feat: make yubikey pam work on all machines

2025-12-06 09:07:21 +01:00 · 2025-07-14 04:15:14 +02:00 · 2025-07-14 04:15:14 +02:00 · 21c1067572
commit 21c1067572
parent 18a2a32bae
5 changed files with 77 additions and 112 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -5509,6 +5509,10 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance
 #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-yubikey.nix
  { lib, config, pkgs, ... }:
  let
    inherit (config.swarselsystems) mainUser;
    inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2;
  in
  {
    options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config";
    config = lib.mkIf config.swarselsystems.modules.yubikey {
@ -5518,6 +5522,21 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance
      hardware.gpgSmartcards.enable = true;
      security.pam.u2f = {
        enable = true;
        control = "sufficient";
        settings = {
          interactive = false; # displays a prompt BEFORE asking for presence
          cue = true; # prints a message that a touch is requrired
          origin = "pam://${mainUser}"; # make the keys work on all machines
          authfile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
            mainUser
            cfg1
            cfg2
          ]);
        };
      };
      services.udev.packages = with pkgs; [
        yubikey-personalization
      ];
@ -16602,7 +16621,7 @@ This holds modules that are to be used on most hosts. These are also the most im
        general = lib.mkDefault true;
        nixgl = lib.mkDefault true;
        sops = lib.mkDefault true;
-        yubikey = lib.mkDefault true;
+        yubikey = lib.mkDefault false;
        ssh = lib.mkDefault true;
        stylix = lib.mkDefault true;
        desktop = lib.mkDefault true;
--- a/flake.lock
+++ b/flake.lock
@ -228,21 +228,6 @@
      }
    },
    "flake-compat_3": {
      "locked": {
        "lastModified": 1747046372,
        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -258,7 +243,7 @@
        "type": "github"
      }
    },
-    "flake-compat_5": {
+    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -625,26 +610,6 @@
        "type": "github"
      }
    },
    "nix-alien": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "nix-index-database": "nix-index-database",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1749976779,
        "narHash": "sha256-Mjb4qsu+Fma1cXe1lGo0GqisvsiUeW0LfacziI7C7oM=",
        "owner": "thiagokokada",
        "repo": "nix-alien",
        "rev": "f8716e36f8864e2f50663fde364ddd8dce5d937f",
        "type": "github"
      },
      "original": {
        "owner": "thiagokokada",
        "repo": "nix-alien",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -689,27 +654,6 @@
      }
    },
    "nix-index-database": {
      "inputs": {
        "nixpkgs": [
          "nix-alien",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1749960154,
        "narHash": "sha256-EWlr9MZDd+GoGtZB4QsDzaLyaDQPGnRY03MFp6u2wSg=",
        "owner": "nix-community",
        "repo": "nix-index-database",
        "rev": "424a40050cdc5f494ec45e46462d288f08c64475",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-index-database",
        "type": "github"
      }
    },
    "nix-index-database_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -759,7 +703,7 @@
      "inputs": {
        "devshell": "devshell_2",
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
@ -779,7 +723,7 @@
    "nixgl": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1751696036,
@ -1019,39 +963,7 @@
        "type": "github"
      }
    },
    "nixpkgs_10": {
      "locked": {
        "lastModified": 1750865895,
        "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1749794982,
        "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1730531603,
        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
@ -1067,7 +979,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1746378225,
        "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=",
@ -1082,7 +994,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1751792365,
        "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
@ -1098,7 +1010,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1720957393,
        "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
@ -1114,7 +1026,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1751792365,
        "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
@ -1130,7 +1042,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1744868846,
        "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
@ -1146,7 +1058,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_9": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1748460289,
        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
@ -1162,6 +1074,22 @@
        "type": "github"
      }
    },
    "nixpkgs_9": {
      "locked": {
        "lastModified": 1750865895,
        "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nmd": {
      "flake": false,
      "locked": {
@ -1219,7 +1147,7 @@
    "nswitch-rcm-nix": {
      "inputs": {
        "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1721304043,
@ -1238,7 +1166,7 @@
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts_4",
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
        "lastModified": 1751906969,
@ -1282,7 +1210,7 @@
    },
    "pre-commit-hooks": {
      "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_3",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nix-topology",
@ -1335,7 +1263,7 @@
    },
    "pre-commit-hooks_2": {
      "inputs": {
-        "flake-compat": "flake-compat_5",
+        "flake-compat": "flake-compat_4",
        "gitignore": "gitignore_3",
        "nixpkgs": [
          "nixpkgs"
@ -1365,15 +1293,14 @@
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "nix-alien": "nix-alien",
        "nix-darwin": "nix-darwin",
-        "nix-index-database": "nix-index-database_2",
+        "nix-index-database": "nix-index-database",
        "nix-on-droid": "nix-on-droid",
        "nix-topology": "nix-topology",
        "nixgl": "nixgl",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
        "nixpkgs-dev": "nixpkgs-dev",
        "nixpkgs-kernel": "nixpkgs-kernel",
        "nixpkgs-stable": "nixpkgs-stable_2",
@ -1449,7 +1376,7 @@
    },
    "sops-nix": {
      "inputs": {
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
        "lastModified": 1751606940,
@ -1474,7 +1401,7 @@
        "firefox-gnome-theme": "firefox-gnome-theme",
        "flake-parts": "flake-parts_5",
        "gnome-shell": "gnome-shell",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_8",
        "nur": "nur_2",
        "systems": "systems_3",
        "tinted-foot": "tinted-foot",
@ -1716,7 +1643,7 @@
      "inputs": {
        "crane": "crane_2",
        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_9",
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
--- a/modules/nixos/client/hardwarecompatibility-yubikey.nix
+++ b/modules/nixos/client/hardwarecompatibility-yubikey.nix
@ -1,4 +1,8 @@
 { lib, config, pkgs, ... }:
 let
  inherit (config.swarselsystems) mainUser;
  inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2;
 in
 {
  options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config";
  config = lib.mkIf config.swarselsystems.modules.yubikey {
@ -8,6 +12,21 @@
    hardware.gpgSmartcards.enable = true;
    security.pam.u2f = {
      enable = true;
      control = "sufficient";
      settings = {
        interactive = false; # displays a prompt BEFORE asking for presence
        cue = true; # prints a message that a touch is requrired
        origin = "pam://${mainUser}"; # make the keys work on all machines
        authfile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
          mainUser
          cfg1
          cfg2
        ]);
      };
    };
    services.udev.packages = with pkgs; [
      yubikey-personalization
    ];
--- a/profiles/home/personal/default.nix
+++ b/profiles/home/personal/default.nix
@ -8,7 +8,7 @@
      general = lib.mkDefault true;
      nixgl = lib.mkDefault true;
      sops = lib.mkDefault true;
-      yubikey = lib.mkDefault true;
+      yubikey = lib.mkDefault false;
      ssh = lib.mkDefault true;
      stylix = lib.mkDefault true;
      desktop = lib.mkDefault true;
--- a/secrets/repo/pii.nix.enc
+++ b/secrets/repo/pii.nix.enc
@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:kB5NklcPG+cHvbQfMji65/naMuXdpV/S2WH2iUm61W/cxp/OYw446K7fOwlBlbDofw7UOrY1C/G3CJdFiE2/oBd81d+P3+ofxFDxjQLPHz5FLITy0laADUGXnQIEKn4cP+/kwnNDUPC/eGYdsraeuWuPDJwcPVuyGCVoM7AiBXkBG+a31yEEiDj/SPIoSU3H6mojjpnSw/ZpW7Dl4HunGfK36hulNIvf3O7UJ2l90D5WgAabLYYJZpyu7uRivIvNZ9IouhTlyXqvkwGG+KZr/yNbPYQv08ShiqlevMn9R0571imZ8BxAA4jF1ndDH8vwl+d1J+XV8dbAVrZ6fDEYWMnD1DVXktEggjP0lOvYSRtqnlga422GcoDIvzm6isvE/CURPwbAcNyDt5CXYA+wGefyiQmwpa0ITLKIw404Bh3Ba/RHQsU+HCg7TWo6SQVzxods37iC6w0sxkd6/k4i/ZRGFUCElUsNPngz24W6qMYN2cmegZg6KwJ8yRSen4/6Oh/58n72pPOBB48pRXY/NYtkclilagUYqnBfVzKrFCNCv0yjLjEiyFtYfdz6L66rGy/VIYQHhS5uuT98IUXzXaoHyMhzL8r6/o0VX6/ZVjXvTPOXRBA9ZBw2HDMbCxCM6z808B3B5XPxNLoyEqBiFjKmKVW9uQCEPH1UJ65OkjZTarvpGw17YaJ9FDZvJbffhGlYvn9zLXdMw216B3rA8oI1sxP50JgRdxtfkRsyhOCNOudT5e1c98k7FqP3/Y3nVfWNATu5meOlEpA/07BIefh89JhmMOKQ3SEn1Ca1fLqwTDcdufLq5iODver5AXwARfwS+1O1BrRnuVpc9xFODoclCDIH67DKDCw3X/4z+B1NvK00yXZQWnN3npth57cejVHicU8r6/yBJk8temq87roTg7EPMZH1MlrSUHhFaxp2uvrn4BhjA7r5cTF1tdCXZdh1mbG3KmQ219GbDxooyFFmZu67NLe4Fspr11Qu+SCNZhQT9QOIcWH7IP/YkoHpBcGdb18Kszx7HlHl4Y3U3fa6qfF7q2HJs6hVZSeHGdBMzsQdp5QOkw/XVEb4fPRa7tPyOPSmFoaa8jwuY1j+01/kpFyXN+Gpnu5Ld0axszp0DJFHckKA6OerMPKWep9e0X/lhGb5JzoWil6ekn2EUbab6lrJ/PS00zaauO/KRK0FTXMYn5sI8Kxy9pPc4lVmZ7KvvwAi2MIXoUivoZRnLglOUchYgv+l7AeUWjgGjV8/6/Nhep8ws6ryy8zU9WEu8SpkFVQA7mjBV8g+H3pR4AjyX3KeuuhTfodpzMU3narAIzX36tZMGifE1Wxfr+/U0Tsc3KCX8STLMZzKL00drFyERGTjfRfCQ9vHNm5JiiCWA4gqoB1C0nHKFiokfkFoI842qWUrfb7/G+YFbRMidvjYAEtgO3JO1bm2aupNRS9O6v+/dn3te6j++wSkXA2yezwZ+ww+a0lxAVZ7NEafkcjqd73fq/6w/nz4NVoh6/zNxq6rAgbjNOTfMJyZqWTOBWWJvDa5GDmMzwn/+DlLkc7Y9FObLoDOOYV3tHOI2hREEhTVJtAWKx2uQ+w1YmvOOUXg5HoURPgYw5wGJVcHym/ECEAl0s8zkST8/nkfZMUW6rK8toYyEJ6MpOrLqsxAI1HvdkDgXcjvxhXwl9ZGjIswj7kP+o+NGExVHxvqT8NhtbxKnhRvnJXgbip8bNdjsZ/PFmjKqqSAQhwWXtfYNRaeCRuTduyedCwxtuktr6bRgcrJ5F2hFYpTN96aBh8Bb238bSBHbBV68dPzdwTbVl+2HIauXDCRBkJ/v9phiInYraQFZG9ifNw0rx0jyirNRjUTt8UTEz7+3Yg1oxvYdZ7odszTsHJ7bx2sCm+FFN5dtn5Fizo9otXkfV3h9l2k2wtQ6ZK0gIgCyIp28Rn97GiCGZrOWhKvbKJsqOR1LPGAUmXGhB9T4698g/5H0ArQFRvKKaIq2YoI62bwykIKmNFrWa0APWPEXGWch7bKZwQAazEW53A30V0UQ7QLSQwgO3oZghfA+K9Hgg3ujSeP5H7dQ7LrbuICJ9yLAbHi7bfPwLeGl0CgXjI1Z4OoK1rsDJKmV37uZUvSxkCN3oauIPxoTu1/GZ5FD/+o7Q/VDXhWrwgafNHKPpq5uhwKU0XDJaHvqMBP6s74+tMqkKkzomDTGPeRp+bVctwUwBHAdBuGUKN1pTL5iaT5fhnDIEiQFqHM0aEbjPWtDlsziRrinCc2iQF129YKEr4PSEuXg8lxjuiKhmL6G+JVh1djVTfA9zygsaikjArdh8Zpanq8VO/fwQtS99Lv/suJ1ws9PXqZiYn1t4SYHgIwDjv6+d/TmPYt6VzcThjjyEjlYjrFOT7TvN/1LIyiY0e1/KqLOw2/KZ0fXLTqwLLlWdRR0oewnrXmTzYRB0KoBeD/S7JvwnuTpdHw4ju0O+OLaM2lAxImnzo2HP8qNtDeCHq1EUwAk9ch4jYrwjhjWK8V9EqBSTDDPtPo22gKM62WJVn4LPWLehpZPwSO73s49DCCYTvvioR2iRsYYBinLNpgEEs9/WlHpyELZWDN8Ae0+x1R1+0R4GgVlH9frCPjQ1k8CMJuDN83Kzw9+V9qF2WQ,iv:i2EIMD409Y6wYhRwVjLtf30m2pR3JtFDqT+VnFBaTz8=,tag:03MllePz2dHzk5IW+DmvHw==,type:str]",
+	"data": "ENC[AES256_GCM,data:EF0WWDO7RbeBETTY74hH+dPkI0gxqZwJcciHT687Jj/w4T5MuiVBHd61LPhYsnMmoN//yBzRGgNqHr5Cw5EZiwnK2X2/tobv6f8iD56CLM8wQvtUtmRaqjwirSL2MVJlDuaGkUS2D+6hdzqGnRFRiL9FN0Lt/FLU4mX+Iv4iy+SOfd6gaGjJBq34ZdrL1EU5hdzoRFhQKWRi8GyBq5jhyn7JgTDF2q99Cx5EwuN1NrgKsMhtW0VaYxwL6wnhO/iHO0WIIf+ORXuRVZBLFr6AOAg4nG7JL9HWn+QZ8uUBCzYYryqPcUWZ/2V6e/gVsLCNpfVB0MqGnn8zLYx0ADeBnlKTWID2zp8Mb4Ygxx+2pj6pbVKWj2kPG1pMXH58NxaqSU1ouoh8+uhnGj/VMIvJ7I13eo/rf5ju13Qj9mh5MCFMTh8uBN9M6euGgHgwS41N/GmZIGa01qVDjIc4r0NQjIa5/31IcedTzrVaChjV5RVFJIMD0NmqKv4zkv95Q0+mlee/9SZXirXAfgA4bvUnBR/dTOogC7c2MrANyl/mUAch6UmA0FG5ALC+trlvfY2FYdsbKuL4TWN3CqUCO+bD2Nfeg1y7PK/2xZ5gVNCbIRQy/AdZMWU4NX1N4Hrm+seT9cP6etIu2JjFDg4VIyCCgnFW2O95GOHkBRcVZmBE6Y6ttZ7D+UNSsctXO4duerjMd1Hf2NwaDS0KBNPct2wbCfx5L6iCN4/5KW+vzzy3TPxti1qarZG7jyUeWWAsgn27mKq8v7xbAKIPs6+ebsAH2GB4dY1Bk+cr2mpNychJXJ9G+hfRPuU+7eMhNG/ckFx2Axw1BC6MYaz2zGPQZXayTWVvcbx1Lhx9jqL1QjC2WKc3bxPUKWZy9xhOTS/tGMK8MIWk75s5JnJfhnQ/wMMqXjEsaITSQ1hJhKKVDUTo6FfooZXgFhY7wKpW5gl6hstL9YI+ccZmRtHkyb03ibiOVBni0xzQlpY7vh+DKkOCgl+DcKwAslmhCDFyR9s4ARrQojY5LZtDwPStV/LklU5lcelzHiwUNdirWSd0xN7wobZDLO8U1SrMYkqdwKDNGGObc2G5DqDNtpIxv+bvAr5llth5GmVd0soJdTrORDO8ZfbbDcc145pfva58D4jptvpuTbMnTTtYh3vNHZDxUoTVICUsfA+EMKwNSAog4eQhc/jLdCgLO2AdfL+0bGhAu6mk270IOZOD8ZEXCW/ZC5JwYPXLmictIWGtGjZocV8qMXFJB4LDyLm/49HntW22xcgTEG56VN/Y9YHXDrA2KmjPWNRy9OazPwe4Xqk2CjtwL3be0XuQ/dwwUcd8jh7v765cDrLNWgmwFM2SdmImtyKTeevKPiQOjQgfa2yK5Mmmtw8HpyPkYjdGJSFHm+gco+HaEyl3EfZNB/zQ1vhkWK8Fo70FOZ4tCgi6u+6vuxKPSWz8Vgy4d/fWzF1r+/bite6b4fOQYQu7G0yMVMk2aDGJt5cLTsHLTKy/CNFCc8phBfJXi17u+YVvqyjLuD2QwK0ehF/XIvF5xyog7hWruGaAM1homjATItlLe2Bv6Ag8HXMmcS6CFK5FNKhoLIqiCP1rShzQpYQ94f3kwPFCtXehUSj4WY4XKsYGyFQYiQiqxG7SESXDsmaJKl688e/nsFBGNhJa/AKRflN6XC3ZCtarlG00RNiVjh+lpR8Qx2OFv+u96KumbZ+KDiN9s29AWNBJES0wLoLTZ4NDtIBTV6s5quEEh+R6+m0fLQXjvcnR0uQGtdIf4SDp4Is96oUHEfcmmp48lJD5s8nXT5cKA+ZeHyo7ixh/jiZWhHm2hMWK4+US/wPLoFaeiGGl5jaeV4RSL2uF+lJtfDRHR+4u9PFUro0RWNStHIov21kFkCyxzVQ5hBz2avGgqnoPDbYA31PcPlXXEttWmcEaq7Q+5v0Ttm50UBasS9D/gX+h9AzyP7xljf7i+lqlYjS8Abu8V1wwzPXt9kkYfOUX986QGittxhyKAffyGl/D6hvgv3kuzkzQivskrQLw+3y+My2JHRvIawkUVw2twr6sDY8hsNrvQHVfd6nfIBBsC7ZQO+xF68yjEAA2TwGu3eh3nD3i0G6XcZBHhmlTHM4gtRX4/BD2WM2JxSYlRg7cMtKObICP7cBSE7Mxy6Xatx49Ckp7+sE9H/y/EMCHUc48ayoasLPo8LwdjcZsWp69t9zFO1fdW/HBNCAmhrHwdvNieadPqjzGs7gU8cy/GE/pYXoBrWh2Qr3awMvAmmoshnVsHB8BATVo73FVI3UTkNOkppKhzcOFIULxa4qEI/tgjSGBqVTXdMPEX6WL7OQMm7bkhlUyU3BMcNd8IyxK2p+VsznOOQW8fN0NdZtqi6a8lYQIulX73oqM0p/th2eFl18bxMbkm5agEk+bzFPdAQmRKwExwzWDTxjKIf7jChQ8MYD4a7/i2Qc1qYXZGtkNAF6Yf7Rb7q8ECqkiIcAGDiPDtoncM5Fq4z/hFsPbKEypoZqgnRkMWDOGqQFDr6wpJ2U72CJ7FiZQ2Jhwqz8z/wKpRxI5srbzgRkIo/ZCThvKmFfcjLhZGqmtLk0F1VOzW6xgEh9rzaFEvsrY3lrwiDEN3f6D0XftXLYXw+jdqy9pN9twYsbAbWzYGvLp8vQAz6Q/uiyqYxzQnrUKLJYr5e3RfSEP4g8m97y6EqHx9IsYeT8Yybvnc+qKmh4H1xg0VgLzNDKOKjVP4XUtWJax61VDVzICFO/SX88hbmf6fEgNLO79OmWh8svkS7yYFdi4LxWlxeYQOf+hsfawCpRQ0d4AIvOATRDZK0itOKDU/Nx9wyj9MFSHDwAh9MzEQ3BknCNbo/feOx7pri66eVMNJlOTa7dSTAgQsiP8+weNkCWhJrnxgPlNXxicCkPjLtPWPQZm8gozjuNM3fe+YY4zkwkz7E7tctxq5Zai7Ple5stRUYHTPBOXP6TrUUVJfiElh6PHRhamAZUiMzcrM+qM4tdJjtvRJLR7JucAqZqW2dh6Yq9bfH1LufxvukwR+my5sND3mjz9E+S2YPV3fr2cB7sqQqrtBa+UtC3tywk4aVIJ6hTOiWB+HAGAsRGBNuxVb/oUZIlI7ub8N8Vf/tMPwLyfS49LKwwx4lFTxQRKkvpv/ZARR5PtZVIS3nLh4AORqylM2gIi2Lx2862tJ4SEo4WQy1aukQ==,iv:pEDV2WLEFisblx+XrhuoaNpxtk4Byj+jB/ixhsk3uPQ=,tag:T4xI5g6sIrIobuSuViG5+A==,type:str]",
 	"sops": {
 		"age": [
 			{
@ -27,8 +27,8 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-07-05T11:16:37Z",
+		"lastmodified": "2025-07-14T02:08:47Z",
-		"mac": "ENC[AES256_GCM,data:gdnY/T7kDdSzGR9FCrnMJdBhBgr3ruveVnMGnFFjydVeJeZCLkDYdGHxyoaywrJ/KQpx3OpIai/DwzDVQmNjNhC66cEE11xovLV37IzxXY2+2kFqeosIFMaAiA4vZuTBml9YbVMschGZypPwXn9rkjJxaFH0pVt3CJaNbaBn/tQ=,iv:LYHfq3rxkD1c4hvDl605Tp3OlQ4hSocSPnb2uynuc2g=,tag:Rtx8g+1CgIkrAcmsaI92KA==,type:str]",
+		"mac": "ENC[AES256_GCM,data:ZT2q2cHleWw+h7JNzWi+UnFo7G72xMMjzkbr4Ixp09xT9jqHjeHRitRveoNyh8jcRSbWxVeYf1fpKEKPEAxqU77NORhD/QBFjQm1iG/UH/xkRNBTQ/kE+yp/6jlkyfJ/m8ulTSbegz2eQkko9HP9qG7+QMcESP6zE7ko8UFPXAY=,iv:AvQDzn9kQYj1cr6K/luFZkv2G1UAQT27cA9/pQMRJl0=,tag:uuH3aZSI644HrJXYR5I7UQ==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2025-06-13T20:13:06Z",