From 56c3c4c4791922df55581007ff3905ed7936f094 Mon Sep 17 00:00:00 2001 From: CDaut Date: Mon, 24 Nov 2025 18:27:08 +0100 Subject: [PATCH] set up birbs website --- .sops.yaml | 3 +- configs/container_config.nix | 1 + configs/containers/cube/farewellbird.nix | 24 ++++ configs/services/farewellbird.nix | 45 ++++++++ configs/services/nginx_cube.nix | 7 ++ configs/services/wireguard_cube.nix | 40 ++++++- flake.nix | 7 +- secrets/all/secrets.yaml | 139 ++++++++++++----------- 8 files changed, 194 insertions(+), 72 deletions(-) create mode 100644 configs/containers/cube/farewellbird.nix create mode 100644 configs/services/farewellbird.nix diff --git a/.sops.yaml b/.sops.yaml index 0ec6fcd..8afa210 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,12 +13,13 @@ keys: - &nginx-netcup age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz - &wg-server age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8 - &nginx-cube age1nh7nnp3rznfqkzudn7dzkkkxuz0ywjw8hacnftvgh60egtw79ejqam4n4p + - &farewellbird age1n7ltu5yh49l7f2pgn7nyp9xpfcp45hjs379yv2txa2t2w0yd2fqq2wt3t9 creation_rules: - path_regex: secrets\/all\/* key_groups: - pgp: [*clara] - age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx-netcup, *wg-server, *nginx-cube] + age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx-netcup, *wg-server, *nginx-cube, *farewellbird] - path_regex: secrets\/wireguard\/cube.yaml key_groups: - pgp: [*clara] diff --git a/configs/container_config.nix b/configs/container_config.nix index 8e50cd6..2ba25a8 100644 --- a/configs/container_config.nix +++ b/configs/container_config.nix @@ -22,6 +22,7 @@ sudo mtr nettools + tcpdump ]; # because getting a nix shell is super annoying otherwise diff --git a/configs/containers/cube/farewellbird.nix b/configs/containers/cube/farewellbird.nix new file mode 100644 index 0000000..ff7c6da --- /dev/null +++ b/configs/containers/cube/farewellbird.nix @@ -0,0 +1,24 @@ +{ lib, pkgs, config, ... }: { + + deployment = { + targetHost = "10.10.0.5"; + targetPort = 22; + targetUser = "root"; + tags = [ "cube" ]; + }; + networking = { + hostName = "farewellbird"; + interfaces.eth0 = { + ipAddress = "10.10.0.5"; + prefixLength = 32; + }; + defaultGateway = { + address = "10.10.0.254"; + interface = "eth0"; + }; + }; + imports = [ + ../../container_config.nix + ../../services/farewellbird.nix + ]; +} diff --git a/configs/services/farewellbird.nix b/configs/services/farewellbird.nix new file mode 100644 index 0000000..8dfe12a --- /dev/null +++ b/configs/services/farewellbird.nix @@ -0,0 +1,45 @@ +{ lib, pkgs, config, inputs, ... }: +let + repoDir = "/var/www/site"; +in +{ + + services.nginx = + { + enable = true; + virtualHosts = + { + "farewellbird.de" = { + locations."/" = { + root = repoDir; + }; + }; + }; + }; + + systemd.timers."clone-repo" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "10s"; + OnUnitActiveSec = "5m"; + Unit = "clone-repo.service"; + }; + }; + systemd.services."clone-repo" = { + script = '' + set -eu + if test -d ${repoDir}; then + cd ${repoDir} + ${pkgs.git}/bin/git pull + else + mkdir mkdir -p $(dirname ${repoDir}) + ${pkgs.git}/bin/git clone -b pages https://codeberg.org/YourLocalFops/farewellbird.git ${repoDir} + fi + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; +} diff --git a/configs/services/nginx_cube.nix b/configs/services/nginx_cube.nix index 505eb16..f871ab6 100644 --- a/configs/services/nginx_cube.nix +++ b/configs/services/nginx_cube.nix @@ -17,6 +17,13 @@ "; }; }; + "farewellbird.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://10.10.0.5"; + }; + }; }; }; diff --git a/configs/services/wireguard_cube.nix b/configs/services/wireguard_cube.nix index aae9243..d22afcb 100644 --- a/configs/services/wireguard_cube.nix +++ b/configs/services/wireguard_cube.nix @@ -22,18 +22,50 @@ in { externalInterface = "eth0"; internalInterfaces = [ "wg0" ]; }; + # Open ports in the firewall firewall = { rejectPackets = true; - trustedInterfaces = [ "wg0" ]; + trustedInterfaces = [ "wgbr" "wg0" ]; allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 wg_port ]; }; + interfaces.wgbr.ipv4 = { + routes = [ ]; + addresses = [ + { + address = "10.8.2.1"; + prefixLength = 24; + } + ]; + }; + + defaultGateway = { + address = "10.10.0.254"; + interface = "eth0"; + }; + + interfaces.eth0.ipv4 = { + routes = [ + { + address = "10.10.0.0"; + prefixLength = 16; + via = "10.10.0.254"; + } + ]; + addresses = [ + { + address = "10.10.0.4"; + prefixLength = 24; + } + ]; + }; + wg-quick.interfaces = { wg0 = { # Determines the IP address and subnet of the client's end of the tunnel interface. - address = [ "10.8.0.1/16" ]; + address = [ "10.8.0.1/24" ]; listenPort = wg_port; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file (see sops). @@ -43,13 +75,13 @@ in { # This allows the wireguard server to route your traffic to the internet and hence be like a VPN postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.8.1.1/24 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.8.1.1/24 -o wgbr -j MASQUERADE ''; # Undo the above preDown = '' ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.8.1.1/24 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.8.1.1/24 -o wgbr -j MASQUERADE ''; peers = [ diff --git a/flake.nix b/flake.nix index 1fb9ea3..d5f1c26 100644 --- a/flake.nix +++ b/flake.nix @@ -8,13 +8,14 @@ meta = { nixpkgs = import nixpkgs { stdenv.hostPlatform.system = "x86_64-linux"; + system = "x86_64-linux"; }; specialArgs = { inherit inputs; }; }; - zammad = import ./configs/containers/cube/zammad_container.nix; + #zammad = import ./configs/containers/cube/zammad_container.nix; - forgejo = import ./configs/containers/cube/forgejo_container.nix; + forgejo = import ./configs/containers/netcup_pve/forgejo_container.nix; mastodon = import ./configs/containers/netcup_pve/mastodon_container.nix; @@ -25,6 +26,8 @@ nginx-cube = import ./configs/containers/cube/nginx_container.nix; wireguard-cube = import ./configs/containers/cube/wireguard_cube_container.nix; + + farewellbird = import ./configs/containers/cube/farewellbird.nix; }; }; } diff --git a/secrets/all/secrets.yaml b/secrets/all/secrets.yaml index 00aff8b..f9c6bc1 100644 --- a/secrets/all/secrets.yaml +++ b/secrets/all/secrets.yaml @@ -4,114 +4,123 @@ sops: - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbzViclZjWlBBT1dlcnph - RVVLTG5tWHloa0ZEbmZNbUZBTCt2VWsvWGw4CitWSVlERDd5YnFpak1meDJkN01K - V25BQ2Q2elMrMVRpQ1pOMDZTSTJ4dDQKLS0tIDVvY0lscDN0T2xBMjdMUFFidm1j - L2F2VC8zb0dSdkN0QVlnTUpyTkdJMFUKL6Gj+Yk/lleYB2iM1ph/OOuxVdwZCSVc - yE/yN0+5A1nsMcyNDv5/G+BPoeXCr/vzYl320llpAkinhcAl8HKFCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcTMzNGxCK1VjTm5DWlA0 + QlIxZ0pQejdDa0FTbEpvQnhUNEFsTkt6SVgwCjhyN05Ba0dNQzN1UVF4L2NjQllu + UUhXeFgzNmlENjFtekszVTRiT29oZk0KLS0tIFNJTEw4a1dlR0MrT1d6WGY3VzBh + M1N1Um50VC83QnErK0VyQ2IzS1lXY0EKXaexvogS/+g+wEdsidqRAmkPBfvXp8cN + K5r6WPKCXvDN6k72tIh7y081dAqJECkELhyOxBfwrsyuEBZXUQsL9w== -----END AGE ENCRYPTED FILE----- - recipient: age1jlt47gkctq7vfrykqlyg9um5mypy872pvtfql7kkpvhnemlex4mq89a3a8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYkJ4TW5vRUNobDZtQTd2 - a0V0SzF4TktjWklMUDIyZ2REWWNVUnlqSWtvCkYwVjF3NDJYaFFwSzVrNUNuYmxD - Wk9XVk1EdTFsN25XT2lqM0YzcFJpSGsKLS0tIHVZKzJvdUF4MzlENTFvek5admlK - Q3NCVDlGOHh3Ylp6N25rZVByUEhEUHMKRxGmaE5lLhHlg++yKRG/TpoMhc5+7h5g - uv0zN6q9g1ULgMDdbC5v5g4n6ssIHHb50cFkjEm7b7ee7PWiPJ3/xw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzS3QwN0hEb3RQOTUwbHUv + S21sSXNOS2pmRVhBM3JVMmk5Yit5c1IvWkNFCjVoU0J5eW5wZ0RMTjVzdHp0NEhj + S3VDT3EzSkV6aHNmZTRjN2N1Q2RwQjgKLS0tIDdMNHdUVGtyd1pMaDZ2MHU3eXZW + YkFHdGdJWnhLaENlU050WkZoNWRZeWMK50XHXXrfs5aZNG0tYFotayCFji6JXzak + Lsv/yBO6rK4wNfWuNU8ap7wjLpRxLVqNa1xJya/dYMe1eddUCxYD8Q== -----END AGE ENCRYPTED FILE----- - recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcDlValVTL1czVG4vaXQ0 - NWUzR2lGTk84NnFrd051K2pwZ25lekdBdXd3CmpWWnVlZWswelNMUlVlazg1Wkxw - VlhsNUVrckxzajhKQStzUGdBTG5Ea0UKLS0tIHRGc2FMV2VUeVFJWHdJUEJyYXUr - bGF6eDN0Y0F5cjdPSTJqdDl1M2lHTHcK6QwAWnajE5yBLd+Fp095TCVEurBaGAV8 - hWvLup7dztIxXVKCK7epHvKEamaM/dSahnY6Muvy9GK0Rkf2YDpE/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZVk1TUV6VHN5Ym5MMkFL + SXdyWndzTCtyRzBFV1hsV3M5a1FLZHdYZUI0ClNaUmhxUGMxd1cwNzBzczJUU2hR + eXR5elV5T2htTHN1OUpwSlZpZ1NnZ0kKLS0tIElWN2pwSVpHOEM3Vm9JenRlUHdE + bkRCR21DbFU3NFhaZ1hGdlRTMmVpZXMKV1EnC8KOE9HlYrtO5kJRi/Jxz4/bghwR + njmfI3nStV7OR07AT7QGp35nXCEy0lJESiVARCTwWmzf4mtqhYg1yg== -----END AGE ENCRYPTED FILE----- - recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajRUT1lteFg1cWlvVlhw - RnQzcjM1S045YWJ5L0FiUnMwM0ZWVzRkRkhrCnVLRzVhSE9seXMzUVRFMGY3VlJn - UGpFZmtVenZNbWVxNWlFbFNvMURHWG8KLS0tIEthRGc2dHRGbDNjcDVMY2ZEK29q - M1FHemlxcXV0VTEyZTlYeUF3dmlBZWMKzcuj0FXT2s+L7LVYcwigSMFb4jtOEhSz - OZYZVl3NzyfoU2Y0PeyIiv5g2CI+EYPUrTPf/HJLeYLQftW9FBUhGA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrL0wrdmhmUGwyVWkyWnB4 + STBwMFlTaHpwNVZLeCtBZU9NS05PeS9Md2x3ClVIdUp0UjZMN3VZZ0RaUGhrOXI5 + Q2g3RHpFdFI5dWwrTmdCQzBycDNxSTQKLS0tIGVEZGMrZUZCK2tLSjh4MEZhTVlv + NHBySGdjVlVtZFpMaUdqN3dlWklsVWcKMhLmsGRJcmwJEgK8KvHDgYKONPrpFUzt + uXIV9KV4HnDnWVk0d9kAAmNP/9m0JkuqArp8Gv0n5fZyv02mROANKg== -----END AGE ENCRYPTED FILE----- - recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQWxyUG0zNlFEcmNhRzhE - cVZ2ODBBWmZNYk0vWS9qSmpvSkUyQmcyZ3dBCjBXTWxEdk9RbWdHQ2thOVZtamVh - NXIwdlRmZE9hWXpvUlZWRFgwRGFqZncKLS0tIDNSQmlmSzJmOGl1aHhnQ3o0VmR2 - Z2tpUDUxWWlmczdiVmUyUTBaUnlIZncKIVv0fUmv1w0OjI4Fg7Xj4XSeXMAJurJN - Hs9Ydo8FLd6jKJbj75oGqhwFIM5t+9GkH2dvk92mhDmW3Yxx4Y08KA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBN1lpWnhNbUViUmRlME9Q + V3lMN3JtNTNHSHZhcnk3Snp3cS9WcGxGdTF3CmV6QkNNWVg5VVdrY1dtbWtJaWFP + SFU5aXM0bWNBWnZaTVVCaUN6Z085UFEKLS0tIFVFV1AveUZiZW9xMVVVVmh6SWph + TXR5R0lMek1lOXkxTm1aZXZ3SWxZUzgK18VJbvxSpEBqLTh8wRWtly3oPu+mfxEl + pVRHhPUnm+yBIY7Io8G9Z5MQ6KI1n15Yi735882LYuI6ErW3Utnb8w== -----END AGE ENCRYPTED FILE----- - recipient: age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjM2xJMEk5R0ZhZjAvQ3Zm - b0FyY2xXWnVZa3k0ZWRUVHphejV6d0lBWnpBCjNVbmY0bWhJV1RXSm8zUzY0TFo0 - a3k0dGFxSGhRMzYzekM0Nk9yK3lIVWMKLS0tIGY2TEQ5S0J0UnI4RjZ3a3JNSWc1 - eEVOSTc2YkpSWGtnN0FaYVZRTnZoR3cKf6LLS80KXUr9EzPkPrZRIUgt4JDmDLzT - kflBMSaUsg1QJ3dSw3jAIJfVaOXm5Mo2fyBZmp9CtmqJ1VELXB/WSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMmtEN3Z4bTZSOFBNcUl4 + UlJEVWNuSTFDRXV5NmxDcERzTHdWYXl4QVM4Cmd0L3FJUVphMkR4SXFBY1UrekM5 + OVRFd1N6Q1JJbUhaOWFoc3h4OTRvNkkKLS0tIHFHN00vblVHY1dlOFVsY1dhWWU5 + MDFmeDBRMTFld2xHZEo0dkozN3hCWlEKJMSa6v8kbtHboVE6j6+a+TptU2j3EtwX + gfmAmLjEMhgQKOuK0uSWxR1CnmI53R0u+FibcGziOCp258y7LvUfFw== -----END AGE ENCRYPTED FILE----- - recipient: age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWUxXck9ENWladlpoZlgx - TEFObE5QVGlVKzltaXcwY1hicVhOYnlPSmkwCnhzVHRTdmo2YnY0NEI1dHZhR0hS - VW9LYzUzbUZZMEpsRHIwYnNXeFRBcGsKLS0tIDhaUzVZQTRLS1pJaWhpSVhGaXZL - S2w4UnFwUFJjUlBUYzR3MjFBVFF0cjgKCmNXjm0yJdZGO7kKPQGv2qaYEZQkbF9a - Jijh75gl0ypHXoIkDDFzqtf9/ss6eUmTOTEs4rKeYkKl7Ze7TNiatA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwM0VJSlpqZHROa2tmL3RC + NVZlMTMvSk02TDdVdXBadytzVU9LSHRkNHpNCm1SMlJoY3NQWUF0QmZ6MGtUdEhZ + ZjZKdTRVUXptWDdXQ3BhODJEVkFsK1kKLS0tIGtOZnZleURBcjNTMGpMQnoyYnh0 + c25LQXZ6d2ROV1BzQ2lvbE15TVhkdmcKIK0iCAItEau9ZPxc14uKXnLP49bPIxFW + xTbkllqzUHWsUN0EpY1WhClTl4T582n59RStvKDGvEsJty5tMl4PUg== -----END AGE ENCRYPTED FILE----- - recipient: age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaS9aTWNqYU1qMlZkdW5G - d3h1b0hZSDkycnhtRDlYTkF6SUxtVitWM0NzCm5uVzJua0dheE80QW5sN1FqUlJG - UnV0WEh6SzE3UjhaeGpUY0prSnhOZEUKLS0tIHZhNWx3V0tFNzJrSVJBaUdoczN0 - bnJLODQ2NVd4VDkyNHRHbUNpam1mRVkKc/bMfj6h/KerTkr+Fgyv1y5mwPm/jJ/z - jrtIy7Kz+JtlE3p/TkkazHBie9A/RxBUEPTsa/SS2vT+RViB2AhBbA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQWpSaVNvaEY2UTVOVXN3 + enM4Rkt3T2VjdmhreFpRd3JsSFNBK040N0hZCkhycndyQi9hbnZ6dFN4WC9iM1N2 + YUFiQjVWSXFNMURrczRWYjg5QUJucVUKLS0tIDg2aHVhSm5tNHlSRk1XdUVna3Fw + bUl6bGZDaC8xZUpjVkQ1ajRFWFA0bHMK4hvw9uQyJprR5kpaVD7S/XRdlde66KB4 + DqHP50q0KT6BIqWgbO163ppwzHzLhqkAYCHEz0V7lbekv1JHuj+RRg== -----END AGE ENCRYPTED FILE----- - recipient: age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM1FqZG9WL1EyNDVZWlJw - djBFbUQwNEkyTDU0Z2psY2FLdTVKRU82VldZCkR4WkJMQjJWU3VsZ1NEL1RGQk5V - VU84M081VVFqOXc0bGQwdThEcWthNjQKLS0tIHVFUU5YeHFBOXA0dGR0aXhCQmFa - VSthN3l3cm5ISC9rR0tLMDBmRHkyWkUKhflWL3W72KLrglJCCykaTcrHSyMeGS+s - EMDQck7nY0n5JMEybq1F14EFTv7jGDseLlss3f18Jeseov47JIao8w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONkdtNWw3Y0xGaElmWkZ3 + QjRkMmhxVUs3Mk81bWNyKzlZblF4VmJhN1ZRCmJzZ2FtdTNmMytINUJ0c3hKSDU1 + a00vV09JTkhHb2c3Vm44MlgvOVozaXMKLS0tIDFiK1h6Rnd2LzhHOWI4djd1SzB2 + NHFYTWlEeTdFSjR6WUtjKzM5bnRDUUkKDcUdTggzv3l4GI4iR24YqZNztrSVKWYm + rPCDaDtA4UVTm04H2G8jG4m0wAVaAtnpVN4nm18B9pObFUHVVh/+VQ== -----END AGE ENCRYPTED FILE----- - recipient: age1nh7nnp3rznfqkzudn7dzkkkxuz0ywjw8hacnftvgh60egtw79ejqam4n4p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNDhwenphZGUxK3lSbEYv - d3lvN29VSzNVcFpZN2NHU3VUdnhsWjltQkVBCitHL3RzdmswdWltUU9LNGE4Zy9N - dHBpYkV5Z2FTaE4zRThXS1RMbFdiRWsKLS0tIE9pdjI1YWw2b2hoSzF0QUtmbmJN - cE9PZXdBcTY3WVZlSW55dE1hcFp4eXcKXMAWZ2lfYhsJrKSaWeRIByeop6A92vxd - f4lKX5/y5lu9EIH3j16laswfrOYLGpvopbrj2rOp4vWQ0axWVg04Jw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERmY4TUlIK0liWlVlTS9v + OWRRRVc5bkt0ajRpdVpZc2E3bm5OWTNzaVZNCnc0RkV0enFLN3ZJZ1J5a1FKSlQ3 + aWNGeTlaOHc0SjcrSkRINW1iWEhGR2cKLS0tIGhNeW9NZ20rNGtXSENodE1BNHlj + NndsN3Zja1hQRkxNNDBYZnorTFpTOGsKvMY9ajPmibz1s7AU+yN8lWHdmh0gu0II + N+bjKnq4i2KeBpYAP8C7w5otHRIVcq+RAmW7R0q3z0wNrHuZVWexFA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1n7ltu5yh49l7f2pgn7nyp9xpfcp45hjs379yv2txa2t2w0yd2fqq2wt3t9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNEJkdVB5bEJmNlY1OWQ0 + N2dSRDRTZThHTFN1bFNQMnptNWFZYUVEVFJFCnJCWXFUcVdFT1p6L08vMVIzdHVv + V0RjZ1ljaW5DanVjY25rWXBubkNnYTgKLS0tIDQyOSt4UmhjcFoyWTRYT29sQlQ5 + OXlLNHlpdHBvQzJVd2FOSGhBTVhJQUUK551YtRFBxVmmWuKulnBSps3Z8Y2k4YFF + Gf1JZc4Y8ggyLdEtr2ArmCVC/u02+6B+p7T1Ja76f8dp8mqUSppjHg== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-08-08T15:38:19Z" mac: ENC[AES256_GCM,data:IoqrJyCNad4/OFH6y24kYMwnkF3OWfsw77POg00btvw7FoPoaSJ76RySMs6hgWs202bDYSDi44OvbgCVeNPkhe9eyM0gwF0Gf0cE3wirc+qj2qfL9/lMOTZm02WymMglJf6xTcPo3BH00XryR7ptid9+WrB0S2aBVNlcXSBwpzY=,iv:aLI2SyUzWqp/4XFPhogq2vq/u47bs6Gmgc/PRMe+GmM=,tag:jVnW7EkqDRfQluGTiw0olA==,type:str] pgp: - - created_at: "2025-11-18T15:06:30Z" + - created_at: "2025-11-24T13:25:53Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzwtBoBqH5ZOARAAiUhe3cBmpiJrkNinVIqUw+52Q1GC20LmQVfounrLxegY - 5hEWzKUKs3qBF54oVnLITUJfgYAxYMW9Zn0nlASSPc5QHUGNv013KgOaPQjwaoXS - 8Z3wYMh3qFObbJVmiPI7FtoGfBh6WXfPgPwTjzMfsOJg1zr4WWJzuBJbhMtiI3zJ - rrJiK0IYzQkoha34oT1VJaHBH+xQha2JWVIZ4pBKZLkTJFQYKckAxeKmlEn8nQTT - SJwtBKKlc80fZCe/s7hwKPm0GTTV+wwv1jvCsaf/GIFqKoMOBmqEAz8GcETQNaFC - sNkDWWFlxlsioG6Zi+Ok7tvFhyxEoF4sABuYx8LoBbL12UgZJRbhM7HIakxnORBu - a3QomZKAxfZ4zMRKaOYjUVGFdoJWgxb3wqa5WiHM5GeOQJzRzdpPwdTJPrxQSsx4 - /p5+MOFoia9GdBbwcdkVEopX+m5TvY+i3Gs/GnHSWZaXQBjhSW/O5UE29dHas3ai - tY+1FVnUpVyCnqF/BXRhgXydpVzZEAHoYF/hz2ah7AI2CnmeQ3ypO1DsfoADkgm+ - iinHFmU+ZpZJndpPsjoarJHBySoK4N34JsiJcv4DGv+4XbtEySb/r7rgZzrRNuj5 - tMtmQs82Ii+836NDImvJs8vg2H40bPLsVMtJ7xAYSGLXDDueXHPmCFOuJZ0KsR/S - XgFe91sDNTG/6j0PEilYTMyp04qMaxwT4teouMRlLr/rACJj5jpt5BVO4K8nDaYf - uq0wX2mXYJqoWZU1DBYO0vRRTpcpenLMV5M+ZrUy2LQINmLCUAuFB73cGUlQNac= - =8FwO + hQIMAzwtBoBqH5ZOAQ/+PPG+DkWHyr1BWMsxmOmxk47TMjVvU9y1XPjTfgXgoE/2 + kRLgnUd57rOzjbHuYW6ipctdBsu/o3kJwRdqXySVoLckaHoqoErejG7msypuDaKj + 0lCFE8KAwqN5QJwYZOFeJ/WN+kbsVTWY2tUgN3kPLTrF/mQwKY1b5gAOvNRjaPLw + rYeR29fJge1PNH6PeaY9ODGG4NU0YctUz0AO0RSVEpO5rxTdxHMzpK6xtviQKhwA + 9MaHJWZmL8F0ccCLM60QO4NHPFe/cw/qhYqAXcc1IJDwOU4uslNwnZY7x0V7dwWt + I9RS73cz4fgaFDLmBl45GOnii5D8Nz4AXfkOyv7hXTbsV86LErudHwV3ARObU9LN + VCln1hu9bbGZXNbxzQceaHFgnnGj+2AC/+T+jZntayMeIKFVEWhKLWl6z47PqEpO + wJRuXnDfuWyg14qVXZ/w43NVvFPAiPBEMZCLSOZXgn2SUD1rbvFuyXo1ZPTi8b4I + yPeYUmSRsrw4ZVgT/loS4Y7JTRe7P1x05csIMsrEHrXsAS3oWxEg52/FufChvwaz + SYdg48lPK1lPpehmAwVNmtugMXIP9GVEa/BZO8Pj4cJQoF780q4TknwkWyFqTWEh + E8wgEzyUB14g8CCxzteOWsv/1WtuXylp4/yEQe2/pSGAR4r4KLf2ZRL1Nj3GsMnS + XgEtYhgBHg4mmUd8T/uo63ZRKGtlLNLLdKkSLkzm0wgTY//r1iEhqwOMQjbRPuM7 + osITmHr5VPhQYLKkEMeg4IweXsN6Zkb79un32hcFGlBGJcMpI22m0svDmGhB5oc= + =USV4 -----END PGP MESSAGE----- fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83 unencrypted_suffix: _unencrypted