From 4500f41983ad62f0643b3103e1c768befddd31fc Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 29 Nov 2025 13:12:18 +0100 Subject: [PATCH 1/7] feat: add ugreen nas leds --- hosts/nas/configuration.nix | 1 + hosts/nas/modules/ugreen-leds.nix | 285 ++++++++++++++++++++++++++++++ 2 files changed, 286 insertions(+) create mode 100644 hosts/nas/modules/ugreen-leds.nix diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 7cddbcb..4091bd5 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -15,6 +15,7 @@ in { ./modules/jellyfin.nix ./modules/power-management.nix ./modules/disk-monitoring.nix + ./modules/ugreen-leds.nix ./hardware-configuration.nix ]; diff --git a/hosts/nas/modules/ugreen-leds.nix b/hosts/nas/modules/ugreen-leds.nix new file mode 100644 index 0000000..b859427 --- /dev/null +++ b/hosts/nas/modules/ugreen-leds.nix @@ -0,0 +1,285 @@ +# UGREEN DXP4800 LED control +# Based on https://github.com/miskcoo/ugreen_leds_controller +{ config, lib, pkgs, ... }: + +let + # Disk mapping: ata port -> LED name + # DXP4800 has bays 1-4, currently bays 2 and 4 are populated + diskMapping = { + # ata-2 (sdb) -> disk2 + "2" = "disk2"; + # ata-4 (sdc) -> disk4 + "4" = "disk4"; + }; + + # LED colors (R G B) + colors = { + healthy = "0 255 0"; # Green + activity = "0 255 0"; # Green blink + standby = "0 0 255"; # Dim blue when sleeping + fail = "255 0 0"; # Red + network = "0 255 0"; # Green + power = "255 255 255"; # White + }; + + brightness = 255; + standbyBrightness = 30; # Dim when in standby + refreshInterval = "0.1"; # Seconds between activity checks + powerCheckInterval = 30; # Seconds between power state checks + + # Script to initialize LEDs on boot + initLedsScript = pkgs.writeShellScript "ugreen-leds-init" '' + set -euo pipefail + PATH="${lib.makeBinPath [ pkgs.ugreen-leds-cli ]}:$PATH" + + # Wait for i2c device to be available + for i in $(seq 1 30); do + if [ -e /dev/i2c-0 ]; then + break + fi + sleep 1 + done + + # Initialize power LED - solid white + ugreen_leds_cli power -on -color ${colors.power} -brightness ${toString brightness} || true + + # Initialize network LED - will be controlled by netdevmon + ugreen_leds_cli netdev -off || true + + # Initialize disk LEDs based on mapping + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (ata: led: '' + ugreen_leds_cli ${led} -off || true + '') diskMapping)} + + echo "UGREEN LEDs initialized" + ''; + + # Disk activity monitoring script + diskMonitorScript = pkgs.writeShellScript "ugreen-diskiomon" '' + set -euo pipefail + PATH="${lib.makeBinPath [ pkgs.ugreen-leds-cli pkgs.coreutils pkgs.gnugrep pkgs.gawk pkgs.smartmontools pkgs.hdparm ]}:$PATH" + + # Build device -> LED mapping by checking ata ports + declare -A devices + declare -A diskio_data + declare -A disk_healthy + declare -A disk_standby + + # Discover disks based on ata port mapping + for path in /dev/disk/by-path/pci-*-ata-*; do + [ -e "$path" ] || continue + # Skip partitions + [[ "$path" == *-part* ]] && continue + + # Extract ata port number (e.g., ata-2 -> 2) + ata_port=$(echo "$path" | grep -oP 'ata-\K[0-9]+' | head -1) + + case "$ata_port" in + ${lib.concatStringsSep "\n " (lib.mapAttrsToList (ata: led: '' + ${ata}) + device=$(readlink -f "$path") + short_name=$(basename "$device") + devices["${led}"]="$short_name" + echo "Mapped $short_name (ata-${ata}) -> ${led}" + ;;'') diskMapping)} + esac + done + + if [ ''${#devices[@]} -eq 0 ]; then + echo "No disks found matching ATA ports, exiting" + exit 1 + fi + + # Set initial LED state for discovered disks + for led in "''${!devices[@]}"; do + device="''${devices[$led]}" + + # Check SMART health (this will wake the disk at boot, which is acceptable) + if smartctl -H "/dev/$device" 2>/dev/null | grep -q "PASSED"; then + disk_healthy["$led"]=1 + ugreen_leds_cli "$led" -on -color ${colors.healthy} -brightness ${toString brightness} || true + else + disk_healthy["$led"]=0 + ugreen_leds_cli "$led" -on -color ${colors.fail} -brightness ${toString brightness} || true + fi + + # Initialize tracking + diskio_data["$led"]="" + disk_standby["$led"]=0 + done + + echo "Starting disk activity monitoring for ''${#devices[@]} disk(s)" + + # Function to update LED based on current state + update_led() { + local led="$1" + local device="''${devices[$led]}" + + # Check power state without waking disk + local power_state + power_state=$(hdparm -C "/dev/$device" 2>/dev/null | grep -oP '(standby|active/idle|active|idle)' | head -1 || echo "unknown") + + if [[ "$power_state" == "standby" ]]; then + if [[ "''${disk_standby[$led]}" != "1" ]]; then + # Disk just went to standby - dim the LED + disk_standby["$led"]=1 + ugreen_leds_cli "$led" -on -color ${colors.standby} -brightness ${toString standbyBrightness} || true + echo "Disk $device entered standby, dimming LED" + fi + else + if [[ "''${disk_standby[$led]}" == "1" ]]; then + # Disk woke up - restore health-based color + disk_standby["$led"]=0 + if [[ "''${disk_healthy[$led]}" == "1" ]]; then + ugreen_leds_cli "$led" -on -color ${colors.healthy} -brightness ${toString brightness} || true + else + ugreen_leds_cli "$led" -on -color ${colors.fail} -brightness ${toString brightness} || true + fi + echo "Disk $device woke up, restoring LED" + fi + fi + } + + # Background power state checker + check_power_states() { + while true; do + sleep ${toString powerCheckInterval} + for led in "''${!devices[@]}"; do + update_led "$led" + done + done + } + + # Start power state checker in background + check_power_states & + POWER_CHECK_PID=$! + trap "kill $POWER_CHECK_PID 2>/dev/null || true" EXIT + + # Main activity monitoring loop + while true; do + for led in "''${!devices[@]}"; do + device="''${devices[$led]}" + stat_file="/sys/block/$device/stat" + + if [ -f "$stat_file" ]; then + new_stat=$(cat "$stat_file" 2>/dev/null || echo "") + + if [ -n "$new_stat" ] && [ "''${diskio_data[$led]}" != "$new_stat" ]; then + # Activity detected - disk must be awake now + if [[ "''${disk_standby[$led]}" == "1" ]]; then + disk_standby["$led"]=0 + if [[ "''${disk_healthy[$led]}" == "1" ]]; then + ugreen_leds_cli "$led" -on -color ${colors.healthy} -brightness ${toString brightness} || true + else + ugreen_leds_cli "$led" -on -color ${colors.fail} -brightness ${toString brightness} || true + fi + fi + + # Trigger LED blink for activity + if [ -e "/sys/class/leds/$led/shot" ]; then + echo 1 > "/sys/class/leds/$led/shot" 2>/dev/null || true + else + ugreen_leds_cli "$led" -blink 100 100 2>/dev/null || true + sleep 0.05 + ugreen_leds_cli "$led" -on 2>/dev/null || true + fi + fi + + diskio_data["$led"]="$new_stat" + fi + done + + sleep ${refreshInterval} + done + ''; + + # Network activity monitoring script + netMonitorScript = pkgs.writeShellScript "ugreen-netdevmon" '' + set -euo pipefail + PATH="${lib.makeBinPath [ pkgs.ugreen-leds-cli pkgs.coreutils pkgs.iproute2 ]}:$PATH" + + INTERFACE="$1" + CHECK_INTERVAL=60 + + echo "Starting network monitoring on $INTERFACE" + + # Configure LED to trigger on network activity + led_path="/sys/class/leds/netdev" + + while true; do + # Check if interface is up + if ip link show "$INTERFACE" 2>/dev/null | grep -q "state UP"; then + # Link is up - set green + ugreen_leds_cli netdev -on -color ${colors.network} -brightness ${toString brightness} || true + + # Try to enable hardware trigger for activity indication + if [ -e "$led_path/device_name" ]; then + echo "$INTERFACE" > "$led_path/device_name" 2>/dev/null || true + fi + if [ -e "$led_path/rx" ]; then + echo 1 > "$led_path/rx" 2>/dev/null || true + fi + if [ -e "$led_path/tx" ]; then + echo 1 > "$led_path/tx" 2>/dev/null || true + fi + else + # Link is down - turn off + ugreen_leds_cli netdev -off || true + fi + + sleep $CHECK_INTERVAL + done + ''; + +in +{ + # Load i2c-dev kernel module for LED controller communication + boot.kernelModules = [ "i2c-dev" ]; + + # Install CLI tool + environment.systemPackages = [ pkgs.ugreen-leds-cli ]; + + # LED initialization service - runs once at boot + systemd.services.ugreen-leds-init = { + description = "Initialize UGREEN NAS LEDs"; + wantedBy = [ "multi-user.target" ]; + after = [ "local-fs.target" "systemd-modules-load.