diff --git a/.sops.yaml b/.sops.yaml index 2ca6692..acbef1f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -17,6 +17,8 @@ keys: - &fw age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df - &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 - &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw + + - &mail-social-grow-tech age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u creation_rules: - path_regex: ^[^/]+\.yaml$ key_groups: @@ -84,7 +86,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 - - *mail.social-grow.tech + - *mail-social-grow-tech - path_regex: utils/modules/lego/[^/]+\.yaml$ key_groups: - age: @@ -102,6 +104,7 @@ creation_rules: - *netboot - *fw - *fw-new + - *mail-social-grow-tech - path_regex: hosts/web-01.cloonar.com/modules/bitwarden/[^/]+\.yaml$ key_groups: - age: diff --git a/fleet.nix b/fleet.nix index fe42c30..bfbcc3a 100644 --- a/fleet.nix +++ b/fleet.nix @@ -47,6 +47,11 @@ username = "fw-new"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnb9todh2b+c3iCmEz72smRwL37aZf3Xs3voT7+PLTP"; } + + { + username = "mail.social-grow.tech"; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH1K4mhBji1kMGnO55OOFaDknBf2Q6wgm7DaMYKip+S5"; + } ]; in { imports = builtins.map create_users users; diff --git a/hosts/fw-new/secrets.yaml b/hosts/fw-new/secrets.yaml index 413975b..1dcdb4b 100644 --- a/hosts/fw-new/secrets.yaml +++ b/hosts/fw-new/secrets.yaml @@ -20,32 +20,41 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aEpEZklTYi9oakF6WTg4 + RDlNV1FrWlN6Skd1V1BmRU93SGJ1RTNGc2xRCmlzRk56NnRrbkthcWhpTjNlb0VV + cE9GaU5TRjAxaGFYTlkzbGtQY092eUkKLS0tIGdncHpVdTd5ZDN0NzllVmFuN2pR + WDJzNzZKdGxzOTRBZ1BPRUgxSE5DQ1EK3t2074FilJxZDQYZew8ckEbaBnQrDOsW + f+G4AnR83inhGsJwebmwwyI5dORVuBldA0CNjvihAmhlvf7G4TZ/Vw== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YlN0a1M2cStpbUtMMWFZ - RzQrMGZmbkN2c01yOHhvbllwQUVpcWhmU3lrCkQxeHNQb2pKa3pOYnB3aEFjTGl1 - c1IvSnZnTS9JMFJ1L1E0cXRybEJ6KzQKLS0tIDdPNTNwZDdMRzhyVzNzdXRESlZO - TkRXeUsxTWpodWtIT3Mza3o3SlZGdUkK/U6+p4rYGLhTWSHPOysau+iCoWseiLht - oT8a2hp9dSh1ofseyBfgeDeBN7Td9Z9FTBXBgcM911Sdq3VffQJHgw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MVNyWE0zd1FScmpOcVNs + R2FsWGxyZ0ZiZzkrNjEyNkVybjlVbFh6WFVFCmtoWFd2bTRFUU8zL3J1Ry9uak56 + ZUxKMVdha1h1ajBnb1grbTNPcjkrc3cKLS0tIHZXL25UU2Fqd2VVL0ZhNE1vVUVJ + TWtVdzIwNU1McDNtM3VMdjhZNmhENGsK1x5pbkUdFuZtxLPLHQonmJEwSlWYBwjv + 50v5i8fK4CTSjKO3VLh6iCkFUq2RYwerCpK2PdrujH33ymSUOzlXWw== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVYzaDRndjhXMmhYaGdC - ZFcyUlZNd28wbFdsUEk2OWt5aEYwSzBsWVFrCnZjOHg2bXFPNlgwa3E3NkZlOXpJ - T2llSXJLNmcwWVVYdDdJY24xV1laWmMKLS0tIFhwTFdKaHk4NG91L2Y3OUZ4eHhD - V000QkdMWUhBV3E3dklnbTgvQVFUVG8KRkTaCoXdzF6+di4o9MoZIVUtM7YCxfiF - 3PP2lurWxmSmGDhD7OwIgM+EQ0sKViDbcvGs6Oo8BKClgSx7i9kvPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1R3V0Z3ZxQSt4dnkyNS96 + VGRqWUV6WllLenY2TWF2OTVWbEdUY2NDbFNvCmpwV3dwS2hwbk8zV0ZsMDYycHky + bU8zRjY1aFF2T0l3YzBaQ0l1UDFRYjAKLS0tIEgwbzF3TytRNHduYkErSTI3WXJF + STZ2NnlKaDdLeCt3RS9IRnc5dUkzZmsK5VwTv1CASmuvEvVLd67YIFx2fouXONtA + vtuVW1MCG4Z/btsQ5smRUsKWVdL+G2Cy1dk8SWZcy1tK3bDOLZ/VNg== -----END AGE ENCRYPTED FILE----- - recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbUMxNy9VTkJkMkszcUdx - MjJlRDk4TnoxMVEzSDdIK3J5dktWWHl5MHl3CmtjS013OXlqSjNhTlNBWURTRmht - eFVLRU1Kbm5OdUtHRm5Nb3NGdzBwWHMKLS0tIE51M2tnaEUzMlRIeDEzZjhxV3RH - clE0QWFvRit2N1hsaDlUcUpDbFdhUlEKA+8ukUbm61s2B7XzbBclbmL1G+cHP9DO - XGOzmtpNm/kPKZCj9CuMBB3Ze4pEQglv66YQPafzQhmP4LMoWrOQrA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRXBDdXhYL01jaDRkbXZP + R2hFOXpBT25CRXNvTjhoNU1JWDRpa2RlcW1zCjlBMlZabFZhMTI1U1FxalI5SlBS + SkVMVXBldHF1aUdBREFyckpYVVBzaE0KLS0tIGowV3oxU0FYRjNoTDB3SWFMZWVF + bVBNM0o0KzJRUndkSlZzeUQ2UU91N28KFfW9ID6X0IPeCnRBc6v7EGJAZ7my70Ih + wHMDCrsnvs1XUFlHCFq4a7fzbqMcBoZ3Gkq5gBeuL2Cmuqoh92slzA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-02T22:57:14Z" mac: ENC[AES256_GCM,data:U9/pKXdqXMvjQgyTIGz0JG+88aBXVgp29Fmm0OE66KMArkX8ungcEtdnGYKhD0gFJKLrKZZY5V8oyAXEq95D+Bh8ZnfmQibYw04cPldc6kTZstsrpbzrWVfn6sqG/ih12oXdsLws+H6IeN+O2qGZHDIVjvPufAdJ3A2X+Yakahg=,iv:mG+dGv3l/PNhggvlujLxDGU5z47qVA9sOTUbU2b2dPo=,tag:Rz2av33iwa9aYR7c0cviEg==,type:str] diff --git a/hosts/fw.cloonar.com/secrets.yaml b/hosts/fw.cloonar.com/secrets.yaml index 595a8a6..c29e417 100644 --- a/hosts/fw.cloonar.com/secrets.yaml +++ b/hosts/fw.cloonar.com/secrets.yaml @@ -21,32 +21,41 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNzNjZ1o1dXFxalFiRXUx + U3NQK0gvQWVRbnAxam8yZmJTTmRTaVVZdkdrCnQ0R1ZBWEVmcE12NWNuaDFtRGlj + UFRManh2VFgwUFJaNFpVZFNqc01oSkEKLS0tIHA5UDlHY1lDWUtwTk10RHZoQWQ1 + bzZ6MzhQQmYrZ3JKUDZoa1lDZXRHRDAKHtzHnt+zHgMsuyX0vP6xapvJ8796/vkn + u9U56OdFlqthTy870vMMoJWW3wAFfj/QV124bG63lJ02gAHEr/PGJw== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpalJkZWNhUzRJdTdhaElh - VlNGd3AzaW5ha1d4ekVESStQSC9mTnBGRzFRCmszVHVBMjFRZjRuejRjenhvdGZl - RkMxMmowbWdndDZvcHc5RDZBNGh2THcKLS0tIFVuU0ZIOXlpZEE1alVGaXhnbWhQ - T1BiZitwUHEvRGx2ZkdTTWJZQzJpOU0KH035L5mbJ1fDjmuNbmfCGZdJ/4eE9FeI - qM5/d51C3fP1uRjeLJFxObNlu/QG9MKql80fYF0NUboVGIUzHwv9gw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLc0ZsVlNzQ0d1dGJlSzN6 + bzB0bnhHTzlodWJveFBmdVVCdjJ5c2V0dkM4Cmt1cHhJa2U4NmJZSUFGYzhCQmdH + eVJDUjc0LzdIOHo4TWlCeVEvQUg1b1EKLS0tIGRpTFA4TkgvU2ZLOXM3NktMbjRP + aGM2aVdRSUpsRXRCZE02MXJ3MVpxK00KO2dZUNZ1KQFg4bnNp1PEntL2fY1h+JCK + l7CnGwotydc9NybwYtisv9XVrz3QoiD09OiLvg7VkmfzEaGmqmja/g== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdm01UEx6OFZkOW5QTnp3 - bUpuczZUUFdhRnhBbUxabGNFY0Rzd3pDdGp3CnRZMk9JRTV5Q1Jwa1J5Q1dtd0lM - YzZKVzVRNldEa3JEL3h6TURPcHc4MWMKLS0tIGVEQnJ3N3c1ZHJ1Nitta2JRWDZP - VFZ3Qm5SYzRyVitTV2JkN2hWNEVMSDAKwHMncahsEQTsahAXr9VJFgsahUJ4yrOD - E1x6RAAI+2q8v3hPO8Rd8i6i/sELyM+NdK81WRrGwn8FHR8yZC7zoA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQTBxNkV2REdrRS9MaUxa + YWxNOFBKQlAwOW5qSk9hM1Q5c0tjZTdWUjBjCkM5TmtwR2RBRER3Uzc4dWtGOVM2 + bjZFZVc3V0t0enhyam1DWVM3b0h5WlEKLS0tIGNPUzFJUGRYZStMRTMwV3pWTW1t + V003cnFtYVNEbERiRDV4bmVXVlBaUTAK7pLGaixTRCg5lKhN8CN95cdr7X8X1oDY + LX2t+SPvb8hqsssLf/mqVxPsgAXl0L9lfsYtRsuMWONmaJsOleVE4A== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYWozckZEcGJRK0NoTEcr - N0JsUG9UMGV1NTNxa0RmK3QyYVp0Wm04S25vCkxsSnpWQ3NGaGZMalEreUZkZVZE - ZUk4R1M3cDdaU0NBa21Hc2lTaXFhdGcKLS0tIFcwRGJZU0hmUW5aRHZsNG1NZ25n - ejhXSmVkVjlhRDF3d1JDQlBzd2N3WncK6taU4OsyYoZc5P/2fMrSidLo2tYcH6Yw - tNJRIOqR2Iq1M4ey27jnTdw3NvYKyxjn60ZeW2xcn8CYrpf0X4gLQA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbDA5U0xnUDNXYUtRVVN3 + YW5aTFg1T0pOZWc4cXFDRDlrRmxZWWw1MUdRCjdlUVg0S0IxTXM4ZXcydGR0aldu + WnU3ZnUydUh4em02TWFVamx6a0xpQmMKLS0tIEdpWFg1UEVGNHIzY2VZZk40NlBG + WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j + eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-10-13T22:30:43Z" mac: ENC[AES256_GCM,data:sEySfQaBevydqFBOab7RPCse8fOwiix6GIsXeR9paBCCCHOxDZDusdn0/k97wLeWzvHi0SJB/8+g8qlqXtRuJ/3mT1vJxfWwoJk3gz2WD+d8recG+KkdtkSGu04addHgBZQqGqhOfkRHYypVW3GaBfLteY08nvob4/yjaHCtGig=,iv:lsHvIovstgHmY6OrV3CO0tju2OQb1AcWgMov8klkSqA=,tag:zcvCoCwTgeZhhS1MOvH3HA==,type:str] diff --git a/hosts/mail.cloonar.com/hardware-configuration.nix b/hosts/mail.cloonar.com/hardware-configuration.nix index 4d91eb3..d2a845f 100644 --- a/hosts/mail.cloonar.com/hardware-configuration.nix +++ b/hosts/mail.cloonar.com/hardware-configuration.nix @@ -5,7 +5,7 @@ efiSupport = true; efiInstallAsRemovable = true; device = "nodev"; - configurationLimit = 2; + configurationLimit = 5; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; }; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; diff --git a/hosts/mail.cloonar.com/secrets.yaml b/hosts/mail.cloonar.com/secrets.yaml index a68e84c..7b63233 100644 --- a/hosts/mail.cloonar.com/secrets.yaml +++ b/hosts/mail.cloonar.com/secrets.yaml @@ -9,41 +9,50 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraEttTi84cGd2bkd1RENP + bm9zRmlNdWZtSzZJVElVWW5qTXlzS1lreTNBCm9BMnJ6bEJON2Y5aVZvVjFmQlJw + VVVpSEVRNDJaa2FadFh2U1gySHFXQmcKLS0tIEhjeG5Wb0FDMlBxWW9aem45aTdF + N1ZQNlE2aTl5OGhqTUVNa20yelNpcW8KoXud5IID1g/KOvM30wn2cJFWQ5En4M5H + kJ/cLDSIBqgOpjtEeEDtMsKG4yW3H91YbXjwQ0UkoPJorauVPWnTYw== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRWdBcmEvQkQrOXZ0SDJW - eFpFSlBxbjlUbFlDVEZzS3dLSXN6MnBFT3lnCkZ1RGhoQjhtcGxEY1E1QlBvNUl0 - RWxnbzNldHBHUjhiZldYQm9iYWppcncKLS0tIG12WFdYSVdDYVZUaEFzUFhJS3A2 - Q0I2b2h4aFlkNkV1a1BFamhyd0ZBWTgKZwxpdydc1lgs3u9gkh2Krs8PGfcKwJTv - n7BV0FNa242wOT4Tu28O9SN7VR1zZR52iOgV7gWsCnhkNDk9kwiLHA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbVcxeTJZM1dDUFhIZ3VE + ZlBaTU9tQ0Y2V2xlZFUxUXNKcjdadVVMd2w4Ck9TK2UyVFVTVSt1dzNWWUtxYzdw + SVZ3R3VjRUxDMDNRWnpRZVBHWXdzN0UKLS0tIHQ0ZW0xZDd4bFVBV0ZjZE9Jcm9F + cVd0aW1qWHFMMjh3SXhTYjJrN1ZEZHcKi9QhittNcxnz+Zzc/pyFutXg3Z8JJjgc + j3rW5N6eNJw0W50qPw0xdI44KEkWOc4vh+QGcPY57yqjSy4+SjWhWA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSHFtMUczc0tXaDZoQllM - eHFpYTFmcnpyYitwT1U2eGNuQm5MQms3YUdJCmpVS2hOVjFmUlVUZy9MZTZxQVlq - SU8xcmd2a0tvWlBMc2M1Wm5XV3ZQZTAKLS0tIG9qa2pQbDFIbFArejM1d1VRRVFY - VjJwdC8yQ1hweEllcGhYclNwTWFyZ1UKDKv14nnVx3FeL87FYFqZMU+niHBOvxHz - 3L3hBMEgpR/uMSuPmF4/NLVJTsktOonW9NKOzm37KsY2HNRXbuHoQg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TnNnOUtsbFBzS0E0bnFK + NGk4ZkRjUWdRdG15aTQwU2cwQXdycjhxa3dvCkUwUGdmQ3FPQnFhZC9NcE9LUG1O + S0lydjZkdCt2V3R4dWlnUlBUSkp2RXcKLS0tIFJ3UkZhSkhTMlZZSjdXbFBObXNQ + RW40cXUrdFAzb1B1VTUzOGY2RTcveUUKFxxBBioTXTZ3INRykgRPoYwwbbuDMiXH + /Oy5yWE74I9KZJr/2idzd34Dq8PUB28lDyiDdxlISyAS33D4H0cl1w== -----END AGE ENCRYPTED FILE----- - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjY2JOWTA0a3pGL0dYc2t4 - aE8vTUNMNDVML2ZOSW9xeHlFRDQ5K1BLR3l3ClN4a25QZTEzaFk5bnVUYkk2dnRr - SWxNTklrZGM4enJ0WXBKaEJ6UDZUMzAKLS0tIDJudGtSVTVTV3ZrWWh6VnZFdEs3 - UFVlWE9wd3hRS0d3VEg5di9kNHBIeUEKov+NZ0pt4BUd5xXX9cTFSJF355Kg0ios - Va/kbzgG2SMvxMorNFDp+yJgGXM9rOycMJ1ajemKBM3r2QMcsIiMWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZHFvbFMrZ1dTQzBZUkw4 + dkl2UUlmcEZmZUVKeHVoSytYRzZVQ3p6T2hzCnJXaUJ4SUVaZFR3dEZtQ2ttZWNN + NHo0Znk5TjZzemtmWHdkSGlIZ04zUlkKLS0tIDRvclhTMFlsdERtQUk0azJ4ZVFM + WDMva0RCTnkzT0RWeWY5V281M0hjQkEK9o9cIFOiEwFeo+77QI9lXqdxlMCNGhOY + BtowL/7wo0Tfi7+CkBuKP/Bxp2D0x3b4OHDsoCNG0nc+55F/rDtR5A== -----END AGE ENCRYPTED FILE----- - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVVRBY1RVdmdkTGxkT3N0 - YjJUdXU5blY3T1R2NFQwQ2MvUitTRjZOUGpjCkNMTUJOaCtGR0s4SGxENXRRd1lQ - cE9RbFUvL1RVZnZ1a3RlZ0YxbmFtOGsKLS0tIE8vMmE1YkZCM210SXEzRFZJeWZL - eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1 - MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMjIwT3pUcHlkc2N3eWZl + cVdtT3NGcDNyMFZ3V1lhWGdJMExyVXYwUTJFCmMrZ3dwZm1ZcVZVMnB6b1NPUDVR + UFZUaHdRVWFNKzNrdGE0ZWxUNnVOeWsKLS0tIFhnbklUMkd4ZGFrUjhUcVBKRktX + YXlwV28xR2poYnFja0xVdzRPcnZmV2sKDbM77Msos187Du6D7s1wlgEuVxqQ4cw1 + Rwm64kyiQPwh1W9sPhMOZWyEvUTP4QL2Bs6aB1Javf4BDKka0PeP6A== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-08T11:20:50Z" mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str] diff --git a/hosts/mail.social-grow.tech/configuration.nix b/hosts/mail.social-grow.tech/configuration.nix index 5e8b51d..a214208 100644 --- a/hosts/mail.social-grow.tech/configuration.nix +++ b/hosts/mail.social-grow.tech/configuration.nix @@ -4,17 +4,18 @@ ./utils/bento.nix ./utils/modules/sops.nix ./utils/modules/lego/lego.nix + ./utils/modules/nginx.nix # ./modules/self-service-password.nix ./modules/rspamd.nix ./modules/openldap.nix ./modules/dovecot.nix ./modules/postfix.nix + ./modules/autoconfig.nix - ./utils/modules/borgbackup.nix - ./utils/modules/promtail - ./utils/modules/victoriametrics - ./utils/modules/netdata.nix + # ./utils/modules/borgbackup.nix + # ./utils/modules/promtail + # ./utils/modules/victoriametrics ./hardware-configuration.nix ]; @@ -24,16 +25,16 @@ sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; networking.hostName = "mail"; - networking.domain = "cloonar.com"; + networking.domain = "social-grow.tech"; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHC9YODKEKu5bOC61qkpPd8QeZxbNPCQKgfh8xUFMdV0" # dominik "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" ]; # backups - borgbackup.repo = "u149513-sub7@u149513-sub7.your-backup.de:borg"; + borgbackup.repo = "u428777-sub1@u428777.your-storagebox.de:borg"; networking.firewall = { enable = true; diff --git a/hosts/mail.social-grow.tech/hardware-configuration.nix b/hosts/mail.social-grow.tech/hardware-configuration.nix index 4d91eb3..883d9ba 100644 --- a/hosts/mail.social-grow.tech/hardware-configuration.nix +++ b/hosts/mail.social-grow.tech/hardware-configuration.nix @@ -5,9 +5,9 @@ efiSupport = true; efiInstallAsRemovable = true; device = "nodev"; - configurationLimit = 2; + configurationLimit = 5; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; }; + fileSystems."/boot" = { device = "/dev/sda15"; fsType = "vfat"; }; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; diff --git a/hosts/mail.social-grow.tech/modules/autoconfig.nix b/hosts/mail.social-grow.tech/modules/autoconfig.nix new file mode 100644 index 0000000..c6efaf9 --- /dev/null +++ b/hosts/mail.social-grow.tech/modules/autoconfig.nix @@ -0,0 +1,31 @@ +{ pkgs, lib, config, ... }: +let + domain = config.networking.domain; +in +{ + services.nginx.virtualHosts."autoconfig.${domain}" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://localhost:1323/"; + }; + }; + + services.go-autoconfig = { + enable = true; + settings = { + service_addr = ":1323"; + domain = domain; + imap = { + server = "imap.${domain}"; + port = 993; + }; + smtp = { + server = "mail.${domain}"; + port = 587; + starttls = true; + }; + }; + }; +} diff --git a/hosts/mail.social-grow.tech/modules/dovecot.nix b/hosts/mail.social-grow.tech/modules/dovecot.nix index 66bf5cc..49cebb6 100644 --- a/hosts/mail.social-grow.tech/modules/dovecot.nix +++ b/hosts/mail.social-grow.tech/modules/dovecot.nix @@ -1,15 +1,19 @@ -{ pkgs -, config -, ... +{ + config, + lib, + pkgs, + ... }: let domain = config.networking.domain; - # domain = "cloonar.com"; + components = lib.strings.splitString "." domain; + dcComponents = map (x: "dc=" + x) components; + ldapPath = builtins.concatStringsSep "," dcComponents; ldapConfig = pkgs.writeText "dovecot-ldap.conf" '' - hosts = ldap.cloonar.com + hosts = ldap.${domain} tls = yes - dn = "cn=vmail,ou=system,ou=users,dc=cloonar,dc=com" + dn = "cn=vmail,ou=system,ou=users,${ldapPath}" dnpass = "@ldap-password@" auth_bind = no ldap_version = 3 @@ -36,27 +40,11 @@ let exit 1 fi - doveadm user *@cloonar.com | while read user; do + doveadm user *@${domain} | while read user; do doveadm -v sync -u $user $SERVER done - doveadm user *@optiprot.eu | while read user; do - doveadm -v sync -u $user $SERVER - done - - doveadm user *@superbros.tv | while read user; do - doveadm -v sync -u $user $SERVER - done - - doveadm user *@ghetto.at | while read user; do - doveadm -v sync -u $user $SERVER - done - - doveadm user *@szaku-consulting.at | while read user; do - doveadm -v sync -u $user $SERVER - done - - doveadm user *@korean-skin.care | while read user; do + doveadm user *@ekouniversity.com | while read user; do doveadm -v sync -u $user $SERVER done ''; @@ -129,7 +117,7 @@ in } protocol lmtp { postmaster_address=postmaster@${domain} - hostname=mail.cloonar.com + hostname=mail.${domain} mail_plugins = $mail_plugins sieve } service auth { @@ -253,7 +241,6 @@ in security.acme.certs."imap.${domain}" = { extraDomainNames = [ "imap-test.${domain}" - "imap-02.${domain}" ]; postRun = "systemctl restart dovecot2.service"; }; diff --git a/hosts/mail.social-grow.tech/modules/openldap.nix b/hosts/mail.social-grow.tech/modules/openldap.nix index 07029aa..975f5f8 100644 --- a/hosts/mail.social-grow.tech/modules/openldap.nix +++ b/hosts/mail.social-grow.tech/modules/openldap.nix @@ -1,11 +1,14 @@ { - pkgs, config, + lib, + pkgs, ... }: let domain = config.networking.domain; - # domain = "cloonar.com"; + components = lib.strings.splitString "." domain; + dcComponents = map (x: "dc=" + x) components; + ldapPath = builtins.concatStringsSep "," dcComponents; in { services.openldap = { enable = true; @@ -18,10 +21,11 @@ in { olcTLSCACertificateFile = "/var/lib/acme/ldap.${domain}/full.pem"; olcTLSCertificateFile = "/var/lib/acme/ldap.${domain}/cert.pem"; olcTLSCertificateKeyFile = "/var/lib/acme/ldap.${domain}/key.pem"; - olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; + # olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; + olcTLSCipherSuite = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4"; olcTLSCRLCheck = "none"; olcTLSVerifyClient = "never"; - olcTLSProtocolMin = "3.1"; + olcTLSProtocolMin = "3.3"; olcSecurity = "tls=1"; }; @@ -39,9 +43,9 @@ in { olcDatabase = "{1}mdb"; olcDbDirectory = "/var/lib/openldap/data"; - olcSuffix = "dc=cloonar,dc=com"; + olcSuffix = "${ldapPath}"; - olcRootDN = "cn=admin,dc=cloonar,dc=com"; + olcRootDN = "cn=admin,${ldapPath}"; olcRootPW.path = config.sops.secrets.openldap-rootpw.path; @@ -50,29 +54,29 @@ in { {0}to attrs=userPassword by self write by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by dn="cn=owncloud,ou=system,ou=users,${ldapPath}" write + by dn.subtree="ou=system,ou=users,${ldapPath}" read + by group.exact="cn=Administrators,ou=groups,${ldapPath}" write by * none '' '' {1}to attrs=loginShell by self write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by dn.subtree="ou=system,ou=users,${ldapPath}" read + by group.exact="cn=Administrators,ou=groups,${ldapPath}" write by * none '' '' - {2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + {2}to dn.subtree="ou=system,ou=users,${ldapPath}" + by dn.subtree="ou=system,ou=users,${ldapPath}" read + by group.exact="cn=Administrators,ou=groups,${ldapPath}" write by * none '' '' {3}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by dn="cn=admin,dc=cloonar,dc=com" write - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by dn.subtree="ou=system,ou=users,${ldapPath}" read + by dn="cn=admin,${ldapPath}" write + by group.exact="cn=Administrators,ou=groups,${ldapPath}" write by * none '' ]; @@ -98,7 +102,7 @@ in { olcAccess = [ '' {0}to * - by dn.exact="cn=netdata,ou=system,ou=users,dc=cloonar,dc=com" read + by dn.exact="cn=netdata,ou=system,ou=users,${ldapPath}" read by * none '' ]; @@ -110,23 +114,25 @@ in { olcDatabase = "{3}mdb"; olcDbDirectory = "/var/lib/openldap/data"; - olcSuffix = "dc=ghetto,dc=at"; + olcSuffix = "dc=ekouniversity,dc=com"; olcAccess = [ '' {0}to attrs=userPassword by self write by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by dn="cn=admin,${ldapPath}" write + by dn="cn=owncloud,ou=system,ou=users,${ldapPath}" write + by dn="cn=authelia,ou=system,ou=users,${ldapPath}" write + by dn.subtree="ou=system,ou=users,${ldapPath}" read + by group.exact="cn=Administrators,ou=groups,${ldapPath}" write by * none '' '' {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by dn.subtree="ou=system,ou=users,${ldapPath}" read + by dn="cn=admin,${ldapPath}" write + by group.exact="cn=Administrators,ou=groups,${ldapPath}" write by * read '' ]; @@ -142,155 +148,6 @@ in { olcPPolicyHashCleartext = "TRUE"; }; - "olcDatabase={4}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - - olcDatabase = "{4}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=superbros,dc=tv"; - - olcAccess = [ - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * none - '' - '' - {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - ]; - }; - "olcOverlay=memberof,olcDatabase={4}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; - olcOverlay = "memberof"; - olcMemberOfRefint = "TRUE"; - }; - "olcOverlay=ppolicy,olcDatabase={4}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; - olcOverlay = "ppolicy"; - olcPPolicyHashCleartext = "TRUE"; - }; - - - "olcDatabase={6}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - - olcDatabase = "{6}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=szaku-consulting,dc=at"; - - olcAccess = [ - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * none - '' - '' - {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - ]; - }; - # "olcOverlay=memberof,olcDatabase={6}mdb".attrs = { - # objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; - # olcOverlay = "memberof"; - # olcMemberOfRefint = "TRUE"; - # }; - # "olcOverlay=ppolicy,olcDatabase={6}mdb".attrs = { - # objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; - # olcOverlay = "ppolicy"; - # olcPPolicyHashCleartext = "TRUE"; - # }; - - "olcDatabase={7}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - - olcDatabase = "{7}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=myhidden,dc=life"; - - olcAccess = [ - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * none - '' - '' - {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - ]; - }; - # "olcOverlay=memberof,olcDatabase={7}mdb".attrs = { - # objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; - # olcOverlay = "memberof"; - # olcMemberOfRefint = "TRUE"; - # }; - # "olcOverlay=ppolicy,olcDatabase={7}mdb".attrs = { - # objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; - # olcOverlay = "ppolicy"; - # olcPPolicyHashCleartext = "TRUE"; - # }; - - "olcDatabase={8}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - - olcDatabase = "{8}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=korean-skin,dc=care"; - - olcAccess = [ - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * none - '' - '' - {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - ]; - }; - - # "cn=module{0},cn=config" = { - # attrs = { - # objectClass = "olcModuleList"; - # cn = "module{0}"; - # olcModuleLoad = "ppolicy.la"; - # }; - # }; - "cn={3}cloonar,cn=schema" = { attrs = { cn = "{1}cloonar"; @@ -432,56 +289,6 @@ in { '' ]; }; - # "cn={1}ttrss,cn=schema".attrs = { - # cn = "{1}ttrss"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # ( 1.3.6.1.4.1.28294.1.2.4 NAME 'ttrss' - # SUP top AUXILIARY - # DESC 'Added to an account to allow tinytinyrss access' - # MUST ( mail $ userPassword )) - # '' - # ]; - # }; - # "cn={1}prometheus,cn=schema".attrs = { - # cn = "{1}prometheus"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # ( 1.3.6.1.4.1.28296.1.2.4 - # NAME 'prometheus' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow prometheus access' - # MUST (mail)) - # '' - # ]; - # }; - # "cn={1}loki,cn=schema".attrs = { - # cn = "{1}loki"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # ( 1.3.6.1.4.1.28299.1.2.4 - # NAME 'loki' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow loki access' - # MUST (mail)) - # '' - # ]; - # }; - # "cn={1}flood,cn=schema".attrs = { - # cn = "{1}flood"; - # objectClass = "olcSchemaConfig"; - # olcObjectClasses = [ - # '' - # (1.3.6.1.4.1.28300.1.2.4 NAME 'flood' - # SUP uidObject AUXILIARY - # DESC 'Added to an account to allow flood access' - # MUST (mail)) - # '' - # ]; - # }; }; }; @@ -495,10 +302,6 @@ in { /* trigger the actual certificate generation for your hostname */ security.acme.certs."ldap.${domain}" = { - extraDomainNames = [ - "ldap-test.${domain}" - "ldap-02.${domain}" - ]; postRun = "systemctl restart openldap.service"; }; diff --git a/hosts/mail.social-grow.tech/modules/postfix.nix b/hosts/mail.social-grow.tech/modules/postfix.nix index 9226b99..168a640 100644 --- a/hosts/mail.social-grow.tech/modules/postfix.nix +++ b/hosts/mail.social-grow.tech/modules/postfix.nix @@ -5,16 +5,18 @@ }: let domain = config.networking.domain; - ldapServer = "ldap.cloonar.com"; - # domain = "cloonar.com"; + components = lib.strings.splitString "." domain; + dcComponents = map (x: "dc=" + x) components; + ldapPath = builtins.concatStringsSep "," dcComponents; + ldapServer = "ldap.${domain}"; domains = pkgs.writeText "domains.cf" '' server_host = ldap://${ldapServer} - search_base = ou=domains,dc=cloonar,dc=com + search_base = ou=domains,${ldapPath} version = 3 bind = yes start_tls = yes - bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com + bind_dn = cn=vmail,ou=system,ou=users,${ldapPath} bind_pw = @ldap-password@ scope = one query_filter = (&(dc=%s)(objectClass=mailDomain)) @@ -28,7 +30,7 @@ let version = 3 bind = yes start_tls = yes - bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com + bind_dn = cn=vmail,ou=system,ou=users,${ldapPath} bind_pw = @ldap-password@ scope = sub query_filter = (&(uid=%u)(objectClass=mailAccount)) @@ -42,7 +44,7 @@ let version = 3 bind = yes start_tls = yes - bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com + bind_dn = cn=vmail,ou=system,ou=users,${ldapPath} bind_pw = @ldap-password@ scope = sub query_filter = (|(&(objectClass=mailAccount)(uid=%u))(&(objectClass=mailAlias)(mail=%s))) @@ -56,7 +58,7 @@ let version = 3 bind = yes start_tls = yes - bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com + bind_dn = cn=vmail,ou=system,ou=users,${ldapPath} bind_pw = @ldap-password@ scope = sub query_filter = (&(objectClass=mailAccount)(uid=%u)) @@ -70,7 +72,7 @@ let version = 3 bind = yes start_tls = yes - bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com + bind_dn = cn=vmail,ou=system,ou=users,${ldapPath} bind_pw = @ldap-password@ scope = one query_filter = (&(objectClass=mailAlias)(mail=%s)) @@ -80,7 +82,7 @@ let helo_access = pkgs.writeText "helo_access" '' /^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) - cloonar.com REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) + ${domain} REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) ghetto.at REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) ''; in @@ -89,7 +91,7 @@ in enable = true; enableSubmission = true; hostname = "mail.${domain}"; - domain = "cloonar.com"; + domain = domain; masterConfig."465" = { type = "inet"; @@ -147,9 +149,9 @@ in smtp_dns_support_level = "dnssec"; smtp_tls_security_level = "dane"; - smtpd_tls_cert_file = "/var/lib/acme/mail.cloonar.com/full.pem"; - smtpd_tls_key_file = "/var/lib/acme/mail.cloonar.com/key.pem"; - smtpd_tls_CAfile = "/var/lib/acme/mail.cloonar.com/fullchain.pem"; + smtpd_tls_cert_file = "/var/lib/acme/mail.${domain}/full.pem"; + smtpd_tls_key_file = "/var/lib/acme/mail.${domain}/key.pem"; + smtpd_tls_CAfile = "/var/lib/acme/mail.