From 4cb8e6df29161c5ac982c16889926f3a16666b06 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 6 Jul 2023 22:42:24 +0200 Subject: [PATCH] feat: init srv0-dmz0 --- .sops.yaml | 5 +- Justfile | 4 +- flake.lock | 103 ++++++++++------ flake.nix | 5 + nix/os/devices/srv0-dmz0/README.md | 7 ++ nix/os/devices/srv0-dmz0/configuration.nix | 133 +++++++++++++++++++++ nix/os/devices/srv0-dmz0/default.nix | 30 +++++ nix/os/devices/srv0-dmz0/flake.lock | 83 +++++++++++++ nix/os/devices/srv0-dmz0/flake.nix | 12 ++ nix/os/devices/steveej-t14/system.nix | 22 +--- nix/os/devices/steveej-t14/user.nix | 5 +- nix/os/lib/default.nix | 11 +- nix/os/modules/opinionatedDisk.nix | 3 +- nix/os/profiles/common/user.nix | 23 +++- secrets/holochain-infra/nomad.yaml | 38 ++++++ secrets/shared-users.yaml | 54 +++++---- 16 files changed, 447 insertions(+), 91 deletions(-) create mode 100644 nix/os/devices/srv0-dmz0/README.md create mode 100644 nix/os/devices/srv0-dmz0/configuration.nix create mode 100644 nix/os/devices/srv0-dmz0/default.nix create mode 100644 nix/os/devices/srv0-dmz0/flake.lock create mode 100644 nix/os/devices/srv0-dmz0/flake.nix create mode 100644 secrets/holochain-infra/nomad.yaml diff --git a/.sops.yaml b/.sops.yaml index 776461a..13faa67 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,9 +6,11 @@ keys: - &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &elias-e525 100206d53cf92f62efd9d6b2672bf3644233c763 + - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ key_groups: @@ -17,6 +19,7 @@ creation_rules: age: - *steveej-t14 - *sj-vps-htz0 + - *srv0-dmz0 - path_regex: ^secrets/steveej-t14/.+$ key_groups: - pgp: diff --git a/Justfile b/Justfile index 3278626..e9cbfd7 100755 --- a/Justfile +++ b/Justfile @@ -38,7 +38,7 @@ rebuild-this-device +rebuildargs="dry-activate": nix run .#colmena -- apply-local --sudo {{rebuildargs}} # Re-render the versions of a remote device and rebuild its environment -update-remote-device devicename rebuildmode='build': +update-remote-device devicename +rebuildargs='build': #!/usr/bin/env bash set -e @@ -48,7 +48,7 @@ update-remote-device devicename rebuildmode='build': nix flake update ) - just -v rebuild-remote-device {{devicename}} {{rebuildmode}} + just -v rebuild-remote-device {{devicename}} {{rebuildargs}} git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions" diff --git a/flake.lock b/flake.lock index c444a58..ba38cbc 100644 --- a/flake.lock +++ b/flake.lock @@ -50,11 +50,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1688082682, - "narHash": "sha256-nMG/A7qYm9pyHJowKuaNmNYgo748xZrzMJPqtoGozSA=", + "lastModified": 1688425221, + "narHash": "sha256-DhZnju72DuX9GhOnCOBIE94aCGKC2BOaF+kGxbnP/K0=", "owner": "ipetkov", "repo": "crane", - "rev": "4d350bb94fdf8ec9d2e22d68bb13e136d73aa9d8", + "rev": "fc6a236548b31aef0be3b0a0377c4459bb39d923", "type": "github" }, "original": { @@ -93,11 +93,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1688278950, - "narHash": "sha256-h3J/w3/hCeW6D+VsN/JBQ0Buz76g5wRFznUJF8JomT4=", + "lastModified": 1688624761, + "narHash": "sha256-VMvhdWPCLUFhyssTSZXCxFkA9bZ05VgXZVsuYlJcZBg=", "owner": "nix-community", "repo": "fenix", - "rev": "8e75b5c8506960b49fbc5618717d966d04ee0a7d", + "rev": "a2ea120926a1234ec804c090f90312e0ec2d4541", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1688254665, - "narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=", + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "267149c58a14d15f7f81b4d737308421de9d7152", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1687762428, - "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1687709756, + "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", "type": "github" }, "original": { @@ -364,11 +364,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1688002352, - "narHash": "sha256-jp6MOYWPsLbnDrk3ZWV98c6Z/PolEkfcuHXtAeKu66A=", + "lastModified": 1688608231, + "narHash": "sha256-RQeR/tirHIa5jhZYLCK7KnQiYTG/kq/vWdgDFLi+4+g=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "db318eee754563269536c5e3513abbb9b130481a", + "rev": "477d7196a493dd011f05704fc7b42cbe95f5b30d", "type": "github" }, "original": { @@ -446,11 +446,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1688001024, - "narHash": "sha256-Zf88j+DUj6rDgveWfdEyUo4fL1KZTowzPAN6gpeqzKg=", + "lastModified": 1688607075, + "narHash": "sha256-KDWpwZ4xl4au5R+A+Ka+uVbyiwMDVczjwRTSqBOyqWM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c8591ad6a6f9d679817a94f847c59b0d1e3289e", + "rev": "ff81c24d1dd4dc3698aeb27d2cc3991124e627e6", "type": "github" }, "original": { @@ -462,11 +462,11 @@ }, "nixpkgs-2211": { "locked": { - "lastModified": 1688043300, - "narHash": "sha256-UmpvFT0v4U4jxXhrfr+x1NuaOFULkIyCfS/WT6N6T7s=", + "lastModified": 1688392541, + "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c6643a93d25abf3cf5d40a4e05bcf904b9f0e586", + "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs-2305": { "locked": { - "lastModified": 1688109178, - "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=", + "lastModified": 1688566749, + "narHash": "sha256-3Og5xbNk1qncLWl2zrrL/k80UqRI/nEGPEbzz306Izk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422", + "rev": "c99004f75fd28cc10b9d2e01f51a412d768269c8", "type": "github" }, "original": { @@ -549,11 +549,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1688301056, - "narHash": "sha256-UDkmgKP+hFY+s1k4xj+05GGCdBIYHDPBT0LprU4AdO4=", + "lastModified": 1688646970, + "narHash": "sha256-EIcr3n0YKjJdH9F3JFyhlObbSDXQji8nEzNWxYqep1g=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "b948920571b72da0363d2e8c391af5cfead99a6a", + "rev": "57c2057b4817ecce059fb3cd941ba53ee70c6f5d", "type": "github" }, "original": { @@ -564,11 +564,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1688231357, - "narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=", + "lastModified": 1688590700, + "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "645ff62e09d294a30de823cb568e9c6d68e92606", + "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", "type": "github" }, "original": { @@ -599,6 +599,10 @@ "aphorme_launcher": "aphorme_launcher", "colmena": "colmena", "crane": "crane", + "disko": [ + "nixos-anywhere", + "disko" + ], "fenix": "fenix", "flake-parts": "flake-parts", "get-flake": "get-flake", @@ -615,17 +619,18 @@ "ofi-pass": "ofi-pass", "salut": "salut", "sops-nix": "sops-nix", + "srvos": "srvos", "yofi": "yofi" } }, "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1688245988, - "narHash": "sha256-0DlDUvMFCaFGHnxwyG68RJbKsJ8EM7xu3FiWb2Ry8+E=", + "lastModified": 1688576197, + "narHash": "sha256-flxGk5OXBfXqlS/ZWNyT23slfPjTCkza3CV/EIfvdSU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "f5f0c48ac37fb19705af2864cb50dd6d82e9134e", + "rev": "aa91eda9028758839487ad0f0eb120944a549ff3", "type": "github" }, "original": { @@ -647,11 +652,11 @@ ] }, "locked": { - "lastModified": 1685759304, - "narHash": "sha256-I3YBH6MS3G5kGzNuc1G0f9uYfTcNY9NYoRc3QsykLk4=", + "lastModified": 1688351637, + "narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c535b4f3327910c96dcf21851bbdd074d0760290", + "rev": "f9b92316727af9e6c7fee4a761242f7f46880329", "type": "github" }, "original": { @@ -697,6 +702,26 @@ "type": "github" } }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688619474, + "narHash": "sha256-mPPR4iZxOoq3LB2EZTgo72UunV4UWdtaBTiTc3x+iPI=", + "owner": "numtide", + "repo": "srvos", + "rev": "bf8ce44e0d1a380565c51bd6a707a75ac21c1a9a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + }, "stable": { "locked": { "lastModified": 1669735802, diff --git a/flake.nix b/flake.nix index 76668b3..63a16da 100644 --- a/flake.nix +++ b/flake.nix @@ -7,8 +7,12 @@ nixpkgs.follows = "nixpkgs-2305"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; + + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; nixos-anywhere.url = github:numtide/nixos-anywhere/main; nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs"; + disko.follows = "nixos-anywhere/disko"; nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; @@ -102,6 +106,7 @@ }) [ "sj-vps-htz0" "steveej-t14" + "srv0-dmz0" # "elias-e525" # "justyna-p300" ]); diff --git a/nix/os/devices/srv0-dmz0/README.md b/nix/os/devices/srv0-dmz0/README.md new file mode 100644 index 0000000..92893b6 --- /dev/null +++ b/nix/os/devices/srv0-dmz0/README.md @@ -0,0 +1,7 @@ +## bootstrapping + +``` +# TODO: generate an SSH host-key and deploy it via --extra-files +nixos-anywhere --flake .\#srv0-dmz0 root@srv0.dmz0.noosphere.life +``` + diff --git a/nix/os/devices/srv0-dmz0/configuration.nix b/nix/os/devices/srv0-dmz0/configuration.nix new file mode 100644 index 0000000..3fb80da --- /dev/null +++ b/nix/os/devices/srv0-dmz0/configuration.nix @@ -0,0 +1,133 @@ +{ + modulesPath, + repoFlake, + pkgs, + config, + ... +}: let + disk = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002051"; +in { + disabledModules = []; + imports = [ + repoFlake.inputs.disko.nixosModules.disko + repoFlake.inputs.srvos.nixosModules.server + (modulesPath + "/profiles/all-hardware.nix") + + repoFlake.inputs.srvos.nixosModules.mixins-terminfo + repoFlake.inputs.srvos.nixosModules.mixins-systemd-boot + + repoFlake.inputs.sops-nix.nixosModules.sops + + ../../profiles/common/user.nix + ]; + + ## bare-metal machines + srvos.boot.consoles = ["tty0"]; + boot.loader.grub.enable = false; + boot.loader.efi.canTouchEfiVariables = false; + + disko.devices.disk.main = { + device = disk; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + name = "ESP"; + start = "1M"; + end = "512M"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + start = "512M"; + end = "100%"; + part-type = "primary"; + bootable = true; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + }; + }; + }; + } + ]; + }; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + + services.openssh.enable = true; + + systemd.network.enable = true; + systemd.network.networks."10-lan" = { + matchConfig.Name = "eth*"; + networkConfig = { + # enable DHCP for IPv4 *and* IPv6 + DHCP = "yes"; + + # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC) + IPv6AcceptRA = true; + }; + }; + networking.dhcpcd.enable = false; + + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + 22 + + # iperf3 + 5201 + ]; + networking.firewall.logRefusedConnections = false; + networking.usePredictableInterfaceNames = false; + + networking.nat = { + enable = true; + internalInterfaces = ["ve-+"]; + externalInterface = "eth0"; + }; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + # virtualisation = {docker.enable = true;}; + + nix.gc = {automatic = true;}; + + containers = { + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/nix/os/devices/srv0-dmz0/default.nix b/nix/os/devices/srv0-dmz0/default.nix new file mode 100644 index 0000000..5c0b7bb --- /dev/null +++ b/nix/os/devices/srv0-dmz0/default.nix @@ -0,0 +1,30 @@ +{ + nodeName, + repoFlake, + nodeFlake, + ... +}: let + system = "x86_64-linux"; +in { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake; + packages' = repoFlake.packages.${system}; + }; + + meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "srv0.dmz0.noosphere.life"; + deployment.replaceUnknownProfiles = false; + + imports = [ + nodeFlake.inputs.home-manager.nixosModules.home-manager + + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/srv0-dmz0/flake.lock b/nix/os/devices/srv0-dmz0/flake.lock new file mode 100644 index 0000000..38508fd --- /dev/null +++ b/nix/os/devices/srv0-dmz0/flake.lock @@ -0,0 +1,83 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1687871164, + "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1688594934, + "narHash": "sha256-3dUo20PsmUd57jVZRx5vgKyIN1tv+v/JQweZsve5q/A=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e11142026e2cef35ea52c9205703823df225c947", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-master": { + "locked": { + "lastModified": 1688668881, + "narHash": "sha256-q5QIxsX5UR+P2uq8RyaJA/GI5z3yZiKl3Q35gVyr9UM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0ffe9cc640d092e6abd8c0adec483acfd2ed7cda", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1688640665, + "narHash": "sha256-bpNl3nTFDZqrLiRU0bO6vdIT5Ww13nNCVsOLLKEqGuE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "88faf206ce0d5cfda760539a367daf6cde5b3712", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-master": "nixpkgs-master", + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/srv0-dmz0/flake.nix b/nix/os/devices/srv0-dmz0/flake.nix new file mode 100644 index 0000000..c315b8e --- /dev/null +++ b/nix/os/devices/srv0-dmz0/flake.nix @@ -0,0 +1,12 @@ +{ + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; + inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master"; + + inputs.home-manager = { + url = "github:nix-community/home-manager/release-23.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = _: {}; +} diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 6327ecd..4f768f2 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -24,22 +24,6 @@ in { }; networking.extraHosts = '' - # qemu box - 172.24.40.13 steveej-qemu.infra.holochain.org - 172.24.40.13 steveej-qemu.d.dweb.city - - # bare metal - 192.168.14.117 steveej-hw1.infra.holochain.org - 192.168.14.117 steveej-hw1.d.dweb.city - 192.168.14.117 steveej-hw2.infra.holochain.org - 192.168.14.117 steveej-hw2.d.dweb.city - 192.168.14.117 steveej-hw3.infra.holochain.org - 192.168.14.117 steveej-hw3.d.dweb.city - 192.168.14.117 steveej-hw4.infra.holochain.org - 192.168.14.117 steveej-hw4.d.dweb.city - - 172.24.135.11 emerge3.d.dweb.city - 172.24.74.194 emerge4.d.dweb.city ''; networking.bridges."virbr1".interfaces = []; @@ -150,17 +134,17 @@ in { }; sops.secrets.nomad-holochain-agent-ca = { - sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml; + sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; owner = config.users.extraUsers.steveej.name; }; sops.secrets.nomad-holochain-cli-cert = { - sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml; + sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; owner = config.users.extraUsers.steveej.name; }; sops.secrets.nomad-holochain-cli-key = { - sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml; + sopsFile = ../../../../secrets/holochain-infra/nomad.yaml; owner = config.users.extraUsers.steveej.name; }; } diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index bf5ff0b..ece9cec 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -5,7 +5,7 @@ ... }: let keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser; + inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; in { users.extraUsers.steveej2 = mkUser { uid = 1001; @@ -14,4 +14,7 @@ in { }; nix.settings.trusted-users = ["steveej"]; + + security.pam.u2f.enable = true; + security.pam.services.steveej.u2fAuth = true; } diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 5f8c424..0554d6e 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -1,7 +1,9 @@ { lib, - keys ? import ../../variables/keys.nix, -}: { + config, +}: let + keys = import ../../variables/keys.nix; +in { mkUser = args: ( lib.attrsets.recursiveUpdate { isNormalUser = true; @@ -19,6 +21,11 @@ "adbusers" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; + + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; } args ); diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index b8430c4..758c50e 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -1,11 +1,12 @@ { lib, config, + pkgs, ... }: with lib; let cfg = config.hardware.opinionatedDisk; - ownLib = import ../lib/default.nix {inherit lib;}; + ownLib = pkgs.callPackage ../lib/default.nix {}; in { options.hardware.opinionatedDisk = { enable = mkEnableOption "Enable opinionated filesystem layout"; diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index 5bf314e..a2447f9 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -4,11 +4,18 @@ ... }: let keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser; + inherit + (import ../../lib/default.nix { + inherit (pkgs) lib; + inherit config; + }) + mkUser + ; in { sops.secrets.sharedUsers-root = { sopsFile = ../../../../secrets/shared-users.yaml; neededForUsers = true; + format = "yaml"; }; sops.secrets.sharedUsers-steveej = { @@ -17,18 +24,26 @@ in { format = "yaml"; }; + sops.secrets.sharedSshKeys-steveej = { + sopsFile = ../../../../secrets/shared-users.yaml; + # neededForUsers = true; + format = "yaml"; + }; + users.mutableUsers = false; users.extraUsers.root = { passwordFile = config.sops.secrets.sharedUsers-root.path; openssh.authorizedKeys.keys = keys.users.steveej.openssh; + + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; }; users.extraUsers.steveej = mkUser { uid = 1000; passwordFile = config.sops.secrets.sharedUsers-steveej.path; }; - - security.pam.u2f.enable = true; - security.pam.services.steveej.u2fAuth = true; } diff --git a/secrets/holochain-infra/nomad.yaml b/secrets/holochain-infra/nomad.yaml new file mode 100644 index 0000000..a203484 --- /dev/null +++ b/secrets/holochain-infra/nomad.yaml @@ -0,0 +1,38 @@ +nomad-holochain-agent-ca: ENC[AES256_GCM,data:1nJmWFCt+HflrX3W+8mpxprH9XjaC8194z8QX0PCPeh+CbmF3oOvXNInGpoI4FQx6tFY7vFVkDoDQv7ap5f3y/6o1j7LKEKbUeWixzIiOEi7+Gop3lewjoF7UrHPl8ulRVnZSXZvEQXmaE0upwqXmmEBBocunIl0D43Umkf7g6GZ2mYQ6lPIVVcQ6lOccshjuLHZ+RjvrlMSqmpkLey1lICfTci2+S/rJp9QHclkKyU53JnCoDLchEZE4gVlDE2BJ8RUe5VWZoQoBJbw08KoUtk1zr0MdHwe0RWCoYLCaJ6+U7JUVBiT5QIT2tK8vLFY8v4p517KFb8b651Tmy/W1Zt2nEKoQUyFv101xyAp6ctlWuxvXj/2ilWgm1RtEwW5Iy54/Lkolk9NzKW3niS5zxH9PaX6Qu8bUT7HYrbTGgYPIgP7CVnjAWtCCNIy30dzAW5KUqGLvuDaQq4mfps/Mp5K8rwAJ9vg/Tof08kurc2kqyjFFaJgaOlDq5/neNjuwKsitx6drdN6pzuufclojPbULqkTiWEXeEAyaGs61Ht2/SLfMC/l9E+4kvKXYg2RMo/PAk5j/KS3D87L6xCLU1s+1JSZ/FeYAFpaBaenCQtnPiYHgmZu7PeY9If/KAjI7lFsA2SP7g2dftr9utIOzRL5YtAYvBU6LEnhi97jq7Gpq6pXxDV4On0s//ZxlVV1IuuFpu+guFexrWyfebHYxMpnmo4TyB0ZCGZbIY1z2ECaMWAtZjN9ov4lpgMmTm/Gdhovf2+0uYuedCqyqfu+3rxGoxuiyZ7W5IOWpK48KkgZZ0hPifFWXPmb9Q5JLPZdkIIRkOL/GMTsFOrrc75jDavbM1mBM0ta7kVBSYIlk4ER/ntY2HETDT86eMiHz7vmmzas5s5gfL8d5BJ+/49zPC5H8C05QCPlPdqE+UTtNGJnZ+n8lgepxpoTR2x2kKTaaeWUsWhiUQe98YAI3itWe1ZcmEqSZlMp6st2Mvu3O/p89DT+CaCKkZKNZVgr/XCoHJL23CHoPzLpBmKAtpHXJdAiY6cHYA4EQLNGx7E2IgOH8WzZ24MulcOs1yqW0+NxKB0JYbmVu4O1oyBTkcOUZLl/QfUW7B8bFgVLT//KFLUBjyOfNU7bT0Mbdsh++ipBwWs61+78dqk5ITaF92kXXE+ZcPLFe7wpQAPm80UNMRuAmabWcAiT708cs4t+h894txyr07s6JrSRUQnDhI0LvhqEvKEJH6TsbwcwFXZaqup8vHifF52FR4bXM/Xeo2Jk2731Nnhicj/VajVWQ/UKpJBiPD0H6b3c5E5s8k/du8jnwI9yh/RdaCs1mkoTL+67pL/BXzDcTlvSfZFD/bn/Mp5fziCqJrjL74TskxhVCW9077SH/hVGWupLRxek4xCUn3Zqc64ENEOSt1aogc/4uDxj,iv:QgOfg6sSs1zYtqHFCKy+94qx6edQ3iEt/JtCIoUEqGI=,tag:vSzK1bNTRZA0ytKLITXF9Q==,type:str] +nomad-holochain-cli-cert: ENC[AES256_GCM,data:+SMQfO1zyJ6EW44IIe3uouLJ4lkwlX5y1PFpNMFLXVySsAQpwlLLXCRvTlt8r53xXJglQ4vI+CpNyaE++0A+a7/cXa0rOmxweJjN+LNI9kRR+DdAtR0tGPDiSge+tc7/penx1LJd81SIahoMjZj8Q0Ua3YO8VKKLZKq+jCfTYsWWkGYFVmrUjBZMc6X6l49mo8efmKUbOVvhZ350qfTKDuXjRewcI5vJdW1tm7Gcb5nMA+31lgXgWPOURJIOHnicuHLEYLUEEspRYy3IRuonQHrCeydrKTjRW7YTDr8GgjVBz/HwuoFdCSZ3iqf4YkxSloYfxAzG1y9/FEf2xNF2xOp3w3Pygkb8YtN6ZBX3UJOcisouyYmLc7s7FXfnrDyOlozQmb0IYBUUfrtFWTE/uvWKsRiyaWBkqgfPkf1BH/zFuhwm0nPFH5meC7ILaD71mCXG7cESo2en52AGe3i1fec+kLmtpeGAad6iET9nZxXE13bHI3WycfgpAnBjyyWVwQ6zblZMz6f0U3PgJ/l0HydgFuWE275ClE5M4o/IN+HJNk9/ehM7V/aII7v3eKVhFljNI1elF2OsDag995CyyipZ8gw2PU10XVVBBW4UZuwRpJDkKyoQI9+IR8iC4JHJ7dZpV+Wsv08KY1HHWqtW63bVrrgh7fruMZJ2OX1bgAWwTyeYkCljjm+h3A+xvhoG8Hu4FjBAb0k6FD2emwR5YkjZA9hw1gYZjvDt71X0N2Zz9n/LHZdgNvK6iVN9XRgF7h4w5oRTCVX9wjCASuTE/K01HNMOFBZZA2PdE+dCRgg4ybvtCwvmOQWE/GEzOZ1PRVdxmc3YEru/rUNDRqeTaje/buQCk7RM3mg/s+y6Gl0nrQ05UnUNKPn802bR2fyRi6SohES39O7Xp8IERFOqhzZMqliKvmamAbk4oQ0sfWnp61gGOOpd79hI9Cecxcr+AMlCeIF9RJeywgMbONGrt6uONsd92aMKr9zCaltiWa8A9dH2D3c5rNB5l/qvQVU5RVSDAwo6sCulbpmy6tn+6EAWLjxrTjciK3li/GT6bfO1HVlx+V32YgZ3pPdkH3VQzpDOaCEqpX0gkgbXWIRWQoFBNp6jgLHcB7+DBgV9DFrmThqQsqQzB3PY1s+Kyeejo8xTRmKf6YwjfbP3z3ZhUfkbP1Au7xw5/baSPf7+2u49aUNSa6j46DPzahIym9wT,iv:Spx29A5n1kLZqE6EHw+3N3Om7V1kgnM2PVk7d7wJzqM=,tag:LCvfCpldN29iRPhxzbsU0Q==,type:str] +nomad-holochain-cli-key: ENC[AES256_GCM,data:G633C4SWwAoM9NyBEX7+xGzEondw/FY5XXqbRZxPtO8if+pWHnLRSkc9/fIs4mmCJxB89C2RAxb4tvuwCXJUZyWVQ1xEMwYXCDvJ56ggtrcDyw48iRnF/kNTIIkkHO3mWbpf6OALekcSNRZlznCUcq5K6gSgYECGuVeqcTA/NVH7q8mmBxEicUEyeO6bHopge4bz0o5Bnbpy86Ux2aw2HzSS1qreMpzEVcXIPgo4vlhaeaHj37rUHos2gKGD+GR/wD1n/D12qMsxRXlSz9N0vC50BI2QkqKtlVsv0PNib/MqjiA=,iv:SrPwR1EGCYh846luAX3RMJq+vG88NO3g/IqcjKcFi+o=,tag:ytA4ZwZ2wXz9K2trL6MU+Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVTlaZTA2WVZWWXIwMkFu + d0lMN0tEaUVMeHY1SnBwTVVFbnVPRlFEalVRClliR05oclI5eDVnclBrY2tKK3JS + NjhTOG11Nkh0UWF5Z2g5SzdFT2NpaUUKLS0tIENPU3RHSEVVdzhKV2lQYkR3RnM1 + c2tjQjk0TG1IeTRYdjlPeER2ZlNHMlEKMlWrDV9aNY9AbLp3BsIUZ8W1b94ue4dh + uBPpeMLHB0T2q3C1MxnfBa8h9lZyePd3L4zYFUAX+I8CGECZNx9C3A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-05T08:26:42Z" + mac: ENC[AES256_GCM,data:g3wOkP8M9eLwhccPLV2WbpsnNUyYxILstOqkmyPQ5JPaOQJpGLr0AesN8E+wVPb2cVuUJ38+/xVdWubuFXx0ptZtLoEItnXEwmTxfvRk1veyknxMvX9f4XGfeSunoOFCMNnD+C5tZncJuIeHPcSz4bObHBRbCflMblmz0cthF78=,iv:oxEeAiHqZHEkvs7OxGwO+quxj+yD8nAH2pTGSs/eNes=,tag:VFgDVJOt9qYd4k6j1t0GdA==,type:str] + pgp: + - created_at: "2023-07-05T08:19:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA0SHG/zF3227AQf+M3metU+UqXIGIVmdw5qLqw6H1h4JPk0DFWzJRZqtt5U7 + BBdvoGr6COYFjYx3CRzXVkC/0ldNTsCnM1D2QZTbnqivP5P7L5Bp/y6jHxacBtq/ + erv3doofU54weKBFvm0xh564P7uL5+IRxbSidJhYAKAwYzvptuhEA3R1Y6szzlKY + l6kYgROiRnOfWk8iOKBYCbcxZ8VrmRoohuky6PKaCewESNRiOR3vzkumDE8mbnLH + /QuufFhZbg2wA8ZkG54tSBIRz8gjanQDNhh9sYtPp+PWnuDiyyZhSJef6ruT9v1f + IUP1ybuVsMyRmMKAL0NAbW3UleoIY/GcH9nVaeT+TNJRAXS5BVX/guduIFWqqbwQ + 3fbN7k5JS/VwKCIf8kI6DOVee78F0o/C7rA02CZU9PqeX0hc47wEFvlgNn/TepON + eFWOScb0W7O0Ug+3lRnVdLHO + =8m42 + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index 72a0cdf..bbd501f 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -1,6 +1,7 @@ #ENC[AES256_GCM,data:aqlLlXgwwtjBYxytS2H33KbN0z8pHijFXKBAPQyQ7cxE8iO6tDfn/3kEVaEa1YaiYUMXACX2Ow==,iv:uKTUsccWAqrBkdG/ymCZB1pcumRreGv/2rIn6YG8Y7c=,tag:NWDO4dPRA45Ki4ymGblGIg==,type:comment] sharedUsers-root: ENC[AES256_GCM,data:RhMqzHmMzsPZnskGAKQ5GEagkAmtCqbp3FI4XPWweq6U8WcML+XEOKBfRoemK6yMHpSobBUPEHudNDeVxhGLH1VREmO6+JVZ/3dz44qWudhyuAj2CHiVkVgMlSfOKIbY9FLLxXxfySnEsQ==,iv:EYWeRKI+nFpEkxtBJ57xH6V4arE+hVAHy5ht9v8P1oQ=,tag:I5WA5+FjJ3lF30dth3H2ug==,type:str] sharedUsers-steveej: ENC[AES256_GCM,data:vuvklQJFb0kziB/qr7LNiTB30T/1UmZUV3YE3fFpKLZSlxqwYR7e8pnj94hFMhCtPquw3qdtB8vFAIQSb2LxXUgsfNo1bmkGJU86vz3Vy9Js7oua7KlLyZjoFNpMBgbD7swyXns=,iv:nsymZS1wQ7QSL5ZqoVx/ygaP4UR/e0cYIXHg+UyhbYs=,tag:+/N1QRESOUUK/XJXgiyFfg==,type:str] +sharedSshKeys-steveej: ENC[AES256_GCM,data:Cj8aoHYN95kOuFwMIr+gYTtvE2MNMT6WhHg+r5cEvfgLbI6EJQdMBU30nhJZ8S7uRwJwyVEnqw9qgaZYVorXrIh4oZoQBT6g0UGQ5b5lhtfj86omP7w/NukvpjUPBJEUL+JgvaNGsAbAmExPb1yQY9f/kn2QuyY31pTywcV6qeSHHlK8I2cpei5RxtuG2IX+EjvDXZ3CtQwLY7YrhLvv0K+N8XlEusnytNkXLfjRgd0dJqNLQdkuzrjFPQnuzkxoBBmwfheO8CaTpmH1C5z/dbmeIP5H9GY2gnBCu5xB2zp8ZerVi2E3teW5EZ+Sh+lz/5DOuVpPn3G8W7l4fTM8iX2IHeakjlpYewx1wmW9SZdV/zxyt5rQUtmMj3F+IVktbOWsOyXwSz0CDUlKkVKJdvzATlWdIjteKTwKEgS8RWjg5H7mGylfxyg6YrHYAHTZjC4J1Qz2CwWmAFxzpFCkHvF6QwAOUg+ST+crfw4DiSamb6SKjIg7LNz6VZTOeji6+71Q59u6g2RcdgNowzgrrQCAw7qHnewbFX/2IOW+pdASCB/q9/7218yM6fzMtcPHPiDpZ2tLHQd+45zxZpbUXXCNdNm5v9OTjjK+uA0ARLOVCw5gtd2FbKsJcwyMhXY/h028tgdRhsXIalLolorrYBPx9hR+UHU0TNihspajoNYJCTuJccMiwo8N9AT1DIdUXcOxrQL80RvWY0S6rBzES3q7a91aC/lGEmS/beO7MDgOKaEV+qwPZOLOZXWAesqsR3sKzpOdPx1gFrLvX6vIhAtzuteH0KvKujIAhCg0sEz3Ct/A1S2uNtohz8CstvEEqP6GiR6/X+sQRgxOcXGPQglz68FFKOErIz5XZJBz5+14u/lady1jxhXnVW0cxZDgmqmAvNbrQ9JjNgBvremaDUvuO5R5V5K4MHAMsNQ5yxE9iScXEfwmEvo+Gj4huJwXvwLDE/1TqIaQWX6LfZKOOZ93ivhj7eEiAz7TsLojdNUeDhnWGOYcWbEkMNzYyPb7obN/HgKzcuSixpYm+IZu4sOzXyoO5Lblzd7OObtG4P9jIj4cdxF+vm/s6MYYxtst7jRwzcv9vMLETDXx40IOSqTo2e8New2e/D003T4jx2sis0+68Iyg9m8ltEYb85v6oGFshIdafIGKBaNHm/zIL4Dw03M8kxxfuVuWZD8S2P3bnfryfA4lbOZttv2DnlPZf/Dfb+Ax5qTe5yn4uzLYDTqq9rIqdoNYUmx1OaxGa69oTIqCpL7FC6xe+9NnTEdojl9svZUhtGfThiphYcK72lryqrTyYVuAOa3WjZtHgUJ5lU8x79eExXyDexmC4RNDszar+qMiwlzMC977qsKczfTGe2audm5PLaLTYhWSOZ1p83d/xhFWhLmqjqHrPF5kYrnG+W4ZuVIqxJOrLHQhseKc4fFZrF/XCusgIcoDEq81M/EmHeEDcuWEYldn1pjbE8yzb2ZgfG8mycNh8z41lKsalKmesyZs0k0IvWmrdCpLXqWl/TgsPSO1q+zbQHyfiNewoZec3GC8k1k64zrG3CNI8bP40L6i4Uo/GFPS/y0OjgQhww+He0bWY7yP9MKqdbahpdYQE9kYU5yoJTUG+ZYRir6h6o/JmTJQy4QIvwmcx2jiiA5XXpj3cYAJ9/3eHDFCeg==,iv:QeYNlLR97tdC9i5N909GnoNyBwNNiuljF/eVbdhvGXg=,tag:lBWDaaZMQRPX/4Ln+oUQPA==,type:str] #ENC[AES256_GCM,data:8u2UAE6lXi0e6qKJxB3VP1k7hmfUYRcejXoR7K6NIQ9E7AqOlMiLDyQFw77NBlqpy0G6mPVOnC+XskGAscm3TLFzs7+o+/i0IxH7uDPwoh+U,iv:n4wheHkpPbnKeXb4DTxwks2bph4LO6xQW6LcrlA4jKU=,tag:mgwa7rYvqoubFdQDXJADZQ==,type:comment] sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3xQz3oR14CqSVy3hjQEkqcezwj/v2ELrLWid2hK+lDtY,iv:TNoJ7Kq3WDkkPBLG3a+N/A8yBZcx7Gc0jaBToYX3Y5M=,tag:VU5P4YtzMv1FVc3ugig8TA==,type:str] #ENC[AES256_GCM,data:685Grzm+Qw==,iv:sswI1QEvU3nXgQCJcF/O4n3a1z3r6fAVAOSF7W24PZw=,tag:cH/AroGEBfCnnepyqtjt0Q==,type:comment] @@ -15,37 +16,46 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRmJhRHBxU1VnaEQ2eEpG - N3NyYmtBTCtJU3FGUmJRckhoQUxQK0p2SldnCmJiZnlLS0tEOEg2a3NOYXAwQWhT - eTlWMDc3YlpqRDJyMWpKWTlINS9Gck0KLS0tIFg0V3RkSENqRzhRWEZxUGZZTGRo - b0VJcm0vbVNqWEt2TSt0RW5zcXgzbGcKkKul4wrLfQ/mP9o1KfJ3w/hrlyuD2K/h - 4i8d8q7Yr3ULXpPPrYNWJ+1u5yPrKtj/YjkvsbCR5sQLPe8EcTK15w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUGxsbitMNnlTZlRZQVJl + RVc3TUtHaWpQdk5RVFkvS0MxSkVxWHQ1MFZvCmw0M2M4VGRxb21nVzkrNWIzK3Aw + dVB6bWEvQ0dtbjZobTVCeE9DUEpGV2sKLS0tIGhya2RMM2w5VHlHNUdGK1FNZit3 + OWUyYnZhSEhtMzhTenZMRU1yRis0WkkK/iDe1XgGJumprZU23G/Imhbqpp5ehfMe + I+XlSGn0/ry1SpEV0bQi7ZMzFxEfhX0avLsmxTeoxQJuN2m7ZOQCdQ== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bkhNaDZoUFplSC9SZ09a - aENIa0NYVkQ4ZGhzdE4vSS9zeER4L1Y2dkFFCnQ5SlZTQ0NKN1Q0WWR0S1hHZmxi - Q2pPUHRHb3VyQmFPQW1wVllkR0pva2cKLS0tIGphY0lUTENCVG1PcVo5SldaRVpy - RnJYK1hXUWhPZjdkV2FUeThTZmlJS1kKmmoKeEKRQEHtgfXAd7x6VtfZm2nLWxle - 2k1N0N77p8QzoDIkUY5I8RjQS0V8wOLwOSVYDe8j3erw9e9GhDqEbQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OVJ5d1p1RURkTjdzaWpv + OXViZkhzZEZwYzNIZHdpeUVNWlM5SWJGYkFjCnRrQWV6UUM0akIzaFVxY1dzaUNa + OVFRczZaUjRXSGphcTJ5TGtZOHlSeHcKLS0tIG5QTWMyTzFlZkdIdnVGT2lpTXR4 + TXJybjNjdmwxRVMxdERIS25wRTRCV0UKy/N8YBkxD3f5qTBOPj/iysFr/Ona1p9H + JYhjZCojB4Ua1b2Tv4Gz2Fvi9B2fOWBy0/LSPA6CRchG3IWgKm/B6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-02T16:39:58Z" - mac: ENC[AES256_GCM,data:2aw294lkCFt3Yhf3I3Py+mSgQNcFKjyQSJiCvS3+iiraR6ukT6gN3eIwPk9AmUgCDBJBhOe8Nlx3gq9lYz3SI+B2sVnt27Fxe3kp1Ip894Lg2XyA7TynTJJp2eIrFmSO11FhQaMDO8D8+kraJFzLspQ5/j/67f+smkiIFlpXx6g=,iv:DPjOin99RR6EoG1FA4f5BexpYeyb4xy1iWiiq4y+JEA=,tag:i1CQI182/VILveC8Qw8rWQ==,type:str] + - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNVJBRlptQ2hWVy9MRGhj + MVduVkl3YXZEVlMzNksybkZjR1Z6VnQ1MGdRCjRTWjY3RTlpY096c3UrMHlaUms0 + MDc3V0dTUnpWTjcxcGZNSmVkUElLMjgKLS0tIGFkMzZ1eVh1a1ZzckxseFh5T1VK + eDZSbXdzSmJ3dkJHSkU2R3JTRjlxNDAK1k/SYCf1nWEHKRzlJbvx1U5NKYSEzi0/ + wE4SdLjMi4io2ThNif4gqVRCiRQupiILx4VnlM4lN6Fk924zATUUYA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-06T20:14:22Z" + mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2023-07-01T20:51:41Z" + - created_at: "2023-07-06T18:55:17Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf9F7sIYPoz5fsqe8an9+suc5OSoZI/tA/+UMWO++Nn4VSA - ZEmxqyDvnc/KxHyFwHjISyOJkbd8L23ZdO6Fgn0wjm+z3houqMQoaKdYgjpOBFrI - 3nq86WkdKKVy/8RzrDCQ5gKIy4P1zeiyOio12n8G4cUt0B3uo596qKoWc6duUiEt - Z6wSPDEaciihTrbZCYYDXvElXO6uY5S8fBRdhsY8aNKLgh0vIYlQw/aflN4EiuC/ - OiQkRwp8CHcsdkUo/pngmBaRVlW4uOlv/QpZ3/zXTqx5UazQlb+xmilBCFt6jgWs - +VhemXci16j6S6myw/heSP2Z+Gv02cRiFcpz64Z0QNJRAQsRJTjdB5OS/IcaqXs3 - SwgOL9ga8vd4OZW7Jc2LQ1TJCarKUCGT0YcfOjv4CmtLn+2MDCLr+syg535/clbK - VXC10xjRrhlBaCQ9vR1N2gBp - =TJW7 + wcBMA0SHG/zF3227AQgAo5WdFio56L/EtWKV590N9QQ9Gjm9IWm0G+H6YHTNlpfO + erhl1AZds+MNrInw0uSW7Mx/wZ4awv8+JVkMN43qupmDIcgHmWmVoqB2SaUA60qd + gkFYP2fWlmgzihl/DnWUn1M4WrD8sGJIwkulg8FX9h40f7mEhb0MsftsUuhmxOBp + GTJDtT/A7wHMRY71mEzIyem8XOA7nAIO7r802Tyni6H7zP1qG00vF/sastbbzB26 + +7MTpSZz8AuNPG/P7rue7J2BL0S8ldwcPsGX9XGt2qFbeNbsOUfJn12miPSEZHWU + jIYC1rWLVJ110O0ZDDMJXyfBW5XrFAkA6XkCzzPgodJRAYKzTD+bMg44vuwTCRmG + wcdv71+hBJeXtF1g8/YueaTWpPJ5j8m6Ntp1d5pYPetlRmhwLzfSoY1BUXA6YkGb + Qeqr3q7oGL91sjasjZQorc3h + =6rU4 -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted