steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: init srv0-dmz0

Browse source
This commit is contained in:
steveej 2023-07-06 22:42:24 +02:00
parent b481126ae2
commit 4cb8e6df29
16 changed files with 447 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -6,9 +6,11 @@
keys:
- &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
- &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
- &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
- &elias-e525 100206d53cf92f62efd9d6b2672bf3644233c763
- &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
- &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
creation_rules:
- path_regex: ^(.+/|)secrets/[^/]+$
key_groups:
@ -17,6 +19,7 @@ creation_rules:
age:
- *steveej-t14
- *sj-vps-htz0
- *srv0-dmz0
- path_regex: ^secrets/steveej-t14/.+$
key_groups:
- pgp:

4
Justfile
View file

@ -38,7 +38,7 @@ rebuild-this-device +rebuildargs="dry-activate":
nix run .#colmena -- apply-local --sudo {{rebuildargs}}
# Re-render the versions of a remote device and rebuild its environment
update-remote-device devicename rebuildmode='build':
update-remote-device devicename +rebuildargs='build':
#!/usr/bin/env bash
set -e
@ -48,7 +48,7 @@ update-remote-device devicename rebuildmode='build':
nix flake update
)
just -v rebuild-remote-device {{devicename}} {{rebuildmode}}
just -v rebuild-remote-device {{devicename}} {{rebuildargs}}
git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions"

103
flake.lock generated
View file

@ -50,11 +50,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1688082682,
"narHash": "sha256-nMG/A7qYm9pyHJowKuaNmNYgo748xZrzMJPqtoGozSA=",
"lastModified": 1688425221,
"narHash": "sha256-DhZnju72DuX9GhOnCOBIE94aCGKC2BOaF+kGxbnP/K0=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4d350bb94fdf8ec9d2e22d68bb13e136d73aa9d8",
"rev": "fc6a236548b31aef0be3b0a0377c4459bb39d923",
"type": "github"
},
"original": {
@ -93,11 +93,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1688278950,
"narHash": "sha256-h3J/w3/hCeW6D+VsN/JBQ0Buz76g5wRFznUJF8JomT4=",
"lastModified": 1688624761,
"narHash": "sha256-VMvhdWPCLUFhyssTSZXCxFkA9bZ05VgXZVsuYlJcZBg=",
"owner": "nix-community",
"repo": "fenix",
"rev": "8e75b5c8506960b49fbc5618717d966d04ee0a7d",
"rev": "a2ea120926a1234ec804c090f90312e0ec2d4541",
"type": "github"
},
"original": {
@ -158,11 +158,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1688254665,
"narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=",
"lastModified": 1688466019,
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "267149c58a14d15f7f81b4d737308421de9d7152",
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
"type": "github"
},
"original": {
@ -201,11 +201,11 @@
]
},
"locked": {
"lastModified": 1687762428,
"narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=",
"lastModified": 1688466019,
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "37dd7bb15791c86d55c5121740a1887ab55ee836",
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
"type": "github"
},
"original": {
@ -234,11 +234,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
@ -364,11 +364,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1688002352,
"narHash": "sha256-jp6MOYWPsLbnDrk3ZWV98c6Z/PolEkfcuHXtAeKu66A=",
"lastModified": 1688608231,
"narHash": "sha256-RQeR/tirHIa5jhZYLCK7KnQiYTG/kq/vWdgDFLi+4+g=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "db318eee754563269536c5e3513abbb9b130481a",
"rev": "477d7196a493dd011f05704fc7b42cbe95f5b30d",
"type": "github"
},
"original": {
@ -446,11 +446,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1688001024,
"narHash": "sha256-Zf88j+DUj6rDgveWfdEyUo4fL1KZTowzPAN6gpeqzKg=",
"lastModified": 1688607075,
"narHash": "sha256-KDWpwZ4xl4au5R+A+Ka+uVbyiwMDVczjwRTSqBOyqWM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c8591ad6a6f9d679817a94f847c59b0d1e3289e",
"rev": "ff81c24d1dd4dc3698aeb27d2cc3991124e627e6",
"type": "github"
},
"original": {
@ -462,11 +462,11 @@
},
"nixpkgs-2211": {
"locked": {
"lastModified": 1688043300,
"narHash": "sha256-UmpvFT0v4U4jxXhrfr+x1NuaOFULkIyCfS/WT6N6T7s=",
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c6643a93d25abf3cf5d40a4e05bcf904b9f0e586",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
@ -478,11 +478,11 @@
},
"nixpkgs-2305": {
"locked": {
"lastModified": 1688109178,
"narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
"lastModified": 1688566749,
"narHash": "sha256-3Og5xbNk1qncLWl2zrrL/k80UqRI/nEGPEbzz306Izk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
"rev": "c99004f75fd28cc10b9d2e01f51a412d768269c8",
"type": "github"
},
"original": {
@ -549,11 +549,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1688301056,
"narHash": "sha256-UDkmgKP+hFY+s1k4xj+05GGCdBIYHDPBT0LprU4AdO4=",
"lastModified": 1688646970,
"narHash": "sha256-EIcr3n0YKjJdH9F3JFyhlObbSDXQji8nEzNWxYqep1g=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "b948920571b72da0363d2e8c391af5cfead99a6a",
"rev": "57c2057b4817ecce059fb3cd941ba53ee70c6f5d",
"type": "github"
},
"original": {
@ -564,11 +564,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1688231357,
"narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
"lastModified": 1688590700,
"narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
"rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b",
"type": "github"
},
"original": {
@ -599,6 +599,10 @@
"aphorme_launcher": "aphorme_launcher",
"colmena": "colmena",
"crane": "crane",
"disko": [
"nixos-anywhere",
"disko"
],
"fenix": "fenix",
"flake-parts": "flake-parts",
"get-flake": "get-flake",
@ -615,17 +619,18 @@
"ofi-pass": "ofi-pass",
"salut": "salut",
"sops-nix": "sops-nix",
"srvos": "srvos",
"yofi": "yofi"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1688245988,
"narHash": "sha256-0DlDUvMFCaFGHnxwyG68RJbKsJ8EM7xu3FiWb2Ry8+E=",
"lastModified": 1688576197,
"narHash": "sha256-flxGk5OXBfXqlS/ZWNyT23slfPjTCkza3CV/EIfvdSU=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "f5f0c48ac37fb19705af2864cb50dd6d82e9134e",
"rev": "aa91eda9028758839487ad0f0eb120944a549ff3",
"type": "github"
},
"original": {
@ -647,11 +652,11 @@
]
},
"locked": {
"lastModified": 1685759304,
"narHash": "sha256-I3YBH6MS3G5kGzNuc1G0f9uYfTcNY9NYoRc3QsykLk4=",
"lastModified": 1688351637,
"narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c535b4f3327910c96dcf21851bbdd074d0760290",
"rev": "f9b92316727af9e6c7fee4a761242f7f46880329",
"type": "github"
},
"original": {
@ -697,6 +702,26 @@
"type": "github"
}
},
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1688619474,
"narHash": "sha256-mPPR4iZxOoq3LB2EZTgo72UunV4UWdtaBTiTc3x+iPI=",
"owner": "numtide",
"repo": "srvos",
"rev": "bf8ce44e0d1a380565c51bd6a707a75ac21c1a9a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1669735802,

5
flake.nix
View file

@ -7,8 +7,12 @@
nixpkgs.follows = "nixpkgs-2305";
flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
nixos-anywhere.url = github:numtide/nixos-anywhere/main;
nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs";
disko.follows = "nixos-anywhere/disko";
nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
@ -102,6 +106,7 @@
}) [
"sj-vps-htz0"
"steveej-t14"
"srv0-dmz0"
# "elias-e525"
# "justyna-p300"
]);

7
nix/os/devices/srv0-dmz0/README.md Normal file
View file

@ -0,0 +1,7 @@
## bootstrapping
```
# TODO: generate an SSH host-key and deploy it via --extra-files
nixos-anywhere --flake .\#srv0-dmz0 root@srv0.dmz0.noosphere.life
```

133
nix/os/devices/srv0-dmz0/configuration.nix Normal file
View file

@ -0,0 +1,133 @@
{
modulesPath,
repoFlake,
pkgs,
config,
...
}: let
disk = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002051";
in {
disabledModules = [];
imports = [
repoFlake.inputs.disko.nixosModules.disko
repoFlake.inputs.srvos.nixosModules.server
(modulesPath + "/profiles/all-hardware.nix")
repoFlake.inputs.srvos.nixosModules.mixins-terminfo
repoFlake.inputs.srvos.nixosModules.mixins-systemd-boot
repoFlake.inputs.sops-nix.nixosModules.sops
../../profiles/common/user.nix
];
## bare-metal machines
srvos.boot.consoles = ["tty0"];
boot.loader.grub.enable = false;
boot.loader.efi.canTouchEfiVariables = false;
disko.devices.disk.main = {
device = disk;
type = "disk";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "0";
end = "1M";
part-type = "primary";
flags = ["bios_grub"];
}
{
name = "ESP";
start = "1M";
end = "512M";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "root";
start = "512M";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
subvolumes = {
# Subvolume name is different from mountpoint
"/rootfs" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["noatime"];
};
};
};
}
];
};
};
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
services.openssh.enable = true;
systemd.network.enable = true;
systemd.network.networks."10-lan" = {
matchConfig.Name = "eth*";
networkConfig = {
# enable DHCP for IPv4 *and* IPv6
DHCP = "yes";
# accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
IPv6AcceptRA = true;
};
};
networking.dhcpcd.enable = false;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
22
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.nat = {
enable = true;
internalInterfaces = ["ve-+"];
externalInterface = "eth0";
};
# Kubernetes
# services.kubernetes.roles = ["master" "node"];
# virtualization
# virtualisation = {docker.enable = true;};
nix.gc = {automatic = true;};
containers = {
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

30
nix/os/devices/srv0-dmz0/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
nodeName,
repoFlake,
nodeFlake,
...
}: let
system = "x86_64-linux";
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system;
};
${nodeName} = {
deployment.targetHost = "srv0.dmz0.noosphere.life";
deployment.replaceUnknownProfiles = false;
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
./configuration.nix
];
networking.hostName = nodeName;
};
}

83
nix/os/devices/srv0-dmz0/flake.lock generated Normal file
View file

@ -0,0 +1,83 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1688594934,
"narHash": "sha256-3dUo20PsmUd57jVZRx5vgKyIN1tv+v/JQweZsve5q/A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e11142026e2cef35ea52c9205703823df225c947",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1688668881,
"narHash": "sha256-q5QIxsX5UR+P2uq8RyaJA/GI5z3yZiKl3Q35gVyr9UM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0ffe9cc640d092e6abd8c0adec483acfd2ed7cda",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1688640665,
"narHash": "sha256-bpNl3nTFDZqrLiRU0bO6vdIT5Ww13nNCVsOLLKEqGuE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88faf206ce0d5cfda760539a367daf6cde5b3712",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable"
}
}
},
"root": "root",
"version": 7
}

12
nix/os/devices/srv0-dmz0/flake.nix Normal file
View file

@ -0,0 +1,12 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = _: {};
}

22
nix/os/devices/steveej-t14/system.nix
View file

@ -24,22 +24,6 @@ in {
};
networking.extraHosts = ''
# qemu box
172.24.40.13 steveej-qemu.infra.holochain.org
172.24.40.13 steveej-qemu.d.dweb.city
# bare metal
192.168.14.117 steveej-hw1.infra.holochain.org
192.168.14.117 steveej-hw1.d.dweb.city
192.168.14.117 steveej-hw2.infra.holochain.org
192.168.14.117 steveej-hw2.d.dweb.city
192.168.14.117 steveej-hw3.infra.holochain.org
192.168.14.117 steveej-hw3.d.dweb.city
192.168.14.117 steveej-hw4.infra.holochain.org
192.168.14.117 steveej-hw4.d.dweb.city
172.24.135.11 emerge3.d.dweb.city
172.24.74.194 emerge4.d.dweb.city
'';
networking.bridges."virbr1".interfaces = [];
@ -150,17 +134,17 @@ in {
};
sops.secrets.nomad-holochain-agent-ca = {
sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml;
sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
owner = config.users.extraUsers.steveej.name;
};
sops.secrets.nomad-holochain-cli-cert = {
sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml;
sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
owner = config.users.extraUsers.steveej.name;
};
sops.secrets.nomad-holochain-cli-key = {
sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml;
sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
owner = config.users.extraUsers.steveej.name;
};
}

5
nix/os/devices/steveej-t14/user.nix
View file

@ -5,7 +5,7 @@
...
}: let
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;
@ -14,4 +14,7 @@ in {
};
nix.settings.trusted-users = ["steveej"];
security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true;
}

11
nix/os/lib/default.nix
View file

@ -1,7 +1,9 @@
{
lib,
keys ? import ../../variables/keys.nix,
}: {
config,
}: let
keys = import ../../variables/keys.nix;
in {
mkUser = args: (
lib.attrsets.recursiveUpdate {
isNormalUser = true;
@ -19,6 +21,11 @@
"adbusers"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
# TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path
# ];
}
args
);

3
nix/os/modules/opinionatedDisk.nix
View file

@ -1,11 +1,12 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
cfg = config.hardware.opinionatedDisk;
ownLib = import ../lib/default.nix {inherit lib;};
ownLib = pkgs.callPackage ../lib/default.nix {};
in {
options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout";

23
nix/os/profiles/common/user.nix
View file

@ -4,11 +4,18 @@
...
}: let
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
inherit
(import ../../lib/default.nix {
inherit (pkgs) lib;
inherit config;
})
mkUser
;
in {
sops.secrets.sharedUsers-root = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
sops.secrets.sharedUsers-steveej = {
@ -17,18 +24,26 @@ in {
format = "yaml";
};
sops.secrets.sharedSshKeys-steveej = {
sopsFile = ../../../../secrets/shared-users.yaml;
# neededForUsers = true;
format = "yaml";
};
users.mutableUsers = false;
users.extraUsers.root = {
passwordFile = config.sops.secrets.sharedUsers-root.path;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
# TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path
# ];
};
users.extraUsers.steveej = mkUser {
uid = 1000;
passwordFile = config.sops.secrets.sharedUsers-steveej.path;
};
security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true;
}

38
secrets/holochain-infra/nomad.yaml Normal file
View file

@ -0,0 +1,38 @@
nomad-holochain-agent-ca: ENC[AES256_GCM,data:1nJmWFCt+HflrX3W+8mpxprH9XjaC8194z8QX0PCPeh+CbmF3oOvXNInGpoI4FQx6tFY7vFVkDoDQv7ap5f3y/6o1j7LKEKbUeWixzIiOEi7+Gop3lewjoF7UrHPl8ulRVnZSXZvEQXmaE0upwqXmmEBBocunIl0D43Umkf7g6GZ2mYQ6lPIVVcQ6lOccshjuLHZ+RjvrlMSqmpkLey1lICfTci2+S/rJp9QHclkKyU53JnCoDLchEZE4gVlDE2BJ8RUe5VWZoQoBJbw08KoUtk1zr0MdHwe0RWCoYLCaJ6+U7JUVBiT5QIT2tK8vLFY8v4p517KFb8b651Tmy/W1Zt2nEKoQUyFv101xyAp6ctlWuxvXj/2ilWgm1RtEwW5Iy54/Lkolk9NzKW3niS5zxH9PaX6Qu8bUT7HYrbTGgYPIgP7CVnjAWtCCNIy30dzAW5KUqGLvuDaQq4mfps/Mp5K8rwAJ9vg/Tof08kurc2kqyjFFaJgaOlDq5/neNjuwKsitx6drdN6pzuufclojPbULqkTiWEXeEAyaGs61Ht2/SLfMC/l9E+4kvKXYg2RMo/PAk5j/KS3D87L6xCLU1s+1JSZ/FeYAFpaBaenCQtnPiYHgmZu7PeY9If/KAjI7lFsA2SP7g2dftr9utIOzRL5YtAYvBU6LEnhi97jq7Gpq6pXxDV4On0s//ZxlVV1IuuFpu+guFexrWyfebHYxMpnmo4TyB0ZCGZbIY1z2ECaMWAtZjN9ov4lpgMmTm/Gdhovf2+0uYuedCqyqfu+3rxGoxuiyZ7W5IOWpK48KkgZZ0hPifFWXPmb9Q5JLPZdkIIRkOL/GMTsFOrrc75jDavbM1mBM0ta7kVBSYIlk4ER/ntY2HETDT86eMiHz7vmmzas5s5gfL8d5BJ+/49zPC5H8C05QCPlPdqE+UTtNGJnZ+n8lgepxpoTR2x2kKTaaeWUsWhiUQe98YAI3itWe1ZcmEqSZlMp6st2Mvu3O/p89DT+CaCKkZKNZVgr/XCoHJL23CHoPzLpBmKAtpHXJdAiY6cHYA4EQLNGx7E2IgOH8WzZ24MulcOs1yqW0+NxKB0JYbmVu4O1oyBTkcOUZLl/QfUW7B8bFgVLT//KFLUBjyOfNU7bT0Mbdsh++ipBwWs61+78dqk5ITaF92kXXE+ZcPLFe7wpQAPm80UNMRuAmabWcAiT708cs4t+h894txyr07s6JrSRUQnDhI0LvhqEvKEJH6TsbwcwFXZaqup8vHifF52FR4bXM/Xeo2Jk2731Nnhicj/VajVWQ/UKpJBiPD0H6b3c5E5s8k/du8jnwI9yh/RdaCs1mkoTL+67pL/BXzDcTlvSfZFD/bn/Mp5fziCqJrjL74TskxhVCW9077SH/hVGWupLRxek4xCUn3Zqc64ENEOSt1aogc/4uDxj,iv:QgOfg6sSs1zYtqHFCKy+94qx6edQ3iEt/JtCIoUEqGI=,tag:vSzK1bNTRZA0ytKLITXF9Q==,type:str]
nomad-holochain-cli-cert: ENC[AES256_GCM,data:+SMQfO1zyJ6EW44IIe3uouLJ4lkwlX5y1PFpNMFLXVySsAQpwlLLXCRvTlt8r53xXJglQ4vI+CpNyaE++0A+a7/cXa0rOmxweJjN+LNI9kRR+DdAtR0tGPDiSge+tc7/penx1LJd81SIahoMjZj8Q0Ua3YO8VKKLZKq+jCfTYsWWkGYFVmrUjBZMc6X6l49mo8efmKUbOVvhZ350qfTKDuXjRewcI5vJdW1tm7Gcb5nMA+31lgXgWPOURJIOHnicuHLEYLUEEspRYy3IRuonQHrCeydrKTjRW7YTDr8GgjVBz/HwuoFdCSZ3iqf4YkxSloYfxAzG1y9/FEf2xNF2xOp3w3Pygkb8YtN6ZBX3UJOcisouyYmLc7s7FXfnrDyOlozQmb0IYBUUfrtFWTE/uvWKsRiyaWBkqgfPkf1BH/zFuhwm0nPFH5meC7ILaD71mCXG7cESo2en52AGe3i1fec+kLmtpeGAad6iET9nZxXE13bHI3WycfgpAnBjyyWVwQ6zblZMz6f0U3PgJ/l0HydgFuWE275ClE5M4o/IN+HJNk9/ehM7V/aII7v3eKVhFljNI1elF2OsDag995CyyipZ8gw2PU10XVVBBW4UZuwRpJDkKyoQI9+IR8iC4JHJ7dZpV+Wsv08KY1HHWqtW63bVrrgh7fruMZJ2OX1bgAWwTyeYkCljjm+h3A+xvhoG8Hu4FjBAb0k6FD2emwR5YkjZA9hw1gYZjvDt71X0N2Zz9n/LHZdgNvK6iVN9XRgF7h4w5oRTCVX9wjCASuTE/K01HNMOFBZZA2PdE+dCRgg4ybvtCwvmOQWE/GEzOZ1PRVdxmc3YEru/rUNDRqeTaje/buQCk7RM3mg/s+y6Gl0nrQ05UnUNKPn802bR2fyRi6SohES39O7Xp8IERFOqhzZMqliKvmamAbk4oQ0sfWnp61gGOOpd79hI9Cecxcr+AMlCeIF9RJeywgMbONGrt6uONsd92aMKr9zCaltiWa8A9dH2D3c5rNB5l/qvQVU5RVSDAwo6sCulbpmy6tn+6EAWLjxrTjciK3li/GT6bfO1HVlx+V32YgZ3pPdkH3VQzpDOaCEqpX0gkgbXWIRWQoFBNp6jgLHcB7+DBgV9DFrmThqQsqQzB3PY1s+Kyeejo8xTRmKf6YwjfbP3z3ZhUfkbP1Au7xw5/baSPf7+2u49aUNSa6j46DPzahIym9wT,iv:Spx29A5n1kLZqE6EHw+3N3Om7V1kgnM2PVk7d7wJzqM=,tag:LCvfCpldN29iRPhxzbsU0Q==,type:str]
nomad-holochain-cli-key: ENC[AES256_GCM,data:G633C4SWwAoM9NyBEX7+xGzEondw/FY5XXqbRZxPtO8if+pWHnLRSkc9/fIs4mmCJxB89C2RAxb4tvuwCXJUZyWVQ1xEMwYXCDvJ56ggtrcDyw48iRnF/kNTIIkkHO3mWbpf6OALekcSNRZlznCUcq5K6gSgYECGuVeqcTA/NVH7q8mmBxEicUEyeO6bHopge4bz0o5Bnbpy86Ux2aw2HzSS1qreMpzEVcXIPgo4vlhaeaHj37rUHos2gKGD+GR/wD1n/D12qMsxRXlSz9N0vC50BI2QkqKtlVsv0PNib/MqjiA=,iv:SrPwR1EGCYh846luAX3RMJq+vG88NO3g/IqcjKcFi+o=,tag:ytA4ZwZ2wXz9K2trL6MU+Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVTlaZTA2WVZWWXIwMkFu
d0lMN0tEaUVMeHY1SnBwTVVFbnVPRlFEalVRClliR05oclI5eDVnclBrY2tKK3JS
NjhTOG11Nkh0UWF5Z2g5SzdFT2NpaUUKLS0tIENPU3RHSEVVdzhKV2lQYkR3RnM1
c2tjQjk0TG1IeTRYdjlPeER2ZlNHMlEKMlWrDV9aNY9AbLp3BsIUZ8W1b94ue4dh
uBPpeMLHB0T2q3C1MxnfBa8h9lZyePd3L4zYFUAX+I8CGECZNx9C3A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-05T08:26:42Z"
mac: ENC[AES256_GCM,data:g3wOkP8M9eLwhccPLV2WbpsnNUyYxILstOqkmyPQ5JPaOQJpGLr0AesN8E+wVPb2cVuUJ38+/xVdWubuFXx0ptZtLoEItnXEwmTxfvRk1veyknxMvX9f4XGfeSunoOFCMNnD+C5tZncJuIeHPcSz4bObHBRbCflMblmz0cthF78=,iv:oxEeAiHqZHEkvs7OxGwO+quxj+yD8nAH2pTGSs/eNes=,tag:VFgDVJOt9qYd4k6j1t0GdA==,type:str]
pgp:
- created_at: "2023-07-05T08:19:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQf+M3metU+UqXIGIVmdw5qLqw6H1h4JPk0DFWzJRZqtt5U7
BBdvoGr6COYFjYx3CRzXVkC/0ldNTsCnM1D2QZTbnqivP5P7L5Bp/y6jHxacBtq/
erv3doofU54weKBFvm0xh564P7uL5+IRxbSidJhYAKAwYzvptuhEA3R1Y6szzlKY
l6kYgROiRnOfWk8iOKBYCbcxZ8VrmRoohuky6PKaCewESNRiOR3vzkumDE8mbnLH
/QuufFhZbg2wA8ZkG54tSBIRz8gjanQDNhh9sYtPp+PWnuDiyyZhSJef6ruT9v1f
IUP1ybuVsMyRmMKAL0NAbW3UleoIY/GcH9nVaeT+TNJRAXS5BVX/guduIFWqqbwQ
3fbN7k5JS/VwKCIf8kI6DOVee78F0o/C7rA02CZU9PqeX0hc47wEFvlgNn/TepON
eFWOScb0W7O0Ug+3lRnVdLHO
=8m42
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.7.3

54
secrets/shared-users.yaml
View file

@ -1,6 +1,7 @@
#ENC[AES256_GCM,data:aqlLlXgwwtjBYxytS2H33KbN0z8pHijFXKBAPQyQ7cxE8iO6tDfn/3kEVaEa1YaiYUMXACX2Ow==,iv:uKTUsccWAqrBkdG/ymCZB1pcumRreGv/2rIn6YG8Y7c=,tag:NWDO4dPRA45Ki4ymGblGIg==,type:comment]
sharedUsers-root: ENC[AES256_GCM,data:RhMqzHmMzsPZnskGAKQ5GEagkAmtCqbp3FI4XPWweq6U8WcML+XEOKBfRoemK6yMHpSobBUPEHudNDeVxhGLH1VREmO6+JVZ/3dz44qWudhyuAj2CHiVkVgMlSfOKIbY9FLLxXxfySnEsQ==,iv:EYWeRKI+nFpEkxtBJ57xH6V4arE+hVAHy5ht9v8P1oQ=,tag:I5WA5+FjJ3lF30dth3H2ug==,type:str]
sharedUsers-steveej: ENC[AES256_GCM,data:vuvklQJFb0kziB/qr7LNiTB30T/1UmZUV3YE3fFpKLZSlxqwYR7e8pnj94hFMhCtPquw3qdtB8vFAIQSb2LxXUgsfNo1bmkGJU86vz3Vy9Js7oua7KlLyZjoFNpMBgbD7swyXns=,iv:nsymZS1wQ7QSL5ZqoVx/ygaP4UR/e0cYIXHg+UyhbYs=,tag:+/N1QRESOUUK/XJXgiyFfg==,type:str]
sharedSshKeys-steveej: ENC[AES256_GCM,data:Cj8aoHYN95kOuFwMIr+gYTtvE2MNMT6WhHg+r5cEvfgLbI6EJQdMBU30nhJZ8S7uRwJwyVEnqw9qgaZYVorXrIh4oZoQBT6g0UGQ5b5lhtfj86omP7w/NukvpjUPBJEUL+JgvaNGsAbAmExPb1yQY9f/kn2QuyY31pTywcV6qeSHHlK8I2cpei5RxtuG2IX+EjvDXZ3CtQwLY7YrhLvv0K+N8XlEusnytNkXLfjRgd0dJqNLQdkuzrjFPQnuzkxoBBmwfheO8CaTpmH1C5z/dbmeIP5H9GY2gnBCu5xB2zp8ZerVi2E3teW5EZ+Sh+lz/5DOuVpPn3G8W7l4fTM8iX2IHeakjlpYewx1wmW9SZdV/zxyt5rQUtmMj3F+IVktbOWsOyXwSz0CDUlKkVKJdvzATlWdIjteKTwKEgS8RWjg5H7mGylfxyg6YrHYAHTZjC4J1Qz2CwWmAFxzpFCkHvF6QwAOUg+ST+crfw4DiSamb6SKjIg7LNz6VZTOeji6+71Q59u6g2RcdgNowzgrrQCAw7qHnewbFX/2IOW+pdASCB/q9/7218yM6fzMtcPHPiDpZ2tLHQd+45zxZpbUXXCNdNm5v9OTjjK+uA0ARLOVCw5gtd2FbKsJcwyMhXY/h028tgdRhsXIalLolorrYBPx9hR+UHU0TNihspajoNYJCTuJccMiwo8N9AT1DIdUXcOxrQL80RvWY0S6rBzES3q7a91aC/lGEmS/beO7MDgOKaEV+qwPZOLOZXWAesqsR3sKzpOdPx1gFrLvX6vIhAtzuteH0KvKujIAhCg0sEz3Ct/A1S2uNtohz8CstvEEqP6GiR6/X+sQRgxOcXGPQglz68FFKOErIz5XZJBz5+14u/lady1jxhXnVW0cxZDgmqmAvNbrQ9JjNgBvremaDUvuO5R5V5K4MHAMsNQ5yxE9iScXEfwmEvo+Gj4huJwXvwLDE/1TqIaQWX6LfZKOOZ93ivhj7eEiAz7TsLojdNUeDhnWGOYcWbEkMNzYyPb7obN/HgKzcuSixpYm+IZu4sOzXyoO5Lblzd7OObtG4P9jIj4cdxF+vm/s6MYYxtst7jRwzcv9vMLETDXx40IOSqTo2e8New2e/D003T4jx2sis0+68Iyg9m8ltEYb85v6oGFshIdafIGKBaNHm/zIL4Dw03M8kxxfuVuWZD8S2P3bnfryfA4lbOZttv2DnlPZf/Dfb+Ax5qTe5yn4uzLYDTqq9rIqdoNYUmx1OaxGa69oTIqCpL7FC6xe+9NnTEdojl9svZUhtGfThiphYcK72lryqrTyYVuAOa3WjZtHgUJ5lU8x79eExXyDexmC4RNDszar+qMiwlzMC977qsKczfTGe2audm5PLaLTYhWSOZ1p83d/xhFWhLmqjqHrPF5kYrnG+W4ZuVIqxJOrLHQhseKc4fFZrF/XCusgIcoDEq81M/EmHeEDcuWEYldn1pjbE8yzb2ZgfG8mycNh8z41lKsalKmesyZs0k0IvWmrdCpLXqWl/TgsPSO1q+zbQHyfiNewoZec3GC8k1k64zrG3CNI8bP40L6i4Uo/GFPS/y0OjgQhww+He0bWY7yP9MKqdbahpdYQE9kYU5yoJTUG+ZYRir6h6o/JmTJQy4QIvwmcx2jiiA5XXpj3cYAJ9/3eHDFCeg==,iv:QeYNlLR97tdC9i5N909GnoNyBwNNiuljF/eVbdhvGXg=,tag:lBWDaaZMQRPX/4Ln+oUQPA==,type:str]
#ENC[AES256_GCM,data:8u2UAE6lXi0e6qKJxB3VP1k7hmfUYRcejXoR7K6NIQ9E7AqOlMiLDyQFw77NBlqpy0G6mPVOnC+XskGAscm3TLFzs7+o+/i0IxH7uDPwoh+U,iv:n4wheHkpPbnKeXb4DTxwks2bph4LO6xQW6LcrlA4jKU=,tag:mgwa7rYvqoubFdQDXJADZQ==,type:comment]
sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3xQz3oR14CqSVy3hjQEkqcezwj/v2ELrLWid2hK+lDtY,iv:TNoJ7Kq3WDkkPBLG3a+N/A8yBZcx7Gc0jaBToYX3Y5M=,tag:VU5P4YtzMv1FVc3ugig8TA==,type:str]
#ENC[AES256_GCM,data:685Grzm+Qw==,iv:sswI1QEvU3nXgQCJcF/O4n3a1z3r6fAVAOSF7W24PZw=,tag:cH/AroGEBfCnnepyqtjt0Q==,type:comment]
@ -15,37 +16,46 @@ sops:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRmJhRHBxU1VnaEQ2eEpG
N3NyYmtBTCtJU3FGUmJRckhoQUxQK0p2SldnCmJiZnlLS0tEOEg2a3NOYXAwQWhT
eTlWMDc3YlpqRDJyMWpKWTlINS9Gck0KLS0tIFg0V3RkSENqRzhRWEZxUGZZTGRo
b0VJcm0vbVNqWEt2TSt0RW5zcXgzbGcKkKul4wrLfQ/mP9o1KfJ3w/hrlyuD2K/h
4i8d8q7Yr3ULXpPPrYNWJ+1u5yPrKtj/YjkvsbCR5sQLPe8EcTK15w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUGxsbitMNnlTZlRZQVJl
RVc3TUtHaWpQdk5RVFkvS0MxSkVxWHQ1MFZvCmw0M2M4VGRxb21nVzkrNWIzK3Aw
dVB6bWEvQ0dtbjZobTVCeE9DUEpGV2sKLS0tIGhya2RMM2w5VHlHNUdGK1FNZit3
OWUyYnZhSEhtMzhTenZMRU1yRis0WkkK/iDe1XgGJumprZU23G/Imhbqpp5ehfMe
I+XlSGn0/ry1SpEV0bQi7ZMzFxEfhX0avLsmxTeoxQJuN2m7ZOQCdQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bkhNaDZoUFplSC9SZ09a
aENIa0NYVkQ4ZGhzdE4vSS9zeER4L1Y2dkFFCnQ5SlZTQ0NKN1Q0WWR0S1hHZmxi
Q2pPUHRHb3VyQmFPQW1wVllkR0pva2cKLS0tIGphY0lUTENCVG1PcVo5SldaRVpy
RnJYK1hXUWhPZjdkV2FUeThTZmlJS1kKmmoKeEKRQEHtgfXAd7x6VtfZm2nLWxle
2k1N0N77p8QzoDIkUY5I8RjQS0V8wOLwOSVYDe8j3erw9e9GhDqEbQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OVJ5d1p1RURkTjdzaWpv
OXViZkhzZEZwYzNIZHdpeUVNWlM5SWJGYkFjCnRrQWV6UUM0akIzaFVxY1dzaUNa
OVFRczZaUjRXSGphcTJ5TGtZOHlSeHcKLS0tIG5QTWMyTzFlZkdIdnVGT2lpTXR4
TXJybjNjdmwxRVMxdERIS25wRTRCV0UKy/N8YBkxD3f5qTBOPj/iysFr/Ona1p9H
JYhjZCojB4Ua1b2Tv4Gz2Fvi9B2fOWBy0/LSPA6CRchG3IWgKm/B6g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-02T16:39:58Z"
mac: ENC[AES256_GCM,data:2aw294lkCFt3Yhf3I3Py+mSgQNcFKjyQSJiCvS3+iiraR6ukT6gN3eIwPk9AmUgCDBJBhOe8Nlx3gq9lYz3SI+B2sVnt27Fxe3kp1Ip894Lg2XyA7TynTJJp2eIrFmSO11FhQaMDO8D8+kraJFzLspQ5/j/67f+smkiIFlpXx6g=,iv:DPjOin99RR6EoG1FA4f5BexpYeyb4xy1iWiiq4y+JEA=,tag:i1CQI182/VILveC8Qw8rWQ==,type:str]
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNVJBRlptQ2hWVy9MRGhj
MVduVkl3YXZEVlMzNksybkZjR1Z6VnQ1MGdRCjRTWjY3RTlpY096c3UrMHlaUms0
MDc3V0dTUnpWTjcxcGZNSmVkUElLMjgKLS0tIGFkMzZ1eVh1a1ZzckxseFh5T1VK
eDZSbXdzSmJ3dkJHSkU2R3JTRjlxNDAK1k/SYCf1nWEHKRzlJbvx1U5NKYSEzi0/
wE4SdLjMi4io2ThNif4gqVRCiRQupiILx4VnlM4lN6Fk924zATUUYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T20:14:22Z"
mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str]
pgp:
- created_at: "2023-07-01T20:51:41Z"
- created_at: "2023-07-06T18:55:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQf9F7sIYPoz5fsqe8an9+suc5OSoZI/tA/+UMWO++Nn4VSA
ZEmxqyDvnc/KxHyFwHjISyOJkbd8L23ZdO6Fgn0wjm+z3houqMQoaKdYgjpOBFrI
3nq86WkdKKVy/8RzrDCQ5gKIy4P1zeiyOio12n8G4cUt0B3uo596qKoWc6duUiEt
Z6wSPDEaciihTrbZCYYDXvElXO6uY5S8fBRdhsY8aNKLgh0vIYlQw/aflN4EiuC/
OiQkRwp8CHcsdkUo/pngmBaRVlW4uOlv/QpZ3/zXTqx5UazQlb+xmilBCFt6jgWs
+VhemXci16j6S6myw/heSP2Z+Gv02cRiFcpz64Z0QNJRAQsRJTjdB5OS/IcaqXs3
SwgOL9ga8vd4OZW7Jc2LQ1TJCarKUCGT0YcfOjv4CmtLn+2MDCLr+syg535/clbK
VXC10xjRrhlBaCQ9vR1N2gBp
=TJW7
wcBMA0SHG/zF3227AQgAo5WdFio56L/EtWKV590N9QQ9Gjm9IWm0G+H6YHTNlpfO
erhl1AZds+MNrInw0uSW7Mx/wZ4awv8+JVkMN43qupmDIcgHmWmVoqB2SaUA60qd
gkFYP2fWlmgzihl/DnWUn1M4WrD8sGJIwkulg8FX9h40f7mEhb0MsftsUuhmxOBp
GTJDtT/A7wHMRY71mEzIyem8XOA7nAIO7r802Tyni6H7zP1qG00vF/sastbbzB26
+7MTpSZz8AuNPG/P7rue7J2BL0S8ldwcPsGX9XGt2qFbeNbsOUfJn12miPSEZHWU
jIYC1rWLVJ110O0ZDDMJXyfBW5XrFAkA6XkCzzPgodJRAYKzTD+bMg44vuwTCRmG
wcdv71+hBJeXtF1g8/YueaTWpPJ5j8m6Ntp1d5pYPetlRmhwLzfSoY1BUXA6YkGb
Qeqr3q7oGL91sjasjZQorc3h
=6rU4
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted