swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-16 14:19:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

wip: continue migration

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-04-03 22:55:16 +02:00
parent 7ce27d5d2f
commit fa9bd32b0b
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
129 changed files with 6252 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

64
hosds/nixos/x86_64-linux/bakery/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ self, config, inputs, lib, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
in
{
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
./disk-config.nix
./hardware-configuration.nix
"${self}/modules/nixos/optional/gaming.nix"
"${self}/modules/nixos/optional/nswitch-rcm.nix"
"${self}/modules/nixos/optional/virtualbox.nix"
];
topology.self.interfaces = {
eth1.network = lib.mkForce "home";
wifi = { };
};
swarselsystems = {
isLaptop = true;
isNixos = true;
isBtrfs = true;
isLinux = true;
lowResolution = "1280x800";
highResolution = "1920x1080";
sharescreen = "eDP-1";
info = "Lenovo Ideapad 720S-13IKB";
firewall = lib.mkForce true;
wallpaper = self + /files/wallpaper/landscape/lenovowp.png;
hasBluetooth = true;
hasFingerprint = true;
isImpermanence = true;
isSecureBoot = false;
isCrypted = true;
isSwap = true;
rootDisk = "/dev/nvme0n1";
swapSize = "4G";
};
home-manager.users."${primaryUser}" = {
# home.stateVersion = lib.mkForce "23.05";
swarselsystems = {
monitors = {
main = {
name = "LG Display 0x04EF Unknown";
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
workspace = "15:L";
output = "eDP-1";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
personal = true;
};
}

122
hosds/nixos/x86_64-linux/bakery/disk-config.nix Normal file
View file

@ -0,0 +1,122 @@
{ lib, pkgs, config, ... }:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = config.swarselsystems.rootDisk;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
environment.systemPackages = [
pkgs.yubikey-manager
];
}

23
hosds/nixos/x86_64-linux/bakery/hardware-configuration.nix Normal file
View file

@ -0,0 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
hosds/nixos/x86_64-linux/bakery/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:M8uEE2uxhHHh5UdLO+J18EMVWm+9FCR2BHMJ3P0Il4h+0CqWOS27aVWPjI2lIt+jw5svt5kVbTIzwvw1GmEdcXzJrE9yZ0eKkXSm/TYQQZhlmcPcNeJyDf/bLivwExKicRy2JR2KNyAoiW5gISF7nkUv10EnM60mzH2RftPijvdgSTmdoNu/9Q0J3M46k+EVGO370NXT89eSbhFMS4r6M94vKaA=,iv:C4ELLFaF9yFfDH+g/TwQtRm1DuRtIAxcI55I0mpKd70=,tag:jLWAD2pLkqzekJipf/Rc5Q==,type:str]",
"sops": {
"age": [
{
"recipient": "age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaGtCbDBYaDZTMUhhbTY2\nbk45NWRPZU5nWmh5M0ZDNGF2Q09rNHNzRGhzCjh1d3pLRnRtZjVnaG1oN0daOXRy\nUzVFd3QzVTBib29QbGN4cXNheVRCNWcKLS0tIFlielcwODk4MjFsS29ybXNDMm5y\nN01aaHBFN0VPdTNrMzJNaE9NRG9KRnMKNV4rqYphPTyXF5m+qNq10aIov8quVh2Y\nALelTPRpD/hMYou/s8Ro49GHNNNKeV9J+4Tvq1QEmIIdvjFLy9AS9A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-10T15:25:21Z",
"mac": "ENC[AES256_GCM,data:pMWJo+JuSgs7RE+rc6vB1u/V3kfQzRjknxIMkNNJCcBp2WVoz84BZ23oruaB2Z/ZSO9zpaQMHkuAqGZU7CuvZ1JvECHWov5fRkXDPeaeIVw3dtof1XzH5plRmAUzabrmEzrGSnwJrJ6DRlAhrq2gDyyIY4qmUeySc7zgR7QVf0o=,iv:iCM7ulRAP5FYyR/z7CSDRYMsm2Gjs7qWLChtslGfzO4=,tag:QJ2Lxmwvgd+ILHeYhMvmwg==,type:str]",
"pgp": [
{
"created_at": "2025-07-10T23:51:27Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAmKgk+exHX36+IkSQC03yiRpEKpmkqt+FcGsbDMonTyow\nmvhmwSc7UscNOgOQYDYA66vMCWE2Ij9gxFJNpPG3rXFiC11XN1/pq+Jy3Qvk3DNV\ntnXgwDvSt7Ry7FThXnPiJAkcjwYNeTniyjzKcUmXA+yEJAlswjGjH6uP/Nvkeo2n\np+OvRQc0cXHBSTbnIq4dHaqVlp1JWOQgtZVrIgwN/rv3xvDPE2E2dmCc9hUg83vk\naUT7fDo8v5hWwJJO7Q6OvECKw/D4jWTxnBP1nS3a66shkpcC7lpYQjE6AtAM3AbY\nB84rat/Tff6ZcmtxMvIa62vfwrfSh/00DmRlPkIe1KlbjrV1kafzbySjI7q1vy2l\neZL7/Zi49fy/KudQ+/OOMC/PlhGLYGtEo3sNmLY7pfBNuMmwjYQ0K/1kKQ8XXJDw\nbWQDP+8aeIKKciLy07NW5Fd5gc5S1exSFHDQyhCXjdUcPk3cTfnEvMP/T1bCNCaD\nGxy6IEifdJvYNeWyaxgbKzsLmz8kTd6wPj/v0BIdL+dy3/a/4SVLR9r7Qn3bMgkc\nb1wVY4XDyt6LPnwVY3UOFPSCVckGb8NRnciKOj1TnsaYI6xEQ0ObuuAedVJQj0wF\n5OqYrwnH+riiLFMVzsEspNQNlMTRY86zPIxuNe8qPDdVL5CotAoobzdmr9cc75uF\nAgwDC9FRLmchgYQBD/4ntfP9dGtNzb9BjR6NEmdqJDIS37lHCc6ts/f86VCiy0tk\nhdtVdZ7sYdFvzkGimfmcbsVJ5VOPK6S82L0xUlROCax1bVkjK8VjqppUbTxQMgWh\nek7pPzE66MJzXlpqGgmRHgLuV0yhTqz9TGbTetjYYlWiOGMGYHwvxMLnvTvQIbJb\nBwtpbK0SEu7ODMn1mGtWpzkVI9rDeCW/FT0bBj1KvkWBWbCVFCSVGjmxuWcFgRs/\nc3aNA/DLQMsX7TzvqiY+dXLdp9/vuyqIf+qzC8IIrI5fskzaVfjP+OzeAVTXeI/f\nYsgvF31Z+DfMAFQ7dnAQ56Ys/oSdNTaAnhfFjI4S40qw0SfZdTWzUm9IjhnZKgaU\nNV9V3b2D7nr64JxutHzYiJemlB4Oy+HhqMQR3AYeMDX3hEG1Xt7splkBLdXccIEe\nGTOoaIffV1QUAB2M9PVyidpLf98Ii9s8Mr2OUcQsYiJy7jNXTudx50mnIhmBSDPN\nk/RSFoMo0+v7jC7lWkfWhvunUJrJ37zNSEHZcJo7Wj+SflqZDI/QRQAez6xRF6ih\nzgFfAgNSDAkbymvju7I6V9TEOw8rLdlXLlBNd+GAy0S2HfNIN8lx2tVnP++zP54C\nhdEDMU+uKp98Wu1fVuMipzjfPqJ0lpNj9M2+ma3q3w1L4YbMa+nVEK4/mmP0e9Jc\nAdvTsgHHFgN5KOwmZkQdAhKJ89cwcGUwZwn/gO7pEGoOw6WaHIIE6ueOiThfkXm/\nWIe1AC/JQapdMlvmF+2Rf51RmSkWX3/vtFPNkWvgkGgCely/eDXRK/si+kk=\n=ep9e\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

48
hosds/nixos/x86_64-linux/bakery/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,48 @@
home-wireguard-client-private-key: ENC[AES256_GCM,data:ozkjvpAAo33495w2c06Iu1ZFvh+IGNXUDYuWVWACBoNRQSKaBX00c3Ynd10=,iv:wbeYJFEopuANyiKnWoCBESxa1dB/insEFJChEqxm/Pk=,tag:QfvICpbK5fiNEDhRLxQYGQ==,type:str]
sops:
age:
- recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q0Z6VUR4VjgremM4UHBZ
Tk5vSm1Ma1RzMkZNRVE5NHBtMG8vNFVXR2l3Ck1yN3NoS1UyOWMyRXZTdndwaXdW
MHRkU0d0YThST1VEdVJXQ2IyMDlwaUUKLS0tIENrV0tLK2QrK2t3d3FlZU1WMVIw
aVN2eEE2WDE0RHZxNTN0aXVZbGJoUXMKjje3viWHrfHFnxoXOS3R1/TEEr2nV2Dv
2Tepz+F/vrNkH705fVePD+SmPXv0j+bEH5Lf3vLi/9zFqhrqgFDExw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-13T11:20:48Z"
mac: ENC[AES256_GCM,data:vqg0HHoDSLlPFh++CZZBpALrIOrnBtLL30XWzoXpYXMBKM/XCKGhjFPmna/ew5stK7ylNjIiAmvX8rZB3ynG5Si1/4zfGV8aKvVKhcrUjB1Upkphq7jFb0MI2JoJN9dv4SDVwKtiog8T9aYImNXe62/nMI/5xHlF1moY6JXDE0s=,iv:LprVDQU9KeSwuC/cmy06YQeCMYhaEygb44I+GkvnbiI=,tag:fodgL725veQmxsLuA57nDA==,type:str]
pgp:
- created_at: "2025-07-13T11:20:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAtBAhSfBmcZqHKU+JiBPcs8WftmIZ1L48ERCyWAfh5iHJ
lfGyM61PVxb7qAFbXf+sXsZX2QtMVjobqYgAlibGLnlUl6f1RaFHdfkbUIr2NGY+
gjCZEGUmunwRzd9hozXj12B1juop8nB5kAdeGhJ/H9CIJofYalkqlU33YNLcROa/
lGqV4Xu89QfMm+tXzz8JpsXnW+1z1j/9j0Om3KNQYN7t04BmNAYwSymFuubFEnFR
Y+tvBPqDPhpxT3YvRIkbPGhnWZBlr60owL8S1nKujVLQmSr/DjwS+om12kPl+Tpy
s0jAVB5ja6FCIE6pa5WMV3wNUinis/a/P6xJGiFxS47ZLoVjQjuF2y0pW3N8O/8v
mm7Q7J5rWjF4odZfDyfpPdh3+Gmb2cUERpK0i0BDT8xAo+6F4EkcsWrTb8BrI56X
NaTPFLenluIedqqewgN6AVjX0WaxZRdQIKupmujeWefhBgDwX++5misZdCErqLcX
uG0R8ziHGi13dm7mhn+PorFEMRcAHhQqVIA9Ck/Eg48W3GQcbGlOl6e/0S84g+YU
ndfz2J4qbJtJk/RmarpbSE2kI3edfs1DC0nM1YUIUHm91UxXZ/yhXSiR0BsW0BpG
YRtyT6TpseAfBhyMgFjeyiDk3ngLHogJT8ov706X+jG2IGz1n6MldM8EMKry8amF
AgwDC9FRLmchgYQBD/wLPUOWXyhPfuXkPuC4wOdH8q7uvIpDCJM1QfegvM0Vbfaa
BcqU8V0uC2+XirM3nLYjfgEuLtXpDnPnGx26jYXiAwO2rzurWW3Z9BJzyp+n5fBb
uoWCfTlihAznDOW5TvPTUpgosZShFKGs4Gh8Nvcm2lqx8wQfOjSYJnLdotmOYEJi
t38OTIFDobNATXvsuNHSocue5TjgCHwLvSFUPg+o0s1Xx3DSMytX83slXuYd+WRx
GbA0wQDxV03kH27AkhsvYefcsntxOW/FsZk5XzARtkCRdtBfiRb4bRRWsrrnzNBT
6hCb8+MCmnCeFFJRkj0izsA00j0Q6tE8s+NlhpeNIB0p1bxOvjyeJyOEBwI+G/s+
vE1mewutNnPYploy+E+zsmszSrWwGe97QL1rKmVgYMirLKtGo2CBHlRsgmpdhoNZ
ADrgwNCAUPD5K4eEi1Dl87p1LbdjCd4CY+c50NWpnJP//LAvTVjZFqkQr7xgnBqO
maPzDbHCQgjboSWHA/bBDlv0b164NsWJtpDrf+z9R92bhCvjTtQxQdcJ4ZXz8HWU
Z32ilAALR+uySN9gLoaVMMZyQ5vELWvFK66zMBpk3wLWPEus0e9zOA764+JYXbUG
25T6DbKNNBDtnT9w2ZRrmrK/B2CsFbZDQ4R+pom8Q8IeSke90d+jDAZzHF1erdJe
AYZ0wZtqJgw+IJL4TI9QEgFBGa1z/+83ZFuztRmwQJIawEHisWt+3cj+mbZKSHRS
aRRmLWPtvK9w/RSeoI7op7s3rUdpl/FabzcIudRYqtRiP9/Syly52YkRD7503w==
=hhjd
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.10.2

54
hosds/nixos/x86_64-linux/eagleland/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ self, lib, minimal, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
"${self}/modules/nixos/optional/systemd-networkd-server.nix"
"${self}/modules/nixos/optional/nix-topology-self.nix"
];
topology.self = {
icon = "devices.cloud-server";
};
swarselsystems = {
flakePath = "/root/.dotfiles";
info = "2vCPU, 4GB Ram";
isImpermanence = true;
isSecureBoot = false;
isCrypted = true;
isCloud = true;
isSwap = true;
swapSize = "4G";
rootDisk = "/dev/sda";
isBtrfs = true;
isNixos = true;
isLinux = true;
proxyHost = "twothreetunnel"; # mail shall not be proxied through twothreetunnel
server = {
wireguard.interfaces = {
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
swarselmodules.server = {
mailserver = true;
postgresql = true;
nginx = true;
wireguard = true;
};
swarselprofiles = {
server = true;
};
networking.nftables.firewall.zones.untrusted.interfaces = [ "wan" ];
}

121
hosds/nixos/x86_64-linux/eagleland/disk-config.nix Normal file
View file

@ -0,0 +1,121 @@
{ lib, pkgs, config, ... }:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko = {
imageBuilder.extraDependencies = [ pkgs.kmod ];
devices = {
disk = {
disk0 = {
type = "disk";
device = config.swarselsystems.rootDisk;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
}

18
hosds/nixos/x86_64-linux/eagleland/hardware-configuration.nix Normal file
View file

@ -0,0 +1,18 @@
{ lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
hosds/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:sfFILq+nY2tqP2aHjJZqUZMdk+qQXSsL72ubGsu/U5G8ULqXcq73d69Op1M8ARfLgOrzoBfzyjcxFMUZiVxoSHevEtqoRBq0Yol6S+3m8vXbW6k/4tj7vRTCsnuxEbGgX2MCbpfb8GChkX2xy5ZKdOWTyXNGWIIAOkHj9NAfnKz2ppY8tFPcQseOtfbI7o/MiFtaMzI6HTpbgBqhifJHLvJyIjsFH1ZecyYjYtL6682isMGZwywUdzaE7dH4m8+sFztHiliJaCM/gID+Kl4GsWlIqZuJmCi3Ac6czCCnLf2fXk53YLXawjwkQmNWjSkOVYI5yybonySSzmyjCfB15487E/ScNlG/Cc0GesoaxkJQpgys3rjuyIUwBKhfHa0qsEd5XkUFKemlB3uQTNfst6CQ1WzZYagIGwTM4zB8HjsjG2hRX6Jck7kS+5eQAoxToe5Z/bDGworUYWRhm5To7bbWn6w2AZ0FjWsb/h2lGy3rgCpjtaaKLAcG7kzbXyUW3crjLg0NR7REKYQf/ZLDGs7a0zYiDfGHyh9+krNiZ7c4dAlCh0lwUJuWSLP3VBPlcLqvSoOg8rRvoJwmIwh9rCCuKxhhGHwwL4SiE10Gw+5rajHNfj+ZnjvVXmFdpZRQW73FF8ThVexKu0qtCmzGik8R7wIhI5AW3Pj1wBURftl+jd3vRZkU9isCE3CZit0L536ZJwawoAZ0eU5tYkRjI/7iHXAbyLEILspSdrHDneRiVLh/IYXv6BEtlZFXwQMtPRPAwx9F8JG0zG9iX4Yy,iv:js4R7cAoIFGCgURc2WyiqRwfqLLBKNWCEEAlsRYdUeA=,tag:NZD44GRRgt7B7U2oDBDjyg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1ZPZFUxRTh0QjB6UDJ4\nOFd2c2lFejhHck5UdUxVbmFFbVRYNEJaSzJZCkNxbndVVThObDkxUmx2WW9ESzhh\na2o0LzFCbWdJVlRIV00rTVUwTktoek0KLS0tIC9qalVvZmpGQXZsV3RIYWRPbmRY\nam80NkRkT2l0ak8wV3pTSW9kSC9nZ3cKCH8eEMmku6WMliEDdAiW2Lk1jAGH9SoP\nWQ5Y6e90jEnp8XbGE7KYiG+jy5fHSc6Y5/YyMmi/b9bF9AhmRT6rdw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-25T00:58:02Z",
"mac": "ENC[AES256_GCM,data:AVZqvJDOcRyUKkxxN3QkxFDiPgB7R/yI5cSGrsgZS/T+rcyi9db9fYhS60c7egLpYmO1ieBk59wwykCAP5TdTQoPXm/+O24MCXquEYuY9CR4YjYno/dBnbCWtKvIB7vs/yIyVfKBW4VQYSbnH/LpBSB6RJ0ivLU9S8hrmrgTkDw=,iv:pSbmaXMW7hqxxTNS7n9vDlVlO7zE3rqHnDAP0XaC5xw=,tag:jH1qSjGWX8bwKSk/MFmDQw==,type:str]",
"pgp": [
{
"created_at": "2025-11-23T15:25:41Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/+OOUtfNq9RBpm1/AbgTjenkcsRwzvyxMQ+VfT7AN/OjEH\naYaVnoU+IYoUJIw8u0zfFuJGyhcU862pMN+isngqNNZiEqY8C9rP4+l82Ks4qLU2\nanUk8HPcUc7bQC19zoSpl5MIeppV4SNC5OAph+YKVcj95l6OFw1EieptfhRFtTps\nwUKMf3p9FC/ndxjDG6Rxro7RQsETJgZ3DE3tRFPsBzMiC3sf+fsOzFgVyABqYZ1k\nDr+pkdBzGB3LXOyeDJWK38DxY/NEEfDgdSGLC6ntQ8eS9fbcNajT6FUwH2uwHJ4y\niWT6Q8z+XFjh3Z458tZhcnBGv6AKGeQ/QG9z+0DALKkkmij+vJqRAGjJxur6XM3K\nf0anUMXLeCINcLEa+Wv7inYJaPXu2NSmqtd1yYYXoAbVcnmzmgW9D2in+JnG5urQ\nCq0MEALyp1axExIaD3BHrFIaK9IX2PO1E/PLDng8AtGEx5Fn//OQX0Wt/yB2eEk2\n3uubPz1a1eMfRz1pK5CFOpJoZ8bmyg5n4g/5MgVgoxzA5nhjfMYD/HD8EG3ta8PI\nrQZhtlg7C+5nEsNevD4RPmzO7z1JdqJGMIWPPUJKZ7WozA5192aAw6HVKdtI4FH7\nXv4KY+GcmUvsKhpaWidW7vsY4MWSfn4m6Ybg2vqHsCUjj5fHVHF9BeKQecIcTTyF\nAgwDC9FRLmchgYQBD/4mfMCt5Ez8WITcru+pwlMHCeSUOxfftsydqdtt/gZ2oJTH\nhMMN2A26x3LXIfZ8IA6to6ldxQLfj3gDF8H+akHbRyndrA1V0U+EhoNZ/DYECkNB\nx8xtrJwsY47siT7sWlounXqnQr5E4nfSfDOsfSv04aUyyUsMqdjFRVY1/b5BCkoJ\nOptFJJjdosfmGfsHCGYvqj0XNycVQj3ioYEwOdDMlZ8riSyRTRPL9UAfgFeQ5swG\n1I1qWaF2+8KUk01wQwmwYLKs1JUnVOl6Uy4XpHbcZcCEIW3VVnwxFVCYcHwhDXWT\n4YGeGFfosuthL4AjJ2EmNKLq+sUxmD7ANS2E561+0BDAakQ3Z0eA/wpJ6VWQtfV0\n05tw6zS3BWwTi5fiiN4JvXqnj+8aT1PBtgxrCeDCjQ36KGViLzDsZOCMNYcr1EZI\nEFMTmaUDFWtoHQKi7ZU+oiRGGfZdnbh0icCsnBecePo4//LaCvBn6lA+vFBmuHLo\nZ2Idh5JSYFoEvhdX3j+sO0dOqzQdDEDy6+Y3S3T4vuSB3w5k1B5c3EDseKfLHUY/\nhgAIxO7rtELyhlFODMmEOzLWwOfxq/5ar/izxkdQS5HPNyVXT6SKikTGmI2z8Uw3\njyCaXv7ny5IVG/kR5aTP+DIHhichcpxJk7j+wZfZV/g8O2PWQpYXfxr36gSo49Je\nARJUBGaEVAhqoNfaHCUbvHCSbbI2yKY+sliX3p7MmcMdy/cvKyowQUuw/FYtdbGD\nHwCe6GZZzHWJZkX3nju3zhOy3gBDBDB1fbF4W0VjsjOwYjy/7MNMVH0eXli20Q==\n=qkvc\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

56
hosds/nixos/x86_64-linux/eagleland/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,56 @@
wireguard-private-key: ENC[AES256_GCM,data:grHYayd0/og7SZhnkemUE9NySA8M2Pev5C/GgXH/UMnRXJLDQiJameGMZuQ=,iv:FyJJeDpGu3OqV0YihVUnBNcgHVH4yFOR4KkVxM0qQzU=,tag:MTGgQ+RT5boa85gHNkWBwg==,type:str]
#ENC[AES256_GCM,data:TeJxdPs=,iv:M76JVBlBfgjjm1SuT/0tG/98FXpkIPpGng4u4F5p07I=,tag:RXAqa2R0HmEOjW0dD1treA==,type:comment]
#ENC[AES256_GCM,data:YczkPHAlYVsdVPPGyuByxK9wvRVbAuR6rR9rSFjMvMGxg0QUdIa/yo8o0ppe8I2ywwlLSROp3WLJ,iv:ltLRGMLZsOte9jQEi/VW4Diu/Od8kHPbzsmvPqVgLCE=,tag:YbtxLcYhvPZrC+QFfxtMrA==,type:comment]
acme-dns-token: ENC[AES256_GCM,data:5U/74jeGpQH39kyjuVwLU3WBYk5MrCMZSFouRFRVbB5FhOkiJtqYBA==,iv:f1TgdiVVbAB+580AtQAe8mCXU0WuS9JX7AWukKbDYj4=,tag:Ut0tbtiNcV/NxfStyZA9XA==,type:str]
#ENC[AES256_GCM,data:dZiEtGPKsbsd9g==,iv:lNgXQHx/w7pm3EUTBwyFnqv2j0T7zQ59nFLom8F0hQ8=,tag:1cF89QMfjipYZgfl08qSOA==,type:comment]
user1-hashed-pw: ENC[AES256_GCM,data:uPyDpGOVIqE6cCyvhXIM6v8sTqEx9dV96oqMYS7fRMLiR0kYlCmgNBEeDFmTNRskqwW/WGXrOBn555ZH,iv:KbHW2mOGzOw4t9aOrKLOIobkUNLWj69dk7fFuy1x3aQ=,tag:51+qAavIiM6K256MkhBaZw==,type:str]
#ENC[AES256_GCM,data:brmNZZpgXixukd/wVGB+aedAR69Lw97B/vJIJndX6gSZXmv85ioXOE+INhdXFzCjUA2FDZlWOVmBLbtWSsgF9bqV/4WTBOwk8Cy4fInU,iv:x1aYveoBXS48OodS+4MtW74oUdCS9EFdaFZBgpmmfSU=,tag:FlGm89rFi5ZLoRq8Uxnpbg==,type:comment]
user2-hashed-pw: ENC[AES256_GCM,data:B2gK16sr8GqnngSyhG3vdGb9x8M3j0A/KDF6Vak+ZHO8hOsFAriKHnHEyvcJCE9p6oi+9cqPzcbL6VT7gYQf3KJrid+Ejzl4EQ==,iv:PVG04/i7xAokvcjcedXOEYuTwfdt0Jofev0Eit9kD+8=,tag:zCV4JPQHRArqW48lkhCzfw==,type:str]
user3-hashed-pw: ENC[AES256_GCM,data:sr7jv7PppT5Ub8VsvipXdZZWTZ31GFscmZ/CcHzYE4vsfIYYHpFElHGMjlbcTSLjyqfVOcXAKNvabcoO,iv:C22sZLrUUc3G80yyYr1snuwqtAa8USZd8FRtua5hllw=,tag:lu0hPo24CXNI2kE7C8g3Eg==,type:str]
sops:
age:
- recipient: age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWkxKRHJnTjFHcGlhN2Ev
aHphYWN6SXNNZWdNc2dBclViaUJFdW9HTUNVCnN2Q2MvMUZpMmFENlpNTVZmZFJj
bjFRTmtENzQ2WVpHWmc3S1BCMzZmeE0KLS0tIHRPZlNQRnZXcjMvSERuVVN5WDIr
SmZrb2xuVW5VVjM0b244U0lkVmlkVGcKin/6A8ONfW72fbQmvJWiNCzAZfGUtxCI
WV0DaPvO7sO5y7q37QxVUOxgJgF0WpKiNel4Y9E06xbl3TK6jXk2MA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-25T01:03:31Z"
mac: ENC[AES256_GCM,data:phjkITBZVZ9Mk0y1FL2dZNgrxyIPbLIXmoTYSlRdHslHg0+hBViLnXAvS0QN/HvsvAldzH8THyACQrXDZQSFBHljIy2wqZr5bu7ByIlRc8FhwNePXNOUs7HH7bQISvFuDWrXl2KQn8OirfJjpIpwQIi5d44pa4Fs1+tpWAg+OiI=,iv:k7brMvP64XV5eNYdm1OJqpjEJ3xEhhfOqErBIG7xMNs=,tag:EhXT3gZrZg2QkYzVCUQKlw==,type:str]
pgp:
- created_at: "2025-11-24T12:05:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//XLsWCm+hQ4388h7XmawVSSjBF5dRYHUpuW35fMG/+EWj
8cGL9dXCBTwBMCV1tEPQikjdVdzFPfCdroeKozvdt9XEOv26sYxtUwihPsp3PDtZ
Mq42veeVqcd33NgfINim7DALCoF6wlh6FM8Xeg/HHcFk9T6gcnhHRWbka/nBXm5y
3ESVCMws+nuenmNsAp7NP6+TbF5kToSHSd5sf/S+mdo3rMIWVtdwc3Ox7RGeA2Kc
1AEGfkIZmrUtnCnhbE6Q89nNfmtdmQ6RFY0sPZem3Kksx5SfxLTP+QwsyUeNG402
ndnjCKiWLlQGkO51wgl3oobJ4KqqC1A9wMvYCIiv163bCy+jA1fsGH/OAIa3kCTb
sauCsLeq3ilSmzmwbWKFIi3dst+YR63XSs7aSCaZ0HnI8CCPV4TMtNkgtiVCXIGv
UmF5XCx7aN3cfGTbTwBzMs741HzQHSxMgKekicJS+NJC/P0DfJu/st781rFqJ536
FLYF9yK98kVNLrxpWlw+ayp8pP2wMmDScYjZU0Pi4Xz9y6iF0ZtJfEc/NaThKJ6l
K1xat17b7dTdn0H1Ncq2zhZ41nydk6+0K1zYMtjFplCwzGtTDAn7QIY2YEFf+zEF
A/FrEW8sjTOYbWORz3ZdH/lhd12FKEG/QFiM5UwQkINRjBO9NFLTmGXzD0C0kVOF
AgwDC9FRLmchgYQBD/9TYF9hq4JEshBgmUrv+6MnnuXJCYkDdPFrDWk14bAL+J/M
9r3hHNK/PY9OUqgVf1HRO8d/bIvAwDJhs3rhWP/el6IM5UWfkwwwx/blhTzTlbgm
1XjN9uPd8lAaNFDgZBKg341zxxuQa6Ikm3MCI/pyXqeOKMlxXfrkH0Lx+e4TyoBF
pDflamEOVJt15dQFOB9aiphTZMCmVQfV/eYfjqpRDR837/ptzQgasgk2KFvyxCkp
iWL/n1nN4n4lg2BYeg0EinFu9lR03VIPaWYrmYCU1XvDUbVKr3c5FbX1mcyt4PvW
oSCq7Gax/YCSQFy6Iv2QiPqhrnelYRuBMuXrnSz8TKfXJtsW8+R42vNc4o4iSYsj
ZIzBQO39YcUA01qogP0hxPSGzo1M0cWRpZaX3JbjWLwqZQoiDi9Uw482xDuxO0bx
TeFtekSCZTV7Mi1EdENb3J4UdgpEsviFLSsK0uSnCPkHu8MteS+FiztxusgHtH5f
YVhQhJ/bIp7jTheow5SZSnb+pRHbTq9GcN48k4G8l4YQZjbXRaYR0ojL//9yexCL
z2poLvkw0q59GgiBNudITIKSB0IJCcg3jDafMCJ8iqyBzwPzPHOL0oB+cYyMth5a
chufOtDAE3JEUJb8c3RXUnpIl2JScYV/IZNHDIUSpWOszCVDYZ9TUqM/+C8iV9Je
AeVg5jGHq5yGwhzhXgM0DJfFksCNvC6uyAJKpw8YRhNGNBt+pSvF38TMA+R1YPmd
yntweGKTK9Qjg4zpS0zwnDehJis/RSkNTkK66RsdVpcaMj47WOrvw3zGVqz1fg==
=A+L4
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

94
hosds/nixos/x86_64-linux/hintbooth/default.nix Normal file
View file

@ -0,0 +1,94 @@
{ self, config, lib, minimal, confLib, globals, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
"${self}/modules/nixos/optional/systemd-networkd-server-home.nix"
"${self}/modules/nixos/optional/microvm-host.nix"
];
topology.self = {
interfaces = {
lan2.physicalConnections = [{ node = "summers"; interface = "lan"; }];
lan3.physicalConnections = [{ node = "summers"; interface = "bmc"; }];
lan4.physicalConnections = [{ node = "switch-bedroom"; interface = "eth1"; }];
lan5.physicalConnections = [{ node = "switch-livingroom"; interface = "eth1"; }];
};
};
globals.general = {
homeProxy = config.node.name;
routerServer = config.node.name;
};
swarselsystems = {
info = "HUNSN RM02, 8GB RAM";
flakePath = "/root/.dotfiles";
isImpermanence = true;
isSecureBoot = true;
isCrypted = true;
isBtrfs = true;
isLinux = true;
isNixos = true;
rootDisk = "/dev/sda";
swapSize = "8G";
networkKernelModules = [ "igb" ];
withMicroVMs = true;
localVLANs = map (name: "${name}") (builtins.attrNames globals.networks.home-lan.vlans);
initrdVLAN = "home";
server = {
wireguard.interfaces = {
wgHome = {
isServer = true;
peers = [
"hintbooth-adguardhome"
"hintbooth-nginx"
"summers"
"summers-ankisync"
"summers-atuin"
"summers-audio"
"summers-firefly"
"summers-forgejo"
"summers-freshrss"
"summers-homebox"
"summers-immich"
"summers-jellyfin"
"summers-kanidm"
"summers-kavita"
"summers-koillection"
"summers-matrix"
"summers-monitoring"
"summers-nextcloud"
"summers-paperless"
"summers-radicale"
"summers-storage"
"summers-transmission"
"winters"
];
};
};
};
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = true;
router = true;
};
swarselmodules = {
server = {
wireguard = true;
};
};
guests = lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
{ }
// confLib.mkMicrovm "adguardhome" { }
// confLib.mkMicrovm "nginx" { }
);
}

118
hosds/nixos/x86_64-linux/hintbooth/disk-config.nix Normal file
View file

@ -0,0 +1,118 @@
{ lib, config, ... }:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = config.swarselsystems.rootDisk;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
}

44
hosds/nixos/x86_64-linux/hintbooth/guests/adguardhome/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ self, config, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
"${self}/modules/nixos/optional/microvm-guest-shares.nix"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
globals.general.homeDnsServer = config.node.name;
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
adguardhome = true;
};
}

61
hosds/nixos/x86_64-linux/hintbooth/guests/nginx/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ self, config, lib, minimal, globals, confLib, ... }:
let
inherit (confLib.static) nginxAccessRules;
in
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
"${self}/modules/nixos/optional/microvm-guest-shares.nix"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = config.node.name;
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
};
};
};
globals.general.homeWebProxy = config.node.name;
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 3072 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
nginx = true;
};
services.nginx = {
upstreams.fritzbox = {
servers.${globals.networks.home-lan.hosts.fritzbox.ipv4} = { };
};
virtualHosts.${globals.services.fritzbox.domain} = {
useACMEHost = globals.domains.main;
forceSSL = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://fritzbox";
proxyWebsockets = true;
};
extraConfig = ''
proxy_ssl_verify off;
'' + nginxAccessRules;
};
};
}

24
hosds/nixos/x86_64-linux/hintbooth/hardware-configuration.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

25
hosds/nixos/x86_64-linux/hintbooth/secrets/adguardhome/pii.nix.enc Normal file
View file

@ -0,0 +1,25 @@
{
"data": "ENC[AES256_GCM,data:j4Vhhuinx3xb0YhEvtjK6CmGm4HDmhOZN9ftHJ6IgrINdlj8tWxyxsOfQkJoX+PmIjhloLob61MSBm2QfMGojMsvbgNrvakpPBoTd8w2H9u6IxMH0DpPCnXOq2rD6aC2Y5Xjg6AZJCXQNWMCfkhTgbZoTOen3e/1IUXtPtbURKe7vpOuyaB3d7IIO6NnMGlNpF3ZXRuxoOtu9Y9ZrMjgRH7I5vkE4KkMoFIt//Tx1rtlhu68UrFKlochelXNPxWc+NHNbi1ynibdgeuipak5GmheJ1vY7oKAMogvsZWvn5qs8Ar5juoonWWKsc++dIcFwhDHaxd/xHiak2MhKmnU+do=,iv:LLAaoxXaqVnoCprUfSNLNBU/69ZTxytVswgdz5s2swQ=,tag:B8wC/3YB04tKvBrS2AvmdQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YjFzelZTVE40L2hiZ0pP\nL1o2ZUJ3VmFnZE15alRaTHE0aEU2T2M5YjFZCk9tdUxEdStRemZTdnNodE5aUzk2\nSFlaeklZZU1NYVdTcW5VOHczWkNabDgKLS0tIFJtM0dlN2N4WnltaGVLMFg5ZEJG\nbVdMU085TnlzMmxEWkNvdUxnVUIxeU0KRW+NWgYTqxKUIrK9v3E2zYmZCnAEsUjw\n4WxVqwhGgUoHDeURiKkJNJ4kg3op6pNZg12NJ2JfAngAKfCK4xUNzw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQXc1MWpLNms2QzVzeHRo\nd2NJNVh6MWIvVkFsbEc2b2FVSkxkQjFYMURJCnJGOGZPMkt4L1ZXSW5UbGQzNFA1\nYm5uZlFXNlNjd0VSQVo3N3lFQ3BvUmcKLS0tIFlqQmpOL3VLVzZmcmxnN2RuOEd5\nZXRBN0wvbDB3a2hSdWRuN096ZExCcTQKMGRB1v9Jlilzx65/5yUgWQ+i7ubK8y3Z\n87o23XUIdXAx9oPW3j3HP1OpuYqiJc0FYX+THtmpHln/J9n9Qe18qw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-09T13:49:03Z",
"mac": "ENC[AES256_GCM,data:cJauc3/EUrx5uYx1SGLTmXdPrsnLY0SYm9vCakX9CUuBOoOp3aA5SGFtzGSjOlbPa22uo5Yt0t25setij3G4A9DjTGG/P/aQq9lLYvEeBxN0oxmBnww0YeLUoHT+04qxSH/5CShwZg26Ycep/43DMO1x3HH3fx4ijenfwmKhuAo=,iv:aZc6KMC2JaxEdKX3uOuSzJ6Bhfu0I77Yw+9t0z+ZI80=,tag:lQCZmxfq+Hp8G0JG/bjhVA==,type:str]",
"pgp": [
{
"created_at": "2026-01-09T13:48:11Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAxNIPrwgDPEUjt+06WWjvh+NYFfxkEdVPH+8o7O1GG/xS\nH+K3iviN+IPdvXeV5zDjHfARVpnnaT0GfH1yb9+4X8731bDPhZk4iYH/RTloByoL\nx+yRhBzo6YfWvLVBHDXuV0Ux5xWFlQmhAoUrsHeBycDmNCEoQV58igBNgHxROpHA\nwwWxkuAk2A6LQRIJkCd3q0FonES7G8Oi2sslYOqlsMzzfTS3OrZfc+y6vjjQshqn\nldZLjFogOPH6YJZe9r/LTaXqoY31t4ZeGKlH5ShfKui+e7va6pZy0X63iNmhLAfw\nccxIJVQCEf7DOtFdohKVrhpLD88nj2PIv618QFLgBW72Cyw0O1RPGRCQkwk0WGqN\nlzm/2MoStUlO/0/GvWi3KN46E1E0LR6FkAOEphxH7gB+1wiJpgnDCSWtR8ow1gOG\n/SNKb6xFD2haKZVl4DyioK6yiOQ2/tHEeYrIDhVfW3+KZ57zd6R5euhaK+QxABVW\niCNDaERqMvwWuwfBUif7g3V4CU1iTkQ6DHI8LbaVH4Vs+YwqGt21kpe/dcIiqtm1\nSNACM5mJ1Q1P7r8fM4i544IxFbl+LHijJzFTjTxdgkEsovwXbOVpWqVl5oQ8xVVx\nkd1FZuQmcNvsS9y1enK5kD3DUZzygvtZwKcKRohLyQV3T+ujUFAh8hhVUwmrRKKF\nAgwDC9FRLmchgYQBD/9AhPK/E4/cmSFSnUYpyvoRqlUhGtXzZMwTzRKjf5hRHyio\npjqJEND+UTIrIMy8rExBFiE39+7crsICG+k03Fawtmmw9Q5zXmhPFW1pD6g2zQcH\nMtGmg2BJBdXXcL6wuaaDaDUWVVhYw8iN9QaC6ma0/i92ZiH7T55D3+0MQeqSrDFx\nISjtg4xU8Vx/vHXayEHSuLzaqU2/5vnx0DUalqYUTE4f9eeaD9e1qLyoDBGRld3T\nHuAXdKulwL1YSKNBe2X9Y3kHlHzK48I5NfMy8NuTkMPUQ442ZZYD7mYM7J3kyjgH\n9DTRC7P2sfacE7f3i3Tnum0kwTEs6a8aeIR/BS+EDrPouKXuHevWLzbqB/pa9cfm\nU0yvZmcXOrLVXsjOKdgHzS2I2jGnbacza/FTkkjS4amDKq5kmkqeBkSol0//oDUR\n15sa+vEWDBFTdDZPvYZAKwndNkPy4prjOsXxHSpLa0oX+vT5UWdLvYy8P6av5Hk8\nNBDePCf/WhwIr3612n7kSBzEdh7HQTtPWapq31GaH7+vgZAw9hVWrWiIBuHf3j60\nN1zHfid7wMeFHqnRvT74vpM7ekvfVf2ab0XLpQmFMvMkZSj7gZllJsiA4TiAqgvg\ntANiOnPtZDr25GDogl+3b6uBEhmTmSi40D0te84zsT18yvZXbJhr23swRlo7cNJe\nAdAi5A4/stmMaLSzFoyt/FZL7+/lwOGmGHo6TMcr2b1UkLfA/c7r9udVnOJGuDFW\nau9MXji34BkREW2gzEaJBqOJ5RkaKB3TBxbl3c6FX0DsFoEINzALM1yJ/B6NbQ==\n=NwLj\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

57
hosds/nixos/x86_64-linux/hintbooth/secrets/adguardhome/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:5RdR6CvGBwaklSgiP0kmz/ShroIa1By7ZqgxKrnSGjHRyrzaeWGTuJmqKJM=,iv:D5UmcQkbRs8WVQUA8XpFCwLy8+O4+RoJLWOkHj0H7ss=,tag:feSuK9jW+wLeygqhKHycDw==,type:str]
sops:
age:
- recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMEM4alliWlBCT3VsbVA5
OGt5bmQvZW1TaUNkbWtFdzVGNDNpY0hBOVhzCm84TldYNHBrU01HMlBkbGNwZFAw
WVk0T3FycVRHUUNtM1pTYkQ4Qmw3RTgKLS0tIE9LUlNEVjJHOGVIK1RSMmRXUDF6
QlRKY1hRVzNTVXhESUd3OElXL2pBZXcKDWYoOzi2b4qeIbCVCfTj0lTW+OfbnsXB
8MugCHu7+b+ju0v/lUP66jDW9/2AH4PzHtCNHjsafyzr2qnW8HlOzA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWJXR2tYdEd4cTZsSi9l
Tm1pSC9pek5BakpEMlkwVTcrMlBuVzlXWUVrCmlnV0xJc25nL0twK3VCZ3FRK2x2
RW52Q1NxWUhTUGY0NnQ0WEhLMWxIcFUKLS0tIG83eVM0KzdLQ004aDRKNTYvdmVZ
d3ZOSStBMFpSU2ZjNWhFRkREQWlUdmcKggVvLy1mLYGf8084RQtlipS4+z4dfPsN
HZfid0srwYnezlQ5qOY8/HrDLWHEyuZ4xFZVi4n0k49qBpNwJdmvyQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-02T04:14:03Z"
mac: ENC[AES256_GCM,data:aA+oIq31QBla9hOpApaMeP7MFl/hI0kDjC1QyPkmexXuMB2pQJ6bBEmazreX2m2TPtHv1rtVUak7F6TbA+97IFb9EQFuAREi1Ca0xjz2eGVFQKu94qkS/FNemXTAkEZxC9LQ1TRqNXXNITehKUeIN65epuNbWqo+iOW0OHEXm/w=,iv:1NKL2PZBUDyHEIiB2ZpvTdCh9ZO+r8bPyJo+EO1PBmQ=,tag:5W9owm1Z+7O1CGVmH1afUw==,type:str]
pgp:
- created_at: "2026-01-02T21:12:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAmvkQ9V14f0BT/bNdFVZtTlY4yVon37CX32SZPUcHV7o8
Dya0sZd9tuVATSv79TnybscuNx95fkoZJwujBfAadexn2zY8zl1oEWEHx7p+8/mE
W8JbQAjbcbX9sNQYXc8kYJylBThmgNN/HXK7CGtgDFr9xnGzDBnDm/M31P1HwYBm
IdIQgFGErEt1K3xvw28Lk3tPuZLK3Y+H2Yna7RRF6K1blGJUvEnL6yFdA10/eFW7
8066mO26F2l5xFuktK0nNeniLHKa5VVYp8iM+JMhX38l0wiIi8pGyxo3uAjNpa0w
IfpCneEBe/yyaUPcWMjXmUG5LJe3kWUup8cSzvu01Z3W159/QsflxIMkIsklqhim
B2zuPdAlYsjjS/05DIHInN2IIB/rjADkQvXji1XYLhWJj4jxDeck/UIc6Q22TED+
autlbl8d/5sqyO5ghPpShF/s0vMTqUfpXZrDrbuyDFqCfwi0ahP03bUsv20ZEz6u
zG3K5HuXHh7ATSppwuMbcv7vcjF1tkbo6XhWZDv0rY0DFWqiYhnxWwlFlGLxf4zX
g6r7Ca/E/YXG/eOET6M9DxwHjj0D7u/ryAkCktqPL9w8oNGarZQ/xMx0+ocI3byc
Zvzlmd63BtgaGNSxH3stK29KN3ED8cDkG/JzAxCATWiUBBkqW/ga4sGZqtLlSO+F
AgwDC9FRLmchgYQBD/9JbFZie25PO2CyELlUWm5SmJcugT9SK/mIA2fe1PlA+Gnf
5z9iXraMSQchz4R1IoiixDhubwKeKp/auqhlOPvo58Lsi6iDR/WaLWabD+hcyAb1
ck/f/PUzTLhlLcfu18VPfXVzfnky3dX8P5aS0WMLAQblj2RaaiHxnPqf49kXSn3q
VSJ0pr0nEsPuWtoCkHUAwAJ8X5GPXN2OD4YbHsNaA9h2vrJAxNd5+HNsvg8JtI88
X/uMM7cWcaXcmNZOz166HUIPcJ5cabJ48Sv8sDfMPOcTiJkMiESBnRYTwdUcp08m
nGipSrUeW3pVOC1bGyukZb6sF84pTtCpqS+kOSfKFlxFFdAEcpzFIPuOMeo2dbKj
GSGPDemZFC2yFq883yk9/mZbgjOUsqrj0ZP3rCD5ZHpfUM5IxGQ+mKaOucTXYmif
lrTPMYnAc7pHxKZ87BgiKBYrfRAZvorLYKv8zG8YagAUw8iCtc68YUUdvLW9haQf
rwWCU1z+sszYSac7I57gfqICQhMUbs1n9S2Cn0C0xo4q2Lu36ysip4rEVGg6TmUu
znXYu+3orodw2TwC0tGxXHYKwmlr7EGnBCbdVKpDoCbV6cYkDYoPUFg0alqIPd5r
KCkee9MaCLLX7IdBrbLf1lkHGwSAs81GfZRMLBauM7/hn+hMUeIJnMbtJnVIB9Je
AdT2nSH06+POnjvxa2t0dUasnG/6ISBRSk6FgBBZ+pdVlrvaB4javgWGpiAWCUu6
b2CMZF3HullmLj+wwAKlsZsIOXGICN5GeQxLHYF8Kx7Doj68Owu/zGM5MS+7XQ==
=wYdb
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

57
hosds/nixos/x86_64-linux/hintbooth/secrets/nginx/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:3T0ZoPAs/OIkhdZlH171d9d2Ycxtp4WfI92pTBI3vRw7BVvEgQZKu5DCvbA=,iv:gsczaGwcI3JocOazMIEsgHFruEKDPxOTUQzx+rdCaio=,tag:/Sw7QsZ4fV+BMWdfcUevBA==,type:str]
sops:
age:
- recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySStkZDlPL3JYTFlYVXVD
VGx0U2xxeDNXcTdwaFZsRWZoblk5eEttZWtNCmJQa3NvUHNwYmFZUG8wMlNxWE8z
bkcvNTNhWnozV2Y4Wk1lZmhmMDdEZm8KLS0tIHBkalp0M0NuU3JQQ1FMRmJNQlJX
Zlo4akUyVW0yM3FLNG9jQnBHY1BQN2cK48vxR3pPY3LJlTIEx+dy3ZZRfwFyvQGe
EuUI7TuLa0ib8JnO287Ay4gp3GH38jtkGcux4yP5Q8eY/M9GNlEK8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTmFTbmNBWldmY2FGSThG
K1E5b1RTZE5NTll6WkZvbDhxaUk4d2N5bjNBCm04YkxSTE1FdFNFMGNFREtRbFVE
MHFuT1VONzUxcVdoK2kvUFRkc2xXbFkKLS0tIERlWE95MXVnVWk2Tk0xdG1EZUIy
cEdOaXNUQmt3KzUvZmRJWkpTdVpHdW8Kv64ZWzQbpmINagumpuHXscRf9stxO4Of
DSkGxFyLgq7yDg1iaiWy/mwxQZVw5i4ieR2+VDgi6Web2y6t81jayw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-03T05:23:18Z"
mac: ENC[AES256_GCM,data:u9N7GzLPDW7cHT4mkUAC9Diq1RdV5iSwcz/fqzXQKRmic09eVydAgyk2g6NbJ+4tBbAjIfeUch8Bhf5eG0sGzeDkb1qWAMEnP8EPmQ64OdRyN2SxJgxkc8KFGxkrGz9slS2ozWth6q/tKBSsOYbo8WDlCqXhmYp+zBxvYFR30Mg=,iv:HC1e2i0E7dV9/au+A0kHd+UXDhw3xf7RbTpwJI+hjpY=,tag:dPCDh9qalNtbHIhs//cBpg==,type:str]
pgp:
- created_at: "2026-01-04T23:02:15Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+OHyevGNQqVV8RMOgLxV7CSBCdzCgRiEyDt8/A2twNG1x
8lM5boYrVJowPbqd1EV2hfZ8gl3vvWhGMQdR96J+Mt1PWG/lok/Opf8Sdjl5hzpq
5AjNWz8p0NQ0e2UAGDuRXy+tjeMWKox86KVhxA/L3Td4S+jV5W+3zRSkRB7g1eIH
NJiyFe+jl29mSSABKk5TclzoB/GoojAkO+8iXsjMZYd3upHyQdriipQKkJJGEaxH
8fWBYcFB3H+3nMmwi6bz8xhUpOCpKzRbvwmqWYcendqINvDU/sQxQmxcqgMiluzQ
ocHNba+K//ptmtJHeL/8o69ljqk49A9mZ3ukRZZ9htWewv5n5T71majA/lJseGv7
tsAuKYTHlSkhOVzXuBnIaGrBgF3mB0ag+9/VIlBXCZpEMdjp3C9GJBUQuxoRSwbX
3oREyM97O/rtOo9JaqzqX63S59aHPwt83WH6dp2n2hcXF0tpYff3Esw9Vg3Uq+Fp
GCSjb4jFQTu25ZbpiiUaaFib+03Y6gGrnzU7W6460cxd4iZNEPGqE1refsQGYUPC
6L7R/mkT0SBtC/8lyOvuIpzYHiAkCqdLbrVTmBHUG+a4fIP16IilIFBh8haVKqY0
pgBDyLZDVwLzslp3AK+7pusU8STqCazFISe5GPQswwjwo+J3URmQKbCNHXVRyb2F
AgwDC9FRLmchgYQBD/94rHN8+Rqod5qxDxa0JR2ZYKSUBdzkkEqYnjp0efn/dY8x
m0WUQZEy+L4ZeAmFFL/mQ/Mxk7EW2Vghwy8j8tGTogJtVS7e0GYirKAHr6fgxxpa
5BoaUSK75xybQTzWe/CETfpRlDEFmYt/hwMldfCHXwnqZxXNVHj1MN2kVNFbPfwo
Ml8RYG8ZllyOVAVgXGsV6kiJp7jKblpuKCDQPkdbE1hFBed0SKW7olUtuBE4ho7Y
J1g1gXOAqAWud+crA21bA7Uow7ZYaC0/WzTY2PrgAuS6kpVx52uUj0xqMfK+/Cco
r+KFHleJL4b8pIsImsExJv6rDKFohC7E5n5XxLLorTXB6YYie8FkpvmbWK03j+hj
Q7xwFLKWYLlPGtdhe+YpL9yiwHWaQbGUjarVH0UAZgSwJCt1cZoiL6++dp1USb3N
aV9HS0Milhbseas9YjiSoVvBXrDYEnjShJ7uWOu3Rbh4hx7jvJijLPrPcd7cym+A
tjaxFFeD0mTEj1JcjVMk3fEN0wj++oY/l+piVvYvZWvMscq83Sb6CxxDprVw8xt0
sECqmgT0yVZrbDNpANwyWMXaHs5SZm5LaW7uDIcr0egkVA6Abn6twaR12660ptjm
mcv5K+ubzRomwxgzr/5NcwSg/k8qZ3WMfV/yuNsKIkHK2UI0y49SuBuCGGa1wtJe
AenE+Zn4xyF6cpEFXNKNXFDCy2fgHQrdiQ7XawrFAPJupn1JbGXg1gBN7yQI4YW+
BuVCb07GtuU/faiT7cIxUQ1nhc1alSE/edfqAPAPqxA/MXhoC7xT9vFmvUPAuw==
=moK4
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

22
hosds/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:jaTRcoqOd3SNxwmzAcsqWyuvhYO0YipQPH2K2SM5OxhWWlUHTWQXqXmuAy0+efNnZlC8xqUWIoU//XXzUq/b7Lhi9bv9WyP7aHLOQNLFZ50Rt3b7yidFA/mxcRo2ZuGUR9mGoP8e1VtiQVVuzZQbJWqTCKtxb8s1f35aZx6NjaqeBFogfhHPwsVPL0lWdaxW2aYj/iwWb65xaxhcXa5mWpYgzfvuTXCkABFhrPxYG+NZpCyG7lt8MWpJ3yYWE0OEr/1Fe0TNfBjp7cih1wvMGIBj9uZRoJWkVwn6T+nldf52WpHCRZCdLhsjXCzM5T0g6Jj1HHatiISYZY3KLVAYKj63nSS3GkHk+BfoiAnJROcE2Aak0w7Op2csbNrNz807kU0x1A3ccbc50PKOGPFAh3JaJJUc0K+pGaIZ+FJhpIT8UyfQ7/YA7CDIvQObI9X7idsWPeuU3YN8VifgsGPznLWHyIgaUW7QmUtH1+KJdO0lo68C13FFnzEoMUroxMoUdS9Bvo1ncC9cITOr3Iuvb9nWQyg+wemyTJ5AOIx7dBh81PxMBYJ3JOTmxiO8LZapyqSbNhcbpo/3Q3s8J2DhIzgR2Ty7EI2tFxoGbzvpzBpWf/c7/rWWO67YDCfmB618w31Phes0/TTK2gxjviH917Q=,iv:M+S2woApVJAglQmvr0X1ZNvezNNl/nvxKjADWWXLiGY=,tag:CT4zP0qyJtbWCBJqqS7F5w==,type:str]",
"sops": {
"age": [
{
"recipient": "age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc3VHa0p2MVdIdHRrbEVi\ndUwxMXA3cFpDODA0Z0MyUC9aemF4U2RXeUhrCmZjSDBLZ0twRk5rZG16blorQVVZ\nRE5SNE51bGlhYTVqcThFUVIvTWxwOW8KLS0tIEVHZ3Z6VVZHK2FUQWZQNVlOTkpL\nYUpNUSsyQllQL0lUa0FaODZiSjBDSk0KSJHdYoiOuma7YFjLpssAgw8BfBo5tl+o\nRvNt9rsXUlXEwMlcmYpkgUlsSAJnus+uE9AdBSvTyFRb9Wo696YFRg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-23T09:27:50Z",
"mac": "ENC[AES256_GCM,data:fuYSElvGFbFIdkQaTwNuXqaXxMuOmpT8moN9m/Yl+6u3e0sU9AMJLK95Azl0xffjScc79PAPXitILrK7gUwUdo4PvTpQo14IoSCzIQ4lcJFlrWXgn9dPFrc97iooMtBMk4hWmTzYL1mHkT/ab7NP3aE7j81N4HJcYwZqzVkdXaI=,iv:hpkTsdwJ+N/NVHEM5LdXC1iwZXT77OwZ+fM9mu3l3Bc=,tag:dxv4T9x9q8g8m5Imcurnag==,type:str]",
"pgp": [
{
"created_at": "2025-12-15T22:09:23Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAqmY5oZvXtdqhGl8COqgT8PIzArT5A8HbFwrG8Sz269wi\n7naQrwQnn3jugsUsaCQUHNBICe0xR0RO49e7YnuRN4WWaC7gdn4K9PDmTc5HLJQy\nzlVhvmrZhTHI94C1mLF0032idDgw+bvAb8a05pEuG6czghz1a7e+EMkskScRTlaI\nWKVhZ13vuXfo7dv4zL2SmP2crdrCk1gMJg3UYBBhcz3ql7qDVqV2B8MLgPtsTQIV\nDSktLAuuQTPwGke0wb7ajbea88CkGGTdDSB0NdXG6O/cskSULRxw6TtmCgL42Vqp\nnBbKfnK28y5ZXl9vLPZsLDM+T/E0qdR1nYloxL0kV0D/ESwX4dSyyRYglt9yZmAS\n2N4+7rpL0UwcmiWi/iQbOzZARVEREUlnTnX/5URFks4sQayL5Mk8gHMt/aCBvlPJ\nLWdp6owZVf8XM9e72TXOu+1NvXz0UxIC/sYObMReRQmkNf05r1nt8J71TOmtyEv7\noIURLjgeShNK7PbUoIIDe23xWiNuyEATXmw/MARbc/HSu3bHlUZO+Lx7LrQaQ8aI\n8yZC00WZDgsuOKIyPMNMWhvQOjP5bdLSdbLdtAqz2+d0hUw0PlIHXk4dOqOrkiai\nGjjgGG4OKrenkMDEPFKPW9zKvZbklglGI8mjZTFYwXIi7oILqI4AXcuHXHrFZSeF\nAgwDC9FRLmchgYQBD/wISMziWFXVsP3SRpgOO7WZY9extkRQZJd8veeHzhKPShfR\niIdON6j0SvGaKLb2zhyIIsxvb0HVrExysLyqLWyUvDMobS935jCNmHb5yo+FKMNz\nrZCxzt6vurRR9Cd3K9Z0RJkPrBQ/FyJQHQR2WMTlqXg/kXobR8ob3ix9pSh3/9L3\n3HVBvrOA8eXbajwGg/8FYmimO8zuckO5BYHdVTsHb4MpdcEINpxhBgO/STyUoKfC\nAg+IW1wW0YxQl1rlmuMkcYRFAOUE1zTrxSsA4UuhdyQ8UYF5LozM6qzNFXZYbH/W\nelKZUIUe96Ap+fXwsu4hgYoVUMzVyTO0C3ZqSqzrZmFHC5CR1EcnRowU1IAUNsGT\nmpUD4SKu9aqenr1kTxsDi0kd6i5XXHEXSQdKRgZd25ov/Q++MlDrkEp+/qK4S1wl\nZvXprBBx0aHhnIMtSV2hLgh1CVaMnaWQYn0rSjR7P4p0dd5pSfR8j4aJfn+ErN2q\nRlOpy9/r2n3yLs3lQ+GML3f2KMAlVaxY0UEu2muZQI5cjKvs/MjGVmcDeo8B50oo\nlF6SBdIMssR57D2J99aivmS3VDvyTg5ha9pvpQRDWA+LQYcDvkvRITVF4kOMeQ3t\noUF1C0ndRcr9k9fRJ95QicjpVHBj9soceYd3OgtgZJ+AX/0B3gkmejYyF/jAwdJc\nAWgbKZlvBzB2Hx+c0U30K91HjI+tpVH1ivEAAh+ogbLH3Ox2doUVis7syE4AMfoe\nCCC2K+2ODEYHdJxo4g5DtcTpZL3Xla0sdlSxn8OeIuJkuvMl3oxRI0Jr4rw=\n=2r0D\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

53
hosds/nixos/x86_64-linux/hintbooth/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,53 @@
wireguard-private-key: ENC[AES256_GCM,data:DBCK92h8mGxDshB5OIEbyUENc6a4jmvzKPvljUn50AM1I5vBm/bSTDRStIM=,iv:K/OiPnAlXNt3RqBiBiiZqIY8vqsIw0kmKE+aeeVhr+Q=,tag:eloCJ7yjI2tpHMxwNxZDDw==,type:str]
#ENC[AES256_GCM,data:3lP1BqtvBwyeOvq4K5HTaQ==,iv:j1xenUUIkyJDaeLlX7LGhjFdhNlfTXF6r6v2+XbJlOU=,tag:TsGKu6VfF6D8I2p4kb63/A==,type:comment]
#ENC[AES256_GCM,data:LItVBIEQVz0x8ZARRlMVRPa0vdEe1Kv0CZaEnauUWw3P+NZv6WZkXw0SjuW+k9oqlDOTPR6gQ0Aa4GoX51NRFFmtlCVU0YL/RmdfrC6nkSea2S5btXCG4pptSusmQx42Rn+RfttcLDIXBAOIDSA/kKiBYvDhsZe0XOHAzj7jTAshSeGlccEOUIs8SctS8b13OAiSs4ceuMRPz6J45f6RVKG6COgiUEav5U6RFa1ZOLv8A/EFsqOsEZ45aYqngLM0/7gZ5Wqwpft8a+7dLRmakUjTOxH+wtVn6CV7wItUJAoz6BjLR/jtDr9EUm/QesZSHhuxs3eu0iXPXzaQgUt5Qz2knxSvzsEKYUx5bPsNBSb4uWgG3b/vKzPUKKYP5CrOwvPxsqI=,iv:z1YrJmuMaiiQpAc8ajoa7A1GH5Z2D2holm3lBCiBqOU=,tag:ghl+1BN9Tyxpwr9KXre5jw==,type:comment]
#ENC[AES256_GCM,data:NmWQFYRt2QvzZSXUhOCBWtvjpCPo9bOlxEXjVJUVbV8JibPtiP+EJ7oOYEi0thi2SGVeqqbRyQTT9K/4KwmfB+TT34EPMfSxJJ/p6JbxtbVr7zcgcbD6yWdBmaxB8V0iMXK6m3SuhTKHQjUin8gkYkHeaCo60wWCv7qoUTWePP5LwS09o1to2ckSmiszm6kg0TF5TJpCcyMWzjfmE7r1Rd48A1Z6Gf/B8sbERe42K4FSF+NjKTJEMZNngvUyKuLKhwhqhh09pbt8/lSL+MjzwPvTlriDOb54ZmN14dRFDFfdmpdJKAPT48Vbl9mXRJZHzpaP5qOFOwq+Z3977pMRuOen/BaEZZOf/Yucp9lnzNSdUb3hx26Fn7rA4/AszyZpbFB8RAnw,iv:oIK0td0LJf1+6K5wlD6KkdP0HxB2bTTQ7tIfd560oOE=,tag:WuBa7peCY19021YyQparcg==,type:comment]
#ENC[AES256_GCM,data:R05LNs2Ga+spsXQbD60xSrIlCPERGPF3jjP8oNRPL+7RqJNqKAcS6/7tQrqO66Bqsj7ywuxADxie7OzkJhUYpl8grEHhO2Hsw2QA4vTHYdKtjpNxity3qG3KTUrTYsRmhGoiTeDxX+/BMOi3p2nmNZM/1TJ6o6CVO2rD2zz3dQJyKPS/6gbOyN44HTbJA0s00p/3lHvULoP/VIw53ehko+T3N4LUgpvrVQZ2LDodOtqnQUFKiJPUrZddAka5Wo0KRFNDsCz7Z5FgaWjqMeC0oZxidISbTAK207km/QyexhTGtOhu9vANvzej65fkOlhuQbUur3ZxcLdiLA6TStWJyonrH7EQnabNzzv1kSTXiNYG6TPdVb2CMj7P0SHThG9d0WvArh+n,iv:oBH5R5k2vgaBzwTVeUnjSScJC/E0yh3f9317sCAk1/U=,tag:TKwU80zceuH/Tsw8v9fq0w==,type:comment]
firezone-gateway-token: ENC[AES256_GCM,data:qucZ0VF/vR8Y7NNbXP15SZd95Vr3oYKx07JMtdfO9/bBWFEFTeC+0mFmTaNpedj+lWhgqJhtlIr/0S3drJ350iRsXWuRSis9Eiz8zz2OaqO88NOA8HP3h1UgSVG63pOkhmTpnXOezV/rK107ow0QfvlS+XLZYVni+xRZ6mDkle9q5tbmwDLQtuVZ5+BMHjLGpYezMtOUPZDeRw2+ywhYqbgHQ+n224Je144rGJYnn21mKxBRVD33Ei/ganmvh8IbRuwuB5kXlnc5Q21qBp9r81yReL+4Q0tdHNfmkyuS9LLuguaTTQlUTuwzrBCdIw7xM+9UDdsYXbdzhGPgIR3+dVjde+7k4nOZ71f7trw=,iv:wYD6ih5x4i+Z5Nj1zkQ1az0ie7qGyswpa+nuoiDbyPQ=,tag:AG9nOIuR8B7+eLr1XZOwQA==,type:str]
sops:
age:
- recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTzZxNUdxbWUzbkp5eDE4
a3NGaWwrRXZxaXRvTmJjQUZHZU5wY3FpTTNrCmNxN21hU0dBd2piZUNCNndNaUNo
K252RGYyWVpXanZiVGMveXRnc0ViOFEKLS0tIFQ1T0dXUjlYdUNOcXJYZzA2YmtN
YWlkK0xrclpXYTkxUXFiNGMxU1NnMGcKCZzLfTPjeeGxyD43dOGDYsQVsw24cyHI
jz0B9VV07p33OP448eLyLgwpVFaNG0q+hXPH+0fb3V3foBT2QSeuPA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-02T14:09:53Z"
mac: ENC[AES256_GCM,data:YnFSQiC/gucCsfrVgcle1d9WOkDDsXZdhDem+yBWOlTxE5S0I3iFrzz+xj6aMqPH0IeEZsw+aSfL7BnCHoamJbLk5xlZ2U6UH/DdM50lBFafNF7dd25J1ndFSCB7Py4FogNLARKf2a1HiV2W7A1Ph0n3xj1fYqu7K92u2aSLTOY=,iv:yhrNVMt/HfT00bWYIsUEckvwngzglbYnbfiXasQzEOA=,tag:NwRio/QrFk/XPvF3WZDbuQ==,type:str]
pgp:
- created_at: "2025-12-22T08:56:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/9E8KBoKOUyeIflZzmSriaoQ2/I0EnqKd9cLLFyqFFd4Gp
ZyOfaTqQE9/NWOG3KkG3iuHyCEdHjP14QolJDPPfuqjVnIkc0hKJ/TqwWb5OXurZ
hbkFZEYtuGWXGNugL0T/BnSUqXhd5sFBJueZD0LU7xBsmaDqMFlY//iheNEgq0RA
a3HeQL9gH4d1eUPje9XfcJ+onj9yYgejQ905ZIOAyrYTLVjnSc9HKJ3kz+rpin1J
2JHULBZEzigNiFXE2XmAatIM6PNBVJ21VL7CEPTt/qauRVHLsrz4PKcR/VMTzwJ/
A0hdMrYbYRKOL0rHDYyjpoeuKsUDNV0Gi//WQDXN9DGMREG5P4PH7+yPBcc+vgLK
E7B6RJcUFyuRh/n/KPGzKk1KX3KOQMjIKUaUGy7Ru91K8rG+/EH1ker6csDpe2aY
bYjtPnjiIvd/dR++JLALQJfCuFC6pUhGAC71Bchr4U2Rg+s9pRZBOYco7pJMJubd
rkt61MYFNpcZkyQ9mYAVCd13JcmoTsAtwmUkdU098tfCVA8sMRgFF1f2DK8iyRrq
jfh6pX1/UqFtOug8hElBJHMQkl9eAKla6COQeGtZC3LkxkKhkNLTcMLf4I5Tzf8o
ftxFw1eW4174Psg9vo+/T1zcOYQTVIUfnlPuK/oiCJIAWZ2U92HnCa9pwQe8nkSF
AgwDC9FRLmchgYQBD/4lFaFk9tlyBnTWY5yWJmpcV1gPSwLyeMnax/89/Nnixu1/
205CvMGEReFEQ4CDTp+WXwp7DA3PKqhg/hEq/x9cmH0kAkQg1n9QoJcd2UzDadfp
89ABsW5fBZJSLdHn3P06VIihe516GnsDA/KL88PdkYXpElgfqWXC8g2URKW6QeO5
j/XzOXDiMdO2+K37NcbwSQsMd0pc2BAJ4mmjvjm0aZe6ddF1917WYFkOZi09clNh
iYW8Vk4hmOkGqEO3zNjQkzZ6Ra9Cm4qr1BG7k+n4sxuwoae2T14/DlCSYh/llSTw
N25tWEeXeaAtQgVwoWYLrmSdCKYtxyACPrt6uEYaGE7wbXgBgCX91HuznlHiUvnG
uagiFMxr0x4G2Q+C8OuptKBneBcR6a21q3HaGdl/99F3fM7C2bvzv2y+ZScBP6fH
LvZjF/r3qrLONCqtaQ4Kw9LPzow8wMkCkshC7K0KNRq10ww7s9kbY8io4+QVLv3p
ZHbN+U+9BheVOAF8uX8V+OQfeFdp0VTbPZa7v1mLdbjshPNi7SEhlCjrtB8yqRtd
cl2tinqfWAosYt0xdUmH9uoY7bz9+BKIZ6FVl1huP2DEa5JAjnVItyLG+n2GpIqN
1SBaC/OCbJFawPmZgaWou+kxpLr7hu6kmPdCcdtHa4TYuanLkOTk0r0mztzhjNJe
Af5UVQLJJ7tduvLAB+vh/z91qgv0ftVDq4Kkr7Ma37OYAx4VzuHwEXNLKu2C6CwE
M7sp4ZglesyABMbOEhwxqg/kCYGS76kThwkrJfrgf82FgnMdUyYCMhhgy6iFow==
=izPI
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

62
hosds/nixos/x86_64-linux/hotel/default.nix Normal file
View file

@ -0,0 +1,62 @@
{ self, config, pkgs, lib, minimal, ... }:
let
mainUser = "demo";
in
{
imports = [
./hardware-configuration.nix
./disk-config.nix
{
_module.args.diskDevice = config.swarselsystems.rootDisk;
}
];
environment.variables = {
WLR_RENDERER_ALLOW_SOFTWARE = 1;
};
topology.self.interfaces."demo host" = { };
services.qemuGuest.enable = true;
boot = {
loader.systemd-boot.enable = lib.mkForce true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
};
networking = {
hostName = "hotel";
firewall.enable = true;
};
swarselmodules = {
server = {
network = lib.mkForce false;
diskEncryption = lib.mkForce false;
};
};
swarselsystems = {
info = "~SwarselSystems~ demo host";
wallpaper = self + /files/wallpaper/landscape/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "4G";
rootDisk = "/dev/vda";
isBtrfs = false;
inherit mainUser;
isLinux = true;
isPublic = true;
isNixos = true;
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
hotel = true;
minimal = true;
};
}

128
hosds/nixos/x86_64-linux/hotel/disk-config.nix Normal file
View file

@ -0,0 +1,128 @@
# NOTE: ... is needed because dikso passes diskoFile
{ lib
, pkgs
, config
, diskDevice ? config.swarselsystem.rootDisk
, ...
}:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = diskDevice;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
environment.systemPackages = [
pkgs.yubikey-manager
];
}

29
hosds/nixos/x86_64-linux/hotel/hardware-configuration.nix Normal file
View file

@ -0,0 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

2
hosds/nixos/x86_64-linux/hotel/options-home.nix Normal file
View file

@ -0,0 +1,2 @@
_:
{ }

2
hosds/nixos/x86_64-linux/hotel/options.nix Normal file
View file

@ -0,0 +1,2 @@
_:
{ }

21
hosds/nixos/x86_64-linux/pyramid/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ self, inputs, ... }:
{
imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
./disk-config.nix
./hardware-configuration.nix
# "${self}/modules-clone/nixos/optional/amdcpu.nix"
# "${self}/modules-clone/nixos/optional/amdgpu.nix"
# "${self}/modules-clone/nixos/optional/framework.nix"
# "${self}/modules-clone/nixos/optional/gaming.nix"
"${self}/modules-clone/nixos/optional/hibernation.nix"
# "${self}/modules-clone/nixos/optional/nswitch-rcm.nix"
# "${self}/modules-clone/nixos/optional/virtualbox.nix"
# "${self}/modules/nixos/optional/work.nix"
# "${self}/modules/nixos/optional/niri.nix"
# "${self}/modules/nixos/optional/noctalia.nix"
];
}

81
hosds/nixos/x86_64-linux/pyramid/disk-config.nix Normal file
View file

@ -0,0 +1,81 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
name = "cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
settings = { crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10" ]; };
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "subvol=home" "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "subvol=persist" "compress=zstd" "noatime" ];
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [ "subvol=log" "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/swap";
swap.swapfile.size = "64G";
};
};
};
};
};
};
};
};
};
};
fileSystems = {
"/persist".neededForBoot = true;
"/home".neededForBoot = true;
"/".neededForBoot = true; # this is ok because this is not a impermanence host
"/var/log".neededForBoot = true;
};
}

86
hosds/nixos/x86_64-linux/pyramid/hardware-configuration.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
# Fix Wlan after suspend or Hibernate
# environment.etc."systemd/system-sleep/fix-wifi.sh".source =
# pkgs.writeShellScript "fix-wifi.sh" ''
# case $1/$2 in
# pre/*)
# ${pkgs.kmod}/bin/modprobe -r mt7921e mt792x_lib mt76
# echo 1 > /sys/bus/pci/devices/0000:04:00.0/remove
# ;;
# post/*)
# ${pkgs.kmod}/bin/modprobe mt7921e
# echo 1 > /sys/bus/pci/rescan
# ;;
# esac
# '';
boot = {
# kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
# kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" ];
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"cryptd"
"usbhid"
"sd_mod"
"r8152"
"drm"
"drm_kms_helper"
"ttm"
"gpu_sched"
];
# allow to remote build on arm (needed for moonside)
kernelModules = [ "sg" ];
luks.devices."cryptroot" = {
# improve performance on ssds
bypassWorkqueues = true;
preLVM = true;
# crypttabExtraOpts = ["fido2-device=auto"];
};
};
kernelModules = [ "amdgpu" "kvm-amd" ];
kernelParams = [
# deep sleep is discontinued by amd
# "mem_sleep_default=deep"
# supposedly, this helps save power on laptops
# in reality (at least on this model), this just generate excessive heat on the CPUs
# "amd_pstate=passive"
# Fix screen flickering issue at the cost of battery life (disable PSR and PSR-SU, keep PR enabled)
# TODO: figure out if this is worth it
# test PSR/PR state with 'sudo grep '' /sys/kernel/debug/dri/0000*/eDP-2/*_capability'
# ref:
# https://old.reddit.com/r/framework/comments/1goh7hc/anyone_else_get_this_screen_flickering_issue/
# https://www.reddit.com/r/NixOS/comments/1hjruq1/graphics_corruption_on_kernel_6125_and_up/
# https://gitlab.freedesktop.org/drm/amd/-/issues/3797
"amdgpu.dcdebugmask=0x410"
];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp196s0f3u1c2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
hosds/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc Normal file
View file

File diff suppressed because one or more lines are too long

48
hosds/nixos/x86_64-linux/pyramid/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,48 @@
home-wireguard-client-private-key: ENC[AES256_GCM,data:YL/nP4DGGjVc0wRrbJ0x+iyJfdqhE90Ws92QBl/lr3RnJzA+stcz0ey/Rk4=,iv:Ek/RVzDpcT7fqVh7OnNc9QXD3Tk/2bm6vSQDA38j+DI=,tag:G2dSpA3KZmbKAfIN+2d45w==,type:str]
sops:
age:
- recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcVdIU1MwTlQrVlRMbDkw
WXZlclBlYmp4elMrTkFPZHRpMGlGZXBDNWc4CkliYkNuTnNuZzRieGlvSHV3SCs1
S1Nmb0VJaVd4MFQzTU5XVVBuQldIVzQKLS0tIFpGUjNaSy93MDVQVEFvbXZzQnJp
Z1AzcVZpVlQ0WU9pNDNoTXoyR1RGUEEK0dfAegOiBXCnLakgBtWCYb7+hDqWFYUK
rXlXTBtICLgSzLWTtPbSVzrrZgT0SAM6vnLO/iNfAIXZlxjeOZrP8w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T10:37:12Z"
mac: ENC[AES256_GCM,data:RcvRagYaFGwMwrV63tffmYcA/m1GRjXpefR8Ab65jaldcWjfERiCWLFha9aQ1QlWUgSvCWbgC9/zFJkBBca1qVIvLOK1+nkI/ZjQ5rdUOJaP7mukLC3tcm+5f0Fe+GjTCDHGIZd/dUgkF+xVhN2XnFW1ExzRRt6q4a4pKvL6Ml0=,iv:EISJGqa2hQfjpu0X5wMJNZXzv0Loejj0Eb6kosXjU64=,tag:S81dIphr1rqQSO8jAZCABQ==,type:str]
pgp:
- created_at: "2025-12-02T14:59:04Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAlcSjeRYoj2Hhff3PbKtUdIisAyRHtX84+m5BYeRmcx5k
gwMmitFaYQO9IL8EJHXfwIlx+7gubTCHKVDEIJPT6+jwNjWPvdvRSdmelY+xIhPE
rISqzUlbpKdkhRco0vKNX1bqfLWPqcWPREyHLg0WsnPJjAmNHNz3GKDnqFJG4tip
CDMTp16dJWAnGF9uCPDZ6CcpuP7U4CHDBH5KcGnZFJoZg0VvQhqW1uTwmqI99j5G
pB54n/nhCuNbL2vktBZQp+vrwiykb4+1rZw+CcK2awcD2Ugk0d/7KieRSxRIKEbW
COIkJRxXkc3JbLjdVIZBQGUSNTtjG3Q6pUaPuECUhb+5SyUDIpiUmpR+/3iIitjo
OY+1nDWji5Q2d0BSkoRFiH9KeZn65vduQyEQRX6B0yrElBNk7etkvPdJ3bGoJ2WX
Qwlkx0YP+a2dwEtvlKav2D6aJ+uCH2MTAVVL6wEK5a6s2QYkc39qpGhzRv83nbsU
Bp0QnJ6ZSjf/C5fAealZldXO1ZDIDpbH5xObaanrYgZ5ufnUl2Q1sKUXNljTYigB
tN5z28AiDeV/INr7e1tPV+C6RtHDYi5Rxo9lfoehvdAWkbfdl/iucV2LkwWTKFLO
istGzbaxnPtJmlx6FXq+fk6g3GQcPvuv64ZqnIv76VclWcPZDYUK/EU87LAO8NiF
AgwDC9FRLmchgYQBD/4maY4LhehaKtNMt6r331YjlsnZxcv/4L5zJRc43XLeJJjf
3xjU+TZ9RvjwsTaJ4bTeoVxu8OkFgugvRVhp9sQuu/tGfWbCpn3hWIxebivarQdI
7L0SkuHg1Die2g3YqdbpDIzvnLueSvuNDJNmyUgekR8TdWJ0A/pwl/poAu8nZgtw
hiIXBdLt5xEUOihXVJwYIoHu8yjL6aZttDyZfHuDDTcCwXdqYqMHyTYmcNdGakrl
DG+x2TgsJMtipvYHT4WqcVtOYlVAH4VfgxfmcWvEIXT5u1ZpizntFqGAgsTwQwCS
vs8vbZ5WFqQTYZL2t1U0cX7ExWWdY7LZ+ap3uZ5/2R2VkT+FdplRz12DsobWMP9z
mjveWhiZx1TPa1rf5pigcvtFSQLllrLhS79Per37EoGUArS9iM6Iyhd9avHAqNTp
ywZnJ5JpQKVDeRsMZfpoKdN/C/wqSAl6O6NQX06aY3EIYvxKF8h6qK7u/4WdlVd5
Ml4Yn18HyeTkbz616TlMLlGQMNuloDc+XVORVutVphvxI50faIwi4I4q06+7+yuX
A87uJatXS8K20mDkzygP/j+T3eSzEMB69mPLo+cbhOfcmk29x7Sg5pf/JYAOuYMS
XGlIpa/VmqHOVcbD32sm2/M3AOgZBz3D2Tr2tI2JyK4ZqW/7AIFYNhnv7siTXNJe
AXNBE4bU/FRXGOH4vOqoVFvBwYOd7Jlr8QnMpFQuBDMz/408lkIojd5njvLsu/4n
qE0HKP9Sq3XY8dP4012GbkN9U/m/ca2oqVUy7rrEhGc1gLddlISHMMjNa7GsBw==
=fGF1
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.10.2

111
hosds/nixos/x86_64-linux/summers/default.nix Normal file
View file

@ -0,0 +1,111 @@
{ self, config, inputs, lib, minimal, confLib, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
"${self}/modules/nixos/optional/systemd-networkd-server-home.nix"
"${self}/modules/nixos/optional/microvm-host.nix"
];
topology.self = {
interfaces = {
"lan" = { };
"bmc" = { };
};
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
hardware.enableRedistributableFirmware = true;
swarselsystems = {
info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
flakePath = "/root/.dotfiles";
isImpermanence = true;
isSecureBoot = true;
isCrypted = true;
isBtrfs = true;
isLinux = true;
isNixos = true;
isSwap = false;
proxyHost = "twothreetunnel";
writeGlobalNetworks = false;
networkKernelModules = [ "igb" ];
rootDisk = "/dev/disk/by-id/ata-TS120GMTS420S_J024880123";
withMicroVMs = true;
localVLANs = [ "services" "home" ]; # devices is only provided on interface for bmc
initrdVLAN = "home";
server = {
wireguard.interfaces = {
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
wgHome = {
isClient = true;
serverName = "hintbooth";
};
};
restic.targets = {
SwarselState = {
repository = config.repo.secrets.local.resticRepoState;
# nextcloud stores all data in state dir and has no data that needs backup
paths = lib.map (guest: "/Vault/guests/${guest}/state") (builtins.filter (name: name != "nextcloud") (builtins.attrNames config.guests));
};
SwarselStorage = {
repository = config.repo.secrets.local.resticRepoStorage;
paths = [
"/Vault/Eternor/Pictures"
"/Vault/Eternor/Documents/paperless"
];
};
};
};
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = true;
};
swarselmodules.server = {
wireguard = true;
restic = true;
podman = true;
opkssh = true;
};
guests = lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
{ }
// confLib.mkMicrovm "ankisync" { withZfs = true; }
// confLib.mkMicrovm "atuin" { withZfs = true; }
// confLib.mkMicrovm "audio" { withZfs = true; eternorPaths = [ "Music" ]; }
// confLib.mkMicrovm "firefly" { withZfs = true; }
// confLib.mkMicrovm "forgejo" { withZfs = true; }
// confLib.mkMicrovm "freshrss" { withZfs = true; }
// confLib.mkMicrovm "homebox" { withZfs = true; }
// confLib.mkMicrovm "immich" { withZfs = true; eternorPaths = [ "Pictures" ]; }
// confLib.mkMicrovm "jellyfin" { withZfs = true; eternorPaths = [ "Videos" ]; }
// confLib.mkMicrovm "kanidm" { withZfs = true; }
// confLib.mkMicrovm "kavita" { withZfs = true; eternorPaths = [ "Books" ]; }
// confLib.mkMicrovm "koillection" { withZfs = true; }
// confLib.mkMicrovm "matrix" { withZfs = true; }
// confLib.mkMicrovm "monitoring" { withZfs = true; }
// confLib.mkMicrovm "nextcloud" { withZfs = true; }
// confLib.mkMicrovm "paperless" { withZfs = true; eternorPaths = [ "Documents" ]; }
// confLib.mkMicrovm "radicale" { withZfs = true; }
// confLib.mkMicrovm "storage" { withZfs = true; eternorPaths = [ "Books" "Videos" "Music" "Pictures" "Software" "Documents" ]; }
// confLib.mkMicrovm "transmission" { withZfs = true; eternorPaths = [ "Books" "Videos" "Music" "Software" ]; }
);
networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "bmc" ];
}

118
hosds/nixos/x86_64-linux/summers/disk-config.nix Normal file
View file

@ -0,0 +1,118 @@
{ lib, config, ... }:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = config.swarselsystems.rootDisk;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
}

42
hosds/nixos/x86_64-linux/summers/guests/ankisync/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
ankisync = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/atuin/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
atuin = true;
};
}

44
hosds/nixos/x86_64-linux/summers/guests/audio/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 4;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
navidrome = true;
spotifyd = true;
mpd = true;
};
}

44
hosds/nixos/x86_64-linux/summers/guests/firefly/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 3;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
firefly-iii = true;
nginx = true;
acme = false;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/forgejo/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
forgejo = true;
};
}

44
hosds/nixos/x86_64-linux/summers/guests/freshrss/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 3;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
freshrss = true;
nginx = true;
acme = false;
};
}

22
hosds/nixos/x86_64-linux/summers/guests/guest1/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/modules/nixos/optional/microvm-guest.nix"
];
swarselsystems = {
info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = false;
};
microvm = {
mem = 1024 * 4;
vcpu = 2;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/homebox/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
homebox = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/immich/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 16;
vcpu = 14;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
immich = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/jellyfin/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 3;
vcpu = 4;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
jellyfin = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/kanidm/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 4;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
kanidm = true;
};
}

43
hosds/nixos/x86_64-linux/summers/guests/kavita/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
kavita = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/koillection/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
koillection = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/matrix/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 6;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
matrix = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/monitoring/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 3;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
grafana = true;
};
}

44
hosds/nixos/x86_64-linux/summers/guests/nextcloud/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 3;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
nextcloud = true;
nginx = true;
acme = false;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/paperless/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 8;
vcpu = 4;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
paperless = true;
};
}

42
hosds/nixos/x86_64-linux/summers/guests/radicale/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 1;
vcpu = 1;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
radicale = true;
};
}

43
hosds/nixos/x86_64-linux/summers/guests/storage/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 4;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
nfs = true;
syncthing = true;
};
}

38
hosds/nixos/x86_64-linux/summers/guests/transmission/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
swarselsystems = {
isMicroVM = true;
isImpermanence = true;
server = {
wireguard.interfaces = {
wgHome = {
isClient = true;
serverName = "hintbooth";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
microvm = {
mem = 1024 * 4;
vcpu = 2;
};
swarselprofiles = {
microvm = true;
};
swarselmodules.server = {
transmission = true;
};
}

28
hosds/nixos/x86_64-linux/summers/hardware-configuration.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "Vault" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

58
hosds/nixos/x86_64-linux/summers/secrets/ankisync/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:oJkwX64LSXAaGXvEKbK5UPVtgFbFZSh9EQD3s634fUR155TT7yxI2YcHd1U=,iv:y666pwtBDTF7DMWx4vJu65VEBnuPBDCirGeVkntmVyQ=,tag:OZR6wxla3YYEZ2KtNbKnDw==,type:str]
anki-pw: ENC[AES256_GCM,data:CVZxqubgfojCeA0=,iv:Ux7k27srI1bMh3nBlGGkuimcJkKkmkjaNBph0X0o5vM=,tag:yUfVrCl1srD1V+3wXSbFug==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmVIbWc3UzNvQmU5b0cz
Qy9wWjU2MlJQNWNFVlgrVEpJNE12SmJLL3hvCjhZN1JURjVBZVE0R2IwbXhtaGxI
c1U1MlJBMkdWRXRVM3cyUFdCQ3hrTHcKLS0tIGlFZE9Cc05qT0M2cXBRZHZ3L0lm
eWUxa0pZN0hyTjQxRWdzWlBjblh5ak0KmVuGpc7DA+6XZdxJDwHYrJeqs/2fMEUq
w9KscmTXOdWOjIQjexhvhUdKT3eodSEK8MD21K9ebdbyo6fht+xMyQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kyue7mfvzuxprjz2g6ulz2mxlr57rgzg6lfpnrqedkelehley5ls3enwsd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdlBYTnQ5NTZSd3V0enFr
QjhCbFNDYks4OGpYVnlsd2oyQWVNZm9raUhzCndCNUpiUytOVTFkT1E3bjZkSk1J
enNpZXBwWlpIMHRKSmo3cHNJaFJLVDQKLS0tIDFyQTcxV3Z5WXpPWU9yZVRabW5u
OSt4dklrQWphdDBvZmtTaHc3MVlQeUUKJJD3xPgCRNqqFxPTENXfUU0CP7Jtc4m8
gJFyP/XmwC0aGNpU0iQbuBYh74m/0n3dWa39kT0RDuAVxg/dfWtSMw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:02:47Z"
mac: ENC[AES256_GCM,data:bZ0SeyqYFrtn5P5lkuK1aVTKxoMVpN3+CHnvMFp+bIYW3eoDTEAey7otLh8psqS+0r9KnbsDTODTfVn2fX4xmRCI2bchflcJ/O6bnGhFjx0dVlmQXVzZg8LJe4+qvFxdGbwh5yXJnE503wdF5xN6xuvOBLa0Z5yOIsmd+X8c63c=,iv:8BXVbteOxr8ZA5Lo0sGN6JhFZF96gdwy2RjLMgfWPbg=,tag:pBCPHAUeleUaOCMJgGjx+w==,type:str]
pgp:
- created_at: "2026-01-12T22:05:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAvuxf0dkraa6xeMfzFlVXfzr0UB8Uz67oh9WrQ+HKIOJr
tFBvGqQn2jxMr1cQxfYLmiqDqcMCKkRUoTde+tlweguea2NlviHdie9cZe9BPFel
iz10v2cfGXLv608deaIxHPoXvr11YDm74EtXI3Jhh9q8WIsjjmH3sg/Aa92Y8P+1
Bgc5lPI5lgtyQMUDTiJhLWTH05yfhSMZIbgemB3snxPY7gQS7IJ7a2j3smg/Yb+k
9SFFl4l3D7Aml6K5ZHpAh1fgZmJWGev7qXMwii86g2B+tyY99cwgThlEKqHiTBHF
RaPo4oMHQ3UjHpOjwgD22wKunL3WJWJONA81ACInkyzPJza21CNtEqNLdElWymVF
IrK5oDDTEYlOfbDWFaJlAGAueTnZgHMMp6wDmLzmzkUDSfTYMoMiMoi9CzN878R2
QA0CXa+8Jjks+lNqmzreoZjJN+Iwip3ojDo9oK7afx8cS+Gat5rU0oBY3lzUJkVU
9Qo1Z5Td2AGUlrVVvpKDZ1BGuNpNgGVQjOLwysBfv2rFTCWE6feZXQS/He1sz+9C
n4+tHppw8DQMLcjGKOcWFQKooy23SJC6ozvEhV59nKU0S4WXsMIJBaAH9N7yGw+p
+gSZvRLELJyAy4rS73+JKDozxKd1D3m64HdkxCGky9P30kuNvz6AYHLD3Bp+OLKF
AgwDC9FRLmchgYQBD/4pMJqUXAs1grPDANrJULEH7LIRQEK6O+7FyBSrQvXgFICx
Cxagn5ErwDLxbJ6Wkx8vW8hfZ++N3eSVQz2UWMemvWxcakgR6HoAHGtjsmydSzAI
qMHuKTrap2hHRqAKW49R8/9ZVkAP8IitmhsVRw6HGNjMTAh2t9yNXM6yBFIwbKXH
y6LTrLjJ+MmFY2UvkqIx2qFZhgdn7AzNbHriGmE2vSAGC8HVNTIfymuEleNLciRV
l8uoUn81E5NC7OAokCAvBX5CjO3sG8ZP0+wqkax4F1xdiNo+piD5QEx3HbP+fQpH
hUFiw5ZBBMn8LZLTv8HlBXP2GkkaYUO00yjDxkFsws9PrJOs/h/pYi8olaFX5OF+
o6cuM370tHyXC160aCOKGS5miED6yceT8ixWgj0E4jqyO4WP3RlBiu9OTOsz0J4X
ylFAHdT6Dzlx8q4G5GfjWtHXIjhcR4qOquCI/mk8WkVDDCaOXplme8Ja/EnGT/cj
KEqjebGOINZRW3e1Ip/QAzwXwxM34ZNo6ltBkPGe+QmYIpZVYpQ12mepItduaGXc
LmUxJMODx2p+sgEyZi9lyIFMq/Ny+VifZQ6ux68jPOTq7Act3JRs7irlg5W2BCps
iT/6YnGLvmQMMpEaGtN1QIuXNvpR0QxL0+5x3AxT/eu+3FXuzVDBmb2w3dpq+dJe
Ad1Ft708DUYEAjf05YPsNsS1RycS1rz+WBCx+4bku59v2EHLupK6N2jrXDJbA1YQ
F0RZ8HESgLy6SSZltZaTNfcT4dz5/RFJ2hmk7WRrhzs9k1bX9N8vdYPuc43fhg==
=HCKN
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

57
hosds/nixos/x86_64-linux/summers/secrets/atuin/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:CBL7h5Ip5Fp5tnY0Cg5iRC2MKlPjh6DG9BRVHbD6wuTO/EAV7O/OpSXxxG0=,iv:WnBTR+0GwmUO++JhMd/2alVuIPhXBT50Qwc7Z9umVC0=,tag:4j5ieGF0gedQUD8SWBEQ7g==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLb3VuQTBmWXNrSkVQcGZy
bWlSRDdmdUVGYVJ5d1Awc2orMHc0VDdTUDBBCi9ncWU4NWd5R0pqMStvb09NR0Nr
NTlNc3R3YnNmUm5XU01jVmd6OE8vZG8KLS0tIFNqa2xtVk5zWmJTZC9BbGFLQzN1
aDNGUWo3Z1grUkJqbGlhV3pvNTNVREEKEito29fzKN6Gqzp2z0ZSfeTmYXnvTJGL
CZOLeeXMuaUf0jRD2hZnAJgGpglMjM4rIpEBvwCBHAUUN2/Nh1ONkA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qpgj3ell93rzkpjq0ezs6t669ds3nyxx67pj50smx597pspz6fqs4jc6pt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwb1Z2cVNjVHNINkMwZVhm
c2dVUHRicWJBV0k3dU11QnpLUVk0c05FV1VNCkUvRS9yNml6SjczMGF6c3A1VWtY
cjlTNGl0NkZmNXFKWmRVU1ZlZFdKTk0KLS0tIHo4TmxrYm5scEdjQ1V0RXVHYmFy
bjE0WUoydVRRWDRHRkJtTEtGSHZVRDAKhsuhfBoI1I7pi/DBs4pMSiNzZ3qa23IH
Px5rvj3lMqvBuUHUhKaYIKEs4haNW7lKdVTQt2KZLZ6SUwAhmKZqLA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:32Z"
mac: ENC[AES256_GCM,data:TQWNPos7lbjMFN3w8gMUBdik0YqMjW6Wa0qBPHwrnnJZvpOJqzKBmKK4boHD/7kvrOD3yo7RKdp/n2gAJBa0+atSdV6LLf8gFBPOHFa6YWEu2adOjtayDetQiCy8G9ygjC4x/RDt25SUC/+UbgeKuoMKsjN2lOZFe+/zwAYpF0A=,iv:6l9Ev9WQZQMrLhC26z6ydBmbBtQJpJHBM/s97X6I3hk=,tag:QTQVTjOz+R19xWgWOfWC2A==,type:str]
pgp:
- created_at: "2026-01-12T22:05:18Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAxBmEq+L+C7Oq0wjXp5pWt76/ItnTLuvY2LryA17mhIzj
9g3/dAtwD1nUlWPVku7uEC+bBgb1N5jNMgo+D/9gpgT7xTwLBPP6lTdZDOlcLr+F
DF/IDuFJ7nMIbKQ9Q50wuGxppV+OscmYhOYZO4Q1VYydaVFiOa7zcwOQk9a9w09S
l67YN5FYU8jk6S6RDq60+kOHtMIIgo4321QBgq8bQtzpdz6ikQXZG12zfG0R6wqT
66JiBF2e/EfAdWN92yZtDCfsDOosxmKnz1HNe8thHKOAAN2xXyV0lSKgJ5X80Wuf
WGb9vLKpyl3tkAqf6RLumvZjTm3CY1YAifEuNmvxLL1JKvr2dOatnfV8EurpDji9
N4RTjDAdSZPKVzzv5bL7BzeJjlIT0zKP96IkmAGFCpMhrrQVL+qxs0Ov+xzYR6uu
bQc38cvIdE3xYclY6dMLwdBpAyb9uij0nb9p/wuNmLYkV1c1tOcErwq80Uban3v5
YgQ6MaJ6sNYSQNDApxZpsdLi7TG25Pm9rDM4OCbUXIyD6CrHuI/S4kfoCAOv/CcI
1SCmQIhqkc+tc4bRYSA3vnZ6pRDCzMI16xI4rc1D1gH0Kk5d8eeFtwICKFPh7IAH
p1mfDbkMg/P7yXuXh779YWUzT/p18Z8PErCvVIp5YldF0TMGjlDOTFVZw0HvHFqF
AgwDC9FRLmchgYQBD/wM5Jz6VXbgn52zZ4FN9JNRW6tapuWy7HDmlOrZSMmWPmeX
5VVDjHZ2o53J21jI/Mm4QZsoKE9+C2JTFDFIOvDeGzrvGF+VTE2EdNGLtU9HzjwK
0mFnSo0GzSoo6UtrhdI6E6Fa/NjoUXI7n7A8m4Zg87Iq+UrVmiT/DKC9+7dV2zWg
JqZIHmGMItvNTuoUcMZmYG1AQt7dke1eE8cmGyxROLRz+z4laB54pBTIlN30p9Cj
0f+vqetUwYchZm/Zu8FRPAxD/+WNLmVb08CGU1uO98aE5e6dcglGGX3qlmJZXdbS
XIwTUGEtnQfwDE1FdHdzJGmvnnNUqGRP1/Ld3GMUOcQkqiJa4qgeb///oVBqd6uh
Kfr52CPVariPIfuUVs0nlfNZMnbgo0vN7ri3Thn+IVfIuV4IBp2GXnilbzKyoyOj
q+xDuz6GkUt5bNFAzh/e+xTvXC353F3MBrxuwJ1bQ67mhEUsDwjf2AO1biejLelK
nYID80VWhSFlvmLXuwJpuB87D4CiwqMJeFwzK128VYjxk6I9p4H/4vmhGhkIDqRB
t+vzjK9eTFXdUGz1TJAiIjE3DcQHJpfMfIoVbVOamfROGlPu97owiDGFonQf3XWm
Rgwowom3qmEL17zziCqAQ7i0YxYVo4322vI/IC7u42JZjs9AK3vJdm2Vo5iCkNJe
AVLhenywDkZRvIfNlz5HdV/HdNAl8VvOWoDZGADwTM5r/n9d/6CQkk2whE/uGrMT
i5NaKF8Zgv1CteuAPiXsZsIZsqW5W7neOFeYwToaQT5mOLM5UD9Ev2NZh9RzOQ==
=FbVY
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

25
hosds/nixos/x86_64-linux/summers/secrets/audio/pii.nix.enc Normal file
View file

@ -0,0 +1,25 @@
{
"data": "ENC[AES256_GCM,data:wIROKHVWuV052x4k858oCq+xZnub2DyGwVWEKbw5lwvIbat7q7GXawrYlX2owKXaPUBGjOmktOHdXIlal2TVvO1+9cXleYtcEXBsK7ifSfxTmLzDa3aOR9c2jqFehvxUlZ0NdFcAbvy4dAi+I8Olt/29gruDmRYZGXLUb129FeO2ugdzpNL2nAg9SAR5p+QWpo86TwwUFf2Lsil0YBBtMgdVVjcPHk2CP+BnZM3PNNqh+m1fU09BNpwTyXw0nEsL7L2eMYm3bjP/A72WqJckugdX0etN9ohqs1DdunQyuYnfOeMVMYlPQKQ=,iv:O4rR6PXzF5gflvcez4kjdPr718wDOacAhxVVMvZFKQo=,tag:n4xVVTe42NiUx7Gj/52mwQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwajBWMFFQNGkxMk1SVFI2\nakJnNVErdEEyNmliRVBwZ2tYUXNKeUVRU3cwCmhWSm5MbWlBaWRYRzNXODJ0QVhH\ndjNOVkNFdlZ2VmlMTVJmQzk2MmUzc2MKLS0tIHlCalVTaE0zODlzdUlWK1lHWU1L\nVm4xWllJeStzekwyMVlqdWxhY3J4NVkKgFf+DpK5+ChVdS9Mz7Xi5/8hk+IH0BrW\n6rMWdhK4uq4leM2b9UjJf9JJSQFj5/ZDmC+WF2naewVFwjM9B5rQZw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRTBWTi9yOU1icTFpbnR4\nKy9ES1FpbE5Gb1FTekE0aHVyYWdFTE1GUDFnClpCeDA3RnBtYzV6YlhRaEkzYjIv\nQW1GZHJ4b01ReFIvbGpmU2hMMkxXYjgKLS0tIG5tZEx5V1BnQjdIdE1sODhhOHor\nbFZmSy9Ya0FlMEtxcXRtUGNlU2VjZkkK4/ejnIqhbdC8BSDVrW2uw/Xrxh/lzX5N\nB15g52lsvdCbIrUdHzdXQwOQuqBfQ67sHpUZxCHoJvojQuc/dwB8qA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-08T08:04:51Z",
"mac": "ENC[AES256_GCM,data:xEn7TvlAZnYUuWOoI6e5gB5lNYC+xAmmRNdPis+2m/AGNhH+++c/hu5xfLTqYOMXfs1QhD50Y93xXCT9C60J38cFRjnSO86NGB8hITYLVVBVMCd5LIhYoAhUnwg1+6bZ+gTjvY+sseh7WJ1dbfLMa7liWwtpKEY2PbioekKOnjc=,iv:X7O1YAaFkB/+aKd+EP3HK9JHJeLb6jRTCkVKLoaNlW8=,tag:hydcLTO6vj6TIS29maniaQ==,type:str]",
"pgp": [
{
"created_at": "2026-01-08T08:04:26Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/9E5jKJGSxjC4tTGfMXcn7y0WeP6ieFqFUev+wKhv2Ko8Y\noODbbdmsv+lGF2RfgAnOUdZ5TlKxueMg3npLlSRDxCPretpkOaEjxwuhTkRK69O+\nZUClaiL/LAg7iVq8LSo/gDH4w1ObXPB/wuSguMuEqaVyqJNqIbOU+kKCy+jSMwoH\nc+65puznN5jUYd4mPKgoY0mLMYxuK+RBmRWMwDwLmRvm2ZjOqx/mgv1zdb7LZOfX\n4z5XRFfNMPV1qUo0tGC/KBxAXKie13qJu5diAZTWaqlf0s+rhZWCVdqlyEWmI00m\nUeArRnw+23uSKQgHOJ7dlqNiSCRdoKtcH1XjyQNfGMTYinnWQBSvHYuA5K6mTsEL\nQ+flp3jLj3AxlIPn4cV9KX5nZtRluSlnA2V3oY4U3amsFeJ1GhJ8+veNxd4YcIyj\n2ZY8lLfCS9saVf2tAWBdKjvhbLD9k3pTUXLNrbknAZjoVzqkkujUfmkg6oOyb4JK\nO1Q5h5EFlRyIs281iWR0u3kLyhA3Xi5s1NZWSGd51E9Kaf1y8wfGMK4xC1r0zBAQ\nMwOJcrNjlNQGfKdANkWfjnOC1RmGELJ9MoKR6TBDhtamShrdNRatFWxsPo7FX2MT\nzy2xWPx/yi/bbjjj98hyiKI6n7Osan/DQuxC17B/5FghjTXjO8QxY6ueF3Bj4l+F\nAgwDC9FRLmchgYQBD/0QnAEJRsUnyknJ+csmzHaLzYOVPXNcEaftkMLDFSrtFT5V\n2TLARxyBaOWCdszX1VnMNrlLfdMLzGO7oX2GnwDrR/K2e0m2RZ/Nj7InWFhatLUS\nkCdrqkeJmOTNVqN67jycCKthfiSp12sYjR/Ib1l8Yelf8NlVr51ULUlonaRcP7ji\nXr4UNlg+012M5sosE2HRx1f92dQWv9we9t5ZQz/y9RaDnOlx5jgFkOzbTt/JSYHK\nEoYNLfvzebwwsfuZU9++Q0TEcAQGJ0vGoqx6ijb8fHZ6dlV/PLZv2G2aFpr7A2bI\nXhgBT0e1HPR/UsLy+iqInjTNELL1DX37DPYrwCgMMQqtCuFOhm0PvHxWNHKHXYLo\nMKN5dnapaNTKbjaZxBjCEv/PGWkiYo8Ho3HAPrI5XAfGfvOQQfpNQI/vdFZ2YxjX\ncw/waW2gPkDz0UlsUeAo1FzFsu1esz7P1BIX4Xm8v+dplZqTv9rZ6o7qed+0vka/\nWIdHvYgcaSgvzhz6W0NQqGcOLaOX8pqYJ72ioEjuwXZjAaY+/ZVkoYeFHAa8Ujzd\nRvv7nYA3WQknaOeUALruaOXZUMT2fpxNylRYaGZ9sEgXbyTh7TI5x1QssTJoNGmI\nxYA/d04CAVGBvqMMT0n0TL/QIdAMfyO7iKNhcjaakgQi3CMwYxMRq/NkgZJxQ9Je\nAeG/i9KsMknPTDNndFNOO/omjosqhEOA+FxeWWbT+FHdtxvPbVvKHBt9+CBIYDru\nOca/A/eslrtYbiJkBaGzrZtskPi+opIf6Nrn417B8fl4q8QtaFK4ndq5B2YYbQ==\n=XdD+\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

58
hosds/nixos/x86_64-linux/summers/secrets/audio/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:9elXuNwaA1gJ/KtVnlkFbovrDGmPUfiUAlzejwRzUlCL1nL5klXsjn5BUWY=,iv:38u4rFzoidMYBhEs4xXeeJH5RgnpRqdKKjbuVU3d1bA=,tag:HJqn/RqdSh5zDyxwBYST2A==,type:str]
mpd-pw: ENC[AES256_GCM,data:prKWr8XWo2jc3DBwqMcplwS5tUadHx4RWQ==,iv:jmUj+89dCc3cHjejikTfYIXlEI1K2/Uy3uSxzcx0wbk=,tag:/hXqt2ZH9pU0IY0gMmPl+g==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkVFhPK0tVanQza3ZRZFRV
dVppUzJxeDF0T3Q1bVhwRG5LUUxjNmJuYkEwCkIwaW43WUJQeGhIZU9na3J5VGdv
MUZkT0c3TjhleEkxT1pTYXJEZlk5WUEKLS0tIHprTm9OUGVBbHVCVG5LcXdiRitO
WmNEZVAzb0Z3VmlJdUY2MmoxcS9FcGsKWX4LJd/06YtoplqG3gnXdn8Q3T/TXELM
WxGx8O0tFwCSWsW1qenMWtmHc4hA5edhdgpNY0Qng1KKc/8/IKibtQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f63r2klnpfxmntswz5xydpa75ckgjqcs2yzkm0msqwqgz9aqgu0qwzr659
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5eUkrL1Bja2g2TDAzZkpr
Wm1IalhEdWNlTUxyd1lqL21pNWtZZmVhTUJFCll2V2ZTYjd3Z01vT3NQTTBpMk1Q
cGV5MjVuQjg0N3VvSzB5OEZnUzJDOVkKLS0tIG1hWCs0K0ptQ0N1WkFPNGNnRVJo
dC9HZnJuUGF1TElMckhTNS90VzBxVTQKt9wAUfJRc7fFLwzOiPN5ilDCY/nl1DPL
0KGjEPHfATki2sq7pIjAeY7J2LWwdnxLT4/mdj0xCltPB4zCpvEFqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:00:54Z"
mac: ENC[AES256_GCM,data:QMkeCVeiq7+b4ft6ykag3VO5FDqIQp0hsBTnSEduYiA0FIR4QYmDhGVHUipUSZH/xllflxMv/CXNQqtW852LWWy8PXn7GzEXn3nEjRBZi89sEOoh03I6SfQMDWYR5wjKBy1hL7e8dZfEGONZobViM7U9YynEFqYpkvd1fK97DB4=,iv:MbchKNzaDBMF/YbBxkEUwxA0Uc/+fju4dgl/28trVV8=,tag:VwfuskgULOyBdJmJ2LCVxg==,type:str]
pgp:
- created_at: "2026-01-12T22:05:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/8CK6XOO+aso5SPpmPytXSyMW0D2GPtsQGloehxIeSWcSC
oUKgC4PuiTB3RBKIrYkySo3a/5esJoCvB9U2oShIf8ONHHvdrqIU6+gl5n/4LcOo
V7vCy2qYs2qZkch/4KRQYDUsBbGomoEoOVachvrI5EQLViBcZ67JUiaX2vlrmycU
udDehrw9BeHWLPZ3B2cmVH4IH3ylZqFtU8xzV770IKqdCirbv5c/Rz8XynpIqKZv
dzzXIjVvWp/n0C9nLuNWj2XYFTSSDE//k3hXQ6zDXnuAM6/1tlp8Ym0/CxpRe1cf
rx2XKa41J3Tq6kJK5d+BKY2TzC9rimO2DAvvDe1dPYofQd/YGmXMII71j3xSitsm
MCyR9X4fA+MiY89kf+keAg/UggvyBPitbimvUJXiuDuSRdkMxPnpP7cNYnzPdyy+
DK6nqujDsw0JvRGyP/vvMk50hmniJTVtJtg5g6VOrfZ8wVN/8lHqe75oTy4nr2Ai
/0vKWMw78K8xsD/Sok1T9KDquov5DpLz0r8HnbfpRShSOzHOsFAgAjJrVjTeDMuy
9ZayxRVv9TLw5SDUmeCJsiiYjzySHKxw42qAVBb8XDRMTZXWoDczG0qtTpB6HhJj
ZNBpOTttnaKJDz8Njsdw36zEJnxtyRWGeR35g38ikrzaKJTUvRPx0f91D/o4kZCF
AgwDC9FRLmchgYQBEADLSYEbTJgmYy8eE5ut8SldIpx0FNlZ50cDsbX3SB7H0+Lh
nEhy8TFRm9nj0Hu839EpnmS7fydlV+ba+NztIFk7NvrDt6vsf2gETO1NJbOrGv2X
iDIX1fuSZPO0MGdX4Jtj3tgSbT3LR62mLZBwdDl45PaT27E1Kf/2N8FYcZVsU/Fw
CFxngjVm8vngjBMOBLRumG3LOzgL+AUMjfJNrIkPwCqrfvBfuAZR8QQbpnqbIMFn
Qko/qYQKT0Q7+Gc5VC6nqITuG1UegDTolKFKncr0CG+tV6ydvvMpp7GYhDv2iFrS
GK+Lc2QHnS1uzb7gWoEbemwirJ9jax1Vs51pTwH6JuxMux4CKx2V5xDhvjKqbutM
l7qGVJdfnfe7uooP9mPZMoyhbm1rzkQzN1yXkkEVl8v9QMNpCTSC/Z3WSJdhnXTT
WCz3XgOZNld8xfyP/DvmBOSIx1ywhVxPiWPcMRU/bQMFwKrapmDqEeOCT8cm8yMt
FIpBxzD/DO6qgcegWPgNPhs4GYrIxRIBUloinvDPDj1qPX0wAk/4LVm8UTG32Mo/
oyBVWu6Z+OpqfOJqIjapRwpYcaZj3GPgJR7qt6JK+uSSHQZQdBdhXtBCdIivlRjs
qkn7YZqLYC1Xfo9XbC9aQDZNAaQcxxM4bMMJCkJiTN76kIl35XLG9ggUff8ncdJe
AbcUeV780SsPhEVmokT8Dl2QwJ9ndA5IVoYue7SA4/Aaj/iy0nlMMUSWi0xzoB+d
Ztu27YrQwkHeFSoVeePm7kNScQsz63mByZn8s8n1Cu9gKO+Klo7ewMLgjkhPfQ==
=WLga
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

58
hosds/nixos/x86_64-linux/summers/secrets/firefly/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:PGK3JHj/xacJgxx6Ubwz/3bQlE2hYQXM6A2LvGlI+MeRzdLErTcZ4m0jJKw=,iv:fvDsmOJGvKzfoLhJzx6kab5S2kPQ+YwB4sXG+I4baRk=,tag:i7hHSnUA2n5fj4YK0L+9jQ==,type:str]
firefly-iii-app-key: ENC[AES256_GCM,data:Wu/gr1vzVcRXm96hTvSO9bIRsvZ//2ZsTVJ9igrPU1h5dGV0fkI4rwQfb+5zhy4f56Na,iv:5+c0DYC0qVNRQMwibCpWfN/ZIiDUTtjXhKuZxMq+qs8=,tag:Jx2axAZr95/EqvH2gl+rYA==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWkVMY3FMV2poVW4yMkpP
OE9idHFvd3RxOVM5QVp6RU15R01ocVpZalh3CjRuWGRwektMa0kvZ21ucXRCTnFL
TStZSHdLOUhjS2FZYkNJU3dZalhkT2sKLS0tIEhpRTBMVjZzcHBjYkdnMFhxYUZR
YVhteGpyM0szc3hFOGdlOG4zTzVPVEEKij1r1aB2Z1aSN7kYB+ZS7GExkSOzv6NJ
AdMEkwaO3v0zdPh1CM+4d4MwTDhtwUoRwkBjN8sbCPrPozp7wZz+gQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age17328xwk0z3znalpmma5rvp0lt5ghn5p8xfvnrtdxwsw80dqysacqj9j37q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYkFhWjlucDByY2U5M2R0
THZhNGZOTEdwRW4rR2hqQ0t1anBydnpzaXhnCkZZbmt2MEZSSjdwUkxKVVlaNUpr
Qkp4OUVVd05jZEc1dSsxdXpZV2lSQkEKLS0tIHlNMzNlK2xVcVJVSVBlTGxtWUND
MU9HcURLQXJVVnhUbkozRUNYZDdjU3MKXGFS875yubuu5HJE5Iu1QMzdSM3BsnkH
YytEKFSIXQ+8Seu6lYSkGvdHgE3V7AQ8iamtWbO2Q7/6tUBw8EQ78w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:02:26Z"
mac: ENC[AES256_GCM,data:lqey6BT0Wf/manMLp7LyApRqtnerCHrPndo3w/9i3GBkpWeas9JLx6+sXZFdodc3tLjA00FF0MLm0sjDSWSz3fDfSclVNEYWUdrspH9W0a6p95GAdclJARna9ncVG2pn+Hk1QoD5EjEhvOayz2A7e3yIO2aBh8U6coc21h9L0lo=,iv:n68z6eL9UYI28eBJzYe+1QLOfkE4Fba69VgOCnFVELg=,tag:a6jli1+cn8s0Mlg65sVy8w==,type:str]
pgp:
- created_at: "2026-01-12T22:05:21Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAmUd73XL+lkM83C7ysNjtPbfHXiTVLUu1rgd9zyfM0iiY
yZ+t0FbgQ9fiRTz7myrry/EYTVo7iCWZGS+v6qYfXvOdQfRdn+0///VHZS3iL60+
V3/idjs5029dpxQg47FS1DzwKs/Vyz8VEJz7ppOHFsuwE3Mb90+W0dccfXqE/MG9
wCfidUaP2CQVtjcLQRUSpk7kAUONZF81nWQfLcR0jJA00hlyjNKftKTasEPouiWB
QbkDkvTLYZg+2PbCx7r648BlWlR+7gDhjanDZi40i+CarmUD2zutscza9hx8H6JA
1PzYZ2BgW/A8Dogtmy6iJ5INB4Eyd9FiIr/CG4wizWbB6a/0QY8V9+iAI4aflvoU
6/HQ/BYSgqd/C+NjlNAXBBEjSXhrFbtEo1K1Sb0Z+Q2OKK19sJrrv8shGl0gtUi2
xSbVUUff2KnIWrX7tpNdveAkpX2Bs1ijzHxnQOVTwJyKetUoxVZB3ir3JnWqTfkF
XQwcJawvzwN7wHRIasBUh+FdZZSDsM9ujApKJiNKRz4ZIFaoallV95+YyU5cl00Y
g2wVfDgXdwnBQQKxa0NqNC+DGdEKc9Tfv01nz90rlbEUmTBKWD+sZGm/rsq4NV7c
yBqy6hLkE516wT0F6Z0osMtW8RmTARx2ayv1glwdRVTo9Qs8RkDxjRmy/r0/2dKF
AgwDC9FRLmchgYQBEACGlxYcVJzuJZn+oSMxRtirnpFNeKOgvlbgc5Jy/HmCQBge
I/h7QEaevr0XSmPc311OekXOWIVF6JOf6HJQsN0W6oU5uo7fXecqpEG5WqVQjouJ
+sVxcPAZVGbbhTycf9VXySilGXFbCbiM8nBHYF5VrCTrRYpnmJBnJ1qJ2qfzG+4C
Iys2UQHymHfumz5qj28VDv/j+DTn0ZbYEbIE9vhhtYngzXOBYkPdOX8YsWkQvGB8
AhCO4OMGNbisIjufc6TTrVO2edqt2JcacXrSzOHj5lNpGqpK45a9lDKjm5eQAO2V
SJu5MPC5S9lLn4SjzHGMQBAr5WFH9GcftWs0WIPrPqJxRVXQt/av/fBMrnsoI0K8
XEfyfOL56KcG95xnXFJzcgQJ1RnXAQzGPVv3fPvA39EyHDUu2VM4hN167+Y8Jgns
Iaxb2xMl1qXB6dUD/8mpyCzXdsp5JtK4jPGfOk6A2Uj4EWALbTpGhcGuPJ59Qe23
Aao0N5Q6NU0EGzzgHMu4S+VMWk91Tol9tIgYCf80aXB30lQ1lFoXWhnItg7jrm81
a1f+f25UKyDPQBMFmNwbmp4xjEsFqOTvGJJ1K3lI1OCGNnCeKuonpcBZlH2FovLi
c9+P8rvmmzucTndDt41ywXNaSqDl0yB+Qu/rTG4ov/17Y0vZ9sUn2kDJlfEtbdJe
AfHjxuXT9nVKeWi93hFn1Gea7oOXMeh18KqBMS440ZiymFrR5EPadXSTtQiK/LyX
6VdwX+N/bGLdwMN+AQ3hMe/q5XtwaXle1MGTFqFdG6OjHlQDLgxng5gAP3k+5A==
=18JY
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

58
hosds/nixos/x86_64-linux/summers/secrets/forgejo/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:2/usWvtboQJ3Yc5ixT/7ZUvk74aZqYr7ZUZVE78jvlSZzfsMrXWjWxC0Bug=,iv:4nwdd+4Cr2Kjbia/5s0f2C1O6vyaBxQR8TUSKyAqJhA=,tag:ymJLP2d6SGgVsw52S7q6uA==,type:str]
kanidm-forgejo-client: ENC[AES256_GCM,data:0S2Wt2/hP8e5qMXgI2cM3GApWoQ9pEHwiA==,iv:Utq8Q1LWk0TefpcwhSvXrulrgslCSnPanGGHSMPi/pA=,tag:ou/1y+DtFi/z4P54zzZ2Uw==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZmZSdzdjUm1wRlo2aEgz
QVU5VHp4OGJsZmZaaTJOOURlczgvd21oM0RvCndQM2ZHMXNNQ2dnc2tNU2RLcFRx
UDlUZlBTdmZSR3dRNXNxRHc2a3cwdmMKLS0tIFZLYjlQdUIyTjM3SEluUVFyMTFE
Ly9qUUFqYXpDSGVrN2VkYmEvUkQ3clUKpgrTAWRPGuwyZL1PGVBhskPLxXt/j3Ez
iCEGbfAhrVeXRZuX/KXhjzefrjfrAq8ClZqdLatWF19L9lrVU8ytDg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qdzkn6v3xhrfjwe8jxz3945dhyyhevwal0narjtr8whf9y7nh3wsn524u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaT2EwNlBDMHBXSEhNam9W
WTAzWlNxTHNoSm1ZcGZaV2liN2E0b3UvcUNnCkNOQmxXMHZveDgzVFAzL3NLRm1M
ZlBVUCtpUjJ0ZzFEL3N6Njk1VTlFUDQKLS0tIDRKRTdHcUJyRUZ4RDZHN3ZTWXZT
Nms2RkhTMmJyVlA0WWI1Y2Q2ZHpXV3MKQKvjzOvay04EATmgojC72aqbhq83c7jA
0guRoaULHaszycMsqICteNRn+tdLBh8L6EHXZC1GlJzm0e9WMeAOsw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:03:05Z"
mac: ENC[AES256_GCM,data:Ko12SPrZ65B+T8JIERI8a08uN87wwVndIweIxbr+TkcEsRyLCPziB8tMsTGtDIZkTG7dJywT/SeZ9gqnMgiH9mvsk7Uqi0hrmEf65fsqCVGTOi17DBRGS2rwbXkEmT3xiSL2LSe6+9rjlZ5B9ZUfO3hdhw+jy7rSdcaLu7R8LL0=,iv:GPBDabdBLbCYuKr//XlC578Mpw9LGJ/gM1etek/PtWI=,tag:5/qXhTCHxiCRka4N2qYVzw==,type:str]
pgp:
- created_at: "2026-01-12T22:05:22Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//WFYndpAApuPwCK8Xotduipm1kp1m9/7oy5q3l+WDHR2N
RYQyVUPYSlqzLRfRd65xgy18MHZwUP8iavWU0cnKNveB2c82rMtMRrLU1mvHPTBQ
XmLkSDAepqhbcMcXfVpOQEDjcesIKNMqLiiZtmcOPFcT2RvoyCovx3EKxlvPd4R4
0CGiAiApgxz2XSOLoalzHF85p3I0/Sfvf/V9CfZ/oB199PCYF4qlPzq9Xn4D28qT
67EglnxyFY4esd+9/QRt3B/5RRmzVK4Cc3+JxFO47V+PbkFo+GvF6tv8eUakzCI0
Dn04VvLsQ9HhaZsjLU8WoX0GRrLjDD/1TaLmM+JFV6c97fN3IBGBSKZTdjOt55ZR
F/oAS8W6aOuqPSr4PaHEOgpzLwpu8IHZ4FNzjeHAGYlK8QjRGpq8Jm/Lz8A9Buy5
XLS47JspVFLIU9FaWzOBHn6IIkewG/b3fM1kA51f3OFP6RprQ1OvX5g98epW8Eea
M/wFdVMU6HXS8FLAhQZ8Sll5iO0SYyzDM/tgXpXBo5/gjU17Ry1vkzJqQyWmuYWI
UqqxzHnOq/eUJIiXS8Qgkxo/WgMAEEJxLfH+KALzO/KD5PsIRmriSXVGJysXP3lY
tiJPouhDTt4+lapMjipV1bH4kHPoPlfr9fY0t7YSf7NOC5mDNqqTjSYMZXY8UKiF
AgwDC9FRLmchgYQBD/0ccxFMrAOMz4eXqQQXwTf2/nJh7Xz7GxgdhbiPprKDVSoq
mcnnyMfHTAFahRYdCczU0sIj9uX5CVZuSSCv/PqjeSZb+L3ib24EhF+TxgqEPRer
XruneHFK9yu1Y1h++3Li/77DKKDObnqgCZGrdKSgIuakkK2Ki6b9gcaTKLZN5Wmh
tE7zpYQcnRxGW3GdQAuOShsfPZqEO2YIzIecitodPxPaO8PzqTZRhoRclmL91MDT
MtthC4ik7MDEV9nz8oV/u4pqf1j+xJZ23u96Kl4KkowIK7rSE1OYU4onw2mKXgNR
FS+3xqw/BFXgXMkXW+F9GyGPZkxCWuztZozIh9UyCiOErpzPDG/5Hy7v6BzzKaJQ
YMlukdhUw3B9ciB86lKoJSgiZpHeU2J8LZ649lGQXNlplEZnWOkyWWS0/g1Bt2VC
B5egnFOA2ueFGWg1VUzKcIFq/DsqMOXnUMh63KuQrAIovuQnYLyDavGt2Il1LVHj
tiVE5svsFd3o9JyUE8YcP0VDKTcbr/kVJHYA3o+7fLtUD6TEdiQxp3Z/ZPHdCftE
o9t80iekS8k5TYOJ79XWlGw7o+Ip9Zh4G+NpHmKLZaLGrnEFuBMnDRVUsU0CxG0S
ZgUbjLwcX4QxdBEKEgnDip2ink1IdciSlNBpYX6btRt2EPDz6bxISGsI5kTKZtJe
AV6D7C/OYyDUPCfT8WlcDfF/hGiSnf5NWeIlZQ+g1DOuEYDt2jztNFhziVvhsQoO
VEC3iYgq28WyTrQog+3F/ktu4x883js1bbtFZ/b6o9ZM8oKbfuYtUO0v/7CmCg==
=5YlB
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

25
hosds/nixos/x86_64-linux/summers/secrets/freshrss/pii.nix.enc Normal file
View file

@ -0,0 +1,25 @@
{
"data": "ENC[AES256_GCM,data:tGnvFaZgx1Gi59DYlV/4+VswuvBY5K/XN6yomaFk9AnsslowtKAPKHyH5dM5rqe0n+Ua7kI=,iv:qwXybQUGanHXQXzDU+jJn/FI5mmi+PNUOCTsh97tmDg=,tag:jQtXaFNJL5jeTtSodMCmiA==,type:str]",
"sops": {
"age": [
{
"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TXJSbjhWcnVqaWlKV2M2\nQ2lNUW0ySkh2TFdLblhmMWxuWXhJSndFc0ZvCmkrRnBxT3VRc1JoQzMzWUVHMTlr\nc0N0R3R6SzVwOHYwQXI0eFVOakdQWlkKLS0tIHcrMXBBS0lRTzN3Nk5YaUhxOFk1\nS3FpRXFQRTBNL3hRMTdlSlFXSUdSQ0kK3OhWMXUSPhfADCmiuRfsIv+GJ0SY0sar\nVchVKmqPjGg+ALF/krwjaIcE2zrlK2tsngGja2rO5vZ8YS5BFzVQ0g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeEV3YXJqaCtoTUtVNzho\nNk9Dbmd2bmNXTUx2VS9rNzVhTmR4WEM2Q3hBCmo4QnlMN0ZuUHRvUjhZTHdET1o2\nTmw3TUZTMEVCMGpja01TSGRCTTExY1UKLS0tIFAzTDIwRHplNHFyMkVmUjVxNjNL\nWTQ3YWRkVnJoWGRucTJHaXpHMUN3VkkKFWSY1u7Ksv7SO04f0pzRYSk0GWz0lvXv\na3Pd+lGrH0q3CX1i7beq587bNgqxTdDlWzsSQSAxWkacqwb1eB3KAA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-08T08:05:49Z",
"mac": "ENC[AES256_GCM,data:sIUIH1PfvCnm2nlmUOCHX/CihlLTcNP6PWCRH3tqpwS13uYF1DHv7Km0DiZJ48YOBbCiXNwEVzCttem+BXCvi0eDkqUasAIjBOmWBp+W9Z8bnDk5luztxLeb6OKqO5/8rrR+bXgb5Z3cRiV4VquVMA0nOkHq4f7HvQ3UyTWtJTs=,iv:hmKYcWSfdnI+mjUvH6zO1PP/wDj04H454arzROjs/tE=,tag:zY+CBOj2DNRhKNkdwnYhPw==,type:str]",
"pgp": [
{
"created_at": "2026-01-08T08:05:35Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAmEfso+foaYdccWYWrumexWByHdZHdC2PzyiIWWUIddY2\neXifkUu4/x5lI2eRrAGqUTJqbtwlMloq4uUcZChkTRXhOv7NLLstnE6PAfhsCOOq\nG76DjeI3cVQnFdIP7krTHPyZYBrk/iq2KAh91EDYQnmBBKy8RT77/b0tzyJgpKOp\nIs1YqMQfP6RQJeDJXFGJy+KljTsyn6lxRjQ9Fa8N+UmbZjX8QW8ZNU+Za9J/r+5u\nlznZ/V02jB2tRpOOnJSORrLMy7mIMBN6j08hbb5T2dcHQUTnz9VEJx10FTHCY43I\nMFGzt6Etv1Pd/TkGQILlY6goIeyTzvlfa2Kd+M0N5YzA64MBhOHCJ00yB3rIAy0R\n5a6BWl6t9zlU+YxMTaC0bZdclBp9E/4uDJBVHWcWTRHKgiYndFbIq0uc+FUSQnXQ\ndXM7f6wSLOR0Gk8pUXSGyoi8rTYri5DKyVeRg6H0JddIkEKMLBx7UD9Z1u9kFpTE\nqlJuYip+95DSr7UbE3WSuoFmX+ZHv2XCK+rW9k8MNYu9EY2VbE+dmHCytITpdrlU\nJyAHfIvzteRm9Ub5KyYkZU8O2ARfP7V49p4IGZDVPM42IcERbpmYUORi83e3VlWt\nllYrORH/l4qYLd6LPQJVhPOguNlHk5GomWo5ozd1AQWmLXbX9E7uG+zvo3QVAgqF\nAgwDC9FRLmchgYQBD/0S7E4be6vcAb9P9WfwPWiYR2SGa5qZCGsgnXmroAYft3yc\nxFM0T/NP8Q2sFT4DU8rn06jBQnKG9sb7hIfMTOTbBzrERQEPwNOOlhRMesM7DlIi\nHG5VTvkYk1k3akYjk5L9WCE7GMU6ZUb93K3DamESt1bxwdRm/UwrcgdbEu8YHX4c\nm7rLg9T/f4OVojMh/gKZ9RrwkpZE+d769FSOql42gTLheYjGWarntE9TMFZGnOZ3\n5KTvl8AfZwN+j7/LIu/6EtMhvmHy4UHNR4wiadY1ONQ1hlPPapBbFdayy6ap1azb\nK4e1vYFOj+8FnDO0TUGidZM7JUoOSb039Tc6lcI6qc5dtusQTJyD6kBX7BJq+mgU\nCDbgMjmLdSU8d4nTHB1KWZimIDoGvste0+sF6f4cBHfYW+QzqPikYlw8TdZvRQ/1\n3Q01dEgg7LrgNBjMSUZvfaYYkcSz+Uqkhs0vq65XLmAMfGKIvqFrqPSjRuJ5vQV7\nByrRj+rL36th/3Jew25sBbR4RIjo4otfSWIga10epijVs+14D2g6c+bKPf3vk6ZF\nT04KP80pLpk7zTlYJI1OqxJFLMiONZs5LxHdfNSMFGw9euHuODQVPKZBE5c52KhQ\nn05tWLkOBzyiiAd50fzaVQxa628VBhCHFlIG75ZC+wCgV+urFasooBRoUhxAntJe\nAYhJ1fiT5W/vhYZy8AVDnidVPv6EpZ4DwF7E4wm0rx/Vy/np2jXiavraMGEL/m4/\nM62snldKaZgGFc6K8DTZdbrGBGySZ2LvAP8QYNGckQ5CW/5CiCCS+NEqEVKhZw==\n=FEUR\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

60
hosds/nixos/x86_64-linux/summers/secrets/freshrss/secrets.yaml Normal file
View file

@ -0,0 +1,60 @@
wireguard-private-key: ENC[AES256_GCM,data:NrUaY1DMA+fOLEZ9kPJmrCIHUDZxg46XFjcxTkt2Y11WOTl1ky4BYEXElgI=,iv:VAPVXRtIsHQX2DitGwy24dK+9zq2IY0nL7BuZvl8xXw=,tag:bKC4BGI3CDl7qhM80ak0GA==,type:str]
freshrss-pw: ENC[AES256_GCM,data:nOwhGTTUN9tJkU8=,iv:6urp7o0LewW2yQep6LGEWUn7jxk92pLClOwWyT416R0=,tag:5V0xDwwjeEdIlaU0qNJ9nw==,type:str]
freshrss-oidc-crypto-key: ENC[AES256_GCM,data:nEoIHlKXpgKlJ1iFKLUdb6QVcU8fMRoZ+oghGlrnH1q39HjBrNrzmA==,iv:7LWlVkeaviBlsU6aEevF/icHgROR4uThxCD59txUmTM=,tag:P/+UQHHz+t8BckaWhjKYig==,type:str]
kanidm-freshrss-client: ENC[AES256_GCM,data:BTPaUyI7qrBpiB+0zQKJw9odT0fRLc+zFg==,iv:9u25+thsHm+0Ganm0z5QtsgFBGccpAIPQa0aYqqHkXA=,tag:cgCvMIs7jUMe7QiDPznbtA==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCclk0UDk1MDhkWXZZUGxM
Zkg4SVdpWmYwZGx1QW1uVWYzU1JZWUgzcVFvCml4RjBydWk0cUVaUkVhWENYSE1G
RC9pTHdPRzBNOEVSdUZnWWthQjFxajQKLS0tIDBtOHlxRTJTRENIMGR5SmUrTWpZ
RElERUIxWW1NZkdLa3M5ZkQrMkFuWTAKODsEiS7hjvztH4YYkiK8Fr4Do+wbroun
5SGawFG8NmN8P0WWVURKpDDafP4plVHj5YOkoAZJXgo0NyoOLsXjmA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1etgfym5m8hn3hxs6cgg757zcv5zg5n22wq38fuq59n7qk7nef5uqyg6vvs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUW4zTWhQOTEraldVeUp2
ZHpVeStLRmlvcCtpOHlGTDFYZWVKYXpka1JVCk5IblN5OHZDRnZid1RwenlCRlJh
MnRYSVRXcEtyRHo1M2JNdEJHTkpNazQKLS0tIHUvMkUyQ24vSk9hWnl0cjlEQnlN
MTJsZzFzVDZoZ3lnKzVLNk5MZ3N4WmcKEziK8e7aqxGqJwOG4s8jfUmjiL+gs6sY
KEI5LugBaF66fAB3Qf9RX3XaaWWSQ3C/yuiv7h60kE5tEZLPtZxssA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:01:49Z"
mac: ENC[AES256_GCM,data:+RtsIjA8DXxCGeTqsb24DQdP04/8oEvviiYp+SSfvCiUL4nu/WkAIAHdcC+Gvw379vnq1N38JPycB3mQbyabC2lUJ85oEMmfn6YDdsoIxvdDuJuN5VGhLkqXdwgkfJZU+e1XUDkGmAalWeNFTlE7i51qecVevdjPf10YW/V1QZw=,iv:TEYHADkS50xgUCQ4ftWv5YcIqSX+cYgeNbPxSbp0+fI=,tag:+PoSBjFfV99vOZIkNJaXcQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//TVYAbB7pn/T+SaE0DRIYBFVG8PAiyh3zLt3LcJyYZcwy
sVqcJgbIMMTDqJck0XC/RCzIAGhHiSai2rK/TUh1Wm+xQxPIVu5YnmP5mZlX6jVU
EZ9KRuzBK2Kc6FTbinOR9KZlxHKre8QaUNKtXReha4J7A+qQ2wqt41uKupXXGGNv
/NejcbMjeyBUQjkIzT3H5bVZLTOeiv4/tc66Y24p/pz3vcSlUO0GubJ1/sbu3B4o
K/NZ2HC/OchsBJt2Y27PvEIbZJEzY7ysW9tOs6TNEBTCgx1o86WxeHAxvyx9PRGs
6Rx2aSBLSiZe3AJSauOVmJJDQ1nIOg0vHAH86+vLjqeXGAAvJgJOOTo+/q9M059k
xKYmXSI6LNnqu+6vGPHutzv+oO/6Gv2vSy8n7zO1bahlAndluFMkOMKzkxqooCV6
v6a1r6slW29Z8UeUlG1iRV5634NvvlQBhp4ig9euKwq8FEY+dz6XUFqnMbY+auE2
NRwVstJTriTKuBo8stXP2tyvwdpfMem4A5ZSpl6kowx9gvWMiU7aG+U/CLEMHtHY
hWv66eNnjC99tLAJ3lqH8Bd4UY0m0i/P5NFZWRASESay/NSa2BFubNYI6krVWTo8
uLuvUXSnS+QmlZnr6Bj8nuKUto7naMVkRbiT7t/IMe2vLZrX572c4Ye4/oJJIXKF
AgwDC9FRLmchgYQBEACLXg3KxCtZvfv9ACfHU0jR05aq4vq6/RNwb82KHNNjHSYb
LWSiEkBVl4bb5isRv4EK3CpuuTL1Jv2XIfmd/NjHjZsQRAu2gBcmftXNpBzX4VwT
rB0mBBKGyUWdeleGPOyXvucrAjOqJ4gOVJxrGp2RUbPcUG/aqpuSbmJFx8S5qpsb
ZEdMdNLVZfKzzP4Z7fpPuu5AXyJ+O3IPpFqvChdM04VMYAECGhoZZzIt6UIHkzrO
BBNaXLniznNZ5LKArog8G9WfYcC6egmEP50SYygGok+66QwkTdM0XttUq2M17KwP
xA2Ybgh8JuSI44LJOfx6zeLQqku0hBfmVuvyw9YVoicoZisN/jJYtkk9XOmILlPk
Fw0tn/cy6h51CqNbweGY0KTDxY6pZTEXP21CyLqAWQ+B01JB+zuEq6C7MEH+bfZU
L7Z61tN+j64IRvYGf0YP03Dj4D1vsJ+zp7asQ41MFu5HpAzfU7xcrpa3EgGRYxkT
6b9m/eAyf8+olEbzVgLC0UkzofXvJLjxuk4zmxdF2WOuKoV+yt5kFjXQGaLozqTN
ypbERn5QCZ6hLYUFOvsqw9avfVLRPVq8JF1YLKEQfVjC20wo6BuwcosbwLeHLI08
NAHCLHC/6iv2/Fji/57sKcy+qgoIYOhAvWE8wtqCU75379UUIORNFaERaqizy9Je
AXWoZICaEAb556k67dLO73IW5/2yhNiYGzMluHWRcczaKaVmKzrdjjFKhFx3mMof
SmR3Ga9QprYqOXas+Ouok4Qe/zj6YCW8BUcDHFB05OUl5pFRL5ksTNh5V1WrlA==
=RK/j
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

57
hosds/nixos/x86_64-linux/summers/secrets/homebox/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:uDvv70RDyd0DEA0IAowsBLKew2k1TzMPmrVmIW1ZuMtSYxpstq8x5l2MPN8=,iv:02HfUl4lUkhlBzgOfvv+hRoyMMAaGcf9PooRAZzgjK0=,tag:dL/qhDLjzMP/4ENUcF3WHQ==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGaE9zbmtDVHpBd3NYcWEv
aVVFVmlESDJJb1ZhaDJoei9VeVRQQURaanlVCjErQ2FUYkhyajczSUxSbmF6R2Z3
em9RVUlnTHdrNXMzRzIvOTJ5UE84RFEKLS0tIDg2WFNQWktUQnAraW9HeDB5OXhT
MTMzMW5zWFloeGxpeGpjcFFZQktJc0EKnuwMW7Zrtr8XZCJM2E8M3WcH+0Ecxz6n
y1bQvo329+Ssx6Igf/NYLzaQVtTgrjrAVgQb4zSu93Ofa8tFRHbcaA==
-----END AGE ENCRYPTED FILE-----
- recipient: age17mugmkdw0y768a3huuf37r45eff9apyknxvwk3agg6xzsjmqp96q57tcty
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJQ1F4NkdvTmpwQ2w2YUVX
WFV2MGkwb1dGT21Xa2c4TlJiZlUwUmgxWHpnCkVOcGZVV1pRSGhIUDhVUXRpM2E4
dWRKM0VNRTdqN3V1b3hZSUVCRnEveXcKLS0tIGN6b3ppcmg4VFNyNzlSTHY4YzVh
REhGbStZeENKNStwVEZiZVpPRGRmYTQKCBks5jrHBOT8xMGtssxM0ojTED/j3KWP
d3vcpKALxweAgdYExZBYrfg54gL+swAqEB8rLW13+ZOB1xskrg/HkQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:38Z"
mac: ENC[AES256_GCM,data:4ZeARGvSyuzNT2vFJ9ou0JeZ9wyTU443BLHINsEzchHDCB/xlMjhrt9N0DIX+EfkMZiRukUw5C56HNgBfD5uEBgt1lbdBfLQOnUgVlP3EC7HXPZXYEOtS9kj2j2VTBHnGFOZKDiBVgQNJkJ6QBmJtx2rEwQcCax3DeHO/RyLleY=,iv:sCrpoKKTN6X6GoxPQvSaCaiY3b4o9QzLWCus62ltLwk=,tag:kN4UXDS68/OvEi8ZYafLFA==,type:str]
pgp:
- created_at: "2026-01-12T22:05:25Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+KFmJTYxoCvXPkfwNcE0+ikAQ82yGFshGAdcF78Hw0i1y
CxWY6qhMi9AmJ59Omqkh0IVHqETUicBLoEGvKIZTb6KBf304TYP6DYZs9+Azg/9O
acdJDz0rkYDP0c3CAKGhGic66acaxxiRiDvkYuYNtpiR+vzvZPmG07SDBw71uxfZ
GKug0y8+6i2vdQKx8ddfiNwey3IGTj6o/B1jW1f1HeRno/qfRjmb29O9HF0JcAnD
syWa2jjVY8hz1CcxErPx3iA5U+I7L2wMj4mIIG2x0kJo3hKRwnkRGG5o5pi4RbAg
tzR5t5Sg8TsLWGA5Btx4HJkTOIVEG3oIuwBUGwlGu/f5U43KCt8Pyf9wmQ9Zy793
aDLTMpe6kQP/23vkzVSKQVPduNPMntvqmDXuq2iu3c9reO++Cri5z/uEM74gjdTF
b0raKr45o++YaZwbU0iCDSkUY39Ne9IUoqyiQTfKCS6VqtwzzpscgpzwV9ND8O6l
J5ynTpAHBQMUF91Tx108b7F0BKLs+8I/t28ehqv2WdkxvoNSfmHGwCmIzKuf/C6W
j/sIjUAFNU6qpjlYVa4n9Ko9jvmM2aL8WVO51QSFiqDT7OOWAr8vYKdYRaMOk81V
NIyqE7lPlR+MKBaYW+LJfp2JLoyYlvi5vrVnfZuxxVw6HWzf0ejiIDiTReRbg3CF
AgwDC9FRLmchgYQBEACs+xJcoHuykH7AUANoOgya6GKTENYbH5ICGmxwxGQbtA/q
Vs/wqmK3eWkLLOqiGKKHdynvUx1/jSUSqxSUtLY/KMb3905MOH8ar84K8fgJpPQF
Du3SJFWfuZJ7xni2HNLrmaR57hl9DN5evnJ3U043Gey4b6BQV4jeanvNCSF2F8oQ
v9Vc1EKZM02Ia0NjtYkDHVoGyjTKB1su2ah4vlyD8pqyjMu+WYtay4lTcWCOLxKA
ivR5X8QWfm9jFuINTTt8YdLkx9KsM9ecc3+NDgYOVY9RbrnReOaHPgYjmEXddVd8
J+ok/ekoIw4wa6w/fiRYjNMYYAcenxc/mVBBVE10jeDaL9YwJUnwaa+8G/wGcrFL
iWjI9BeP54YJhpI08oaK3UWSFg5673XX6Na8p/pgbxPyIT88axoqNMU80VW0mvc1
rd5j1LQiKNqDMEPV5hLbfBlKYrTzIG2V0F9YYlh9NWMzOyUdHoMmY75AmKKJB/p1
M/Mz2ILI57ubuq3Oj0MAkX/fOsNefVs7VmTybuAdI2lViB9FzBGtb1TlFvTmW5LZ
cu19rt4N0vxfcrAbLhsVTAsA1zKwAnyQUSRRd9aRqXPVCRr4pPTLxEOZCPHnCBDZ
tTX8/27F85sUU4iozC8Nb8O37NRy7sRWL4BfPLeq9QWG8n7XmnH6zAn55V93Y9Je
Aaxk9LcteNGywk6hxyI50cBir4PEIEwQj9oRwy0URH7UIX7BUojRF1hV+Mus38is
Va1BiIOCn0YHfd7tBeggbjV5A+OkD6exDVCZBXaC4E7Ueoxd2udaYXsfHvjABA==
=tJZv
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

57
hosds/nixos/x86_64-linux/summers/secrets/immich/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:rTVAsx0XyI7i1coICpFjANV6CpWSjDTlvdOxu1yLggei/XZKeRuDmv1PsE8=,iv:P0S+juvE3LswavDMPpoxUYkKCzGlYaaEpIg7DBwvoc4=,tag:hIrOXG4F5qkK10VIjtiggg==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYXU2U1JseXZLZEVOanMr
RW52NlZJcTgrZTRpQkwvcG54YUFqYzJkSkZzCnhwczNqeXozSm90a2RkTDBiZnpW
RUpRUFpHd01uUWRhMVZ1UnBJQk9SZXcKLS0tIDNmQlF2YlkrWmxwWU5wb01odjdy
Mk93dFJnd0tDR1BOL3RBa00yOWd1OEEKL1DJeQo76MdgbZlq2N6yribiUtlD3wiV
1UcZWDnGMM3uC7LjdR6xK2qDiG64SqWhlo8FSrHLL/42GTJ/1irfXw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16gf76uustmyyksm3t56zcq9g6j8avy0wrngh8laknfq733s5welqedeg4x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoS0lrTWJielNmS1ZTMTh3
bmx4anJ0NHdONlVGKzZPdGs2emlMck9lN2pvCmhVRHBWUFV1Y21STXYxaXRXWm9k
dDFhTU9qSTV3NW94Wk5CeFJJOXhGeWcKLS0tIFB6dFVzVm1oTmczYlgrVmphSngy
NitRanVvVS9XalBxYVJjT0dhSEVMK2MK4+NFlbWqdCEDSln+gSIsCqIsYwRXb/aN
8GW2+Jl/4zrPiM6vG0s9IxZq/4qJkIO9UX1AIFuKemz3S63WYcpE2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:39Z"
mac: ENC[AES256_GCM,data:KYqOMm6Xk04/1nwEXaX+Htkovwa+RbHtZH3Nd9S/K1bjdZZESpka7Kxib+mf9ezBnTdJTBzwacf0bgQnU+rpQWxBvWz65K8RAHcJms0JoNYEPWJkIeG9/KdV2iefPcml5SOFID8Xr/KpISfnayS4CGUWRFU8DyDtb30g9DQ2Peg=,iv:3QT6PqinySd6lUWBNxpxBxsY7VVmrnFqUxjLbsMMYR0=,tag:SLkWHWnnxNn0j+lnGnJGeQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//XiTwGjbH1zmdMP9/hLdvavEYfiVKD6TjtMiSKrGMOa9h
VIr7DRjrIzYm6E8j5sbpEFRNIjOu/vcHvr5NCoZN0tmwqXvbi56RE/QypbZcx7nt
fGtOj6hgFdm3deWU/JCx1uAXF0fFiyy7G0+YqrZEfzihaOzyPrUp6uqu+Bb4Eli2
2CuupTa6zBP1kAzJKToT+F8pGFPHGk4Ji55wWQTnaRe24A4xFQryGhAGTkrnMxpW
796XN18IqRXcpvg4tOEADILzmjJ3WcNeYi2oF4WSqpRDUadEoUwWWo5Zdtt1SGFs
H77wIAArmoRHsPWojfjWGQNi6Xcfazy1F8HocaanEJ/dV0MwTiIfhXjeZSevo/WP
VDs1UsITkBGpG7FF1sYZv/9GhL3CE74e0LuAifx14tmPhRk46vAnNXjR3vHNSR8+
iREIAZXluLnhWn63bC9TGBm2ROEP0hpXVyHELiBXS5Pa36DaPDnrJVxehjzwerTC
Ow/R7GkqAPDHqtOcXNpt1hJtMETKmZ8lXcauZWBWCHgHS2nDTBv03zsfk+7GwCpj
O49Gr40nxU4rSxPqoMuwJY1A4/dYeEAC0QpuDnddPq3O0tHgcvlFYgw4Tb0EAtWf
TYUN7hd6WCHc4QUjmoLq2b5Lt5DpNEfPhAqWX3sL9bEr1EBKRxuGxF1WuJ1Ki+2F
AgwDC9FRLmchgYQBD/0aedT/5S53nq2U49lJNxXhlo6X3bD9TD/NAmooQeiCqFgJ
xY9YJd/Z2eboKOQwoySXozrIM797WfIZ0W8ywUnGfYnboncojiQfASMvW483EHum
h3KdpTa2IOZ2cnqJmUQZrGVO7iG+gkiLXZJpRupGLp+XLVVaN7w4mN8bB1anQT4S
yn0i3+SFBstDgfFjHbvt7nrWE5KEavCzLbYAO5MJ0JYs0ei7ScZeyI0q0IvwaQLm
HL0cbnVXyrLtj70UpbgrIemRMZqjyGZ5IPmx62ssc7CuKgvnT76ybDmcw/REs1qv
bCibxeBaiWBAhZPz5bHEcTnFQgAFdqiycoXRXYgTUgM98tHjTv09sKTVVfZnxcMr
I+ca3bHXb7OxZjaoeYFqqV09vyBnibqVVJ9BsyLsRZtUSN5Fwih3d3Vw25oA/UOU
DCvwjL/V1gzOgLqfRWJRBxdNWbtbmzF4SbyK/P62PPX8pVE8EZbsISJZOkUajKXX
5aT/IvDUHjo7aVdK8ulMK/ljlHyAM/DgqnhxnVCe6xfQMiEVB2iJwN1925eDm3MY
N0UAItV6SR4FaXLnzEsgO2Hkks3nWKVjdjGU++9AOawKdORLJPvrP+apxuftxb6k
szB6s+r59yjxVugKM8IHEPvUZ6n75Kr/FiQZP6vPnBMgh6vfaYcAXs3FvwBR29Je
Acfyypf9TzhI/s1a52FCX96etZj3e+CmLpBJVbbALPpWnggGKCcKpkIxEAa+CAoR
ZOZj1ZjcdHVc84U3lma8yi66pK9J1sVb2Td68oN5Axma0hQwG1GIjdfTPWklbg==
=Dv7n
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

57
hosds/nixos/x86_64-linux/summers/secrets/jellyfin/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:5o3vhdHriS1Iau5/wS/QM2IKlIGn1Aua+M9blroPrOgfBWLtLxzhBcAzJ/A=,iv:zv4ZvP5gIJ5Y1dC2H0AqqMRIGFE/QJ8ztp6yG/QfDZE=,tag:W6BWuHk594xqd6WwEN6n4w==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbGwveGRMZ1pGRkJXTlB6
cVQrdng4VHR1dUo5WnFBUTRSUERsT3ZmcTJnCjQrUWpaZ3JwNVYvOEMyTUNGTzF2
VVE0aldqcWR3ZitNamloVVRCYVJEM1EKLS0tIGVGTEF3RDNJRGtzL0NtNytKd3N2
d1kyZnhFY3llb3BCVjZqK3Z5WXMxMjQKrRw1Bc1TLgErVOgwfbAvZPFJiBfOExGl
Sri9+si8AmsqmtjRsXOHesI32LrCgJfSAnxUZgdXzJQeaIyhnxvDog==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fnvlmhzju0yq908xtgags0sy85q3tacl2sc3w3vdd3yfp27xv5aq06v948
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGazRvZnczUVp2MGhYOW9F
UkJlV3pxMjM5VkVwaEJMZFZTNmE5bDdxUHlBCm1HY3lVUVIwNGNUUUhnM2ZseVlj
ejJJNi9OTnhBZjJTbUsrUS9rd2d6TDAKLS0tIHNIMGpwT01BS2gxODZQMUhBUGRN
NE5IWnpBQUhsK3BVUjFOQUZnOWw2SlkK5KKCFPVNSM6ceIIMtmLqBUNyasu3y7Y1
6FR9AFTK/hP6s71OdVEChEG6GX3Gsm8ym3AiSFF573wfUPs9GM9gXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:40Z"
mac: ENC[AES256_GCM,data:Ep/6toPN64tEaCGEnO8dIUd14x5JB5TSfw9A5J3KFkhCAhCoMW29yzuqHMy7iBRwS9VqJS3R0g7SL8x6dIzsHmT9sZ3m0gihGZsM9Psc24NOi6iWfOLyNApwTsI+LhL1CEcspb/quvm4Nh+xSnYXhap+3+rPtMGpyVtgyNgN2eU=,iv:zhi6NU4lPOJ+X5KIbVpDS3mz418psH9nu8qtguKQ7po=,tag:FjePycuZddog47Wwmu94wg==,type:str]
pgp:
- created_at: "2026-01-12T22:05:27Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAA0bPcknehmkuWwEODvm6Y8L/a/R3QyZWOnFYQF1RCeJ2U
w6VAkCLRjog8cpi8CiWLUY8JJo2Ui/Ei+0SiUYUuaxkIdlqonhddXa1VxOANRLLd
OIguTv+YQtGuZF6vmlABtV3ntUbC590iuZdHHjOa6BUBLFWJgqBNe4Adkrj5WP4e
76uZgFTEtBt0paaijd7HuIhdYiAbM9pOKkWRbuHNqlMSdbJJSFCVspL6oBwHWJrs
xPCUVZIRR2rVjaj9VoQPKAucbLyxBc7TQVpZQlMNSJTNGRmeCaj2Dzm23rAvRch9
0t8YGsiovwDBe/JZLQPliqEYjIvst1r9+Fjd1YYuwPFJlYQLL5hj3tVL/RJ/XiOu
8r4ftgKbwon9KMQCUALXvHzPnD/3+YzdXk2jr6/B7e/N8d93P46xIivCtu3wN+yY
zkpbJbtjLzyQ2Ixazo9zVFmammoGLt/amZdBwD1DRWNI1dE6a7l9Kelza6S8XEwg
5OQ3bQU/n5/adjmyP3wdQW+1+lIZY0F7CQ1Lh0mBNFe84jVus3tg/sExuTD+rVpF
ACUKaoNhEK/S90TUMVTbRL86wSTE6gsdgg/NB2BS1W0rGnxpCAr49stebWRT+lCM
ic3qvni6b9EDz56bWYOWjPwsKjdxgnXTmcMHChDCRwoGNsJcDj3CxXiG1B48ltiF
AgwDC9FRLmchgYQBEACeYohAxHIrt66T7PChHNbvADgC9u+Q4fnk1w4sSZHYxcxk
r4UB4ocJb25VmUh8JhJTY3E2XmtsViMoSlu05cGyOsg8afgadl4Q35KXWhaU+UyV
n+gUWHycZxy3cyaa5o7m+Xk/jlz+dBHf25F2iUT0PVacQ/idjfSY/nlt9GhXYJfD
5MVwLfJKgJ71xatgHwI60hg+a/im2TgP2t25lVlNotDoLfuGAXuCISLdtIN6k+xq
rX0spBd2PnF19joXqb+m/OTOM+4l+PcKAWcbkL8PWnUSO9w87soIlE4HdMN3sqlX
HJVuyI+Dra97P9ALr+z3jyzoObgQmx72xt8jGGxdMLbhDmXpYWJ9TnTMxOwF5/T9
HUpg1cipbz2hCuFC2TtCyoE1yzZIuNvzyMRapK4yGwdeBlTzPBOEWVVokd5GS7wj
r9aqWDDbeC+oPTtufIcxRup6USlX3eEIVtF2zFPyg82XJKzzIT/4x4sY1pulm7NZ
fjHZNv6h2PUSfVqneMr92ViBPyn6nU5YA++6n60LAkntNSoDWtSbIi8hpQa1XIVs
LPGi3z1TVNO5fZtzXJFfyKID5dd9l4/Xjm/IBOXbLrVTJgb98Iop2XfssJhAxjGp
ydV7fxcUrVh9RbJe4NiDTFE5Pw9t+f0QxQnSyFcsS1jC+g786MPbM81X4Q/cWdJe
Abdk26c22iMEpRch7qJxo9tddXrao5P10Tr3FSy4WEUDScglb75NGxgTXloWNaiL
pKS56PaycTEJ7y2rb8T3e7c6dJj/Kx2N1rkxikI8UYO9DbRE1AU4czgVwRLUZA==
=hRaf
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

25
hosds/nixos/x86_64-linux/summers/secrets/kanidm/pii.nix.enc Normal file
View file

@ -0,0 +1,25 @@
{
"data": "ENC[AES256_GCM,data:C5d6taSxlSq3lOQMomUiIHWgibkiRuDYRSdmf4vJaSVdXcpEU5QfKsebaJOhRm4q/Z7A4QVb5s3NYeid0OTrAyt8hwjferxNMQpENsW+biIV30+c1u+B8Ft4b6kHO4B0qkDaAg5aFXJIc1hSGz5AKzq1RSkGH5psegcvKUymi7vEDusmPSKeesYHXMmkibrpRaZ4GkAScROFA07q6+3Qcn0unf9NTqH3zaAiO05IcvfetLCzl355BmQbiCdTZOLoooavk082oxzfKlYomgxnHaj0qaxjxCQ6sju3Bl/EsVdoRbAN2JloWJzUyGztVf1rHfTzAuswgBkj+VOmTajPqKiUK8oayL5FoCvHsZW2EAFlTCGsxtPEizqEAA5eXLSpWet7JleVTDh8jCCz6B/uonJDKi3SlE2b9Q4Pqm30c9kULcqSHppBoEdPF7wXCIcVCg7X2DGdAcjzi/UP8uOVHOt5XQEELRH3qXLQnVq1i9CtjRZADyBBFTASMm8WBySHIq5igKo+NdxKR4BxXERjTFmteqhBT4X5JfyUKc0gOkoN3OEuTgfWVTUATiLBJlGx5gUMWusfIPwog0g99D99J8PWJsrl4qrIH49Ns/QvNxEHUBXgdWvquZkfOiLMdjyapG+4yXM6yESz7+I4zGb7IC3VE4WPQAwpIzoy/wsioou1xOKtkFNX8fTszHY7GnkJVUcSGlspFCMLtF+zr5c1kEizVCEbu35i6gpP9+INAsy3LvJIFF4iegaSuD2jmCCpD3dK27B9bbwEHwrwYBHKexVlrbDrtcWBQSwB9jKTlVMhK0UbQU/+2yZ2/OZEgcesAl2q+sTG3hctddL37vnFcRR7FNvwGyEWorn+N/gpa6gIaZwCIzih1eHeraLq5cdzhHhRUtAbnBscfPntKTPOu7EMb/y0F/cGwV9iX/BSy7pbIfaiyOoVB4snyrty5r3tEi9ujghcqi7GObuySToGhJmekQbREUnGG6CRRel/9f0326FOCsiS5MEDXiaqO5mNVI0IcMunSnf9dGlwNAqi6B5+Zifrv6PPfi97LHklGjoLxG892R36lM1nqoU1VmEJneP6mmCJ695bTaZT8mUmasvoJJyhz67xrhEFLrRVl0gd8b5S4eXlghvP/WDBLd1mPe3uKmFzzqouhIO/JtbkL0D+IZWvdqShlGOWm+Sz17Au1YP7GHMWR20Hc6JLTVW+LMLk6UThzM3TnEgEyFgk6Xc5HsJG7L3Jn4aVzI1Ye3m18sHB1cVsWS7R,iv:sgvuk9gDz4fAzPae/pTkIklwUgI2h060SfBYRwcnzsU=,tag:cOUYD7HldKqLL8rxPElChQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUUh1YXJ0VXh4UHJkWGxy\nNE1nOGtnZDhGRjVDdmhTQWZHSGhWY3QwT1VFCkU0QkhicDZpTUdDMjNGY1NqR0x0\nYytac3ZZbHArZjl4MGZRWGVIQWkzREEKLS0tIEswTnRpT2hZdU5sSUxUcTFYMGxR\ndE1DNlh5c3g0NXorZTM2RUk0YmF3NnMK3JvfEq73WuuzrAXPbR2BB4orj39P+KU5\n0ICepOK4GXYWXbmTDqTb/vn88uB8iaTl3F93Wv7VC450miouEYmcxA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5elg1N1NoMDVXdGU2TzBW\neFl4K2E1dXlWZFlQUnhSekV3a2k1ZjNKYURJCmFZZ0taWFJuNUlrTjZvTUxTM0Zo\nZEVNcDFvdjhBN1FGRkpNWEE3bHpHM28KLS0tIC8xVFR2czNqd3FoREZPRkpqcStq\ncTF1dXJQWHdEaVF4YzNYREFZRVpOQ2MK6XoP4eXUJr/eHh9OwPoPzeYvCT1yAqBC\nY3Xdw+crV4XXR9PytImJua6j+eHdCeB9qPyHFcJOB0oOhhae4XOjxA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-08T08:04:16Z",
"mac": "ENC[AES256_GCM,data:QNIiEvJR1UTFt2Rtk5GBl8ALPx2DvSWUhl4Q9O96aCMTbJt6iwQpisGN9O8o4m4a/nHdeOV8auxmNnQ16j/HhPLwv6cEwdfvHcKZcB1F7e1bslBufA9hgcAnkfng9nbMIMmn6RbCF5vFjcTwCrNYNQ4QqluuuuSHrA8TQ+gkiOE=,iv:vmOsmY90VjkCULuorn3sKxn+JQKNXKo5INax66xa0n8=,tag:nIYcopB+0C5hkzvVao6Avw==,type:str]",
"pgp": [
{
"created_at": "2026-01-08T08:03:56Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAzdR1BVqaHG2eDsDqPPCEA/jeKqAW6claqA7Ggx/aEeE2\nJlvka3MvrBS3YT9rlDbks/bMWoWeKWBu+dVW3lsMJEhAPhmJ6rWUg+13BPQWKblj\nli7xFqT9EOtlea9i/xZDDY+wjRAtj54dNZGft3X27IZLgWxaKMjxhmoqCzHk8Erk\nW+2Lwjfrs5u3v6f3l7DafzMr2uEB5QUOsLGvvEwW3pd9SLinZqRMqGxkRHjhoppD\nB9BEDQmkWFpm8QJWvlmixpgCVKYAB9bwyjmYbXvzpMS2Of2tgDcMTu3EC4Rkl1z5\n+SyImout9P8/ns9xur1u5NG2Ib8r3ydH0k3tmjTHtOl90P7jqvB889VpHXGj6YVZ\nCpFsGV7agvdG7LpxN2JdMouDirve2OLCukTc9Ksd8Z2VlFdg3SirEd3t57FRPxxQ\nFkV/iCNb2ajbVCNcPQzbtdCVxNg9xA7NKsISkGIy2hOnixklWRDYuagMkokx8PNM\nGWUAw3/wCFb5ugF71NQeuolpaE15cWoy02XQ7OwOP99nZS9ldavmQkTZkhcR5OeV\n1ka1/UyhW3tccWf45K9rCf+jVqgyhA4tp3u5wGfA/0Xj/7JeKCqzlhgyBwLPF3Ie\nBdjrzmCusU/HMnp0PphxGkOqiPkeCg0UkWVp/duYvVLaGr4wO+GJiCttSpHif0KF\nAgwDC9FRLmchgYQBD/9BeEvF3GN8Ns6cBfWswbfl9eY2XW+AaFZO8pRFLQshzm+n\nOUb3riii2LuPdMSKc2UkkdJugLem+QuRnf6fkoer08itQdP3KNYYS3Kr4M4aQwlh\nqPx1pmMSS25RFn3SlhKLRZPvK/x0zq2aiwkcoLkVUHgnwTbzerO5MLVmkvwlfokq\nPzwv43KzLCeOQOEMoalSEW4ljqQs/kziLSPHZdoTcsNx50vTpCl4P/cFdhugMbqt\n8YZzQIw9KTMcT7YXT2y86ZzZKXkfqpX6bRkT/JiDjp8iLqj/ILxUEiHjANQrQGSW\ncYOY52XTxdU/WVjfefzP/bnTz14Ww9vC99QQyZwgU+PgV4NwLP1IdmpsGZGQFlHk\nz3iDdGvB905i6Oco+dTBBbHRFUvIYO/PC2oVsOS2eua/IkZhtHIz2qmiC6RJHETh\nvBTVInfcz8PFuMCo9rjbXghy9E56RuOy3qVqTtypFrTzGF2hG8j1+s2ygCIYokIy\nRYHDZELy2M8dtgNNQiGvYFFFK0+Ww9K3i2IeESxjQ7mkCGVIiOadM5J1tLlWP9uf\n+ehkZPvCiPWlL03rz2jXdcufqwbcT0SMdsN+iq+a6v1YEAh639gD3kmM8Bk5W/AO\niMIxmRpnszvdO6sdZsdjcxtlm1mwPGixImVoGPWiGElXsx+hgFk7VYwrMqePetJc\nAdy8BhEL0rmZ8zNkZ3s11shzcGFxnI8DU5a4anK26WUaeRVdCIQV7cq7uZr2O6ob\nz3KOPtFS7CegmNnrO6WCGh5Dvixc3EQ1mOIwCt9DoY0tLZo8lUpILbc8Uc0=\n=YxFO\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

67
hosds/nixos/x86_64-linux/summers/secrets/kanidm/secrets.yaml Normal file
View file

@ -0,0 +1,67 @@
wireguard-private-key: ENC[AES256_GCM,data:R8o48IzTOqAdSDGpdC+euQo+TdvxPY44iHgO7NGCwQnqnv87Tqbyqn/e6r8=,iv:sWhQJ3JiZRSFQoydNiZJ1UB0u+qdKdRoU9zapswqsbg=,tag:d5W5NOl/sB0MpZmaUiAAYA==,type:str]
kanidm-admin-pw: ENC[AES256_GCM,data:S/iBo56ONAB/m3Z7LfsD60cN4jx6rKdpMw==,iv:zX5g2yf8cL+YNv/rOKxaUFst49jTNv0/RC7dCmDxRq4=,tag:/+dXYKm1fIsWxPNf3Dte5Q==,type:str]
kanidm-idm-admin-pw: ENC[AES256_GCM,data:f+kENj9pvEzg6i0zdiNwVRgRXYgsNITlsg==,iv:+8rN4PJ6wdk8N8LZTlcuhv4lzY/ydi+mBfg4jp3kp4k=,tag:kVLFM845aNePnCWBlAhUFQ==,type:str]
kanidm-immich: ENC[AES256_GCM,data:5mLDFJ/8gyX7Ij2KjpqWbtMjB8v9ek0tuw==,iv:eUMCFjTrAh/Ws4pDYf6T2s1OgNLQnaDXMvbTDbZ7Wfg=,tag:qlp5qRtgdl+TYy8TK2kteA==,type:str]
kanidm-paperless: ENC[AES256_GCM,data:Jo/uMujrq5eHLClGoxVSyb4kJSIQW7MxSw==,iv:Ck6Z9V3IXUBpSF4RCoqKF3J8Vyo71PaS4itXOf3NNHg=,tag:/u0C34IaUlm0oOGHCgwN8A==,type:str]
kanidm-forgejo: ENC[AES256_GCM,data:DP6nGFVL/7lwANf2DyI3E+Qfh7b/SF+SrQ==,iv:zuNS5Hq1N8ntEi9z1fCz2Hpzev5F+WEGn8EOTwj+4EY=,tag:8/j1AWi+JUcp6YyBc0v1Vw==,type:str]
kanidm-grafana: ENC[AES256_GCM,data:o74mBnxhNRuQbqmKEWG/o19JE9M0bBNxKQ==,iv:J5HzDasytKMIvC3tLvWnv2Cu4HPlPHtukE48i2xwWik=,tag:63zpBuhRpnVL4oQjfA2f+g==,type:str]
kanidm-nextcloud: ENC[AES256_GCM,data:cDZFLh316tIQhsY9osPBvlc3msj+8h/cBQ==,iv:e0nEiOdjxy2an0J21wuc38Tns7kzUvZ//RxnQ0hhjfM=,tag:vKyPRlfFRyLA/PARXlWnFA==,type:str]
kanidm-oauth2-proxy: ENC[AES256_GCM,data:H6PS6WcMiH+gMsp1CYRYHqSdM9SqR4V/Aw==,iv:WnaEy32YxenO5KqQsEqhQm3jzsq0/HztYZrE99lVbb4=,tag:OPYDhTTKHJ63rHNLyjG7tQ==,type:str]
kanidm-freshrss: ENC[AES256_GCM,data:t2iIWLeyChAPFKfWeLkEnWC0zbpuSP/tmQ==,iv:fPpjO8RhgIHNRq7V5pYZN1VNeO9NkUi/1HWsHrS5iS0=,tag:v+W0yPtWNpl0CQIdyJuaBg==,type:str]
kanidm-firezone: ENC[AES256_GCM,data:/at/1dhYtPzeh6F7/juE1XyY6abq1OQIgw==,iv:Qp1QXBKHYoDJfTbZZYDRcdM+/GFu8WonhO6uSI7NdVA=,tag:lvSei5/yGk3aU7HX9KOgaw==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSc09FTHFDcWxidTFWTGJ5
VEc5MGhEaDlvZzVXVVQxQ1ltcVJuVDNHaEg0Ck40UldXamFocS9zZVhicjQvMjcv
ajRuTDRiWUlJSEdaZHhjNEdPSUsxUncKLS0tIFJvdDJiL25tNXd1U0c0V202VGNr
YVoweFo0MWp3SGpTT3lDSzljL05MV28K3AH/JPtkI/zcJILPYmY90bDNplj8H9/h
1Nn1ceS5frxOCYN8b2wS42NupId2yhFojfbJAGw73unHp+CJaNfnNQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s5gcxtatd9frwctzwg54fqycsx2sa73ll36k7qrpm9wwyknkldtst90gn4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WUxEWk94ekRXWGNoQVdm
K1A5cVJLUzNZK0JXMmJacGI0Z3Z0Nmo5KzJRCk8rZ0JINlpRbnFKMmIwejhyeldW
U3FWS1M4K1FZQzY3Wks0Ui9IRXA5TlUKLS0tIG9PQWhDR3ZXaDBLZVBpandxSXRO
Mi8zVFlmbldWVFZPRzV6eWpWMUZjMncK1x41Dvs5LXsSKdg69CPQJ44/x1eNwSHz
xGNb5lgtduTF7mDtlNnp+QdDYVLnMQCiwlUcYeyckej1KAdvOM2Sog==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:02:14Z"
mac: ENC[AES256_GCM,data:YRVfa2nuKJ392zbrVDB8XILDa7zsdmdKak4tXAiru5SY9vGzY68sHSu1R0pBr0RxPZ4Z0NYyvJwiH1ni2PKabuJzAIyZLV0KL6ekKIFg2B+2o5nMUT2s2+7yjQ8VJ9nZSdjN+Qk4O9yF3L6GTg3CMKk+wahrySAPuyMn4rTMzcQ=,iv:JoGWfR4Ld0QsTIWnm5bZKwma2vPutEsSL0x6Siz5eGY=,tag:zzGyZs2wSwEo2yTUgKgcpQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAsHsyz+edy6SFpx2p0aDsDGl1i1ehNruViAWEvFhuI59E
LGzqXZ+U1MN+O1s7Jyyv6CkbOXvQh7G/ebJVPViXz+fSS7XL0R9vLfJpvGbSGQSb
n+vCODar0cBQrqw+fa2LgoAILfyeSAemh3Ezu6NyI1T895RnS6Ns39C0//6qUYIM
QPoAVzCUFm3bb/5b38K8DhiXMpdaltdxD3RK20k9nUCde8+LRV7KiBfHZgmjX3TF
AK6078wXbmuyh9qIqJp4oQG/HBk2AbExGPsYTlmTJTcPUsN2iHE9s89G+lUm44+p
utCxf94b87gZuYaYRumrU2NtB+FJQg3UEq65CZB+hDGUg6G/jHmrAfFjzfq3gfI2
NJL6bboUKdsrv4DKxNhnOA06RYgmoYh1K8OGZYruWwDBiPX8Reo7o51N0WkA5zhe
//iySBRY4js5QRwkz1HZ6JkK0/ag90GHKAdFxaSQ3RGrWKfzwypgvRgUHnFRv9am
sjYEI26c9srPUu7Q2bhBI+iO5pbiWvA7JGa0t1Sn3bMjCh/1tjgn8wyIqHQySwee
Mqu1BUufsYvU7aD8tUCqbSvT5g1LgoZovod923rY3P9e/jrOAQox3Ua2aKOGb9XD
C2hZb9H9n+4Nlh7h0m2wvsWWpvYjWo6uvJEfFrXwPzHP9s1A0/EaKEt6n8CkASWF
AgwDC9FRLmchgYQBD/9uUz0LLwg2G5EIV701wxQ0EPu8zVhVB9xl+4GBJ9mNDTT1
P/4d9PCneah1lsxfw3p9SD5DWFwJm3YIqOr1OsiYqGKbH+GnrqoH+mDHCng+TgLR
7cd0hCrjnYVBgiu5LlO7a8UgTemIhMkPRNOvzToecOwcJeCgLQkhJQ4bV5Z3cvxp
yI/tHcbmnXx1hmpNhDm5Hzbp9Yztv0YfXdem4jknl4aw+U8sTIq+HV3DUCuM23tT
8wPKaXrAqq8ksMi20SQ5i7Ee2BIKxw3gNL7uGCg6asIvWtguTurKLRjXEgkcGoFr
33RA420JoK1d2uDy1ksyfN3qW5ZknXgaoH2A/8DzB6L4k8I9s7MZareK63jEd9pq
uu/VKUoKbDXJd7j3UcS7+4TQlKN6qCpx8MZLcWWnLT8J4UHBeRwv+xO5F/E/N17E
lTJF/I7nkkdarlFM7jNTYTz1+Gc/war+E5L3UmgB1gVDDTn5vLKjM8ub/rdgeBCD
RE+p5KjvcsI8U8wWvhZIrLiZggNY1MANGytvICRWnpGSN2XgBMoTdrNJDTy4TiL7
SlXH+GF25bx0H0MwV82KrWC7VbbhzcuXnO5ZybJmymlCPYKMPZ7PtuoUAv7ksUXh
UQUAe2Oigm2WFmAIWl8GCRltOKAfoDKmujJnIaOx8y32XM1dyPzk3i9K0uAjT9Je
AUw0GQ0X5FspwHYpHWeGC7FX4CNvM16BZdygt6BZlMvUMw/vm1ojz73mltc9xI0I
NlC8ou//9vW4FYenpYxnu+6KHi+9dAGp0D0vrsNp0by6EEcO3EwzfRCaZVfO7w==
=oNjr
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

58
hosds/nixos/x86_64-linux/summers/secrets/kavita/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:rZ4bOiYyBa2Pq9TuxNRifoZ9uRSeL1cRA2JK1FDBK1Wa2ZAd0ZHQfRI0D00=,iv:3L8JLV6D80EbI1ArawwQ77ndepEoq84JfvM9XAjg+/Y=,tag:nCXsqWAXhB9xTnKn8ZbL2A==,type:str]
kavita-token: ENC[AES256_GCM,data:yKwv9L24Ek4q8KNaTJcW3Xx6d1GCnEZ3LS+GkW2i7C+eE2XgBuG1Ff0L8xcdTPGFVkPPb2bvCP+CKVgnSVd5W+FFek/XQtVcFgWQVDUjG4mBbonQ3VnTKw==,iv:b/UfgHVBviUEMtt4Q6RQSkTVujH+qMIyuiZxD4mwMTc=,tag:rIVUGYOluyXU8fEd/dgQEw==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVGpSZzBhMElPZDVxQURn
Nkl4ZzU4SjVYRG9rYTBxQVNyQ1g1YVo5eURJCmorQzljcmtHRkwrajZOemR3MFRH
WTVnZkE4SGZ6YVlyd1RXak1TZ1huRk0KLS0tIDFacFBabHZUQlBrTW9SOHJTWG1K
Y29uUjJnYkJHNEl6M3NWMkF1U3N5N2sKKA5+GygCOBaISqK5SRL51q6YfjuXWr0z
bXpOVdppHXYWNb4jdR9yxc8KEf2T+eMHJtZF9/Ub6oRxo/1a5fmvOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d89878cvt7wsa07ydwtexspku5gppwstrpnpph4ufx5pcd4fadyqgf6lvl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcDFETHJjQkRDYy83WGJR
ZHdvbXorM3ZBSDRkV1pMb2xQSzI0Uys3aVhRCkpJQ2xnUVcyMVRFMHI4OVVqcFEx
clVZR1hrTGFEbVpaRUNleGU1aDFOYlkKLS0tIDhEbFFlUEZjUlpjWUpTd3pQTy9D
cmtZcHpBRTZCRXFqZjFBekdKRlorWmMK5D+TK1M4FXDh7v7wMH/sEmI+nzbMrchp
CPHs/Doxnx5lSXmXcqRC0HedbLJ1GQ1kL7PxRlAAsUg/UPN/OXPW6w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T07:59:40Z"
mac: ENC[AES256_GCM,data:MpnXoqLkHYbPHvA6ZdfgJ2sPzM/BtmhbzEjymvnUp4zLIojE15pTEvYKXOedr2RKYZk1BCF+ksfyyVgJxy+HFZ28baC3dPXRMAHH7InEkf144N2Kmodv2czohz45gnbBz38d2DBU1/7pbpktc2Iuw1bQZTBbg5xAw5Nkd3pzKJw=,iv:O2vkWIDuzKzStrDLcVnVnWBa8Moy48fPE3YeSlV1scA=,tag:OreHXW+REVZC6sOa0t7idA==,type:str]
pgp:
- created_at: "2026-01-12T22:05:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+KR1lX2Jc2XsR7qbHnRkvdAOtcV3ETYHj26zTuOt4YG2D
i1azOUcQA2aImfHj9jqB0SN2b2TJZ/JuVB0NqYG2oPtNhHzn/MtWLE8CCQN+dT4P
3WyYjAeg4/LA9KysfdrIFPNfHGleaHHRpRBmWxSCLDgbdlcf9QLD8bHj2puKwVlv
85KSMfdqQcfnI2ORfv68AkpO9DTeQhzg6YaJlePaM9ToUD20BfhhkRhCZqIbtpQt
OGr4oO6HyfE2cB0E16U0ICYnVbIyriNGkTM1fqMNVZ5MetmF8FAcxMZmOnEcDk34
7nnHuwA/129hsPwAIf7YnzAByPdMvDImAj6w4b+TfrEGqetqjrytGfi6BE97rwjo
CfOd3figRvBIPtwXwj5+WE3QgANVN10leJSLTqvWCX98XyMFS7A1yBuj4k0fhTk9
z93TP6T9h3GitieiTFjMyz1dFt8WBbHbaOGz99sTsBFDWERSs6wx5OyUttLTM++N
iccyYTn0ETFZyEKaY6ZBCD3VH/FVepXRudM+822vcksy6PP2JcFm63k941jMltJA
t+MPQcX3haZp7UnIcPZ0bX1G7oiEcZNsp7vXVYZ3UBANWojqkfmQ9yE7x6mtC+Vd
46/c4pH2mOJOETKguj/WkZrKbk4YlRKceUWYe2+ywKxUjGq3Q6nA0u9kfSn90HuF
AgwDC9FRLmchgYQBEACryx5GKRlJLHUlbnxkPoveKdWBdGrBDaNlGDy8qjhe7qPX
SriU7jgCq7ewpjEaxNZERSzhAhb1QC1HcqLwFwcxwNat+KbgkvKZxUixloE5Uk0Y
YUnekcLDjqh03T06dW6xlSyzICTRgd1YCSvT9qa3xTPyWhKFi36+VDrl5XqdDnlA
4GZhSVXP887xneQYYBMyj4t4pIFpDVJ/6LxakmOr6o8TjfxA+4Wesd7Jy71EdEJS
kduGlGGxFAEXyAokWEuJhuD7L8n220/vHtY4FO5dGpuQZrHR5JQd+DAWXwj2ZMVT
DhXC3lBRJjcWACJ/6YiMoHLdmwuK91D6AmDCwunBlkHSiF1Rga+StnQQY3LOpP38
GAZqBwqjVVYan0x+Z/yYZ0bGyNX9tJtw39yDOex6+hfZ/ciXnSYIb8FRcvbyKreG
wX/rdk1pOqHYXth4ghvodprFxify0ee7CYuJ73Gt7JelB7w2X3uepq3wc+hyptsc
v4feA/ZtKEKeeqaGuSA+M6fQw5ON2SrOTp6o9LTVBqlN1OR6gOik6Vh5NO88Olwf
7OlosAIVwaFpA+45i/hftSgPghPKBgzrlclcg0KAxy0hZjbY4iqZZJgIbnEnGo7K
3X4ml8LfrZuUSy99hNXztXZbBFt38QzxiUaQTzzKEJSbN5EjAsva3c+EoVr54tJe
AVO66ohfsV+GyAMgCbqKzIAOQPPLdgABcEtBoCSpH/fhEBfhffYEOdynKKP3IY64
FQaEB+IM/7OofP8pSFYvvMz5qMb6zhkLMGgQvnTBm9abO4JoAAGzA37SxGEU3Q==
=BnuJ
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

59
hosds/nixos/x86_64-linux/summers/secrets/koillection/secrets.yaml Normal file
View file

@ -0,0 +1,59 @@
wireguard-private-key: ENC[AES256_GCM,data:VOvcwYy6YVQ+QxTqiWD5bbnH0qNDZ66ZRfq2gY/W0DpjBlJiIcSx1zgaggA=,iv:d6TMF2DAebYt1mNZ0ijzIYNhub2P7sCkD0WRuVPupMI=,tag:9R9N7/rDj/9OHWF2Y3n5eQ==,type:str]
koillection-env-file: ENC[AES256_GCM,data:rELcMMdigW1SSCgyTyD4Tugqmv8nZCMnI1Pmwaf4MKA=,iv:/g/L+GfYR11rCg3QEJwIQQKXov4GqRIKdJvPcA1mst8=,tag:y6UMG24UdzONssovtFdbBg==,type:str]
koillection-db-password: ENC[AES256_GCM,data:GxqSXFrTR1am4vmJtW162v8ekM8=,iv:b4T8Rsy7HOnQt0OnFPuKKSByrWxzYKdIsSQntfbh9Pc=,tag:xZHJPexSvNQb9EgmTyxvEA==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMzl6R0tOQm96RUludWJU
TS9tRlJLNklZMkdPTElYR29IRGxZcE9XNDFnCmMxb1FmWHY2UmMyN0lldXpqUFZj
eVZ3RGdpUUZzNitwTXhCK2VnU0k2c2cKLS0tIFZNeE5vZ1JNdWgzdkRRY05DQU9O
V1BQeHFzZnVCRDFCLytxRmxtRWVrSEEKkzXol9r2TBJITL8mYtTpnFymYIpj7UMJ
RdrIn7k41fi0pzgROxKFg/HgDvquo4eNkI5WsOb+LnX/RZ/p69Of2Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ayupuxlrkepyvjk7xwgrd0pvcj3tfcha688mcuc8ees2hg3g2ersd0q3nc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSExMRnhucFE3eno3bDNu
VjJPV1FSTytwVnBUOGo1YzFoRi9HbEx4RlI4CnBhNEpqV0FzNDFpZDVrNVZRbkRj
ZWV2KzEzMjdDbFVBa2JoQitXZkdIb2cKLS0tIDdOZzZtY0ozNS93Y1JkZmQ2SlFJ
cjZiYU1qQUJoVFhGSEN5STVkUGkrMjQKhr4pF+7qjuo1t0wP8K8acJsPu8e+28/9
E+ejqDL8XDOD0/K5aUWXHQk8lE/+w3mPSAypClZ/2szzeF76XJCTcg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:02:37Z"
mac: ENC[AES256_GCM,data:rjxF+XnvVS7Yo39xXq77aeCMttnMaIOB77o7LrZdTMlcL+doTJFh9uOA0dh7vfP4Q9Aq8JWS7IHP1f4D99+uAKBf0BxCmapPgFnFxomFLqxVXYnF0iC85XGZXdWSFZY78Lo7Ilfn7ahyjcvJI4UUdshQVULbJr8cpJfR+KNM3h0=,iv:XNXXxHLQuncyHp7rPiyRXlYBoqfsv1OSv9Z+ktvFUzg=,tag:SFmFapugipfG7feXsuUYfQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+K8CydCXNDvfUCwILow8t6CNRmbEJ6ci+3JuAEwhYlfwq
XxUWWzl0asy6wNLs3izTv+puPFYcVWnbhK7+fgFIV4AotjrBRH9Xqh3irPJgoRsc
jA0pcfcdVGMrzsjFChoM4Lz6u8BF9jMobqsGo+yvttJf9v5CFGjVIVo4gLA1ZV9m
34txfuZ6phOePCcs5ApmDJ2yuVSs+irAu5YkUXQI67RHstSwaRq48oZbTDnPP0bl
2ZJM5GXdY3rXLLRHFj/skunwee6V9UPJe+hwiGY3j0oVZ4aQqHaQ8r5/6mD6Ba9N
bLLZsIHxl5gflQhnsejEUvwOzdivPc0X74Glam7QveeIyAhKxGXaBJ5UE3YV1GfY
FRlCLOwdC49DRMjZiF799BUxtvTLCwZVA77Lpg3E6egJb3hlVcdqx/GpRC8yZqG5
WAPe+wYg8kxVAHWNtyWHhnQDYW4L/vQCzoAPDKUKQO8rh9LivcqensXy0O+Lb0nu
P1Lm8RGaZF/87FuzQrQbrO84TVgV6X1ZK26qTbZiBE2WXNtN+OTI2wSpQSn40rg2
ifP865LtmE6yRvQAPcVwCa0/DK+GfJtVBXAOMZPYST/Di51Wdd+ze5TS0jIerZW7
exl3cvGgxjNEKG+LZXfLB4k6pe969aZIaq7JhHVZ9vZCmgYLXVemSBUiZWx1nQmF
AgwDC9FRLmchgYQBEACHWLAdrmXaT7fcDjv5Oq7wwHLhK8L8cJOBX+EQ+nPtsYld
kZoKNJiQv0B50I00iJO5L5vuvgmlGSrrn5knTX8uswM/nMa+f0KeVGFJhRDt4+dt
U/HulFPtT58nWkaCiawWz7jXoBe6zcDN1TlmJI7fPHW+DoPi+V14IT/WIsgQ4PUD
cTbkvvMeMnYdV89RTQwponM6VTN0NFTdWofXIwQ+xyo5jsXTyYDO8HgmG477iZ7W
vKLaEuRk1iuHfYss4ThgFJYIafPa2C9GLIEryKLrQiYEWVJHPn697iqkBT7jegeO
OJ7fOfztlXpXL0ZMOvhaNWSdrQWVqtl6XdXYEGCF0SgQ+GGEF3ISQLEkq2dK4MMT
oFXNUSLl05Vb9+LIsLpZGIp2lO/pHaB4YVsT//+giwlOcqMOLsJfhhiySwA8qALY
+xliizf7u4CxY4eOZ4+nu2A9nEvsuK41j94RuLgwIxn4SXy1rOtEvXF1HpiNleV/
U5115er5QSF76sFni4kVp7NHpGOViJnbTUlO3dferojCZ5NVEQd6Pi3mJBH8JqmV
538hLqQCGardPtg14r1cvmJ3Fx1gEXM4+oeKlvhCioyrCT357jOo5/ceRW927zv4
5bQulS14zMRut8N0KtSuCEGAHrs69yv2Vvni++W9rX6S8WCUoRYIwu2348MYyNJe
AT8xotEr5YRoucZ257heJhG2V+N6pVz6zxMekW+6WKC0fRwPRq5k9MLGVINhVxTH
DODXFCVpDkT9zSXScajDOExDgKnV7Z9Rzjhom1ktVIqEXH5ylLo3D5W4YzzEpQ==
=hmtA
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

62
hosds/nixos/x86_64-linux/summers/secrets/matrix/secrets.yaml Normal file
View file

@ -0,0 +1,62 @@
wireguard-private-key: ENC[AES256_GCM,data:yWAKbF6rsLOCC/DfLH6F+XQLGb3fBRTN8asmyRgbkwSjk4c+BFYAt5+QBlk=,iv:6Cas9BbNIjoxgIB8Y+ILFjdMTRFtGz2dI6oiEiOLqsc=,tag:8+hgOBQAlMJOZ7Qhp/D+Sw==,type:str]
matrix-shared-secret: ENC[AES256_GCM,data:JW7AOGGD6faDpXflV5zOUppOFIswq2C6ydxwFYYMqmnypKrGN/6HPI9pkrsAQYnnJrkEKp6SGVIKClc/+QC+wg==,iv:UW67HFNDqgg3uOFA01xR0btzWnDrgxMRG2SSKwXBQzU=,tag:/OuKL+e6QGlEHgjC/o0xXw==,type:str]
mautrix-telegram-as-token: ENC[AES256_GCM,data:qUhoSZG6wY9XBc7FzM53Ia1jYb4pd0nnMJy4CXiQyUQKu7b3DJuQK92nSdb+Enlwrboui2Cs+zO3yzK69Evntw==,iv:jr7e+9JUSWUxOj/XiLTctc47Ticndzaj1dWBcT6KkHM=,tag:gRC+Bdn1rHb16LBxb0dVvA==,type:str]
mautrix-telegram-hs-token: ENC[AES256_GCM,data:PEeMGrKEV7+EO4g5GgFFIAeX2XUU3PbcKt/1Lm9bjTThmaDGA7eUSEObJMolVOmTMwyQc5szyjqOQ504rCZK/g==,iv:ycjxbl74QS9Y3ZNc0rvsbR+llLKaaUQtcefTfGbPbKw=,tag:o/BC/VLnzvsx0QuQulsHdw==,type:str]
mautrix-telegram-api-id: ENC[AES256_GCM,data:qAYbVdgeUw==,iv:D5AjnZdDQyDMGQe7FSVoPxWif9sfbkznXgBGDg+HkYU=,tag:5jQI9brdup/uQSaPVOWfHg==,type:str]
mautrix-telegram-api-hash: ENC[AES256_GCM,data:bwfQP/EuyS+iWGlx6IoC7VrJPYbYtsU5cmtnCn+L8z4=,iv:lardLJjfWVvQqXcPm4b4b6iS+U8De+P61GnyfqjkKDk=,tag:YbsSPAqeSqIWsUoxdjbyGQ==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaXMxY1hDa295WGNnd01t
czVWUFhKdjdWMzdTbnVBOWV2WFpDYktSVWtZCk9xYndvOWZZOExCV0dqQi9QWVB0
ZDh1ZXpXVXMyN3llNVFuYW9XRyt2RFkKLS0tIFRDYnRiUE9kNG00Ri9oV3VMS2hr
Q0xDNzZRSHp3enJ5VFdEdkFZN0Zrd00Km6r0HfLe7PjRzFli8+J//R9IGQOb91A2
rlvETneqiIqngJKAHEFglfMTpkg7pmaYkOxm2/GWpq34ozond74Rmw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cq7wxnugpfvjk6dgqpfmc8vemzhkg75drkgeaqjd9fuylz5qh40slazr4u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbnBWMk9FL2ZlcGZjMWR2
Y1BkU3VpRS9jQWxsZUhOanNjZG9Gdjd3R1ZFCk9oK28xU0NVTXBCdml5SWw2ZDY2
ZmlnZCtRbHdTelVEZjRJZ083M3pSVWcKLS0tIDdNYi9wYkh1OUt6MTRwOGdWOXJC
TWhPeDR0aFl3SnRQbDFsZHJyTFE1ZWMKRi8PfCZK00OKkA72WTjTXa1h73AOnziO
2aHR7PRVsmiMpK8E5+uUqcX+k2yTIPmDwL8fH8yCdICWBM0hTPKsSg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T07:59:58Z"
mac: ENC[AES256_GCM,data:ZT6hdEn/UkUqa2SMgbN6rUj1Aq+x4kvmf8wyWdgnPiCM4+EzY6N9AP0QcaVTssPH6hO5jj37jPCY8W6FCJQFOkxU0VsF/mYUq0k36xuPMyS4ztZ8zTVSW+0oV6YHZFzE/epbhcIiXIHaoFSyIoVtlMawl/LeBZ92R8MU8kUn5MU=,iv:nDA22BM9tpFAMflconxFsf6mj07W/+tcS3nJHhzqpS8=,tag:jYEm3IpmlwIEGpQZYJ0mJQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:33Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//YzRg5yUkAGFzdYKhCL1JFnw8Zbz8CGI+FY5n3Kdk+WDN
Bu19M9fRZudImVj60GZpuS+08R6WMkayanmv70sGbVc4xYaHqwyAY6czCardkP2/
KviTAQMQYNJlw843uwAn3R1e6JDA2490ZSTDoi/qubKBkL/6LXxl5o9psGq/nFIO
eR7i2sOzr1SF3j34U6hCqbFxKVDETQ36COaNzr5AlrF+Byyn9y5i81h9hVsDfay2
PRGiuWWroVi99A38f6QWqgsf5vm/IcWaSjnQwarQajJAtmspKxPyohohWWmU0zuW
AYVwHKcwsLYbQIp68siRSnpEkzy8Mwp8Zj/K47mqXTdN2WiiCu0ybK5nMtU7VqV9
CTSmpl7HFlC+tpQ+mSI/gcG9F/BvoQb3nhv9gSyRCJJ7kOy0jzXxKgfYy2X4VLWu
MVtPvJFeh84Ni7dWTzby2EErMlbEdNoP3dcFse1FJgrvaZdCxJgZ+tunoOaEPLC1
ATDT7wrXt3h1m0mEaMo4PTmK5hkzvm3UdXW4mr3UUtVbf9rqedCmigjbBr1SEG4o
wjLoQaZtKK7FOcAADaXa9Qgk9WV8PyqQO1+AkV8GTt6YlyUDV2kab2pjqjUIB7t7
VFbOWIwJVL/OiAhwIGu2UqQiekP5gB5TE39X9jzE1FHhbw61Deb6OK2TMhsmRuWF
AgwDC9FRLmchgYQBD/0SsgaBElWGqYpGJfr/dKSOb+5BivLlwT8V37GWcjjNY/RN
k7/5GpnlZdrQ+1cXLNdAMNghjlV+dXpqWxuu7DBav9alnyVnfgID1UtRSEyeAMFe
I4n5fNR2TQ45fDu/3Mj1HWruoypDyLCGIenpQ2jZrWIqm574qZ5VFWZQlWP2+m07
lSnTSvIp+KjGq1EJ/ut+UuGupqwkYihgewrtisJ8BnDEIUMAHD81OLc11ZcPTaXQ
K88MrcJrqEEJpMG5kj+tMKUhpmkpCkjG2WJyOZtQh3FuTQDl68uCh1YcMUmVijig
PI/WdsA3A85Q6lwLgc6YTIr5AUi56PqJiWLgeYxPvWWSE1AnFrrnDYfHRPZdKexQ
VAWSPlQFcEt7LS6LK+hJAjKteMJNFviFnlCYam3eWTcIw/sSle03JmGf+2xhZJRp
ZwN63sCNLTd3JJlSmIhTW8LbypaNIXfDh1x80FHoIRh5xZXfdJxz59gS4yJGdS43
NT1QRhg/AQrOX9oOKdOHF8L7tiDk740CU6DMvlwdv1hc045LcTBCXT8O+mIyl4KM
Mkgcnx8lpoIyEyvGAcBSAzZLE52ub3d8VNAK5ABhgLkaTTGWqiWwNKSU5GVEKB7O
OP5hWZn24cx6mAWk/5aUHvcM0cUktlpnzFkuG1m7XQbHxnYU8yi7w1YwGjKXB9Je
Acy13H85upSvPs1vyvIHf3WUVut00wdsUB0IrPaPLPYh0a+3rU+5B+JZ7hlBWRfm
ZyQY6VCrh/mP0w3YBfb+Og9jdaYFkDXEGB65kw/sw0pz/6WrGV+sX2mFXDPa+w==
=T86X
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

