diff options
Diffstat (limited to 'hosts')
38 files changed, 689 insertions, 289 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 58c7ee9..dd2cf84 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -2,10 +2,12 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "arrakis.bitgnome.net"; "net.ipv4.ip_forward" = 1; + "net.netfilter.nf_log_all_netns" = 1; #"net.ipv4.conf.all.proxy_arp" = 1; }; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi = { canTouchEfiVariables = true; @@ -16,98 +18,91 @@ extraInstallCommands = '' ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 ''; + memtest86.enable = true; }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; - environment.etc."nftables-vpn.conf".text = '' - # VPN firewall - - flush ruleset - - table inet filter { - chain input { - type filter hook input priority filter; policy drop; - - # established/related connections - ct state established,related accept - - # invalid connections - ct state invalid drop - - # loopback interface - iif lo accept - - # ICMP (routers may also want: mld-listener-query, nd-router-solicit) - #ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, packet-too-big, parameter-problem, time-exceeded } accept - ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, parameter-problem, router-advertisement, source-quench, time-exceeded } accept - - # services - iif veth.vpn tcp dport 8080 accept # qBittorrent - iif veth.vpn tcp dport 9696 accept # Prowlarr - iifname wg1 tcp dport { 49152-65535 } accept # Transmission - } - - chain output { - type filter hook output priority filter; policy drop; - - # explicitly allow my DNS traffic without VPN - skuid nipsy ip daddr 192.168.1.1 tcp dport domain accept - skuid nipsy ip daddr 192.168.1.1 udp dport domain accept - - # explicitly allow my traffic without VPN - oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent - oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr - oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr } - - # allow any traffic out through VPN - oifname wg1 accept - - # drop everything else - counter drop - } - - chain forward { - type filter hook forward priority filter; policy drop; - } - } - ''; + environment.etc = { + "netns/vpn/resolv.conf".text = '' + nameserver 10.64.0.1 + options edns0 + ''; + + "nftables-vpn.conf".text = '' + # VPN firewall + + flush ruleset + + table inet filter { + chain input { + type filter hook input priority filter; policy drop; + + # established/related connections + ct state established,related accept + + # invalid connections + ct state invalid drop + + # loopback interface + iif lo accept + + # ICMP (routers may also want: mld-listener-query, nd-router-solicit) + #ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, packet-too-big, parameter-problem, time-exceeded } accept + ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, parameter-problem, router-advertisement, source-quench, time-exceeded } accept + + # services + iif veth.vpn tcp dport 8080 accept # qBittorrent + iif veth.vpn tcp dport 9696 accept # Prowlarr + iifname wg1 tcp dport { 49152-65535 } accept # Transmission + + # drop everything else + counter drop + } + + chain output { + type filter hook output priority filter; policy drop; + + # explicitly allow my DNS traffic without VPN + skuid nipsy ip daddr 192.168.1.1 tcp dport domain accept + skuid nipsy ip daddr 192.168.1.1 udp dport domain accept + + # explicitly allow my traffic without VPN + oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent + oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr + oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr } + oif lo skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent + + # allow any traffic out through VPN + oifname wg1 accept + + # drop everything else + counter drop + } + + chain forward { + type filter hook forward priority filter; policy drop; + } + } + ''; + }; environment.systemPackages = [ - pkgs.angband - #pkgs.assaultcube - pkgs.bsdgames - pkgs.bzflag - pkgs.extremetuxracer - #pkgs.frozen-bubble - pkgs.hedgewars - pkgs.kobodeluxe + pkgs.bitcoind + #pkgs.igir pkgs.lidarr pkgs.mailutils pkgs.megacmd - pkgs.moc - pkgs.nethack - #pkgs.openttd pkgs.prowlarr pkgs.qbittorrent-nox pkgs.radarr pkgs.rdiff-backup pkgs.readarr - #pkgs.scorched3d - pkgs.signal-desktop pkgs.sonarr - pkgs.superTux - pkgs.superTuxKart - pkgs.umoria - pkgs.vial - pkgs.warzone2100 - #pkgs.wine9_22.wineWowPackages.stagingFull pkgs.wpa_supplicant - pkgs.xonotic-sdl - #pkgs.xpilot-ng ]; imports = [ @@ -140,7 +135,6 @@ address = "192.168.1.1"; interface = "enp6s0"; }; - domain = "bitgnome.net"; hostId = "2ae4c89f"; hostName = "arrakis"; interfaces = { @@ -152,6 +146,9 @@ }; nameservers = [ "192.168.1.1" ]; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; wg-quick.interfaces = { wg0 = { @@ -288,6 +285,8 @@ after = [ "zfs-import-data.service" ]; description = "Bind NFS exports to ZFS paths"; script = '' + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/downloads || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/www || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/keepers || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/movies || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/tv || ${pkgs.coreutils}/bin/true diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix index c7a6652..0d24c12 100644 --- a/hosts/arrakis/hardware-configuration.nix +++ b/hosts/arrakis/hardware-configuration.nix @@ -21,6 +21,24 @@ MOZ_DISABLE_RDD_SANDBOX = "1"; }; + fileSystems."/srv/caladan/downloads" = { + device = "/data/home/nipsy/downloads"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + + fileSystems."/srv/caladan/www" = { + device = "/data/home/nipsy/www"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + fileSystems."/srv/nfs/keepers" = { device = "/data/home/nipsy/downloads/keepers"; fsType = "none"; @@ -66,19 +84,5 @@ open = true; package = if finalPkg == betaPkg then betaPkg else finalPkg; }; - - printers = let - brother = "Brother_HL-L2340D"; - ip = "192.168.1.20"; - in { - ensureDefaultPrinter = brother; - ensurePrinters = [{ - name = brother; - deviceUri = "ipp://${ip}/ipp"; - model = "everywhere"; - description = lib.replaceStrings [ "_" ] [ " " ] brother; - location = "home"; - }]; - }; }; } diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 7d589fd..d758d34 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -5,7 +5,7 @@ directory = * ''; - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [ 2049 8333 ]; security.acme = { acceptTerms = true; @@ -65,7 +65,11 @@ server = { enable = true; exports = '' - /srv/nfs 192.168.1.0/24(ro,all_squash,insecure,crossmnt,subtree_check,fsid=0) + /srv/caladan/downloads 192.168.1.4/32(rw,root_squash,fsid=1) + /srv/caladan/www 192.168.1.4/32(rw,root_squash,fsid=2) + /srv/nfs/keepers 192.168.1.0/24(ro,all_squash,insecure,fsid=3) + /srv/nfs/movies 192.168.1.0/24(ro,all_squash,insecure,fsid=4) + /srv/nfs/tv 192.168.1.0/24(ro,all_squash,insecure,fsid=5) ''; }; settings = { @@ -81,8 +85,6 @@ nginx = let sys = lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ({ config, pkgs, lib, modulesPath, ... }: { imports = [ @@ -115,6 +117,7 @@ }; }; }) + { nixpkgs.hostPlatform = "x86_64-linux"; } ]; }; @@ -233,12 +236,17 @@ extraAliases = '' nipsy: ${my_email} ''; - hostname = "${config.networking.hostName}.${config.networking.domain}"; - relayHost = "mail.bitgnome.net"; - relayPort = 587; rootAlias = my_email; - sslCert = "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem"; - sslKey = "/var/lib/acme/arrakis.bitgnome.net/key.pem"; + settings.main = { + myhostname = "arrakis.bitgnome.net"; + relayhost = [ + "[mail.bitgnome.net]:587" + ]; + smtpd_tls_chain_files = [ + "/var/lib/acme/arrakis.bitgnome.net/key.pem" + "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem" + ]; + }; }; printing.enable = true; @@ -303,23 +311,23 @@ options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUK5EL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LKLLAAE"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV5JEL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LK84H9V"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUZ42L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_2LGKG71F"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV3BSL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_9AG00UKJ"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV338L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LG806ZA"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } ]; diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix index 5ec1e96..f3f1185 100644 --- a/hosts/caladan/default.nix +++ b/hosts/caladan/default.nix @@ -1,11 +1,15 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.master.linuxPackages_6_14; - kernelParams = [ - "amdgpu.ppfeaturemask=0xfffd3fff" - "split_lock_detect=off" - ]; + kernel.sysctl = { + "kernel.hostname" = "caladan.bitgnome.net"; + "kernel.split_lock_mitigate" = 0; # https://lwn.net/Articles/911219/ + }; + kernelPackages = pkgs.linuxPackages_6_18; + #kernelParams = [ + # "amdgpu.ppfeaturemask=0xfffd3fff" + # "split_lock_detect=off" + #]; loader = { efi = { canTouchEfiVariables = true; @@ -16,40 +20,47 @@ extraInstallCommands = '' ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 ''; + memtest86.enable = true; }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; environment.systemPackages = [ pkgs.angband - #pkgs.assaultcube + pkgs.assaultcube + pkgs.beyond-all-reason pkgs.bsdgames pkgs.bzflag pkgs.extremetuxracer pkgs.fastfetch #pkgs.frozen-bubble pkgs.hedgewars + #pkgs.igir pkgs.kobodeluxe + pkgs.linux-firmware + pkgs.linuxKernel.packages.linux_6_18.turbostat pkgs.mailutils - pkgs.moc + #pkgs.moc pkgs.nethack - #pkgs.openttd - pkgs.qbittorrent-nox + pkgs.openttd + pkgs.piper + #pkgs.qbittorrent-nox pkgs.rdiff-backup - #pkgs.scorched3d + pkgs.scorched3d pkgs.signal-desktop pkgs.superTux pkgs.superTuxKart pkgs.umoria pkgs.vial - pkgs.warzone2100 - #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.vice + #pkgs.warzone2100 + pkgs.wayback-x11 pkgs.wpa_supplicant pkgs.xonotic-sdl - #pkgs.xpilot-ng + pkgs.xpilot-ng ]; imports = [ @@ -66,9 +77,11 @@ ../common/optional/misc.nix ../common/optional/multimedia.nix ../common/optional/pipewire.nix + ../common/optional/printer.nix ../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix + #../common/optional/services/wayland.nix ../common/optional/services/xorg.nix ../common/optional/sound.nix ../common/optional/wdt.nix @@ -82,7 +95,6 @@ address = "192.168.1.1"; interface = "wlp15s0"; }; - domain = "bitgnome.net"; hostId = "8981d1e5"; hostName = "caladan"; interfaces = { @@ -94,6 +106,9 @@ }; nameservers = [ "192.168.1.1" ]; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; wireless = { enable = true; @@ -121,6 +136,35 @@ ]; }; + programs = { + nix-ld = { + enable = true; + libraries = [ + pkgs.alsa-lib + pkgs.at-spi2-core + pkgs.cairo + pkgs.cups + pkgs.dbus + pkgs.fontconfig + pkgs.freetype + pkgs.glib + pkgs.libgbm + pkgs.libx11 + pkgs.libxcb + pkgs.libxext + pkgs.libxfixes + pkgs.libxkbcommon + pkgs.libxrandr + pkgs.nspr + pkgs.nss + pkgs.pango + pkgs.vulkan-loader + pkgs.xorg.libXcomposite + pkgs.xorg.libXdamage + ]; + }; + }; + services.openssh.settings.X11Forwarding = true; services.xserver.videoDrivers = [ "amdgpu" ]; @@ -168,4 +212,7 @@ }; + users.users.root.openssh.authorizedKeys.keys = [ + (builtins.readFile ../common/users/nipsy/keys/id_att.pub) + ]; } diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix index de0e516..4e19405 100644 --- a/hosts/caladan/hardware-configuration.nix +++ b/hosts/caladan/hardware-configuration.nix @@ -21,37 +21,33 @@ MOZ_DISABLE_RDD_SANDBOX = "1"; }; + fileSystems."/mnt/downloads" = { + device = "192.168.1.2:/srv/caladan/downloads"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + + fileSystems."/mnt/www" = { + device = "192.168.1.2:/srv/caladan/www"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + hardware = { + amdgpu.overdrive.enable = true; + bluetooth.enable = true; graphics = { enable = true; #extraPackages = [ pkgs.nvidia-vaapi-driver ]; #extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; - }; - - #nvidia = let - # betaPkg = config.boot.kernelPackages.nvidiaPackages.beta; - # pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg; - # finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc; - #in { - # modesetting.enable = true; - # open = true; - # package = if finalPkg == betaPkg then betaPkg else finalPkg; - #}; - - printers = let - brother = "Brother_HL-L2340D"; - ip = "192.168.1.20"; - in { - ensureDefaultPrinter = brother; - ensurePrinters = [{ - name = brother; - deviceUri = "ipp://${ip}/ipp"; - model = "everywhere"; - description = lib.replaceStrings [ "_" ] [ " " ] brother; - location = "home"; - }]; + #package = pkgs.master.mesa; + #package32 = pkgs.master.pkgsi686Linux.mesa; }; }; } diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix index 4644188..79c5b97 100644 --- a/hosts/caladan/services.nix +++ b/hosts/caladan/services.nix @@ -10,8 +10,14 @@ iperf3.openFirewall = true; + lact.enable = true; + + nfs.server.enable = true; + printing.enable = true; + ratbagd.enable = true; + #smartd = let my_email_addr = "nipsy@bitgnome.net"; in { # enable = true; # devices = [ diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 8a0fe8a..0ef4182 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -17,12 +17,13 @@ pkgs.bind pkgs.binutils pkgs.bpftools - pkgs.bpftrace + #pkgs.bpftrace pkgs.bzip2 pkgs.colordiff pkgs.conntrack-tools pkgs.coreutils pkgs.cpio + pkgs.csvkit pkgs.curl pkgs.diceware pkgs.diffutils @@ -65,6 +66,7 @@ pkgs.parted pkgs.patchelf pkgs.pciutils + pkgs.perl540Packages.ArchiveZip pkgs.procps pkgs.progress pkgs.psmisc diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix index c6279dc..3aac7fc 100644 --- a/hosts/common/core/nix.nix +++ b/hosts/common/core/nix.nix @@ -1,36 +1,23 @@ { inputs, lib, ... }: - -let - build-tmp = "/var/tmp"; -in { - +{ nix = { + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + randomizedDelaySec = "5min"; + }; settings = { auto-optimise-store = lib.mkDefault true; - build-dir = build-tmp; experimental-features = [ "nix-command" "flakes" ]; trusted-users = [ "root" "@wheel" ]; warn-dirty = false; }; - - # Garbage Collection - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - persistent = true; - randomizedDelaySec = "14m"; - }; - }; - systemd = { - services."nix-daemon".environment.TMPDIR = build-tmp; - user.services."nix-gc" = { - description = "Garbage collection for user profiles"; - script = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 30d"; - startAt = "daily"; - }; + systemd.user.services."nix-gc" = { + description = "Garbage collection for user profiles"; + script = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 7d"; + startAt = "daily"; }; - } diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index 71bcd95..8158c34 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,14 +1,12 @@ { pkgs, ... }: { environment.systemPackages = [ - #pkgs.master.godot + pkgs.godot pkgs.mame pkgs.mame.tools pkgs.mednafen pkgs.mednaffe pkgs.protontricks - pkgs.winetricks - pkgs.master.wineWowPackages.stagingFull ]; programs.steam = { diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix index 721346e..87e43fd 100644 --- a/hosts/common/optional/google-authenticator.nix +++ b/hosts/common/optional/google-authenticator.nix @@ -1,9 +1,12 @@ { pkgs, ... }: { - environment.systemPackages = [ - #pkgs.other - pkgs.google-authenticator - ]; + environment = { + etc."pam.d/xscreensaver".source = "/etc/static/pam.d/xlock"; + systemPackages = [ + #pkgs.other + pkgs.google-authenticator + ]; + }; security.pam.services = { chfn.googleAuthenticator.enable = true; diff --git a/hosts/common/optional/misc.nix b/hosts/common/optional/misc.nix index c634c34..a784324 100644 --- a/hosts/common/optional/misc.nix +++ b/hosts/common/optional/misc.nix @@ -20,7 +20,8 @@ pkgs.ipcalc pkgs.iperf pkgs.mutt - pkgs.poppler_utils + pkgs.perf + pkgs.poppler-utils pkgs.powertop pkgs.qrencode pkgs.radeontop diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index ef50b9c..f87dea4 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -2,7 +2,7 @@ { environment.systemPackages = [ pkgs.easyeffects - pkgs.pamixer + #pkgs.pamixer pkgs.pavucontrol pkgs.pwvucontrol pkgs.qpwgraph @@ -22,11 +22,11 @@ alsa.support32Bit = true; enable = true; jack.enable = true; - package = pkgs.master.pipewire; + #package = pkgs.master.pipewire; pulse.enable = true; wireplumber = { enable = true; - package = pkgs.master.wireplumber; + #package = pkgs.master.wireplumber; }; # use the example session manager (no others are packaged yet so this is enabled by default, diff --git a/hosts/common/optional/printer.nix b/hosts/common/optional/printer.nix new file mode 100644 index 0000000..32e4c76 --- /dev/null +++ b/hosts/common/optional/printer.nix @@ -0,0 +1,22 @@ +{ lib, ... }: +{ + hardware.printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; + }; + + systemd.services."ensure-printers" = { + after = [ "network-online.target" ]; + preStart = "sleep 5"; + wants = [ "network-online.target" ]; + }; +} diff --git a/hosts/common/optional/sdr.nix b/hosts/common/optional/sdr.nix index 8362605..3ac2c3c 100644 --- a/hosts/common/optional/sdr.nix +++ b/hosts/common/optional/sdr.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { environment.systemPackages = [ + pkgs.chirp pkgs.fldigi pkgs.sdrconnect ]; diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index 36f8bdb..2492d05 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -103,6 +103,7 @@ ({ hw-address = "38:f3:ab:59:06:e0"; ip-address = "192.168.1.12"; }) # saturn ({ hw-address = "8c:8c:aa:4e:fc:aa"; ip-address = "192.168.1.13"; }) # uranus ({ hw-address = "38:f3:ab:59:08:10"; ip-address = "192.168.1.14"; }) # neptune + ({ hw-address = "e8:8d:a6:e2:2a:85"; ip-address = "192.168.1.16"; }) # deck ({ hw-address = "7c:b5:66:65:e2:9e"; ip-address = "192.168.1.17"; }) # ginaz ({ hw-address = "00:05:cd:72:92:b0"; ip-address = "192.168.1.19"; }) # onkyo ({ hw-address = "74:29:af:6f:20:ed"; ip-address = "192.168.1.20"; }) # brother diff --git a/hosts/common/optional/services/nolid.nix b/hosts/common/optional/services/nolid.nix index db868fe..7346c26 100644 --- a/hosts/common/optional/services/nolid.nix +++ b/hosts/common/optional/services/nolid.nix @@ -1,7 +1,7 @@ { - services.logind = { - lidSwitch = "ignore"; - lidSwitchDocked = "ignore"; - lidSwitchExternalPower = "ignore"; + services.logind.settings.Login = { + HandleLidSwitch = "ignore"; + HandleLidSwitchDocked = "ignore"; + HandleLidSwitchExternalPower = "ignore"; }; } diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index b4d108b..b1988e3 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025060101 ; serial + 2025121201 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.97.115 +ns2 in a 174.31.4.250 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.97.115 +arrakis 1m in a 174.31.4.250 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.97.115 +darkstar 1m in a 174.31.4.250 diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix index 424d3bf..2bd7caf 100644 --- a/hosts/common/optional/services/openssh.nix +++ b/hosts/common/optional/services/openssh.nix @@ -1,4 +1,7 @@ +{ pkgs, ... }: { + #programs.ssh.package = pkgs.openssh_10_2; + services.openssh = { enable = true; settings = { diff --git a/hosts/common/optional/services/wayland.nix b/hosts/common/optional/services/wayland.nix new file mode 100644 index 0000000..493e0e4 --- /dev/null +++ b/hosts/common/optional/services/wayland.nix @@ -0,0 +1,95 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + #pkgs.geeqie + pkgs.ghostty + pkgs.gimp3 + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.grim + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mako + pkgs.mangohud + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.slurp + pkgs.st + pkgs.swayimg + pkgs.sxiv + #pkgs.tigervnc + #pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.wl-clipboard + pkgs.wlvncc + #pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm + ]; + + programs = { + firefox = { + enable = true; + #package = pkgs.master.firefox; + }; + + gamemode.enable = true; + + steam.gamescopeSession.enable = true; + + sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + }; + + security = { + pam = { + loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + }; + }; + + services = { + blueman.enable = true; + libinput.enable = true; + printing.enable = true; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index e0150f4..0c5ca0c 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -5,9 +5,9 @@ pkgs.evince pkgs.feh pkgs.gcr - pkgs.geeqie + #pkgs.geeqie pkgs.ghostty - pkgs.gimp + pkgs.gimp3 #pkgs.gimp-with-plugins pkgs.google-chrome pkgs.gv @@ -15,6 +15,7 @@ pkgs.kdePackages.okular pkgs.libreoffice pkgs.libva-utils + pkgs.mangohud pkgs.mesa-demos pkgs.mpv pkgs.polkit_gnome @@ -22,7 +23,7 @@ pkgs.read-edid pkgs.st pkgs.sxiv - pkgs.tigervnc + #pkgs.tigervnc pkgs.turbovnc pkgs.vdpauinfo pkgs.vlc @@ -40,29 +41,45 @@ pkgs.xterm ]; - programs.firefox = { - enable = true; - package = pkgs.master.firefox; + programs = { + dconf = { + enable = true; + profiles.user.databases = [{ + settings."org/gnome/desktop/interface".color-scheme = "prefer-dark"; + }]; + }; + + firefox = { + enable = true; + #package = pkgs.master.firefox; + }; }; - security.polkit = { - enable = true; - extraConfig = '' - polkit.addRule(function(action, subject) { - if ( - subject.isInGroup("users") - && ( - action.id == "org.freedesktop.login1.reboot" || - action.id == "org.freedesktop.login1.reboot-multiple-sessions" || - action.id == "org.freedesktop.login1.power-off" || - action.id == "org.freedesktop.login1.power-off-multiple-sessions" + security = { + pam = { + loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + }; + polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ( + subject.isInGroup("users") + && ( + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" + ) ) - ) - { - return polkit.Result.YES; - } - }) - ''; + { + return polkit.Result.YES; + } + }) + ''; + }; }; services = { diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index bc77050..1750ba6 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -2,17 +2,17 @@ { environment = { systemPackages = [ - pkgs.artyFX + #pkgs.artyFX pkgs.audacity pkgs.bespokesynth pkgs.boops pkgs.cardinal - pkgs.carla - pkgs.chow-tape-model + #pkgs.carla + #pkgs.chow-tape-model pkgs.cmus pkgs.distrho-ports pkgs.fluidsynth - #pkgs.master.fmsynth + #pkgs.fmsynth #pkgs.gearmulator pkgs.geonkick pkgs.guitarix @@ -21,18 +21,18 @@ pkgs.lsp-plugins pkgs.metersLv2 pkgs.odin2 - pkgs.master.oxefmsynth + pkgs.oxefmsynth pkgs.polyphone pkgs.qsynth pkgs.reaper pkgs.rosegarden pkgs.samplv1 pkgs.sfizz - pkgs.sorcer + #pkgs.sorcer pkgs.surge-XT pkgs.synthv1 pkgs.talentedhack - #pkgs.master.tunefish + #pkgs.tunefish pkgs.v4l-utils pkgs.vapoursynth pkgs.vital @@ -41,8 +41,8 @@ pkgs.wavpack pkgs.winetricks pkgs.master.wineWowPackages.stagingFull - pkgs.master.yabridge - pkgs.master.yabridgectl + pkgs.yabridge + pkgs.yabridgectl pkgs.yoshimi pkgs.zam-plugins pkgs.zynaddsubfx diff --git a/hosts/common/optional/wdt.nix b/hosts/common/optional/wdt.nix index 3c3943e..3d60706 100644 --- a/hosts/common/optional/wdt.nix +++ b/hosts/common/optional/wdt.nix @@ -1,3 +1,3 @@ { - systemd.watchdog.runtimeTime = "60s"; + systemd.settings.Manager.RuntimeWatchdogSec = "60s"; } diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix index 443c2db..3c700a7 100644 --- a/hosts/common/users/don/default.nix +++ b/hosts/common/users/don/default.nix @@ -20,10 +20,10 @@ in group = "don"; home = "/home/don"; isNormalUser = true; - #openssh.authorizedKeys.keys = [ - # (builtins.readFile ./keys/id_arrakis.pub) - # #(builtins.readFile ./keys/id_other.pub) - #]; + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; packages = [ pkgs.home-manager ]; #shell = pkgs.zsh; diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix index 9d5bfe6..28bf79c 100644 --- a/hosts/common/users/nipsy/default.nix +++ b/hosts/common/users/nipsy/default.nix @@ -13,6 +13,7 @@ in "wheel" ] ++ ifTheyExist [ "adbusers" + "gamemode" "networkmanager" "vboxsf" "vboxusers" diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 337c113..fd6f52d 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -2,9 +2,10 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "darkstar.bitgnome.net"; "net.ipv4.ip_forward" = true; }; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi = { canTouchEfiVariables = true; @@ -15,11 +16,12 @@ extraInstallCommands = '' ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 ''; + memtest86.enable = true; }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; environment.systemPackages = [ @@ -31,7 +33,7 @@ ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/services/asterisk.nix + #../common/optional/services/asterisk.nix ../common/optional/services/chrony.nix ../common/optional/services/dhcp.nix ../common/optional/services/nsd.nix @@ -46,7 +48,6 @@ hostId = "f9ca5efe"; hostName = "darkstar"; #defaultGateway = "192.168.1.1"; - domain = "bitgnome.net"; interfaces = { enp116s0 = { ipv4.addresses = [ @@ -65,6 +66,9 @@ internalInterfaces = [ "enp116s0" ]; }; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; vlans = { vlan201 = { id=201; interface="enp117s0"; }; diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 929ced4..b1da73e 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -47,6 +47,7 @@ "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" "\"neptune.bitgnome.net. IN A 192.168.1.14\"" + "\"deck.bitgnome.net. IN A 192.168.1.16\"" "\"ginaz.bitgnome.net. IN A 192.168.1.17\"" ]; local-data-ptr = [ @@ -57,6 +58,7 @@ "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" "\"192.168.1.14 neptune.bitgnome.net\"" + "\"192.168.1.16 deck.bitgnome.net\"" "\"192.168.1.17 ginaz.bitgnome.net\"" ]; local-zone = [ diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix index 24f91b9..78d5596 100644 --- a/hosts/fangorn/default.nix +++ b/hosts/fangorn/default.nix @@ -1,19 +1,23 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; environment.systemPackages = [ + pkgs.chirp pkgs.signal-desktop pkgs.wpa_supplicant ]; diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index ff25d81..e59c37a 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -1,19 +1,21 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs_unstable; }; environment.systemPackages = [ pkgs.signal-desktop - #pkgs.master.wsmancli ]; imports = [ @@ -44,6 +46,9 @@ hostName = "ginaz"; networkmanager.enable = true; nftables.enable = true; + search = [ + "bitgnome.net" + ]; }; nixpkgs = { diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index a494d70..d329365 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -4,16 +4,19 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; @@ -38,9 +41,11 @@ networking = { hostId = "d3a9e699"; hostName = "jupiter"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index ff6b25b..954e68f 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -1,16 +1,19 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; @@ -52,7 +55,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -60,6 +63,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix index 4d5d6f9..cb123f7 100644 --- a/hosts/neptune/default.nix +++ b/hosts/neptune/default.nix @@ -4,16 +4,19 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; @@ -38,9 +41,11 @@ networking = { hostId = "6c1b830a"; hostName = "neptune"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index b13925d..ee49bce 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -1,12 +1,15 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.master.linuxPackages_6_14; - loader.grub.enable = true; + kernelPackages = pkgs.linuxPackages_6_18; + loader.grub = { + enable = true; + memtest86.enable = true; + }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; @@ -49,7 +52,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -57,6 +60,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix index be737e0..2057e74 100644 --- a/hosts/saturn/default.nix +++ b/hosts/saturn/default.nix @@ -4,16 +4,19 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; @@ -38,9 +41,11 @@ networking = { hostId = "4ae5eb4d"; hostName = "saturn"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index b17393d..166a211 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -13,7 +13,7 @@ wireguard: ramped_psk: ENC[AES256_GCM,data:TCeXW9SWFEq7H7YdEE4E7gLoMC8F4GwSPBtvh8Zv6OQ3Ni0LdZBH9IHmPT4=,iv:U33J1eusuCiC41zla2ieIFKzmmgL/TlkLmH/5El3u4s=,tag:Z4QzImR0T2XzdI26nlX+/Q==,type:str] timetrad_psk: ENC[AES256_GCM,data:zAOHUlk6VJd+w6ePcDAPhpmPmlogwqUh5zhDpnW7cbXflIdLtFN9YQbOYtc=,iv:DpqIP+uTxRY7Dl0WwOvAr/dDFeARCVZKNKKKCrgOkYA=,tag:IP+nUZS3klUvHNzbgS4IjQ==,type:str] treebeard_psk: ENC[AES256_GCM,data:EjzdD4siZfCkwd6pX82C2HP8I0avKjStv6fleURD2cPkGmBFDH//MLYcY/k=,iv:yCc+U3+kAzOroOxO04EKVrbuqr85Y8cZ343UN4s3nBg=,tag:r5piVnM+Q5+0HRRMpVwmSA==,type:str] - wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] + wg1_conf: ENC[AES256_GCM,data:/285rDfz+rySzB0pohVJSVDCRWAnPi8Kg9Xu9U4C03PWYWbPvsm5Ci1q6z/kYKPsaGYYo16Ttl/0PJJcgDaQXHxJAXqWr1VQJttrcMuWuG7VlSzqhxrb1QOD60Gl+wrP7WechufmOejJZZor4FIi/AnvB4GEKQpqdP8Zz2bSd2c+5wM3tBqXftoK+68qkoYzMBtinyBISKrP3n3raF8HwHx9a5RWbuMBs5UzKSPHIbx3assHnVyJb+tX6Bs4lJTwon7r6sc3EqfozbsIHrL275V1JYsRGmSk0Lk0exjK9mQyn+c/Z4uf1T0yg0gY5XwQ/U1AJ7e9CfLdJMP3QeUtqzj8H5LlydU/24xkpqqBtozYQ+/F9nn0omoWGtX4KWZWoIVTaHLjPiETCbY/PsRrx3QFckE=,iv:i+Jr6GV1zvVoGh66HYd3ZU8cLG5AeHZ3cz7xa3mXbbk=,tag:csj43Q4sGblmylUqqb84GQ==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: age: @@ -35,7 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-05T17:59:42Z" - mac: ENC[AES256_GCM,data:K5w8k35R8wKpo/RS4eC5DyXcTdrxg4k0prBphXwMn8+oi/8/L6XYVUmhh6ftp2R4tMcV+Qvm1woMiBZaFJ71v5a1RytjxnIjNrDvGUYVq/Rcz4Owm5Zx5qSD5UvgleVxC2k26LciukJ4O+ZcC07kKMBt/NJeYNNh/oov74AENyw=,iv:COQg/3qEYjFITHFqThsQuimN7R8hp/GEChkOXb3MNVI=,tag:nHmO+hn1fTVqDtlnMuLzsQ==,type:str] + lastmodified: "2025-11-17T23:31:29Z" + mac: ENC[AES256_GCM,data:yZVAA0LoisaxPUuhkwxvXPj/HLP4mJipxyANnJJRPu74yJmhsIRxI5yn2LDvsSvkRzlv46Z2rfxF5jHDwAcqxbAquzERXB+ov/yGmC1HwQr7ID/wV+Uz4a0AmU1w6Zh9NOPraKEO5C03PpQSD+r/vxdbIwrEHlLHf51FZUVvpSE=,iv:m44NZsZm5704z6tdRAUjl5DFNxrLKy/ncnVTc3ro4y0=,tag:I5i+PaLN8uqLU9mKlb8mQw==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 diff --git a/hosts/secrets/darkstar.yaml b/hosts/secrets/darkstar.yaml index 28f24bd..b9ac45d 100644 --- a/hosts/secrets/darkstar.yaml +++ b/hosts/secrets/darkstar.yaml @@ -1,7 +1,181 @@ -asterisk: - extensions.ael: ENC[AES256_GCM,data:pJy+Z0Iv5a2rZThIpspriCkSYCGsnYWDQvOID9fhuiVc4JUxgB1Q+0iq8tANBnYtGYtbYO0jijxYmWZMcHu66aXQwegf66PQmYNwlfiJWJjJ/T753iiVvqcrnAwA0XL0RW2rbA7cWtVq+enUglz2cT6N+BIwPSMTo5EUei+JzZ/ovqN7E0SLLhgvfmIttqfJOo8OZU9eIYN3XPO3UEs9ezHDTgFIygxdD3xaGBfecoiftCWG6CDFdK0pMgABn8THLqeqigjuC7J4Kmqq7suGSA8eBfejfYoGzxY+9LfiRdGVb+oj5Xik/4Xkb/dKthphl7ez7PkJfd89cXuNtAFO67dMhy9ITlJzrkEqUKl1eMsf9oDzqoSuUjDNhS32uKO3CrhAjzAiW1z8C2gmfMscpUeNnDbUHDjw2isz9Ay5nzapM7m+3hq5D9BBb413dXxu66WkewkOHy96Vg+yO5M2c63BPiO8NfKESd5ij1RtgyQIjj8rlEfjheOa0nLfw9lj9Ohc6n27xvi55WZbZOfdeb34yIzbtNw5pw1OZhQ2U9uexJhLrUpKsg35/TMjQ3/7DkcwacA4fpI4TvfYcxZydzXvDBNEw1cZyRYEVXpIM8FepCGICviVM53cRYJJ9jmR5MC2VQSp8K8WBnBgcNfrJ2CCnfT8mGH8g2t2ZDC8AHHS8P8qRMSfsS/UmAPkIuqVXBoIRb8PJQELDfMLDzHvTL5D2CZ3+UGqB8trHB40wEJ7pw/Fm/910Z0NJS5yUZKCoU7llbV7qyxjVBIv5VU6yj7PZWkyS1t5+M63J/lssnKbohm5er2pH5tZ0cD8XRkOJXZ2R+31t48cJDYFePYO6CbMsGUlRtKYjnmHMT79N7HA7U2OKfhn9ab//UjMpMNTEHEGGB34G+hq4kgvHuiUA/IpvjQ4/D7bHjTFc0S7umt54dsCCzJsrH4pYPLbEXmNnm3XvI++cY0o4WKJvxihZIDg5+w4rYVgK+mc+3x7Um18K0UCIvrvYEoRfxM3eYKS5OkUZ1DLJZ3IZRTttgAppOVYfkAJiF1DkNKpYP7iD2OJuM8BMS9W7NL5tLmg0zlm4zIOUmYBTE95KL/LakpC9tHm/MgCz1vzdGgY3c5cGDAFp2+NOH4Hbh86A96aH7S8gDExCB5ePbHPmJxoHgzxqFgKGJc8hDlVx5E3QZls8l8cW0q1Rxu7EyNKEop7dAooGNoWhyIEGzmgVqKKTgu7jAYV6OjkKlgeJQGVuMfW4fDJoo8/4t9XpPNpa/eI1MSZOgITFZ8Qd6FU3447M0E846VUgR5PnPWcX0l6rBcIilQL3ioRqE9auKNItvZRLdC3J8nMwXct0dplB7yUKPVegqLpGDUXJCe/WBAP8doP1NMBsBN1lSGZ5ZJGs1TF1HN4D0Ucmnyo400Ytni43AGuqvTdTz18DpWxFPkU4XWvAznsdu7KGjAvb3bHCpGn/y43/Ib343Y8G9LcqDWrU05J2ONU+nf6YE9atnF1CwCaP5/Nu9Du+iDYO5Oh9TiDwZ1itqEJN7Bggxru5+QgPFXi8PsMf5Ie29ptoxhCPxxrDMbC4YwVm3Llur2qdWy8rMwDgB2AgAqaidks5djVjbfB1aLQb4lQfsfyfvakU37T4rUul1XbYiako3ZRFs9jLWbRdl4QEuky8XG4Tdc1NZgmenUMtvsL2T+AEN8/kdbbhtnZrFPA/xeRxjDOb3y9K5MM5IT3yPLOgqMA9LRo/3Fzi2xNj1WcN5ZWjvEi0+OyoC2CawrCPPCij/6UOZIeCGTyJYqDoX1zD4TuHvQHC6H9rxUbyjOgkrvGIYsyW2ZgnYtni5nK/irUphA1VoadsXE0gEXJ+jsV7gAUZ9aF1WhQIVJz9fz3LwuLAxoiruM+9SoNANqL5q80+/VTyUsfezY6UG8Hc1GWFtid+OqE8kxO0MS2NnQwiRIc49vs3XotIDnnycRYh4pgBSlt1OH+tKnvhFA9IjMolVMrHjPWd8BOVwWKKalUaG9eouTN6qJQAG2YW3Sv/IOmyXzLlwFL9TMIrg9xO02BGABrx7XctzLF0VcndmszWEbVOsG+M/BiJPkIw8VhFLGGKQbOv4qaPPN/CDeveHDwZLUkUwOBsgt8fmu9UzYq742vQkw0dSGrbEXED5Oln473s7RZH5/b3AYNyehD2uctbtoDai5WwuO6l/3x5yiOXfIkw5pfhj6gT1nzKXU8PdsbnBUx6cEYCT7QZLeusyO6315WH1XGcu3R636NE8Lz2/UpmbRD4OdKHC7jTGHFuo1H+doxisdWwDgmsxKxyIl99WW4ekMKw5L6VCrng/TyEtT8lPSDs777H6vlIofDScyKOSB7qWTIYIUP4+iiNKiW8xem+g3fYkylG569JFsNeQDZDs8MDib9LeMTT/55mL7Cl+p8nlX8JHfEmYJSlbdY4eWQtPkfHbcnVtr724XIZvDY68ocPskRhUUw4CXNNyV8XFKb01a1Gl7gYtzx76dTeswBGEFNsBfWSj3ndLy0TviwkI3hz4miEsr78t0nYRpGv1Bb3s5aUfanfDEz/JYwg12jKvOumjr+BytNfDwjSMTbYRi/D81otS2b12EunLfAml+Y3ZSojD1y7iYYpgJ2rpMfz1BWfkTWWFjV5Dldq4lY7RSaoQw8hl/aeD9kaiR5beOyAQ9EYI+VFnPK,iv:XJjhLnUgf1cc9O50U4Q8Pis/ZYLg5B9U7u3eDuDcjeA=,tag:0ZqdjgYNMsXcKGIs05PGvA==,type:str] - pjsip.conf: ENC[AES256_GCM,data:rVtOAj6DiUDAlM7m/E2h1EZvsrabmDb9zD8fQPvvTITTQ8WUwwU6etJm3CsnrfskyctnJQWqs2nQQol5ZtS8Mgbr9CGOsk9eOvAxQJcjvkI+tJKl/d7DEVk1XKI6jV1X2Y8klJlHROe5w9N2zzdEfDbWIBUig0Lc0T71eAzOEhR/9QxQD0OVoonk0AuG8xRa0vzyYJEvWbOeqrxiM74RlrGThE7U/+fM0rS68Yy3PdIVnOnHtlz5v//ZGcNGYNmncBV3W7avnlCRV+C9b9WblkG3UXQ/rkXI2nNg2BaKTa5545kjyJsuIYPbD3Mx15oTQaBhZo8KKAO7ZsfOGWSZJ13vdx4xnub8S63QDWEgwx1UzjoTCsnkBh86BFWp+xk+D5XDk4nC1qqV92Qy33d8R6HJ241INwxPK6ZV0X2FG00mGdpMzELDuq0yg1979QlIHqDBAOoYR4rhHSYYKCqKw9cXsURkqsz/sOqsb1BFQRY6+WsvAK7p9seiw14E9glPa0OkjnQcA7JjhOQGOvoz+p2UiygVDnJ/H+MaGseUPTUZGm+Moa442/xJAUpj80wfHxwOAX9kdWjOFBXBn2A8u/cmO6cdCQvG8Mpx57eZg/CzeqmNMGcjAi9z7TtWN3iYi3TxD25ZFfo5XSgqOmgKtI94Mt//insmLFP4Q3l4IHqTpZj4qQDMAtocShhyhDI49exHPQ2lWiKMlBtQ4OAbrYOVrVk3oHgJ8e7rRWZy1Zlu9UrfTEO/sj1xvXa/9mvJSpz4nQBz+pKyjy003VveaJpvjPXkRkhtLLDX4Aw0K23fWt/4GQEJIG04w1sJMHu/s5RIrP8bHZKjezNYV7Brvvlna4xMahSzfg3Z5cvOH2hgNKOoFglmGUqvWyeDm4CCepJ+WJ8TYkwIEMnjOnCpb+OF+uXwYpqUi2DD4pwzmEuSagaDBtTAuSIgtkSupakpOdQYhW3UN+keVcu7reBVtl5GWSVfviZ9P0Vyh0Zvtpg/qMTWipr3qjvtIBauT1ChLxW3lQ0Js7rTOOJK6uQ0PPv9MmgVTvAMTO37LU5fmJ3EGfTWuBSwvaDMJAvhQpXWG2PYXc/OhPBhA8dqxUhd9nmSYlHBSdR68ETftsViQaBoOyGEcjOZyTnM3GMQAlnX2rLcOm2KaYaJbQ+lksTT4eye8A9JY6YdMDrSfnkops+7ECJgqYY00xFI6bg0+C0p+WJtWk/YQuTDwjTHmKBfVIMOm659EzeXC2mq9j51z8jX49NfQg6heQYGad3W273P4El/As7Lm1BKG8cKHTo2yQKEcC9coYrRUcFS96b82sgCX+wPq2tb7TIHB7nMjuGc6oMQwQY6lcimzwlO/1r0HpCUhU/p3Sp2coyqgRI5WqczI5kqs/9pm/owASpGXOma7/Yw27Q9z4dDM0rz2mM794XpsCF2JxLd5AwuV3N9YOqwOWCkt7XcveKqz0GPd/l0RBHi0Nx58C6eWhbGSUK8lM1H06Pw/0fkh1qJMtpPK1+qqR37jBgktyVi941Ko/7LK4DGHk6P2+BsGNPrhA==,iv:n0S64/G7Pm6ZwszDDFMR4qvugU9+HhQDfptOv+KGkzE=,tag:BivicBQ1kjWRj7ZD1c26Pw==,type:str] - rtp.conf: ENC[AES256_GCM,data:wRhJ3O8qgECEuMX4mCKKv2igiMxTJS6p0IkgilBxPU7sdFsy,iv:UkXcVOwRDlp7s0+u7QbQ6lGyaJq2JO4YaYMzphOA9ew=,tag:iHJXCC9XAnaQc6qsCTNEYQ==,type:str] +#ENC[AES256_GCM,data:koNrUwSd8yki,iv:OWn+BvvlDhV5g0aT6vj/XnJn0yBpPEzDe70aEnGpPyE=,tag:nwaIzDU9e/VyfPRwigH/XQ==,type:comment] +#ENC[AES256_GCM,data:Edyn0TZVgQvmf4x4K6qzJ6OQtMJP,iv:JdIudLJ1b2qzkAo/tkbG8t/qubeL7v8Rp2yWy8CgRPk=,tag:WGUU4TgHa/qxf5d2d4oJMQ==,type:comment] +#ENC[AES256_GCM,data:kuWF0wpR2bGcP+mjurtCvNqhVpuqO5DYNLs=,iv:2JuLlQ5oS5hR1WGn+wMtAvOysy+23fvjG3HDncLBokA=,tag:sxgmrNZb3dphMASAG7lQig==,type:comment] +#ENC[AES256_GCM,data:6E+vU6uKweNZIpnLsk1R4wg=,iv:WMZ5gi5WKA2jfYV76Er5Dn36C78xVTXBGc+sLz2hltg=,tag:T4y/os/1pBwB8m4lt7aaYg==,type:comment] +#ENC[AES256_GCM,data:2aGKb01LdNLdJdh6hFPsiK2qnUksBeHFL46aeA4jcfqFT0/eS9OTEPrlfZAIlw==,iv:MV9Rt5jGygcLC4JTIMBR8FhEcKQ4hzyXWxWHgPMOnN4=,tag:y9exk7KSyz0VvbBZQqVTug==,type:comment] +#ENC[AES256_GCM,data:Q38m1R59G9HHQD3evNt0/OAF7KPLplLFF314GuNA+sjYZF06npZ7NpErJ41KjCi+o3sG2pAe3/j9,iv:4XOVyyHdAeL8pU1Js+4h+y3zvzuf/R3EpxNoHcU3nlQ=,tag:PpEbr1HOOAbSR481orm3wA==,type:comment] +#ENC[AES256_GCM,data:BtZh9+LW8q30LlMIeTeFo8s=,iv:pVC17w2XK4VpBDitwhW3BmO8CzuxWPYEUkSPIMrxa0w=,tag:Y1bLSBysROKPmmmacCcWdw==,type:comment] +#ENC[AES256_GCM,data:Yr3D4deUxfCfnx4=,iv:zcZbgJVH1JQnsA6Xl/tMA+v4gSE9f/UiGbDLOiogMWk=,tag:NTq+vVoA3l7gdfj+9ZUeqQ==,type:comment] +# +#ENC[AES256_GCM,data:DPNZCtKsvt2TbTpteOX5uh7P,iv:JQJrcv9uptD8cqMGv4DLi4YleF5Dg6hhU83V6vZfe18=,tag:FjEx6Lwj/0KHubeZcy62vg==,type:comment] +#ENC[AES256_GCM,data:Y5fUERk5GxkhMCe8pdyEuixXQ6tmz/2vsRmEBNdGrg==,iv:QNkZBFqg9lsTBcn/HXb5EUUOT5YtLk8cR3tH53BxcD0=,tag:LMpPZwdcUouyOLdw/QwRrw==,type:comment] +#ENC[AES256_GCM,data:1uSrAoDFqpqXWixv+YLn5nHh4eH+8sYlzpq548Qlk0mu0w==,iv:/4OUiMVim9Jr43+JpR8j5HEp2dKKr+2N3mnip0B0waI=,tag:fw358ATo6qp7Li7PsAt59Q==,type:comment] +#ENC[AES256_GCM,data:Z5ZX6TqSYcTaWx3ouOAY,iv:WF0YXeAYglXQlfPStMilAoVJznJsRoMGd+QnxPWs148=,tag:kVLnxWwiXqxmhzxRGdfYVA==,type:comment] +#ENC[AES256_GCM,data:xRp4e2j13CHZ2JzmvtO0jlEfWPsvaxUAw0toKtQWy82JbA==,iv:HxAk56MKqQkw6gAm7LskDWaCfF+ZAOi+XeYHkOBO6bs=,tag:MIwUfICkfeyttb+JGlHwmg==,type:comment] +#ENC[AES256_GCM,data:RrLqfa8+bWIo3ZF6TsH2+Bo=,iv:ByDQwPS2qDqLoHJYCfn8rwZzeHrNs00LQ8vKJq//Jh8=,tag:856gJo8SfUeZsUP5rXKumw==,type:comment] +#ENC[AES256_GCM,data:GsTl6zwg5d4UFkU=,iv:DSDqA2Lt+p/CnhPO+fZXDDJWy98wpJXV6V8SbBpokyA=,tag:fMUKuDyZAkyv10bmrl+hlQ==,type:comment] +# +#ENC[AES256_GCM,data:xeRqstRJfW6jLFimzF7Sdie8,iv:9gPkgr4udNSFHI/DeNWWdl3N4Jbo7jUlGcacXzYUzUQ=,tag:bdtHw+giVWaIL0uxKqSzNg==,type:comment] +#ENC[AES256_GCM,data:o9TKPq1Vqvl/KKywfIZjUc8=,iv:vWKE9iyf7uqTgngeYndKUr4Llvy02LOJZFxF8YE+IwQ=,tag:ts75yi4yz34i8wcz22yFQw==,type:comment] +#ENC[AES256_GCM,data:/HLJJlGoDkfRH2R3PQglBthL7c9AUZ9P,iv:zNwtm2hxMuWofAzlWmm2dRTVsfEdKgzVshlgiMUORoo=,tag:y0b0C9TKjTLmrso6nIBYYA==,type:comment] +#ENC[AES256_GCM,data:8dShCGz1B/q6liBoq8r9sV4=,iv:3daeyLDLldMpW1dS7IQSi7WKqePQz7ZucxPD4Q3s4Wg=,tag:FKtgLRN/1O+8AeGzMI5qFg==,type:comment] +#ENC[AES256_GCM,data:tVwliFSYozYM52o=,iv:FnUA3+4XJuyza/H3THOWz9mAHic69w4oczMcWKc+PwE=,tag:tw6onP5xt4GL2XcC+Cq5Vg==,type:comment] +# +#ENC[AES256_GCM,data:N4EhOl7yEqT6DQRbmBz5cnkxYQ4=,iv:H9z+ZP8vvE+PTauAAzg43pVaEjrLI4nLlIe4ni9Keho=,tag:wAVKSBEk5sPchGegUXjB0g==,type:comment] +#ENC[AES256_GCM,data:AZciKcw/bMIXHjTI6lRcl5xPBg==,iv:37TbQSCxbQPy9hkA4msaVqBwHMXJk95kZuM8pxEEGOE=,tag:e7FkGKEHY1ZHqFMfQ/jlJg==,type:comment] +#ENC[AES256_GCM,data:/WQn0wHchGLYUwQ3RfrJDiIm/CZFIkJROzBlbsf9LlM+k2s=,iv:RzRlSNosNS5xlRpXibQdcZ8bi01RDJs9mdoTBdUzQvo=,tag:DuE6htQ8uolsry0haNzzbw==,type:comment] +#ENC[AES256_GCM,data:NlA8Xz96TJJVNlhCCYqeHLJwYg==,iv:sTQ43in92gD2arVfHX4UrJCIHaX6rEAWcWxsCqnhvU4=,tag:vHczIYGp0WyPm3yH5FI48Q==,type:comment] +#ENC[AES256_GCM,data:X174VF93LZr70A+1vg==,iv:laAgfLpCwzAez03EN3HXwKzvfwbRECgIzpQq7vz+hXM=,tag:9ldfGGjnV50B3O18kOESaQ==,type:comment] +# +#ENC[AES256_GCM,data:0Y+K9H66/y+mzZM/Zf/i0DTr,iv:AN4wfSg7bT3dDHIJDuknE6/Imnd+L2inSGKNCEbSx2w=,tag:fbGNSv/Vr33jhVD5zkv0lg==,type:comment] +#ENC[AES256_GCM,data:hZN4Q0NdAp0h/4JPem/73VI=,iv:Xo86Epq3Whcd/dJGgsAqjWcfdDFuYaGtVA06d/Vik3o=,tag:tkJSkkrc9uLGl82Cwa6J/Q==,type:comment] +#ENC[AES256_GCM,data:Y0jraJtzyWQEYaikZCiNChoWkNLlJA==,iv:IG3CjUidzaq6VLbAfPQWAX8cd6A9rBZv6P5G8REXl68=,tag:Fkw7NewUqxDOTdXOfp5J/A==,type:comment] +#ENC[AES256_GCM,data:vJBYw8KYp4ET5VQQG3x8CmY=,iv:iRQS+eB58Hf9/aXGHHKc/N+yMMQNpvA0LyBlP9pP6kM=,tag:WB2SX7FHqKHxkD3jqwu4QQ==,type:comment] +#ENC[AES256_GCM,data:DP3cG8SqADmGjJ8=,iv:jt7aFHphO3kPK+tCBHWu5fZOOpI9qZAlXZYa3Tc/GvU=,tag:Zi6xriNT6Rew7KSLxrnxvg==,type:comment] +# +#ENC[AES256_GCM,data:ER35lsO/pWxe7Y2t9+CMdglM,iv:sYp6UWwkoEbqoKXscCwTDQhtkaU2gBXYFc04grB4mRA=,tag:J9UdyqtuLuVoEUE3pWtuKg==,type:comment] +#ENC[AES256_GCM,data:kubz/kXTQoLr8X2sHGEhovsF1W42HTs8hn1LI6bqViIhqcDe,iv:rS2KoFeAedKtFCOAZC50LSqPTPTzMaIHgtPWoSMLOio=,tag:z/IR786mgxtsSMsrjbBWyA==,type:comment] +#ENC[AES256_GCM,data:J4eVKfcyNnj4qs7U93wmWG7ziI2qAf5wrbZMFW/kiZYfIGzP3+4=,iv:ZDI5USiPw6vETDhCxF9s8/II1QRZ+HlXgHXosVo71nY=,tag:OPHrfgB/nqcfHTlzNW3UuA==,type:comment] +#ENC[AES256_GCM,data:BY5yJR2n4c3pN7QU4JUvUh+ZWfqLdaenLvSSyUXTlx+SXJUM,iv:o/NdY9URIt3FBrUfrbfTgBUjGDLXPNG9flDaoevk+tQ=,tag:hdo9PJsSyc+W3LS/N3t6mw==,type:comment] +#ENC[AES256_GCM,data:RFMv0U1PxQZGY92iQlVk+us=,iv:EEBhxZu0QOAv5oRM759rLGcpZH/QgSV6EYXiCEG3Gik=,tag:0S+4dhitEXzrJKdv269hWw==,type:comment] +#ENC[AES256_GCM,data:J35+o84yGofskT8=,iv:fvX6/RM/PLGFJGvRKeXgyKlXvpkpC1GdBfIzUQlMlcU=,tag:YgXIBP6er+lamAPgASFqxA==,type:comment] +# +#ENC[AES256_GCM,data:V+lIr2vZHQbmdHLElWrAowI6L3eHsAaiwQ==,iv:XUllNkux54jqE1B8Due5TvdSn9WDKjDnJ9x65bzTgqA=,tag:9coS77Zp8/3PhRW0DlxIqA==,type:comment] +#ENC[AES256_GCM,data:8OyKTUeTykagBB3pp4v5RoPs8faabv4/knp2rT2ybwHGf+hkT8InH35FsP040oSCMrRpnY+pOOI24k6YtGtg4ciPBXz367XQk5g4k9FQbTN8OGyXUsC9UTgSE8ezsuXftyuw81cXIJmmFUegaGCS6lngCTNEonG7HrXGMedChl6vbw6cGDdyzHQ=,iv:063MvIh0K4FRmhCeEKODC0mzXYA3xBfj5Vwr8N2F78k=,tag:n5vrDhj2U0+ihYTzpH4mbg==,type:comment] +#ENC[AES256_GCM,data:zGB7GHhzsrYpeCJNqGA1EvBLyrUmWC0PnnVChc3M7M8daVpi0EwXd5rDnsw=,iv:MjfJVQbTcQ/CBW9OiTe4B3LxUdoWSxZxutNpd0nSPuA=,tag:/btBe0uUdm6lT0qhuh2ofQ==,type:comment] +#ENC[AES256_GCM,data:rvi0Tei8aDONEIVIf8bFT5/9MB42cOkCUPDCOfCIIhBSBOPJgp/gSc7fbDyxPcltGKPmy5PZtQ==,iv:mL54m/JnXP0iCcXCVcqzDQtSSbzStDiYFNfOqh2beTw=,tag:b+KecBxOElBhSZO+09pXdA==,type:comment] +#ENC[AES256_GCM,data:yzLts4nuFJ6B2A3lOA6dd6C/dc0=,iv:eniXHvGrRVY7wsxHhBUmiXYrJRDn32GpVguSsivBH/o=,tag:m0nP3PQqomIoqFU59qSMIw==,type:comment] +#ENC[AES256_GCM,data:SbVJ/6BdZ2cUhIX4pRSoOFwNi/J6OEHXNQ0Y9+iaCpX892zAFTj7MVAEpwQ=,iv:zkUDjDAySvwrB+osSk6s8v0Xp2uWb1WnN4zu+ATeW/0=,tag:SjQxtFhDdGmZfDWc84285g==,type:comment] +#ENC[AES256_GCM,data:rsMLM339Ng0J+CSd8eI+0iJKEFAa2+TbpLYAFO9lD94vGjrRp2TLIYY3XbgCLK8qgR5csVCd5g==,iv:/Vq50LAtE4AgYP4hOR/TogL6E/PEiFmeRj8Yn5kc/y4=,tag:rcoMCfsY5aefbzycaLcCnw==,type:comment] +#ENC[AES256_GCM,data:juhPTHtHltDDPQ+0vxjAR+gL,iv:aoP45LG9s12qGON73w5g/Xo6fPONZKfCWxVVXiQVGPE=,tag:9grJnf3UrF7Ub3QfmvxN4A==,type:comment] +#ENC[AES256_GCM,data:hrrNKoeKYAlV8J9LCwydZai+9zgKB+pJY3gD43pqx4zkhDyi4ZNyiLSPGwc=,iv:CN89Sexq1wCBlNDiJLKdl87SrVAuE6JbaGZSl4K1Ibg=,tag:OfZzeHg1kM14bWCSlLvE/A==,type:comment] +#ENC[AES256_GCM,data:zrf0HtyxuVfKn6auS27cGX/wboqSzqPZOfdS5cezquL5ykJeCFNX2LYGMHi/Ab3y3o3Xup1KiA==,iv:nRBJ9/YXezSMbLZVI3wulLnhFs8worafDNAeqnpFAXE=,tag:RudcLVsezIkjY5ze86P8Fg==,type:comment] +#ENC[AES256_GCM,data:1NbfTZRxDxoVVlYGWiFbraw=,iv:Gsnnpuu1m5yfOyogbCBzJ1FIZyjL8gRqRSyj5uYqBZs=,tag:DDw0PXGPdoU9Dy6CiJQOuw==,type:comment] +#ENC[AES256_GCM,data:Be5ykZ9sxAHz7Bk=,iv:3QA1EiCbpagmNOqAhyoli8A0nQWfODTvElECykaJqPQ=,tag:ZK+GpY7b8rKw7Yos+FOpOQ==,type:comment] +# +#ENC[AES256_GCM,data:/9VfkNKqAReTgTdSvQY2JaAHsXtumSrQrd8=,iv:KcUHBGVlMyBnddeOI9TBWAv+Ik+he2bLp53Ddgu0Zcs=,tag:U/imF4+lPRes1t5gUpD2XA==,type:comment] +#ENC[AES256_GCM,data:CtP3PL1Nr2unz/SQfTIKynzflv7X42i2gJBqmsM2kdoh+q/j3XJy0Ry4Dd3wqjMk/vtrZGFrWdPoEJ5KrYvN6BvdzUzzNhc6a7YuqXkFsXBRipGw66dpm85RJ8aQYgWu1KqPRPoSnqSglAWLXBF+HzbIlHSuHQ40HVLms/5y/u7cMJgCLRtyN6c=,iv:Z4eSlo3EGDMx99wBeyhwWf3jsFWNHwWa0Or1Mln3LF4=,tag:7+p+T8Ud9s/5kLrRBEXhSg==,type:comment] +#ENC[AES256_GCM,data:wBpUUVRSQImQoZDKHuUIbNK+bhKv+YHjh2Yqd9QW77s5XV7LrRMfW4/ZYQ==,iv:8DKM6v/mSgNtIeFC3YEn/YfzBV8gQNp+k+C2GXsX2oE=,tag:25hDvhgm9DPJAqSI6bvZGg==,type:comment] +#ENC[AES256_GCM,data:PHwWZRIhodwLWqmpcEdWQojLzEBM9ots+X92w+SUpE8C865cslcU/LTRRlB3M/bnfuQpK7Ac,iv:Ng4jmfoGaFTKViTp0FXeQuCIZaBI7FdsYmsCzJ9LVyU=,tag:BipNTijyXeq05DSdWwRVag==,type:comment] +#ENC[AES256_GCM,data:bYxNetex17+C4xJO6WSMxbHH,iv:9WhdhpdcUh324as7tBdd2m51mv1/eEpIELOoThtcuVs=,tag:B75EaPx+bVe1mVew+UfulQ==,type:comment] +#ENC[AES256_GCM,data:AhoWpnxWgOeeU5s6wL00L6reBcpOtV8irwVd3fAEe8DCreEPBnqpwGevwg==,iv:0UWv9ucAj9R7y+QUEr3QFn4GqS2UoRc++xSdsAErDXk=,tag:kC6N1fNTz4YmSsMuEW6epQ==,type:comment] +#ENC[AES256_GCM,data:ov4K0cJSxxE/ENcaevRXJV+jAfKGKBsaXvHYgArUtVHQbepWpGsJfCkppwwvVcEyTAfeUDNO,iv:i/CRlQkyUA+CF20SAA6GbCTBnHpRXg8qbOvOZoR8XEE=,tag:abAym0hWQ6wykamhCZtl4g==,type:comment] +#ENC[AES256_GCM,data:jSJSXRF/DEnonOg+++gcFGkr,iv:g1o4qexYJY2aev/5qMJEyMyyZGO4P1Guijl1V9q8y2g=,tag:nLYnhoNuxkbOgXnkZTrS7w==,type:comment] +#ENC[AES256_GCM,data:2ID1+ZbUX8wEPtZEqgRY9WueOOI5vD6UFfK0P6npXgfxmfvGmB+e+dnt4A==,iv:u/OM5noggVYSVuHhc+tKCxBiX+t6PSHB3EKERkfhmbk=,tag:Sl3Yf1iN0PPE6hvWu4CyTQ==,type:comment] +#ENC[AES256_GCM,data:g0k+f1bApJG9pLPfnAur6rny6xMfI2K9c2X9gVp6AQqHj/5VSQR9vSpF+9Ng4rS/12UAZWfT,iv:NNquw+EnBevv/5sZFsClfbo/4n9W8guxBnaEhsiP5gU=,tag:74u0ii9UIIbW2+IQ94KSkA==,type:comment] +#ENC[AES256_GCM,data:RsOaGh7pe2N8dICKNpwLWXo=,iv:6Jst/NIF0E5mb8vnsbGFen5WbCcBPKOhjguja6EORes=,tag:DQlmrUSy3QZDPWIyOg3Sbg==,type:comment] +#ENC[AES256_GCM,data:LzSQ1zgetryprs0=,iv:0vW+cUM3k97Lrbo7hF4c01mPbeovrOwPAUwVzz7thcw=,tag:zt0DteAxi4W4mfkdB0mkYw==,type:comment] +#ENC[AES256_GCM,data:MvQ2a5TWmqN4Ew==,iv:IPCYJBFM1x1s0jNITUE42TsOJMX1nBl7tYnfkpdfvU0=,tag:SVherXXtjrVwZGW2azmLXg==,type:comment] +# +#ENC[AES256_GCM,data:bgc4f/2RrR2dW5vQjeyNePgmoLOKmpIqzVM=,iv:H5uenlSITm9wl6Hkk+91yG2J1II4U47ROIlGcuZEhFA=,tag:M/9/Vjr6sTjKbLeyqnyE1Q==,type:comment] +#ENC[AES256_GCM,data:qEWa5Gzr6XseeEs2sYkoXE4TM8n3uccR9Q==,iv:3aWgaP+TNUBNlQEAnrOg/kvIRHyptkkB9h3a0dWuViA=,tag:kPWFT0XG5LSMrSD1JIhOUA==,type:comment] +#ENC[AES256_GCM,data:Q8g59UA+ZGRXT7Ygr2f/obZDP8MHXw==,iv:wgw54HCMwdJQ2p+OP3BB+Qh+v/GQvhquScYDgvSAPCA=,tag:IB26ffBNOJCX8+2Sl7ElEg==,type:comment] +#ENC[AES256_GCM,data:uRxOKL32JURtb+/XE/mRQ+CC2aYWWxR98p7AGyUASd/jFnJdl4aqttVvKabuMjvKWrsk2c1xD734Dz5tMsclT8OB7lPNwwpGp5g=,iv:jA0XIYjCR/4+4OjNnr+KSt7ulliDa9w/2tEPD7GlHo4=,tag:iOiTfLnafUH6VzrpsgefKw==,type:comment] +#ENC[AES256_GCM,data:+g9BiEj/8FiydQxDNO/Fche+,iv:1NkNgP1QxV5emu1yHap9/srF2tt2g/8jaXhnE2Uz3F4=,tag:OhlBkyyNkJyFPhyf+jiKkA==,type:comment] +#ENC[AES256_GCM,data:9p3ftfRZnvlhRAYakQbmzfr51QSeLnD27Q==,iv:Tk0N4HLngjY2Kp6AnHlSppo5JS2eupwRm27hEdXdYL8=,tag:6Em3dbDs2xbC3kk6Q7Wcjw==,type:comment] +#ENC[AES256_GCM,data:lueEj+bYuJOB+l3ll6OhVcfSz1wX7Q==,iv:gDRtIVAtaDAvHUcK/xjQgjjo/AZByRuTR8cXCapgZXo=,tag:dcoanmEDgtulvJdtTC8iWg==,type:comment] +#ENC[AES256_GCM,data:mDV8VHOVG0VSvqZYNbjDB162HEHFQvMR1oP7,iv:zjBquqa8ACwtNKbfXGVhxDlCHsi45ZWaq/F0Dtxd6fw=,tag:whdb/WADQtESImE4jImwOA==,type:comment] +#ENC[AES256_GCM,data:qZ/LnzbeDvj9f3QalSd2OwuLEsvEfvOTuiy9oQ==,iv:5OBekjL+y5oR8L9uaRLXYcZ1yQt+Sl2jPCiNmRv90sE=,tag:IPk79XfIFTdkzb0NxEnscQ==,type:comment] +#ENC[AES256_GCM,data:0yd/4Ctgq/lil2OBtMLIopj+T8hdRqbfq9AyZw==,iv:T0qg+Ag/6UycUCOyauD4oj92c9SUocmTDKhxFYCPI2M=,tag:PcQFljhmdPb3RkkLOXjqMQ==,type:comment] +#ENC[AES256_GCM,data:aFzpb99XER8q6LfKb9SEVRDj,iv:gFu6HVrHmgChKi2EMc/WdowcqktML0KtuyJdJhbz5rM=,tag:/f1qElxNivJOzb7SZRqi9w==,type:comment] +#ENC[AES256_GCM,data:imSHtr6vBCS5aMBcPQOfMai+Sbh28jZbGUfzo2Ye1KBttLmV1QSJCA38weTZ8GahzKQTlxaEnG24BmyTs9UN,iv:E6oF2mW8g+03q+F3vUfsklLTqaMo+qiYC3B/lNPzhaY=,tag:0mxqqVsi0ZAT5EAhLKaKLA==,type:comment] +#ENC[AES256_GCM,data:8KHxrv84NgfoacA=,iv:vlt+6Qmgw1R6v2KusPIFx75xFqufcssB26ovo1+6Zrw=,tag:/bG32rIh2gG7dW5E6S/aLQ==,type:comment] +#ENC[AES256_GCM,data:R+t85y+viDb0/R7JuyB54k4=,iv:mBVQV+tltYLXw+foADu51N5fpXrqF7hYLG2OiMbWZ9k=,tag:xeWXnF7TI+kiehZIEEEcHA==,type:comment] +#ENC[AES256_GCM,data:qVn0Vjo42u31sKE=,iv:2453HNpZLxnJasgAXAyjWx4BK6Y2IguwdrhyagV3b0k=,tag:AJXsVweXNiQ6hiSdRD4rvg==,type:comment] +# +#ENC[AES256_GCM,data:870a7NWcXKusP9tkmjpPMH7QtNL5EuiR5A==,iv:IEGuYGVk7rVi4BF3FQITwPAe6nGvs2t0GYA/UTl4Jdk=,tag:1cvq8VJ1VbxXIeCEhPK9uw==,type:comment] +#ENC[AES256_GCM,data:6fr6msoUoVJIJDgtL9otyKory3iWVA==,iv:vVt0qCnQyZoYc3Ncx5Z8YHGkBLJxADQS9KiU0fvANNM=,tag:MJkLWWfw1O9Jnqbl/6AoCg==,type:comment] +#ENC[AES256_GCM,data:tWPa6UdPoYRiVElPbYNv/QFYloJpkO/9izm5DMflx8KWSYNUZtu8QmLvrXxmEpTd3AEicr9ZGGaTdMdwos12xC86IyjPsLb3JxY=,iv:PGWtqsLB/0xMxgi//0EsZo8OxqlJrwD69JmY2KDZcHk=,tag:6GO9Lkjp/Egr66AZPS8mAA==,type:comment] +#ENC[AES256_GCM,data:8pSWxh7uUisOxbTYqIsKYiX+,iv:d6q1eQV2ckSU2vOzqrvAZ+Iluc9o7+ZMhIxo8H03PqI=,tag:hxnlfCBr6gZg4NvJ4q11jg==,type:comment] +#ENC[AES256_GCM,data:FG9YA6i8HJMNSaTn6R8PV/edKZeAHPgEwg==,iv:yOFVYMr9ZPs5z9n2A9KStZ3fhiyQhJpMui0huSfs2Zo=,tag:EGAtYW1uc8Bbj4EHVofhQQ==,type:comment] +#ENC[AES256_GCM,data:N0vkSW0vD0YL3jyTxJWscknooIt3ZA==,iv:0zhhzYCdNFp8HghxrL9Nu8vrRHAm0FVpSTWBQWxowgc=,tag:DDkE5xue1051732fUMt0JA==,type:comment] +#ENC[AES256_GCM,data:UIGa7jpdOB4Lfv5JsbjlV8yeh8pDg5tLZ9My,iv:JAGqvE7c43pWRGpwRS5qjEjRVrnv11DESCaGSzarwHQ=,tag:zGKKpmNLjXFDXub7Z2AiVg==,type:comment] +#ENC[AES256_GCM,data:jCt4qMitq+meYz8hlM5HDfJ9kN7OM9CAF/aY9A==,iv:BFkU6fr827X3dDSig4KXKvEceesmWygAGmrBXWwCxrY=,tag:I+z23JgupQ6UHYJzE2Oh2w==,type:comment] +#ENC[AES256_GCM,data:rhBzSaTx+gPSWUepEbG7d5j01MEPJwcDNoU=,iv:JmqO8MvpeqlkSboWuVAF80Sn9HsR6yEjKFJgKszc8v4=,tag:jLpagtpfGQ9rv2faLVDx2w==,type:comment] +#ENC[AES256_GCM,data:FRlvrmXEf05F6PgENUZVaC5R,iv:Hbb3myNwiWlcG78aHWWe5az3HpujpavT0imPVDERA9g=,tag:/Ala51aCehpJ06/Nq0Aqcw==,type:comment] +#ENC[AES256_GCM,data:AdmSotjFoQ9HLllJfVhytPR38/uV7hggeQW6oeJjezTWPGdjetkftraYS0I2oRz+cCepsBNyU7V6oMU/IKKm,iv:Pab4QLtgCN/njzl5G7tUJiiSHg+TCK07rlSPobJnPr4=,tag:e0crhizVQlOayutG838VvQ==,type:comment] +#ENC[AES256_GCM,data:cw4Ng6EYpc4dKxc=,iv:4TrHjJygdOeijK/2vJQQsO3lGa0cVyCsSWmRSA/XSt0=,tag:v1GDX3qiYyAGgCpUVEarMw==,type:comment] +#ENC[AES256_GCM,data:qQjh6E7jme6LAUtb0kkzpqg=,iv:t3FFpnb12Hi5uGe+bMqWB84mqMTBZqewGi/fAEw+noM=,tag:RJu/O1TA0cy1xCjFuSYJjA==,type:comment] +#ENC[AES256_GCM,data:qTlNeSq2WkF4dOI=,iv:6ymng817HTeDds0KuW208kQnfarE7ahBybwyHitisbM=,tag:pAycVFy95ujAkPODZOExsQ==,type:comment] +#ENC[AES256_GCM,data:UQkM5k5QfJfoFg==,iv:0TDmGDUADCnYvIJf8cz1tD15zGevTEUPTfcFyWPuhoI=,tag:vo7JDfr+UlrtWLng+L3O1A==,type:comment] +#ENC[AES256_GCM,data:/b7HzhZiiuEifWiw6QtQ0Gk=,iv:32tJRHd0pqs4B0Ut5yg6CiIINzGxQczg6Ka/ZN3XQAM=,tag:BuvitctLA6QuM9L1+P350Q==,type:comment] +#ENC[AES256_GCM,data:PJSab7u1SpCEJ/Vbek6BckFjVMhoYjhpZLwsy2Q=,iv:nSguWEO8LZW17AhSwbY2QgWf14iLnL3SNxDbP11I6s4=,tag:mZpa2HC9eploCJRRfYQNwQ==,type:comment] +#ENC[AES256_GCM,data:ncqHrtotQtoXlVLzQ17WBVdlA5CP9A==,iv:SrvHjpSzyh1hU4mpPbtnej4WJ5+WP2C1UKxFwiYxSw0=,tag:TfLM8CJEEeAoItff6wSZmA==,type:comment] +#ENC[AES256_GCM,data:HjCAmw7B9Ah1/pVwxb5rUXqy4Pc=,iv:bDD9cKd/imH5+iozynxDgPEoSEIIphjkfwCZu30qKnU=,tag:Us5niBmVRaXPUSVGGwdHwg==,type:comment] +#ENC[AES256_GCM,data:4XnKVoC8z/uu0BVlJipyv/l7a0ZNdQ0V1xF3Nz1qN8M=,iv:A8FS4aUnMlu3KibbM4HSaSmbMSU8LsPzivzBNUvUxoY=,tag:rI0q5sR921vCGWk6yL+pyQ==,type:comment] +#ENC[AES256_GCM,data:jNXvOEztxrltP7q4rlfn3GMCNqTJgSihMwN4rq8M8/f944oxTrZKX2TR74w4,iv:dTDRhG9MZYxF8GAeVUUHZqKtwbmLkvoBZkaw4klIRZo=,tag:R5OOeLPX8ILVQ3blZeSp1g==,type:comment] +#ENC[AES256_GCM,data:PPV53Is72DbKryu5SldI/cvC/OEi0iUh03+aAm68CKqc+8+2arJSPxYbMwl6lr/N/w==,iv:CulUqXYhQAPb/Nxd26i2VPeJbJRqhRkGrQr1oFUZrUs=,tag:s+aazHjWnxoTg88xPRIdnQ==,type:comment] +#ENC[AES256_GCM,data:DvVpwJ/qga9No9NVByjR/kfrqpThk7b6gyGbgKlA,iv:U5O+dAxg0j92uRbo8Mmsqrk0P+74RBhILnRzdIxmjxE=,tag:McLjNRvm4ODQVc5U2WMU7A==,type:comment] +#ENC[AES256_GCM,data:JDhpV1lVCLEtxrw/yG8F6q4yJj2uW/5yyERoiBr7Dp4YMfM0B4F6A+nuxg==,iv:FQ6BXkQDX0jPy9+2vpBQA4AEKu6tKm7Fa/++85gTtKg=,tag:uXOtz5aDEovuZOfpHGD6cg==,type:comment] +#ENC[AES256_GCM,data:Ss3HZ9jwy3BYEPUxIIcb9owjz0pC2/tHSwiXkpjfHI/VBsCo4sjhSLPEFJBwAmQ=,iv:In4bCeJ+awjGyosyzUnMAJJ6HNeYKYkssZXVTFVa4eg=,tag:r5RCOURKd88lIQ+/hh0Ieg==,type:comment] +# +#ENC[AES256_GCM,data:761fAyNbew82DpMOHHhFCtbXKAirp0/EHLQ=,iv:vu5eWu3I9N2KNOLYsgvOJS8Q04Qz1yILJKFo8GcYTHY=,tag:8APc/1x2khyhzYSYNSux9w==,type:comment] +#ENC[AES256_GCM,data:qAM3q6ux/NY+F/HTgtPyF07YHgqjeg==,iv:ub/L+gvpoJY8VX/EZ7rGCTA7RLdyXzEGAIj0u+kbYl4=,tag:b7bZrmw67GzDFGIm638i7g==,type:comment] +#ENC[AES256_GCM,data:shHhdwchJf1ycbSQIDGlTnwzZfA=,iv:wXP1bMUQyMVoFbSMfDFa3hhqwJAme/0bUSfsx0oUx8s=,tag:unko7HBj5Oe5RzqY1JCOIA==,type:comment] +#ENC[AES256_GCM,data:eQOr4L454juTJAIWcwp7pPKiMFaEChE59KYl20g=,iv:LEFggdiT50AkRj/T6shiTfIEtznA+s0IgmIFq/cVKT8=,tag:bf+3uWrDV8uyHaGQz02bFQ==,type:comment] +#ENC[AES256_GCM,data:8EN21PgAL3k8FGkZBqG8PRYTXEfYbRfzXqvZvjOOYbc=,iv:09sBBh8Pl7Gw3/KknqJF+mX7sziXUsY6k+8riEPJJSk=,tag:RfSYmcyxFyWbWFRpf0vtRQ==,type:comment] +#ENC[AES256_GCM,data:Z+KrmBfOCc7buLeEZSortJrp0EQFH/gTfCkp12l6,iv:eVLTPRO1Hiv51fWfckSiiU+psvmvHT2usL2IuT1D7Fg=,tag:fcisj0TvbCCANTrpOCzq6Q==,type:comment] +# +#ENC[AES256_GCM,data:1naYyapZP1Sf7/d7rvM=,iv:+bzQzrKho7qmANnp71hn35RVYBNFaHDXfRBoWrCjMp0=,tag:iaDYIb50KLsBwKaLLLCJTw==,type:comment] +#ENC[AES256_GCM,data:AsVU5oLsQV4P/eO7sdG4jQWI/9lY,iv:UZuKcwnGMbL7ynJy6Hi/a8NV6wRSaxdPZUlsDaKgE88=,tag:gJ3IgoT3VsvT7VU2I49+/w==,type:comment] +#ENC[AES256_GCM,data:04u7xJ8FAWO1bwYshgTsvYF5aWPKbbvpDgnH3dfbbJ4rIg==,iv:OTs8fcjT6irtIyoPVGFNC62MDatUaRI6a7ZjezEMkKk=,tag:JmWCTY4FLMSQN2qWFoqQ/w==,type:comment] +#ENC[AES256_GCM,data:XtpX+ghnXln/pBWR2nzA+dVvF/JhzoAJ,iv:C0vXbHn4fvu2OnVHV/R7TMWvc2QPvaQ/G03gDVaj8Vc=,tag:FbC+KYWz6Rm/2OJzj8gSQw==,type:comment] +#ENC[AES256_GCM,data:mPNDHm/1+A3EF1cltM9Nzs8NTi53z1pGyT+1x+PGuo8wPs5s3Pm0pe4q,iv:eXRESlusYlM8YvY5WGNxxsIFxCE3zss+YJq3ZGJQVRc=,tag:jgtGt5mISZVYjwn1SMi0Ig==,type:comment] +#ENC[AES256_GCM,data:O3YaY66fkwlRBFQ13/51TfmdDUA=,iv:wQ0BhRyN4gKXScWxYOTmUaYIGYilN3lZnd3yXIYxlbo=,tag:NBu9CFWUqk6x5q8BGdhisQ==,type:comment] +#ENC[AES256_GCM,data:4mOi5U7tX90UN1Pqt6az5hQm,iv:aZkshz0R7r6wdyA+4gexy9dh2pGC8JNAy4r3JXvbghQ=,tag:R9x9jkc8+VuzjelSqpeCTg==,type:comment] +#ENC[AES256_GCM,data:Ze2NZZy3deWf+PYMCBxwhM3E,iv:IyPA8m+xQ6/CyYfIYDoXf0LNmhbmcFnWyiR+d8cTB8Y=,tag:br/4/5aS7Wc9oVSWWfTCmA==,type:comment] +#ENC[AES256_GCM,data:iXM/bRiK2WID6LV7ivdBZY8t,iv:AhZb5XiGFshAnM60322SJETK17z9KpqucrgofjzjR6w=,tag:byf4ZF91atJcO+gA6ImyWQ==,type:comment] +#ENC[AES256_GCM,data:ChhGNI/CaeS2uAFVXyCJGOA=,iv:u6wsa1iANNDytCaLEdYdAeraJGs0qN+mQ0UKIQemJu4=,tag:D6T/VwzjF22sP2MZwblLdA==,type:comment] +#ENC[AES256_GCM,data:pa0vuJMqgJj5UIT2qvbdGCo=,iv:DyV73yWUdMdoa702d1ggZtZGihnqc3rlusCFyFCDTpQ=,tag:DEl+iodZXqcB7NCbfySb7A==,type:comment] +#ENC[AES256_GCM,data:Z81YGP/CiAueQMSU3jKiSCV46WT3b7EaO1AWe3I=,iv:90xZtzlIze9u8LQg/A1v7ot0RsMdC+o2KUZGcJyJD5M=,tag:185KHYhPwrGIeaIATMG6JA==,type:comment] +#ENC[AES256_GCM,data:fTkbtgJLL0dpW7ne/HbrsyTCEWUwT8n+YkTefUXrd/W3xbAdbivwRBym,iv:cZBDGL3JVKGL3krkuShUsPtyDIwmdFaLHoaNpGPATCQ=,tag:zI2nkCDmSCVAy1gRshpPIg==,type:comment] +#ENC[AES256_GCM,data:tg9yQg4UxMbEToWsTWT8GuXu2pwzgPQ=,iv:hd4nykf9C64HUnEBxTE8TfpfvVS1HVaFsBxVPXaNW3Q=,tag:dIGlpldGYv24yE7HSeNxmg==,type:comment] +# +#ENC[AES256_GCM,data:Hwz4Wo0LeshEMlN0AAk=,iv:QjqlUt2Fz6b336ySN97KPAppEmbgOAL4/0rAB9OPdMs=,tag:t4p52GWpd0ONIAoSEdC74g==,type:comment] +#ENC[AES256_GCM,data:iPuF/T3jM00fouYANF4hww==,iv:8CbNJog28zwe8GmJufrK7PI8/4ph94So6w0JWhCffPw=,tag:LPPY90qiGbgjUJ95MTK+5Q==,type:comment] +#ENC[AES256_GCM,data:pAPpPtByhIVKa7pCwM85mLfNKd12jA==,iv:NDyOr7VNrYP+oH7NRotc7RpRFfFT7Yhk1H16OKUVtFQ=,tag:h2u53KtUfaw/MiBWXyXsFw==,type:comment] +#ENC[AES256_GCM,data:rejRFwFfNdaZDCjWDVbw+0C68VlTJpyyUOth,iv:jHz0EZdZHz2+gOcG+2/0CAyd2k4U9exvQOzugZwyNfs=,tag:cKkGscx++0q1Mlo6agurGg==,type:comment] +# +#ENC[AES256_GCM,data:pTVBKKE9q9v7+ZjdY68=,iv:WQ956XLsvCNPEpCL4JNmadhHLoS7S/8tod8fMLrQf5I=,tag:lCytViYpkE6BtJ5OY5n7nA==,type:comment] +#ENC[AES256_GCM,data:n2SzH57dweIGijPecnE+/xE=,iv:hAbEIzVwrAB8uXuh2wBH9E/rvsS7mqgk+FMQLCFtVdw=,tag:EzfW664vfiOfPWHcjSOEVQ==,type:comment] +#ENC[AES256_GCM,data:N3dg6dK4FZvUh44RkC6B22ctCzxrNLkNP8Y=,iv:5zPUorfS3J5XtTs3mbLljYV9G/PMjSdDohWk35zqA9c=,tag:TcD1/rnD6CrsR6pEfIB3zg==,type:comment] +#ENC[AES256_GCM,data:cf1CYbMC+bG3KO8BK1ctaok7NQU+,iv:ri5NGrT1zNQx8cc4A+iePV2Txtj7TT6ZhmXMtZZIHBA=,tag:0hD44RjYLOyp9VPT7FXvQA==,type:comment] +#ENC[AES256_GCM,data:uSJcPrieoeXzK/jMxzhIoWjZ8PQA,iv:4ciYuyyyiWErOozctjUssNeKEvXwjw4BBR00Wye6Ulk=,tag:Swp1RxMPu+z5EbTd+2+Pcg==,type:comment] +# +#ENC[AES256_GCM,data:M71IlxnACTBo/ZVoByHS,iv:mz53kNeoZ/I0L1gCHNplO/wkiuv3Pa5cOdAkbW2H6aY=,tag:uv14h8nqiqilLQPxxZwu+g==,type:comment] +#ENC[AES256_GCM,data:ctZR4y3L1Kkt1XImNios3g==,iv:/mZRQO7itMZhFu++g1u/CZ0k/NySK3Ssndb+B18VjHg=,tag:xA1br9fn7kze6nKXw1U5CQ==,type:comment] +#ENC[AES256_GCM,data:KCRx11KSpYt3jc8KrsLlOkohAQoMrEM3xhkjWA0=,iv:MC2Ed79B/C2Ti2xhND9Zud+SsVi4HlW8hFigEg61RH4=,tag:3U1vzj+X3mSCJiph9eDExQ==,type:comment] +# +#ENC[AES256_GCM,data:syJIANmTl822v5R0CaZm,iv:dZqFx0V07L+AA0kdbhmd/zAwb3am4xKlCncSYmTUoww=,tag:rarebRjHp/ePr3c61gS22g==,type:comment] +#ENC[AES256_GCM,data:P+HW2K26Ro1aIc9U9WhB1hs+fBMy,iv:wgtCxHBMV1VP3aC+7c09d/ZbataHNsi10+MMNeExCfE=,tag:ljJA0PYZMTKH0svHvrhTaQ==,type:comment] +#ENC[AES256_GCM,data:+bwRXTLBm87M7woyQu8H1xLWAtcziUMo,iv:wOsQVvDYzKZ+K/nny31n9I6oRN27KZbKW3/qMwwFcRg=,tag:wvXx1P3f5yaQJt6Vfw5Abw==,type:comment] +#ENC[AES256_GCM,data:kOpTKJrs9zEyLRvuCrzCgAcGOWs=,iv:wv47cqmw9qRI93UpH2HEiwQ4z/0Hh3Uk8KoOz+xMXlY=,tag:g2MSlsd8mrSAcOl6Zll+0A==,type:comment] +#ENC[AES256_GCM,data:CrF+LoZrJQFZ1qEiVaEDtPNz,iv:bEwRChGTIzy/TYFRX8+LNspgBFsP8BaPaClkhlSccCM=,tag:2J2EOQ5DablYMShw5ftN1A==,type:comment] +#ENC[AES256_GCM,data:dI63YN6OjqWYpKZlL4nFKIyr,iv:Z/hpFzm/xFZ+CbjnmXnyCcsVht4+dwfiLa0w4ZJRoCI=,tag:kGCAI025/e0OGxyD9058pg==,type:comment] +# +#ENC[AES256_GCM,data:TAfLyQue1g2BJQI/wv8W,iv:AXIQDwYrV7VcomWA7ma2aqPYBIyQS4n56lTfWJQ+yUs=,tag:GtGBdQ+58GCcNsHhP7oiwQ==,type:comment] +#ENC[AES256_GCM,data:rh8P0ngb61FEj7gmwC81xAM/VlBi,iv:evqLKuYgoYKSDeyMR/qgry9ZdUXs43bYDkOgwesLaOc=,tag:+4qtneJQN7GKjEnTxOigKw==,type:comment] +#ENC[AES256_GCM,data:emvw13eA7liyFYskeQkcLwY3SOR+Z3I8,iv:arsc/GaQFBFU98ZROWC8OQBsGUwHHNQ6OtYvVzW0ku0=,tag:xnDo0c49vrcpF4BLJTEtpA==,type:comment] +#ENC[AES256_GCM,data:EkFxLiKlPDwAKK/E5d+cpiw8FgvNmW1gtpngahzEA5Ce4If/Bg==,iv:zQsseNpyW4mT7GQp6ADNBDX3SNWjnSGIJmGAzHLE6tc=,tag:BEEfPC7pATG95ZQbCbOLGw==,type:comment] +#ENC[AES256_GCM,data:MPkLe8WaC1xZUZfc5Fv5ayx7,iv:txOc29KRFcjU2gzkF0k7wzCnKDukDcy4uErZKKbfe8s=,tag:mGYqbafKvzcSXzX86PYZlw==,type:comment] +#ENC[AES256_GCM,data:wv7Z3jSiyax1IzrhiP+KvhccLhY=,iv:kZ0yTnHw7hGWLL5rPiK3m2fVtmkbSqc8c9HfmuSLfTo=,tag:kHLORLIVOc95e+U6qVnLJA==,type:comment] +#ENC[AES256_GCM,data:t1bw7qSOfu+9FSHPkKybc8gc,iv:IRs97CByexbWAJT7p4NKDKer3vwsFHx9+HQ14PXAaK0=,tag:a/tjedW0wFjg1isufG+XSg==,type:comment] +#ENC[AES256_GCM,data:MctPm36in8QYiOm/oDwCFNUV3+iwy68=,iv:ht+3MnZDqop6NrpTTP1NxXKw3W2Uxb97RpFz14POGJY=,tag:FnO5oTzAOLHX6W2LynKvkA==,type:comment] +#ENC[AES256_GCM,data:OAFeB07mHMVp0ZXpje3Ruurgvyc81z7Bbcd7nK7ZvGvWUQ==,iv:EIahYcU/L3m4NEl48JR9B4U4bfTECPeeH9JSPMUfY8w=,tag:fL6sQhNHBetXkpzMD2tLeQ==,type:comment] +#ENC[AES256_GCM,data:p4SkEqkgBc91VPOP1dnKEzuz88gbxqu/InVztjoqC+g=,iv:VbdRX3Dd5xEABPGyn8HW0PsqUdViTR6SLt8ptyYMKSM=,tag:lTUKz2RJBcF+jnZjcp+uXg==,type:comment] +# +#ENC[AES256_GCM,data:UZCWBKBgEcNeRHUfTurT,iv:V02x6pxQBxIMBWtIuVS1B0z3T6vsvTB0LivY6zEUryA=,tag:WB3LNHwcrAD0ECwlW3u06A==,type:comment] +#ENC[AES256_GCM,data:++cW/Mp8DxwAj6qDS6R3ja/Dkr7B,iv:guoppYi2+nr8ZvPiEk5PHx9NUlKWgXKWOgIz8hQHG98=,tag:gh99y1r9OVNNR6DzQAk47Q==,type:comment] +#ENC[AES256_GCM,data:Rr+ary7Q3eF5mGFYJAlU7oQnFJ/VKI9GPHOX+vnGubOIbMRiQQy6FRgKNwZJqXx1HEVqoSLf2DPN2w6Cxbc+8tlPf9w=,iv:WJ8ovxoPEOR0lIiRuoorO/7j27S7AIrcpDjqfKfb7K4=,tag:erHL8jfBc6B1okJnknB1rw==,type:comment] +#ENC[AES256_GCM,data:0nyQ/wj/6UhsZWVj+ohMnSsk+g0FNQ==,iv:+rO0ddTFacXf9tsiXCJUgWW4iOpTUn4HWQQdwWsAGs4=,tag:9QAHLohS5u9WE+qlSnYQGA==,type:comment] +# +#ENC[AES256_GCM,data:B9mfN6DeeT9WCHYI9tAK,iv:F1MQcw4LvPagzcIzvBy/jlFKMecu8vW2SMSdm6vQylA=,tag:mSJIhvLxIyRMVZI6hwq/6Q==,type:comment] +#ENC[AES256_GCM,data:lrELH+Xpg03LbmpdXl8muA==,iv:vdLbxoLhroiizYc6Zht771jydjrHkNMsENKxNELkwhM=,tag:iE2l5ZtvnC+PberTi4mUww==,type:comment] +#ENC[AES256_GCM,data:9D5ZJjb7IjoAj7v7pizINtbQC1dAhytSwsQvflWu/9eWnFiCkdU=,iv:rXgiZXcxvuHZNYFoVXngbTMFJ7g+qpN3Fw134iuxuco=,tag:MJp0xk9yUGEime2vDmg/YQ==,type:comment] +#ENC[AES256_GCM,data:sILv6Ii5T+k5R1jVs8f3,iv:ACvkAkCIGDiUxjGMAPchh1QAom1MGs35bvSMDNQuogA=,tag:D+KSIk3+7bDjLmHxLplwcA==,type:comment] +#ENC[AES256_GCM,data:cVuCmTpnfn7Hncw7cZFCvko=,iv:tx9aeIISmbPcop5NZp1GEPg8J2TETnYw5yAyFmejfyU=,tag:+itwTekQiK1EQp4SDti/vw==,type:comment] +#ENC[AES256_GCM,data:oDZ2g9ZymWNmh3/D2CZk8WFHG3+E,iv:zTfxcHtHLiMWENDzn4D3/SOWFycdcQQfzy5e30z8vAY=,tag:wT1d6pQ/el4a/vhVEqS/bw==,type:comment] +#ENC[AES256_GCM,data:Jt73gVDZ0pTtFLi5TlDpPDrfzQ==,iv:OyEEqyL8tNmJmkdtnI1at+6tFS80vv/nYAWXNl00O68=,tag:LF1panNmPifrPQSKF3tzUw==,type:comment] nftables: forward: ENC[AES256_GCM,data:F32GGcjkvsha6rjTanGdkAB9h3fkzqkniXFzrjfvmh5tUjBckEm/L3L82olRzwRVCN/9SiC8+6wRiGnU1aItPtFkyJlA7pNORLHitVIKTyyKNSMLjEsWpt1v94UTRhNWC628Vc22XDULY2POfdSGLr38ynpL3fpUSJkFvhhwx8FjprzvogGDZ+NSaSKaqD04t9kbdGlefGoLNo1gqdutRbN7clqJnMN/Ip5hS0u7o2bDTQ7qmBFFGwAIwFUpyO1nGFl1c0D04GzFGedwm8Yl9on6mFG+8SfZvR5nxyv0tG/Zwb6OVrWiFv0LYYzE5064AM7K10A16E6as3t4R416sSpmWLFTHMWPzMICfXSAiEU5yQBYeVzmTAzrZzhJZgYjBls2C3DvgjwcVVfGUD3S6iwUNQBgfgh8FKmD6W0OhismnFFcte6yIo4mvwkldhT24hZqyHBg3m+wNetYybsCO+ivf1e81a7vA0GLcv5cL72B55vl7X/pYeiIgIln9Z92+T3/2YRnz5f0IHFkR9/tCi8oapyFmQirU739QCuuWWmoKP7d3cA5NyiofUCbPhO8QYN2d2xb35cNg1US1IexHBO1MV2mJPelnj1K3qCdmpIqEULlWkFKXkg1ssjW9ia7sNSFMxE6302Fu08Whnv4t7uOx/Movr10pLGuRYwO1nA09hK2gKaEmsIZ7UP0tiCAuvl/5vVCelNvIGAgCHRiVoA3GpfpI+LF/YXPwNeyWJANqwOdjl9pOQamVsUJbO/YGVthwVg7dLQNChGcArGPCBOm/aTVxiWiFmbPTRo93jVf7ovPUlhoqKIuhWKxlz15025Gzbm6Re0kDY3fZG4FKMXgaXDgNwgSr0wdCQUMmstgyOIRUao4k7qrnaiaXhtUmK2jlYjsZDvs8Uq9CILU4y/FYB4Z4I5cn1dazjMcNOLjX9Mtg9cfTyNrTZmu3TCze5694hU7O978CUZU5vrK5mzgusE5P9tDpi7RvLLZr/1+2N/V14wAmhJDAPygkgfAuN4IOn2h/P0TJ6jqLzP9p+iOfEhTVRxrx2veVE4+wi2pNY5GHSp/FXFtdCDEMSUc3wzNDDrOurFa4wNK8/0xhgsAnjyc+OlvL1Yf9sPgLJ+XJjDxmdfBeCHGkTK7TtXM93pzj9Vdto3dq66RPUz2FwJJ4xSq0SFOUaNHEC5p6Sg1rZnGvaUpfr9+G6C8rsk0z5wP6f6lOkLwXagKgQ7oAsJXB+hKV6yOLL0TYz8IWds7pHdhXYJtEQ3TeI32X1M0md1X/13Lq+m2XH049+/V/HI3cA9X6wj+t8nzKYqbnGIUwXr1f8WfRAPqJhLBl5zdI/PKtmrPMqmN5iiUrtYGSzzLgZOWHCJuvo2f2X+2ynyACY0lWG3DNFRh4aDzP+LaeY1+mZbvCaopEb7Uc7YUbJ3oyq+eeb7+mgb7lhjpe1kC7GtpdtRwTvIMMrQUXcngkyWFO26vYM8QPMRVIIWcdeSBk0qmF+t1oJBaaGVji4G9PvUCcpHXDoyao0FNfkcr606ELMMrBFPE7DVGU81M6+57NtjSAfh8KLuhKA1cQQU3U0ciSM1w1e/t73b9xmKGVShlTbm5yPmM9I7en6PV3aH5SpZv6LMovmp/PBl9r6ZWUg4tTU2iCj09cWlUjxaXX5h7AxUW7jA2ypsUOn7dgkCPFwr5gv+mfvkmeYGCtijusp9GMuAvL4Wp7Lg9SZC1/k0ocI3buLRbmAji69j+du4no8o+Vy7OHNqcnbtg/Qlnp65lRI4/Z+Bg0OZ18rSYJYM7BavNYHyxVgKDHo+5ypM6s0yigCpq6naI4A/kr1i3ST3rl6IFQQLhWjeH/FS9Ay34RGO8nk/62Htx4cTrmGUnr1VgLrtdBiHj2YkeJDa0/nfM1sI+EPv4tM9GOlMQU6OysJhBzWhHTqEQxVgUQhcacYv2OiOH7I4Az2TTxNnAjOiWY9TuazRiVeJlpTjCkiQfSdGgW4hD2nRbAQZ5X9LrQKZpI5Q5wXwI1lapmjW4m0t8cnEVXgxE5Gn1uH5TQpzzIpSIVRJjWvEeQP+EuotWjYCdx/1tj5PnYs3aiV2Us9QmTMAI2euNQ6DpNTFFpiFONSPDBzZ/IANPKWWFVDeMzBZKdllleUl5VYCWaTEd9JrbjRx/u9YrYlBDl5Xo/DCYJIoUFmusCdh1UfI9y64XYsPxrPNxrF+upisE9vxG/BRTDgxLBOenB3A5/Suba7RfHI0LBHVhO2ijJr3Nh0T/78ecnTE+1zBI41TtN8Y/2MGbs20ZSZtDFy27mf+YQLpYKFpXEOEdoTy51kVW2jn953x1lbNgwV+DWRPf25TNP+dFTZH+z4/Mv6F4RCyYS+VJL5SfGah76GpMxYodmE2iBbXyfUeUxKAeool7EZ6cIvhtwLaJuaUhvjKLd6ateSzAaAKbFVpdsgP7iSJd15YyTKmb,iv:lX4dz+VArj+I9yhy4tahlz8cNvnc/eDs69pKRbIWeEg=,tag:px+HxZRAHlKQA32KJJZwaA==,type:str] ssh: ENC[AES256_GCM,data:RA14V9O3PcGOoCfgj4nCILtwc4ER/hPC5HBzz91WhNHmUKzOlxy4zso6HSmSz6sMFBK7J77r3MO+6JKw8eNeHmx9fDDcboHFPcL1PQfYAJE6LNBS0e9d00Mi3k67DdNJZE4F/yOCGIrducvlCsJl/8S4zMMI9Ktum2sJFdkw0INgXoPVPSAQ6nyO5KKcboVtxeKc64RtcBZoO2CCSLhEdVJnE9AXB+l1Pk1926f2XHlS3Ci/Jh/uAwM/4uAeldQ2r3gRuzq9H3SIAgSNZhlJIVr9VDU9kZ28dNpDYhhdOrle1W1drj+9viJ6eeIxykhzZ/8kX34xik4UiMxW9vGO/VpdEdE1XRMqEIRp5L2ADBNCImbXEN5fbRo8+FlL9H+aAFDjBtxxalcSSqApYac6NcM7msF8Lewj4ED8FYXEsEIX7qA8XbVzJuFFYHhRWA6Lt+Gp9Kn6aaxZMF4fl7u35BFPggi1vwsb42la+yQAizk5x0t+fCCX5D8XRHmfCZYX6AYJeQhfzHETuSUu6p4asmhlx+8cJLtjMkkBc8lDscdK7NcuhPm3QzjQt3H7wAHQBzWrxStvBC77K2d3Xf/C6VERUdDvLK1El1oZAl9UmnxAK35kUqAKHHE2xheHQcw1rhy1D0dsX/rQLovTpPdczd/vqpkcJxHk0nH3rddySiyOaWsdoQ3DhpdX7h4PNTwcFJGVzbVR7+9pCnTJ4DTbc9H9G9xiX0vPef4cBuJQPXG8Bc+kMXOpV9uKt9KRoNtPG2M4IZvtaZNiS8qYB0LTjdHiY3C3NYvDc0pkDAIxDjP9TERWxuBCUlscmbXLAxDqB4zO6LBm9yVhMWxYyim5gH24UGD9D2g1piFGXKiSb4dXbrnxoRe/JoLITdWOOEkabVxqJr4KQF07MjTg1JNO3fPLMI6azElQSUj+2ZAy5dqPggg5xw8+h6yp7ZLh3zXaTlSroL+yA4BH8BjVuEa+jl9xqexKgB7zeHb6VhWmtONsffvQtk/kVucDwmXOiOnma1+pj6COoMur2e8bEK3Scap/k+B1b8D9SWMEXi61HxpEtHn6XH5DEdq7Pb12zs2FQEE4QvuaTIscMlvwrsMHkwW7WtkCj2sQFIuUAL4ayyccx+QomhB/hxWKZE83SztNfiAqTWAOaL0XfX3+4qgsehfEkdaUl3FCZvuObPPxIUcYu5Crl54O8B5fbOQE0dcvxMpuxVM6kt3O/jcmj/eri4NPmghBohGSrcJpZ3CUMjWbOJG3A2GFQWztFobkRW9N0K1Fg8UYzKr/lhzlPKiB72D7flghX1yMYfefOnD7vClPUY7oFmnf6sD0qYmZK49SGR6+b7z1bBaskaqhEx3zB214DvOxKGeiPuMVmXk3h7bGqJQ+ejiRcfQHMr1dpFCEMurTmoHwJPwB9fetOpaA0RAEr4pP0QKt8iuTT8MCZi3KBXaiPhZYtdyR5Ka9DETlmBoSeYgyzNht2bCf9nTLn0AJDGZNcZH/NUoy4kLFrhQ18mDIvKHCaALWabp5SnyASQRI/qIkE1DTH8JSkSrr2edz1Ag0SbTMhXsVuHUy3jPuFkNb1SBJxlXmvjHSny7gAr9HVVG2ClRzGtVOXiFHyYguNbmP1F8uqDvabbx8FvAGCEZeARFWQI4iFCe37rYjJE62byilC5LMBCQ5l4/kOYHVgPivPzV8qkZV8B8dQBvMjIvBOgQNvljqagDu0C66rZOTj9G16FDfYDRcdApL0xraAs/O8EgQWxzlB9cQPJmjecAVlF1wsqIbIDODKtTRY4dMYqKfhLoeCV4kPb4WjvoaLxBgbsrJylZKULkO+xbBCvvFhnFNQDOVFPe2ZhEwcx4Ji6j8GZhhyv2LsOdQcXGLgyTr7YM3z/M9DdlCKqlFolA6tod6+9CdUkhFfL7y2vBV3pyEHwyTwWMy5UQIprwm2Ht2RxejhpUcfVydjT/ISJ+aNMy+nq11rrQOlDFsF/E/Db0ngUbORNezWX5n8bqDxModmDLTwYwYT8qu4jruw/WMY1iEZPZzZE8xywRoKCzqN2KweUdEkv+Px6rxtOnNIkPtJxyq4I2L7/oJcaGU40e87KXhhm68qIajboyPM30WInOcGAcG5LwWlyrxwCpthDEcnNlXXghx9izXyqpw7s8hP0qsmRDeESckqn1KUfs98Jkbfg54nEdIT+JcHm0PjvqIHJB61IGWwN4l3SQXY5SKuUb7hSMItKC/FlDKWL5yk5qO55SlYfz0mrD/7Fqk9uFRzP94mswYh8uOkCHBC+WxL4/ashBZOPFZ+WErBAyDgV0LvdiEBN1zpJlAegDozPNXpOzG3rb7QcBr7kwkiHBtD6q7dhBZ51XKPcJPRjkFXDR9Rbj50k6wQHznuDNMA9lI42a6rFN3mr3G8h6mvD67x7b83IxwtLaf7Y0Nb04m/37sCJM1TbjP6jXvD0BdIAdbLc7Qk3K8F2cSIfNH/O7JI9WTvXxxOKtPdpRnnrOURpr4PnXEdJJ1ErujfCPPvFkr0BjpR1Xv2LYKmWISx2OblJnx/MAwECBacN69SX5qnJlaP1Mn769lR5quhAaBCpq0LmHSB1jqF5ap33VKHcB9EHs2ActJHMyn6GxRXSYudw==,iv:iE3MNeQkraGC3qvhP2CtVQv24XVzUQMJZuPa1JxlN9E=,tag:wU1dIUj/HoWD/QPHqHxcDg==,type:str] @@ -27,7 +201,7 @@ sops: ZTdpV09qUVZGK3FjTWRITFp5TGZFUkUK1E9IN+SyTV0r9l1bd+2z7zrsp/7VxCyG tEWZp8LmfkGEunspv6iDyxKbYxWqNqJxZuSVeMD4ZMx6YLwHfW797w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-05T18:00:42Z" - mac: ENC[AES256_GCM,data:huVLLX8pwCyI+scHY2h6tQ5AyaKw0JbZ1/Z/CjrhaRqhJjQxYwZolGqXqVbaUIh6gjDF227KipgkcotlzYI6cl2p7keI6IO9cDzs032+JTk/bctU6FX7oASEHmD1aSJSL5TU2FnxkcM5cYZdbYsB/gG7LegTvWhfKpKIxiAH5xY=,iv:XGrWx3Myw/ymt5XFKHJiTN3TLSI/aP3lFgnV9dnT2v0=,tag:wBS840QinxxXYZ8pk3ZLXA==,type:str] + lastmodified: "2025-08-26T07:30:16Z" + mac: ENC[AES256_GCM,data:2i+AMaBIOCrKYfHFXZXB//yZ4Nf54DXYLzcdWDwh/cloWfpa2uPb2UzYVIIOz8ayi1h/Ij8ON9fQEa+4SzflV59ThN03/kbR/wOo9UYLvjTl0JIFypl/1O0PRRxwrNPp8jMl6mX9vUL0gvfB4qnZnk4xUOykTaXoIjnO4M4FLwg=,iv:WL8RXkxvh+MfmfiVUFLNhTwAv92DV93ZE6q4lagCNpo=,tag:sbXuzl8PuZihzcrASPNCqQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index 765e8d6..57f5fd8 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -4,16 +4,19 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.master.linuxPackages_6_14; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + package = pkgs.zfs_unstable; }; }; @@ -38,9 +41,11 @@ networking = { hostId = "46fdaa8e"; hostName = "uranus"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; |