From d92c986f8a4b429c3196b5ffdb92c54e46ff567c Mon Sep 17 00:00:00 2001 From: arcnmx Date: Mon, 13 May 2024 13:08:19 -0700 Subject: [PATCH] refactor(openwebrx): pull out common module config --- .sops.yaml | 9 +- modules/nixos/openwebrx.nix | 48 +++++++++ modules/system/exports/openwebrx.nix | 29 ++++++ nixos/openwebrx.nix | 48 +++++++++ nixos/secrets/access.yaml | 139 ++++++++++++++------------- nixos/secrets/nix.yaml | 139 ++++++++++++++------------- nixos/secrets/openwebrx.yaml | 129 +++++++++++++++++++++++++ readme.md | 1 + systems/aya/nixos.nix | 2 +- systems/kasen/default.nix | 9 +- systems/kasen/nixos.nix | 34 +------ systems/kasen/secrets.yaml | 56 +++++++++++ 12 files changed, 477 insertions(+), 166 deletions(-) create mode 100644 modules/nixos/openwebrx.nix create mode 100644 modules/system/exports/openwebrx.nix create mode 100644 nixos/openwebrx.nix create mode 100644 nixos/secrets/openwebrx.yaml create mode 100644 systems/kasen/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index c750e17d..cea91404 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,9 +13,9 @@ keys: - &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 - &litterbox_osh age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj - &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 +- &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku - &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66 - &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz -- &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku creation_rules: - path_regex: 'nixos/secrets/.+\.yaml$' shamir_threshold: 1 @@ -32,6 +32,7 @@ creation_rules: - *mediabox_osh - *litterbox_osh - *keycloak_osh + - *kasen_osh - path_regex: 'modules/extern/secrets/.+\.yaml$' shamir_threshold: 1 key_groups: @@ -102,6 +103,12 @@ creation_rules: - pgp: *pgp_common age: - *keycloak_osh +- path_regex: 'systems/kasen/secrets\.yaml$' + shamir_threshold: 1 + key_groups: + - pgp: *pgp_common + age: + - *kasen_osh - path_regex: 'systems/[^/]+/secrets\.yaml$' shamir_threshold: 1 key_groups: diff --git a/modules/nixos/openwebrx.nix b/modules/nixos/openwebrx.nix new file mode 100644 index 00000000..b417e610 --- /dev/null +++ b/modules/nixos/openwebrx.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + ... +}: let + inherit (lib.options) mkOption; + inherit (lib.modules) mkIf mkOptionDefault mkForce; + inherit (lib.trivial) mapNullable; + cfg = config.services.openwebrx; +in { + options.services.openwebrx = with lib.types; { + port = mkOption { + type = port; + default = 8073; + readOnly = true; + }; + dataDir = mkOption { + type = path; + default = "/var/lib/openwebrx"; + readOnly = true; + }; + user = mkOption { + type = nullOr str; + default = null; + }; + group = mkOption { + type = nullOr str; + }; + }; + + config = { + services.openwebrx = { + group = mkOptionDefault (mapNullable (user: config.users.users.${user}.group) cfg.user); + }; + + systemd.services.openwebrx = mkIf cfg.enable { + serviceConfig = mkIf (cfg.user != null) { + DynamicUser = mkForce false; + User = cfg.user; + Group = cfg.group; + }; + }; + + environment.systemPackages = mkIf cfg.enable [ + cfg.package + ]; + }; +} diff --git a/modules/system/exports/openwebrx.nix b/modules/system/exports/openwebrx.nix new file mode 100644 index 00000000..f7a564d2 --- /dev/null +++ b/modules/system/exports/openwebrx.nix @@ -0,0 +1,29 @@ +{lib, gensokyo-zone, ...}: let + inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault; + inherit (lib.modules) mkIf; + inherit (lib.attrsets) mapAttrs; +in { + config.exports.services.openwebrx = { config, ... }: { + id = mkAlmostOptionDefault "webrx"; + nixos = { + serviceAttr = "openwebrx"; + assertions = let + mkAssertion = f: nixosConfig: let + cfg = nixosConfig.services.openwebrx; + in f nixosConfig cfg; + in mkIf config.enable [ + (mkAssertion (nixosConfig: cfg: { + assertion = config.ports.default.port == cfg.port; + message = "port mismatch"; + })) + ]; + }; + defaults.port.listen = mkAlmostOptionDefault "lan"; + ports = mapAttrs (_: mapAlmostOptionDefaults) { + default = { + port = 8073; + protocol = "http"; + }; + }; + }; +} diff --git a/nixos/openwebrx.nix b/nixos/openwebrx.nix new file mode 100644 index 00000000..10d866f6 --- /dev/null +++ b/nixos/openwebrx.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib.modules) mkIf mkDefault; + cfg = config.services.openwebrx; + user = "openwebrx"; +in { + services.openwebrx = { + enable = mkDefault true; + package = mkDefault pkgs.openwebrxplus; + user = mkDefault user; + }; + + users = mkIf cfg.enable { + users.${user} = { + uid = 912; + isSystemUser = true; + home = cfg.dataDir; + group = user; + extraGroups = mkIf config.hardware.rtl-sdr.enable [ + "plugdev" + ]; + }; + groups.${user} = { + gid = config.users.users.${user}.uid; + }; + }; + + sops.secrets = let + sopsFile = mkDefault ./secrets/openwebrx.yaml; + in mkIf cfg.enable { + openwebrx-users = { + inherit sopsFile; + owner = cfg.user; + group = cfg.group; + path = "${cfg.dataDir}/users.json"; + }; + }; + + networking.firewall = mkIf cfg.enable { + interfaces.lan.allowedTCPPorts = mkIf cfg.enable [ + cfg.port + ]; + }; +} diff --git a/nixos/secrets/access.yaml b/nixos/secrets/access.yaml index 2c585ec2..a014fcad 100644 --- a/nixos/secrets/access.yaml +++ b/nixos/secrets/access.yaml @@ -9,111 +9,120 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIVlJmVTFKZVJ6Z3V0K0tS - clgyNEtMRlVKM2RybDNnN0Nja0Y0NTJKT2l3CmRXZHVHWTExUmVNVCswTm1JYkNi - QjhKWmp4dnZxVmJBdFQrYXdqT2NrbzgKLS0tIGM3Qk5VYWkvelllQmxMOFNZbTkw - djJMVjVqbWhvdzhlVW05Y0JvM3FHQzQKmhFhntjjR0fikS7b//dLSvdtkRyT3AMr - u8RSg4QpvejOTRKfJ8vsv2b654b37QrnLdFwgByzluJr1ETG92vLIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYkVhMFBvL295L1YzVTFH + THJET1dUUmdoK2J1cnhtU0dNQ2FoYmhKcUZvCnAzMXlYVXVqbHFUSzNZbXNwWFBE + Y1dJSHI3Zm4rQlkxd1cwTVc0NC9VU00KLS0tIGJDekc0aTMvNXR6WTlORmhnSy9G + d3JiSlZ4M0JvcENMS2p0MXNjSzFNOHMKu3Gycd8du0uf8mjVGN/coZT48YZMfz0U + Vqh57J9/w6mBX/3tukA06WcrUoghNLCIyBLRrCqKNjFD5jjbkVnaqg== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QjdtczlwOUJDUkc1QU8r - dDRBNXRZS3Avc09kVy96cHE0OTZwWDg1Z2hRClA4K2xyNjNkM1YrTU9xZE14Wnh6 - ZlhFK29tS3dUMkx2QTU4VzEwek03SzAKLS0tIG5vVnUwMWlGc0xmREtIR1ZMNW04 - T29GMHdaRWV2VTRiUXJMRzdpdTBFTXMKx7aF3X5XfNdXEJIhBRxwdXh8lOXOH+et - 2RcBNIsQURLBfZQ9rK/Hoy39+S3sKO6ECytAI+jqhEEVnNppUtonVQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWazNTUGZpYjk5K0RvU2Qv + S1NwY1JxcVNFSW1Cc1dZVWhrMkpSODBWbFRJCjIwcFRwSkU1dExDKzVEd3NFc0hk + Ri9jbGNIeWlMOHFFOG1ROXpUNC9MZ0kKLS0tIHVkMVkrSytwSlcyZTZnM01NcFVj + M3ZQZ2hNc3ZvM1Q5UitHTkV6bVlEYVEKfSOP04BRzkLx+2AurZhyxWNLfYYSiAl5 + 2b3PDltHFQPIBkEebZOuGHfAk2vR+J+Cmt+GeTqnUBSiqsZ+Dflg9g== -----END AGE ENCRYPTED FILE----- - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVDdGRmNrUFJwSCtYU0NW - eFViTmVhMlZKTVdGWlg3dy9wcDJhVDFkOG5NCkFHUUlmRkNYbVVqVFBNOSsvK1VG - c2pVV2FmK3Frc3dpSjBEd3oxRkpVd1UKLS0tIDNiWXlidVo3ZmFEMS9NSVFEMGc1 - bHA4Z0hGS3QvUkpVUVlTQnlGMkd1aEUK3yP5WzCUZeeLDTHNyVe2zIk4tKZOx59o - w8NTaXRYGkQp0BAc0pKv1IGRP/wQBgUElhWnfTsMbzG2+Aey+lrj8Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRGJTdmdxVWg5UG9zVFZP + cnRkUGRITXlmL3Z3ZHVwMmlCci9BNVAyM1ZBCnp3dHRyd0lKdUQ1eHFsdUNRK3BB + ZDUvNzV0Z3VBRy82YnhMaE5pRmlNbzQKLS0tIHJlSEgyTUpYRVcrZWpYdSs3Wkdm + citpcm9IblFRdWdhVkhIVGlQR2VFWkUKEXg6hX4wuaUAsjuVO6IachtJtSZDzE0+ + 03k189xkLnJPfr6LHhEtiJzOyUtn5/vqx0W1Lkt0klmK7B1KrKqUQw== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWXF2MUFtZUNtOTJaTG9a - RVJkS0l2cU0reEJIdHI2QkkzMU1CUC83S2t3ClU4MDhGVEJ0VEF2cGEyUXkyUmQw - YXhZNFNHUmJqQVRjOUtrV2JqdXhPbGsKLS0tIGdzQ1h2LzdLNk1pbGZjWU5POUEz - QTRwdURiS1o0YTNmMGlNdElIR0xicXMKHCnCa4KxEAmdOkbcWVz0i3BUJ1uSeZvr - ZosXjnKNZYWBqijECwWFAPkxdLRXsJs9RDq0di7qTGYhjQAH+pTvTg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOUMyMGpiNmV6Y0Rwb1RL + WU15bE9mQkFEaWxwQUVqeHg3VmpzWWFUdzM4ClFQTVpicWVSVURCLzFMR01ieUJu + S3FDQTlWTWZZdnRUZERqSm5BV25UYUkKLS0tIHIxWWpudVhLVE5YUGtHY2d2ZzJV + QXIzR20wMFB6OWQ3WEtIRUVlTlNheUEKInMjMoPI80gdp8kf3Wc5Qdz3DtDPKinu + KNQk1gJUxr2NtORSB7ZkkzH0EUqcNnwQja0ecolBo/btGj3I6UeRFw== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbkdsSFZObE9GZERzZm1x - RVZGR0tCMklmaTM2RnZKSEdMZGNlOFc4VkNrCkRUTC9FQjkwdkltQnh0V0ZVYlor - T1BHeVBzdkZpbm91RmlyRFIxUHRucW8KLS0tIG5iM2ppRmJuVWtORG9GQlVxbjNJ - UWh1dXlmSnZ5aEdNN2p2bEk2L3ppZGMKVBYG9SessgUOz6BzvNE/s0iSaDawSSyl - vcs+Cp+JAEFZWO6V7F6dpb65tl1Ua/0vEAXc3uwRbtW2IVyIYTmVeA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0S1pWcSsvS0x2aEs4R2lC + YXN0dGZuMmkvZzVCQXVyYUlsK0c0UTBtTFZNCkk2VUsyazEvblJtb0dGdzZwTjhu + V2RDaDdpTVFEMzlRQkl3REV0ekZha1kKLS0tIFpEeDdJSFJSS2lNYVo2Rm5nQWJD + S3o1WXh3ODZkN0pqRW50eUdMbWk2UDAKJL92IRFWli5UuVW9kvmO+vtnXiLGbPHr + pO8Z19/8ugOo/BDlIirVDhSedYjrkEQQNZIbLTshaogxh9eynmAbpw== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SU9sSitRRzQyV2FZczhB - UDBBVGVwUXozZDBUamdpcnhvekI3UG9Kb0Z3ClFYWlZPZWhGbHYreHEwdmk5SnAv - blVLbFBocUtTTmFmMXZyY1c4c2hxWVkKLS0tIElFTUdXbDM0WEhjVGlPU3BxQVRO - djF6R2kyYjY5OWV5NjFTQm5wUXJYMncKDu4SczknbAduRIdhsyM6zY++ad6vs6ej - S92xI6Av9lluES0kDEEyJZYqqoJOjXVLBKfBQFVwmX1su7P/XCOHxA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRTVhTlNManBnTjllRW83 + WVZSWHY2NVpYNXFxN1dPUkdnZW5mY0RCVEdVClBBZ2txd3VKTTFraVBqNEJFbysw + V1FFK1VhQ0YvMm5qS3hOaFZjMzBSWVEKLS0tIGhGWVM5QzBRTmxuSEdTNUxFRTh3 + Y0xsZmo0RW5QVUJkKy9tUDRoMWJMQjgKr9jxjvTI71kvJ7Eexhhq8Fdu0fDwUqDb + TRcVTP1xgUeMYnEgq/w4GVZcZY+aLMiPdph5FKikoGo3EGmwJjIMyA== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2VURXbFJpclIzRnFybnps - MS81ZXNKcjRkYncrY2dIN0JoUTc1MGVnbGxNCmY1UityMFdlMm9IQlgwRmg1NE1z - ZTVWTS9VQmVGRGI1S2huWm1zWmxvNGMKLS0tIExaTDlmVGN0T1BnUkdKdE5ZUkZY - SFQ4OG9pYU4zUGJzZE5ieCt3bVdLUkUKVFZ2l7ggSN8QwEIN0uRX/Tn2vrsmTvxo - /l3hh3YFNM2QY9Z5rtoV1jSsTFLUrRUNsY94FUNOzk6F3HIArC9AIQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0NHAyT2tJcTJpaDMrRFJJ + bmJHcHhLQWRNQ2JXWldqTWxvdHdlL2dmWTMwCnMrUHMwZUNzM1Q5a0FGTTM5UHB1 + dDNpVEhlMzUyd3VGdHpnQS9GQUpvUUEKLS0tIHh2MmRROGpyY05zdlNSamh1MjlR + cWZrb20xQkY3ck5aQ3kvaFM2ZTdEWGsK7XB0Nkx0PRT32J2wWlCBG0Ms0yD+x578 + rJ62h7s/diH/Al+I1+VqOdtEIrW/2R8XzRzXy6vaXAWiRKYFVjOw0A== -----END AGE ENCRYPTED FILE----- - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ejJaTU1nOXBZZDBmVnhw - dWd3dWhrbWFVTWVJNUlBaVc1RlRBemFzL2pVCktYdXBjeTZPR0lGK3VKcGFDSmZH - M1VISFlQOXZ1c0JqTFhSSzR4VGh0Q0EKLS0tIGsxVk8zQVJDc1JNRVQ1RlcvWFNx - V2VrSWMzcG12TFYyMXFDRm1KK3VVQ2cKfTEG/qGly/ypBfEYEYviAcjGudfvyjZx - OT6MOITYPW+1lrU871lM7VZJJTKjnFQV2df1Ca5YQNSW9EzrWcgtcg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eVgyOFRVODJWTUQ2N0RI + ZklrSGdPNmljQkJPc3lIUitSNWxDWkNxc21NCnpWMmY1S1lHR1loVWQ5dGFMMlJS + cW9IVkE2Mk9vRDhPOThSekF4VnJ1dUUKLS0tIFd0TkNSYWxBZ2RaNE14UnlBOWtK + WFlwemFRK2NYQm5IczdaY3UzMUxLUk0KBGPbsH3ufRLCFIXUsFrRuVCIC5C/HJ3v + xWfpI4GnRBAl25RR0K99AvlNl3XneEQvVcyLVyPsxVLIoUQzEBEH4g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnYko2dXNxN3R1bUhnRkZ5 + eWx5dmtCd3BJdVN3WWxhUGpEdEdaY1VyMm1nCkI0K3hmQk9qVVlrWWRVNXpoVnNq + ZHo4dnRzS29aRDJrdUs0a0VwV0NrMXMKLS0tIEdkWUdpdnRjUjVTVEJlcGozVmpi + eGx5YUpDMUxWVVlPdk1RRm9oaHNDbGMKXodkdcuKNpQrSvQ/2kkiEGWidmRtp+3/ + bDnyhWgRTq/bGVRmuK6VAdkN/mL1GBKvz/RMMFVdK4hDcFET7u5dug== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-01T16:50:29Z" mac: ENC[AES256_GCM,data:humfCS9LaB0pcAObLZH+8huTED1/eW6ZtR7PVZ33JPrTJhc9ttorbsfsVPGjsd52I0RT4cNNk9iRDGSqNvgCP+BdvOyILDRA0kxKvF3XLX76Iw0v5jWlPBUts0Hi5ch9Mzn5abN/w3E/5D7z1OMQN11kroJtVpnQMdPDza/qK4g=,iv:UNHN2BYkC0AShqtB7gRLIBYqYwASqVbYhA2RC1dSWYE=,tag:Qo/1LczVrlTHFvWkCG3GIw==,type:str] pgp: - - created_at: "2024-05-01T16:36:56Z" + - created_at: "2024-05-13T20:30:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ//cm9rYFWc99F9A9X2U/Qg/44MZhuthrxiRtZ7IUECn+rv - JTUhQTe5p2l+CxKznCef1+L03aP1Iqh86YDrEO+d01HG6/NSt4gyViXw9suJM913 - bdcZUz9YHpvyvsoSLaawxI3upqJykKx1ZhVgnMkJCewZ7IsEoMRlv9U1ofxzbGBC - dvm60l2swE5smdXiZeRxilDeGg0Mf7ijhMhhC4iniJS2lVe5vTAg05uBA3lJUVr9 - GLpUnY8c+0MWlEo5QSFYlWFJ0qVPJcR82vVhAZVfcPMtqmtqS3MpbJvFR/2krZjI - 6y8QPZdLnZdI0j+4BW5m/5mgFFBJeq6y67j61M8uP0Bi6VL7Z+82oeVOwVjgTnZx - cfMlUdzOwkXyC7roSLV7U/Suc61es2PG+IulaMGbgVAQIB8gl4oUYgQcvfLJkqxv - UokSBWyoyrWGQIae5nQOslLpPWBaNi54W6LZcAamAKmQgSlD/wTOSrajrTi6lvX4 - VMMjPoyLNkcu1MS68Ue4M4wsw8B/Da+TjkatVMgm+D/Dxmvl9iaMKc6diec92jUt - so5yZ/kf7F7rfglbvsYFyLeRNenBXrWN9PicmGLjKJQPV7Agdfg35ywbhcp6cUqf - QDmO+5G4CsgLy1MNPczJKXsvrIGltWU0evzoMbPiWXiZvUKQwNW6g2a1FGiTVEbS - XAHgjFs1QAjzaWB1+bjCmt8m0+pUq1wtqT69XRgwBZu9Xb5KDR/h1OXl2s9qZUcj - 8oi8OIZIv+yEPXcZYm51NQg0IB9qtwQpxya4TuYM29cEFQY4/ANAExxK2rp3 - =BJAs + hQIMA82M54yws73UAQ//SLtt3YZ5qSrcqiT5zalPS3UXskojlZlc0vlJmKN/m3Ht + iLPt2rxNqNkKE4EWUc1AT5s08aushPDEPhILcLMoKO9EzruLS2+KlRRfYRgVEa+N + Iu7xjyvOvtpb1Wg8srgfQbgH4GcKueiQjMOiQD8hcfvm3gml6iFYMqGEl93dcJDR + 15EOL93nG0nEs/StZr4ZR8jSuF3h2MwsYjJvHBuvyMgn9a4wSB5PCBXHmph9RhjK + V89q2L6VROdoDXKtTbPveqktEcTBExRO4twnvAnDp4Y16KamPV+sf0RPi1lKDP3Z + n0SFg3yhJjlIYPoOzCulDNTZjEHDNaYNMw60juPW5tLxDkZYRiZACvLYvNGhm2ke + l00MiK4YRX8pQeVk/TiAvLh32jW99X/znbGrL+JEfjEJlUikWVgyfGEccqocsG9P + cPTx/ErxDUa74tgCQXxBnU+tFTRYDSXcvqalfD81/1KQtiafu25oAb7qu7CUtFaQ + bMw7KsjND6A8zyJfClZMho4rzc551rQF6/xMBEAnyqs5gSkctJ/v01lAKzztHZCe + M2+5acWSUKCx2YnKAiQG+3jtRx6LFKS/lmvP3uyALndc6lJnmvE484RrY1lHDfdE + xpJcHK5X9cTwip8kK5+GrHbZz+zv/CiqnmiwQpNG7wlZ/WsG6HB6aCHHuezWsmfS + XAHPTUROKnRoJz3W9q8RI0N/+H24vrIIPydMBw0JQn5Yws2TmYhCloBM622XQ/OI + G61pUiglAcPbs62ftar282z4aqFHrV29xgrLNN6D303u08QdwGkacWDZCVP6 + =4xiQ -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-05-01T16:36:56Z" + - created_at: "2024-05-13T20:30:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQgAhiN4+xEOSyWdDOKv9vAlr9R0lTRewysTFa7cWynDntix - FNHapgPIVp/NatooTUkE6RFJhnkDC+6HKwDwc25NuD2Uoo16BxWVUZyzVNUYboZs - VEJbXj2WIe/4iyxArCjlBaEoLrLqQ4bbsZb2kye3C8YOyH+jIaCbb/cvWyzuHyAj - ENqGWKehhVy9hP6BN767hUfcvBvU12btN35ieGSe9V7yG56tTA467V+htXx60zsU - uUZ8RFPLpZlDylAbarNMcevhgRF+/8G1uCKjN8gJkn+sJtKFQT7YR5HgHg6LKuBc - 0dYqgzsp9NjindHjX0/WCofwEG+HXjSMDK4GZvC7eNJcATuWAaYXRIpoIYOBS5yq - p4FttSfgo1CWKEhOVs4IFn6XuzzyteVRYhxFMj+/ojYsj7NkqnIIhWe7nFSFYHOE - ye+hMG1+ncrArTuIlH0c0KO7UqCEKQNBh7TKJuk= - =T2l/ + hQEMA2W9MER3HLb7AQgAlSL/7pQDNiT95e8VWs6LimiQVULZkVY7uN8uIuNmBk9U + 9+wMLQooqjSB06OCaaBSCVVPJZgwCnwV5xaBqIRmSaXZdY0zkBhR6RFc/iLyXQbl + kd/AmS+9aTl4vAtCm08L2Un0zx0MBGVZ9Qw2ouOpFizRrX6TvaYxws0D+ycAvX4M + b21hS2pCjbSIOLbGS3HlSLCqujlRxI7hcGbOIfCqHt4nWt69JOU3sQBSXEltBop4 + CjED2cY/bjvLQ58CGSrthOu95pql0dl4uOT49j6AROWiumm6bIsTmrYHukb1QsVO + GadTjeiCXUKsDhNRtscgrVVIZB5yWrhOX9R/KhyR2tJcAVND6vtnZ9GX4LM7Dh39 + kcnZsJz2DvjmAp92zbDTx0nSD7+X4wAjoXxlkZ/kCQASQ1kKdiRc/3Loq2lGJzSM + XbO3wVy2whtczRa7Ya9axnM+yuChlAoEfWtnzHQ= + =IlrG -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/nixos/secrets/nix.yaml b/nixos/secrets/nix.yaml index fc86c6cb..b869a2ec 100644 --- a/nixos/secrets/nix.yaml +++ b/nixos/secrets/nix.yaml @@ -9,111 +9,120 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbTV3OUJSTlJXd0VyQWhu - Y1JiZUJhUzhBUWQ3YUNROGs2MkE3Y1pJSVJBCkgvcFpKOGw0WXdiNnFwcHRzMVVW - T2dRdjM2bFB3Z1pzOEF4Nlp0MXBkMkEKLS0tIGlYb0EyNUtzWWI5ZkZoWEFDaVVm - bjROajY4Tlh5NmJkOFJlbnJuY2NlUjQK7VgmH6UvjgM2+aIlbcAtN0WTundKZlOM - Wpe9t1lY1foUA4claxTtfw0iSOPi0z6mUpeJUOFayzIHm9oBXetQMA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QkpqSTQ5YnRVRElnUUpw + Njk4SlRwT2srSEFGeFZwRUtkWE5SNWpMMTJNCkNBSU1yd2RmUlpFRzFtZThWSDYz + OHZ6SWdsY2J4aStoZHBMUGhzelYyOWcKLS0tIDNadTB3WEpldVBzZHFhS0ZVeVNP + cXBrUFlFQVgzNFNoWS81c2x2YXpoZU0KTfLd64jGWDtptsMbrXnpEb1MpYCYO8xN + ihaQxLimPZhYwU6HitjZBLWDoYtZ6RX8qQAsJLiH+qzxepQavfqptw== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYkw1YU05WVpZamFxSXdQ - RHN2Nnl0UkJqQkhXbFE4eUxQV0s0Q1ZSS0djCnVRcytxa3B2dThodEFzN3R3QWJ3 - bjJkTEJhUFBiV21sYXJ4dlpGVzFQOVEKLS0tIGF2VmN0VWJTeTVmSGhBY2N2Wmc2 - TjVBQ1VlZ1UrZTZLMGVBODdLU3dsazQKz6oDD5kcyZci0Gbxpfu6bRTKbsj69jyA - 4uYy8XM22YxIKe2y9P2BqEUYVTumCPdt27qSbFj8CftfwWDKb7WRlw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NWYwYUN6Y1NSOWI1UUtP + L2FRY1JoT0lFdkpGTzFweGlOMjBsWUdjdmtJCmFmMW5ISm9NbGdYRXdTY1p0eVFZ + dUQ1V1pQK2IzOWlKaHlaM1dCR1ZwdVkKLS0tIDB3RUNOanI0QnNRNGo2cDJqdzBq + d1JtbUFJRHdLZDc2S3VQcCtHYlQ1SGsKFsJSSr3nyxwPnrb4RH0fctsl9C5V3cf6 + 9lxh5qtDEa2JWrSx4QDRGXRPPG/BiB4aYmE/KgyM9mSQPG4VX9M7/w== -----END AGE ENCRYPTED FILE----- - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNkM0cFFGaDFmZWNZZXVu - eXNWOW9kcWEvSkZyUHJXTjdVQnN1TVREOG5BCncxVU5tUEgvR3IxY01Iek4xSWdP - SUtuTEhucTlqUTc1Y01hZXd3c3NkVTgKLS0tIHdEWTdYYVh1TzB3dzVMdEZSZ1or - ZVd1QmVOR3hveTdJSXB5T2hXamxTNm8K1/Em/Q1A1PxvmJ1zofd2Rh1h62oNXnEJ - qb9r7ktbcnO5t5lSQQGNPmZapkRlVy5sV0toDkDCBppeAfMkt0PP7Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNEdwamRsK0JsMmpsSjlF + L3Z5ODh5am10QVgrclVjMExockUrczVrT1d3CnhaVTdsOEhmWm5tMUxCN21NRE5I + ZkxkTW1UK2Q1MlBxRFBaVUxsa0JKUTQKLS0tIHYwOGFXNmQrUzk4ZHpzNFlmcGU0 + aExEMVpoZ2F0K1d1MkpMNDFaMXNUV2MKYu5Dif3BfpMPD4w8log8bBEtxS09f7T7 + bXH/sS6QWBS8F+syHZzUN4KHlBUHwZ5fKrj05sasLcLOojEULRdPvQ== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5L0J5YXluMEtQRFh2T29q - cmtHM1Mzd0FPVHpGcndrbVVBUHhUQ3dndG13ClUwU0NuMit6UHVDWkRVaU1COWVN - bjhsVU52ODNtVE9jMVlENWsyaHdrUGMKLS0tIGova1pUbXNFa2dMYjhFU1FjWG9t - bi96VSsyaEs0c3loQ1U5c2EwbWRRdUUK2ohDFtsQzl9cWxB8eVlggfLtQmMEVRvK - 9b5YPZmQEOmMhgCfXi30wXxUhpckL8v/x7zmojNOoSF8OaLY1xc4TA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQWh1MHBoK2hBeUdmLzh4 + RythV2xud3FldXo3aWlWSGJ0cnRaTGRacmgwClk1cTZUZThtU01IZWtEdGlqbWRj + NVhDNjRldlVEMlYyMDhsZWNsc2dLb0kKLS0tIGpyTU54RHBMU0FBM0NIOVhtK0RJ + S05MM0VjVVpudE9DTnJLWGs3NnVkNTgKGB85U/EWrFXGwPM/x8GWFYCh2vPK4chS + UFRp2JH2v9W9dQHk8dhmxxQPCglsm+u9KeDTCgYp1HLtzTXy9G7qWA== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTk15YlM3QVFaRkw3bnAv - ZFlwZGwxdzJEQmlWWkFQL2xmTEVqVHdqYTM4CmFCYmhUQWJQZzZERDA5TlRpWWx0 - Z3lpQlpFbm5EZFdvbldFaE9tcitKcHcKLS0tIDBGZG9PdWN6NHB6MlB4MVdudU9u - UnJCVUdBWSs5aU5FZk5NbU13a2ord0EKrZNqN9rCLM/0EpaHkHldeHWBO0/O8m6S - N9b90JTgysNyYUQ8Nxp2AP4npqJZutxnwmrlwrYjnrWur2pp5iHiEA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJN0RST3VZRndtMGNzbDZ2 + encxOTB0Wk5QZy9xZHZPYkMvZlVaeHZ6MG5rCnpENWZoRm5KSU1VTHhOWTcrY1BU + VDlKc2wwU284aTJZYnluR3F5V1pMMXMKLS0tIEM5bmZjbzhLbGhRajVVRUlrZ3BJ + Y0tWQUduTWg0VEVtZ3JQQ2tqd280NG8KMbnuJdgzBnkPSye5tOW82nR7KlRrW1rM + s7S3iU2PcW0uFCbHX+HOoL8p8yifTCPd/FHct5fuKepZoCtYwf0ItA== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYWc1aWkxZHBZaVBLUWxo - cmQ2YmVwYUtZcUY5djRQMTRZLy8xYWs5S1NRCkxLMW1rZjd6UVM4dWpGZ08ybDV6 - OEcwbE9mN0FXTHV3V0VsaVJSUWJ2OGMKLS0tIHlFQiszVW5RMjgwL3BCQlIrdUND - MTJyYnpBTU9xSDVlU3F2d1o1WFl1bU0KsbTa67oHd26ECBKUMBBa7AwVci+H9U59 - g6jo9SQXpvG0ot6vT6azMTXpbcVBqxupJ+JxXALCY+Hv+9VPDBZj0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOejFLY1hKd3F4bnpDSEQ3 + Y1hKcGNZRUtVOVNnVmZNUFN3WncvTUtkc3lJCkRSWElDVHpEdmRkU09pSy9lUzBz + VFYwSHRsMTBqc21nbVY5OVRiL3FidjgKLS0tIGpOeEpDbVQyRlF1Zyt1U0h0SmIw + V01XVWg2MzdkRnUyZno1dk04OHM5alUKrghJcr7M4JRLat314LWfJ1weiSfIVYeI + ZtUCyrbqnuxnviS4ouTZhU6mCcwLITkVg3CKfFmUs4mJL9w2kuRWnA== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUWR2ZHVuMFpaQ1c4M2th - R0RRNW1nMGJ2d25LSU9HMXcxUkp3WTNYb1hRCkhLRzlTam5wTGlxR3hISEQ5aXNM - bUo3NzJ4N0krMzVaMDZiU25VaE95eFkKLS0tIHhOYzZYSGZ5bTU5aXBQeHZoQks3 - bVp5OTgxSzhlbEtBUG5Ycm1lWEwxWGMKF84ttcAW6sPkoOieod8m8eXdsP47WH/f - WE9DcU+Bxi8Fgr5fwjMnG1R/WZZM5APZdmKyUb0VRKbBB5ZNbbFXAQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTXVuc2dTdnVpM1owMHg5 + cVoxR0NKVHE1RmNpZEpvMmdvRXI2TDVQdTBrClFKMmZ1cW9tcHRQV3F1ekNBYWtj + TjJWdE1DWWZZVmhDM00vclFDd2xlaDQKLS0tICs1K3ZkbXZ6UVZ0VlZQdGJuN1JO + WFh4RFl4N2Y4R0ZYNXZlMG9HaTI3ZG8KrcNtQvEBSKCQbRxarrVhXgbISr+JHdmy + W5S5aF9qXx501Tj3zJgrCWaP+7Po8XG83LFZ9cj/KnMqkikS+ydcwg== -----END AGE ENCRYPTED FILE----- - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU3ZOdkpGdUJqdk5GMyta - VktNN0FoS0dzUnNTMXlFM1ZEcDJEZzJLMmtBCnV6eDZ2WmJ3bGJYVHVFaHoxTXhh - eHVhQ1RqazI2YWczTUd0eDd5dm1tY3cKLS0tIHZtRDJiQU5ncFZEbXowYjVvN0xm - SHVTbGlMbkszVVYrSGRiWGxnWGpiUjQK9QyHonMrnHZ5pYUr4JORFl6rE9xWds/M - 9Afb8CpvVTFHRFRDxmv+4CmZajYfwrLmZcatvVLgPuxTnoFuMMjozQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK0d2ZE1ZQ0xiTmtoRXhN + dk1TMGltcjlxUVdBbkpKU05Zd1FrRHg0cndvCjIyalRxcWhNeFQ0UGJVSUpuR2lN + clVqMDdkUHAxdEtPc1RTVndKVDdRRzAKLS0tIHVmdlBhUjRSRDVoRUF6bnFNdFlP + ZVI1Ny9jenZWVW9GMkdOMU1XTmtpN28KfTFGcLkGvvqDFyIVX5dIN0l0SCSjlt+i + A2G+UJnGTGZm32gLVVWhfh2iK4y3QXPwvxxgifQ+ZoguSzuGz2rRqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRmRnbkQvMGZWL2FkbEFy + dEN5dFY2R080ZHRlakUySGhaY00yMVFIRVhVCmIzOGQ1bUpLNXlvU1Z4ZHpucjEr + ei80YnhqSzhXT0w3M0tpb0U4UldTWlkKLS0tIG1iWVJYbmNxMEJGZjlKR2R0NFp6 + dFJBUXY1eTFpQk1uMG9PUnVHN3NtZGcKYgtAHBFc8cUjP/qJa8X4amEC76NffW2e + xHwa6sbFMSS0Sw0Z5SDCBdv6F48k6Yfb7ALHlbX9GzJxCTTbY/FsVQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-03-14T03:48:48Z" mac: ENC[AES256_GCM,data:u7G4YsCFxUkgOsKLRurxlEl358aLdBdFOrOtO9TUu0JUHRx8QjPcYgfHgHFXqNTfJs+0kVvcbAzNJxNAIMWRQrVDy3+i3YFlyTcDAh6CufkIXRM6fxnX1YHzZGEtC7bpBASTpSgGJzVt7XqGrqE7v8H+q63MugjHYsKtmIG7lO0=,iv:0Zrw4+Cmfv6bjn3lYoinkYdj/TinALpyOFP7Nd8w9MA=,tag:8gi04GcF6JCBwfmVEulSmA==,type:str] pgp: - - created_at: "2024-03-21T17:42:29Z" + - created_at: "2024-05-13T20:31:41Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ/+LqogxiRV/yhn33FEzz0GXJ68Bkrhioqvivpf/pB27k9R - tx2hqp+RzYWwcXMTlHe9bDJErknZWRhLXthXer2l01eugheOT+BhYRuolM1Ib55c - aFLJ9zeqr/U4N8qcq43mQw6D+GnbS4ccXju3fzVmq1xB39fEVhu/+xyCTYSaQcXJ - XvCks6KkcHQBQGaz2Bm1CluJ6jRvovh+gEKQsPKZ6gIGu241VXfgOPCFnOqHqrEE - rEJ9BLVBraalojhoRjC6fg7KBOxt9LP4BGWIvbp4xqTN3pk36vZOGkxVxtkPB45J - cyDgAFm1CJan2hNMeNWFZsc4em1ECbOe97vTN3sSwWa14h8tuFISfe+Y9RXyjFMp - +joJ3l9/weh8rBppcdLIRKpfTeLRIyUpkB/uFZLyxAnroHva35/b86bxb4cv2ChQ - XoMZbrzKJstMSqrreDrWf0KK1qfm4yjVvG79fXhNlXRCKotjLvDdAmgef7WNgjS4 - WtozlQNGppIGv26ZrUSxvuJ4Rj4Tplmv2+ZCHrWVql4AqFijLCH7YmAOIAz/4nhY - BdhFvG87USbMowgl865U6IxTYFfEHcnnxPyk7eLK4oEih+F6XNA8+AyoynEVKl+p - n9mx/94P4KbysF6lK9EclyuFkKuFmU00qAGF2CyBhsbAZQ6ap0VTQzMvIKVZN/vS - XgEyuU+6dgwQ2W92IEmNkqLCqqL2ou2MaQ5nqeCLkK4BK6TVfKBHVJ8gOxqxPrNV - nNURna/Hd6q4Pl9knhiPj4IYIWbJdMYjc9ypYyl056Qn7dwgEQ25+f4bkwzAc48= - =3fm0 + hQIMA82M54yws73UAQ/+NDXHPt8JBAf/m/nxLpF/j0aqWkyvwy30brq6ByFf3/Py + qE37Q3yFYdnxwNa8r5uwow+CQfBfrV1FfwCoLikFVtPfO9zSdpP+61gwuW6FNPnm + hmjkAk3NFQriFs7DaXPtiwMbiPF3PsWb6yfXzUzousqpSQWr/9QyJLfqRidx1cFN + QcZsHj3N0YnOXuiIdSy9kQ5Kog9uhgP85kUB881wQ/Me2DWq2UxcgBspIK8T53u/ + NM+odhNY150ISQUHiu4UMKClMo7Z9wduWylWgBLe/zvTh9hXd0qnMbiYFTHcF/do + PfdYeYyvCjLW8QncLfsnm3CuKk+T2Wv0VVQk/QAvt4LAcxhoDNEzVp+csZIapgHO + 1KH4Kp2NhEVMr0ssaZJdDosKM9jAWO+AWc7eHPSkujq+Xp9nYo/gUEJQ8qLxu9ZJ + J/1Nm3q7CdaoXuGjk8OlxbOaym5eHOODGRbdQt9CdHP+uDg9BLQOgsVNAC14b+O2 + MhTKDu6u0A5cAlwxOCDLS7+sZRNE+W/ovkdFJFeYp4TbKLQVw/7qjXTGS7YSW2lJ + iutXyGIY/JZ9PoLRNl74I3mtBO5x6gna2d9JV3karaQG7df5TfafbT8VSWoF0YGp + xFWQgGOKsHSZng5XjepgYj0HaJAeNjxUb9l++h4xXjLDEJEyn2jT+Y5jRIhhMVfS + XgF7Ha4RcsFvooCef6evXTtpwfOUzryT6bUP3ZpVbo5yDJ+0IDqD1Tu9dkHeM1Pg + omLTazYIoorZW11YfA1bVZVaCu+8wPZV6Vi9uqds6QEpCbGXzKmJn6JIj80i/aU= + =BTfV -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-03-21T17:42:29Z" + - created_at: "2024-05-13T20:31:41Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQgAkNNAoVsyQsOftg7A7/Mh8HR2attXDr1vbkVr1Z4b90rd - S0JL6EakdQeoHI2V4ieYIIDZVKX1q7E3hhAZbfaVQVIRCbhTGfQh3i9V3KtgAiwg - 9AuHSilMTkIUXdJeqE5/SJcNw1DMIzCImTE8iqYDEY6T/QuGjkYhLHiTgOAf2gwi - Amhwx0kuTcJ9XZ9TJXO3DCQ+joaahXtT8tX5elw5DAWWh+lREyi2a7CksZ8CkDLD - aHid7ULCV9UMNhqqPj6WNgseyaGvABiJLd87OxaQWfzOZdW3B/Vpjg0bR9JClP7x - jTOgxg1jc3ydEoOvuJZCmugV6oE/zKBsO5N/Niiv/dJeAcLfwtL8Nt/03O0ZZmuv - ZV1Gnjj6nB6cduvVW8aLSxiLlyJCkTGgtitFDYfi+c2gyaFiSn574rMkPlZJPI1w - X1kbflBqftsyNcpouY5QkH3qjihZeLeGOT90LTgLpw== - =eT3V + hQEMA2W9MER3HLb7AQgAw8VwWKfJckGHp5wzvUdkIq4AFhGH2Sc04mi4eVLYsiZU + wy+tOmNU3/rB/Y0WuyfCd68EQTa0UKKid2PC3viDsoNpqYBvbwjOTZkEgIWUUHtu + 08jFmrOIitOA3CniFioDLT04DnenMD6K16yqCprz8JwFv0DD9Y0BlkHXjzsKXeBV + YA4etbSSksgb/71JvNx369+iAgFc6gdAvlCPMbctbrHemeORe1069PHXm9EA7aVy + nrancnGyjq40EItpHeP9Uuj8tWV9c04zhC3mA7lCyCfytYWaPIOGMnzywhsoA18M + O2gbletY8io6TkhUxxyOBxqhvI8ceGqkskMxSUBaHtJeAWpPZT4t96L/uH8PBPGs + eg2iXE7hWcibcUiDDvB6mKywtQLtR3hvezYw+bQj5SEYfSvQnCM3oyRbsQKmqYbl + 5uJ0sdyIg8JxiyahGAep7036fQYmr7pvGRk8Y0M6NA== + =6YPL -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/nixos/secrets/openwebrx.yaml b/nixos/secrets/openwebrx.yaml new file mode 100644 index 00000000..ed36d05d --- /dev/null +++ b/nixos/secrets/openwebrx.yaml @@ -0,0 +1,129 @@ +openwebrx-users: ENC[AES256_GCM,data:MqPnVgpNgVPEnD4NaTEd/+g/njg50WdCgLPe7prWi1LoV/wQtlT7MJphMMDjiKhky6AbzvgbizpTSGSXTi+owLxRQDkn+Yk0u4QzaMRggE2zgG7c/Cy+dc918u1wROyyJKJYydnhFB2PsIRK/kUVLl8nwcXcCnWAE3VXZMChWE7wallSLm8KLUSq2oNocMqNIuvWY9h+gdZdY4h6h4w4quj0WYYi6bwAN82jf6b4OiWvvQ0ngrNR6SoPlQ1KRpE2jlpfN+k1/hUqA1vO7iORNoxkXCyiQkIMdi3N16Ez7D7zkWFy3+ZcoD9xS6nXaUeXxQWswMY52TNsQuZco33aRinzLcuAst9w8FtccuOCeXkdCwrHbdNhBuSLsT1isCVQXkcdv3OC+7ai0kEp+KyiMNydvA5uA7m4/S/0WiPd/WI51MbnSQqEWhmS6j8CbAD/Gx9Vn4QpSlSfEpAtPVwcKXLzjxNXcZj25EsvxzLBaJQLm/vJ+NpBpLss8VoYtCOz5GqZo1ZfER5lelfdaEIfyfS8n54qUWs3z9UMSSSurj+4z9+dGAgJsDM+P/L6EpYINPIGtq5D4qFafnJSkoUVya/oNH4FB2CHHfPGxqkvA8hfvBUf0B5lOGmX3w5tAMHDWfyEXHJ4yjc2eK3u8l9goagzvcCqTdPWDZG0TQyS96k8qYaNismPTCuDryEfEuQ3mbA1VuGWlyNsEoasMJaa1/RAnZvYpxl28Ykdsbe+6oxvmk/6qWBEb84wbdfhc/MdxznlsI4xnHo6+KAT5peAOVaeeOIwMu0zfxxyWmVaq6g1Ch4MktJaQKJRsVO4IhVFyTOzfAgY3MXDsYzQXQUw+Y428M2Ag8jsry3lP4U3Oo0ckyjWdDIF034ZTa9NgZYOCKC/eXuZ+7X2HHasDORryhX81SxEgQGuzxHN1JLmRp4GI74Dj8SFilAs/cSS4s8KTwBrkt/BI8mwxI9e1JegM0TZhpHte2blkqqh9utsNVGw,iv:B5s4i5n3+ilhxwCDOS051hL5gmvjcVkk1UZVf7jjKUI=,tag:92iX3q7beJ7oDcWzrrbaKQ==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbkVFWGJsckhmMnNHWlB1 + bUlDdmhNSUhKZTdiRHYxbCtHb0Jxb2Q3KzNJCnl0aHpIYjZJblk1dmNFaFpoTHJr + Q1VkOHVwV0NYWWo4RHRic0dUSzlRZTAKLS0tIFJLRGlGRTlWMDNha1dqRnRSYkhM + S2VpYUNGeGpNZGZDd3ErYjB2QkNndTgK7ConoF0EJ2caKVuLQ5Zt5EEhSDE/HQcL + 2djX0vPViLaDBKAwZxKpxVc1368axQKDgNqz6lIng3P0Y3sqVjYFsg== + -----END AGE ENCRYPTED FILE----- + - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsK0IyUkY3eUJUdnZLVUlK + QldZdDlVQnNrSUlnY3hFZ3dwRzBXcDQ1UWcwCmxDdUpVeVZDd21LeVRmWVVIZnJK + bFVocUQwYUNpclhXbGJ2bGZ0dlRkaGMKLS0tIDJmUS8zM0xsWDgvSTlqVDN0eGk4 + TVF5UGtHMm94Ym9pOEdDZkZzK1hYZ0kKN+0df9x+jtjgB2WzGGBIh9x9YRtruUhj + yg+yyVK6RwIoFSzSiFPkYAGRGOIgPjPj1LCxcIGXvDwAZ+6r4TMHpg== + -----END AGE ENCRYPTED FILE----- + - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTzZLRlpYdkpCQnBoTnBT + dmltVWZPa0dOQkttZWhpNXdHRjFXRnpaSWlFCnBzbFJ1WkEwd2RSUlMvMGpxV0FL + QUI4eFlvei9WcXYxU0t5UEV4U3pxdkEKLS0tIFlBckpvblh3ZTNFUTlJTkd2NUJX + Ykg3NXl4czlTZFhKSmpLYXR4Qjk0MlkKYU/7abutIFwzcfb5Yb7yAcbQH4s74l+q + vYglUC+YqH+M77oU0ILqqECy9oYSmeE3WHeN8JA15LBZuv693aGrew== + -----END AGE ENCRYPTED FILE----- + - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4b0czRnUwUmtmYmlBZ0pt + SjhWSVpmZkRlS3JhZHBIUzhSWmtlcmRVTlVRCmZVakZvWHg2czZYWUJ0QWs1RDh2 + RFFBVkpsQjZVOGVqRTB1Y2Q0cUx0cUkKLS0tIGVvWGhCcWpONUpydG44Sis0MjRx + RDFCS2ZBb1RGUFVQTGo1RXVkVWQxZm8KXuIxD8XsPlW4O/6UgU11VK+LVNrO/VTe + aBlzeLJAFYL7Q/7gVlJ9Zm/8VVZjnL5ycYejwe580QfoJNUbj0SW0Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZakxRQUxka0J1NzQybVVH + b2xrQU9TWll3bERscmZwYlM5SFlEYm43VUhNCjRDT2lVZkt1anhzdDc4L2daYlI1 + ZElTOUV5Q0ZGY3l5N2EwRUwweWI1ZDgKLS0tIG4vVnc1Q0dvZjhxWVMyODFBVkRj + VUV6RmgyZXRpR0pBZWM3N1pHYm1TUEUKnqFigChvUvywTM0AiP/joRExpfrJqd80 + oLAV21vLWLYN4NDgb+iJIcKi38I2dnwtbhKUe5qXttwLRCOx1PDjGw== + -----END AGE ENCRYPTED FILE----- + - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QzZHeUhiNGh3Vnl6cnVi + TDRIY2sxNlJYWktQR20rRjlmK2pyakoyQ2hrCmovN0pxS0xjektsdnhsTVBhMFNL + aWdNOVZyQ3R2dFpNbUVtZVo5Mm5kbGsKLS0tIEhMRzgzZCtJd2V5UWo3bnRmV20r + Nk1MNnVHNnZ0VlZvVGJ4ZDd6YVlwUlkKujDID7dUuTpeJVIgbTQcvQywjnCqpt7+ + OV8Tmpms+Gdf/yTZTH8EgIDT4OJE5wJqb76cDtQbgUCzIokl1hS20A== + -----END AGE ENCRYPTED FILE----- + - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RHRjR0YrWkVxSVczVHEz + MDIvU1FRRUVJQTdIbFdqdjVudnFXaTliQnpjCnI4Uk5LSTBRV2RCM1ZleU93ZXN4 + RU01YTdCZ04vOXVZY0lTa0dVMngzL1UKLS0tIGc0V1RXS0lROFI5T3UxMCtXclBp + MWh4clBWQ1pMbEhrVm9JMTlnOXM2bk0KHuKznlboKg0KNzFb9FVUxxjWXz4FycOe + TbxoXl2AY6Rma3VN4E9v78LNVa+whQ3cz50G0yLULEY0Fu1Idoeugg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa0dxSThweEt6TjNXY3dN + QUdiUmpjTGNreW5pRHFScnJuRDAzMkxHMjN3ClJ0TWNxOVBDak9TNGpWMERrdUJw + Y0l5dnZubkRYUWZVRmlEQUY3RDRyYlEKLS0tIHFoWmVWYTQ0bHp3aDNuamtMU0F5 + N09mU3lRSUg1R2s2RkZUNEZHazFzKzAKFg6o4V/gGrmVsQxYQ8rMu6V3sWZxahhz + rlmIrdXD0V6pO7DZHfk2A2Lw9/injRFBH6/piZatHUAKU3l/nksMpw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDT1BhQ2pJRHRXR1RiakJV + Qkp1NzlrZnJKYlJPZHVNT3RKK1ZQd3VGRlFnCmlkQmVWaHVLaUpkekpya1NJRkE4 + MHJMMHpqam53VnZUY2U4dzY2WnUrYlkKLS0tIE8wUWhmYmQyaEgwKzNzOHd1WFA4 + MUtIVFB3N2ZkRWZCUkl4b0NwVEh4TFUKx2VGEjaJNfi3+pTwXJR56tk8u/DjwghS + +xR7aYDwtPHbOhCHMiCCU/yOzrgsJ/or014OQ2T2dFNYw2Cyg9p71A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-13T20:38:22Z" + mac: ENC[AES256_GCM,data:hRIzbexsU/vPdlvXq+Z42dJvLeABnAVqdl+L5oIwK9zvRYRA3zY+2SbUScWsMuEvppJRElGQAO5ExemlkwYapH7ERGcI2m43RU6xBPlJarbr+A/rMJOZNogwB31qXuY0vZcFW3h8L6JnaYIleQLaouti9I40AKh4uTSa81Ht+fc=,iv:Skkz+WBjZNaF02YchLRQPZkOQpFgC7GOEf0Xw+gQmwA=,tag:EuZBVAa9cNEK6ETAG0xP2g==,type:str] + pgp: + - created_at: "2024-05-13T20:13:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/7BZOUlurLkOIE9lIHX6wt6Em+rwAo7jSWTg8M3CCxwz55 + fmOVok6bKiySoj04w0mv3fF+Ly8UsVaX3UvI56QMNA5uHLXtrjRoqYEETZDCWU7Q + lKKU8iR1rDZ4orTKWOEixC522k7A0YjsIhDthAWPgEp2otOuIYZ39Os2C2MfuFfR + amR2MjfMEFyphTFR6A8wi7UK7DdPXkXzaJ88UNcVZ6o08/7A3GzAAp5gX5jWzFZ4 + gFzuHWt8YZyR611w63G1lLmvhcJGCbWI8JY3mvNSpKYVZSdF0r3KuFBKrQqzV2+/ + ql/owQMUVJroPZ8k8UPPvkIQu25qbPq2NlGdQR/YyPF1TqDEhFIV2nFaP9xmWxkb + 74kPFkcUKLiNGv7cwiOAYyvwDUCVTH/G666m8Cigl2rglBaUIsOcld23NmPR8fDk + TQUrYdMNGsLQL//hwpNyhUsmiKqb5NtFMydylu4Qh9eK5J82Nay010xUxRMnfxVX + YvKS1BVvFP4/A7eWoRObHR+4oKVgew4RDq/cX9EetBmmci9nNE/exVvVwiXJQKFr + pHuallR7CZNYbKvEOVHcjLOzgv7TXstectQnFjdQ3JzkGgIVM3gKK9e1QKqD9uhF + sO0kKDGUlxCI4HGdrCpbWlQpATmQO1rIH4l7704gpcAtG8BtEsU5yLPs3eyyAGfS + XgE7uaFBGe5/w7HU5+Kk3hP2HfgeHeZ5cfA4z1KS3P+U12l8fGHnil9nzRyLOocj + iSA+aBQE1+WuP/Jvz8k/OG8W0OZhn+C6v6Lnu2eHVzhp4ZT5DjykWHhTNzJKK/4= + =8fmF + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-05-13T20:13:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQELA2W9MER3HLb7AQf3Vsz4dsANFqzI+Cxq2mswrFZ2by5dpih+HHKyuXgQre0w + R+3AyUi2xpWy5CaK/4xaazE1GRNds7PQgWNe2PyfBcIaybZcUXBeeGNfV+K2r7AC + 23ADfZy5p9H/M2fF9Zv5CY1ChmYO4RNueLE035ZIm9Q+0HZu/W6tvZHTr3fvleVP + qo3/FO1ymUbvjbC33elKvL6bdcl9aw2l+0QBDyFEqtQHTSV84omE0Laagu4CUOrI + 0Ouqh+Nhlh6vNbvhV8ZJyap/azmLBE8cBo/6L1wybY44Jmzxxei+ZYr2ZUirx5j5 + w4Cxc1ikElJ2Dal4+ywTj7HdK5nROKh20eer3C700l4BK7b3FHndhoIilkgeTex3 + aYsKiXvtRk2miUjn6SsDTron+RI8qwqXMfQYNcLP3tnI/4OMBs6o6h33xqAJLYKm + yEBMlDUcDgP57SmcOfur2OxsjRf0LDMp151kQsXw + =0WI7 + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/readme.md b/readme.md index d0e26e60..54b264a7 100644 --- a/readme.md +++ b/readme.md @@ -44,6 +44,7 @@ nf-sops-keyscan # or on a fresh container... nf-sops-keyscan ct.local vim .sops.yaml +for nfsecret in access nix; do sops updatekeys nixos/secrets/$nfsecret.yaml; done ``` ## Updating diff --git a/systems/aya/nixos.nix b/systems/aya/nixos.nix index 6e4d4465..ee7394f4 100644 --- a/systems/aya/nixos.nix +++ b/systems/aya/nixos.nix @@ -6,7 +6,7 @@ nixos.base nixos.reisen-ct nixos.nixbld - #nixos.cross.aarch64 + #nixos.cross.aarch64 # XXX: binfmt_misc namespaces not yet supported :< nixos.tailscale nixos.github-runner.zone nixos.minecraft.bedrock diff --git a/systems/kasen/default.nix b/systems/kasen/default.nix index bb24c1c2..52d11111 100644 --- a/systems/kasen/default.nix +++ b/systems/kasen/default.nix @@ -9,10 +9,11 @@ _: { ./nixos.nix ]; exports = { - services = { - nginx.enable = true; - sshd.enable = true; - }; + services = { + nginx.enable = true; + sshd.enable = true; + openwebrx.enable = true; + }; }; network.networks = { local = { diff --git a/systems/kasen/nixos.nix b/systems/kasen/nixos.nix index 8f2e43e9..4ef9332d 100644 --- a/systems/kasen/nixos.nix +++ b/systems/kasen/nixos.nix @@ -2,18 +2,15 @@ meta, config, lib, - pkgs, ... -}: let - inherit (lib.modules) mkForce; - inherit (config.services) nginx; -in { +}: { imports = let inherit (meta) nixos; in [ - #nixos.sops + nixos.sops nixos.base nixos.nginx + nixos.openwebrx ]; boot.loader.grub.enable = false; @@ -21,30 +18,7 @@ in { hardware.rtl-sdr.enable = true; - services.openwebrx = { - enable = true; - package = pkgs.openwebrxplus; - }; - systemd.services.openwebrx.serviceConfig = { - DynamicUser = mkForce false; - User = "openwebrx"; - Group = "openwebrx"; - }; - - users.users.openwebrx = { - isSystemUser = true; - group = "openwebrx"; - extraGroups = [ - "plugdev" - ]; - }; - users.groups.openwebrx = {}; - - networking.firewall.interfaces.local.allowedTCPPorts = [ - 8073 - ]; - - #sops.defaultSopsFile = ./secrets.yaml; + sops.defaultSopsFile = ./secrets.yaml; fileSystems."/" = { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; diff --git a/systems/kasen/secrets.yaml b/systems/kasen/secrets.yaml new file mode 100644 index 00000000..a8757555 --- /dev/null +++ b/systems/kasen/secrets.yaml @@ -0,0 +1,56 @@ +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUGdqR0lBTFNycWJFZW5m + YU5WY0dQc01HQ0N4ZjFHdDN5cW16TXFLWEhzCnc5cTJ3MHBQNlp0bE5HY1hRcnpi + bzF3eEIxMU1sL2N0R3hGNUhOZWdFQUUKLS0tIHhSQzNRZ3lwV0o2TEs4elBabDQy + VG9hNEpQeW5KNTBvSTBsN0NsQWxJbE0KvkUsGZhEQ7wwuYrW7R3HARtH0/XzWLoy + 6S2cdIzeuXKogXujv+vd4zzkO1tKuwxhfrhK1EVX5LL7YuK0n66AkQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-13T20:06:41Z" + mac: ENC[AES256_GCM,data:CBVQ8xAuOniojJdAo/bNvdDwi2QdZ4IZ/cgBDTQBrxiRlsukTcqZ+PvtR2bvDZAgsHEGuL1m4qTWPlBnFYBONZ5akomZ4YRAzlUd3OcpnEQn3RVQyGhimc1D8ZJgTeSam6dykt/IFpnGwPDxgwGqgRP3WqmLJn/eKfI18ZZusMQ=,iv:9n0wiYBh02eXYEP8n7RBPOcK5UBxo6r3iKBZIJ7GN6w=,tag:QwT5PR1tvqlawSw99lR9kg==,type:str] + pgp: + - created_at: "2024-05-13T20:06:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UARAAwaLDkpKHWq5hTBp1DQ5mxDYosBnTHb43lh33k94vm4g2 + 6ut7B3gRImMaKdcJ3fbrg7tTVpaJkVA9qHuiiA9k/SjFKas1Zj1k9KJz+vqR0m6Q + sf5lgfUDL+eNeCMcuuo8zLMC5vDm3bkvffdj/2XOxKy0uGX/Rodm1yz7QUFSoUny + eYpJPXEX1zsQ4abK/Ck6q+3lCunHv5Df2Rw5U4piLC0e3kFc0NsQCNd2CavmzHkH + Us9nVZIlSgs6YeX4fFKxQwpvdDCg2dzuBnzkAgXu9LpxKBiAXPDZR6ymsUqtsFPk + wIIWVZablhVnEE2AeqzP1h8XLcS2gtBV/ikAlh8Q5stg8ZwynMYGUs4UctqNLr12 + D7FzNBdQVgnAdYR3hJIHTmVbKl1sKUcSVdWDSEZS0iQEHht8AxRPpoq69ahb5sZG + g0swYM8CIzS7MZarf4xu5Se2Oc6XjFGZXne0m+o+FTlJwt0HMgQpT7QUsuI29rRt + PU2CbsZiNvBeG7DNa8PxmOcr+RqgRieCxO7sqnXEaLM5DLw7goB1t/O0RhFwbh0F + iFEhb4EiIqctU7ZsdL+LL/D/AhOX2bRxOLh8lOQNwgbcLZqNg3CozPutZTemgirI + Au6MWj51GwmUL3nPF1uGrA1bTInpBQYFzHcQXTvmBl7a+oEpsMTJXXFi3grPegrS + XgEPu3/ymGRBbSzcfDqOTvynw57Z2WuqZhpRkz8zKnLLZvKXkuoCXzaXwkKBH3Jl + 8bymsNSnYsx9JSJRihQVDwCHnKL1nSJVRwweQTH7IwSDpy9tGRQ49K82daOIx98= + =f/a0 + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-05-13T20:06:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA2W9MER3HLb7AQgArIaJ05lMr2k4v07xGpsE0yMAcOXcgVUWBu7frgml2Mj0 + vUQzyODyHc/C4bgzPGorQjeQyDN2ZAS8tLS3gkRuze/tF74uU/7cA6AgOBQ07t2G + kCgogymIWKbaLUJF52cuZUyWsyZezZMBFZ6JXvrU3XpX9Xd4GCBt7lBWZHWaDxLc + Fj9wwYFjwSltBhd1lQrLZOCcwbY/aEWaqM/mKM/9eo3tLzDA6nIEK0n4vNyBho+5 + jjN85/3t73su/aMQO27NWsiwseAxGwlgCz3G9ib2OMG8Dj1DxDj5SeGJDFEeGYu4 + lC1OhLcBxReVnCb/0fva0SWqsXQWDi5zIOQoJoY+stJeAZ9lpq8aGM295eK9m+Yq + d4eLzgf+BKB0lwqAMxLkyLhWJMy+Wrxw6c/Pvej7lmIJnnMuJ6hOIcXYwTnj6DpA + cQR8DVJHLHS2Tp6RKxZ/05Y3Rhd1BCatvewBqbv3rA== + =bD1x + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.8.1