From 05973a61a5b62c0a41e2704693992919034f0e7a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 7 Feb 2025 11:56:00 +0100 Subject: [PATCH] feat(router0-dmz0): bump pkgs, adjust VLAN ids, use SFP with quirks --- nix/os/devices/router0-dmz0/configuration.nix | 316 ++++++++++-------- nix/os/devices/router0-dmz0/flake.lock | 44 +-- nix/os/devices/router0-dmz0/flake.nix | 3 +- secrets/router0-dmz0/secrets.yaml | 13 +- 4 files changed, 215 insertions(+), 161 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 4c8b5ee..07c6b1c 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -43,23 +43,17 @@ let }; vlans = { - "10".name = "mgmt"; - "10".packet_priority = 0; + "2".name = "dmz"; + "2".packet_priority = -5; - "11".name = "dmz"; - "11".packet_priority = -5; + "3".name = "iot"; + "3".packet_priority = -5; - "12".name = "iot"; - "12".packet_priority = -5; + "4".name = "office"; + "4".packet_priority = -10; - "13".name = "office"; - "13".packet_priority = -10; - - "14".name = "guests"; - "14".packet_priority = 10; - - "15".name = "iot2"; - "15".packet_priority = -10; + "5".name = "guests"; + "5".packet_priority = 10; }; vlansByName = lib.attrsets.mapAttrs' ( @@ -382,12 +376,77 @@ in group = "systemd-network"; }; + # TODO: this shouldn't be necessary _at all_ + systemd.services.sfp-quirk = { + enable = true; + wantedBy = [ + "network.target" + "multi-user.target" + ]; + + requires = [ + "sys-subsystem-net-devices-lan4.device" + "sys-subsystem-net-devices-eth1.device" + ]; + + after = [ + "sys-subsystem-net-devices-lan4.device" + "sys-subsystem-net-devices-eth1.device" + ]; + + path = [ + pkgs.ethtool + pkgs.iproute2 + pkgs.coreutils + ]; + + script = '' + set -xeE + + ip l set dev lan4 down + ip l set dev eth1 down + + sleep 0.5 + + ethtool -s lan4 duplex full autoneg off + ethtool -s eth1 duplex full autoneg off + + sleep 0.5 + + ip l set dev lan4 up + ip l set dev eth1 up + + echo quirk applied, fingers crossed. + ''; + }; + systemd.network = { wait-online.anyInterface = true; config.networkConfig = { IPv4Forwarding = true; IPv6Forwarding = true; }; + links = { + # TODO: this doesn't work, thus shoving it into a quirk service. however, there's a proper solution beyond any of this. + # "00-eth1" = { + # enable = true; + # matchConfig.Name = "eth1"; + # linkConfig = { + # # BitsPerSecond = "2500M"; + # Duplex= "full"; + # AutoNegotiation = false; + # }; + # }; + # "00-lan4" = { + # enable = true; + # matchConfig.Name = "lan4@eth0"; + # linkConfig = { + # # BitsPerSecond = "1000M"; + # Duplex= "full"; + # AutoNegotiation = false; + # }; + # }; + }; netdevs = let router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-ifog.config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort}"; @@ -425,26 +484,24 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" - # # alternatively, specific destinations could be allowed + # # alternatively, specific destinations could be allowed - # # remote peer wg addr - # "10.0.0.0/32" + # # remote peer wg addr + # "10.0.0.0/32" - # "1.1.1.1/32" - # # ifconfig.co. - # "172.67.168.106" - # "104.21.54.91" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-ifog_wg0Endpoint; - }; + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-ifog_wg0Endpoint; } ]; }; @@ -461,16 +518,14 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-ifog_wg1Endpoint; - }; + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-ifog_wg1Endpoint; } ]; }; @@ -487,26 +542,24 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" - # # alternatively, specific destinations could be allowed + # # alternatively, specific destinations could be allowed - # # remote peer wg addr - # "10.0.0.0/32" + # # remote peer wg addr + # "10.0.0.0/32" - # "1.1.1.1/32" - # # ifconfig.co. - # "172.67.168.106" - # "104.21.54.91" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-hosthatch_wg0Endpoint; - }; + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-hosthatch_wg0Endpoint; } ]; }; @@ -588,49 +641,37 @@ in # ip rule add fwmark 101 priority 1 prohibit routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 100; - Priority = 30000; - Table = 100; - }; + FirewallMark = 100; + Priority = 30000; + Table = 100; } { - routingPolicyRuleConfig = { - FirewallMark = 100; - Priority = 30001; - Table = 100; - Type = "prohibit"; - }; + FirewallMark = 100; + Priority = 30001; + Table = 100; + Type = "prohibit"; } { - routingPolicyRuleConfig = { - FirewallMark = 101; - Priority = 30000; - Table = 101; - }; + FirewallMark = 101; + Priority = 30000; + Table = 101; } { - routingPolicyRuleConfig = { - FirewallMark = 101; - Priority = 30001; - Table = 101; - Type = "prohibit"; - }; + FirewallMark = 101; + Priority = 30001; + Table = 101; + Type = "prohibit"; } { - routingPolicyRuleConfig = { - FirewallMark = 102; - Priority = 30000; - Table = 102; - }; + FirewallMark = 102; + Priority = 30000; + Table = 102; } { - routingPolicyRuleConfig = { - FirewallMark = 102; - Priority = 30001; - Table = 102; - Type = "prohibit"; - }; + FirewallMark = 102; + Priority = 30001; + Table = 102; + Type = "prohibit"; } ]; }; @@ -649,10 +690,8 @@ in # ip route add default via 172.16.0.1 table 101 routes = [ { - routeConfig = { - Gateway = "_dhcp4"; - Table = 101; - }; + Gateway = "_dhcp4"; + Table = 101; } ]; }; @@ -670,16 +709,12 @@ in # ip route add default via 192.168.0.1 table 100 routes = [ { - routeConfig = { - Gateway = "_dhcp4"; - Table = 100; - }; + Gateway = "_dhcp4"; + Table = 100; } { - routeConfig = { - Gateway = "_dhcp4"; - Table = 102; - }; + Gateway = "_dhcp4"; + Table = 102; } ]; }; @@ -695,11 +730,9 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlansByName.dmz.id; - PVID = vlansByName.dmz.id; - EgressUntagged = vlansByName.dmz.id; - }; + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; } ]; }; @@ -714,11 +747,9 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlansByName.office.id; - PVID = vlansByName.office.id; - EgressUntagged = vlansByName.office.id; - }; + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; } ]; }; @@ -733,9 +764,39 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + } + ]; + }; + "30-lan4" = { + matchConfig.Name = "lan4"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; + + bridgeVLANs = [ + { + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; + } + ]; + }; + "30-eth1" = { + matchConfig.Name = "eth1"; + networkConfig = { + Bridge = bridgeInterfaceName; + ConfigureWithoutCarrier = true; + }; + linkConfig.RequiredForOnline = "enslaved"; + + bridgeVLANs = [ + { + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; } ]; }; @@ -758,9 +819,7 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - }; + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; } ]; @@ -774,11 +833,9 @@ in routes = [ # { - # routeConfig = { # # test the set uprouting to a specific IP # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; # MultiPathRoute = "10.0.0.0 1"; - # }; # } ]; }; @@ -788,10 +845,8 @@ in address = [ "10.0.0.3/31" ]; routes = [ # { - # routeConfig = { # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; # MultiPathRoute = "10.0.0.2 1"; - # }; # } ]; }; @@ -848,9 +903,7 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlanid; - }; + VLAN = vlanid; } ]; }; @@ -870,11 +923,9 @@ in bridgeVLANs = [ { - bridgeVLANConfig = { - VLAN = vlanid; - PVID = vlanid; - EgressUntagged = vlanid; - }; + VLAN = vlanid; + PVID = vlanid; + EgressUntagged = vlanid; } ]; }; @@ -1215,13 +1266,14 @@ in }; }; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; # boot.kernelPackages = pkgs.linuxPackages_bpir3_6_6; environment.systemPackages = [ pkgs.ethtool pkgs.vim + pkgs.iperf3 pkgs.wireguard-tools pkgs.tshark diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 102d2d8..8f55026 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1734701201, - "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", + "lastModified": 1738148035, + "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", "owner": "nix-community", "repo": "disko", - "rev": "2ee76c861af3b895b3b104bae04777b61397485b", + "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1734953168, - "narHash": "sha256-fMzGrnLPOtMPlY/Myyj93p7rKMi3xHoR7PXZOXjVui8=", + "lastModified": 1738518662, + "narHash": "sha256-MeE2FTG7Jh4BqchSvevJH7IsqTotjemndLzev8TkiRk=", "ref": "refs/heads/main", - "rev": "fd9bf2cc2f59834b5d9c50a23ac7a833d21eefb2", - "revCount": 20150, + "rev": "c12fc97e3b59742e0c5743fceae6a87a8b13a576", + "revCount": 20282, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1734884731, - "narHash": "sha256-8DaMF6XNZobeZo+sOf13nifri0mRXYDAUTh5AD4h4aM=", + "lastModified": 1738254353, + "narHash": "sha256-SYpvOn0v/wi8lrgEBhobjKFvFWPlJ3gP7SZPfyw9td0=", "owner": "nakato", "repo": "nixos-sbc", - "rev": "2e6bfee808b5291b365795ed11931e1702d30386", + "rev": "21be4ab012197a2eea4bbff8315c40f26f715a18", "type": "github" }, "original": { @@ -136,11 +136,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1738702386, + "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1738680400, + "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "799ba5bffed04ced7067a91798353d360788b30d", "type": "github" }, "original": { @@ -205,11 +205,11 @@ ] }, "locked": { - "lastModified": 1734915306, - "narHash": "sha256-cXoiU+doyRAZ/tcCCGcJjwK2bEZbRcuC0E+ZrnmgFOI=", + "lastModified": 1738198321, + "narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=", "owner": "numtide", "repo": "srvos", - "rev": "31c75c0d702f940aeb89eacc9c5dbde5d43df338", + "rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 0f5866e..cdad18f 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -15,7 +15,8 @@ nixos-sbc.url = "github:nakato/nixos-sbc" - # "github:steveej-forks/nakato_nixos-sbc/wifi-workaround" + # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12" + # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 8c14dc9..9990851 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -1,6 +1,7 @@ #ENC[AES256_GCM,data:ZkUrwF6DTQFainYhDA==,iv:VDjRBF4WfPmJdKtUpZYJcOPxoUYT3DUxAC9ct7EvFss=,tag:efllkpv2SxRv6+DyuqRQCQ==,type:comment] -#ENC[AES256_GCM,data:QydWKuMH8uixprFup1rEwvPkKAMw0yat9MOOK1DleeCJ5tqRqrPh9NiOpJs6nve8Rmji3WyrHAkUaK9zT/f8VKk=,iv:I6OHO6sLTtFBV6CYGmLh5owCrNjzS/LBjOjW9VovGlE=,tag:Vg0IZSFbYa7UQvuPpmMVKw==,type:comment] -passwords-root: ENC[AES256_GCM,data:+8IcZ4pbJ1qIjRCK7oycmgOVWy6hzc2oDISYMMqE9SmgRE//PQ5ABwtBtpaghrhZTXrUV2l3qsvTHD9UdYRNMB1VBlM6vn4Iug==,iv:2eUIa46QNby++yLK9dax/SD7Ajtj+U0ptheRuKV9r+g=,tag:5tA5rhm1eztDh7Q4d+C1BQ==,type:str] +#ENC[AES256_GCM,data:2luPn7XRMTtgNpz0QLXQwF92kbBLdjJoUdFKdayy0A==,iv:dr//F4r/8k9zSzkWXUlVT+81iYLTX2rmXIp+Z9Lt4XY=,tag:RZTSqCqqmRxBvWqHqmF7Gw==,type:comment] +#ENC[AES256_GCM,data:SjwWciLOzMxrq/QV00Q+gt1sNXwl6N/eTHsN9jeFHwFeOQrZ0M7/36WgjSVHpGlVmklzd0LiOB+LhNlzqysM6RI=,iv:vznczLEeyTmCxExlkFiv8ftQy+3z0LyAg8vhcpGT4M8=,tag:+QgSJtX7FFLfMnPLhrgcvQ==,type:comment] +passwords-root: ENC[AES256_GCM,data:BzQYUCGJwyA/mUohN3OkKdjkuHUfOgYFs01W/F1WM7i/UyOXA3HooUjbGe1KVQkn5NGTvWvR6t3CCr2o4Bjvq2pXrH+92a1kpQ==,iv:9PCLNVUyI2R0F5LmLe9spp7q65pwMJ9TUHmT/VtPazM=,tag:apsIgXhOkoZ8Gb0UshKg7g==,type:str] ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDukRbzel7hUiDqc6ELQAvffRqJQUtAS5Cfz9PzVcnyEA4wapvK7RLFavOmaN2MhcnQR24oQks5RVYmlvcems02Qovd15iE07XR4KCDcmQ5/XM5v4/RxW2zYzV5Il67Vzhij2wA9bJ7D3sbKUfyc6pBoIXvURbq6QO8ZMIU6ckAuOqG2230KwXLdz/ld0s3Ir1q/7t+rrrS7BPkeA+SRdYhb5XDOTKtfgFxNvdI6DSETV+q67xAalAkM/cZ2rqHJQd+wgH2VIPyiGqeq6LvPT0vmopFJn0CqQA2HauQAmBNIAtXel8GbK+qA11XilMx+hp6qhVH+BnSWWY3GriGfaGlpUZ0E7uymqRkpRwBcHmZto6E/E/XUxBfISVyJf/2RcTy10RelWLJtNuaXT2eHgXmZ/uAlcTGlCYYirr5g3iAGUoqxYbWlZb9SdqVO/0PLCZo7AkDWxk57wer/lHOG59ZpoiZnanaMIaNqJ7Tsslvvm0JuoP,iv:2U5IpWTRyQ8basBRoYpFe6Ycc5qdeCUAUTwlEHttRJU=,tag:jA0mFsMxWKq7dnkGQWNP9Q==,type:str] ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] @@ -8,7 +9,7 @@ ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3 #ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment] #ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment] #ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment] -wlan0_wpaPskFile: ENC[AES256_GCM,data:vVr1XQnlLcD3y7Cglta1vvBDyqIxvx0eR2X/rye1so3wYsH/Nhoy4AAa8X+CSjrXYSa0j/Sv1obbzoWxQbSvfTtM+Yx1woMoLosB3wjCB4XBtHQ0X1kQK6x6DsdrAT752mTGojaAlCoKqAXxC2uGT0dUnN8EapPejEYXrJnr4l604/Ku2/q2/+YPy3W3nKQirZjcv/5ugRr2cCFqmyseQAH9JmeaHrkDnrReyePCTIKKmbH4NTMrPR3+mTPmj7dmccKjooP3V44ZQbTZ1iPKT9p40pZQWy5mw60SM1YMd/mvf1DAfWuKSNZn5/JS/iDSUcMZVVpcIQs8EYddxEmVXMiDk2iEqcsksiEzJO6XhmTSDoThQoJwsra+tg==,iv:3iXEQv7hW7NBwD+1SkZq9z25eIavtM9pMxGi04f/a4g=,tag:x2aD4eySjODkuqXo+G/7Dg==,type:str] +wlan0_wpaPskFile: ENC[AES256_GCM,data:yB/1MLibWzQuV+LnM01DoOaImu6aCHB9TMsIDaby9MxjRCQNuI7qxc5dvTQ3RtA1V6at97r3ufw0W2Vwtkf8Mu3l/UL33nWoX8n4RAykF5HkDK+l1hzdW+41wZMZPc+NDE6ZgMSNG3N9gipHSjYQ+vU6KPX9RQwWTUbJiWWYtii+hi9NXMa7sBvjl1WUQtrKdAmc+7flAEFxOY1pOvkj87yOQDybQYdx268Gh2wkfgtacet4zwWvC/VGNrN2p3Eub8S16vHAZZKeW+2rr4U/GiOeS65CSk9srOGwlD6IboTUXSAoSChJmevnm+cgkzZsuOKS7knEZPjQ+l2Z+K4l3FnB8+CVvHw/DlUAG0pFgw49NfBGczGSAFh34b0k,iv:2AkphYXeupcDvB5KXlnuC7QsVJdBZHnR684045DJtfw=,tag:YFNcunSPVJUSLIPTTQ7szA==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str] @@ -30,8 +31,8 @@ sops: S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-26T07:56:29Z" - mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] + lastmodified: "2025-02-05T09:44:59Z" + mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str] pgp: - created_at: "2024-12-24T19:36:20Z" enc: |- @@ -49,4 +50,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1