swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: backup work done so far

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-12-02 17:36:59 +01:00
parent 9acfc5f934
commit 5d27d18f85
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
77 changed files with 4005 additions and 2937 deletions
Download patch file Download diff file Expand all files Collapse all files

148
.sops.yaml
View file

@ -6,20 +6,20 @@ keys:
- &users
- &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
- &hosts
- &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
- &twothreetunnel age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
- &liliputsteps age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
- &stoicclub age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
- &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
- &belchsfactory age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
- &eagleland age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
- &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
- &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
- &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
- &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
- &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
- &liliputsteps age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
- &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
- &pyramid age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
- &stoicclub age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
- &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
- &twothreetunnel age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
- &winters age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
- &dgx age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
creation_rules:
- path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/repo/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
@ -33,183 +33,93 @@ creation_rules:
- *hintbooth
- *bakery
- *toto
- *surface
- *nbl
- *moonside
- path_regex: secrets/repo/[^/]+$
key_groups:
- pgp:
- *swarsel
age:
- *winters
- *twothreetunnel
- *liliputsteps
- *stoicclub
- *belchsfactory
- *eagleland
- *hintbooth
- *bakery
- *toto
- *surface
- *nbl
- *moonside
- path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- *twothreetunnel
- *liliputsteps
- *stoicclub
- *belchsfactory
- *eagleland
- *hintbooth
- *bakery
- *toto
- *surface
- *winters
- *pyramid
- *moonside
- *dgx
- path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- *pyramid
- path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$
- path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- *pyramid
- path_regex: secrets/moonside/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *moonside
- path_regex: hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *moonside
- path_regex: secrets/belchsfactory/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *belchsfactory
- path_regex: hosts/nixos/aarch64-linux/belchsfactory/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *belchsfactory
- path_regex: secrets/bakery/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *bakery
- path_regex: hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc
- path_regex: hosts/nixos/x86_64-linux/bakery/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *bakery
- path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *winters
- path_regex: hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc
- path_regex: hosts/nixos/x86_64-linux/winters/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *winters
- path_regex: secrets/eagleland/[^/]+\.(yaml|json|env|ini)$
- path_regex: hosts/nixos/x86_64-linux/eagleland/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *eagleland
- path_regex: hosts/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc
- path_regex: hosts/nixos/aarch64-linux/moonside/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *eagleland
- *moonside
- path_regex: secrets/stoicclub/[^/]+\.(yaml|json|env|ini)$
- path_regex: hosts/nixos/aarch64-linux/belchsfactory/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *stoicclub
- path_regex: hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc
- *belchsfactory
- path_regex: hosts/nixos/aarch64-linux/stoicclub/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *stoicclub
- path_regex: secrets/liliputsteps/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *liliputsteps
- path_regex: hosts/nixos/aarch64-linux/liliputsteps/secrets/pii.nix.enc
- path_regex: hosts/nixos/aarch64-linux/liliputsteps/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *liliputsteps
- path_regex: secrets/twothreetunnel/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *twothreetunnel
- path_regex: hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc
- path_regex: hosts/nixos/aarch64-linux/twothreetunnel/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *twothreetunnel
- path_regex: hosts/nixos/x86_64-linux/summers/secrets/
- path_regex: hosts/nixos/x86_64-linux/summers/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
- path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/
- path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel
age:
- *hintbooth
- path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
- path_regex: hosts/darwin/x86_64-darwin/nbm-imba-166/secrets/[^/]+\.(yaml|json|env|ini|enc)$
key_groups:
- pgp:
- *swarsel

405
SwarselSystems.org
View file

@ -407,7 +407,7 @@ Nowadays, I use flake-parts to manage my flake. It allows me to conveniently spl
- =imports= are files pulled in to build the flake configuration (similar to the imports in the module system)
- =systems= defines the architectures that the flake should be provided for - I go here for the four "main" architectures, although true support is only provided for linux systems (see [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]] for the main reason)
** flake.nix skeleton
** flake.nix skeleton (inputs)
:PROPERTIES:
:CUSTOM_ID: h:aee5ec75-7ca6-40d8-b6ac-a3e7e33a474b
:END:
@ -526,7 +526,7 @@ A short overview over each input and what it does:
nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix";
sops-nix.url = "github:Mic92/sops-nix";
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
nixos-generators.url = "github:nix-community/nixos-generators";
@ -666,7 +666,7 @@ This is the file that manages the actual decryption of the files mentioned in [[
# Decrypt only if necessary
if [[ ! -e $out ]]; then
agekey=$(sudo ssh-to-age -private-key -i /etc/ssh/sops || sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key)
agekey=$(sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key || sudo ssh-to-age -private-key -i ~/.ssh/sops)
SOPS_AGE_KEY="$agekey" sops decrypt --output "$out" "$file"
fi
@ -971,9 +971,10 @@ The rest of the outputs either define or help define the actual configurations:
mkNixosHost = { minimal }: configName: arch:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs self minimal configName homeLib;
inherit inputs outputs self minimal homeLib configName arch;
inherit (config.pkgs.${arch}) lib;
inherit (config) globals nodes;
type = "nixos";
};
modules = [
inputs.disko.nixosModules.disko
@ -987,7 +988,7 @@ The rest of the outputs either define or help define the actual configurations:
inputs.nix-topology.nixosModules.default
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
inputs.simple-nixos-mailserver.nixosModules.default
inputs.sops-nix.nixosModules.sops
inputs.sops.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests")
@ -1004,6 +1005,8 @@ The rest of the outputs either define or help define the actual configurations:
node = {
name = lib.mkForce configName;
arch = lib.mkForce arch;
type = lib.mkForce "nixos";
secretsDir = ../hosts/nixos/${arch}/${configName}/secrets;
lockFromBootstrapping = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true);
};
@ -1031,7 +1034,7 @@ The rest of the outputs either define or help define the actual configurations:
};
modules = [
# inputs.disko.nixosModules.disko
# inputs.sops-nix.nixosModules.sops
# inputs.sops.nixosModules.sops
# inputs.impermanence.nixosModules.impermanence
# inputs.lanzaboote.nixosModules.lanzaboote
# inputs.fw-fanctrl.nixosModules.default
@ -1040,12 +1043,15 @@ The rest of the outputs either define or help define the actual configurations:
"${self}/hosts/darwin/${arch}/${configName}"
"${self}/modules/nixos/darwin"
# needed for infrastructure
"${self}/modules/nixos/common/meta.nix"
"${self}/modules/shared/meta.nix"
"${self}/modules/nixos/common/globals.nix"
{
node.name = lib.mkForce configName;
node.secretsDir = ../hosts/darwin/${arch}/${configName}/secrets;
node = {
name = lib.mkForce configName;
arch = lib.mkForce arch;
type = lib.mkForce "darwin";
secretsDir = ../hosts/darwin/${arch}/${configName}/secrets;
};
}
];
};
@ -1058,18 +1064,27 @@ The rest of the outputs either define or help define the actual configurations:
systemFunc {
inherit pkgs;
extraSpecialArgs = {
inherit inputs lib outputs self configName;
inherit inputs lib outputs self configName arch type;
inherit (config) globals nodes;
minimal = false;
};
modules = [
inputs.stylix.homeModules.stylix
inputs.nix-index-database.homeModules.nix-index
# inputs.sops-nix.homeManagerModules.sops
inputs.sops.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${arch}/${configName}"
"${self}/profiles/home"
"${self}/modules/nixos/common/pii.nix"
{
node = {
name = lib.mkForce configName;
arch = lib.mkForce arch;
type = lib.mkForce type;
secretsDir = ../hosts/${type}/${arch}/${configName}/secrets;
};
}
];
};
@ -2391,6 +2406,7 @@ My work machine. Built for more security, this is the gold standard of my config
fileSystems = {
"/persist".neededForBoot = true;
"/home".neededForBoot = true;
"/".neededForBoot = true;
"/var/log".neededForBoot = true;
};
}
@ -3399,13 +3415,9 @@ My phone. I use only a minimal config for remote debugging here.
{
imports = [
# inputs.sops-nix.homeManagerModules.sops
"${self}/modules/home"
"${self}/modules/nixos/common/pii.nix"
"${self}/modules/nixos/common/meta.nix"
];
services.xcape = {
enable = true;
mapExpression = {
@ -3628,6 +3640,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
minecraft = true;
restic = true;
diskEncryption = lib.mkForce false;
dns-hostrecord = true;
};
}
@ -3852,6 +3865,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
postgresql = lib.mkDefault true;
attic = lib.mkDefault true;
garage = lib.mkDefault true;
dns-hostrecord = true;
};
}
@ -4050,6 +4064,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
swarselmodules.server = {
nsd = true;
nginx = false;
dns-hostrecord = true;
};
}
@ -4239,6 +4254,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
swarselmodules.server = {
nginx = false;
bastion = true;
dns-hostrecord = true;
# ssh = false;
};
@ -4430,6 +4446,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
swarselmodules.server = {
nginx = false;
dns-hostrecord = true;
};
}
@ -4622,7 +4639,10 @@ This machine mainly acts as my proxy server to stand before my local machines.
};
} // lib.optionalAttrs (!minimal) {
swarselmodules.server.mailserver = true;
swarselmodules.server = {
mailserver = true;
dns-hostrecord = true;
};
swarselprofiles = {
server = true;
@ -4998,7 +5018,7 @@ TODO: cleanup this mess
#+begin_src nix-ts :tangle install/installer-config.nix
{ self, config, pkgs, lib, ... }:
let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/public/ssh";
stateVersion = lib.mkDefault "23.05";
homeFiles = {
".bash_history" = {
@ -5850,35 +5870,6 @@ in
}
#+end_src
**** Meta options (options only)
:PROPERTIES:
:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4
:END:
#+begin_src nix-ts :tangle modules/nixos/common/meta.nix
{ lib, ... }:
{
options = {
node = {
secretsDir = lib.mkOption {
description = "Path to the secrets directory for this node.";
type = lib.types.path;
default = ./.;
};
name = lib.mkOption {
description = "Node Name.";
type = lib.types.str;
};
lockFromBootstrapping = lib.mkOption {
description = "Whether this host should be marked to not be bootstrapped again using swarsel-bootstrap.";
type = lib.types.bool;
};
};
};
}
#+end_src
**** Expose home-manager sops secrets in NixOS (automatically active)
:PROPERTIES:
:CUSTOM_ID: h:a8bbe15f-a7dd-4e6d-ba49-26206c38e9c8
@ -5891,7 +5882,7 @@ in
inherit (config.repo.secrets.common.emacs) radicaleUser;
modules = config.home-manager.users.${mainUser}.swarselmodules;
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
in
{
config = lib.mkIf config.swarselsystems.withHomeManager {
@ -6139,7 +6130,7 @@ A breakdown of the flags being set:
We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity).
#+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix
{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }:
{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, arch, type, ... }:
{
options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
config = lib.mkIf config.swarselmodules.home-manager {
@ -6151,7 +6142,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
overwriteBackup = true;
users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.sops.homeManagerModules.sops # this is not needed!! we add these secrets in nixos scope
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
{
@ -6172,7 +6163,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
];
extraSpecialArgs = {
inherit (inputs) self nixgl;
inherit inputs outputs globals nodes minimal configName;
inherit inputs outputs globals nodes minimal configName arch type;
lib = homeLib;
};
};
@ -6871,8 +6862,8 @@ Here I only enable =networkmanager= and a few default networks. The rest of the
#+begin_src nix-ts :tangle modules/nixos/client/network.nix
{ self, lib, pkgs, config, globals, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
clientSopsFile = "${config.node.secretsDir}/secrets.yaml";
inherit (config.repo.secrets.common.network) wlan1 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon;
@ -7183,7 +7174,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
- `ssh-keygen -t ed25519 -C "NAME sops"` in .ssh directory (or wherever) - name e.g. "sops"
- cat ~/.ssh/sops.pub | ssh-to-age | wl-copy
- add the output to .sops.yaml
- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub
- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/public/NAME.pub
- update entry for sops.age.sshKeyPaths
#+begin_src nix-ts :tangle modules/nixos/client/sops.nix
@ -7194,8 +7185,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at
sops = {
# age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/repo/common.yaml";
validateSopsFiles = false;
@ -8568,14 +8559,14 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
];
};
users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/public/ssh/jump.pub))
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/public/ssh/jump.pub))
];
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
@ -8603,9 +8594,9 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
group = lib.mkForce "jump";
createHome = lib.mkForce true;
openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
(self + /secrets/keys/ssh/builder.pub)
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
(self + /secrets/public/ssh/builder.pub)
];
};
};
@ -8689,7 +8680,7 @@ Restricts access to the system by the nix build user as per https://discourse.ni
isSystemUser = true;
group = "builder";
openssh.authorizedKeys.keys = [
''${ssh-restrict} ${builtins.readFile "${self}/secrets/keys/ssh/builder.pub"}''
''${ssh-restrict} ${builtins.readFile "${self}/secrets/public/ssh/builder.pub"}''
];
};
};
@ -8709,7 +8700,8 @@ Generate hostId using =head -c4 /dev/urandom | od -A none -t x4=
{ lib, config, ... }:
let
netConfig = config.repo.secrets.local.networking;
netName = "${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}";
netPrefix = "${if config.swarselsystems.isCloud then config.node.name else "home"}";
netName = "${netPrefix}-${config.swarselsystems.server.localNetwork}";
in
{
options = {
@ -8724,6 +8716,11 @@ Generate hostId using =head -c4 /dev/urandom | od -A none -t x4=
default = netName;
readOnly = true;
};
netConfigPrefix = lib.mkOption {
type = lib.types.str;
default = netPrefix;
readOnly = true;
};
};
};
config = lib.mkIf config.swarselmodules.server.network {
@ -8836,8 +8833,8 @@ lspci -k -d 14c3:0616
enable = true;
port = 2222; # avoid hostkey changed nag
authorizedKeys = [
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/yubikey.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/magicant.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/public/ssh/yubikey.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/public/ssh/magicant.pub"}''
];
hostKeys = [ hostKeyPathBase ];
};
@ -8875,6 +8872,137 @@ lspci -k -d 14c3:0616
}
#+end_src
**** Wireguard
#+begin_src nix-ts :tangle modules/nixos/server/wireguard.nix
{ self, lib, config, confLib, globals, ... }:
let
wgInterface = "wg0";
inherit (confLib.gen { name = "wireguard"; port = 52829; user = "systemd-network"; group = "systemd-network"; }) servicePort serviceName serviceUser serviceGroup;
inherit (config.swarselsystems) sopsFile;
inherit (config.swarselsystems.server.wireguard) peers isClient isServer;
in
{
options = {
swarselmodules.${serviceName} = lib.mkEnableOption "enable ${serviceName} settings";
swarselsystems.server.wireguard = {
isServer = lib.mkEnableOption "set this as a wireguard server";
peers = lib.mkOption {
type = lib.types.listOf (lib.types.submodule {
freeformType = lib.types.attrs;
options = { };
});
default = [ ];
description = "Wireguard peer submodules as expected by systemd.network.netdevs.<name>.wireguardPeers";
};
};
};
config = lib.mkIf config.swarselmodules.${serviceName} {
sops = {
secrets = {
wireguard-private-key = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0600"; };
wireguard-home-preshared-key = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0600"; };
};
};
networking = {
firewall.allowedUDPPorts = [ servicePort ];
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens6";
internalInterfaces = [ wgInterface ];
};
};
systemd.network = {
enable = true;
networks."50-${wgInterface}" = {
matchConfig.Name = wgInterface;
networkConfig = {
IPv4Forwarding = true;
IPv6Forwarding = true;
};
address = [
"${globals.networks."${config.swarselsystems.server.netConfigPrefix}-wg".hosts.${config.node.name}.cidrv4}"
"${globals.networks."${config.swarselsystems.server.netConfigPrefix}-wg".hosts.${config.node.name}.cidrv6}"
];
};
netdevs."50-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = wgInterface;
};
wireguardConfig = {
ListenPort = lib.mkIf isServer servicePort;
# ensure file is readable by `systemd-network` user
PrivateKeyFile = config.age.secrets.wg-key-vps.path;
# To automatically create routes for everything in AllowedIPs,
# add RouteTable=main
# RouteTable = "main";
# FirewallMark marks all packets send and received by wg0
# with the number 42, which can be used to define policy rules on these packets.
# FirewallMark = 42;
};
wireguardPeers = peers ++ lib.optionals isClient [
{
PublicKey = builtins.readFile "${self}/secrets/public/wg/${config.node.name}.pub";
PresharedKeyFile = config.sops.secrets."${config.node.name}-presharedKey".path;
Endpoint = "${globals.hosts.${config.node.name}.wanAddress4}:${toString servicePort}";
# Access to the whole network is routed through our entry node.
# AllowedIPs =
# (optional (networkCfg.cidrv4 != null) networkCfg.cidrv4)
# ++ (optional (networkCfg.cidrv6 != null) networkCfg.cidrv6);
}
];
};
};
# networking = {
# wireguard = {
# enable = true;
# interfaces = {
# wg1 = {
# privateKeyFile = config.sops.secrets.wireguard-private-key.path;
# ips = [ "192.168.178.201/24" ];
# peers = [
# {
# publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw=";
# presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path;
# name = "moonside";
# persistentKeepalive = 25;
# # endpoint = "${config.repo.secrets.common.ipv4}:51820";
# endpoint = "${config.repo.secrets.common.wireguardEndpoint}";
# # allowedIPs = [
# # "192.168.3.0/24"
# # "192.168.1.0/24"
# # ];
# allowedIPs = [
# "192.168.178.0/24"
# ];
# }
# ];
# };
# };
# };
# };
};
}
#+end_src
**** BTRFS
#+begin_src nix-ts :tangle modules/nixos/server/btrfs.nix
@ -10553,7 +10681,7 @@ Note: you still need to run =restic-<name> init= once on the host to get the buc
This section exposes several metrics that I use to check the health of my server. I need to expand on the exporters section at some point, but for now I have everything I need.
#+begin_src nix-ts :tangle modules/nixos/server/monitoring.nix
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "grafana"; port = 3000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
@ -10566,6 +10694,8 @@ This section exposes several metrics that I use to check the health of my server
kanidmDomain = globals.services.kanidm.domain;
inherit (config.swarselsystems) sopsFile;
sopsFile2 = "${config.node.secretsDir}/secrets2.yaml";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -10580,7 +10710,7 @@ This section exposes several metrics that I use to check the health of my server
grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
kanidm-grafana-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = self + /secrets/winters/secrets2.yaml; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = sopsFile2; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
};
templates = {
@ -11280,7 +11410,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
#+begin_src nix-ts :tangle modules/nixos/server/kanidm.nix
{ self, lib, pkgs, config, globals, dns, confLib, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "kanidm"; port = 8300; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
@ -12261,10 +12391,10 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
:END:
#+begin_src nix-ts :tangle modules/nixos/server/radicale.nix
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "radicale"; port = 8000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
sopsFile = self + /secrets/winters/secrets2.yaml;
sopsFile = "${config.node.secretsDir}/secrets2.yaml";
cfg = config.services.${serviceName};
in
@ -12846,10 +12976,10 @@ Deployment notes:
:END:
#+begin_src nix-ts :tangle modules/nixos/server/snipe-it.nix
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "snipeit"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
sopsFile = self + /secrets/winters/secrets2.yaml;
sopsFile = "${config.node.secretsDir}/secrets2.yaml";
serviceDB = "snipeit";
@ -13423,6 +13553,24 @@ or 2) use classic path addressing =aws s3 cp <local file> s3://<bucket>/<path to
};
}
#+end_src
**** Set host domain for dns
#+begin_src nix-ts :tangle modules/nixos/server/dns-hostrecord.nix
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "dns-hostrecord"; proxy = config.node.name; }) serviceName proxyAddress4 proxyAddress6;
in
{
options. swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
nodes.stoicclub.swarselsystems.server.dns.${globals.domains.main}.subdomainRecords = {
"server.${config.node.name}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
};
}
#+end_src
**** nsd (dns)
:PROPERTIES:
:CUSTOM_ID: h:ef5b7ace-4870-4dfa-9532-9a9d2722dc9a
@ -13531,7 +13679,7 @@ or 2) use classic path addressing =aws s3 cp <local file> s3://<bucket>/<path to
SOA = {
nameServer = "soa";
adminEmail = "admin@${globals.domains.main}"; # this option is not parsed as domain (we cannot just write "admin")
serial = 2025120201; # update this on changes for secondary dns
serial = 2025120203; # update this on changes for secondary dns
};
useOrigin = false;
@ -14842,11 +14990,11 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO
trusted-users = [
"@wheel"
"${mainUser}"
(lib.mkIf config.swarselmodules.server.ssh-builder "builder")
(lib.mkIf ((config.swarselmodules ? server) ? ssh-builder) "builder")
];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
bash-prompt-prefix = lib.mkIf config.swarselsystems.isClient "$SHLVL:\\w ";
bash-prompt = lib.mkIf config.swarselsystems.isClient "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
@ -15227,22 +15375,24 @@ I use sops-nix to handle secrets that I want to have available on my machines at
- `ssh-keygen -t ed25519 -C "NAME sops"` in .ssh directory (or wherever) - name e.g. "sops"
- cat ~/.ssh/sops.pub | ssh-to-age | wl-copy
- add the output to .sops.yaml
- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub
- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/public/NAME.pub
- update entry for sops.age.sshKeyPaths
Since we are using the home-manager implementation here, we need to specify the runtime path.
At the same time, I want to avoid running the homeManager module of sops on a NixOS machine. Note that we cannot use =lib.mkIf= in the line =config == ...= as this would evaluate the blocks that are within; however, on a NixOS machine, there will be no =sops= module in the homeManager scope. Hence we use =optionalAttrs=. Also, we cannot make use of =config.swarselsystems.isNixos= because that will lead to an infinite recursion. Hence, we take the =type= arg that we passed during host declaration to make sure sops stays disabled. This is used in all places in the home-manager config that make use of sops-secrets.
#+begin_src nix-ts :tangle modules/home/common/sops.nix
{ config, lib, inputs, ... }:
{ config, lib, type, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.optionalAttrs (inputs ? sops) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/general/secrets.yaml";
config = lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!config.swarselsystems.isNixos) {
age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/sops" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/repo/common.yaml";
validateSopsFiles = false;
};
@ -15256,7 +15406,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
:END:
#+begin_src nix-ts :tangle modules/home/common/yubikey.nix
{ lib, config, inputs, confLib, ... }:
{ lib, config, confLib, type, ... }:
let
inherit (config.swarselsystems) homeDir;
in
@ -15271,7 +15421,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
confLib.getConfig.secrets.common.yubikeys.dev2
];
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
@ -15287,7 +15437,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
#+begin_src nix-ts :tangle modules/home/common/ssh.nix
{ inputs, lib, config, confLib, ... }:
{ lib, config, confLib, type, ... }:
{
options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
config = lib.mkIf config.swarselmodules.ssh ({
@ -15313,7 +15463,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
};
} // confLib.getConfig.repo.secrets.common.ssh.hosts;
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
builder-key = { path = "${config.home.homeDirectory}/.ssh/builder"; mode = "0600"; };
};
@ -16117,7 +16267,7 @@ lib.mkMerge [ zshConfigEarlyInit zshConfig ];
Currently I only use it as before with =initExtra= though.
#+begin_src nix-ts :tangle modules/home/common/zsh.nix
{ config, pkgs, lib, minimal, inputs, globals, confLib, ... }:
{ config, pkgs, lib, minimal, globals, confLib, type, ... }:
let
inherit (config.swarselsystems) flakePath isNixos;
crocDomain = globals.services.croc.domain;
@ -16252,9 +16402,9 @@ Currently I only use it as before with =initExtra= though.
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
croc-password = { };
github-nixpkgs-review-token = { };
};
@ -17624,7 +17774,7 @@ Currently I only use it as before with =initExtra= though.
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
#+begin_src nix-ts :tangle modules/home/common/mail.nix
{ lib, config, inputs, globals, confLib, ... }:
{ lib, config, globals, confLib, type, ... }:
let
inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4;
inherit (confLib.getConfig.repo.secrets.common) fullName;
@ -17826,7 +17976,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
@ -17847,7 +17997,7 @@ By using the emacs-overlay NixOS module, I can install all Emacs packages that I
Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like =calfw= and =fast-scroll=, so I build them here.
#+begin_src nix-ts :tangle modules/home/common/emacs.nix
{ self, lib, config, pkgs, globals, inputs, ... }:
{ self, lib, config, pkgs, globals, inputs, type, ... }:
let
inherit (config.swarselsystems) homeDir mainUser isPublic isNixos;
inherit (config.repo.secrets.common.emacs) radicaleUser;
@ -17952,7 +18102,7 @@ Lastly, I am defining some more packages here that the parser has problems findi
startWithUserSession = "graphical";
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
@ -17991,7 +18141,7 @@ The rest of the related configuration is found here:
- [[#h:f93f66f9-6b8b-478e-b139-b2f382c1f25e][waybarupdate]]
#+begin_src nix-ts :tangle modules/home/common/waybar.nix
{ self, config, lib, inputs, pkgs, ... }:
{ self, config, lib, pkgs, type, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -18313,7 +18463,7 @@ The rest of the related configuration is found here:
};
style = builtins.readFile (self + /files/waybar/style.css);
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
@ -19560,7 +19710,7 @@ When setting up a new machine:
enable = true;
publicKeys = [
{
source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc";
trust = 5;
}
];
@ -19805,7 +19955,7 @@ This service changes the screen hue at night. I am not sure if that really does
#+begin_src nix-ts :tangle modules/home/common/anki.nix
{ lib, config, pkgs, globals, inputs, confLib, ... }:
{ lib, config, pkgs, globals, confLib, type, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
@ -19861,7 +20011,7 @@ This service changes the screen hue at night. I am not sure if that really does
})
];
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
@ -20634,13 +20784,13 @@ When setting up a new machine:
#+end_src
#+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes
{ self, inputs, config, pkgs, lib, vars, confLib, ... }:
{ self, config, pkgs, lib, vars, confLib, type, ... }:
let
inherit (config.swarselsystems) homeDir mainUser;
inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses;
inherit (confLib.getConfig.repo.secrets.local.work) mailAddress;
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
in
{
options.swarselmodules.optional-work = lib.swarselsystems.mkTrueOption;
@ -21288,7 +21438,7 @@ When setting up a new machine:
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
harica-root-ca = {
sopsFile = certsSopsFile;
@ -21429,7 +21579,7 @@ TODO: check which of these can be replaced but builtin functions.
isBtrfs = lib.mkEnableOption "use btrfs filesystem";
sopsFile = lib.mkOption {
type = lib.types.str;
default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.node.secretsDir}/secrets.yaml";
};
homeDir = lib.mkOption {
type = lib.types.str;
@ -21718,6 +21868,40 @@ In short, the options defined here are passed to the modules systems using =_mod
}
#+end_src
*** Meta options (options only)
:PROPERTIES:
:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4
:END:
#+begin_src nix-ts :tangle modules/shared/meta.nix
{ lib, ... }:
{
options = {
node = {
secretsDir = lib.mkOption {
description = "Path to the secrets directory for this node.";
type = lib.types.path;
default = ./.;
};
name = lib.mkOption {
type = lib.types.str;
};
arch = lib.mkOption {
type = lib.types.str;
};
type = lib.mkOption {
type = lib.types.str;
};
lockFromBootstrapping = lib.mkOption {
description = "Whether this host should be marked to not be bootstrapped again using swarsel-bootstrap.";
type = lib.types.bool;
};
};
};
}
#+end_src
*** Config Library (confLib)
:PROPERTIES:
:CUSTOM_ID: h:a33322d5-014a-4072-a4a5-91bc71c343b8
@ -21747,7 +21931,7 @@ In short, the options defined here are passed to the modules systems using =_mod
serviceDir = dir;
serviceAddress = address;
serviceProxy = proxy;
proxyAddress4 = globals.hosts.${proxy}.wanAddress4;
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
};
};
@ -22762,8 +22946,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man
vim "${git_root}"/.sops.yaml
fi
green "Updating all secrets files to reflect updates .sops.yaml"
sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml
sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc
sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/*
# --------------------------
green "Making ssh_host_ed25519_key available to home-manager for user $target_user"
sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts
@ -22936,7 +23119,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man
fi
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/public/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles
@ -23085,7 +23268,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f
git clone https://github.com/Swarsel/.dotfiles.git
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/public/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles

3
files/scripts/swarsel-bootstrap.sh
View file

@ -317,8 +317,7 @@ if yes_or_no "Do you want to manually edit .sops.yaml now?"; then
vim "${git_root}"/.sops.yaml
fi
green "Updating all secrets files to reflect updates .sops.yaml"
sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml
sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc
sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/*
# --------------------------
green "Making ssh_host_ed25519_key available to home-manager for user $target_user"
sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts

2
files/scripts/swarsel-install.sh
View file

@ -96,7 +96,7 @@ green "Cloning repository from GitHub"
git clone https://github.com/Swarsel/.dotfiles.git
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/public/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles

2
files/scripts/swarsel-rebuild.sh
View file

@ -78,7 +78,7 @@ else
fi
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/public/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles

16
flake.lock generated
View file

@ -1908,11 +1908,11 @@
},
"nixpkgs_21": {
"locked": {
"lastModified": 1763618868,
"narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=",
"lastModified": 1764445028,
"narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942",
"rev": "a09378c0108815dbf3961a0e085936f4146ec415",
"type": "github"
},
"original": {
@ -2526,7 +2526,7 @@
"pre-commit-hooks": "pre-commit-hooks_3",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"smallpkgs": "smallpkgs",
"sops-nix": "sops-nix",
"sops": "sops",
"spicetify-nix": "spicetify-nix",
"stylix": "stylix",
"swarsel-nix": "swarsel-nix",
@ -2683,16 +2683,16 @@
"type": "github"
}
},
"sops-nix": {
"sops": {
"inputs": {
"nixpkgs": "nixpkgs_21"
},
"locked": {
"lastModified": 1763870012,
"narHash": "sha256-AHxFfIu73SpNLAOZbu/AvpLhZ/Szhx6gRPj9ufZtaZA=",
"lastModified": 1764483358,
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4e7d74d92398b933cc0e0e25af5b0836efcfdde3",
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -36,7 +36,7 @@
nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix";
sops-nix.url = "github:Mic92/sops-nix";
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
nixos-generators.url = "github:nix-community/nixos-generators";

4
hosts/home/aarch64-linux/treehouse/default.nix
View file

@ -2,13 +2,9 @@
{
imports = [
# inputs.sops-nix.homeManagerModules.sops
"${self}/modules/home"
"${self}/modules/nixos/common/pii.nix"
"${self}/modules/nixos/common/meta.nix"
];
services.xcape = {
enable = true;
mapExpression = {

1
hosts/nixos/aarch64-linux/belchsfactory/default.nix
View file

@ -53,6 +53,7 @@
postgresql = lib.mkDefault true;
attic = lib.mkDefault true;
garage = lib.mkDefault true;
dns-hostrecord = true;
};
}

0
secrets/belchsfactory/secrets.yaml → hosts/nixos/aarch64-linux/belchsfactory/secrets/secrets.yaml
View file

1
hosts/nixos/aarch64-linux/liliputsteps/default.nix
View file

@ -33,6 +33,7 @@
swarselmodules.server = {
nginx = false;
bastion = true;
dns-hostrecord = true;
# ssh = false;
};

0
secrets/liliputsteps/secrets.yaml → hosts/nixos/aarch64-linux/liliputsteps/secrets/secrets.yaml
View file

1
hosts/nixos/aarch64-linux/moonside/default.nix
View file

@ -164,5 +164,6 @@ in
minecraft = true;
restic = true;
diskEncryption = lib.mkForce false;
dns-hostrecord = true;
};
}

0
secrets/moonside/secrets.yaml → hosts/nixos/aarch64-linux/moonside/secrets/secrets.yaml
View file

1
hosts/nixos/aarch64-linux/stoicclub/default.nix
View file

@ -35,5 +35,6 @@
swarselmodules.server = {
nsd = true;
nginx = false;
dns-hostrecord = true;
};
}

8
hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc
View file

@ -3,16 +3,16 @@
"sops": {
"age": [
{
"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZzY0QVQ4ZUxxZkdhQ2Zn\nOHpmTnRaR0R3cXh2Z2JFM1RDVDB2QnE3M3prCm43NjQyOS93UTZKaUlUUmhVcTdG\nUWp1YU1kVmZPc0tBN2FMY2FFVkI1a0UKLS0tIFovZi9FQlhMaXpvcnRYN2FiSm16\nTzJESjNyZ1NzajJRNDR6ZTd2TitoQTgKe2hC6OpYIzgqzhmeJuHWe0yXNE+/Ek26\nGt7s1B6OKnrj+S3es84ePOjAbLHr/ez282b/h0y55ws4R7jMemUIrQ==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzclI3dlQ1dUY3WGVYL29E\nSGhZV3VMcm5zYmRsTHVlM2wvNFVyMy9CRlh3CkQrZEIvMyt2TVdXQUJJT21mY0lF\nZU1oakIzOWduU3pNeWVvcFMzNDBFTTgKLS0tIDF6YTROOHBjUnBkVklPQjFRQ3pX\nQWtlYi9iOFFjNUFrSUNMZGJqT1pTVEEKFesEHZQjpenLp3oBQwxDcMv1pEAReXQs\njT8ydzfTuvIP6bXu6lcJe0J90NVZ36qBZ2fTs/RqvZbvM0oufb5/VA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-01T12:12:55Z",
"mac": "ENC[AES256_GCM,data:AhvfUvZnKSnhQCTHJpqs5OBELhGYv66on1+kSLX2lONyTbNfwHYsJHII4zHY+bS5cBkZbjtzMfJQkFWtDbU7c8wvdJnHN6H11MOEzC+GfI3R7UzwzJsUjNYE03u8FJCuLvI1SO3EObiKIgH80MV8qlXC+1+f7mKnfZNH8Kekor8=,iv:pAEz8tDZzaFee1EcNBd6zrl0yN55ywVK/eGof/B5MAU=,tag:LbjMr3rOb3By87yOfUK/3A==,type:str]",
"pgp": [
{
"created_at": "2025-11-20T01:03:05Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//eTxMD8ZbwJUqVsi1IKK2qdprLTjE0rqdDue+OvP0V+Ns\n1uTnw+b2UBykbIofXcG4P61OxAFdEs8whiIdffQtkDTkOgzV9IQCBOSGxZGEJXMe\nrl5BZLlF98JZ5R15v8V8vMwWwtC90GZ7gZLDV+yZz40Zqm3mTrFz/3PERukwu4Gb\nLTJDOsGmpooyI8KnrIsBhfEwo7/ouAayuKQfvt2i2Tngk9Em73R91BlpcxsOEmqr\n5KWA4GCsjUOmZZKLj2vyENPgQh8t8bP5fGJ3Rf4J1MCWAB89omcE0aRWId/l5sdA\n/Nxinh3xQsiXHPzPLZQ+UjHs+MjNdUoZapoDBP84j2tHsSxh0RMRhlHpESDWq3Mm\n1acWrChyyds6Lz5ZqkioqvAZ3lslS0kPdQqfsLzYWBhA9kLOIJKYfat+vxsAPwAa\n6kceXtxSzUpThtDUPDibjomn7Mrj7ZoHhiJZup/M27glf/V4P3zk+ctpXMSIE7Ia\nQ/jgRDzpcs+u05RsP32jFbCAfi//WxRo77MoxGMJxDhYibBp+aRkFAgVYiElhxbt\n/NedcIAHSJZFyDPm0wn411+DPnUTPn9D9LCkmSG68ZeGDGZJl7Sz3bJ3obWWecTG\nBjqxMZVwRuU2gdg1IwempP9u1dP0Q+g8B3veui/gczGx3J5kvNv8hnUBTeUl2EyF\nAgwDC9FRLmchgYQBD/oCciOvXMrH9/hWIIYb1sKiuCmgdVfs7H0q92XdVNgkbPRz\nXAakX7dl5cZt748u/eCHlGUGr4q7yA1tDx9Vm/J+O2HljN3lBVCbm7HP+YcI+5g0\nvvxr0cIPtr5CXlZz6hJjTgzE4HfEKagGdjgllbHYBB+0rtq/2pZTa20fG0w4coeI\nB/D0iVFwyuM3Wxt/7gXpPtI+m/3qt8QoFIGsZkck7X5hdJwGF4DD5jKxYB28s5Hc\n4ZBG19jezjMIVJUGE58TTVDTvZvJ5Vaw2RizV8DRkFS3q0UIOapOESpZiRnoOqA1\nDQpAU26RSEj8wlYsgNrVWUpdwlYs5e3EWYNkGROTRSB/dGcCSVF31A76W7af+6uv\nwZdMCrAGlD4GBj/yojdnqstfB2Jxu99VubcImWKfaJEXYx5xoREGmK9+t896GJi+\nE8mjiMOMRZFV2n2nwTxAFMaiDJ+VpKpKGVKCOSDwqsePhY/A4kb+N1nnhutmSl/v\n1SCDDvC9+jYNLUC1IaJfFOrNClA43IdJELOAavRx2t1RdyfyOx3D8rrWhF4+NB9Z\nlAc2e7hOoP/OEtf4YjZWq3dQtWSdwePWBxD9xyvF/kEmd2NcezqdfggH3g84qBxy\nUxBDD3ojMMAXlkPU3hRiDeLd1mHxDizVxqYkIYDSeAKtuv2ECH8y7/mv3sKrFtJe\nAQvSMW7gOmIdtQaIpsXHMxzXf+Nv0l3dZeWYD/TnVvoeVOaRQ9dHrtl3J0U9UN3j\nBOJdFaptlS4SIRkva6v6srrM7dXKvjR6IabdzaWl098VW9RFD+YGJ6ZhuQ+zOA==\n=l0k2\n-----END PGP MESSAGE-----",
"created_at": "2025-12-02T14:57:22Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//RNM47rdREvCOPQ83++DSlGWeoGlVeFvM4a1og2Nkzoq9\nLKsZh6bQP2SC01UOD4UDKBcT7PoQU86xePjV1ze6nejo+L0twrhQNT76jAw5OhFh\n1DkOVnUpcjZE3aBxDa6g79qVKfp31i6xfvgjipF4SMGpSlZuMLKL+nTL1357HXU+\nzQKPwSLymDq7EdxnCUwTGx8rVI59j4hyEwinxZhbQYiiHQpTQ3AHDu3oBO64daPh\n7WEmMShU4I9PIdvie7sRK3txZTcjM759m9B3Fm+KEWZXO/bQXjy9/Kab5WlEWwFK\nP7aHLin53wc6HMZjset3o61i/FPeQdm6IVoUujjuSI6076OqsWv7fQp9NApftCko\ns0yNY0RMgRpOQNho5Navr71eH6X8QujrEkCGzVqHm16issJUJkw95tlj9q4qghSn\na4RCUmgfToQYvL9ahNTfqP2S1xqI4hbP0elBXbrMUJ7iYOWOLwEPCgmuoTyw+RXD\nA5P/HDEvgnkVxB4vdzfcQjgVtR01nG5rAcclec9gXZg8Q3K0b+MoKOhdvTucRNek\n8+t3XEzTBBjPdaIhW8038qbCueuetsWNjb7B3Km/muQ0CnTzQ45GWozKdDC2qB69\nS9z1KIn9FrmGxCd5hrL9fbwJpisdtOD0foQKoD6X2B+h9KqORWbSGLXfxRo2uBOF\nAgwDC9FRLmchgYQBD/0Y8owdtA5dgxv6W5lej/sT7+PSc2fvIQVQvvYTrT2wJxc5\nrTX49HtIFxPwGdwBHH6Z3oLZjojpX7u8bm9+ewD7sOsvC3PLsKfrvx3naUnEZrww\nzKC762LWiYS3qlFR1QAbPWDjJSi7rDqFkQhGMP59MDOifYOLCbSQQpdTCMYC550I\nmljenkA5nm6sdYnHa54hkyiWzGSO+pAv531X5GMaTvHB3+Fy8QA5o3/+ZpNtVieG\n8RAbvqeH8PyTZsc2GW2D6WfudB4jrhvYBio4T8+5/3Fg6pWIq4pmi4o0F8I8BaAi\nuL90IEtSeFQSytg/EL0JtFxMBy8ImlE/SAfM4Y6UZAbiWBykmrD9TM5IPMUbMTT6\nxwfhcsQ97m9sRT2TWSrxp2Q+k/BQxVK+AbOaxEtWqqOUnWG4sskw8DQ+qAU5v0yC\nGH46gbklEYDmvYMY/kLXSK4iYJ0UmXNhB+DuM0WihQJ22PUPZy6YGWjwPgxjoYXZ\nbfoRjzb5N6etY/W3QjGbzhy7H+JLKXZbq+DLtH5A3Wya09ilpf2cy6FWD+o857op\nKdfybFtXZIBTZWjRQSeLOL+a157M5c6MFC/xr7E18qqL6xl6v3jgF05SZ72bcGVG\n2zvTWnAV1Y+oH8NhRb0i2uyZCEWvv8MRrHJFypcUqImAJylGnYu8lwicGXA9C9Je\nAZ6JqTMkc6Ji6AOzY75gP1lPQNv0HrIbE6RzZyAX41WDB+0okERps2IZF7HSb5/7\nVAXUR2QRmqagMf/qV3iNDQS/kuwGiv/2WTXAtm4446/mpdkaKf+gN7dgcJf84A==\n=eXQe\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],

0
secrets/stoicclub/secrets.yaml → hosts/nixos/aarch64-linux/stoicclub/secrets/secrets.yaml
View file

1
hosts/nixos/aarch64-linux/twothreetunnel/default.nix
View file

@ -31,6 +31,7 @@
swarselmodules.server = {
nginx = false;
dns-hostrecord = true;
};
}

6
hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc
View file

@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:G3Q+Hn7QkvBZeXzNR+0Bax+Va5sK5E0K3hNTkdsNJx4C6pIwrBEBOt3IKv/c00QhpAnPqo9gbKqWU9gv7I56nEOwVtVH3lrMlbxNl9LIiSv9SvSxVkTOow2msSJV/U+1KpjNQ/LnOo2Fxebfz1yiRtgi7hSazzqzIazZAFBldlKkjLR5SFCG8t5s/nccqZU+cLmS7hJDS5LtgW1XeunqUY7jnKuh7gT2I6fPsu15Vy+YeKLmYIt0a20bWGePBIlyiGRtpnMgtIt5gk5+OpSndO8P/GMgUzRwRZEL1b8U57jbhkPLdnwwy/iV6rEFCD9i6qB0ufVW/euc+y5mN0dx8op9FwJVzkJhUIIy9Qbbc8WOjjjWlwbKJNkWfYX7pTtx+xfBKuPF+IwaoMS9j+C3etkoYe5QCr9YGYM5Xer/HL0otYNacQU5S0VqPBzDnLu7NxzB4i22,iv:aFPDBmZasoqEFCbhrRtA2QMB27khuT3rdfCGAafjov0=,tag:GQGuHL5aYPc98tzc6Bb5mA==,type:str]",
"data": "ENC[AES256_GCM,data:JMh/Ce8H/sC/58gz8MpwbME5f0jY8SMRAdI1U9bBVvQ+x3G9rH/d6aU5SSOqB6ryKf+GXqjTzDMpsNZSMvLSs3VM0nUvHh/AYCHkA2dIjQVLpmxK4jBvku5GySRJmHKzA45Sgw6WyeKQD7wuEj3Tfme+MI5x6jjBXWOcRaDqBF5RIK9UWmv91/nYU8lyw6igqWybb5pX6X2Iil5hq6FWyVSa8mRWKle26LwYzS9u6tUEmPd56vOvXH1mhgkeaHNh8nZPS0gew2K8CKvdpuXzRslWew2kjBWD48YArZwBjyTTgJ+l85qtVp7HNKgGrT3WY8KgWyLNqmWlycMzE1uRcwMpzUAO9y05H2ZUrolx7IM/c9wsyGPD4YOV5/mAX+uA/Lw8UlrR9gyjD07FEE5ob7bmvHX8e45DIaHTSjcWt6U3vX9P+6aD/wmOcjptN43qNmeh5WlVB0Te5ISsKhQbMa/6oBMKF9um8j41N8mCcb+NqIkdouuToLHv0WcBWLeBaMwAYSknmrlYaV3Z0Jf5kpEV5YRKXPyRpRiobbwq,iv:SWNkLzfXRku9GxDyc9PTca/FHFhHMPsTObumtkMpn5U=,tag:O0x8oIeCKc76KfcDP6G+5A==,type:str]",
"sops": {
"age": [
{
@ -7,8 +7,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdEhDamZTRUhQZFNDTTl4\nVVVNNGZXa2h2THVzY0JWMjE2WjNJT0ZoblV3ClYzeEt4c0dWRzlISnN3NGthR21M\nTEtDQ011dFdhRVdPWlpweS9ma0N3dmsKLS0tIHFPQzQ5VzkyODZyY1JpcE4xR2Nl\nY2MrSERXTWkvNVZCR2xHUGh4ZXMvYTgK7pxPjnh3idl4QzBkR6LHyRskgqA3apS2\nkbg7As6wlEs34TAO8reyZknKTUd3Xif1v9RXiTcu1sEKHqkcqEoDog==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-01T22:45:54Z",
"mac": "ENC[AES256_GCM,data:b2sWPq+S5qqSM6lON+9A//LehgR7Wy7x8EfqeiFOFo9RT3niwaKjfp/Jnf6nKbXF43XM4dsn+dIX52fgxyd0KVLnJTqinhz97sSSs7hYFdXa2FGRhI+VwmuGVvr2ylAJODQgTn+MD7I+s/3DTfh6h0V47IZvxrUpYgg7tJrxzBc=,iv:g4XVN24+COVtRQPzTiI4iki1crjBUVc7vpnJ/vucd2A=,tag:gcnfSvPWvLqG2wTZELRMsg==,type:str]",
"lastmodified": "2025-12-02T10:34:04Z",
"mac": "ENC[AES256_GCM,data:bWya8/HiExhIVMhQwW2882YJQFBbPvow1HAVh4hpb6FdQiQ+nywjBN/o+/wARXXAoHPO224rEHy2Z82RmLtqhZp8PLvs8ttEpwxsTipTkVgjkgrOsHSQDbO57RmFjmZKyJ7P2jhCUUD/oQVLGl8RCOESHhslG4M2zvUOkeavGro=,iv:rLAD+1Ma9RiSfLH0rkgXMnk04jdPCWI29B2wQtUyFjM=,tag:sLuh6qe9KQrvt5U2OburMA==,type:str]",
"pgp": [
{
"created_at": "2025-12-01T23:06:36Z",

0
secrets/twothreetunnel/secrets.yaml → hosts/nixos/aarch64-linux/twothreetunnel/secrets/secrets.yaml
View file

0
secrets/bakery/secrets.yaml → hosts/nixos/x86_64-linux/bakery/secrets/secrets.yaml
View file

5
hosts/nixos/x86_64-linux/eagleland/default.nix
View file

@ -29,7 +29,10 @@
};
} // lib.optionalAttrs (!minimal) {
swarselmodules.server.mailserver = true;
swarselmodules.server = {
mailserver = true;
dns-hostrecord = true;
};
swarselprofiles = {
server = true;

0
secrets/eagleland/secrets.yaml → hosts/nixos/x86_64-linux/eagleland/secrets/secrets.yaml
View file

1
hosts/nixos/x86_64-linux/pyramid/disk-config.nix
View file

@ -75,6 +75,7 @@
fileSystems = {
"/persist".neededForBoot = true;
"/home".neededForBoot = true;
"/".neededForBoot = true;
"/var/log".neededForBoot = true;
};
}

12
hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc
View file

@ -3,20 +3,16 @@
"sops": {
"age": [
{
"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjb21CZ0tQZlNKZkxKMGEz\nUlpMV3lSa1h5TXFNaEpvbWp3ZzZsMUFLd2hnCm9xQlo5Q3RsdW1tSFMxZjVKbjhM\nLzBaS3E1Z0lSQ2lQZEhtclBocE9CcXMKLS0tIHpaYjFIVVRWc2QyQ3hDWmNPODJR\nOFpPQlcwOERMYzhWV3J4ZmpIVUFXcGMKq/CmiIaBFfcx9Muj5LaTQ//ELHmC6WSG\ncJWyfZfrKcPDlXrz7+o9qufLogw3VIkCsTghqsbK6HOKGC5/FbnGSg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z2tONmQxTUhZUW12Z2Jm\nUnoxSnpYcnZDNGNzSko1ckl2RDh3NG1VS2dFCmIwUXhmSk1OUk02S0JPVDR5UWJ4\na0gwWlg0V005ZWxYa29PZ0laS2VqM0kKLS0tIHN5SU9pQ090eHljeXJGWm5hRFQ4\nZ001Nzkyb29RYkNUMDNDNlo4YnVQeTQK34bNIBgxId2+DHKQNVV3Iro3KGkE03Sp\niB1+dADT6nRvGvoyPqnLq/NYfw7eQ6XqYt55zkdCta8v6L1UNUkw8g==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTXhHajBUQnY4MzJuTW5u\nME4vWHJrRCtQMWhWQ1pvU3h1UWVielFQSFFRCkl2RmpTRDh5Z3Q5UWcwS3RCVHds\nM05GNi8vNnpwS3FZcDBGWVdlZEdyVEUKLS0tIEM1SWdtZGV4QjhpaktRNkw0NDl1\neWlYN0tDMUhsWG1OSm9xWlM2VWJKcXcKa9aySsFOXPdwkmrmFc6X+WZT67vcuJf0\ndd1soIklu7xRuNpGKMuZbNKKgyRZnGrcUZUwwGIlJ2KRDag2risOXw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-21T19:32:24Z",
"mac": "ENC[AES256_GCM,data:wM862FQH/qX/abuD+krJOazli9Ci5GrpLtdcnzFgKCeNdjA2cfZ8M3DyzsBwMXjp6HxBHLyO7QXGcQkx3kIKGnRhEBuQzVOtrZhqcDi2Ho8iBV8Dh4xkhcpBYufw7xP8hGWg6ZVZ4JyM3P4NfAdxbfWTdc1VMStAafJ2SZ3pAYI=,iv:tDAKNe8LV40hRCqKzN6j6B71IV81SnrBgerxGPzU4Zk=,tag:7ZsST8pl9TjMog0dNKcUcA==,type:str]",
"pgp": [
{
"created_at": "2025-06-14T22:31:01Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAA3TBZeXf6RLph9szeqCtmoXyXDMS1l7NRjhmM85YyxcRo\nTuJQrXA8gmIAen7iVjO/FnndAqd86ddCirpBr/aEKtB9v7Poxx6A/kubV2/EurY7\ngbjWsvY/x6Cqv8IMCTkVdolZNOIYlw4bK3RqERoeWXnvCEXVK2c8fqxmcVoNv6yR\n5leIyApzs7dihbdhK+8nTunIMFJSfP+HQY/wgyowgp3cFVjPe+eTUk8T1xkrir7+\ngfddOHNKnbQWpZRBVj2NE/0dwcKX/rxPHU1sCxOg1TW05jTxavsf8x1+2ST5VLI8\nvttzB8H58OMpDZ1xgoMN7SGSWdTN7BgNcLG4rsGb/GW4+2bxJQ3hS+4aTa59ugXG\nGpqY4ooUopRyOh/hE9xqZ4CXy7IEAGbiBKnwJH+CFlXNygPSURoz9wCH5sgqQ1eA\nGfHrXcGNe2flx9gHZ3g2FUKeORs45CFQLxn2HDSuzVqn9nZfWUFddk9v7G4jSsRg\ntVrSevOXTSFzaSQr5GTQocQILG8HHkg67gKXWMNnk5CiUMVojTljcCej1F5s4Lwg\nljTfTWJMUXfD3Djc2Ap/L+PfxO/Zr0Z5glAndSFQB7aijFaQOR+TVQznRNv90UOk\nwQdF6XANcFMiK3yKQ3xZ6d7lXNTCPlLi5ngakpXhMM1lP0/xFuMWB15IL4yA1FmF\nAgwDC9FRLmchgYQBEADAz9QQ92i1rObvnk3utRhxqizU1SIKhZHEzkdJ+M/9AUQl\nDqj4ge191QMWlEh9jo5ln1abxfVMEjDbomtniPsM5kxPw9qK20M2873ibkps0yNZ\nTdqI2hhB8qBtdEOD/gKq3M27/0c3O7rpsIv8kxxdnmZ9GlRjG9c+SmVqdmZ+PLcP\nOrC+Fq8kQKhINaYdpPoT6x85FW0YLvNiR72grHOKDofqBrFChxapf4HKK6T44TX4\nPKw9G2o/XtN9Z1sfh/R44XsNwTjG8EHrwQLsFYoH3+L7UoNkkNtcwleAl0tkjyVZ\nkq4g0nJKO0KbB1HAM0opamYKOsCUaXQ1MLbXKAmIKy1wuKJR9ibH7E+2Ne41fHJv\n0v243FBnebJP5wlrDY6aBNBX5lPeJBF2q9njp2OnkHWktQD47EyhPhI0hUxN3vzL\n0dSE9/LFgWtvzXqVWIYBWMHToBBiqJRgspw3Jf4Fg0l7Q9p7u2/rwgqbIWMLIDt+\n4tn0ySuiV9jV9dVG3Ho/X7owgr57PPetTvUcU6Ph8Yiv6riLZ+qBy636iGmQd9Zz\n/8nG0BRAnU0YOdWUtvOvBvI+JC5DIs2Trj7Th0AJvlAVLiiR1+0dKk+BdNo/LGE5\nRNNgJIwGHMOZXJonuYfYe15Qy+Qcx3J/NI9VOOfSmzl7A4s8NqtuAt8FNm1cDNJc\nAZp7gi3i3PxxsEXefNMtbFDLe+5yQ4lHro47BxnNAyvnYwKC/VAiwatow9kZGNWn\nc9J/PZinOYPfalwqOl0Zn+pem0hIestNplin7v6ynxa23Cg4g1xUou0ve14=\n=UG0o\n-----END PGP MESSAGE-----",
"created_at": "2025-12-02T14:58:23Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQILAwDh3VI7VctTAQ/3W4JR3l6Aiw+cfwFMgYLr/7AwJSwC1k4w2G1VCwXMBN3g\nmC6YPp67WDR1lOTb6zpviUqVTKAEy20BMJxU7JulAQPInd/zL8woaAHc1tp+cbFE\nr2mIHPKFGgA7tc2xuGxw9+WeWHzjrdjW42vWfvmjoL1crubSzWzr20onKgT/dMwJ\nbFMGEyD7gfDY8Z3TAlMGoRTNyGVzFrsKHkvL01kW4T6K+69ECSUDXyMimA4njPt0\nj+ukDmjojtyUjxHKEvyDtjfTZh8hT6f80w8o7cG+YSJF0h4lXEdvKay3WZ0RbwZg\n6ZUI9Ng9SkFEhcIDzePg3urdne+oJQQxDuFYfioh1Lm0aX1kt0GzU9r4p5pwjNoz\nAwoHuAPaVnwU553qYm6XtghzwsHGMIa4r4JFF4+/txlC21XN9u0sslIUc/CC2fyu\n1rNRgg/4TvipAFHfp0GRWMraf3FchDhFzRqPs4Ei6Vv1ffEKQGun8iykLnN7gC3f\nclCjiorc7pmh/ZVylyKuSvR+TTih3Ysttm9jCNMB3rIkCIdz4XaNYbCPUtb8sMub\niBxcqgTIDNCc5r7CnfDyalmHLZ8s+Q31H0Ci71I3EhHf+7c6KlfCLWuLHUpN4abX\nr5xv/q6kXJJHFOAirrUH8Sik1ydE9g6gLNr3udJzdDehkSflkHAd5mka+v/+n4UC\nDAML0VEuZyGBhAEP/jGuSsy8X3dCKtdbvnN+6SCspC/reKhptMGhyxLoItcyqku+\nXCjAe5yxfHEFjPzA+zMmOF2pmsc0FlZu5+eR2+karAuK+f0fzbv2krhEE06X9mpi\n3vJDoG+Vd03Wz+C/Y69xSIbGXY97msQo9XkUuuBcVjUcsFaf7je6NNLAFmj0Mmk5\nzKmXgCL0yjwFmGSGUnFIjrXlKil1gBrYHYWH+vkeFnNHbkbh1Ul7LYPkDrT81Occ\ne7D+yMp/URxTY5IjX7yVDSANCBhK3reGSSJ5M7a7K1LolGGKUtgMLKfWs9uSVqtJ\nA619Xvo19QYladZxmvhLNS4ZbZkR5mH7pcUmX9ltB6K6/kNpSdujaYALFFLnIgmv\nwBaUjZ9jmx4zkW5B0MFshh8SNrSfbPrmEJyBF/tOLGj1YGzj3TIq9Yf0OnDtmycW\narqmFyh0CWhMVfI/ekCjSCUI+LQTi22/itmfv1IFlrVXLWtWjVNN3y+MHz/9v+Cr\n5t8mWcTy01upfwNxSEcjsAFsjyAfvjdA/TZMBJWZ5ltnEQF3tZFV5WChmh++FNY+\n1GPqtEJdinTVxfv99N9CZIwZUap4+WSYVbXEmygVMUP41BVxNLjAPo4Z6PrDfnSB\nz27BqzIDnNwVz6Si+UreJDUhogGDH7lZua09Mjb+plUyBhAJEvT50Nj2XQyV0lwB\nky4gz5OsMQivfD+bWKOx0E29KnVWWSR2HW82uPaDfWI7uPxaON7YPIvI6Xd9pOUd\n7EdEmSiVVAfbqeplRRdClabiBL8Tm6QLiAnkQiImg38jGU02IeCNbXfzbA==\n=jGFv\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],

48
hosts/nixos/x86_64-linux/pyramid/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,48 @@
home-wireguard-client-private-key: ENC[AES256_GCM,data:YL/nP4DGGjVc0wRrbJ0x+iyJfdqhE90Ws92QBl/lr3RnJzA+stcz0ey/Rk4=,iv:Ek/RVzDpcT7fqVh7OnNc9QXD3Tk/2bm6vSQDA38j+DI=,tag:G2dSpA3KZmbKAfIN+2d45w==,type:str]
sops:
age:
- recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcVdIU1MwTlQrVlRMbDkw
WXZlclBlYmp4elMrTkFPZHRpMGlGZXBDNWc4CkliYkNuTnNuZzRieGlvSHV3SCs1
S1Nmb0VJaVd4MFQzTU5XVVBuQldIVzQKLS0tIFpGUjNaSy93MDVQVEFvbXZzQnJp
Z1AzcVZpVlQ0WU9pNDNoTXoyR1RGUEEK0dfAegOiBXCnLakgBtWCYb7+hDqWFYUK
rXlXTBtICLgSzLWTtPbSVzrrZgT0SAM6vnLO/iNfAIXZlxjeOZrP8w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T10:37:12Z"
mac: ENC[AES256_GCM,data:RcvRagYaFGwMwrV63tffmYcA/m1GRjXpefR8Ab65jaldcWjfERiCWLFha9aQ1QlWUgSvCWbgC9/zFJkBBca1qVIvLOK1+nkI/ZjQ5rdUOJaP7mukLC3tcm+5f0Fe+GjTCDHGIZd/dUgkF+xVhN2XnFW1ExzRRt6q4a4pKvL6Ml0=,iv:EISJGqa2hQfjpu0X5wMJNZXzv0Loejj0Eb6kosXjU64=,tag:S81dIphr1rqQSO8jAZCABQ==,type:str]
pgp:
- created_at: "2025-12-02T14:59:04Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAlcSjeRYoj2Hhff3PbKtUdIisAyRHtX84+m5BYeRmcx5k
gwMmitFaYQO9IL8EJHXfwIlx+7gubTCHKVDEIJPT6+jwNjWPvdvRSdmelY+xIhPE
rISqzUlbpKdkhRco0vKNX1bqfLWPqcWPREyHLg0WsnPJjAmNHNz3GKDnqFJG4tip
CDMTp16dJWAnGF9uCPDZ6CcpuP7U4CHDBH5KcGnZFJoZg0VvQhqW1uTwmqI99j5G
pB54n/nhCuNbL2vktBZQp+vrwiykb4+1rZw+CcK2awcD2Ugk0d/7KieRSxRIKEbW
COIkJRxXkc3JbLjdVIZBQGUSNTtjG3Q6pUaPuECUhb+5SyUDIpiUmpR+/3iIitjo
OY+1nDWji5Q2d0BSkoRFiH9KeZn65vduQyEQRX6B0yrElBNk7etkvPdJ3bGoJ2WX
Qwlkx0YP+a2dwEtvlKav2D6aJ+uCH2MTAVVL6wEK5a6s2QYkc39qpGhzRv83nbsU
Bp0QnJ6ZSjf/C5fAealZldXO1ZDIDpbH5xObaanrYgZ5ufnUl2Q1sKUXNljTYigB
tN5z28AiDeV/INr7e1tPV+C6RtHDYi5Rxo9lfoehvdAWkbfdl/iucV2LkwWTKFLO
istGzbaxnPtJmlx6FXq+fk6g3GQcPvuv64ZqnIv76VclWcPZDYUK/EU87LAO8NiF
AgwDC9FRLmchgYQBD/4maY4LhehaKtNMt6r331YjlsnZxcv/4L5zJRc43XLeJJjf
3xjU+TZ9RvjwsTaJ4bTeoVxu8OkFgugvRVhp9sQuu/tGfWbCpn3hWIxebivarQdI
7L0SkuHg1Die2g3YqdbpDIzvnLueSvuNDJNmyUgekR8TdWJ0A/pwl/poAu8nZgtw
hiIXBdLt5xEUOihXVJwYIoHu8yjL6aZttDyZfHuDDTcCwXdqYqMHyTYmcNdGakrl
DG+x2TgsJMtipvYHT4WqcVtOYlVAH4VfgxfmcWvEIXT5u1ZpizntFqGAgsTwQwCS
vs8vbZ5WFqQTYZL2t1U0cX7ExWWdY7LZ+ap3uZ5/2R2VkT+FdplRz12DsobWMP9z
mjveWhiZx1TPa1rf5pigcvtFSQLllrLhS79Per37EoGUArS9iM6Iyhd9avHAqNTp
ywZnJ5JpQKVDeRsMZfpoKdN/C/wqSAl6O6NQX06aY3EIYvxKF8h6qK7u/4WdlVd5
Ml4Yn18HyeTkbz616TlMLlGQMNuloDc+XVORVutVphvxI50faIwi4I4q06+7+yuX
A87uJatXS8K20mDkzygP/j+T3eSzEMB69mPLo+cbhOfcmk29x7Sg5pf/JYAOuYMS
XGlIpa/VmqHOVcbD32sm2/M3AOgZBz3D2Tr2tI2JyK4ZqW/7AIFYNhnv7siTXNJe
AXNBE4bU/FRXGOH4vOqoVFvBwYOd7Jlr8QnMpFQuBDMz/408lkIojd5njvLsu/4n
qE0HKP9Sq3XY8dP4012GbkN9U/m/ca2oqVUy7rrEhGc1gLddlISHMMjNa7GsBw==
=fGF1
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.10.2

