Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-10-18 15:24:20 +02:00
parent c681eb3139
commit 3eb9ce0e89
21 changed files with 356 additions and 455 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@@ -17,6 +17,8 @@ keys:
- &fw age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df - &fw age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df
- &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 - &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2
- &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw - &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
- &mail-social-grow-tech age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u
creation_rules: creation_rules:
- path_regex: ^[^/]+\.yaml$ - path_regex: ^[^/]+\.yaml$
key_groups: key_groups:
@@ -84,7 +86,7 @@ creation_rules:
- *bitwarden - *bitwarden
- *dominik - *dominik
- *dominik2 - *dominik2
- *mail.social-grow.tech - *mail-social-grow-tech
- path_regex: utils/modules/lego/[^/]+\.yaml$ - path_regex: utils/modules/lego/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
@@ -102,6 +104,7 @@ creation_rules:
- *netboot - *netboot
- *fw - *fw
- *fw-new - *fw-new
- *mail-social-grow-tech
- path_regex: hosts/web-01.cloonar.com/modules/bitwarden/[^/]+\.yaml$ - path_regex: hosts/web-01.cloonar.com/modules/bitwarden/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:

5
fleet.nix
View File

@@ -47,6 +47,11 @@
username = "fw-new"; username = "fw-new";
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnb9todh2b+c3iCmEz72smRwL37aZf3Xs3voT7+PLTP"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnb9todh2b+c3iCmEz72smRwL37aZf3Xs3voT7+PLTP";
} }
{
username = "mail.social-grow.tech";
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH1K4mhBji1kMGnO55OOFaDknBf2Q6wgm7DaMYKip+S5";
}
]; ];
in { in {
imports = builtins.map create_users users; imports = builtins.map create_users users;

39
hosts/fw-new/secrets.yaml
View File

@@ -20,32 +20,41 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aEpEZklTYi9oakF6WTg4
RDlNV1FrWlN6Skd1V1BmRU93SGJ1RTNGc2xRCmlzRk56NnRrbkthcWhpTjNlb0VV
cE9GaU5TRjAxaGFYTlkzbGtQY092eUkKLS0tIGdncHpVdTd5ZDN0NzllVmFuN2pR
WDJzNzZKdGxzOTRBZ1BPRUgxSE5DQ1EK3t2074FilJxZDQYZew8ckEbaBnQrDOsW
f+G4AnR83inhGsJwebmwwyI5dORVuBldA0CNjvihAmhlvf7G4TZ/Vw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YlN0a1M2cStpbUtMMWFZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MVNyWE0zd1FScmpOcVNs
RzQrMGZmbkN2c01yOHhvbllwQUVpcWhmU3lrCkQxeHNQb2pKa3pOYnB3aEFjTGl1 R2FsWGxyZ0ZiZzkrNjEyNkVybjlVbFh6WFVFCmtoWFd2bTRFUU8zL3J1Ry9uak56
c1IvSnZnTS9JMFJ1L1E0cXRybEJ6KzQKLS0tIDdPNTNwZDdMRzhyVzNzdXRESlZO ZUxKMVdha1h1ajBnb1grbTNPcjkrc3cKLS0tIHZXL25UU2Fqd2VVL0ZhNE1vVUVJ
TkRXeUsxTWpodWtIT3Mza3o3SlZGdUkK/U6+p4rYGLhTWSHPOysau+iCoWseiLht TWtVdzIwNU1McDNtM3VMdjhZNmhENGsK1x5pbkUdFuZtxLPLHQonmJEwSlWYBwjv
oT8a2hp9dSh1ofseyBfgeDeBN7Td9Z9FTBXBgcM911Sdq3VffQJHgw== 50v5i8fK4CTSjKO3VLh6iCkFUq2RYwerCpK2PdrujH33ymSUOzlXWw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVYzaDRndjhXMmhYaGdC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1R3V0Z3ZxQSt4dnkyNS96
ZFcyUlZNd28wbFdsUEk2OWt5aEYwSzBsWVFrCnZjOHg2bXFPNlgwa3E3NkZlOXpJ VGRqWUV6WllLenY2TWF2OTVWbEdUY2NDbFNvCmpwV3dwS2hwbk8zV0ZsMDYycHky
T2llSXJLNmcwWVVYdDdJY24xV1laWmMKLS0tIFhwTFdKaHk4NG91L2Y3OUZ4eHhD bU8zRjY1aFF2T0l3YzBaQ0l1UDFRYjAKLS0tIEgwbzF3TytRNHduYkErSTI3WXJF
V000QkdMWUhBV3E3dklnbTgvQVFUVG8KRkTaCoXdzF6+di4o9MoZIVUtM7YCxfiF STZ2NnlKaDdLeCt3RS9IRnc5dUkzZmsK5VwTv1CASmuvEvVLd67YIFx2fouXONtA
3PP2lurWxmSmGDhD7OwIgM+EQ0sKViDbcvGs6Oo8BKClgSx7i9kvPg== vtuVW1MCG4Z/btsQ5smRUsKWVdL+G2Cy1dk8SWZcy1tK3bDOLZ/VNg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 - recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbUMxNy9VTkJkMkszcUdx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRXBDdXhYL01jaDRkbXZP
MjJlRDk4TnoxMVEzSDdIK3J5dktWWHl5MHl3CmtjS013OXlqSjNhTlNBWURTRmht R2hFOXpBT25CRXNvTjhoNU1JWDRpa2RlcW1zCjlBMlZabFZhMTI1U1FxalI5SlBS
eFVLRU1Kbm5OdUtHRm5Nb3NGdzBwWHMKLS0tIE51M2tnaEUzMlRIeDEzZjhxV3RH SkVMVXBldHF1aUdBREFyckpYVVBzaE0KLS0tIGowV3oxU0FYRjNoTDB3SWFMZWVF
clE0QWFvRit2N1hsaDlUcUpDbFdhUlEKA+8ukUbm61s2B7XzbBclbmL1G+cHP9DO bVBNM0o0KzJRUndkSlZzeUQ2UU91N28KFfW9ID6X0IPeCnRBc6v7EGJAZ7my70Ih
XGOzmtpNm/kPKZCj9CuMBB3Ze4pEQglv66YQPafzQhmP4LMoWrOQrA== wHMDCrsnvs1XUFlHCFq4a7fzbqMcBoZ3Gkq5gBeuL2Cmuqoh92slzA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-02T22:57:14Z" lastmodified: "2024-08-02T22:57:14Z"
mac: ENC[AES256_GCM,data:U9/pKXdqXMvjQgyTIGz0JG+88aBXVgp29Fmm0OE66KMArkX8ungcEtdnGYKhD0gFJKLrKZZY5V8oyAXEq95D+Bh8ZnfmQibYw04cPldc6kTZstsrpbzrWVfn6sqG/ih12oXdsLws+H6IeN+O2qGZHDIVjvPufAdJ3A2X+Yakahg=,iv:mG+dGv3l/PNhggvlujLxDGU5z47qVA9sOTUbU2b2dPo=,tag:Rz2av33iwa9aYR7c0cviEg==,type:str] mac: ENC[AES256_GCM,data:U9/pKXdqXMvjQgyTIGz0JG+88aBXVgp29Fmm0OE66KMArkX8ungcEtdnGYKhD0gFJKLrKZZY5V8oyAXEq95D+Bh8ZnfmQibYw04cPldc6kTZstsrpbzrWVfn6sqG/ih12oXdsLws+H6IeN+O2qGZHDIVjvPufAdJ3A2X+Yakahg=,iv:mG+dGv3l/PNhggvlujLxDGU5z47qVA9sOTUbU2b2dPo=,tag:Rz2av33iwa9aYR7c0cviEg==,type:str]

39
hosts/fw.cloonar.com/secrets.yaml
View File

@@ -21,32 +21,41 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNzNjZ1o1dXFxalFiRXUx
U3NQK0gvQWVRbnAxam8yZmJTTmRTaVVZdkdrCnQ0R1ZBWEVmcE12NWNuaDFtRGlj
UFRManh2VFgwUFJaNFpVZFNqc01oSkEKLS0tIHA5UDlHY1lDWUtwTk10RHZoQWQ1
bzZ6MzhQQmYrZ3JKUDZoa1lDZXRHRDAKHtzHnt+zHgMsuyX0vP6xapvJ8796/vkn
u9U56OdFlqthTy870vMMoJWW3wAFfj/QV124bG63lJ02gAHEr/PGJw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpalJkZWNhUzRJdTdhaElh YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLc0ZsVlNzQ0d1dGJlSzN6
VlNGd3AzaW5ha1d4ekVESStQSC9mTnBGRzFRCmszVHVBMjFRZjRuejRjenhvdGZl bzB0bnhHTzlodWJveFBmdVVCdjJ5c2V0dkM4Cmt1cHhJa2U4NmJZSUFGYzhCQmdH
RkMxMmowbWdndDZvcHc5RDZBNGh2THcKLS0tIFVuU0ZIOXlpZEE1alVGaXhnbWhQ eVJDUjc0LzdIOHo4TWlCeVEvQUg1b1EKLS0tIGRpTFA4TkgvU2ZLOXM3NktMbjRP
T1BiZitwUHEvRGx2ZkdTTWJZQzJpOU0KH035L5mbJ1fDjmuNbmfCGZdJ/4eE9FeI aGM2aVdRSUpsRXRCZE02MXJ3MVpxK00KO2dZUNZ1KQFg4bnNp1PEntL2fY1h+JCK
qM5/d51C3fP1uRjeLJFxObNlu/QG9MKql80fYF0NUboVGIUzHwv9gw== l7CnGwotydc9NybwYtisv9XVrz3QoiD09OiLvg7VkmfzEaGmqmja/g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdm01UEx6OFZkOW5QTnp3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQTBxNkV2REdrRS9MaUxa
bUpuczZUUFdhRnhBbUxabGNFY0Rzd3pDdGp3CnRZMk9JRTV5Q1Jwa1J5Q1dtd0lM YWxNOFBKQlAwOW5qSk9hM1Q5c0tjZTdWUjBjCkM5TmtwR2RBRER3Uzc4dWtGOVM2
YzZKVzVRNldEa3JEL3h6TURPcHc4MWMKLS0tIGVEQnJ3N3c1ZHJ1Nitta2JRWDZP bjZFZVc3V0t0enhyam1DWVM3b0h5WlEKLS0tIGNPUzFJUGRYZStMRTMwV3pWTW1t
VFZ3Qm5SYzRyVitTV2JkN2hWNEVMSDAKwHMncahsEQTsahAXr9VJFgsahUJ4yrOD V003cnFtYVNEbERiRDV4bmVXVlBaUTAK7pLGaixTRCg5lKhN8CN95cdr7X8X1oDY
E1x6RAAI+2q8v3hPO8Rd8i6i/sELyM+NdK81WRrGwn8FHR8yZC7zoA== LX2t+SPvb8hqsssLf/mqVxPsgAXl0L9lfsYtRsuMWONmaJsOleVE4A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYWozckZEcGJRK0NoTEcr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbDA5U0xnUDNXYUtRVVN3
N0JsUG9UMGV1NTNxa0RmK3QyYVp0Wm04S25vCkxsSnpWQ3NGaGZMalEreUZkZVZE YW5aTFg1T0pOZWc4cXFDRDlrRmxZWWw1MUdRCjdlUVg0S0IxTXM4ZXcydGR0aldu
ZUk4R1M3cDdaU0NBa21Hc2lTaXFhdGcKLS0tIFcwRGJZU0hmUW5aRHZsNG1NZ25n WnU3ZnUydUh4em02TWFVamx6a0xpQmMKLS0tIEdpWFg1UEVGNHIzY2VZZk40NlBG
ejhXSmVkVjlhRDF3d1JDQlBzd2N3WncK6taU4OsyYoZc5P/2fMrSidLo2tYcH6Yw WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j
tNJRIOqR2Iq1M4ey27jnTdw3NvYKyxjn60ZeW2xcn8CYrpf0X4gLQA== eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-13T22:30:43Z" lastmodified: "2024-10-13T22:30:43Z"
mac: ENC[AES256_GCM,data:sEySfQaBevydqFBOab7RPCse8fOwiix6GIsXeR9paBCCCHOxDZDusdn0/k97wLeWzvHi0SJB/8+g8qlqXtRuJ/3mT1vJxfWwoJk3gz2WD+d8recG+KkdtkSGu04addHgBZQqGqhOfkRHYypVW3GaBfLteY08nvob4/yjaHCtGig=,iv:lsHvIovstgHmY6OrV3CO0tju2OQb1AcWgMov8klkSqA=,tag:zcvCoCwTgeZhhS1MOvH3HA==,type:str] mac: ENC[AES256_GCM,data:sEySfQaBevydqFBOab7RPCse8fOwiix6GIsXeR9paBCCCHOxDZDusdn0/k97wLeWzvHi0SJB/8+g8qlqXtRuJ/3mT1vJxfWwoJk3gz2WD+d8recG+KkdtkSGu04addHgBZQqGqhOfkRHYypVW3GaBfLteY08nvob4/yjaHCtGig=,iv:lsHvIovstgHmY6OrV3CO0tju2OQb1AcWgMov8klkSqA=,tag:zcvCoCwTgeZhhS1MOvH3HA==,type:str]

2
hosts/mail.cloonar.com/hardware-configuration.nix
View File

@@ -5,7 +5,7 @@
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
configurationLimit = 2; configurationLimit = 5;
}; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];

49
hosts/mail.cloonar.com/secrets.yaml
View File

@@ -9,41 +9,50 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraEttTi84cGd2bkd1RENP
bm9zRmlNdWZtSzZJVElVWW5qTXlzS1lreTNBCm9BMnJ6bEJON2Y5aVZvVjFmQlJw
VVVpSEVRNDJaa2FadFh2U1gySHFXQmcKLS0tIEhjeG5Wb0FDMlBxWW9aem45aTdF
N1ZQNlE2aTl5OGhqTUVNa20yelNpcW8KoXud5IID1g/KOvM30wn2cJFWQ5En4M5H
kJ/cLDSIBqgOpjtEeEDtMsKG4yW3H91YbXjwQ0UkoPJorauVPWnTYw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRWdBcmEvQkQrOXZ0SDJW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbVcxeTJZM1dDUFhIZ3VE
eFpFSlBxbjlUbFlDVEZzS3dLSXN6MnBFT3lnCkZ1RGhoQjhtcGxEY1E1QlBvNUl0 ZlBaTU9tQ0Y2V2xlZFUxUXNKcjdadVVMd2w4Ck9TK2UyVFVTVSt1dzNWWUtxYzdw
RWxnbzNldHBHUjhiZldYQm9iYWppcncKLS0tIG12WFdYSVdDYVZUaEFzUFhJS3A2 SVZ3R3VjRUxDMDNRWnpRZVBHWXdzN0UKLS0tIHQ0ZW0xZDd4bFVBV0ZjZE9Jcm9F
Q0I2b2h4aFlkNkV1a1BFamhyd0ZBWTgKZwxpdydc1lgs3u9gkh2Krs8PGfcKwJTv cVd0aW1qWHFMMjh3SXhTYjJrN1ZEZHcKi9QhittNcxnz+Zzc/pyFutXg3Z8JJjgc
n7BV0FNa242wOT4Tu28O9SN7VR1zZR52iOgV7gWsCnhkNDk9kwiLHA== j3rW5N6eNJw0W50qPw0xdI44KEkWOc4vh+QGcPY57yqjSy4+SjWhWA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSHFtMUczc0tXaDZoQllM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TnNnOUtsbFBzS0E0bnFK
eHFpYTFmcnpyYitwT1U2eGNuQm5MQms3YUdJCmpVS2hOVjFmUlVUZy9MZTZxQVlq NGk4ZkRjUWdRdG15aTQwU2cwQXdycjhxa3dvCkUwUGdmQ3FPQnFhZC9NcE9LUG1O
SU8xcmd2a0tvWlBMc2M1Wm5XV3ZQZTAKLS0tIG9qa2pQbDFIbFArejM1d1VRRVFY S0lydjZkdCt2V3R4dWlnUlBUSkp2RXcKLS0tIFJ3UkZhSkhTMlZZSjdXbFBObXNQ
VjJwdC8yQ1hweEllcGhYclNwTWFyZ1UKDKv14nnVx3FeL87FYFqZMU+niHBOvxHz RW40cXUrdFAzb1B1VTUzOGY2RTcveUUKFxxBBioTXTZ3INRykgRPoYwwbbuDMiXH
3L3hBMEgpR/uMSuPmF4/NLVJTsktOonW9NKOzm37KsY2HNRXbuHoQg== /Oy5yWE74I9KZJr/2idzd34Dq8PUB28lDyiDdxlISyAS33D4H0cl1w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjY2JOWTA0a3pGL0dYc2t4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZHFvbFMrZ1dTQzBZUkw4
aE8vTUNMNDVML2ZOSW9xeHlFRDQ5K1BLR3l3ClN4a25QZTEzaFk5bnVUYkk2dnRr dkl2UUlmcEZmZUVKeHVoSytYRzZVQ3p6T2hzCnJXaUJ4SUVaZFR3dEZtQ2ttZWNN
SWxNTklrZGM4enJ0WXBKaEJ6UDZUMzAKLS0tIDJudGtSVTVTV3ZrWWh6VnZFdEs3 NHo0Znk5TjZzemtmWHdkSGlIZ04zUlkKLS0tIDRvclhTMFlsdERtQUk0azJ4ZVFM
UFVlWE9wd3hRS0d3VEg5di9kNHBIeUEKov+NZ0pt4BUd5xXX9cTFSJF355Kg0ios WDMva0RCTnkzT0RWeWY5V281M0hjQkEK9o9cIFOiEwFeo+77QI9lXqdxlMCNGhOY
Va/kbzgG2SMvxMorNFDp+yJgGXM9rOycMJ1ajemKBM3r2QMcsIiMWA== BtowL/7wo0Tfi7+CkBuKP/Bxp2D0x3b4OHDsoCNG0nc+55F/rDtR5A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVVRBY1RVdmdkTGxkT3N0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMjIwT3pUcHlkc2N3eWZl
YjJUdXU5blY3T1R2NFQwQ2MvUitTRjZOUGpjCkNMTUJOaCtGR0s4SGxENXRRd1lQ cVdtT3NGcDNyMFZ3V1lhWGdJMExyVXYwUTJFCmMrZ3dwZm1ZcVZVMnB6b1NPUDVR
cE9RbFUvL1RVZnZ1a3RlZ0YxbmFtOGsKLS0tIE8vMmE1YkZCM210SXEzRFZJeWZL UFZUaHdRVWFNKzNrdGE0ZWxUNnVOeWsKLS0tIFhnbklUMkd4ZGFrUjhUcVBKRktX
eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1 YXlwV28xR2poYnFja0xVdzRPcnZmV2sKDbM77Msos187Du6D7s1wlgEuVxqQ4cw1
MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g== Rwm64kyiQPwh1W9sPhMOZWyEvUTP4QL2Bs6aB1Javf4BDKka0PeP6A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-08T11:20:50Z" lastmodified: "2024-07-08T11:20:50Z"
mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str] mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str]

15
hosts/mail.social-grow.tech/configuration.nix
View File

@@ -4,17 +4,18 @@
./utils/bento.nix ./utils/bento.nix
./utils/modules/sops.nix ./utils/modules/sops.nix
./utils/modules/lego/lego.nix ./utils/modules/lego/lego.nix
./utils/modules/nginx.nix
# ./modules/self-service-password.nix # ./modules/self-service-password.nix
./modules/rspamd.nix ./modules/rspamd.nix
./modules/openldap.nix ./modules/openldap.nix
./modules/dovecot.nix ./modules/dovecot.nix
./modules/postfix.nix ./modules/postfix.nix
./modules/autoconfig.nix
./utils/modules/borgbackup.nix # ./utils/modules/borgbackup.nix
./utils/modules/promtail # ./utils/modules/promtail
./utils/modules/victoriametrics # ./utils/modules/victoriametrics
./utils/modules/netdata.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@@ -24,16 +25,16 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking.hostName = "mail"; networking.hostName = "mail";
networking.domain = "cloonar.com"; networking.domain = "social-grow.tech";
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHC9YODKEKu5bOC61qkpPd8QeZxbNPCQKgfh8xUFMdV0" # dominik
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
]; ];
# backups # backups
borgbackup.repo = "u149513-sub7@u149513-sub7.your-backup.de:borg"; borgbackup.repo = "u428777-sub1@u428777.your-storagebox.de:borg";
networking.firewall = { networking.firewall = {
enable = true; enable = true;

4
hosts/mail.social-grow.tech/hardware-configuration.nix
View File

@@ -5,9 +5,9 @@
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
configurationLimit = 2; configurationLimit = 5;
}; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; }; fileSystems."/boot" = { device = "/dev/sda15"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ]; boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };

31
hosts/mail.social-grow.tech/modules/autoconfig.nix Normal file
View File

@@ -0,0 +1,31 @@
{ pkgs, lib, config, ... }:
let
domain = config.networking.domain;
in
{
services.nginx.virtualHosts."autoconfig.${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://localhost:1323/";
};
};
services.go-autoconfig = {
enable = true;
settings = {
service_addr = ":1323";
domain = domain;
imap = {
server = "imap.${domain}";
port = 993;
};
smtp = {
server = "mail.${domain}";
port = 587;
starttls = true;
};
};
};
}

39
hosts/mail.social-grow.tech/modules/dovecot.nix
View File

@@ -1,15 +1,19 @@
{ pkgs {
, config config,
, ... lib,
pkgs,
...
}: }:
let let
domain = config.networking.domain; domain = config.networking.domain;
# domain = "cloonar.com"; components = lib.strings.splitString "." domain;
dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
ldapConfig = pkgs.writeText "dovecot-ldap.conf" '' ldapConfig = pkgs.writeText "dovecot-ldap.conf" ''
hosts = ldap.cloonar.com hosts = ldap.${domain}
tls = yes tls = yes
dn = "cn=vmail,ou=system,ou=users,dc=cloonar,dc=com" dn = "cn=vmail,ou=system,ou=users,${ldapPath}"
dnpass = "@ldap-password@" dnpass = "@ldap-password@"
auth_bind = no auth_bind = no
ldap_version = 3 ldap_version = 3
@@ -36,27 +40,11 @@ let
exit 1 exit 1
fi fi
doveadm user *@cloonar.com | while read user; do doveadm user *@${domain} | while read user; do
doveadm -v sync -u $user $SERVER doveadm -v sync -u $user $SERVER
done done
doveadm user *@optiprot.eu | while read user; do doveadm user *@ekouniversity.com | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@superbros.tv | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@ghetto.at | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@szaku-consulting.at | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@korean-skin.care | while read user; do
doveadm -v sync -u $user $SERVER doveadm -v sync -u $user $SERVER
done done
''; '';
@@ -129,7 +117,7 @@ in
} }
protocol lmtp { protocol lmtp {
postmaster_address=postmaster@${domain} postmaster_address=postmaster@${domain}
hostname=mail.cloonar.com hostname=mail.${domain}
mail_plugins = $mail_plugins sieve mail_plugins = $mail_plugins sieve
} }
service auth { service auth {
@@ -253,7 +241,6 @@ in
security.acme.certs."imap.${domain}" = { security.acme.certs."imap.${domain}" = {
extraDomainNames = [ extraDomainNames = [
"imap-test.${domain}" "imap-test.${domain}"
"imap-02.${domain}"
]; ];
postRun = "systemctl restart dovecot2.service"; postRun = "systemctl restart dovecot2.service";
}; };

259
hosts/mail.social-grow.tech/modules/openldap.nix
View File

@@ -1,11 +1,14 @@
{ {
pkgs,
config, config,
lib,
pkgs,
... ...
}: }:
let let
domain = config.networking.domain; domain = config.networking.domain;
# domain = "cloonar.com"; components = lib.strings.splitString "." domain;
dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
in { in {
services.openldap = { services.openldap = {
enable = true; enable = true;
@@ -18,10 +21,11 @@ in {
olcTLSCACertificateFile = "/var/lib/acme/ldap.${domain}/full.pem"; olcTLSCACertificateFile = "/var/lib/acme/ldap.${domain}/full.pem";
olcTLSCertificateFile = "/var/lib/acme/ldap.${domain}/cert.pem"; olcTLSCertificateFile = "/var/lib/acme/ldap.${domain}/cert.pem";
olcTLSCertificateKeyFile = "/var/lib/acme/ldap.${domain}/key.pem"; olcTLSCertificateKeyFile = "/var/lib/acme/ldap.${domain}/key.pem";
olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; # olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
olcTLSCipherSuite = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
olcTLSCRLCheck = "none"; olcTLSCRLCheck = "none";
olcTLSVerifyClient = "never"; olcTLSVerifyClient = "never";
olcTLSProtocolMin = "3.1"; olcTLSProtocolMin = "3.3";
olcSecurity = "tls=1"; olcSecurity = "tls=1";
}; };
@@ -39,9 +43,9 @@ in {
olcDatabase = "{1}mdb"; olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data"; olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=cloonar,dc=com"; olcSuffix = "${ldapPath}";
olcRootDN = "cn=admin,dc=cloonar,dc=com"; olcRootDN = "cn=admin,${ldapPath}";
olcRootPW.path = config.sops.secrets.openldap-rootpw.path; olcRootPW.path = config.sops.secrets.openldap-rootpw.path;
@@ -50,29 +54,29 @@ in {
{0}to attrs=userPassword {0}to attrs=userPassword
by self write by self write
by anonymous auth by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write by dn="cn=owncloud,ou=system,ou=users,${ldapPath}" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none by * none
'' ''
'' ''
{1}to attrs=loginShell {1}to attrs=loginShell
by self write by self write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none by * none
'' ''
'' ''
{2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" {2}to dn.subtree="ou=system,ou=users,${ldapPath}"
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none by * none
'' ''
'' ''
{3}to * {3}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,${ldapPath}" read
by dn="cn=admin,dc=cloonar,dc=com" write by dn="cn=admin,${ldapPath}" write
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none by * none
'' ''
]; ];
@@ -98,7 +102,7 @@ in {
olcAccess = [ olcAccess = [
'' ''
{0}to * {0}to *
by dn.exact="cn=netdata,ou=system,ou=users,dc=cloonar,dc=com" read by dn.exact="cn=netdata,ou=system,ou=users,${ldapPath}" read
by * none by * none
'' ''
]; ];
@@ -110,23 +114,25 @@ in {
olcDatabase = "{3}mdb"; olcDatabase = "{3}mdb";
olcDbDirectory = "/var/lib/openldap/data"; olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=ghetto,dc=at"; olcSuffix = "dc=ekouniversity,dc=com";
olcAccess = [ olcAccess = [
'' ''
{0}to attrs=userPassword {0}to attrs=userPassword
by self write by self write
by anonymous auth by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write by dn="cn=admin,${ldapPath}" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write by dn="cn=owncloud,ou=system,ou=users,${ldapPath}" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn="cn=authelia,ou=system,ou=users,${ldapPath}" write
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none by * none
'' ''
'' ''
{1}to * {1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by dn="cn=admin,${ldapPath}" write
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * read by * read
'' ''
]; ];
@@ -142,155 +148,6 @@ in {
olcPPolicyHashCleartext = "TRUE"; olcPPolicyHashCleartext = "TRUE";
}; };
"olcDatabase={4}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{4}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=superbros,dc=tv";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
"olcOverlay=memberof,olcDatabase={4}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
olcOverlay = "memberof";
olcMemberOfRefint = "TRUE";
};
"olcOverlay=ppolicy,olcDatabase={4}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
olcOverlay = "ppolicy";
olcPPolicyHashCleartext = "TRUE";
};
"olcDatabase={6}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{6}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=szaku-consulting,dc=at";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "olcOverlay=memberof,olcDatabase={6}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
# olcOverlay = "memberof";
# olcMemberOfRefint = "TRUE";
# };
# "olcOverlay=ppolicy,olcDatabase={6}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
# olcOverlay = "ppolicy";
# olcPPolicyHashCleartext = "TRUE";
# };
"olcDatabase={7}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{7}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=myhidden,dc=life";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "olcOverlay=memberof,olcDatabase={7}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
# olcOverlay = "memberof";
# olcMemberOfRefint = "TRUE";
# };
# "olcOverlay=ppolicy,olcDatabase={7}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
# olcOverlay = "ppolicy";
# olcPPolicyHashCleartext = "TRUE";
# };
"olcDatabase={8}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{8}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=korean-skin,dc=care";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "cn=module{0},cn=config" = {
# attrs = {
# objectClass = "olcModuleList";
# cn = "module{0}";
# olcModuleLoad = "ppolicy.la";
# };
# };
"cn={3}cloonar,cn=schema" = { "cn={3}cloonar,cn=schema" = {
attrs = { attrs = {
cn = "{1}cloonar"; cn = "{1}cloonar";
@@ -432,56 +289,6 @@ in {
'' ''
]; ];
}; };
# "cn={1}ttrss,cn=schema".attrs = {
# cn = "{1}ttrss";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# ( 1.3.6.1.4.1.28294.1.2.4 NAME 'ttrss'
# SUP top AUXILIARY
# DESC 'Added to an account to allow tinytinyrss access'
# MUST ( mail $ userPassword ))
# ''
# ];
# };
# "cn={1}prometheus,cn=schema".attrs = {
# cn = "{1}prometheus";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# ( 1.3.6.1.4.1.28296.1.2.4
# NAME 'prometheus'
# SUP uidObject AUXILIARY
# DESC 'Added to an account to allow prometheus access'
# MUST (mail))
# ''
# ];
# };
# "cn={1}loki,cn=schema".attrs = {
# cn = "{1}loki";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# ( 1.3.6.1.4.1.28299.1.2.4
# NAME 'loki'
# SUP uidObject AUXILIARY
# DESC 'Added to an account to allow loki access'
# MUST (mail))
# ''
# ];
# };
# "cn={1}flood,cn=schema".attrs = {
# cn = "{1}flood";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# (1.3.6.1.4.1.28300.1.2.4 NAME 'flood'
# SUP uidObject AUXILIARY
# DESC 'Added to an account to allow flood access'
# MUST (mail))
# ''
# ];
# };
}; };
}; };
@@ -495,10 +302,6 @@ in {
/* trigger the actual certificate generation for your hostname */ /* trigger the actual certificate generation for your hostname */
security.acme.certs."ldap.${domain}" = { security.acme.certs."ldap.${domain}" = {
extraDomainNames = [
"ldap-test.${domain}"
"ldap-02.${domain}"
];
postRun = "systemctl restart openldap.service"; postRun = "systemctl restart openldap.service";
}; };

28
hosts/mail.social-grow.tech/modules/postfix.nix
View File

@@ -5,16 +5,18 @@
}: }:
let let
domain = config.networking.domain; domain = config.networking.domain;
ldapServer = "ldap.cloonar.com"; components = lib.strings.splitString "." domain;
# domain = "cloonar.com"; dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
ldapServer = "ldap.${domain}";
domains = pkgs.writeText "domains.cf" '' domains = pkgs.writeText "domains.cf" ''
server_host = ldap://${ldapServer} server_host = ldap://${ldapServer}
search_base = ou=domains,dc=cloonar,dc=com search_base = ou=domains,${ldapPath}
version = 3 version = 3
bind = yes bind = yes
start_tls = yes start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@ bind_pw = @ldap-password@
scope = one scope = one
query_filter = (&(dc=%s)(objectClass=mailDomain)) query_filter = (&(dc=%s)(objectClass=mailDomain))
@@ -28,7 +30,7 @@ let
version = 3 version = 3
bind = yes bind = yes
start_tls = yes start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@ bind_pw = @ldap-password@
scope = sub scope = sub
query_filter = (&(uid=%u)(objectClass=mailAccount)) query_filter = (&(uid=%u)(objectClass=mailAccount))
@@ -42,7 +44,7 @@ let
version = 3 version = 3
bind = yes bind = yes
start_tls = yes start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@ bind_pw = @ldap-password@
scope = sub scope = sub
query_filter = (|(&(objectClass=mailAccount)(uid=%u))(&(objectClass=mailAlias)(mail=%s))) query_filter = (|(&(objectClass=mailAccount)(uid=%u))(&(objectClass=mailAlias)(mail=%s)))
@@ -56,7 +58,7 @@ let
version = 3 version = 3
bind = yes bind = yes
start_tls = yes start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@ bind_pw = @ldap-password@
scope = sub scope = sub
query_filter = (&(objectClass=mailAccount)(uid=%u)) query_filter = (&(objectClass=mailAccount)(uid=%u))
@@ -70,7 +72,7 @@ let
version = 3 version = 3
bind = yes bind = yes
start_tls = yes start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@ bind_pw = @ldap-password@
scope = one scope = one
query_filter = (&(objectClass=mailAlias)(mail=%s)) query_filter = (&(objectClass=mailAlias)(mail=%s))
@@ -80,7 +82,7 @@ let
helo_access = pkgs.writeText "helo_access" '' helo_access = pkgs.writeText "helo_access" ''
/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) /^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
cloonar.com REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) ${domain} REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
ghetto.at REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1}) ghetto.at REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
''; '';
in in
@@ -89,7 +91,7 @@ in
enable = true; enable = true;
enableSubmission = true; enableSubmission = true;
hostname = "mail.${domain}"; hostname = "mail.${domain}";
domain = "cloonar.com"; domain = domain;
masterConfig."465" = { masterConfig."465" = {
type = "inet"; type = "inet";
@@ -147,9 +149,9 @@ in
smtp_dns_support_level = "dnssec"; smtp_dns_support_level = "dnssec";
smtp_tls_security_level = "dane"; smtp_tls_security_level = "dane";
smtpd_tls_cert_file = "/var/lib/acme/mail.cloonar.com/full.pem"; smtpd_tls_cert_file = "/var/lib/acme/mail.${domain}/full.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.cloonar.com/key.pem"; smtpd_tls_key_file = "/var/lib/acme/mail.${domain}/key.pem";
smtpd_tls_CAfile = "/var/lib/acme/mail.cloonar.com/fullchain.pem"; smtpd_tls_CAfile = "/var/lib/acme/mail.${domain}/fullchain.pem";
smtpd_tls_dh512_param_file = config.security.dhparams.params.postfix512.path; smtpd_tls_dh512_param_file = config.security.dhparams.params.postfix512.path;
smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix2048.path; smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix2048.path;

63
hosts/mail.social-grow.tech/secrets.yaml
View File

@@ -1,52 +1,51 @@
borg-passphrase: ENC[AES256_GCM,data:D6+ZedxUQ7m/m0YkM5m/B4kFsNySJjFyh8Gmhn3Mpe+mqEzzMRjAbwmGzx9i9Lnr1dTjRElUOgevnnvW5J2KRA==,iv:cG4w1KsEm1SOTni9bsbSW1+ypzjjs2Q42I+4xvcCAu0=,tag:WkkNVa27Uy5nFpmXaIH6ww==,type:str] borg-passphrase: ENC[AES256_GCM,data:JtQ0LlFgo5xO09T4YqQtlVEBHRQFPw97qkRnDJYjz1b8PQ64cF32vpRav6YuyPHUqltN3elaaw7WyalLNLaJAg==,iv:ylgC0G7F00m9Xru+v4Q3gB3OohFX5XuSsMefRP19Llw=,tag:OAsYZSx59/pnfYrkzvQP5Q==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:T/EPWSuY9Ocj6D8nL2pfPg7r/lN4TyS7SiAqhQhkr10Y3R2mzfgMrOZTg/MrYv3/uNCt5h9TBDxwmiAwSmBzBSms0T5qD8aSxLgbmc6MAG7FSm7cGFf6x/7fMgVn7DAlwMz+4t/PkVk1iCRG4IwzimXwBvq73yIZuAiIARq0Azin7YAoSKjxnZ8ACkyRVCecf45pk7ModRmPLSDK8MZcT7bcHpZt6gQKx72OXSCJTD5FRUX180miUaywf7SxF1goEGRSmwtFDhyVs8iThiqyz0IsElB/dPGR+vYQwlFNWOFUshfAifz5tHXkvaKt08EJKyVV2TUqEsUETfFEqQW+8YNym3wBvrlnXm05DrHnfjz9GOEeUr35d9ESNgS+J5SzWVDitK29ca7QiaQ+YfaDn4/4mOGKSbPUnqOgRBoqXhJMV4ddV0lTKgBrg9isBVPgaye2prcHGjtUkVw2Kyh1omT3RKv6y7X+jfOpeOWOiByN73PCsZF7g+FFlP0K5jcfm4y4yaD8y6NlEaozrabuCIpY2ZUdZ/aH11vzLAk+LB8XE6lJ5MKMNPjNRftErJ9iE3OaOyan1ovTzaGqzaEwGtx/MZpk5hWNUwcSrJvZDqDuKO4+OhwMedvCCRKtNFIbEZ49EJrtp326Y1EelhfWgls5nJFPXukHo/C17ybsP4uFySFz/M13RVTIRntn7WKoh0bH7na2XgVGtXmI2plqVA5zppCbVTzr9+pAAD9RvXTX7t12gA1iNmdxM8alOeoZ41JXHd6BDF4bvDLVMhFhlslDLZ3wNV/QPWcSczinpJlvEQ13/WFN/NTO25Y16p+oxY9g8QD3pNEkAVLOMYjnEUlV6+DQcZbxzU8RCfpEzfVsOqbztTihDgHD5ldWt/VpN4ncm/WCVCWBlT33iiTxufC8htY3SjXt8JULEt0049HNIbNwj1awZwqTgT4z06okf7sz0m8Y/U8D5MCu8uNpt7QJBftVHxCKSUmQ4NJRicMDhlrpEJklQYlRtsvKlL/ntnyf5ZoUnkX03AoG0zh4Dh0LydGKC9RsKfwJeU+684d3opBI9eIYL6Rp/XB60LKcUA6Q+m7BgB7Tjck2YbG8nFPLaV3PdmIejlE0agICJ8Hef8rnqdU/r6X92gCEBvGXNbuqsKJvDTYPafQP8U6rXc7Tq+g68zfCOijIuHyKjkzdtIom8KMi5MUdFBSXK22xB1q4ye+QaCaAdN/1Xe6KDxWiafPG+BkpExh7hXbqZU1MyiTYMExpilY30e+CmPXMdxAWmygOxwUk+mPbuWrF0oh16DYN0dS38gUbo2Z4fjRvYIoZea1pu8niQRfhTVgLZVpEN07pYPu2farsPCPIXPalXVcijVO/yi2Dg4uhTsjzW/aRZ6XDIoXRd59v5hG+L27l7gTIXfTx1+htwClRJjYxFy6hTL+ZjcKdNrz/jezXPrR7kRHNEEfJM/ysv8d/7Ghpt+wITgc22bdnxKJv9rWnoKDEQ/FRGm6Y/eMisOttUFFlznQi2lqShOxPXnnuOnpndklcxPM8FowlL4FMDN7QUW3kdXJ2j0GgN4o34oKhqvXjtjf9Dk5r5KB+GTeOhf3SJXgeR4llaSAQXjzGdZqk0g34YTa3qb8rVxDSBKEHOnKs+Cr/4H09k62S/3SzZfrBIaaZ6Ey1b+bFfnbJJlD/Y/1Hwd5IhNbMHj7bfOKC8VabieeHwMbWfkGdnnmdY5LLJqXAwANrCIYZrEpm38pYJiKes5GrAz8caK2rPIhAPShURwkjCsvowmadTvnEbO/KoaUIcqk40wYdM6NAlVme6dLXxeVN7Y3K6UAWFIIZtYarAog0Axncs30shIoy1CGd6dN87tuK+/twO/jr458fJInumXSMRy2X2K0MKPLONF9FcP/EWENa+H43Zcfo1y42HkoYxI70R2YqOlpbtJUk8/8PqVSlJBrbgpBZNzAMCbsIjhrBevISerf8Sa8X6WC/KjwswjfGJ7h+FEnrPutKJg/ajDywAI+RZ3H+5zWm/CZxBYT6k4w6gAWZva0Nlx6jWQExONGQfUBkrRrRfIHhWl3c+k5VrhyzwW9fmAB9XmT1iYbk9T+ZNU/O8HY1bAZWufS4G7GaHchbPIvz3edMvP+zrGBZXPPJE3abls9oUcVZ223NFU1RPMZwG7LqL0fzfHXl4zx82TEXn14dAIBBVr67RAejz5xOGf8I2MpYQ6RAxvfhc7bjWY9/FU1RU09ob7usJCZphm51oa4TR7kz0AH1HxSOGfCJKLdYjBxbylR1GxY1bUTokLVWEYHalCr6d4lyEmUHM3+1vBUQQ6aq81njW33yGvwclUvhWj4sB51WPaREcYQsPkYnftN/dRSKVQoEZckgmIvML3lUwiVMLGlXlcUViyQpktnWAWxXgw5GH6KXMqoI43jRmxTeR3KrVyZRJBlDj/AnGWOD37fndGuMdpmAIGX/1fZnUUCxNhhuou20LvOr8BnjcHP9pBjtRPxu4o9fFmnzNCt43SC2ivMDOLxL/Uq6batacYrRnLtK4XnNqzfpCqe1bkfBsmTbRGnwPIJrA7TThfHH322DLy/GueYiddIa5spqdIH2jI8nfjKq4SxLtwsNZ4GUG/z83YQEg0Z8I/CQhYh3Y8Gcjb4ZUrOg9n84iLADDOn2j9CI1QfsyJAt+qLEDPRJ9yMRefmq7BAxvGbNq+4YUbj4Fo6K2FwaO2quUVl7RpfVgT/WvXTJS4pAndPJt4PrG03X56ra3yOTtlZqPvGR+XGjp56hG5I5AtQ27JmB6S30EncH9sDLDPucNtEzn57cY90kAZSdDYjBkJ5/lC3xJOB4UiAs582UgyIiVlL/mvjXd1kajAcchfUYnjEUkgFuOoRysWDO/rq8aDFYg/jokUNOn4ent7xXzlfEXkpMZ00coZ7gi+CjKOf29+/ZE1wCfbRhBds/mCmAerWJo24vb632lTCWKImbHo36WuBAvKqofFNpVyMRQ+OKm9Bzr2jQD7W4+1CUk/ZatGVWJHCPsEGWt/L0Fj8K3NzF135c9d8aZ9HqC9XNqOKTZpNe9QSMc5S+tD1ZUxHVrDHny0fOKaWGVHtgyNkcyte0l16wet1z+xZcPCKr8ieMSqh+HgfT2/kWjpb1hlmyEDFmPnnbmhCDD2QWstX8vCa9JTdd0OLb3rTgPMlbxPPIiWQGSBc6tig7X3mZbebweRz5ktqrdMvK3ter9bVC9T2TF6EiCktxw+IdS9MONajvoGAaR2k1nGbfKDSVIKk1ialfv1FGJu1gUA8J0pvXqbrTJfSPOH4iuJrWJut0UpJeHrUuh0ODguNriBivobZeaRamUA/PPNvM5KCSUQUtefDnVINsJSoT4yXn55fkRwvb2957AfHI8yMRg9KtNIYj8i5KsEsw4gE53Lr+NU7Wq2O08+v2mUSNjP0REWgu0Dw0M4/Q9eykLV/ZRnhRcbUZyA==,iv:yA1CkRMapP1S3zMwu6Tj0/0/HHpwD1yRAm/qrZx/kPs=,tag:SYg2IoXeD9fMYb35J/AJ1Q==,type:str] borg-ssh-key: ENC[AES256_GCM,data:nY3fL73+bNhp/h//AADzrhHKmPC7zkp7FoLxW+MrYLO5uLdjIOemGyX9V0IIpV4LimrEI0tB6rfqwdW47P7zA+YGZZK9g+PAd9yGEy1I8VGuel5ZOVvBrv8BC2ysKUzziXNv33KKw4mrU5BvBYoyQClGsNkXvKlJ1XH0T8TnA4EmIKoujcMjI3K1yT8w3nn9TZ11VG9bnv9F7mXttUyXH053rz6TuENjxNdVjSsJkROpL/j5i7/RxiOwnxyIFyZmCK8/joGQhfEKuPKkZv3xAYypEg9DudKZTmcN92ooykjHUaGJ/X1vkpv2dR9vjaGHxnJtBKM4qpjS3AH+iXg4qwBOOPIIcwoYkj4v4xzAdteda7wDwchM69yrGjGA5j88trvJ/UOIJ108htSzij4+SPpa3A8zyt2zV4enNWpC0CAf2PkJyp+VbdDhP4as7NGqc7saMzZdRFOYnfmyAd47wUf4VsjZ2svxHQH+8l1Lb7kpZObhMBzuzbAKSKNwTPfhlZ78TnhUpfwO07gdK8mS,iv:06rmPl3ER3DcJvJISxnbuMzbGb/3JbNpIxNeOUCals8=,tag:ejagsOwoBWRF20q2rFpWbA==,type:str]
netdata-claim-token: ENC[AES256_GCM,data:ECx8zLnU/dj08vfA76oVbVzL3JG9MLBoFmxSjtjiFbSiFtdaHtG/8u5FEuyQ1bQMQntV91xj7x1kY8fAp7VNbWyC13pOEOrt6rvJYch14eM3bqNvfGeqgJsHmAaRbY6mBrxJBkiRJBLYVil4e1oDNZVnzFQ4ditXZbMGtAV2063K1MRI/48p,iv:viE84mOp5KSdj8vdK5XxR0W9A54oPxQO5ahnpPLeAdE=,tag:WjzKjGXRRAc7vlzreFHbng==,type:str] openldap-rootpw: ENC[AES256_GCM,data:uO5SVlPCxz+jACwdXuPowdlP5NjVu/KZ/uhAbPsBrnKQnW7eeZD+yqK189VNsQTqhq61AUZ1r5nzgMAHTclniQ==,iv:C3unIpOZh1x48RGqycqyoDFO0K41WwFkdtvlAmSEZy8=,tag:4N4tph2qvHbWSzDdTmh+VQ==,type:str]
openldap-rootpw: ENC[AES256_GCM,data:W0em1Dffg+IUoynwwPD4NjFksR38ZO4mhWFI83ALvYcwYIplxw/gDRLGCqbSt6TR5C65CKr1sOUiU+4Xq3UWmw==,iv:BHQhISTIYuwSM3KiSb0mEEo3BMNo6FXEDXoIvI3SZrU=,tag:tX8gfnk1JYnaNionk/jrLg==,type:str] dovecot-ldap-password: ENC[AES256_GCM,data:mygVtdK5lwsZ0YluyvJGss6Gf2Hb9zM7BtIBknJAgQBb0MT5d2U47HCoANVHQJYCidyjvqTDku6pSI11rGmRIw==,iv:HrEgWGuARYeb42g+/4bHByJOVMDc2GroKVrlixHCc1w=,tag:+vm5kMZPne0UToAMl62IWA==,type:str]
dovecot-ldap-password: ENC[AES256_GCM,data:JYAt8/WggwclNEPO9CaWfQsvQBA8DDJCU2km93HpowoVwIdvQ/0lQHeXndPYe1EmJGJ3vLErie+Zn2kDINIMqQ==,iv:HR0QJ0GgQks3NzhfXwjHupCKcPOekkiTcp5Jxbz7CxI=,tag:19m7F6TjGUPOuHQJuUq2pw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SURFbHFMQVVyN0laSkR6
U1JQRXgvK1grTFdyTjhUY1JsSW9sVHROZ0ZJCjYzOGRXODZZZWxCd2xPcThOWVpo
L1RpZlZxZTZQQnozcUZ5SnIrYnJ2OEkKLS0tIFBVZHJJUzEydVd0U0lBdGdvYjlk
Wjl5aUpZbUk4ZUxwS0NLTHE1KzhaVk0Ky8nBCAUamOuwqW3Qio25jr4ye98J7Y6O
9gmNmsCyxkaZg9gKrH8LCTfjh+NwH2qVpmFSQEXcj5qW0na5xwENJA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRWdBcmEvQkQrOXZ0SDJW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZU9FZ0I2WkpSUjBoYktK
eFpFSlBxbjlUbFlDVEZzS3dLSXN6MnBFT3lnCkZ1RGhoQjhtcGxEY1E1QlBvNUl0 WHlsZWovQlVEZ1lFajgwKzFJcGgvL1lUOFJrCnVNNU5LOWIza2lMVGtOcmFhQnUz
RWxnbzNldHBHUjhiZldYQm9iYWppcncKLS0tIG12WFdYSVdDYVZUaEFzUFhJS3A2 cDlGOU9ySjRMaWx6TlMvQStnNFZvNkUKLS0tIENGYXZhSWwvZmUvQTlKU2pFb1ND
Q0I2b2h4aFlkNkV1a1BFamhyd0ZBWTgKZwxpdydc1lgs3u9gkh2Krs8PGfcKwJTv WkJWMElRc3h3SmZkR2YyclVNVGhYT1kK49wmyQ/S0qQkDac+Z3UvBGWPgia6FdBZ
n7BV0FNa242wOT4Tu28O9SN7VR1zZR52iOgV7gWsCnhkNDk9kwiLHA== Rm/isGOIe0ips25Vdhl2a5jZt99u1Dlgv094Fxopxs8494xIunDeFg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSHFtMUczc0tXaDZoQllM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWk1xeXhjaEpIM2pBZlJp
eHFpYTFmcnpyYitwT1U2eGNuQm5MQms3YUdJCmpVS2hOVjFmUlVUZy9MZTZxQVlq UXBmcDlUQVN0S0RDbW5TaEladEFRR1l2cDNFCjRoYkdwakE2U0U1SE1RK1ZjTGZu
SU8xcmd2a0tvWlBMc2M1Wm5XV3ZQZTAKLS0tIG9qa2pQbDFIbFArejM1d1VRRVFY L29SMGltM1poMU54YzF2emVxNTZINUUKLS0tIEJJcVpsK0hkc1YzaXZDV1oxVTZi
VjJwdC8yQ1hweEllcGhYclNwTWFyZ1UKDKv14nnVx3FeL87FYFqZMU+niHBOvxHz QXYwQmJYd2dtY2ZqSE5YcTk5RndvalkKDCKp+k0QYuDdUfhm/fenv/kdnPcO93Iz
3L3hBMEgpR/uMSuPmF4/NLVJTsktOonW9NKOzm37KsY2HNRXbuHoQg== b0GGoqnveCDcXX47s3DDZ/Kuu1EK4Cd71wvWyVu0sXWtt3c6l933qQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 - recipient: age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjY2JOWTA0a3pGL0dYc2t4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTUUrMUp0RXJHNjl0dWts
aE8vTUNMNDVML2ZOSW9xeHlFRDQ5K1BLR3l3ClN4a25QZTEzaFk5bnVUYkk2dnRr UXhnMU1kNW5lSGQ1N202WlZ2U1psUnFlMlNZCjdQVzRkTC9CcGRlVVMyQWxMOFRy
SWxNTklrZGM4enJ0WXBKaEJ6UDZUMzAKLS0tIDJudGtSVTVTV3ZrWWh6VnZFdEs3 b0Ezdnc0RnpKekhUcUJlc1pWQ2VjKzAKLS0tIFdRM2Zab1pRT1VnbzlGbExmaEUy
UFVlWE9wd3hRS0d3VEg5di9kNHBIeUEKov+NZ0pt4BUd5xXX9cTFSJF355Kg0ios RzVyNEdHVzZUdENlVEh4c3l3V0h1TzgKlDTvDMe67hfDd3yEepLeIhuVym3wekoy
Va/kbzgG2SMvxMorNFDp+yJgGXM9rOycMJ1ajemKBM3r2QMcsIiMWA== Fk86lgIY7VIGW0Oncyj/mOg10MYQuzoTqgMKfwDN9bnV4aeSS24rKw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t lastmodified: "2024-10-18T13:21:23Z"
enc: | mac: ENC[AES256_GCM,data:uv3uz45U6dxfFkKonwCv+tfWD3g9zBGudCuXXAHgav5XY+z62Z7KEV5PUGMI74k1cRg8etIyUo17Ur/KVIrTDSt67R+70WaSOXnRtEX2F/kJWb8NLC8pfQYPVFtaaCSx0kFPZeu7vSUD5GkTJ9UzwbKUZ32N823sIXosia24x2o=,iv:7/Z6XCE/iY5TBTOdjmKwjgue2tzAB6F9HHZYjk/qrok=,tag:WhyEqM8nBID1PGaTXvz8kQ==,type:str]
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVVRBY1RVdmdkTGxkT3N0
YjJUdXU5blY3T1R2NFQwQ2MvUitTRjZOUGpjCkNMTUJOaCtGR0s4SGxENXRRd1lQ
cE9RbFUvL1RVZnZ1a3RlZ0YxbmFtOGsKLS0tIE8vMmE1YkZCM210SXEzRFZJeWZL
eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1
MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-08T11:20:50Z"
mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

7
hosts/nb-new.cloonar.com/modules/sway/sway.nix
View File

@@ -28,6 +28,9 @@ let
orca-slicer-pin = import (builtins.fetchTarball { orca-slicer-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz";
}) {}; }) {};
apache-ds-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
}) {};
in { in {
imports = [ imports = [
./social.nix ./social.nix
@@ -72,7 +75,7 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alsaUtils alsaUtils
audacity audacity
apache-directory-studio apache-ds-pin.apache-directory-studio
bitwarden bitwarden
bitwarden-cli bitwarden-cli
rofi-rbw-wayland rofi-rbw-wayland
@@ -104,7 +107,7 @@ in {
variants = ["qt5"]; variants = ["qt5"];
}) })
kdePackages.neochat # kdePackages.neochat
dbus-sway-environment dbus-sway-environment
ddev ddev

29
hosts/nb-new.cloonar.com/secrets.yaml
View File

@@ -10,23 +10,32 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUG5oZ1BPL1hiRm5zQ3FO
Zks2RWg1ODZGYm4rY05wT2dWTHFCN1FhcEY4ClB5N29SclVxWUpGaHF1V0o1cHVK
TWtoTGFsRHVERWgxczlqdysrRmVDM3cKLS0tIFNISWhUbmV5dERHSXV3ZW5Gd0l3
bHZHdy9jUHhLSTFUWHBxUTcrT3FoaHcKpKjzC3KDD6TXpbPm/ObztJQzkNnnTnvH
uWzRhQg7lHAKiiz4szzT64WCuisxFAOJP1KrSK9qP5DLBm8aKIDcPA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZ1ZON1FWeHhlNWVSeEIw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VU1JZ3FkQ2lPVE9KeGMw
SDRwU3JBUEg4TXhPV0JpMUV6dlVHSHZoTlNRCkxpc3JHUVl5eUVMWHlOZVhSMFNi c1lRWGlPU1BKbXlJc0lnVURNNjN4bDRNWFZ3CnQyRUE0MXllajgySHRkSTNRZ2U4
c0lzUS96a3dSRDZtNkMzNnZ1RVQwTDAKLS0tIFF3V1E2eGw0Zk0xeVJjQy92SzJP K2w3bWEzNmxrZHRybXdFdnZCTmYySW8KLS0tIFduVUdYdDdVOS83QUxveG5lMDRi
dTFFdDQrUktna2RKZ1VFbHBQWmhTNjgKL5/aqFTEE9NF/6tTe9UmrH2SWpuC4pzS M3E3bDhrM1FvMERESmI2RTdBTVNUMlkKoKhTGUYULeQvqMjwMCanDxD4yflGURgE
uHBh4XXMx9g34+y4L0bLZ4LkXA1G1EHukIVG98eYlsUlpT3nYLKdag== ROZe6d8R5Sya+RsS4uzNMs5KkjGeC/xjbNO22uSRennIwCqBaHNmgg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVkpwdlJMSzZ0Z2tCaUhw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMW1zeU5ubDloazBKNFR5
cm9XOXo4Q3lGRHRCRnBMOVJxRitCUkhUOTNVCmc4TFdneDJPdlVVYm5Da0JWUDRS M0xnbXQySWptOHFEQmQ0VHdvTWVieitYK1drCmI0VW5PVUFaTFo3STF2MUxSOXhC
em0wR2pTTUFzWVpwRnBVSHQydVFsTG8KLS0tIGxacC9ZRndUeVlCNHYreXI3U1FJ T1YxY2lFMitKM29rS1FKQWRweStxUlUKLS0tIEFnQTlHcFJEcTAxem5QK2xrTm8r
VmFqdTBvanUwV2paRHhHSDRqVEpLWVEK7uRtiTZ+NJWP98RE2YfugHf5UjfUKJ5V L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W
brmUHz2gODPPyKPi94EXBJF8gPC93AVpiVMU9OlkHCm7UMMl0wSxhw== A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-30T08:33:24Z" lastmodified: "2022-11-30T08:33:24Z"
mac: ENC[AES256_GCM,data:/vJdDVpv+iM66wANeLLl+CPtg2j1OCyKlGHhsQQT/RphUj4IlIsjKj+j59lmM6bRBfebTTRt1scFgz8CCPoyfSH0KrAyPLPs1SPxZT6Le87PkmO2rfH0MpNCrBDUdtpMgKs+kbxSzbqnh6X3+juXnOL3oUB3K0cdF6hAr4cP5xU=,iv:3IxaC/8y8FwKxO3mPP7f/byjYih3O6zZU6HJK2cAPvw=,tag:g8crhgnYs670wLPcC3HIhw==,type:str] mac: ENC[AES256_GCM,data:/vJdDVpv+iM66wANeLLl+CPtg2j1OCyKlGHhsQQT/RphUj4IlIsjKj+j59lmM6bRBfebTTRt1scFgz8CCPoyfSH0KrAyPLPs1SPxZT6Le87PkmO2rfH0MpNCrBDUdtpMgKs+kbxSzbqnh6X3+juXnOL3oUB3K0cdF6hAr4cP5xU=,iv:3IxaC/8y8FwKxO3mPP7f/byjYih3O6zZU6HJK2cAPvw=,tag:g8crhgnYs670wLPcC3HIhw==,type:str]

5
hosts/nb-new.cloonar.com/users/dominik.nix
View File

@@ -569,6 +569,11 @@ in
# user = "u149513-sub2"; # fw.cloonar.com # user = "u149513-sub2"; # fw.cloonar.com
port = 23; port = 23;
}; };
"u428777.your-storagebox.de" = {
user = "u428777";
# user = "u149513-sub2"; # fw.cloonar.com
port = 23;
};
}; };
}; };
}; };

1
hosts/web-arm/configuration.nix
View File

@@ -58,7 +58,6 @@
php php
php83 php83
]; ];
services.davfs2.enable = true;
time.timeZone = "Europe/Vienna"; time.timeZone = "Europe/Vienna";

2
hosts/web-arm/hardware-configuration.nix
View File

@@ -5,7 +5,7 @@
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
configurationLimit = 2; configurationLimit = 5;
}; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/82F0-EC7D"; fsType = "vfat"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/82F0-EC7D"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];

2
hosts/web-arm/modules/nextcloud/default.nix
View File

@@ -8,7 +8,7 @@
enable = true; enable = true;
hostName = "nextcloud.cloonar.com"; hostName = "nextcloud.cloonar.com";
https = true; https = true;
package = pkgs.nextcloud29; package = pkgs.nextcloud30;
# Instead of using pkgs.nextcloud27Packages.apps, # Instead of using pkgs.nextcloud27Packages.apps,
# we'll reference the package version specified above # we'll reference the package version specified above
extraApps = { extraApps = {

39
hosts/web-arm/secrets.yaml
View File

@@ -28,32 +28,41 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZa3JUVk9UQ2xvdE82MFNZ
QU1HSktJa2RpbTNVajlES29qdnZMZjR5dlZFCmdhaHEwOXdpdFJaOWpzcHZmUWUw
czFUUjJ1aThrQzloQUs4STVJNkJqdUkKLS0tIFUybFpweWhuQ3RhWVhEZllIKy83
WUhmU0Q5L2M5MGJBb2RXRUNUanJ2UDQKxDH3kQ7PxBgHbkv7HPhSmyHIT6N8qmCf
vgRYuZWFgMas1BsS2/F9jmWxUtcqj6/LClmKvIlAmr7OiEZ8fLBTDQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZjFGT0N2SGZkQWx6NS9x YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVDI5dFlSajl1bXkxb09C
OWpsU2RsOG51akRUYlRoL1Rwd0NyZkl4ZTNFCmowdXl0QlplMlFhYlg4bFpwYVZm NlRFM3dpTk5KbkZ2RGZwUUVVdGpHVzdac3dBCnVJTWVMN0t5Q1MzTzVSSjRDQnRN
OTRXWE5wY0JJQzlaQVRuVE40Qi9XcE0KLS0tIGJ1MmhIc3RuR0U0WWhDTjl1aFJG NGVKa0h4K3FpZUhmcnVkajVOaEd5bjgKLS0tIHpVWTJIa2NOQXNQRXhUaHhKc3JV
aGNabFJKR216dlFETmRPMkdnT0J2bEkKDz9UCFSUgFxPHJLvs8Olm/UYowbuCEl8 TEhxV2g3N0w0K0E4cjBhK3h4R2VONk0Kqmgr6vvwyP5GUNGEJT4lGk/q+6D1/vEc
wDCJFobtV7AYYB3gJmXA46DHefsC+7rbUJ2E5y50SFIeofcEK/oorQ== iAx10xVmtDvIuWTPwNHM5Rlx1SesloGiTSgT/MwzaUYm8lkpK6BNPQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MWk3dEpkYkZxdjJpVDdI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc3p2TGRYRFV1aUg4Z1JF
RTdvSElPcG9JdjdzVGI5RTJWNUtBTEt6cFRjCnJpQjBtdUdpTHlHUXZMaVIraDdE MXBYUXVRTTYza3UvOTNiYVV6TWVBZDNMSkVVCjkwWkNMQzk5RVFBYkNqNmpKOGwr
YlBKYWdBNzA3L09oVzRPdDEzOGJiOVUKLS0tIEpzTWhuUnR6VHpMMVhVdEpWKzBy SGlhYm1sVUs2S3VoNzZ4T2pvRkVkeVEKLS0tIGEyQlhQcmtKcUh2NnJLZ3BFeWdB
WGo2cHEyZFg5UnZEcUlmeHoycERCUDQKEPymfQ8YOkDtamYtyXkws5H5yuylOjtD Q3lVNlFxbWhzeVBaMVd0ekxEVTJBc28KyCK90KW2wb9bXup9OW6J1Gnrlb9X5e8l
7C6nmKruZzFNIUs8Wf6u2TLtEPEsR2AX9k70ZjtOoygIHhvIpqY1uA== c+kztOq76I8NtSAnrwfkpp7iJYH4F4TEU6meFGO4Ev//duKoBT74TA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc0FIMmwyTFpHNlNOSEhv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZREdyNFNQRkI4L3BTY2FW
TmM2eW5IZlZpekNwTERuLzRLbW5ZYk8vaFVnCnlTQlNiaVFwdU9BWHFrc1VnSWc2 K3lFcmpsQ2tIMWYyVnVDbllPcktBMmVoMlFRCmlwa3RubzFzMmRTRDJYZUgvU1hN
d0R1eHhWbTJPQjBsV0J0WjFyckZXL00KLS0tIEdwY1oyeGsxZzBLeStJSmZKVW1V SmFJWXR3UjhEaUJtR3hSeGN6UnJ6WE0KLS0tIGFXQmIxYVl6Y1djQ2lrcjRUNDdt
ZFBWTUhrbVJHTERMMkdDaDBkMU16VEUKi214s0sjzOR8wTK55lZelBKO+ar03lG2 elpYSDg2Y09Ia1VEaE9yUWRYMlk4V0UKcsiKxtTdtAT7odCCua7wV/3879QEp2YJ
Ue4Rx1utf3DDskRY6ELqSroIYEMIWDk9rxQTovIQD978mP9vpXgfPA== iIVgZIrTg34tEGj8VbACcGINZfid3SSkUM4hnydP72ZOOfijIN21Ew==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:45:49Z" lastmodified: "2024-08-31T15:45:49Z"
mac: ENC[AES256_GCM,data:BjoytvHEO/mvFUdAN/jf3EnwIjmWzSbY3TgCOjIp4zlVi+QrtwLD1G6fTN6q8tWOrYUBETS93q5FsCHKqCh58TEp/JZSnw2OhODBAn8LmdNvbvXX3dNFkVvjLsLH9rl4knMD5gr2fSc+YqHsTcb1sKBom7pFEsRppnnbU6h+FZo=,iv:ipoiDA2Er9gaqKg5bbjvVSC3RTiUV+t7J72ns5IEdac=,tag:1/4KRpnUnm14jGAdS6EoxA==,type:str] mac: ENC[AES256_GCM,data:BjoytvHEO/mvFUdAN/jf3EnwIjmWzSbY3TgCOjIp4zlVi+QrtwLD1G6fTN6q8tWOrYUBETS93q5FsCHKqCh58TEp/JZSnw2OhODBAn8LmdNvbvXX3dNFkVvjLsLH9rl4knMD5gr2fSc+YqHsTcb1sKBom7pFEsRppnnbU6h+FZo=,iv:ipoiDA2Er9gaqKg5bbjvVSC3RTiUV+t7J72ns5IEdac=,tag:1/4KRpnUnm14jGAdS6EoxA==,type:str]

148
utils/modules/lego/secrets.yaml
View File

@@ -5,122 +5,140 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYmY3L1VuYndVd2thbEk0
aUgzU1RIMGFxVGtyM1RCYmw4SW1sU2VMZmtnCnN6WjlDN25JdTRISEVYcGJTWUor
aDV5UkhQNjIrVHducDA3cmFQSnlzZTQKLS0tIGdQWWhsdTlVa2kzdDU2WUhqUDJJ
ekNsQWlEQi8vTm5vWVorelpvUUNrbmsKYzKVSvj+BXFqrty1jTr99e/rIBoSuHY8
lxLOH7ussA0JC0bOegKmk21d70H2pOOa0yLbBUIpW6+pmA+1L8zauA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkd280dnM5WVFpYjZxQTJL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMHhEaWRZdklDVFcyQW1y
dW03bEM4V1AxYVN5UVpHNkl3UHNJc3hKbG5vCmsyYUViaEc5dE1EZXAyT2tNd3lK TWplalJFeTBIb1BRM1NWZnYyc2xTOFVhQTFBCmlHUHE2WGs0bWdlTlBpR0ZCSnc5
YXNqRzlPQ0Rsa0pod2xKTHpFb05MckkKLS0tIC9JU2dwR0hsZGpYdUd3WUZmNEF5 eUFJcG5PMm1wUVZXY0ZLa29QcU1SWEUKLS0tIGVzWjJaZThpY21oMEtwWTd1TUJ1
clIwcVhkWElVTmVOUkVieWxWZTJkOWsKuk8dt31A15RbC1/A3GB7TnWNqheixYJc THRHZDBGY1lMeFQvQWxjOTlneEExbncK0UC0bd8jSLlS+Pb3nO7zlnowSO1iYaBx
26ZkAR9SLCkHTgyQPVwE77ZwA4NYOTkKNsvj9rC7B0RGOCs8U5K34Q== P32gdPFWdAlnfX6SA0HzJJ3pyCH7uKS2JZD/Lbao7TfZPZ727fvdJg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYUYwT0IvS2JvbkJUN3Vm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMFU5RjJjcHFWWVd4ek1S
WUV2cVRXMkU3MUFVMUljNktvVTNhVXJoN1VBCkhwc2FpRGJKY1EwTTdYWkVhaU0z QWZSSGtZR0MxbklYeDA0RnM5cmFpeEVrU1FJCjd4ckl5L0pYQWRxcndpemdMY0t5
RCtMdGNZQUpjTFFYWjBoMzY5aC93NTgKLS0tIFBvb2FDUjA3OUpBQWdkaFdGMm9m NElycVU2R0c1ZW5STHdXOFZnVHFaWUEKLS0tIFB1RFFiNjZGL2szT1o2K0JUMk5Z
SVJXN2dodHlCTXZRVDlCbGhlZ3BhTFUKlqx5kTajaseaomJELMTBUdNB/m/CwnYx ZUlQYWxRUTIyVXBJaStWN0xXRTdrZnMK4453Uqzl1EYusOqf3S2YyJvz7Mh7ToUg
PP+sl1n9T/ZmV+l3l30Zh+/lnc1pOCxmmvzZpnN51I9ineal9/YmKg== 6kzq2+wVPhM6xu/zPg6BTZRpvbq7hAN/bfzDlsgcCt4nOZp/d+4XJw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58 - recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWDVoM0tnQUtyVFNDajFu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhOWdSREZQL1ExRnpqQ293
V2IwN2hsTC9HTkRNaFIyKzlLdytoWFJ2Wm04CnU1TTVCS0xtVjFiRkE2WkRidis2 VXlWZkdkd21hTDhHQ1gybmNIQ1RBVUF2Q25vCkM3emN4bnltbUxFZG15aytLU05Z
V040dWhRdG9NLzd2SmxOOWtucWttVEEKLS0tIHExRk9VRnZSd0Q2cUFYQk44aUhu VytlK0ZWdU1FY3pxaVFTb2lCZzBqcGcKLS0tIFd4ZElpUjc0M3RtNjNVcDNtWk5k
T3BIeFpRZlk4ckc2SUJlVEsrV3hmNHcKGb5GJITKhhMEEWsZp9aGu+tfDBeebFvJ TE5Zbk9VdHh5TGVRVkdIUUd3dU1zNzAKcDUY+RghrJuHlDFy3IqD2Xr7YJPnXcwv
+nMy9XPzcKBGSNd5GrIGL4qMWFQAvty17mevXKGZ3hQ9N9DpP9qCCQ== OC3/RT174ES97OHQdzep4X3ipYB7XLL1UNa24QKhpbXWpNy6kcDeLg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42 - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTFNDRlFuVndJdFpQcytD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR3B1bit5Q1hJYjRjU0xy
bTJ2SXVsaFNYOXIwcnpKYUhXa2hBMlBNR1hJCm5FUzVkdGgxRkhISitjbE5lUy9C eFZFeXAza24rSlEzR3E0KzUxQ1RMS3BmV2xJCjVxN3hzaHNTY1VhdlRPVk9wb0Zi
bnF4TzhRZE5nZEhVWW9FaEFIVUhiNzQKLS0tIHRtcHM1WXdWcngvMDBsMDVBeEtw SmxjRnp6cnpzcmJLbk9MUWpoU3pXUVUKLS0tIHlzM3pMZFBHWlQ5NWVWZHZ1UDFp
OXF3TmdyVngyeHhQV3hnQnIyckFPTjgKOevqNmDR/6SODvZt76dF+kQEgGjXTiYL OVVJMkhHUWxENlhVYVl1V1Y5VjNPc28KrcDoLT26nLtzRYxlnvB8gL7Nvn2MVr6R
/rxu/psNgFe8nYE38/qtYgD52Y3L4q4h4ZgPsKE1a/17Wx0C9rbVkw== 1OZhEmIQSH6eNItU/oK7G6S8FqNPksfFwWHA9aZ/K67pWmzu0ow+Tg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneGxFSG1zWmFBWGxBUk1Z YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZHFqWGk0bVMwbWhxTC9L
dGdEd3c4WE9YRXc4RHVmczlCV2Y0bEN6OWljCmw0SG84SGV3RGlWQWJFUFZrSHVD d3BLN2dxcmNoRTRVeVpDUHhLdjRuM0Vlbm5RCnJFNURuQ28zN2FCQzU3M0hkbk5N
ZnJnYU1YeHJTNklRVXppRTBtdlBiUHMKLS0tIFZnL3RjRWFiNFJ2OVJQbTdRNTIw RW93ZmU2NVlxYjFsdmoxM2MxVndMYTQKLS0tIDVacmI3Ukw0Z2RwSzViYkV0d0pN
WHRISHhjNnkvR2hjb1RUcVpDeDM2MDQK29wQSqzJtPDBVWdvPX4FFGE3Zs2plrpK NDc1aHJ1Z0t0dGhxMGluQm1yRHVTQ2cKBvGYrEiLlZwEbEdqGqR7ju8INj13QkHB
A37UMMFiXvT+Ofc9ncveAjfS9axjLLNpBl595zAHcsy8zP5YIQZyeg== JA1hNfZLwClReN4rXFZ2ffZURxEIhVGSMxcVZUOvRuXXy3GpVRLdOg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQjdpTW5oa1orWGIzUFdQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN3pYNjlIQ1NrZzRBamk5
eEZsV0RKY3ZxRUhqTW5CdkpmaG5EU0tEem5nCkhtUkErVnNocjB5UjVHQllWc245 SDYvWHExekVXSXZpTTZqZnFpL2NXYVpiQWhVCmxVN2o1Sjg5THpHT3VHMzVjM3Jk
WnMyeHZDUVFpRG9IL2NkWGZJUWF4V1UKLS0tIC9MOHJDUWREWERzYmx4M1RRYml4 ZVJ3NXltT2haM3ZYWVdKZklWNFV4VlUKLS0tIEhwKzg0KzhTd1FUSEhjNGU2SjQ1
Z21aTW9QUURUTHRiNjhEb2xROHFxdkEKAycw0fflA3rnojWBoArNRzEE3iozCOsp aHA3NU56Tit2QXNDVi9NYXdVSlZMNDgKKZtu+suDC7A8gvL2iz7ANiqOgQISGLyW
uesPaSIxD9BcBtHV8BqWBCUUJ3rZcOkDbS+DYLcPAaJnOWYXSwmpZA== oI+LuNovMysqTBcb/NSx1T241hw2SAENO6WmV+/sH4/wWSYYVpPJUA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58 - recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3BKQlJXUWxzblRoRE9t YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYN2o0aUpKeFFnNGdSUTNC
a1V4NzZQMG54TE1tV0tZMjVBVnV5N3QxQWhvCjVIKythdGxib3QyeHI4a3Y0RUlJ ZzFqL2RiUVVlOFZEdEszZ3QrWTQ3eXNaWXgwCk1Ua0oyOGVEdGRXb2lOU0FSbjls
cEVoL2htMk5mZU5OMHd2UTZtQTBqRG8KLS0tIGUrN21oM1NCVXlwR3V1ZnFvY2g0 NW4rWEFWbEU2UnFvRmNCYTkwTzZTYVEKLS0tIHhZYWxWdGgxcUVTTE8vZjliekNj
QWVxMk94bjRKSmJKSnpWRUEvdUZSZEUK3gGS4A7ldmdNvHvcj1sj2Fp+AAkFLju8 MTluR2RGSEtKelNtOFJOWDQzVE1kREEKpv7aTl+HhVUQn51AfHcsRjXbYU0Aa/n4
G3hwTDoIsv3C+RP/nnK8UalahMzpBa7LSF5gh2KqFUnBS/G3Wnasyg== 7gMWZTm6nsCGTLqhRBOEhWHeGVMP8e8LnWzppMufv0Z1WxQ2PbMMKw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUXVxNXdJZmZJRFB2VWlG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucHR2SjBaUjZHSFR4Rm5w
MysyNUxSMmsyR3N2OVc1azJPR1VHY1hMQWdrClNtNG8xWTg3Q3BEWEtDTWMxdWp2 a0NYMXhPMFNjQ1hZdS9XVlMxQk1IUnZxSVdnCndUSkE2RC9QRDRhdW1yTVB1V2dT
bFRwcjZEdVl5ODlqMkRyTjh6c2lXYVkKLS0tIHA1Nkp6V2ErOVZYVVM2SXRmS2s2 TU9Oa1FhdFY0b0o4ellabHFuMVVXczgKLS0tIG9sWWNuV3RrQ0V3eEhkMmVVSmJH
aU5ZRXhJQTFDU0ltbm9QZ0d5alQ4dnMKSOrrVIv2OUqTm831mS1Xc33vqT2r7Sas V2RScFVneFlKdG1SQ25KK2FqSXJVVmMKjcR+mi48qs9GX1He2qYSXsf6VZhbR/s4
sRZHiw/nNVUMkGkWrd9/RqLPiN3JDuEoBvbUXKrUfoesOyZ4fzHgqg== eCjgN7zKzIhg4x97+N8mEcgTF6w1690/V6cIUYDsaaxpm5Y80/KF0g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNlRlNFN5MjBXOEYwdDMy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUkRDZGliOGpvajZML0x4
LzZOZFp1QU5KNUxQWTRpY213dzM4TmV5dFRvCkFway9hTlpTTU4zaElIMTMvV3hR TU1pUU5TaVB2d0o3TGJkd2ZhME9jNnBncGdNCnZiVDUvbzJUR21CNUZLYTBkRjZU
amYvamp1YndIenJJeEphSW04d2JBTzgKLS0tICsrMUZ0NFZkcGlKNEp6WVRtS0hm b1hyUDVZbnVVM3hqTnBCU2NmYW5WQ2MKLS0tIDZaSlNsWUg4c1pOYnAyd0h3Zlhw
dG96aitZVDBIQTY3QUdobnpTeW9rUWMKNxA6Hr/NB5IAD0JbnVwxEijYd94lPx+n VEtDMGtUN3d1cDlGVUIrUVZ3OEVMQzgK/ftAJQ2QuQCR5h8BBdLu10Y6myTXCjs6
6Px0rKlT9nboF2eIY3uY4SeWEv/kaidfDXJgTkUo4d+i6sLF5cdhMQ== Z1RoghfHGWxOFFuHzcsRdklInVLTeNhv8BI1SRwYuqZ2zVw8n29YCg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3 - recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmOGxxRGtJcTM4ZS9GRWFQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWjFvWkxxKzd2eE01dE1j
Uyt6eTBONHpsK2VCTldLYjh4b1JBZEJPQ3pBCkxXMmVtbnR4YnFuNWw2ckRXc0Nr SHJsQTdhQlY3cW5OdWk2azdPR2UwRWc4T1VvCmdoN01EU0xybGFBZmNQL2Fub2tX
bDBqalZobklUWGF4cUtmRXp5Q3dJM1UKLS0tIEdjQ1E1WFAvTkpCajhrcGYrM2dI ZFB0NlRKUkpQTXhZd2R4QTZSeTZmeTQKLS0tIFBQenBCMGlxWGsvRndvWnk0YzZp
YVliY3hPQkFXM3ZhdUw4SG5aVnR6NDAKZxf+Y5ZhqpzV/5g1zq6PTvo/yYClZ8rL RVVVRU9hM2V3Ym1YQVJsVjkxV2ZzSmcKZDd1nHWduaWuixFWP5njiy5vT5pUX5eF
ghZh3MHgXkh6EZLtuZHtHHGvUuDG8oYJLnB7kWfWNXTKAPFn3gEn6Q== 0KHukAqPm0UXkC3kFSfEPH84mhycrMcniIV8vagdVqjuMB/od2mZHw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw - recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNE9INEQ3MnptcUZwSVhV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOXZyNThEcTd5OXpFazBk
dUUwdXNmRjg5SzF3alk4dmJvTGZiN1VSM0M4ClVBOHhYbFN1TExkMzdqSm1Yd21w akxyYnNYYkt5MGk1dGNkWEtxWFlBdUtVakgwCk9KNDZPdHRZaEFtOGJHY295b2FS
NXZiQmpnU0U4R2JIcjZOK0pJVDcwNmMKLS0tIGpXZ0RDOHRvRE01VElaNzFMMGxj SnpCdGJlMFZxTWpBMDJKM0dHUjlPV00KLS0tIDY3TXAwNXQ2R0pUM1dYbnYvNGZE
VmlzSFhod2xYa0RJcG5GRXN3TlNVaW8KXt6pIgxUscBFTDND2Ssr7PihrX901dgC cU9heUlXT2IzTUhWa2dkN1BFWklYYzgKX6puoU0T5ozcy1rCnV1k+E1PC96Y2CAN
aRKH/AnVdXjUqdD/aN436pCnueh47gGkkzR+rWWuc6zvKItVIHTUFQ== nD1lFrvkB8G+rO9ps1gEeV1oxY/wBFznDCxyAHuCKcnxAvIb0lKvcQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYlh3MXN5MElUdmVOSFgz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMW84RlFjRW00RmRET25Q
aTM3cHc2Q1BjR2ZVNG15ZExlbkFzZGRBSkY0Cmo5YUNvS3RXN1FLTVJONFNVVzZu YlJ1SXJxWERibGRTeDlPVXlHQWxCcDA4M1ZvCkRVZER5WWUxeFNiZTV3RTYzMWpX
SzZ4eEJ2S1pXbVJsSUVVVEJMMm5LQTgKLS0tIFFkMUdzUCtvZlNsNlI5ZHVOR2Y2 VlB6WFBUbTE4SThuejM2M2lGZndzRUkKLS0tIFM0K1ZhbmtIU1JSSTd6Q0pWc0dE
UEM3eUZlVXFyZmsvNUxwT004SzZjNjQKeeHV9O57xgqa3dNyZijQgRSfY7toeWYp NjJkVnlSbVVOQ0R0b3pyeHNRdko5aXMKNZpSu/yTqxpZt6jMC1mQcyEDe+VU7JEU
P++LIbGgp69QzvCAF59oZ23/UKpo5AOIuP0gPQGNqUL5Yve6ZZQtlw== BxlRMW9/8s5Fqu852uRTQwrvAHtnlBPKrzurqjQq9byUY1Q6a0puJg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 - recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVWo4ejBHencrSlhPOHdt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUkJzcExuSFEzYnhPcFpp
ZzdSTEJVbWp4aUNmdjVBSENyZmcwRWorUEU0ClhPb0NpYlVrMDBQQ3NlUDhaSVpQ ZFFld2JZYkRaQmZHc3d5aGRubFp3eFljbFhBCmhacmRWK1hVYnJzK2N0K0tYOTkv
S2lMZDhENy9jUkVWRkZycGZJcTdKUVkKLS0tIG4vY1dnQmE1bjZIRHFZNW4zQ2dr SHZWaUt1clhpS0FXQzJoQTl2TmVaZmcKLS0tIFVWKzdQeXQwQkhFOGVDaUxsMnUr
SEFZU2hJV0h5NUFSQmNKaE1yTEdIbHcKVA6+8h634meNiMbLL4TqtwLmC1hRibfc L05EWEJZS2t3dUN2M3ZiR0VDQUVDS00K1Ju36/t7TGSY5JIpx+2+EfVnFem0JEGk
g5KfnN97JdfTPDp4cs8+egwQEPI2fxh6pPunIAQXo3P6baUBGZd5ig== nFgwu7OWAqISnlICD6BEOE2ikZemO7UMJuy2+U4yKCnnztjzXyKmAw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTXRvY3FoWWpuUFJzazlx
Nml1dmQ3ZjRpSy9TQjhGS29pVTR4Q2JSalM0Ck9qbEhHWVB0RFhyNzI2Y1dVYUt2
WENEUlVja2JzVzA0RElnYk9pWEpCaWMKLS0tIEwxWG9UbVczMEFiaUZzNkZsZVk5
ZXBOQm9wZFg1TmhManpUMXdmcy84SmMKiO5gYDCEMd+oyQS4+VDZ/+x7dwgm0QVf
pFbUYGzVH3My2KOW3mX4AsYny/VAZrBbyQudqCb+kuwc6zR2N/ovZg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-09T07:12:13Z" lastmodified: "2022-11-09T07:12:13Z"
mac: ENC[AES256_GCM,data:gqsD5gTtE5ZqWzWKAAIscecvIsGSC9j4Cnbik6Yk7Jf7Z5/NIxbkInzDsLmlU3ObbLZAhGAlOAKIrUVy37rCcEZ+I04ICXK1dmUdsVud6E4SvTdDjh9qlXTbEkcDCY2YqXlTuQl6IZyveaPuF6fRe1FMh8JEpDv/foZTl8+AuQQ=,iv:+nV6YW9m1B0qo7xbB1lw9dgiQ877GQ6OxMqjk7lei10=,tag:NmeSwBWRKpqlwZxYYC7trg==,type:str] mac: ENC[AES256_GCM,data:gqsD5gTtE5ZqWzWKAAIscecvIsGSC9j4Cnbik6Yk7Jf7Z5/NIxbkInzDsLmlU3ObbLZAhGAlOAKIrUVy37rCcEZ+I04ICXK1dmUdsVud6E4SvTdDjh9qlXTbEkcDCY2YqXlTuQl6IZyveaPuF6fRe1FMh8JEpDv/foZTl8+AuQQ=,iv:+nV6YW9m1B0qo7xbB1lw9dgiQ877GQ6OxMqjk7lei10=,tag:NmeSwBWRKpqlwZxYYC7trg==,type:str]