From 760fddae16107119978311595630a65cad2cc77f Mon Sep 17 00:00:00 2001 From: arcnmx Date: Fri, 27 Sep 2024 18:35:34 -0700 Subject: [PATCH] feat(backups): restic --- nixos/backups/default.nix | 12 +++ nixos/backups/restic.nix | 89 ++++++++++++++++++++ nixos/postgres.nix | 13 +++ nixos/secrets/restic.yaml | 157 +++++++++++++++++++++++++++++++++++ systems/hakurei/nixos.nix | 1 + systems/hakurei/secrets.yaml | 5 +- 6 files changed, 275 insertions(+), 2 deletions(-) create mode 100644 nixos/backups/default.nix create mode 100644 nixos/backups/restic.nix create mode 100644 nixos/secrets/restic.yaml diff --git a/nixos/backups/default.nix b/nixos/backups/default.nix new file mode 100644 index 00000000..9623deb8 --- /dev/null +++ b/nixos/backups/default.nix @@ -0,0 +1,12 @@ +{config, lib, ...}: let +in { + users = { + groups.backups = { + gid = config.users.users.backups.uid; + }; + users.backups = { + uid = 919; + group = "backups"; + }; + }; +} diff --git a/nixos/backups/restic.nix b/nixos/backups/restic.nix new file mode 100644 index 00000000..59687db1 --- /dev/null +++ b/nixos/backups/restic.nix @@ -0,0 +1,89 @@ +{config, systemConfig, lib, ...}: let + inherit (lib.modules) mkIf mkMerge mkDefault; + inherit (lib.attrsets) mapAttrs' mapAttrsToList nameValuePair; + inherit (lib.lists) concatMap; + inherit (lib.strings) replaceStrings; + inherit (config.sops.secrets) restic-shared-repo-b2 restic-shared-password restic-shared-env-b2; + group = "backups"; + # TODO: this properly as a module or something + sharedServices = { + hass.config = config.services.home-assistant; + grocy.config = config.services.grocy; + barcodebuddy.config = config.services.barcodebuddy; + kanidm = { + config = config.services.kanidm; + enable = config.services.kanidm.enableServer; + }; + mosquitto.config = config.services.mosquitto; + plex = { + config = config.services.plex; + compression = "auto"; + }; + postgresql = { + # TODO: synchronize with postgresqlBackup service via flock or After= + config = config.services.postgresql; + subpath = "postgresql/dump"; + }; + taskchampion.config = config.services.taskchampion-sync-server; + unifi = { + config = config.services.unifi; + subpath = "unifi/data/backup"; + }; + zigbee2mqtt.config = config.services.zigbee2mqtt; + vaultwarden.config = config.services.vaultwarden; + "minecraft/bedrock".config = config.services.minecraft-bedrock-server; + minecraft-java = { + config = config.services.minecraft-java-server; + subpath = "minecraft/java/marka-server"; + }; + }; +in { + services.restic.backups = let + isBackup = config.networking.hostName == "hakurei"; + mkSharedPath = subpath: "/mnt/shared/${subpath}"; + mkBackupB2 = name: subpath': { config, enable ? config.enable, user ? config.user or null, subpath ? subpath', path ? mkSharedPath subpath, compression ? "max" }: let + tags = [ + "infra" + "shared-${name}" + "system-${systemConfig.name}" + ]; + in mkIf (enable || isBackup) { + user = mkIf (enable && user != null) user; + repositoryFile = restic-shared-repo-b2.path; + passwordFile = restic-shared-password.path; + environmentFile = restic-shared-env-b2.path; + paths = [path]; + extraBackupArgs = mkMerge [ + (mkIf (compression != "auto") [ + "--compression" compression + ]) + (concatMap (tag: ["--tag" tag]) tags) + ]; + timerConfig = { + OnCalendar = "03:30"; + Persistent = true; + RandomizedDelaySec = "4h"; + }; + }; + backups = mapAttrs' (subpath: service: let + name = replaceStrings [ "/" ] [ "-" ] subpath; + in nameValuePair "${name}-b2" (mkBackupB2 name subpath service)) sharedServices; + in backups; + users.groups.${group} = { + members = mapAttrsToList (_: { config, enable ? config.enable, user ? config.user or null, ... }: mkIf (enable && user != null) user) sharedServices; + }; + sops.secrets = let + sopsFile = mkDefault ../secrets/restic.yaml; + mode = "0640"; + in { + restic-shared-env-b2 = { + inherit group mode; + }; + restic-shared-password = { + inherit sopsFile group mode; + }; + restic-shared-repo-b2 = { + inherit sopsFile group mode; + }; + }; +} diff --git a/nixos/postgres.nix b/nixos/postgres.nix index fef3f32f..7752f768 100644 --- a/nixos/postgres.nix +++ b/nixos/postgres.nix @@ -38,6 +38,19 @@ in { } ]; }; + services.postgresqlBackup = { + enable = mkDefault cfg.enable; + compression = mkDefault "none"; + location = mkDefault "/mnt/shared/postgresql/dump"; + startAt = mkDefault "*-*-* 00:30:00"; + databases = [ + #"hass" # only used for recorder (entity state history) module, so just a useless large cache? + "invidious" + #"dex" + "keycloak" + "vaultwarden" + ]; + }; systemd = { services.postgresql = mkIf cfg.enable { diff --git a/nixos/secrets/restic.yaml b/nixos/secrets/restic.yaml new file mode 100644 index 00000000..15a637f0 --- /dev/null +++ b/nixos/secrets/restic.yaml @@ -0,0 +1,157 @@ +restic-shared-repo-b2: ENC[AES256_GCM,data:u38WuYb62lp975YZ/gromxWx42iWOSKzfvMaPYQ6mFQ4SQTw0vYLglHoZbzT4j3NFK/jaeLmD/g1G1G7,iv:ES9OFQLKMQi/JHiCPFV3HrHyDmZLSPIon3Z6TFkrsNg=,tag:TTg/ThCEnoiFpyRlcD269w==,type:str] +restic-shared-password: ENC[AES256_GCM,data:SfZEXkRx1bJE0aRu7lPiHsM4/zdVAul2xIPWW42cl1yAg3RVDMcp0WVXSPXk1pQR,iv:7QAMSQ37t0QbQaltk/egDlIrTlUgC4leK2lcZQDTSFs=,tag:KUn4AgRAgLthuG7APi1gtw==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcFRIUmdWd0N4V1cxTU5q + LzZWWlAvZ0Jhd0JTc2ZrUmR3N3k3ZmxlaEI4Cno3OWYvWml3VnI5SXVQWmtsbUlB + ci9XS2MxWjhXaTF6M25BdXFlNW0yMzgKLS0tIHM4YXdjYTVxNzZqVDVBdWtkYWhj + MkY4SFkxdTZ1MGxKdUxYZityS3JrdmMKB25ME24dJdCOVolBcS/FeAe9XdrUsOMK + bJRatB6nxTlzeczDFd2aWGy+/6Ztxrd9Ilc5eFZgOZHguU48EWXN7A== + -----END AGE ENCRYPTED FILE----- + - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySmVGbHVxRnErVUFWN1Z2 + bmRiU3NMUEl4VE1kNEYxUm9HZW9xMVluRHg0CnhpeTR2Rytnck52bjdaWmkzdi8y + UGdIUGIyZzVFR1JWNURhWW9OcitwbE0KLS0tIFRiY3NPd1F3KzA0VnZ4dEplL2Jj + aDFYek9MN0F4b2RSZmR4K1Z6YU5UVWsKZCbI2JNlgX4CxQ9Y5JhddhiPnTEuCE3T + ao7iReVCoeCMgc6Kq93VzMsWZQj3kgBlR/XuZSaCfMgtmG10p6p8oQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQlFsZHRyMk1zeEFOWFl5 + dXVqV0Z4STM3M3V6cWJDamNTc0JuNDVrdkQwCjZOSkRNcUV6c1ljRnhVR3BvZ2Ur + VGdoUXN0WTFiQzNJQmZYVU4xOEk0Z28KLS0tIGc1SGFzOTRCWUdxblpXYmZLVjk3 + amNyOTZwTEdZZ21XblJlNjdrcEZTUVEKHPZSpWRNuLpzE+SxZeiRrfvIAWe76A8K + oqQbOMOWP4+tCtwVUcO/UcmcYQaF7E5XGpqf3jE4W4fOmmjDWm+6vQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0L1BGdFlxOHdid2RZbGND + NC8yRy9oYmNkNDR2Nkd1SUQxVG9XeUl1dDJZCll4d1VRRjRNanBXRXM5aFpJNWVF + RUtoMitZS1hLdkJjSnNaMmhCcktCd0EKLS0tIG9MSDMzQ2pSUHdTWDZsQ2UrR1pm + TXc2RWJlMDFkZE1Lc1FBK3U1M240Q3cKwzof0LudBd3SH4cxgZLxg4tB19qSho1q + IbziETKVChcokhwxLOrrFfdhQirRN4lj11Db4uxPuCyAmjxWGSzBVA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTmJsZ2JYZVNBb3NsQ2ZL + SitaRU9YbG5pZjdtdUdLckFBcnY0TWhTK2xFCmZ2MTdDOVpkTFlTalRKV0JtR210 + WjJUQUQ2VzFLbWRIbTVDZWFsOThwYW8KLS0tIC9Lamt3MGtuQVRjR3BYM1kwSHgv + dDVIL3ZLS1ZmQkNZb0kyS2crNVJBN0kKgKng9O4aguLD6Ygkmj6V/v4XeSVjiOiH + pJOhw8rsvefkPnT2WiB2wshoS6fPDpmn1WY3RPXWQDzztOQUmJzheg== + -----END AGE ENCRYPTED FILE----- + - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL3duZENkRVJxNHdzYWxP + WW9CSzJBbWhtbE9aVGhuRytBc1J0OTR5SlJjCjh3K0J6bnpCc1dKMVRKcUUxNnFt + K1h5eWJOVC9GajZ5TUZSVEtSbWJHNDgKLS0tIGFURVFwdkE0UllFcTFuRy8wQXlo + dnhPMWZmMVV2Nko3WXdJWUlxTUx6RGMKtPOaGa+mKDMHRfcCy4jqqtCfNC6SiAJN + 5DzbQW7lGOtz0Sk4PcLUkukg7Go4/PkPtKF459rajSMF+Fp3yO0y6A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1xg6zm9t25wjakljm54m38pjdr9q53jysdcl82r5xwkrn0cgyuvvsuh63eh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RmtrUmV1NFpHYm14cXJm + TlZQZUwrcURJdlhsVmo1UmpRK1pkM0Rvd3lvCmIrR1ZRRlJ0RUMxbnpvbFExTjg0 + dnE1WEJCWEhyWERWRkFMK0Vtd3UwcW8KLS0tIE9rK2Z4RkpTdTc4QkJKZlJ1NTc4 + c3BSVTJqL1NUc2hXTnBQYm45UGZja1UKahunBqn7PbhnRkO2F3h4J7/gpjppiVG6 + QaTpaMa/p/YdvQifj+EFUEE0EKZV5ddI0bydiapqq3mDatjfAAf4dw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Lyt5US9lV0lpYjhjWEZU + VzlFUStIQytmYmdycUVZS2xYRXI5cG5MK2dRCkNBRGpCeThSbTMvOWpxZGtoeXZt + VVp1ZW15czlLeHNrOCtTOENtUzVpZ0kKLS0tIEV0dTRNOVJMZHJ1OERwNTZTcndN + OFY4U3IvbDdyWEowdnJkUXd3eEh0SzQKnY79a15VJg96V2kZlr3vp2su84ed/NLM + bXUzbSiM+2hAK+GvcVw1jtHEzmy+iHln44mOiiwxFdCwR1ANq/iUHQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1azc5Q3kzQ3VEQjZ4WDhm + Y2dZOUNlYmtNd04vSGtFNkhwbUlpYThyTUNJCkphRHJGRmZzVjJiejEyS05XOVFk + N1NsVmlpVGQrbVV3SVNiTUYzS0RoQUEKLS0tIHhOV1dMVTAzbTNPUUVWZWFWZ0Mx + N2g5V3NycnlsV2VEQ2c5NEVrbTNjTWsKEOHrYeNSUCE0DulOTnHvXO0hcN3XhDD1 + iTJ6tKQoITRAaJ0rtTHJiODfgvY99FFPZlckIIw6M93EWyD81E0d3A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ehdj6hghtr8sf5s5c03rru4y3a02nwrt694e36tjnd6g7eq4l43qfradn6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcW02WDIzeEo4SndmZURO + YUhlL1R0YktjOXBMWURMQS9FNGxIdjdPU3l3Ck9MQmNXWEFES0NUcVh6Vkh5TkRh + TEcwdXJ2bVZMT28xTmpJVitFK0dFRlkKLS0tIFhnZlJ1bDRGUWVqSVhIL3JDMFdS + MVJzMFZzYlJ0ZjRha09MR1lMK3VFZk0KXn4BDf0g01sSYSdU3XPeeXUTNJ38Bijp + l7BnqbUxpp1qpX43bEu9iV4z1GNzs3cb27zRbXgpHeBLKW4DUfS4nw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvM1NVT2pNUENIemFsRDdR + SUdacmVFV3cxVmpTUGhHTFhvZjljVDJodDJrCkczUFNhNlZhdUx6OGFhemNkczhs + S2ZyVm0yMmhlTlZtU2NWRG52Q2lnU1UKLS0tIE5ZcjNmQ1dGYWVZbGt2cnRrUHIr + a2RyL3dLaHp1RWtvaWhKbUw0Sk81WkUKacxUoV8DaHgarccwO0qgpw1P3I7Ga6t4 + NRtt5bO7Vw1qSrmeGlOgo1YCvvy99+5J2mEFBZxPB/IyVCg4GLy7ow== + -----END AGE ENCRYPTED FILE----- + - recipient: age16yjxkz4pzuu5qqenmyh9ecwmqkar6ehclvss7wx7mesdntwwy9ys6e7m3c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGphdy94WThWc0JHWjFH + a1prQ056c0xpRXBIU3JqeWMrWlI4bElEcEIwCjQ2MEV1eEMxTUFDNWFoWDAwSXRk + VDNLdVYxQ0UzcVNWSUlSTnl0N0p4d00KLS0tIGlweU9EZjJTUEdWdEZHUE4vY1h3 + R0Z1dEFnWndpNE1YQ3Z6NnlFcDlYVUEKmP8XxeQu35Dq555l9e3h2CexKDNXBI+M + SWDobnUMkfzf9E2Znbtf9v/H28AqdDiR9WwHbsawIoJVk2dMWIyc9A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-28T00:55:11Z" + mac: ENC[AES256_GCM,data:GEfVFwn5ifevDhQcQnlhV+F56bajrMqSkP0GjR9c2o4rtfa5JWmvAJnqOJGxOhpeFnZcgUbXqaJt+uLnve8SoKGEb/dMnvbU4oO+mKhH9/aoecAuHfIeHZNPw63p3ncojFTov3U5Z/X/Pw9KaWDqesVtDeN4INizCJSJs29EzrE=,iv:sHbQog8BdbOpYr2v94YjcRm/YbZTbQYjM1aPX2XG1AQ=,tag:zvNNioCKecSCq498q1HRyQ==,type:str] + pgp: + - created_at: "2024-09-28T00:34:30Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/9FzRSDYFEFqNVkEzgZdRhPl7vf36K0jFMQ+7WBaUsx2TG + y0zMEWkck0ayJEHqBHPIsbVOeh+aOLw0LCMfKxu75ZWLtUorVMLD84AztdHl8LpL + WntNSYi5iCihHV4i9YYvopInpIL5KRu0QzptoJQQqZwsJHz9gHB5of48icCIfyG0 + r19YikLHHhLSy/5fg7TrrqCzuMUE1ufblZiDGXLWfhuUkkdDTomDcNBSn3mu+1qa + oVXK0a/SLIOcXds1uDWjQea/XowGYzZvH2aF/X+U38TitEJ8cx64lDfKagPHwppQ + Oh85LPb9r/5/vuzs3BQ2saFurjGO7zr5qGHjkB3ICXdXxFecdMwZeohUCN5atPUO + GCQGZbqD75WsJsPV9VgeNliqFtvi+Wmo+xRWpqBpFml5iX+SLQ4Klvcg87Fuw79N + QmDdyACdp++NSEvZ3OR0zZPSn62v+ojq9+YhragSB72X17Ufkpfq+a2PRixz82gC + Bh3FN0Z7z2z7+bhaMPAX+O2KlbQqHi5N3tU7yMnD+j4IMl5Xy8NbWc+rbcQQ8ytg + Jn9bSlkjtwuHktnk/be4eKvKkbF0PnmiJufw0Gn+mHoDgekFSl5F0mKpqYDOP6m9 + hE0KIN1duXnV3Iyvy7QFWgfv6wv9hCytoSXM4gsBjFgUIOrvMICIab1fHfdzgBvS + XgEDq6HCf/xWkXM5CW1hp2EGGETkjqHoJWQ/XppDtqduGoXv7s9sQOOuDbiUPYFb + ZNkq2Oo4zTpdWUffrjZupxWye58NkG3irIS9buVdVV0NeX6FmDgQJPTIZtIesc8= + =XL7a + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-09-28T00:34:30Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA2W9MER3HLb7AQf8DPn5pHq7VRzvpfV0WJq47u91a7Wx4migC+5dF/V/YhHY + 1LXJEEUXBfnnhWzFH298rREG6oxNkw305mXpBBnm4gv9qGNPDS1Dmgbg++cJgeCO + +oWrvckn2CzATTazXgfqrMD03bxFCfvqzV+VDxGQ7vB1hwiX39g6aKxe94fKriQ4 + CxQFKV72WtllSErJ5Azpa2y0TfaE9M7UbxQVOhawqLersFC7Pj3BXSzGFSOjjRo1 + XuV0YWPsIz1h4AMuSkGqPk//VyEj7IAuhQ2oSwmDlZepzvTxBrLvvyr+Eu3OORFi + z6joFIs4EEwFoPT/aLbsLBy7ABaSpXf7Pf8ROVceRdJeAbn1RA/NjY2Q4Q9jJRkT + Hg7iYuOfs8Fty60umO2JeEvb4jAq0s1vT2ErjrHV68SGdeNJczO2fNqNio7ZMeQx + JPvt+uIvxtzHD18MWESMVeT25+qvETo7r4Sn/KtTAQ== + =kJZE + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index 11637d9b..4cc6bfe1 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -25,6 +25,7 @@ in { nixos.systemd2mqtt nixos.ddclient nixos.acme + nixos.backups nixos.nginx nixos.vouch.local nixos.access.nginx diff --git a/systems/hakurei/secrets.yaml b/systems/hakurei/secrets.yaml index f99a6bcb..7e3d154c 100644 --- a/systems/hakurei/secrets.yaml +++ b/systems/hakurei/secrets.yaml @@ -2,6 +2,7 @@ cloudflared-tunnel-hakurei: ENC[AES256_GCM,data:Pwj8/8RSLrfylwl1Et6SHOJSMWxm+Kn1 tf-proxmox-passwd: ENC[AES256_GCM,data:kLLFPr5jILsUt7yecUc1Eb1V9hXEUFBytT7ehcwLv7W9Vfar/BdMQasNecs8S1Ilt7uAjpiXIkNGr5hkktNanIegJw539B43Pnk=,iv:rOy27QkhMM7LrNgYoHgZCwoZHtzUzDrUnhroLSqbKSw=,tag:HkFBkiws/jlQmXP8SpcUYg==,type:str] tf-proxmox-identity: ENC[AES256_GCM,data:DxcMFL9FqeulnxRZZHn4ByuRBPSI3hrAntvtwONDFIJhm7G9X2YPij9K36Sl7pE9oTHu/BQCFQdypt4LJyLVIg2AuTJusf1UCR1YcECEPnjFkJybM2Ggiuo34rrJOZh3b9SzD64ks4fFgv9S5P1JuOW9LewjH75v0iAZHvskznak0QiVgPy24pnRQwpR7znkjrH5Hmx9UHZ4JDIw7y8rXWBl7/HOV8mAsZOWZVwuhtKt+se/CDlaG2AlVJJmCjpAi5bi0yfhXlWXfjSy6cyhVCgiv4Ua+V4F+JSyZHk+wMEmICROWzmUuu5ZT2iHkh1SS9AutH307JNF8muDVzdZUVxdpQQHEFCu+SNjhEdcgJdmSZ3O04glzPZTBTAl2PLFGKXMKq24bLtBQquoWw2wneu1/Gha6bIpMjxJFmmaLaAoL9OPDysBALsTJxpsH38g12sk3t2Lk2EYCluyp313CTmWDVj0O8DT//Daigvk2eFmc72WCTsY4bucof9mF4/mzDAdDZDKOx7EAYVJmYgRW8HJK/nv4MQEidqy,iv:dUUGP+HspbqutGpcGxrVn8071S+h8nobUlfgUuFz9io=,tag:HhgrC6699p36RFzpSwvf0Q==,type:str] krb5-keytab: ENC[AES256_GCM,data:53lA9ZRGpQIY22s9xtdRKOI9kn6flNcBlME+0qxH0/DfsN6PMORkHPz34lehf56BZbO1pnIDa8STh5xJGi4xlwtkvkGN77LrLwWgnveenGpCFQ+XNLY1sdl9pbuCppJ1fRq72rGvF/EjOLY25kmRWUSLz9h94yJXsFcIpxrqxywqr579MBHMBjHseNWC/8w6DQLMZLXULrNJTIvP2FICbiUJj27EheBzbbrKtWT269qTsCxp7To7E0uFzPonpFvMDPhKwvnAPVQeFDfThQrHtbWhWrKBgLfq/RO5E7hFWGGrh3ZEs27jxJ3AHuuflI6DEZYGszB1fGRSNHLd5NCvcoSy26WRzpnepneyoZdDsx2SGubDy343vY5tN1/yIngsnL3jK8/4/L+RknhjIgnPNk6foAIphGMhDp6NWMFuTo1MlsuYjl3tnqShmOFt/Sep7JuFN27qN8NwsIIH+rDA49/LSPj2g89QQ/vPHBXjycjg0gKWjofrd73P3C3z5ROdUS2Ge9gF6VerbSRxPaD1O25HQ94x2/qZcpRv3NgzqC5w2Y0HkcnuJGmnOjLwiQ8JoDWY1ZEasafXXz/ffTkMycL3wH+NyLuGlu5FQG8VPfps+O1qz9Pkq11bzkugSZ1PBdOA9ki4RcVdms6ivIQWdjWTsz3Xi/Y0KBnjylY/qGRepBVJ5I1wXb3jcZkm8PCdL40ObxlcIX43bRGW1mqY9zKDkic6FXmwd0LdxO+z9Cd/r33X3yf3wDoCKwhngQVJqjQySGj+E5sJST1SfrrQTRyAbu9ca+hEkgq2o5x9PsJvkGj7+h9fXVWbo9J0NFqFHOtMAcom/HFdkiBhxVeTFoHNVpgKlY3QSR0OANXmvJ5lNZONWq7nOVxAy60fUC1b5ZjuoaRmt5t44HWbNb6HW1kW06Q901ZMFR29qE5F/ciJ3DsT3mJ62hJMdOc3+m1wxY+INarPeZvdbuC3mQekZvbjQJVYXD/8DIg93+LPMvD88vymIVWsdrIzzH9JzHwEcEuLTv0coLXsRoips8dV6c1KjZr1uQz42FuydxdIXFy6pwZ8C2bD7Obla8mUqe6vniX0xHtuuAOxsZzJFIMgZqaPZnMG18J/d1Lw/a2UZw9iFzh6MEirGSviMcIV5sVgYqo27qr55OKxeRDmlb/WQI2qrt50TtYNdItVGlnJKmDBw3+txU5+toqxSdlTMRmQIQZc7y/iXqLskXlwaWQLuAoXKHIQ8JGbvw2sZLzIcy6LIQqLQgQwmB+u4ZwExjuJ/h3EkBK3VzA0P014CphkWrQIpva1k9JUhbGvfM6CO32xEZpWWtThov0bGcNDTa/OB2JuGD+FpiCf3q4w5kXbMdSLpm+FQcEdZAHJbgHOAeq7kGNJ9f6yVsCi5DZiH/F1DUqhrRCJXz2yxVlp8JsQG/8WeTM1+w/jl3e6MtejRa/OQIwOa+c=,iv:210i0Kj0KVXIg8DTDlsJYyuxjAd1ASGvqGlHOhYLLNY=,tag:Eb42niH6t/Dpgw0scblmIg==,type:str] +restic-shared-env-b2: ENC[AES256_GCM,data:D0gqrv81u5OltvcnYwIs+KEX4L269LRz9cq8hTfXN5ZMIuFOuBmWbyefqMgslTBlF46pLnL7TO/WLjHzvfLdOnhd512sxP5kXtymI7/yy9cGSnkdq7E7S9vDQuu26FR1QA49TD51rU+tts/XLAKFo1E89HfDVrc34U02tcmg6VIc/D0cymMSiA==,iv:He1WUw1DOgG4U+fOb6xGKypl1YoHzHZjnQV5QqvNHUA=,tag:51jGG+LCg+2Zx/HthRYwpQ==,type:str] sops: shamir_threshold: 1 kms: [] @@ -18,8 +19,8 @@ sops: ZEpzdWJZWGdEaElLZUc1YW5ON0YrM2MKk/dZvaFVzfkMD3poreaDGfJwG5j5fL3L kuV/3fEHBf5HszR/VTy/bZ2+abN6x3UG5h0l+QaS9ux+mtwFCyYYjg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-05T20:34:57Z" - mac: ENC[AES256_GCM,data:HiKKvpvkZK4oTVgbFMHS+sducf4y15/6jGbeBjcXRZVfBQQaHKP/OTgkVtsFmX+qIpwIBVOqmPtEkRiBqlGXHtnsD7e0JczWLxKh3s/rf5pZKRTnS7hROWAP48qiIEqSNSy4kkltHOsnz/W2n0+nXe1QoMmlXnCvG1mVbVrJvPo=,iv:OtkteqXGWAcbQi0zyy/1h5FTgw2X8Qbx5i5rWvCrLOc=,tag:V880Zj9cpKUjoi6Bj+SFIQ==,type:str] + lastmodified: "2024-09-28T01:04:05Z" + mac: ENC[AES256_GCM,data:bYXytlvd+oZLkbAIxDis79XkzPCWBv8yNkWeMShjt59ND/qJtNwrqVoaf6L5sw/kcHk6laiI+SeccCo+U+YuTYrA4kqODTHalKWmZSYMLGr6LuTZggfedx2ej7vay/0EK2hub2jy1IR9/yBWLfrapLi2h2XDu2h/nzwMyAXkx68=,iv:4T1/5SkR961WPZRINqVc0rU4VrH7ywAGvSajodpUaVs=,tag:0KLdlio7hZ33TEkbyJ0bGw==,type:str] pgp: - created_at: "2024-01-19T18:57:37Z" enc: |-