feat: NixOS | use LUKS and proper hostname for k3s domain

feat: NixOS | move cluster config to /master

fix: update all stuff for office network

feat: PiHole | set up DHCP server

chore: Cloudflare | delete api token secret

chore: remove external-dns annotations from ingressed services

fix: PiHole | turn off liveness checks due to host ip

fix: GiteaActions | use encrypted storage for runner

fix: ElasticSearch | use encrypted volumes for storage

fix: Pihole | static mac addresses all caps

feat: NixOS | manual network configuration

fix: NixOS | k3s cluster init point to static ip with tls-san

chore: Postgres | move certificate resources into own file + reduce volume size

fix: Pihole | add ingress class name

sec: NixOS | remove token from git

1password/secrets.yaml

@@ -61,16 +61,6 @@ spec:
 ---
 apiVersion: onepassword.com/v1
 kind: OnePasswordItem
-metadata:
-  name: cloudflare-token
-  namespace: cloudflare-system
-  annotations:
-    operator.1password.io/auto-restart: "true"
-spec:
-  itemPath: "vaults/Lab/items/Cloudflare"
----
-apiVersion: onepassword.com/v1
-kind: OnePasswordItem
 metadata:
   name: authentik-postgres
   namespace: authentik-system
@@ -138,3 +128,13 @@ metadata:
     operator.1password.io/auto-restart: "true"
 spec:
   itemPath: "vaults/Lab/items/smtp-token"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: longhorn-encryption
+  namespace: longhorn-system
+  annotations:
+    operator.1password.io/auto-restart: "true"
+spec:
+  itemPath: "vaults/Lab/items/longhorn-encryption"