From 558d654b6cfdefa58b94ccfe7a96895eeb0aa063 Mon Sep 17 00:00:00 2001
From: Lauren Lagarde <lauren@lagarde.dev>
Date: Wed, 30 Jul 2025 23:09:24 -0500
Subject: [PATCH] Preliminary fortress stuff

---
 .sops.yaml                    |   2 +
 home.sh                       |   2 +-
 secrets.tar.zst.gpg           | Bin 6839 -> 6341 bytes
 secrets.yaml                  |  88 ++++++++++++++++++++--------------
 systems/fortress/.sops.yaml   |  18 +++++++
 systems/fortress/compose.yml  |  34 +++++++++++++
 systems/fortress/secrets.yaml |  49 +++++++++++++++++++
 7 files changed, 155 insertions(+), 38 deletions(-)
 create mode 100644 systems/fortress/.sops.yaml
 create mode 100644 systems/fortress/compose.yml
 create mode 100644 systems/fortress/secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 02d836f..832bd4d 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -6,6 +6,7 @@
 #   nix-shell -p ssh-to-age --run 'ssh-to-age -i ~/.ssh/id_ed25519.pub'
 keys:
   - &system_bastion age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d
+  - &system_fortress age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8
   - &system_blockhouse age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c
   - &system_living_room age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j
   - &system_ll_latitude age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
@@ -17,6 +18,7 @@ creation_rules:
           - *yubikey_lauren_primary
         age:
           - *system_bastion
+          - *system_fortress
           - *system_blockhouse
           - *system_living_room
           - *system_ll_latitude
diff --git a/home.sh b/home.sh
index 2375491..a1bfcfa 100755
--- a/home.sh
+++ b/home.sh
@@ -1,2 +1,2 @@
 rm -rf /home/lauren_lagarde/.mozilla/firefox/lauren/browser-extension-data/7esoorv3@alefvanoon.anonaddy.me/
-home-manager switch -b backup --flake .?submodules=1
+nix run nixpkgs#home-manager -- switch --flake .?submodules=1
diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg
index f6668201112c1967453b736dd86f0bc9b168f13b..c69622f65135311cee4e26da4bac28b48f4df8cc 100644
GIT binary patch
literal 6341
zcmV;$7&_;L0t^GtQPoXEkO}7j5CDx4DFG!POty15t8?T=pbKe#Y65ofPjU{311_99
zDhmo>&0DGj*W6Go%V{YMNE66$C7KQbapY>UqjA(=ISm3DM3T+zey>`w?2^w6@9T(4
ztB2rkLxnn`g!fA>e~~=6(SWZEQQ#C6T4X+CloX~VE|6=mLB+eJ;Fm3>4q(7<Ux@Ct
z71p-4v$U%=*z~*roLst2-b;*TP|`ge0d{dBD2zX^VBzuSGRz8Ya>25p8uFZRvk06r
zA#ya(qNZJoQ1vZ4r>pB@#}c2^lz&xvG_RLPSehL2EKr`!t|=fQPJp1uR|0&5acp2l
z<OBZHO|t?>6@=@>^r8&a5rDSE48Tlpw<haI@EKOPFWQ{0W|Svh<eP!tri?PU`y$9<
z`WzR)%igQgtP3vMowI<Pn~kNHI<q~8r%ul-%}lLI_(LM*Q;tGg4<9cCtuM3dNG~Sh
zrjvoC8R#fHwgXQ&Eu?L3q(spiyCuJg=6f>LQDSUMNapn}gn$s*t7I&xoOx3U0TB&Q
z1xGc6G&=t3w7q=0W3lP*)rlyeYmg5z;1;ZcMkDndIWj#*Ur%r$npHDKsNxRctie*M
zsA}hLMkYCX35K(xSLeclcbv@3;4Fx`Q@p7~Ryj2~8$Z;P-9YpF#lgQ@S2mG6@kwpj
zD5*8b=#*jkpDhA>RrAv70Z$wNvCQ(j=haW5Q-cpU_T#p0C$xk$Mg=Yew`e*W8ZM7o
z`%ho@mv>rV5gdtbM!vR0Qpm0r3En5%#@h?m$h{3os!GLTW}c~H0DcT_EagxZoOZa-
z--hpv0iJ&9{C*&NofCjxI=nkoMtrp*9PZEz^ds~M|12$20{N~f_aF@fNo-Rel32h#
zQsIzD>zPKCbe0^dL$$kJ&8!qTq;T59bgyq0Pt|>7%-i$#-)T?V!gRI?;2BhDjOtA9
z;l9UN3x>^Vuh>2FFnLhIjG6y+Qio^k3C2>r-gA&-y_O2vO4e-X+=dM}a8_nOk>?Qq
zDpADf`Bn4Q6x2h6lLQHzBBx>wA9vdp-syPD`pX#|Bz9Z8XAOZtl3`O229h_1kr1j@
z5X<({m)1{sLM{<pk}NIm4v|}B!2idm*ME+<W?U_TphEy{B8+JhN<EoK4Q|_9CDmSS
zdQ<dfl9|#KQ}^qIWSQVI6Z)@E7dj}8k1f+v(X@^i1N>y<h<@cymjwtQbw6h;yebdT
zq7SGm#If4sgM${d$igkNX7K$o1oVu(U#}=cdaO`@Y8L;&^r0I+Yub#Nqocr1;*~2b
z{9ojE{zz^Ny6WZ93rf|@Ptp3V%{<Z@5PJPb-AurfZCjcq6eMt1>;_yMwl_-Yp(?I}
z@%Jx1YBFMA4~EH`cIvG3EV{8L&Y@&rXjsf6CncNExsjtiAk$=XzcT{1-&(u3PLq&#
zi7Q$Z;@ovs;X*q_DW5c3Wt?JiB#oHRj3W_hlL=~>Q!pw_?>_(tc#EIw0hQ*S2~C<3
z-)CW#0Q}P!vyG{Yy(by(i~%LT17?=E9H+DH>JhD(2Dv2vB(`7I&C%{2T<lM>>6~%5
zDJKK$VCjuKCaFrK&X0j_&n9U%5x92C9#_A?dw&VP-fq8%tT}rgob1Pi?Z>^$Gx@*i
zd7xy`3YXPlEC~PzzVU^<<a;LEH2BH%{b|3^l4NLU(W??b;|k*KUh~jv&Xwg2*<b+(
z#nl@j@}X+BI>En`W{Ea-907+OvLBDndi(xmJNImYz1;=yjA~x`!R<ZvgP2&{4f4mO
zTd+&^Iv{WuxW<p~(`f-W4#+VhtLsvam^F!fKEREIm=@(uF75gTcG|k{yRX!~C?bGO
zrP!Hcb`U;{U1>zS2O~-t*&xn5i<#j1`EHPMIi`=%WK^L1A+W?B-kSu*_S?TfPVysw
z>0(&ni{hL4dbzyRF6G?c$c_CHgY<J6N>RP`feyN(0hxsJj-l5Ho+JN|E)tJR-vAV_
zFEI7a>9OI}N7y?-vQI&|R=6Imn_@x;(RfzSq+?_#M#tjmH3spg7i_g?D3*5aJ(5ST
z>Jt(Wbm4MUW=ld&iQ>9nW(VZ21LW2Q#Umw1RoDBhm|9=ANQ=HhlOE;q1!Y;*!w>EU
zGCD#fm)qx+!oXB#%})&tezfUXs+Da#E);e$VT<Wl3eE4P<0$>jUl>B3PZ2X=;}j6v
zsYfYLYb-ClpPVDEf+pZmwIqazjx<%(jG7Tyke=07&?{rgm4N;sEnLEvP%K$#ddw7h
z18>9Lr$tWt2g34+`&$A?IJ};FYLKu7;bP={sLrq|+zF?(wH|R^Bpg>#0}T#|34Okl
z+E3P?VDO=2hLhL~BKdqjps>Og<T2&?4Y5j7=K_dCChwG^4f*fT9^Hk?V}lrTyuy0J
z673b8>@lIi#)zs@P$v;j59+DiW-hdv&C@=EFgc1axiW6JgHl$-umV*AoJxN)$PkpV
zY6gu^u(e+>bjRM}$ZjGbbKjagZr!p4D1()bKig=Hif08C!BUGfEQE!TLl!vKILYs+
z%OT8K0Hy}(2=<g9B{H(ihou){mW|oIoM1t|Bewd+HgZc@9+NL%4Uu~lbE0vtNQ@hr
ztUT>ZAw@-J=*s_R;Rmn+f?ybU&bo^MZ9;F3ai6u}-*e152(w`qed=LP%_-dnYVFjx
z#hDly*<@=QQD5`(3EexnCSE!PGh4LJ__CK$!xm?ux#Ui9xf5KoY>k=+T(JRuk(i^9
zAl_<uQQi`DfNoQv6#fydvDEPc4}O(z4PfFwi3wZ2fc<5|KN-MZx?%QcuR>wTxVl}3
zd=Nc0Pu##4`oS(Q(t9b)^_vkQN6p1Y6an83R_cS&CZ0gG*a(0ns7K}-t=Q~?B)M^Z
zjb|%;80tn3+*RnZ?vRVJa^H}2J3ELgckrnyRIXH5LZE*wHMebAV|CWiN&hCBFzz~e
zQ6+Y0QXUELa$p~=C=scEKL6+c#0(NH{7BdP)M#mq=Y8EFMscxXdJ3SAHJ0DJd623s
z@J*SIWfN2u+a#`OX^SO4-SzO?Vl{B_?0+&68x*3&B3Z+sl8Lnehi_3cJS*^NO{gKP
zPX>vTt!d>3M1yaGxsSj4MFs2K)<D_pKuRZHa2zKjilThREchAea0d0d74yfJh?%Hf
zl6QiL9a2Xsd`<!oEi4m(1C@@qOU+v3Kjhg+x~?i~P^nS3V+?6goOPaNLtE&$9oR!_
zx3io*X~Fbsm7%;zr}k5aYa9<Q{zxLI5hsKBE$O88P|yZCYHW59WWYQ@ZSe50E3eOf
zGsK`L!>V8=w8kILar07BHiyxoODRGx(0c7XwRHMy{JOGc1snRI0EbbS2yZ2Q_Fks@
z`?JwcGM0a6n^b`W?5(U+mYK#q(+@au7~;?syy!rw8|-$2iR!wDp~e*WOYd{eyzBc|
z{ENAjhj?tfDpx7e`}*i8ZHX@H(k_)srNfnYHNQPGbryP)g8h8K7iTnioG%;SNI{hQ
z8mOYDr{9q8D{S#gn|Oig$>>;NmAgJwWdti(L|7l97|;aNnzL6<vJeed#FHmI4uIA5
z!od3d0cTs>JbRce3g>1nt7`|Co?RJ{#Z4gy6iy-snU8)Ix**g2;$<z`gpy@m?4*7!
zO(u_?NI<K<$mU<@S)>X)dzbJ#jYa2Z=9+K2T6{jHo$jOo0xUrW;9vRtB^q|E{n>6f
z0^5&Zh{8Vu?frav4Jfm!20;FYXB8BaSnbR!87Wd@s>~7b;AO2rk!^hE>**tyY}Tis
zm2Je)IlN#k*`bFpSzH}8ho8aYn^uWK_rMFa9cND=z+(Ip4fqpk!H0XL_{}yV%2-f8
zXNX}U!Bs@8+iuA6h&MDPE7XQl(xL3OFc*ypyB!hmxGsmgmdP1<iWGNi@I~ygJIGUd
z_TgAFn#K&YpMc4r-NswmR8DxdD}_x^M`+Sl+f>RIA|uO&9L~@hwzPCwf}h`YD00cz
z-swL1cfQ+f9s#!PB{EVECVE?I0RTmbZ5K8%1T&+z(T0lHcF^QPLj#`IA}Tkg^v(<X
z$;z^NFy+YVC`6{`Qd@~_<iQzXQ(hqST?!E;g453Xxt+s=>b+#uFQJuu{-RsZf(m}N
zREvmz-|h!Y=Qe(5->(C7UZG^Ke|>PjPJ1`T)dX2f^pN#g^MvGUAgsW@04eC@Lj;Dk
zx-4!yJMZ^y2jt(?R*jDO-q#VJPZc)_1`~hA9pn0omh^#8ES=|tx^62KmBf^gpPP3R
zW}^G-p^@O7^$~VKBAY+Vq*b0Ea9=Q+d(qO!g@H~6{DS*)A4q+PJ6Uz-bI#%5u(_gw
z7<;@vKW)tXL#WcymEq?Fb9cQh9Q;M!EZdGL_PNsMxWrE74;B>>u#>5c>bW|A3;xH=
zTO$-Y_fBSUk405JsqV%S!b@nnJUszu67hMlV$>sb>8KVf!g)JRN4|AW(}fo;PSxMk
z7wWLbb_jY#xK+Pq@QnsN$fKYtzH#{vhh$4eHlAqx5=S7@r`)~#fzVn8wSY-FXKx5S
z+t#b$+Z6W{y-=`eOsQMZc_fenlYJHT4srQSLew@L+l{Td<)SkMNY`BTl|A7T{j7+-
zna?#wOrmj7*2KD?sgVt^JGClvz}?;Q!a=8BOT*MevNpo3qypZ`yO$&sRd)AODJb@A
z9S>tMdaVK%8g@cPli;_-zfk)-CaXU3964#iU3}?yH}d6iemPG+{U*@TF9Jtp{m95!
zMJQ#p@_t$?IwTP)#dq-wmJD#`v%~8-A8b5Y2;rkWGG)EyspD0c=YV?RHSf&CJ4}cP
zrrXYET`*h5Hv_I-9b$w9v3gX$dP;X>ryXDEmjH1_cUc)D6<3SBay;Fv6EPrHiP4g|
zTQ4N{AV%q;&clESsYh786sClv5C>kMdz&D-#9Da|(xsOKyVC4%Ep|f^isjf(E3n^J
zD(d4#Ej7(vCSm(Tis!JWMd_tN7!48n(2ZRHR*9p%MB<@Y^dS_MVq0J9jo=EMUIrf4
zpEfmnu+U@=k-7ute*|Lr077Lh0_u_%u<WbZd;`UeM_V%H3x+I2Hqj8;r=Vty-t4?I
zs=r_Va0~J$x><vT$c4!M0uNZat%SR1Wav~8ojFRm!c&qS+0EDlPfv{c_H>loP2%^j
z>M`1_bx1(BKHj;Hb15LW^8iakH0{g;bWp59`f?FkceFhUA>qH)(*h-U|HU3PsRca#
zjASPsyyxh|Uv?t@{(W?6(Aztgi^g~jF*)oK9YQ3}xD%jwLL@NJNO~Md0;C<UHs|UG
zDRqJMq*;F_O`{UT+*C|J_!pA$ew&WrU{TC29@Dku@jek)6%-p*7Y-GiY}i9ed7YGi
z%61i19lye8qLC%WcJ401-fHI`!Ap451MGmX%*JBE@;fpFIa@?t&jRBPYu7Z1#Bc2R
zG!g!N9vDxl8E5!ZlyZ{$<KNAlb>HI;0a=T1q*d@wdXkR{L3MYhvKd>@-hReqXd?G1
z1zhj>zAI31bLB|W1<FSDR+k9Vbv{u0u8O@P$i1{A4hAMwaPTnSn+FieuGQlXir6Q*
z>Z!GrNN)lE|6I^J&jKQPxi`7eNxkVf9*$H$`}%vj!mvNMQCX48Zup!qCOEWsL-+?}
zQgD$2=W9?ly0Cfg?$*C|`pet7uO+%tx)db?EgjNjmz99fp%m?h3U;L|7G*tW%nRGC
zeZDH3se^F`jgI*!yEmSZY)nFdT;vA~)@f>(0H5>ZQ)=wu<d+;7tB-n(?YIOOrxK!I
z<wu`7K5u+?K*gcq5|?k`A3lm%oQT&6f9Gph#27CQxg|*&afmpi>XS_|S$AwJxgj*j
zBj#gs`7!_Z24Uh&EiPiJqVUs=4FP}{SAWguR6p*267>>$=MFoUsv#6cIJ|pua`p#;
zj_(l~If`$eG7T)={<|g+(b|zLS&L@8OY(;UF|7h;t^J^xCbD|S5$HPqb&It9KaEff
zWoe<MM2)@VBrK#Atp&AH|58A3xqnNsGYHDrmcL(fAdmy%C%X(&fG8Q-MPEzXI4kUP
zQiwO&FZl3AB!YfoWe?K5y?D8glGTbTq|nK$PaSDjzmbSDlOk_33NA-#`Bjb1wO_(K
z461K;@V#%>SSFmwkdc1_?>7t^IxO$C^v?e!XMzSJ&vG+}ltL=%lCt=716J#wXseT8
zp_|;?4~X=f|9y2Ra<u%9Nz&-cWw)FaTg{gTFP(y=mL8J7Z3%;wDg1Jx(zVLp`UN2m
zL3^ZnTP`i2R!ysg9L_$Vuyov#;w(#LYm8c%W_sGeQYkt|0nGn<xbCB2cQW`3vqD+@
z2{x&Aa%ZSIa%-buu$O!#7KK8?K+A+OnU7uY97c_9T>QI+QUGC1@7kHuoIh{sT}>H#
zNIm8=J1F(p8JL?fH@r6fOzlp!NRbgek3X2F^0O}qgiL{F7O1AqT6UJ`8wnAc=Kvv8
z&Te}rW3NVDzqPIwBa1&t4By2w{pfJ`K@G!;kGM$^ILgxW_i%<cv3!wfHNMZIM*Jv%
zAN%W=TW{EEOGjA}1u#c>xY2SMH1ZZ+*6n+<!0j*Vc8HV@UhY0>P9HI>SKBWkg1rzw
zK`V;dx>q=-4`PaTHHCx5vEPZj7P>CFNDqp?GMmG`<C#gR3zs%D?-({18;5jef{Gx}
zw>UInJfRY0^oXj44`@XjDOpNT-)p<x5yl8)8%m(afI7zoNSM)eypI0>X1*c1fIylV
z>RmO;8QCOnkCU9A7I3w26OFKdbG3z{sffW%luI!A(4xaXf7yM=mI)YeMzH$dUEpIW
z#wET2K9MRSa!wQ41Pvw{b~E?n&H>_(LR}(7mCDmhw8s#Pi*{BX&^d*Z)kxt8cHZ=4
zYQsB!LB0^&_Hap9O4M%(vCYtv7L6F!{HBtPE}tlJJ%K=@R#6859HBMhreodG6Dt(7
z2mW}nqFf5b;{W$wDS8wzSz<k5$dRNS|G67I-7M)xWaqvMG5DS$)zl5|p1Wz(f2buf
z5{;PC&hxwDnh2r8=<s{H5DO^IQo(hm`yD%{NaA!NHCo5b!2x|hkdm+M>)V+r35kw>
zoK2~y4Hrq+Rg*mxI|<25?%4^Q(5PvJ=ikl(#tK-qtTZAMjb#$qnVoy;Pr2|lM=`Mu
z6G@`|__0#Gm{7;~!u%9jP>JHnXhnp^zS9W5jp*jl=R=~%RTV|siq~g@c<74lHS%or
zIQp2hJg=XgSlZ!;X$)J$&`J^^ap>(e-ju(TC8O(66xo!Z=TIN5G+${3ee837con*#
z*)0(r^EA~ijV&U&su2bq^P9E`EgU7ljrTAq?6m_VQBD(7G2==YSD70H&!lWB-VP~C
z3)B_okfJypx<i7yv*B?c`Z^l5IGt~a@z``CC^y98G~HUIcw%7^!$MQ9+_&=|0CKgF
z&L<i7DK4z9ItEci$b=W?7_D!tS(Y@dVw;$srWKt;okL@l3!(9Rm(_{sp)@}WkliTb
zrY-<bX|*IHwHm2>t9Hb5Rq2es^fvi`dyE4PfTwZK-l=5^W%V72-xMK$hq*CR&YSr$
zfeCnSCnP+{nyN^-0O?ntRTy7>s$U1QE98M<ISTrZ**Ss4D@6tnV7R86uIJH(B?jEJ
z0E04c-%_GIQw(Gj7}U&bOnb&}$+6&9akw5&oN)LE*d7Q<XSd1Y2j6iGu&y+y!1_e5
zg?MCYk#*eJ=vGqZ0m>Ir6VAEwNRLt;dTMs1WP~IE+}BM5Arapg063{M>q4{>>kDZ+
zMm<f!UVV`3>-Pzcm(0&$WUztL#M0)i;oNl6$RbC*XPA{d=<!Gj$=8oi2Q=O9@wL1^
zBz73H%@ug>hdHV*mY}W)1L=w{n3%0Ijt+zPI+W9sQYVkB@E+L>p~<5OyxRm!Ecvr%
zJ9O6i5K0Xc_n0#UpXkebZ2*W@vYYNsbBQWaVXMtDrJPD!tg!48PfT-Svrl(0K^vbL
z$Y6D*|M;04E?>y=m8gCR8-txIb1Z7<Huw)Hjhj+n7erV$k{}~BZduF~y2Ty-z2P-i
z(d?uUlQrhuTmh<y7ZNXNAg7vVkE*)*qWrOWKF}SGF2i^YDyy%&r!T-F%;}M+H7)M=
z8_;?`co(E$;2Tl48^?>6JM$<Ir{#ooz%^>N1`X;A7-Xa-uei+ALXxcE-qEvc{@8Gv
z8f@X;U5_#imiT{>5TND$F4X9K)(Xck=rSuO$#%TTEnUQ)lb_ranQ~6ptODWzhAod&
z7}}!bX`-d$omBU;GdPCLv1ai{dPCI1z7Z#Ld7QQv+}varYygg~nOc8na|X#LjaP01
zoT~+e%>$4_vDm`?4h@B&b)cdJhY~@aGUDiS(X&EN1G_sNCzWp4+osW{oJ;cvkR@m2
Ho^ugGmBb;3

literal 6839
zcmV;o8c5}Z0t^GtQPoXEkO}7j5CFSiK3o7=wo|cU=>FOujcN%{2q>lvWzX!1qwzGb
zHHaRC!g<Oexj;<m(#+yH64l_A2<!SAEAv{ezhWW8b>Ex{)55QETGc45#-UU8R@3)>
z#I}Ny;Td*xn_SuSL;jq!!jv%gmP`18`%Si7BL4D>DwRk?AN@~bjzu$A?UHUFJ2vVw
z)!KiZT|q9c-qexw&5XFtqAGq)U>)EMrjNqnaO9dKb&IwCWC1dw0y?5x+LRX`npguc
zz-jCXN%lx93_dzdl>6kR<B~2DNkr>fu;+AWb8BXIM=?{wdp*vMsNe-$7^?--*n%^k
z5xWSi6D^p<2&3zX+Z)ykM?>EA9!ejiE05;n5!RT({n;moD1xnkLujU-)XTvs(v!M-
zl9Gk`S7w=in-tS7|If5Sj(r#)2o?gR*zY8XK`39tfqSe#yY1e3%;?mR8Bii^C)Go5
znh)D)4;}}ihX7Izck@|KyCSNHeXhwio<P@O8gXb=`mrBa`nG5)@{HP<(_j${Up9?9
z?dYFSR%`an#8IOIe0^3K-m-F{IW2)I_*p<==q~>r$$`;Ogxm#c0ac-xD`@+s`;lB5
z$WS7fwU~z$L-I_4LqKUC>i^vM2e?iIORC>*6m+{nyaW&5>CaRMq-VH|N*$<^xc7AR
z1WiEhu@JAC65r&i-;C1g0cE+f6I_r6t#THVaPx~VvEibV)*|4f1JN4#FdKL8{A)2B
zjk+Zk7%q4(Ji3?HHhCjtF<cnf$sZ|iE#O3DOBxO8L=a0|F)l_!Vm7NLaEHj!j|t{$
zWLuk#CjFY5x$qG+$#miUZ8T(95hNtQ&jwqp<6M)fanEFOn$;DZP$+qw3))zesDon=
zQ24>6v<r_3xYo&4;=N%A+d?!<-6?Ek-(%dIN@_1TYJ7e5HtDP*S*w#&4L`L&Le{8C
zW=7X!0UY2u6z^TYP6o=dUCuHLZsj3thh@RVmsYH~nTA>(AZCT^#w;U}Sdv9mH=%Cs
zhw`ngfWBAJ*W9;$(>I#~+hqPdP;){3_&XRWI0|OW3s$T~T4gceD@R~Rg=+n9aRrb!
zP!y7>#xn-r{DVPq4Q&NlX@ZjhEwL*<_{s)w=bpn2s#CG8Knwu<{Duqvla(CuSn8&6
z=C>-5R#Cmt*}sC4nac2)!2Jz3L33NnOLN&leLWQb;hd|^8`@8Yj!OB5?-^620k6)m
z3z{F1Gt}swTk$kxgP^I;Q@AscxpgF>wCzxD>^mU;#oJILoOJ;z$@JR~(T0SGN4<Ct
z`Up~yq#OpbOa$78J>)epY$agh!z7VDLs~qK?K(8Cx88s%d?EUoZJh+!sZdB-YCe!t
zi#Z}<rrm=A#(uID1JpN<1&J^z_qrqJS<nkFG|sla>JoA@U=68(Gs9@-^uw-cf&H{4
zH6y^{LUm*CM*DoeEnOJTJa7ci2GH9oUtdJvh$1}#m<srKEvi^akKteSW?f*YE*%!)
z9S(uoD0i`<vTao<g_>%=u6YLMtMWz(!N(0Y)V$<s4MXK3>{c25>tdCTq{CXioz=d_
z5=Q=sZ)2~j-`;(hVP<%*<`6mZG?2d8(5w4qA6)V$sDZ9w(!;0(Pbk5sJur2@2zi{R
zs`4!_<0e>%#K%ru1Tvy#j%cG*^D>$c6zf&B8ULQAKk$fKzK&c?+AAI|kz}7n=2tL&
zVDd3jb^eXMgU=_3QXfP*#y=g?4oB2BATjhO%uV5olOk{DO%!y5ZU@U#NHJG-5ySPq
zV4Q~H4Znf2Q6IAi^)N`5q56qaTnIQy?|J-iepJYTBL)P(R3Lg6iQW13K_M%I-r%L|
zty)5mU@QdUT1+RHmpG#>_Hua;JF{7eGd!EwVV$k>X@;5WT+dLh;Gm4c<BuL`UjZf%
zQ6;(o05rKj^yDmey&qhusxI0HxGsQ;Q^-lS1SJ!oLuu6*#20K3%Z>$!4SEgNwCD(w
zX>h5=J~<Q7_}6}`Pj@0m8G#GkOyPSJ%OK@Dgtiw~Ql5ba9Nov8)je@Zl!gTDK0Y?i
z>gC^ZfE>-^%(sg)0<HJLj5Iw$XM}3BGtVn?RDNpV;auf&@5s#OUjTnH!-i@kpGDM;
z*fQK0NuiuKV6hp6bRYV~o$wth_6`81Q|UuS)c50`<;U^JUKu<>=Lq9d4!Di4n2#^7
zhJ%;JZc_TYuRPz9{mN%{YVtWKpPjadq1kd_Y_==Yjm4m)R#Ghnn0C-VI-8Q{F6%*1
z_5sJGK3jf|Hs|B0=#@69sXlNYW{U$eUP4uRDXt<eiqmjWAf+ovjYUjexuLxS1bf>c
ziKAYs%s{w!nN7{jFyt;M8UP_alcRls%hT@_as?Bq`^}tCM$&L2#75JjphUq8`v3d(
zLxp!kugJnwnUR%SLB)znF*vNnM{7O{c4y=OCk08^VvV&-uOL{1GiMc1Ss5<nIZ?Rf
zVQSxcGg-=F#0^Bqvz%M6rfOoJ&Ytu;_(j;n(Eq?a)>a9$<J#}5>vgzhR40kr6Pa1F
z5F0e3kBOC65J^!GeVj`_%XSy@fP8_u%U#Q=34sMB2MZWKv@24vfV26H51IoJ^hTHu
z?vj>kkFTC4du0^4Fq%Y|lTPUmaGxT(olfA0NJjtk&6ghg)3mh>Z4e8iD@lXSMYOn)
z9@r{Qr#Z$7r`yxQ2b{eZK^~&oG9i+OS9i{b<g|z15S^<#(DnYblyu$?J*o|8ya4Rq
z<>^WO6tRkf?o=euJ37iuaCVNn0R-~5n3@$Zp(@FDS=0g{Vp^(>S}C9unDAQiVvoG@
z@O$T0q^jkF`?Z5BspO7ZNrJVaH9aI+(j_R0<$7c*Nu6Y}ELB8$sZoWJRR#;jDPhH{
zY;nMJ(yP^)*#eJ6b2ZAbNE3pTIM1pv^+*Y^LYf0AXk_=SE@C$s0u|(Q>MR3}`}p3B
z<E1eQpLY*If_;j6M%L?5xv1m8nm(*lSFZh*@VEtorKpZ%35iWQvJi!ZklI{6wf0}u
zXihiNw0O?Et$~?pxYb}<r!3gn^xZDczQ$5H41FhUb$SEY*MDtj94yY70@3LI(GA+|
zWZbiP@;(&OC(aH#R0w;Sv?X_*Hz0I|^p2~;^N0ES{sQ+H;)lUNnn@29lIeb8(7+GG
z+oaUwB?N@l_cv=>)&mTA<CwWDgooe<aSC<=7aqXDd8QepXIpA4!upDFViGB~03UH~
zY>R(1c-UkbPAul|uu^OwhRrbOk=Pc>+)lc*&40^nln?E$=VwAR0sIe@;p6DAyDqH*
zk3(e^n)G^n%^$BtAW1a>XcWI3H^K8$xY%LbN+7$o>m!xlg>2Ca4o2emV0Uqv93Dx^
zRa9;wjWK9Q4z@C|CYJrATr;7<M_Z&y&v8a6XM?v&?-USYyXuun=->*cUx5`bX@XKg
zy*#vtv8hzZ?lW6FcRmHDI{x0%&Zb5=Lu0trlo*Rwhgl0=$pg^JX+)H(0o)p3pf*Bf
z`ZXMwb=!ja5+f56I4JqMlLVB<$1tTSEnU~PnF|~ZWuME2?s3UP9Jk?8DDQ4c>@mhE
zO@07{L_e4E<X9#+y2CuY3r)x9GT0#7CA|{IgL?iF5}F$ZYKIx|FK3e7^h`!n7Ls1g
zjxs}2hJJU4Ck~wzU6cmz!CnAB8JWA(b*@5MUA-^QMe3}M65>MO;{&&LQ3bQZdm)+4
zbJ7u)E~60!#m>NaK2+<kih8$oI0VxdrfUMtuGc_MXs0}?du<W`uGD)Q^%;iQi;R@{
z;fpzFcW9<^+FBG}hhM)>N73;ldpQt}RJ1YM<4?Rzzg|^#yjUvcd$<I2j@r9~Z?rHr
zWUU!S^I}2^gH;2|Le%5d;$hl`eecrEUs<I?jT*<k&jKR_efH;JTXgopik!Og%o_-$
z9ZY$6a9Y?A6mHVcLa-g4o+0i0M~;m%mQBSGzt=(<;9(xs7`^V%Mj5ztcHE(nR{9iW
zcCS5Cf1uu{rHtWnag1*w%dmDQB}~?E_->kNk+f-dF<0BbE-#6v<-k3`;1hdr4a)Ck
z*A2*N?H_AEo8k`z|JU(tGg;QOddP4fJ-^)D(58e$h#5Y5_zv7ghBU?gM*#?bK0MtE
zN85IBYO$oruo>3RN#P`h0ntdkwiM+Qp6$YmLu0>%nqiGiZ)Ei49a3_Kmu01lpIn3P
z`+i9f)3Lwq%2ed!MKT<b#P;8O;kV{ZrJM+OvKP!{pbHz3pRmk_A5d%{APB89^2sZr
z;v}rRZ#V~|*G99YUmIrIGv6n6hR<Y*PWrL-^_!!7xC}dAwR--oZ_(fco0FB4E;%bz
z20lFM=IOwDSz$9h7q3f_&8UHeP|q`S#PoW3S8>Y-4lnSMlHGnGB+VYp>2wDsU1!~g
zxN7%00V1L)eq!n}eWl>DzUDe_e@Rk&WmQt|qAOJxvHiHwA3(@0edxNLiws8*)4H4{
zA!M}}hGd?_)XpM3_=nduOlJs|Lx^eY8!riK!jveK?*{oR08%!<!CA>$e)0^bve-o}
zy+Uc2?n1h+lbZbI=@{u@ZRLH_w}h0SQCzi@Uj<n7qIz`RcIKFi{EkrU7nPY<v|U5=
zB3pR}eY-F#8M~Grt~R`R*;BueG&lPW+dK8s6(o7)r0B!;*mzV>9&z9p{A3934i;mO
zvylbrQk1)&!Kpy>zIX8HD>ye_H;-G`qOptq-7?*jLqI-WXFJ*@E%24D92u+JS8V5;
zh*r=kebo#3D?O$VIt)4$jOuqUL?`P4JqkzNRNW=mpTCO4+T5(~12)HHyQyPE)mPBJ
znI$GD;WK1sRm5A3xX;?;MZ_E?&N-Q-<r!?e7ZqT}(JEs%B8n^YvgjZ%sSKA=sE-gK
zVOc}m86|t)(-t8ywk^xHLVM0TxCoj)D@RMBbzky(i!#Zyje&%|t16HjBNloteL3Wc
z=J}H)@rtwzu_k|mJDH|}iW6P%F$y2_MA;T8lkR^ifO<)~b$_~4Sd6tRtO$)K9Cl^S
z)bhYq&(DbPi{C36c;Nyzg(aB_50c01aQ9calr`w$Z3@hw{eVjBG+0~*a<hq;XDqn_
z7YMEEfSN4!fur8v{I$^IKMYAcF-**MTjSohSkMUzOnI>3tCSiNt^!Bs`S<^|?~Pj%
z-8;2_n`mx1;XtZ!mj_R_#Nf#Gy92Eu^1H4jV>cbkKDOLQs97rT9TV~Hl^IR7a>YpL
z>!4C4^_C9AIFlUuz#6$2hkFK#5m2%l98cjF8UG01+-6i121%D#OGtE}k2%D<GRoOU
zbsm~8A0~3g8}r&B1EiRroIojy$5gv_NdT`ptM*Q!ke%zq{q>HY)EU5}eLD8qF0$tj
zR_F<Uvg(tP^$Vlc7s7U%vX5GMG)Ri2ZZBWT@C?W^(F(mF%5f}O#aTDIQ^2;y2<nv3
zwSBqPD$7d%iZAapz_Xt=`snVA{yJ)kCU0(aZM=2in+!i1tL^XI2z~THIOj-%5FYED
z5=+S?0NRJ!?ccJ@CFR0UbvLKCaH-S7l-q=ha9;r9i{;^USwyex|4b-MqP^n%od3bQ
z4(Z17zxD(<dYzRyMMQ7=x}ejFPNaVLb+=S!MuJC}ZlYA3LnhXduPz?#ZwwCmYZPI^
zdv75)7A(^=buCEd(I<N)jWyo=qw+UY&hX`>p{24DFz3J!0qTgmo65HqGa?kmBjM<7
zzKr$7`O!-p*lB3N^Qt$Z!MIb@=r5)eFeSr$<)EZxEgInO;9P=111e%g@E@1#g0!nY
z{mld}xQQ5>%>%-l&p0)5BTF@%VpuD(r);d<%vh1~!TQ?rj3OKNaR$-e9O>;o-_s4M
zXFDfITcL46Sge&NCg)JriVHBUGxT4adykmN>1VkKE-y3Y!1Y0mqMCaZCOhs5T!2TJ
z^JQ^+s>Mijbf<c|MZ8bZP>$SDLTe@RWWINHSTFEe{IFzM5EdzzisIrX$3<-c3i5ru
zuqoq|qS}BAhT`89kcv~K2CpDw#0i14Vo_^Mg-uA+=3zzS2}1}|)KuUyk?dZk-~1RE
zjd@pb@TYjQ)|n^#$yf<9NT8tU(0@*gWh08=Fm^FiPtY?0-_)OL{@lkE)nsq0esHeQ
zhK2cVwzTuYv3m0Un)<pZKE>yC0V$8w=Ag8(d@)6iHQs%jQb@7hy9YXEXzFyK{R@=b
zDln;%ZJo8U*CR*5QWU1pzL-_f*uzssB1<B=1=RKLn$~^SaL~ZTgv8fs+ezNCD+zo8
z;n(iyGlYOiYWhQP9keVW9AQC83y1nx=;ff$kJ<2VwRvYjXkCncI2U|mA%3ulCV+T=
zPGez~WGQF?mA`^j7H#7s?1CbwQ_f~grS_p7cWJTStNwzJ3n7B=ibz`NE7l9RYx(Oe
z6WMpJ)XU*AKhIvJY_q1N!9(&FLZr>mO$V)|xr<`T6$m5uyA)`y@Qf@c=U=la)b<z#
z*oC~6NzZ4q;AO7SMqmW9a=`Qg15&(&=wJE-`z>FleHC1B^WStJ*#j~k(sR6Dd<{^G
z^^9WG(1F&Tqi|>~w60%=EkTYif@kSS*%IgdTRiy8e{ygH$A_APTKBz*CX;O8M`k7u
z(etPg*LQ!2lln?*rTlT*>UofS08F>v`Wk2Xkzu`=ec`uCs@Djo{Lm@DSInmV?O7IO
zz72Y1nZW!cbje6aJlC6QCd^k2*77lwNsutFXOrf4_$tmGyJxOqr7C6ravKW92ar_@
zfR1;^^t%aM9UC5rG{C*eIi41O#W5&@Z%S;#TAMV?j$V=jsc55lUzHJ_knZ5bO<7&U
zd@athio@e-?hfoTr5aErn{98S?hk#P@E-Fh5`Gs=RMyvIZ(@i22GxA^2NeVgO)pCA
zzjQKtOsxBD6n69YA7X8<e3sMCjO9<#(_Uk7@os6uqZ8Zo!wa>pyN;x_B6Q~vI(M|S
zkoA~{sUl3Fd6r2=elw&pS-T@-K8~P}WxCfM>^Pgwrwd&?4&ZrjT7esC=UOa)kK{xO
z$rHXv(_tSadfvQ*!M&h3lD$oUv_GF1BQdEj72l}M6h77pEWO4!kuxk|NjP0GKHWYO
zDjSCxUIz|e<jQCDTrpM1<!csZs5Ie&LBWCy@qp1kPkdnrtSMGetF?9K{GeGh$`tcx
z(&GqXik(n{@m}?yyN{z}OC^-}*4}Sp&Yq^d*(pz3-yYu*O75pZqLy1jLM0OSd!1gv
zg?bb?>n|r3`-UB5yMdm~)AoSpW+Jr`s63nnIr=WE_nPC(qk2j*_vi)rlZid$*H*s;
z`%Dr8C<|WTdCPvlK8D=`G{a+cO=}bW(WH^Pvh6CqA>_o00u7p>m_||)hMu88;5qyZ
zc+w?269D+gZ(>caR<!8&&P4gUIm=-?I|ft(r!{~&Wkj+=a&tZaokF`n#=$9o$pjh{
z^S)7l5|_ZuUf)JFX9F!Jzz=1NnxDqd;oYALX86>YPivVH<x?9qz9!@9WAO^wLAn}{
z)qE-K5d@oHYQ6x=-|o;@BHy<36O#Up<?W(Nu7-fKd=O++0051J#yvPXcwyH^FGpmE
ztfk7VIp9Sr%qHrRa;Bj5a)yZ$joCL=1`W$W1-tK)6061q^AShMHdfp8Waq^j+Z%0Z
z$^-E6BIu2Kdi4dqF321x=oW^B4eVemVT@rH8MDghnP_Zd4U~*X1V8#?CLjEopofw#
z&aw#3e~YlT8i47OD#cDBESDcZy&S7j&%>JiY_RmpeSZONUgp!sMnO9rivOGRD?2c)
zaop0hf<$Z=WU1{sKoR~V_i<>J3=1<?(Bb+kjdZ$`oVOg@zSw2}m}OUSEe%67T3q#V
zgyqpmqMK8vR4>br5^6Jz!KMYacPfYsVf#69$Jf^e$o!Z~?KMjyIf{ZRmb-NB+eig^
zoNB)Nbr=pWz(NI*s$ParHW0@5`c%?D3#%q*NX+FP13n2=ubE+J8smR<#WYShN?~EZ
zcWsOk5lazyRCG12SrTZBqvBh}U66U>Z4+4y?bR7XzZ6y-jzCC|_TUI`<T$QbP}n07
zw=UGosZFEcsO1q{Ja3|57i)U)AG({}I^Ns6nHU+xXC{Wh2@5H&RLw{?sDK3p#dI1x
zktT_a7RH`?ka@oD369ninMQTRyCrvx;;!jS(vf%;yOM3(ppNXwU)zs5^6h$mFo|^8
z?X>O0<0n4lRAOo0F)oDA(UGl(a6Qo*oLXCGZ*LRMAPJ1g+#D(h$4(!Oxs?`00#Jpm
zy%4WJ#8!kGxOSHW?bIqic`Gq3ror?`Y6yi$gd#5*`JJFgY#x|782Eo?bqzsB)#4ZZ
z4Qt}efjYM^im)#+B+c!Y{Z|CGTqa+$F6NX8(tDMShh?sMfw8pYb4CHn&?*faDIGwJ
zL=EKxmHuj=)babcndjd)!|0BDGpZaS<I}_YYdR^fWFG+%m;2^1rgS<U1_yKxkX36~
zJ^vplyQ^Wc>Z_Vdrq;<_L;|BbG~`c$@{Y+!@WuWCnZNu_`%;6p>G2e3`nQ54ELSq4
zX!%VM!`-?_mp6Bms$NA#8~cc4F~m;P1nLfZjuYub(X$y_Q1Sd-AaaZFieIn_6__w}
ztQS4nYVDD%>`U3Xm+$^8AXXmInA5X$p>zH*6{fI>@Qwji(;z?-n*0OhN2Tt9+aZ_q
z7#RDlkCCSDB*IM0ILH?r0Bc)iWzBCujo!#F9p+%7q9hTaeZ||4-4>g8E89)S;)uzf
z{E*sR!hN>0RJ;qn!}A08-H{S~)au-%9WV*Rn!Cog@u7Q<jl*>dtmh~V{cvIG1GdaH
zN+}h3&enOfKhmqh$QtayR%3R3cHiLmE2RT@p>|iLlg!OV0KW++Ds(&f-bJ+sutKl*
zKK)gJ-Kvly+lrsd0B=I#&lOfZLoea2&<EwBp3RYmpKq;lEGO(pFoL8d0*O<+^Cr{M
zrivfv3@%$y0H?xfRzFx)(lMYg+GrOd%z3Bm`d{abV6UP$n4^G^r2;ixMW9l=S<5+j
l?E1BIO~Gt}Mmz@8OJ6$mxirDA1x}@~TRH93&%iCkEFQ{TJc9rL

diff --git a/secrets.yaml b/secrets.yaml
index 8a2c41f..5f29d76 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -4,65 +4,79 @@ dotspace:
         MyBook: ENC[AES256_GCM,data:6aESJ331WjclGzzDYjqIReEhZmOYcEVdm0pK5DROm0aOycdd5N/my3FNmnw85T/3SeLneOsfXxM=,iv:PX0zuGXq3Atmuk4+78iJkiifnKYOW5dYUmsHjhlD/mw=,tag:lzEz7DaxGzsFD2gtoM3vOw==,type:str]
         Archive: ENC[AES256_GCM,data:vz7o/qRVbIW97FJG0MeljUf3Wc8zhdl6ijgghOfyIikRCKzfuHBAmKhMBKtuIt0uliCJhcCJwbw=,iv:5nZ9R6Mx890n95uMCbiX5mwoJPJOZ/dm/MpsFDrHcQI=,tag:Bk56jnyJJDpz6fm3EfXWGg==,type:str]
         Frigate: ENC[AES256_GCM,data:rzcjpec10FgCx0IoURkDEPPd4l00SP75kn4X6VEFAv0w1VQ10h6Ww7msyhgttPe1+P5cYJyuzCw=,iv:WSvIezNccUoSc2z3wyCAGrK/u7iwJl4PBg9xM5RjpyE=,tag:u0sSKnQ3fGnudo1KRobOPQ==,type:str]
+    pki:
+        public:
+            lagarde.dev.pem: ENC[AES256_GCM,data:lAlBMu65TyZy5ixTy72vxHG1TwtGxZ3IG7Wqjasba94+yokEjrDP11GR9BP8aVm6Sr2p+HWF9KwW9x90pjCW8QGLgV1DDvs9QeSRm1WVWYFJcchmMgX2rzbkoMITR8ZYlAjlhClv7d2bcmmVw1ZNh882qLe8TCjUAdMZ5QkKZQXU8t0YfyL9HxZrQ9x1QVCJst6eEUQkaKN6+crSnjNiwJEZfwmh+yPm87BUfgyjQAAE1KCxA7xi2ddqDXYWMMzt5TF9KhnOwwrcM31WLhI4eb6em1dwZaglIH9ydQRDzTNBioTsayczxKczt/KVkh18,iv:NGM6E20pVHCKxAIWwJkVvGqv1nX+vhbi5vTybcrRuDw=,tag:fh5zcAbWgfL/h9OZGvN2QA==,type:str]
+            mlaga97.space.pem: ENC[AES256_GCM,data:Ki21r053cQki2vI7fEb5BOWztq4CAvOe6u9nz/ZyxJ17fKaz3T1gRjBXlyu0DERdk+SnCqcHuuscQ2Wl/YJ8eGS0WB0+U4lkEdZPI2qps2dgOh5rsLNmAllfTgvZ+lLnoFnHBYwYKStMQT819+Z+xHuOhBUBC6tFPwFHS2ICnQEZtdSTqno8hWlHyLlO8jCCzQcUWgfk2yUqm2Lfwq9CgCRMEy29Wh2HbUTIyOcfnE6k7pkG/aqPEeK5gQVNF3LzKimHgxIl5l9cPWb4bbwqRV/JGd01S6Wq62Lr4i8ElyphECTj2p8SWdvUNb2ITLWx,iv:CMJjeEMr/fFUe+ampiJ81t8vcWPcmSJHX3OW7Y4+YPc=,tag:Xs0GXXdt21aakxZpnJj3Zg==,type:str]
+            bauble.boutique.pem: ENC[AES256_GCM,data:8fhTINT9gnLzX8owH4o020i/wOcTNJbuLCOnf72ociwAesnwzHyQm8WULjhx36BSC+tRNsBWFAQf6p9/Es1ip3H685yj8KApwWWWT3Px/chOrxisc4ctVQZRaiLRmJ2RIdaupQKXm6/uUGRqNZxUI/uGh6g26M1ObDf8OiIXNVLGTGtoAXUrJXVg7rzrFgDgTXsZsaqIRglQfUOJJjsa/v2p6JufxO5x/jmRIfVLD37vMXPXAgxjUau3+ZKQNymfh1I25dRSkrfInuj4P2ECENIu+wITp3po/Of69PvfZIuK8s7eXQu3GRC7nYOtoR5l,iv:DRN9lLhvhWuWizNbGDN8SWT7UKk0iVzuZ1oJoDVZeu4=,tag:luqcf5lKGU6UanXf9vN6Cw==,type:str]
 sops:
     age:
         - recipient: age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WHBIaGM3M2xLRmw2Zzlt
-            VDJvbTE3U3hQNEZLcy9XOFFDOFBDemNlaHhVCkQrckpWQTlUUGRvQmViTXk0R2Vk
-            clp1YTdYdHhnSlRRT2xaZ0FGeCtxRGsKLS0tIEtiR1BZSjdiOFpYYzc4ZmhoRzIr
-            TmdOVXBIWS8zeHR1SC9UOWc3elVINVUKvCXooydvkNeZNFhYinrDZ6vh9ufskNU2
-            bLkUkFXnPN42XEJMgeZ0cOmxturDPjEcEW5iPIK6ZyISzbIQoa/Amw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUWZEWGNhSlFoZ3lyTDFB
+            UFRoMzJUVllDaTJoUWk4ZDRmRkszRGZlMjNjCkFjMVJFeThWcDJWbEtQcGgyUGd3
+            Q0xDMjU1WVhPL2Z5Smg4bnFtM09uREEKLS0tIEVtcnlITDhSSmRnNmJScHQ4ZGRU
+            MlJ0SHRDZEI0S1BIL3A1ZGp1Ym5VUDgKXStZQ9SkULr9Lix0uhCJ5enszs3sDpMR
+            PLoNroOYYfUPnzxNyIlTqpdvR+KeRQLLe0rQhX8ddbVf6CXKP3dUXg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWmxXSFk1ZkpzUUlIcDNx
+            YUdLQmpxSnNBVkY5MC9RNTNQcHd6ZDl4VkQ4CmF4UG8vNS9FYjJCeU5YN1lCY2xG
+            ajZVdHJoWHFjSlU3dGtSaGdFSG13NWMKLS0tIHNtUTlVVTY3U0dIOWJjcGxVZlJE
+            a1ZFSUpkQXlYNjh2RlZuL09jdmVraE0K0YOa5s4Z81fQXnL2KSEPO8t6riiXFwVw
+            YSybBxht1U4l45dGuhRH3+o8YA+aWrk5GaKU+qc6SXhfjd0wsl0J+w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeXEvM1JkNlh6TEFhZlZj
-            bkw1UGRVNEV5S2VJeWVJOWFqb094cmtlVVhzCmhMbnBxaXBhL2dtUitrVFVqMXgz
-            TjRZUWNWYWM4NlhJVytDNHp2RGJuVGMKLS0tIHJrNyt3K0VkdVRGV2RvMXBIa1BN
-            UGhndURxMmdJeU5VUDdhTTdUai9HOHcKwVxV6z/2jJ5KMElyAWnKQ9PM5LD5Y4Mf
-            6Dvf0SxCkBUbFspTiHIr0J0Qy8ja57KHXFlqPEVVUvy7B+XgDhnRHg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WGtCY3lrSCs5emIvVy92
+            M2VCa2hwaHVGOTgyVlNwTE0ySmQzYW9zMGxVCmlvOVdBVVRUSHlWWG9wcWhQK1hW
+            dERYdDhOdXE3My9iU3YwMmNOYVZqZlkKLS0tIEpZeGxCZHpIV0E0bjNaK2NyYUZu
+            SjJBTjE3T29DYy9PeHRLSXEwZkVFZHMKHRQX2I7W3NULFuLwI+/6dY4AG480TYgs
+            KHy5xKcfj8IeJ8g2szxcOQ5dWP6N1F9bSuez83umSCIJVNOhbz7khA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTEQ4YTluaDJWWWNOMU1C
-            T1ZiRXU3c25ZNUl2TUU0NzRhNlUwRERCTkRzClNaNklsT3J6TmkyQnRhdlh6RVRV
-            KzZveGFaSHBmUHZWbWFWYW5LRlJvbjQKLS0tIGNTeFdPS0g0VHpmOGlEMWhGRUda
-            anpObDVFUWwrOG9Ta3ZCYTNZeFQzVmsKpNwoU4laN1EMnHyrtcRBS7W4svyWKkg8
-            2yFpy1wxFyme1HQ1nXTrLdpATequZ7/+Rd2TamRXgfFGbIinTkcBCA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXM0k1VDdDa2l4L1RMY1hi
+            VEdreld0cnRiOGVtbzlxSlIyUDBPRktLTzFjCkpNOFhoVGxRdWVtdTFrOWN1M1NH
+            U2JsbWV3MUhiL1JTYnkrZ3daZkRDa1UKLS0tIEtkMFl0SXBSU3FIUU5RS1ZzNHZ0
+            cjNHdUxaSWd5Qy9wREFyU3FPci9HOHcKrd+gWMEhyRfKHrUXbRiwktTGw4pK9A+c
+            c0IKcGmZdI6lPNIFiVh5yYOndT0NMyEBAiPNXXS5+AYmNccI3X2g9A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRCtnRTlha3Q0MzJrMWN1
-            UmtPTjVnWXpqazFtT3doL2NPNkdhSGtZZGp3CjdWV0hKYVVEWDhiOFRtRmVjUzdJ
-            RTRiWlBvU2dIOWg3clZNRlNVOHVxODgKLS0tIGd2cmpHaVZodVRja1lKN1g0ZzNu
-            Rndqd0M1R0FyZDBNZWlQTjVodWd1M0kKbnnarUcvCCpeZ9WVxu2SAd94oz7lP7sG
-            45yFJTd5fq7UALImzrGnm+sEXzC3IKVSVTKWtgxnPpbyjlLIxi4XgA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1b0VQcUJCa1VvYUhTMHlT
+            QmVlV283RUFxYWhxTjRmOTc0VENrRlJhV0JVCi9mK2Z5eHd1OTJ0NzEzU1J3cDEv
+            d2NZWFJ6U29qSEhiSnR4dC9yQW5oL2sKLS0tIDRCWGQ2OXB4VUlwYWZkYXBBbXkv
+            Qk0zN3U4SzhzTUlUaGZpUHRVUDBVeU0Kp7uE1zpFtNYBZFerWHaRyKHSa0ccIN0Q
+            B+Vi806d1pvaUBTfhkDCCkSBFB12wP82yA2XrJ8ask6ztc6X/gui0g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-14T00:03:14Z"
-    mac: ENC[AES256_GCM,data:LNh/dHuWmt4nL71+r34vBDg7ngJC44fAw6998BuveS/yDP+kYmwd1VSZ7yRRCoboScuapIVbWMNwiyG2nXYA7W9aM7xkzHyDk5f8R6PQvShkCJ2T+TCa2IgZv7epZnNIMs+Zdqhe/Erf3MYV6rmWAY7acXEOdwzXQ7tHX8uvkfc=,iv:8UfzgZRyqUk9VwJaqDwQCjJlD/Az6zR+amof1pnnlqo=,tag:mXBM4U1+RIOzv/t0UnuSZg==,type:str]
+    lastmodified: "2025-07-31T04:05:03Z"
+    mac: ENC[AES256_GCM,data:OjQEe6aaTRsjMS1Zb/XlP4MhyrxIGYfn0mkB3GA81iOAGU02r79+uhx7vausjEgYN4IY+wXxyFju7M+xgRqTIWAfQrQtOuPIzsZUNvUd2FUzYAPhW0W2YrRJKa1gYYOHxKiyf4vaP1I/G7I4A0DG9pYRVDcDzvN6MzIvy97XGxI=,iv:/GYxPBSArfTZzUwRrLl+jkq7u24EU81+d00nnuyO98U=,tag:5CP5DihSPSZMhyc+3CyCEg==,type:str]
     pgp:
-        - created_at: "2025-07-20T19:35:42Z"
+        - created_at: "2025-07-31T04:06:37Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA9BR1U1EkAnnAQ/+PqhTAWVvO/Z6NxVaSosQzwoUI1yDm5A7ZGVaLpiu4i26
-            omfBAWfkRVi+3A0KSokmnl9+TnWkT1ojJSutNJv5low1GGKuODhUTz4aDgBLqb+c
-            LHcFkVHnFHzp2SEMZ/8ma+H/cnMHjXbQ+fYJk/P2OCxQ2L++gOUONCDI6UujKN+5
-            PWPv542mCz0c+d6vvAFWAMEz9SeLqlKfaifUPZdEtXUPFHsy2sl8W7RVRLMFO/OE
-            EbVq44JSF2paHNGAOeNdd/n9a2KBDy5Nf/7aklS8JW1cRtOchZUFvcJiL6/lmV1u
-            aCZPUxuxcvc2s3TTNYCFeu9vd7Q6Ni3p/Tb9GYvjsXGnkWGJ3t6vGqwPxBxJ0OQZ
-            S8MIqbOPmFund4vVyaWpEDtjF3WzW6TODMSXfCwmQJQLhKzAKWvgXP2PXBZIxB0h
-            lRweBy1k0ljnjDIun3SpWDvhBItjYkUnAEVwWE6VSPKlsXKApZ1p2mIicMzK+f4e
-            3OF5kjZ+U8e2jG36o6k+tkfYO+FuMT9Bove0vKLYjscxrBnwbuQ6+tnjxf0NJfB/
-            IStzs+tUziQLfIR7MBi7DDCRd2dgU4MxK6kWDtFbpXqm4IFnBoihA6p53dL88LVv
-            8PzYt3E5MA4+7nKrNZn1IHL2io8yG8g3A+RVFUx6ZiB+QuZmcjsPn/5sEbH0bczS
-            XgHMavFFBZVtuO0S5fetDKOqUObjyFBkXSrg+dBc9kGBHDpPejh0xD4RefXgRtwX
-            ttivAlOKtGG4yjGz/3G5YhYPLxDTE+p0WoNxjrw/puKKXQy/m5iZj2Xomh1ckgA=
-            =Jf6Q
+            hQIMA9BR1U1EkAnnAQ/+NSwCzekHKQuS1DEx2z3Llg2r1NYP21Pvzb3WKxzIlH/Y
+            rH2FJ4RhFJsG8GVWgURySHtqNKcafpB+8mm50b56IKKUiZe6A2ULIW4tBmU7wEb4
+            uEgFQ/YtJg4JyQxwYuZHX4ra3IsHIdbV/dsH9bv1A02Z95Eyb7nQutAiq/pz/DbS
+            /J2ndBzZmYO9cb4aHJ4h8cqdvWDcH+vWcNW8uqCaLKiNPYQLcPZOvMfGNia306Y6
+            9QSMIIvWP9eAcHIeBBP3U6blQJ/XXdoq0CuWfJim5fJGyfrkNgGQufYOADpJHJgL
+            nNIRkI4RF04ky9ghoSPCxpGy9Rd4YQU1iqA5QWC+VqBFH9e8aFmptlCVSAZ0t74Z
+            iPDBWHLBVkjxGyTvNWtpmOmyB2ZAhR9OQjkX6EDnVL/YqPVSvwvlvkzDoscmzvl1
+            64OU3hSJ/vwCsXyb2iN+62JV+NP3UgvXJnJvpEdcohKfTfEJScegv2P/xk+vt8k9
+            PXrW66jtBgT3XFssRAq1TUCfivYehzbdmS2iRIjnST0cjOJB/vX3Mc1gZ88zBqGS
+            fiqXryegdBUHULfJnGPK4ymQLEipFNxZXkFSLL6KTOCUpNeOJ46NqYgizKt4Ewio
+            BiJ0YCg91GrftElJIHhsehUiK+6C75TTL+c281l37zjv/tMZ1nmcUX0in1s/gJ3S
+            XgHrdCoe/vXYCQ2hTS+o8kHV1ksQPPGAvoEWvJrFPwUQhjJiqRKy7j5zwaYWSTth
+            p5YfPoLRWjwGS9V7VD99gYQVDgMzWpkzO/JqZxmNgV5ki5tN4eoR+rAUg19E064=
+            =DDSk
             -----END PGP MESSAGE-----
           fp: 5F78261B65C565041662A3B7FF8FC3C735BD4A51
     unencrypted_suffix: _unencrypted
diff --git a/systems/fortress/.sops.yaml b/systems/fortress/.sops.yaml
new file mode 100644
index 0000000..88ac72b
--- /dev/null
+++ b/systems/fortress/.sops.yaml
@@ -0,0 +1,18 @@
+# Get new (host) keys with:
+#   nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'
+#   nix-shell -p ssh-to-age --run 'ssh-to-age -i /etc/ssh/ssh_host_ed25519_key.pub'
+# Get new (user) keys with:
+#   mkdir -p ~/.config/sops/age && nix-shell -p ssh-to-age --run 'ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt'
+#   nix-shell -p ssh-to-age --run 'ssh-to-age -i ~/.ssh/id_ed25519.pub'
+keys:
+  - &system_fortress age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8
+  - &system_ll_latitude age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
+  - &yubikey_lauren_primary 5F78261B65C565041662A3B7FF8FC3C735BD4A51
+creation_rules:
+  - path_regex: secrets.yaml$
+    key_groups:
+      - pgp:
+          - *yubikey_lauren_primary
+        age:
+          - *system_fortress
+          - *system_ll_latitude
diff --git a/systems/fortress/compose.yml b/systems/fortress/compose.yml
new file mode 100644
index 0000000..3a6fe5c
--- /dev/null
+++ b/systems/fortress/compose.yml
@@ -0,0 +1,34 @@
+services:
+  secrets:
+    image: nixos/nix:latest
+    command: nix-shell -p ssh-to-age -p sops --command "mkdir -p /root/.config/sops/age && ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key > /root/.config/sops/age/keys.txt && sops --decrypt /app/secrets.yaml"
+    volumes:
+      - .:/app
+      - /etc/ssh/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # External Services
+  
+  #httpd:
+  #haproxy:
+
+  #coturn:
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Internal Services
+  
+  #dnsmasq:
+  #tinc:
+  #wireguard:
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Local Services
+
+  #dockge:
+  #uptime-kuma:
diff --git a/systems/fortress/secrets.yaml b/systems/fortress/secrets.yaml
new file mode 100644
index 0000000..f667724
--- /dev/null
+++ b/systems/fortress/secrets.yaml
@@ -0,0 +1,49 @@
+dotspace:
+    fortress:
+        tinc_key: ENC[AES256_GCM,data:TYiAAgb7hiAzeeqlLQmj7b/50Yht/EXPUz5WgOs4aWPdCmYmZ/Qy90cUOFP4JDGuwj6BqqcPQ2xMZn3UzHOMlhhFMPiAGrD9ClzhRcti8Y8N2hyElgpTOcFwUiHyB92R4y3SCHLEhCbz0QpqDVKlsHIZyNC+hQihTmGlN53Uq4wThVdriJv9JsSABvwXHyjh+uGmYzKM7lZU4no2xn4CKuh4pa5Rq8GvDlAjJQNg8qcCucTz9VjH8rPZRJoi9GFFrl6a71ollg==,iv:50iiuhG+QVWM27rYP8zjCGX/Zp3TnjG7hUk6x2Gz99A=,tag:3NeS6Rlj9y9lAqDuaKMItA==,type:str]
+        wireguard_key: ENC[AES256_GCM,data:91oquuoknEoMQ5NEwcFwwb/DXkpz0ImSgWpU3CPOrRTQ0VjI7FHluPhKsPA=,iv:STBb0c2lhno+Wylx7L82tBBEdPtCGa8BkmBxrYp8K0w=,tag:nj9gCA9jrqqN6HBmpcY8wQ==,type:str]
+sops:
+    age:
+        - recipient: age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEa0k0NC91YnhlRnl0NWYx
+            UUNXSjM1UWFNektJQm55RTB3bzlkZmYvSm5nCjNMUitYdVdBNnNOUVFpYXNQb0Nk
+            eWlSM0hQT0RhSStPRGV3VFVZU1hBdWcKLS0tIFNUWlVVK0UwNnJVZVppRHJuSEoy
+            N0RqWEwyTkRESS8xVmJ0eThRa3dOZkEKiqjDn6WedlB+mmodYeMK49Rbm90CMB7c
+            AQstw4G7v4y6jnhLklHYQUsIKjMj2qysB4qLl63q7PjJf+THsY4UUA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bGVxNUxSK1lxRzFjKzRP
+            a2dBQWdtRlR4N2N1dFcwU0UyU1RNUXRLREdRCmxEODhJaHQ1WjdyYkZyZDd1UjJs
+            a3RCMkFIejJybDJOdWtKRi9nbVZGODgKLS0tIFp1YWdENUtQemR3VmFsRHZKdVlG
+            TE1xT1JWd0dSaVN2TDErNktucWE2K0EKwjd572SoW6SZZzQ9Nxr7Z7Mc1F2h+FSJ
+            FS4iqRRb6Py8l4DrQ76YSwze5Uxl1jXK8WaEP0V7en55B8Yn2D04Fw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-31T03:47:30Z"
+    mac: ENC[AES256_GCM,data:GGQz5aa52oYfnBPTjxbLGaJGOUIxotvwRQQ1NzNMJnmtmEeZosDlLAhk08sG5f9u0Q4gYlxxB+XVPq23dbleGXXla/YkOR+z044ppriKpzTa0bSzKyXgSgFn4qtWC148r5iqGaeYPXjHdZARgUVHmQR8qTdAey6nk6k5Oz2I6yc=,iv:1m1ripzQV39VxNAED/xgwOTnu6+wgSmf7iul40Y2tsA=,tag:7eRFgOxR6CkHIg1/8i66oA==,type:str]
+    pgp:
+        - created_at: "2025-07-31T03:49:46Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA9BR1U1EkAnnARAAsvw3aKlrTM5+Z/DqWzDPpgpAhO3qO7eFFuZzwTnoKxzv
+            9Dg+9qwkG1QI5R3UVv7J5a9hCqjfnskZnHSC7lwo/xkA9cCifCTohCtUe+4s8+Gd
+            HgcWrx287oqnuMBOPjZ6WXIYXKLUZPgQ4RciggbyoOStrqwDO2s6RYMVpWAvEBTz
+            18eydqdD57KL6YUmq6sc9wGKFlhIRvpxay6RltohRRPq1+bReiAuEP69G4fThELo
+            ND08l3Q78lQx5cvKStTFbPCOHu2da991gzfRmLpyPjKtGZ5pIfEULui13oUc6iAX
+            23BSn3iHXuEuqYKCbM19D7xRoCvlDpf7gY6M77ZzqEjG/u3gey1JAW0YzDu4brXj
+            3JTKe72ASc/38D9P9NWhCYDk1uOY0aWO5Eg6j5QZ5fF4eGH836HV4ouU7g74Eige
+            gWTMi3TKmWrbvnRnRMNb6ixR7EbHOKRawrajACtzG55R4TVZDXJU0pv5Fas9TBXa
+            wruWH9a1M0prD//ueTss2b2NOMqkyl3O19sVvotW5xgkiXBpjDsj2bCR/uhmLTkp
+            QKlXa11P4ZiDMNkMbU/1USwMNfYH+pGuVS9CbeIvycnUSDDMV90eRZu99GyIc0+3
+            BHvE6mThfKRkpz/B3hiZuacYK/nINxZ5So1XRR8jO730wwuQ2KPkgroJYd4flLPS
+            XgEpnBwMa+c0y9KBDfoGgoB+urG0bDolLL1DqhvBq93jaNT9dF+VSHHMHAcOvVVd
+            oHagTK56+RWUyg/MFThWeIcNUXKdukwlFdQN3Pko7agawxV4zi6u1dYi9fxFq3g=
+            =N1Pk
+            -----END PGP MESSAGE-----
+          fp: 5F78261B65C565041662A3B7FF8FC3C735BD4A51
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2