From cfa803bc828796c5a38bdfe7c1444bb4d93afde7 Mon Sep 17 00:00:00 2001
From: Lucy Hochkamp <git@xyno.systems>
Date: Fri, 28 Feb 2025 15:48:13 +0100
Subject: [PATCH] partsdb

---
 hosts/ds9/containers.nix  |  10 ++++---
 hosts/ds9/default.nix     |  55 ++++++++++----------------------------
 hosts/ds9/part-db.nix     |  31 +++++++++++++++++++++
 hosts/picard/ts-ovpn.nix  |  26 ------------------
 hosts/theseus/default.nix |   1 +
 secrets/ds9PartDbEnv.age  | Bin 0 -> 6051 bytes
 secrets/secrets.nix       |   1 +
 7 files changed, 53 insertions(+), 71 deletions(-)
 create mode 100644 hosts/ds9/part-db.nix
 delete mode 100644 hosts/picard/ts-ovpn.nix
 create mode 100644 secrets/ds9PartDbEnv.age

diff --git a/hosts/ds9/containers.nix b/hosts/ds9/containers.nix
index 6282a1a4..cd54fc7f 100644
--- a/hosts/ds9/containers.nix
+++ b/hosts/ds9/containers.nix
@@ -22,7 +22,7 @@ let
   '';
 in
 {
-  imports = [ ./authentik.nix ];
+  imports = [ ./authentik.nix ./part-db.nix ];
   networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
   networking.firewall.interfaces."podman+".allowedTCPPorts = [ 12300 3001 ];
   fileSystems."/var/lib/containers" = {
@@ -222,12 +222,14 @@ in
     '';
   };
   virtualisation.oci-containers.containers.archivebox = {
-    image = "archivebox/archivebox:latest";
+    image = "archivebox/archivebox:dev";
     environment = {
       ALLOWED_HOSTS = "*"; # set this to the hostname(s) you're going to serve the site from!
       CSRF_TRUSTED_ORIGINS = "https://archive.hailsatan.eu"; # you MUST set this to the server's URL for admin login and the REST API to work
-      PUBLIC_INDEX = "True"; # set to False to prevent anonymous users from viewing snapshot list
-      PUBLIC_SNAPSHOTS = "True"; # set to False to prevent anonymous users from viewing snapshot content
+      REVERSE_PROXY_USER_HEADER="X-Authentik-Username";
+      REVERSE_PROXY_WHITELIST="10.88.0.1/32";
+      PUBLIC_INDEX = "False"; # set to False to prevent anonymous users from viewing snapshot list
+      PUBLIC_SNAPSHOTS = "False"; # set to False to prevent anonymous users from viewing snapshot content
       PUBLIC_ADD_VIEW = "False"; # set to True to allow anonymous users to submit new URLs to archive
       SEARCH_BACKEND_ENGINE = "sonic"; # tells ArchiveBox to use sonic container below for fast full-text search
       SEARCH_BACKEND_HOST_NAME = "archivebox_sonic";
diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix
index 61c59177..e3835871 100644
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@@ -212,64 +212,37 @@ in
       handle @grafana {
         import podmanRedirWithAuth http://grafana:3000 
       }
-      handle {
-        import podmanRedirWithAuth http://127.0.0.1:8001
+      @hoard host hoard.hailsatan.eu
+      handle @hoard {
+        import podmanRedirWithAuth http://partdb-server:80
       }
-      handle {
-        abort
-      }
-      
-    '';
-    virtualHosts."*.hailsatan.eu".extraConfig = ''
-      import blockBots
-      # tailscale only
-      bind [fd7a:115c:a1e0:ab12:4843:cd96:6253:6019]
       @immich host immich.hailsatan.eu
       handle @immich {
-        import podmanRedir http://immich-server:2283
+        import podmanRedirWithAuth http://immich-server:2283
       }
       @cd host cd.hailsatan.eu
       handle @cd {
-        import podmanRedir http://changedetection:5000 
-      }
-      @grafana host grafana.hailsatan.eu
-      handle @grafana {
-        import podmanRedirWithAuth http://grafana:3000 
+        import podmanRedirWithAuth http://changedetection:5000 
       }
       @node-red host node-red.hailsatan.eu
       handle @node-red {
-        import podmanRedir http://node-red:1880 
+        import podmanRedirWithAuth http://node-red:1880 
       }
       @labello host labello.hailsatan.eu
       handle @labello {
-        import podmanRedir http://labello:4242
+        import podmanRedirWithAuth http://labello:4242
       }
-
-      
-      # @bzzt-api host bzzt-api.hailsatan.eu
-      # handle @bzzt-api {
-      #   reverse_proxy http://127.0.0.1:5001
-      # }
-      # @bzzt-lcg host bzzt-lcg.hailsatan.eu
-      # handle @bzzt-lcg {
-      #   reverse_proxy http://127.0.0.1:5003
-      # }
-      # @bzzt host bzzt.hailsatan.eu
-      # handle @bzzt {
-      #   reverse_proxy http://127.0.0.1:5002
-      # }
-      
-      
       @archivebox host archivebox.hailsatan.eu
       handle @archivebox {
-        import podmanRedir http://archivebox:8000 
-      }
-      @jellyfin host j.hailsatan.eu
-      handle @jellyfin {
-        import podmanRedir http://jellyfin:8096 
+        handle /api/* {
+          import podmanRedir http://archivebox:8000
+        }
+        handle {
+          import podmanRedirWithAuth http://archivebox:8000 
