diff --git a/.sops.yaml b/.sops.yaml index 1379cf1..f828b47 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &hosts - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 + - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg @@ -20,6 +21,7 @@ creation_rules: - *swarsel age: - *winters + - *hintbooth - *bakery - *toto - *surface @@ -32,6 +34,7 @@ creation_rules: - *swarsel age: - *winters + - *hintbooth - *bakery - *toto - *surface @@ -44,6 +47,7 @@ creation_rules: - *swarsel age: - *nbl + - *hintbooth - *bakery - *toto - *surface @@ -131,6 +135,8 @@ creation_rules: key_groups: - pgp: - *swarsel + age: + - *hintbooth - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc key_groups: diff --git a/SwarselSystems.org b/SwarselSystems.org index a572bdd..40b6879 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -866,7 +866,7 @@ Lastly, in order make this actually available to my configurations, i use the =i #+begin_src nix-ts :tangle nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix - { inputs, ... }: + { self, inputs, ... }: { flake = { config, lib, ... }: { @@ -875,7 +875,8 @@ Lastly, in order make this actually available to my configurations, i use the =i globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit lib; + inherit (inputs.self.pkgs.x86_64-linux ) lib; # fuck + # inherit (self.outputs) lib; inherit inputs; inherit (config) nodes; }; @@ -921,6 +922,7 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services + networks hosts user root @@ -2600,7 +2602,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/default.nix - { lib, config, minimal, ... }: + { lib, minimal, ... }: { imports = [ @@ -2618,20 +2620,12 @@ This is my main server that I run at home. It handles most tasks that require bi # mac = config.repo.secrets.local.home-mac; # }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = "winters"; - firewall.enable = true; - enableIPv6 = false; - firewall.allowedTCPPorts = [ 80 443 ]; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = true; - isCrypted = true; + isSecureBoot = false; + isCrypted = false; isBtrfs = false; isLinux = true; isNixos = true; @@ -2652,6 +2646,7 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselmodules.server = { + diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; @@ -2743,7 +2738,7 @@ This is my main server that I run at home. It handles most tasks that require bi ***** Main Configuration #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix - { inputs, lib, config, configName, minimal, nodes, globals, ... }: + { inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ @@ -2756,13 +2751,6 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = configName; - firewall.enable = true; - enableIPv6 = true; - }; - swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; flakePath = "/root/.dotfiles"; @@ -2786,6 +2774,7 @@ This is my main server that I run at home. It handles most tasks that require bi microvmHost = true; }; server = { + diskEncryption = lib.mkForce false; # TODO: disable nfs = false; nginx = false; kavita = false; @@ -3059,6 +3048,7 @@ This is my main server that I run at home. It handles most tasks that require bi isNixos = true; rootDisk = "/dev/sda"; swapSize = "8G"; + networkKernelModules = [ "igb" ]; }; } // lib.optionalAttrs (!minimal) { @@ -3068,6 +3058,12 @@ This is my main server that I run at home. It handles most tasks that require bi router = false; }; + swarselmodules = { + server = { + nginx = lib.mkForce false; # we get this from the server profile + }; + }; + } #+end_src @@ -3727,7 +3723,10 @@ This is a slim setup for developing base configuration. I do not track the hardw }; swarselmodules = { - server.network = lib.mkForce false; + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; }; swarselsystems = { @@ -3998,7 +3997,7 @@ TODO: cleanup this mess environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -4036,7 +4035,7 @@ TODO: cleanup this mess programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; @@ -4082,59 +4081,66 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/default.nix - { self, config, pkgs, lib, minimal, ... }: - let - mainUser = "demo"; - in - { + { self, config, pkgs, lib, minimal, ... }: + let + mainUser = "demo"; + in + { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; - services.qemuGuest.enable = true; + services.qemuGuest.enable = true; - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; - networking = { - hostName = "hotel"; - firewall.enable = true; - }; + networking = { + hostName = "hotel"; + firewall.enable = true; + }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; + swarselmodules = { + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; + }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - hotel = true; - minimal = true; - }; - } + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; + + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + hotel = true; + minimal = true; + }; + } #+end_src @@ -4435,10 +4441,10 @@ in }; subnetMask4 = mkOption { - type = types.nullOr types.net.cidrv4; + type = types.nullOr types.net.ipv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; }; cidrv6 = mkOption { @@ -4873,6 +4879,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; + overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops @@ -6928,6 +6935,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } @@ -7049,9 +7057,60 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; + serviceUser = "nginx"; + serviceGroup = serviceUser; + + sslBasePath = "/etc/ssl"; + dhParamsPathBase = "${sslBasePath}/dhparams.pem"; + dhParamsPath = + if config.swarselsystems.isImpermanence then + "/persist/${dhParamsPathBase}" + else + "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + options.services.nginx = { + recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; + virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options.locations = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule (submod: { + options = { + recommendedSecurityHeaders = lib.mkOption { + type = lib.types.bool; + default = config.services.nginx.recommendedSecurityHeaders; + description = "Whether to add additional security headers to this location."; + }; + + X-Frame-Options = lib.mkOption { + type = lib.types.str; + default = "DENY"; + description = "The value to use for X-Frame-Options"; + }; + }; + config = lib.mkIf submod.config.recommendedSecurityHeaders { + extraConfig = lib.mkBefore '' + # Enable HTTP Strict Transport Security (HSTS) + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + # Minimize information leaked to other domains + add_header Referrer-Policy "origin-when-cross-origin"; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options "${submod.config.X-Frame-Options}"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; + }) + ); + }; + } + ); + }; + }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -7064,24 +7123,68 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; }; + users.groups.acme.members = [ "nginx" ]; + security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; + reloadServices = [ "nginx" ]; + dnsPropagationCheck = true; }; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ dhParamsPathBase ]; + }; + services.nginx = { enable = true; + user = serviceUser; + group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections + recommendedBrotliSettings = true; + recommendedSecurityHeaders = true; + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; + sslDhparam = dhParamsPathBase; + virtualHosts.fallback = { + default = true; + rejectSSL = true; + locations."/".extraConfig = '' + deny all; + ''; + }; }; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; + }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu + + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} + + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } #+end_src @@ -7149,7 +7252,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault true; + nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; @@ -7174,10 +7277,10 @@ lspci -nn | grep -i 'network\|ethernet' #+RESULTS: : 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616] -From the last bracket, then take the first value to find out the correct kernel module: +From the last bracket you then find out the correct kernel module: #+begin_src shell :exports both -lspci -k -d 14c3: +lspci -k -d 14c3:0616 #+end_src #+RESULTS: @@ -7187,40 +7290,86 @@ lspci -k -d 14c3: | | Kernel | modules: | mt7921e | | | | | | | | | #+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix - { self, lib, config, globals, ... }: - let - localIp = globals.networks.home.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.home.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - in - { - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + { self, pkgs, lib, config, globals, minimal, ... }: + let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; - }; + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; + in + { + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - }; - } + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; + }; + + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; + + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + description = "Unlock LUKS encrypted root device"; + wantedBy = [ "initrd.target" ]; + after = [ "network-online.target" ]; + before = [ "sysroot.mount" ]; + path = [ "/bin" ]; + + # Configure how the service behaves + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + # The actual commands to unlock the drive + script = '' + echo "systemctl default >> /root/.profile" + ''; + }; + }; + }; + }; + }; + }; + + } #+end_src **** Router @@ -8155,6 +8304,8 @@ lspci -k -d 14c3: serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8175,7 +8326,7 @@ lspci -k -d 14c3: trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs.nextcloud31; + package = pkgs."nextcloud${nextcloudVersion}"; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -8183,7 +8334,7 @@ lspci -k -d 14c3: configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { @@ -9599,8 +9750,18 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -133,7 +133,7 @@ in programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 2b57e93..2778a54 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -4,11 +4,25 @@ config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = { }; + keybindings = + let + bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); + in + bindWithModifier { + "page_up" = "scroll_page_up"; + "up" = "scroll_page_up"; + "page_down" = "scroll_page_down"; + "down" = "scroll_page_down"; + "w" = "no_op"; + }; settings = { - scrollback_lines = 10000; + cursor_blink_interval = 0; + disable_ligatures = "cursor"; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; + open_url_with = "xdg-open"; + scrollback_lines = 100000; + scrollback_pager_history_size = 512; }; }; }; diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index c5fac9b..562f68a 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, config, nixosConfig ? config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -22,43 +22,7 @@ controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "bakery" = { - hostname = "192.168.1.136"; - user = "root"; - }; - "dgx" = { - hostname = "192.168.48.200"; - user = "swarsel"; - }; - "winters" = { - hostname = "192.168.178.24"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "milkywell" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "moonside" = { - hostname = "130.61.238.239"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - }; + } // nixosConfig.repo.secrets.common.ssh.hosts; }; }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 7f24286..12ebb83 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -125,83 +125,83 @@ in in lib.recursiveUpdate { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - # "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+t" = "workspace 14:T"; "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Left" = "focus left"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Right" = "focus right"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Up" = "focus up"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+f" = "exec firefox"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+x" = "exec swarselcheck -k"; + # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix new file mode 100644 index 0000000..8ff17b9 --- /dev/null +++ b/modules/home/common/zellij-keybinds.nix @@ -0,0 +1,1233 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.swarselmodules.zellij { + programs.zellij = { + settings.keybinds = { + _props.clear-defaults = true; + + locked = { + _children = [ + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + pane = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { SwitchToMode._args = [ "renamepane" ]; } + { PaneNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "e" ]; + _children = [ + { TogglePaneEmbedOrFloating = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "f" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ SwitchFocus = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { ToggleFloatingPanes = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { TogglePaneFrames = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + tab = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "1" ]; + _children = [ + { GoToTab._args = [ 1 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "2" ]; + _children = [ + { GoToTab._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "3" ]; + _children = [ + { GoToTab._args = [ 3 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "4" ]; + _children = [ + { GoToTab._args = [ 4 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "5" ]; + _children = [ + { GoToTab._args = [ 5 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "6" ]; + _children = [ + { GoToTab._args = [ 6 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "7" ]; + _children = [ + { GoToTab._args = [ 7 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "8" ]; + _children = [ + { GoToTab._args = [ 8 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "9" ]; + _children = [ + { GoToTab._args = [ 9 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [ + { BreakPaneLeft = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "]" ]; + _children = [ + { BreakPaneRight = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "b" ]; + _children = [ + { BreakPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { SwitchToMode._args = [ "renametab" ]; } + { TabNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { ToggleActiveSyncTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ ToggleTab = { }; }]; + }; + } + ]; + }; + + resize = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "+" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "-" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "=" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "H" ]; + _children = [{ Resize._args = [ "Decrease left" ]; }]; + }; + } + { + bind = { + _args = [ "J" ]; + _children = [{ Resize._args = [ "Decrease down" ]; }]; + }; + } + { + bind = { + _args = [ "K" ]; + _children = [{ Resize._args = [ "Decrease up" ]; }]; + }; + } + { + bind = { + _args = [ "L" ]; + _children = [{ Resize._args = [ "Decrease right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + move = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ MovePane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ MovePaneBackwards = { }; }]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ MovePane = { }; }]; + }; + } + ]; + }; + + scroll = { + _children = [ + { + bind = { + _args = [ "e" ]; + _children = [ + { EditScrollback = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { SwitchToMode._args = [ "entersearch" ]; } + { SearchInput._args = [ 0 ]; } + ]; + }; + } + ]; + }; + + search = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ Search._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ Search._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; + }; + } + ]; + }; + + session = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "configuration" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "plugin-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "session-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_except \"locked\"" = { + _children = [ + { + bind = { + _args = [ "Alt left" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt right" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt +" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt -" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "Alt =" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt [" ]; + _children = [{ PreviousSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt ]" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt f" ]; + _children = [{ ToggleFloatingPanes = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "locked" ]; }]; + }; + } + { + bind = { + _args = [ "Alt h" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt i" ]; + _children = [{ MoveTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt l" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt n" ]; + _children = [{ NewPane = { }; }]; + }; + } + { + bind = { + _args = [ "Alt o" ]; + _children = [{ MoveTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl q" ]; + _children = [{ Quit = { }; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"move\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "move" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"session\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "session" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ SwitchToMode._args = [ "tmux" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"tab\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "tab" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"pane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "pane" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"resize\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "resize" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\"" = { + _children = [ + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_among \"pane\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseFocus = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "PageDown" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "PageUp" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "left" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl c" ]; + _children = [ + { ScrollToBottom = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [{ HalfPageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl f" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "u" ]; + _children = [{ HalfPageScrollUp = { }; }]; + }; + } + ]; + }; + + entersearch = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "search" ]; }]; + }; + } + ]; + }; + + renametab = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenameTab = { }; } + { SwitchToMode._args = [ "tab" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + renamepane = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenamePane = { }; } + { SwitchToMode._args = [ "pane" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"session\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "d" ]; + _children = [{ Detach = { }; }]; + }; + } + ]; + }; + + tmux = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "space" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "\"" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "%" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "," ]; + _children = [{ SwitchToMode._args = [ "renametab" ]; }]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [ + { Write._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { GoToNextTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ FocusNextPane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { GoToPreviousTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + }; + }; + }; + +} diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 92d4507..47492ff 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -5,6 +5,55 @@ programs.zellij = { enable = true; enableZshIntegration = true; + settings = { + pane_frames = false; + simplified_ui = false; + default_shell = "zsh"; + copy_on_select = true; + on_force_close = "detach"; + show_startup_tips = false; + support_kitty_keyboard_protocol = true; + default_layout = "swarsel"; + layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; + theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; + scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; + session_serialization = true; + + copy_command = + if pkgs.stdenv.hostPlatform.isLinux then + "wl-copy" + else if pkgs.stdenv.hostPlatform.isDarwin then + "pbcopy" + else + ""; + ui.pane_frames = { + rounded_corners = true; + hide_session_name = true; + }; + plugins = { + tab-bar.path = "tab-bar"; + status-bar.path = "status-bar"; + strider.path = "strider"; + compact-bar.path = "compact-bar"; + }; + # configuration = { + # _props.location = "zellij:configuration"; + # }; + # filepicker = { + # _props.location = "zellij:strider"; + # cwd = "/"; + # }; + # plugin-manager = { + # _props.location = "zellij:plugin-manager"; + # }; + # session-manager = { + # _props.location = "zellij:session-manager"; + # }; + # welcome-screen = { + # _props.location = "zellij:session-manager"; + # welcome_screen = true; + # }; + }; }; home.packages = with pkgs; [ @@ -12,8 +61,8 @@ ]; xdg.configFile = { - "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; }; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index b941eb1..7813983 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -23,6 +23,7 @@ in hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 3e8c36e..ad74838 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -105,6 +105,23 @@ in # }; # }; + wayland.windowManager.sway = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; + in + { + config = { + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; + }; + }; + stylix = { targets.firefox.profileNames = let diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 8d226d4..c33aa95 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -13,10 +13,10 @@ let }; subnetMask4 = mkOption { - type = types.nullOr types.net.cidrv4; + type = types.nullOr types.net.ipv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; }; cidrv6 = mkOption { diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 0941d5c..3b2d332 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -7,6 +7,7 @@ useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; + overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix index dddc1a4..8c569c0 100644 --- a/modules/nixos/server/disk-encrypt.nix +++ b/modules/nixos/server/disk-encrypt.nix @@ -1,34 +1,80 @@ -{ self, lib, config, globals, ... }: +{ self, pkgs, lib, config, globals, minimal, ... }: let localIp = globals.networks.home.hosts.${config.node.name}.ipv4; subnetMask = globals.networks.home.subnetMask4; gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; in { options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; }; + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; + + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + description = "Unlock LUKS encrypted root device"; + wantedBy = [ "initrd.target" ]; + after = [ "network-online.target" ]; + before = [ "sysroot.mount" ]; + path = [ "/bin" ]; + + # Configure how the service behaves + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + # The actual commands to unlock the drive + script = '' + echo "systemctl default >> /root/.profile" + ''; + }; + }; + }; + }; + }; }; + } diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index e7ab275..16ea0bd 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -20,8 +20,18 @@ let certBase = "/etc/ssl"; certsDir = "${certBase}/certs"; privateDir = "${certBase}/private"; - certPath = "${certsDir}/${serviceName}.crt"; - keyPath = "${privateDir}/${serviceName}.key"; + certPathBase = "${certsDir}/${serviceName}.crt"; + certPath = + if config.swarselsystems.isImpermanence then + "/persist${certPathBase}" + else + "${certPathBase}"; + keyPathBase = "${privateDir}/${serviceName}.key"; + keyPath = + if config.swarselsystems.isImpermanence then + "/persist${keyPathBase}" + else + "${keyPathBase}"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -54,6 +64,16 @@ in globals.services.${serviceName}.domain = serviceDomain; + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ + certPathBase + keyPathBase + ]; + }; + + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; + }; system.activationScripts."generateSSLCert-${serviceName}" = let daysValid = 3650; @@ -64,13 +84,15 @@ in set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} need_gen=0 - if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then + if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then need_gen=1 else - enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)" + enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" now_epoch="$(${pkgs.coreutils}/bin/date +%s)" seconds_left=$(( end_epoch - now_epoch )) @@ -92,7 +114,10 @@ in chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" fi ''; - deps = [ "etc" ]; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; }; services = { @@ -103,9 +128,9 @@ in domain = serviceDomain; origin = "https://${serviceDomain}"; # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPath; + tls_chain = certPathBase; # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPath; + tls_key = keyPathBase; bindaddress = "0.0.0.0:${toString servicePort}"; trust_x_forward_for = true; }; diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix index 90b8c0e..661e76b 100644 --- a/modules/nixos/server/network.nix +++ b/modules/nixos/server/network.nix @@ -15,7 +15,7 @@ networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault true; + nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 50e8b9f..c2d5af0 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -9,6 +9,8 @@ let serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -29,7 +31,7 @@ in trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs.nextcloud31; + package = pkgs."nextcloud${nextcloudVersion}"; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -37,7 +39,7 @@ in configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index bccbcc0..cfe9330 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -3,9 +3,60 @@ let inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; + serviceUser = "nginx"; + serviceGroup = serviceUser; + + sslBasePath = "/etc/ssl"; + dhParamsPathBase = "${sslBasePath}/dhparams.pem"; + dhParamsPath = + if config.swarselsystems.isImpermanence then + "/persist/${dhParamsPathBase}" + else + "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + options.services.nginx = { + recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; + virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options.locations = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule (submod: { + options = { + recommendedSecurityHeaders = lib.mkOption { + type = lib.types.bool; + default = config.services.nginx.recommendedSecurityHeaders; + description = "Whether to add additional security headers to this location."; + }; + + X-Frame-Options = lib.mkOption { + type = lib.types.str; + default = "DENY"; + description = "The value to use for X-Frame-Options"; + }; + }; + config = lib.mkIf submod.config.recommendedSecurityHeaders { + extraConfig = lib.mkBefore '' + # Enable HTTP Strict Transport Security (HSTS) + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + # Minimize information leaked to other domains + add_header Referrer-Policy "origin-when-cross-origin"; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options "${submod.config.X-Frame-Options}"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; + }) + ); + }; + } + ); + }; + }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -18,23 +69,67 @@ in ''; }; + users.groups.acme.members = [ "nginx" ]; + security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; + reloadServices = [ "nginx" ]; + dnsPropagationCheck = true; }; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ dhParamsPathBase ]; + }; + services.nginx = { enable = true; + user = serviceUser; + group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections + recommendedBrotliSettings = true; + recommendedSecurityHeaders = true; + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; + sslDhparam = dhParamsPathBase; + virtualHosts.fallback = { + default = true; + rejectSSL = true; + locations."/".extraConfig = '' + deny all; + ''; + }; }; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; + }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu + + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} + + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 00ee47e..37354db 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -16,6 +16,7 @@ in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } diff --git a/nix/globals.nix b/nix/globals.nix index 1b534d3..912f24c 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -1,5 +1,5 @@ # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix -{ inputs, ... }: +{ self, inputs, ... }: { flake = { config, lib, ... }: { @@ -8,7 +8,8 @@ globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit lib; + inherit (inputs.self.pkgs.x86_64-linux) lib; # fuck + # inherit (self.outputs) lib; inherit inputs; inherit (config) nodes; }; @@ -54,6 +55,7 @@ inherit (globalsSystem.config.globals) domains services + networks hosts user root diff --git a/pkgs/quickpass/default.nix b/pkgs/quickpass/default.nix new file mode 100644 index 0000000..c13b8c0 --- /dev/null +++ b/pkgs/quickpass/default.nix @@ -0,0 +1,6 @@ +{ self, name, writeShellApplication, libnotify, pass, wtype }: +writeShellApplication { + inherit name; + runtimeInputs = [ libnotify pass wtype ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; +} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 928e012..31bb1af 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -4,6 +4,7 @@ config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; + lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml index 3f54024..6f70d30 100644 --- a/secrets/certs/secrets.yaml +++ b/secrets/certs/secrets.yaml @@ -7,89 +7,98 @@ sops: - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieGlsd0NScm5WYldITTJ2 - cG9mcnBKSGo2eXlFaURNa2FxNkZ1MGNVTjJZCldROGZiWGp0dXlMc3cwbFh0cG5H - RDNPNUtWNFBlTG1lOUo5QVJMdncxYUEKLS0tIDNJKzc1WExlTW5ycTQyVFlXQVAz - cTRDK1h5Z3NjK0h1QnhNSm51YjA4VUkKUlshWYOQLs1z8AOsFvjfl+RJBvmJWU39 - oVVvBEkCF6pw/yZp7Zp6ejLpVQojqT0JvLzSMA0tJBt9QvNmdTT1xQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH + TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm + NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw + anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI + Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr + WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3 + NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv + S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX + SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcEh3MGxWRGJPeEQvNGlh - bEc5T3ZRYkhkdkZFQy9zRHBNeksrRG56T1R3CjUxMUxhbDduRWo0N3FwaUYrUFpu - S0t6bGdXYTZGMmcyeElXcDJ1Z3QzVGMKLS0tIGRUWG9GYi9vT3dzSFh1aFRKNWhH - M2pGTzR6T29tcVltS21RMkNCcFpPc0kKkXGoVCNU72f8efjJvtz7cbUpPcfVG3Dl - puffE6poAyeevdSW5cAFGNgJMMWzyweUf5QvX0lu9i0CpuLFFTdacQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR + VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE + WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1 + dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/ + gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZzFNdmJpTDVFTlJPN3ZV - cWNNaGE1bzNmbjQ0TUh3bVJXZm85R1hDOEh3Cm1GQmxsTWJxWWl5eDUvUk9DTkRP - L3pNVEovc2FLSFgxZHQ5L051VlptSlUKLS0tIHVUSUZsMm9SRE1INDExR3djMmR5 - dlJMc1ladVduUExXZVdHNlY4TU9UOHcKh9lzumXbRm2lkNPw39EQ990cNznX6Hj2 - s2dMmqHIbanQ0VCGW2Bwi542sII7qT4YW87EX+0LpUN+6bHKCR/YhQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU + RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ + TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU + MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F + UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cHpkZFBES3B0bGNUYjU3 - Yi9kTVNNNDNSTG4xK3NMMmxFSTd3VEJtdEVJCnFYengyY291ZFNyNE1hQ3ZVSDA1 - SXVkNDdVUjRDNHorZGlOQWM3V1QzcUkKLS0tIDZmekswRXB3OWRDVi9icUw1ZVFs - NytRZVZXTzhhRmZqeGxRZ1lQdVBYMzgKs8tR6IlB84pbS9/T4fixD43hDIrHeDIY - Bk0d64w2bkUJk7xKjxY+SNk9RHqLYmaHSudLVSlbSZ96exNBt/L9jA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu + cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj + VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ + UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P + wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ== -----END AGE ENCRYPTED FILE----- - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUFqYVFHcnM0ZllNYUR5 - a09mZVA0OWhNSnI0aUw5WFZlaHUzN2lRR0NvCkhaaUVSWUxuQU9qRHpSdTROSVJi - SS9YQTdtdzdWNnhRd2FSdFpVTHVvWlEKLS0tIGVkN3Q1UE9NSXZGWHRGRGwzZGRh - Ni8rbWRWSkdtc1BwdGlaVGlNZExBWWcKbHXUCrg7c1Ekq2bQs/m22TwBijcG+3WP - vNp6a5V0wDgoDP49W4AodMarygePJzW/NgndlUXqIWuIbm6VFUEHRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy + VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq + L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4 + aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5 + a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdlF3bzF4d004VS9NcHNH - ZnBEa2xHd3ZUYW5NUlVGd2JxRGJPcW9lT2tRCnVSUWx4Z1g2U2pyNjhaWnVxdDEx - SGtSNTdrMmtHeUtuL1lWQi9FUTZyZW8KLS0tIE1tNTdoOFdQV1p4MGNUYWtRQ0N5 - bFNpdm00MXJIMCtxelVIMXVtNG5XWlUKtkL3P6x2rafYSTCW5zv/54tgU20FYwhi - RFc5sZRkgXhoXw+zrKkhDc28Xn+Aby2pUth9ihs1ngVB8OUqAZbrXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy + cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx + T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91 + bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0 + OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-07-05T11:01:02Z" mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] pgp: - - created_at: "2025-07-10T23:51:25Z" + - created_at: "2025-11-11T17:51:25Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ//R2fMRdWshY0+/feMDAF7t/Z0YwwAT63gzfqKG8aKC3cf - skGJtXBZ4CFW/tK0J62nS0qUIYrkWokACJk72luYg61u1KX1wUaEEqnRcEzZsxQC - Ib6hYXyKl87WYv99QUDaItBBBoSd9BhiDCnWv5nrstZSDy+RwlIYPhQy9KgeDt0H - 6pRnPEL3VU41AYt6YKl4yLBOjweftLwZkDgKyaJalwbLmFHWOvmvESL0kBj83hyX - Lw/XZlh9KUi+xEeYmHUCjO9xDgvJsMGTUY7m52U0W0faarzy59yYWnENROwm9jCK - XoYDu903CtxqSybKJ2AtGHWx2cuOmTjsHPEefqmK7M3XsVpsHgvx1Jo1eQYO1mPI - ZiryTsN1YMYXUkgGfFePmqA9X2iC/meboCWPcRt8lUIfmWx7uMGsv+mGXT37lWyu - wYl9Y2x0qwfAOyg3wNdojE5t4rlr/XaQ+k8Ep1ud37pgXFryQtnNhwgtYuPVWiFK - jnnUDCZrbsWbMmL88ZGYPNIcrBGAgmfYWzkWrU6fICYWIzJdgiWg91ANRHX9vnwG - 5YjZHoHnBRMQg32MInjBJrm/4r38DFQBm67bI1Ol6RMDp/wD5hLrbC6gnq0hGRJt - GzsRPphwrecifIBtck5/vs/f134Y+6BIADJHNEHTA/LnJC8K1VYRW5aBiFvyUWqF - AgwDC9FRLmchgYQBEADKxwFZHBejt2dr2w83XZcLCV/0Mf64DOk7I16VKZ5gBNXA - 4N4W8Q/of2/EH1a8eZ5A8DZPkVZMavdXkQnww8+if6yx0e4moBusUAzeKP0XtY7T - ABUueS7B9Ou3yhdVynpOfmU+EBwQXEuYhVsOlWUJGpfESoOBRyQv12P7ToOS4pz+ - panGeOMo5tzU/8vfkbRIF+9WWKPy/JfsufXGNQkdErgnTAdRCUegPO8kVpwZ5hE/ - 7IGtddUUnwC+kIlkv4N4eM9QabjWmU70L+THveJ4q7JJCmsimYPocbikVhPK7pb0 - mqU9hUMxJbBq6sPjLIq4QaSkSSipbiUUdZjoWuKuIbMjm6M7oWR2uGfQO3d5R+VZ - 3N3xkWPVnzoChq3zB35gkF6RniMhFMCjhYOPidYQ8QH68zN7pe3YzE0HkXgirjs1 - Zux8KlR/Vmh7wQjzWEfv3yK7Rjj8ePt4cdAfozFf7YMUPQWSr+BJ+1CVfI3X5Gb0 - RrWwJm59MicK7mONCDB59LMKUYciQc9JGlpl6oSkbdsy49OToPtuShsoBN/nmgVE - yU8BWhJt02KFLKvs+v+HXuxXgrUfl1zNAtzH0PrB40nuyoCFuvomUExCJiTTEMgs - YBwXdecgwcRta0/Q368DZqJzxiiYIy5xlZxFFMkA62JfJLUFy9/Suy+mReWBLdJc - Acr8AJq92TiCmHED4Rc78SaFDYjJYfvc6JLJDHxU0r2ucoMwKAR15gDDOaARt3B5 - Af7fxGWQ40sY56YgjgpBRaoXYDySuQ9Ylegd33hUzEOfOqKHFNAE+aH54QM= - =Enyz + hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1 + 3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu + AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn + dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD + 0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p + 4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763 + wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5 + zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH + HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr + hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0 + NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF + AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU + zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6 + H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm + +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT + iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD + Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm + kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq + eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r + tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ + RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5 + FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc + AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0 + YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc= + =R1dw -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index f11e9d5..52b8c15 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -34,98 +34,107 @@ sops: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhU2M0UFVMOXFONzN5WVU5 - TExjNEkxbnhEOWJPemtqcW92WDVJTXlNRDNBCnVoMTFreXBZVjdFMWpxUzZhaU5j - d0xZYUQxdUx4ZFZteHlsM2pJZXZQQ28KLS0tIEJjdjlHdklmalRUUGhLSEFDTmkx - cjZNZnRVSmcxNnFCRzgrWnhOMlYzc2sKK13rGMFVsXQkNERYQLrhgYHbDn0jPYbl - H1pQPZdWw+LXw1Z+Y9nj74KTPPLnPckVTwETUfvs9EFkcFIyhzGK6w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz + THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4 + ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F + T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh + EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ + YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO + UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z + Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF + MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM01DeFcvQjM2bW5DcFM4 - YzF5TTlURkxRYVdVbjdReG9LbUdYNjMwMFNBCmZJckdBM1YyZEFDT2RhT3g5bHJo - eVVISmhqQUZJTm1WQjNvOUE5MytiTU0KLS0tIEwrVGFwVEE2ODQwb2RyNzdselJa - b2tiTzZCcHB1NVJWS3Z6VTdMelcvTlEKdW6kkCiI1YhV7Da6SrCQxP0zdUc2ICSC - voGlNOnPb5iACvgLnX/a6EBKKO7PScKIFAzsWROC9MlLoF7ERnZdSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl + ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz + aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr + QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9 + c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNnF1N25qMUkyL0N1RSt4 - ZlRPVGpsY2hkbWZKREg4cU92Y2MwM0twaXdJCmJwTWl2NjlETXJ6WFNwN2JpT3Fm - WjRqVlc4SW9DejV0Q0JGNkJpQm1NOGMKLS0tIHpQRGc5eHQ3bHFnRzBNRGx0ckFV - czdKU1p0WXQ0enRyWXpaT0k2NHBzZkEKqLRezUd0z2PF0wakJe39NAz/MkpXIRAl - hvIqWsWyXHUU4a+mXwX8XWgs/uejuyXmHa7TgavqkHs9s4/p+KtNnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5 + cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n + ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo + cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH + rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWTFhTlMyVkZpeFRqaG4y - RDBhMEtpSXYyMGFnN3pkVGljSGN6MVlTaFMwCjlJd1UwbXVDT2M2R0hsQStqeEQ1 - YmNTNjdTRkU5aDZZd01DYjNaOWhKMFEKLS0tIFFKS1dXc2ZjVWlRR2ppSDRaRHRJ - cGwzMUFNTHZzcjZVTFNCcmp6VmdFNDQKNVeV1BGVuaUbSHHBOZzb/RJP4umX45RR - 14RInoF9i1ByEzY6KS2nyP83EQzbAgfdaUkPKkIpzytj+3gvlnI/RQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s + YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ + d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D + RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP + OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA== -----END AGE ENCRYPTED FILE----- - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWk81ZXFRQnRnMjhVZmZL - N1p0eTRSQWt5akJ2ZjZid2VUNW1ndFNWeFQ4CjBlZndkV0pKeFpZUjlzdHJsQTlR - VXE1K0p3TlhJdkdPMFRTL29BaUd5bmMKLS0tIDVlS0FmRUFjTTBpd3pGRVZMbWxF - cjlaR0xvUmZvdlFlZlFwam5IU1hYZ2MKOMW/ZsXOLtYnYCVf0JIxlfXNTDjSuscn - l1p2HspWo7J1RfJbOQgScy6rmUB/9HRMHlnwpnjgOYWE4EmuKcMYSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r + cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr + RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK + RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0 + MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA== -----END AGE ENCRYPTED FILE----- - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOUhETXZpTWs5dWw1VVhX - Zi85OU9PekJQSHBIbHpNMVh6b2doa0wvSHc0CitvanJBOFgwb3V1TEpjQ2xXa2Fq - UGtzdTB1OEwxSWJKVkZJWjBDV2MwMncKLS0tIERpTlE1cWRaemZFZDAvcGx6QTNK - amtUQkgvTEJFblFUWTE0RWg1cUVUbmsKx35Yu+wpJwlVd2JrXCT/qybmLjCmT+/0 - v99LzVDWiiAPx8ryU2FeAZ/umDDIQfkzyLbi2f460ATKZhVfqhNDDw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj + bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX + T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj + ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn + /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEx1eUR0TnRVL0tsN1lV - amN2M0VlUHVpNjJvM0x3UVVhUzY5QTRObG5VCndkblVGdExHZDBMbVZmU3J4K2JI - dHZoVDZHTHJldTFLMDdlMUFTNGtjbEUKLS0tIExKVVd1UGtvelRsQldnMTBXTll3 - SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP - wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr + RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0 + ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz + Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ + X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-03T15:12:52Z" mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str] pgp: - - created_at: "2025-07-10T23:51:26Z" + - created_at: "2025-11-11T17:51:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ/+OG92tnH/dwXLTdqlvN6sEPREG/oZTLGvjPiM0Ipqyrcz - rgTrso9MjBf0xZkxjH49CWqBpTBoOsxopdSU2cvte2IdQEQCgCJcqff3okBsT/Cm - 3yz10DNTdI17cc2tLFJtvcWubf+amRXTM8IbDozkc4ttuhCbCRcFMaJ0NTVMz+rV - pff9UQWGmAWBKK/u26prf6NeCU2C/v3vLAxAxVjuPBxNpXFZEuu88DdE0lIMy1rO - ZAsYz7O6/flf3qbl74HXhNUhWwDTUJtU0beGSv/sziAPSEV0lpScZbq5HdFvNUk6 - rH8Tf1IdV6n0lvDqVdnY7XbmXlF0neSLJedWf6eAmcvnedCTVzMGSNAIVhiW9Y2f - IURsyK8NXnZTw2G5J4BOwx082Z1wroH0cJgQz1IcfU/I78DUaysH87mYfUQAGPV7 - cLICS/2n+olgkC9nAz9ZQO7+98Ylk1n4EKkhW2hzR5av8LSu5rs9uTkO1KWz5mTT - QjsWNlD8+1OvEFxELJtdMLnTpMTZqPouwRhDhJLoh6to2/HT48xCpUu4sMyj1AY+ - ECGsXzNbfb6dlAvuloNq9DoEP3nP4KJ6DKv7gnsbS1WVT6LoG9Yg6s00YnWiMomd - 0ByLH5KZdlBkZFV0K/WGWpj3c3H0IIM32+w2yYSCVQEY8UeSTQ54bI0ao+ISPLCF - AgwDC9FRLmchgYQBEAC2x72z23cpRyfiQD32Pzb4cDheSawiXSolOZMAExsRDmYl - IhMyMOwWmetg4HOwfGhq1PuM7t1k7maVa8ulWQcmD7eSmehiaMzYpA/gctf8GFQ6 - 4mmQ1siBC1qArfMgFgd9yS126NUGqXAWsrnptnlIbYuY/OsiS7W2JKLQUcx8TZqx - 6NC2zIi5+h+ZbRugpz4ZG8OjFnUwbLdZeDJ1M6i/TVuDJjGC1JkEePjY3IvcmB7P - QTzGCsYKwYSeUuAKel9ueqvznNqACQ78/NC/mYy8xTMiyjnhOqOFvmlHLZLy8cFs - m0eLlEfQycwGOIPZa7xo98AZ0Ohvykqy8SBcp6JSEoWcXi//lLfG2z5agfd7bEUP - X0rOKwmFL1l3w1sAUzmKTa29G8b2+rrCoKCHyByDQXyhgLa3aCx7tKS1iNwGdXmc - emvV15+jf/xQ8FrDDZFJGRuCVyuCGphEN8VxFR2BWRjEHEsy9gRMaJlo8gIw54Oe - ciMEBRjT+3l9B4Qipvm8V+okrdHQ56k9AbpbsAnpyHQ6A8AN7oJ19uzBq1nzRU9p - yE4lKNIjOIJmghvUcL8jwld6+w6iMkk7Ss0ClavTA06hWld6mDoRvfrQl+t4nogT - xypUidp/KtILrorNEVwaCsuXrqe5AspOcr8SqA77t9+Yj6b9x8gdJNZwvcMIB9Je - AXC4iun4BpIMdbg2beONi0Iwq+IeYOTdvpo8HKk1qrQCN4zHGaO6iZLrDFqN01DA - IyppFwRhJ60d5TjKweEn03KAT9oVsjN4nwpazd4JkLANXrxXX2wDYOVlnfYyng== - =jNoq + hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw + OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9 + brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf + G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ + KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8 + nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu + cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D + 0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi + 6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio + 2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j + GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF + AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD + PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+ + ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi + R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J + I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy + EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/ + 24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN + fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL + yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k + PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl + XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B + u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH + +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z + =s+4A -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 85d15f6..48ee1ff 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:FMhv0WezQAH1OX7F2WlgdAEn54aAZtCXyFNP+8CboukwlL1+VzzcsjQK7/KJqXiHfIFHfn7N0P/y8tk2P+A2Ucbl1NYxj5IgfL7ohAACDhAVkofCM5CD4KcE1DoL4Ja56K6qkjlAi/t7NRv6tUYIr+NZqr2g70F0RQbgF1dkdpxW1JUNmreF5CnXDYtqz6+iMpekNXkj+wt/Zc9lQ/zW1fP4IH0C64SG+lFucpseOwP3YhvjFpzyT/11+uiStc6l2r+luNT8eJsaCYmcSqK5+1lJglIph1k4H+Xy1ccRHHeesy9+ySaGBP3h5uY9+JOdYe5fO9SYZt0cKO4Oic32Yq+uZ0Ldu0hPzDN4MMHsBP6lYidSXqs/kVgxEbPJ7T0RnQmFCVDhWE346HquZBfrGuxBOu2ifkxAFVHJyGaItOk2wlxcPDbU0P+t584CXlVIdGRS/mvW4xxXBCVlEi+QM8a4JcM7y1RJZV6S6R1DGC1nXgdscpcRGIfp6BcKPmSB2vZO8rx2qOMdUPS0FEOEVnHsvnwczGZHJuq6WjxvLNnzBH4gZtc30OKimlxXhQA6qyjupH7P65ayiFt9vvT/fFnYZr9aABc2xbSmqyJZS1wfvl5JMQWnUayigxfzYMdxuMC9+8SCykqXmy7hDlJeBBobSxdQUVhHAprY/sn+FOBzK5ZYb0wsavXI9w9sUSdQiU4XIxDb/FXJgs89FZ8p+uWQ1vFglF6XYR299LScIN7CsvLyGdk1idr08WCc92+9DSnSv9onM1UGD6IkSjMB3SoexuGa6Kj5yi5qyAOtvmMl8NwJn8Xh+gEE+FSUi+GAhh+aLvNbiIVPPmNXgI2+slUn6bzGDLk3NQMMeQ+JrX/SdT7q9Awxe9jtdsej4CGINrrTYKHsaPocVQkK6wpiQh8XbvxKoOV3UU3x9ouEVUjHrN06UbXWFXQSjEz5QXdtjpyTqxi6AaoL8M/yFTL4uB2ahPZ8bC17ZVq9eXwUtHIyKwClbTHTzlkJzr7lR7I1zWLtZIKy0pr8Si5DEkIuT7YCo5w5Pa3Z9DCkdAAL2t7TNTdrQo3H/iid7YKupfCeQxYYf836toX1Ff7jTCLtTEbfk3fOcbpu4uD0geWx4vI6V5lolJJ950ETnx+pq8EFVEk5D6VSfGo+Hl9c2xZ9UraYo9I0HzSSe12FSEVF/anKMVhBZGxdIxqCQQuu/FSNhkaFpmYpcEgodmFGQbAY0OworSg9ZnFWVMgQ33T/cna9Ene4AZ93DJaNrlzT8Jk0QIqCQjIIiZwUqPxABk0epNMLMZzZBJ/8nwN28YU5/pp4c+53RYPjMD4NlC/P+JXMxF+bidSOSYHb4Ucs1vIRljDSWumb46ZXoV+4sCBSdG0LjNVLkyx9P2vYhcw5G1KduSrUMY9VVOePcVQGYfsWjyi0nLyWadu9UUASafUwkOo2JoEjIdKWqg3zQRYIMr0GYp0Kf1EGVTPRPOApnbyLezDQsSnSZzakcJ1qDSFyLjlBMwoE5Rmndp+TS5kUEQaNeJQb56tTbDLWxlpgCoDgtfL5q+gjuVsjwkvUA9o9usBF+hndDl/fzs/ajR9q8V+hBS4j1AQROFRQhQv7vYdGA+Q3z18nTBheY2MgzpGBUwOEFuJJ+ndPANtVC7EIMz/rwKg7g777cwYLHyiJG1Rtj+45w1DmktS7sIyD0/RUt7ApF/v6PeMY+lVjXCKUfgNDaeiHQzKQpCF4+O4CThKa7Tg0keKI4fuJMoFEqZcfEr1TVEFg8AKcBzqdHMyUeUDyLIf2Sp7GJQXTbNA7TlCI5iABJ9McCK01RMqf/1Ew6NJfNDp1yjMd3NpozvAvMXIunmjUjKHzraW+gw/+z4XCq9ifALcKes3Y1R/tQmVfymnMGGoB3bErSIRIDA47IeR5OnrNVwrTM+l2Ew6jFBoWXH6pfaPj6SkdNgOEPp1mHlHf/x9YDBp2ZmtLAG3vlf4bXk0PQhNIb4bm71WyqqFiYwrI82o0Q+UocSxo/lNnLuvO3OxL1P9tp7OPi8kiB7G/D65qvE653xgXmo1OLk+RBJjhqSxBrPJTNbEcPhp36xjg4QtE9alC0XvzKaGUR9GawD6ZEmgE5payDSRXMPD1ZHx8dxr4wdJmxYFpwXFH8UheiKk2dhoGLkMoIempdsmteyaBh+qbeomXaq0+ihHAHkCtzQOc83cr5OS1tmcU1LbsHQ6ZMfBtpig/yWUdpGzFFTPPVKKx2+bWOkOW44IfkLsnAVjo0fvofnL6wuFBKVVF0bfQmlWBheR/VeVrwEjbxTfVOqRmBsliBSxzr5A5FsK5LGfzsyll/8IegLuE+412Kj3EZLVx3c+xq15oAh66/5JaiZ2C69azvb3gPr5NryLFqW0a5gxw1o3SiOA/L5mgzhqvFpf2+dfXLebahVpAYCpP+XLbYTuDiIbCJouUxBMWZgsmaIcwrGKecixLa0LtESsfLSi7F7jk37OlrOaR1gW0PHhYDfmXq0fqHPulthCWEbm76xSCbuLc9L5FI4Kc648WkxXXR8388mv4xIFAURcorse7DObygZSOx+BW8zynUs7NexXnT9OGa9vTB0OTWadOGXNSIL3LNCmoGNtxjfMCfl+CgAWFQxC2OkajkLxu2g0Ff9eEBNUQGrs8EzMB4wKPDHvtnNrezq0NMFsA7NDyl24taCXZ9jNtk6wsq2mWPW+BjvmlwK5Q8VgMXGLhxDXn4322s5NXDZc2GrafflDgAz8cdMWD1kwj7I+V1YRR4BjXikON3ZeDc3IkvW/ZPbIklr1IfAz5dZ6/pxo1TOHbfkxeS1/xW4+QnCBNznoxMH8QpPnm35Ch++Hl5raSegQ1iDGcGaTu7cG3f3E9sAI8J/x9xzps0kybF1B9ngyvLP+Y+sQ6plqaiWhrAtOtSvQIuZwIqJ6CLTVvGGN0CJVxWz/GU2cxL4ierNmSmni9MroSWz6U+M5K9P2rAQdskIwv0pcZ/esk0C/IHRZEs4DbaFBTVJoPk/8eMKBhxXmomAOm7SFRTp6LMD7OrD/ext2S4cWXbcnXY7WX4+R2GT4yCIo0au3/CLX6znK0o4ml8dH6FzClJCiWL9pc3tFbCh5iCiIGaCXFZmAM3NStD8XLKvqatFxgmK9I2jSN98eSSMU8MexiRtTttzza/7Nqj3/3nCM1Qw4sIEC+a8TWjHJeE/6tJ9JyAHEYZuhE9P3AbECwa7nIQB5NbKF/IDrHUN+fw7mKEPMgbMBQ1ITWg8Glmb2trzms2WlxIm071j+9jYEs/F/n9/mzX6/iyCRegmXUhN9rcPr34GQiw4uLrWKnRhHMQNwOMPVOG6MgPm9+eYBExY7Avl/Evscidd6uewc/+z1soTNIh0qjWS5R5ubgET+Y1G6B68dVrqLE9rA9Z3yIfcp8q/mal+qlkiSv9Vx8285CcM1H2nmXN40zGO3Ad9kVwsgzoHknIW9woUNly9GZeeSx6m5GCqAR7RFsNh6G0xYE7gtWoNs5xhGOyY7Dp+6XhYUPJQJF/kJkKmfFr/0nzXDjCqC2Fdc+OO5ao2nMod3uXFFUZBZzms0+RM0fcTwDLdaEkTw2q63ik4yRcBL7k5uMb7YTeZTitKFmaqPfq9DNgs+hItzDDAUBiJxbww40Z7O1kByg5J2PHU0Z0QJR5pXdMIwakLsKBIWZ7vVWGTmiPM46uRQSrdmjLUVCpanXk4OnRp2JA/Enhe76eASIN0rmHNLAPgzY5H8uhdAnlZ83RZ9qacOgQbjQ9s+rvUl+LpbxnZOolWcVnGUHZj/u11AVIz4VS6AB4g2rFpxSpt0welvuvngshOW+qpzIiw1k0oXsX4WkvxG4s7dwlfAUuYpJCU92EtSkF3z8qBSG35J6k156nXul/zIrxsYv8iuj7Oc5YwceqPhWNaysdRfueEgarfTdJiLisKqeWB8JTEFLDQCHDrbT8krWbbxe1e948grStUpx86BhQIB9bY3lleGgb8J3NNbU1qIltoVwxegECm2CyoA5NHJG5pLaaYBRlWlQC/VZMoo385DQL3k/Vsrn31qdNc50aPisQnqrKbqCdIcdG26VnXkJC9gyhHefzXwu+VkvJJ4eGBmRZF+eB7enzyjHaqjLXJJuk2drsDzWnuAGGA8Ys1KN/mJY4tF741Ba8rZmr/4BcPPRzR47PDOtBQsaI7RsdX+DoVsdgX6P8b3iVIuEm3DHjZlaeQDqFqrp/Q9gHEAjUmpa+zAk1wZ1XU5fw8YiKj3xP+/9pQ5QHqU+IkeZK7306b7rywI7PJf32QOfaSFPBiPI1NhQsBRoVbR5VKNiwK9nKA6fhxiWjvHqcCI8+MoxWhXbq2TwSfQLg91+NwzAUaH61xR1dQw55UAAUS0HfoZTSKqyyIffTNvF6ulRJITMtr6h1q0N8cVdZln0zTBT2k8uMvt5z5RFc58XpRhm8FXXx9LYtlMSdshVhYYyqepMOnhn/4UU25aqQ6swVmsyoJgFYM9ABXbMlFIGVivGEptHDEA5EFhfb6uPUHFmMKkT4rV4Uy8h0h2P8vEitCRZLW/VM3t14/2CN7IT5EQqmKyei+CdKHXiqJlb+Oi7bAATLiroIRoRdF9Ydp1nDRgU6XMxfv+60o2Cxkal2lSmM9YsCByLXY0Zefen0TNca/wndhuRkSJ/GVu2+E6OZtx9zfC0I/GDV4g8TfK3GLGINXBwifOrTcPTyaRgGmAO7OmhNES1pgEvebbeTJipVvq6PCGzVMARsQMF10eHvZQpgMjSq0mSSyccW4BF7PVF4013hgZuT3ZzHHN8zPUyRPifqyLYc3grL0ZOrY6zM+HWM0WvtE3T0u7psdxdxkqHWIxaCnbn3w8H/pqjBb5f6xWjC0auzM6lPtJ6zZ28TBuwSm2ovcOpeGVUx0iYMGLrRty6Iu02,iv:0rzvTEH041voxTfHnSlAfQx7SyBvcY6fUQxbmfqyGmA=,tag:CmyhGqlyXqI5o2H3T+otpw==,type:str]", + "data": "ENC[AES256_GCM,data:AmILjmXaYip12IA3T3duZIb7Us6FSby/gdbumUJ69y9cU5CK84W8A5zNIv/pNorvbI/d4d4cwcIWOQJdb0vMnTx97ftaPJl5rK1TaboL+CbbZviIE6HTTnkZlutdFjjqzkv9TCcJ1Cm/Krf+/AiSX2bYujzggBMhrOpkb3Wt7iTvxpSahUZkyRLJTDkY8OJdc4uXTpZIoPEEWOF/ZXOdEYOuNvES0dGwzCLhmYBf/yWsRgr7ICRSH0k14lsQRmRa2ZGq07jNlu/f+zXtIR4UMQC732ERLFBKTdqcvFffhKYuy9xL2FNJFuCZ+FXsFtV1Y0YQYeR3B/30EHxLrqiRzF/orkA4mdFgdBqiOcTJKnOeanGF2Im0XiZj6XjoAftHINpX6SGVZOk2mgd8e5giNcMew7izQyQdwQBnG0FKaZvLFO/5YLUdRN1kdtNaDlJ634L1y5lu78TWrXlAQxor9mS5nUQEoW3i6KDOA8OQRsU4xcWAfMTOTRS9Qdgo4fBupo+kTuztRHjv9Tyb8UvMtjyqngDSsmKcURNQWM5mO48g/tP9rtRY23g1B2no//LR+NmhutR8mHjG65GbH+eqF81fI/kqMVZrbXIkZbkh8W6Hg22CZHKQMWTGP+T/25XhnE1qEFs7VlYWHdIZr2c4bMHhNmI5DqEinn2qEe/5YtQ1de+rQC/3X4Oh0+6VRaJvJ7RKkqbUFMUNrgsrrRgnmSwqlvVOykppWdHxtnbUfmjuhXM/Fk5yUWgDA0qPofmcSNAfxzCDkpc5YaNXERe+20xD98VyRvYZS+OTywes5ComCXh1vfO5NpHbPoI2NbJqgJj2Kg8QsJBCRqAMECMAK/rm/adnmCAMGqHzd0gCWyWQr+sxXQSnst+9SXKFB7hsUQYm78hO9Tj+0CJJ8gZFc9GD4RimDbxu27hDcf5ycPqTJ1PqHqHJkGXT810bT1ArGv2udWaz88PONfYmfL2kvdcZuJtYCKRVLqZnjl6MKee3HN9O/MTCxqrE7ZWhZhHTwkgqWcrKFmUMedReUdcVqn8bNkeo2jlgHKHuilRIt0nuQtSNlm1CEBzjCS+c9sE60inlJ+HOnI7ZppiiXBadI6i7MZ5+EUYibjck0vApxm1MRPonZg7j9VHJB7aXkNn2YwtDo4ihjlmCt6AZRgoBYJ+jIwaLGpM2UYEX16E8QFdSWqE1ncFH2Gz5TswqDbztLGVRplRs1Ayn9XmHSkh9mfK+SDAEFy16rnBY6QuI3Xw9g6sQ5x4Usw2m5qoJ8qxTJzzCjDndqYWMeSV4z9Q2x13EB75sK4wBlN1oLn2ubxSiunHss/4nIARDsTGHYO2ilPM5ekajN/v5J5IH5dYwE9HT2pqtbtjo5Zk3JvL8fQiWBQDufjDfYnaLn26E/iu0Xl30uYLI1NwAxvGEPOOZ6fndBPkNYz8KNq2E0A7zv4pyDqA44/uPkfWJnWeVQXoYHOGj74Cc11+bVm6s0mjv35mLTg1EadWJZgQG9I+NHMXL+uvP6RGkX4oXnVT7rQHItv0jz27MlxK8/fm+UrOgFGYX+Pq2Rwam8HN0IprzH9QAqODhuNwTe4CwWS+cIk223/5t+M2NWems2p6JKxuZ08KkPseUQnwl0Wxu9pFKYSBctlgTrJ7Dp83rwbGHKDgB5ZBimsp/uT83dJrFCp7Rpks1AnLSXo5rn6p60Do8P3JfzXhLJqi3jHp4Wl3Qu9Sejq0Z6JVPfNkf24eIbQ0rNoSi7ruybSryXPSH5EPgmN/Sx36etCJ7/3XPmSkCRg0/o7gVRjbHvuNdexyzfR2UIHvm2qzWQDiggQyj3m/JWvgsqNBBAhcIiuv6eCznRDEjOUHXLqTYiz9NUJN8H1rxCg8dCBIsLfNwDE89edU7NsIGCqepbpos5dFzOPHrr8sCYwA5Xv2amQ4PJtULHrymz/SYwkVG60UWo0rl332a7bi1CQTa+MyGjbD8OTOMvr/itUrthND81oD+q6cK6B74qtrj8E6HG24yl8vJHIO4un1ZxZkkjUGP0pIRT0vd31sxQxUU2REeq+7Q1B3N9apbr49wYK+8EVBFwyxK+Ok72BIBVvZY82kNmUhBtyIOsqhT4e+c5VQ6YqKO5W8b4F7vSCGhzkbCyddcdhxWzoSKcFv5/mAxBVqnk9aXWMs1+x8lyfANRE89qYgjmw5hONloCL2hZVL28ykGt7wGTVFL6bOjpLaa0xUrfhraEiZCHyrOlqwYz9QDjmDmsURdW4plUwJa+8J5QVu73kC0c0WZ5xwoQppw8eUS3rGt+e1PaKByNfEPD5LLd17QFBdWzdiCMlVCl9M7+gblPbSMCTfcNNnB3MoBzD/znN2pEyNlwdJaMN/+kCQKSNlRh3U4oPAutK0/S7n4A5V4ZylRVFQ/j8digntEzr64wixLfy4L4hEVXroraY9/asciAS52+kXWSdPKqWPbzPsZBTVw7+aYXlwYzHtbhN16LbNSOS79lKbS1E2vSOzwtq1iKkB9ckjdAZebgIaL6wSGQDP6MESDqsgpPwwpr0faOjOz2tc0Bh+FUA0qIHP2WUSZUmws+gurPJfsLgm9OrK8YvzClZIG4Jw0BYHE9PPYfColMic5mFVIGGEALFcc9xx4G8Mh0lqTaDbVaJONQbQ2kzbJ70TiqISlaHxCpkeyH7Hg1kHuBCOUZUUe1Nh9vyxkQoW6qzqZa2H0+j1xqMmy8tw/sB55oUOkC0SzqQkS+7HPgoD/fMB+VVsrvOJX/YCSNip9NX1u5Yf+R91LiYAWnlT5CYnseSBbwyOQgF3ud1jN1QE/tnvjj3ASy2OoQbOnNhJUnoShxMGi8PRDv4tNHDFY/FbEmmiyH4q+D8j4FYkyxZorNMfxXVdDewRQNO5ZVyoIv6PFcKPEKHRqFrCGN46yT6MvjjeLqGAHanZkGBG766bg285gWRfXnR12ZV7g3mzbet8oWkL0W2os/LPjeMjSbEgtXVTFc+nHJajPKXDxQxx2N6kYopudyNgweBILLgbeLlCSZhJhyAWLpIOvlJ1PGNnbDyY2CR+SK4XH+8S+G3RwvOSW/4dJA6GUFv+Lweqa0j+JzrhSIZnE616IlhA5AlkVHySJKbFKBV7aQqu5WtWZz0uQRZdf+xQbPhMcKOh8L6OrMCJjDibJYgHLlf5yR2MawMpX2pkzUFpheah74+V7QQd6gBq6aqvLc/GpweOaxQ3h927EuiUOC+kkr2vT/lu/25/lfhpGzbL5sT0dxPbtVhymImMBaQz7tZpf/gUUu56LJfyp/Ct7XJEKOsN7tJtuJYsLL7NcqxB4X/fZz5wPfMr4SbJMCz+0AilZCRvXfJ38/LI33phb2RNE89WbO/PSTfphNBTgO1tAouIk1bvvILz3ObHM6bmjdb7FaFuP5PpzzS17OP3Yregz02STonGg/Gwx4Bw49Je535nZShuuhbuDdW20g1Af5mYXfTusLDMorddn0G13aNPpoOxEB8vFosnJsq8gi4Bei1WMTTaeTemNEbsdqFn3/7AYbzVtIGm2JjQScZ98RNM/j0zPE6u7tCd8YOStdAtK3aHtIm6lTvYb5eP6a9kpgVHGHaqdLey4F7RQE2Q7TNWH0A0NIsSEncvxTFUuqY2ERxN5WITBhPoUyPIvyXNkdgt1iwAMeSYs+emEQFrJ8uMb+gZ2WNusCMSU4IdnlA/ndAf+0hM2giaiWZ8xMDX0CzVxjye9ijId+XXJQqpxlsLHjc+ZD6sqYFE3nQrx6YRoa0eV3qBQCnse7aWbIqt5+Y+lG6GNQRIcwC7TzOxRY/d/iorFl2lw/KbkClb3LDlaz+wyTtBB6CEggPtdGebuM/9SGzn8waMx/m3vlRgGriJSyuDlqhQAyuaBDm56/hVc1/YhByL08zYgsUtLg7Dn0Q7JmpdKs3p35fz/9IhGNa423BrMHxo+ga/nsBU9U59jZm7aBfJ1LFbA5Akls6BUi9QFE37Z9Vm8u2bS1TGPAptvIVkGN6cmhJJsNApYr0g1gPUY/bNOfE9rTat4rF2bolXLf+sf8UHK1gTJ/HOCehJqoLf/VVS4NEpmWAeP0Hjw2/4t8/e9qH/xYyNzkSqhTkUI5BHPOJo1CtjiV/0k8MxkPo2yVpfIG3gDajg7lsSrlGi+ORwJOOYWxC/IEZZz31+NbUFMl7SC+ZXWIvftZF1y3noOksT+wHYxnRXQGe1OvuyaAj6Txniq6zTwy1dieHiCjSv46JRyygGw08xexERE1n7bLtIWSZ18OsYF5gf2dc4QIYSlNXG3di+MQPbjH6P0VeI2rznXyp4AaIYIGxfT1fUP24S50HUID8M+67gtaCrrJgfW9Hy9m+HlRO2EjNgDdlyh7hFNflGJeWUZZ6alFN72lVjuWEgsI+HCodNT57CSyiYJ/FtrIQaw7FNt/XQADCz+0yM8vJB5JR9EiVjSHYsaO9Xn9KqfJyt+timVw9HdfTT49lXQn8U1qtxS3uGMkHmmcnV5Ogacjt9Y4IhUaWP58pAe2l2lEyC4MRt1LMOrPVmuYWb4zkBS0rvwpoLx8rN3ijcetpJukRIGGivXDXy+6cnGkAHx52fIPdyGC6rx2KCIPdFfUzZC3wYRoTe/liub82wZXk1ZACcGv4+myBcwE4GtPJV0gctxzryUJ0eaAxkGxvklUMGYfgeoYKYUk9YZGFhQ/HxgB7LqJnDQjKVNlpFzWxyMkYqqLAC+owj1uJ0WuMs704AjE352/73bqwgYbYnD7p7wejEYHPofqjI6RoBIJRtWREVYHdsGCdmuyLbMDA9tY/z7nA2ei6nnUG3hyb5S5M9GL9tQxWFpCFeYBJEyl9S1COmoBSqy6n5Yhk6R3N+d0rkSqGb3z+uT03IjXmKJAfcwvWZWuUWTmQ8wJsUOsCrPOx/5sbsynyvkoJWtdgZjuia2gZS50qpMJFTUUKbNkp/wx5QT9z+tMjviC8JWFXB+iBLnKiWRA38AO2a5KtyGVy39+urMApJD9/Cem3NMyKTzY8OqFreZsH4XOBa45yXNo2psEY6gfjtD9Apn3dLUMSWcjRGXq5qKMgX40KhpWgWNCc2IlBGTQ8XFN40g4sDAQ/GxBQeik3CNMMERBxTCeNEx1P2Ju502Iwt5GiHtDedy2Y5HXrUKV0GYIn15uuhPGdPTErAc1QKgKxFq9b0yC4IVzkrnKRVbqI0BSCaswAzf4TUyzkYSf8Zfs9BSb5bzu9o6eN/x1cWGJdJlI8ATZebOcMBKkooDOhZ0T+b2bW7zvZdnj4IKqklvZlnmBvGnn55QiwpvCkhmGrg5+j9Q9QiTGai9h3Xt2Y8SVZXfltwXITeW20rJfWn0s4DoyfPWqunApWv4TH6/6uF6OgJNGOM7gLnH49K7MMVs3nCAmjkE7Gggmt+zzJsuX7gI9eZF8iavga0sRTSiF635pr24wiJL6tsUFzvJ/A960hhhC+Yt19E6AmdtTn9pPIk36O27G4qwLWOehueMpmQhzG07eWiY446iJByaDztM6WoYlqPAS/uaswYUEAUwHb4eZDsRwAgSCwi/djCxKWXqAoFzVftj7dsiljLvxqN+U39EM7pWBmnPGC5fLQ==,iv:jyofVBu/fxKmEnJPR5e81m8nnbcXf9i944mGH3rbcrQ=,tag:ILjy6UClUAyJmut255ZsKg==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-21T17:52:25Z", - "mac": "ENC[AES256_GCM,data:SNsmzPknGzx9H7baoKo8gKSac/86sW5em3MKyhYFUxfRhZEtkUwkzz6KwDgZ4YCBzUlLrToiLUICA6KPnkXDHhKBh+8dyyVlB8ISU3gDbozjwRNA78oatLlA4h5sa5RADLha9j7Fr9euy4rcrCmk6jpL26RmsiFZhzaAxhkal4s=,iv:hmRyoG9tW5Wl9AKxWDW4Hv9Qvb5zlM4Ktrk0Q8jsVxg=,tag:ofsjndQpjLmnCMvz1NTsCA==,type:str]", + "lastmodified": "2025-11-12T21:23:26Z", + "mac": "ENC[AES256_GCM,data:YX01kVU0XeEFDtZokPcpZ0rkFWFqY29L8/vEEtBv8JuooEC8+P9GArK1yrOlAh80UnQb3aJC76lVLFJIToeUmSImvJzD3YBril9YQs5NsBKCxwyroMNOMaKmR7Lzn15rfXhBCtjzeLe8ILyzTtUrW/VqwPuO4bqpqd2fdKSAVzk=,iv:QDixQGXUITr9SlQs4kJ/daUt/THafb5UB81xmw4eZIs=,tag:vC+H/fBJ7CcwL+n60QMu1Q==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z",