Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Cloonar:cfe3cff76417665132a3180a83d6e2889139c708
Branches Tags
Cloonar:master
...
compare: Cloonar:e797eb40e0184480a81fd40a97f919f9e339cdab
Branches Tags
Cloonar:master

6 Commits
cfe3cff764 ... e797eb40e0

Author SHA1 Message Date
Dominik Polakovics
e797eb40e0 revert test 2023-07-23 10:38:05 +02:00
Dominik Polakovics
34289a34a4 test hook 2 2023-07-23 10:37:38 +02:00
Dominik Polakovics
1c0f69c213 test hook 2023-07-23 10:36:11 +02:00
Dominik Polakovics
2fed1e626e test hook 2023-07-23 10:35:42 +02:00
Dominik Polakovics
78c070d7a8 test git hook for sops 2023-07-23 09:06:08 +02:00
Dominik Polakovics
b32c7d72b1 add git.cloonar.com, remove old stuff 2023-07-23 09:05:13 +02:00
17 changed files with 177 additions and 473 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.null*.nix
.commit

25
.sops.yaml
View File

@@ -16,30 +16,27 @@ creation_rules:
- path_regex: ^[^/]+\.yaml$
key_groups:
- age:
- *tuxedo
- *dominik
- path_regex: computers/git.cloonar.com/[^/]+\.yaml$
- path_regex: hosts/git.cloonar.com/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *git-server
- path_regex: computers/web-01.cloonar.com/[^/]+\.yaml$
- path_regex: hosts/web-01.cloonar.com/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *web-01-server
- path_regex: computers/home-assistant.cloonar.com/[^/]+\.yaml$
- path_regex: hosts/home-assistant.cloonar.com/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *home-assistant-server
- path_regex: computers/ldap.cloonar.com/[^/]+\.yaml$
- path_regex: hosts/ldap.cloonar.com/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *ldap-server-arm
- *ldap-server-test
- path_regex: modules/lego/[^/]+\.yaml$
- path_regex: utils/modules/lego/[^/]+\.yaml$
key_groups:
- age:
- *dominik
@@ -50,33 +47,33 @@ creation_rules:
- *ldap-server-test
- *testmodules
- *netboot
- path_regex: modules/bitwarden/[^/]+\.yaml$
- path_regex: utils/modules/bitwarden/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *web-01-server
- path_regex: modules/drone/[^/]+\.yaml$
- path_regex: utils/modules/drone/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *git-server
- path_regex: modules/zammad/[^/]+\.yaml$
- path_regex: utils/modules/zammad/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *web-01-server
- path_regex: modules/plausible/[^/]+\.yaml$
- path_regex: utils/modules/plausible/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *web-01-server
- path_regex: modules/openldap/[^/]+\.yaml$
- path_regex: utils/modules/openldap/[^/]+\.yaml$
key_groups:
- age:
- *dominik
- *ldap-server-arm
- *ldap-server-test
- path_regex: modules/home-assistant/[^/]+\.yaml$
- path_regex: utils/modules/home-assistant/[^/]+\.yaml$
key_groups:
- age:
- *dominik

10
README.md
View File

@@ -2,22 +2,22 @@
- install ubuntu 20.04
- get age key from SSH
```console
$ nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'
nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'
```
- fix secrets files
```console
$ sops': nix-shell -p sops --run "sops updatekeys -y secrets.yaml"
nix-shell -p sops --run "sops updatekeys -y secrets.yaml"
```
- run install command
```console
$ ./install.sh example.com
./install.sh example.com
```
# 2. Web Server specific
- change the permissions for /var/www
```console
$ chown nginx:nginx /var/www
$ chmod 755 /var/www
chown nginx:nginx /var/www
chmod 755 /var/www
```
# 3. Net data

4
fleet.nix
View File

@@ -17,8 +17,8 @@
users = [
{
username = "nb-epicenter";
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7";
username = "git.cloonar.com";
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkydX9KuRLbLcqYFn/giWZc0vPCx77oh7/9X4oPJtUkWROw1uyZh91iNCxSzV1AZay6rRM8FEwy7PPeAJ7bjsJgHRranqbxHk27H4YXOojw5H9lBozkhcMq7Z6Lz6OMoHdVhZnE525btVLKHWeGtCuoO0pbN5/BsyXEavlGZEaTQbCTjr5sk+f6mG8GqwtuC5yyEY6fGpSs1i72CiwxavLim7nB4vNlbZdWIhmV6MhyAyY5mgt57xJps/mXqXj+/eRqtS7U8KPtJq3uxwsE4cWInToP7TX9GPce1qz4U6+blNwYjt5LTGQs4/kw0IHnJk6IMh+R5kp5L6d6kBeuj0HjMA/Jxei4tD4fsSaHN6gTMSnh2ZwRDwm8Vsk3UJKAWP2heyQAX+axfxHAK4nDGnoFsX/dQV1pUoCD1MdpVS8oyGhDH1ton8oHw7Hsij8AxLgpoEIGa3fKVXaRKQx+YOnpUwoFuHrKh9XH8I7HhrAR6kQWuxaWjFWBgooqlF/iBM= root@git";
}
];
in {

49
hosts/git.cloonar.com/configuration.nix Normal file
View File

@@ -0,0 +1,49 @@
{ config, pkgs, ... }:
{
imports = [
./utils/modules/sops.nix
./utils/modules/lego/lego.nix
# ./modules/gogs.nix
./utils/modules/gitea.nix
./utils/modules/drone/server.nix
./utils/modules/drone/runner.nix
./utils/modules/borgbackup.nix
./utils/modules/netdata.nix
./utils/modules/tang.nix
./fleet.nix
./utils/modules/autoupgrade.nix
./hardware-configuration.nix
];
nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) ];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
boot.loader.grub.device = "/dev/sda";
networking.hostName = "git";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
];
environment.systemPackages = with pkgs; [
bento
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
];
# backups
borgbackup.repo = "u149513-sub3@u149513-sub3.your-backup.de:borg";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8000 ];
};
system.stateVersion = "23.05";
}

1
hosts/git.cloonar.com/fleet.nix Symbolic link
View File

@@ -0,0 +1 @@
../../fleet.nix

30
hosts/git.cloonar.com/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,30 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4973f85d-da13-4094-8c71-936c275e24d0";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/049162b7-81f0-4f2d-a440-5956a0958337"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
hosts/git.cloonar.com/secrets.yaml Normal file
View File

@@ -0,0 +1,22 @@
borg-passphrase: ENC[AES256_GCM,data:Rlb6pyuZjcR7qYt/O4o5AVjfZixKRWbdiHhR4wiwjLIKpPhgjO2ea2WaMP+XVcy5tDFA3Z30BxBloVIwK9rD6w==,iv:Jm9TIfxI7Tae3KN60VPrnIXvYpOCuquKB0Jf6wmp1oE=,tag:Ca/0FerPFn4+7WWhht1irw==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:KsgiBHWDVFj7s1ueP6r/U0r2s/4aq+NmhGKMDd0rOgpkwn2SnkKCc3c5qsRp57AcDqyF2Vt9fsDCYNNg2mhBLmSbZ9VNy2EawounD5FINJ8gPI0EW9NgQHHEAdmGviH7eMRSoSTAAzPNM9T4I92iVYOjogdSTaHU/uSmJnxNOwVTdb8RGrHfXrj1bAvEYF3teNpdRsPh0Q+bNCCAp7aas9fSuV4NPyiCTwlXkLhM8P5hfCtNuFtpLvzLxMaLv2Z/OZAKjd6Kf/wNKyMdccUtGS/wdOn7fYTNlpmMB8cYprn37fqBmvbQhGOGG6ea6HTVrU6hrOaoDsOP/tXI7xGQW7YVrq6w5/bXQyf1xXbKp+QuVWwamERbh/NZUyJLBoS9rV8JG3vJyjn829mhm7F+UfGS5nBoY8dskKdHT86OBf3+K12mQWU4fS17hc4ugm3SGXMpv1/X8nB/Tv2ok65W+5kehx4Dk1NHu+gaEJ2j3KNZPupX5HOHK/SIkjU9ybUdDxzTQOCsb6kud1D18SZQV/14z8H1dMjxMY9tnqhNX37+yNhjTkFjoYHTbj4Tg4afhvMXWFIAw6dck6tVEMIAJ3L73MlfzaDjvSSxrbNPlfMu9B45FR27YMwBc57pHZ90lvROnEBdJ3NY3inYMNuC9EVAnFPDfGixG61qA54xGJuRF+hUPx5lF1cKxlMC4QDR3lW2oAt4x19irUKa/3ayEcIKj49lfv++pSlj+cP1/2z1/1+kJgxxmSoSanycLPIc8bvcn+RGnaoRkATR27WTGQ18Ga1kGlS106wIBsaxoZvOWghET/OPt1Xm6Y7n/x5vJTeeizFBe36vv1MqtER8oedcfn51vjVuCDVwndi0iyvm4qvlKKfl+DCz4JKOpCDc0uvdpHddQsXjiysZ8z2YVhgpj1ceaWQwU/MlIwK6pIra/mUYpdYXVMODgWNl8Mhtw9CA1BfPqTpUcDuO+sEC2CdgG7T/0GFVAfBiSl6LX4nBElaWQccjWQlxzDotW8xuBXlKvWoGKe9VztLwoJ1LN870mA+btESnIExiGQS2BAQoEWlqyfSB/y6RXuLHvIjuR6tCmkSawDrnS+GtXhPIcacRmSZGG+OsJAhE2JPOct9YSHInepyyn9cOEBsIlsBfDP+bI+cnRsMkYeQkwqQsWJVxRtXMmtj+qJUqU9Bznp3twLqvZIbfK/pE1nVf8lkYExxWrZzp62Rxplbil5UuBTYtaDHeKaSJSFxTSYat4Ap4jcL682h2Ubdssnw0u14u+CGliea3L5Tik09+3R/hKaOPU+zjWLd5GiPLhqoFADSu7NtbTqH/4yphq5tlpaIc9FVD5cheaX5oxVSnXeX3Bb8r/JWL2duNfRaUr+sjJtn5afinCxAR8xJJBFvRDQq5kG3V0iXlbh4KjUr0sridkjjZAq1dNc2zA0w/Y/2+SCGAs8y5IbwqjEBuOCklwlWxjV//3K/vanZIg/qX3mKDBOtVwyoecAzoekdgRhC4A6NSMDzuloQIaLWlwsvcYIvRr7g00BDUBLkwzlCxT+T8xLp3aXKZK8ZHniVdtniHKT52uHsPG5erMr272Bf67rxficStoRRW+h4bqz5DQ7PvGjBQil5DujeckjgIcyqaqNxq7iHaTUUutDQ6oa4UmCEyxzazS+IB89UyjdgQZL+8C4ho+ETFmqnDp7kFsl+qfuesgzaRsj/wb3fECMfUzQo0TBiE41/yiKKoz3Dq6yrESTw6BHBfp2518JUP3Jk21+ZOr0BjRVoZ0PRqFk3nw0QlBcb7eowysC+n/20ysnQ8TOYDfbFsa3//gnyMrv8/VBd004olvq5Om4BYZoOlkpzpwshsZz7ysZyKZlbb/Uxf4aDNVsFUcUdJHqIZE4bzResj0j2OrN3r5s51dm8vJLc8POTkWkCJ8oRmebjfqEwrXi98+LygB+jYUvJzMnrf02X9aBZy+QWDRCeOIyuCRkgnt3v5JS2k4v+vKphs7yg7iy6RbI7X/5QaOZlfBdd2zzOLlID3sRfz7QOXKNvZFFxADGmr2Eek2xUEF+TFfnJYxDVYl1OIQ2Rm3/908nWsLqUWhMhvcsTA/7kzlWDXHxEilvDMQcBsoEdEUoKREwEUJSi4Uxv+RmVG7QbfAjpuVe3QwvjRKntFvRZIinDUgWeqcifVr2A0P+9hnXGJDZzA+f6HRNbyieI9t1CLODU91tyoTXCpS3SmLmwUEx+F2M+Vu4ZLj/hmCiQg5s5380zBAd4wZx+EJ1MutK+VHAfK5yZ2F4HTAIoKW77vXbM998IH4CaH4X+lN0/1PdPqtsj+VvAhP3NP7G2xG4GsCTE1Xf+xgW4Oin+MiEwgPDXBaG6g/1ByqqgAo5iIVZ4tWVaHO9UF18GEu+O+XFGE39YUkEvo9GlLj4oZKRe50W7w5R9fr3DSIrsBj2XWF2Jhhui2KQ7oLrwdrQfuHbz7aS8i3PUTwQacCilLdbxc1joe+mYYQ+Y5Y3GPLebCwzaIWxrMHxIO1WtjDzpZTwj/i1PrwQsK+P9iUlJIo69awfnX6I6J2RNgipdECvLIVFi+gTaZ+XwbbV8WzYNo55fRAaSAEgaCsvUgFlyIlgajKkVVHJNwvffeg8p0hQ/cInBf3QPUBnb5MbYD7UO0p7VnWLGwcsWj1Yd+IuGy89gPzVBTyQcxpVZi0CYxAJ58JZ/8K/HzHKXa2bSOb0RM3C/6Z3HFW80AY20nwq+l0clh8BVbDCov1JwlxKuF6Ri21II2JRj7++ZQ2/9/Jl3Pk2e5DRU/ZQ6LWHAoYZ8zOb5pQxFJa1Mj++TYZhw7pNgIXui2o2ZCvKEVacz3wGND69EUZsxv+xLPH1tJFS/SPCFPBzNQDuVj7jMypFbNqlk8kzuasjUg9zFNcJ8+Uy3xaVOsekJnkjz/xfcwh+0/mjWBAaDxyLQK8AryuQFLfk1/MhY/MqrKcu1K0w7ttgXMdciMwGDJMwOrtHzTt1mf7ZLUgQBu/0cLrKp6Lo8KMKjWj9M52yVY3OKOdcrVxy95Fcu4iAkoAcxa526dcOrH0wtxVeRFJbqpuXhcq7tTstmgDenpzjjAa9mVUhOAX6x7h1oa2ku9p48xTGAMz2TsdAZmoKfruKFhVC0Exp7/4plxWFxl53u40e5cbmvXntFfqHR6/WUv8YTPH+bKyEYCgUbs1wyg9gjjmnGekPYx8ebnr+P91vAsR8VWEqgK4qWrv3NFoUFcttvns0iwTYiT0wrLVHT3l8xtrITKG39JxYruq69SfApQrsfyHi3Hj+bkyBw7+b4IA9L0ndt0K0iF93SmiO+HVk1Z8mw7CvmiJaCaZ8164X66MnVJny5wmlk+vO9hoQ1K8Tnh65q4jPLNQeiDykLFvuZN7tGUDW0SQRnjON+e6IGAxAxmYyd5uO587qC7xTfoBSQS0tYP56DvTULR5LfZDXEIdbtBglwmmQgZ7A==,iv:D+umppfFfO+t0h4Eq4gP+gVd4n1yKxegnELWqsvQVuQ=,tag:018/WLt77v80jG1wZ5RL7g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WTlsdFVJcjFBL0x5ZHI1
alMwWVA4YkpTMDE5NmdLVjYvaFkzRnhJVEU0CmJ5U3pSZzZSR3B1ZE1TelZncXJx
KzBNUGszNlVld2ZJNmx0YnpZVnMzbGsKLS0tIEhKbEtFYTRST3BWTEF0d3NnTFVZ
WHlMYjlEUGZQR1pYUTFEWnNVcCtLYzAKc3Mp4M3DMys3XYomui+RVrdbTgs6lTQz
+e4NJH9/9fL73HfaoiMMiZZSrXObboh8Wl+iwpfZ6b6rWatBTLAn3A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-12T17:45:33Z"
mac: ENC[AES256_GCM,data:grOUX0hyU+F717M6Y86jnHKEInjRlwDB96G6IxB0E45hNy9kT2nYfDwnevu+swhgYb0GYTqJvLbmvhNPFXtL9x3Uc8aecW96a043YhQPUvUSa0dluCYGTInL6tsiuzAqpS2UgLRdF15lx8otvnCs2Gi+77SS8U7MoaIeKaFKN5s=,iv:MYpxbmM23soEd3t5uieLuMt6hpjiRmAn1sRPeHt50/0=,tag:9GFBtyAt3DxMMJunQlLHvg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

1
hosts/git.cloonar.com/utils Symbolic link
View File

@@ -0,0 +1 @@
../../utils

207
hosts/nb-epicenter/configuration.nix
View File

@@ -1,207 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
imports =
[ # Include the results of the hardware scan.
# ./utils/modules/clevis.nix
./utils/modules/sops.nix
./utils/modules/nur.nix
./utils/modules/sway/sway.nix
# ./modules/gnome.nix
./utils/modules/nvim/default.nix
./utils/modules/autoupgrade.nix
# ./pkgs/howdy/howdy-module.nix
# ./pkgs/howdy/ir-toggle-module.nix
# ./modules/howdy
./hardware-configuration.nix
./utils/bento.nix
];
nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
];
# security.sudo.wheelNeedsPassword = false;
# services.clevis.uuid = "7435d48f-f942-485b-9817-328ad3fc0b93";
# nixos cross building qemu
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.supportedFilesystems = [ "ntfs" ];
# boot.plymouth.enable = true;
# boot.plymouth.theme = "breeze";
# boot.kernelParams = ["quiet"];
# boot.loader.systemd-boot.netbootxyz.enable = true;
# boot.plymouth.themePackages = [ pkgs.nixos-bgrt-plymouth ];
# boot.plymouth.theme = "nixos-bgrt";
# allow hibernation
security.protectKernelImage = false;
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1u"
"electron-13.6.9"
"nodejs-14.21.3"
];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
sops.secrets.epicenter_vpn_ca = {};
sops.secrets.epicenter_vpn_cert = {};
sops.secrets.epicenter_vpn_key = {};
sops.secrets.wg_private_key = {};
sops.secrets.wg_preshared_key = {};
sops.secrets.wg-cloonar-key = {};
virtualisation.docker.enable = true;
virtualisation.virtualbox.host = {
enable = true;
enableExtensionPack = true;
};
networking.hostName = "ew-nb-01"; # Define your hostname.
networking.resolvconf.enable = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.extraHosts = ''
10.25.0.25 archive.zeichnemit.at epicenter.works en.epicenter.works
10.25.0.100 download.intra.epicenter.works
127.0.0.1 wohnservice.local mieterhilfe.local wohnpartner.local wohnberatung.local wienbautvor.local wienwohntbesser.local
127.0.0.1 wohnservice-wien.local mieterhilfe.local wohnpartner-wien.local wohnberatung-wien.local wienbautvor.local wienwohntbesser.local
127.0.0.1 diabetes.local
'';
# Set your time zone.
time.timeZone = "Europe/Vienna";
console.keyMap = "de";
users.users.dominik = {
isNormalUser = true;
extraGroups = [ "wheel" "disk" "video" "audio" "mysql" "docker" "vboxusers" "networkmanager" "onepassword" "onepassword-cli" "dialout" ]; # Enable sudo for the user.
};
environment.systemPackages = with pkgs; [
bento
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
docker-compose
drone-cli
wireguard-tools
libftdi1
];
environment.variables = {
TERMINAL_COMMAND = "foot";
};
services.blueman.enable = true;
services.printing.enable = true;
services.printing.drivers = [ pkgs.brlaser ];
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureUsers = [
{
name = "dominik";
ensurePermissions = {
"*.*" = "ALL PRIVILEGES";
};
}
];
};
system.stateVersion = "22.11"; # Did you read the comment?
security.polkit.enable = true;
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
# networking.firewall = {
# allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
# # if packets are still dropped, they will show up in dmesg
# logReversePathDrops = true;
# # wireguard trips rpfilter up
# extraCommands = ''
# ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
# ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
# '';
# extraStopCommands = ''
# ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
# ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
# '';
# };
# networking.wireguard.interfaces = {
# wg0 = {
# # Determines the IP address and subnet of the client's end of the tunnel interface.
# ips = [ "10.42.98.201/32" ];
# listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
#
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
#
# peers = [
# {
# publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
# allowedIPs = [ "0.0.0.0/0" ];
# endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# persistentKeepalive = 25;
# }
# ];
# };
# };
# Facial recognition "Windows hello"
# services.ir-toggle.enable = true;
# services.howdy = {
# enable = true;
# device = "/dev/video2";
# };
nix = {
settings.auto-optimise-store = true;
# autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
# Free up to 1GiB whenever there is less than 100MiB left.
extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
};
}

63
hosts/nb-epicenter/hardware-configuration.nix
View File

@@ -1,63 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "amdgpu" ];
boot.kernelParams = [ "psmouse.synaptics_intertouch=0" ];
boot.extraModulePackages = [ ];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7c6a872a-457c-40db-9426-d9137aea48a1";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-4a2ed977-1753-469b-b0d4-6d75996f21fc".device = "/dev/disk/by-uuid/4a2ed977-1753-469b-b0d4-6d75996f21fc";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4F2-7864";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl.driSupport = true;
# For 32 bit applications
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [
amdvlk
];
# For 32 bit applications
# Only available on unstable
hardware.opengl.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
}

35
hosts/nb-epicenter/secrets.yaml
View File

@@ -1,35 +0,0 @@
epicenter_vpn_ca: ENC[AES256_GCM,data:DUvpuL92zpQkK0auXGdHDw+f5gzjMARMroBknmgR+eq1LV5aISdA0XOCw7d3VFpMtHY+tPM4pDEWlnGJDoHDJBSFAUdmbLkDq2DvoDR1RBbsidmlXpvu7UnL4OyCgrN9G3I65HQmCh64/453T0Y5MZKUiFZXn9SZJgOU3h0qOnAiIKTQADXmUo6imhLuUdPxjwiLkNp8zHNystbfUuZkF15J+TXV9yndy/E8E4sFs4uysK9E+VM84v0q75zTf48cheE+cBGI9xOP5QMvSND6MloyGYUTPZOiQyz8M9AmJObvQFryysKf5Q1W1GBiTz9FVuSsr1IM7meljdBYwfxQaA5MurdsXVFYfdRgL6NyL5x7WOd367pgtBBwuVyT+cygg5ITIBc6YTuT8thp/q0BsJkq1OdVQrLa4PK12Tg2IOUg2Za/tLJxxiNWqs1gAmTWEIGAeJWmNgCZAjJIISwTGcdbpdWqhjAEgaaLf9ZD0hUXQ5MmSO+KXzP7lIGgqCXoMEc7W7rn3R2VkIrvaVgCBK3psTg6+CxoPQwnYbUKgPLG7ys54eECJyRfc8YPH1957Q67pYkVD166ZP/sDJfplOGH19QyFnaaSLRLoXCAfWuO72NwO/fSljN4+pmB6Ev1cRCe4mXicz7TTqGG740VOam/JW4OJCrnHVs67cs9/MsVSNZOsI+x44TKJjaFph4onaodDh5P7e52IkfRnHnjK6FjEvYPasUr9YDqUR3ucHxhD9UqvINDwhp3L/zyFb2HRuO1KzEQLzmG96xiJpJxBVl8GOTeNrK2owOf6cCuh6o3iPaAFjFok26gI1ujX/mPbBigOxB6S0cLOLoA7oA+E6L22nsoYdIwjU4b6Y/DQvndgsZFnycLsSA4TRYHUH1Q51fGU3S/zAlB66rYchsw3JqODD51axxEdo5uu/2a6K9c8BSDo+stHBPmGvty6IorhM+17IGwSVrnxBFbSICja/Mi9eHmkUuUQWaXe5iWiNGYOIe0Xsbu4PQANhDE0f4U1LboVdI46uVhBV36zLSRJ5hUYARdmaz+aUSfNSE20xwCQiqd4U1cb2W6ZRER5WOfNFa8LCjk1YyhDY1yKCbo5tZrYZtmo4T47EuH/2uyW9vPtDlAhpZWmJJ0LEbZMhl9hIEAgGYmhnxPIVItJWHgq4O+YavYWvu1qgbdBC/FZJ8xx0uSy48oKCbuTUbIBUHQ37/6wp+IC+FAoYc2CDgCKzYvYjGrjMr+l/bhWE6KqI2DE/8yG4sOZIyrKNOYRq/aqDRkaeu96bLSYZECoLpohEKRNLTFQ+J8btjGX+xak0HRNEX9bxx8Zs3ml8mDKfh11uy05zPMVU4jaLrc5VtvmNdCg1EffbtEIRhi88aP5K2flRLxvSsYODd8iisqJ3CEqa8/C/FoHhWqgs7vk9UeRs46CJjGQ2Nx7UeQhAK8ey8FwqqSPQ6hp6jFnAv5ha583GZm3G8CsapajioHOpNcyYRhUW/ekdQ1E7DafOLRRO0hdWws8fsP/96uuWJ1Ir1ec2pepmh8s9zCZl/CKSU6+PUjX03Y9buZDnAYao5nDFsF5hgi2nLCTRbHnCh/S5C4NL/Lss2gi/9HdQUWr3KNONgoGbdRNS4MHtK/t9MtxQT8FOS54fM76XLygYZhQEQuDHUr3vaihOPKXncPNx+M4IGd+tsOoGADfpZk7W4OLd5jl8OiCulKvmRXzGCrmyofifh6XBE/EDa97j4eXt/fZPhUh+kv7i39mLKiccPUqpq9WYA/pqlMc84PAsewRerk3Z7jygFb2oX8LwYX2vDer565q+74n/y+oqz/CQ7jypoGBC8f9a16h2e2ZuvjQZ2sUdBB0xKwmLHC5mXLRkJYZ8Myt0Bzp0iVnC8P,iv:0GfL3sG36nsg/4BPw32kKMB78TmbN+mLq/mqEFp0yas=,tag:x+kxJsS+Fn7VO3MlOmqgwQ==,type:str]
epicenter_vpn_cert: ENC[AES256_GCM,data:y94SNCZISKCGbG3dtMZKPntzHvmvAK9fr0+TASNUPp+RG0o7sWRZHrAk+zs4x6tTJpRMCN3VJUzH0bkSHrsKHsYLwVOT5Sb3l7y0CUjjT463NWj1ZipaMU94NRbtDC6Q4sMkFQPaLEefaOhjQu2a2qMx0FkQ9OA3T4f4u5GVN72/PTftHw3SybhptlF5L1e3Q69J3H0uVGRuXmmrws6HcLb2th9sAYPAi82yEimdzPa154DKIRcBY78QVkRz4X7VVyLFY3X34TMvGTmKP7MsW5lApVd/qoML0MkqvrWdEClMWG7i4jMRjSUSRIVr33DE8ds4aBx565tKQ9rVZT7KPZU7IbFqgKP6TQN8w7g5mY3aImPlRMB/xb7V8a+qBScOgBiwCgdAnz+PKGaCwcaBba80q0m/gONkxgVy+QKLLdALjb3iUpKiGvWFLwsKr/hQ1O0h7MBFDTGqWniiXZbyb39HABZNVtKAC/4qouG/G+hP6fpk/+TMtjRNSh6wWtyiYvTeFOtCWfi6YEC7IZFautr3vcu24soA+Q4vFwYr6lIEPnQYlpBCr/TLVzEvxWEjsR8G2RaBSWGm2E0tre8qVSFkJwz+niL8FQgaQTjnsYmJGHFS8sxseGuAakuSH+gzopc75H6y2pEnZrpQMOMyDq0GMkIW8xGk7x5Ewq1DZ8ji13Y8xtnbLqiJkhPc19JDoXdpls/40K4Ymrz6dOO8zxzvW8SHF47gOYvp+a5d3vqwXFZH2qDUvdScV5eATmK8ltfGod9PbZWgFzhp336dkba5aAspXlyzAlRRqrVhvpff+V8cyHTIz9qA8fhXv+v2pN0E/Es1NTJhtQo09OGnZn82lfVyR93hLtr6AgbDggwhvAOlJr/pAt0YZ5FhehhhnH0+ekUJC0YemUMj0QVbpxIWc4rt5n7nqewSHC8feo6Zfc4NHfE8sWemGGm2sUOdf6C2F9k0h+Snwfyu95XIWccMAC/Ii14ciu/nj0L67bbj8XAECjWCIlhhCJcMXlpxfU3lZX7zEy4WH+IqV1399KmtvUssuObBb9uAMwHjZl0l2GVQPo3clDea2ZP5HDO9B3kWRqpvIrjawh4IM73O43jbIDgjNXMijnH0GJu8FH8igS+7JOhRHrOBQiNc0unx6EgAfXHo3v6o8ktzbtRcUwU8k+wldU1cu9ugpVpG9j8O+zvPYkaH+0xfdAdxDKXz+4e8462O5zr3IVRp63CBBNtnTn6fcwnxgD9ouhgyyLBylzrwCmRAODHyukJovkNARWmhcYCAnYhrYf9KqaCoeRLmFq8sLMeiYGDTJ/+PTyheZMHboaoZbUbnRtrvuXQiCHqDKxSan0OACW+oXgCBgZSshj8lb58A+zjpMVy4Wis8s6K9HFpiPSP4tmHxXvOod2+qL/eZBV4LhLoahO0gg3+DUPTeJVO+4I7YZYLVXBhf0OC7z8jMGf8Q4SjO8p6Vufx2KXIEpcITto0IJFsIAv9UVfsKVyvVeuGaGGi8VQWhexdQxjDtoURRts91EFNpJ86o9HPbQCAWXBx9hlnBH2zZntqPd5eVA57s67i1dWpuudD/oBzGn3fBv3Fck9tpArMNSrOtbtl3sBc6Calo/5+HWSY4tz1Hnrlv0/IxD2EcgzH5dFu6klTn3gaMdgd288/kRPDzfdcVGqlvV8rQJjTD1XN48FK/Zp2ydCede+SKLidqrqz1ISXOwsya0ivfc4Vdk3hhnnkTnqZT3qR88Z69X+9QkYCVNaoojTiBoRCekqNDI3Ev8MKp1eX0E3rXT3AG3E7xEFGulhe2C9RdMwQg0QG/Ws7n/CtTeVwpv+JG73TlDnBzoVHN6fqKBVchbGPtcObM90N2itJ/wf3jXefhrrsQudLch+Mwp72YcvCKqOMsrO3egvNxIiLKrrVOI8buo0NJrPoQE3/+rZQFzx2r0AHkrwEUHGUvr2oHDJyXwSY2/7zCYbewN44Zjo7n5ofOhSUsaGJNySHgC6V74gyU0UCUEBnF8fZK/Y6QgdtT9gApHVtJwXRvLig2P11bIlyWZjISRaAVAUAMKdS8ir8l+P3NL8kBZstfpH2eeYFHIWeZ7VrVTs4CaHDzkyMizui0EBfvf5irWeJvIekCWnetfo047QKJvrKr+6239QxH5ni7wlzWxiZNcewaOfCK2SqOvYz6NIRp+/blZuxL2pXhTInB/XxbP2zHH64dC8AVvViU8bI2DR/HhzbbpEylzD4ttvil7hLt6AMpugFrmAgWd6JU5yM9lXoTSprmXZ7awYTLcQlCQu9cUNXF0JdtELA/oQipEEUz+2lRt3B+0abYGVWb,iv:MVId1jgmyhY/iUxnjca5IpYwlzUAsa6Nwchg52AKgRc=,tag:1RASj3dFAYVNphJ4zjXxtA==,type:str]
epicenter_vpn_key: ENC[AES256_GCM,data:Kt33OLiauTrkzSwib2px/rZoQO6tlCzsy2exxIrZb91ukUDo716+JaZ2dB6FEjx/z0jaUEiU8u3lZbq4gkhwXe/hwUnr7pIW+V1InJhuGOAENfnusDkSu6P5pVpE5FNBKYF6u77/h5pdWwI/bHo7Hfi7f1xVtPkAeSqDScprUOVIoEYeJ0AXo0L9xCQVPSIAsdrh2jZQPe1S4iCLqQTTYK5CvP4/1wjwA2C4PheXEK5Z74Xkxd3pRI0cogpt711+ujMbh01siQNs9tk5+pk8vbXV6M5duzQlJar6iF47GsaomFkLNsk4QvTVZ7kKIMWEfOzwgwniI8YGtDgjxCvd13H1agaeDjsboFxR3i5aI0ZKC4sP7aTASDQbWwTQxoFdMlHjbkMvVWAT1CxUw/phUfwA8L5xLBxzauvHgE0B/R2rW5FU+qaDZfyUts9RyIJzaF+bESz6YKV27i1ZQNp00YPH9jy05uYDjPldLo2PLzgLQHMsSwZ60KKlHU68gGtVI7qtH9fpy34h0/6IsCRAJF1mRHEHHzC8Ny4Q7dtN3GenMPVT07dwgEYczONjbtrpyKoLDHnAf5JguUydLIKvcxDwNmfXlaAcOzX9seEO0L+Wy2sjG5SCKjPA0wTwIvpWuthTpTaptde0KDBauzJZZvkx3FnABF5Ho2VHCY9MkQxnc61488rQXv15FNM2WaTKcI97b/kc+PXK0XbvKD1OKJ/fyNloaLPAJKB7Q+Nu9sSK91nyM5WOALhkp/5PiKQhSO75X1qsd2S35mWY6upES887He2rdmNjt0YPVzETVXhDk48OHwNNcqKTG0qs354/bF00lQJ7asQaHZ9vnomZTy3F+vWdadmUntu3r0lz/74ZEA1rWe+CIyINkuGcT0q48FMwlzms6XXYe4qnVjG1Yu/PknI6XfIpEAHN3aR/dVkpvwSDKzJD9mUr18IoXf7mcbRmhc0yAz7dmoT+Z5x+/z4G5u5xmMa9lvtHOnaXn0RhbMQP/Gziy9hB7GySGyztnBxOLghO6pnY17Etxcd+RDGkHb+PAZY2tJi3ObTry10dT3Zcx4aHNp69EcOjTQ1+629jFatFB2dhgIt2JdWbpgwppE2QB0g5cFY3e8s3rdriHfXsZNFt1xF7aaBYBUb/Z29EeC3EGUyV1fjhG0ZMDuZAw/7UEOObWS1Mx+z707OWWwGXy+5BYdSC/sYzUF9aMfGXjfttsqr36Cza9aSia6Qin5vMmJtpLYl1WGA3TjcgnglVhgKmg9DvEijm/pa1gy5hMX9SQgV0SuHtWfGIo+uleBr3n38CGJ8BOVJbZ4pHR4JQWrAjxE5MHIzZRF1UmbxWUoqL73IyTGZQovPrLO+z6rl+Djd7bGcQgpsBd8nJaOG5qoSH3Y40+onrlAz4WmKWPaSAclSgSPdHE4OEHIPzzrzLOaJWrI9B04LG9qMfhtpMNse/O4XT76QBfgaeDtKHO4Pv7T9PjIHYC4dPljkvrthEPQeJwo1zywDw2uu+I+WyxWuEGuR9JByJ8s7vaSLcDSP1BRkAq+i+YDDB4/a9iWmF4db/mKjVn6c+NRJjmugoCPeVbzyAfkxBm0nXVjQpOAsYGvGneAN53xHJmZ4kO91wrx+i+lXfRsnU3pgYYfHOePEhCUZoFXSVCFy0ksZKSHQSZb+v4x6CsvtpomUP6u0LIukZgZEgNsrpHXn4oQ0uzrts9LwKECAjGpgRINdJ6XCD8uxcIE+uuS5wyOWg/m1TmC5MThTwe4UfpxD0erMiqgGSSJ+xWuwmnjSS62XmLHnfe+VWEiLOk/7vWQxLy3bdHSfSXCee76isRcFpRKY+x59/Tj02I3F5onVuqAehtLkL4zUgdavmLmKI/81uKRTcMtXdFnYuCR+4xBZYauVtL3t7yhozhZwSZe/02mBahe61dwhZIIbAbAqivbrw210H5cKi9R9i+dR85ISJTrGFlXwT1EX/kD8BWdWPZrg9s5JD2jzrl56dKu+oeNPCZNuD6qlCaFBytJOixj/WkggyMGtOcy2do7MZZfuswbLLdD8ClzUx2D+nrRfae7Mze0s7KhyArmtjRyAfh8xqD+vTR7/yh8mgp2k5XOBw2bdCqH79ctq50drdBnpLuILKuruO/A1isS6YkjD0vxXQZh3yt5D3iqlAAOHdIzaWf8q0zUQsHp0aOgZG0WSlVPg44oHEG40O+laDu62fgcI4JisL6KwdJIPidw==,iv:pB/cNgmHi14ugi6kd+J6poWXX79LMHiiakNa03ibZ0Q=,tag:nLfjOesXDm5/QtwHznJROw==,type:str]
wg_private_key: ENC[AES256_GCM,data:A80vGf9aMxowC2xME4FIVTmKpSRLNB2tWiUQeP1v8vCRk6Gt8BKYOuXYt04=,iv:vr7qvfr78syrI5pIytjLouPwZcw4xvBTvEUzzv7ibnQ=,tag:qjALlFkd8JocLJqMKFERaw==,type:str]
wg_preshared_key: ENC[AES256_GCM,data:bhXoD95ahDRawoHd5Z35FY0G6Xv0PHwWJf300fHQ5jNsGN1TQKHsIswx8YI=,iv:fBsIWkVZUt8pahuO9daaRBIEEIWsSnFW5Velj9uP2ZY=,tag:RvbCYhnRv0OrjTxjsNFW6g==,type:str]
wg-cloonar-key: ENC[AES256_GCM,data:ZMEeIZApOD0ij3nPMZeQRwJ4MwVx0sHu08F+m/u6IMHBGid5YwMgxZ7qbLk=,iv:OfIZ9TqBLjToIQi7zRUBATrynBtu0bzXeGVI/EAUPhQ=,tag:mJICT/ak5U76JE/IxJsCKw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17c4swm58zt07axl5u6kkxrwtr5haqkvu4ye4t98qdph98qdclgtq2cyzkq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5YU9aUnQ0UGFpQXd1K2Iv
L2N6SGxHdUFyYWJ1VXJaYVhSWXc4cWxCR2swCjAveDVHOTlZUFFTTmpsWVZBL2pK
WC9RQXBzSnhCRER6YUxOYUhsYlVkdXMKLS0tIDBQbEd5cEZaL0hPYnRuTko0K0xj
eG5OS3VxejJ5TlRzZ3J5bEpOYUdYVkEKa2vD9530ZmtJF4WpR5RG7pE28ItBbGl5
p1+5ywz1j2VPLNLEPMJ5b2T+XlqsG5k7gagGVQkkCcwEUEF+PH7MwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRFVuLyt2YnFMWktPRzd2
V1prSDlhVGtJQlVPdjNZWitib3RGLy93UndjCjZzSnlHd2V0MUZJU2laaDM0QWNw
S25sQ0pGSzhic1V3ZHVnaVZGUzZ1Q2sKLS0tIHVtNjFLSGtIbGdmKzlDVTlhYXRO
QTVtNWg4NnV2d0l5ZXpnblFlQXpVRXMKL6ra16PdbJiw0vqo4wA/AwN48rGSDcWD
B9xb/vORVGhGbbQvZmqMHcegkYSydprGPI/Xc2JcKyOUy4oimvrgQw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-30T08:33:24Z"
mac: ENC[AES256_GCM,data:/vJdDVpv+iM66wANeLLl+CPtg2j1OCyKlGHhsQQT/RphUj4IlIsjKj+j59lmM6bRBfebTTRt1scFgz8CCPoyfSH0KrAyPLPs1SPxZT6Le87PkmO2rfH0MpNCrBDUdtpMgKs+kbxSzbqnh6X3+juXnOL3oUB3K0cdF6hAr4cP5xU=,iv:3IxaC/8y8FwKxO3mPP7f/byjYih3O6zZU6HJK2cAPvw=,tag:g8crhgnYs670wLPcC3HIhw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

1
hosts/nb-epicenter/utils
View File

@@ -1 +0,0 @@
../../utils/

34
utils/modules/drone-runner.nix
View File

@@ -1,34 +0,0 @@
{ pkgs, ... }:
{
virtualisation.docker.enable = true;
systemd.services.drone-runner = {
description = "Drone Server (CI CD Service)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.docker ];
serviceConfig = {
# Type = "simple";
Name = "drone-runner";
User = "drone-server";
Group = "drone-server";
Restart = "always";
ExecStartPre= ''
-${pkgs.docker}/bin/docker stop %n \
-${pkgs.docker}/bin/docker rm %n \
${pkgs.docker}/bin/docker pull drone/drone:1
'';
ExecStart= ''
${pkgs.docker}/bin/docker run --rm --name %n \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--env=DRONE_RPC_PROTO=https \
--env=DRONE_RPC_HOST=drone.cloonar.com \
--env=DRONE_RPC_SECRET=super-duper-secret \
--env=DRONE_RUNNER_CAPACITY=2 \
drone/drone-runner-docker:1
'';
};
};
}

57
utils/modules/drone-server.nix
View File

@@ -1,57 +0,0 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
users.users.drone-server = {
isSystemUser = true;
group = "drone-server";
home = "/var/lib/drone-server";
createHome = true;
};
users.groups.drone-server = { };
users.groups.docker.members = [ "drone-server" ];
systemd.services.drone-server = {
description = "Drone Server (CI CD Service)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.docker ];
serviceConfig = {
# Type = "simple";
Name = "drone-server";
User = "drone-server";
Group = "drone-server";
Restart = "always";
ExecStartPre= ''
-${pkgs.docker}/bin/docker stop %n \
-${pkgs.docker}/bin/docker rm %n \
${pkgs.docker}/bin/docker pull drone/drone:1
'';
ExecStart= ''
${pkgs.docker}/bin/docker run --rm --name %n \
--env=DRONE_AGENTS_ENABLED=true \
--env=DRONE_GOGS_SERVER=https://git.cloonar.com \
--env=DRONE_GIT_ALWAYS_AUTH=true \
--env=DRONE_RPC_SECRET=super-duper-secret \
--env=DRONE_SERVER_HOST=drone.cloonar.com \
--env=DRONE_SERVER_PROTO=https \
--env=DRONE_USER_CREATE=username:dominik.polakovics,admin:true \
-v /var/lib/drone-server:/data \
--publish=8080:80 \
drone/drone:2
'';
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."drone.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://localhost:8080";
};
};
}

80
utils/modules/lego/secrets.yaml
View File

@@ -8,74 +8,74 @@ sops:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocUx0b1VtSlF4SVpvMXpr
NjZSSHdkaDVoeDRCTC9LRFI1bkJRQTMyUFdJCjJvN2NyY1JLMkVtUTF2eGN3Lzh5
R3M4NUk2WUpFMTM4MHQxM2k0dkdxUWcKLS0tIFkrMUVSaHVCaEYydERacFBtQVVt
dXFENTFldVFWN3RQWTBKZHVtc0tza1kKeKGChclZahfDACUJxPsTn+4XomqifXP4
VH+BxqmwkhgryRDoRrVy+vQnyK95WaDo3S/UIR2zgUR+cezt1DzR2A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMa25OMldLMUc0ZytiTFBF
MUhORDRON3NreEJoczdMUzMyNnNBYnc2YjA0CmZDWUJ4YzR5NzNhL1pQcUFIWW45
LzU1cHM2RGQ4YXVKb2tyYVRrSWRQdm8KLS0tIGJ3Z0ZLUkp5d014NTNGS0lIaVdC
WVZjSHNmZGFXVkdmODdvVS9sU2Jpa1EKxSatL9wJrjYCYNKUS8MFTWjJJSTcw8YV
ngJQYegskmVzGxt+CnUcgTmyQpJq6Y89pnxZQWJV8zZws1BQR5IlCg==
-----END AGE ENCRYPTED FILE-----
- recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnckpCQVZaOE9NT084d0Zk
TUtXN3EvcFZoOCs1aFloK2RSTVFyT2RWUzBVCjdCQzNGaWpqejhNdUtnZTl6RHpY
b2dvMjZIV2ZGYkwyNVpxaHRPUmt3bmsKLS0tIHJReVpvTzBqYS9PVThmRzZzZUtI
WjZmMXIxOWFScGlNSFdwbXdQcXB3d1UKHAkThsJ2unza8Yz/l0umryT8li74LKre
dQuP41RQOQBHisUUZhWeYkM+wJzayXr426IK19zAHPuNeutqcewYcA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdFprbFhLem11VjRaV21G
V0JjUmltcWFVWVdZSG9rWTFxVlJMUkUyaFNvCkNhZHcrT0ZVaWFRMGgrQmRnak55
RjVNM1l3NVp1TTQ0STBXKzZ5YWJ6K2cKLS0tIFlmaS9qTmxWeUxnbnMyUjNrcktS
NnBYRzFkZThIc28zaWpyTFNaQVFPRE0KfhwBlHvsWBQ2FOqvQ7p8ZGdVfd/qWQvy
1GAR1bdzqwdXLECWd1XJdYarjvaSNr6iBJHEfGCgi+NR15MfR5JwPw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSGhiSkFKbHpGcjljZ3Uw
ZWZ5MS82Wk9YRnZlQVk2V2laMzRkK3dBdWg4CjJ5Wkd0bnNXbVpMYVUxSVR1Nnpn
dkFnbTV4eTYwWmdzWU9PZlozNytBWk0KLS0tIGVTL1RFbzBBM25nbFVtOEVQMmVm
bmQvemhIeU8wTGswTEN2ZjA2RjdaTW8KlorFf+agQuSwbN3Fkr5bUC2Ca6Sz8hHy
Faq+uNlMWHCrvE1DBP34D41LxCLDaDMYIJyUG7A4MZE2WUrJZ9c0vQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QjZXUExlYmlCTHdLSmVC
d3M5NzJ4TktWb1BMc2h5WnJkaHhYSHhQY2tNCnJXUXp3WEdqL0VhSmQvZTUyOFZk
N0dyOE5NYWpYZEUvOHRJY1hlNTYrYWsKLS0tIEt1WkxzNFVsdDMwUzVRNWhqbjRz
SDZsTWJzMnRGVnQ0V0dhOGxaSWVqM2sK7LCVJp1pIp5j8ZoSRVw9dXI8rSHQdxMh
lN5uRziTv3Bqs5ECPTzCvN0mbfQ0xfgaBQbAZ+KT4ZZkfhsZTzWQ/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT2VQd2VKeTFsQ3BPbXNq
cWRTREx0UE54RmNDSlBwK082azRZalQ0aUhVCk1HV0Y3RnFYbS83NXcvY3IwSGVG
ZElxcm1ETlFvVkhjR3RVNnNJQmR2dzAKLS0tIGpoYytWL25nQkFSMm5hQ29yYUd3
UEp1cndyMG9Ba0RnT3NRdHAzRzBjdDAKIHXX0rnPkEz6Smw3sH8RgDdS92yOoFxz
6uFUrqbxAW1+6EpgSPCi4GioAZyFayHdeuXQ5J9vApCDhHdsd6jMzw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MWVGaDBtazAzZzQwTDhn
TStpYjlROUVOd2RKRlZlQ2ZpcTYvNFNtRHlrCkt1eHpaR2tMMVhZSjYwQlFlRmZC
a2xYdEUrOE5wazg5Qm1hbFM4bWE3Y2cKLS0tIDVoOVd0ajFwTS90U1NGdVZDS2xV
anUrNHVKZnVIbE1DYXVDeTUvU2J0b00KOr649SlYRBTSToUA3bSU3X0QyGQB7T9r
inmOmTW7JtOifvWqVPwV/v8hMJf1HACsEkqd1wKIySYm0yZ2rJCViw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRVEyK3M2aXdwV3RTMGJy
NlBUaWFKemJDRHB3ck5xVG1BWW1CUjc1OEdZCnUzSktiUkRmcTNwOWZXTFhnUCtD
bHFCZ1ZhKytGc1hoOVQ0SFFyUkpmOHMKLS0tIGNWV3Vrd2J2TTYrUUhaSW0yak5W
UTRGd0FaZUk1RVFqS3NXWHZ6SFQ4MTAKsIWMYxczPfDg7G/H5Rcm7sD/2zPXWJfl
c2PiNSeZAfuCqAU/a9/2rz0kk3LdAW7d+foBOPeMkWnKs2pFJxNMXw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTHl5cHdIUTJGUFNOZFFK
RHVnR1RMeVZBSlFhNXhXb09obDVaaWM2TVVjCjQwUDc1dXkrNy9iaHBIVUJKNmp3
c0ZZWC9wcUpSa3hrbVE4Qy9tMDRPUVUKLS0tIExmU1padnQ1cjdoNXVrQUlqK2VR
eDlxVXFkVzFNckxJL3VibUl4STNOeFkK6hkVHf3Tmxqy1VR+HaL9xOaBR9csWRHT
0/K1HyqIekOh7igqCf8DTZToEIywxosavpr+vHMXBtXcOt08BHwSTg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUTZKRGdzSHgybnB6ZExx
UVRCNTROS3QyOFBYSFc5blFEQythTndRSHhrCjJxcTNqejUxQWxRZzhhZVhNcjlR
MFY4LzdicGUwMm13R1k2ZUdDc0VrY2MKLS0tIFVyNGlJU3NyQnkzZEg4SEM1T1NZ
RHNUd053UUJyMnprbi9DR0JnSEQ5YjQKeXRdvnQRtkLs6yqVKlul4wp4PXQTpktZ
cUUWEaajUmXoEeHjFkfNqtsJkVG6ixnzs9tu/GeOCbTCZ9eFokUg2g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdG5LZHdsUG5OR0NVV0lY
MGc3NVZ5R3JWbEZKWi9XclA2RnpJVUl2cFdZCi9xSmR0SUdkV1doYjZSdVA3d1Zx
NHA3ZjJxNnQ5eCtITzEvcFkyaVNVbmsKLS0tIHRNTzh2YVQwMDc4MWJXbm5WTnRz
SkxOUHZTNEVJaGpXMXloL2R4Y3QwQW8K3QNXkFv5z3SnoDVAIkaA7Tw6xyKQH1CW
IAjHKsPytmnuiedyjpu9JFCJuH4ug7+qWpxtfqDI95jNN+3tatOKMA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNHJFa0ltM0JiQ1hOa0pQ
K3FndzhxaTBwZWgzNWg4RXBQdDV0WlZNZ1g4CkVhUlA2d0JjanorSlpyYVBUaEli
Mnl2VmJTNG9DcnZsSXZpUFZXTDZQRVUKLS0tIEtDZ2J3L0RtV1BybEJDZ0k2bGZV
YWY5QjlZZ1J2OEw2U0luZHNWQVFmRjQKZ9A54c5AXSm2aNasBinaWPDIo/xDXFqZ
7+ZTJ82QiWBXpaLIpmPim3e9JHVzZ8NKdN0Y7imsYdR2gXRsxyv1SQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UC9Pakh2NmFPb3FzTTRO
V2lPNjNPYzFEZ1Q0d3F4RHd4RER3L3RSS2lnClNiQ3g2NUJxM0hITUlnVHhQdTJ3
NGp5b20xUUlNcTNjTHVHbTRwSHhrUFkKLS0tIGVqVnkxR0dBdVk5aDJubUVISG1O
d0RHdm9nN3NPSkFhYWJiNEhWOXc4bFUK1VI77uEymXLZ64wdlG6GsaPcMwcvVBCE
iuWfqCAIHEH7Xw4O2GDRiS5tBVVFbcSaExqodyXE9iNSKlEaKb8Jug==
-----END AGE ENCRYPTED FILE-----
- recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K1RSTVZOYmFxalFxc1g1
OHpaUXNLOHF2WnQ1VUxLUENwclJoQXl2b20wCnJnOUs0cXlMTDRXdktJZ2x6bjNJ
UWJjYkZwR2ZKNnpsaVN0bzBWODZNL3MKLS0tIEUraytIc1d6dVVqa0VaSWJpcWRn
UWswVG5PaTdDZHlybGxpZ2tKb1liOWsKOuMm2+kofwGqC95KhfEecjwzjNCHPRRk
/61zp39+U6PeqP0gTbcy959aSDhfucrZKhBKP2VsTgP0BLDfZR2K4Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eGFjalNOUDhUYjQwSStW
MFljZmhDS2hzV3J3Nk9RSWVPN1NocHdDdTMwCmRtdEVtQTc5K1kveUxLOFEwQkw1
VXFVbXpwaXgwTnRBclloNmZmMStCMzQKLS0tIGlDYkhNVUVITzJHWjlocC9OM2I3
UkVOTnljenJZOVI1dGVJREwzN0g0SWcKwgUkz38fbZ/BOKtttEIKVhQtqcccegM5
99tarUUdVj9nw4PFD7YHbT68fiUbxSzFi3KVyKDuVBw+2GPVVhrtVA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-09T07:12:13Z"
mac: ENC[AES256_GCM,data:gqsD5gTtE5ZqWzWKAAIscecvIsGSC9j4Cnbik6Yk7Jf7Z5/NIxbkInzDsLmlU3ObbLZAhGAlOAKIrUVy37rCcEZ+I04ICXK1dmUdsVud6E4SvTdDjh9qlXTbEkcDCY2YqXlTuQl6IZyveaPuF6fRe1FMh8JEpDv/foZTl8+AuQQ=,iv:+nV6YW9m1B0qo7xbB1lw9dgiQ877GQ6OxMqjk7lei10=,tag:NmeSwBWRKpqlwZxYYC7trg==,type:str]

30
utils/modules/openldap/secrets.yaml
View File

@@ -9,29 +9,29 @@ sops:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcnBXWk1JaE9McXlzMUk3
bXZHRXRQbDdsK25MNTY1MHA0UWhCcWJRdlVVCmlzcDE0L1ZOQzB6MVBPYUdncUZr
M0FGSkdxaFpiY2NUTlRBSUZZdUJmRzgKLS0tIGs3UlNwUDJYVTFHTXcvZkJCS0w5
cGJic1JZTHE2NnkxN2JuYXY0TmZUWjAKN6orRU5LnJbl84HtKy0MBNA/PiuEmuhO
JL/tpFX+LiOScFHrvb40Ka6YvnyER+rufZXi1xknBzW1uyDt+lSyQw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpVTJycytvY2tkKytBaHgw
TXp2bzFqcFM0UXhzRXJjQyt4aml5RnlZdzBZCm1tU29VMlBrUEdYZ2g1ay85NWJp
dkVMbVYxcXlDd0hjNGZ0Uk4xY254SW8KLS0tIDM4Vzd2VkF5dmc3ZFZwT3pLMTVj
YmtnR2p3NXFwR0J1S09jY01HZnF6N1kKEpkBQeQ9ksOa4XBo17MS1/EOcW8svd1r
Uhx0/SItWM2IR2BLAra4g+2YZ222xX/Gqi9m10ZNS7lO6pPhB3EVSA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1RWNUenVwS2xISmRQK3RN
ZEc5TGF2MGNocnZWNkhHQ1lGOU1adlFCZlJ3CmdOWC8vQVd4aEdLVTJtNTZCM1R5
VndOM3RJRy9laW1pa1k0TUt5UTEyVmsKLS0tIFB5aDNZQXlTRlYvUkJaOXI3NVky
VHFINVFjVVVsTXViTDV0QmFBWTRsbVkKJCjMI1GImwSKpgTDVwF5xAdnbUqBkxUO
vYFySQg5p12lZ7RtMbxdql24a52J9Jm/2dMMKKph339vw/rcW7YRXQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVmhqT016WFBlZDltNmJx
ckZOR25MSWZkQmlMMGpxc3c5YWdJWTExdlUwCkowVG1xeXNiQmRoeTdudm03NXlw
bTQrVHBzZ2JxSWFpQ29TZTFzSWZwelkKLS0tIFV4d20wT2dKRjhLYy81YlBMSWgy
RnRYTnpIeFRXQ0ZVUkRhVTZmc2VQUVUKbphgbiHXjV/t80UWIOOK+aDP2cM3i5al
oqyDwh9bhhUIJ/aZsv/ICwcWCun56eQ4zPNp9P+toqAbf9n8FJoylw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdXJGOFgzZFhFWXEvZkNB
OWI3MDQxVGZ5dGpXM245ZUlHZHJhRnR0UWl3CnNKeGhLNVdYVWdoWWFBaC90ZUhj
Mjc4MDQxa0ZaMnVaSndWRDFrTjVpZmMKLS0tIG9rZGJJb0J6SE1lSjdWSHc0V2FH
dGJqSzB5NE5ESzE1L0ZxTDBORnpvRUUKtKejHfzBGnrOJzPStRUcjD/cRq3BqsdP
PtSh9ujx/aazn1O86wMYuIgb1WfWL3ZyTtoPCukGKth9KT1JweU1eA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UWJZVmFEckJ6RHZXRnBU
N3lvZDBUaHN4VTVsK0kvZ2tKdHRsVndXVW44CnVUM3Blc05EVE0wSWQwU0luUEtG
a2k3OG8zR0dTQmVpYVk1a3l5cXB1YXMKLS0tIDJDYzhRY3R2RWpSZHBTMzgwSVZN
OTZ6ZnRDSG5JcXc5dWVwOGlqWlV6VnMKlzFF4MYIki9p9h1Um55ugMwsFJIleQ7w
hXohGDgWuDKA6CtR6lEUQ8y0AjPcWIp3VW0H2tCSpBSTEKaQK/FzhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-22T20:44:32Z"
mac: ENC[AES256_GCM,data:nKR47o4Evt4TPyndEwZlnP/ctGaaz6wwn0k+JnDCL3FW1TO64spNL7xDcoxWwPuRLrgjgtazsm4Tevplzc3J/N4dhnPAdiPtZOQd3tKibIJKDkxG+6upGvzMMrXXInzoGVqwFMrZmdIqlpLAgqX/1VwY4Tnrf0IfiwJ8wWmSZe8=,iv:FUL/gcDZBZrclYupzstSFG86NOnEOvvgr8ou7wVQ3AY=,tag:KPXm0HHwc8v64dnqGqlFUQ==,type:str]