+        }
       }
       handle {
-        reverse_proxy http://127.0.0.1:8001
+        import podmanRedirWithAuth http://127.0.0.1:8001
       }
     '';
   };
diff --git a/hosts/ds9/part-db.nix b/hosts/ds9/part-db.nix
new file mode 100644
index 00000000..23b07046
--- /dev/null
+++ b/hosts/ds9/part-db.nix
@@ -0,0 +1,31 @@
+{ pkgs, config, lib, inputs, ... }:
+{
+  ragon.agenix.secrets.ds9PartDbEnv = { };
+  virtualisation.quadlet =
+    {
+      containers = {
+        partdb-server.containerConfig.image = "jbtronics/part-db1";
+        partdb-server.containerConfig.networks = [
+          "db-net"
+          "podman"
+        ];
+        partdb-server.containerConfig.volumes = [
+          "partdb-uploads:/var/www/html/uploads"
+          "partdb-media:/var/www/html/public/media"
+        ];
+        partdb-server.containerConfig.environments = {
+          APP_ENV = "docker";
+          DEFAULT_LANG = "en";
+          DEFAULT_TIMEZONE = "Europe/Berlin";
+          BASE_CURRENCY = "EUR";
+          INSTANCE_NAME = "xynos_hoard";
+          TRUSTED_PROXIES = "10.88.0.0/16";
+          DEFAULT_URI = "https://hoard.hailsatan.eu/";
+        };
+        partdb-server.serviceConfig.TimeoutStartSec = "60";
+        partdb-server.containerConfig.environmentFiles = [
+          config.age.secrets.ds9PartDbEnv.path
+        ];
+      };
+    };
+}
diff --git a/hosts/picard/ts-ovpn.nix b/hosts/picard/ts-ovpn.nix
deleted file mode 100644
index f9863e68..00000000
--- a/hosts/picard/ts-ovpn.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, pkgs, options, ... }: {
-  imports = [
-    ../../nixos-modules/services/tailscale-openvpn.nix
-    ../../nixos-modules/system/agenix.nix
-  ];
-  ragon = {
-    agenix.secrets."ovpnNl" = { };
-    agenix.secrets."ovpnDe" = { };
-    agenix.secrets."ovpnTu" = { };
-    agenix.secrets."ovpnCrt1" = { };
-    agenix.secrets."ovpnPw1" = { };
-    agenix.secrets."ovpnPw2" = { };
-    agenix.secrets."ovpnScript" = { };
-    agenix.secrets."tailscaleKey" = { };
-    services.tailscale-openvpn = {
-      enable = true;
-      tsAuthKey = config.age.secrets.tailscaleKey.path;
-      config = {
-        nl = config.age.secrets.ovpnNl.path;
-        de = config.age.secrets.ovpnDe.path;
-        tu = config.age.secrets.ovpnTu.path;
-      };
-      script = config.age.secrets.ovpnScript.path;
-    };
-  };
-}
diff --git a/hosts/theseus/default.nix b/hosts/theseus/default.nix
index 47732553..acf150a0 100644
--- a/hosts/theseus/default.nix
+++ b/hosts/theseus/default.nix
@@ -207,6 +207,7 @@
       discord # shitcord
       unstable.signal-desktop
       unstable.firefoxpwa
+    mosh
       unstable.plexamp
       # firefox
       obsidian
diff --git a/secrets/ds9PartDbEnv.age b/secrets/ds9PartDbEnv.age
new file mode 100644
index 0000000000000000000000000000000000000000..9ea2202719797b9f6388b90ce1bef8b4d7565c7f
GIT binary patch
literal 6051
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlOp2&TD_5v6jfe^i
zi}dm;3wKS+u!!^xEe<WqNY+j-E!VE9G&eHM4aq2UNzBZ0Ddq~TN-1#4F*Wtb&GT>x
z%PjPYaw^C%O)scOFODdzFwSyJO({$E3M=so^+dO=G~FXSyj-C$BGD|;-zPKJSl_+E
z%`qu8M86=&EHd9HwIbWpJijnIxhyg?IWo#AB#<k_BPcSZ(9pue)FU)0usF}W$k-q&
zv@9&pFWaloG0ex;#n>r8JKHZaD;wRm&``^uU`GZ2Ld$}TiYUX<2ye%VP|M<g2&agg
zG>ZT~OGi`FD1)?IBZFLTqY~dJmryRJ;H;3y;LNZRSH}#4&_MkhZ4+%%4|i8L(=sEo
z!kml<%W_}Gl3)wV3=F>od3hQ;IV$LDS4I>S7N)1U7x?6wnuK~dS2<RNd1xC|=KA@&
zIb{Td`FK@@SEhwmdU83r6d4DUSa^h6xS8kamuF>!8*1l8RYv%j8-#fT>z74(m!>7>
zrW6}GTA=$aBCpKLyIi3(rOc$nG(5j5%P}uFt2ntV)X3j0$GObdDNNfrBP6HPG%wjA
z$Jin&FPkeXyTrpFSwB6?Hz+s2xF9IsqCCnnq^Qaz!>hDB!q_0w+dnJNSKB=!0K;$Q
zem<st=?ab(`Np34X2#y;=7yo#W{&zrVS$k@KKaF|hT-K&`R<Wsm0r0fC1$2hu3SaF
z`GrAY7Jlg_er};D?v)v#X=O&0*`<Za72zS7RTk-G8Kosr<(5g=f#`lS4bI6i3RG|@
z2+RrbOfF3_4K~j7uJEs_s`5$+G1Yf72nchu2=ELK%kjt#Fsv-D^yP9g&d*Cq&W{N3
zF%L*J4v#2K^>Z-^C@6GtcQmRn2ub%#H8HmED+u+g%;wV7)m6y#^)+;ltSZcOajq;&
zs!S;{E=o2t4lb)SwzRA$F3k1u_j1&B4^0fyF6L6}n145~=tr~SE(M7x6(*A%nc_DJ
zaM#*7*e}+qx;WeY+uDz_>$@$LD{Dh0I!Zp|Yq@+$<m_U0(_7Zh1k+~(rY=kkQQG&&
zL`A@Q@=84&7LA0!O=W8zMhE#T2IL;reO=e;$$8#=;)@UG?r}$?rVCBz@AgvU%<X(X
zH|bW+*+X9EBjrPEw@BOeY?QUlYoE*3VCy*bV3~8;tSW|^krxfEvJ~t2qC(dEYj0AU
zm2BBx5bWpvKG~IB?Ejvv9XA+_@0zPjtz7qUH;=WcWd5aD);wZ%sULOzhko8vR(<(*
zQ;eg<T8A5J&3tA)?bXoQyWse(DI4VZcChVv`t7RfTg$J<8?5t{_HuEgi5-zMFOR!b
z^g7#y;fep+#<oL-&TqC(XD&3n{^jzyulvH@u!-M)J%8%GpefEXTqH!laj4IBkB}Cf
z@j$_QJHw`_5qmBg>liIaUdZuA<n*c&A9i?o9JLClS$ySCMyW#E+Ux}0{MOie9d9px
zPk1@$tnEpL<MzugzP~74RCmW?`s>qNPC=jDt{yEuC>*zNru%|eyH`oq3uJ_&876M)
zba8VEzEIC>BBpHgEj{!EANM6ujcM29)7Snv`?)lBd5pCwk7uXf#Xnk8+`Esh<FlMT
z_tnSx4v)i1eNXbAc+b!OX2LOVpDNp~<VhD6`5nz;P2E<bSN8Hi$4r@7@ACHTmo(v6
z5!1D3<<Wg>A5H$4k}r6M!|Lew|0k6anI{But#aOVaBlL1_6dbg?tU;*_t=rBKXIqT
z{v-KecZ}w8YI1*_7`yU1$8rbPKyl|^OV~?qDo*<!(ck#&$V$t)djj3z44OKxX6l{(
zP-C9_yLp}dx9|LJUzxOw<Ni9|kv;FY$01!@-G26m9TlHfh}PC`>wMGexU$-Ct!ml(
zj(0itqZh`$Rg=z{a8$$O68o><hm+ET+;sd>C!gr>TeQP?-d81;|7jsze_vX#96EXF
z%`f&xyyB%T9#gn;Z(g%z<7B>Lu!X--J%D#hWAJZ<d1+bG#rn7(2Yfww{QvnK*)c8O
z(*oHve5@vXdNV7m^|SxROH39%?Qy%fnsx=m$V+LSRBPnS%+K;<*ZgMBJmX}Gc=yk)
zR+m53oLZ%~ssu|P-B7;x;{R3G?qy<rEZU8^`^~;JZ2TYVlks`+4JYx<^6PHQnbq8V
zVdcW|6z%u>W}Hl1^-JK%r}^vmF{<(!sZ0~oyHGAD@pVG^wGSV!98vgGrhccWC-Eb1
z^sa@g+#7yHR~+CLnZADFL}iti_peNMJ1ZYl?c`FaVJ)f?vn{yxc=62-8ZV?64rru>
zb+qc&WS4B(c}6=xJLlrk>7`L;zVEVHlvm}vJ14|jDq%;s_FBzF7hXCvEl>{I&w8>{
zK6}m9FvmHLA?)3UYuQs)Ke_d5MFi8OXY3Dm?mw;nuVsPxn@)oz2W2<PBu-R$cX<2R
z7lH2z*|nL!p8lwR=S7Xl%9Varp=tJ4gpL{s1_l57-E+p}qN?G6dl~b1gpZa5+^)4a
zb3MPK{YKsXJ*TttD{Yx}UJw#pGI4@!sLr`GhHjoKKMG!nJd3`->vEaB^IX@Adm9&)
z<z9NnJbn93hm9hiU3c~HOyTM7Qko*twfn>7_se;6-`hNW-*(cxQcdyApQy((=if6m
z6jR!t9C9)JhtjU{QZB<p<FL*v8%~tGnl7p+<|U$0dFYZ_f4ooiRfie#dJJQ?{l71x
zqw&k(C)d&5AF)l<>NndDmB!>x)eeciQnvfordLaI3O`r~mz6GxSQyQbcjAWbsn816
z-8uW!b{=PXU?Y*>oGCtI^P*eDSGq%erCLtpPkpmvYw+f7+vV@(J8bSa<Klfuc9&QG
zw_sJ~bi0U+CBNRQ9uw|t@6|W_Y>=ZgamR_$7@LVEnHtjbH{NpEe2-~1gF*RG6G4fM
z+vfMK|2L0MY;M$t)Gb$<7@hoOPRutAKirl6)qm>gkWKsTU%YQremylQ+<J<~@)I&$
z(&Dq%WO`kiv#WLGt{OfOmw)n+eO+gaDjvU&x+9l<dV6Th2lu9x9lvy0bALBin)`Q{
z{Mq@~ux4MdYSe}9ed>2~iwx?faV-lz^Dx}VX=doMt%*PR?#y+%@48X2?4!fsol~TA
z3i=xwzJ7J-oZYSS<Ln{-yGOq%guIRXwB_^MRG#No)1<cE`pg>9&p5B9VO1RKp<4^8
z{@Z0*{`>HiarsN}*m<*`RNlJtiEZMXU8~ktgd9I>Xlf+!OEdej_mVHwUqlW#IW2oo
zHjkf`=dPOWU#8XCp^g{L7<w;1Q)o>2p>$;JhQ&|vAIHx8=X!Q;{+kokngQl+7xvD)
zbjtPiYf~MT4V#R&#e4duc+GZQ<NU(s{|%Wa1I^uXb7mYeGs&9%^0|ZPjJ~PAf2qye
zD)acCMzdAj#yJ6V|J)7ysu;3wLV|5U8rz-EM~|ElowVq{r}p}lK9%_!uDE!9USXMd
zKxMAr{ue(4{eszb>KT)4#7k~?r7e#<uyogjO!Y1o{o{Mf7W~>bDMRPIVC1a74PWAJ
zb*eA&{rhi!*orq&cbYiLLJ}-)Jr?axes=iclegSgnsic3f9#FU3Uo40TVBK-z<Zwk
z@9U$wr*h9H`nDFFxVx$A?@x^cvEO_*H+}!>FnhE3oyw~VRDVq2__<x-rO6?!)u$ZA
zlpFsZWVn!Yf6AOGW-8L=h7x^DhOM)M%Dz5gJNIH|w?lNgYrEp-qNirZ#Vfg|N-A&K
z{2^H`Cv$nk*#IS}%K1XCkDm3M@$(O(<d5q*#~1HcnQ5qVDpTRAdFpw|)&tzRTuUad
z{#c%DmaEm-zVL(;?~^HSvOV8S_j$C%FM_l3z-+e4wNt+DpLy4#_>h+3YTg^y**;89
z)R@6qv6uf;n7jV_+~bS5cORT0HQztn<X7FT)z|Dko|H+Rc+UF!D*c{~ceea=IsU2h
zU45@xj^$N`h?O^|8|JL~6nHP@QW1-4c5H3oDSzY4hg?3B`?a_Hk0^1_sCoC|nUChf
zq>zLo)dqJh58b%A=RxBB`7@94=~VS(e+{*&DZc;gQo-H}u9+;K?h2n@yWKJVML^`~
zRaX)P-ECxbGY=>?9_?AaZtkQlU)i;?cblJUd1+|*Ql+nW+k44FDi$1Rp&BYhuM@lH
z{or4_{X~HGZI!brA?LQOdFr5`)plvsp}le^W7wCL`1Jk%=*NFPzlH0p>ym&nCbuUq
zyQNmtc!$QFpZLo#PVxM~=v9B;GsQ67@Y*7KU7cZ1N9B$=OX?RJ%-y25Z5{8*6$05S
