Migrate Lewis to this repo

This commit is contained in:
Pim Kunis 2024-12-01 16:30:28 +01:00
parent 9d96798518
commit 52a4563192
13 changed files with 5873 additions and 55 deletions

View file

@ -8,6 +8,7 @@ keys:
- &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
- &atlas_root age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
- &jefke_root age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
creation_rules:
- path_regex: secrets/sue/colmena.yaml
@ -40,6 +41,7 @@ creation_rules:
- *warwick_root
- *atlas_root
- *jefke_root
- *lewis_root
- *sue_pim
- *sue_root
- *niels
@ -54,6 +56,7 @@ creation_rules:
- age:
- *atlas_root
- *jefke_root
- *lewis_root
- *sue_pim
- *sue_root
- *niels
@ -63,3 +66,16 @@ creation_rules:
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/lewis/colmena.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/lewis/nixos.yaml
key_groups:
- age:
- *lewis_root
- *sue_pim
- *sue_root
- *niels

View file

@ -49,6 +49,13 @@ inputs @ {
./nixos
];
};
lewis = {
imports = [
(import ./machines).lewis.nixosModule
./nixos
];
};
};
colmenaHive = colmena.lib.makeHive self.outputs.colmena;

View file

@ -23,4 +23,9 @@
system = "x86_64-linux";
nixosModule = import ./jefke/configuration.nix;
};
lewis = {
system = "x86_64-linux";
nixosModule = import ./lewis/configuration.nix;
};
}

View file

@ -0,0 +1,31 @@
{
self,
config,
...
}: {
config = {
facter.reportPath = ./facter.json;
networking.hostName = "lewis";
system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
sops = {
age.keyFile = "/root/.config/sops/age/keys.txt";
defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
};
deployment = {
targetHost = "lewis";
targetUser = "root";
tags = ["server" "kubernetes"];
};
pim = {
sops-nix.usersWithSopsKeys = ["root"];
# TODO: this should be dynamically set using Colmena tags
k3s.serverAddr = "https://jefke.dmz:6443";
data-sharing.enable = true;
backups.enable = true;
};
};
}

5507
machines/lewis/facter.json Normal file

File diff suppressed because it is too large Load diff

View file

@ -75,6 +75,7 @@
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
# TODO: create option for this instead of commenting out
# specialisation.cosmic.configuration = {
# imports = [
# inputs.nixos-cosmic.nixosModules.default

94
nixos/backups.nix Normal file
View file

@ -0,0 +1,94 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.backups;
borgmaticConfig = pkgs.writeTextFile {
name = "borgmatic-config.yaml";
text = lib.generators.toYAML {} {
source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
repositories = [
{
path = cfg.repoLocation;
label = "nfs";
}
{
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
label = "borgbase";
}
];
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 12;
keep_yearly = -1;
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
};
};
in {
options.pim.backups = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to enable backups of persistent data on this machine.
'';
};
repoLocation = lib.mkOption {
default = "/mnt/longhorn/persistent/nfs.borg";
type = lib.types.str;
description = ''
Location of the Borg repository to back up to.
'';
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [borgbackup];
# Converted from:
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
systemd.services.borgmatic = {
description = "borgmatic backup";
wants = ["network-online.target"];
after = ["network-online.target"];
unitConfig.ConditionACPower = true;
preStart = "${pkgs.coreutils}/bin/sleep 10s";
serviceConfig = {
Type = "oneshot";
Nice = 19;
CPUSchedulingPolicy = "batch";
IOSchedulingClass = "best-effort";
IOSchedulingPriority = 7;
IOWeight = 100;
Restart = "no";
LogRateLimitIntervalSec = 0;
Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
};
script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
};
systemd.timers.borgmatic = {
description = "Run borgmatic backup";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 3:00:00";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
sops.secrets = {
"borg/borgPassphrase" = {};
"borg/borgbasePrivateKey" = {};
};
};
}

47
nixos/data-sharing.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
config,
...
}: let
cfg = config.pim.data-sharing;
nfsShares = [
"/mnt/longhorn/persistent/media"
"/mnt/longhorn/persistent/media/books"
"/mnt/longhorn/persistent/media/movies"
"/mnt/longhorn/persistent/media/music"
"/mnt/longhorn/persistent/media/shows"
"/mnt/longhorn/persistent/longhorn-backup"
];
nfsExports = lib.strings.concatLines (
builtins.map
(
share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
)
nfsShares
);
in {
options.pim.data-sharing = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Configure this server to serve our data using NFS.
'';
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
2049 # NFS
111 # NFS
20048 # NFS
];
services.nfs.server = {
enable = true;
exports = nfsExports;
};
};
}

View file

@ -25,6 +25,8 @@
./server.nix
./prometheus.nix
./kubernetes
./data-sharing.nix
./backups.nix
];
options = {

View file

@ -17,47 +17,56 @@ sops:
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MjVLaFAyTEQ4cEF2Wit6
Rk1ZaFhuRlduMkNBVi9UWFEwd0pNK3NHcUR3CjdqRisrNVRPQkFEMTQrblMzQUho
WVBjWll0RnFlTHBSMEFyblBDTTdhOTQKLS0tIGFBL0Y5dlVUaVR1VkRBUkM2dTlL
YVAyQTEzVWI3eStiUjlaNGhKZHRHVzQKDvbBgGzw8Q5Nb4qBc5Z9ee15D65R+tXr
g0BuD0DI4RPReKbTfD3J2yxm5tI9QMiUUEsgJNQvJXcYXH/yXZnu1A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2anAraGp2YlNWZnNENWMw
WVFqMW4zQUl6UWNRK0lSVnNZMVl0SjJGdFJFCndyVnQwejFFWUxTQ0pmRnNDbUJK
VjM1ajl5cHhHN1A1cjdhdFhtcnVEcWMKLS0tIHNUQWx2endUUFNMUENUNjhvdDZl
Qk9yY0N5N05UZG4rcG5iS3NkR2hVaVUKxRS9Mf17cG8WyDdCLwpqPiMObbKCTz/4
iejyULwJNOBcl3Tvzgc9FANNZpC4UrO51HTCzQvmw9tBboVkEkLA0Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeUxkQUlhS2JUaDJiZjdW
SUs5Z0N6Wnc4alNwOWhhKzl4M2pxZi9TR0hFCkxkcFdNZjJvS3kvQmUvYmo3N1R6
NDU0VmRBbVZ0QnFXdnI5Mjltd2I3YTgKLS0tIG91T05wQTN2c2ZVUitIYi96TlZW
UkdpRmpmY3dWMVNWR0hRVDNoTS8ya1EKYxYJB5SN4f2QAF5i8RYybJLeNCiFw5KN
2Ky5HbqJ7U38wMxjpdM/QcgrL70fVkf1zME0QF8wQ9wnUniHoL7yYA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY1lJQ3BKSFhia0RUZFdV
dldKbmoxN1pwY2Z4V1VXNlY3cWE4cnJOYm5BCkNMc3hZbzF3RHlUMmdSRndMWDBy
eUFjOCtMaXZQY2R6N2RsRDNDNDhOZkkKLS0tIFVSRzFySG00VktGa1ZmYkx6Um1W
V25mbkcxQjhqb1cxa0hkTWlFNkVsS2sKbP1bqNh0DRiZtK3fXaZ4J1d2b+nYwFqQ
knwond7pkN9YBRsU4/HHtFCp1XPxRiNQCXXfzWy0X365VzON32huqQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL0xwbXNENzQ2N1BIZGZC
YzhMdFdyREpMQlRHaTZmRTllUnhEUm1lcm40Cmc3MzRheDYrQjgvaWVaZE1tNUp5
RTFZbXltV05lRDNBdVJ3VFEyeFlxQTgKLS0tIEx1ZG1IMHF5a25LZGlzWjNrZTJ1
c3VCWjRmKytyVzE1SzBlMXQvblptNmsKNnl6VQIBn2Gfkrlatf23kOMWW+1Ej2wv
O9Q8twttjPoTPx/9pWHOCNHmbnkabwi94lRujbXgIAQXUAL00n3M7Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRb0gza2VkOG5XK3NNZTNh
bnovdmZFM2dPblZ1M1JNU0tJK0Q2LzJaZEVVCnBaeHZBMUpNZ0h0R3MyTk56ZUl3
ZnhxQnJNdUlDMjFmVjFXcFduT0JnWkEKLS0tIDIwUzlhaUwzWTMrVnJIbFNYazN2
OFdlY1pXUnRNdHNZaDhvN3VlajVnVDQKnmpUo96Ua6AhLpHcdemMYKDvptRwpcUR
eHT3OCCqe1UVy+e8ibcavYsDDIn6oSyoZg+94nfLqqMAqU5ARq10LA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTGdrWlE2SER5OUNjQWEw
MUdEZ3VJbCtwTytZU3ZWM3lNclJBUXhBdm5VCmRpQXNxVVV1cGxlMUJNa1lEcUdx
Qkt4clg1cVpOV0FhdEd6aEQ2ZkdlUTgKLS0tIGl3YWxjRlM0MHFncm5wdlpSeEdj
TkRSZmJyQmg2QnpYanZLVFRlWnowY3MKvM9kUm/F0vtQcwdnIKff3HWUtGbR2vmH
eOKnbOE5WMAWIi8oSR/uBMzE9lK2kyisby19XZUf5JcG4wS4YRlC1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVUg3a3Zra05hK2tBS2Q4
RE1rR3hQdGRoVkpjdUxCb3RHbEZjbXNiRjNFCkZjaXFrR1F3WWlGVTlid09pRWRx
SUpwYmxkb1pXWXBBVU91emMrZVZBSHMKLS0tIEZ2bC9IVU44NUt6YmM0RDZZdEEw
dlB5bFgzeE1QRHpHSWhOSm5KZEZqK0EKZ6o7plwu7EMBroGG87ppyMtMH40PNoFs
PrbL0Hvy4DGq4J2MLyUG+i7lCKf2NL5eS2HeZOcR5vjoQvc6DVHvOA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZDhSMEw3RVcyQ2NmZkpD
bVp6SFpMckZmNGdoeCtzQVo0VDFEWkZ0dVUwClA2WVd5NG90MkVRZEUyeW9JaW1r
YVpJbEpDV0VCREFVMy9taFJBODlGWkUKLS0tIHN0eCtrNUM2K3VTaHNMWTRXUFA4
WEhTSHNtdE9qSVJVay93R2ZxeXI5SEkK7ZjIfQevnd1yyz8Ra9kBJb2DvlajgNEn
88JXgtSrxtiVfrCFUKEIsEV6v/fT7BECOGCYaoxskwgLgCZ9mL6sTA==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNFNZcmx4M3VlQ0dCY3hZ
ZVFXK1YyV2Myb0wyM0tRdUFzaWZZdU0zMGprClBiZVpVNzZtMEJDRzZTQy9iblRx
SGVRZTV0Ri91elI0bVZsWEhYRHNDcVkKLS0tIDZtUlFMNVdOZWNPbEpiVWFaZkJu
MkF4Qi9XYjArYVBabDl2MXI3VmdzYncKNNTcTyvOVQfzqcJsscgwQXbzsxNNts92
aa6+WetMwl1IKo8iw0bbmkIqJ5+7DFSQc0AhS5DWhiGISQ/GrTfFLg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR2xBS291Q1lHc3UrT293
TlUvVnRxcUFHT01iNWJ5NFJtcVYyd3dLVFdnCjVqQlVLVzBEMlRFbjdDZkV2VWJa
c1RyKzh0S25VTk1wQ04xdEFCOHVySkEKLS0tIHkxMXJUbWxZNDU2VmFuRVpobUpF
djd1d01oTzh3WGNVaml1RWJ6alllQ3MKfiUTGCuQ0+6CbkRPFAKnIh2icOScNSVq
qbhQZVbF1zkTAACtJYRsw9LYhjK0QlT52fcLVuyWL9GRI5ZL6n3GRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-01T11:24:36Z"
mac: ENC[AES256_GCM,data:aQQPjSLHgvBPU0eZA95qFoRsklw3Jaj2N42DpKSheDoSJ5SwWV1GK0IJqkis71eBpMG9Mjn2wWj/1IdU1upRqfZU5dwNPdVXFb2+qPZyTkz1jhvBVTRGUNedd/L3t2a2nsaj5frZyzUPBELMs7n335pB9I36e+xOgTmA8OW3XAE=,iv:UI82ZmzcXtjO9fv2bSBZVVzNs7uvlopyxKXW+wBmNf8=,tag:HySaRX4Ihpnx+a8lASHicw==,type:str]

View file

@ -0,0 +1,40 @@
sops_nix_keys:
root: ENC[AES256_GCM,data:S2tVrvJU4jpkl2GmiwUO++OQuDbgt9ResyAtivEnSpRD82i+7g298ujzmFSdKNzOQSVpLuinIhXF0eJeiYF4vh55ywe321aTysg=,iv:PILjXRmdx07o3Pw7JIuq2xIZKuEZnujD7TVWZ+mIZos=,tag:8/iaTqW1vF/LXz2XSb8MkA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTE5PN2NuZ0psei9CR1li
N2NIQURZWVpXVUpKT0ZwR0hzNlZKbGRQUEM0CnJzajJkVDQwSlVEVWxLZEtCT05C
Q1pUblgyTG52eTNYODBTRC9ETUhsU2sKLS0tIC83cXEvTWV6N2pwcm91S2pmK1NG
OHEyOWhXVTM5ZE9qazdtZzVhNFpseWcK0AVMxP0DvwO0uBmgXrhxHsU+i7kWfpeR
nA4fHrdePwXsGXDGBgw3B7LBcl3vinYEKhINQgDTXN7DNNXurWUYWQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTDg5aVhvYkdyUDIwam5m
Y1FVbklxekt2TmpGSFBrTzJjRlhEUUlHbnhzClRsWEQ2b3daMG9POFFuTzl0NGhv
ekxNeit0a0hoUWJsdWNGem5lYmVNQ00KLS0tIDZFQnVYTXFPZzlud3FWQ1c2bXNh
allpQmNjVHFucU5CeEZTM0I5TnVRNjgKgCM0Cu87AJvABQ+X9JD7NAukhXDpk9he
4x84RdRXaCPZ3t9ED3iKGjT4x95mkOPtaSEUHwNzBesFZ3mVWxbLlw==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHhJelQxK0phRzRWQVNS
ZmxIZTlOUk01aHIxRHYvbHZydUZFOVhFa1VrCkxoN0pROXhEaFJXZWdSWGFQZlNp
WnhaRXFVbXBFeEN4TEFneFgzaEVyZU0KLS0tIEI4QW9nNmxHd2VqN3VmZkJlZTBx
NkJ1V1hVZmhCWTlDWjY0Y0kyU3RITkUKy4zH4fz+5GDQCGQGRaaAOrbZFq3RJead
vTLccZQa6+IU1EL/12onkSWklvNVaOMJJp5re6mZEdCiybYOPZmGEg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-01T15:13:20Z"
mac: ENC[AES256_GCM,data:z6CikTBFzpgHqbCTWEMdePE3DIIYivZgtqmVLglJrOq65BRYz7ED5+74lOftcUdHGsBhcgTgZKYEGvgW6r7B3AAV5RiJ1oCg+xWjfj64dyYjMf0kkO1h/4KC61qfpyd4Wj61lAFyw7jwZ5011YYZ7Ox3GxNGJP/ilZwfguAnnIY=,iv:mJ+jRqfJBs2izRR3t/ixt45R9FXD2PxknCcu4DRqK5M=,tag:m7LpFr1qesSBjnzP1Xy/Cg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

50
secrets/lewis/nixos.yaml Normal file
View file

@ -0,0 +1,50 @@
borg:
borgPassphrase: ENC[AES256_GCM,data:yIWgAwYj4JKAKFynYArW7dDEiVY=,iv:fADZUXEGGSgM1IPitDZX9vVErC+ub/KnCpHx1/9h4s4=,tag:UBcfpjSHiMj5FwVMr0XdBw==,type:str]
borgbasePrivateKey: ENC[AES256_GCM,data:9FOFCLfwGlgYQXgcg8TyOFoY/abdxTKcTT93JrfanPjlCA+D8Z5loShFTxXKFxKAgJZSMH5ts5PY0d/7EnNvTG7B8DQexaUhlU/kfAyXKHCehpDMwY7UuoS0h3qGU/IgqQIfWDc8pX5vIZuDP0a7KHd3iPFL7ETHbNoCTYQvJZEXYcLIoS6L6I8Wm5yxJJ2QlyvyW1NtnXspcBym1KzZlN+7plJazznX2MbFv3EZLZC2Z4WnixKXKeYBCSutat1fa+1nhswvPqCq/N4cJQgtpRFcQnMqnU1Yg1g1F+i64PqGSB3OgOvO5macn2pWNQqcLlNuAH55KEX5cHF9nSFObJsrDDxmjYZmT1lu/fBGHNW17O4k85BUflQSpsEDHRWc1O3W/W8xJs0weujFEqlBkVLV/nGNAXJKr7rIvbWnF67E1FgUO/dhePWrwpQRr77lES7hat9eiv9XlNlyO9GBGOp/HeFvykZmtwRqBhGWzKcmUNO3zr2FupddPBU9g3BUmeKm,iv:AdqojS3Ri2s2jEkOD7SfyFMlWeUn11OetLk+TlemSd4=,tag:6Fn/WpLzgNyEJDVbY4LyRA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjS1BaQ1RwVXZZTk9vMGpi
RjNIRWFIcitCVG9xL3JPNUl2N25QU0taMnpvClRGS0VxZFZYYXcrVDhURjlCQ1Bv
aFlIR2xXRVdyRzlRL1V5YTFFczdkQWMKLS0tIE1lMjBqNFBDd0JHQzdvT01DV2lG
ZXJyZVgwQ1hzVnJ2STlIUnBxbGFEV00KIR9mZ9TenQuYoi5epC9BJGLBpn8cirO0
d3Nch2GJpcEPwKeUjTsr1tPPKqua5GfbqrTsCdBYv8ItE1vB3qfvPg==
-----END AGE ENCRYPTED FILE-----
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbThPWGc1TXp5dnpZbVgz
emx3ZmlnYlM5bWtyc2I1YklmWWx1QU05VWtvCnRGTWs5aUNqZFdDU0xCSXpNM21U
OGZ5MEdxTXFMKzRwT0lGRHdJZmwvQ3cKLS0tIEtQOFp0VjdxMXJKUERhN003bVpl
YmNUd0E2M0QwcEpVa1dPVGZjb1hnR2MKK6d1LvSTa2Ku8xLO+eXxSO0nuX4bC6pp
JzS00ym6w/F9m6JRchSB2R2zswoIQmk/sWWB4f6llvI1+B636L1FFw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5c2E4V3pYTmtIOFpLbTR3
b3M4M1kxODhCTExqbnh3dzhYZ2NKK210OFdrCi9PV3h3T0NXaDFPUHJaWWhIY2pT
SGpXNElvN2pLaGp4YVIzdlhyRlowMlEKLS0tIHljQjBHbWpFbXdOU3l3aWs4b0ZH
WkQvZXMyNG5qZFpTUjBFTVNPMzBUZUkKyygGqHyNTxUVEfadY1PG1/GF1ouvaJmr
swJa95Sdvo2wsVk/47XJynSfNraOhnGd+0zlctoh9UfcB4CpHQzyww==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOXl4QXM0Y3NyQndFSkdw
OXNqN21Jd0o1aVY3U2YvbXQ2c1ZhYk1UUWxRCjBSMHlzT3JNcm9VLzcxRmdONTNW
amg0YlpvaDBWV2ZzODl0a3FkZE5udWcKLS0tIDdvRytKeFFQZk00Q1BzbnZFalVw
elNYMnlOZDcrRVI2a0VTcml6UjQzcG8K9qrjkFXq7w7kmCdmUUvb9EeZ9I65dBVM
Yc9SvR2pcGNbCJ9JFTeU1H/UTE1quwjMDeyJH5UrOc3Jl3aJ74X61Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-01T15:24:20Z"
mac: ENC[AES256_GCM,data:PcDrhvYKjQj8C47DQyTb+8QnBdZYpUmVZ4QMo2OOg7esc2DeeLwxQ2oDEcbUtIGY0s8mXuIZbh1XnDnLDWc+XX/cCe6lVNqkZO7zYhrGFRVqcC/l7ebYklEcgM+/+HK+JkouUb+Mka0NOBONuoN6HAYlaDAk7GU8GZCUfn+o6/c=,iv:74GdlT7DfXeJE8+kCL6B81nczwb2on+IgxekrYtIFnc=,tag:Afffe7vOP3IL7mz44rEzEQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -9,56 +9,65 @@ sops:
- recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdlVLS2VWeVdhV01CSEMy
NFhEamE2cFM0V0l0R3ppdWgvWHdNNHpPL0ZvCll4VGRMRDQ0OXQvNFRDWHZSWU13
VWoyWFJBZXMybVVPa0F2QWUzT3dFVzQKLS0tIHNEUXFaemlRU29PNC9oMWlsRkho
MTlqZWFMMjh4QXNoVmhqR09yRWJJLzQKphBhMCKiB9kNe/Z2CuYYbRFdjzrOGJHy
OPSwMzoy1k8Lz+KIY0u5f36gt3ws7+OeJZYBISlEwqfAqoe8VAydAQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBielJoNjNXQW9SRDY1dE9y
akw5M2hTSkgvbWJxaGZqZnNsdGVhVWFlRnkwCmN6bDRYclJNY2d5NVJvcllCdjhu
UkJxMDRyMmFMc3hQVUp3Q2RKRDJaN3cKLS0tIHlFV21zZ3RNYW10UTQ0SmdBbVpG
TFI2eVorL3BCYUZpcGNCU21mcHpBNXMK0JBvnhT2fNNWfLcXFYbelee5OlkCrRyv
ZHKawtyH60g1nUB+AQqneUJhiYH0UJ40Ttz06rVyzOYUCV8M6tghsQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aVpHNkJYWmNES2xrbGJp
Z3hNR3ljeTZTd09pWFptRHlDMDZLM2N2UlNzClN2ZFljdFBLWUhpRUpiblJla1J0
cWRERU9tYjNjMStJaTBmajdnRHV0UFkKLS0tIG9sTWE4b0ZIdUtnaU9ZZHYzN1Y0
Q2VwdzlOMW1QS3hHaUNXVTQrYlJwdDAKWlMMF7sb3TzJ2se17aO2CTVeUU3gGUsA
l+qzhEaYOwQbkeL054fCI36ySrrYyeWnyg/vf7O66zFJUGa2w9Gn/g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc29QQ1FoT1RIbE9neG56
T1MrQzdHWEFORnF3ZlRBMUVvdVRtWjRxYUFzCjd5aDBISHlVdUFSQ3dySmFRZ284
SHNjdjlBeVFjbW5kSmVKM2doTHczS2cKLS0tIDkrOVpHUVIwSUl4Zno3cENoTDJu
V3krQU1VUjFaY0pFbVJkQ0E2STF1N00KrqqxZo8CzJLwiE/uibJMA6V/g4vlRFhB
mj/lWkEAek7MhncNKFPgoNON+5rU1bqmEHufhpLaBV8NYEWMTM5/XQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoOFZmbEtWc0QzeTd2QnBT
dUJHUTh6ZkcrcFkzOU5qT3hHY1JGd2g0SVFJCmJJY2VsNVY2VWpLNjhLeERnTFRI
UWtzQmZHbVYwUkpqMnA3c0pyY0NNeFkKLS0tIEMxZVFyMGdNVndCUmVOeUhQY2pG
MWF4RTdsRnptellVZndMdDVYaFR1VW8KJHzwUNhWjw7Xzm5wTt7ioLsBRBGCO6l9
WqmtoN6laVta1QgvI7h1rZHsZ5za7wZ23i98CWhM1dqEKgSNV5G51g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZVJCblJHZGo3bFA3NitQ
OXMvakVVOUdISUlCYW9SL0xIZEluUzZENEVNCmNqMGg0azVac3pRVW9obzVOUEpz
RFZTYnhIU0E3c2h5aS9mL3NvK1lGMkkKLS0tIGdZOUlhbjMxTUcrdHN0VTFqK0lj
bzFiakFNNUE4RllrdkR4WW4rN1hJTE0KnIrPDg9U2eXrQU20hpFBULFv4AQZn18J
TGrgn5CzRHEjWrDBxQfN5u0tNu/07KJN5xRvd3MroH1KVe2Z0pQn4g==
-----END AGE ENCRYPTED FILE-----
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS2lpSWQ4R3U4QVhRcU8y
OXVKcVNWTzJ1L3k1a2lIUE1FeE50VzcwOXlnCm1na1JiSmVPUHlVVFdGVzkwZzNB
b3ZlN2R5NExBeU9YZlhBRHY5VThrb1kKLS0tIC93bEFLdWxZaDRpanJDV3V5VXVM
ZGExZXl1ZWtTMExLalhMUlJqWk01MUkKhCweI+hyY3qCf+XA5XP/QiMG57LQ98/i
msKrrNp6yX5FX32n0mPiVehb/6xY2/mTAtGtIt17MxdMY6QwXjQmEg==
-----END AGE ENCRYPTED FILE-----
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcFhqMjBIMjlhOWhMUStr
R2xOclVWWVFQTy9wYjE0YWd4YTVISS9GZGp3CnVBb2J1VHBEY0FzNy8xM2hhWWc0
UDRsVDU4bForeFZnemNja28rQ2RIOHcKLS0tIFMrbGx2VVdjbzduMXpveFd1bXdm
ZjdUQTZtVFRrZ1RmRHc1V0gyRjRWYmcKy/CmhxGi/pP4fzL8sWwZ9uIhTZ6C4xyn
uNTAAzrJUGKVSJdKLHVzXinuOcsBRFwu7ZfEMu7pp5K36OI09VRqDQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyU1Nnc2taYWIyVVhEZXVE
MTJLSjhNcG13S2Nqa0E4YnU2ZklZUS9QVUNJCkVUdWRWMGNnRTNSYjNvMjA1YTIx
UXZhTkNwY0Z6VXI1b09yRHl4aUVpYmsKLS0tIE5CZ0VmVHFZTlZJSzB3OTRKeUlz
L2gzMDdySit6VWd4RzBMcENobTJLVGcKMYhRprFglCN5gUpcZ2ZKV8YgwdcRNuOs
h+rEUaHuMlPSGe/t29hU6FfRGJ3vbPAKJpYDWANC6QTF+/TnFokzew==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNFJILzJTdWxYaDAycjhk
a1Y2Q29HQkFXazZrbjlPakpFSit0R3VXTld3Ckl5MW1KaUJDZlRRcE9Sb01YU21j
TVBvSWl3dFFJaXZNWHRRYUFWM2V4QkEKLS0tIG80amVJd3VEVEVFYTRzTUJVa0xl
VEtFaGVxMVVCTlZXeWVhOXAzaUZ0OFEKl5g7lFkDivGruD2mhne/kc+F7qvYFkI2
bEe/vlIKqwRuHaJLq2eN/Q0x8wTF9cIfD9zK47Ku75AgdTm1uJ++lw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQktCL0QrRGNpVkI5UXQx
bUNQZnc0ZUI0Q3lHQkNnbTk2VGZ1ZDYwY0NnCi9OZkhUc3hSTWhiejZPWVhhdHc1
d2llWjBKNTVNS21LODIwTlVLNTFUVFEKLS0tIGJLWEZaUGR5YXYvVHIvQUpBU2Jr
QjF6SDZhWktHR1BwdVdBRWIvVTFpT1kK4id9BOXza/HPySMgGi+kjLuQvokUZNlf
0+vleCcyAIT/9sv/RHm7ctAxsGp/NkdUBr//ED0hhYVd2zszejXHFw==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0U0l6MjRWVDBzMndKcmdU
UDdMTkRleXRUZ2cxQmovS1poYTluTW5uQ1c4ClRqUFpwZ3p3bHFldUlNK2RFbmZU
aHNzeVhMZDV5cDFqbXdNOHhocXhXNzAKLS0tIHJ0bG4vRENDZ1FEMEQwTkhGUFBG
MHpWNGt2VUNKVnhjWHVpQU9sN3orK28KVNBCGvHMRgXB9k8sTvG6A4/RNPg+joME
kVBqsRGs9zfKA01tGjlwJRGRb0sPzZ9e8OFUeAuQRUunh/EyxO32nA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGd2tSVmR5SjhmR3BSTCtH
NzJLNEYvSVVvaytZOEM0NnJsRjdoL3d2VDJJCi9nbVZzdlJZS2plUjlKWEt3SWxm
WEVrVlpqRUIzYjJTOGFveWR4UjIyWTAKLS0tIEFFajNrLzdXT1JXSXN3eXhGd1Vr
Y2cwK05uWXFhbndyRlhrSFNjYUlmZ1UKZ1vFRu1QhGGf7BIP8TxK2BIlMZlP3muA
R3qLr1lEQmob4O0ilwn65nSCEd1/9W6dUWqeSlJ6CavjG59AvSHfIA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-30T18:44:29Z"
mac: ENC[AES256_GCM,data:SG6a5pWa3gMaSz9d9fOchUXtXbRTpMOXmbOjZo5Fdx8Es1MEDwezwscQaj9p1dzmGa+7U8UUUzMYxlg2SmGgGdPgCs0a5RQVYvQFNdgpRiuknflFMcdgXLv7XFsTqsqSmbN0O662YDvCcz4DWRKjNCZAimlLym8pwDihj1D8dcU=,iv:JmCbcazDK2KPyYsoVy39sr4IbfiGfmGoopit5ojVADk=,tag:6tKYfMkJBjsThaa4qLqobw==,type:str]