diff --git a/.sops.yaml b/.sops.yaml index 8995ac5..68f0d8b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,31 +1,25 @@ keys: - &jo age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d - - &absolutesolver age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc + - &absolutesolver age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|cfg)$ key_groups: - - age: - - *jo - - *absolutesolver + - age: + - *jo + - *absolutesolver - path_regex: systems/[^/]+/absolutesolver/secrets/.*\.(yaml|env|json|cfg)$ key_groups: - - age: - - *jo - - *absolutesolver + - age: + - *jo + - *absolutesolver - path_regex: systems/[^/]+/puzzlevision/secrets/.*\.(yaml|env|json|cfg)$ key_groups: - - age: - - *jo + - age: + - *jo - path_regex: homes/[^/]+/jo/secrets/.*\.(yaml|env|json|cfg)$ key_groups: - - age: - - *jo - - - path_regex: homes/[^/]+/cyn/secrets/.*\.(yaml|env|json|cfg)$ - key_groups: - - age: - - *jo - - *absolutesolver + - age: + - *jo diff --git a/flake.nix b/flake.nix index 9ec7a9f..d0ae4f4 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,11 @@ url = "github:h-banii/youtube-music-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + attic = { + url = "github:zhaofengli/attic"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = {flake-parts, ...} @ inputs: diff --git a/homes/x86_64-linux/cyn/default.nix b/homes/x86_64-linux/cyn/default.nix index bdf7c40..f2b8274 100644 --- a/homes/x86_64-linux/cyn/default.nix +++ b/homes/x86_64-linux/cyn/default.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { home.packages = with pkgs; [ - cowsay - cmatrix + ### Tools + git ]; } diff --git a/modules/flake/systems.nix b/modules/flake/systems.nix index 97be68f..2538911 100644 --- a/modules/flake/systems.nix +++ b/modules/flake/systems.nix @@ -17,6 +17,7 @@ (lib.optionals (class == "nixos") [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + inputs.attic.nixosModules.atticd ]) ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname. }; diff --git a/modules/nixos/archetypes/server/default.nix b/modules/nixos/archetypes/server/default.nix new file mode 100644 index 0000000..222e633 --- /dev/null +++ b/modules/nixos/archetypes/server/default.nix @@ -0,0 +1,38 @@ +{ + lib, + self, + config, + ... +}: let + inherit (lib) mkEnableOption mkIf; + inherit (self) namespace; + + cfg = config.${namespace}.archetypes.server; +in { + options.${namespace}.archetypes.server = { + enable = mkEnableOption "the server archetype for your current system"; + }; + + config = mkIf cfg.enable { + puzzlevision = { + system = { + nix = { + enable = true; + use-lix = true; + }; + grub.enable = true; + networking.enable = true; + kernel.enable = true; + shell.enable = true; + locale.enable = true; + }; + + services = { + docker.enable = true; + }; + }; + + # Enable SSH for remote login + services.openssh.enable = true; + }; +} diff --git a/modules/nixos/services/atticd/default.nix b/modules/nixos/services/atticd/default.nix new file mode 100644 index 0000000..e85ead6 --- /dev/null +++ b/modules/nixos/services/atticd/default.nix @@ -0,0 +1,53 @@ +{ + lib, + self, + config, + ... +}: let + inherit (lib) mkEnableOption mkIf; + inherit (self) namespace; + + cfg = config.${namespace}.services.atticd; +in { + options.${namespace}.services.atticd = { + enable = mkEnableOption "the attic service, a multi-tenant nix binary cache."; + sopsFile = mkOpt types.str null "The location of the sops secret file for the Atticd service."; + sopsFormat = mkOpt types.str null "The format of the sops secret file for the Atticd service."; + subdomain = mkOpt types.str "cache" "The subdomain, of the system domain, the service should be exposed on."; + }; + + config = mkIf cfg.enable { + config.sops.secrets."services/atticd" = { + sopsFile = cfg.sopsFile; + format = cfg.sopsFormat; + }; + + services.atticd = { + enable = true; + + environmentFile = config.sops.secrets."services/atticd".path; + + settings = { + listen = "[::]:3900"; + jwt = {}; + + chunking = { + nar-size-threshold = 64 * 1024; # 64 KiB + min-size = 16 * 1024; # 16 KiB + avg-size = 64 * 1024; # 64 KiB + max-size = 256 * 1024; # 256 KiB + }; + }; + }; + + services.traefik.dynamicConfigOptions = { + http = { + services.atticd.loadBalancer.server.url = "http://localhost:3900"; + routers.atticd = { + entrypoints = ["websecure"]; + rule = "Host(`${cfg.subdomain}.${config.services.domain}`)"; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix new file mode 100644 index 0000000..6c1ec3c --- /dev/null +++ b/modules/nixos/services/default.nix @@ -0,0 +1,13 @@ +{ + lib, + self, + ... +}: let + inherit (lib) types; + inherit (self) namespace; + inherit (self.lib) mkOpt; +in { + options.${namespace}.services = { + domain = mkOpt types.str "thevoid.cafe" "The main system domain, used for exposing services."; + }; +} diff --git a/modules/nixos/services/docker/default.nix b/modules/nixos/services/docker/default.nix index bb3f805..346bc08 100644 --- a/modules/nixos/services/docker/default.nix +++ b/modules/nixos/services/docker/default.nix @@ -15,6 +15,9 @@ in { config = mkIf cfg.enable { # Enable docker - virtualisation.docker.enable = true; + virtualisation = { + docker.enable = true; + oci-containers.backend = "docker"; + }; }; } diff --git a/modules/nixos/services/duckdns/default.nix b/modules/nixos/services/duckdns/default.nix new file mode 100644 index 0000000..f40fca5 --- /dev/null +++ b/modules/nixos/services/duckdns/default.nix @@ -0,0 +1,34 @@ +{ + lib, + self, + config, + ... +}: let + inherit (lib) mkEnableOption mkIf types; + inherit (self) namespace; + inherit (self.lib) mkOpt; + + cfg = config.${namespace}.services.duckdns; +in { + options.${namespace}.services.duckdns = { + enable = mkEnableOption "DuckDNS, the dynamic dns service. Will periodically refresh your IP."; + sopsFile = mkOpt types.str null "The location of the sops secret file for the DuckDNS service."; + sopsFormat = mkOpt types.str null "The format of the sops secret file for the DuckDNS service."; + }; + + config = mkIf cfg.enable { + sops.secrets.duckdns = { + sopsFile = cfg.sopsFile; + format = cfg.sopsFormat; + }; + + virtualisation.oci-containers.containers.duckdns = { + image = "lscr.io/linuxserver/duckdns:latest"; + autoStart = true; + hostname = config.networking.hostname; + environmentFiles = [ + config.sops.secrets.duckdns.path + ]; + }; + }; +} diff --git a/modules/nixos/services/homepage/default.nix b/modules/nixos/services/homepage/default.nix new file mode 100644 index 0000000..1ce24dc --- /dev/null +++ b/modules/nixos/services/homepage/default.nix @@ -0,0 +1,54 @@ +{ + lib, + self, + config, + ... +}: let + inherit (lib) mkEnableOption mkIf types; + inherit (self) namespace; + inherit (self.lib) mkOpt; + + cfg = config.${namespace}.services.homepage; +in { + options.${namespace}.services.homepage = { + enable = mkEnableOption "Homepage, an intuitive dashboard for your services."; + subdomain = mkOpt types.str "home" "The subdomain, of the system domain, the service should be exposed on."; + configDir = mkOpt types.str null "The config directory, which will be copied to the Homepage directory during compilation."; + }; + + config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d /var/lib/containers/homepage 0700 root root -" + "d /var/lib/containers/homepage/config 0700 root root -" + "d /var/lib/containers/homepage/images 0700 root root -" + ]; + + # Copy files from homepageConfigDirectory to the target directory + system.activationScripts.homepage = '' + cp -r ${cfg.configDir}/* /var/lib/containers/homepage/ + ''; + + virtualisation.oci-containers.containers.homepage = { + image = "ghcr.io/gethomepage/homepage:latest"; + autoStart = true; + hostname = config.networking.hostname; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.homepage.entrypoints" = "websecure"; + "traefik.http.routers.homepage.rule" = "Host(`${cfg.subdomain}.${config.services.domain}`)"; + "traefik.http.services.homepage.loadbalancer.server.port" = "3000"; + }; + volumes = [ + "/var/lib/containers/homepage/config:/app/config:rw" + "/var/lib/containers/homepage/images:/app/public/images:rw" + + # Optional, used for docker integration. + "/var/run/docker.sock:/var/run/docker.sock:ro" + ]; + environment = { + "HOMEPAGE_ALLOWED_HOSTS" = "${cfg.subdomain}.${config.services.domain}"; + }; + extraOptions = ["--network=proxy"]; + }; + }; +} diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix new file mode 100644 index 0000000..0b063ae --- /dev/null +++ b/modules/nixos/services/traefik/default.nix @@ -0,0 +1,98 @@ +{ + lib, + self, + config, + ... +}: let + inherit (lib) mkEnableOption mkIf mkOption; + inherit (self) namespace; + + cfg = config.${namespace}.services.traefik; +in { + options.${namespace}.services.traefik = { + enable = mkEnableOption "the Traefik service."; + sopsFile = mkOpt types.str null "The location of the sops secret file for the Traefik service."; + sopsFormat = mkOpt types.str null "The format of the sops secret file for the Traefik service."; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [80 8080 443]; # http, dashboard, https + + sops.secrets."services/traefik" = { + sopsFile = cfg.sopsFile; + format = cfg.sopsFormat; + }; + + systemd.services.traefik = { + serviceConfig = { + EnvironmentFile = [config.sops.secrets."services/traefik".path]; + }; + }; + + services.traefik = { + enable = true; + group = "docker"; + + staticConfigOptions = { + log = { + level = "INFO"; + filePath = "/var/lib/traefik/traefik.log"; + noColor = false; + maxSize = 100; + compress = true; + }; + + api = { + dashboard = true; + insecure = true; + }; + + providers = { + docker = { + exposedByDefault = false; + network = "proxy"; + }; + }; + + certificatesResolvers = { + letsencrypt = { + acme = { + email = cfg.cloudflareEmail; + storage = "/var/lib/traefik/acme.json"; + #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # Uncomment this when testing stuff! + dnsChallenge = { + provider = "cloudflare"; + }; + }; + }; + }; + + entryPoints.web = { + address = ":80"; + http.redirections.entryPoint = { + to = "websecure"; + scheme = "https"; + permanent = true; + }; + }; + + entryPoints.websecure = { + address = ":443"; + http.tls = { + certResolver = "letsencrypt"; + domains = [ + { + main = "thevoid.cafe"; + sans = ["*.thevoid.cafe"]; + } + { + main = "rhysbot.co.uk"; + sans = ["*.rhysbot.co.uk"]; + } + ]; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/vaultwarden/default.nix b/modules/nixos/services/vaultwarden/default.nix new file mode 100644 index 0000000..be7e0b1 --- /dev/null +++ b/modules/nixos/services/vaultwarden/default.nix @@ -0,0 +1,49 @@ +{ + lib, + self, + config, + ... +}: let + inherit (lib) mkEnableOption mkIf types; + inherit (self) namespace; + inherit (self.lib) mkOpt; + + cfg = config.${namespace}.services.vaultwarden; +in { + options.${namespace}.services.vaultwarden = { + enable = mkEnableOption "Vaultwarden, a self-hostable password manager."; + sopsFile = mkOpt types.str null "The location of the sops secret file for the Vaultwarden service."; + sopsFormat = mkOpt types.str null "The format of the sops secret file for the Vaultwarden service."; + subdomain = mkOpt types.str "vault" "The subdomain, of the system domain, the service should be exposed on."; + }; + + config = mkIf cfg.enable { + sops.secrets."services/vaultwarden" = { + sopsFile = cfg.sopsFile; + format = cfg.sopsFormat; + }; + + # Ensure directories exist before OCI container is launched. + systemd.tmpfiles.rules = [ + "d /var/lib/containers/vaultwarden/data 0700 root root -" + ]; + + virtualisation.oci-containers.containers.vaultwarden = { + image = "vaultwarden/server"; + autoStart = true; + hostname = config.networking.hostname; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.vaultwarden.entrypoints" = "websecure"; + "traefik.http.routers.vaultwarden.rule" = "Host(`${cfg.subdomain}.${config.services.domain}`)"; + }; + volumes = [ + "/var/lib/containers/vaultwarden/data:/data:rw" + ]; + environmentFiles = [ + config.sops.secrets."services/vaultwarden".path + ]; + extraOptions = ["--network=proxy"]; + }; + }; +} diff --git a/systems/x86_64-nixos/absolutesolver/default.nix b/systems/x86_64-nixos/absolutesolver/default.nix new file mode 100644 index 0000000..26c5186 --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/default.nix @@ -0,0 +1,57 @@ +{pkgs, ...}: { + # Setup Sops + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; + + puzzlevision = { + users.cyn = { + enable = true; + hashedPassword = "$6$mvK9bT756Aok54Vt$vBRnT66Vb3HL0Y5rEMJlHvKkvzVQ.KUciInTmW3FCBFT00IuFMpz3q9RhXPLTLMRPho65bTg9hMnFPb84I774."; + extraGroups = ["wheel" "docker"]; + }; + + archetypes.server.enable = true; + + services = { + traefik = { + enable = true; + sopsFile = ./secrets/traefik.env; + sopsFormat = "dotenv"; + }; + + duckdns = { + enable = true; + sopsFile = ./secrets/duckdns.env; + sopsFormat = "dotenv"; + }; + + vaultwarden = { + enable = true; + sopsFile = ./secrets/vaultwarden.env; + sopsFormat = "dotenv"; + }; + + homepage = { + enable = true; + configDir = ./resources/homepage-config; + }; + }; + }; + + services.cron = { + enable = true; + systemCronJobs = [ + "*/5 * * * * cyn docker exec -u www-data nextcloud-nextcloud-1 php /var/www/html/cron.php" + "*/15 * * * * cyn docker exec -u www-data nextcloud-nextcloud-1 php /var/www/nextcloud/occ preview:pre-generate" + "* 3 * * * cyn cd /home/cyn/docker/compose/satisfactory && docker compose up -d --force-recreate" + ]; + }; + + environment.systemPackages = with pkgs; [ + nano + ]; + + networking.hostName = "absolutesolver"; + system.stateVersion = "25.05"; +} diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/bookmarks.yaml b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/bookmarks.yaml new file mode 100644 index 0000000..1d69336 --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/bookmarks.yaml @@ -0,0 +1,30 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/en/configs/bookmarks + +- IT: + - Github: + - abbr: GH + href: https://github.com/ + - Codeberg: + - icon: mdi-image-filter-hdr-outline + href: https://codeberg.org/ + - Stackoverflow: + - abbr: SO + href: https://stackoverflow.com/ + +- Social: + - Reddit: + - abbr: RE + href: https://reddit.com/ + - Whatsapp: + - icon: mdi-chat-outline + href: https://web.whatsapp.com/ + +- Fun: + - YouTube: + - icon: mdi-video-vintage + href: https://youtube.com/ + - A-Dark-Room: + - icon: mdi-campfire + href: https://adarkroom.doublespeakgames.com/ diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/docker.yaml b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/docker.yaml new file mode 100644 index 0000000..1897cca --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/docker.yaml @@ -0,0 +1,10 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/en/configs/docker/ + +# my-docker: +# host: 127.0.0.1 +# port: 2375 + +default-docker: + socket: /var/run/docker.sock diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/services.yaml b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/services.yaml new file mode 100644 index 0000000..967c3fb --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/services.yaml @@ -0,0 +1,14 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/en/configs/services + +- System: + - Fritz!Box: + name: Fritz!Box + icon: avm-fritzbox.png + href: http://192.168.178.1 + description: Home router configuration + widget: + type: "fritzbox" + url: http://192.168.178.1 + ping: http://192.168.178.1 diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/settings.yaml b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/settings.yaml new file mode 100644 index 0000000..df2defd --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/settings.yaml @@ -0,0 +1,54 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/en/configs/settings + +title: Jo's Home +background: + image: /images/cozy_kitchen_rain_compressed.webp + blur: md + opacity: 45 + +favicon: /images/logo.png + +theme: dark +color: slate +iconStyle: theme + +layout: + Media: + style: row + columns: 1 + Utilities: + style: column + columns: 2 + Entertainment: + style: column + column: 3 + System: + style: column + columns: 3 + Development: + style: row + columns: 2 + Social: + style: column + columns: 3 + IT: + style: column + columns: 3 + Fun: + style: column + columns: 3 + +headerStyle: clean + +target: _blank + +quicklaunch: + searchDescriptions: true + hideInternetSearch: false + hideVisitURL: false + +hideVersion: true + +showStats: false diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/widgets.yaml b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/widgets.yaml new file mode 100644 index 0000000..c152c86 --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/config/widgets.yaml @@ -0,0 +1,22 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/en/configs/widgets + +- resources: + label: System + cpu: true + memory: true + uptime: true + units: metric + +- resources: + label: Storage + disk: / + +- datetime: + text_size: xl + format: + timeStyle: short + dateStyle: long + hourCycle: h23 + locale: de diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/images/cozy_kitchen_rain_compressed.webp b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/images/cozy_kitchen_rain_compressed.webp new file mode 100644 index 0000000..915d1da Binary files /dev/null and b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/images/cozy_kitchen_rain_compressed.webp differ diff --git a/systems/x86_64-nixos/absolutesolver/resources/homepage-config/images/logo.png b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/images/logo.png new file mode 100644 index 0000000..aec64c4 Binary files /dev/null and b/systems/x86_64-nixos/absolutesolver/resources/homepage-config/images/logo.png differ diff --git a/systems/x86_64-nixos/absolutesolver/secrets/atticd.env b/systems/x86_64-nixos/absolutesolver/secrets/atticd.env new file mode 100644 index 0000000..8a12f7c --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/secrets/atticd.env @@ -0,0 +1,9 @@ +ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=ENC[AES256_GCM,data:KgkGiJXcvaYFciSjJbN4ssDpAoY68YvvT5CyWd6n6fPURu97jQqrKeg4HcopoU3V6ALEWCNvj1cgj32Cs8ISkgZcQ9h4sUlmXLQd+JX7gNoyRdLxrmYlTA8BMAoil/gVyaIYejRg4EuPP9g2D3cazuOI/eKz/E0KrBRlUbLUSCmZE92NiZ3RMFlPat0aJ4oIRwW8UH+C5SRCViSnkCpKzt7YV0RKqW9KVfyAUGS4Xm0jrIuhfELecfekWUB7l4sj89MHN2O1BrDYm88hBhzeo1ztclyIGmUyWPH35Oz6HthTAJe7mwooRBN3aYc+1BKoLz9vvH16Gn3iGbubBnSbctQ4CgCf9YbcYGmOn3LAAbX/NtG2rSZxEOKxUH2j2I+Tyv4Y4TJKFO0fPmbrYmNNDuussiAXdxj+Zyct/kNWCNb5pnqKD258XVEFzCgqleFU45seIZwU9b74qooeuc4vDdSfeSGdFjUt7ZBfjLi3YsWrsC7hK1hhQSg4ATAUljOHSBEV99puWDEZdaNO2iUTPtQun9tk+Ovnp5ks02QF0KS3KgfLkOZd+nbqwm13KaHvXYtKRmwnQZHN/Doz7ogF9Z6A2iK/IMmAunDzBBDtFuH/N19uz95SdILdiv7sHi2xk6AXuP6D5krHy3S0c+bbCR/1bGaffRhO4YqCTO/mcnWQMyN4avvUnACCgQVjAzQySe8B7h0rwHZd5mIIJawKIzoq11orVd3MYzgan999v/y5OO4Nl6bGV5G3Qc9Kv1x9CjlLYiFgSSBI+h1YStMj17L8BnB99216rIX7k/nNvZAe2/qK7IGT/aZB9BZ8/+YE/vfUbK/QOUnw6lCOc0/VNgmsOKl8G1XWF1srNtVnFO6CjC/A4s/y9BElDIPKsCDp0PgkYYuPpAt2MuaFos4QsI/km+dvMPQE9X2SpjMcDMcpezJnCOscqxR5TJwSbjsdB+br1kOfICj067RRbWSkzh+O17zryk9T3ZGteq30dhtzzmTS+BxQmaG7gir4ECbyk/cT7Ds6h2wfwbL07PO8mvXCRQ/XSqNx1ONFrXgolOTalX/k3K/+pr4uSaNedxhI38YkXQXGJ3FarzCFRAI3w4C3Zx+YYV+PAd79OU+5O8dDewi1gfzhaWfQEGB1VfKTeoQWUiTMEQAPhr6yFBgIqVa7Nn64FIfaeS04gNuX1IU/zlhYYAN1C5V0B/Px38F1nI5xhbUE98DpDzck/BCDHkJsWjJzCRcVdnaZdOn083ufseO2cGmtJtCTS8YsQivHodoiU2hnGnYJ3ZsgP9/LLP5U8eB3F7GkyRR1Hhhqc2TY1CBwlJmIpEOlTauJP7FhE4pCsIeWqKehMQIIwQqHS1G+4h0+1OnF01V4m7y2zNu1UaTi2lvH7RgZWw3ojcLNec3NcvmOfGyI2ZtHQF6uPPD/fqYWy1YDXhXGzl20uXyo/VZ1bvD3M7AFf2nYLyJBtp53r0S/MjrZfTeZGmk//02yMQo48KtIqKhwhcH9A1j91USuQ/owabykGyY09mqoOampUySOZo0YERRtx+zqYKUan0tTePfXlolqouvzWJgGqQCMhqUpFGga1Jaw4EM9XnONHDQaVo20gu4q3sxcjkblOFVAGQH8+W9XH47BrV6aipH72032ANeFEm+uxRoKng82Ja6Qb6X0npD+TnxCrhzquMm54StZuwqqhBV+cWDw365zCCd0MrlVM7/Yp7KYKOE9LNzxrFJfyo0tXR2B9YOhIfwoReL8ekq10xgpR0stXOBxBpGDYBWZwz39DCc0sc26a/GvDdrmKzaE9nBdmt7rDfXkb2BdGTci9/va9kj6DgLsTCseEt/y5b/28Oc6rBrUgchhYkgkTIHoCVl0Wfxqh8x2uh4AoOdTPHFBfq2MRAER5qIf6ADQNWZCUEsnWb1IhIlLrLCNYOWk/0q3qa5/gWnQyT4bwmNuEh8IT5MCZaHMG73lFRQQ3EU6uJeY1GoUJHfp2wJJ7xqENx4zVFXdlxz6rgLajoI9ugbcLCU1abeda1qeKLGqwsUAlFVXxrlQU688N07VPW2niuUlz67ald3u8WbcD6+hBIPfP+Mdlv5UXk3fhwUC3lfokB5KSxNKwERq92/4i6QtlFQMqPsZn32C+StrD4kfOODSFewAOTzKbIMVvKeZtA7//OzliYPZbh0OjKZI+CZF1yhwadOeED0xrFW71kjvS4bf4sSGZWE0QRAkZgZNlhsiFXPVKoE8Hxuo6FFJBlztxwTJbMtFvy/1MYMbkCitHbI3z2/2fQ/eOnLSui18u9JELcf9yGTlfnve8vx/7frk98ui1KeNQ+sHFoAhMoLSWvFvnDzps70aKLwHsR8+UMrabNp0pq0xbP79NoHCFlEr2PxsmpgkKEQlUVFJa8exkYc1ma2QYk/MspTh5L9ijH5CrWnaLJ9Y2mMm90HMQvbWBxEUONqwT9N1bZtHEWQYzsAWaEA2lK6jsMO0E8TSqVJIYzm052qZqGjz+lcxsSPDCuj1QiFpob90ZFoWsXO0y0nNMG3DaQis6QgulcPkAFi0AlHcuYVLtoI1aPHP4dV2soMiRQb/uTHpgpB+WgxUYUjhaVc1QaXFZZVwBiG8ABNeOPrESQaZ3P3ees8t6e5RIyfCBCLabHRIIlq6meuhF04fuxf1BtragWObxhd75mVXOSe2XwblL/dD64FaEzIOBcJj9DopaDJMARSQ+Phoy6kWFpx/cHrVoAOrJ8KOe5oaByoPxCK74mB1WOqhgoZNDKVEO8+laBodaZQuuQ5T7bkxB2skKHTXrOL/QJzxgHBN6Z+EqYiw+TlPjX3ijV9fJqn3hxUdHEmpzjnv6q5qM9LOQqlPr3XZpHpSNvV6Fku2PJByUdlwp7mNeD4sU6lHKPAgxcy1k+N0vwc61wMOCYeZP9TDzi+3NhgFb5f2q8WQdH6+h4LEuCQjayOlGu48I2jT7jbiz76pZFHdciIS1hmMzG0QqNmUuLVDnPb0D/LPCnnIw/kpnc9uMXgHFzWZgxNp5G9m4lctQLB/PhLRNP/KCSx4hfIIyXFTeY1ymWMiJpNq8GUhMKoB85z2pgs8hrAWOujyVRmVbQEP6r9MVLmeCIP+PQnQo3L1pNwR/bPn2p/J16t+L4ic/hCq0IzQcBtvpioQEqMGOoWrt099xpoMnBc00qNRkKpDdTM4kzblSIZGaLx/TvkSLJRlMIIfHQu7s6gVlLqiOuC/pMA1ZkQo4PYrrkghtSej1Pbs6G6P9hYHlPy5wps5t6lHDA+M/7Q+rlbX5EFwKFVlO0yjLSyj20wZAA6ZjiXaQBm9nbXXKClO9g0qFl9Pq8pUnZ1MOOnO7vSPLZzFgDCDyL+lBGcdaX2Y0sfs3qRL5iey1d1T8dyz8VxCEe3EfhdS5GMaSep2TyoX0vgE6oShAb14/cClSN7Pwe0tC8TsPKjkqMgMXYA+O6sXGm461ybuGayVAvM8zv4SCwQlWBzB2FnnZp3ZsZqMHSUJlMbekzOn6j3qhsQNQ1bVfGMr3LwwBpisVJvHyAjBKVJFafFR5d7zn/smfZBqfLgTGLyfEMoE+ke1t2ZzqxCwKmrpkaTnqph23vdMlEDvFEXK6nVvAr0moK6qyRNtApNBhLR672OtIMMPuM2BpLxi0ZS46V3nYkpKs3SUsFuP04w4wPO1f5TQijYt27MtTNTHg0oMe1SXudwb5zhGyIeTbG5IdK5D8UhQO99iHszn0PGp7xBuIHZD+K63ELgHNWAFSlA5zKu7dgxe08OtfHb7a8GhDxEtLaiTprerm5vA84ARuSYJ6bmGPsTRj8uaRpRX3Sv6vgiWdQTNzxynbpws89U9EJntSQaZr50lCa3tXVhbenyWJ4ybFGP8P2sjPY2r8UZb4Pfw5ZTgLr7jiPANp+BnDuxuE2hZ8/dWRnHGnD976+tJpEZSe70aPwAUMgaLM6U7s6RNi0uRsiUONSUNFhodW5UxColHkJ6jVFyZ5788vf26Rv0W7LTFOSVDP/F7io4X80ZwhMzb6EBROjzaGbsp7h2CkgV3yI31mNp712XXVblwqlNbUCPf9S9xnOCAOpd7hIIMDzeHboUnNCExysxB+LYxjM2e9kvYxyH91++458NOprSY1dlyW5YfqXnBajRo7PheAgOqWKhPZ1b8NXL3YBiTOKhMA0ipZIZ4x82HfzRhu82V5T9rSzFxde/X9G5Fg7I1WqRhex3603F/EfxyHOs3C1n0c0o/LqjshHA9mRQ295s7CuVLPXNZl0Px8hICLDq4iGbBBEEUIJvTg7RNH93PIxiEysaU+t5NoAq8smDUs3WBem1i4K0uz9MpYzlj9HKMZksV5v/fYwGJAiaDdhI6Ir2ohfNWYwGZdxm2rprOG4+hYxRPfnAar0VKzqbNX8lMUGCxcMCgrbdYls5rszUxWMiDjqq2KNHzK6IFSONx50n+iBpJYhIEZLD7t5zfl8ok1+cSAva6zzSloWB+IUXnJ8uc1pRS9BljAFF/ZvTnwshSCaxY1rtiYflECMWWWfl9bXQ9PGsJVtH+mNSzJEWsAdLQrP/LGljEcD3Ggf2wLS+CjAhvwGPE2ougE4B1pkwn7oegDRuAZ/PagaYjxbxRxm7LqYlZoHHzc5l/2Jb8PqYkGjCZLHmZIvTSIHQCruQA2eank1WYbHUkUHp9uk+qFFuD9MuT2b1A5YtTHg4ItwbC//7HLiFclINYHUwAyXZ63usC8P/uJa3SuyePQv9JtPbSGzHpMyAoTuIHFlkDsyD/8ySmPApFDkZz+cUuGdijj1GAJ18217KGUxTPrAXlyXZBJ9qhF5WcHAHf14PD3Shdzbx/h0k6Q2BAgHp4S42tBUh3/hkKat5vWhurKYGEd889PESyrJ6GxgaFeVLtL+H3rlrj8BMRgDj/qvXew8FPm30BrpcYFhgE6l9/NSX21caSjXSDg/QZolx9F9ThA8DnXNX7yGntpkfkqq6Tgx7QDFpra+Dh2YZat43ojU23Uge3xHfcH1mXktm7n+5orfLcdQb+kNYgAlYCI7Na193KzRsURcaaKhTc6eQLc2JfHnCBQOzh7yl8w0IczdIPE/ByIbWDgx3UKF8RyopQ9izlC+QCxt5v39C9NZLlCVV/zQD28gzusudycVQgreHHJetZHdfxEsXVE9+6eSnHPtW4Y56kVL4b5jH06j2gAZCYWpEY0KJoBZGHOOC0u79LGnCTl/YU6W2DmgiLMqjtjjiVRS0iAjxiz5SmKeGNEX0VP7jd5Ex7rqvPeD8lN3H8UilF5HlKDkO7u5L+Bl7V7PAwC8MXRazgigF1/siQSqpM7P5PQbSL4U3ntP2uId3Z7vIpA5UMTCtkOYPME7MdbPXLqIrZ3Ftt9OC9bWL1Qc8FpMc39OwEzdOYgW8FXvRwBektBaufYtiYklJZuTOWpOnKdd0q6bMGeHGt8BgSkZUSkFGsrYaaBNEqeQ72C9SRj8/lqGTyq7BubkZBMoFvLDb9ZVto2stNepUT8QYfW0B/xn6gaPgjIMzkXb/r1G+tlsDyHOQSytEK/aIn0wYPV3mYBhVZ7m/8/jhZ4/Y2JWw9Q4D2PRcvdtij+HSqlVboAjgM1GLw9SE9nC6f9ETxVP6JdVVK1YqUyegJNPaOIzGAauY/mozbxpJ4ANOJHFVwH2dY/3Alu/FXwNCXnLJmpTNV1ebvXnD4Q5q6LILTV95zwvUyJc0iqrfhHNs9aOFLs1YY9VfkFsVGygDp5OiD8rW4wBMCusxAAFLIYKZK,iv:JNZB10Ibu2eSOvUurCGxbNpY3nYBv9+qkriHMNL0dpY=,tag:Il1Q8+4FgznazApPaEw1Dg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuS00rQUpVNHJsVisyRTAr\nV3ZDM24wNGlrZnRiNEtlb0FhWTkzNkVESHlZCmo0TXFCQm1QQjl6aE4zUHZjcFZX\nRWxWWHRFNnNRNGMvaFNXUnhwemUybjgKLS0tIEMxRkpFa05DL2daWDFtbEc1cnlP\nb0NGRGRHcVJlYmEyUzN2R01wK1JscVEKIfyz9CttFhzAPPGJupcUGw7+q8+jW231\nIoI+EE75RmuLP5mpH4O12lckHOFXwvnjHyG4SjuHNV2L9aWSxxoyJg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOXNZeGFGQXlyRzgvcmFz\nQm4zQ05HUVRDNWtEOFRPL3Awbjh4b3Y5SGpVCktEZGtqVU1JeE1rRUJSd3ZLOUR2\nbzVEUW9HOFdaVE40Z1U4UzdLLzNwNEUKLS0tIFp5SlprTXlUVDI2c2lDT0dveEsw\nTjVISkJiUEF0WlBOVEpMMHBQaG9PMzAKf/Mq2VPH7GlrdjhUfzhwMTQjq2eWiFyf\nGsVnXE0xqghiQg+kkVre9RIP3tESEvGfl3TwnBgtdU3wgVFppF4okQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc +sops_lastmodified=2025-05-25T16:46:56Z +sops_mac=ENC[AES256_GCM,data:GVISKiF8PDa4YHikMnhwyPdvyMBE5BTrrR+Xix+Hwtk41CE0sx+UUMUhN4mPdQ28+1Wmv2t2gZ6f1VEsUPinDiT5H/SnEMd9DE83ksUqBRtPWLyVqIMIqkMCrkCBklX646pPVGZq53AT8xa+5ntxFVSU2wfUqwseaxZbNXVdKhU=,iv:FTKVyBUCchSTFBu9UJji8kATcpzrHjnx5IAkowY6Xjk=,tag:pOMIvYzHodF3Fm4YVrTg1w==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2 diff --git a/systems/x86_64-nixos/absolutesolver/secrets/duckdns.env b/systems/x86_64-nixos/absolutesolver/secrets/duckdns.env new file mode 100644 index 0000000..de2ca9a --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/secrets/duckdns.env @@ -0,0 +1,14 @@ +PUID=ENC[AES256_GCM,data:lxkuog==,iv:yP4a8/yPDxqaMWF7B98fx4EnvQTjeLEFHbQfZJKIj5w=,tag:5E71lSVVyFEtW2x9K1bmKg==,type:str] +PGID=ENC[AES256_GCM,data:oLPGtg==,iv:VnXy7EqnelYfXlYpLWHykmyR12AffsdODCUfL9QAvig=,tag:+Gv8qPuMrj1A151FtjPcMA==,type:str] +TZ=ENC[AES256_GCM,data:sf3Yq4iqZt1AOyII/Q==,iv:X8T/uFcBjJ4O8+WDPv8hSjYQzIlp0hkDCq+IwoixP1g=,tag:TDSjLOhvQp0nNopPP0Bf/w==,type:str] +SUBDOMAINS=ENC[AES256_GCM,data:w7fOE6X6l0dbRGRJekNRZFAA,iv:/4E8c2YzQW1zwnRRCTa8X8tnEvkLffM+1wy+4KWuTL0=,tag:MTKGOWLsGvNZGzBrjev8KQ==,type:str] +TOKEN=ENC[AES256_GCM,data:QPGrbiwqJY4smVgCkzF4rg91VpoWjx+3FzQYL5v36LeBGZ0e,iv:aEf8b7pnsBwjv/2NPSJpgq1LZH6pioTo+5QrwXgBRrI=,tag:hU2GEvPMk/oZ1f0/aF/JPg==,type:str] +LOG_FILE=ENC[AES256_GCM,data:Ggb5fCg=,iv:mYZSsNHBSObpqdoFRovWy2CwqAFqsgPCODHvQQtRZyY=,tag:i1WB2x32z+lQ0fQYZXPabA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSFEzMTFVTGRuTzdRc1d3\nT01LaVFlN0NQUE5KR1V3cTFhWHFETHNwVm1NClo0RWxyNjYwVFQxbUVoYlp3VGhh\nN21xd2JiUlJiSFVheDV1cndwUFhzUmcKLS0tIHd6NjNlSUUzZ3g0czhuZnVxajhL\nbWhPbzRiU3dzQk13RCt3bkIyV2tjOUUKn/tpVbegYBU1vn59vWmkO2UxZHFzc63k\nKFEou1Gp77uh9IrA/uT5ZF7BFrADMQmX54+whUMsqKHaSAUeuVnzJw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUTN4OG9WWDVLTnFwcmhr\nY3JXa0dURXg1ODZGN0hkRGF3TEZTZjZIVkdjCmNRMXFWWmxXQUxmV2dHUTJzR1pz\nR1gyZVV5bUhjZENOeW14K3lHV0dDakUKLS0tIFhvRHJtVHdQOUI0WlhtY0kwT3Vu\nbnB5RzA0RmtrZWQ5VVBCZXJMbGxwdlEKGWFr/KBbaj9WxleuNhtV/0KJWz6lpcrI\nnJ5GEf4e0d1CgOAayPKzLpgf5Pz9GAfsHD72NWv7dNAdRrOoa1pL0g==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc +sops_lastmodified=2025-05-25T17:02:19Z +sops_mac=ENC[AES256_GCM,data:yx+YDiv04ZZBjuag+lF6GObqgL6cJVfj2TZLnl22/U8Yp1Su/IgiPFpqyWqYbjdbnoc2pFe0FhdvUoN58yPjOIm50jdNM3OgQNBhtP/oJU0hwuZGrvI1R9iUhVFDvDjqwDGsC+e92/EGgFKU/rjj0oByhrukqL2khvj/0FeQ8sg=,iv:pLy5UO5Zaqv/bL7OYJqUZ+oRPqaWfaoBkkJpMkvPjzQ=,tag:B9kIFdgHxrvbug2fKUtkDg==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2 diff --git a/systems/x86_64-nixos/absolutesolver/secrets/traefik.env b/systems/x86_64-nixos/absolutesolver/secrets/traefik.env new file mode 100644 index 0000000..7a10eaa --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/secrets/traefik.env @@ -0,0 +1,10 @@ +CF_API_KEY=ENC[AES256_GCM,data:TSDR5dnNolSErwfjAjyOZsyCapan6dumv2Ti2fttkcAY3zIamA==,iv:pJqVyZ8Q7jVa9LOBhiyXP84yAQDGIWcgHf3S5Kmynek=,tag:Rei3sW5oaCcqCsLopEoeKQ==,type:str] +CF_API_EMAIL=ENC[AES256_GCM,data:85E6UE8QCfBxhdWxVvwrnWetC6ZtQBXcujPbXgk=,iv:qEmGfZguzppCJGsPSAj0VsmPI5K4gVHZJzRT6C7bPmM=,tag:LvgXKz1GwWaFJSMgkfh0eg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBma3VZRkh6MzBLNkZZS3Ay\nZWpiU2NsMjcwc3hlb1J0K0NPdXJTYVYwcG00CjJUV052Vkt0N2tZOU13d0NrTEZj\neXVla2RWUzZDUHFvZ2lmYzYyb0w2RVkKLS0tIFdkZGYweW9nTDNCb3hqdU1HVVBt\na01ucjZVZUhOS3JxNWI3dDllT2FwUmMKWtRC1AsyiE7WGwG8i+kyy3ejNU/EVDvC\n2JwnbAX/E8yLjhx68zTbQ0jF6j7xxfdUqNgOOgK1IlK7zriXuA+y1Q==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZlZwZGk0bGlpdmhCeENs\ncUJJTEhJQllrdDE4WVVLT01qSGZEeFpNL0VnCmZDWWM4L1l5S3dzc20xQTlhVHBi\nRW4vWWxEYjVmK0l3TWJOSjN5VG5ZUFUKLS0tIElZRzZpUGRpSjc3ZHJaTDZYRTJB\ndmoyN2lXYUVSQ3RQaXRuMkgwejdXTTQKGFM9TouDfvIlb6tyymuAAVsDb/LMhPDP\nNX7zSAHNWdTxo+h913NnVFSZJZzPxIR4dMB+sCn+5p6YawB61K5zpg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc +sops_lastmodified=2025-05-25T15:36:17Z +sops_mac=ENC[AES256_GCM,data:y2DNwdfrffQA1gcjlI3006+6c9NYXV+2Wsn6IVJcunFoan73iAn/u6D/XZHiF7R2z8/cZOvLW6BCQzEIeUvtm/LeSh9HOz/LV+kYEqvCb2qvc/h8dSXwZY/P+4eIpuSPR0BqeILUAZBzlLbMRQ8vEK+7wA95+72ixl4jaZxPXps=,iv:rjmS6QraVr4gJljwFRkIOcRTLBugWnd9YsZ0m6cvyos=,tag:DIDiHdkuVgCJh9/YWBEEow==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2 diff --git a/systems/x86_64-nixos/absolutesolver/secrets/vaultwarden.env b/systems/x86_64-nixos/absolutesolver/secrets/vaultwarden.env new file mode 100644 index 0000000..331f2c1 --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/secrets/vaultwarden.env @@ -0,0 +1,10 @@ +DOMAIN=ENC[AES256_GCM,data:XtVmddel4uwamadpRlUgwez7AcBSVYBrBL4=,iv:1XILsuKg2iw3HesEEx4aPxKT4uVGItfk1h0i1zFFE50=,tag:ebB7eLD/FudKZ8vihVGrug==,type:str] +SIGNUPS_ALLOWED=ENC[AES256_GCM,data:UZcXAWY=,iv:gsJhwcCeTtDMQuGrwqavLXolIGbqE6xsabl26FWmW2I=,tag:/IUwBMJvG3vXrO4EbFg8Hw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYVBPbEY3MEdVSFlZNnlM\nWFJ0L1oyTituV29BQk9BZUNoNzFzRVZWcVYwCktUeElQQ2s0aGtLdzB5dThzUFZU\nVmlxQ3c3RFpGb2h5U0lESmVoUFgxeE0KLS0tIDBGMzBtb3d3T2RobUFMN0FGem5L\nWlRvU25rL2xQNkx1cDJ5dld4YUVpcTQKxPoVeLMB4OkF8C2REvDW1xHB1qnDkqsD\nyzCXhs8HkAZFfv1zw3gNeG2SB7JRTQM4JPCrA0ceg1q9OO7iEInzKA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWHlkMjhnb0NsVTNSSHox\nTUZtZUlVRkNveDFqVjR2TGFCSWVFWXppRXo4CjF5SWYvRTdzUWFoemxJaFR2VU9B\nbXY3d3RaY3UvUlNCV3FwZDNGd0M0RGcKLS0tIFpUd3VzRDl4aVM5VXoyV3FiWDNy\ndmE0Rk0ySVBiVW9CZ2Jqb1A1aUdNT2MKtiJZLpoOUxpTUosauNZejzK3d/2wpJ33\ndWjowUn4/TKzZ4VjV9hGuokiwlf9ohJJCodINI4PBHWhb3OfXMsGMQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc +sops_lastmodified=2025-05-25T17:01:30Z +sops_mac=ENC[AES256_GCM,data:2h3KjAcdeDjGJ0lKmkucBxyDrNTl+FgRvoUcWiURHOyDO6RrM3SIyGbqjrr4jRR8Zv6a45SsqgcA8DrwRKWN+dV/IvDY15NNo279JmnS+jK00x+FnYxmSB63GLyz5zWEEY3DV4lOGwsr2eKd2UmH5H9W4Nb0ARMitKIXRMnzzxE=,iv:ip1xWy9XDHQO7KjHPzKmkuv3uGMhrRMXZp3MXWqndHg=,tag:ex+JxUkWj/13/twi0g+Rzw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2