zqylE?#~gUNG~2HCYqZzxU%3GmZ#`_?npeIHS@7U;#e2y*lep<t?ka)zCI#<!`H|yY
zKkvhM6{eOW$5I!lRP!Gc+_R;sxwU|6ZPNSf21ni9lB-Kj#;|qO{q^Mkx+W^lAoJV)
zkAm;!ZIxTc78kb4Nyu};#`vh7<*KGXlRx!$e>okjdF|iV&fg&~P7D1Km)&r%-<AK>
zhx!LL8Am_P4QKrwEq<@t;M7Hzc(WN*KW|%n{JiI$ifN_BZS98A+=5H$iV8iVcFaNE
zs}yfY%-j66q5RnQHNwJ~HJ>a)ca}W<dM#kef$4uO#2@;WF@LK2T3sY_tlu@NPcLG{
z9HtpQwO`eC>?ogoicjF^+mogji#Gk)DZlzel91ZGMSB)<Eo_=};d$zsZ7bTP<+YT%
zR>s$VP1qgjTUyPt^IX~=nR7wO0z#|zIo+8jwV5fCzdibHRn3-!$b*q9mS)IryCU$Q
zHnHV@X>H}+rvBYif9{*``Qj$|r<uq9m;W}firiJ%z?gaJxtB_@<(92#Ry`jX+JpIp
z-qgn$Wt+^}$o5jEcg~$NY7cU>pEcbSTk$-m=dbeHHO6im?*%XVGJVs@kf&eWm+gqI
zmRQZKEt<_%a$kM*)%7`^O08$k|C+jbmTYYF`=klY!JX<!P5)Vs8jEYlvIud^*WMa*
zd;iIrc_*^3+RT>QwDC;xMSjz-|67jT<@jiF`G^s_Rb5^VXX;#sH`67oVzST4`Dj0O
z;*O56TpYeN<oRV&g=q(;F!SE3u#L!6J$lGt2Y0UHrtMKJ6#?;DJ}2Hc#wRPaiGHv9
zI6H?W??>i=ilb$(&O|u2bRKQbzZ<mp^+Z$c71CaNy<Vr?KJ)$k<89~68BQ$Td-s&N
zrBgtHP1%Qcw|SK;EY){@Q%U|G_s2KWO7#B@g~Kf0B%@+W&-%=+Zt`4ldYgx4dtLmp
zsRyjol6<CaF!6cton>ju_XF}ePBsctBm0$N=X{BebZNX@QT_k!hl7WwYkcMAom1!(
zDcxGM{dz}v`lOO=I-$+Y%w--a<>#xUgxUK9wg)rWKZ^-kt|ES>dWk`UMH%xlg*@vT
z?vVc>HYYb7je7j??<U>@G9voQ6`OxunS878dg+3Uo+;)&hfXh_q@1R{Rb{@M@~1PL
zXKPIF@sxj5D>!+zW4b4^dbU_yTf>$Q`=eI(%L?0m@w{?E{VT8k!_;r=H<zx~3e#oZ
zv{~nX=@;HTOI~Z83p;ou<d;-nrD^=5>X6mqk$2X82<_QkV$*fDb9HM|g~5(bXV(0x
zkh@k^v%c`ioi7)5ZIaG)pIMXeHu=J>tl#QW>X@D@p4}I#Tlv_%tV6Q6V#~(0tGC^_
zE&Ikj?xyVGYe{9x4PRW~4BoIVH~(d(n0U?Hbba-$r)=!_OI~HA%52qMV|A|9|N185
zM$W0h<sUZeQ4p1%dMP{oVQG^0?2K6D^vLj>x_!GBu5sPIZTW>gri=CNo)e4W=iv0&
z;k-stIOEf?;92G@3m7g=xRBOec1>kh;%S!J(&I4~oXlKTs-K-A&Tx2->RQE999t&t
zt+KxLW&6Z{D}G=0pPv|6SNV3vM@f~Kh6?@7pVsJKIOwGOxo^+k_<H^Yc`UQ#R&!2z
zqkAiLlJaJj1AjWW?v$o59O9o}yiT_`RPMyR4_7Ng4_#@O%DX$=hvQSw?9{$U#R(bz
zx817RDe+bFd~Z;~`{g&nJh$;%ZCPPqtmVnZ<a=rJqB&l?Suw4x3?1Q9u53IYnwIO4
z|6O_EyX(iEHso=~J{R{Y5xu`f^vTim@UqpL1iBPEd&@f_Kj$;q{Ok5RYws2rb~d#*
zO}T{W5Ucg~uiKkd6KW0bL@f)Q=Ds=l<5iahTV0>oRCHE+T%>v`@~@x$L<etfi)UOS
zThFnCG$c8_m(g6YioHIdMzdP{$jM0+8;+C+b#Wfp^-ChUlc6dpE$^g^>b*-7z9biF
z#al{ll3v2r7CG(i>7a{Z-pU_tieLOFy67ZJV(KaFjDTrMvlqo`ajmtxm&vkk<rYQj
z9n%_@Sg!85^X9O8_SJQT3(m_KF4$kylziw*;QtTKC;4&~S(yEeH}yGkQME;-@AtEv
zCp27dy?pifS<{&b;a}YyzLmyb{^0S#yF}b-Ymw#d4tf3kwF(Mf81Hq|t`Uf+subrg
z;L~S3f3WV6lF9X}D{p_=uu=Rk|C?%`51xg^ZQCa=N#S{RewL)FwygHS(3w-`|A{-E
ztYoNV%JOB$FTan8sg~Ow9QJ5X6KJ__-TP9hR&I5C!bTCp&%W`W1ER`YWH{Qr6y-NO
zH~*&DHrf3|{vVAapN!bw%Lh4xJbf_#-d)vC&D_09rSzuF@yP94zUTMSG~ul!n=@t!
z{ktE<us1Y!bMT_iM^9G0c`hQCD`+hHdsE(-r~5R&Z;8MCB*#aia1npEdcgEcYF^V<
z=DD;S)n6TcYN7Y;EY{4sndxCIb6SIMFE3gy-oPUrx_DO20f#FLr#(b2wCY|B+_|>#
z{sI4tQxhhAm0xfFn>q0EVW$H-b#`kfBo}`@bG}cBBd7RZSpU<I%~z`}mP|j*X`9-}
zet6PbPqjwNo!8F&3b-AdeaP+R=8ud1-k#IcCds(-lCr?pmlOO?`@EZ8wZ(s8N?nW2
z%vZINlP?GrwTT5A-D#Thw6A-@45536s_ex!TdwBca9_TuU;k>mXwlU0n|#*mWIpej
zTD(t6X#U~4t=1Yd1LwOn&B@y(`@UlR_gM#@H8f`}^|VZS5}dVgfn%X$zH~rNYD|63
z=J0w)KK4_67mSLyy{+Y5B`-e9o}g6kP*N@7*R<nWb*lK@*iCZ6U5QUDPqlBJQfS}H
za&T(sAp-}sypVpE%6D6)Yd${mZxh?%zut>(pP6j9!g2b^Gl~nBNR=#Z=<>hK<`!74
z&}l0+p?q@k693xx)~@LX*KFCe?qYLZg66KT$Ks?y!s5c!&+I+2z`5L~H6x#+OYjqa
z$GV<*DfSZE%RWg@)6?-^&v9ahP;lq*gxdKIQ@Nj~cugrOoUJ7Hu-#$v+9#q<eIFfV
z=2-lGlDM%x2j^O)Db2z1pK}+7JWF*qv)S=vf%3PF23>b@`z0*wTKU;$p4Duw;relR
zk<qb(+h0F@=~AP+_n_Fu%`5kAG%=N#^y@@i4NHiOfA^n>>YOk3Eqh)rd3N8Al;3Yp
ztyfi?|NHoi8QW{VUz>NJZVJCuU+NO?M$_l=rN7oMzG%d<?nLo?8KvG%_5K&`Myl2E
zep^0m;d~^yS0mzU_xpGas~x^ILjF7R`EK2~FWDW^?z+d-q(HP<zkJ4oTWqIh)c5Lm
zgfV{3sBDy9sAN~5B4)(b9eA>KkAb1~MH?=$yC=_2Ulm=$>HXnL%e_ShpC#3@O)6P(
z*X`X#rSL<Ee9O!3@m*Nf^l|Rehi>}UoAMU-AFRH1_#0bY%d3y~|CN_WRR>-DxmLkz
zb>)?n$CSTl70gPhS`f8P=dh%g(%SCshw+TMCw^Gp^OB71C~jL=ef8wo!xhOdli8c)
zoKA4N%xO&PE}7)J{inxQpIxWc?-pB?v+EtV1Ou}%Yv$#CBezxB4H92Wf_M)-oIEGQ
zo&Ti4!j&_a{EP2<ze|(Zs@*x=-)|r9m#8VCJq>o{M!^r1=Po*~b^A7#a<0YXhJYV`
z+Ll<~H1*D|67z4&$`*+5Tpt?trS;fUXWxc0h412`Z})p-N4lAx;W61CoN|2kVk!2E
zC41`s88L0hV2rPPv9Lzw@$Kcl=gPmts<vE~RNF1`cHaHn(p|rwp0s=Zy)&XmJI*nF
z|Fqp4^RM-)`!1R;y|mCz?UQ+%#23la8CMrY?Yv{C?aIE!ttI`cufekACt??vmN?&i
NQ^5Mw=i5^i4glEKBK!aV

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bce29543..2fa5ed5a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,6 +21,7 @@ in
   "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9";
+  "ds9PartDbEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;
   "plausibleAdminPw.age".publicKeys = pubkeys.ragon.host "picard";