14
hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc
View file

@ -1,22 +1,12 @@
{
"data": "ENC[AES256_GCM,data:umKGtD7jTa+ex3ADPs1zR2o9YU2j3y3zCEupCGOsdJyicM7u0efXDI0g755RdPeNJiB/z1DPy+mAkePPq/m93CCppTq0BYyt0JJw53/j3ghCMJj7N3wUVstMUB01jewDSUc7SLay0lkhMCWbrTKsR1pwnfFRAG8C3rWXQB2EkU9FViCo8VaOfEF6Cq9ev/r+SEepT85wvoMxxIg=,iv:bgJXEoj7nRUsi4fA+bYVYvJYavS+BoDuQt2SCrX/2W8=,tag:lmOjPU0J0Qf/vcnO0owTZg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET1RmRTM5OUxJMGNyWUZK\nMXFqUWF2ZHhOZ1pxa0RDbkNzWnVzVFFCbTJrCm1oU25haDl5eFg5T1VzOXByai84\ndTR6TGREVnBHNlV4S254dzh2Z1lvK2sKLS0tIGFLaWJFQ2VwaWtxaURqNDU2ekRQ\na09Hbm4vNnVQaEV1aGtqTTVOUWN2b28KQaoPc/UKaeQ72GdlbtWFdALywHcUkewf\nK5pEz41pzDKOjatypm9X8ZEIEarjOHIZgMpazVM4i1PRUUefSE0phw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-10T01:10:33Z",
"mac": "ENC[AES256_GCM,data:4vPX9TdAGGBwzEc3W6pQj+BVKjp2kSAMB/L3QVXZbDHfvyKFWUOqwG8u8P7XDcuIrrpx65YuJp6zwexpJjg5zkU4favJt+uHD1wWC3TZcCpda6v3hGW3RduQAwVy+18JJ+PdSxHzrC4jmj+t/HIKp6Bt7qB0Z1ynrt/CdGIVxh0=,iv:zQQrl19jK823UynE3EXLgazehpWW5ltRCWKdnElVh5k=,tag:zIIgbyXSw6f6xW2CaVW88g==,type:str]",
"pgp": [
{
"created_at": "2025-08-24T23:36:17Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwf7TLx0TR1HBhh57CyIQLw8ztc9oblKAW/V7bSlQM/wR\nIwQTcTi3azdI9yewDRO30rIr++FEapdGVdpXoqQ8zcl49VjwDux6wzF3bsmR5Goc\nlTkDd0bmz8RBfsK+6efXiRqo3C0yP2ZTOh3PSOvsXKbYS6wY3TvNBdGnAYrfOvEw\nmBFRhn6uakw3zjVUngB1di07DH3y0wEb/r6+Mzoswzg4DqT1SAdDkfS9dpn9h3MW\n3NBesYlOukLrNA5Toi6x/fmE2lrPHt5QxPdvfvKe5ye4myZ/gBn1mdejB6U9nOsk\nRCJFMosjBH7jIpwokTjUT6Vs+zs8yrF+gbP82H4RVfZymMfdZoU/pTfYe1Mwg6Yi\ntlHyiRBgSPBY8Doa2hM8/yvmfHVMqSQf8uXltz2VC7JUGD6P0QbDLpqY3URmHg/q\nwN3zYJLlSIkU6Z7oivTjfg0dR32Z80lCdZDQf+OQsRtCUi169Fgxr7+HhdxJyj49\nFIb6CR0DHW4vsEj1GPAa0Q4uMfCxLiSZfesY8myoCtlVo7oeqx787KicJB5PryHr\nyZweKd7tXO9g8LNJtECTZ81y2/sCfSZPBia6M4oz56pIFK4jhYCY3iPnWIS77axu\n5MmqZNOP06obp87nt1ea51BmXkaYxmSPoQ5R29CeYU+m9q+kKvizncgsCl/O7U6F\nAgwDC9FRLmchgYQBEADJo2kPzrxLHptsr6aoIxfYNrQ7JJM3FAZ7do5YvAbQsl5t\ny45qZ4+qWIEMRXwji2TvgSg8/ylnZfN2+rTHdtNJkDdJ2sX+RDr8pm7L3VS2Zhjf\nIp1SdPd5cm/3QupegzUR+kcPa+gPM4asGSytIkAnnpev/DCnLsrqiejdosTDj9dn\nFtPKJKSUBzJSNRxBSpM9L+cTU1qyMT024D5Qvq6vBOjFI1YV3LSfVXQe7OZxxxVX\naChkGR1v3UjndQ4Yv9hamJJ81lRLeIcVEOpOPxLHJX76AJUqP3fR/+m2Poah8bFF\n+yIdSp2jyWOoU60We72fvlEwxsTLl8Zani+xX2ckkUCe+wsiGJLch4Df1pepxpef\nb95wZ9L0msRdHY8vRQYapde/ju8CUHgywVX7+YH3EF1bJSnUOBmyOA76v9ir09am\n49g+VomkWUuzPJ2VYQXXH6d/qn/sm9Z9yxy7e1eh5m+9cd42b4sMdW6ZCTMAtGJF\nPX0SiOMR6S0hjKVBcfcyNoT/wo7wqEl4mYDpoCy10K0nYRn+ggJnIZEJzBWibMYH\nDWUDyuQIYLjOBAchFatXyMtbc8qDorYelLX7amPRDSiDhhj6Y5nYMJtUSwfTLwkN\nrI0Q4bjE+fgNACCqPoq/BDFZotcr1b664ZUJqgnTBPKZ5OnmW/iFkOfzu4fF9tJe\nAcekEPwsFbugu2bZ0Hs5Rl/Dh9p4L9gceuMiwJ3oYGA5cwXFCeVZLNqSDLy4upVX\nnXRaMzBNGgWo4geDq5JL10Mh7/1d4GGVxdts8RGdI8zUFTPV3GOaPEHeNyIO+g==\n=2UMI\n-----END PGP MESSAGE-----",
"created_at": "2025-12-02T14:59:08Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAg27rgWRCxICvDLydZqI0o07B04O561l4O7AeLWQ65TnR\nxguqU8QnpivNec8d+EB8n8TrWv4Ed/AqTITXAjmDNWCKYE9Hn2XJwsWjBgonlPyG\nDy3uZQcMJfly25mJe9ystb2W/DVqrRlYv8ioqeRaBKIV6ZamAYIWn0PYWMZDgnK1\nlElG33ekrMvE+iCEIfRrvf/SaiX6+8LI6x+rVKpHJwC7HHg99uWxZS/RF/VroHZ7\nqpgLYlLWcx2Xt2OVdOH1NKLKmk4969UOAgifAJN0o+Ub6PtThtlQnG3goCbI4qxg\nXNCwBHYlWGbne6hOrXdnTgWlasgESc3iG8W6jUc8R2rnqkofoHlfSlB3ElinrYYv\nkxSp69F4K9OD0QBzcZTq7CcEeelYye3ur/+/sk+vOwW+FY9aWWIwRX/uyiqqvhV5\nHxhNXvaPbMwr6UP5vb/DmInVgHnxOBsiG7fYwtCFREVgMB03ML4EFf6wRDsXok/i\ngMYAgsX658E7uCA12peheZrT9UO8Hzhd2aqty8LG+uLDf42B/6/95uM5iCZjWY8H\ng6FIriuog1UcStCVXrM7FbH+Wq618cS567dTUYMsuXB1AU7DxQU9a5dqIfoqAx4F\n6PGd3qhCEaLuqiN2sVjukckzMtFaTZqf5vYTomHiNH88xJlDyFdcqqYH9ATMWLmF\nAgwDC9FRLmchgYQBEACnkjVAIWe7V6MbemMOFRbXMPmJr0e/5JIgG0ao045qhEwU\nZuVamn3JuYMfGK6JaKtzajN+jBrWixjxSs8gROyN1h+bTYH2vChiSpRU2xGGdT8Z\nRmK/KvD72imD2trt/DX+kRAXSjzppCJLSqSc2ndEVorrP02tfKVuBGchVD79X1R1\nGyEvMLSuCwa2scvWwl+lVG30D7lebtdFlBQ+iMyUhe7RSBsYtPo3uUwScOwg1TiK\n3nNtPrNDVU15AuoG3343OJRZpvw/XNbuv09Zu+tPbEIPzUux6KiwkZDBLlfNngC+\n6ti51ttlQvpuW9ESqLA1INEnlPfnXJ4ANMBJefq/E+oI4ihEaeODn6tovmOw6Fil\nF8Ng+bFH6TnsRX8czhv4UomH1b73zvwxt4BRKVHJltBY6GwrLy3AMCOqkK6kIQmY\ntd0k+joZOosdcPkfrdJgB4fHi+RZjegMgRIVZFSw5oe1RvyNIqnWt73WtCOQTVXr\nOSqaxE3cllVbbsCdo6ZqT0EbZPX/UH7DLMgcc9AcueRnDte/8Tk2xrLRBJ6kcVT2\nVVD9ralFIL5HGbH2FmxyvZVP3zbavy1FQWwwKVQQu2crEOt91PDV0SWb20ta1ot3\nYZ/KKmClCllTHsJC8VxXXDiVz0+NjFTEIlrqDsXo4dbzlxqAipW67TCZTaDOBtJe\nATHY0+eECbhizKn9B+qtHBMwO6U0DauAkQhH30Udk3t6DoklF8OJ7/2YbGV19nRJ\ndtjfG5RhPGP7o3E7wGhtf9fHpCU/AgkSR+13UTwAvbl38P2k+qAggeD5xDxrfQ==\n=CANG\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],

12
hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc
View file

@ -3,20 +3,16 @@
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET1RmRTM5OUxJMGNyWUZK\nMXFqUWF2ZHhOZ1pxa0RDbkNzWnVzVFFCbTJrCm1oU25haDl5eFg5T1VzOXByai84\ndTR6TGREVnBHNlV4S254dzh2Z1lvK2sKLS0tIGFLaWJFQ2VwaWtxaURqNDU2ekRQ\na09Hbm4vNnVQaEV1aGtqTTVOUWN2b28KQaoPc/UKaeQ72GdlbtWFdALywHcUkewf\nK5pEz41pzDKOjatypm9X8ZEIEarjOHIZgMpazVM4i1PRUUefSE0phw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UFZTaXFNdjF2UmRFd3VL\nY2pZZ3ZaRkhZSjdVUjIraHV5ZlNaNGtwM3k0CkZ4OVRFcmR3MFBDcmdsbWFId3Iy\nVzQyUGI1eG44d3JFL2NvZEg4NnduT2cKLS0tIEdhOEZETk9nRTlVbmJ5UW9GalVx\nS00yaUpJZVFVNThFei8yRzJYejRkYk0Kf6Z8WnG8phRtFIUWIPys3PW0OImhAcF+\nUFLuL4Qr7zWaeItCRieYCs1yBn7KbUJHZNkJcvnkYW50NYvlEa8wBw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-23T18:03:21Z",
"mac": "ENC[AES256_GCM,data:8KSKQH7qF2vLnR17a3XhYGAqYq4YNgf7XEkpeNVHD39Aj8MzdlsGPr9vI2o/N1yTpQyJrPW1ntKVvI9rHwcJhm5nyaQiHVwKHWcxcn7li6AeztV4HUqwKxQwf3MHfZ4fhWJrI7NYAuMAbmK6epa/ROGsIGnT6vQh3SImcn+Kkcg=,iv:dT8dBuSsYRxGe93/9ie/6/X4Ru5NDycz2pgMVI83wbc=,tag:r1mPjG/JOQsRDzCktIlisQ==,type:str]",
"pgp": [
{
"created_at": "2025-08-24T23:36:17Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwf7TLx0TR1HBhh57CyIQLw8ztc9oblKAW/V7bSlQM/wR\nIwQTcTi3azdI9yewDRO30rIr++FEapdGVdpXoqQ8zcl49VjwDux6wzF3bsmR5Goc\nlTkDd0bmz8RBfsK+6efXiRqo3C0yP2ZTOh3PSOvsXKbYS6wY3TvNBdGnAYrfOvEw\nmBFRhn6uakw3zjVUngB1di07DH3y0wEb/r6+Mzoswzg4DqT1SAdDkfS9dpn9h3MW\n3NBesYlOukLrNA5Toi6x/fmE2lrPHt5QxPdvfvKe5ye4myZ/gBn1mdejB6U9nOsk\nRCJFMosjBH7jIpwokTjUT6Vs+zs8yrF+gbP82H4RVfZymMfdZoU/pTfYe1Mwg6Yi\ntlHyiRBgSPBY8Doa2hM8/yvmfHVMqSQf8uXltz2VC7JUGD6P0QbDLpqY3URmHg/q\nwN3zYJLlSIkU6Z7oivTjfg0dR32Z80lCdZDQf+OQsRtCUi169Fgxr7+HhdxJyj49\nFIb6CR0DHW4vsEj1GPAa0Q4uMfCxLiSZfesY8myoCtlVo7oeqx787KicJB5PryHr\nyZweKd7tXO9g8LNJtECTZ81y2/sCfSZPBia6M4oz56pIFK4jhYCY3iPnWIS77axu\n5MmqZNOP06obp87nt1ea51BmXkaYxmSPoQ5R29CeYU+m9q+kKvizncgsCl/O7U6F\nAgwDC9FRLmchgYQBEADJo2kPzrxLHptsr6aoIxfYNrQ7JJM3FAZ7do5YvAbQsl5t\ny45qZ4+qWIEMRXwji2TvgSg8/ylnZfN2+rTHdtNJkDdJ2sX+RDr8pm7L3VS2Zhjf\nIp1SdPd5cm/3QupegzUR+kcPa+gPM4asGSytIkAnnpev/DCnLsrqiejdosTDj9dn\nFtPKJKSUBzJSNRxBSpM9L+cTU1qyMT024D5Qvq6vBOjFI1YV3LSfVXQe7OZxxxVX\naChkGR1v3UjndQ4Yv9hamJJ81lRLeIcVEOpOPxLHJX76AJUqP3fR/+m2Poah8bFF\n+yIdSp2jyWOoU60We72fvlEwxsTLl8Zani+xX2ckkUCe+wsiGJLch4Df1pepxpef\nb95wZ9L0msRdHY8vRQYapde/ju8CUHgywVX7+YH3EF1bJSnUOBmyOA76v9ir09am\n49g+VomkWUuzPJ2VYQXXH6d/qn/sm9Z9yxy7e1eh5m+9cd42b4sMdW6ZCTMAtGJF\nPX0SiOMR6S0hjKVBcfcyNoT/wo7wqEl4mYDpoCy10K0nYRn+ggJnIZEJzBWibMYH\nDWUDyuQIYLjOBAchFatXyMtbc8qDorYelLX7amPRDSiDhhj6Y5nYMJtUSwfTLwkN\nrI0Q4bjE+fgNACCqPoq/BDFZotcr1b664ZUJqgnTBPKZ5OnmW/iFkOfzu4fF9tJe\nAcekEPwsFbugu2bZ0Hs5Rl/Dh9p4L9gceuMiwJ3oYGA5cwXFCeVZLNqSDLy4upVX\nnXRaMzBNGgWo4geDq5JL10Mh7/1d4GGVxdts8RGdI8zUFTPV3GOaPEHeNyIO+g==\n=2UMI\n-----END PGP MESSAGE-----",
"created_at": "2025-12-02T14:59:33Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//Qx2BW0k3Q/pAvbKZScmhoIoFpV5nb+ZB72J6+f2HQLSv\nVQP72XDoYyIfW7ERsY09gkNIJejZ5n/fgB5KkyEqsBRP4fYDXl+XfAvPTu3YuQOo\n9mA2baJ0HkBnsrikycaUQAIXMMCAUBS6Ooi1blQeYA9khqr5Kc361IwB4bv8WcIz\nGcBPSWBc3B86qK/v8l0Kle1mcUu9RFxNZkitjxKdf9GDn6gKo3yBWt+/8NJLDUTq\nHjrBH4WpqB8mVDupg/p6OUASc8y0pnNmbU0GK3is4IO/bk9QqPX/t2y4CUhlE3Bh\nnxYGYauohXGs/IbCGXtkd/wRcMwsXtgkZYT/wfu44/O2VW7V7MpBGVlTXmOWK5yI\n2dkqpAt2T5tFVDDX8bqDfZ2xbGgSLsY/XWwNzl60WSvcAnFoZSf4mu2RJFLAK5QZ\nGDz+N8shR8BgkzIWIjMwzBbUB+3snYkJVA7wm/idhernkB0E83JAOOHk+UGuHFWA\nkrrWPHRWf4Gy5ZEmkzVACfhzH9AbPP8yHbTh5y33I7Yv4E+4qjoVEwTNA1LSYy17\nlaMI410x7htrzxv8M06LlE47HrJPLu3+YHUPKQC/LzV831LB9IYymskYL3rYUHzn\n7BS+9Njfg+7cdHXjRABZk2yz2+XZlSLIyCC82Kbmybd3F+s8u/pP0N0TcBDTPrSF\nAgwDC9FRLmchgYQBEACaz79q7F+YshiA4MSiKoiwgVnq0HWruMtQ+exE9Ky/hTfT\nCnNn43KSE/s4KytcB8KPkXPpZ/BHSv+oxY/XGh1dNWnKQocyCHqEOax/QruAu7VS\n/CbxyUFYQS4sJIbfmQLkx/FEnaHenSOTjOBatlnVFQ3qn6MjXyq1LThyfGaMlH84\ntAUYnNG3MQsz/U7Pj2nkScfDZ0XGIu2rvB2ddVdkjr1H3acQVplAlw88yGD+lDOA\nqnafNS8FgUtXoXCPVe6SRdpqfWPGmn1jhvjCiCUtzZG3RPew2AV50RAlxP2AEXY0\n6cMeL+NJdqIGaP3Ttyn9oVbroW4N7p3rb/AGj4ZRy4QOXPkWI088qmhYgIpjJZM5\nI3g80gnkBfFrOaVM1RVfn1smT9KlCR/8noKTE3ajBaTZZJrzBclzATdkGi7rIaqS\nvAWH9LnEGFs30W/mj9avis8aJwiPYsO+1ah5sVMnNKMo8KND2MMy+EI6AvgwJKz1\nNQoIP7jHB3h8sw91Z9YhB0RTQ8yCG+IrpXnWGAVAcswtTtJbBQlXxc/h0jpT4Yw0\nV+J6xX5/PI/ZQbIbj/i5hgh+8lsvG3gRRh0zH8nSNf7yMTYQe6iAe9xHRH/kSHX/\nOwObvvrCzZcsX8b6gTXn9AzXYGST3j3wBa8sQH0NRkcZFsCh30FhEDApItQA8tJe\nAbaLVOZ9WKJCCVkTJCOBCus1zInXbFr1ZQjTciJ4WjnqedH6SVvPC9HmI9vDCXw4\nzonohAH+mjtmoRfwMGdiJO74IfX81p5MwOX94TwYB2gAp6ycyCHjZgUtpAFPKw==\n=wNQ4\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],

64
secrets/winters/secrets.yaml → hosts/nixos/x86_64-linux/winters/secrets/secrets.yaml
View file

@ -49,47 +49,47 @@ anki-pw: ENC[AES256_GCM,data:h4RBhKV6ZzDQk7s=,iv:r21zH3sDKwRxfi8A1DPNEVhKTbb35qW
kanidm-forgejo-client: ENC[AES256_GCM,data:2iXE/dmOQtY2NEsBgDqkqwD/brF0vJs+Ag==,iv:PBQ03z/E6R+u7Y56fPzJSnsoCa5PUYSiezZFOMLz4eo=,tag:jThgOC6h2hHJUclDju/MtQ==,type:str]
sops:
age:
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
- recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRkpkWUJicWZkVStiWkZm
d2lYR0o2dXFsUDdHUjI3YjJSc2FDM3FDS1dFCnE4TDRCTUg2OUlocGVaL1lNd0dT
cUFBbDQ0c1hHTmlBbnNsR0hjNFdidDQKLS0tIHNWSzUwSkdZZWZiOFpiVVVGNXlh
MEZ1UWw3alF1WnJZMFZvMFBpbDFJZlUKGRnoEEgjgJ9SSblmldtY6d8MdAy01yxl
qkvEIoXbL+ky2ira7EgjD0legThzCnmlXUlcSn3SpwbkAGgcfd2kWA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVL1FJNlFQeXBJWEoydWEy
dDZiNTYvSE9ZWE1Sb2xXZjRWMzhRYWQ1UENJCmkrSFNsZk51aGZtSnJoWlQzbURS
aGJQTVpQMVJFTldwYldzN0l0cnVTeWcKLS0tIDlSb3BwV1ViYU4ySWc1dzdPbTMx
c0lDa2EvQkUwM1ZIc1ppY1REZnlPKzQKJRXSl8SYQwzgPw+twNAFy3y+S2r7JwS0
xESNBdFS4Ntg9gXENRBzCaGmoOJfiFtGditBlvWUwbDYwLdn/y3kIQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-28T17:45:19Z"
mac: ENC[AES256_GCM,data:lIdIP+Js+FzjJCoClGxqP1epl5fVkPzfJmOVauFNlXKRxx90/E3478oQHi/KbP7eFgPoy+0hAbMwnBmo/1tOKb2ky80/6IMEkbftiO7YZqy8opbSbCtj6ypOOwwPf5rgtXHn0LV+EtDQZzIBY6GhcERO6IQpFRAXeIkSGcpM3TE=,iv:sphhFBg1xgupLGQzRovea0wvsTolzfW/z+gjj9CyklM=,tag:bdo9FlPPYKdl87lsBsiEsQ==,type:str]
pgp:
- created_at: "2024-12-17T16:24:32Z"
- created_at: "2025-12-02T14:59:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//XSGUC2tN5WFAcjrJK9uj7gh5l5vrpPxhQZWI+rBGukeG
dQZKiLtmdxS3XcLYRfTOEpuBj5ThKwR51Nw+W6HAXWl76Z8BFON7J8dJCmVMvqZy
UJN+PpeLWpmtNIP9ZlVEYcvz4kaPV5Z/1WoApNEi5ean6W1nyWEHDsFfrXwtDYes
vNehJG/HnNCo89MEgp6rpnART5Q/lu1h8kYFMvTMPAcGS2I7C/P2vyT/9zklaNpC
kWDla4QUFutnDkqtIWJtAfX5etJ+sgs+qCU/YhBAW7goOGetORklhlCvpL4Izddl
o/7y9S+qK2IEDm2IOCqvOtNgiGRyodvfrE1GeCT5UHoSpwXIfpqY/+zMLQN6LAVi
3k/gLBSk1t0linguBElV79mxasymXpoIvm5obuUazz/yTei7PJpy9e37hbxQVSIq
fCA5q8kulhyNaQjs5TtzzVLtIUcWrXoypgxDbBB/GCr3DaRmoww0RHhxlZEsVjKf
I0zMAz/dzfjey85OVommkCGQ48yvF4B1jXfn82ebdo8JzgMbnBZx0z5mLChq3Tfw
8aDvgRc3XwoyoyAxDbcYswWVHvBznXfKcd4141V1ESsJYR0ucDokyG5PeMK3oe0d
boyQ8z8oby+4b+HNhwquos/kbVyvIya78UK+OMsJVddR4Wxfzg5MPozmjQCDVzSF
AgwDC9FRLmchgYQBEAC7UHMJIQveWcvTh0T5gqaYig7R8GToFAe4gXRFbE66pbWJ
WrzbnvpWPejHyLLRPz92eO0cFx1kGIx5pU8GRzVv8ZNUPhfrxnZanpt1OM2XhPrO
rXrYI7tjhKV6arkgufr7zoUp1uvPt74PAdtcjxyOzel+YJTnGVxDnw9SE1fZwz4o
UGujT/5TANf2W2b934PW+jgvLzIBFBK8z1dk1FRsRaYepAE8P3GzFh1MkJTog5Xi
4QMUtx5603/TAxaR3PoLqZ8URr4mu9Nuzjdufz2VUT5NzHF/tjJ11kL9YV5Cztll
i7AHdEOWObruayFlFlz7p+cf/MvGWLrBzx0mrjjj9xabOZngjBzlkntfGQF2Z6NA
ai7/lgylY7UzenmXScDYiHBBKvUhZlo/aRm/P0DXvcPgay4TyG59mwVGw37eRlp6
050B0shFW0Q0zpyaCDBvLk1MpGzEOk4rwxmGnlgkN+ucdnIEBbaaAWKytUWLqhPL
v8y9ACBeKhmTCUbaPx8ZrRYMGSNR++D6CaS/evFOXCKmKk9vVpCHC8oNUYEEmh0u
6brYvlWHDCP+iBrU3kWvVi9tQNw8uA7484a25nPl3nXaIvZMnDqZz9TR5R3Y0iPr
RFCnoh+dxz3eFyNApoixi3TeE84HFS+vBJW6ltL9bGcUtTTkPvpZaYpfYk/sj9Je
ARU3lavfUxnA09R5Rg+JV8VQIN5Alir93aiqir2hN+qk8PDnL/vM5LqL3OW1GM5G
yx+BAO+JfvOdZf+L1EwKtA7RqJPp7pxGtdgvzO+9lpUVdGN1A3wLwekp6obNpA==
=O/2K
hQIMAwDh3VI7VctTAQ/+N3ZPYAsZ2e/nJZAxuSJd+kmlAk+JHJFrf0K4e/u6Cpct
T/UmlYpX4w3LMjkctSzNvBbih/aQgrSTlBfalffxh+B/NBqnWZQn3BfgcRtJYdxq
Oov3bCNXuJuvQvvc+J6FAZ3hJUnSOfZX//KAgO6osYQ0UePkE6a5mWjsflO0u7d7
H8iPt0T9O427sN7mi6D3Nx4okjeRPLWEAyel1i4Obcr+w4xMTsDQJyTvCT9EnIfA
STTUAhIIbNYW9UU9OLhx5du+uar4TrEMzw0x709WXxyX5hZpjEsJ1XefqI62utLb
LseYg1XXkBtfnkbUzVGHjCzi2pifGaBYklZOlgYnd2gCIwxqlp8QQrBSsViPhSTw
p3Iee+FfAVeJLfk6Nn9M25j4v0WymyM5DcWVkHfG3X3Jmh0ZpvKeyN0PMl3OnwFd
Ol8gZGAvfj1d38XzP5RcG/ezDPXSKE2BMju+KpTlWCVSO2o5mJhN9DrDzgv4TaBj
QVOkA+XmeT3UXoU7qUPFm4pLGxLm2hSPLDDOSjRxSMcG9QmsRs3fK4FaxQ6+NELi
RtG3xY3ZtdIeMKGsrclaRI2TTDeXsO66IzRbfEh6Kb40IoXcEjMQB+EMGw6qVs1S
1m81oKNquiN+MCyZST7WbGsQAGcW0h815V+1O0oBTzXvgNIvGIFBu2k2WjqsT/KF
AgwDC9FRLmchgYQBEADAP8JaZPeXM9n2rkVuiPijTBD8cutEbXQh6orb8susSzqS
ukflPweamJRFdWUkxzCFLZGbnx/Hxx+wjwyPTeYFJDGTafYj9Qbls+jlVPYycUJ7
Mp0XaqTDBDKGJF6n2Qyl2RSrl1j2fB/94Z3eQLMmdR2ojuyAMUcVK3+/NtooV7yH
WcB89pIhLeRU+D+qvn6Yr64m0lc65FIVo4zYxGEVCf/RRYrC2nGEeAUxjfEAnAJo
OvO+yKPvmzL+Xn9Ecc/OC6axuzuxuDm/X89b0QE+TuvzqEPwm45s9RUkdco8nDJX
23Ds5BhuX0h++2SjfWXUOAfj4VCgTPTUE+hWor96FDGdneKvpIt3rUVdEg/ggRae
SOpn5f0dXtin0K1QQZENcj38ldr4AremCaQVc0vg3IEl/3Qz0xNSX//YjJxUbHmC
5WvFMXTrIbpnnEoVdk+UavAsaL9mOOhRRU8feyMSawztLV2mJLBDz91hQP7UE520
4k3DWf+6KF3D9V0B9WCfapTPWjiJZrHWI2jBZzJ2KAZx8LLoRrNlVDUJ79lYI/y+
Xk3s9O0jq9BrLSLm/CLar5JwUY26ZxUb8buvzXovABqggjtWI+uUPdNR8CGrcFgH
4pcyrzkUc0YqR+SkI/xVAAXuD3LqLA2OkJGCI47duEkv2GyHvLe/ZRh0/K66n9Je
AW0Rgbbszs5H51MG5OKM8PYg/fP9wkMlAjEoSvk7I853CFibR5frNhDwYY859Xsf
YEHROhyEE+2nCui16IJ2DkyEXK+yO33cPLyXJ0Z+kRb5toRALr5o3iOgo1x5rA==
=SXse
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted

56
hosts/nixos/x86_64-linux/winters/secrets/secrets2.yaml Normal file
View file

@ -0,0 +1,56 @@
#ENC[AES256_GCM,data:K3S1LFrPmaS5,iv:dxFzPLhN2otgy02VWzrLURmomtYdoIBHvEJ1LJ7Lj9k=,tag:stKgkBnRDZkCPlvFk+btRg==,type:comment]
radicale-user: ENC[AES256_GCM,data:2G+WXxw6jrnPXsI=,iv:bUEhBDrdTt+O/4TXMkhmqnzfkSiws4n7L54Z0zZnSOI=,tag:JGQPit5uGqITUyyCpU3OIg==,type:str]
#ENC[AES256_GCM,data:+7JEI2P/6/5yiWQ=,iv:hV4TyNFsyugrfFM0emxGDDDq54XWy7fVCf/kwD0mtCM=,tag:iZz9mPsLG02rlgV1vP8aBQ==,type:comment]
prometheus-admin-hash: ENC[AES256_GCM,data:dUmTW6W419TzF8dLGcgRLlbLBg9puzgznNCrrAuNOIuhXCBrqaJdtyIVFCsnrDSEh1ZdMfGki4UERZcf,iv:XIlb65V6yhrKSU7AbRs6k1ISljZjWnAm1dPTCONwDJI=,tag:UkdDTywivitSxYR902uM5A==,type:str]
snipe-it-appkey: ENC[AES256_GCM,data:VWEGKbCD5P3uxeyMVtK9a7BcVjXlXSEsJxfLEwkHz8l5o0Xq9lTbTpsfOoc=,iv:3nq+xuuujjevWdmk3SdBai/EWXwL4F3Kv4M3yc/faIM=,tag:/cNC/EKR1NWQhJrh46meCw==,type:str]
snipe-it-db-password: ENC[AES256_GCM,data:O+LgX+XyJEaF+1oYcjyMpUab7AD7tWK3LBd+7VJOKq/Mz+k=,iv:yJgwlG/ln5BdwW2c62UJLIkrCWakKvj64LMQsjTIwJI=,tag:yw0rC1GJo+KMn1wXRdJomA==,type:str]
#ENC[AES256_GCM,data:jGvWDKbVKA==,iv:N4cMopsUPOfymKpMD7oB04VtS0cUX9yNNqwyWEdyMi4=,tag:L4PMmMcM1NCc8LPG6GJLMQ==,type:comment]
garage-admin-token: ENC[AES256_GCM,data:2N2kqXt7kraqMQEkDuNQN3SRiL2WKRA959Uc7HAdSlZcC2Ft06YUb+Elktw=,iv:dhAZoQBhvK07+wBpMEsI73YN2oX9dMthV3SaDWZgea4=,tag:0Pu0BDEYU9WYQQ1hJr8qFQ==,type:str]
garage-rpc-secret: ENC[AES256_GCM,data:s8qGCm8WM/pvX7wZJyenohMAHnNWrumUxyJvst194h2XPfpLBbKVZwZ5t4zkwqh0yJNgLqE+2ekwCxa/xKqemQ==,iv:zUo/x2LWS7b2E2kZHDfa6lAwxAcuNir5a+mg+ASDarE=,tag:XgBh3ajVDy0vWccX8yZXSg==,type:str]
sops:
age:
- recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cy9Md1hDczh5a3R0cHBk
WkhVQjF0Z2M4Tkl6cUhKengxQURjbTIzZmdzCldLQkNieWxPbWUweTBsTGhTVXdk
ak5vbm5MMnV6ODhYMlVIZ1VCNCtrS1UKLS0tIGE5NW1oMjdEOG44LzVPSWJBRXRH
Vlo0aFFGYStnUWFINS9pQmI3UVA0QncKVwXbULXogQRI1naoeyV2OdIcFA0khAaA
jNEQyT1ijbq/w445dN9AhJIWiD+r3JdF49HCyqw2Vfw2uaQ0VSGVEg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-05T14:55:44Z"
mac: ENC[AES256_GCM,data:nyz3jp/qV8bwgx0q6c7RmXtzdmwVrt8C6FU36qtzUm8tPlAd1K7MmgxRKFi85NqOu3XPII2OkwhNPRBOJuQOoXGfo27odfZl4riQ+any4GNarDZ5deZ54+kjgqyvP70dsm/tiZgZ8Fjwat4iLV+mqJYMS4OBl5krr5ocU+LY1pU=,iv:l56tIBgMog4HSxP9Fb4pWSD/z5FaPlHRkUYqlkhydzc=,tag:IT++kT0EncDzEEX4DdjW3g==,type:str]
pgp:
- created_at: "2025-12-02T14:59:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//dPCsdkrC5mSklMv6p5BYAznEEoH+lzjiL0ZEWj1ZzOFR
PNWlhPyievd0MR995M7M+MEjLEcfIPR59kviuWhSHgb/pQwOL4lDFhDeno44Z1o9
PSHI7Fl0Ew0QSm+PLjUgdhcKTBJNvUtJuK243oaXCbWLHGXbaFBdEkZcgMBTP0mo
8eexRFk81ggxzwbJhbmVmXBvn+mpdvFqnphZY0tL1bDiZ53OKA9YsKQAA5gwNKGQ
oaDS1mxVbxazsgWNqFLyQzQHua/gGQu8l8kTm2qB+MB5qbT6kFrTjRnQlXKmp6t/
0/+QUox1IG7bu/h6AJMaixbGVup+YkMcIW7Yplhd6r6pBENtCrCS/9I3ichjwk19
WyPI5HIYd1ojwiz7N6MMweshAZSGA4HHPJH/i3BaRGiGmKPAjF4IqJ/9VSqdyrA4
cb04Yg6vJEeZMoApEggbS/sWoi2OIetpCyijF0GhRO+jaxRZh4i7LyixOVocfRSp
QW9xfyt3FwCQNZYSIu4Q/xUE4twC8mPGYdrZn0Wmtran7Riwpm8X6kkSg/yan4/q
2PFhglzyWB2of3zEbWJF5bXlZi8LY/CkC26Jhpeo4kV2414sjWf/VScqGKoZZivx
az84NTpSQsd5DdLDPTXpMCekBTSEs7Qi5ynLvfljGAIwXMdXx96EmQEQ0AHgXhGF
AgwDC9FRLmchgYQBEACOT9l+VWm9JDIkrYK8JXRcXo0hryvR+b4T2yfNJqRSzIu5
rUcgbjKdehBW3trWiAnn4P3PpGnkACgbWYdNRjdTxYRTi0ngjb2IoMkMlEeBklpE
hPK+T2NhdjXcz9kOgG8zBu3rKq4hZDrno+s7RDEtQdAu+ocBljz6KtkPvx0QDwsU
vX0f+ANsdWVBcgkkQbnHP+htI7GOan0KjTCNaFCYjXYpQ6AjdyosRNOVLs336LUj
+M5oOhvLAIYD5djQ+xQcSp1Ysml5NqttIlQbW+Pdm4WCi+Aq8QQ+IMQQCPBwJwx+
NjzcxTrtvMQ0s6lFR/BpO7YCTuyQtU9QAmxlf/mLmw2eG40+fmTHHfmWdgdOaYNV
/2V9t55LnyVeBOzBBta1yt6r+TjIrSPnEnDeeffJ0BrRX5SRxkYAht946qZLaaw8
k2gLVqdwCsc04pM64Gy2/pazU5tVJvOifds0hHGDiCSB7lbqIXJGtj4hDqTfFNyq
U0RUQLoD2Chu+JPlP1I/yrwjbOfYd/8WrqAp9lLq1VrMYxRbJ8VR3iKMt52bL3LB
8wBHd3fK/dqjRsWqmjXX9MgH88QEMoBMlmZFhHduSNn1b8G3euC/X0TuWtitrhfD
AuC1ltIYyPIPi9hDCnTVGIdh0Yd2sSRcNSDm9haLGtujKI+dX++gHcS10FWlAdJc
AVicyxR4eepEnBDypeofatCECsYftWsIF7u5avxPbfN30l5kO9PKaI0J1t/n1r0w
+5Q3mRfDzBJcAQOQ7aHGcMJd7dvdm0VC89JsCoI3VA08g/dimLRZyBhVwY4=
=oajO
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

5179
index.html
View file

File diff suppressed because it is too large Load diff

2
install/installer-config.nix
View file

@ -1,6 +1,6 @@
{ self, config, pkgs, lib, ... }:
let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/public/ssh";
stateVersion = lib.mkDefault "23.05";
homeFiles = {
".bash_history" = {

4
modules/home/common/anki.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, globals, inputs, confLib, ... }:
{ lib, config, pkgs, globals, confLib, type, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
@ -54,7 +54,7 @@ in
})
];
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };

4
modules/home/common/emacs.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, inputs, ... }:
{ self, lib, config, pkgs, globals, inputs, type, ... }:
let
inherit (config.swarselsystems) homeDir mainUser isPublic isNixos;
inherit (config.repo.secrets.common.emacs) radicaleUser;
@ -103,7 +103,7 @@ in
startWithUserSession = "graphical";
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {

2
modules/home/common/gpg-agent.nix
View file

@ -30,7 +30,7 @@ in
enable = true;
publicKeys = [
{
source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc";
trust = 5;
}
];

4
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, globals, confLib, ... }:
{ lib, config, globals, confLib, type, ... }:
let
inherit (confLib.getConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4;
inherit (confLib.getConfig.repo.secrets.common) fullName;
@ -200,7 +200,7 @@ in
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };

6
modules/home/common/settings.nix
View file

@ -43,11 +43,11 @@ in
trusted-users = [
"@wheel"
"${mainUser}"
(lib.mkIf config.swarselmodules.server.ssh-builder "builder")
(lib.mkIf ((config.swarselmodules ? server) ? ssh-builder) "builder")
];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
bash-prompt-prefix = lib.mkIf config.swarselsystems.isClient "$SHLVL:\\w ";
bash-prompt = lib.mkIf config.swarselsystems.isClient "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;

10
modules/home/common/sops.nix
View file

@ -1,13 +1,13 @@
{ config, lib, inputs, ... }:
{ config, lib, type, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.optionalAttrs (inputs ? sops) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/general/secrets.yaml";
config = lib.optionalAttrs (type != "nixos") {
sops = lib.mkIf (!config.swarselsystems.isNixos) {
age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.ssh/sops" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${homeDir}/.dotfiles/secrets/repo/common.yaml";
validateSopsFiles = false;
};

4
modules/home/common/ssh.nix
View file

@ -1,4 +1,4 @@
{ inputs, lib, config, confLib, ... }:
{ lib, config, confLib, type, ... }:
{
options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
config = lib.mkIf config.swarselmodules.ssh ({
@ -24,7 +24,7 @@
};
} // confLib.getConfig.repo.secrets.common.ssh.hosts;
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
builder-key = { path = "${config.home.homeDirectory}/.ssh/builder"; mode = "0600"; };
};

4
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, inputs, pkgs, ... }:
{ self, config, lib, pkgs, type, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -320,7 +320,7 @@ in
};
style = builtins.readFile (self + /files/waybar/style.css);
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};

4
modules/home/common/yubikey.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, confLib, ... }:
{ lib, config, confLib, type, ... }:
let
inherit (config.swarselsystems) homeDir;
in
@ -13,7 +13,7 @@ in
confLib.getConfig.secrets.common.yubikeys.dev2
];
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};

6
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, inputs, globals, confLib, ... }:
{ config, pkgs, lib, minimal, globals, confLib, type, ... }:
let
inherit (config.swarselsystems) flakePath isNixos;
crocDomain = globals.services.croc.domain;
@ -133,9 +133,9 @@ in
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
croc-password = { };
github-nixpkgs-review-token = { };
};

6
modules/home/optional/work.nix
View file

@ -1,10 +1,10 @@
{ self, inputs, config, pkgs, lib, vars, confLib, ... }:
{ self, config, pkgs, lib, vars, confLib, type, ... }:
let
inherit (config.swarselsystems) homeDir mainUser;
inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses;
inherit (confLib.getConfig.repo.secrets.local.work) mailAddress;
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
in
{
options.swarselmodules.optional-work = lib.swarselsystems.mkTrueOption;
@ -652,7 +652,7 @@ in
};
};
} // lib.optionalAttrs (inputs ? sops) {
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
harica-root-ca = {
sopsFile = certsSopsFile;

4
modules/nixos/client/network.nix
View file

@ -1,7 +1,7 @@
{ self, lib, pkgs, config, globals, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
clientSopsFile = "${config.node.secretsDir}/secrets.yaml";
inherit (config.repo.secrets.common.network) wlan1 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon;

4
modules/nixos/client/sops.nix
View file

@ -5,8 +5,8 @@
sops = {
# age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/repo/common.yaml";
validateSopsFiles = false;

2
modules/nixos/common/home-manager-secrets.nix
View file

@ -4,7 +4,7 @@ let
inherit (config.repo.secrets.common.emacs) radicaleUser;
modules = config.home-manager.users.${mainUser}.swarselmodules;
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
in
{
config = lib.mkIf config.swarselsystems.withHomeManager {

6
modules/nixos/common/home-manager.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }:
{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, arch, type, ... }:
{
options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
config = lib.mkIf config.swarselmodules.home-manager {
@ -10,7 +10,7 @@
overwriteBackup = true;
users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.sops.homeManagerModules.sops # this is not needed!! we add these secrets in nixos scope
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
{
@ -31,7 +31,7 @@
];
extraSpecialArgs = {
inherit (inputs) self nixgl;
inherit inputs outputs globals nodes minimal configName;
inherit inputs outputs globals nodes minimal configName arch type;
lib = homeLib;
};
};

6
modules/nixos/server/bastion.nix
View file

@ -14,9 +14,9 @@
group = lib.mkForce "jump";
createHome = lib.mkForce true;
openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
(self + /secrets/keys/ssh/builder.pub)
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
(self + /secrets/public/ssh/builder.pub)
];
};
};

4
modules/nixos/server/disk-encrypt.nix
View file

@ -49,8 +49,8 @@ in
enable = true;
port = 2222; # avoid hostkey changed nag
authorizedKeys = [
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/yubikey.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/keys/ssh/magicant.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/public/ssh/yubikey.pub"}''
''command="/bin/systemctl default" ${builtins.readFile "${self}/secrets/public/ssh/magicant.pub"}''
];
hostKeys = [ hostKeyPathBase ];
};

14
modules/nixos/server/dns-hostrecord.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "dns-hostrecord"; proxy = config.node.name; }) serviceName proxyAddress4 proxyAddress6;
in
{
options. swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
nodes.stoicclub.swarselsystems.server.dns.${globals.domains.main}.subdomainRecords = {
"server.${config.node.name}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
};
}

2
modules/nixos/server/kanidm.nix
View file

@ -1,6 +1,6 @@
{ self, lib, pkgs, config, globals, dns, confLib, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml;
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "kanidm"; port = 8300; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;

6
modules/nixos/server/monitoring.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "grafana"; port = 3000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
@ -11,6 +11,8 @@ let
kanidmDomain = globals.services.kanidm.domain;
inherit (config.swarselsystems) sopsFile;
sopsFile2 = "${config.node.secretsDir}/secrets2.yaml";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -25,7 +27,7 @@ in
grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
kanidm-grafana-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = self + /secrets/winters/secrets2.yaml; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = sopsFile2; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
};
templates = {

8
modules/nixos/server/network.nix
View file

@ -1,7 +1,8 @@
{ lib, config, ... }:
let
netConfig = config.repo.secrets.local.networking;
netName = "${if config.swarselsystems.isCloud then config.node.name else "home"}-${config.swarselsystems.server.localNetwork}";
netPrefix = "${if config.swarselsystems.isCloud then config.node.name else "home"}";
netName = "${netPrefix}-${config.swarselsystems.server.localNetwork}";
in
{
options = {
@ -16,6 +17,11 @@ in
default = netName;
readOnly = true;
};
netConfigPrefix = lib.mkOption {
type = lib.types.str;
default = netPrefix;
readOnly = true;
};
};
};
config = lib.mkIf config.swarselmodules.server.network {

2
modules/nixos/server/nsd/site1.nix
View file

@ -3,7 +3,7 @@ with dns.lib.combinators; {
SOA = {
nameServer = "soa";
adminEmail = "admin@${globals.domains.main}"; # this option is not parsed as domain (we cannot just write "admin")
serial = 2025120201; # update this on changes for secondary dns
serial = 2025120203; # update this on changes for secondary dns
};
useOrigin = false;

4
modules/nixos/server/radicale.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "radicale"; port = 8000; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
sopsFile = self + /secrets/winters/secrets2.yaml;
sopsFile = "${config.node.secretsDir}/secrets2.yaml";
cfg = config.services.${serviceName};
in

4
modules/nixos/server/snipe-it.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "snipeit"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress serviceProxy proxyAddress4 proxyAddress6;
sopsFile = self + /secrets/winters/secrets2.yaml;
sopsFile = "${config.node.secretsDir}/secrets2.yaml";
serviceDB = "snipeit";

2
modules/nixos/server/ssh-builder.nix
View file

@ -26,7 +26,7 @@ in
isSystemUser = true;
group = "builder";
openssh.authorizedKeys.keys = [
''${ssh-restrict} ${builtins.readFile "${self}/secrets/keys/ssh/builder.pub"}''
''${ssh-restrict} ${builtins.readFile "${self}/secrets/public/ssh/builder.pub"}''
];
};
};

12
modules/nixos/server/ssh.nix
View file

@ -22,14 +22,14 @@
];
};
users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/public/ssh/jump.pub))
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/keys/ssh/jump.pub))
(self + /secrets/public/ssh/yubikey.pub)
(self + /secrets/public/ssh/magicant.pub)
# (lib.mkIf config.swarselsystems.isBastionTarget (self + /secrets/public/ssh/jump.pub))
];
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK

126
modules/nixos/server/wireguard.nix Normal file
View file

@ -0,0 +1,126 @@
{ self, lib, config, confLib, globals, ... }:
let
wgInterface = "wg0";
inherit (confLib.gen { name = "wireguard"; port = 52829; user = "systemd-network"; group = "systemd-network"; }) servicePort serviceName serviceUser serviceGroup;
inherit (config.swarselsystems) sopsFile;
inherit (config.swarselsystems.server.wireguard) peers isClient isServer;
in
{
options = {
swarselmodules.${serviceName} = lib.mkEnableOption "enable ${serviceName} settings";
swarselsystems.server.wireguard = {
isServer = lib.mkEnableOption "set this as a wireguard server";
peers = lib.mkOption {
type = lib.types.listOf (lib.types.submodule {
freeformType = lib.types.attrs;
options = { };
});
default = [ ];
description = "Wireguard peer submodules as expected by systemd.network.netdevs.<name>.wireguardPeers";
};
};
};
config = lib.mkIf config.swarselmodules.${serviceName} {
sops = {
secrets = {
wireguard-private-key = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0600"; };
wireguard-home-preshared-key = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0600"; };
};
};
networking = {
firewall.allowedUDPPorts = [ servicePort ];
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens6";
internalInterfaces = [ wgInterface ];
};
};
systemd.network = {
enable = true;
networks."50-${wgInterface}" = {
matchConfig.Name = wgInterface;
networkConfig = {
IPv4Forwarding = true;
IPv6Forwarding = true;
};
address = [
"${globals.networks."${config.swarselsystems.server.netConfigPrefix}-wg".hosts.${config.node.name}.cidrv4}"
"${globals.networks."${config.swarselsystems.server.netConfigPrefix}-wg".hosts.${config.node.name}.cidrv6}"
];
};
netdevs."50-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = wgInterface;
};
wireguardConfig = {
ListenPort = lib.mkIf isServer servicePort;
# ensure file is readable by `systemd-network` user
PrivateKeyFile = config.age.secrets.wg-key-vps.path;
# To automatically create routes for everything in AllowedIPs,
# add RouteTable=main
# RouteTable = "main";
# FirewallMark marks all packets send and received by wg0
# with the number 42, which can be used to define policy rules on these packets.
# FirewallMark = 42;
};
wireguardPeers = peers ++ lib.optionals isClient [
{
PublicKey = builtins.readFile "${self}/secrets/public/wg/${config.node.name}.pub";
PresharedKeyFile = config.sops.secrets."${config.node.name}-presharedKey".path;
Endpoint = "${globals.hosts.${config.node.name}.wanAddress4}:${toString servicePort}";
# Access to the whole network is routed through our entry node.
# AllowedIPs =
# (optional (networkCfg.cidrv4 != null) networkCfg.cidrv4)
# ++ (optional (networkCfg.cidrv6 != null) networkCfg.cidrv6);
}
];
};
};
# networking = {
# wireguard = {
# enable = true;
# interfaces = {
# wg1 = {
# privateKeyFile = config.sops.secrets.wireguard-private-key.path;
# ips = [ "192.168.178.201/24" ];
# peers = [
# {
# publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw=";
# presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path;
# name = "moonside";
# persistentKeepalive = 25;
# # endpoint = "${config.repo.secrets.common.ipv4}:51820";
# endpoint = "${config.repo.secrets.common.wireguardEndpoint}";
# # allowedIPs = [
# # "192.168.3.0/24"
# # "192.168.1.0/24"
# # ];
# allowedIPs = [
# "192.168.178.0/24"
# ];
# }
# ];
# };
# };
# };
# };
};
}

2
modules/shared/config-lib.nix
View file

@ -22,7 +22,7 @@
serviceDir = dir;
serviceAddress = address;
serviceProxy = proxy;
proxyAddress4 = globals.hosts.${proxy}.wanAddress4;
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
};
};

7
modules/nixos/common/meta.nix → modules/shared/meta.nix
View file

@ -8,7 +8,12 @@
default = ./.;
};
name = lib.mkOption {
description = "Node Name.";
type = lib.types.str;
};
arch = lib.mkOption {
type = lib.types.str;
};
type = lib.mkOption {
type = lib.types.str;
};
lockFromBootstrapping = lib.mkOption {

2
modules/shared/options.nix
View file

@ -54,7 +54,7 @@
isBtrfs = lib.mkEnableOption "use btrfs filesystem";
sopsFile = lib.mkOption {
type = lib.types.str;
default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml";
default = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.node.secretsDir}/secrets.yaml";
};
homeDir = lib.mkOption {
type = lib.types.str;

33
nix/hosts.nix
View file

@ -9,9 +9,10 @@
mkNixosHost = { minimal }: configName: arch:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs self minimal configName homeLib;
inherit inputs outputs self minimal homeLib configName arch;
inherit (config.pkgs.${arch}) lib;
inherit (config) globals nodes;
type = "nixos";
};
modules = [
inputs.disko.nixosModules.disko
@ -25,7 +26,7 @@
inputs.nix-topology.nixosModules.default
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
inputs.simple-nixos-mailserver.nixosModules.default
inputs.sops-nix.nixosModules.sops
inputs.sops.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests")
@ -42,6 +43,8 @@
node = {
name = lib.mkForce configName;
arch = lib.mkForce arch;
type = lib.mkForce "nixos";
secretsDir = ../hosts/nixos/${arch}/${configName}/secrets;
lockFromBootstrapping = lib.mkIf (!minimal) (lib.swarselsystems.mkStrong true);
};
@ -69,7 +72,7 @@
};
modules = [
# inputs.disko.nixosModules.disko
# inputs.sops-nix.nixosModules.sops
# inputs.sops.nixosModules.sops
# inputs.impermanence.nixosModules.impermanence
# inputs.lanzaboote.nixosModules.lanzaboote
# inputs.fw-fanctrl.nixosModules.default
@ -78,12 +81,15 @@
"${self}/hosts/darwin/${arch}/${configName}"
"${self}/modules/nixos/darwin"
# needed for infrastructure
"${self}/modules/nixos/common/meta.nix"
"${self}/modules/shared/meta.nix"
"${self}/modules/nixos/common/globals.nix"
{
node.name = lib.mkForce configName;
node.secretsDir = ../hosts/darwin/${arch}/${configName}/secrets;
node = {
name = lib.mkForce configName;
arch = lib.mkForce arch;
type = lib.mkForce "darwin";
secretsDir = ../hosts/darwin/${arch}/${configName}/secrets;
};
}
];
};
@ -96,18 +102,27 @@
systemFunc {
inherit pkgs;
extraSpecialArgs = {
inherit inputs lib outputs self configName;
inherit inputs lib outputs self configName arch type;
inherit (config) globals nodes;
minimal = false;
};
modules = [
inputs.stylix.homeModules.stylix
inputs.nix-index-database.homeModules.nix-index
# inputs.sops-nix.homeManagerModules.sops
inputs.sops.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${arch}/${configName}"
"${self}/profiles/home"
"${self}/modules/nixos/common/pii.nix"
{
node = {
name = lib.mkForce configName;
arch = lib.mkForce arch;
type = lib.mkForce type;
secretsDir = ../hosts/${type}/${arch}/${configName}/secrets;
};
}
];
};

2
nix/sops-decrypt-and-cache.sh
View file

@ -28,7 +28,7 @@ mkdir -p "$(dirname "$out")"
# Decrypt only if necessary
if [[ ! -e $out ]]; then
agekey=$(sudo ssh-to-age -private-key -i /etc/ssh/sops || sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key)
agekey=$(sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key || sudo ssh-to-age -private-key -i ~/.ssh/sops)
SOPS_AGE_KEY="$agekey" sops decrypt --output "$out" "$file"
fi

0
secrets/keys/gpg/gpg-owner-trust.txt → secrets/public/gpg/gpg-owner-trust.txt
View file

0
secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc → secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc
View file

0
secrets/keys/ssh/builder.pub → secrets/public/ssh/builder.pub
View file

0
secrets/keys/ssh/jump.pub → secrets/public/ssh/jump.pub
View file

0
secrets/keys/ssh/magicant.pub → secrets/public/ssh/magicant.pub
View file

0
secrets/keys/ssh/yubikey.pub → secrets/public/ssh/yubikey.pub
View file

48
secrets/pyramid/secrets.yaml
View file

@ -1,48 +0,0 @@
home-wireguard-client-private-key: ENC[AES256_GCM,data:YL/nP4DGGjVc0wRrbJ0x+iyJfdqhE90Ws92QBl/lr3RnJzA+stcz0ey/Rk4=,iv:Ek/RVzDpcT7fqVh7OnNc9QXD3Tk/2bm6vSQDA38j+DI=,tag:G2dSpA3KZmbKAfIN+2d45w==,type:str]
sops:
age:
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZ3dtNEZtWVJlNDN0NzVR
MGdkNXd3VGZoNGN4MEM0YUFHTHFiN0xVQWpjCjlmNUxUbW4ralFnVTQ3SFRjQU51
Vkx4TGFaQWtOUThYRmo1T1kyZ3doOEEKLS0tIE9aQWx2VkNxL3RkTVRRd3Bjb25k
S3FUSDRTSFBxTkJUWkdoaDRCSmRJMFUKA01cibzIRlGFFxLFKBLnoKqZvLekuC0w
hA3ep81RWwZbumtMzRtjMfmw6XJQN6rGwYSQDkGjBjDdph8HX7i8kQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T10:37:12Z"
mac: ENC[AES256_GCM,data:RcvRagYaFGwMwrV63tffmYcA/m1GRjXpefR8Ab65jaldcWjfERiCWLFha9aQ1QlWUgSvCWbgC9/zFJkBBca1qVIvLOK1+nkI/ZjQ5rdUOJaP7mukLC3tcm+5f0Fe+GjTCDHGIZd/dUgkF+xVhN2XnFW1ExzRRt6q4a4pKvL6Ml0=,iv:EISJGqa2hQfjpu0X5wMJNZXzv0Loejj0Eb6kosXjU64=,tag:S81dIphr1rqQSO8jAZCABQ==,type:str]
pgp:
- created_at: "2025-07-05T10:36:28Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAkLai8l9TxzmcB++jp16pVf1dxOLArOduzSzu2m/olZdM
wUnPzfLUH72XD52D3v4Hw4CKpgCDjEq3SDo5jdxkcAl7UHa43CY/Z5xr1WreQIET
ppHpnkX+zaFeE/uFe+Q+oYnGAIUetod0WNRsZOJKQJ31HaahOAVhM/mej7TrtuZG
DPdmbV26ZIXiqrMifqa/dG88o0arms4GqIqjkynSDcmcSEbf5q+aonAHs5kUylem
kBQKQUmbfksFgBkOBcg91ZJfK6SJgods44MVj677HfJ3Nmdmp0W1hmAi3WZtuzry
OVf09sY3Pow90q2qNeUEHJSktbj6KnBj3+BRMmZXvIR3aPYqhkQ5v6VJ0mjyq+uP
cD6Re+QDxU1SdymmLfzs+4O8gtbKmYt7DXiFy2e5m+geON1akfHfP6OgfHY9M94p
WOwV6IX0BwK1yeNLeoc7lO+yiDEZAzXqBhllKo6ckPpRa/i/V2YFP/5i/TxCK1tw
mMm5vruaEP0d3HzRzyY5rwXH8nKmGkt7MjTJtFd/uSQmy3r7cNKVdDFYaOhJt7QN
P81fYd+PBTEKcE969MkIKVjOx4qSWlkaAgWnHjgJ75Fc/CEfC/DVfdVkGkxepSqq
st+Zrr2S6DyAtrunqqwFHUrReynR7leq5R/ueyviNu6EiwT9CHLWvyA9xZvqWySF
AgwDC9FRLmchgYQBD/9kIT5mzCZRLFLwHkvKRzqCTolG977e1MIq3pGNdYSaAFPY
Z5FYnvjlV7fFbKHOZOB/BAEl2fcyElv8UjbM7L/mJkE1zHcpsmJK2OnKJPplNcK3
7MVm3/yqkjV6GtmNtTwlTFOzd+Z8Rc+303s7Mp7jaie68OCoZO21jjxkTn+xPh7s
U8yhxk1BLjsZFrPo45JdaVTrSKxsmr8c47fyNToTUuBg2zyqSxkqiNK0DToUncad
eiwgLTvTcFxuijQMcIAWCcoi+JAgIjK3XItNp8IqYFvLv4iQqDUtzLbWzhnEpqpZ
Tg6dt9JKV9TvZbwR67AnFD5QGEEys681NmrkEyrA8LuXEMTAt790hjvlCSY7RfhI
WPcUAmHUN8sFsKLiIyTRQ03PbEji2wsbq7TKBB/DuN6ivfjOLNnm9XgzMPG9sbRV
1BO+tnovcKmLn9FWiwWAyPtqFEvfITbj9qYpvAuJ6PmKUihkqfs8rh/FKgyo0gmh
Wq8s2rqOrmV0o/WVRxRTfoauCyyJSx+ENdR6KQLCDdE2eV7ocrztsJRIiPG2fXBi
0/38/S7oJgJA08uSz1egtK8lvI3MIojB+dWX0v+bonxxkYMNSbIOdZfTFBd68D23
2y2OG9e4/TvZjjSqM5+4fSnH74QzvxIqFMW5LSFw4UqhdiAk4/r8ljo3mIvLxNJc
AVGSBZJ95vR/FZM/25ojTGo2iBU7DAG+5uXXVeHSfckmVo5HjExQYqkYCm+imK4P
uzhLHz+6EPmnSTBnTMLU8W/U2i4cOxlDjpHCpjZs/BJk6g7yv+0+/BpiV4E=
=eLw3
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.10.2

184
secrets/certs/secrets.yaml → secrets/repo/certs.yaml
View file

@ -5,146 +5,146 @@ kanidm-self-signed-key: ENC[AES256_GCM,data:IIi2LK13Tskk7V6jALsVYOYKgNobhUlmai1z
harica-root-ca: ENC[AES256_GCM,data:Q81ku0Cpn+taKbgSb6JntZjGblSHO7mzNIGqiHzsUrEpT7fZ7dCBTtHrOv5vQCz3W7k8u2HEEyrJBIgTdaECBTENp/rRwXBh3BCj78taxK+iweF86Ty/BnhWd3POLoYVIJcdG6Yn/oJtoFPqVLb94zzmx1yRXs3mgiItPoWjhIZFe7myQkxGCkPvAU+sJhMCkj+nQ/ZmEOQSgv7kQhhNrNAWidYRcW+vOb2gj+6na4Vw9yIA13zXWX8NQ+4El62UOJ+WPpmVbwl4MOxffKnETYFFRnkpGb9cTL4Cfujs2nFpyJzqA/GwrbOvbbCevMZf+78M3LUtFSk5+tnhE+J3qwnq3ADey3Pcya6VrJJJSVQw4cue92aKP3dGFF3lb59HO9KEqEBIZ+xMSEcqmZcfvBaAFqNeCqw9h2lNFsK/0Yz5Fx+uJXr6BOS8Mt5fZ2SKSKoUpm/Y0qaloEwnqs/KGTA1BBjhwjtO8NjcD8HM3FWkjP2/atR57jKMe35Rz9LTysb6N0ntotK67wEM52Vp4gliIcPlOzNA3LREaVcycRqW8OHvTHiW2SRe0sDVz9hzBCJirNGAGY+qMZHuXMQoKxySmj6GvvtEiptSt1UmDqgcwAbz5ki6DTYM96ZoEH6AtH1tG7tHcuZ6EfT+hMQPLY9wpTMATEWMYOFUfPY+u4cEnvJbQPdQMNN5mxOfsqu+2rhomekTDzPDqSdmPdjOAqHZHSvZ2n6x9pb1ChIcpWbLkB6I6NtSZ1LnVJl0KlaID35396gJ2nkTlCmBHaeIs9q+RvsDGOS898iONh6mvBBVj0l69sKRTa9XS/gJPoBwLX7WSNRls9MQGgzXo0CbmmnsqNnSZVtmITNMX5xaum/rU/Ej+3UBdVbH19McqbQ0sJVTAyqJgtJyNu5M4ktrueJK4wz+Ik4DryBB+23VrRFb3RoeBTa00oqWqwFDphsvx/OWdJ2D04hb0ITCYtg8rV0e52AO2evqL5o/1NUJdyq79QvXKSRYPPmuTsCfR7uCG9Le9gibqPhubCawJWwA0m5K/B39Rrnphu2/2KFn8CSS6rct5vr4vqYdYdfbv+qhcstkoQaYvu8StLHrtmXs6P0ySFAatBnzTuHlIk0IhmcZCTULp1OeDTpZyPH/fILLp/fE6TcdASCrWijSWN2mzAq/vp+Gz0AHXn7n0MVeMOkUvvmi6K+6dLgY8AmL8ceFamWg4TsxWxPNNeZiHlQmMD4jbQ/uR33iaXrstu2g5CfB9XEt3HRw5ZnulVHDrpHY9rECi/PtgpkbrwD8f8sBuaDzfEsBpbWGOUrFBHzdDKQmHltor3WmYJAdflSeJ9P0X3WuVuL3iEues8HWkTOk8SqiKgMKTwpJsg9uUm86hm4to0vaVG9C4Qkyvcs79MAHLMT16Ujg9pmm3xQsFKFvr8LrbfbxdOPWRvbLPLCnaULG9mi20pixtTcnIv1kx7AZ5d8pxwJBRcCaWZtpV0PIWIDjDMY3mxB1wHzjfonS/ZQ4nOuF5pNL5HxlfxLW7eRbqbc3+gJIJOeVSVNY/xwRVmBN6c+n9+nFrgp0geBJjG2h5hQ3TyyVn6iuWeT3+XB8+F97/76Jj6mbQdxAkQ+e7NLxDpEsBmOaXHOhP851nWiAgIIYYeKcMbjNiTdHghjWndEEEf/flrV84mZtgEcKwR01yC4+FiTPceI0yNcIx99yoFb8G72u6f5KiH/fsbYV0otraEEmmMQcMpH3s3OgFjkVQQz0i6WETJHMjz8L1Sb8/iUm3nIt9W+y0xEftSeoJAJ3n5hGp0gayC+XV1pcDDRCVryBrMYzBhYBcrfYuiL6KaGrHGm2nfkhosDEVFcyA1D4xqXhC6Mndy6Uv4AMYBKAMq0opgkdqMDe5jAlmFyd/xSEZk8ySNlD+d64AZqETTc+MgZ1sh4dMNEeN5H9A291kTJIbRXzUP6GbP14lW3z1Meq0WxH0ijsDJHdHwu8u8LPu0D8m3FVHR4kWn0eLrYrYaGyRW0rfvdMvc3rVOGwGR/7e4P1py7/7q3TS2/6ZoHJDNptPF7K0XBbapSNjFBCpo/QT22vo3eBmw3WvG/CLPk7yAc47EmT64YP7zvvNaA9JcQWlx3r5oWT7lhYvgP3tcUFlWXXOcV4EN8CeAB7fOF3T2vU7HxM5CC+mBYFXydSh4a/yK40aR7C7HMLpNGDIZaLPk6GxsQbCrsqcAqc+BitSAUiTZ90cgAQf+V8iadZPLb/xYUnqhT8EwWrNB2af7PSX8oM6Ot8zXLaTfnxsQmq11FeNyUHxU32UhjnC0JsdXzL6i57VlLs0iWqkoHZO4ICtezkXbOeWapZGSecWdXlY+/4CURQDV8owqppos9GIEBBDr1IiXy6V5EoMW1cphEWIL+EqHCD7puYijvVMI9FjJwsJN5lpz556FaNIcB5tQXqeQ0GNpIxJkOmR6tLBH6BokbXoVq+atWVa56O2hegXmltc2LSZrWTaTEI1MAmR3hSxd0wcIOEPAj1ZHYTLLxo4HUa4Ks/lpgxWUYKAIzrVxo5YSRgm29P5ZOqt72DaqZe7PePoR6OPhzFJCe3SYlQ2Ofxcn4ArH7N5u1pwkomFJAgv7cEGNm8jZs+hZdx43fdu2bB8as8S7xGAQEYEMtFjb28TMgLT/RSZfTmjnWC04Ktf0E1oO9u7L+PrQ==,iv:0FTPt+bXgzOngxxFqoP1Sg12j0BMk4pJj5JIsHWPIuQ=,tag:tigFlF0LxzG8Za5+kbG4fA==,type:str]
sops:
age:
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
- recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ0p3QlY2c1dGcGIvektO
c1BRWWFJTndub0dxUXhlMTlreDUyUlZ5U0NjCldCamVrN24yZ1QycksxTDV4Sk9V
aklIT1dGVHJKL0ZWNFN6WnhJN1Z4SzQKLS0tIC9lZUI0cE5aYzBHcWlWc3FkS041
bTdlMU5qbHRBZ1V0ZXhjL3FKYmR0Z0EKpA48GyFC1W2+O3WL7Dgjb5dRRfkyJNFi
Yl3i2st6zBGH6OFJGdLlBAJ/lqw9LgHKxYbId7XcuAfMkDTNz4Fjjg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVHRDYVdsMHowdXRSRHhU
dnVORzhoK3ZNVnY5YS9oc1ZuQlhUVUJBalZ3CkRNd3BCNFBFR2t0RHFPVXBxb2hH
Ync5ZndZRlB1aFdQL1IzeUJxODlTM0EKLS0tIFBqbWdnYktJRUdYM0hrZG4ycnE4
bSs3R0lPS2l4UWNFaHNEWXBxZU1kOWsKHIZ2FMrWVEnMcOYIjRmXiteCbE8BIpjW
AOjolgawHy1xibc9s1QbWfKu0biY6TVIvqS3M5RLiKz8YgewpWrnQQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WDBMV3RUYUovS0ZmV0JJ
bWdqSWE1TTA4MjNvbzFtM1NoY1FsL0FIWm5nCkV5cSt5VWVzYmM1MytuTUJsVHBB
a2hoMTNwcXZaYzl4d3lmZUZIVDBQekUKLS0tIHlTcEFqR2pIQTBFU21EZ0h0Z3hL
UHN3QmtreUpUMmxTNy8vbXRnV25jRFEKTaCbReUitrOJGVncdR/VQBXmM+mTzTKj
HzRnYSUmuuRdkHC/ljjeYR4rkSjN4RJABX0fraKdARBfkoi+x5ulCQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WGNEeEhHY0JCaWVGMWc4
NWlObTk5L3RCOFNKZWFSeHlWMUczTGJ5d1FNCkhDYmlHNlBEdzR2a3pQMG1qOHhl
S0VoV3pmTEhBTmxIb1FvcmRrZTdNaTAKLS0tIGNvU1pxN1pLMEhlUEUrYndQQ2NO
TTFwczlDbjczOUVBb3ZhdzhobkQ0K0kKc0GD1iA9uLzdpSR1yBRHm+K38b6PpLzL
10kWSoSNHV6tjkCjbFiwT0l2QOIgKlmGm092NDz6aCvfC+6GHCDvAg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJM0k4SW96SXVJejBGcHJR
UVZneUVBT0VzZXNlazJKcU1DYWNPZGNiTFc0CmRtTEdCSkF6dTZZamhPWTF2dWlw
QmdNTmJ2Q2JiNXhJd3kxdTdZNXkzU1UKLS0tIHoyMEU0UUJEN3lkZDlGNjJKWjFI
Z3A1b1BJNVg3SDNXZ2JPUDZwOXpHTkEKv+NRRLHfnc8j4rVmBDrLdTTtNyb9sUUm
EhEmbKkXZfHUQtx3bYUJQeod2wd7CYGzvfrbU96xpFkTAqvUJtWAJw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNjNqdjRBcEpZdWpZUVRD
UGpBVjZRU1VkWXowaXRvWTRkSjd3NFVLcWk0CmNHb1R2Yy92RC8rRFBJQzN5eHFR
bHNsaDRFMzNrSFU1OVE5dm1zOHIxcG8KLS0tIEYvOElqZHJ0cmFxREdTTmJXUFFU
Q3o1R1hodDZaK0NYbHpGU21oQTNPb0kKsuGhQytQDmbMWrp5wTCwEnc7TRWRjLlL
fp2gyJSr0EgfzsdDl9QgC9dgkB3qxiqKSAiinBOOUwyaWeUepmv6/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdXJzVkxzZDlZaStpQm0y
d3lyQnFZcUNaZDdrdm1sSW1HS1Y1VkN2cmdJClVuM2Z3ckF0RWsrQ3RkN1Q4SGFF
M0d6THFpRDlXTXZseWJjQzU2OCtCWUEKLS0tIGJ6ajNRSmJqNVMveFBSUWF3TmRh
VnlXdTd0VS9RSnUwWit5M2RqYk5FVzgKLD8+uG/KUxBUTu4WFcgl187eKapyPrVq
0+nL/jITbzy0HA3cTdVR1b2pueKODohBdVIqD+JpPs86z8FaLro80Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbmNRRGkzRC9NeG9xMTho
NDVXUFViU1BRM2J0UTR0R3RRWXJReGpvRXhNCjRFUWZ0NW8yV3lWOGIzTkFKYVdu
QmFLOXM0OEE3OXJXTUtMVGdHanVnc2sKLS0tIDRWa2wzQk13Z1FKTkhkTUxYM3g3
VmpoVDBsd1BxcE5BVEV1ais1UXJGMFEK9jGgDHNzrAHf1YeZ2TZcnQK/1xbLsL4Q
slgCerhBPS7a70iAmOy5pA/cM1VqaYFiphSzor/tBTDwJvmWB/xmnw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcUYwUHZYNmNLYjV0WGhV
N09HUVo5SUpvUS92UThaV3hvVlN1Tnc4RGhBCk9HL0pXalBiMnJtSWlaOEFKNVlX
S3g3eTVtYXJwRy8vSGtmUDBpOGlYMGsKLS0tIDBnMkJaTnBnUGx5d0hXLzJPNWVZ
aHc3KzhBT2I0YkNCNkpBdWZPTDB2cm8KSwgUwcFRqWFxEqGrnTd6a7sle5SBXI3J
KyfOOrS1agk+nTaUJNpxLOG3aUWPSG8DBlEvP4Z1Kx5kG4e7/kRapQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXdqMEsxQk5sUlpvUW5M
THJsL0M0cjNpZW5nc2lUdDRRRGZHd2tjQTBFCnB4U2oyZ2gxOHRuclRjL2lpVTB3
cFlEeHhVVTd5R3FTcEpERS9VMEdnbzgKLS0tIHdGajhaSkpLTEVubmpMT3BGazFu
OE5teDBLZnJYNzZSbEFhYkN0VW5uNVkKtzW2pqt3bZuwCUSvvdHZv7LF8CYlIRQl
OEln65gTsKgsWC/PxfWryLS73xD+7vQB9yHT8m8ctaAqKfQbkFTngg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRWdKL0VjSkJZRERNWWVD
eWNobG15RUtQUXpWMlZTYXNBbFowc3pQOEM0CndTK2cwc3ZRWGxiSjQvb2l6YXEy
SGdHNVQrZy9tc3k4emRBeVByZExmd1UKLS0tIEdBZFRMejVtalE0WGh0WTExM1Ay
R29XRC9wNE4wMUdyTTFpYkh6VnJ5NHcKEDsie612hQqxjH/IdM61a449jiSaqNvW
fG6x6U3GQxnjH6yM+Fn1S87c7ZihTIAPzbAmbIiTmVbv7cp8XVz/LA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeHhlL01wNkRJbjJOcU93
ak9JRit6RHJwL1hlVGRWTUdHd256S01XdzNJClY4T1BzYUJIZmplNmhscWF0U01l
MTBHdjNSbXh3SXBOMTRWRVp3OHZlTEkKLS0tIFJ2QnVIZEEyWjdNQ29vejgwb3M2
cXhVYzZnME9tYzJmTnhhV0J1UGVZbUEK++9AnOgt6MVPQ16BFsxfVqG9EpI0/bBo
frr089MkdKo1XTNoMaGgcDKgMTKzBphtiK/k5jZE+qivnBengrlXLA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTkNHVmtwK2JOdHM1ZUJ6
aWhTeUxpc0pFd0tXcThYb1NkS3V4V3pwU21NClA1Y29QN29nc2dsY0Z0SmdFZUtE
Rk9PdUVhU3ZvSmsxcVhGU3gyMktwcnMKLS0tIGF3dEs3dnBoa1VIWUorZjJwRkJl
SStnREZnTGFpMmFGZ1B2MVF2RWRqN2cK5HHfMKlmLG1UQpDYr1Gg8GU3Gg+oGebE
y2efhe+oiIwr2uo9+zielNVAykKg2hvwUmyAXBsXsl95sIXFfN2WQw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhYzI3UjZDUzB6d3RCUHIz
ZzhkMVRneXIxNG5yaHpFS2tkdUhNVVNZRHo0CmduSzVmQU5YWWpQQXBYZXlkNStM
RThObEZmWk9jK2ZzZXdhYjZPSEZJTmMKLS0tIDFFbkkzUGdaT29OSWFIQ2owa1ll
V0Q4QmFmU3owT2E4Tmk4Tk5KQks2R0kK236hs8GhGUFpVLX1aneLunIuTuD/QpQC
Z51gh+oQ6eC0J1lq13VvXX8rd/4VjR7pDcU7PMjACtqeKfFiwCoVgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRXRVSk1SRzdIZkpobFV4
Qjg3K3NrTDRGY2VZWWNOTXhDLzlodVhTeG1FCjJvanhyN2pITnVBOXRINUtCbE10
TlBEK1hoRHIzRGtoSDRCQmRnZVg4RUUKLS0tIGF3Q1RKL2h1WGdSRWc4MzF1cTBE
K3Z2TEZycktQRC9NN3R6bVVUSE9FTE0KOtBDjkAezsWR6wfrfnrdUcpdQgnCXm+s
WS/RX6Q5Jw5nOSgkR5SyhHqOpalYlCnYQdE0zmW7n3C/BqnX+53T1A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVzZ5WHFlQ2NENFpBcEls
VEx0SG9vYXdteDhJQzdibHVLZG05NVM3L2w0CnlLZVAvM3d1bVFKMjFNbUFwemxs
amtuZWV4VEx1UDNvaVR3U01MY0I4elkKLS0tIERkRXgwNGtCZ0Fyd25sNlRoU2pn
citkQm5tbjlRSHZwZ05WUUtSdUdXWW8KCmuyjN3UuNys9H2ShcXFtoqcVK2OTACs
4DrO/ATf4P0tSGUelFhZ7uknNOC66H7uWQZmbhc4eqfnV1JNbctFYg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdXQxOWNveEtZUGkwclVp
aER3dERtUHZxRjBweDBYdERROVA3OTNYQTFjCjBZSEVYRGpEWFFUNnM1SU5aWjhs
MWNUdUt3UTQ5SUF3MVVHMW5Wam9KazAKLS0tIEtUekJPVlpyYjFzcmJ2Z200OXNs
N25JN3BJenVhNnhmYXdFVnZEM25mdXMKpzEJ0eqnUoiyboiy9FBeeZFBNHRrO52Y
RICf2lc1bx6i7fLjOhbV+ewjNk7p6ApdJPHaE6Pxa+jJ0O5vVVJjiw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZakM0UW9hVmY5UEIzK2tk
aGdyTmVzZmViQ2RIUStwQ0ZWazBoblFMSmhRCk5wQkxZMXlOKzNnSjE0SUlpTEp5
N1l4OWhKT01TRkhFZmlsME9EUEVSUEUKLS0tIHdMcmxTQjhCbHVWd2F3WVRIeXZk
Z1hma1dKcGNoUEVsbEtiemdmODFKdDgKQPKBQTdj8Fd1jvm+f7eKmq/qkUbiReXt
adDQ6RefRQ0FwJD4cyZetVpOmwBK97K2vrFDoEfvZmS4naUC5NnnmA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
- recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NEpqQjN3WkFYSlNrOUZj
aXNDd1JSWnlXNEJCREN0VE04QktNK1gyOHhVCnhCcWdEV2NVYk9vK0xNY1RTRVdU
YS9kRWMrSnE1T04yUER1eGMrM1RsS1EKLS0tIFM4dWxCRTBJNExsakxCOTBQSUxQ
ZjRQRTQwK0k1bzdzQVBYalBlcE5OV3cK1vkdKETqGDbsj/WMjwLmjwUz38yPXh/H
vjJxq20D05HNI3PdBMzZZcaaBzVqf3hx+afk3jQPxggrDiysiRNWLg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSnZNQlZVWlIrVm9HcDVa
Q0lCN1pKaVd1amkwdTFibU83bWlzcmdzM2xrCjU2bExsQ2JhN0laK2hocDVBUnNS
Y2MyTGp6WGUyUmkyc0VLa1JBSDIySHcKLS0tIHBVYXVQKzFUdEJjdGlBL2VHMldG
UzZhUDBCWC94b2lyWEdWeWpJK0tqcWsKH8QLyHTIIEwzUAZCTeUBbOAd78fNHlqk
uImJM5y/vjVw8490Uo7rkypQ5Faab+ekcWqPSj6sE/nFEBWTCKdSrA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONXkrbk9STHhqVVdPT293
RXlYc1c1S0dpMmRqSkNtTXN0eFRiZkVwTEJrCmpQOThTdkJwVFBXTXBYL3NtTVNT
Y0J5aGFHV1pjMC9FWG44WUI1RFQ4bkUKLS0tIHpZQ3ZWeFNzNUVEUDBNSzNla3dT
NnBRRUFhbllYM3d3eksxaXFyWEZFVFkKfSZzN8CEWB9aj+YMChUaRCeOIbrV0gyo
wsV0SN/wn+yvxZqGOXFOyAlLZBA9VThQ6G+lDm/1DMoAj4Rdqnb1Bg==
-----END AGE ENCRYPTED FILE-----
- recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNlNabmNqK29OQzZJWjFX
Sk5OM0FTcGxUVCs4OXV0VUE2dXNMVG5oZUJjCmtRR3l2SHlEd2xBQVFPcjlMMzFR
TCtDTmEwVS9ZMFV0Y1VOWEJGWGtSUlEKLS0tIExZUWVMWTVkUisvMEFmUy9QZ1VG
RnBDMFZ3TmJObElRYVg2SGFBaWxkZFEKq7un72Bpl2st9AUvAXE9rBir1mORSkAA
GnHQyN1tVPurKINQeAmuA8gIn7UlaIi5MxpIkaJFqmO1/6H5e7tkGg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBekI2TzBnN1F5blNiNFJR
ZE1EZFZYbjFBR2dncXpVNVNodFJMUzRoSVgwCkhwTkpSVmlUYmd6MEx6M0xLSGI1
S3FYbkU3aEVHTHoyUEN1TlhHb0FxU2MKLS0tIFNuNHFxQklFL282Vkg4ZW5SZzcv
dEozYjBwVm9mNnhuZ2Z2ekhvRmg3ckUKU/IISe/82KCPh4Tf5nqWgbiUQEr8n+0s
/R/DuIu9+67me1Xyb9fA4xq1lD8ZR/OTfPaDRVVtP3hleeinRfTL3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVjc4MllqbjhoUG9YS0xa
TGJESy9LMGMraGxpRU9MTWFBNDFaNGxxQWxRCmdtNEdjRGpFUnNoYkMwNVM5OWtH
Y2M2QmxmVEt2a1dhR2hteVR4S0QwRm8KLS0tIGZCbDJCV29meDR4bTg4ZStTZm5J
eXZiNHZEc1M0REl3MmdlMUpvRW5abWsKcmhzalAkWx7ZY5mullayejnqVQMrLNKF
J7mHKyP+mST+5vvkxCPSDN3GRaD2McOVAvDSgS8rd97a35tbSMzxXQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-19T14:09:27Z"
mac: ENC[AES256_GCM,data:tZ6QzVPivueZiC9Qfb3KNZAv02QatgHRNnlM+Y0iV4BZkYoBjxeDojutizvAMwUarnubUdk5I6m2OZK1mvVDZKXyI6zALX4JMeT2xYQWRHYzHpOygLhhGwTFVhV+0C4jN+eJFF2cNf9lu7NuZI9ylZSOY8I3YKUl+l0l3CkXUl4=,iv:JSGOUq+j9T/NXspn70dfu0J4ISV6vVFZUe/Z1CirrJk=,tag:Hm9N55f9qMc056nSTR1piw==,type:str]
pgp:
- created_at: "2025-12-01T23:06:33Z"
- created_at: "2025-12-02T15:46:59Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/9HmPTBEVh2e92ES0g0sOUx7S9I1zoRFm3ONWNoaT6hld4
UJiKqbHMQTyjr8m2IvkzT7MhXr6fPsspAFguxdXLAD6LSeWJUkBn6IBT43ISvbkZ
1KrJnZHzwMjxMGe1MrBk4C17YPlAwB+CDNNehkKHWkSPfVqNurY4gtNoTrZn7HIz
5Npvi9d5W984CeuFoCmY+w7DbKINk0J0YkgT9zBMdfGw1cVAV5aUS5lIBqvo0YAO
yIQf5tbG9aCa5CL3OH0JD72GBUkODLfWFzcTpzfjYtjx1rsbu6gqkLcH1eGFqTsa
cQ7+A0wbB+9iDN0OXmmPNVix+uMY1yQpxMve3r34v18R9KTCvsSK9gOpk0ilg/T1
lBG5wFNEutJmwuXai1Zme5+MJLK0ggUQYywhYY9auGmwC74ZRtRQ48o3SsQ0HJTc
tLG0thDciyF/Xy2IPjqnp9vCfITnVw42ZsSIbXfHHYoEBYu4mYhqAP0pmHFzY3jE
rc8LzraecOslqfLVgdCPo/7moBpegIfJfCkX+gYxZKRJsuOHNiTVyFHceP2mztKu
F6MIVxsJsQjRnkavaHXEwNFr+X+YlzoOAid3UNzO78rKAGUw6mJ8PvLBekqw3wfI
zXOWNOgNR/aCUTAbSPn1VBLSM1kioGAKrs6+bAeRypmQGaYiLsDkvOU+qfNxtaKF
AgwDC9FRLmchgYQBD/9iq1JX0DpTayA4qSDo7i9qeET6MKK5VmrawaV2LqQpxOk/
dEEIT8+ZBhAGjKRIPRZdF0bgcBP92IeOOduPvcdJcRstB1va3nyeKDXkYwaBN0XY
FPKMrTk2hifnmlGdBzN3RWGOXURDZdhqjsR0g4M1/85//0ZA1ogFnUsqtPI07TVd
oKoZqdt068pgBDgAxiwA4Y6WbSSdEo2xQIQ0JTRMGnIycHGnU8UYWElEjnusGKSc
jpC2jzc9TUABawOjCnauExHkBp6PhPRlAbzLA7Kq7v7lLkMKQdnJ0T7kIJUd5LlS
7TVXSq97WvGBhtQ45cSIZTskjnXEx3TQip9gNrV+MkZ14ASOwc9Lmw1O4z6cVUte
IHzUELZsupE8KQPifgMOyx2Q4OQPQ/vv0CSYJwozbpK+g3XRAtsm70mSlagCtye2
MsNNQFfZe3vSV4o+vQfbWQ/LMxP/8YcRmh1/2q02yXS6sjW4MWiAjcW6nTRCxJbI
SjMKmIbGNn60MOqn+9MNHA/S12SS1yI2cTPenebbhXAbMnCOHW31D5ufr/UR7Pkm
xiBXOT2jROYtvFozH35OpkIPr7tV0O4riUVvPw7swlqTVrJKR67Fi7ORsGJKbztv
YgUuZC3679TzXyWRMGauTmOPQO1+jZ0WD1QYtKkXPpTZNLx02a0XaGcc4if3gNJc
ATICbOTfcwy5HkC+KcLy0KADtfrO004fSIXV4TNrdfyXNnUshnutAmZBRAilvvdG
OQRfyr8P0jKoZw2UUoAFEGFU2GaNg8NvCoZTOesN2BNhSVIdA6QKjnZOzBI=
=HuIS
hQIMAwDh3VI7VctTAQ/+Nc4lUmAq2MvWuvfc9PjJla7aQrTvmRe+b2Fro+kfE8N7
AHLFhKnw2+VI55jWXT0KJwfm7uQY95lkLiXOQKqF0wNfY2JhLSUlYD6LlM5NU6Tj
N7k0XVpN0SanwWfL1eFsDtEG65bc9A5XzpdE7gw7YeaZBjVruYujFV+bM78QHSrK
pNlmCuxZxp6tobtI4YLaKkzbKJxLJjfhFUh0D3HjYHbjlwZSari7Ep7ZMPgy3w01
MQ2Ol669Aot0YEu55HHOY1lqmXQbgHGN23V+n0ZUXByHcUR2XlG1Ifo7sn2+QH8H
L+xYjQNFJWeTCsAD0I6sVSRP/+ZC9OfgwPa4ZRw1EXv28qaKRP1Ws2PiTe/hCvIX
a4rjl1mWqlcIahs2HpiQWyJPNJCc4Zuu256YBjWhWhqY74TI2SLKj6p/pQILjDSL
v6VYMQJLfyK6T7YT9IwHZfDYABp7gRzjRwhJScQA8y7hKOub9ctiBvVOOaO1znYh
GXxz3Vrc52lUGpErbbsZ1tEX3Blh37b+uNhvPPobuIVdN8JDdkx6U8oVHkazhP4W
WVeYP6B4nqt6xFf/SF9N4fL7q2y3iEqNrTFjX++hXXfBF9H3C1bGP07KqCK54LH1
HRMEvpsa0K1v6uCi9Ufud7eFtLm1m3kH3f6+rQsN1Km6aLDUcvfGzNxxl16ZuIKF
AgwDC9FRLmchgYQBEACLOQcZBtu9VMd+SblsCl3kC6TeSgH9r0P6itoCm1XsAlLq
6mUve2RFedLzxGW5K65XwaKDTzwdHpO0kj2wLxyLgUMXgFnXNAtAqsM1Wvy5HCH2
yiVpNLLrLSiT4VmEwDGrN4u8iR8Ynuf1epNFBrQ5KzkpZ8F+/+dfNCXyuSuf4sIX
XfJ1Sp7dBqZJ7OzRY1MTs1pdaOIwirVWTaYu3kfbdIZAtlb8uZsmvWFq+fhj4BoU
5yoRptvzLV0mkn89CwB3tEDxjkOzLtHpdtRWNLaknjDZTA8Ti19DGWaAungTTk5+
LJuwQOmR0535A5DnhAU9sjVXj0qV3wPOKmPbWrCujFGNfjqh8SHmn3sET5Q+K+Nm
0B0kfPBpGayGkhbeveuK0AEgymm18tlBjTenno5LpGvI1A99uP8KXFOwmNA4ONTy
lz3RbH/fTGFJTeobUOMI9Gtng5uzuxObOkg54oef5LzS0ub+kNXtpsG0BcK3PDxP
sEbbPIb+VlIcAwQ9+4kyi+jSF+uuHevWq6sMmGz378k/3wwkExnixVjCQr1Wwsxp
t1HGDDrMAjXoNZBLSua13GYUMfeGoPabiTmzAZjZavg0AwR4xcfWEFkrPI2THRoe
OYUreF8t7ZBXEQzkeIwJWvmCs/4djaKoVf6YyLmgefvV4CLcj24UdV1HSDHuSdJc
AUfdGjEwj4Nc87coiGFl0r1vc7kWJ4xeQ4/je9CXaKhgLYYjlUEyipOhs2aMRUMM
+nLdfiWmK7aoRtW5WiZzOK57XAgKY5IZOOEzj+4RVW1xnsf1RmbroJJvSmM=
=IIlY
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted

184
secrets/general/secrets.yaml → secrets/repo/common.yaml
View file

@ -36,146 +36,146 @@ builder-key: ENC[AES256_GCM,data:OOoA7oRIFJwS48qs42WmIXU4vLTQLRi6Nzb6IUNXAwnj7E9
nixbuild-net-key: ENC[AES256_GCM,data:aAa6iyZsjH1sAb6ucSPJb2R+QiG2bTj46Csnjg58+2ngYdfuim6SzWEid8IHJV1+M0s/hVTbZWiPsU2KQ+JCdJ84as520avxs6I0URvNx+VmFi6DNGbBJJJJKdTXIKvtmLHqHobs9XtIHahQKoyUpXiSY88DcwAt4e2mUTa6olgrDv66+/fEGeexP4S7AVB0wYeegyMgWODRrA9gS/YLMxMdqk/VHuwIQpWkhxX+AY8mXkx7LalxrbtV/24qdNtr2GittrvYBAkYGWAVZYotBVKjaWVUVzqF3BU+wmg0c56OG5qtt9eD1THAqNauN3iIfUnV301S+TvVtYjpy7gOj3WzntO/kh4kD+7FnfleLXIVSLgBRc0vHhd+7HKKtVRnAINyPkyjaBpnnBa4cksBvHtI0uis0Pi+4JtObD3m+5dywTeL+HDQfHwu+7CgjvXHQYKvEaJ8z6alyXL88Q6uT2Ikaoyrkpi7OJsuIBiNbs5YzRReSfLVyepm8SAtA8UIwnMiTtgFvwGUEW19ne96,iv:2HN9X9CA1liWuY+LYqTCX6Zy3xARMS/TOL61r2UKsE8=,tag:XcPBwYrQjqhexI7u+0zXQw==,type:str]
sops:
age:
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
- recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeU14bE1QWGlneTBhYXJy
eFU5WTZwVlFXTlFOMVdmZGpYNkdMNFk4M1VzClhTeW8zdkRzcUhLRkpKdWxCZnVj
R0JaN3RvYk4wTjMrR2JzTU1taFE2blUKLS0tIElUaEVCVDNGbGtCZUZTZ2hwNEdZ
ZlhHZDBROW9HQUx0RE5KSlRFNkJVM00KVKIC6Il9Vq4lwNS4Va/Zy+EciImnjEE7
uK9asNYPNFLWOGH8WRUYmcsDGupKBCtSJszd9+DoQ28nWo5f2DjHAg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQVpGeWg0UHh4b01QUWRh
d2N3RHR6L05nNzlnT3I2U05waUNWY2FSVUVNCm55M0t0MFo2dVlnQzBLSWd6S3Vt
OXB4VFlaS3BBLzc5QkpBYk1ObWxDdkUKLS0tIHZ5OS9tNG9mVkpGSjBTd3FsL2lJ
bkFHLy9GL1dGamxBQ0pod3NwV0psb0EKvnAGhx0er8opFktatPIp0+mVbaIpz6jn
eq1jflf+K2dDQ3MxK4gCYaCeMzJSNa39NKqX0DaFjWTecjtnua76Wg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSXA5YnZyQkJrUUI1UGp1
TFdPZVhTS1RwNVJ6SVhNeWV6TzhMTnZJUnpRClZuRWxPNXdWUk9GS0ZIUUVsUVdJ
RFNtMjVQVURWVW9iQXhWblFRQTYxVUEKLS0tIExFMFZ1eUorbmxCeGFqV0lEa0ow
c1VSTjFXVCt6alprYlZaZkVCUHB5R2sKGrXDZrwhZ/IZhX5EheYrM0nBMrAvzKRC
o9lLy+KZg/0JTZFE9iz+lPLzzPBVnrSXMSC79Tj28YKTR7xOOPTBnw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWnRYemFEdkNJSmFqMUZm
WWRlTCtHMTdsV3drdEZ0cDg4TlB0Q0xZYnljClAvbVZoMmtBdDB5TTFNcGFvTHg5
QkJZSHNRWmkvSlZaK0JaWWtacnVyT1kKLS0tIGVVY2dYaE5nMlNHQ0xsaXNiNDVm
Ti9CaENjUTF2RThwYitrOEZnbjNTaUkKSY6DoZjavWV38BJF4uagWyeuXdaQxSLj
l8sxmMX9QU3lIIhdsBTmIf+zPoCa3oKSpOn5ZEsxU4O3PSfzaevHHw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYzAyZG85d3hRaUJrajZT
R0crcFJNT1Z2YjZEU3BuZEJwYnhleEZBMGd3CkxnNGppRVhqRjRjbWlpaTJRdWI1
NVpiNVBJSW1OTWNMNGlRdFVIRW50bjQKLS0tIEQrVmlwdUkxajNtK2ZhV1l0ZXBt
Vnp4eDd3Y0RrUlhMbUxNcFpsTkZ3UGsKv1HuzJH4rm1onXAlV7KO0MLNIxndRVNX
hFFSSV4QelNtjdEmqYwGpqAuILRpZ7g2/wMLVMMQ7l978KrfL5BFZw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCR0dFMG9OeGREQlBkcktj
SnhSWEpjbFNCdUsrRklUcmJWQURtYkJPZUdVCkptNnFaU3hwNEFtOElwdWRkeWMr
RTluTExGM0VMdGVhZmw4c1NiM1czeFkKLS0tIFBkT3hQd2xZOWpjSDUya1dmblQ1
bXp6WlNnQnNiR0cxSDdhWWY4Y1FjcFUKjXWTI2YGkDHwA1mubH1hwHVyAlX/lbja
8TEH9TwOCFAZE9k2CFu9p0K0jjbnUBpo3YjLtUmWmTwD1sn51BqNTQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRlNiY2ZRYy93SFZqWlZh
Q1NaUFlmQVhUMVE4bVp1Smw2cGNzSDJjQzJrClFEZ3BKdEUzVTZCT2tpb2NHNGVH
RzR3SzhvbFNzNzB2eU1oTUZEUmlsUVUKLS0tIEVzTlRodkZWOFpoc0pFendwS3dL
YUV0OHJiVDY5enhUYnIyYUZ3RG0weFkKIW1K8NVG4M/YvrGYwbGL6IyaV6dX7qtV
tFd57d/A8A3vugzQcMCYvRuiEl1uqqId9Npof+GdS//8AhGeH/LOQQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZFRGZVBocGNENlE0RTFH
TGRvS2hGMVd4bmlTRkpheWFzaU1udklzam1NCmxKemVjclFhZTBQVnNHMDQ3dFRt
WHZnbFpFbEthR25RVVh4cmlseDFKZ0EKLS0tIFV6aHdacXpTRS8zMlJ4ZWJNWWNY
Slg2M0JkcjlFKy9lSTY2akFQellmcEUKNYo83GUqRAMXaTizbbnHejygH07tH9QG
QcfwY4r26Dl3CKuafTJkK59pFB7ySd0hwtIg5P1s5Bu++L+WDrD+QA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TUVkT0xrblI4V1NXVkl3
am1FK2VsTTMyS0ZqT2lzTG1NYTdkS3pvNFV3CmdzakU5ZnpJdEdncEVFcXBaYVMv
dE5aMXlzRUVtZTJQSXJSWlArSzBtZzgKLS0tIFhxYVFWa1R1VFhDOGNyZmdPc1Rh
N2VRNE02ZTNxUDNVWnNMb0ttc0JEZzAKCSgy9q357fSjSjnivOEgaNmhocNpzaPK
TIzJqTsUoLvGBdpXa5bNSe+guuIZgZfm7PCohyKrcm1AUhFJOWZ5yQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuOGMwZ0t5UWZuc2ovTFFB
YVBINU0yNXJFSXRxNndybEpiNFZkZFE1NEJ3CmFNSGZFWENBRW1CN0JPSnh1dFBp
dnk1ZkpjeHc2S0pCdnNqcm5CZzZKMXMKLS0tIEJpRjdqYzgwYXBwbTNudGFibTZa
V0l2REZGS2tPSlk2dHVjZVI3Q242c1EKUjGxjcqP3jHeXEvqcsuGV7CoZZIg6tLz
Sh7kVXXUqpGJPcJMSQ6Zd85/bdY+S9CAwptYqzASOZMA1STD+owvSw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOEVyV0ZwSWREWDFab1RB
VFczcWxkckk4SkVZU2Nlc1c3UDREaEpHb2dNClIzN3hsMFgwT0VuZVM5aGFKcmx2
azNBeXVrMGJyVmM2S0p6eWd6VHNPV2sKLS0tIE1JZVRWWTFnUjYwR3dTZUl1aCtu
RFpEREJhRVBacGEzRWhCY010NllET28KqGfrDBjMUogZLG8oGWxUi/J0MNql1Wb8
vPbOdd5PI36qAjxWEoax/WMG1LBDWxgJJva5VgI2uNoQtpo6rWHTeg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeFc2ZGxBYkdkeGdlVE1n
QkZlaUFJM3pJdjYrby8yNHhLK01uK2tEaUYwCnV1MEVsamQreUxncm8zMm14R21F
L2RvQUN6d29UcHhVakJMOFdmbjU0SjQKLS0tIDdqNWJwLzB1QWYvMFFra1o5b0px
TTJoRTlqT2NkYTA3LzJmbzZBakVIRUEKejrBiriwNKU+hQQ21TFqABobebDiFDeo
ZVwJ8DL41r77SnhqcSUO649/NSWT2HTdyg+RQ41PRBjWaRzMtvgLVw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlc1hldmx0cVJaQ3lkY2hR
TDcyQVJ0ampnWFdva05YTzdNZHB2VHdkR2trCmtMaDJUSEhPeUZFS2dXZjRSUEY2
dER0T2N5cFpNSVNtVDBtU3Avb1JwZmsKLS0tIHhJY0ErOEhUMkNjTXVCbWFSeW0x
WmhYaFpXVXlFTWlhNzY3eVk5bFkvK0UKVf0W1kcQr8uHyY89KW5LfZxkb5tKhsEj
H8SwJ2pvLuY5aRudkmnbXQwpF1i7oL17DWKcQI8qIZovxtdJqovmtg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1clBQSWpRbWUvN1FHNUlR
cVpaVTFuQmgwb05xdWdGVWdwaWEwcEN5L2k4Ckw0dlpKY1ViZkplVzVrSmw1aEJT
RlNpNExrU2V0WStBQm9tVGtUK2JZTk0KLS0tIGNjV05KcmFnQzIyTk8vUnAxdHhn
Yk5DQVNoMlpZbXdmRVl5WlFLc3hHUXcK209QCF3SpRTbIxwzVK391si02yLxHuus
4ldUeA3LZFW7JulDAGmhGjqmAJI+pJoZfmjjoZ5p4T25PHsob4v9/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweWlhVGhyMUR5QTFlcytP
T1ZMSEkrbVNjdGNjZUU1VzB0Um52S3ZNd1FNCnBjRzUxMyt0VzFnQkJTWVM4YWw5
NFhxR1dZeENndVhkU2lkdmQ5RWpoYlkKLS0tIDYzK1pzL29jTXI4SStKYmRWQjBW
MWt4NmhOdWlOckIzejJTYStnV01nN28K96etySWmQwVux8Xdo8pXFmCgT9qRq4ZJ
X1Bl/iIKZDkeFSZjt+wunABbgG2e086xUFsiUvAXclVKBEnuUf6RDQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucExsVk01cDl4WUZZcHRU
L3pJYXphRTk2UFpRbU0vbUI2bnJ2Q1NURWhrCk5QVnE5VCtFcThOSzM0aFRseVJm
WkFzUWRLYUx2MWRNdlNydmNrTFJlNFUKLS0tIGwrNlRldE4vcVBrd0krdzFyVnpO
S0tzZVN1UkVMLzhOaEgwYTZaMTVKSHMKpb5SQ5bArfFthZdktU/Lt9hszKPnWa+k
23rnrL+wCgbHPLTB66+xa2asRh5PdYeXbW3A9SnKXQjlwuquJlqvVg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0RjhEVkNhc3VUcm9zZXFY
djJ1QXc1UTJTUlltNHJpblU4TU5PQUZXM1d3CkUzWVVucWp5VGd6TmFQQ2oyaTEy
c21leUY1Qy9hMm9KajAyOWRCNERwVkkKLS0tIFlMeEFKRUZTZ1U5OVBvOGNpaUhQ
WWZPbWtyYTU1dFRoSWw5NTFRTG5IbzQKyDv4/mBPR8Ev3cGrHzHw/+nGnw39GkB3
YGjqlKMpfX1Y8BGlPRxCVRH0c+iQqEBxdqVwOQDC/njKGcMXMT90tA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TkhtQUdlU1hNZThvSElj
MUFpVGRsZTdIeWNyUzRjQ01ZaGhUV1NWbkJvClZCTkRRcG5mdWxVQmxXUnZRc0ti
bDV2cFhoczJVcE4relZVYUlWQTJaelEKLS0tIFBvTHZDQmE1QlozaE1henpUSTM4
WGROOExORWRoczJoS3dyTVlSWktvOUkKpQkWu5z+tLJyQXIkp1ZpmI+Xc0DYrb+L
YEO54SnEJ7S35+6unRfPL5AI9LpRpSkIHp6p+jsHpLUMFm9GDUOFtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
- recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcElsLy9WV2NmNVRwTi9G
YWM3MHZEYUdLMmI0NENTV0JXWXlneU9iOFdJCkxUWE14ZkJtUUF1VFNFcTRRU2hj
YmRoUkxJcStEcFQ2eUtPSnEya25xaU0KLS0tIHlweHZlTkovRVEzNkl5ZmppeEI2
TTVQUGlaZzB6WjhEeFp3eUdzMGJIVWMK5dQgr7YfvilutGW5nieHcsyTQu3pxzVF
gYoCAmKUESrmIubSPOD0RifFBQTFObHJDU5xiDC4a+vampqH/5uOTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTzhUM3ZOaEdoT3ZqQ2p2
VjBvS3RrVG11ZjVnKzVmM0grTlg0b0RKNVNzCjZhb254b3QyUHg5UFppc1o1bGZZ
M29yZDNvRnVKL0JqQWoxUGNKNHJXRncKLS0tIEdYWGQ0SmQwT256dGsxZEhqRGY0
VThvSXAvMVA3cW9qMW53Q01TdHFtZm8KoiRiL8tDLUJeLocbRIfnGWuUG/0Up5pp
exdFlTaLNUej8UT7UCUPZvvYN89Zq1ea110xr9Nim5zzFBErJfRPKA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQnlMUDFmSkd1OU5TRFJN
cW1tTVl6OXMrdHAwYW1QVGRBaVJYWFVCc3pVClorSEpjQ2NQLzZvbUJzVHVlQlNR
SXVQdldyMkJ1Y3o5MUo2MjNMLzd1ME0KLS0tIFZjYld0YW1LR1VYTGluTUNGVnda
b0Z3MW5tUC9sVDMzV1FWMjNyRUNLRDQKXPuK86rcj3My0l+vkxCKxow9XMh4JrWW
/431Hjeyf67N3RYOqWyP7ElcMiA+9ePjulVIwUFy1vxGPmq8AMuWpQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNVZ1WGR6NnJtMC80STNH
dFZuRC9jT0lDdGlSWlFIZmJCUEFDanNib25RCm00YVZyakl0RkRBbUM2THNaWEpC
K0JtaUVtM2N5NEdyeEtpTDUyTElaQTQKLS0tIHcyN1Brd2hYYTdIZDNoeDBVMjZH
NS9yV0dlc3lVOXNIS3dVR2pmYnNwVjAKlbBNLNA7Pl7tUg0S9X3BTICkbehkmTP/
mqVVce7F1Ml0dXi0t8AsxK6HyrR14ZF3QsFr2q9PgQ7qnLv9o4xzUw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMGx4OGQ0a3ZvbW95aGZO
SGpHeGlDRFpRNmc1VldodHBjQVBsbzhzbWxjCjlxd2kwbTdmb3NobjF3cE5qajNH
NGphdmtuMmZGU1hHY2NKRWNOT3N4L00KLS0tIExldnk1cnFMMkIzdGVZb1lyMjhT
dGRydFUrS2d0SlN1SnVtVVBJTjc1VXcKhkNl+/n/8OB8kk6ZU6xkWNextIX8w4HT
RGLbEsBF1Eftr6e/MgZRptvZuUvq2EWvl9GVe1GDSIf7EjJBYUW0BA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQ2tjN250TDJqdGFaWmgz
UXNxTTJ4bmR5NE5aOURBWmlNai9xNTZlWURNCngyK0FmUnVMTzYrYlBQMDltdEdI
eFRoM05oQU9ndjBnK2VWeXh2WlI0Y1EKLS0tIHNac2RqRW9VK25rd2F2SUxLZjZR
UUhFN0FNa0FXUzAvanNRb2xRUG5Bbm8K9MTHuo3lWH/gg6UDZLChj+EGZ+7HV52w
bm32bk+B050aCo8QNeFvIo6AL1XDk0YD0q3vcLBjxlcUjeg3tLKx7g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-01T19:57:43Z"
mac: ENC[AES256_GCM,data:2CLFlduO1fsxtvF1fbH18kadQuawMwIYEjsJBvZ65tecIdjT5efPD07+czmysKWBh6FQuVPL8a3uVlqT2WUW57AjQZtxloCMAFS9m2S//I6I8GsLVccGnmudiHUdXFnt+gI1gtb6ukZMEps4m/LSqUHGSptVwqrIN2gBM6Yy9Mo=,iv:S/crBYhr2HTzMYn83bK2YYO7kwfDspF0gvkoiuI9J7o=,tag:+sO+jFMFGZSsCb7PGnlUmw==,type:str]
pgp:
- created_at: "2025-12-01T23:06:34Z"
- created_at: "2025-12-02T15:47:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAq+50+eWOM8TOM93JkwnSjUFLjwO17fT5jfBwWxqLRULp
SgO5pCfJSCr2xFgzcuS40+c/ewP8NHwI+S8Mu8lcJ6Olyx279QyZJxdKvVba46Ti
7Dgb31UzMQKjjOW8/nhf0JFIq6KH5HUQP+LmmQK59VEdoEnz4XYdxq7mGeJQsn26
E0AG5UvIKjjSrZQXbx8zojIEwE3l1t7Ipw2oTzHCalWf5at41cXyWmfIzomWHElC
XPwO8mjcBY5LQXDeTu2Xv0mBvFzXNBIFaEhrdphFxJIvpfl1FLefK6LKCDLhQtal
HNDBziTORUAnvP9JiIviSr+OUhTHTkDqSMYE6SD3SFsvQ/nArQHRin/FvPPNMVhU
TD0yec1VgXTJDJGe0jq+PiWNTwwnxwSRmKdXutp2DPEuv0amRGVOkeAJNSQPADOk
ZUGBKqjr+trvcKWReCC+gi6jMTP5N7rpjemufQ/p0pOTKmPeapTcWitqtRvAvGQ9
+Q59sDqTgG5w3oSAnvboDwITFil7Pr39Oiwn01btDDlGXj0+ieer1mHOT3vI+NPE
LSrFqUa/kMMW4+zZHGlwMoNHZbwLWHGX0O0KZFKauht3ypSsjrJbOeBIGgAq57S/
1U+oerlPbnCCrUTuP5Mns0Q86mEbOmQQyGMgfigJ0zFkMOlO3306T01keUv35giF
AgwDC9FRLmchgYQBD/4vNejy7yGJSxzL9ouoEDqEaIGx1+pzzAyU+P0GYXV4rwat
P6YL8a0CikYLdkjgUsVDfFV7/Ou2Q1aPBn8AGRG6eaMlaICYK1UX0xiP9196dENl
qxkm3zQWCfxAkgWyUFernSzzWeE1z9FgEfrTOqKaETprFVxxv5tUKVABcXHSPNqD
hYqllb8tL1tS2QrqvxIOcrL7KHAnRPhHimIFeByNN5lN81Z3hLFRQ1Bl3LwDPeF3
/kEhVjmGqzw2jEkH60Am9I6xZ2nlSimF7Bi4pcu6QCWhN7PMwWEyGxj+Qu8Osr6F
3ab4M2vkyTZyewUGsn9qO3CcPAHPxyvf+pyV/q87ejuE2e4wR8LYcJnk8BOKsNRJ
m3sJffhhmB+f58HLzy9TwvaQqMno+/KnbV118lJrdzf8iCJrlUNY62MEjBFo3QhQ
2rc4vJXk9VINiZlHW3y9ZXV+dTus/gHKjN137dxq/RPU9tf/1Y3Ow407fDu39DT3
YrAAXj3jfEK1aoTtHpLZAp563Q99NYyBQLt3C32X9YZb4VuYCXvGsi3kqjdQl/zg
ZxUVlB3Wzm1jhL2KPOu1SuPAT9HLwu1QdDw+kw050DNBWgeLJx9i8/U8LC05vF6z
VWyozdZIdIfAKnMrFOU/8pJ/lNYb6pXbIYwbpSIDslV3Cj60KWx7X6JgVUf6d9Je
AQZ83SkdK0sBXS3sfjwCewyY+ta7i8zWYcG8KDbW2s7hxRb05u2nYKhJZZJ5xLcK
eRhg3W/bMUWk1bYZ+Whz77uSIC3n/mgzIlsaRjMokiX9i0a1jXVyH4LEluPO5Q==
=MgE6
hQIMAwDh3VI7VctTARAAuyStDAAmBNGBL/wAl7CNV99+AOHHP9vMlZXZ1Urcxr67
rVXMAJpMkcIDCCsu6hU5fCIl7p3zvS78QOvLJvdlJ/GGpgfQF1us0Z9IL3xqQVjG
Jz+r9CtoGF8LEmZ7UYpNiiLNKWqem6Z6Fs7NlVwYtK30to+PAJ4s0Kqui/FfVnCR
B6R5CmjMMKepqLGD+g1RasihtFY7QzPRnAcc1/d+VuebuWx7VFr7U1wXim+rLg+Q
MfoHpfLb57iI4nfUYrBH8I32EtkQuD87GagebvdnjxhuzxUVH38FNLSnvFhNyxsD
GgJOcLdrrKaJYOjDaBZV9BffGr5NTIfn1Zc3xQ2BVLS/xs9t/DZBaSj6ksDcUb75
L/R/OWqW7DRw1Te0fC91WhNloXL142TA+FhsOyvqNsdye+AlzQLSWCuXDAHmeLY5
dld8PPF+uWAfdRYORDgoIpN0HlERwev7GlQTILPrL98v4RnKrHJQdTFRFa+7JMyB
DLYht+ieZM6GfYhy1LoHG9ydUfRnRpGV3GNaDJKWbDp1rqsrACgJu9XwN9QGVIOc
qeoLAW7E/bOwBkkQoX0v94inSSW/yLFT+m1/Xaq4CdrqBkI09EInfj+WHvGDBguv
YjmQVpsmN2I9/+mb+CMHdhnqzojc+ccimjRnWxANKqSxTTV+NT8LGl+7wm0SBtiF
AgwDC9FRLmchgYQBEACIMrpv+fn/c6eURqJ5/z7SjMzLlIXM3MJbYk052W0IPu3Q
vx5MgLmCI/nT0uPH2IeeGLiA2Y4R8TNbNNdFT8dARdo9IsNPZfhd3xvAlSNmt1Gn
PCdV2f4Ts2OH/UlAXGF28edUgSGknKTV8WFJHMD3cRVAfRISZuVz1VzeKLFdv5qP
CQafg4v9O73hhSyg2HTimXnj+b5omUhgLg/rVbzP4GLCQddu3m4vQrsdfiCmVgn6
AzH1aTkKpmXKXIh4ibgs5u+Yy/Yx4SS9YkRvw3fk4HqfPeBTIPLnqTjrloLbQi31
4PR4vMb2gvBTo+cIFvT7PaNF7CNndWBhxQVCPIDjZ0BgVsN3Gg9mepuU3OfFwnVa
RHMP1ACUCKd1+JYYtX1Ey+UlyblRpzbTvg6+O394QpY0IrJIb56aUUgrQIq/xBcl
6fSarhnZ4D+r0pCT+YsTqV1WpFxrMELLQMCt5phJr/pDMiW6qWw/adRmsVBvJJsw
VCQ6zlfT8pnItWNgmIj/+vM25amGIu4JPviELamhU0TsgKsJ+EcoHylRrCsjg3C/
fWOV1eXVXlALXjg50O0mvpRT/8WgQU87QT96tmgvXP/9wy+piqOmYBKxPv3amSXO
wncrzPoUTLo/mw0dvOfB7ZRsIeg22EUlgESKCKo7k1dTQ+f9ALfjm9rNJARZe9Je
AdADaDBobnLh+yCFCRIHPYj3c54ItF8b6sNwbZaeyr+JLBYiWccp5hkF4H0/sZV4
D+na+jJW279GDrQ1UMlXnRmo7FrBwh70Rn7vpqSMOranPDsvWvgkS/SMu8SJYw==
=YZqm
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted

56
secrets/repo/globals.nix.enc
View file

@ -1,50 +1,62 @@
{
"data": "ENC[AES256_GCM,data:q80uSaX4Xyy7mMSskw8lnCagLIci19YvQC60/jqv1O877lEDHnHXh7DlK0XcWM6pa96mISk6zILfJk/eMxG0CyR12ryBlPHtzARmcpAQspD9oRaLKEuKDqvm57BmL5J5yItapJlBKfWQwQS/pEI4HJF8+xVrX8eTsMB+pBk/HsBLl7w1VU6Ob/hlEzyn8v5QMS+nB01v/61GTPuluslneXKnHC221A8ek2lyPN/D1uj6hXnifRsuo8DoPghe5asQ3VM8mOZa2SJ4NWEvWJ7V5SLbgPLvNGi0G+XfQ1kgb4qDSdNpBlCWY2hlqEquEO9YJoLjr9jNYGMysPtnmIGPEinGF5SLDLpQomph5krAZsQPxG/oTiB89SYN9hF5SuUzSHuuRJao5hVgWj4d/KPy/xjZ5rN9dOL7c35EiCuMViH+vsYBue1ehYSww7Y+JR49ho84+sSJeEHTdpnnhtogRxbekPawBbYs9w3gXx/pUhVGZJS8QqcNLsGeEvWgDGmfbsZagQHG9Mdib5wAVp8o8O318EFoptlf2TrRK07BS/ibSc7GE6KIOde31OVamVwfAYL0p5JopQNEDuW9YStMhDQa5YhfuRCrlZFteXqXAMh775uXQge14pwtETExTE5PxI3hBWKIqrb8XP5ke+j73cx4A0VsuG6TtXf7YfWohiuRBkcojp1r0FY12jzkCOstJ2DjBFBI+5u5dF0R6SbezQ9vZs8yWbYF0kICTtZ32cEWnE/pVgdS8S9CqVsVyflpjtM/DeedkpoLh9JtN1oKSDos7+SJA+r8/ilXIhRTwb7tt3hSBw0AFkZ/rnSHOGHTBRY4T5lH5IkOqOQqAqbH0ta6hhxPoDjKzj8R2JatCnZGOLzL6tK50w/Xm80Wtj0LxDmmzmYPxCRI14nUobeFqDi1aGU4jpqKUayUHZcnTVgfURtSV/lT5QrsXdTXt1k9ywwq+1oT37D8Irk6+gaSZNcI6PQG/KpBPzmeS7r2ubrKhwhVMNlwF0QxDGR3273+AD90rAZq9niuS2yJRINXs0pImPK8y20uKDiv77B1HSpP+CpoPlikGy4jAgCqbpyrUYyYUB0O5MMZ6VK4aLwJABsE12Ef+WGC8tbtGNxGTAGm3gxRZ3/iKNl++WKZWo3khVflHWb026iYqEl5oOnUif7TVmXGbEiccjos0QoygbEtxSqeN4IxxXg2QxRh5rbfxsFiURln6lhGhjUj7SrSnbRZT6o38xdhKrLqs1zM5ss6na/9W0rHel3wmy+Ocz6UgJ8Nj412EM2dwo/oQq3k0epRLOGBJE8f86qjQAn+GZXnq0pwGq8MijhRWJDc+4uBxoYLiHrFJIy9MvqNRgQ3QRwgMXDB0psnKpybMyHd7VDWmNd7GLopEfQEv/o6Fk53ZW6rLu6l6EdS9GuZONOJsjHB7rVoUl9qi/AjXWenzZYaDrqAY6P3lDWdoNZLmV4AQu+t4EIaMz1QjLfzeDhVG/v13+hZ7UbCIOtr/FQ6hfKjZ0A6l7sfLKcuerH5AwMs9/TYEcqEppfrcAKtBK47kJiB6Vnr0uVg13D3w3PlL/8kA54xuJzQUO3+ns73yPLjjhpqt52WfyzUmhpymzNo+3EPuUC/l8GWohvdNntb0rkx0ibJA3LirgGE1IQK6qzeZNkvXVHvY1pYVV1nDRWi3HlpsA3UCMI4IxRX+brFQqM49o0cqoE7CZPnEQR3UoUg9qQ0RJpiW3BlaIPUexxdgn1j9RbUt47zQsEI7+5gvg7EYLbj9ZPEJCxUH+UkukrPESHauKXPvI1EbbUncMd2sLyxn6IX7Zili26O9vON7PM1gL/Y1s25T3meBn2CqT76Zl0HjB2Mzh4XjuDGE01Agp4BETiKrCMprZB7+mR89PQywIyaJWS1mvDSmzbaTXk4VZVqH3lpwNC4QpaxOb1ZFjj80uPKErBZ4yeLKIEVaDW1fwQyjkXWjIwHhUle3AJgnAfxsM33fvxFucjGyc91FAJgX7IhTSATnjsf3dUm9FyW4xR4RXbJ1OCuZZ9C/M8LIHZSuXYNNmjOq0D7qUiCR2Lesth6hquHCnomLDxcPtzYlUlC7ZdF71jLyaop6QWk2n3nKbURLV5Vm+DrLi3Zuy6OAy2K/MLJhKEi1LhMw9pJYbNgq1z8SGFz8O+k96JXuZnIDZxzj9zdlTOjawkCu3WCGSAOqLcvPryZqe8LYOlozyVQcDQ7d1h9fTlz5gA6a6UViH9dl7uzkR0i0srEVbhuZLw/YTM4dEANtXT9MbKE/KoqG0jmzI4vf+mAux8mgIGNTQ04AfFxG+Coghn6WHWFJtEdOOT8hCfoZxs1qJA446Q2+ACCNeZgMiT4BE3x5L+wiS7Km/7d01XV3KCuOC4P5GwkVcH0l9WToJN0ViuM2bi6uz7JcEvgCb8AiVfpLk2NCE0YAcWY8nMV+aw1hOAKvuzIwt8vptTb3TApUQ==,iv:Xbgn+Nv6py85+Sl72aYxyDgfPEGsWK4+YqiYTQ/5pw8=,tag:CInhg7J3Au9HcgIWkisiOg==,type:str]",
"data": "ENC[AES256_GCM,data:sxGOffKdJMzWq+3HGNeIRX73Etd7acwW+wXufdCjQ2/vaN8OQRCjMxFcGkxp+OAZXF7dZSLgXvGjEOFpwHL+ote+sFqE8heebp9FtYbg6vbuk1p6Xz9EE4t0bYhi8o76QrswdkC7zzgx53cCFezojEfHXOOHlmzA+C+aPvwTkF7Cn0WbUOyb+KYYi0WtzcxzF0A24KSb9Fup4WyF0OStrV7l5H4BVXgrDBH/sdohTKznTHhrz7PfgWGpvPtRnT6o26Llh0I1vqp8F88ZVmjQ5bwpTxa/wAc/sgayWuVkU8Qf1j26vPYKluC+ZAR3jZSsHrqCKO5t3JY2t5o2A53QxpF+KqN1qUQpeGowhwfHMxAtY2VSsvS3kis7V2qM8yChfIgp/SZAcjJUp5t23eqgpBFd+IP2emhqlSy1mGN0Mii8XP8J4DyucoRb5ryAnCSyJKXK9w6dx/CeBYEMe02An8HeUytVUtGhhJ90m5vKPheovarR1CLrBgnegcfyLG2OiKwQ5F/KorQ1Hub7KJYAFBl5QsarTTiDS0BKHtQiVJgWLlTaramyi4GCTCVGDTRZwV0ordWKm6xCTkuoC9kukvnabpM3AKZAFOKL/6MLZviukkF5SiJhDQN89e8BuqWtPUkfto9XnNwkHHiqWRWkfAjCjs3wCpehX1ef0Q9xAon79VgeE7SK9qoYvVo4koD6fKWCJF5O0isvCkX8wEdoMAniNIFXReIKpVRWe7uTF40+Xlt70Y/a6RPvtJPGRYe0yfw29LlZfUwmV1XlxoIXL5aKTn2DeLhYXXqsBb6AkPh6oDPXIt5VdoThIsdlvRyiVLtFwE8Ov6pOQXYJgnRAGWzK+8qzaHyqmeiCM7k+WpbnvmdbVTCmReO/7q7eGpgF0C/6+sVES3uWqP1SWFv51G+v/58xilXL9DG+ZWZ0RNXz/mDfMtRg5CT32pIMUKiCAYvMvIF4yw9sSeWyu0ljQckIGb7l6xj3DkOlhx9PaQPEdaTVczqtOcHyfX15TXKySmHjEB4NCy1PsLoXcyFefw1flamFADyo2/+oXb/53r67T/kaMxk9T/PN1JB6DES496EVyo9TAOXdyubfo8DbEsDT8h7aUCKpFvNgGx24jBAMn/2iouxsmBUY65maVWdRodgQk+XOA5DfLbKm+LlZawuuyqoLxoIa0ix/53bxyD6U3AO7MTisgJyHA1USvdhaSmEe42ecA3voR2LXvSkRX8+izs8DwJRvtfIsTUgs1GBOgLSn6ULm1a0mFmaXTh4S6kT4ujDIYNXL53vUUVBtUaVDvnhZoXTTTgms7s3BHa69lGuadg22kHfNdO6FJ+HhXSHqz628zelJgwqjwBybMGo7xi2B9MPgiSvC0N2HFXBn54vFY1n6Af7b5jZ2cQEcjGbrjP+Lk+nN0wm89pFUxPcZEUIQWxgmQm36quh9kXj7gYaaim9Eh75vORywLwD709R8VT5BuzugcTp15aA1w5cLSpuR5TPNium+72jA8NnZQqV14380i2doUq23CXGjM38A5WF8Q+JJBCYJu1kc5fU2BEvwfZ0JJQ8QQZrMxZ48K/X8ATlC+pJie3sLByv6YqDtZyES8tldjYZ/vhopExhK1L0Bw4dNTviH0Zktx7OE9T0qVMSxOLETIRxuKLRmH2FFOHLhSn6S6SXYjK1pBTJRKGz+487Qr5SYcqqv3G2lD0khtP0L32Lr6iSedAmkJPxXyW71tvputzZPxGc1Lke/Ml69M8I92JMxggUcHkr435hPzTfrBIN3IdAEYrjB8CUYlxt7fDfxi018QTCZ+6Hs+e/Ezt3n0g7KKYvzJ3FISB7oRvTyUK1EqZI2JjHLiJK9QYOeheBiwTUK8OgLNfwy3rMpUvE4VuvAhl0TmiUcwOhbRT8ttyos5HiZC0nHUvwwIZguhK9hvZM11N3/trsFRqRlJvTf9mNEzglEDgs0mhkgnyGY1y+xm9KBZFXgG00ic+4MFsRzLn+eqmeAl12Edop916yEhZyAHfPkzshK8h1qRE5mR3N81w+PLGkRuL7XCVKNZxKODusxDfZ48yD17qtSgwUcHsovoLand3WyswdVf+7k8IxEhQ+HaeZO4As92LhFgOL+ocA2pj6zptNmgUN246egJaJUPF7hmw+DyUpmOcEcnhBYAYzVcUtNuSvMjYfjps0k/LLEYIOI3s+SWWjnx2fVQndMpnnoeWJBkw9sD6s7zQMncINttrZBkILzM4TcibegAXZzQB3HukC08HzkgvlfZ7OOt4PvsfGB0AmWkN7P+Kcvp6XxgSxadKoUwJYxOfcEMaVqBhM81DmDIrlJWDUNYcvs5Jm77isXK/xQjJPAxZfCUTrm9eDQEm45GeJ/z5OeGPMncXpKowkPoBGyjzBYDf1E3A0VrziJq7x8I8d1N2Z37UMO/l8zPpYQyrPRdrLt80cRINOUZcHnOKzSU7NPVZfmvbTtLwijbqapVGI6cPIcv6NgIBfhzPqXNhMLLr+dOQcfWAr/xICLUQhr5RrdmMvDeKJPT7gKhK00294XPg2Qu+JW6X1VPFrf+ISt4iMaJPAFhCCFYLRFlEaNScJyQN6JzERev61YTVERmFcJEicH6f0nckgT+BfvkaKDCg==,iv:6JNRrm3yUVTUXocmNbZGbMV3oS/XyWsuuHo3eHR37PA=,tag:RMHyYGpwOzCQjNUd7ANINw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNjR2L09PalRkUTREY2lW\nSWFmL2lTRWtMOXA4Qk9kbzNicTJZV0JEM1FRClpjQmlZRGhHUDR0YlZlUW1uaUJm\nSElmZXJ5RnczVm5uZnpyejVMQkhDNlUKLS0tIFdhZzB6TGh4UkZUUktmY3ZRUXM2\nSURjZG9kVXZ0a1dCZWczV3VGTXVva3cKTGhXQjLhn3hpY72nfeu0pVCz+qzJi1gJ\n6AcGZQDKavoJaP+qadTVe8pa0Vu1NX3ILJBKigPF6OTVJY8/BaiX1Q==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WjZLbEF6aGc1TnROM3Fn\nWDVhWlRwajNzYytLVUZSdzVkaTg0YWc2YjNFCjlCMjNrTFlGTUtZOExIY3JES1JU\nODV0RDNKaGxJRlMvQkRCMkhlK1JFdDAKLS0tIGowSkZGd1B6QjQvd1hKTVAvb3Va\nbTlLbFE3ejBBVDhyQjVmbElHMUlqeUUK/RS7asoLCKs2lDqAXc+YjjHkczOmS2ZN\n8Zp/f66TDqMSWKEW08vyMXOTve+8Uw5LJA4s8B+OzaOp7A1YKuAtGA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRHVXeXhHTDdhZTk4MGpH\nTzkvdnVHNHF5RHRtQ1F6R0w0SStIdjloSDJVCktmZDkybzk0ZFQxUEVqdjAwZzBR\nTXRsLzBsaGtDdnhTM09qVDZ5VG0wU3cKLS0tIGNJUmdseUNMUnlmMmlEQk0wYlhC\nb2tudWFlZEhkalJXUlE3V3drKys0ZFkK/HPemyCo9WH2snhSZ30O6NxS/JvI2wln\nxbHZ3jio4m9bA81zMMKOIvBFoijsG/jFL2Q3f9DkI1xii9IeG2sUFA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkVUdXK2NnSzdwUUE0NmR6\nYjhzLzRTM2EyOW1Kc05mdk1hbnJ4N1B0M2xVClluMUM2RlVwTGpIL3BmZW9GbDVs\nQm9kY3d2Wnp4bnJJc3lnMkVCNStnVFkKLS0tIDdHT2VFYmFubVVXSWtDcGRyTGpn\nZ1dTUk9LcHJlSnZYUktMNUtmL08rZ00Kw4RPnFeKVDB423Q8fJQXN5CCjxAnye2s\nHIPXbheEHODy62Wp73T/iMfC6aFYmuggk7fWesajg5ZF/ulCtb+kuw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMUh4YnU4ZkhoK0N3SFhp\naURRWmRJY2dKOVMxMzV5Q0FlQkxOTUxEYjBBClpYN1RTYlNYaGlEbUJUbkd4VjNp\nSDh3UWMzUXFzeWxOWHdteEphSWpSUzAKLS0tIDZySStqRkdCWnBnWFV1VWU2NHR3\ndy9zQTRRVGVkcHFsWWtQdWJ2QitJUncKIb++KE362NynQcDXgImGE8f1eIOzIT/s\nkAj7TURYX0GlDkdUjkvlo4DBRA5Rs09WqMZDbFqBC5Cgvtmit0jYxQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWDlJNWt0T3FOWlRMVVB5\nc0ljdjhueEtPdDFWaGh5UFdwemlMdDFIcURjClJKNkxCVTJDTXJaODR3akhUL3I1\nT0ZVeTJzUXErcUFRazZmN0sxZENLbFUKLS0tIGptSldXWmU0SXhDMEQvVkx2bXhJ\nQkNuSSs2bk0xTkR2UVpUa2R6RjZ3WHcK0VPe3tuOtTCj/a3R4lotiuBpAbx1JdKN\nBYHV8GMe+vM/6yo/+zFLV8HjUmh7RndrT+q3xg65a55CobRSw6icwA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWE8ydmNXRlBEM2lidU5k\nb01jQ0Q5TjlRZXI1YjlTTDF2N0VNZ2pJOTJFCjV5bmZuWE82UGtWSGJFWkVCbmVD\nRlJLczhwN21XSGhaaWFpVlNyWUNZem8KLS0tIGphZ0RFVUdXdUVTbDFibjR1TFp5\nQ3hvZjhaWFI2TnVzTWJ6dCt4K05lTzAK5pJgUGGCwzPO6yWyqiQuCEwYc3PrFXV9\n/fhVaRhdLJXc6/hBvWsK5vzQNe4o64AfUjS+iHyXi5m0dGINzWCDSw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSWs1VkcrWnl5NjkydW5n\nOTBPMHV2d0Y5UG9sdTZPUFZUUnFLY3NFZzBzCk44ZmZRRmpDVVMyTTZKTUpMRmx0\nU3BHLytzMVNtQkYxL0hhZEJKdXcvazQKLS0tIFdkcXVLaHNkZ1dXK3FYUEppZ0Jv\nSW91dis0dVhOdS9GQ0FGNWluNU1vVGcKVBCLrCtb2Y0pTXClB5qhQdBIimNR6U07\n+BNb5d8VoTgafFQTU/RHLt41420nfCdLYmgk8dztz5dVEa0OmES4DA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUFV1Q2pQUEJvOUtQWFZL\nNlowSmg3MGQwUTJxMFhXcFZ0aElLMEM5NWpNCk5lZkNUQzNzNnVVZCtkMzdIdStV\ndmJ1dDBwck9lVUc5MmhKekxWV3h1UGcKLS0tIC9yOHBUbzY4R1c1aXZ4N0JVZkpF\nZ0gvMnhxSXl0LytxVUVxVGV1eElIYlkKPa58QsZc7y15LJlOamtTNrWPH+EkblLX\nEI7IkmOWK/lhG9KEwG4h1+8gDS+5bHPuvqz/7+sROo/A8Ry0Tj9oWg==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbHY4Sko3NWc0VWk2UGJC\nMS93RHdvRmNJRUtMOE1lL1AvcjRxb3lxRVJZCmdXZkRFQ2ZFMjU4UVhHVzdZOFlr\nK29yeURjUnNEZVJUSFA0aGlzdUJxTVkKLS0tIG4zY2RBbTZKWGJWTkg5UGpQZEdO\nNVhWSDRIWEp5amVmTTlNTVl4NllsOXMK9Z1wKx+6JZ40Z2/ALe1rGHPlE7Tz9RDg\nnk7SWr/f5Yya1cfVyMEDZGCKm27jPnV3BltfqETLZfblQjGsvBUEVQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIODlXSjhFbmo4ZWZUWkdj\ncEVHT3N5Vjg1NnJVNzFOWEkybzVxTEtWbWhZCjRHUlo2L0U4YjZFS2tMMVM0NjJQ\nQWtLV21MWTZRWkFWVGdUNUEzK0g1TnMKLS0tIDFxaTNtQ00zbXJNQUdqVUc4QUJ5\ndWVvTGpMNVkxZmVjK2xKN3F0dE1mZTQKuw+pFE5tYe6vcTL4FrgvJs7RKKGJBNZO\nDUjlUxMB/WBR52BNuDL7kviFeLaF2HLeF4s+GkvqYugHnTBiZ5fzww==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscGZ1bzlSdkQrTWxNaENo\nM1pHTTk0ZmhkOUc4ZjRGSDBQYjRmL1lqV1ZzCklOd3U2andEMWlVcHQwSFdTcUlH\nMkoxMUJsazY1RzJ6VGwvVjYxTkpwSGsKLS0tIDdJeGhPRlAyUFZmYlBTSU1UL0ZN\nekR4TUxHRXRmRjRlcGtpb2pHZU5MNncKc/Ry5YBhbbi4T2toL6wW/oAfRXobUGqg\nQDJIjb9evCO7tOkxYphGFnxYl05wfIlWVUxJeAzEXTg+zgWDk5ElhA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WkJ1Q3Rlcjc0QTRmallo\nRlRlclFmcXArUW04R3JEY2FWYlBBTWxscGxjCnpOcTJqN3FzR05NcTh2SytFbU1l\nbEJHZXZPdHVuODcyVjZLU1k2WEJxaHcKLS0tIEtNRnBzK29mZlZXeGdpYTRXWW1S\nZVVuQk9rQXBOZk5QQ01ucDAyelh3eEUKKmljNvAc5Af+B6x4hVlNjZZiznPu+U2/\n4cA9twbGvxJab6cU/aXLtB1yOmQMbm5sroBZ8+sqThGo1n1eBRHQDg==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WFBJaFhhZnBiaVU1a2Rx\nYmp0bnVQbE9aeERady9LVjg4U2kvSGVvTnhrCjFDcnBwMFNEK0ZLdmZSZkxaTDhY\nb1U4c3Z4M0FOaVFISFBVVFp1U294WncKLS0tIGJxS1JsUUdpd1RxREZaVWx4SEs2\nY0J6cERieWVUdk4vUCt2SW1qck10dmcKUiYEDqsN5xJvNmaDIZU7x4uuq5KzjE+M\n5lCFSTmIIoexUsTbYLdz1cWgll0Hc5z13OSSFgJt/iTuj7ocRuHmYw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMWtLZkZHRHBGK0JnQThs\nN1g2K2lQYWFmdTIyOEE4cmg4R3FnWWdldEQ0CndFbFBZOGRhWlh5QU9DWlc3MkVk\ncktUdDZjWXQ4anE1S3RsMnN4UnJOc3MKLS0tIFZlSU02eHByMzNScCs5QWdHYnlU\nWDdJcHBzQ0l2MjMxdFU4Q1c1S2pVdHcKvAzlHn0XQ3Oi5SqckELFtEWl3kOulf/U\nZ4ux4+FGfkjYbq7jiyyHL8RfLVuBRDS4MGcGYEsI0YQvmcgxBFLP2Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiMkh6ZG11ZVIzKzdocnNw\nODVzSmFlaEt3bEo5QWZCUVErRUQ5WklpUjBVCnNzZkdoSHdJNEJtYlpEV1VHNWF3\nQjAvVE9ZOWU0U01QdmdDMzU5NHA2ZWcKLS0tIHJZeGpsMVJhRFZCVnk4T0JqVExm\ndDYxU3RMNTVvUVhEdVJ1VHVybkhJaDgKOcg5MoybrReGg5Y+kVusweFcEKzc1xd9\ndhZC22Klz/va5RRS5IVnoaIj9JaDuN6p//mZGKtYhUQfr5SaiWnfHQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bVBGL0l0bzFiREVscjcx\nRElzN243eDRwV0g5NGMwRzdlTmk5Umd5Unl3CnBDTlV4b3Z4K0hUbFRiMmpObE4r\nSEZPampwNUxxRGMzbFBwQldWVEFIY1UKLS0tIGtzZE1NSFFWdlFHQTg3RXNwSEdM\nTnZ2R3ppbEVBeCtvaGlNWTVWZXQ0Q2MKoOLKAxiCiTrQ1gATwuqh2aphq3zWskp/\nWeQ8oqOwc4mL5nzKIJp3VzTQ+CdL2BYfDsxhsqgilSruht0tFm+Opw==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dkJOSXUvTmc0MHVCOExn\nazhGallGN3FUcGw5SCtwYzYxeHptWUp4cVFRCkRoYy9YT3NCWE5ybGFMYVI1Z0h0\nVlptSXMwWFMrZ1VWYW9xMTdVRmk2a00KLS0tIG03Yjh4Z3N4QWR2MnRjZWgwdi9X\nSFlUQ2FEU0xXUTlLdnJEWFViSmt4ZmsKHxI0u8x2zcvZgstTSOEVXyiPx0ZPRE8U\njDnnOn+oZf6WKNBTCQ8J/QTii2QNa2Rtg3h1EsEYVD4qEBOtou8n+w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHblFPenlYNDA2WnlVdFBm\nait3bEpqR2ZUUjlOM0tMT1Q4UEpFSXpNUGxFCmtvQjVyc3RUT2pMKzdBbHNwaFUz\nelFFRVZFVzdSekY3c2M3RmJvcDR1N28KLS0tIFZBazRsTW41N0tHdXJWZnpwUUJB\nNk1iMkxZOFFDY2JtVnM4WU5KUVVEVmsKHb8PCo8cTyipymup/F8Oue5DiP+uPznd\nXbD74jiB732WPPNOrXh+wU74Uj7EpYoazvTcs4tHu30cCpbCz6cqCw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc2dXbXQ0V3pIN1pFbFkx\nQklBQmF0VWtMUC91a0hQaUZBSUdUUWY5SzFBCnMxaVFjUmFjcEpLeXdZUDNUczFp\nS2xCQmc1ZytLNW1sc3hBNHlwZEpvZ2cKLS0tIEF2eHAzUnBqNTNSMXJ4SFRRYVlI\nQ003NFZqa3d0S3pIWVZQeXlUUU9xNlUKevDsJeis0GYCwRLNwAIXqyjGedV5rcJt\ncyDaMsDWR3kCRYZrvsUV6e8IkClJLVKtleClGjdPTh8fkk7bVan1FQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYjdYN2h3eFJ5K01Vb1Fa\nckF2aTNSRkFVeHI4b21vNjhZcHNzV0tMYTFBClQ2VFJDb245ZzhybmhCTEMrS2h5\nUGNlM1pEUzlmSTBTK2tRb0xrc0hCTXcKLS0tIGtuUXVzMTUzT0IwWXo0SWRQNHY5\nc1JyZ0NLblpBWXEzSVNxc2R0Nm9mc0kKbKkbLE4+EWSu+k/Alt47O3ADYFuTZuKl\nIeoJagaLNFSfmT78+KWmhW8pgsTN5nh7wk4qH/WALYgMfy03rdLPzQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-01T12:37:59Z",
"mac": "ENC[AES256_GCM,data:F9Ma+RYXq2sAYc+uPn2u/A6hxbhybc0wDDVVspFJNIYBu1aUi34xKjxPaPQ+H5hWJEa4V3FtUugCJnMSv63gbA9sKPdxHI/AXIUAK3f7b4aPXEs4RTAQaxuvlAz98wi8cU59BDmdzRpYxfN0+FsIeIxjT7lcDS1JIcFo3M2o6+U=,iv:qWMGQYH+DERoSiMTJ5i/eviFD0diTujCjHGK+c+U0y4=,tag:hvrPpfhzdD/g/JXLwKRrtg==,type:str]",
"lastmodified": "2025-12-02T10:25:26Z",
"mac": "ENC[AES256_GCM,data:sIWxzlxMc7/NgSa2AeOx40GyOCCpNnPiQU4soVahKcbv4ydiBk0/utqV+25WRMPt+YvY0sSYVdl5O4F516vf5XYL1C83jXWM3Yi6Y75BQKkbZBsiG0tNTY3A3r4wbWwOx95UbxzmwKyx9EuzCc8NmXVpemnfiy6b4EIdttz8bSc=,iv:K7cec/NfyMZQgQu0gloM1uVx1DEG+CCpnBL8OIYPzCk=,tag:qNVd1BrNdHYqbV6mqjwF3A==,type:str]",
"pgp": [
{
"created_at": "2025-11-23T20:29:01Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//QwNJ7lhnXTXntHGRFgxzpIRgDBFe/cIjztt3FfA5tavw\nWt9+Zm3et3imgGE2n/7CrgWFobhsFLP5oEXavzea6IjyH3T+RWeW9nxCzFZrP6fQ\nOS3oEhQ/SBTUFP5xDJHz/b2oNrEMQjDXlZYoMtMQihmn6qx3fiFK+dTaCKvnH3zC\nrKH03Y1iWiK5JsKs8nn97m3x9XfT/TQSlbDe1ktlGIzh0p8zvIEJcGgbz35BkBYL\nN/RK/l+xHWnt2jLLi6vj6WFano8x3BzpVrahYA7ynKoVWQChE80TUDacaVjh64MO\nYqGUluZwTSaw1NXlaRIas2z2Rm+HEpeeNEyVUCpe/gAGOawmTAhcIgORhkIK81S6\nToiAqIWaw/i/xtH+U2M59YOPRwG9XHG9/DAEmdCsztB/AykNxOMq6xJDayu++kyY\nRXe0uYbPd3b0nGMcngBr/DTWUSuO9qcpg21d4VfmNTaLHgXY8QS+8bYTETJDqyvR\nFioAfHx+H+/la+OrLwee+CONCHGrlItSo1s4jQXW3TvbWlB19gj9XYVLU6dohrke\n1h9hr0Ia82/a+5or7RCU5Gtf8tHqueOdIfG0acv7ohtmjxtZOegSgZZfPIRpUI+X\npuLxrD1u9FFF/KaVJOERZJze4jVOHvPbr69B3OD2TJkoHXQzlCEu1E2/U/zGNz+F\nAgwDC9FRLmchgYQBEAC+7PFEa8+euceAKBBPiV6CswPFy1n+4o2E3n5DGFMxm3n/\n9O074js/c2X8km0FZLg/OQ68h5iZPX/mavCybvNOdIDUDzpEYiiYhQKThVW0Oz07\nOPxXNA1U34hv+raMlvR0Uyuync7RoMJLy3VIlqttqn9urQsusUJPYTtWpVRaojjc\nhunYPQV7XdIGJG92sCMgG8JeYLpRpDJphX232xuxt4L6BZh+Ddr0TUGmKdMbPGSo\nU50Ub1uDWWDYL0BWN8BzsuQQNDOTBMVqucG/WCr7d//x1A6CY2wz8tK0pIzyv0sa\nIF0PYAguFFZ2noT9QA64wyB4BJn8bgW7L6ohv0XfVdLK0fR59lb1A9Ar386uhaCc\nstjmijCLy9T1aN8roKM98CUUamNwPFZhv+Fb70/5qN6OLRz1SPrpZRyaaqOsiyz8\nyJCxMz0KwOSc3PsLLBVhBPr5wk2w9tB7CJxk6hCjgbugXbLXXedYtlNwXyOXb7kB\nAMjGWFw1e46pCmkpHr8e0XbKqY1lXfeBPO6y3MhrqQ7Atn61lSGGuwmsbRM0oLET\nHYNbjZexMVTxsle29eM6k6Y/MPSxLp2mwj4orPgIOXKaxletNKDgLoqnSUIhbItX\n102RMnCLptObGPmlzJ3z7xSWievOiyOtT6yY1tCQQfdWE9cHONni1TYTupY9/tJe\nATViviHLvdhJTVcj/MJY5pQ3EK/UYwxJPXZG0CWHixz1uJeZTdfJm0t++tiWlRO3\nDRZ7TIvYUsicqCj/DKrcOLpS3U9toBp2dz2tCzHwZC7u99v5YgpCl058ZEMwcw==\n=TbqJ\n-----END PGP MESSAGE-----",
"created_at": "2025-12-02T15:47:02Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAoSZ8k5N+uuVrTgN9qQYOGrJ1NS0yjcxjqHEYbVaFh32D\nltM6zdpKORmPxfKSjacGQLJDxh31df8xn6ZhuTpi78vZAdhe120uwnmMayMsCGvE\n7lx2sZOmFay6oVGCevo5rFzKMmpLRHdy6l7pjCusR9JL6FQEhq2ME2Z/qzBGrkPt\njLPAX9nPWiPBRaj7tYwyMbD+mbNxeakf2RlNwShPhVJGYD4+k1I6GdWZdbabjZtr\n3HiUFvGbPbDHPS8z9OxaD++HNBmeEdSAdfm8Lwx0UzKuQfC9+R3tZj+QMm0LT0vg\nJtyPTeEd1baT3s62G6sznLfIGIkd+BZ0hGhazqs9R3Vqj5+w+EDW5UnEBwztrlel\np6Fs7jNAVlJmLXTfydh2WgK/jIolkSavwpmVdO/H+e+vB3pc+6bMBMBjxogJhHNC\n5mRhC88OtoBlN3tadP6raPY3LcoTPSC9YFfnNCLvPwsVcsBz17vl0wGF8OFLk8PZ\nhJ8es1E94p5+/4W++DN2KWtOH52jRt7sNEpEfdFPd9N5aUrt7haTTRMTOFC4lRDa\nnWNHMrHyIXXQ/3hw1X0Pun7r6tj05R7mkTL6PVjvgQWS9q+GAczBbATYzAKGXeeC\n+nemfP+xeEx/QkpNcBAp2R2smZjf3xjp2xyLYZwv+ML7OFsgKpTTRLqMG58vVJeF\nAgwDC9FRLmchgYQBD/9Ez42Y9nKcBYb6WwIDOxb4xFjRrvAj8ODl9/h3m6GrXfU0\nmwPR8PxgqyR/fTUzqe+RqECb3L9N2P4JIT9UyVjpD9fs3WkKbwjPKOL4RtJNZ4mP\nOZbxjrxdZXz9Kmug/G40Eo4nNLYexG2Qn1CNsMxVKnn5FHD0d6nW3JOszqTCG9dG\nFHDrOxF5CKFTeUioRM6AwjEwoUZ7MlyPLtEsrhdpWnRw1FqQgRkeNIqLzy0DD8if\n2kcLx7eQ7bFWtUvdVSUK2zMbiSOrc3pq9/r8MBpTZ6adEMd7xuezrpPlADh4Ve69\nkzLs9L8cN9Kc5p/HQ43XUlQeUQJ8l6/dzI47u480yxx3uFwoZkK56SYY4fohl15S\nPFigWmNOzyRxHVhMAlcRp8MaYYeeSDT8ap1khUxgZkQgBV38MLAjdN824mZijhat\nEfzxMJ3OOKQypNlHeZpoRcpyvebTFmZLeFvNH54dvFrQ0ofJBCrG8LtK1BOI57XP\n5/5XrXrj6S0UD2bntONyrhvd+tYLy3N8/WoRvWBdfOPM9jshCAeo9BU6/doZys9x\nNUzr9LnVrSza+rTMM4rROlDgrVgoLLcC9TXfSQV0tEb7MI84x6H1AYw+t7qByCPa\nqzMek0sN8V7bZHkGIaezd7LvkVHn155sTgC8mFukSFVqBNkDoWJoYGgut+PLo9Je\nAVJdeEDQqOrf+yXuDsLhPWofwWuxrPo098H42QSuntCKLoakbGkR5Ct/4JGTu15A\nQ0pWOArVFQgBM6C2qqib1qK2yLoJMuDcbX1qzStNJLS+wrBf5Mm6wHDLnfEjyQ==\n=FmzC\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],

50
secrets/repo/pii.nix.enc
View file

@ -3,48 +3,60 @@
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGejd4Rlhqb09hWE01czJm\nMGpuazBFcWJ6bElnQ3pMUHVVV25MYVhMSldRCi9VNm5jcTRkaUNPemZkQmtvZjNC\nL3FVbjhYT0pLV3RTVGg4d3ZQMmJ3VE0KLS0tIDRFMGJJemFNM3E2a1BabmFvNWdx\nMDBsbWVhd1puQm54SDZiNlYxT3Znam8KIcaM7GlsZS2jieYlN4bi/CX5dp+TYsQN\nXJUKYKg4+vrtZpVi9NHyFif0Hwask+vdaziogHO/xKA7KiCo+NqCNg==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUUw0blVNUUROcmpra1lh\nOWY3YnZlc1ZDSG9QQ2NjbWp0dzlQd3lCMmxzCjRuRlUvT3N5WkdsaDVwY1pUdWY2\nMEYwQ095UjR0TWdSczQyQzVVU0g0TlUKLS0tIE9Qd1VPWk5NU3pJVFZSR1h6anNP\ndy9Ld2pCeTFlaENUb2s1UjBaODZITU0Ky64qhIpF6rmeybVtu/QhTYK6uBdNGF9t\n1+vfBHOxOxdlYOXezlHi4cCPoo7uQ29tsV88VJuDo4caPIKaTsN9nA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoM21iSERkTi93YXovZW4r\nbkoxTTM2L1RKSFJJbU8zbzh1ZUFsMFdleldvCkIwWDAvbU5hVGhKM1lUS1BYcHMy\nai94U0tBSk5XN1dLL2NrZDNZd3hlQVUKLS0tIHdZN0dqM3E1anplU1Y2bWY5ZUZm\nVTJteG5lS3BCTWV1WHFTYVJYeDF5bHMKeIhSkhv36eo+lXpYCZ6490NlnYZjm9b4\n53Czk0CumRJ+3IIdJ+Q6K5CHbQfigDWP3XcUPmTpsWrRqwogtwZwbA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSDBJdWttNmNOT3lsUW1y\ndlRpdWRmNEFOa2xmRzdiNHZRTk9FNy9SUGhJCm5TMlVCdksrSkw3RVA5dnAvekxD\nMkJuOE0wL1lORis5MDJ1SlcrZTNHVnMKLS0tIGNxOXpibFlYdnZZczVLbmg1Y2Rv\nc0VOd0FERm5nblh2c1pDY1RNT2M2UzAKcHZwkMsJTs++TG6YwAuLqxF8GaHdOHU2\n++4ZY0hZXIJlg+W3sYfc3klrzTOSDpLq2KnCskQITK84ZpZ6NKr0PA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYzdGRGJqV0J3b2FMQnRm\nUEVmS0FiUEFGdEt1RFdsUm9PY2ZiMWlnNmc0CnZqZE9LdThLSEErVnFwcXhWQ1Nh\neW9XUFNST3QrZ0l1Q2RERWdUQ3BpdUEKLS0tIDA4eWhnVUxnOGZST25Za0ZpcG5M\nejBSRUtBOTRJN0RrUlJDV2RRSFl0TDAKpNmKXLIsahh+sdgSwXWbdpE+7ceD/xjH\n16VvzaJc1nAxU4cOBZzM/tFYP/KXAfC+lxjbr9r4L+tWjfhoiMr5dQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bkx2YmFZVW5iaVYrQnAy\nbnhrNnZ6a1pzeUZDbW1xS0RSREk0aytsMEdvCnNhMmdKSHVJQnE3bGhoY0RaakhP\nbkp0QTFnT3BnNlYyVjE0bE1OOEpaSlkKLS0tIE1mZmorZXFrVUJFaC92djhVMjRX\nUFRkUDQzVkh6eUtEaHoyNGphbXdVRmsKQ1y/V9IanXDrcnHRk3dDXROLglHMHqbB\noMX/5dF7p7izLToYsNGr/VrkCHVN6xVxOayGEuRhOd7JlqGKwowTUw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwOUJSMHVRR3VKcjlOeUFH\nazFYS0R4T0NnU1hzWjFYNk1qai9NYmdJaDFVCkZpUUJKeTBmbnVZTXJVZERVQm9m\nemw1V0lJb1JVRjlGcnZjZW1lNDltWGsKLS0tIHNZaks2M2tXVC93ajNYTSthTDZu\nNXc2WG5MejJ1Z0thajJDSldBSVE1b00Kusadu31IGTpzXG8/1BXjdMrUWFWm+Gew\n+c52Tbh8tm778zYb0Z6EFupjd4lVUYfn3GuyCCB8mpGteLidOeuqPw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SFRBTjdDRTgrYTZjMG53\nTEVlM0Q5R3ZnWUZ1RkE1dEJWSUpPQWZBODNBCjBTM1pibEVwaWxWNDFKTWRNWk8z\nVnBwQVU4NS9xTjJRQWE3N3lsM3pFZm8KLS0tIEFOR2Q0VXZKWk0veDhFWHFEMTBx\na3RHUXBSZzlxUTZWdXVpcmQwbTZjKzQKr88EqRwIP8Snzp+dEyos1++ZD4aH3379\nNkfQp+ZdUxTjbCvPQlk1osJ1hJFWutisNloMLGb3+4pQx3H+k5iaxA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZDBzY0pJNDdEVlNDYTgx\nb0FkZERJZE1HVEhQSUVlOEJUZjVFWVVmenhvCjJoS1hGVkxpY3czTjcrR0V5Mkds\nZSs5d0dEUmx1TnlyS3RsZmV4VWJXaXMKLS0tIHoyeGNQVEdmRWpOMlViOGdmalhI\nZzZha29SUmFaNk4xMXFDVlZaZGI3WVkKc1eB7uQChwRejq1h6F44uXeshmvsn0Aa\nCHzCJ/uGc4bx8hfY9inZ/XVh0JsGa2w1G1lSbE0heTottM2bpHad1w==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHM1NHUVVqTS84Q09wTGgr\nL1BoV1h2blUwMlNQOHgyQ3E2OVVTVGtDZ0hJCnVrRjN2WldYWGdiQVkxY0JjS0dq\nelVidWk3S3Mwd3c0U2Zhd09jMnBISTQKLS0tIEUxeWQ2QUNMQzJvbFRBSjFYZCtm\nWXpRdmdaSUg5U05UYzdvVktkU3lFb2sKI/Xd2j+qlHZxcpyl12e3poZ1lO2HZY+o\nEYEXwg4aUqmtJo9UCHZ00v6Xiq+y1zuE0Ac3R0apl7wI5Zv7OA7s+A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQXVMRmtQbFl5Z2VTVkVT\naDBnV0cvcGp5WGtYcVZMaTc5OWlncitZTjNFCmcvY2F0Wnl4TU5tY1Y2WWlUWjNq\nL1IzWU42Y29yZGRsSnA0RTFZVUhwR0EKLS0tIFlYOEJ0U2VWc3RMNzFhT2RhYjZZ\nZkd2QndCbGV3RnpaWkYxTkRVMytqcDgKqFoTKhY6DzxBWRjuy2Qd3jWQBYlT6pFa\n9WH0t3bOtm86oIjJf8kUICmE2oRVX8OqFNIpzKD0dMoOuXgz5O1EwQ==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWE16aUI3bVVWQzVvUFpt\nMWoxSVZPQkNCSCtHcmVFblNqT0NmTHNqakQwCmNzZk1QZXlDc3lGMHJSZ3Rad3BY\nc0dMMlNTMWtwL0gyanplWUUraFFpbzQKLS0tIG4rSjVjUFRxVWx1K2J6ZitnNmpl\nWW5wWjc4dGpiUm9icDY2VVhzL1ArZXcKorvI4lqTtabc2+8SAlRi19fwHyHC9XuW\nPFREx6paLv2Bg9sY5tdfeZnf03iXrXe2zfEMLyQF0470P63yv0LIfw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUaU5BVGlBUUdrVzFYM0Vu\nZ0RHaUlKZzkxQS9UcXB2UnQwY1REOSsyc1YwClIya0FtU1NlRUk2amwyWnQ4Qnor\nMWpPTzJRS3FSaEU3ajA5NnVhZDJQcnMKLS0tIDRlemVKdjZ2MzVCRm4yZ0VGZjZH\nYXdJUXlOZ3R1YU16djNMUmxHb045UXcK4kvPN486Phfe8lwLU2E+QIVb3uXHo+v5\nUkxjdxWjpWV1DWFKtFzILU8f9gwYs2LNGqe/uaik/cnECqS+m050KQ==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVkxVK0JzZUtuR0o2VUk4\nRGtqQVVUVjdaM2o1WHc5ZWhxNnZoM29TUTE4Cmk0ODRQTzRTSkVDSHJjMzZCWDNZ\nTDFsMWNvdjZZKzRJR2RCeklSendhK0EKLS0tIDFvOWxTeVQ5WTFSSjliQ2JVdzBH\nWHFLdm51WnViM2JreDRYK2JnUHR6enMKuOEqqCPfC8E9ci3f+u+Thg0Co2+cvEaY\ny6iPRauDOLUUq1Zo3yR0mYQP82Lk/uVo+Jh5tGCQw67nd6V/fzzLoQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZFd6NGlQMW1Jb2Vac1Jy\nam9zL2hzK085KzB0cExWNTc1RHRIRTVQMzAwCjRPekg3WGVETmc5TFYzaVAreVNB\nU2JoaHpqdnhsd1hseVUvY2V1a2E1ZHMKLS0tIGpFR0h1bDJlTnVpQ0NmazhlRStu\nUjlGZGJTYUdHU1ZwNzloQWYrYUJzNlUKns93LeJxg8zNxnWxVH2DWIjGGmWcwOHa\nRD6+2MDs0fcaTIvzLhTihVaykBZ1rvk3Nq1p7p4Zz7cyDUvwW8bO8A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcHhWQ1lVNUFpY0hhZ1Ft\nRWY1UFdidGlSN1dNSnJrTEwzQVRUUGxQTms0CmtOTE5FczYxYldVbkRvLzlLRUkw\nTFIyTFBQekM4TmNqZ0pWV012b01EOUEKLS0tIC9qdUlsSnI5S0RrRlc4aDZIc3c1\nZVprZlJtRnNrbGpzaVNrWSt1enBNT1UKHrdxe5Qf1aMbY8Ne/uqNPYhYstIKPmun\nuCMseNq4SRUYa3Jw/bUy+l0GYC9+srFFJ45inpV4XAPeaKBr4WhPgA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c3pxR0Rpd1doeWhsSVB4\ndWtxNHkxdkZjWHJDMW9sUFM1UnBNaS95M0RRCk5GMldwUWdhUWJJZGdSbWptQ2VE\nRHpMM1lqV202cjRrQ1N5WjBDd1kxKzAKLS0tIEZDc2VHaHBXd1loL0UrZTJJaGRk\nLzVzb1RZVmtNYkZNM1pqZHhYRWVSOGcKIH/JKbzaOlWOpt1YShHar0i5T/rd5m1w\nkx6wZ3b4dpUdN3FyPdhrjT5RWOL1BHhcpjmRdBTAHgdqRLSZfYEosw==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNTNITjh0ZjdIaW45dXNG\nYWdmVlhjbHlBTjUwcndsSS9ydUdlakxKeEhZCitiU29nRDE5T3liOEpvR1paMHlE\nVWhvWVE1dU4vTDJ6V2J5eEpud0RMRk0KLS0tIGpGMWRwSkVDRUkyZzBHQkJlS3JB\nY3hhaFVTRUw3N0pOMDNmRHIxNHNIUFUKfWhcs6II9k4G9NrJ+i50nbOkOxUXYPiq\ndrpvA2YXwd/x+TGZ4m/IJ8CkESEpNp2Ql0GyemJ5knjb1mx2Cqqwcw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdC8yODJqc2dBZzFodlJw\ndEJUejNMbVZXZm1uQ0FHeFhKd0craG14N2o4CnlvVkp6eFVLcDlnYStHaVRoajlm\nb05yZXA2aGpNaXROY2paYmpqM0dCencKLS0tIEVhMDR3d0Fla1RKY3l5cXZsNEFP\nZk9vdGl4eGxhcnBxVE91Z3ZoZ3Zzd1UKavS6iLiXL5acrtOc34OT2V/Ol6lWLtCo\nZglO7H8Agh58FRhyQUvDu+bHXTGnxWIhOnyAjJYwP3XUk0p/3E4PPA==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSWh2VDk2SE01VHBkdG40\nZjBRaGpYS1Bjd1NkQjd6KytLMFJqY1ZjVFdRCmd0dzk5K2g4Z1NyUXk5M1h5eDhS\nSjFiYnVtWmdwekZyUUplaVRJVnY0dzAKLS0tIE5xdi81R0pQemNmYjIzdGNyU0dY\nZHE3R0pEUjQvN21hRzZWS2VhemdRZ2sKkxOMwLetpbV5ZUC9ZxG3/N7vCT1vZRtR\nVRPoJB/3ws5hSE6G+5Qv0V/EjvzT1JkNFKsNBLl80Lf/veebX15KVA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndExDdXBrblUwY2hKYVFV\nMGRJNzQzZVQ1c3ZCMjhhQURVcUJoN3NuZUVvCm92aFdqaEtwM0czTW10L29HT1BL\nay9IV3l5QUphWkFyV1YyM3BZelpiWTAKLS0tIGtFbTdXMk5LcEgxTFh1ZmhWNlpX\nQUExdFNOaUNkN1N2VFpBd0h2SjhrdDAKFoNlyz+coOn1lFUTZlOuVOFvhnoQwwiT\n5U2TdCA8hlFyxlf7gGu47MyGVXbgtRBVGTXH0oVU8nn6RvquT2aBUQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-01T23:39:07Z",
"mac": "ENC[AES256_GCM,data:WEVxtO3Y7YI/COpOvvadujDYV66MtcKKujiE9P5mrDqqdjG8p2fLwhSNJHVJUwPyV8xAIIxCTqIA3bKmVKJ7vRCn2GQo5tRsWljNVU6g44LcXcX5wSeIgExyvUNjBppLbWsjstvfuJatAZwqDBN7eP/Ntu0R7p3wlr4IddDe/t0=,iv:es5N9A7ypxtNB9wPYT9uumwpLZg7wT/gesO5Q6njtxA=,tag:kgxsF5ZiYvM0wHDq6C19PA==,type:str]",
"pgp": [
{
"created_at": "2025-11-23T20:29:17Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cXb4LCSFl87V234GULIunsSJFGmzu1fp/lwq4I9UShKy\nb0GHhheX+z+0U1+L4Qk4SeE408A4su52sRJJ3EN63+eq0+FPFxoxQH0NtfTSQcWa\nn9/sXnP8hrjnm6r64lAFd3B0HQQE/l0kqDrvU+UYAKfwomxpbdenoqQbinqX5Qgm\nY1Yqz8jIIxU064S4iiwTkLzqUi8SCPa1MCGQi9HEPxUHoVeuquNEQcs0HB34XW8Z\nxLUWSsUdpjb8NM73WArpml8XG9bHmdG0xxX1mZwK+uA552t1WDVqX9QHClGmQTdl\nPM21S8chJI1W77EjCsV6QfSicICU3RbvLSfLU0WoZ394VmZmxTGGoofpESdLVd4F\nU5ZLR2t7iXy0jb/TEeZfTGD2PPrt+hSWt5K3PIQnAb7fvLg/9fiG1LOeQlW+SZKD\nlojaMn01Dg6Rfex2qsXNrKfi/qmA3tpjeN8pIBpCg6EPlCFUzp7/cueTF9Xj/Tqk\nL+IOOFTKLECr/lQepz6rS1XRHrJtWSyksd3rt03s2Q5UqLdoiUZAYXgJAWntNMKL\nU65rKQdJZXtp99oDG+YVp9F2ZCogZN/Ac5+sUTmke66xku6dh5Qqe9MpYtAhPmQO\najMZiAeIaoaYwc8vFMGvNbJH2pmJaFrW9v4MELkTmi0EjZEPgPWCOIgUkEtKanOF\nAgwDC9FRLmchgYQBD/9eJUINu1YEtZZI8iNujEBNMlgmKjl4nVAwB3sviKvByWgx\nXxN4xptU+6gHpAeyRxwvWLhv/xGkHWAUJHkMsqMKYyXQQPAC9x4l1pq67AsNpMu7\nWcec+B8n+X3gwnmLes5H0fvdJ+gCMR32JL1PRnLnkTjeSX/JBFRG9tPZ09k0YvTw\n4ebwpYxlimxXZGR0DDRh3Jls9+YqgBzMb4EOo64SyzD1ZWUjP9addRpj4A5UpSRN\nFscy54sG1CMRzLyXYJb6AgDLVysfMq0Fgg2AgvaadmoKh82/Knf42C1K9DPqakQl\nmLyzXprvUR8mlBpWwZ5b/XIC6DuhiCz0g7dYX4XPeUxvah7PkRp3cmdWsJDCgq8V\nbwQg4Dm+k+8BZIZwRC4+3gLchhm9Jq/KtJ7iWqeVb+YQ/v+/712BiEJSANofqMQy\nmkHVksp8E/PFU9KYhG5lkQu88zVmnimfWFO7UKfIJGBBzgt0vicrSKjHPkgbb88R\nG9diNPOuXpCJJVecE5p0BEfizfDWnV7JSm9s7GNdTqglQx2KkLYJ1mijWuF1OIf/\nl1cdN8IFRI/glXC53+Wfj6D5B+lhdT1D3DG9MVGxeEyhQCDdnF7+Zy1jyDsrOpDv\naCq0MqXoa+FrtEBwlke2Dukf4RHtyBWsAg94dJuHVV0STnJbB+2T7uDDvVikvtJc\nAQw36Ni1lDO239BV5VYMDiNR7zzcLRHV+hXjlGqo4f+UbTy4jXxgQwS0z4lGn5XY\n1AKcAoNYxjuuGhgoM5Gw1ch02QFFzXWD/Bva5dLEMO/1Kqre/LM6+iUhKd0=\n=bZ7p\n-----END PGP MESSAGE-----",
"created_at": "2025-12-02T15:47:04Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/7Ba1CD9+AjiKFX8tlrPIaQF/3i0t3irrZJG2tX0aGjEWq\nVMZOp/tgBfLLODYHLF8LAgRF0IAzn1ehpvzzESMrXc+X4Zm3ls8yH+n80/O9o648\n925HxLh+E5PXbcOksCw/PaVBjfqaEi+k6rbTyphgO0bwaisbtSZdMjPmawfCbw45\nD7QyCJd/XNdLyGE5wvxSj7shUaBqFzkoE5iQ6pR9mlyeWVy+QY7703+IyfU0tcw9\nIAQohfO4n5h58IfS0QuygBUCoLaDG5iniGoQ7Tu5FcUEP5MO1zF7izbtYYE5ueQs\nI4MoJ3RdsUIwd++CNnFDTRJCzfbB0NvCYd0hArqEdVcIr4rKrNoMchhUdP63Zu4Q\nwhTb4EmwGJg1MlZ/rEfQJRU3Ywc95aNX7IxcywDw/5FMQsON6EckcYcE8oNzhFfC\naxpaAjqI8jEb0XAsNcpJTJRhc8GG9YOpbROAm9FGXgRDh4YOWiMyVOwqLsOk6vpJ\nFaGAlelZsWcnmYllp/63QZKz5IXOjlHo8p20/2A0bfSfjLNGgq2x0Y3SCHOW/T6S\nUXYQQnijckqxQlNtkJVFaBXH5fxTzYAYjaLvCA49KoG1+NwCQqDV6+8giCaIYSME\nAf3f+Fj7ylXOtH5QR2rTA7/DcQlmMBV6BeRzFg8m4jRXjrmfWaN+sgNaT3aRHkeF\nAgwDC9FRLmchgYQBD/92rCyWj39tfr0Nr3YbSU18MvJVcLkviXPtLtOQLzhWgAnH\nTiB93LOw2ViaJI3SRPs2QOlOxFy/7PwhbRpB39dDqIL8zeVQtGjQhE3apbYguQc8\nTFP6Ky+0T7E3ycrYIF5R3U1GBcXBJ4jljDuLfPCDYJr6azWmZFQep2l9p4ZQfPBA\nQwTBrrrZo2uFCuLvXoEADaWwM0c0PaVdF0VopB08zWeLD+W/YLxRxdgeXPc6SKkT\nl1PGaeq+rzON+PSLQOmC4vnpBzB6GUUH9fZxBQl3didomBZxjM8dBwqScQQMaSX0\ncbnXy1YbwHiAMnlFaV4uAATyG0eKqlYfxk79WK9BLaVNiPe8bXHBdZTCYkUrY1FI\ntODKa0Mzhgxmcth7uu0654EnqDbiPr2HyEsYC1CKyjO4x704k7jWPn6jzV+RNO2a\ngiJd9WftMzFHFGSK4qVXd3OKvpPE9WYUeyPJYquD8luMPGIj16pidxb1WtdTDVdw\nE5Qt+CTIct2aNCiSyPunCkyfFpFDkfdUehAmK6WbjAWsq7/mHdTIDxsxsBWzx6bS\nxwyXjepky3cO4POTz3js6MapR0xwGsWzm2s7YkMgHtrfwf8d9JnMuJuzf/Jrr5du\nn5oSNToTny1edhuhP0mC66K0avAe1K9WJCGzgdhGBYcRj22o/d3YoZzgg+0LBdJc\nAVFrJ+X2amLM/SEYE3+2fBnV5zgf2RV9VzBy5caNArOnWIFkM+g3zdQKgSqR70gk\n8hPRggQ/u7jJx6wps+JyoTBhHJmcntB82RDTgJ7Ht20PZgmX6GIreQl/obU=\n=prsF\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],

56
secrets/winters/secrets2.yaml
View file

@ -1,56 +0,0 @@
#ENC[AES256_GCM,data:K3S1LFrPmaS5,iv:dxFzPLhN2otgy02VWzrLURmomtYdoIBHvEJ1LJ7Lj9k=,tag:stKgkBnRDZkCPlvFk+btRg==,type:comment]
radicale-user: ENC[AES256_GCM,data:2G+WXxw6jrnPXsI=,iv:bUEhBDrdTt+O/4TXMkhmqnzfkSiws4n7L54Z0zZnSOI=,tag:JGQPit5uGqITUyyCpU3OIg==,type:str]
#ENC[AES256_GCM,data:+7JEI2P/6/5yiWQ=,iv:hV4TyNFsyugrfFM0emxGDDDq54XWy7fVCf/kwD0mtCM=,tag:iZz9mPsLG02rlgV1vP8aBQ==,type:comment]
prometheus-admin-hash: ENC[AES256_GCM,data:dUmTW6W419TzF8dLGcgRLlbLBg9puzgznNCrrAuNOIuhXCBrqaJdtyIVFCsnrDSEh1ZdMfGki4UERZcf,iv:XIlb65V6yhrKSU7AbRs6k1ISljZjWnAm1dPTCONwDJI=,tag:UkdDTywivitSxYR902uM5A==,type:str]
snipe-it-appkey: ENC[AES256_GCM,data:VWEGKbCD5P3uxeyMVtK9a7BcVjXlXSEsJxfLEwkHz8l5o0Xq9lTbTpsfOoc=,iv:3nq+xuuujjevWdmk3SdBai/EWXwL4F3Kv4M3yc/faIM=,tag:/cNC/EKR1NWQhJrh46meCw==,type:str]
snipe-it-db-password: ENC[AES256_GCM,data:O+LgX+XyJEaF+1oYcjyMpUab7AD7tWK3LBd+7VJOKq/Mz+k=,iv:yJgwlG/ln5BdwW2c62UJLIkrCWakKvj64LMQsjTIwJI=,tag:yw0rC1GJo+KMn1wXRdJomA==,type:str]
#ENC[AES256_GCM,data:jGvWDKbVKA==,iv:N4cMopsUPOfymKpMD7oB04VtS0cUX9yNNqwyWEdyMi4=,tag:L4PMmMcM1NCc8LPG6GJLMQ==,type:comment]
garage-admin-token: ENC[AES256_GCM,data:2N2kqXt7kraqMQEkDuNQN3SRiL2WKRA959Uc7HAdSlZcC2Ft06YUb+Elktw=,iv:dhAZoQBhvK07+wBpMEsI73YN2oX9dMthV3SaDWZgea4=,tag:0Pu0BDEYU9WYQQ1hJr8qFQ==,type:str]
garage-rpc-secret: ENC[AES256_GCM,data:s8qGCm8WM/pvX7wZJyenohMAHnNWrumUxyJvst194h2XPfpLBbKVZwZ5t4zkwqh0yJNgLqE+2ekwCxa/xKqemQ==,iv:zUo/x2LWS7b2E2kZHDfa6lAwxAcuNir5a+mg+ASDarE=,tag:XgBh3ajVDy0vWccX8yZXSg==,type:str]
sops:
age:
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUHpqd0JJMEVmSHNici9W
QzRmK2pUMWFtN3ZPQURxa0hzQk9wUTRsbjM0CkxtVjBFd2VLVEpkZmhLWis1YlhY
Yzg4MHpzdHZkZmloZWNDUVZRbkF4bE0KLS0tIGhsQ0dmbHVvYjRuVHVzTzNIbGh5
ZWxwbGs1bTNzdXVNSzhpNWVESGJlUzQKzZr3cYBF6s5ihgW/6CreOKWvQpqITrFX
pW6gwbRbxaxDPRRdfn8qswcezxq5AwOk9drbOH+qgcwL2owRGxEhcQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-05T14:55:44Z"
mac: ENC[AES256_GCM,data:nyz3jp/qV8bwgx0q6c7RmXtzdmwVrt8C6FU36qtzUm8tPlAd1K7MmgxRKFi85NqOu3XPII2OkwhNPRBOJuQOoXGfo27odfZl4riQ+any4GNarDZ5deZ54+kjgqyvP70dsm/tiZgZ8Fjwat4iLV+mqJYMS4OBl5krr5ocU+LY1pU=,iv:l56tIBgMog4HSxP9Fb4pWSD/z5FaPlHRkUYqlkhydzc=,tag:IT++kT0EncDzEEX4DdjW3g==,type:str]
pgp:
- created_at: "2025-06-28T23:22:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAqpPsEJZDZZ2Wezne03E310ix6dOcJ7ZdpPNkPJBprJh5
ip4PmWKnYPnNS5SZV6+1jHOrconChnF4hAxVMH4bgZ/hCkPVNijac3xl2en5NP3a
gPcKSQl6SdiCvfcs+bU7hdCn1glL/PHeilUl+ORJ3olbK4fjrdj82qxxlWVPpqyX
iwjhvcS6rjJ3rTv0KAVRmpGQjFN6cBnei1Yv2wQqypcmD7D6kcsTp8w9MXz8waPI
3Qm0gGjDSUWCrSF8FAwy7QSkJ/Mwjz7yTtQfVIDUQU+MOx0kLY9sIYNkqwZV63RV
HxfxrvIOOdkeCi71x6v0s+Kf3PoqxJgqRAV5pOmoMT6cnLH6+g4q4PHKoRY9d1Dj
EP84VtQkqDLt9JYJJfN2FyVukhUZf38ECdzC+DrTeXuVcd5VV0t7q9LJWG4wL0ba
8P5rFzRcR6TnW/7Ku1rwebnawxeMoppaWlD8hbX5gEtuLKjLfGtwG7qcMdY2YWVZ
HQsLrMsOrNrY4hvT3j1Tgs67sFpa3b4zCbs57ecUPihiFElpnRueFtIFJY73UYF6
5VNSxhWNhXigFOBoX7Z6LmGB2hGrMi1FnYU93Kx1uz6rqypolQ2sG8UUbkH203gN
4R1xA2mD/uQ5824Uo9I3W090XASI6w784pduDdtzCruZVhvuRd3tRtsAJBGwKPWF
AgwDC9FRLmchgYQBD/sE6rUSTcVVmgbr/FYPgglMFw0AM9Zwrpw2vn19eIBwkDc/
HS3J23UVqHlzBFQo2oLQQQ2NZB9ObrYNxwsEqkQnEDp0vBVZHQMlFHYOzvJo8TeL
lxUhT4cSa5mkTWLD+1XjDllNzudVB82uJERLvcM5qRAiksaZpBUchUlDIGXiH7kI
/C4gRYN/JoMPrIOx/1LBZDHiP/9vcnK68P8XdV2l9pvIEo/S1aEHcvtey/WnX1ze
YIREcghXmvith8D2CL6Yd3vrKcfi3QG2CPoKSk61G+NpjcRpozI78T2KU8jL3jgz
XqHqLpmH696z2vnh9IzGtMMvUvck1519M6CLOa9cey3+ByDs5JYHWAxH/jepqCIy
kPfxHVhoqiHJiRRSAkBveYLAlInppH1FLY74emJpo9UJyweJZMpn714EuKIQXcxQ
S/3p9FGM7fyTAKK3EK6t8FRYb0ees//u1Ol+iiWbnR4cmsksN4gEx22IDDBcxPGE
V0oW82pGoR9ZfDWpy8IdPsir3feIcU7cyoYCvhOKemJt+kg9hqxJjACuBbrvS1N6
lF4tzelsZeFQ/HZMINnNvsgdz7tbZsNQWa0EXe2kzBAtLPD3rIfRi9sFsUkT5X7Q
T+fKstJA06o1QafjjPWKnY3lMV1BvbMMHJ2EgaeZr3IYjmsN9zOvIb/71u6vj9Jc
AZcfV02X9OFN5T/NJ3WQ487L0B/T1vyFxijB+APW57noWoNjroIrIozL+Ke7wiKL
c4of/1Hsw4O7QclIMvLl4Vk4nZj7CfedbYHCFocL5rIB/oQe6GV4N2o6e/M=
=fult
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

64
secrets/work/secrets.yaml
View file

@ -12,47 +12,47 @@ govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYu
govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str]
sops:
age:
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
- recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UFRiR2d5RTVLckN6akhK
TXoyTmNqMGtlY0gxbEVQb1NoK3VJaks3YWc4CmdnYmo5VmNqM21ITGg0dzhreUFq
dHZjK2s4UjZGUFFKVi9JS2F6RE5leGcKLS0tIHZLeWZCV3V0RGNmNDd0VVhLejF3
Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B
555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwN1BJamlqTmcvZWZPNFVi
bU5XalhTTDgrajd6OFBBNFZ6RTBTaGZzWTFJCkN0VG1WYlRzeTlxZ3ZhNlNmZ0pN
MlY0K0lFWUNJbkFoQVA4bmVVOEZGcU0KLS0tIFFpa04yQkQrZXlsSzRiTUVicXdF
VDhiYldnZ3piamFoUHBuU0ZVaGQvbk0K/n41+x2YL/rpaEAUbjvCtyUmw1uwCXVo
jmH2cXi/GH4CSoLY6oekq1m9dY/Jxgl7BK+KdRwf79IwhpP98E0xzA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-03T13:26:17Z"
mac: ENC[AES256_GCM,data:35J6pbaTXcq8zW3wtLqBAHSTaWjCxx+BsOZlKWNwxEOCkGzXIIKFtakZJIaMktgPNLvYOlUEOP7dhjUc5IvJCM5beMSNOjBVJJNnLkKQv5sCJK+4p4uTzXo3Neht/Y3xan4DQItdm5lwwQpyNlCecGynVjqN+F44liyxsAR8gtQ=,iv:gaVY3PUn7NdmBNAvuvij990T5pRrAfqY1qgCPWxGBiA=,tag:CuOMqH34hlQX8WPikAL0qw==,type:str]
pgp:
- created_at: "2024-12-17T11:38:28Z"
- created_at: "2025-12-02T15:00:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAA2c8ZhXvI1hepU4CUbRb8/DoEjRFTcRKFr5XrsndHVCwL
xCLtBH9KqMf95/WzcF97qbUF+d1R2Kc2rxd+WPwYK2q7dxaR2BHyTbcbuSy92Dvc
yT7qlfl+l6HhgKXzQD97siWbXpY7AnKVb7swLlaODjWH3PN1Qw3In6n+o8i88lts
879uyzs7wsr1L8a/cp666KrW45E9nqxpTa4cdCr+bdWdCdlhTPPFSonF53YfLLBR
1rsscv7w6nQy6/hRZ/rcXuMZbqF4mium8KY6TqaRDGgctth+7ZNhIS1HRfDhXwXs
HcZwdvBvQ7EqBS34v4J0DOMqlBLKlFFtTLP/5AeXy4sCOs6vCx51WxqG8Wzj0ybZ
N2ykQHOQGVW5zbP/OQdZF9TUHJFhcF9leyV86XTWBcNOBJb0+N43milKuZwczd0o
jLBODysOTM26YtB+4NFyR+uFCFHgCrCnIxc3CApnPnzJbEc+ze3+otGdzPgkMJ70
vK/RzpXhSvuFu3reDpuyde6PbWyktj7CDVbYkt27DGEj2yQonfYKjJeL2RfgITOg
7433ZM9Sz54ZOEsBmw3ELaVRKu5CPIyBY1o2+JSBdxLSP2OCGRE6/GVzmJC4ryyM
LNQ3UCoXS4YpuBbZUuI6yUt+4VRYBFDUiyZaJJA22A8Yr9DVxJfZGjpb4q30HdWF
AgwDC9FRLmchgYQBEADCC8VMLPXd7doX5JSXrGa5QY54QUP3HlzGX8hbJ9XUx/yB
eXfl5FdqGQZ/dfb5T+rYH/7pSYt+6nBaJ6GeuVQOT+MWhSXqZRt/LVkHHHpwQl6X
u3aNHcNmuS2LrTN/U+isWGamTUEokIxoNU+GZxmV4HlWLR7I9k8BlFO3PDpJ952s
sRxX6gWk7JS28GKo1IozMsncoryH4Ry/vjCCHos4Vm99BkkxrlSrO2MyRXiEmXPU
AiiydYDBHRrMWxDkRy1nlkdh7ikNeV92bAqBQmbKQyams0z96BDnAYQ7e1gUX/gb
yB2m+YLuZZK15aFoy8Kq+bY9gQltRVJF2RrgEr3aNm3TOAsSx6Mu6EfRq4MfG569
TlWDHEmf7+imSqFV6UVN3x7Jcbks6lkTHFNctofZHYpcLmq79FhbdpRTLhXLDrOZ
cXYDtkjyRgBYIcjzj7Rf+6Ve/XLfdTRmqX+o11Iaqp95mRqHenm4qdsBw8FK2/Cq
FvlUz+Ms4C+xAWS9tIagKYyJkoH9ZJqqaTfq/c6o2SJlsd6jJ9eNyhKHmgy0vCBQ
u1ulEl84jZcSZl7XoMTC+HLWAM0T9AGPXenAg8+sMxl6Ck2rduv6CIyHzFqGrqTt
90sZkkW2DQFOrkaSeu48in42L1Rc88aRSsVc3Z4ID7z1XC7sAlJGgOn/Ua2j6dJe
AbCP+ritlU21urp0OHdrefGazJvHYURTTR+s2NwoeeHaoTgDU7Gf0ddSaYyzqaB8
LfkLAdMXXBWGCLWNVg5vCBRwZIImuQz67DZSSR1Dulz4Fy+WNSAC0m5AGBKtnQ==
=dcOv
hQIMAwDh3VI7VctTAQ/+N+OvAooLwatMFprJMVOfItYBfn77l+FSI0Xj2wlJcq8l
XZcvUGtmmuoVQPow2H/M9FAxxP5ZTsOtRlgFl+Tt3JxXh3lo2L+Ia6jRYKFX9255
YhGS5rBG4YReaxPXy9sZgcuZL4KmO8nVzbrpTpYutvOxmjeMF2pfwUeFMa3UJ+5k
11sSpuR6h4qux+VGeLZ0hRakjlyTWbhCBL0EDpijo4YKOHCCOEPo8hOvpxRDlvbj
P2hOKlVr8idIBET40BjNbMQ1dcfDwXMAOm5tevWTypBH9KqHgQWUyt+sok5yMqis
E5DvY8G54daFU4v5n1XSVw/C7iWx8XeN/h2SnlJK5AkUqnrcNb4f0jlqwDFEzkPS
yht56C3om7xzh2PpiLxGC8iJdWnT3QjTghrU5J/LwXNlACh9NhHItVf0P/FHMeL9
aXCb/Ylzpg/txGZnylgF/rTQ2Y0ZbsNm/fyNF/IamMrJvsGUGQ56Z67Axk622Gyi
cl/bF9CruGdyq0iL7Zgpz+BlNOIRQpEaYKJqkZes+aS/fyKnPUFaBV9DHAjCNEZT
xwBxZIRXSxNx9JAmrpzO+0QLOS1G4N/Yk0sEnmjFZBW+ajplSh+2ZXVoiV86iBYA
/QjcB/I6sjT1dEvEc5qatrxjEgA9mSIco302o2JRzLv5PnB6QN1Gr9NBPitz7eaF
AgwDC9FRLmchgYQBD/wJUf+LJKZAHI+Zeh4afS2xlfLXRZ+pTlScdBIaX0ZtAxwH
mmBfmRdCY+xR7Bx4qYZrHhWeE13Q1qCvSsNuIPU3L3vHtdkxpr52Vt4NUFZ1DP3G
D3dMqHulpqrxvw0iMDrIsKJveNkGqojwPtZr2ougr/CguQ/HiH4Lm2QUaf3UzExm
di75yiTpjW3ifOvCwBUErkdOozL6HxrWH2bQn8f0qElsmryF4RJ1ve7x9Am5L16s
zP7cxZv/s3sNH17i9PgqjytSdoKrv3KIGMxnV1rasWNnUYTkO7KZPMkeFsZQX14Z
2OtIpYZs0UFvwsfwd3J8KAexwocF8lUS0CrgPeNQUzn+I44vQtMMd4Aoia5ULrU4
ClLn1KtOrLFBSkzytrcyjTORLANdYix6lGEgZtC75ICjzDRayivtO8XrO1xbzFjT
hZsoJjpd35sIkVczr/joCq1jP6aKMyKEzunvUufw9wMCiIgwgY4htrE3BoPAP0v1
ZE1ToX3OAniY3iSfyVCCm4bVNoOKU5iXD9UpV8DV+AZOQaYZyUzBnvstBGigHxKW
TckIvX3esXq1MADETFmm8kzzyDaKbPm6tRii/04CT/lXjSJiOFbJlCkGZaBbAIOJ
q/WSa1Z0hfoHz/BdNqelkmKjsrsmS4nJlGL6ereGmByu+lL2z2IN4M81Jpk/qdJe
AUSIVKQhAIS1N6qLzNTz1GtnI1NDFozEP3bXEhdN7KZVp/ivv/na5pzSHnvPodK0
hPtNU4gLlKqaQ9FczVc0t1rBxFz16rNCn6EvsE35bMQe4l8jydls49UJsQZyAw==
=gZNd
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted