noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sync

Browse source
This commit is contained in:
41666 2024-07-16 02:45:18 -04:00
parent 701f2c531f
commit 1fa4bc50c7
18 changed files with 259 additions and 310 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -21,6 +21,7 @@ keys: &all
- &m_jitsi age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0
- &m_nextcloud age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u
- &m_dis-sociat-ing age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s
- &m_exit-node age13xddcc3njv29sxzfdx2rjctaejhsxr5rephruga7vjrvjclcapuqnwx52t
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -159,3 +160,10 @@ creation_rules:
- *op_noe_2
- *op_noe_3
- *m_dis-sociat-ing
- path_regex: secrets/exit-node/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_exit-node

2
Justfile
View file

@ -77,7 +77,7 @@ deploy target_host extra_flags="":
deploy2 target_host extra_flags="":
@test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; }
nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` --accept-flake-config --flake .#{{target_host}}
nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` `cat nixos/hosts/{{target_host}}/.flags 2>/dev/null || echo ''` --accept-flake-config --flake .#{{target_host}}
#
ssh target_host *args='':

111
flake.lock generated
View file

@ -27,11 +27,11 @@
]
},
"locked": {
"lastModified": 1719845423,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=",
"lastModified": 1720845312,
"narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ec12b88104d6c117871fad55e931addac4626756",
"rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"type": "github"
},
"original": {
@ -150,22 +150,6 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@ -192,11 +176,11 @@
]
},
"locked": {
"lastModified": 1719877454,
"narHash": "sha256-g5N1yyOSsPNiOlFfkuI/wcUjmtah+nxdImJqrSATjOU=",
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4e3583423212f9303aa1a6337f8dffb415920e4f",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
@ -312,7 +296,10 @@
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": [
"nixvim",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
@ -324,11 +311,11 @@
]
},
"locked": {
"lastModified": 1719259945,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
"lastModified": 1720524665,
"narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1",
"type": "github"
},
"original": {
@ -366,11 +353,11 @@
]
},
"locked": {
"lastModified": 1720167120,
"narHash": "sha256-K9JYdlPiyaXp33JRg7CT8rMwH56e4ncXSsXW/YKnNXc=",
"lastModified": 1720734513,
"narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bbe6e94737289c8cb92d4d8f9199fbfe4f11c0ba",
"rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"type": "github"
},
"original": {
@ -387,11 +374,11 @@
]
},
"locked": {
"lastModified": 1719827439,
"narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"lastModified": 1720734513,
"narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"type": "github"
},
"original": {
@ -527,11 +514,11 @@
]
},
"locked": {
"lastModified": 1719845423,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=",
"lastModified": 1720845312,
"narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ec12b88104d6c117871fad55e931addac4626756",
"rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"type": "github"
},
"original": {
@ -561,11 +548,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1720055043,
"narHash": "sha256-SKizewU4UeYrkZWPUjur8EoxscGoNb0pGcrNL4YzAIg=",
"lastModified": 1720859326,
"narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "168b220231a70e47cc1f0919048fa5914415fb18",
"rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
"type": "github"
},
"original": {
@ -640,11 +627,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1719957072,
"narHash": "sha256-gvFhEf5nszouwLAkT9nWsDzocUTqLWHuL++dvNjMp9I=",
"lastModified": 1720535198,
"narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7144d6241f02d171d25fba3edeaf15e0f2592105",
"rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
"type": "github"
},
"original": {
@ -656,11 +643,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1719720450,
"narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=",
"lastModified": 1720915306,
"narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0",
"rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d",
"type": "github"
},
"original": {
@ -672,11 +659,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1720031269,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
"lastModified": 1720768451,
"narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
"rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
"type": "github"
},
"original": {
@ -720,11 +707,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1720031269,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
"lastModified": 1720768451,
"narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
"rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
"type": "github"
},
"original": {
@ -736,11 +723,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1719468428,
"narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
"lastModified": 1720781449,
"narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d",
"rev": "8b5a3d5a1d951344d683b442c0739010b80039db",
"type": "github"
},
"original": {
@ -764,11 +751,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1720191961,
"narHash": "sha256-p67UionzurpCRjSIhhgRgRAapZLfXHG9nvQQ37qerdA=",
"lastModified": 1720910388,
"narHash": "sha256-gCudumUXHH+o0KFemXecDYySVCzjz7jYDGjdJbrN7gA=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "b59fa976d0f42eba35bf89c8fbc4107de7ef1db2",
"rev": "ac9a1cbf9c7145687e66a1c033d68fc72eca3fd8",
"type": "github"
},
"original": {
@ -892,11 +879,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1720187017,
"narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=",
"lastModified": 1720926522,
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1b11e208cee97c47677439625dc22e5289dcdead",
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
"type": "github"
},
"original": {
@ -978,11 +965,11 @@
]
},
"locked": {
"lastModified": 1719887753,
"narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=",
"lastModified": 1720818892,
"narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c",
"rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f",
"type": "github"
},
"original": {

