From 7e9f4d5adb4ebe4c2b1b654a740da8980651e458 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Wed, 4 Sep 2024 22:53:54 -0400 Subject: [PATCH] Add hetznix02 via nixos-anywhere --- .sops.yaml | 6 ++ flake.nix | 9 ++ modules/home-manager/hosts/hetznix02/gene.nix | 7 ++ modules/hosts/nixos/hetznix01/default.nix | 2 +- modules/hosts/nixos/hetznix02/default.nix | 89 +++++++++++++++++++ modules/hosts/nixos/hetznix02/disk-config.nix | 42 +++++++++ .../hetznix02/hardware-configuration.nix | 39 ++++++++ .../nixos/hetznix02/post-install/default.nix | 20 +++++ modules/hosts/nixos/hetznix02/secrets.yaml | 23 +++++ modules/system/common/secrets.yaml | 79 ++++++++-------- 10 files changed, 280 insertions(+), 36 deletions(-) create mode 100644 modules/home-manager/hosts/hetznix02/gene.nix create mode 100644 modules/hosts/nixos/hetznix02/default.nix create mode 100644 modules/hosts/nixos/hetznix02/disk-config.nix create mode 100644 modules/hosts/nixos/hetznix02/hardware-configuration.nix create mode 100644 modules/hosts/nixos/hetznix02/post-install/default.nix create mode 100644 modules/hosts/nixos/hetznix02/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index bce9d68..b6d2227 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,7 @@ --- keys: - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu + - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm - &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 @@ -12,6 +13,10 @@ creation_rules: key_groups: - age: - *system_hetznix01 + - path_regex: hetznix02/secrets.yaml$ + key_groups: + - age: + - *system_hetznix02 - path_regex: nixnuc/secrets.yaml$ key_groups: - age: @@ -40,6 +45,7 @@ creation_rules: key_groups: - age: - *system_hetznix01 + - *system_hetznix02 - *system_nixnuc - *system_rainbow_planet - *user_airpuppet diff --git a/flake.nix b/flake.nix index 777a686..5629324 100644 --- a/flake.nix +++ b/flake.nix @@ -220,6 +220,15 @@ ]; additionalSpecialArgs = {}; }; + hetznix02 = nixosHostConfig { + system = "aarch64-linux"; + hostname = "hetznix02"; + username = "gene"; + additionalModules = [ + # simple-nixos-mailserver.nixosModule + ]; + additionalSpecialArgs = {}; + }; nixnuc = nixosHostConfig { system = "x86_64-linux"; hostname = "nixnuc"; diff --git a/modules/home-manager/hosts/hetznix02/gene.nix b/modules/home-manager/hosts/hetznix02/gene.nix new file mode 100644 index 0000000..1090c90 --- /dev/null +++ b/modules/home-manager/hosts/hetznix02/gene.nix @@ -0,0 +1,7 @@ +{ pkgs, genebean-omp-themes, ... }: { + home.stateVersion = "24.05"; + imports = [ + ../../common/all-cli.nix + ../../common/all-linux.nix + ]; +} diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 24d4132..1578cfe 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -93,7 +93,7 @@ extraGroups = [ "networkmanager" "wheel" ]; linger = true; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjigwV0KnnaTnFmKjjvnULa5X+hvsy2FAlu+lUUY59f gene@rainbow-planet" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" ]; }; diff --git a/modules/hosts/nixos/hetznix02/default.nix b/modules/hosts/nixos/hetznix02/default.nix new file mode 100644 index 0000000..fad0b42 --- /dev/null +++ b/modules/hosts/nixos/hetznix02/default.nix @@ -0,0 +1,89 @@ +{ pkgs, username, ... }: { + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ./post-install + ]; + + system.stateVersion = "24.05"; + + boot = { + loader.grub = { + # no need to set devices, disko will add all devices that have a + # EF02 partition to the list already + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + tmp.cleanOnBoot = true; + }; + + environment.systemPackages = with pkgs; [ + # podman-tui # status of containers in the terminal + # podman-compose + ]; + + networking = { + # Open ports in the firewall. + firewall.allowedTCPPorts = [ + 22 # ssh + ]; + # firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # firewall.enable = false; + + hostId = "89bbb3e6"; # head -c4 /dev/urandom | od -A none -t x4 + + networkmanager.enable = false; + useNetworkd = true; + }; + + programs.mtr.enable = true; + + services = { + fail2ban.enable = true; + logrotate.enable = true; + udev.extraRules = '' + ATTR{address}=="96:00:03:ae:45:aa", NAME="eth0" + ''; + }; + + systemd.network = { + enable = true; + networks."10-wan" = { + matchConfig.Name = "enp1s0"; + address = [ + "195.201.224.89/32" + "2a01:4f8:1c1e:aa68::1/64" + "fe80::9400:3ff:feae:45aa/64" + ]; + dns = [ + "185.12.64.1" + "185.12.64.2" + "2a01:4ff:ff00::add:1" + "2a01:4ff:ff00::add:2" + ]; + routes = [ + { routeConfig = { Destination = "172.31.1.1"; }; } + { routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; } + { routeConfig.Gateway = "fe80::1"; } + ]; + # make the routes on this interface a dependency for network-online.target + linkConfig.RequiredForOnline = "routable"; + }; + }; + + users.users.${username} = { + isNormalUser = true; + description = "Gene Liverman"; + extraGroups = [ "networkmanager" "wheel" ]; + linger = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" + ]; + }; + + zramSwap.enable = true; +} diff --git a/modules/hosts/nixos/hetznix02/disk-config.nix b/modules/hosts/nixos/hetznix02/disk-config.nix new file mode 100644 index 0000000..76a07cd --- /dev/null +++ b/modules/hosts/nixos/hetznix02/disk-config.nix @@ -0,0 +1,42 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/hosts/nixos/hetznix02/hardware-configuration.nix b/modules/hosts/nixos/hetznix02/hardware-configuration.nix new file mode 100644 index 0000000..c6de7d0 --- /dev/null +++ b/modules/hosts/nixos/hetznix02/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + kernelModules = [ "nvme" ]; + }; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/boot" = { + device = lib.mkForce "/dev/disk/by-uuid/D005-6C65"; + fsType = "vfat"; + }; + "/" = { + device = lib.mkForce "/dev/sda1"; + fsType = "ext4"; + }; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/modules/hosts/nixos/hetznix02/post-install/default.nix b/modules/hosts/nixos/hetznix02/post-install/default.nix new file mode 100644 index 0000000..4d07495 --- /dev/null +++ b/modules/hosts/nixos/hetznix02/post-install/default.nix @@ -0,0 +1,20 @@ +{ username, ... }: { + sops = { + age.keyFile = /home/${username}/.config/sops/age/keys.txt; + defaultSopsFile = ../secrets.yaml; + secrets = { + local_git_config = { + owner = "${username}"; + path = "/home/${username}/.gitconfig-local"; + }; + local_private_env = { + owner = "${username}"; + path = "/home/${username}/.private-env"; + }; + tailscale_key = { + restartUnits = [ "tailscaled-autoconnect.service" ]; + }; + }; + }; +} + diff --git a/modules/hosts/nixos/hetznix02/secrets.yaml b/modules/hosts/nixos/hetznix02/secrets.yaml new file mode 100644 index 0000000..e940ad4 --- /dev/null +++ b/modules/hosts/nixos/hetznix02/secrets.yaml @@ -0,0 +1,23 @@ +local_git_config: ENC[AES256_GCM,data:iA21ugn3r8VOyDS0T6/MiyDEP0j9wSWIE55AQ55neG9YiRER+dwJbIA=,iv:Tyksa16llda//qiZpiHp8SPQQpdl4bbu6ytO3N/NK68=,tag:lk+TCIK8xpG7Cdgx3bX2/Q==,type:str] +local_private_env: ENC[AES256_GCM,data:Vfbw+jRsrqB1oJUtMwu6imzu6UTzQ1Yirb//o4mAuTJeAZ72qgxjXcqYCP82/7IP4hHnoQ1+YFPQxvekEQ==,iv:+7sxEbsz7tT/daAqR7xYPbBpamo9sLcGUGLiclKMV8A=,tag:ckxeQeeiHlxVOa9BfEEkaw==,type:str] +tailscale_key: ENC[AES256_GCM,data:8/ZqHv/XqL9ACkw3HQfK6DCRs/w+2d4NJxEsP7/D8aZyuc99PL3MV6kDM4q1b792CthiioQrHnc=,iv:wfi1RS8PTwazMOUNc64Njoj7NylYUN0R/bx0Ggod+yc=,tag:Y359/pOlYTuykP0oOFUrfw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaC95bVRMQ2F0aTlaeGNL + QlJuNDZnQ3MwVmRVdmhQQ2hrcDVKYXhJSldzCkdaY0JRK3NGVE5OQXJwMVNjeEZK + djFjU1BJY2lVVVA2bFlWRm40d0o0SDQKLS0tIE5WdVo4c09DbjN4Q1ZSUkd0VFdE + K3NIVTBXdlVjbGZoSTdwUHYvMzRCUWMKixJlZliRrsKOQVGYwwINSmHDZm7zsLRM + k0aGV0MJUafukPMYRbT/2H7dh/yhZx/Tn0fVFHbSeLvpf9ig3x8jkQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-07T01:44:24Z" + mac: ENC[AES256_GCM,data:xB0CvralCxv3oHUha4PEdmolKGMxJYaOsIomN3V0J64Wyq/UnCicFel/uraED/LKbMBprQRsXjkh3vB9ncINUI3vYr1Cm61XnL4WEfxaUYLso0Xn1gc8rJP6qXGDSShpCaZQj+oRi4tPzNXYc1v90IKZboukjBHWF0D4zEP1rWQ=,iv:1So597QQyyrVwXXkjXRe7hgyPgghdNgr/fpdaxYjUls=,tag:6X1Ds4mfy8LjHuJKIGKmMQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/modules/system/common/secrets.yaml b/modules/system/common/secrets.yaml index 200ba37..bb0f545 100644 --- a/modules/system/common/secrets.yaml +++ b/modules/system/common/secrets.yaml @@ -12,65 +12,74 @@ sops: - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WHN1S29tU21PRmRpcGQ4 - cm9hTW5wWVRNWlBDWGtOaUlzNWZndDgzd1NZCkVJZExBUkNFOFBNTUJKTDJBR2Vs - UmVCcWoxRzdGeHAraFZoZitZL21nTzAKLS0tIDNsY0VGVW5nUkY4enoxMWFLZTYr - ay84cjcrZFNyc0d0N3o1RkV6UTdGQ0EKcCzKdxFpXpuVCP/H3vxKsj/nU5MjxUuw - kW6psp5pA+0HHozeZoN+nv4dTaaz6GQLZdY+b/tfOem81/Bl1YXnnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWnUrOGU0Sk43Vzk3WFlO + SGVvU3lwS0dqK2Zkb3NxK201UHhBcWt1c1I0CldQU3d2bHBnYTV1UHUrbHF6YmZq + YXpaUE1ySis0cnJMQmZiODVMS1VIVkkKLS0tIE0rd1g3c2IwcC9DRk5jcnpXSnBF + K2FoMlZkalRUMnFZTTZCc2ZRSElpcjAKB5KXVdpZDY3m3RI7VuCgY559cJ60hK29 + I4PexxpYlOvQqu6k29KmbjznHRIonXDLV7YPnKGGCF52/fjNOnpaOg== + -----END AGE ENCRYPTED FILE----- + - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucnA2SVNzaEVFMkpPVW9P + YUdlTmIwM05EVGZ6ekh0N25hcEJiZytkUFhJCllIdWlDUllqOUhaOW01Tzg2MnJm + YWxqNHUyOW15MlBiNThOT2NOYzhoZnMKLS0tIDR1Z1BDdVdDSGFSckxTOVFVMG16 + R2N6a0t1YmlTb05leFd2L0MzL0JTdmsKh4fwAg/AVJ9skTrgbIMNIY+E+u7U6nN5 + gADaBwJrKKcxY3tFxUkEw3/LNrVH64JDEyhqfUM6yB2TM+pMCpO1Sw== -----END AGE ENCRYPTED FILE----- - recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd1hvWU8yOUhzKy9WU2NU - SnVra1hHVjNTY05YSmhkL0JpcWo2Z0tPSmhVCnAyWWg4c2NUazA4RTZoazRMUHJz - OCtsYmVicmphMmJyVUIwbWlzaHNwSTgKLS0tIHNzMFlsMEw0eVBjdmdVWERnZzZZ - WEU0NkNvbjd4NkE0KzdhRXIxT0dla0UKxMxIMNdkh5LFm9+A9lAQNO4qWm+URRBu - dDPLuF+Jw1wkd2aZjAolOcMfdCgTS2WUeY1615bT6GoAUl96v0fQHw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UXlUK1hEMW9EUmNacDFh + Y3FRc0VGMllMTGV6WDMwL2VNYnA5RVRhd1JrCit0WWsxK3lPaVEzSzlXbXQwWisv + YUxHdnpQSGNzTUdVMDA2OXZsNG85Qk0KLS0tIFI5Z1g4OTFaZTM5K0dlcEVpVkNy + K1p6a1RkRy9JYU5rZVJZQUtSelFnUE0KkWBLKwEhDPwBFMslhXmKRCcWotDDSuwO + zrPDwr2eAlCOkNXbLga+z/onfRm7bQhY/axucQWicCQAP8rShyhyKA== -----END AGE ENCRYPTED FILE----- - recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQ3NXNU82djJnNkI0aUF3 - WHFpTTQxUnB0Ynlmb1pOUmhYQk1lc1dRS1hRCnhzbnZ5d3NIWHI3c2VtbHIrMm44 - QnZMY3FXT25sV1N3YWNGNnFpYkxUQncKLS0tIHlEb2UyMFp6UWhiam5zL0Vqa2px - eUVjdzlFdkJKQTBxRitjQ2M3TTVpcHcKs6qM7CfLvcEbpKFjfbmUJjSBLcVZ5SEt - 8MG5VefhVJiVGAX8q6SVZn15FpjLm8PtiuAWoBhi2kboLb6/faK2Cw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM3ZucFB2bk1KVmVnOGlR + R3FUWE5kOWNpeE11d0IyZ2JsUGhCQzNoVTFzCjRGSnFETmV0aU5lcFgzQ1loSnpj + LzJqRTB0U1FIR0FJZ1E0ZGsyTjVPaEkKLS0tIHlvZVk0b0t5cVByTGgrSGd0WG0y + anJlU0FDQk14UUZPcG5IdmJCR1VJSWcKvTqLLRWeBmiA/4cBrjXxeNrPBXKuLPQX + AkiQTrtC9bao22QhmJ6+ebA5l8x+rUYm6PIQpieVKRRpqZFS6Cj/GQ== -----END AGE ENCRYPTED FILE----- - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QlRIRGNwaEsrWGxoQnpp - dThhRUxBYXJ1ZlBsMmhweHpmd1hjb3RnMmhrCmg4dTZBY0kyUkxnZHZCdXFnOThS - UkJsWnBUeEc1ZG1lTkFrYnlxWnFmS00KLS0tIG5pUTJKaXJydFB5YkxVMHdPanBH - TjZGWjZqbXVhV3kvZ3dHMmJndVRwS28KE1+lw8BZLTv7zeSBw/fd2dqPS/hiq37x - VfOHwiTw9TDbbCm1pCtBl44/qB5vKlqAOtWBjM7hiv06QcZrDgfxZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYTg4SlhvUW8vdXVxY04z + SWVzOFRpeDdYdEx5M3kwaEdlNitJY0F3UlhvCkU2MUdqQ29jZHpZVG8rU2lwQUVs + ZnNna1JkR25saThiK25ocWFOUWNPMDQKLS0tIHNHbDFveHN2KzRHN20rcjBXK1lS + cWh5bGptQ2ZrNnpTbXJQNFcyNWpCOWsK2IIip2rhMMXem3ALeOvw4Hxp6HF7UpRk + YmKAoN6OwWHwgkWXxapUCTrhx4mLr/Okx9zK3B+6cVNd5yyVtrcBnw== -----END AGE ENCRYPTED FILE----- - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZkVWMGFmZU9OSXhQWFF4 - Q3pjelptQzhHK3pnZGFSS2dCUUkvVGF1eVM4CityNVRFUyswMUxEN0RSakd0Ymp0 - ZXdnVXJtVDhycVRRSmR3RWhoMk15RFkKLS0tIGR6bVljY1Rnc2JRU05FaXlXQW1H - S0YxZWZ5Q2taQks5VmxGY21CZ01IVUUKU593ro9pDrKkUGAV226dbo0dK7QnI49I - VyGJGcQ/bXEBVJazcwWGhIwA6WACY/HldrUU45WsowlVQgIwtPVkfw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMW1CVzA2YnB6OUlFTktu + SEk1UkhqalZNZklGVmo2c1RmWmJ1WC9QMFRrCjNoVUJjM0trN2F1d2lLMWd2Zmh4 + bXZFQ2hqaktQRFdCSHN2eGZQeDFwVmcKLS0tIGNBS0x1T3FCOTNmeERrN3RYOXpV + UGc5aFF3cXBoYU45WHFyU0NXajhMRzgKtPbwNjOmoe7KL6LdlFV//TF6Q5PAJ40i + y/CzPN05BlcTQNUcm/ZpFMT6Mn5l5fDER79LKyzBBzL3s3qYzdruBQ== -----END AGE ENCRYPTED FILE----- - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYkhuWllyTDk4NEpOdVFV - K1JVWUM4THNGSVpkS1V6VTZzNFF3b0xydW44CkpEYlFya0MyTWZLby9zb1dzTGNk - WElCYnpEQStKOUFWWXdVM1dWOEpMSWcKLS0tIDB5aDY3T25MSmtUUmw4YVREeU5l - WnBoZzdHb3NzSVd2NDhiUDY4YUhUS2MKZg09GBkZrL4kqpA7y/dQNVpStLjZTrYz - 8jlhf06x0L/oLrSfP4Ct0apnjHRoPJlpTRLZKEVNfE3t0E8JgW3JDg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZlhDN3k5QnZhTnFzb0Ni + cUZwMDgvTGtQUHlJZ2NRU1hhMEdPNFlYSldNCjhiTFNlUzdmaTM5bHd1RzExTTBB + bGRWd1JkK1RSKzExT2NkVkkvc3ljWVEKLS0tIEErOVdBVnA4NGZ0VXc4S1psUE9U + bnhYRDFHaTFYQnBPU0ZMUWZaaVNaaHcKryDBNTvoy2x/to0/zOzLaQLfYR9jO335 + Svt2eAxMXt59x964hLRmuaON0jxNqpVyCOFAk8UWyqq952YCerG1Iw== -----END AGE ENCRYPTED FILE----- - recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQM1ZrZHplbVRhR3Rtd2dN - N0RXazhNR1hqQzAxb0lpdCttQW9EUzYwZldzCjlFVjV0RG9oQnM4UHJNTjdnNjlo - Y3ZRQ0J0VGxUQ1NYWitWVnFIZHdSRDgKLS0tIG9GdThMKzdQaGZCcy92L3N1TWJZ - OEtqTWJvU2ptTmJEQmhRZDFDTW0zemsKol6EX/Ap98DQXDoMaY8cR9x2N02SiqYg - /6ufAo+0qxF+BS5dWdxAQJOZnTa9+xRePrlp/8bnnpJ4aalRqZj65w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5L3dUSHRLQjZOUXB4NlVi + aXRjWHJONXVsMFZKSmJCU1VYWlY5UUJXYXdBCmloYndMR2VnWHR3T3p5NytyUVZt + dHk5YWJFQ09xR1Qvd3BEWjJXVHJrQWsKLS0tIEhFQXJLTDBUWXNzYnhoZ1l3bFRE + dDQybkwzOUtraGk1U21VeHBkNUpLeGsKgBP+mn2AZmKf6v15JnOE4YeSUpsKMAgP + DbbDSJBf3zgwcUECglSB9pM09ZkxM/WA8+sBPNt7/pepUfpKWfoiIA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-15T21:02:47Z" mac: ENC[AES256_GCM,data:vZie4+27bytMtLHLO3cR5X6XsvVjoLWXbZ9gSyeJAg//TYDdojfCKtLatBb22oVyjjeoFKKqcHwVPv888Kpc8SwFIY7C0YxgmFbHXZMkUk4EWsolGPJ4V3p2GdWSRJkn/B9fM0TjvWiHASvtDNUNw03Rs6PT8fP0YTSzomKGR+U=,iv:5UY3+wj8h/uW/l3gkBPub+bWWt2kKabH5jErjmNp4sM=,tag:2DrAzNOS+dd3bNCs42PPbw==,type:str]