gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(openwebrx): pull out common module config

Browse source
This commit is contained in:
arcnmx 2024-05-13 13:08:19 -07:00
parent 047f240b6a
commit d92c986f8a
12 changed files with 477 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -13,9 +13,9 @@ keys:
- &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
- &litterbox_osh age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
- &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
- &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
- &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66
- &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz
- &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
creation_rules:
- path_regex: 'nixos/secrets/.+\.yaml$'
shamir_threshold: 1
@ -32,6 +32,7 @@ creation_rules:
- *mediabox_osh
- *litterbox_osh
- *keycloak_osh
- *kasen_osh
- path_regex: 'modules/extern/secrets/.+\.yaml$'
shamir_threshold: 1
key_groups:
@ -102,6 +103,12 @@ creation_rules:
- pgp: *pgp_common
age:
- *keycloak_osh
- path_regex: 'systems/kasen/secrets\.yaml$'
shamir_threshold: 1
key_groups:
- pgp: *pgp_common
age:
- *kasen_osh
- path_regex: 'systems/[^/]+/secrets\.yaml$'
shamir_threshold: 1
key_groups:

48
modules/nixos/openwebrx.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
lib,
...
}: let
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkOptionDefault mkForce;
inherit (lib.trivial) mapNullable;
cfg = config.services.openwebrx;
in {
options.services.openwebrx = with lib.types; {
port = mkOption {
type = port;
default = 8073;
readOnly = true;
};
dataDir = mkOption {
type = path;
default = "/var/lib/openwebrx";
readOnly = true;
};
user = mkOption {
type = nullOr str;
default = null;
};
group = mkOption {
type = nullOr str;
};
};
config = {
services.openwebrx = {
group = mkOptionDefault (mapNullable (user: config.users.users.${user}.group) cfg.user);
};
systemd.services.openwebrx = mkIf cfg.enable {
serviceConfig = mkIf (cfg.user != null) {
DynamicUser = mkForce false;
User = cfg.user;
Group = cfg.group;
};
};
environment.systemPackages = mkIf cfg.enable [
cfg.package
];
};
}

29
modules/system/exports/openwebrx.nix Normal file
View file

@ -0,0 +1,29 @@
{lib, gensokyo-zone, ...}: let
inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault;
inherit (lib.modules) mkIf;
inherit (lib.attrsets) mapAttrs;
in {
config.exports.services.openwebrx = { config, ... }: {
id = mkAlmostOptionDefault "webrx";
nixos = {
serviceAttr = "openwebrx";
assertions = let
mkAssertion = f: nixosConfig: let
cfg = nixosConfig.services.openwebrx;
in f nixosConfig cfg;
in mkIf config.enable [
(mkAssertion (nixosConfig: cfg: {
assertion = config.ports.default.port == cfg.port;
message = "port mismatch";
}))
];
};
defaults.port.listen = mkAlmostOptionDefault "lan";
ports = mapAttrs (_: mapAlmostOptionDefaults) {
default = {
port = 8073;
protocol = "http";
};
};
};
}

48
nixos/openwebrx.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkDefault;
cfg = config.services.openwebrx;
user = "openwebrx";
in {
services.openwebrx = {
enable = mkDefault true;
package = mkDefault pkgs.openwebrxplus;
user = mkDefault user;
};
users = mkIf cfg.enable {
users.${user} = {
uid = 912;
isSystemUser = true;
home = cfg.dataDir;
group = user;
extraGroups = mkIf config.hardware.rtl-sdr.enable [
"plugdev"
];
};
groups.${user} = {
gid = config.users.users.${user}.uid;
};
};
sops.secrets = let
sopsFile = mkDefault ./secrets/openwebrx.yaml;
in mkIf cfg.enable {
openwebrx-users = {
inherit sopsFile;
owner = cfg.user;
group = cfg.group;
path = "${cfg.dataDir}/users.json";
};
};
networking.firewall = mkIf cfg.enable {
interfaces.lan.allowedTCPPorts = mkIf cfg.enable [
cfg.port
];
};
}

139
nixos/secrets/access.yaml
View file

@ -9,111 +9,120 @@ sops:
- recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIVlJmVTFKZVJ6Z3V0K0tS
clgyNEtMRlVKM2RybDNnN0Nja0Y0NTJKT2l3CmRXZHVHWTExUmVNVCswTm1JYkNi
QjhKWmp4dnZxVmJBdFQrYXdqT2NrbzgKLS0tIGM3Qk5VYWkvelllQmxMOFNZbTkw
djJMVjVqbWhvdzhlVW05Y0JvM3FHQzQKmhFhntjjR0fikS7b//dLSvdtkRyT3AMr
u8RSg4QpvejOTRKfJ8vsv2b654b37QrnLdFwgByzluJr1ETG92vLIA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYkVhMFBvL295L1YzVTFH
THJET1dUUmdoK2J1cnhtU0dNQ2FoYmhKcUZvCnAzMXlYVXVqbHFUSzNZbXNwWFBE
Y1dJSHI3Zm4rQlkxd1cwTVc0NC9VU00KLS0tIGJDekc0aTMvNXR6WTlORmhnSy9G
d3JiSlZ4M0JvcENMS2p0MXNjSzFNOHMKu3Gycd8du0uf8mjVGN/coZT48YZMfz0U
Vqh57J9/w6mBX/3tukA06WcrUoghNLCIyBLRrCqKNjFD5jjbkVnaqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QjdtczlwOUJDUkc1QU8r
dDRBNXRZS3Avc09kVy96cHE0OTZwWDg1Z2hRClA4K2xyNjNkM1YrTU9xZE14Wnh6
ZlhFK29tS3dUMkx2QTU4VzEwek03SzAKLS0tIG5vVnUwMWlGc0xmREtIR1ZMNW04
T29GMHdaRWV2VTRiUXJMRzdpdTBFTXMKx7aF3X5XfNdXEJIhBRxwdXh8lOXOH+et
2RcBNIsQURLBfZQ9rK/Hoy39+S3sKO6ECytAI+jqhEEVnNppUtonVQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWazNTUGZpYjk5K0RvU2Qv
S1NwY1JxcVNFSW1Cc1dZVWhrMkpSODBWbFRJCjIwcFRwSkU1dExDKzVEd3NFc0hk
Ri9jbGNIeWlMOHFFOG1ROXpUNC9MZ0kKLS0tIHVkMVkrSytwSlcyZTZnM01NcFVj
M3ZQZ2hNc3ZvM1Q5UitHTkV6bVlEYVEKfSOP04BRzkLx+2AurZhyxWNLfYYSiAl5
2b3PDltHFQPIBkEebZOuGHfAk2vR+J+Cmt+GeTqnUBSiqsZ+Dflg9g==
-----END AGE ENCRYPTED FILE-----
- recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVDdGRmNrUFJwSCtYU0NW
eFViTmVhMlZKTVdGWlg3dy9wcDJhVDFkOG5NCkFHUUlmRkNYbVVqVFBNOSsvK1VG
c2pVV2FmK3Frc3dpSjBEd3oxRkpVd1UKLS0tIDNiWXlidVo3ZmFEMS9NSVFEMGc1
bHA4Z0hGS3QvUkpVUVlTQnlGMkd1aEUK3yP5WzCUZeeLDTHNyVe2zIk4tKZOx59o
w8NTaXRYGkQp0BAc0pKv1IGRP/wQBgUElhWnfTsMbzG2+Aey+lrj8Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRGJTdmdxVWg5UG9zVFZP
cnRkUGRITXlmL3Z3ZHVwMmlCci9BNVAyM1ZBCnp3dHRyd0lKdUQ1eHFsdUNRK3BB
ZDUvNzV0Z3VBRy82YnhMaE5pRmlNbzQKLS0tIHJlSEgyTUpYRVcrZWpYdSs3Wkdm
citpcm9IblFRdWdhVkhIVGlQR2VFWkUKEXg6hX4wuaUAsjuVO6IachtJtSZDzE0+
03k189xkLnJPfr6LHhEtiJzOyUtn5/vqx0W1Lkt0klmK7B1KrKqUQw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWXF2MUFtZUNtOTJaTG9a
RVJkS0l2cU0reEJIdHI2QkkzMU1CUC83S2t3ClU4MDhGVEJ0VEF2cGEyUXkyUmQw
YXhZNFNHUmJqQVRjOUtrV2JqdXhPbGsKLS0tIGdzQ1h2LzdLNk1pbGZjWU5POUEz
QTRwdURiS1o0YTNmMGlNdElIR0xicXMKHCnCa4KxEAmdOkbcWVz0i3BUJ1uSeZvr
ZosXjnKNZYWBqijECwWFAPkxdLRXsJs9RDq0di7qTGYhjQAH+pTvTg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOUMyMGpiNmV6Y0Rwb1RL
WU15bE9mQkFEaWxwQUVqeHg3VmpzWWFUdzM4ClFQTVpicWVSVURCLzFMR01ieUJu
S3FDQTlWTWZZdnRUZERqSm5BV25UYUkKLS0tIHIxWWpudVhLVE5YUGtHY2d2ZzJV
QXIzR20wMFB6OWQ3WEtIRUVlTlNheUEKInMjMoPI80gdp8kf3Wc5Qdz3DtDPKinu
KNQk1gJUxr2NtORSB7ZkkzH0EUqcNnwQja0ecolBo/btGj3I6UeRFw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbkdsSFZObE9GZERzZm1x
RVZGR0tCMklmaTM2RnZKSEdMZGNlOFc4VkNrCkRUTC9FQjkwdkltQnh0V0ZVYlor
T1BHeVBzdkZpbm91RmlyRFIxUHRucW8KLS0tIG5iM2ppRmJuVWtORG9GQlVxbjNJ
UWh1dXlmSnZ5aEdNN2p2bEk2L3ppZGMKVBYG9SessgUOz6BzvNE/s0iSaDawSSyl
vcs+Cp+JAEFZWO6V7F6dpb65tl1Ua/0vEAXc3uwRbtW2IVyIYTmVeA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0S1pWcSsvS0x2aEs4R2lC
YXN0dGZuMmkvZzVCQXVyYUlsK0c0UTBtTFZNCkk2VUsyazEvblJtb0dGdzZwTjhu
V2RDaDdpTVFEMzlRQkl3REV0ekZha1kKLS0tIFpEeDdJSFJSS2lNYVo2Rm5nQWJD
S3o1WXh3ODZkN0pqRW50eUdMbWk2UDAKJL92IRFWli5UuVW9kvmO+vtnXiLGbPHr
pO8Z19/8ugOo/BDlIirVDhSedYjrkEQQNZIbLTshaogxh9eynmAbpw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SU9sSitRRzQyV2FZczhB
UDBBVGVwUXozZDBUamdpcnhvekI3UG9Kb0Z3ClFYWlZPZWhGbHYreHEwdmk5SnAv
blVLbFBocUtTTmFmMXZyY1c4c2hxWVkKLS0tIElFTUdXbDM0WEhjVGlPU3BxQVRO
djF6R2kyYjY5OWV5NjFTQm5wUXJYMncKDu4SczknbAduRIdhsyM6zY++ad6vs6ej
S92xI6Av9lluES0kDEEyJZYqqoJOjXVLBKfBQFVwmX1su7P/XCOHxA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRTVhTlNManBnTjllRW83
WVZSWHY2NVpYNXFxN1dPUkdnZW5mY0RCVEdVClBBZ2txd3VKTTFraVBqNEJFbysw
V1FFK1VhQ0YvMm5qS3hOaFZjMzBSWVEKLS0tIGhGWVM5QzBRTmxuSEdTNUxFRTh3
Y0xsZmo0RW5QVUJkKy9tUDRoMWJMQjgKr9jxjvTI71kvJ7Eexhhq8Fdu0fDwUqDb
TRcVTP1xgUeMYnEgq/w4GVZcZY+aLMiPdph5FKikoGo3EGmwJjIMyA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2VURXbFJpclIzRnFybnps
MS81ZXNKcjRkYncrY2dIN0JoUTc1MGVnbGxNCmY1UityMFdlMm9IQlgwRmg1NE1z
ZTVWTS9VQmVGRGI1S2huWm1zWmxvNGMKLS0tIExaTDlmVGN0T1BnUkdKdE5ZUkZY
SFQ4OG9pYU4zUGJzZE5ieCt3bVdLUkUKVFZ2l7ggSN8QwEIN0uRX/Tn2vrsmTvxo
/l3hh3YFNM2QY9Z5rtoV1jSsTFLUrRUNsY94FUNOzk6F3HIArC9AIQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0NHAyT2tJcTJpaDMrRFJJ
bmJHcHhLQWRNQ2JXWldqTWxvdHdlL2dmWTMwCnMrUHMwZUNzM1Q5a0FGTTM5UHB1
dDNpVEhlMzUyd3VGdHpnQS9GQUpvUUEKLS0tIHh2MmRROGpyY05zdlNSamh1MjlR
cWZrb20xQkY3ck5aQ3kvaFM2ZTdEWGsK7XB0Nkx0PRT32J2wWlCBG0Ms0yD+x578
rJ62h7s/diH/Al+I1+VqOdtEIrW/2R8XzRzXy6vaXAWiRKYFVjOw0A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ejJaTU1nOXBZZDBmVnhw
dWd3dWhrbWFVTWVJNUlBaVc1RlRBemFzL2pVCktYdXBjeTZPR0lGK3VKcGFDSmZH
M1VISFlQOXZ1c0JqTFhSSzR4VGh0Q0EKLS0tIGsxVk8zQVJDc1JNRVQ1RlcvWFNx
V2VrSWMzcG12TFYyMXFDRm1KK3VVQ2cKfTEG/qGly/ypBfEYEYviAcjGudfvyjZx
OT6MOITYPW+1lrU871lM7VZJJTKjnFQV2df1Ca5YQNSW9EzrWcgtcg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eVgyOFRVODJWTUQ2N0RI
ZklrSGdPNmljQkJPc3lIUitSNWxDWkNxc21NCnpWMmY1S1lHR1loVWQ5dGFMMlJS
cW9IVkE2Mk9vRDhPOThSekF4VnJ1dUUKLS0tIFd0TkNSYWxBZ2RaNE14UnlBOWtK
WFlwemFRK2NYQm5IczdaY3UzMUxLUk0KBGPbsH3ufRLCFIXUsFrRuVCIC5C/HJ3v
xWfpI4GnRBAl25RR0K99AvlNl3XneEQvVcyLVyPsxVLIoUQzEBEH4g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnYko2dXNxN3R1bUhnRkZ5
eWx5dmtCd3BJdVN3WWxhUGpEdEdaY1VyMm1nCkI0K3hmQk9qVVlrWWRVNXpoVnNq
ZHo4dnRzS29aRDJrdUs0a0VwV0NrMXMKLS0tIEdkWUdpdnRjUjVTVEJlcGozVmpi
eGx5YUpDMUxWVVlPdk1RRm9oaHNDbGMKXodkdcuKNpQrSvQ/2kkiEGWidmRtp+3/
bDnyhWgRTq/bGVRmuK6VAdkN/mL1GBKvz/RMMFVdK4hDcFET7u5dug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-01T16:50:29Z"
mac: ENC[AES256_GCM,data:humfCS9LaB0pcAObLZH+8huTED1/eW6ZtR7PVZ33JPrTJhc9ttorbsfsVPGjsd52I0RT4cNNk9iRDGSqNvgCP+BdvOyILDRA0kxKvF3XLX76Iw0v5jWlPBUts0Hi5ch9Mzn5abN/w3E/5D7z1OMQN11kroJtVpnQMdPDza/qK4g=,iv:UNHN2BYkC0AShqtB7gRLIBYqYwASqVbYhA2RC1dSWYE=,tag:Qo/1LczVrlTHFvWkCG3GIw==,type:str]
pgp:
- created_at: "2024-05-01T16:36:56Z"
- created_at: "2024-05-13T20:30:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ//cm9rYFWc99F9A9X2U/Qg/44MZhuthrxiRtZ7IUECn+rv
JTUhQTe5p2l+CxKznCef1+L03aP1Iqh86YDrEO+d01HG6/NSt4gyViXw9suJM913
bdcZUz9YHpvyvsoSLaawxI3upqJykKx1ZhVgnMkJCewZ7IsEoMRlv9U1ofxzbGBC
dvm60l2swE5smdXiZeRxilDeGg0Mf7ijhMhhC4iniJS2lVe5vTAg05uBA3lJUVr9
GLpUnY8c+0MWlEo5QSFYlWFJ0qVPJcR82vVhAZVfcPMtqmtqS3MpbJvFR/2krZjI
6y8QPZdLnZdI0j+4BW5m/5mgFFBJeq6y67j61M8uP0Bi6VL7Z+82oeVOwVjgTnZx
cfMlUdzOwkXyC7roSLV7U/Suc61es2PG+IulaMGbgVAQIB8gl4oUYgQcvfLJkqxv
UokSBWyoyrWGQIae5nQOslLpPWBaNi54W6LZcAamAKmQgSlD/wTOSrajrTi6lvX4
VMMjPoyLNkcu1MS68Ue4M4wsw8B/Da+TjkatVMgm+D/Dxmvl9iaMKc6diec92jUt
so5yZ/kf7F7rfglbvsYFyLeRNenBXrWN9PicmGLjKJQPV7Agdfg35ywbhcp6cUqf
QDmO+5G4CsgLy1MNPczJKXsvrIGltWU0evzoMbPiWXiZvUKQwNW6g2a1FGiTVEbS
XAHgjFs1QAjzaWB1+bjCmt8m0+pUq1wtqT69XRgwBZu9Xb5KDR/h1OXl2s9qZUcj
8oi8OIZIv+yEPXcZYm51NQg0IB9qtwQpxya4TuYM29cEFQY4/ANAExxK2rp3
=BJAs
hQIMA82M54yws73UAQ//SLtt3YZ5qSrcqiT5zalPS3UXskojlZlc0vlJmKN/m3Ht
iLPt2rxNqNkKE4EWUc1AT5s08aushPDEPhILcLMoKO9EzruLS2+KlRRfYRgVEa+N
Iu7xjyvOvtpb1Wg8srgfQbgH4GcKueiQjMOiQD8hcfvm3gml6iFYMqGEl93dcJDR
15EOL93nG0nEs/StZr4ZR8jSuF3h2MwsYjJvHBuvyMgn9a4wSB5PCBXHmph9RhjK
V89q2L6VROdoDXKtTbPveqktEcTBExRO4twnvAnDp4Y16KamPV+sf0RPi1lKDP3Z
n0SFg3yhJjlIYPoOzCulDNTZjEHDNaYNMw60juPW5tLxDkZYRiZACvLYvNGhm2ke
l00MiK4YRX8pQeVk/TiAvLh32jW99X/znbGrL+JEfjEJlUikWVgyfGEccqocsG9P
cPTx/ErxDUa74tgCQXxBnU+tFTRYDSXcvqalfD81/1KQtiafu25oAb7qu7CUtFaQ
bMw7KsjND6A8zyJfClZMho4rzc551rQF6/xMBEAnyqs5gSkctJ/v01lAKzztHZCe
M2+5acWSUKCx2YnKAiQG+3jtRx6LFKS/lmvP3uyALndc6lJnmvE484RrY1lHDfdE
xpJcHK5X9cTwip8kK5+GrHbZz+zv/CiqnmiwQpNG7wlZ/WsG6HB6aCHHuezWsmfS
XAHPTUROKnRoJz3W9q8RI0N/+H24vrIIPydMBw0JQn5Yws2TmYhCloBM622XQ/OI
G61pUiglAcPbs62ftar282z4aqFHrV29xgrLNN6D303u08QdwGkacWDZCVP6
=4xiQ
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-05-01T16:36:56Z"
- created_at: "2024-05-13T20:30:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQgAhiN4+xEOSyWdDOKv9vAlr9R0lTRewysTFa7cWynDntix
FNHapgPIVp/NatooTUkE6RFJhnkDC+6HKwDwc25NuD2Uoo16BxWVUZyzVNUYboZs
VEJbXj2WIe/4iyxArCjlBaEoLrLqQ4bbsZb2kye3C8YOyH+jIaCbb/cvWyzuHyAj
ENqGWKehhVy9hP6BN767hUfcvBvU12btN35ieGSe9V7yG56tTA467V+htXx60zsU
uUZ8RFPLpZlDylAbarNMcevhgRF+/8G1uCKjN8gJkn+sJtKFQT7YR5HgHg6LKuBc
0dYqgzsp9NjindHjX0/WCofwEG+HXjSMDK4GZvC7eNJcATuWAaYXRIpoIYOBS5yq
p4FttSfgo1CWKEhOVs4IFn6XuzzyteVRYhxFMj+/ojYsj7NkqnIIhWe7nFSFYHOE
ye+hMG1+ncrArTuIlH0c0KO7UqCEKQNBh7TKJuk=
=T2l/
hQEMA2W9MER3HLb7AQgAlSL/7pQDNiT95e8VWs6LimiQVULZkVY7uN8uIuNmBk9U
9+wMLQooqjSB06OCaaBSCVVPJZgwCnwV5xaBqIRmSaXZdY0zkBhR6RFc/iLyXQbl
kd/AmS+9aTl4vAtCm08L2Un0zx0MBGVZ9Qw2ouOpFizRrX6TvaYxws0D+ycAvX4M
b21hS2pCjbSIOLbGS3HlSLCqujlRxI7hcGbOIfCqHt4nWt69JOU3sQBSXEltBop4
CjED2cY/bjvLQ58CGSrthOu95pql0dl4uOT49j6AROWiumm6bIsTmrYHukb1QsVO
GadTjeiCXUKsDhNRtscgrVVIZB5yWrhOX9R/KhyR2tJcAVND6vtnZ9GX4LM7Dh39
kcnZsJz2DvjmAp92zbDTx0nSD7+X4wAjoXxlkZ/kCQASQ1kKdiRc/3Loq2lGJzSM
XbO3wVy2whtczRa7Ya9axnM+yuChlAoEfWtnzHQ=
=IlrG
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted

139
nixos/secrets/nix.yaml
View file

@ -9,111 +9,120 @@ sops:
- recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbTV3OUJSTlJXd0VyQWhu
Y1JiZUJhUzhBUWQ3YUNROGs2MkE3Y1pJSVJBCkgvcFpKOGw0WXdiNnFwcHRzMVVW
T2dRdjM2bFB3Z1pzOEF4Nlp0MXBkMkEKLS0tIGlYb0EyNUtzWWI5ZkZoWEFDaVVm
bjROajY4Tlh5NmJkOFJlbnJuY2NlUjQK7VgmH6UvjgM2+aIlbcAtN0WTundKZlOM
Wpe9t1lY1foUA4claxTtfw0iSOPi0z6mUpeJUOFayzIHm9oBXetQMA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QkpqSTQ5YnRVRElnUUpw
Njk4SlRwT2srSEFGeFZwRUtkWE5SNWpMMTJNCkNBSU1yd2RmUlpFRzFtZThWSDYz
OHZ6SWdsY2J4aStoZHBMUGhzelYyOWcKLS0tIDNadTB3WEpldVBzZHFhS0ZVeVNP
cXBrUFlFQVgzNFNoWS81c2x2YXpoZU0KTfLd64jGWDtptsMbrXnpEb1MpYCYO8xN
ihaQxLimPZhYwU6HitjZBLWDoYtZ6RX8qQAsJLiH+qzxepQavfqptw==
-----END AGE ENCRYPTED FILE-----
- recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYkw1YU05WVpZamFxSXdQ
RHN2Nnl0UkJqQkhXbFE4eUxQV0s0Q1ZSS0djCnVRcytxa3B2dThodEFzN3R3QWJ3
bjJkTEJhUFBiV21sYXJ4dlpGVzFQOVEKLS0tIGF2VmN0VWJTeTVmSGhBY2N2Wmc2
TjVBQ1VlZ1UrZTZLMGVBODdLU3dsazQKz6oDD5kcyZci0Gbxpfu6bRTKbsj69jyA
4uYy8XM22YxIKe2y9P2BqEUYVTumCPdt27qSbFj8CftfwWDKb7WRlw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NWYwYUN6Y1NSOWI1UUtP
L2FRY1JoT0lFdkpGTzFweGlOMjBsWUdjdmtJCmFmMW5ISm9NbGdYRXdTY1p0eVFZ
dUQ1V1pQK2IzOWlKaHlaM1dCR1ZwdVkKLS0tIDB3RUNOanI0QnNRNGo2cDJqdzBq
d1JtbUFJRHdLZDc2S3VQcCtHYlQ1SGsKFsJSSr3nyxwPnrb4RH0fctsl9C5V3cf6
9lxh5qtDEa2JWrSx4QDRGXRPPG/BiB4aYmE/KgyM9mSQPG4VX9M7/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNkM0cFFGaDFmZWNZZXVu
eXNWOW9kcWEvSkZyUHJXTjdVQnN1TVREOG5BCncxVU5tUEgvR3IxY01Iek4xSWdP
SUtuTEhucTlqUTc1Y01hZXd3c3NkVTgKLS0tIHdEWTdYYVh1TzB3dzVMdEZSZ1or
ZVd1QmVOR3hveTdJSXB5T2hXamxTNm8K1/Em/Q1A1PxvmJ1zofd2Rh1h62oNXnEJ
qb9r7ktbcnO5t5lSQQGNPmZapkRlVy5sV0toDkDCBppeAfMkt0PP7Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNEdwamRsK0JsMmpsSjlF
L3Z5ODh5am10QVgrclVjMExockUrczVrT1d3CnhaVTdsOEhmWm5tMUxCN21NRE5I
ZkxkTW1UK2Q1MlBxRFBaVUxsa0JKUTQKLS0tIHYwOGFXNmQrUzk4ZHpzNFlmcGU0
aExEMVpoZ2F0K1d1MkpMNDFaMXNUV2MKYu5Dif3BfpMPD4w8log8bBEtxS09f7T7
bXH/sS6QWBS8F+syHZzUN4KHlBUHwZ5fKrj05sasLcLOojEULRdPvQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5L0J5YXluMEtQRFh2T29q
cmtHM1Mzd0FPVHpGcndrbVVBUHhUQ3dndG13ClUwU0NuMit6UHVDWkRVaU1COWVN
bjhsVU52ODNtVE9jMVlENWsyaHdrUGMKLS0tIGova1pUbXNFa2dMYjhFU1FjWG9t
bi96VSsyaEs0c3loQ1U5c2EwbWRRdUUK2ohDFtsQzl9cWxB8eVlggfLtQmMEVRvK
9b5YPZmQEOmMhgCfXi30wXxUhpckL8v/x7zmojNOoSF8OaLY1xc4TA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQWh1MHBoK2hBeUdmLzh4
RythV2xud3FldXo3aWlWSGJ0cnRaTGRacmgwClk1cTZUZThtU01IZWtEdGlqbWRj
NVhDNjRldlVEMlYyMDhsZWNsc2dLb0kKLS0tIGpyTU54RHBMU0FBM0NIOVhtK0RJ
S05MM0VjVVpudE9DTnJLWGs3NnVkNTgKGB85U/EWrFXGwPM/x8GWFYCh2vPK4chS
UFRp2JH2v9W9dQHk8dhmxxQPCglsm+u9KeDTCgYp1HLtzTXy9G7qWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTk15YlM3QVFaRkw3bnAv
ZFlwZGwxdzJEQmlWWkFQL2xmTEVqVHdqYTM4CmFCYmhUQWJQZzZERDA5TlRpWWx0
Z3lpQlpFbm5EZFdvbldFaE9tcitKcHcKLS0tIDBGZG9PdWN6NHB6MlB4MVdudU9u
UnJCVUdBWSs5aU5FZk5NbU13a2ord0EKrZNqN9rCLM/0EpaHkHldeHWBO0/O8m6S
N9b90JTgysNyYUQ8Nxp2AP4npqJZutxnwmrlwrYjnrWur2pp5iHiEA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJN0RST3VZRndtMGNzbDZ2
encxOTB0Wk5QZy9xZHZPYkMvZlVaeHZ6MG5rCnpENWZoRm5KSU1VTHhOWTcrY1BU
VDlKc2wwU284aTJZYnluR3F5V1pMMXMKLS0tIEM5bmZjbzhLbGhRajVVRUlrZ3BJ
Y0tWQUduTWg0VEVtZ3JQQ2tqd280NG8KMbnuJdgzBnkPSye5tOW82nR7KlRrW1rM
s7S3iU2PcW0uFCbHX+HOoL8p8yifTCPd/FHct5fuKepZoCtYwf0ItA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYWc1aWkxZHBZaVBLUWxo
cmQ2YmVwYUtZcUY5djRQMTRZLy8xYWs5S1NRCkxLMW1rZjd6UVM4dWpGZ08ybDV6
OEcwbE9mN0FXTHV3V0VsaVJSUWJ2OGMKLS0tIHlFQiszVW5RMjgwL3BCQlIrdUND
MTJyYnpBTU9xSDVlU3F2d1o1WFl1bU0KsbTa67oHd26ECBKUMBBa7AwVci+H9U59
g6jo9SQXpvG0ot6vT6azMTXpbcVBqxupJ+JxXALCY+Hv+9VPDBZj0g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOejFLY1hKd3F4bnpDSEQ3
Y1hKcGNZRUtVOVNnVmZNUFN3WncvTUtkc3lJCkRSWElDVHpEdmRkU09pSy9lUzBz
VFYwSHRsMTBqc21nbVY5OVRiL3FidjgKLS0tIGpOeEpDbVQyRlF1Zyt1U0h0SmIw
V01XVWg2MzdkRnUyZno1dk04OHM5alUKrghJcr7M4JRLat314LWfJ1weiSfIVYeI
ZtUCyrbqnuxnviS4ouTZhU6mCcwLITkVg3CKfFmUs4mJL9w2kuRWnA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUWR2ZHVuMFpaQ1c4M2th
R0RRNW1nMGJ2d25LSU9HMXcxUkp3WTNYb1hRCkhLRzlTam5wTGlxR3hISEQ5aXNM
bUo3NzJ4N0krMzVaMDZiU25VaE95eFkKLS0tIHhOYzZYSGZ5bTU5aXBQeHZoQks3
bVp5OTgxSzhlbEtBUG5Ycm1lWEwxWGMKF84ttcAW6sPkoOieod8m8eXdsP47WH/f
WE9DcU+Bxi8Fgr5fwjMnG1R/WZZM5APZdmKyUb0VRKbBB5ZNbbFXAQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTXVuc2dTdnVpM1owMHg5
cVoxR0NKVHE1RmNpZEpvMmdvRXI2TDVQdTBrClFKMmZ1cW9tcHRQV3F1ekNBYWtj
TjJWdE1DWWZZVmhDM00vclFDd2xlaDQKLS0tICs1K3ZkbXZ6UVZ0VlZQdGJuN1JO
WFh4RFl4N2Y4R0ZYNXZlMG9HaTI3ZG8KrcNtQvEBSKCQbRxarrVhXgbISr+JHdmy
W5S5aF9qXx501Tj3zJgrCWaP+7Po8XG83LFZ9cj/KnMqkikS+ydcwg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU3ZOdkpGdUJqdk5GMyta
VktNN0FoS0dzUnNTMXlFM1ZEcDJEZzJLMmtBCnV6eDZ2WmJ3bGJYVHVFaHoxTXhh
eHVhQ1RqazI2YWczTUd0eDd5dm1tY3cKLS0tIHZtRDJiQU5ncFZEbXowYjVvN0xm
SHVTbGlMbkszVVYrSGRiWGxnWGpiUjQK9QyHonMrnHZ5pYUr4JORFl6rE9xWds/M
9Afb8CpvVTFHRFRDxmv+4CmZajYfwrLmZcatvVLgPuxTnoFuMMjozQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK0d2ZE1ZQ0xiTmtoRXhN
dk1TMGltcjlxUVdBbkpKU05Zd1FrRHg0cndvCjIyalRxcWhNeFQ0UGJVSUpuR2lN
clVqMDdkUHAxdEtPc1RTVndKVDdRRzAKLS0tIHVmdlBhUjRSRDVoRUF6bnFNdFlP
ZVI1Ny9jenZWVW9GMkdOMU1XTmtpN28KfTFGcLkGvvqDFyIVX5dIN0l0SCSjlt+i
A2G+UJnGTGZm32gLVVWhfh2iK4y3QXPwvxxgifQ+ZoguSzuGz2rRqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRmRnbkQvMGZWL2FkbEFy
dEN5dFY2R080ZHRlakUySGhaY00yMVFIRVhVCmIzOGQ1bUpLNXlvU1Z4ZHpucjEr
ei80YnhqSzhXT0w3M0tpb0U4UldTWlkKLS0tIG1iWVJYbmNxMEJGZjlKR2R0NFp6
dFJBUXY1eTFpQk1uMG9PUnVHN3NtZGcKYgtAHBFc8cUjP/qJa8X4amEC76NffW2e
xHwa6sbFMSS0Sw0Z5SDCBdv6F48k6Yfb7ALHlbX9GzJxCTTbY/FsVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-14T03:48:48Z"
mac: ENC[AES256_GCM,data:u7G4YsCFxUkgOsKLRurxlEl358aLdBdFOrOtO9TUu0JUHRx8QjPcYgfHgHFXqNTfJs+0kVvcbAzNJxNAIMWRQrVDy3+i3YFlyTcDAh6CufkIXRM6fxnX1YHzZGEtC7bpBASTpSgGJzVt7XqGrqE7v8H+q63MugjHYsKtmIG7lO0=,iv:0Zrw4+Cmfv6bjn3lYoinkYdj/TinALpyOFP7Nd8w9MA=,tag:8gi04GcF6JCBwfmVEulSmA==,type:str]
pgp:
- created_at: "2024-03-21T17:42:29Z"
- created_at: "2024-05-13T20:31:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/+LqogxiRV/yhn33FEzz0GXJ68Bkrhioqvivpf/pB27k9R
tx2hqp+RzYWwcXMTlHe9bDJErknZWRhLXthXer2l01eugheOT+BhYRuolM1Ib55c
aFLJ9zeqr/U4N8qcq43mQw6D+GnbS4ccXju3fzVmq1xB39fEVhu/+xyCTYSaQcXJ
XvCks6KkcHQBQGaz2Bm1CluJ6jRvovh+gEKQsPKZ6gIGu241VXfgOPCFnOqHqrEE
rEJ9BLVBraalojhoRjC6fg7KBOxt9LP4BGWIvbp4xqTN3pk36vZOGkxVxtkPB45J
cyDgAFm1CJan2hNMeNWFZsc4em1ECbOe97vTN3sSwWa14h8tuFISfe+Y9RXyjFMp
+joJ3l9/weh8rBppcdLIRKpfTeLRIyUpkB/uFZLyxAnroHva35/b86bxb4cv2ChQ
XoMZbrzKJstMSqrreDrWf0KK1qfm4yjVvG79fXhNlXRCKotjLvDdAmgef7WNgjS4
WtozlQNGppIGv26ZrUSxvuJ4Rj4Tplmv2+ZCHrWVql4AqFijLCH7YmAOIAz/4nhY
BdhFvG87USbMowgl865U6IxTYFfEHcnnxPyk7eLK4oEih+F6XNA8+AyoynEVKl+p
n9mx/94P4KbysF6lK9EclyuFkKuFmU00qAGF2CyBhsbAZQ6ap0VTQzMvIKVZN/vS
XgEyuU+6dgwQ2W92IEmNkqLCqqL2ou2MaQ5nqeCLkK4BK6TVfKBHVJ8gOxqxPrNV
nNURna/Hd6q4Pl9knhiPj4IYIWbJdMYjc9ypYyl056Qn7dwgEQ25+f4bkwzAc48=
=3fm0
hQIMA82M54yws73UAQ/+NDXHPt8JBAf/m/nxLpF/j0aqWkyvwy30brq6ByFf3/Py
qE37Q3yFYdnxwNa8r5uwow+CQfBfrV1FfwCoLikFVtPfO9zSdpP+61gwuW6FNPnm
hmjkAk3NFQriFs7DaXPtiwMbiPF3PsWb6yfXzUzousqpSQWr/9QyJLfqRidx1cFN
QcZsHj3N0YnOXuiIdSy9kQ5Kog9uhgP85kUB881wQ/Me2DWq2UxcgBspIK8T53u/
NM+odhNY150ISQUHiu4UMKClMo7Z9wduWylWgBLe/zvTh9hXd0qnMbiYFTHcF/do
PfdYeYyvCjLW8QncLfsnm3CuKk+T2Wv0VVQk/QAvt4LAcxhoDNEzVp+csZIapgHO
1KH4Kp2NhEVMr0ssaZJdDosKM9jAWO+AWc7eHPSkujq+Xp9nYo/gUEJQ8qLxu9ZJ
J/1Nm3q7CdaoXuGjk8OlxbOaym5eHOODGRbdQt9CdHP+uDg9BLQOgsVNAC14b+O2
MhTKDu6u0A5cAlwxOCDLS7+sZRNE+W/ovkdFJFeYp4TbKLQVw/7qjXTGS7YSW2lJ
iutXyGIY/JZ9PoLRNl74I3mtBO5x6gna2d9JV3karaQG7df5TfafbT8VSWoF0YGp
xFWQgGOKsHSZng5XjepgYj0HaJAeNjxUb9l++h4xXjLDEJEyn2jT+Y5jRIhhMVfS
XgF7Ha4RcsFvooCef6evXTtpwfOUzryT6bUP3ZpVbo5yDJ+0IDqD1Tu9dkHeM1Pg
omLTazYIoorZW11YfA1bVZVaCu+8wPZV6Vi9uqds6QEpCbGXzKmJn6JIj80i/aU=
=BTfV
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-03-21T17:42:29Z"
- created_at: "2024-05-13T20:31:41Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQgAkNNAoVsyQsOftg7A7/Mh8HR2attXDr1vbkVr1Z4b90rd
S0JL6EakdQeoHI2V4ieYIIDZVKX1q7E3hhAZbfaVQVIRCbhTGfQh3i9V3KtgAiwg
9AuHSilMTkIUXdJeqE5/SJcNw1DMIzCImTE8iqYDEY6T/QuGjkYhLHiTgOAf2gwi
Amhwx0kuTcJ9XZ9TJXO3DCQ+joaahXtT8tX5elw5DAWWh+lREyi2a7CksZ8CkDLD
aHid7ULCV9UMNhqqPj6WNgseyaGvABiJLd87OxaQWfzOZdW3B/Vpjg0bR9JClP7x
jTOgxg1jc3ydEoOvuJZCmugV6oE/zKBsO5N/Niiv/dJeAcLfwtL8Nt/03O0ZZmuv
ZV1Gnjj6nB6cduvVW8aLSxiLlyJCkTGgtitFDYfi+c2gyaFiSn574rMkPlZJPI1w
X1kbflBqftsyNcpouY5QkH3qjihZeLeGOT90LTgLpw==
=eT3V
hQEMA2W9MER3HLb7AQgAw8VwWKfJckGHp5wzvUdkIq4AFhGH2Sc04mi4eVLYsiZU
wy+tOmNU3/rB/Y0WuyfCd68EQTa0UKKid2PC3viDsoNpqYBvbwjOTZkEgIWUUHtu
08jFmrOIitOA3CniFioDLT04DnenMD6K16yqCprz8JwFv0DD9Y0BlkHXjzsKXeBV
YA4etbSSksgb/71JvNx369+iAgFc6gdAvlCPMbctbrHemeORe1069PHXm9EA7aVy
nrancnGyjq40EItpHeP9Uuj8tWV9c04zhC3mA7lCyCfytYWaPIOGMnzywhsoA18M
O2gbletY8io6TkhUxxyOBxqhvI8ceGqkskMxSUBaHtJeAWpPZT4t96L/uH8PBPGs
eg2iXE7hWcibcUiDDvB6mKywtQLtR3hvezYw+bQj5SEYfSvQnCM3oyRbsQKmqYbl
5uJ0sdyIg8JxiyahGAep7036fQYmr7pvGRk8Y0M6NA==
=6YPL
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted

129
nixos/secrets/openwebrx.yaml Normal file
View file

@ -0,0 +1,129 @@
openwebrx-users: ENC[AES256_GCM,data:MqPnVgpNgVPEnD4NaTEd/+g/njg50WdCgLPe7prWi1LoV/wQtlT7MJphMMDjiKhky6AbzvgbizpTSGSXTi+owLxRQDkn+Yk0u4QzaMRggE2zgG7c/Cy+dc918u1wROyyJKJYydnhFB2PsIRK/kUVLl8nwcXcCnWAE3VXZMChWE7wallSLm8KLUSq2oNocMqNIuvWY9h+gdZdY4h6h4w4quj0WYYi6bwAN82jf6b4OiWvvQ0ngrNR6SoPlQ1KRpE2jlpfN+k1/hUqA1vO7iORNoxkXCyiQkIMdi3N16Ez7D7zkWFy3+ZcoD9xS6nXaUeXxQWswMY52TNsQuZco33aRinzLcuAst9w8FtccuOCeXkdCwrHbdNhBuSLsT1isCVQXkcdv3OC+7ai0kEp+KyiMNydvA5uA7m4/S/0WiPd/WI51MbnSQqEWhmS6j8CbAD/Gx9Vn4QpSlSfEpAtPVwcKXLzjxNXcZj25EsvxzLBaJQLm/vJ+NpBpLss8VoYtCOz5GqZo1ZfER5lelfdaEIfyfS8n54qUWs3z9UMSSSurj+4z9+dGAgJsDM+P/L6EpYINPIGtq5D4qFafnJSkoUVya/oNH4FB2CHHfPGxqkvA8hfvBUf0B5lOGmX3w5tAMHDWfyEXHJ4yjc2eK3u8l9goagzvcCqTdPWDZG0TQyS96k8qYaNismPTCuDryEfEuQ3mbA1VuGWlyNsEoasMJaa1/RAnZvYpxl28Ykdsbe+6oxvmk/6qWBEb84wbdfhc/MdxznlsI4xnHo6+KAT5peAOVaeeOIwMu0zfxxyWmVaq6g1Ch4MktJaQKJRsVO4IhVFyTOzfAgY3MXDsYzQXQUw+Y428M2Ag8jsry3lP4U3Oo0ckyjWdDIF034ZTa9NgZYOCKC/eXuZ+7X2HHasDORryhX81SxEgQGuzxHN1JLmRp4GI74Dj8SFilAs/cSS4s8KTwBrkt/BI8mwxI9e1JegM0TZhpHte2blkqqh9utsNVGw,iv:B5s4i5n3+ilhxwCDOS051hL5gmvjcVkk1UZVf7jjKUI=,tag:92iX3q7beJ7oDcWzrrbaKQ==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbkVFWGJsckhmMnNHWlB1
bUlDdmhNSUhKZTdiRHYxbCtHb0Jxb2Q3KzNJCnl0aHpIYjZJblk1dmNFaFpoTHJr
Q1VkOHVwV0NYWWo4RHRic0dUSzlRZTAKLS0tIFJLRGlGRTlWMDNha1dqRnRSYkhM
S2VpYUNGeGpNZGZDd3ErYjB2QkNndTgK7ConoF0EJ2caKVuLQ5Zt5EEhSDE/HQcL
2djX0vPViLaDBKAwZxKpxVc1368axQKDgNqz6lIng3P0Y3sqVjYFsg==
-----END AGE ENCRYPTED FILE-----
- recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsK0IyUkY3eUJUdnZLVUlK
QldZdDlVQnNrSUlnY3hFZ3dwRzBXcDQ1UWcwCmxDdUpVeVZDd21LeVRmWVVIZnJK
bFVocUQwYUNpclhXbGJ2bGZ0dlRkaGMKLS0tIDJmUS8zM0xsWDgvSTlqVDN0eGk4
TVF5UGtHMm94Ym9pOEdDZkZzK1hYZ0kKN+0df9x+jtjgB2WzGGBIh9x9YRtruUhj
yg+yyVK6RwIoFSzSiFPkYAGRGOIgPjPj1LCxcIGXvDwAZ+6r4TMHpg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTzZLRlpYdkpCQnBoTnBT
dmltVWZPa0dOQkttZWhpNXdHRjFXRnpaSWlFCnBzbFJ1WkEwd2RSUlMvMGpxV0FL
QUI4eFlvei9WcXYxU0t5UEV4U3pxdkEKLS0tIFlBckpvblh3ZTNFUTlJTkd2NUJX
Ykg3NXl4czlTZFhKSmpLYXR4Qjk0MlkKYU/7abutIFwzcfb5Yb7yAcbQH4s74l+q
vYglUC+YqH+M77oU0ILqqECy9oYSmeE3WHeN8JA15LBZuv693aGrew==
-----END AGE ENCRYPTED FILE-----
- recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4b0czRnUwUmtmYmlBZ0pt
SjhWSVpmZkRlS3JhZHBIUzhSWmtlcmRVTlVRCmZVakZvWHg2czZYWUJ0QWs1RDh2
RFFBVkpsQjZVOGVqRTB1Y2Q0cUx0cUkKLS0tIGVvWGhCcWpONUpydG44Sis0MjRx
RDFCS2ZBb1RGUFVQTGo1RXVkVWQxZm8KXuIxD8XsPlW4O/6UgU11VK+LVNrO/VTe
aBlzeLJAFYL7Q/7gVlJ9Zm/8VVZjnL5ycYejwe580QfoJNUbj0SW0Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZakxRQUxka0J1NzQybVVH
b2xrQU9TWll3bERscmZwYlM5SFlEYm43VUhNCjRDT2lVZkt1anhzdDc4L2daYlI1
ZElTOUV5Q0ZGY3l5N2EwRUwweWI1ZDgKLS0tIG4vVnc1Q0dvZjhxWVMyODFBVkRj
VUV6RmgyZXRpR0pBZWM3N1pHYm1TUEUKnqFigChvUvywTM0AiP/joRExpfrJqd80
oLAV21vLWLYN4NDgb+iJIcKi38I2dnwtbhKUe5qXttwLRCOx1PDjGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QzZHeUhiNGh3Vnl6cnVi
TDRIY2sxNlJYWktQR20rRjlmK2pyakoyQ2hrCmovN0pxS0xjektsdnhsTVBhMFNL
aWdNOVZyQ3R2dFpNbUVtZVo5Mm5kbGsKLS0tIEhMRzgzZCtJd2V5UWo3bnRmV20r
Nk1MNnVHNnZ0VlZvVGJ4ZDd6YVlwUlkKujDID7dUuTpeJVIgbTQcvQywjnCqpt7+
OV8Tmpms+Gdf/yTZTH8EgIDT4OJE5wJqb76cDtQbgUCzIokl1hS20A==
-----END AGE ENCRYPTED FILE-----
- recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RHRjR0YrWkVxSVczVHEz
MDIvU1FRRUVJQTdIbFdqdjVudnFXaTliQnpjCnI4Uk5LSTBRV2RCM1ZleU93ZXN4
RU01YTdCZ04vOXVZY0lTa0dVMngzL1UKLS0tIGc0V1RXS0lROFI5T3UxMCtXclBp
MWh4clBWQ1pMbEhrVm9JMTlnOXM2bk0KHuKznlboKg0KNzFb9FVUxxjWXz4FycOe
TbxoXl2AY6Rma3VN4E9v78LNVa+whQ3cz50G0yLULEY0Fu1Idoeugg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa0dxSThweEt6TjNXY3dN
QUdiUmpjTGNreW5pRHFScnJuRDAzMkxHMjN3ClJ0TWNxOVBDak9TNGpWMERrdUJw
Y0l5dnZubkRYUWZVRmlEQUY3RDRyYlEKLS0tIHFoWmVWYTQ0bHp3aDNuamtMU0F5
N09mU3lRSUg1R2s2RkZUNEZHazFzKzAKFg6o4V/gGrmVsQxYQ8rMu6V3sWZxahhz
rlmIrdXD0V6pO7DZHfk2A2Lw9/injRFBH6/piZatHUAKU3l/nksMpw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDT1BhQ2pJRHRXR1RiakJV
Qkp1NzlrZnJKYlJPZHVNT3RKK1ZQd3VGRlFnCmlkQmVWaHVLaUpkekpya1NJRkE4
MHJMMHpqam53VnZUY2U4dzY2WnUrYlkKLS0tIE8wUWhmYmQyaEgwKzNzOHd1WFA4
MUtIVFB3N2ZkRWZCUkl4b0NwVEh4TFUKx2VGEjaJNfi3+pTwXJR56tk8u/DjwghS
+xR7aYDwtPHbOhCHMiCCU/yOzrgsJ/or014OQ2T2dFNYw2Cyg9p71A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-13T20:38:22Z"
mac: ENC[AES256_GCM,data:hRIzbexsU/vPdlvXq+Z42dJvLeABnAVqdl+L5oIwK9zvRYRA3zY+2SbUScWsMuEvppJRElGQAO5ExemlkwYapH7ERGcI2m43RU6xBPlJarbr+A/rMJOZNogwB31qXuY0vZcFW3h8L6JnaYIleQLaouti9I40AKh4uTSa81Ht+fc=,iv:Skkz+WBjZNaF02YchLRQPZkOQpFgC7GOEf0Xw+gQmwA=,tag:EuZBVAa9cNEK6ETAG0xP2g==,type:str]
pgp:
- created_at: "2024-05-13T20:13:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/7BZOUlurLkOIE9lIHX6wt6Em+rwAo7jSWTg8M3CCxwz55
fmOVok6bKiySoj04w0mv3fF+Ly8UsVaX3UvI56QMNA5uHLXtrjRoqYEETZDCWU7Q
lKKU8iR1rDZ4orTKWOEixC522k7A0YjsIhDthAWPgEp2otOuIYZ39Os2C2MfuFfR
amR2MjfMEFyphTFR6A8wi7UK7DdPXkXzaJ88UNcVZ6o08/7A3GzAAp5gX5jWzFZ4
gFzuHWt8YZyR611w63G1lLmvhcJGCbWI8JY3mvNSpKYVZSdF0r3KuFBKrQqzV2+/
ql/owQMUVJroPZ8k8UPPvkIQu25qbPq2NlGdQR/YyPF1TqDEhFIV2nFaP9xmWxkb
74kPFkcUKLiNGv7cwiOAYyvwDUCVTH/G666m8Cigl2rglBaUIsOcld23NmPR8fDk
TQUrYdMNGsLQL//hwpNyhUsmiKqb5NtFMydylu4Qh9eK5J82Nay010xUxRMnfxVX
YvKS1BVvFP4/A7eWoRObHR+4oKVgew4RDq/cX9EetBmmci9nNE/exVvVwiXJQKFr
pHuallR7CZNYbKvEOVHcjLOzgv7TXstectQnFjdQ3JzkGgIVM3gKK9e1QKqD9uhF
sO0kKDGUlxCI4HGdrCpbWlQpATmQO1rIH4l7704gpcAtG8BtEsU5yLPs3eyyAGfS
XgE7uaFBGe5/w7HU5+Kk3hP2HfgeHeZ5cfA4z1KS3P+U12l8fGHnil9nzRyLOocj
iSA+aBQE1+WuP/Jvz8k/OG8W0OZhn+C6v6Lnu2eHVzhp4ZT5DjykWHhTNzJKK/4=
=8fmF
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-05-13T20:13:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQELA2W9MER3HLb7AQf3Vsz4dsANFqzI+Cxq2mswrFZ2by5dpih+HHKyuXgQre0w
R+3AyUi2xpWy5CaK/4xaazE1GRNds7PQgWNe2PyfBcIaybZcUXBeeGNfV+K2r7AC
23ADfZy5p9H/M2fF9Zv5CY1ChmYO4RNueLE035ZIm9Q+0HZu/W6tvZHTr3fvleVP
qo3/FO1ymUbvjbC33elKvL6bdcl9aw2l+0QBDyFEqtQHTSV84omE0Laagu4CUOrI
0Ouqh+Nhlh6vNbvhV8ZJyap/azmLBE8cBo/6L1wybY44Jmzxxei+ZYr2ZUirx5j5
w4Cxc1ikElJ2Dal4+ywTj7HdK5nROKh20eer3C700l4BK7b3FHndhoIilkgeTex3
aYsKiXvtRk2miUjn6SsDTron+RI8qwqXMfQYNcLP3tnI/4OMBs6o6h33xqAJLYKm
yEBMlDUcDgP57SmcOfur2OxsjRf0LDMp151kQsXw
=0WI7
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted
version: 3.8.1

1
readme.md
View file

@ -44,6 +44,7 @@ nf-sops-keyscan <hostname>
# or on a fresh container...
nf-sops-keyscan ct.local
vim .sops.yaml
for nfsecret in access nix; do sops updatekeys nixos/secrets/$nfsecret.yaml; done
```
## Updating

2
systems/aya/nixos.nix
View file

@ -6,7 +6,7 @@
nixos.base
nixos.reisen-ct
nixos.nixbld
#nixos.cross.aarch64
#nixos.cross.aarch64 # XXX: binfmt_misc namespaces not yet supported :<
nixos.tailscale
nixos.github-runner.zone
nixos.minecraft.bedrock

9
systems/kasen/default.nix
View file

@ -9,10 +9,11 @@ _: {
./nixos.nix
];
exports = {
services = {
nginx.enable = true;
sshd.enable = true;
};
services = {
nginx.enable = true;
sshd.enable = true;
openwebrx.enable = true;
};
};
network.networks = {
local = {

34
systems/kasen/nixos.nix
View file

@ -2,18 +2,15 @@
meta,
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkForce;
inherit (config.services) nginx;
in {
}: {
imports = let
inherit (meta) nixos;
in [
#nixos.sops
nixos.sops
nixos.base
nixos.nginx
nixos.openwebrx
];
boot.loader.grub.enable = false;
@ -21,30 +18,7 @@ in {
hardware.rtl-sdr.enable = true;
services.openwebrx = {
enable = true;
package = pkgs.openwebrxplus;
};
systemd.services.openwebrx.serviceConfig = {
DynamicUser = mkForce false;
User = "openwebrx";
Group = "openwebrx";
};
users.users.openwebrx = {
isSystemUser = true;
group = "openwebrx";
extraGroups = [
"plugdev"
];
};
users.groups.openwebrx = {};
networking.firewall.interfaces.local.allowedTCPPorts = [
8073
];
#sops.defaultSopsFile = ./secrets.yaml;
sops.defaultSopsFile = ./secrets.yaml;
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";

56
systems/kasen/secrets.yaml Normal file
View file

@ -0,0 +1,56 @@
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUGdqR0lBTFNycWJFZW5m
YU5WY0dQc01HQ0N4ZjFHdDN5cW16TXFLWEhzCnc5cTJ3MHBQNlp0bE5HY1hRcnpi
bzF3eEIxMU1sL2N0R3hGNUhOZWdFQUUKLS0tIHhSQzNRZ3lwV0o2TEs4elBabDQy
VG9hNEpQeW5KNTBvSTBsN0NsQWxJbE0KvkUsGZhEQ7wwuYrW7R3HARtH0/XzWLoy
6S2cdIzeuXKogXujv+vd4zzkO1tKuwxhfrhK1EVX5LL7YuK0n66AkQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-13T20:06:41Z"
mac: ENC[AES256_GCM,data:CBVQ8xAuOniojJdAo/bNvdDwi2QdZ4IZ/cgBDTQBrxiRlsukTcqZ+PvtR2bvDZAgsHEGuL1m4qTWPlBnFYBONZ5akomZ4YRAzlUd3OcpnEQn3RVQyGhimc1D8ZJgTeSam6dykt/IFpnGwPDxgwGqgRP3WqmLJn/eKfI18ZZusMQ=,iv:9n0wiYBh02eXYEP8n7RBPOcK5UBxo6r3iKBZIJ7GN6w=,tag:QwT5PR1tvqlawSw99lR9kg==,type:str]
pgp:
- created_at: "2024-05-13T20:06:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UARAAwaLDkpKHWq5hTBp1DQ5mxDYosBnTHb43lh33k94vm4g2
6ut7B3gRImMaKdcJ3fbrg7tTVpaJkVA9qHuiiA9k/SjFKas1Zj1k9KJz+vqR0m6Q
sf5lgfUDL+eNeCMcuuo8zLMC5vDm3bkvffdj/2XOxKy0uGX/Rodm1yz7QUFSoUny
eYpJPXEX1zsQ4abK/Ck6q+3lCunHv5Df2Rw5U4piLC0e3kFc0NsQCNd2CavmzHkH
Us9nVZIlSgs6YeX4fFKxQwpvdDCg2dzuBnzkAgXu9LpxKBiAXPDZR6ymsUqtsFPk
wIIWVZablhVnEE2AeqzP1h8XLcS2gtBV/ikAlh8Q5stg8ZwynMYGUs4UctqNLr12
D7FzNBdQVgnAdYR3hJIHTmVbKl1sKUcSVdWDSEZS0iQEHht8AxRPpoq69ahb5sZG
g0swYM8CIzS7MZarf4xu5Se2Oc6XjFGZXne0m+o+FTlJwt0HMgQpT7QUsuI29rRt
PU2CbsZiNvBeG7DNa8PxmOcr+RqgRieCxO7sqnXEaLM5DLw7goB1t/O0RhFwbh0F
iFEhb4EiIqctU7ZsdL+LL/D/AhOX2bRxOLh8lOQNwgbcLZqNg3CozPutZTemgirI
Au6MWj51GwmUL3nPF1uGrA1bTInpBQYFzHcQXTvmBl7a+oEpsMTJXXFi3grPegrS
XgEPu3/ymGRBbSzcfDqOTvynw57Z2WuqZhpRkz8zKnLLZvKXkuoCXzaXwkKBH3Jl
8bymsNSnYsx9JSJRihQVDwCHnKL1nSJVRwweQTH7IwSDpy9tGRQ49K82daOIx98=
=f/a0
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-05-13T20:06:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQgArIaJ05lMr2k4v07xGpsE0yMAcOXcgVUWBu7frgml2Mj0
vUQzyODyHc/C4bgzPGorQjeQyDN2ZAS8tLS3gkRuze/tF74uU/7cA6AgOBQ07t2G
kCgogymIWKbaLUJF52cuZUyWsyZezZMBFZ6JXvrU3XpX9Xd4GCBt7lBWZHWaDxLc
Fj9wwYFjwSltBhd1lQrLZOCcwbY/aEWaqM/mKM/9eo3tLzDA6nIEK0n4vNyBho+5
jjN85/3t73su/aMQO27NWsiwseAxGwlgCz3G9ib2OMG8Dj1DxDj5SeGJDFEeGYu4
lC1OhLcBxReVnCb/0fva0SWqsXQWDi5zIOQoJoY+stJeAZ9lpq8aGM295eK9m+Yq
d4eLzgf+BKB0lwqAMxLkyLhWJMy+Wrxw6c/Pvej7lmIJnnMuJ6hOIcXYwTnj6DpA
cQR8DVJHLHS2Tp6RKxZ/05Y3Rhd1BCatvewBqbv3rA==
=bD1x
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted
version: 3.8.1