clara/nix-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: clara:d711859f23f164ffacf340c58897ad0f803ac6de
Branches Tags
clara:master
...
compare: clara:56c3c4c4791922df55581007ff3905ed7936f094
Branches Tags
clara:master

3 commits
d711859f23 ... 56c3c4c479

Author SHA1 Message Date
CDaut
56c3c4c479
set up birbs website 2025-11-24 18:27:08 +01:00
CDaut
75212dff9c
added mtr and nettools 2025-11-23 17:07:57 +01:00
CDaut
5c7aea6203
fixed wireguard 2025-11-23 17:06:38 +01:00
12 changed files with 264 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.sops.yaml
View file

@ -13,12 +13,13 @@ keys:
- &nginx-netcup age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz
- &wg-server age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8
- &nginx-cube age1nh7nnp3rznfqkzudn7dzkkkxuz0ywjw8hacnftvgh60egtw79ejqam4n4p
- &farewellbird age1n7ltu5yh49l7f2pgn7nyp9xpfcp45hjs379yv2txa2t2w0yd2fqq2wt3t9
creation_rules:
- path_regex: secrets\/all\/*
key_groups:
- pgp: [*clara]
age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx-netcup, *wg-server, *nginx-cube]
age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx-netcup, *wg-server, *nginx-cube, *farewellbird]
- path_regex: secrets\/wireguard\/cube.yaml
key_groups:
- pgp: [*clara]

3
configs/container_config.nix
View file

@ -20,6 +20,9 @@
wget
htop
sudo
mtr
nettools
tcpdump
];
# because getting a nix shell is super annoying otherwise

24
configs/containers/cube/farewellbird.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, pkgs, config, ... }: {
deployment = {
targetHost = "10.10.0.5";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
};
networking = {
hostName = "farewellbird";
interfaces.eth0 = {
ipAddress = "10.10.0.5";
prefixLength = 32;
};
defaultGateway = {
address = "10.10.0.254";
interface = "eth0";
};
};
imports = [
../../container_config.nix
../../services/farewellbird.nix
];
}

4
configs/containers/cube/wg_container.nix → configs/containers/cube/wireguard_cube_container.nix
View file

@ -1,6 +1,6 @@
{ lib, pkgs, config, ... }: {
deployment = {
targetHost = "192.168.178.123";
targetHost = "10.10.0.4";
targetPort = 22;
targetUser = "root";
tags = [ "cube" ];
@ -8,6 +8,6 @@
networking.hostName = "wireguard";
imports = [
../../container_config.nix
../../services/wireguard.nix
../../services/wireguard_cube.nix
];
}

2
configs/containers/netcup_pve/wg_server_container.nix → configs/containers/netcup_pve/wireguard_netcup_container.nix
View file

@ -10,6 +10,6 @@
imports = [
../../container_config.nix
../../services/wg_server.nix
../../services/wireguard_netcup.nix
];
}

45
configs/services/farewellbird.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, pkgs, config, inputs, ... }:
let
repoDir = "/var/www/site";
in
{
services.nginx =
{
enable = true;
virtualHosts =
{
"farewellbird.de" = {
locations."/" = {
root = repoDir;
};
};
};
};
systemd.timers."clone-repo" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "10s";
OnUnitActiveSec = "5m";
Unit = "clone-repo.service";
};
};
systemd.services."clone-repo" = {
script = ''
set -eu
if test -d ${repoDir}; then
cd ${repoDir}
${pkgs.git}/bin/git pull
else
mkdir mkdir -p $(dirname ${repoDir})
${pkgs.git}/bin/git clone -b pages https://codeberg.org/YourLocalFops/farewellbird.git ${repoDir}
fi
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
}

7
configs/services/nginx_cube.nix
View file

@ -17,6 +17,13 @@
";
};
};
"farewellbird.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://10.10.0.5";
};
};
};
};

60
configs/services/wireguard.nix
View file

@ -1,60 +0,0 @@
{ lib, pkgs, config, ... }:
let wg_port = 51820;
in {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = lib.mkDefault true;
"net.ipv6.conf.all.forwarding" = lib.mkDefault true;
};
# set up secret key
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.wg_private_key = {
sopsFile = ../../secrets/wireguard/cube.yaml;
};
};
networking = {
firewall.allowedUDPPorts = [ wg_port ];
firewall.rejectPackets = true;
firewall.trustedInterfaces = [ "wgbr" "wg0" ];
interfaces.wgbr.ipv4 = {
routes = [ ];
addresses = [
{
address = "10.8.1.1";
prefixLength = 24;
}
];
};
wg-quick.interfaces = {
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
address = [ "10.8.1.1/16" ];
listenPort = wg_port; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file (see sops).
privateKeyFile = "/run/secrets/wg_private_key";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = "AJ1nr0/w8OvsNq5Ju//m4856u7yY0hlPGMEGeZtlhlY=";
# Forward all the traffic via VPN.
allowedIPs = [ "10.8.0.0/16" ];
# Set this to the server IP and port.
endpoint = "202.61.230.52:51820";
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
};
}

99
configs/services/wireguard_cube.nix Normal file
View file

@ -0,0 +1,99 @@
{ lib, pkgs, config, ... }:
let wg_port = 51820;
in {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = lib.mkDefault true;
"net.ipv6.conf.all.forwarding" = lib.mkDefault true;
};
# set up secret key
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.wg_private_key = {
sopsFile = ../../secrets/wireguard/cube.yaml;
};
};
networking = {
# Enable NAT
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "eth0";
internalInterfaces = [ "wg0" ];
};
# Open ports in the firewall
firewall = {
rejectPackets = true;
trustedInterfaces = [ "wgbr" "wg0" ];
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 wg_port ];
};
interfaces.wgbr.ipv4 = {
routes = [ ];
addresses = [
{
address = "10.8.2.1";
prefixLength = 24;
}
];
};
defaultGateway = {
address = "10.10.0.254";
interface = "eth0";
};
interfaces.eth0.ipv4 = {
routes = [
{
address = "10.10.0.0";
prefixLength = 16;
via = "10.10.0.254";
}
];
addresses = [
{
address = "10.10.0.4";
prefixLength = 24;
}
];
};
wg-quick.interfaces = {
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
address = [ "10.8.0.1/24" ];
listenPort = wg_port; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file (see sops).
privateKeyFile = "/run/secrets/wg_private_key";
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.8.1.1/24 -o wgbr -j MASQUERADE
'';
# Undo the above
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.8.1.1/24 -o wgbr -j MASQUERADE
'';
peers = [
# List of allowed peers.
{
# Laptop Psi
publicKey = "msJJwTPHuxLd1KddbNeLscGgiY7r9sQ3vkUnDtb2Fh4=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = [ "10.8.0.2/32" ];
}
];
};
};
};
}

0
configs/services/wg_server.nix → configs/services/wireguard_netcup.nix
View file

9
flake.nix
View file

@ -7,14 +7,15 @@
colmena = {
meta = {
nixpkgs = import nixpkgs {
stdenv.hostPlatform.system = "x86_64-linux";
system = "x86_64-linux";
};
specialArgs = { inherit inputs; };
};
zammad = import ./configs/containers/cube/zammad_container.nix;
#zammad = import ./configs/containers/cube/zammad_container.nix;
forgejo = import ./configs/containers/cube/forgejo_container.nix;
forgejo = import ./configs/containers/netcup_pve/forgejo_container.nix;
mastodon = import ./configs/containers/netcup_pve/mastodon_container.nix;
@ -23,6 +24,10 @@
nginx-netcup = import ./configs/containers/netcup_pve/nginx_container.nix;
nginx-cube = import ./configs/containers/cube/nginx_container.nix;
wireguard-cube = import ./configs/containers/cube/wireguard_cube_container.nix;
farewellbird = import ./configs/containers/cube/farewellbird.nix;
};
};
}

139
secrets/all/secrets.yaml
View file

@ -4,114 +4,123 @@ sops:
- recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbzViclZjWlBBT1dlcnph
RVVLTG5tWHloa0ZEbmZNbUZBTCt2VWsvWGw4CitWSVlERDd5YnFpak1meDJkN01K
V25BQ2Q2elMrMVRpQ1pOMDZTSTJ4dDQKLS0tIDVvY0lscDN0T2xBMjdMUFFidm1j
L2F2VC8zb0dSdkN0QVlnTUpyTkdJMFUKL6Gj+Yk/lleYB2iM1ph/OOuxVdwZCSVc
yE/yN0+5A1nsMcyNDv5/G+BPoeXCr/vzYl320llpAkinhcAl8HKFCQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcTMzNGxCK1VjTm5DWlA0
QlIxZ0pQejdDa0FTbEpvQnhUNEFsTkt6SVgwCjhyN05Ba0dNQzN1UVF4L2NjQllu
UUhXeFgzNmlENjFtekszVTRiT29oZk0KLS0tIFNJTEw4a1dlR0MrT1d6WGY3VzBh
M1N1Um50VC83QnErK0VyQ2IzS1lXY0EKXaexvogS/+g+wEdsidqRAmkPBfvXp8cN
K5r6WPKCXvDN6k72tIh7y081dAqJECkELhyOxBfwrsyuEBZXUQsL9w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jlt47gkctq7vfrykqlyg9um5mypy872pvtfql7kkpvhnemlex4mq89a3a8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYkJ4TW5vRUNobDZtQTd2
a0V0SzF4TktjWklMUDIyZ2REWWNVUnlqSWtvCkYwVjF3NDJYaFFwSzVrNUNuYmxD
Wk9XVk1EdTFsN25XT2lqM0YzcFJpSGsKLS0tIHVZKzJvdUF4MzlENTFvek5admlK
Q3NCVDlGOHh3Ylp6N25rZVByUEhEUHMKRxGmaE5lLhHlg++yKRG/TpoMhc5+7h5g
uv0zN6q9g1ULgMDdbC5v5g4n6ssIHHb50cFkjEm7b7ee7PWiPJ3/xw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzS3QwN0hEb3RQOTUwbHUv
S21sSXNOS2pmRVhBM3JVMmk5Yit5c1IvWkNFCjVoU0J5eW5wZ0RMTjVzdHp0NEhj
S3VDT3EzSkV6aHNmZTRjN2N1Q2RwQjgKLS0tIDdMNHdUVGtyd1pMaDZ2MHU3eXZW
YkFHdGdJWnhLaENlU050WkZoNWRZeWMK50XHXXrfs5aZNG0tYFotayCFji6JXzak
Lsv/yBO6rK4wNfWuNU8ap7wjLpRxLVqNa1xJya/dYMe1eddUCxYD8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcDlValVTL1czVG4vaXQ0
NWUzR2lGTk84NnFrd051K2pwZ25lekdBdXd3CmpWWnVlZWswelNMUlVlazg1Wkxw
VlhsNUVrckxzajhKQStzUGdBTG5Ea0UKLS0tIHRGc2FMV2VUeVFJWHdJUEJyYXUr
bGF6eDN0Y0F5cjdPSTJqdDl1M2lHTHcK6QwAWnajE5yBLd+Fp095TCVEurBaGAV8
hWvLup7dztIxXVKCK7epHvKEamaM/dSahnY6Muvy9GK0Rkf2YDpE/Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZVk1TUV6VHN5Ym5MMkFL
SXdyWndzTCtyRzBFV1hsV3M5a1FLZHdYZUI0ClNaUmhxUGMxd1cwNzBzczJUU2hR
eXR5elV5T2htTHN1OUpwSlZpZ1NnZ0kKLS0tIElWN2pwSVpHOEM3Vm9JenRlUHdE
bkRCR21DbFU3NFhaZ1hGdlRTMmVpZXMKV1EnC8KOE9HlYrtO5kJRi/Jxz4/bghwR
njmfI3nStV7OR07AT7QGp35nXCEy0lJESiVARCTwWmzf4mtqhYg1yg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajRUT1lteFg1cWlvVlhw
RnQzcjM1S045YWJ5L0FiUnMwM0ZWVzRkRkhrCnVLRzVhSE9seXMzUVRFMGY3VlJn
UGpFZmtVenZNbWVxNWlFbFNvMURHWG8KLS0tIEthRGc2dHRGbDNjcDVMY2ZEK29q
M1FHemlxcXV0VTEyZTlYeUF3dmlBZWMKzcuj0FXT2s+L7LVYcwigSMFb4jtOEhSz
OZYZVl3NzyfoU2Y0PeyIiv5g2CI+EYPUrTPf/HJLeYLQftW9FBUhGA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrL0wrdmhmUGwyVWkyWnB4
STBwMFlTaHpwNVZLeCtBZU9NS05PeS9Md2x3ClVIdUp0UjZMN3VZZ0RaUGhrOXI5
Q2g3RHpFdFI5dWwrTmdCQzBycDNxSTQKLS0tIGVEZGMrZUZCK2tLSjh4MEZhTVlv
NHBySGdjVlVtZFpMaUdqN3dlWklsVWcKMhLmsGRJcmwJEgK8KvHDgYKONPrpFUzt
uXIV9KV4HnDnWVk0d9kAAmNP/9m0JkuqArp8Gv0n5fZyv02mROANKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQWxyUG0zNlFEcmNhRzhE
cVZ2ODBBWmZNYk0vWS9qSmpvSkUyQmcyZ3dBCjBXTWxEdk9RbWdHQ2thOVZtamVh
NXIwdlRmZE9hWXpvUlZWRFgwRGFqZncKLS0tIDNSQmlmSzJmOGl1aHhnQ3o0VmR2
Z2tpUDUxWWlmczdiVmUyUTBaUnlIZncKIVv0fUmv1w0OjI4Fg7Xj4XSeXMAJurJN
Hs9Ydo8FLd6jKJbj75oGqhwFIM5t+9GkH2dvk92mhDmW3Yxx4Y08KA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBN1lpWnhNbUViUmRlME9Q
V3lMN3JtNTNHSHZhcnk3Snp3cS9WcGxGdTF3CmV6QkNNWVg5VVdrY1dtbWtJaWFP
SFU5aXM0bWNBWnZaTVVCaUN6Z085UFEKLS0tIFVFV1AveUZiZW9xMVVVVmh6SWph
TXR5R0lMek1lOXkxTm1aZXZ3SWxZUzgK18VJbvxSpEBqLTh8wRWtly3oPu+mfxEl
pVRHhPUnm+yBIY7Io8G9Z5MQ6KI1n15Yi735882LYuI6ErW3Utnb8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjM2xJMEk5R0ZhZjAvQ3Zm
b0FyY2xXWnVZa3k0ZWRUVHphejV6d0lBWnpBCjNVbmY0bWhJV1RXSm8zUzY0TFo0
a3k0dGFxSGhRMzYzekM0Nk9yK3lIVWMKLS0tIGY2TEQ5S0J0UnI4RjZ3a3JNSWc1
eEVOSTc2YkpSWGtnN0FaYVZRTnZoR3cKf6LLS80KXUr9EzPkPrZRIUgt4JDmDLzT
kflBMSaUsg1QJ3dSw3jAIJfVaOXm5Mo2fyBZmp9CtmqJ1VELXB/WSw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMmtEN3Z4bTZSOFBNcUl4
UlJEVWNuSTFDRXV5NmxDcERzTHdWYXl4QVM4Cmd0L3FJUVphMkR4SXFBY1UrekM5
OVRFd1N6Q1JJbUhaOWFoc3h4OTRvNkkKLS0tIHFHN00vblVHY1dlOFVsY1dhWWU5
MDFmeDBRMTFld2xHZEo0dkozN3hCWlEKJMSa6v8kbtHboVE6j6+a+TptU2j3EtwX
gfmAmLjEMhgQKOuK0uSWxR1CnmI53R0u+FibcGziOCp258y7LvUfFw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWUxXck9ENWladlpoZlgx
TEFObE5QVGlVKzltaXcwY1hicVhOYnlPSmkwCnhzVHRTdmo2YnY0NEI1dHZhR0hS
VW9LYzUzbUZZMEpsRHIwYnNXeFRBcGsKLS0tIDhaUzVZQTRLS1pJaWhpSVhGaXZL
S2w4UnFwUFJjUlBUYzR3MjFBVFF0cjgKCmNXjm0yJdZGO7kKPQGv2qaYEZQkbF9a
Jijh75gl0ypHXoIkDDFzqtf9/ss6eUmTOTEs4rKeYkKl7Ze7TNiatA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwM0VJSlpqZHROa2tmL3RC
NVZlMTMvSk02TDdVdXBadytzVU9LSHRkNHpNCm1SMlJoY3NQWUF0QmZ6MGtUdEhZ
ZjZKdTRVUXptWDdXQ3BhODJEVkFsK1kKLS0tIGtOZnZleURBcjNTMGpMQnoyYnh0
c25LQXZ6d2ROV1BzQ2lvbE15TVhkdmcKIK0iCAItEau9ZPxc14uKXnLP49bPIxFW
xTbkllqzUHWsUN0EpY1WhClTl4T582n59RStvKDGvEsJty5tMl4PUg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaS9aTWNqYU1qMlZkdW5G
d3h1b0hZSDkycnhtRDlYTkF6SUxtVitWM0NzCm5uVzJua0dheE80QW5sN1FqUlJG
UnV0WEh6SzE3UjhaeGpUY0prSnhOZEUKLS0tIHZhNWx3V0tFNzJrSVJBaUdoczN0
bnJLODQ2NVd4VDkyNHRHbUNpam1mRVkKc/bMfj6h/KerTkr+Fgyv1y5mwPm/jJ/z
jrtIy7Kz+JtlE3p/TkkazHBie9A/RxBUEPTsa/SS2vT+RViB2AhBbA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQWpSaVNvaEY2UTVOVXN3
enM4Rkt3T2VjdmhreFpRd3JsSFNBK040N0hZCkhycndyQi9hbnZ6dFN4WC9iM1N2
YUFiQjVWSXFNMURrczRWYjg5QUJucVUKLS0tIDg2aHVhSm5tNHlSRk1XdUVna3Fw
bUl6bGZDaC8xZUpjVkQ1ajRFWFA0bHMK4hvw9uQyJprR5kpaVD7S/XRdlde66KB4
DqHP50q0KT6BIqWgbO163ppwzHzLhqkAYCHEz0V7lbekv1JHuj+RRg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15ydstgk0fmmgy2ugmqufyqhqsqypd2mvy89enzwczz0m8ar2kvzqlcdsm8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM1FqZG9WL1EyNDVZWlJw
djBFbUQwNEkyTDU0Z2psY2FLdTVKRU82VldZCkR4WkJMQjJWU3VsZ1NEL1RGQk5V
VU84M081VVFqOXc0bGQwdThEcWthNjQKLS0tIHVFUU5YeHFBOXA0dGR0aXhCQmFa
VSthN3l3cm5ISC9rR0tLMDBmRHkyWkUKhflWL3W72KLrglJCCykaTcrHSyMeGS+s
EMDQck7nY0n5JMEybq1F14EFTv7jGDseLlss3f18Jeseov47JIao8w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONkdtNWw3Y0xGaElmWkZ3
QjRkMmhxVUs3Mk81bWNyKzlZblF4VmJhN1ZRCmJzZ2FtdTNmMytINUJ0c3hKSDU1
a00vV09JTkhHb2c3Vm44MlgvOVozaXMKLS0tIDFiK1h6Rnd2LzhHOWI4djd1SzB2
NHFYTWlEeTdFSjR6WUtjKzM5bnRDUUkKDcUdTggzv3l4GI4iR24YqZNztrSVKWYm
rPCDaDtA4UVTm04H2G8jG4m0wAVaAtnpVN4nm18B9pObFUHVVh/+VQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nh7nnp3rznfqkzudn7dzkkkxuz0ywjw8hacnftvgh60egtw79ejqam4n4p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNDhwenphZGUxK3lSbEYv
d3lvN29VSzNVcFpZN2NHU3VUdnhsWjltQkVBCitHL3RzdmswdWltUU9LNGE4Zy9N
dHBpYkV5Z2FTaE4zRThXS1RMbFdiRWsKLS0tIE9pdjI1YWw2b2hoSzF0QUtmbmJN
cE9PZXdBcTY3WVZlSW55dE1hcFp4eXcKXMAWZ2lfYhsJrKSaWeRIByeop6A92vxd
f4lKX5/y5lu9EIH3j16laswfrOYLGpvopbrj2rOp4vWQ0axWVg04Jw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERmY4TUlIK0liWlVlTS9v
OWRRRVc5bkt0ajRpdVpZc2E3bm5OWTNzaVZNCnc0RkV0enFLN3ZJZ1J5a1FKSlQ3
aWNGeTlaOHc0SjcrSkRINW1iWEhGR2cKLS0tIGhNeW9NZ20rNGtXSENodE1BNHlj
NndsN3Zja1hQRkxNNDBYZnorTFpTOGsKvMY9ajPmibz1s7AU+yN8lWHdmh0gu0II
N+bjKnq4i2KeBpYAP8C7w5otHRIVcq+RAmW7R0q3z0wNrHuZVWexFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n7ltu5yh49l7f2pgn7nyp9xpfcp45hjs379yv2txa2t2w0yd2fqq2wt3t9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNEJkdVB5bEJmNlY1OWQ0
N2dSRDRTZThHTFN1bFNQMnptNWFZYUVEVFJFCnJCWXFUcVdFT1p6L08vMVIzdHVv
V0RjZ1ljaW5DanVjY25rWXBubkNnYTgKLS0tIDQyOSt4UmhjcFoyWTRYT29sQlQ5
OXlLNHlpdHBvQzJVd2FOSGhBTVhJQUUK551YtRFBxVmmWuKulnBSps3Z8Y2k4YFF
Gf1JZc4Y8ggyLdEtr2ArmCVC/u02+6B+p7T1Ja76f8dp8mqUSppjHg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-08T15:38:19Z"
mac: ENC[AES256_GCM,data:IoqrJyCNad4/OFH6y24kYMwnkF3OWfsw77POg00btvw7FoPoaSJ76RySMs6hgWs202bDYSDi44OvbgCVeNPkhe9eyM0gwF0Gf0cE3wirc+qj2qfL9/lMOTZm02WymMglJf6xTcPo3BH00XryR7ptid9+WrB0S2aBVNlcXSBwpzY=,iv:aLI2SyUzWqp/4XFPhogq2vq/u47bs6Gmgc/PRMe+GmM=,tag:jVnW7EkqDRfQluGTiw0olA==,type:str]
pgp:
- created_at: "2025-11-18T15:06:30Z"
- created_at: "2025-11-24T13:25:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzwtBoBqH5ZOARAAiUhe3cBmpiJrkNinVIqUw+52Q1GC20LmQVfounrLxegY
5hEWzKUKs3qBF54oVnLITUJfgYAxYMW9Zn0nlASSPc5QHUGNv013KgOaPQjwaoXS
8Z3wYMh3qFObbJVmiPI7FtoGfBh6WXfPgPwTjzMfsOJg1zr4WWJzuBJbhMtiI3zJ
rrJiK0IYzQkoha34oT1VJaHBH+xQha2JWVIZ4pBKZLkTJFQYKckAxeKmlEn8nQTT
SJwtBKKlc80fZCe/s7hwKPm0GTTV+wwv1jvCsaf/GIFqKoMOBmqEAz8GcETQNaFC
sNkDWWFlxlsioG6Zi+Ok7tvFhyxEoF4sABuYx8LoBbL12UgZJRbhM7HIakxnORBu
a3QomZKAxfZ4zMRKaOYjUVGFdoJWgxb3wqa5WiHM5GeOQJzRzdpPwdTJPrxQSsx4
/p5+MOFoia9GdBbwcdkVEopX+m5TvY+i3Gs/GnHSWZaXQBjhSW/O5UE29dHas3ai
tY+1FVnUpVyCnqF/BXRhgXydpVzZEAHoYF/hz2ah7AI2CnmeQ3ypO1DsfoADkgm+
iinHFmU+ZpZJndpPsjoarJHBySoK4N34JsiJcv4DGv+4XbtEySb/r7rgZzrRNuj5
tMtmQs82Ii+836NDImvJs8vg2H40bPLsVMtJ7xAYSGLXDDueXHPmCFOuJZ0KsR/S
XgFe91sDNTG/6j0PEilYTMyp04qMaxwT4teouMRlLr/rACJj5jpt5BVO4K8nDaYf
uq0wX2mXYJqoWZU1DBYO0vRRTpcpenLMV5M+ZrUy2LQINmLCUAuFB73cGUlQNac=
=8FwO
hQIMAzwtBoBqH5ZOAQ/+PPG+DkWHyr1BWMsxmOmxk47TMjVvU9y1XPjTfgXgoE/2
kRLgnUd57rOzjbHuYW6ipctdBsu/o3kJwRdqXySVoLckaHoqoErejG7msypuDaKj
0lCFE8KAwqN5QJwYZOFeJ/WN+kbsVTWY2tUgN3kPLTrF/mQwKY1b5gAOvNRjaPLw
rYeR29fJge1PNH6PeaY9ODGG4NU0YctUz0AO0RSVEpO5rxTdxHMzpK6xtviQKhwA
9MaHJWZmL8F0ccCLM60QO4NHPFe/cw/qhYqAXcc1IJDwOU4uslNwnZY7x0V7dwWt
I9RS73cz4fgaFDLmBl45GOnii5D8Nz4AXfkOyv7hXTbsV86LErudHwV3ARObU9LN
VCln1hu9bbGZXNbxzQceaHFgnnGj+2AC/+T+jZntayMeIKFVEWhKLWl6z47PqEpO
wJRuXnDfuWyg14qVXZ/w43NVvFPAiPBEMZCLSOZXgn2SUD1rbvFuyXo1ZPTi8b4I
yPeYUmSRsrw4ZVgT/loS4Y7JTRe7P1x05csIMsrEHrXsAS3oWxEg52/FufChvwaz
SYdg48lPK1lPpehmAwVNmtugMXIP9GVEa/BZO8Pj4cJQoF780q4TknwkWyFqTWEh
E8wgEzyUB14g8CCxzteOWsv/1WtuXylp4/yEQe2/pSGAR4r4KLf2ZRL1Nj3GsMnS
XgEtYhgBHg4mmUd8T/uo63ZRKGtlLNLLdKkSLkzm0wgTY//r1iEhqwOMQjbRPuM7
osITmHr5VPhQYLKkEMeg4IweXsN6Zkb79un32hcFGlBGJcMpI22m0svDmGhB5oc=
=USV4
-----END PGP MESSAGE-----
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
unencrypted_suffix: _unencrypted