${domain}/fullchain.pem"; smtpd_tls_dh512_param_file = config.security.dhparams.params.postfix512.path; smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix2048.path; diff --git a/hosts/mail.social-grow.tech/secrets.yaml b/hosts/mail.social-grow.tech/secrets.yaml index a68e84c..122392f 100644 --- a/hosts/mail.social-grow.tech/secrets.yaml +++ b/hosts/mail.social-grow.tech/secrets.yaml @@ -1,52 +1,51 @@ -borg-passphrase: ENC[AES256_GCM,data:D6+ZedxUQ7m/m0YkM5m/B4kFsNySJjFyh8Gmhn3Mpe+mqEzzMRjAbwmGzx9i9Lnr1dTjRElUOgevnnvW5J2KRA==,iv:cG4w1KsEm1SOTni9bsbSW1+ypzjjs2Q42I+4xvcCAu0=,tag:WkkNVa27Uy5nFpmXaIH6ww==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:T/EPWSuY9Ocj6D8nL2pfPg7r/lN4TyS7SiAqhQhkr10Y3R2mzfgMrOZTg/MrYv3/uNCt5h9TBDxwmiAwSmBzBSms0T5qD8aSxLgbmc6MAG7FSm7cGFf6x/7fMgVn7DAlwMz+4t/PkVk1iCRG4IwzimXwBvq73yIZuAiIARq0Azin7YAoSKjxnZ8ACkyRVCecf45pk7ModRmPLSDK8MZcT7bcHpZt6gQKx72OXSCJTD5FRUX180miUaywf7SxF1goEGRSmwtFDhyVs8iThiqyz0IsElB/dPGR+vYQwlFNWOFUshfAifz5tHXkvaKt08EJKyVV2TUqEsUETfFEqQW+8YNym3wBvrlnXm05DrHnfjz9GOEeUr35d9ESNgS+J5SzWVDitK29ca7QiaQ+YfaDn4/4mOGKSbPUnqOgRBoqXhJMV4ddV0lTKgBrg9isBVPgaye2prcHGjtUkVw2Kyh1omT3RKv6y7X+jfOpeOWOiByN73PCsZF7g+FFlP0K5jcfm4y4yaD8y6NlEaozrabuCIpY2ZUdZ/aH11vzLAk+LB8XE6lJ5MKMNPjNRftErJ9iE3OaOyan1ovTzaGqzaEwGtx/MZpk5hWNUwcSrJvZDqDuKO4+OhwMedvCCRKtNFIbEZ49EJrtp326Y1EelhfWgls5nJFPXukHo/C17ybsP4uFySFz/M13RVTIRntn7WKoh0bH7na2XgVGtXmI2plqVA5zppCbVTzr9+pAAD9RvXTX7t12gA1iNmdxM8alOeoZ41JXHd6BDF4bvDLVMhFhlslDLZ3wNV/QPWcSczinpJlvEQ13/WFN/NTO25Y16p+oxY9g8QD3pNEkAVLOMYjnEUlV6+DQcZbxzU8RCfpEzfVsOqbztTihDgHD5ldWt/VpN4ncm/WCVCWBlT33iiTxufC8htY3SjXt8JULEt0049HNIbNwj1awZwqTgT4z06okf7sz0m8Y/U8D5MCu8uNpt7QJBftVHxCKSUmQ4NJRicMDhlrpEJklQYlRtsvKlL/ntnyf5ZoUnkX03AoG0zh4Dh0LydGKC9RsKfwJeU+684d3opBI9eIYL6Rp/XB60LKcUA6Q+m7BgB7Tjck2YbG8nFPLaV3PdmIejlE0agICJ8Hef8rnqdU/r6X92gCEBvGXNbuqsKJvDTYPafQP8U6rXc7Tq+g68zfCOijIuHyKjkzdtIom8KMi5MUdFBSXK22xB1q4ye+QaCaAdN/1Xe6KDxWiafPG+BkpExh7hXbqZU1MyiTYMExpilY30e+CmPXMdxAWmygOxwUk+mPbuWrF0oh16DYN0dS38gUbo2Z4fjRvYIoZea1pu8niQRfhTVgLZVpEN07pYPu2farsPCPIXPalXVcijVO/yi2Dg4uhTsjzW/aRZ6XDIoXRd59v5hG+L27l7gTIXfTx1+htwClRJjYxFy6hTL+ZjcKdNrz/jezXPrR7kRHNEEfJM/ysv8d/7Ghpt+wITgc22bdnxKJv9rWnoKDEQ/FRGm6Y/eMisOttUFFlznQi2lqShOxPXnnuOnpndklcxPM8FowlL4FMDN7QUW3kdXJ2j0GgN4o34oKhqvXjtjf9Dk5r5KB+GTeOhf3SJXgeR4llaSAQXjzGdZqk0g34YTa3qb8rVxDSBKEHOnKs+Cr/4H09k62S/3SzZfrBIaaZ6Ey1b+bFfnbJJlD/Y/1Hwd5IhNbMHj7bfOKC8VabieeHwMbWfkGdnnmdY5LLJqXAwANrCIYZrEpm38pYJiKes5GrAz8caK2rPIhAPShURwkjCsvowmadTvnEbO/KoaUIcqk40wYdM6NAlVme6dLXxeVN7Y3K6UAWFIIZtYarAog0Axncs30shIoy1CGd6dN87tuK+/twO/jr458fJInumXSMRy2X2K0MKPLONF9FcP/EWENa+H43Zcfo1y42HkoYxI70R2YqOlpbtJUk8/8PqVSlJBrbgpBZNzAMCbsIjhrBevISerf8Sa8X6WC/KjwswjfGJ7h+FEnrPutKJg/ajDywAI+RZ3H+5zWm/CZxBYT6k4w6gAWZva0Nlx6jWQExONGQfUBkrRrRfIHhWl3c+k5VrhyzwW9fmAB9XmT1iYbk9T+ZNU/O8HY1bAZWufS4G7GaHchbPIvz3edMvP+zrGBZXPPJE3abls9oUcVZ223NFU1RPMZwG7LqL0fzfHXl4zx82TEXn14dAIBBVr67RAejz5xOGf8I2MpYQ6RAxvfhc7bjWY9/FU1RU09ob7usJCZphm51oa4TR7kz0AH1HxSOGfCJKLdYjBxbylR1GxY1bUTokLVWEYHalCr6d4lyEmUHM3+1vBUQQ6aq81njW33yGvwclUvhWj4sB51WPaREcYQsPkYnftN/dRSKVQoEZckgmIvML3lUwiVMLGlXlcUViyQpktnWAWxXgw5GH6KXMqoI43jRmxTeR3KrVyZRJBlDj/AnGWOD37fndGuMdpmAIGX/1fZnUUCxNhhuou20LvOr8BnjcHP9pBjtRPxu4o9fFmnzNCt43SC2ivMDOLxL/Uq6batacYrRnLtK4XnNqzfpCqe1bkfBsmTbRGnwPIJrA7TThfHH322DLy/GueYiddIa5spqdIH2jI8nfjKq4SxLtwsNZ4GUG/z83YQEg0Z8I/CQhYh3Y8Gcjb4ZUrOg9n84iLADDOn2j9CI1QfsyJAt+qLEDPRJ9yMRefmq7BAxvGbNq+4YUbj4Fo6K2FwaO2quUVl7RpfVgT/WvXTJS4pAndPJt4PrG03X56ra3yOTtlZqPvGR+XGjp56hG5I5AtQ27JmB6S30EncH9sDLDPucNtEzn57cY90kAZSdDYjBkJ5/lC3xJOB4UiAs582UgyIiVlL/mvjXd1kajAcchfUYnjEUkgFuOoRysWDO/rq8aDFYg/jokUNOn4ent7xXzlfEXkpMZ00coZ7gi+CjKOf29+/ZE1wCfbRhBds/mCmAerWJo24vb632lTCWKImbHo36WuBAvKqofFNpVyMRQ+OKm9Bzr2jQD7W4+1CUk/ZatGVWJHCPsEGWt/L0Fj8K3NzF135c9d8aZ9HqC9XNqOKTZpNe9QSMc5S+tD1ZUxHVrDHny0fOKaWGVHtgyNkcyte0l16wet1z+xZcPCKr8ieMSqh+HgfT2/kWjpb1hlmyEDFmPnnbmhCDD2QWstX8vCa9JTdd0OLb3rTgPMlbxPPIiWQGSBc6tig7X3mZbebweRz5ktqrdMvK3ter9bVC9T2TF6EiCktxw+IdS9MONajvoGAaR2k1nGbfKDSVIKk1ialfv1FGJu1gUA8J0pvXqbrTJfSPOH4iuJrWJut0UpJeHrUuh0ODguNriBivobZeaRamUA/PPNvM5KCSUQUtefDnVINsJSoT4yXn55fkRwvb2957AfHI8yMRg9KtNIYj8i5KsEsw4gE53Lr+NU7Wq2O08+v2mUSNjP0REWgu0Dw0M4/Q9eykLV/ZRnhRcbUZyA==,iv:yA1CkRMapP1S3zMwu6Tj0/0/HHpwD1yRAm/qrZx/kPs=,tag:SYg2IoXeD9fMYb35J/AJ1Q==,type:str] -netdata-claim-token: ENC[AES256_GCM,data:ECx8zLnU/dj08vfA76oVbVzL3JG9MLBoFmxSjtjiFbSiFtdaHtG/8u5FEuyQ1bQMQntV91xj7x1kY8fAp7VNbWyC13pOEOrt6rvJYch14eM3bqNvfGeqgJsHmAaRbY6mBrxJBkiRJBLYVil4e1oDNZVnzFQ4ditXZbMGtAV2063K1MRI/48p,iv:viE84mOp5KSdj8vdK5XxR0W9A54oPxQO5ahnpPLeAdE=,tag:WjzKjGXRRAc7vlzreFHbng==,type:str] -openldap-rootpw: ENC[AES256_GCM,data:W0em1Dffg+IUoynwwPD4NjFksR38ZO4mhWFI83ALvYcwYIplxw/gDRLGCqbSt6TR5C65CKr1sOUiU+4Xq3UWmw==,iv:BHQhISTIYuwSM3KiSb0mEEo3BMNo6FXEDXoIvI3SZrU=,tag:tX8gfnk1JYnaNionk/jrLg==,type:str] -dovecot-ldap-password: ENC[AES256_GCM,data:JYAt8/WggwclNEPO9CaWfQsvQBA8DDJCU2km93HpowoVwIdvQ/0lQHeXndPYe1EmJGJ3vLErie+Zn2kDINIMqQ==,iv:HR0QJ0GgQks3NzhfXwjHupCKcPOekkiTcp5Jxbz7CxI=,tag:19m7F6TjGUPOuHQJuUq2pw==,type:str] +borg-passphrase: ENC[AES256_GCM,data:JtQ0LlFgo5xO09T4YqQtlVEBHRQFPw97qkRnDJYjz1b8PQ64cF32vpRav6YuyPHUqltN3elaaw7WyalLNLaJAg==,iv:ylgC0G7F00m9Xru+v4Q3gB3OohFX5XuSsMefRP19Llw=,tag:OAsYZSx59/pnfYrkzvQP5Q==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:nY3fL73+bNhp/h//AADzrhHKmPC7zkp7FoLxW+MrYLO5uLdjIOemGyX9V0IIpV4LimrEI0tB6rfqwdW47P7zA+YGZZK9g+PAd9yGEy1I8VGuel5ZOVvBrv8BC2ysKUzziXNv33KKw4mrU5BvBYoyQClGsNkXvKlJ1XH0T8TnA4EmIKoujcMjI3K1yT8w3nn9TZ11VG9bnv9F7mXttUyXH053rz6TuENjxNdVjSsJkROpL/j5i7/RxiOwnxyIFyZmCK8/joGQhfEKuPKkZv3xAYypEg9DudKZTmcN92ooykjHUaGJ/X1vkpv2dR9vjaGHxnJtBKM4qpjS3AH+iXg4qwBOOPIIcwoYkj4v4xzAdteda7wDwchM69yrGjGA5j88trvJ/UOIJ108htSzij4+SPpa3A8zyt2zV4enNWpC0CAf2PkJyp+VbdDhP4as7NGqc7saMzZdRFOYnfmyAd47wUf4VsjZ2svxHQH+8l1Lb7kpZObhMBzuzbAKSKNwTPfhlZ78TnhUpfwO07gdK8mS,iv:06rmPl3ER3DcJvJISxnbuMzbGb/3JbNpIxNeOUCals8=,tag:ejagsOwoBWRF20q2rFpWbA==,type:str] +openldap-rootpw: ENC[AES256_GCM,data:uO5SVlPCxz+jACwdXuPowdlP5NjVu/KZ/uhAbPsBrnKQnW7eeZD+yqK189VNsQTqhq61AUZ1r5nzgMAHTclniQ==,iv:C3unIpOZh1x48RGqycqyoDFO0K41WwFkdtvlAmSEZy8=,tag:4N4tph2qvHbWSzDdTmh+VQ==,type:str] +dovecot-ldap-password: ENC[AES256_GCM,data:mygVtdK5lwsZ0YluyvJGss6Gf2Hb9zM7BtIBknJAgQBb0MT5d2U47HCoANVHQJYCidyjvqTDku6pSI11rGmRIw==,iv:HrEgWGuARYeb42g+/4bHByJOVMDc2GroKVrlixHCc1w=,tag:+vm5kMZPne0UToAMl62IWA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SURFbHFMQVVyN0laSkR6 + U1JQRXgvK1grTFdyTjhUY1JsSW9sVHROZ0ZJCjYzOGRXODZZZWxCd2xPcThOWVpo + L1RpZlZxZTZQQnozcUZ5SnIrYnJ2OEkKLS0tIFBVZHJJUzEydVd0U0lBdGdvYjlk + Wjl5aUpZbUk4ZUxwS0NLTHE1KzhaVk0Ky8nBCAUamOuwqW3Qio25jr4ye98J7Y6O + 9gmNmsCyxkaZg9gKrH8LCTfjh+NwH2qVpmFSQEXcj5qW0na5xwENJA== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRWdBcmEvQkQrOXZ0SDJW - eFpFSlBxbjlUbFlDVEZzS3dLSXN6MnBFT3lnCkZ1RGhoQjhtcGxEY1E1QlBvNUl0 - RWxnbzNldHBHUjhiZldYQm9iYWppcncKLS0tIG12WFdYSVdDYVZUaEFzUFhJS3A2 - Q0I2b2h4aFlkNkV1a1BFamhyd0ZBWTgKZwxpdydc1lgs3u9gkh2Krs8PGfcKwJTv - n7BV0FNa242wOT4Tu28O9SN7VR1zZR52iOgV7gWsCnhkNDk9kwiLHA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZU9FZ0I2WkpSUjBoYktK + WHlsZWovQlVEZ1lFajgwKzFJcGgvL1lUOFJrCnVNNU5LOWIza2lMVGtOcmFhQnUz + cDlGOU9ySjRMaWx6TlMvQStnNFZvNkUKLS0tIENGYXZhSWwvZmUvQTlKU2pFb1ND + WkJWMElRc3h3SmZkR2YyclVNVGhYT1kK49wmyQ/S0qQkDac+Z3UvBGWPgia6FdBZ + Rm/isGOIe0ips25Vdhl2a5jZt99u1Dlgv094Fxopxs8494xIunDeFg== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSHFtMUczc0tXaDZoQllM - eHFpYTFmcnpyYitwT1U2eGNuQm5MQms3YUdJCmpVS2hOVjFmUlVUZy9MZTZxQVlq - SU8xcmd2a0tvWlBMc2M1Wm5XV3ZQZTAKLS0tIG9qa2pQbDFIbFArejM1d1VRRVFY - VjJwdC8yQ1hweEllcGhYclNwTWFyZ1UKDKv14nnVx3FeL87FYFqZMU+niHBOvxHz - 3L3hBMEgpR/uMSuPmF4/NLVJTsktOonW9NKOzm37KsY2HNRXbuHoQg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWk1xeXhjaEpIM2pBZlJp + UXBmcDlUQVN0S0RDbW5TaEladEFRR1l2cDNFCjRoYkdwakE2U0U1SE1RK1ZjTGZu + L29SMGltM1poMU54YzF2emVxNTZINUUKLS0tIEJJcVpsK0hkc1YzaXZDV1oxVTZi + QXYwQmJYd2dtY2ZqSE5YcTk5RndvalkKDCKp+k0QYuDdUfhm/fenv/kdnPcO93Iz + b0GGoqnveCDcXX47s3DDZ/Kuu1EK4Cd71wvWyVu0sXWtt3c6l933qQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 + - recipient: age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjY2JOWTA0a3pGL0dYc2t4 - aE8vTUNMNDVML2ZOSW9xeHlFRDQ5K1BLR3l3ClN4a25QZTEzaFk5bnVUYkk2dnRr - SWxNTklrZGM4enJ0WXBKaEJ6UDZUMzAKLS0tIDJudGtSVTVTV3ZrWWh6VnZFdEs3 - UFVlWE9wd3hRS0d3VEg5di9kNHBIeUEKov+NZ0pt4BUd5xXX9cTFSJF355Kg0ios - Va/kbzgG2SMvxMorNFDp+yJgGXM9rOycMJ1ajemKBM3r2QMcsIiMWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTUUrMUp0RXJHNjl0dWts + UXhnMU1kNW5lSGQ1N202WlZ2U1psUnFlMlNZCjdQVzRkTC9CcGRlVVMyQWxMOFRy + b0Ezdnc0RnpKekhUcUJlc1pWQ2VjKzAKLS0tIFdRM2Zab1pRT1VnbzlGbExmaEUy + RzVyNEdHVzZUdENlVEh4c3l3V0h1TzgKlDTvDMe67hfDd3yEepLeIhuVym3wekoy + Fk86lgIY7VIGW0Oncyj/mOg10MYQuzoTqgMKfwDN9bnV4aeSS24rKw== -----END AGE ENCRYPTED FILE----- - - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVVRBY1RVdmdkTGxkT3N0 - YjJUdXU5blY3T1R2NFQwQ2MvUitTRjZOUGpjCkNMTUJOaCtGR0s4SGxENXRRd1lQ - cE9RbFUvL1RVZnZ1a3RlZ0YxbmFtOGsKLS0tIE8vMmE1YkZCM210SXEzRFZJeWZL - eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1 - MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-08T11:20:50Z" - mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str] + lastmodified: "2024-10-18T13:21:23Z" + mac: ENC[AES256_GCM,data:uv3uz45U6dxfFkKonwCv+tfWD3g9zBGudCuXXAHgav5XY+z62Z7KEV5PUGMI74k1cRg8etIyUo17Ur/KVIrTDSt67R+70WaSOXnRtEX2F/kJWb8NLC8pfQYPVFtaaCSx0kFPZeu7vSUD5GkTJ9UzwbKUZ32N823sIXosia24x2o=,iv:7/Z6XCE/iY5TBTOdjmKwjgue2tzAB6F9HHZYjk/qrok=,tag:WhyEqM8nBID1PGaTXvz8kQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nb-new.cloonar.com/modules/sway/sway.nix b/hosts/nb-new.cloonar.com/modules/sway/sway.nix index c9498c6..b1d8001 100644 --- a/hosts/nb-new.cloonar.com/modules/sway/sway.nix +++ b/hosts/nb-new.cloonar.com/modules/sway/sway.nix @@ -28,6 +28,9 @@ let orca-slicer-pin = import (builtins.fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz"; }) {}; + apache-ds-pin = import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz"; + }) {}; in { imports = [ ./social.nix @@ -72,7 +75,7 @@ in { environment.systemPackages = with pkgs; [ alsaUtils audacity - apache-directory-studio + apache-ds-pin.apache-directory-studio bitwarden bitwarden-cli rofi-rbw-wayland @@ -104,7 +107,7 @@ in { variants = ["qt5"]; }) - kdePackages.neochat + # kdePackages.neochat dbus-sway-environment ddev diff --git a/hosts/nb-new.cloonar.com/secrets.yaml b/hosts/nb-new.cloonar.com/secrets.yaml index 1a4f150..de606c7 100644 --- a/hosts/nb-new.cloonar.com/secrets.yaml +++ b/hosts/nb-new.cloonar.com/secrets.yaml @@ -10,23 +10,32 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUG5oZ1BPL1hiRm5zQ3FO + Zks2RWg1ODZGYm4rY05wT2dWTHFCN1FhcEY4ClB5N29SclVxWUpGaHF1V0o1cHVK + TWtoTGFsRHVERWgxczlqdysrRmVDM3cKLS0tIFNISWhUbmV5dERHSXV3ZW5Gd0l3 + bHZHdy9jUHhLSTFUWHBxUTcrT3FoaHcKpKjzC3KDD6TXpbPm/ObztJQzkNnnTnvH + uWzRhQg7lHAKiiz4szzT64WCuisxFAOJP1KrSK9qP5DLBm8aKIDcPA== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZ1ZON1FWeHhlNWVSeEIw - SDRwU3JBUEg4TXhPV0JpMUV6dlVHSHZoTlNRCkxpc3JHUVl5eUVMWHlOZVhSMFNi - c0lzUS96a3dSRDZtNkMzNnZ1RVQwTDAKLS0tIFF3V1E2eGw0Zk0xeVJjQy92SzJP - dTFFdDQrUktna2RKZ1VFbHBQWmhTNjgKL5/aqFTEE9NF/6tTe9UmrH2SWpuC4pzS - uHBh4XXMx9g34+y4L0bLZ4LkXA1G1EHukIVG98eYlsUlpT3nYLKdag== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VU1JZ3FkQ2lPVE9KeGMw + c1lRWGlPU1BKbXlJc0lnVURNNjN4bDRNWFZ3CnQyRUE0MXllajgySHRkSTNRZ2U4 + K2w3bWEzNmxrZHRybXdFdnZCTmYySW8KLS0tIFduVUdYdDdVOS83QUxveG5lMDRi + M3E3bDhrM1FvMERESmI2RTdBTVNUMlkKoKhTGUYULeQvqMjwMCanDxD4yflGURgE + ROZe6d8R5Sya+RsS4uzNMs5KkjGeC/xjbNO22uSRennIwCqBaHNmgg== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVkpwdlJMSzZ0Z2tCaUhw - cm9XOXo4Q3lGRHRCRnBMOVJxRitCUkhUOTNVCmc4TFdneDJPdlVVYm5Da0JWUDRS - em0wR2pTTUFzWVpwRnBVSHQydVFsTG8KLS0tIGxacC9ZRndUeVlCNHYreXI3U1FJ - VmFqdTBvanUwV2paRHhHSDRqVEpLWVEK7uRtiTZ+NJWP98RE2YfugHf5UjfUKJ5V - brmUHz2gODPPyKPi94EXBJF8gPC93AVpiVMU9OlkHCm7UMMl0wSxhw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMW1zeU5ubDloazBKNFR5 + M0xnbXQySWptOHFEQmQ0VHdvTWVieitYK1drCmI0VW5PVUFaTFo3STF2MUxSOXhC + T1YxY2lFMitKM29rS1FKQWRweStxUlUKLS0tIEFnQTlHcFJEcTAxem5QK2xrTm8r + L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W + A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw== -----END AGE ENCRYPTED FILE----- lastmodified: "2022-11-30T08:33:24Z" mac: ENC[AES256_GCM,data:/vJdDVpv+iM66wANeLLl+CPtg2j1OCyKlGHhsQQT/RphUj4IlIsjKj+j59lmM6bRBfebTTRt1scFgz8CCPoyfSH0KrAyPLPs1SPxZT6Le87PkmO2rfH0MpNCrBDUdtpMgKs+kbxSzbqnh6X3+juXnOL3oUB3K0cdF6hAr4cP5xU=,iv:3IxaC/8y8FwKxO3mPP7f/byjYih3O6zZU6HJK2cAPvw=,tag:g8crhgnYs670wLPcC3HIhw==,type:str] diff --git a/hosts/nb-new.cloonar.com/users/dominik.nix b/hosts/nb-new.cloonar.com/users/dominik.nix index a5d8787..01d5d04 100644 --- a/hosts/nb-new.cloonar.com/users/dominik.nix +++ b/hosts/nb-new.cloonar.com/users/dominik.nix @@ -569,6 +569,11 @@ in # user = "u149513-sub2"; # fw.cloonar.com port = 23; }; + "u428777.your-storagebox.de" = { + user = "u428777"; + # user = "u149513-sub2"; # fw.cloonar.com + port = 23; + }; }; }; }; diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index 9f5ecec..6f6c704 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -58,7 +58,6 @@ php php83 ]; - services.davfs2.enable = true; time.timeZone = "Europe/Vienna"; diff --git a/hosts/web-arm/hardware-configuration.nix b/hosts/web-arm/hardware-configuration.nix index b805dbc..2ff435f 100644 --- a/hosts/web-arm/hardware-configuration.nix +++ b/hosts/web-arm/hardware-configuration.nix @@ -5,7 +5,7 @@ efiSupport = true; efiInstallAsRemovable = true; device = "nodev"; - configurationLimit = 2; + configurationLimit = 5; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/82F0-EC7D"; fsType = "vfat"; }; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; diff --git a/hosts/web-arm/modules/nextcloud/default.nix b/hosts/web-arm/modules/nextcloud/default.nix index 612cc8c..02fe354 100644 --- a/hosts/web-arm/modules/nextcloud/default.nix +++ b/hosts/web-arm/modules/nextcloud/default.nix @@ -8,7 +8,7 @@ enable = true; hostName = "nextcloud.cloonar.com"; https = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; # Instead of using pkgs.nextcloud27Packages.apps, # we'll reference the package version specified above extraApps = { diff --git a/hosts/web-arm/secrets.yaml b/hosts/web-arm/secrets.yaml index e75ff8f..075ffee 100644 --- a/hosts/web-arm/secrets.yaml +++ b/hosts/web-arm/secrets.yaml @@ -28,32 +28,41 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZa3JUVk9UQ2xvdE82MFNZ + QU1HSktJa2RpbTNVajlES29qdnZMZjR5dlZFCmdhaHEwOXdpdFJaOWpzcHZmUWUw + czFUUjJ1aThrQzloQUs4STVJNkJqdUkKLS0tIFUybFpweWhuQ3RhWVhEZllIKy83 + WUhmU0Q5L2M5MGJBb2RXRUNUanJ2UDQKxDH3kQ7PxBgHbkv7HPhSmyHIT6N8qmCf + vgRYuZWFgMas1BsS2/F9jmWxUtcqj6/LClmKvIlAmr7OiEZ8fLBTDQ== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZjFGT0N2SGZkQWx6NS9x - OWpsU2RsOG51akRUYlRoL1Rwd0NyZkl4ZTNFCmowdXl0QlplMlFhYlg4bFpwYVZm - OTRXWE5wY0JJQzlaQVRuVE40Qi9XcE0KLS0tIGJ1MmhIc3RuR0U0WWhDTjl1aFJG - aGNabFJKR216dlFETmRPMkdnT0J2bEkKDz9UCFSUgFxPHJLvs8Olm/UYowbuCEl8 - wDCJFobtV7AYYB3gJmXA46DHefsC+7rbUJ2E5y50SFIeofcEK/oorQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVDI5dFlSajl1bXkxb09C + NlRFM3dpTk5KbkZ2RGZwUUVVdGpHVzdac3dBCnVJTWVMN0t5Q1MzTzVSSjRDQnRN + NGVKa0h4K3FpZUhmcnVkajVOaEd5bjgKLS0tIHpVWTJIa2NOQXNQRXhUaHhKc3JV + TEhxV2g3N0w0K0E4cjBhK3h4R2VONk0Kqmgr6vvwyP5GUNGEJT4lGk/q+6D1/vEc + iAx10xVmtDvIuWTPwNHM5Rlx1SesloGiTSgT/MwzaUYm8lkpK6BNPQ== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MWk3dEpkYkZxdjJpVDdI - RTdvSElPcG9JdjdzVGI5RTJWNUtBTEt6cFRjCnJpQjBtdUdpTHlHUXZMaVIraDdE - YlBKYWdBNzA3L09oVzRPdDEzOGJiOVUKLS0tIEpzTWhuUnR6VHpMMVhVdEpWKzBy - WGo2cHEyZFg5UnZEcUlmeHoycERCUDQKEPymfQ8YOkDtamYtyXkws5H5yuylOjtD - 7C6nmKruZzFNIUs8Wf6u2TLtEPEsR2AX9k70ZjtOoygIHhvIpqY1uA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc3p2TGRYRFV1aUg4Z1JF + MXBYUXVRTTYza3UvOTNiYVV6TWVBZDNMSkVVCjkwWkNMQzk5RVFBYkNqNmpKOGwr + SGlhYm1sVUs2S3VoNzZ4T2pvRkVkeVEKLS0tIGEyQlhQcmtKcUh2NnJLZ3BFeWdB + Q3lVNlFxbWhzeVBaMVd0ekxEVTJBc28KyCK90KW2wb9bXup9OW6J1Gnrlb9X5e8l + c+kztOq76I8NtSAnrwfkpp7iJYH4F4TEU6meFGO4Ev//duKoBT74TA== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc0FIMmwyTFpHNlNOSEhv - TmM2eW5IZlZpekNwTERuLzRLbW5ZYk8vaFVnCnlTQlNiaVFwdU9BWHFrc1VnSWc2 - d0R1eHhWbTJPQjBsV0J0WjFyckZXL00KLS0tIEdwY1oyeGsxZzBLeStJSmZKVW1V - ZFBWTUhrbVJHTERMMkdDaDBkMU16VEUKi214s0sjzOR8wTK55lZelBKO+ar03lG2 - Ue4Rx1utf3DDskRY6ELqSroIYEMIWDk9rxQTovIQD978mP9vpXgfPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZREdyNFNQRkI4L3BTY2FW + K3lFcmpsQ2tIMWYyVnVDbllPcktBMmVoMlFRCmlwa3RubzFzMmRTRDJYZUgvU1hN + SmFJWXR3UjhEaUJtR3hSeGN6UnJ6WE0KLS0tIGFXQmIxYVl6Y1djQ2lrcjRUNDdt + elpYSDg2Y09Ia1VEaE9yUWRYMlk4V0UKcsiKxtTdtAT7odCCua7wV/3879QEp2YJ + iIVgZIrTg34tEGj8VbACcGINZfid3SSkUM4hnydP72ZOOfijIN21Ew== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-31T15:45:49Z" mac: ENC[AES256_GCM,data:BjoytvHEO/mvFUdAN/jf3EnwIjmWzSbY3TgCOjIp4zlVi+QrtwLD1G6fTN6q8tWOrYUBETS93q5FsCHKqCh58TEp/JZSnw2OhODBAn8LmdNvbvXX3dNFkVvjLsLH9rl4knMD5gr2fSc+YqHsTcb1sKBom7pFEsRppnnbU6h+FZo=,iv:ipoiDA2Er9gaqKg5bbjvVSC3RTiUV+t7J72ns5IEdac=,tag:1/4KRpnUnm14jGAdS6EoxA==,type:str] diff --git a/utils/modules/lego/secrets.yaml b/utils/modules/lego/secrets.yaml index 4ad10e9..c8c3596 100644 --- a/utils/modules/lego/secrets.yaml +++ b/utils/modules/lego/secrets.yaml @@ -5,122 +5,140 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYmY3L1VuYndVd2thbEk0 + aUgzU1RIMGFxVGtyM1RCYmw4SW1sU2VMZmtnCnN6WjlDN25JdTRISEVYcGJTWUor + aDV5UkhQNjIrVHducDA3cmFQSnlzZTQKLS0tIGdQWWhsdTlVa2kzdDU2WUhqUDJJ + ekNsQWlEQi8vTm5vWVorelpvUUNrbmsKYzKVSvj+BXFqrty1jTr99e/rIBoSuHY8 + lxLOH7ussA0JC0bOegKmk21d70H2pOOa0yLbBUIpW6+pmA+1L8zauA== + -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkd280dnM5WVFpYjZxQTJL - dW03bEM4V1AxYVN5UVpHNkl3UHNJc3hKbG5vCmsyYUViaEc5dE1EZXAyT2tNd3lK - YXNqRzlPQ0Rsa0pod2xKTHpFb05MckkKLS0tIC9JU2dwR0hsZGpYdUd3WUZmNEF5 - clIwcVhkWElVTmVOUkVieWxWZTJkOWsKuk8dt31A15RbC1/A3GB7TnWNqheixYJc - 26ZkAR9SLCkHTgyQPVwE77ZwA4NYOTkKNsvj9rC7B0RGOCs8U5K34Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMHhEaWRZdklDVFcyQW1y + TWplalJFeTBIb1BRM1NWZnYyc2xTOFVhQTFBCmlHUHE2WGs0bWdlTlBpR0ZCSnc5 + eUFJcG5PMm1wUVZXY0ZLa29QcU1SWEUKLS0tIGVzWjJaZThpY21oMEtwWTd1TUJ1 + THRHZDBGY1lMeFQvQWxjOTlneEExbncK0UC0bd8jSLlS+Pb3nO7zlnowSO1iYaBx + P32gdPFWdAlnfX6SA0HzJJ3pyCH7uKS2JZD/Lbao7TfZPZ727fvdJg== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYUYwT0IvS2JvbkJUN3Vm - WUV2cVRXMkU3MUFVMUljNktvVTNhVXJoN1VBCkhwc2FpRGJKY1EwTTdYWkVhaU0z - RCtMdGNZQUpjTFFYWjBoMzY5aC93NTgKLS0tIFBvb2FDUjA3OUpBQWdkaFdGMm9m - SVJXN2dodHlCTXZRVDlCbGhlZ3BhTFUKlqx5kTajaseaomJELMTBUdNB/m/CwnYx - PP+sl1n9T/ZmV+l3l30Zh+/lnc1pOCxmmvzZpnN51I9ineal9/YmKg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMFU5RjJjcHFWWVd4ek1S + QWZSSGtZR0MxbklYeDA0RnM5cmFpeEVrU1FJCjd4ckl5L0pYQWRxcndpemdMY0t5 + NElycVU2R0c1ZW5STHdXOFZnVHFaWUEKLS0tIFB1RFFiNjZGL2szT1o2K0JUMk5Z + ZUlQYWxRUTIyVXBJaStWN0xXRTdrZnMK4453Uqzl1EYusOqf3S2YyJvz7Mh7ToUg + 6kzq2+wVPhM6xu/zPg6BTZRpvbq7hAN/bfzDlsgcCt4nOZp/d+4XJw== -----END AGE ENCRYPTED FILE----- - recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWDVoM0tnQUtyVFNDajFu - V2IwN2hsTC9HTkRNaFIyKzlLdytoWFJ2Wm04CnU1TTVCS0xtVjFiRkE2WkRidis2 - V040dWhRdG9NLzd2SmxOOWtucWttVEEKLS0tIHExRk9VRnZSd0Q2cUFYQk44aUhu - T3BIeFpRZlk4ckc2SUJlVEsrV3hmNHcKGb5GJITKhhMEEWsZp9aGu+tfDBeebFvJ - +nMy9XPzcKBGSNd5GrIGL4qMWFQAvty17mevXKGZ3hQ9N9DpP9qCCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhOWdSREZQL1ExRnpqQ293 + VXlWZkdkd21hTDhHQ1gybmNIQ1RBVUF2Q25vCkM3emN4bnltbUxFZG15aytLU05Z + VytlK0ZWdU1FY3pxaVFTb2lCZzBqcGcKLS0tIFd4ZElpUjc0M3RtNjNVcDNtWk5k + TE5Zbk9VdHh5TGVRVkdIUUd3dU1zNzAKcDUY+RghrJuHlDFy3IqD2Xr7YJPnXcwv + OC3/RT174ES97OHQdzep4X3ipYB7XLL1UNa24QKhpbXWpNy6kcDeLg== -----END AGE ENCRYPTED FILE----- - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTFNDRlFuVndJdFpQcytD - bTJ2SXVsaFNYOXIwcnpKYUhXa2hBMlBNR1hJCm5FUzVkdGgxRkhISitjbE5lUy9C - bnF4TzhRZE5nZEhVWW9FaEFIVUhiNzQKLS0tIHRtcHM1WXdWcngvMDBsMDVBeEtw - OXF3TmdyVngyeHhQV3hnQnIyckFPTjgKOevqNmDR/6SODvZt76dF+kQEgGjXTiYL - /rxu/psNgFe8nYE38/qtYgD52Y3L4q4h4ZgPsKE1a/17Wx0C9rbVkw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR3B1bit5Q1hJYjRjU0xy + eFZFeXAza24rSlEzR3E0KzUxQ1RMS3BmV2xJCjVxN3hzaHNTY1VhdlRPVk9wb0Zi + SmxjRnp6cnpzcmJLbk9MUWpoU3pXUVUKLS0tIHlzM3pMZFBHWlQ5NWVWZHZ1UDFp + OVVJMkhHUWxENlhVYVl1V1Y5VjNPc28KrcDoLT26nLtzRYxlnvB8gL7Nvn2MVr6R + 1OZhEmIQSH6eNItU/oK7G6S8FqNPksfFwWHA9aZ/K67pWmzu0ow+Tg== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneGxFSG1zWmFBWGxBUk1Z - dGdEd3c4WE9YRXc4RHVmczlCV2Y0bEN6OWljCmw0SG84SGV3RGlWQWJFUFZrSHVD - ZnJnYU1YeHJTNklRVXppRTBtdlBiUHMKLS0tIFZnL3RjRWFiNFJ2OVJQbTdRNTIw - WHRISHhjNnkvR2hjb1RUcVpDeDM2MDQK29wQSqzJtPDBVWdvPX4FFGE3Zs2plrpK - A37UMMFiXvT+Ofc9ncveAjfS9axjLLNpBl595zAHcsy8zP5YIQZyeg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZHFqWGk0bVMwbWhxTC9L + d3BLN2dxcmNoRTRVeVpDUHhLdjRuM0Vlbm5RCnJFNURuQ28zN2FCQzU3M0hkbk5N + RW93ZmU2NVlxYjFsdmoxM2MxVndMYTQKLS0tIDVacmI3Ukw0Z2RwSzViYkV0d0pN + NDc1aHJ1Z0t0dGhxMGluQm1yRHVTQ2cKBvGYrEiLlZwEbEdqGqR7ju8INj13QkHB + JA1hNfZLwClReN4rXFZ2ffZURxEIhVGSMxcVZUOvRuXXy3GpVRLdOg== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQjdpTW5oa1orWGIzUFdQ - eEZsV0RKY3ZxRUhqTW5CdkpmaG5EU0tEem5nCkhtUkErVnNocjB5UjVHQllWc245 - WnMyeHZDUVFpRG9IL2NkWGZJUWF4V1UKLS0tIC9MOHJDUWREWERzYmx4M1RRYml4 - Z21aTW9QUURUTHRiNjhEb2xROHFxdkEKAycw0fflA3rnojWBoArNRzEE3iozCOsp - uesPaSIxD9BcBtHV8BqWBCUUJ3rZcOkDbS+DYLcPAaJnOWYXSwmpZA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN3pYNjlIQ1NrZzRBamk5 + SDYvWHExekVXSXZpTTZqZnFpL2NXYVpiQWhVCmxVN2o1Sjg5THpHT3VHMzVjM3Jk + ZVJ3NXltT2haM3ZYWVdKZklWNFV4VlUKLS0tIEhwKzg0KzhTd1FUSEhjNGU2SjQ1 + aHA3NU56Tit2QXNDVi9NYXdVSlZMNDgKKZtu+suDC7A8gvL2iz7ANiqOgQISGLyW + oI+LuNovMysqTBcb/NSx1T241hw2SAENO6WmV+/sH4/wWSYYVpPJUA== -----END AGE ENCRYPTED FILE----- - recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3BKQlJXUWxzblRoRE9t - a1V4NzZQMG54TE1tV0tZMjVBVnV5N3QxQWhvCjVIKythdGxib3QyeHI4a3Y0RUlJ - cEVoL2htMk5mZU5OMHd2UTZtQTBqRG8KLS0tIGUrN21oM1NCVXlwR3V1ZnFvY2g0 - QWVxMk94bjRKSmJKSnpWRUEvdUZSZEUK3gGS4A7ldmdNvHvcj1sj2Fp+AAkFLju8 - G3hwTDoIsv3C+RP/nnK8UalahMzpBa7LSF5gh2KqFUnBS/G3Wnasyg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYN2o0aUpKeFFnNGdSUTNC + ZzFqL2RiUVVlOFZEdEszZ3QrWTQ3eXNaWXgwCk1Ua0oyOGVEdGRXb2lOU0FSbjls + NW4rWEFWbEU2UnFvRmNCYTkwTzZTYVEKLS0tIHhZYWxWdGgxcUVTTE8vZjliekNj + MTluR2RGSEtKelNtOFJOWDQzVE1kREEKpv7aTl+HhVUQn51AfHcsRjXbYU0Aa/n4 + 7gMWZTm6nsCGTLqhRBOEhWHeGVMP8e8LnWzppMufv0Z1WxQ2PbMMKw== -----END AGE ENCRYPTED FILE----- - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUXVxNXdJZmZJRFB2VWlG - MysyNUxSMmsyR3N2OVc1azJPR1VHY1hMQWdrClNtNG8xWTg3Q3BEWEtDTWMxdWp2 - bFRwcjZEdVl5ODlqMkRyTjh6c2lXYVkKLS0tIHA1Nkp6V2ErOVZYVVM2SXRmS2s2 - aU5ZRXhJQTFDU0ltbm9QZ0d5alQ4dnMKSOrrVIv2OUqTm831mS1Xc33vqT2r7Sas - sRZHiw/nNVUMkGkWrd9/RqLPiN3JDuEoBvbUXKrUfoesOyZ4fzHgqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucHR2SjBaUjZHSFR4Rm5w + a0NYMXhPMFNjQ1hZdS9XVlMxQk1IUnZxSVdnCndUSkE2RC9QRDRhdW1yTVB1V2dT + TU9Oa1FhdFY0b0o4ellabHFuMVVXczgKLS0tIG9sWWNuV3RrQ0V3eEhkMmVVSmJH + V2RScFVneFlKdG1SQ25KK2FqSXJVVmMKjcR+mi48qs9GX1He2qYSXsf6VZhbR/s4 + eCjgN7zKzIhg4x97+N8mEcgTF6w1690/V6cIUYDsaaxpm5Y80/KF0g== -----END AGE ENCRYPTED FILE----- - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNlRlNFN5MjBXOEYwdDMy - LzZOZFp1QU5KNUxQWTRpY213dzM4TmV5dFRvCkFway9hTlpTTU4zaElIMTMvV3hR - amYvamp1YndIenJJeEphSW04d2JBTzgKLS0tICsrMUZ0NFZkcGlKNEp6WVRtS0hm - dG96aitZVDBIQTY3QUdobnpTeW9rUWMKNxA6Hr/NB5IAD0JbnVwxEijYd94lPx+n - 6Px0rKlT9nboF2eIY3uY4SeWEv/kaidfDXJgTkUo4d+i6sLF5cdhMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUkRDZGliOGpvajZML0x4 + TU1pUU5TaVB2d0o3TGJkd2ZhME9jNnBncGdNCnZiVDUvbzJUR21CNUZLYTBkRjZU + b1hyUDVZbnVVM3hqTnBCU2NmYW5WQ2MKLS0tIDZaSlNsWUg4c1pOYnAyd0h3Zlhw + VEtDMGtUN3d1cDlGVUIrUVZ3OEVMQzgK/ftAJQ2QuQCR5h8BBdLu10Y6myTXCjs6 + Z1RoghfHGWxOFFuHzcsRdklInVLTeNhv8BI1SRwYuqZ2zVw8n29YCg== -----END AGE ENCRYPTED FILE----- - recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmOGxxRGtJcTM4ZS9GRWFQ - Uyt6eTBONHpsK2VCTldLYjh4b1JBZEJPQ3pBCkxXMmVtbnR4YnFuNWw2ckRXc0Nr - bDBqalZobklUWGF4cUtmRXp5Q3dJM1UKLS0tIEdjQ1E1WFAvTkpCajhrcGYrM2dI - YVliY3hPQkFXM3ZhdUw4SG5aVnR6NDAKZxf+Y5ZhqpzV/5g1zq6PTvo/yYClZ8rL - ghZh3MHgXkh6EZLtuZHtHHGvUuDG8oYJLnB7kWfWNXTKAPFn3gEn6Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWjFvWkxxKzd2eE01dE1j + SHJsQTdhQlY3cW5OdWk2azdPR2UwRWc4T1VvCmdoN01EU0xybGFBZmNQL2Fub2tX + ZFB0NlRKUkpQTXhZd2R4QTZSeTZmeTQKLS0tIFBQenBCMGlxWGsvRndvWnk0YzZp + RVVVRU9hM2V3Ym1YQVJsVjkxV2ZzSmcKZDd1nHWduaWuixFWP5njiy5vT5pUX5eF + 0KHukAqPm0UXkC3kFSfEPH84mhycrMcniIV8vagdVqjuMB/od2mZHw== -----END AGE ENCRYPTED FILE----- - recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNE9INEQ3MnptcUZwSVhV - dUUwdXNmRjg5SzF3alk4dmJvTGZiN1VSM0M4ClVBOHhYbFN1TExkMzdqSm1Yd21w - NXZiQmpnU0U4R2JIcjZOK0pJVDcwNmMKLS0tIGpXZ0RDOHRvRE01VElaNzFMMGxj - VmlzSFhod2xYa0RJcG5GRXN3TlNVaW8KXt6pIgxUscBFTDND2Ssr7PihrX901dgC - aRKH/AnVdXjUqdD/aN436pCnueh47gGkkzR+rWWuc6zvKItVIHTUFQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOXZyNThEcTd5OXpFazBk + akxyYnNYYkt5MGk1dGNkWEtxWFlBdUtVakgwCk9KNDZPdHRZaEFtOGJHY295b2FS + SnpCdGJlMFZxTWpBMDJKM0dHUjlPV00KLS0tIDY3TXAwNXQ2R0pUM1dYbnYvNGZE + cU9heUlXT2IzTUhWa2dkN1BFWklYYzgKX6puoU0T5ozcy1rCnV1k+E1PC96Y2CAN + nD1lFrvkB8G+rO9ps1gEeV1oxY/wBFznDCxyAHuCKcnxAvIb0lKvcQ== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYlh3MXN5MElUdmVOSFgz - aTM3cHc2Q1BjR2ZVNG15ZExlbkFzZGRBSkY0Cmo5YUNvS3RXN1FLTVJONFNVVzZu - SzZ4eEJ2S1pXbVJsSUVVVEJMMm5LQTgKLS0tIFFkMUdzUCtvZlNsNlI5ZHVOR2Y2 - UEM3eUZlVXFyZmsvNUxwT004SzZjNjQKeeHV9O57xgqa3dNyZijQgRSfY7toeWYp - P++LIbGgp69QzvCAF59oZ23/UKpo5AOIuP0gPQGNqUL5Yve6ZZQtlw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMW84RlFjRW00RmRET25Q + YlJ1SXJxWERibGRTeDlPVXlHQWxCcDA4M1ZvCkRVZER5WWUxeFNiZTV3RTYzMWpX + VlB6WFBUbTE4SThuejM2M2lGZndzRUkKLS0tIFM0K1ZhbmtIU1JSSTd6Q0pWc0dE + NjJkVnlSbVVOQ0R0b3pyeHNRdko5aXMKNZpSu/yTqxpZt6jMC1mQcyEDe+VU7JEU + BxlRMW9/8s5Fqu852uRTQwrvAHtnlBPKrzurqjQq9byUY1Q6a0puJg== -----END AGE ENCRYPTED FILE----- - recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVWo4ejBHencrSlhPOHdt - ZzdSTEJVbWp4aUNmdjVBSENyZmcwRWorUEU0ClhPb0NpYlVrMDBQQ3NlUDhaSVpQ - S2lMZDhENy9jUkVWRkZycGZJcTdKUVkKLS0tIG4vY1dnQmE1bjZIRHFZNW4zQ2dr - SEFZU2hJV0h5NUFSQmNKaE1yTEdIbHcKVA6+8h634meNiMbLL4TqtwLmC1hRibfc - g5KfnN97JdfTPDp4cs8+egwQEPI2fxh6pPunIAQXo3P6baUBGZd5ig== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUkJzcExuSFEzYnhPcFpp + ZFFld2JZYkRaQmZHc3d5aGRubFp3eFljbFhBCmhacmRWK1hVYnJzK2N0K0tYOTkv + SHZWaUt1clhpS0FXQzJoQTl2TmVaZmcKLS0tIFVWKzdQeXQwQkhFOGVDaUxsMnUr + L05EWEJZS2t3dUN2M3ZiR0VDQUVDS00K1Ju36/t7TGSY5JIpx+2+EfVnFem0JEGk + nFgwu7OWAqISnlICD6BEOE2ikZemO7UMJuy2+U4yKCnnztjzXyKmAw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTXRvY3FoWWpuUFJzazlx + Nml1dmQ3ZjRpSy9TQjhGS29pVTR4Q2JSalM0Ck9qbEhHWVB0RFhyNzI2Y1dVYUt2 + WENEUlVja2JzVzA0RElnYk9pWEpCaWMKLS0tIEwxWG9UbVczMEFiaUZzNkZsZVk5 + ZXBOQm9wZFg1TmhManpUMXdmcy84SmMKiO5gYDCEMd+oyQS4+VDZ/+x7dwgm0QVf + pFbUYGzVH3My2KOW3mX4AsYny/VAZrBbyQudqCb+kuwc6zR2N/ovZg== -----END AGE ENCRYPTED FILE----- lastmodified: "2022-11-09T07:12:13Z" mac: ENC[AES256_GCM,data:gqsD5gTtE5ZqWzWKAAIscecvIsGSC9j4Cnbik6Yk7Jf7Z5/NIxbkInzDsLmlU3ObbLZAhGAlOAKIrUVy37rCcEZ+I04ICXK1dmUdsVud6E4SvTdDjh9qlXTbEkcDCY2YqXlTuQl6IZyveaPuF6fRe1FMh8JEpDv/foZTl8+AuQQ=,iv:+nV6YW9m1B0qo7xbB1lw9dgiQ877GQ6OxMqjk7lei10=,tag:NmeSwBWRKpqlwZxYYC7trg==,type:str]