hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity

Compare commits

base: hacc:49fa2325f342e1d4c30c52ae0bb5fe50ca029229
Branches Tags
hacc:main
hacc:24_04-remove-nftables_ruleset
hacc:nicer-nftables
hacc:monit-onlyoffice-restart
hacc:mattermost-kanidm
hacc:mattermost-update
hacc:removing-nix-hexchen
hacc:onlyoffice-nix
hacc:nextcloud-docs-on-website
...
compare: hacc:003f2f7e44e7ccf44953790c00243420635fbe47
Branches Tags
hacc:main
hacc:24_04-remove-nftables_ruleset
hacc:nicer-nftables
hacc:monit-onlyoffice-restart
hacc:mattermost-kanidm
hacc:mattermost-update
hacc:removing-nix-hexchen
hacc:onlyoffice-nix
hacc:nextcloud-docs-on-website

2 commits
49fa2325f3 ... 003f2f7e44

Author SHA1 Message Date
stuebinm 003f2f7e44 move all on-disk secrets into sops 
this only concerns secrets which are in a raw file. Some of our
services (e.g. nextclouds) keeps secrets in its database; these remain
untouched.

Not yet deployed because of shitty train internet.
 2023-05-03 23:04:13 +02:00
stuebinm 0d75469590 rotate zauberberg's ssh key 2023-05-03 22:33:12 +02:00
7 changed files with 89 additions and 41 deletions
Show stats Expand all files Collapse all files

2
.sops.yaml
View file

@ -4,6 +4,7 @@ keys:
- &stuebinm-ilex age18wkr3kjalalzrq9l05q32gnlaqr7t6rqqzde307m83rs9fp4xcfsdtj9gt
- &stuebinm-surltesh-echer age1q88az2y5hnx8naqsvrurllqj6y5gtehrpa9emmrxy5ghwsr7pvnqf7tfpx
- &stuebinm-abbenay age18nkru4pwvvapdw76nauv2xdtlj8cvyv3ugahe9kcxtvtsptx2eyqw7p0m6
- &zauberberg-conway age16fk0m26n0fr2vmuxm2mjsmrawclde2mlyj6wg3ee9jvzmu5ru3ustgs5jq
- &moira-2022-06 age1l694a4xht7r0eza9r2vjncupmp6cxyk3k9x2ljwynnur4m2lc5jqmy3jut
- &moira-openpgp age1m374x78q9eykua32ldrqxh8rh36kz6jyre69a263krf28hcycsqsrmshl0
creation_rules:
@ -15,5 +16,6 @@ creation_rules:
- *stuebinm-ilex
- *stuebinm-surltesh-echer
- *stuebinm-abbenay
- *zauberberg-conway
- *moira-2022-06
- *moira-openpgp

16
README.md
View file

@ -36,6 +36,22 @@ nix build .#nixosConfigurations.parsons.config.system.build.toplevel
(but you might have trouble deploying it)
## Secret management
We use [sops-nix](https://github.com/Mic92/sops-nix) to manage secrets which we'd
like to have in Git but don't want to be public. Entires in `secrets.yaml` are
encrypted for each of the age keys listed in `.sops.yaml`, which are themselves
derived from ssh keys.
For the initial set up, please take a look at the sops-nix Readme file.
To edit the secrets file, just use `sops secrets.yaml`, which will decrypt the
file & open it in your $EDITOR, then re-encrypt it when you're done.
To add a new key, use `ssh-to-age` to convert your ssh key to age, and add it to
`sops.yaml`. Then do `sops updatekeys secrets.yaml` to re-encrypt the file for
the new set of keys.
## Working on websites
Websites are exposed as flake outputs: if you're working on a website & want to

2
common/users.nix
View file

@ -46,7 +46,7 @@
isNormalUser = true;
extraGroups = [ "wheel" "cdrom" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt34ou3NYWoUayWrJa5ISzihAAhFiwolJPmm2fF9llPUUA8DP3BQRiKeqDlkDzhWLwztb+dNIUuregiFJdRN5Q2JZBKlM7Gqb1QtPhtK+xe2pyZPX2SWKIsKA6j3VAThhXsQdj3slXu3dG8FF7j+IFg/eTgpeQIFQQkMIc204ha8OP2ASYAJqgJVbXq8Xh3KkAc1HSrjYJLntryvK10wyU8p3ug370dMu3vRUn44FEyDzXFM9rfsgysQTzVgp+sXdRfMLeyvf+SUrE8hiPjzevF2nsUP0Xf/rIaK5VayChPLXJkulognINzvuVWAdwNPDLpgGwkjglF2681Ag88bLX allesmoeglicheundvielmehr@hotmail.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfxXSy22k2EZwz1EtvIMwQKGWsswEBeLn5ClhuiI4Ma lukas@Conway.lan"
];
packages = with pkgs; [ ffmpeg ];
};

