From bd69ebe90111e4720109adb7f1dc60b44b1ae15c Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Sun, 21 Apr 2024 15:04:27 -0700 Subject: [PATCH] feat: so many appservices, so little time... --- .sops.yaml | 8 + flake.lock | 150 ++++++++++------- home/environments/xfce/ssh.nix | 15 ++ modules/nixos/mautrix-signal.nix | 205 +++++++++++++++++++++++ nixos/environments/xfce/xfce.nix | 1 + nixos/servers/grafana-stack/telegraf.nix | 2 - nixos/servers/matrix/discord.nix | 14 ++ nixos/servers/matrix/restic.nix | 33 ++++ nixos/servers/matrix/restic.yaml | 51 ++++++ nixos/servers/matrix/signal.nix | 27 +++ nixos/servers/matrix/signal.yaml | 51 ++++++ nixos/servers/matrix/synapse.nix | 7 + nixos/servers/matrix/telegram.nix | 27 +++ nixos/servers/matrix/telegram.yaml | 51 ++++++ nixos/servers/matrix/whatsapp.nix | 27 +++ nixos/servers/matrix/whatsapp.yaml | 51 ++++++ 16 files changed, 655 insertions(+), 65 deletions(-) create mode 100644 home/environments/xfce/ssh.nix create mode 100644 modules/nixos/mautrix-signal.nix create mode 100644 nixos/servers/matrix/discord.nix create mode 100644 nixos/servers/matrix/restic.nix create mode 100644 nixos/servers/matrix/restic.yaml create mode 100644 nixos/servers/matrix/signal.nix create mode 100644 nixos/servers/matrix/signal.yaml create mode 100644 nixos/servers/matrix/telegram.nix create mode 100644 nixos/servers/matrix/telegram.yaml create mode 100644 nixos/servers/matrix/whatsapp.nix create mode 100644 nixos/servers/matrix/whatsapp.yaml diff --git a/.sops.yaml b/.sops.yaml index 540c3533..1ec70114 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -17,6 +17,14 @@ creation_rules: age: - *yukari - *koishi +- path_regex: nixos/servers/[^/]+/.*\.yaml$ + shamir_threshold: 1 + key_groups: + - pgp: + - *kat + age: + - *yukari + - *koishi - path_regex: systems/.*\.yaml$ shamir_threshold: 1 key_groups: diff --git a/flake.lock b/flake.lock index fcbbcee1..0a5484e8 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1711763326, - "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=", + "lastModified": 1713543876, + "narHash": "sha256-olEWxacm1xZhAtpq+ZkEyQgR4zgfE7ddpNtZNvubi3g=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083", + "rev": "9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed", "type": "github" }, "original": { @@ -308,11 +308,11 @@ ] }, "locked": { - "lastModified": 1712390667, - "narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=", + "lastModified": 1713713092, + "narHash": "sha256-rvyr6BBtn3cq5B/48rhJlbIOpxprwlO/71663sd9Gik=", "owner": "nix-community", "repo": "home-manager", - "rev": "b787726a8413e11b074cde42704b4af32d95545c", + "rev": "2846d5230a3c3923618eabb367deaf8885df580f", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1712339458, - "narHash": "sha256-j8pv3tL2EFLGuvFoO64dHWD8YzNvD77hRb4EEx5ADgE=", + "lastModified": 1713612213, + "narHash": "sha256-zJboXgWNpNhKyNF8H/3UYzWkx7w00TOCGKi3cwi+tsw=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "981b6617822dadc40246a6c70194d02dfc12e4c6", + "rev": "cab4746180f210a3c1dd3d53e45c510e309e90e1", "type": "github" }, "original": { @@ -364,11 +364,11 @@ ] }, "locked": { - "lastModified": 1710180874, - "narHash": "sha256-ZSn3wXQuRz36Ta/L+UCFKuUVG6QpwK2QmRkPjpQprU4=", + "lastModified": 1713472482, + "narHash": "sha256-7Ft5WZTMIjXOGgRCf31DZBwK6RK8xkeKlD5vFXz3gII=", "owner": "hyprwm", "repo": "hypridle", - "rev": "4395339a2dc410bcf49f3e24f9ed3024fdb25b0a", + "rev": "7cff4581a3753154fc5b41f39a098fad49b777b1", "type": "github" }, "original": { @@ -386,6 +386,7 @@ "hyprlang": [ "hyprlang" ], + "hyprwayland-scanner": "hyprwayland-scanner", "nixpkgs": [ "nixpkgs" ], @@ -398,11 +399,11 @@ ] }, "locked": { - "lastModified": 1712420323, - "narHash": "sha256-2isV2NOIm+EKQej7RNyFxtW5gdxDGoI9YkBYczxscF8=", + "lastModified": 1713720783, + "narHash": "sha256-YBS7VaRsi2bAH5rR3RvchG2jm8SnqKHpJ1hPeXS0i/0=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "265c7924d85e2ad5f2ff0e9f59c03403028eaef4", + "rev": "75c87bde3cfa38105a8c882c790e235503dc46bd", "type": "github" }, "original": { @@ -444,11 +445,11 @@ ] }, "locked": { - "lastModified": 1711671891, - "narHash": "sha256-C/Wwsy/RLxHP1axFFl+AnwJRWfd8gxDKKoa8nt8Qk3c=", + "lastModified": 1713121246, + "narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "c1402612146ba06606ebf64963a02bc1efe11e74", + "rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706", "type": "github" }, "original": { @@ -470,11 +471,11 @@ ] }, "locked": { - "lastModified": 1711884603, - "narHash": "sha256-y1Om75muuJcEoLd/FOYGIZ5/ja/Mc4iBX/9S7vWF0C8=", + "lastModified": 1713552491, + "narHash": "sha256-qsXB8swg2FkVRYx8FdD28iXQsz5Pyd0hxV8pnyI49aI=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "071ebcefb9070e4397d75103f5f535b58dacf250", + "rev": "307e473759d1268b50a087095cc005c941f3bb0d", "type": "github" }, "original": { @@ -507,6 +508,31 @@ "type": "github" } }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1713619586, + "narHash": "sha256-fIhNlYhPhG5AJ8DxX3LaitnccnQ+X2MCL39W2Abp7mM=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "9e13e0915273959bfd98a10662f678c15ac71c77", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, "konawall-py": { "inputs": { "flake-utils": [ @@ -517,11 +543,11 @@ ] }, "locked": { - "lastModified": 1712427525, - "narHash": "sha256-AC9iR6PdtG9v/gHSXxiEAUAIGErkzTNAKwCE3V110xs=", + "lastModified": 1713139346, + "narHash": "sha256-GlRonqewugWqLK96LPZ0X+bdnQNuOqfVdQZiY2DQkvk=", "owner": "kittywitch", "repo": "konawall-py", - "rev": "2ab1de269d735822ab0f4c6c897dafa630fa0a94", + "rev": "e3bf98deafef4876230253622fce04272af38d13", "type": "github" }, "original": { @@ -600,11 +626,11 @@ ] }, "locked": { - "lastModified": 1712366100, - "narHash": "sha256-JHNo5nvz5Rk9u+nrkbCSCZqAeBo0yVe4lEYz7m40xV0=", + "lastModified": 1713662596, + "narHash": "sha256-R39U32sB61tp5XFx1GYzWBV1TrukgtoaM/cpZNm+oDU=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "2f2d1ab110ca24f3d926e9a2aa9f4706a98ce711", + "rev": "7dbbff1a72b3b0f0fa3788e20a2bfd8b5271387f", "type": "github" }, "original": { @@ -620,11 +646,11 @@ ] }, "locked": { - "lastModified": 1711854532, - "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=", + "lastModified": 1713668931, + "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7", + "rev": "07ece11b22217b8459df589f858e92212b74f1a1", "type": "github" }, "original": { @@ -635,11 +661,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1712324865, - "narHash": "sha256-+BatEWd4HlMeK7Ora+gYIkarjxFVCg9oKrIeybHIIX4=", + "lastModified": 1713521961, + "narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f3b959627bca46a9f7052b8fbc464b8323e68c2c", + "rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2", "type": "github" }, "original": { @@ -650,11 +676,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1713537308, + "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", "type": "github" }, "original": { @@ -682,11 +708,11 @@ }, "nur": { "locked": { - "lastModified": 1712418268, - "narHash": "sha256-ada/cxhkwk0D7/iuklXUv/EOx7ooYIn27LYAyYuoQ3o=", + "lastModified": 1713721479, + "narHash": "sha256-HfmkPAtMyU794rzBGsSS089qsv7MIwcTy/rrlST4Ta0=", "owner": "nix-community", "repo": "NUR", - "rev": "ade3664ee297f453ea7f31945af6b751cf800b84", + "rev": "8b05bbd9f0ef32148e81a6dc7e794b977687125a", "type": "github" }, "original": { @@ -705,11 +731,11 @@ ] }, "locked": { - "lastModified": 1712081763, - "narHash": "sha256-+xImkX19gde0Qac6kbJtJAXKXTOgcUE5z3RsBxVtseo=", + "lastModified": 1713552700, + "narHash": "sha256-R2+GRjHFEapDa08FnuJjweAiE+5W7VKnBxNo3tC/Yzo=", "owner": "pjones", "repo": "plasma-manager", - "rev": "96a90a7f5ce6b29e01d7da83d082e870e4462174", + "rev": "bd743369ef402d269885225af93064f22b640990", "type": "github" }, "original": { @@ -862,11 +888,11 @@ ] }, "locked": { - "lastModified": 1711855048, - "narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=", + "lastModified": 1713668495, + "narHash": "sha256-4BvlfPfyUmB1U0r/oOF6jGEW/pG59c5yv6PJwgucTNM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10", + "rev": "09f1bc8ba3277c0f052f7887ec92721501541938", "type": "github" }, "original": { @@ -975,20 +1001,18 @@ "wlroots": { "flake": false, "locked": { - "host": "gitlab.freedesktop.org", - "lastModified": 1709983277, - "narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=", - "owner": "wlroots", - "repo": "wlroots", - "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", - "type": "gitlab" + "lastModified": 1713699467, + "narHash": "sha256-wQ18I2j/lUEz6FELuSphPBgROHx1POz/R2fjLA+QP8A=", + "owner": "hyprwm", + "repo": "wlroots-hyprland", + "rev": "b9063af512a2326d5c519edc6a759da875deab21", + "type": "github" }, "original": { - "host": "gitlab.freedesktop.org", - "owner": "wlroots", - "repo": "wlroots", - "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", - "type": "gitlab" + "owner": "hyprwm", + "repo": "wlroots-hyprland", + "rev": "b9063af512a2326d5c519edc6a759da875deab21", + "type": "github" } }, "wsl": { @@ -1004,11 +1028,11 @@ ] }, "locked": { - "lastModified": 1710519878, - "narHash": "sha256-0dbc10OBFUVYyXC+C+N6vRUd8xyBSRxkcZ4Egipbx0M=", + "lastModified": 1713528946, + "narHash": "sha256-IBQta+xrEaI2S5UmYrXcgV7Tu7rGLQu2V3TeJseLPSg=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "aef95bdb6800a3a2af7aa7083d6df03067da6592", + "rev": "63c1247e12f269396ed2df8cdec3aed1f0f3928c", "type": "github" }, "original": { @@ -1033,11 +1057,11 @@ ] }, "locked": { - "lastModified": 1709299639, - "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=", + "lastModified": 1713214484, + "narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "2d2fb547178ec025da643db57d40a971507b82fe", + "rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61", "type": "github" }, "original": { diff --git a/home/environments/xfce/ssh.nix b/home/environments/xfce/ssh.nix new file mode 100644 index 00000000..c279ca6e --- /dev/null +++ b/home/environments/xfce/ssh.nix @@ -0,0 +1,15 @@ +{ + lib, + pkgs, + ... +}: let + inherit (lib.strings) fileContents; +in { + home.sessionVariables.GSM_SKIP_SSH_AGENT_WORKAROUND = "1"; + + # Disable gnome-keyring ssh-agent + xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = '' + ${fileContents "${pkgs.gnome3.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop"} + Hidden=true + ''; +} diff --git a/modules/nixos/mautrix-signal.nix b/modules/nixos/mautrix-signal.nix new file mode 100644 index 00000000..240cab90 --- /dev/null +++ b/modules/nixos/mautrix-signal.nix @@ -0,0 +1,205 @@ +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.services.mautrix-signal; + dataDir = "/var/lib/mautrix-signal"; + registrationFile = "${dataDir}/signal-registration.yaml"; + settingsFile = "${dataDir}/config.json"; + settingsFileUnsubstituted = settingsFormat.generate "mautrix-signal-config-unsubstituted.json" cfg.settings; + settingsFormat = pkgs.formats.json {}; + appservicePort = 29328; + + mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); + defaultConfig = { + homeserver.address = "http://localhost:8448"; + appservice = { + hostname = "[::]"; + port = appservicePort; + database.type = "sqlite3"; + database.uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate"; + id = "signal"; + bot = { + username = "signalbot"; + displayname = "Signal Bridge Bot"; + }; + as_token = ""; + hs_token = ""; + }; + bridge = { + username_template = "signal_{{.}}"; + displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}"; + double_puppet_server_map = {}; + login_shared_secret_map = {}; + command_prefix = "!signal"; + permissions."*" = "relay"; + relay.enabled = true; + }; + logging = { + min_level = "info"; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; + }; + }; +in { + options.services.mautrix-signal = { + enable = lib.mkEnableOption (lib.mdDoc "mautrix-signal, a puppeting/relaybot bridge between Matrix and Signal."); + + settings = lib.mkOption { + type = settingsFormat.type; + default = defaultConfig; + description = lib.mdDoc '' + {file}`config.yaml` configuration as a Nix attribute set. + Configuration options should match those described in + [example-config.yaml](https://github.com/mautrix/signal/blob/master/example-config.yaml). + Secret tokens should be specified using {option}`environmentFile` + instead of this world-readable attribute set. + ''; + example = { + appservice = { + database = { + type = "postgres"; + uri = "postgresql:///mautrix_signal?host=/run/postgresql"; + }; + id = "signal"; + ephemeral_events = false; + }; + bridge = { + history_sync = { + request_full_sync = true; + }; + private_chat_portal_meta = true; + mute_bridging = true; + encryption = { + allow = true; + default = true; + require = true; + }; + provisioning = { + shared_secret = "disable"; + }; + permissions = { + "example.com" = "user"; + }; + }; + }; + }; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = lib.mdDoc '' + File containing environment variables to be passed to the mautrix-signal service, + in which secret tokens can be specified securely by optionally defining a value for + `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET`. + ''; + }; + + serviceDependencies = lib.mkOption { + type = with lib.types; listOf str; + default = lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit; + defaultText = lib.literalExpression '' + optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnits + ''; + description = lib.mdDoc '' + List of Systemd services to require and wait for when starting the application service. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.mautrix-signal = { + isSystemUser = true; + group = "mautrix-signal"; + home = dataDir; + description = "Mautrix-Signal bridge user"; + }; + + users.groups.mautrix-signal = {}; + + services.mautrix-signal.settings = lib.mkMerge (map mkDefaults [ + defaultConfig + # Note: this is defined here to avoid the docs depending on `config` + {homeserver.domain = config.services.matrix-synapse.settings.server_name;} + ]); + + systemd.services.mautrix-signal = { + description = "Mautrix-Signal Service - A Signal bridge for Matrix"; + + wantedBy = ["multi-user.target"]; + wants = ["network-online.target"] ++ cfg.serviceDependencies; + after = ["network-online.target"] ++ cfg.serviceDependencies; + + preStart = '' + # substitute the settings file by environment variables + # in this case read from EnvironmentFile + test -f '${settingsFile}' && rm -f '${settingsFile}' + old_umask=$(umask) + umask 0177 + ${pkgs.envsubst}/bin/envsubst \ + -o '${settingsFile}' \ + -i '${settingsFileUnsubstituted}' + umask $old_umask + + # generate the appservice's registration file if absent + if [ ! -f '${registrationFile}' ]; then + ${pkgs.mautrix-signal}/bin/mautrix-signal \ + --generate-registration \ + --config='${settingsFile}' \ + --registration='${registrationFile}' + fi + chmod 640 ${registrationFile} + + umask 0177 + ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0]' '${settingsFile}' '${registrationFile}' \ + > '${settingsFile}.tmp' + mv '${settingsFile}.tmp' '${settingsFile}' + umask $old_umask + ''; + + serviceConfig = { + User = "mautrix-signal"; + Group = "mautrix-signal"; + EnvironmentFile = cfg.environmentFile; + StateDirectory = baseNameOf dataDir; + WorkingDirectory = dataDir; + ExecStart = '' + ${pkgs.mautrix-signal}/bin/mautrix-signal \ + --config='${settingsFile}' \ + --registration='${registrationFile}' + ''; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + Restart = "on-failure"; + RestartSec = "30s"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = ["@system-service"]; + Type = "simple"; + UMask = 0027; + }; + restartTriggers = [settingsFileUnsubstituted]; + }; + }; + meta.maintainers = with lib.maintainers; [niklaskorz]; +} diff --git a/nixos/environments/xfce/xfce.nix b/nixos/environments/xfce/xfce.nix index 36dc3756..ece23b28 100644 --- a/nixos/environments/xfce/xfce.nix +++ b/nixos/environments/xfce/xfce.nix @@ -1,4 +1,5 @@ { pkgs, ... }: { + services.gnome.gnome-keyring.enable = true; services.xserver = { enable = true; libinput.touchpad = { diff --git a/nixos/servers/grafana-stack/telegraf.nix b/nixos/servers/grafana-stack/telegraf.nix index 2989affb..8846e0ab 100644 --- a/nixos/servers/grafana-stack/telegraf.nix +++ b/nixos/servers/grafana-stack/telegraf.nix @@ -41,8 +41,6 @@ }; diskio = { }; - io = { - }; net = { }; mem = { diff --git a/nixos/servers/matrix/discord.nix b/nixos/servers/matrix/discord.nix new file mode 100644 index 00000000..81538aab --- /dev/null +++ b/nixos/servers/matrix/discord.nix @@ -0,0 +1,14 @@ +{config, ...}: { + services.mx-puppet-discord = { + enable = config.services.matrix-synapse.enable; + settings = { + bridge = { + bindAddress = "localhost"; + domain = "kittywit.ch"; + homeserverUrl = "https://yukari.gensokyo.zone"; + }; + provisioning.whitelist = ["@kat:kittywit.ch"]; + relay.whitelist = ["@.*:kittywit.ch"]; + }; + }; +} diff --git a/nixos/servers/matrix/restic.nix b/nixos/servers/matrix/restic.nix new file mode 100644 index 00000000..90ea00a6 --- /dev/null +++ b/nixos/servers/matrix/restic.nix @@ -0,0 +1,33 @@ +{config, ...}: { + sops.secrets.restic-password-file = { + sopsFile = ./restic.yaml; + }; + services.restic.backups = { + "${config.networking.hostName}/matrix" = { + paths = [ + "/var/lib/matrix-synapse" + "/var/lib/mx-puppet-discord" + "/var/lib/mautrix-whatsapp" + "/var/lib/mautrix-signal" + "/var/lib/mautrix-telegram" + ]; + exclude = [ + ]; + extraOptions = [ + "sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'" + ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 2" + "--keep-monthly 6" + ]; + initialize = true; + passwordFile = config.sops.secrets.restic-password-file.path; + repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi"; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }; + }; +} diff --git a/nixos/servers/matrix/restic.yaml b/nixos/servers/matrix/restic.yaml new file mode 100644 index 00000000..63373768 --- /dev/null +++ b/nixos/servers/matrix/restic.yaml @@ -0,0 +1,51 @@ +restic-password-file: ENC[AES256_GCM,data:0U96CkrV8VyEvg0nm+ZfdWMo2TjxDfRF6YBFNe8jfps=,iv:TEad//eKY/tCNMLCs6EZ+gn+7cxz7nGB+y1a4Dv+Wd4=,tag:s/E0QlE812TwgC6gRKlWbA==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucVprY3BObU8rUzdnMkM4 + bTh3WWZKM29DMUhteFdVUUdoUmVUc0d0TlhRCkZHSmpnVGozMG12MUloOER1RElE + RkRJc2lhZHJOZjF3T3RBSDE4OHM0cFkKLS0tIEs0RkQzVjBjS21YTjR5dmdrR3F3 + bXM3OVBzRzl2Rjd4STlOaFdNbmswL3MK80DU00rZ/D6rTnGkGsrgXqihm0Ew5FRA + X9Lor6cfGe2x6ygZMsLCYf3feKqRyAoke17IHxA99XqzEGiTqNgkkg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSmR3Nm53UDJLZlBnSWgy + WHpBeHBtZGczeUZRdVhTN0FkNWczUEJEL1VjClRhT2FjSzNld0NES1pyTk5zOUZS + eEhRMkduZ2J5YVAxMnFHSFFEcTFWQ0UKLS0tIFB5MjJNMFlYb29OVnlCSkkydTll + Z0QvRVBWb3hoZ0FoQmtKTmRweU1IRlEKUYwURRVLK2udhfuR2yuPenS2j2gkxu0s + 5O2b9BMMtC7IGm7PsEZBIG6AOoEKY2HdhNqTQWp/u202fXIhWeZ7SA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-21T18:13:24Z" + mac: ENC[AES256_GCM,data:eDKIeCDMIKCrfypT09VUWbvUzSWze8xE9l3on6vgYOcxAnIFDlF7UnlZP/G+rU2+grxEluZV+ApUwC71LuunTNHHvEjudxp6yGHV7OrYUu+i5PuTzL0KNpt+cLr5pNYGiYWE2J4RpWmilbthVnLLJDuHlKqSAWjwdNIrEgOokR4=,iv:Yqu28Wjut7scV/iDMQVMffqdduHDbUetWvu3CVjVz3I=,tag:gggRhdXvVXxfGS7/Wp5jwg==,type:str] + pgp: + - created_at: "2024-04-21T18:13:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/+MTe8Q8NpjT7BLPK5qHjA8LcF0Qs+yf8UrQddS1aEMEru + 6lVLy2MdPKPjeb1PFu3ldZznOFD3vUet3B8mlFwv1AidQJcZPimHEVvxF7wfpJYq + m+9e232Y/eVbGYduHVM1ehm2mjYiL//xXWmLwxB3j5D7bll1VT/LZRKMMlc84FOb + S87dt/voJmXIa8lj8VJEcKyd0oS+1+Q2i6gy+phKHc7kT7z0KYnPcHhy+vpra+l5 + orSV73e5jyf9ZGVqypeI7ZfzALXxLQWnFYAtg34F5H9drZJjzKbzUsEtO5L7ybKq + ofam9QrdRcXhHKZLN55XETR1ONi/gdpNQOTvltZRyBLdiyqmWEvvvIBIR+8gbt89 + 44tuKU3xEy4A/4pWxmRBO+H0XL2qupNPbCBf8ky/jsLlaIb+DihH+VeOlwIPztvY + PO9PPT8TgAGKQZsboBgTD5Zbrpu3moQlj36yhTrL0AHRRp+/w/71CP+/kGaj1V4n + rjVIek1V/v/34bd1ype2KgvAf4YMiXRf6ydH5c1H+GVUFXVU5FRBwwaa5n8FiX86 + nCKsh04mQvLXI8TOvrW5AmVzZa5Mghj8cYIKhS39SUVF3tRs0Se/+9GXTBNy5m5v + DDNdZUdkxwBFSerDj1n4t46N8ZLV0qh7YN1v1Wxc+rMg3BwhaSR+ZKBlA0MEn4bS + XgFGxWOX26uYzAVdWjk9NxXUOvZoTEhX6oe/wU+INUAmddUo90AYtIoETwsrlR8e + 36Fw+Zqh5Dz+FgRKe6nQdLt25e7zRwqPdLC0ltxvk6VoRBDFm2MmFs8VW4AjPq8= + =w6oq + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/servers/matrix/signal.nix b/nixos/servers/matrix/signal.nix new file mode 100644 index 00000000..11f08fce --- /dev/null +++ b/nixos/servers/matrix/signal.nix @@ -0,0 +1,27 @@ +{config, ...}: { + sops.secrets.mautrix-signal-environment = { + sopsFile = ./signal.yaml; + }; + services.mautrix-signal = { + enable = config.services.matrix-synapse.enable; + environmentFile = config.sops.secrets.mautrix-signal-environment.path; + settings = { + homeserver = { + domain = "kittywit.ch"; + address = "https://yukari.gensokyo.zone"; + software = "standard"; + }; + appservice = { + port = 9048; + }; + signal = { + }; + bridge = { + permissions = { + "kittywit.ch" = "full"; + "@kat:kittywit.ch" = "admin"; + }; + }; + }; + }; +} diff --git a/nixos/servers/matrix/signal.yaml b/nixos/servers/matrix/signal.yaml new file mode 100644 index 00000000..038d66b3 --- /dev/null +++ b/nixos/servers/matrix/signal.yaml @@ -0,0 +1,51 @@ +mautrix-signal-environment: ENC[AES256_GCM,data:eoRyc9dHVRPWkZjq4XIsKYbo9qy9xmA2KAEUffZ7rrfAB6z2tFPuIQDLbLpils73V63/hu6hwVT1Jprn+++GaAR/NogG1UqBBmv5N/sEjUXvUQJoNRGDNbZa+s/ttB40gfElpHr2F5lWqoE4zfvGdTH03QaVZKEfJKz3+VvCbI8JB/zeEK7Ze+bzzm8gXhmrsShAkWX+7jbboVCwvyX8L0UCjpaMLioORODPEWX8f8n9JpkoLgavlyCPDde18HxpReO1HV0=,iv:D8u528qWlgPAzekv9ZmeLtrSq9Az/ldRWMIAvZqiUh8=,tag:pJ1iD6QEcbupZfvPcFWaMw==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSCtsT1pPUXpXdnhjcTR6 + aUVLb0x4NzFsSlJONUlkYzZNUTloMm96K0ZnCnAzcW9yclZrSldLNXhZRXg4V01Q + YUx2a2RLeVVaNTNhZnJTdHg4RFUrS3MKLS0tIExyQVpVM1ZSNnZUanpvSUdTRFp6 + OXBObGJDaUVENXo0eGFUZTRPUUUwek0KDptKKzMHR6bs4wPH9eqsPGhqzmf//261 + TDSQz+ep0FsP9ZnuJs3YdmsZAiUXlHKoFt7B2Ar2rMSfA3hYF+eTRA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTE5jS1d5NnNacW5mLzVo + VFlnK3B2VkpNUjV5QUVlYTcrdUsreklUMkd3CmU5MlBUeGp1bzVVMGV1bkNZQkJV + dHdVMDVyYUpueTBONjVOZFh3Y3N4MWsKLS0tIEF1YnpxcFRuSm9JU2VKdFJjVi9u + SndnKzY3R0MzV3pqbmxyYjNXV2p6bkEKS27XLdXlFy28qy6HlKlebp2/sqP4WKf1 + tCy/n4Dk8Gh+2Ss5+r+pqgoTHiZG/a6NqvJCpsxRsNxx+GZOpr6RcQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-21T21:52:05Z" + mac: ENC[AES256_GCM,data:BkNzMwxzX+ny7/Xn9eHScJKPu+VzzqISk2q1hTMKC62vV5xQ65d6MqDE86ljqEInQktX1DB+vExF8m4UFd0blmK6V2aK6ybT8GQWaojuzl149QKnZslhDFhijvfJL7qBZX3r3ovyQn8pobUrNHItlBWdyhFP1lCpxFufuX6zR4s=,iv:cL2q0S63wbq0rbA/ul6qqz0caCDEz9G3ic/ib+xV+xY=,tag:X4iMblIurYWsto1cyHEmKw==,type:str] + pgp: + - created_at: "2024-04-21T21:50:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ//YGGe9BTb6b1uJ7YOCLXev7M1hewxFSN6u7ExbLlsaLYK + q1qAsmpFXL63jzT698sCdg66HA0I00+OHbs3e21lIB8jA5GpE902LrN8H7CTJeaI + 44+uKHEcpKJEVS7VjoaHirrIJLd52GCvXbHtHqJ+s3ReJ2E1nP9Y7EVv6Z0c8BGB + xpNgPry5K3CrcTh1ehjARn2gxt74HuktGkd9HPbeqODdulHyb+PXShhpuT4KgiI0 + Afw0pNHxHfaJFypYaC4jldrTapRqYpAWF9KC4J8ZrROdvn7kf4B5QdTTVBjl9ec7 + l2TMMorlR+M02Yc9J/4BsqK25DOZ3UQJ84QiGasrXyCA/rSyU8OZNmib7nr+uE1y + 029YsCytKAYnDLgpTkB0ot/fqt6bLG0m3lYrcwBoC760nw6+JkGOuoNJjmSSpiKg + eih/9LskXGHmNesSHiM+2b4aNRUKLwmj5ewdGjNOQ3cfVYNxYrhGqmI5su4wakwD + Ug6KYXx+qDrOPNi547Qog4xDJ0nKcIuq1/DPVBU6kk6quzT73Z4tgiDJMsf0FoKH + 10LT0uwZ5pyudpKG6Hdvst9xkDt5iLDk72eJRbjBIulwYfWngtUvG0ZjUrjUCP4q + 8jFYZXSEFdgJJQQFyDsxkBLXHC1v/jFas1zKJ0lGZbj+u9lay+E7ZiBspNc2uP7S + XAHUxbuLhQtgoKBu5MWXEvQ6mvj3gqh9XXpbZMhEnBanVkD2QVl7MRnHtOChgjDf + k3hRdlGoaKykniKGwdKjdhqOSKFDeWEAOtxv/YKtzMW3d2XHSKGs1I4SiXqc + =ITAO + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/servers/matrix/synapse.nix b/nixos/servers/matrix/synapse.nix index a93a26e4..b02a9829 100644 --- a/nixos/servers/matrix/synapse.nix +++ b/nixos/servers/matrix/synapse.nix @@ -23,6 +23,13 @@ in { registration_shared_secret = "!!MATRIX_SHARED_REGISTRATION_SECRET!!"; allow_guest_access = true; suppress_key_server_warning = true; + use_appservice_legacy_authorization = true; + app_service_config_files = [ + "/var/lib/matrix-synapse/discord-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + ]; log_config = pkgs.writeText "nya.yaml" '' version: 1 formatters: diff --git a/nixos/servers/matrix/telegram.nix b/nixos/servers/matrix/telegram.nix new file mode 100644 index 00000000..7b3fb00f --- /dev/null +++ b/nixos/servers/matrix/telegram.nix @@ -0,0 +1,27 @@ +{config, ...}: { + sops.secrets.mautrix-telegram-environment = { + sopsFile = ./telegram.yaml; + }; + services.mautrix-telegram = { + enable = config.services.matrix-synapse.enable; + environmentFile = config.sops.secrets.mautrix-telegram-environment.path; + settings = { + homeserver = { + domain = "kittywit.ch"; + address = "https://yukari.gensokyo.zone"; + software = "standard"; + }; + appservice = { + port = 9047; + }; + telegram = { + }; + bridge = { + permissions = { + "kittywit.ch" = "full"; + "@kat:kittywit.ch" = "admin"; + }; + }; + }; + }; +} diff --git a/nixos/servers/matrix/telegram.yaml b/nixos/servers/matrix/telegram.yaml new file mode 100644 index 00000000..c7d1eb99 --- /dev/null +++ b/nixos/servers/matrix/telegram.yaml @@ -0,0 +1,51 @@ +mautrix-telegram-environment: ENC[AES256_GCM,data:/SYgmAFD7hsq829JsOvX+iDvy0uByfuhV8RnRVuEIlwkTZyfKpZYcqfi3/6fk3OlgtE68ULO9ZKY/tmNl2JFKiRiO8wln+oebDMjTAWlUFvjzFAcM5rCb7OQHY4ODZMzEMMtqatCyKztaS7Ql3v7gEZdD98yHzhdpGGPe5eS6ClGdSDRz5hahNIGrpcr1lJIMXBq3F3jKqipUzf3uiJZ8FrakSwUPQyVZhRNsrir4oSOi/gWevJ59Ey3FKr5NjK2DhxRx2/bvJZzNo16e/M8V4pdUkDbl7aOvYsTg+swTQmTNk+bGsWgZjmc/hrwRIJYnNJ/uhMhqHzk5zzMYNS/gCAsZeDWS/XAdFj4jWAcEA6Em34hAw59rpq9liuRJX8i2ewXblWz5dYoUqgv6dHIR5tyLFr4YPBl,iv:70Bn00Rz40m1DvmitbnCNibiLHWmmDc6WN2wQOiyNXc=,tag:qxAISRF4JF6WycS1si+FKQ==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMnd1ZW9RNDdLeno4SGJC + QlBldUMyb0I3R2FnWVFCL3VDWENqalhBb2o0CmdHWVprVHl4cGhtbDJ3TWNINGdl + cHlKVWxNRkFBQTNJQm5lRjUwdlk1aTgKLS0tIHdnd3ROaDVPdE5GZHF5M2VJNnRs + N3ZzdTYvb1dRWGREdGpBeXFhZlViOG8Kz5LXrmv15SJO66Br1tFMHucah7VIbqh0 + sYlfWvw2YOHlZROSjHtQSA8rvwvXdYUko6QxgLsXsE4jcwOy+9QP2g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscUtTeVlRb1ZKei82bHd0 + TU5VUXQxWW9SenhEOHJtVG1ndWNVTGtLWGs4CjR6SXBlYzduSUVEZ1Y5eldYb28v + MDRNME5rT2pPbVpZRUNTY09PTGlBclEKLS0tIHFQY29td2NqUXh2c1RTSmY0STNS + dktRcWMxdEpVOTJNN3lBam1kZEhIYm8Kl3wo4mPpdz1Q2UyLxHxfFEWmpBo/gQxU + 9LBzKX9SDcFEfFbR75zhmnRTvNb0Rm7GC4Y7Xa8Pvbkli6AeELmXDg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-21T21:17:03Z" + mac: ENC[AES256_GCM,data:FxmPFJXQ1oCFA7K3bXuAcKDDCzDQpVsVSZksz9NHw3p7J5kKNy/M3PulXJdlC8pw5NbtK8nLlYP6mcjgSRICaXXUbked13gDD2bbB6DrjcXjhes5ccwcPOb4kLuUcTgGJ8q5BSD3isLOO31E4RZHmX10F8lJLPqR5whoDs3IajE=,iv:FExSdR/+CdFkcP2V6C7n4NgvbdibRol3lTVBjUlhWWE=,tag:nSHHoo/ykTzZNZlXDePW5g==,type:str] + pgp: + - created_at: "2024-04-21T20:44:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ//bj8ST8QZfc7WPOpSv5CtYa10jaKt3XwLMeFvOuY/5F6Y + K/LnSbkv1W55Cpi+XwRBDmfVDSnIGtx3a3+K5QPQbQfvj5csd94SmNrVDh4gSrLo + 7uz84uTf6KuL535+JrGNeEPqQHmSkHwaaBWATwWWSs7CbUg6hVbeGG6xveEKAQhB + ZxUUTceaL02NAqTsFqZ6poY2fcCWDUWBZTIwmH3/nFus2wIqvR0SrThg2TyypKAx + s7fwf1tJtPpl/XKvsC7ywFNBM5LYCfDyNz7qicHirCy7sbptoCoDNy1aIKMxbsEr + quDKEI9u/GicW7hymSI2b/CG/jRRdg218qZciiDf/HyB0/JsYZBnI6cVOpFqe7Fn + a0eAGp/ZS0p8VyrGd3T4G/0SX5jj1RxQ33J7t0Cso4Z3eZ6CwPkjQsmMi4g4jPjy + vKRVVi5rCkFFstMG6KzACCvv5yMIvVDqaKI+kNCxkCMZaHcQJsaGD4ibF1Ch78cc + 7BsD5hXsVZwlXS+7OYWbvWqBSMTV9JXxrL/NkkKOt3fqS7yVQ1hyxl8wnLYULGcv + aeS1oIEy7diPLKXNmK6D2Ve7fM8tHEio5kdfJqM14kDaMWhBJcHlzta33Kupltn0 + oxg58Vzrl1womxFOjuG7lU3ZYFCFhFhLak3rMlcaZk5MIkWqousIb9tj9AWLtCnS + XAExxNtxPDWHPnSgB44irxkGOvSJyRrhX1bww9Ax5MUzfjTDh+yghA/y60TDTkFD + xFoPVvPymnL3XPonbtyU8GXCYDf5K1vfThm7r+jTwVqRH1negthAn3vCju6C + =dL3u + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/servers/matrix/whatsapp.nix b/nixos/servers/matrix/whatsapp.nix new file mode 100644 index 00000000..8a508852 --- /dev/null +++ b/nixos/servers/matrix/whatsapp.nix @@ -0,0 +1,27 @@ +{config, ...}: { + sops.secrets.mautrix-whatsapp-environment = { + sopsFile = ./whatsapp.yaml; + }; + services.mautrix-whatsapp = { + enable = config.services.matrix-synapse.enable; + environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path; + settings = { + homeserver = { + domain = "kittywit.ch"; + address = "https://yukari.gensokyo.zone"; + software = "standard"; + }; + appservice = { + port = 9049; + }; + whatsapp = { + }; + bridge = { + permissions = { + "kittywit.ch" = "full"; + "@kat:kittywit.ch" = "admin"; + }; + }; + }; + }; +} diff --git a/nixos/servers/matrix/whatsapp.yaml b/nixos/servers/matrix/whatsapp.yaml new file mode 100644 index 00000000..60881031 --- /dev/null +++ b/nixos/servers/matrix/whatsapp.yaml @@ -0,0 +1,51 @@ +mautrix-whatsapp-environment: ENC[AES256_GCM,data:yfyECUKpmXyOFSsl1i1SupOdnAF2yisuY94v5JYjEsOi4aqoJ8c3ryErHp6/3mDosJRQm5E8YsuHDbs5t/OD6JcgIVff5V5igRcN06mvtfA0URDNOOetIwWreJOJRqD4DW7tdKKfGg1fDZpcJ4rEe+uV2LMB1owyTzCViT4bD9czxwxPUp145ss8KY03MEkO5/FwWZ2K/sZB/cAOZPqe9zWT2PhWebhKOflCbGiqOu5vD7wQSVOJHvmo6zW0KA99XixxtD1zeutp7jzK,iv:LeVF/OgzQJgOPiaqxUAuRaYBZmkLqtkQietvJBDA3sU=,tag:HhBXbPh1x7E+rJheZOvEDw==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYWMwcEh0SVZKbWlybEp3 + bjhYdFN5dmhHWDlJeTBNcWlOcCtzV1gxZGhJCnk2MnJjSlNOMitQR1NBVUdDRjdL + dXhoL2I1WUZWeDI0SGZINGVDWGxWdkEKLS0tIHkrdEJUbERLbjd6bndaSnFvTUxm + YWhFK2FNYWVRaDhndkdLYjV4QkhjaFkKl2x+nwGz7Zh3GqQBEAJ9nqTDzd4ZK1nG + PV9eJz6P9uSDDix0klyg5e/DDnw38OZZo9Sh04TVm6x0ehVCdz2L4A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETUE0ZHNZS3F3OC9oSERC + Z1ZxM0VwRkVEaXZsbE55bUM5Mk5JN0Y3OFhBCmxPc0RnQVozSTNmclZIVENJbVM2 + WVVBcWRHeVY3M2VCUFJzSTNQclo3NWMKLS0tIDBiYUQ5LzRYRVRSdWdWWm5jRktJ + c1UySUtGYTc4R1hoeHZkUnV2eGRhU1UKK7OG7F4AGspRUxKlp9HBAIe5vtlZxHO3 + hZ5qMO00qcNzeWaxrIP2R2I6yxEieGDsR8pgq+q1Ma8Y/uJiiW756A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-21T22:01:48Z" + mac: ENC[AES256_GCM,data:MWwXYxo4dC9XlJWA1Tnp0qBzt31E/UuYyIPtMZNjY5o+km0BZrxuGhFwewUadyRajk6vXhbMW2nOYCQBlEjiOENrUOO0sLAIdu8QC00bZ9c4UlSL/OZJosTUVvkFrE14Os697gYV2RNenFZS/+QyvAdiMgVjgNeLjBRj3nt9QBg=,iv:ZVVfiDkUpO9WeusJq91FSTtmhGXnX08WTNW3okqqKxo=,tag:ERe7uNv2p0WcZDwJnWCNpA==,type:str] + pgp: + - created_at: "2024-04-21T22:01:11Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UARAAvNJgY/53bCwRN4MNQa8mhx3+5xNWeiX33LVbUCrYK6YF + eI4bZ7xIlo14xGxY+aSqS4J7GWeMfLz24J3NhOFUO7O3J4gFE18+qdaWQ/7Q+Caa + /MVSk86qb0Ol3U8S4lERyUExjLokayWbokolx0LZ/uaVAPmEmLwCYBgJxM4Hw+81 + YMmizVNUqe+QsClshxc+/bdeJom7WTuowtpRN4sZnqcXq4J/uYudpHCl/tXvggKf + lH0Q4E3BAumi3rjJU9S61bTreZRIUeromveUK/GDCW2mwX3RbF5Luy+Mr1P6QEuV + FOBHk2ln/9ZXd64qjn3UkrC5m8SkgNk9K6StJ0x8ZTGv6TYexvWY+43D9QWRsP4F + uSaqr8SarUFRIr4LwOWLdKjroL3rPsIe5kEMjNxTS2Gj1CZzD1ViqCfQUzW17LC3 + iJQd8HgKvvUaK4vqoZfM9lId/JL1hxjzE8dwiIWdWJqlAGHHGEN4jgvSqm8Csuwc + BbpVV+voXZErZvrZv+GRg5/2ESQYqBgpjvz4y6JD9Yir9KCnr6pT3i9DT8IVi1YS + 24HcG4aPw8gB2WSB9BUmCaYqvDTSNx6mPU2tDgk+PTUTlhgGQi4NHloAqYREN6/v + IuBF+DfJ66dQHji/0sZGHsr+zJJWCXbgtquvqwo+E3keKOowppAeNlgTqqQU2DXS + XAHBBhDoF0G5m3vRARohGks69OLBwgfwZRPfNucFyr0pIDvTurTE9jXVS8HiOaXj + Rg8QFm2oaRloq5Y+OtO/UgiIPzzUqn8HIw5VNTC4MnMqIr1Xotf1IZ2PNnz4 + =IQHS + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1