steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: migrate nfmnk to ifog, add hosthatch

Browse source
This commit is contained in:
steveej 2024-06-08 21:04:38 +02:00
parent 4a42e3fe3c
commit 2f60cd571a
16 changed files with 656 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.sops.yaml
View file

@ -16,8 +16,10 @@ keys:
- &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
- &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
- &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
- &router0-nfmnk age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00
- &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4
- &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
creation_rules: creation_rules:
- path_regex: ^(.+/|)secrets/[^/]+$ - path_regex: ^(.+/|)secrets/[^/]+$
key_groups: key_groups:
@ -35,7 +37,8 @@ creation_rules:
- *sj-vps-htz0 - *sj-vps-htz0
- *sj-srv1 - *sj-srv1
- *sj-bm-hostkey0 - *sj-bm-hostkey0
- *router0-nfmnk - *router0-ifog
- *router0-hosthatch
- path_regex: ^secrets/steveej-t14/.+$ - path_regex: ^secrets/steveej-t14/.+$
key_groups: key_groups:
- pgp: - pgp:
@ -75,12 +78,18 @@ creation_rules:
- *steveej - *steveej
age: age:
- *router0-dmz0 - *router0-dmz0
- path_regex: ^secrets/router0-nfmnk/.+$ - path_regex: ^secrets/router0-ifog/.+$
key_groups: key_groups:
- pgp: - pgp:
- *steveej - *steveej
age: age:
- *router0-nfmnk - *router0-ifog
- path_regex: ^secrets/router0-hosthatch/.+$
key_groups:
- pgp:
- *steveej
age:
- *router0-hosthatch
- path_regex: ^secrets/sj-vps-htz0/.+$ - path_regex: ^secrets/sj-vps-htz0/.+$
key_groups: key_groups:
- pgp: - pgp:

3
flake.nix
View file

@ -162,7 +162,8 @@
# "srv0-dmz0" # "srv0-dmz0"
# # "router0-dmz0" # # "router0-dmz0"
"router0-nfmnk" "router0-ifog"
"router0-hosthatch"
"sj-srv1" "sj-srv1"
"sj-bm-hostkey0" "sj-bm-hostkey0"

110
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -208,7 +208,7 @@ in {
vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange;
# lan.ipv4Addresses = ["192.168.0.0/16"]; # lan.ipv4Addresses = ["192.168.0.0/16"];
wan.interfaces = ["wan" "lan0"]; wan.interfaces = ["wan" "lan0"];
vpn.interfaces = ["wg0" "wg1"]; vpn.interfaces = ["wg0" "wg1" "wg2"];
} }
// //
# generate a zone for each vlan # generate a zone for each vlan
@ -367,11 +367,11 @@ in {
systemd.network = { systemd.network = {
wait-online.anyInterface = true; wait-online.anyInterface = true;
netdevs = let netdevs = let
router0-nmfk_wg0Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${
builtins.toString builtins.toString
repoFlake repoFlake
.nixosConfigurations .nixosConfigurations
.router0-nfmnk .router0-ifog
.config .config
.systemd .systemd
.network .network
@ -381,11 +381,11 @@ in {
.ListenPort .ListenPort
}"; }";
router0-nmfk_wg1Endpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ router0-ifog_wg1Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${
builtins.toString builtins.toString
repoFlake repoFlake
.nixosConfigurations .nixosConfigurations
.router0-nfmnk .router0-ifog
.config .config
.systemd .systemd
.network .network
@ -394,6 +394,20 @@ in {
.wireguardConfig .wireguardConfig
.ListenPort .ListenPort
}"; }";
router0-hosthatch_wg0Endpoint = "${repoFlake.colmena.router0-hosthatch.deployment.targetHost}:${
builtins.toString
repoFlake
.nixosConfigurations
.router0-hosthatch
.config
.systemd
.network
.netdevs
.wg0
.wireguardConfig
.ListenPort
}";
in in
{ {
# Create the bridge interface # Create the bridge interface
@ -442,7 +456,7 @@ in {
PersistentKeepalive = 15; PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path;
PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=";
Endpoint = router0-nmfk_wg0Endpoint; Endpoint = router0-ifog_wg0Endpoint;
}; };
} }
]; ];
@ -468,7 +482,43 @@ in {
PersistentKeepalive = 15; PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path;
PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=";
Endpoint = router0-nmfk_wg1Endpoint; Endpoint = router0-ifog_wg1Endpoint;
};
}
];
};
wg2 = {
enable = true;
netdevConfig = {
Name = "wg2";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path;
FirewallMark = 102;
};
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
# this allows all traffic to be routed through this interface
"0.0.0.0/0"
# # alternatively, specific destinations could be allowed
# # remote peer wg addr
# "10.0.0.0/32"
# "1.1.1.1/32"
# # ifconfig.co.
# "172.67.168.106"
# "104.21.54.91"
];
PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path;
PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=";
Endpoint = router0-hosthatch_wg0Endpoint;
}; };
} }
]; ];
@ -513,6 +563,21 @@ in {
# ip rule add fwmark 101 priority 0 table 101 # ip rule add fwmark 101 priority 0 table 101
# ip rule add fwmark 101 priority 1 prohibit # ip rule add fwmark 101 priority 1 prohibit
routingPolicyRules = [ routingPolicyRules = [
{
routingPolicyRuleConfig = {
FirewallMark = 100;
Priority = 30000;
Table = 100;
};
}
{
routingPolicyRuleConfig = {
FirewallMark = 100;
Priority = 30001;
Table = 100;
Type = "prohibit";
};
}
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = 101; FirewallMark = 101;
@ -530,16 +595,16 @@ in {
} }
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = 100; FirewallMark = 102;
Priority = 30000; Priority = 30000;
Table = 100; Table = 102;
}; };
} }
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = 100; FirewallMark = 102;
Priority = 30001; Priority = 30001;
Table = 100; Table = 102;
Type = "prohibit"; Type = "prohibit";
}; };
} }
@ -596,6 +661,12 @@ in {
Table = 100; Table = 100;
}; };
} }
{
routeConfig = {
Gateway = "_dhcp4";
Table = 102;
};
}
]; ];
}; };
@ -696,7 +767,8 @@ in {
routes = [ routes = [
{ {
routeConfig = { routeConfig = {
Destination = "185.143.101.42/32"; # test the set uprouting to a specific IP
Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32";
MultiPathRoute = "10.0.0.0 1"; MultiPathRoute = "10.0.0.0 1";
}; };
} }
@ -711,12 +783,24 @@ in {
routes = [ routes = [
{ {
routeConfig = { routeConfig = {
Destination = "185.143.101.42/32"; Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32";
MultiPathRoute = "10.0.0.2 1"; MultiPathRoute = "10.0.0.2 1";
}; };
} }
]; ];
}; };
"50-wg2" = {
enable = true;
matchConfig.Name = "wg2";
address = [
"10.0.1.1/31"
];
routes = [
# TODO: add a testing route here
];
};
} }
# configuration for the hostapd dynamic interfaces # configuration for the hostapd dynamic interfaces
# * netdev type vlan # * netdev type vlan

340
nix/os/devices/router0-hosthatch/configuration.nix Normal file
View file

@ -0,0 +1,340 @@
{
repoFlake,
pkgs,
lib,
config,
nodeFlake,
nodeName,
localDomainName,
system,
variables,
...
}: {
system.stateVersion = "24.05";
imports = [
nodeFlake.inputs.disko.nixosModules.disko
nodeFlake.inputs.srvos.nixosModules.mixins-terminfo
repoFlake.inputs.sops-nix.nixosModules.sops
../../snippets/nix-settings.nix
../../profiles/common/user.nix
nodeFlake.inputs.nixos-nftables-firewall.nixosModules.default
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
users.commonUsers = {
enable = true;
enableNonRoot = false;
rootPasswordFile = config.sops.secrets.passwords-root.path;
};
# sops.age.keyFile = "/etc/age.key";
# sops.age.sshKeyPaths = [];
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.secrets.passwords-root.neededForUsers = true;
}
# TODO: extract this into single-disk VM BIOS module
{
boot.loader.systemd-boot.enable = false;
boot.loader.grub.efiSupport = false;
# forcing seems required or else there's an error about duplicated devices
boot.loader.grub.devices = lib.mkForce ["/dev/vda"];
disko.devices.disk.vda = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
subvolumes = {
# Subvolume name is different from mountpoint
"/rootfs" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["noatime"];
mountpoint = "/nix";
};
"/boot" = {
mountpoint = "/boot";
};
};
};
};
};
};
};
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_scsi"
"virtio_net"
"virtio_pci"
"virtio_ring"
"virtio"
"scsi_mod"
"virtio_blk"
"virtio_ring"
"ata_piix"
"pata_acpi"
"ata_generic"
];
}
];
# sops.secrets.ssh_host_ed25519_key = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_ed25519_key";
# mode = "0600";
# };
# sops.secrets.ssh_host_ed25519_key_pub = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_ed25519_key.pub";
# mode = "0600";
# };
# sops.secrets.ssh_host_rsa_key = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_rsa_key";
# mode = "0600";
# };
# sops.secrets.ssh_host_rsa_key_pub = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_rsa_key.pub";
# mode = "0644";
# };
boot = {
kernel = {
sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
};
};
networking = {
hostName = nodeName;
useNetworkd = true;
useDHCP = true;
usePredictableInterfaceNames = false;
interfaces.eth0.ipv4.addresses = [
{
address = variables.ipv4;
prefixLength = variables.ipv4length;
}
];
defaultGateway = {
interface = "eth0";
address = variables.ipv4gateway;
};
nameservers = [
variables.ipv4dns
];
# these will be configured via nftables
nat.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;
# Use the nftables firewall instead of the base nixos scripted rules.
# This flake provides a similar utility to the base nixos scripting.
# https://github.com/thelegy/nixos-nftables-firewall/tree/main
nftables = {
enable = true;
firewall = {
enable = true;
snippets.nnf-common.enable = true;
zones.wan = {
interfaces = ["eth0"];
};
zones.vpn = {
interfaces = ["wg0" "wg1"];
};
rules = {
to-fw = {
from = "all";
to = ["fw"];
verdict = "drop";
allowedTCPPorts = [
22
5201
];
allowedUDPPorts = [
22
5201
config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort
config.systemd.network.netdevs.wg1.wireguardConfig.ListenPort
];
};
vpn-to-wan-nat = {
from = ["vpn"];
to = ["wan"];
masquerade = true;
verdict = "accept";
};
};
};
};
};
sops.secrets.wg0-privatekey = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg0-peer0-psk = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg1-privatekey = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg1-peer0-psk = {
mode = "440";
group = "systemd-network";
};
systemd.network.enable = true;
systemd.network.netdevs.wg0 = {
enable = true;
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 51820;
# PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=
PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
"10.0.1.1/32"
"192.168.0.0/16"
];
PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path;
PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04=";
};
}
];
};
systemd.network.netdevs.wg1 = {
enable = true;
netdevConfig = {
Name = "wg1";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 51821;
# PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=
PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
"10.0.1.3/31"
"192.168.0.0/16"
];
PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path;
PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4=";
};
}
];
};
systemd.network.networks.wg0 = {
enable = true;
matchConfig.Name = "wg0";
address = [
"10.0.1.0/31"
];
routes = [
{
routeConfig = {
Destination = "192.168.0.0/16";
MultiPathRoute = "10.0.1.1 1";
};
}
];
};
systemd.network.networks.wg1 = {
enable = true;
matchConfig.Name = "wg1";
address = [
"10.0.1.2/31"
];
routes = [
{
routeConfig = {
Destination = "192.168.0.0/16";
MultiPathRoute = "10.0.1.3 1";
};
}
];
};
environment.systemPackages = [
pkgs.ethtool
pkgs.neovim
pkgs.tmux
pkgs.wireguard-tools
pkgs.tshark
(pkgs.writeShellScriptBin "dbg-ip" ''
echo links:
ip -br -c l
echo
echo addresses:
ip -br -c a
echo
echo vlans:
bridge -c vlan
'')
(pkgs.writeShellScriptBin "dbg-dnsmasq" ''
# get the rendered in-use config
pgrep -a dnsmasq | grep -Eo '[^ ]*conf' | xargs cat | grep -Eo '[^=]*conf' | xargs cat
'')
];
}

2
nix/os/devices/router0-nfmnk/default.nix → nix/os/devices/router0-hosthatch/default.nix
View file

@ -8,7 +8,7 @@
variables = import ./variables.crypt.nix; variables = import ./variables.crypt.nix;
in { in {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system variables;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system};
}; };

30
nix/os/devices/router0-nfmnk/flake.lock → nix/os/devices/router0-hosthatch/flake.lock generated
View file

@ -28,11 +28,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717177033, "lastModified": 1717915259,
"narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", "narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", "rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -48,11 +48,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716736833, "lastModified": 1717527182,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "rev": "845a5c4c073f74105022533907703441e0464bc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,11 +85,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1717144377, "lastModified": 1717696253,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547", "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,11 +101,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1716948383, "lastModified": 1717786204,
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "rev": "051f920625ab5aabe37c920346e3e69d7d34400e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -132,11 +132,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717058062, "lastModified": 1717807544,
"narHash": "sha256-R8Gb2MlJzfBE76DVWFmfZWODMdAanqxFnK+OOmkoQ7E=", "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=",
"owner": "numtide", "owner": "numtide",
"repo": "srvos", "repo": "srvos",
"rev": "414d1039a58b667e4512ad9f7068aa935ebf8d59", "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6",
"type": "github" "type": "github"
}, },
"original": { "original": {

0
nix/os/devices/router0-nfmnk/flake.nix → nix/os/devices/router0-hosthatch/flake.nix
View file

BIN
nix/os/devices/router0-hosthatch/variables.crypt.nix Normal file
View file

Binary file not shown.

25
nix/os/devices/router0-nfmnk/configuration.nix → nix/os/devices/router0-ifog/configuration.nix
View file

@ -7,6 +7,7 @@
nodeName, nodeName,
localDomainName, localDomainName,
system, system,
variables,
... ...
}: { }: {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -32,8 +33,8 @@
rootPasswordFile = config.sops.secrets.passwords-root.path; rootPasswordFile = config.sops.secrets.passwords-root.path;
}; };
sops.age.keyFile = "/etc/age.key"; # sops.age.keyFile = "/etc/age.key";
sops.age.sshKeyPaths = []; # sops.age.sshKeyPaths = [];
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml"; sops.defaultSopsFormat = "yaml";
@ -47,10 +48,10 @@
boot.loader.grub.efiSupport = false; boot.loader.grub.efiSupport = false;
# forcing seems required or else there's an error about duplicated devices # forcing seems required or else there's an error about duplicated devices
boot.loader.grub.devices = lib.mkForce ["/dev/sda"]; boot.loader.grub.devices = lib.mkForce ["/dev/vda"];
disko.devices.disk.sda = { disko.devices.disk.vda = {
device = "/dev/sda"; device = "/dev/vda";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";
@ -145,6 +146,20 @@
useDHCP = true; useDHCP = true;
usePredictableInterfaceNames = false; usePredictableInterfaceNames = false;
interfaces.eth0.ipv4.addresses = [
{
address = variables.ipv4;
prefixLength = variables.ipv4length;
}
];
defaultGateway = {
interface = "eth0";
address = variables.ipv4gateway;
};
nameservers = [
variables.ipv4dns
];
# these will be configured via nftables # these will be configured via nftables
nat.enable = lib.mkForce false; nat.enable = lib.mkForce false;
firewall.enable = lib.mkForce false; firewall.enable = lib.mkForce false;

34
nix/os/devices/router0-ifog/default.nix Normal file
View file

@ -0,0 +1,34 @@
{
system ? "x86_64-linux",
nodeName,
repoFlake,
nodeFlake,
...
}: let
variables = import ./variables.crypt.nix;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system variables;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = variables.ipv4;
deployment.replaceUnknownProfiles = true;
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
./configuration.nix
];
networking.hostName = nodeName;
};
}

BIN
nix/os/devices/router0-ifog/variables.crypt.nix Normal file
View file

Binary file not shown.

BIN
nix/os/devices/router0-nfmnk/variables.crypt.nix
View file

Binary file not shown.

8
secrets/router0-dmz0/secrets.yaml
View file

@ -5,7 +5,9 @@ ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDuk
ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str]
ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str]
ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str] ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str]
wlan0_saePasswordsFile: ENC[AES256_GCM,data:ylY1LwMYlHdvYIVPIIr65BuxkW/BHCikkbGO5nNSU9WVekWiDXNIt2EQ2sYcdqnvZMGvcG0G4SQvCwpNO8ihh/RqcLYpTxldI8zwSqAwvATu7prV8l2bCvBQ+NXZ3yAW,iv:L6ncjd0u316gF/3InI7cuqO1kDpH7ahWGcsssYfb2YU=,tag:IAqt8vSDjW3OasOTJ44PeQ==,type:str] #ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment]
#ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment]
#ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment]
wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str] wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str]
wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str]
wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str]
@ -28,8 +30,8 @@ sops:
THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv
J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-25T19:21:30Z" lastmodified: "2024-06-12T19:21:06Z"
mac: ENC[AES256_GCM,data:TulnMjElIqQOgimCrMRk5kIXYED8GvnTQeefoeTCpgndl9fbraPjB5O4VMPJkotgWDSn4DF7QTUSarVB/6Th87xe08RxdOAW1maj5i3ZlMeKoGOHGNp3nVEpaaC455qtW9ZfXW1gxoG+HRBtsFJe3ZYV2gban+ByDVwiEdr501w=,iv:LQVUB+LE0xSBznHayhEGKXvJsz0r9Y3iDhS6JGx2paA=,tag:QR2Fh+GqOiLb4j2xKE3E7g==,type:str] mac: ENC[AES256_GCM,data:42wdJ1DCSnoBjzbKDMqYJgraQxYpsdIJ/TylLnQA93iX4YojA25b3McAIPFDxgu8jg8/nwyXVLRVlkI6ZKuRxi12K3BPrQfMvNqmBa4/SYvvMD7ywiMB7+k72ebx+ulRmj2TDz9f8koVVkD7crAgM/eIGOm3CbfwXqK0t5w2sm0=,iv:5QaQZCjacNBlgx4Q/RjRbXtvz5KzP/W1tUrtySJC1t0=,tag:4sb9lJkg56/L/gQZ192GEw==,type:str]
pgp: pgp:
- created_at: "2023-08-11T16:15:11Z" - created_at: "2023-08-11T16:15:11Z"
enc: |- enc: |-

43
secrets/router0-hosthatch/secrets.yaml Normal file
View file

@ -0,0 +1,43 @@
#ENC[AES256_GCM,data:62US77UkclVlR3klMH6P/oYC006vFa6DEVgvmemMFh6INuw95NyRwJaiMs4EGaNFuX+jkfBbtlm0MQK73rXfGxg=,iv:UALT0vebke8KDPdroZnC3rSUCB0CmlX9dfbLqNAlJ7Y=,tag:iKxAWDTdUZDBD0PWfomeWQ==,type:comment]
passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/UdybLU+1t/VRo+KPLYRPpXQBbsBaHVa/XOiOqLK9dPDHuVZBavnTTMC3Yg==,iv:pqjtzPH+T8CLJsJusi5CpVklPUAnioIoTjBXAR3y620=,tag:vrGzZlRX1TJ5b6Wxt29V+Q==,type:str]
wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str]
wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str]
wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str]
wg1-privatekey: ENC[AES256_GCM,data:dcD5isfYT+diae7tS6OSEQiqEkrpUxw0io8EqaSUaaFxKf2RAqSqxEXkhzU=,iv:HVB+uJG0SwxH3gbSpyZJZnzadVK2MYWvaZ3t7vPXn3E=,tag:/q7hgBA45Hq3446w83ConA==,type:str]
wg1-publickey: ENC[AES256_GCM,data:08fRjmGysmgGwXgwGqtMmO4iMWNIOucRnD7l4qaCh1hVWAk2BbO3OcHw010=,iv:PfKUVRyjEVT2BBUCmruR026n/P2kT2Papq46DOFq3rE=,tag:AhyI1yHdEucmQEo6iHnznQ==,type:str]
wg1-peer0-psk: ENC[AES256_GCM,data:zlQv7B2Xm+QUzevsYDD2ckIp3PdEAOSEPv6UKYLKRUGWXKE9eLhC1dNq5t8=,iv:kehiDKfew68S2pfRFq5OyTm+Ixo05uiAiHDg30xhP4Y=,tag:0GSr1d26ALehewMF5b6woQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRzJxaGJVclFwZE9ZT3BP
OHNEaVg5ZVl0Nm9YTWo3Q1lmSEw5dnRoRVY0CkpCeWxXU0RybU45Y3RvVkxJYkEv
TjJsb3AyNVR6QmJVbnJsZzE3S0VmQjgKLS0tIHVHSTZVOHc4R0E1TWNETWNlWEty
czc2YUdudGdnVlZteXBmaHZaV1NWbGcK6jWSkOEBYN+1HQ+IZdBKknYo96Aydp/s
+hK8V6qEyCkAqWLYEnZ5ErMEc8OcOyYCQnYyCb10SWJvye+uyX8SZg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-09T14:08:09Z"
mac: ENC[AES256_GCM,data:nCwAca0MktoxUb0W+1B7+4UP5IOG4cuj2BhJBxjDV4gjYBSKYJs5gSdYytjOpu76ePXSUHgyiPH0Joe5ESubaUN4zPIWMLpkEk6WjXnmXRTY8B5ZZ+AVR2lxNi7UtiCyx0yjAVZFxuk33MmKR2yXMLEqE6U/70fccJlY+dbTaVU=,iv:QTafba+auq3Zv/xoBzHmnIMmfDAynqApAcr/T0Uh/2g=,tag:RREUDKF4Kruy0AEFDqSVuw==,type:str]
pgp:
- created_at: "2024-06-09T14:07:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQgAkYv+dSMKF647ApqeslZpv22LmhdphDTSQjaRJdIK4gM4
kv4aJ4L0K/fDqKtsbszbAnuratJnOxnhGaydTX5Ob9tb5QbFfmC2C4OED6hB/enu
hsP9BpsA945Keqf27NyXgxnLDVr6OXcpZqWZbYqHmWDx+BHrw500hgFb91ejzf3c
6KF2Rrp4PsUl58D6LcSFxfqcna7l2+Ptx+k2vfInSkyPit/5tjry8SyBbUFWPwz2
gVj9MN0bLCMqhToFh532GSDmnxNd8d1Sb8G1riJ4JaTHStV3s6KebF90ws3FtC5n
y0f/BbjkSqEqNIKFplPZ4Cx6O7WsXbH1hU1Dgba9G9JeAYVAFyi+OnCV49ugZ93p
uwGhpXmP6RbGVT6JB/beAdUToTdP0EfdVE4LlxkssEFd8HHzO8kD2u7k7glkDEq7
Ox1QlDrMuz0zRE6D5B4DwXrWvAOw/TjvydWjyS6HCg==
=5YRC
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1

32
secrets/router0-nfmnk/secrets.yaml → secrets/router0-ifog/secrets.yaml
View file

@ -14,31 +14,31 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TmJFN2pLczE2eXg1bUZv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNmRsNDJRbHZmS3JmOVht
dXlmV2hzWHI1dkdHcnk3S0FaU1N5d3RlSnlzCmxObnZqKzFhLzloVWxxSmRPVEJD c1kyKzBXdGxkQXErQlhXUzBmMm12eXNCVlVVCm9KUCtZeWJWYWVJUFhYRUlLVDdD
ZUJlUi9lL2NkNFJESkZiM0Q2Tk00MEUKLS0tIEthd3FZeXNJbzBuU01EMGxUY0VW Nk9Wdk5WeXl2ZGNybGxnZWtGR2thTDgKLS0tIEovQnU0bzRCdEp6RnVvZCtUTlFL
cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z dFBOcE9leDQrYzVQNUpLZzJBYlBYaE0KyKVh0VDpbA2eIh9d+KhCYKjbl4fHPt07
X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A== fVbbDEz67bWNjaH6Yg6xlNQIhv9prUK2isckVizpUANmOKxPJ2ia2Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-26T17:23:41Z" lastmodified: "2024-05-26T17:23:41Z"
mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str] mac: ENC[AES256_GCM,data:Ez/79vUHs+9B/v2qlUiPQeuYHRdvjUg1jJOt3C6xEnncDQ2fH0CUxKEIfjgJR7eatwvZSznprv2wCD8Ik0SKunjRI1UGe5JmrVstqoSDbo+MxpdwrqA8zC5unpRUYenvyo9m8ZW/DnjKz0ArorYjA9vid878MdemkHtSjjZzik8=,iv:2CkmPRjYYt7q7HAdEjIbJHaSUG6Yr92pEkk+Dd3E7LE=,tag:S8LPb0mEjRZQqawX310SOg==,type:str]
pgp: pgp:
- created_at: "2024-05-25T18:38:40Z" - created_at: "2024-06-08T18:36:55Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQf/YU2onj7KSmYwuZUOVjSKcLEC5H73eRR6qAms5vlHoIot hQEMA0SHG/zF3227AQf/VntYsys2fb7NslwBbEwQ4VYh8OOWtCGhqbVw045QflFD
SDlMdcYsoz3nStqb0QTEACmChYy1ZpwCSqkVsPzyhQNlu9xuUiZU2VUV2M7umLjU 2hS1cT85MDNTwPnnDW4NYbf3UEIq12eXVDFR8+4S4mMun68OmxEf3UhSB6k2cDgh
EL2hbVD/tdPhf4hb1sHWfHWYaIb9nZ++Y0Gnl+6fKcZMPRL1t1FCAv77Wh7qocKh iwM6HdAh13cC4UfYBpEq/NTr9omdoXPrcjQNYxqm8OBRNf1126L5XmQ4NT2Lg8Yw
RI5EkhSOm0O0Yv17F42bG2xMEP+Bkjd/76fvZeic7q7MF9gt08Mzs/pDnvxjYYP6 2HcDIxrl9vX1X8OYd7fwc7TIJpVYCmG2UhVrz+gS4q51s1hi1t1BZdeUhU9RpSdZ
nrR2zlbiCEhZBpbWNexlqWbl8TXpZq/HIkaDrplJExp78XQETSi8YCqIPhbD11NU Mu2HlB68t597wAXOB88K+zJG4+uUQrpz9V2Xd/lfzFIeQtwLcA/NdoZs+AMEQE+j
aKD7XwAtcGJqzaQNHpo0dcgGC/ZlBM2JFuT3f1FhOdJcAbor1d3CVA2sUOMUfCB1 wa5FPI08uF68KbwzXYCq2NEPKA4SX9UzlirJjdAukdJeAfqO5woWkuDHmDj+nDDS
eKqJaNsiS5lYmtVlEsRu3YISNP/b8byLihoEliQSq/CA6Du9ya/ffqAuErh/biEv fSwL7mVNd43h9uO3PXi7j8kj32dwLcBSjkeuN1+gaTBLixzzp0drLTD1DkeY8kBS
03KS+MO49uxXvER3XU0SFEYT+ecWPbNfllMGJJk= ROvWaNhXsrm+uB9d8aaznqfWS9C+3PE5fY9untPIUA==
=/YnW =f2HS
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

131
secrets/shared-users.yaml
View file

@ -16,109 +16,118 @@ sops:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djVXd2MvMGx5c2RMd1dM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WWlBR1NxR3dFZzl5U2tQ
SkFVL3VUeksyRjZmTkNKZWl6Y2N1M2NWZldrCkpzYy9aMTRzSGU3SlJLUGszUWI5 UDVmL0VTZ3hISDIzei9GYnVUSnZ5cmFHVUJnCkQ4dEd1bmR6b0N6VFVqNmVsOG9o
NnZDb21MMmd6Rk1iaW4vMDROcS9MQXMKLS0tIHQ4S2FqdFRPNlFJcmtnNkVIazdS b3hZalkyMXJaWEpxRlhRSWc2V09HT0UKLS0tIGJRc0lCTk9md0xDMlB3U1JMWDM2
OS9oNTdjQ29YamgrUlZ4N1JtUExuQlUKPsFIiNz0jxcA91+i6WeSTchO8F/9WjWO VmpLVXdFcG1wZ2pJTFc1NnphalVxV28KAY9l6szySiyYEwsdyVkngwUo7NhkZcQv
SgGsoRYKCXIXmIunib19LqI3DW4yE5YoLsvh6UMhFcKsqKObhf91IA== u46mxDco2mx6oAN+xhSWOwcUl6n8VR8p/voS/eA0uibNAN0myfoJ1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcjFscitrdTJQVFlUbDQ4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUW54c2VvWWVjeWNRMWlt
SEZFb2IzYzc2TDV0ZHV3RFJPekhvYnFFM0JNClE4U1hLaWtKaFA0anMzVWhra3F0 U1M3TnBod1RVTC9Fc0IwdGs1UGREM0VKVlZnClhUVHpVTzBEL1lpN1BuTzJ3bVNO
d0NjcmRuUkU3bktBbDR0ZFZBQ3RGaXcKLS0tIEgzamVrdnBrYzdmOVQ5cTI4ZVAx aU5oMENnbCtuYVJNLzJJT0RENVNQTEkKLS0tIGRIaWpSWVlvZmllcjNoUzVhdnlK
TVdNMHQ5dCtJN1QrN1d4SkFIVHRQQlUKDAXRh+T7ds0k5qNMjYzhlXKIka42EwXF RUIzMW5vMlFRUWgrTmhxaFJIODFPOVkKdK4ztFlYPv2pu1dGElvIVhPMM3nntV3u
eQLAeqPkggpJy/N5B4Ia0k/QwBm9TXRgyE8hqf/GMnX0D0oW4CT2ig== I4iAVNDmTvLkIkogqpr05efuH5C0e53P4t+JwjysEjk7Lh7UQuqBZw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OVJzamVZTGhmSk1MQTMx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTFZJTldobVg2a3hrMUZT
ckJOSUtpcU9wOGphV0QvSVh0VkFEc2RldEFZCnhQL3JVWmprQ1RJYlJwNHdvYVI0 aVp5YjlRREtzUCtRSUpFSkJNUEZBaU5NbERZCmJBeGZHbFl4dVVqcS8raHh3OW1J
YTFLeFprTUJ0dENEQWxhMWg1eHVKZVUKLS0tIC84RzNaOUVMWjhMdGM0RVl5Wk5m b0p3ZDZNbUR1OThtSmMzZWVHZy9OTWcKLS0tIER2d0hGdEJCV05nY0hMcHMzV0tX
c2ExOXJBdE5pY2g0MXlxbHJTekNjQXcK/P3Q2oxcS10nETrUKBbHRK946MPNtn18 YWlFUDNndFc1eitnbXpuWi9WbExKUGcKwV+QGI33JB0bE1XpQdjsxMs8E2jpjzu6
MbkiVGUy4LFVQWv4Zeg0QtXg/vY7ToEAB0sSZq9zgFrorhaaTWoZ3g== Ex0XRInsP6YjH+yJu8mMGh92rroKNxoSZ3Ku/JLlTFxreFUwwW0iKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHkvcEdNdnhhVEZBNVBY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRFF4dEd6ZGs0dWpwT3V1
akpUdkgyTm44Zm1XclBrbG1tUzBQMHlBZUNvCndlVjRKOVczYUZBeWpacHQ4OTJC QTZBM094RU42YVFLWUpuYjZOelNtTkwyVHpjCnlzNGxkRHRhYktXbGltT09tQ2J0
T1pvdFQ2MExKNnBoQ1ZRb3RQeW1NeDAKLS0tIDBQT28yTzVoZ0h5SVlESVNoYXR2 cjRjc0Z6d0lVOHA0Rmg0RTllYUhoaGcKLS0tIDkzVk9uc0ZqS0N6d0VqVjhrbkkv
aU5mMWloSmpSalVhR0RWRGpTTmdHbG8KG2kC5cgaGluNtQti1WdfJFNg5ZICDIxn eW9vMHBsYXZZMkRnK05BRFlCREpQeUkKYmA5u+zcuBd5hE0wSkq0/n7T+h/BqXlm
Zp9amoUvT19cb1pjV5l7P8+EKg15+4BY9eGAB74yzR/R675YhRhygw== PPZNYMNeVwdQx+vcedpi+eZ83bm73KBEcRn2B7fyrrQdjj7sSK+afQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkE3OFFQTXFpWWlZRHhS YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQd2d5U2tyeDE5Y1dnR0Nh
Y2xKa0tkZTEwU09xaHd5R2NqYnFlanRlRkhzCnV5QUZ1QUxkcHpWMUtXNkdJakx3 djF0S1AzTDJaZU9HdTVEd1MwQ0tnUlNTUFRFCk1BVHdzM2k4S0lZYlo0SGNJSXUz
cTluR045QTZJSldDdjhhTFNOSmhIbDQKLS0tIEFDdnQ0RDlERTUrb1dWSW9OcmVW enVOQ1BDdVcwTVA0NDQyM1JZQzJJZ28KLS0tIGJYdDA3TDRzdUMvV21nL0FhY0U4
Tk8xZEVPS1gyWGZUckZrdFFpbmlEUmcKWSqJ5bJ/vY79y9CA7KSvg8+I5nyP8PmZ WmpmS1p0dVUyN01NM0JlLzZXdEVIeDgKk0TG9dNInrDCYPQ3gP8y4Q0ELS0JYbqb
/EZEFld4gx3nQ+A9nWTU+WCL7vouZWO47AEraEkMu2I5Y4XprarcRw== wBY7bTcD8INyFESQE33taajmzCtgP4Cw/9M6XHUBWYPuxiFgwGLLhQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbGJQSVRCZnVHVzNuSkRV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaDFjVlpWdVViVjBNcGhy
K2JMc2xjQmk5SlRoV2QwakNmRmtBK3duaWhrCkIrQ3pHdUtRYVpQVWdpZEpSZkw0 cldxYUl1dzZkL1JYTDkyMkRGMWJZbHhDZmowCmtQV05XOGpGbFBZWDFaZGloY1R4
OGpCVEZjZVBjQnoxRThOTG5XREFrcWsKLS0tIFlMWGF0WU1IcHRva0laSmpkZHpG eG5VOGwrVTIvVmxtRzdtVUpZVmpyOU0KLS0tIGFqeEFIUUFwM3c5cVpuU2RxTmVS
LzlYaEpvSnlLM1psVkgxQ2lTM0tmMWcKlbgNVUxycS0OlBnMhQTHIQG6ymXvewJP eHNvazBsSTljcWN4cHVobUU3cllSVGcKmAP+IXlvZwNt8f+OuhYKZCB/c5+20yfG
byY+qCJBzU1Nc3XuLhng9NkwH/E7YCrjC9ExSYMhwJmlT9k5T1mG/g== 93BSrSZgw0mc8qSeS5pK5WMICRG+IGNEPgDg0f43icgaogL/rwaFmQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTXdJajRyRlNvdGIxYTJn YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSG5qbnVFbGM4dndlUkto
NGFJN1pqRmtadDc5amhBTVNnQkRiZ3A2UVUwCmltVnhrWVJRL09qM2RqbEJKUmVu UE9Jc0Y5YjQ0QXJqWVd0Umo5UVNjY1kwTlQwCjdQaEMxY0VncmlrTHM3WWo2cWJh
STkzYzlhRld4emtrbTJsWFQ4VkdCcVEKLS0tIEVVcVRDWU9HK2s3OERBUmFFN1NF Y0J3MHkxZHZyOGRxWHA1cktCWFR1dTQKLS0tIHZFb0diQllCQ0wwUjdGeHNDeGlD
L0RwTm9qUXBTYWlra2JXM3hsc2NUNVUKUFgLswYYPZJMn0TcvSFnjfR4NAwdYjAO NitOWm5CeWRrc0dyTUFYdTdtUjI3TXMK/7IyFuIPWOZHpWz32Ds1nTQYEKFCthSz
p4ZmxLaXFWY4E4lnsg2Ka8BUc7C8IXZprj0Qh1o3K4v0LXsSrmfKag== d3N60YmYevNGWrMgOEcsg3LoAq8aOtWWj5bHVDKXMSniAf4sN0MWUg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsU2ttUWJ5UkdWNzFkb2du YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJajkzVTFVYjFEUE1WVVZ5
cTl2VkVmVGVzTUxlTm5jSkZUL1F5SzIvQlFRCnY1WnFWc2RMRnhOWlI2aGU4ZW5C dW04VmZraFlXL0xnMVYyN0lhbHJxQ1IreXlRCmkvNXZDeTJLOG11bXN1ZzFFeVNE
STU1K0V3WS9JdDU2dWE3QVA4bE4vWVEKLS0tIGJWR3NxZEcxak5hME5hQVJiOW8y RVpCb3gvaElVZ2FKRCtGVDlBalY3dTQKLS0tIE5hUG5BUnNnejJBS1lOQ0FRcDRx
RFlXc0pOdVdNQ0lxR1JMNXpEdU9rQlkKZmZ/FUX3k7KrzXnyFBkpRE2DsJCC5O/Q endRb0VjcmVrbSsxOHlwL0M1MFFLR2cK8melHXX8FyxCKYlY1VEeZ8YX55KwsLQn
3KkMqWsR/93N+ujs8DhDv49sNFmdYLzexpNEsDbXour5FwvB/0scIA== UTpCRodnPPh0Q0RaNyjvlQPbyW1V6fjoPPsLyYc3SyqyuNWKkpv41Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnNiYkpqaCtySGdIU295 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QU1Zc1lhT0JkZk9vdlZN
NkdjRGE4SHpVY2pXR1Q5TzloRVViYk5yRDFnCjFpbHE2RDg1RGZzdVZOdzlJSEVD UnphdTR3UEdsUUVBbVZkS2NFVC95Q3QrcFVJCmJZYWJKY3dOYys2SGViQ1RPYXZJ
bUcvMUc0ZTJZZktsMVNkenR2RUl0NEEKLS0tIDR1Ym9OcFZFWk82ZXA4NWhxZ08w NEc1RFNJTEFJMDY4eWtzUUxTUm5NYVkKLS0tIEIxOTIwUXAwcHhrQ3RHWjNkRjRx
L3lPZmd2TTBuZkkrOEtWYXBHNnppTGsKn6ez/ALZ/6oYs+rGghSij8iobHNVsmDX NGJPWkNMd3g5TkR5SHVjeXlDNDg4MkEKaunoz1UUX7jVGtRCZtEa3qFNUH7iuo+S
Pg7yRSSBNUMSR4Dr3a/nGDuFEhLzTd/DyWSMAqnvo3kdETc0DB6tuQ== RcmWF3p7VUoKEau9F0Wvp5FtbySZQ59vwjMUnuTXagd6RecncaR0Ww==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 - recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR293bFZZT2tnRk8xeUJM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeVJWMS9SU2pvWGdZaU5h
N1V4UWxHSDNsdldXdENpY0ZtSTc3dlNnQ0ZnCnFvWDhzS0xoSjhyZ0dwUGlQYnFm WUFxeE9OUTRFcnFLd3d4OEVZWHNpNFlEbFhrCnk1bGhSZ0piWlpGR2tpV2dIQlNP
WGdiVzBhZmJ6OEZCTXJ6MzhTVC9CbE0KLS0tIEhPNU9NTHFIT05jN2ZnL3doUHBj em4xNEFBU1F0SEFhRnNva3phMnBPZTgKLS0tIFVkcFZKbjRvWFdVd1VDMkhRUHRy
VHpucmdFbU8rZ3VHYTNNZG5VUXp0aTgKYY/Zq+Rpeql+opkVFLubXdFi/abWeeSu ZjB3WlhmUDE2WHNEL1I0dWpKdkNybWcKXTmTurT3N3X1RLSZ+xbGEnafZ9Y8FEg/
1LPMEFezGuuMnRDQlWrNAd6mR1yDW1T62md/wAH5O2quinVO5kKOjA== pcGVHWj4eZ6bWKwEYiRRxcxlEC5ZRsEuunhULU3GajChYv4wz+xXqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TGIzZVYvZGxIUENyRWJ4
blh0Ym5WZEhSeVp0S3RvRUhjcGtoVVpBSzFBClgvQnN5NGo5Z21vZmM4UTJhRy9F
cmtTajRmRmlZMjBYcjFraEo1OHUzYVEKLS0tIHlQeTZlclF4V1FmaERDUjJJZ2Q5
UldneUZ6b1g2WG9kd0dHR2JXYVN0Uk0KAdEYkEL++Ge/YKPOHNUNETVxpH9vyfaA
MN5uPQWLp0+Tt9/jFOhc8S5P320me+2k+yKp/cPEcSuvNzipS63FYg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T20:14:22Z" lastmodified: "2023-07-06T20:14:22Z"
mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str]
pgp: pgp:
- created_at: "2024-05-25T18:40:21Z" - created_at: "2024-06-09T14:07:43Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQf+OkqA8iyYdOxo+43xpHvS9flq9TGucdzI+jldU0M7usG1 hQEMA0SHG/zF3227AQf9Giz/3hRC91WPtMzoR7MVPQWmiOQDtPcqUMVRoNn4Sq68
9lh51h7gY6p4xtX+yt5+7bzqaNYQtXlG/WvnK/9E9df4vLiAUmKbUM3jN2OhgHzm zdCU4MAUBkQ2ZsrCMn5ITcVzEYsSRqegqAZX0cVL7/4KYi2QK8qh0WTR78cqO3za
8/WM7yez27EEqdKuipWG7NEGwCHHCEdN33m1BJ+nt7bKJ56yiNbg5TcaJhmZrirv GFtmWRG5m7jchreK39cqOJETui7zY832UMqLSeNw8ZSZb3SGZDZf6690iSldJrmi
qiFmDKV1jJ80o+vRz6oaSYYh6YYOuEUkOufidJKQfSJCsC3xbPqwcJYfmAGNm2j5 Ty9jKdhjo8Kahap3uyoODB89JmsJFuR5V9emmB0XHhQfwAgltntScHICwQqoUIcQ
A/m0N4QVNW/vxO2cEKv4e0RXqQc3BsycGu7TBAZr4QbX9o1zPY82uvCWYNbGq9x4 qIP93AJ1TYVq1yuTFbTut1aX6Xgue8rtiPF9bqrITQlDsoCNhztNrohRrp8wYtj2
sgrXoXzBoGocPlEyaTaoD73zdx4di2qcnmWkIt5o29JcAW5w0g10kmuZfKfX8utm KG0j9QwXFaU4eaVo1xgxBlD2B0xjSrysHGMGmJ75ytJcAXKrpus95u5aVTB9orDI
L2wQ0gODvXHul5pBNt3Hgei+C8SMtfg3HPHjYK0F3iXt+KoIYDcl/NOWZmRuOD6F fZRyy34XmZaaMhr+n/EsmGP3EDQyO4AFu2Ht+yqrCUSo4Ia7gq1H297xunmztvB+
l9iXEDrVmkcjRXNshHtQgxYSi+WSs3LiNMqU244= jASXZF42ip0Svfs5fqDQ0JBT4Skvk1VXI3McUGk=
=d1S1 =lXHq
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted