From af60555eead27be00f326d15658483e96aa5ca02 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Wed, 8 Oct 2025 21:48:34 +0200 Subject: [PATCH] update secrets --- .sops.yaml | 12 ++ hosts/fw/secrets.yaml | 49 ++--- hosts/mail/secrets.yaml | 63 +++---- hosts/nb/modules/development/default.nix | 3 +- hosts/nb/modules/development/mcp-chromium.nix | 57 ++++++ hosts/nb/secrets.yaml | 39 ++-- hosts/nb/users/codex-cli.nix | 15 +- hosts/nb/users/dominik.nix | 7 +- hosts/web-arm/secrets.yaml | 49 ++--- utils/modules/lego/secrets.yaml | 168 ++++++------------ 10 files changed, 259 insertions(+), 203 deletions(-) create mode 100644 hosts/nb/modules/development/mcp-chromium.nix diff --git a/.sops.yaml b/.sops.yaml index 99fcf13..8958b8f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -14,6 +14,7 @@ keys: - &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 - &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw - &gpd-win4 age1ceg548u5ma6rgu3xgvd254y5xefqrdqfqhcjsjp3255q976fgd2qaua53d + - &nb age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz creation_rules: - path_regex: ^[^/]+\.yaml$ @@ -22,12 +23,14 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - path_regex: hosts/nb/[^/]+\.yaml$ key_groups: - age: - *bitwarden - *dominik - *dominik2 + - *nb - path_regex: hosts/gpd-win4/[^/]+\.yaml$ key_groups: - age: @@ -35,12 +38,14 @@ creation_rules: - *dominik - *dominik2 - *gpd-win4 + - *nb - path_regex: hosts/fw/[^/]+\.yaml$ key_groups: - age: - *bitwarden - *dominik - *dominik2 + - *nb - *fw - path_regex: hosts/fw-new/[^/]+\.yaml$ key_groups: @@ -48,6 +53,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *fw - *fw-new - path_regex: hosts/web-arm/[^/]+\.yaml$ @@ -56,6 +62,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *web-arm - path_regex: hosts/mail/[^/]+\.yaml$ key_groups: @@ -63,6 +70,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *ldap-server-arm - path_regex: hosts/fw/modules/web/[^/]+\.yaml$ key_groups: @@ -70,6 +78,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *web-02 - path_regex: utils/modules/lego/[^/]+\.yaml$ key_groups: @@ -77,6 +86,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *git-server - *web-02 - *web-arm @@ -96,6 +106,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *web-arm - *ldap-server-arm - *netboot @@ -107,6 +118,7 @@ creation_rules: - *bitwarden - *dominik - *dominik2 + - *nb - *web-arm - *ldap-server-arm - *netboot diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index a8cc4fa..70171f0 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -28,38 +28,47 @@ sops: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNzNjZ1o1dXFxalFiRXUx - U3NQK0gvQWVRbnAxam8yZmJTTmRTaVVZdkdrCnQ0R1ZBWEVmcE12NWNuaDFtRGlj - UFRManh2VFgwUFJaNFpVZFNqc01oSkEKLS0tIHA5UDlHY1lDWUtwTk10RHZoQWQ1 - bzZ6MzhQQmYrZ3JKUDZoa1lDZXRHRDAKHtzHnt+zHgMsuyX0vP6xapvJ8796/vkn - u9U56OdFlqthTy870vMMoJWW3wAFfj/QV124bG63lJ02gAHEr/PGJw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWTFjSmFmb2xjM2lsWVN4 + QWVCdzNtdGNSSkVZRm5UL0hKL2RWU1FKSkhBCmJHYTFRUzJ1Ni9FQ2VqS2FSNlJQ + SVhJK2NOMEozOWxOTW81OXJrbFphZ1kKLS0tIDBVbzZHMmcrNXdhM0JuZk1YY0dw + d2NTT2R5TWVUMWpMMmVmSFovOU1CbUkK9Yf3mwBlMd1cGaUk7wVp8Q9u5F3r4njl + VPCGpBvJqiOcWoUsE2W2C1L4XGDUh+XAe48JU+phQbhkLTLshLCbfQ== -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLc0ZsVlNzQ0d1dGJlSzN6 - bzB0bnhHTzlodWJveFBmdVVCdjJ5c2V0dkM4Cmt1cHhJa2U4NmJZSUFGYzhCQmdH - eVJDUjc0LzdIOHo4TWlCeVEvQUg1b1EKLS0tIGRpTFA4TkgvU2ZLOXM3NktMbjRP - aGM2aVdRSUpsRXRCZE02MXJ3MVpxK00KO2dZUNZ1KQFg4bnNp1PEntL2fY1h+JCK - l7CnGwotydc9NybwYtisv9XVrz3QoiD09OiLvg7VkmfzEaGmqmja/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WkdZQjZxL00xZDhOdlZY + ZGdub05HRjRqSDNzRTNnUm5veS8zM2JPRkVJCk9lZEpkendNU3lXVE80d3RDTS9C + djJnaU92MjYzd3JvQmxkMGozb3NuaGsKLS0tIHhmcVRDMTJnb3IwdzBDT3dWOUM3 + eFBTaUVQVUpsR0YrM1RwbTJNMi90ZlkK3dKJo/RSF+6tLETYIyd2KQs9GsIy+o4f + yfUxV00Fjk2giP40O5nXPn1kYfNigEfkov/gbPxYYItoBsG/FmlxIQ== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQTBxNkV2REdrRS9MaUxa - YWxNOFBKQlAwOW5qSk9hM1Q5c0tjZTdWUjBjCkM5TmtwR2RBRER3Uzc4dWtGOVM2 - bjZFZVc3V0t0enhyam1DWVM3b0h5WlEKLS0tIGNPUzFJUGRYZStMRTMwV3pWTW1t - V003cnFtYVNEbERiRDV4bmVXVlBaUTAK7pLGaixTRCg5lKhN8CN95cdr7X8X1oDY - LX2t+SPvb8hqsssLf/mqVxPsgAXl0L9lfsYtRsuMWONmaJsOleVE4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZ0RMWjFWV0hSTkFFNytn + SzgvMlFSdGpjMDF1Yk9PQ0gxTVgvM25SQ21zCkJjRjRaMWRrZHNCT2Ftd1N3Mnox + YXhuQXlwbThycGNadlJMby9EbFFQbWMKLS0tIFlyRkZNMDhrQnhJbk9jd3dpeEh6 + MXVIa1ZJMVlvYzR3emZTeEJGbE5mSFkKDecPJChaacdkyn9jlmZFrZQu3pKD087n + cesiKi+gKI6kagXphl2w211sC4Pjw7I7t0a6JNntcR9VTDTD392m2Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSm1FRkVTQW9keTNYMlRh + TVN2U1dXRTV0NWJsbCtoQjhHS3NHb01vWjAwCnFVbStLblM4VHF0dFgyQXFmczJ6 + WkNjbkFEaFZLU1FBd1lpZ2gxQ2xUNDAKLS0tIERndVpJQXFKR3RWc0FGKzVlRzZU + eDAxQ2g0Z3p5VEhWMTRQREc0d3BybEEKtxC6DIOll8E8G/N6jYfJX/nqfawvISKf + G/xiVB2vEe9Q5GmNXQBpzLynfT7olu7v/PBeN9U+0knpTdEHFQZPTg== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbDA5U0xnUDNXYUtRVVN3 - YW5aTFg1T0pOZWc4cXFDRDlrRmxZWWw1MUdRCjdlUVg0S0IxTXM4ZXcydGR0aldu - WnU3ZnUydUh4em02TWFVamx6a0xpQmMKLS0tIEdpWFg1UEVGNHIzY2VZZk40NlBG - WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j - eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMUYrekZaQnpHaGw2Z0kr + ZjRDc2xvc0NwMldlVlNWNDJUeFR6Z2VGT3ljClJSaTBHQ25OUzVydDRTTVVxT2VW + VVVxZUlyeUY0ZFJrc3ZRT2FEdklOT1UKLS0tIEJGZzFLZytEZEJVTXB3QUVqdmd3 + RFFSaTZ1N09aR3YxcjdUQmZaaDdsd00K5DnkUwqOxnaY++MHL9ls0JOovuxyBEJy + XysKbnAWumt7sZxAboJZslmakstoMK2p4BxAQDBz4N3pp/UeoorWuQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-07-07T11:02:46Z" mac: ENC[AES256_GCM,data:gf6Lw3aiGLVHNNrt/9SwFtK9fnzI4fiNf4/MjlHF+BSGnwSobccbUFObsT5mnce6nMsFM3kZ4Ac1ceckND02CH+P4hf5ylczPibz8B8sGDUulLmCpddBG++eXU4CO4Oi1VBqiCqkxPGPDtgidOMy+KJ1EHvSaiD/duOXrE9/qE8=,iv:RxIohGvtU+GGnpmW/k+fZlQLT8+13P4+5ZMHsDoSY94=,tag:5QNfKhjwCB8Q984WAIXdnA==,type:str] diff --git a/hosts/mail/secrets.yaml b/hosts/mail/secrets.yaml index 7b63233..1df4db0 100644 --- a/hosts/mail/secrets.yaml +++ b/hosts/mail/secrets.yaml @@ -4,58 +4,53 @@ netdata-claim-token: ENC[AES256_GCM,data:ECx8zLnU/dj08vfA76oVbVzL3JG9MLBoFmxSjtj openldap-rootpw: ENC[AES256_GCM,data:W0em1Dffg+IUoynwwPD4NjFksR38ZO4mhWFI83ALvYcwYIplxw/gDRLGCqbSt6TR5C65CKr1sOUiU+4Xq3UWmw==,iv:BHQhISTIYuwSM3KiSb0mEEo3BMNo6FXEDXoIvI3SZrU=,tag:tX8gfnk1JYnaNionk/jrLg==,type:str] dovecot-ldap-password: ENC[AES256_GCM,data:JYAt8/WggwclNEPO9CaWfQsvQBA8DDJCU2km93HpowoVwIdvQ/0lQHeXndPYe1EmJGJ3vLErie+Zn2kDINIMqQ==,iv:HR0QJ0GgQks3NzhfXwjHupCKcPOekkiTcp5Jxbz7CxI=,tag:19m7F6TjGUPOuHQJuUq2pw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraEttTi84cGd2bkd1RENP - bm9zRmlNdWZtSzZJVElVWW5qTXlzS1lreTNBCm9BMnJ6bEJON2Y5aVZvVjFmQlJw - VVVpSEVRNDJaa2FadFh2U1gySHFXQmcKLS0tIEhjeG5Wb0FDMlBxWW9aem45aTdF - N1ZQNlE2aTl5OGhqTUVNa20yelNpcW8KoXud5IID1g/KOvM30wn2cJFWQ5En4M5H - kJ/cLDSIBqgOpjtEeEDtMsKG4yW3H91YbXjwQ0UkoPJorauVPWnTYw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkS1BpaHFOSmpWS29qYXR1 + VFNYbDNLTlhyVlFWa2FoNDhCbDVKQkFiTTAwCkxVSUJCTjdCcVJyeGQvd21JSmZ6 + LzVnK0ZMeFoxajdGaERoZ0t6L0c5REEKLS0tIE1HUnY4L3Frb09odEYxRm1QVUZr + bXlyZzBvaWtLa0hZaERSenVFd2gzWlkKNipeWlQnOLI4QxEwJIheAfYqVXCn2C2Z + 3rIJ5lK3DLAvdRjC1stngMzg+BPHMDUo1sXoR1/PhUEWcqPJ22IfMw== -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbVcxeTJZM1dDUFhIZ3VE - ZlBaTU9tQ0Y2V2xlZFUxUXNKcjdadVVMd2w4Ck9TK2UyVFVTVSt1dzNWWUtxYzdw - SVZ3R3VjRUxDMDNRWnpRZVBHWXdzN0UKLS0tIHQ0ZW0xZDd4bFVBV0ZjZE9Jcm9F - cVd0aW1qWHFMMjh3SXhTYjJrN1ZEZHcKi9QhittNcxnz+Zzc/pyFutXg3Z8JJjgc - j3rW5N6eNJw0W50qPw0xdI44KEkWOc4vh+QGcPY57yqjSy4+SjWhWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cE11YkI1TFJxKzRCVFF5 + NDR4Nk9PaDFmY3dESWM4dGRYMXI4RzQzUVY0CkVpS1JXWG0zL2Vlalc1N3FHN0FH + VFlqUklBeWZiQ242TUVmWm5sZmw4NkEKLS0tIE5wc2hHVTd1MGVsTFR1eCs1Z05y + cWo5VmpnbUFLTFl5L3R6aCt2am9PMzAKWLV6hqqxYkqlmNCwQeNJbxqq6neX+4Md + Nh9QesLSr/SRWhp61kSby5X8JytciZ9eSRx6B9igRFVwfyojImYcdg== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TnNnOUtsbFBzS0E0bnFK - NGk4ZkRjUWdRdG15aTQwU2cwQXdycjhxa3dvCkUwUGdmQ3FPQnFhZC9NcE9LUG1O - S0lydjZkdCt2V3R4dWlnUlBUSkp2RXcKLS0tIFJ3UkZhSkhTMlZZSjdXbFBObXNQ - RW40cXUrdFAzb1B1VTUzOGY2RTcveUUKFxxBBioTXTZ3INRykgRPoYwwbbuDMiXH - /Oy5yWE74I9KZJr/2idzd34Dq8PUB28lDyiDdxlISyAS33D4H0cl1w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSXFSRlRWcE1vUWM0OXJr + eXZmUmZ1VFc0ZVVWWXVIb29aUmYxQkNRbEVZCjY0a1pkV2d1Zk9BbnhNWGtOZFJo + Z3FmWkVsUkRtaXh3WStlSndCVTlnLzAKLS0tIDZmS0VLUjA4NnNrRWsvdm1LRks3 + NTF6dUZQM3RmbHBMc3poMTdsclMzVlkKHVwRRgCgPaA+/tw5Acl9RTg3W91xPZJR + elST65f/fGevyvyZcu9HCVcjymuoa/ghuJqKRQw0S8ELGQjbBSS++Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTnd0SUdmRnBBNDRsMTlW + QkplQ2hDMkw1dVZmS1dseUtzU0loR0tQR1hnCm84bWJQdVg5OGQ0NU4xZ3ZoSnBB + NnVnUzZPbGZ2UjFaRVFFejIxTDV4cEEKLS0tIFFwZE42OFljaFB0emJ3WHBFbUk1 + d3F2cEp0QkFHcFcyOUVKWDdxM1hFVUEK+SyLcwXdpX+GQFXB7UFHmxD3BkVplA9V + 45K3fn9/KoZl27ECdvv6M/CweZBnOjcOUFjZCJDovE9Hmv0337c7Zw== -----END AGE ENCRYPTED FILE----- - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZHFvbFMrZ1dTQzBZUkw4 - dkl2UUlmcEZmZUVKeHVoSytYRzZVQ3p6T2hzCnJXaUJ4SUVaZFR3dEZtQ2ttZWNN - NHo0Znk5TjZzemtmWHdkSGlIZ04zUlkKLS0tIDRvclhTMFlsdERtQUk0azJ4ZVFM - WDMva0RCTnkzT0RWeWY5V281M0hjQkEK9o9cIFOiEwFeo+77QI9lXqdxlMCNGhOY - BtowL/7wo0Tfi7+CkBuKP/Bxp2D0x3b4OHDsoCNG0nc+55F/rDtR5A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMjIwT3pUcHlkc2N3eWZl - cVdtT3NGcDNyMFZ3V1lhWGdJMExyVXYwUTJFCmMrZ3dwZm1ZcVZVMnB6b1NPUDVR - UFZUaHdRVWFNKzNrdGE0ZWxUNnVOeWsKLS0tIFhnbklUMkd4ZGFrUjhUcVBKRktX - YXlwV28xR2poYnFja0xVdzRPcnZmV2sKDbM77Msos187Du6D7s1wlgEuVxqQ4cw1 - Rwm64kyiQPwh1W9sPhMOZWyEvUTP4QL2Bs6aB1Javf4BDKka0PeP6A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQV251c1IrbFpad0lBN05t + enkreTd5TGI1SHJpV1pRdU1CRFRHL3FZWlJFCmtMeCs4WUlRSFAvcmZsUmdaZnNZ + TDJHak1PN2ZOaDYxTlNDVlRsNnYvNzgKLS0tIHBieEJuY0pKbmlEZ01QblU2blh5 + Z1dUUVpkZXh3d0lRbDlxT0tEMmR0eVkK9tea1FeroVL1KoARpACREz5KaRA2uMCI + O/ieCpzdFniJhX4Ulm4N7R7nc4OqSm9+i3Ruy3aKJ5305tfgGkCqQg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-08T11:20:50Z" mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str] - pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix index 75afc24..ba59a92 100644 --- a/hosts/nb/modules/development/default.nix +++ b/hosts/nb/modules/development/default.nix @@ -10,8 +10,9 @@ in { imports = [ # ./mcp.nix ./coding.nix - ./android.nix + # ./android.nix ./nvim/default.nix + ./mcp-chromium.nix ]; environment.systemPackages = with pkgs; [ bento diff --git a/hosts/nb/modules/development/mcp-chromium.nix b/hosts/nb/modules/development/mcp-chromium.nix new file mode 100644 index 0000000..d4dd9f4 --- /dev/null +++ b/hosts/nb/modules/development/mcp-chromium.nix @@ -0,0 +1,57 @@ +{ config, pkgs, lib, ... }: + +let + # Wrapper to launch Chromium on Wayland, scale=1, DevTools debugging on 127.0.0.1:9222 + chromiumWaylandWrapper = pkgs.writeShellScriptBin "chromium-mcp" '' + exec ${pkgs.chromium}/bin/chromium \ + --ozone-platform=wayland \ + --enable-features=UseOzonePlatform \ + --force-device-scale-factor=1 \ + --remote-debugging-address=127.0.0.1 \ + --remote-debugging-port=9222 \ + "$@" + ''; + + # Desktop entry that uses our wrapper. The filename will be chromium.desktop + chromiumDesktopOverride = pkgs.makeDesktopItem { + name = "chromium"; # ← important: must match stock filename to override + desktopName = "Chromium"; + genericName = "Web Browser"; + comment = "Chromium on Wayland (scale=1) with DevTools remote debugging for MCP"; + icon = "chromium"; + exec = "${chromiumWaylandWrapper}/bin/chromium-mcp %U"; + terminal = false; + categories = [ "Network" "WebBrowser" ]; + mimeTypes = [ + "text/html" "text/xml" "application/xhtml+xml" + "x-scheme-handler/http" "x-scheme-handler/https" + "x-scheme-handler/ftp" "x-scheme-handler/chrome" + ]; + # If you want extra desktop keys, you can add them as a raw block: + }; +in +{ + # Tools: Chromium, Node (for MCP server), our wrapper, and the desktop override + environment.systemPackages = [ + pkgs.chromium + pkgs.nodejs_22 # 25.05 ships Node 22 LTS; works great for MCP servers + chromiumWaylandWrapper + chromiumDesktopOverride # ← keep AFTER pkgs.chromium so our .desktop wins + ]; + + # Where Codex CLI reads config; we make it system-wide + environment.variables.CODEX_HOME = "/etc/codex"; + + # Codex CLI MCP config: wires Chrome DevTools MCP to the local DevTools port + environment.etc."codex/config.toml".text = '' + [mcp_servers.chrome-devtools] + command = "npx" + args = ["-y", "chrome-devtools-mcp@latest", "--browserUrl=http://127.0.0.1:9222"] + startup_timeout_sec = 30 + tool_timeout_sec = 120 + ''; + + # No firewall opening: binding to 127.0.0.1 only + # networking.firewall.allowedTCPPorts = [ 9222 ]; +} + diff --git a/hosts/nb/secrets.yaml b/hosts/nb/secrets.yaml index 84caaa3..505fb73 100644 --- a/hosts/nb/secrets.yaml +++ b/hosts/nb/secrets.yaml @@ -16,29 +16,38 @@ sops: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUG5oZ1BPL1hiRm5zQ3FO - Zks2RWg1ODZGYm4rY05wT2dWTHFCN1FhcEY4ClB5N29SclVxWUpGaHF1V0o1cHVK - TWtoTGFsRHVERWgxczlqdysrRmVDM3cKLS0tIFNISWhUbmV5dERHSXV3ZW5Gd0l3 - bHZHdy9jUHhLSTFUWHBxUTcrT3FoaHcKpKjzC3KDD6TXpbPm/ObztJQzkNnnTnvH - uWzRhQg7lHAKiiz4szzT64WCuisxFAOJP1KrSK9qP5DLBm8aKIDcPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMnBLcDdsczB5TnczVFdQ + V2NEZFR1bkNvK09HZWV1MDg3RmRHbXNYeGpBCmpmemFjYzZQMXAzTmh1NWhOMkFK + UGNBRDZZa3dhUFVpa29JdWVrdU0vd00KLS0tIGpQeDdFNTFIRjg0SEhrQURVdW1Q + VmdHNkI3eDd2aHo1VTJhZHN4bGxNNzAKcIrRBasCcoNCdYM3lcjzMIME8jn48x39 + 0DJGKX6/hoVaUlpRcCfnEx5Ihu4dSBxd2PMz7DgDZizftFWOJ2TZaQ== -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VU1JZ3FkQ2lPVE9KeGMw - c1lRWGlPU1BKbXlJc0lnVURNNjN4bDRNWFZ3CnQyRUE0MXllajgySHRkSTNRZ2U4 - K2w3bWEzNmxrZHRybXdFdnZCTmYySW8KLS0tIFduVUdYdDdVOS83QUxveG5lMDRi - M3E3bDhrM1FvMERESmI2RTdBTVNUMlkKoKhTGUYULeQvqMjwMCanDxD4yflGURgE - ROZe6d8R5Sya+RsS4uzNMs5KkjGeC/xjbNO22uSRennIwCqBaHNmgg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTV2hRelFkTVdSOEQxaExp + VGNnb202UVdpK2wwWTl2YUp2VU5WRTViaGpnCllxKzNCWExZZnllQ0lvM1ZPbjlz + TndkRHBvRHBaVVY5M0xZTmFXRTFlZzAKLS0tIHQ3QWcrYklaZ2ExUnRObTg0YnNG + Nk5JOFQ3M1pBdmg5dUpkSFZoQXY3QVUKNL3HpYBWsGdHPG/eUlU5+G4Dcnk6efX1 + e7B2ye+mzMjt0Kpz5QxltOZIiTyvNLKNUijNgmoK5RGJibJCwbl1ng== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMW1zeU5ubDloazBKNFR5 - M0xnbXQySWptOHFEQmQ0VHdvTWVieitYK1drCmI0VW5PVUFaTFo3STF2MUxSOXhC - T1YxY2lFMitKM29rS1FKQWRweStxUlUKLS0tIEFnQTlHcFJEcTAxem5QK2xrTm8r - L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W - A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZ3RBeUM5NE91K0RnQnhU + cE53akR2bnU4MmljY3BWcjlNOXZueWpJNEV3CkFOdWdGaXVrM0hvNTdubFkxdERZ + TjQvMDc1cEM2TnVabVJNTnhkK2hyMmMKLS0tIGhLQ1liSUhnVmw4N0lWR2Y0clV6 + OXhTc2YwWXhZRzlPbDdkZE1QUUVNMFUKHSE1LckK00qdCBl4iK6lzOzlIJ0WnSrk + c9kuwHrZoQIv6JuscjkJ1n9/SeDZoFRnaEHC31txMot/tkpG5iyrbw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSEFSaHIyVnZsOG82UDJX + VDhjOGxTakVQZWttTFVxTEUyUnpaRjZmelFjCk52RGYwRUhkMVpSWXV1UFFhelhl + Nk9QazR0V2JaanpHMGVOSWF1aTRRZ00KLS0tIFk4QS9uVGJVYlh2aXRlQi9WWkpn + WmpuN3RGK2pCdzB6TVkrcy9YV0lPRW8KWbTtmqbkHibf6SfueCE+s03Efkr5Oat9 + sBi4uDTmaaqBEcoO1mQ4MQD/On9tZzThjfD8v+m0wUU5xGvE5naA6g== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-06-05T16:28:03Z" mac: ENC[AES256_GCM,data:NNYwveO78Q4cWOPPt3Pyqh6AtbfRj/ax6D4t2KlVXWSLzKTUZKKaULXGY5PBp/jI2pyhPp5yEMhEyjRPWC8Xhvxjv+NLb6KltgaMfzIBS/jfSNk3dcYx6i8Y2oSG1efLJrRMc2Q/uACeztyivtjV9A7JCrEtb84Wb9HzkI4nZVs=,iv:Q8cTw+/RMJ3WHrkB9lyaAyI2K3O1ZhDnAMUYMJ4JMRk=,tag:JvrLiaKKYXiOmud4oZZZ1w==,type:str] diff --git a/hosts/nb/users/codex-cli.nix b/hosts/nb/users/codex-cli.nix index c093110..9bd826d 100644 --- a/hosts/nb/users/codex-cli.nix +++ b/hosts/nb/users/codex-cli.nix @@ -5,7 +5,7 @@ let npmPrefix = "${home}/.npm-global"; node = pkgs.nodejs; # or pkgs.nodejs_20 in { - home-manager.users.dominik = { lib, pkgs, ... }: { + home-manager.users.dominik = { config, lib, pkgs, ... }: { home.packages = with pkgs; [ node gnutar # provides `tar` @@ -13,6 +13,12 @@ in { unzip python314 # useful for codex model use jq # useful for JSON processing + (pkgs.writeShellScriptBin "codex" '' + #!/usr/bin/env bash + export TMPDIR="''${TMPDIR:-$HOME/.cache/codex-tmp}" + export XDG_RUNTIME_DIR="''${XDG_RUNTIME_DIR:-$HOME/.cache/xdg-runtime}" + exec ${npmPrefix}/bin/codex "$@" + '') ]; # Ensure ~/.npmrc with a user prefix (no sudo needed) @@ -34,12 +40,17 @@ in { NPM_CONFIG_PREFIX = npmPrefix; }; + home.activation.ensureCodexDirs = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + install -d -m 700 "${config.home.homeDirectory}/.cache/codex-tmp" + install -d -m 700 "${config.home.homeDirectory}/.cache/xdg-runtime" + ''; + # Auto-install @openai/codex if it's not already there # (idempotent on each `home-manager switch`) home.activation.installCodexCli = lib.hm.dag.entryAfter [ "writeBoundary" ] '' export PATH=${node}/bin:${pkgs.gnutar}/bin:${pkgs.gzip}/bin:${pkgs.unzip}/bin:${pkgs.curl}/bin:$PATH mkdir -p ${npmPrefix} - if ! command -v codex >/dev/null 2>&1; then + if [ ! -x "${npmPrefix}/bin/codex" ]; then echo "Installing @openai/codex globally..." # --global uses prefix from ~/.npmrc; PATH has node for postinstall ${node}/bin/npm install -g @openai/codex diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 09c13fb..12200d5 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -646,10 +646,10 @@ in ssh-keygen -R gitlab.epicenter.works ssh-keyscan gitlab.epicenter.works >> ~/.ssh/known_hosts + git clone git@github.com:AKVorrat/nixos.git ${persistHome}/projects/epicenter.works/epicenter-nixos 2>/dev/null git clone git@github.com:AKVorrat/ewcampaign.git ${persistHome}/projects/epicenter.works/ewcampaign 2>/dev/null git clone git@gitlab.epicenter.works:epicenter.works/website.git ${persistHome}/projects/epicenter.works/epicenter.works 2>/dev/null git clone git@github.com:AKVorrat/epicenter.works-website.git ${persistHome}/projects/epicenter.works/epicenter.works-website 2>/dev/null - git clone git@gitlab.epicenter.works:epicenter.works/nixos.git ${persistHome}/projects/epicenter.works/epicenter-nixos 2>/dev/null git clone git@github.com:AKVorrat/spenden.akvorrat.at.git ${persistHome}/projects/epicenter.works/spenden.akvorrat.at 2>/dev/null git clone git@github.com:AKVorrat/dearmep-website.git ${persistHome}/projects/epicenter.works/dearmep-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/eidas.monitor.git ${persistHome}/projects/epicenter.works/eidas.monitor 2>/dev/null @@ -658,7 +658,10 @@ in home.file.".wallpaper.jpg".source = ./configs/wallpaper.jpg; home.file.".wallpaper.png".source = ./configs/wallpaper.png; - home.file.".local/share/nvim/project_nvim/project_history".source = ./configs/project_history; + home.file.".local/share/nvim/project_nvim/project_history" = { + source = ./configs/project_history; + force = true; + }; home.file.".config/Cryptomator/settings.json" = { source = ./configs/cryptomator.json; force = true; diff --git a/hosts/web-arm/secrets.yaml b/hosts/web-arm/secrets.yaml index 6473060..26465c6 100644 --- a/hosts/web-arm/secrets.yaml +++ b/hosts/web-arm/secrets.yaml @@ -32,38 +32,47 @@ sops: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZa3JUVk9UQ2xvdE82MFNZ - QU1HSktJa2RpbTNVajlES29qdnZMZjR5dlZFCmdhaHEwOXdpdFJaOWpzcHZmUWUw - czFUUjJ1aThrQzloQUs4STVJNkJqdUkKLS0tIFUybFpweWhuQ3RhWVhEZllIKy83 - WUhmU0Q5L2M5MGJBb2RXRUNUanJ2UDQKxDH3kQ7PxBgHbkv7HPhSmyHIT6N8qmCf - vgRYuZWFgMas1BsS2/F9jmWxUtcqj6/LClmKvIlAmr7OiEZ8fLBTDQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU2ZiVW4yWkF5bDBnWVkx + QVFkTTZ6SlA1ZEFNMUpYV1ExMEx0Ulh1dWdnCmdrVE5tYnkwZkV3UWZpbEI2TjRu + YkNLT21sbmhDZlFJL0IxakZKamRRV1kKLS0tIG5WdFpOL3lubWZpTjI1bi8raGdh + MWovMVgzMmlDeVdPYU9EVHp5cFpOR2MK2HEG8AmgkABIfyf+TGCgMiG94AJEdRUp + bJ45NqVMHdFBb3pX34I9vbcpAuvWm+0UMJc5tndD19tulcBTOkCsVQ== -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVDI5dFlSajl1bXkxb09C - NlRFM3dpTk5KbkZ2RGZwUUVVdGpHVzdac3dBCnVJTWVMN0t5Q1MzTzVSSjRDQnRN - NGVKa0h4K3FpZUhmcnVkajVOaEd5bjgKLS0tIHpVWTJIa2NOQXNQRXhUaHhKc3JV - TEhxV2g3N0w0K0E4cjBhK3h4R2VONk0Kqmgr6vvwyP5GUNGEJT4lGk/q+6D1/vEc - iAx10xVmtDvIuWTPwNHM5Rlx1SesloGiTSgT/MwzaUYm8lkpK6BNPQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpVE1IdDlKWUR2a1dYV2Nj + N0wxaTdnVThiVWR1RjBWWWNIenJOM1gzbVFFCmJVZ1F3YmdWNjJhV2p2LzFCaHkw + TTlWWktxbWpIYXNKaG1NTWxIQlpTNUkKLS0tIHYwdVdQam05dEZPTFFyeEFmQUJk + b3FSSkNxekhRcllUVGExMis3bm1ySEUKHT4Axi4FjAPxjnv4knAxlw5Qk7uOWDie + XU5oc1gqX6/8So/VAfGqATxyrC4ceg1f8D62QEUkYVe3UOSSXrhrPw== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc3p2TGRYRFV1aUg4Z1JF - MXBYUXVRTTYza3UvOTNiYVV6TWVBZDNMSkVVCjkwWkNMQzk5RVFBYkNqNmpKOGwr - SGlhYm1sVUs2S3VoNzZ4T2pvRkVkeVEKLS0tIGEyQlhQcmtKcUh2NnJLZ3BFeWdB - Q3lVNlFxbWhzeVBaMVd0ekxEVTJBc28KyCK90KW2wb9bXup9OW6J1Gnrlb9X5e8l - c+kztOq76I8NtSAnrwfkpp7iJYH4F4TEU6meFGO4Ev//duKoBT74TA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTXV2TXdaSVZveTBINkdl + QlV0QlNGdGRVMmRWRjNRRHpjcEJDTzdRMlhzCi8vNkV1TFROVlZsMFVLcHNaMkYr + SVp0ZG9BSWl1SUU2cTJkSTBBQVhWQWMKLS0tIDhKV1hQeDh1OXZpTTJWVEQxcXNX + WS9FWG1jdTZqMVhCMkJjQndlcUVjZ3cKeIdiDFlg1ABxACX8TFYJ+hLrpHMBOQKy + YHlLY6tOwiFKZw98CqqfZG33aXdo2buD7jfGiK+v/VESyfOLqBxFkA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ2pLV0lFdXQ1anczZnp6 + eFE1ZndLcDlFSjkrdjBWUFAvOGMvM3FRUXpFClhFMjNKcFRldE5YdXp3ZHFzSWpm + NzBhM09UVW5GSWNCQjM4MDFObnA0ZFkKLS0tIGVidjY4UUxDeFV4QjZMeVNLdk9v + aG1HN2dMaWg0d3BOWm10NVFoYUgyUVEKdPIbG4IWEWsQDqikAMFfQ4M1iJUC84QU + OEpdVIYPsyF0WA9aQmmYtvOBB2T1R7ilOVurVb1KqtLA4njzIHoeEA== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZREdyNFNQRkI4L3BTY2FW - K3lFcmpsQ2tIMWYyVnVDbllPcktBMmVoMlFRCmlwa3RubzFzMmRTRDJYZUgvU1hN - SmFJWXR3UjhEaUJtR3hSeGN6UnJ6WE0KLS0tIGFXQmIxYVl6Y1djQ2lrcjRUNDdt - elpYSDg2Y09Ia1VEaE9yUWRYMlk4V0UKcsiKxtTdtAT7odCCua7wV/3879QEp2YJ - iIVgZIrTg34tEGj8VbACcGINZfid3SSkUM4hnydP72ZOOfijIN21Ew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbTNXS09KNDNid3B4eklB + eGZkNDdkUkJQeEFmMi9TNnViUTZtYWFHbmpzCmlPbUVYMzlyY2FvOFROSHRhVXZa + TzhaUTBhVnpUNk12bVRLUndVUWJpNEEKLS0tIFVQQSsvakhnU3ZRZkZFMkpZVndH + RkttZkZIZVVFNml2dmU3dDFvbkhSekUKxsgf2LemWDiae5a+RO5ttxQDSMkll450 + w0L3e8JWP63sipaN4Fc5d33V54/yLD65PWPRZr3oZn4FdjHCBsLGeA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-09-09T09:52:21Z" mac: ENC[AES256_GCM,data:FXQ0mXR8CZR7kPNbmpjXTLmhPlJlgPaJMP5Z2PA2ZORBwSAzyms+a/FFwRnIzcKk0MJEhJH6rVwWCwo0AlPtcwzL5Cnm+mkW3EgN9jtIZumvvtZwW0zWM99F7UsBTboJnG7kGbkfqqRVC4svv6G7xMkbxKIFqwJTUJqRE5vrqnQ=,iv:cuhcQtpF5TMBqx9x11zcxa+5S0IqMngC2dGfJGU82/4=,tag:GKtEOxWuDzcKa5RtRacQTA==,type:str] diff --git a/utils/modules/lego/secrets.yaml b/utils/modules/lego/secrets.yaml index 722f2ff..e617a5a 100644 --- a/utils/modules/lego/secrets.yaml +++ b/utils/modules/lego/secrets.yaml @@ -1,156 +1,106 @@ lego-credentials: ENC[AES256_GCM,data:cn7n1jOammEdvzYzBKJ086c1bHc77GN74uncg35ClaTBvb5w3F0lQazJqBJoIf365Q==,iv:FLrr7WwGgzjuENOEi/Sf8Ti6wcQLPnBkJ+/DxyCUM54=,tag:yQnDsDz+btx3MQu/4w2ixg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Y1VTUWNXMWdDRERPcUxU - ZTNadjlodGptbDhpRHJ2Z0gvY2JNQmFkdVdzClVGeWRIOGxqUHlkUEU1L0NTMUc5 - YmozYmR1TTdOTDNXOTNpbll0bGhqUGMKLS0tIDhTclB1NUtQZXFLR3phcEVkRzl2 - blVocE9wZjRydTMxa1E4ZUNOV0dPN3MKlP/9qMY3JgUb0fV+oIAVYVooX8I9lhIH - oRCALbQJQETlczXf4zSx1htXVctP0/fifSozFvo197pCjAxIl6d4qw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYWJlY2J4RTBML3VQdzgv + eHhnbHkxMnJITmpiTkU4RHNCOWlOb0tWVHlRCmhHYmEvSW9ZeGprL0lCZDlnUmNl + b1JwdWw1azQyMFRNSzdZUkMyaTJHbFkKLS0tIEF0Sk93d2ZVV3ZEMVUrRVB6WWNs + RGhld25tYlNVYm4vclY4SnhFdWIxcUEKK9om+AXDMNz99E5Isxe5RsAQFUmJcEdm + QrhVnksGJibKXIhdalqxujjt7u6ZwEMnBvM95AhRazvSYIf6G6gUkQ== -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTGF2bEwreFA2dzNnbjdR - UktlTm84UTcxNDdyaXE3akZzWkdaVXJPbWhFCkJWandOZDFXZWpFdXQ2Wm9CR3kz - eVZQdEdDMTN1SWlOVlJMSGNCQ0JMZU0KLS0tIGZvYTJ6bnJqYXdiVkhqMjBsbGRF - WS94bVpvWklpTTlDeVZET2pWRWJNOXMKlzLWxsxCqIf3h2+ObCoyR8KuDQdPM86R - DA7XCvfBOMkr1bnZLVi0mLM3mwnYmLDyfGIjULaR9KK/S5CCzF7JDw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNGFjYUM1djczYURQWHBN + MmhvRnVtSDBqRTJHY0p3NWdNRlFIQmFPMEZVCjUvQi8yMElvQUdPK1ZQeGFmbm9w + bTdhVmMyd0tjNStpTm1NemhydWxnc00KLS0tIGI4cmtHWGExYjhYL3VaYkkvZ2ty + Ri9ZODBSajlqV3lwbTF0WHFBUFBta3cKx9Hls2u8B6ZkRaSKIEHhHsRHp06juwqT + 6TDkA1anxMi4ffQAFijtiEyFYHDnA76bwuNkixICMasmFOdCRWM1jA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZWVhenNQUVJRc0NjZWNR - M3RBVVByUHV5L0FqZEZmUklkLytGUlNGVERJCmZDWXRjSk0yM0lLMDVlVUI1bG9C - RTNlUHZ5WHp5NTVURDVnQnZ3OFRnUnMKLS0tIHh4c3psanl5cWs1NVMwNHlEcE9l - aHBzdktDZGdrc0UrMng3R2xwWHpFclEKuum93/+TrG0Bz/FyPT7N6U1fpYjD63bj - KDOaNxsfo7oagMJyNRkUSv4q1zZ8uwMKUXBSiWdiQCKt2m66Dm8ctg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTEVielZEUi9rSUxlSEgw + Y0VVd2F4aGt4a253ZitMWTViVFdJeTJacWo0CitGTys1c2ZUeGJSN2grU2hTMmw4 + Uk5FbGljU1huRU5wakJRLzRaSVZOYm8KLS0tIGNMRFB3VUIvaDhiaXZFMy9kVGNx + SXE1NmNuTThXQnBldmttRm5vVmtRd3MK4ixdF0RMQKeOuZt22RskFcUy3GAvhdxf + ooqX/8/5hz48M1Z5LC4XO8VreF0QYY6sM+lN2r9yP/6vOPRxre9RsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdXVnTXlQN0sxd0tkc09L + YkFZcG1zcTlObWNuQ2tHb3FKSmFSQmszNFVjCnVvcmNoSExBSWdFRTZkSlhUWFNn + dzhMQWFua3BXVHBxbjRzY2dGRXlsTXMKLS0tIDErQklTRG8vMDZ0OEppS2FRRTRx + Yld4bWhIMzJBY2JtaHh2Y3JvcTcvZ2cKR0Bb6BzJx9r+Ty/TPH/21/b7ygVG1cSi + VUK95j7RScLJte5YjRso5Hm3vKuKKvQDurb9hniyJm78H6lQ2rm8pA== -----END AGE ENCRYPTED FILE----- - recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOEl4RkRXMFU1ek1sWmdG - UEZaS0h4aXNybUIzalVNbm5sMzNtL1dqc0ZjCjI5d1N1bGNCRTdzTWZEeEdzYlQw - d0xGMS9TakVCZVpVVHcyYXZWQ0NubE0KLS0tIG52VU1kT0JYMkRVc0F1NjFjZi9K - MlJRODVhRUN6czNUV3RROWpsZTRTWnMKEBMyebasef2bz6zmO89xaaU2SfNZOWau - tl0p+FoK3KcX3QxGJnnOTvyMMoUEGSu7JPuy3+p2rzOwFYYeMOJYIg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TFZhL0NCdnFLeWw4b3pU - RDFXM3hUU29GMXVIcFhUT1lGeGlBRVd0OHlzCjR1YStsMHNGcmdnMm0xUFpOd0RU - QjFQMGlBMHQ1bktZRFZvZ1Q0OHhmajQKLS0tIHA4TGlVRCt4TEN0dGp3NUcvVjZq - ekc2R0VadzdwVzFpN09CRENjN1F6RTQKmGMPWX2k8OP8YYSYgfn9fRqsmvhyyvg5 - CqcLwAFo8NjMMLybTLUy3PEZbymwwV4uCUOGk8hxayPnBY3VICDw7w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeEF1eTEwcGp2T21iLzVs + VmN6Zm5SNUxCdzg2SjZyRFpkdkRpS2FFV0FzCmpYME8zMGU4a0FrZ0hab2taZ1dh + b2JxZzJKZlhxSXZRNlhCOGk2NnRCcG8KLS0tIHF2RDZtTnZEaCt4M3c1THQ0K1Yz + Yld1dmZMcEtqSVhQdzlXT0dtQ3BOdkkKrslHv+MLSPWAZspNDUYy+TTB5d5maViF + ifRFP60zlXOSFyn/198BxVeFKc0yaf7VaAZOw8n7G44vSTaWr043/Q== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFamxVcDZhRDJSRWoyYmp3 - NklibFVBR3MyZXJLa2xXcFdPaHJETmo3bm1RCnVsVkU2M1pINTdSdEtJbElBQ1hJ - OWdJc1RnYVhCVmc4UmNDRU5iZ2JaYnMKLS0tIC9GZjNFM3NybkhlbWlrZVNDNldz - ZVF2SjU1bDA3R2RJd3NzdStqQzV3ajQKDc/9sVNcYLir3+xVSRb5yPiMtx9dYm/s - Nk4CgnxY24GN8kivUk8a2bILXpg5LuR/8SvXchMHH61TNgKwnd++fg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZlBySnJra0d1Z2ExLzlM + NlRnY2NTL3NWMWV2OFJ5Nis3dHJ0VnJLUTNrClBGQ2h3dTg3VWlyYmN6dGp6dzVF + ejhFUTJ6SEJqL2t6VG1NMWxDQnpVSmcKLS0tIFBRdjgwcjJTSnIxT2pVSGJHT3Vq + Zk55RWcxNXR3U0NXamluZURjTkU3a00KfhY/GmgG501PpFFEk6n5saN+S5v0meuY + JzHwjh+3ylPkvbAw1JStaKM4HXdKM4opTT6tNXCEUNBUTKARneZSDg== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUVNUbFIwd3hZaTFudExB - cnluSm5pcXVTeUdXTzFsWkU0OHJCamw5dmswCmhJeVB0eHRIRkxoVjVPaVdqR1A1 - Tk11UjVYTzFQbEx0RWxvWElSd09SdTgKLS0tIHJ0OEl4U3J3TkdIZHA5Q2dGRmVL - QzJpQXBycDUrQjh5OUxuY0taRVdtMDAKXb3h1tpdXaIotKIAfSFLP0StVKyiM4O7 - TB4D1T/+sBhP3k2120ZvgVL+G8k8O4ABBduuYkAuN9HxlQfSnLQk0w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRDNKaWgzZFdrVTVQYmw1 - R0hhQkZNcFc3Q2pLWEdGcnU4MWJvL0xaMEVZCjVJRytPSXFHNm8xYXJSak5zbTZ4 - dkp6eHZDOU1ucjg4SFZMb2RoMTA0WEkKLS0tIFJMZlF5dHRsWmV4eStxbXBPdDg2 - cmZ4c002SlFreVU3QTQxQURLSmxHblUKGG+BN/ROTFiIbTjIAOioLt8/Rv45OC3e - Rg6AHYGyaLWTDIqn8JC0X06Vg5GFxuwWKZp3OFbrUEGzXsx1zpS56w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QjNabmNTWGZma3lydi9s + Zmw2TDNKZUNlVUwyVkFTUHVhOTg1NVFtaW1rCkprN1FFSzZaVjI4R2FqclUzbzV4 + MTF3NllhSkJSRVliMGxMQko5YjMrcTQKLS0tIGtCalY2WGlWa2w0cm45N3VZSS9i + SmRpLzgvZUcvVmFKUUdHYmZGZW9ZNk0KsR8wrnFZ+ZPVBiZTdBarsTjcRLyvzMwA + CD+db7VzA02XAZDpvuadtUAenh2D5teqA91EGrObsm6uNIrodPli6A== -----END AGE ENCRYPTED FILE----- - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVTV0a0xna3MrZkcrZzQz - Q3ZQcGdlWDZKczdBaElTSlFFT1YzaEZDOUNVCjR0MFpBVytkWFJoWVJRdkhFekIz - N29pVHNMdHVMZ1U3SklEaytzc0tzcVkKLS0tIDhQeE12MlhKemF4eUJVSS9jeUk2 - MWl5bDc2VzNzelk4WUZ1L0tZZ2gwNmcKkJKw07+WOl7lb5dlsPz3Hk6B3OJMbIoH - vWRDRo/GHBncs0W8QC8kRA9YytxaKkeaRAbfQl0cKebaSklTpMDbkw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSFJPTGhaT3NBKzRTNVMx - bGhXeThGUDd5WUhJblZQRnRPWnJ1OXcxcW5zCis0SmN3TksraUp6SXc2VFJiRm42 - USs2VlRmdkRJakRFS3FFblRzQjVOcFkKLS0tIGZCc0U3YUdvWk5QZDVqUnZlNkVo - Nlh5NWJQUWZEV05Fa1gwNm1jRXZmbDQKO5XUjgp9N0ZmPbGAMjgP9MUoVOQwh+lG - 4mNktIWLlzbnzeBdRcpT+TdceOXM180osgs/SbXHr7FvsGKDqCnY9g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWDdvWHdSRkNqS3FPbkRn - OVVvZlhwcUhZbk80UmQ3cGxyMFVLQzBJUUZnCnRwcHk1c1cvUTRTblNZUkVxSGNX - dGVaZUxYSkdaVWlNalY5TC9hd2x0YncKLS0tIC9YdTR5Y014WG91NEg3aFRFeS9B - TDZsYkdNQUQxeG55TERvdXJkaCt1RUEKlXO1HKPQSizBSjB18c107Zp9KT6JaJ5z - 783E/kejunfbUiFDFpLcSw4jyi7XZn3chhxHYjt6Ce+9BMObRBfGaw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMa3dCZDhvNnN0NGo5OW9M + V1VlTmphd29Va21HVTg2ZGVRelVwcnhSTldFClFENFZDMElFZGZUMEhvbURKY08r + VTkzWDJtV1MrMi9MSERQeEk4SHZSaGcKLS0tIHdaRnVhR3Bvc3hMZTk0dUdkY3Rm + SXFTUHh4MDEyZjQrdlB3ZERJR1I3eG8KdU+cRYeIXGZ7YOlqqLbyCUlCcg6AeXO/ + UTTIFTp1fKvvYHILq72klTjzRBFviVzWyXGeAQoUeeSf0XT+wNqbrw== -----END AGE ENCRYPTED FILE----- - recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVkplQk00Nm4wVGVnUk1l - dXVwbGVIVTlqcHh3ZDZaWThoYzVtU3hiV2xFCm1TZGJvUUxPbUMrY0VYUXAzbW9i - bHFFTHRNMzJXM1RqazFzbFh2RWthUlUKLS0tIFZlaExtUzBOb2pmL01JL2h3U1Jr - a0NpNks1L3NpemJwbUJnMzhjYTlReXcKx9T/Dhu5q9hmMCCG9GvmrS+3DLdtAfFN - IOM0eP/M4M/WUfu/mrYnX/nfArfOEz7us0SnRJLri5nijliwe+Pdrg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNzMwRVVQNHhjUzJKNDds + SHg0bndWNVdYSnlZVCtPY25iVERlUk1KdVdnCnpUcU1rZ1VsMG9TNkppdnUzUFVq + K1NNWXNrdnpFSUhXL3d6MjdwWHZldEkKLS0tIHFvdzJTZkpRZFN5VHZ3YS83RGMr + ZnRrbnlFNGhMdmpvcnFhR3pQT0FYZ0EKwPVTSQV6zFAzUkymO//SCrq1wVMaDwPb + PHvCcVu+IsBDcWT8bBhpdJVas5dQmRbwFArgOutNvfh/kfCGkK8n4Q== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIU3dQNU42MVNyYU84cnBu - TmYzdDJuU0dtREU2NFNDYU5qOUY4d2UwOVVRCjh6QVBldWlvVEp3ZHU5MGl6MGRT - dUtPY3prbW04Z0tOTjZOTThJTllNb3MKLS0tIHQ4Rm9lMVNDa1h2a09BVnZ6N1Bt - MG5IN04rbGRLNWtPT2ZQb3NjV0R2OFkKNZ/2/bupwTgxRQR6lXOa6TuYwk8VP0q3 - 4MJMv0aIsCEt7sb8ZgaiZ7NLzHn6459iT4RTtdmu+ex7bj5kxGwNBw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dmdUOW9JTERXMzFIWnFB + YWg1ZkhmRVBQcDdCZ29VVC9KWVI4STZuN3dJCkFnUHlwU0lVZ1VJQkZjUk5EOHJ6 + cEgvTDBqdjNmK20zQlJsQUdTRUxGVkUKLS0tIEoxQzFWVzEyVmpWTGtNVnhsTEtM + WWFuYVpCYUlqSDhaRmVHOHpHMFkyTVkKY120BQh1AHmax3InwLgvd68qnNFZI2BV + 1EAF9TJLUG/hpuJW+fuQaVIxOR28fn+xKBTZFs5auU6l47Bo0koHGw== -----END AGE ENCRYPTED FILE----- - recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMGszNmJxc1Y4bUJTMjFK - SFpwL29YMElZc1BBTnl4Z1FaS2dnNVFUYTM0CmVFSFFxMVp2d1RkMENRcHlHWHJu - MG5YNXBZOTdPTm1oR0I1eU9XcXp6TncKLS0tIFFUZG1wS0wxVnJ2NnpNNG5DYlht - a3U1QkJMM2NQOU9uR25zcUxuNjNsajQKgi4Qls/XcEsoMewy1SNYIZhIjSDZmepp - 0Rw+c+8iODkAZQVYgXQ/1VOj6Aju+8n/MrsO1p3vWu/6h/lOr7pZqg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4YjhMVFBnRmlTQitDb005 - MGpJa1M1ci95QnJpL1BzZ2N1bHJRM3ZiNkNJCnFMSnNNS1dUd3gvSUhhZzRJNW02 - YS9oNFYzdnByaWFIWU8rQjJvWGNWYkEKLS0tIGh3dzZWL2Q2emtib1JiOWUwaU5s - S3RqWE5HT1hzQ0dRWlVQYzFlK1lEdW8Kdz1k/0XXhj+NXQeKYhrq2YTeNjDretuh - 0bAqgpleFs8len7plrP98VsGClZ4nQn/DF7PpOL6F4lrtaeWfnyEOg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1md4kkdf08zmagqv0yzza8h75f80c9j8np2p6eqea6fpa94szd5lsltz9va - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbFZsQlUrNTROcjhsVEE5 - TUQvb3JKN1pNVDhKd2dhVExBMWZOdk9vOUR3CmU4bmU5VHhVRitlZ01wVlVzbUFj - Y0tnRDFINXJkbnFORjN0RS9lMTFkMkEKLS0tIEVNWkJDKzFka0ltcFlsUlZZQVh0 - VU95d2o3aVo4S0tLV01ydjc3TWdZeUkKOHat3eaGtvxXIaQO9OMH/9+MB+HPKMXB - YkH7sn3JTvy0nyAlYm2d7nb3wP2wWYH+5APdFSR6+sESWOotNMZpyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPamxlMmRXQkp3MVE0NXU5 + QUxoUkZZUGFuZG04TXgyTjRvSkpuUENaSTN3ClU4T1dYYkRZQmRUb3BnbFJuV3ow + RlNGWjJpK2E4NWFLSC82ZTdmSTBRSWMKLS0tIHZQcmo1QVIrZTZPN2VXSFd2a01t + SG03eGsxTWY5SnBaVm9WMCsrQzRFT2MKmEQ0TYJ/le9N/ZnisYztwU9K4c+6gBDl + avhMoswPuv3NmmyjlttoifuwvWe6Cic+VXF9lD4gC1A7j7ofslN7ZQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2022-11-09T07:12:13Z" mac: ENC[AES256_GCM,data:gqsD5gTtE5ZqWzWKAAIscecvIsGSC9j4Cnbik6Yk7Jf7Z5/NIxbkInzDsLmlU3ObbLZAhGAlOAKIrUVy37rCcEZ+I04ICXK1dmUdsVud6E4SvTdDjh9qlXTbEkcDCY2YqXlTuQl6IZyveaPuF6fRe1FMh8JEpDv/foZTl8+AuQQ=,iv:+nV6YW9m1B0qo7xbB1lw9dgiQ877GQ6OxMqjk7lei10=,tag:NmeSwBWRKpqlwZxYYC7trg==,type:str] - pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3