61
hosds/nixos/x86_64-linux/summers/secrets/monitoring/secrets.yaml Normal file
View file

@ -0,0 +1,61 @@
wireguard-private-key: ENC[AES256_GCM,data:bHFzF918KWIY7abTp4B71liKBpowEfdyPb2RmFhnER59ito1px5kccZe8CM=,iv:A/5EQ2NVCtPuDfJFAQgusd2Na95a6p4oWbIh78x/904=,tag:IiPzjZNwT7ZyPB0R8/AIjQ==,type:str]
grafana-admin-pw: ENC[AES256_GCM,data:lTpusl8gd7R7FP9QfIU=,iv:h+xtTtDp03JHHmZ3hX9czEqSWq4l8tRrB52qaKBX3yw=,tag:0MIWfhrkfhmL0Jn8bqY7Zw==,type:str]
prometheus-admin-pw: ENC[AES256_GCM,data:bdfXLIyuW2N4w5EHd4QD+js7KFF7RBv1mg==,iv:E8AseMXVEcrkCg2fzp2IGphZsMZiCPvTj8CGD2v1t2s=,tag:H+hgftqGwHpdEba5UAjd/Q==,type:str]
kanidm-grafana-client: ENC[AES256_GCM,data:ppEqUFZC59A1Fv55l6VroWPzUiKtMO+5XQ==,iv:8SUmgijE1PEOiyMUSbZuKUfLifTD3bsdsSGFCQiPjgQ=,tag:crHqsVLK3uC7vA/wkCXZLg==,type:str]
prometheus-admin-hash: ENC[AES256_GCM,data:6qIEAwDQQdMeiJ8oQsnRxvMV/x+p/rgHfViLMgGh9Lg5FoarzAoZjxNeyE63X87UzsjXY3+7/9khJ9PD,iv:O0VsqAUyiQ3YwLHSx2Pje3trlinz4CjxZ+h4lPPPRN4=,tag:fo2U43uEtfB8LWjP3zpkDA==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMm5NVnFKdjVDc1Z5WkI1
bVBuU0sydTNHSEc0anVoSmwrbUI1TDV6RlYwCmhDTm53clJlOEZsVG8rWEZyTnlo
em9DdHUzUklZQmNlK3N6bzNuOVhkRVUKLS0tIG83QjJIZGFIakdTZ0tJYThDQU9j
a2theDZ6UUo0L1Evcy9FcmxnelZHNzQK6w6FdZ6kGFo3TE2UsJULOFds1/xT6/Ce
KB6H5rEXcU4fLreuLJA/tjQkq2CRPq58ACs25Y2GuA+tv0dBa5ud8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vn6ya0japzpgc256jg57fldsqe4udmq50sj5hmkywn7rxfnskevsx2q96u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SHJxYks4M3BZWWxsbURH
OVViZ1lLZDZGTXZ1ajNvN2hTVlRqZ0JGVFRRCmtYUW9zd2NGcHhvSzY2VExCMXVs
SjVjU0dsQ3loaFRTdnpQTXJtYVZHczQKLS0tIE5lRTlvUi9CM1IrUmJqWXkxV1JL
U1R6WEpIOEdMc1JJaXlIWGE3bk52eWMKV55X1Ub6xclaNVAGotUMHodOZxeCpjnr
dH2egZc78PacamhvBiTKpxZLscfqss7zhGSqLbFRjPNDpPGkUazAmw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:03:30Z"
mac: ENC[AES256_GCM,data:k/1raTPyx+paIzNg6vIuOh2GwAwyBuejMe8QTjRcmOU3Cb6rLovI4kElP8mmC5lNPZtK/z16UKONw9Wj4PJyXpeFr06wUpN64P7qHZ104lJWnixR6kisZ7Vv4AUGAUaRCVC/IebA8If0/Sm6/Vtz+QqoJXNY6vZRg/e4POavwOc=,iv:X40QnY6vzU7E5QmJGM7pHnPreLqUoD6shuqMnE0C1bA=,tag:QqTdb0hUjtWF5bBIiS1PLA==,type:str]
pgp:
- created_at: "2026-01-12T22:05:34Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//aFEsFOzREYPu1el49vp3ZBNP8fme7XcxiR9CSs+qfZqy
loMQyyv4rPGHlXBzEWL0Bas+56fqv+uSeW94h7fyR2dLzjtnkIe4DR7tDrGsODjB
mqQ/mUgPr3eUi4a3p/q2heRsxR5fYMZqjjK606NYh3zxGDFoIHKdI82xL/PcS0OD
mmDl++GbVN+qR+mcBVlPPL+H87klO+HZsLRiEnur07RDB1qLLVkTi+0YWeSzvneX
+MghbNOZ9WzAJ8DbDBjznIU6DnzxqNpiI9+acBVyZJgu2QmPG2VcoujlCkoP21F8
8mMiduh5hzK/XvNkYVAb0wj1Es6CjLWUR5zxNo7jZdd7wOBR2fchm+VTsY3xxdmR
+tnT14UneAxr87jVzSElhwAD/sNTTXZfdyEbWv9qp86mrz4MpH729vNFL6mPSo7Y
rpSZUHV8ic/Oz3t5E/qWu0TVVlzI8cra9XfvqzS5MCaWDHdT/+UKviYNzvYC0HDP
yIDQ1QMGcyO2mW4nOQFbf7+rrjSqUGufDs3rBhwv4ExNa+jZvGposFv09mClr26T
hZKudJQMBW7CHE1FZg+1fEqdfxu6M/0yckgNbs5p5/sgdxvI9E+q1IeidvtYSK0U
VaiAqavbL11BCcBgrND+7qN352aaA2VXtATqJwgrF5LhDkq28Gn4zNEj2/Sdj7mF
AgwDC9FRLmchgYQBD/9VlDer7Fl+R8WsF/BbAd9lHic4KIrxBS/jnHTIwL9q/d+7
HM6C72HRggdFKkS6+lF0y8dMjYrKzV9VUzi/tSnbc2kIACk27hH0VMdrBUESDqag
ZI90TmvuaphzdHeyD5VFs5cZ6Oa1jE6TQbXYQ2ejmL2XS6Botjz1yG3me4b6pwDN
gK7bQ1pJyLoXJ+5cOWgYB0o5apFNFkeetBjT6YlSpz9FOojDmQYYfQw5juK/K1Db
vsiYaJDPbPz8Q5HXnVqP83PPMLoB5WzYW4sTrIsdY6Rr6gWSGqejoUKQo1WnqfkW
5gkKgf11M2tzPJZ/Bm34TGcaml5oLSlVt8lK6g/CAOneTKExWIuYDYP705WHkA/5
kzWPsWRS2f4oQbeVF+IgpOIs3gK+8kkMZz6UUuknoEKLnwhOCjuZwQvhaYgDb7UU
64f1xceJycwxWPgttmL7ffhMGjMZc8NyHqxTbHacmHwHa3Ja3Q17eI9JMD0Qd2j3
Yti/1oNOQcWh98aIaMiusnXeoFPZHxiLmNkrqZSH5g9/KLTkdX8RcNQShFBjRTWb
PUriECYANObFBVXt+6wHac4ULRAFDy9DoZ/skIP27EPdcbVPa2J0bSYmcIfo6O3M
tu4MzeRtOJEsVo+7KqEX8fMXpqsmSFiIZw3KPVQWYnAypmxh9Esqxt+REsw1ttJe
AR2F562k73ZXJs5sBAsTqY7Mqdj98I38yX9toOYfEMZeOYhCBK4MYhHefl1bmhyS
4CTs7B04XKJBnxcZqwtWqAr0YFW89i1ej91W9sVLrwdvdAt0AXHhhIl3yZbs4w==
=gJhU
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

25
hosds/nixos/x86_64-linux/summers/secrets/nextcloud/pii.nix.enc Normal file
View file

@ -0,0 +1,25 @@
{
"data": "ENC[AES256_GCM,data:0clUhOOUsJ15FkS92KGVth3EkH7TgSS0yb+FTEFpsJtUYNCziXVlXZvoFn0jicnSQw0=,iv:ekWADW1QtWU/Kge0avvMeOromJFsGzXNXNWsymZkZOQ=,tag:qoax3QtqzKoxU+8egb9lNw==,type:str]",
"sops": {
"age": [
{
"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDNHWkRJYmszMFZSaHA2\nY0NmMlo0RG9waTRTL3BmOWRtY0Y3dlNDZ1JJClk3TWkvVDRGZCtJVjF1TldycW1U\nV1lkQjNxOExHcTZ0YXhJd3hZOU14c0EKLS0tIHhqY04xdTMzK2tSQnFGSDVnM2pX\neGhtL1N3VVFnSXZNQkJzTmUyTkhTN2MKkWFj7pEdbD+pPqR17MnYma8EC9PeXezX\n8sRLSVGlWb2YobSavwbA9AL+WFsXsT71gSFgTkAtsPh9paDTKSAMjg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTnFJMURBQko0ZlhkZ2VO\nT2dNenNGU3FvVjA1VzRnQVJ5WDlTQXdoWkh3CmZOaWY3SUdNT2Rib2gyN1JKU2J3\nUEpmV1lqSlJiV0FsUWZpcmJYNHI3SFkKLS0tIHZ3UlFOOGN5T3VjVmNkaFkxY0FR\nQVRpRjdpVU1GWVdNMGdHSU5LYU1rUkkKrT+HGA8QauJT2U5RfuSIAOmQ5EHTlr6R\nLmGaKGPVoH1UrQJW7JpTKA9knYgweCPy4aEt4UhTrZxx7r3FKlM51A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-08T08:05:30Z",
"mac": "ENC[AES256_GCM,data:EilwuLJTnz6pgg8tn3bNc7MxYc+RQQodCoyHAb5RRLSNDqIp90XaWKgXwBdW2lMJxYnnkprkFTOZHGW2IoSQ04S1oeYRya/NvBCSnX45zd7wQxL8k85/oYsCFZAqEV29QXoJmagO2isiFN6DXEf6IJGtzOD+MJuYjj8PufaBzaE=,iv:l7LlbYrSY4mJaQeJ1uN8MKN0z3xu5GhzGmEf/femROc=,tag:QxyUjkSbOcKBqwzGcXV6tg==,type:str]",
"pgp": [
{
"created_at": "2026-01-08T08:05:15Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/9HZTVACE+U8I1i4bcSX7umSFfi6qEX+Cnpe2sbBQAddz+\nFAIAoImmymvOnBw/oF852vU1a7W71IHZ9723NH8yqngil/R4taLZGRVpg+f4ogEn\nFz1a2yJEjNy/Pkm32Y9w0RvKuVvuYaSk2XRj/GARSlwAgn/lGF84r2zUofuD4jnh\nzlVzvwDbc90GoFVN7rOAzgD88IOMHEC244IpxeQ0oVPaun6xhTThZD9twRUWVrqc\n1lpwMjdcNfr+AbL2BK+35uTxE8wA+kyF81yGXCGQZY0pGncUBCmXSiitMXLuU0V4\nXmydcKpB/pKQgdsIkZtfhxOEN9hdzb62GXiESg2jqF5fHBN7Qw7Solf5xtAHnUxD\n/yacrR9/uqhInVxVlxHzwZN4iZBQxQmtIz5uoA5NSgawrUf2DULLknYCWo6L5W2m\nIlqfzWnQIRDFKvpFjtouencQsdAM3jsxRPcq/+/AwoUdSsDnJsOhzIm7SfQmlr71\nMp3bD4M5ccZYVm0dH45N/fXssfWdFwRCBJ53veLfTyWRGpWiaS1ofsAkmVXemqur\nG/w7Dm4H4D8vn8mxPGg3l5VftxbjXU7mbq1PzzJBvktZM3p52VesTIAE91p17d6Y\n6zKSjmTMLKeWAnR/vXAFIJMXPROVd8jIrNHjhgflel+frBU2IGoo2jJNPr46Kw+F\nAgwDC9FRLmchgYQBEACqaN73KchQPMGgND1AdR/vupph0JF1uG0g9qA61xmvzBYa\nCfJob6Esb7wd5mf2ohfVkgEVNs36qGJZJ6/nes2X9BWb9InIYp7d5exVFI3uXNuZ\nccvGSUefPdZuRIK8XvdXWAsxCitcZZHNkJSstDUwpdDJpWMz+u+HTbRiLYp722QB\ndKTGhnsbpk9pnsIQPR3GHJh9iPLFyayM/Ej3y6N72ywQUN/pptZo+boWla3NO4JM\nHTXZHcUKbcNiCnhPgVK+xhP1gfgKjlyAC/STq8x1pOVvhNjtT/N1YuGiNQtxSLbE\nekLBkFK4VoH+fyDaHB8TFXK8dqq6+189Eg5kiTYGkMihR2g6g+0Sp5mbdHoRQEYv\ndpjHYauaKw4/V4c/UgcuQOT9WOUGqH5Lw0QohIhF+JLRU/GvppTxxk+wQm/yYWg0\nGrHU50wvV9udxIGxYxi/HICZ2CgqanWGOJDaTLejMK/Qi5bI3eAKkN4MDIJd0G+c\npVnr+Ry8uaKlmIzI0HV0LKdV5dAS4sbYOzp45Ze0M1geZrTwoWMUOyUNgjdGVj6/\nOz0eIXPK3e5IowfPUBW25sW0ztIg+Q3lfivC7xqoYBL3HCTgKevOGXgqnf5i1kZD\nrncVehBN+e33dnFLmLICPiawd09xWIckpGYlQ8NgtIXa8JaZPj27M04erhqzBNJe\nAS3cV3cwtBkuf16ZRgdI5CiUoSN5IyVuGb+q8GwKh9Hh5VLS4mwUNL8t034U/Azy\n68rN25cuZyAOcPmzTMW9xIhNacO4+gEW+X8MKalzbtOubOeGrkleTYuHyiuekA==\n=bjKZ\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

59
hosds/nixos/x86_64-linux/summers/secrets/nextcloud/secrets.yaml Normal file
View file

@ -0,0 +1,59 @@
wireguard-private-key: ENC[AES256_GCM,data:k8HHv5NRBKJRNWRNHeQGr49ZrBrz/gwGL7qYXifmObYOeT1o3MfmG7wslOM=,iv:EYrcKjyRVxndG3puJ2HS++O1UbJSU4WN0vlD1yQQ3fs=,tag:Kc6VhUSw36ksSlfeZTwDIw==,type:str]
nextcloud-admin-pw: ENC[AES256_GCM,data:paK35a5bPIHioXMzGPZ9XU6t,iv:VkSLO1VhIbDTGs/NRGYbKcThP/uv6LzuptJcXFmY398=,tag:VC2q6p38JI2a9vBehoJeQA==,type:str]
kanidm-nextcloud-client: ENC[AES256_GCM,data:QOl4sP/+N3GIxrQMyD2TmyveZo4Wm88u7A==,iv:S409ur/y9j8HYLEbuVhUbSPO0JwD1zQST+J5035Cd2E=,tag:VgQs30NNosDdxwEL1iAvbg==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3R2F5WER0c3EvcDZQNlIx
RlFKTkdlVUoxekp2VlZMNFZnU1BFU1hBY21NCkdLQVljZ1FCaWdvNUEvVXZ4ZGo3
aUtSSUJlbjBRbklLcVBCTFRkV0U1VVkKLS0tIEh1eDI2T3lNTHZnVFZjc0pWcHdT
Q3JPcmxnNWRLN3FTNUFxMGg5cUhnUXcKpv+VwF01Vh7wJes+cU71HV7lVh+ATd2i
+mbwlNTYORdpVa5+LX3gm4Q1O8AovMIB3k2/JUXurWdOQ1RCOr6bWQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t7zagjfddns4yltupk7nx8xps4gh7mupyz85uuys0wd22cxj5qsq2hw0p7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMkZ6dW9sMHp2SW14Y3V1
VXdPUUNJOTNQVlFUc01tb0hMYWlWZUtvaVdnCkVEVWtUL3lDMEdjdmtXMk5ObEh6
SWQzRkppczdtTnFUT1d3R0lEcnE1VWsKLS0tIFNEamwzd1dQcDNVbXVxSkQ1dEZi
cnNFSk85YmVEQ2RGaFlZTER3a1l0eW8Kel7WlG6U58FDxWXA7mYxMPTCXs06sLaX
fX/sHr2SJpnRLfsIAl4vkxLY2UCdwDkPM5NNtrQdFIu2oVkj4xYkrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:01:15Z"
mac: ENC[AES256_GCM,data:UdaDVFUew2OaFnmdD+sULrrXQlvhASqomUt6kUxCoyXydotNL//X8tc6U9iUOhrXLKXsLB1fWKpiIQGGTtkK02p9F/IjWtakeSN8AiSCw60vVBueIdG4dDFXpOvLf4JVkLG2FkRqcLxLqyWLGzgXSFEIaaCTK/tRLWLXlCxitZo=,iv:1VgXeCIlQx89J4dW7Mldae47yvmej3Wu1NRnKK31oPE=,tag:GKfotJ6uoq+Jhf5uh2L6OQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/8DGQDydqwLR9kOQC0Pbyq46HDI/MHIXjuicAJdPdVqW3J
euLBwcF7do2tbsPpEG3FyyD3uWpk1sSMeHq0ev1SheFozf0vwiGm5ksKt6LrhyVI
XJDPjqyDWC5+prHoYvSBvrc+nuv3uy8iCqYQKdT9ODx9HXg/3gBgEDerFiI7n4wB
m4cRMMlem6VIug5tyKlRzhhpWGXls7BXqNgFTAGqGt+vjVjWGIh7MON+ftePTupV
PxE3ZkmlyAPXvjeP02zWgJpKf/zCJGHmgay8NU03WEw0YdpzfIT9eAlDQOVOE4y1
GSGA8fgOnhwTjS0Q8x6MxFEY+TgLpz+y78klDvIoax9fI+HQgNyf9OzPUrbMNXtf
Lyh5RoXbNneqJ/cuFuxefg81oor6r4JUaC/AAPd0xIrNtzETT+Bigy+3XYJAZUhx
S/PCEOuaKNq+i+0ptfmRZ+3bL9h0JlXExMDP8EpD5ychjEoWX41aSEWlOTxSEej+
qfvcDoPeAyvJXU+VFhTXYzWog6V90qz91J/ULSJbV/ql+Dc94PBy08rD4I8O9YVd
7slxT9wIqXuKg0U9dRfJZ2b9+Fattd+JMnr5bDfVhFfp6EQNTdWeo7f1hr2fzdE0
CCmb/8x8RWUP/tez6mDQGBDBMBkxU9hNiQsaQv+JXit31uFTHJqW45Ci0VJmKzWF
AgwDC9FRLmchgYQBD/9e9rnpwFeVE/wMmoYzve0SuVCPbTByitZuNxQu0zjyTCy0
Vyr5xqwg9vjEfY4kXZ2iypVlPTzDf1UurwTZMTkusbOYZP0yBwHnamqvirhCFKjN
V2sj+LkEwuBajXO3md0QL/eWNaPY+wQFxO3NRg9sjuJJgMR+Da8ZPV7U6y0U+Gtb
oARFsyDLaFmDiibczlGa9miCKriHidq6MjWJSxXeCSsA1ZqyyQ78jxfBELiQ6yuJ
RYixb8pNb9j24gQKJqKv0xcL7X0OD97QgfhRH+FVFyGbXSqMEVBqEHXUfHecrwE1
Dq2LRZCNTuM2XsAOKIwOf1FrJu38TpO9g60UQq+NrTJxVeR6b2DcCzOm67I5pQhQ
MjMs20WmgVWM345PEOZ9OnADATzbZp9GDeJY5OKlX4OiklcEM4/xEeo9ebujoFSC
3ChNvL8N4Vm14oPgEjZsJ4hPUJ/g49lGq/rhOSDr5tGqtfoO6DSN8wXP9nmS1uFK
ff7cbxBCVoPeiUSUOHXmg4KAw2cdlNh/cS0x9pndE5tLz+Nmo9QvpPE+5PowUMFs
edhr9OcEIPDCW20UhmiQ68eIZ50SIEXRqBZdL6uYdyHCVA80Ope8KJdGozzuiqfU
n6e/T0a/uisAG5M4D08yfMYdwALyZQUmWo/6wm0oAAIcErYCVzBT4D6HXwWq8tJe
AfCcM9w2NbTDTKqvlweAF2+PYoDqFFS+5flwQomnXxL1TQGNN7iFwDK7+PXg27tt
Ozjyq5rEir6GWdQwo4xWKLL+b3lQNpixHSF+ApL0e4pS9e1Zg/6I5dVsCfTTYw==
=cE28
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

59
hosds/nixos/x86_64-linux/summers/secrets/paperless/secrets.yaml Normal file
View file

@ -0,0 +1,59 @@
wireguard-private-key: ENC[AES256_GCM,data:51Mpw8Wgq4SsUokL+AFRUwuKQq9UmXHc2glmiMdjKwa/kvu0JeI8R6pPVMg=,iv:VBqyAk1kNX8IAJhCjBnDNeEEGEKWmUHLkG4l10PMvMU=,tag:uGQ0u+11GuJ7f2T6AA2FHg==,type:str]
paperless-admin-pw: ENC[AES256_GCM,data:2t5nZmpPblts6nZ6Pm4JZMBpwxVMap2NGg==,iv:IbCUeNBX4D0tOIOVGVv71fLwzC9NZZaD7M153la2eIk=,tag:L1FbrYOuwHQBHcBwbhm5Qw==,type:str]
kanidm-paperless-client: ENC[AES256_GCM,data:mEJBDT1qEz6vHrjnT5b9iBjXYbRwcoG2sw==,iv:SL91pO4QgtD+458dy/7ra7+mQgW5P+n7qUdVaXxYbHM=,tag:dGD5mzVRNFLORrMgiVYJbg==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxd1NIOWR4WUFrWEdtMzNE
L1ptYlUxc1cvcEd2Si9NbVZQSUFWV1NUTkJRCmhNSzQ2SjhxeGhKTVNIRTdQMS9u
aDNIQ3FpOUloUjJ0SXJQT3N4WFdjbVUKLS0tIElZUmxlQTRFVTZuSDNrVFhlS1FD
SFNJc0xhZEFUektXOXRiQ2xZSFBWbHMKUXObVn6jjRIm197zdOWF7Y04VeyDJMDq
dXrY6aceQDtgbxlgdfDyU1TZ4pKCU4B5pFKJakvmyaDWHbJY9J0Z0w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rn0pxluh7m8dyeshek06d7scejqlrcewlk8xmyrwt5e5nev2dc2s3s78vq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRzRwVWh1SDVFUVpqbTg2
c0xGY2dQSTZKelNpNS8vamE1Z1N1c3Q1eGprCnZDQ2dZN2x1YkN6R3RjYW5nN2hQ
Vzl4SWY0cjRYYzZpQWowS2tIaWwyZTQKLS0tIDNLTVdhWGVLai9LOTJGY2dDNE9a
L052WXVhQ21WckwvYmQyTWxhZUQvRTQKJFa0KXsbW3V8Spi6MC8i400tBAHs4d9o
oX5D4HSOUwmbxlzrc4OlNgx8lBrcur1St1RF7MBaarUiVAIpswaDnw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:00:28Z"
mac: ENC[AES256_GCM,data:ssSrHidYu6SUIVk07FMJ8p5W64INqRLdynQdizq+n37c69Ogj02LjcuRCH9W4vI0vIsbZv/Az0PnQRUfPwW9nHqJPtvWb5cUS9AK/kpQKRDd60QK8Le7+PPEzemvR61xeUv3CiUE5qh5Lf/AGUs0g/Mw1Ur8qSaj7FZUkKWMp7o=,iv:5KgI5vbEfquerHrKo0JpJbJaoAVJp7gblaUvQyr8TPg=,tag:BiGm5Lk53F0w79gnrBglbQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/6ArJY33wV19ZxD+05B8roXhBNUHr7BXI8zBLwtiVNHFTQ
XC7o/Ku/xbVtktWvUA/nRf2xwZoKKHUS34Bf67HZisb2ErTh1VJGRl0Ul56/Acd+
CCe/usmQFxNKExlXsAV724LNhdC2ETcr1i25Ri3tuacNUfal86jG3P6OOSBMsH6u
VGvB/NO+Wg66piG2+VbkQ4XY/tBDtCHWibqPDDFR//FBZK6akzSj+nhOTaRyVjjp
NGOTLFHhoPNhn7VDtXpRBqTdsEvK9c91tN12n7urVDagPeHFLdJogtzJxwHO+nCB
uctTrhe3Vbo9nsIHIlYol4y4IQTAPddbtXsrQq7Iep8++eQlQSkg9ugjIDRRevZI
eu34dd0m205edZqpLARMvydqQe8L3l5MNH2Tugw2+N5BdbJQtcWk1AcC8HFS9agC
hEOzSVVbqvq1Vcq+UkPeEgG/O94BR6y/mRanSHqIBuzvyuuzEmpOygPG2CCiQJD3
Oxy/MJ7JJ5hdQ6obFHnd8VST16OflJ8+PVacPiX3IhT7AUgMrGKKPZAJpRpKncJg
FKikVD2Hx9TZPhnL/EDG6tOnRY+C9lTALHYLIAntZRagBS7mv5zcaul1W7c+egRl
1nvd5NVdGYdFBnV0L9HITm6EsbzCvikFGx5PUjNlku7SVKDTmqDESfzrRjCoMWCF
AgwDC9FRLmchgYQBEADCL1MqvU8w8jYqIvZg35Erm97HHuTBXQIvZgGRFNrZUNcn
nkw1e0gFGsDjBbsuSzKJtlY3y/BB3zhq9WJTtPM2Zlvosvo81eKr4rfJUEVN6s8Y
WjErjdLHRgm4NvH/sMMmX3NhBgFnBzXdN6K0icikjtv7JuoZ0FVQFMUbjispLtf4
FzrzBnxO6OckJkcRlXurwuovfyT7VbYrPzy/SACwXRx29QcrxWXOB26bMEl7PIc5
/wYxgIu34nQLqujPXsRH9yxwdB0ke49XFEjH5QpiRWiLGOMF65GFOwYPO615h4M8
oEg6G06uzFASwEhru0craW5Axq9BgSDrQPsQJJkU+yE9Zl5HRmjBrykl7uidd2vw
z47VWMExNBWM9sUYlna7ztwxXwLQldgwaYlpsMgsdkKvSp6W91Qfuswg/64Nnzg2
R/8gYv/AWGHwjIIVDBgi2N6/71Xqk6BFU0FxXs3SIGkGj4U6NcaJN1KXWM3kUmmn
utrhh5KNv+7CbSZimWH1ReJdPAmg1R/pz0LouQN/g6pQLvNN+zPO6bLCs3DKMKth
X7r6jBbxyc6iTY7VbPxna0hcmrZHIX2HVyYnPMsEarJcF9swTR3wdU2kxzNIa7Mg
ctMCuivTTnna/cizzvWISDyG0N9q05h6BKoim8V1v1iVtWtjg76+7IoDoP79d9Je
AXFEpO0QZrcY8uNw95b3u4bdM7m7Urd2/zDqAYltySM2MjrNcgwwNO6CYvL5fEkS
AFlYlvCtiqBIUQIxqk8lzxDWyy5DOb2/sSOWnf669a4CBNreOTHjaVaJvoD2LQ==
=ZVbl
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

22
hosds/nixos/x86_64-linux/summers/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:F3RDXp9c69ZGzLlhWHDGDse6s3qYDbUjGQZi0iSS1J9Bb+K2SToOyxIg51UUp7K3TMQCiwj1OnwdP3FJlaA7CHpKYYEX+hL5/msA+ITs0dWNiuSaI7Hd0HE7kplU+jHVEOoFP36e6sdVlsUO1H2ICUTCIPU6zjQ9FqQkHBeKg9jPnOYkI1AV638F8261nqsfsmrN4yDS4bWgI7WsXBGAZJQ9nuvHIMUBXkLNOGI9o45vOZXW3LZmWLLJUddal8TNeitQ3tzJXnO+4pZbvlHhVxbkwB40Fc3mt/ZYqHfRK9W70dEDa63zYIVoyai8BlXmWl5mScxPerhvt05+NUeswV/yXf4UpsdAUttzNXuWenN7I9bIMrEODFocdPvELB/N/26smXaRFbtakSTeyDSuqwOefUashiZ+LyNB9lLpKyUXUiLxsOusucQIrL9kiMTvr2atPAXfEGJYC25uxNGOghffcwquitcMAKtGyLAMfnI606FkFE1MZxPc60OZo2y1yHhqV/QVFjoAwkFW5sSNUbe5DLoijuoNT+MZGxypwDUhgzCqWXzwz300jzpV3dla2tKeOjcJZk1JmlfXOrPsCNGkL1MtC5kRXFjA9HUV25fSHzrChDiyBek4fTCtZNphJz0yGBbNfX30vpY=,iv:w/D7rqHWsvBxUJaY4D2b3+aJRfoSfDwwU5L3facXFtY=,tag:3pwiviZYNiKe0FwteR7CxA==,type:str]",
"sops": {
"age": [
{
"recipient": "age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcWF5cDZnWlZBYko2UFV2\nNGRMNlNzejVGR3hJSXNjaFQrWk1FWU9WZDM4CjZBRW9PbG9XY0V2T0dZTVhGU1Nn\nOXpXSWdaeHRNbmd5S0xuUkVuLzlidTgKLS0tIGNXckVXK0d6R2dNKzFzYTNPZWVW\nT0QzY0kvNEJvSC9CWExaRjBsQjdVYU0KavAD19+DC502a44wxbtz8fbxwIgpgE2c\nU4LlkgvkrhtTTiu6d/LiAKfqM9PrSajBdO8YrTpFxkqYgfi1tMoC8w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-19T14:24:03Z",
"mac": "ENC[AES256_GCM,data:b87qyAxWtLycdtKTN2x+k9+CQB+JBUarfjDdrIiKBSaBwC0Gg05W5t2j1TRqi5NjA8GITYRRIHkzS0jx37zoLSmrJZqzSg4hTlbMDdjeGZiJt+zi7rDSv1HRSoOHz6CoG8XQYULNri1qcLzjBOCcdIFISh9EhXOTNbrwJ8uF/Eo=,iv:sFefD/bK514/SJ3PWJgL5a5Z4UHj6NKvJkLi0HhqpxI=,tag:v6CvJ1o8lKAAx1CApW6sdw==,type:str]",
"pgp": [
{
"created_at": "2026-01-10T00:38:26Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAxZP0/unKQe/AK8lpaLcPSttcLwSXosaIa9PFoBpW1iJC\nZSGx+HcWufN/aniE5PMEa/ibI4VUESuhPtqolAf8DD1ofhIwMIHTcEFvZ8bLQscv\nt31mGECunSwMhmmszRkyJb6Ic5tx8I2mhcQ7Nn8BVTlTRUeq/NNk2gKVuadd1MLG\nb2C90uk2DQWgU3/Cu8k9s8xrxSVmDwUEDliyY9tKCStL+E1UKbsc7iR494eDWrc1\nUjV6e0DjbWVaMAJWCUSHBSaEEQYHEWYoaQHjLcosZoq1ihgmEQK69r/vKl5tY6/u\nkAwrjWK04szMJ6fWI8a/56lwtUTKP8+tP9afRE5r4D8/xSKbbwIFUCAFRoIMRJ7/\nRst5q/kiS5G+9UTkT5TrKp0sxTbEyfucREMzUiuaMK0hh82DJM3DoYl0BhtFiNUA\n0xjDbq9jDdxxf6qVc2+j7G4oBZsEpSGCGeBB8V2s60A04HAcPDl6KuJgdNn5UGKT\nztleh7CzQxupByprHh/a97XDvvNpvzz6VGYtsIv42IW4sINgDIImhUdYFYgmRn6j\nrtJ4f6WWC62YENjiwR5GRm3tPjK8iyPh4XtSokqKSLe8NRfLK9+Ix/ZAS9woEgtb\nyLejKc35I229Cdq79uDqzj+oDr34q2M5+4Q3mU/Hk4AO3BGb/++v68z6r7EeqziF\nAgwDC9FRLmchgYQBD/9pH6hLvPyM+pGNuRVWYVKg9xxLVu17hBKV1U+VR1flfT5s\nRhz2wvCE3/JRrTyNDKSwSnFiZDDoq9o1tGmHn+C7pgZGODTIBiIYdQoweF1h5l+o\nc0gdWb8PJROTHGJvl4PGZEeGsav0vhHlSvbh1MtmbldGgZQ+LFwdZWUMMXRtHzGZ\nwihOD+dyurdPHmyqKnylna/uvI6SYwLoW80LzZ2HDROknu21q3P61Pz27aUIX+9S\nBfM/JAlhdz21jgmWNinV/zKiSze2twFtpjniz92lb9avPNs34MRbOCp/q5b6rai0\nanEcSBigxcrZR8Og0cPTKYlVTwuHej3wjVEtH9PUTmihMwQoU5RQloySlaEyAKZR\nL9h8sdl+PVh+Yc+Em8WM0XvdFwYKwpVUqAbUeYQV1sBL/oE8qTKNG4xDXBnSUvwF\n4zSzZ2ulkTl2J3t7uNUKI3suU21T0A5+MKB2Tl1n6lK90djfKnlQnbvUsVu/l4HG\nOvOZgaR64wx7ZQymSinjqNnITuIpkOEZ6Gu0Kg+hJPOiXPBRwskpn0P5piUhsbvX\n80fyWZZvKxealQyqUCf3ZFKir/CNat6QDvPRvGgGpgYfIC9zOxznlcEMSZE77ZvG\nCHQBsRjgn7EdI9I3OQZvZuVBtuSQlPcUJXuOUqyptPG49frMtg9cOlI3Z7xRyNJe\nAXuQhlSzBIdRD/Calc9dlJE6ViFePryA6VAUYyF2KAsPdSXK0AzlG2tAQY8nbxfq\nLn/J5HToEODGX4W95mkBl/+qgjbDVQU53fZ7NDPrQLBBXiGgR2pZKMShs/jtzw==\n=Fg87\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

25
hosds/nixos/x86_64-linux/summers/secrets/radicale/pii.nix.enc Normal file
View file

@ -0,0 +1,25 @@
{
"data": "ENC[AES256_GCM,data:+gy58+DZWMwnfjFLa9rIoV1lpk2NtEd2OnTOKRgNqzTqYPo/DHsBhDNMvSDPpa8=,iv:pax5GFmUDJURjSoYVpuWPtTJHFJ938jb9+GlzFqtl9I=,tag:5VmVjszfJhNYPpa1FsDXiw==,type:str]",
"sops": {
"age": [
{
"recipient": "age18cgqlely56hgmhscllkmafwpjdk6dwep6ej3vkk97dzemp8jtuksqrrjjl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdk56TXBTMnkwSTVpcjJa\nQXVqbFBrVXg0alNVRU8vUTE0WVVhVWo2OWpNCkF6WTMxSHNpVS9HSThzbG1qckdr\nQjZscm1SeDZJRVhTbXZ3L1drbnNyemMKLS0tIDU5NW84dUhhMm9lcUFTeE1JSWtM\nZTRIK2RBZWFFdnFwRGRpVmFZa1p2ZDAKoTVtGfVUCibVZMdmSPuSB4+V/v3JoLdN\nJhkUyG4ZLlB0CVP/o8Iscs2R1+2uMTVGFtHISUpKv7pskfUdZgWGag==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UnZna3gxQ3JFTGRDMVdU\nUGtPWFRoWXNoMmpSTW5wWXl3RmcrOXdwSGwwCjYyVyticEllVlJhZHc4SlVjdkli\nOGJ2eGFrL05OTFJ2RDFGNENCZTJmWW8KLS0tIHpmcDN1bFpRSVkyS2ZkZHBiMW5L\nSGgyNFkrYVlaZGprZ2ZnQ204dkJLTGMK0A6Un1SDu0ipQZXfOALR/3izQLhr5u0x\nhNtU3Qgbv8LrO78PGxTq4bj2SSRvlQPnA66Nk9OCft1Tje50KoKciQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-08T08:05:10Z",
"mac": "ENC[AES256_GCM,data:dqrPYwYaz2xcD6OsTrqjSkyNT1g5ntlGr+3WViuhuV+UcwmGFSQ4T0M/vJE8tGiopoxElfxZJyYGZ97BnK+WppIUiFGOQc1hcJhzFavo/gzz6xQsourq17DiXJS34VKjejneXDY+ieIUG4xXUlGWsiyNnBCGbj3STGLYcxtvKt4=,iv:mozuoTM0gS8peTfe2Pm+HANZZJozenRCdQFcq2eCHC4=,tag:MrCV9VpZi4gKMC3eWYzgnw==,type:str]",
"pgp": [
{
"created_at": "2026-01-08T08:04:56Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//QXKt4eibQonofUjKAWjH66ZuBNN6sVY9ioqAQH9SaKob\nOPZVTSxNn/4zcMulticYpPyQuSdvGx3GTAYx3gVOSXKHnHo8nKRiNEq9ZDx4A8CN\nJkvJ3R74/XLay6sO7gCGsfNe+nXeNiObanyV2wNwsigwr2NjItERHMCH4//sFm2N\n0Y0LnuxcRL6Bty5gQg29NZaBiYNWw2viaKIyhAqeC7ner9iIYeHre9eEhU8+Fouh\n1aegkvFSgDqzPAtBSFW2rP65HIiQEh+4FB6FlJmXqnIK/FCozDpH96xn0L1CMxVk\njRExv7K8s2tCKgkJ1pdbs1QBPJGuXKMFDagNPl1vVj9cTBG8XAaJ5td+Ye1Kf61f\n7SLdBu5Rov2kp8fhW2tKBWySpcPUxiVQkS73kL0j9L8xZMcw5e/d2KOSwXalCs6p\nxMF29SmraOSG93q4dFAyO73rbVwueE6MKe5Q+h/zFMK/V7U/WWprDaL3VoYHoQjZ\n6dknrYPPUcgAdMqGYGllY0CVDeysrQQ+QFgWnTPa9kfBn8EUSbNzhxaISrUJ6xYX\ndTkRa0f8qYCiGNZ5BuigA/yH3VDMIaUmJYB9XbpPAWi9ltZuA2Tt8cQ1oPWm5SDU\nq3ct8KP6UqwEXXawC75D57Z8R2mUz8dZGyACRKHWnkjEQZE892Rymq+R+BW/cu6F\nAgwDC9FRLmchgYQBD/9+U7ducieN9QpYX7ZBs7RP5xUCtzCV/dL4Ps7m5b3ZzlE2\n867eFCSn6TMu6/KBi1WmsJJ2eSkBvYw3S0fEp8O3n8pvVyYZBIgmUM49oTx+Xnjb\n/FKRj+TxMYjlQyAXIMFCXsrk49genJV0mGSODn5ZAKj5Rhx1Kaqm1tkZ+ZJ0zzJr\n79NYypQjMsuhA3VL+MkxE3zoipOeU60KPaR7o7uei/PHBtcUtSOLmJEvaZ1XVM2s\nwtnRQXeyQwxzzNE800wWGQF6PDMvjFp63o0Pj+Ie0dyVNS2UbebjJl5uR0pn22sq\nUtIFTi/IwwwRYUFI1i6Kkw7igfyaI6ThO3thxfVcBzi1/7pMNbD7yiIOBdZlcgoT\niCqrK0+uyfPQztJiseX0Sn9xhA9bQK6ob4OnZoHRF7EKXC7CU9C5ReGY+W7EKSJy\nrJ94IeEPHojjnkH1RgK4h5gxDiVJ+d6mQhbbmPmXomBHaaViL4y8gs7cHNXL4v2/\nDH46EUoljeyUxvxIQe5UDBaGB1AwoIrCQoByCmMVGZos1w2QKG2cUXWRfLY4vUgo\nA//hfPyGCwsM88265ohNqx1kMb9qFHd0P4uXaM5wX3hqnP8NlR9JhHOmtjXEXj0U\nPXuqLvNw18ytb1lQ/6lvIfB3nTz6Cd/CiiMtgcJU2AMFY1etgztcr7ZvvfcMVtJc\nAW4txy8U+ulr59a9uMFcjWl8MnEIW4fT2NqJSk27qWMxdkcf+O2prW9wilkazctC\nFIw1IKw0y9ahLQmCdjYwHw0iTqOAvpcJ/eQxhTAWrGY1pCAn7UZhpOmXMn4=\n=xDUO\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

58
hosds/nixos/x86_64-linux/summers/secrets/radicale/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:1yvGiPIViIM7PZc8fi4MRFo6X4ZP0ospI4bx0SwduI30Lk+eWMeutvSjUso=,iv:mcefti2M/qe39zzLp21aMfMI5CrUXgl+c/BvncRHGdU=,tag:pO3TR0utUc55EEbQFiX9vA==,type:str]
radicale-user: ENC[AES256_GCM,data:BBo1TscIK622Whg=,iv:yRxEy4sVlZNzqGGML+dCeGzN2viMT7N9Eg9lWYSGljE=,tag:3cX1cfTzhxNYrtk1u3lLXw==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YU82S1BwWXJubVNNMFFu
VTN6Tm9TaTMzdjVmdzB4amVqYlRPemlHa0VnCkNqQ0JEQnBkYnMwZFVYZzlCQ1d1
dlBXNDRCb05QSUNhS3EyOCswVjZ0bUEKLS0tIHhiTkdOTE9LNDRGRnE5Vit4MXBW
cXdtV1FCNWNZYkxvOWQ1NU1zbHlXVzAKWVblTzYX5NJ7GDZ1ma1L7fo3XU9K93w9
/qVeTSiP8KhoE3BLueaEUZ5J9CTPXmb5SQ+4D7P9i2DQAqcVDtlccw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gxg2peektn8x36kk3nsgmeawl73e54kaadqd649ygwrv43kkvejq2cw64z
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd0tiT2gvbTNUMjQzM2ZN
aUl2MllvZlFsaVhjQ2FNR29wOWVmSnkycUNJClNsdnd3alpCSUROSXBkSEx4c1lr
b2lvVXJtWWZRT3RMaVpjendaSks1UjAKLS0tIHN5eVRXYkJWSm9pYmZXVnRab0Zr
OEpYaWt2TWFmWmUyZWx6NUJpZnVWYkEKJxAulYLyTBmFPBCcYhCLmgBUIGJgYaCh
NC4k7PzIdiKl29tAolW24aZO70EH8JVCirjpWQlKo8W5hPSaJv/q/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-08T08:03:16Z"
mac: ENC[AES256_GCM,data:z+ETj7inVkrg3lniueJNw4VwMp52S0wH+6kEH3bWPvMjml4Biy9wUqatlayi4cHsYQaEL/2ok8bi9rNuMrYYWs7qieLDZfRQuHEJNdylPxIKrQn0xn91ihbQJRyGMCweEtaHNR6uZY0uKH/wvvBlBLcZmuiXtPU9CGPIh72fTdA=,iv:41h4pi70SArumCJ+RqdLKlaiPwyqW0Kzro8u/GHNvxI=,tag:1kitWfua42WtVlWRrGJ/TA==,type:str]
pgp:
- created_at: "2026-01-12T22:05:39Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAArEo4xS5vSvBRMoU9IiazfF78cObwThwoes/HQL5wSnpX
6rOOOIaFZv8MZDcfeS7IZCoUxBsuDIpCSHY6bo/iaGOzQ5616+wS8SZTz0x4aU6f
QLfmAIeqoNU0mcXVsGbm202d76XNYsGARpHprIktjhewzRFa2B0akZGxQ4RnuErT
5lIkyFPKXB4FxXmakwdUnVj5lcx5VEbmyNtsrcqFpY81m+DH9hhRsI6Q3ac2Z2Wl
iC4vVmjGSgex//HXve/YDuUGndzfZQDtk0HmTgfD3+PU+YAWF8ikyE/GhtTV14mg
dFsqYhKEQLGziCxIkx91vejX2/80eh00uVSGWJ/XiYl/xaXwEz202pVfEIJNZE5t
LPe8mYw2IyYkq3CQy8iyB2DRZGqHKcMftXU5upP1jeDUXvzj3nUEaG95XTWT6hmy
2tWS86ZjQpfTX2e/q28L/knl2yHI9/f7e/udpYG+5xIuVY/0732aIKwBNVmEDI6+
y/08NcJJKRCE1aTdfGf3jNJteKQzUlnaQD+HThpFq06RW/e4PXitKyWvdDydAmfr
vKFVlQchdT81fA6J6SK1GohDa8/q9frbaX8iLpyV/l6c7KGJ8BgTUl/rMHCwZrhm
eJMweyc9KUgkjmhcSvZ0puyp5xhPPy6DD6EXwIGyWiAIbZ3sKLFuWC63CJwQQHqF
AgwDC9FRLmchgYQBD/9mRhx5N3zfewIc5ZKZLwo7gqv3qex0m8fLmRHMZxGREeDT
hH0hrvYoab0eddg/vywzIcvqzysErvKcT61Wdo6kv+XDAojJFCN1xAhGbgYF/M51
LID3j3oo5TL4kMBU8NES6VQHieAtV/eUIYbx/G75X/bOIdloxL1V2MzKu59YOdEv
P8KgtkA2kfbdR/PLl724R1nHHoCrt707T7RdJP8vOAE6Vu1v4xPMC3Y2vgkrAr42
K9/qecQg0RZQJRA73fEyX6IIsktJxjm7YaaznXSyBqw3YlqSsPSyT6sd8SDgTBju
N0n/SOcrgM+X8tnq38XTbQFVlT7dMr/e3Flh2a7igA+Ceaqn//gJi+fOzd/9kP4m
ESCG36+qBRYaqDyYK4BzLVJhhG4qr6pIHPd8t61UDB4QbjvwOmr70OQ/Dmsp4KOJ
+dADOOoIe5fHbpAr8Fc5Mj7hvkEwl3B5uOgkkaW7xfmwhbogsLBRKBu/ZhK7QAJL
LjmMzSOvbw/Vai7X1myDiBtkubnGHJ0zrWqXLIlagH7zts2jygL4VuYJftmCJ+R+
kAQ/x/AYew6DgLdtOWJpOrs9lNX/T2uEtCQSNt5l8/7EfLAHp65LPSo4KgoBhflp
bRR4azACGhnH0VOzpQD6grn5XKLJmtRq2+LTRM80TNlNp4kCysm4HwijxgaxENJe
AfU03Aj5CVREQwC3sUllLtz1W2BPFh5jzisktuNU9QlExGZXGUPSxFuxv1Pi5m5Y
dRfutHRl+2kDAgXj+nP5b1rdFxTHLaxCVtrL1qsu2Xq/jJDpsfryqt+preZMyg==
=cyX1
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

54
hosds/nixos/x86_64-linux/summers/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,54 @@
resticpw-SwarselState: ENC[AES256_GCM,data:rJrpeiNxdGZ3NF0=,iv:NHf5tp9h9lHDzTNogFkzhyBXgJVSbawT45sSvlSn27c=,tag:D36aXm3Q09cFiaNuJjL9SQ==,type:str]
resticpw-SwarselStorage: ENC[AES256_GCM,data:uj8smcKXrOzm+Sc=,iv:ASXoj5ZDgW26ri4LpxtbyUbPoc1IvxIYxjMcM/waLus=,tag:sP1Q3561lMKXYzuDkPC3HQ==,type:str]
resticaccesskey-SwarselState: ENC[AES256_GCM,data:boY2ai1iHwjaEUXFrpQK3Jpi47GhhTF+5A==,iv:qcYJE2BidxvesBOBJU/KI0PqXCpb9Fa5fr9gRcE4ox8=,tag:XAArkrmA6n0hGxU4+3OSGA==,type:str]
resticaccesskey-SwarselStorage: ENC[AES256_GCM,data:b3pHjKJP8+pNwoR/0nj8kidtKZcqUHAkkQ==,iv:MKEV6AkkTgbZrc63DipIxPvm4pl5/elInY6N0ewl3ac=,tag:OZVUdGBq5HYCX/NL7RJgrA==,type:str]
resticsecretaccesskey-SwarselState: ENC[AES256_GCM,data:2tC7RKRQM55dekqc6DLsgZqIBQbmWJySIXCOyUjTMw==,iv:a0bjCwmFTUZcJlz9WMp2vorwm9dUxg/7ulKWtL14LiU=,tag:7jbl6AGx7dguM8GmTD6MHw==,type:str]
resticsecretaccesskey-SwarselStorage: ENC[AES256_GCM,data:yjhLY7AuW3m5tOqfiAt6IbVHTnGkzSGzjkoqWD3wvQ==,iv:+2/dSke3LlWQpWa8adNS65M2sbfNw7DbiFCruMHnBRU=,tag:XgV4J9/c5yg0X1eBN1myXQ==,type:str]
wireguard-private-key: ENC[AES256_GCM,data:lP5wnI1YUSb2PJUo8LvCogz0gfwwnqgYtNEly2i8P4geQVGnsxCz2c0ZKgM=,iv:55gjJ2K15EB8i9iwNNsuKwzHZsX3RvsTKNAnr+Ac4to=,tag:GPscRLTJSj+TNJ/15pM1mw==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVEgzdnZUTjlOM2Q1M3pI
VW1OWEtGczU3cHlXaU45MTk3MzNYNnh4L1FJCkVNOFBlVUFpZFZqOGhBVVBQR3gw
SzRXbEZyZWNoZlVwQWxZWVZUSFBEd00KLS0tIGs4bnd5M05DMWtOaFJDYlVaY1RU
cUpZZzBOZHlZdzRoS0l4SkRER1JQeTQKBeYA2sVQab9moaYlT0jE7/zMJvOJoC7V
QwHXwnkjZCavAC5HIn82PzJ0DNrMKSZ136AgA+F99X0ZFyFnEIFZCQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-19T14:12:00Z"
mac: ENC[AES256_GCM,data:VsZDoY88nMtY6S87Odi641VrenfVOraWDgfGuKVKKrcUJtTTF4hkwI5b8dZ4Qz/9g4IxW0Siht8qodqAEnA5bvDbMlabIgIRrbO4hAJjPYEtD3Q+J2n8PVvWLU94DusgN0A4rHXbEq1Am2bUjcXKWOg2FpkUGrkJyYfj6R4l6kk=,iv:ZPMPs71eoiEddKTDwIZbYUziKDVknXGMyw062i3X3oU=,tag:IiXOOiJzuN4M1jU6dZdTJg==,type:str]
pgp:
- created_at: "2026-01-10T00:38:27Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAupwKI+ZxJSXN856THn/72D4Exl6hY+Xs2SlU/MO3USYV
1/2SuZK6x/yl8tXycUiAJ/G/2iPEkE7QIpou0Ck0Q5dCzGyEyjh8d6myEGpCXTyJ
+41bMOHrnRWpZ1IPeU2qfbp4RNF6i3i0VOSzT7Hi7i7xDGQCMoD6yRwo2NH5T03P
DNkssIZ2V4SbCF+uHF5wbNgOlBZcLex2I/0vfgQXBz2wClaVY/YAkKarjroARhI6
K8zaueup2/uJr6UBvsbBXdroYSJDKkzl9cMl+g16RnqQKPj6BMKD12c3w/U9Jmb6
dXGWjs2xLQJ0coD9pl7hpSuYBBZk3h4/wpI1Tyxf9s5qra4ARtJbvlhztkYbTnby
vrOR6zFrbqHuTqPIil2rCTkMGXxEgyJ0sMIWDWRF1PUb8LODBBhgfYSUHOZM3rvK
1txWY7Wz1SOO2J+MjCmgvEUakW1Pp4c5hIDtmRTBwlEx0s1/Yb6S6sTPloNepDnW
ev0YJIDX4zdHn73yZaYOrPX6NsUSSHC9SPVHIZSOWO+nO7DdX/eSKd5NbZJEyKcf
xUQoKvF0+3Lg7Xh/p9yLfmaMEQvTxBcBhBmYOxboiKOFacJBVz4MbfSkCXm4IAeb
YW6ToixrOv7Dm92ii5uqfsOtnwP0LlMa+x54wc8S7lqND1Yw+CHGgt3AGoN9hDCF
AgwDC9FRLmchgYQBD/9OfpyzNpwlBkbqWXcygmkd9n121KhPdIWd174zcDmln0h9
3+1CM4MPerCOpqrLKI9KpYUct7b1ObwEcG21famUR3scKFSSgaPWst2sSz1W0YmT
eRJ3TZrO7gVHkWZ5pBjBFbYa3E7P0LbDYcXJrEa74OKiW+ukICYvtQp7s1bLMoH6
Gy23xglPpgb1tMhLk6TXbPuj3p2rErUjhR+f/TNmStliVGfFmnYSigGlG3MZmhSp
q6/SFeTCbWg6qMqgCxz1xvG7zRTVxTKdTop5YF7lcpY25Jso+z9TPGfWV9xzOejy
ZKE4Jako6mrkNmgYZPL5E8y7R3n9AZnieXzgKC19d2QFergy5wp41Qwwpk+YCcpR
vSBLcIIgHDizDI1+1878MvBM3soRcyPhkq6Y/eg5SuUATvG8k11VxznO+iEXDv9B
G8JkK6IOYwYGhaawcsmwZedyrRq97DEZYgONemriaY/UB2MT3uY369NDV0UrIZgz
FNXp9GwuaXj+M5MJaG6//G36IKnhEBJqVvmqpR/FQiSIddnGYJrW7WkGEIYsHLEy
sF1vmblhE8f/4w3IrNv1SmBnE/IwrKe+OIT4b5SUFQaTFe8m1fuj7M6i+LRcsJmi
QQ/G3OFbZVycjjz+3Wm17sOez5UDzTCTgXfIxLlqselCPjEmNgB/xF/XNKvcxtJc
ARnZYFJHNPPnyvGgT5UO0unihVvYwjANSspdUVo9kYfgO7DV4ptN/eRYppZvnSIn
bGBYIVuHzTQyfjNzgukghJANWctbyaABv6wZPTO6/jjNtkMAI60+vjfKCTI=
=OxXr
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

57
hosds/nixos/x86_64-linux/summers/secrets/storage/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
wireguard-private-key: ENC[AES256_GCM,data:IsQLebLnWOCmERQLSmZAASOgxyg8itWr0o3rt6062cbWIDLO+TPJTDtlWRE=,iv:bhhFTLjhHMTfEyynklpWPTU6KCpBZJZoRLlr0o+Pk7Q=,tag:j4pCfGDo2CQPpKmpn6gVyg==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByQ1BZbTJZVEJRLzN2N0F5
c0VWbDVTZE5WaGw4WmM1RzUvMnVXOXVvOUFVClBCK1N6NnlxS1VzN1FOY2I0OWpI
S0VCc2djck53NFZ2TXdqbE1GQnBTSk0KLS0tIG1XNnNpQXRnbnlsU2UyMG9VRU5E
WCszSmVmQWZncU50RThkcHQvdVFMQkEKVB6ETsGVlWYqTgwX00wgasCTucYUlamR
HqiwLA5dpoLCpTVoZvp4C7iIe4b3oQtXeY+5cAWF9hXvzAGybSM6DQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kn34ny229gm0rg7wlcvxmcyjtz4gka6f2vd958fde6vmuzrxcvcsufra90
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeDhOUWN1SmRuZ1VaN2ha
SlduNWd0L3hBYjVGV1JMYUhEUzFPZHpwZXo4CkpRb0ZqeUFSemVSK3ZYRnNrUmty
dmpua0ZlVkhSOTdpMFRUdkg4bG5yYkEKLS0tIDU2SjFMRE45NS9KWTZyTzY2aUpi
NG9kUHZNaEF1R1BaMm4rc2NMSXdhd28KY45+ozWXWkKWaMQWh0QmkMheQiF2sqos
oEQ/q/heFzj/nK88GmlRfZY1UqGYflhBsPQqUz3RhWKGVuLWZXIe/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:51Z"
mac: ENC[AES256_GCM,data:eRO2+uoeWo+qeZR1gf7QJbydXvrLWwQQytNDM0Hxo9S8ONrSK6uA6Vac050Tmo9JM3606pr9RR3RvtRn20jcKI9X1PNVayE/hhdgug7O2CzpR7Xnekh7PM2N9hLgdH8lKdOASPXTYMQxnvKfX0oWEjLnRa28kK48GzdyrLh2iU4=,iv:UQuaMAcVjgz+fD99lJPMRvcWNduYxCccKDnwPT1ikf0=,tag:7VgsxiXcYaHnQyUoOSvmoQ==,type:str]
pgp:
- created_at: "2026-01-12T22:05:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//fL7J9QIrlwSjvG2jM/KqEkdJZ8RKiXGF3qcWMFeMJqoP
0DYgX0/M1c9TAcr/JzFCSzBhKzd7O7v0FLHDLaEpD5I3NsoPjfpJZB3j5tfvJD9i
O7lR3cLKiBXvA5JCkuNifKok63fR+k6RNirLJVY0UJe126xL8K3gCb7GHxSd5EOy
OUZtO6caY48gxAboVn0biNtJRZBS5wo9kaNhAahy0xsHmf/K1DCxpznFlVTGgFMQ
plnIeLSNTVgDjX9gm7/E3574FOONeU3MsUgFqxEcm9wul9cLk4+0sDZ+5OVpxP8W
o3RDO1uLm+NhmfmFamo+grSbYLHRx+dfk3I2JrK2e7z9xDqsQ7a+ZRiLmNErpG52
0MZTIkbm5MZRt/QU5bLNs4W5dtEqwf114LG9Nkux9i6auKfuKkTCMaGvixncdcIc
mXDCjzqWriQFEIPpwTwpBpEqfXE2au2gnj4oC8Ayu9khG3hH5Oi2VU3PjFtrUOcy
saCFJi+3n34idHqFgCYzBnqQwtCG927EoDT+KYqXIGQuxLyEn2yO0JiTI9Z5so8L
+cPrJmOT4e3TfdsIGpLGPRNvysPc5TLO7neplLy00QzOMPy6RidQPeI3E68NCTjw
mvztc1x8pMqPQZ4skamnbF+xVGYCPJFrO0MRxvr2iRpCfPTRK5AsTnMTOC3lnaKF
AgwDC9FRLmchgYQBEACwiOm8QhxZh5/ODnAM8KhRpZPepFMx5QhgAcQsvpo9KExQ
JPd7BqDGNe6Vj5I+eqAg7KihXLiv5PiOZ0CFp8pEflJrLUmh2mdB8khoVs7Q/MvE
JgiZ29EmN6nowpJAPTWHRooo63vQADCVaPfzNgAGcDeC6lz7xOFLyI2FMMBDMM3T
/H3D3QnwU4l8lEWx49LNHIH/028wj/pccTvgk+zBgfCM3zhpGzQJM5wtno6Mfv25
di53YEzx4PlPBeR/hqtdPm0LwpqIcAVPEzjHEX7Hwe6vZ9+OaqjHtna6fo1HMh1l
wUlKCwf6/p5vKGS2lOKkM3pmrU7ADIs5Bdn+uncTw4hRtF6ZdOY1ReJKKkxTzxN+
jKLed4NeBIy659jzHKdKqtCDXradVT/Axt+RQ/zQguijVQmOjmfMPindCbaoGA9W
g09cRxiGV87hDOgj3cjX/PMDxAjkperYaIEh4p6zbrH2nwHzbjpQXTCgOhZSByJ+
z6J39hvFjB4w2vF63xoceZoiQgh4iQdClU5API4vHX00tDBLoUSCEzMFOon0+yo9
j0wOKt9UIAY/3pJL1WxOWf/3AoiTxdyBa6f9meji6OOtTupZ3TqFLR9lKKl1jd5Q
cn83a7FIXnyVto1Azql5d8Vd1VxAX/XkwH5mUiI5/D45wXbSoNtRu9P2+DeHs9Je
AbpwcZthRNHDncWRCs+wnLTlTANoSJrvdKI9xYWgfmFxnoAMhqnZF08EKxQLg3zD
/W///uyfXYRRnVwg7YH0zihBoKp042bp8bZPRuj1JgyyS8dzidSWSs+jCDed5g==
=7i0m
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

58
hosds/nixos/x86_64-linux/summers/secrets/transmission/secrets.yaml Normal file
View file

@ -0,0 +1,58 @@
wireguard-private-key: ENC[AES256_GCM,data:o3wV7UI5BSV9YU0uaumgfFWBJlgMewpUqOusvcGWxOW8dSrT/aqpT9iu1K0=,iv:fNf6fOL8KcYBxmfFLi5K/qPmNfon16HE1fgQ86qNDNU=,tag:BoRbtrw7jvENAn5wiP/sWQ==,type:str]
pia: ENC[AES256_GCM,data:9bMMSavvHTC5UM24W+Gsy69VQdc=,iv:pRd18+/Yy8BWp/kybOqM1VPpIkS7vLSWXZ93PZT+mAk=,tag:DYiiv3+zl8N9UR2X4Yv58A==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMUppRWJtOVdFa2hvQmtW
ZCtjUEwxTlVXTlJjUWpERVlJYjhQNTI5aFJFClRpaWFWbmExRC93dDFQNDVlRDNP
N3JHVzBGU1g0RVBHUVg3RGhBaitOOW8KLS0tIC9uTW9tcDFxSFppdEt5ZWpzUzd3
dTVFelhnWUk2YVNCczA5ZVFEdmpHakEKBkd/XczNimSP/5kny3axRbXZOfPAhMVW
H0OSWxamGLQpnsSHgrYdSk93Bcq24ziuVzHEaPEDag6XC7UNvsNERQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y69f2elvmq39lc3t3ucq9y7wt675520n7rvug88qg368qsmmk47qvwrtny
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhYTV6MHNtOHdwSTdTaVlj
Q051M1A2eEVMZHhTRXNIRXVrSjJWZzlMTHhvCkNMaXZsRFlVTXlINGlIWjhZR25q
OTE0QXpiS3NiQ1JHVlZ5QXV1VEVNelUKLS0tIGNBR0dFRGZxYys1OUpSU2NHcWV0
aEg5NzQxeVZPaUY1bTBBa1ZidXJrS2MKUCsDOnsmpOZTQsnvdYguDK8uH4FetcXq
nKzlSJ8zvYXzb91PfCcjYbp3ttUGeeJLVPnrD42+3i8H2U8btSrR8w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-28T11:27:02Z"
mac: ENC[AES256_GCM,data:7QTzIr3m0Gip66y+RNZrmmbUTn1jm+7PrEPerH/iw1resKHU5g+I3cumNqPt+iJYIbvNJmzfi5g6qLyjvcIjMFK8gy+RAkQ86r3zd9O0sWd9Nyd8OWstl/8srxGQNK8gWNEFIF97Dz2Hs26WYHa5NTWrZkyblFjJ2a1EiL+mNzo=,iv:aTF8ew4Ucu+QqiOz10F+KyuLb1Ukz6Q674SoSdYQxOM=,tag:5UeUHsJlKiwKfC7VwoEltg==,type:str]
pgp:
- created_at: "2026-01-12T22:05:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+K/beVKMITwy7ZM0X3cUvtYuMzo0FaH7qEcoN7Ie9tuT6
ZF6/BIBHVrS+953Gw0HJajWQENAKphKqL6TT8SHSpsdUpTns7rxJZlRm8C2FP3SV
eqrtQuzm2GhRVzm/69nOkq7vzrRJjP7/6ZmO+1E3gURiBLJla/MHRHi+NRrYrq+H
VdWWwBAe1T7Kd1WNRL+o7zxwkH+b9OIL5Ia6WI8jtQizDAI33iTbtfxO5ppXIyoL
PEV+2ePTWJxV+dJBbCfDHioY7l7I5yWCKkuVmVBp+CNrNGLPdU1Ta49wODt2Isy7
4F3YihAX3N8MDZ09aB8UeCmzNIDXt0Y+1Nrd8Z7ctIgu/Gji7Jyc5bBCgpi9Q9N7
2uVm6m8P6uSeifZ5e+obJUqYwaRUO4va2/tSX2TTWK5l5svIEQh/hPmWowJrCCSl
1lh0cA24M8ljphdltBgxzfiByGobde3nNeak+8CGYZUZq7xIMwyIMoWTlnSy0Fno
oJxe6nasxZqQTIqBu3Dra4oBnSTxWJ6SWbuaeegbnGWRp8Pfjs1mGWF6oNYaBwoa
gvT2qzjzah/b6VEfo9m3mGnLAubU14a2zoSnQ2zZOZp3k7JUbkCB1Q90NACD3wl6
Z+qCEP9YHA39Dga52jwy5yfYmxuZVKPIXJgtUrSAzGQrTGyBmOorN0NhbLFoD0WF
AgwDC9FRLmchgYQBD/9Ro2xVCqlyifNx7ec+yBLufPsgqq1x12EPOEEtDthfzUdc
FV3K/+kv0QmYveqfhBQsMqGvVUGW6UW4b4YijUMd2eoJin4UcwUJNpXUS9aKohcH
bHFH0gExhDGruRs0z1rBbjuZTWYhzeYv9kl9HdJx7Hh2eFJR+0T6DrLlJ6GoVERd
HKy4nmWtO8wbkVT1akSZVavZLwB3J/5EG0zH/CD6x15Spk+1aurWqbmPlEy8S0qA
Nf002A7RV1YD3ykZg/Ie8bPXt2ghuO7UU73mz83dTskoYggf+L01BXA3K/xd1ei9
tTeLn+INrLcQ+3FNI+zl+b9HbWo1hIO0xG1IRyWWUDTbssU2HdVO5ppnmYC/15h0
6loY4EJeWAiMe/LZlXpeW9y3YdTPQvzjhKi63KYh184RoZNBjdRtrgIKX/zJJnyG
4UqX8d6yQrbAABnBslradSNzsMuf9504MJ81ZKeJPF3JwDEtkW/i6VMnkRCgvDsG
FWMIsrWttTd3BcqvgHUkxHHwnGglvvmPh3SvkdPB4ctzYFGCxyQHV0ymFC8xmkNc
gP+U5cYj/tdGSbP0P7SW09cj8nbSClZ7OZMpHViQTSOyFkPvVQYOtjJt54WwJn09
aXTIiK3+xSORpgKLxFJYeLRY7OjtFqyVPUh0VE5GlGA7LxqpAa18w1bfS1XR8NJe
AZKgUbEp1prBgI4aeLqTr7qk4LkdmaVPxjuAUX1mg6annIHOnPLlaY54GzWtG4Cn
5/F6ZRNQK8pxr82lctEqGPN0I+/Fp7nky7xmBBzymV26LJLWG77UrQONeLlNWQ==
=gUDk
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0

44
hosds/nixos/x86_64-linux/toto/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ self, lib, ... }:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
];
topology.self.interfaces."bootstrapper" = { };
networking = {
hostName = "toto";
firewall.enable = false;
};
swarselprofiles = {
minimal = lib.mkForce true;
};
swarselmodules = {
server = {
network = lib.mkForce false;
diskEncryption = lib.mkForce false;
};
};
swarselsystems = {
info = "~SwarselSystems~ remote install helper";
wallpaper = self + /files/wallpaper/landscape/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "2G";
# rootDisk = "/dev/nvme0n1";
rootDisk = "/dev/vda";
# rootDisk = "/dev/vda";
isBtrfs = true;
isLinux = true;
isLaptop = false;
isNixos = true;
};
}

127
hosds/nixos/x86_64-linux/toto/disk-config.nix Normal file
View file

@ -0,0 +1,127 @@
# NOTE: ... is needed because dikso passes diskoFile
{ lib
, pkgs
, config
, ...
}:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = config.swarselsystems.rootDisk;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
environment.systemPackages = [
pkgs.yubikey-manager
];
}

27
hosds/nixos/x86_64-linux/toto/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

59
hosds/nixos/x86_64-linux/winters/default.nix Normal file
View file

@ -0,0 +1,59 @@
{ self, lib, minimal, globals, ... }:
{
imports = [
./hardware-configuration.nix
"${self}/modules/nixos/optional/systemd-networkd-server.nix"
"${self}/modules/nixos/optional/nix-topology-self.nix"
];
topology.self.interfaces."eth1" = { };
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
networking.hosts = {
${globals.networks.home-lan.hosts.hintbooth.ipv4} = [ "server.hintbooth.${globals.domains.main}" ];
${globals.networks.home-lan.hosts.hintbooth.ipv6} = [ "server.hintbooth.${globals.domains.main}" ];
};
swarselsystems = {
info = "ASRock J4105-ITX, 32GB RAM";
flakePath = "/root/.dotfiles";
isImpermanence = false;
isSecureBoot = false;
isCrypted = false;
isBtrfs = false;
isLinux = true;
isNixos = true;
proxyHost = "twothreetunnel";
server = {
wireguard.interfaces = {
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
wgHome = {
isClient = true;
serverName = "hintbooth";
};
};
};
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = true;
};
swarselmodules.server = {
diskEncryption = lib.mkForce false;
};
networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "enp3s0" ];
}

45
hosds/nixos/x86_64-linux/winters/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, config, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
# zfs.extraPools = [ "Vault" ];
};
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/30e2f96a-b01d-4c27-9ebb-d5d7e9f0031f";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/F0D8-8BD1";
fsType = "vfat";
};
};
swapDevices =
[{ device = "/dev/disk/by-uuid/a8eb6f3b-69bf-4160-90aa-9247abc108e0"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

28
hosds/nixos/x86_64-linux/winters/secrets/acme.json Normal file
View file

@ -0,0 +1,28 @@
{
"swarsel.win": {
"fulldomain": "ENC[AES256_GCM,data:CVasUSMRn/KWzVRlcYfTO/RL+W5Cz2JpDj0JLAKITXrDZrl+Wsg46X8zv4hX6NLj/wAyvXQ=,iv:N3DL4JPX8vWTbllFWcpNulwtDJ57xpHrAwoUxWhTzxs=,tag:CYWoK9uT121rFXQ5h69CZA==,type:str]",
"subdomain": "ENC[AES256_GCM,data:uM457vEJa10IV4SovBDUzLLlW+mPwh1SiWr8thQisFoe6zAk,iv:Tdbd5a20Gv/thkPfsvNiAbI86JjcDs70MAfk4yCZLgs=,tag:MulJiRWPs215x0bc+1jBiA==,type:str]",
"username": "ENC[AES256_GCM,data:ePE2BEKL5uaXqzGngW9ArhwP3qwDzwULtfwUfb5Q56VGGURp,iv:/GZRbyXHorcq1PIYlhfOmUVwCg0I/N4ZraEzSrc8qmA=,tag:wM5B1U0BsRsBAJg3qNOXpA==,type:str]",
"password": "ENC[AES256_GCM,data:RGzdi8IMqm+rtiuU4RtWGQ4N/7FYBbp5Pir8/k2V1QEdM8z7SIn0FQ==,iv:ThFbY9eZuEZoyzcWV5DwtSi8ugNwM49JfRof560Qx/Y=,tag:sgMaLrPB8WgpXWPzaCwOBQ==,type:str]",
"server_url": "ENC[AES256_GCM,data:zJdXoO7ED7qeskYJ9Wu0Rdprbvj/uP+Z,iv:ce+QXocqCjNKCsZRyVt6koUyc2lsTwPNMcfQyqbktN0=,tag:bQSE4/6va+V0TORWANLdUA==,type:str]"
},
"sops": {
"age": [
{
"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZ2Fhcnd4RnNIbExibGlr\nMGNoLzltYStyQjNDSG5jbCs2WkpqR0VINHhnClF0eW91OUVvSzhackNPS2JaUitJ\nSW9VSnEyWjRHM29hT0xHUUIwTkFQamMKLS0tIDJqRERxQ0l2NElxeUhScUQ4R2hS\nT1dhQnRTVWM0Y3dUMUxLTGRhZ1h0NkkKJI58M5YOldaj0gy67WywMK1vTNqBLz+T\nK+/0PuEooKZkcdd92+UUoMMU9JcfvnvzKmC8Ot9xwiaLaupb2Fb7Lw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-04T19:04:02Z",
"mac": "ENC[AES256_GCM,data:nWV/knCo/MeWTBrfq1VlV6SPEQ2i2P+le82S2So0BIxPfz8tqan0MdaIaKLFlapsT9VRJOv8ZCCXSLWeGcbEvfmEz4MP1E4iHcU/4YaO+n895D1JrjeyP1cgGisnXqe01xMXCsDY178sqxHcnDDlXp9foCem+mGjIlKGPYGu5Oo=,iv:qbavbW3MF4fx+E3aybBYaz/T/Hb63ggWml4Oe9WFz+I=,tag:05vBbBGDGRNaXJWoZn1bVw==,type:str]",
"pgp": [
{
"created_at": "2025-12-04T21:07:49Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ/+Owp3VI6TVHSb6hxNioVb4P/e80pnf2LZQxhLUOb4QAfd\nkXGJLcdC3rIDF7b0qfJJrH+hCHSZBqrE6in43wDXe3Cj2CzOWaU8kABqMWKoRhG8\nd5Lbrn5uMN9sOWQugjFwtDPQo/g38wkHjJRwtpp57K3W7t7A1Np1Hma9APLwf6NV\n4t/A5vkib6n3Ilyc8e4eNlZu2yV+9fkygcSQYd9QxCRdqAbH9yCgtQ/iYpW4wNXW\nB18ENwOi9KiyWO8zMtGdj8Modaw3yLo9qku2u5BkBnbvE/SDD2QzxVEy8dc2P2/9\nkT3GLI14WaoTc0uCHQfGG6FOKbyD8P7VMdk6K7LuBrAANEaqwb77NlsIulekCuff\nRHjWYzzLv14wumO8+3dXvSWwdG3or0/caH4oKfifTbwSOwSTVru6WAWBGx0reqwO\n4+CQ1WmqHM68aFzlQY40dcT6i0jCZpvL+kMncbOn40oZt2+7T6h6zfa/YyWN9n1Z\nc3LhbHTYjA/gyjc+hD88SKCyn1tFK076209KeOpAJnu37Vb/O0BB9T8cxe9KVkMa\nz7SBXE7BEq+vc1BKpHN51zVmCP9REbQ//2RS2JwfxuKxj5ti7xQNBfliCVn/04bj\nEYnortuIFKjXGhZBBrgWKddS7zaU4Ux+1Nj8NAou4u+Cpi+EwFfpVvp11136H5OF\nAgwDC9FRLmchgYQBD/9fuQYiGbtsS6dm4kQzS6Ptmx4+Yi1QYywY0aU/S0wz+LBc\nn3ECc3AypbLEemNU7OeoveOtPj7TyJ9Wth2AqeWSEizgA/xCttiX311+emK5LqjM\n4KtlxJe8P0Hun9vxbcGRVXIN9IKDk07MWPBVQ0nUPnPlNTzZtlu/ahW+Rsyxm8wY\nq035Wtyr97Ak+gtB72EU3sEJ7INpNbIsbfa+AAbda1drrhvtde5kgnVKsSdC3oBy\nTo6rgSjRT91MZoiY+L3oR1lwmxtu6snajhnCWHe/u4iuMMK8a3b3WAUNBxG/tbQd\ni9qOLYyjtdfuqRsNvSK6WsgpAqabfUmvBCYsvKlNUGx4LDMmKsMwLC5DfPSGk8FS\n1haVyfmMNoCkcG2RuT+mwDm4I6aX1VbeKbIFrCYBEAYuWh8Hdobw3TYNrjGvHScq\nVE47Q7bCsUeiMybmtHTcHH6WNI+LWx9EHVZCaccqT19FV1PAUDvU3Z9HO48kcrjs\nX2UM3HtmU84p+zgQQzk7I1ociHqFBnKQmVd5KVs52V3Sj0a4EhRMDrWOjoucgUqD\nqMPk9HpO8A8gL/Xoaxbs3EdaQJsy30aVKaeDUyTcTqTLvEAocUQApi1QQCKgoc5K\nT9Y2EqfC/ArWSJOtylcQk0sJfKSo317lBb50+h1XcFXC3gNcXgipxURTwUSqb9Jc\nATpFH2B+AS7/fG22KpHsop4b3Mwm4nNZKTnJ+5IY2iu1hg/96AYe+njp+7BtbrbH\nTxOiYyszqQ+E8WykRO7QwPxgGtlGkgW2fXRFmAxvCHMbnNVvf2YSQLefUPg=\n=MyHr\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

22
hosds/nixos/x86_64-linux/winters/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:xI9xiEWeszsdkCyGaaFxO3neMHj3f8kjiKyDJwVjQIVyBD+X+13vj5HoE1WsOOxNAOI8iXsE/Wpb08hIBLPxJjaip6Ordntl/kmv61uxEErQ4i8Kj9U+k7mTpPi/MOv5qlBBY3qhca4pW37UwRMUMl/BbM4YzCqUMGQfbkxuevNoIoeQPEQnbHtQDdVkFG8Ql4xv5tQ71IPAx9ktH5iVKqKumrPEL8/d3i4jmHg74Y9A2xHtX1D7/5FiNUGpo5nCEKVLB9RmY0QqKiC8V20VONld1q3b2K52A6cS6IYvFpWR7/IaBpitAKTbMldxK4cl1Llpy8CNeLNGlolFqEnv3As2bx/gdWagjLZ3/TWZIBq5xu/Am/5hrLnSlhvEGx6ZSJujIZS7htuADK9KjGn1NFFLxAWxRB0TUQmbN8jKsHxtk1QuwyWeRSV7WN8ybvE5uj/dnL61A9/dHvmqT6YY43TAIX70ahlEqCsHNLaPqEsFioBlP5Vl3+dRatFp2GMytL0MZsITwpq1Qx+sJilAJZESCZpwFBcEFzHrpjLm7WkyFXiLvdGPUlVDhpTA/R89xQzaNcLOte5A7OdyeV87X5awCdXJhk/csRXHTuZzaa00mTv5tEZnKJk9lvn6h6Pcy4wObSbRRFlsQQBmrm9TkG/E/i73C0o8FbB3AXth8dHdQVBoO6GlH9eQKh4y9j1zrTvjMh6YVRqt+i28NabYjBS8HehbcuWpZfhSqmgiVaaG4oXIe+40kEDrhyhxSHnRymy2lNtD2IXzE3T5ixEgvv52HxglUDATc2ydL9r7Vdyfypv6RK8EVUtcFWoxUKFs2W+Eev8cMHspfuwNee91sf4exRCA4Xdl17cQUYsy2l/tz+biI2nrQKLzq49J/guN++n1xWOnZyzyNjcrID1/Cbab1k07hCspxzgenlykaUeYCLvyB3K+AKGtKcf2/sv3Zq9TVumLzYgK4y2VNDV/fpqeAzFXagPXnBmEW8BEA2kJGcFLxEeMQnYVZI/pViwpFBZXXSwnHGBr1GbLG9D3D/OwrFJgCr0baE3hmQFm6EjK24hWTDvxKWzGUeetxNIt2hBWiaFuOcc+RNnItuTREYaKq7BW6I8h9FQR3igl3K6iN/y/ZGzjVq/15Jop1ZSj2h6jagRdq2u2uObmoMmrmkHKutR9nKqjQDRZp4K8TAq51xpXnNXI+avNFjMJqL4/zmaPVzibW4sJ0YUCf832cWmIt4pSZW+z2Q6UdbJXAjzlZ4GicIQAzgh5jQpYlpW8yVgUVJKyb8HEUQJ2KIep0PhRZDqhclyBGXoOdGk/IrRaw0sqNsMWx+uLh/wWO+fn6/3CrQd1WpJldHCFQIT1OF6sZ0DylYmIPAJb/pbiImes3df5VCIO2PrBILGJUDA1XTW53L7LovhQB+Pydeu4qjNVueUwHr6DEkBSvKdTBC7vJqSm2hAXdEG1/OYTliY2VdoqK4DfsmwapelLKzkQJ1k4neUt0N6A0wc+/Hpfg53u1gC4RFqvnYSXM1eW0BlvdxIwWbq48G3jqvrkLaxVsqeclGSE5I4pisxrMivj4iFjWG/z0vkAMQSoJTyveSUXxyA9f7uWArV79Usj0B7+2F/rK1Ej1KJEcKusji6Wl3QR2ZXBMZKlCrOPL6o0p2w2iZ/ovkJAHg2CYD6njg+OkigKYFj1rb6FhPhFSSuzxKsmEq7eJ7ABrs3NHE/MA7F/C6uZTnJNxiK3nxc+JLPb3CLoEgULT4DFvomDpbM+J6+frnblzCYirgq6bdpU5eTMhrd/pwVC0HOCJFsG4xDv2JwdYTKiOnoNr//4wyHF0xfyRb4g40Hit5dB5F5m3krTu7fIIGw7RuczSbV/LFd1vobomMwe1/GbWMAHLpiABAwYRz4e/6nNZtRrPfNMWTQ8ixNEZNAI8LW7VY2RwLF46feJIxuc4UfBRlg4EdxO2FdXjDSp47m1HgdtmXBmgyneGnIyeiWvgSYsSEClG0F7/6PWDMwiWsVO+KinaJ67nWG3OmO3bXu5JjxZi76vyAe5YdQx2O85vptUzs9EExile6s1+F1gTtUFytg183dpAkBc+ml9iEHv+5nGl/MOUMiu4CPFjyWlhp1Eo6Lm94ycAfI1ItqkOZg3v7sMTc12YBfX35ql62+C3DcqpCJiBreNytZnnF1l2lEPIAUVJ8pjsrblz38=,iv:kkH/Hy/0PNzkVdTfYTgKBAN6nYslP0OFIndsmORZVEg=,tag:j/fMiT9DCog0CHnM74MNMw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UFZTaXFNdjF2UmRFd3VL\nY2pZZ3ZaRkhZSjdVUjIraHV5ZlNaNGtwM3k0CkZ4OVRFcmR3MFBDcmdsbWFId3Iy\nVzQyUGI1eG44d3JFL2NvZEg4NnduT2cKLS0tIEdhOEZETk9nRTlVbmJ5UW9GalVx\nS00yaUpJZVFVNThFei8yRzJYejRkYk0Kf6Z8WnG8phRtFIUWIPys3PW0OImhAcF+\nUFLuL4Qr7zWaeItCRieYCs1yBn7KbUJHZNkJcvnkYW50NYvlEa8wBw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-02T22:52:45Z",
"mac": "ENC[AES256_GCM,data:p/m76sd+5HhD+tz7oSnoSzVRCnB1czTUTF90LSyLQuL6aVyTpVZp+p6/CnYc/fG+L/8wBUsLrwwajl22S2+MZAqvQFoYQwY/AiFb10wZNK2fzPEURW3P+QYzaf62nb4G3GlckjAcGxGyeGcU4TnL1qZEDgp/KcdZpsUwvVQvV/U=,iv:k7m4dOr13gczZTGlz7uHIQB/uFPEQJX19uHuLB1fupg=,tag:mzpbLMV5aun7IOvPIJv0ng==,type:str]",
"pgp": [
{
"created_at": "2025-12-02T14:59:33Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//Qx2BW0k3Q/pAvbKZScmhoIoFpV5nb+ZB72J6+f2HQLSv\nVQP72XDoYyIfW7ERsY09gkNIJejZ5n/fgB5KkyEqsBRP4fYDXl+XfAvPTu3YuQOo\n9mA2baJ0HkBnsrikycaUQAIXMMCAUBS6Ooi1blQeYA9khqr5Kc361IwB4bv8WcIz\nGcBPSWBc3B86qK/v8l0Kle1mcUu9RFxNZkitjxKdf9GDn6gKo3yBWt+/8NJLDUTq\nHjrBH4WpqB8mVDupg/p6OUASc8y0pnNmbU0GK3is4IO/bk9QqPX/t2y4CUhlE3Bh\nnxYGYauohXGs/IbCGXtkd/wRcMwsXtgkZYT/wfu44/O2VW7V7MpBGVlTXmOWK5yI\n2dkqpAt2T5tFVDDX8bqDfZ2xbGgSLsY/XWwNzl60WSvcAnFoZSf4mu2RJFLAK5QZ\nGDz+N8shR8BgkzIWIjMwzBbUB+3snYkJVA7wm/idhernkB0E83JAOOHk+UGuHFWA\nkrrWPHRWf4Gy5ZEmkzVACfhzH9AbPP8yHbTh5y33I7Yv4E+4qjoVEwTNA1LSYy17\nlaMI410x7htrzxv8M06LlE47HrJPLu3+YHUPKQC/LzV831LB9IYymskYL3rYUHzn\n7BS+9Njfg+7cdHXjRABZk2yz2+XZlSLIyCC82Kbmybd3F+s8u/pP0N0TcBDTPrSF\nAgwDC9FRLmchgYQBEACaz79q7F+YshiA4MSiKoiwgVnq0HWruMtQ+exE9Ky/hTfT\nCnNn43KSE/s4KytcB8KPkXPpZ/BHSv+oxY/XGh1dNWnKQocyCHqEOax/QruAu7VS\n/CbxyUFYQS4sJIbfmQLkx/FEnaHenSOTjOBatlnVFQ3qn6MjXyq1LThyfGaMlH84\ntAUYnNG3MQsz/U7Pj2nkScfDZ0XGIu2rvB2ddVdkjr1H3acQVplAlw88yGD+lDOA\nqnafNS8FgUtXoXCPVe6SRdpqfWPGmn1jhvjCiCUtzZG3RPew2AV50RAlxP2AEXY0\n6cMeL+NJdqIGaP3Ttyn9oVbroW4N7p3rb/AGj4ZRy4QOXPkWI088qmhYgIpjJZM5\nI3g80gnkBfFrOaVM1RVfn1smT9KlCR/8noKTE3ajBaTZZJrzBclzATdkGi7rIaqS\nvAWH9LnEGFs30W/mj9avis8aJwiPYsO+1ah5sVMnNKMo8KND2MMy+EI6AvgwJKz1\nNQoIP7jHB3h8sw91Z9YhB0RTQ8yCG+IrpXnWGAVAcswtTtJbBQlXxc/h0jpT4Yw0\nV+J6xX5/PI/ZQbIbj/i5hgh+8lsvG3gRRh0zH8nSNf7yMTYQe6iAe9xHRH/kSHX/\nOwObvvrCzZcsX8b6gTXn9AzXYGST3j3wBa8sQH0NRkcZFsCh30FhEDApItQA8tJe\nAbaLVOZ9WKJCCVkTJCOBCus1zInXbFr1ZQjTciJ4WjnqedH6SVvPC9HmI9vDCXw4\nzonohAH+mjtmoRfwMGdiJO74IfX81p5MwOX94TwYB2gAp6ycyCHjZgUtpAFPKw==\n=wNQ4\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

108
hosds/nixos/x86_64-linux/winters/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,108 @@
#ENC[AES256_GCM,data:2coSbGjKAg==,iv:QXAGBCUEBypVs93R6p9DpWsZ6i6VMmdlmeffQxPTGWI=,tag:2sfSIFT9W8anEunXHxP7oA==,type:comment]
kavita-token: ENC[AES256_GCM,data:T59wnJO0CClMP+jGd6LFtIDihYxDEZ6OATN1LizmLqYyPZ0Sxqoavgm3B3VWywLEIpSXyHfH3+qZKahnUA5/3c9okEbI1X3FFkiOYM0tVHe/E3lLQhHujw==,iv:ojm6RKZbxDjnGE377tjqZ6Zu3jkR6GHpxjZ7uZ3I5Y4=,tag:Y7KliDHxx2QIWoUdLbtH1A==,type:str]
#ENC[AES256_GCM,data:EnKPtPHaMw==,iv:6bKMTGB7CFBGzpcXv5bq1pPoN2dcfSsQn8CIAuawAEE=,tag:B7s6b5A1W8cr+rk12sfnzw==,type:comment]
matrix-shared-secret: ENC[AES256_GCM,data:ykgD+w6nxfegBhzVZmXmuxxsf1lIdV+0OOHlEt9V7YgmFFjHPw+SUxOsGnpwfTXB6Bwo70MDC9fLMSWZxtfIlQ==,iv:LoKIuJYvdKTE7QKrbJvAaKXucesrGgCZpVfmMNt1WhA=,tag:Q8EQSF28Cx/UMCBp5k+vCg==,type:str]
mautrix-telegram-as-token: ENC[AES256_GCM,data:nVragL+I4Fl0+0gG0nnSFoVt6PrDGCic8nh7AneOiJ8ktpsmq3wkuMzeg3aQkfM27HXTkkdhKBmCy/W+i9G2XA==,iv:ozhwDo8H87UCHIPEHCjWfnUtdK8L2jChz6y3NIO5j6Y=,tag:H2geLETkaUnM3xM/2Jvp7Q==,type:str]
mautrix-telegram-hs-token: ENC[AES256_GCM,data:bsuGGKASj65MkSri1MbZDEppRlr5qXzdRnpTF9gDshj4ahpvt0R1aLyr/dIaHk+OKdDvaeJ8JHkr2AVsJxMAzQ==,iv:ESnTEmOjkkOAJTJZq4CjPtPs17dBoc06fgI4T41Z1Hs=,tag:EC6CukTgFIDzlmeuOvLIWA==,type:str]
mautrix-telegram-api-id: ENC[AES256_GCM,data:GLaYJupsuA==,iv:EZ7i3jregI2puUAQbbkUK7OWA9Dnk0GdXRQuF/crD0Y=,tag:FL86Xji+YEkBPIm7m6sStw==,type:str]
mautrix-telegram-api-hash: ENC[AES256_GCM,data:vikwgZLPV7YBdKlzf8+LEUnNIMx950CfBMGXKOga2cs=,iv:16+qS4L1LEKyWQKC2+a9l4OugWLJou2I2t9oRfKjS24=,tag:zhjD2dyGkqfMQlAt/LTCzw==,type:str]
#ENC[AES256_GCM,data:3ZJfIpB7,iv:bS0q1SvUfAX8s6/R1z9IWoJ1vIitIDc2lGZUjS6P+Ao=,tag:Hc1HVrtkT6gNceN87PF/YA==,type:comment]
acme-dns-token: ENC[AES256_GCM,data:uSgEI33Pz8IsJMqtgNO5Q/HW1dRLMeGmXtJJNrbQ+PNVnAiTTRyS6Q==,iv:5ubDxwyDgEHxK/h50p2HK6S1+2TdfTUFH3yGv7/zcH4=,tag:P3b2b/h86TlgksjXB8Uccg==,type:str]
#ENC[AES256_GCM,data:ZbWnE+gcmtR47A==,iv:a/WxLMGb2Y+lenUfUk8c73o/QUB6ImBVRUkHQjfWoq8=,tag:7FHXVb7qBGSXv3oO5f2M1w==,type:comment]
paperless-admin-pw: ENC[AES256_GCM,data:8s2WunvnlL0xE8XNN1Re6/9nBAM57AgM9g==,iv:Pol+RjNMKpNYCQWY0BZamRnob+MO/e/14jc8uArtDz4=,tag:FXRrlhR3DpZ+7lSlXb7wsw==,type:str]
kanidm-paperless-client: ENC[AES256_GCM,data:1lpf9LzAZeAe0ZJiXPE6KRDZxhi24CQmoA==,iv:eZKA/2JJzojPDJc/I8V4tw9tA7zK9Y7wrpgLww7sigg=,tag:YjlH+hHdzJHqMBdkxTZVwQ==,type:str]
#ENC[AES256_GCM,data:RamYuA==,iv:4/LaPYi4hIvg2/ftF8Dh5eEVrsgtuOkmB75Cpm5oHJc=,tag:blCudo/EVHesDdUs1nLBhQ==,type:comment]
mpd-pw: ENC[AES256_GCM,data:/j++A2IrOwNse4+lvq7OI3Wde4KsdQ5UkQ==,iv:e0mjQyeefB3FFVsYQvTtjO9mewlmtQ8pl7O/ZmEllSU=,tag:SwbWBN8PqUrXTpKILhLquw==,type:str]
#ENC[AES256_GCM,data:7UtHAqAZLmzT,iv:xBbdv1aHFrSc5/H6o3VujZdtAN7JwHbpckDcoZ5z78M=,tag:0ZEFJcPa6RIwv+kIgNHj4A==,type:comment]
nextcloud-admin-pw: ENC[AES256_GCM,data:PN1K4gyosG9YQUbXrLt7okDe,iv:HpAQOmTXnixm3cd/gNOzICrR4xoSKxsYWavJReKnhvM=,tag:KhCQ+8HpTaFfzn7dFSwE+Q==,type:str]
kanidm-nextcloud-client: ENC[AES256_GCM,data:RJ5XSYvnJS6r2zzs2SOBZYx+GV7EVjB7XQ==,iv:KfinHenUiYgWrZtMBSGTuVUd5aZlfxvM7Rf8ocFv64k=,tag:WiknAlc29ohsLwnBCXzHpQ==,type:str]
#ENC[AES256_GCM,data:dyEwvFDSvI0=,iv:4LPFthS73mIYQt6MRLBTeNxCwKnJGc7sNFJfZCpMU3Y=,tag:X2mBwG1++2gcFIOi/xIgFA==,type:comment]
grafana-admin-pw: ENC[AES256_GCM,data:FBF/YEPTL7HAfLybMqg=,iv:SctfD7uRKeclHr7R831Ns87/ASCfhFE0yfDQrNxWOMU=,tag:UuaSMMs/y4h4ASueseywYA==,type:str]
prometheus-admin-pw: ENC[AES256_GCM,data:onPtYsfFbE1LFRpeDC5ipGJ7xnLRLbAPqQ==,iv:CDxzBfIzgF9naCQ0UDyTYWQGZ/J0Noia56YASsHLz3I=,tag:xs+PiGk5dfvUpGXVsDnAFQ==,type:str]
kanidm-grafana-client: ENC[AES256_GCM,data:tV25k0XoFZ9wLF0UWvAabgigayowr3wo0g==,iv:p0y/UyIrFBTvWZKHbfdOSEpbMun7dZ8FyB5W7VS0oSY=,tag:+jKD+d9cRGKJkapGYxUEnw==,type:str]
#ENC[AES256_GCM,data:QnIF/xhWguX5tw==,iv:yTUBtPaZk6BXi+SC1P/OOtnc2x9UZ/jXirD5oaxhyQY=,tag:c33L5r5BaPZN6zkwduBCwQ==,type:comment]
freshrss-pw: ENC[AES256_GCM,data:GU5rHmJCAb27pWo=,iv:f1YcUsf2jznGAk0zSX3L01lbB9kXiFKAKSgB/RMaq0U=,tag:xsB1QxhDQPX/B2VJV3Wi9g==,type:str]
freshrss-oidc-crypto-key: ENC[AES256_GCM,data:FvkaTTfOIo2wn5SnOCiMqy/g/4vcjSX7BjX6GIJrPsQUkqWHvL4LmQ==,iv:930d5Cgb6jly8NAdr21XO0lkWWCXujCho6fW+RYNlRI=,tag:fidIhKA25mwsxpORJOVeTA==,type:str]
kanidm-freshrss-client: ENC[AES256_GCM,data:jBplXWOX/mRTQf6cKmP3C5PZJoBAmb3mhg==,iv:5hcLNGuEQ0T9FiczznGKMul38Ftv8PmG3q0Vaao10oI=,tag:tpx+EDvA31HCnG1/XJOBWg==,type:str]
#ENC[AES256_GCM,data:Ur0/rfBv5g==,iv:eH+KbbkmtBWbobqAIUFF0jIrGhbHnk9g8hLZoxE3swI=,tag:3dnoA+O5GXW5Dvxcx4jiTw==,type:comment]
resticpw: ENC[AES256_GCM,data:0oHhUFH+2W7FONA=,iv:jT6o3H4pIkGTANriDVCBvnOsc/XITEGCayb6A86NlGg=,tag:qU3tAvIWFSFIf1krWAJ0+Q==,type:str]
resticaccesskey: ENC[AES256_GCM,data:3EshJOZpoHqGrKdERYBtUcQZ6taZEe8PBA==,iv:3np3ASFhJrYT1ig3uSpb48lSdZOFl9kFyLJSkYHBnqo=,tag:TqjgnO1XRPZUGjLI20FqUg==,type:str]
resticsecretaccesskey: ENC[AES256_GCM,data:j57l4p5viLZ2yL/KDrQpq1Dov69kpCRgzS4uEHgh4A==,iv:CYTxd4Vy1V+aW6EdaEOIma5vyDRL/VR6MlHqmAM1JQI=,tag:zLl0UZ50uN8YIrL+nOfurg==,type:str]
#ENC[AES256_GCM,data:rdFEksmLPA==,iv:JKhyW30sCngf1/wFv8HLPesiz61QjAGhcBuoIw3CUDk=,tag:MaMJ8V5uqV1uFokLzmTJ7g==,type:comment]
kanidm-admin-pw: ENC[AES256_GCM,data:cpSl4syzCcl8wohuNpZhwKZvY4x/YuSZUA==,iv:HmhoNL5IKMh4FMe69AcnviybQRXdZRwaNiZ10vRUbwA=,tag:VUgttt/1pcQtcCqR9Vea1A==,type:str]
kanidm-idm-admin-pw: ENC[AES256_GCM,data:nfDLBctWIBUn1iyidczfn37ncINlfXjf4g==,iv:0nVO9bTOZ/PEe9rFUhXZ74AbStsAoDDhRWsM4cPvB+s=,tag:hM4+x7TpLctDpdotVhx7RQ==,type:str]
kanidm-immich: ENC[AES256_GCM,data:is5Zx9FE9Qb/cajv6ZQU6B/0iKUgbBCp/g==,iv:vBU6wcrsO862oKgxdGfpOZXC/GJDhY9Rki2nLIy4IoM=,tag:6jNRNdQr/czoSihSQ+cHQg==,type:str]
kanidm-paperless: ENC[AES256_GCM,data:bJJC20q8aJVzmIMXAHWvOoH652lSCFXDNg==,iv:0ctoPwxzMD1cSpZ7DyjOv9qP+cYt0MJsk2cfuzft3n8=,tag:KX1MtgOvcMxt1QHhAcXWcg==,type:str]
kanidm-forgejo: ENC[AES256_GCM,data:zw0LcfNJw4q28l1E9q58D9bTKtl/CjGA3w==,iv:fYRGasFiM7PXeP5sWW6whj10CUKIqCfhIYQCNZjxQGo=,tag:sxQJa+ItPA+L3keWZ34SJA==,type:str]
kanidm-grafana: ENC[AES256_GCM,data:61PEA1fBcaRy8+x0dn9WrH9P0D+NOkbeZw==,iv:kbR3JWzHsmsef+VlFGciZmyforxJCdvzHijvGFvFwpk=,tag:K+6baLIKy0L37KrJEQUgPg==,type:str]
kanidm-nextcloud: ENC[AES256_GCM,data:9FjsOzBos18ouHBeuzrzHIpCDowFt0Aktw==,iv:iqUQUsWsO5N+KZqHyqNxMxSija/yPrrrAqvz4b1NG1M=,tag:/WC3wg/eYXV3hLJPRVWLog==,type:str]
kanidm-oauth2-proxy: ENC[AES256_GCM,data:DQ5tj7N+P1b8vFnF+MGhaUBvbVQoE4sVhQ==,iv:Xy4bdi8fSFuFHsQKgZ3PswFFYsqtiAeqeSRam1k/H0E=,tag:9W4LRPPYtDOrSpxRDK/7sg==,type:str]
kanidm-freshrss: ENC[AES256_GCM,data:4y0X3sSOfs5pKNCmZGJhxlAKH7GD1UACdw==,iv:LuQQCfOpsTqglwQvohHMFpNGaOjoZ8PKDgG50qBP02k=,tag:Z5mVYP/9nToerQ1qui1eWQ==,type:str]
kanidm-firezone: ENC[AES256_GCM,data:hQWySw7EZZN2AT7rM4R2go8DAGYHph32tQ==,iv:vASPrP7qM1G5c4tC1aaAbCigglXt4keThMYOJdRYhOg=,tag:f5jevrQtiHAQTbMY07iIrQ==,type:str]
#ENC[AES256_GCM,data:M9U+Mr1cAhlt7NpW,iv:LY19BZEwDdQD1Nhbmgdt9/9VNJjcTkOGP7SwEDE3Xwk=,tag:TlYrhu5dBj1D+Qd72r7Ofg==,type:comment]
firefly-iii-app-key: ENC[AES256_GCM,data:hzgl8eRL0irNRP5TO7G1rNtNM7fXCkmbcaX4QoTsM0xA1rgyKwiy6a4lYDjoXZyOMy5p,iv:q5eepIELwIecyQ56A6THUOu+rebK3irKVYb7/gNHlU8=,tag:+M/KTX1JzPzXeK4TRzW42w==,type:str]
#ENC[AES256_GCM,data:mBlfyJvQyrhTnpkJ,iv:hHnTCsHfzCgKuBO82JjNbjYYjWV8e7+0VRkbTGw+WRE=,tag:7Dp77Q2VjWJM5LydvpbJnQ==,type:comment]
koillection-env-file: ENC[AES256_GCM,data:X1dndR7XIhGCwbRQzET5MbzW71PT7WmyryNbOhCKx2I=,iv:bP/90aJT+eA8EmwoFZ7uXxOWfOprpHfc9CvL/A9Os5M=,tag:ZxFDInJBtFrulvOL9PwNJQ==,type:str]
koillection-db-password: ENC[AES256_GCM,data:5Ue4l8CMZpjRpcryEtzPyR2Zf7M=,iv:Ol/G6nFY5H/SIY7l4o5woqFVeLfnv3FJfaAZIqI4NHA=,tag:hYorZv2nyLvsJ8AT2xTkBA==,type:str]
#ENC[AES256_GCM,data:oTo0OgB8QQyPVxzEoEw38eM=,iv:V8UJrZvlAEUVxajLjty56LoiHqi9mvX2NxlZeYr0P0g=,tag:gSiHry8iRcYWAFi5Lt1GiQ==,type:comment]
anki-pw: ENC[AES256_GCM,data:h4RBhKV6ZzDQk7s=,iv:r21zH3sDKwRxfi8A1DPNEVhKTbb35qWv2mTGaXJxynM=,tag:kT4pVhz6pHxyBZ0iXdGx7w==,type:str]
#ENC[AES256_GCM,data:5jJoV7vZl1A=,iv:Uc9/nyvdzgH6USVxhDhVs6aDqy/k9D53AJP2AvTj3ZQ=,tag:K4zDz5RoLuHevTeLqxw/XQ==,type:comment]
kanidm-forgejo-client: ENC[AES256_GCM,data:2iXE/dmOQtY2NEsBgDqkqwD/brF0vJs+Ag==,iv:PBQ03z/E6R+u7Y56fPzJSnsoCa5PUYSiezZFOMLz4eo=,tag:jThgOC6h2hHJUclDju/MtQ==,type:str]
#ENC[AES256_GCM,data:JwCES+wj/NRGTw==,iv:sKjF9r+7FlHyzY0MTfzvrV4B49T6+50AxBuXXh8PNUc=,tag:WvSqYTR7yDuqbZKaPWfvvw==,type:comment]
wireguard-private-key: ENC[AES256_GCM,data:TdZwS+qF/sI8WV92N+pe/w8GYs3RmPgc8AABQ9FhpPPAcPTAHoUVo1Y3TkU=,iv:lgJyqYdtsuPzAKRUdnjiw5inHNAL2yMHFJwtUC8WB34=,tag:ub3PQ+xU7EmxohAL8GvuRA==,type:str]
#ENC[AES256_GCM,data:m0bvaZ5XHR4p,iv:4uMJCmguAIu1533g0g666BS0Hx4otlhzjVQT5Ny8DKU=,tag:jDuowQCXWJBJ3a2/pAxvGg==,type:comment]
radicale-user: ENC[AES256_GCM,data:UZaQbgYKjZxxBqw=,iv:ekmZvvOITSC37eNzy8WId7zeG9HPgVQ2Q/v8jezHuw0=,tag:YB41QXdZjIbEaFS4l+yuJw==,type:str]
#ENC[AES256_GCM,data:2IlXs0WZnFsribQ=,iv:KL+5KM8bEFiERA/SA6FwudqFJziax7pdbDdOex7aaFM=,tag:TAOlu5N/B2YyVFnFgJG/oQ==,type:comment]
prometheus-admin-hash: ENC[AES256_GCM,data:X9nTcdg+W08kT3aDfXQAf9luzPszZdz70ELkoTEoWoUrh5+Dv0D++OA4QKyBi4MMAGK5USdVZECKGa/0,iv:t9PmR6IsuEJuqdj0Zn0vbVCH+Ijz31t5vC7+9MkxB8A=,tag:bH9Zd1E3RpsU3QzwGouoXQ==,type:str]
snipe-it-appkey: ENC[AES256_GCM,data:3CZRYxbhXfw9VrbZPXuUbxmcy+FxUuOGNTxsdU7RNsx++GAbrqSNxppXCf8=,iv:/bI9mKan6mMlu9Pts976FFCboRD3nnjkePqTAEbvl+E=,tag:XMjs8hkXG1TYRK7UN1lFlA==,type:str]
snipe-it-db-password: ENC[AES256_GCM,data:ePhz/cE8kP3GVryiCfJwyuIljYc9cOmeg4q2Vi5cyiNWX0M=,iv:SHAG/TNaHx9/4wg5A19/LOnHYHq2Lnlc72b5WooHp1c=,tag:Kw9/PSEG2Bg726R8FCVSFA==,type:str]
#ENC[AES256_GCM,data:HluZDLxPjQ==,iv:Gjd8lM7gFu8c1EshHXD6nJvCkZJoRhh26IPIOn2fQnQ=,tag:/7wXjcLCGNa8Td8ELeH4pw==,type:comment]
garage-admin-token: ENC[AES256_GCM,data:RB1KaPCJkWNL6CSN5d2ClWedHCUgEMlTrb8DSLIN2guEJrMLyTIGRjXpwEs=,iv:2u/XszX7avx9m+0Ne7CbQjLpireP2pzKmKhuh/9RZRk=,tag:vf8XxjlTaE5/T0ccK1FTfQ==,type:str]
garage-rpc-secret: ENC[AES256_GCM,data:GiXPUfNYbmJJovSXO6qgeNQ5+jHJFSOc5392RzRmyseSXjImMxenQ1OPyLDga2b7I2dt3KgIu+f56qr52LKyuA==,iv:6RiK1eTQr1PR1M7TV84kjHSQtNXBiM94uBQffk5c8W8=,tag:KcJh/UQ6i0nSsmD+7dzJUQ==,type:str]
sops:
age:
- recipient: age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVL1FJNlFQeXBJWEoydWEy
dDZiNTYvSE9ZWE1Sb2xXZjRWMzhRYWQ1UENJCmkrSFNsZk51aGZtSnJoWlQzbURS
aGJQTVpQMVJFTldwYldzN0l0cnVTeWcKLS0tIDlSb3BwV1ViYU4ySWc1dzdPbTMx
c0lDa2EvQkUwM1ZIc1ppY1REZnlPKzQKJRXSl8SYQwzgPw+twNAFy3y+S2r7JwS0
xESNBdFS4Ntg9gXENRBzCaGmoOJfiFtGditBlvWUwbDYwLdn/y3kIQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-24T13:09:23Z"
mac: ENC[AES256_GCM,data:BNaX6zXAxEzarm0+X5qDIIOOfLoUFIlhhLN7QATzHIYoujZaJCGFWlM/+k9cnnIcGak22b0hwydjCF+opgH2bbau8P4NFPbWGxJHVry1Nu+EyB+Qb4QnVZZDWMcDxEMChR5eZvLAFC/K2f6oLtJeL2kGtedb079jhwpJt9nr87s=,iv:90SerUCkSoBqDYH4J6SV7cRXwGeinW44NxhSnfJ0r2k=,tag:8VnRp2oAuctwp7Nk3U7OWw==,type:str]
pgp:
- created_at: "2025-12-02T14:59:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+N3ZPYAsZ2e/nJZAxuSJd+kmlAk+JHJFrf0K4e/u6Cpct
T/UmlYpX4w3LMjkctSzNvBbih/aQgrSTlBfalffxh+B/NBqnWZQn3BfgcRtJYdxq
Oov3bCNXuJuvQvvc+J6FAZ3hJUnSOfZX//KAgO6osYQ0UePkE6a5mWjsflO0u7d7
H8iPt0T9O427sN7mi6D3Nx4okjeRPLWEAyel1i4Obcr+w4xMTsDQJyTvCT9EnIfA
STTUAhIIbNYW9UU9OLhx5du+uar4TrEMzw0x709WXxyX5hZpjEsJ1XefqI62utLb
LseYg1XXkBtfnkbUzVGHjCzi2pifGaBYklZOlgYnd2gCIwxqlp8QQrBSsViPhSTw
p3Iee+FfAVeJLfk6Nn9M25j4v0WymyM5DcWVkHfG3X3Jmh0ZpvKeyN0PMl3OnwFd
Ol8gZGAvfj1d38XzP5RcG/ezDPXSKE2BMju+KpTlWCVSO2o5mJhN9DrDzgv4TaBj
QVOkA+XmeT3UXoU7qUPFm4pLGxLm2hSPLDDOSjRxSMcG9QmsRs3fK4FaxQ6+NELi
RtG3xY3ZtdIeMKGsrclaRI2TTDeXsO66IzRbfEh6Kb40IoXcEjMQB+EMGw6qVs1S
1m81oKNquiN+MCyZST7WbGsQAGcW0h815V+1O0oBTzXvgNIvGIFBu2k2WjqsT/KF
AgwDC9FRLmchgYQBEADAP8JaZPeXM9n2rkVuiPijTBD8cutEbXQh6orb8susSzqS
ukflPweamJRFdWUkxzCFLZGbnx/Hxx+wjwyPTeYFJDGTafYj9Qbls+jlVPYycUJ7
Mp0XaqTDBDKGJF6n2Qyl2RSrl1j2fB/94Z3eQLMmdR2ojuyAMUcVK3+/NtooV7yH
WcB89pIhLeRU+D+qvn6Yr64m0lc65FIVo4zYxGEVCf/RRYrC2nGEeAUxjfEAnAJo
OvO+yKPvmzL+Xn9Ecc/OC6axuzuxuDm/X89b0QE+TuvzqEPwm45s9RUkdco8nDJX
23Ds5BhuX0h++2SjfWXUOAfj4VCgTPTUE+hWor96FDGdneKvpIt3rUVdEg/ggRae
SOpn5f0dXtin0K1QQZENcj38ldr4AremCaQVc0vg3IEl/3Qz0xNSX//YjJxUbHmC
5WvFMXTrIbpnnEoVdk+UavAsaL9mOOhRRU8feyMSawztLV2mJLBDz91hQP7UE520
4k3DWf+6KF3D9V0B9WCfapTPWjiJZrHWI2jBZzJ2KAZx8LLoRrNlVDUJ79lYI/y+
Xk3s9O0jq9BrLSLm/CLar5JwUY26ZxUb8buvzXovABqggjtWI+uUPdNR8CGrcFgH
4pcyrzkUc0YqR+SkI/xVAAXuD3LqLA2OkJGCI47duEkv2GyHvLe/ZRh0/K66n9Je
AW0Rgbbszs5H51MG5OKM8PYg/fP9wkMlAjEoSvk7I853CFibR5frNhDwYY859Xsf
YEHROhyEE+2nCui16IJ2DkyEXK+yO33cPLyXJ0Z+kRb5toRALr5o3iOgo1x5rA==
=SXse
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0