From 95018f6891ed4459e0c62af3e3abfc28d70674ac Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 12:19:39 -0400 Subject: [PATCH] sapphic-engineer: reinit --- .sops.yaml | 16 +- nixos/hosts/sapphic-engineer/akkoma.nix | 217 ++++++++++++++++++++++++ secrets/default.yaml | 138 +++++++-------- secrets/sapphic-engineer/default.yaml | 42 ++--- 4 files changed, 315 insertions(+), 98 deletions(-) create mode 100644 nixos/hosts/sapphic-engineer/akkoma.nix diff --git a/.sops.yaml b/.sops.yaml index 83b3f04..48c8167 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,12 +6,12 @@ keys: &all - &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r - &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 - &m_drone age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq - - &m_sapphic-engineer age1jfz43yflulhmsa509ng20qc8qkjckkunxtktgr347rl768445fhscz8gjx - &m_keylime age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p - &m_ps2live age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh - &m_ingress-proxy age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k - &m_monitoring age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx - &m_porcelain-doll-repair age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt + - &m_sapphic-engineer age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ @@ -45,13 +45,6 @@ creation_rules: - *op_noe_2 - *op_noe_3 - *m_drone - - path_regex: secrets/sapphic-engineer/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - age: - - *op_noe - - *op_noe_2 - - *op_noe_3 - - *m_sapphic-engineer - path_regex: secrets/keylime/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: @@ -87,3 +80,10 @@ creation_rules: - *op_noe_2 - *op_noe_3 - *m_porcelain-doll-repair + - path_regex: secrets/sapphic-engineer/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *op_noe + - *op_noe_2 + - *op_noe_3 + - *m_sapphic-engineer diff --git a/nixos/hosts/sapphic-engineer/akkoma.nix b/nixos/hosts/sapphic-engineer/akkoma.nix new file mode 100644 index 0000000..a1a5a52 --- /dev/null +++ b/nixos/hosts/sapphic-engineer/akkoma.nix @@ -0,0 +1,217 @@ +{ pkgs, inputs, config, lib, ... }: let + nameValuePair = name: value: { inherit name value; }; + defaultSecret = { + sopsFile = ../../../secrets/sapphic-engineer/default.yaml; + }; + secrets = keys: builtins.listToAttr (map (name: nameValuePair name defaultSecret) keys); + secretRef = key: { _secret: config.sops.secrets.${key}.path; }; +in { + imports = [ + inputs.tachikoma-fe.nixosModules.default + ]; + + sops.secrets = secrets [ + "s3--access_key_id" + "s3--host" + "s3--secret_access_key" + "joken--default_signer" + "pleroma--secret_key_base" + "pleroma--signing_salt" + "pleroma--live_view--signing_salt" + "vapid--private_key" + "vapid--public_key" + ]; + + services.akkoma = { + enable = true; + initSecrets = lib.mkForce false; + + config = with (pkgs.formats.elixirConf { }).lib; { + ":pleroma" = { + ":instance" = { + name = "sapphic.engineer"; + description = '' + Private instance for @noe@sapphic.engineer and friends. + + gex! + ''; + email = "admin@sapphic.engineer"; + registrations_open = false; + account_approval_required = true; + upload_limit = 100000000; + avatar_upload_limit = 1000000; + banner_upload_limit = 3000000; + background_upload_limit = 10000000; + max_pinned_statuses = 10; + }; + ":media_proxy" = { + enabled = true; + proxy_opts.redirect_on_failure = true; + proxy_url = ""; + }; + ":media_preview_proxy" = { + enabled = true; + thumbnail_max_width = 1920; + thumbnail_max_height = 1080; + }; + ":mrf" = { + transparency = false; + policies = + map mkRaw [ + "Pleroma.Web.ActivityPub.MRF.SimplePolicy" + "Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy" + "Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy" + ]; + }; + ":mrf_simple" = { + reject = mkMap { + + }; + media_nsfw = mkMap { + + }; + federated_timeline_removal = mkMap { + "mastodon.social" = ""; + }; + }; + ":mrf_object_age" = { + threshold = 60 * 60 * 24 * 90; + actions = map mkRaw [ ":reject" ]; + }; + + "Pleroma.Web.Endpoint" = { + http.ip = "::"; + url.host = "sapphic.engineer"; + live_view.signing_salt = secretRef "pleroma--live_view--signing_salt"; + signing_salt = secretRef "pleroma--signing_salt"; + secret_key_base = secretRef "pleroma--secret_key_base"; + }; + + "Pleroma.Upload" = { + filters = + map (pkgs.formats.elixirConf { }).lib.mkRaw [ + "Pleroma.Upload.Filter.OnlyMedia" + "Pleroma.Upload.Filter.Exiftool" + "Pleroma.Upload.Filter.Mogrify" + "Pleroma.Upload.Filter.Dedupe" + "Pleroma.Upload.Filter.AnonymizeFilename" + ]; + + link_name = true; + uploader = mkRaw "Pleroma.Uploaders.S3"; + base_url = "https://i.sapphic.engineer/"; + }; + "Pleroma.Upload.Filter.Mogrify" = { + args = [ "strip" "auto-orient" ]; + }; + "Pleroma.Uploaders.S3" = { + bucket = "sapphicengineer-akkoma-uploads"; + truncated_namespace = ""; + streaming_enabled = true; + }; + }; + ":ex_aws".":s3" = { + access_key_id = secretRef "s3--access_key_id"; + secret_access_key = secretRef "s3--secret_access_key"; + host = secretRef "s3--host"; + }; + + ":joken".":default_signer_secret" = secretRef "joken--default_signer"; + ":web_push_encryption".":vapid_details" = { + private_key = secretRef "vapid--private_key"; + public_key = secretRef "vapid--public_key"; + }; + }; + nginx = null; + extraPackages = with pkgs; [ exiftool imagemagick ffmpeg_5-full ]; + extraStatic = { + "robots.txt" = pkgs.writeText "robots.txt" '' + User-agent: * + Disallow: / + ''; + "favicon.png" = pkgs.stdenvNoCC.mkDerivation { + name = "favicon.png"; + src = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/foxxolay/foxxolay.com/main/akkoma/favicon.png"; + sha256 = "sha256-6L+1P+qAXxksss8U9GUcbMQQk8C32LTe/rznNXaf72c="; + }; + dontUnpack = true; + installPhase = '' + cp $src $out + ''; + }; + "static/logo.png" = pkgs.stdenvNoCC.mkDerivation { + name = "static/logo.png"; + src = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/foxxolay/foxxolay.com/main/akkoma/logo.png"; + sha256 = "sha256-drYYZxeeRkTrRlp1weh4xRVm/6tdWAnF7KHmfYWQg6M="; + }; + dontUnpack = true; + installPhase = '' + cp $src $out + ''; + }; + "static/logo.svg" = pkgs.stdenvNoCC.mkDerivation { + name = "static/logo.svg"; + src = ./.; + dontUnpack = true; + installPhase = '' + touch $out + ''; + }; + # "static/logo.png" = pkgs.stdenvNoCC.mkDerivation { + # name = "files/static/logo.png"; + # src = ./files; + # phases = [ "unpackPhase" "installPhase" ]; + # installPhase = '' + # mkdir -p $out/static + # cp static/logo.png $out/static/logo.png + # ''; + # }; + "emoji/foxes" = pkgs.stdenvNoCC.mkDerivation { + name = "emoji/foxes"; + src = ./emotes; + dontUnpack = true; + installPhase = '' + cp -r $src $out + ''; + }; + "emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg; + "static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" '' + This is a private instance. Requests are not accepted. + +
+ noe + it/its + not a person + sapphic.engineer +
+ ''; + }; + }; + + services.postgresql.enable = true; + services.postgresql.package = pkgs.postgresql_15; + + # services.nginx = { + # enable = true; + # package = pkgs.tengine; + + # clientMaxBodySize = "150m"; + # recommendedTlsSettings = true; + # recommendedOptimisation = true; + # recommendedGzipSettings = true; + # recommendedZstdSettings = true; + # recommendedBrotliSettings = true; + # recommendedProxySettings = true; + # commonHttpConfig = '' + # proxy_request_buffering off; + # proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache + # levels= keys_zone=akkoma_media_cache:16m max_size=16g + # inactive=1y use_temp_path=off; + + # log_format combined2 "$server_name: $remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""; + # access_log /var/log/nginx/access.log combined2; + # ''; + # }; +} diff --git a/secrets/default.yaml b/secrets/default.yaml index 388adf6..4d07791 100644 --- a/secrets/default.yaml +++ b/secrets/default.yaml @@ -9,119 +9,119 @@ sops: - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeTJjMmdYTWRPb2hNWTl6 - dVJZUW1XaisxNXRJY0YzVEpJY3NLczlkaHlFCk5OWW8xMUdDQXh4cldSOFozcWlX - cE1oMStObGxvQmZtNHlaQkNVbEdMaTgKLS0tIE4rUVVHZEVhUWgyTFpSazNHcjZp - NHlDY2FpTjlVekFTcXJMN1NlWkUwTWsKJFc9jr9vNAwJoc3hF4p9W9ul3Cp+SXA3 - V/pkQJoWAIuHJZwnzg2rgQs+oCUMgpCvWDEhOxQonFhS0OXfCi95qg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvODVYMkVOMUk2dUlDcGFt + YUxsRjRORVIrak5hYkVzMVArR1czT0VjbVFBCnV0MTdNd2RFWTJCOWdKK3lJMHBL + dmFtYy9ZNUZTeFV5UHBqSTVEQXBCb3MKLS0tIFdQQ1ZjUzh3NmwvQTRKZmFneDBo + dU05WnlBYVRNdmxJV293Q0prQW5MdG8KMV1NiLe9L+nrLyXmRoAyS3M8d8gWwy5J + Jg5HnDo1tU/J1B0AMUN9zhw2Z/BE/hh4bm/XWTqklycWsowXnopMNg== -----END AGE ENCRYPTED FILE----- - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTXE3SnFnZUZSeVU2MmRi - SW9Dbzk3bXNRdG9UdHRha3hudEw4K2syMURRCmtCb2pGeDdHeGl5bVU2UmlMdVpz - ZUpqWis0VlRZQ2thM1cvbFpHNzRzRVUKLS0tIG5QWFZtS3QzN2pVcFFnbVBpdlV1 - K1BaQVdSazRQcUJTZkthMzQwRzFGTFUKtXOOH3rrhbtk0D5JE2QmcF1u0f1mSIyu - 7jujAmULtj0Y5MMibuQHO9rBqEB5wJdzqNPn91KIvDKAX546z2cbSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSVFsT2JGQXlIQ1pvM0Fz + WE5HQTN3TlZLU0d2SnJXV3FGQnVJRDdUWFFnCmJtWW1CWHlVVVV1Vk8rRG9IQ1Zx + bmt4eDR1NFVhUXZRVlJGMkN2TklXWlkKLS0tIHNvOStxNldNdlczaGtVZmNQR0hK + T2JIczczdXZZMDg1VGNtNEdGODd1bjAKgbgFOEiAYstWKqX8X1nrScYZo79B/KlE + 60BfHnjVhklrG6hupo4LI+W7FjplMLNCuL3oKIzIFkQOOgP5zuY7xQ== -----END AGE ENCRYPTED FILE----- - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TjBHTmxTaEdMVXZjUTNp - MXBLWkxVcWR4azlNVS8yUjhyRnlNdlZkTlNBCjJ3QWRpRUFUbEFJUjNmMzBIYnU5 - RytwOGV4ZWUrZ2srRWhDbVQxWEhKRWsKLS0tIHhCYlNPT2RCYk80YXJUa1hNbHZ3 - Q3paWWVSeFVwdWlDeU83WEFXMXpmNEEKceD/UeeRipdFGcsn7/e8H+oj1BstRN/C - MJgq8Hu/pgfBS3LBsEtBvdPHddehmgDywLS+UM7eWu/ithe5DI1tgw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRzJtL3BiNHVMV2NkYWQx + cXJQRXRQY3NibmEvOGlVM284N2gxMDlJeHdrClg5amJiK1RuMEkwYndlQVhPMUJr + ZnUvc2c2UXpjQkZQUjNDUlhOb04xczAKLS0tIFd1Y2JvVEdHM2taZ203cW1YdGlJ + OG40bmlNL0ZXdG84N3JqMW9zcm5KeVUKQIFzh1JLNjskGGphH9bP104rahPeyWBu + /qiotTPDT2N8978KMn6o4fKFBzEV1EVKUMEUPTyIVheXzrM8LyQtEw== -----END AGE ENCRYPTED FILE----- - recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQkNTN2pSSTJ4R2kyKzRw - dmNIWGJwSWVEeG85aDRJMVNOaUpiMi81RkI0CjlTMmNVSEpWaW5EUGpaSW1CYklz - MWZVZHlZUkllQ0lTbDJIQi8yTUNvRW8KLS0tIFhCTllZREoxcUpWRU1RWldzMXJE - WVdlSDBMR3pkU0Uwdk1aS1phc1ozTWcK2/ij3pLn5c2JK/HiJ7DRqXZcBLI31WbQ - h43RmDR+aKAZTrthLSprCbumt7+AOY2zlLQ36AjAs+lF9j28tvnZQQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZERFTkZzRlpyU3BIKzRq + eW9FQUZ3Tmp4b3FXdUhyczFwWEo5ck80UFhrCi9tM2RPaFlMbXUvd0M5TFk0Sjgx + RHY2S2gzM2xkSUVudWxhWHQ4akF3aDAKLS0tIFFEUFBLOUQ0Qm9neXkxc2xjMkE0 + R0dVRzhNM2V5ZVBHRXZZY3l6OXRuRGcKCIXP66HiTN2JcPLigJqIY/fYtzKKGQ9b + U1TRRI3VB+yuSXDbaKhMwMzOf0J/wahGj+VoRpxbwqL4TdTx4ex4Wg== -----END AGE ENCRYPTED FILE----- - recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNUppK0U0SzIvWnVmWWda - SjJuNVRpbEZEYlJSNjhYdGdoeE5XeGxVZUFFCi8vVVIzNGJuUXF2WHh3eVlEK0tF - MlVQQ3RqYVVKT1gweXllc05JbTJXOUUKLS0tIFZvcjA5VTZ3YkROOXpDOU0rMWhi - UnJBaGt4SVczdUoxd3g2dWdkbVR4SWsKdZs3QqHPDsfX50CG8kCw/abqO1Fv3fes - eDJmfkwgeLWk9ddVkdOuHccNrhHA5qREMtkgjj/IghwLQAxyZ4o7gQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WVptbnB1UURVcTUybDRC + RnFMdFphWjZqc1hXN0JKcWduVjZlNzBkOTBVCmhBbDFOMlBSai90UmxGRmFyS0tV + VVMzZkc5K0VtS29Ea1M1V0Erc0o4Wm8KLS0tIFdPR3orWC9haDBLVmlrMzNIRjRC + TVp5MlZUNWdNaUg2RGRQY0pQT0l2ZGsKN3hJgWs13qCA4EDGpBEU6n3oNp4hSmhv + PqQDyKsNjkVfXEWS3A55wrGi1kFCoYXg06i5Bx8OtPnst6XsWUuO0A== -----END AGE ENCRYPTED FILE----- - recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMaWxjUGZtOXd1UmxOY2JM - VDlGZGRQRkRFb3RJTlJ1UVIrYURmSXR4TTMwCjZvalRlM3RDU0FDS2kvODFwUXVS - UVRSeFJIWUMwUGw0MjdMN0d5S2srOTQKLS0tIEZWQUhHWUtQMHU1bVJ1b3FpbWZs - VEVSazlYSkxIMlAzZ0NrdmV0ZGVYTFUKdZlZVrKVSAFQVGiVn/NmK4aAJbXCN7mp - 8LWGUZnyKngpRPkeHMHc0+k5VGZttwFSlIk9niACglf7KfgeD07sow== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSXkxdnpSOFV1Z0M3Q2Va + SlROYXJHMHczc3ZsbXRmRVROWm5ncEJzWjJVCmIwZkRGaDNYQkdmK1dwcDN3b0gv + b3hVQjBhY055RGx6eTVrUCsyd3FhbTgKLS0tIGZsRWVjdFF2Wk5rVDJvK1VCcU1r + RWhjQ3JwTDBoQWhtTk9ndk1TcVozOFEKYWlX9r6L5eiTSH1zbTsLTAehRlyAc1ys + S5aJImm5ukH7GZFkJef+gXYlGhm2+4Y/g9nh4rMW9FXhTe5zD+1mOQ== -----END AGE ENCRYPTED FILE----- - recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUk9lcjIralFSOUFaNFdu - NUlIS0xFK1dTOHdMWkQ4L2RNRVQvVTJOYTE0CnVKbTMzS2lNZ0JpaCtNU3hOV1hy - VzFjcDU1K1ExWnhybFQ4YWhUbUdXN0UKLS0tIERSeGRDU3Zod2dETFlrTDQ4azdB - cFFhRHNqTzEvdFFpRFFiRHZnRitIa2MKY+o/tzCKQyTBgWVQItC+CsYDITe4RiEf - F0I20EkYpOwubTZwSm+v5w84KH378h7+xF8tgjlkEayGxI07ZOWH1Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1jfz43yflulhmsa509ng20qc8qkjckkunxtktgr347rl768445fhscz8gjx - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFekRLQ21ZMUV2ZnBLOUJa - Z0xWbU5oY04wNWdrZXlPZGRrK0ZVT0pRK0RVCkZISndRMksvQXI5ODZlZ3BXbm05 - WWVka1ZOcTBtaFBzMFVqRmJSYThxT0EKLS0tIGNFd2g4THFybFg2VENESkMzdFpR - d01ZWjVLcHEzQVRTNnBRb2pNWkpGL2sKjNRE6gQqd9+Ccsnz/1uqCKUCrAMzvjja - q+vaQzekfiQQi0HWLxwL4wb30KU/qlLmVHIkT14eXgwzpwaOwHIVSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWFR0UWJGRUFJdkRQTzRm + U1Z5ZVBCVENKd2RsRk5QbDNlbUtDeXU0Z2ljCjFEaVM1V28xWmhiVHFJd3IybnFM + bGtiT1VONXdNZSt4cThwMHVQUTE3ODQKLS0tICtFdFF0eHNaZDJaM2dlYWp6Z0xR + Nm94dnhGcDYxSUR1L0FLOWxlRjc5NFEKkI8LDB/yP7MPwBUt4d5Lc8NK2cA8JkaL + Arnq7x2dZxxmO32aZxuPMD8f0JgzcdMYZCiVkyTT0wb/2LZ2aGX3AA== -----END AGE ENCRYPTED FILE----- - recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNjAvZEkrbU5TMmY2WUdJ - bUwvbDBwTUJFdjZJWWJVK3ZLVVFPRmNNR0I4CkJnREhxVUpzcHovZmlUKzB0MWZH - L3RZcHF0VGFzM0ljcXJxZVNmRytXUlEKLS0tIHFsR1VQK0xLYWJCN3BKanc3Wmp6 - ODVGUmxMRVdZQ3Q3YXJ4c3RvUEV0dkUKd0E++gL7piT8npLHWISEhB/CCFUDfH0G - gMyPZ5jesN3qwzTF+29kRHV+BsghVnoiypQh/46d8gq/2z9abf8CZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYWk2YWc4Vk1BckE4KzUv + Yk80NDNIV2lJQWkzd0RRQmlXSmIrVkJuRG53CkgwKzRUcHpLVDM2QWNJMG5oYmc0 + ME9sRnN5a1lJSWdlaEMzV2wxRzdRaHMKLS0tICszcmVpSXlzZFRWdmZmSG1LNk42 + NDl4bG5hZkU1MTlGZU9oMSsvOHV2cVEKNo8kD0prXoDWecj7MvJ8kWtuCr/vkJg2 + 0KCkKWE5C26Z0imURha/Opa8phxIABz7SxLN+F9BidCyGWSjAvqoOQ== -----END AGE ENCRYPTED FILE----- - recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cW80eGdEMWM5K3NQQlho - bE9FYWw2ZXA0YmFXL0RwK3ZuOWNoT0pKaDNJCmFaK3gxbWNjUFpraWF6eXhPV3RH - dFdVUFNBeDFPUkYrMzRMKzlEczZCZDQKLS0tIG9vc3M5NEVpaU82YjdSVFpmTGt4 - NC9hdXZwRmd3S0pPTE1DbERMczNxcWMK9Vrrssb5/bmkY5/5x2sq4QH5CdhQzR13 - XTmyO4JoJnqoKkmhyujYSGlWR1uo+rIYu4RKklWBGxFWB7OL3OOusA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVVhCbFN1MEJKUkROajFu + Mi9nMzh6M1BZWUoraVo5OUl5Wm9pY3VTMVRjCkd5VTA0aGk2RUUxZXVNcFM3cEVY + N1pEZ2h2V00zTHltelgyUGFkakpuK2cKLS0tIEpnYTViN1VOTWY5aTl3WWFEdzN6 + bFUzaHU0Umc2U2ozRENqWXY2OGYydXMK0N9v4qqfXzgtA9S4w8ffcXvlL1vF/W4+ + y21OHXT+vwaIk/ek6Hx7IMl8OFXodt1kQGWYZ+XQBeYy1HMwPosWRQ== -----END AGE ENCRYPTED FILE----- - recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVjN3bHZwV2JrVi9Ua09H - SGQvUWx4QjlJUnMyYzBnTTFTSUtvMk1UL1ZBCkdGWFlMWHQ4WGxJbzF5bEhIODFu - cnRObENmV3ZUTE5sQmw0VFllRmRRUVkKLS0tIFhvazFxZTM1cS9EY2RTYlZ4MlZY - WTBKMTU5dTM4eml2RkNVZ3c1emNsYUUKbeZQsn5fFn+Fe5moqPFye+pHgIdtj3rS - nTxl7vYYMmX0IDMM+3TqJkbnXnLcW0ZXsZkrPZ77I5Cze6geIT45Lw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNjRvbk1LYVBZeVliWVhu + WEQ4cjJqaUdMc0cxL1M1Tm85Z09qc0pOTlNZCjZyRVcwMFlyNXpiM0YxUXd2elNC + dEtUQVdPS1VVekMzWFdzd3V5Y1QxTnMKLS0tIDJJUTlncVdQV0ZGc0hRV2VCMWcy + WTAvNVpMNmltaHNiYVZkZCtDd2pPbzgKp7ynHZgvx7jjRZZeMmTwsmSVUP59n/2n + bn8Y7LKsHuvSKsN0hd1Y1WeeU0UiM8hTHJIiyjkmJNCU9LHJ9Fqm/w== -----END AGE ENCRYPTED FILE----- - recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNElzeHV2RkNGOVozT1Q4 - QUVCTHN1am9pemVmRTk1YkxBZ0RzOFFXbHowCmtVU3ZVL2lYVmZRR21mU0Vxamh4 - Q05KSDVoa3Vhc2FmUzlUT0Y0ZE1rSm8KLS0tIEdoRVVsb2FjWlhkbmg1cmV3Zld1 - OWZVd0dBa3FVQTJUN2lBUklPbFZqNTgK3O2CNghwgXm78GWVdIiusdFo1hbnuFWc - bxVfU2+XAMHUfbIWjmg/NXdvHVuhIP3q6Y37cBVjinIyib1pJyIpRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVXY2L2gzNlBNaVUwMzR6 + NSsyMnM2R2MvM0Fxb0tLREZaM25OK1daaWc0CktBZ2NiWm0xNWdRVkdTdXI5STJ5 + SEEyemJPb1J2T2FVcGF5eHBKMHo0QnMKLS0tIHV3UURlM0xGMThMcC94TiswYnJS + MTg4cUdLaTE4aEs5cDJQN1VMMks5OVkKFOS+KpdKD97AHwTL81bgYS9G/73qNRV3 + lxq9erPHQfQPoSgPjGNXFYdwzLEJX9WsKtGMByudy53bqbaJiGbO1Q== -----END AGE ENCRYPTED FILE----- - recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUXhMdy9GaTV1NHladW9H - ZlRMS2hkbXd6RnRINnI3T1VLWWxzWmVyekQ4CllXL2RYalRlMlVsTXpucXZKVHRk - dEs3LzJPaFNVSmRpRWJVbEw1bGJ2dGcKLS0tIDlneExmZUR5OFQrOGxWYzZuTkV4 - Vlk1bTR1VzNJdURYTnEzMnpxTFpoQ1UKW0KpAKC5NaLoKuGokStiDVOt5vHpyOhm - eNffHrh/Ixjf5GwupJUJrNtpOmnyhIU6jbPb8+yapBVGiRClQuRi7w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTVFDcFJxRjVWeTZhRjd5 + V0g5N0FvamZCdVFIK3p6d0ZheEpMOU84TkJZCkpTK3lUV2Q1OXpzNzhrQWNjTyt4 + aVlITVdubzE2Zm5KTGswNjJ0cFErZWsKLS0tIGM3TkRFbW5GYnljUmxkZGl6ajgv + WjR3dCtGSWtpY1NOdDlWUVd3WGlmem8KVoMBauZoRwOv1Pkr0Wz9zxxcbnTH/IIW + cBajxEQaZnzeLhLtFKHo6I31Z7UbhFlmgcjrlbWZDA4If7rNRIPHLg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQM3BUcE43bDNEbndWcU11 + eHIxQ1RsUUNJNWMrbjZqNmtxQVBqaG1RSkQ0CnpwZmxYRzRiNnRhS202cTlBa0FW + RlR0MEtqUUVES2g5R0xHa2VjYjNoQzQKLS0tIDBhYjl1YTJMcDJ3WlM2VnRMcUtx + R1dsSDd6U3RLS1hIN2JrZE1aSkhrOTQKSKeo9/CWIsNQ4uOnuCc9K5fC5is63Ha1 + 6pMewcZiLUJRoKUhug21Oy3NrZWXdTvt5IYbVpg+zW9XNdDcIboEnA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-03-27T00:47:48Z" mac: ENC[AES256_GCM,data:ODOesbH5wdv7/q3CgI4sZ8WTHDmIw/5MW9THMTVcSjCVjVDgJA93Os6jKEIcPx8idT/WCynC7Q43zpIV74/QDc/ypNQhj+PSjOUfidCf/bF+4hHuAwqxCye4rhYYhsubg1KXiC3+dO1QzQSPb5gIwUnD9vN6VQyH0sX/dvaVXw0=,iv:JF7vUX0RhBWyMD1NxW7ENIs90klw1FLt3dzQTlL5+T0=,tag:FJC7vWWEteBNHBWcYWv6AQ==,type:str] diff --git a/secrets/sapphic-engineer/default.yaml b/secrets/sapphic-engineer/default.yaml index ebe3ce4..f026bea 100644 --- a/secrets/sapphic-engineer/default.yaml +++ b/secrets/sapphic-engineer/default.yaml @@ -16,38 +16,38 @@ sops: - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUDBMaWpmN2tqSDNLd3Yy - UzVhYkQvVmFKZVF1YjFQRmNaOHhhcVZ0Q2xBCjNjc0Q5Z045L3ErVWJBa2ZBZmk4 - aFQzd0VDMHZpbnZwUGgwMDZ0ZFB1LzQKLS0tIFk5QytMMjlxS0RPL2xPWSt6Yjgz - bEM5bkVmMm93cWtDVEF0NER5SjhYWVUK1c3BsSTL70haSAhchTTCoCYhhv202Qj9 - Pub72WwCjx7YQWr4rEAkVjmmCWiWF6rTyyaHfEgtmfYk+EsZILgsZw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RHpsR1MyNGdFNXBsZW0z + ZXJyd2dtbk9aVGZ2cEl0d1Erb0FnU2VFd0EwCjJtbjl0QUZMSE1XSENtNkhpcW4y + NDhwM2hXaHRNa1ZFM3dZLzBFbG1nRlEKLS0tIDZLM2ZEbDBlM0hpazNIZnEveU9x + WEZBeGVMeHUvUE5EWThrZVdFUUYzV28KKLlNlqnrtGUkQB1E/RoN/71ELKhxkgMC + hOOOiaXUQYIOTVkJprTckItEq/h4s6ddwJISlfsYOMWAJzwBANabhA== -----END AGE ENCRYPTED FILE----- - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjYUMySWorVVRxM21zc252 - Njl5eHo1T0ZBMzZTTjVhYWpkbnhhVHE1RUVzCnBPK0NCQjVNQlRkTDNFZko0a1hn - bnVEalNFUDhiZVY5NktXZjBqZEp2S0UKLS0tIDZiMzFoOExGUWQ0bEkyeGtNN1ky - MU5NVEEybEdoNU91REhHNHF4aFczVUUKgsxKjHi6AB7Yuy5+x8+W36hkOZg4TR+1 - l6Sdj6DA42gvAWZbTvG9FuPWxos36nwx33lDyC3HVCc7m7Ue88v17A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUkFjek9WMk41NTZCdUVR + WUhPaW9YRnlsMTdhcVd3YkRmYWNUeW80NFFFCjhjWHh2WkM4WlBSQmMxVWxlV2Fk + SGlDU2pISDlJLzBPZUhLVG5PbUxjNkEKLS0tIFNIMTQ0dHJ2ckw5OExLVmJxMVg4 + SldDUDczQ0VvSDRpb2dmWVRFUU9hcHMKb2L3YJ7X/u/wmnqwSs9/LPdEeKW4hLgy + Kg9+5JNBOR7hibT9mz96LObs2Oss6hl2ZEQIBJZCWk11DzO9j1LNXA== -----END AGE ENCRYPTED FILE----- - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNjBIMDR3M21iek9URUZY - cWVPZVNjL3NGMW10SVNVckFBQW14SHpRYnlrCkozMnRuZFk4K08vbzFUUUttZG5C - dmFZWGFIT1RIV0hGZlJqVmZmUTViQ1kKLS0tIHArTmgzbU4rOWtMNFpFVXVVVzNV - TWgyTFplM2hsMVBQaTRSSnVvUGljYncKFjHyUz6dhqmWWi0koD3T4ma1QcCjgEFj - 2nQrkcmf7TlRm0PrjmEGHFR3/JsGCCavucED9S4+1fELQblK+0PExQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbFlndkFwYzF1bkZqSUZQ + N1BYUUNadnZFSUtZN3owVXhIUk9USFJNVnhzCmJZYW8vak9FNU4xZlg4VGlZOXUx + aGhrM1B2M25POVczd0dVMkJHZmpUTTQKLS0tIFZIdEUyM2xjQWppNGs0dHZXd3lT + aVFtRlRIajlHbzF6eVZWc3Y3enVNdjgKOCqws+BaS5GXxjvA89oEOFwRdrGBiASN + WiL1pvb2hfKLliiI3pJJ2m4B76jZAE4kmZZYMBlUeQqDSEDefb8kYQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1jfz43yflulhmsa509ng20qc8qkjckkunxtktgr347rl768445fhscz8gjx + - recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbjhIQ0dWUDZrakdESHVL - RFViV0NGU0YrczNUVTF3Sk10dDBxY1A3dTNZCjFvRm5vRDhoSUlCRFlDdUl6aGhG - Vm95dkpsK0JDUXcra0xGZ2VRa01LaE0KLS0tIE5NNnM5cWVGcFkvQWw3K1FISHkx - SEhrK1AybjlIZGlaRkFBSDQxTVVDcFkK9p8T32b8q6DG40YbSa62bhNfIf41DxBr - 3pOvzG4bE2Rpk2awf0pgWF8vYz8rDe4mVhkrnwjv8KyAVD0+oN1LjQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUWtCWEc5bi9OdWJuTTNG + bXdRUU5MQjJ1ZTJXRFZKeW4xQjhSY2huQmxjClp5YUlhelZuc1V5UTNmZlFGYlNo + UVVrS0Y4MlplQzBhak1Nb25rT2FQTkUKLS0tIFZMNk14eTBJcmhEWVBYUyt6VDd0 + RmhuTGZsVFJjMHYwNGJORVJ4cHNZRHMK3yeVtPHtIycbaPdfJbWeC7iQdKE0aWbY + pZd5E1QB6PrIHMWeCoPhSg36O/KK9kMj3pxDIx062/20VeS7MqmRpQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-03-24T04:35:40Z" mac: ENC[AES256_GCM,data:e9LpfB6s+r9kBXAsSvQGpymcyXioZmVeV+8I0CrYO6nFdaxkCmkC7tAxIvYVvm4hYrqDmWc1UHF1xSEn75b/dABQtP5kJl7Ibj4vY0JGWZ8jjtdjH58Qxi5DSDA/PSJi90zvDJgwUU7CN36VLV+hCKvW2O6plFrdzRQBkuul2bw=,iv:EGO+tA7T502LnzqPWuazTjJ9MLfluI+Iu/lDD8wePkY=,tag:QBLMuB91X6t0GN5uJ3ny5g==,type:str]