diff --git a/.gitignore b/.gitignore index 7ab9c97..b2be92b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -modules/services/matrix/default.nix result diff --git a/.sops.yaml b/.sops.yaml index 69afeda..071f3c5 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,10 @@ keys: - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 creation_rules: - path_regex: secrets/secrets.yaml + key_groups: + - age: + - *sakura + - path_regex: secrets/violet/secrets.yaml key_groups: - age: - *sakura diff --git a/flake.lock b/flake.lock index c6d5cbf..3be4fca 100644 --- a/flake.lock +++ b/flake.lock @@ -54,6 +54,25 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1746728054, + "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff442f5d1425feb86344c028298548024f21256d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -231,7 +250,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1753252360, @@ -518,7 +537,7 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "systems": "systems_2" }, "locked": { @@ -541,7 +560,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_3" }, "locked": { @@ -784,29 +803,45 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_10": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1753432016, + "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1746576598, + "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { @@ -833,6 +868,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -848,7 +899,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -864,7 +915,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -880,7 +931,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -896,26 +947,10 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1753432016, - "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim_2" }, "locked": { @@ -935,7 +970,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -955,7 +990,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1753530457, @@ -1021,13 +1056,14 @@ "root": { "inputs": { "alejandra": "alejandra", + "disko": "disko", "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim", "nur": "nur", "sops-nix": "sops-nix" @@ -1052,7 +1088,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1752544651, diff --git a/flake.nix b/flake.nix index 1256397..ddd5625 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; nixvim.url = "github:ahwxorg/nixvim-config"; sops-nix.url = "github:Mic92/sops-nix"; + disko.url = "github:nix-community/disko/latest"; }; outputs = @@ -22,6 +23,7 @@ self, nixpkgs, sops-nix, + disko, ... }@inputs: let @@ -116,6 +118,16 @@ inherit self inputs username; }; }; + hazel = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/hazel) + ]; + specialArgs = { + host = "hazel"; + inherit self inputs username; + }; + }; }; }; } diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix new file mode 100644 index 0000000..8bf4405 --- /dev/null +++ b/hosts/hazel/default.nix @@ -0,0 +1,48 @@ +{ + pkgs, + config, + lib, + inputs, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + # ./disko.nix + ./../../modules/core/default.server.nix + # ./../../modules/services/hazel.nix + ]; + + networking.hostName = "hazel"; + + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "olm-3.2.16" + ]; + + time.timeZone = lib.mkForce "Europe/Paris"; + + environment.systemPackages = with pkgs; [ + kitty.terminfo + ]; + + services = { + smartd = { + enable = true; + autodetect = true; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ + 9123 + ]; + }; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + }; + }; +} diff --git a/hosts/hazel/disko.nix b/hosts/hazel/disko.nix new file mode 100644 index 0000000..d308f8b --- /dev/null +++ b/hosts/hazel/disko.nix @@ -0,0 +1,37 @@ +{ inputs, ... }: +{ + imports = [ + inputs.disko.nixosModules.disko + ]; + disko.devices = { + disk = { + my-disk = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/hazel/hardware-configuration.nix b/hosts/hazel/hardware-configuration.nix new file mode 100644 index 0000000..37b1ec9 --- /dev/null +++ b/hosts/hazel/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E141-F5CE"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/core/sops.nix b/modules/core/sops.nix index d57f4d9..1e4847a 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -2,18 +2,32 @@ pkgs, inputs, username, + host, + config, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { - defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFile = ../../secrets/${host}/secrets.yaml; defaultSopsFormat = "yaml"; age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; - secrets = { - "systemMailerPassword" = { }; - }; + secrets = + if (host == "violet") then + { + "systemMailerPassword" = { }; + "forgejoWorkerSecret" = { }; + "matrixRegistrationSecret" = { + owner = "matrix-synapse"; + }; + } + else if (host == "sakura") then + { + "systemMailerPassword" = { }; + } + else + { }; }; environment.systemPackages = with pkgs; [ diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 53f5652..ec02ef3 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -1,107 +1,127 @@ -{ inputs, pkgs, ... }: { - home.packages = with pkgs; [ - # Environment shit - tesseract - yubikey-touch-detector - wireguard-tools - openresolv - xdg-utils - killall - libnotify - openssl - pamixer - playerctl - wl-clipboard - cliphist - poweralertd - ffmpeg - zip - unzip - wget - xxd - gcc - gnumake - python3 + inputs, + lib, + pkgs, + config, + ... +}: +with lib; +let + guiPkgs = + if (config.liv.gui == true) then + [ + element-desktop + gajim + signal-desktop + anki-bin + obs-studio + wdisplays + librewolf # main + ungoogled-chromium # for things that don't work with librewolf + nsxiv + imv + libreoffice + xfce.thunar + spotify + spotify-player + thunderbird + lxqt.pavucontrol-qt + mpv + plasma5Packages.kdeconnect-kde + # onthespot-overlay - # CLI shit - termpdfpy - vimv - iamb - pass - lm_sensors - neofetch - hyfetch - glow - eva - exiftool - translate-shell - progress - pwgen - jq - tmux - htop - eza - file - fzf - lazygit - gitleaks - ripgrep - yt-dlp - spotify-player - nodejs_22 - yarn - cargo - rustc - wikit - reader - nmap - speedtest-go - delta - powertop - android-tools - sshpass + # Gaming + lunar-client + ] + else + [ + killall + ]; +in +{ + home.packages = + with pkgs; + [ + # Environment shit + tesseract + yubikey-touch-detector + wireguard-tools + openresolv + xdg-utils + killall + libnotify + openssl + pamixer + playerctl + wl-clipboard + cliphist + poweralertd + ffmpeg + zip + unzip + wget + xxd + gcc + gnumake + python3 - # Install pip packages - # python3 - # python3Packages.pip - # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. - # pip install --user --break-system-packages - # '') + # CLI shit + termpdfpy + vimv + iamb + pass + lm_sensors + neofetch + hyfetch + glow + eva + exiftool + translate-shell + progress + pwgen + jq + tmux + htop + eza + file + fzf + lazygit + gitleaks + ripgrep + yt-dlp + nodejs_22 + yarn + cargo + rustc + wikit + reader + nmap + speedtest-go + delta + powertop + android-tools + sshpass + net-tools + nmap - # GUI shit - element-desktop - gajim - signal-desktop - anki-bin - obs-studio - wdisplays - librewolf # main - ungoogled-chromium # for things that don't work with librewolf - nsxiv - imv - libreoffice - xfce.thunar - spotify - thunderbird - lxqt.pavucontrol-qt - mpv - plasma5Packages.kdeconnect-kde - # onthespot-overlay + # Install pip packages + # python3 + # python3Packages.pip + # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. + # pip install --user --break-system-packages + # '') - # Gaming - lunar-client + inputs.alejandra.defaultPackage.${system} + inputs.nixvim.packages.${pkgs.system}.default + mermaid-cli + gnuplot - inputs.alejandra.defaultPackage.${system} - inputs.nixvim.packages.${pkgs.system}.default - mermaid-cli - gnuplot - - # Email/calendar/etc - neomutt - w3m - khard - khal - vdirsyncer - ]; + # Email/calendar/etc + neomutt + w3m + khard + khal + vdirsyncer + ] + ++ guiPkgs; } diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 52e94bc..8291bcc 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -9,57 +9,64 @@ let srv = cfg.settings.server; in { - services.forgejo = { - enable = true; - # database.type = "postgres"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "code.liv.town"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 3050; - }; - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; - }; - # Sending emails is completely optional - # You can send a test email from the web UI at: - # Profile Picture > Site Administration > Configuration > Mailer Configuration - # mailer = { - # ENABLED = true; - # SMTP_ADDR = "mail.example.com"; - # FROM = "noreply@${srv.DOMAIN}"; - # USER = "noreply@${srv.DOMAIN}"; - # }; - }; - # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; - }; - # gitea-actions-runner = { - # package = pkgs.forgejo-runner; - # instances.my-forgejo-instance = { - # enable = true; - # name = "forgejo-01"; - # token = ""; # TODO: fill in tokens etc - # url = "https://code.liv.town"; - # labels = [ - # "node-22:docker://node:22-bookworm" - # "nixos-latest:docker://nixos/nix" - # ]; - # }; - # }; services = { + forgejo = { + enable = true; + # database.type = "postgres"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "code.liv.town"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 3050; + }; + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + # TODO: run own email server that sends users emails! + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + mailer = { + ENABLED = true; + SMTP_ADDR = "smtp.migadu.com"; + FROM = config.liv.variables.senderEmail; + USER = config.liv.variables.senderEmail; + }; + }; + mailerPasswordFile = config.sops.secrets.systemMailerPassword.path; + }; + gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.code-liv-town = { + enable = true; + name = "forgejo-01"; + tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; + url = "https://code.liv.town"; + labels = [ + "node-22:docker://node:22-bookworm" + "nixos-latest:docker://nixos/nix" + ]; + }; + }; + anubis.instances.forgejo = { + settings = { + TARGET = "http://localhost:3050"; + BIND = ":3051"; + BIND_NETWORK = "tcp"; + }; + }; nginx.virtualHosts."code.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost:3050"; + proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}"; proxyWebsockets = true; }; }; diff --git a/modules/services/matrix/secrets.yaml b/modules/services/matrix/secrets.yaml deleted file mode 100644 index 357c281..0000000 --- a/modules/services/matrix/secrets.yaml +++ /dev/null @@ -1,3 +0,0 @@ -registration_shared_secret: "" - -report_stats: false diff --git a/modules/services/monitoring.nix b/modules/services/monitoring.nix index 43b5319..b24e67b 100644 --- a/modules/services/monitoring.nix +++ b/modules/services/monitoring.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, host, ... }: { services = { prometheus = { @@ -10,6 +10,15 @@ enabledCollectors = [ "systemd" ]; port = 9002; }; + smokeping = { + enable = true; + hosts = [ + "172.16.10.1" + "172.16.10.2" + "9.9.9.9" + "149.112.112.112" + ]; + }; }; scrapeConfigs = [ { @@ -20,6 +29,14 @@ } ]; } + { + job_name = "${host} - smokeping"; + static_configs = [ + { + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smokeping.port}" ]; + } + ]; + } ]; }; }; diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix new file mode 100644 index 0000000..38a2192 --- /dev/null +++ b/modules/services/vaultwarden.nix @@ -0,0 +1,34 @@ +{ config, ... }: +{ + services.vaultwarden = { + enable = true; + dbBackend = "sqlite"; + config = { + SIGNUPS_ALLOWED = false; + ENABLE_WEBSOCKET = true; + SENDS_ALLOWED = true; + INVITATIONS_ENABLED = true; + EMERGENCY_ACCESS_ALLOWED = true; + EMAIL_ACCESS_ALLOWED = true; + DOMAIN = "https://passwords.liv.town"; + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = 8003; + }; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "passwords.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + proxyWebsockets = true; + }; + }; + }; + }; +} diff --git a/modules/services/violet.nix b/modules/services/violet.nix index d036137..122aa03 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -19,7 +19,9 @@ ++ [ (import ./monitoring.nix) ] ++ [ (import ./ntfy.nix) ] ++ [ (import ./nginx.nix) ] + ++ [ (import ./nix-serve.nix) ] ++ [ (import ./radicale.nix) ] + ++ [ (import ./remote-build.nix) ] ++ [ (import ./readarr.nix) ] ++ [ (import ./sharkey-proxy.nix) ] # ++ [ (import ./komga.nix) ] diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml new file mode 100644 index 0000000..2d64eda --- /dev/null +++ b/secrets/violet/secrets.yaml @@ -0,0 +1,27 @@ +systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] +forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] +matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] +sops: + age: + - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeG8vNWltdmJGcHhpMFVv + L2loTVRWeUVQMjdFbXlLdDZ4NWd2czlMa1JVClErdlhXdlJKSDFrakhqVjRQMlBx + RStBKzI3bHkzWlZrdkFTZFZvRjN0eFUKLS0tIGJFaTRkVGhSbmZSbEdYZEFWV2Fz + bytGVUhvL1dKNk41cytPajJMUFdXQmMKbJZ7RDB5MXqotaLrWABIKFs2wEZtIAVm + +k+ykISzj/XhhCt2J4IWbhPqRDlivsOLvQF1srNgk02/laE+0Nz5Pg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWV2NkVGSWR3UzBPWmFQ + S2lQRm9zZENGc29mN1VxT3hsb2c5d3k3ZGw4Ck5JWlpXQUU0WnhXT2ZocFZFSlkr + WjhZM214YVBDR3UzcU9SQ09ucWJDSUUKLS0tIE00aXVkeTQ5eG1TTTA2UnBuVnVB + S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI + VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-30T12:37:11Z" + mac: ENC[AES256_GCM,data:pGnJaFRqa3sjouALSjy8+ClhqE+RNR4b5SMLKB356WtnHtALrGnd/RzPTMyLLTOht1td1Fk5jY8WoUy225qqfI1yy0Mne+qtnFqd9++XTmiY1b7ARBeNvvM/mMuZyp34Mz8WLx+imrLcX6TAlpRZ/SWtv5BE9nleHCwpNvFpqfc=,iv:q8bKIFQd6dRSDBk3qhipOK0E/4NZgIcVCo4Mwu9Ddf8=,tag:JjL3sFxSMx4dp1Swt2lbvg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2