From 2f60cd571a61bd85ca501732693d4671069d0f4b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sat, 8 Jun 2024 21:04:38 +0200 Subject: [PATCH] feat: migrate nfmnk to ifog, add hosthatch --- .sops.yaml | 17 +- flake.nix | 3 +- nix/os/devices/router0-dmz0/configuration.nix | 110 +++++- .../router0-hosthatch/configuration.nix | 340 ++++++++++++++++++ .../default.nix | 2 +- .../flake.lock | 30 +- .../flake.nix | 0 .../router0-hosthatch/variables.crypt.nix | Bin 0 -> 202 bytes .../configuration.nix | 25 +- nix/os/devices/router0-ifog/default.nix | 34 ++ .../devices/router0-ifog/variables.crypt.nix | Bin 0 -> 261 bytes .../devices/router0-nfmnk/variables.crypt.nix | Bin 53 -> 0 bytes secrets/router0-dmz0/secrets.yaml | 8 +- secrets/router0-hosthatch/secrets.yaml | 43 +++ .../secrets.yaml | 32 +- secrets/shared-users.yaml | 131 +++---- 16 files changed, 656 insertions(+), 119 deletions(-) create mode 100644 nix/os/devices/router0-hosthatch/configuration.nix rename nix/os/devices/{router0-nfmnk => router0-hosthatch}/default.nix (91%) rename nix/os/devices/{router0-nfmnk => router0-hosthatch}/flake.lock (78%) rename nix/os/devices/{router0-nfmnk => router0-hosthatch}/flake.nix (100%) create mode 100644 nix/os/devices/router0-hosthatch/variables.crypt.nix rename nix/os/devices/{router0-nfmnk => router0-ifog}/configuration.nix (93%) create mode 100644 nix/os/devices/router0-ifog/default.nix create mode 100644 nix/os/devices/router0-ifog/variables.crypt.nix delete mode 100644 nix/os/devices/router0-nfmnk/variables.crypt.nix create mode 100644 secrets/router0-hosthatch/secrets.yaml rename secrets/{router0-nfmnk => router0-ifog}/secrets.yaml (71%) diff --git a/.sops.yaml b/.sops.yaml index 607bce0..69bfd81 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -16,8 +16,10 @@ keys: - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - - &router0-nfmnk age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 + - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 + creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ key_groups: @@ -35,7 +37,8 @@ creation_rules: - *sj-vps-htz0 - *sj-srv1 - *sj-bm-hostkey0 - - *router0-nfmnk + - *router0-ifog + - *router0-hosthatch - path_regex: ^secrets/steveej-t14/.+$ key_groups: - pgp: @@ -75,12 +78,18 @@ creation_rules: - *steveej age: - *router0-dmz0 - - path_regex: ^secrets/router0-nfmnk/.+$ + - path_regex: ^secrets/router0-ifog/.+$ key_groups: - pgp: - *steveej age: - - *router0-nfmnk + - *router0-ifog + - path_regex: ^secrets/router0-hosthatch/.+$ + key_groups: + - pgp: + - *steveej + age: + - *router0-hosthatch - path_regex: ^secrets/sj-vps-htz0/.+$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index c1204cb..8405916 100644 --- a/flake.nix +++ b/flake.nix @@ -162,7 +162,8 @@ # "srv0-dmz0" # # "router0-dmz0" - "router0-nfmnk" + "router0-ifog" + "router0-hosthatch" "sj-srv1" "sj-bm-hostkey0" diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 337f4d6..a006d60 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -208,7 +208,7 @@ in { vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; - vpn.interfaces = ["wg0" "wg1"]; + vpn.interfaces = ["wg0" "wg1" "wg2"]; } // # generate a zone for each vlan @@ -367,11 +367,11 @@ in { systemd.network = { wait-online.anyInterface = true; netdevs = let - router0-nmfk_wg0Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${ builtins.toString repoFlake .nixosConfigurations - .router0-nfmnk + .router0-ifog .config .systemd .network @@ -381,11 +381,11 @@ in { .ListenPort }"; - router0-nmfk_wg1Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + router0-ifog_wg1Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${ builtins.toString repoFlake .nixosConfigurations - .router0-nfmnk + .router0-ifog .config .systemd .network @@ -394,6 +394,20 @@ in { .wireguardConfig .ListenPort }"; + + router0-hosthatch_wg0Endpoint = "${repoFlake.colmena.router0-hosthatch.deployment.targetHost}:${ + builtins.toString + repoFlake + .nixosConfigurations + .router0-hosthatch + .config + .systemd + .network + .netdevs + .wg0 + .wireguardConfig + .ListenPort + }"; in { # Create the bridge interface @@ -442,7 +456,7 @@ in { PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-nmfk_wg0Endpoint; + Endpoint = router0-ifog_wg0Endpoint; }; } ]; @@ -468,7 +482,43 @@ in { PersistentKeepalive = 15; PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-nmfk_wg1Endpoint; + Endpoint = router0-ifog_wg1Endpoint; + }; + } + ]; + }; + + wg2 = { + enable = true; + netdevConfig = { + Name = "wg2"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + FirewallMark = 102; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" + + # # alternatively, specific destinations could be allowed + + # # remote peer wg addr + # "10.0.0.0/32" + + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-hosthatch_wg0Endpoint; }; } ]; @@ -513,6 +563,21 @@ in { # ip rule add fwmark 101 priority 0 table 101 # ip rule add fwmark 101 priority 1 prohibit routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30000; + Table = 100; + }; + } + { + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30001; + Table = 100; + Type = "prohibit"; + }; + } { routingPolicyRuleConfig = { FirewallMark = 101; @@ -530,16 +595,16 @@ in { } { routingPolicyRuleConfig = { - FirewallMark = 100; + FirewallMark = 102; Priority = 30000; - Table = 100; + Table = 102; }; } { routingPolicyRuleConfig = { - FirewallMark = 100; + FirewallMark = 102; Priority = 30001; - Table = 100; + Table = 102; Type = "prohibit"; }; } @@ -596,6 +661,12 @@ in { Table = 100; }; } + { + routeConfig = { + Gateway = "_dhcp4"; + Table = 102; + }; + } ]; }; @@ -696,7 +767,8 @@ in { routes = [ { routeConfig = { - Destination = "185.143.101.42/32"; + # test the set uprouting to a specific IP + Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; MultiPathRoute = "10.0.0.0 1"; }; } @@ -711,12 +783,24 @@ in { routes = [ { routeConfig = { - Destination = "185.143.101.42/32"; + Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; MultiPathRoute = "10.0.0.2 1"; }; } ]; }; + + "50-wg2" = { + enable = true; + matchConfig.Name = "wg2"; + address = [ + "10.0.1.1/31" + ]; + + routes = [ + # TODO: add a testing route here + ]; + }; } # configuration for the hostapd dynamic interfaces # * netdev type vlan diff --git a/nix/os/devices/router0-hosthatch/configuration.nix b/nix/os/devices/router0-hosthatch/configuration.nix new file mode 100644 index 0000000..b6b2146 --- /dev/null +++ b/nix/os/devices/router0-hosthatch/configuration.nix @@ -0,0 +1,340 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + variables, + ... +}: { + system.stateVersion = "24.05"; + + imports = [ + nodeFlake.inputs.disko.nixosModules.disko + nodeFlake.inputs.srvos.nixosModules.mixins-terminfo + + repoFlake.inputs.sops-nix.nixosModules.sops + + ../../snippets/nix-settings.nix + ../../profiles/common/user.nix + + nodeFlake.inputs.nixos-nftables-firewall.nixosModules.default + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + users.commonUsers = { + enable = true; + enableNonRoot = false; + rootPasswordFile = config.sops.secrets.passwords-root.path; + }; + + # sops.age.keyFile = "/etc/age.key"; + # sops.age.sshKeyPaths = []; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.secrets.passwords-root.neededForUsers = true; + } + + # TODO: extract this into single-disk VM BIOS module + { + boot.loader.systemd-boot.enable = false; + boot.loader.grub.efiSupport = false; + + # forcing seems required or else there's an error about duplicated devices + boot.loader.grub.devices = lib.mkForce ["/dev/vda"]; + + disko.devices.disk.vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + mountpoint = "/nix"; + }; + "/boot" = { + mountpoint = "/boot"; + }; + }; + }; + }; + }; + }; + }; + + boot.initrd.kernelModules = [ + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + + "virtio_blk" + "virtio_ring" + "ata_piix" + "pata_acpi" + "ata_generic" + ]; + } + ]; + + # sops.secrets.ssh_host_ed25519_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_ed25519_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key.pub"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key.pub"; + # mode = "0644"; + # }; + + boot = { + kernel = { + sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + }; + }; + + networking = { + hostName = nodeName; + useNetworkd = true; + useDHCP = true; + usePredictableInterfaceNames = false; + + interfaces.eth0.ipv4.addresses = [ + { + address = variables.ipv4; + prefixLength = variables.ipv4length; + } + ]; + defaultGateway = { + interface = "eth0"; + address = variables.ipv4gateway; + }; + nameservers = [ + variables.ipv4dns + ]; + + # these will be configured via nftables + nat.enable = lib.mkForce false; + firewall.enable = lib.mkForce false; + + # Use the nftables firewall instead of the base nixos scripted rules. + # This flake provides a similar utility to the base nixos scripting. + # https://github.com/thelegy/nixos-nftables-firewall/tree/main + + nftables = { + enable = true; + + firewall = { + enable = true; + snippets.nnf-common.enable = true; + + zones.wan = { + interfaces = ["eth0"]; + }; + + zones.vpn = { + interfaces = ["wg0" "wg1"]; + }; + + rules = { + to-fw = { + from = "all"; + to = ["fw"]; + verdict = "drop"; + + allowedTCPPorts = [ + 22 + 5201 + ]; + allowedUDPPorts = [ + 22 + 5201 + config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort + config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort + ]; + }; + + vpn-to-wan-nat = { + from = ["vpn"]; + to = ["wan"]; + masquerade = true; + verdict = "accept"; + }; + }; + }; + }; + }; + + sops.secrets.wg0-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + + systemd.network.enable = true; + systemd.network.netdevs.wg0 = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51820; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.1.1/32" + "192.168.0.0/16" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04="; + }; + } + ]; + }; + systemd.network.netdevs.wg1 = { + enable = true; + netdevConfig = { + Name = "wg1"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51821; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.1.3/31" + "192.168.0.0/16" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4="; + }; + } + ]; + }; + systemd.network.networks.wg0 = { + enable = true; + matchConfig.Name = "wg0"; + address = [ + "10.0.1.0/31" + ]; + + routes = [ + { + routeConfig = { + Destination = "192.168.0.0/16"; + MultiPathRoute = "10.0.1.1 1"; + }; + } + ]; + }; + systemd.network.networks.wg1 = { + enable = true; + matchConfig.Name = "wg1"; + address = [ + "10.0.1.2/31" + ]; + + routes = [ + { + routeConfig = { + Destination = "192.168.0.0/16"; + MultiPathRoute = "10.0.1.3 1"; + }; + } + ]; + }; + + environment.systemPackages = [ + pkgs.ethtool + pkgs.neovim + pkgs.tmux + + pkgs.wireguard-tools + pkgs.tshark + + (pkgs.writeShellScriptBin "dbg-ip" '' + echo links: + ip -br -c l + echo + echo addresses: + ip -br -c a + echo + echo vlans: + bridge -c vlan + '') + + (pkgs.writeShellScriptBin "dbg-dnsmasq" '' + # get the rendered in-use config + pgrep -a dnsmasq | grep -Eo '[^ ]*conf' | xargs cat | grep -Eo '[^=]*conf' | xargs cat + '') + ]; +} diff --git a/nix/os/devices/router0-nfmnk/default.nix b/nix/os/devices/router0-hosthatch/default.nix similarity index 91% rename from nix/os/devices/router0-nfmnk/default.nix rename to nix/os/devices/router0-hosthatch/default.nix index 1fe13e3..202e206 100644 --- a/nix/os/devices/router0-nfmnk/default.nix +++ b/nix/os/devices/router0-hosthatch/default.nix @@ -8,7 +8,7 @@ variables = import ./variables.crypt.nix; in { meta.nodeSpecialArgs.${nodeName} = { - inherit repoFlake nodeName nodeFlake system; + inherit repoFlake nodeName nodeFlake system variables; packages' = repoFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system}; }; diff --git a/nix/os/devices/router0-nfmnk/flake.lock b/nix/os/devices/router0-hosthatch/flake.lock similarity index 78% rename from nix/os/devices/router0-nfmnk/flake.lock rename to nix/os/devices/router0-hosthatch/flake.lock index 8284b8f..1fc4feb 100644 --- a/nix/os/devices/router0-nfmnk/flake.lock +++ b/nix/os/devices/router0-hosthatch/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1717177033, - "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", + "lastModified": 1717915259, + "narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=", "owner": "nix-community", "repo": "disko", - "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", + "rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "845a5c4c073f74105022533907703441e0464bc3", "type": "github" }, "original": { @@ -85,11 +85,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1717786204, + "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1717058062, - "narHash": "sha256-R8Gb2MlJzfBE76DVWFmfZWODMdAanqxFnK+OOmkoQ7E=", + "lastModified": 1717807544, + "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=", "owner": "numtide", "repo": "srvos", - "rev": "414d1039a58b667e4512ad9f7068aa935ebf8d59", + "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-nfmnk/flake.nix b/nix/os/devices/router0-hosthatch/flake.nix similarity index 100% rename from nix/os/devices/router0-nfmnk/flake.nix rename to nix/os/devices/router0-hosthatch/flake.nix diff --git a/nix/os/devices/router0-hosthatch/variables.crypt.nix b/nix/os/devices/router0-hosthatch/variables.crypt.nix new file mode 100644 index 0000000000000000000000000000000000000000..38c17df5604314571d09b3b420ae023ca33ac67e GIT binary patch literal 202 zcmZQ@_Y83kiVO&0*wia+CLYMKMnfrnuhe7XMTcLzns6>wp8e<6#vGlSMx|ZpMMV=Q zx!>9U@2AzA^KB;-d@C43p555LE-l7oIp2G;n8R8gO^J*Ael$$4N|=|BoUFDxW5SNf zZcE%2G)<{Grx<46#Qks&Z}jb-Uk^60=S4nU*Rr55Q&l5ra$$JzgZDe4L;2ckIuB%) zaKtkj6qcUcdn%yu+q?3(>20pEbU_-~N}pTj@;F9!2&0`n(cNo0?m8 z3m$O&Grw$mp?wR(9r0u46``x=Ox?wP{eSUJ%SRmY0c-fLFhuRVkg8*B)w`-|sbs;@ z+KVz1yjeH1wRF8%lAZHDCg#WIjdF))t~j%&&$TFP`Q?&J>_YcKZmyqdQrLUB&hYhw X*@s#dOffXQ7Pouf@dFdCxV8WQVZVk` literal 0 HcmV?d00001 diff --git a/nix/os/devices/router0-nfmnk/variables.crypt.nix b/nix/os/devices/router0-nfmnk/variables.crypt.nix deleted file mode 100644 index acf532e1284091842c3971ac16a862e90d7d2604..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53 zcmZQ@_Y83kiVO&0sF}7TWclq+&8-r`1{}wFPCK>~YaN*sZG2uobj#k{2TB*$oAMQ> Kd7W1K#{~dH@)p$q diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 852aeb4..6500efe 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -5,7 +5,9 @@ ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDuk ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str] -wlan0_saePasswordsFile: ENC[AES256_GCM,data:ylY1LwMYlHdvYIVPIIr65BuxkW/BHCikkbGO5nNSU9WVekWiDXNIt2EQ2sYcdqnvZMGvcG0G4SQvCwpNO8ihh/RqcLYpTxldI8zwSqAwvATu7prV8l2bCvBQ+NXZ3yAW,iv:L6ncjd0u316gF/3InI7cuqO1kDpH7ahWGcsssYfb2YU=,tag:IAqt8vSDjW3OasOTJ44PeQ==,type:str] +#ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment] +#ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment] +#ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment] wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] @@ -28,8 +30,8 @@ sops: THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-25T19:21:30Z" - mac: ENC[AES256_GCM,data:TulnMjElIqQOgimCrMRk5kIXYED8GvnTQeefoeTCpgndl9fbraPjB5O4VMPJkotgWDSn4DF7QTUSarVB/6Th87xe08RxdOAW1maj5i3ZlMeKoGOHGNp3nVEpaaC455qtW9ZfXW1gxoG+HRBtsFJe3ZYV2gban+ByDVwiEdr501w=,iv:LQVUB+LE0xSBznHayhEGKXvJsz0r9Y3iDhS6JGx2paA=,tag:QR2Fh+GqOiLb4j2xKE3E7g==,type:str] + lastmodified: "2024-06-12T19:21:06Z" + mac: ENC[AES256_GCM,data:42wdJ1DCSnoBjzbKDMqYJgraQxYpsdIJ/TylLnQA93iX4YojA25b3McAIPFDxgu8jg8/nwyXVLRVlkI6ZKuRxi12K3BPrQfMvNqmBa4/SYvvMD7ywiMB7+k72ebx+ulRmj2TDz9f8koVVkD7crAgM/eIGOm3CbfwXqK0t5w2sm0=,iv:5QaQZCjacNBlgx4Q/RjRbXtvz5KzP/W1tUrtySJC1t0=,tag:4sb9lJkg56/L/gQZ192GEw==,type:str] pgp: - created_at: "2023-08-11T16:15:11Z" enc: |- diff --git a/secrets/router0-hosthatch/secrets.yaml b/secrets/router0-hosthatch/secrets.yaml new file mode 100644 index 0000000..9891362 --- /dev/null +++ b/secrets/router0-hosthatch/secrets.yaml @@ -0,0 +1,43 @@ +#ENC[AES256_GCM,data:62US77UkclVlR3klMH6P/oYC006vFa6DEVgvmemMFh6INuw95NyRwJaiMs4EGaNFuX+jkfBbtlm0MQK73rXfGxg=,iv:UALT0vebke8KDPdroZnC3rSUCB0CmlX9dfbLqNAlJ7Y=,tag:iKxAWDTdUZDBD0PWfomeWQ==,type:comment] +passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/UdybLU+1t/VRo+KPLYRPpXQBbsBaHVa/XOiOqLK9dPDHuVZBavnTTMC3Yg==,iv:pqjtzPH+T8CLJsJusi5CpVklPUAnioIoTjBXAR3y620=,tag:vrGzZlRX1TJ5b6Wxt29V+Q==,type:str] +wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str] +wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str] +wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str] +wg1-privatekey: ENC[AES256_GCM,data:dcD5isfYT+diae7tS6OSEQiqEkrpUxw0io8EqaSUaaFxKf2RAqSqxEXkhzU=,iv:HVB+uJG0SwxH3gbSpyZJZnzadVK2MYWvaZ3t7vPXn3E=,tag:/q7hgBA45Hq3446w83ConA==,type:str] +wg1-publickey: ENC[AES256_GCM,data:08fRjmGysmgGwXgwGqtMmO4iMWNIOucRnD7l4qaCh1hVWAk2BbO3OcHw010=,iv:PfKUVRyjEVT2BBUCmruR026n/P2kT2Papq46DOFq3rE=,tag:AhyI1yHdEucmQEo6iHnznQ==,type:str] +wg1-peer0-psk: ENC[AES256_GCM,data:zlQv7B2Xm+QUzevsYDD2ckIp3PdEAOSEPv6UKYLKRUGWXKE9eLhC1dNq5t8=,iv:kehiDKfew68S2pfRFq5OyTm+Ixo05uiAiHDg30xhP4Y=,tag:0GSr1d26ALehewMF5b6woQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRzJxaGJVclFwZE9ZT3BP + OHNEaVg5ZVl0Nm9YTWo3Q1lmSEw5dnRoRVY0CkpCeWxXU0RybU45Y3RvVkxJYkEv + TjJsb3AyNVR6QmJVbnJsZzE3S0VmQjgKLS0tIHVHSTZVOHc4R0E1TWNETWNlWEty + czc2YUdudGdnVlZteXBmaHZaV1NWbGcK6jWSkOEBYN+1HQ+IZdBKknYo96Aydp/s + +hK8V6qEyCkAqWLYEnZ5ErMEc8OcOyYCQnYyCb10SWJvye+uyX8SZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-09T14:08:09Z" + mac: ENC[AES256_GCM,data:nCwAca0MktoxUb0W+1B7+4UP5IOG4cuj2BhJBxjDV4gjYBSKYJs5gSdYytjOpu76ePXSUHgyiPH0Joe5ESubaUN4zPIWMLpkEk6WjXnmXRTY8B5ZZ+AVR2lxNi7UtiCyx0yjAVZFxuk33MmKR2yXMLEqE6U/70fccJlY+dbTaVU=,iv:QTafba+auq3Zv/xoBzHmnIMmfDAynqApAcr/T0Uh/2g=,tag:RREUDKF4Kruy0AEFDqSVuw==,type:str] + pgp: + - created_at: "2024-06-09T14:07:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA0SHG/zF3227AQgAkYv+dSMKF647ApqeslZpv22LmhdphDTSQjaRJdIK4gM4 + kv4aJ4L0K/fDqKtsbszbAnuratJnOxnhGaydTX5Ob9tb5QbFfmC2C4OED6hB/enu + hsP9BpsA945Keqf27NyXgxnLDVr6OXcpZqWZbYqHmWDx+BHrw500hgFb91ejzf3c + 6KF2Rrp4PsUl58D6LcSFxfqcna7l2+Ptx+k2vfInSkyPit/5tjry8SyBbUFWPwz2 + gVj9MN0bLCMqhToFh532GSDmnxNd8d1Sb8G1riJ4JaTHStV3s6KebF90ws3FtC5n + y0f/BbjkSqEqNIKFplPZ4Cx6O7WsXbH1hU1Dgba9G9JeAYVAFyi+OnCV49ugZ93p + uwGhpXmP6RbGVT6JB/beAdUToTdP0EfdVE4LlxkssEFd8HHzO8kD2u7k7glkDEq7 + Ox1QlDrMuz0zRE6D5B4DwXrWvAOw/TjvydWjyS6HCg== + =5YRC + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/router0-nfmnk/secrets.yaml b/secrets/router0-ifog/secrets.yaml similarity index 71% rename from secrets/router0-nfmnk/secrets.yaml rename to secrets/router0-ifog/secrets.yaml index 20fc3f6..96cb8ea 100644 --- a/secrets/router0-nfmnk/secrets.yaml +++ b/secrets/router0-ifog/secrets.yaml @@ -14,31 +14,31 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TmJFN2pLczE2eXg1bUZv - dXlmV2hzWHI1dkdHcnk3S0FaU1N5d3RlSnlzCmxObnZqKzFhLzloVWxxSmRPVEJD - ZUJlUi9lL2NkNFJESkZiM0Q2Tk00MEUKLS0tIEthd3FZeXNJbzBuU01EMGxUY0VW - cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z - X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNmRsNDJRbHZmS3JmOVht + c1kyKzBXdGxkQXErQlhXUzBmMm12eXNCVlVVCm9KUCtZeWJWYWVJUFhYRUlLVDdD + Nk9Wdk5WeXl2ZGNybGxnZWtGR2thTDgKLS0tIEovQnU0bzRCdEp6RnVvZCtUTlFL + dFBOcE9leDQrYzVQNUpLZzJBYlBYaE0KyKVh0VDpbA2eIh9d+KhCYKjbl4fHPt07 + fVbbDEz67bWNjaH6Yg6xlNQIhv9prUK2isckVizpUANmOKxPJ2ia2Q== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-26T17:23:41Z" mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str] pgp: - - created_at: "2024-05-25T18:38:40Z" + - created_at: "2024-06-08T18:36:55Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf/YU2onj7KSmYwuZUOVjSKcLEC5H73eRR6qAms5vlHoIot - SDlMdcYsoz3nStqb0QTEACmChYy1ZpwCSqkVsPzyhQNlu9xuUiZU2VUV2M7umLjU - EL2hbVD/tdPhf4hb1sHWfHWYaIb9nZ++Y0Gnl+6fKcZMPRL1t1FCAv77Wh7qocKh - RI5EkhSOm0O0Yv17F42bG2xMEP+Bkjd/76fvZeic7q7MF9gt08Mzs/pDnvxjYYP6 - nrR2zlbiCEhZBpbWNexlqWbl8TXpZq/HIkaDrplJExp78XQETSi8YCqIPhbD11NU - aKD7XwAtcGJqzaQNHpo0dcgGC/ZlBM2JFuT3f1FhOdJcAbor1d3CVA2sUOMUfCB1 - eKqJaNsiS5lYmtVlEsRu3YISNP/b8byLihoEliQSq/CA6Du9ya/ffqAuErh/biEv - 03KS+MO49uxXvER3XU0SFEYT+ecWPbNfllMGJJk= - =/YnW + hQEMA0SHG/zF3227AQf/VntYsys2fb7NslwBbEwQ4VYh8OOWtCGhqbVw045QflFD + 2hS1cT85MDNTwPnnDW4NYbf3UEIq12eXVDFR8+4S4mMun68OmxEf3UhSB6k2cDgh + iwM6HdAh13cC4UfYBpEq/NTr9omdoXPrcjQNYxqm8OBRNf1126L5XmQ4NT2Lg8Yw + 2HcDIxrl9vX1X8OYd7fwc7TIJpVYCmG2UhVrz+gS4q51s1hi1t1BZdeUhU9RpSdZ + Mu2HlB68t597wAXOB88K+zJG4+uUQrpz9V2Xd/lfzFIeQtwLcA/NdoZs+AMEQE+j + wa5FPI08uF68KbwzXYCq2NEPKA4SX9UzlirJjdAukdJeAfqO5woWkuDHmDj+nDDS + fSwL7mVNd43h9uO3PXi7j8kj32dwLcBSjkeuN1+gaTBLixzzp0drLTD1DkeY8kBS + ROvWaNhXsrm+uB9d8aaznqfWS9C+3PE5fY9untPIUA== + =f2HS -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index f0d6b66..6e5bbf7 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,109 +16,118 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djVXd2MvMGx5c2RMd1dM - SkFVL3VUeksyRjZmTkNKZWl6Y2N1M2NWZldrCkpzYy9aMTRzSGU3SlJLUGszUWI5 - NnZDb21MMmd6Rk1iaW4vMDROcS9MQXMKLS0tIHQ4S2FqdFRPNlFJcmtnNkVIazdS - OS9oNTdjQ29YamgrUlZ4N1JtUExuQlUKPsFIiNz0jxcA91+i6WeSTchO8F/9WjWO - SgGsoRYKCXIXmIunib19LqI3DW4yE5YoLsvh6UMhFcKsqKObhf91IA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WWlBR1NxR3dFZzl5U2tQ + UDVmL0VTZ3hISDIzei9GYnVUSnZ5cmFHVUJnCkQ4dEd1bmR6b0N6VFVqNmVsOG9o + b3hZalkyMXJaWEpxRlhRSWc2V09HT0UKLS0tIGJRc0lCTk9md0xDMlB3U1JMWDM2 + VmpLVXdFcG1wZ2pJTFc1NnphalVxV28KAY9l6szySiyYEwsdyVkngwUo7NhkZcQv + u46mxDco2mx6oAN+xhSWOwcUl6n8VR8p/voS/eA0uibNAN0myfoJ1Q== -----END AGE ENCRYPTED FILE----- - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcjFscitrdTJQVFlUbDQ4 - SEZFb2IzYzc2TDV0ZHV3RFJPekhvYnFFM0JNClE4U1hLaWtKaFA0anMzVWhra3F0 - d0NjcmRuUkU3bktBbDR0ZFZBQ3RGaXcKLS0tIEgzamVrdnBrYzdmOVQ5cTI4ZVAx - TVdNMHQ5dCtJN1QrN1d4SkFIVHRQQlUKDAXRh+T7ds0k5qNMjYzhlXKIka42EwXF - eQLAeqPkggpJy/N5B4Ia0k/QwBm9TXRgyE8hqf/GMnX0D0oW4CT2ig== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUW54c2VvWWVjeWNRMWlt + U1M3TnBod1RVTC9Fc0IwdGs1UGREM0VKVlZnClhUVHpVTzBEL1lpN1BuTzJ3bVNO + aU5oMENnbCtuYVJNLzJJT0RENVNQTEkKLS0tIGRIaWpSWVlvZmllcjNoUzVhdnlK + RUIzMW5vMlFRUWgrTmhxaFJIODFPOVkKdK4ztFlYPv2pu1dGElvIVhPMM3nntV3u + I4iAVNDmTvLkIkogqpr05efuH5C0e53P4t+JwjysEjk7Lh7UQuqBZw== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OVJzamVZTGhmSk1MQTMx - ckJOSUtpcU9wOGphV0QvSVh0VkFEc2RldEFZCnhQL3JVWmprQ1RJYlJwNHdvYVI0 - YTFLeFprTUJ0dENEQWxhMWg1eHVKZVUKLS0tIC84RzNaOUVMWjhMdGM0RVl5Wk5m - c2ExOXJBdE5pY2g0MXlxbHJTekNjQXcK/P3Q2oxcS10nETrUKBbHRK946MPNtn18 - MbkiVGUy4LFVQWv4Zeg0QtXg/vY7ToEAB0sSZq9zgFrorhaaTWoZ3g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTFZJTldobVg2a3hrMUZT + aVp5YjlRREtzUCtRSUpFSkJNUEZBaU5NbERZCmJBeGZHbFl4dVVqcS8raHh3OW1J + b0p3ZDZNbUR1OThtSmMzZWVHZy9OTWcKLS0tIER2d0hGdEJCV05nY0hMcHMzV0tX + YWlFUDNndFc1eitnbXpuWi9WbExKUGcKwV+QGI33JB0bE1XpQdjsxMs8E2jpjzu6 + Ex0XRInsP6YjH+yJu8mMGh92rroKNxoSZ3Ku/JLlTFxreFUwwW0iKA== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHkvcEdNdnhhVEZBNVBY - akpUdkgyTm44Zm1XclBrbG1tUzBQMHlBZUNvCndlVjRKOVczYUZBeWpacHQ4OTJC - T1pvdFQ2MExKNnBoQ1ZRb3RQeW1NeDAKLS0tIDBQT28yTzVoZ0h5SVlESVNoYXR2 - aU5mMWloSmpSalVhR0RWRGpTTmdHbG8KG2kC5cgaGluNtQti1WdfJFNg5ZICDIxn - Zp9amoUvT19cb1pjV5l7P8+EKg15+4BY9eGAB74yzR/R675YhRhygw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRFF4dEd6ZGs0dWpwT3V1 + QTZBM094RU42YVFLWUpuYjZOelNtTkwyVHpjCnlzNGxkRHRhYktXbGltT09tQ2J0 + cjRjc0Z6d0lVOHA0Rmg0RTllYUhoaGcKLS0tIDkzVk9uc0ZqS0N6d0VqVjhrbkkv + eW9vMHBsYXZZMkRnK05BRFlCREpQeUkKYmA5u+zcuBd5hE0wSkq0/n7T+h/BqXlm + PPZNYMNeVwdQx+vcedpi+eZ83bm73KBEcRn2B7fyrrQdjj7sSK+afQ== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkE3OFFQTXFpWWlZRHhS - Y2xKa0tkZTEwU09xaHd5R2NqYnFlanRlRkhzCnV5QUZ1QUxkcHpWMUtXNkdJakx3 - cTluR045QTZJSldDdjhhTFNOSmhIbDQKLS0tIEFDdnQ0RDlERTUrb1dWSW9OcmVW - Tk8xZEVPS1gyWGZUckZrdFFpbmlEUmcKWSqJ5bJ/vY79y9CA7KSvg8+I5nyP8PmZ - /EZEFld4gx3nQ+A9nWTU+WCL7vouZWO47AEraEkMu2I5Y4XprarcRw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQd2d5U2tyeDE5Y1dnR0Nh + djF0S1AzTDJaZU9HdTVEd1MwQ0tnUlNTUFRFCk1BVHdzM2k4S0lZYlo0SGNJSXUz + enVOQ1BDdVcwTVA0NDQyM1JZQzJJZ28KLS0tIGJYdDA3TDRzdUMvV21nL0FhY0U4 + WmpmS1p0dVUyN01NM0JlLzZXdEVIeDgKk0TG9dNInrDCYPQ3gP8y4Q0ELS0JYbqb + wBY7bTcD8INyFESQE33taajmzCtgP4Cw/9M6XHUBWYPuxiFgwGLLhQ== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbGJQSVRCZnVHVzNuSkRV - K2JMc2xjQmk5SlRoV2QwakNmRmtBK3duaWhrCkIrQ3pHdUtRYVpQVWdpZEpSZkw0 - OGpCVEZjZVBjQnoxRThOTG5XREFrcWsKLS0tIFlMWGF0WU1IcHRva0laSmpkZHpG - LzlYaEpvSnlLM1psVkgxQ2lTM0tmMWcKlbgNVUxycS0OlBnMhQTHIQG6ymXvewJP - byY+qCJBzU1Nc3XuLhng9NkwH/E7YCrjC9ExSYMhwJmlT9k5T1mG/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaDFjVlpWdVViVjBNcGhy + cldxYUl1dzZkL1JYTDkyMkRGMWJZbHhDZmowCmtQV05XOGpGbFBZWDFaZGloY1R4 + eG5VOGwrVTIvVmxtRzdtVUpZVmpyOU0KLS0tIGFqeEFIUUFwM3c5cVpuU2RxTmVS + eHNvazBsSTljcWN4cHVobUU3cllSVGcKmAP+IXlvZwNt8f+OuhYKZCB/c5+20yfG + 93BSrSZgw0mc8qSeS5pK5WMICRG+IGNEPgDg0f43icgaogL/rwaFmQ== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTXdJajRyRlNvdGIxYTJn - NGFJN1pqRmtadDc5amhBTVNnQkRiZ3A2UVUwCmltVnhrWVJRL09qM2RqbEJKUmVu - STkzYzlhRld4emtrbTJsWFQ4VkdCcVEKLS0tIEVVcVRDWU9HK2s3OERBUmFFN1NF - L0RwTm9qUXBTYWlra2JXM3hsc2NUNVUKUFgLswYYPZJMn0TcvSFnjfR4NAwdYjAO - p4ZmxLaXFWY4E4lnsg2Ka8BUc7C8IXZprj0Qh1o3K4v0LXsSrmfKag== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSG5qbnVFbGM4dndlUkto + UE9Jc0Y5YjQ0QXJqWVd0Umo5UVNjY1kwTlQwCjdQaEMxY0VncmlrTHM3WWo2cWJh + Y0J3MHkxZHZyOGRxWHA1cktCWFR1dTQKLS0tIHZFb0diQllCQ0wwUjdGeHNDeGlD + NitOWm5CeWRrc0dyTUFYdTdtUjI3TXMK/7IyFuIPWOZHpWz32Ds1nTQYEKFCthSz + d3N60YmYevNGWrMgOEcsg3LoAq8aOtWWj5bHVDKXMSniAf4sN0MWUg== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsU2ttUWJ5UkdWNzFkb2du - cTl2VkVmVGVzTUxlTm5jSkZUL1F5SzIvQlFRCnY1WnFWc2RMRnhOWlI2aGU4ZW5C - STU1K0V3WS9JdDU2dWE3QVA4bE4vWVEKLS0tIGJWR3NxZEcxak5hME5hQVJiOW8y - RFlXc0pOdVdNQ0lxR1JMNXpEdU9rQlkKZmZ/FUX3k7KrzXnyFBkpRE2DsJCC5O/Q - 3KkMqWsR/93N+ujs8DhDv49sNFmdYLzexpNEsDbXour5FwvB/0scIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJajkzVTFVYjFEUE1WVVZ5 + dW04VmZraFlXL0xnMVYyN0lhbHJxQ1IreXlRCmkvNXZDeTJLOG11bXN1ZzFFeVNE + RVpCb3gvaElVZ2FKRCtGVDlBalY3dTQKLS0tIE5hUG5BUnNnejJBS1lOQ0FRcDRx + endRb0VjcmVrbSsxOHlwL0M1MFFLR2cK8melHXX8FyxCKYlY1VEeZ8YX55KwsLQn + UTpCRodnPPh0Q0RaNyjvlQPbyW1V6fjoPPsLyYc3SyqyuNWKkpv41Q== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnNiYkpqaCtySGdIU295 - NkdjRGE4SHpVY2pXR1Q5TzloRVViYk5yRDFnCjFpbHE2RDg1RGZzdVZOdzlJSEVD - bUcvMUc0ZTJZZktsMVNkenR2RUl0NEEKLS0tIDR1Ym9OcFZFWk82ZXA4NWhxZ08w - L3lPZmd2TTBuZkkrOEtWYXBHNnppTGsKn6ez/ALZ/6oYs+rGghSij8iobHNVsmDX - Pg7yRSSBNUMSR4Dr3a/nGDuFEhLzTd/DyWSMAqnvo3kdETc0DB6tuQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QU1Zc1lhT0JkZk9vdlZN + UnphdTR3UEdsUUVBbVZkS2NFVC95Q3QrcFVJCmJZYWJKY3dOYys2SGViQ1RPYXZJ + NEc1RFNJTEFJMDY4eWtzUUxTUm5NYVkKLS0tIEIxOTIwUXAwcHhrQ3RHWjNkRjRx + NGJPWkNMd3g5TkR5SHVjeXlDNDg4MkEKaunoz1UUX7jVGtRCZtEa3qFNUH7iuo+S + RcmWF3p7VUoKEau9F0Wvp5FtbySZQ59vwjMUnuTXagd6RecncaR0Ww== -----END AGE ENCRYPTED FILE----- - - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR293bFZZT2tnRk8xeUJM - N1V4UWxHSDNsdldXdENpY0ZtSTc3dlNnQ0ZnCnFvWDhzS0xoSjhyZ0dwUGlQYnFm - WGdiVzBhZmJ6OEZCTXJ6MzhTVC9CbE0KLS0tIEhPNU9NTHFIT05jN2ZnL3doUHBj - VHpucmdFbU8rZ3VHYTNNZG5VUXp0aTgKYY/Zq+Rpeql+opkVFLubXdFi/abWeeSu - 1LPMEFezGuuMnRDQlWrNAd6mR1yDW1T62md/wAH5O2quinVO5kKOjA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeVJWMS9SU2pvWGdZaU5h + WUFxeE9OUTRFcnFLd3d4OEVZWHNpNFlEbFhrCnk1bGhSZ0piWlpGR2tpV2dIQlNP + em4xNEFBU1F0SEFhRnNva3phMnBPZTgKLS0tIFVkcFZKbjRvWFdVd1VDMkhRUHRy + ZjB3WlhmUDE2WHNEL1I0dWpKdkNybWcKXTmTurT3N3X1RLSZ+xbGEnafZ9Y8FEg/ + pcGVHWj4eZ6bWKwEYiRRxcxlEC5ZRsEuunhULU3GajChYv4wz+xXqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TGIzZVYvZGxIUENyRWJ4 + blh0Ym5WZEhSeVp0S3RvRUhjcGtoVVpBSzFBClgvQnN5NGo5Z21vZmM4UTJhRy9F + cmtTajRmRmlZMjBYcjFraEo1OHUzYVEKLS0tIHlQeTZlclF4V1FmaERDUjJJZ2Q5 + UldneUZ6b1g2WG9kd0dHR2JXYVN0Uk0KAdEYkEL++Ge/YKPOHNUNETVxpH9vyfaA + MN5uPQWLp0+Tt9/jFOhc8S5P320me+2k+yKp/cPEcSuvNzipS63FYg== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2024-05-25T18:40:21Z" + - created_at: "2024-06-09T14:07:43Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA0SHG/zF3227AQf+OkqA8iyYdOxo+43xpHvS9flq9TGucdzI+jldU0M7usG1 - 9lh51h7gY6p4xtX+yt5+7bzqaNYQtXlG/WvnK/9E9df4vLiAUmKbUM3jN2OhgHzm - 8/WM7yez27EEqdKuipWG7NEGwCHHCEdN33m1BJ+nt7bKJ56yiNbg5TcaJhmZrirv - qiFmDKV1jJ80o+vRz6oaSYYh6YYOuEUkOufidJKQfSJCsC3xbPqwcJYfmAGNm2j5 - A/m0N4QVNW/vxO2cEKv4e0RXqQc3BsycGu7TBAZr4QbX9o1zPY82uvCWYNbGq9x4 - sgrXoXzBoGocPlEyaTaoD73zdx4di2qcnmWkIt5o29JcAW5w0g10kmuZfKfX8utm - L2wQ0gODvXHul5pBNt3Hgei+C8SMtfg3HPHjYK0F3iXt+KoIYDcl/NOWZmRuOD6F - l9iXEDrVmkcjRXNshHtQgxYSi+WSs3LiNMqU244= - =d1S1 + hQEMA0SHG/zF3227AQf9Giz/3hRC91WPtMzoR7MVPQWmiOQDtPcqUMVRoNn4Sq68 + zdCU4MAUBkQ2ZsrCMn5ITcVzEYsSRqegqAZX0cVL7/4KYi2QK8qh0WTR78cqO3za + GFtmWRG5m7jchreK39cqOJETui7zY832UMqLSeNw8ZSZb3SGZDZf6690iSldJrmi + Ty9jKdhjo8Kahap3uyoODB89JmsJFuR5V9emmB0XHhQfwAgltntScHICwQqoUIcQ + qIP93AJ1TYVq1yuTFbTut1aX6Xgue8rtiPF9bqrITQlDsoCNhztNrohRrp8wYtj2 + KG0j9QwXFaU4eaVo1xgxBlD2B0xjSrysHGMGmJ75ytJcAXKrpus95u5aVTB9orDI + fZRyy34XmZaaMhr+n/EsmGP3EDQyO4AFu2Ht+yqrCUSo4Ia7gq1H297xunmztvB+ + jASXZF42ip0Svfs5fqDQ0JBT4Skvk1VXI3McUGk= + =lXHq -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted