noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sapphic-engineer: reinit

Browse source
This commit is contained in:
41666 2024-03-30 12:19:39 -04:00
parent 43943b9591
commit 95018f6891
4 changed files with 315 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.sops.yaml
View file

@ -6,12 +6,12 @@ keys: &all
- &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r - &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
- &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 - &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
- &m_drone age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq - &m_drone age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq
- &m_sapphic-engineer age1jfz43yflulhmsa509ng20qc8qkjckkunxtktgr347rl768445fhscz8gjx
- &m_keylime age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p - &m_keylime age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p
- &m_ps2live age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh - &m_ps2live age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh
- &m_ingress-proxy age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k - &m_ingress-proxy age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k
- &m_monitoring age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx - &m_monitoring age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx
- &m_porcelain-doll-repair age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt - &m_porcelain-doll-repair age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt
- &m_sapphic-engineer age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -45,13 +45,6 @@ creation_rules:
- *op_noe_2 - *op_noe_2
- *op_noe_3 - *op_noe_3
- *m_drone - *m_drone
- path_regex: secrets/sapphic-engineer/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_sapphic-engineer
- path_regex: secrets/keylime/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/keylime/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
@ -87,3 +80,10 @@ creation_rules:
- *op_noe_2 - *op_noe_2
- *op_noe_3 - *op_noe_3
- *m_porcelain-doll-repair - *m_porcelain-doll-repair
- path_regex: secrets/sapphic-engineer/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_sapphic-engineer

217
nixos/hosts/sapphic-engineer/akkoma.nix Normal file
View file

@ -0,0 +1,217 @@
{ pkgs, inputs, config, lib, ... }: let
nameValuePair = name: value: { inherit name value; };
defaultSecret = {
sopsFile = ../../../secrets/sapphic-engineer/default.yaml;
};
secrets = keys: builtins.listToAttr (map (name: nameValuePair name defaultSecret) keys);
secretRef = key: { _secret: config.sops.secrets.${key}.path; };
in {
imports = [
inputs.tachikoma-fe.nixosModules.default
];
sops.secrets = secrets [
"s3--access_key_id"
"s3--host"
"s3--secret_access_key"
"joken--default_signer"
"pleroma--secret_key_base"
"pleroma--signing_salt"
"pleroma--live_view--signing_salt"
"vapid--private_key"
"vapid--public_key"
];
services.akkoma = {
enable = true;
initSecrets = lib.mkForce false;
config = with (pkgs.formats.elixirConf { }).lib; {
":pleroma" = {
":instance" = {
name = "sapphic.engineer";
description = ''
Private instance for @noe@sapphic.engineer and friends.
gex!
'';
email = "admin@sapphic.engineer";
registrations_open = false;
account_approval_required = true;
upload_limit = 100000000;
avatar_upload_limit = 1000000;
banner_upload_limit = 3000000;
background_upload_limit = 10000000;
max_pinned_statuses = 10;
};
":media_proxy" = {
enabled = true;
proxy_opts.redirect_on_failure = true;
proxy_url = "";
};
":media_preview_proxy" = {
enabled = true;
thumbnail_max_width = 1920;
thumbnail_max_height = 1080;
};
":mrf" = {
transparency = false;
policies =
map mkRaw [
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
"Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy"
];
};
":mrf_simple" = {
reject = mkMap {
};
media_nsfw = mkMap {
};
federated_timeline_removal = mkMap {
"mastodon.social" = "";
};
};
":mrf_object_age" = {
threshold = 60 * 60 * 24 * 90;
actions = map mkRaw [ ":reject" ];
};
"Pleroma.Web.Endpoint" = {
http.ip = "::";
url.host = "sapphic.engineer";
live_view.signing_salt = secretRef "pleroma--live_view--signing_salt";
signing_salt = secretRef "pleroma--signing_salt";
secret_key_base = secretRef "pleroma--secret_key_base";
};
"Pleroma.Upload" = {
filters =
map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.OnlyMedia"
"Pleroma.Upload.Filter.Exiftool"
"Pleroma.Upload.Filter.Mogrify"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
link_name = true;
uploader = mkRaw "Pleroma.Uploaders.S3";
base_url = "https://i.sapphic.engineer/";
};
"Pleroma.Upload.Filter.Mogrify" = {
args = [ "strip" "auto-orient" ];
};
"Pleroma.Uploaders.S3" = {
bucket = "sapphicengineer-akkoma-uploads";
truncated_namespace = "";
streaming_enabled = true;
};
};
":ex_aws".":s3" = {
access_key_id = secretRef "s3--access_key_id";
secret_access_key = secretRef "s3--secret_access_key";
host = secretRef "s3--host";
};
":joken".":default_signer_secret" = secretRef "joken--default_signer";
":web_push_encryption".":vapid_details" = {
private_key = secretRef "vapid--private_key";
public_key = secretRef "vapid--public_key";
};
};
nginx = null;
extraPackages = with pkgs; [ exiftool imagemagick ffmpeg_5-full ];
extraStatic = {
"robots.txt" = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /
'';
"favicon.png" = pkgs.stdenvNoCC.mkDerivation {
name = "favicon.png";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/foxxolay/foxxolay.com/main/akkoma/favicon.png";
sha256 = "sha256-6L+1P+qAXxksss8U9GUcbMQQk8C32LTe/rznNXaf72c=";
};
dontUnpack = true;
installPhase = ''
cp $src $out
'';
};
"static/logo.png" = pkgs.stdenvNoCC.mkDerivation {
name = "static/logo.png";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/foxxolay/foxxolay.com/main/akkoma/logo.png";
sha256 = "sha256-drYYZxeeRkTrRlp1weh4xRVm/6tdWAnF7KHmfYWQg6M=";
};
dontUnpack = true;
installPhase = ''
cp $src $out
'';
};
"static/logo.svg" = pkgs.stdenvNoCC.mkDerivation {
name = "static/logo.svg";
src = ./.;
dontUnpack = true;
installPhase = ''
touch $out
'';
};
# "static/logo.png" = pkgs.stdenvNoCC.mkDerivation {
# name = "files/static/logo.png";
# src = ./files;
# phases = [ "unpackPhase" "installPhase" ];
# installPhase = ''
# mkdir -p $out/static
# cp static/logo.png $out/static/logo.png
# '';
# };
"emoji/foxes" = pkgs.stdenvNoCC.mkDerivation {
name = "emoji/foxes";
src = ./emotes;
dontUnpack = true;
installPhase = ''
cp -r $src $out
'';
};
"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
"static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''
This is a private instance. Requests are not accepted.
<div>
<a href="https://noe.sh" target="_blank"><img src="https://noe.sh/yay/88x31.png" width="88" height="31" alt="noe" /></a>
<a href="https://noe.sh/pronouns/" target="_blank"><img src="https://noe.sh/yay/88x31-vp.png" width="88" height="31" alt="it/its" /></a>
<img src="https://noe.sh/yay/88x31-nap.png" width="88" height="31" alt="not a person" />
<a href="https://sapphic.engineer" target="_blank"><img src="https://noe.sh/yay/88x31-se.png" width="88" height="31" alt="sapphic.engineer" /></a>
</div>
'';
};
};
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_15;
# services.nginx = {
# enable = true;
# package = pkgs.tengine;
# clientMaxBodySize = "150m";
# recommendedTlsSettings = true;
# recommendedOptimisation = true;
# recommendedGzipSettings = true;
# recommendedZstdSettings = true;
# recommendedBrotliSettings = true;
# recommendedProxySettings = true;
# commonHttpConfig = ''
# proxy_request_buffering off;
# proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
# levels= keys_zone=akkoma_media_cache:16m max_size=16g
# inactive=1y use_temp_path=off;
# log_format combined2 "$server_name: $remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"";
# access_log /var/log/nginx/access.log combined2;
# '';
# };
}

138
secrets/default.yaml
View file

@ -9,119 +9,119 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeTJjMmdYTWRPb2hNWTl6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvODVYMkVOMUk2dUlDcGFt
dVJZUW1XaisxNXRJY0YzVEpJY3NLczlkaHlFCk5OWW8xMUdDQXh4cldSOFozcWlX YUxsRjRORVIrak5hYkVzMVArR1czT0VjbVFBCnV0MTdNd2RFWTJCOWdKK3lJMHBL
cE1oMStObGxvQmZtNHlaQkNVbEdMaTgKLS0tIE4rUVVHZEVhUWgyTFpSazNHcjZp dmFtYy9ZNUZTeFV5UHBqSTVEQXBCb3MKLS0tIFdQQ1ZjUzh3NmwvQTRKZmFneDBo
NHlDY2FpTjlVekFTcXJMN1NlWkUwTWsKJFc9jr9vNAwJoc3hF4p9W9ul3Cp+SXA3 dU05WnlBYVRNdmxJV293Q0prQW5MdG8KMV1NiLe9L+nrLyXmRoAyS3M8d8gWwy5J
V/pkQJoWAIuHJZwnzg2rgQs+oCUMgpCvWDEhOxQonFhS0OXfCi95qg== Jg5HnDo1tU/J1B0AMUN9zhw2Z/BE/hh4bm/XWTqklycWsowXnopMNg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTXE3SnFnZUZSeVU2MmRi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSVFsT2JGQXlIQ1pvM0Fz
SW9Dbzk3bXNRdG9UdHRha3hudEw4K2syMURRCmtCb2pGeDdHeGl5bVU2UmlMdVpz WE5HQTN3TlZLU0d2SnJXV3FGQnVJRDdUWFFnCmJtWW1CWHlVVVV1Vk8rRG9IQ1Zx
ZUpqWis0VlRZQ2thM1cvbFpHNzRzRVUKLS0tIG5QWFZtS3QzN2pVcFFnbVBpdlV1 bmt4eDR1NFVhUXZRVlJGMkN2TklXWlkKLS0tIHNvOStxNldNdlczaGtVZmNQR0hK
K1BaQVdSazRQcUJTZkthMzQwRzFGTFUKtXOOH3rrhbtk0D5JE2QmcF1u0f1mSIyu T2JIczczdXZZMDg1VGNtNEdGODd1bjAKgbgFOEiAYstWKqX8X1nrScYZo79B/KlE
7jujAmULtj0Y5MMibuQHO9rBqEB5wJdzqNPn91KIvDKAX546z2cbSw== 60BfHnjVhklrG6hupo4LI+W7FjplMLNCuL3oKIzIFkQOOgP5zuY7xQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TjBHTmxTaEdMVXZjUTNp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRzJtL3BiNHVMV2NkYWQx
MXBLWkxVcWR4azlNVS8yUjhyRnlNdlZkTlNBCjJ3QWRpRUFUbEFJUjNmMzBIYnU5 cXJQRXRQY3NibmEvOGlVM284N2gxMDlJeHdrClg5amJiK1RuMEkwYndlQVhPMUJr
RytwOGV4ZWUrZ2srRWhDbVQxWEhKRWsKLS0tIHhCYlNPT2RCYk80YXJUa1hNbHZ3 ZnUvc2c2UXpjQkZQUjNDUlhOb04xczAKLS0tIFd1Y2JvVEdHM2taZ203cW1YdGlJ
Q3paWWVSeFVwdWlDeU83WEFXMXpmNEEKceD/UeeRipdFGcsn7/e8H+oj1BstRN/C OG40bmlNL0ZXdG84N3JqMW9zcm5KeVUKQIFzh1JLNjskGGphH9bP104rahPeyWBu
MJgq8Hu/pgfBS3LBsEtBvdPHddehmgDywLS+UM7eWu/ithe5DI1tgw== /qiotTPDT2N8978KMn6o4fKFBzEV1EVKUMEUPTyIVheXzrM8LyQtEw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 - recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQkNTN2pSSTJ4R2kyKzRw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZERFTkZzRlpyU3BIKzRq
dmNIWGJwSWVEeG85aDRJMVNOaUpiMi81RkI0CjlTMmNVSEpWaW5EUGpaSW1CYklz eW9FQUZ3Tmp4b3FXdUhyczFwWEo5ck80UFhrCi9tM2RPaFlMbXUvd0M5TFk0Sjgx
MWZVZHlZUkllQ0lTbDJIQi8yTUNvRW8KLS0tIFhCTllZREoxcUpWRU1RWldzMXJE RHY2S2gzM2xkSUVudWxhWHQ4akF3aDAKLS0tIFFEUFBLOUQ0Qm9neXkxc2xjMkE0
WVdlSDBMR3pkU0Uwdk1aS1phc1ozTWcK2/ij3pLn5c2JK/HiJ7DRqXZcBLI31WbQ R0dVRzhNM2V5ZVBHRXZZY3l6OXRuRGcKCIXP66HiTN2JcPLigJqIY/fYtzKKGQ9b
h43RmDR+aKAZTrthLSprCbumt7+AOY2zlLQ36AjAs+lF9j28tvnZQQ== U1TRRI3VB+yuSXDbaKhMwMzOf0J/wahGj+VoRpxbwqL4TdTx4ex4Wg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r - recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNUppK0U0SzIvWnVmWWda YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WVptbnB1UURVcTUybDRC
SjJuNVRpbEZEYlJSNjhYdGdoeE5XeGxVZUFFCi8vVVIzNGJuUXF2WHh3eVlEK0tF RnFMdFphWjZqc1hXN0JKcWduVjZlNzBkOTBVCmhBbDFOMlBSai90UmxGRmFyS0tV
MlVQQ3RqYVVKT1gweXllc05JbTJXOUUKLS0tIFZvcjA5VTZ3YkROOXpDOU0rMWhi VVMzZkc5K0VtS29Ea1M1V0Erc0o4Wm8KLS0tIFdPR3orWC9haDBLVmlrMzNIRjRC
UnJBaGt4SVczdUoxd3g2dWdkbVR4SWsKdZs3QqHPDsfX50CG8kCw/abqO1Fv3fes TVp5MlZUNWdNaUg2RGRQY0pQT0l2ZGsKN3hJgWs13qCA4EDGpBEU6n3oNp4hSmhv
eDJmfkwgeLWk9ddVkdOuHccNrhHA5qREMtkgjj/IghwLQAxyZ4o7gQ== PqQDyKsNjkVfXEWS3A55wrGi1kFCoYXg06i5Bx8OtPnst6XsWUuO0A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 - recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMaWxjUGZtOXd1UmxOY2JM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSXkxdnpSOFV1Z0M3Q2Va
VDlGZGRQRkRFb3RJTlJ1UVIrYURmSXR4TTMwCjZvalRlM3RDU0FDS2kvODFwUXVS SlROYXJHMHczc3ZsbXRmRVROWm5ncEJzWjJVCmIwZkRGaDNYQkdmK1dwcDN3b0gv
UVRSeFJIWUMwUGw0MjdMN0d5S2srOTQKLS0tIEZWQUhHWUtQMHU1bVJ1b3FpbWZs b3hVQjBhY055RGx6eTVrUCsyd3FhbTgKLS0tIGZsRWVjdFF2Wk5rVDJvK1VCcU1r
VEVSazlYSkxIMlAzZ0NrdmV0ZGVYTFUKdZlZVrKVSAFQVGiVn/NmK4aAJbXCN7mp RWhjQ3JwTDBoQWhtTk9ndk1TcVozOFEKYWlX9r6L5eiTSH1zbTsLTAehRlyAc1ys
8LWGUZnyKngpRPkeHMHc0+k5VGZttwFSlIk9niACglf7KfgeD07sow== S5aJImm5ukH7GZFkJef+gXYlGhm2+4Y/g9nh4rMW9FXhTe5zD+1mOQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq - recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUk9lcjIralFSOUFaNFdu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWFR0UWJGRUFJdkRQTzRm
NUlIS0xFK1dTOHdMWkQ4L2RNRVQvVTJOYTE0CnVKbTMzS2lNZ0JpaCtNU3hOV1hy U1Z5ZVBCVENKd2RsRk5QbDNlbUtDeXU0Z2ljCjFEaVM1V28xWmhiVHFJd3IybnFM
VzFjcDU1K1ExWnhybFQ4YWhUbUdXN0UKLS0tIERSeGRDU3Zod2dETFlrTDQ4azdB bGtiT1VONXdNZSt4cThwMHVQUTE3ODQKLS0tICtFdFF0eHNaZDJaM2dlYWp6Z0xR
cFFhRHNqTzEvdFFpRFFiRHZnRitIa2MKY+o/tzCKQyTBgWVQItC+CsYDITe4RiEf Nm94dnhGcDYxSUR1L0FLOWxlRjc5NFEKkI8LDB/yP7MPwBUt4d5Lc8NK2cA8JkaL
F0I20EkYpOwubTZwSm+v5w84KH378h7+xF8tgjlkEayGxI07ZOWH1Q== Arnq7x2dZxxmO32aZxuPMD8f0JgzcdMYZCiVkyTT0wb/2LZ2aGX3AA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jfz43yflulhmsa509ng20qc8qkjckkunxtktgr347rl768445fhscz8gjx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFekRLQ21ZMUV2ZnBLOUJa
Z0xWbU5oY04wNWdrZXlPZGRrK0ZVT0pRK0RVCkZISndRMksvQXI5ODZlZ3BXbm05
WWVka1ZOcTBtaFBzMFVqRmJSYThxT0EKLS0tIGNFd2g4THFybFg2VENESkMzdFpR
d01ZWjVLcHEzQVRTNnBRb2pNWkpGL2sKjNRE6gQqd9+Ccsnz/1uqCKUCrAMzvjja
q+vaQzekfiQQi0HWLxwL4wb30KU/qlLmVHIkT14eXgwzpwaOwHIVSw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p - recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNjAvZEkrbU5TMmY2WUdJ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYWk2YWc4Vk1BckE4KzUv
bUwvbDBwTUJFdjZJWWJVK3ZLVVFPRmNNR0I4CkJnREhxVUpzcHovZmlUKzB0MWZH Yk80NDNIV2lJQWkzd0RRQmlXSmIrVkJuRG53CkgwKzRUcHpLVDM2QWNJMG5oYmc0
L3RZcHF0VGFzM0ljcXJxZVNmRytXUlEKLS0tIHFsR1VQK0xLYWJCN3BKanc3Wmp6 ME9sRnN5a1lJSWdlaEMzV2wxRzdRaHMKLS0tICszcmVpSXlzZFRWdmZmSG1LNk42
ODVGUmxMRVdZQ3Q3YXJ4c3RvUEV0dkUKd0E++gL7piT8npLHWISEhB/CCFUDfH0G NDl4bG5hZkU1MTlGZU9oMSsvOHV2cVEKNo8kD0prXoDWecj7MvJ8kWtuCr/vkJg2
gMyPZ5jesN3qwzTF+29kRHV+BsghVnoiypQh/46d8gq/2z9abf8CZQ== 0KCkKWE5C26Z0imURha/Opa8phxIABz7SxLN+F9BidCyGWSjAvqoOQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh - recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cW80eGdEMWM5K3NQQlho YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVVhCbFN1MEJKUkROajFu
bE9FYWw2ZXA0YmFXL0RwK3ZuOWNoT0pKaDNJCmFaK3gxbWNjUFpraWF6eXhPV3RH Mi9nMzh6M1BZWUoraVo5OUl5Wm9pY3VTMVRjCkd5VTA0aGk2RUUxZXVNcFM3cEVY
dFdVUFNBeDFPUkYrMzRMKzlEczZCZDQKLS0tIG9vc3M5NEVpaU82YjdSVFpmTGt4 N1pEZ2h2V00zTHltelgyUGFkakpuK2cKLS0tIEpnYTViN1VOTWY5aTl3WWFEdzN6
NC9hdXZwRmd3S0pPTE1DbERMczNxcWMK9Vrrssb5/bmkY5/5x2sq4QH5CdhQzR13 bFUzaHU0Umc2U2ozRENqWXY2OGYydXMK0N9v4qqfXzgtA9S4w8ffcXvlL1vF/W4+
XTmyO4JoJnqoKkmhyujYSGlWR1uo+rIYu4RKklWBGxFWB7OL3OOusA== y21OHXT+vwaIk/ek6Hx7IMl8OFXodt1kQGWYZ+XQBeYy1HMwPosWRQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k - recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVjN3bHZwV2JrVi9Ua09H YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNjRvbk1LYVBZeVliWVhu
SGQvUWx4QjlJUnMyYzBnTTFTSUtvMk1UL1ZBCkdGWFlMWHQ4WGxJbzF5bEhIODFu WEQ4cjJqaUdMc0cxL1M1Tm85Z09qc0pOTlNZCjZyRVcwMFlyNXpiM0YxUXd2elNC
cnRObENmV3ZUTE5sQmw0VFllRmRRUVkKLS0tIFhvazFxZTM1cS9EY2RTYlZ4MlZY dEtUQVdPS1VVekMzWFdzd3V5Y1QxTnMKLS0tIDJJUTlncVdQV0ZGc0hRV2VCMWcy
WTBKMTU5dTM4eml2RkNVZ3c1emNsYUUKbeZQsn5fFn+Fe5moqPFye+pHgIdtj3rS WTAvNVpMNmltaHNiYVZkZCtDd2pPbzgKp7ynHZgvx7jjRZZeMmTwsmSVUP59n/2n
nTxl7vYYMmX0IDMM+3TqJkbnXnLcW0ZXsZkrPZ77I5Cze6geIT45Lw== bn8Y7LKsHuvSKsN0hd1Y1WeeU0UiM8hTHJIiyjkmJNCU9LHJ9Fqm/w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx - recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNElzeHV2RkNGOVozT1Q4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVXY2L2gzNlBNaVUwMzR6
QUVCTHN1am9pemVmRTk1YkxBZ0RzOFFXbHowCmtVU3ZVL2lYVmZRR21mU0Vxamh4 NSsyMnM2R2MvM0Fxb0tLREZaM25OK1daaWc0CktBZ2NiWm0xNWdRVkdTdXI5STJ5
Q05KSDVoa3Vhc2FmUzlUT0Y0ZE1rSm8KLS0tIEdoRVVsb2FjWlhkbmg1cmV3Zld1 SEEyemJPb1J2T2FVcGF5eHBKMHo0QnMKLS0tIHV3UURlM0xGMThMcC94TiswYnJS
OWZVd0dBa3FVQTJUN2lBUklPbFZqNTgK3O2CNghwgXm78GWVdIiusdFo1hbnuFWc MTg4cUdLaTE4aEs5cDJQN1VMMks5OVkKFOS+KpdKD97AHwTL81bgYS9G/73qNRV3
bxVfU2+XAMHUfbIWjmg/NXdvHVuhIP3q6Y37cBVjinIyib1pJyIpRQ== lxq9erPHQfQPoSgPjGNXFYdwzLEJX9WsKtGMByudy53bqbaJiGbO1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt - recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUXhMdy9GaTV1NHladW9H YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTVFDcFJxRjVWeTZhRjd5
ZlRMS2hkbXd6RnRINnI3T1VLWWxzWmVyekQ4CllXL2RYalRlMlVsTXpucXZKVHRk V0g5N0FvamZCdVFIK3p6d0ZheEpMOU84TkJZCkpTK3lUV2Q1OXpzNzhrQWNjTyt4
dEs3LzJPaFNVSmRpRWJVbEw1bGJ2dGcKLS0tIDlneExmZUR5OFQrOGxWYzZuTkV4 aVlITVdubzE2Zm5KTGswNjJ0cFErZWsKLS0tIGM3TkRFbW5GYnljUmxkZGl6ajgv
Vlk1bTR1VzNJdURYTnEzMnpxTFpoQ1UKW0KpAKC5NaLoKuGokStiDVOt5vHpyOhm WjR3dCtGSWtpY1NOdDlWUVd3WGlmem8KVoMBauZoRwOv1Pkr0Wz9zxxcbnTH/IIW
eNffHrh/Ixjf5GwupJUJrNtpOmnyhIU6jbPb8+yapBVGiRClQuRi7w== cBajxEQaZnzeLhLtFKHo6I31Z7UbhFlmgcjrlbWZDA4If7rNRIPHLg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQM3BUcE43bDNEbndWcU11
eHIxQ1RsUUNJNWMrbjZqNmtxQVBqaG1RSkQ0CnpwZmxYRzRiNnRhS202cTlBa0FW
RlR0MEtqUUVES2g5R0xHa2VjYjNoQzQKLS0tIDBhYjl1YTJMcDJ3WlM2VnRMcUtx
R1dsSDd6U3RLS1hIN2JrZE1aSkhrOTQKSKeo9/CWIsNQ4uOnuCc9K5fC5is63Ha1
6pMewcZiLUJRoKUhug21Oy3NrZWXdTvt5IYbVpg+zW9XNdDcIboEnA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-27T00:47:48Z" lastmodified: "2024-03-27T00:47:48Z"
mac: ENC[AES256_GCM,data:ODOesbH5wdv7/q3CgI4sZ8WTHDmIw/5MW9THMTVcSjCVjVDgJA93Os6jKEIcPx8idT/WCynC7Q43zpIV74/QDc/ypNQhj+PSjOUfidCf/bF+4hHuAwqxCye4rhYYhsubg1KXiC3+dO1QzQSPb5gIwUnD9vN6VQyH0sX/dvaVXw0=,iv:JF7vUX0RhBWyMD1NxW7ENIs90klw1FLt3dzQTlL5+T0=,tag:FJC7vWWEteBNHBWcYWv6AQ==,type:str] mac: ENC[AES256_GCM,data:ODOesbH5wdv7/q3CgI4sZ8WTHDmIw/5MW9THMTVcSjCVjVDgJA93Os6jKEIcPx8idT/WCynC7Q43zpIV74/QDc/ypNQhj+PSjOUfidCf/bF+4hHuAwqxCye4rhYYhsubg1KXiC3+dO1QzQSPb5gIwUnD9vN6VQyH0sX/dvaVXw0=,iv:JF7vUX0RhBWyMD1NxW7ENIs90klw1FLt3dzQTlL5+T0=,tag:FJC7vWWEteBNHBWcYWv6AQ==,type:str]

42
secrets/sapphic-engineer/default.yaml
View file

@ -16,38 +16,38 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUDBMaWpmN2tqSDNLd3Yy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RHpsR1MyNGdFNXBsZW0z
UzVhYkQvVmFKZVF1YjFQRmNaOHhhcVZ0Q2xBCjNjc0Q5Z045L3ErVWJBa2ZBZmk4 ZXJyd2dtbk9aVGZ2cEl0d1Erb0FnU2VFd0EwCjJtbjl0QUZMSE1XSENtNkhpcW4y
aFQzd0VDMHZpbnZwUGgwMDZ0ZFB1LzQKLS0tIFk5QytMMjlxS0RPL2xPWSt6Yjgz NDhwM2hXaHRNa1ZFM3dZLzBFbG1nRlEKLS0tIDZLM2ZEbDBlM0hpazNIZnEveU9x
bEM5bkVmMm93cWtDVEF0NER5SjhYWVUK1c3BsSTL70haSAhchTTCoCYhhv202Qj9 WEZBeGVMeHUvUE5EWThrZVdFUUYzV28KKLlNlqnrtGUkQB1E/RoN/71ELKhxkgMC
Pub72WwCjx7YQWr4rEAkVjmmCWiWF6rTyyaHfEgtmfYk+EsZILgsZw== hOOOiaXUQYIOTVkJprTckItEq/h4s6ddwJISlfsYOMWAJzwBANabhA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjYUMySWorVVRxM21zc252 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUkFjek9WMk41NTZCdUVR
Njl5eHo1T0ZBMzZTTjVhYWpkbnhhVHE1RUVzCnBPK0NCQjVNQlRkTDNFZko0a1hn WUhPaW9YRnlsMTdhcVd3YkRmYWNUeW80NFFFCjhjWHh2WkM4WlBSQmMxVWxlV2Fk
bnVEalNFUDhiZVY5NktXZjBqZEp2S0UKLS0tIDZiMzFoOExGUWQ0bEkyeGtNN1ky SGlDU2pISDlJLzBPZUhLVG5PbUxjNkEKLS0tIFNIMTQ0dHJ2ckw5OExLVmJxMVg4
MU5NVEEybEdoNU91REhHNHF4aFczVUUKgsxKjHi6AB7Yuy5+x8+W36hkOZg4TR+1 SldDUDczQ0VvSDRpb2dmWVRFUU9hcHMKb2L3YJ7X/u/wmnqwSs9/LPdEeKW4hLgy
l6Sdj6DA42gvAWZbTvG9FuPWxos36nwx33lDyC3HVCc7m7Ue88v17A== Kg9+5JNBOR7hibT9mz96LObs2Oss6hl2ZEQIBJZCWk11DzO9j1LNXA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNjBIMDR3M21iek9URUZY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbFlndkFwYzF1bkZqSUZQ
cWVPZVNjL3NGMW10SVNVckFBQW14SHpRYnlrCkozMnRuZFk4K08vbzFUUUttZG5C N1BYUUNadnZFSUtZN3owVXhIUk9USFJNVnhzCmJZYW8vak9FNU4xZlg4VGlZOXUx
dmFZWGFIT1RIV0hGZlJqVmZmUTViQ1kKLS0tIHArTmgzbU4rOWtMNFpFVXVVVzNV aGhrM1B2M25POVczd0dVMkJHZmpUTTQKLS0tIFZIdEUyM2xjQWppNGs0dHZXd3lT
TWgyTFplM2hsMVBQaTRSSnVvUGljYncKFjHyUz6dhqmWWi0koD3T4ma1QcCjgEFj aVFtRlRIajlHbzF6eVZWc3Y3enVNdjgKOCqws+BaS5GXxjvA89oEOFwRdrGBiASN
2nQrkcmf7TlRm0PrjmEGHFR3/JsGCCavucED9S4+1fELQblK+0PExQ== WiL1pvb2hfKLliiI3pJJ2m4B76jZAE4kmZZYMBlUeQqDSEDefb8kYQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jfz43yflulhmsa509ng20qc8qkjckkunxtktgr347rl768445fhscz8gjx - recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbjhIQ0dWUDZrakdESHVL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUWtCWEc5bi9OdWJuTTNG
RFViV0NGU0YrczNUVTF3Sk10dDBxY1A3dTNZCjFvRm5vRDhoSUlCRFlDdUl6aGhG bXdRUU5MQjJ1ZTJXRFZKeW4xQjhSY2huQmxjClp5YUlhelZuc1V5UTNmZlFGYlNo
Vm95dkpsK0JDUXcra0xGZ2VRa01LaE0KLS0tIE5NNnM5cWVGcFkvQWw3K1FISHkx UVVrS0Y4MlplQzBhak1Nb25rT2FQTkUKLS0tIFZMNk14eTBJcmhEWVBYUyt6VDd0
SEhrK1AybjlIZGlaRkFBSDQxTVVDcFkK9p8T32b8q6DG40YbSa62bhNfIf41DxBr RmhuTGZsVFJjMHYwNGJORVJ4cHNZRHMK3yeVtPHtIycbaPdfJbWeC7iQdKE0aWbY
3pOvzG4bE2Rpk2awf0pgWF8vYz8rDe4mVhkrnwjv8KyAVD0+oN1LjQ== pZd5E1QB6PrIHMWeCoPhSg36O/KK9kMj3pxDIx062/20VeS7MqmRpQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-24T04:35:40Z" lastmodified: "2024-03-24T04:35:40Z"
mac: ENC[AES256_GCM,data:e9LpfB6s+r9kBXAsSvQGpymcyXioZmVeV+8I0CrYO6nFdaxkCmkC7tAxIvYVvm4hYrqDmWc1UHF1xSEn75b/dABQtP5kJl7Ibj4vY0JGWZ8jjtdjH58Qxi5DSDA/PSJi90zvDJgwUU7CN36VLV+hCKvW2O6plFrdzRQBkuul2bw=,iv:EGO+tA7T502LnzqPWuazTjJ9MLfluI+Iu/lDD8wePkY=,tag:QBLMuB91X6t0GN5uJ3ny5g==,type:str] mac: ENC[AES256_GCM,data:e9LpfB6s+r9kBXAsSvQGpymcyXioZmVeV+8I0CrYO6nFdaxkCmkC7tAxIvYVvm4hYrqDmWc1UHF1xSEn75b/dABQtP5kJl7Ibj4vY0JGWZ8jjtdjH58Qxi5DSDA/PSJi90zvDJgwUU7CN36VLV+hCKvW2O6plFrdzRQBkuul2bw=,iv:EGO+tA7T502LnzqPWuazTjJ9MLfluI+Iu/lDD8wePkY=,tag:QBLMuB91X6t0GN5uJ3ny5g==,type:str]