89
secrets.yaml
View file

@ -1,5 +1,11 @@
hedgedoc-hacc:
env: ENC[AES256_GCM,data:e2vSolxJNucya9QNs28gAVDBJQq5AJh7jS1nBh0UTkDnhNL8NPW1KTxcun4rM99EhiNZsz6Z9qHRMejmP4frQw==,iv:DqAGhGWYf/EpGnI79MxKmBlHMhK26zx50vXb1TbvESw=,tag:Xix499XAcAmxhNuGr2ApcA==,type:str]
mattermost:
env: ENC[AES256_GCM,data:4GcV8UOYmVUjZoYc0Nq/vEWtxtYNV81zVTEyFnZIfY1k/Ar1MU+fn5A99JLIMc8U84/QupDU7TcneiN/wqPv2jYqGS7ixSNTk+x5uUPMarzKZ04ynav6FCWEvlSF0Sz4/5s/Pvp1Qi3zdv16ZVGUHbM8/wCcaZBkSS0ofwBTIXVsVYSRPFxLehtBgwjAnD46qS+YJmszmd7V5N/adWWF34vAdfLiO6Y7KDB3jnMLOPU6Drtw9L83AW6NuOtk8crZrI1dkTD/xUC07IvMhZpZVc9ktQJqIvlk/ADs5aIp/QYrjICdYvb8xC16oV7jC/7yzXzC/UuYbCvS5gnHGMK/CsBkmM9HXmQ6mWjrfuOJEkMHSefS7O8HyrNoNDSXq0ivCr6KJmwrz7NXNAE6a6xx9LMjs5DJ8H5fda1l5TGVAdA2tg==,iv:dG4cnEtUgUxw7zS2k15p+6//Bl19WquTfFIiz5Vi/0M=,tag:cMBU8CtFBBjfcfpO709Kpg==,type:str]
tracktrain:
env: ENC[AES256_GCM,data:jaq039FNxBrsPfG/q+InYpiyl1LBdY++DlLM6UpSAwKlINucooTrHz51QrdRWhAZDqXhVTHM55Q/Zm4wazweCABiNjkXDFoZgxc5YJX+pvBct6M533xl109yD6KiYOXDqPY03u71aop8OmOAnKDp1JlzPS1otdlaN8Vd56G+,iv:nYU2rgMMG4QcJo5DnZpYZm1zr82idd7r1uTsqNiXLdA=,tag:9rdxAneYUREacXNunpTuHw==,type:str]
vaultwarden:
env: ENC[AES256_GCM,data:hdm91tI8WBd3es+IUbdBO69kh1pNZTNvZNFIdSZO8lm4yYMPE+Jm7EzVqwOaZRbpQaVDBg7uh5P4ODc=,iv:no7U0wQCwZOeL2pwXf2pUIgrEsEOYwqOT04LvpCl614=,tag:AGSu5M7H69x6pDM062bC6g==,type:str]
sops:
kms: []
gcp_kms: []
@ -9,68 +15,77 @@ sops:
- recipient: age1yql8qaf7upraqy4cq397tt4vgs046hq0v59qymla8t3x0ujqvu4sesgsvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByREd2cmhXSUhNMWxEa3FB
em5WZ0lkaVVka2c5RUdidC9UQ2F5N2FXWGhBCmY2dUlHUmtpZkFZTitlaTVxMS8y
RFM0cHQwOFBwZFpSS0JWRXFVbUxMbTQKLS0tIFBNU2YxYUM4Y0U1NSt4Lzg1SnRF
N2Z1ZUpxKzBwV3Q0T0ppQis3UFJmT3cKRa4o6e0hNCSqZibQ8yjUMntXDaZxrmMc
tKAr9uGbSWQMbfjK26JKiOFt7QgF0olNvv7MxVD/kFScJBr1AerBQg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNUJDcnZRa0VGaW94V2wy
WmVSV29KV09kOVBjMXFzeURvalNPUEM5OFE0CmxJbmRwV3duOVFYcGh4MTFMU0Vl
SWRoWnhZR3JDSDR5U2h2NDM0NmpWVzgKLS0tIFgxUFhYYmYrRi9XQmxpdWRJYkUv
ekh6d0dXTTRqbllzdUFjOFpncndWazgK1TtGwiWPkgjOZoMY0LC1XDI93kTU6bii
2xm0MV05TTQWJiQBRxgyk6Vu3ZMVawXsQgiTQiMaamJuI2y+UTSo5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zgdegurzlr8cw9948wgf4q5qh3efltwhhzus5tt6az5xvvsux9us2v4tyd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNlQyeGtWeUx2R25oVFFr
ckh0UlRCTkt5aEg5MUREOEpIUzN4aWovVFFnCjIxREF0RTBHUStBS3hFSUtUVC9y
ZXVyVlUwSlJKRTMyOG5CS0d6amFjU3cKLS0tIDZFdisyM0xEbHl1LzhJL2VwNVhR
d2RWMHdTS2hDNUpDOHFxNmNQVDZmNFEKgo3vmIWXFYsYSohZxh1eGhuq6kh3j/n1
R5kN1Rs46/Id0lkFkySXUfuAzOqCWlnJYYgMtqOmxVI3UQhJAtWXOg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwREhqS2E3M0lmNVNlMk9o
UXkzZkdQR0p6aVppTnliK3RzNllSakJTdzAwCjEzSnNVTjhxaXUzWmVvSCtidERK
MTB2ODNhbmNtQnBEbklBS3orbDhNdjgKLS0tIGw0c3BKaDg2dDc5ZUlFa0NObzQv
R2NwY2tyOFEwcFRiTy9XOXpmdzRsYkEKzqPoluJCRUGUPFrA/CXPR9OHgB1/9X/W
KFiQDbVIGC7gTjJRIoc7QqUKBRTdwFt/u6t+3yMOhEIMuPgGbP91eg==
-----END AGE ENCRYPTED FILE-----
- recipient: age18wkr3kjalalzrq9l05q32gnlaqr7t6rqqzde307m83rs9fp4xcfsdtj9gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUi8zQ2lPZS9nZHByQVBl
eU05WDRaUjlCVzZlbDI4K0ZhMkFNVFg5UlQwCkNuakpJTStvZFpTZkQ5UWFoWHVH
RzRqTzlpNjNlMHlGbEFheFRTV1ByencKLS0tIDNHWEE4SENqRWZwNVpHcHN0TzY5
NkpFTXFoLzUrcjEvbVBNSzdINzZHQ2MKb3knCvuJ1ivuGMZ+0bmLJoi5nUXMRNVf
l50GRm4JVZ210wwQq0vqf86HLIUE0hwaXiWsb7Sn3VvdsgE4x7wEmQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUmdmOFU5bUFyOUZWbUQ2
UnNCQWpHNlpRZGhab2JHZGNvTXN5T1VQSFhnCndkcmlYajZSb0svdUFyTktmWE9V
RzZENlVtdlg5U2RibkFUUU1yOEY0UmsKLS0tIGVXMVlSOTBtWFU3dWI2Tm5lbnpW
Q000bzIvcUpNWEpmb0dQTVlLbXFYUTQK2VBY6N6JqXUwK3Aq0xDZkAVbbFh6bTbD
XYWAG3jj7L+uYmd6RF8DFZaLSVE2xxf8nO3zwrLdZlKuKJmhkw6aIQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q88az2y5hnx8naqsvrurllqj6y5gtehrpa9emmrxy5ghwsr7pvnqf7tfpx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNUY4c25EN3BBSTFTMEU0
Vjg3RjFkS1FzZ2NXTUlZZHJNR3pTa0MzNVRNCkZhS1FMY2RlNGlCN3hoSm9yN0RL
UHAwNlFQNWN5UWp0TUJybjVhMjY1TW8KLS0tIEJ3VGFQOEkrU01lbWYvQnRYdkx1
VzFDbm9zMk4rVWlMQm5Sdk9uMEF1OTgK1d0syR0MY4DNA059QApJess94MZTulNQ
THZ2S/BmEJGPoyvjKot5clX0Lm6s7LyNoYDjBypo+6OI8Cvjo5Qjgg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMDVWYXZ1NTY0QVBLd3JP
bmRTc3lRejBLcHl4Wnl2NWNuL2ZJVmxlK3ljCnFtR3FueUV6dlNKaHNkc0ZFMXhC
QkFXYmtuWVpvdENUOVQ5SFR5bTNBeTQKLS0tIG0ydVQybHdvUnhjcGpHR1UwWDFK
ZTdNR0gxYzlzVnNSOXlTQTdNRytKQXMKO17jeAbjljOr9SYwG7RVtwp9jbI/QAQi
Z8zQfloVTLrdzVc3abdvw3v/KcPInI7/PIWp8Anv+djyujzBpOKKtg==
-----END AGE ENCRYPTED FILE-----
- recipient: age18nkru4pwvvapdw76nauv2xdtlj8cvyv3ugahe9kcxtvtsptx2eyqw7p0m6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK0luUmtzZXdGOTY4bU51
V016dTFaRkxyNksyMXJiUmY5QkJjcXdoSXd3CnpoQVVXVTNZWnZmajUzMlNJN2Fz
dDN1NThmS0IyREIvQSt2SlJKYmgwR1kKLS0tIFU5dHJYNzdydDkwT3FyQzRCRlFh
VUpXYTFRK3FTRlJYd1B3Qm5HMEQzMWMK5IqzmCIdUphR2W6y6UtZLo2cPRW2L0d4
X0qmWnDxa4ghD1CMlIi2spIS/0mE2+tu+XmxYnWYtfMggCtJpZen6g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncjN3STJ6T2dNMjRlSXFt
S0lNcWdieDJTSFEwc1BkcWN1SXZTNDI2aFM4ClJqSFFhQUVwWjdselA4WlVjRjBH
Z1dCYjVYSzFYYlN6VUlZbUQ4Q2ZidzQKLS0tIFRJeit6NWhVWVdYeEE0dFBFRUx5
Y3gwYU8reUhJbEh2MWpMMFZiZU43WlUKLVtfVb2UDPTQfrN9YvOsXahNuT0r07m4
JySi8BynrHY7YsiN2nxMHtW7I/2horgGpu2hv+AKj4WbPJCzSg0y/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age16fk0m26n0fr2vmuxm2mjsmrawclde2mlyj6wg3ee9jvzmu5ru3ustgs5jq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYk4reWJIdVRKZXNwMTN4
Wi9uWDYvU2daUUVEVHluSi94UkZjNGtINDJVClF4ZFhBeWdINmVhQk5CdEhjRUlX
MlNSNVdHdXZPNWZrbGVQTnVFb1FOZUEKLS0tIFEvTHVlWlZ0dUtPTFlFUlZLTmtS
eTdXVHFRRzJBZTF5aERFUGI0akJxajAKngyn3eyeg2ysKDJC36N9UHrX/hNS2Kv2
3Fvnmg/hCQ3l3SvUSPiXezU1xK+/3XMEyaC0p4Tb+YdWapwKre9ZGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l694a4xht7r0eza9r2vjncupmp6cxyk3k9x2ljwynnur4m2lc5jqmy3jut
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNEUvL2ZQbEo4SytWYnRJ
a1ZMdS9FR1JsUUpsMlZTdXRzOGtDeTdIcFI4ClhxaFN0dXVmR3RhOHVpdFNxNEVE
UzBxYStNMGZjNFJmTllxdlg2R1RIRm8KLS0tIFRJYzVrdE9mTGJZeXdpWnBUSkll
QmZtNmtabkVYQVNNZFRtWnE3LzR3Z3cKKOUqRmH5OzXSLNJAwCylXDMxoHJFT4Dn
5iuRwydc9VvI/XKLmK/rR2XXeXzxESWu1OJVXPV87VIFh1jF71lCbQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZHZ0RjZ6K3djb09INTAx
S25Lci9Ra1lwSjE3WHFkOEszNXRhVG5oTHk4ClUxYklHVHUvSFNJWWtEZlRhYW1G
dnJyMjNPV2RYRC9pMUJPbEhmWXZ0ZW8KLS0tIHc4a3VZYjBraDZlc2lENkpEMHZJ
N3M1MEtXS1RaMUR1VjJwZlhEVmczV00KFl8MTogCwPLJEkN4tJdo+5DVPaDFTUyA
gsk/u1/ud3dJ34edVRf/KfcSjq0YdD2lKhfdwZHCXVNdwT02fbGTmw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m374x78q9eykua32ldrqxh8rh36kz6jyre69a263krf28hcycsqsrmshl0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZ3VRd1lNYVZpRHNsRWti
eEM5NjlOaEc4L29yRlA1eVdEZzFWbThXR2xFCngwN0YzWXdpTk4rY0h6VDBzQWtM
TGhPYk8wRWRqd0ttRm5zSTBMbVAzNWcKLS0tIFBsQnQ3TTJqQUZXQVlVZTcxWXJG
bVFISHFrRnZHVE9YbGVlakxJSFE1aTgKsddkeIFwHckApYhK53/qzG8bUYm3JXiI
amI6nq+0nNoU2bzOTO4FLW7gYssxWFxdSVV153BWGJHSNh/JItvDHg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZFJ4WEdQZFBIYkhrbng2
bmJ0UXM4dTRhQ3BCbFJCUWdZQ1IzY1c5UmpnCklGcm9nN24xb1FoOHd6NWEzYUgv
aFVqMnJIZVE3K2wvV082WUszRjFnb1kKLS0tIE9ZaTY4Z0kzSFhwMjF3OUNhelBj
ejdpTEtMNFNIVWlYMGtuMTJZbHZabUEKBGLoMDZQVwENcAXee8m4fsEmwFl/As6H
346X4tfBghf1tk857h/1j5sXj3ZgyHvMlIavnS3AoVlOIsgxI1BYMg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-19T14:56:57Z"
mac: ENC[AES256_GCM,data:Mw5SUPLqVhq3bEjYj7v7qZO2RqEKDzC6u+lzLsFXdnJ+pLSUslulzGgIerkKbe9wXM3m7LgPIEeCdRhmRfjuDbqdvE8RifuE3UpJ1F0497RmGPAVsxZeUh8YaHzKe/fij3QGgGAaahLYs413WUZNvGPrnJSIISlRdJ2JNlTQw8c=,iv:2vEUSrdr30gEZh/wqSDDuakK3W+ZY6iJS5BgUpYKkk8=,tag:p8X8exlJoutmUW3WaP68Tw==,type:str]
lastmodified: "2023-05-03T20:47:22Z"
mac: ENC[AES256_GCM,data:5ks4oj4ILLZoJ8TAGLSktV+TZBt1igMOVTiRssr00xnMs1OpR4u0wqwbkM3e2vNP3Hk51AHn7J0W+Ex6f3/iuGdcpYmY/nmSuu+IRZkLL7UEulPm+FDUcw9wgifpNQ263LqvmtFmPURpx4jkTdvcKItWrN0ovV0Wk3jspQ4/QYA=,iv:Kp0cJCYSXBBD4nNetXs6XrFVEl77D7oPuJYAS91DEbU=,tag:b3KF/SFJf1TxDBJ+7KmFvg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

8
services/mattermost.nix
View file

@ -3,6 +3,11 @@
let
mattermost = pkgs.mattermost;
in {
sops.secrets = {
"mattermost/env" = {};
};
containers.mattermost = {
autoStart = true;
privateNetwork = true;
@ -14,6 +19,7 @@ in {
hostPath = "/persist/containers/mattermost";
isReadOnly = false;
};
"/secrets".hostPath = "/run/secrets/mattermost";
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
@ -23,7 +29,7 @@ in {
nixpkgs.config.allowUnfree = true;
systemd.services.mattermost.serviceConfig.EnvironmentFile =
"/persist/mattermost/secrets.env";
"/secrets/env";
# overwrite the -c flag given in the module. this can be removed once we're on nixos 22.05
systemd.services.mattermost.serviceConfig.ExecStart =
lib.mkForce "${pkgs.mattermost}/bin/mattermost -c /persist/mattermost/config/config.json";

7
services/tracktrain.nix
View file

@ -17,6 +17,10 @@ let
'';
in
{
sops.secrets = {
"tracktrain/env" = {};
};
services.nginx.virtualHosts."tracktrain.ilztalbahn.eu" = {
enableACME = true;
forceSSL = true;
@ -46,6 +50,7 @@ in
hostPath = "/persist/containers/tracktrain";
isReadOnly = false;
};
"/secrets".hostPath = "/run/secrets/tracktrain";
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
@ -146,7 +151,7 @@ in
};
systemd.services.grafana.serviceConfig.EnvironmentFile =
"/persist/secrets.env";
"/secrets/env";
});
};

6
services/vaultwarden.nix
View file

@ -1,6 +1,10 @@
{ config, lib, pkgs, ... }:
{
sops.secrets = {
"vaultwarden/env" = {};
};
services.vaultwarden = {
enable = true;
config = {
@ -27,7 +31,7 @@
SMTP_USERNAME="noreply@infra4future.de";
};
environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
environmentFile = "/run/secrets/vaultwarden/env";
dbBackend = "sqlite";
backupDir = "/persist/data/vaultwarden_backups/";
};