diff --git a/devShells.nix b/devShells.nix
index 53341c8a..ea556eb3 100644
--- a/devShells.nix
+++ b/devShells.nix
@@ -8,10 +8,13 @@
     name,
     attr ? name,
     subdir ? null,
-  }:
-    pkgs.writeShellScriptBin name ''
+    exe ? null,
+  }: let
+    subcommand = if exe == null then "run" else "shell";
+    exeArg = if exe == null then "--" else "-c ${exe}";
+  in pkgs.writeShellScriptBin name ''
       ${optionalString (subdir != null) ''cd "$NF_CONFIG_ROOT${subdir}"''}
-      exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#${attr}" -- "$@"
+      exec nix ${subcommand} ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#${attr}" ${exeArg} "$@"
     '';
   nf-actions = pkgs.writeShellScriptBin "nf-actions" ''
     NF_CONFIG_FILES=($NF_CONFIG_ROOT/ci/{nodes,flake-cron}.nix)
@@ -84,6 +87,11 @@
         name = "deploy";
         attr = "deploy-rs";
       })
+      (mkWrapper rec {
+        name = "smbencrypt";
+        attr = "pkgs.freeradius";
+        exe = name;
+      })
     ];
     shellHook = ''
       export NIX_BIN_DIR=$(dirname $(readlink -f $(type -P nix)))
diff --git a/modules/nixos/samba.nix b/modules/nixos/samba.nix
index 198db7a5..986dd126 100644
--- a/modules/nixos/samba.nix
+++ b/modules/nixos/samba.nix
@@ -56,6 +56,13 @@ in {
         default = "usershare-template";
       };
     };
+    guest = {
+      enable = mkEnableOption "guest account";
+      user = mkOption {
+        type = str;
+        default = "nobody";
+      };
+    };
     idmap = let
       idmapModule = { config, name, ... }: {
         options = {
@@ -133,7 +140,7 @@ in {
       ];
       settings = mkMerge ([
         (mkIf (cfg.passdb.smbpasswd.path != null) {
-          "passdb backend" = "smbpasswd:${cfg.passdb.smbpasswd.path}";
+          "passdb backend" = mkOptionDefault "smbpasswd:${cfg.passdb.smbpasswd.path}";
         })
         (mkIf cfg.ldap.enable {
           "passdb backend" = mkOptionDefault ''ldapsam:"${cfg.ldap.url}"'';
@@ -153,6 +160,11 @@ in {
           "usershare path" = mkOptionDefault cfg.usershare.path;
           "usershare prefix allow list" = mkOptionDefault [ cfg.usershare.path ];
         })
+        (mkIf cfg.guest.enable {
+          "map to guest" = mkOptionDefault "Bad User";
+          "guest account" = mkOptionDefault cfg.guest.user;
+          "valid users" = [ cfg.guest.user ];
+        })
       ] ++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains);
       extraConfig = mkMerge (mapAttrsToList (key: value: ''${key} = ${settingValue value}'') cfg.settings);
       shares.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {
diff --git a/nixos/kyuuto/mount.nix b/nixos/kyuuto/mount.nix
index f23cd451..4700edda 100644
--- a/nixos/kyuuto/mount.nix
+++ b/nixos/kyuuto/mount.nix
@@ -41,7 +41,7 @@ in {
         group ? name,
         enable ? !config.services.${serviceName}.enable, serviceName ? name,
         uid ? config.ids.uids.${name},
-        gid ? config.ids.gids.${group}
+        gid ? config.ids.gids.${group},
       }: mkIf enable {
         users.${name} = {
           group = mkIf (group != null) group;
diff --git a/nixos/kyuuto/samba.nix b/nixos/kyuuto/samba.nix
index fdbeaefb..33d8628e 100644
--- a/nixos/kyuuto/samba.nix
+++ b/nixos/kyuuto/samba.nix
@@ -19,31 +19,41 @@ in {
     };
     shares = mkIf cfg.enable {
       kyuuto-transfer = {
+        comment = "Kyuuto Media Transfer Area";
         path = kyuuto.transferDir;
         writeable = true;
         browseable = true;
         public = true;
-        "acl group control" = true;
         #"guest only" = true;
-        comment = "Kyuuto Media Transfer Area";
         "hosts allow" = localAddrs;
+        "acl group control" = true;
+        "create mask" = "0664";
+        "force directory mode" = "3000";
+        "directory mask" = "7775";
       };
       kyuuto-access = {
         path = kyuuto.libraryDir;
+        comment = "Kyuuto Media Access";
         writeable = false;
         browseable = true;
         public = true;
-        comment = "Kyuuto Media Access";
         "hosts allow" = localAddrs;
       };
       kyuuto-media = {
         path = kyuuto.mountDir;
+        comment = "Kyuuto Media";
         writeable = true;
         browseable = true;
         public = false;
-        comment = "Kyuuto Media";
-        "valid users" = [ "@kyuuto" ];
+        "valid users" = [ "@kyuuto-peeps" ];
+        "acl group control" = true;
+        "create mask" = "0664";
+        "force directory mode" = "3000";
+        "directory mask" = "7775";
       };
     };
   };
+
+  # give guest users proper access to the transfer share
+  users.users.guest.extraGroups = [ "kyuuto" ];
 }
diff --git a/nixos/samba.nix b/nixos/samba.nix
index 879a5b10..d7bafff2 100644
--- a/nixos/samba.nix
+++ b/nixos/samba.nix
@@ -1,17 +1,12 @@
 {
   config,
   lib,
-  access,
-  pkgs,
   ...
 }: let
-  inherit (lib.modules) mkIf mkMerge mkDefault;
+  inherit (lib.modules) mkIf mkDefault;
   inherit (lib.lists) any;
   inherit (lib.strings) hasInfix concatMapStringsSep splitString;
-  inherit (config.services) samba samba-wsdd;
-  system = access.systemFor "tei";
-  inherit (system.services) kanidm;
-  enableLdap = false;
+  cfg =  config.services.samba;
   hasIpv4 = any (hasInfix ".") config.systemd.network.networks.eth0.address or [ ];
 in {
   services.samba = {
@@ -26,6 +21,10 @@ in {
     usershare = {
       group = mkDefault "peeps";
     };
+    guest = {
+      enable = mkDefault true;
+      user = mkDefault "guest";
+    };
     passdb.smbpasswd.path = mkDefault config.sops.secrets.smbpasswd.path;
     settings = {
       workgroup = "GENSOKYO";
@@ -35,17 +34,15 @@ in {
       "winbind scan trusted domains" = false;
       "winbind use default domain" = true;
       "domain master" = false;
-      "valid users" = [ "nobody" "@peeps" ];
-      "map to guest" = "Bad User";
-      "guest account" = "nobody";
+      "valid users" = [ "@peeps" ];
       "remote announce" = mkIf hasIpv4 [
-        "10.1.1.255/${samba.settings.workgroup}"
+        "10.1.1.255/${cfg.settings.workgroup}"
       ];
     };
   };
 
-  services.samba-wsdd = mkIf samba.enable {
-    enable = mkDefault true;
+  services.samba-wsdd = {
+    enable = mkIf cfg.enable (mkDefault true);
     hostname = mkDefault config.networking.hostName;
   };
 
diff --git a/nixos/secrets/samba.yaml b/nixos/secrets/samba.yaml
index 7c79ae78..a908bff9 100644
--- a/nixos/secrets/samba.yaml
+++ b/nixos/secrets/samba.yaml
@@ -1,4 +1,4 @@
-smbpasswd: ENC[AES256_GCM,data:9dpSVTTjpUKyNlo/8BhQbjyTqblkr1hF17ML0fpqik/1W75sDmn9enRfR7GtTKztRTxAbRTXS9yP9+ngIJREF1XG6gERK95H7cYm00Ep1D23qz66caWW1VuYYH0damnVhEkAfJO2t1yhbqA0uWy9WToAyOfyh2XJgrLe14P0rYw9QPjrpqxByXb29lNpINVuZKLWXbresqH6X9Rqd63tT6kRXtMVMdyPypEvMuM7N6/UjHFgCgNW2Fdfch1VSPwxj/C3Z1ZOIRz9AMQu3lU=,iv:xl8VAaeF1zYplm0XHDU8H5fMmxKSko9hdGO2971F01Q=,tag:HK6DMGrhiz7OGs5e/6Sr5Q==,type:str]
+smbpasswd: ENC[AES256_GCM,data:T9ajprFSoJ8zot3GKKT44Gkc18H/R2O/sVcwoxkCcn8cNQoD+uCOv7t9dDKnvGQKSF6FsC9WxUSL6ZetR0opxH5nvULGpc9WCoxFn6UPZpDRFtp9J3WMbFGNzw+dnwlKJQVy8WqAqajlpjV7+OR1Q+nYGm0EwIjO0JSqE5fX7FcDBzUQJr5gry14Dvzpzh04rOqsGD+aAGXcJLEJej7zLeALPCMOy21VdpKt0wzd1PfeowJCMdIoLAYTlGl33gbONIIEHefa1QY3jn6ZRGmoNF2qWmwueUguak9kdACtocUrJcUhnpbSC3h4HrNVTcMuvoL4SrJ/kxec+Xzv23zc5ylffkpT2XuKjk7M6uiwe+tgVczxvnGn5rtp33nBszausrO9JwD8I5l0pW+BSApdpaVwMv72cNdMRV9nPuUGY/uYlcQ7nTWKypJnmcbbcg/w+WWCfCdSx4HhWN26oQotivY+unrWL/uHkYjVUzefh2/s0cmBbS0wrV//haqkUFGw3oJgM7c6nHYnCNugdYhsrB8u2gRTy+jvZrnYY4ukuuoYiLrXOYVcS38Co8PphCX2h/wnwzVyneaWHg5ttkvf+cEU6on3efzSKZamt+HsbwHB5M/4oiUEDWMH4K6X/xF3cTgHTV6bxUTL/jzLNwW6tKl9bjHnkAjNb6iYOIVXT5KjxpLfcwXr/SvRCINNN1enAEU=,iv:rXRyeDF7kUtfcOhHI8ILCCg9vpHDzCKn4K/2J/dEZLw=,tag:OZ7r2mu9xPTI7JJlddafkg==,type:str]
 sops:
     shamir_threshold: 1
     kms: []
@@ -42,8 +42,8 @@ sops:
             VitlT3d6d1FOSzFKTFRIWDU3cmJ2aXMKDN7HPa6pQSZd21cLvfk+sYvLqZm9eN+7
             K1v7M9MXLY+nh1YGGbtDbWHh09p8g37tS1OwgGAiETh+z7hWsGHYdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-30T23:29:25Z"
-    mac: ENC[AES256_GCM,data:I/ijClic5JxlFV3ICyMczq3t4xo5V2trhl5B97HIwrgmDGtKeCiHjQc9TE/OtunvLUXaH3W8zjHWCsJDT+pFD0YO6EVo4G0MtJe35GNMsDT1x2Uwny13tTxWjKtjmP9lqB0I+cv4uL42vbt7Bdl3lv3jw0Hz/2wvlvnSUpPdFMo=,iv:YnVT6FvBhw5P1IBDNlRuxE9lk8tCsxR2JzHSYMA6dr8=,tag:MVayewWg5Ny/5lPwu90B9w==,type:str]
+    lastmodified: "2024-02-09T21:54:53Z"
+    mac: ENC[AES256_GCM,data:tlGNpKn6rWCawNkmCdWJZRQqmNhDHFg5qAxMWRJ7A76I8/1XPZHXjG8m1vw9VaP3XDO15FPrLDUsAsVImXs0xc769GzlYsOa/WhjSbtrbT+WsAU6nXMs1OksKhzeAzCnQ04VCJPowMk09XIASZbIuES1+V6bFFgJbiK44UTHkW0=,iv:Hl+VzbDMI37nSaU4PHZ86362s6zqJWQ35J+qgSG3w20=,tag:uqMjhJ9eqgDsX587f0UCNQ==,type:str]
     pgp:
         - created_at: "2024-01-30T22:23:56Z"
           enc: |-
diff --git a/nixos/users/connie.nix b/nixos/users/connie.nix
new file mode 100644
index 00000000..4fdb0e96
--- /dev/null
+++ b/nixos/users/connie.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+{
+  users.users.connieallure = { name, ... }: {
+    uid = 8003;
+    isNormalUser = true;
+    autoSubUidGidRange = false;
+    group = name;
+    extraGroups = [ "users" "peeps" "kyuuto" ];
+  };
+  users.groups.connieallure = { name, ... }: {
+    gid = config.users.users.${name}.uid;
+  };
+}
diff --git a/nixos/users/groups.nix b/nixos/users/groups.nix
index e9b175e2..4edf1160 100644
--- a/nixos/users/groups.nix
+++ b/nixos/users/groups.nix
@@ -1,5 +1,12 @@
-{ ... }:
 {
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.attrsets) filterAttrs mapAttrsToList;
+  inherit (lib.lists) elem;
+  userIs = group: user: elem group (user.extraGroups ++ [ user.group ]);
+in {
   users.groups = {
     peeps = {
       gid = 8128;
@@ -7,5 +14,18 @@
     kyuuto = {
       gid = 8129;
     };
+    kyuuto-peeps = {
+      gid = 8130;
+      members = mapAttrsToList (_: user: user.name) (
+        filterAttrs (_: user: userIs "peeps" user && userIs "kyuuto" user) config.users.users
+      );
+    };
+  };
+  users.users = {
+    guest = {
+      uid = 8127;
+      group = "nogroup";
+      isSystemUser = true;
+    };
   };
 }
diff --git a/nixos/users/kaosu.nix b/nixos/users/kaosu.nix
new file mode 100644
index 00000000..ab3df0e4
--- /dev/null
+++ b/nixos/users/kaosu.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+{
+  users.users.kaosubaloo = { name, ... }: {
+    uid = 8002;
+    isNormalUser = true;
+    autoSubUidGidRange = false;
+    group = name;
+    extraGroups = [ "users" "peeps" "kyuuto" ];
+  };
+  users.groups.kaosubaloo = { name, ... }: {
+    gid = config.users.users.${name}.uid;
+  };
+}
diff --git a/packages/default.nix b/packages/default.nix
index c2e2aa82..e9ec1979 100644
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -140,6 +140,7 @@
       fi
     '';
     nf-statix = pkgs.writeShellScriptBin "nf-statix" ''
+      set -eu
       if [[ $# -eq 0 ]]; then
         set -- check
       fi
diff --git a/tf/proxmox_provider.tf b/tf/proxmox_provider.tf
index b74b5a17..1a3910db 100644
--- a/tf/proxmox_provider.tf
+++ b/tf/proxmox_provider.tf
@@ -37,8 +37,12 @@ provider "proxmox" {
   }
 }
 
-data "proxmox_virtual_environment_role" "vm_admin" {
-  role_id = "PVEVMAdmin"
+data "proxmox_virtual_environment_role" "vm_user" {
+  role_id = "PVEVMUser"
+}
+
+data "proxmox_virtual_environment_role" "auditor" {
+  role_id = "PVEAuditor"
 }
 
 data "proxmox_virtual_environment_role" "administrator" {
@@ -56,6 +60,22 @@ resource "proxmox_virtual_environment_group" "admin" {
   }
 }
 
+resource "proxmox_virtual_environment_group" "user" {
+  group_id = "user"
+  comment  = "Users"
+
+  acl {
+    path      = "/"
+    propagate = true
+    role_id   = data.proxmox_virtual_environment_role.auditor.id
+  }
+  acl {
+    path      = "/"
+    propagate = true
+    role_id   = data.proxmox_virtual_environment_role.vm_user.id
+  }
+}
+
 resource "random_password" "proxmox_initial" {
   length  = 32
   special = false
@@ -103,15 +123,46 @@ resource "proxmox_virtual_environment_user" "kat" {
   }
 }
 
-variable "proxmox_user_liz_last_name" {
+variable "proxmox_user_kaosubaloo_email" {
   type = string
 }
 
-resource "proxmox_virtual_environment_user" "liz" {
-  user_id    = "liz@pve"
-  first_name = "Elizabeth"
-  last_name  = var.proxmox_user_liz_last_name
+variable "proxmox_user_kaosubaloo_first_name" {
+  type = string
+}
+
+variable "proxmox_user_kaosubaloo_last_name" {
+  type = string
+}
+
+resource "proxmox_virtual_environment_user" "kaosubaloo" {
+  user_id    = "kaosubaloo@pve"
+  email      = var.proxmox_user_kaosubaloo_email
+  first_name = var.proxmox_user_kaosubaloo_first_name
+  last_name  = var.proxmox_user_kaosubaloo_last_name
   password   = random_password.proxmox_initial.result
+  groups     = [proxmox_virtual_environment_group.user.id]
+
+  lifecycle {
+    ignore_changes = [password]
+  }
+}
+
+variable "proxmox_user_connieallure_email" {
+  type = string
+}
+
+variable "proxmox_user_connieallure_last_name" {
+  type = string
+}
+
+resource "proxmox_virtual_environment_user" "connieallure" {
+  user_id    = "connieallure@pve"
+  email      = var.proxmox_user_connieallure_email
+  first_name = "Connie"
+  last_name  = var.proxmox_user_connieallure_last_name
+  password   = random_password.proxmox_initial.result
+  groups     = [proxmox_virtual_environment_group.user.id]
 
   lifecycle {
     ignore_changes = [password]
diff --git a/tf/terraform.tfvars.sops b/tf/terraform.tfvars.sops
index fd9f7503..9d77d2e6 100644
--- a/tf/terraform.tfvars.sops
+++ b/tf/terraform.tfvars.sops
@@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:LLzklOKNkbqIa9C50BODDA06COkVWgmzH+nqU9rDDt/ZGzUWyrcrr4vsxPoqTr9EaKpaB4VfCe+2phXSGuNpoPrsRuWvLm2UUL8zujLMpR/MIm6cKSANy2Sm5vxLFNXmVoOU4YMmMclyuAvwGM/v22V39luIKN1ZqWJo2P0+FsrzSHAScx1NHp4xqw9AH1jwdGvy+jWRTsGPPqDc5vG+PQpbsh6ZQvTe77PAcBjHjSl6jc1Da73nKb7Sag/GeaDek84aB6De/lXuSv9gAfZF1mEoi5X1GSM8SOrDoZEHGLLJ6H+TVTens0UyW1VfMkb6Vw6E54V4qSfigheUORapl2nhvD/wRCgMadBpPgyQLdT8jOfryKlupObgSu2e3QowSBvo2wJ+51bE+LEhWZKXiv2Ogh27K4dCpuwlhpLjyblb+cUS0q76kHL4ALGcjm8AOb2bwPwvAwXmCCbzegLNbGHbisGwWRpBPnw2PBA7oCrbAmei1ThiBFD9L9RvydSFLbsVNDSTo/U7E63b8WbQ6EI7EUj4St9u7Mt3Fy7sbpxSRjawfdEhKiHrlvFfB/a45aOyRK6MjObxy0rjtmiX6+STnC2ICNmV+lNbIg7iCuI0s+lryGpxZdDOHCjfk3rawzUfZxsTVcELqjr7WmAORyBZ6STYVG9S06vFn51wcJb4NLzXa6hMG2V92PGzf90Vd7TVyPbgQj/1KxIz0Nz/cQxB9I96EwnmS2Ovfxi50G5Q5gU09jpXtpAUOlxpVRSHx5qs4u0uEZhtk+WmtIo8Kip+V0Z98n4eGQT/pxPBAZQcrIlzlauvKIFEQAoIrl9iebVfYQhzUGPAw+KmOuxEfpjhQp0zHjIgHE1TaGjOnOyHje8LmnQnuW787ovqdZFKcmU0UHFmv3fNi9cIdlPdayF1qyOW2Tq+3Pq917QMDv8R5FxV/MzJsPbLwTliPMfv5AMSXPVCuijcVfL1nOQRGlxRAHdLc82vJ0yzB9s8MPKjTqetM1cPT6omgCoH0u07c8//iQwZT4tYKmy13z6GdR62FRjm/kt2cE9jhcSl72TKmvBlB7FeePZ07TzaUW6kmvBnjxsGYMzpjbcO7GEFwHBfMIctLvhKG6hopZ8N7rPByKKZd53lApcNrBm2kQGPcEr9UBlGwJUC09qdYkg0uTTBVpixqPUDytNdgupy7mx48SlcJhXQi+NwNGf6Mjcx8jUhT/l63EBKdV6wNI59LM0davt9sgKIxBorOGjAxrETC7xwh9ER7WrVQwYmIdOsvtw+ozvTEwzI+GPYRY1PQDsaAvbca5m6FAu9SepRtbIshvTqJxPGkEW2+YWELVdico6rA3x0zG3nJ9ahXECap3wUW63d1X3W/vQ8s1hKzJdzKB67iwfj6c1kwma0nNXcBw1iWwht7bkS13JzJLAdWWGxtyYJjREAlsPZaqh1BCnTwrPuB7U+EI4A0/Hn1bl5qzalMjzeX8K9VUOEQgc5pqKuhKcbCcUc9Rck3STbyrODdrvcfIc8FChJc9HMF0Rj/PuwDGZy+Bc52IF7iLAD6vcYVht2QoaM2m9sjScVJsyDBaxn8br6I/Mx66ANUY7dkh4L51uFRO5wL3EJxF10hZzX1sYvkPZ6XoNwjcHPgS9Zlk9OPRmpOaTbEWmOhsn7avYWFpeaqCU=,iv:ZtdTd0Hyg3MeBC6rquwilcROlfOu99+Ti/DtgXsk3fg=,tag:rKDfuKNyH9bBeprtGtmY6w==,type:str]",
+	"data": "ENC[AES256_GCM,data:mlS9WffOo+tcNAred2xm8kHsxM+UrsEnd2t0Sx24dYIZURXi1rQyujlvzYiEOF/2CEFmUMOtjJF1rU9OGWT1GHCrK55ZSlL5O4rgOH1ldaaNnYzbPMMiGnv9vzJf221Mj3r9I18w+EsO88sD5GiqCCgT9TWDgYDYR06xq43UBwjQi8JLjCgERSSNAZFLbqN5byKfROUkyKteOHguZBnB8FVtSPzlshpv1XYAoTYu8jPCH/Nqre2NF2PtqyYV0+kMaF362wh0nC3SKcqhY43J4fcsheG/X7HSznsg+rPDOuQr6+R3EDyQOjWYMTbUMYs1cCLhnoWiPnLHpnZ0MXUp8EHgs0iU7TUGkadA48WB9YbYDNPGtvxG7oAkMk+z2P482su3Lz+teShBdnX+vemsOpF4egfrqIMeKJUQIB1fhbXbIXi6eQq+jp7b0X6Q2OqvCKXjIvlcml4WgY9euf7UwIf5R1n8myGja5XQWpVlXePeJoDvmNlTUJgNxfPMXTefOxHcrtsY17nYXdm/DVIwQ/CSWWrPdqk4AezQBHsJc78GSBQKhVFFkpIpwDSM8XDNRUzX8/d/mL6zj0UAATxK4vHBdoX4wM/curkwJssvh/RhMU+UhYqWmBe2BDeBvoOKBiYjdICMoGKXJsgIJ0naWygu6kc9SL2SWSjZLctXZuqGHDHld/Cg/yy86xDZMTe6JwjG8NhDOJ7YhBuxFIa0Y2Z0zAMSUdCrgTaVQ72H43wBldqIjR5syIHHO4wDTTunPSpaQfo5uKXVR+TERVCjVPFtQqhoyuwJBrtdDFGkyx4T9eDHNCPnDpZvrvWkXP9k32JLPr9JFtjD9iS27o6SXin/z1PW3em5j8wpSjSLJK8exdTVqz2WPufRqYuWo8l7FVg+6fdL/e1lDnwYHHZxBSB1O8GSFYNI59sZVRRKSO4MFbvDSm6IXoPlc+UeCa6s5tq5+4VZIDuho5svywyehSI9ZigWBh07t2LYhmVtRyH2I7ub39CHlk4bNajZn7Y65G6WkcYDT2dWO6+jxnu1pM22w5FvNWTljGWtCp0ZnExLNsLEL35EvnazIdZdu9+m2RSb63yg3unz/8gGL4N8pUNfyeEbrAfuMqjt2BNdzdPTARISej2TwUGGPYfWQpglKHvwYgx+mRR2bdABx7axuRZhC+zOgPXWzRd3vKK/JsmSlaRfxXqA9nt2prxKjZkSO07KOrjQVoDyU7tidA1Z+eg3jUHqfwC/deiL0xhYetk+eO3TMQai8CxW/KvRzERxrfzmLXPd4emc00bnn/WrgxTFmj8QvypHjtrQUToRSh5J5tG1YHxo+swLFx3HpucLxEBE6nY/TbnmP+V8D9XlCY1VKx5Jt5afwif84DPOPYFzwv+5uJH4T5RpXUGmKhxJxKoVVQB07CEr72j8biivycQoGcg36UYp+T8HCxeWC3m5gEsEcu++Iu3TAj7z+18nbSVToF7jq4WH9CTC1zsf7P1GMQhgsm0rzq9c46W0XrCbRG/3iAHyp5rEf75FlnSf7XQgbsd2LDW9/kT/ffV/CTC/HR2ky0URwCXAyTT2Dk7LkEFBynPs5rJtulfrBJMPHza7rRMnAkCWTyeOmLrkKIFv4mf3ToGgph4aOaKdZTOPKalxVoc/oRNo+TNvdEl/Jat2wWaQo1OUSITFeXWQXUWLvQN/S5cc4K6DaZGfUafbjyGLRFT5ZSLM+5Y/5AAOLh9nl7bnJ3GHdnJ1YDMW+ViLzVZ8VyyRUcaL8HQ9TMlC5Xjyzfb7U1QyZBQIYFkXicM9FtG22uXrHLS1jBjZPlUcQQrGNC+ctZarwKiw5p/QwfUaHsyjgnbq8PZlJzrdgD1nofBwf1tdQ88yurQcrisjXy6PZ40pyKZBnXvXgSk3VuexLhrNSh+bE54tIikmC5ppw2mXUDGax5k633yvzWPoFhUxC6qU0Bjfa0dl2TuXC2k7Hwecyce/g1ON,iv:JHWAkB9pFrbqXjZUUnvJFhLJK3efwcsPeMjgOjNmSDs=,tag:hT/R/OBXoSkRtj3qwU0K4g==,type:str]",
 	"sops": {
 		"shamir_threshold": 1,
 		"kms": null,
@@ -7,8 +7,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-01-28T05:17:30Z",
-		"mac": "ENC[AES256_GCM,data:EbKeIgTkJgItseG5sXE4HBJYS4Kf+/7JhmJbFTxZzHXx7NwTzSjowMruhCQvHZ4r2QPohnSkmcVq6YnNod5jAtPOoTvyVq6FZE6EZ4943WF8IUy1Vu8R4mzFP6FSa+/CD+Mb8mN+nQwUXd5vz1XQZcMo2uEmvWB/ZYgEqCJ5suA=,iv:AEYxEokcU2/2+P5IopuaDKbs69I7TtSzXcBPQ05TeN4=,tag:3zf3yDVQOLaxbSbvCuWJ9Q==,type:str]",
+		"lastmodified": "2024-02-09T21:18:23Z",
+		"mac": "ENC[AES256_GCM,data:bvNVyiwZ4m8/UjKvDUDBt6UXYP2Y8BV4paedPzPmE5mow5Sx5J1r4CJXk/pSjxMY77gs5TtXcQdBTtQUpqU43kH+gUjWHIFK0m/AV+QfyFmlXe/dPGvYsM4T4LBrncMOJxRxuDT6B+zmOAHGjuypLrasqZ4aEajotFxUaw4hBaE=,iv:NxkU2QDcJjeIW50Bvh8R+jOBE0ApgK0A9BMCAf8gzE0=,tag:VagNJlK235Hv+seO48vpxQ==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-01-14T19:49:29Z",