26
flake.nix
View file

@ -171,23 +171,23 @@
nixosConfigurations = {
aerial = mkNixos [ ./nixos/hosts/aerial ]; # desktop
cider = mkNixos [ ./nixos/hosts/cider ]; # asahi m2 mba
drone = mkNixos [ ./nixos/hosts/drone ]; # spectre x360
ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy
keylime = mkNixos [ ./nixos/hosts/keylime ]; # lab jump
monitoring = mkNixos [ ./nixos/hosts/monitoring ]; # Grafana, Prometheus, Jaeger, etc
ps2live = mkNixos [ ./nixos/hosts/ps2live ]; # PS2.LIVE stack + planetside stuff
thonkpad = mkNixos [ ./nixos/hosts/thonkpad ]; # t480
sapphic-engineer = mkNixos [ ./nixos/hosts/sapphic-engineer ]; # Akkoma, sapphic.engineer
porcelain-doll-repair = mkNixos [ ./nixos/hosts/porcelain-doll-repair ]; # Iceshrimp+Withdrawl, porcelain.doll.repair
dis-sociat-ing = mkNixos [ ./nixos/hosts/dis-sociat-ing ]; # Iceshrimp+Withdrawl, dis.sociat.ing
drone = mkNixos [ ./nixos/hosts/drone ]; # spectre x360
exit-node = mkNixos [ ./nixos/hosts/exit-node ]; # lab jump
git = mkNixos [ ./nixos/hosts/git ]; # Forgejo Host
nas0 = mkNixos [ ./nixos/hosts/nas0 ]; # SMB/NFS NAS
ts3 = mkNixos [ ./nixos/hosts/ts3 ]; # Teamspeak-san
pihole = mkNixos [ ./nixos/hosts/pihole ]; # PiHole!
static-sites = mkNixos [ ./nixos/hosts/static-sites ]; # nginx specifically for static sites
mumble = mkNixos [ ./nixos/hosts/mumble ]; # mumble
ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy
jitsi = mkNixos [ ./nixos/hosts/jitsi ]; # jitsi meet
monitoring = mkNixos [ ./nixos/hosts/monitoring ]; # Grafana, Prometheus, Jaeger, etc
mumble = mkNixos [ ./nixos/hosts/mumble ]; # mumble
nas0 = mkNixos [ ./nixos/hosts/nas0 ]; # SMB/NFS NAS
nextcloud = mkNixos [ ./nixos/hosts/nextcloud ]; # nextcloud
pihole = mkNixos [ ./nixos/hosts/pihole ]; # PiHole!
porcelain-doll-repair = mkNixos [ ./nixos/hosts/porcelain-doll-repair ]; # Iceshrimp+Withdrawl, porcelain.doll.repair
ps2live = mkNixos [ ./nixos/hosts/ps2live ]; # PS2.LIVE stack + planetside stuff
sapphic-engineer = mkNixos [ ./nixos/hosts/sapphic-engineer ]; # Akkoma, sapphic.engineer
static-sites = mkNixos [ ./nixos/hosts/static-sites ]; # nginx specifically for static sites
thonkpad = mkNixos [ ./nixos/hosts/thonkpad ]; # t480
ts3 = mkNixos [ ./nixos/hosts/ts3 ]; # Teamspeak-san
};
darwinConfigurations = {

10
home-manager/features/vesktop/default.nix
View file

@ -3,13 +3,13 @@
src = pkgs.fetchFromGitHub {
owner = "Vencord";
repo = "Vesktop";
rev = "2733727a40a4cf542277dedcf89e87e7740f962d";
hash = "sha256-EF36HbbhTuAdwBEKqYgBBu7JoP1LJneU78bROHoKqDw=";
rev = "3fe2094814480c78ae74f4466804c51059c563aa";
hash = "sha256-FWbA8gcFRnp78/ROrAu9yA0j6SDbzemak3gMxiq3Jog=";
};
pnpmDeps = prev.pnpmDeps.overrideAttrs(final2: prev2: {
outputHash = "sha256-6ezEBeYmK5va3gCh00YnJzZ77V/Ql7A3l/+csohkz68=";
});
# pnpmDeps = prev.pnpmDeps.overrideAttrs(final2: prev2: {
# outputHash = "sha256-6ezEBeYmK5va3gCh00YnJzZ77V/Ql7A3l/+csohkz68=";
# });
});
in {
home.packages = [

70
home-manager/features/vim.nix
View file

@ -1,70 +0,0 @@
{ inputs, pkgs, ... }: {
imports = [
inputs.nixvim.homeManagerModules.nixvim
];
programs.nixvim = {
enable = true;
opts = {
number = true;
};
colorschemes.tokyonight.enable = true;
autoCmd = [
{ event = "VimEnter"; command = "Neotree"; }
];
keymaps = [
# Simple save Ctrl + S
{ action = "<cmd>w<CR>"; key = "<C-s>"; options.silent = true; }
# Vsplit
{ action = "<cmd>vsplit<CR>"; key = "<D-l>"; options.silent = true; }
# [H]split
{ action = "<cmd>split<CR>"; key = "<D-k>"; options.silent = true; }
# Toggleterm Ctrl + `
{ action = "<cmd>ToggleTerm<CR>"; key = "<C-`>"; options.silent = true; }
];
plugins = {
neo-tree = {
enable = true;
closeIfLastWindow = true;
buffers.followCurrentFile.leaveDirsOpen = true;
};
lightline.enable = true;
toggleterm.enable = true;
rainbow-delimiters.enable = true;
treesitter.enable = true;
barbar.enable = true;
gitgutter.enable = true;
persistence.enable = true;
cmp.enable = true;
cmp-nvim-lsp.enable = true;
cmp_luasnip.enable = true;
luasnip.enable = true;
lsp = {
enable = true;
servers = {
nil_ls.enable = true;
rust-analyzer.enable = true;
rust-analyzer.installRustc = false; # use rustc in nix shells, maybe?
rust-analyzer.installCargo = false;
tsserver.enable = true;
htmx.enable = true;
html.enable = true;
};
};
};
extraPlugins = with pkgs.vimPlugins; [
vim-sleuth
];
};
}

2
home-manager/noe/common/default.nix
View file

@ -4,7 +4,6 @@
inputs.sops-nix.homeManagerModules.sops
../../features/direnv.nix
../../features/git.nix
../../features/vim.nix
../../features/fish.nix
] ++ (builtins.attrValues outputs.homeManagerModules);
@ -38,6 +37,7 @@
traceroute
whois
nmap
neovim
];
};

2
home-manager/noe/hosts/aerial.nix
View file

@ -22,6 +22,8 @@
teamspeak_client
signal-desktop-beta
nicotine-plus-master
discord
vlc
];
programs.vscode = {

2
nixos/client.nix
View file

@ -14,7 +14,7 @@
curl
btop
htop
neofetch
fastfetch
xclip
];

5
nixos/features/nvidia.nix
View file

@ -33,8 +33,9 @@
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages_zen;
#boot.kernelParams = [ "nvidia-drm.fbdev=1" ];
}

1
nixos/hosts/exit-node/.target Normal file
View file

@ -0,0 +1 @@
10.100.1.57

6
nixos/hosts/keylime/default.nix → nixos/hosts/exit-node/default.nix
View file

@ -2,13 +2,9 @@
imports = [
../../templates/proxmox-lxc.nix
../../server.nix
../../features/podman.nix
../../features/dns-cache.nix
];
home-manager.users.noe = import ../../../home-manager/noe/hosts/keylime.nix;
networking.hostName = "keylime";
networking.hostName = "exit-node";
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux";

1
nixos/hosts/keylime/.target
View file

@ -1 +0,0 @@
10.100.0.8

8
nixos/hosts/monitoring/default.nix
View file

@ -111,6 +111,14 @@
metrics_path = "/metrics";
scheme = "https";
}
{
job_name = "plapkit";
static_configs = [
{ targets = [ "i-pk.noe.sh" ]; }
];
metrics_path = "/metrics";
scheme = "https";
}
];
};

2
nixos/hosts/pihole/.target
View file

@ -1 +1 @@
10.100.1.44
10.100.69.69

2
nixos/stacks/ps2.live/extras.nix
View file

@ -25,6 +25,8 @@
ports = [ "8555:8555" ];
environment = {
DSI_FIELD_NAME = "system[front]";
PK_SYSTEM_ID = "e6bd7a02-42c5-43f1-8cd5-250c90638cf3";
FEDI_ALTS = ''{ "aki": "@aki@porcelain.doll.repair", "hide": "@hid@porcelain.doll.repair", "ethyl": "@ethyl@porcelain.doll.repair", "sayaka": "@saya@porcelain.doll.repair" }'';
};
environmentFiles = [
config.sops.secrets.plapkit.path

229
secrets/default.yaml
View file

@ -10,200 +10,209 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5T0RzWlRwbmtPZjBFTUYx
Qm5iRXNQWERhbmIyeWJRQTlzVlJLUWEzT2x3CmJDWGFIRCtSL3JNaUhNSHVHNVhH
Q2NPMGxQMWFFRC9lWVZ0USt3eGxJNlkKLS0tIHF4YkkvOC9aeC9SMlBLRFNxV0J4
akYySFdRMXk4anBFVStlUHh2SDJ4VEkKmw745s9CVYitWSSV6ytjKHFkDdr2N+nl
Tbq7Qc/i/+UM2v5iE1zorr8ACYfdWFUy7oMi34XKCpFBW+p7UXywmg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZN3BzNy9WYXBZOG1NVTRQ
Z1VhdzJqV3l1YXFsNnJOMm9SME1SWFdoU2pvCmlkb1JQTUJ1MTFsTkFnTzlLUHRs
WTF4dGoyRTV6bzRqdzY4enUwNVh6c3cKLS0tIGFoRHhsbVc3eW5LTG1SUGcxUUw2
aGU2cjA3TGRnQko4ODNDK0R6UnN4elkKF5xlebCEelDeaPLhGJLHaTcpZL+zbghh
cbJMi8r7It1xc4Wv3XudUh9gltPFV99w25Vbhxce1Svuuzyq4YDkbw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTQjN6LzQwbXVPQXhBaUMw
UDZxclJnV0FFL0hzY3V3N2F6TFNOZ0lWZkJzCmQwdVlpSGZBQTk2NWgrejJWSnR1
SFJENldLTFhVY1phUGRTNXdJWmtGaGsKLS0tIGVDMmJwNWVnNHZxaUtWY0FTZTds
NldBclpXVEhCWDlVcGo5YUNkZVBDVG8KGhU++P60aeFN9Qh8d+xv2jvxUYdu7u5z
EU9lteUv55TcnWerpNFHTjuJ7j26RRqqIo6EnX8AV440PeLEi1clQQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWU0tlcWJNZ1hHeFU4NU14
bDYrNWxBZmw4WkRnbmVjMDAzeGVOb2N1aW00Cm5GcXZuV3ZnS0pPaHhNT2VtNjF4
RmRKTlY2a3lKYk9oR2xMajdQc2lMemsKLS0tIDhhdVo4b3dQbEtXYkJTbGd6ZFYr
bHBKYVhucm1zRURKenBSQllQRS9PcVEKgvQ7JuH49s8A9PIhZjFyHx+pf1PvS1pF
/5oMwSSHxl07Fb4r0ekfZMfjOZzzIutxXOvFKzgC+8m/DGAjm3s70w==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQzA5Skt6YXJranc0ZXIw
eGIrSktrT3Juc1EranZuZVhvWmZScGQ5Y2xrCmFrb2hNOXJNYkFkNk81TXJmY1Fs
MEJZT240eGFsOTFnUTBwMzY4M3ZmQ00KLS0tIFJJazdCTEtoNG5tZkRENEFPekhu
OEt4cUg0b2daWU1VdTV1UUxFWE4wVG8KbG9iXAnsLL6oXh2gz9mnaIZfDkdg8bpQ
27fGrIaZoGT7Rof9LlfKe3Pmq55ABNNqyuTyjPI/kCOKXKSDjrvYkg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRkRiMTdUVmlrc2hpcWdn
YVVKMTBUZGhEcUwwVDh4N0dQN2pWZDRrUzA4CnBiSG9PVnpGeTltUkhGNmRpZHdH
OEc5djFiTTIyRVJ3RDBUQzFiYmNZZzQKLS0tIEhlb3NKUzNJUDMzTVU2cVU0eUR1
cG9KbFN5Q3QzeW9ERmNCQjZkbHMzSUEKIrTeHztp5S+ow8LsmZmPmHMOh60wVMbS
ELHQXEbSs35eNYDhQYRLKVrCgUog4NTisGUebYXJ5e0pnFqdjuxcMA==
-----END AGE ENCRYPTED FILE-----
- recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2N09xQUtrWW50OWZxZU9L
RitXdDZJeXNxdTBjZGdYNDZNVGZBeEZyU1dnCnZvYzlvNm5taDRxbkJnUXB2N2dX
S1JpeEtBT2twZmU2M1liaGlGR2RhV2MKLS0tIFowb0pYM2o4MmdnenBaQ1VmWjAy
RE9xam13REc3VE1RQTI5R05leFJxN2sK+v3946MZ5R8eT7c71sx1fD3zHStWJp4t
PFELnl0SVqBuWvoizejdfb4hSDsFTfjl42XjlXWkwruHxQ/uoIewuw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZm54S2JZdkFmYmYxRERp
SEwxa09CWWQ4KzROTUM2QlVhZnExWmdyK3pzCkNrZ1Z3cXJybEdDK2xhcVdqL1Fp
RjFjeVI4dW5JSkJoTDE5Y3VETHRNbE0KLS0tIGlvcE1IRFJaSmtEVTNvSzBVWlJh
MHBGN2l1a29za1dQTHl4L0dlcmJ3UkUKz/WhitfswcjRT/yEs/KQXW28tCE+URUM
JTleqicmQMGy/77Cv98lit9hC+xKJzWhYaZW/rjh0hW5J0pQA2xZtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeHZTREFaOXFMT1lHdjZk
Q3JLMlNXMU1vRW9jSFdqSW15cmNwWFBHR2lFCmQ0ZTdqYWsybkFPcHdCU3pMVktk
UlViMTZQT3RiMHQyOTRTSHVzR0dqK28KLS0tIDZDYWVpM0hkR2VWZ2tWTzVIMUZv
MTFTQW1lMmhUb29tUW1ORjdERFEybnMKSFtadgiSf1zFlhQdhVKZML4TFq9bvMlp
h6TAngh7xzNPE9T7beG1zLShBaop73EPNIi4uljH/RBIEkIFhnXC+g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV2p0a1FFb3FaVnBmY2R2
ZENoeXlkcW1iYzVjRWxDT2pmVTB4STErSWgwClUwS2R2R2IzTEFQUmFKYkNpNUVr
S2FEQWc0MURkMEtseU42Rzc3ZUdWdEUKLS0tIDNjc3VaMDIxVC9pNWlnU2grN0hw
QStHTzU1RGN5VHJBUCtJdjdpdFd5elkKs4ycQQP4mI2W9Io35UhlJpFWqsz6mT68
ZfnSUiD5BlgXIZnQFGzAkbDmhGnrpbFmkemxMhMW69frcy5kVUE/5w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcW85c3pPVGdrNTBkUXJr
ckNGb29EYVJ1YVFYeW9XUHk5ZWVkMVBWMTNRCmpoeW9vMmlLblN6dG1ROWtRWTdU
cWtiWjJvMmlZVUVTK0liM2d0WjRwWTAKLS0tIFF1aEpzNTZCcnl3UzJtZTFxV2tC
ZFhHKzhCU3M3amNCaE5vMEpTc3ZqcVkKoUlajedYfWj22ocqnXYEOQD0Ma3Wj6W0
2A9geVcMbG0eFsDwXGn63u93ckcKZOYsmCxPykJ8LaV6b54itNBMEw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZmtBV3R6SVV4akgxTFRu
NHBRN21JN2Q0R3ZPdmRxbmd2THVPSFBqMEVrClM0b1Btcy9wWFNONzljTDR4UWJy
UDVwdis3WWR4dHFOYmFQWk15YVo5eE0KLS0tIEtBUWFZY0pkSnR1SmxBU3lGL0th
ZFhHNk81ZVM3TWx5YlJtdFovNGR3ZEkKrnJ3qtxQNPRrOjjtK3RNIH1fxYpGMdff
hYIpENJRXJEjaqVyvLfwaX0u3t4+F9y4X5yMxlYKNUS2Vk1+cetWvA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYmVrQjI2OExjWUVTMXh1
YkpudHFzcXhKUWI3VU16WGhRZ3NhRVh4UDFzCnhJVXZKZGk3MGhqMnd1Z1crcUFr
YUxnUmVURUhpZFhMOTVCY1k0TldHQk0KLS0tIFBJOGVqZlBOcnh3OVBYM0tEL0wz
a2h4NUJ3bk42RnJ1ZGJUdk1IUE9sZlUKcqtTue4b4/fT7bIi1ZXag2hqrxIaWcf2
pg8bnJoOLqyODpvAQ4KvyMLrWJluRLbvs2C6YB0XgTOm93hp+uiESQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeERXT0FSWS95YWhtcmQx
UVpuZlpnaTRqTGYyTDduN0RrS0RuRTNiRndrCmdhMllXTW1yaGdoVFFMVmVUMmgz
NjRsem94K3ZrclVxd0p1dEl1VWRGTG8KLS0tIGdBM0dNM0l6cWpGU2RDUUQ0VFMx
N1dleW1EcVBFK25NOEc4VTJranBScFkKCYSMPRXGivEbjMPMJ5OtS+bEvg5h7WbB
eYg4KkDVXMdaEfSvzUPYVYDhSXSwWSUYM+ofCPXeJVHZgD6EsB65Lw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcXloSGpUZUEwWWNIUzRW
TVM3cDJWUG5QL1pqQW9zSGZ6ZGx4SjlyemtVCmh1aDJtUmVsL2VobDlTVmY3V1NI
LysxVmMwZkliaEp6eC9YdVZEM2NLcGsKLS0tIEljL00vZzhCTjhPZi83SkRJbnNB
bkplZnRCWnNIaHcrbHlBK1JUdFdBQjgKYPoHOc2CRbzyJ/HlPBOeFMbTRnuflYDO
9sV+3yucL8Baw1e26PUydztgs2l5NeIz7wsG2NHrANB/SYJx69uj3g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aXYxYThHb0RIa2VtOFpu
aUhpWFFtUXdHRjFYRFZiNGNkanREZytLYkJnCk14TUlHblBzWFQrZHd0WjlLWmNq
U2JZQXJVYjNJSnljRmNvYUErRk8yUXcKLS0tIHpFTG1oQVpBTlBCcGMzNDlLVnl2
N1NNYVVsRHR0MVUrUW92TTg3dzczUjAKQi9ZvtuD4tKlAiLy3T885wsijOF+8GsL
gr9IL0khwarhNy+K+/pF5qcduK3faITx8pmDqLABjSJdUGJlOjRhnA==
-----END AGE ENCRYPTED FILE-----
- recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONlFDckVMOW5PdWlabnh4
L1N3NUZOMGpOMkhhNlpXaS9HT2lsejNYdjBzCjdUenIvZS9TZ2ZURVc3eFdwcjRi
VzF4VzRxRnh2aXVTbVhXMHhSWGpmZzAKLS0tIFRFWDRPaWR2bDBOSFV2SUZzL0pY
WlY4R2g4R3NHcnBOVVpoVisrUkk4b3MK3+czTt18kUizb8hUy1/p19IZgdQWJBq6
XrzXNqA9/iAHffu8fHK4rWUUITomiY46BHgnVMHaYYKyYhjP4/uvjw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET0lTSjJDWGZKeXJCaHZP
V0F6cjhtL0MrSUVqNXhLd1RJWnJacXkxNzNFCmd4d3UrRm1HYmx0RlpOcFkwa0sy
aDFNM25qMk9uQ1V6M1creEZYbDRHaU0KLS0tIE04RW4xemltbDl2a2Z2R2F3QkJD
ZVR6ZStsVjgvSXBySEVsZ3ByMzV3NDQKrWI5T7Nlj15Iv+3Ru0P3NGypRIRrPVAU
r4oCwCR8QlMV/SXRVzJL27FMc6gnoVZ4lKylPC9QBl9aHng0D39O0Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbWhHMlZHU01KRGVCNWlG
bkg4cWZrMnZlRlovSm5jWlpHTDA3ME9VRGdVCnRvamd0YzhVTVhPN2dEMDU0U1l2
Y3NGeDFnNEo0NHRvTE5QTEpTdkhnOW8KLS0tIHJGWmRIUldpOEIrMXpLWTR0aFhJ
T0pTWmdQUmYxZ2Z3TmZjdGU0MDZ4SjgKab2UgYienigrXUqJKVhauwFMAT9wlKN8
z3MIc3J8SZn+UPyRvo15mYHbW1TYntLRKt0LYpZ9kJt+JIpEQGPv/Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMzRXZlBqdGI3bUI1QjZW
WFRSOU9lNkxrV0dEVmo4WkxpVnBhYjFPWlMwCmloY2xEaitoakhuUWxWbDFjS3F4
c291MDFIKzJmMlRxTW0yVXRDN1JIaTgKLS0tICt1REV2V0lublJneWdaT3NSM3Fn
NUhtcGZZbmU1RjA4T0ZxR1dPcDhZM3cKZQVwJi5r4cBnihAwSqTZSESF6foX1Xmw
qKr8kv7sSo1zBUFA/0BYOp9lsdRrPOiBvF3oeWFWbLS9flQaebVojg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Zlh4RUpPeDdqb1RyZXVQ
NWVLd2RIc0JnM2tjM21HeUZmWmFYcHZqK2hJCjhmSElERU5NclpxbzMrYjViU1RB
TVNNbWg0YjJyODlZYjdIdDM1WDhnNVUKLS0tIEJTOXJxQlhYek1MYVJQQ0tRWSt5
aVZETlp5eGlGaVg2MUR0UVpxbHJMa2sKvULBHfABahJsrXfVh9iBXnS6wWCmpfc+
6JTpzykxGO/+ZYgDfIZBO+YhSmykH7GFRidKwa/26Vm6ymsUjZLT5Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNndQQW5mODZVYmYyeXQ3
c0x1VW5DcVI5aWdSTjYyMG5NVFZlZDZ2S1R3Cjk1VVdjQ0FUcWRCd1pBRmllbENq
VDRaUklVbHRNc0JNeWFFOFByWE04Qk0KLS0tIG5MNWJpT0ZRL05DQ2lKUXBZaTFD
V0s0c3VVcVR5YnNTOWhvUkJXY085QkkK8uuwnV17Q0C75c4xT2Te3mUxvjrgIVJn
CZ6XI18CIXBLA1zC2Um1C/WL/HNcFUr9xEwmZVclCz0r47zE4uwyfg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa2tMRWVDRUV3TElSclRr
OFh4WDhmcWczV2pWcFRiUldHT29VaGJxanpzCm5MdUFDeTlvWkIySmVhVmhTZDRz
NHVqK0Nvd2xBdTdNam5TeVhsdGFWZVUKLS0tIGxqUENsWlpVVnNnN0ZBYzRxK3kz
eExQR08vdmZLNENjeFZHbS8vdC9uc28KaoxjBdtUjF1KZEYfl0x/sVy3coN+bTQg
H4RqGcQOhzEI4GmR+pcyAkzwcNM7Etk5F/W84wLxyqav/kRJr7XjCg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dW9VTGp0Ukh0WWo3cHhY
VU8vL3BacFIxdEJUNzFRUDh0RFNXRStreUZnCnlzRFdMUU9xekdCM0JzeVBqM2hz
TjBxeU5sYU9oSDJITEQ3MWRIN2xWT1UKLS0tIG1QN24zeUZQNWhGS0syenFXNktD
QXBhbUk1VUIzS25USVlycUk2MXhnVGMKRWvUkKgUSZwGybD8ltYZTKT/cIcyOtBu
ghIGE1cDP2CYp4GeMBW4AyM8U4PHkLjI72teJtKZYE37oVJAcN3dlQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNGkzMUpKWDNubWVrcnpT
ajU4NWJ0UVU5RTZ5VWJzOXdkdVBTTjAyUmhrCkVNa3JvVHZDQ3dBNkdPcXdrWGtr
cWxHOUxzUXVFNWF1VVZoZkVWZFNPbGcKLS0tIFBqZnZSNFBsR2xJUXM4UXk3bjQ2
OUpsbHJ3SkZZZmVNSDlDd0xGNXd5NVEKQVq3tYCRRkNwBTPnVx+RjoM5TOWLaWwd
/I5/A46xqwUpQyRXJOtfHwEWCMxvscm5Jxf9kKeGw/jrTSZze8k8eA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNFJTM2FUcFlkQjE0OFZZ
M3k4ZU5HcjZjbG9Db2pzUEtxcjZzbGtKZVVBCkxJalZTYlZNT1prKzFrTTkvdk1G
SW9zRzNWcmFHVlMrMFlmQU9ISlZiR0kKLS0tIEo5V1dPbXFrdFpBMWpKNW5PVVVD
ZHpaQUd5czgwTHBRS3drbW1FcDZ3aFkKuIIHdY/LFFKny+5SSeIbtbH/L8J3xGhA
z+8qfMvbyyIKznBAliL2Mt4bvUQe4zXNnhhcWbXDkuH/f1JsiiXXvQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h9ty40uxgznh7s2d7l3cx74lkylpgvs8lknkvkjvqyy5kn5kfc8qz0zc4c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5tOWQreTFwREszRi83
YTRLY0VyYUhIUXZGaXladzA5RWtmQ29jdW1VCmNwR1cxWFBtVUJ0VzkzTHFuOU51
YmV5R29tRmdkL2lEVkNua1dFMXFIR28KLS0tIFYyazRtZnBKTUl0VUpDTnZaSXcw
a21NVkRCOHFDakpEOS91Ym5OcXJHMFEKnDou7N4R90FnpEeNEkfsYGRIOx6u4gPI
Fvmd0F5Q6DWLQZ7BmWcNqItl379c1NKwnTS5wtKHNfD9Ikk2EJ3Fjg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UTJ4anMxcHZrcFFkQjY4
bnh2L0svdmlXNUJlQ1JYb1Bpc1JORGk3dFg0CkhvNy9EU3FrTDhuSmNnenF1Qmor
VGsrVmhvM0NSRGIyZmZrZ2ovNzFRSDAKLS0tIHlteWNVTFludlVOUTRqN29UNVNz
dkxEdGJLOWlLQ2pzUmc2M09WVUw4c3MKB3IHt2nBvPBOf/m4dgh09RNMzkY9/RdB
2w0ZGrDYLpBaNXV47USF1jNiPPIu804lGPbZoDIbPcmNSYGZZxxp4w==
-----END AGE ENCRYPTED FILE-----
- recipient: age18xjdme8vc657l8n7fzpn7twshprmtpc8p6usn257ajw0vftd8p8qxwwywn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUDI4UDFoQ201Uk43OHoz
bFkwRjVZNkFsVkpEZUdleXMwbmxFeVNOWVE4CmIwQUFwdTMyaEJ5dHF0ZUpYQ2Vn
TlhoODltVFRCRXY0K0ZFUFZsVzdSQkEKLS0tIEVBN2hFMFJDbnI4dEJkNmJKeEty
UEE1TVNwVU01cm9MaU45dWtydHB0THMKat1mOE4C7pGuRI7XQibPTECbWq8yqG8R
dBcBjnZ9Sh90feB8f5V4FENoP2dKYMPMZGs7vbQioo9T0o960SvFPg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTN1dFZElQc0RUTU5qdnFJ
OE15d1hubndnN0VIak9LK0Z5RXppLzBQaEZ3ClpLZUZZWmlXUmJBRjFPNnhJZEhq
Sk1qdjg0VXBlaDl5Z0FJTEhTdmlFaEUKLS0tIFlqVmRDRzBXK3JzSEd0SEpJMlFQ
cGt5L2c5RVNyc0JBVHhob3FGSHN1NFkKpFlLIG44/mYnWRk13eHIGYTekbNSpgvA
/7+kj0f9D479pEmKIrSqntyOhehJ6H3AXRwVBInrpdBvQdkDV2TYAw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12f24j7fcq46cjuqjftv5pyffpunyhqj98ypqf729z89xzunzryts5d8kl0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWTVyRWJobW1ONS9WNmJL
eWp0ZzBHNVdRU2psZTljTGxnYnlzVXF1TjBZCkRFMDlRT0RmYkNEVWJVMGhGbjJh
YzdrSUJlbGEyRWVndytnVGV0SnNGbEUKLS0tIGJPb3R4Zmw2ZHpybFM3eWxaNHVn
VXpmUmZlbElWZGVVMFNzK2NSU1MrM1EKMea0MU1esbwRFrIq6omrzI8h46gxScpL
nVf9wCF3Gs94Zfwmx2DQyxnwifKxzaBF8+H5qC8nPS50kB7jmYJNnw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRUNvcjUvcHYrZU4yNnU4
S3BOVVFjZGJORU9ZUmpGWDNjM0lIaDczUndjCno1WGxld1YySzhsU3E4cWNBd2l3
ZDZBRGVOZ1U0c3ViMUZGbXNSTUI2a0kKLS0tIERQZTlDVjZ3NE9NanFnVDRDY2Y5
eTRzQkxEMzFnSTl0R05vNHBvYmQxYTAKKR3+j4ais+KoN2c4jKS+YG/zdV8opbKc
erRea8O3eyQ9gFUI60d6IsNcVpzs8CuBB2uivB/lCbuDoL4xzNAA5w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jc4a52cukf6d94tt2meq8tnt084rhtdd93hwzjhzecc70rmvvapqtdng8v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNTNYSnJmYVVBMlR4YytC
cmlYRUpTZHJZOVBhUlpDZ1Fqc3BaTzNUWkg4CnRoNmI0TkV1SWF0UzhCc3l5ZFZw
WmRKVXAwOUVwcjRXSGhQL1R4TFo1RE0KLS0tIE9xYzhEdGxvT095MEliZzVqTk5M
cExiTkxKVmlTVm1FN0kxS0MvYmJtRHMKSurtuRkIO7hEULqXWK57JOQfuZDgccv3
I56galwJc0ql+eLVGWPmRXBEa2NRsEveLKUjDU77xodDkZyaiYFp4w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxamt0cDd6NGZmVWJ3ZU9m
eDMxekxVZkhXaVFKWTdUd00zR3c4RGdZNlZvCjI4RzNjcEpuVWJ2MXE4VnVRcTJG
aHB1UlZMeHBmdTBhUVBNNkdPTjU0QkEKLS0tIFJaNnVnSURSSHlPRkVycS90Y1ZN
am5ZMjlHL2xoMldhaTlHdURDMU5UaXMKfjeaus9zRPjJW/pbtJwioBLvkM34vpfC
8UCgGQHoo0nu1pQ8//Gu5AoB7a2vtpUqlWNZWGbFLlvF2GelmeQ06w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s4hzwj982zk04kr7c5u0vlemkzalv72wtkttkgzt64xv8a4r25zqxra6u0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVER0dE9RYWJXa0N2aGVw
TzUxMjkwb0ZRaitKdnhFRllqMFRVb0tVMlNNCmo0ZFAvM0tlQzdaQWhVWWNISUVL
THk4Q0F6TkxBcUJLdm13UHVmL29rb28KLS0tIFA3dHB6aHVqckEzVHVrM3ByaUU3
dzJpeFh3VGpjWnpoajFMcnBPcHE3aUEK07TzzaHN+ovWuPO2PU9gJ6H/63g+iXb2
oCb4gFoTrkZohZj2fKATNFrrWSmtYTBYD/aUKisiq9u/OjVpsJGTKQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6V0hFMjJmR2ZtZHU2YlFW
TzJxUG1SQjlNNTZKRXphbFFuWDJXS1BaVkdZCjgrQWNCUHYzZU03OGNURThxTDQ4
RDVSVHRLb3VKUG1pelZtYVJCR28zeW8KLS0tIGZ3c2R5Yk1WbGxMbktaWXV2aGhO
TXkrbkNGZ2h5VjdNMUs4ZURyUVBsTEEKw0ZHrPkymTC7gUTftM7kHA1YZQggKjM1
oRJbxJbGdmOhKmRADKa3YIziGmtvFgNZhZ9lsQb4/F1beGOUA5Gn2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age14cnx8ttzqndcsdz4xvmx07cvms6val5aanrf9qsg4j888hudufxqz9nm5p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWDFjQzNTR2V4MXI3K2hh
QWxkRzZ5dUswNldQN0I2NkpYQzM0YkdLd0hjCjZiZ2tnakNwYmJsa0dQWWErSTN5
Zk5xcEVnRFdpbi9tdG1KTFgwOEVuMmMKLS0tIHBvZmo1cmRHZ2lieGtVTll5ZDZt
RXZaMWRETVBsZnZKY1dNdnNlTnF2ZEkKui0laj4q6pm7lKklxDAcVGIWJBptv4xF
JuCqfOXuYf6z6KMDohmeBbJNnLoRtWz4UKUBTRuahrIG3fUTyVs7Eg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlR2hhTWVodG04eWhWWkdQ
S3NXM2xkYUtTMGdiNnJvcitoZ1dRUVNXK0RFCnFWdmFFSDhzdGg1cnZ4aXBkNTgx
V2VjQzRZNTIxeXZ1YnppeTdJZTNwUDgKLS0tICtmOHdhS2RYV1UySzFWeEU5RHhm
SklEVEZDbENYeHdXZDZ4VGZ0Ty9PaDgKNZt+CsKWbpoJvfpyY4Ll1zzUeV++8v7W
x3Dd5ZX+tr0N/e9L6HaoKVFgPaxGYijrZnzmK+tkOX5ImwKOxOrbkg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cGpIOTlsdHMxR1lRWU5u
dGRNNnIyQkgrbEJNNnZpeHY3SFk4b3NpWGpvCnh0QnJJY1BVeFdFZ2ZkZzlGTXVV
RmFYKy95MFZyVk5MalhNNGhjS1dRMEUKLS0tIGdKVGZYSUY4VXAzN0VHUU1INHJP
dXcyc3VhTmdtU2hSYWdoejRnSjBtZEUK+CGIibI1pb+E/avsd54tzxz7XgYT96SR
NDMDTPVlV/WQ9A+kT3BZ6x26zq7RLwjaRoQUK63CtSsTqeZsxDfsow==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRmhGK1dZcVIyb1JZd0JW
aVJHMjYrN3JOTWRmWkxkOWJuZzU0RGRFbmtRCnllVUwvc0hJbys4MS9EQ0puTmtj
eVBFL2hObXY5aCtwMjJCQWswTmtCZ2sKLS0tIGZIUm9ZN1ZCNGVTd005dVByZGJy
VjIyeVhrWGZERlJUZThEek1yMHVGT0UKYq5IJ/0L1icfv7x/rmtdPSeZOCFoK3WS
aieE+Di+GljYWaukmT+oL0Sz2ro8f3PdiPIUlz1LTRpMZa4G4RLzvw==
-----END AGE ENCRYPTED FILE-----
- recipient: age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TlRKU29obGZYcWd6Y0Vm
OXBhNFBqRWxCVnB1R0VSczg1Mm9vRjd2ajBJCnk5bXNMZ0RTVUxQVER1YTZsYWp5
aEU3ZitLYVByL2xyUFBUZlUzWU1odlUKLS0tIDRlZkhCaHlLODV5ZUZ1RmtQNjNu
REtwTEFReXJEa3R0bmJrRWxqRTV0U0UKMp7vXi3q2DdqMterWiJzeGXgBkKL+hPQ
u3otfcmxTcVGZXa/ykNqhUtrzrxn5aRcANKpX8Pb7VnKDELowaR9Dg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZGtIeFRFSFgxOHJpTCsz
Rk55aDZqVDI5c3F5RHRPd0RHK2lrYXpaY1R3CmowV1gyUlU3T3QrL0NSK3hGZStH
dnJ4Y1dCVG9KRTdkelpBS0tRN3BrT2MKLS0tIGNHRjNEcUpobDhQcDEvcVNDMVFR
NjY1dHd5dGd6MzJpS1ZBOEtlMzQyRXMKcnQnLEv9sGFnRlde4Y2cEPXKtNwZYJSL
lj9ScEQarqXOc0gwkGPjH9lXpiJM3tGtsZ7cmymdkTbXXWUv/kEKvw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM3lXWmVjME1rc3ZXSi9G
NnY0QWdVTitXK1VxSDA4N2grMnZWdkM0dkdRCmFvdk4xcldwaGFwcVpCS2pML0dN
WjVnOG9PSUZmczhkSCtIVzdwenVTVjQKLS0tIGhoTTlxREFTWG82VTMvak0zdDhi
eW9RdVlKTEJuSDF4Tkh2UVpjSEYyMmsKPpXIB72BdEM9ZRF/mGlaatvtfP1ud2VR
rA+Kpog69J7l5mcoAWs+Y1H7h8817FyI5FZhZQ4v1T8cgXgYyX58AQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcFNtcDc5dStxUFltYlBl
a1pxdHBFaGc2dnEzazhzYUxyMDhyVVhmajNNCndDdnpiMVNEWUdpa2dTaE5jdDlU
aGFrZkc0Zlh5aEFiVDdBS1AxNEsrckUKLS0tIDhwVFhUTzNmWWpMM2pWQVlJZEVG
bU03Y01vWGxVNVFaKzl5L01jeG9ZNGMKijKMj/TwNN09F/bHl6lGIRYEnXN/EMYn
AbI4UnnChp3X/63MpBey44YYMp0OX2c4nJU7ZTXN4x3xE0/F7XS6yw==
-----END AGE ENCRYPTED FILE-----
- recipient: age13xddcc3njv29sxzfdx2rjctaejhsxr5rephruga7vjrvjclcapuqnwx52t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bC9pR0p0M2dJNFNNazRm
SkIxbXNjeVUxSUJwc3pkZml5ZzNPZVFwUlJVClgxRDlyYm55ZjFCcTZsYWlhZGRo
eFZBQnlaMitWZk13WVh1eGJ1RFl6dVkKLS0tIDJFa3g4dlZ2R1YrQy9Md0I3VXdZ
dFNleEJCL0dva2s5NjNIK3FBN0FiZ0kKg0BYxxDULQRIYbgP8ihBS+caRo3eHux5
5lrVX45YSYYFDPJZJV2ahV+qJglR1x1Ixvm7GaBolC91/MsVd9r6Og==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-31T06:49:34Z"
mac: ENC[AES256_GCM,data:1bMWUaJdcUfHknidzCUTcAdweOZhGlBKq20mF/kjWJ1uR7AvGax9Vr/1cMVDDCfAkS5hOGo47oHqGDooTk2eATGVM0ilO/yO3jxCsV+qUsmunbpb5LKOaYLR4tw4Fb863tsCmy87LefTRHPudtQfNhZ4EwGgh0jKfUvcG/5L3tE=,iv:wR2QVuNGcj0ltqzizx6AB5NIbfawWeHs4p0k0jJFpUI=,tag:Ho3mGPWthbJgdSAtNNw+sA==,type:str]

82
tools/onboard-machine.js
View file

@ -1,71 +1,77 @@
import { dirname, resolve, relative } from "path"
import { parseDocument, stringify, } from "yaml"
import { dirname, resolve, relative } from "path";
import { parseDocument, stringify } from "yaml";
const [, script, name, host] = process.argv
const [, script, name, host] = process.argv;
const sopsFilePath = resolve(dirname(script), "../.sops.yaml")
const sopsFile = await Bun.file(sopsFilePath).text()
const sopsConfig = parseDocument(sopsFile)
const sopsFilePath = resolve(dirname(script), "../.sops.yaml");
const sopsFile = await Bun.file(sopsFilePath).text();
const sopsConfig = parseDocument(sopsFile);
//
// STEP 1: Get the remote key, convert to age key
//
const remoteKeyProc = Bun.spawn(`ssh-keyscan -t ed25519 ${host}`.split(" "), {
const remoteKeyProc = Bun.spawn(`ssh-keyscan -qt ed25519 ${host}`.split(" "), {
stderr: null,
})
});
const sshToAgeProc = Bun.spawn(["ssh-to-age"], {
stdin: await new Response(remoteKeyProc.stdout).arrayBuffer()
})
stdin: await new Response(remoteKeyProc.stdout).arrayBuffer(),
});
const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim()
const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim();
//
// STEP 2: Add to keys
//
const keysNode = sopsConfig.get("keys")
let keys = keysNode.items
const keysNode = sopsConfig.get("keys");
let keys = keysNode.items;
// remove keynode if it exists
keys = keys.filter(i => i.anchor !== `m_${name}`)
keys = keys.filter((i) => i.anchor !== `m_${name}`);
// create the new key node
const newNode = sopsConfig.createNode(ageKey)
newNode.anchor = `m_${name}`
const newNode = sopsConfig.createNode(ageKey);
newNode.anchor = `m_${name}`;
keys = [...keys, newNode]
keys = [...keys, newNode];
keysNode.items = keys
sopsConfig.set("keys", keysNode)
keysNode.items = keys;
sopsConfig.set("keys", keysNode);
//
// STEP 3: Add machine to creation_rules
//
const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$`
const opsAnchors = keys.filter(i => i.anchor.startsWith("op_")).map(i => sopsConfig.createAlias(i))
const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$`;
const opsAnchors = keys
.filter((i) => i.anchor.startsWith("op_"))
.map((i) => sopsConfig.createAlias(i));
//console.log({opsAnchors})
const creationRuleTemplate = ({
path_regex: pathRegex,
key_groups: [
{
age: [
...opsAnchors,
sopsConfig.createAlias(newNode)
]
}
]
})
const creationRuleTemplate = {
path_regex: pathRegex,
key_groups: [
{
age: [...opsAnchors, sopsConfig.createAlias(newNode)],
},
],
};
// Remove old creation_rules entry
const creationRules = sopsConfig.get("creation_rules").items.filter(i => i.get("path_regex") !== pathRegex)
const creationRules = sopsConfig
.get("creation_rules")
.items.filter((i) => i.get("path_regex") !== pathRegex);
const creationRulesNode = sopsConfig.createNode(creationRules)
creationRulesNode.add(creationRuleTemplate)
sopsConfig.set("creation_rules", creationRulesNode)
const creationRulesNode = sopsConfig.createNode(creationRules);
creationRulesNode.add(creationRuleTemplate);
sopsConfig.set("creation_rules", creationRulesNode);
await Bun.write(sopsFilePath, sopsConfig.toString())
await Bun.write(sopsFilePath, sopsConfig.toString());
console.log(`Finished. Added ${name} with key ${ageKey} to ${relative(dirname(script), sopsFilePath)}.`)
console.log(
`Finished. Added ${name} with key ${ageKey} to ${relative(
dirname(script),
sopsFilePath
)}.`
);