gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(samba): accounts

Browse source
This commit is contained in:
arcnmx 2024-02-09 13:55:44 -08:00
parent 5dcd5a5be0
commit 8335b8f3a0
12 changed files with 164 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

14
devShells.nix
View file

@ -8,10 +8,13 @@
name, name,
attr ? name, attr ? name,
subdir ? null, subdir ? null,
}: exe ? null,
pkgs.writeShellScriptBin name '' }: let
subcommand = if exe == null then "run" else "shell";
exeArg = if exe == null then "--" else "-c ${exe}";
in pkgs.writeShellScriptBin name ''
${optionalString (subdir != null) ''cd "$NF_CONFIG_ROOT${subdir}"''} ${optionalString (subdir != null) ''cd "$NF_CONFIG_ROOT${subdir}"''}
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#${attr}" -- "$@" exec nix ${subcommand} ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#${attr}" ${exeArg} "$@"
''; '';
nf-actions = pkgs.writeShellScriptBin "nf-actions" '' nf-actions = pkgs.writeShellScriptBin "nf-actions" ''
NF_CONFIG_FILES=($NF_CONFIG_ROOT/ci/{nodes,flake-cron}.nix) NF_CONFIG_FILES=($NF_CONFIG_ROOT/ci/{nodes,flake-cron}.nix)
@ -84,6 +87,11 @@
name = "deploy"; name = "deploy";
attr = "deploy-rs"; attr = "deploy-rs";
}) })
(mkWrapper rec {
name = "smbencrypt";
attr = "pkgs.freeradius";
exe = name;
})
]; ];
shellHook = '' shellHook = ''
export NIX_BIN_DIR=$(dirname $(readlink -f $(type -P nix))) export NIX_BIN_DIR=$(dirname $(readlink -f $(type -P nix)))

14
modules/nixos/samba.nix
View file

@ -56,6 +56,13 @@ in {
default = "usershare-template"; default = "usershare-template";
}; };
}; };
guest = {
enable = mkEnableOption "guest account";
user = mkOption {
type = str;
default = "nobody";
};
};
idmap = let idmap = let
idmapModule = { config, name, ... }: { idmapModule = { config, name, ... }: {
options = { options = {
@ -133,7 +140,7 @@ in {
]; ];
settings = mkMerge ([ settings = mkMerge ([
(mkIf (cfg.passdb.smbpasswd.path != null) { (mkIf (cfg.passdb.smbpasswd.path != null) {
"passdb backend" = "smbpasswd:${cfg.passdb.smbpasswd.path}"; "passdb backend" = mkOptionDefault "smbpasswd:${cfg.passdb.smbpasswd.path}";
}) })
(mkIf cfg.ldap.enable { (mkIf cfg.ldap.enable {
"passdb backend" = mkOptionDefault ''ldapsam:"${cfg.ldap.url}"''; "passdb backend" = mkOptionDefault ''ldapsam:"${cfg.ldap.url}"'';
@ -153,6 +160,11 @@ in {
"usershare path" = mkOptionDefault cfg.usershare.path; "usershare path" = mkOptionDefault cfg.usershare.path;
"usershare prefix allow list" = mkOptionDefault [ cfg.usershare.path ]; "usershare prefix allow list" = mkOptionDefault [ cfg.usershare.path ];
}) })
(mkIf cfg.guest.enable {
"map to guest" = mkOptionDefault "Bad User";
"guest account" = mkOptionDefault cfg.guest.user;
"valid users" = [ cfg.guest.user ];
})
] ++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains); ] ++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains);
extraConfig = mkMerge (mapAttrsToList (key: value: ''${key} = ${settingValue value}'') cfg.settings); extraConfig = mkMerge (mapAttrsToList (key: value: ''${key} = ${settingValue value}'') cfg.settings);
shares.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable { shares.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {

2
nixos/kyuuto/mount.nix
View file

@ -41,7 +41,7 @@ in {
group ? name, group ? name,
enable ? !config.services.${serviceName}.enable, serviceName ? name, enable ? !config.services.${serviceName}.enable, serviceName ? name,
uid ? config.ids.uids.${name}, uid ? config.ids.uids.${name},
gid ? config.ids.gids.${group} gid ? config.ids.gids.${group},
}: mkIf enable { }: mkIf enable {
users.${name} = { users.${name} = {
group = mkIf (group != null) group; group = mkIf (group != null) group;

20
nixos/kyuuto/samba.nix
View file

@ -19,31 +19,41 @@ in {
}; };
shares = mkIf cfg.enable { shares = mkIf cfg.enable {
kyuuto-transfer = { kyuuto-transfer = {
comment = "Kyuuto Media Transfer Area";
path = kyuuto.transferDir; path = kyuuto.transferDir;
writeable = true; writeable = true;
browseable = true; browseable = true;
public = true; public = true;
"acl group control" = true;
#"guest only" = true; #"guest only" = true;
comment = "Kyuuto Media Transfer Area";
"hosts allow" = localAddrs; "hosts allow" = localAddrs;
"acl group control" = true;
"create mask" = "0664";
"force directory mode" = "3000";
"directory mask" = "7775";
}; };
kyuuto-access = { kyuuto-access = {
path = kyuuto.libraryDir; path = kyuuto.libraryDir;
comment = "Kyuuto Media Access";
writeable = false; writeable = false;
browseable = true; browseable = true;
public = true; public = true;
comment = "Kyuuto Media Access";
"hosts allow" = localAddrs; "hosts allow" = localAddrs;
}; };
kyuuto-media = { kyuuto-media = {
path = kyuuto.mountDir; path = kyuuto.mountDir;
comment = "Kyuuto Media";
writeable = true; writeable = true;
browseable = true; browseable = true;
public = false; public = false;
comment = "Kyuuto Media"; "valid users" = [ "@kyuuto-peeps" ];
"valid users" = [ "@kyuuto" ]; "acl group control" = true;
"create mask" = "0664";
"force directory mode" = "3000";
"directory mask" = "7775";
}; };
}; };
}; };
# give guest users proper access to the transfer share
users.users.guest.extraGroups = [ "kyuuto" ];
} }

23
nixos/samba.nix
View file

@ -1,17 +1,12 @@
{ {
config, config,
lib, lib,
access,
pkgs,
... ...
}: let }: let
inherit (lib.modules) mkIf mkMerge mkDefault; inherit (lib.modules) mkIf mkDefault;
inherit (lib.lists) any; inherit (lib.lists) any;
inherit (lib.strings) hasInfix concatMapStringsSep splitString; inherit (lib.strings) hasInfix concatMapStringsSep splitString;
inherit (config.services) samba samba-wsdd; cfg = config.services.samba;
system = access.systemFor "tei";
inherit (system.services) kanidm;
enableLdap = false;
hasIpv4 = any (hasInfix ".") config.systemd.network.networks.eth0.address or [ ]; hasIpv4 = any (hasInfix ".") config.systemd.network.networks.eth0.address or [ ];
in { in {
services.samba = { services.samba = {
@ -26,6 +21,10 @@ in {
usershare = { usershare = {
group = mkDefault "peeps"; group = mkDefault "peeps";
}; };
guest = {
enable = mkDefault true;
user = mkDefault "guest";
};
passdb.smbpasswd.path = mkDefault config.sops.secrets.smbpasswd.path; passdb.smbpasswd.path = mkDefault config.sops.secrets.smbpasswd.path;
settings = { settings = {
workgroup = "GENSOKYO"; workgroup = "GENSOKYO";
@ -35,17 +34,15 @@ in {
"winbind scan trusted domains" = false; "winbind scan trusted domains" = false;
"winbind use default domain" = true; "winbind use default domain" = true;
"domain master" = false; "domain master" = false;
"valid users" = [ "nobody" "@peeps" ]; "valid users" = [ "@peeps" ];
"map to guest" = "Bad User";
"guest account" = "nobody";
"remote announce" = mkIf hasIpv4 [ "remote announce" = mkIf hasIpv4 [
"10.1.1.255/${samba.settings.workgroup}" "10.1.1.255/${cfg.settings.workgroup}"
]; ];
}; };
}; };
services.samba-wsdd = mkIf samba.enable { services.samba-wsdd = {
enable = mkDefault true; enable = mkIf cfg.enable (mkDefault true);
hostname = mkDefault config.networking.hostName; hostname = mkDefault config.networking.hostName;
}; };

6
nixos/secrets/samba.yaml
View file

@ -1,4 +1,4 @@
smbpasswd: ENC[AES256_GCM,data:9dpSVTTjpUKyNlo/8BhQbjyTqblkr1hF17ML0fpqik/1W75sDmn9enRfR7GtTKztRTxAbRTXS9yP9+ngIJREF1XG6gERK95H7cYm00Ep1D23qz66caWW1VuYYH0damnVhEkAfJO2t1yhbqA0uWy9WToAyOfyh2XJgrLe14P0rYw9QPjrpqxByXb29lNpINVuZKLWXbresqH6X9Rqd63tT6kRXtMVMdyPypEvMuM7N6/UjHFgCgNW2Fdfch1VSPwxj/C3Z1ZOIRz9AMQu3lU=,iv:xl8VAaeF1zYplm0XHDU8H5fMmxKSko9hdGO2971F01Q=,tag:HK6DMGrhiz7OGs5e/6Sr5Q==,type:str] smbpasswd: ENC[AES256_GCM,data:T9ajprFSoJ8zot3GKKT44Gkc18H/R2O/sVcwoxkCcn8cNQoD+uCOv7t9dDKnvGQKSF6FsC9WxUSL6ZetR0opxH5nvULGpc9WCoxFn6UPZpDRFtp9J3WMbFGNzw+dnwlKJQVy8WqAqajlpjV7+OR1Q+nYGm0EwIjO0JSqE5fX7FcDBzUQJr5gry14Dvzpzh04rOqsGD+aAGXcJLEJej7zLeALPCMOy21VdpKt0wzd1PfeowJCMdIoLAYTlGl33gbONIIEHefa1QY3jn6ZRGmoNF2qWmwueUguak9kdACtocUrJcUhnpbSC3h4HrNVTcMuvoL4SrJ/kxec+Xzv23zc5ylffkpT2XuKjk7M6uiwe+tgVczxvnGn5rtp33nBszausrO9JwD8I5l0pW+BSApdpaVwMv72cNdMRV9nPuUGY/uYlcQ7nTWKypJnmcbbcg/w+WWCfCdSx4HhWN26oQotivY+unrWL/uHkYjVUzefh2/s0cmBbS0wrV//haqkUFGw3oJgM7c6nHYnCNugdYhsrB8u2gRTy+jvZrnYY4ukuuoYiLrXOYVcS38Co8PphCX2h/wnwzVyneaWHg5ttkvf+cEU6on3efzSKZamt+HsbwHB5M/4oiUEDWMH4K6X/xF3cTgHTV6bxUTL/jzLNwW6tKl9bjHnkAjNb6iYOIVXT5KjxpLfcwXr/SvRCINNN1enAEU=,iv:rXRyeDF7kUtfcOhHI8ILCCg9vpHDzCKn4K/2J/dEZLw=,tag:OZ7r2mu9xPTI7JJlddafkg==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
kms: [] kms: []
@ -42,8 +42,8 @@ sops:
VitlT3d6d1FOSzFKTFRIWDU3cmJ2aXMKDN7HPa6pQSZd21cLvfk+sYvLqZm9eN+7 VitlT3d6d1FOSzFKTFRIWDU3cmJ2aXMKDN7HPa6pQSZd21cLvfk+sYvLqZm9eN+7
K1v7M9MXLY+nh1YGGbtDbWHh09p8g37tS1OwgGAiETh+z7hWsGHYdw== K1v7M9MXLY+nh1YGGbtDbWHh09p8g37tS1OwgGAiETh+z7hWsGHYdw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T23:29:25Z" lastmodified: "2024-02-09T21:54:53Z"
mac: ENC[AES256_GCM,data:I/ijClic5JxlFV3ICyMczq3t4xo5V2trhl5B97HIwrgmDGtKeCiHjQc9TE/OtunvLUXaH3W8zjHWCsJDT+pFD0YO6EVo4G0MtJe35GNMsDT1x2Uwny13tTxWjKtjmP9lqB0I+cv4uL42vbt7Bdl3lv3jw0Hz/2wvlvnSUpPdFMo=,iv:YnVT6FvBhw5P1IBDNlRuxE9lk8tCsxR2JzHSYMA6dr8=,tag:MVayewWg5Ny/5lPwu90B9w==,type:str] mac: ENC[AES256_GCM,data:tlGNpKn6rWCawNkmCdWJZRQqmNhDHFg5qAxMWRJ7A76I8/1XPZHXjG8m1vw9VaP3XDO15FPrLDUsAsVImXs0xc769GzlYsOa/WhjSbtrbT+WsAU6nXMs1OksKhzeAzCnQ04VCJPowMk09XIASZbIuES1+V6bFFgJbiK44UTHkW0=,iv:Hl+VzbDMI37nSaU4PHZ86362s6zqJWQ35J+qgSG3w20=,tag:uqMjhJ9eqgDsX587f0UCNQ==,type:str]
pgp: pgp:
- created_at: "2024-01-30T22:23:56Z" - created_at: "2024-01-30T22:23:56Z"
enc: |- enc: |-

14
nixos/users/connie.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }:
{
users.users.connieallure = { name, ... }: {
uid = 8003;
isNormalUser = true;
autoSubUidGidRange = false;
group = name;
extraGroups = [ "users" "peeps" "kyuuto" ];
};
users.groups.connieallure = { name, ... }: {
gid = config.users.users.${name}.uid;
};
}

22
nixos/users/groups.nix
View file

@ -1,5 +1,12 @@
{ ... }:
{ {
config,
lib,
...
}: let
inherit (lib.attrsets) filterAttrs mapAttrsToList;
inherit (lib.lists) elem;
userIs = group: user: elem group (user.extraGroups ++ [ user.group ]);
in {
users.groups = { users.groups = {
peeps = { peeps = {
gid = 8128; gid = 8128;
@ -7,5 +14,18 @@
kyuuto = { kyuuto = {
gid = 8129; gid = 8129;
}; };
kyuuto-peeps = {
gid = 8130;
members = mapAttrsToList (_: user: user.name) (
filterAttrs (_: user: userIs "peeps" user && userIs "kyuuto" user) config.users.users
);
};
};
users.users = {
guest = {
uid = 8127;
group = "nogroup";
isSystemUser = true;
};
}; };
} }

14
nixos/users/kaosu.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }:
{
users.users.kaosubaloo = { name, ... }: {
uid = 8002;
isNormalUser = true;
autoSubUidGidRange = false;
group = name;
extraGroups = [ "users" "peeps" "kyuuto" ];
};
users.groups.kaosubaloo = { name, ... }: {
gid = config.users.users.${name}.uid;
};
}

1
packages/default.nix
View file

@ -140,6 +140,7 @@
fi fi
''; '';
nf-statix = pkgs.writeShellScriptBin "nf-statix" '' nf-statix = pkgs.writeShellScriptBin "nf-statix" ''
set -eu
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
set -- check set -- check
fi fi

65
tf/proxmox_provider.tf
View file

@ -37,8 +37,12 @@ provider "proxmox" {
} }
} }
data "proxmox_virtual_environment_role" "vm_admin" { data "proxmox_virtual_environment_role" "vm_user" {
role_id = "PVEVMAdmin" role_id = "PVEVMUser"
}
data "proxmox_virtual_environment_role" "auditor" {
role_id = "PVEAuditor"
} }
data "proxmox_virtual_environment_role" "administrator" { data "proxmox_virtual_environment_role" "administrator" {
@ -56,6 +60,22 @@ resource "proxmox_virtual_environment_group" "admin" {
} }
} }
resource "proxmox_virtual_environment_group" "user" {
group_id = "user"
comment = "Users"
acl {
path = "/"
propagate = true
role_id = data.proxmox_virtual_environment_role.auditor.id
}
acl {
path = "/"
propagate = true
role_id = data.proxmox_virtual_environment_role.vm_user.id
}
}
resource "random_password" "proxmox_initial" { resource "random_password" "proxmox_initial" {
length = 32 length = 32
special = false special = false
@ -103,15 +123,46 @@ resource "proxmox_virtual_environment_user" "kat" {
} }
} }
variable "proxmox_user_liz_last_name" { variable "proxmox_user_kaosubaloo_email" {
type = string type = string
} }
resource "proxmox_virtual_environment_user" "liz" { variable "proxmox_user_kaosubaloo_first_name" {
user_id = "liz@pve" type = string
first_name = "Elizabeth" }
last_name = var.proxmox_user_liz_last_name
variable "proxmox_user_kaosubaloo_last_name" {
type = string
}
resource "proxmox_virtual_environment_user" "kaosubaloo" {
user_id = "kaosubaloo@pve"
email = var.proxmox_user_kaosubaloo_email
first_name = var.proxmox_user_kaosubaloo_first_name
last_name = var.proxmox_user_kaosubaloo_last_name
password = random_password.proxmox_initial.result password = random_password.proxmox_initial.result
groups = [proxmox_virtual_environment_group.user.id]
lifecycle {
ignore_changes = [password]
}
}
variable "proxmox_user_connieallure_email" {
type = string
}
variable "proxmox_user_connieallure_last_name" {
type = string
}
resource "proxmox_virtual_environment_user" "connieallure" {
user_id = "connieallure@pve"
email = var.proxmox_user_connieallure_email
first_name = "Connie"
last_name = var.proxmox_user_connieallure_last_name
password = random_password.proxmox_initial.result
groups = [proxmox_virtual_environment_group.user.id]
lifecycle { lifecycle {
ignore_changes = [password] ignore_changes = [password]

6
tf/terraform.tfvars.sops
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:LLzklOKNkbqIa9C50BODDA06COkVWgmzH+nqU9rDDt/ZGzUWyrcrr4vsxPoqTr9EaKpaB4VfCe+2phXSGuNpoPrsRuWvLm2UUL8zujLMpR/MIm6cKSANy2Sm5vxLFNXmVoOU4YMmMclyuAvwGM/v22V39luIKN1ZqWJo2P0+FsrzSHAScx1NHp4xqw9AH1jwdGvy+jWRTsGPPqDc5vG+PQpbsh6ZQvTe77PAcBjHjSl6jc1Da73nKb7Sag/GeaDek84aB6De/lXuSv9gAfZF1mEoi5X1GSM8SOrDoZEHGLLJ6H+TVTens0UyW1VfMkb6Vw6E54V4qSfigheUORapl2nhvD/wRCgMadBpPgyQLdT8jOfryKlupObgSu2e3QowSBvo2wJ+51bE+LEhWZKXiv2Ogh27K4dCpuwlhpLjyblb+cUS0q76kHL4ALGcjm8AOb2bwPwvAwXmCCbzegLNbGHbisGwWRpBPnw2PBA7oCrbAmei1ThiBFD9L9RvydSFLbsVNDSTo/U7E63b8WbQ6EI7EUj4St9u7Mt3Fy7sbpxSRjawfdEhKiHrlvFfB/a45aOyRK6MjObxy0rjtmiX6+STnC2ICNmV+lNbIg7iCuI0s+lryGpxZdDOHCjfk3rawzUfZxsTVcELqjr7WmAORyBZ6STYVG9S06vFn51wcJb4NLzXa6hMG2V92PGzf90Vd7TVyPbgQj/1KxIz0Nz/cQxB9I96EwnmS2Ovfxi50G5Q5gU09jpXtpAUOlxpVRSHx5qs4u0uEZhtk+WmtIo8Kip+V0Z98n4eGQT/pxPBAZQcrIlzlauvKIFEQAoIrl9iebVfYQhzUGPAw+KmOuxEfpjhQp0zHjIgHE1TaGjOnOyHje8LmnQnuW787ovqdZFKcmU0UHFmv3fNi9cIdlPdayF1qyOW2Tq+3Pq917QMDv8R5FxV/MzJsPbLwTliPMfv5AMSXPVCuijcVfL1nOQRGlxRAHdLc82vJ0yzB9s8MPKjTqetM1cPT6omgCoH0u07c8//iQwZT4tYKmy13z6GdR62FRjm/kt2cE9jhcSl72TKmvBlB7FeePZ07TzaUW6kmvBnjxsGYMzpjbcO7GEFwHBfMIctLvhKG6hopZ8N7rPByKKZd53lApcNrBm2kQGPcEr9UBlGwJUC09qdYkg0uTTBVpixqPUDytNdgupy7mx48SlcJhXQi+NwNGf6Mjcx8jUhT/l63EBKdV6wNI59LM0davt9sgKIxBorOGjAxrETC7xwh9ER7WrVQwYmIdOsvtw+ozvTEwzI+GPYRY1PQDsaAvbca5m6FAu9SepRtbIshvTqJxPGkEW2+YWELVdico6rA3x0zG3nJ9ahXECap3wUW63d1X3W/vQ8s1hKzJdzKB67iwfj6c1kwma0nNXcBw1iWwht7bkS13JzJLAdWWGxtyYJjREAlsPZaqh1BCnTwrPuB7U+EI4A0/Hn1bl5qzalMjzeX8K9VUOEQgc5pqKuhKcbCcUc9Rck3STbyrODdrvcfIc8FChJc9HMF0Rj/PuwDGZy+Bc52IF7iLAD6vcYVht2QoaM2m9sjScVJsyDBaxn8br6I/Mx66ANUY7dkh4L51uFRO5wL3EJxF10hZzX1sYvkPZ6XoNwjcHPgS9Zlk9OPRmpOaTbEWmOhsn7avYWFpeaqCU=,iv:ZtdTd0Hyg3MeBC6rquwilcROlfOu99+Ti/DtgXsk3fg=,tag:rKDfuKNyH9bBeprtGtmY6w==,type:str]", "data": "ENC[AES256_GCM,data:mlS9WffOo+tcNAred2xm8kHsxM+UrsEnd2t0Sx24dYIZURXi1rQyujlvzYiEOF/2CEFmUMOtjJF1rU9OGWT1GHCrK55ZSlL5O4rgOH1ldaaNnYzbPMMiGnv9vzJf221Mj3r9I18w+EsO88sD5GiqCCgT9TWDgYDYR06xq43UBwjQi8JLjCgERSSNAZFLbqN5byKfROUkyKteOHguZBnB8FVtSPzlshpv1XYAoTYu8jPCH/Nqre2NF2PtqyYV0+kMaF362wh0nC3SKcqhY43J4fcsheG/X7HSznsg+rPDOuQr6+R3EDyQOjWYMTbUMYs1cCLhnoWiPnLHpnZ0MXUp8EHgs0iU7TUGkadA48WB9YbYDNPGtvxG7oAkMk+z2P482su3Lz+teShBdnX+vemsOpF4egfrqIMeKJUQIB1fhbXbIXi6eQq+jp7b0X6Q2OqvCKXjIvlcml4WgY9euf7UwIf5R1n8myGja5XQWpVlXePeJoDvmNlTUJgNxfPMXTefOxHcrtsY17nYXdm/DVIwQ/CSWWrPdqk4AezQBHsJc78GSBQKhVFFkpIpwDSM8XDNRUzX8/d/mL6zj0UAATxK4vHBdoX4wM/curkwJssvh/RhMU+UhYqWmBe2BDeBvoOKBiYjdICMoGKXJsgIJ0naWygu6kc9SL2SWSjZLctXZuqGHDHld/Cg/yy86xDZMTe6JwjG8NhDOJ7YhBuxFIa0Y2Z0zAMSUdCrgTaVQ72H43wBldqIjR5syIHHO4wDTTunPSpaQfo5uKXVR+TERVCjVPFtQqhoyuwJBrtdDFGkyx4T9eDHNCPnDpZvrvWkXP9k32JLPr9JFtjD9iS27o6SXin/z1PW3em5j8wpSjSLJK8exdTVqz2WPufRqYuWo8l7FVg+6fdL/e1lDnwYHHZxBSB1O8GSFYNI59sZVRRKSO4MFbvDSm6IXoPlc+UeCa6s5tq5+4VZIDuho5svywyehSI9ZigWBh07t2LYhmVtRyH2I7ub39CHlk4bNajZn7Y65G6WkcYDT2dWO6+jxnu1pM22w5FvNWTljGWtCp0ZnExLNsLEL35EvnazIdZdu9+m2RSb63yg3unz/8gGL4N8pUNfyeEbrAfuMqjt2BNdzdPTARISej2TwUGGPYfWQpglKHvwYgx+mRR2bdABx7axuRZhC+zOgPXWzRd3vKK/JsmSlaRfxXqA9nt2prxKjZkSO07KOrjQVoDyU7tidA1Z+eg3jUHqfwC/deiL0xhYetk+eO3TMQai8CxW/KvRzERxrfzmLXPd4emc00bnn/WrgxTFmj8QvypHjtrQUToRSh5J5tG1YHxo+swLFx3HpucLxEBE6nY/TbnmP+V8D9XlCY1VKx5Jt5afwif84DPOPYFzwv+5uJH4T5RpXUGmKhxJxKoVVQB07CEr72j8biivycQoGcg36UYp+T8HCxeWC3m5gEsEcu++Iu3TAj7z+18nbSVToF7jq4WH9CTC1zsf7P1GMQhgsm0rzq9c46W0XrCbRG/3iAHyp5rEf75FlnSf7XQgbsd2LDW9/kT/ffV/CTC/HR2ky0URwCXAyTT2Dk7LkEFBynPs5rJtulfrBJMPHza7rRMnAkCWTyeOmLrkKIFv4mf3ToGgph4aOaKdZTOPKalxVoc/oRNo+TNvdEl/Jat2wWaQo1OUSITFeXWQXUWLvQN/S5cc4K6DaZGfUafbjyGLRFT5ZSLM+5Y/5AAOLh9nl7bnJ3GHdnJ1YDMW+ViLzVZ8VyyRUcaL8HQ9TMlC5Xjyzfb7U1QyZBQIYFkXicM9FtG22uXrHLS1jBjZPlUcQQrGNC+ctZarwKiw5p/QwfUaHsyjgnbq8PZlJzrdgD1nofBwf1tdQ88yurQcrisjXy6PZ40pyKZBnXvXgSk3VuexLhrNSh+bE54tIikmC5ppw2mXUDGax5k633yvzWPoFhUxC6qU0Bjfa0dl2TuXC2k7Hwecyce/g1ON,iv:JHWAkB9pFrbqXjZUUnvJFhLJK3efwcsPeMjgOjNmSDs=,tag:hT/R/OBXoSkRtj3qwU0K4g==,type:str]",
"sops": { "sops": {
"shamir_threshold": 1, "shamir_threshold": 1,
"kms": null, "kms": null,
@ -7,8 +7,8 @@
"azure_kv": null, "azure_kv": null,
"hc_vault": null, "hc_vault": null,
"age": null, "age": null,
"lastmodified": "2024-01-28T05:17:30Z", "lastmodified": "2024-02-09T21:18:23Z",
"mac": "ENC[AES256_GCM,data:EbKeIgTkJgItseG5sXE4HBJYS4Kf+/7JhmJbFTxZzHXx7NwTzSjowMruhCQvHZ4r2QPohnSkmcVq6YnNod5jAtPOoTvyVq6FZE6EZ4943WF8IUy1Vu8R4mzFP6FSa+/CD+Mb8mN+nQwUXd5vz1XQZcMo2uEmvWB/ZYgEqCJ5suA=,iv:AEYxEokcU2/2+P5IopuaDKbs69I7TtSzXcBPQ05TeN4=,tag:3zf3yDVQOLaxbSbvCuWJ9Q==,type:str]", "mac": "ENC[AES256_GCM,data:bvNVyiwZ4m8/UjKvDUDBt6UXYP2Y8BV4paedPzPmE5mow5Sx5J1r4CJXk/pSjxMY77gs5TtXcQdBTtQUpqU43kH+gUjWHIFK0m/AV+QfyFmlXe/dPGvYsM4T4LBrncMOJxRxuDT6B+zmOAHGjuypLrasqZ4aEajotFxUaw4hBaE=,iv:NxkU2QDcJjeIW50Bvh8R+jOBE0ApgK0A9BMCAf8gzE0=,tag:VagNJlK235Hv+seO48vpxQ==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2024-01-14T19:49:29Z", "created_at": "2024-01-14T19:49:29Z",