diff --git a/Justfile b/Justfile index d48ce8c..095f050 100755 --- a/Justfile +++ b/Justfile @@ -309,9 +309,3 @@ cachix-use name: update-sops-keys: for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done - -deploy-router0-dmz0: - NIX_SSHOPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no" nixos-rebuild switch --impure --flake .\#router0-dmz0 --target-host root@192.168.20.1 - -ttyusb: - screen -fa /dev/ttyUSB0 115200 diff --git a/flake.nix b/flake.nix index 37bd557..de419fc 100644 --- a/flake.nix +++ b/flake.nix @@ -278,16 +278,6 @@ }; }; - - local-xwayland = pkgs.writeShellScriptBin "local-xwayland" '' - set -x - ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ - --wayland-display=wayland-3 \ - --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ - --x-display=0 \ - # --x-unscale=3 \ - --verbose - ''; in { dcpj4110dwDriver = dcpj4110dw.driver; @@ -335,8 +325,6 @@ nativeBuildInputs = [ pkgs.pkg-config ]; buildInputs = [ ]; }; - - inherit local-xwayland; }; formatter = diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 07c6b1c..4c8b5ee 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -43,17 +43,23 @@ let }; vlans = { - "2".name = "dmz"; - "2".packet_priority = -5; + "10".name = "mgmt"; + "10".packet_priority = 0; - "3".name = "iot"; - "3".packet_priority = -5; + "11".name = "dmz"; + "11".packet_priority = -5; - "4".name = "office"; - "4".packet_priority = -10; + "12".name = "iot"; + "12".packet_priority = -5; - "5".name = "guests"; - "5".packet_priority = 10; + "13".name = "office"; + "13".packet_priority = -10; + + "14".name = "guests"; + "14".packet_priority = 10; + + "15".name = "iot2"; + "15".packet_priority = -10; }; vlansByName = lib.attrsets.mapAttrs' ( @@ -376,77 +382,12 @@ in group = "systemd-network"; }; - # TODO: this shouldn't be necessary _at all_ - systemd.services.sfp-quirk = { - enable = true; - wantedBy = [ - "network.target" - "multi-user.target" - ]; - - requires = [ - "sys-subsystem-net-devices-lan4.device" - "sys-subsystem-net-devices-eth1.device" - ]; - - after = [ - "sys-subsystem-net-devices-lan4.device" - "sys-subsystem-net-devices-eth1.device" - ]; - - path = [ - pkgs.ethtool - pkgs.iproute2 - pkgs.coreutils - ]; - - script = '' - set -xeE - - ip l set dev lan4 down - ip l set dev eth1 down - - sleep 0.5 - - ethtool -s lan4 duplex full autoneg off - ethtool -s eth1 duplex full autoneg off - - sleep 0.5 - - ip l set dev lan4 up - ip l set dev eth1 up - - echo quirk applied, fingers crossed. - ''; - }; - systemd.network = { wait-online.anyInterface = true; config.networkConfig = { IPv4Forwarding = true; IPv6Forwarding = true; }; - links = { - # TODO: this doesn't work, thus shoving it into a quirk service. however, there's a proper solution beyond any of this. - # "00-eth1" = { - # enable = true; - # matchConfig.Name = "eth1"; - # linkConfig = { - # # BitsPerSecond = "2500M"; - # Duplex= "full"; - # AutoNegotiation = false; - # }; - # }; - # "00-lan4" = { - # enable = true; - # matchConfig.Name = "lan4@eth0"; - # linkConfig = { - # # BitsPerSecond = "1000M"; - # Duplex= "full"; - # AutoNegotiation = false; - # }; - # }; - }; netdevs = let router0-ifog_wg0Endpoint = "${repoFlake.colmena.router0-ifog.deployment.targetHost}:${builtins.toString repoFlake.nixosConfigurations.router0-ifog.config.systemd.network.netdevs.wg0.wireguardConfig.ListenPort}"; @@ -484,24 +425,26 @@ in }; wireguardPeers = [ { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" + wireguardPeerConfig = { + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" - # # alternatively, specific destinations could be allowed + # # alternatively, specific destinations could be allowed - # # remote peer wg addr - # "10.0.0.0/32" + # # remote peer wg addr + # "10.0.0.0/32" - # "1.1.1.1/32" - # # ifconfig.co. - # "172.67.168.106" - # "104.21.54.91" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-ifog_wg0Endpoint; + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-ifog_wg0Endpoint; + }; } ]; }; @@ -518,14 +461,16 @@ in }; wireguardPeers = [ { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-ifog_wg1Endpoint; + wireguardPeerConfig = { + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg1-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-ifog_wg1Endpoint; + }; } ]; }; @@ -542,24 +487,26 @@ in }; wireguardPeers = [ { - AllowedIPs = [ - # this allows all traffic to be routed through this interface - "0.0.0.0/0" + wireguardPeerConfig = { + AllowedIPs = [ + # this allows all traffic to be routed through this interface + "0.0.0.0/0" - # # alternatively, specific destinations could be allowed + # # alternatively, specific destinations could be allowed - # # remote peer wg addr - # "10.0.0.0/32" + # # remote peer wg addr + # "10.0.0.0/32" - # "1.1.1.1/32" - # # ifconfig.co. - # "172.67.168.106" - # "104.21.54.91" - ]; - PersistentKeepalive = 15; - PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; - PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; - Endpoint = router0-hosthatch_wg0Endpoint; + # "1.1.1.1/32" + # # ifconfig.co. + # "172.67.168.106" + # "104.21.54.91" + ]; + PersistentKeepalive = 15; + PresharedKeyFile = builtins.toString config.sops.secrets.wg0-peer0-psk.path; + PublicKey = "/RPDdqPzr9iRc7zR0bRkt9aS2QCt+b2K3WbsNg8XamM="; + Endpoint = router0-hosthatch_wg0Endpoint; + }; } ]; }; @@ -641,37 +588,49 @@ in # ip rule add fwmark 101 priority 1 prohibit routingPolicyRules = [ { - FirewallMark = 100; - Priority = 30000; - Table = 100; + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30000; + Table = 100; + }; } { - FirewallMark = 100; - Priority = 30001; - Table = 100; - Type = "prohibit"; + routingPolicyRuleConfig = { + FirewallMark = 100; + Priority = 30001; + Table = 100; + Type = "prohibit"; + }; } { - FirewallMark = 101; - Priority = 30000; - Table = 101; + routingPolicyRuleConfig = { + FirewallMark = 101; + Priority = 30000; + Table = 101; + }; } { - FirewallMark = 101; - Priority = 30001; - Table = 101; - Type = "prohibit"; + routingPolicyRuleConfig = { + FirewallMark = 101; + Priority = 30001; + Table = 101; + Type = "prohibit"; + }; } { - FirewallMark = 102; - Priority = 30000; - Table = 102; + routingPolicyRuleConfig = { + FirewallMark = 102; + Priority = 30000; + Table = 102; + }; } { - FirewallMark = 102; - Priority = 30001; - Table = 102; - Type = "prohibit"; + routingPolicyRuleConfig = { + FirewallMark = 102; + Priority = 30001; + Table = 102; + Type = "prohibit"; + }; } ]; }; @@ -690,8 +649,10 @@ in # ip route add default via 172.16.0.1 table 101 routes = [ { - Gateway = "_dhcp4"; - Table = 101; + routeConfig = { + Gateway = "_dhcp4"; + Table = 101; + }; } ]; }; @@ -709,12 +670,16 @@ in # ip route add default via 192.168.0.1 table 100 routes = [ { - Gateway = "_dhcp4"; - Table = 100; + routeConfig = { + Gateway = "_dhcp4"; + Table = 100; + }; } { - Gateway = "_dhcp4"; - Table = 102; + routeConfig = { + Gateway = "_dhcp4"; + Table = 102; + }; } ]; }; @@ -730,9 +695,11 @@ in bridgeVLANs = [ { - VLAN = vlansByName.dmz.id; - PVID = vlansByName.dmz.id; - EgressUntagged = vlansByName.dmz.id; + bridgeVLANConfig = { + VLAN = vlansByName.dmz.id; + PVID = vlansByName.dmz.id; + EgressUntagged = vlansByName.dmz.id; + }; } ]; }; @@ -747,9 +714,11 @@ in bridgeVLANs = [ { - VLAN = vlansByName.office.id; - PVID = vlansByName.office.id; - EgressUntagged = vlansByName.office.id; + bridgeVLANConfig = { + VLAN = vlansByName.office.id; + PVID = vlansByName.office.id; + EgressUntagged = vlansByName.office.id; + }; } ]; }; @@ -764,39 +733,9 @@ in bridgeVLANs = [ { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; - } - ]; - }; - "30-lan4" = { - matchConfig.Name = "lan4"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; - }; - linkConfig.RequiredForOnline = "enslaved"; - - bridgeVLANs = [ - { - VLAN = vlansByName.office.id; - PVID = vlansByName.office.id; - EgressUntagged = vlansByName.office.id; - } - ]; - }; - "30-eth1" = { - matchConfig.Name = "eth1"; - networkConfig = { - Bridge = bridgeInterfaceName; - ConfigureWithoutCarrier = true; - }; - linkConfig.RequiredForOnline = "enslaved"; - - bridgeVLANs = [ - { - VLAN = vlansByName.dmz.id; - PVID = vlansByName.dmz.id; - EgressUntagged = vlansByName.dmz.id; + bridgeVLANConfig = { + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + }; } ]; }; @@ -819,7 +758,9 @@ in bridgeVLANs = [ { - VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + bridgeVLANConfig = { + VLAN = "${toString vlanRangeStart}-${toString vlanRangeEnd}"; + }; } ]; @@ -833,9 +774,11 @@ in routes = [ # { + # routeConfig = { # # test the set uprouting to a specific IP # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; # MultiPathRoute = "10.0.0.0 1"; + # }; # } ]; }; @@ -845,8 +788,10 @@ in address = [ "10.0.0.3/31" ]; routes = [ # { + # routeConfig = { # Destination = "${repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost}/32"; # MultiPathRoute = "10.0.0.2 1"; + # }; # } ]; }; @@ -903,7 +848,9 @@ in bridgeVLANs = [ { - VLAN = vlanid; + bridgeVLANConfig = { + VLAN = vlanid; + }; } ]; }; @@ -923,9 +870,11 @@ in bridgeVLANs = [ { - VLAN = vlanid; - PVID = vlanid; - EgressUntagged = vlanid; + bridgeVLANConfig = { + VLAN = vlanid; + PVID = vlanid; + EgressUntagged = vlanid; + }; } ]; }; @@ -1266,14 +1215,13 @@ in }; }; - system.stateVersion = "24.11"; + system.stateVersion = "24.05"; # boot.kernelPackages = pkgs.linuxPackages_bpir3_6_6; environment.systemPackages = [ pkgs.ethtool pkgs.vim - pkgs.iperf3 pkgs.wireguard-tools pkgs.tshark diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index 8f55026..102d2d8 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1738148035, - "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "hostapd": { "flake": false, "locked": { - "lastModified": 1738518662, - "narHash": "sha256-MeE2FTG7Jh4BqchSvevJH7IsqTotjemndLzev8TkiRk=", + "lastModified": 1734953168, + "narHash": "sha256-fMzGrnLPOtMPlY/Myyj93p7rKMi3xHoR7PXZOXjVui8=", "ref": "refs/heads/main", - "rev": "c12fc97e3b59742e0c5743fceae6a87a8b13a576", - "revCount": 20282, + "rev": "fd9bf2cc2f59834b5d9c50a23ac7a833d21eefb2", + "revCount": 20150, "type": "git", "url": "git://w1.fi/hostap.git?branch=main" }, @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1738254353, - "narHash": "sha256-SYpvOn0v/wi8lrgEBhobjKFvFWPlJ3gP7SZPfyw9td0=", + "lastModified": 1734884731, + "narHash": "sha256-8DaMF6XNZobeZo+sOf13nifri0mRXYDAUTh5AD4h4aM=", "owner": "nakato", "repo": "nixos-sbc", - "rev": "21be4ab012197a2eea4bbff8315c40f26f715a18", + "rev": "2e6bfee808b5291b365795ed11931e1702d30386", "type": "github" }, "original": { @@ -136,11 +136,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738702386, - "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1738680400, - "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "799ba5bffed04ced7067a91798353d360788b30d", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -205,11 +205,11 @@ ] }, "locked": { - "lastModified": 1738198321, - "narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=", + "lastModified": 1734915306, + "narHash": "sha256-cXoiU+doyRAZ/tcCCGcJjwK2bEZbRcuC0E+ZrnmgFOI=", "owner": "numtide", "repo": "srvos", - "rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079", + "rev": "31c75c0d702f940aeb89eacc9c5dbde5d43df338", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index cdad18f..0f5866e 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -15,8 +15,7 @@ nixos-sbc.url = "github:nakato/nixos-sbc" - # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12" - # "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13" + # "github:steveej-forks/nakato_nixos-sbc/wifi-workaround" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile" # "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile" # "git+file:///home/steveej/src/others/nakato_nixos-sbc/" diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index 9990851..8c14dc9 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -1,7 +1,6 @@ #ENC[AES256_GCM,data:ZkUrwF6DTQFainYhDA==,iv:VDjRBF4WfPmJdKtUpZYJcOPxoUYT3DUxAC9ct7EvFss=,tag:efllkpv2SxRv6+DyuqRQCQ==,type:comment] -#ENC[AES256_GCM,data:2luPn7XRMTtgNpz0QLXQwF92kbBLdjJoUdFKdayy0A==,iv:dr//F4r/8k9zSzkWXUlVT+81iYLTX2rmXIp+Z9Lt4XY=,tag:RZTSqCqqmRxBvWqHqmF7Gw==,type:comment] -#ENC[AES256_GCM,data:SjwWciLOzMxrq/QV00Q+gt1sNXwl6N/eTHsN9jeFHwFeOQrZ0M7/36WgjSVHpGlVmklzd0LiOB+LhNlzqysM6RI=,iv:vznczLEeyTmCxExlkFiv8ftQy+3z0LyAg8vhcpGT4M8=,tag:+QgSJtX7FFLfMnPLhrgcvQ==,type:comment] -passwords-root: ENC[AES256_GCM,data:BzQYUCGJwyA/mUohN3OkKdjkuHUfOgYFs01W/F1WM7i/UyOXA3HooUjbGe1KVQkn5NGTvWvR6t3CCr2o4Bjvq2pXrH+92a1kpQ==,iv:9PCLNVUyI2R0F5LmLe9spp7q65pwMJ9TUHmT/VtPazM=,tag:apsIgXhOkoZ8Gb0UshKg7g==,type:str] +#ENC[AES256_GCM,data:QydWKuMH8uixprFup1rEwvPkKAMw0yat9MOOK1DleeCJ5tqRqrPh9NiOpJs6nve8Rmji3WyrHAkUaK9zT/f8VKk=,iv:I6OHO6sLTtFBV6CYGmLh5owCrNjzS/LBjOjW9VovGlE=,tag:Vg0IZSFbYa7UQvuPpmMVKw==,type:comment] +passwords-root: ENC[AES256_GCM,data:+8IcZ4pbJ1qIjRCK7oycmgOVWy6hzc2oDISYMMqE9SmgRE//PQ5ABwtBtpaghrhZTXrUV2l3qsvTHD9UdYRNMB1VBlM6vn4Iug==,iv:2eUIa46QNby++yLK9dax/SD7Ajtj+U0ptheRuKV9r+g=,tag:5tA5rhm1eztDh7Q4d+C1BQ==,type:str] ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDukRbzel7hUiDqc6ELQAvffRqJQUtAS5Cfz9PzVcnyEA4wapvK7RLFavOmaN2MhcnQR24oQks5RVYmlvcems02Qovd15iE07XR4KCDcmQ5/XM5v4/RxW2zYzV5Il67Vzhij2wA9bJ7D3sbKUfyc6pBoIXvURbq6QO8ZMIU6ckAuOqG2230KwXLdz/ld0s3Ir1q/7t+rrrS7BPkeA+SRdYhb5XDOTKtfgFxNvdI6DSETV+q67xAalAkM/cZ2rqHJQd+wgH2VIPyiGqeq6LvPT0vmopFJn0CqQA2HauQAmBNIAtXel8GbK+qA11XilMx+hp6qhVH+BnSWWY3GriGfaGlpUZ0E7uymqRkpRwBcHmZto6E/E/XUxBfISVyJf/2RcTy10RelWLJtNuaXT2eHgXmZ/uAlcTGlCYYirr5g3iAGUoqxYbWlZb9SdqVO/0PLCZo7AkDWxk57wer/lHOG59ZpoiZnanaMIaNqJ7Tsslvvm0JuoP,iv:2U5IpWTRyQ8basBRoYpFe6Ycc5qdeCUAUTwlEHttRJU=,tag:jA0mFsMxWKq7dnkGQWNP9Q==,type:str] ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] @@ -9,7 +8,7 @@ ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3 #ENC[AES256_GCM,data:QOMW5ALQD+CIXyqRAUzZfv42HvMfq9qiTho=,iv:/KlPuB6aBBhdMvJ9kYClfFRBMC0bSF16/EKrnH/Ifsk=,tag:Wwfk7YnNvla06I2/ajTd4g==,type:comment] #ENC[AES256_GCM,data:6/aUsWY875jPKZZiJLL3TWYeZT9VOjoJBDwjRTfjnUHcc/NTTeQRPvb+keJeMt5kfWmAzieYpslvz21UktTKqHO/,iv:+zwyh6nAP7DRhQX48/BmMCbv3W3wKfUiAWCvu8UvS8A=,tag:doc142ZXZO6ajPcuWftdtA==,type:comment] #ENC[AES256_GCM,data:GG3qBrBJSmJfUun5+0fKkp7J280oW3r5tGGjm9UMolUsZCYYv5E=,iv:gFGxT9Jr/d3fVouWEphJUxW/Hid8dAIvldkxYHb9DvM=,tag:DkgD7SIgIYyk5Ne/lGWcwQ==,type:comment] -wlan0_wpaPskFile: ENC[AES256_GCM,data:yB/1MLibWzQuV+LnM01DoOaImu6aCHB9TMsIDaby9MxjRCQNuI7qxc5dvTQ3RtA1V6at97r3ufw0W2Vwtkf8Mu3l/UL33nWoX8n4RAykF5HkDK+l1hzdW+41wZMZPc+NDE6ZgMSNG3N9gipHSjYQ+vU6KPX9RQwWTUbJiWWYtii+hi9NXMa7sBvjl1WUQtrKdAmc+7flAEFxOY1pOvkj87yOQDybQYdx268Gh2wkfgtacet4zwWvC/VGNrN2p3Eub8S16vHAZZKeW+2rr4U/GiOeS65CSk9srOGwlD6IboTUXSAoSChJmevnm+cgkzZsuOKS7knEZPjQ+l2Z+K4l3FnB8+CVvHw/DlUAG0pFgw49NfBGczGSAFh34b0k,iv:2AkphYXeupcDvB5KXlnuC7QsVJdBZHnR684045DJtfw=,tag:YFNcunSPVJUSLIPTTQ7szA==,type:str] +wlan0_wpaPskFile: ENC[AES256_GCM,data:vVr1XQnlLcD3y7Cglta1vvBDyqIxvx0eR2X/rye1so3wYsH/Nhoy4AAa8X+CSjrXYSa0j/Sv1obbzoWxQbSvfTtM+Yx1woMoLosB3wjCB4XBtHQ0X1kQK6x6DsdrAT752mTGojaAlCoKqAXxC2uGT0dUnN8EapPejEYXrJnr4l604/Ku2/q2/+YPy3W3nKQirZjcv/5ugRr2cCFqmyseQAH9JmeaHrkDnrReyePCTIKKmbH4NTMrPR3+mTPmj7dmccKjooP3V44ZQbTZ1iPKT9p40pZQWy5mw60SM1YMd/mvf1DAfWuKSNZn5/JS/iDSUcMZVVpcIQs8EYddxEmVXMiDk2iEqcsksiEzJO6XhmTSDoThQoJwsra+tg==,iv:3iXEQv7hW7NBwD+1SkZq9z25eIavtM9pMxGi04f/a4g=,tag:x2aD4eySjODkuqXo+G/7Dg==,type:str] wg0-privatekey: ENC[AES256_GCM,data:5/5llD0itgdKhZ53IbtkwfhO+qUI+/xBCxnfQOg9yjS7knvUINURY7rl/F8=,iv:86t6XuY4a1rHY3kmC3XB6WwwPZVWAyM2saGqEZaHdJ0=,tag:4xemlclKI4RIxAe60HGuuQ==,type:str] wg0-publickey: ENC[AES256_GCM,data:D/RU+43/bYhg1lRZE9zA52AIWGd2KRF0EQcvteS4CtQN0Yy65vjGqVEkjyk=,iv:BmS0TfUQXRt1tdWBBKIUi+DqXCLTXePzbq4dUYSlQQw=,tag:qglrKjhcSBPtqNd6YCMlPQ==,type:str] wg0-peer0-psk: ENC[AES256_GCM,data:859rOfvyaeaH07s06IT2qJZjXcWZiXazQPUImYOMngTj+xNop8UHX0iDegA=,iv:V7cR9mGQrk6aKctY+1egYFhBiveqc0OwrQSJxByk0zk=,tag:WF5via8rVm8Leol5rANPqQ==,type:str] @@ -31,8 +30,8 @@ sops: S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-05T09:44:59Z" - mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str] + lastmodified: "2024-07-26T07:56:29Z" + mac: ENC[AES256_GCM,data:vNe8pUFhcZyeh/T1o1PQGvpQEEV4pEXSqC+Ssi7RXZfHe33hmhJoOyfj1KytJnUAE22BWXzuNQdwMj+mmuUP8bAdgLZPWZjU3g2H7O6NTOUHHBymZSXnMvzzPBlHZDw9GzUkgEdbze/SLzEL6ZjplBIr+DOEDfkC9TsDokie+f4=,iv:HhHJXk+mo6WxKIs41wtCVwxG2j3C+em3dR6fDNnhMn4=,tag:Wzr21Rk7hB7+6zK6XfWbig==,type:str] pgp: - created_at: "2024-12-24T19:36:20Z" enc: |- @@ -50,4 +49,4 @@ sops: -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.8.1