From 74891f07845c7e125468637179b844e4fd397162 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Tue, 17 Jun 2025 14:29:15 +0200
Subject: [PATCH] Add OpenVPN service to connect to fox BMC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Aleix Boné <abonerib@bsc.es>
---
 m/module/vpn-dac.nix           |  34 +++++++++++
 m/module/vpn-dac/ca.crt        |  31 ++++++++++
 m/module/vpn-dac/client.crt    | 100 +++++++++++++++++++++++++++++++++
 m/tent/configuration.nix       |   1 +
 secrets/secrets.nix            |   2 +
 secrets/vpn-dac-client-key.age | Bin 0 -> 2246 bytes
 secrets/vpn-dac-login.age      | Bin 0 -> 568 bytes
 7 files changed, 168 insertions(+)
 create mode 100644 m/module/vpn-dac.nix
 create mode 100644 m/module/vpn-dac/ca.crt
 create mode 100644 m/module/vpn-dac/client.crt
 create mode 100644 secrets/vpn-dac-client-key.age
 create mode 100644 secrets/vpn-dac-login.age

diff --git a/m/module/vpn-dac.nix b/m/module/vpn-dac.nix
new file mode 100644
index 0000000..5e8e67a
--- /dev/null
+++ b/m/module/vpn-dac.nix
@@ -0,0 +1,34 @@
+{config, ...}:
+{
+  age.secrets.vpn-dac-login.file = ../../secrets/vpn-dac-login.age;
+  age.secrets.vpn-dac-client-key.file = ../../secrets/vpn-dac-client-key.age;
+
+  services.openvpn.servers = {
+    # systemctl status openvpn-dac.service
+    dac = {
+      config = ''
+        client
+        dev tun
+        proto tcp
+        remote vpn.ac.upc.edu 1194
+        remote vpn.ac.upc.edu 80
+        resolv-retry infinite
+        nobind
+        persist-key
+        persist-tun
+        ca ${./vpn-dac/ca.crt}
+        cert ${./vpn-dac/client.crt}
+        # Only key needs to be secret
+        key ${config.age.secrets.vpn-dac-client-key.path}
+        remote-cert-tls server
+        comp-lzo
+        verb 3
+        auth-user-pass ${config.age.secrets.vpn-dac-login.path}
+        reneg-sec 0
+
+	# Ignore 10.0.0.0 route as is not needed
+        pull-filter ignore "route 10.0.0.0"
+      '';
+    };
+  };
+}
diff --git a/m/module/vpn-dac/ca.crt b/m/module/vpn-dac/ca.crt
new file mode 100644
index 0000000..af1427e
--- /dev/null
+++ b/m/module/vpn-dac/ca.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFUjCCBDqgAwIBAgIJAJH118PApk5hMA0GCSqGSIb3DQEBCwUAMIHLMQswCQYD
+VQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmEx
+LTArBgNVBAoTJFVuaXZlcnNpdGF0IFBvbGl0ZWNuaWNhIGRlIENhdGFsdW55YTEk
+MCIGA1UECxMbQXJxdWl0ZWN0dXJhIGRlIENvbXB1dGFkb3JzMRAwDgYDVQQDEwdM
+Q0FDIENBMQ0wCwYDVQQpEwRMQ0FDMR4wHAYJKoZIhvcNAQkBFg9sY2FjQGFjLnVw
+Yy5lZHUwHhcNMTYwMTEyMTI0NDIxWhcNNDYwMTEyMTI0NDIxWjCByzELMAkGA1UE
+BhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS0w
+KwYDVQQKEyRVbml2ZXJzaXRhdCBQb2xpdGVjbmljYSBkZSBDYXRhbHVueWExJDAi
+BgNVBAsTG0FycXVpdGVjdHVyYSBkZSBDb21wdXRhZG9yczEQMA4GA1UEAxMHTENB
+QyBDQTENMAsGA1UEKRMETENBQzEeMBwGCSqGSIb3DQEJARYPbGNhY0BhYy51cGMu
+ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CteSeof7Xwi51kC
+F0nQ4E9iR5Lq7wtfRuVPn6JJcIxJJ6+F9gr4R/HIHTztW4XAzReE36DYfexupx3D
+6UgQIkMLlVyGqRbulNF+RnCx20GosF7Dm4RGBVvOxBP1PGjYq/A+XhaaDAFd0cOF
+LMNkzuYP7PF0bnBEaHnxmN8bPmuyDyas7fK9AAc3scyWT2jSBPbOVFvCJwPg8MH9
+V/h+hKwL/7hRt1MVfVv2qyIuKwTki8mUt0RcVbP7oJoRY5K1+R52phIz/GL/b4Fx
+L6MKXlQxLi8vzP4QZXgCMyV7oFNdU3VqCEXBA11YIRvsOZ4QS19otIk/ZWU5x+HH
+LAIJ7wIDAQABo4IBNTCCATEwHQYDVR0OBBYEFNyezX1cH1N4QR14ebBpljqmtE7q
+MIIBAAYDVR0jBIH4MIH1gBTcns19XB9TeEEdeHmwaZY6prRO6qGB0aSBzjCByzEL
+MAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vs
+b25hMS0wKwYDVQQKEyRVbml2ZXJzaXRhdCBQb2xpdGVjbmljYSBkZSBDYXRhbHVu
+eWExJDAiBgNVBAsTG0FycXVpdGVjdHVyYSBkZSBDb21wdXRhZG9yczEQMA4GA1UE
+AxMHTENBQyBDQTENMAsGA1UEKRMETENBQzEeMBwGCSqGSIb3DQEJARYPbGNhY0Bh
+Yy51cGMuZWR1ggkAkfXXw8CmTmEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEAUAmOvVXIQrR+aZVO0bOTeugKBHB75eTIZSIHIn2oDUvDbAP5GXIJ56A1
+6mZXxemSMY8/9k+pRcwJhfat3IgvAN159XSqf9kRv0NHgc3FWUI1Qv/BsAn0vJO/
+oK0dbmbbRWqt86qNrCN+cUfz5aovvxN73jFfnvfDQFBk/8enj9wXxYfokjjLPR1Q
++oTkH8dY68qf71oaUB9MndppPEPSz0K1S6h1XxvJoSu9MVSXOQHiq1cdZdxRazI3
+4f7q9sTCL+khwDAuZxAYzlEYxFFa/NN8PWU6xPw6V+t/aDhOiXUPJQB/O/K7mw3Z
+TQQx5NqM7B5jjak5fauR3/oRD8XXsA==
+-----END CERTIFICATE-----
diff --git a/m/module/vpn-dac/client.crt b/m/module/vpn-dac/client.crt
new file mode 100644
index 0000000..aec0d98
--- /dev/null
+++ b/m/module/vpn-dac/client.crt
@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=Universitat Politecnica de Catalunya, OU=Arquitectura de Computadors, CN=LCAC CA/name=LCAC/emailAddress=lcac@ac.upc.edu
+        Validity
+            Not Before: Jan 12 12:45:41 2016 GMT
+            Not After : Jan 12 12:45:41 2046 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=Universitat Politecnica de Catalunya, OU=Arquitectura de Computadors, CN=client/name=LCAC/emailAddress=lcac@ac.upc.edu
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:97:99:fa:7a:0e:4d:e2:1d:a5:b1:a8:14:18:64:
+                    c7:66:bf:de:99:1d:92:3b:86:82:4d:95:39:f7:a6:
+                    56:49:97:14:4f:e3:37:00:6c:f4:d0:1d:56:79:e7:
+                    19:b5:dd:36:15:8e:1d:57:7b:59:29:d2:11:bf:58:
+                    48:e0:f7:41:3d:16:64:8d:a2:0b:4a:ac:fa:c6:83:
+                    dc:10:2a:2c:d9:97:48:ee:11:2a:bc:4b:60:dd:b9:
+                    2e:8f:45:ca:87:0b:38:65:1c:f8:a2:1d:f9:50:aa:
+                    6e:60:f9:48:df:57:12:23:e1:e7:0c:81:5c:9f:c5:
+                    b2:e6:99:99:95:30:6d:57:36:06:8c:fd:fb:f9:4f:
+                    60:d2:3c:ba:ae:28:56:2f:da:58:5c:e8:c5:7b:ec:
+                    76:d9:28:6e:fb:8c:07:f9:d7:23:c3:72:76:3c:fa:
+                    dc:20:67:8f:cc:16:e0:91:07:d5:68:f9:20:4d:7d:
+                    5c:2d:02:04:16:76:52:f3:53:be:a3:dc:0d:d5:fb:
+                    6b:55:29:f3:52:35:c8:7d:99:d1:4a:94:be:b1:8e:
+                    fd:85:18:25:eb:41:e9:56:da:af:62:84:20:0a:00:
+                    17:94:92:94:91:6a:f8:54:37:17:ee:1e:bb:fb:93:
+                    71:91:d9:e4:e9:b8:3b:18:7d:6d:7d:4c:ce:58:55:
+                    f9:41
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                1B:88:06:D5:33:1D:5C:48:46:B5:DE:78:89:36:96:91:3A:74:43:18
+            X509v3 Authority Key Identifier: 
+                keyid:DC:9E:CD:7D:5C:1F:53:78:41:1D:78:79:B0:69:96:3A:A6:B4:4E:EA
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=Universitat Politecnica de Catalunya/OU=Arquitectura de Computadors/CN=LCAC CA/name=LCAC/emailAddress=lcac@ac.upc.edu
+                serial:91:F5:D7:C3:C0:A6:4E:61
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:client
+    Signature Algorithm: sha256WithRSAEncryption
+         42:e8:50:b2:e7:88:75:86:0b:bb:29:e3:aa:c6:0e:4c:e8:ea:
+         3d:0c:02:31:7f:3b:80:0c:3f:80:af:45:d6:62:27:a0:0e:e7:
+         26:09:12:97:95:f8:d9:9b:89:b5:ef:56:64:f1:de:82:74:e0:
+         31:0a:cc:90:0a:bd:50:b8:54:95:0a:ae:3b:40:df:76:b6:d1:
+         01:2e:f3:96:9f:52:d4:e9:14:6d:b7:14:9d:45:99:33:36:2a:
+         01:0b:15:1a:ed:55:dc:64:83:65:1a:06:42:d9:c7:dc:97:d4:
+         02:81:c2:58:2b:ea:e4:b7:ae:84:3a:e4:3f:f1:2e:fa:ec:f3:
+         40:5d:b8:6a:d5:5e:e1:e8:2f:e2:2f:48:a4:38:a1:4f:22:e3:
+         4f:66:94:aa:02:78:9a:2b:7a:5d:aa:aa:51:a5:e3:d0:91:e9:
+         1d:f9:08:ed:8b:51:c9:a6:af:46:85:b5:1c:ed:12:a1:28:33:
+         75:36:00:d8:5c:14:65:96:c0:28:7d:47:50:a4:89:5f:b0:72:
+         1a:4b:13:17:26:0f:f0:b8:65:3c:e9:96:36:f9:bf:90:59:33:
+         87:1f:01:03:25:f8:f0:3a:9b:33:02:d0:0a:43:b5:0a:cf:62:
+         a1:45:38:37:07:9d:9c:94:0b:31:c6:3c:34:b7:fc:5a:0c:e4:
+         bf:23:f6:7d
+-----BEGIN CERTIFICATE-----
+MIIFqjCCBJKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCByzELMAkGA1UEBhMCRVMx
+EjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS0wKwYDVQQK
+EyRVbml2ZXJzaXRhdCBQb2xpdGVjbmljYSBkZSBDYXRhbHVueWExJDAiBgNVBAsT
+G0FycXVpdGVjdHVyYSBkZSBDb21wdXRhZG9yczEQMA4GA1UEAxMHTENBQyBDQTEN
+MAsGA1UEKRMETENBQzEeMBwGCSqGSIb3DQEJARYPbGNhY0BhYy51cGMuZWR1MB4X
+DTE2MDExMjEyNDU0MVoXDTQ2MDExMjEyNDU0MVowgcoxCzAJBgNVBAYTAkVTMRIw
+EAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEtMCsGA1UEChMk
+VW5pdmVyc2l0YXQgUG9saXRlY25pY2EgZGUgQ2F0YWx1bnlhMSQwIgYDVQQLExtB
+cnF1aXRlY3R1cmEgZGUgQ29tcHV0YWRvcnMxDzANBgNVBAMTBmNsaWVudDENMAsG
+A1UEKRMETENBQzEeMBwGCSqGSIb3DQEJARYPbGNhY0BhYy51cGMuZWR1MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5n6eg5N4h2lsagUGGTHZr/emR2S
+O4aCTZU596ZWSZcUT+M3AGz00B1WeecZtd02FY4dV3tZKdIRv1hI4PdBPRZkjaIL
+Sqz6xoPcECos2ZdI7hEqvEtg3bkuj0XKhws4ZRz4oh35UKpuYPlI31cSI+HnDIFc
+n8Wy5pmZlTBtVzYGjP37+U9g0jy6rihWL9pYXOjFe+x22Shu+4wH+dcjw3J2PPrc
+IGePzBbgkQfVaPkgTX1cLQIEFnZS81O+o9wN1ftrVSnzUjXIfZnRSpS+sY79hRgl
+60HpVtqvYoQgCgAXlJKUkWr4VDcX7h67+5Nxkdnk6bg7GH1tfUzOWFX5QQIDAQAB
+o4IBljCCAZIwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQbiAbVMx1cSEa13niJNpaROnRD
+GDCCAQAGA1UdIwSB+DCB9YAU3J7NfVwfU3hBHXh5sGmWOqa0TuqhgdGkgc4wgcsx
+CzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNl
+bG9uYTEtMCsGA1UEChMkVW5pdmVyc2l0YXQgUG9saXRlY25pY2EgZGUgQ2F0YWx1
+bnlhMSQwIgYDVQQLExtBcnF1aXRlY3R1cmEgZGUgQ29tcHV0YWRvcnMxEDAOBgNV
+BAMTB0xDQUMgQ0ExDTALBgNVBCkTBExDQUMxHjAcBgkqhkiG9w0BCQEWD2xjYWNA
+YWMudXBjLmVkdYIJAJH118PApk5hMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
+DwQEAwIHgDARBgNVHREECjAIggZjbGllbnQwDQYJKoZIhvcNAQELBQADggEBAELo
+ULLniHWGC7sp46rGDkzo6j0MAjF/O4AMP4CvRdZiJ6AO5yYJEpeV+NmbibXvVmTx
+3oJ04DEKzJAKvVC4VJUKrjtA33a20QEu85afUtTpFG23FJ1FmTM2KgELFRrtVdxk
+g2UaBkLZx9yX1AKBwlgr6uS3roQ65D/xLvrs80BduGrVXuHoL+IvSKQ4oU8i409m
+lKoCeJorel2qqlGl49CR6R35CO2LUcmmr0aFtRztEqEoM3U2ANhcFGWWwCh9R1Ck
+iV+wchpLExcmD/C4ZTzpljb5v5BZM4cfAQMl+PA6mzMC0ApDtQrPYqFFODcHnZyU
+CzHGPDS3/FoM5L8j9n0=
+-----END CERTIFICATE-----
diff --git a/m/tent/configuration.nix b/m/tent/configuration.nix
index 1b7473f..57ac6e9 100644
--- a/m/tent/configuration.nix
+++ b/m/tent/configuration.nix
@@ -14,6 +14,7 @@
     ../hut/public-inbox.nix
     ../hut/msmtp.nix
     ../module/p.nix
+    ../module/vpn-dac.nix
   ];
 
   # Select the this using the ID to avoid mismatches
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 791a3ac..776e73f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,6 +19,8 @@ in
   "tent-gitlab-runner-pm-docker-token.age".publicKeys = tent;
   "tent-gitlab-runner-pm-shell-token.age".publicKeys = tent;
   "tent-gitlab-runner-bsc-docker-token.age".publicKeys = tent;
+  "vpn-dac-login.age".publicKeys = tent;
+  "vpn-dac-client-key.age".publicKeys = tent;
 
   "ceph-user.age".publicKeys = safe;
   "munge-key.age".publicKeys = safe;
diff --git a/secrets/vpn-dac-client-key.age b/secrets/vpn-dac-client-key.age
new file mode 100644
index 0000000000000000000000000000000000000000..3e92d23553e801a07a342dd94960dc46a4799298
GIT binary patch
literal 2246
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4H}#1yEmtt{PBBl3
zN;k;Lb_#NLF*kLo$PDxd3N`WaNGkWw&DYK{^v;hmO$^dbFXt-vk4!goODzp7H?A<s
zDNZy@3JVIhFfp|V&8ze?4XjGfEDH8E4tCWy4@I}l*)iPRBv8S`)U~1_!Z|cVKg=>W
z+$qDf%D>7d)gUK4%hcID(kw98BDW&l#K<@@q@2qn#52vzu_z@nIHfXOJ1Z};ETp_R
z(xcQUAkoXhFeJ;lD&ITIH!C|R#}(bS3P*EeOGgDi*HU9=^TdKQAIB=+<cz%RRR0K9
zBkclbgUBkELVcIOLSr)@!`$r3^l~mI|5Br*qL3he^UA`~Vr~CO??elCm%wzt{LsjX
zknl`T17E-5EN9=6(0p{;e1qMLQ_>aO63z0x%(c@hD$BGhOx(?!d@PKjQe5-Riy|wH
z9SdEZf?WL5^u5EqgG{)B^Q!{1lge_7QiI$KDoZl`Q{6+e)3dx2(;~7;vIE@{bMg(!
zi_(h<k|Mcub#)c;y*&deEG&~Ny^{+4oI=y{g8VbeymQ^ca>M+pA~OBb3XJp%1IvO^
zgG0Ig&Rw>4^P9ZXwmc^-oi9nktL{f|#;sgZ_MZ8<cfawThJ!avn{IvARpoZx!*%tH
z=;Yt}3I`|d@eqx^S3lFgJXOhZuduk(((|9A7_*!9SjW3F=|n`ixFozf{pm-<&Is|v
zPqh;c6of{_)$81w)FXLizqHlQf>#{H>L1U}-^ZvL_kp4Axs`;2{K1T+HX*LgCtYvo
z?yUVaQ&Y-!ZKC%4$Ik@y+!o!D+j9D!+&a$I3tou=C)Kvqh3CF0H1epma>@ENd1i~|
zo4vm*G}kOxn|J>z=QSJaUF)l^dp%wLiC;}h^_oHM?9WS^kI!S6Kh@eVO}8z%*IXlP
zu}Z&_hS5g7^*&6F7vE{W`R4w?bZ=v~#iuoI`F>d}@Tyqs%KCBr%iX%Qk}Kb}=H-a8
z7YF+Oo;&H$hV;EnYTOP9rM9VIY>r35Di=#EIy|3;)5}`=`i`9o|Lr{gW_tUTw!-o?
z>(uY)1sBft&S)vhd-b*`bHPOACyH)o9X-o+`o6w;VEEByrOKwKA4@D;_iD~O`eei7
z-O=0LaC&BZTeo1oYeDHF&4bUxN~|S*w_6>*lW|PBuOf4X{N)>6XXV_Oj(PVpw4_ec
zTB5aO?hbz4z@$`_bkCl!D}P>Of4tvP9rpU0>Y|tv->02?`FMHpy?&w7&*BbnUS|(=
zDo*Av%v~a@yhXUFRG#a_f6r4&$<m$oCkjhD1adG$w6GbSTGcTp_QUM(ZiD^X=JwC|
zH}Bye?!4(AUd#}ky>gvYdDU`p=4<ldt76u^$S4wg&lI`(rnjzHiuea-r$dh}3(dYE
zz`vy`u{duPhh2XAOzs<h7=Dyk$G92lmj1}M;;;WD_QL4XJ|Rn!xhWU2-%k=S-Ehl5
zTW`tc1ze8*zWx4nz{B_Nrm#QuGlHh%@9DAm9NC|1Ag;UO+>!nACTm=qQlx{r_ox4|
zzf+REDS1QX=QZ+j6Qv5<Sw3Y=Kc#T+O!($F-BigbcK<pjO`j<>&2!H8j;~cLC6QYh
zeS|NpTrPe0a@~=<nVp(5RAqunZXTZB(ciGmkMC;Kzdx_8A3k_l_^)CF&-{)^-u;Z4
z@~@V!Ra0!3!xj1_XfuZ*tNgz!x@x^43MYEjSei=o2+x|HBj%@d=!8m8cZY}NXRFVf
z_Q%ayTRU_5^k8@1hX*$QzW3)zgQMDJqds@#p1oq<s%A27xz(L``~4=v{l=eu{@BPE
zQr;$Q@2<7)$nAz0-;Cg23s$*qcsW7RpgJly;p4ZvpTs#%_Lgm2%llAy_w27rG-8j5
z?|C-GdQ$$wR^gZbd<2YkboaZTd#USaRVn=U&Z~f@T;`5!Onc-PrC9xzP~Lovi$SI1
zb#~vfm9|`Aix*8{bm5pMIcv|wcM%~R?U8?ilzLhgE<Rmukrw|-cv3`}uE8{$8@zK4
zmHs%G*b@-@Mg8zj*JUZ^KP|}3W|*YYAQW!0`o+YbAE*5A{OE8+#h91hbE|Oqt4q@w
zJ3<8BEu5w`jVn!p@o2-{%)M`$k`ixN&iQ@idSbPX-^;Rt=Ugt8E&jV~pY7|ddmpu&
zo2Ihw{QIVzE?+rhQyoNBn$G%pI%Eg)vvbv=>E(qRnlu8QaKHFwFn{G0ce&E(r8xxx
