diff options
Diffstat (limited to 'hosts')
50 files changed, 1548 insertions, 525 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 7385eaf..93f399b 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -2,10 +2,12 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "arrakis.bitgnome.net"; "net.ipv4.ip_forward" = 1; - "net.ipv4.conf.all.proxy_arp" = 1; + "net.netfilter.nf_log_all_netns" = 1; + #"net.ipv4.conf.all.proxy_arp" = 1; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi = { canTouchEfiVariables = true; @@ -20,94 +22,79 @@ timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; environment.etc."nftables-vpn.conf".text = '' # VPN firewall - + flush ruleset - + table inet filter { chain input { type filter hook input priority filter; policy drop; - + # established/related connections ct state established,related accept - + # invalid connections ct state invalid drop - + # loopback interface iif lo accept - + # ICMP (routers may also want: mld-listener-query, nd-router-solicit) #ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, packet-too-big, parameter-problem, time-exceeded } accept ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, parameter-problem, router-advertisement, source-quench, time-exceeded } accept - + # services iif veth.vpn tcp dport 8080 accept # qBittorrent iif veth.vpn tcp dport 9696 accept # Prowlarr iifname wg1 tcp dport { 49152-65535 } accept # Transmission + + # drop everything else + counter drop } chain output { type filter hook output priority filter; policy drop; - + # explicitly allow my DNS traffic without VPN skuid nipsy ip daddr 192.168.1.1 tcp dport domain accept skuid nipsy ip daddr 192.168.1.1 udp dport domain accept - + # explicitly allow my traffic without VPN oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr } - + oif lo skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent + # allow any traffic out through VPN oifname wg1 accept - + # drop everything else counter drop } - + chain forward { type filter hook forward priority filter; policy drop; } } ''; - environment.systemPackages = with pkgs; [ - angband - assaultcube - bsdgames - bzflag - extremetuxracer - #frozen-bubble - hedgewars - kobodeluxe - lidarr - mailutils - megacmd - moc - nethack - #openttd - prowlarr - qbittorrent-nox - radarr - rdiff-backup - readarr - #scorched3d - signal-desktop - sonarr - superTux - superTuxKart - umoria - vial - warzone2100 - #wine9_22.wineWowPackages.stagingFull - wpa_supplicant - xonotic-sdl - #xpilot-ng + environment.systemPackages = [ + pkgs.bitcoind + #pkgs.igir + pkgs.lidarr + pkgs.mailutils + pkgs.megacmd + pkgs.prowlarr + pkgs.qbittorrent-nox + pkgs.radarr + pkgs.rdiff-backup + pkgs.readarr + pkgs.sonarr + pkgs.wpa_supplicant ]; imports = [ @@ -115,20 +102,20 @@ ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/adb.nix - ../common/optional/db.nix + #../common/optional/adb.nix + #../common/optional/db.nix ../common/optional/dev.nix - ../common/optional/ebooks.nix + #../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix - ../common/optional/pipewire.nix - ../common/optional/sdr.nix + #../common/optional/pipewire.nix + #../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix - ../common/optional/services/xorg.nix - ../common/optional/sound.nix + #../common/optional/services/xorg.nix + #../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy @@ -138,13 +125,12 @@ networking = { defaultGateway = { address = "192.168.1.1"; - interface = "wlp5s0"; + interface = "enp6s0"; }; - domain = "bitgnome.net"; hostId = "2ae4c89f"; hostName = "arrakis"; interfaces = { - wlp5s0 = { + enp6s0 = { ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; @@ -152,6 +138,9 @@ }; nameservers = [ "192.168.1.1" ]; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; wg-quick.interfaces = { wg0 = { @@ -195,6 +184,11 @@ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}"; publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM="; } + { # fangorn + allowedIPs = [ "10.4.20.9/32" ]; + presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}"; + publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4="; + } { # ginaz allowedIPs = [ "10.4.20.254/32" ]; presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}"; @@ -230,9 +224,6 @@ ]; }; - services.openssh.settings.X11Forwarding = true; - services.xserver.videoDrivers = [ "nvidia" ]; - sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/arrakis.yaml; @@ -243,6 +234,7 @@ "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; + "wireguard/fangorn_psk" = {}; "wireguard/ginaz_psk" = {}; "wireguard/homer_psk" = {}; "wireguard/lilnasx_psk" = {}; @@ -285,6 +277,8 @@ after = [ "zfs-import-data.service" ]; description = "Bind NFS exports to ZFS paths"; script = '' + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/downloads || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/www || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/keepers || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/movies || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/tv || ${pkgs.coreutils}/bin/true @@ -293,18 +287,18 @@ }; "nftables-extra" = let rules_script = '' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { http, https } counter accept # 80, 443' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport 2049 counter accept' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "veth.host" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 51820 counter accept # WireGuard' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} ''; in { description = "nftables extra firewall rules"; diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix index c709789..0d24c12 100644 --- a/hosts/arrakis/hardware-configuration.nix +++ b/hosts/arrakis/hardware-configuration.nix @@ -21,6 +21,24 @@ MOZ_DISABLE_RDD_SANDBOX = "1"; }; + fileSystems."/srv/caladan/downloads" = { + device = "/data/home/nipsy/downloads"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + + fileSystems."/srv/caladan/www" = { + device = "/data/home/nipsy/www"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + fileSystems."/srv/nfs/keepers" = { device = "/data/home/nipsy/downloads/keepers"; fsType = "none"; @@ -53,8 +71,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let @@ -66,19 +84,5 @@ open = true; package = if finalPkg == betaPkg then betaPkg else finalPkg; }; - - printers = let - brother = "Brother_HL-L2340D"; - ip = "192.168.1.20"; - in { - ensureDefaultPrinter = brother; - ensurePrinters = [{ - name = brother; - deviceUri = "ipp://${ip}/ipp"; - model = "everywhere"; - description = lib.replaceStrings [ "_" ] [ " " ] brother; - location = "home"; - }]; - }; }; } diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 9c283aa..57542d9 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -5,7 +5,7 @@ directory = * ''; - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [ 2049 8333 ]; security.acme = { acceptTerms = true; @@ -65,7 +65,11 @@ server = { enable = true; exports = '' - /srv/nfs 192.168.1.0/24(ro,all_squash,insecure,crossmnt,subtree_check,fsid=0) + /srv/caladan/downloads 192.168.1.4/32(rw,root_squash,fsid=1) + /srv/caladan/www 192.168.1.4/32(rw,root_squash,fsid=2) + /srv/nfs/keepers 192.168.1.0/24(ro,all_squash,insecure,fsid=3) + /srv/nfs/movies 192.168.1.0/24(ro,all_squash,insecure,fsid=4) + /srv/nfs/tv 192.168.1.0/24(ro,all_squash,insecure,fsid=5) ''; }; settings = { @@ -91,10 +95,10 @@ ]; config = { - environment.systemPackages = with pkgs; [ - git - iperf - rsync + environment.systemPackages = [ + pkgs.git + pkgs.iperf + pkgs.rsync ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -104,8 +108,8 @@ openFirewall = true; settings = { - PasswordAuthentication = false; KbdInteractiveAuthentication = false; + PasswordAuthentication = false; }; }; @@ -224,17 +228,26 @@ }; }; + openssh.settings = { + StreamLocalBindUnlink = true; + }; + postfix = let my_email = "nipsy@bitgnome.net"; in { enable = true; extraAliases = '' nipsy: ${my_email} ''; - hostname = "${config.networking.hostName}.${config.networking.domain}"; - relayHost = "mail.bitgnome.net"; - relayPort = 587; rootAlias = my_email; - sslCert = "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem"; - sslKey = "/var/lib/acme/arrakis.bitgnome.net/key.pem"; + settings.main = { + myhostname = "arrakis.bitgnome.net"; + relayhost = [ + "[mail.bitgnome.net]:587" + ]; + smtpd_tls_chain_files = [ + "/var/lib/acme/arrakis.bitgnome.net/key.pem" + "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem" + ]; + }; }; printing.enable = true; @@ -299,32 +312,34 @@ options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUK5EL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LKLLAAE"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV5JEL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LK84H9V"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUZ42L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_2LGKG71F"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV3BSL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_9AG00UKJ"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV338L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LG806ZA"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } ]; }; - udev.packages = with pkgs; [ - vial + udev.packages = [ + pkgs.vial ]; + xserver.videoDrivers = [ "nvidia" ]; + }; #systemd.services.nginx.serviceConfig.ProtectHome = lib.mkForce false; diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix new file mode 100644 index 0000000..4db64cf --- /dev/null +++ b/hosts/caladan/default.nix @@ -0,0 +1,213 @@ +{ config, inputs, outputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernel.sysctl = { + "kernel.hostname" = "caladan.bitgnome.net"; + "kernel.split_lock_mitigate" = 0; # https://lwn.net/Articles/911219/ + }; + kernelPackages = pkgs.linuxPackages_6_17; + #kernelParams = [ + # "amdgpu.ppfeaturemask=0xfffd3fff" + # "split_lock_detect=off" + #]; + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/efiboot/efi1"; + }; + systemd-boot = { + enable = true; + extraInstallCommands = '' + ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 + ''; + }; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.package = pkgs.zfs_unstable; + }; + + environment.systemPackages = [ + pkgs.angband + pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + pkgs.fastfetch + #pkgs.frozen-bubble + pkgs.hedgewars + #pkgs.igir + pkgs.kobodeluxe + pkgs.linux-firmware + pkgs.mailutils + #pkgs.moc + pkgs.nethack + pkgs.openttd + pkgs.linuxKernel.packages.linux_6_17.turbostat + pkgs.qbittorrent-nox + pkgs.rdiff-backup + pkgs.scorched3d + pkgs.signal-desktop + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.vice + #pkgs.warzone2100 + pkgs.wayback-x11 + pkgs.wpa_supplicant + pkgs.xonotic-sdl + pkgs.xpilot-ng + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ./services.nix + ../common/core + ../common/optional/adb.nix + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/printer.nix + ../common/optional/sdr.nix + ../common/optional/services/chrony.nix + ../common/optional/services/openssh.nix + ../common/optional/services/wayland.nix + #../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + defaultGateway = { + address = "192.168.1.1"; + interface = "wlp15s0"; + }; + hostId = "8981d1e5"; + hostName = "caladan"; + interfaces = { + wlp15s0 = { + ipv4.addresses = [ + { address = "192.168.1.4"; prefixLength = 24; } + ]; + }; + }; + nameservers = [ "192.168.1.1" ]; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; + useDHCP = false; + wireless = { + enable = true; + networks = { + "Crystal Palace" = { + pskRaw = "ext:psk_crystal_palace"; + }; + }; + secretsFile = "${config.sops.secrets."wpa_supplicant".path}"; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = "x86_64-linux"; + overlays = [ + #inputs.nvidia-patch.overlays.default + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + #outputs.overlays.wine9_22-packages + ]; + }; + + programs.nix-ld = { + enable = true; + libraries = [ + pkgs.alsa-lib + pkgs.at-spi2-core + pkgs.cairo + pkgs.cups + pkgs.dbus + pkgs.fontconfig + pkgs.freetype + pkgs.glib + pkgs.libgbm + pkgs.libx11 + pkgs.libxcb + pkgs.libxext + pkgs.libxfixes + pkgs.libxkbcommon + pkgs.libxrandr + pkgs.nspr + pkgs.nss + pkgs.pango + pkgs.vulkan-loader + pkgs.xorg.libXcomposite + pkgs.xorg.libXdamage + ]; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/caladan.yaml; + + secrets = { + "nftables/ssh" = {}; + "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; + "wpa_supplicant" = {}; + }; + }; + + system.stateVersion = "23.11"; + + systemd.services = { + + "nftables-extra" = let rules_script = '' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = [ + config.sops.secrets."nftables/ssh".path + ]; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; + }; + + }; + + users.users.root.openssh.authorizedKeys.keys = [ + (builtins.readFile ../common/users/nipsy/keys/id_att.pub) + ]; +} diff --git a/hosts/caladan/disks.nix b/hosts/caladan/disks.nix new file mode 100644 index 0000000..8961361 --- /dev/null +++ b/hosts/caladan/disks.nix @@ -0,0 +1,132 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C42"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi1"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP1" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap1" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C44"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi2"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP2" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap2" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + mode = "mirror"; + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix new file mode 100644 index 0000000..9325e99 --- /dev/null +++ b/hosts/caladan/hardware-configuration.nix @@ -0,0 +1,51 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, inputs, lib, outputs, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + extraModulePackages = [ ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + #zfs.extraPools = [ "data" ]; + }; + + environment.sessionVariables = { + #LIBVA_DRIVER_NAME = "nvidia"; + MOZ_DISABLE_RDD_SANDBOX = "1"; + }; + + fileSystems."/mnt/downloads" = { + device = "192.168.1.2:/srv/caladan/downloads"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + + fileSystems."/mnt/www" = { + device = "192.168.1.2:/srv/caladan/www"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + + hardware = { + bluetooth.enable = true; + + graphics = { + enable = true; + #extraPackages = [ pkgs.nvidia-vaapi-driver ]; + #extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; + #package = pkgs.master.mesa; + #package32 = pkgs.master.pkgsi686Linux.mesa; + }; + }; +} diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix new file mode 100644 index 0000000..1970be2 --- /dev/null +++ b/hosts/caladan/services.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: { + + services = { + + clamav.updater.enable = true; + + cron.enable = true; + + dictd.enable = true; + + iperf3.openFirewall = true; + + nfs.server.enable = true; + + printing.enable = true; + + #smartd = let my_email_addr = "nipsy@bitgnome.net"; in { + # enable = true; + # devices = [ + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # ]; + #}; + + udev.packages = [ + pkgs.vial + ]; + + }; + +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 771fa0d..0ef4182 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -9,99 +9,101 @@ documentation.dev.enable = true; documentation.man.enable = true; - environment.systemPackages = with pkgs; [ - acl - age - bash - bc - bind - binutils - bpftools - bpftrace - bzip2 - colordiff - conntrack-tools - coreutils - cpio - curl - diceware - diffutils - dig - dmidecode - elinks - ethtool - file - findutils - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - htop - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - lynx - moreutils - nano - ncurses - netcat-openbsd - nettools - nix-index - nmap - ntfs3g - nvd - oath-toolkit - openldap - openssl - p7zip - parted - patchelf - pciutils - procps - progress - psmisc - pv - pwgen - qemu_kvm - recode - rsync - sg3_utils - smartmontools - socat - sops - sqlite - ssh-to-age - ssh-to-pgp - stoken - strace - sysstat - tcpdump - tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xkcdpass - xz - zip - zstd + environment.systemPackages = [ + pkgs.acl + pkgs.age + pkgs.bash + pkgs.bc + pkgs.bind + pkgs.binutils + pkgs.bpftools + #pkgs.bpftrace + pkgs.bzip2 + pkgs.colordiff + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.csvkit + pkgs.curl + pkgs.diceware + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + pkgs.elinks + pkgs.ethtool + pkgs.file + pkgs.findutils + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.lynx + pkgs.moreutils + pkgs.nano + pkgs.ncurses + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nix-index + pkgs.nmap + pkgs.ntfs3g + pkgs.nvd + pkgs.oath-toolkit + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.patchelf + pkgs.pciutils + pkgs.perl540Packages.ArchiveZip + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.qemu_kvm + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.sops + pkgs.sqlite + pkgs.ssh-to-age + pkgs.ssh-to-pgp + pkgs.stoken + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xkcdpass + pkgs.xz + pkgs.zip + pkgs.zstd ]; hardware.enableRedistributableFirmware = true; diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix index 14252d8..3c798ae 100644 --- a/hosts/common/core/nix.nix +++ b/hosts/common/core/nix.nix @@ -1,29 +1,11 @@ { inputs, lib, ... }: - -let - build-tmp = "/var/tmp"; -in { - +{ nix = { settings = { auto-optimise-store = lib.mkDefault true; - build-dir = build-tmp; experimental-features = [ "nix-command" "flakes" ]; trusted-users = [ "root" "@wheel" ]; warn-dirty = false; }; - - # Garbage Collection - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - persistent = true; - randomizedDelaySec = "14m"; - }; - }; - - systemd.services."nix-daemon".environment.TMPDIR = build-tmp; - } diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix index 0469b8c..f02ec63 100644 --- a/hosts/common/core/shells.nix +++ b/hosts/common/core/shells.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - bash - zsh; - }; + environment.systemPackages = [ + pkgs.bash + pkgs.zsh + ]; } diff --git a/hosts/common/optional/db.nix b/hosts/common/optional/db.nix index af6766e..d4410bd 100644 --- a/hosts/common/optional/db.nix +++ b/hosts/common/optional/db.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - mariadb - postgresql; - }; + environment.systemPackages = [ + pkgs.mariadb + pkgs.postgresql + ]; } diff --git a/hosts/common/optional/dev.nix b/hosts/common/optional/dev.nix index c25ab08..8238424 100644 --- a/hosts/common/optional/dev.nix +++ b/hosts/common/optional/dev.nix @@ -1,20 +1,19 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - autoconf - automake - cargo - cmake - gcc - go - nasm - perl - pkg-config - python3 - rustc - virtualenv - yasm - zig; - }; + environment.systemPackages = [ + pkgs.autoconf + pkgs.automake + pkgs.cargo + pkgs.cmake + pkgs.gcc + pkgs.go + pkgs.nasm + pkgs.perl + pkgs.pkg-config + pkgs.python3 + pkgs.rustc + pkgs.virtualenv + pkgs.yasm + pkgs.zig + ]; } diff --git a/hosts/common/optional/ebooks.nix b/hosts/common/optional/ebooks.nix index e25a76d..1805b7a 100644 --- a/hosts/common/optional/ebooks.nix +++ b/hosts/common/optional/ebooks.nix @@ -1,8 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - libgourou - calibre + environment.systemPackages = [ + pkgs.libgourou + pkgs.calibre ]; services.udisks2.enable = true; diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index 39a07cd..6f6e384 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,23 +1,14 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - # godot_4 - # mame - # mednafen - # mednaffe - # winetricks; - #}; - - environment.systemPackages = with pkgs; [ - godot_4 - mame - mame.tools - mednafen - mednaffe - protontricks - winetricks - wineWowPackages.stagingFull + environment.systemPackages = [ + pkgs.godot + pkgs.mame + pkgs.mame.tools + pkgs.mednafen + pkgs.mednaffe + pkgs.protontricks + pkgs.winetricks + pkgs.wineWowPackages.stagingFull ]; programs.steam = { diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix index 09079d8..721346e 100644 --- a/hosts/common/optional/google-authenticator.nix +++ b/hosts/common/optional/google-authenticator.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - #other - google-authenticator; - }; + environment.systemPackages = [ + #pkgs.other + pkgs.google-authenticator + ]; security.pam.services = { chfn.googleAuthenticator.enable = true; diff --git a/hosts/common/optional/misc.nix b/hosts/common/optional/misc.nix index 492d13f..a784324 100644 --- a/hosts/common/optional/misc.nix +++ b/hosts/common/optional/misc.nix @@ -1,37 +1,39 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ansible - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - dict - encfs - enscript - expect - fio - fortune - ghostscript - imagemagick - inxi - iotop - ipcalc - iperf - mutt - poppler_utils - powertop - qrencode - radeontop - speedtest-cli - sshfs - (weechat.override { + environment.systemPackages = [ + pkgs.amdgpu_top + pkgs.ansible + pkgs.aspell + pkgs.aspellDicts.en + pkgs.aspellDicts.en-computers + pkgs.aspellDicts.en-science + pkgs.dict + pkgs.encfs + pkgs.enscript + pkgs.expect + pkgs.fio + pkgs.fortune + pkgs.ghostscript + pkgs.imagemagick + pkgs.inxi + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.mutt + pkgs.perf + pkgs.poppler-utils + pkgs.powertop + pkgs.qrencode + pkgs.radeontop + pkgs.speedtest-cli + pkgs.sshfs + (pkgs.weechat.override { configure = { availablePlugins, ...}: { plugins = with availablePlugins; [ (perl.withPackages(p: [ p.PodParser ])) ] ++ [ python ]; - scripts = with pkgs.weechatScripts; [ - wee-slack + scripts = [ + pkgs.weechatScripts.wee-slack ]; }; }) diff --git a/hosts/common/optional/multimedia.nix b/hosts/common/optional/multimedia.nix index f519992..03f8c03 100644 --- a/hosts/common/optional/multimedia.nix +++ b/hosts/common/optional/multimedia.nix @@ -1,13 +1,10 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - ffmpeg - flac - lame - mkvtoolnix-cli - x265#; + environment.systemPackages = [ + pkgs.ffmpeg + pkgs.flac + pkgs.lame + pkgs.mkvtoolnix-cli + pkgs.x265 ]; - #}; } diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index da69705..f87dea4 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - easyeffects - pamixer - pavucontrol - master.pwvucontrol - qpwgraph + environment.systemPackages = [ + pkgs.easyeffects + #pkgs.pamixer + pkgs.pavucontrol + pkgs.pwvucontrol + pkgs.qpwgraph ]; security.pam.loginLimits = [ @@ -22,11 +22,11 @@ alsa.support32Bit = true; enable = true; jack.enable = true; - package = pkgs.master.pipewire; + #package = pkgs.master.pipewire; pulse.enable = true; wireplumber = { enable = true; - package = pkgs.master.wireplumber; + #package = pkgs.master.wireplumber; }; # use the example session manager (no others are packaged yet so this is enabled by default, diff --git a/hosts/common/optional/printer.nix b/hosts/common/optional/printer.nix new file mode 100644 index 0000000..32e4c76 --- /dev/null +++ b/hosts/common/optional/printer.nix @@ -0,0 +1,22 @@ +{ lib, ... }: +{ + hardware.printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; + }; + + systemd.services."ensure-printers" = { + after = [ "network-online.target" ]; + preStart = "sleep 5"; + wants = [ "network-online.target" ]; + }; +} diff --git a/hosts/common/optional/sdr.nix b/hosts/common/optional/sdr.nix index 8e1e5d2..3ac2c3c 100644 --- a/hosts/common/optional/sdr.nix +++ b/hosts/common/optional/sdr.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - fldigi - sdrconnect; - }; + environment.systemPackages = [ + pkgs.chirp + pkgs.fldigi + pkgs.sdrconnect + ]; services.udev.extraRules = '' SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index 3eed193..2492d05 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -7,10 +7,10 @@ "tftp/undionly.kpxe".source = "${pkgs.ipxe}/undionly.kpxe"; }; - systemPackages = with pkgs; [ - ipxe - tftp-hpa - wol + systemPackages = [ + pkgs.ipxe + pkgs.tftp-hpa + pkgs.wol ]; }; @@ -103,6 +103,7 @@ ({ hw-address = "38:f3:ab:59:06:e0"; ip-address = "192.168.1.12"; }) # saturn ({ hw-address = "8c:8c:aa:4e:fc:aa"; ip-address = "192.168.1.13"; }) # uranus ({ hw-address = "38:f3:ab:59:08:10"; ip-address = "192.168.1.14"; }) # neptune + ({ hw-address = "e8:8d:a6:e2:2a:85"; ip-address = "192.168.1.16"; }) # deck ({ hw-address = "7c:b5:66:65:e2:9e"; ip-address = "192.168.1.17"; }) # ginaz ({ hw-address = "00:05:cd:72:92:b0"; ip-address = "192.168.1.19"; }) # onkyo ({ hw-address = "74:29:af:6f:20:ed"; ip-address = "192.168.1.20"; }) # brother diff --git a/hosts/common/optional/services/nolid.nix b/hosts/common/optional/services/nolid.nix index db868fe..7346c26 100644 --- a/hosts/common/optional/services/nolid.nix +++ b/hosts/common/optional/services/nolid.nix @@ -1,7 +1,7 @@ { - services.logind = { - lidSwitch = "ignore"; - lidSwitchDocked = "ignore"; - lidSwitchExternalPower = "ignore"; + services.logind.settings.Login = { + HandleLidSwitch = "ignore"; + HandleLidSwitchDocked = "ignore"; + HandleLidSwitchExternalPower = "ignore"; }; } diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index 038a860..a4eb4b6 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025033101 ; serial + 2025102301 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.119.0 +ns2 in a 67.5.122.223 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.119.0 +arrakis 1m in a 67.5.122.223 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.119.0 +darkstar 1m in a 67.5.122.223 diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix index 424d3bf..8964ece 100644 --- a/hosts/common/optional/services/openssh.nix +++ b/hosts/common/optional/services/openssh.nix @@ -1,4 +1,7 @@ +{ pkgs, ... }: { + programs.ssh.package = pkgs.master.openssh_10_2; + services.openssh = { enable = true; settings = { diff --git a/hosts/common/optional/services/wayland.nix b/hosts/common/optional/services/wayland.nix new file mode 100644 index 0000000..493e0e4 --- /dev/null +++ b/hosts/common/optional/services/wayland.nix @@ -0,0 +1,95 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + #pkgs.geeqie + pkgs.ghostty + pkgs.gimp3 + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.grim + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mako + pkgs.mangohud + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.slurp + pkgs.st + pkgs.swayimg + pkgs.sxiv + #pkgs.tigervnc + #pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.wl-clipboard + pkgs.wlvncc + #pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm + ]; + + programs = { + firefox = { + enable = true; + #package = pkgs.master.firefox; + }; + + gamemode.enable = true; + + steam.gamescopeSession.enable = true; + + sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + }; + + security = { + pam = { + loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + }; + }; + + services = { + blueman.enable = true; + libinput.enable = true; + printing.enable = true; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index 7dccdd3..d45ebb7 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -1,50 +1,48 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - chafa - evince - feh - gcr - geeqie - ghostty - gimp - #gimp-with-plugins - google-chrome - gv - inkscape - libreoffice - libva-utils - mesa-demos - mpv - polkit_gnome - rdesktop - read-edid - st - sxiv - tigervnc - turbovnc - vdpauinfo - vlc - vulkan-tools - wireshark - x11vnc - xclip - xdotool - xorg.appres - xorg.editres - xorg.xdpyinfo - xorg.xev - xscreensaver - xsnow - xterm#; + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + #pkgs.master.geeqie + pkgs.ghostty + pkgs.gimp3 + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.st + pkgs.sxiv + #pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm ]; - #}; programs.firefox = { enable = true; - package = pkgs.master.firefox; + #package = pkgs.master.firefox; }; security.polkit = { @@ -69,17 +67,24 @@ services = { blueman.enable = true; - displayManager.defaultSession = "xsession"; + displayManager = lib.mkIf (config.networking.hostName != "fangorn") { + defaultSession = "xsession"; + }; libinput.enable = true; picom.enable = true; printing.enable = true; xserver = { - displayManager.lightdm = { - enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; - }; + displayManager.lightdm = lib.mkMerge [ + (lib.mkIf (config.networking.hostName == "fangorn") { + enable = true; + }) + (lib.mkIf (config.networking.hostName != "fangorn") { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }) + ]; - displayManager.session = [ + displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [ { manage = "desktop"; name = "xsession"; diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index b07de35..ac811d3 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -1,51 +1,51 @@ { pkgs, ... }: { environment = { - systemPackages = with pkgs; [ - artyFX - audacity - bespokesynth - boops - cardinal - carla - chow-tape-model - cmus - distrho-ports - fluidsynth - #master.fmsynth - #gearmulator - geonkick - guitarix - gxplugins-lv2 - lilypond-unstable-with-fonts - lsp-plugins - metersLv2 - odin2 - oxefmsynth - polyphone - qsynth - reaper - rosegarden - samplv1 - sfizz - sorcer - surge-XT - synthv1 - talentedhack - #master.tunefish - v4l-utils - vapoursynth - vital - vmpk - vocproc - wavpack - winetricks - wineWowPackages.stagingFull - #master.yabridge - #master.yabridgectl - yoshimi - zam-plugins - #zynaddsubfx + systemPackages = [ + #pkgs.artyFX + pkgs.audacity + pkgs.bespokesynth + pkgs.boops + pkgs.cardinal + #pkgs.carla + #pkgs.chow-tape-model + pkgs.cmus + pkgs.distrho-ports + pkgs.fluidsynth + #pkgs.fmsynth + #pkgs.gearmulator + pkgs.geonkick + pkgs.guitarix + pkgs.gxplugins-lv2 + pkgs.lilypond-unstable-with-fonts + pkgs.lsp-plugins + pkgs.metersLv2 + pkgs.odin2 + pkgs.oxefmsynth + pkgs.polyphone + pkgs.qsynth + pkgs.reaper + pkgs.rosegarden + pkgs.samplv1 + pkgs.sfizz + #pkgs.sorcer + #pkgs.surge-XT + pkgs.synthv1 + pkgs.talentedhack + #pkgs.tunefish + pkgs.v4l-utils + pkgs.vapoursynth + pkgs.vital + pkgs.vmpk + pkgs.vocproc + pkgs.wavpack + pkgs.winetricks + pkgs.wineWowPackages.stagingFull + pkgs.yabridge + pkgs.yabridgectl + pkgs.yoshimi + pkgs.zam-plugins + pkgs.zynaddsubfx ]; }; } diff --git a/hosts/common/optional/wdt.nix b/hosts/common/optional/wdt.nix index 3c3943e..3d60706 100644 --- a/hosts/common/optional/wdt.nix +++ b/hosts/common/optional/wdt.nix @@ -1,3 +1,3 @@ { - systemd.watchdog.runtimeTime = "60s"; + systemd.settings.Manager.RuntimeWatchdogSec = "60s"; } diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix new file mode 100644 index 0000000..3c700a7 --- /dev/null +++ b/hosts/common/users/don/default.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1001; +in +{ + users.groups.don.gid = uid; + users.users.don = { + description = "Don Arnold"; + extraGroups = [ + "audio" + "video" + "wheel" + ] ++ ifTheyExist [ + "adbusers" + "networkmanager" + "vboxsf" + "vboxusers" + ]; + group = "don"; + home = "/home/don"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + #shell = pkgs.zsh; + uid = uid; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix index 5eacd6f..28bf79c 100644 --- a/hosts/common/users/nipsy/default.nix +++ b/hosts/common/users/nipsy/default.nix @@ -1,9 +1,10 @@ { pkgs, inputs, config, ... }: let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1000; in { - users.groups.nipsy.gid = 1000; + users.groups.nipsy.gid = uid; users.users.nipsy = { description = "Mark Nipper"; extraGroups = [ @@ -12,6 +13,7 @@ in "wheel" ] ++ ifTheyExist [ "adbusers" + "gamemode" "networkmanager" "vboxsf" "vboxusers" @@ -26,5 +28,6 @@ in packages = [ pkgs.home-manager ]; shell = pkgs.zsh; + uid = uid; }; } diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 910e077..5ee2137 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -2,9 +2,10 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "darkstar.bitgnome.net"; "net.ipv4.ip_forward" = true; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi = { canTouchEfiVariables = true; @@ -19,20 +20,19 @@ timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; - #environment.systemPackages = with pkgs; [ - # wpa_supplicant - # somethingelse - #]; + environment.systemPackages = [ + pkgs.speedtest-go + ]; imports = [ ./disks.nix ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/services/asterisk.nix + #../common/optional/services/asterisk.nix ../common/optional/services/chrony.nix ../common/optional/services/dhcp.nix ../common/optional/services/nsd.nix @@ -47,7 +47,6 @@ hostId = "f9ca5efe"; hostName = "darkstar"; #defaultGateway = "192.168.1.1"; - domain = "bitgnome.net"; interfaces = { enp116s0 = { ipv4.addresses = [ @@ -66,6 +65,9 @@ internalInterfaces = [ "enp116s0" ]; }; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; vlans = { vlan201 = { id=201; interface="enp117s0"; }; @@ -102,6 +104,7 @@ "nftables/forward" = {}; "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 7304b48..b1da73e 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -42,19 +42,23 @@ local-data = [ "\"darkstar.bitgnome.net. IN A 192.168.1.1\"" "\"arrakis.bitgnome.net. IN A 192.168.1.2\"" + "\"caladan.bitgnome.net. IN A 192.168.1.4\"" "\"jupiter.bitgnome.net. IN A 192.168.1.11\"" "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" "\"neptune.bitgnome.net. IN A 192.168.1.14\"" + "\"deck.bitgnome.net. IN A 192.168.1.16\"" "\"ginaz.bitgnome.net. IN A 192.168.1.17\"" ]; local-data-ptr = [ "\"192.168.1.1 darkstar.bitgnome.net\"" "\"192.168.1.2 arrakis.bitgnome.net\"" + "\"192.168.1.4 caladan.bitgnome.net\"" "\"192.168.1.11 jupiter.bitgnome.net\"" "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" "\"192.168.1.14 neptune.bitgnome.net\"" + "\"192.168.1.16 deck.bitgnome.net\"" "\"192.168.1.17 ginaz.bitgnome.net\"" ]; local-zone = [ diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..e0f0f2d --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,85 @@ +{ config, inputs, lib, outputs, pkgs, ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_6_17; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-label"; + package = pkgs.zfs_unstable; + }; + }; + + environment.systemPackages = [ + pkgs.chirp + pkgs.signal-desktop + pkgs.wpa_supplicant + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ../common/core + #../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + #../common/optional/games.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix + ../common/optional/services/openssh.nix + #../common/optional/services/tlp.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/don + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; + hostId = "6f1faddc"; + hostName = "fangorn"; + networkmanager.enable = true; + nftables.enable = true; + }; + + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + ]; + }; + + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; + + secrets = { + "nix-access-token-github" = {}; + }; + }; + + system.stateVersion = "23.11"; + + time.timeZone = lib.mkForce "America/Chicago"; +} diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix new file mode 100644 index 0000000..fdef7cf --- /dev/null +++ b/hosts/fangorn/disks.nix @@ -0,0 +1,102 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + extraArgs = [ "-nboot" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/don" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/don"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix new file mode 100644 index 0000000..17a6bc6 --- /dev/null +++ b/hosts/fangorn/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/boot" = { + device = lib.mkForce "/dev/disk/by-label/boot"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + #networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index 209a02e..9ee5950 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -1,19 +1,18 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; - environment.systemPackages = with pkgs; [ - signal-desktop - #master.wsmancli + environment.systemPackages = [ + pkgs.signal-desktop ]; imports = [ @@ -44,6 +43,9 @@ hostName = "ginaz"; networkmanager.enable = true; nftables.enable = true; + search = [ + "bitgnome.net" + ]; }; nixpkgs = { diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix index 24f60cd..670a58c 100644 --- a/hosts/ginaz/hardware-configuration.nix +++ b/hosts/ginaz/hardware-configuration.nix @@ -23,8 +23,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index d5f95fc..c023564 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "d3a9e699"; hostName = "jupiter"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index 706bb57..157945f 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -1,7 +1,7 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -10,12 +10,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; - environment.systemPackages = with pkgs; [ - git-review + environment.systemPackages = [ + pkgs.git-review ]; imports = [ @@ -52,7 +52,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -60,6 +60,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix index 7fdef31..7ce3ad8 100644 --- a/hosts/neptune/default.nix +++ b/hosts/neptune/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "6c1b830a"; hostName = "neptune"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index 5d9e2fc..d3fc348 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -1,18 +1,18 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader.grub.enable = true; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; - environment.systemPackages = with pkgs; [ - git-review - master.openstackclient-full + environment.systemPackages = [ + pkgs.git-review + pkgs.openstackclient-full ]; imports = [ @@ -49,7 +49,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -57,6 +57,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix index 1e7d21c..133b09a 100644 --- a/hosts/saturn/default.nix +++ b/hosts/saturn/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "4ae5eb4d"; hostName = "saturn"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 5261c80..cac29c7 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,10 +1,11 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] -ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oAEZFa/4imtJl88bB9LwvGMitqcvr0WOZ7nakY2y9kEKoVyEYQfkM61h7U8SazZsgHcuuR7JQ03TqUTYw66H/7qvHOcOftHTlp09HKvePuUOS22sPjU20JsV43TdrVcSICSLe8FgLMbojiWzM3uepKN1/7XBQWm1ntkhG7OTRJOvtsCsoE+lJX1Q0xN1NgwjvQotEpjC16m82f4wfq1Kv2RKyafJxTQRjhlxy4TtIYJ6UEM3aBL666+lGKuT6gbqFInVprIhqj/FAKKWmKrw9mqm3LCOQVcNJS4byfUfozMyBMzIlhusMHuqp6x0lR0y3Cfg3EvOWIGdrcu8uwQt2XkqrfFD3/jDfL+bf4CNZD2wHT9mdQXJyhzbTo2V8P3I9VifB0bLAvb8XFb16bcjyO2L7+eb5UA0c1fBKsF6Rol8p5SKwWu2y21B/gVlNOb5YYQn2fDLgTjg0DFQs2dW7uYlfVc4PS37KNQaxXT7qd3COCnuJ5/OVvWZK4hDAs8dEnYgD/bixdl8k8QiB5F2P7sTXFrfGsxaXaUGeG,iv:FQLz3J/+o4TeWsq7dF358DErIMbF9Fq2bJaz5vEwpdI=,tag:PDvywy9MasIrDAyrC3Ge8A==,type:str] +ssh_config: ENC[AES256_GCM,data:f0nNWKZxV+MjG+Jx3JVDiGaPwryaJxivRJrdPB3Ks7vJgieey5xLXkyBbEzFps/S2YLod4MAMQvsvunx4U54Dgz5kJQR+NfsQ4pVdYenqNYxpyCqM1n+oSWwmW0l1Z4F717OsDiadaAp6RJ58GK1pNB/AyV/Xns0EbSyqiwUGTgb/Mb6MeVm01djrfXzEYNHoBVuUA8b0LxdL1xH8CQwmPcbpMHItrO9MWIdHNZrz1YKD4EOfqt9ei0DwdvYbMqqOPrw/5Sgn9oViX/yJxWDJ1M8CHNAWMfAZfnr0ATQCYE75PhOAhuHhsZQBmUUCj1hr0b/Qb9Lc0agS8lvYRJXEIkMDoFu5bOAZkjmrOATnu2GOAynMr/tjMqPFBYmWdIfJcGRe55pW8ulbqnxcfvlDSmLGABc+sIr50IVwsBlzxSPoZhH6Hm+7i0Vs3Ep7VM/0Bcuyvd7z9NGKJp/wWAeUrT4ccJJSt5/1HVHcYF2rs0u0JZ2KNr4hdzGafC1353jQ03UC2yzZff1Jtv5nnrxQrlm1rBjbB5pxk99zVs8hWg9y7+Y44xw7PQ7UUrZTGd95khj1E00Qe0YFHxid4UPXoOGhZ282bziVBoJgmzdkAq/ekC3nZ38SSD/oKOnZNto76uBx/Q8ndwP4IgxWOkP9EKpsMvQFYyaoXCwdOKX8yNHUZy6wCW0WMEzWeCv1ixHhMF2rAFUu+jcd0outRQTaxBCvDwAnQqHWmY0ixk/L2r4Lf9IpYBGZ89xlcqnUTXKD6wu5AfWeMU2SxmzsF1AWSA/WBUjqW5nTfTr,iv:uXbX67nw8uot2BeeeU0wMNZ+xK+gJ6Xy42jriUZ0gjQ=,tag:AkRAMlnyaxvCVAQy1a2zGw==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] + fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str] ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str] homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str] lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str] @@ -12,13 +13,9 @@ wireguard: ramped_psk: ENC[AES256_GCM,data:TCeXW9SWFEq7H7YdEE4E7gLoMC8F4GwSPBtvh8Zv6OQ3Ni0LdZBH9IHmPT4=,iv:U33J1eusuCiC41zla2ieIFKzmmgL/TlkLmH/5El3u4s=,tag:Z4QzImR0T2XzdI26nlX+/Q==,type:str] timetrad_psk: ENC[AES256_GCM,data:zAOHUlk6VJd+w6ePcDAPhpmPmlogwqUh5zhDpnW7cbXflIdLtFN9YQbOYtc=,iv:DpqIP+uTxRY7Dl0WwOvAr/dDFeARCVZKNKKKCrgOkYA=,tag:IP+nUZS3klUvHNzbgS4IjQ==,type:str] treebeard_psk: ENC[AES256_GCM,data:EjzdD4siZfCkwd6pX82C2HP8I0avKjStv6fleURD2cPkGmBFDH//MLYcY/k=,iv:yCc+U3+kAzOroOxO04EKVrbuqr85Y8cZ343UN4s3nBg=,tag:r5piVnM+Q5+0HRRMpVwmSA==,type:str] - wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] + wg1_conf: ENC[AES256_GCM,data:Chmy2hMIB7XI4xVbmPD8IyVwiI50sIoVviBa7a54e6/6QpyVDmJByJpWHu5Ej70oUlxLf4JZFwAWBhNJQucFKwVeISnFVVaLwPNegZd7iHK4UzPzpj7vdu0erK096zURXzvnnGwFr6TjYJcWXW8PsaO341PXWiU2Mg9WI9G50wDgN7t+dwSzvrYRyohfSAks59fqH21eSGXyZm0NBvbdCkE2U7+oEd3XOIdYKLpkYVb3oRw7Jurx6UJwpbNr/gwrB5Hq46njDKq6EXEfjfg12vcvi5MKjMQgWE58VDT8pCWVKTFDJQP/MQkLnj2ACJmlJI/U7Z6L1iGYh4hUEafTidkF4Tpowa8aUS1IN2vevVe81V3r3VYzx7Fl+71Gr/WGp8IQxHxBDhefq5ZQpONo8a28oA==,iv:OkfwpNbTn8hvErfpgRU5+jHZTs1Q0fE+G0YJlTZ+UV0=,tag:3wmTSfJLD+d9eFfWm4w1aw==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de enc: | @@ -38,8 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:40:33Z" - mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str] - pgp: [] + lastmodified: "2025-10-03T02:18:00Z" + mac: ENC[AES256_GCM,data:DUyRWn00Jx33gPOCebHdgW93vCrSbaqifGqgutgFHLJG+zh33nioBMLklE+BuqeZpj+XQkiN8Evm8gZV0mAcylfh2wvBU3+AEg9VSNqRiB6gPmFG8pa1YyD6BSzJAb05iexZNF8xKYrfKTVlcuVvTYg5przCzX5Tn8zz5b15Uf8=,iv:9RSDs6MqRCjuuSEElb9LlvyBFPzDG1D+f0TBkRkAsuY=,tag:cm4wkoDr2djO4SmNyvTLLg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.11.0 diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml new file mode 100644 index 0000000..dbbf048 --- /dev/null +++ b/hosts/secrets/caladan.yaml @@ -0,0 +1,29 @@ +nftables: + ssh: ENC[AES256_GCM,data:BTUQjgRlGhk3+p2uYAyN2X59YzYeBzSuMJ7MZ5Aaugrm360+OTejUHzUYcrqLVomFLe30uF5puXVKQGeCd2RIxQhyxHGPQ4liI4RwhYE2JAtGlAxoZCoHKSew3Rqpk5+fQgkJ4xGwFDyTa4KOKOYXKknrCkLOUc7jYXhGAfwopAMfGqsUFgFJVkJ+zIs5PCNAxZeneXGffb3tjdC17jh2gLdydmhCINUpn/CGKtta7aDqPD0yg1fHeHTd4jhkin0PoemGlBm4IVSv4FHK/P39dhSR27GRb/hqxxrkZyHK9uqx3REEbHGWWGjok2peVpLVMbKIxKU7yEYYJL5zq5/vnb7RsP1+Qrk3Z9ho83qUgOhXYoJVV2c0UrrZ2KKOojOakmkzgwK/FFBhpMu2JHzF5Qf5ngE/CXnOrdutw9ChXUarCUsbMFXDRIP+AgwqsCgOSSPTOgAfyKAkqUqOw0+cR9GhvEVpe6fxIAQf9s6vjYrFCUorsP/z6vDzkLu8Fodd/fkxIY5+nix18r5lrP8JU2LCIfpH3iPE62KgPZnFtUCs+blsgOh1+3ypw/zWB414hQYaEatoXgfUW13xwHdDuyQJBKjCm0QFenzisojfIDr6seDIYKoi0jnot0jU+4n6sCBdMP/xghscn+6oNUIQ22aWGeMVfGOkORIsJkCYHHLRIZ6axvRr1J7rRl1J7NaB1i0m26POe2XxjNrmQ4dE6FIN3ho/1ETv6JX40+95SU/F5skth6MeHwueOLHo5orJsSjYtttYYqL5FqPM6Pz3EQqAh2/bxuKKtDznVCZJgTx8X5cwdjw2uCBNxXnhPE2iRL4wE/udI6B5QOz2nAHYt4mR0QuRARvtbSbVZI6cCd5CVBfqo6DZbXF96PH0Ghgtrt9ZNGxJrKoljBmeogY2fgNpow3nmmoFoEoACxo8+eJp1AH9+Ma88xO0Eoq/jdNFfxkhpBdulDeRdHsf13tH85xqWk5lc2U6HNyqomF1wOWUcpoJf2vfBmA3y/JI2bsLW37OjciRLH4KAbyp2QPZhdILdQRgWTDkrWolzZ3ZW2kiM10q/8PtM/R/Ih2PggVKptJiUM1KFx8R5+dfTzi4sBNiBM74rUu385cuxo8f1opGT1biGBq9qh4t2p81yLeRQOm7iXvtoAE/BEJdlOXBgooXSK76R+tz/0JeQMuD2khbCrDHlY/35a/VphygPSAV5ztJWoHpo6cYezs4yWOotB63YnAWJktdMkNHzsGD1tWYr95u4+OMqWtMogvICyVD3HZlTy6NYlrOeHwthOW8yndpnFhXLh8PgKjyZ/bTH3QUSCmWuPowEMJ4mecWDYYneQYF2wr8hXYRkUlY3AogkNf6rJkMlXzkHxlK+wy4pF6KfaTMsGYIKiSczl+uGYJ/HWxSNeQXzIq0s9/POTs0IoeMdJehrFLQQyslKuxfOZgei7m0KT8nEaRMHQxc2mCBbLIah3ldWip+FOj4ASRDOXAFhKNyj8a+TLx+TrVXAFLOK4PrmaCpgp5IQyfHTYlYTgZlvXB+MywDUo34FKMA4InHRslTv3qpg/qQa9jRrqs0xhrvXJ7UDxOImHl5zxHwHUw/ltJEh+q63Y7DkNWrD5oB7gQKF2z70mJae13DgYzl8ADK0nQG4oR5sKdaH3O1Z+MWwP2+XpafLeWy8nvG7wKOekXR+cxajhN7B/fyTHYI8BHkYaVXyoLU3kUnwAuFfEDRxFj+ESWR3L6qRY1OPOl71fuGcaifKLkr6IM8TJ5x6/ffoGOHeS42aZZ/eKK23BlRMTchVts9whiPgyjTdn2o44MdIASZXeohPdnuIbfptxSH+gdTc0NWZnEtwsYMPPGovQ6sZQ5UHtDypQ96OlRS3xjFTKTYgDJsUQxieAzENjAEdghZArf4Sh4OVqdDiDUzP2YkXhPooPnkq4vhhWld0/zQMkjvlT+GKbNux82KXu6WTXG+YqyQ5KCNcZ8z+wvHlzAFoSK9/Nw+oXS+jpLUbjqbAJ09vEG6fqnA7EjLXSDDv+p8Wcn473Yz9wKp0G+PhVCQHld/FITB0+AoD0FWN7RxZx0T72YDn2vd+xpZ4Hc6MaLlseeWaLOBxe/Si2lPhwFG9ZWWwkzTnMyPd87iRgxP0w/w5NxyyY2IQOqN0EtR0+dFzBJuZfcBMuVe3gUzNhnhFO9nt+MynzVxsCij1Ez5NDCrmF0bpr/TCaiWVt/UuvoB0fQLSMawZ0eRC3BfiGD2L6lmoTv5i2bY997OWYAt7y/ajchk8UlYqJDQ5nM8OdQ4MW6BEKf6/j4MA1l7CsactHDpJwPStX90BGff7WCkx+eZ5XaCza+DE/NILD02XUfRqfYnvSW+9WzMtUEfvou9J79i4iPAsezsGkfI8ZCsg5dCVclA2mbQYqT8+3dY++5ICpvk1r0xyeBGAoThJlbWC2m0o4OmhrGMJwz7iX8uEPVEfwDlLsHVTdmrLirdKUhq2KfwjvARsjPDkCdRQf+uZsI2X5Wdl2yZFa/TdSshbfCsKEK0SsShdyUt7O5aqCjze73KahteWapZqnes4xrrKFQamHo/e1t1lxwVDO66EVhl23jZZZ6B5TdydTnAXoDiONOhm+zfF3mD6JhJrMc1v5fVFA3Eedif5hkwj+CiHSTaN3UERRf6rFb1VFCk7pbsc0xaqvTURJb6Mq1Kom8cmn3oOMJEBRJZLZS9cAawNbMlXJ+AxL4swxTAyl72Rdm1MYRPMxahBmi1OWuUdNXogpHnsy88Ri4Z83TcH79dub5dQCfN3hYDv8HsDpRJwqgHZwK4+Q4PRRa5yyxK3aUYOxRN1jQ0L4F2SaZt26I/j9eS7J4loY4o77Zt0tMzBCFLLV/1qje4xKF/dTzIw+kwJfRWCtZgTN+RL5lINHWTj5t4HVznkMZWk6pS5xexHyX11zu2TsZbEcF0aTbL9ByPJSrOgs0FVyPTajYTMpqRkjz4ZlYzOKwMVDnh/suj13YyC+gECXV8kpgh8CENEc3UhlOgvGrwF5j2O7hwkt0V0tBWNjxwK85/JWUUgR+UrsGTuziUClz3x+duu9+2t4QUjE3e3U6CS9/IEP7B76GxePO/jCf2+tp9MBCT6E2WiLav6X4cnksNcP0k4QNEKe3zBCOpQxBOBnnLe0f3w==,iv:UY/efikTAvIUfcciypnngPj7PhGjccoIeXRyew2Ft0s=,tag:QnYxLwkV9Oo9ETWAqIKNyg==,type:str] +nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str] +ssh_config: ENC[AES256_GCM,data:zlEJ00GNq3WScqJ7hFTx4YLfTaEuN+GZF6HKew1vshX2nwqsRQMpumyIgPisl/WqPbTUCU13qAvwTbmN0vGna3WFA376GVAHIN+TzTWGdcaVzgI8wJF3c26k0GpYDvgsxW0QNR9BhHJvEE7ox6o/chPXUNS7Q4AwvD1YuOgQZc2kdBYC5zOZ6Z2/qPOLmVesn9+jbFBGfHNxCu/Vq1wXfCFhZ7+hY27R+BYmGc3uUPYrQ40WZgbLzBpkndxhh7dE7KlYFavJtaaRhnaN7i7/30xyO6IGBpuHBUxnryVwgCUx42fXjYMVe6tfYXsKYAbVhjgrJSwOB5Uf8W7gekr1qSRStROZC/Vnh2Enz3PwWYjXViyrWEpw9jXR3w8rCIQ0NJQXwvsRyEipujxmbs9MhywW7x8zC6txjg4Nd5gBNuaEsg4e82ARic65RQ6q8tvgLQj6ghR53nXA+GFv6ybbDgRuL27ki9wWHCy1oYOS1D58So3+ABAKzxayk6Eo3sQeBHO9bKVCZWwWYwuWtknKWf8HoedVhMUiimJ9MdgQsNEEuKL7g1OTSt+25KDBcnuUqh7fYbNi0AB4kiGTSrExQ7zzTIkKiDO3j0yL3M+lC8WoeBpYfmpuTWcVSYHmjQn8ggybdbEWRY/pdiRNChG11IHGZpS1v1hM5Dw05oGFFciCwOBFS7EQpetOYlKT9wl4Kof3cpqfQUE7q4AHSMkSWZX/t6xCFRv2V6jhSwSpvcf+CMGu+s+ND/kEjKpo/+HiyNp5GhyD6h1oPc+G3x78YVx1WI+wuzMccSp0,iv:8EtrGsi86BhlCrn5kNZSbvIq/D6RBjJ1AAt8x3x6Pns=,tag:OB8azq3ZWpMIZDMQp+ry3w==,type:str] +wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str] +sops: + age: + - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4 + dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD + ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4 + a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH + vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY + RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0 + ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH + enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur + E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:00:15Z" + mac: ENC[AES256_GCM,data:JKzxSGzEPIM7z5QfGZgZBXNUTvLOmP5Krkjt5CCt91MdlLJtksVjMzcMEE4hu+3maLXR0UsXn4W2K6IkMmyo8nU7vHhg/n40WIgeX0J8e7nx51VymJAsiisdijGtPbVovdK2qLjU7CRoKypfDNiV9dYLPbyzpNFKyCDdpbnBJ+4=,iv:MCRxJ6QsNWSfblgtIkJhnqap/qFg1OYzXHUYP137ihw=,tag:szwCMpyn2sWm15BJR16GeQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/secrets/darkstar.yaml b/hosts/secrets/darkstar.yaml index 37b53ce..b9ac45d 100644 --- a/hosts/secrets/darkstar.yaml +++ b/hosts/secrets/darkstar.yaml @@ -1,16 +1,187 @@ -asterisk: - extensions.ael: ENC[AES256_GCM,data:pJy+Z0Iv5a2rZThIpspriCkSYCGsnYWDQvOID9fhuiVc4JUxgB1Q+0iq8tANBnYtGYtbYO0jijxYmWZMcHu66aXQwegf66PQmYNwlfiJWJjJ/T753iiVvqcrnAwA0XL0RW2rbA7cWtVq+enUglz2cT6N+BIwPSMTo5EUei+JzZ/ovqN7E0SLLhgvfmIttqfJOo8OZU9eIYN3XPO3UEs9ezHDTgFIygxdD3xaGBfecoiftCWG6CDFdK0pMgABn8THLqeqigjuC7J4Kmqq7suGSA8eBfejfYoGzxY+9LfiRdGVb+oj5Xik/4Xkb/dKthphl7ez7PkJfd89cXuNtAFO67dMhy9ITlJzrkEqUKl1eMsf9oDzqoSuUjDNhS32uKO3CrhAjzAiW1z8C2gmfMscpUeNnDbUHDjw2isz9Ay5nzapM7m+3hq5D9BBb413dXxu66WkewkOHy96Vg+yO5M2c63BPiO8NfKESd5ij1RtgyQIjj8rlEfjheOa0nLfw9lj9Ohc6n27xvi55WZbZOfdeb34yIzbtNw5pw1OZhQ2U9uexJhLrUpKsg35/TMjQ3/7DkcwacA4fpI4TvfYcxZydzXvDBNEw1cZyRYEVXpIM8FepCGICviVM53cRYJJ9jmR5MC2VQSp8K8WBnBgcNfrJ2CCnfT8mGH8g2t2ZDC8AHHS8P8qRMSfsS/UmAPkIuqVXBoIRb8PJQELDfMLDzHvTL5D2CZ3+UGqB8trHB40wEJ7pw/Fm/910Z0NJS5yUZKCoU7llbV7qyxjVBIv5VU6yj7PZWkyS1t5+M63J/lssnKbohm5er2pH5tZ0cD8XRkOJXZ2R+31t48cJDYFePYO6CbMsGUlRtKYjnmHMT79N7HA7U2OKfhn9ab//UjMpMNTEHEGGB34G+hq4kgvHuiUA/IpvjQ4/D7bHjTFc0S7umt54dsCCzJsrH4pYPLbEXmNnm3XvI++cY0o4WKJvxihZIDg5+w4rYVgK+mc+3x7Um18K0UCIvrvYEoRfxM3eYKS5OkUZ1DLJZ3IZRTttgAppOVYfkAJiF1DkNKpYP7iD2OJuM8BMS9W7NL5tLmg0zlm4zIOUmYBTE95KL/LakpC9tHm/MgCz1vzdGgY3c5cGDAFp2+NOH4Hbh86A96aH7S8gDExCB5ePbHPmJxoHgzxqFgKGJc8hDlVx5E3QZls8l8cW0q1Rxu7EyNKEop7dAooGNoWhyIEGzmgVqKKTgu7jAYV6OjkKlgeJQGVuMfW4fDJoo8/4t9XpPNpa/eI1MSZOgITFZ8Qd6FU3447M0E846VUgR5PnPWcX0l6rBcIilQL3ioRqE9auKNItvZRLdC3J8nMwXct0dplB7yUKPVegqLpGDUXJCe/WBAP8doP1NMBsBN1lSGZ5ZJGs1TF1HN4D0Ucmnyo400Ytni43AGuqvTdTz18DpWxFPkU4XWvAznsdu7KGjAvb3bHCpGn/y43/Ib343Y8G9LcqDWrU05J2ONU+nf6YE9atnF1CwCaP5/Nu9Du+iDYO5Oh9TiDwZ1itqEJN7Bggxru5+QgPFXi8PsMf5Ie29ptoxhCPxxrDMbC4YwVm3Llur2qdWy8rMwDgB2AgAqaidks5djVjbfB1aLQb4lQfsfyfvakU37T4rUul1XbYiako3ZRFs9jLWbRdl4QEuky8XG4Tdc1NZgmenUMtvsL2T+AEN8/kdbbhtnZrFPA/xeRxjDOb3y9K5MM5IT3yPLOgqMA9LRo/3Fzi2xNj1WcN5ZWjvEi0+OyoC2CawrCPPCij/6UOZIeCGTyJYqDoX1zD4TuHvQHC6H9rxUbyjOgkrvGIYsyW2ZgnYtni5nK/irUphA1VoadsXE0gEXJ+jsV7gAUZ9aF1WhQIVJz9fz3LwuLAxoiruM+9SoNANqL5q80+/VTyUsfezY6UG8Hc1GWFtid+OqE8kxO0MS2NnQwiRIc49vs3XotIDnnycRYh4pgBSlt1OH+tKnvhFA9IjMolVMrHjPWd8BOVwWKKalUaG9eouTN6qJQAG2YW3Sv/IOmyXzLlwFL9TMIrg9xO02BGABrx7XctzLF0VcndmszWEbVOsG+M/BiJPkIw8VhFLGGKQbOv4qaPPN/CDeveHDwZLUkUwOBsgt8fmu9UzYq742vQkw0dSGrbEXED5Oln473s7RZH5/b3AYNyehD2uctbtoDai5WwuO6l/3x5yiOXfIkw5pfhj6gT1nzKXU8PdsbnBUx6cEYCT7QZLeusyO6315WH1XGcu3R636NE8Lz2/UpmbRD4OdKHC7jTGHFuo1H+doxisdWwDgmsxKxyIl99WW4ekMKw5L6VCrng/TyEtT8lPSDs777H6vlIofDScyKOSB7qWTIYIUP4+iiNKiW8xem+g3fYkylG569JFsNeQDZDs8MDib9LeMTT/55mL7Cl+p8nlX8JHfEmYJSlbdY4eWQtPkfHbcnVtr724XIZvDY68ocPskRhUUw4CXNNyV8XFKb01a1Gl7gYtzx76dTeswBGEFNsBfWSj3ndLy0TviwkI3hz4miEsr78t0nYRpGv1Bb3s5aUfanfDEz/JYwg12jKvOumjr+BytNfDwjSMTbYRi/D81otS2b12EunLfAml+Y3ZSojD1y7iYYpgJ2rpMfz1BWfkTWWFjV5Dldq4lY7RSaoQw8hl/aeD9kaiR5beOyAQ9EYI+VFnPK,iv:XJjhLnUgf1cc9O50U4Q8Pis/ZYLg5B9U7u3eDuDcjeA=,tag:0ZqdjgYNMsXcKGIs05PGvA==,type:str] - pjsip.conf: ENC[AES256_GCM,data:rVtOAj6DiUDAlM7m/E2h1EZvsrabmDb9zD8fQPvvTITTQ8WUwwU6etJm3CsnrfskyctnJQWqs2nQQol5ZtS8Mgbr9CGOsk9eOvAxQJcjvkI+tJKl/d7DEVk1XKI6jV1X2Y8klJlHROe5w9N2zzdEfDbWIBUig0Lc0T71eAzOEhR/9QxQD0OVoonk0AuG8xRa0vzyYJEvWbOeqrxiM74RlrGThE7U/+fM0rS68Yy3PdIVnOnHtlz5v//ZGcNGYNmncBV3W7avnlCRV+C9b9WblkG3UXQ/rkXI2nNg2BaKTa5545kjyJsuIYPbD3Mx15oTQaBhZo8KKAO7ZsfOGWSZJ13vdx4xnub8S63QDWEgwx1UzjoTCsnkBh86BFWp+xk+D5XDk4nC1qqV92Qy33d8R6HJ241INwxPK6ZV0X2FG00mGdpMzELDuq0yg1979QlIHqDBAOoYR4rhHSYYKCqKw9cXsURkqsz/sOqsb1BFQRY6+WsvAK7p9seiw14E9glPa0OkjnQcA7JjhOQGOvoz+p2UiygVDnJ/H+MaGseUPTUZGm+Moa442/xJAUpj80wfHxwOAX9kdWjOFBXBn2A8u/cmO6cdCQvG8Mpx57eZg/CzeqmNMGcjAi9z7TtWN3iYi3TxD25ZFfo5XSgqOmgKtI94Mt//insmLFP4Q3l4IHqTpZj4qQDMAtocShhyhDI49exHPQ2lWiKMlBtQ4OAbrYOVrVk3oHgJ8e7rRWZy1Zlu9UrfTEO/sj1xvXa/9mvJSpz4nQBz+pKyjy003VveaJpvjPXkRkhtLLDX4Aw0K23fWt/4GQEJIG04w1sJMHu/s5RIrP8bHZKjezNYV7Brvvlna4xMahSzfg3Z5cvOH2hgNKOoFglmGUqvWyeDm4CCepJ+WJ8TYkwIEMnjOnCpb+OF+uXwYpqUi2DD4pwzmEuSagaDBtTAuSIgtkSupakpOdQYhW3UN+keVcu7reBVtl5GWSVfviZ9P0Vyh0Zvtpg/qMTWipr3qjvtIBauT1ChLxW3lQ0Js7rTOOJK6uQ0PPv9MmgVTvAMTO37LU5fmJ3EGfTWuBSwvaDMJAvhQpXWG2PYXc/OhPBhA8dqxUhd9nmSYlHBSdR68ETftsViQaBoOyGEcjOZyTnM3GMQAlnX2rLcOm2KaYaJbQ+lksTT4eye8A9JY6YdMDrSfnkops+7ECJgqYY00xFI6bg0+C0p+WJtWk/YQuTDwjTHmKBfVIMOm659EzeXC2mq9j51z8jX49NfQg6heQYGad3W273P4El/As7Lm1BKG8cKHTo2yQKEcC9coYrRUcFS96b82sgCX+wPq2tb7TIHB7nMjuGc6oMQwQY6lcimzwlO/1r0HpCUhU/p3Sp2coyqgRI5WqczI5kqs/9pm/owASpGXOma7/Yw27Q9z4dDM0rz2mM794XpsCF2JxLd5AwuV3N9YOqwOWCkt7XcveKqz0GPd/l0RBHi0Nx58C6eWhbGSUK8lM1H06Pw/0fkh1qJMtpPK1+qqR37jBgktyVi941Ko/7LK4DGHk6P2+BsGNPrhA==,iv:n0S64/G7Pm6ZwszDDFMR4qvugU9+HhQDfptOv+KGkzE=,tag:BivicBQ1kjWRj7ZD1c26Pw==,type:str] - rtp.conf: ENC[AES256_GCM,data:wRhJ3O8qgECEuMX4mCKKv2igiMxTJS6p0IkgilBxPU7sdFsy,iv:UkXcVOwRDlp7s0+u7QbQ6lGyaJq2JO4YaYMzphOA9ew=,tag:iHJXCC9XAnaQc6qsCTNEYQ==,type:str] +#ENC[AES256_GCM,data:koNrUwSd8yki,iv:OWn+BvvlDhV5g0aT6vj/XnJn0yBpPEzDe70aEnGpPyE=,tag:nwaIzDU9e/VyfPRwigH/XQ==,type:comment] +#ENC[AES256_GCM,data:Edyn0TZVgQvmf4x4K6qzJ6OQtMJP,iv:JdIudLJ1b2qzkAo/tkbG8t/qubeL7v8Rp2yWy8CgRPk=,tag:WGUU4TgHa/qxf5d2d4oJMQ==,type:comment] +#ENC[AES256_GCM,data:kuWF0wpR2bGcP+mjurtCvNqhVpuqO5DYNLs=,iv:2JuLlQ5oS5hR1WGn+wMtAvOysy+23fvjG3HDncLBokA=,tag:sxgmrNZb3dphMASAG7lQig==,type:comment] +#ENC[AES256_GCM,data:6E+vU6uKweNZIpnLsk1R4wg=,iv:WMZ5gi5WKA2jfYV76Er5Dn36C78xVTXBGc+sLz2hltg=,tag:T4y/os/1pBwB8m4lt7aaYg==,type:comment] +#ENC[AES256_GCM,data:2aGKb01LdNLdJdh6hFPsiK2qnUksBeHFL46aeA4jcfqFT0/eS9OTEPrlfZAIlw==,iv:MV9Rt5jGygcLC4JTIMBR8FhEcKQ4hzyXWxWHgPMOnN4=,tag:y9exk7KSyz0VvbBZQqVTug==,type:comment] +#ENC[AES256_GCM,data:Q38m1R59G9HHQD3evNt0/OAF7KPLplLFF314GuNA+sjYZF06npZ7NpErJ41KjCi+o3sG2pAe3/j9,iv:4XOVyyHdAeL8pU1Js+4h+y3zvzuf/R3EpxNoHcU3nlQ=,tag:PpEbr1HOOAbSR481orm3wA==,type:comment] +#ENC[AES256_GCM,data:BtZh9+LW8q30LlMIeTeFo8s=,iv:pVC17w2XK4VpBDitwhW3BmO8CzuxWPYEUkSPIMrxa0w=,tag:Y1bLSBysROKPmmmacCcWdw==,type:comment] +#ENC[AES256_GCM,data:Yr3D4deUxfCfnx4=,iv:zcZbgJVH1JQnsA6Xl/tMA+v4gSE9f/UiGbDLOiogMWk=,tag:NTq+vVoA3l7gdfj+9ZUeqQ==,type:comment] +# +#ENC[AES256_GCM,data:DPNZCtKsvt2TbTpteOX5uh7P,iv:JQJrcv9uptD8cqMGv4DLi4YleF5Dg6hhU83V6vZfe18=,tag:FjEx6Lwj/0KHubeZcy62vg==,type:comment] +#ENC[AES256_GCM,data:Y5fUERk5GxkhMCe8pdyEuixXQ6tmz/2vsRmEBNdGrg==,iv:QNkZBFqg9lsTBcn/HXb5EUUOT5YtLk8cR3tH53BxcD0=,tag:LMpPZwdcUouyOLdw/QwRrw==,type:comment] +#ENC[AES256_GCM,data:1uSrAoDFqpqXWixv+YLn5nHh4eH+8sYlzpq548Qlk0mu0w==,iv:/4OUiMVim9Jr43+JpR8j5HEp2dKKr+2N3mnip0B0waI=,tag:fw358ATo6qp7Li7PsAt59Q==,type:comment] +#ENC[AES256_GCM,data:Z5ZX6TqSYcTaWx3ouOAY,iv:WF0YXeAYglXQlfPStMilAoVJznJsRoMGd+QnxPWs148=,tag:kVLnxWwiXqxmhzxRGdfYVA==,type:comment] +#ENC[AES256_GCM,data:xRp4e2j13CHZ2JzmvtO0jlEfWPsvaxUAw0toKtQWy82JbA==,iv:HxAk56MKqQkw6gAm7LskDWaCfF+ZAOi+XeYHkOBO6bs=,tag:MIwUfICkfeyttb+JGlHwmg==,type:comment] +#ENC[AES256_GCM,data:RrLqfa8+bWIo3ZF6TsH2+Bo=,iv:ByDQwPS2qDqLoHJYCfn8rwZzeHrNs00LQ8vKJq//Jh8=,tag:856gJo8SfUeZsUP5rXKumw==,type:comment] +#ENC[AES256_GCM,data:GsTl6zwg5d4UFkU=,iv:DSDqA2Lt+p/CnhPO+fZXDDJWy98wpJXV6V8SbBpokyA=,tag:fMUKuDyZAkyv10bmrl+hlQ==,type:comment] +# +#ENC[AES256_GCM,data:xeRqstRJfW6jLFimzF7Sdie8,iv:9gPkgr4udNSFHI/DeNWWdl3N4Jbo7jUlGcacXzYUzUQ=,tag:bdtHw+giVWaIL0uxKqSzNg==,type:comment] +#ENC[AES256_GCM,data:o9TKPq1Vqvl/KKywfIZjUc8=,iv:vWKE9iyf7uqTgngeYndKUr4Llvy02LOJZFxF8YE+IwQ=,tag:ts75yi4yz34i8wcz22yFQw==,type:comment] +#ENC[AES256_GCM,data:/HLJJlGoDkfRH2R3PQglBthL7c9AUZ9P,iv:zNwtm2hxMuWofAzlWmm2dRTVsfEdKgzVshlgiMUORoo=,tag:y0b0C9TKjTLmrso6nIBYYA==,type:comment] +#ENC[AES256_GCM,data:8dShCGz1B/q6liBoq8r9sV4=,iv:3daeyLDLldMpW1dS7IQSi7WKqePQz7ZucxPD4Q3s4Wg=,tag:FKtgLRN/1O+8AeGzMI5qFg==,type:comment] +#ENC[AES256_GCM,data:tVwliFSYozYM52o=,iv:FnUA3+4XJuyza/H3THOWz9mAHic69w4oczMcWKc+PwE=,tag:tw6onP5xt4GL2XcC+Cq5Vg==,type:comment] +# +#ENC[AES256_GCM,data:N4EhOl7yEqT6DQRbmBz5cnkxYQ4=,iv:H9z+ZP8vvE+PTauAAzg43pVaEjrLI4nLlIe4ni9Keho=,tag:wAVKSBEk5sPchGegUXjB0g==,type:comment] +#ENC[AES256_GCM,data:AZciKcw/bMIXHjTI6lRcl5xPBg==,iv:37TbQSCxbQPy9hkA4msaVqBwHMXJk95kZuM8pxEEGOE=,tag:e7FkGKEHY1ZHqFMfQ/jlJg==,type:comment] +#ENC[AES256_GCM,data:/WQn0wHchGLYUwQ3RfrJDiIm/CZFIkJROzBlbsf9LlM+k2s=,iv:RzRlSNosNS5xlRpXibQdcZ8bi01RDJs9mdoTBdUzQvo=,tag:DuE6htQ8uolsry0haNzzbw==,type:comment] +#ENC[AES256_GCM,data:NlA8Xz96TJJVNlhCCYqeHLJwYg==,iv:sTQ43in92gD2arVfHX4UrJCIHaX6rEAWcWxsCqnhvU4=,tag:vHczIYGp0WyPm3yH5FI48Q==,type:comment] +#ENC[AES256_GCM,data:X174VF93LZr70A+1vg==,iv:laAgfLpCwzAez03EN3HXwKzvfwbRECgIzpQq7vz+hXM=,tag:9ldfGGjnV50B3O18kOESaQ==,type:comment] +# +#ENC[AES256_GCM,data:0Y+K9H66/y+mzZM/Zf/i0DTr,iv:AN4wfSg7bT3dDHIJDuknE6/Imnd+L2inSGKNCEbSx2w=,tag:fbGNSv/Vr33jhVD5zkv0lg==,type:comment] +#ENC[AES256_GCM,data:hZN4Q0NdAp0h/4JPem/73VI=,iv:Xo86Epq3Whcd/dJGgsAqjWcfdDFuYaGtVA06d/Vik3o=,tag:tkJSkkrc9uLGl82Cwa6J/Q==,type:comment] +#ENC[AES256_GCM,data:Y0jraJtzyWQEYaikZCiNChoWkNLlJA==,iv:IG3CjUidzaq6VLbAfPQWAX8cd6A9rBZv6P5G8REXl68=,tag:Fkw7NewUqxDOTdXOfp5J/A==,type:comment] +#ENC[AES256_GCM,data:vJBYw8KYp4ET5VQQG3x8CmY=,iv:iRQS+eB58Hf9/aXGHHKc/N+yMMQNpvA0LyBlP9pP6kM=,tag:WB2SX7FHqKHxkD3jqwu4QQ==,type:comment] +#ENC[AES256_GCM,data:DP3cG8SqADmGjJ8=,iv:jt7aFHphO3kPK+tCBHWu5fZOOpI9qZAlXZYa3Tc/GvU=,tag:Zi6xriNT6Rew7KSLxrnxvg==,type:comment] +# +#ENC[AES256_GCM,data:ER35lsO/pWxe7Y2t9+CMdglM,iv:sYp6UWwkoEbqoKXscCwTDQhtkaU2gBXYFc04grB4mRA=,tag:J9UdyqtuLuVoEUE3pWtuKg==,type:comment] +#ENC[AES256_GCM,data:kubz/kXTQoLr8X2sHGEhovsF1W42HTs8hn1LI6bqViIhqcDe,iv:rS2KoFeAedKtFCOAZC50LSqPTPTzMaIHgtPWoSMLOio=,tag:z/IR786mgxtsSMsrjbBWyA==,type:comment] +#ENC[AES256_GCM,data:J4eVKfcyNnj4qs7U93wmWG7ziI2qAf5wrbZMFW/kiZYfIGzP3+4=,iv:ZDI5USiPw6vETDhCxF9s8/II1QRZ+HlXgHXosVo71nY=,tag:OPHrfgB/nqcfHTlzNW3UuA==,type:comment] +#ENC[AES256_GCM,data:BY5yJR2n4c3pN7QU4JUvUh+ZWfqLdaenLvSSyUXTlx+SXJUM,iv:o/NdY9URIt3FBrUfrbfTgBUjGDLXPNG9flDaoevk+tQ=,tag:hdo9PJsSyc+W3LS/N3t6mw==,type:comment] +#ENC[AES256_GCM,data:RFMv0U1PxQZGY92iQlVk+us=,iv:EEBhxZu0QOAv5oRM759rLGcpZH/QgSV6EYXiCEG3Gik=,tag:0S+4dhitEXzrJKdv269hWw==,type:comment] +#ENC[AES256_GCM,data:J35+o84yGofskT8=,iv:fvX6/RM/PLGFJGvRKeXgyKlXvpkpC1GdBfIzUQlMlcU=,tag:YgXIBP6er+lamAPgASFqxA==,type:comment] +# +#ENC[AES256_GCM,data:V+lIr2vZHQbmdHLElWrAowI6L3eHsAaiwQ==,iv:XUllNkux54jqE1B8Due5TvdSn9WDKjDnJ9x65bzTgqA=,tag:9coS77Zp8/3PhRW0DlxIqA==,type:comment] +#ENC[AES256_GCM,data:8OyKTUeTykagBB3pp4v5RoPs8faabv4/knp2rT2ybwHGf+hkT8InH35FsP040oSCMrRpnY+pOOI24k6YtGtg4ciPBXz367XQk5g4k9FQbTN8OGyXUsC9UTgSE8ezsuXftyuw81cXIJmmFUegaGCS6lngCTNEonG7HrXGMedChl6vbw6cGDdyzHQ=,iv:063MvIh0K4FRmhCeEKODC0mzXYA3xBfj5Vwr8N2F78k=,tag:n5vrDhj2U0+ihYTzpH4mbg==,type:comment] +#ENC[AES256_GCM,data:zGB7GHhzsrYpeCJNqGA1EvBLyrUmWC0PnnVChc3M7M8daVpi0EwXd5rDnsw=,iv:MjfJVQbTcQ/CBW9OiTe4B3LxUdoWSxZxutNpd0nSPuA=,tag:/btBe0uUdm6lT0qhuh2ofQ==,type:comment] +#ENC[AES256_GCM,data:rvi0Tei8aDONEIVIf8bFT5/9MB42cOkCUPDCOfCIIhBSBOPJgp/gSc7fbDyxPcltGKPmy5PZtQ==,iv:mL54m/JnXP0iCcXCVcqzDQtSSbzStDiYFNfOqh2beTw=,tag:b+KecBxOElBhSZO+09pXdA==,type:comment] +#ENC[AES256_GCM,data:yzLts4nuFJ6B2A3lOA6dd6C/dc0=,iv:eniXHvGrRVY7wsxHhBUmiXYrJRDn32GpVguSsivBH/o=,tag:m0nP3PQqomIoqFU59qSMIw==,type:comment] +#ENC[AES256_GCM,data:SbVJ/6BdZ2cUhIX4pRSoOFwNi/J6OEHXNQ0Y9+iaCpX892zAFTj7MVAEpwQ=,iv:zkUDjDAySvwrB+osSk6s8v0Xp2uWb1WnN4zu+ATeW/0=,tag:SjQxtFhDdGmZfDWc84285g==,type:comment] +#ENC[AES256_GCM,data:rsMLM339Ng0J+CSd8eI+0iJKEFAa2+TbpLYAFO9lD94vGjrRp2TLIYY3XbgCLK8qgR5csVCd5g==,iv:/Vq50LAtE4AgYP4hOR/TogL6E/PEiFmeRj8Yn5kc/y4=,tag:rcoMCfsY5aefbzycaLcCnw==,type:comment] +#ENC[AES256_GCM,data:juhPTHtHltDDPQ+0vxjAR+gL,iv:aoP45LG9s12qGON73w5g/Xo6fPONZKfCWxVVXiQVGPE=,tag:9grJnf3UrF7Ub3QfmvxN4A==,type:comment] +#ENC[AES256_GCM,data:hrrNKoeKYAlV8J9LCwydZai+9zgKB+pJY3gD43pqx4zkhDyi4ZNyiLSPGwc=,iv:CN89Sexq1wCBlNDiJLKdl87SrVAuE6JbaGZSl4K1Ibg=,tag:OfZzeHg1kM14bWCSlLvE/A==,type:comment] +#ENC[AES256_GCM,data:zrf0HtyxuVfKn6auS27cGX/wboqSzqPZOfdS5cezquL5ykJeCFNX2LYGMHi/Ab3y3o3Xup1KiA==,iv:nRBJ9/YXezSMbLZVI3wulLnhFs8worafDNAeqnpFAXE=,tag:RudcLVsezIkjY5ze86P8Fg==,type:comment] +#ENC[AES256_GCM,data:1NbfTZRxDxoVVlYGWiFbraw=,iv:Gsnnpuu1m5yfOyogbCBzJ1FIZyjL8gRqRSyj5uYqBZs=,tag:DDw0PXGPdoU9Dy6CiJQOuw==,type:comment] +#ENC[AES256_GCM,data:Be5ykZ9sxAHz7Bk=,iv:3QA1EiCbpagmNOqAhyoli8A0nQWfODTvElECykaJqPQ=,tag:ZK+GpY7b8rKw7Yos+FOpOQ==,type:comment] +# +#ENC[AES256_GCM,data:/9VfkNKqAReTgTdSvQY2JaAHsXtumSrQrd8=,iv:KcUHBGVlMyBnddeOI9TBWAv+Ik+he2bLp53Ddgu0Zcs=,tag:U/imF4+lPRes1t5gUpD2XA==,type:comment] +#ENC[AES256_GCM,data:CtP3PL1Nr2unz/SQfTIKynzflv7X42i2gJBqmsM2kdoh+q/j3XJy0Ry4Dd3wqjMk/vtrZGFrWdPoEJ5KrYvN6BvdzUzzNhc6a7YuqXkFsXBRipGw66dpm85RJ8aQYgWu1KqPRPoSnqSglAWLXBF+HzbIlHSuHQ40HVLms/5y/u7cMJgCLRtyN6c=,iv:Z4eSlo3EGDMx99wBeyhwWf3jsFWNHwWa0Or1Mln3LF4=,tag:7+p+T8Ud9s/5kLrRBEXhSg==,type:comment] +#ENC[AES256_GCM,data:wBpUUVRSQImQoZDKHuUIbNK+bhKv+YHjh2Yqd9QW77s5XV7LrRMfW4/ZYQ==,iv:8DKM6v/mSgNtIeFC3YEn/YfzBV8gQNp+k+C2GXsX2oE=,tag:25hDvhgm9DPJAqSI6bvZGg==,type:comment] +#ENC[AES256_GCM,data:PHwWZRIhodwLWqmpcEdWQojLzEBM9ots+X92w+SUpE8C865cslcU/LTRRlB3M/bnfuQpK7Ac,iv:Ng4jmfoGaFTKViTp0FXeQuCIZaBI7FdsYmsCzJ9LVyU=,tag:BipNTijyXeq05DSdWwRVag==,type:comment] +#ENC[AES256_GCM,data:bYxNetex17+C4xJO6WSMxbHH,iv:9WhdhpdcUh324as7tBdd2m51mv1/eEpIELOoThtcuVs=,tag:B75EaPx+bVe1mVew+UfulQ==,type:comment] +#ENC[AES256_GCM,data:AhoWpnxWgOeeU5s6wL00L6reBcpOtV8irwVd3fAEe8DCreEPBnqpwGevwg==,iv:0UWv9ucAj9R7y+QUEr3QFn4GqS2UoRc++xSdsAErDXk=,tag:kC6N1fNTz4YmSsMuEW6epQ==,type:comment] +#ENC[AES256_GCM,data:ov4K0cJSxxE/ENcaevRXJV+jAfKGKBsaXvHYgArUtVHQbepWpGsJfCkppwwvVcEyTAfeUDNO,iv:i/CRlQkyUA+CF20SAA6GbCTBnHpRXg8qbOvOZoR8XEE=,tag:abAym0hWQ6wykamhCZtl4g==,type:comment] +#ENC[AES256_GCM,data:jSJSXRF/DEnonOg+++gcFGkr,iv:g1o4qexYJY2aev/5qMJEyMyyZGO4P1Guijl1V9q8y2g=,tag:nLYnhoNuxkbOgXnkZTrS7w==,type:comment] +#ENC[AES256_GCM,data:2ID1+ZbUX8wEPtZEqgRY9WueOOI5vD6UFfK0P6npXgfxmfvGmB+e+dnt4A==,iv:u/OM5noggVYSVuHhc+tKCxBiX+t6PSHB3EKERkfhmbk=,tag:Sl3Yf1iN0PPE6hvWu4CyTQ==,type:comment] +#ENC[AES256_GCM,data:g0k+f1bApJG9pLPfnAur6rny6xMfI2K9c2X9gVp6AQqHj/5VSQR9vSpF+9Ng4rS/12UAZWfT,iv:NNquw+EnBevv/5sZFsClfbo/4n9W8guxBnaEhsiP5gU=,tag:74u0ii9UIIbW2+IQ94KSkA==,type:comment] +#ENC[AES256_GCM,data:RsOaGh7pe2N8dICKNpwLWXo=,iv:6Jst/NIF0E5mb8vnsbGFen5WbCcBPKOhjguja6EORes=,tag:DQlmrUSy3QZDPWIyOg3Sbg==,type:comment] +#ENC[AES256_GCM,data:LzSQ1zgetryprs0=,iv:0vW+cUM3k97Lrbo7hF4c01mPbeovrOwPAUwVzz7thcw=,tag:zt0DteAxi4W4mfkdB0mkYw==,type:comment] +#ENC[AES256_GCM,data:MvQ2a5TWmqN4Ew==,iv:IPCYJBFM1x1s0jNITUE42TsOJMX1nBl7tYnfkpdfvU0=,tag:SVherXXtjrVwZGW2azmLXg==,type:comment] +# +#ENC[AES256_GCM,data:bgc4f/2RrR2dW5vQjeyNePgmoLOKmpIqzVM=,iv:H5uenlSITm9wl6Hkk+91yG2J1II4U47ROIlGcuZEhFA=,tag:M/9/Vjr6sTjKbLeyqnyE1Q==,type:comment] +#ENC[AES256_GCM,data:qEWa5Gzr6XseeEs2sYkoXE4TM8n3uccR9Q==,iv:3aWgaP+TNUBNlQEAnrOg/kvIRHyptkkB9h3a0dWuViA=,tag:kPWFT0XG5LSMrSD1JIhOUA==,type:comment] +#ENC[AES256_GCM,data:Q8g59UA+ZGRXT7Ygr2f/obZDP8MHXw==,iv:wgw54HCMwdJQ2p+OP3BB+Qh+v/GQvhquScYDgvSAPCA=,tag:IB26ffBNOJCX8+2Sl7ElEg==,type:comment] +#ENC[AES256_GCM,data:uRxOKL32JURtb+/XE/mRQ+CC2aYWWxR98p7AGyUASd/jFnJdl4aqttVvKabuMjvKWrsk2c1xD734Dz5tMsclT8OB7lPNwwpGp5g=,iv:jA0XIYjCR/4+4OjNnr+KSt7ulliDa9w/2tEPD7GlHo4=,tag:iOiTfLnafUH6VzrpsgefKw==,type:comment] +#ENC[AES256_GCM,data:+g9BiEj/8FiydQxDNO/Fche+,iv:1NkNgP1QxV5emu1yHap9/srF2tt2g/8jaXhnE2Uz3F4=,tag:OhlBkyyNkJyFPhyf+jiKkA==,type:comment] +#ENC[AES256_GCM,data:9p3ftfRZnvlhRAYakQbmzfr51QSeLnD27Q==,iv:Tk0N4HLngjY2Kp6AnHlSppo5JS2eupwRm27hEdXdYL8=,tag:6Em3dbDs2xbC3kk6Q7Wcjw==,type:comment] +#ENC[AES256_GCM,data:lueEj+bYuJOB+l3ll6OhVcfSz1wX7Q==,iv:gDRtIVAtaDAvHUcK/xjQgjjo/AZByRuTR8cXCapgZXo=,tag:dcoanmEDgtulvJdtTC8iWg==,type:comment] +#ENC[AES256_GCM,data:mDV8VHOVG0VSvqZYNbjDB162HEHFQvMR1oP7,iv:zjBquqa8ACwtNKbfXGVhxDlCHsi45ZWaq/F0Dtxd6fw=,tag:whdb/WADQtESImE4jImwOA==,type:comment] +#ENC[AES256_GCM,data:qZ/LnzbeDvj9f3QalSd2OwuLEsvEfvOTuiy9oQ==,iv:5OBekjL+y5oR8L9uaRLXYcZ1yQt+Sl2jPCiNmRv90sE=,tag:IPk79XfIFTdkzb0NxEnscQ==,type:comment] +#ENC[AES256_GCM,data:0yd/4Ctgq/lil2OBtMLIopj+T8hdRqbfq9AyZw==,iv:T0qg+Ag/6UycUCOyauD4oj92c9SUocmTDKhxFYCPI2M=,tag:PcQFljhmdPb3RkkLOXjqMQ==,type:comment] +#ENC[AES256_GCM,data:aFzpb99XER8q6LfKb9SEVRDj,iv:gFu6HVrHmgChKi2EMc/WdowcqktML0KtuyJdJhbz5rM=,tag:/f1qElxNivJOzb7SZRqi9w==,type:comment] +#ENC[AES256_GCM,data:imSHtr6vBCS5aMBcPQOfMai+Sbh28jZbGUfzo2Ye1KBttLmV1QSJCA38weTZ8GahzKQTlxaEnG24BmyTs9UN,iv:E6oF2mW8g+03q+F3vUfsklLTqaMo+qiYC3B/lNPzhaY=,tag:0mxqqVsi0ZAT5EAhLKaKLA==,type:comment] +#ENC[AES256_GCM,data:8KHxrv84NgfoacA=,iv:vlt+6Qmgw1R6v2KusPIFx75xFqufcssB26ovo1+6Zrw=,tag:/bG32rIh2gG7dW5E6S/aLQ==,type:comment] +#ENC[AES256_GCM,data:R+t85y+viDb0/R7JuyB54k4=,iv:mBVQV+tltYLXw+foADu51N5fpXrqF7hYLG2OiMbWZ9k=,tag:xeWXnF7TI+kiehZIEEEcHA==,type:comment] +#ENC[AES256_GCM,data:qVn0Vjo42u31sKE=,iv:2453HNpZLxnJasgAXAyjWx4BK6Y2IguwdrhyagV3b0k=,tag:AJXsVweXNiQ6hiSdRD4rvg==,type:comment] +# +#ENC[AES256_GCM,data:870a7NWcXKusP9tkmjpPMH7QtNL5EuiR5A==,iv:IEGuYGVk7rVi4BF3FQITwPAe6nGvs2t0GYA/UTl4Jdk=,tag:1cvq8VJ1VbxXIeCEhPK9uw==,type:comment] +#ENC[AES256_GCM,data:6fr6msoUoVJIJDgtL9otyKory3iWVA==,iv:vVt0qCnQyZoYc3Ncx5Z8YHGkBLJxADQS9KiU0fvANNM=,tag:MJkLWWfw1O9Jnqbl/6AoCg==,type:comment] +#ENC[AES256_GCM,data:tWPa6UdPoYRiVElPbYNv/QFYloJpkO/9izm5DMflx8KWSYNUZtu8QmLvrXxmEpTd3AEicr9ZGGaTdMdwos12xC86IyjPsLb3JxY=,iv:PGWtqsLB/0xMxgi//0EsZo8OxqlJrwD69JmY2KDZcHk=,tag:6GO9Lkjp/Egr66AZPS8mAA==,type:comment] +#ENC[AES256_GCM,data:8pSWxh7uUisOxbTYqIsKYiX+,iv:d6q1eQV2ckSU2vOzqrvAZ+Iluc9o7+ZMhIxo8H03PqI=,tag:hxnlfCBr6gZg4NvJ4q11jg==,type:comment] +#ENC[AES256_GCM,data:FG9YA6i8HJMNSaTn6R8PV/edKZeAHPgEwg==,iv:yOFVYMr9ZPs5z9n2A9KStZ3fhiyQhJpMui0huSfs2Zo=,tag:EGAtYW1uc8Bbj4EHVofhQQ==,type:comment] +#ENC[AES256_GCM,data:N0vkSW0vD0YL3jyTxJWscknooIt3ZA==,iv:0zhhzYCdNFp8HghxrL9Nu8vrRHAm0FVpSTWBQWxowgc=,tag:DDkE5xue1051732fUMt0JA==,type:comment] +#ENC[AES256_GCM,data:UIGa7jpdOB4Lfv5JsbjlV8yeh8pDg5tLZ9My,iv:JAGqvE7c43pWRGpwRS5qjEjRVrnv11DESCaGSzarwHQ=,tag:zGKKpmNLjXFDXub7Z2AiVg==,type:comment] +#ENC[AES256_GCM,data:jCt4qMitq+meYz8hlM5HDfJ9kN7OM9CAF/aY9A==,iv:BFkU6fr827X3dDSig4KXKvEceesmWygAGmrBXWwCxrY=,tag:I+z23JgupQ6UHYJzE2Oh2w==,type:comment] +#ENC[AES256_GCM,data:rhBzSaTx+gPSWUepEbG7d5j01MEPJwcDNoU=,iv:JmqO8MvpeqlkSboWuVAF80Sn9HsR6yEjKFJgKszc8v4=,tag:jLpagtpfGQ9rv2faLVDx2w==,type:comment] +#ENC[AES256_GCM,data:FRlvrmXEf05F6PgENUZVaC5R,iv:Hbb3myNwiWlcG78aHWWe5az3HpujpavT0imPVDERA9g=,tag:/Ala51aCehpJ06/Nq0Aqcw==,type:comment] +#ENC[AES256_GCM,data:AdmSotjFoQ9HLllJfVhytPR38/uV7hggeQW6oeJjezTWPGdjetkftraYS0I2oRz+cCepsBNyU7V6oMU/IKKm,iv:Pab4QLtgCN/njzl5G7tUJiiSHg+TCK07rlSPobJnPr4=,tag:e0crhizVQlOayutG838VvQ==,type:comment] +#ENC[AES256_GCM,data:cw4Ng6EYpc4dKxc=,iv:4TrHjJygdOeijK/2vJQQsO3lGa0cVyCsSWmRSA/XSt0=,tag:v1GDX3qiYyAGgCpUVEarMw==,type:comment] +#ENC[AES256_GCM,data:qQjh6E7jme6LAUtb0kkzpqg=,iv:t3FFpnb12Hi5uGe+bMqWB84mqMTBZqewGi/fAEw+noM=,tag:RJu/O1TA0cy1xCjFuSYJjA==,type:comment] +#ENC[AES256_GCM,data:qTlNeSq2WkF4dOI=,iv:6ymng817HTeDds0KuW208kQnfarE7ahBybwyHitisbM=,tag:pAycVFy95ujAkPODZOExsQ==,type:comment] +#ENC[AES256_GCM,data:UQkM5k5QfJfoFg==,iv:0TDmGDUADCnYvIJf8cz1tD15zGevTEUPTfcFyWPuhoI=,tag:vo7JDfr+UlrtWLng+L3O1A==,type:comment] +#ENC[AES256_GCM,data:/b7HzhZiiuEifWiw6QtQ0Gk=,iv:32tJRHd0pqs4B0Ut5yg6CiIINzGxQczg6Ka/ZN3XQAM=,tag:BuvitctLA6QuM9L1+P350Q==,type:comment] +#ENC[AES256_GCM,data:PJSab7u1SpCEJ/Vbek6BckFjVMhoYjhpZLwsy2Q=,iv:nSguWEO8LZW17AhSwbY2QgWf14iLnL3SNxDbP11I6s4=,tag:mZpa2HC9eploCJRRfYQNwQ==,type:comment] +#ENC[AES256_GCM,data:ncqHrtotQtoXlVLzQ17WBVdlA5CP9A==,iv:SrvHjpSzyh1hU4mpPbtnej4WJ5+WP2C1UKxFwiYxSw0=,tag:TfLM8CJEEeAoItff6wSZmA==,type:comment] +#ENC[AES256_GCM,data:HjCAmw7B9Ah1/pVwxb5rUXqy4Pc=,iv:bDD9cKd/imH5+iozynxDgPEoSEIIphjkfwCZu30qKnU=,tag:Us5niBmVRaXPUSVGGwdHwg==,type:comment] +#ENC[AES256_GCM,data:4XnKVoC8z/uu0BVlJipyv/l7a0ZNdQ0V1xF3Nz1qN8M=,iv:A8FS4aUnMlu3KibbM4HSaSmbMSU8LsPzivzBNUvUxoY=,tag:rI0q5sR921vCGWk6yL+pyQ==,type:comment] +#ENC[AES256_GCM,data:jNXvOEztxrltP7q4rlfn3GMCNqTJgSihMwN4rq8M8/f944oxTrZKX2TR74w4,iv:dTDRhG9MZYxF8GAeVUUHZqKtwbmLkvoBZkaw4klIRZo=,tag:R5OOeLPX8ILVQ3blZeSp1g==,type:comment] +#ENC[AES256_GCM,data:PPV53Is72DbKryu5SldI/cvC/OEi0iUh03+aAm68CKqc+8+2arJSPxYbMwl6lr/N/w==,iv:CulUqXYhQAPb/Nxd26i2VPeJbJRqhRkGrQr1oFUZrUs=,tag:s+aazHjWnxoTg88xPRIdnQ==,type:comment] +#ENC[AES256_GCM,data:DvVpwJ/qga9No9NVByjR/kfrqpThk7b6gyGbgKlA,iv:U5O+dAxg0j92uRbo8Mmsqrk0P+74RBhILnRzdIxmjxE=,tag:McLjNRvm4ODQVc5U2WMU7A==,type:comment] +#ENC[AES256_GCM,data:JDhpV1lVCLEtxrw/yG8F6q4yJj2uW/5yyERoiBr7Dp4YMfM0B4F6A+nuxg==,iv:FQ6BXkQDX0jPy9+2vpBQA4AEKu6tKm7Fa/++85gTtKg=,tag:uXOtz5aDEovuZOfpHGD6cg==,type:comment] +#ENC[AES256_GCM,data:Ss3HZ9jwy3BYEPUxIIcb9owjz0pC2/tHSwiXkpjfHI/VBsCo4sjhSLPEFJBwAmQ=,iv:In4bCeJ+awjGyosyzUnMAJJ6HNeYKYkssZXVTFVa4eg=,tag:r5RCOURKd88lIQ+/hh0Ieg==,type:comment] +# +#ENC[AES256_GCM,data:761fAyNbew82DpMOHHhFCtbXKAirp0/EHLQ=,iv:vu5eWu3I9N2KNOLYsgvOJS8Q04Qz1yILJKFo8GcYTHY=,tag:8APc/1x2khyhzYSYNSux9w==,type:comment] +#ENC[AES256_GCM,data:qAM3q6ux/NY+F/HTgtPyF07YHgqjeg==,iv:ub/L+gvpoJY8VX/EZ7rGCTA7RLdyXzEGAIj0u+kbYl4=,tag:b7bZrmw67GzDFGIm638i7g==,type:comment] +#ENC[AES256_GCM,data:shHhdwchJf1ycbSQIDGlTnwzZfA=,iv:wXP1bMUQyMVoFbSMfDFa3hhqwJAme/0bUSfsx0oUx8s=,tag:unko7HBj5Oe5RzqY1JCOIA==,type:comment] +#ENC[AES256_GCM,data:eQOr4L454juTJAIWcwp7pPKiMFaEChE59KYl20g=,iv:LEFggdiT50AkRj/T6shiTfIEtznA+s0IgmIFq/cVKT8=,tag:bf+3uWrDV8uyHaGQz02bFQ==,type:comment] +#ENC[AES256_GCM,data:8EN21PgAL3k8FGkZBqG8PRYTXEfYbRfzXqvZvjOOYbc=,iv:09sBBh8Pl7Gw3/KknqJF+mX7sziXUsY6k+8riEPJJSk=,tag:RfSYmcyxFyWbWFRpf0vtRQ==,type:comment] +#ENC[AES256_GCM,data:Z+KrmBfOCc7buLeEZSortJrp0EQFH/gTfCkp12l6,iv:eVLTPRO1Hiv51fWfckSiiU+psvmvHT2usL2IuT1D7Fg=,tag:fcisj0TvbCCANTrpOCzq6Q==,type:comment] +# +#ENC[AES256_GCM,data:1naYyapZP1Sf7/d7rvM=,iv:+bzQzrKho7qmANnp71hn35RVYBNFaHDXfRBoWrCjMp0=,tag:iaDYIb50KLsBwKaLLLCJTw==,type:comment] +#ENC[AES256_GCM,data:AsVU5oLsQV4P/eO7sdG4jQWI/9lY,iv:UZuKcwnGMbL7ynJy6Hi/a8NV6wRSaxdPZUlsDaKgE88=,tag:gJ3IgoT3VsvT7VU2I49+/w==,type:comment] +#ENC[AES256_GCM,data:04u7xJ8FAWO1bwYshgTsvYF5aWPKbbvpDgnH3dfbbJ4rIg==,iv:OTs8fcjT6irtIyoPVGFNC62MDatUaRI6a7ZjezEMkKk=,tag:JmWCTY4FLMSQN2qWFoqQ/w==,type:comment] +#ENC[AES256_GCM,data:XtpX+ghnXln/pBWR2nzA+dVvF/JhzoAJ,iv:C0vXbHn4fvu2OnVHV/R7TMWvc2QPvaQ/G03gDVaj8Vc=,tag:FbC+KYWz6Rm/2OJzj8gSQw==,type:comment] +#ENC[AES256_GCM,data:mPNDHm/1+A3EF1cltM9Nzs8NTi53z1pGyT+1x+PGuo8wPs5s3Pm0pe4q,iv:eXRESlusYlM8YvY5WGNxxsIFxCE3zss+YJq3ZGJQVRc=,tag:jgtGt5mISZVYjwn1SMi0Ig==,type:comment] +#ENC[AES256_GCM,data:O3YaY66fkwlRBFQ13/51TfmdDUA=,iv:wQ0BhRyN4gKXScWxYOTmUaYIGYilN3lZnd3yXIYxlbo=,tag:NBu9CFWUqk6x5q8BGdhisQ==,type:comment] +#ENC[AES256_GCM,data:4mOi5U7tX90UN1Pqt6az5hQm,iv:aZkshz0R7r6wdyA+4gexy9dh2pGC8JNAy4r3JXvbghQ=,tag:R9x9jkc8+VuzjelSqpeCTg==,type:comment] +#ENC[AES256_GCM,data:Ze2NZZy3deWf+PYMCBxwhM3E,iv:IyPA8m+xQ6/CyYfIYDoXf0LNmhbmcFnWyiR+d8cTB8Y=,tag:br/4/5aS7Wc9oVSWWfTCmA==,type:comment] +#ENC[AES256_GCM,data:iXM/bRiK2WID6LV7ivdBZY8t,iv:AhZb5XiGFshAnM60322SJETK17z9KpqucrgofjzjR6w=,tag:byf4ZF91atJcO+gA6ImyWQ==,type:comment] +#ENC[AES256_GCM,data:ChhGNI/CaeS2uAFVXyCJGOA=,iv:u6wsa1iANNDytCaLEdYdAeraJGs0qN+mQ0UKIQemJu4=,tag:D6T/VwzjF22sP2MZwblLdA==,type:comment] +#ENC[AES256_GCM,data:pa0vuJMqgJj5UIT2qvbdGCo=,iv:DyV73yWUdMdoa702d1ggZtZGihnqc3rlusCFyFCDTpQ=,tag:DEl+iodZXqcB7NCbfySb7A==,type:comment] +#ENC[AES256_GCM,data:Z81YGP/CiAueQMSU3jKiSCV46WT3b7EaO1AWe3I=,iv:90xZtzlIze9u8LQg/A1v7ot0RsMdC+o2KUZGcJyJD5M=,tag:185KHYhPwrGIeaIATMG6JA==,type:comment] +#ENC[AES256_GCM,data:fTkbtgJLL0dpW7ne/HbrsyTCEWUwT8n+YkTefUXrd/W3xbAdbivwRBym,iv:cZBDGL3JVKGL3krkuShUsPtyDIwmdFaLHoaNpGPATCQ=,tag:zI2nkCDmSCVAy1gRshpPIg==,type:comment] +#ENC[AES256_GCM,data:tg9yQg4UxMbEToWsTWT8GuXu2pwzgPQ=,iv:hd4nykf9C64HUnEBxTE8TfpfvVS1HVaFsBxVPXaNW3Q=,tag:dIGlpldGYv24yE7HSeNxmg==,type:comment] +# +#ENC[AES256_GCM,data:Hwz4Wo0LeshEMlN0AAk=,iv:QjqlUt2Fz6b336ySN97KPAppEmbgOAL4/0rAB9OPdMs=,tag:t4p52GWpd0ONIAoSEdC74g==,type:comment] +#ENC[AES256_GCM,data:iPuF/T3jM00fouYANF4hww==,iv:8CbNJog28zwe8GmJufrK7PI8/4ph94So6w0JWhCffPw=,tag:LPPY90qiGbgjUJ95MTK+5Q==,type:comment] +#ENC[AES256_GCM,data:pAPpPtByhIVKa7pCwM85mLfNKd12jA==,iv:NDyOr7VNrYP+oH7NRotc7RpRFfFT7Yhk1H16OKUVtFQ=,tag:h2u53KtUfaw/MiBWXyXsFw==,type:comment] +#ENC[AES256_GCM,data:rejRFwFfNdaZDCjWDVbw+0C68VlTJpyyUOth,iv:jHz0EZdZHz2+gOcG+2/0CAyd2k4U9exvQOzugZwyNfs=,tag:cKkGscx++0q1Mlo6agurGg==,type:comment] +# +#ENC[AES256_GCM,data:pTVBKKE9q9v7+ZjdY68=,iv:WQ956XLsvCNPEpCL4JNmadhHLoS7S/8tod8fMLrQf5I=,tag:lCytViYpkE6BtJ5OY5n7nA==,type:comment] +#ENC[AES256_GCM,data:n2SzH57dweIGijPecnE+/xE=,iv:hAbEIzVwrAB8uXuh2wBH9E/rvsS7mqgk+FMQLCFtVdw=,tag:EzfW664vfiOfPWHcjSOEVQ==,type:comment] +#ENC[AES256_GCM,data:N3dg6dK4FZvUh44RkC6B22ctCzxrNLkNP8Y=,iv:5zPUorfS3J5XtTs3mbLljYV9G/PMjSdDohWk35zqA9c=,tag:TcD1/rnD6CrsR6pEfIB3zg==,type:comment] +#ENC[AES256_GCM,data:cf1CYbMC+bG3KO8BK1ctaok7NQU+,iv:ri5NGrT1zNQx8cc4A+iePV2Txtj7TT6ZhmXMtZZIHBA=,tag:0hD44RjYLOyp9VPT7FXvQA==,type:comment] +#ENC[AES256_GCM,data:uSJcPrieoeXzK/jMxzhIoWjZ8PQA,iv:4ciYuyyyiWErOozctjUssNeKEvXwjw4BBR00Wye6Ulk=,tag:Swp1RxMPu+z5EbTd+2+Pcg==,type:comment] +# +#ENC[AES256_GCM,data:M71IlxnACTBo/ZVoByHS,iv:mz53kNeoZ/I0L1gCHNplO/wkiuv3Pa5cOdAkbW2H6aY=,tag:uv14h8nqiqilLQPxxZwu+g==,type:comment] +#ENC[AES256_GCM,data:ctZR4y3L1Kkt1XImNios3g==,iv:/mZRQO7itMZhFu++g1u/CZ0k/NySK3Ssndb+B18VjHg=,tag:xA1br9fn7kze6nKXw1U5CQ==,type:comment] +#ENC[AES256_GCM,data:KCRx11KSpYt3jc8KrsLlOkohAQoMrEM3xhkjWA0=,iv:MC2Ed79B/C2Ti2xhND9Zud+SsVi4HlW8hFigEg61RH4=,tag:3U1vzj+X3mSCJiph9eDExQ==,type:comment] +# +#ENC[AES256_GCM,data:syJIANmTl822v5R0CaZm,iv:dZqFx0V07L+AA0kdbhmd/zAwb3am4xKlCncSYmTUoww=,tag:rarebRjHp/ePr3c61gS22g==,type:comment] +#ENC[AES256_GCM,data:P+HW2K26Ro1aIc9U9WhB1hs+fBMy,iv:wgtCxHBMV1VP3aC+7c09d/ZbataHNsi10+MMNeExCfE=,tag:ljJA0PYZMTKH0svHvrhTaQ==,type:comment] +#ENC[AES256_GCM,data:+bwRXTLBm87M7woyQu8H1xLWAtcziUMo,iv:wOsQVvDYzKZ+K/nny31n9I6oRN27KZbKW3/qMwwFcRg=,tag:wvXx1P3f5yaQJt6Vfw5Abw==,type:comment] +#ENC[AES256_GCM,data:kOpTKJrs9zEyLRvuCrzCgAcGOWs=,iv:wv47cqmw9qRI93UpH2HEiwQ4z/0Hh3Uk8KoOz+xMXlY=,tag:g2MSlsd8mrSAcOl6Zll+0A==,type:comment] +#ENC[AES256_GCM,data:CrF+LoZrJQFZ1qEiVaEDtPNz,iv:bEwRChGTIzy/TYFRX8+LNspgBFsP8BaPaClkhlSccCM=,tag:2J2EOQ5DablYMShw5ftN1A==,type:comment] +#ENC[AES256_GCM,data:dI63YN6OjqWYpKZlL4nFKIyr,iv:Z/hpFzm/xFZ+CbjnmXnyCcsVht4+dwfiLa0w4ZJRoCI=,tag:kGCAI025/e0OGxyD9058pg==,type:comment] +# +#ENC[AES256_GCM,data:TAfLyQue1g2BJQI/wv8W,iv:AXIQDwYrV7VcomWA7ma2aqPYBIyQS4n56lTfWJQ+yUs=,tag:GtGBdQ+58GCcNsHhP7oiwQ==,type:comment] +#ENC[AES256_GCM,data:rh8P0ngb61FEj7gmwC81xAM/VlBi,iv:evqLKuYgoYKSDeyMR/qgry9ZdUXs43bYDkOgwesLaOc=,tag:+4qtneJQN7GKjEnTxOigKw==,type:comment] +#ENC[AES256_GCM,data:emvw13eA7liyFYskeQkcLwY3SOR+Z3I8,iv:arsc/GaQFBFU98ZROWC8OQBsGUwHHNQ6OtYvVzW0ku0=,tag:xnDo0c49vrcpF4BLJTEtpA==,type:comment] +#ENC[AES256_GCM,data:EkFxLiKlPDwAKK/E5d+cpiw8FgvNmW1gtpngahzEA5Ce4If/Bg==,iv:zQsseNpyW4mT7GQp6ADNBDX3SNWjnSGIJmGAzHLE6tc=,tag:BEEfPC7pATG95ZQbCbOLGw==,type:comment] +#ENC[AES256_GCM,data:MPkLe8WaC1xZUZfc5Fv5ayx7,iv:txOc29KRFcjU2gzkF0k7wzCnKDukDcy4uErZKKbfe8s=,tag:mGYqbafKvzcSXzX86PYZlw==,type:comment] +#ENC[AES256_GCM,data:wv7Z3jSiyax1IzrhiP+KvhccLhY=,iv:kZ0yTnHw7hGWLL5rPiK3m2fVtmkbSqc8c9HfmuSLfTo=,tag:kHLORLIVOc95e+U6qVnLJA==,type:comment] +#ENC[AES256_GCM,data:t1bw7qSOfu+9FSHPkKybc8gc,iv:IRs97CByexbWAJT7p4NKDKer3vwsFHx9+HQ14PXAaK0=,tag:a/tjedW0wFjg1isufG+XSg==,type:comment] +#ENC[AES256_GCM,data:MctPm36in8QYiOm/oDwCFNUV3+iwy68=,iv:ht+3MnZDqop6NrpTTP1NxXKw3W2Uxb97RpFz14POGJY=,tag:FnO5oTzAOLHX6W2LynKvkA==,type:comment] +#ENC[AES256_GCM,data:OAFeB07mHMVp0ZXpje3Ruurgvyc81z7Bbcd7nK7ZvGvWUQ==,iv:EIahYcU/L3m4NEl48JR9B4U4bfTECPeeH9JSPMUfY8w=,tag:fL6sQhNHBetXkpzMD2tLeQ==,type:comment] +#ENC[AES256_GCM,data:p4SkEqkgBc91VPOP1dnKEzuz88gbxqu/InVztjoqC+g=,iv:VbdRX3Dd5xEABPGyn8HW0PsqUdViTR6SLt8ptyYMKSM=,tag:lTUKz2RJBcF+jnZjcp+uXg==,type:comment] +# +#ENC[AES256_GCM,data:UZCWBKBgEcNeRHUfTurT,iv:V02x6pxQBxIMBWtIuVS1B0z3T6vsvTB0LivY6zEUryA=,tag:WB3LNHwcrAD0ECwlW3u06A==,type:comment] +#ENC[AES256_GCM,data:++cW/Mp8DxwAj6qDS6R3ja/Dkr7B,iv:guoppYi2+nr8ZvPiEk5PHx9NUlKWgXKWOgIz8hQHG98=,tag:gh99y1r9OVNNR6DzQAk47Q==,type:comment] +#ENC[AES256_GCM,data:Rr+ary7Q3eF5mGFYJAlU7oQnFJ/VKI9GPHOX+vnGubOIbMRiQQy6FRgKNwZJqXx1HEVqoSLf2DPN2w6Cxbc+8tlPf9w=,iv:WJ8ovxoPEOR0lIiRuoorO/7j27S7AIrcpDjqfKfb7K4=,tag:erHL8jfBc6B1okJnknB1rw==,type:comment] +#ENC[AES256_GCM,data:0nyQ/wj/6UhsZWVj+ohMnSsk+g0FNQ==,iv:+rO0ddTFacXf9tsiXCJUgWW4iOpTUn4HWQQdwWsAGs4=,tag:9QAHLohS5u9WE+qlSnYQGA==,type:comment] +# +#ENC[AES256_GCM,data:B9mfN6DeeT9WCHYI9tAK,iv:F1MQcw4LvPagzcIzvBy/jlFKMecu8vW2SMSdm6vQylA=,tag:mSJIhvLxIyRMVZI6hwq/6Q==,type:comment] +#ENC[AES256_GCM,data:lrELH+Xpg03LbmpdXl8muA==,iv:vdLbxoLhroiizYc6Zht771jydjrHkNMsENKxNELkwhM=,tag:iE2l5ZtvnC+PberTi4mUww==,type:comment] +#ENC[AES256_GCM,data:9D5ZJjb7IjoAj7v7pizINtbQC1dAhytSwsQvflWu/9eWnFiCkdU=,iv:rXgiZXcxvuHZNYFoVXngbTMFJ7g+qpN3Fw134iuxuco=,tag:MJp0xk9yUGEime2vDmg/YQ==,type:comment] +#ENC[AES256_GCM,data:sILv6Ii5T+k5R1jVs8f3,iv:ACvkAkCIGDiUxjGMAPchh1QAom1MGs35bvSMDNQuogA=,tag:D+KSIk3+7bDjLmHxLplwcA==,type:comment] +#ENC[AES256_GCM,data:cVuCmTpnfn7Hncw7cZFCvko=,iv:tx9aeIISmbPcop5NZp1GEPg8J2TETnYw5yAyFmejfyU=,tag:+itwTekQiK1EQp4SDti/vw==,type:comment] +#ENC[AES256_GCM,data:oDZ2g9ZymWNmh3/D2CZk8WFHG3+E,iv:zTfxcHtHLiMWENDzn4D3/SOWFycdcQQfzy5e30z8vAY=,tag:wT1d6pQ/el4a/vhVEqS/bw==,type:comment] +#ENC[AES256_GCM,data:Jt73gVDZ0pTtFLi5TlDpPDrfzQ==,iv:OyEEqyL8tNmJmkdtnI1at+6tFS80vv/nYAWXNl00O68=,tag:LF1panNmPifrPQSKF3tzUw==,type:comment] nftables: forward: ENC[AES256_GCM,data:F32GGcjkvsha6rjTanGdkAB9h3fkzqkniXFzrjfvmh5tUjBckEm/L3L82olRzwRVCN/9SiC8+6wRiGnU1aItPtFkyJlA7pNORLHitVIKTyyKNSMLjEsWpt1v94UTRhNWC628Vc22XDULY2POfdSGLr38ynpL3fpUSJkFvhhwx8FjprzvogGDZ+NSaSKaqD04t9kbdGlefGoLNo1gqdutRbN7clqJnMN/Ip5hS0u7o2bDTQ7qmBFFGwAIwFUpyO1nGFl1c0D04GzFGedwm8Yl9on6mFG+8SfZvR5nxyv0tG/Zwb6OVrWiFv0LYYzE5064AM7K10A16E6as3t4R416sSpmWLFTHMWPzMICfXSAiEU5yQBYeVzmTAzrZzhJZgYjBls2C3DvgjwcVVfGUD3S6iwUNQBgfgh8FKmD6W0OhismnFFcte6yIo4mvwkldhT24hZqyHBg3m+wNetYybsCO+ivf1e81a7vA0GLcv5cL72B55vl7X/pYeiIgIln9Z92+T3/2YRnz5f0IHFkR9/tCi8oapyFmQirU739QCuuWWmoKP7d3cA5NyiofUCbPhO8QYN2d2xb35cNg1US1IexHBO1MV2mJPelnj1K3qCdmpIqEULlWkFKXkg1ssjW9ia7sNSFMxE6302Fu08Whnv4t7uOx/Movr10pLGuRYwO1nA09hK2gKaEmsIZ7UP0tiCAuvl/5vVCelNvIGAgCHRiVoA3GpfpI+LF/YXPwNeyWJANqwOdjl9pOQamVsUJbO/YGVthwVg7dLQNChGcArGPCBOm/aTVxiWiFmbPTRo93jVf7ovPUlhoqKIuhWKxlz15025Gzbm6Re0kDY3fZG4FKMXgaXDgNwgSr0wdCQUMmstgyOIRUao4k7qrnaiaXhtUmK2jlYjsZDvs8Uq9CILU4y/FYB4Z4I5cn1dazjMcNOLjX9Mtg9cfTyNrTZmu3TCze5694hU7O978CUZU5vrK5mzgusE5P9tDpi7RvLLZr/1+2N/V14wAmhJDAPygkgfAuN4IOn2h/P0TJ6jqLzP9p+iOfEhTVRxrx2veVE4+wi2pNY5GHSp/FXFtdCDEMSUc3wzNDDrOurFa4wNK8/0xhgsAnjyc+OlvL1Yf9sPgLJ+XJjDxmdfBeCHGkTK7TtXM93pzj9Vdto3dq66RPUz2FwJJ4xSq0SFOUaNHEC5p6Sg1rZnGvaUpfr9+G6C8rsk0z5wP6f6lOkLwXagKgQ7oAsJXB+hKV6yOLL0TYz8IWds7pHdhXYJtEQ3TeI32X1M0md1X/13Lq+m2XH049+/V/HI3cA9X6wj+t8nzKYqbnGIUwXr1f8WfRAPqJhLBl5zdI/PKtmrPMqmN5iiUrtYGSzzLgZOWHCJuvo2f2X+2ynyACY0lWG3DNFRh4aDzP+LaeY1+mZbvCaopEb7Uc7YUbJ3oyq+eeb7+mgb7lhjpe1kC7GtpdtRwTvIMMrQUXcngkyWFO26vYM8QPMRVIIWcdeSBk0qmF+t1oJBaaGVji4G9PvUCcpHXDoyao0FNfkcr606ELMMrBFPE7DVGU81M6+57NtjSAfh8KLuhKA1cQQU3U0ciSM1w1e/t73b9xmKGVShlTbm5yPmM9I7en6PV3aH5SpZv6LMovmp/PBl9r6ZWUg4tTU2iCj09cWlUjxaXX5h7AxUW7jA2ypsUOn7dgkCPFwr5gv+mfvkmeYGCtijusp9GMuAvL4Wp7Lg9SZC1/k0ocI3buLRbmAji69j+du4no8o+Vy7OHNqcnbtg/Qlnp65lRI4/Z+Bg0OZ18rSYJYM7BavNYHyxVgKDHo+5ypM6s0yigCpq6naI4A/kr1i3ST3rl6IFQQLhWjeH/FS9Ay34RGO8nk/62Htx4cTrmGUnr1VgLrtdBiHj2YkeJDa0/nfM1sI+EPv4tM9GOlMQU6OysJhBzWhHTqEQxVgUQhcacYv2OiOH7I4Az2TTxNnAjOiWY9TuazRiVeJlpTjCkiQfSdGgW4hD2nRbAQZ5X9LrQKZpI5Q5wXwI1lapmjW4m0t8cnEVXgxE5Gn1uH5TQpzzIpSIVRJjWvEeQP+EuotWjYCdx/1tj5PnYs3aiV2Us9QmTMAI2euNQ6DpNTFFpiFONSPDBzZ/IANPKWWFVDeMzBZKdllleUl5VYCWaTEd9JrbjRx/u9YrYlBDl5Xo/DCYJIoUFmusCdh1UfI9y64XYsPxrPNxrF+upisE9vxG/BRTDgxLBOenB3A5/Suba7RfHI0LBHVhO2ijJr3Nh0T/78ecnTE+1zBI41TtN8Y/2MGbs20ZSZtDFy27mf+YQLpYKFpXEOEdoTy51kVW2jn953x1lbNgwV+DWRPf25TNP+dFTZH+z4/Mv6F4RCyYS+VJL5SfGah76GpMxYodmE2iBbXyfUeUxKAeool7EZ6cIvhtwLaJuaUhvjKLd6ateSzAaAKbFVpdsgP7iSJd15YyTKmb,iv:lX4dz+VArj+I9yhy4tahlz8cNvnc/eDs69pKRbIWeEg=,tag:px+HxZRAHlKQA32KJJZwaA==,type:str] ssh: ENC[AES256_GCM,data:RA14V9O3PcGOoCfgj4nCILtwc4ER/hPC5HBzz91WhNHmUKzOlxy4zso6HSmSz6sMFBK7J77r3MO+6JKw8eNeHmx9fDDcboHFPcL1PQfYAJE6LNBS0e9d00Mi3k67DdNJZE4F/yOCGIrducvlCsJl/8S4zMMI9Ktum2sJFdkw0INgXoPVPSAQ6nyO5KKcboVtxeKc64RtcBZoO2CCSLhEdVJnE9AXB+l1Pk1926f2XHlS3Ci/Jh/uAwM/4uAeldQ2r3gRuzq9H3SIAgSNZhlJIVr9VDU9kZ28dNpDYhhdOrle1W1drj+9viJ6eeIxykhzZ/8kX34xik4UiMxW9vGO/VpdEdE1XRMqEIRp5L2ADBNCImbXEN5fbRo8+FlL9H+aAFDjBtxxalcSSqApYac6NcM7msF8Lewj4ED8FYXEsEIX7qA8XbVzJuFFYHhRWA6Lt+Gp9Kn6aaxZMF4fl7u35BFPggi1vwsb42la+yQAizk5x0t+fCCX5D8XRHmfCZYX6AYJeQhfzHETuSUu6p4asmhlx+8cJLtjMkkBc8lDscdK7NcuhPm3QzjQt3H7wAHQBzWrxStvBC77K2d3Xf/C6VERUdDvLK1El1oZAl9UmnxAK35kUqAKHHE2xheHQcw1rhy1D0dsX/rQLovTpPdczd/vqpkcJxHk0nH3rddySiyOaWsdoQ3DhpdX7h4PNTwcFJGVzbVR7+9pCnTJ4DTbc9H9G9xiX0vPef4cBuJQPXG8Bc+kMXOpV9uKt9KRoNtPG2M4IZvtaZNiS8qYB0LTjdHiY3C3NYvDc0pkDAIxDjP9TERWxuBCUlscmbXLAxDqB4zO6LBm9yVhMWxYyim5gH24UGD9D2g1piFGXKiSb4dXbrnxoRe/JoLITdWOOEkabVxqJr4KQF07MjTg1JNO3fPLMI6azElQSUj+2ZAy5dqPggg5xw8+h6yp7ZLh3zXaTlSroL+yA4BH8BjVuEa+jl9xqexKgB7zeHb6VhWmtONsffvQtk/kVucDwmXOiOnma1+pj6COoMur2e8bEK3Scap/k+B1b8D9SWMEXi61HxpEtHn6XH5DEdq7Pb12zs2FQEE4QvuaTIscMlvwrsMHkwW7WtkCj2sQFIuUAL4ayyccx+QomhB/hxWKZE83SztNfiAqTWAOaL0XfX3+4qgsehfEkdaUl3FCZvuObPPxIUcYu5Crl54O8B5fbOQE0dcvxMpuxVM6kt3O/jcmj/eri4NPmghBohGSrcJpZ3CUMjWbOJG3A2GFQWztFobkRW9N0K1Fg8UYzKr/lhzlPKiB72D7flghX1yMYfefOnD7vClPUY7oFmnf6sD0qYmZK49SGR6+b7z1bBaskaqhEx3zB214DvOxKGeiPuMVmXk3h7bGqJQ+ejiRcfQHMr1dpFCEMurTmoHwJPwB9fetOpaA0RAEr4pP0QKt8iuTT8MCZi3KBXaiPhZYtdyR5Ka9DETlmBoSeYgyzNht2bCf9nTLn0AJDGZNcZH/NUoy4kLFrhQ18mDIvKHCaALWabp5SnyASQRI/qIkE1DTH8JSkSrr2edz1Ag0SbTMhXsVuHUy3jPuFkNb1SBJxlXmvjHSny7gAr9HVVG2ClRzGtVOXiFHyYguNbmP1F8uqDvabbx8FvAGCEZeARFWQI4iFCe37rYjJE62byilC5LMBCQ5l4/kOYHVgPivPzV8qkZV8B8dQBvMjIvBOgQNvljqagDu0C66rZOTj9G16FDfYDRcdApL0xraAs/O8EgQWxzlB9cQPJmjecAVlF1wsqIbIDODKtTRY4dMYqKfhLoeCV4kPb4WjvoaLxBgbsrJylZKULkO+xbBCvvFhnFNQDOVFPe2ZhEwcx4Ji6j8GZhhyv2LsOdQcXGLgyTr7YM3z/M9DdlCKqlFolA6tod6+9CdUkhFfL7y2vBV3pyEHwyTwWMy5UQIprwm2Ht2RxejhpUcfVydjT/ISJ+aNMy+nq11rrQOlDFsF/E/Db0ngUbORNezWX5n8bqDxModmDLTwYwYT8qu4jruw/WMY1iEZPZzZE8xywRoKCzqN2KweUdEkv+Px6rxtOnNIkPtJxyq4I2L7/oJcaGU40e87KXhhm68qIajboyPM30WInOcGAcG5LwWlyrxwCpthDEcnNlXXghx9izXyqpw7s8hP0qsmRDeESckqn1KUfs98Jkbfg54nEdIT+JcHm0PjvqIHJB61IGWwN4l3SQXY5SKuUb7hSMItKC/FlDKWL5yk5qO55SlYfz0mrD/7Fqk9uFRzP94mswYh8uOkCHBC+WxL4/ashBZOPFZ+WErBAyDgV0LvdiEBN1zpJlAegDozPNXpOzG3rb7QcBr7kwkiHBtD6q7dhBZ51XKPcJPRjkFXDR9Rbj50k6wQHznuDNMA9lI42a6rFN3mr3G8h6mvD67x7b83IxwtLaf7Y0Nb04m/37sCJM1TbjP6jXvD0BdIAdbLc7Qk3K8F2cSIfNH/O7JI9WTvXxxOKtPdpRnnrOURpr4PnXEdJJ1ErujfCPPvFkr0BjpR1Xv2LYKmWISx2OblJnx/MAwECBacN69SX5qnJlaP1Mn769lR5quhAaBCpq0LmHSB1jqF5ap33VKHcB9EHs2ActJHMyn6GxRXSYudw==,iv:iE3MNeQkraGC3qvhP2CtVQv24XVzUQMJZuPa1JxlN9E=,tag:wU1dIUj/HoWD/QPHqHxcDg==,type:str] nix-access-token-github: ENC[AES256_GCM,data:CWFmo1vx9xGrsickiHtAehg7CLhDrV69yG9Ngca66ecsAeLKU32CDvL+3/9UTOA7lrHe88q0GOXMmbCfSDFA4M0sZWo=,iv:yfQzZ5qmKkkpL6T6I79HGByyt8nhdYnxR6D7DvKFaNU=,tag:WGg9oSbmZcy+3BAFTyf1vQ==,type:str] +ssh_config: ENC[AES256_GCM,data:7ZdTQR//YDvkfld0ewzK1mlMwxmdnH1Cuxo1JVtTBF7DOnx5o6tUkQS/sX30BzNqew59pN6lPbYToZOx1MVB9HCHUpNGiSu41RlNO22j0ihTHVleOk4/IqsfFKhrmpHlYoVXvPQm2803qRF3x8AAnR81AoBpdc5agD8Jqmpm8ISkBL+IPqL9LJN7IopMn3iBm1k2xz8Gml8E3VY4i7U4qxIaWVJLGNDXd0uxGIpjO/of+nL3ySIYGxoAzp7zX6lhyt5BOIkSpJoPJPI7QjlPOvGmLnpj4+RTFwIamYHzwQaAD+T6MyvO/40SzGVxvvWNvfz49UmO5s/wWMdYwRqMMQQniztDMwJ2cB7/YjWzJFP1H7H3VCxl1Lfz7CiYkMynFVWSNnoFuK//ii9WSHuXohgzyRjt2D1CGaWB4ufKM31Dfj0vYAq+NGcwl7PQRknP9uudRDj5/+Uw+cZcpDozZO39vJVTI45RHrtRTAeXZqMyeT9V14+2/QyzE9MRovr11ermAp4HivCd6/diodeEUERoJ4YSwafYMgNbx56dnbZ6CrsJZ91K3/j/l9Nq0JfLkYdWcR8pjJ+8MP7j1AGlzHgWha+DPMK7YULA5NaSBcOVt5WgObqmO3w6Uq2UWCkA/evXejH3hxn8lZqsJIRTayDwJB/ea1FrS0ryTuWTK+IT3PvFpKIFFKKJ6aRaATc2im7zcePikV3R6EETLe4mB7YgSGXCkMlM6q97myFKnOv+9lwVsd9elszWsapgThPqm89uWMUGrQEEW0ZlZi8VlfXU72SqGARengUIkOA=,iv:+535dLYm/zY5HIeXbpLaeMV/sx6b5BNV16VZApPIt48=,tag:zE2yzu1Nl3Cbqd1JdvmZWA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r enc: | @@ -30,8 +201,7 @@ sops: ZTdpV09qUVZGK3FjTWRITFp5TGZFUkUK1E9IN+SyTV0r9l1bd+2z7zrsp/7VxCyG tEWZp8LmfkGEunspv6iDyxKbYxWqNqJxZuSVeMD4ZMx6YLwHfW797w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T22:11:05Z" - mac: ENC[AES256_GCM,data:YgCiqSbW2qMrGM3SYO7F4xcgrdRaBcaLj8r53i9Nu5D75l7fA+qKTc89XCpNXlFMv15LHT3kKjfXqsH2Cyn8RyPvrHHd/Hnqa7paQPrcpQIRcpP8QTMCBNFJvzpaXUozwb3fpx1xY63Ydw/TDv1/PQBEJWzp9k/MDiTSZYOba+Q=,iv:9w88jxstxmvIScgCUtgl1hPkr/j76Rked3Kv9fhZQJ4=,tag:UvfTXI222OFtIqex+0mdhw==,type:str] - pgp: [] + lastmodified: "2025-08-26T07:30:16Z" + mac: ENC[AES256_GCM,data:2i+AMaBIOCrKYfHFXZXB//yZ4Nf54DXYLzcdWDwh/cloWfpa2uPb2UzYVIIOz8ayi1h/Ij8ON9fQEa+4SzflV59ThN03/kbR/wOo9UYLvjTl0JIFypl/1O0PRRxwrNPp8jMl6mX9vUL0gvfB4qnZnk4xUOykTaXoIjnO4M4FLwg=,iv:WL8RXkxvh+MfmfiVUFLNhTwAv92DV93ZE6q4lagCNpo=,tag:sbXuzl8PuZihzcrASPNCqQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml new file mode 100644 index 0000000..dd5ab96 --- /dev/null +++ b/hosts/secrets/fangorn.yaml @@ -0,0 +1,25 @@ +nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str] +sops: + age: + - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu + WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54 + SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6 + NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN + 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv + d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP + eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V + M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw + gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-14T19:53:57Z" + mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/hosts/secrets/ginaz.yaml b/hosts/secrets/ginaz.yaml index 5c59d9d..069d445 100644 --- a/hosts/secrets/ginaz.yaml +++ b/hosts/secrets/ginaz.yaml @@ -1,12 +1,8 @@ nftables: ssh: ENC[AES256_GCM,data:mGh0TM88dWZfymF7+Xt896POHOqoDrcsicncILYFRA5DBw3AjnaaG28Da+qcJ7/VrXGFVIRm4b8L+QeTJ9Uk/h1VEYUpmaPdqY4yaK9CPTDqKmLSLsTgrIvzbUjxJ062+KOx1ovGlLqpZnkiSgHyY2h7uYbxPnq+fvrboPRoxwZiIc8UQTs7KFsQolZPka5It5kXsa6mYdaCKYp36ypTCmD1dCnkneveiYxDg/58O9UJLSbMV7vbB2020B6ga8PsG/5UbFGMzOlktejgqgfr3ZQlU+A8E8Oh4S9uweDEBsg8W+XIDH3pV7qYflkUqCctunzUNdn94RtasAiBkLd5RIV23hiII4NbPnxke3jOtO/OElmU9WxXcIHX/obZ8pPnTZYNeeNxeubkph0KJJE0DKnEKFwetF0J4wnxj90R1hxAFYLXBOYEzVANuC8bVuVw0M0GB6yRzKbxA1uxeUAbq1njBurDfVAZwUh4y551YYTJJxRq+4VPDikkE7X35smRYgRzckxhWnNvg1mggcI+ZUuGkp9XYjHOwifumib1i95xeXAD5aIiS3GTTTFPLajOlbJhdU9RHA/6WY98PEJmU4sybWS1REMkI3LfxjibLACds9B3NQYpbwIrYu4WdLrio5eQp8ifAUv1nMQAfJDYX+Vd1TEAqcv01kWiad2FVrNSy1CVphGfTHHgOfk+P/UpLMnC/OmbvTrc74wgmBVdvnMkOca4JvT94d8VtiriJ8vr8l2xOqA8A0sjph8ucInZ7GXIV91fePwFH50kYHQE7a0sSTtGMvzKjRg2/7VtgubY8tNSUO/u5FNXKbPYBwhYKB8DXI5G1m9otPa9PeobeLsLcovRyqfVhqzAIw0htQYvHHC6RZwkHptAa3RcxeB0+dj4IxB7yzayWCcNVcQHdJ+bSB897hgo5c/k26+TnYhz97STlS+/pf4h0To4JnS/+67nFqHMoRUTlmL70JAxkkwvjg+5T76+pFQFB3cPRZF48fiBo2NhpF0PWiSUB9uEIKjfyq5mwQ9tEHDTjv25V8qxcpQitu4W8ydO7L+5ovln68oPaZC5vSe21m4p7msDtg27Y6GLHTVCdFFSi9CmXgb3JCawLWDXkVMpMch1bFYcsOOumYZjBsmosK0Yi4zCZAreSJ6O8pakyjfG/T81a8wPySEjin6NGLj5rEo04YqXqIEoG5hCNQz1WIIsqfeeVZYMhQ2e5jlxqATbvnq8y4dVfP9riuUA1YAYmmwrwTw3OEnhShxtyl49s5FctmPxCPEoskzpQ1rvv45xDyvKN1QrlInu1O/TXPddpbs1eFRiyPBV+rzAwW5ULlsxy5letfqkQZiKMZ0bVIdpgJaTeKeCrZeg5khsRpxf7CIWhCRftzrVaesZKM3YGYGmlOO4FALQbg0vXQlJQBCidNVgtG8v0n/b0TCiLl+pmaItlp8GGYUHrKWLg/iNXQ4EDiXwfxF2TdSRtqkOIQQxo8Odz7fxccGGQNOeD/xCAVZuZgwOtcGGtzBaBIz18pttLRLIfzPr4WnCqlycApux1g8UhyK9zPo9kjeFnwHAseMi7sZb5iQwzSPpT6osZF127g9rgi/ck+1AB8EEsB8AOYw4DmKFCHQ8S7OuWMpAgqtphsy2sW0QOBHdp62bqZBlFofYokw1c72+SoW4ZsTwqX5ECc2pcwdDsdse9jyTHSppap/NguvgLtgfv7uz9tVw6T/Mw5Sq5MlwxFY3J0PFIJU1KjxXGmoTowor+QJVds5PxnWFBX5u6jsHs9ifcub7ddaNXuQHPGcqbyNp/T6pH51/NyymnWRq8/RcHE3DFFFYDl2J9/WY9+y1Q35o8fMo7XWJ5FqArogtAyDE42EjxCvujUos3JJKqcSUueKBimO0oJ1TzgpTCrYi4OoP54dVNRFSGVq5dFAkJ9Dmpeh4a/v1Gxuk9ujvxbRZso8GfM7gnr2FIK3hinipT7F8RHVx07YnJehM93Ul9m237OwJl5hpBBsFRy+yIuBoxd5DEeN3nPuztEOovW5lR+Sj0RB6ipJc5kaHTVx0bZm2SwPVr9RaWeHBq4j2b3HP5+frgR/vnPo3q6RQJLKamLh30mAxtzTV4F77N6LEXp9JFhs9ytv5y9MYwotHIjO6sN6pop1vcIpm/b4tKeYyUDJ6JDVuy/oroS8uAtf378gTRlT/P/ekDLRymyySvwWQ/TVtm5iF0vjt3lUdpwNOoY3J5TJZejCLbDOcShE7PDfKtf0QKGNBmxNh3gqtqDQ5YWoQirTLUv9B2Q7JkRpYZ+gLnkXMe0eu7QFcrjUMGeJwe7F4EOjBd7Xy6Wh72BVi54sYuuWWIgCOAFCjMDqMiLGdu2itnMJN33epOnnj3Dn2liqTDubSRpRaYE5/thVeRXKs+myuiU70R8mKtxol5/0i1HGrolT1Sq5k4O3t4Ibj/rhjqpmQU036T/211YS3DH9MMsP2YlOOv4NXBfptwJ+hKY3R2IoXI/FVHF1q0/8b24+kVefCZ4tOlKViPVLnYlYuxw72ztzhheKsSLMJy/UzMJMV4p250IsPAO8locfPIw==,iv:zHwrBGfdoz2j/5Qko5QNDkh/kkJ/bD/aHvEL5DACmKI=,tag:9YELKHujgP4p5yO5vAwZog==,type:str] nix-access-token-github: ENC[AES256_GCM,data:D0VIVA6O4vTDkg//+NgV0pptpSGFkSi8YtbcjjXTQyYLK6j6QJ1Zxhz1SaHZadWNjJgilMjoOHZOg742fdusxwzJTQ0=,iv:pjdlfeRW9v4q4+S/6voEFPOvwQMQYd2ehQS2k0MNAuI=,tag:HG3+7EfbD1XTjxE2UjTV3g==,type:str] -ssh_config: ENC[AES256_GCM,data:WY7WwOu+ev0+Js8xNjRQYHzAy3arKdQY5IfXHFPLwY1Yz/Z+nXIMfL4vg9kjnjteNqVVfzzk9cjaMBxHvU4cqhznipFUjhV6LuIqVcRUersyVgquluQHEUt6WRbOY0QVbI2jUzPPrgjGlW2KDS62rxKhviC+JSULi3oJEZcB2Ko9I2Lyll6jW+ESUiiYB647bdQz5+638iY3M/2FgijLawr9a7qHP4J7h2U+9LfFj+L3ilVqz+u8YJenspKEMg/n0Oi+EMQfY/wq7zzhhxt+TCVa6Tlh7HEgdRrrjLaRLJZx1nsX5+nzdSthJ+lWYKodVlw3XeexJ7kRBp0/a6tKzsDcJvGIbOnAtgCfneS62CATgawcjTn+VzMC9esOuGsbeEu74I0fZgGNVxvd4PhcONe45Gho5S2ztaGLQdxC15y6e8Yv/fjw+lSN5ngvngDBBt3FAneYzvhwup8D5gUGS3xr2audXCka77Oqb6bGjg==,iv:bUG0wSgImCIQ80vfQs95FhreM557uzBi6FFn6VQAFG8=,tag:lmLVb35Oi5HXv6DPkaXAWA==,type:str] +ssh_config: ENC[AES256_GCM,data:sEEnFAoiJcn2zAptd01UOfP9e+9HIba0iq3ylATVYu6QHMOeojwCa4jDFtR22Sb4tvlcaKIeYseKhQfMfHopK8Bqz696mSHyrlROrxNZxYg7YvWol0ksN+xNLa7ALTQoI+boQoobpHbZiEQ9OhwUyZBP+Y2ovU3ipXXL3fqaqC/l6oqsSytKv8WDjgoNtTtdbr6NHgM8RMuu72YIMvMYOt2NRoQiqhEzdn/3NOZC7eLz1SV+JKVcm9rogfV9BSjivP+x5lp5KwUUHsbDVIL7LT83jkx+FXZe6CsuVX3Qbd3mErNSDxLDZtxYBUwECt8Ku8wvWf82IQDHMQEwF5zu6Lq7aPi+fZK1CTvsS5X/ar0HMhBwbBkljgnPr+U/CrS5vjouYP7tcuJXxAsSkgACKgZtj9cc38dEqVltR7J4KcZ43nhjci5CeH6Xr9S/wxQRoPxwXfy6cSFHlt5uj4Rkli49f5dqC2fNz8LF77ceygQA3wgCKir+28tWLVSfMO6Xu88BG7fNWldCnkaWQNIMvXAJs03i6XZONXVWP8svfBRbcY9tbhwh0OPT60V4pI3TGuGiAw/kWwswKl4sPz6Fj9/yeCuynoSYXU7PKUgB6ZWZ8Y4eK4+uddSfOKwaQGqeDBz4oJ7X5IH776J8WtBZ/J5D14zgHkJh1ELl2ldaYdjFhQfruBTCILIhQCwcY/DSCWdv9LExIj3Wh5Piv2w1cUmP5HIO0BVk47vial+lWZm4KCU3AwxNwyME3CfqRh7TIzK8Ufi7MZBXHC26e5EAfK5g6Du/I6hVlTjnRDrGqUyF/+c=,iv:yX+/BGMQplX9e1dyLxJ5e81z8tPgI6x67xqqJrFbpzw=,tag:FFiFgWdsuRdSdAbNf44Sng==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh enc: | @@ -26,8 +22,7 @@ sops: Nmp5TTVkNFNqd29PRVlRZ2lZWDhaQVEKQ5dnzV8gqd21v6AlUfpOrBTyzvpEC2kr VF7UR0f3VOvnaJ5fDB4nrcHthYbQtxuzhV2wuvZFh+fBle5xRgGRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:30:06Z" - mac: ENC[AES256_GCM,data:GznKrPan9U7A9+98Ey+P4xWpRwrsTQ/E5rkypXGBH5nyLXuimyNIrb/p5d5pws/gtdOGMmDIAuOvzzo8BcfFljgIaBK557E1E5Oq6pskmNnIv4gZNjHSncmsA87NGEZYF+gkQijQB6lDL6uZmAz4g5IcWsQltMYlnRv3wM+rYhk=,iv:3IKa5siOFxsLXkBECpx3wimt/s99RtmETmB80mpnU2E=,tag:yhT85gINaoFqKBLTdrEXbw==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:01:08Z" + mac: ENC[AES256_GCM,data:VaYnO0cCKoxY2cvnmqr4MqkTjSOzlBY8z80uxksUxrfWnWCkBtIPHG5gHi7HKn6LnlREUquzHoSSfmpIoKpMjdsOlFunPnrG876uGhNFxHROocixxZJV6yIsClgRx3FCwe1M3iT0NDAYq3zzNrL2bTx1MOx4C97Ki4BuISn4/98=,iv:dUUpbFa7e+Qa9FV9ALEVPifQNrPkv5oYsA6djgYEq10=,tag:s2abIa6FX/vPsUr7M3kEfQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index d5dc582..102d5a4 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_17; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "46fdaa8e"; hostName = "uranus"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; |