diff --git a/.gitignore b/.gitignore index 5714cbc..fb3dbd1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ result flake.lock.bk +.sops.yaml diff --git a/home/nomad/dotfiles/nvim.nix b/home/nomad/dotfiles/nvim.nix new file mode 100644 index 0000000..cf9eee0 --- /dev/null +++ b/home/nomad/dotfiles/nvim.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: +{ + home.file.".config/nvim" = { + source = "${inputs.dotfiles}/nvim"; + recursive = true; + }; +} diff --git a/home/nomad/unkown/home.nix b/home/nomad/unkown/home.nix new file mode 100644 index 0000000..31da764 --- /dev/null +++ b/home/nomad/unkown/home.nix @@ -0,0 +1,142 @@ +# This is a default home.nix generated by the follwing hone-manager command +# +# home-manager init ./ + +{ config, lib, pkgs, user, inputs, ... }: + +{ + home.username = lib.mkDefault user; + home.homeDirectory = lib.mkDefault "/home/${config.home.username}"; + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "24.05"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = with pkgs; [ + # Essentials + kitty + firefox + google-chrome + # Apps + vlc + amberol + webcord + bottles + cava + ryujinx + mullvad-vpn + transmission_4-gtk + obsidian + tailscale + syncthing + qsyncthingtray + htop + nvtopPackages.full + exiftool + moonlight-qt + kdePackages.kdeconnect-kde + # Dev + go + python3 + nim + bun + pocketbase + edgedb + bruno + ripgrep + zip + #zed-fhs + # android-studio + # android-tools + jre17_minimal + # Nvim-Lua + lua-language-server + cowsay + + + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + BROWSER = "firefox"; + EDITOR = "nvim"; + TERMINAL = "kitty"; + NIXOS_OZONE_WL = "1"; + MOZ_ENABLE_WAYLAND = "1"; + SDL_VIDEODRIVER = "wayland"; + _JAVA_AWT_WM_NONREPARENTING = "1"; + MOZ_DRM_DEVICE = "/dev/dri/card0:/dev/dri/card1"; + WLR_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1"; + #WLR_NO_HARDWARE_CURSORS = "1"; # if no cursor,uncomment this line + #GBM_BACKEND = "nvidia-drm"; + CLUTTER_BACKEND = "wayland"; + LIBVA_DRIVER_NAME = "iHD"; + WLR_RENDERER = "vulkan"; + VK_DRIVER_FILES = "/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json"; + #__GLX_VENDOR_LIBRARY_NAME = "nvidia"; + #__NV_PRIME_RENDER_OFFLOAD = "1"; + XDG_CURRENT_DESKTOP = "Hyprland"; + XDG_SESSION_DESKTOP = "Hyprland"; + XDG_SESSION_TYPE = "wayland"; + GTK_USE_PORTAL = "1"; + GTK_THEME = "Nightfox-dark"; + XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache"; + XDG_CONFIG_HOME = "${config.home.homeDirectory}/.config"; + XDG_BIN_HOME = "${config.home.homeDirectory}/.nix-profile/bin"; + XDG_DATA_HOME = "${config.home.homeDirectory}/.local/share"; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/home/nomad/vps.nix b/home/nomad/vps.nix new file mode 100644 index 0000000..601bc8a --- /dev/null +++ b/home/nomad/vps.nix @@ -0,0 +1,17 @@ +{ + imports = [ + ../common + ./dotfiles/nvim.nix + ../features/cli + ./vps/home.nix + ]; + + features = { + cli = { + zsh.enable = true; + fzf.enable = true; + neofetch.enable = true; + }; + }; +} + diff --git a/home/nomad/vps/home.nix b/home/nomad/vps/home.nix new file mode 100644 index 0000000..377dee0 --- /dev/null +++ b/home/nomad/vps/home.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, user, ... }: + +{ + home.username = lib.mkDefault user; + home.homeDirectory = lib.mkDefault "/home/${config.home.username}"; + home.stateVersion = "24.05"; + + home.packages = with pkgs; [ + tailscale + htop + bun + lua-language-server + kitty + ]; + + home.file = { }; + + home.sessionVariables = { + EDITOR = "nvim"; + XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache"; + XDG_CONFIG_HOME = "${config.home.homeDirectory}/.config"; + XDG_BIN_HOME = "${config.home.homeDirectory}/.nix-profile/bin"; + XDG_DATA_HOME = "${config.home.homeDirectory}/.local/share"; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/hosts/common/vps/default.nix b/hosts/common/vps/default.nix new file mode 100644 index 0000000..07cb347 --- /dev/null +++ b/hosts/common/vps/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./dufs.nix + ./nextcloud.nix + ./pairdrop.nix + ./syncthing.nix + ./vpn.nix + ]; + +} diff --git a/hosts/common/vps/dufs.nix b/hosts/common/vps/dufs.nix new file mode 100644 index 0000000..ea9444f --- /dev/null +++ b/hosts/common/vps/dufs.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, user, ... }: +with lib; +let + dufsService = { + project.name = "dufs"; + services = { + dufs = { + service.image = "sigoden/dufs:latest"; + service.ports = [ + "5000:5000" + ]; + service.volumes = [ + "${config.users.users.${user}.home}/dockers/dufs/data:/data" + ]; + service.command = [ + "/data" + "-a" + "???:???@/:rw" + "-A" + "-a" + "@/p" + ]; + service.env_file = [ "${config.sops.templates."my-env.env".path}" ]; + }; + }; + }; +in +{ + options.vps.dufs.enable = mkEnableOption " Enable DUFS service "; + + config = mkIf config.vps.dufs.enable { + virtualisation.arion = { + backend = "docker"; + projects.dufs = { + serviceName = "dufs"; + settings = dufsService; + }; + }; + }; +} + + + diff --git a/hosts/common/vps/nextcloud.nix b/hosts/common/vps/nextcloud.nix new file mode 100644 index 0000000..a5ce128 --- /dev/null +++ b/hosts/common/vps/nextcloud.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, user, ... }: +with lib; + +let + nextcloudService = { + project.name = "nextcloud"; + services = { + nextcloud = { + service = { + image = "lscr.io/linuxserver/nextcloud:latest"; + environment = { + PUID = "1000"; # User ID + PGID = "1000"; # Group ID + TZ = "Asia/Kuwait"; # Time zone + }; + volumes = [ + "/home/${user}/dockers/nextcloud/config:/config" # Config path + "/home/${user}/dockers/nextcloud/data:/data" # Data path + "/home/${user}/dockers/nextcloud/postgres_data:/var/lib/postgresql/data" # PostgreSQL data path + ]; + ports = [ + "4400:443" + ]; + restart = "unless-stopped"; + networks = [ "nextcloud_network" ]; + env_file = [ "${config.sops.templates."my-env.env".path}" ]; + }; + }; + nextcloud-postgres = { + service = { + image = "postgres:latest"; + environment = { + POSTGRES_USER = "$NEXTCLOUD_DB_USER"; + POSTGRES_PASSWORD = "$NEXTCLOUD_DB_PASSWORD"; + POSTGRES_DB = "$NEXTCLOUD_DB"; + }; + ports = [ + "5432:5432" + ]; + volumes = [ + "/home/${user}/dockers/nextcloud/pgdata:/var/lib/postgresql/data" + ]; + env_file = [ "${config.sops.templates."my-env.env".path}" ]; #idk why the image isnt reading this file. will fix later + networks = [ "nextcloud_network" ]; + }; + }; + }; + }; +in +{ + options.vps.nextcloud.enable = mkEnableOption "Enable Nextcloud service for VPS"; + + config = mkIf config.vps.nextcloud.enable { + virtualisation.arion = { + backend = "docker"; + projects.nextcloud = { + serviceName = "nextcloud"; + settings = nextcloudService; + }; + }; + }; +} + diff --git a/hosts/common/vps/pairdrop.nix b/hosts/common/vps/pairdrop.nix new file mode 100644 index 0000000..1477839 --- /dev/null +++ b/hosts/common/vps/pairdrop.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + pairdropService = { + project.name = "pairdrop"; + services = { + pairdrop = { + service = { + image = "lscr.io/linuxserver/pairdrop:latest"; + environment = { + PUID = "1000"; # User ID + PGID = "1000"; # Group ID + TZ = "Asia/Kuwait"; # Time zone + RATE_LIMIT = "false"; # Optional + WS_FALLBACK = "false"; # Optional + RTC_CONFIG = ""; # Optional + DEBUG_MODE = "false"; # Optional + }; + ports = [ + "3000:3000" + ]; + restart = "unless-stopped"; + }; + }; + }; + }; +in +{ + options.vps.pairdrop.enable = mkEnableOption "Enable Pairdrop service"; + + config = mkIf config.vps.pairdrop.enable { + virtualisation.arion = { + backend = "docker"; + projects.pairdrop = { + serviceName = "pairdrop"; + settings = pairdropService; + }; + }; + }; +} + diff --git a/hosts/common/vps/syncthing.nix b/hosts/common/vps/syncthing.nix new file mode 100644 index 0000000..80d42b0 --- /dev/null +++ b/hosts/common/vps/syncthing.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, user, ... }: +with lib; + +let + syncthingService = { + project.name = "syncthing"; + services = { + syncthing = { + service = { + image = "syncthing/syncthing:latest"; + hostname = "NixOS-syncthing"; + environment = { + PUID = "1000"; # User ID + PGID = "1000"; # Group ID + }; + volumes = [ + "/home/${user}/dockers/syncthing:/var/syncthing" # Adjust the path as necessary + ]; + ports = [ + "8384:8384" # Web UI + "22000:22000/tcp" # TCP file transfers + "22000:22000/udp" # QUIC file transfers + "21027:21027/udp" # Receive local discovery broadcasts + ]; + restart = "unless-stopped"; + }; + }; + }; + }; +in +{ + options.vps.syncthing.enable = mkEnableOption "Enable Syncthing service on VPS"; + + config = mkIf config.vps.syncthing.enable { + virtualisation.arion = { + backend = "docker"; + projects.syncthing = { + serviceName = "syncthing"; + settings = syncthingService; + }; + }; + }; +} + diff --git a/hosts/common/vps/vpn.nix b/hosts/common/vps/vpn.nix new file mode 100644 index 0000000..5a26440 --- /dev/null +++ b/hosts/common/vps/vpn.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, user, ... }: +with lib; + +let + wgEasyService = { + project.name = "vpn"; + services = { + wgEasy = { + service = { + image = "ghcr.io/wg-easy/wg-easy:latest"; + environment = { + LANG = "en"; + WG_HOST = "vpn.nmd.mov"; # Change to your host's public address + PASSWORD_HASH = "$$2a$$12$$fnnv.bDGodZEiIK4wBxA8u2K2Qc99BCjD72jmylBFooFEVFgtQ2ma"; # Replace with your hash + PORT = "51821"; + WG_DEFAULT_DNS = "1.1.1.1"; + UI_TRAFFIC_STATS = "true"; + UI_CHART_TYPE = "1"; # Line chart + UI_ENABLE_SORT_CLIENTS = "true"; + }; + volumes = [ + "/home/${user}/dockers/wg-easy/etc_wireguard:/etc/wireguard" # Adjust the path as necessary + ]; + ports = [ + "51820:51820/udp" + "51821:51821/tcp" + ]; + restart = "unless-stopped"; + capabilities = { + NET_ADMIN = true; + SYS_MODULE = true; + # "NET_RAW" # Uncomment if using Podman + }; + sysctls = { + "net.ipv4.ip_forward" = 1; + "net.ipv4.conf.all.src_valid_mark" = 1; + }; + }; + }; + }; + }; +in +{ + options.vps.vpn.enable = mkEnableOption "Enable WG-Easy service on VPS"; + + config = mkIf config.vps.vpn.enable { + virtualisation.arion = { + backend = "docker"; + projects.vpn = { + serviceName = "vpn"; + settings = wgEasyService; + }; + }; + }; +} + diff --git a/hosts/vps/configuration.nix b/hosts/vps/configuration.nix new file mode 100644 index 0000000..5119238 --- /dev/null +++ b/hosts/vps/configuration.nix @@ -0,0 +1,132 @@ +{ pkgs, hostname, user, lib, ... }: { + + imports = [ + ./hardware-configuration.nix + ]; + + hardware.disko.enable = true; + + programs.nix-ld.enable = true; + common.services.appimage.enable = true; + + + systemd.services.arion = { + enable = true; + serviceConfig = { + Restart = "on-failure"; + }; + }; + + vps = { + dufs.enable = true; + nextcloud.enable = false; + pairdrop.enable = true; + syncthing.enable = true; + vpn.enable = true; + }; + + sops = { + age.keyFile = "/etc/nixos/sops/age/keys.txt"; + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + }; + + services.caddy = { + enable = true; + extraConfig = '' + fs.nmd.mov { + reverse_proxy localhost:5000 + } + vpn.nmd.mov { + reverse_proxy localhost:51821 + } + s.nmd.mov { + reverse_proxy localhost:8384 + } + drop.nmd.mov { + reverse_proxy localhost:3000 + } + dot.nmd.mov { + reverse_proxy localhost:4400 + } + ''; + }; + + + networking.useDHCP = lib.mkForce false; + services.cloud-init = { + enable = true; + network.enable = true; + }; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PasswordAuthentication = false; + }; + }; + + + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + + + networking.hostName = "vps"; + + + + + time.timeZone = "Asia/Kuwait"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + + services.printing.enable = false; + + nixpkgs.config.allowUnfree = true; + + + environment.systemPackages = with pkgs; [ + neovim + git + zsh + arion + sops + ]; + + + networking.firewall.enable = false; + networking.firewall.allowedTCPPorts = [ + 22 + 80 + 443 + 5000 + 4400 + 3000 + 8384 + 22000 + 51821 + ]; + networking.firewall.allowedUDPPorts = [ + 22000 + 21027 + 51820 + ]; + system.stateVersion = "24.05"; + +} diff --git a/hosts/vps/default.nix b/hosts/vps/default.nix new file mode 100644 index 0000000..680ddbe --- /dev/null +++ b/hosts/vps/default.nix @@ -0,0 +1,47 @@ +# A staring point is the basic NIXOS configuration generated by the ISO installer. +# On an existing NIXOS install you can use the following command in your flakes basedir: +# sudo nixos-generate-config --dir ./hosts/your-host +# +# Please make sure to change the first couple of lines in your configuration.nix: + +# { config, inputs, ouputs, lib, pkgs, user, ... }: + +{ + # imports = [ # Include the results of the hardware scan. + # ./hardware-configuration.nix + # inputs.home-manager.nixosModules.home-manager + # ]; + # + # # ... + # + # Moreover please update the packages option in your user configuration and add the home-manager options: + + # users.users = { + # ${user} = { + # isNormalUser = true; + # initialPassword = "4321"; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = [ inputs.home-manager.packages.${pkgs.system}.default ]; + # }; + # }; + + # home-manager = { + # useUserPackages = true; + # extraSpecialArgs = { inherit inputs outputs; }; + # users.${user} = + # import ../../home/${user}/${config.networking.hostName}.nix; + # }; + + # Please also change your hostname accordingly: + #:w + + # networking.hostName = "unkown"; # Define your hostname. + + + imports = [ + ../common + ./hardware + ./configuration.nix + ]; + +} diff --git a/hosts/vps/hardware-configuration.nix b/hosts/vps/hardware-configuration.nix new file mode 100644 index 0000000..e1631a2 --- /dev/null +++ b/hosts/vps/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + #networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + # networking.interfaces.ens4.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vps/hardware/default.nix b/hosts/vps/hardware/default.nix new file mode 100644 index 0000000..9a2ffd7 --- /dev/null +++ b/hosts/vps/hardware/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./disko.nix + ]; +} + diff --git a/hosts/vps/hardware/disko.nix b/hosts/vps/hardware/disko.nix new file mode 100644 index 0000000..0a6033a --- /dev/null +++ b/hosts/vps/hardware/disko.nix @@ -0,0 +1,68 @@ +{ config +, lib +, pkgs +, ... +}: +with lib; let + cfg = config.hardware.disko; +in +{ + options.hardware.disko.enable = mkEnableOption "disko harddrives"; + + config = mkIf cfg.enable { + + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; + }; +} + diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..60882fc --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,33 @@ +DUFS_USERNAME: ENC[AES256_GCM,data:3RsFcVo=,iv:y0VLlbBA6HT3yXa3O0G4xy3OJE1gGNvul0ZktxQd7w4=,tag:cFT59GgF+1q0XK4UELXMuA==,type:str] +DUFS_PASSWORD: ENC[AES256_GCM,data:dHoGsIXMDuA=,iv:lhw9IfvifOPFyRflcsk/HguwayHgrDShwQr5MMOGITc=,tag:VfFpQylAhXTok79u9wwi4Q==,type:str] +NEXTCLOUD_DB_USERNAME: ENC[AES256_GCM,data:785HjW3Z2gNRJv6fzA==,iv:Lsh04lUtJm0Aufw5zH+UmL/98D47Lue/A/JDKi304G8=,tag:7QnY25N3a8rVXG7u8o8pVw==,type:str] +NEXTCLOUD_DB_PASSWORD: ENC[AES256_GCM,data:exumoIY6Um/Y2JuKx+RHGHEOjj03,iv:i4sx8Pa3tV7wDMR8EgtMXidsz/tvVBaMIkpv9ohPavw=,tag:zqt2ukTq8gjOT8RssMu5OQ==,type:str] +NEXTCLOUD_DB: ENC[AES256_GCM,data:RduFtc85u9sTTZg=,iv:AZoA7CvVyxfpXTi4BTVPlwJGbFLLOTkF0JiMN+smFGA=,tag:MNjL/Jl3EInrKXRqTq/TAg==,type:str] +#ENC[AES256_GCM,data:4q3pEXswuO/X37NbzpKwEA==,iv:1HMEgmtyOeTQ0PSWmkBS9sItAaM2SI5+N7NNlhC83kQ=,tag:bRxjHkvPMNIEsOEB8uqcxw==,type:comment] +#ENC[AES256_GCM,data:tIG7zbWpyrVFdxSFMQKe,iv:uBQyygtmRvSyqA7lY+k+RkPjFc42ZHpOJ2xfWve7S5I=,tag:kxqAmOOsYcjd8/OyZ4/XEA==,type:comment] +#ENC[AES256_GCM,data:bRXt/JXa2tTCCaDh63T/ObOlp2RX,iv:VbgRCu+bgc6uCqbipoFP3KFY6BkuBQlwr6kjzAFhSew=,tag:BqJhaygo7C/vuviiKIxPwg==,type:comment] +#ENC[AES256_GCM,data:8D6evYfOld7GzZt7je/r0ItK0QNW,iv:LFnGgoGG4aNZCjrdGLje4WKPEGak4ONFV2GsIjA3ObA=,tag:yXFhsgES74KK9o/Jqw0l4w==,type:comment] +#ENC[AES256_GCM,data:wpcsQzzU1iNX9R8QnUH9leiUHhSevQ1pRB8g,iv:C8T5N5gbmn0tZIBBjikEMFrUoBhELeOTug+Zs7EPsbg=,tag:Skn4XXsDt9+chTGz13WePw==,type:comment] +#ENC[AES256_GCM,data:G7uJLIEcCFFRigRzlnon5lrN,iv:nXepSHNIa6aoXXwxoQNZEYlhh0YrChjWnrAuhvDSmLA=,tag:80BMpjOOl6elE7DxdXp8jA==,type:comment] +#ENC[AES256_GCM,data:G1vtah0OCHMKg2s=,iv:eCBHaUoGAKGD8g0vnXDfSh/3vciA1Nc6iEGXd4SLy+E=,tag:dHsr23oRNTaA8nJVx9Mm7g==,type:comment] +#ENC[AES256_GCM,data:3xVxASFGWKH7AKtL,iv:lAAXNt51V2wqlnMUCu9fX511hxGqoo75v5ZUzvuzqVQ=,tag:4TLBVZfbaLXcjda4H8vyIg==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16yxxp5lqg63zzh3s0f82lpslgc3phy6ugcqdnhh8y7fak65zrqkshjxt25 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQ3Z0MUVMbDRobU4yK1hM + aVlRTnp1c1E0MmRmUHJKcm1ZV2ljV2hDNmhJCi9xcU44d21MaWpVOHM3cFA3OGI5 + clA0WWpoZSswaWpYZUZZMU9MQ3BTMVEKLS0tIEsvbnF0N2FqMWJYck53WHZkd2tp + dnVPRUlvK2FwbzZVdUJGTzRrcXpNRDgKtRwrBdnRyBtobutdQYjle/gY3lm/QFmP + gNu8Wky3g5NRtwmzyZVO77L8KrJQ3AHuJ2TQuFaVRzVGFNhR0aiTug== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-18T12:10:02Z" + mac: ENC[AES256_GCM,data:w/EJCD1pYmlCKAG2w+7FvEluvnJVNj6rDjTBSNr7Dv0SiMVj1eypq4Zxb47eIQsdWCJ9xqXIriPnva9IdQMDsvAD1gCTFruy2rbDcIrJSKYw99oXQXlzX/AKvZtLIZqKsMpR/i65XYuqZmu2yWZWqWBUsmtpOcMcsC1XkHR04t8=,iv:h1Xjd2ugiS37pQQ7iURkYx+v1e4KqmeNY6LYIuRKN1k=,tag:FFJmX/VC+hXqbegAfmZ6/w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1