZKSTFvMENHNWhhWElmSytlczNZCjkxWGVyTzQwVWF2UmhNWWYvSHI2
+            emljVGloMTZnWmZLYVJwMVJGMzdodDAKLS0tIDFkclQrOHVqMWxWR1NjNE13UG9P
+            aGpTbUQ3UHN1ajlGWWdUaTFyK1VvY1kKwid1CxcpA3yl/STfuOMGNvdSShzjMLwL
+            gWXJ+6RPJcxNknKWzUuI4XIdlVmQ1o11Ju+I0/Ls9KeZJO4WK5DMsg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdFNUL1VWRHFjMFFmcCtp
-            TjlHMGJVeGMwVG5ZK1k2RWZKYkxHTzBSRmk0CjluNVVDVHMyRXp4ejJnVUNoZFZG
-            SXlZa095OXR0VTZtdzR2Z0hiRTFYZlkKLS0tIGRMRFJUbEtsVDJZSm9IcGhFdWxV
-            YTYycmUrK0RqVXIwTUZtZWNMdEdqRDAKhWlwQP+lz5enUF2EgFuLf2BhxcxAoWf7
-            Tqr0AOEXU3zr8k/pfKPNnQRoRbhjJWsW5uFtuTdTBbL1YnCBir7e3g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cmxMRGxhUE9RR0trZzJW
+            cWM5SnErdllIRjB3cmd5Z3Y1TTh4NHBhZEZjCkthM09qZkhTaWQ2RGlaa3NCdTBo
+            TjdLS05QeFl0c3lQRUlic2JaSEhpMzAKLS0tIFB2STlHMXRRNE0zNitPbTIrWkQ4
+            emFmU05tbEl3OEEzMURmMnZDdXFMVWsKjnnTZqEb1n92LpeQy5oqA7jD1KcCXWol
+            6HryhCI0IDVrJ4V3guihdcaRPUhnQCHllQK15RFkrVduYZ5BxmbNGA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3JkRHFpc2NSZlc0ajRG
-            Z3FaZGdzUGpqTXNCOW5hRU1NV3VJcCsvdkJNCnlmOVBkY1pZZlJ5d3dJbnlvN3ZN
-            MTBwRUJqNnJMOFdBWmdYMEpTTFpDK3cKLS0tIHhEUysrM2l4R28yRCtxL3VCbjV6
-            VUYvYWlOenNlVUt4UkhldFh2SXN4VEkKc5adiK86x+n+glENAMmeyS5WQce46wDj
-            ALy2W8zCDTeHBWJUXWGqovTCwmiHKb66egHMVtI4MKedTFhBuTLnAw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQd2hHU0x6WE5nY28wMWlJ
+            YXVUdEFTTUl0enp2aUZpa2NuVWpnMFVYS3p3ClNyeFljNTRHeVJKOFp3bEl3QW5S
+            ZXkrWi9JczgyQnZYNmJSWVNZcjFrRjQKLS0tIGYrdkpaVFlnaEpialFmRkZpVmJZ
+            T1VKWWFXeXdvcW1FOVVpdDJIcXJWWk0KRVwWBLOuA3HNJQTy3wGM8Vh9eAitgxZX
+            g/eL11CvU2/2sw2pyFCV0hIea46iU1P7s+dWirjiuear5phGNlUa6A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUjNMQTFHL0sxTlUwa0k3
-            aFhNWDIydWJmdFpkcG5EU1hqc0dQK1NTU0JBClBwUFpXbHQ1Z01MSUdxaFkweUg5
-            d0tiT1dvdXYwZHh6dy9Nak13VjR1Y0EKLS0tIHZsQTk3b25FSWdqNTBaRW1xZUJk
-            M09YMXZ3cDdKK2U3djhIZ24xOTBvY1kKbQyzT/jLiGAU4poUBw0nvkwB5N9X94EP
-            bWN8WNqPv8ak4OD2V4zIvLY6zxzT+meHHF1RVOJrTviOT0LVnWDzhw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcytidVZGbUVNcitZVkFF
+            SnRLMEFJVUZ6MWpPcjZsR2srbHl1NlFXRjFZCmovRmUyeWtUMnA2bGhVQzMraWZK
+            Y3haVDBINmRFTmMxa1YvSlA3MmVyNkUKLS0tIFBiNUZJRyt3TU8vMTJyZE12NEhm
+            YzFRbzRWRUZ6UEJFUXJuOW1xYzRqRWMKkUmIofugd7oUSKqE+t1L4NDm/mAyKl8T
+            ppUKu6fM5Ka4qOpPmudHlFhToE1QumDkPwo4GajdiNXjxEKWHHN3Xg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYjV0bHRXMjNqTndySUpY
-            T3p6U1BOTmw0NnFjdjVFS2R4TkoyR2srcHkwCjlIQVRETldibWx0cmFZaktrWGRC
-            Njc2d3VFUFJucE1EVVplR1NmOVVqeGMKLS0tIGVzZlI4Qm5KWjRreEd3MWc3bStP
-            TjBvb1ZGNHV3S0hiMU1XdExldjZiTDAKVZWM03cRIkLwxaIgr+YohOxEp8ZFhbsC
-            2dYLP/sLx5ab03rLWWViaJ+ONkvXfHvIYosQodO8dvDLlOJPbtTFCg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySVBqd0kxSmtWQVNuVVhm
+            SGVxNDZJRHUwek4zL0hwVGZUMkV2UjZCWlQ4CjB1ZFNiY003Y3RyY2doVFVXRVFL
+            Q05EMW1EUWZjZGV6elJLSG4wYTRrRHMKLS0tIGZERHFoS1NlY0FPZXNDZDlqeTdP
+            U3ByUFVQTEZXNGxmcXRDWFYrZGZqZWsKXpukgZmmjugmJOuBvg5FVJo41os0dC4P
+            1+YhulpwF2ioa8zINFqx+LMrfQYdOInjmRbquWjco4XhHJj4yWW/+Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwUVJtdXhkUEZMOWdpN1lk
-            QW1BY0FtYS9WN1JoRElFb2tocWJxM3VYTkRFCjcvWURVNDhZbEpRYVVuZ0I0ZGMz
-            M0Q1ZnVpNHk3OTRYa2pMUEl1b1BiT1kKLS0tIGpmZ2QwZHQwSk00M2ZiQkx5RmdP
-            YUtBVFpJYVJaVS95dFdxMmZkVHI3SUkK4Yo0w6ljg2TGkMqbgWqID1aCnSL1IXML
-            o0QeYRHVJII8ImjPbI5MYif4T9rTZKK/Gdxb+VtbnDif88E1P3NjwA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzeS9icFd3YXRkbmxiSml6
+            WlAxTFkwSXR1RjFmR2tWR0Y4WlR4ODFuSkVzCjlDd1hsczJUOEVyeTZSYmVmRm0y
+            bitNZmFqTU1WL0E0aWxXRnEzK2FMRUkKLS0tIFFHZytFdVFnaTVUbjh6U3gxRGI3
+            UnRESStWWUtodmNCMTY2Z1p5OG51K0UKakbANM86Z27f/qsYMXwcJ1wNBaUZEkiy
+            ng7aqlbapKA1MA3rStEP+xgW3JnKg3i00ll26wABzX/qD6KmANyuyg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZVE3SjRxZk1uMW41WGxY
-            bFAvRzhJR3FrUnFieThWNDZKRDhtSVk0akdJCjdCalJSOTVWQlkxdXlLOXB5bk1z
-            S2xFcjdwL2tRL2w4OTRwUGFKaC9sN1UKLS0tIFFMbXBTSWo3aUo1K29BVFZHNkw1
-            ZzRBK1ppd2I5eXl1SUVZL3RiUGJZMnMKqWu3DW5SHRCWaaTl7/a789m+API/L2wD
-            Jh3x94vhEYBWZPlGazZgox2hzPMcCCMPYFZGAwzTFgtsoTF4h53RXQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRC93YThoQTdaemY5M1cw
+            dFR4eGZzeW1TcXBmRysyQXFySkdaeGRNZUJRCi9NRDE0WjIzeUNHcFpqNjF2Y3Nj
+            Ry83aEZ0RC9BVGtCbzlkcTFpSWRhM3cKLS0tIEtIMWc5TDgyVGI4MkR2amJOU0du
+            QTlWZlhJNzZ0Z0pIRHh3RXhMdWhJalUKiawxO7zWAjalJHz6UxXFCvhGEFr4RT3u
+            HsDl71bqZI/iSuAHngcIgIulCWNXuiJaG9hCgq7E9iIqc7ynLluMow==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUVY2d1JkbHYzR1g0MlVl
-            NlJ3V0FLaTM0eWdOQ3gxVG1yY1djTHBuUjBRCjdWWktreWJXNmllQlk3QTBCNW05
-            cjdMQ2pvYW5DbW1zSnA4NFdIQzNVRU0KLS0tIHVkS1kvOVVUaDBKK0JjM01WMjFZ
-            M3U1NWVLdzVDZE94SnBuUUl5eERBZ3MKDqYKfil2536N4HX5bHo1POj0RzWPDhp6
-            +ycatTVYHojVQm3IG+tFpbMBaFD2NG15YbP64Ve45WaRb/Eox/46Kg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTM2NGbjg3dzEvRHAvbFdX
+            V3M0N0Z0THR0UW5MWFQ2UHhoSjk1YitwZUFjClpuT2VYWXVGZzQ2ZGRhQ2dqZGNM
+            WUZPRGM0TzFNRUoyMW44dERWdDNaSGMKLS0tIE9tL01EeHdxVEJjdG1NNXBOZUxM
+            RjBUYU9xdGNnWTR6Y0VCeUxIOCtoNW8KrctxQ5yZFEGukZhgTXGooDNo0VxnOSKs
+            qTitU6rCMqMp7mERFWizn8GNJau6J7fhkHWEFK/cA7Vn4ur2rphdNw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOUVFMTg2T1ZuTjRTNWVj
-            eWh3UWkrdlVmd01kNERLZ3RndFYzZEthMjJVClNmUm1VSEpuUEhtMGY2a0MvZkpz
-            Nzh2SmJ4bDRuQ0RKMnFnWG5KeEF4SkUKLS0tIHExZ2xTTHgzdnRiaG1VLytmNlZh
-            K1VDaXpxdFRZeU5icVlaZkRsaDNNUWcKXQXX6+U9/v3I+Ta+rae+IrDjR57NjEA0
-            ZA9RvGAkTBcbXQ3izPN+qafLmJ3yyDO9HmquuA+gzZ5EKhHPbS1bRQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXSE12VTVMMUI0dElFZ1dJ
+            eUJ4QjRwcEc5S3BwTk9ZTVNYYStNNHg4NWtFCnlMbWQzb3V1S2dmMEh5MzJ3em1u
+            b2pjU2hxWHA4cEpNekNWMy9VOWJ4ejgKLS0tIHZKMzdaTExpNzNlY1FVN1lwT2Mr
+            QUJqVzdRK2lXbUo5SHJ1TjJMdDc4amMKE6ITfECZBGbIAltRTE8emGhsMxCCezAi
+            av6BqoRotYm+yc0/bHXubRmA7pLqA0z87WmheYDa7C1N81QZGFBV5Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBueWVNUzFwbzJmOFpTbUdr
-            VnJUME85WEpiRktTTHErbllRaW5CdlVackJVClRodkdadjMxRkRIMlRSMWtLZnJa
-            OXdXV1FaV2tlc0VkQkdhTmxlckJCQ00KLS0tIGFYWW1SK2krb2hVeXovL3NHbUo2
-            THBzKzEvU1NxSElDVWl2elBhRWpsRWcKWwxOi8DGF+jruyKGsxYbeaM+Z9gbrTI7
-            jIBzG3LyLskn1Uo8PNn7QZW+pSUZJP7kFqSgBDPzITrGoZMe/uscEA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBINC93RThSRElqYnY0bGRX
+            NWlrZFM4cys2dzRFejhhRW55TWY3ZFRMMW5zClV3Y0RjcDhFQk5nZUtpc2U5dU1v
+            QWZUdXdydlpSMUdUVlJPdXB6T3hGSFEKLS0tIEhEOVRKUVdHenNWV3dmdzJZWW9m
+            VWs0V1RwUFdqcjlTb1NLUUN1ejRqQkUKMc5kOO6iq/6cNJrr2agaJq/OlVzNyKIn
+            tJ7JRN6OxpQPApfoZ22jA7fDDX17lpyAQXOd+b7Y805OSLkzvFNcKw==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-11-19T14:09:27Z"
     mac: ENC[AES256_GCM,data:tZ6QzVPivueZiC9Qfb3KNZAv02QatgHRNnlM+Y0iV4BZkYoBjxeDojutizvAMwUarnubUdk5I6m2OZK1mvVDZKXyI6zALX4JMeT2xYQWRHYzHpOygLhhGwTFVhV+0C4jN+eJFF2cNf9lu7NuZI9ylZSOY8I3YKUl+l0l3CkXUl4=,iv:JSGOUq+j9T/NXspn70dfu0J4ISV6vVFZUe/Z1CirrJk=,tag:Hm9N55f9qMc056nSTR1piw==,type:str]
     pgp:
-        - created_at: "2026-01-04T22:59:11Z"
+        - created_at: "2026-01-10T00:52:52Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwDh3VI7VctTAQ/+I9Y9qGLQ7j2pwSMurnzrX9DlK3VKSTIyOHk1kxcDh2iU
-            UKrkVCsRHJkj9pf2yB5t8ehUXRyYtkzxFmszuBkrLIkqgUE6FUcl1ce37dYgDRUX
-            XLhKbZlEcz0FJEqDAMEqjsM5w75z2xU2M/GR6rIULixYqKPxvZG1AOUj9xi4S9Is
-            cZh2Dnjj8U+hmbYlcwx+zulZk+5QpjVu64GkLn27SfA5os/xj9ThKbpVcPdpXhbV
-            DRak2OOHeKsMAJMagmKokC2/BnAq349kz+xWSMEBgxK9bwTSVczqpJ0Nk280FoIO
-            2GrIQdrxXVzoR1m0sXcLtkNRnAd+OcSMsDcs4xM6jqHU1bHtdw3H4pUGB1lC5jtV
-            lBtkAwhA84xx+ut0UyT19S6HQ3VkgT0HousQ92uSjzkDd/AK77ir6pfM0GI5YhoC
-            LVFANFcind1gWMtg67D3WYcpPMi+o9IkSe7QALhqCL+fPSchrf5OZjc0w/Xb7WCT
-            nOTMMt9deC2GANjE1U466IKsrY+f1V9jig8qxC2XFi/HTe8krUhwblGmyga/a8Vv
-            52O+HX3Ub661HpILDNMi9BKNAKNRLeDZMdi2Vv3eqwFs6wZSWTtzt6m025ECZmIv
-            w3jR6XH2ggJBYqS/j2EpuwUUi8Lll5tnQpLNNB5ZWE1bM6Jy5Fg6pox2K1+9oYqF
-            AgwDC9FRLmchgYQBEACTw0JRff2oy+4h+jKZ5xXNbkk7NZypEPI00c7VX4eaeXsV
-            UKU/lfPEtHFl4aZ2N092McUxS0WDV/xCXoLn2kdHsmcGRDuq59Y0+ITsgLszOFnD
-            usYhmvocgvjWldBB6lS5yIqzr4mbg1bxkrR/7PoxHT3XH/WxdJSXikXLuZ4zpHip
-            E9kZNMq3qI1TnXAxciXFHBpGOjWMKxj2s1i9p46zKeCMo+tvyTVgDzyUaQ1V7OVO
-            NfRI2p1/LyzUANAjf1UHtcQncbGDYVM7wis16sCfUGpts09fvThfYEDZ7COL0WNZ
-            RSzmMgG6ClWcpx+B1WtYIM0I6sQvzgWp/QKdCEof2dHC7Adpp5q5TXmxrNhqnmoX
-            kRwuLSiNZTFrpzqrlXDi5ljPiPRx4RsM2Qmj/r7jlWBn+TP/jRQqO05ZuSe4wCa3
-            NZau32eYedMY6j2DwfHzzpXwxvN9Gj2evwqypCrbg2RYYixMZHasAF+nlPwBZtLy
-            B3PUXE8ftvZp/N7845MYwDrnm8EQGAD0647vffZ+J7T1s3dKQTIADWqY5J0kyfRl
-            lh5H5WpQ0O+POW48HUQ6ee7D7Ncu81rbRhCeOhWNgZTLq/DjdLhxCpKqaE+56Uq9
-            B9m3/0YAeo/6kj6Twded8OaltTEpJcMMU1EqLs+SweLw98bUniwgm+ReQJ4oEtJe
-            AXHdXns/mWqzshUUTLXE6QbUyxCAUlSNGZcFnBuAqaKaLlIwYbgh14Nl9XQ8B/Cd
-            GiHUdMjf16XZXG6evAxfoPGaWJEkvqSxPtgymxev7jpuXWRHNHtSOpRs//V8YQ==
-            =dVCc
+            hQIMAwDh3VI7VctTAQ//aH39kmsBuiu8hQdukid5k/KNtTX9HKgZNkm6wBp+QRHf
+            IfFCSz5LFTjhLAsqJokL9+i3FWcSQGi7YA9q/ZGQnnZeM8h2Y09tmCFt7vQBw8tp
+            eUayDt4Et4J6DVbPAol1PslldpkBaZdqKX4jUIX/1JL+hIqUv+VFfnOCRd85psFj
+            fD6x8UjQgpBIRjSZ60OWQMLQviQSMKheOIT9/TPVPMB5u2EYpBfxrKtw8/7ZB4iY
+            mbQsm2onThl5HPqvTV2U+TwM9hiO3hVpgDFk0G8BgFfw6dUl+c+dn80DcgpEpiV6
+            yqF8fUrHp4Lmg6lH64i7s15wOP+V9um2DunVIWgSvFzug2P4EUtzhay+bz7s8ddO
+            pTBicvfN5D4ZLzkCKvSzhFTfG03JNkTq0qM56tc4OmP3rGfcZzfC1IwL+75Y+ZA1
+            b59d392RNcQFkLVO3MHNfYB1NEKYz9ociuoKhMyxHrOME+wbacJhN1wbn6LWSAX0
+            WGZVmEWix2sGVwNbfYWsxF9Wg5ON4uLST+V1EzAdxN2BXvHjJ2KIKh0QffH47X/Q
+            vmGA/GtdKSayKDz/BsGaNIxY5iZdvlX/2aupeofrHRM7KB4D/WxfREtdgzb2g2VR
+            cXfixtpLNX9Qkn1cOd9suM5WmjSB1UB/53mdmfTrJTqu194j91OZLVUOdIueqOiF
+            AgwDC9FRLmchgYQBD/wNvg130hfn8JpFeH+5mlTNTXY6/lxIIzkwAtgPUZl4usl9
+            uhpPc4n3XzgqBY1AhGHixuYg1LE+iShOHknLa75pOCKnIXjMxnzO6ZtnsuMPVlOj
+            sDteupKZ8ke+DbI3NtsYX/+1h4PpYgWsHc6bnm0KeNBk9jsRobZMmEq9+g+9BYjg
+            xIVqdg6Rw0SKHbSEb7SFx23rvE/aa+Rm+ffe3o0iSHhs7y+uo9yJxKIzWzwDfXjD
+            QXk+Riz6AnK6pRIky0En8L9TiuQL8sV+gNvbZLoZoJviyzpsOk5aqg8/8wFrplD9
+            mMyT3xOM1mBv+gdF7rzqYKJWdGUtSaRvWOgDEt9r/l8Ik7xFEwEvOLIQefwZ9jrp
+            /LRWAJqAnhqlzQ5y0IHjBbxwzjDuUdS/ylXZQZFndVkWFNvJ62eJhc8OmzQbNX1O
+            611nkjhuGrCsJjzu1IuflYoUfNx09LEHq+tldahgeL4oha/DaODZbrezZ0PqD9GT
+            SBoJ1kLS5IXXBjA8no+IRsgkehbwj8PRaXekT2eRhYTlDUlyB2ttjPwwl8uEIrcD
+            v5pEV2ik3JeWKwN8mxyPOnmX8RYC2dVvitBXaxFxrKr2XM4L+Q/F/f7CobHmck0a
+            NGq3lC+L4oQ4nXoNHBkvYJ9cehbFvbAM9Ya2gJiBH2KC4T4OCm1Gw/WzUd1LbNJe
+            AZutn1deDF9+SJf8TogbMBSuYSaChLJpLT504xJh7T2kHHH1SbOMK2GealYN2XBA
+            W3VdIq1g92p0ZmoV6NyURg/QuiwdoKwSeQY5kd8Bvil+dQ/axbf8mwRWNy9Ejw==
+            =MDqw
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
diff --git a/secrets/repo/common.yaml b/secrets/repo/common.yaml
index 812718e..c4aa06b 100644
--- a/secrets/repo/common.yaml
+++ b/secrets/repo/common.yaml
@@ -41,170 +41,170 @@ sops:
         - recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMlNmOFRTZWVZQnRLME1O
-            QyswZlBYM0ZpQTh6eFRudE0ySGxQdWQ3aUFBCnFTdDc0K0hwYzU0NVBObmxrMHZX
-            QjJTU1ROK1d4Q2FuZHhiZWd6VExzUlUKLS0tIDhZSkx4ZVJJUmhUTFQyZy8vR21U
-            TnN5T3VXOWRMdkdhL1hoWDJneTF3R2MK2jdfQKotgXcN2m0y6Pm6KosUQXuVZUix
-            D6yHIkz8VZJpMIrFpGUriBcnQGi+vRzva7tVTo8Ch85jTj9SGT76fQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMTBGU0FqWU1ZUXdLdVUr
+            K1hpbHpxUWFvZ21ZcWthS05iaVJnVzFiQ1RVCjUyZGtPQ1ovTVBrRFdsVEFRdW9u
+            Y1Z2cUx0Z294dHNrdytNR1dIU01FRVEKLS0tIDdrdERabFJXWHpSankzQlA5WVhM
+            SU1lcXRvd0hUenIwVWJRUlJJT1NLdkkKZ+bLWPFE2WaBDw3QQeJHt6TuaLZ6iJbN
+            AmjOG9lxVK3WHXgNMVLY2dTCuvqlcTlY9orfYkZ4NjUFeUGVO1oodg==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl
+        - recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBabG0yZVllMzM5bmNkNjF1
-            Q0ZDeUhRWmtsUG1rV2NDeUg1UXZVeGZmTDBNCjdtQkhHVVRJanMvZU1MSmVwTndq
-            VW9FNlNHNExHb3N4SlNyN096RDhBVm8KLS0tIENtbmF1WEY1MWM5V0NET2pka2Iw
-            M1lBK0h4SFZTR3NPaFVnaVA1bW9FRFkKPqlL9CplnTizVDre+eHOrYl9yxWEN5AM
-            O1xYdBymskD8FF4Se3hpoOTJTv5WaaOiIc+0mlfCBJhS/WAwhCfPnQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzT3JxWGlQSlpIb3ZEeXM0
+            QUxaQkRTam5XTWw2b21yemlmYmxHVGZaam53CnVDQ0ZWR0hhaGV3Ly8rRnc0VDd6
+            dkxoVkVqVFVKUUhyTE53Q3FjamgzZ00KLS0tIHlvRHZHZDJwUWRkYUlzZWVYNmIv
+            UTNYOEM4ekdVamtqbHUzNlZKRFkvR00KfUBHAC2lEoLD4imP95l10MTxmhD7Cepq
+            L8DPA9e8rzbmjhhuGRLKg9KzNVbStWGBwpuqkpWUSKfSKZugodZvRQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwODFJZUJMUGhXT1ZvSHJ6
-            R1NOVDlOWi81RDRUeGphSFJoTWtlY2poSjBBClRkbkU0RVlsVEcxWk9ONVFrSHEr
-            a2dlQ0tNYlRReHhuUlRXR1o2M2lVN0UKLS0tIHZleUtBZUE5TUtpYWJLdHg1bVp1
-            WFc3QmJBZ2NLYnptSDBtdkkraHJZR1EKk+V+rF3u2eKIus9io/kqDwPwHcsPrt8P
-            B1sxlqCNfXtIZWelUT1AghBs5SbVjiNrITVqQORj4G0on3EW/jwfMw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByU3J2UlRCWis4ak9BYWt1
+            L1FrQXg2QUREOTA0R0FiemUrMmZ6cWNtUDFVClBUZXRXKzRZSGl3Y2hUUHdpL29h
+            Q3M2cjgyV09uL0xHOFYrcDZuMlFhK1UKLS0tIFhDVGYyYlVnR0NGbmZuQnNNelJm
+            RlNCWm1qcVVlQ012U3pGdzNPOWg0dk0K4cexHDKWn+ps9qQU3wboJYxnIvFbY37k
+            FrSUEGU8eDb1S9y95pXEYQHDyCuGhuKXocuvFPy68pMeFV1lQXXfrw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMk1PSzIyU3UwaGZPYTB3
-            V0hpWWcwR1pwYStIa1NBK3hDa0ljU1ROUVhnCnljOG96azEzdno3SzFiUmtPWUIz
-            ZUpsNE1UWVUxT05DUmxCQW5IenVMNG8KLS0tIFN2elpZdzVBdGFkckJYc1MweThm
-            VVE1akRvMFJwVXNNREtBRk5Db1JFZlUKtDR4O33K0X8ML20OYy4Pc7ZvKTK2WvmG
-            2a0IaaKW26oek74wjPTc2EaumTANE1hyeXrwZ53mC71nNf+G59cx/w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcTlBVUs5b1Rkc0FPSVhD
+            cTVhazVUdGhwM3NtU0RjbnFEY3FlanBCVlJBCmZyUVdNV21wbmNUaVJGcVR4RVJZ
+            dTJRQS9NWk11RmxWb3hZa242MHdzdEUKLS0tIGphZElybzlYT1NXYlM5RVQ4VDYr
+            TTc0c3NsSE9qY2E2UlhBcVo4SzVIN0UKIU9hBFSmEBzEg8dTmXN8pETltwfuZqkU
+            WOin+YLzyyO4dpI7fl4sRyensTu/XwyIb9l4MtnvqJ5ftUebB/FY0g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWEFmK014SzVzeFU0NXZG
-            cEliSmFoUTlRaHRmNEh5NlNEcVVkWC9WUWhFCkE1QkU1VENhbTJQa2ZZL0s4Q3V2
-            Sk5IMGR6L1JCL1c1YUsvQ2N5SWlhVGsKLS0tIE55MWRnOEF6MGo5TTRHaSt1MVJl
-            djZtZVBSNW5YeTdvV1Y4NjA0Z1FObFUKYLnXoDnCOx0jckEU3m4pfw4WBFsc9xBI
-            SBN/9OqOLn/9Fk71PPBmhDAjsB7ZPYOuR8IOSgPbyFgSbKt+Pd1Fsw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIelpweU1vMTN1d1FaaVBp
+            TGs3T3BUbG4rYUg2WGNpd01zR0JEa3lWTFRRCk5aV1kzemtrQjB4UFRsUmZlVkc0
+            YVRiVzlZTXc2WTdQeXRjK0pnNlpKZncKLS0tIGFyTjFkK05UelV6ckl2UGRFeVh4
+            RVNibjFyWmhMQWlvNUtuRkFMWFNya3cK76MKBHt0iIPr3T9/8jn1h3vb+f2AZ4e/
+            ZUrI5sgD0bxjl92qY1FDzQD++tyX3CbY5lMewY03C6Xlm+8UkResuA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNVluaHFySm9CakRjdldJ
-            bmhuUlUyUU9GNXdvMlhiZXJvalkyOUtRdlhJCnJqRVd6czJOTmNNQXNtWVkra0lh
-            NVFIKy84V3Jqb0VZOW0rSmhaUlorMUkKLS0tIHc4cTU4d2ZDL3NxUUpaYWF6alB5
-            VlpNektLOGVHdDM2clpBVmFCcWxYWVkKmyXJ+VcI1lRAj/7lX7UMd+bTHNmrsdPr
-            giY5iv//IdW+xKe22ELrIyHwLJ7IHUllntg4bIifttlHXKKm0uaiZA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaHpkWG1lOWgvcmZsVWVL
+            c05QMHFuWVg0S0ZYNVRhUTNsRjVzMWZvVjE4CldRMFB2bkZ2Z3VUYm5hTzdCUHhD
+            OUZxM09mbUpvUVNXUWNBTnNmbGNBM2MKLS0tICt6Uy9ZenZHVFZzZzZzaG9oYVo4
+            VTBnMEJCc3hCdHJ1WmZJTnMvSzNFNGsKAIg6M/eaPur6IRSU7pVCLGg5yiQsr3Fc
+            vSX6dvFKNghlYNiJygrBIuB85++WM+yywttDYbavC86ythu3TY4JrA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VVVuNndJekROWVhma0s5
-            TVhKRXpzT1BPQXdwWVJ6dm1oVzRJUEFRc2trCk8ybTdYdWg2M0h2QVFJRG11RGli
-            RWNFeDJwdnVjQnRPUlRlY2VlVXdSc3MKLS0tIC9MWXJEMmVqNkxPUHYvdTRWS1NT
-            M1lTSWMzSFBtbThHamdjQXI2ZE94VDQKy0/CUSyBWTCPZ9kt0XYZFBVQ39NqiJ0Y
-            E8QEcRj8EuNrpN5C6DYrhgNrQXdz7HPH2IGN94D/W9moF2ze23nbpQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMnlnVHlRN3RzRlliMzIy
+            bk80VU5GV3JUckdQMGhjYVpKOXlNMGtGL1hFClBLNmhzTUZ6SzdyN2ppN0ZOdEc3
+            b0IrY0p1SkhJa29GMHdvdnNUd0N5TzAKLS0tIDY5Rk9HcDcwSkhPVEVHSVRxbVl1
+            KzRwVUo1SnlrckROQTBRVEc1eEZOWTAKrMH5tCxKzmvuGo7FL1TZtpoYlLV1obIa
+            5OVekmkvGU0trhxybAgz+hYSofnLaU4r9N601c+fbHQk4ekjpdIDNw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTY2orREt1VFpkbmszRi9y
-            RkZlMDlSZHZIaSsyMnI3QkEvdXBqbnV6U0ZZCmpNbWRCMVo5dXBwWU5UVmtqMHFF
-            RWtya1RDZXJvR0lhRUE3VndYa1BOWkkKLS0tIFNvN0lrY2ZhNXVZbFRabFdjTTY1
-            OElqUU8wR01ZUEl5c3Y5Rk9XT2dUdTgKS0QFWO4KWxLnXu2Zud4YqQBBfjXjuWHi
-            woder/Vf066n5N05Xd1nUOwkfim0Qyl8vM7JwRrCEPVaIdp0EyhhEQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTnJPcmwydDRaTGV4MDU4
+            b2IzOE9vNFh3bG4ydHhwcmwyQ2Y5SFQ3VDBRCmRXQVdjZ3EyRHFQY3FYdVp4TFhj
+            emxLZi9KM2U2aGRMOVF4T29mZVpMb1UKLS0tIGtzQ0dFZlhHaFVFTVdCekI2T2pH
+            UEFwOUd4OGhXOG9MWGNnQlFVbGlSNGMKqw3juHHxNaEnU3eROfw/1WL2zfvyHEOx
+            r3p/bmz6VZVYEEVUlRmlFkLQ2TBKiFV9aq1fBa9HmbXN4b3j1G/IYw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUkZQRlpBR1R4S0VjcG11
-            QTFNOEhMdzBoUnlEY0xtVjAvYmpCM0F2endrCjBRY29nUHlGNXNuR3dsZTZIZkRy
-            OFk5eE5lUVhPYkxXU1pYdFFDMm0vVmsKLS0tIFdJekdUMUJXSHRiMFcyOHhkUDky
-            S3JZSGI3NXFMNG5pNW9oSytBVlBOS3MK0IB3eMRsqAj089lAjym9KNWtz35SmzXF
-            DuGB21O4oJ2sJWCMyPfuuSu1ukz2v+k+1frsXbpJPfYr7WJ6CbSkaw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4U0FQSytJSzVvSzNsMmNC
+            RDJZUUNyQ0FBSHpyUEhmZzFkV3ZTdDViVnpVCmhZRTFYblFJNStrdjV4djN6SHRT
+            N0d0YlAxbGFLOFlSRTRNaFUwQ1JpTkEKLS0tIGN5WEpmaHM1d1ZZOUxzVzNuekt2
+            ejJYelJKZUZTb3NxWlZZaFA2T0FrL0UKl6f8m0ELOZtHvbcrRzDBbJOnmEbZkWQy
+            CWuoEuaUz8fIP4Yv8nuwyADczIQ4Tm/KMUzyp71JE7Xw6EcVCvkfag==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUlV6dkFUK3BYTmQ0cUI2
-            aEo4a2xTYTYzaDBES2luQTd0WVZEZmtHQXh3CjA4ck1WL0FOcjhkWU9hcG56V1Jz
-            Z1VLakdoMXJ2bzJ5L3A4bmIybEdMbnMKLS0tIDlqZndKNTgxbWdKSGJCVGtRKzEv
-            VFBySENGL3R5bzVaYVlhRjlQdVRGd2sKC81fnlm7UllGjwJsfonPHVdqZeB5se4s
-            66MuY66jHOc28FK2kPhLHs1QiNDv5pHWplOpVXKLJROPJH0cZRVLGg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVE5yUzBrS05kV3dRcDZz
+            ejBydVVoaThoYStPVzRaU0p0VW5rb3hrcWg4CmhUeENSeXVxOVdrVWNaTE9LZ2hP
+            SWowMUt3MXgwa21tTHRnRUNla0VQLzgKLS0tIFVFK1E1Y3Fra1RVeDhJNUJlNytj
+            N1BaZC9hOVdwLzNRcDRtR1Nqam9POHMKwdPVSlwMcg7zzn/hdQw0Y0PHJyqdgui5
+            12QBHA9L8+AB9rFk3h/w4gEiMN/BgvR3a4rdGXuY9CA9ZZpgJUUtEg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZE8va1ZkbW1pOXdVQTZQ
-            TDd0Q3J2bFpzc3VSdXJXWkkrdUMySThCZzM0CjdPRVR2UVBFS3lueW5hak80cGl0
-            akI1STlRazF6WFpvcm5wWXJvL29lT2sKLS0tIDhJalRSbjlHbFBzY1NJZHg4aEVh
-            RGxTVCtaMmx1MmwrdEU3SzRoN2lDdTgKj2wuv4Jre8S8OWQ2J36cBRr7OCNNCDes
-            3ZSKTg9erIPOQDs1AJruw776y1aIbSk3QsVxjUuIyUSE8FZiGX4QLQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNHo3cjZ4WnpCMWpwdFZr
+            RFZRUmxtZTZZVjlJZkhpeTBmeDF4VTdRM1VNCkN4U1pNUGVnT25OeVdxM0ttREVv
+            VzBoblB5QWR5K1g1M1B3M3BaUHpiVk0KLS0tIDhGOFV4RkY2VTFvRldRaTJpZ21P
+            eTYydUoxWTREY1pZT0hWM3VncFBVUkkKWe9bsP1eKeOnhPReB45dBpDS9zLSBhNh
+            M5YwCS30yntlPoie7P9G6OhNxUUB73GpC0YzSoLXvzYoQAhuFKpRXQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOckpaV1gvNFBDNk9YaGlL
-            Tmt5bUNGK3A1dm9iZmdOK3gvOFhJOXRPU2xRCkRHV25QNWxndEpUdyt0NDdqcmVx
-            YWdSd05xS3llNXlodVRHK2VMQjRIRGcKLS0tIG5aSWQyZGdNNE9zVGhhUGd2QkZp
-            RWZMUlJIYVRKcTN4c3VlbWQyWUZzWWMK/5JvgRQo6LEmOMiY3b7mVaZVXX0zAG62
-            DgCxZmnHfTSUlutNPugKRXOrTHxt2VaU74boorPlGBZizFfjJRBZNg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuY0VNdktWRVMxdVZ2SGdu
+            UUR1bmVYWXlaR2xQWW8rL0hsUHBUU2sxM2lVCnFRYjJIUzBGRzJEUjh4T0tIdFJp
+            dTFpR1RkcWduQVhNSlJGZVZXUVVLNTgKLS0tIDhac1RYeG1YZjQxTUtvTU14ZGgz
+            clVHaHpITXI0TXdTQWF5a3lxb1QzZE0K6s2CaTu846VadMHsYMP3uIOcgzFeDigJ
+            IWgb+jQpcWY0UZ4pXMzu8nn/yNXd9+GKIy6sY/z9UgTe6bfzaIM5cg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTk56dlBBazVHRTM0enVD
-            QnFIYUNGK1Q5T0xiNUwwNm8xSk5MNWdMcmc0ClpVUkhzM1o4d0FRR3RiV3JXUmR4
-            OWlDcldKZEpidm45NUNONVhVT3phN1EKLS0tIHVxcFh6RmlrY0xQSHMvSEVMalJy
-            M0k3eElRRGxaY3hFTjV6STEra0hFc28K7HWQo129OjU0id7l1e3cNRcJa/ZR7ao2
-            a7oEzW/4I7C4eymhsSSAYLRsEzRoJArgQanP1IcqvyI1oR9jn+Xwxw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbGFLKzh0LzZ1WEh0ejl2
+            N1dMSTJkMEJRYkdRRDZ1WkNDb3RLREVPdEhjCldGVGJ0WG9ENmtVMmVZbVNRVE9S
+            bDViWGRUcktNS2J6NVNNR01zY3phancKLS0tIEUrWXlla3l0MTdFQ3orMU9iYXFV
+            dUlIQVk4SFNLMnAxczl4Z3ZyTTBscGcKiWJtWO91bThjPYkhP8pzu10q0eeEiff0
+            b9VKxUFL1MnSXgOrEAbeluOZdWDEN16BUKLlTCUI9mzel3CZVtyGjQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByU3ZtR3NFSng5MWorNVVT
-            NU9xMlhyMWRuRTVtdFBpUjNXeEt2Wnp6alFjClIwdytPb2s3UXNGT3QvOTlQUWx2
-            eDZXbkY2cnFKbVhZekJKclBOQ3E5VXMKLS0tIGRhMWV5S3V3dFpjMDF1c2diMVlH
-            ZGFEaHlnT2Z6ZVg2dVlURXcxa1hFRDAKYaKXKJUfif1UTrDGGGGrnMrX5PgbPC8p
-            tY2QYvbCIUPg2Ihq7frxwu7mN1kDgHRZhIjNkmxGuwDizbF+p4dYNQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeG1EN1pzMGdrclFGR2NG
+            dDE5NXJITU5lclZwVHUvRjJkL3BITkZSWHlBCjZWT2JRdkhQaWY1M0Fwb1ROcmo0
+            Q2FWZldSRkFiVFV3SjZ5YmlzSXNiMVEKLS0tIExwWHdsUGNFSGRNQmpiVG9GRVZQ
+            UlI2VFFteVpEZVNERkFZRzJHdWNQZE0K/hO+xriuQNbutdysroL9KomNW7qdOgZf
+            zcO3Kq6TqY3B4EP5HttCwhIARonPy4XpjYvWqZVqSKnzEpD8dGoJ3Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXY0FtT08vYWJYM3NXWjBY
-            UGtyeXU4SG5YTE1vZzJLUlRUTzVWSHhaa0FvClEwR2tTTi83TVllQ1FCUDVmbkt5
-            MmxZMk1COHhUdHYvT2g4S0svaU5pRUUKLS0tIFBZN2ZPVzlKK3dmbllDdTQrUUI2
-            NHBHK2NZaVQxcit1SkYvTmZiTEpqZkkKBza+5xkk+RZP0Ki7x4L0I1zW/8/8tSdo
-            BXrsxtgL28sIyqmh9q74e5W315cWOd/3aoRmgiJMVIx3gM2mCdBs/Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBML25tL1RzZWI2Vm9WMWpa
+            M2FGckxHVkZpY1d3M2ZRZmxEZ2VHUkJJQkRVCnBreTc4eGRtbVF1ZTFHVDNtMExI
+            ZHQ1ZUwvWjlPUjNMM2t4dEI1L3JaY1UKLS0tIEpuWFN5c0VRSHhuVmRVRmp3ZjFW
+            QnlWVCtKMXhZWFZzVEZMdkhXcUxmbzQKqscNABsPeruY1L9qu2QetnP94zFxiQsg
+            bTrGvv/wBpw1VddO4xeCJSsr9izXE2NSjYKWzBAIGKc41protZ6z9g==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-12-23T01:11:36Z"
     mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str]
     pgp:
-        - created_at: "2026-01-04T22:59:13Z"
+        - created_at: "2026-01-10T00:52:54Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwDh3VI7VctTARAAiIJhabJhfH8+fwpni4PPFhAPGvSeG7q6SBmIJ84WueYk
-            taLXEHLJ11fXflfPrZY8iPkT5ilYwPcs/4jPTtn0eNerPVPAUrVcTT2b7agPNR4r
-            rvnIwtMhB5+mAYtHOVyXnWPfVt+l2pMoTV4PDzumgoIW85eARU8hT8VeN3yZaX2n
-            ipsmFKtGHPBWii/ev39RjVcqa+Bl+CLFF1g9j0jPCZhh9B00V3vaVqVRZ9OV9RQf
-            cGZfYLUS0ZMiM2i9SPPIAuFwt25SHob2n1hxKdYNUGJV2+TCBHfkjMfD6iQ6SzZZ
-            A8DK6VLVgXMbqM+6/o1UzW4DSe7aMVWRUB01ISjvkzEuKkjnwkLb2gJxiILKFFD7
-            g0KPZxrfF0Iz4gFmCh7lRjLggAaivzPn2EJBerVPAk5xikv/8xt/QfmrzsZ9Bnc5
-            YJMIUJWs/U+uKDvEsqWGMK5vGKUz8vmwWz9h0/sWwAGAoPxnHKZ9aj/LvIwcTVRs
-            E4TULZZ66PXprwupqtLaMMTTnW8x0CzsTatJfTbUid9ecQyeWSSCKQod8xK+dOwT
-            EwC+ysJTS//Tfmw1t9q7yG3lRFRsmIbD4tggTyP7LNqw9tKIrAA7XERBe4hX4wE2
-            HOiEBHlVfhKgWdgGfyVy+SdwSb3fBEhXFyxl0QnFWUVdZ2jvPLUWKO7zfYU/rdqF
-            AgwDC9FRLmchgYQBD/4gn7stoW0VDtqzpyxdo97BwGWSUaZxcAsDGtkZBdalW8WB
-            nsyTaGoxqeXC9gEJFdy8vnhn4B0yvC/UIQHUTaZPxPqeVm/OQuGcPISbJnXqEScE
-            pzps09nIfy8tidSSWCa+VerJkprhp9lU56QIZ+YmQVXzqtQF+oNsQQypaKT+bIdZ
-            d55kKGVM8EqtY5qidMBNH80eXvNvY1vONgMX35kdIfHuS2xlOd+O/nmUaeADcBSJ
-            x9583Ot8jRWiCtB0Ap5za1lwJtEJup1OtsqRGX9nbvxckZtPmTMF6KRlqIN6VVCM
-            Miq3UZG0x5FNkoUaHyXoVu5vwAnRyDAo2zZhqscrmPjen8tpzx2n6tKOQkk3pCuQ
-            ofWoGGg3SLs29MWrgkzKtsn21pIZZ90R9wFelCwqCehnFdZW3ElVoVQ7J9lnx+NX
-            ULWP+DfSMD5OP4MUIwRCzBdqAZaFgTxPafSQ2ZPXpzDzJhqqEFJBiJBM4fWG0RgN
-            1F3fB5KEhsF3nWn+J6ngCULanXBpD5tcHdRC1dsBeBpHRxCfPjZftEFs2JrJu73W
-            CXTAyNglUWN2jvRgnLYMPhafSK4JG3uA11nZY6675ifxzOqsebyP1JmG4bOquma4
-            ql+RmYgVvFq3xpYfaI4EsH5cAjOyYtvRBnBAzNVW4tj/Ytn5W1mvOPks+3W8dtJe
-            Ae5ElyCqI+AhRQ2+4ZvqhgfKIDFHPLSppFx3rjRQTN1NglCAl/AuiSwUA6lJ4G6Z
-            0/T4wrvC8fj9HmiuVsY8ALJl3RMpZ46v32uwyZdjRH69L+b6NxRXrw+uO3Ht2A==
-            =zr7F
+            hQIMAwDh3VI7VctTARAAwMUZnWmCPACr88oJaBkqzBT5YXBDOxuhKRPdMllXhfji
+            7u9nvjbsW5a1+Jp1hc6mB2tFwPeXs9jTKDbYdAsObaDGPgljNm5ONkijyFISGziq
+            facsQwWGtFykROPxT+Zc4deXY/zx/WLI40jyRz6xyduKpa95tYN0GbfjaxXP8Cow
+            MVdPqAFxQd3DHXkOvoBqAa08O79k02d+MUOV0Itg/+f5caIkksbAgXIAPsRob7LI
+            d/bjl+iVfKJLBPRhPtxNNEr/f+wHyfsApZb1EBM6wbGkmPxDRPlTiqHdOIuu2XU7
+            aDf/62ayla+1+HnWH/2zKAmf3yZ1BUFJDqLQxOwexpVB6HPkS1YyRJTbw3uo2hrj
+            ixR2H0uishnZ83+AxYlRfaFCC9zioeMUZL0BV/vlMgIYRWNIJ5fjwNExJqsI0Gdp
+            3MqAGdxFiWY6dpOfCXZmvR9MN3Iu52qe7rq1miPP2YY92bBDfhP3QQB38MM0UR4z
+            Z9Pt6kz7tQS/NNrjvlf2vWJ/qh6UuGiDRX/x9xfY+jaW3EGbO6CxeX5oPpGQMupZ
+            6ofeLAxbTiVm7f/rNCIU7lKubGZ1QBVagm4Z6zSNJ0DQzcfa2LrYLhl8eqFPcvqq
+            4gH7jd21Yp773jEQLhwRs2lLIgGZoWDyUy3kfNam1QeK4wwBrYtnDs/nvAcCws6F
+            AgwDC9FRLmchgYQBEACzYSZnIf+GQv0jzTkCX//gOUG4iuRxmIopX3vl8j9WWAFS
+            vboerj1Oxs6RgqkXddtEBYIevjD+bSzPdhby/hkE3Cct7oLWc3BDK4bp1YksEFWj
+            v+K9ctkOfyh6ZxNLnOOQG8hFxEbMnmFe1cKuCnn8ARmv0xu4NaUJoG7Qb6DgHYDO
+            eJZyWhq1LuRx7ILxxyG5lLj7IfPgUofQPxKsy6ifwk+XtvWFLdhacf1ClC+Z4Wlh
+            TlE0yIdktQXxsSwS5ZSUzRl4coeQjP7xtWUGU7qPGkflFW75TtJAKKt9JlOZQe5g
+            fsQfXgAGzLdHiNSNpScm27napu12zjsmLe3YbYxTafxVRgccQAL0TppaqDHhhPmn
+            qspb76rvid1xGwTUl5MLyEcs6E+N24tshWP2lmakk9S+sRhR1nNBjq6CT++JDbMi
+            N0vTWz4lzAQLYKdB3jp8Hx0/fsuj/ImXjW5Yh02x4vhrwEyTPk4wdoLfIuKm9Sat
+            SoIhPBo1kkIRHQXpdG9Xd1XsEuqsbR485PclsOn2wFz0Pi/MA1fc6gFYWgw33V4B
+            nSmbQoZdJAtEDxusQQy7q7uKOQ8cgTSzcVzDrUB3+rIVRrTIqnfTfPXF+mEhu1cK
+            ZNlPiUXGNEqo1OUog5TZ3glj9fffL+kvNsK74/Zway2WndGO4V6TxgF1KZWcuNJe
+            AXpNAjTHSu4RMUpmKV7QTw509liC/0ouaX35MNmVxv1uxqS6vLQqXjQXksJdgfmj
+            xVpXUdwa/oG0B7hcXaG0Ttrakwyt5jmQEkf+v/LzljIDLEhZJQg1SXv+WOhsuw==
+            =oawp
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc
index e4cccf5..b153729 100644
--- a/secrets/repo/globals.nix.enc
+++ b/secrets/repo/globals.nix.enc
@@ -1,74 +1,74 @@
 {
-	"data": "ENC[AES256_GCM,data:m/njjdI2zEGEb2/ZtADlKTURPj19qxWsTtYaehwUbbLEnnpuG3SNRYvqM11BIOeOVSmFW0lE+pKwB0iEO0zLx879/G5Bh+wa46eYUxe5qmqlbAwMkfEYha9bcHb3E8feAA7y+oHRY5VfILhPTTjFw0e7cYqoDo8Q3BT5e2pQ8cPoTDjCHeVp7HTUNfob56kqWrS/ZXlw8ja6FhnETEOYc/l4DdJ4mWb0qyPb143pKIASdYpM1WLXz7538wSQUlxR3ofTVxvosXvYlA/w2ee/GjyvWahHJlG/bF+10Bzw4h1dB3wnM2+rUkvb5UMGkLdIvHzX2QHbt/CXzIn+7eSaFiVBP6uz9rbtmpHen1zVzEXL+QnHHpfFeyxg+E5QPeq3kSvmQIgGcSO7k7pbQgLvPBQEor9RaGFYQTAFIDQ/dho+0kVhBcx3gAKiFOVFx6OLkSw6/LHJ0vSXYMh9+eSQJQbUz6P8LXhpUdPuH+vletwb+MNkAUVKRrihhpQhS3hDQljCQTCIVKgarrqOiwFftPgBjmP6ll0s28hHe6YDfa9/BiUh0I4iQF2jVtQGpkNtWTZW80MgWHZ6FV+NG1AATRUJhHurfHAOionxPoYxdpJJ+BDxx/kZHy6E87rNNE0mx0+EPHwdoTlMoOwYqV9gncMH51fG++yiMPor0ZN7fIzB3aR7bBZ/IHRjde9heGnVsdTFudn9ztEEq+8W7QPFVpteJsZ09iErrhFGSbLI1Nw1Xa1EQOsz6UdzmyNPDZTWdhvuLto3jUQAABuqf/uaxxWUbPIEqqOuXtk7b2yoPfCltrLE6xaCG6R5Q3nMvnFoVQ3ujqMsTkz/Wm/2z3k50/+8R4CNzf4icfDJEUlGD+pNerTopDNEpNj/NpC/ssGgTP9urgyhA30utE8fX1O6PYlYE7UHSCt5G/j0YcWXTGddKkJIj//HzmzzwRl8n4Pb4wy7KvLaVt1qMrDKlyCflLMB6zUM3IxjEwfUjLy4NoHbvWJJWPIFKLBitAIyninxyzK0qZxc5aX3rF7dRIq9wvOo5KDr23KS39aGZU5JkheOvYGNWTK5ysjw6OZ/ibPzq1z2MRSDdTj8tHYdWDeO5215+WDxztTDMBkX6jvlBXpYDS9+Sgx3l3ZPDYg0NdhzvMQ/AkIERLi2Tlgs9xrv9F/Lssuvz0OVT23maxG3ztcjsWOs80sR3g0LqTBKneFY3ccC7cvGu1qs2XD26EGdMUIY4Z6wEau1n0YvcIcVGFq9s4A9jqjyVv+pagzfTARyfxA0z7xQOLto6PHqAK7dPgZ7x0gWXtaJvL5KFAP7ayS4xPB4zUrRSQ1Idj8CvdDoeO7UdjMpd0939VJG7xiI0SoBBGknGYNUMr46VOn7c4H70EeEQMleHI7ZRHDXjH4PaWv5VI5sAbSqjWoQiiZXMeoqNyLnoZvkx2e0+bDd8iWMTb51Cm7tsdJsTm0uZF3Yc0Hui2nkPbHe6R4CkmkJOdgLkcSSLloYn7tvaiLIfLf8mxwHdzZMgcvR1Adqt52jw8Ai7htdO96r2g5gGXWzQkunOUpJ9r1X9znwR26+OgCbTU99PE4AnvOHoV2oFiA0lPlrT15jGDovzffzTZirdh14HbIy80e1HLcCXuAnZ3qfEXgMfDy+tlDnj0XuwQI3pTvYUdb1yAtw6h8rXc9HxmEUT/jrR6md4EHGcQRbaaN+q+2tlecsdaoiJATb47NUnwiEkTWCuk2BK+/sDKWmxGYcBTbW8RjvkH44NSeGgNdNPmHDkoEZV1LpF934JEFq4cnIaotPCXevB2G558FZZYHahgCNxrSD2bOQboqxYTisPLzfn68uz6mUEDJECqv8JoSRi+v0+C2PAlxrad8y6yJGkarEsQwxAn/S0awbN9bHBB/0FtRplyVIVhaelDku5TTmz+QvvJS3OHbdmzvExg7Nx8yT/wujbSFmzkk50gtBK6g5ZAuVbDhNu0zYkq80b5ZMhmLOeM1kGWQXxNksPnCsH1b5jwVa09vDKTcSVFLVfeI/gNWPEvy7vLO2C489TW/Q7I5ZBrDzE0P3cP+p513lWOs4mGZWvkWEz3yo0P4Zgxk92b7iicsm0+G7jEWzpeJ0qRz9PAn86p/O3FX0ZW7EVzdf+I7wdEfyXcuXO9HvXIXnGTN2lEnpjHdEa2z/pD4mHqXPDqeFNSNC8jE69miJJZxURtgHGCrYlifAItuxoYHIBDjCciqGtX/A+kiLLRHN7H8SsGZ22cBU/i1+Jxz1/hBDqWTYwVUmgJ7bEFgctVgXn2f221+KBWMfpE3Q8TfbdB0CsNou/qJuM2UFyQwvZ9XPP9i94qt5LPqH8V9neqv5PJTZEX7/zveSHY7s2iScV9ZSKgJUA/TYRKYgoqbiJhEF+f8ppJ4jDKb8GFxQHw/+kh9A18rGOaPybzBNpb4bnHw+QHSM1J69lMsEk2GpSVpi/nmzgMuiTjjEEoWr8mgAbKiJ8XdpxSIp53HkpDmneP7EpT5BMDLMbyPArTlR0lowbToGuNvVbo/3BBqRRKQ4t1C9rcJ+IRkHFuuqdTP6yIdry3ubPkrmcCQkzbXL47GmexieUqRP6dhHIPgxfJNV4+dd1YTTdoI9vyEOPcjf5BmmlSGHTb2y90r1z2b1Y7NwyuLd6OKZbdluE7jd2YfptM2ZyHB3VglZSHC59yZCGYjoh3Wbfnz6Xzi6u8mz2ClFRCInxWu6PQhLwnap/PMbW92yBUsMM7lKve67u818mcivj2AZ7XUCe+os3pC6VdeLe+GieuzvbTY1FL/315n1QKuGDU/NblQVck+hriggxmcRO9lqtfiSQ+xd1yOnXYngKQyjZ1n/TkZr6PWiSms4LdljQkC3m4X4cROuqhBQdIEeYH/uDsDZS7YzpxGUJM2PNMwdbh220ll6CqWr4JMp3WvvPXr7pUDWEnJjzgPSn4F2daH/xtycIy0pIl7ZKZEhKLsJRMm+PQkRUDdsyZoJvhdeBN+qIQzz1Xj/abzcmWcx33L8crESmZIKOSem8Qpynz2FYxlrrw27EEZxAkDhMK7opN9V35iJuET0ncasvvI8kblBTxnFhClYk/9LbbOTRkETMrTqTMzFaC4RYgnvFCTaCCJ3GqpLsNQ9nRY5c655IOSu10DccLEqcK2Xf9Zmccex4mMnVPrIjpm4clsieRXloiF48hyr5aMg8UQU5J4xcYoIrFpteAuuXXzklt01QF8k7/6CxA2DqBir24PKAzUhY3R6A3x4Tm/3vJ/Uqrn+1CYp6YHKaDEF7RE4Z8z0PWe/cRbrwQbZwXAGVArOoWmrcC75UvkyondlawIoJDbbudfzGonS856ofQEexREH2oEKeGBpZJJ4RxZirBOSHMqFP3gZvJYs4SKMP+arTu8AgUgCM6IOBmH8SmDp3rsZCQFmOdwd/P3LTl2aovomNkd1yfB2IKtlPt85z1C+CPBogy6dnTj94HnyfHeeY0W5hIp6qyTUTBDpCQucEh+rqb+NfsJ0uR/zKuWontOfl22WsWnh7HToVZtJJmp71RyAqzQcLh6F+J+x+rsBIB2gmby33IvQc6xRaaCYCIfCgCuCzem2CK9ADxEaF0/mSrgvnfXRpVzJtczdSXR5aCwxTzRzSPHwMXiV+ZvA6GGFkJy1jWnxjbQ0Kw1wloYKoCxaRo1/2PAYBxnrm2Y99V/SaOwlqHvR0O3PGrJTPt4Y37bRuWyOpr/w/t/AQsXqdYF3GszBiSkebNbjRoLaDbU0jd8mpiKeJyy9E0RcGjmhjQwZPzejxZh8at3uWBtCZTmvLe8bODhMsIENgphvXjZCQfcK5hxwNw0btFY/aEq5ehVpCjF6VlI67auiNXcZjeY3xUp+KCQJJbVX8LXM3uEQ38qv2XGJuROAOVwfpwfbMumkW6j7VOJlCgqEG82XOyfO8ncIsldWJ/TYBB2KAOpQ5b6GXTD0dPp2LGbmKwKH2Tt2tgSfFanF1wp5b1zyd3Fo0WN1P5aGdprgqbi8J8HxayyVk/vC+4jMFXNswwUQAQI4cJfCh6npgeXHLi0Z16ZgFL0ukUmkqWq59Sm+0n8UsTOPULZbTacCnbLhExLD+hJoASwO9AwJMr0uQlBj39JcKcdunLut23Ul6gkbi0CHHgE1oQdelts3tZ44HF5HIxtDpr3UDkyUcrag1IsmHs84ZnN6pLWZI3uYEAK/wkz+eA38JWMFp4dCQxS+zFUZNHiduCyCJTb4BsRrB9Bq6h5LWhJbinbxrF3uYxD3N1tuONGCdG642MtoAa0XC30n3JvKeAwFM/OAGxK/VA6Gz0mBdU/MTOzUpu9Drpj9rBPCZaSnY/CHk3pn840hLjpaSI9voo3rKUC34m0PNN6cBsk9qJwmtBIX7L0vM+pC13/Redh/BztVIPyFdrjmsY/jxMC0EGBXPylmeRP/moA5gVtNdVNF32ajmoIUP6PFrcLLf8ylAeBTUgkeKHW6d2IgXZ3sjvrCgC/2/3LkHcRCycYpDR51CelDBjb9hsbZxjv3A/6KQblMMgb6GkbnWNarMiy+IiCQbGTaX8qYNXzV0MnzMf6FYZCJIPfKirdzaFJpHM7A8Y7S9+eZ+8uWm3/Evj27WaXNN/YM7n0NPuhWw1KijBjyWnQ2+59qG8Ysa3YZe5qHTtq7+XTDeCE3T0CTinel47Y3s3d3jDHhH3QQHlLoAR7foyyr/y12N7RC1fYmoBpd06YiyyJUSq8nRuCV6UkApxMeSec1Sx5V3RDjjjXhjYYsU9ctqwtvkr2k/C4DfBrzWLBw+BkhuMNeOfFFsAxBHaBqePaiy40oLk5mQKWzRwHyxluPozRvabOioOMquoFnDcNP5B8PJJqfAHQBaEGEVuZHKYkB2A9+gpIiK44cEGkY4og9F9QKnU5WM8r0d32n9pO6okf7IYRJ52DFAUu2ctT1jPf4WyNQRstFtTrxbAPZr7DzGAum5qnGTas9/q1g9uuA4o7n4m2kSd1ziid4x5VymGUL6EaRpV6lX75isqmfn44TX5UV+y7YanpgUIlMfV/EW3Q/jb4GTHj2J1MzUBtk+88ZbJmemNtryEYmDrwpWzXL7UW0+97tOiM6NqYYOofA6AqCbLbLphe6drNMWW01uNmDIZT4G9u/SPernWXoS/aojZ8NrA2aEnM0YKWdWANVN0TQKYnRCLwmsvoV+9zMxoS/vrNIshBMdTRfA14mWG5N2Z/dSLkNDWl5Ws4SsI7jJPok9VacgcKMRKONyF4QGc0/lWrks/1p1VLjGVsa8QaGkEct4vowILl3uXrNoBy9jjpWP4g2wtnSQIKRNLx1E9vF/G0sWFJUdr9PKi8BEGMd9lEaRT+MO19Oj3PU/9LgdBOe9n5dUs89iuhx8eA7d76RAJ9wTnWgh3W7L0jHB6LOvGRBrLiEsGuTzcZtHWXUs5mXsca6nl+J5jC/Iic8jAyw+P94w4FtjJmIDTccoFlXu44OExzdkfbpJll3wdnefW+WF5PGogkJfnNxOxhCzSxvqtBD7EAngsBExeTCjC1k1C7kJ5XNu1i2zFSZvoX245bPf/fBW0Yr+HLWdLMsptvvuyXAZ6LN8FEGdBg1fqcKrRVDPtbwm6Mv4x7niDMHNOWFbrZ5m0veMe+RUOL4JhlFGkuIYo7PbhoGr4FA+Ng3RudhD/yzMYy9fQnrFy5/egWlWc+bPgEhfE8ISIQaenfMV9xeWEr7r2BRTXjDIXJ8IeLixPGXNqS5ToMbvDXOOGSVnK9QP+IaCnWWOYyEpx6Jjdoq9cofquh+51sExdS5AJ0G2mL7ve03Zx6jkti+S87Di7nT8Bvcf6Iv1K4LsACtW4VjIKVZiEDRnVbpAHpLemDgHGshlXtBZ2VxpOe5CXSi2HREuO5CHc4vUb6mHpYtH/KO4OPiDUVL//a5XJDUuHX1ZgFt4UVLryr0o0FIABQoR3Sk4PXaNWHm9U9ux37LeXt7kTSy/yGXuLdJhEPAlmfw1b/XEDq05n2Ote9IFd2pBiiDBm7E278Y3StudC40iw9V57T/A/bSq2xQKKUq3pJzB3NG8YVABGkdQgRag7zqBhKfz1ovQbaptCkkkT9+oV4iBsCXL9YxLz1dpT2nU067frZf7ORrkEjDBH7zw09MwiAUhjUFgB/rCcdnq3M1KBkSpUZY1BNcM7ifnZ44ymkTG8q1OIwNU6sR4Bb6hXweT3QKXD7kY/Fdyq9OBsYk6pPVYrxtbD++tZFn7M72+r70Cx0CDD8/dQR36b427v0a+4vCyxyEadga0c2BGzM5M2tdU1ztFM1neUqwUkCpbQI7j9G4w3ASSNv8jx2oBDoBBjdSIBeISI/4BQS6CG1tjUdoaUNM/HLdwcfA6IDvwrmlWtBE4X6QJGbSTNuyGMt5+3zksqDeYuKvB6oM7ixjcpD8HA+2k3upEkBMWxkx23CSb8iGGZrr8Lwvuv4xi3VDSrKIypU5wEBLYClkNO4VDtnumKR4xodZ04rn7KO26XTYcVN/bxdpBm89KSoxzRAG3qGeGgu234NdPHJ9TA6YynzCNr29W/v+FJLWdpQr/xDyuaLiypYcuDyrDsOwqfkZZL8KsH9jl4qiSeIrmEJIeV+n2axsvmufnrs46Bmw+GITMUttfHTxvAatYXZOfn3O7j+E4p2EDrT4GJaKoZlu5I5CJWEV9n8hFnSpcROVfasQGI4suA2TWMRDmH4fsEC+ehYyGCZxgWPxBTaw+XNtlwbcDnWwXiASukx0jt2O3zWHSNZ2ayN7TdvvWOpev9g=,iv:/I6iQypvcQKc0oUOS2nFnpBzl80Ti+g4l7QUVLyNVa4=,tag:b6lnsj39DviOpnDdMG8Tow==,type:str]",
+	"data": "ENC[AES256_GCM,data:H426SsDhgoKaBUGAekwU+DeE00rOuaQvRWT1HukJQksnYU6FoPIC4AhV2oGZall5JwhhqnKM8IZ2QTlW/gKEBLsRwQAU0AqFKRo2ULj73TpW8HwpWyXrCTrrod499+An3NT613Xux+CZLm6nSlPAEm4xz79FwoIJs5vUThF2hhu/fKZvxdV4QWcXqoJ44cPyHRrGEPZiM+JNjPKgIehmbdqXSZrA63K9vlH7oS3lkg4jKDYSLpiLg+jzf5WQe5PTKdCO/De89vq2qwAW3hFoUTYLxFTr/41+6vpO+76MytAbOjiZDF3YG2NruuNoiq2qZyCyRQ3THbiymmL4DqmHpWa2SafxiK7uvKXf2B5XWyveH/8U4vVxFBqsboq1Ot8Tf8hxV+ZO5sRYxL1RczOZ68CjFqfKHH4+fnvfIZRoVIsJ7J4M1r22rzZ5d4YnAFgC4z8dmRMmMXFwXv2xkKBC+Wpew5EEccEDVJ824ZcPTk7gXU1O7ZwKFkca9M9Nj1EwTfGN0x4XVv5zQAPrVUajtyJspzilIS7gDqpOTIxk56psV8EaK7cIAkuGa1XOIgH+wjJkxzXTFazG/NRuTDtwrs8y+aFDSlq1j+6hIK6+x7dQILdNTEgKSg4ItB6FlN3ZhBFZWcvF7aeKogyWLa9+uyQ3o+4V2n65MAytwg8nthAHPOK6xk3mbrIhY0AmRXgtOOKWydUGOR7ggInlGC/aeIjD831LTyjHG/rNepqQjfc4sKtkivNNNy6zp9LH++VPklzAL+T+SHoyS7X1luDyXpKD6Suyef87cfPdVNnHKRo1MKPVGIsD241994CsQ9repMS7XpTCbtiM4TpKDX2fW6W9PnR59vi3v/NjvOsVmRPsPTKqtyjDTJxcHrc2tLg4E+z2mBgdRFxGs8DsrhpNMhhhDrRSw2YrZjfejMZcKEz0W5hxTNrdLnf21ORDXC4Pj35xdWXoSbPnYCnE+2odLHJtNtPbrKsdw9QqUO5BARM7erj4ZbiVVAX3E89/Jh00xct4itofokHgDQwOGusgC7Y4PLbBbP0ZMzFFTCFd85rIagkYNx/SwEX7+wnfSAIDSunlB59Wk+sP6kDYQ+/Y66zSLejqlglskCJE2IbgXIETK24/w20doH2CHj6Bhx/wmixOd2IKBytkOvB392Bu8GLJx3BdSicPCgRrt9II6ifgHy4dbJrLIGeUnpz2/kWPotr9DSfjwNkNsW1tHQ2WOQQhBZ8BDn6E6xVteU8svqTCYKT+/NUmKH838WL4hAk6XkBbZJRpk4C18SBM0k0YaydjCkQ2+5Aryj7K3ohiqcjrDygEmnMWSKQ16Az8MI4S4KPQhUk8zhBKAerekBIsCEEZaNKC6p4JkKIaz0qVejy5DuZzQPL/j6oRXCBhgks3DwfiTvW9qPuyYlAFVMJGoY74sAajSWViJR+1ygiE6ttgOdzqtEsFXuHcO5VIvjsajf8Z0+V2XfDuYvwajHPcu+3JXFqwePK5KgwzhF5JzlcXh9czmPFNbTMGnTfMvG+hDoivDXj0lf/HEoQIy6XTt4zL5jaLo0+o1H1CrsRQrvkge4lwwVGf2rc2FPYbdrpd/PFygTX5VvmspQZfRwGsFILWR7SEz14cHe/aBBv+EZ6qtqPhAiugvwUZiM+m2DRnAXxgKAni1F0pQTC0Qpa9lEseR7nhJbGR1KzogkxPmmPcrjDK3jn05oHiZE8L3mJTG6S4hUTguYjBcP08c4mealYQti8MRuBVtg6j+ebXwlwPjOjwhEjOWpQG5aDhUrbca60tfJlwIjYzAwzzcmsVZmqOdIYcEpXQcKi2daE6rnSR0wO9gkMvon7VcqVHDHnrkAhdCQtieds9vGy6i91WZKLzsvuhpHM0iUMSG0sWP4bVUq/X/M65WuHQqQy+09EM+EijOCBIDglL63DkW8Od0t9WvZ6il7NkslOwsU2r8LbOdWnzTRPxCrICj7rGaF6fTnQoX3tl4EpcspvAYzSHiMuzaKx9ohfSylC48psKjDDBC38ZhhK1UxRYxrmEyIfkwKakFGt+zhAT0u0OwPl7BzLzT/TFrmisOp0xKnsfGKOS1qq3I8mcE+tJ/1dugkfKui3a9FrpTBrNNUYMOHo9XFT3vm0D+5feulhm/f2iByUWXJ2HuqZSLwfRQuSnO9HdyYdcPxMmGPbxUnNf05gwprpdoL1RHpdVCBBsVYpKgxQrWwFuANDVBQn3FAfVRDTIQNVNt5/ezc62N51rxWJbIu0ccsaIdsxrZOKcK58HEEvA9P++k4sbNY2w0zSRuC7gNGnlli5I3Ll6/avIqGfnc21uzWX0ua46n0SbNQ1frODLW7RzoalgaxIG88aeWBKvqEG8n0O/IhEkrnUkx7ZJRpfhgXI+0m7LMiteh8qD3yYR9dvI9PNIm+iYsWa5NvZFRSrigz98ZdVu/6Z8c9E3OdtcLQq4hVlRhM1eXOReAhtZ6076cDEAHEKtoIoNo3kcZlsexLUBHE4XIPkJ6G4bbCW1iLBaXeGgoylY0Lwf7gNNGHZu1g/3RNuK+jzLSly+Uhx/8f45/qcQegMDfvCayfYB37ez/uiUNVuGZOIilJC9eQFVAq9XE2C+cxk8kcESIoBzkwdbUV7N56ZJ9TT2x4ND62qxxuPgh+7MOyBHsRJWlUoYPRU+64fkkRsZdxl10R1EeZpheUyywWSRE5kW62N+P/UUPmK0GeWf8JYPzXyB0bXP+d+h99FsxBXAcUMR2wV5Hbau3h8acgystLTj23AXWZumtzNmR7lmLdyHZ8SwdAoDgO7cylGI3Z6UH/ret2TdI6HUwUtEgOxgk+7bgs3S94gpqGwVr4FtIQSF7vD7LoXF3/Qouad4TqdBF1apcL00dvocSIMFOVZsB83VtcpFwHWIOLLW3FvQXt/M7uXFPwvGIPkDXIIbtQX3QcNWYUYARwDmlHv6lTVc7CC+Gk32k7bYd/kcUIBv5fE+sRk1Ivng6BlduTnXfTftMleHF9hQ+CHqZ+8JaQMP8xl4pJCBjvQ0hi6yTr9t9aWXltseh4HnFKssOWrQZyBbrLMqCde9s3bFjcF2ZZhimsN4NqB8/7zQsZZYyUY5mC5OZaVY0d93h3PmnPIaLqp3+wN8x0bmYoTgsPpqexvaMxaA+NSKb5Cec1f+KOU8DWHNHJYi7zc4h8yEB6Pwp5pfcrcuK4tS6CWzDp0lqwCDAsALdI0cgfqJHKnvgwrt/BdPE+fzYTOgb5RWrs0bfTqPOq9cJAey+YG4cvQITNresOyJtW9ohlUc0z6EJnbUoRO3ycGQhYSAsur5E7/XdbZIHzfWGjdc1ySwA7GFEN066Bwp8yNFXBCqdqz4reif0hwImiZPyJEadCE4KTNDH3OFaT94BQyifHuUiAIwklpuQFT+ryiQgnmIR5rWi/RBFVxbJyFW78KJGdSBeIVUBqXdkSxhaBRgIVfN7k2lghfue/VFAnUAUp+lmbf6SALbIKH+RQyqxgTV1tZky2795E5AotTkGJ1wxJbyrHzSO1fNUcOKQ7Q35wnV3hHDVZ6pG4XZezehacVSLAgSmpyYL/6M1yJGQJZzZ6H0MvTWoMuvcOA+IF+qP5pcVbuxM2IsWHw0/hyel9AiPery56A8GDZfHidYnWfg00ePewJKLmusxoEsAps33iVYHJSApdvqxdrj3Ba04ez45p1DfFO5/ZlqviJ8dg0wKIbRNoIOxLjUNQy8l7rEGfphe9l0VvnNPGVbHXlxkt7yq1zrq4yMfd4oRCcW7PMChcSicjhwXhS2F0U3ybYnKnK9YS/dIhNm4l/K0REF2E+QvgT2ur5dLYsr0O+FVzBS18tldJV9dofyzUsDknBJ4MGnhEOrbmPonbQlfm3adqj7vUK9/J2cbFR5JH0cClxkGqlc9tkBxSOGkNVi6qmMHsoJWfz3VwkdW7RaSc+IKkeJSoP2wMfrJLdrY2WUMxf6NcVKwrFYee6lOSWnhM3Xx78i/wMiHJcVmXjHkj+7NeaM8ZeKz1S2yDsiMMrvSQk7WPYl5SqUihkUTLIOWkbRp9yt872OAWrNCtbon1spWMFG5J8BvS0cpEBVJiPARNwT9keWCddPoTOx/MWMRyJ5G7fwFvJg0KLO7i4XuuO9ZF756npM5lyG5oIuJDl0QRBTtGWk/C55puIsL5xSXuWUHpbgsaeaP7r+HYLWOdlkgcZJ/U5HGRnoKMOpa/mavzQSRU4mQABOGck1wsecTi+1kUdvJS0zGxk8VXlqgFq2thUKKp0i5894+iSuiy6X5/dWgxHRMPQGAigE7AnPeWq80kTREakm1BuSmFyvpHqWHrYAmlGT8dunuqIerpei10REPDhxNzPROFDolrTji6qARBhCUBYffnxg4xGHQwLV7aN/u3cAngg/jay12uLm6AhdkAuhpEdIcQUYNJ3STEon7rzP6vlXNrifuxOPmq9Ru+57pkbU5eZJ+yIGisUyOj9JqXZbrh7niRCZjQhI6B0q/F99q5yeFhI7dYIT+UxXRiw3gOjShuDDsEvb7s3WuOu8cDZ6mFKkpLE7IruTbTPWZnqiq8aDf/2x96PSiCxXFYKhf3T7YmC3SgwST9i+vddetQ7NK4I8Emjn1Nqnbqg13knKlnh/cjJ6q4KGj99eKxKV98MdLqVF6aLtsNzzCRqhuuFR8kmM4kBo32waQGP54ceaHtbMNcML4417UIHyU/yjFOONHfE0zu8D90hxfs4UjuHqxL5MC854PbITweFCtZ85M++JFTRpiihfDtsdi/zyoEU2x83V8G/lCBB/14taHcVcbTBqpYFurPYsU75lNGr5NtWPwxNnJFZlIBde38cBBma5C84CLFaQgN96J+oMRZngCOdqXtxKxaWUb4O+Ek6InmtJIb/pFckq6GGQComCJ1x5YwUsAQgp2AuBo5q8/amIBw+Yke5BEy8PYKc5/RM46CQYz8w0J3rsZzjEmSgUSNY2MWVwfxNWMIYw5UB7JXyE10OBmxfu7OF9Ay40qvwSfKyDycwcQwSzqTaO+iu03gtLCCX3FLd7N8QHRCtP4wftVwLap6Ukbg9le5/W3olrJrBiKk4BSIvZK438L2+ptxdOLM+6SwREv0x1tbf0N7YPjgO9QQvOfNsv4sVs+KsxrrqLi0ao87JTn/mJDMHhPi2ZJW0Oxty8Ym1EOyzT3BhsORkcU72E/tYqLTYd3BToDeYLrk4TlT9QE5Xaaq2vhqI2JS/fH+1z0HWDhjz3tG4DV9aoVPdsPwJsRabicEbpCeqJlBQB/6FFQOHwiSDzlHfb4r7agkyJWfB2wReuzRyxOOOcWhrg4WluoouvJAQHxY7PKiUqBS56ZQ6XKVhZBdDnPfd+NWut7zhZ7F96cQ3fz8cuQ67e3LIACqnXEgc9ox5BjAvi/PXyQvuknlZXParlsdlgOzkv2nWBxocP5uSEE51RkjNGYrgnaxvKxsx9TDg1H7ofO68ioHhqZnbQwzHn8zMauz00dAgXqeQgNMAdCASpkMQ1COvcO8DUQOWHCXiq16/xRo850gV68QdR0PorXhOs8dxsk+oc4JsDAE+JwiaYU7yWecQ+jyJK0HuQIjaA3eE2MQlEOTDs3JfyXOmFRCEh640Uy5AM+4//v8z+r2v+OBPyw3MnIl+ldqpKK7Y/E6deXbx1Lix6Vq25MDoZCejhivokwJtZVyMjpLQVcBasveZ7GjJac7wR3dQyLXWBhxOvL9lARu40/Xo7itgran+YtRSFhQ2D35U4NdW/PmGqETC00qxInkCvVdO5whYxRjN7su7OChaETjzC58tqD8qN/f0uy2XkR1m/zkFD66bQ3/UohooW2YV1D3gway1Kri3cR2ueZY2beeIZPj/ODBEOpn7fva6hbwxsSdrSqFR3bWdxAM419ASa791J7nGlVEkEmGyL2vAhm6/0JBCPq8oAPrcfzw5n91dlvBRTJ+U1hhUn8vZDBL/F3kCb1WHBjGzQuJ4iVUwIcQ8vlF+T28+CV4zRA2U8OlSHDLuHtAoY0LqR8Yaz+snVJDH2wV3jMAryRf9/IS+1BYHpsJVylz4Ms+6FN/Ok5fLhVfTfHIqW7Mic0h/feaeBQ9I/6tvEeYEX4HHN8yRNYmElQUEmHT/Y4Y/Zzu1Uxh5qVvxwEIsH7obr8+awSWjhxDljhLBvcC9rfnj1lYaAv3cwtSWYyyjhGgAcDoJhLXTY2mQ9YucywHdXF/CtSlHGxD3wjTNE15xnRLcKD6MCPRZ4+dUWaOcAqAPDUzTwy9KHvKH0MRjaB+CccsXMJxvL44lqRzQUbK0iEt2Hq0p0O2IdXDdvEea1CFGzA88QHG1x+tVYZMkMhKFIZq9p2dlBUfYwgiCSCqxgeTlp3x0kQ/12hQdVkWVw4xyv+5LCuRqo3dVD31wLRkYg6WKYahaobDzuK0p+3+H2MsFhr/ZNiKtpzS3mGBgybZrQBUy0eEF/sggYXQzsolU71gCMTyBPFBpl0n72MsuEINNlRo6EaLPwWcdZGWcjYFYDVltUBLt68I9V2DRVN1F31VfT3HjqxhNkh7khj28AQlzOsA/PcTaEzK5580HW7kS6TZHy0gGox3b3Vj2lg/uXQeLry2x0+UBUtZVoeNoWH3A3UeyaYw8mUMcc2TopEt0oAUxHO3SAYL+M1/D7MN1axmcdCoKtmD1SEo6SeLmXIvBAzYNEDC1gIBjKEylyHqmbmWYqUODuV64R/MQaXYjcLUg6R4xnrodJCUiLfZf6142WUMGvg5nAehimnVl+O3j+XXCYl7lgmpxkGWuOinZXpq29yBgLVogCJkq404sjpUtIEyXHWmQR449FGg07iU6P1Tl4TUGEnpXw+asKQqoZvLyqPwNjs1cTZkdkAK3e0GBCNA3uohkI7z2f8nIRssgK86b0RM1/XF9GCs+6POqo0VC50115AKEsOj+diOfhvIOEwi1CuI8A1rv5/800UR15ajZS4xnap+pmkz4d3/+HsrK6wWLtx5obBX4j54SpUzurCSUiVdO7ye/x/wWQcME2Oz/4FaaG9OI5QGe5WxUp2VZWhX2nAS8Vb6AiJVFEVgZS47OlcxAFqBLkLVNgh0LjfJzhHX1mk7PW6ose+mzGajlUfT6bDdI5PwDBPHPGphSwuBXOxePwZfaIcHFU4B0PjcoA/1m8CDn/bFE631JeLvigOhNtH63HEZmRxwYpSbmFYZU5IplKjHYMGEN1uY3NSrO7SOu7NrT+UKyqJKPSzw+cEBNs4naUdb5OYujn0JvRz8H49n4R6Aul8NSWLOcbqMHcymI+k1j5MJ2jntg+6IgRAp4EZCSfrat7QyLKadpE3GmZ+mphMLacfSBDYrCe7GWpQwCzMQKKzliG/qcfIZmyfCZv54jlEa7lpeABefx1zyyXkTPuji+KEw3q7brVlaBJ9dSNNCWj0AdhO+JDC8x4HYqW4WLo4BPWZTEpPifLRZ6FrG/uxPxka76atVyCjMbLgmbhTokBctRECYXDrf+mHLnjicfVVt76SdxDUx9FgUuyuHZalIO/hTh7gWF1YY3C1KBk8wEBXdrrJ3I/FFVOdvMVcrhuRtRKEkRaFRBBOOCmBAKqzVvzm5LesseSDwZY0npHuwFtATrfucbxo4ht+uwNUwBstZtawi/F0YbTCXoIPI5iqd03u8r87NOBM7S5T4tix8ifwqLohp7YSQecMsSOWZpHoRxe3YOWYxIHYXbZACmDCMDFgUbgBjgUdEqHovIWYPPgiF600N6ge5l/Ny6ZHllA0+fY6Z0LS+b2+R//RBbZPqZaSfOS+hPyL7ixzCE6/O7XmkwUsgj7qsuJHQsG34fUQmwSZ5pj8VqbMejxTed1z1SWz5m8ddOZ2lQchfGm7gkU1tR+L2tM6C9olrEMVWj94gR2eD1E1CXS7DhD4hKS77WaeuCHQtOAT/gyko5Vb4T3II+K3/1CIh5Rnd+GRBt+fkN7zqYPJyObtMmiE7nz5onurO5rXj4DPSaMT8s4RJ50TrQvwpNJDC0CuMLsjTUfNyUQM6ht44gfmkmxOPLyNdxJBENZPda2dAG6ZfxabGyfyvj42zGJgVERFAOc1q5RTq7Xt21KyJirTs0D0/l3UinTRp4PUIaEtPZIOn9xfV0ccd1u0hT+pYVDJc2wZI0uxMpdiGdBQHuLYGfm9Q7gxqD8kiPQZqFOHSueqEGi1/LoiNNMihncx/tJP9msMhm/oe7EGQF/g06f2s/2bIFmjKhO03iSM8Sj9Zwrir7ZfjuBmK3EnaIJ9OAxXmvG0gL15AbVXv7JY/bXitvxaxSAOK2057i0pl/dFoA8ZIfSbEWJB8+wla03EjwKPHh4ZkAfr/VF0iC4h62uJB/JokDSzlVtb3gkYLeV9LYhwge4D5wmgbjKwhqaz0sa3kCvOsHHln0y/IVaciCxFiaQ1du0eq0aaOQU2oiiD1tTz+gWhGb9qTqgs/jFXOlc6LC1oCHqK3mzG4UMu9qRavLiyyOJGwKLzI5tKfzvZDy2dzXCEujGmpjCrFDsm3VtXmMQ6hMnTrU0fRQftQJz7RlRY9bKuhYhokBG72eKfREI7ipwitqsBdE/sR+4GafI6OmDPDPDjOMVRpLtPQsRaNmoOp6fzCQwH0h19FBnk49NqO10Pi1j+KevGITHTTsBqg3M9tRXR0Tv+8KrNMR4dHt1Jjri1Ut/fC3oWeBoGjI4AxTaRZuAHZWnQ91azKoZJ18OCbA1mKd9sxhHIS+Yxxp4jLiLfgDJvpO0IjCQWmeNwjzqw5Z1HVHBwZlULkPbtSvFdWzNfzQMRKVHntDMQwrvMJuiLXvD3vDngfYA+Ya7qmpvlkqu8+KRaTfw6juKXnyyYJqfHegndYuLPVKq+zF7X6kQzcAyjvMEDml1FLC7GOfD7CEMPf85V/pWk2efSVI4cNvuoe7brZVfuoEtmEollHXewHStEH9U2XDRH37n19+WiYekajjojjBnMa2uIhy7kkyEQb5eF/Ks3+3DEjA8NXeZoosFJYMPf8dziXJflwhI1i2IHUN34RHf42cS1XvnUoHZyMaqZGNo5a4j7HrDw/2DXAeqOwinYOwPG/Pw8je0HrXMmLZUOjyS8hoAp/3w/9Esl1P5dCxdKmu8Eh40gxN4xx82sCl1PRp3S29MyP+QMS8V6gfdQgsEHZY14jHWhCG6PQARJPsZy+14SndYl0qPNGhmEzDuezbWB2R7XP53K7AIsAXarQd7W4fKJo/BpUoe9nF237WmvTTU4kRRpTfux8yvyjmD8VZH0kbjvNkfHYMwbUEXyWzr/Z38+CxpRDzTKA/F4Tfv/OAhh+8ALRyKGc6sfxoIoQdBRTvI4YntKbtvtpUqTR41E+9TIPw/JdI0R8F8DT/otxoXl0vBPx1EYdqxGkjWJ7VIO5fgq7MT3sK2KddVTNmNOW224buqFS0ZIFKEyXu2/EqpyhYxld+WP4i3xdIx5rLbXLcHyO18+DV+/86fKMV2n+4sFNPqVyoORyuEb5R3lm3iEvsebYpn25js8p5QLRidW0Uw3ei1xehN8W97H9MDOPU9eAibNcVgr7qdQwhkrC1Bc+7su2HPLkLvunMASGiaUbafS+YQeorODQ1LFlfQGuXfa7IEBTuhwymj6bREBqjRjl3cC8rzMmgSC65tDl4rEGs870CuE0YQVcC15s6kuHwIphtR54Qemm+WjnV4Xp12Sg28GvhbBsRsGmPqKpMRUKnzRqZHXXdjTpPDhx3CdJTRZXgP2wuTRMIPd4KwlWktaqe+DlSU32u1Ybrjhf3SrWvc6qKDqAYRG0EDOHyMoWcyEXBSc6E7uSzk7zfM1EPr6fVDGx9IsqQhibIOetTqF3TyBaO8sKrTU0BULn6CDbLrOceGewqm1mwMp4oah+ZYwt1B0LT64aAQfahc96fCUxhc76MjYRk8TcwQTsLFL7RFiOe4NimgbOb5/GO8lojWk9GluSSD+S9Lwl16D77hbYxAqhWciePR58SBBeDasd8xI6//CaX1jT+MSfPT+20heNg40mBTq2XVODuHFw5XBRrMKsxJCWTaVZzCJJipQgm7MJNikhlPZH88VzBGzFvLbbz7SkypGxns58tFSQy2CXaOCVQeJv8dZ5yRxOzKSwU1Vyb/tZxZIpinweP8Skfo1k89KviI4gBWmSud1IRYYCWAxNWy6d4m5vmezC1Cw9Y23pu8Puv+5YltWGqkgxRjvK7qeBjzrTcqEQvGHuRemrDeehuO3Np/BKbCu2USWzhr+s3Kghkuby3I5sJRB8kGIIIekc/JS6ynSksQkatoprySrnmIuei1Q6QbzGJg3OjgXNj7/tJvcO5vMJqaSIxCm8ZZhm6LmCnuMWrNqdo+bB/BX2XJNn24Gqy9OapaQHgifcc0QSLyQajHlTBbn5aL1QvDfe8is9nfyqDvibo5lj0+raj7kjaMY7RmthFqd6HeTXW6EpugHPzSuvn+roAa/Zfp0SNEc+MeQtADn3bueuCNGRbPbgzzG5gaFV4UpWdAYzCLGbwXFN1s2aPBy3rVtl4TGKxG1fXlA3I0NZ/KEg/leMnvwy2+WLkZxQFNBW0XXMJsYIlCUEwheSaPD6ST7HkNWQzXClLzKd0UBIUc91wIa526Vfr4hT7ARAIAKaSRGmyBaZHDEuX2GjNm/09YfF49CMOQQzV4MGBvFlqIIhJBGYjy5oz7Gk20xSKlDJd0p7k1cgbyke9gf3u4dQ49zueYUeJv0Iti6VR5/mHnlM85a29mz6tir2ewr+5v2dwZoDnTfRES3HUgzcWlu3pE3wKHg32Q++4cz2IaSyUge21Ikyh5wNyfkmdtp5XmA+HVkXoZvYJzciEj4H8dKTmpCo6LPokpXtzxR0614ap+wuEoq/K+XDq8bm1t1DEwTaRrFnvFFklcJaTlFTVEskEMGndDRPI4/AU0w6hVO6grURyw6G7bPj03adft/ImOwotqeqfeR4SWJBrGFkgrja1zhjYYshrjTcJnNKHxYCPap5e6ZouFfNwbNxP0ABN/tobDsA8Fg4CTfl98lriP/EKnjSpP3M6RRxGCc2daD57b3K+G01ov/Xby0qpQThdCL752nPvA3irCmuyNlXkzNIMMw0ZQhZ+/yM+5SQ0TsLqoQFFVGdmQFlPB4IdB1OoKwlCsaJxSMN2QGn+XfBykWgrt5TuEsyH6+H/yfd5fTB9X/KQQigkwhmb0vXFct24jAtjxM8T8XYbR9kHnmn1vyQZeO3yvOspBNMZei4GPOi7LeGSDzZO/rP749PvnXKXk8CBjIWJGnQHV1m1nZRRA6igxxmkIuKEsSzAspm1cPXuLUYM43soLpY+ummQusqcuzS45lBU7qzbzfzoUMIqEh/CkMsohd+taUdmRQbU7zUAB6UkDKylldOLkJljJ8ierOhCkCPKKxOHB85G5W6ffWFV8GBX96AR/De1lLJGi1vbtXuaC5FpmvadxwZOsjAcsiF5hh3miAI4x/2TGS48YIPGH0O8IdUjanbA01oAI61p//2N2n7m5o3vis8GDZBVhmVdgdxO4ts9T4ra7wz1Po8/qbnknkyInNP2G+Pu2Lc2kxR3IMHnMvZbvG21vP+SfAe0t2fG0lDmvG6/tzEUd0H0EGUYgokEWmGN6xYBfA2Zgzn6oZGIvWrMi/vGQDilhs5uGT3PCQX3iDmpVc6UoyUpcZ8BYTj1JTYBacmpr1j6lSVNBYnluH4CCxoSVIoXjDjoYdJ/tLeYBDeeBrzY60wR5UpKAGSM2s2wBuuMMrVgjTncWi4rP6qPsDrABPDAMusaxuJX1b1PBV+XtDIEqAJXLQOY9mT5/m4Wr04zHmoWQvW3lDS630svp7GPbvr9f/KjglqP26WV927W8vJ1EgB/8g1r7cvzxfVuqr4ewywCyQXa6f7CWjePO5Dcw7l40dsY7dn81RIhEHyt6n/ifc9MpHPgOu5P0G1LTr1Mt8JI0FyhDqEkZkyApUgnFxMSfhVIePlM9qK0oliXSD0YZv6EMQk0nQrSne+lla+wvJJUVAPQR6H7gTDz6vy0hTfsIHNgzHJ5MsQiR4S+0e2ta7p38bbHMHSeSHk0DBDYv9zNh8NTuRPeQS41dLGr/54XpKGX5AmT3bTJnb3D6j+Itiqn5KqsLpCENbypbmFH10QbVAavGo0O2aog5w9CyjxrztxjpI4k3z1rW+C1O6W53MpceLV5Nd30qAcPf2pBstXSjpFnapHXg+wdgtP8I8IJmzE0Sw7JXyel42qXr7Z/esgeLjZXtp9F7Wl7d5H5g7yOExQUegaijT6eR0GBzcbnRDATNnHiyx8u75TabwV6aCPMyD6QGVl8ioDA2NVARMiBPaGpw7BvqCQ9OM+5zOf4VhQ3hODW35usDUqEuV1WTl447i0HW12y6dZwZfdHMU69xtJwFCM3hf7VmFHi+JN+9qwdim0ZX9+DQsPflkoQXUrvlCdIhCxd8Dr9f5b1sQyL//PvzOkawXfNUtOWIUxoLkiU2xc3O4X32CIsJdTVg95G9HOTlRSNDpL2jbkAfObKW3OlcLors8dNVRSPoHhajY4evLMYO2Xq/2lFkaxzXU58I4xCk+IkgtXUJ6mUZTEINdi6yEMbOPQ7KNF4YCHLv4/m142mGkvyOTuOo0G6Bv9wPnEHerhKeC4AKkR7qNU0aJNY9OjNUnQB7lBe3ZHy1jbITl78cPQezuChOQkDb17zkrNjRzFmQ1hG9FzRFLoZ1AX/wp+IBI/98CHNM6knVR6V9WoHfpD5fkTunPOwM+605Gj10RGwq4sZR9rc9On55kBXaiPMCaXNrfhnLo0t1TAMDNldL/b9VL6qfJEQh40vw+J+HbT0dWK4JZClKaHehrvJCXhYm2om23aXAC4P4nG89FPKS4lYYK+9tBX4W5c114l7p8DQbvQhHR2HZCBic291D7b04eOt3sK/bO3PUB32fLhaxzt4dUipxhBCg0/EHKnWNT6UmEAo6W0RW00n84Mh5Abq5P4ZUSOcBJPnwaDWRE4TjD5W1aSuN1j+SSJNHOD9uLLQnH5t30JVYFnm/pz9tsM5vrd+qk40mLkw5nFOB/miDBA1KAHMQWRn7Z8iJyAGvXbXT8izHmEfVl9ubpy58XeM8voCoMc2YvV+9I2JUtYRr7uzuZAHkt6/tGGl72R+X5vP/GdhQHO5oB7rdqLnrocWFOXJ3T1jHecdgJU6sz6SfmkchEhhe7lwzc86LuM51tjt7r0mWY93O6uX+vEVNpuKKstwbIn+hyK8SRZ9nsWonuVqWLeIndE09U5bnaw9kPZxdyFMtoJQ1sTa47zs9tg+9aXN9hxcT8bQb4g494aWpIgZ36WfSkhFoQR0IPJDMKbC7wMALjrsnVqY8esxUNULysS4II98vyXft3VzC/I7nj7KBxbI3eKfBccYo7kdDXDcH9N4WS/0QHU9xMsiRl/XBrN0PiHDuBumulN8+PfELQhdhG4uJ1pE0i6GM1eaK16BugFcho9gnNRlUUP55YuothPEO2gRF1szVSpYhMvGfHmcSBkdt5cRuV0wy6onIqgnYr90vCOUIG8J9nwzxG+w+qG1quDkcyH5a15BQvkl4QGbs4AvcpWbxppniglLUDfhNTNAV97VFP6bxmOGjyWNoaC00jQFlxM0/ipguX6bjoPq8WgeB4yghfkv4gs1EJtwA49cPRDP9j02/HScECOoZ7JQyAZ6Kc/wjJ8cvnHxceQmV48/2K1TxcKl23eBJYIN4hivjcRTVPg5YwZ6eRnhNs/8K2uyxzOvFZpph+hNnwcJiv1LY+U8iv5QHk67a/HIUXRzuje4nMnLVgSGHeeQUSzPV6KEumm9FKmS000Fkb6qBgC6Qq+7q15oiFtctYN8GvtTv5kG4utTr2e/HrSL59E29VHhbZaTJUJSS3GrTMDoOZxpm7cESHop0XgTjb9dpCwPfIl96Fa6wEWYzvI9bwNv+/CCr03IRhFuAmePQ3E/rCQutnxyqJit46anudJ8NMzPHeK+z5/Dj9MN2S4m5LHBD6+YGRV9zkQsmGJLtmFarQiPEGhVFsdFRk1GxUs+Jkfmt3XpUHlSvw378pY3U0WdVXCB156BakXVR2cYDf/DRq5lSrgcTUmzhsNrfJArMHY7077+1+Ka96IKs/j3Tsu6ZumcanmGlyMLG+J+1NIytksQ/ehhHIam5NrwgzpiIQeUji17KuUe8qbmdTnEDRFhp/il+tSgAbO4EV3F4p+HcO1YxbpwxGH9f27xtqYFBvW2xyEJP4VYH8eExSM9pIbem715yN2NNOy5U4HOFkw7/89QESgtwhY2Ndev9Dy0GAGmziA257m3Vk+awubQeJM18YO9kHezA69n/tbKgIv+OqOdGpnycXFbhIyBnevEYxLpyT72VhaUiqf5dXBux3SmY3zvLpFqNYD0FVRdSAYM+teDEWPF8YzwfS+s/TBI4vSQAJrJe5LDF9yLd4bP0HEjPRLLwpdqw41VCCZQmYP2Npcqm9v4e0JUfBfiX7+RCIH87gBW3lrm3lxuNZvtPpMbBJhok6L7mMZaZQR1WIE7gmig/ivnGMr/KzOmrGbMQWdYQ6HIVUE5MZyEXZaB1C2wkx3s24GUenDxIRneZPt0O1dbUu4ikRUOQYQFwCGGMjwvrDG5irL9o9jtaon1fVzjh3Mn+jDVw3dq8KTwc6M06nKuQz0VfdrPqQ+Xv9EbEYx+Y7fs65Yk7xysVVAhMQd3ebKbEbAj7++4iKb3lrsumMGgKqAxBU7Htjqbe7pbmB8FHy4U2nbqptVONHkyPBYWS9+MaZOLPRQ9kcuzG/7fJ7ZydXLcALqPVqzxj,iv:zBTf+IXwjEJa+x64pNqfRoaUHiiEvjwSUUB4q8EkkQU=,tag:L/7ZvprEBuLywT44Nf7geA==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSFZwYzA1TUM5SFphUVQ2\ndzVzbGtpZ013K0JDbTJMMVFHOHlSNmppNnlBCnNIdFNQTzRLV3ZMWTJDdjB6ZjJa\nZ01rMDRjeDh3QTBqQ1Yra2pjV1hBdXMKLS0tIElTK0ZmVEZ4b3ZqVXFyZnJpeHJk\nNlRTRVMxVG14VlQxKzlZY2xnL3V6eUUKnSaJ+pjURGztIBNy4OGvAmj89bPVTUGp\nH+5zRRxDOHbJVBAHNV/qREO0Aklj5/f18cQFZLcFyNGWoPfDiP+YkA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYUVBTlowQmtRcWxWNzRp\nU1ZFVTdmSmpzYWZTSnhDVXJ0TTRxbnBDOEYwCnhHazNBaDJkaHJ4VlczN1E0N3Y4\nV25GOE9uUmExL0J2ODVwVGRxRVBuNWMKLS0tIGxjU3lMOVdEQlJKWWxBME9CS1Vk\nQWVuWURFenBxSC9XS0VleGhsMHRoL2MKm6RRdlpMCvJbtlH8kxai1lUic7Hs6fMl\nK3JBXZeiJ1j9NDYxxT+BAnnJ+VY0HWj5B1F5IFav3sdLgxeytkW7ew==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VUIvM0RpMTRMSFNBYjZF\nbU5ZM2p4eldPZldtRXNkeW5PclJwTUVwTzA4ClJEQUtYc3RhaTJLQkFqSUppUENp\nWlJ6ZWZNVk4wMjZneEFadDhLMGU1VlUKLS0tIHlFejhGdWE2cGJZeFpHcVliSGVT\nS0lJWTV1eGViYnNmQUJZbnZQS0pDTG8K4NIU5yTIGrd3QscGkwzhxXelVzZUzG1T\nYerlE66p1jtI1BaXKLtGurUb1h3+9BfYsKY/MswZOOwtYRPvpRFe8Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzL1dzaXIzQ1ByR1lGb2Jj\nS3FqbGFvRUhCdmMvcklNVzBGT09YS3I5cDJnCkMrWEVjSjlxRGptM0wrSDhjT3oz\nUFpQWDl5NUx3SkRLZjFoeWhtUlRNWGMKLS0tIE9xZmZZQmxTUzZMTG9tM2ZvMTRk\nb2RnWVNQVVJkcjlBekQzaTU0TUxuV2MKxKEG40iYs7MMEMj0VEu+0YwanUtMLfgZ\nySCMlZ3efyufh09obcNMm4JSD+ZPZewTRZhZW82bB9f4uAvo1m8OTQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ1NoYlZubGZoQlAwdEJl\nMzFqencrZUUzUEluWXVyaXhRV3M0ZkhSNXhZCnRoTmJQQ0VBNk5UR0xBZDJTL2Vt\nVTJxcWc3THhmRVlpc0MzM1pGVHg3OHcKLS0tIE5Fb2ppdVFIVVZ3eGwvbEQ2SGRx\nblcxTGtTZ21KSm5lTkVWRlpic0dyK00KggJnQIHv8FkRz8110iGpwXoUZA8YdD0f\nF9ucDi55JoauB/Jq7mkT7UPXjX/S5xVCHkgkRKgX6AunejhdajA5iw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrallvdi9sUVYvaDAweXg0\nTFZzWm1vWGpZR1psaG5TaEhJWTQrVkhkczJBCnh6RVdqVEdZam40MDkyM1luWnRY\ncW0vbkNqTC9oNWRaNUdBam5xQUkyME0KLS0tIEFTZ1dwTXRVS1dWYW9qSzcvV0wx\nMzJveTRoMUFRL3JHcTVLK1dRamY0MmMKNxiJ3pDoSXKLbn903EmaZpfZ7sIfBNYJ\n5mLJdWXtv9dNHOQnJMsJh8L099Liba2Bt9e4kaL57SjO8JGswZ+TkQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcTlqWjdTMTBzZkJoM3hP\nTnFWcmM4cHRGN1hra2ZZK09SQWh3NjRjdVR3CkRnd2tLelZPWXdDeGFRbHpUZzQ2\nSHk0LzRrWEJxZ0swMlBEZlV4clQ0cE0KLS0tIC9pOW1TQ3pUc0gwOGlOR293NytE\nWEtjV3luYlUyazc4VnphSVlhQmZoWlEKnVpdUa4mHynbbGHV6ouPXv8ROmqanb9G\nadTKO6F0+PCSVQ5krBKebods9EBGF7bDm/m6SsAN/CkbtSyL9Tp86g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRam5HRElCdEJMSjl6MlN1\nVFRZRjRCZVI0aG9sdkprN1dJU0kxTzVPRlZFCmVkai9PemZMNUoxMmhUQ3VDZkpX\neUhMVDJRVlgvRUZXMVB6K21qb0I5ZEEKLS0tIC9IZ0Z0MGhGMkpxMUJsMTdHbG5Z\nZWNCWUtHcGVCa1h3enBTNFdXbmVtcnMKXasZ8w4XZgCWSQjNiZ5NbyVpwsv8zXNZ\nruw9WpCkqen23AOr7cVYfz/y9pIaFTzzWIbXbqZF2WeYJmHAOXHpgA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQ2cyWnRDanYvcGpXTWVB\nUVFPZzNhTlZsdjNFRFFTYzFTeDVXNXI1T2p3CnFKWDNxcHB0RFZuVkxRQlA4Y0xE\nWDdreWdBZU1HcmtmRVBTNE5vTzFSOGsKLS0tIERyeEVNUjBaWHJLVXNYdWhVdzJs\nV3NlNnVHeU95aXZ5NEQzbkplVFFQZjAKrJBK8FuIp89FydPFcMfTf/jEE1ukMbqZ\n6q7nJQgRo8r5S4N7fPbfaYZkN8HIgyKkPdt04+oLv18E0NWKEVv4tw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaklESVdJTE8yUzVjeHEr\nY3pCWUU4OG13NXZFdTh1cUIvQUI5SVdIam1VCllDSDRRdDltM09Id24rNGsxL08w\na2ZRQnNUdTQzR2xKMWVZbmNaMXJ5OXcKLS0tIHVYYUhHNUlvVUdwZlo5bXB1Wkgx\nZ2Q5TDhjZVJKb2NoaWJGVHlEYndFdTAKDJ48QyJPbTbDtdu4rn6sBU1gJOCy0Dpq\nILCEWbJchEnp2LqnVuzuPCPbuB5XqO4WbXzdmCZAxUFwzi6cGj6p0w==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSjR3NS9KUWtJQWxuTWgw\nVVdndDd1WW5NUnpRZEJCTVVwOXN3ajVabWxjCnlNRkZlNVRzdGJiWFdwQkE4S0lG\ncGovKzJJODlDaDlQbUhYODBrQTRhUUUKLS0tIHo1Zm9wbVZQSTFLUGY2MzI2VXZD\naDM3VzhTSXhaU2I4NmR3YnRrSmlHZ0EKhfaKRktj9lEq3l36ihmgjgCoasDC+bNu\nQ8vkVB0wntVxLRddYVGrBkzLfekC6P/z7afjndWtIYSOZcj/FoGlDQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUkRTaUxLb1VVRldjNFdy\nMG5TYjdWTVdvQTk3aEJhRHRRWWdQVGF5SENvCnlXaWxlY3JFTDVrd3c5ejg0VVhn\nZ09adnBKaW5DWkVKZWYxcDFianhyOEUKLS0tIEFFS2cxWVIvWHZhNC9lVkcxa1kx\naUdpc01lQ1FJNTFBVS9iR2xpaDJVT2MKvovzuejM2JdMY7QG38yT4HWqVjNhSITf\nfw6Ht/NFIJRjJS6QcM/AGGsdHHMGQUNrf/e6ivQlokAnAKqaM5JLDA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraTd6ME1NcXNjQ2czSmpp\nZ29iSmRhNWMvNTRKaTRNQUdEZlh0RHM5NG1BCnJqcktlRVVaVThXL2FzQ0FHWkti\nVVRvY2k3dmVlMXVuby9QSC9HNnlHRlEKLS0tIHJDamtLSjI4eUV5TVBEdUZyRnVi\nQ21pNzVXMUNPN3dvTGlJV0lQSitRL3cKuyCAD+lA+gYdPAr9A5hDGA8eLupS1EQG\n50Dw3LEfKP14nhvrKgbZDn2j/18zHQGeOYYkrYf/MWeDkuBsDpeLcg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIOXB6ZVRVY0NaVFdGRXVQ\nVUxTai9KVmhZZ2pSV3lSUW5VSDYwRitnRkVFClR5VUpzdTd4dlJWSlU4ZVVkOW5a\nY1Bncm1Hck80Q2V4ZWpNQ1U1dmdtcGMKLS0tIDFzeFZNTFpzWFZoclJCc3JBQWJB\nSU1HV21ObFBPbFd2aDNrQmRZcjhMMzQKrE/bHN5xtZSs8iSHn/xb79ywc4HuJq7K\nWOijTqpMgvWlFvRvWGJGYk6p2WrByhvh5HlLBGMgXLKiMp8AT6TfkQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZWVlNk1HQ25RUjJEWWlH\nUjV4M3ptVzBIWFhyNXNUbkord1gySjk2OUJVClFQVXNLTWlaSWo3SStFZnBCdlJF\nMlZZdmZrNllRNDRoNnZ4a0VXNEFQdXMKLS0tIFdnODh1OFpCdWVzN0hmK0lpMHhR\nc1RKZUszRHBUWkxHYkF5WWZDQi9lTGcKlUSdHjR+uCkp+BrT9mURPl/Q08JwPxV6\ndJ6BcvBitsU0JGoxC3Y9AhNssjjPOqZ622a2i/2rw8K15COPJgHmGw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERzczMTBUZ2xJWmtHVTR2\nSE10NjZoV1dhanlaNHoyV0xyQStKM0J0SlNVCi9PV2M5clJEeGhnZUMwb0lYaVZy\nSEF3amRWZjFQSkxwalhTdkJYcnJpbTAKLS0tIHBTL2g4TnZ4ZFJla0NyWk5LMW1T\nOERubUtKT2dwdytMQUNxZml1SnF3MDgK16wBkfHd1fg7dVt5t8VJ4LH2cs9RKLBE\n7QcZuD/AlI1fintvfeR/0EFAXZz7/CuO+BxCNcvdSJT17YlsMKFmRQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMZ3YwMFVVNGxLcFhhR2V1\ncDFPVERtTTcxYmNKaGYrYnYvalRUSjRwU2hVCnpxcUhnTkxnSS9WOE9RWk51Wkcy\nbDR0cVcwS1FzdFROdlgzOUd4aGs5ZDQKLS0tIHlIc29YbzcrN0EzZjRYeTZtNWIw\nczc1eTlUcE1SL1lBNU1Nb21VRFFJeFkKIEtwsONy+TLjXjdQsiPcVdTgvakpHQJM\ndTG14ycUBBw6++BDcD4sEFH4P4c7nhaaekeWfoG7H+t8CaS2Zxfkxw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbEV4c3pYZE5KR2tubDJE\nZEJKc00vR1dqOEVzcE5sbTRVY3MzQ2s5ZjFVCkRpekdjTVA0aTJlMlltN3RRTDZZ\nSXdjNHNZdDBYdmFWNGl6UE9mZjczYXMKLS0tIDBUcHdNaUxtbEVYMVdTUVZJUDk3\nb2dmaC9DdDNPcmorNjkyRkhUTHM1OVkKsF50Yg3NCSMqMRYzjJZilvNYlmoba5J7\nCfRB7zY99u5M/QS32XuzgBhbV/vUoXjj3aVwc2XWfdZecXUpSySfTg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2R3BJMTVZaFlhc2hRS01I\nWlJYeG1SZzYwU2FlSzRjc0sxOS9wdExBU0hvCnlYc2lqQjg0SkJXSzEwdDFZS1Iw\nOWd1a2lJK29zNUpXTHZtSXZLWlVLdGMKLS0tIEo0cWxVVHhRbi9odmkwcjFhUzZE\nLzZlNnlhUFlFcXJKS0ZVRnU3RGFtSzAKD7xQG1W1RbA1MMK89j2mId2/nrgb1en1\nj2IZc0CNVc3Hx0AcnIb6Igersob1M+AZixIHltznz9fs0fviBr2vSg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ1RzYUYvYU1jeXk4Y3kz\nODFFL2s5TlNUbDlYc1VuZkRJbzI2c3lpbDNJCk5CSlJJOTBJczBuQllJRzZKUy9t\nL0FNeWJtWlU4bTNlVDBZVFF4Nm1Qb3cKLS0tIHpkUmxjZjhsOThGZElQcEZKOTJv\nWVJaVE5wSmZOZWlrTU81VG9qVFhQVVEK5yfB8Cu2/xg0RQiVezFgE3hRF9Bq7c4M\nWstt2Ls5hKCyOaC2icEBA/vHfJSer/aa7x4NP9gzECGwYfLk1fB0jg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdmtZRE1WTzE4SmJVcGY4\nVWphUE00QnYrcDRlMG1CYVhmZXFuM0R2K1EwCkFBaVlVQktMNEs3SkdUcHQzV3FZ\nckN3Tkk3OGh3VUl2b3pxU3ZtUzRsNDQKLS0tIDF6VkxPZzRmZlY1TlhYY1RxcFZy\nOCtDM1FlSHo4Q2tTUGVMb09zb3JFb0EK8n6BDAX2EdgxDYppqncIss47aUpRofB9\nCvY2OFhqbyxP8fXxFdpnh46UbzMj6Z2b5r+tDdI5uYwJpEPdbvh2qg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpazZ6R0l6bkdLOUk5aERm\nR3dSWmVYN2p3Nzk1RVlwdE5NUEE1L2Q0Z3dFCk5SYnBWTWtuVDRxTy9yUy92bXl6\nSW9ybis5WTdkYmxMRXNKVlJHa3NIck0KLS0tIDhsNkptcXQrSEtTWVhUKzJTVldz\nS0srTHVrdno5RWdNOTFST2doQ2xpVjAKCwztOXU+Ub3RVsL/0g2U6POAm/NgalDe\nIMNqp5COYSDWVb1WafhT1S2OAZwL+JuCUDfusUzZ9XbVMA5GH3s2Ew==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQTcrQzBhZnc3Ry93WDNY\ncG10TXdBdkgvWkNHV1RkclM4ck44a0JJWlhzClAwUllzanE2bzJDREdYbjVUSy9j\neFdpSTk0ZkU5VEpVT3V2L014RGlZNFkKLS0tIG5EZkhFRERlZm1XWS8rNlUveGh1\na21reFRJSHVZdWoyMExJelRkKzNiWncKNe1jyKxtJH9aieizxX/m9Gdye4AXfBtp\nnarB9jUcBBl+1rMNBDXOYST9Z46l4C4if7tWoqMWaPfXQpBhKbX6YQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNmNmd0h2dHc0cGt0YWdv\nTS9xUTc3T3VwSFU3ejRYRXUxZ1BQOVJCU1FjCkdBWnpxSHptaTY0ek9aNWprMEdk\na3NiQ3dIL016c2ozYlE3L0VSeEVmRmcKLS0tIGVTazdoQnIycUt4aG1NVE1KQzN6\nMXRoYkNJY0JRNk5kQTRtdTB2Ri9xSTgKEZcODK+OkPFCgckHHLhvFdFM2U20mjvg\nmTgvTxQbBRGaBFBAWhpdJDssBMwztAEcJVv37uH0X9czZMcuhEBHBQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVGxsR2UvbG9XQXQ3TVFP\nZWNMWCtWcDJxQS9SSW5pbk5TUWFNamhMNmhrCnE5TFRZbFAvM0RVekZTYTExVDI0\nMjB5T2RpRUVCMzlMZUJvM29UMHVhQkEKLS0tIGZNUThXSW4xYm5rTDZJN21idnU4\nakRSWDlTNkhDaVBQOWc0UURFM2lwbVUKf2ScK1QNfNocx4Rw2VXmtHKF6pO/Lp7T\nv6K43/aC08MgxsXW26mXFv3TGuXz0G/K6b2/WukaM8T7VB19ZcMvjw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBteUcvc3Qra1drdyt4dmhI\nanV3QnQ1UU9uVXBCeTZ4RjN1ZmFXZWlHRkFZCjdXME1tOUEyZit5RWhzL3F4ZUVP\nb3VqcGp2NXVGR3Y1a0ZGQThjNVdha2cKLS0tIGNIL2Y4TWZ6Y2dJUmhMSjRReWpQ\nRW5UelB5QWJjWmRiTFlGK1RpcHBhSTQKLeEZxeRDLctJnf1XFgAMh9RVuMNSOI6C\nveMoBrB8IywPvXa3XhBNGckzTKmnAK678UwwDkZK8eMYYUu+Z73eqg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZHJsYmtSSFJKcXJadlV1\nbXQrVWUyV21lQ0VoQldmajVDdmRPdTRxcG1FCk9mbFE1eUNXZTQ4TE1PRCtTWFVJ\nd0JpOG5Nc0FoVWlnanpiRm9uSXN0UzQKLS0tIDNaL3FDUmRuNHNKR0NEa2tFZ2Rs\ncmdpYUtvSVovS1hXL3N6cUswei9lVVUKl6MdBZnLqyojsg2jJUt5YhRxgnIT//lw\nElY1HEAQDQ9Tcff+dp1dC63MNolF0RgE3qFGaAvuWtO1FVGs/2oiEw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzT0gxVUhoOXZWb3JOalFZ\nVmlVbEttdDBUTS95akNieS9oNEFRRGxvN1hBCnJka09RdFZubnVncytaWEFPaElH\ncG5sMkt1NW93bmJJdkgrQjdYUlk3QUUKLS0tIHh5U1hLQjh2OVlGcTR2VnAyQlhY\nWTA1dVg5R0tZYjdBajdPK0lCcmZUbDgKq7Ald0LkaSvELNBWmsVFwr7P9ItxI0gG\nG9MgnuskEOEMdva2fYL5Tb1/sDRoNK/Fp88g1e2sSP2xT7y95F4xYQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMFIxU3NrYjI0b3pzNGpl\nY0JkUzlFZWJ5NkU2RzUvbTc2TGY1cHQvcWw4CmZxT1ZaaldaektPeGlsd2R5SnJw\nRFRkaDdVYTRKaWU1dFE2amIxMngrZTAKLS0tIGdUMzVCSTRGOWE0WFRnVUNUL0Y1\ndVE0dFpaQW5ja3g1MW5vblVGUHkyWm8Kck0ltr4YY6O9UJBjqSvpGxSG/a2eN9iQ\n4RKnzZWtEQn7lo1dL8RKAPbWOk7uaTiaCDAc+nbbc0LWRkTQoDaH5Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2M21kK1JsdkxoQzVoQ29o\naTAxZ2JHK2w1eWdkL1drMWNZaTVJQ1VmSVJRCkFpQittSmpkcEwrUlVFbTVzVkVo\nR3F0TjBpSTUrTG5lZ2hNeHNQMlY0QzgKLS0tIFM0VVFNV2tmL3VvVTg3RWg1SWxx\naWprdUdzYkVzWm1lNjlsMHJDQkR1aW8KeBRFmDoEvhyETnEVTyGzPv4sfZSjhO3M\nOgdJmjtLy/nV2hE7ZuvT9VR7h4kvJuy6/GzJrLPjEVu9BSrfNyKrKg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-01-05T03:05:04Z",
-		"mac": "ENC[AES256_GCM,data:7I2QOVu0X4QQBjhTYVrAxCC3NkLdjtcrju7UDieT6TdA0qCZo7mfWRy5T+p1IqV3ZcxHIdPSb5al1EZnR3P9u+KgGd5dIAofq1DtK7w4l8E0kBNjW1EKWJ7DuI/yWE02tvB/KBbtsgTFEd30ROUgxjVrBzK6Y+X2vvF2rjd8Pbw=,iv:bvP7vtI7vZ+8UaoIkp6nWpc8GY13KS9GUB9SAQFSQwQ=,tag:IqYmuZzEK74+75mNxA1H5w==,type:str]",
+		"lastmodified": "2026-01-10T12:50:53Z",
+		"mac": "ENC[AES256_GCM,data:/WKrvjiwGbsl1DDzDqZekZFRCVB6u6xyZ4x2P/ZEmQXxRzvXMr85DYeO2xjt+kyPGq5TFsQYgeot1z/WSMbM8xHw8vxNRuP1cocrxxHIw1VEA9yBsA0Oy2+hs89aKsrrT6K6xl4PQAgHCZJh777z3QOpqReSiKnIXg8EZU5jEgk=,iv:oLCxZ9GEFFfaU3C/NqvXZrZtQk5uI4AtGZdSO0SK6K8=,tag:t5XF4iNqC+g7o2FAsffaXg==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2026-01-04T22:59:14Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//SSBrjT7dW3WJVfbuC3sFdfFa9BUiPDkd07yRQMeOCFjc\nAjiPlfvd2npXvlKX62BS/UMp6Dbx2wcvEQybWBPUbdV5v13mdRwsmbGrds7qKqTk\nn3OHLnhfyshrMhBv2mYOH9I69MDL6w6DTxGqYBj6ALrbqVFnbt3JAfc813Kxpe9p\nN9XAxkzOeyz0ekU/FdaiYupXFNk+W1k1UpUxIQLP5hUgvK8a8NoJqecwCSByLSm3\nz/DStJ0er6HohmLzvj9XgZY7kBd5LOr+t54RiO23aX3tuskmWbtt7VbduV14yldt\nxjn4bEuyl9OJnFFlAYgA2OAk4Dykgb7BtFxXWuNQZPKMJr9xJC2nkM++sFSSxVYP\nZ9ld3UdmN2hlPA7LHoIs62F6a7pt8svX7YyT5DFkcakVBEfE/daSs3EuuQkTeZ8F\n0Rn85fFRAhEWLvRgPKB3xpV8AcexreB9AumlfJ/SGVYgiXXO0v+TrATMrpLJF7x+\nRUO5WL9bnTK6oGTowPv87rPXNceaLdmjgoWyI5AoOnzp8uxsGuHRSz2aTzKSr9CO\n139z+DUG1x6l4rrpRKTbmWo0ahpFIDVXVcscJG5r7d726HoRiJwQEdQO/yM9SF/E\nFmbyZsiQlleJMSZfMa/+efMekY4vbP8obRH52kVY1AkN70/88rw1HxjDKpYhn1+F\nAgwDC9FRLmchgYQBEACjwHKIkl42dil0wonU2fVhZ5ROO43PtLQHJMh3orU5DKwV\nNWZKNuiZ/TMx2AXwd13abCjolWTwEPZZ+8A4ALtPd3E2iVRxL0VPWegdrKkSuGg1\n1NF/M6/HuBxiM6DDKO0Ac6+iIw41nZLtd2CGpEIYLLu6mKntYrJRp92M/Md1bcQQ\n+EX4tmMjuQXRD7U3eZ7OKlKyxxRHY5OhNg4wgCpaW+4RJRw1Y2i89Mpc6YwT7Yxa\nsd1sBttW6drI9RtntLj6vblNCTOlhC5AFesRSzZUfSxOzI1YuMOCvwmGgGkLEtCA\nea95OoxlcHmKhQrmW15E45s1SpsnsWrqlS4uDzBWS/bG6faiBZpv4Lm/9KX0D2C2\npYEyufMTbLmnPc42JqgAWRwf4DZNYM3jQEHgLQ2ddlamuLpZMJo/TFpyd0nXtnrW\n49rPJZLWtv/h2xRigWKIndrP6KfxTkjyUutLOQs2+EDSutRBPV42eXeylfU7eWR1\nloaZVmdQqR5b5iPWceW8dQyAXd93oFMlwBywl3Axxqqu6GrYhhiDk4wV96nI/VPU\nQFXfyuwX5FmBDpAi5/V6gw4Zf3Zv6j4ZcK0GN7kTxGO+kWpXy8Jx89joBurF45UB\nnl9tVDxWFKcyTZvksLa8gq/v/+bQAEA4FY+5Gy6TLvpaYCR/fsUahc6Tx7OEFtJe\nARMZWthWDs5w3UwCgV+wmbUmrGPwHFfoo1OB9uAC4k9wYEL5+qZ86/9l1Ur/1WK4\nMnYGYwQgg0A5Su7iVwGDzT4JY8T8lo43sWVNBWErdQmvFOrKoB55tcqupJ0RJw==\n=+gJd\n-----END PGP MESSAGE-----",
+				"created_at": "2026-01-10T00:52:55Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAA1bnIjTp/jX+Oo1OuConNkZ1gKsWccPJtum+V0IjF06mT\npy88pa73BXeNiVqhwZtYDF9aSn7HtZh6OWN1a8UIqDenBODxak85CvfNZq/7eXqW\nytY74rYeA+yv5tglZuj/JCbK1SlZPPVB4yirL2xADYwsupFhqKChnFS9sV3tLyh0\n7/egP+86ZFt7ejP4D2Ts4/Sbz95jUtKptUQ2hm9dJAK8wMQzHdvWRkd6PR1eUaMi\nhWVUDYPNh0yaBbLDBsODBmbTQkNqF/Accbdg5cqy4l+DLDwR8iBQXy+JMH8+Yb9s\nDMGn4l7N+vrOz979ESbaKmGpHSggs7+mii82Zq6uPkQ1NEvgQB9RRsR+Dfcr2cxH\na3Cg/O/RKx0RPNGJZ67g8ehj9RTyU/uQpEAhyqoPaZqLGO8z3BViRKaFmZ8h6MKo\nT+fFy9HadekBg+zNrvzPtMCLofwksDoCFksd0E4dN6zYSD2WWKNzVqfJpIfwbn00\nQ0NoTTj0kjlt7+qwE6PtKYXBx3kRoYjR4vCXR5l0jDAn8cDshIsnW7q/vEA7Hwhx\nnzgXbsw0c0h6n3u8IvRGKM3IBJTz7XqXKsWjrdZMUVaaXXdekLhp3uzZ6rs2CqlV\nIc3M0dz0cHl9gaRG33f6uUGZxiWoWwbgKqkiJM9effKIC/2jxLkYtps1AGn9C2aF\nAgwDC9FRLmchgYQBD/9eYySQ2qrPvOheTo+kgYgm4Oz4wlutBliHAzcQby4WLHLs\nAacd0VuEBtfuinKMkJZnwK0O+HjPM9BRiFFR+F48ONL/mBrGcI+bHD4iOjnoz11g\nWEyFypXTpOGGJgwLAmK3GYvophaA7a7zBtqbVZ8XE5X2G1uKW3vq1F1rEUNE4yuo\nB8oriPCxqpsTbfUvXuDYS6klBHIqZj/uWUGe/Tc6rtLWg4efjp3XHrhsz7xw4ycn\nOYYZFCb0RR9wM87nChaXiFwea8givy/2+4EIlcFR7ks8Sjl6pYe3Jtwmmo4dSppf\nXb2gVScK6z2Zq4WurUKiiZoCznk4cmpC3WIPDF0q81hOCrw279DqGf/OXpycMcai\n5EtFlZszvfX83ELSlryPKlGMqFtgC5qB3pn0Ncu2i162rp/RsMwuShQyP7mQ5mgi\nG8xU+jaOvkKKCKAv6vUS2KbK9rPADH9jTbDhHItBx5+NZO+dCADOx1qRsS1JzHpu\nfoWJ0ieFsInfmTcmsHgE1C6qhIzuH07CqdAg3DD7yW+vwsobHraY+D/y6g6pOSZP\nlEe29hNlumq9kREa0u4YXyAn90VI1QwuJaawOqZ1KWGreVGIv66kbqfoBJYRnHkU\nDlOcj2/ce4fyuuwGn5G9VI4wOfAeb6jx7vniYTYwuyvRZkGR14mE4WUvgNZ1HdJe\nARhtkqMnaA0qYtWPyTXmkW6x/vPrTqUU7+5MWIrzSKdS6TAMPT1Wen4VSKKnvgbA\nkD5U8ioRwaxmGXWVnQao1YiU72JeOZyOpXLzO17n3m6T5eNSR5+32Sb9RXGdmw==\n=OEsm\n-----END PGP MESSAGE-----",
 				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
 			}
 		],
diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc
index 35bc181..7dbf7b6 100644
--- a/secrets/repo/pii.nix.enc
+++ b/secrets/repo/pii.nix.enc
@@ -1,74 +1,74 @@
 {
-	"data": "ENC[AES256_GCM,data:IyianNz0Q2G4/ZX6K/7+PM4iYBJnQt2bMjH8j+O6clAOrHxVIe4ZK+zI2O9TrcVJ5B2vWTJZZ65CXSEus4TQUGAzutPQCLDNWV0Fl4XeBGXP9IkJTS10/StKyczxSxnJV9QCImCR5Zwa/gZgRT4SLcpI9FnBzZb5mYuHKFUm2jcv9JdXOZM8oNT7ZSrl5aXa6+SxHKCq28SIPmck6WTPLvlPuCY0Cz/hUs3FKFCPyzZmzulgz9MbcSNaFq8wACpPptRo6E/sxnu1M3X4xVLh2j4fV7OzgYsRypgBNZt6hqSEAS1TG1HubrwnBEo4LqivpunHEOJN7W2JMIox2xHsAJ/acxjVNyiGGrcQ0ca+KJYP6YixE1klmN9fQWsfRK3WwEf4FzxTEtyuP7soSyPLsbgP4PG/Y5BDuzbbyWuwbyn4nvHvfnOg4fcKBxbsnuGG/B6c/4qhDpZMJtkylUSo7SYpReFfPjuaf4mdYaB6jnS+7HY/HM9IDY0ydvM5V4IMwUs5cKYADofBM71y0tc/1/y6vYpUMjxwSOm4qtm3h1fEiI65bOLayJon8VZJB+a3ieqZFSz6oarKtQsHQfX7foi7P2Mat8zFmIGrpjevQuZ5tJ6eCcA6kSrBn9pNhBfaikxXr4aTyTacn7VbFgPue/G1p6+GILOTOpS01OJNs345GDGduLRcFHC4s96psoiouuMBqkCZ35ZmVQ16/rpsbqywaLfY2M4/Ig8C8oheeFjQh3CwUB7e+sXG89cndgOGHHpRkkzmrp6csSIAS88oOyDJLOOwEtYe9CQP0kERF+yui2zMqx3IFgORrcyvl5mPcDyBnOUFY6XD3dytBABjWVugntrMouO2k84Sy1Dhikc3tTf8tGXH72PmjozFUaxklpetFsFf5JpfL1n9Qn6Yxbd8mLqpWkojjij2j8pN88LS30CziYBVi7YKFYJHMBFI4bpfvk3KHTPbpKxsGOh+y16brcBHhLPWjy83ycqvUDYL2/6GgnBddMD4YqxGtels8ShBtYGqkwjHsW8nWGUUHGC+RTUWjUcCUMpXXwN7D1mVyk1kzZRytUbZNAQw1TNeSYs9WV7M0FIV7q88bF03OBscRYOq1Beyjec5RVigNMimbkLxtBLaMF6p5s/gQKIz8D0GSOeNU6bN4vzCNFBZNfdOmIMgGQFnXCu+fHvcVqWH+s8JBB1TVT4Cgrpcx22clvNE3BDTcq8Zx6rTVQYxTt3FSrrcXzMzGhEZHOz5gb7PkxJ3MgaN5+qB88Z+a/9N2w4sZapA23Stgll13kvVc+MJloxHLmKRW2D7+2WB6msu5eZY9Ff0jtYUY9LZHl9CdLhNOQL77e8ST2AueA7vCsm3Iexh7M2tjWUHn3QQ1seIaP9pOnewbnc4tx22SG8vmd6kplRSvMbsy6T0etFcU85Fgv9U0YySBV9AdmMQ14Al1p/U1zmc12uK7K8oSjG0jzyH49UdrpJ3YzPlFs49XrU9/dbw9ruyxNoBr+FTRIBFKfOubk4YQdTes7QT3zVRFbQ4gcQDfJRLBPxQfh8Tl4umGVdPfupnGpDZZ5GzFpXyva/vwRs33ukJbLEeZfPwTLkMd2NXS5LT5VM7b4FTk9mkn+d0u6LlfwH4/EQjJowSJJcBBf8alnxwQiARF6SxCYApB9C6degt+WAOer07tp36MxK/Sc7pa6x8QpSdD2B8M3lOavohawzZwKMeg5KMkF5QK1EJMLrZAoCzTfEie9BpOPCWk1Rh9m8axFyeJItBU/AoD0IulYXDH9MJqLqasWSIVPaP6wBACgavJQJa/wukh9QxTPn5DE1lTQcmrscN73mkO7qGGVCx+/6rtLaCKej+r4BaTPesAQCoomtWtmaNbQDtrYnNxdcr9APUEP9BHMephCz7KQ/3A7jiY5vO9XNFgldymeNYfMg9Rwx7XHTMvdzgH2boTFUNS/RxbIT3f+SaoEbBsu+e1OwFw5fIuz4+BlS6THbZEykRdmKpd6ZTBHVwrUgrgLQ8XAhEOt2zX4KkipE8EZYDkm/BxGCNbRV/iEDh25tnGO4IKIZbVdWMuJ1NSGgyy2DB//CbktK0F4xd+iwJ1pVlI6gmlJ/iT3LqohoqVJg7PLonlOzBiF4ThHLRX/uLSJjq9SxmQ7F/+1mUDvSFyvByPOAYV9k0WQ2i+Vlt+/2m2cCDANAKUiiKCASrPMnEm2TQfrXcO5Pk8gIDebHua/F2e3+2PJP+uGWO1sKNSdrBLOBFixnL2IgtXFqCzHEC8hcOzVL87d0z7fOsGz1pMSaTVTZX4EaKCrGwkANGb7zFkpGK1Xj7o6eL9wT5DTr5mBidu/xoH8A1LCSgxFLOXPDpENC3jngnSk1OEKG5UkAhxeivcaNlgJWa1GUgMTRLoP3GVTVFbL/yrNJ1p6m9oiay6oYMxUhHoJCwQ174Ast6JRfIyBr8L4QYSITncpGUq/NfnS0x8mQ/6lX6Ttl6UymGGOeO8VLzZg/IxqQNhrUPaRi9uHUjqeoMDISEOXq13qIBTSTCs8UC2kNIR89fHW1xEetCYkxf6vT4stU5haz8UaF7+q0oKZQPPDcSM8HEwtiTndqPlNDuK7QZXyjKHbJKrwYzp5ONJXU5Phlb4qfV+fMWz2VJgWpILZ0A1zrBm0ojvJZGeZNtXpcE6SGOZifUNwr9Ozqe2ZG1k25ZouWCmixC5yrnrk4dTD5opHp1vNtQrBBa1BTCPcVFkIOUy5XlKsnsOJSxXHPmg8zDgZ0Bgwp8eyfuNyAQFSv2dcTe8nXSDhgsxtB6/fjWNS32+VgIG+nbMyD5bIDv+xCAu/RGvYgIIn8wt86X4Sw/Q7Xv+KcZeAvkMSF0MImVL8le5ZIHlUeD6BdaChaGBw/rdFpyhUnvcRHi065a/CGqEXubIAxfunT9RqMCprVHDjccV850vEql0kL6Xexa+gohsvbopgwMtp/sgn7xzzUQjax+M0KcRzYxTXKmqkd5OORDaWLqbVInBiIuB2w4OxsFdg3x8jBjDRubo5Nfc1W3S739pcy0aIiPDZ9Ls85AXrMi3rlTXcTb5yWreLLkXMnq5Xb3ZOlxTO4iGVDjfWMSKnVRX9iu5TN6+W67onx6KB7fX2V/OoKdE790Its8Amm0FNQ1CdL63nwvu417shMptnu1340emuY4IHFxg+8axGSO9mtXnBpRPK+kYcHgeIz3z95hDhhr62tf6CupZDrBnChqFph3T8xvqlKXkVP6nktmy/6WqfbQkxuLqjY3cI0DrruwwjQmMtAGEtcsSQhrnrOrc2LyJmbqMihS6SfAspstLYtLBm6cZV0dz2Y+aiaODy7ssIK5r7g63i6OSiS7b0K1TGs2Dhd+JMeUVVFKOfsge+w12RrxLlWcPB0m+eBXfb0z7drNZO/1lxQr51HjPQnrstwTVZvD8jqOMEqxhf2nWIhaM4doBbqj+Dt0lNtAudCQ4pIjzF3XHYqABm5yQOezeVtP6V8xGpHstd8GMyUwmNDp11HUPDrx8qyBqtaBmzfQChMl2aK88gCYNKlUptQ/tnPnS7keGLG1Pm1p6V+x7dNudFZeclWwDRHziOK+l+rdIaRxX+f+j4f95LTBzA99/Zg/MhpSoI2LArBGqhMGXaJghe8VWCVAOLgr/etmHs9qByF6kcc7b8T5u50MAsMeMhgCMNJ8CcXXA4ZFaQbPXpoZrn5qBjEwDpGU7TsPjzq0QvGiQu1gaqSPXikrsQ3MEIs4+nshpIcnUZQsThyKlzwl2yHGQw1qD7uicVfzw+SsArh8kIhGREq5arZ6cVetxNUZMcJpMfCO9rqRhj8czQwI0iX/qeNtc7kThFcMtz5XZYuVpK3SFU7YZn8gvKkCycB8xiTVSWHCeFKmcEg/0uRwv/0c5e5Z49Fvx7w5ZIMOoXUhMmgN5YGMqI/OebRoRPyIEj1hZT6N8+ywaonehMUeRqHptSTEFD0NSF6zQRs4Htvjx8Xg8mVpNwsRjd7YmD/ulTVvEi8lOMwfAdyjLiKP0+sdc9npsEZBSewFd6lmUlENkw3MPkGtw8U+keMmANZ0EpHoO6CnA1SqoM9T813+uC9lQ/0R0Pw1YmYuPewzdM/W/7KwV+bAyGIXGtCxoXt/EPwefI4+7CHUbviBgC25Jeezl93TOYzAJ0qNcRvUwAtwIKmwqycYl57Izjh/V69XSUq56uvOss87d2Oc9wfWM4ig2n/f6MMyVnBC5AIf9NGxMD2yS29iuMBq+cX2vcpCG24lkGb9lHz6JRQa9RqwKo4ZX5sRHzcXubTTYMVszg6GQ9BUM4gYDzZP6q+GsOtYvFDA64v2ykkj5iWX62G8BGE3qn8inVtn7Hi/yKrzAhNlHwjvkVo5LAwOJnXH6gBfjq74mZwoeCCLuKVRETYPRui8Dd2EZdcFRi5IWZVroTdaD0OoSxEWcloweSyAL1kaD/TgXpGVB82G56MIiOoLiD+bqNyH6C4Xy3ax2Ts5bChTrXww3gRGwxi8U4o0y5paHemBWB4710ll+akOWHfjUJltQp1Jfvhho3w9UE56L2vC7dYgfCr2H40k+2J9ZzjRKMaNjrsgtYCYfFSnQEEj+VLTZZPgAWI06YiGrb2LHkt9pEiQIpdVjBlYHAmAoDQ8SRiBaj0EVTK0O8j1BpoCIeP+G8jaNeN9M09kkiAK8ids5qAMfORDPzRXzsG5XzSTD0XS3UzEwbR8IDqQvdEXUkeRKdpvZY5vkqYDvhU0+XQRPZzR8IGy3agKuE+BOWn9Kdd380OlE4vnzkyAnEaDrQRMEbxGEy98aL2rvqaq/5ceLJiNM6/4UN0cvAldOo+DRjjfIr3WOx44umlUduuHvHRseA1j6JrOr7xOOphYs06TVtjLKayiatL9l/d2ybbclozj3wtZVlOBqRL1PChFmKy21GXpwkok/4vp33hbWP8BDHMSZdwdEAuyUKNzcQyT3FqdVlRQWT86JpoNE45SSBRReCOm4klW2rFjAVrEDh02FXS8u0VhYv10EX2tookDz3TXJD/Erl2q6IUvvpC2kpqbKlm/sHMhrP4x4krmw5AnbBbASXSBdaZGZGu/ivBJhGTOznOg8TZFph/la6qrJTJtukZcbvdB8tjmIIE3oWnIloYae00B5Q8yT1dx+WJX0CpiW4Te2dsKaD9LwlztwD+80zZZhnPx9WOI8Iu6e127Jo4cyPlgpOYkmD4RpUpoXxEXMaSSRB1Ic1MZ/IjsJca2wpVsGHQcjr5fbk1rrz/JVgFWlPs3nnlJfldhS8zE43DWld5ZewHF+FyXfXEVtZks4D9xdyvz0DFWhcW83BEDeHoRmB2gPalC1ecORrSSXAQvB+XIo67XpnAP4upJIbzfbiYtyK/tqk6VM7MxYrUt9znZENwy8EMytCmvrNKLlyDperMK/h3eA9kiwoigHkqknibBqan5GJRM58Z5ejhlAJSltY+/2eDgb9OKEb934k+u4vDVRUouzWZi/ZXzGjuLsJ3sy6Nk9zKVstfkjJA4rikb3GzqT4Z93oO/Ow+UmRnRjYOgZYQJ6WWNxQHp8i0xSssRtXWfXyIIQGF6+sxGQBWwfIYC4EmF48ahKs9kUSEBkfFK3x6PuEoAXyou3a30fbsjoBfiJ7o3ZybDq8BMLdJyNvVCFpOv8Y4n9Z9i7aeyL+vokr5a/gGEjb2eMLKz4kjbQE+gVuwB4WhDoL1CVJTKr0ayv+/kzcoEdn/KCNxRi68xftkkLCt+KTCqmH/Ws5TCI3osM3dLWL7/WvWHMMa2P28YTQu3Qy8/ek68JstZvYMilet8zZIMYFR0Jz6GAMNG2alcTo3WK3c/eMgcVQxFKdxr/y2KFxoOdM9Cd/sgnWtbw6XLaLXRmBqeUmbci6iVZe9MwQMxghQO4oTCxdE3Riwnpb8jm/zWPR4IHnYvUPwW9ItzjvX0ufXmFFUaEfSTKbmTCJK6MdQ+c6dwgilGBTvr/Ye8wWnq8JUnf8T5EXAPX6JrgQaphGchRaTZ7lG+CqjwbunkKv9f5UwRRD/8Ghf0Zu4vV4XL1uItU1oLYOalZzAt3i0Jbo5E4hXFl+msUwzqBs7uM5oNzlNBILqT0eJhIhATDlvvymuVUAuRgGkypRB8i+cYC0aL7RZQDKENGKenIgLTQNZnPL1nvUOX2lnQkL/i4SDsxTX4w16//+KKwqWgnrdGbQc3Q98j2EUz4TPnNv9m/Qbi1hnYa6ToybotWlW2AwHPMAgqrQfR6NLnIG+MLFhDn6bp4NoFl1B2ZTFhNtKXW3Y+L04AFqkuYqk3ZjK78CZa4+8RHMb3uhIHEQ5js+6EweeMOleXuOlaFvsw6jSjb54zOef3sFQgaVDCQvOmE3eO7NCPYFYGUNazd+/8zwcg+nzSlTQv6YzgYlBhRkWMM7G61omTW4wjbOHlLRMLZWnEERD0ClSMzysIZ8Dk0Vt5gAAfdNzFyUpy97NFSzvxXARFenUuBNJM5KQ1EXxkmtf/W/OAAcR22wX17l2LgO42RnRcE0O5f/Nw0Q5/9YnF3PFWsPN6vZrpq/CKdVUaNcgUA4xOmFk+xTVG2D5tM4mYDeP/oymZ7zmAcTRWwnimNVI2dsL9gyPWD5KL1xFw/rIMo9LZ7S+7aVa8dzkeEItsLSHgL8rbtf7d/LdrtsvcVBwmSi26UhmhDQckE8cyiW5TxCKaW6nGt63GBty+dJUULy5PdsXgnM4lv1fDAEjIMDcYF6vg9T6WopLT6W7vkJ/9sdInLeQKAzV/C9CGzwks6w/LDwq4kMd/4rBGC6Z7CtE8sSQj5/enxqPLzR7TIKx2tEc7X4NBSt4FSHuNNxwCx1yG0PzEp20I7Zuk8qYY6qxdaqJObs/bSavC3NSl9YzemCTHUdnnfcgvT0IodzfLbwRSpi8duLTRWoxWbZMPveN7b4nJNvArsn6kGF6Tb2d9WD24HrmDvUJB3+vbEcYN+PMwg8APkGzNpoVje2CpN2de4ceHuhIMy1LSsqENlqMT3HiIlTgL9ZMkXkFlaZOQyjTQXUcSeCwUCVfDb88wFANLZwTRrWmhVuQ1f7cWxtHIV6BGXA6+9FnDoUsJcjjV7WzAhek5JpsHqIZyc0QmxS16APpjUPoJX3hm802qH6Dhj4/43gtW2ji+ox4zSLHUgq1rCBHDFX/tXoq/D3f+j4X14EEVWL4f1zX1Ebj5Jmt+EFBqXhRd4M1uy2cZjOJDRGzl6bsYc3faqWQJmlWb+EwdqlVu4hJvDERfwx4ZPqe0CeiWVSHn9H1FBZQ9Wld7xiUML4Bxh3V8rPN2my+w2GOXm897NanJbyuOUdrwPQXOKTzTx44QPMRAlF1eF2TExZr+UdzWrPYO64gOdHQT0prIav+hKiaTCmvLw5XMWnLv9QtufTEIeZs9JaPCncCCuwXIt6ZAnzhHn0Hu/q5PoIXGmKgrsTwvorLUxgG7+aOhTs7utskEcf5n5V9Whkau1UeiJEnWbXv4RZ8foabQ62l4oWiv0dSIvUIW9wYd2AgtUCtNeSRa/AaAXuquI891aRhyV5JQ2Wx11kVMRYYu2YUNGMe8KZxrhJbjppR6qwu2xwbUIDokn70NM3182RFJq7WQYUTMx6EaAO2mfz34uuHtGOTIwSKDy1byzCedLgb85w8ZDrYTfvvZRxkuLbWYqdymT66H9+xqQdJEmf/0pJphfBCaDzsg0DfbQd701BcoFWp080sY2moKsv6ycaQSMQb/bu5UGMSGudexbGruZUqG21J/NaWsP97ssSSHCW3KU7mi8H4yrwCNVa6xXAO+CcSAX82nXGly6rS2PPHc/sE/yr5kL3D3nzZhSQ3HDwy68dbkov9YqRpH+xwJFvq78aSVQuRSoxPwWHo+13Vg/DfH9o4IjiNidqZJN6XZSokyRdT8+BHkr+Vu5Dew95g3mFwYzRAKI68VK0K4bK8fwyWSMUPcaYSnwBUaVnJFUMApkN87U4K8Xz1VP8uyKRPq2ASqL2qXJi1KvvJbxyd30BagkqlX+xs7v4OUZ3JtEiszmrLnXCGebMrpYGgbxlEI0CBWdMmmFlDo4TPuU16RW7nOLk6mxVYI/KtIiAMaVIWdx637TFmTvTtO+nsiEWJxWG4a3xbXko1QI0bBu3euVM0jY7EWnXB1/N0cPy7Wy7pNVgNR7PFTRhYQYJUrDX1WJYsWdF4KJ9+ZKLqeDtyr7nkVzVtVdaEjjEUPM37jRTQrV5Xjl1+DJV1Lfet0rBKqngc9gaT5SAlHYxYW7ObXStIO8PmqJ9Og8VN0dd4jzxziCMrk0Yk7JvrMmFH+T8QL6xm51lQkqB5jsIGnYZ4DdQMHLxP1BGmgFkFvf3vXOAdEG76l3pZV/Cn17xUu3j8hstDc1dWKdN8c0rgwuxlkKdGxAIQS1/HvaMvOlVul4e4O1u9P37Bktc9osQN8lJV6OTzhI+jKRyaJqMULnhxDV3dWuOZsG2dXQ3RGaiO7mlr8QVKRkpIZbGwmXqOmF1fYFAVHmaSYB7eD8tDCrOquF+rSXZ2F1FcS6bO13iR9zJYDTxUEXhuN+JcgoegR4uIcjf8XlPeo16SQK7B2KtDO8c8GxSUng02z0pgPzxmVeQvLj6ydS96FWy6MI+GIgUQZ15Vycu/wRidHOxz9jvYVfd/WQnR8sLHQozJMIBbkuzI6y9TrFx2dHbKPfA6bnmhYoVHRPE0lya/3cvwTiqfLY6QNRJ+ZKIV5KHnEm3sJRo1LGt6waBIYLaFXSVehn41ylT8Sh8UYFlU9E4w//58oJyBzj0snBtOf5HVprc53ER1XbqH2PGRA/cy21o4v,iv:CHxvIxUy9RNlieC17BWfSKFqz7wHvC9epHnBnaHZFyI=,tag:TSxK0lMVpDTo768ZWbJy9g==,type:str]",
+	"data": "ENC[AES256_GCM,data:I9IM9MgBhkRiwdFCdBIFeD7gGPzYKGX3Vo7wwzf0YhDMbaON5MJLbljyiBAv6on+xl+yGJ4RdrYiK7vVuQBG+jTzm+mkPGb8olURd6ZnpEVSBeNNtlagQcEVelNJhPsyKoFdBDcnCaKG33cM97nmvGk9OyDfrt/0ELKFO9e9DovKiZPDD97OezzONMQKLFpCQgiV03QaQ2zVfxS6s7SNFYEFn7w0TMuYWet014VICurhc1ka4nSXZ989Jnu5z1EvYEzqdWBkBFhiOl3uT5r+croF0VyFE9y9eieKwCmCOCUG+IOps9suojMnPa6IZXDQRkHyQwH06rJoDQ9dep/utHm6u1t5HIRWoZIaAJdrKxvFUN4EUtIWN208BjqVmGM5KP10lS49ZZWYnI1dNZCQ6NPNvDV9BBXwnKqgIlOz511usvW3URG0e4yqrZOf5MhtqdCtePQR1dIyV4Q+onQRIfwNP/FIGSHsQQ5zciCF3zDk9LIOz8JeTjroFt69q+PQT+oOnhS0G6jO3OmfyTwBi2FfVua1KyzbjRRaPNyTy6iqWelv6/Ch4BctnkLiYej0pyYwtevClbu3l7lKOqeFTFroImKocQQtdkofLGLpi3t7vCcToVMkB/gdffy0h8J/ilmGM3tYSQxrppD231I8ftIxG47c1wKPlaHSMZdelxSZAFv8c52IJ2P1u9M9Uc6xq9QtA6bZ7OGvg65BxNdz6j7VGMfrmr72OL0wpJzZtDutbrATXRIYE4JuYU/t1yEkS/zR3pJ8WVXBbo7mAd7A6bpGz/8sIZ8MaZJeG4ZpZXoJW8wm8/i8edKsuNk0ihNmitU8Ihz8AQCqF84B0b0zgfndklQsd5aeuSXZELJMdoBh+CcTnxXVRSA0fjC8CmvLVdYrMUEhf2x5rIjVyPB+iikKG7F7WjLa+NkT/xYbCN2xff/UYACe6l6T/N6k0qcVxMLrSxy2Yy+Zo/Y8Qk3XQiKSorboECs+udjCftyValBjGrmt4fNJn8jR/44McICDp2HWTqjpk0s7DKcYR2V0gY9PGUYg4uAYso2AwBTpoMAMf87juQi0I1uIEGNXRdf4sFWUwIL4+78PMaYpaqRSe78PwLKFPO4vJelW4sZTKLdz8kTx7IOxt5DpeUZQx1/g2SRvJKsnxxYt6onNGW+jOB+Lf5DqSTtzT6ZNKS7cSkSZDL0JlJXwk4UVVagNZYsq7neXnexRE3x4g1Xd2smt1nOv8wMJuMf5vcR717FVk6PYorf2QSWXx+DystW4jsuQIkid9YUt6wAi35DA5wavUOn4GEVREk00U+g2ryr7tscoXpxzVTPKxdG9wxVQZb6JOLfOFuu9IZ6vCJGDknaz7zWBlJbqo5sfOLLsrbSA9WbTnyl6VrMfi2fL+hNCvCCT3rEFBPIYMyRSH6aJQqH93OAULS/oas9RAezy37qKXqY8cuQREmI1AT8XG+0aj8cz/ICYTQZ12BwmjR2dLtZA7zZ7wL/ezqmbnYFdU+S85V4UwqxoRxE0wWWW26e3DqwxsNUSDiM2VJP8XZA7rzl9m8602zyarWgVZ7WIgjCmbppuXssJWBu3IVSuhBOa6GMD+xBB3PLqNaMxRvasFvKrRf954lQadjaKvZOfvmQnmnuUi2TQdIPogWPB2pIsnZX+nRSUr8SKPtJdHll1i/L+Pgafo2HTyoXHDIijaCbp4fuFWuEDFlELL7+SSrjxZBHxaZMYoXBcKrT7rrPlZwUIdz+kl07VbNpn+v7idk8N+QKXh9ZHTW5HcpmjBHNxk0QtuhxRc94sNt5ggBbxuCiZ2taL2Xn6DljuOwgZePGOI2lk2e7PHnhv7BumBLPsOZNPLmCHnoECefzkIwfqanO65IJKjsnNdT/tB3aM55Y5IdF0CQJFD6XfykkwxbLqbM8ZwGn1zfJcR/owBYzd3ssFAabPFNFjMv+kbvNwOuiDCS9RbrHPfTLyU+BseYVdeMfc94Nmn3XOZuBZ8x3CCFiJ3JzT+CwSkvkDNDmLKzOA2Ik7bsaHXd1rCyh0cZqdcX7LbsHSFh4Eos0V3sbUZ19AU/q4afgqlVBUlIwWYLM2zQAlxyzJg9WC+c6wk/4NRdgyrn7V9LIecXEk6qUJnnnKqD4Lo6X4AupBcJ6cvT1q/odm6pqPFIhtBHcZEZOY7QQZDU/2Ya9YQU7M20Y4RP11RUr/QQpgUZPG63z1IxabLExMhfZZI/Au12MROoiYdVj3HdNWbMQaXBPmx+CZdGtreL1zBpkGDxFN8x0uI+8qdoEemYjfssZZhgCArFFi1goQ1EdyccEEYcrUQvhSlOJzTeewRYMP2KLtRKGpT2iKC49NdfTulmT/Idg4D/Uny9U65JjHj/hKdTW0mgCh5pwDrfu+I9R6DuhaTMGtGh0jHIfIpE8A35E7U9NcYGDFXjntfucAhXf7t83ywXPPV9qEbYgWcMormEcy97O5L+Pz7aoufrZJu1ihqfcCoDh0w+WJtZraQZp2NM3qaTgGPin38TAN4MzfAUj3J5j/NU8y5WwUfD4xSIsvMXSqJQm1TnYfsGYY6bzL8W+L8O7RW1DsGPZ+3A91fWrieu/cH8v7nNPRT1rLrWbhV4LFeizJV5yOFMkA/J6E2dkBpY47RTChhWu4+cuxIn6mlfWmzsvWmB6/Sjg/wEVD6VjlVAOaKCmXqSZrH/5irpD0GF93lVNfiwKlXh3vo/bTmuArInLq4q8IqpBvv/awAFhx9/f6NGOJCPoXUmgUPkAefL05VnAkuyN2bvGyj/XxNpS8DdnBFR68SDvJCC7qtY/H1DtZxzAOUu3ExGNUJI7RqsYqgGHyBDE6Al8TdXwZ5k2G5uEJRTckgpJGyv6zFwfqClKZjbpufE4PSkJRlCM9NbTIYqM4h/g92xuKVfAEy6IZI25reXMQTOaXLTfPf64pApr16KeMETKCimqaMNAtiWVPxj+ImDQU6WjFPuaOxXR14jcsYAAEc5I9SzLer9OTRLR6XgT7pFoRcorJXBQQHk30d4RNO8G2oVsV4p4rwcuWElSML5A2sfeUsYypkSgSSt9RsVdzo4hkL7/zqYwKlCb2CYrsqv+f3QF3pyCE/+ZFa3DfgjiRG3GCph/yVAD5sAytxBB0EOpdK3VuAWnHmiAyqapg2hMgj7df7Fcgr/TfWuvjZh34H5WvkvZZ/AflzyAxCqhJn9+CWomg7HAO1zwVxcbNz6n1edRiIDXXvMSSMIsLADkvDz2y4hBH88iRu60mDgTAup4VGAxMNmmWuoO/xHaXpGp6/2eu94QE84Qjqu8g5qZNFTySWsqv2rv7z/ru8aLHh5bkK4ffvfSKniapEEm59Lz6ojchQoej5owKVQtyebL844zOhkWz5ARfhW7o6aU7xOwT0Kp0QtWqaIYr1F1heWZcg2/rKAZ0ymLt6B1wUayPI9RWtNVNfKNQjRi7p9+xcl/Lc7PQ/fwBawSCi5bqlKgOjRomnL3EAnHMmP2YHbqdNGUS1OT7JwOIP8AdhqvXyoGoMEiGC9BUxRy4LjLqqINKGqf9xcI0psZ5LyfiSCIWdmYYj8zyKtlMxKxdIu8Y/BwFbp+XJ2BiNJ9RP5qLPX2gKJOCoaTg0q23Fp+kQFF7vSBBvvAB//al4uKCdfNrR2Y6jM8V2pMofJ/m+n8ZyYVl7QV0NqTJ+P5P1tk2GSnsYgkTEbU94O4letkoiFZ3BA562DA5AF3ArPXuLcQCnYZTZznVHxqCBoJjiAKxvuAAesw8+A3JEXzbf1cP5r1izqRn4lJdHinJp6/LG6hoPPYYDCBu0zD9bqMTGu/keUrYPmmfujrgJOr46BwtobVQCHGW4b/1aGDhL7PaqtlmdnTrTEOmYhYdbo0oBjXba7woxKnkF/XGkir/wU5EUYkUaL+a4Li55TdKAnXAWksdnKyNyygbgM7DqhSPdPYK0FALErovFpmr8szgSLk3NuAW6B71ZM0WTmTw5sYM/lwRmKKza8E8owVY28cECT/mLVTWh2+wfL+gSZ63ZyN+JN/rWK9bHunfLFjQp/pYOZTzNpxiEgvm3G8I78oUQxgdXz7bDCBIqxEibBiymTS/ycYW/uTliY6im9samp1FLUddw8H/iqjlS4nlM0gE5P9h58N4MzEzxGJFh4sek0RXGRnCZtCElBII8pzQbBFUKVRSqqKT67+w//WRCGpZ8SqCnnJr0y3r+jj1BgO1BPylTUDwNMBh9jH8Yhe0OlTvl9izt2CuAeyR1uDxt4yhP+Pco2BeF1TZmSa5H2ErFTJnejyZSwPukk/o0k6xW6iiMe+lY3/fViDzcgXnCzY5+5Hj/6AMpVRBAqX2E5jUcl+4LaXRTxipbjItmnV0NGYBWeyZilZvA3K3piTlBXD52YWJ3tmuKuVgSNTsGyJy9Tc+nuGPIJY4Buvn2Q1JBv4M14L6JkMGFclT9OXMsOk44hM49gyOKUyH2wvGLGFkxWcwOlpvIrEguiJjsCaTwzXFGPopMT8YUgKcGJlhPUpUC0lBK1YD2As9I2cPLDgFQkaKuuY2qslIp3TlK2GJzBV3J6CwP1PS4VmHOTvDCNejfZ7F5dWph4AuYqKihZ1lIZFvHglaJby+jhYX5GRSxRRJMAU5crtBEfca/XBBWhuek3MC2KAo2tRKkg/iY9S+yDgE29xv6t+5IBmDUdoCRCJEE0IFbSSam3T/XqIYQowBvVCc2SRT90qK1uy5ScoYMUx66T7PopwqDFOMmZSP/Nif3t5tO3m2y5hxF1nEzNac4z0puKF/3Ujxo/IG50dFT0mhVEdFQ6MoQCSz1Ci/fP8Cg4y6c55pKJ0N2qoElnbtCOPrv8/dI0vlgN8LTFWNyMZQgCsGtVQw8O2oy5ZxnDIFOhKGsuYVnb+qjBQmoN0rF/aJSrXsUrj6JIIWBVp8HFyItst1ttBWNexwfD1qK3M5dtjxzjg8dFq4LqIy1AYpFRaLO+ueX0MvGCpEOQ4O4iguXJspfhEtdvJWSOJTZhECF4vbsVyxkxlPcUVWdat+Kht/zzwSJY8FYQJ7LnyPE6Q6EpA5AQhvUEFcYDEHoldDa5+36iDMsOvUE4lDta2VrinywGnu++8TLGGZnvfhMv2+4dXbyy3twJHS1HbaqFeTUZwszCRbBFtDxkAszHg0HjFisgnJXtIHZeL7MvwCRe1z0NmwSIqoCLIQ3bR5ahEMuWOoLSrqd69O2nT7MXyNUM7iKlPlUj4PIyGwEbK18yGFJ5iXgHuirIODaqMybAaJ5MW6WBBBkN1qbMu+fOJr6w7AuMJmfY5pczc2CfvakcJxBbsmx9XXZJJ9oow3Y9jvMcJuAfvBZ9b3kJK9U8RuSOxGR8Wox4Qfjrz5s++WBmVlU/tK3QP5R23jzxo8YVnuDnPbZ1e2ynoqylPNbeO2/L1XX26u4v+PRgQ+wf9Mqz8ht4+5+u9EqETR27pTrfAKVgrGdcRBqkPm8+8QQyzO1RpwDyg9Fme5csm9N4Td3MPefmb55iPJ26+qzWy75J3ldeG9acYXZjtXIUzofKj7GEECxe9D8187dafhr76fLJ9sJic0D1HMYPMBs9+Q0X7GsTO58chURY97M5B9uhJUGa5hlGHLT22jMFb3K+WCg8STnpIxzjXTvw1Xh5T7gG8u0BdRnA+FZH6DKb+/TDr3UkdQAEB+OCDp0o0PVYCt6ShF8SxJCUOPFkp7MAk5byjHNmaFr6VbBAmzPIMypyAP4JJwdnhXDVwAtqcMXdTM5m+Zr7AL9RVz+m5LDDE+QTuNkEOVBgNjQLfcw3SlanPMt2Yn+KOuByScKGCf6PUChFJjkzEvD45uUbYIaBi3KtcwpmUh2EpwE14bQZWw5D6lJZDOXOHvcfsID0YHfHuxuvEMIfw9RFOmBwe5aOjRZl3/zw8pcl+6HmIgw7NMUrWiarQBb2llk9X5CpD2dzZ9mtc8V+RC/j/7vNrvr1uPSOCkMvtgP3Uh7BKTZSZ1bDkoXGj8Nd1O6OXjkN3fSp3uGKa7/PJUOadCR9tR5tREktP1S1xujmPodtt3hFjwCZ5U3oSGx0i9c3NIV9yeZ1hxZ6M/T0fDUOffl4y3iblZEoqGvXo0XHr5gjC08E5QMS2R7rav2nbmWyhk3euNC3N1P6iGnW+gwG8onRvMUqUZ4j/QZRiNkc6hMr3TgmJJCHzL9JZ/rRE1LEY1mhLNIfgwykVu6n+5U6VY8p//1ywHtoe5WJTIFDgIWc+r3CZ3A0blUFCAUArlPIirT3r5zZMOBPhJt6sVjKvdLb5JnHDYhlYYX+qg/bmCL6k7D1jTjTu1wUN/wbGdw9jP4rCc65MFmxuNjuAqe9LSn8U+Iql0k6GvpBxV8s/mt8PKrzILJVqlvm498ZofMrO2IrZ/dW6GyFu5XYRQ+1uzR5JKELS5XDcOwPaoUAYvg6KcYFqXl4qMr4ILBbUSK/MgheAOBnoRVF1WQmZ93K0Z67HTLw4gISwAJGvc1oSoUSmXu7EG3QlKFf67KupUjrkl4wa3TCgtK27Hfi/yS/rFvsEKxBghZGTTLWlHbm5vAswvi5jwHMgxmPJhZHMZTpGnZNBrhuVoVRkSX/6Tj2fB0IuSDP+TFq8C6l13P2unRLGJy0As5wHmmoN1QTcQAZRahi7gFF8ld37px0caUi0JCIh7UEE0FTsKk3RsWGZn9/ZXax97H46TVCaZ5ZDANodDi+iMIm0NaGhE8ubNKRwimMBz7GxOWOtWK9WEHT5gPVfeTmTYbTSuxcQ7RJEf/9flZqn/yE2IBQs/Vwf/JcqhFIVxy64tlzRl8W3W+RZ++PP1+f9JxeeXTCfpMgeEuFUoyuc0Q8Ek0yuMlCY1ceflLBlUrjR2C1Odi1gGphzjfPz3/k1nQoIKubYRgGEbcoew0C00fFCU82qzya+NZLSIded1MqcJPp6bGcz0lIfhkslp742csFehwcE+aEuRkm7Gc0EHAcL8FHE3lv7KitoIKtDPO44sEG8AQs5rONIjCNXagG/eLjtEiKlwMQAAIwc7DT555p7s5Eo+iNAoJMIuk5ueycW6VXi57cj9d6aV7NAuzgYxrBfAcvUZwSm0BwbhX+6kO9YL2ryaM73jnx1ATkuRhgCC6nFB4FgwjbDUee/izJX3vqtOVvHmZG86JGFYzAV1o/hjgcWKkRIH9almIlbPi71MmYmhvCc+xGjP/JA6iTVceI56kN8BJYIKHmQ9Mo8ZJ9h4hQFFvrnscsMMx5o+wTDwvEhv2+raejn2o/j9QWG2IID59zwxX1nP+clDVwvlWz5OoY6+5fHG6JgJGcz5+SBNQy6QCTyhM8ArFKonnwLUM1cWm5uoP8G++ZJN6Npojs4IAeRfsAUf2z3ramcJAjXmQlxmRm1V7mrLyUSo9Chds/hPoyBPLCSMVyjrSdahuMRJrUNaoH6HDJRQn8CykOqtgNRiouvIFNf3K+2+5YUYNequCpOUTf27OFKeBc9QjdbbhtFNeKvsm5BWKndMJOJdFT4uEURxt8lNV1PYyQAaI4QkJ/n88Et8IpS5HPah/KwDRCivP6yYCrgXEMyMIXbtQZDzG/6Nm0ajrKC/aPfY2jaUKCMy+FcPhvjwKqYq6lTHC78yMzhrHkh+XvFLcm+lNu2mTDO4PEx3pGpZVvUI5hAVdbZ0A+uk0GrnBQhkCwjzLN9qpa8MQ5/wPF6+sg6CCam2Fq+qasw7KZUaKOwyUo+1VCGSjWtU3maQhJrzEcEBUea/9E0s+jYghYiuDsOVUyLwcZ+pgBpO1SZoVpD19lYIFzArLwJuLfEf77khpCtkaMq3sUB01dmnLyjnBmKrQ7N1HH+Muq5LjGVBVI+V9b0GolAXchlNFqh/ncj297TZZjnWIx0cH2ZzuoU3gvtqWWJkwF1X1MEtxK7pmB02OWqPmMgWIQ9jA3xV155J0HoouoDcmPInNcZFr7ZsREgK38Moa3ruonjt63/wiJEqlAXAYJLTG2GSlVFKHbdE4mio8Ua2yKS06T3HyxSFiCQ/VVr+Wcbep/z45EPaJD1DKqor601EKvzJcqKH88DDj5EUKJnhSmwi5EuKfbi84FRvB9fxEFTv6DOCe4MOd3QUHx2qI/GTAV27nuuuIExNXVQ9cHQE8HBE6wNaojoJvOBE/5MYZBKwiQ6CZR8OFxVc4sEST5XEbLpw3ls9+CbBEF2EvrlFY7U2cIbgd5ilGJ9XF6Ao/Mrr41quIwZ5rQ3kPoufrZR/PqAfMTKHM5IfO5fvxyC/k7GSrBxBp75WgRYoP2ghJj8SgP8F9kV6Qsc/JuwyDEqiwZhwVudt34HEjLcXgZhcCeDmmD2QhUATzP+S8e8K582ZVJ5MCIPNqlwToaezQ3muh9FM25GvrlD/akG12YUBilBEwizghh0+bJlKGP5BcMMP7dkbAzMWWxxkeop7yD1S3JD3x0Vtobkyw8f/IQ7hKjy4GG68kCuVwjkcm1lODxZVd3LC0d82tDrTKUuC+hR8SXVgtJUKlM+Dw2gCcM4gAvlQFOoC+RSlwhGfa1TgdOiUb+BQMU9T1xNVRxAIr/mC+9tEB76200Ct5AWLn2BS08P+CZVxQknBP2q0y1WR8Yu9HxSvCtb49rjDI5KaMc62qRN4cQKJXAw1NBp6vCXdq8la8Tdy/Gv/6ZGmq7WoZvhUc6Iu8SqsAeM+pYdcN0R80IOUo0DJIjglHy9IaSUirL8Vo4I+9l3NWkX94DtTXD/Nm/RT/f9tG1q0z4lHZy5zktjHjdIxocZ0exhhEqB5PK7puZ4gxJV+/ZukFxgnXA0rgyOTqvncoEdR/tDvfOQbf8p4VqMslHZREPKgkrWTpi/MCy6JquFlLSRrFqzApwK1IqwWGV9ma95qconwYvbzn4mU9pzgBbPQEIMyLxlKf/fziHIE6sKwn4NQOr3bJ99jcoNmpML7e3bG7lwpGnwrnlIiPCKZ158FnhJVtEXcM4mNcXfia9kW7w==,iv:6cj17MfBuVgr3MEEOGcU7IhGnxJA3jhkduRzgK2IHjU=,tag:bOsZVs+51ojqIZA9V2Dk3w==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dTNOa3NabG94OHZxMFdZ\nRW1ucnNCNHJXYXk4NzhtZCtocEk2R0RFRms4CjNPSVV1ZFhrazFJekpNTzhXT2FY\nenVJR2ljNjg1N3hwUW5teDJiaXhlWU0KLS0tIDd4dS9rWERVYThhKzNJYkpqbnpF\nZG5uMDhwUnBaWjU1V3pmcHB5YjJCQ3cKv1cyhmmH780Qg6GS9y0P/3lrrB+e0brm\nTYGhmyIGS4LqXwpXcY2rTAtajfUU0uk4C0aB5eyXp959yEk2I2cUYA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbURneFM2V3lkWlhNYU8z\naFNYa3BKUkFyTU5pby92KzVHRzRuVnB5ekE4Ck5VdFZKN3JrTlVXZzU3M0ZRRjBX\nMDVpd2YxWHZvcTVMUFQrNmZqZjdrSzgKLS0tIGdFeTV5eHdUbUNPV0JrTEdlY2I2\nanpZTFhDN0hsRHBSb2RvS1kxY0NiS0kK5UHs3xKgl6m4ptvvb1fIQnvczVEYNoTB\nC87CHUanOeorFNRPorTzqZ5iy3kbHILWSuCIzzFbSJzHGF6CXmfBug==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVzlZeFlrcXdYd3YvdCtM\nWVROUndnblcvRVRBR1FZRkhYb1IyNnpTQVFFCjNSSHRXUDh5bGNEbjNVSHl3cDh3\naFBVMW5jUWQvRmd5OHJ6bWtpb0UwVm8KLS0tIFkvSWROZ1daZ1N1bzRsTkxoVEdW\nSjdaaE9NTHM2aDVNdWhNa051WXorbGcKfs2BbpCoxIe9z8EPf27xO+x5LwoTNroA\n7RLErW20t8O9f0fTcDZwz3qM47Py0vZ/jk1PmW++10ZFlcSNtF2DNw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RS94TU1YOWFtYWlHUmV2\nWEdDNlJycXN3USt1NXpyU1lmdnk4QjVFNEFFCk1Cd0NML0x2MFhaOEo0V0g3ODJj\neGtZM3lWOWJZY0Y0YUpGcFhaNjdKOFkKLS0tIGNjMXoyZ0tIRWdmUkUvWjlxRnhN\nVjRFbzZjMURrN0wrTXZSdkNjYUlFUFUKf0v4JZcoYiGTpL0pnO6aG9OrnhNRk3FA\nsY7qIHtTUaSRd/KrHXIHfrrBMDoYIW0p9e63ocqvYys0freKghkvsw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbnIrYkIybys5MytXOUxO\nNjJQdlg1czBndHBVYzhoMDNvVHN2MFJ6ZERnCmZvUE1hSEJSclp3Ykhya0lDeGNu\nQlFLS0JPcHFwREUwazNxRGtZcWJiS3MKLS0tIE9pUDNKRWJUa3c0UXdrblBGaCtq\nY0JJRWhLUWtvZWVQZHEvT3FRQ3BUQmsKN+UlXPD5hwUBa7dSJMt/Smjaz5jfG824\neJHaQskY/aRvC4CMRCBUwANSs3raQQirb4R3+XgthrA/92gwN3LX1A==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3djkxMFhIdDJCNXpCVjZr\nSEVCQy9Fd2l5d1g3RndwMDFiVUt6UlpZSjNVClkrbnB3NGpHc0dld0xheDFOWDY0\nRmZjZXRnb3dqYiswaTc0OEN2VmREWjAKLS0tIGo5Z3Q2L0w5akYvendvNjgrdkly\nL3FRMWxKYndaaVB2QmJSWDk0bTVWdXcKyc91a0SmfgLnDLmztGrrsCe5Z70aj4le\ncMnfRqAiuPhzogxATLzaCcYmVVirqnm2UFX88HzjvPxzHcnwkjjxYg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1N0I0T0VGbmV4OUVZSU13\nV0kxdDJSN2V5SElCTFRmRUJkT0w0QUxNWkZZCnlYNmI5TFFicjJhR2xIbDlkZjlx\nbWZFM3FUWVRsSFFqZDVBRzJJMjdaTVUKLS0tIGttZ2dUMW45M0FOQlBwMWpoNmgx\neVdabmpybmpiWUdlRUlVcEY4d0d1V0EK99D1AXnubdAbSO3X+10tZ4UFSn5WY8ws\n3cQXdHryJ7AhRP7jA+4G6Flyriuzyv6TTGepZyTal4vmaPL3+mrg5g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSUg5ZXhZKzFuZHYzSWx0\nbGszekV2STB3MWZtRVExYlNtdWRFdkR6MFN3CnN3M3NFTDlia3pyRnJHYm1nU25O\nNEFHQW9od0h2b0JrN0RMdkNpeGwvRU0KLS0tIG1LdlkweUtPbkZkVkpjOFZ1anRs\nTkEvL0grWDNGTXdOamZ2RTJ2TG9EdjgKtGZjEbfQK04UCmIo0MNwB4TGvbbMhY1d\nHSM+6/4KyhEzwo7x/oy9MA7wSKBurE2CdsUwNLxeJ4eMRyC4xjrtGw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQV3ZXcWoxWnJEZEdQWWx5\nQ3poeTAwR1l5QWVmaUF5eUhxaU56VW1MUzJ3ClRJMW5JTVJIWlZYWFMzeHRZUHFw\nR0dlR1MyWmx4dWJtOXJSN2h1NHRqQjAKLS0tIFQvU2NWNmljSnNsZkFwMDViampP\nSFFOd1AyTmRNU3hONkFtS2RUbzBveHMK+tKQrsByW2KvpmYIFOmzf1J2N48ou1fO\nzE+gtHjSpc+bn8maRBNJxRfy3OKvNgfi+juD5shmdGo71TANJrAPHQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNOTgxcE1DV3owZDhpM29R\nd25UVWxZUnliUlEzUmhuaTlxdEZRSHhkNGxZCi8yYWZZQzBvL0hPb29LNVp4TVpG\nZC8wa3hoUDhrTHJBS0dqRzg1VGJucTQKLS0tIG9vckZaOEc3NEtpdDZpdG00UExB\nQi95UU9hajlmOVlBZjFocmRtQm1vNm8KMe740I1/MXjO6bajs6i6wuJqLCfveNq7\n1WXHfRY0mQ8zisy6sT+CaD5NmamT0NU2X7wrkQkQZewvZHhGyG7z4Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualhJWUN3R3VSNXliZmxT\nbWduRjNkQXFqeGFyWFdBSnhKdCtPUnJFUVRjCjNLaTBxTE9jYU1hNlZDWWJpeVY1\nUzVIMnZrUjY1d05Ed1kzU1BKbFJpajQKLS0tIExxcWdqSXlhTXphYUhWczZYTjQ1\nN2dhdHRYUkRLdTNjTlcwbys5eEdKNWsKnIXUrRJR0M4cPgSS19DBd/ovTAYchUL/\nfTsfVQJnDEiD1QoA6YZd7XZxya4h73KeWzfi+hWBpRW8ZawzZRlyoQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Y0dEcWQwa2Vodm9QMzNI\ndlMrS0d3dDlSZ1J5RCsvZ1lvSVYrTUY5U3dZCmZWT3JzWjR5dlhQczUyMFVodnA1\nNDlxOWc1bC9hUkxKcEs1SEZWZnpGV28KLS0tIEZFOCtiS2FWcjkrbTBNQ2phOXFy\nc2FMTGhMOVdzS2lEZFlKMWtRUVU3cUkKhUv1yvsOumLAAtl3ss8Ox9V6Boo3PGI1\nnI72ieLQd+agJCzNRGyCKhBsbSCT5XbJ6ByIUBlMR3fTHQtYX8Ztag==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnS2xSc1lqaUhrS1BaZlN2\nSXdVbEJpdzRYNkp0a1MwQjhZNzd0V01DdEdrCmNNTzNFZmhZQlk3d3AwYnU5WUdQ\naFFnTHA5NGptNUJ0SzZLWjMxQm5jMFkKLS0tIG5zWXNZWW1lZm8xdHFRYmRmVVJt\neUxUazdTT3VlSklBejZjVm1NTXE2MGcKFPA9tQB5RRfwnyfCcGRE7hpOxqkD52Q9\nohSQW87SmzhP6srUiAoao6cXihSk1mjtBU6HADL+TcjhchxN3lGDEQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNkJjRkdXa1NMa1V4dG9J\nZGg3anVrNGJYSVAyK1lZUWVML25jWWRiZVNRCmNHNmpkY1lGSEF0NWM4eUxkLzY1\nMSt4SllIc2F0NVR2RGtGMGZsNTc1RW8KLS0tIG95czFsejFWUEpzTVV2QktyZzRy\nN0VVNmZwN2NTRHBFRmtzT0RwUk8vdzAKpbQTvTaiCpE6YGtLyuQ9N/MKOCEi3Y8E\n3qO8BT3c05tdoVf75oe7MtP7vYwqNmCrozRUBnIgXXpNcU/W6w8Hig==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVitUYTlYb21uUlFjZ3lF\nTHJFWFh1WG1DNzltUmhYbXl2L3owRnZSZ0NJClFFSHM2SDBKQWpKbkVNd2NRTXlv\nQm1hdHJlaExOUm5zeGtVRnlUck5LN1kKLS0tIGdkSUFYMWkvQlA1dnNTZFdxVmNm\nVnliUHdEVis4VTFXOS83MWlZWVVmcDgKK0vs2LIng8RGRv2yCK8luWz+oJyYFEYJ\nvB2+jgFyFIBF7HQa0lPJzZzu7Ft9bPfskHW3APq+e403I+kJAIC0Jw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYK0lqVk1VeFA3THNsc0o4\neldmN1ZhZ0V6TS82eTM3OXhDWGZ0MlEvSURRCit1WG92bVYyVllyb3V2L3Eva0Mw\nZlc5eXRZcHIzUzJidWh3bUZ5U1hDNjQKLS0tIHgzSUtBOTBuQzZPMWdKaG4yREY5\ncGh6QXYxUndDa1JFbUdnSkZSSFJ1WDgKYDSmU1vl5nom6hkPP4tE7QqtvxGcR6hf\nOCxKNW2UOCmC0G2wDEtykJYCbyvjlz0mLG8UTNFfcp34lIRNzXdsqg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNngzRXZtajNqeHJJTkln\ndVcvVHV1bXZ0U09HYkx5Sm1ZcWpNVGFvS1NVCk9URXFMcGNoZEg0T29hVGVpRHRQ\nTkJ5RXgySWg3UWlJTXZMeCtxNFMvU00KLS0tIDlQNWZWRi9YKzQxK2VpZThLM0xu\naUk4aHJvcnhiZEQwSjZJYWloM3hyQ3MKn1X1EbTkSi/8IkjF8iSlRGd0MnP415sJ\nzfevVvPy2xVX0S8VS8C5keICCeB9pc26dpefQh22VS5BHgZMG8YaPw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Vy9qNUgrdlVLTlNmOTVO\nWUxHNFNoTEM0Wk9ZSjIreTJEZzkxOVVYaW5ZCnhCT3ZzR2dLVjdGVVB6UU42aDZQ\nQUtWemh2clg1T1JsNFlGbUhuOE1GNGsKLS0tIGFSVElySmZWbFE4R0kyRnN6VTN6\nb0dtR1ZHMDcvNWFkZDlSaTMyL29GNFEKLKXf4xihjfDM1Lj1LNOt06BoSaWcvIk3\npW+skCovQ88FRxIJeD5i5vXIQivlI/98OF8chmtfPM7GkfhwvBRJMg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MXBXRGxLZDdlUkFWdDdK\nR2gyWGdnQytqTkp4VzF1Qm94S2svc1JuZkQ4CitMa0gyUVNHT0x6Z2l4aHRsNUVL\ndTNTekw0T0lLdWRSRFZwV25NdTRsOXcKLS0tIHptd2tBM0hCQ2w3cnFxZDM0WWov\nVVJBU1dPN1RGWFhCZDUrdk9jMmZ0U0kKJ5Dt6N3ZATCQSO/PMf2AQDRBpeyAu1rq\nu5iDJdRpy17MdiYn02Tdd/c1N5TU5TqTxyePbEnAmnWHeGFronk17Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZlVJRVJ1aWpOTU9JRWRM\nSVBkYUwrdnA2TlBLdUFmZTVBRFJqQlRaOW00CjVlRXVaVUpYWTJCeXkwbFFOOVRk\nV0FNSFN2WFZuVm1EUFVMUVY1UVM5Y2sKLS0tIFhtWmdoNTVQeE1WeXpVVGlNKzk0\nd2IwdUtVSjdFbjlGQitDYkpNYy8yTG8K+D6ZHo1Yk9Bs9/mCrODylYdIm7mmm9Le\nY2ubH1OAwgX42mfTTMwuvHEgDJ6CJotbrijBnegi7VLTAkTI6Z1zIw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb2hmUS81MkVldzBBS3Bs\najVGeEdpZ0J3Vi9ZekR2djc3eW13dEdCZkNzCmxHSVQ1U0gvVWVUMFdkV0NzeVl3\nNkZDeU92Qm93Q1puZ1V0RVdBMU5MckUKLS0tIHhvbW5rY245TkZzQTYrNm1sd0tk\nY1N3dUNCbVhxL0M4d0hPTEVUUXh0SU0KBJI1e11cg1kSrKLdS3+18/f4KMqcVl17\nyNq38yKRqUNqZ8fV3f9usnZv3qdWuZl9XxNTfqsU6B79SKbyrZFcyQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUTU2bm9ld0pGTHI2SytY\nRXhwTTEyTno3YXYvdGxyTXRpY25rWUdoVEMwCkZITE42L1UreENOU3dLQTlBUEdZ\nR2JhbDJaUFdvOSt5V29aQy9vWFV1NjgKLS0tIHhWUXlNQS9GaEpnaFJYOVlvYm1x\nL1A4OGhteUhFK0Z5dERuT2RrV0gva1UKA/8Ry899BrZw/OKMesiyYGSESqrhld5V\nqumrjYNhC4ImcFPI8YP4J8zOghz/5u2xu3xx9Q3D5FLQskPkMVfMvA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1OHRiWGdUYzRQeWUxUFM3\nY3pyUlRONWdvTGdJamoycmtDeTZTTklxSmxZClk4K3BvSThZNy90Q2pCTVBYL0lH\nZmZGSGdwcE1WSUV2R2VVZHlqL2RnOWMKLS0tIFlQTkhaa25tZDlKZmFMOE5GVW1k\nektlNlp1dWhTdC9ZVnVpb09sWmRCKzgKmNJ8XgJqnBh65PeMUb6VyfC73Lmvkk0y\nZuVYLVuBdHqPIPZ2vfqlDpdK/ejZd6ASAdkcNFKKJFjKQwa5nvLcYw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dDVQREZaTk9jbTlIUnZw\nWFA0dlBkZU02elNYbXh5T2lQYjJ3K2tqK1NJCmFTMWF5MFZnNU5rWk9raXRkYW1P\nQnRPdkxpR0l0bzZucVV4b2lSSXRna1EKLS0tIGt5SkFqdEdrSkh0WmVYbHE0enNY\nTTI0UWV5M2tDRzlUdExTZ1hFN2lGUVUKB9SjTXlpqZOfxoutzU+rcA8BOQTiRzpl\nZh7ZNrs4M3+Tna+dVC9am1wZIFc4jTGdWs9xIPlpyHQ4HGBKRXo7sg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1eVJsM2NIRE9EQVJDNWp4\nMFJJeGltY0dmK3UyWnBXQWJCeFZTa3FVVHhjCjUyVGdqNmV5c25CU0tCSkIyN3JH\nQXJmVXdGb1YzZGZQR3NCWXNJY2FOeVUKLS0tIEhqakc4cHBleHFPamkyNlltZXdQ\nT216NnAzcVdQT09vZmV4Y3hxeWxtajgKgIkJMiQbPt3y5zbmDcgAxQKXUkA1JEIy\nUSMOusghzm1rbro74Mjp61QY7Gf4FP2OzDKTu8Ha5lMbjC3bSq9wcA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeFNGTE9OTDJGSXNnRWhH\nd2xqVXNMaDRvOE90eFcxTkMybmZqaERuN0ZzClBCQWFLUmdLVGx4YkZoVWZLRFFO\nTXhkR2sxbnY4bUhHU01yVTgyam9iY2sKLS0tICsyaGpyNGg2TFYwM2xUNGZBUFY3\naVpuOVZyZWp1T0NDMXZpNXk4cDZvNnMKzdAVwpvlcCvbKjrgbja+UA8gNA+z5UOX\nXntvfGydRFkhzk2Pxv9sB9fD/LpmEi1FGql2qfyU+9ufzv8mKKmGiA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURUFPTWRmMHRXa3JpODFx\ndkxQbHVCZmN4Z3Rnb2FZRWdMZjhmQ2ZiMEhjClIwZnpDS1dMUjdtSVJTOUtUSG1r\nZTdKM0hBRHZHOGo0bUZOSHh0ajMxY0EKLS0tIGw2TzFDMlMyT3ZYM2NCZmdvM3NW\nai8vaitmSStJUVRYUFlXUHRvUklYU2sKyQJI/SvpYeT65edWwGTMbOAq3FlN5XTJ\n7m+TkFHpGi1lG35aGndtYDqeXFRyOL1DbgRHO1AvThGI5av7+A6VCQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bHordlBWbVYweTNITkxW\nOVorendkVVZqMzZ4WlgrQTVwK1hjRVhnOFJJCjV1dFFYK3cwRmxzUXZmUTBPQitz\ndUZzMGFpZGJxbHovRkRPSE5WclQvaWsKLS0tIEYvVTkwdUx0WGR6bFRhVU1pbjRx\nZUp2OVorbDFCTmdtazlkdHpMM1diZGcKppf+Gm5fIckXROPVDoy+BmFNOt7g4v1u\n0vjjakwRyYv9iZK++oF0fmfmxmNuJV8f4LdyuzBWDURmJgGe928Czw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdEJUSGtOQ2JEcWg2SFJR\nU1E5NmdwZjhvYTVyK2NNeHlFOVpmVk05SnlFCmxJTi9MOWEwWS91WFBYdHc5S2kv\nOG8zRUJRSE8zY082eVBBb2JiUkkxZGMKLS0tIGRrSm1kY1NKRFk5K0t6bzVuU1hu\nbmlKZUJtVVBCb1E0NEJVRVJiNzMyL00Ks7khrDa6lLXFox9PB7VVas2qhDlymhJg\nX7By+etk2D0H8jTj/N9quJOfHZppLVuFk5w1rpIuJ2up+56Q/dGwNQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1RGpibkIreUVYNlA2TXUw\nNmZzdnFtNHNOQ21QTE5ycTZHaFU0U0d3RzFnClFXRGFlZnB1WjRBZW5WN1BSR3dK\nY0Q4R3FGdEQycDEranUzWFJyWWVwOWMKLS0tIHp1Rm0wdi94Tk9kM3crWUtjb2Vo\nSHU4ay9WenpGTTg5T2Y1TzVicHBPZWMKEpeP/SVorT881MiLvR+6O9lcc9Fn0VV9\n5PqcowYMKFFXBQ27qjoFBDSwmD0UxpUgJeMtMAL+QLMILZ+G/0EcGw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-01-02T22:08:10Z",
-		"mac": "ENC[AES256_GCM,data:dwn1YbVF8pXOItkLrdPHIXN3ZoXsCuoCcCuv9Cz9UQBKaIISS7xDpwVLbpf2DMxPmpzjq7cbJHTe714Zi7uN9t80wN91Kt1YKIsr14kOAuJkoCZPh35Sanqo0tL347C24E3PrpvB26RWGPqA6CrKp13swDPpljMrdhz9GO5bzo8=,iv:NiEV6uQXthBauTe6otoPxaoPNsaEKQ0JlzZNYna8eg4=,tag:mUc+AUMoDADysZCSin5XQA==,type:str]",
+		"lastmodified": "2026-01-09T13:03:32Z",
+		"mac": "ENC[AES256_GCM,data:1IPWZKNuDEObu7tuBZ5WiwWhx3srmudOiZFVFh27zfr7N5sGG2VAQGOCYgw8e8SuscUyyHRcw1uPuXGy0gB+ITX/kcClwJNqdT/ZvDvmP9zDAQMSAkwA+3xUBlobkabtj4+txtAc4xYleXIZN/22hpyeHJ1bOHaHNw+Zm2elk5Q=,iv:NL8trDkA+lMLnQqgrzsb31Tglvc6PtFky+vvSA6yIKY=,tag:S4BcowZWKscT2y1/OtZ86g==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2026-01-04T22:59:15Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAA2YLNxz/sThqhzyG/y8eiKLCXlB7GTZeO7UVw5IQWEvCL\nGQELWjkdVC3KqdsJL6/TmJHZGiH5Wlua7yuFmLGcvGYWQE363S0mhKZa3QmUeVhl\nT2nq4aCmQ+cv1zKZUNzi8GQsZ/utGlxbJrEBBfJxLUq0xTgZKcl9XJsHi8uZNO/x\nzOmUiR4DsTu0h9Iun05FENbydmoscTyI5Npi299F8NpAvyox4yWC6Tu4AjCfVFCA\nEJQcCMnjWO6Ux4LsJMgqVJEYFMkuyv5LV5zbFwO58GYaj5M1jxOggOZRAAjzLSZW\nCB3Sx8OM91U/ajVzfP2tmnysDt9bEN/f0mhlSm5pHUyufC///xDFoXfgP0x6N4/G\ngxEX+JyRYnfxaZyW/i7kIREhxWFbE4RK6SJ7toznjxFE3Jqk94wzW6tEOzjs0m5r\nReUliQKdqfzYTsvJGFNNq7N/OK0hPI+Zu26XbyBcdqRRMCqHTIH9bl0ThZ4QaO2G\nG7r7WdCmNsw6mCz30w8eAqSQ/ICEF68Yd6tXNfM/xk5Rh7dwdWqZyobVJ+3hQUwo\nyj5rQzjk9GaZHtUB1yvpM1GVFFQqi93qCYImsGuMLtRwnc2RCsFqUYAL4/i8QPgI\nEWd5s3kydbCAs8Q3oN5wnNrRkbBFY5ThOZTJlu21EFjmpV2fIJ5Do9Z3nOpZQWGF\nAgwDC9FRLmchgYQBD/9ywMb5GgyiyG8015QNtDqOGw6yCE6pUSzusuxmXN7yECK9\nAn+cVeqC2c8ajdrVs5fdiG+IiPBVm/4Q5r2ZFYgNTMrNTLaar0c/4+72PrHXISQP\nk+M9H+toy44AleSDbncYWTHwcMWwBDIrKad6KNrlTc0K+wn3JXGlL3ZPo/cP1OUo\nM78KdWo1bc+fHljuHHtmAzX3K89JZasxM5kW21vd0/1jiJklhH2EVrphgixIbXIb\nX6lt5zQVarl6vU6wTKSKkRhYaC/1t/vGPl0Tw0a7jNR4pCRZo9GgwOJjgkYLa/+s\nZUOVqDJrIZsTr46WJcBdxRQ4DFMUxPB/Mq7qKzXH6freu2BjBG33ornLedmkLElS\n+QYi93cDlsYtw0+K3eozr/jkd2yY2GcQPtmjdkI4KZ/ShnaPdDwR9G9KcGVDeJXm\nUUSqyDndko/woZc6sXBBYMBFy5jmYO3A+K05Q3eq4pGn9WUrTSVVUxV07+Cij2X2\nAL3UmSV7yBCooPc1tjiz0XLVJ0/Kb8GZYTFc8PBpT8eATYEtLawGAAHa+TY3gnW+\n4np6diWggYK/8LtUXVTvW5TKTFDQ/cXwzHAjWYSgHo+z7jvU2JI2nqB4Z/Srzztt\ni6VlLOHqZ5ODdvJqPqhciUZ9NSxeGhsPi6yS0dkrJQC3XjxYLsl2/N0clbUoltJc\nAUuhQ+EbMNJSYan9rD9RYvIH4e5Bh8YSOMHnnnham8wfQCr85f8RMvUxczUu7Fjl\nUPUdcZy2QUsaNEJsCat5z1pMbwSdWd1rtf4j5/ulaFvyv1M0Yazt9yQTQV4=\n=VUnT\n-----END PGP MESSAGE-----",
+				"created_at": "2026-01-10T00:52:57Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAzqg5EyqoyPPB++MUMwBsAy/Yo+MgvXZ1QSt/gInq8ii5\nzcRl7vOmGtWw0T9gRSLT+gJXp4bjGuYOhtC3NWL3y2pDiL0tSGC+fKd0vJDwNyca\nYnwUG7pDHxKOw/UrcFJar9dhf0b1R6aHh6AvL4YzFA+iH0ZY9gRWozPBMkJKxZ6Y\nHAL53dclITW+zif00yVaBMjiIFMr8tcVMefU5BMwDpLLXMXZL7Po9h0EEh+4Jq7L\nctxJQvfk0UF2flkHju3VHV7qdZFJwbskF4z1QVQTKUgVYqPiwFqsBQ//D+sDY7Wa\nkhleX/LTaz91fIxdOAhSo37l5U1uh8tkAtrQ+ls2nYl3gn/Tm9hz/nEhqN9SSiMi\nmEhDRM/rLJflCzuzsVNgqGG2MSGzErsii8DrOwIZPAISjflnoZCUoDKuvro2Z1cC\nNSP2FMOY3P1dpubYMUik+k7PZHf3jydUMQxfOzZ6VAyzdd1AF4SQ27CaWnOkIwGp\nsdvsQlJa5Pyu2iw89vDavYGPoW2hO/MuURdHgh7DRwAnjFmq9Z5miOsIFkJOBMsE\noFomVuqaaX1P8u0bXfhSqsMOZDs61BYut7/1tMawm6tBsYs3xVhqNkMDUi+wJzZs\n9UOQ8VuOUBJ3oAQ0ZDinnJ2EFIKICod1G/fOJFA5FIlL2Ng1xeJ9ZEcsg1K6qLOF\nAgwDC9FRLmchgYQBD/9MQD5tfWOn/bdCAJ3LT/lT6y9SNtk2t/75kfAdXDFLCS1n\nH7Ri9ngDHVnFHDg3W3APF1+zbRFC/UeP6pODqFE08ln3+vvsXblRexnjRCc3NQak\n26H8cnbH1kd0hkn1D4k7+YnF3gvsMd3tk1ipZQUZkkk/7v0yKAjKphkdXgAF2M1C\n88IfcIlQwCghDFhlV/4IRP2+2KVCseJb5ZE1K8eLtKYVpW3t/tAMHSfwhBO0OqZA\nSeN4iLMyY7/qAOdqo+tMo1aMC0nzYLfGKD4bw1fZ5oFE1sESewCv0s2lxWeGj++k\nIabWcg8BQKbRXxxvvWfsuPRIU/S+K6JWP2emrbAw2jVZYzPjoKr4nM71VZOd98hY\nLUKecR72hOeH3k0hVgGqY44kvlVB/nOTMaMn5ZmwtuhIlA3iLYBctq+MkIbkr4ft\nPKQxJbwBnIgzupkGJfDn4wVUSQ5kV/6d08Tkw3z4ldVfMlkcYAvC1m8K1N8KlQNr\n+Zivq+iaKoyVFYTT+qcw1cnHU+JV784vJUc8Rbvu/aGJn2fjGXThp0Yknum38rTv\nvG+kO+W65rpAOvROeSbCYAD+tF4szAYtbbiN1rtpddQMHXTGVkyBJ1TXJ17RqxMD\nNP7wmbL8kTS/rB3SP7hgrJV35pihC6V0dPA1XW0g3ZhKCA37GaoVVt9jSTNQx9Jc\nAd0uZTvhFNgzaCIVcE7h/Q7cnNWGpRP0IugyrdzokXufbqGNSnzRaROpIZodVBgd\nrqW+lJOxfhAEUQaoKi5Z04oalPWzto5oaHl5iTP/+y0ABbpZ0cXTIw7abhg=\n=ie2N\n-----END PGP MESSAGE-----",
 				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
 			}
 		],
diff --git a/secrets/repo/wg.yaml b/secrets/repo/wg.yaml
index 5dd0044..8380fa3 100644
--- a/secrets/repo/wg.yaml
+++ b/secrets/repo/wg.yaml
@@ -1,181 +1,223 @@
-wireguard-twothreetunnel-winters-wgProxy-presharedKey: ENC[AES256_GCM,data:FZWARdSb8o3KpgJikYIC7hYLZ+WUaulZoisE4Ifdpsr8tBazY9bVlf6D9p4=,iv:QSUUWFR6uUoX62l0kMiVKkmlI0lEXuDEV7PSfBLJymM=,tag:eupex55cEm7lDKHFbJOkmg==,type:str]
-wireguard-twothreetunnel-moonside-wgProxy-presharedKey: ENC[AES256_GCM,data:Y/EwbaVbGljiz9XZmr7+/udBfeaY+CLMfnKzekXP50Hu8ek8aA1/SKs2qd0=,iv:BijEDkfpRWox8CPwCoZLA42WihYIqHJJgSgOfsOGcG4=,tag:8+qEnqTsqyNdD4oVPiuQuQ==,type:str]
-wireguard-twothreetunnel-eagleland-wgProxy-presharedKey: ENC[AES256_GCM,data:dF8VPApd6iYKIZjBXB2rjIXIxyy2+U76TdyFuyUW0zSbtjzqn1ZKrhX4w/M=,iv:GqOHsS97di9sHqjndlq0EdWLcJ1EMLmDOnFJlBgTvYU=,tag:PdxEYlg3lPShUJYlANLjhg==,type:str]
-wireguard-twothreetunnel-belchsfactory-wgProxy-presharedKey: ENC[AES256_GCM,data:NAbVE7ysGDD6TT0RxdL6bTNloac4RBU1JWeTFqYo9PO6ZU2f/yq6aboi2AA=,iv:Ky4UvgRDEG1UgDmi+m5mHWHO+yUGzphQPYIuyAXDkhw=,tag:WP+/8q8jfitNC/rXN5Mp2A==,type:str]
-wireguard-twothreetunnel-hintbooth-adguardhome-wgProxy-presharedKey: ENC[AES256_GCM,data:Gr9tP9SkizZOR4brFO3+7PqDC9pG5RojWa+xDDtqfZT4Xo6ZAN2002WGUXQ=,iv:Zj7oy/d/o5sNYTsyPaUQ9Th/xDuG7o82NpnP6TZzqeE=,tag:OI/DCxjJNpZC1C7foO4xsw==,type:str]
-wireguard-twothreetunnel-hintbooth-nginx-wgProxy-presharedKey: ENC[AES256_GCM,data:2LdQ/gIt42qnoK8ZfaQO43YzZr0VZe5guji8N9n7o2eNLL/qMQ5ZFbFNa0o=,iv:3U1WmLaUi0CDLiW53PwXE1zvtO5YWfdLw2O/Kpudyww=,tag:CTmwvF8CA6MrqLzQSGoBtg==,type:str]
-wireguard-hintbooth-winters-wgHome-presharedKey: ENC[AES256_GCM,data:57KGUxn1BibZ+9H9mXg9EYmcy1JBX+M79ACL3Qt0XEMl0dFlk9Wq6cr3JTg=,iv:9QHdykNlUU1H0uco21zA8leQH73PAeL+xTVi6V9zx7U=,tag:6mfSCddnVGMBEAqCHDIIrw==,type:str]
 wireguard-hintbooth-hintbooth-adguardhome-wgHome-presharedKey: ENC[AES256_GCM,data:zBfV5HMy3h6q7yEF6Cu7sCTONa8nJRmMDHgVFvHVinKmyj0qpf/WGfnyb3g=,iv:3JlNgsJHkE1EawLWIJaZsiZlu7pN9ymFQ5ZqdM7W+AU=,tag:pGfsh34HnL8mUhKyFkLniA==,type:str]
 wireguard-hintbooth-hintbooth-nginx-wgHome-presharedKey: ENC[AES256_GCM,data:BGdVjcCyhrSgIIZtdoBUscCitNjBat56YjZOFx9Vao3vBMjoHFGY1WFV7zk=,iv:wxVClKJE6R178vCp/RE3PgBYYLIvOdSV97AfJagWZ8o=,tag:zbuMwlJYIKtV7ylwvgLutw==,type:str]
+wireguard-hintbooth-summers-ankisync-wgHome-presharedKey: ENC[AES256_GCM,data:uqqacrmL6dKj+vIQiMZ7KckvZcV4mAnlfpHOJ/ml3rkfCNgkBKfa10IEoBU=,iv:QFRlmimyEdWApDYsaAWkjvKxsESkHBHJlUC4zyEShEA=,tag:vxJaaq/7KDkoCckKRaRRNw==,type:str]
+wireguard-hintbooth-summers-atuin-wgHome-presharedKey: ENC[AES256_GCM,data:Na6Ai2uOVetbgnLKFXGuwozqEFshSYlZFBXn0HJ6+WP06kPSYB6W3Az/O3U=,iv:/II0H4tfgZQz3fezGaT0aYAZ8QRU/1dXbJD6/Nzw94w=,tag:4WkWL2IDCBQdPUlpSuAuuw==,type:str]
+wireguard-hintbooth-summers-audio-wgHome-presharedKey: ENC[AES256_GCM,data:3cOZbdkaiYdL6Xujbho7LvxQShbZx8hCkNTV1x61AIRDCuQIzckyeqPXN6Q=,iv:oHTGjwMz5uuG5ciwyWXL130bQP+cv0UpQi9iavi9vwQ=,tag:Q/JMjNLy1hQIzIXTRyrZdA==,type:str]
+wireguard-hintbooth-summers-firefly-wgHome-presharedKey: ENC[AES256_GCM,data:0GsMPlVMq8fin2srrgtyVWxgWGYaDhogGLMxYSr+46SN8HLYKVL7D8CShv0=,iv:UWtmPqDR+FiSOuyiAjP2KlMMXb0reRiJzZN0rsTvQGU=,tag:DfuZdeDP5Kx2UUwhTCmtrg==,type:str]
+wireguard-hintbooth-summers-forgejo-wgHome-presharedKey: ENC[AES256_GCM,data:LlBDPPJKn4dGkwB+Nwk8/s/wxgsh6t7KTSc+/2WBEg1r6zzG+cQL8+QZZBQ=,iv:q29ioAakmBdSiNjrqOWZ4kjMdwsVS0ihmUkZsQLLgZQ=,tag:QPvcTq0rn2eWYq7tL4ISIw==,type:str]
+wireguard-hintbooth-summers-freshrss-wgHome-presharedKey: ENC[AES256_GCM,data:04iV8+7ypjISFl0+nUlfMB2j0w2mQO/60ygG3iBmbvnD3Pr7gvuCvDDxO08=,iv:z7IBjXj9uI/by/8wA3+watLmABkjOUskMWtFyZlQZR4=,tag:OEEomKd+eLhDPDS/0RTvEg==,type:str]
+wireguard-hintbooth-summers-homebox-wgHome-presharedKey: ENC[AES256_GCM,data:dhVgZTA+HXXVHHhZzTsv3iXl0IYIwNLK5S/bB+1pKA7+L4PquohvoFkZX0M=,iv:uitcb79nn5KfYBPbu4aKSwSsR8hAzyU85MKZXAkpAd4=,tag:YLZwB1RUgEMLhu8DZK9gVQ==,type:str]
+wireguard-hintbooth-summers-immich-wgHome-presharedKey: ENC[AES256_GCM,data:OUiFs9P3Omh/8od0iP4J/netXzSM9yocxMYGAa8duaPhgzHUrpb7zvyRPTg=,iv:7qasoTKs5nhViShPbuZowmhLzSTcFlFcITsSaBwaLt0=,tag:hGB/ogWplcPYPfQjvBfdUw==,type:str]
+wireguard-hintbooth-summers-jellyfin-wgHome-presharedKey: ENC[AES256_GCM,data:lClo6/fRo4N2BDAKpAQeX/muHRPr+DRgkeAA8sThySVRCEK4SPm1RBjakig=,iv:ubsGTJbswKkaVlpFgiCtH7sN3dzfXNVVMHrv9HHtpIo=,tag:CFQV3oF/H95te3T2RqYI2w==,type:str]
+wireguard-hintbooth-summers-kanidm-wgHome-presharedKey: ENC[AES256_GCM,data:UeQ8KBQY76rjcwaRci3fagxL1jF5X8skVNYkU/OLjWDm0g8JYSTKB0akkyM=,iv:2ls4QpNunD6F5TTZoVOLfZD2b0iVtfD/ydF8qvDYY08=,tag:BwwVxV9y8Na0X09C6VU5kw==,type:str]
+wireguard-hintbooth-summers-kavita-wgHome-presharedKey: ENC[AES256_GCM,data:G9aUEikmoWGgkG/4IAwCCkKGF5ukWTlz+cIaF5tA9TUqoQEW/wwMHPC+lg4=,iv:6Oew3S7IMpSfwMXVqZstGHO0ad8IFPgClCykfZpnd0o=,tag:P5Hbu0xunpbR7Z+n0FLkFg==,type:str]
+wireguard-hintbooth-summers-koillection-wgHome-presharedKey: ENC[AES256_GCM,data:Z37q8L/P4xMIhMubLesuGxjd+mKkrQyKLbD+9kow/Y+Qv55GwtukSDqEPpQ=,iv:ck23Lpli1xTrSWbQ2gLAav4S2E80AzqRV+aWb00oIQo=,tag:fnC4zouykX6INyXiBOBu0Q==,type:str]
+wireguard-hintbooth-summers-matrix-wgHome-presharedKey: ENC[AES256_GCM,data:i+zBCDJRT6Sqx5GjgwOTiQ7J+jFrxo2NFM5OSx9slKyVaHHe3dcOX8XDNN8=,iv:2DYKzAtYbpAVDYJ6ZqYDT5hjx5TOrEzCbwhiJXIjb4c=,tag:2ULvFtFb6r7zIb9pW+cxmw==,type:str]
+wireguard-hintbooth-summers-monitoring-wgHome-presharedKey: ENC[AES256_GCM,data:qFJxnMvKPUuckVwryuikq0AP/r74hy2KB5OybRx72MDmBi9USowAJHOjHMM=,iv:I5ctXCxuBKfz5FvicIqMKmuGHyksNKn8m36rS51+n0A=,tag:5xcGPUoaM0hChjuMG0P/tw==,type:str]
+wireguard-hintbooth-summers-nextcloud-wgHome-presharedKey: ENC[AES256_GCM,data:6U05jvw+g++qFULwaOLbZnOfu6m6LxA3DryiVvUy5FBkVGedytpSTmJmD7g=,iv:P0ZGr2heTZJ1sCVtnLxfJmnblXM99zVvByZYCiLyle0=,tag:7YyvYd3Gg7XoQAwLlKgXcA==,type:str]
+wireguard-hintbooth-summers-paperless-wgHome-presharedKey: ENC[AES256_GCM,data:Rry1yM8o+4Xc0oBPBVCarcmEZ1wJmTL+ba3F9Ox2mPN8wNJmUnHgjqfiIk0=,iv:2hY5dcZnORIq0Mn1CrIvGaXwzuf7vsmkLmm04Yv7Fg0=,tag:hGqm60FeqN2uUtFGBiJpLQ==,type:str]
+wireguard-hintbooth-summers-postgresql-wgHome-presharedKey: ENC[AES256_GCM,data:IYNPz/InE8OaQ856jI6f3Bwd6FdFsMk7J4h0EP/XFMES7vsh3Hs4a3JsYJs=,iv:0ArxcoA00J1Odf1gRPDu4O98RSwgc3aMtsIQzdcReRw=,tag:CaRMIuyGDlLB6Ckq0eDaOA==,type:str]
+wireguard-hintbooth-summers-radicale-wgHome-presharedKey: ENC[AES256_GCM,data:19VdsD8IlPZkMk5wzVWh2LHwD/b0A8YmBDfxu+HGdu2EadQz7w8p8THBXLE=,iv:UCf6cgKPy0C4JyEiY6lkAkl8QdGRbzLbb1PaYp2R4fw=,tag:arCW/kpzKdcG8CmUp1nYGA==,type:str]
+wireguard-hintbooth-summers-storage-wgHome-presharedKey: ENC[AES256_GCM,data:VwE/bD5kbSYHBVBL6gZHW4BLUCDJZ/t7iIr3wTPeaEjh85KQIB3FggCbBwU=,iv:zdvt8aH0bfauxZKq2crIgxob/8DgOnnGkVQP38y0J98=,tag:w6wjJLzTwC+ulMQsCO7XQg==,type:str]
+wireguard-hintbooth-summers-transmission-wgHome-presharedKey: ENC[AES256_GCM,data:fotZP8tAREbq4P2aOZA4r6d6nokPPDZNgOClElCMHLuSuEMMGCdsmZTgapE=,iv:GFLCLGfEYZ7JBsWWQLOPAPOraoNIwP397LU0l0lJwSc=,tag:N8Q98Uz5cuO/ypQ3OvWxqw==,type:str]
+wireguard-hintbooth-summers-wgHome-presharedKey: ENC[AES256_GCM,data:YgxaHLeqGceuoALE2jiknkxHNI3+/z8AV4QBSY/Ws7r6gMSuL6G+X0cAagA=,iv:n/YgJkoIg5yfjJciXEBIiOqwK5iO44+P3+k//pcAJMI=,tag:PG5RNT5mnWl14jqcRWyzBA==,type:str]
+wireguard-hintbooth-winters-wgHome-presharedKey: ENC[AES256_GCM,data:57KGUxn1BibZ+9H9mXg9EYmcy1JBX+M79ACL3Qt0XEMl0dFlk9Wq6cr3JTg=,iv:9QHdykNlUU1H0uco21zA8leQH73PAeL+xTVi6V9zx7U=,tag:6mfSCddnVGMBEAqCHDIIrw==,type:str]
+wireguard-twothreetunnel-belchsfactory-wgProxy-presharedKey: ENC[AES256_GCM,data:NAbVE7ysGDD6TT0RxdL6bTNloac4RBU1JWeTFqYo9PO6ZU2f/yq6aboi2AA=,iv:Ky4UvgRDEG1UgDmi+m5mHWHO+yUGzphQPYIuyAXDkhw=,tag:WP+/8q8jfitNC/rXN5Mp2A==,type:str]
+wireguard-twothreetunnel-eagleland-wgProxy-presharedKey: ENC[AES256_GCM,data:dF8VPApd6iYKIZjBXB2rjIXIxyy2+U76TdyFuyUW0zSbtjzqn1ZKrhX4w/M=,iv:GqOHsS97di9sHqjndlq0EdWLcJ1EMLmDOnFJlBgTvYU=,tag:PdxEYlg3lPShUJYlANLjhg==,type:str]
+wireguard-twothreetunnel-hintbooth-adguardhome-wgProxy-presharedKey: ENC[AES256_GCM,data:Gr9tP9SkizZOR4brFO3+7PqDC9pG5RojWa+xDDtqfZT4Xo6ZAN2002WGUXQ=,iv:Zj7oy/d/o5sNYTsyPaUQ9Th/xDuG7o82NpnP6TZzqeE=,tag:OI/DCxjJNpZC1C7foO4xsw==,type:str]
+wireguard-twothreetunnel-hintbooth-nginx-wgProxy-presharedKey: ENC[AES256_GCM,data:2LdQ/gIt42qnoK8ZfaQO43YzZr0VZe5guji8N9n7o2eNLL/qMQ5ZFbFNa0o=,iv:3U1WmLaUi0CDLiW53PwXE1zvtO5YWfdLw2O/Kpudyww=,tag:CTmwvF8CA6MrqLzQSGoBtg==,type:str]
+wireguard-twothreetunnel-moonside-wgProxy-presharedKey: ENC[AES256_GCM,data:Y/EwbaVbGljiz9XZmr7+/udBfeaY+CLMfnKzekXP50Hu8ek8aA1/SKs2qd0=,iv:BijEDkfpRWox8CPwCoZLA42WihYIqHJJgSgOfsOGcG4=,tag:8+qEnqTsqyNdD4oVPiuQuQ==,type:str]
+wireguard-twothreetunnel-summers-ankisync-wgProxy-presharedKey: ENC[AES256_GCM,data:7r3vkpiKI/BdLiHt/aklbn/lm+3aCDukyrSPK+doDH0D6d2yWJLkkDVU+JA=,iv:nNp/BP4Kdg3cFyCrtqYBZdJbYHHOx1KtwVpgw7GAiYE=,tag:C/1OI8ymr9/Ap+B8Z4G1cQ==,type:str]
+wireguard-twothreetunnel-summers-atuin-wgProxy-presharedKey: ENC[AES256_GCM,data:nTVcrasLXcMeyGa2eKLf5YPCDwt2FHEzrleZxoHq6Bua/3SkDWDoHP+uG5k=,iv:fEBHDt1AiujEAD5wL/t9nvlRCPDrY+BL8rFy8tSeLig=,tag:OFRyj838AydXzaOwDcVr9g==,type:str]
+wireguard-twothreetunnel-summers-audio-wgProxy-presharedKey: ENC[AES256_GCM,data:rsYpLYJCLmExLMs2Mr+DpViGRo5J/DHFCr4XSYA31cNjeXhUEs1R9ASMV4E=,iv:xQBUVTihLTY2c4FKn0FIR9o1u7O20UD3r1ApsXPKvM0=,tag:A+EOOlCHuQS2PhwhXS9ajQ==,type:str]
+wireguard-twothreetunnel-summers-firefly-wgProxy-presharedKey: ENC[AES256_GCM,data:BLec2zCMmn9sO2D78JMpq0mIuiclq7Gzadpju3P/AvcDWt5bWEKYXU/sS4M=,iv:NSzvUcAWDbYPiQeuqzI3h08ne1m9LBcnoBSPM6/UeEM=,tag:f1XNj0E/ir1FP4XpRZr+sw==,type:str]
+wireguard-twothreetunnel-summers-forgejo-wgProxy-presharedKey: ENC[AES256_GCM,data:4UT4uzLNETKrihmoIjPgEQKrPqPqACy4Kig6VASOHWNDXAGp6nJynGzdZwU=,iv:sAGRu+SBLC9Vfb9UbAi6pam15wu7i/0y8CepM3VQK3A=,tag:a5NI6Qi87jqL5A0TrULJ0g==,type:str]
+wireguard-twothreetunnel-summers-freshrss-wgProxy-presharedKey: ENC[AES256_GCM,data:mvl+yEd2/7cnP8akfiOtouY8RoDeg5Y3+T2eC2mPRphnUrlZW/CvBs+UisE=,iv:a2jZZkseeoZ8jGXr8NYli/BPc7xCfRou4nHuBjDcUYM=,tag:njOiC+tGrMh70MU5b4e4kg==,type:str]
+wireguard-twothreetunnel-summers-homebox-wgProxy-presharedKey: ENC[AES256_GCM,data:ekQlXR1p5rt/HKA/XPAp7Xlqj68bYvIwz/Ayvfzq4kT2wPbcxQpvbeh305E=,iv:TtmuvhZF++3U0W3wFt49pyd27FofrEryfc13E0LAfiA=,tag:DxdiQErcN5NTwsRfjwX/ug==,type:str]
+wireguard-twothreetunnel-summers-immich-wgProxy-presharedKey: ENC[AES256_GCM,data:EcdERMfeZ7O6oJfv4mvBIdG64SeGG703VFkXPwroKIsdILzSmcg2M6ZXN04=,iv:2k/P5fdb7s+/HAUHzATEgUhgwQTICnXN0e8CpbTY+f8=,tag:zhAbwJsQttZLNo19CbAssQ==,type:str]
+wireguard-twothreetunnel-summers-jellyfin-wgProxy-presharedKey: ENC[AES256_GCM,data:HwEvX/Y81hC2AgMeV8LW4SKvLjvv7c+lSu4Zl5/PNeSxbeT0tqcmfJ0aYaA=,iv:K1v7gWN/PhJupVbdvmjfLj006o3adX+abfr8h8F1JEw=,tag:KVVVdyUKgVd7rtfdyJCpXw==,type:str]
+wireguard-twothreetunnel-summers-kanidm-wgProxy-presharedKey: ENC[AES256_GCM,data:AsFABsoOQIuT6UTV5E6mQIZFuwe7UA99NS8+biPU8iU5vINf9hbeaafHByw=,iv:o+/8NilTqV7XmdjwToouG8vhxJEFGos7M5hqmouBvGk=,tag:xMuFkHjYTJ7MRWveJvm8DQ==,type:str]
+wireguard-twothreetunnel-summers-kavita-wgProxy-presharedKey: ENC[AES256_GCM,data:N4nf68fu/91eLZCFGb1mvjwv1A4qksDOc+8EVT3yrxElg6QABwTiu+tVjgk=,iv:EYjYk1ymTFtnwmj9k5Hb0gO8lR/+PQa95QuFQe0IxB0=,tag:UTn3tsS1DPWC1jC032oNxw==,type:str]
+wireguard-twothreetunnel-summers-koillection-wgProxy-presharedKey: ENC[AES256_GCM,data:AMWnfVQDESpMYlrU8vISy1nOkjo1xM6UuNTV7RMO6soZmpUPAva30Fh6q0o=,iv:JdhDnUvP4F/i3lnLLaYP7cDlyW6mA6XmHCLced7IOoU=,tag:2/sJuHDJX4q99/smBauNPA==,type:str]
+wireguard-twothreetunnel-summers-matrix-wgProxy-presharedKey: ENC[AES256_GCM,data:GnCiiEBSdVe1K1OgtdDxXqUYE8wC4dKHPuZaiPbCfOcqO4sK/gDE6wFLkkE=,iv:aew0+uuTiUNsWZhr9r46YpPurYiJAsuA3zNXjTwpM3A=,tag:qcayJyqym5wFxJ/WTp8A6A==,type:str]
+wireguard-twothreetunnel-summers-monitoring-wgProxy-presharedKey: ENC[AES256_GCM,data:sq3WkqwhEGWhzVYi1pQnEjffF5B1a4M2jyZUCExRJ0eYHLTeD0LFYyWeyaI=,iv:XRphMD9AGpjvdIbqIk7mB4HInGtS8FH9qmOLdic3HKE=,tag:ZXnk+FjMO3tUsDxiFAtDHQ==,type:str]
+wireguard-twothreetunnel-summers-nextcloud-wgProxy-presharedKey: ENC[AES256_GCM,data:yIib/B5xgZrG0yX5RjMiUrv4WOcDLp9RhyRG98u/+Jl5ZXRZVEhg2MPCDYM=,iv:NXnX5NIl/Wo8n8lTbdSPtn5G982STo5bDlZoa7/J+RA=,tag:CkN1HjQKEpb3A/E0HGWH2A==,type:str]
+wireguard-twothreetunnel-summers-paperless-wgProxy-presharedKey: ENC[AES256_GCM,data:rY+SKK+YtOmspJnUdsXWf9aC6yEGrNgwpi/+OjYt+GWTkkblQX3KMeWBwME=,iv:vR0nxSvqjbxVQnsgA48X9kvY2P8pHrglOnCA8m6Gr78=,tag:Y/q+HKfQsVhLf/kpgR/+WA==,type:str]
+wireguard-twothreetunnel-summers-postgresql-wgProxy-presharedKey: ENC[AES256_GCM,data:JqVazfufSLaioyRVZ4kxHe6MTmUwJvvY1gdO3vc5rbkrPUDcBSWhcwwyw6A=,iv:lPgGBEZn25AXfbZWAv5P/STq4Ae+k6kd7/uZiumM4AI=,tag:1purCH59B+PlzA9oJ51rLw==,type:str]
+wireguard-twothreetunnel-summers-radicale-wgProxy-presharedKey: ENC[AES256_GCM,data:WL9ZGc5siJlRB5ZVi2fn5VUuRgK+E9rIR/z2DW0oEl2MWtE48fIxxKkUeFc=,iv:TII/wkrdDHobBW21Q7OK1lpSw83wa5vpQUi/UmS7Ryk=,tag:U8ES2qssuEJqJP9GJ8Uv3w==,type:str]
+wireguard-twothreetunnel-summers-storage-wgProxy-presharedKey: ENC[AES256_GCM,data:B9ObMUgpq4ipfYNEAEPghC6r/dw3sYD3t0ZQZhPg3Qd5fgWILwcfZh+nglM=,iv:Tadj5NZ81puxXQSeRnzDANupa9nihI2Hd3w2XUR1mRk=,tag:Yjv630libyHEPAblBELWyw==,type:str]
+wireguard-twothreetunnel-summers-transmission-wgProxy-presharedKey: ENC[AES256_GCM,data:8nneTEVRGnB/0GuxfO+zlEy1ybe55RUofwa7jFrrJgxZwnqvZNYSoWWOa3E=,iv:nIJXEJvDCwVV3fM42uvqxsRZh7hW+kt9kA5v8gITUHo=,tag:S4l2D5RbtXQjAiLbDNmUnQ==,type:str]
+wireguard-twothreetunnel-summers-wgProxy-presharedKey: ENC[AES256_GCM,data:E5GC9uBKSa2nFlnglmb+lgdOBU/cfmWGinLW87sVIBiljepwqIOxkU4ipho=,iv:gyIga+K/ixfBKopCuBh/87cuEzMEDFE6Cyx9CG/SOeM=,tag:2lc/27IUuZQt0GbfHeoHOQ==,type:str]
+wireguard-twothreetunnel-winters-wgProxy-presharedKey: ENC[AES256_GCM,data:FZWARdSb8o3KpgJikYIC7hYLZ+WUaulZoisE4Ifdpsr8tBazY9bVlf6D9p4=,iv:QSUUWFR6uUoX62l0kMiVKkmlI0lEXuDEV7PSfBLJymM=,tag:eupex55cEm7lDKHFbJOkmg==,type:str]
 sops:
     age:
         - recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL0RGd0F3ZW93YjJabnFC
-            WWNZUHBOK1RZemNraWF5MXljNGRUaWNDRlhnCmZ3NlBJTCtQWlF4d1BVV0hLY2NQ
-            TTNEdlFmb2MxcmRkNU4yU3NmZ044eHMKLS0tIEdRU0VjZElSNnVMREExdlpwaE01
-            S2VCaEN0SUkwdWY5ZkxVZDdkS2JqbFEKaG4zwEtWtrVAW8jvFgwX8eoe7MM9X0cQ
-            E/R67hG4G/kewIj/gz3dbN0vI+hvTdx+doR1MVYiBee7iqmgICLTew==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTGdxaHBJN1IxclRmNzRS
+            amQxMnQydnNsRnh4MU9Kb1lPbDdRKy9MdVZBCm55ay9aM3piRWQrbGhpalB5OFU1
+            b001ZEh2dGwxY0dDSExwbmpFRUJvSWsKLS0tIHdZUGVnTUh0Ulo0eFZRZEVxNGNP
+            OTkxeHN0cGZvanZ3QzR3SzhkcklSQ1EKdgzK5MU0e+UeJ/5tgYV9AqYHLn/V93t1
+            PCOwSQ9nheycRpENbi6LpRduc0fiPWjvVJfzMCIU2vLLFW92MjLpeA==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl
+        - recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjMmxLeER3Z2NZMHU0dmlE
-            UEdKZ1dKdVFzZzYyQ095WnNpZ0thMFZWZUE0CnBtRFNGZEE3Q2EybGpiODdES2JF
-            eU9Wb0FFVlpSNUhXRnBFdnN6bk10RkkKLS0tIGpzaUdPeEtnY1BjSUJ6NWU1SU5a
-            ak9OenBtT05lWHVXeVl2SUZ0YWZ6UzQK11o/FPoXrkjOry+4+oiE831HPQ6Cv8Ig
-            V+/zAg2Q+pRsMuVddE8w6S5SI3v/jgTZSGbxyC8Csj3wNxxBvx/SgA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxa25YZXVvMkxpV0VOQ05L
+            SWVLcHh3emZoOFMrVlI2NzlPaVRONHlEUFZzCm9US2VKSWI4YS80NmZoSVFNaHhw
+            NkJhVEpsU1hOVHViS2tuV1RhdWRTcmsKLS0tIGw0d0t4ajZTWHRWTmpOODQzMFQ1
+            M092dHo4UWoyUysxcXM3REN0R05yMVUK88l1YrWP1fAqDK5cewmKnGleGZM94cLC
+            X5ebNMFFg4TjYFWkfuPvxPVDXe6c1d0kG5OD/4znuHgy4Cm7th4ZAw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SnFWVkxEanFYV2dKY0R6
-            d0dKWkRJK0pBZm80SFdwNnRENjU0TUVlalhFCm9lYmUyVHQ4VWRuNWFOVENpcldw
-            RjFPNnA1cmRxZk1Bc2s2Ni9LeWg2aGMKLS0tIC9OckV0bEJGT0NmbzhyTjMrUHhD
-            ZHdpQUN6M0VVKzhCcDlBOUV2VWc0Z2cK7Ns4QO4dhpq2zSEuDGePjJfXRdc3DS5O
-            +nWgDGYzWxq5dRXc52X3y39ozi3cwGP7hysVvVvAANrJAq32T7RljQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYjNxUFNLSVhoY3NrcWJS
+            Tzd2R3l6UDZEOGZiSzlZenBQTlp2bmZsQkVnCjllRGovMkVDOEcydjdNdTNTZDdF
+            S29GbSsxd1JKc1JWdG4xSmgzUDZicWsKLS0tIEtpMkJiMnkyNGRwSWxjRHNUdFBB
+            UUFpUUNRdU9GcnNBSlRmUzN6UFAvaWMKjHC6TlaAGWF6YLC8B4hNaRWmfi5+4syx
+            jz8TE03yR+Y/ZSigodw6rTz5FD70qV2h2YTmTVgiXIxm9x9xc1rx9w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ1h0LzVkVFo4TjJWSHdw
-            Qy9ZRTIxcWNTb3NHcFhZOUJTY1J1Uk9jSURJClg4Qi9VSGFBMFQxYmJySzJkSjND
-            NWI0T29kVDB1YWhLamgyRE4rKzJFaFUKLS0tIDhkakx3Zkdhc2R6YnFPenFEV0l6
-            L21HWmxpT0pycS9jZFRVVFRuSDJJWnMKUl6daQgN1ldztZNGQZHix0tUNZVTnS2U
-            XvY3OGGtFfqYf/2+GfZmGsJEKMPAHX5nGQe2vyez5jrtYIwI4WpGMQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TG9JT0dDbnlVVlNqamhW
+            dklMeFY4U1RkNFpPQTB2RHFHcFkzMnhBamdRClJlQkJPMS8xdnFYcWlYK2h2NU12
+            Vlh3ZFg3cEtSQWdoQjJhOGRFNUNCWU0KLS0tIDEzRk5zOW1xN0RtWkg1Q2I1azBy
+            N1JpcFJjTU8rNlNSRGQyOGMySUJvaUUKNuH2uqQqpwQx84puS1qFXKf3n7wE3Bpc
+            Y+knCdSmOx6111qYqcwcOPQOiU6t37UKCrspW2eeQf0grjhx+DCH+Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdlJuN0E1TEVKT01SWVRk
-            Y0pYeUxHOHFRUFRFRjlRY0prOHJkTUNncGlzCkRERDM2bjZBcGx5Zk5MV3dmRTht
-            bXhBQzBxYXQ3OFhoS0ZleTF2TnlabzgKLS0tIHJHdXM1SEU5ditkUlRYejBuRk02
-            U2l3Qy9qNzgxU1pBK1ZNaWJmVVNkQlUKToTU77sH9hEwJerlJTNftzV/cD/Tx9J+
-            2SCd3HyfxEwRzc4nbpJzATu+gnSnE9AbwFdrYlIayaJtT2nXqgJXSw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaFdxOVNwV042TmozL3N4
+            QzJsZTN6LzVQckg2YzdsbjFZMVZUS1Yzemk0CiszNkdURXlWZjZGL1lJaGwxa2tu
+            Wng1LzlVejluRTJ6VjErejc0eStoR1EKLS0tIDh2MVJZOWNOVitVTHJaYlRVaFh3
+            eXYzS1J3dWljbFdlbHFvc0JKQmtSNXMK1lO1PaQZVwyxH7sfpkn8SjGiXUh5Q9v/
+            LHlqqsM6P9wSQ4BNK14r7NsGO49R/FXfL1flKxvL6Cz35hnlqbstKA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlN1VaT1Q3cjlETEZTbEZZ
-            WkRlMDRzanU4QXNnT2tyWjhTNCs1ckoxTXdzClJnR0JsaE9JM1Bxd3lGcWFTYTZu
-            a0d1NXZIRDdKNUZLTW9JdEdDY2FWK3MKLS0tIDRIb0xxYWhOc1pJQmt5WHI3cVZ2
-            eTBLZWh5M09yekJPNGVBMFkzSXh1Tk0KgATVjuxSUd3eqJV2HGV3cMrTpTtfNSUb
-            SJH/M7ixk+0GQv3DU8QvuIAf8w9/uKjs9nS7dFlHVrJnDWCAKpNYgA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsczc2R1BLenlLK2N5eW5H
+            Z2c2UlM2aVRZSlNGNkQxdmhqRjBLV2dLM1hzCklhdzNqL0FzRkNwejYyekxjU1pK
+            eXk5ZFRHditVQnh2dWhHZHhnR3FmOFkKLS0tIDZ3WXFGcWJIVmptQWJ4V1hSUnpO
+            VE8vMEM2d3hkVGlXY3VCTzBrNlFjY28KGKzigFQQTbBqI55NbEk/WTxZAp4/XDxE
+            U0/aTYjgH5KkwA91sCcJSuxi9bSfdEhtWj5t+7Rby5N99r0nBiYPCA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFb1d0VTFSVVYwdjNaUmt4
-            WjBBelQ4QlYvNUcwV3NVbUE3OEF1WlJqZW1RCjc0V2U3QytGYXJTTUFadk12V0Uy
-            QkwvSXZRUEVRMzk4V2ozNE5EWWh4TmsKLS0tIEVkRW5JUTVWSVAzaVBpaGdSWUNC
-            ZzBrN1VlZ3pGVGhaY1M0cWIzcG85R1UKSGFw4lYFtwEuLKNMmNew3ADiXHjv8B75
-            NjeDvYco/mYOj8+TyqI1QHmlo2GjLSNX2M9M/Y2Braxe0obB41KsjA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UU9FeEFkUjI2NFF2blFW
+            aVRSM3hnL09qNDhVMHl0eFRtYjZUYTkycTFFCmFsK0VNR0U1dEVaUEJNVGMxSDUz
+            YUFKbFBEZjhENmZYcHhSeXdGd1dxalEKLS0tIFl2Vll1K3UxTi9tcHErTFlTUVd6
+            dmIwd3RNcW9ISlFHMm5PMnNKUDlrQmsKkQErB4yMrq1apJgGB/q6Q7fN3BQKNUtA
+            12+YULNihaSfOLZsjE6TbNx4twMgcTzDy5zQDDMthrEKpmPUvhFsdg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubWpoclVFQm56NURMMGVi
-            V0FBeUp0RnVnYzFiektrTmV0cGh1d3hVNVdzCkF1SEhFcjJ0N2NwM2V4dWVIYmZ6
-            REN2NU5SK1NxbXhMV20zOW1mbHE2N1kKLS0tIENSWDBiODBKMFV0c2RmdUIvWkRJ
-            dFZhWmJNWHpNQmtlNzFySkFpZjdXdDgKsOnFEvnjrSkhoBCkXIiUaDjJmAEueux2
-            HAIIm4jHQYlz/v6j969TxaAln5KW+78ao+Ma4by9rX4sTckbw2bTBw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcFVtbmFRVVJoTlQzU2FB
+            NDRDZEVMWXRkUUhkMDJFWE9HcUVES3NsRVV3Ck8vN2JhWDMrMEkxRlBEdk85NTZF
+            eDRSaVA2bUwxdGcrNkpWazlQaTlGYWsKLS0tIHRtSHI4UjFWTmpMRUlsV2J0QmF1
+            bmoxOW5EUkJnbFZ6TnY3SVoyUVdtVUUK1ru3L0W8XRggXBdiCEE/qII+eyL6Qqgh
+            NQPpd6sEb/4nGDI8gLyvBB3DGLsrXAxUtauVfmMctJiSndZ1Je5y9w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlTUUxY1dqYmdLbGdVOTFQ
-            T1d1R21JV3NzZkVYV3F6M2Zxb1RLd2t1L3lvCnRvTFpQZGhUNldEVjZSL1Z6T0pY
-            UFBxS1kxUzdOSXBGWllHcW9jRG15S2cKLS0tIDU4UUtUeFNEVWI4bC91UWNkb3hW
-            TkJ1Sk9ZZE5oODFXS0JlcWlNSUk4UmsKtTTBv8uYQFSFlIRdzpBl9rdHPxpIHj/t
-            agccAsKe2x+8OOZZEnXhwsI5Il4bavm5X2orsP0kUcyfkuRLR++zyw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVS9xamRPK0IyelBMbG55
+            Rjlmb3VZRHBYcEZFK1I5ZnJWZ1JFV3NMMWkwCkNWV29XS3Mrb2xVdHdWUU9aVTdO
+            TWlNMTBZRUpOSzltUHlYZ2tXS1JsQVUKLS0tIE1nTW9ZdEQrMUFCd0YrWVRzVEtI
+            NlpJR2xjTFRWSGRxU3QxN29kbVR3cE0KgMHIfv8cf9oa9wsusihkSkb/PUCJCzyv
+            zK54JkBBUq1nVcDkaElPmJGa2P2+w63a7bvGnMWeHtzTEqQL+WvL8w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZkJacmZqQnNDLzhDeEpk
-            MWxjeExMd1hOUlovYndaNU1qdU1qbFExRW1JCjBZUThjZzNQak9uL3NHVUlWakpF
-            N3NaZ3RhdkQ5UGllTTZRTjBxbWpqRE0KLS0tIDlES0tSNWl1TG0wMEJKdVBWYUF5
-            Q2ttL3pZbkVFZ2Y1aWx5bXhlem9tOU0KH3JQ2Xyz6BK6rNHNd8b/Bprot7fwUyMw
-            FFBQAILpD79ioHvCzanPvUj4KoLd1jU9nRKMdXX0hcWOQchoQ/XnBQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bXZYTllvbzZ4Yk9XMThv
+            ZzFxUG9LODliQlc2WU96MFRsYmdBMCs2SW1NCmdVamN1V0Ryak9rTEp6NVllcjBF
+            NVhsKzFCNjFwL1BidzJwSVhzZTFva2sKLS0tIEs5OU5aODRId3FhYWd1ZGpuRGIz
+            UWRMaGNHTTRhcEtoaWRRMmY1UmFXYU0KkEOYHQJ5RXlmmfm9NEccfL6Y84TuvVGm
+            dt2WprGx5vRKA1Vf/xqjF8o52FHOIhbUQ2fAoT5ICPLBn/UHPTGggQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHblVvWWpaWVhNMDdTbEZN
-            SlFTdXNzN0NRT2lVbUtpWDh5Zm5XTW02cGx3CkNvTVYrUDBDUk5lYWFOSEszR011
-            UzYyTnp1YkVEMllHYjlIdjBHcDRiUEkKLS0tIGw1QjBSektnOG9HU2tpUEg4VDM3
-            aE9iOFpHbVpPV1AvR0E3QzZkdWE5OVkKy6k35mWpKLew1VJyhBAb9+7VSg6+y2jy
-            1DaTZ+5drVLyMnfFqbI8dyO3laT/R6MqjEEvgaozUoHxjjELa0rTvw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSnpMNE55NVhjbnkzRENQ
+            SHJSQTE1TGtOeEo2RnZrOTgwek5XM2RTUTNNCk9wczlrN3M0U0lwZEgzVHdJSmVZ
+            elpUaUpXczZmbVgxUG9EbU9pMVFJY0UKLS0tIEVsb1RBOEo4elVyU1N2ZEtpazBC
+            Q3dHZlZDYUU5dzF5OFVZdmhIM01jNjgKRH6qY1LB0B/njR+5CHREGuJHhzNgWoOV
+            0dbBOvEzBsaoPDwddn99gttM7A9IZwF/YGSP4paFZvI0Rg4uP7WT1A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXpUZDdaRjJTeGoyemx5
-            Tk9rSVlRY2JTVVkvVUdGbU53SHEzRHlKeGk4ClN2ZXRlbUZ6Q3ZHYllKYkRObVJo
-            WjZ4eEdCNzJpNy9pSDFTZUMrSmNoLzAKLS0tIEQwa2NvYWlHTWx2YmxPVmFtUTJK
-            MTJGZWpwQXJ3cVRTMWZaTDB3OEVLbEUK2AN9O+L9GyaaMxAGJjaOeY/dLd8qhb8U
-            M8kMdQKNvhFJxTS6j9oMmfM6gIp3v79ejWLefXVjOT27kJAfw5QZHA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTVNOMG9WT0c2RnRqYnk1
+            aldzcnU1Z01yNU1MK3lpWnh3TXo3d0h5TWdJCjBVc0NPU3FVTjdwWXlCNzlCVDVp
+            bXVCSHJhNnpaQzFrU3d2R1hsbm5yN3MKLS0tIDVVZDgxZGxlWGUwZk1ZQTNXcDZB
+            c3U4WktWOHdDY3oreUttdEdRd2R3bGsKHKqX70YgYDmXTjA3hvgrp3v6WFrhkruq
+            hEmOwXvTHvyBxbHJ1iP28fZ4sv/IK3KHm++0PNdg07zai84hVTnrCA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOTd4YlFodTN0K0o5dmZq
-            Ym9qR3B6TVdvbjlETnNCWE5kS3BVNk9iR2hrCklic1Rha0k1bU1tTjlqNXhIemQx
-            Z3hmV0orVFJuM3NSZy92YldiWmNBNkkKLS0tIDU5RkxGUUdERW5uUHlzZUVQL0ht
-            Z05sT0JFcmczS0kwRXJMSFozUFpOL1EKUEoSYae/2AhcnL9RVUtPuybiRW/ojm5N
-            g2hEYmjsIZCrYDa/6Iyyk7KHUS/55tD+zJtdp83b7pYan2FGvpKWcw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMGc5amJ3M1ZrQ2c1VHNM
+            QVZ1b0RRNnRiaEJBcHMzVmJpZmtCeE43OHdvCjV4RStQWndEVi96Y1dkS2EwcklV
+            MHlpQ0doaTN4NFR2MTlYai8welFob0kKLS0tIE41NDI4K1U4SXowRUM2RmZCWk10
+            RCt1R1BsSWVhNjMvNmxPWDl3R2prdzAKpC9xwpWrTtFxLkGm5EjZgM1e6r/yeo41
+            saskc5tFRTtnr3X4VlegLEqcW3dtOr4nd3kFuEDewBhNziHLPH30EQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRHZWeGxxMzJxTXprb0oy
-            MnhBT2FzYXlROGVGZjE2ZTB1djhIK1BZd1hFCkJYSEtlS09NYUF0VFNqZXpqdWxv
-            TVJJSlVTRHg3K0tzbXFPcDUyTytMNDAKLS0tIE40Z3JMMHlCazZKRFJUdVM1dGJO
-            R2J0eWJIQmROZU0zV1k0dkR5R1V4RUkKGcuP1pOhyABTqfiOrKuHM6id9uMuZsVR
-            QfUhXXve7RxghZu/eHYSPhbsPmK5Awt2rWzW/YWsNX/Wttrm6j13Iw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dFN6UHhtaVpHUkwvKytI
+            Rk0xNkJiMm9TRjlHdWRBYVNRdUpCc2pSbUVrCk14Y1FmM2FQZ1M0QU1lWUxPdlBw
+            ZGFsb0luNmsrWTQrRzcvZllqRVBXOUEKLS0tIDRVaFZ2Y2tWNW9WcGRZMjZKM0Jh
+            K3FpUU5qamoxRitwRkVoWEQ3SjNLNFkKE4IqY685vdr+UADGr+t6G9G8M2uTpBH4
+            Md1SIAXcXqbNNZbRDNNdHIJ3BuzDhRx1riR+chSkeL7n9ebUHg19ZA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNGROOGE2MHN2TG9teTFX
-            NHBNV3loWTJ4MXRRRm4zc21MOFpjYTNLcHpVCmJDWnlKc1JzVExnVTEzZ2xMRDgx
-            Z28rK2JEZzF6aVRRWE9vZ2I5MC92QWcKLS0tIDJjV1FpcTFvN1NqcFpwVWUyalZq
-            aS91aDE3RkliYVhRWndkSDRaRkVjNFEK0BFAxjd+QAsN5WYiKprfpYOHooCs35Di
-            yw8IEn7iLdMXAJz7ia5GRHWF1fjF6Um7WaoyQqX50Z4NNh7w1KkuDA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmODBwY3VIZEpZaEM2YXdk
+            NHNXVmxUbG1oSGtya0ZpUHdDbWc3MFhuVFhNCnpHdmIvZWFJNjhZV2JxTWlQeWZl
+            S0lPRHVYS3JUUXVlNloybGk5N1RFWTgKLS0tIGhibE5SR01UaGlibE9laW9ZVUtH
+            UGdac2FHOVNIL0dKZVMzcC9USEVDT00KC0h8U+SZhHoTUoMBpQ1CwGJXYRa10SNu
+            JmgwuX9KPWlrxJUre7NtSnsFNQOmSr3uThYLs6HpclBB7/NEDJpywg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-04T23:29:21Z"
-    mac: ENC[AES256_GCM,data:SfZxZpnYQsNQeAdIsnN5eGW7zha4IhCCsprTLk6YUwalDCBYqJ87AY2nz7FzdGvsm5WaojLTXBi7kOlepD3UnJ4v9Qi76tNYCVhLO7djGBW7t9gteyNsJwz2kxCZSKPXJ5nvTB8cLyDMZ+qedR7CO29dV/R++wQ04+Jp0vS8wtE=,iv:w8oYMzEhgjHMKJMpDlC5ukg2CEoG352jgrTF8zcUOn8=,tag:1SS+sLwjCBsdIwn2RoG9Qg==,type:str]
+    lastmodified: "2026-01-10T01:51:28Z"
+    mac: ENC[AES256_GCM,data:iC+mSzhxPTvG/ZUNkgtp26EGTU/GJoUZH9ZOD27rKsu+uKuORb1dmys6jEdw2UYgziQ+mF49Vkrw/82rgw5npaaCXsZbDOpiHRoNMtVCG+734FKK0a1NqJbEZe4iChX8icXlQqlayMdsYnP1IFTiu/xouL58PKLqNTm7wexL91A=,iv:gXkmuc0bYRS2blLkzoHMdGXA/1GFh7LmLi3L+Vr9/rY=,tag:n4kNdcMaZM/BCT1ajvdCLA==,type:str]
     pgp:
-        - created_at: "2026-01-04T22:59:17Z"
+        - created_at: "2026-01-10T00:52:59Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwDh3VI7VctTAQ//RZDgcJwORDcdCgh90HAw+3x/ltfi2O4IeEciyaimNd2G
-            SJKV9y2VGwCFwrDfdlBuy8NDHSnE2oM/Cdk7sv7MTZpuDpofj/41qYVA55PVyh0n
-            oWkXfsNCXx/2mJizPddPDf51bKlEkeG+NrbJym+nWQqPH9Ty+y5QmSDUrSUoir8G
-            bnbS/9O69P8MSsGAL23sLuRr7rnFXVjZkovlsxY+c86Eob34EgY9iryzFHXnQZIA
-            4JqNL9MIygxn1HA8JCBl/zUJOvEO1QBANYFb78pMr4juDFn6n0iU1TeDwMB8j4DB
-            /Wn648EvvR4bt2UR3KCCcG6lJKM/weCd1PEjW3adKIn/D+sUI0gEY8OuEQ0qVhDp
-            w0FUDPa3SI4Tv+RxAbZ4tsVwnK+NDK9ZJ6bb6aSox7By5aCEKQem9YztCl4NclOr
-            arFNC9rNdJVfl6ed3RY1T8pySfpbfWGboQbsAKr/kUoFKPAdOD8dk+IDPnatJHg9
-            S5XoVv/XrB4G+G6ubsQ2hIOh27cnVo8L3Nydtxs1L2Abw2zK0/a/zQLABGxDsSQy
-            UxAi2yJbgcLVmTNssjlTFDPfl0cTUYeH+eitDedLjdgcymFFZYXOaXpoJywaaXHv
-            CC0dF4M3Nx1iz6iJLeP5AwaRDliXVi/f/Imrk2S6Re0dlgJu61ExvCgPUnNl1suF
-            AgwDC9FRLmchgYQBD/0QZwJI6czuYVOarwVttQxZGUaiwXnZaFYuENqoJWyDd3hV
-            dCcy39pM0Ant4khELdSS7qw+47aWAnk1mjMLUIEv+VuA3820p6Y/luBHJZMcaGm8
-            ZDKt8Hamgxevrc68TODacNOu75hq5zKm3w9WLpXc7W/b6+BBcMbq6tTahtvWpEnG
-            x9cSjpW27PeEnE4dM+Q3gzugL9WaXhGg81+Q3s/wOj5nnJ0ydcK0dfV7sk9ciDrE
-            91Or/FtIgDFFEP5VdGI2SFApbBiSSA3/kE5EPf3vVd05TDFh0muVkbl2TnfwXRwx
-            ktBwlLZaFxuNH1jZqj9i3Nt6VT+zDXtGk4s0cuVUN1bHfOZdYN2f1Eim9ewYwwKi
-            iZ9VX+3kznLuY/TbJEO82hnk10uYO45SoQd+4J4h18Sxn7+lVoIxJgEfoafllOPr
-            YcMeD7bteqNePjGGB6HueZ7iUnHWfceHiaIcfOq4nL6c5nQcorrYmcIKMy2Snq6z
-            eS9aiNQvBM6ogJBbdhIqxQCydH5hA71VoBA4ljZj1p/FkQ91ZizOoSfCGuOmkCTf
-            Stv9lRcBV2Fmy1CEwUHbYlZIV7UkZ9ElbV6aF8gyfUvDOhiVmsZAluzvIA0EVYB9
-            L8iyH6qzVgyBPJ0AgAjNEUmRbWH/mx1X4pFRkPCQ4hoVQxoZhN6BDj6xKvBVuNJe
-            AVpL/bfor37Yenx/YBdYsY5ALb6u32vC3Hk2n5bt6fb1BNwi/Trvrv8vLDEAFvRl
-            cUQCj67vh6Wg1LkzGAxuQ5BTE54Mxndjt/PLmOhxBGl+gCBwxKZ0QtuqiH9tIw==
-            =uBYL
+            hQIMAwDh3VI7VctTARAA3QJGg6Y0j0Q0/UiejpfoqWZMCmiRk8CHP6IHJhQDm5Kt
+            VVg8Z1wZC6+B6lDqW6rUWgCktJRYp5CLFKFIJNjcOpWU8UnyV9XKzRiGs6L8tfpI
+            MeQEPrjJ32CsU3+Lj2ciKJcMzaaRwBsQLofPu+c3Rl42uRIjVnDD8rKcFmZeSfk5
+            mrms8XMeJW8yPlEfFcfgfHn+a2U6jDMVhlBJaMkolc4FYwbNhHxJwSgAn/SDjQAi
+            fdkL2zbd2fcWk49C8o6Fo6WBWDj+9Zs3iXp7ee53POXwdqG/KdTR7a1p9nFpfZ6o
+            hb7c8yW0eEafFP66ZMapLfE4K/0WSbWyutHyQ6Av+aZ1YxDwqts6kw17g5XCLAr6
+            MfT7RI4ZYJKGDSM+d3sBekHYLEQi/OpdzK5Zo8Eukkfjd2eHqO+dCSAbc1vp/ZV/
+            rhRCDhRwzxSoTxhJa46TekR1X7tMDL4edRHfdn3grauTtFlTygn3ooRBS2GKPWpV
+            kvbfWrZKHpPQkBnx7UYwZMFesuS+V9nGGMy26wf39N2m8ZWeLbroUHxPeXNRBgJm
+            5c9rBZRNDzovh/80f4iFiuyJ0s47nhW7Eq7VNrgb5JFgGO8t3iVaQPtLEqLuzHk5
+            uUEFmv7bfsuuUFDhimZElBbYDekdwqNmYa7dbbk4CkOM+ooUs3EREXmjJll5OQqF
+            AgwDC9FRLmchgYQBD/wOMPPiRB+lsBcIbuKaRsSZlNYLjY9WTFYph4jq5wJtaQyZ
+            gsmHp8D3I8rMfLJmKtwHSjylOFnjeUaX8BwAXJPn1KYU3PYQKQrvHWPrb2TAdKUZ
+            h0jP1nG9d9YAi38hXrtYa+KKWvjS0yHIoIbAjOa+LIHU7Ro+RusY+mL4F49q4lxD
+            5jdBQBVNBk15QsYklmUi87n/HNoP6+q7rqXlcL7qbRC7ZYnGMmcbnbIqzg8DhIUO
+            EGLwjY6fw7n0gaHOgSSi6ZKl8ZrU/zbVr0PP+o/Nm3ySaaJ/IZQm5p10V9UDfZW2
+            mNi8hf9lkX6nx/+f8Upvi8B7I0pqgm41vQaffZHbBPdDSqeFnwmb57KJQ+QA/vTZ
+            WRfUF22uXOaRk00UM0mcJUf/HGW+qIVzS0iMm5Xh9+5rPK8x5QYLwUT+QLL7NWSx
+            g6hgtf0m6w8uF/ah6CZlfpghv15MqEschpg6Lv0hSfwX70l639QAfeAzptaFrItq
+            Dv9qci0G7yhx1AQp7YkkvOsCaprJe/2WwNqi85iCAhr7zqd9ZGTh8x3snsV0wj4V
+            9V+91RCDcaPRyKBV2Al+oKcyFVhnyWm6GVijgqj0wh7tpgHKVx1XmvoAG5mZRR72
+            P5l+8913eYllVg+wX756+b824zRtJF9KB0m+mlUvZxRrdq48qSoCZDfTYunyG9Je
+            AQ4SPPXKjJWnT4BuRP9DoE0Rnn93G7pg0kHutoto6da7k8NcmKyvrxPSNo+DdbPD
+            hdle6NfeAsZ6lyvf0Mbi5bUI72ykkKq15GeuUcs1g/5e2OCPpM6jFz9Fwf2CRw==
+            =kWQ8
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted