diff --git a/.gitignore b/.gitignore index b2be92b..7ab9c97 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +modules/services/matrix/default.nix result diff --git a/.sops.yaml b/.sops.yaml index 071f3c5..69afeda 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,10 +3,6 @@ keys: - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 creation_rules: - path_regex: secrets/secrets.yaml - key_groups: - - age: - - *sakura - - path_regex: secrets/violet/secrets.yaml key_groups: - age: - *sakura diff --git a/flake.lock b/flake.lock index 3be4fca..c6d5cbf 100644 --- a/flake.lock +++ b/flake.lock @@ -54,25 +54,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1746728054, - "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", - "owner": "nix-community", - "repo": "disko", - "rev": "ff442f5d1425feb86344c028298548024f21256d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "latest", - "repo": "disko", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -250,7 +231,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1753252360, @@ -537,7 +518,7 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "systems": "systems_2" }, "locked": { @@ -560,7 +541,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "systems": "systems_3" }, "locked": { @@ -803,39 +784,7 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1753432016, - "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1746576598, - "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1712163089, "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", @@ -851,6 +800,22 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_4": { "locked": { "lastModified": 1748929857, @@ -868,22 +833,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -899,7 +848,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -915,7 +864,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -931,7 +880,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -947,10 +896,26 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1753432016, + "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim_2" }, "locked": { @@ -970,7 +935,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -990,7 +955,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1753530457, @@ -1056,14 +1021,13 @@ "root": { "inputs": { "alejandra": "alejandra", - "disko": "disko", "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nixvim": "nixvim", "nur": "nur", "sops-nix": "sops-nix" @@ -1088,7 +1052,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1752544651, diff --git a/flake.nix b/flake.nix index ddd5625..1256397 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,6 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; nixvim.url = "github:ahwxorg/nixvim-config"; sops-nix.url = "github:Mic92/sops-nix"; - disko.url = "github:nix-community/disko/latest"; }; outputs = @@ -23,7 +22,6 @@ self, nixpkgs, sops-nix, - disko, ... }@inputs: let @@ -118,16 +116,6 @@ inherit self inputs username; }; }; - hazel = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/hazel) - ]; - specialArgs = { - host = "hazel"; - inherit self inputs username; - }; - }; }; }; } diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix deleted file mode 100644 index 8bf4405..0000000 --- a/hosts/hazel/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs, - config, - lib, - inputs, - ... -}: -{ - imports = [ - ./hardware-configuration.nix - # ./disko.nix - ./../../modules/core/default.server.nix - # ./../../modules/services/hazel.nix - ]; - - networking.hostName = "hazel"; - - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; - - time.timeZone = lib.mkForce "Europe/Paris"; - - environment.systemPackages = with pkgs; [ - kitty.terminfo - ]; - - services = { - smartd = { - enable = true; - autodetect = true; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ - 9123 - ]; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - }; -} diff --git a/hosts/hazel/disko.nix b/hosts/hazel/disko.nix deleted file mode 100644 index d308f8b..0000000 --- a/hosts/hazel/disko.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ inputs, ... }: -{ - imports = [ - inputs.disko.nixosModules.disko - ]; - disko.devices = { - disk = { - my-disk = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/hazel/hardware-configuration.nix b/hosts/hazel/hardware-configuration.nix deleted file mode 100644 index 37b1ec9..0000000 --- a/hosts/hazel/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "ehci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E141-F5CE"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 1e4847a..d57f4d9 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -2,32 +2,18 @@ pkgs, inputs, username, - host, - config, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { - defaultSopsFile = ../../secrets/${host}/secrets.yaml; + defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; - secrets = - if (host == "violet") then - { - "systemMailerPassword" = { }; - "forgejoWorkerSecret" = { }; - "matrixRegistrationSecret" = { - owner = "matrix-synapse"; - }; - } - else if (host == "sakura") then - { - "systemMailerPassword" = { }; - } - else - { }; + secrets = { + "systemMailerPassword" = { }; + }; }; environment.systemPackages = with pkgs; [ diff --git a/modules/home/packages.nix b/modules/home/packages.nix index ec02ef3..53f5652 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -1,127 +1,107 @@ +{ inputs, pkgs, ... }: { - inputs, - lib, - pkgs, - config, - ... -}: -with lib; -let - guiPkgs = - if (config.liv.gui == true) then - [ - element-desktop - gajim - signal-desktop - anki-bin - obs-studio - wdisplays - librewolf # main - ungoogled-chromium # for things that don't work with librewolf - nsxiv - imv - libreoffice - xfce.thunar - spotify - spotify-player - thunderbird - lxqt.pavucontrol-qt - mpv - plasma5Packages.kdeconnect-kde - # onthespot-overlay + home.packages = with pkgs; [ + # Environment shit + tesseract + yubikey-touch-detector + wireguard-tools + openresolv + xdg-utils + killall + libnotify + openssl + pamixer + playerctl + wl-clipboard + cliphist + poweralertd + ffmpeg + zip + unzip + wget + xxd + gcc + gnumake + python3 - # Gaming - lunar-client - ] - else - [ - killall - ]; -in -{ - home.packages = - with pkgs; - [ - # Environment shit - tesseract - yubikey-touch-detector - wireguard-tools - openresolv - xdg-utils - killall - libnotify - openssl - pamixer - playerctl - wl-clipboard - cliphist - poweralertd - ffmpeg - zip - unzip - wget - xxd - gcc - gnumake - python3 + # CLI shit + termpdfpy + vimv + iamb + pass + lm_sensors + neofetch + hyfetch + glow + eva + exiftool + translate-shell + progress + pwgen + jq + tmux + htop + eza + file + fzf + lazygit + gitleaks + ripgrep + yt-dlp + spotify-player + nodejs_22 + yarn + cargo + rustc + wikit + reader + nmap + speedtest-go + delta + powertop + android-tools + sshpass - # CLI shit - termpdfpy - vimv - iamb - pass - lm_sensors - neofetch - hyfetch - glow - eva - exiftool - translate-shell - progress - pwgen - jq - tmux - htop - eza - file - fzf - lazygit - gitleaks - ripgrep - yt-dlp - nodejs_22 - yarn - cargo - rustc - wikit - reader - nmap - speedtest-go - delta - powertop - android-tools - sshpass - net-tools - nmap + # Install pip packages + # python3 + # python3Packages.pip + # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. + # pip install --user --break-system-packages + # '') - # Install pip packages - # python3 - # python3Packages.pip - # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. - # pip install --user --break-system-packages - # '') + # GUI shit + element-desktop + gajim + signal-desktop + anki-bin + obs-studio + wdisplays + librewolf # main + ungoogled-chromium # for things that don't work with librewolf + nsxiv + imv + libreoffice + xfce.thunar + spotify + thunderbird + lxqt.pavucontrol-qt + mpv + plasma5Packages.kdeconnect-kde + # onthespot-overlay - inputs.alejandra.defaultPackage.${system} - inputs.nixvim.packages.${pkgs.system}.default - mermaid-cli - gnuplot + # Gaming + lunar-client - # Email/calendar/etc - neomutt - w3m - khard - khal - vdirsyncer - ] - ++ guiPkgs; + inputs.alejandra.defaultPackage.${system} + inputs.nixvim.packages.${pkgs.system}.default + mermaid-cli + gnuplot + + # Email/calendar/etc + neomutt + w3m + khard + khal + vdirsyncer + ]; } diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 8291bcc..52e94bc 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -9,64 +9,57 @@ let srv = cfg.settings.server; in { + services.forgejo = { + enable = true; + # database.type = "postgres"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "code.liv.town"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 3050; + }; + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + # mailer = { + # ENABLED = true; + # SMTP_ADDR = "mail.example.com"; + # FROM = "noreply@${srv.DOMAIN}"; + # USER = "noreply@${srv.DOMAIN}"; + # }; + }; + # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + }; + # gitea-actions-runner = { + # package = pkgs.forgejo-runner; + # instances.my-forgejo-instance = { + # enable = true; + # name = "forgejo-01"; + # token = ""; # TODO: fill in tokens etc + # url = "https://code.liv.town"; + # labels = [ + # "node-22:docker://node:22-bookworm" + # "nixos-latest:docker://nixos/nix" + # ]; + # }; + # }; services = { - forgejo = { - enable = true; - # database.type = "postgres"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "code.liv.town"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 3050; - }; - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; - }; - # TODO: run own email server that sends users emails! - # You can send a test email from the web UI at: - # Profile Picture > Site Administration > Configuration > Mailer Configuration - mailer = { - ENABLED = true; - SMTP_ADDR = "smtp.migadu.com"; - FROM = config.liv.variables.senderEmail; - USER = config.liv.variables.senderEmail; - }; - }; - mailerPasswordFile = config.sops.secrets.systemMailerPassword.path; - }; - gitea-actions-runner = { - package = pkgs.forgejo-runner; - instances.code-liv-town = { - enable = true; - name = "forgejo-01"; - tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; - url = "https://code.liv.town"; - labels = [ - "node-22:docker://node:22-bookworm" - "nixos-latest:docker://nixos/nix" - ]; - }; - }; - anubis.instances.forgejo = { - settings = { - TARGET = "http://localhost:3050"; - BIND = ":3051"; - BIND_NETWORK = "tcp"; - }; - }; nginx.virtualHosts."code.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}"; + proxyPass = "http://localhost:3050"; proxyWebsockets = true; }; }; diff --git a/modules/services/matrix/secrets.yaml b/modules/services/matrix/secrets.yaml new file mode 100644 index 0000000..357c281 --- /dev/null +++ b/modules/services/matrix/secrets.yaml @@ -0,0 +1,3 @@ +registration_shared_secret: "" + +report_stats: false diff --git a/modules/services/monitoring.nix b/modules/services/monitoring.nix index b24e67b..43b5319 100644 --- a/modules/services/monitoring.nix +++ b/modules/services/monitoring.nix @@ -1,4 +1,4 @@ -{ config, host, ... }: +{ config, ... }: { services = { prometheus = { @@ -10,15 +10,6 @@ enabledCollectors = [ "systemd" ]; port = 9002; }; - smokeping = { - enable = true; - hosts = [ - "172.16.10.1" - "172.16.10.2" - "9.9.9.9" - "149.112.112.112" - ]; - }; }; scrapeConfigs = [ { @@ -29,14 +20,6 @@ } ]; } - { - job_name = "${host} - smokeping"; - static_configs = [ - { - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smokeping.port}" ]; - } - ]; - } ]; }; }; diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix deleted file mode 100644 index 38a2192..0000000 --- a/modules/services/vaultwarden.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, ... }: -{ - services.vaultwarden = { - enable = true; - dbBackend = "sqlite"; - config = { - SIGNUPS_ALLOWED = false; - ENABLE_WEBSOCKET = true; - SENDS_ALLOWED = true; - INVITATIONS_ENABLED = true; - EMERGENCY_ACCESS_ALLOWED = true; - EMAIL_ACCESS_ALLOWED = true; - DOMAIN = "https://passwords.liv.town"; - ROCKET_ADDRESS = "0.0.0.0"; - ROCKET_PORT = 8003; - }; - }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "passwords.liv.town" = { - forceSSL = true; - sslCertificate = "/var/lib/acme/liv.town/cert.pem"; - sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - proxyWebsockets = true; - }; - }; - }; - }; -} diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 122aa03..d036137 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -19,9 +19,7 @@ ++ [ (import ./monitoring.nix) ] ++ [ (import ./ntfy.nix) ] ++ [ (import ./nginx.nix) ] - ++ [ (import ./nix-serve.nix) ] ++ [ (import ./radicale.nix) ] - ++ [ (import ./remote-build.nix) ] ++ [ (import ./readarr.nix) ] ++ [ (import ./sharkey-proxy.nix) ] # ++ [ (import ./komga.nix) ] diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml deleted file mode 100644 index 2d64eda..0000000 --- a/secrets/violet/secrets.yaml +++ /dev/null @@ -1,27 +0,0 @@ -systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] -forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] -matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] -sops: - age: - - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeG8vNWltdmJGcHhpMFVv - L2loTVRWeUVQMjdFbXlLdDZ4NWd2czlMa1JVClErdlhXdlJKSDFrakhqVjRQMlBx - RStBKzI3bHkzWlZrdkFTZFZvRjN0eFUKLS0tIGJFaTRkVGhSbmZSbEdYZEFWV2Fz - bytGVUhvL1dKNk41cytPajJMUFdXQmMKbJZ7RDB5MXqotaLrWABIKFs2wEZtIAVm - +k+ykISzj/XhhCt2J4IWbhPqRDlivsOLvQF1srNgk02/laE+0Nz5Pg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWV2NkVGSWR3UzBPWmFQ - S2lQRm9zZENGc29mN1VxT3hsb2c5d3k3ZGw4Ck5JWlpXQUU0WnhXT2ZocFZFSlkr - WjhZM214YVBDR3UzcU9SQ09ucWJDSUUKLS0tIE00aXVkeTQ5eG1TTTA2UnBuVnVB - S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI - VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-30T12:37:11Z" - mac: ENC[AES256_GCM,data:pGnJaFRqa3sjouALSjy8+ClhqE+RNR4b5SMLKB356WtnHtALrGnd/RzPTMyLLTOht1td1Fk5jY8WoUy225qqfI1yy0Mne+qtnFqd9++XTmiY1b7ARBeNvvM/mMuZyp34Mz8WLx+imrLcX6TAlpRZ/SWtv5BE9nleHCwpNvFpqfc=,iv:q8bKIFQd6dRSDBk3qhipOK0E/4NZgIcVCo4Mwu9Ddf8=,tag:JjL3sFxSMx4dp1Swt2lbvg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2