steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP: add router0-nfmnk and connect router0-dmz0 via wg

Browse source
This commit is contained in:
steveej 2024-05-25 21:23:43 +02:00
parent f0c4b67ecb
commit cdf973208f
12 changed files with 686 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -15,8 +15,8 @@ keys:
- &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
- &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
- &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
# - &router0-dmz0 age1jetxwpmd9hc4crkjtrdle2qxn9dlq7vcmqhfslv0vlxctrk4u3xq8hcvkz
- &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
- &router0-nfmnk age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9
- &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
creation_rules:
- path_regex: ^(.+/|)secrets/[^/]+$
@ -35,6 +35,7 @@ creation_rules:
- *sj-vps-htz0
- *sj-srv1
- *sj-bm-hostkey0
- *router0-nfmnk
- path_regex: ^secrets/steveej-t14/.+$
key_groups:
- pgp:
@ -74,6 +75,12 @@ creation_rules:
- *steveej
age:
- *router0-dmz0
- path_regex: ^secrets/router0-nfmnk/.+$
key_groups:
- pgp:
- *steveej
age:
- *router0-nfmnk
- path_regex: ^secrets/sj-vps-htz0/.+$
key_groups:
- pgp:

1
flake.nix
View file

@ -157,6 +157,7 @@
# "srv0-dmz0"
# # "router0-dmz0"
"router0-nfmnk"
"sj-srv1"
"sj-bm-hostkey0"

4
nix/devShells.nix
View file

@ -76,6 +76,10 @@ in {
(pkgs.writeShellScriptBin "r11" ''
exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@
'')
jq
yq
wireguard-tools
];
# Set Environment Variables

97
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -211,6 +211,7 @@ in {
vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange;
# lan.ipv4Addresses = ["192.168.0.0/16"];
wan.interfaces = ["wan" "lan0"];
wg.interfaces = ["wg0"];
}
//
# generate a zone for each vlan
@ -342,9 +343,40 @@ in {
};
};
sops.secrets.wg0-privatekey = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg1-privatekey = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg0-peer0-psk = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg1-peer0-psk = {
mode = "440";
group = "systemd-network";
};
systemd.network = {
wait-online.anyInterface = true;
netdevs =
netdevs = let
router0-nmfk_wgEndpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${
builtins.toString
repoFlake
.nixosConfigurations
.router0-nfmnk
.config
.systemd
.network
.netdevs
.wg0
.wireguardConfig
.ListenPort
}";
in
{
# Create the bridge interface
"20-${bridgeInterfaceName}" = {
@ -361,6 +393,54 @@ in {
DefaultPVID=0
'';
};
wg0 = {
enable = true;
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
"10.0.0.254/32"
];
PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path;
PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=";
Endpoint = router0-nmfk_wgEndpoint;
};
}
];
};
# wg1 = {
# enable = true;
# netdevConfig = {
# Name = "wg1";
# Kind = "wireguard";
# };
# wireguardConfig = {
# PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path;
# };
# wireguardPeers = [
# {
# wireguardPeerConfig = {
# AllowedIPs = [
# "10.0.0.254/32"
# ];
# PersistentKeepalive = 15;
# PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path;
# PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=";
# Endpoint = "${router0-nmfk_variables.ipv4}:51820";
# };
# }
# ];
# };
}
# generate the vlan devices. these will be tagged on the main bridge
// builtins.foldl'
@ -509,6 +589,21 @@ in {
vlanRange
);
};
"50-wg0" = {
enable = true;
matchConfig.Name = "wg0";
address = [
"10.0.0.1/24"
];
};
# "50-wg1" = {
# enable = true;
# matchConfig.Name = "wg1";
# address = [
# "10.0.0.2/24"
# ];
# };
}
# configuration for the hostapd dynamic interfaces
# * netdev type vlan

256
nix/os/devices/router0-nfmnk/configuration.nix Normal file
View file

@ -0,0 +1,256 @@
{
repoFlake,
pkgs,
lib,
config,
nodeFlake,
nodeName,
localDomainName,
system,
...
}: {
system.stateVersion = "23.11";
imports = [
nodeFlake.inputs.disko.nixosModules.disko
nodeFlake.inputs.srvos.nixosModules.mixins-terminfo
repoFlake.inputs.sops-nix.nixosModules.sops
../../snippets/nix-settings.nix
../../profiles/common/user.nix
nodeFlake.inputs.nixos-nftables-firewall.nixosModules.default
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
users.commonUsers = {
enable = true;
enableNonRoot = false;
rootPasswordFile = config.sops.secrets.passwords-root.path;
};
sops.age.keyFile = "/etc/age.key";
sops.age.sshKeyPaths = [];
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.secrets.passwords-root.neededForUsers = true;
}
# TODO: extract this into single-disk VM BIOS module
{
boot.loader.systemd-boot.enable = false;
boot.loader.grub.efiSupport = false;
# forcing seems required or else there's an error about duplicated devices
boot.loader.grub.devices = lib.mkForce ["/dev/sda"];
disko.devices.disk.sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"]; # Override existing partition
subvolumes = {
# Subvolume name is different from mountpoint
"/rootfs" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["noatime"];
mountpoint = "/nix";
};
"/boot" = {
mountpoint = "/boot";
};
};
};
};
};
};
};
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_scsi"
"virtio_net"
"virtio_pci"
"virtio_ring"
"virtio"
"scsi_mod"
"virtio_blk"
"virtio_ring"
"ata_piix"
"pata_acpi"
"ata_generic"
];
}
];
# sops.secrets.ssh_host_ed25519_key = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_ed25519_key";
# mode = "0600";
# };
# sops.secrets.ssh_host_ed25519_key_pub = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_ed25519_key.pub";
# mode = "0600";
# };
# sops.secrets.ssh_host_rsa_key = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_rsa_key";
# mode = "0600";
# };
# sops.secrets.ssh_host_rsa_key_pub = {
# sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# format = "yaml";
# path = "/etc/ssh/ssh_host_rsa_key.pub";
# mode = "0644";
# };
boot = {
kernel = {
sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
};
};
networking = {
hostName = nodeName;
useNetworkd = true;
useDHCP = true;
usePredictableInterfaceNames = false;
# these will be configured via nftables
firewall.enable = lib.mkForce true;
firewall.allowedUDPPorts = [
config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort
];
nat = {
enable = true;
};
# Use the nftables firewall instead of the base nixos scripted rules.
# This flake provides a similar utility to the base nixos scripting.
# https://github.com/thelegy/nixos-nftables-firewall/tree/main
nftables = {
enable = true;
firewall = {
enable = true;
snippets.nnf-common.enable = true;
zones.wan = {
interfaces = ["eth0"];
};
zones.vpns = {
interfaces = ["wg0"];
};
};
};
};
sops.secrets.wg0-privatekey = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg0-peer0-psk = {
mode = "440";
group = "systemd-network";
};
sops.secrets.wg0-peer1-psk = {
mode = "440";
group = "systemd-network";
};
systemd.network.enable = true;
systemd.network.netdevs.wg0 = {
enable = true;
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 51820;
# PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM=
PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
"10.0.0.1/32"
];
PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path;
PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04=";
};
}
{
wireguardPeerConfig = {
AllowedIPs = [
"10.0.0.2/32"
];
PersistentKeepalive = 15;
PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer1-psk.path;
PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4=";
};
}
];
};
systemd.network.networks.wg0 = {
enable = true;
matchConfig.Name = "wg0";
address = [
"10.0.0.254/24"
];
};
environment.systemPackages = [
pkgs.ethtool
pkgs.neovim
(pkgs.writeShellScriptBin "dbg-ip" ''
echo links:
ip -br -c l
echo
echo addresses:
ip -br -c a
echo
echo vlans:
bridge -c vlan
'')
(pkgs.writeShellScriptBin "dbg-dnsmasq" ''
# get the rendered in-use config
pgrep -a dnsmasq | grep -Eo '[^ ]*conf' | xargs cat | grep -Eo '[^=]*conf' | xargs cat
'')
];
}

34
nix/os/devices/router0-nfmnk/default.nix Normal file
View file

@ -0,0 +1,34 @@
{
system ? "x86_64-linux",
nodeName,
repoFlake,
nodeFlake,
...
}: let
variables = import ./variables.crypt.nix;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = variables.ipv4;
deployment.replaceUnknownProfiles = true;
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
./configuration.nix
];
networking.hostName = nodeName;
};
}

151
nix/os/devices/router0-nfmnk/flake.lock generated Normal file
View file

@ -0,0 +1,151 @@
{
"nodes": {
"dependencyDagOfSubmodule": {
"inputs": {
"nixpkgs": [
"nixos-nftables-firewall",
"nixpkgs"
]
},
"locked": {
"lastModified": 1656615370,
"narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=",
"owner": "thelegy",
"repo": "nix-dependencyDagOfSubmodule",
"rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c",
"type": "github"
},
"original": {
"owner": "thelegy",
"repo": "nix-dependencyDagOfSubmodule",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1716431128,
"narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=",
"owner": "nix-community",
"repo": "disko",
"rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715381426,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"nixos-nftables-firewall": {
"inputs": {
"dependencyDagOfSubmodule": "dependencyDagOfSubmodule",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715521768,
"narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=",
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8",
"type": "github"
},
"original": {
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1716361217,
"narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1716425501,
"narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=",
"owner": "numtide",
"repo": "srvos",
"rev": "1122cd50a23647e09c3e7a679d37ec02113bc412",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

19
nix/os/devices/router0-nfmnk/flake.nix Normal file
View file

@ -0,0 +1,19 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = _: {};
}

BIN
nix/os/devices/router0-nfmnk/variables.crypt.nix Normal file
View file

Binary file not shown.

13
secrets/router0-dmz0/secrets.yaml
View file

@ -1,3 +1,4 @@
#ENC[AES256_GCM,data:ZkUrwF6DTQFainYhDA==,iv:VDjRBF4WfPmJdKtUpZYJcOPxoUYT3DUxAC9ct7EvFss=,tag:efllkpv2SxRv6+DyuqRQCQ==,type:comment]
#ENC[AES256_GCM,data:QydWKuMH8uixprFup1rEwvPkKAMw0yat9MOOK1DleeCJ5tqRqrPh9NiOpJs6nve8Rmji3WyrHAkUaK9zT/f8VKk=,iv:I6OHO6sLTtFBV6CYGmLh5owCrNjzS/LBjOjW9VovGlE=,tag:Vg0IZSFbYa7UQvuPpmMVKw==,type:comment]
passwords-root: ENC[AES256_GCM,data:+8IcZ4pbJ1qIjRCK7oycmgOVWy6hzc2oDISYMMqE9SmgRE//PQ5ABwtBtpaghrhZTXrUV2l3qsvTHD9UdYRNMB1VBlM6vn4Iug==,iv:2eUIa46QNby++yLK9dax/SD7Ajtj+U0ptheRuKV9r+g=,tag:5tA5rhm1eztDh7Q4d+C1BQ==,type:str]
ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDukRbzel7hUiDqc6ELQAvffRqJQUtAS5Cfz9PzVcnyEA4wapvK7RLFavOmaN2MhcnQR24oQks5RVYmlvcems02Qovd15iE07XR4KCDcmQ5/XM5v4/RxW2zYzV5Il67Vzhij2wA9bJ7D3sbKUfyc6pBoIXvURbq6QO8ZMIU6ckAuOqG2230KwXLdz/ld0s3Ir1q/7t+rrrS7BPkeA+SRdYhb5XDOTKtfgFxNvdI6DSETV+q67xAalAkM/cZ2rqHJQd+wgH2VIPyiGqeq6LvPT0vmopFJn0CqQA2HauQAmBNIAtXel8GbK+qA11XilMx+hp6qhVH+BnSWWY3GriGfaGlpUZ0E7uymqRkpRwBcHmZto6E/E/XUxBfISVyJf/2RcTy10RelWLJtNuaXT2eHgXmZ/uAlcTGlCYYirr5g3iAGUoqxYbWlZb9SdqVO/0PLCZo7AkDWxk57wer/lHOG59ZpoiZnanaMIaNqJ7Tsslvvm0JuoP,iv:2U5IpWTRyQ8basBRoYpFe6Ycc5qdeCUAUTwlEHttRJU=,tag:jA0mFsMxWKq7dnkGQWNP9Q==,type:str]
@ -6,6 +7,12 @@ ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLa
ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str]
wlan0_saePasswordsFile: ENC[AES256_GCM,data:ylY1LwMYlHdvYIVPIIr65BuxkW/BHCikkbGO5nNSU9WVekWiDXNIt2EQ2sYcdqnvZMGvcG0G4SQvCwpNO8ihh/RqcLYpTxldI8zwSqAwvATu7prV8l2bCvBQ+NXZ3yAW,iv:L6ncjd0u316gF/3InI7cuqO1kDpH7ahWGcsssYfb2YU=,tag:IAqt8vSDjW3OasOTJ44PeQ==,type:str]
wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str]
wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str]
wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str]
wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str]
wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMmdAMtztGqdrHzXRE=,iv:tIEDtHa3s2/Shg6Kw/8G+xjtixH32fxS3l5KtR2VUIs=,tag:JpKjYmV2pPip9hDkKg8pRQ==,type:str]
wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str]
wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str]
sops:
kms: []
gcp_kms: []
@ -21,8 +28,8 @@ sops:
THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv
J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-25T21:25:35Z"
mac: ENC[AES256_GCM,data:Sk3eyBaxhL7cX78YprYsv75oO+auEoxxGHCk1MRYGcAkat3vrc2vXjmKn6SsVQC8SWvu2YR2dOGU85Z7FCUUmmnwKeh+1PKMsurwfrNkB4umADXjaESNUWNevzAK9LR4pI1I6rGzl7mFEFYGEPd948JMOfkIfwNm1KMmETGkkI0=,iv:UzfDF94UFjPuEgRkpkRyLxSwZGymZclboHYQ/HxulJQ=,tag:MIBhvegV4NaZF+nGShotPw==,type:str]
lastmodified: "2024-05-25T19:21:30Z"
mac: ENC[AES256_GCM,data:TulnMjElIqQOgimCrMRk5kIXYED8GvnTQeefoeTCpgndl9fbraPjB5O4VMPJkotgWDSn4DF7QTUSarVB/6Th87xe08RxdOAW1maj5i3ZlMeKoGOHGNp3nVEpaaC455qtW9ZfXW1gxoG+HRBtsFJe3ZYV2gban+ByDVwiEdr501w=,iv:LQVUB+LE0xSBznHayhEGKXvJsz0r9Y3iDhS6JGx2paA=,tag:QR2Fh+GqOiLb4j2xKE3E7g==,type:str]
pgp:
- created_at: "2023-08-11T16:15:11Z"
enc: |-
@ -40,4 +47,4 @@ sops:
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1

43
secrets/router0-nfmnk/secrets.yaml Normal file
View file

@ -0,0 +1,43 @@
#ENC[AES256_GCM,data:+I8pZeH8kkkGaeUJ7A==,iv:5Yv2K6pU33CA82oCspb5exjaAPMRszslozTphxvDhbw=,tag:OpKwj8SYXSMcLlusEVX7GA==,type:comment]
age-key: ENC[AES256_GCM,data:8L4IWs31RUXGns25pP6BrhFKVAYvVY7yIOe6MSk4abvgks2eyHnQDTiSKVUQGjTyZFVbQ4mtF9O8CmqqlaK5z4nrUYSUN/Ustc13L98V+PMUOxljka0UL/pOe36aHEQz3Z2MuobEtZHwccPEqWhOlF2v+OgFQ4Kp2Vczw9REf4ahxyqz3fz58ymR8HKfTHD7YBawEAgYU6WVyrLfyA78860pkjlYMwhnjkVBvkP/zd4H+L2JxzjwUeUCqcm0,iv:8RwmmtgKqLsJov+DxNjvtjPk8t8yVmRhRa3k5HdCvgk=,tag:CZoZL3aYucIk1JENWY/mMQ==,type:str]
#ENC[AES256_GCM,data:62US77UkclVlR3klMH6P/oYC006vFa6DEVgvmemMFh6INuw95NyRwJaiMs4EGaNFuX+jkfBbtlm0MQK73rXfGxg=,iv:UALT0vebke8KDPdroZnC3rSUCB0CmlX9dfbLqNAlJ7Y=,tag:iKxAWDTdUZDBD0PWfomeWQ==,type:comment]
passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/UdybLU+1t/VRo+KPLYRPpXQBbsBaHVa/XOiOqLK9dPDHuVZBavnTTMC3Yg==,iv:pqjtzPH+T8CLJsJusi5CpVklPUAnioIoTjBXAR3y620=,tag:vrGzZlRX1TJ5b6Wxt29V+Q==,type:str]
wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str]
wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str]
wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str]
wg0-peer1-psk: ENC[AES256_GCM,data:l8H0bDF2XXq6W5sJCXHUEWqIJu7YvAyqhPaCEK/Dcviv7lnwvKNLxO55i10=,iv:ADAFkWG+cbqvqfwNdaHv7ONqFtWjmAhIf0hRFBW6X6c=,tag:hwsljm8GlcF9NeHHE5WTXg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TmJFN2pLczE2eXg1bUZv
dXlmV2hzWHI1dkdHcnk3S0FaU1N5d3RlSnlzCmxObnZqKzFhLzloVWxxSmRPVEJD
ZUJlUi9lL2NkNFJESkZiM0Q2Tk00MEUKLS0tIEthd3FZeXNJbzBuU01EMGxUY0VW
cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z
X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-25T19:21:33Z"
mac: ENC[AES256_GCM,data:zw79GU+OINSJWy0hHeV33ZOPkrxrRCyd31XpcbWAIkactRL4rumXhHWxcd5QAvmloFa8Rb7q6drRIu9kt7nXrr8+HK/xWoj+AxmXHFMEi6aC0xdhsyBfl7+Jq3SRTUf6tHFxyHVRVWyZXnhV59xf2Vwmy3R5/0vq50c8UQ8vJww=,iv:czqwgGcLXR+FyXpTuuXIH8pF/P1s1FrZxtqI3joLZCg=,tag:DUq+cACVStNX6u8LfYIQTw==,type:str]
pgp:
- created_at: "2024-05-25T18:38:40Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQf/YU2onj7KSmYwuZUOVjSKcLEC5H73eRR6qAms5vlHoIot
SDlMdcYsoz3nStqb0QTEACmChYy1ZpwCSqkVsPzyhQNlu9xuUiZU2VUV2M7umLjU
EL2hbVD/tdPhf4hb1sHWfHWYaIb9nZ++Y0Gnl+6fKcZMPRL1t1FCAv77Wh7qocKh
RI5EkhSOm0O0Yv17F42bG2xMEP+Bkjd/76fvZeic7q7MF9gt08Mzs/pDnvxjYYP6
nrR2zlbiCEhZBpbWNexlqWbl8TXpZq/HIkaDrplJExp78XQETSi8YCqIPhbD11NU
aKD7XwAtcGJqzaQNHpo0dcgGC/ZlBM2JFuT3f1FhOdJcAbor1d3CVA2sUOMUfCB1
eKqJaNsiS5lYmtVlEsRu3YISNP/b8byLihoEliQSq/CA6Du9ya/ffqAuErh/biEv
03KS+MO49uxXvER3XU0SFEYT+ecWPbNfllMGJJk=
=/YnW
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1

119
secrets/shared-users.yaml
View file

@ -16,100 +16,109 @@ sops:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWFp1QUNPeEJDci9ibTg2
ZUNkMVNld1ZxNkVmUk9jMld3L01ndWVtakZ3ClQ1V2crS3hITG8rSmx4OWE3RU96
SC9xb0VybDZDN0FwU0JTTHJPRDB0QkUKLS0tIEU5cmh3bW1iWHJ4RDdrUUF0VG5M
MUhWRm5qdnpCUFZ2N3FvL1FITDhNMmsK1TKbM1jrJMvy16yhZwLGcqOan5RTiKYu
jVaSgPaxJLPhtWReAH5RM2JOmrET1DdI7q8vFD7eaJIzKdBxAIwhQg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djVXd2MvMGx5c2RMd1dM
SkFVL3VUeksyRjZmTkNKZWl6Y2N1M2NWZldrCkpzYy9aMTRzSGU3SlJLUGszUWI5
NnZDb21MMmd6Rk1iaW4vMDROcS9MQXMKLS0tIHQ4S2FqdFRPNlFJcmtnNkVIazdS
OS9oNTdjQ29YamgrUlZ4N1JtUExuQlUKPsFIiNz0jxcA91+i6WeSTchO8F/9WjWO
SgGsoRYKCXIXmIunib19LqI3DW4yE5YoLsvh6UMhFcKsqKObhf91IA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6K2x0c0swK1lHb2VCZi9v
RUo5VkRPayt2V0RyRVVhSlRGME5TMm9KZFRFCnY0NTdEb1FqK1JUaUdmQ09mOGha
SCtMVnRWYUpmYkM5OUY4TlJQd3MrdE0KLS0tIGdiZFpuZnFiNloxMTNFOWhoM2hV
TlovVmMrVHdDdmQ0dnRhZWxRZHJkMmMKpYOiZy2BVhddpSNiXasycmDaD9lA8irk
ThkO0iaLu2fG7RhT9A9VfXu6eE3ZHN6vr4hv/ItzAbP+T8Ro+Yvwfg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcjFscitrdTJQVFlUbDQ4
SEZFb2IzYzc2TDV0ZHV3RFJPekhvYnFFM0JNClE4U1hLaWtKaFA0anMzVWhra3F0
d0NjcmRuUkU3bktBbDR0ZFZBQ3RGaXcKLS0tIEgzamVrdnBrYzdmOVQ5cTI4ZVAx
TVdNMHQ5dCtJN1QrN1d4SkFIVHRQQlUKDAXRh+T7ds0k5qNMjYzhlXKIka42EwXF
eQLAeqPkggpJy/N5B4Ia0k/QwBm9TXRgyE8hqf/GMnX0D0oW4CT2ig==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuS0FVR3N3YnRlMXBwMVpj
elZ6dVlyMWRoSUx1UlVmYThBcWFFdmxEWTNRCkhFZEVDUGpsS1ZmelBSQVpZUWVC
ZlNqcm9EVXF3U3hLYThpbGVSeVFDNDQKLS0tIGV0bkI2aVNmbnJmR2lqSFVLMGNr
aVZFd091T1U4QVdVcWtSbnppd3BEODAKPzj/phV8BijdFewcwBV+loKk4o1tBJ6t
CP8kwiIb03/lCd9HmyLgAUt0PlMJFbT4FJNEjwBstMErUdvClXO3dg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OVJzamVZTGhmSk1MQTMx
ckJOSUtpcU9wOGphV0QvSVh0VkFEc2RldEFZCnhQL3JVWmprQ1RJYlJwNHdvYVI0
YTFLeFprTUJ0dENEQWxhMWg1eHVKZVUKLS0tIC84RzNaOUVMWjhMdGM0RVl5Wk5m
c2ExOXJBdE5pY2g0MXlxbHJTekNjQXcK/P3Q2oxcS10nETrUKBbHRK946MPNtn18
MbkiVGUy4LFVQWv4Zeg0QtXg/vY7ToEAB0sSZq9zgFrorhaaTWoZ3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOEZ0V2pOcStDb2YwclZG
U0t2RklFMkJQdE82cTVDK1NGMUt5R2R0c0VFCmV4Q2Rob2E2REVMUlRkeS8xTVVu
U296N2FFRHpmRnJPQjRBUmRaMEpnL2cKLS0tIFBseEpvSTJ0azBRUEVRa1dqT1RK
bFVpbVY5RU01R3pEcWFsQ0pkQWkwYlEKIW1AmTBR1UIjD9n3o2QyWb/FfUUa8qQz
b0GtaaQkY17GyoBzrBh0G4D2yziPy8N9AwOTaaDJ7l5VZq9ydKbTrA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHkvcEdNdnhhVEZBNVBY
akpUdkgyTm44Zm1XclBrbG1tUzBQMHlBZUNvCndlVjRKOVczYUZBeWpacHQ4OTJC
T1pvdFQ2MExKNnBoQ1ZRb3RQeW1NeDAKLS0tIDBQT28yTzVoZ0h5SVlESVNoYXR2
aU5mMWloSmpSalVhR0RWRGpTTmdHbG8KG2kC5cgaGluNtQti1WdfJFNg5ZICDIxn
Zp9amoUvT19cb1pjV5l7P8+EKg15+4BY9eGAB74yzR/R675YhRhygw==
-----END AGE ENCRYPTED FILE-----
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YTZGb1pXSWZVNk95aFVp
UTFDUHlweGVUQmV1KyttSXpjeng0WFd5d1ZFClJwL2xGVmhlTlJzNVhhaElmbnl2
K2RmUlR0SzNkMWhmb1lOTTMyVUt4Rk0KLS0tIElFV0hCZVRwWTNJYldmR2ZYU2Rm
dHRuVThQRm9NT05HdzdHOWh6R2dLYnMKvrsQXgfRyHOl2aN64JHPXEdlvcHynEss
I4dCLuvKuPh5WjcFZ16zidGzffNKZTHsXPv/WKFUsy20lONByRuRbA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkE3OFFQTXFpWWlZRHhS
Y2xKa0tkZTEwU09xaHd5R2NqYnFlanRlRkhzCnV5QUZ1QUxkcHpWMUtXNkdJakx3
cTluR045QTZJSldDdjhhTFNOSmhIbDQKLS0tIEFDdnQ0RDlERTUrb1dWSW9OcmVW
Tk8xZEVPS1gyWGZUckZrdFFpbmlEUmcKWSqJ5bJ/vY79y9CA7KSvg8+I5nyP8PmZ
/EZEFld4gx3nQ+A9nWTU+WCL7vouZWO47AEraEkMu2I5Y4XprarcRw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WndIcHhndkVjazRKV3Rq
U2JjYTZyYUhheG5pSlI0VE9tZ2w0SlRBM0JBCm1YSWxFa0RjVUhFb2xHMnMxbGZy
S1V1b1RMVExFRW0rUU03YXNjejJ3enMKLS0tIHlwdHNNRHNYL2xyeFFCcHdIVFRi
MDZaQjREbWw5aG82NG1Ea0J2d0tTMWMKCodGBDTKbq5qcmtrAh0HrdZ7fmEx8VhH
InCa5SXSRo7cVQe6VRBczF3RC/Mc2u+xzEDd1XbyGviqt1CkI1UPRQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbGJQSVRCZnVHVzNuSkRV
K2JMc2xjQmk5SlRoV2QwakNmRmtBK3duaWhrCkIrQ3pHdUtRYVpQVWdpZEpSZkw0
OGpCVEZjZVBjQnoxRThOTG5XREFrcWsKLS0tIFlMWGF0WU1IcHRva0laSmpkZHpG
LzlYaEpvSnlLM1psVkgxQ2lTM0tmMWcKlbgNVUxycS0OlBnMhQTHIQG6ymXvewJP
byY+qCJBzU1Nc3XuLhng9NkwH/E7YCrjC9ExSYMhwJmlT9k5T1mG/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDa2YzeTBEOXlIcUJlZlVl
NUdCTGRYcUhOa0dkRjR2RHJNZ3VWclJWd3hjCmFZY0dEVTlwb3lNajE2emFCZmZ2
SkhTejc3cFA1Yjc0ZHF2TjRYZ1Qvc1kKLS0tIGxDbWNjaXlvU2ttbDR4NW9UYThr
OWRZb1d5dkxETCt1RThQK0Z4cmJSb28KGrAeCR7Q37WwyEzHT5CvaMVmVUoyv1s3
dDbEu8mtNhDBi9LYMwfbXiZHAlPWQ1Ogveot8vc4kMOAlvWMR4FwdA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTXdJajRyRlNvdGIxYTJn
NGFJN1pqRmtadDc5amhBTVNnQkRiZ3A2UVUwCmltVnhrWVJRL09qM2RqbEJKUmVu
STkzYzlhRld4emtrbTJsWFQ4VkdCcVEKLS0tIEVVcVRDWU9HK2s3OERBUmFFN1NF
L0RwTm9qUXBTYWlra2JXM3hsc2NUNVUKUFgLswYYPZJMn0TcvSFnjfR4NAwdYjAO
p4ZmxLaXFWY4E4lnsg2Ka8BUc7C8IXZprj0Qh1o3K4v0LXsSrmfKag==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT2dIMGFEbUErU1pYUXRR
Yk1tUmx2R3BmUXVhK1JMd3J6WVNwOGVmRkUwCnZBSGxvcFd4Y1dGbkg4UEF2RUxE
TUdpVGV1ZEpFQmNWN1ZKei8rSWJtaVEKLS0tIGRLd013RVB2eHhXeHpXbWoyaktu
OExualc3eWk1UGgvZDlNbWZydXBXWkUK0vhwGhegmrQASWqFQYpZgJungzt7vtfC
sBna05p6lnSEdtclUa1MZ/a9wlqAtmrA2fUarLnc6/bs0K8Oz9HRPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsU2ttUWJ5UkdWNzFkb2du
cTl2VkVmVGVzTUxlTm5jSkZUL1F5SzIvQlFRCnY1WnFWc2RMRnhOWlI2aGU4ZW5C
STU1K0V3WS9JdDU2dWE3QVA4bE4vWVEKLS0tIGJWR3NxZEcxak5hME5hQVJiOW8y
RFlXc0pOdVdNQ0lxR1JMNXpEdU9rQlkKZmZ/FUX3k7KrzXnyFBkpRE2DsJCC5O/Q
3KkMqWsR/93N+ujs8DhDv49sNFmdYLzexpNEsDbXour5FwvB/0scIA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSFIvcUEwbnZ6Qm95V3hT
SlBiSS9ycE4xTmpRR1l0SDZKYkFNVmtXUG00ClBKYzBMSmNOMmdCSktGV29WbFBE
U0x1K2dsU2FoVVBPSWthZ0hmRkdTKzAKLS0tIGhZaU9kQU54ZzNWVnhLNEozWXZN
Z3MvRnRGSUlVNlJVdzVEMjcxNE4xbWcKkS3GagirASPe/XnJgwBIZ9cCdyeOi9Uy
mcD5Pa6AU7itXL9pHtDcMUsDlKkKYWSUtouW8wAESWdXfFBd2Q+Vgg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnNiYkpqaCtySGdIU295
NkdjRGE4SHpVY2pXR1Q5TzloRVViYk5yRDFnCjFpbHE2RDg1RGZzdVZOdzlJSEVD
bUcvMUc0ZTJZZktsMVNkenR2RUl0NEEKLS0tIDR1Ym9OcFZFWk82ZXA4NWhxZ08w
L3lPZmd2TTBuZkkrOEtWYXBHNnppTGsKn6ez/ALZ/6oYs+rGghSij8iobHNVsmDX
Pg7yRSSBNUMSR4Dr3a/nGDuFEhLzTd/DyWSMAqnvo3kdETc0DB6tuQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR293bFZZT2tnRk8xeUJM
N1V4UWxHSDNsdldXdENpY0ZtSTc3dlNnQ0ZnCnFvWDhzS0xoSjhyZ0dwUGlQYnFm
WGdiVzBhZmJ6OEZCTXJ6MzhTVC9CbE0KLS0tIEhPNU9NTHFIT05jN2ZnL3doUHBj
VHpucmdFbU8rZ3VHYTNNZG5VUXp0aTgKYY/Zq+Rpeql+opkVFLubXdFi/abWeeSu
1LPMEFezGuuMnRDQlWrNAd6mR1yDW1T62md/wAH5O2quinVO5kKOjA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T20:14:22Z"
mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str]
pgp:
- created_at: "2024-01-23T09:01:13Z"
- created_at: "2024-05-25T18:40:21Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQf+Oo8GZF91ry7FhASb7USKTxKYFfdlJPWDxLFtBNSFkqdV
U7tOgAB3WJTSlED8Cs+6gyNNr3n7Y6p2KaOLYjft05T/Ms9pDuJAV1S8Ogfo5zys
W7Ss4hkCMZqIXZXTQ03yZner+8o8v/F/f0SPNji8znT2qZmLZbhwa2IPjmORo3L7
y4F38IVie8keQNWObSFqd7qVqKynHHg+ur5NmVgUAVO/wMg6TytV3Wa11Hfq50tc
EenVAyBW1GUOtsBCH8MOCgH4paZcrzkBPU2dK9UppUWzB5RxayIZT34Qf4mNHwdL
sa83I2MwMp0fuTW66YvJPR1vjcYgY/wOxxZw28biidJRAWpiGsPhGKg+AHmHNp/T
NjN/7MVxZMUX/DHm2LmF6sjSp99wqCl8yvEIrXcGXSSY218XZ0QgXQRhhErwCEaT
JM145ZTHicA2qi4NqMkfsvjf
=6arN
hQEMA0SHG/zF3227AQf+OkqA8iyYdOxo+43xpHvS9flq9TGucdzI+jldU0M7usG1
9lh51h7gY6p4xtX+yt5+7bzqaNYQtXlG/WvnK/9E9df4vLiAUmKbUM3jN2OhgHzm
8/WM7yez27EEqdKuipWG7NEGwCHHCEdN33m1BJ+nt7bKJ56yiNbg5TcaJhmZrirv
qiFmDKV1jJ80o+vRz6oaSYYh6YYOuEUkOufidJKQfSJCsC3xbPqwcJYfmAGNm2j5
A/m0N4QVNW/vxO2cEKv4e0RXqQc3BsycGu7TBAZr4QbX9o1zPY82uvCWYNbGq9x4
sgrXoXzBoGocPlEyaTaoD73zdx4di2qcnmWkIt5o29JcAW5w0g10kmuZfKfX8utm
L2wQ0gODvXHul5pBNt3Hgei+C8SMtfg3HPHjYK0F3iXt+KoIYDcl/NOWZmRuOD6F
l9iXEDrVmkcjRXNshHtQgxYSi+WSs3LiNMqU244=
=d1S1
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted