From bf8183f87a98a013fd85c8a8e2688d8c0052ac9b Mon Sep 17 00:00:00 2001 From: tux Date: Thu, 10 Jul 2025 03:12:55 +0530 Subject: [PATCH] feat: migrate alpha and add impermanence --- .sops.yaml | 2 +- hosts/alpha/default.nix | 94 ++++++++++++++++++---- hosts/alpha/disko.nix | 53 +++++++++++++ hosts/alpha/hardware.nix | 33 -------- hosts/alpha/home.nix | 13 ++- hosts/alpha/secrets.yaml | 39 ++++----- hosts/common/secrets.yaml | 161 ++++++++++++++++++-------------------- 7 files changed, 237 insertions(+), 158 deletions(-) create mode 100644 hosts/alpha/disko.nix delete mode 100644 hosts/alpha/hardware.nix diff --git a/.sops.yaml b/.sops.yaml index c967869..797f75c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &canopus age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj - &homelab age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60 - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50 - - &alpha age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx + - &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l - &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh diff --git a/hosts/alpha/default.nix b/hosts/alpha/default.nix index af736fb..349c58e 100644 --- a/hosts/alpha/default.nix +++ b/hosts/alpha/default.nix @@ -1,13 +1,18 @@ { - pkgs, - username, - config, - email, + modulesPath, inputs, + username, + lib, + email, + config, ... }: { imports = [ - ./hardware.nix + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + inputs.disko.nixosModules.default + (import ./disko.nix {device = "/dev/vda";}) + ../common ../../modules/nixos/selfhosted/uptime-kuma.nix ]; @@ -17,6 +22,11 @@ tux.services.tfolio.enable = true; + tux.services.nginxStreamProxy = { + enable = true; + upstreamServers = inputs.nix-secrets.proxy-servers; + }; + sops.secrets = { borg_encryption_key = { sopsFile = ./secrets.yaml; @@ -31,13 +41,53 @@ }; }; + nixpkgs = { + hostPlatform = "x86_64-linux"; + }; + boot = { - kernelPackages = pkgs.linuxPackages_zen; - initrd.systemd.enable = true; + initrd.systemd = { + enable = lib.mkForce true; + + services.wipe-my-fs = { + wantedBy = ["initrd.target"]; + after = ["initrd-root-device.target"]; + before = ["sysroot.mount"]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir /btrfs_tmp + mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp + + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + }; + }; loader = { - grub.device = "/dev/sda"; - timeout = 1; + grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; }; }; @@ -46,7 +96,7 @@ firewall = { enable = true; - allowedTCPPorts = [80 443 22]; + allowedTCPPorts = [80 443 22 23]; }; }; @@ -56,6 +106,7 @@ defaults.email = "${email}"; certs = { "tux.rs" = { + group = "nginx"; domain = "*.tux.rs"; extraDomainNames = ["tux.rs"]; dnsProvider = "cloudflare"; @@ -70,11 +121,6 @@ users.users.nginx.extraGroups = ["acme"]; - tux.services.nginxStreamProxy = { - enable = true; - upstreamServers = inputs.nix-secrets.proxy-servers; - }; - services = { nginx = { recommendedGzipSettings = true; @@ -89,8 +135,22 @@ dconf.enable = true; }; + programs.fuse.userAllowOther = true; + fileSystems."/persist".neededForBoot = true; environment.persistence."/persist" = { - enable = false; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/acme" + "/var/lib/nixos" + "/var/lib/private" + ]; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; }; home-manager.users.${username} = { @@ -99,5 +159,5 @@ ]; }; - system.stateVersion = "23.11"; + system.stateVersion = "24.11"; } diff --git a/hosts/alpha/disko.nix b/hosts/alpha/disko.nix new file mode 100644 index 0000000..4a0c700 --- /dev/null +++ b/hosts/alpha/disko.nix @@ -0,0 +1,53 @@ +{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: { + disko.devices.disk.primary = { + inherit device; + type = "disk"; + content = { + type = "gpt"; # GPT partitioning scheme + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + # EFI Partition + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults" "umask=0077"]; + }; + }; + # Btrfs Root Partition + root = { + size = "100%"; # Use remaining space + type = "8300"; # Linux filesystem type + content = { + type = "btrfs"; + subvolumes = { + "/root" = { + mountOptions = ["compress=zstd"]; # Compression for better performance + mountpoint = "/"; # Root subvolume + }; + "/persist" = { + mountOptions = ["compress=zstd"]; # Compression for persistent data + mountpoint = "/persist"; # Persistent subvolume + }; + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + "noacl" + ]; # Optimize for Nix store + mountpoint = "/nix"; # Nix subvolume + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/alpha/hardware.nix b/hosts/alpha/hardware.nix deleted file mode 100644 index 81dbdd3..0000000 --- a/hosts/alpha/hardware.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/471d0988-e57c-4767-a2b4-c93797a8c16f"; - fsType = "ext4"; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/alpha/home.nix b/hosts/alpha/home.nix index 86ea8a7..fcb9298 100644 --- a/hosts/alpha/home.nix +++ b/hosts/alpha/home.nix @@ -1,3 +1,12 @@ -{...}: { - home.stateVersion = "23.11"; +{username, ...}: { + home.persistence."/persist/home/${username}" = { + directories = [ + "Projects" + ".ssh" + ".local/share/zsh" + ]; + allowOther = true; + }; + + home.stateVersion = "24.11"; } diff --git a/hosts/alpha/secrets.yaml b/hosts/alpha/secrets.yaml index 9880b41..82ac079 100644 --- a/hosts/alpha/secrets.yaml +++ b/hosts/alpha/secrets.yaml @@ -1,33 +1,28 @@ -borg_encryption_key: ENC[AES256_GCM,data:4rS4RVUbSErLEVJuUluYOrw0m2LlYP7zEeYTL4yTmc4=,iv:epNhm2nSDF4Lp+Iu/vZuDiTna+1q59lY7Ztmpcpmb5o=,tag:7o0MwZBdiDSPaL07qVOfWg==,type:str] +borg_encryption_key: ENC[AES256_GCM,data:EK1f7J4ea80K7LO16pPmkh246xmXoJEiCKzPbiRCmjQ=,iv:3vae+IAAgDx+0NPgml07kbT9kc4RpzDd1oj2Qb6ZqdM=,tag:aXj3IwzfeQ8+tGjSpq76bw==,type:str] cloudflare_credentials: - email: ENC[AES256_GCM,data:Re656wFjQWWNO/k=,iv:NsRdtzMbkOPS9kN/y/IYzRrBr+xmDXp87DTiNwHKesc=,tag:4hGnmto08H2MKxk/7QkI5w==,type:str] - dns_api_token: ENC[AES256_GCM,data:703Nk1PaePWYuKNVJkSVTplAvsSTLrYrWdhZlTqlMNRa6m2j5neahg==,iv:RHpz1O1TgFsooYGIJiI8Owwmk5hzd+x+DFADvt+k9C0=,tag:zlDnKbLbSBVXMaHOnk0AuQ==,type:str] + email: ENC[AES256_GCM,data:w9ghChGxgV7OVeM=,iv:Qtl/pMmXGjhZ9dMRkxeyEDncGfY/YPy51eJrZ6mOgGg=,tag:oi7OoTf4TnUknblZ3lPDzQ==,type:str] + dns_api_token: ENC[AES256_GCM,data:lMoqQs9MZ646ESJUxN2dtIopNS8P55JARk6wyfaJ8ad9ABvk268oWQ==,iv:Ez4y/kKPsRuIH9mEcpS3IU4j3kK8F6iBBFOnIf9Ck60=,tag:7I0eE8PoohH9KtiHziagrg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTnRhZVg3MmNiOFpoeTE3 - SXdtRXN1VS82S3AveDFMRjFYQVJpMDdyQWowCjJrQlIwN2VHQUlUazNaMERnRDJR - dFQ2VUpDMlJENVU5cWtIY3pZZU9wSmcKLS0tIEF1NzRkSHJ5cTQrM3RWdUtrYzkw - VXI3QzE5UlBhS2g1RUl0TEtaS0NPTW8KAQ+9Hk3HNMhwm33T3mzgkavs6mx4zKqZ - xjfB5d5W5UI+7uYC+RQNNA/cVxAgkMiW4OL4HAt2hXD6lrsjNzxzpQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NjIrVVlPVW9qTU9vMlMw + K3BtRHZaS0h0WmlmMjF3YjhHSFZtNmFzdjNZCjRKQ0UwWTc2L3NOY1AyZnR2K2hF + QkQ4blQvd0paRHd6c3dWaU5XbmV4S28KLS0tIExtWnR0djB5WU9lajVJeU5udlBQ + eDlMemQ1c1FkazlRaDhPUzNBcVh2bWsK544MNSGooJPKL7hxQ+yvPRROw3RER7p8 + jbUVxMp4ZD/0ut/qFrKdyvfSPDcDkUR5eBoeaeUBkMAAPL+YeIxKhQ== -----END AGE ENCRYPTED FILE----- - - recipient: age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx + - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4OHkvTk5JaWxLbmZ5VEtV - S2VkMVl0WGZOYk5WRTJISWMxU0tja0x6alFrCnJISFNTbDhNRXJjUDJDS1JmWmRK - aGhyaFBjNTlhanE3UGdQb0JFUWFCTWcKLS0tIDhVZ1JxcGJUcWsvWVFSWFZWYjdx - K2syUkFRb3F3aFFFeis3OFR4ZENielEKGrUQCi7xaPzJKypvy4tyoSG1a2/l5Le0 - dVcheJcRJvoo89WWrciMhZ/MCs5kffI464RVW7q9BxbJRDO2Obm2dw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWlN0bWNMZTlMM3Mvdmdn + M2M1RzBaNUl3Qkc4Sm5QbmE3cFpuODBNakZzCk9SbjBvM25pK2pGdmRqMXd4eTJu + ZU8vTmtSN1RYK2RmQ01QempKUG43eHMKLS0tIHVINVgvNTluS1grSm1YSHkzalMx + SGM4ditJZFducVNEaDlJSkhuUnpxQzAKvvHbDuTQUpW+O/qtgjAFZlYc4iRRj4G1 + BP/QyzuTnpP6PuAG9pJYHx164+uS2Ftog/QnCFD0YAJdJtxaoUHzOw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-13T09:10:11Z" - mac: ENC[AES256_GCM,data:GTzDXeEzRFmrX0PU0GKPF5JwscZUrzUmB90ThHPZ7oqflOPpZBrotOo4MZCcU37HEPAXVeFUzVnsjN5bOp5RFqs70r9upj2jXiIsbx/yskcPOML3GAFmVc9HbjOK9TLyie2bJWaFhT+b7CgiJvyIu0QEh43dqSI4d3H1T8Hqn1o=,iv:kcV3Xz276+PKrztSIDB2SiJjDV2iqCn2A90AjEO326M=,tag:3xu3sQeRB15Os06i484GFw==,type:str] - pgp: [] + lastmodified: "2025-07-09T19:44:56Z" + mac: ENC[AES256_GCM,data:1sXY3aEfbsit5hGBdE7x0pbdSLnW67NRNNDTEjS1fI85TaPpMmcgrxxvEDsg1A6psRMdBwFMUIVHH/rf4rkZ9tXSmHZBFTZrTQGn09bPF9yNC0MnJXKkcNcQiQJveg986LMWFwT/WE8PWbeDh7o+ASJF+IgT+5ikq8DMBgoyK/E=,iv:Ssy66et65Oq2WwbF12ubLGk87bSv/KSruf49T7v04NY=,tag:Y89PxwRFlJUBZniS2clybw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.10.2 diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml index 6009feb..34d2da7 100644 --- a/hosts/common/secrets.yaml +++ b/hosts/common/secrets.yaml @@ -1,84 +1,79 @@ -tux-password: ENC[AES256_GCM,data:X5y3+HuWsnZ9wnjCBAbOzIWO9o7AB716/WoaqsJ4U9F7Ok4gCqZwUVMRm4unb54Ggp3ctRUAi2iDqTCKoaMIfgkdWzj74ix39w==,iv:9gl//PAvzXO2e+v6jRdVh5uLv3p1xt7cxuV7N27heLI=,tag:ZqKESAf5AoUVG6wbsQ1ymw==,type:str] +tux-password: ENC[AES256_GCM,data:eT/AJVYLLtI5SUD2MH8K1oIFk8NoW5qFSAEDxb5QNaEkUtVqM4eroGs6lGt1pKWxYv98Rl01c2AM28ZXsQN7XalztTRlHc9XnQ==,iv:GV8QmQ4SuzjzMD/rEx4A5bQKlYMCldQrg7P65CGG5vA=,tag:SE2HYTABCccSipoqluBQiA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5OVloM2VlbFNvdTZ2N3Q0 - b2pLNXU4Q05meGRNV2NVc3k5djUyOFhjaWdvClZvUXR6K0JnTG5yQ0xzZ2ltcGxD - cmUvMW5KbTU0YzE3bmhrQWE0VzBPaE0KLS0tIFZydzZ5M2NtSko1TUxmRWdtcVBR - cVZha2lHcGQ2RndmTkJ6czMwQzFyUDgK+MdsnznFru+9XiBoKBXpMeyFjd8GiPNn - mIcD6RMxxg8OBOEuAqszTJ6aFgjNhTMmkZpD/htPcLHVqU6ETPz+ew== - -----END AGE ENCRYPTED FILE----- - - recipient: age1d3t78xlqd0erlqj2m9947l9eqwpge3zrperljw3xrshh0gjx4ghs8tuqcu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UnhyUlpNUnVnMTNJRUUy - VjZ2bWpZMzJHVlQ0RDRkVmRRdjh1WnNGZlJzCk14VWQvSnBjcjdBd1pFazlnS2VN - VSszM2hHQzl0eVNJa2JZNWZRNHdvREUKLS0tIDdvdGx3VlRIMzNBc05SUkhnajdN - L2ZuekNJYm9uc3ZuM1ljMDUxSjlEM1EKpXMtDX5xaQViGsxRT2mZeNDENk6PwD9x - pPrx/B4RvE6nbU9ywrYlK1UQ5VVrbA9pXxsyy2HMawN4fOkugbWSiQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQlZOdWorTStxR0FxakZJ - Q1RNYnRSWXc5NnFSY2VZNElXd0pXR0hSV2xzCmgzZ1NxT2FiSWhYYWl0UVpNOUZY - QW1SamhQZzc1L2JKQmRjVXBGSXVHNkkKLS0tIDcyRUtRcXU0ekRwcDZKMTRncm5m - VTdNQVAxdkNQMFFncnd4eDJlc2Y1S2cK40aaDENAS8eXWtO7t+L0sYXvs7eJj6hd - xRmphVIxTILQ01WnD5StKEIOhg8y66h9KOIuqRLi7qb9781QYKfuzA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZ25EWnZ0c2htV0JRNEFh - RFBzU3F6Y2NTMnpRNXlqUHZvQlREWUJ5R2swCkNKblJMSU56MXlVVWY0Nk5mOXU2 - MjBlV0pLUHVEM0RvT1BROEthblFEWDQKLS0tIHdCWUNTbE1FMmcwaWxncTBYbFVp - ZGk0V3JpQUU1TGxyVFVmSUF6UDRseHMKUOVQlTblgz8FAsInQkBnyM3iUV5+gmDP - TVEfewEsw5+61ArA1OIqpXqW/QeCw9+1O6dOAi9/Z3Fgw4AdPUsWpQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbTM1NTdZeGNDbVpJNEhH - TGVvVi95cnhMT2QxdkE0Z3d0WCtDdXNiRlUwCnNGNjRYWjQzV3hUVXg3WWp1SUh5 - aE85YkV1NkVNcUNmbXFJN29lUVhReGsKLS0tIDNDR0JacTVLZFR1M0tnU25oVEVY - UTN4aHQyQ1hONURCc1FTQkMxdmZ1eUUKUt37gBetdgOyyloyeo2RLSAI481Rdv0y - OUgbQB6DvU8fVrptZnnIrkd2TjaHYq1bF1DsfMzLgtC4UVdeu9CSuw== - -----END AGE ENCRYPTED FILE----- - - recipient: age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTU9vbjhtT1c0NlU4L0pq - ZHVlamZHS25hTVUycUNPaXEwVzBlb25wSGpJCjE0TXJQQ3ZoS2VRWUFJYjNteS9B - ZElVL3ZuU2VPMVdBdlREMUovejJRNDAKLS0tIGZMZXlEMnJOcG5vT0Q2SnVTdGtE - MTJiNDlXeCtPakJsWWF4RHJjdUpiQmMKYfnHI74b9S8zj6ybHdGB9iQtkQxVSgtv - xBkMZ6SgTZIuCS5HIf6a7muYIfkVCQMQHKF10p6BULVKc0Rr/ZAA1Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTVo3NXRJOXpmLzU0SUZ0 - bmVJZng1RmtSaTdWcFJLaDhFS0Z0d2h1T0dzCkhBbVNRUW1DUlFhQ3VJTC9ZRS9u - SmE0WmJQZ1hxS256YkgxZXphem9rNUkKLS0tIEMxY1ErM2M3dmEvemVkSVJLUnBP - dE5wWDRtbHVSRlFjUEs2WnpnUmRzRlUKznDFUOLnRW1dlL3hAQVZmvNxFsLxUbHM - 6YOTK08Ahi93qsKpuC05XoKwbMhVyC59zdnNQzoU9EMtaCTm5UFUsQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqc2d6cWR6VDZLWFA2ZlhV - dG1kNm9Fdi93ZllzNWxXdk5PcE5lR0F4QkRJCkEzbWxvU3dHZG01SzhEQm02eXh4 - TkdCL2RtUDE0bzdIWk5jVVpvMGp2T28KLS0tIEQyVEZLZ3JQWlI2aVhDem4wZ0Er - RTh0enVYTkdrVjBVc2xGQjgrK25nMmcKkWeBeMglk452ZwHR3h67kL7vs/hQc7s+ - 2f0DyAQfYO4QWdDGkFB3WZI/b9YIDatIZGlKUx07CEmI84ErYYmNLA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-01T13:39:27Z" - mac: ENC[AES256_GCM,data:5FyPM1CcibPMlt5d1J7AydMRKMGE1HTFQFHIokn00vByZSj0WIUFebJ/hryFzGZK05zsBDEULWSy2ntSG5MWJFdDom4Wl58WnDzZo33RyYztPXvpD/o8J5BuYQWFngCLiz67rm/7QdZ/A6N0uyl7YmvqLzGjore12eEB3R9jzOQ=,iv:yiFJ8l+oSyAVRFOwKLMqw23ODcxoGIq7+QytyTw1ZKY=,tag:fFJo+soFRqFIrvThKPEeYg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.3 + age: + - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNDczRHNXUGpOV2kydUhC + MXBRaUVqMEorekZPa1Irai81cE9HVjYwNFd3CjNqMnJQdExSL2hnVjQxbDZYdUI4 + TlFWUFk0Ymw5MGJqVkZIMnRXNDVKUFkKLS0tIEdSc3BqV1pUWlp3VHhqRjFmQzBw + QmlDYlBPbGNQbE9nTkFPZUd6eGREMlkKG366KVXqTj5wYsDS+cUspQB44zL4EpFx + LQGkgHOqk/or3wvDUZLG7eYXNJfTeMbsOBa8RDcrKt2adH5bFJ9TTQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1d3t78xlqd0erlqj2m9947l9eqwpge3zrperljw3xrshh0gjx4ghs8tuqcu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSklFMFJZMmhNak5PQVRm + QUZlMG5aVzd6YlhDV0RWT1RoSktLWFNqcjJRCmJ1UHVmM0FxUThXdU5iWXl6dGdB + eThQd0I2MVp1S0JMbVhSaDNyTU53YlkKLS0tIFJvdTlyYVVxR2pwNGh5WGh0cTB6 + R1poeHZ6aGFVR2hRQzhiaXF0NlRhNkUKFX7RvZ9AP10Fdx6URXZwSNot/54hcox8 + xlKqzmMKeFY/Zg8vnkykJDvtjaWnJzVMwWAtBvWuuscSxGh3EjqBpg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaE81Ny9zZlRFMkt6Ny9F + QkpHR0hXS21XS3N1elZ6T3lvTHB0MGVYYm00Ck0zd20xQ3MvQzNhV0VRSFVia3h2 + MUZzRVFMV2hUZmE4Q3c0MDNvRGZicXMKLS0tIGRJTUhGMnA4OEl3SDQyaGE3SmMz + cFAxMmJ5R21tRjg4V2QzOVh0eXhxN3cKawTKTjQW/e0KXOdxomzKAaAId2KMRJTj + II7OdigajgODGq9oesu0hSczqu5sAqfxSEHXrsxu4KbPStwucMx+ug== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSENyQkwzTTJNZEVUa0Ew + TUtmQThWbmIzM1VwTUErQWVYNGVuWTVjQ1NRCnlGZnZRa0xIZnRCaU9zL05aYjlK + cjcwOTZ1aGtqRklRMGp0cWUxaG1aSG8KLS0tIE9WYlZZVnVZa1Bnb0oxbmYxZHdC + Umx6elZsUE5lbHFjVGJ2UWthQTRCNkUKk37wQZ5M46XSfHdnx3hLr+aW8dzcl/RQ + rvQzjFmRPprwixXLP87S7KYibJRcrO3Ol5WTNwJKp2tMrlHjJ5d/MQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZmFuT1pnRUgyRUdvVFlL + OHlmL3d6OHluMU5wa2VWeHV6ZGpUNzFuOFd3CjVKU3g1RTFmRjl0MmpnajMvbE9Y + S2I3RFhTbTJCZHI2ZVlnRVdKVVpWYjgKLS0tIDhZZTNzZENLWVByeFM4TTRNWm8x + M3IxNjFlZmFRb3M3V2hyQlcrTGxNRHcK5XbkLoag15HM4e5p5LBsGE/vpoEXwdpA + fphJH40rRkYEqfVtoA5y1hu5KhiqAugEQSBkAQeOOqtH9A5ZO21A/g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZXdOUEVvNmhxMnlTRjJ2 + MmpZVGk0aXRuV2J5citkUmhLUnhURTNWb2pvClF2VEhHZ0t1OXlZOVpmeUpMa3Bs + TXJnd0hOQklsS1IxRFFITi80QnFQRlEKLS0tIFVkME9KNi9kaVlnaGhoNjVGaGd3 + M1ArYVFnYitJNWtHQkNoRjVaNEdLUkkKN/B/tKWpxmc4SnBY2vTnz5NELbATjO1L + 5lqJksRLWaDdtwMRoHiKv5nCNZioPvN8RYqpACZeqSgR9362mMmF7w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNmxDTzNCZGhEU0pqaWps + Q2FGV2lmRTc5NUd2dis2cjdUWUVRVU4rc0ZJClYxVld5azRseitPcmdxMDVLRkJt + SWNwTkZhaCs4djdNaGpZWnBONkVtYTAKLS0tIGlkRDVvZFBhMW90eWZaRERZL1pQ + Q1J5VEl3ZytGTi9LOEVrRmRnVkw5aEkKwFg/Sl5grt4llmha7q9CnMv/2pnRjdl/ + yKRyqq5sec/c3vCTHiSIqrDM33ThsFyQM4N/D4S9ZDiaLizewFo64A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMUI4aHlZT2FQM1BlTHM5 + cEpjTXVTK05VcXpGRW5wTFdKajVSY2EyVGprCmxvTFhaS3pNTzdsbi9iZzhJQjZM + RFNwRlNoUGhrUHhxT1ltNXFLb0JPb1UKLS0tIGhLYU04WU84cUh5UVlYYzl2bWZj + c0xSa1pRT1BzQ0pwYW9sbmJTaGxYa28K9EHWkU+iTQhaYUXaXuoiEAGcPROrOLBp + sEs5IrOx26z8UBtm0aq3vts1vOmHrmqCzCFZfrR8CSuzm9/a4J9dxw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-09T19:32:01Z" + mac: ENC[AES256_GCM,data:U9xXQ8jTlH9DNqEqcKlrGEHwm4LZPqA7lhiiUi6G+tLo2Lk/o3mt5q9hT019AFido6iM1rrtlrS0cEddlrwSSU2xVqa+5w1xLrnTQ9mg1PvhdpzWssgfGxDAfCDOrIJZKQrywCPHrpfvrxTDWTZV9IcV1Txgud2yUtxM/JxHY5Y=,iv:im4APJwM+uV8SqwwB9HnhPNbu0AwXjGToinMUlSoXkE=,tag:dOQ5nqDI0vY0ttcl5TQ0Fg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2