steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

steveej-x13s-rmvbl: init with minimal setup

Browse source 
this configures a standalone USB device that doesn't need configuration
of the firmware's EFI variables.
This commit is contained in:
steveej 2024-01-21 21:08:01 +01:00
parent f35bd726fa
commit 03c6157ab5
16 changed files with 501 additions and 374 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -8,6 +8,7 @@
keys:
- &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
- &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
- &steveej-x13s-rmvbl age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97
- &elias-e525 age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
- &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
@ -24,6 +25,7 @@ creation_rules:
- *steveej
age:
- *steveej-t14
- *steveej-x13s-rmvbl
- *elias-e525
- *justyna-p300
@ -83,3 +85,9 @@ creation_rules:
- *steveej
age:
- *sj-bm-hostkey0
- path_regex: ^secrets/steveej-x13s-rmvbl/.+$
key_groups:
- pgp:
- *steveej
age:
- *steveej-x13s-rmvbl

17
flake.lock generated
View file

@ -293,22 +293,6 @@
"type": "github"
}
},
"magmawm": {
"flake": false,
"locked": {
"lastModified": 1703542178,
"narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=",
"owner": "MagmaWM",
"repo": "MagmaWM",
"rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7",
"type": "github"
},
"original": {
"owner": "MagmaWM",
"repo": "MagmaWM",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_3",
@ -663,7 +647,6 @@
"flake-parts": "flake-parts",
"get-flake": "get-flake",
"jay": "jay",
"magmawm": "magmawm",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": [
"nixpkgs-2311"

15
flake.nix
View file

@ -59,11 +59,6 @@
flake = false;
};
magmawm = {
url = "github:MagmaWM/MagmaWM";
flake = false;
};
salut = {
url = "gitlab:snakedye/salut";
flake = false;
@ -127,7 +122,7 @@
// (
let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations;
steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in
{
@ -140,7 +135,8 @@
# nixos-install --flake .\#retro_cross
retro_cross = retro.cross;
steveej-x13s_cross = steveej-x13s.cross;
steveej-x13s-rmvbl = steveej-x13s-rmvbl.native;
steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross;
}
);
@ -194,11 +190,6 @@
# };
# };
# magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) {
# inherit craneLib;
# src = inputs.magmawm;
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [

24
nix/devShells.nix
View file

@ -1,27 +1,27 @@
{
inputs',
packages',
pkgs,
{ inputs'
, packages'
, pkgs
,
}:
pkgs.stdenv.mkDerivation {
name = "infra-env";
buildInputs =
[
(with pkgs.callPackage (pkgs.path + "/nixos") {configuration = {};};
with config.system.build; [
nixos-generate-config
nixos-install
nixos-enter
manual.manpages
])
(with pkgs.callPackage (pkgs.path + "/nixos") { configuration = { }; };
with config.system.build; [
nixos-generate-config
nixos-install
nixos-enter
manual.manpages
])
]
++ (with pkgs; [
inputs'.colmena.packages.colmena
nixos-install-tools
dconf2nix
inputs'.nixos-anywhere.packages.nixos-anywhere
inputs'.disko.packages.default
nurl
just
git-crypt
vcsh

100
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,14 +1,13 @@
{
modulesPath,
repoFlake,
packages',
pkgs,
lib,
config,
nodeFlake,
nodeName,
system,
...
{ modulesPath
, repoFlake
, packages'
, pkgs
, lib
, config
, nodeFlake
, nodeName
, system
, ...
}: {
disabledModules = [
];
@ -52,7 +51,7 @@
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = ["/share/zsh"];
environment.pathsToLink = [ "/share/zsh" ];
}
];
@ -83,52 +82,54 @@
firewall.enable = false;
};
disko.devices = let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
disko.devices =
let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
};
in {
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
in
{
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
};
};
};
};
};
};
system.stateVersion = "23.11";
@ -162,8 +163,5 @@
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"i686-linux"
# "i386-linux"
# "i586-linux"
];
}

34
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,21 +1,5 @@
{ lib, ... }:
let
stage1Modules = [
"aesni_intel"
"kvm_amd"
"nvme"
"nvme_core"
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"xhci_pci"
"uas"
];
in
{
# TASK: new device
@ -103,6 +87,20 @@ in
};
hardware.enableRedistributableFirmware = true;
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.initrd.kernelModules = [
"aesni_intel"
"kvm_amd"
"nvme"
"nvme_core"
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"xhci_pci"
"uas"
];
}

11
nix/os/devices/steveej-t14/system.nix
View file

@ -47,6 +47,17 @@ in
system = "x86_64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ];
}
{
hostName = repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost;
# TODO: make this a reference
sshUser = "nix-remote-builder";
protocol = "ssh-ng";
system = "aarch64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ];
}
];

0
nix/os/devices/steveej-x13s/.gitignore → nix/os/devices/steveej-x13s-rmvbl/.gitignore vendored
View file

66
nix/os/devices/steveej-x13s-rmvbl/configuration.nix Normal file
View file

@ -0,0 +1,66 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
}
];
networking = {
hostName = nodeName;
firewall.enable = true;
useNetworkd = true;
networkmanager.enable = false;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.util-linux
pkgs.coreutils
pkgs.vim
];
}

0
nix/os/devices/steveej-x13s/default.nix → nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

66
nix/os/devices/steveej-x13s-rmvbl/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
voyager-gtx = {
type = "disk";
device = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002054";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

108
nix/os/devices/steveej-x13s/flake.lock → nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -1,18 +1,51 @@
{
"nodes": {
"acamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705858695,
"narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=",
"ref": "refs/heads/main",
"rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec",
"revCount": 13,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1701822673,
"narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=",
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "main",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
@ -24,11 +57,11 @@
]
},
"locked": {
"lastModified": 1705348229,
"narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=",
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"type": "github"
},
"original": {
@ -36,27 +69,6 @@
"type": "indirect"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"srvos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
@ -75,11 +87,11 @@
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705487080,
"narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=",
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
@ -107,50 +119,30 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"lastModified": 1705641746,
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"acamcstephens_stop-export": "acamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705346686,
"narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=",
"owner": "numtide",
"repo": "srvos",
"rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
"nixpkgs": "nixpkgs"
}
}
},

190
nix/os/devices/steveej-x13s/flake.nix → nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,13 +1,11 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
@ -17,9 +15,20 @@
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/main";
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
acamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a";
};
};
outputs =
@ -31,15 +40,7 @@
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
nodeName = "steveej-x13s-rmvbl";
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
@ -64,21 +65,6 @@
{
nix.registry.nixpkgs.flake = nixpkgs;
}
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { };
qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { };
rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { };
pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper
})
];
}
]
++ extraModules;
}
@ -155,56 +141,76 @@
defconfig = "johan_defconfig";
};
uncompressed-fw = pkgs.callPackage
({ lib, runCommand, buildEnv, firmwareFilesList }:
runCommand "qcom-modem-uncompressed-firmware-share"
{
firmwareFiles = buildEnv {
name = "qcom-modem-uncompressed-firmware";
paths = firmwareFilesList;
pathsToLink = [
"/lib/firmware/rmtfs"
"/lib/firmware/qcom"
];
};
} ''
PS4=" $ "
(
set -x
mkdir -p $out/share/
ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware
)
'')
{
firmwareFilesList = lib.flatten options.hardware.firmware.definitions;
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb";
dtbName = "x13s63rc4.dtb";
x13_firmware = { stdenvNoCC, fetchFromGitHub }:
stdenvNoCC.mkDerivation {
pname = "x13s-extra-firmware";
version = "1.0.0";
src = fetchFromGitHub {
owner = "ironrobin";
repo = "x13s-alarm";
rev = "efa51c3b519f75b3983aef67855b1561d9828771";
sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI=";
};
dontFixup = true;
dontBuild = true;
installPhase = ''
mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX
cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/
'';
};
in
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
}
)
];
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = true;
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
"cma=128M"
"nvme.noacpi=1"
"iommu.strict=0"
"dtb=${dtbName}"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
availableKernelModules = [
@ -231,39 +237,65 @@
"phy-qcom-snps-femto-v2"
"phy-qcom-usb-hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
# "xhci_pci"
"uas"
];
};
};
# power management, etc.
environment.systemPackages = with pkgs; [
qrtr
qmic
rmtfs
pd-mapper
uncompressed-fw
];
environment.pathsToLink = [ "share/uncompressed-firmware" ];
# ensure the x13s' dtb file is in the boot partition
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
pkgs.linux-firmware
(pkgs.callPackage x13_firmware { })
(pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { })
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.pd-mapper}";
Restart = "always";
};
};
# bind mount over existing alsa-ucm-conf
# this is just config, but is in the critical path for lots of packages
# systemd.services.x13s-alsa-conf = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa";
# ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa";
# };
# };
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
# ExecStartPre = [
# ""
# "${pkgs.util-linux}/bin/rfkill block bluetooth"
# "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
# "${pkgs.util-linux}/bin/rfkill unblock bluetooth"
# ];
RestartSec = 5;
Restart = "on-failure";
};
};
};
};
};

82
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,82 +0,0 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "install";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
networkmanager.enable = false;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
nixpkgs.config.allowUnfree = true;
# hardware.enableRedistributableFirmware = true;
environment.systemPackages = [
pkgs.busybox
];
fileSystems."/".label = "x13s_root";
}

108
secrets/shared-users.yaml
View file

@ -16,82 +16,100 @@ sops:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbG5RWWVBZ2JZOXlENDVr
M3lCdEc4RnVwWlZJZXY5RGJ5aEFmcmlmK0hFCnNFSHliMHZyWTBLZG5ub2hPSy93
dDNoWmgvTEhQdUdWL1dEbDZpRnBacFUKLS0tIFpjdVZBZjhRdll2TGdKdFVQTzVp
UDV5bXpzWXNzMTQwTkZPVjc0ckNUUFEKwYIl0ErBjh83ogRau2mYzkivxruLKQXj
eEQgNMf/xdWZ76OAKDwCF/7zmCSeT2UYoJFCfYtnMw7OxwOCyvPIOg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlanJ3b29Ed2Q3Y2I3SWRt
TlpTRFpMT3FhOUl0dGZGMW1lU3pQNW95bkZjCjY0bXV4Q2dBQjd6emZRdlczQ0F6
V3RvbklucGhzbGpPUzJ4K3FrNzJ2SVEKLS0tIFRlWWRBNk1HdllsZzNQZDIwa2N6
bUpjR0ZzNVd5dEpEZUJCSnVUWVJtSzAKb2dEX133nceasBIwgd8q6x6WWPCQ0Ukg
Rmsbi5u1SYrZr3544sVoo0PvkU7gT9Fh4/LOy9oPpJSEcTXf5DMzjQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAramZoZmdSOFdoWEttNndT
RHVWUC9RekVVL21iQVA5Z3JvajliSVZVNVNFCjhiMkdGOXNTa2FnVStUTVRVZm1s
Y1ZVdGFnZ0I2VGYxTW1Wakt5Znd3NXcKLS0tIERvVjFySDJDU3lRNGlpL3pYRWwy
UU0ybTRsSVlBaFV2d2xqVTc5Q1lNQWcKUti+W3HLneDzq/VI5yPBsTPyDUAUYL6U
tO1SMC8xBVbgzlFQtM84gYCE8ATxvwOJV+8wNrcHdWXQ8AJLF9UwPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRjBHQ2lDYmhsei84STdk
eUVOdWZGOTJMR1JwbHB2ek5mRzVVdkJuU0ZjCmk2NUttVjgwTk42OUtxVStVMEFK
VFo0RFRyR3RJa2VJSm95NVV3dm5YL3MKLS0tIExGQUlhS3RDMjRHejRaZ01BQWZ1
U0pZR3BzakVmUW1QNGhsQkNQMk1NY00KR3ZP/WB3sMNoWi13mjMqgnZuM8tnIjty
QHgwav0qOkcQqdYSfOY/DxmPgTG0CKroqRXY8Hk72Y/UH2HpyIptnQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZXpGREZxdzREU0tSV1Nu
ZnVONGdxU0VBb3RXY21pTEJVWUw3aUV1UG5ZCmZYcXVzdUgzalFvdXR1Q0FESENF
Q0VDSmlqbGRxemlGYVRQN2NQcGU3VEEKLS0tIFp1N2V6V3dkeWVpRGtrTzhyNUFE
TUdFcXpEbnpmdTlWM1I3UTBYSFo5UnMKJm4gkNDHnCujMk+i46hGEMoQWEs9IBRM
/Lb1BpHA+5BB0LB6yL1VkXttSBNp69s5LN/EgdvTnZ7qL4/KqhwvMg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UUs4dTFIcXVvZ285N1A1
MmhleE50YXVGaDg0QlZsUWZNam4wYjRwL1FVClNBUm9GcWNvUitYSnBla1dIeDFl
SmZKMzBQTWpSdGRPcDVlTmRjQzZxNWcKLS0tIFh2UGJtMHdZTXo1N2lzckM3YXRl
NmZpcGRLVmZsYjkwZkJ2NEk5dzlmY0EKtxNY7qvh5ErrAhRcQHVnDc1orsYlLGCS
8uLSOapuC8W6EH6w6aewQiggKBjDmECpNo7VyXfbURfaOk4o8uqg3A==
-----END AGE ENCRYPTED FILE-----
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSk9GbVpxaHJPUGY4U3hu
K3hpbzhkMWVJNHIrNWVPRUphcjkvY0h1cWpnCkxYTmtiWjk2QktxSHJON01XRGJD
MDZZZlB3dU9NbXN4RHRMc2ZRTHdERE0KLS0tIFJpdUhWdm1INFU3eU96NFN3OFk1
Z2dMQ2xGOTJCcXdCU0FFdVJjQVIwK1EKHLo6YIsfKAwQ/yBQvS1icIAS6W7AwABw
d5hD2G0KVJK66HnYWuQALQbuWh2i0OA2fNAywcKe4R5ACN5M8TKHew==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUEFIb3VmZVE2Q1NheGEx
YmdscFdEYThQa29jTEdzdjZlK1U2WFlUY3dVCm1CUmlMY21pMXRGTXY4RDZ3cE1p
UUxNMEozQndUaTNGUlVrK0pKWC9WODAKLS0tIG1wSnNEZVUvakkxZS8yaklpWlNH
MFZkc2Z4M1FNdWZkdmwvQVpiRDFtbTQKbnNBlKnsNiL6BeSC9AoGx6IVeOyvB5IH
mP6aBQHyOBMgGql2+WHLdjBS5qEeR43jZbWNKiTnt8lnnfj7GVgiPA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEttcnphWlVpbTdET1pY
L2RxWkx2VWVxZ21URE53MFg1cVFpTkwxN1N3CmJSRk1DY2JkZk5DMlUvZFp5RXNw
YWh0Q1FxTUJwTWNVY09NTTdSRHEzM1UKLS0tIEREeGY4M2J1QWZUTThhTWxoOUVX
QVJSemJ4eldSbGU4dWZtU1hRNi9VQk0KhT8lL2mk8J/uZ0dECGbi14Se2cC7l6AK
yWgNHggdrPcSvHH/A2u1yUdfQCU36yEvoxAwa8y/uQW3lgU35iVT+g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NTlhSXRFN1ZrYjZGdXlG
dDBlVUxJd0FlQnpETkJSbHppNGlncEp1emhRCjRLMkEvbXRkampwcWxvNnhRRVhY
dWlQWWI5YXJQMmR3cWxOVUtneWRDRFkKLS0tICt6ZEF3cHg0SUxES243TzdFcnVS
bkgrWklIbFFrRHdHZGdvMGlHTGNXUkEKUuT35aX71q+KBXozpoGWcHeSs0g70kyY
yo5uuD6Ay4QlNtdfeOYmsyg8iikOrpw5Mer2vsSTWGbszy8p1+93Pw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuT29LTzAxcHZPd0VFa2pG
ZVJ6K2tiT2V3MDJlakpjZ1puczFWZEdORFJNCitNRzViZHU4ZTRXMmJZYUZqRHJ2
aDZtRlAyMDdOUHoxbWJ1c0JHaURXSlEKLS0tIHpnRitqc1BmV3FyUjZQcGtZZUtG
dXRPaEJna0duZDVLZVRpODM2enpiUmcKWLmGdJzLZ6UMcGRAzCb/UmsHl1Q+FQgk
IPTiCyyun+1JjWMSXC/z7rf2LFuvWvPPxHOChnYivBD60BYMgHJ8Sg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSzR0SFJPSjBVQVlCcFBT
ajMwNUFzZWwzMDkzTHh0anJETnVicWdiVFJJClRSVi9MbjdKcUUvRVFyby9RSVdk
VHpxbnBuQll3QzQwUERCNXdQOCtZSE0KLS0tIDBhbW1YU2c5YVpwUVMwY2EwVjRD
dk1uTzNZN1hnT2NHU29EN2FsQ1pUQVEK+cpcftNnD8HhLimsrp+YDLwurUZqENkQ
HX45h7tC7J6R0+w8A/1nfY1gsST/asgJhSGjroB+EdsP2aGUCUiNyA==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bXZsYnYzMC8wQnhMUGpu
TVFKWkFTU1U0VTFDeUlaR2dzZzN6WG9ueFQ4CnFYMWpoUGFPbkZRTUtSN2ZnelFJ
Nk1CdjVTbnY3aG1FNVZrY3hQYmRGalEKLS0tIERsd2xvaStod1N4eHg3eTIxSlUy
NERKTEZpSkV3N2wxWTlVazhNdFk2NDQKt+omfSoPJQvohV4aED0HYMXwFKMq25lB
9+gB0BJDYe7btIUuFr861EDWx+D32gBtbpRsyAitNJKc9NlZ4VLWuw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXN1hoQWdERDRTN0lJM0pI
RWcvZXVPN3ljd0h0QTA1SmN6dlorVi9vWjNNCmhscXhNTmhBVlZZN3VzdzFnRWNt
VTlTUGk0RnRIaHF2bnBPeFpOVHY4RGsKLS0tIDA5MjVFZnU3bTE3bHZZSzJJQmpD
NEJkTStUaWVzZTNpKzZNTnRmR0tJUGsKBsVqJ0Xg8qWHGb2IDJXrEq4k4LgQFhQS
HrVF7MAwE/WSnGRhh/V8osej3QHW4vLg37IjaT6v+hCcBOiJeCqg5g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc0dETndkQVFwa2FwUUtj
aHNNaG5rS2VvamRtVDR1Rm1ubXFaR2NWa0RzCmdLbTFFUzlrZ01KWTY5Uk9uWTAy
Ym1kRXp4bWM1QUs2d1BwcE1WTEsyY3cKLS0tIG5qVm84WGlGVDlDWUVHWGNrcXJQ
NHR6S3pPRFhWemNWM0FMSjZpbXkzN0UKoTE6GuckP7QwuCQ8gZgitmW0URtG57u6
VuWmt7vpSuutHJmccODDpFg4iJKC8SKIeUoQANKsnBJf/uZhDaG42Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsM2ptZVl5R0tybkU1bHJp
ams0OENxU21FZDJjNkZNQUlteDF3RHBoOWpZCjFNUXhzMzhXR1FhUmxnSFAzcnVK
NVZONlNkVVdGcUNtZyszT1liOVdtOVUKLS0tIDZIR2NMWGVJclhqeitqN1V3endv
Z0wzT0hweEVML2plRTkzaFZsWHJHY2MKTcX84PLdHpuGzUn2v7r5gJLp9ZBhgLu6
WI1KWIwbYj91hsoHjUH4lW0Xv7/mVLrON9wOQuOuyuVeDfP7GQ73qA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T20:14:22Z"
mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str]
pgp:
- created_at: "2023-11-23T20:47:07Z"
- created_at: "2024-01-22T09:16:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQf/Y907bW+LYWHAT8FPF12f8+GvUy744+9sMZe3oSX1ML9F
JOEjxSOs9OCWM79qBIMI6Nets3lV1eEoR8eG74jcIwNPQMfQn/U4hHtJM9Nq4yI7
1FLQEfGZcuSMUk2/1c/9lEi+Sye9W+9ZYGUIcvBu1ksPmZpJT/BVOaNc8xWe1hzY
FmEzwaWAPaxSH1EM3KnPhxezzn76DxjDKc4iMNi+5UoAIT2cssbdckf5uDaTa3CE
6GrfR9//5ldsPqineM2MHeEMHgn+mlVYmpiXNBCfcMfEi81o6l5nmNjy1qjABEKC
254kSW+vMFOhdH6AZvJ/21z/3aUTwMM2mFEti/nh4dJRAWNWEymviIC1o2esJ9K6
77xHv4pEIEahuBcHLBbeBK3AYYqJxcZr5BhIqGAir8OlCOaXzRsN5ElzmVS+Hoib
t04nfgpuRfKyso0zrndvLwDn
=lmD0
wcBMA0SHG/zF3227AQf/WsDFXBatZSxOmQWVGXw0MOeC2QOKaUo5if7C4Z0d+cMg
AyEmUMFcU3KkTFTqjqSqjA/9k/AJiqJxQkXqcSVHT4z3vNdGzrWVsJI4fimmumFZ
Hcc7hIgkBK1THkTkoOr3G3WRHJ/J4nZmABycWSt1kF1FdnHnXo8bXh25Sk+Ellt2
+SlaC8NAZtd2P6L3ZxQYFUud3mc6/uUV5GTkZ7RisjMnAEVF5BbvzSAlAj7fh4Ph
ZJxMLzVnqQHrN+U/0WuFtL8KJaCF9zecxQxzaM/Zf/Sa5x4fsoqsjmMPhtwQMvC5
ehiXSoVYETuJylSQF+N44V46/lrO6qqnIi+5NqqC2NJRAXH01P/bMQfW5M6AqQgJ
muPztPFjBL46D3wVo6Hg0JL6ag5DV4/mjTOpEiiGUHKxTDxFwlNYRQQX2EHnBHFb
Otf7rnrSdA+I9GqEpCNkzdbi
=pR8T
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted

46
secrets/steveej-x13s-rmvbl/secrets.yaml Normal file
View file

@ -0,0 +1,46 @@
hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str]
example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str]
#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment]
#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment]
example_array:
- ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str]
- ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str]
example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool]
- ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWk1LS3A0NENRZk1HZm8x
dW1PNkxZV1ZWdStzb2M5MzRRNmJmUXcvakJJCnpwVlZRV3FHVDNUbURSMWZXY3k2
NUliMUpNT3kreEZITjR3dDdrU2MvVkEKLS0tIFp5U2tCa3V5NWhqWHgzdDR5RG9D
SmxNVk45UklhUjRYc2pTVy9FWFBhQUUK1QMqDCIZnyyzJhUb0TBgheW2P6lAUTQe
KLhYqTRuo5/zS5C2uANa028CNGWJVOoEgKEw3xjHz0pvSkT5JkI8WQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-22T09:20:19Z"
mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str]
pgp:
- created_at: "2024-01-22T09:20:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQgApMVbQc+4BUc/7ima51XMJzIBA93SOLOCmyn2J9tLG/V/
ZM6fmWyiLvCRowA0nLt19DYnaRrEXTcRlvBPs/RIx6Fmq4260ZvyPN7Fea6ltVOL
EhG5IJHaweUhXMi6UV2/6vuTBbQsLzWK8xl6bZNCVFWB/JiLrHzukWpE4ACeqD0Y
P/428L4XCW05DkltQdfQrn2bIlf/6c/itvepRr1tHFr8ABuBM/g4hSg/nFyHlrH3
CtrdPSQBopZxhVv4MoHPWSQ6jGjrmqumc6gyNGa1Ugry3FmuFmdlMAoUsQtG/cU1
ORM/CvKwxLZU+qifm8QU4BO+0Gw/nhLrYfX0/EWsmtJRAQJt51PK3t/nXUTE47sT
lz+zPgpT/Sz9E/wKH3yAq9RuXKKtwc7oRJS+NHuv10YPIkhVejSjvmsGEKezU1ed
6BsZrcVnaQt+SdmUOEuP/iRF
=8elR
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.7.3