From 8677ca747a4ae6243aee62141f64e0f2ac4b4d5a Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Wed, 8 Oct 2025 15:43:51 -0500 Subject: [PATCH] idk hard broken --- flake.lock | 12 +- flake.nix | 1 + modules/nixos/programs/default.nix | 2 +- modules/nixos/services/actual/default.nix | 99 +++-- modules/nixos/services/arrs/default.nix | 272 ++---------- .../nixos/services/arrs/default.nix.container | 261 ++++++++++++ modules/nixos/services/gitea/default.nix | 112 ++--- .../services/gitea/default.nix.container | 116 +++++ modules/nixos/services/traefik/default.nix | 17 + overlays/rcon/default.nix | 5 + secrets/nas-secrets.yaml | 396 +++++++++--------- systems/x86_64-linux/jallen-nas/boot.nix | 4 +- systems/x86_64-linux/jallen-nas/default.nix | 16 +- systems/x86_64-linux/jallen-nas/users.nix | 1 + 14 files changed, 740 insertions(+), 574 deletions(-) mode change 100755 => 100644 modules/nixos/services/arrs/default.nix create mode 100755 modules/nixos/services/arrs/default.nix.container create mode 100644 modules/nixos/services/gitea/default.nix.container create mode 100644 overlays/rcon/default.nix diff --git a/flake.lock b/flake.lock index 5f9def9..738a6cf 100644 --- a/flake.lock +++ b/flake.lock @@ -884,11 +884,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1756774688, - "narHash": "sha256-st5xUV4Fj4Px5MOvQdF26TZRPzxz47wgRvDjSwiDDso=", + "lastModified": 1759767678, + "narHash": "sha256-+h+Go9D4tw1B9zRWmg84z8x+5p2maEfBwP9+XlzESBg=", "owner": "mjallen18", "repo": "nixos-raspberrypi", - "rev": "aeb17b185bb65a3fa1ef6803ead393e9e10d1f46", + "rev": "fcbfe3aa574abbaddb9aef972da162cbe30703f7", "type": "github" }, "original": { @@ -994,11 +994,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1756515621, - "narHash": "sha256-cYPwtXNlQ18FBuMVJ4RltuCym2Acy/6O+i/fJ4UnEn8=", + "lastModified": 1758583444, + "narHash": "sha256-OnYthHIsVIMrZDWtCEp6Zde8ZtMcEBnpyCIdtTKU7bo=", "owner": "nvmd", "repo": "nixpkgs", - "rev": "b143badd3dea297d6ba0dc93397c0ebc2838c508", + "rev": "d8551a2038e21091fce8157e070bdb25dca0a94f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9a30b09..345c2a3 100644 --- a/flake.nix +++ b/flake.nix @@ -213,6 +213,7 @@ nixos-raspberrypi.nixosModules.raspberry-pi-5.base nixos-raspberrypi.nixosModules.raspberry-pi-5.display-vc4 nixos-raspberrypi.nixosModules.raspberry-pi-5.bluetooth + nixos-raspberrypi.nixosModules.raspberry-pi-5.page-size-16k nixos-raspberrypi.nixosModules.nixpkgs-rpi nixos-raspberrypi.nixosModules.trusted-nix-caches nixos-raspberrypi.lib.inject-overlays diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix index 69d01c6..1a90c3e 100644 --- a/modules/nixos/programs/default.nix +++ b/modules/nixos/programs/default.nix @@ -62,7 +62,7 @@ libgbm ]; }; - seahorse.enable = lib.mkDefault true; + seahorse.enable = lib.mkDefault false; }; environment = { systemPackages = with pkgs; [ diff --git a/modules/nixos/services/actual/default.nix b/modules/nixos/services/actual/default.nix index f3c7852..3cf512a 100644 --- a/modules/nixos/services/actual/default.nix +++ b/modules/nixos/services/actual/default.nix @@ -13,62 +13,61 @@ let actualUserId = config.users.users.nix-apps.uid; actualGroupId = config.users.groups.jallen-nas.gid; - actualConfig = - { lib, ... }: - { - services.actual = { - enable = true; - openFirewall = true; - settings = { - trustedProxies = [ hostAddress ]; - port = cfg.port; - dataDir = dataDir; - serverFiles = "${dataDir}/server-files"; - userFiles = "${dataDir}/user-files"; - }; + actualConfig = { + services.actual = { + enable = true; + openFirewall = true; + settings = { + trustedProxies = [ hostAddress ]; + port = cfg.port; + dataDir = dataDir; + serverFiles = "${dataDir}/server-files"; + userFiles = "${dataDir}/user-files"; }; + }; + }; - users.users.actual = { - isSystemUser = true; - uid = lib.mkForce actualUserId; - group = "actual"; - }; + users.users.actual = { + isSystemUser = true; + uid = lib.mkForce actualUserId; + group = "actual"; + }; - users.groups = { - actual = { - gid = lib.mkForce actualGroupId; - }; - }; - - # System packages - environment.systemPackages = with pkgs; [ - sqlite - ]; - - # Create and set permissions for required directories - system.activationScripts.actual-dirs = '' - mkdir -p ${dataDir} - chown -R actual:actual ${dataDir} - chmod -R 0700 ${dataDir} - ''; - - systemd.services = { - actual = { - environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json"; - serviceConfig = { - ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${dataDir}/config.json"; - WorkingDirectory = lib.mkForce dataDir; - StateDirectory = lib.mkForce dataDir; - StateDirectoryMode = lib.mkForce 700; - DynamicUser = lib.mkForce false; - ProtectSystem = lib.mkForce null; - }; - }; + users.groups = { + actual = { + gid = lib.mkForce actualGroupId; }; }; + # System packages + environment.systemPackages = with pkgs; [ + sqlite + ]; + + # Create and set permissions for required directories + system.activationScripts.actual-dirs = '' + mkdir -p ${dataDir} + chown -R actual:actual ${dataDir} + chmod -R 0700 ${dataDir} + ''; + + systemd.services = { + actual = { + environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json"; + serviceConfig = { + ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${dataDir}/config.json"; + WorkingDirectory = lib.mkForce dataDir; + StateDirectory = lib.mkForce dataDir; + StateDirectoryMode = lib.mkForce 700; + DynamicUser = lib.mkForce false; + ProtectSystem = lib.mkForce null; + }; + }; + }; + }; + bindMounts = { - ${dataDir} = { + "${dataDir}" = { hostPath = cfg.dataDir; isReadOnly = false; }; @@ -93,7 +92,7 @@ let { inherit lib; }; fullConfig = { - ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable { + "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { reverseProxies = [ reverseProxyConfig ]; }; } diff --git a/modules/nixos/services/arrs/default.nix b/modules/nixos/services/arrs/default.nix old mode 100755 new mode 100644 index 91da4b3..49c078e --- a/modules/nixos/services/arrs/default.nix +++ b/modules/nixos/services/arrs/default.nix @@ -8,250 +8,56 @@ with lib; let cfg = config.${namespace}.services.arrs; - radarrDataDir = "/var/lib/radarr"; - downloadDir = "/downloads"; - incompleteDir = "/downloads-incomplete"; - sonarrDataDir = "/var/lib/sonarr"; - sabnzbdConfig = "/var/lib/sabnzbd"; - jackettDir = "/var/lib/jackett/.config/Jackett"; - mediaDir = "/media"; - arrUserId = config.users.users.nix-apps.uid; - arrGroupId = config.users.groups.jallen-nas.gid; - radarrPkg = pkgs.radarr; - sonarrPkg = pkgs.sonarr; - delugePkg = pkgs.deluge; - jackettPkg = pkgs.jackett; in { imports = [ ./options.nix ]; config = mkIf cfg.enable { - containers.arrs = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.3"; - localAddress = cfg.localAddress; + # Enable radarr service + services.radarr = { + enable = cfg.radarr.enable; + openFirewall = true; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = cfg.radarr.dataDir; + }; - config = - { - pkgs, - lib, - ... - }: - { - nixpkgs.config = { - allowUnfree = lib.mkForce true; - allowUnfreePredicate = - pkg: - builtins.elem (lib.getName pkg) [ - "unrar" - ]; - }; + # Enable Sonarr service + services.sonarr = { + enable = cfg.sonarr.enable; + openFirewall = true; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = cfg.sonarr.dataDir; + }; - # Enable radarr service - services.radarr = { - enable = cfg.radarr.enable; - openFirewall = true; - user = "arrs"; - group = "media"; - dataDir = radarrDataDir; - package = radarrPkg; - }; + # Enable Sabnzbd service + services.sabnzbd = { + enable = cfg.sabnzbd.enable; + # openFirewall = true; + user = "nix-apps"; + group = "jallen-nas"; + configFile = "${cfg.sabnzbd.dataDir}/sabnzbd.ini"; + }; - # Enable Sonarr service - services.sonarr = { - enable = cfg.sonarr.enable; - openFirewall = true; - user = "arrs"; - group = "media"; - dataDir = sonarrDataDir; - package = sonarrPkg; - }; - - # Enable Sabnzbd service - services.sabnzbd = { - enable = cfg.sabnzbd.enable; - openFirewall = true; - user = "arrs"; - group = "media"; - configFile = "${sabnzbdConfig}/sabnzbd.ini"; - package = pkgs.sabnzbd; - }; - - services.deluge = { - enable = cfg.deluge.enable; - user = "arrs"; - group = "media"; - openFirewall = true; - dataDir = "/media"; - package = delugePkg; - web = { - enable = true; - port = cfg.deluge.port; - openFirewall = true; - }; - }; - - services.jackett = { - enable = cfg.jackett.enable; - user = "arrs"; - group = "media"; - openFirewall = true; - package = jackettPkg; - }; - - # Create required users and groups - users.users.arrs = { - isSystemUser = true; - uid = lib.mkForce arrUserId; - group = "media"; - extraGroups = [ "downloads" ]; - }; - - users.groups = { - media = { - gid = lib.mkForce arrGroupId; - }; - downloads = { }; - }; - - # System packages - environment.systemPackages = with pkgs; [ - glib - sqlite - mono - mediainfo - protonvpn-cli_2 - ]; - - # Create and set permissions for required directories - system.activationScripts.arr-dirs = '' - mkdir -p ${radarrDataDir} - mkdir -p ${sonarrDataDir} - mkdir -p ${sabnzbdConfig} - mkdir -p ${downloadDir} - mkdir -p ${incompleteDir} - mkdir -p ${mediaDir} - - chown -R arrs:media ${radarrDataDir} - chown -R arrs:media ${sonarrDataDir} - chown -R arrs:media ${sabnzbdConfig} - chown -R arrs:media ${downloadDir} - chown -R arrs:media ${incompleteDir} - chown -R arrs:media ${mediaDir} - - chmod -R 775 ${radarrDataDir} - chmod -R 775 ${sonarrDataDir} - chmod -R 775 ${sabnzbdConfig} - chmod -R 775 ${downloadDir} - chmod -R 775 ${incompleteDir} - chmod -R 775 ${mediaDir} - - ''; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ - cfg.radarr.port - cfg.sonarr.port - cfg.sabnzbd.port - 8080 - ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - - # Bind mount directories from host - bindMounts = { - "${radarrDataDir}" = { - hostPath = cfg.radarr.dataDir; - isReadOnly = false; - }; - "${sonarrDataDir}" = { - hostPath = cfg.sonarr.dataDir; - isReadOnly = false; - }; - "${sabnzbdConfig}" = { - hostPath = cfg.sabnzbd.dataDir; - isReadOnly = false; - }; - "${downloadDir}" = { - hostPath = cfg.downloadsDir; - isReadOnly = false; - }; - "${incompleteDir}" = { - hostPath = cfg.incompleteDownloadsDir; - isReadOnly = false; - }; - "${jackettDir}" = { - hostPath = cfg.jackett.dataDir; - isReadOnly = false; - }; - "/media/movies" = { - hostPath = cfg.moviesDir; - isReadOnly = false; - }; - "/media/tv" = { - hostPath = cfg.tvDir; - isReadOnly = false; - }; - "/media/isos" = { - hostPath = cfg.isosDir; - isReadOnly = false; - }; + services.deluge = { + enable = cfg.deluge.enable; + user = "nix-apps"; + group = "jallen-nas"; + openFirewall = true; + dataDir = "/media/nas/main"; + web = { + enable = true; + port = cfg.deluge.port; + openFirewall = true; }; }; - networking = { - nat = { - forwardPorts = [ - { - destination = "${cfg.localAddress}:${toString cfg.radarr.port}"; - sourcePort = cfg.radarr.port; - } - { - destination = "${cfg.localAddress}:${toString cfg.sonarr.port}"; - sourcePort = cfg.sonarr.port; - } - { - destination = "${cfg.localAddress}:8080"; - sourcePort = cfg.sabnzbd.port; - } - { - destination = "${cfg.localAddress}:${toString cfg.deluge.port}"; - sourcePort = cfg.deluge.port; - } - { - destination = "${cfg.localAddress}:${toString cfg.jackett.port}"; - sourcePort = cfg.jackett.port; - } - ]; - }; - firewall = { - allowedTCPPorts = [ - cfg.radarr.port - cfg.sonarr.port - cfg.sabnzbd.port - 8080 - cfg.deluge.port - cfg.jackett.port - ]; - allowedUDPPorts = [ - cfg.radarr.port - cfg.sonarr.port - cfg.sabnzbd.port - 8080 - cfg.deluge.port - cfg.jackett.port - ]; - }; + services.jackett = { + enable = cfg.jackett.enable; + user = "nix-apps"; + group = "jallen-nas"; + openFirewall = true; }; }; } diff --git a/modules/nixos/services/arrs/default.nix.container b/modules/nixos/services/arrs/default.nix.container new file mode 100755 index 0000000..b0bec24 --- /dev/null +++ b/modules/nixos/services/arrs/default.nix.container @@ -0,0 +1,261 @@ +{ + config, + pkgs, + lib, + namespace, + ... +}: +with lib; +let + cfg = config.${namespace}.services.arrs; + radarrDataDir = "/var/lib/radarr"; + downloadDir = "/downloads"; + incompleteDir = "/downloads-incomplete"; + sonarrDataDir = "/var/lib/sonarr"; + sabnzbdConfig = "/var/lib/sabnzbd"; + jackettDir = "/var/lib/jackett/.config/Jackett"; + mediaDir = "/media"; + arrUserId = config.users.users.nix-apps.uid; + arrGroupId = config.users.groups.jallen-nas.gid; + radarrPkg = pkgs.radarr; + sonarrPkg = pkgs.sonarr; + delugePkg = pkgs.deluge; + jackettPkg = pkgs.jackett; +in +{ + imports = [ ./options.nix ]; + + config = mkIf cfg.enable { + containers.arrs = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.3"; + localAddress = cfg.localAddress; + + config = + { + pkgs, + lib, + ... + }: + { + nixpkgs.config = { + allowUnfree = lib.mkForce true; + allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "unrar" + ]; + }; + + # Enable radarr service + services.radarr = { + enable = cfg.radarr.enable; + openFirewall = true; + user = "arrs"; + group = "media"; + dataDir = radarrDataDir; + package = radarrPkg; + }; + + # Enable Sonarr service + services.sonarr = { + enable = cfg.sonarr.enable; + openFirewall = true; + user = "arrs"; + group = "media"; + dataDir = sonarrDataDir; + package = sonarrPkg; + }; + + # Enable Sabnzbd service + services.sabnzbd = { + enable = cfg.sabnzbd.enable; + openFirewall = true; + user = "arrs"; + group = "media"; + configFile = "${sabnzbdConfig}/sabnzbd.ini"; + package = pkgs.sabnzbd; + }; + + services.deluge = { + enable = cfg.deluge.enable; + user = "arrs"; + group = "media"; + openFirewall = true; + dataDir = "/media"; + package = delugePkg; + web = { + enable = true; + port = cfg.deluge.port; + openFirewall = true; + }; + }; + + services.jackett = { + enable = cfg.jackett.enable; + user = "arrs"; + group = "media"; + openFirewall = true; + package = jackettPkg; + }; + + # Create required users and groups + users.users.arrs = { + isSystemUser = true; + uid = lib.mkForce arrUserId; + group = "media"; + extraGroups = [ "downloads" ]; + }; + + users.groups = { + media = { + gid = lib.mkForce arrGroupId; + }; + downloads = { }; + }; + + # System packages + environment.systemPackages = with pkgs; [ + glib + sqlite + mono + mediainfo + protonvpn-cli_2 + ]; + + # Create and set permissions for required directories + system.activationScripts.arr-dirs = '' + mkdir -p ${radarrDataDir} + mkdir -p ${sonarrDataDir} + mkdir -p ${sabnzbdConfig} + mkdir -p ${downloadDir} + mkdir -p ${incompleteDir} + mkdir -p ${mediaDir} + + chown -R arrs:media ${radarrDataDir} + chown -R arrs:media ${sonarrDataDir} + chown -R arrs:media ${sabnzbdConfig} + chown -R arrs:media ${downloadDir} + chown -R arrs:media ${incompleteDir} + chown -R arrs:media ${mediaDir} + + chmod -R 775 ${radarrDataDir} + chmod -R 775 ${sonarrDataDir} + chmod -R 775 ${sabnzbdConfig} + chmod -R 775 ${downloadDir} + chmod -R 775 ${incompleteDir} + chmod -R 775 ${mediaDir} + + ''; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ + cfg.radarr.port + cfg.sonarr.port + cfg.sabnzbd.port + 8080 + ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + + # Bind mount directories from host + bindMounts = { + "/etc/resolv.conf" = { + hostPath = "/etc/resolv.conf"; + isReadOnly = true; + }; + "${radarrDataDir}" = { + hostPath = cfg.radarr.dataDir; + isReadOnly = false; + }; + "${sonarrDataDir}" = { + hostPath = cfg.sonarr.dataDir; + isReadOnly = false; + }; + "${sabnzbdConfig}" = { + hostPath = cfg.sabnzbd.dataDir; + isReadOnly = false; + }; + "${downloadDir}" = { + hostPath = cfg.downloadsDir; + isReadOnly = false; + }; + "${incompleteDir}" = { + hostPath = cfg.incompleteDownloadsDir; + isReadOnly = false; + }; + "${jackettDir}" = { + hostPath = cfg.jackett.dataDir; + isReadOnly = false; + }; + "/media/movies" = { + hostPath = cfg.moviesDir; + isReadOnly = false; + }; + "/media/tv" = { + hostPath = cfg.tvDir; + isReadOnly = false; + }; + "/media/isos" = { + hostPath = cfg.isosDir; + isReadOnly = false; + }; + }; + }; + + networking = { + nat = { + forwardPorts = [ + { + destination = "${cfg.localAddress}:${toString cfg.radarr.port}"; + sourcePort = cfg.radarr.port; + } + { + destination = "${cfg.localAddress}:${toString cfg.sonarr.port}"; + sourcePort = cfg.sonarr.port; + } + { + destination = "${cfg.localAddress}:8080"; + sourcePort = cfg.sabnzbd.port; + } + { + destination = "${cfg.localAddress}:${toString cfg.deluge.port}"; + sourcePort = cfg.deluge.port; + } + { + destination = "${cfg.localAddress}:${toString cfg.jackett.port}"; + sourcePort = cfg.jackett.port; + } + ]; + }; + firewall = { + allowedTCPPorts = [ + cfg.radarr.port + cfg.sonarr.port + cfg.sabnzbd.port + 8080 + cfg.deluge.port + cfg.jackett.port + ]; + allowedUDPPorts = [ + cfg.radarr.port + cfg.sonarr.port + cfg.sabnzbd.port + 8080 + cfg.deluge.port + cfg.jackett.port + ]; + }; + }; + }; +} diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index e3e253d..e3ea840 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -8,69 +8,9 @@ with lib; let cfg = config.${namespace}.services.gitea; rootUrl = "https://gitea.mjallen.dev/"; - dataDir = "/var/lib/gitea"; - secretsDir = "/run/secrets/jallen-nas/gitea"; mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path; - serviceConfig = - { ... }: - { - services.gitea = { - enable = true; - stateDir = dataDir; - mailerPasswordFile = mailerPasswordFile; - metricsTokenFile = metricsTokenFile; - settings = { - server = { - DOMAIN = "jallen-nas"; - HTTP_ADDR = "0.0.0.0"; - HTTP_PORT = cfg.httpPort; - PROTOCOL = "http"; - ROOT_URL = rootUrl; - START_SSH_SERVER = true; - SSH_PORT = cfg.sshPort; - }; - service = { - REGISTER_EMAIL_CONFIRM = false; - ENABLE_CAPTCHA = false; - DISABLE_REGISTRATION = true; - ENABLE_OPENID_SIGNIN = false; - ENABLE_LDAP_SIGNIN = false; - ENABLE_SSH_SIGNIN = true; - ENABLE_BUILTIN_SSH_SERVER = true; - ENABLE_REVERSE_PROXY_AUTHENTICATION = true; - }; - }; - }; - - users.users.gitea = { - extraGroups = [ "keys" ]; - }; - - # Create and set permissions for required directories - system.activationScripts.gitea-dirs = '' - mkdir -p /var/lib/gitea - chown -R gitea:gitea /var/lib/gitea - chmod -R 775 /var/lib/gitea - mkdir -p /run/secrets/jallen-nas - chown -R gitea:gitea /run/secrets/jallen-nas - chmod -R 775 /run/secrets/jallen-nas - ''; - }; - - bindMounts = { - ${dataDir} = { - hostPath = cfg.dataDir; - isReadOnly = false; - }; - secrets = { - hostPath = secretsDir; - isReadOnly = true; - mountPoint = secretsDir; - }; - }; - # Create reverse proxy configuration using mkReverseProxy reverseProxyConfig = lib.${namespace}.mkReverseProxy { name = "gitea"; @@ -79,27 +19,43 @@ let middlewares = cfg.reverseProxy.middlewares; }; - containerConfig = - (lib.${namespace}.mkContainer { - name = "gitea"; - localAddress = cfg.localAddress; - ports = [ - cfg.httpPort - cfg.sshPort - ]; - bindMounts = bindMounts; - config = serviceConfig; - }) - { inherit lib; }; - - giteaConfig = { - ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable { + traefik = { + "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { reverseProxies = [ reverseProxyConfig ]; }; - } - // containerConfig; + }; in { imports = [ ./options.nix ]; - config = mkIf cfg.enable giteaConfig; + config = mkIf cfg.enable { + services.gitea = { + enable = true; + stateDir = cfg.dataDir; + user = "nix-apps"; + group = "jallen-nas"; + mailerPasswordFile = mailerPasswordFile; + metricsTokenFile = metricsTokenFile; + settings = { + server = { + DOMAIN = "jallen-nas"; + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = cfg.httpPort; + PROTOCOL = "http"; + ROOT_URL = rootUrl; + START_SSH_SERVER = true; + SSH_PORT = cfg.sshPort; + }; + service = { + REGISTER_EMAIL_CONFIRM = false; + ENABLE_CAPTCHA = false; + DISABLE_REGISTRATION = true; + ENABLE_OPENID_SIGNIN = false; + ENABLE_LDAP_SIGNIN = false; + ENABLE_SSH_SIGNIN = true; + ENABLE_BUILTIN_SSH_SERVER = true; + ENABLE_REVERSE_PROXY_AUTHENTICATION = true; + }; + }; + }; + } // traefik; } diff --git a/modules/nixos/services/gitea/default.nix.container b/modules/nixos/services/gitea/default.nix.container new file mode 100644 index 0000000..5f6514f --- /dev/null +++ b/modules/nixos/services/gitea/default.nix.container @@ -0,0 +1,116 @@ +{ + config, + lib, + namespace, + ... +}: +with lib; +let + cfg = config.${namespace}.services.gitea; + rootUrl = "https://gitea.mjallen.dev/"; + dataDir = "/var/lib/gitea"; + secretsDir = "/run/secrets/jallen-nas/gitea"; + mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; + metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path; + giteaUid = config.users.users.nix-apps.uid; + giteaGid = config.users.groups.jallen-nas.gid; + + serviceConfig = { + services.gitea = { + enable = true; + stateDir = dataDir; + mailerPasswordFile = mailerPasswordFile; + metricsTokenFile = metricsTokenFile; + settings = { + server = { + DOMAIN = "jallen-nas"; + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = cfg.httpPort; + PROTOCOL = "http"; + ROOT_URL = rootUrl; + START_SSH_SERVER = true; + SSH_PORT = cfg.sshPort; + }; + service = { + REGISTER_EMAIL_CONFIRM = false; + ENABLE_CAPTCHA = false; + DISABLE_REGISTRATION = true; + ENABLE_OPENID_SIGNIN = false; + ENABLE_LDAP_SIGNIN = false; + ENABLE_SSH_SIGNIN = true; + ENABLE_BUILTIN_SSH_SERVER = true; + ENABLE_REVERSE_PROXY_AUTHENTICATION = true; + }; + }; + }; + + users = { + users.gitea = { + isSystemUser = true; + isNormalUser = false; + uid = lib.mkForce giteaUid; + group = "gitea"; + extraGroups = [ "keys" ]; + }; + groups = { + gitea = { + gid = lib.mkForce giteaGid; + }; + }; + }; + + # Create and set permissions for required directories + system.activationScripts.gitea-dirs = '' + mkdir -p /var/lib/gitea + chown -R gitea:gitea /var/lib/gitea + chmod -R 775 /var/lib/gitea + mkdir -p /run/secrets/jallen-nas + chown -R gitea:gitea /run/secrets/jallen-nas + chmod -R 775 /run/secrets/jallen-nas + ''; + }; + + bindMounts = { + "${dataDir}" = { + hostPath = cfg.dataDir; + isReadOnly = false; + }; + secrets = { + hostPath = secretsDir; + isReadOnly = true; + mountPoint = secretsDir; + }; + }; + + # Create reverse proxy configuration using mkReverseProxy + reverseProxyConfig = lib.${namespace}.mkReverseProxy { + name = "gitea"; + subdomain = cfg.reverseProxy.subdomain; + url = "http://${cfg.localAddress}:${toString cfg.httpPort}"; + middlewares = cfg.reverseProxy.middlewares; + }; + + containerConfig = + (lib.${namespace}.mkContainer { + name = "gitea"; + localAddress = cfg.localAddress; + ports = [ + cfg.httpPort + cfg.sshPort + ]; + bindMounts = bindMounts; + config = serviceConfig; + }) + { inherit lib; }; + + giteaConfig = { + "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { + reverseProxies = [ reverseProxyConfig ]; + }; + } + // containerConfig; +in +{ + imports = [ ./options.nix ]; + config = mkIf cfg.enable giteaConfig; +} diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix index c33e089..3013339 100755 --- a/modules/nixos/services/traefik/default.nix +++ b/modules/nixos/services/traefik/default.nix @@ -297,6 +297,12 @@ in } ]; + gitea.loadBalancer.servers = [ + { + url = "http://10.0.1.3:3000"; + } + ]; + authentik.loadBalancer.servers = [ { url = authentikUrl; @@ -369,6 +375,17 @@ in tls.certResolver = "letsencrypt"; }; + gitea = { + entryPoints = [ "websecure" ]; + rule = "Host(`gitea.${domain}`)"; + service = "gitea"; + middlewares = [ + "crowdsec" + "whitelist-geoblock" + ]; + tls.certResolver = "letsencrypt"; + }; + authentik = { entryPoints = [ "websecure" ]; rule = "Host(`authentik.${domain}`)"; diff --git a/overlays/rcon/default.nix b/overlays/rcon/default.nix new file mode 100644 index 0000000..eb92511 --- /dev/null +++ b/overlays/rcon/default.nix @@ -0,0 +1,5 @@ +{ inputs, ... }: +final: _prev: { + # rcon = inputs.nixpkgs-stable.legacyPackages."x86_64-linux".rcon; + # llama-cpp = inputs.nixpkgs-stable.legacyPackages."x86_64-linux".llama-cpp; +} diff --git a/secrets/nas-secrets.yaml b/secrets/nas-secrets.yaml index f3897ec..a000612 100644 --- a/secrets/nas-secrets.yaml +++ b/secrets/nas-secrets.yaml @@ -1,201 +1,201 @@ jallen-nas: - admin_password: ENC[AES256_GCM,data:0XUblR800UyliA8JfYUZbncDRxiU6eoTaf3i80+OCwJ/31oBhSqj9OtgYeRg3IyURwik1Nk/609IuHjIhly3mgTjOD6Hpzxpag==,iv:0yO3z8ItHRQFeI9JOnFTKhKVHi5u9cMtpglFRlkvYLE=,tag:iUd79iWAJQ9iqP0qolSwfA==,type:str] - nas_pool: ENC[AES256_GCM,data:sx78UwPhgklzf8e/Tjw/2esAspMFTnSj3ahEtv3btVLpotwE9UDMtFGPkkh8r82mGLmzC3dRsWYaOAFW4ioVBpmiochpdAR+QfmOBgsOFQPKdqlF0DDXcElT+qxhJ9Uoo26v0XZwaTdplI9f8OTxCPZtihX4Y27sFNjhCM9loN+IJKqxPFNaK4RRJtFQL5sG2OaiPkSd/Wf082RTW12CNWYRY2RSTCqzKB7YclTcAAwdj72uJTER7uU8Fr4/PpUN7AJ/GGK9OetY5QbkieelwESBqQR12CLCF1/d82CaN/lL8jtuc3Q7QFsRGr28fHBNqOywkJ6aNxxZCKS0fjQGpasroQtt5fv8pNMs7Gu67SiuKGb/z0wKdd5c03sxD/42bSf2aM1vUW8Bm6PGGVk8OT0UWMA9FhbWeVr3HSb6gFktOlC3oRLGPUU3WcdkLAmqCWtSQuVHNx6/s/JDj8UyWqyDCu/7afxKX9gt+I6G+3EWmVs/fi91+tpYd5hyhTBFmOoC+wooVqnGVXtM7cUbWTJS4Ua82zcroHj+KKoX5sOOzOXfI9TVRLccPYlbdSY46467+ycEXsc7cxnigKerO29GhFFoC3pGxwwBcMYWDl8466H7cCDpYohPdY/q9dYuB3LBEzFizmANQ/kGEkZt1I1fydO+sN5ZcTyhnOCHQFI9lYPDsQ6Gztb4n8PEHYdHbp1Zue0p82H8hhgC4v2ne2GezdiYRCl1y2MZvF8CgkwAw/PkX2cb8CAMuG0ZHtOLFwUPjPk2KCe8G6yK0SekE/Zm36wlPz8yLd9S2dLRBcxXZiQEHXqONjVGf3fhbE8QyDZ83xITlRTnbQt1rF0vPrgeJD/m3u4QMo1BrF6EIsCCesQrNPLRRGddh7uyhVX9OKy633OKxLy2Gt1VjfuE77ZaPmNgIjk1geCXuKUFD/BC9DJiknVuajS8tFHIIh7YYUBZY/Q=,iv:ZvI+1L4Zwgwz0t++fvVxX7HXXuS8G8DcKz7WDlq9oS8=,tag:sbXluJh9CQhJH11gk2Ohfg==,type:str] - ups_password: ENC[AES256_GCM,data:tYuJ9nU3E2/Ko6Y=,iv:lQq+g68lKCp1rmPvS/84xGIXHxD9zY5zZrrjEJlY8Hs=,tag:p6McEr+sXGAQyMAz1Kaxfw==,type:str] - authentik-env: ENC[AES256_GCM,data:AzHHGyhoyMp/ebnK6LQ5apBUhQT04SPJrtA6XcdaQ38C+fYuG2ph2iWFb+giafxCe8IXWAYT8CWoeqcspM7CPSAAKgqfVaPhMvjXqLxCY/rpegb5jBD1U6tURhPsH3ADrERk+kCmTV2eUpuV+nluiGM+fRdwhB0zu378HKwhXCpSO4L24aXhe9pxxxaTQzncWH6zW5iaRdouDVr1bAUzLi9BpnmS0ZK/rfLq2whErCeN++Srx6aCgwJ7jaqetBglQkIl3YG6flS8u3vsKtI+RVaNJ5tzrWR/qv0vBy8y1PZEuuXZdiHjn1hjiPE1T31j2+aQdbX70RaJfIt6E4lVtArQHv8PTUDxUoxcnUv52xLTStT5/UdIlNoZjPMwvaknpK7Z0uw9w4j76gmgk06xsxoCpnXIGTm1QpGqviBhgfNs5Va/qi4MBfByaym3UAz9LPHs4keuvJNN8dS0q5OMnRswl14PjIb1MIKB/QCVHvb4hO7eIRiWOkA7nb9LP/y1mjAYslr+I+GNpU8oIYTAvKoMS7ZgC49RoLWytAXUru2I7CqDR9zgPzlDQ9gLPoFKw2uKulpAy0ayQWPcgPA2CFmF+5zdINNSNKn0gRZ/2RTc3DiWmzo4P13EmrOwvkWCkiswFu1d6ctKZFhQnfPuj9LRGp/Os55JpLrreSyRJug6lgR4bPdC3x8sbxNmb5S2Y+4aFfgPXfdCdXs5b+8j28d1d4EoOO/arUzNADz9ODD5esb2g8UC2QtQd0RRYX/qmiM=,iv:YKvFxz3M8HKlg56JfN6uv8hvCFlEbhBkaSQz1v9l3zk=,tag:rz7UixSDqOXH7Ga6mkVYAw==,type:str] - traefik: - crowdsec-lapi-key: ENC[AES256_GCM,data:r+0zzklrT+Ot9WVuyb0nhvzTfaN+1CGP0aAdWARiB9AvEnFz0KAM9Q==,iv:wLxubJJBVAP5XwgI3yd3+ynKdtntth0VShWm2umvthk=,tag:SkqRofFOB7c/U/IISmaB8w==,type:str] - cloudflare-dns-api-token: ENC[AES256_GCM,data:ZHAP3KuCIh5LAH3FqCaUEoKNRkoRqrbY/NySsubzGCbZtO4aXYI2GA==,iv:IdGRIpfxxDhHQKaU4PeQI8ESIvzcNNgsqEFsyZ1ar6k=,tag:1u/bhR0CuI9rsn8gycYHzg==,type:str] - cloudflare-zone-api-token: ENC[AES256_GCM,data:N02jcaPLYVzOmo5omGvOKUw2MZg8/cVolRcw/pu+sFnV8IsrUFOjmA==,iv:NZ+OaNR5lmsXicYQ7QL9CBMhlm397VbqmIcmr6GGBWw=,tag:FOT0EzDDuJ/kKOArn8e/rA==,type:str] - cloudflare-api-key: ENC[AES256_GCM,data:SWCsa1YzUpl5aQmeVBzKjfkZdAfduX8pl5RKd+EP6pgyMCCc6Q==,iv:ccIzA1OzGyRnq8gxXAg4B3HHtKcvXhXKMWVuTs/PHLI=,tag:R9KrYDrAluTAyuv7DfYVWQ==,type:str] - cloudflare-email: ENC[AES256_GCM,data:WCe6JlTQnv2PXYcySZNbZ5Lv,iv:qc+o+GEqdRm3U5qBqvH23HOah3Sa63QzqZyDXWozcqo=,tag:v8YY3jCoVC8h12wHTFjkIg==,type:str] - crowdsec-capi: ENC[AES256_GCM,data:9T3e6CzJZOT1KAXlpG323oPmk9xsoVVWI/WYnhdmzyymj61LgNJKvA==,iv:NywJk/tkmIGR5jIgxpvheRBCrK64QytXAkr+40nn62M=,tag:XFeafjL/84r0fLa8UpjyjQ==,type:str] - collabora: ENC[AES256_GCM,data:tFbbm16DFMsxT0I1ogXTRwyTgkE=,iv:yzembXvJ9+DroplBUDiMPa/jn9pjpAI7f5oHSTaZedA=,tag:yprIBtaRIjaHW6nplLYYzQ==,type:str] - mariadb: - root_pass: ENC[AES256_GCM,data:AmZ3lU/GM9lMAjchF4kvjkIZlYX0KZV7ov0dxtnDmg==,iv:9JQuHWcb3/lCR3gw4PFtzMKxk85GXzFV35NguJydUkk=,tag:MEvmiYhAYa1LUGTN9wm/3w==,type:str] - db_pass: ENC[AES256_GCM,data:xjdxuUl14d0qQXIuYi+Zxx3mu2fqN5c3Zg0=,iv:AcrrY6BUi/Bcg/8FcDORmsDrhSEoN+kzdx8OLyAUS4I=,tag:pwwKbiK4HiaNRwp/k5/QrQ==,type:str] - redis_nextcloud: ENC[AES256_GCM,data:mllmOV98zpqLPhI=,iv:Vl52jKAfzy+aCqpGYUQ80Ye3sGDAR/3ULSStEjAi1hg=,tag:DwUT2cdQ/BA1TwdnXoElXA==,type:str] - nextcloud: - dbpassword: ENC[AES256_GCM,data:kvBa4tUglGHuLH0=,iv:IUWHIH6vx6QlXaKNyq2l0lZGZvudskCW9+jCZ2oENVs=,tag:2UC565EXzGxb2N4XO43ydw==,type:str] - adminpassword: ENC[AES256_GCM,data:UJ4LBpif5TIOJqY=,iv:28UgOD1LIoHOVBPTQ3MpofjdkBwY3ghLK2vIbTwZQaA=,tag:F/77ApazlfppzQG6UdTQdQ==,type:str] - smtp_settings: ENC[AES256_GCM,data:8KyWmx+e/DouS8OucMrd2AMFE9w1b4WKHr8RuJ8kMqSlL7MP5GLwW4WZhPCJto6kTzAsy4WPFb23oG6UbQg9DK7b2CiUoC5S5mcDxX3lnzX7clyrosDvIHqVlwjamtgfCuNJWcT+RB6a91T84HEDTnKMTsiJvLxpSEHehzL3ItndV9p4+JTs5tZFX+dOZgqVIMN9syQqFsSpI6fk8LNJh90rXXg4jkh7+EFjmBk3QoSOuI1z4JiRpiauVP23VwTtTqiL1Aw8NpDhX1bU0RL+DAWQIZd8o9k/oedziCfKuea73yq4Z8uDaZJ3BW5m1Z1QA44Yu08qvKzBiAAnEb3bQ83ltWI2mfygupjm3tfIVfQoMB8scivaN+5Nlkx3u8f9SAzxyuvqYxZx8TDsyWGEG6p2frHxX72qxu/xb+DYrXBpyDkVA6ng,iv:CqS+/0kL4JmPXRc05Zr2+CFksP1RhOvzIr732z6A1bw=,tag:ux0ja/g1Y40c21hslYnorA==,type:str] - gitea: - mail-key: ENC[AES256_GCM,data:kfurnrj8eNKGw+KZcijs4jhJgQ==,iv:mFNVcxVyOj5Se/SyLOcKh5ja/QJmL8wfejzSGOzq6yo=,tag:XBU3urrqarICO7niqBRNbA==,type:str] - metrics-key: ENC[AES256_GCM,data:qgISwC1fgApJhJo=,iv:BH3tPh8NE3ByYJjRuL+o8772o9qWeMUVrEcVwrIUkM4=,tag:vJxscFZFAQowXX12OSb6HQ==,type:str] - onlyoffice-key: ENC[AES256_GCM,data:9kWRGt8hHc4XmPU=,iv:Oql7Fa+Ap4F2BTEFeyUmPI4e0oZ6f7Up47rKe1XENRo=,tag:6FmuA07rlokGNfjta2i2kg==,type:str] - manyfold: - secretkeybase: ENC[AES256_GCM,data:nu7BpqodQ1F1Exsk7jfl7k+chONHJsVk/a7e,iv:BWUjAHDWUz3WHWFIj+TXWOzQPjmSw7cFW9YVrBshhNQ=,tag:zydtByGW8ZN0ixC8IoWuFw==,type:str] - immich: - db-password: ENC[AES256_GCM,data:VKXAsUngn97FDqNEEZFp2GPObNMILv8=,iv:PSIbO63irXl5cx8l6sOSKAKNSygV214vrq48bR35/gU=,tag:PuJV5R2rmYtX8YfRvMGK/A==,type:str] - open-webui2: ENC[AES256_GCM,data:pTd/xPCZxLy95U+6RDZhLwkveKVO0UwrriVgp7QvwS5hXfZq8OdEtmmj/wVxCcRmao6u1icjPa13r5AyNMkONtqIW37nG9vhlv5t2AmXDZo5g+fhE9i1zws+UcjanAKOKaFL/jWXO/BOOuMcmEgL9HaqZSvFtcyr0mNuMH0AH3U1D6FXXfAlm8Zxp2Dpfs9PdxY1MgMyeA44sAnAkRCkk76p7DBtBoAuQf5Qaqk61pqUlm/SLGYd6ycL3A9EvTWffYwoEpHH4ktHQmA4lA==,iv:cfkg10puhlq7WSNmonO57yfkT8m7yxnI17szfaSY1Is=,tag:FqvDXMcaxdcfUXwgkUNrGA==,type:str] - open-webui: ENC[AES256_GCM,data:Th2WQmGPCqd2lsSCvl0NhnHT2/dVoV5k1DM0IhrewEc=,iv:rNEYe/nZAz1Bex/Eb8z8T70z2CV4+nTpzjzTX7Nz0Uo=,tag:yh3ID15I1ZrBYjnCgeo44A==,type:str] - paperless: - secret: ENC[AES256_GCM,data:b/7MEdo3BQ0v8vaBnfNMamo5NKIA,iv:op2/RA6+HwmmVK2QVkfJUBQjPpvce6716U066YaUehM=,tag:66eEjU68GYZi5bBXtEojWg==,type:str] - authentik-client-id: ENC[AES256_GCM,data:b8XMIBa71HuT22sd/CRSctq7dZwna85WcPYAJRPZLSWWpZENMx03bw==,iv:4DQjjF4TiL3xQltVC+GyzWjoCXJr/w8DLRZxf/636Dk=,tag:FUAzJg1Jj27p/C3RwgOrGA==,type:str] - authentik-client-secret: ENC[AES256_GCM,data:IroyLoiv8TT7+bG43bnThsz+b4vAdKc3+uLQWbtiag9+NAIMH/yDRdcyoag+PZIF3BjUJHClbnNHFZmSOlT+rymv9q9Ja+WDdSHD6jc4KAtPakshh+WfwSzdMhegbV3EWbxNcRb02eCZifnpYFH8aUqHDpbeU9K7lx5XBMe/bNA=,iv:08rzurhosfME0FtTEOdcSxbiq3dq9sc6Bm+OXvVyn8M=,tag:RnY57cWBr+jBqlVUSYaP3Q==,type:str] - wireguard: - private: ENC[AES256_GCM,data:xcv4eH8WggS/05MkcL96MpJVqwsFp7AzFoYVoQmOhNC32oy+g3vEibmYCNc=,iv:LWBA3UKqEKs7NISVWxAT9zZ2OMM/1Em+fchZKlrMLIw=,tag:pZkNHc7CGV10X2pfT16djA==,type:str] - public: ENC[AES256_GCM,data:HP/vP2bVp26cGyP1rJuXSX9BnUeauOVx1c9y48FakuQ+lMr8jymYGFm0vUA=,iv:h/FuDPaTQfGRGqA1H0+kz/kQyJ+2eIWoi7zObaIJPjE=,tag:zrjbq7S6DEbE9O+JAZr/4Q==,type:str] - free-games: - eg-email: ENC[AES256_GCM,data:pv3jGc/aOdc4hvbP0IqfWIFoojRaOZw=,iv:LwBpIVhtSegL/YbkKfcHSVcu3lW0F/01DRkMMbvOCQk=,tag:ecZdRFeioctVrBWTHnLwmw==,type:str] - eg-pass: ENC[AES256_GCM,data:JOd81wrPKpPH+qpZxIO9dVw4qzw=,iv:CNP/GALkZUoFYIQnerCNg7O8WqxMVC6KBwuxUa4KZyM=,tag:KfRNc3qOR92J/biloxYtMg==,type:str] - eg-otp: ENC[AES256_GCM,data:DTa1gbSOvBwoWBU2PP7DXOC4XzkAd9NCPZWaFle+xR3mPvsm/hkjBqL6ElO0KthhCuX5vA==,iv:Rfb2OzXL7J6pJwkX4H6c7NujYhBgTT28AlQFJN89u/4=,tag:7QxB5repYKfNiBZW72OsqQ==,type:str] - pg-email: ENC[AES256_GCM,data:RkZCkaw85bxTx3GWSSVJduFa,iv:HNV0SzhDnfFMNbWHWIAhA2U46xNYEgbH4HkNdME65AI=,tag:NYoPdQc0EqO4Ebq5/dOqxQ==,type:str] - pg-pass: ENC[AES256_GCM,data:YI05qDIsdvbXvHk=,iv:WTovWiBZxeZButRzqHKM+kFaLQ/73ZeJhsgiDX5zzAI=,tag:jUdhMk+w2H/iFmp/MjMnbw==,type:str] - gog-email: ENC[AES256_GCM,data:VMb/oJxLey5TZvBhRZFlwJt4yvXUFEs=,iv:uV/MFBR07ZbhtCStnsVEf1HtXTBK6/AVH//IyEtdH34=,tag:+7RzaXYx2WS8BGJJhuXlqg==,type:str] - gog-pass: ENC[AES256_GCM,data:3jNo/Hwe+F0UsLA=,iv:XSqyMn2GHdCwRfBfWdICcYAANKNsUDlTKfvtu9BiIxI=,tag:/VtO1syI4ybJxJa8xEgTHA==,type:str] - nix-serve: - cache-priv-key-pem: ENC[AES256_GCM,data:5loCy3Xc2U0C/WflfTbnptoHkUCRU9iuSd+2H1XQDk8jkSK6/09/p0b6NlP6tdNiEPfSazRr9eWe7Tb5l+Hs4O5HGQrZKUKDak7L7+tgl0ncDo7ngm4LD2WHZYS6WrrgYfuToB2KbKmoHOdG,iv:q2F9gkOwKNpYt8+r0MJk7XqTg/aFWIThpC06dHxcmEY=,tag:ls4N9PXshXgUZ3VxBvI6WA==,type:str] - cache-pub-key-pem: ENC[AES256_GCM,data:b67q/o01xnsFet4hpOwnbRK2jb7/+KdkRexLIZxOC3er7ue5tTfBTlelombAUv16377hSWFGW4kDqBC4zUKIJw==,iv:2uYKZ7sWEgFMtSjCxD+LraZUiHt3sFyLHugQeHGpsCw=,tag:T1eRke3306cwSYiEeieb4w==,type:str] - system-ed25519-pub: ENC[AES256_GCM,data:likQGiGyNnUQZXIMi61ax3nWufRT90iXiaMQ3Yo7TWKdvjQlwyEIjYImImEW+SquIPMYSABpt0ZzX4dj+yHa0rFKToWObQmRq61q4gZ7I4irj2mimiEFrzmrNxwZplHS,iv:LcjzMno+g298jzbskR9Pi5RPjhv3o8mSFxDGlHO7MVk=,tag:NohNVOsd+Pm7p43rEERUFQ==,type:str] - system-ed25519-priv: ENC[AES256_GCM,data:tMk6T/mfo+8k5ZWMy0zZOrs2svq3ePWn3TJKxEnpiuShNV1wT1bMkIojJUqFPNwoxt1DFm3KgDpPvHp/NpffgLJ0wYenHZTYKZj4d7RtcFnCmCWH61hLwmriqxP//bK5d1WX7ynXgVzyTCPyCAr2JQNITjug5geEnpcUb9AKpa+WRTNF6T88mI/i5DMaiMeUl/PGofQjK8YzcOhYgvCZe19TCK6QGDViwe7az96h5x0q5nuhp8rwiGVso3DRvWcLUSzYcxvkyh2Z58bX2mHNUJEslYlAK0ekA9O1mj/1dJei7KD+saJGM7uvP4zrSlHzFvSx1gkxvWbQL84LZOp9XfCNTjwDi503nPb8vLpg08m2iKrAS3NEA/cifCL9h5QhlJWNEz0pA7GTERsZvKk6Ajt9E+MrFs6ixKey3IPZhLExjt5UjjWeZ9PWHTlL2805GgKD+yjqWEDLsWmcRDUlmLcd8tIi7RBmo2PjVIq1ZtDeuCQuWTHWAgoX8ijak6JsNl/8RsyK2rwKb6RTDAihuPuiQFuW+d7mfANX,iv:9CU3QJORv0CD1u9nnFDbKo9DitjQvWGUVjtLD9TkcQw=,tag:zJLPWaKrSNPJtd/PFvmf9A==,type:str] - system-rsa-pub: ENC[AES256_GCM,data:9vhYfhIvBPDckZLxa5RmVWGEzRoLZ51aEkAfUpHFm6SJ2e/BS7glExFh+rw+DXX1KrERbl7W3R3TRF8YVsxEKjMXf7OH51IWSmpdHtoeT9Thkyjt9EX7uu68NqSyUaq0ndRBUBp1zCAXIuBw7JcGC0H+nxfxdscDrLoKD8bW2NfRazv5crW97wWj8ajpfeKZTH7fOopYHIWjgcWTfiKh3gC3j1WCt6WjWxfHIGrNnBrvlhpi9QOFFfBOxF7NrSLfIUm8LURtPtcIZEX0SmSq1j9azU4EU5WoI3FwFJTqTLY0HXPM0MdFg4y5EXGwzok7icAWiznC3UVhjWVTjAjGjDEaAzoGTd+KNipUmiTWZNW12ab7XMHbeR1ZJPaVzcMEB0wKMbvRSZSFT1eLcULHwzezE5rP2JTiLkADgK06kQNs908uO2NEaGdB/H7sroFah4ZthisPy33lxVinfE2MDLDABj7ORIURST8ag3bw6Jhmam3+38x80YSA3APVWHsRc3+mJhIRCXPS6vfurVY/AFMkIwH/Fxcx6lyeJHx/KutUR9doV4h91hiVHK+hstYuiA0qvKw5VahS9Ht8BosJ6T1eBC1xwiSctMUcC4dRltTjVegNnEsuvyQh1xqL1Xq49k8MyuBCoqmNrTqkxt2Dq6facxwqt4XpSMK2qHEQuXrY61oWh2z+5B8wUk/wVCYg3cAlhFOAObI8aRundOh5Pe6mdFxKW4TnuD+mgoNWsJnqfTZfBbhEJWDtxsaIpoJoSMvZmBirWBCZsDeWSyOaegFZd6hmNgyQ3exmu/aByojzJm30Gcg01WYrDZMVXBFUfkymhxTpHUSXX0dEdfd8QCQjbiH3g6rPttXYL/ZYlS++8oJwkYNYrKi6ENFORmReQpATuWVmxGHnLLV/Si5BhYjPLAc2Hum4nIBd43SL2jijUSXLE6hOrntL36Ll4ToTs7cDMHIDtopYC6ML6DS+Mek95l0=,iv:3ziWTbKw4C7noiQvrsx1+/rA5me/zZLMImR0Emjc6d8=,tag:3ncMX9pUOSB5VjdbO8HMgQ==,type:str] - system-rsa-priv: ENC[AES256_GCM,data:Amn024luro5fz3Pquw4tQNsxnJ259Jpup76U7sPIRXcCSG/Y36T0/rJHuwIK13BpgEOJCJBe9wVFVX5C1oQKuSA9dj+Hu39tbb9Gjs/CVOB8lOouZ8ydWciy94b+gcm8ZT2+JW1TGHbVJz0i+G66vDDOhnAcY83sBZ4FGWNYV4B8LlHtdMWeujm97pgLp9OVxAficIKkNTdEfs94tUmh18lah3kHvLHgnIiYaC2r17QB6F5mcWhTAups+AT5YAMPTUGe3LQsk09ca5K5nXt3atnErHzuLt1xreHM2GE1HbBo5qY0jHiwbcHx0SpOcFi7vmttUwrR1IJ8HlQlGHGd5muCmbidtw2WLd9KrYbSWSLyFDZ5XCh/zolUJZvyDZj29KN5in5wH6/Ad2MpI9OYBVvncA9XFS+Ln5rBxV7GOlxEFaQ0CmZPP2VJl9AVsOkN6B4hofQnZEP1IkP5G/GN8mdRn40QxIfYgS6C5ywkdn6xelwRJqkqVx0xzbqQO0ecJoidfv4IbHCdmJn3FYkLKPBTne82BPx1gIumvSdLnLVahPUZKb3k/32PCodWVSfzru1msI4oCUs99QlfqthWpYY6Jt2gzW+5sVc7Gya7EaNBeOvMZhWFQG84/bLQ50uIGzuWLoE5MnqG4EUu3o71e2TDNFtc/dwVWHz35K51sB/8jkAGykAe3mSTtX7GkdKliS3czNP8hrPcHflM/VP+7pNpO90ZDelHlfeP2E6cciGU5zLsVXBxGWMz8sz+lH87rWljrHRh77fGp/PYJzQ/mayrdXgEZSh97oNXUEe3obWo+WEEtC6WT25wNoc5ir2C0ZGKGaDo9M3VcbxnvW3FMyI+A7ZpETx07tIIuesKiyz/xW7LgTVnDJxAR9E+Le3qzeWEA3lUv0ZivvAmiriC6Z0moMwsQoiqAwrYVvB57CYktj+HhulkoOs27ccsM/MkMi4vIHC+j1LYEydbgbXdunROSsmQWYrGdd8ElvjEVfAtsXKt6eEj/UUyAPBGw8mJxrsTlFoQyM2HzkWyLnHV+X5fhG/0YRah5pc6kE3oLdyi1qurQqlq/j3vV/gpYZZwpxUJSvQXs/YEddRA99TiW2lvjaS/6zDQbD27hCZwUw4oers3XEqcikaEqZQJQ5J/r1KSa+Ejsa/eZzeFxVZ7ZADyrXj+l0vzeQMCpMc483gzERKozuA2Yc04fyN3cmsw0Uu6tPmaJRyVnj3i4Sv/uLQr2nDsVT03QVSGpJunRmH0UuUFMrCPSVRHGYuIvjl4ydo+rVcP0dOdL/nZ5bokt/B4AZ+0P5j3/JVhEgDvPLXyWPnvbc6deEopMjvAL4Y8apcSi/6r2cLle9WeNpVC2ENnamYiUPwP0WL8ffRABOTkeGtPiCk28UzXBM6Z4ebguAW5XDYDUa/n6I5f6BLq5I5yQKoc232zwWaqLnvncjyQx4izca1KVXQcA6pjKwsaDWjFZGkBLSsFmWjFKJxKVt8OZq8h0pNXFN0o8KlCx7mH17bYKjRXUVTflzl5A4iLtwE7LCyeVxyp2oHH+qGpZcleUVw3bNBZlYLFxfxXSSTpe/ebaVnE6gS03LiL4jcxgbwQtO18iah5kYJwMK02p96d+AYO3wYMVVsdZhI1SJhphJF9YJXR7ImrlUVDgd+31W9FL3doMkMpeMKd2kC2LNUZHRXf/x1Gj2LSih2OMiDxL6h+HCXi3Yxl3gklbNJXaDr0guvMwUt1d8bnf3dTq1ZidWzKvHEwjySgdFyxol7aUtyXMyrbFODcUx/cY9qWLFlN2G6Gq16njsI5XiBuIdgOk6S+5kAXZkxNzlizWuGx0kRkQr+HlbwfjkQr22zH0y1g7nC1651cUXQQVoXzVoCfWlWQH0UKPGBcMLkhGAr4TITIO+BQVlJbXSaEXvihCjgcmwSBe8neRunkUpOaMUDCjg48YJ7lMP7wB84MxSBMQYLwwCSpD6uci8eOnWP0KLLjgx19nLw8f0qbXJ6gNy/tn4s8AZGYDpFRz2euvyjE71QpFY1peflijmxkbjwKKZNj3v7fIdeUIkVM9fShijtGNzFYRKQEdIPtCL+39n56YiSBkdIAFX1lg6ON0P9MLo3uZdYmDBr0fbXR9KN/rLZTeZKostF7WlRwMkTswmRLkH+HQiLrZqDM9xPWOxbNeIi1qDUH+nPijpkWDSCnblrW61ayKNTP7qsToeZ5IX7S8ZODw/FBhFRnXXMcc7tkQtzGvPKcT+MNMnLlUi+Y1RVtwmstuFZw3UO/yWLJxCbH8pHrio5qKP7gYg6d52Qa+JYPkUn52Pe7xQVfT8U7MdpYWdyntAOPwe19+Uw9Fu8ZABnzitFnUzvrtYZjYFTtwgwfKXa3hK79zJkexinFE8fWhAlPwDLwUaZnWU2mKIRMqTiELD3D22nevibraYrtxfzi/w2OFT5JSFd+soh4loCpwS0QbiutMo5+E4qZgXxQ+HoI1pnec3hs4h6d9AFJwigfQqj7DB+Q5Xt71rca4cgrPGpiPCjCQ/UqOE8Wzdq9B7o4hxBnC65CQMTWGtyLsu/n5fgjp/jPvTtUbv6R2S4UkGh1K4f3ifH15L+qyokVKg661hE/F92HDw4zl0FceBFc+mwGHvrkjYXeWlA46YDVypwGQQFUwZ83tB6r2QuVeW7sUT70sMbp54mK95yRYInpVzhnM5g6QPCPxO2TlFeifUOmHj5IOND71WklF0TiNEwbF+gqXKdpCmbWZ75yoDBoZ7bPe1tLn4KYzEaXdJ9daC2kTOcJgIbLqi2hX02QOT4kUjFYf2VQDC8foC4YdkpZXtTGO0sJyR1VQg2w0toxwuPHpV4Dhu1VcI/iWfjSoGDOWtKXRHrqnImye1DnHi2Piixvb+jauMj1r2a3X8R3/gzsd6l/YH+e/p/YN6ooObvx+Z9YNfpIBhKGxYlFR+u+eKcR8YSIONNcEJDDsuLOdhaAwW0HdHHu6O+TZv9wL/hrW0+3dqyrPppNC6eWfInowaPbtZmQeS+MOtUosqSPLrHfpBOfAlHLc28VqlczuCE+UxI8jPDE6f3xiLfpIPmPZH47w74J7yE/RGQcJzSKdfL4hTq8HB0vVLS+d760iNB7ykRXWjRUpLWNjSG9UXoYZ+nnjGyknKnPW6U1T98LfnuSuJa2tPWj2uMxU/30k6hiDchvFaqlC20hWPVD7/m7iP8ZsEuChN4ZQvmRkj+RyiW4HSFuleOof8lQIu422L63yC71gwCz4AFyOH5RxVaoMfMrMXTzgmcktfdP09qTLC4WvRBQeLhBGif5fU/u0wiM5QCAVsMBheCkhYpSarcbUdbo02N1l9w1JIVkICw8AJtJCyJ667Qk+Gt8yD179qkJ7rcYcQnBN6YeTNQPcdGfuGznPyyrbHWJcM8TjaLw2LF5F+quUuEXMWcWPoK0B/1Z+UCrj4UKisFQ4bCP0mkIFhSsmTqvsemAlWc3JrGnl073ojLPtOXu/HDy+Z5YqC+kzGbPnuK2LpxA9uhvk6CvkfOoN0iZDNpUywRGGOqUuS8YRkgaSaxbKzJZYjnUGouj83GAShtiVqIlbp2aberHf5tMjtahcwwEQzlvDqslESw9ZOCZyLuttrsWGuGRxoS+ZhZ1FjbTUrkwa0jfGuKa8TgMJb1/HTVUCZfJRGShFwtvVtrmcohiUW17+s8ncQ2Mx/UJ5ssPl6stthN5gE/OMgPWJZxScC7WMenCovPT50SYTf4Z35YorvOWojYOe9mSBGwJAqGdpNPwlUezWL5xodgX8Ek4NCi5AoiD12y40v81UmsXh1MQ0AfAgWbq7Cw/6usLzgw/No8pErbkVz7UlC4YAUBe3TtmloTiuMTJNMgFVBua+QuCDsgw3djIpTxWK+MZ/UqInxXhfV0CmgMXtrutybbcbQGWS16ZrziyV6PDulGWAuvRlVdL6ZzG2ACuVEp7LCLPRCx5QBRciYRpJhkqhFo8xGs7d77RG7wmB99w3eHu1OlQk3OOrFxEbLxOUQXebNLfGfX22UJ9EDrJsCq6KbmO2VtuxFy+ixJMHlYP1LdHGWHa0KlN582jaa3MfQJk6JdpbWQCVt4zmpIUsTBKSLPe+UOoXQ+b8YWHQjf4hIscyjgY+W1+5rqzdTXv4V0jKrMwaY9GgVoIyngy12b2jAnHTCt1rFJYrFK4CUL1ElpbuJL1R1lQe7GPFhI9Y0NP0Be08wPeyzIBgzNOeOzI5niSekcqzQTDCVi1tLdyiPi9PD4K4S0tdVNPLo+vwm1MDEKoUEr6c3YLTpqpatBTGITlXJCKEbUc6/q1JYeOakd4jSpNlHlyOaJRjgbZTJNQO26z+6jRNCgUz1sznaaUmaxBLmC7WwxdCXvOHf8xoEJaAnjPBXkxnYKwRBPW1Lchm58iocd2gp0qIRNigmQL7oloc7OcU1QguQzpDin4f4EvMclqUVdOb/iiCDuWyE+Px8gOh4qL1D0IhSItKNpKQvPeOHQ8pMbaks/g6E4q,iv:BnghwsMVzoXpHXJcmii1vQykVQYzqRlEbDrC1ofdBfI=,tag:6CQYbV17YcIjBmaOrO6/NQ==,type:str] - attic-key: ENC[AES256_GCM,data:SgWW1G/1bSplv2MEShWog5Hm+vPCBJd2ggURt5K/s16Z6jRxBuFCbQ3XGHJ2bqQMymKnltIux/6zguJTqi7/THvL+YEm4ls7zOYO3XlVA5G2n1sXkX/hkZK5acRzTXFiffZfZyH/iE3kFTk+68WBmYoDqT6zwJvYDDjGvtXqCj471tzVwgmc1hewAwkCVo48z113zV6Qr6egfNN+Asj8ZL86Q6CsTFIaqqttXwdDHlS93ZeqVYIGkBfuaaKTUNgFgTJ/2B8FewDy/vNdwkbWSsAAESggvwYcVB2NHjpCzND0jExXmHuzun6ebSS8StvWt+yAJLvbBgJyKj+JmF1zWRRlKVc1UG+d6cqFgr5F5/tf2zYl9RoCM5ZFEilFzmfnl1l0AI8N3wjQw71brKb/nO1YBrlKL48vq2P1aSIau6YN/vy5+0dl55Zn9Fyt7DFpVZdwLZefE1A3CJqmRbksDCidQMYaq80v6qCB8d/vNBny7h5v0+04aXhHK9gBVj0E/RcbKHZ/XKefumxxIe3Zay+aKjhTVkTkC8JtzrpPWbcxYZsglc+1K6k3DQdism2luM5eNncjPvlnmV1VkxP3UStquJ98ot2ePLMlRVyfYIzF3/M8JUjf3I8DQuRcLD1AhduCMvlTn+x1qaRx92AHFApbWpJ8FZ44qv7QlpoVGBgSW8c4puFUMFhnMCY0uJfT4opniGZi3RSABSU1JzXWGSKgM3cqgweWnIe9oJJC7ymfRp1Vk07w/mHDxMXghoW9rAxBMaiADRGLwTxgUXDhm0f+J3zfTc2hp6dnIYvOfnQVsNbJoNeAW5oojvR4DXwq4BpFOhmHzBKszAdhGM/X1/+F4O0kb52zJzjZxGrPhnsbAoUfuFH90pCdRznm6dfST/M9v6NLE59Xig3pyEihUTMvIzZzzOSzPSIpA4URqx7llQaAo0NRpNr71c2geco0mS/WuHX82jC5fPMCXYFbuOM3dn2eyUKLdQ6b4TrpYRsHiQ5URz2kkrUPNCwdXQE4+kLpBNoBowGnDDN3fNoS0SplV0Gwkk8o9EJaG7aj6V9OqUYIP7L2Ud8UbJyaZiEQ2oeSGVjLpYGFhbPZBlK4dQ7wSSj8HRwaLrJHpmYySYSr8QnmN2p7vwHx4gi3FC4pFs1g935gNuJpwGDVNr/XIeAV2s+DCeMROz8M2x4gID6LarC1eA/0eKdL5eq47MV1+nihNEq708DJY0mY9KeVXBF/tLpF2Fd2DE/OMBvRU1osML+0U3X79dbdYs1hprzmHxM0tjJF7oRpWCLL4bB4QNNd+VB5t4fdSe0mS/6aFeVTdY6dEcQ7FsxTG3Lk0QLVzhNffdcY5UfTI62BnVaC9wdSNSRFwajRzaeBq5o2tSNO3NZKbOWsSgsdv7CwS1WSnKQaCBfx6XQxtIk9dqODdjxh3tS1XVmCUFm/gDM2w3OxnQRc4LYSB7ApeV7Haw+V6YDAgKG97UHaL6M5Bo7/iS7mI7QBrgxecjd6a8o1arVV60Q5LPvov15tqtxk65hKxvsAZjERNHamHpWjVRHNcqQIoL9FaSLoJ7FD3rJsGS+86r7NUVPnV0XtkdRilE5mydc1BltvRUqaknmmNWL5kgrgnDO02l7WZkrHr9Dv0uagfR47S/REpEPgoErd0xoqsfdeTkQviyjjEuZp3U3M5VQ/ud7T6FvR1yYRj8UWWedOstchJnInn1Pn//8lM41ZTqRD/Pd9dEN5aItFAVknp7w16GrsgCtjohlLodpU7xKSPW7r4YuZR6Jnj80W/FEVE2bhRuB0HKeAkJzEHvWpHRxa6yGzyZH+S4mqLFndHpUVQUpX/l+RH5LpkGaxjqkzbpyO3zpwHf9RgyDio7FZx57896Owb0fYvpvxd24A5xFNmNjPRNpBiMmtHlWO93tJJUV6TkdhEOa8l0Ifm/lJfAXc0WeUBWZO0PeCz7m/DeltwPKLOGVBCeHPmdu9IfLxZ4TfLSdaS3W6rbVIK2kwMfTrLa48QJqGYfqb4KZWqJInPptNnXiDoH6pjrjjwAhRwvIaClUlVJ9NWCtXSC3BJs4XA3B625ScYW0rlE4r4C2zXqr+I2xmHxFMdUadNgbuybFx59zwo+/hDmF+bovjt2Xr6b7440rt18C8s0eusFeOuqfl+e375v6iA4RFS5nIa0Xagokjvla38B/4S0OM7mN8/v01GSX7vv22U3uf081BBqd6N6tySzWEAza4HpL857EU5fPFz303J4VA2GzrxbZWJHcVUBD0lI3aTXnKPm1BJEaYRD/xHvW2l1sSZsy2/+9jg1nGS5hkY+AUHn3dRPgcm2dXUh6/5HgpSW36wSn4lUCWElp4dcf/hEjmMZaB/m9PPRaVCKy9LiVwFa/3RVAxucRxPJb54jDA+hEXNIK+hzoGbRfUlKpe20QHtr2RfskbxgUIKMq8AdMVb4XRXHKYdf7iAll3Eip1uim4HD+pQY1+erqbRSlNGy1F6s8HxK071sA48ratPqZeLLgjmv6kjnl+X61sN6zTOw1mImYeayybLPFP+jDCwxYffqX9amD0hnFRPKBTrzOPFCB3spOD+S6EdXUC6+O3vV7wE4p5/F74kDCxF0fQllIBgxhl/g5XjOTr4X1bg8CislAz72c84+/T1BGPabGLsZvH/sN+ordNzcTWO6Xw9q8nc0ChxAC7DaKu2o2scHtitWRR0rfnFt5tkGqFAZxWZ92buLD2AicwI0GA739cgWevUpOcxYjBq/h20vK+c2Si9YywKsX43yPriIKr9RObCf8BPHn3Jdz6Ws9OYmLrhA/IMXI8iJ8X35VFjpjggy6c0oBu+ip9ipUfcmck152lXRgETqzDn+ulTk5WGlSgd0Mm/Fy+QdOXi0aYat1d+l6oDVrb4fgychDktLQpcNz+oIWuUSaqYU26iiM95eoSY2B0m9uEgmYVUQ4s7vqH14BDFHXSQVqkMf8RKDRv0L2ELg8vF7Ly8cHbWbBJh52mS0UnH6PtN7SL69JEvr31HUtlDrvZ7wLagtYAGJxde6wh4zZy07+bd1EY2VVuHPU21TLs0d8qdowLKd8zAxy6ss9LNLETGYzkfqDn2cTN/f9ogr7TeuWUYHCh2LtIwGEFWLFlSfD3slul2lqb22D90J9QS91RB3YB2Lp+DU60IxDve2Of8NF3t6kTkQGYKEcbN+/QeZq1VGuu8xI3IDYm093J3Ji1Ai+t3wm/ttErcryY/aXfGSV2XRuQhorAMpTBt3aJS2fFAoA08T3A6nYPINb8lEKebmz3Som5nsOc8CISTsw5nDyUbuNA4BJ5wH70J3t3gh6Eaz86+Vw72ZzJAbWeVA4aUTAqipv1/M4uCMM98Wn9lFJtm+ZbFySpxzXJnjZ6KuKLEg7w+XunEzuo/nWMsBa9FPE/Q5s+Y1KK2y48RHFJ3L0W+NpcYRzJaUYWTa0VyEMRgWqq5UYbuSkzqWMUwDuEQKQ7z7fSDKU3vJsT0ZF9jEatg7Tu2CVSMgTeimw8RxSMcHdduOpGKS0NEz0MB2jQiIDMOnR0knWANHrnB5at/oIhup9wvRFHkn8dr4xeGH2IJ1Kvm16XXWkqUGyA9v+DnapJs8ZKQm59DZoPPeqixUWl8UIAnaGKIJw96SVmVOJ2mYhZpkrC2tm2Dx+iAYeoqxP/4PqORnK+8LzJLLvjOtXi+9T/D7G56OAerEqF5r8dNFkcoEEymuDvt6Bt/FmrFGTc7mo3iQhvbtKW+jHCa75QS2NWDaA8TfySjClYsrvMj3mBqC261V6JUTrgZ3fg4xDH1lJQ5IY4xA1Ujr2cA7ExYDRdzXWQHpqCQjJjrdCH5DyWz43ywlfertFz92AUUfyJozUuoK9rFIvNxQdO5S7QSWTEHKK6h5hgxUqBFc5bUSFryO3LhfnIbZ1gYrJkusjvcHSH9PzQ4s1o57adoetKgg/VqewlD0ZLFfrDllgKzS7dE0IG3QTmUXpZeWnW44W5cCSvRtdw3kxKM6gvyk/s+8d+HzjjopJxc0fQ+T8bu5n51VhTOQg323Ai4ds4l1VLhFgVCynbh8jzBsHi4wFabzsNbyXyN5UTuJrw4WCwcnNwmdEIIQvKTfZhbT+4mCWAR8ZiDV8yEXCfoyfT4jqVzjfZ2fsW/IQcq76L/eCFKB98ZPjV9AMmhqK7E4s6i12DSXxrSPNhoqqz4GdfvOjcs1Mvq0FEYc2UEPcqBZkLA1OSZ0qRK8wCBot9W+tiGMh3hpLNPIXs8Ar9etUp6x2ppEehPzmNj4uS+hk1BtVSUzLzu9plWiYum6bUikJaYzPJvevZ0MzgHgNu6PQJgsK/OSC+qoZ1saVaAjmMtZsvo5QVSOflTgBDHSjHfvbmgPAHBVMBvO5mH1mSEraJka2N24VW6jJeILnbOGr6ijmCd3sROl2TKn0aJWil2rWCG/Lk5pSvoypzzb1lgI3bwZanD1JmtkP8LAWg7t/nzUByQ0vQmwS0NAWIWapbbpTBHCYS84Llt1Ao49tw5vf3vEITqrW9PN1RAuSPmI/jZh0KLxvcfvoKIMNSMO9IykMxZWrOjw+am0LkK+PxLf6bYuctne3LxKmjdeoDUOR1fqM9QP/qEhM6KCPxVJra55BCGFGzB/pUM/+d8uSMTP8C9yrZDQwbgdhQpMK1rmJSVHSf63KtIkf32t/CyXbYAlwRcX7y1nixju7bwoXenImscjCYYaV70Ux0S69qfPipUj/zG8+6bbm4d8oFwBn+C/8N9+dAp4bTQQD8D9hgkk+hhDihOH++Dd/ZUDGwRa8DgRc0MQWAnDguwFwRdPsDGbdPtaotPoUBV4gpn21TpC/SMywTg5ltsOpKszs8EuA2RVdIIne6G63TxknYj9EikqjT64VfxHOacqlos/JFLjH3PDfKCaTZFruTRjiCx8pcsqwWJEGQgMepIo+ybM7isdcl3mw5TEk0YBtbWUW6VaLj/19aEbN6etqaK/8oP9br8Bn/sEmn5haSas7JtgSTwB0Nzi75VAYs2gATzwSe+l59DW2uGZFcCXowbg+/xlnr6j00DY/IbnyfCbm61YQ0VvfE0jvvAISOf9ckfKicojff4MHe8D26HL3RMjiBRyajcbcHdPPoICONc3YkKHDDVb7wpWNfhCy5MrgPD9lRAiBF3J/CTtB6up80bsM1mGZ5gFQUDqruxeXqQqF71bW7y9xphwuGbQ2YDohNBmKDVVHbNQUG9IrRaB4VTU0INzzs8SogGint97LJRM4g7aXCX3GtCb7KiCu3I0S4zccHYLiTfleRqRrHMAYXtMVzZzKL0asKr3la+s37Zb6z6VKm33BjGzU/12rTuS50XKZt8/GeuXHE2v2eiPN+6yqmuW4S6P73P1bL7XSN0LUHgcwXHp0IByTGEkblVnXFDCaX/3ITaPqO4Cg5gginnVz90JNhNaMdATjArMflpH/DqfKgnSJSaoQReii+PjPlthSu+L8fVQkFjoNE8vOkX+nqWgrp/2vyk6odyYKyxO5G0lmgDGqYyx0VIohdoe2ipgvQTvV7Yhtzp+2aYPr11d4tcnUcMjzBc6skcPKA/CAiX/7SIBUl2risDhRBCM3PRfWPcwQb7L/OoIZz6CjiT4/BRK5zEPccO/5z8OZDnbd1NIGG78Sbip5p5c9+eVj2qaqpAXMWasZbpMGAqM7Ds9Us6MspNk9qGJVN2yljoz87ukub1Kfhv3i1p3/OVkD+spjla0Ihoq1bLJTuV9yXZiHPuZnD4hFQ8VktxD6FaoZJ4alMrK548R5vRxtXu7mgeylqG/uQL8RE8MvLRuGbF+ovYQ==,iv:/Qwb4B4uS0aimH3WaVPh4D0iRhQneDZKiSes2eXR6Ws=,tag:WH7C6VGckzqSycEXfYLqkA==,type:str] - ntfy: - auth-users: ENC[AES256_GCM,data:5k2a8GxQ76tGFv0kSlnS2Cr3te0pkKjLlswtnK7m3JOuBMN4hFxOuleZJgy/gbcYvxtKgs5zx6l1pVJVUBnaSZxzANK/LWjbYPaM8VOkzTFxCpLWjhCOlLn0gao=,iv:7BrNN929jGkkquMVnRx1kjnDNg1F47MdCFkYK8fCPL0=,tag:lpMUK9rLmHUYOh7LSpXsVA==,type:str] + admin_password: ENC[AES256_GCM,data:0XUblR800UyliA8JfYUZbncDRxiU6eoTaf3i80+OCwJ/31oBhSqj9OtgYeRg3IyURwik1Nk/609IuHjIhly3mgTjOD6Hpzxpag==,iv:0yO3z8ItHRQFeI9JOnFTKhKVHi5u9cMtpglFRlkvYLE=,tag:iUd79iWAJQ9iqP0qolSwfA==,type:str] + nas_pool: ENC[AES256_GCM,data:LBiUC/5qMFUnWUWYZgRPrGopdPd6oWB0+xe1S+GiOMtSIsBH34ZoE8U/v1HmxR17mt0x169xq7iXAQZTCZ/Vd8KGmecTK7hC+H6kmSUcwsuoPiVyoSPdet3Zb716eXGWmnSD6QlReUpq6xiCqOwKUkgNgRtkdc92PAEcmbrw1tfooxTesxB3n9pSCXAkwsPxJWl7nLrCZIf6wOZci/TiwFJf534/YPKIz8q5JxX+E+VeQ4NNRfZxn4EqlMDgmNcEcuHdflqTNAlDmREqhN0XNREUaFveQ01T5sFb6XHorEHpUlKIzDpMV4LKjZQMZax4T+6nbGpUa5kf/Gr3xeOpMpTGNir1bM8oPQGP/Iz9u4AjGP56+JYcqUBcxG1wwNFIqBrrC+Bf7vdjGxgMClwW5AbMtGXwE9y+dSM9MMkj8kiaK1zWZfyIqRBheXtXUhPIjJSR8fmnVtKW358E7ynC9R14AsA3qxpxEc4+VmF7cJEzjStP//FRSuUFRlvgIcGBfncvt0b+ecEk8WostYAMHhqpyHtW2hG5orv6qFupLz0VCBbFLqlIEMG1d/EfjulGqWN4fGIhlAGpssvuo8r/9bOz4efTwODnKJqX5YfOPhFDAJZzj7pgFgAjf8/xAgelAU1yR3nlj2PR9itEAApY0L0FvnC4fEMBqlpINM8gGeNcfTraIYo7bqVhOT5sVOXmru+nRoyG1I01rJ1lQpis5Kqt+HWGa43fi81dtTm7kj/4bOPSPrJimIOD37O3GRlbiiGIhy/Ta/iVqzRsYeUZOyIQT+IjZ4pX5tgJ/AxASVzdRd9GluexPdUGVDb9Kjf7mo7aYsXyWDBP7ZoXDQGHndrlTlrQreDLgcwCXo1hHEn9YkIUfYpBd5Th7LJrsaNWXH838S+9sDqSCGdVPVcH0HC8x5T5Uo3Jb833uaQjtaXsSaAgaRkcEtAHz4LO5kKii3AgP0vA,iv:ny8qQhSrfokW3iS0KXtCVYgtvj07c25jfEUCIExD7eI=,tag:QD8C37p3gUJr42NHiL7PHw==,type:str] + ups_password: ENC[AES256_GCM,data:tYuJ9nU3E2/Ko6Y=,iv:lQq+g68lKCp1rmPvS/84xGIXHxD9zY5zZrrjEJlY8Hs=,tag:p6McEr+sXGAQyMAz1Kaxfw==,type:str] + authentik-env: ENC[AES256_GCM,data:AzHHGyhoyMp/ebnK6LQ5apBUhQT04SPJrtA6XcdaQ38C+fYuG2ph2iWFb+giafxCe8IXWAYT8CWoeqcspM7CPSAAKgqfVaPhMvjXqLxCY/rpegb5jBD1U6tURhPsH3ADrERk+kCmTV2eUpuV+nluiGM+fRdwhB0zu378HKwhXCpSO4L24aXhe9pxxxaTQzncWH6zW5iaRdouDVr1bAUzLi9BpnmS0ZK/rfLq2whErCeN++Srx6aCgwJ7jaqetBglQkIl3YG6flS8u3vsKtI+RVaNJ5tzrWR/qv0vBy8y1PZEuuXZdiHjn1hjiPE1T31j2+aQdbX70RaJfIt6E4lVtArQHv8PTUDxUoxcnUv52xLTStT5/UdIlNoZjPMwvaknpK7Z0uw9w4j76gmgk06xsxoCpnXIGTm1QpGqviBhgfNs5Va/qi4MBfByaym3UAz9LPHs4keuvJNN8dS0q5OMnRswl14PjIb1MIKB/QCVHvb4hO7eIRiWOkA7nb9LP/y1mjAYslr+I+GNpU8oIYTAvKoMS7ZgC49RoLWytAXUru2I7CqDR9zgPzlDQ9gLPoFKw2uKulpAy0ayQWPcgPA2CFmF+5zdINNSNKn0gRZ/2RTc3DiWmzo4P13EmrOwvkWCkiswFu1d6ctKZFhQnfPuj9LRGp/Os55JpLrreSyRJug6lgR4bPdC3x8sbxNmb5S2Y+4aFfgPXfdCdXs5b+8j28d1d4EoOO/arUzNADz9ODD5esb2g8UC2QtQd0RRYX/qmiM=,iv:YKvFxz3M8HKlg56JfN6uv8hvCFlEbhBkaSQz1v9l3zk=,tag:rz7UixSDqOXH7Ga6mkVYAw==,type:str] + traefik: + crowdsec-lapi-key: ENC[AES256_GCM,data:r+0zzklrT+Ot9WVuyb0nhvzTfaN+1CGP0aAdWARiB9AvEnFz0KAM9Q==,iv:wLxubJJBVAP5XwgI3yd3+ynKdtntth0VShWm2umvthk=,tag:SkqRofFOB7c/U/IISmaB8w==,type:str] + cloudflare-dns-api-token: ENC[AES256_GCM,data:ZHAP3KuCIh5LAH3FqCaUEoKNRkoRqrbY/NySsubzGCbZtO4aXYI2GA==,iv:IdGRIpfxxDhHQKaU4PeQI8ESIvzcNNgsqEFsyZ1ar6k=,tag:1u/bhR0CuI9rsn8gycYHzg==,type:str] + cloudflare-zone-api-token: ENC[AES256_GCM,data:N02jcaPLYVzOmo5omGvOKUw2MZg8/cVolRcw/pu+sFnV8IsrUFOjmA==,iv:NZ+OaNR5lmsXicYQ7QL9CBMhlm397VbqmIcmr6GGBWw=,tag:FOT0EzDDuJ/kKOArn8e/rA==,type:str] + cloudflare-api-key: ENC[AES256_GCM,data:SWCsa1YzUpl5aQmeVBzKjfkZdAfduX8pl5RKd+EP6pgyMCCc6Q==,iv:ccIzA1OzGyRnq8gxXAg4B3HHtKcvXhXKMWVuTs/PHLI=,tag:R9KrYDrAluTAyuv7DfYVWQ==,type:str] + cloudflare-email: ENC[AES256_GCM,data:WCe6JlTQnv2PXYcySZNbZ5Lv,iv:qc+o+GEqdRm3U5qBqvH23HOah3Sa63QzqZyDXWozcqo=,tag:v8YY3jCoVC8h12wHTFjkIg==,type:str] + crowdsec-capi: ENC[AES256_GCM,data:9T3e6CzJZOT1KAXlpG323oPmk9xsoVVWI/WYnhdmzyymj61LgNJKvA==,iv:NywJk/tkmIGR5jIgxpvheRBCrK64QytXAkr+40nn62M=,tag:XFeafjL/84r0fLa8UpjyjQ==,type:str] + collabora: ENC[AES256_GCM,data:tFbbm16DFMsxT0I1ogXTRwyTgkE=,iv:yzembXvJ9+DroplBUDiMPa/jn9pjpAI7f5oHSTaZedA=,tag:yprIBtaRIjaHW6nplLYYzQ==,type:str] + mariadb: + root_pass: ENC[AES256_GCM,data:AmZ3lU/GM9lMAjchF4kvjkIZlYX0KZV7ov0dxtnDmg==,iv:9JQuHWcb3/lCR3gw4PFtzMKxk85GXzFV35NguJydUkk=,tag:MEvmiYhAYa1LUGTN9wm/3w==,type:str] + db_pass: ENC[AES256_GCM,data:xjdxuUl14d0qQXIuYi+Zxx3mu2fqN5c3Zg0=,iv:AcrrY6BUi/Bcg/8FcDORmsDrhSEoN+kzdx8OLyAUS4I=,tag:pwwKbiK4HiaNRwp/k5/QrQ==,type:str] + redis_nextcloud: ENC[AES256_GCM,data:mllmOV98zpqLPhI=,iv:Vl52jKAfzy+aCqpGYUQ80Ye3sGDAR/3ULSStEjAi1hg=,tag:DwUT2cdQ/BA1TwdnXoElXA==,type:str] + nextcloud: + dbpassword: ENC[AES256_GCM,data:kvBa4tUglGHuLH0=,iv:IUWHIH6vx6QlXaKNyq2l0lZGZvudskCW9+jCZ2oENVs=,tag:2UC565EXzGxb2N4XO43ydw==,type:str] + adminpassword: ENC[AES256_GCM,data:UJ4LBpif5TIOJqY=,iv:28UgOD1LIoHOVBPTQ3MpofjdkBwY3ghLK2vIbTwZQaA=,tag:F/77ApazlfppzQG6UdTQdQ==,type:str] + smtp_settings: ENC[AES256_GCM,data:8KyWmx+e/DouS8OucMrd2AMFE9w1b4WKHr8RuJ8kMqSlL7MP5GLwW4WZhPCJto6kTzAsy4WPFb23oG6UbQg9DK7b2CiUoC5S5mcDxX3lnzX7clyrosDvIHqVlwjamtgfCuNJWcT+RB6a91T84HEDTnKMTsiJvLxpSEHehzL3ItndV9p4+JTs5tZFX+dOZgqVIMN9syQqFsSpI6fk8LNJh90rXXg4jkh7+EFjmBk3QoSOuI1z4JiRpiauVP23VwTtTqiL1Aw8NpDhX1bU0RL+DAWQIZd8o9k/oedziCfKuea73yq4Z8uDaZJ3BW5m1Z1QA44Yu08qvKzBiAAnEb3bQ83ltWI2mfygupjm3tfIVfQoMB8scivaN+5Nlkx3u8f9SAzxyuvqYxZx8TDsyWGEG6p2frHxX72qxu/xb+DYrXBpyDkVA6ng,iv:CqS+/0kL4JmPXRc05Zr2+CFksP1RhOvzIr732z6A1bw=,tag:ux0ja/g1Y40c21hslYnorA==,type:str] + gitea: + mail-key: ENC[AES256_GCM,data:kfurnrj8eNKGw+KZcijs4jhJgQ==,iv:mFNVcxVyOj5Se/SyLOcKh5ja/QJmL8wfejzSGOzq6yo=,tag:XBU3urrqarICO7niqBRNbA==,type:str] + metrics-key: ENC[AES256_GCM,data:qgISwC1fgApJhJo=,iv:BH3tPh8NE3ByYJjRuL+o8772o9qWeMUVrEcVwrIUkM4=,tag:vJxscFZFAQowXX12OSb6HQ==,type:str] + onlyoffice-key: ENC[AES256_GCM,data:9kWRGt8hHc4XmPU=,iv:Oql7Fa+Ap4F2BTEFeyUmPI4e0oZ6f7Up47rKe1XENRo=,tag:6FmuA07rlokGNfjta2i2kg==,type:str] + manyfold: + secretkeybase: ENC[AES256_GCM,data:nu7BpqodQ1F1Exsk7jfl7k+chONHJsVk/a7e,iv:BWUjAHDWUz3WHWFIj+TXWOzQPjmSw7cFW9YVrBshhNQ=,tag:zydtByGW8ZN0ixC8IoWuFw==,type:str] + immich: + db-password: ENC[AES256_GCM,data:VKXAsUngn97FDqNEEZFp2GPObNMILv8=,iv:PSIbO63irXl5cx8l6sOSKAKNSygV214vrq48bR35/gU=,tag:PuJV5R2rmYtX8YfRvMGK/A==,type:str] + open-webui2: ENC[AES256_GCM,data:pTd/xPCZxLy95U+6RDZhLwkveKVO0UwrriVgp7QvwS5hXfZq8OdEtmmj/wVxCcRmao6u1icjPa13r5AyNMkONtqIW37nG9vhlv5t2AmXDZo5g+fhE9i1zws+UcjanAKOKaFL/jWXO/BOOuMcmEgL9HaqZSvFtcyr0mNuMH0AH3U1D6FXXfAlm8Zxp2Dpfs9PdxY1MgMyeA44sAnAkRCkk76p7DBtBoAuQf5Qaqk61pqUlm/SLGYd6ycL3A9EvTWffYwoEpHH4ktHQmA4lA==,iv:cfkg10puhlq7WSNmonO57yfkT8m7yxnI17szfaSY1Is=,tag:FqvDXMcaxdcfUXwgkUNrGA==,type:str] + open-webui: ENC[AES256_GCM,data:Th2WQmGPCqd2lsSCvl0NhnHT2/dVoV5k1DM0IhrewEc=,iv:rNEYe/nZAz1Bex/Eb8z8T70z2CV4+nTpzjzTX7Nz0Uo=,tag:yh3ID15I1ZrBYjnCgeo44A==,type:str] + paperless: + secret: ENC[AES256_GCM,data:b/7MEdo3BQ0v8vaBnfNMamo5NKIA,iv:op2/RA6+HwmmVK2QVkfJUBQjPpvce6716U066YaUehM=,tag:66eEjU68GYZi5bBXtEojWg==,type:str] + authentik-client-id: ENC[AES256_GCM,data:b8XMIBa71HuT22sd/CRSctq7dZwna85WcPYAJRPZLSWWpZENMx03bw==,iv:4DQjjF4TiL3xQltVC+GyzWjoCXJr/w8DLRZxf/636Dk=,tag:FUAzJg1Jj27p/C3RwgOrGA==,type:str] + authentik-client-secret: ENC[AES256_GCM,data:IroyLoiv8TT7+bG43bnThsz+b4vAdKc3+uLQWbtiag9+NAIMH/yDRdcyoag+PZIF3BjUJHClbnNHFZmSOlT+rymv9q9Ja+WDdSHD6jc4KAtPakshh+WfwSzdMhegbV3EWbxNcRb02eCZifnpYFH8aUqHDpbeU9K7lx5XBMe/bNA=,iv:08rzurhosfME0FtTEOdcSxbiq3dq9sc6Bm+OXvVyn8M=,tag:RnY57cWBr+jBqlVUSYaP3Q==,type:str] + wireguard: + private: ENC[AES256_GCM,data:xcv4eH8WggS/05MkcL96MpJVqwsFp7AzFoYVoQmOhNC32oy+g3vEibmYCNc=,iv:LWBA3UKqEKs7NISVWxAT9zZ2OMM/1Em+fchZKlrMLIw=,tag:pZkNHc7CGV10X2pfT16djA==,type:str] + public: ENC[AES256_GCM,data:HP/vP2bVp26cGyP1rJuXSX9BnUeauOVx1c9y48FakuQ+lMr8jymYGFm0vUA=,iv:h/FuDPaTQfGRGqA1H0+kz/kQyJ+2eIWoi7zObaIJPjE=,tag:zrjbq7S6DEbE9O+JAZr/4Q==,type:str] + free-games: + eg-email: ENC[AES256_GCM,data:pv3jGc/aOdc4hvbP0IqfWIFoojRaOZw=,iv:LwBpIVhtSegL/YbkKfcHSVcu3lW0F/01DRkMMbvOCQk=,tag:ecZdRFeioctVrBWTHnLwmw==,type:str] + eg-pass: ENC[AES256_GCM,data:JOd81wrPKpPH+qpZxIO9dVw4qzw=,iv:CNP/GALkZUoFYIQnerCNg7O8WqxMVC6KBwuxUa4KZyM=,tag:KfRNc3qOR92J/biloxYtMg==,type:str] + eg-otp: ENC[AES256_GCM,data:DTa1gbSOvBwoWBU2PP7DXOC4XzkAd9NCPZWaFle+xR3mPvsm/hkjBqL6ElO0KthhCuX5vA==,iv:Rfb2OzXL7J6pJwkX4H6c7NujYhBgTT28AlQFJN89u/4=,tag:7QxB5repYKfNiBZW72OsqQ==,type:str] + pg-email: ENC[AES256_GCM,data:RkZCkaw85bxTx3GWSSVJduFa,iv:HNV0SzhDnfFMNbWHWIAhA2U46xNYEgbH4HkNdME65AI=,tag:NYoPdQc0EqO4Ebq5/dOqxQ==,type:str] + pg-pass: ENC[AES256_GCM,data:YI05qDIsdvbXvHk=,iv:WTovWiBZxeZButRzqHKM+kFaLQ/73ZeJhsgiDX5zzAI=,tag:jUdhMk+w2H/iFmp/MjMnbw==,type:str] + gog-email: ENC[AES256_GCM,data:VMb/oJxLey5TZvBhRZFlwJt4yvXUFEs=,iv:uV/MFBR07ZbhtCStnsVEf1HtXTBK6/AVH//IyEtdH34=,tag:+7RzaXYx2WS8BGJJhuXlqg==,type:str] + gog-pass: ENC[AES256_GCM,data:3jNo/Hwe+F0UsLA=,iv:XSqyMn2GHdCwRfBfWdICcYAANKNsUDlTKfvtu9BiIxI=,tag:/VtO1syI4ybJxJa8xEgTHA==,type:str] + nix-serve: + cache-priv-key-pem: ENC[AES256_GCM,data:5loCy3Xc2U0C/WflfTbnptoHkUCRU9iuSd+2H1XQDk8jkSK6/09/p0b6NlP6tdNiEPfSazRr9eWe7Tb5l+Hs4O5HGQrZKUKDak7L7+tgl0ncDo7ngm4LD2WHZYS6WrrgYfuToB2KbKmoHOdG,iv:q2F9gkOwKNpYt8+r0MJk7XqTg/aFWIThpC06dHxcmEY=,tag:ls4N9PXshXgUZ3VxBvI6WA==,type:str] + cache-pub-key-pem: ENC[AES256_GCM,data:b67q/o01xnsFet4hpOwnbRK2jb7/+KdkRexLIZxOC3er7ue5tTfBTlelombAUv16377hSWFGW4kDqBC4zUKIJw==,iv:2uYKZ7sWEgFMtSjCxD+LraZUiHt3sFyLHugQeHGpsCw=,tag:T1eRke3306cwSYiEeieb4w==,type:str] + system-ed25519-pub: ENC[AES256_GCM,data:likQGiGyNnUQZXIMi61ax3nWufRT90iXiaMQ3Yo7TWKdvjQlwyEIjYImImEW+SquIPMYSABpt0ZzX4dj+yHa0rFKToWObQmRq61q4gZ7I4irj2mimiEFrzmrNxwZplHS,iv:LcjzMno+g298jzbskR9Pi5RPjhv3o8mSFxDGlHO7MVk=,tag:NohNVOsd+Pm7p43rEERUFQ==,type:str] + system-ed25519-priv: ENC[AES256_GCM,data:tMk6T/mfo+8k5ZWMy0zZOrs2svq3ePWn3TJKxEnpiuShNV1wT1bMkIojJUqFPNwoxt1DFm3KgDpPvHp/NpffgLJ0wYenHZTYKZj4d7RtcFnCmCWH61hLwmriqxP//bK5d1WX7ynXgVzyTCPyCAr2JQNITjug5geEnpcUb9AKpa+WRTNF6T88mI/i5DMaiMeUl/PGofQjK8YzcOhYgvCZe19TCK6QGDViwe7az96h5x0q5nuhp8rwiGVso3DRvWcLUSzYcxvkyh2Z58bX2mHNUJEslYlAK0ekA9O1mj/1dJei7KD+saJGM7uvP4zrSlHzFvSx1gkxvWbQL84LZOp9XfCNTjwDi503nPb8vLpg08m2iKrAS3NEA/cifCL9h5QhlJWNEz0pA7GTERsZvKk6Ajt9E+MrFs6ixKey3IPZhLExjt5UjjWeZ9PWHTlL2805GgKD+yjqWEDLsWmcRDUlmLcd8tIi7RBmo2PjVIq1ZtDeuCQuWTHWAgoX8ijak6JsNl/8RsyK2rwKb6RTDAihuPuiQFuW+d7mfANX,iv:9CU3QJORv0CD1u9nnFDbKo9DitjQvWGUVjtLD9TkcQw=,tag:zJLPWaKrSNPJtd/PFvmf9A==,type:str] + system-rsa-pub: ENC[AES256_GCM,data:9vhYfhIvBPDckZLxa5RmVWGEzRoLZ51aEkAfUpHFm6SJ2e/BS7glExFh+rw+DXX1KrERbl7W3R3TRF8YVsxEKjMXf7OH51IWSmpdHtoeT9Thkyjt9EX7uu68NqSyUaq0ndRBUBp1zCAXIuBw7JcGC0H+nxfxdscDrLoKD8bW2NfRazv5crW97wWj8ajpfeKZTH7fOopYHIWjgcWTfiKh3gC3j1WCt6WjWxfHIGrNnBrvlhpi9QOFFfBOxF7NrSLfIUm8LURtPtcIZEX0SmSq1j9azU4EU5WoI3FwFJTqTLY0HXPM0MdFg4y5EXGwzok7icAWiznC3UVhjWVTjAjGjDEaAzoGTd+KNipUmiTWZNW12ab7XMHbeR1ZJPaVzcMEB0wKMbvRSZSFT1eLcULHwzezE5rP2JTiLkADgK06kQNs908uO2NEaGdB/H7sroFah4ZthisPy33lxVinfE2MDLDABj7ORIURST8ag3bw6Jhmam3+38x80YSA3APVWHsRc3+mJhIRCXPS6vfurVY/AFMkIwH/Fxcx6lyeJHx/KutUR9doV4h91hiVHK+hstYuiA0qvKw5VahS9Ht8BosJ6T1eBC1xwiSctMUcC4dRltTjVegNnEsuvyQh1xqL1Xq49k8MyuBCoqmNrTqkxt2Dq6facxwqt4XpSMK2qHEQuXrY61oWh2z+5B8wUk/wVCYg3cAlhFOAObI8aRundOh5Pe6mdFxKW4TnuD+mgoNWsJnqfTZfBbhEJWDtxsaIpoJoSMvZmBirWBCZsDeWSyOaegFZd6hmNgyQ3exmu/aByojzJm30Gcg01WYrDZMVXBFUfkymhxTpHUSXX0dEdfd8QCQjbiH3g6rPttXYL/ZYlS++8oJwkYNYrKi6ENFORmReQpATuWVmxGHnLLV/Si5BhYjPLAc2Hum4nIBd43SL2jijUSXLE6hOrntL36Ll4ToTs7cDMHIDtopYC6ML6DS+Mek95l0=,iv:3ziWTbKw4C7noiQvrsx1+/rA5me/zZLMImR0Emjc6d8=,tag:3ncMX9pUOSB5VjdbO8HMgQ==,type:str] + system-rsa-priv: ENC[AES256_GCM,data:Amn024luro5fz3Pquw4tQNsxnJ259Jpup76U7sPIRXcCSG/Y36T0/rJHuwIK13BpgEOJCJBe9wVFVX5C1oQKuSA9dj+Hu39tbb9Gjs/CVOB8lOouZ8ydWciy94b+gcm8ZT2+JW1TGHbVJz0i+G66vDDOhnAcY83sBZ4FGWNYV4B8LlHtdMWeujm97pgLp9OVxAficIKkNTdEfs94tUmh18lah3kHvLHgnIiYaC2r17QB6F5mcWhTAups+AT5YAMPTUGe3LQsk09ca5K5nXt3atnErHzuLt1xreHM2GE1HbBo5qY0jHiwbcHx0SpOcFi7vmttUwrR1IJ8HlQlGHGd5muCmbidtw2WLd9KrYbSWSLyFDZ5XCh/zolUJZvyDZj29KN5in5wH6/Ad2MpI9OYBVvncA9XFS+Ln5rBxV7GOlxEFaQ0CmZPP2VJl9AVsOkN6B4hofQnZEP1IkP5G/GN8mdRn40QxIfYgS6C5ywkdn6xelwRJqkqVx0xzbqQO0ecJoidfv4IbHCdmJn3FYkLKPBTne82BPx1gIumvSdLnLVahPUZKb3k/32PCodWVSfzru1msI4oCUs99QlfqthWpYY6Jt2gzW+5sVc7Gya7EaNBeOvMZhWFQG84/bLQ50uIGzuWLoE5MnqG4EUu3o71e2TDNFtc/dwVWHz35K51sB/8jkAGykAe3mSTtX7GkdKliS3czNP8hrPcHflM/VP+7pNpO90ZDelHlfeP2E6cciGU5zLsVXBxGWMz8sz+lH87rWljrHRh77fGp/PYJzQ/mayrdXgEZSh97oNXUEe3obWo+WEEtC6WT25wNoc5ir2C0ZGKGaDo9M3VcbxnvW3FMyI+A7ZpETx07tIIuesKiyz/xW7LgTVnDJxAR9E+Le3qzeWEA3lUv0ZivvAmiriC6Z0moMwsQoiqAwrYVvB57CYktj+HhulkoOs27ccsM/MkMi4vIHC+j1LYEydbgbXdunROSsmQWYrGdd8ElvjEVfAtsXKt6eEj/UUyAPBGw8mJxrsTlFoQyM2HzkWyLnHV+X5fhG/0YRah5pc6kE3oLdyi1qurQqlq/j3vV/gpYZZwpxUJSvQXs/YEddRA99TiW2lvjaS/6zDQbD27hCZwUw4oers3XEqcikaEqZQJQ5J/r1KSa+Ejsa/eZzeFxVZ7ZADyrXj+l0vzeQMCpMc483gzERKozuA2Yc04fyN3cmsw0Uu6tPmaJRyVnj3i4Sv/uLQr2nDsVT03QVSGpJunRmH0UuUFMrCPSVRHGYuIvjl4ydo+rVcP0dOdL/nZ5bokt/B4AZ+0P5j3/JVhEgDvPLXyWPnvbc6deEopMjvAL4Y8apcSi/6r2cLle9WeNpVC2ENnamYiUPwP0WL8ffRABOTkeGtPiCk28UzXBM6Z4ebguAW5XDYDUa/n6I5f6BLq5I5yQKoc232zwWaqLnvncjyQx4izca1KVXQcA6pjKwsaDWjFZGkBLSsFmWjFKJxKVt8OZq8h0pNXFN0o8KlCx7mH17bYKjRXUVTflzl5A4iLtwE7LCyeVxyp2oHH+qGpZcleUVw3bNBZlYLFxfxXSSTpe/ebaVnE6gS03LiL4jcxgbwQtO18iah5kYJwMK02p96d+AYO3wYMVVsdZhI1SJhphJF9YJXR7ImrlUVDgd+31W9FL3doMkMpeMKd2kC2LNUZHRXf/x1Gj2LSih2OMiDxL6h+HCXi3Yxl3gklbNJXaDr0guvMwUt1d8bnf3dTq1ZidWzKvHEwjySgdFyxol7aUtyXMyrbFODcUx/cY9qWLFlN2G6Gq16njsI5XiBuIdgOk6S+5kAXZkxNzlizWuGx0kRkQr+HlbwfjkQr22zH0y1g7nC1651cUXQQVoXzVoCfWlWQH0UKPGBcMLkhGAr4TITIO+BQVlJbXSaEXvihCjgcmwSBe8neRunkUpOaMUDCjg48YJ7lMP7wB84MxSBMQYLwwCSpD6uci8eOnWP0KLLjgx19nLw8f0qbXJ6gNy/tn4s8AZGYDpFRz2euvyjE71QpFY1peflijmxkbjwKKZNj3v7fIdeUIkVM9fShijtGNzFYRKQEdIPtCL+39n56YiSBkdIAFX1lg6ON0P9MLo3uZdYmDBr0fbXR9KN/rLZTeZKostF7WlRwMkTswmRLkH+HQiLrZqDM9xPWOxbNeIi1qDUH+nPijpkWDSCnblrW61ayKNTP7qsToeZ5IX7S8ZODw/FBhFRnXXMcc7tkQtzGvPKcT+MNMnLlUi+Y1RVtwmstuFZw3UO/yWLJxCbH8pHrio5qKP7gYg6d52Qa+JYPkUn52Pe7xQVfT8U7MdpYWdyntAOPwe19+Uw9Fu8ZABnzitFnUzvrtYZjYFTtwgwfKXa3hK79zJkexinFE8fWhAlPwDLwUaZnWU2mKIRMqTiELD3D22nevibraYrtxfzi/w2OFT5JSFd+soh4loCpwS0QbiutMo5+E4qZgXxQ+HoI1pnec3hs4h6d9AFJwigfQqj7DB+Q5Xt71rca4cgrPGpiPCjCQ/UqOE8Wzdq9B7o4hxBnC65CQMTWGtyLsu/n5fgjp/jPvTtUbv6R2S4UkGh1K4f3ifH15L+qyokVKg661hE/F92HDw4zl0FceBFc+mwGHvrkjYXeWlA46YDVypwGQQFUwZ83tB6r2QuVeW7sUT70sMbp54mK95yRYInpVzhnM5g6QPCPxO2TlFeifUOmHj5IOND71WklF0TiNEwbF+gqXKdpCmbWZ75yoDBoZ7bPe1tLn4KYzEaXdJ9daC2kTOcJgIbLqi2hX02QOT4kUjFYf2VQDC8foC4YdkpZXtTGO0sJyR1VQg2w0toxwuPHpV4Dhu1VcI/iWfjSoGDOWtKXRHrqnImye1DnHi2Piixvb+jauMj1r2a3X8R3/gzsd6l/YH+e/p/YN6ooObvx+Z9YNfpIBhKGxYlFR+u+eKcR8YSIONNcEJDDsuLOdhaAwW0HdHHu6O+TZv9wL/hrW0+3dqyrPppNC6eWfInowaPbtZmQeS+MOtUosqSPLrHfpBOfAlHLc28VqlczuCE+UxI8jPDE6f3xiLfpIPmPZH47w74J7yE/RGQcJzSKdfL4hTq8HB0vVLS+d760iNB7ykRXWjRUpLWNjSG9UXoYZ+nnjGyknKnPW6U1T98LfnuSuJa2tPWj2uMxU/30k6hiDchvFaqlC20hWPVD7/m7iP8ZsEuChN4ZQvmRkj+RyiW4HSFuleOof8lQIu422L63yC71gwCz4AFyOH5RxVaoMfMrMXTzgmcktfdP09qTLC4WvRBQeLhBGif5fU/u0wiM5QCAVsMBheCkhYpSarcbUdbo02N1l9w1JIVkICw8AJtJCyJ667Qk+Gt8yD179qkJ7rcYcQnBN6YeTNQPcdGfuGznPyyrbHWJcM8TjaLw2LF5F+quUuEXMWcWPoK0B/1Z+UCrj4UKisFQ4bCP0mkIFhSsmTqvsemAlWc3JrGnl073ojLPtOXu/HDy+Z5YqC+kzGbPnuK2LpxA9uhvk6CvkfOoN0iZDNpUywRGGOqUuS8YRkgaSaxbKzJZYjnUGouj83GAShtiVqIlbp2aberHf5tMjtahcwwEQzlvDqslESw9ZOCZyLuttrsWGuGRxoS+ZhZ1FjbTUrkwa0jfGuKa8TgMJb1/HTVUCZfJRGShFwtvVtrmcohiUW17+s8ncQ2Mx/UJ5ssPl6stthN5gE/OMgPWJZxScC7WMenCovPT50SYTf4Z35YorvOWojYOe9mSBGwJAqGdpNPwlUezWL5xodgX8Ek4NCi5AoiD12y40v81UmsXh1MQ0AfAgWbq7Cw/6usLzgw/No8pErbkVz7UlC4YAUBe3TtmloTiuMTJNMgFVBua+QuCDsgw3djIpTxWK+MZ/UqInxXhfV0CmgMXtrutybbcbQGWS16ZrziyV6PDulGWAuvRlVdL6ZzG2ACuVEp7LCLPRCx5QBRciYRpJhkqhFo8xGs7d77RG7wmB99w3eHu1OlQk3OOrFxEbLxOUQXebNLfGfX22UJ9EDrJsCq6KbmO2VtuxFy+ixJMHlYP1LdHGWHa0KlN582jaa3MfQJk6JdpbWQCVt4zmpIUsTBKSLPe+UOoXQ+b8YWHQjf4hIscyjgY+W1+5rqzdTXv4V0jKrMwaY9GgVoIyngy12b2jAnHTCt1rFJYrFK4CUL1ElpbuJL1R1lQe7GPFhI9Y0NP0Be08wPeyzIBgzNOeOzI5niSekcqzQTDCVi1tLdyiPi9PD4K4S0tdVNPLo+vwm1MDEKoUEr6c3YLTpqpatBTGITlXJCKEbUc6/q1JYeOakd4jSpNlHlyOaJRjgbZTJNQO26z+6jRNCgUz1sznaaUmaxBLmC7WwxdCXvOHf8xoEJaAnjPBXkxnYKwRBPW1Lchm58iocd2gp0qIRNigmQL7oloc7OcU1QguQzpDin4f4EvMclqUVdOb/iiCDuWyE+Px8gOh4qL1D0IhSItKNpKQvPeOHQ8pMbaks/g6E4q,iv:BnghwsMVzoXpHXJcmii1vQykVQYzqRlEbDrC1ofdBfI=,tag:6CQYbV17YcIjBmaOrO6/NQ==,type:str] + attic-key: ENC[AES256_GCM,data:SgWW1G/1bSplv2MEShWog5Hm+vPCBJd2ggURt5K/s16Z6jRxBuFCbQ3XGHJ2bqQMymKnltIux/6zguJTqi7/THvL+YEm4ls7zOYO3XlVA5G2n1sXkX/hkZK5acRzTXFiffZfZyH/iE3kFTk+68WBmYoDqT6zwJvYDDjGvtXqCj471tzVwgmc1hewAwkCVo48z113zV6Qr6egfNN+Asj8ZL86Q6CsTFIaqqttXwdDHlS93ZeqVYIGkBfuaaKTUNgFgTJ/2B8FewDy/vNdwkbWSsAAESggvwYcVB2NHjpCzND0jExXmHuzun6ebSS8StvWt+yAJLvbBgJyKj+JmF1zWRRlKVc1UG+d6cqFgr5F5/tf2zYl9RoCM5ZFEilFzmfnl1l0AI8N3wjQw71brKb/nO1YBrlKL48vq2P1aSIau6YN/vy5+0dl55Zn9Fyt7DFpVZdwLZefE1A3CJqmRbksDCidQMYaq80v6qCB8d/vNBny7h5v0+04aXhHK9gBVj0E/RcbKHZ/XKefumxxIe3Zay+aKjhTVkTkC8JtzrpPWbcxYZsglc+1K6k3DQdism2luM5eNncjPvlnmV1VkxP3UStquJ98ot2ePLMlRVyfYIzF3/M8JUjf3I8DQuRcLD1AhduCMvlTn+x1qaRx92AHFApbWpJ8FZ44qv7QlpoVGBgSW8c4puFUMFhnMCY0uJfT4opniGZi3RSABSU1JzXWGSKgM3cqgweWnIe9oJJC7ymfRp1Vk07w/mHDxMXghoW9rAxBMaiADRGLwTxgUXDhm0f+J3zfTc2hp6dnIYvOfnQVsNbJoNeAW5oojvR4DXwq4BpFOhmHzBKszAdhGM/X1/+F4O0kb52zJzjZxGrPhnsbAoUfuFH90pCdRznm6dfST/M9v6NLE59Xig3pyEihUTMvIzZzzOSzPSIpA4URqx7llQaAo0NRpNr71c2geco0mS/WuHX82jC5fPMCXYFbuOM3dn2eyUKLdQ6b4TrpYRsHiQ5URz2kkrUPNCwdXQE4+kLpBNoBowGnDDN3fNoS0SplV0Gwkk8o9EJaG7aj6V9OqUYIP7L2Ud8UbJyaZiEQ2oeSGVjLpYGFhbPZBlK4dQ7wSSj8HRwaLrJHpmYySYSr8QnmN2p7vwHx4gi3FC4pFs1g935gNuJpwGDVNr/XIeAV2s+DCeMROz8M2x4gID6LarC1eA/0eKdL5eq47MV1+nihNEq708DJY0mY9KeVXBF/tLpF2Fd2DE/OMBvRU1osML+0U3X79dbdYs1hprzmHxM0tjJF7oRpWCLL4bB4QNNd+VB5t4fdSe0mS/6aFeVTdY6dEcQ7FsxTG3Lk0QLVzhNffdcY5UfTI62BnVaC9wdSNSRFwajRzaeBq5o2tSNO3NZKbOWsSgsdv7CwS1WSnKQaCBfx6XQxtIk9dqODdjxh3tS1XVmCUFm/gDM2w3OxnQRc4LYSB7ApeV7Haw+V6YDAgKG97UHaL6M5Bo7/iS7mI7QBrgxecjd6a8o1arVV60Q5LPvov15tqtxk65hKxvsAZjERNHamHpWjVRHNcqQIoL9FaSLoJ7FD3rJsGS+86r7NUVPnV0XtkdRilE5mydc1BltvRUqaknmmNWL5kgrgnDO02l7WZkrHr9Dv0uagfR47S/REpEPgoErd0xoqsfdeTkQviyjjEuZp3U3M5VQ/ud7T6FvR1yYRj8UWWedOstchJnInn1Pn//8lM41ZTqRD/Pd9dEN5aItFAVknp7w16GrsgCtjohlLodpU7xKSPW7r4YuZR6Jnj80W/FEVE2bhRuB0HKeAkJzEHvWpHRxa6yGzyZH+S4mqLFndHpUVQUpX/l+RH5LpkGaxjqkzbpyO3zpwHf9RgyDio7FZx57896Owb0fYvpvxd24A5xFNmNjPRNpBiMmtHlWO93tJJUV6TkdhEOa8l0Ifm/lJfAXc0WeUBWZO0PeCz7m/DeltwPKLOGVBCeHPmdu9IfLxZ4TfLSdaS3W6rbVIK2kwMfTrLa48QJqGYfqb4KZWqJInPptNnXiDoH6pjrjjwAhRwvIaClUlVJ9NWCtXSC3BJs4XA3B625ScYW0rlE4r4C2zXqr+I2xmHxFMdUadNgbuybFx59zwo+/hDmF+bovjt2Xr6b7440rt18C8s0eusFeOuqfl+e375v6iA4RFS5nIa0Xagokjvla38B/4S0OM7mN8/v01GSX7vv22U3uf081BBqd6N6tySzWEAza4HpL857EU5fPFz303J4VA2GzrxbZWJHcVUBD0lI3aTXnKPm1BJEaYRD/xHvW2l1sSZsy2/+9jg1nGS5hkY+AUHn3dRPgcm2dXUh6/5HgpSW36wSn4lUCWElp4dcf/hEjmMZaB/m9PPRaVCKy9LiVwFa/3RVAxucRxPJb54jDA+hEXNIK+hzoGbRfUlKpe20QHtr2RfskbxgUIKMq8AdMVb4XRXHKYdf7iAll3Eip1uim4HD+pQY1+erqbRSlNGy1F6s8HxK071sA48ratPqZeLLgjmv6kjnl+X61sN6zTOw1mImYeayybLPFP+jDCwxYffqX9amD0hnFRPKBTrzOPFCB3spOD+S6EdXUC6+O3vV7wE4p5/F74kDCxF0fQllIBgxhl/g5XjOTr4X1bg8CislAz72c84+/T1BGPabGLsZvH/sN+ordNzcTWO6Xw9q8nc0ChxAC7DaKu2o2scHtitWRR0rfnFt5tkGqFAZxWZ92buLD2AicwI0GA739cgWevUpOcxYjBq/h20vK+c2Si9YywKsX43yPriIKr9RObCf8BPHn3Jdz6Ws9OYmLrhA/IMXI8iJ8X35VFjpjggy6c0oBu+ip9ipUfcmck152lXRgETqzDn+ulTk5WGlSgd0Mm/Fy+QdOXi0aYat1d+l6oDVrb4fgychDktLQpcNz+oIWuUSaqYU26iiM95eoSY2B0m9uEgmYVUQ4s7vqH14BDFHXSQVqkMf8RKDRv0L2ELg8vF7Ly8cHbWbBJh52mS0UnH6PtN7SL69JEvr31HUtlDrvZ7wLagtYAGJxde6wh4zZy07+bd1EY2VVuHPU21TLs0d8qdowLKd8zAxy6ss9LNLETGYzkfqDn2cTN/f9ogr7TeuWUYHCh2LtIwGEFWLFlSfD3slul2lqb22D90J9QS91RB3YB2Lp+DU60IxDve2Of8NF3t6kTkQGYKEcbN+/QeZq1VGuu8xI3IDYm093J3Ji1Ai+t3wm/ttErcryY/aXfGSV2XRuQhorAMpTBt3aJS2fFAoA08T3A6nYPINb8lEKebmz3Som5nsOc8CISTsw5nDyUbuNA4BJ5wH70J3t3gh6Eaz86+Vw72ZzJAbWeVA4aUTAqipv1/M4uCMM98Wn9lFJtm+ZbFySpxzXJnjZ6KuKLEg7w+XunEzuo/nWMsBa9FPE/Q5s+Y1KK2y48RHFJ3L0W+NpcYRzJaUYWTa0VyEMRgWqq5UYbuSkzqWMUwDuEQKQ7z7fSDKU3vJsT0ZF9jEatg7Tu2CVSMgTeimw8RxSMcHdduOpGKS0NEz0MB2jQiIDMOnR0knWANHrnB5at/oIhup9wvRFHkn8dr4xeGH2IJ1Kvm16XXWkqUGyA9v+DnapJs8ZKQm59DZoPPeqixUWl8UIAnaGKIJw96SVmVOJ2mYhZpkrC2tm2Dx+iAYeoqxP/4PqORnK+8LzJLLvjOtXi+9T/D7G56OAerEqF5r8dNFkcoEEymuDvt6Bt/FmrFGTc7mo3iQhvbtKW+jHCa75QS2NWDaA8TfySjClYsrvMj3mBqC261V6JUTrgZ3fg4xDH1lJQ5IY4xA1Ujr2cA7ExYDRdzXWQHpqCQjJjrdCH5DyWz43ywlfertFz92AUUfyJozUuoK9rFIvNxQdO5S7QSWTEHKK6h5hgxUqBFc5bUSFryO3LhfnIbZ1gYrJkusjvcHSH9PzQ4s1o57adoetKgg/VqewlD0ZLFfrDllgKzS7dE0IG3QTmUXpZeWnW44W5cCSvRtdw3kxKM6gvyk/s+8d+HzjjopJxc0fQ+T8bu5n51VhTOQg323Ai4ds4l1VLhFgVCynbh8jzBsHi4wFabzsNbyXyN5UTuJrw4WCwcnNwmdEIIQvKTfZhbT+4mCWAR8ZiDV8yEXCfoyfT4jqVzjfZ2fsW/IQcq76L/eCFKB98ZPjV9AMmhqK7E4s6i12DSXxrSPNhoqqz4GdfvOjcs1Mvq0FEYc2UEPcqBZkLA1OSZ0qRK8wCBot9W+tiGMh3hpLNPIXs8Ar9etUp6x2ppEehPzmNj4uS+hk1BtVSUzLzu9plWiYum6bUikJaYzPJvevZ0MzgHgNu6PQJgsK/OSC+qoZ1saVaAjmMtZsvo5QVSOflTgBDHSjHfvbmgPAHBVMBvO5mH1mSEraJka2N24VW6jJeILnbOGr6ijmCd3sROl2TKn0aJWil2rWCG/Lk5pSvoypzzb1lgI3bwZanD1JmtkP8LAWg7t/nzUByQ0vQmwS0NAWIWapbbpTBHCYS84Llt1Ao49tw5vf3vEITqrW9PN1RAuSPmI/jZh0KLxvcfvoKIMNSMO9IykMxZWrOjw+am0LkK+PxLf6bYuctne3LxKmjdeoDUOR1fqM9QP/qEhM6KCPxVJra55BCGFGzB/pUM/+d8uSMTP8C9yrZDQwbgdhQpMK1rmJSVHSf63KtIkf32t/CyXbYAlwRcX7y1nixju7bwoXenImscjCYYaV70Ux0S69qfPipUj/zG8+6bbm4d8oFwBn+C/8N9+dAp4bTQQD8D9hgkk+hhDihOH++Dd/ZUDGwRa8DgRc0MQWAnDguwFwRdPsDGbdPtaotPoUBV4gpn21TpC/SMywTg5ltsOpKszs8EuA2RVdIIne6G63TxknYj9EikqjT64VfxHOacqlos/JFLjH3PDfKCaTZFruTRjiCx8pcsqwWJEGQgMepIo+ybM7isdcl3mw5TEk0YBtbWUW6VaLj/19aEbN6etqaK/8oP9br8Bn/sEmn5haSas7JtgSTwB0Nzi75VAYs2gATzwSe+l59DW2uGZFcCXowbg+/xlnr6j00DY/IbnyfCbm61YQ0VvfE0jvvAISOf9ckfKicojff4MHe8D26HL3RMjiBRyajcbcHdPPoICONc3YkKHDDVb7wpWNfhCy5MrgPD9lRAiBF3J/CTtB6up80bsM1mGZ5gFQUDqruxeXqQqF71bW7y9xphwuGbQ2YDohNBmKDVVHbNQUG9IrRaB4VTU0INzzs8SogGint97LJRM4g7aXCX3GtCb7KiCu3I0S4zccHYLiTfleRqRrHMAYXtMVzZzKL0asKr3la+s37Zb6z6VKm33BjGzU/12rTuS50XKZt8/GeuXHE2v2eiPN+6yqmuW4S6P73P1bL7XSN0LUHgcwXHp0IByTGEkblVnXFDCaX/3ITaPqO4Cg5gginnVz90JNhNaMdATjArMflpH/DqfKgnSJSaoQReii+PjPlthSu+L8fVQkFjoNE8vOkX+nqWgrp/2vyk6odyYKyxO5G0lmgDGqYyx0VIohdoe2ipgvQTvV7Yhtzp+2aYPr11d4tcnUcMjzBc6skcPKA/CAiX/7SIBUl2risDhRBCM3PRfWPcwQb7L/OoIZz6CjiT4/BRK5zEPccO/5z8OZDnbd1NIGG78Sbip5p5c9+eVj2qaqpAXMWasZbpMGAqM7Ds9Us6MspNk9qGJVN2yljoz87ukub1Kfhv3i1p3/OVkD+spjla0Ihoq1bLJTuV9yXZiHPuZnD4hFQ8VktxD6FaoZJ4alMrK548R5vRxtXu7mgeylqG/uQL8RE8MvLRuGbF+ovYQ==,iv:/Qwb4B4uS0aimH3WaVPh4D0iRhQneDZKiSes2eXR6Ws=,tag:WH7C6VGckzqSycEXfYLqkA==,type:str] + ntfy: + auth-users: ENC[AES256_GCM,data:5k2a8GxQ76tGFv0kSlnS2Cr3te0pkKjLlswtnK7m3JOuBMN4hFxOuleZJgy/gbcYvxtKgs5zx6l1pVJVUBnaSZxzANK/LWjbYPaM8VOkzTFxCpLWjhCOlLn0gao=,iv:7BrNN929jGkkquMVnRx1kjnDNg1F47MdCFkYK8fCPL0=,tag:lpMUK9rLmHUYOh7LSpXsVA==,type:str] sops: - shamir_threshold: 1 - age: - - recipient: age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dzUvNEdDL1I0dm1RRlgx - WHNVZ2Ezamo3bE5zTzFyUzJ3M3Rzalg1cENrCjdWU05xeEVUTHpxWTR1eFljcVFG - bVpyaXVEdXpVVHBueG9zb2E0TmhNOGsKLS0tIDVXdUg1dDJrNTRpVkdUVG42WlI3 - UHdlTFlINGRpMTNZV1oyZjAwTXEwMEkKbTKVz99SVb4lVI6FpSN1bwt+YSdQvApP - DDrfAqdLW71kfK0Khu7mh3uKps9nQ5kZAmAGiAC85QIH321weoTXtQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRS9TL0lrbEJRcmIzYWtq - S0ViZ3ZjZ0RTYVFCZlo2UDlBZGRKRHBxT2pJCmsrQWY5dHRpRWU5eHE5OTJocVlj - SDhEQ3pGdXc4QXhYNnFWemgvQXhIMDQKLS0tIEJXOGpYZVpwcDhsN0pJcjFzV281 - R2xFZkZmd0hMS2dDVW15bFh5YUdKS2MKWHCmhYjSA5e51RF+WJtFBtQEn/BOVJn1 - ODv7sY9cQp+sK2Bt0si8I81yM+hADvTY03kvupqJAFZ2tqPIut3Vng== - -----END AGE ENCRYPTED FILE----- - - recipient: age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZzZ2ZThYSURYYmxGdG5I - cDUvcndEWFhGaFN5dE14OG85LzluNGZxM3g4ClNNK2RUcENlUDlnMC9tMWRjbDBR - UXJyc24wMjBUOWwrdjA1RnZyNGY4ZmsKLS0tIGFSeUdhU05QdTdqRDIrL1BIME9N - MGpjSkloMUVwdDAzSlRvKy9QQjhFdmcKCG/F5w7B7qjHpp/x81f+l8AbfnkRZGOD - O0OhLePzcRRHVBDwK36BV27GPy4wWuQTLh+/YclAh2LNAr8UWbaorA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzY0orcEp6MjMrZnNMV1lu - TXdtQWlJU25MdjRSUWVhWUZydFdqTUw3cUhZCkRyK2d6YnVQZjhmZUh6OW5wWHhT - dE5ORHRHWjBsdnUyakR3N3VOcEFXTUEKLS0tIEoxR2p3TXE2ZXZDTktXb05BZk9P - clFROSsxRWlFdVBtVWNkNlZWRlAwWVEKmiAOn1R9GnQBtV94dDZeMx8fgTieVSbB - ugBmDHbp5O28WtVC7JGRNaZQUZr8BynSnHQab8bVFlyoPUIRInMHsw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y2dpemVEM3Z4TCtZR1pM - MmJtR3VsaWF3NGk4QXZLcVNVbW9sdzNtcFJrCnlMaG9YMnY3VTNOci91NHpFdEpl - ZTRqbG9EaWFLNmZLSG01MEJtM0V4SEEKLS0tIEdUUi9lRytXQ2g1aDFMUmRMUEtK - aHdBODRHYlJ6cTZSUEpxTmlXNTgvU3MK4JKYPNt1GCAfSTDpxwquXH5Ifq9VmQ0G - K6P+q0G3L3Jivxkttm8QdAqKCAqo+plivdoEQjILjThT+Ndnm2ZOSQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydFEzVmgrNUFEQkFmbU1D - aEpoZnMwNWZmQ213VjA0QldobnJ4TDZEekRNCmNFOVE4OUNCN2NUY0hOT2Uzajdh - OGdrdmlkUlEzbTlVUEJmOEg4bktsSUEKLS0tIDhxc05VWHFrZlVZWjE1L25TZU5H - T1NFMGNORXhQbEJyS3ErYzZLcm90NEUKx8tmtetnfm6sbUhOazjqlcCQx2HXjrdg - gsAWhH1czigTF/Dal0N7eQqfqFHD8U3A295sxlxkNKyVG+eqElm8/w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSzdVWjIzaXd3QlRiOWUy - d1BlMGNxaVgzU3RpeEFSTXRac3BYL1dKcWhVCndYSUdBZkJ5L21EWE04eFBmeDJw - Ynp2OGtuWExVdXYrS3dhSUJFVG82MTQKLS0tIFAxWW9oa0s3UUdHdnNuQWtaNVF5 - dVRPMUlnd2NTbjcxRjkzdndqS0ZkODgKKBfRK6gdcwBKe58j5JmhyM/lDRrEyyu0 - +wRSEp8RcvFWwpF2sIm/VChq/MoLiRGlXD8b2l8ALcBNDMccVRVzdA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RGRWb3VMeGxsZUpJb2xI - RW1hOThNcmJQUzlOOUNhVkNSbDEvNDV5OGlnClRsZnJiemNLZ0YxSzhwZWJWSjBl - cjBJOHZZaitNSXhreFVEMVYwQmFWSkEKLS0tIDR3YVk5eXpkd3NWaWhrT3BDbHBn - MGlSMS9Vem9DdHY2Rm9yYmhvODIzY0EK39lpzj6aKk5NUekZhJ1pXLzV0wwPxF3g - RWHlIl5DNI0MPqqwpxKW8QdGcrxU53Ng6gn4BneGHvtSJ/tEZiLKgg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUlYzOFFNNlFySHhYcG91 - MlZDTXNQalZqQWFUZTJIcmxwdDJKTFQ4SlFnCjBGRnQvaXQrdHUveTUwbGdUMmJT - RXdOLy9BNHBXTDRaYWdCVDNFL2ViSVEKLS0tIDBWRmdJc3Jab0hWaTQyTXU4U3Jz - bFJLaGhJTmZsUDQxSUR1NlhpaUh0QTAKjufTqKA7CaicL9aXfbYueifK/FG42o2a - UU4ESW3aVgLUPED8sg0/pLEEdIpm5lHmSIgGq76LfJo2MfwA2Zxu8g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZWlKOE1Ub0hRcnBpdFJr - VmhBWmFoUWU3ckhXVHRiMXNYSUhYd1lLejBjCkc1RkYzVzMzRE1DMkVtY281S2VK - d2tXZjA1Y0JLM1RqV3VYL2thUzdwcmcKLS0tIG9VcUN0ZFdWa3oxbm44V09lYXpS - OHdVekk3VWphZEtyRlN1OTZ5SEZqZnMKms9xtoon5f1h+68E8qQrd1hBZPeS2WWn - 5eYSsyd2tm7cy9JC2FSjPTvYXZ69RBgg04p4lJ4+brIrWVo5KqQUzQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZ3BMQmk2UTUyWC9EOGor - cXI5aVBlYVVERUYzRGdtTHg0V1FYYXMwZFJjCjNDK1k2NTVSalVrRGhVVENPWWRm - MVJwdGdzTXR0L3pIVFR4U2VMT2pjSGsKLS0tIE5TNUY2RWhtK21Cb0tLdFNRbVNk - VVA3Y1pEaDBveXlUdHp1Q0tUZUNudDQKpRld05DlnhE0xLSzbh3mbwY2MOLlLQ+5 - FiROv9g78D/JwYxln2EfU/fExK2wK9bzy5vExtrtwjEM6GjP3TN4NQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkR0ltNUdqejJqNXhsU1h3 - RGpnSG1PMnNzeE9jSVh3S0RxVmdtNFBpV3hvCkxVdnczQVh0MnN2cGROYzJ0bXVj - bnNJVHA3elFEK3dJWmtHNE1iT1A4UzAKLS0tIERHMEVPeGMzSjFYL2hOb1pNZ0Fv - VG1ISjFUMy9lcUhRalJ3WVV3UlpLRU0Kul1/9IvC60KTJQdDV69GPgHukmfVppqX - DKJpKQ7q9rqWI74gHpz/jk8zpBS0H8ZIKouV0OmxORih3LIYWMd49g== - -----END AGE ENCRYPTED FILE----- - - recipient: age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBobVZBQWNoa0ZodFQrMmtC - RG05WTBSVG5MWGtTUHViQXZQd0pPVXRDN1J3CnJac2Nwb1JwUXhBK3lsaDFTVk9x - Qk5IMEkyWU5STGxSMUxuSTBvS1UxRXMKLS0tICtMd1krK2tBdEdFdTNJM29jRG1s - NXZkbVZyV0VtTzArOE1uU1JwMXZZN0EKLDU1x+rIWecDD9x//huoM2BM9NRSa4g1 - L5nodU/J0XsfB9z3kr7eY5LYSwsqGkAxI1cXJYZGHF+bozJjweyXTQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-30T23:04:02Z" - mac: ENC[AES256_GCM,data:rDWyDZSXNGs2q4epxCQBI5Mj8E5Dpen6F6cUU7NxTVlOI933Gi12bdpuFghrjEf2S1Lk0u/duOM07q2NJrsMOgVPws2f/jzcCzcpPeaUsrD1vkQUpCr2hUKNjSIEbrrtwanm2vbr0LMV0noxFluf68fpeph+/ZMe8eqJjxXWK+A=,iv:DvmxVM7m76trz5aXx/Llsrqmk53uTipo4SHaOdc2YUM=,tag:cIC5iF7+iaIjwLiYR22exg==,type:str] - pgp: - - created_at: "2025-08-24T02:21:34Z" - enc: |- - -----BEGIN PGP MESSAGE----- + shamir_threshold: 1 + age: + - recipient: age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dzUvNEdDL1I0dm1RRlgx + WHNVZ2Ezamo3bE5zTzFyUzJ3M3Rzalg1cENrCjdWU05xeEVUTHpxWTR1eFljcVFG + bVpyaXVEdXpVVHBueG9zb2E0TmhNOGsKLS0tIDVXdUg1dDJrNTRpVkdUVG42WlI3 + UHdlTFlINGRpMTNZV1oyZjAwTXEwMEkKbTKVz99SVb4lVI6FpSN1bwt+YSdQvApP + DDrfAqdLW71kfK0Khu7mh3uKps9nQ5kZAmAGiAC85QIH321weoTXtQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRS9TL0lrbEJRcmIzYWtq + S0ViZ3ZjZ0RTYVFCZlo2UDlBZGRKRHBxT2pJCmsrQWY5dHRpRWU5eHE5OTJocVlj + SDhEQ3pGdXc4QXhYNnFWemgvQXhIMDQKLS0tIEJXOGpYZVpwcDhsN0pJcjFzV281 + R2xFZkZmd0hMS2dDVW15bFh5YUdKS2MKWHCmhYjSA5e51RF+WJtFBtQEn/BOVJn1 + ODv7sY9cQp+sK2Bt0si8I81yM+hADvTY03kvupqJAFZ2tqPIut3Vng== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZzZ2ZThYSURYYmxGdG5I + cDUvcndEWFhGaFN5dE14OG85LzluNGZxM3g4ClNNK2RUcENlUDlnMC9tMWRjbDBR + UXJyc24wMjBUOWwrdjA1RnZyNGY4ZmsKLS0tIGFSeUdhU05QdTdqRDIrL1BIME9N + MGpjSkloMUVwdDAzSlRvKy9QQjhFdmcKCG/F5w7B7qjHpp/x81f+l8AbfnkRZGOD + O0OhLePzcRRHVBDwK36BV27GPy4wWuQTLh+/YclAh2LNAr8UWbaorA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzY0orcEp6MjMrZnNMV1lu + TXdtQWlJU25MdjRSUWVhWUZydFdqTUw3cUhZCkRyK2d6YnVQZjhmZUh6OW5wWHhT + dE5ORHRHWjBsdnUyakR3N3VOcEFXTUEKLS0tIEoxR2p3TXE2ZXZDTktXb05BZk9P + clFROSsxRWlFdVBtVWNkNlZWRlAwWVEKmiAOn1R9GnQBtV94dDZeMx8fgTieVSbB + ugBmDHbp5O28WtVC7JGRNaZQUZr8BynSnHQab8bVFlyoPUIRInMHsw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y2dpemVEM3Z4TCtZR1pM + MmJtR3VsaWF3NGk4QXZLcVNVbW9sdzNtcFJrCnlMaG9YMnY3VTNOci91NHpFdEpl + ZTRqbG9EaWFLNmZLSG01MEJtM0V4SEEKLS0tIEdUUi9lRytXQ2g1aDFMUmRMUEtK + aHdBODRHYlJ6cTZSUEpxTmlXNTgvU3MK4JKYPNt1GCAfSTDpxwquXH5Ifq9VmQ0G + K6P+q0G3L3Jivxkttm8QdAqKCAqo+plivdoEQjILjThT+Ndnm2ZOSQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydFEzVmgrNUFEQkFmbU1D + aEpoZnMwNWZmQ213VjA0QldobnJ4TDZEekRNCmNFOVE4OUNCN2NUY0hOT2Uzajdh + OGdrdmlkUlEzbTlVUEJmOEg4bktsSUEKLS0tIDhxc05VWHFrZlVZWjE1L25TZU5H + T1NFMGNORXhQbEJyS3ErYzZLcm90NEUKx8tmtetnfm6sbUhOazjqlcCQx2HXjrdg + gsAWhH1czigTF/Dal0N7eQqfqFHD8U3A295sxlxkNKyVG+eqElm8/w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSzdVWjIzaXd3QlRiOWUy + d1BlMGNxaVgzU3RpeEFSTXRac3BYL1dKcWhVCndYSUdBZkJ5L21EWE04eFBmeDJw + Ynp2OGtuWExVdXYrS3dhSUJFVG82MTQKLS0tIFAxWW9oa0s3UUdHdnNuQWtaNVF5 + dVRPMUlnd2NTbjcxRjkzdndqS0ZkODgKKBfRK6gdcwBKe58j5JmhyM/lDRrEyyu0 + +wRSEp8RcvFWwpF2sIm/VChq/MoLiRGlXD8b2l8ALcBNDMccVRVzdA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RGRWb3VMeGxsZUpJb2xI + RW1hOThNcmJQUzlOOUNhVkNSbDEvNDV5OGlnClRsZnJiemNLZ0YxSzhwZWJWSjBl + cjBJOHZZaitNSXhreFVEMVYwQmFWSkEKLS0tIDR3YVk5eXpkd3NWaWhrT3BDbHBn + MGlSMS9Vem9DdHY2Rm9yYmhvODIzY0EK39lpzj6aKk5NUekZhJ1pXLzV0wwPxF3g + RWHlIl5DNI0MPqqwpxKW8QdGcrxU53Ng6gn4BneGHvtSJ/tEZiLKgg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUlYzOFFNNlFySHhYcG91 + MlZDTXNQalZqQWFUZTJIcmxwdDJKTFQ4SlFnCjBGRnQvaXQrdHUveTUwbGdUMmJT + RXdOLy9BNHBXTDRaYWdCVDNFL2ViSVEKLS0tIDBWRmdJc3Jab0hWaTQyTXU4U3Jz + bFJLaGhJTmZsUDQxSUR1NlhpaUh0QTAKjufTqKA7CaicL9aXfbYueifK/FG42o2a + UU4ESW3aVgLUPED8sg0/pLEEdIpm5lHmSIgGq76LfJo2MfwA2Zxu8g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZWlKOE1Ub0hRcnBpdFJr + VmhBWmFoUWU3ckhXVHRiMXNYSUhYd1lLejBjCkc1RkYzVzMzRE1DMkVtY281S2VK + d2tXZjA1Y0JLM1RqV3VYL2thUzdwcmcKLS0tIG9VcUN0ZFdWa3oxbm44V09lYXpS + OHdVekk3VWphZEtyRlN1OTZ5SEZqZnMKms9xtoon5f1h+68E8qQrd1hBZPeS2WWn + 5eYSsyd2tm7cy9JC2FSjPTvYXZ69RBgg04p4lJ4+brIrWVo5KqQUzQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZ3BMQmk2UTUyWC9EOGor + cXI5aVBlYVVERUYzRGdtTHg0V1FYYXMwZFJjCjNDK1k2NTVSalVrRGhVVENPWWRm + MVJwdGdzTXR0L3pIVFR4U2VMT2pjSGsKLS0tIE5TNUY2RWhtK21Cb0tLdFNRbVNk + VVA3Y1pEaDBveXlUdHp1Q0tUZUNudDQKpRld05DlnhE0xLSzbh3mbwY2MOLlLQ+5 + FiROv9g78D/JwYxln2EfU/fExK2wK9bzy5vExtrtwjEM6GjP3TN4NQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkR0ltNUdqejJqNXhsU1h3 + RGpnSG1PMnNzeE9jSVh3S0RxVmdtNFBpV3hvCkxVdnczQVh0MnN2cGROYzJ0bXVj + bnNJVHA3elFEK3dJWmtHNE1iT1A4UzAKLS0tIERHMEVPeGMzSjFYL2hOb1pNZ0Fv + VG1ISjFUMy9lcUhRalJ3WVV3UlpLRU0Kul1/9IvC60KTJQdDV69GPgHukmfVppqX + DKJpKQ7q9rqWI74gHpz/jk8zpBS0H8ZIKouV0OmxORih3LIYWMd49g== + -----END AGE ENCRYPTED FILE----- + - recipient: age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBobVZBQWNoa0ZodFQrMmtC + RG05WTBSVG5MWGtTUHViQXZQd0pPVXRDN1J3CnJac2Nwb1JwUXhBK3lsaDFTVk9x + Qk5IMEkyWU5STGxSMUxuSTBvS1UxRXMKLS0tICtMd1krK2tBdEdFdTNJM29jRG1s + NXZkbVZyV0VtTzArOE1uU1JwMXZZN0EKLDU1x+rIWecDD9x//huoM2BM9NRSa4g1 + L5nodU/J0XsfB9z3kr7eY5LYSwsqGkAxI1cXJYZGHF+bozJjweyXTQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-07T16:00:55Z" + mac: ENC[AES256_GCM,data:Z8H09wF7kYYZs7FU4qAvpJmo3wEsSKg5qML+Q57UGNzjoaBJFor60B0yW/vaLcALt4clcJHhsU2phoCqCh7SdlP/AlgE5u8pn6G8n3zXiWxXK1dqiJLqE8iIgye+BA0EMdV9zATwTAQJwK/BtIBitXP1nboWi73W0tj+RdMIkjg=,iv:31IqJSL+kZAGqeKnOnZr5A2A0GOR/njrQ6tZqpjSTVo=,tag:1u24sjA06D8RnW4T3S1QjA==,type:str] + pgp: + - created_at: "2025-08-24T02:21:34Z" + enc: |- + -----BEGIN PGP MESSAGE----- - hQIMA0B7mmjbybiOAQ//eT+VnsY3+AYR0SwVySzQIUvy37jgDjnZsBxXy3uULWyb - 4pNZcVo73TYiRi14XGl5tl1Y/OnZhT7JeVeHCWQ4cXs3BuRoRPiqAot4aX5dClyb - +puz+Ul5TPy/mWHmZ0QWPbgq9Ge/FY3hBwR9cQAtvVke1nmqCuOyrVA/Gkx4+hXw - DAk1mLD3uBLBOtoAFhGwK9PrBVUrdSBysRX454dbXuyXTvWPBffOwxxu3RUsA72v - rShOv9J68MX3OTrPpgls6KLK6WpmFNDFUobBs97Un8ZE4YI9eaepTxtoRVsxRMyc - V4g+SyvL7KUucTNb+1CpXa+c72ZfCxQ5XavQKoTAjK8nDPdrC/azHi+y6vC2xme6 - hgmdxcx2D5ENuJq1WGcQyyyF0jVj0DWVcJASRML/JVlvpeTgV3ArSSVH71oI9owE - pwzIlq5zuyXQJDBwdFUbB1P3HNp7MQaRwLkktr0Ha+GWPwBtAFXC0Zu8lRdOM1bi - O3Il5L/nlgTQbv0c9koDDWpb+o9Bymff9Qx47VB3k0HjVbRqZc+WoqVvbDPFCtL7 - /L8Z4n+BeoyxEKz7Bgln4ntVoPVznoz3oGEbq/gj43miSB2Tk6TnofEaBPtsYhF5 - eLlzn94Imr2n7rcJu7LO9efOOwZaeLKZ9HF/cZjtVjptv89r5EThcumkGhRjtrnS - XgE6dL2+cEQQZZMhzgz7+fZTzHmN4XihpcIs3ztzcLv4RIZun9V8iXJS0VKrYlG3 - 0YDyjgzgShMp10hxrfP8X5Z7/2wfEe1bJgl1gFrTgsvibucs0QHCEAYQ0vsqw4s= - =g08H - -----END PGP MESSAGE----- - fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684 - unencrypted_suffix: _unencrypted - version: 3.10.2 + hQIMA0B7mmjbybiOAQ//eT+VnsY3+AYR0SwVySzQIUvy37jgDjnZsBxXy3uULWyb + 4pNZcVo73TYiRi14XGl5tl1Y/OnZhT7JeVeHCWQ4cXs3BuRoRPiqAot4aX5dClyb + +puz+Ul5TPy/mWHmZ0QWPbgq9Ge/FY3hBwR9cQAtvVke1nmqCuOyrVA/Gkx4+hXw + DAk1mLD3uBLBOtoAFhGwK9PrBVUrdSBysRX454dbXuyXTvWPBffOwxxu3RUsA72v + rShOv9J68MX3OTrPpgls6KLK6WpmFNDFUobBs97Un8ZE4YI9eaepTxtoRVsxRMyc + V4g+SyvL7KUucTNb+1CpXa+c72ZfCxQ5XavQKoTAjK8nDPdrC/azHi+y6vC2xme6 + hgmdxcx2D5ENuJq1WGcQyyyF0jVj0DWVcJASRML/JVlvpeTgV3ArSSVH71oI9owE + pwzIlq5zuyXQJDBwdFUbB1P3HNp7MQaRwLkktr0Ha+GWPwBtAFXC0Zu8lRdOM1bi + O3Il5L/nlgTQbv0c9koDDWpb+o9Bymff9Qx47VB3k0HjVbRqZc+WoqVvbDPFCtL7 + /L8Z4n+BeoyxEKz7Bgln4ntVoPVznoz3oGEbq/gj43miSB2Tk6TnofEaBPtsYhF5 + eLlzn94Imr2n7rcJu7LO9efOOwZaeLKZ9HF/cZjtVjptv89r5EThcumkGhRjtrnS + XgE6dL2+cEQQZZMhzgz7+fZTzHmN4XihpcIs3ztzcLv4RIZun9V8iXJS0VKrYlG3 + 0YDyjgzgShMp10hxrfP8X5Z7/2wfEe1bJgl1gFrTgsvibucs0QHCEAYQ0vsqw4s= + =g08H + -----END PGP MESSAGE----- + fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/systems/x86_64-linux/jallen-nas/boot.nix b/systems/x86_64-linux/jallen-nas/boot.nix index 6310cd1..a61d6f7 100755 --- a/systems/x86_64-linux/jallen-nas/boot.nix +++ b/systems/x86_64-linux/jallen-nas/boot.nix @@ -5,7 +5,7 @@ ... }: let - kernel = pkgs.linuxPackages; + kernel = pkgs.linuxPackages_latest; in { # Configure bootloader with lanzaboot and secureboot @@ -19,7 +19,7 @@ in clevis = { enable = false; devices = { - "/dev/disk/by-label/nas_pool".secretFile = config.sops.secrets."jallen-nas/nas_pool".path; + "/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe"; }; }; }; diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index b35bc09..cfc080a 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -21,7 +21,7 @@ in ./sops.nix ]; - services.kmscon.enable = true; + services.kmscon.enable = false; powerManagement.cpuFreqGovernor = "powersave"; @@ -36,7 +36,7 @@ in # # Desktop # # # ################################################### - desktop.cosmic = disabled; + desktop.cosmic = enabled; # ################################################### # # Development # # @@ -58,8 +58,8 @@ in hardware = { disko = { enable = true; - enableSwap = true; - enableLuks = false; + enableSwap = false; + enableLuks = true; }; amd = { @@ -134,7 +134,7 @@ in 10200 10300 8127 - 6060 + 8280 9943 # onlyoffice 4000 # netbootxyz 4080 # netbootxyz @@ -148,6 +148,8 @@ in 9012 8192 + 3000 + 2222 ]; allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts; }; @@ -245,13 +247,15 @@ in fsType = "bcachefs"; mountPoint = "/media/nas/main"; options = [ - "noauto" + # "noauto" "nofail" # "x-systemd.mount-timeout=0" # "x-systemd.device-timeout=0" ]; }; + boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot"; + boot.initrd.systemd.services."unlock-bcachefs-media-nas-main".enable = false; systemd.services."unlock-bcachefs-media-nas-main".enable = false; diff --git a/systems/x86_64-linux/jallen-nas/users.nix b/systems/x86_64-linux/jallen-nas/users.nix index 0445861..97fa9c8 100755 --- a/systems/x86_64-linux/jallen-nas/users.nix +++ b/systems/x86_64-linux/jallen-nas/users.nix @@ -21,6 +21,7 @@ in "jallen-nas" "docker" "podman" + "keys" ]; hashedPasswordFile = passwordFile; };