zWrxeQcRyBkUzvYhNyBWz+K@>$IpVJ#?Y^^f=Zc^Chm1BT+pui@^!{!@B*&kI#uv_C
z)^M&9iBnrvxLA~*JJ92{Plut#wNEB9?0Y8el$ktxN>I$*rnv08ZowU{t-PB28#U&g
zX54f9mesv^s!r=|nsek#-g5h#3Tgh*lX&HszK(#!)yv^*w!PP7V;X1Aw^K++=idJ*
zG`=%+{hXqR?ap!>8>E%_J%W~R>6yj<oMC(SR-YrMrtA<b;#jlpoY<P#rA|TRY|9w=
zgCcIvF49=NOjmAR?+nhDK_3;PwfZ{F>U;N2d;Bu`M8^BMt<6$j#V(hKXnB70p7HkN
zM2Ct0JTyZ(>{M@^xDdPEbc@G9i9Wsifg4u6Pc{^E{a?M~cZAZn3A~MUV)vQf#cJLA
z)U~~|zU}6ps~-xkZ4H+_{3<P|wIV2L=|>ki#T>8HMqVfFf=P{@?%O9ur1L$f$=+h~
zC16dezT%$GpZ)i|m^61nsr%#~%Il8F+<p|h`^>ND^>WqaFP}X;vnKVof9N)@dEpJ=
zZTD*(&VAu6)iRgM{TbS#FZWoI$x$&~YscnN=8*EO+x{0zls&DV_c)K~PlHm3_M-2S
z9m>aIbADd0z7Wy7^SD{Zi#yY9>EE6xSv2kY?K>J8k9)m;)qJk|aKF>+p_#qe?~u@|
z-5ymJ63X)}&#a0&kleia+u3P`4zEQFgKw@}TyFY#@&CFbLT{gG+dowHDA0-cy0oZ#
Qm0Z=%Gg{``**OBO0Uq7`K>z>%

literal 0
HcmV?d00001

diff --git a/secrets/vpn-dac-login.age b/secrets/vpn-dac-login.age
new file mode 100644
index 0000000000000000000000000000000000000000..eb0e58beb0658020d16983549202c59de8124389
GIT binary patch
literal 568
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4H}#1yEmyEe%&PP*
zvM~29uJWl2G6+xi@X9W9(a$Y4GjTRAC<u#6Pf1HIH7+zWF6Z)dEi%$i(Km9b2uKOc
zD9ujPH%!hdG%)lC*3PO3EiNifHu5V@)OODe$Va!$*)iPRBv2tZwb(5sGCRA-CC$UH
zqCCXJAl1vsE7HlJxU4Wepx8UhG2gN{Gh5$0ET7BQ$=JfZD8$dhJ-5`%ugomR&CfG4
z&pg@NPutQdHO$>R&`CQt&Cu1f*cIKj3P*EeOGgDq_r&CgLjRC77yXRf%=~QQ?1&`i
z;v{`zBSWvmte`M$|0*ww#H5fgqiimHecxomN<$-U6Q@cuPd~5x#0rm~6xVFas7PNE
zue6kuASYw(l1evyi$HYSe1qMLQ_>Zxyz|p?auch3bDW$^lRUgFeJXsDi~P(igF}+M
z9NmgTQ$h=qeInB<jkCG(OuRGlvWiM9^nFV#!n{J<0z(sn-26RULQBdDGW5-|0&~qu
ztICZ7-2%CEb#)c=1I!G{41&wt^O78^LIWMcBTWjzQ}WHDlKrDXvLdq+D}xJ5)4Y9*
z(>=NBOg~+W;WJh}H^FVwl8Vb^Rm?I$b~Db;E@x|Hcqo3L{0H0Ao}MFOrOqrD<6I&?
Qb@O@2Uz@R}Ea-|00LLr3z5oCK

literal 0
HcmV?d00001