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${initLedsScript}"; + }; + }; + + # Disk activity monitoring service + systemd.services.ugreen-diskiomon = { + description = "UGREEN disk activity LED monitor"; + wantedBy = [ "multi-user.target" ]; + after = [ "ugreen-leds-init.service" "local-fs.target" ]; + requires = [ "ugreen-leds-init.service" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${diskMonitorScript}"; + Restart = "always"; + RestartSec = "5s"; + }; + }; + + # Network activity monitoring service (template for interface) + systemd.services."ugreen-netdevmon@" = { + description = "UGREEN network LED monitor for %i"; + after = [ "ugreen-leds-init.service" "network-online.target" ]; + requires = [ "ugreen-leds-init.service" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${netMonitorScript} %i"; + Restart = "always"; + RestartSec = "10s"; + }; + }; + + # Enable network monitoring for primary interface + systemd.services."ugreen-netdevmon@enp2s0" = { + wantedBy = [ "multi-user.target" ]; + }; +} From 21ed381d1824f47a522b468b57f93dcef5a1feb8 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 29 Nov 2025 22:41:48 +0100 Subject: [PATCH 2/7] fix: pyload --- hosts/nas/modules/pyload.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix index ecb44b0..dd1e65c 100644 --- a/hosts/nas/modules/pyload.nix +++ b/hosts/nas/modules/pyload.nix @@ -83,6 +83,14 @@ in }; serviceConfig = { + # Bind-mount DNS configuration files into the sandboxed service + BindReadOnlyPaths = [ + "/etc/resolv.conf" + "/etc/nsswitch.conf" + "/etc/hosts" + "/etc/ssl" + "/etc/static/ssl" + ]; # Bind mount multimedia directory as writable for FileBot hook scripts BindPaths = [ "/var/lib/multimedia" ]; From 3282b7d6340f555e9b0bfb93ae1b2146dc394f02 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 29 Nov 2025 22:42:00 +0100 Subject: [PATCH 3/7] fix: monitoring --- hosts/fw/configuration.nix | 2 +- hosts/nas/configuration.nix | 3 ++- hosts/nas/modules/disk-monitoring.nix | 5 ++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 543f492..6a41e33 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -7,6 +7,7 @@ ./utils/modules/nginx.nix ./utils/modules/autoupgrade.nix + ./utils/modules/victoriametrics ./utils/modules/promtail ./utils/modules/borgbackup.nix @@ -25,7 +26,6 @@ ./modules/podman.nix ./modules/omada.nix ./modules/ddclient.nix - ./utils/modules/victoriametrics # ./modules/wol.nix diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 4091bd5..71b7040 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -9,7 +9,8 @@ in { "${impermanence}/nixos.nix" ./utils/bento.nix ./utils/modules/sops.nix - ./utils/modules/victoriametrics/default.nix + ./utils/modules/victoriametrics + ./utils/modules/promtail ./modules/pyload.nix ./modules/jellyfin.nix diff --git a/hosts/nas/modules/disk-monitoring.nix b/hosts/nas/modules/disk-monitoring.nix index da42bcb..9316941 100644 --- a/hosts/nas/modules/disk-monitoring.nix +++ b/hosts/nas/modules/disk-monitoring.nix @@ -104,7 +104,7 @@ EOF # mdadm RAID array status (doesn't access disks) echo "" >> "$TEMP_FILE" - echo "# HELP mdadm_array_state RAID array state (1=clean, 0=degraded/other)" >> "$TEMP_FILE" + echo "# HELP mdadm_array_state RAID array state (1=clean/active/resyncing, 0=degraded/other)" >> "$TEMP_FILE" echo "# TYPE mdadm_array_state gauge" >> "$TEMP_FILE" echo "# HELP mdadm_array_devices_total Total devices in RAID array" >> "$TEMP_FILE" echo "# TYPE mdadm_array_devices_total gauge" >> "$TEMP_FILE" @@ -122,7 +122,7 @@ EOF # Parse state state=$(echo "$mdadm_output" | grep "State :" | sed 's/.*State : //' | tr -d ' ') - if [[ "$state" == "clean" ]] || [[ "$state" == "active" ]]; then + if [[ "$state" == *clean* ]] || [[ "$state" == *active* ]]; then state_value=1 else state_value=0 @@ -156,7 +156,6 @@ in enable = true; enabledCollectors = [ "textfile" - "systemd" ]; extraFlags = [ "--collector.textfile.directory=${textfileDir}" From bd6b15b61769b089499ab2642073b44c2ce873bb Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 29 Nov 2025 22:42:09 +0100 Subject: [PATCH 4/7] changes --- .sops.yaml | 1 + hosts/nb/modules/development/claude-code.nix | 26 +++-- hosts/web-arm/modules/grafana/default.nix | 2 +- utils/modules/promtail/secrets.yaml | 105 ++++++++++--------- 4 files changed, 77 insertions(+), 57 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 6538e51..7437124 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -138,6 +138,7 @@ creation_rules: - *netboot - *fw - *fw-new + - *nas - *amzebs-01 - path_regex: utils/modules/victoriametrics/[^/]+\.yaml$ key_groups: diff --git a/hosts/nb/modules/development/claude-code.nix b/hosts/nb/modules/development/claude-code.nix index cb53767..0ff078f 100644 --- a/hosts/nb/modules/development/claude-code.nix +++ b/hosts/nb/modules/development/claude-code.nix @@ -20,14 +20,24 @@ in { fi ''; - home.activation.addChromeDevtoolsMCP = lib.hm.dag.entryAfter [ "installClaudeCli" ] '' - # Add via STDIO transport: Claude spawns `npx -y chrome-devtools-mcp ...` - # Browser must be running with remote debugging on 127.0.0.1:9222. - if ${config.home.homeDirectory}/.nix-profile/bin/claude mcp add --help >/dev/null 2>&1; then - ${config.home.homeDirectory}/.nix-profile/bin/claude mcp add --scope user chrome-devtools \ - -- npx -y chrome-devtools-mcp --executablePath=${pkgs.ungoogled-chromium}/bin/chromium --isolated=true --headless=true --chromeArg=--ozone-platform=wayland --chromeArg=--enable-features=UseOzonePlatform --chromeArg=--force-device-scale-factor=1 || true - fi - ''; + # Disabled: chrome-devtools MCP spawns headless Chromium for every Claude session. + # For frontend projects, enable per-project with: + # claude mcp add --scope project chrome-devtools \ + # -- npx -y chrome-devtools-mcp \ + # --executablePath=${pkgs.ungoogled-chromium}/bin/chromium \ + # --isolated=true --headless=true \ + # --chromeArg=--ozone-platform=wayland \ + # --chromeArg=--enable-features=UseOzonePlatform \ + # --chromeArg=--force-device-scale-factor=1 + # + # home.activation.addChromeDevtoolsMCP = lib.hm.dag.entryAfter [ "installClaudeCli" ] '' + # # Add via STDIO transport: Claude spawns `npx -y chrome-devtools-mcp ...` + # # Browser must be running with remote debugging on 127.0.0.1:9222. + # if ${config.home.homeDirectory}/.nix-profile/bin/claude mcp add --help >/dev/null 2>&1; then + # ${config.home.homeDirectory}/.nix-profile/bin/claude mcp add --scope user chrome-devtools \ + # -- npx -y chrome-devtools-mcp --executablePath=${pkgs.ungoogled-chromium}/bin/chromium --isolated=true --headless=true --chromeArg=--ozone-platform=wayland --chromeArg=--enable-features=UseOzonePlatform --chromeArg=--force-device-scale-factor=1 || true + # fi + # ''; }; } diff --git a/hosts/web-arm/modules/grafana/default.nix b/hosts/web-arm/modules/grafana/default.nix index 881f802..82f1fd2 100644 --- a/hosts/web-arm/modules/grafana/default.nix +++ b/hosts/web-arm/modules/grafana/default.nix @@ -31,7 +31,7 @@ in ./alerting/system/default.nix ./alerting/service/default.nix ./alerting/websites/default.nix - # ./alerting/storage/default.nix + ./alerting/storage/default.nix ./datasources/victoriametrics.nix ./datasources/loki.nix diff --git a/utils/modules/promtail/secrets.yaml b/utils/modules/promtail/secrets.yaml index 573c2cd..6990af3 100644 --- a/utils/modules/promtail/secrets.yaml +++ b/utils/modules/promtail/secrets.yaml @@ -1,88 +1,97 @@ -promtail-password: ENC[AES256_GCM,data:DykxIRTXttQgJ6vv3oBOhX1h2PrPimLz+dEHZwjFvg34UEGWfQu5nODw7h6qAJrKIGR5217LgTGZzg1HedbM4Dsb2OJW9c39bXIga730eVvGCm6RcMbpv8GDHPuVCfO1NwQox9Fba8veDWDNqNisHQuYDRQrNZrg1QEiKsujZdY=,iv:kM5Ec376USXMoXCVF/4g7F1NbJNbWfTMVd7LKsTnTuE=,tag:y8aEF+Q6/Cm16W2LYF+orA==,type:str] +promtail-password: ENC[AES256_GCM,data:jooCw16EEw9JC+W19bXvoOjnCo/KP0H1Bpc0UqfGN+mCqFLK98TDU80hNu54pYQowcAtgjB5ZM64gWt+stqFKWVWihF0d4A3KuTTfpxmXGdGi6ThRcAXhMmXLH5SYR4N96d4WsvHNsFTRGItnUlp2juQMKHnZ2At9RQWgBQqK6Q=,iv:HFttRHz2fIU9qZzP5r24/AKMHTWwDhhIrgQpxw6Ol/Q=,tag:umq2lzodL2nijayGms7ciw==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQTkrMDlpM3RnZ0pNZVlM - dkNya243OFlycmRRS1o3c3Z1Vm1UNWxBbkVBCmw4dDUrQkg0NExaTHJaSk1JYnpY - UDNHa09Rd081N1FVbXgyRHVWbUtna1EKLS0tICszQ2Z4aWpNV1U5RVNibllGdGlY - alFRNFZVNDlOUTJRbVQ0T3dRTTlJZUEKx+ftKJc+RMmxXoRxLd6gsvN6Jfnn5Xre - 48TolLwPoBSr6uSmfWfcXIL+2uzo5cTGhMReCEQrlHOWGxhk+XDmfw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFT21QaTZ5ditZekVmaitY + b2locXR6M1NNSXhIL0pjK3Y4dzlYcjRXMlFNCnVtelpDdWovc0FiUGQwWm5TRlk1 + b1pka2paQ1NBd2c3WG12U0N3N24vbHMKLS0tIHgrMHdxS3J1WWZNdGdiaVRaWjBm + cmh0VEx3UDRocFVlckFUN21YblpEb0kKKF7CPzXn6e9o1+BctLSHcLZTWYdYiXQs + dwX8ohGJc/Q5Ewrrdmm77gu3ttg7Ml/70ToG/yTBExH1lwGb1z7Qag== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSjAvWC9haUh3blQ2bHJj - cnh5YkkvUWhEYXFFV3RNbURwVlROZk1yUmc0CjdMdXExWE52WWNyRGdyVFRzT1o1 - Umo4OWhMYTZjTkJvbW9UaHJVaE1YNG8KLS0tIHBSOEdmQjFCZ25jNGlHMmZoalpW - c0FZUzBVYXRTMHFZSGYxVDdzS2d5a0kK1a/FQ841bIKuXHjVAjV2YPTpkmI0R7fX - ohkPSQneoOnwZPXby69PJLSYwX0IcQCckkGXa1z6KLr6iueSpyM6JA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3R2hwWmtZVjlTSFZTMUd5 + cXpqbXkwTmQrYS9TT1NYaXZ4azFjRTlOZ0Y0ClBIUGk5R0JGenBrSXhNbExLaWkr + eUJLUVBYYzBFbHg3Z2l4N2JINTBSVjAKLS0tIHFTa3JKUTVPNFM2TktUbm9mSkVo + Vno4TER6SFR4bDM3L3FYSkw1UHJoeXcK0mR/ysz38ZhEAqhEZZXmuH3rykMUeFk4 + tPvIV3LpRXpU+yiT3zpLJXVi3GDy9vaq/h/uG7rDhE/nPoaIIVBBhg== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYUNabzVBcFpIdFhUTW85 - ZlVjamVZUERSMGNMUkhlUUVVd2ozUkFLWHlzCnh0c2gweU1ud2cxS2p1eXUxNy9j - d2tCTVR0YjY5bktQa09tUmFvM0F3aEkKLS0tIFVWMVFUU1RMV1FoaklnS3Z0VzBJ - bitzcStWdzM3TXBMbGJKNGVZQTNVZ0EK0qjI7PKk9lUDG+0ZeCL/9ILI9KRIEU+z - 6o4AcdGcd44QkUjYboLTwGvdf4QdKZvyfBk6xliUIzn0tbX0CrEHOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtV2tlLzhqQWlDd2FaZ0lJ + dEt5Q2YvTWR6Q3pBUHl1elJEN3lJcE01YTBrCm1IWlVVd1poVk1Gazd3NnBCa21L + UXByN05KNGdUTW9uckhvNUE4bFVMME0KLS0tIDVSRCtJNnRSdmFzcWVNNHEzV092 + NHFYYTFRdUVXNFh5Tlc0U2twYWpuWDQKTqRXFxn/OuYrjVSlGNyHWtCwmaV+4PMr + +wpjkS+3pEWYaMtRhoBKJmPXhbE9e0SSzFV/HEYILswUfIWuQNpNUQ== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdmhqdXpIblh0QVRuSGdl - WmpaV20za2d5MFdYbTNTRTEzR3BUVFJLU2tRCkdHT1JFNmVEZGNkRGJ1S1cwU1Ru - MEp3ck1MN0tYRXBPY2xQR3JIMURpWkEKLS0tIEF2UERsV2J6UzZYUm5sTFdPWGlo - NjVGSDdndDRsQkx4V3U3N3FjNldUTTgKY8ohcy0H+fxkmBksfWzVLZsbfqDfWUzA - 5FUdmqCHdg47Mct3K8qXHSEbvegn/8Hp4vSgkVQcEA2YFcf4J5GRpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RFl5UHpOcUIrdEVoREFn + ZmloRG5nb2d3eHpScmRWVjVLUXpveW9pZzJrClRVa3h1Y2dIL0RCZFJpM3NvTndu + VzVMT1dwbWJEOXFKZDNVdEgwV3RHZE0KLS0tIElkTUk1SHRGcFp2d3BpUDgxZWVG + RE5UQktjTEtzd2I1SmVZWE8xWm5SSDAKOfrr3seS8+UqGZXiJfraGh9wTqx7zFnH + GMBBlCj2SLAHP56efITiPJ6kFISFoc6QgBj024oUXop2HT3CQh5hJw== -----END AGE ENCRYPTED FILE----- - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFMrNzVMYmlHWE1yb1hj - eGw2SS9qNTdKTDdSQUlTNjhnS1dZaTd4NFFzCll6SEhzVnY5UnJUbUtlUzJzZS9N - cUZMYnV0bU5DRjU0MW8vSFpIN2pNT00KLS0tIFdTTlBPT3J0cmF6Y0lnaGRpQW4r - TjRsa2dlR3hrZkVQTFFWQm1xR1pLQUkK2Kio6ShvcsbJ2n1UG97gxt5AcdqKolMq - 3sdoF7b87Crd3QSzDKx2Rm97EjeQskOBOgpasF2W8GoRYCol05Y0bQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMWhoa1lKWU8yRHZnSUNm + cVhycko2MFczWE56UlNDUGlNdndXNnY0blhvCmlIeGRHUjRuODhCNk5lVlVqZmR1 + ZEpMTUl6dnpoUkhGbTBsOUNzdDliM0UKLS0tIDRHWjllMEZyaDN1OTY0RXpzWUVZ + WklqZW5DT09DclBBOUZ4VmpIMVdCRU0K5c8JtZ5dfzxmtMlnL+3637/6YBWN9qdP + +/l78vhb0KVt1SOI2d6ZnfkKEXSO/PyBpOkz+AOubxdpQMNOyQsgcA== -----END AGE ENCRYPTED FILE----- - recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZGZobW1aaThidmkxSEk1 - VXVzdEdIMENnRC9sTGpXQUNwSElPWVlLTVFNClRuQ2pYanFibEJoSllXYVhmSk90 - QVlGUVBjMkN4RG9BempCRDlFZHJPancKLS0tIEc3Q29tUzhzYzViMkpzS1RNczBE - djdYNVdvZHRkOHBWMGk1N3dlb3JLUFEKiruFC9YV3gloPaP9+wY0Sir2xA9NUcPN - matBs8oPjlB5dlrCoiHi8kl1i5ROnlu4tlNpLB0PcO9fCUMP1ypAQQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3N1BEMjFsZG03K3gxUVli + b1hEUEY0NDRRc0xDUkErOXExa05uMkdDK1J3Cm1WUFNRNzZGMWdOOU5kb2kyOFNs + Y2I1aC90SEZqSER3TXU0RTlVd3VOTHMKLS0tIGFMdDM0YWpJVTFFVEFYcUl3b1Nl + dlEwNWRmVllHSmtsRWVvb2h3ZGJaZUkKrEzfrlYGgB05NWxc3h6olIzGmdRCYDWj + mr5PEAWo0KGcvPK61lxwpHdThp3NGV0pqAHUU5+7Td/PbguHvaEPhA== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcFNWb2EvQWF3czQrVVg3 - Wm1hVm16bEtYS2pnM0R4elhGMUlqRUZXcUdvCnlJN3dxU2VKUk9JTk10SjdubmVO - NlgwU3hqMEp2cmF6R0pmdU9EZllJVTAKLS0tIFNwMC9jdjh0MXJpYzU5cE5mc0Jr - KzJoVGlKTUNZYXhpV1NMcVVuVXI3SHcK7PIY6HznGsckYauyFGVxmU344FqkPYhm - 1x74NydHuGLAkMd3H7AchnxP9tVzSX3sOD9AqYqgg3nRS7yaIet+sw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBandodFZnbU05SVN5cVlO + V1BVaWtLNWdJMmRtUWxaMGdITmNKUDdXdHlRCk5HbGdSWlFnKytTVWxOcWtPZ3VJ + bi9EZ2p3VURkeEZuN2xsbEhkcWovUUEKLS0tIGtzTnJFOXFsTittUlZ1eCtjWTVX + SXdWczV0ZnI2a24zeElIZUsvU0ZSeUEKNX9qLko/2aFcrwW5LaMjvg9IJlNszSKi + 7nl1d1fTLGCeMUvgwZU1uBIyCm/p0HTikBaDob5L5fJAVlSQNZxiBQ== -----END AGE ENCRYPTED FILE----- - recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBROTV4Y1dQMkZtM1RUQ1lD - QVdyUXY1TVRxWURBZlRsZWVYTEhnQ0lMYUU4ClFLcVdUZ01YcDc1OUYwMWpJRUpy - NHVMM1FrK1B4TEU1QUhsbjdCL3M0dmMKLS0tIFRFSndnZ0V0a2VKV2VXY0N2Qjgz - dFZQbm13d3JOWlZiSXZTcUpkSSsyVTgKI1GJ1uRRcTH/13lkAiUxNhBNmDgf4MFA - 5nk6z1/nJglnvajYyGXlAlZF7XofbUtUWZeBbtWwbeWImjIa/+KaSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdDdBTEpMZEI4NFc2aU1F + aGlwcDk3ajd6NjE0UUhXbW5WT1RCSmR0M1hzCk1zVVV5V3UvUmx5REZuRk1RT3pW + WUVocW9iOXppWFBqRkVlZE1TZzFUbmMKLS0tIDlzLzdnWEhkWWFFQm1seVJlVHBw + THlweWtPcFNyT2RCNk9UQVc3Y0lnNFEK/d2fvmsIrRTHc3kBH2sAUBg0MCp4nXNT + imm7SINgt6aH390yL7BWHMBKzdgNHO6hn3plLV8EW8upsETwJCbrfA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x3elhtccp4u8ha5ry32juj9fkpg0qg7qqx4gduuehgwwnnhcxp8s892hek + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvc3ZteDRVQ0xsRUpxY24x + Wmt4MS9ZL1cybUY4cHdPbC9rQU16WGtESkU4ClhoMnhuY2NrT0xyNzl6Z2hJR3dt + VHhLa2hCeUhCcjFPZTkxeUVaazFWa1kKLS0tIEVndkhYaS9GbDJKSzFIb0xQUzQ0 + V2EzOXNWNnYwaXc5dkg5b0RDdjBpa1EKfIC1OigtPBRWIgXUyb4SSjpbO2Koqaiw + TQT+hnR+VkThbcfyWPZ+Zpe4lZzfcdMGfr3m7tdv/xY8epwrThInjA== -----END AGE ENCRYPTED FILE----- - recipient: age1xcgc6u7fmc2trgxtdtf5nhrd7axzweuxlg0ya9jre3sdrg6c6easecue9w enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTUhiU0RnMTAyV0xycnNL - V2xSWEttejB0SWhJR0FoNTZKL2x6MEJkcUZzCnFjVUVWNGV2SW1NZEpkN24rUVpX - dUJ3Wkx5aUlsWDByOTlpaERpNEpIa0UKLS0tIDExTVVJeDFEUStzamw3RGU5cHdE - WlNqQm1jRnpLWXBzRVRZUjc3Z0c4dncKonlHRgH7P4da+RJkGdWHRPiN76oPbH5U - DzNuS7mPsRAuajnCAGeqodzqllsGJatZUOVKFem8Of56Wm3pw3yLhg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WHdpbGJNcmZhK3ExRi9t + K3ZHTld5QmxMYnZXTFZmNFVIbEZtS0pFRDM4CmJPK1BURU83UmFVdVNoam1reG0x + NlpLbDVQY1FNR1RyWm1TWkQrUHcrNUUKLS0tIFpVVGVscFFPclVTMG5IblkvWXlr + ek5lNTFkMVUvSU5McTFDS2tWWmZ1UmsKyhUXdaSGxKFFZnATRlTh7GzDu7eZ/mkq + V+9pqaob2fshwQ3tNVZtXmWTHv1geyIBxmQCFVSOaHIPVLpiC4Bhow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-14T11:28:03Z" - mac: ENC[AES256_GCM,data:PBPNSGj6UaGoxH1Jq25bD4q/d42HrnBNhe5KFo1MoQCp/bzsphN8v6+tbHIdGh/VAoU7auRZVWXYALOl/3cGnpL52zvJGDaMlPlDVdzz6wHkl24z1ousWM7FKPwBtvGuAWAknYQW7KpQTtpobbBr8QHy/O4dB/NqxXTj/MSsbxY=,iv:1QOFK1LiKPnAuXeXNBJbeL0d73nsMq+DJCpeVruDumE=,tag:hJH3S3ZurYd0hcoWyWOocw==,type:str] + lastmodified: "2025-11-29T19:44:44Z" + mac: ENC[AES256_GCM,data:pRol7WdkK+Vr3fEc7UaEhoHlLvwwm0KdGOCReS6Rz12gD0Fw2UuNYsPnaj1XTdSLSfJITpEorFTmt455BpC6wMCszICSkqRn+EBgu4WWFZrv5v1m6BjSOTsU8bj1iAggiqsx57WS9opMThCzCOSIJD/EEzQmk5/qva/aBIJni/c=,iv:jorZE1XG0xJDGsXgw8EvuX7AL7yCuSynrqaeveCF4SE=,tag:btZHuaiPdZhdRj/+JU9dSA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 7ed345b8e8f2f3947124ddce521c7f5b6f1b42ae Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 30 Nov 2025 19:29:24 +0100 Subject: [PATCH 5/7] feat: add pyload extraction passwords --- hosts/nas/modules/pyload.nix | 10 ++++++++ hosts/nas/secrets.yaml | 49 +++++++++++++++++++----------------- 2 files changed, 36 insertions(+), 23 deletions(-) diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix index dd1e65c..e7d13a8 100644 --- a/hosts/nas/modules/pyload.nix +++ b/hosts/nas/modules/pyload.nix @@ -36,6 +36,14 @@ in path = "/var/lib/pyload/filebot-license.psm"; }; + # Extraction passwords for pyload (one password per line) + sops.secrets.pyload-extraction-passwords = { + mode = "0440"; + owner = "pyload"; + group = "pyload"; + path = "/var/lib/pyload/extraction-passwords.txt"; + }; + # PyLoad user with jellyfin group membership for multimedia access users.users.pyload = { isSystemUser = true; @@ -76,6 +84,7 @@ in PYLOAD__EXTRACTARCHIVE__REPAIR = "1"; PYLOAD__EXTRACTARCHIVE__RECURSIVE = "1"; PYLOAD__EXTRACTARCHIVE__FULLPATH = "1"; + PYLOAD__EXTRACTARCHIVE__PASSWORDFILE = "/var/lib/pyload/extraction-passwords.txt"; # Enable ExternalScripts plugin for hooks PYLOAD__EXTERNALSCRIPTS__ENABLED = "1"; @@ -90,6 +99,7 @@ in "/etc/hosts" "/etc/ssl" "/etc/static/ssl" + "/run/secrets" # SOPS secrets access for FileBot license ]; # Bind mount multimedia directory as writable for FileBot hook scripts BindPaths = [ "/var/lib/multimedia" ]; diff --git a/hosts/nas/secrets.yaml b/hosts/nas/secrets.yaml index 3d36fe8..d92bd7b 100644 --- a/hosts/nas/secrets.yaml +++ b/hosts/nas/secrets.yaml @@ -1,43 +1,46 @@ -filebot-license: ENC[AES256_GCM,data:7fmczgcLOp/tkdoMVGfwESam9NwhZrNJXNcnebMKfilEKc81V4fdzS3/hxlueun2At6047UAdDi+6jAO3FvTmzmpmOFnrQxhojUKX2kj9SMSuDlskqxNt04O8wpGy69T8uOeV3ZUcRASzmfzQmuVU+zPKoIV2nq34mhXeIl17V22ZvoTDtFLs2w3IzxtKMZqLtDH4GZ4dkRcQBFcGY96T9R4CLcBqyZeBYb15ZaVLN9dHpQfExtpsBMVB3NikdWgUK9IAbjff1Xtkn+RT9gpQggCyQUl6UbtGqienbCq8ATORe1f89s+q6x/KneC5bdVZKQ4IqZrzDcuQ5aEJUEslc3aVITI3THEBWLOhYANy/4mMyw7R2KRIiHLrXAiiuxi3JumBvev27S6ilKdNo2By8OsbAB/Oj2YvDc5EBTePLCU0OloHIMSxWv5VkLQ2rM94bYtqXN269Lv6w4zmpOF0QblrvtoXnhhf4BQyf9owRDuNMrbp3Iu9Xnj87GoQVnulpwsMSifFxIibd94sRxS/N/5JTTih3Twj/Y8ZpmvoR8t9vCJ14vwBbMXheBpIYzxTk1phZKK1jLfi49DpWudop6iKNOCZdMeXxVRyAfTpOZSGqmdmsqOEDZESCnOAcNYlTxXmLmTdeqJfvTzsnWUi6kbbMYzaSaUlG7UB+RYnt97mcT5NtmbwCRDuFEOdqKGiR/vi7natH8VXe6nlY7xZxei0kkKAhIwyXV+mj/xurbQP3SuyYZriO2luCfuazxmVR0FpBqv+UZ6LwldmQ5e+O7hveYd+o1IjqjT67pVgLyFo1XY95Phq4/vFNvcZKhP7dqKlddkO5RCqjxHCmLowPSUfO2G4k7NV9/UioudATZnWGBpMfSp0pSuD9GXrPg=,iv:5BP77BRudjLiIKI5973BWbQlftupAdfd/aqFeN7DYLM=,tag:q2CAzGZ8lXPS41Uf2NjJTg==,type:str] +pyload-extraction-passwords: ENC[AES256_GCM,data:RaZEuiqBiA==,iv:Z12YFu1OJFHO8jSwN6CDnFJ1kpHOqlEekOkXj/+4AHk=,tag:w0oMFEIMU6OWt7eQ2L1VzA==,type:str] +cyberghost-auth: ENC[AES256_GCM,data:xy8Hfz/+zz23MOoUXCUBOV9yIIeMrg==,iv:Rh+lLawEXcyKF1IUZjI8ktjoX8gIiboBXdT9plSYon8=,tag:pspUUmgFO5Erpv8bDmSY3Q==,type:str] +cyberghost-ca: ENC[AES256_GCM,data:zDSLJB42dMuhs3KNT8Ckkm9BRN4wwASmzKRv/Gvpeq5AdX311uckNxdkA2FgWfjpuX43I8FyQdEUwjb83zLNX23iZ/lexarrcqBXGBqiU1dQSzCbepNdO/BIOHRREaVAx4SWwRMpA5kLylB8+JYkFNVyFtTbsu3qN5f2iBLeI48OB3nxk5ZMn4Ix4205RrFN0eP+192hU14nVWIFctvgqPJsBBmT/erxJusffycI0yf4qm6CHiYTqqIX3QWiLV1Nk/9u/4jSUSJS2Voj7ZYne//KDv8pdT+HKcq1pwGy/6CMhlIaeNs1iVlNJzT+ws3eDBi6QVyd0/5XGDbOA8V9qJC2obsP2rM9urMh1YDpdADpM4Jx1Z84BEp3a2YgIKauSHzd4QzigR73c3uW5IxHnpszzm0Hyf1YwwTXVd1idZDRK2f6/wubNfX+SOIk9QJSw3/HJ0JkXwfR6vGET2MDJGB21Hl80QbNOvMdPhHLIX+6fGSXjtzUdv3KEAhKMWSxAZ5QkHFhbi4sqp7zLCxupdY3jOUn1GJL6GM4mTixkpH5O0CzFHtkD/C/fS/OYv8ImCTE6VX5gmqB7dor89KGoVY+tqHUeg+4KBuUcNFTAmban/iwqbRHMKjQs+ifFRy5bOj5HcGJci6j2ye7urqup3pwP+CGSXAySfq2b65FrOQmmRJVfAwARJVfnokGghu3PH60RH+Un70XNCMPfjcirtOqYFObY2msviP/gEShAhuTmpg679DDKsbtIocRfjiU5kpnu2vmGZ6P2xcsdjd9mwOPSx11GFc73K80tYIOzSi5982Uc/3sKtAMTPUdC4xARF984cMs6gyjJYGB1atB8WfuhdITO3HX2VuSd8JklvRtGbeRs6ky8uVUcDFYErwQAXxBbTAt2ZZ7IU4Gfn94qcOcn3UwDTJ4nVJ5hLMFWjYtYkFs4kD2zshSVVFPIq5EzuUgD9iDN8WURVUbhHiUdUifPFgrWgNUE3zSLWXrAnEPa7d4Fg0QB/yz6oN+ugGgRaHqxOtaeewirhCV2m/JDqJmmLKyBY2k4NwyAfiz6RPuslGxLOGDvzZDNbPVOH53rlSVgwt77tMwxe9EBsjzNSKCWdolzSiXIjGNi92q/x77rkaEElNfBKXoK6f9i5Q7B98hWNwGltmdgfXSDwSZCKvpSPKrwITTQymBuET4jWdROvfZLRAZ1g10PVQp9Rx4s3TP95vvY1Tfy4G6IytWux8r/feCfqKu7eV65NloFf2nfqknNivBadsQwALchQvUsK3XkUPQy4Gc6OA4QReqxV2aqCmihTsN7SPR0ls4dHp2rxwslaFRrG6kR0SQdm1H2rb//VWsTNrc5OeFgqKjwv2asvSMdxlC/9g/lq03FHC6b2cffCptVRGVegZQNfSq9eHEyGK0AeqAeelNdHjUlSSvtZZ6oTZ7WkEYwhshNt80Leg6eqyTlVSZ59Ds4/9bbytc/e30BA07hTlkIPq/ewimFCW00kMiXLfltPKulfPoqOWVwKq7PnCsHr8xesY574/uHky47o6r3K0+LUblsZVynxYPVxl0edq5LNwLX1YJjcaJYEzDifKE9uLwrEI6FGveL7qPvxG2LkCkY3yMcU+bMOsyfhlGhm3AfIHwLFLDWNCFZwhdXSLB2O9JkR64/BUzKdnZc8AZsVgsxrn6q4ox59RLEyO7Tu+aROe6dgjJTXta0XaSpv1VMQLaD1h77AHSfSH7p2w8jJyW6y25iSSN0bey/2okyAbWHEXAmGBBydgh706rGFMrAZzPO25Stwn34gEUFAVawPGgHiKbhlmYXF4EW9MIKi5wr0sc3r2Vj8wG53pZgzmcI1U43T/x9kd3QhPEdc4bCH9L3JP7rLOZx8Unt1oZAXb/b8qnJDL3jPlfkQxObOWrEUWbOyd0/MaTFb6N3cqm6n+Cebh2jItc7e75HXM4js9rB7iAnFiRdlv5svlFQ+kyo6jsaZGa/3pf/4WJYg8+twvabvib64njCbRDwBtqV1qZHbCnxnaeaxp0jFuyVlWEQ3Q81O2p+N1Yy1c/Cweekm5goNbJ9GaLX6llCO0P/chJcYRhyzdEXuCmXONN678pX8rSC5rl8Tgtmswa9xwQFtWXHuDU/H94oL1SLagf569gnH1wbvxlEntzaFwauksOAuxy/Y/whVEpAZ4zCt209pWpYsKC57mx8hRvfUWM8GYL/opbLA7XRIBA5iIUOLM+GKW7iVZkrXH01mDT6O+C/+u+p9ooBhS4ZODTJOXFExVWkVTig88Lry+z9E0v0RVtiHiVISgWJV8IUb9DP12ilenQIfKIvCNWygCUmyB/Df5OGIkwU+0cd+unAsdKRhjCGD9FSBQ9a6yYf4fPl521PrDM3OXkRx6Ux91pi+2PZ2QCeG8Pu7JC0p3ELJQ30nrDYWI8T/BtO9diXtlkVIjaKR8HoD2K9jgtIxJXVqE/rZXhdbq/zG8iat3jcTj1NW3s1XnqQzSA8PaJDCe9xeK5012LOP4tbSFvxdlXgDPpGAKfJzjJxq1xQDoDPHE4TEGRLESRapg2hRNYx9P42PJxlbcPWR1RTVP91hKzUX9RZr4HtxqnQyUBVE/PGuVkXhDMR7LeoxhPB7xDziud4EhobaGIlb3XsIUyY4eoCpxNwOKuVCdqrKv8njuIeYOJeUAMv/j0ons/fmVEi4DLbjStvOIdv69hEz+0lSTyBDcLhpFk8cKjrGTAPTfCo87YgVA3MFFXCjZiryRxfNTDIyrF6PPJkjzmsGEdAcL5LDhwyhiR7R3FWQtu5MYcxSSEBahS8876Jj/jXUo0bH1cYnAcMIrcvWMejLXkERp/VCix9IE89Ow9qFKoOudkLz0N1328pzxnpSYa2LMDLFjcT5gDvUCISSrQkp41WsXGR5OCMCoRclfgSw6ei19Hua7JlFr2m8nCore7lb1fMtTR9Gm00wYHDSzjIfvn3/RyFgprYNM7zelbCllnXBefC+VuKhbPHSzzjnHRCoPqRzKkeYA=,iv:nP9+2JJQ4evWvphDDIXB+UJpPx/hNSIyiH3a3bdVr1c=,tag:5sNAAZzs4UzaSxiMYCWxIg==,type:str] +filebot-license: ENC[AES256_GCM,data:o5bMKZBt9RehmYGkhYwwhPLm/skOkFocxR+7FyKneJV50a88zqnMW+i3Zyazn8olZUc513L96stq9+5d4DlIhNPdud8Uk99+9X+LF3veQQguO6DC05BU4DDOOTjUninAl2a/rO1+yFZYIp800JV8npkfJ5XddZ3yow6VaYv9Yg/+2Di/a8zUcLAPAAQwy6SDZyeg4EeyDuOlJqayIhAGnRa8Tn4gXpyYOsqPgQ5UPHbH23dVYXlP6vlB+mou8jzPDK8HJKWYGssrVUvkH947mKcKd3gzcOiHK09Ah3m5yQUo4orRRAlXGf5kcr5IvEAMXHYrHavQq6sYAc6FFmF50/c1yc1h8qbCwzLrbAUXHpG2SnyCO7T4RdpL+vfmDGaeyzswlGDJaLfXG/wfl7R7iOUuVGn469NFV4zkD7RqrubsKKvFyCoXO+FbK0u293jNXFilyYCoppjxdVjVuPJIBw+orZj04wNUJR57ypl3ecCJ7bdlEZ48clKdbqoEBO+2M9YMussrR9fjxZOJ8MMdafeUAQHGqNQhd1SnqJ8Bs5EwkSwCACGGwlEmUy+RPU1+8jb2RoJjgdgM45WQPTfZHCrKN4kNcMuMmnq0pI8wbW1dXMHbCZ54bLu1/rq0OnCZGfp949+RU31hlup1Dbn2qk76IhgD6+UnK+mb4tkwEmI+5paG7iVKdfPOSOAqUTjwNs5IV5OiUqYDlLfOWAp7zstHQ25OTOKgAVUj0o6hr5r3xVQqzAyXkR4UeNn0/Agg8wor1L6x1cXi2kDgcqxMNXQiCqWmA+B5Bt5JhrNtgglO3kcHfZXhRTQ0UDKDkP3gbst4Bxs4es4YlPltHadJyqTFppwWMa0toiw2UilnCVud7B5YNUpWI8iMuHKec4U=,iv:3u6odO2heua9XnWLvSL9XgAVLwp7kauGftFuMjHIlVc=,tag:HT7cK0CYKdMJeC4PyzRVIQ==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWUI4YUsvODJtdTN4NDNn - QkFDVmFSV2Q1Q04rcWtiazZEMzFCYzRJMEJrCjM5RE41TjE0eURrNi9iQnBTR1Fy - SENYYmloSjI1c25pck5CSTJZTDhCeTQKLS0tIEs0SnFSNUdsdzZWS0loTEdBN1RD - ZnhBREtlR3o4VTVMZ1RtY1lVbG40YkUK2isPCoJSTQ6CUbHftSDoUZC8MMTqr512 - lCoeGQqnArTO8CWDJxIxRczooTo4mW7vDqD7idWdPgOdWZI8hWPE5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WFRKRkhiL1VheHZIRkxD + cEYxa3pFa2l6MnhZSm0vYVJHZ2plYjl6eVRnCmlMYmM2NENiWHhTdk9lOUxiZmZa + K2VSQ1NWNjRMVFl4UUx1cG1PT0pXY00KLS0tIEdCbmM5VEdrR0NhcWlHY2JsTkZ1 + dWIySndzbHJBZ1ByNzBFSEJrbmNEZm8Kp7jAKQPRljvYyyuwsQkGxNKUT04qDqaW + JXuqMgT+8UDkreJaifUo/hC+EstNzgPSBpwf/vI560hKFPF3ITJpvg== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdnJIeWh1RkhvLzF2QUlm - ZmNHaFpzL0M3eUdCdk1GL1g2MTdtdTdjVmdjCmVRTWJsajhKT0E5STN2SEUzWHFa - ak1NelloQnNiY3FaUm9oVGg5eit2eTAKLS0tIEoxcURjUkJsRENtblZpKy9QT0gx - ME5kM1EwYUFNMVFkT3VWZmpGSzRoWFUKzGNK5FzRWiY+E1Je6l0veoN5Z3K2TFMY - pm9+FGuYs+wxSrhLwajITj+NuH0+zK81mrYsugH+6OTNb7cDbLgh/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSWpoWTg4Uy9qMVNtd3Rn + WUhhYjEvVVpVbENDbHZVWEVZRm5Qd3FsSGlFCjBLS3pmQ0t2aUhqdmhpL3lGYXNO + bWF2TmN3cmJubmRCeGhjZWhBV1BETDQKLS0tIFFKVm01SEJvb2tZUWZkODhXbzFO + L0N2a1dYTnVUNDB0VVNyeDdEcjdaVkUKr+4k1r96lSenlqPj8CUi3qUJJTMljnij + KimYx8vXgxnfH6p8SjRR3rUXqqvG6ZrULK4BJ6Ht+BvV34SS44R9Eg== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWCs0a3EvZC9sWmI5S2tU - aFpRMVlrZG1zL1ZJSklJMkNQY1RLMW53YUhZCjNpQ1pHUE0yVUxleVovcVRLMFNh - amVFTnJteW8xRjlFY29HWkJrcVJiQzgKLS0tIFJrWWloc2ZWdGdPNlNQM2szTkZI - Zk42dFgrcUJOa3UwSDB3MnpMcVRLdmsKOKbF18HnowVhiEHO2B+BZqpM8Oc8vbDh - hczIpcezwMvv96L2/seX86Hv5mEAQvwN2CVA+sknnDL1XNA/2Ng9cw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlcHJZc0paOEVYYmx6NVJL + cGg0MjlOKzJKUGM1RktYK05xdkZDbExnTUgwCmhHYk5vcjJ6MFJ1T0xUNUhNdHMv + Y2huRkpKcVhIOUhDTnhHczFUSVV2c2cKLS0tIEJUaWx4cHBGV0pqaEozc3owYktr + ZU1lOXgrOWZkYnVQOHlCTjBETG9tT3cKA10Z5s2hsHsdrdGyyF1kFTIco3ZmSXqm + bhsiB+DicH9fVVWB7SS++Gjo5vMa7cgOcwsFYNJNVQ0qSoeuatJK5g== -----END AGE ENCRYPTED FILE----- - recipient: age1x3elhtccp4u8ha5ry32juj9fkpg0qg7qqx4gduuehgwwnnhcxp8s892hek enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6L1pVc2lRYVVnMU1uR1hn - aldPODkvTVFzNDRuWWFTTU5jU0dyOHFMNkZBCnQ0ZGxUcGR5d0FqK2pOenJzSEN4 - ak12VXhQSnZlbSs1V3BxZnBIQ0xKV1EKLS0tIEkrc00wTzJzVjVDd0o4WHNQVDV6 - WGlpR1kvdXFnMkxOQVVuL3pIckdLRGcK+xoZE63l+9mlR5ufN9kEtgKEHdIUcGbI - CpNhd8RE23tPKaVa0XbQA3bMqc1J9jST3vSWWewexwdLvfjrooSFZw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVWFXYVVEZ1MyYldSOFhW + M0loWkIwRnFCQnpHb2NKVGJJamtJbkdUV0hVCkJDckJMNDFlYlRZejlobnkyZVgx + ZkQ3eC85S1BHS0VTWVRsU0hLOE9OVGMKLS0tIGtSbkNZeElnOG12MEhaUnZMZENv + RFVhREI2bDFRbnZGNjRySHg0dG95UEkK6MYvX0i3vRl4TxJlIg9fWEClrtSxIBkA + 7AARUq/dPp0xWAIJd59TxKwN8SeznIZ7srKLoraBXS0/gWuKIq2a0Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-28T18:05:54Z" - mac: ENC[AES256_GCM,data:rmGDt0ZvZ8S//X1sqzkM9GdsoLBTB9dUprWdVN5M9F4/Zpq6Mpyk04VdGxYz421Gi+AsvhAkBaKi+XJjiEjRf9dYON/N18bWeRe3mJMLVOOoxGz+PQOeAuCyphZEKsCkae79WtbRZqONkU+kSqT5ED6iLjhOpLn1h6Cuw4wV1Xc=,iv:XWjRyxlGP4a14eUaJvZpizy2UiCSIi/PIUyaZg6GCJY=,tag:ZNp/U1O3wkcb8o5s1USrsw==,type:str] + lastmodified: "2025-11-30T18:27:13Z" + mac: ENC[AES256_GCM,data:bJKmwMevIxhQEf+2+letxBEU6rLKTky3riOixvfNIw2nTQFlypqfa5D+kCYfJ8v18sIJ86CyPF/WNrNZsPSZeahSR/G4xVLNwKj7847cKm9XDdW1Hm2K7HSdwhZF/zzL+CaBzdjHQVPV+hEUiH9DXkDbySvsmX/LUL06qT0gjwE=,iv:2LmAst6MZObFVZzzwNUShIiledqfGASh1hFpSWDKGmQ=,tag:b7t+Uvw/fb0FIGbExw/R/Q==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From f277d089bd79a755d7736b0b21f64c7cb0f78521 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 30 Nov 2025 19:29:33 +0100 Subject: [PATCH 6/7] feat: add cyberghost module --- hosts/nas/modules/cyberghost.nix | 86 ++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 hosts/nas/modules/cyberghost.nix diff --git a/hosts/nas/modules/cyberghost.nix b/hosts/nas/modules/cyberghost.nix new file mode 100644 index 0000000..cd1f805 --- /dev/null +++ b/hosts/nas/modules/cyberghost.nix @@ -0,0 +1,86 @@ +{ config, pkgs, ... }: +let + localNetwork = "10.42.96.0/20"; +in +{ + # SOPS secrets for CyberGhost credentials + sops.secrets.cyberghost-auth = { + mode = "0400"; + owner = "root"; + }; + sops.secrets.cyberghost-ca = { + mode = "0400"; + owner = "root"; + }; + + environment.systemPackages = [ pkgs.openvpn ]; + + # OpenVPN client service + services.openvpn.servers.cyberghost = { + autoStart = true; + updateResolvConf = true; + config = '' + client + dev tun + proto udp + 87-1-hu.cg-dialup.net 443 + resolv-retry infinite + nobind + persist-key + persist-tun + + # Authentication + auth-user-pass ${config.sops.secrets.cyberghost-auth.path} + ca ${config.sops.secrets.cyberghost-ca.path} + + # Security + cipher AES-256-CBC + auth SHA256 + remote-cert-tls server + + # Split tunnel: Don't pull routes from server, we'll set our own + route-nopull + + # Route all traffic through VPN except local network + route 0.0.0.0 128.0.0.0 vpn_gateway + route 128.0.0.0 128.0.0.0 vpn_gateway + + # Keep local network route direct + route ${localNetwork} net_gateway + + verb 3 + ''; + }; + + # Kill switch: Block outgoing traffic if VPN is down + networking.firewall = { + extraCommands = '' + # Allow traffic to local network + iptables -A OUTPUT -d ${localNetwork} -j ACCEPT + + # Allow traffic through VPN tunnel + iptables -A OUTPUT -o tun+ -j ACCEPT + + # Allow loopback + iptables -A OUTPUT -o lo -j ACCEPT + + # Allow established connections (for responses) + iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + + # Allow OpenVPN to establish connection (UDP 443) + iptables -A OUTPUT -p udp --dport 443 -j ACCEPT + + # Drop all other outgoing internet traffic (kill switch) + iptables -A OUTPUT ! -d ${localNetwork} -j DROP + ''; + + extraStopCommands = '' + iptables -D OUTPUT -d ${localNetwork} -j ACCEPT 2>/dev/null || true + iptables -D OUTPUT -o tun+ -j ACCEPT 2>/dev/null || true + iptables -D OUTPUT -o lo -j ACCEPT 2>/dev/null || true + iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true + iptables -D OUTPUT -p udp --dport 443 -j ACCEPT 2>/dev/null || true + iptables -D OUTPUT ! -d ${localNetwork} -j DROP 2>/dev/null || true + ''; + }; +} From 82c15e8d26a624ed8ad9cf9e04fd8441b2fac0b9 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 30 Nov 2025 19:53:13 +0100 Subject: [PATCH 7/7] feat: pyload config change, cyberghost change --- hosts/nas/configuration.nix | 1 + hosts/nas/modules/cyberghost.nix | 23 ++++++++++++-- hosts/nas/modules/pyload.nix | 3 ++ hosts/nas/secrets.yaml | 54 +++++++++++++++++--------------- 4 files changed, 52 insertions(+), 29 deletions(-) diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 71b7040..5e594c2 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -12,6 +12,7 @@ in { ./utils/modules/victoriametrics ./utils/modules/promtail + # ./modules/cyberghost.nix ./modules/pyload.nix ./modules/jellyfin.nix ./modules/power-management.nix diff --git a/hosts/nas/modules/cyberghost.nix b/hosts/nas/modules/cyberghost.nix index cd1f805..33ca5ee 100644 --- a/hosts/nas/modules/cyberghost.nix +++ b/hosts/nas/modules/cyberghost.nix @@ -12,6 +12,14 @@ in mode = "0400"; owner = "root"; }; + sops.secrets.cyberghost-cert = { + mode = "0400"; + owner = "root"; + }; + sops.secrets.cyberghost-key = { + mode = "0400"; + owner = "root"; + }; environment.systemPackages = [ pkgs.openvpn ]; @@ -23,7 +31,7 @@ in client dev tun proto udp - 87-1-hu.cg-dialup.net 443 + remote 87-1-hu.cg-dialup.net 443 resolv-retry infinite nobind persist-key @@ -32,11 +40,20 @@ in # Authentication auth-user-pass ${config.sops.secrets.cyberghost-auth.path} ca ${config.sops.secrets.cyberghost-ca.path} + cert ${config.sops.secrets.cyberghost-cert.path} + key ${config.sops.secrets.cyberghost-key.path} # Security - cipher AES-256-CBC + data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC + data-ciphers-fallback AES-256-CBC auth SHA256 remote-cert-tls server + script-security 2 + + # Connection + ping 5 + explicit-exit-notify 2 + route-delay 5 # Split tunnel: Don't pull routes from server, we'll set our own route-nopull @@ -48,7 +65,7 @@ in # Keep local network route direct route ${localNetwork} net_gateway - verb 3 + verb 4 ''; }; diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix index e7d13a8..b290390 100644 --- a/hosts/nas/modules/pyload.nix +++ b/hosts/nas/modules/pyload.nix @@ -89,6 +89,9 @@ in # Enable ExternalScripts plugin for hooks PYLOAD__EXTERNALSCRIPTS__ENABLED = "1"; PYLOAD__EXTERNALSCRIPTS__UNLOCK = "1"; # Run hooks asynchronously + + # DdownloadCom plugin: don't fall back to free if premium fails + PYLOAD__DDOWNLOADCOM__FALLBACK = "0"; }; serviceConfig = { diff --git a/hosts/nas/secrets.yaml b/hosts/nas/secrets.yaml index d92bd7b..317e8a2 100644 --- a/hosts/nas/secrets.yaml +++ b/hosts/nas/secrets.yaml @@ -1,46 +1,48 @@ -pyload-extraction-passwords: ENC[AES256_GCM,data:RaZEuiqBiA==,iv:Z12YFu1OJFHO8jSwN6CDnFJ1kpHOqlEekOkXj/+4AHk=,tag:w0oMFEIMU6OWt7eQ2L1VzA==,type:str] -cyberghost-auth: ENC[AES256_GCM,data:xy8Hfz/+zz23MOoUXCUBOV9yIIeMrg==,iv:Rh+lLawEXcyKF1IUZjI8ktjoX8gIiboBXdT9plSYon8=,tag:pspUUmgFO5Erpv8bDmSY3Q==,type:str] -cyberghost-ca: ENC[AES256_GCM,data:zDSLJB42dMuhs3KNT8Ckkm9BRN4wwASmzKRv/Gvpeq5AdX311uckNxdkA2FgWfjpuX43I8FyQdEUwjb83zLNX23iZ/lexarrcqBXGBqiU1dQSzCbepNdO/BIOHRREaVAx4SWwRMpA5kLylB8+JYkFNVyFtTbsu3qN5f2iBLeI48OB3nxk5ZMn4Ix4205RrFN0eP+192hU14nVWIFctvgqPJsBBmT/erxJusffycI0yf4qm6CHiYTqqIX3QWiLV1Nk/9u/4jSUSJS2Voj7ZYne//KDv8pdT+HKcq1pwGy/6CMhlIaeNs1iVlNJzT+ws3eDBi6QVyd0/5XGDbOA8V9qJC2obsP2rM9urMh1YDpdADpM4Jx1Z84BEp3a2YgIKauSHzd4QzigR73c3uW5IxHnpszzm0Hyf1YwwTXVd1idZDRK2f6/wubNfX+SOIk9QJSw3/HJ0JkXwfR6vGET2MDJGB21Hl80QbNOvMdPhHLIX+6fGSXjtzUdv3KEAhKMWSxAZ5QkHFhbi4sqp7zLCxupdY3jOUn1GJL6GM4mTixkpH5O0CzFHtkD/C/fS/OYv8ImCTE6VX5gmqB7dor89KGoVY+tqHUeg+4KBuUcNFTAmban/iwqbRHMKjQs+ifFRy5bOj5HcGJci6j2ye7urqup3pwP+CGSXAySfq2b65FrOQmmRJVfAwARJVfnokGghu3PH60RH+Un70XNCMPfjcirtOqYFObY2msviP/gEShAhuTmpg679DDKsbtIocRfjiU5kpnu2vmGZ6P2xcsdjd9mwOPSx11GFc73K80tYIOzSi5982Uc/3sKtAMTPUdC4xARF984cMs6gyjJYGB1atB8WfuhdITO3HX2VuSd8JklvRtGbeRs6ky8uVUcDFYErwQAXxBbTAt2ZZ7IU4Gfn94qcOcn3UwDTJ4nVJ5hLMFWjYtYkFs4kD2zshSVVFPIq5EzuUgD9iDN8WURVUbhHiUdUifPFgrWgNUE3zSLWXrAnEPa7d4Fg0QB/yz6oN+ugGgRaHqxOtaeewirhCV2m/JDqJmmLKyBY2k4NwyAfiz6RPuslGxLOGDvzZDNbPVOH53rlSVgwt77tMwxe9EBsjzNSKCWdolzSiXIjGNi92q/x77rkaEElNfBKXoK6f9i5Q7B98hWNwGltmdgfXSDwSZCKvpSPKrwITTQymBuET4jWdROvfZLRAZ1g10PVQp9Rx4s3TP95vvY1Tfy4G6IytWux8r/feCfqKu7eV65NloFf2nfqknNivBadsQwALchQvUsK3XkUPQy4Gc6OA4QReqxV2aqCmihTsN7SPR0ls4dHp2rxwslaFRrG6kR0SQdm1H2rb//VWsTNrc5OeFgqKjwv2asvSMdxlC/9g/lq03FHC6b2cffCptVRGVegZQNfSq9eHEyGK0AeqAeelNdHjUlSSvtZZ6oTZ7WkEYwhshNt80Leg6eqyTlVSZ59Ds4/9bbytc/e30BA07hTlkIPq/ewimFCW00kMiXLfltPKulfPoqOWVwKq7PnCsHr8xesY574/uHky47o6r3K0+LUblsZVynxYPVxl0edq5LNwLX1YJjcaJYEzDifKE9uLwrEI6FGveL7qPvxG2LkCkY3yMcU+bMOsyfhlGhm3AfIHwLFLDWNCFZwhdXSLB2O9JkR64/BUzKdnZc8AZsVgsxrn6q4ox59RLEyO7Tu+aROe6dgjJTXta0XaSpv1VMQLaD1h77AHSfSH7p2w8jJyW6y25iSSN0bey/2okyAbWHEXAmGBBydgh706rGFMrAZzPO25Stwn34gEUFAVawPGgHiKbhlmYXF4EW9MIKi5wr0sc3r2Vj8wG53pZgzmcI1U43T/x9kd3QhPEdc4bCH9L3JP7rLOZx8Unt1oZAXb/b8qnJDL3jPlfkQxObOWrEUWbOyd0/MaTFb6N3cqm6n+Cebh2jItc7e75HXM4js9rB7iAnFiRdlv5svlFQ+kyo6jsaZGa/3pf/4WJYg8+twvabvib64njCbRDwBtqV1qZHbCnxnaeaxp0jFuyVlWEQ3Q81O2p+N1Yy1c/Cweekm5goNbJ9GaLX6llCO0P/chJcYRhyzdEXuCmXONN678pX8rSC5rl8Tgtmswa9xwQFtWXHuDU/H94oL1SLagf569gnH1wbvxlEntzaFwauksOAuxy/Y/whVEpAZ4zCt209pWpYsKC57mx8hRvfUWM8GYL/opbLA7XRIBA5iIUOLM+GKW7iVZkrXH01mDT6O+C/+u+p9ooBhS4ZODTJOXFExVWkVTig88Lry+z9E0v0RVtiHiVISgWJV8IUb9DP12ilenQIfKIvCNWygCUmyB/Df5OGIkwU+0cd+unAsdKRhjCGD9FSBQ9a6yYf4fPl521PrDM3OXkRx6Ux91pi+2PZ2QCeG8Pu7JC0p3ELJQ30nrDYWI8T/BtO9diXtlkVIjaKR8HoD2K9jgtIxJXVqE/rZXhdbq/zG8iat3jcTj1NW3s1XnqQzSA8PaJDCe9xeK5012LOP4tbSFvxdlXgDPpGAKfJzjJxq1xQDoDPHE4TEGRLESRapg2hRNYx9P42PJxlbcPWR1RTVP91hKzUX9RZr4HtxqnQyUBVE/PGuVkXhDMR7LeoxhPB7xDziud4EhobaGIlb3XsIUyY4eoCpxNwOKuVCdqrKv8njuIeYOJeUAMv/j0ons/fmVEi4DLbjStvOIdv69hEz+0lSTyBDcLhpFk8cKjrGTAPTfCo87YgVA3MFFXCjZiryRxfNTDIyrF6PPJkjzmsGEdAcL5LDhwyhiR7R3FWQtu5MYcxSSEBahS8876Jj/jXUo0bH1cYnAcMIrcvWMejLXkERp/VCix9IE89Ow9qFKoOudkLz0N1328pzxnpSYa2LMDLFjcT5gDvUCISSrQkp41WsXGR5OCMCoRclfgSw6ei19Hua7JlFr2m8nCore7lb1fMtTR9Gm00wYHDSzjIfvn3/RyFgprYNM7zelbCllnXBefC+VuKhbPHSzzjnHRCoPqRzKkeYA=,iv:nP9+2JJQ4evWvphDDIXB+UJpPx/hNSIyiH3a3bdVr1c=,tag:5sNAAZzs4UzaSxiMYCWxIg==,type:str] -filebot-license: ENC[AES256_GCM,data:o5bMKZBt9RehmYGkhYwwhPLm/skOkFocxR+7FyKneJV50a88zqnMW+i3Zyazn8olZUc513L96stq9+5d4DlIhNPdud8Uk99+9X+LF3veQQguO6DC05BU4DDOOTjUninAl2a/rO1+yFZYIp800JV8npkfJ5XddZ3yow6VaYv9Yg/+2Di/a8zUcLAPAAQwy6SDZyeg4EeyDuOlJqayIhAGnRa8Tn4gXpyYOsqPgQ5UPHbH23dVYXlP6vlB+mou8jzPDK8HJKWYGssrVUvkH947mKcKd3gzcOiHK09Ah3m5yQUo4orRRAlXGf5kcr5IvEAMXHYrHavQq6sYAc6FFmF50/c1yc1h8qbCwzLrbAUXHpG2SnyCO7T4RdpL+vfmDGaeyzswlGDJaLfXG/wfl7R7iOUuVGn469NFV4zkD7RqrubsKKvFyCoXO+FbK0u293jNXFilyYCoppjxdVjVuPJIBw+orZj04wNUJR57ypl3ecCJ7bdlEZ48clKdbqoEBO+2M9YMussrR9fjxZOJ8MMdafeUAQHGqNQhd1SnqJ8Bs5EwkSwCACGGwlEmUy+RPU1+8jb2RoJjgdgM45WQPTfZHCrKN4kNcMuMmnq0pI8wbW1dXMHbCZ54bLu1/rq0OnCZGfp949+RU31hlup1Dbn2qk76IhgD6+UnK+mb4tkwEmI+5paG7iVKdfPOSOAqUTjwNs5IV5OiUqYDlLfOWAp7zstHQ25OTOKgAVUj0o6hr5r3xVQqzAyXkR4UeNn0/Agg8wor1L6x1cXi2kDgcqxMNXQiCqWmA+B5Bt5JhrNtgglO3kcHfZXhRTQ0UDKDkP3gbst4Bxs4es4YlPltHadJyqTFppwWMa0toiw2UilnCVud7B5YNUpWI8iMuHKec4U=,iv:3u6odO2heua9XnWLvSL9XgAVLwp7kauGftFuMjHIlVc=,tag:HT7cK0CYKdMJeC4PyzRVIQ==,type:str] +pyload-extraction-passwords: ENC[AES256_GCM,data:M4ONmZXoSg==,iv:9+NEibTSoJwZ2uLJZZzQtJHMNtR084CCyBXq7ORqxI0=,tag:QE2QMlxycK+OJWgiLWKlRA==,type:str] +cyberghost-auth: ENC[AES256_GCM,data:ZX+vfTcIH/8QMOIpIFdYV71sYBS5MA==,iv:4TeDcMs+lz7N6myLwZ9pG8mwzDzjWBpyi2CpsUtcaoc=,tag:RM24rTag4RfgPWKfrX3fnw==,type:str] +cyberghost-ca: ENC[AES256_GCM,data:7gMSXvU23LKH1j7O0z7JRbMelQCfKybA4mIRLiqrQlx6cWOyoNrKkLgWHKs8GbeeMybUPwleswDL45kxQV7KTONTDWCfDXXRgIBwpELiofICQQJuaNXnlpS7wy2U/ieljTWi1VsKCzzvJc6V15GgwHci+8Tn5QC3hls60rkLh2ODrlFVe1Asr/U+nYMRMqDBwbrqammuaGvmqGvNsVNreJczFx/V3vpq8EKgWL4zLz5EQLysh/vcWd2rTRPRGQv1DwBHGjM0PBMJAUrRUF3ESicscIBjTS70UOmqghfp86SVvg8QblHS6D/Is+hQH0K8GLhaZsVztmvLSOZoOYsFjOldeIQFyOszwvpirOXW2ZOWlV82JUtQiJQ0qQ8SRinQTxojdY/0tgxaOo24cuaHYVKVyfRIiUNRpAO3FUMf0s5GQneQGGWpfqLboXKt+rBol2co5aiesHmR5w3918RmI1yoLd4qlF8BTiWVYVJgXBLxlI5tkPegyyTCbBEj3aLmTr2ybBpy7ba4lzrwCiMRYog1xRvOCwBkfaszw86DZ1BcNtbii+eU07uqQGNl2yYBBdzo/zJ9Vj3IhflXpOyU/VnC3f4aHHDLhaCZSUIQcPyRJMpREGYrLgq9Xwast3hozvlx9hrQ3xoxDOPtkuNdk/sVkJrHw0l0npmpq4glwozWdMAcEb1oNP2dmrNs3Pjztouops+dWQRJJ4+CMZq0JkpCE6fOfew/uaKLcgBpsLMrW7VofLvDJdR/4/u+Zg95JkVpkQqnQVyX6ab1KGqyEw5UvrKpt97aSqLPReaNhIowSktoXv8z5pQy8n+vWjZoR7UKa2B+MaDmv2KFEScDhWKQUBS1/qu4uWqjW/j+ncuMahhhWKPuU1PA4Scig1TTKR7QanFZklVWFgEvJ6LaOQMreMZZ9ohGfQLVVC49i5HGWFyWnUMoz7qQ5rr1uLf4z46kYun/AOQlCgEtsBrF0fmfi3njWlMcSEhvqsr98zkb8NZWMx9O2OsSzE9v/snklbgYlMf1ZOYWebjobY8Vyc5+EGx9Qw3fwQi2VMIvKfMjhS8xOW3M/MESYojpxP+U3JSLLfSrJbtFeV71KyIIyWNkwuyqprtu5KrHsWj5UTUg02MRQI+Wid4gxmNkNpPE0IMkobwqHZhii/XXfTmBzgdeHk8Yhs1UP1dK7RnFy6uqHtWPULX5vUBOy1KOhjScETUa6UmGLe3MGVWUO1XMQhBE7Rf5jQCj12BblssrxQcKahcgE5P8uGOKSGsBmMasO6d8mkVNx/S7rWnMHIe1/eZwRsmBkKp0bCMQ/314eMcBbFnCfWLw6bzmZER02jQpjvxTCxUIPhSVqGPE0IPNBSrXLudXZ+zb4iWRWyEi1vFxUmlonQnMWgDCM948hiEgvjbV8RYXAMEMhrfdRIUoSCJ21HxANvE9w4nOY5nq4iK+LZDr3xn3QWJ1PlxUgJcrQtYUxy8w15HhDcUMj4SOFU/krV9TjLeMXKMVeGS+384LMwxgDuyI+JYE91ozAO3g9PdXucS+MlmvzqCiZkOK6DyCRk0DDqtbl53gzHDdUMb+zwrG9I+jL0A1hY8XxLrnlxJ7gHExIg/NK4JKnul03EsqXSNtQtYX12GecpL65k9GGDniZ+sUtjvvQ8f52581chBsgEeAzK9fIQXKxex2dBlg4L4NGG6BplH6ovu2Ii5ogdc1agyjdemDoAW4MsGosWqopQkmmoI0jNc3VRJA+3pjk6I2J5rKNvsddPDEOldaeJxhXipqdFMdZfIX61a0q8SO0tzLRgrWLNCXPSJg8wYWU8ZDsOQ/iBbT7pBM1MAlq5qV/K7xBKNX2s+KOncu3aq4o8vreNI03wd/6RN9V7uS373CveHDmvN3tjA8V9Hwjk8BoxCQNzqArHmTnkyeI2/kj4G/cAZAT1EEjQLZYFgME5ON8Zm5o7kR9Nxq+lKr75M1JXsn9qHk4+DZ9FeV8dI/x0FyOJev1yhI5SatCIkq5BuY9zw7xlUEBID3UKMuwM1ZM7JMyys3af3Hubpy9t/+CdO2wo1rU47Q/zp0F7I5r3nd0ddpx6dcJF2R2DB4nvDM6UNJWnpezrNWCmESwcCDBw8ciIN3zxkSy5HeLySrDVynuxR+KNf5UItKQfC7+KcqZVRDFWrTXRYuazhVsg6/+N57AEQcjbDFsKiuaeYjlCEWuSJFZE/SFkqoacZjIZpoAJOw9dBrFa+7y8VynvMGWdRy0Rm0UFF9XLS7EFntdcJvteHZXqDrTNepHwDkUgLjTy+S+/XDhipG2B/caKWAYL9NxyB/L6cDUMopMtR0hLMv7GJblhpncFExhyhSMCKUrCqD1K6uCfW0N6VZyYOgipPN2krFpNtbYBQ2xaSM1/adIzwCNlAKMRBnJkUyTsgHLhufes/ebaJcUsL1+dormXeAm203S4UrFhwlVT56N/JDmKo3TpovqN5Xll5pUKIh+sYbQeeJPELvU68RIL7c89kS9KKtqXssIVWIBUeJHLCWwJbTLNfdY64KWyYSldYmuZ+lcYD6s2AIvDd+EhbXQqfXHzs9g+NNWMvNDst343pNyFMuIxJpT8eEW/3lDTkBGwzcvd9Svxi0DrOyFibT4gTB/btqe1quFo1WWuIsxn11K5gAEzKhJJ/ZbByw0mbZ906ySusQE6TTuMUcFR7r8iJOc6prvGVgrkPwneYFiuT0LFhb4NAMdJ5uJ95ycARR1wtXKnSRr8vNf+isWkkAaQQ4m8f0LgL1P2WsOc7ggFCXFI8O4IyY93XN1TfiNR9oujDVxsOZ+hApGbQFiEY83/gHYQnvaIdA26ppsqosvp+Ja5GYblNQhu+1YtzPkrurI1d9hPreSFMZbwyCK0rwy1Rl4BPfmKks58FVBAz0bWoArBFEW/39FWmrRHdZJQp+wWqye7exqq7E2r9f/zaTizV7V7U2gNtrXUhD+5bCKi97hDf2ykqh4C692EEndjVr5+KNsiNivYRDrrtkAp1Su13fFy8=,iv:inCj141jhzAAUXPHYPyfWV34XLOs3IzZDu7F86zTCyA=,tag:r5Gg4q1B8SammluvIi+nxA==,type:str] +cyberghost-cert: ENC[AES256_GCM,data:f+JH3n0qV5niH+n4ceHCfbgbFvUeVii47w/0XZUtBXVsSfWwmu53L7vdtMKIHwIz7q2Tyx9e9fHq6k+t1FytNX7Xkxz2lz6eLSoqzU53Fa574C1SKWyHHRpuUcR6LFebIU/hYK3pa9HGv9RxFcF44hJaFIiZ6Tl5xViHDqRGEYhmstyyZVHo4lijTW8qZfrEQgHCemUk2K1wrJd+aS/w7vSJlmAOJzOc/Kio9ku3nQ9H26/Bqi1+N+HDntoxDsNbb5737ooGyO4Cg2dSx5FR5DGQTtvtjpct/7NIRa5XTVqJnYpWXLjyrQbB+xTD9J82HV5fKNDE68UdOLQEnLlYREr9zNCjCZjvA9sc3VF7+3tCvKiKs9JBoIqHIN4m01U6jKoGYBzx4z7aYQeCv45/BlRk7haCvx/vz/HRqu7TwxwJIllgOvLLswVyZhAVo20lwxJzyFui/9ZQM8B2x6s8jOGHIH5fiF/nrB4skzNG++KGqnm+IQu8tA45p5luDjxajhp9AH2XWnsYrGm0GNvVuj6HfK4QUzVhTmLcLf40cyc6REAz/i/0JvQ+FS9iRE1tyR3Dn5hW2zmyj7OgkMhPlyjjVcx/zYjzKmIb7bNEeH6WnBpSDWMWCZJfhmJCAJgVJ/q5vwMD1icrbiA/gcx18UO9UGLUBhLdyT16g13i7f/nL9P+JDBYagOoMQ10JfD2qxnpMTFiSw0zaSqRYRoj3uPTCWD2/mAPP3gvCrgEfRyihqifUdAERBodHW0boDBwzSNbtbyCZV8lw+cYAvC04L24kkUG7+EGZhsHBGSUVxHYNaPI+crQP8S0GZ/cm/gqUwu7Z69Lbq46+QbsA/GOTT3y+jYDUMvDHefCK9iLXhmrL8eluAMP7aCEajmBXyJ9UlD/BwhHtoBavhCWbQP/fcip2MqPF81SAtDBqxnzR9V2kj3O/lgHU+2Osr8W23UMCz6XLwrZy7enq62xHviO8b/hDDmcum9HtRRiGnVeNPd1ijdcvslH1dvq6JJbRWroZK0EspPr25dUwpAl2R0aDAJqLZUTtLAGeFmoU0a8GqH0RtqatnST+0NsYRTQKxyMThnwDmPnW0deMjRkQylJ+mbFq7YgTumzJRFc09/dM6Eres+Wvw3WatK0XwJUirnriumN/IHpaWg+h3rsQ9TXAjLilCr4VMvrxX4Y7rahrxhHoIXDBb9IcRxxO1Puw5i2UhYeZ5g+Tn9Jhn/fRRVddvUqPA4TLZclVazhNgtapIuL5kXjFcQuD21f85eWRNoDUmnwetuFqsUnztm3Ew6YHKwmfCDsmVK45XTD1/s7Utqj7p9ZIC8tStKzBppzTMAzVIKucz4NFK4m3xPwLFbaLE70wOU2fRuoR7hTqS/9ktYXz2/HDNb3x/EbdP06R00PbQk8R1GyoYdUy6WHOxOXWJEZhcEXjlmAHCT4NmxpqVpdrkBBC9YljpNxmRnPRAQHp+mlUXiKSYU1HRa6uRKyXxBxfKzwl+iei/pqJGvAPOn7+X5snsImKCXH5J2bXSotzo+dRl3tkDSVGsa3Tt1N/oHf7nsCILZH74Tjwddf7axZ0vWYSWPRiQAyuUvol0iFCtlKc48y/1rDSkZaO8yHSHbzXz72QmesLtALiPOanvaDTRqgx7yg76fw+tcVD1qro8gkXh12zxS+rkpxxac3vv0TgJTminvQnNAhz9Q51XirJHqP6/1wB8/yCBLakWhJlpXmguqaApeHg7xrJlY4aLtOcM9Oz208YaaBaE9GMWyRklk+VxfPN2sMJ/9YPN/CsBGByjms8f0yhiLgq07boVXKd03sNQD8i2RHhR4C83tUImavBqQOM5Et5uFxK5F/KovFbJAX8hHtdoRxR47Zq4JAIJr1gpn8WLYb47KngaE+bUzT0otPzN8KTTEFcj42HN3yBUXBLa8uwBeXz7VeIvPd6mtNHyr+RKaqPJOksS6XkT8PKywkubwO7uvrp4qr7RslhhRV9tKA2cyFz917pDOCkDk2tBZQLBJGkbf629SubY9y2ehgeUFR7mrZ3cfmqbgpGurK+kVUu/LzJN+s6XGOyQEwOXH8NBiTe+BuGqO24t3lL8xyfY2ljDerXvU56ngr7xYxsSKYFfmKEy+71bVffT8ZqPp2sHxK2USJE/QnbGITESs+9mL0tAJ1Xjsbx98cNqjaMwae7lpWxlEVyzeXJXSk5k/4xj8jrjdXEs5+k/lLKJ+u0L7Fz674a9H3cCk9Xod3Z8aVVZuuDg+/9CFmRNWQtIxOSbYF3/drIExhF8jaUSZS8zWkE8hVuFZKs3Ugo9gUpl/M5XUFHlebNG3lN39LqQYk+Sl5J3VYiX79EtuSgNUS3eCDp447MMpqgZckjyIvGjA1JAqfraK6FaYfTx+HsJsAWG7PfOTIaI/J39anU6mbbfQTLkadDR0QwW8B5vlxO51hUakXK0sUAwHU5KMNWsEn+uwL+tDmJAvNJpFr+BGD5G2rUlDHUYC7zwFn+kGI5WPFCQAAf7LZE/afNj3j3WpMzd9Iqi6ay5l0fwAbk8bR/cO7iUW4cpd+WdrIol0DDku2kqK4mzajVf6rsZ68ZoftUBeMKPlDbl9NT1e14IwIPIfuRSkXrnAm6hbAmh/l8GgKsZvgKG/RkF2b3DnQ56Ux0FXfwsWkVDGXcdToTVdqAMlajs2kROLQv2wopnhyvNPQD28is8t0ama3WgmfRCYQEz56kKi+ajNgwpOepTSi+7MP3TOctclOgxEHScth5ldm7nRu36VlJrkxWu5cTgnt8ZNe42QM7I+OXBTU5l3FnNHbgWhPqpMqrNVIbUOCz+ZWcaxApFPA1AsupZKa8U3bSrZFLzWB6/uf5KBkxBe4EUugP4pbHFpJn7b2+J7JtF3w71bYLry+k5cnHB/FWlHAKqW9651DwY9Av0Vb7KMtIVhoWQkwRhUeA+Cri0LKrpTQ2gucTcuHS26Z45/H2df78FkuWwrW2AiosRjbHQrwy9mFJgIvECDQFrbsWm4tspAfYCbpzZaGQZYqGciAqAzwX/hcItqL2C+tIXGU/w4vqS9XOxwwqedFgu5Tx8sa+p0oEps7POZ+nkCnRc9ayYvXek0cTulKpW/t/cqf75ZI6jXjmT04b4lb+VnJG2oZdS3kDg==,iv:TvtZ8/eeeUwMq07nl+fx7ixkifN06shxcyV7vIs5zvU=,tag:fZXmrkIvQ1ZH3aqkkfLLIQ==,type:str] +cyberghost-key: ENC[AES256_GCM,data:YtUdmKFmeW6oLPImSWbmR/+z/6QWIURofk7wXMsCKaYatEJSD5CJaFzvvzDfVGdoDVk/dYbyb+OHSAsd0jQ4wRZnHwsArR9q5G+278c6S5Ha5G2X0xhdG0c9q6xPJcABWKlVG+7pN9xghsm2FH6XC+yIEwtMjyYbMF80GhKq3UGvEixa0Gp8KITWJ/heT580GQeJk49TVLLOYZdtqAb7xRIdx6wBV4RUKWtW47LPb1VgF0GVpFbf3aXCGp/Tj8uaHJP/DtoIKb2SApmUTCrduTVGEGrkM1RqVGBVQVCAgb/F8hX94R3WuzlceGBxhBm4eMwVI8rtlt0Ts82HmJhtQWamK1olndFG/fZPF0U9/Wm0ny/CmSTE6hufPO/lxTaJOWJAUyoYGhnJF0fQFAHc+OcbR+HJBa9VKir8NriV6MRpR8L7eAdeiLPUxV1cFberrhA2cWhsnuaoIWQIFo3eKkaUb0UjUu1Cc+M9ovG38xrlEGs4Y+whdSb4wUciMpvb3uIjMaqyElbMRkuTq1WWIvx9zatx+4tdnAI+Sda1+1x6xXhOmf26RQAW5/eGwMiDaoeY2ZpLXGS2amV38NlGI86alI0fA5+FLUhseyBjIjb5LYLNlxHcTRN297NWLqJAwaFI85YUObLSk43qe4yPY4XwaVFsXnJTCesKxdwC5I4o1O+GheLW70lwJypKp2LPSuXWzYfTTYaYr3TTgy2X4tl9lP3LNhhaznfHkx6hcVUD3VWNWeNSKafARbAyUchBkyAVtlUPdEb3d+bxAuMA1nxGDyqPi3V6Vvuy3fw88rvlxlN6KQDK9I7JUfA5YlEUxFhMiT3TurI+iWHHxRCm2I+YXy5EAn7ZkzQMdU3QuugbQKHj/ZImp24NckmX23EjnkcDbFNHezL7nH15wHog6ucvU6YR/88odhaoIPPbsxK5OFbHGekfYS1qTFYDdqz4HWi5ldxHX7pw+oasO8MItF7uf0BjnYkpFV9YqiTha+eR1XliLSK3zwbVU9jjAXAE2i5moXgpZrH02g4iFNIp0ppW0na1TkkjfYewzBsJ1f7MYoqaSRhO/P04zek2GYMivwmEjAPEvzgNEDW0kjoJzF8HHMMnlcwuMV8dndzUARnHQPPaR2iF8Q/gj3kn0czSqf8EG32vnVD8/ugilluJiMa2YFQJ9zF+cd7OhxL+IrJZPdu/pXzlffCTZokMDqFEud9nLTMJ5loxB35vblXc0VaEIN3VfRQTx6dTLF/XiYSkOWGrSDt/NrGSTIsAY+QL1+Rg1dDxasYDw+3pM0P9VLPsKEdkD1rH2bpXYkXj4Crv5D+cR2UeWlhv5qOUJXamu/3icazVyucXbR4SgqLD1ZhWNcX5GvRNP/oIY4h9hNI4idqNp0qNL3w9/ovThvYbCWwz7dL3I2ykoTaRdKW2OgY9NG8Djo7zUyBxS6Z3EcjB64MMAejdR2Sda2M4q9/Beni4w/DX3jAuW7l0MeHe99i/aq8VE+nbu0Pt/pA8bcdQuWmoU32oDUr7b3MoJK0SMl4fkjsmuZo7N1sGFvRnIDRr4Gm9I9UIyOFSHY7kYMMYvvZifM7dIMfimzMZeKzO83IWbHAn4ha294icB/njRJpeXI9bT/SHNyNYcSWsNGjc3l18yn7jPXNb0nMZKFhQIupHHqMIjludsHuF7SBjc2cL47wKlhcKU6VYWdNO6cnuYmOFTZZw+H+8frWUGKbQFDkB36DFkeiZsohK5zwp7CZbreAbquPCApJOnJdmKwGS/Hi04a4f32AOOQZPIeBa8NDiX1DI51xVPsp69xAFP2w+cOZMt1UC9/0/ywTCstvascslc+sTkiIIxQsyKVfqZlOBL7zmUtD+C75u5dvHWAwCcLvddK4Xh0/KOrgkFp/JacP850cX3gxn/3qw+ITDter53sG9i7SHRuOshb8UfAXEqPAiLD0vbmDAc9Hdfbyw4D0B8ILT9YTMa3PGr6Rrd9DKwCeKGnVt8xIjhN5TNCZVph3GQK+RZ5z/JHFJkC3LsGS52kzdevHOOzXBnY0QjM48Oa5Jo8zEwLgKzs3I9Xn0mWh7zPuqw5zDNnvIk+WlpfO/2aCYL534Oy2NrFahRczp3js7VyvbTobDZRDJ7pIChuK3Hi3ky/143SZ1owuuf9RyKwebVzi/utNIB+x3nALiYgIMlSFud0hD/Cw6Q5BJIaYmGrnv2uKobanI26ywcGy60xiFbWqE0Ax/A1D5GQ0/ZfSza94NPEB0SQQbLuOI8Gsm0WBpH0MmC8XkiKJW+PjC1E1TSZUDRhbM2Fp37GH2VQ2EE+Kd2y50lXUlSmw0shf1+q8wz7QTQoTU1wvSyHt8IS89M6fPBNbubdglDEWcRVNbHuttnwFTLVMu2XNGcNb6uQD4esk5bRgaXGBlbo2FnzuI9+LfXQSvY63RggqgEEibgtdIDQu/zC8Cy9cPuZzJn40DxcbE71GTwKYy4QL2t17hosxqEvzsVnOOnajJ0m2OAJy5l0VgwxuGxNyktpCC3McwcLr0LdWYVbaOgtgfXKBpz8Vld8Rb3rtLQPkQyMMsFQa37oIKY70t2DFLDzFMH7sCYCUHXoQkZ9qgtLmAMkqhhbpTE1OiOMHVbAWZwpfcvwpDF5dx/IefGJ05vPRyOGqGA4cKiPxH4uHQIcKIeLE7rchXikBK2cZRvP6l0yDhWC9zSyFGv62u19ILWX0Q8573VcmkMc2tnEXQ1ghgYj3u7LUk8OT3vKQNmuUImrh0ViZo36szsO7MzhnJ5WrW/0FfuTnDDxsRkplWyXC4+NxnxtrBO+pTPLWqJzIJVCNEIC93tlBFIxxHZxZvrKCBsZ+ym8kGXWa7kcIRJdeZWYP9nosArIWmnh/Yb6lOzfSEmA7eeq5lkWveW/rGV8XTdmxi3pWalX0F8qhaolfdH9SUmPUBCYadyKX4HkGxT7Pk98QykdlIhzITejNc+yampepM7l730D0OC6QNmX5E033qwNkxuDvmqyPzVOOpXo7nxSYMxtWwI/zZbofk8QJtGMxcdUu91Jb2NpBLRxh05cKP0IeCfwj4kI5CNQ9D24ZeDrrpsueVbvaY0WkOwFlQke+Hu0CYyu+jXEVyeLl9yI9Qf+qrpetJ0T+CCsxZ+GZ0N01hTPKcPdOTZvSh16qt/aDQZlr5mxjEaH3BfqE227mUT3Hky4Ge3hLHb7QOmnpIEpKuGt2wwtFAs9qn5A2wafLnPEZcVniz3Te+zvqfKSQufpdajfJzRjgKFe3N99EiGPtYD3yQGQqD7abpiQsS1iLn8a7Jj9UB4caLP+dpMF8Q4PDXbjOhRmeAjPlPH1/kGYyafiDxkArTuBBztqnMBLuW9swA63+hjEJRB33gOHcIr4uqw+CmxnbPtlgZPPjYJa0xh8AUKEGSHgm+9YArPzXhe1DkstfSxPHA+P2MWg4oBuVrT+cFYFOqSPousOGArU/qELGDyMjiDY/0JrUBMX0Jtb80ZLej2dRJiSsFAeg2pWyeZJAtsqyYEWupiwlOfTR2oLBHOHdcvLezu0fXl+zHxVqCfu2vMEIX3LddfJrx0O3G2EvNQiiddo880JU7O1Jlo8J8mxYNZSjF2Buzx4ronxSBpaS47vbCyoI+wH9AGTf7goSD/RSnJ2LCZuAGSreTBoyaE6E/KcFGQEcTTNkhTeby4Zwz54E34UV4v+1dLd88v3Zhrtk6Da6fN8c+BvOO2/LZQGNP9MS8TsbHTef7tIfLjHxIaJhqX2GnAUK1mrVLxhyeeLq8OJQbd95z1eV7UTJKE+KKExFSisZjsLRC59Oz9BT6LAKNLxlkSNSrFSWWI+/6qTWhWHSVvdJReub7LdwhNhQtaWnKXJY4shj1h65kbFMURLeRf/saEa8Klyxs7YETU7JghGWBT1HZftc/3p8mcNsBHgBfJTpnb9K8cqfxpMPOmJCXt+gJGpQVZ4A6cJKRG/qcAh5k/WArqcZStLI9ChFryH0Kw8qUEO7Ul0t4zEwsJ/Nm68ZC2VkFdqqVpOOMIPuS2hUsmG6ymDafskLD2UM2q4LJrBII9BNT6/GcFFSpuOvXzV8K1OrMPQqchhkFStoENYNMNuL9VQ6dyxeoVXfDNhydx7xG6us6jRX9Y7k81b3cdYn03WyZXbopJcIgH6uuJvjPBjGY3FgqW80cEbUMoqW5wuYl4T5Mukg9242RoPY7eLR1zzLQd8NSXVlC3WCQtYD2Xg3DSEEVXR5knjvX3mWRpoKSleey9jzpECCCWhR6OEhSrnef6fElr0JHic6HwyVfSyipYXAiD/VD0YutGTmPDErOtLKLLIFT5QbJaJ20/j4VVgTV2mcryYjG3xlQecA7jE1kdSY=,iv:moUhCD9vW2fREB1hXGyP3ha4PEzXWhbW3kI0x1KWxVA=,tag:UIW2trbJ2g6nkU7IfI06fA==,type:str] +filebot-license: ENC[AES256_GCM,data:oOVGag9rzJkgPb7Sic+nVg6n//3E7o0BLamF5ugXCdKYVoEw1koZWrB8kVwAmGAmzgpT98gMmWFvej5eZBlTR1CDV/ZFJHE5nr+1b7RhcVrzxVfkanpr6JOu3JJ2TDx+z6+JyuZsoHQe6zGIlyz1DO1/+tgYChEInZB+apFvbEsKzwT92yQztaJ2TivjCwcxhjZR9lnFTQWvTsZZ8Fatwi03FsbHNkz5UdlKZ+N8yFJoKc7a2+UrnV91ClfGpvOpaGfmgls7Uen69LPb2TLujhc1W+WBOwvzgWrrG4+KF+4yMtJ0apVJd5iBKq2zZwZo6EdC8Ynv8DqJOhTrjScoVCZ+xPEmcZGuOa0y1bEFYcDO31Y8iyVEUpfMfyyjFIWIm6IGkPDP3tWQWAQIIhlsYbRipKKN7aCaetg/ib33q2M0M1XFME2IBVEZMyEJ/PMt+qi0CUJqx+S2nxqEB8jNnJTXc+ANJfiJ1YdgtG67wLCdzrDTkDPT/HEIvTUumwWSLdZnXvfqvB4f5ZO20vPN8S66EgGZeWU3x/HXqV6MSQSLOOtySP3kY3gn/hSWIo9JB+63BEgdI1WvqlkA4wBB7kHuA6YqBR9ofODUt3ae7X7qbVcimGN9fRBtKny5u9A04/+gJ9BhWsaQruX2EPvIb/evxmYqFvg+suvBPu50KExmdjXPJJsRgR6dwYyxXwVOtbrFhKIK17e7s3+DyXrYWhMGOfUOpl4ew377E4YHjLBm1r5WtU46NfK4TA1rDVTSlBXOfV6Hmhs3ThUhNJ3sgHzrrQiEZcC0Of+4RBLhKNMTgOO39Tjz48BAYObBxw2F3oiLT9RBXFAz5ebwxzf6ciBwjEi4Bf76rIcE2RTdiA90J4NsDTsFNoknEIxqvHE=,iv:dbmC8UBE1dwCBSWcYg94mBvdq6Xi+nBweMWlvvnxN9k=,tag:UQZ6rlM3loJg4vxav7dg+A==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WFRKRkhiL1VheHZIRkxD - cEYxa3pFa2l6MnhZSm0vYVJHZ2plYjl6eVRnCmlMYmM2NENiWHhTdk9lOUxiZmZa - K2VSQ1NWNjRMVFl4UUx1cG1PT0pXY00KLS0tIEdCbmM5VEdrR0NhcWlHY2JsTkZ1 - dWIySndzbHJBZ1ByNzBFSEJrbmNEZm8Kp7jAKQPRljvYyyuwsQkGxNKUT04qDqaW - JXuqMgT+8UDkreJaifUo/hC+EstNzgPSBpwf/vI560hKFPF3ITJpvg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZW5uSzROdXE0R2VLOGlG + WXhTVW0rOGt0a1RRQzZaSlNNOWgydEN0cGxZClA0K0JnRnVmNTM3TGVRL25xT2pH + aTFld0ZDRERvb2NrVkJkbldWemtUQ0kKLS0tIENmTktaK2tJZmNCWWtPTDR4Q2JG + MTY4dW52aXYzQmhOMjJnYnhCZXZxSzQKVaw9iZSG3MX4a8qfPqeN4VuEjHXX8L8J + hn9nk5yHIOYjhmB8y1+Zoe/12+w4qHHF/yudnU+9oJCEcOvafhK83A== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSWpoWTg4Uy9qMVNtd3Rn - WUhhYjEvVVpVbENDbHZVWEVZRm5Qd3FsSGlFCjBLS3pmQ0t2aUhqdmhpL3lGYXNO - bWF2TmN3cmJubmRCeGhjZWhBV1BETDQKLS0tIFFKVm01SEJvb2tZUWZkODhXbzFO - L0N2a1dYTnVUNDB0VVNyeDdEcjdaVkUKr+4k1r96lSenlqPj8CUi3qUJJTMljnij - KimYx8vXgxnfH6p8SjRR3rUXqqvG6ZrULK4BJ6Ht+BvV34SS44R9Eg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZy9vTVRIdElJZ3R4ckNN + aXhCS216Q0pjSGVERXRVVVE0Tng2cmhXZUhnCjliWEROcjh0NU1VUlpXNmtuOGxr + cjNyeFFRNVRsUCs4emlHaVd0b0lzME0KLS0tIGw4ZE11M01uQjhUMUJNMnlyNXBM + VkREd3FvRUVwOUNSa1lMMUZQdU5aK0EK/RUCQuPK/mgFfjqStVapOD/XpTVe63OY + 9z9I3LLD54OlkQFyK1oPXxnMmjo0QezA+30E6rcxKERoe5N55ffxUA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlcHJZc0paOEVYYmx6NVJL - cGg0MjlOKzJKUGM1RktYK05xdkZDbExnTUgwCmhHYk5vcjJ6MFJ1T0xUNUhNdHMv - Y2huRkpKcVhIOUhDTnhHczFUSVV2c2cKLS0tIEJUaWx4cHBGV0pqaEozc3owYktr - ZU1lOXgrOWZkYnVQOHlCTjBETG9tT3cKA10Z5s2hsHsdrdGyyF1kFTIco3ZmSXqm - bhsiB+DicH9fVVWB7SS++Gjo5vMa7cgOcwsFYNJNVQ0qSoeuatJK5g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNDJzbGRGTC9ibEYwb0VE + Z1BXcU42YmsxTTMvQzZUYmpWM29PaDFTeFZBCkV0MHhKdjdLaitGZ0RGRHdnQlI2 + KysvSk0rbS9PazAzOVRoSjNQSEordEEKLS0tIFlQNnJ0a1dzbDR5NVVkM3JxMzVq + bjBGUW5SQ3lVMW9BV3lzVklISHVrOFkKkkQTxWMLVzt6XGdu+WdphYigSzeeoIWr + ImJuy1oXVd69XK4KUkXOrg4XfeKXXjslAHTVVI0+PFnDaM4SBC1h3Q== -----END AGE ENCRYPTED FILE----- - recipient: age1x3elhtccp4u8ha5ry32juj9fkpg0qg7qqx4gduuehgwwnnhcxp8s892hek enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVWFXYVVEZ1MyYldSOFhW - M0loWkIwRnFCQnpHb2NKVGJJamtJbkdUV0hVCkJDckJMNDFlYlRZejlobnkyZVgx - ZkQ3eC85S1BHS0VTWVRsU0hLOE9OVGMKLS0tIGtSbkNZeElnOG12MEhaUnZMZENv - RFVhREI2bDFRbnZGNjRySHg0dG95UEkK6MYvX0i3vRl4TxJlIg9fWEClrtSxIBkA - 7AARUq/dPp0xWAIJd59TxKwN8SeznIZ7srKLoraBXS0/gWuKIq2a0Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTXdqdVd6ZmxtYSsrWDA0 + WWtzZEhuVWxCNkZwbjJJcDBSU0t0cEpjRkRJCkp4TkRqeUJiVnBFS0pkdEM3eEpx + K2JlN2lSQ3NWdzd1R1NoYTVmSzByajQKLS0tIFB4ZHA1WG1DU29CbWlTSlAxdDA2 + Um9vMWRwQWk4VGF6eExMU2FvMjJSblUK/XiDETNk97IvN9A3yP+sfRxQMO2bXXdm + GDODc3E65x7Gftbvu44KS9UARFPzj32W+JhE0k/C+ihECUzz3ChyLg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-30T18:27:13Z" - mac: ENC[AES256_GCM,data:bJKmwMevIxhQEf+2+letxBEU6rLKTky3riOixvfNIw2nTQFlypqfa5D+kCYfJ8v18sIJ86CyPF/WNrNZsPSZeahSR/G4xVLNwKj7847cKm9XDdW1Hm2K7HSdwhZF/zzL+CaBzdjHQVPV+hEUiH9DXkDbySvsmX/LUL06qT0gjwE=,iv:2LmAst6MZObFVZzzwNUShIiledqfGASh1hFpSWDKGmQ=,tag:b7t+Uvw/fb0FIGbExw/R/Q==,type:str] + lastmodified: "2025-11-30T18:50:08Z" + mac: ENC[AES256_GCM,data:A7cQQgB6RMe3JdGSv7SjHrD9eoEY86ElfjIUp2PtYdzDiQfrxTsJf962P/IRRWdMn7cCwQDNwxJkiZCRZ7lv/iDznvibC+0FGkGIiFvbkIK88hr7hqvpzf/CQOpNvyvXfJb1Y13R00mSfNzJw7xo98IjZYlsLAAFxpapCbUV7Bc=,iv:/Gmq6AnMGVy7QKjvruFs8c3WcbGxW61P7VjYT2u2ooc=,tag:BT9gv7ebsWEpSARCI97rqg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0