o

.gitignore

@@ -1,2 +1,3 @@
 result
 flake.lock.bk
+.sops.yaml

home/nomad/dotfiles/nvim.nix

@@ -0,0 +1,7 @@
+{ inputs, ... }:
+{
+  home.file.".config/nvim" = {
+    source = "${inputs.dotfiles}/nvim";
+    recursive = true;
+  };
+}

home/nomad/unkown/home.nix

@@ -0,0 +1,142 @@
+# This is a default home.nix generated by the follwing hone-manager command
+# 
+# home-manager init ./
+
+{ config, lib, pkgs, user, inputs, ... }:
+
+{
+  home.username = lib.mkDefault user;
+  home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  home.stateVersion = "24.05"; # Please read the comment before changing.
+
+  # The home.packages option allows you to install Nix packages into your
+  # environment.
+  home.packages = with pkgs; [
+    # Essentials
+    kitty
+    firefox
+    google-chrome
+    # Apps
+    vlc
+    amberol
+    webcord
+    bottles
+    cava
+    ryujinx
+    mullvad-vpn
+    transmission_4-gtk
+    obsidian
+    tailscale
+    syncthing
+    qsyncthingtray
+    htop
+    nvtopPackages.full
+    exiftool
+    moonlight-qt
+    kdePackages.kdeconnect-kde
+    # Dev
+    go
+    python3
+    nim
+    bun
+    pocketbase
+    edgedb
+    bruno
+    ripgrep
+    zip
+    #zed-fhs
+    # android-studio
+    # android-tools
+    jre17_minimal
+    # Nvim-Lua
+    lua-language-server
+    cowsay
+
+
+    # # Adds the 'hello' command to your environment. It prints a friendly
+    # # "Hello, world!" when run.
+    # pkgs.hello
+
+    # # It is sometimes useful to fine-tune packages, for example, by applying
+    # # overrides. You can do that directly here, just don't forget the
+    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
+    # # fonts?
+    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
+
+    # # You can also create simple shell scripts directly inside your
+    # # configuration. For example, this adds a command 'my-hello' to your
+    # # environment:
+    # (pkgs.writeShellScriptBin "my-hello" ''
+    #   echo "Hello, ${config.home.username}!"
+    # '')
+  ];
+
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  home.file = {
+    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
+    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
+    # # symlink to the Nix store copy.
+    # ".screenrc".source = dotfiles/screenrc;
+
+    # # You can also set the file content immediately.
+    # ".gradle/gradle.properties".text = ''
+    #   org.gradle.console=verbose
+    #   org.gradle.daemon.idletimeout=3600000
+    # '';
+  };
+
+  # Home Manager can also manage your environment variables through
+  # 'home.sessionVariables'. If you don't want to manage your shell through Home
+  # Manager then you have to manually source 'hm-session-vars.sh' located at
+  # either
+  #
+  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
+  #
+  home.sessionVariables = {
+    BROWSER = "firefox";
+    EDITOR = "nvim";
+    TERMINAL = "kitty";
+    NIXOS_OZONE_WL = "1";
+    MOZ_ENABLE_WAYLAND = "1";
+    SDL_VIDEODRIVER = "wayland";
+    _JAVA_AWT_WM_NONREPARENTING = "1";
+    MOZ_DRM_DEVICE = "/dev/dri/card0:/dev/dri/card1";
+    WLR_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1";
+    #WLR_NO_HARDWARE_CURSORS = "1"; # if no cursor,uncomment this line
+    #GBM_BACKEND = "nvidia-drm";
+    CLUTTER_BACKEND = "wayland";
+    LIBVA_DRIVER_NAME = "iHD";
+    WLR_RENDERER = "vulkan";
+    VK_DRIVER_FILES = "/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json";
+    #__GLX_VENDOR_LIBRARY_NAME = "nvidia";
+    #__NV_PRIME_RENDER_OFFLOAD = "1";
+    XDG_CURRENT_DESKTOP = "Hyprland";
+    XDG_SESSION_DESKTOP = "Hyprland";
+    XDG_SESSION_TYPE = "wayland";
+    GTK_USE_PORTAL = "1";
+    GTK_THEME = "Nightfox-dark";
+    XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
+    XDG_CONFIG_HOME = "${config.home.homeDirectory}/.config";
+    XDG_BIN_HOME = "${config.home.homeDirectory}/.nix-profile/bin";
+    XDG_DATA_HOME = "${config.home.homeDirectory}/.local/share";
+  };
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}

home/nomad/vps.nix

@@ -0,0 +1,17 @@
+{
+  imports = [
+    ../common
+    ./dotfiles/nvim.nix
+    ../features/cli
+    ./vps/home.nix
+  ];
+
+  features = {
+    cli = {
+      zsh.enable = true;
+      fzf.enable = true;
+      neofetch.enable = true;
+    };
+  };
+}
+

home/nomad/vps/home.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, user, ... }:
+
+{
+  home.username = lib.mkDefault user;
+  home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
+  home.stateVersion = "24.05";
+
+  home.packages = with pkgs; [
+    tailscale
+    htop
+    bun
+    lua-language-server
+    kitty
+  ];
+
+  home.file = { };
+
+  home.sessionVariables = {
+    EDITOR = "nvim";
+    XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
+    XDG_CONFIG_HOME = "${config.home.homeDirectory}/.config";
+    XDG_BIN_HOME = "${config.home.homeDirectory}/.nix-profile/bin";
+    XDG_DATA_HOME = "${config.home.homeDirectory}/.local/share";
+  };
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}

hosts/common/vps/default.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./dufs.nix
+    ./nextcloud.nix
+    ./pairdrop.nix
+    ./syncthing.nix
+    ./vpn.nix
+  ];
+
+}

hosts/common/vps/dufs.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, user, ... }:
+with lib;
+let
+  dufsService = {
+    project.name = "dufs";
+    services = {
+      dufs = {
+        service.image = "sigoden/dufs:latest";
+        service.ports = [
+          "5000:5000"
+        ];
+        service.volumes = [
+          "${config.users.users.${user}.home}/dockers/dufs/data:/data"
+        ];
+        service.command = [
+          "/data"
+          "-a"
+          "???:???@/:rw"
+          "-A"
+          "-a"
+          "@/p"
+        ];
+        service.env_file = [ "${config.sops.templates."my-env.env".path}" ];
+      };
+    };
+  };
+in
+{
+  options.vps.dufs.enable = mkEnableOption " Enable DUFS service ";
+
+  config = mkIf config.vps.dufs.enable {
+    virtualisation.arion = {
+      backend = "docker";
+      projects.dufs = {
+        serviceName = "dufs";
+        settings = dufsService;
+      };
+    };
+  };
+}
+
+
+

hosts/common/vps/nextcloud.nix

@@ -0,0 +1,63 @@
+{ config, lib, pkgs, user, ... }:
+with lib;
+
+let
+  nextcloudService = {
+    project.name = "nextcloud";
+    services = {
+      nextcloud = {
+        service = {
+          image = "lscr.io/linuxserver/nextcloud:latest";
+          environment = {
+            PUID = "1000"; # User ID
+            PGID = "1000"; # Group ID
+            TZ = "Asia/Kuwait"; # Time zone
+          };
+          volumes = [
+            "/home/${user}/dockers/nextcloud/config:/config" # Config path
+            "/home/${user}/dockers/nextcloud/data:/data" # Data path
+            "/home/${user}/dockers/nextcloud/postgres_data:/var/lib/postgresql/data" # PostgreSQL data path
+          ];
+          ports = [
+            "4400:443"
+          ];
+          restart = "unless-stopped";
+          networks = [ "nextcloud_network" ];
+          env_file = [ "${config.sops.templates."my-env.env".path}" ];
+        };
+      };
+      nextcloud-postgres = {
+        service = {
+          image = "postgres:latest";
+          environment = {
+            POSTGRES_USER = "$NEXTCLOUD_DB_USER";
+            POSTGRES_PASSWORD = "$NEXTCLOUD_DB_PASSWORD";
+            POSTGRES_DB = "$NEXTCLOUD_DB";
+          };
+          ports = [
+            "5432:5432"
+          ];
+          volumes = [
+            "/home/${user}/dockers/nextcloud/pgdata:/var/lib/postgresql/data"
+          ];
+          env_file = [ "${config.sops.templates."my-env.env".path}" ]; #idk why the image isnt reading this file. will fix later
+          networks = [ "nextcloud_network" ];
+        };
+      };
+    };
+  };
+in
+{
+  options.vps.nextcloud.enable = mkEnableOption "Enable Nextcloud service for VPS";
+
+  config = mkIf config.vps.nextcloud.enable {
+    virtualisation.arion = {
+      backend = "docker";
+      projects.nextcloud = {
+        serviceName = "nextcloud";
+        settings = nextcloudService;
+      };
+    };
+  };
+}
+

hosts/common/vps/pairdrop.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  pairdropService = {
+    project.name = "pairdrop";
+    services = {
+      pairdrop = {
+        service = {
+          image = "lscr.io/linuxserver/pairdrop:latest";
+          environment = {
+            PUID = "1000"; # User ID
+            PGID = "1000"; # Group ID
+            TZ = "Asia/Kuwait"; # Time zone
+            RATE_LIMIT = "false"; # Optional
+            WS_FALLBACK = "false"; # Optional
+            RTC_CONFIG = ""; # Optional
+            DEBUG_MODE = "false"; # Optional
+          };
+          ports = [
+            "3000:3000"
+          ];
+          restart = "unless-stopped";
+        };
+      };
+    };
+  };
+in
+{
+  options.vps.pairdrop.enable = mkEnableOption "Enable Pairdrop service";
+
+  config = mkIf config.vps.pairdrop.enable {
+    virtualisation.arion = {
+      backend = "docker";
+      projects.pairdrop = {
+        serviceName = "pairdrop";
+        settings = pairdropService;
+      };
+    };
+  };
+}
+

hosts/common/vps/syncthing.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, user, ... }:
+with lib;
+
+let
+  syncthingService = {
+    project.name = "syncthing";
+    services = {
+      syncthing = {
+        service = {
+          image = "syncthing/syncthing:latest";
+          hostname = "NixOS-syncthing";
+          environment = {
+            PUID = "1000"; # User ID
+            PGID = "1000"; # Group ID
+          };
+          volumes = [
+            "/home/${user}/dockers/syncthing:/var/syncthing" # Adjust the path as necessary
+          ];
+          ports = [
+            "8384:8384" # Web UI
+            "22000:22000/tcp" # TCP file transfers
+            "22000:22000/udp" # QUIC file transfers
+            "21027:21027/udp" # Receive local discovery broadcasts
+          ];
+          restart = "unless-stopped";
+        };
+      };
+    };
+  };
+in
+{
+  options.vps.syncthing.enable = mkEnableOption "Enable Syncthing service on VPS";
+
+  config = mkIf config.vps.syncthing.enable {
+    virtualisation.arion = {
+      backend = "docker";
+      projects.syncthing = {
+        serviceName = "syncthing";
+        settings = syncthingService;
+      };
+    };
+  };
+}
+

hosts/common/vps/vpn.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, user, ... }:
+with lib;
+
+let
+  wgEasyService = {
+    project.name = "vpn";
+    services = {
+      wgEasy = {
+        service = {
+          image = "ghcr.io/wg-easy/wg-easy:latest";
+          environment = {
+            LANG = "en";
+            WG_HOST = "vpn.nmd.mov"; # Change to your host's public address
+            PASSWORD_HASH = "$$2a$$12$$fnnv.bDGodZEiIK4wBxA8u2K2Qc99BCjD72jmylBFooFEVFgtQ2ma"; # Replace with your hash
+            PORT = "51821";
+            WG_DEFAULT_DNS = "1.1.1.1";
+            UI_TRAFFIC_STATS = "true";
+            UI_CHART_TYPE = "1"; # Line chart
+            UI_ENABLE_SORT_CLIENTS = "true";
+          };
+          volumes = [
+            "/home/${user}/dockers/wg-easy/etc_wireguard:/etc/wireguard" # Adjust the path as necessary
+          ];
+          ports = [
+            "51820:51820/udp"
+            "51821:51821/tcp"
+          ];
+          restart = "unless-stopped";
+          capabilities = {
+            NET_ADMIN = true;
+            SYS_MODULE = true;
+            # "NET_RAW" # Uncomment if using Podman
+          };
+          sysctls = {
+            "net.ipv4.ip_forward" = 1;
+            "net.ipv4.conf.all.src_valid_mark" = 1;
+          };
+        };
+      };
+    };
+  };
+in
+{
+  options.vps.vpn.enable = mkEnableOption "Enable WG-Easy service on VPS";
+
+  config = mkIf config.vps.vpn.enable {
+    virtualisation.arion = {
+      backend = "docker";
+      projects.vpn = {
+        serviceName = "vpn";
+        settings = wgEasyService;
+      };
+    };
+  };
+}
+

hosts/vps/configuration.nix

@@ -0,0 +1,132 @@
+{ pkgs, hostname, user, lib, ... }: {
+
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  hardware.disko.enable = true;
+
+  programs.nix-ld.enable = true;
+  common.services.appimage.enable = true;
+
+
+  systemd.services.arion = {
+    enable = true;
+    serviceConfig = {
+      Restart = "on-failure";
+    };
+  };
+
+  vps = {
+    dufs.enable = true;
+    nextcloud.enable = false;
+    pairdrop.enable = true;
+    syncthing.enable = true;
+    vpn.enable = true;
+  };
+
+  sops = {
+    age.keyFile = "/etc/nixos/sops/age/keys.txt";
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+  };
+
+  services.caddy = {
+    enable = true;
+    extraConfig = ''
+      fs.nmd.mov {
+        reverse_proxy localhost:5000
+      }
+      vpn.nmd.mov {
+        reverse_proxy localhost:51821
+      }
+      s.nmd.mov {
+        reverse_proxy localhost:8384
+      }
+      drop.nmd.mov {
+        reverse_proxy localhost:3000
+      } 
+      dot.nmd.mov {
+        reverse_proxy localhost:4400
+      }
+    '';
+  };
+
+
+  networking.useDHCP = lib.mkForce false;
+  services.cloud-init = {
+    enable = true;
+    network.enable = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+      PasswordAuthentication = false;
+    };
+  };
+
+
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+
+
+  networking.hostName = "vps";
+
+
+
+
+  time.timeZone = "Asia/Kuwait";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+
+
+  services.printing.enable = false;
+
+  nixpkgs.config.allowUnfree = true;
+
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+    zsh
+    arion
+    sops
+  ];
+
+
+  networking.firewall.enable = false;
+  networking.firewall.allowedTCPPorts = [
+    22
+    80
+    443
+    5000
+    4400
+    3000
+    8384
+    22000
+    51821
+  ];
+  networking.firewall.allowedUDPPorts = [
+    22000
+    21027
+    51820
+  ];
+  system.stateVersion = "24.05";
+
+}

hosts/vps/default.nix

@@ -0,0 +1,47 @@
+# A staring point is the basic NIXOS configuration generated by the ISO installer.
+# On an existing NIXOS install you can use the following command in your flakes basedir:
+# sudo nixos-generate-config --dir ./hosts/your-host
+# 
+# Please make sure to change the first couple of lines in your configuration.nix:
+
+# { config, inputs, ouputs, lib, pkgs, user, ... }:
+
+{
+  #    imports = [ # Include the results of the hardware scan.
+  #      ./hardware-configuration.nix
+  #      inputs.home-manager.nixosModules.home-manager
+  #    ];
+  #
+  # #   ...
+  #
+  # Moreover please update the packages option in your user configuration and add the home-manager options:
+
+  # users.users = {
+  #   ${user} = {
+  #     isNormalUser = true;
+  #     initialPassword = "4321";
+  #     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  #     packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
+  #   };
+  # };
+
+  # home-manager = {
+  #   useUserPackages = true;
+  #   extraSpecialArgs = { inherit inputs outputs; };
+  #   users.${user} =
+  #     import ../../home/${user}/${config.networking.hostName}.nix;
+  # };
+
+  # Please also change your hostname accordingly:
+  #:w
+
+  # networking.hostName = "unkown"; # Define your hostname.
+
+
+  imports = [
+    ../common
+    ./hardware
+    ./configuration.nix
+  ];
+
+}

hosts/vps/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  #networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens4.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/vps/hardware/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./disko.nix
+  ];
+}
+

hosts/vps/hardware/disko.nix

@@ -0,0 +1,68 @@
+{ config
+, lib
+, pkgs
+, ...
+}:
+with lib; let
+  cfg = config.hardware.disko;
+in
+{
+  options.hardware.disko.enable = mkEnableOption "disko harddrives";
+
+  config = mkIf cfg.enable {
+
+    disko.devices = {
+      disk.disk1 = {
+        device = lib.mkDefault "/dev/vda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              name = "boot";
+              size = "1M";
+              type = "EF02";
+            };
+            esp = {
+              name = "ESP";
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              name = "root";
+              size = "100%";
+              content = {
+                type = "lvm_pv";
+                vg = "pool";
+              };
+            };
+          };
+        };
+      };
+      lvm_vg = {
+        pool = {
+          type = "lvm_vg";
+          lvs = {
+            root = {
+              size = "100%FREE";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
+

secrets/secrets.yaml

@@ -0,0 +1,33 @@
+DUFS_USERNAME: ENC[AES256_GCM,data:3RsFcVo=,iv:y0VLlbBA6HT3yXa3O0G4xy3OJE1gGNvul0ZktxQd7w4=,tag:cFT59GgF+1q0XK4UELXMuA==,type:str]
+DUFS_PASSWORD: ENC[AES256_GCM,data:dHoGsIXMDuA=,iv:lhw9IfvifOPFyRflcsk/HguwayHgrDShwQr5MMOGITc=,tag:VfFpQylAhXTok79u9wwi4Q==,type:str]
+NEXTCLOUD_DB_USERNAME: ENC[AES256_GCM,data:785HjW3Z2gNRJv6fzA==,iv:Lsh04lUtJm0Aufw5zH+UmL/98D47Lue/A/JDKi304G8=,tag:7QnY25N3a8rVXG7u8o8pVw==,type:str]
+NEXTCLOUD_DB_PASSWORD: ENC[AES256_GCM,data:exumoIY6Um/Y2JuKx+RHGHEOjj03,iv:i4sx8Pa3tV7wDMR8EgtMXidsz/tvVBaMIkpv9ohPavw=,tag:zqt2ukTq8gjOT8RssMu5OQ==,type:str]
+NEXTCLOUD_DB: ENC[AES256_GCM,data:RduFtc85u9sTTZg=,iv:AZoA7CvVyxfpXTi4BTVPlwJGbFLLOTkF0JiMN+smFGA=,tag:MNjL/Jl3EInrKXRqTq/TAg==,type:str]
+#ENC[AES256_GCM,data:4q3pEXswuO/X37NbzpKwEA==,iv:1HMEgmtyOeTQ0PSWmkBS9sItAaM2SI5+N7NNlhC83kQ=,tag:bRxjHkvPMNIEsOEB8uqcxw==,type:comment]
+#ENC[AES256_GCM,data:tIG7zbWpyrVFdxSFMQKe,iv:uBQyygtmRvSyqA7lY+k+RkPjFc42ZHpOJ2xfWve7S5I=,tag:kxqAmOOsYcjd8/OyZ4/XEA==,type:comment]
+#ENC[AES256_GCM,data:bRXt/JXa2tTCCaDh63T/ObOlp2RX,iv:VbgRCu+bgc6uCqbipoFP3KFY6BkuBQlwr6kjzAFhSew=,tag:BqJhaygo7C/vuviiKIxPwg==,type:comment]
+#ENC[AES256_GCM,data:8D6evYfOld7GzZt7je/r0ItK0QNW,iv:LFnGgoGG4aNZCjrdGLje4WKPEGak4ONFV2GsIjA3ObA=,tag:yXFhsgES74KK9o/Jqw0l4w==,type:comment]
+#ENC[AES256_GCM,data:wpcsQzzU1iNX9R8QnUH9leiUHhSevQ1pRB8g,iv:C8T5N5gbmn0tZIBBjikEMFrUoBhELeOTug+Zs7EPsbg=,tag:Skn4XXsDt9+chTGz13WePw==,type:comment]
+#ENC[AES256_GCM,data:G7uJLIEcCFFRigRzlnon5lrN,iv:nXepSHNIa6aoXXwxoQNZEYlhh0YrChjWnrAuhvDSmLA=,tag:80BMpjOOl6elE7DxdXp8jA==,type:comment]
+#ENC[AES256_GCM,data:G1vtah0OCHMKg2s=,iv:eCBHaUoGAKGD8g0vnXDfSh/3vciA1Nc6iEGXd4SLy+E=,tag:dHsr23oRNTaA8nJVx9Mm7g==,type:comment]
+#ENC[AES256_GCM,data:3xVxASFGWKH7AKtL,iv:lAAXNt51V2wqlnMUCu9fX511hxGqoo75v5ZUzvuzqVQ=,tag:4TLBVZfbaLXcjda4H8vyIg==,type:comment]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16yxxp5lqg63zzh3s0f82lpslgc3phy6ugcqdnhh8y7fak65zrqkshjxt25
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQ3Z0MUVMbDRobU4yK1hM
+            aVlRTnp1c1E0MmRmUHJKcm1ZV2ljV2hDNmhJCi9xcU44d21MaWpVOHM3cFA3OGI5
+            clA0WWpoZSswaWpYZUZZMU9MQ3BTMVEKLS0tIEsvbnF0N2FqMWJYck53WHZkd2tp
+            dnVPRUlvK2FwbzZVdUJGTzRrcXpNRDgKtRwrBdnRyBtobutdQYjle/gY3lm/QFmP
+            gNu8Wky3g5NRtwmzyZVO77L8KrJQ3AHuJ2TQuFaVRzVGFNhR0aiTug==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-18T12:10:02Z"
+    mac: ENC[AES256_GCM,data:w/EJCD1pYmlCKAG2w+7FvEluvnJVNj6rDjTBSNr7Dv0SiMVj1eypq4Zxb47eIQsdWCJ9xqXIriPnva9IdQMDsvAD1gCTFruy2rbDcIrJSKYw99oXQXlzX/AKvZtLIZqKsMpR/i65XYuqZmu2yWZWqWBUsmtpOcMcsC1XkHR04t8=,iv:h1Xjd2ugiS37pQQ7iURkYx+v1e4KqmeNY6LYIuRKN1k=,tag:FFJmX/VC+hXqbegAfmZ6/w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1