diff --git a/.sops.yaml b/.sops.yaml index 76cd8da..607bce0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,8 +15,8 @@ keys: - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &sj-srv1 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - # - &router0-dmz0 age1jetxwpmd9hc4crkjtrdle2qxn9dlq7vcmqhfslv0vlxctrk4u3xq8hcvkz - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 + - &router0-nfmnk age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ @@ -35,6 +35,7 @@ creation_rules: - *sj-vps-htz0 - *sj-srv1 - *sj-bm-hostkey0 + - *router0-nfmnk - path_regex: ^secrets/steveej-t14/.+$ key_groups: - pgp: @@ -74,6 +75,12 @@ creation_rules: - *steveej age: - *router0-dmz0 + - path_regex: ^secrets/router0-nfmnk/.+$ + key_groups: + - pgp: + - *steveej + age: + - *router0-nfmnk - path_regex: ^secrets/sj-vps-htz0/.+$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index 1c1640e..d333b92 100644 --- a/flake.nix +++ b/flake.nix @@ -157,6 +157,7 @@ # "srv0-dmz0" # # "router0-dmz0" + "router0-nfmnk" "sj-srv1" "sj-bm-hostkey0" diff --git a/nix/devShells.nix b/nix/devShells.nix index f90fbb1..0ef989d 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -76,6 +76,10 @@ in { (pkgs.writeShellScriptBin "r11" '' exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@ '') + + jq + yq + wireguard-tools ]; # Set Environment Variables diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 38160cc..686d3b5 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -211,6 +211,7 @@ in { vlan.interfaces = builtins.map (vlanid: (mkInterfaceName {inherit vlanid;})) vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; + wg.interfaces = ["wg0"]; } // # generate a zone for each vlan @@ -342,9 +343,40 @@ in { }; }; + sops.secrets.wg0-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg1-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + systemd.network = { wait-online.anyInterface = true; - netdevs = + netdevs = let + router0-nmfk_wgEndpoint = "${repoFlake.colmena.router0-nfmnk.deployment.targetHost}:${ + builtins.toString + repoFlake + .nixosConfigurations + .router0-nfmnk + .config + .systemd + .network + .netdevs + .wg0 + .wireguardConfig + .ListenPort + }"; + in { # Create the bridge interface "20-${bridgeInterfaceName}" = { @@ -361,6 +393,54 @@ in { DefaultPVID=0 ''; }; + + wg0 = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.254/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-nmfk_wgEndpoint; + }; + } + ]; + }; + + # wg1 = { + # enable = true; + # netdevConfig = { + # Name = "wg1"; + # Kind = "wireguard"; + # }; + # wireguardConfig = { + # PrivateKeyFile = builtins.toString config.sops.secrets.wg1-privatekey.path; + # }; + # wireguardPeers = [ + # { + # wireguardPeerConfig = { + # AllowedIPs = [ + # "10.0.0.254/32" + # ]; + # PersistentKeepalive = 15; + # PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + # PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + # Endpoint = "${router0-nmfk_variables.ipv4}:51820"; + # }; + # } + # ]; + # }; } # generate the vlan devices. these will be tagged on the main bridge // builtins.foldl' @@ -509,6 +589,21 @@ in { vlanRange ); }; + + "50-wg0" = { + enable = true; + matchConfig.Name = "wg0"; + address = [ + "10.0.0.1/24" + ]; + }; + # "50-wg1" = { + # enable = true; + # matchConfig.Name = "wg1"; + # address = [ + # "10.0.0.2/24" + # ]; + # }; } # configuration for the hostapd dynamic interfaces # * netdev type vlan diff --git a/nix/os/devices/router0-nfmnk/configuration.nix b/nix/os/devices/router0-nfmnk/configuration.nix new file mode 100644 index 0000000..eb0fe49 --- /dev/null +++ b/nix/os/devices/router0-nfmnk/configuration.nix @@ -0,0 +1,256 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: { + system.stateVersion = "23.11"; + + imports = [ + nodeFlake.inputs.disko.nixosModules.disko + nodeFlake.inputs.srvos.nixosModules.mixins-terminfo + + repoFlake.inputs.sops-nix.nixosModules.sops + + ../../snippets/nix-settings.nix + ../../profiles/common/user.nix + + nodeFlake.inputs.nixos-nftables-firewall.nixosModules.default + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + users.commonUsers = { + enable = true; + enableNonRoot = false; + rootPasswordFile = config.sops.secrets.passwords-root.path; + }; + + sops.age.keyFile = "/etc/age.key"; + sops.age.sshKeyPaths = []; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.secrets.passwords-root.neededForUsers = true; + } + + # TODO: extract this into single-disk VM BIOS module + { + boot.loader.systemd-boot.enable = false; + boot.loader.grub.efiSupport = false; + + # forcing seems required or else there's an error about duplicated devices + boot.loader.grub.devices = lib.mkForce ["/dev/sda"]; + + disko.devices.disk.sda = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + mountpoint = "/nix"; + }; + "/boot" = { + mountpoint = "/boot"; + }; + }; + }; + }; + }; + }; + }; + + boot.initrd.kernelModules = [ + "virtio_balloon" + "virtio_scsi" + "virtio_net" + "virtio_pci" + "virtio_ring" + "virtio" + "scsi_mod" + + "virtio_blk" + "virtio_ring" + "ata_piix" + "pata_acpi" + "ata_generic" + ]; + } + ]; + + # sops.secrets.ssh_host_ed25519_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_ed25519_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_ed25519_key.pub"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key"; + # mode = "0600"; + # }; + # sops.secrets.ssh_host_rsa_key_pub = { + # sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # format = "yaml"; + + # path = "/etc/ssh/ssh_host_rsa_key.pub"; + # mode = "0644"; + # }; + + boot = { + kernel = { + sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + }; + }; + + networking = { + hostName = nodeName; + useNetworkd = true; + useDHCP = true; + usePredictableInterfaceNames = false; + + # these will be configured via nftables + firewall.enable = lib.mkForce true; + firewall.allowedUDPPorts = [ + config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort + ]; + + nat = { + enable = true; + }; + + # Use the nftables firewall instead of the base nixos scripted rules. + # This flake provides a similar utility to the base nixos scripting. + # https://github.com/thelegy/nixos-nftables-firewall/tree/main + + nftables = { + enable = true; + + firewall = { + enable = true; + snippets.nnf-common.enable = true; + + zones.wan = { + interfaces = ["eth0"]; + }; + zones.vpns = { + interfaces = ["wg0"]; + }; + }; + }; + }; + + sops.secrets.wg0-privatekey = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer0-psk = { + mode = "440"; + group = "systemd-network"; + }; + sops.secrets.wg0-peer1-psk = { + mode = "440"; + group = "systemd-network"; + }; + + systemd.network.enable = true; + systemd.network.netdevs.wg0 = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51820; + # PublicKey /RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM= + PrivateKeyFile = builtins.toString config.sops.secrets.wg0-privatekey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.1/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "hsjIenUFV/FBqplIKxSL/Zn2zDAfojlIKHMxPA6RC04="; + }; + } + + { + wireguardPeerConfig = { + AllowedIPs = [ + "10.0.0.2/32" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer1-psk.path; + PublicKey = "Ha5hsarCRO8LX9SrkopUeP14ebLdFgxXUC0ezrobax4="; + }; + } + ]; + }; + systemd.network.networks.wg0 = { + enable = true; + matchConfig.Name = "wg0"; + address = [ + "10.0.0.254/24" + ]; + }; + + environment.systemPackages = [ + pkgs.ethtool + pkgs.neovim + + (pkgs.writeShellScriptBin "dbg-ip" '' + echo links: + ip -br -c l + echo + echo addresses: + ip -br -c a + echo + echo vlans: + bridge -c vlan + '') + + (pkgs.writeShellScriptBin "dbg-dnsmasq" '' + # get the rendered in-use config + pgrep -a dnsmasq | grep -Eo '[^ ]*conf' | xargs cat | grep -Eo '[^=]*conf' | xargs cat + '') + ]; +} diff --git a/nix/os/devices/router0-nfmnk/default.nix b/nix/os/devices/router0-nfmnk/default.nix new file mode 100644 index 0000000..1fe13e3 --- /dev/null +++ b/nix/os/devices/router0-nfmnk/default.nix @@ -0,0 +1,34 @@ +{ + system ? "x86_64-linux", + nodeName, + repoFlake, + nodeFlake, + ... +}: let + variables = import ./variables.crypt.nix; +in { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = variables.ipv4; + deployment.replaceUnknownProfiles = true; + + imports = [ + nodeFlake.inputs.home-manager.nixosModules.home-manager + + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/router0-nfmnk/flake.lock b/nix/os/devices/router0-nfmnk/flake.lock new file mode 100644 index 0000000..424aa6f --- /dev/null +++ b/nix/os/devices/router0-nfmnk/flake.lock @@ -0,0 +1,151 @@ +{ + "nodes": { + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716431128, + "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=", + "owner": "nix-community", + "repo": "disko", + "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715381426, + "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715521768, + "narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1716361217, + "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716425501, + "narHash": "sha256-BSLhmGYY1khyyBAjraR+N0Pa9Nha/et5yQQlEZxcfkU=", + "owner": "numtide", + "repo": "srvos", + "rev": "1122cd50a23647e09c3e7a679d37ec02113bc412", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/router0-nfmnk/flake.nix b/nix/os/devices/router0-nfmnk/flake.nix new file mode 100644 index 0000000..d38b355 --- /dev/null +++ b/nix/os/devices/router0-nfmnk/flake.nix @@ -0,0 +1,19 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + + nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; + nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = _: {}; +} diff --git a/nix/os/devices/router0-nfmnk/variables.crypt.nix b/nix/os/devices/router0-nfmnk/variables.crypt.nix new file mode 100644 index 0000000..acf532e Binary files /dev/null and b/nix/os/devices/router0-nfmnk/variables.crypt.nix differ diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 56e013e..852aeb4 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -1,3 +1,4 @@ +#ENC[AES256_GCM,data:ZkUrwF6DTQFainYhDA==,iv:VDjRBF4WfPmJdKtUpZYJcOPxoUYT3DUxAC9ct7EvFss=,tag:efllkpv2SxRv6+DyuqRQCQ==,type:comment] #ENC[AES256_GCM,data:QydWKuMH8uixprFup1rEwvPkKAMw0yat9MOOK1DleeCJ5tqRqrPh9NiOpJs6nve8Rmji3WyrHAkUaK9zT/f8VKk=,iv:I6OHO6sLTtFBV6CYGmLh5owCrNjzS/LBjOjW9VovGlE=,tag:Vg0IZSFbYa7UQvuPpmMVKw==,type:comment] passwords-root: ENC[AES256_GCM,data:+8IcZ4pbJ1qIjRCK7oycmgOVWy6hzc2oDISYMMqE9SmgRE//PQ5ABwtBtpaghrhZTXrUV2l3qsvTHD9UdYRNMB1VBlM6vn4Iug==,iv:2eUIa46QNby++yLK9dax/SD7Ajtj+U0ptheRuKV9r+g=,tag:5tA5rhm1eztDh7Q4d+C1BQ==,type:str] ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDukRbzel7hUiDqc6ELQAvffRqJQUtAS5Cfz9PzVcnyEA4wapvK7RLFavOmaN2MhcnQR24oQks5RVYmlvcems02Qovd15iE07XR4KCDcmQ5/XM5v4/RxW2zYzV5Il67Vzhij2wA9bJ7D3sbKUfyc6pBoIXvURbq6QO8ZMIU6ckAuOqG2230KwXLdz/ld0s3Ir1q/7t+rrrS7BPkeA+SRdYhb5XDOTKtfgFxNvdI6DSETV+q67xAalAkM/cZ2rqHJQd+wgH2VIPyiGqeq6LvPT0vmopFJn0CqQA2HauQAmBNIAtXel8GbK+qA11XilMx+hp6qhVH+BnSWWY3GriGfaGlpUZ0E7uymqRkpRwBcHmZto6E/E/XUxBfISVyJf/2RcTy10RelWLJtNuaXT2eHgXmZ/uAlcTGlCYYirr5g3iAGUoqxYbWlZb9SdqVO/0PLCZo7AkDWxk57wer/lHOG59ZpoiZnanaMIaNqJ7Tsslvvm0JuoP,iv:2U5IpWTRyQ8basBRoYpFe6Ycc5qdeCUAUTwlEHttRJU=,tag:jA0mFsMxWKq7dnkGQWNP9Q==,type:str] @@ -6,6 +7,12 @@ ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLa ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str] wlan0_saePasswordsFile: ENC[AES256_GCM,data:ylY1LwMYlHdvYIVPIIr65BuxkW/BHCikkbGO5nNSU9WVekWiDXNIt2EQ2sYcdqnvZMGvcG0G4SQvCwpNO8ihh/RqcLYpTxldI8zwSqAwvATu7prV8l2bCvBQ+NXZ3yAW,iv:L6ncjd0u316gF/3InI7cuqO1kDpH7ahWGcsssYfb2YU=,tag:IAqt8vSDjW3OasOTJ44PeQ==,type:str] wlan0_wpaPskFile: ENC[AES256_GCM,data:I/30uOrCPoWqnNq4WelPsDMevrmO+TuzmNrjMtPeCLS5MncX7BnX20YV5LxLsLCJS0NmCEqE58pgpeQEaUUcR0YRejCdO0yZnpMRbla6IR/irNSR/xctDQmMV6HYe6IKWE2d2LA/qWTkj+uBGJ0NtAsPIRLknuCwT8SLjClzF4/WCdoqHvxhBCESxhd3OTYr9op9uxk94iRxKsFfUBuNnckIeT/tQKqOQIHlkpperGBNRtTZ9q+Glb6lqFO1o/BJ8tAGpw0qyNO48jrRAtiIG3sauMH+UPWp86AYPhwQjwA6iDReFoH5KhZsohJSTX4vwoj46yycOTPu/loHrxySBSrYuRyOuIv7mwpRVZgJP+c3ZcngVncE3YQhLA==,iv:AlQIFKqcFSnyH1LrRN/XaTTocsMjZM20YHWcz7S3gCE=,tag:octNvum5lOOUOS6ALJ0x4g==,type:str] +wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] +wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] +wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str] +wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMmdAMtztGqdrHzXRE=,iv:tIEDtHa3s2/Shg6Kw/8G+xjtixH32fxS3l5KtR2VUIs=,tag:JpKjYmV2pPip9hDkKg8pRQ==,type:str] +wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str] +wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +28,8 @@ sops: THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-25T21:25:35Z" - mac: ENC[AES256_GCM,data:Sk3eyBaxhL7cX78YprYsv75oO+auEoxxGHCk1MRYGcAkat3vrc2vXjmKn6SsVQC8SWvu2YR2dOGU85Z7FCUUmmnwKeh+1PKMsurwfrNkB4umADXjaESNUWNevzAK9LR4pI1I6rGzl7mFEFYGEPd948JMOfkIfwNm1KMmETGkkI0=,iv:UzfDF94UFjPuEgRkpkRyLxSwZGymZclboHYQ/HxulJQ=,tag:MIBhvegV4NaZF+nGShotPw==,type:str] + lastmodified: "2024-05-25T19:21:30Z" + mac: ENC[AES256_GCM,data:TulnMjElIqQOgimCrMRk5kIXYED8GvnTQeefoeTCpgndl9fbraPjB5O4VMPJkotgWDSn4DF7QTUSarVB/6Th87xe08RxdOAW1maj5i3ZlMeKoGOHGNp3nVEpaaC455qtW9ZfXW1gxoG+HRBtsFJe3ZYV2gban+ByDVwiEdr501w=,iv:LQVUB+LE0xSBznHayhEGKXvJsz0r9Y3iDhS6JGx2paA=,tag:QR2Fh+GqOiLb4j2xKE3E7g==,type:str] pgp: - created_at: "2023-08-11T16:15:11Z" enc: |- @@ -40,4 +47,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/secrets/router0-nfmnk/secrets.yaml b/secrets/router0-nfmnk/secrets.yaml new file mode 100644 index 0000000..df7d851 --- /dev/null +++ b/secrets/router0-nfmnk/secrets.yaml @@ -0,0 +1,43 @@ +#ENC[AES256_GCM,data:+I8pZeH8kkkGaeUJ7A==,iv:5Yv2K6pU33CA82oCspb5exjaAPMRszslozTphxvDhbw=,tag:OpKwj8SYXSMcLlusEVX7GA==,type:comment] +age-key: ENC[AES256_GCM,data:8L4IWs31RUXGns25pP6BrhFKVAYvVY7yIOe6MSk4abvgks2eyHnQDTiSKVUQGjTyZFVbQ4mtF9O8CmqqlaK5z4nrUYSUN/Ustc13L98V+PMUOxljka0UL/pOe36aHEQz3Z2MuobEtZHwccPEqWhOlF2v+OgFQ4Kp2Vczw9REf4ahxyqz3fz58ymR8HKfTHD7YBawEAgYU6WVyrLfyA78860pkjlYMwhnjkVBvkP/zd4H+L2JxzjwUeUCqcm0,iv:8RwmmtgKqLsJov+DxNjvtjPk8t8yVmRhRa3k5HdCvgk=,tag:CZoZL3aYucIk1JENWY/mMQ==,type:str] +#ENC[AES256_GCM,data:62US77UkclVlR3klMH6P/oYC006vFa6DEVgvmemMFh6INuw95NyRwJaiMs4EGaNFuX+jkfBbtlm0MQK73rXfGxg=,iv:UALT0vebke8KDPdroZnC3rSUCB0CmlX9dfbLqNAlJ7Y=,tag:iKxAWDTdUZDBD0PWfomeWQ==,type:comment] +passwords-root: ENC[AES256_GCM,data:ummvEe+5HipUvVEyHLA6NULuWJuPyv2VqlXEZFp/UdybLU+1t/VRo+KPLYRPpXQBbsBaHVa/XOiOqLK9dPDHuVZBavnTTMC3Yg==,iv:pqjtzPH+T8CLJsJusi5CpVklPUAnioIoTjBXAR3y620=,tag:vrGzZlRX1TJ5b6Wxt29V+Q==,type:str] +wg0-privatekey: ENC[AES256_GCM,data:6BR3zB5oDPu5XyM5pgrdXoYKvwf+rAK7ngDzLcIQZnr4JH2YXH9UWERjVpg=,iv:2Z3yG+fWC4diGANCurCEpA5ybEpMdE1t/rviRJtUE0Q=,tag:4sqnLfAnxQOAci37RCY6jQ==,type:str] +wg0-publickey: ENC[AES256_GCM,data:7QLstpkyVDFU5oxgRdVYdBOZB1tjKMbzxgZtCYp3G1+AO85ir6kNXo8P65U=,iv:XRnPg93nnSR3h+R/K2rh1QYgmdJTE6i17ZomMf0BJ9k=,tag:fhyySGI0y5swGp3ot+q3pA==,type:str] +wg0-peer0-psk: ENC[AES256_GCM,data:p5V/8fFEmozG6nFCpHNcWNdunYlHxnsnW+YjTAIEXlm2ku4yEL45H9t9/Sw=,iv:jDZMhrZIJwaDWm+s6aXVWovdo116q2D5cUyHzMdWCIU=,tag:M5IebfGfeL6VW+OOgtARpA==,type:str] +wg0-peer1-psk: ENC[AES256_GCM,data:l8H0bDF2XXq6W5sJCXHUEWqIJu7YvAyqhPaCEK/Dcviv7lnwvKNLxO55i10=,iv:ADAFkWG+cbqvqfwNdaHv7ONqFtWjmAhIf0hRFBW6X6c=,tag:hwsljm8GlcF9NeHHE5WTXg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TmJFN2pLczE2eXg1bUZv + dXlmV2hzWHI1dkdHcnk3S0FaU1N5d3RlSnlzCmxObnZqKzFhLzloVWxxSmRPVEJD + ZUJlUi9lL2NkNFJESkZiM0Q2Tk00MEUKLS0tIEthd3FZeXNJbzBuU01EMGxUY0VW + cVlibElsOVR4RG15RTR3bnh0MVgvK3MKhaZLzdlPmFW04Qjk8V7Lkr2EZW8nZT4Z + X3yM7cyoinI9N0zwfArXMnThp2u8w86romQ52e6oy7LCKeKqrLpQ+A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-25T19:21:33Z" + mac: ENC[AES256_GCM,data:zw79GU+OINSJWy0hHeV33ZOPkrxrRCyd31XpcbWAIkactRL4rumXhHWxcd5QAvmloFa8Rb7q6drRIu9kt7nXrr8+HK/xWoj+AxmXHFMEi6aC0xdhsyBfl7+Jq3SRTUf6tHFxyHVRVWyZXnhV59xf2Vwmy3R5/0vq50c8UQ8vJww=,iv:czqwgGcLXR+FyXpTuuXIH8pF/P1s1FrZxtqI3joLZCg=,tag:DUq+cACVStNX6u8LfYIQTw==,type:str] + pgp: + - created_at: "2024-05-25T18:38:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA0SHG/zF3227AQf/YU2onj7KSmYwuZUOVjSKcLEC5H73eRR6qAms5vlHoIot + SDlMdcYsoz3nStqb0QTEACmChYy1ZpwCSqkVsPzyhQNlu9xuUiZU2VUV2M7umLjU + EL2hbVD/tdPhf4hb1sHWfHWYaIb9nZ++Y0Gnl+6fKcZMPRL1t1FCAv77Wh7qocKh + RI5EkhSOm0O0Yv17F42bG2xMEP+Bkjd/76fvZeic7q7MF9gt08Mzs/pDnvxjYYP6 + nrR2zlbiCEhZBpbWNexlqWbl8TXpZq/HIkaDrplJExp78XQETSi8YCqIPhbD11NU + aKD7XwAtcGJqzaQNHpo0dcgGC/ZlBM2JFuT3f1FhOdJcAbor1d3CVA2sUOMUfCB1 + eKqJaNsiS5lYmtVlEsRu3YISNP/b8byLihoEliQSq/CA6Du9ya/ffqAuErh/biEv + 03KS+MO49uxXvER3XU0SFEYT+ecWPbNfllMGJJk= + =/YnW + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index 66305f1..f0d6b66 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,100 +16,109 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWFp1QUNPeEJDci9ibTg2 - ZUNkMVNld1ZxNkVmUk9jMld3L01ndWVtakZ3ClQ1V2crS3hITG8rSmx4OWE3RU96 - SC9xb0VybDZDN0FwU0JTTHJPRDB0QkUKLS0tIEU5cmh3bW1iWHJ4RDdrUUF0VG5M - MUhWRm5qdnpCUFZ2N3FvL1FITDhNMmsK1TKbM1jrJMvy16yhZwLGcqOan5RTiKYu - jVaSgPaxJLPhtWReAH5RM2JOmrET1DdI7q8vFD7eaJIzKdBxAIwhQg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djVXd2MvMGx5c2RMd1dM + SkFVL3VUeksyRjZmTkNKZWl6Y2N1M2NWZldrCkpzYy9aMTRzSGU3SlJLUGszUWI5 + NnZDb21MMmd6Rk1iaW4vMDROcS9MQXMKLS0tIHQ4S2FqdFRPNlFJcmtnNkVIazdS + OS9oNTdjQ29YamgrUlZ4N1JtUExuQlUKPsFIiNz0jxcA91+i6WeSTchO8F/9WjWO + SgGsoRYKCXIXmIunib19LqI3DW4yE5YoLsvh6UMhFcKsqKObhf91IA== -----END AGE ENCRYPTED FILE----- - recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6K2x0c0swK1lHb2VCZi9v - RUo5VkRPayt2V0RyRVVhSlRGME5TMm9KZFRFCnY0NTdEb1FqK1JUaUdmQ09mOGha - SCtMVnRWYUpmYkM5OUY4TlJQd3MrdE0KLS0tIGdiZFpuZnFiNloxMTNFOWhoM2hV - TlovVmMrVHdDdmQ0dnRhZWxRZHJkMmMKpYOiZy2BVhddpSNiXasycmDaD9lA8irk - ThkO0iaLu2fG7RhT9A9VfXu6eE3ZHN6vr4hv/ItzAbP+T8Ro+Yvwfg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcjFscitrdTJQVFlUbDQ4 + SEZFb2IzYzc2TDV0ZHV3RFJPekhvYnFFM0JNClE4U1hLaWtKaFA0anMzVWhra3F0 + d0NjcmRuUkU3bktBbDR0ZFZBQ3RGaXcKLS0tIEgzamVrdnBrYzdmOVQ5cTI4ZVAx + TVdNMHQ5dCtJN1QrN1d4SkFIVHRQQlUKDAXRh+T7ds0k5qNMjYzhlXKIka42EwXF + eQLAeqPkggpJy/N5B4Ia0k/QwBm9TXRgyE8hqf/GMnX0D0oW4CT2ig== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuS0FVR3N3YnRlMXBwMVpj - elZ6dVlyMWRoSUx1UlVmYThBcWFFdmxEWTNRCkhFZEVDUGpsS1ZmelBSQVpZUWVC - ZlNqcm9EVXF3U3hLYThpbGVSeVFDNDQKLS0tIGV0bkI2aVNmbnJmR2lqSFVLMGNr - aVZFd091T1U4QVdVcWtSbnppd3BEODAKPzj/phV8BijdFewcwBV+loKk4o1tBJ6t - CP8kwiIb03/lCd9HmyLgAUt0PlMJFbT4FJNEjwBstMErUdvClXO3dg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OVJzamVZTGhmSk1MQTMx + ckJOSUtpcU9wOGphV0QvSVh0VkFEc2RldEFZCnhQL3JVWmprQ1RJYlJwNHdvYVI0 + YTFLeFprTUJ0dENEQWxhMWg1eHVKZVUKLS0tIC84RzNaOUVMWjhMdGM0RVl5Wk5m + c2ExOXJBdE5pY2g0MXlxbHJTekNjQXcK/P3Q2oxcS10nETrUKBbHRK946MPNtn18 + MbkiVGUy4LFVQWv4Zeg0QtXg/vY7ToEAB0sSZq9zgFrorhaaTWoZ3g== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOEZ0V2pOcStDb2YwclZG - U0t2RklFMkJQdE82cTVDK1NGMUt5R2R0c0VFCmV4Q2Rob2E2REVMUlRkeS8xTVVu - U296N2FFRHpmRnJPQjRBUmRaMEpnL2cKLS0tIFBseEpvSTJ0azBRUEVRa1dqT1RK - bFVpbVY5RU01R3pEcWFsQ0pkQWkwYlEKIW1AmTBR1UIjD9n3o2QyWb/FfUUa8qQz - b0GtaaQkY17GyoBzrBh0G4D2yziPy8N9AwOTaaDJ7l5VZq9ydKbTrA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHkvcEdNdnhhVEZBNVBY + akpUdkgyTm44Zm1XclBrbG1tUzBQMHlBZUNvCndlVjRKOVczYUZBeWpacHQ4OTJC + T1pvdFQ2MExKNnBoQ1ZRb3RQeW1NeDAKLS0tIDBQT28yTzVoZ0h5SVlESVNoYXR2 + aU5mMWloSmpSalVhR0RWRGpTTmdHbG8KG2kC5cgaGluNtQti1WdfJFNg5ZICDIxn + Zp9amoUvT19cb1pjV5l7P8+EKg15+4BY9eGAB74yzR/R675YhRhygw== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YTZGb1pXSWZVNk95aFVp - UTFDUHlweGVUQmV1KyttSXpjeng0WFd5d1ZFClJwL2xGVmhlTlJzNVhhaElmbnl2 - K2RmUlR0SzNkMWhmb1lOTTMyVUt4Rk0KLS0tIElFV0hCZVRwWTNJYldmR2ZYU2Rm - dHRuVThQRm9NT05HdzdHOWh6R2dLYnMKvrsQXgfRyHOl2aN64JHPXEdlvcHynEss - I4dCLuvKuPh5WjcFZ16zidGzffNKZTHsXPv/WKFUsy20lONByRuRbA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dkE3OFFQTXFpWWlZRHhS + Y2xKa0tkZTEwU09xaHd5R2NqYnFlanRlRkhzCnV5QUZ1QUxkcHpWMUtXNkdJakx3 + cTluR045QTZJSldDdjhhTFNOSmhIbDQKLS0tIEFDdnQ0RDlERTUrb1dWSW9OcmVW + Tk8xZEVPS1gyWGZUckZrdFFpbmlEUmcKWSqJ5bJ/vY79y9CA7KSvg8+I5nyP8PmZ + /EZEFld4gx3nQ+A9nWTU+WCL7vouZWO47AEraEkMu2I5Y4XprarcRw== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WndIcHhndkVjazRKV3Rq - U2JjYTZyYUhheG5pSlI0VE9tZ2w0SlRBM0JBCm1YSWxFa0RjVUhFb2xHMnMxbGZy - S1V1b1RMVExFRW0rUU03YXNjejJ3enMKLS0tIHlwdHNNRHNYL2xyeFFCcHdIVFRi - MDZaQjREbWw5aG82NG1Ea0J2d0tTMWMKCodGBDTKbq5qcmtrAh0HrdZ7fmEx8VhH - InCa5SXSRo7cVQe6VRBczF3RC/Mc2u+xzEDd1XbyGviqt1CkI1UPRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbGJQSVRCZnVHVzNuSkRV + K2JMc2xjQmk5SlRoV2QwakNmRmtBK3duaWhrCkIrQ3pHdUtRYVpQVWdpZEpSZkw0 + OGpCVEZjZVBjQnoxRThOTG5XREFrcWsKLS0tIFlMWGF0WU1IcHRva0laSmpkZHpG + LzlYaEpvSnlLM1psVkgxQ2lTM0tmMWcKlbgNVUxycS0OlBnMhQTHIQG6ymXvewJP + byY+qCJBzU1Nc3XuLhng9NkwH/E7YCrjC9ExSYMhwJmlT9k5T1mG/g== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDa2YzeTBEOXlIcUJlZlVl - NUdCTGRYcUhOa0dkRjR2RHJNZ3VWclJWd3hjCmFZY0dEVTlwb3lNajE2emFCZmZ2 - SkhTejc3cFA1Yjc0ZHF2TjRYZ1Qvc1kKLS0tIGxDbWNjaXlvU2ttbDR4NW9UYThr - OWRZb1d5dkxETCt1RThQK0Z4cmJSb28KGrAeCR7Q37WwyEzHT5CvaMVmVUoyv1s3 - dDbEu8mtNhDBi9LYMwfbXiZHAlPWQ1Ogveot8vc4kMOAlvWMR4FwdA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTXdJajRyRlNvdGIxYTJn + NGFJN1pqRmtadDc5amhBTVNnQkRiZ3A2UVUwCmltVnhrWVJRL09qM2RqbEJKUmVu + STkzYzlhRld4emtrbTJsWFQ4VkdCcVEKLS0tIEVVcVRDWU9HK2s3OERBUmFFN1NF + L0RwTm9qUXBTYWlra2JXM3hsc2NUNVUKUFgLswYYPZJMn0TcvSFnjfR4NAwdYjAO + p4ZmxLaXFWY4E4lnsg2Ka8BUc7C8IXZprj0Qh1o3K4v0LXsSrmfKag== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT2dIMGFEbUErU1pYUXRR - Yk1tUmx2R3BmUXVhK1JMd3J6WVNwOGVmRkUwCnZBSGxvcFd4Y1dGbkg4UEF2RUxE - TUdpVGV1ZEpFQmNWN1ZKei8rSWJtaVEKLS0tIGRLd013RVB2eHhXeHpXbWoyaktu - OExualc3eWk1UGgvZDlNbWZydXBXWkUK0vhwGhegmrQASWqFQYpZgJungzt7vtfC - sBna05p6lnSEdtclUa1MZ/a9wlqAtmrA2fUarLnc6/bs0K8Oz9HRPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsU2ttUWJ5UkdWNzFkb2du + cTl2VkVmVGVzTUxlTm5jSkZUL1F5SzIvQlFRCnY1WnFWc2RMRnhOWlI2aGU4ZW5C + STU1K0V3WS9JdDU2dWE3QVA4bE4vWVEKLS0tIGJWR3NxZEcxak5hME5hQVJiOW8y + RFlXc0pOdVdNQ0lxR1JMNXpEdU9rQlkKZmZ/FUX3k7KrzXnyFBkpRE2DsJCC5O/Q + 3KkMqWsR/93N+ujs8DhDv49sNFmdYLzexpNEsDbXour5FwvB/0scIA== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSFIvcUEwbnZ6Qm95V3hT - SlBiSS9ycE4xTmpRR1l0SDZKYkFNVmtXUG00ClBKYzBMSmNOMmdCSktGV29WbFBE - U0x1K2dsU2FoVVBPSWthZ0hmRkdTKzAKLS0tIGhZaU9kQU54ZzNWVnhLNEozWXZN - Z3MvRnRGSUlVNlJVdzVEMjcxNE4xbWcKkS3GagirASPe/XnJgwBIZ9cCdyeOi9Uy - mcD5Pa6AU7itXL9pHtDcMUsDlKkKYWSUtouW8wAESWdXfFBd2Q+Vgg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnNiYkpqaCtySGdIU295 + NkdjRGE4SHpVY2pXR1Q5TzloRVViYk5yRDFnCjFpbHE2RDg1RGZzdVZOdzlJSEVD + bUcvMUc0ZTJZZktsMVNkenR2RUl0NEEKLS0tIDR1Ym9OcFZFWk82ZXA4NWhxZ08w + L3lPZmd2TTBuZkkrOEtWYXBHNnppTGsKn6ez/ALZ/6oYs+rGghSij8iobHNVsmDX + Pg7yRSSBNUMSR4Dr3a/nGDuFEhLzTd/DyWSMAqnvo3kdETc0DB6tuQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x8fcjgaknfh5m2s4f0r2mjtfdjkuyj74y39jmh28k2pp5hmn25nschlra9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR293bFZZT2tnRk8xeUJM + N1V4UWxHSDNsdldXdENpY0ZtSTc3dlNnQ0ZnCnFvWDhzS0xoSjhyZ0dwUGlQYnFm + WGdiVzBhZmJ6OEZCTXJ6MzhTVC9CbE0KLS0tIEhPNU9NTHFIT05jN2ZnL3doUHBj + VHpucmdFbU8rZ3VHYTNNZG5VUXp0aTgKYY/Zq+Rpeql+opkVFLubXdFi/abWeeSu + 1LPMEFezGuuMnRDQlWrNAd6mR1yDW1T62md/wAH5O2quinVO5kKOjA== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2024-01-23T09:01:13Z" + - created_at: "2024-05-25T18:40:21Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf+Oo8GZF91ry7FhASb7USKTxKYFfdlJPWDxLFtBNSFkqdV - U7tOgAB3WJTSlED8Cs+6gyNNr3n7Y6p2KaOLYjft05T/Ms9pDuJAV1S8Ogfo5zys - W7Ss4hkCMZqIXZXTQ03yZner+8o8v/F/f0SPNji8znT2qZmLZbhwa2IPjmORo3L7 - y4F38IVie8keQNWObSFqd7qVqKynHHg+ur5NmVgUAVO/wMg6TytV3Wa11Hfq50tc - EenVAyBW1GUOtsBCH8MOCgH4paZcrzkBPU2dK9UppUWzB5RxayIZT34Qf4mNHwdL - sa83I2MwMp0fuTW66YvJPR1vjcYgY/wOxxZw28biidJRAWpiGsPhGKg+AHmHNp/T - NjN/7MVxZMUX/DHm2LmF6sjSp99wqCl8yvEIrXcGXSSY218XZ0QgXQRhhErwCEaT - JM145ZTHicA2qi4NqMkfsvjf - =6arN + hQEMA0SHG/zF3227AQf+OkqA8iyYdOxo+43xpHvS9flq9TGucdzI+jldU0M7usG1 + 9lh51h7gY6p4xtX+yt5+7bzqaNYQtXlG/WvnK/9E9df4vLiAUmKbUM3jN2OhgHzm + 8/WM7yez27EEqdKuipWG7NEGwCHHCEdN33m1BJ+nt7bKJ56yiNbg5TcaJhmZrirv + qiFmDKV1jJ80o+vRz6oaSYYh6YYOuEUkOufidJKQfSJCsC3xbPqwcJYfmAGNm2j5 + A/m0N4QVNW/vxO2cEKv4e0RXqQc3BsycGu7TBAZr4QbX9o1zPY82uvCWYNbGq9x4 + sgrXoXzBoGocPlEyaTaoD73zdx4di2qcnmWkIt5o29JcAW5w0g10kmuZfKfX8utm + L2wQ0gODvXHul5pBNt3Hgei+C8SMtfg3HPHjYK0F3iXt+KoIYDcl/NOWZmRuOD6F + l9iXEDrVmkcjRXNshHtQgxYSi+WSs3LiNMqU244= + =d1S1 -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted