From 47ddf0cd1e0e20cddc94f7a9bdff4d744be9155f Mon Sep 17 00:00:00 2001 From: h7x4 Date: Fri, 24 Oct 2025 12:22:01 +0900 Subject: [PATCH] tsuki: move to different machine and reinit --- .sops.yaml | 2 +- flake.lock | 127 ++++++-------- flake.nix | 13 ++ hosts/tsuki/configuration.nix | 80 +++++---- hosts/tsuki/disk-config.nix | 155 ++++++++++++++++++ hosts/tsuki/hardware-configuration.nix | 65 +------- hosts/tsuki/services/kanidm.nix | 2 +- .../services/matrix/stickers/default.nix | 2 +- hosts/tsuki/services/nginx/default.nix | 36 ++-- hosts/tsuki/services/vaultwarden.nix | 13 +- secrets/common.yaml | 101 ++++++------ secrets/tsuki.yaml | 46 +++--- 12 files changed, 367 insertions(+), 275 deletions(-) create mode 100644 hosts/tsuki/disk-config.nix diff --git a/.sops.yaml b/.sops.yaml index ccf0f3f..221ebc9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC - - &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst + - &host_tsuki age1ue7uv559wf6tfjsutn9dsh07vpk53sgrfkdzqy4ltg6dnxcxeg7srx800u - &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc - &host_dosei age1s6s4w7cdfgajm30z9gy8va8pvs2lrzk5gnsg0hmn5z2sl8z36seqej406r - &host_xps16 age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm diff --git a/flake.lock b/flake.lock index 4caaa46..47cd2af 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746728054, + "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff442f5d1425feb86344c028298548024f21256d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v1.12.0", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -34,24 +55,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -59,11 +62,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -141,11 +144,11 @@ ] }, "locked": { - "lastModified": 1755655202, - "narHash": "sha256-UeQs2b1u99hthaiEqW/wkhL0aDDhp10/pA0keQqfkcY=", + "lastModified": 1761270771, + "narHash": "sha256-/gqQ1x4RCIk0Fsfq6a2489M7El79LJttsV1P7pIZn5o=", "owner": "infinidoge", "repo": "nix-minecraft", - "rev": "fdd3b8ec61a25e5a1c9bbf2041d64129f51000a5", + "rev": "651d677a7ae913c792629437f77278997770a231", "type": "github" }, "original": { @@ -155,34 +158,13 @@ "type": "github" } }, - "nixgl": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752054764, - "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", - "owner": "nix-community", - "repo": "nixGL", - "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixGL", - "type": "github" - } - }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1760958188, + "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", "type": "github" }, "original": { @@ -194,11 +176,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755593991, - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", + "lastModified": 1761016216, + "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", + "rev": "481cf557888e05d3128a76f14c76397b7d7cc869", "type": "github" }, "original": { @@ -209,11 +191,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1755577059, - "narHash": "sha256-5hYhxIpco8xR+IpP3uU56+4+Bw7mf7EMyxS/HqUYHQY=", + "lastModified": 1761236834, + "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "97eb7ee0da337d385ab015a23e15022c865be75c", + "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1", "type": "github" }, "original": { @@ -224,11 +206,11 @@ }, "nixpkgs-yet-unstabler": { "locked": { - "lastModified": 1755703469, - "narHash": "sha256-qHpFcH6SNt91yzHcouN4RszgGpq2PX38GPmSu8zpEng=", + "lastModified": 1761274430, + "narHash": "sha256-W3+R07zXSWnqucrndQGvqm9wW6bd8j7BAEKFPh0Cnsg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd9e4d176992662819951a2a80b939e2f815bccd", + "rev": "7d909d8d021f01e272385343448cb224b8c425c6", "type": "github" }, "original": { @@ -245,11 +227,11 @@ ] }, "locked": { - "lastModified": 1684092181, - "narHash": "sha256-Oi6G8Jx2RkEMi3UndtAnZw61hfgKGEe7l/ILdB9ump4=", + "lastModified": 1742203788, + "narHash": "sha256-nRqyf+msCPEXvvXF6bvfiYH/B089dqWPc7ljRXieA7g=", "ref": "refs/heads/master", - "rev": "028ed8774d1cf4650fc15253146cf14451eb608c", - "revCount": 43, + "rev": "c4e353e745b4012feb75dd1c4405a71f6318ed02", + "revCount": 51, "type": "git", "url": "file:///home/h7x4/git/osuchan-line-bot" }, @@ -260,11 +242,11 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "matrix-synapse-next": "matrix-synapse-next", "maunium-stickerpicker": "maunium-stickerpicker", "minecraft": "minecraft", - "nixgl": "nixgl", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", @@ -280,11 +262,11 @@ ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { @@ -307,21 +289,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 2968778..0fad6cc 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,18 @@ { inputs = { nixpkgs.url = "nixpkgs/nixos-25.05"; + # nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable"; nixpkgs-yet-unstabler.url = "github:NixOS/nixpkgs/master"; home-manager = { url = "github:nix-community/home-manager/release-25.05"; + # url = "github:nix-community/home-manager/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko/v1.12.0"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -43,6 +50,7 @@ nixpkgs-unstable, nixpkgs-yet-unstabler, home-manager, + disko, nixos-hardware, matrix-synapse-next, @@ -317,6 +325,11 @@ }; tsuki = nixSys "tsuki" { modules = [ + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + + disko.nixosModules.default + matrix-synapse-next.nixosModules.default osuchan.outputs.nixosModules.default maunium-stickerpicker.nixosModules.default diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix index 0eda5df..ed702e6 100644 --- a/hosts/tsuki/configuration.nix +++ b/hosts/tsuki/configuration.nix @@ -1,38 +1,41 @@ { config, pkgs, lib, modulesPath, ... }: { imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + + ./disk-config.nix ./hardware-configuration.nix ./services/atuin.nix - ./services/borg.nix - ./services/gitea-runners.nix - ./services/grafana - ./services/headscale.nix + # ./services/borg.nix + # ./services/gitea-runners.nix + # ./services/grafana + # ./services/headscale.nix ./services/hedgedoc.nix ./services/kanidm.nix ./services/matrix - ./services/minecraft + # ./services/minecraft ./services/nginx ./services/osuchan.nix - ./services/plex.nix + # ./services/plex.nix ./services/postgres.nix - ./services/samba.nix - ./services/taskserver.nix + # ./services/samba.nix + # ./services/taskserver.nix ./services/vaultwarden.nix - ./services/vscode-server.nix - ./services/wstunnel.nix + # ./services/vscode-server.nix + # ./services/wstunnel.nix - ./services/scrapers/nhk-easy-news/default.nix + # ./services/scrapers/nhk-easy-news/default.nix ]; - system.stateVersion = "22.05"; + system.stateVersion = "25.05"; machineVars = { headless = true; dataDrives = { drives = { backup = "/data/backup"; - cirno = "/data/cirno"; + # cirno = "/data/cirno"; media = "/data/media"; home = "/home"; }; @@ -51,7 +54,7 @@ networking = { hostName = "tsuki"; - hostId = "8425e349"; + hostId = "1cb0971f"; networkmanager.enable = true; interfaces.ens18.useDHCP = true; firewall.enable=true; @@ -71,32 +74,51 @@ }; }; - sops.secrets."drives/cirno/password" = { }; - sops.templates."drive-cirno.creds".content = '' - username=h7x4 - password=${config.sops.placeholder."drives/cirno/password"} - ''; + # sops.secrets."drives/cirno/password" = { }; + # sops.templates."drive-cirno.creds".content = '' + # username=h7x4 + # password=${config.sops.placeholder."drives/cirno/password"} + # ''; virtualisation = { docker.enable = true; }; + services.resolved.extraConfig = '' + MulticastDNS=no + ''; + + services.zfs.trim.enable = true; services.zfs.autoScrub.enable = true; - boot = { - kernelPackages = pkgs.linuxPackages_6_15; - zfs.requestEncryptionCredentials = false; - zfs.package = pkgs.zfs_2_3; - loader = { - grub = { + boot.initrd = { + network = { + enable = true; + udhcpc.enable = true; + flushBeforeStage2 = true; + ssh = { enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - mirroredBoots = [ - { devices = [ "nodev" ]; path = "/boot"; } + port = 22; + authorizedKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0aYHsiqfLCA0prSmEi6hZeQPCGxZYR7gp+3U99POUWJyycSVqXMhgVZHT8VEYGf+EZ/y5nL1bvna7ChBwQBzInB2mRW+TCLL3h1w9t/27vTHe3wV+fowTooD/paOErmWFO4yDBEJ3cYFMXowAd3GfvsBSFGPSsvSxghSzWj+kfhIFkXD02LZxn/hBQyCT6irp3Hwx1cBu8ic/l2ln64SLARuEmj4ITaafNC5wD2Gr5Jf3q+T9QtJeFPXSpJD7MtVMJ1VpgpfGBvlEYKggiQjxgu2BXHv1w3KIfyltTwhrcqHvttaJSuR5TreAgQ5+dZHmMr6XX8rFG+HEa8gND6NjGjHrJBxp53qgPtLAmBddvf8xQMYiq6+XST16nlRaAsjU3yr3VqCt7XhJiS2IV8JiIV3dok8nxzDX9sjdZeGchdnAnU6lcxDgnBvAcJRaWHwMCG8Ty9sJ4otgjr5A1GxRBndJIIuKzjpdtsrCAHg/K2zqFoKPJxN/K9zDWKNy0aEy2Akl3LgHF2QIuG5pUOmbyvbF8AoTudaz6Zu6JpVwOb9T9avFJBH4RHQ3mK0faBkrEmnkAg6JnDDMIt0XLALl88rI4kbdkVvJ2kaodvq799TCCw1PwMidgWX63LemWVBx+CL9ebXrsOkOthhMhkeaFXY9Am3Ee7rfD1tq3PGU1w== h7x4" ]; + hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; + postCommands = '' + export NIX_SSL_CERT_FILE='${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' + + echo 'zfs load-key -a; killall zfs; exit' >> /root/.profile + ''; }; }; + + boot.kernelPackages = pkgs.linuxPackages; + boot.zfs.package = pkgs.zfs_2_3; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + systemd-boot.consoleMode = "1"; + # zfs.requestEncryptionCredentials = false; + }; } diff --git a/hosts/tsuki/disk-config.nix b/hosts/tsuki/disk-config.nix new file mode 100644 index 0000000..74cc3c5 --- /dev/null +++ b/hosts/tsuki/disk-config.nix @@ -0,0 +1,155 @@ +{ ... }: +{ + disko.devices = { + disk = { + nvme1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + content = { + format = "vfat"; + mountpoint = "/boot"; + type = "filesystem"; + }; + name = "boot"; + size = "1G"; + type = "EF00"; + }; + + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + nvme2 = { + type = "disk"; + device = "/dev/nvme1n1"; + content = { + type = "gpt"; + partitions = { + # No boot partition here + + zfs = { + start = "1G"; + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + mode = "mirror"; + members = [ "nvme1" "nvme2" ]; + } + ]; + }; + }; + + options = { + ashift = "12"; + + # trim handled by systemd timer + autotrim = "off"; + }; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "zstd"; + dedup = "on"; + devices = "off"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + relatime = "on"; + xattr = "sa"; + + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "prompt"; + }; + + postCreateHook = '' + zfs set keylocation=prompt zroot; + ''; + + datasets = let + root = "nixos"; + legacyMount = mountpoint: { + type = "zfs_fs"; + options.mountpoint = "legacy"; + inherit mountpoint; + }; + in { + "${root}" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + + "${root}/root" = legacyMount "/"; + + "${root}/nix" = legacyMount "/nix"; + + "${root}/var" = legacyMount "/var"; + "${root}/var/cache" = legacyMount "/var/cache"; + "${root}/var/log" = legacyMount "/var/log"; + + "${root}/var/lib" = legacyMount "/var/lib"; + "${root}/var/lib/containers/storage" = legacyMount "/var/lib/containers/storage"; + "${root}/var/lib/containers/storage/volumes" = legacyMount "/var/lib/containers/storage/volumes"; + "${root}/var/lib/postgresql" = (legacyMount "/var/lib/postgresql") // { + options = { + mountpoint = "legacy"; + recordsize = "16k"; + primarycache = "all"; + }; + }; + + "${root}/home" = legacyMount "/home"; + + "${root}/data" = legacyMount "/data"; + "${root}/data/minecraft" = legacyMount "/data/minecraft"; + "${root}/data/backup" = (legacyMount "/data/backup") // { + options = { + mountpoint = "legacy"; + compression = "zstd-15"; + }; + }; + + "${root}/data/media" = (legacyMount "/data/media") // { + options = { + mountpoint = "legacy"; + recordsize = "512k"; + }; + }; + + "reserved" = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + refreservation = "10G"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/tsuki/hardware-configuration.nix b/hosts/tsuki/hardware-configuration.nix index baf8df2..9dacf94 100644 --- a/hosts/tsuki/hardware-configuration.nix +++ b/hosts/tsuki/hardware-configuration.nix @@ -8,73 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "igb" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "momiji/root"; - fsType = "zfs"; - }; - - fileSystems."/data" = - { device = "momiji/data"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "momiji/nix"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "momiji/home"; - fsType = "zfs"; - }; - - fileSystems."/var" = - { device = "momiji/var"; - fsType = "zfs"; - }; - - fileSystems."/var/lib/postgresql" = - { device = "momiji/data/postgres"; - fsType = "zfs"; - }; - - fileSystems."/var/lib/minecraft" = - { device = "momiji/data/minecraft"; - fsType = "zfs"; - }; - - fileSystems."/data/media" = - { device = "momiji/data/media"; - fsType = "zfs"; - }; - - fileSystems."/data/backup" = - { device = "momiji/data/backup"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/66C8-A92E"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.eno3.useDHCP = lib.mkDefault true; - # networking.interfaces.eno4.useDHCP = lib.mkDefault true; + # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/tsuki/services/kanidm.nix b/hosts/tsuki/services/kanidm.nix index 804e8af..c7d592c 100644 --- a/hosts/tsuki/services/kanidm.nix +++ b/hosts/tsuki/services/kanidm.nix @@ -17,7 +17,7 @@ in { }; services.kanidm = { - # package = pkgs.kanidm; + package = pkgs.kanidm_1_7; enableServer = true; # enablePAM = true; serverSettings = let diff --git a/hosts/tsuki/services/matrix/stickers/default.nix b/hosts/tsuki/services/matrix/stickers/default.nix index cdc2200..4535eba 100644 --- a/hosts/tsuki/services/matrix/stickers/default.nix +++ b/hosts/tsuki/services/matrix/stickers/default.nix @@ -78,7 +78,7 @@ id = "hutao"; title = "Hu Tao"; stickers = ./json/hutao.json; - hash = "sha256-8JM34WXl4doyF3HuJL3pfKf26wKVEAs3eqj+b40ggQk="; + hash = "sha256-CQhO3ra/oCCZM8pWZZjA4suDkIQ1Q3W0WIShFIe5O0Q="; }; pokemonPiplup = { diff --git a/hosts/tsuki/services/nginx/default.nix b/hosts/tsuki/services/nginx/default.nix index f0fa101..11184d6 100644 --- a/hosts/tsuki/services/nginx/default.nix +++ b/hosts/tsuki/services/nginx/default.nix @@ -54,21 +54,23 @@ sa = config.local.socketActivation; in { "atuin".servers."unix:${sa.atuin.newSocketAddress}" = { }; - "dynmap".servers."localhost:8123" = { }; - "grafana".servers."unix:/run/grafana/grafana.sock" = { }; - "headscale".servers."localhost:${s srv.headscale.port}" = { }; + # "dynmap".servers."localhost:8123" = { }; + # "grafana".servers."unix:/run/grafana/grafana.sock" = { }; + # "headscale".servers."localhost:${s srv.headscale.port}" = { }; "hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { }; - "idrac".servers."10.0.0.201" = { }; + # "idrac".servers."10.0.0.201" = { }; "irc-matrix-bridge-media".servers."localhost:${s srv.matrix-appservice-irc.settings.ircService.mediaProxy.bindPort}" = { }; "kanidm".servers."localhost:8300" = { }; "osuchan".servers."localhost:${s srv.osuchan.port}" = { }; - "plex".servers."localhost:32400" = { }; - "vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { }; - "wstunnel".servers = let - inherit (config.services.wstunnel.servers."ws-tsuki".listen) host port; - in { - "${host}:${s port}" = { }; - }; + # "plex".servers."localhost:32400" = { }; + # "vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { }; + # "vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { }; + "vaultwarden".servers."${srv.vaultwarden.config.ROCKET_ADDRESS}:${toString srv.vaultwarden.config.ROCKET_PORT}" = { }; + # "wstunnel".servers = let + # inherit (config.services.wstunnel.servers."ws-tsuki".listen) host port; + # in { + # "${host}:${s port}" = { }; + # }; }; virtualHosts = let @@ -167,7 +169,7 @@ locations."/_synapse".proxyPass = "http://$synapse_backend"; }) (proxy ["irc-matrix"] "http://irc-matrix-bridge-media" {}) - + # (host ["madmin"] { root = "${pkgs.synapse-admin}/"; }) # (host ["cache"] { root = "/var/lib/nix-cache"; }) # (proxy ["slack-bot"] "http://localhost:9898" {}) @@ -192,11 +194,11 @@ return 301 $scheme://git.pvv.ntnu.no$request_uri; ''; }) - (proxy ["idrac"] "https://idrac" {}) - (proxy ["log"] "http://grafana" enableWebsockets) - (proxy ["map"] "http://dynmap" {}) + # (proxy ["idrac"] "https://idrac" {}) + # (proxy ["log"] "http://grafana" enableWebsockets) + # (proxy ["map"] "http://dynmap" {}) (proxy ["osu"] "http://osuchan" {}) - (proxy ["plex"] "http://plex" enableWebsockets) + # (proxy ["plex"] "http://plex" enableWebsockets) # (proxy ["vpn"] "http://headscale" { # locations."/" = { # proxyWebsockets = true; @@ -208,7 +210,7 @@ # }; # }) - (proxy ["ws"] "http://wstunnel" enableWebsockets) + # (proxy ["ws"] "http://wstunnel" enableWebsockets) (host ["h7x4-stickers"] {}) (host ["pingu-stickers"] {}) diff --git a/hosts/tsuki/services/vaultwarden.nix b/hosts/tsuki/services/vaultwarden.nix index 6736668..eb29844 100644 --- a/hosts/tsuki/services/vaultwarden.nix +++ b/hosts/tsuki/services/vaultwarden.nix @@ -21,6 +21,7 @@ in { systemd.services.vaultwarden = lib.mkIf cfg.enable { requires = [ "postgresql.service" ]; + serviceConfig.StateDirectory = "vaultwarden"; }; services.postgresql = lib.mkIf cfg.enable { @@ -32,10 +33,10 @@ in { }]; }; - local.socketActivation.vaultwarden = { - enable = cfg.enable; - originalSocketAddress = "${cfg.config.ROCKET_ADDRESS}:${toString cfg.config.ROCKET_PORT}"; - newSocketAddress = "/run/vaultwarden.sock"; - privateNamespace = false; - }; + # local.socketActivation.vaultwarden = { + # enable = cfg.enable; + # originalSocketAddress = "${cfg.config.ROCKET_ADDRESS}:${toString cfg.config.ROCKET_PORT}"; + # newSocketAddress = "/run/vaultwarden.sock"; + # privateNamespace = false; + # }; } diff --git a/secrets/common.yaml b/secrets/common.yaml index 87d2ea5..e4d6236 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -18,90 +18,81 @@ ssh: pub: ENC[AES256_GCM,data:TaB+UN5w2nAnJaWAa5DZ7P/0hs5212YbJUmLLhqrbgl2zn4O1qQET4gY1HNKYaf+4HqJujhBEcxFp/XJaQ9/q/YSX3JMnE0IIBeNMqC/o/yPaGgj/dawvBa3bQ==,iv:pTIdUkIeRTUsaj0fydkVB9PGaZy2WcSsGa42th4rDGY=,tag:D+kSKmCHO/brBP6SRMo4Qg==,type:str] sops: age: - - recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst + - recipient: age1ue7uv559wf6tfjsutn9dsh07vpk53sgrfkdzqy4ltg6dnxcxeg7srx800u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUlM0dTRRMHBYRFRnVzZH - blNHWXVZVHNPemF1U0lKN0hnN0k5QmJhQ1JBCjc5cW5zVFp3MG1uNC9ZcU1HRnd1 - cEh0M1NMMm05NXRGQ0MrTHVRUUh5SEUKLS0tIG04eDFmcXprMUhqYndvVE05aXdC - SHQ2Y1RBdklzeGZzOVZBWlF5VzRYbm8KYYuTxfnrHdAERPz8AKbWBH9sM+CZ47z8 - pHjfgRQNkLvV39bAsnK3Od5bG2Gc/f8fpW9TfnlTi8TOu0REyDWY5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqSjBrbjhBSlltdnlsM25R + N05SR2FnSFVGSW9WcVMyRGFlY3ZYOXd3VmxrCmkrZ21ucVZEMWVObDVGMWk4TDdP + YkVqek5wMUt6RGw0ait4WS9GQlJxSEUKLS0tIE1nQWpEREVHSmlULzB2ZXIzK3pk + S1ZOWXZqOWh4a1VvQ2tGVytZQ2J4Q2MKtlPlAeD4Y4URFpo0GHh61JApTBnE1sHT + qI6gT7JO1e3zwmIQGtP81t+Ez2T08Wcz/tCvNaj/9tSnLc4U7bt0+A== -----END AGE ENCRYPTED FILE----- - recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIVjM2NDFGVHVDTFF6cWhO - cm5ZeHhTKzE3eVVWSXVuaEFEcElqTCtvMldZCjBTekxnVXdlOEZsMmRFMHZ0R04z - aWJ6ZkhPRXh0UmxzQW5uZGt4dDlyUEUKLS0tIHhod3FxMHJsYVJoaitoVWp1eFZK - RndjTVVvU0lmM1RZZzhQM3JmSW03UDQKOwzjl1jCbSPelGaH4bsJlWGHNJ1t3DSB - Vm+pIBA/Y9WndBHnbGii5nqCH2KWk0wTrUppE20yOtsFSU5pZX6M1g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdFNxdTVZWGpVVHBaa2pu + K3F4TTd0Mk1BaG9Pb1IydWIyTW1kMlQvd3ljCmF6YnRkSjlhN1RPaUxpWGZaVGxK + TUNJMHZnbnVONExWRktiUmxHWktNZ1UKLS0tIEVWK1FPZGZoRVBkb1RPM3lDQjRs + czhkbmZNWkJYUnVudmJCK2p3eDR3TlEKNFGGC6E5y4NYDYqyoaeJbiz+CwxgZpYo + iQwhCD1rA9DYBOH38FjEdHHMCkw0qqbucjtT4hXvYJ5PmROrt9+BYQ== -----END AGE ENCRYPTED FILE----- - recipient: age1s6s4w7cdfgajm30z9gy8va8pvs2lrzk5gnsg0hmn5z2sl8z36seqej406r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQV1FUMWU4UTdXUzdvdVVp - UEVTUmkwWFR6K2h2NjhBNWhGcUNVWkNFVjN3CnZUZzNPdHBsbjl6Umtlb3RUSUY0 - djR0aUZWa0FYWWxGVUkvdG1CZE1OOEEKLS0tIGRReGl0VC9iTTY0dVd1VlpIcHlz - L21NdzNXZDdwWU5vNTduTGYwUmxBZ2MKPdgDkadORfFOJRHcfbnjJRItBY5/GhkI - 2np88u6i2CJJz0nq414yBitqNTDz51lUrsM0I1tBrYwSajWwAXZHpg== - -----END AGE ENCRYPTED FILE----- - - recipient: age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWHN2cWF2UW1CTjY4Nmpp - RkRtVXRBMTNBTlpRekN2STlkQnN0QkdEdkFFCi9sWXQ4UWMyM1AyM1dkd0ZVWU1z - enRCeXVYMFZib09lSU5PUUo1R3Y0c2sKLS0tIFIwUDBMTlM0NTRsTEpqTW9aN1dw - cW9OdU4rK1JmVUFibm1VcXJDOUR3aUUK/K71tfVhdxVhrs7AFGBSP4IxdABcfmpN - /JyydTcIJ3Om5hArsA8owyAs2oR106P9Q5zgbJuw9StbbIqEzJ7FKg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdmtkejE3OFh6eVc0eHdl + VEg3Mjk2ZlRPMUdNUDdhMUFSekM4b3p4SVdnClRHaG5ONXc3c0o2Q3pOcWdKWmgx + cUtHR3lML2dXbmV2Q0lGQnhNSGRsT1kKLS0tIHl3VFZVVjI0cnpHd0pMUFQxZWdB + ZnRuQmgvY1drWVJjZ0FyVVZYc0t4dk0KbmRD35gd5fWSU90xnrY67i4AAFgX/4AV + d5ZsSXG3JC/eluoiwZjZfihggrAT3NSRf3zp0rk4sY8zM0JYet8Q+g== -----END AGE ENCRYPTED FILE----- - recipient: age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WmxBRkU3SExaQTdlRjI1 - cjMvbGFjUEF5YUg0Q2pmcDlOakZwY0g5RkI0CnhoVU4vOE5sYnRkTTREaU0yZDhR - emprZGovdi9NQk9ac2JhSmxxQ3pEOUkKLS0tIHdrU1RBcFZ0TXlhUktJR1dlS3hX - OXhqamh0bk93MDdkOTBMN3dwSWVlSk0KAHkw+M+fmEOAseLFnO/OEvCa9dAQ31KO - 2SnCTOR7nbRc/sguseP4brQD+ungbtwPF3TZodjgQMverdIT4I80ew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5bnhxTkh3ZU9TN25HUWZX + SWs1SGc0VmR3M2NxL285MjV1WGFxck9lTERZCkd6cUpLZUNFeTExNkVKc1Bha1Rz + UnQ1ajhJRkxPbGNsUFBzdWpHK1dNVWcKLS0tIGNqU0lJQU1RLzdtN25NR1VBcEd2 + MkRjQjNybGlOeEhOLy9uMHN1TWYySE0KgqBli230yRXwFwgipoYNz0NxR3TwDT3q + 9EoCTOLVli53m1p3mN+q3HsVCe2RqxfFJtlZgBYvt/EL3tBycTrDKw== -----END AGE ENCRYPTED FILE----- - recipient: age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBld21NTjl3T0lEZDRkRlht - Y3FiSHE3Y0pSaGw1UXZQaElBbkNmNDJYRFRrCm40QWxnWWcxb2xwOG1ydDZmaEti - UkxHbmI3d0tMRTVOY1d3b3RuRGlMQ0EKLS0tIEt0SGtvRFExSVdHSWlFSFYvRG9S - YTNiKzc1dy9BajhGdEVoTG9zSS9xZHMKywgMk/Jm121cHJZVNxs4BftYpOdnD7P+ - t6/ncqqJRjIuEsI4Ibtgt+kaP6X9ehJDgmNcp2/i7ZwZ5gf8Npb/nw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRDczcFZ4ODdTMDVWMHFx + WUkzRVZHdE42Qy9GK1ZXeitNN1I0WnArQ0FBClJBTWoxRWppa1B6Y0RWU1l6RzNY + cmVTTWQrVm9CZmFRZEhEOWpxamNORWcKLS0tIEwyOVNKL3c2YnppeWIvZGhSZW1Y + NG1kWEU4QzBlTzlaLysvT2p1bm1KOVkKoKPoKnMrnNczR+9RKH608P2br7FWrU6k + V9mmDMBTSgLCqcYbyEgXrok52uYwTnQ1tatynJLAEMqxGe718LFaRg== -----END AGE ENCRYPTED FILE----- - recipient: age17acs5lw7npma4sughxq3wj3cs5gjkenqdzscyvaks0er33n8gupsce7jlp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2S0lnV1J6TnhlM0xFVVYx - RzkvRlBiSkl4ZmRqdlpNdTYvUmE3Q2pTS0NzCm1QaTZzQU0xNjdJbVpWUFRHb0gv - YW03MUdvazZHYm9xOCs3OW56c3hsMUUKLS0tIHUrclhCSFFhN3l5RXI2TG5WeWtN - WHNjUGdPc1VKNDVoeGVLOUpRcW9JakEKxUfhyC9vhXMkkJwlrV1u9SuxThhmka0E - tMbzyqHxFxT4cZScaIDxAl5P8W6mpqmpaN+l/RT+ozeS5FY6+iMVKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdVVIMjQxRDd5Rmp3ck05 + cW9wNzM2WTc3eG9BTDNJdTFLTHFEL2Y0NGdnCjVXY1ZrcjB4ZWFXKzJnYjZGV0JR + NnkvSVJkK3MxOURRZnBuN1psU3k1cTAKLS0tIDdJTEJLNnlLeUlkcEptRk1KNXpD + QWlrU3pVbGR4RGF4eVM4T0FNN252UTQKYVhySM07WXavwFFv/HkS1t+cQ587N2Pi + Ya3VapW3zoRsxRbwNcUrxJVAFItzPcmXe3T9tjtbWzkjVUF7Iw6MDg== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-08-22T12:18:16Z" mac: ENC[AES256_GCM,data:ftu/nvuWiULRtddXYamM//nDJTeMTOSl23OPN5iHIuopsIcwlbYOkPLCeHve0LdaJ/0cQTY/oMN92QKnKaAtWgKo/Mankw4Lo896dODsG1c53oIUH5rYldtKs4ELQJ96L/lCHQPwvH2Z2jgl3utPfJJKs7a6BwNvrYq9AcI2FMg=,iv:5qz/4vainTlUjd2z3tXx+Y/uu3mc8EJZlFn4WhWbtcQ=,tag:CV6wryc4qxXstIQMbOHvVQ==,type:str] pgp: - - created_at: "2025-04-02T10:09:05Z" + - created_at: "2025-10-24T02:48:00Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA0av/duuklWYAQ//eqCNRV1+ydZywte+YlOM5asB1RLerIIM+cNzcro0jkSa - 3zuAmYlj+XoZfFIC3cJlu/rggBhW9uRzIe2b/qnFeVFss/3ssSU0jTIybRolsZJf - 4+1niQkHz1YEfloTrFy2kyqDX3bSdpXxoYoIVLYJRqo0CbvmrM74xmm6dqkXVXOu - EPtrycj9Uy+tfVtuWGGCkZnQp7kKjPGoAOuhxsFhSCQk9Afbkyuujr+ezATfUHZE - WxTrp3nNmXbc9x8RsB1NtVDMgiRSQkLWmyF95MEAQWreO3lE66x0iWmrpbDCoEIC - B923xN9NzAyzZfdngou/+v/kTACvXlGLhgiAK6glP8UIX682dn2TozqgP7nCsQfs - XX+h23qHmwySiRzkTRmDP8sXe/rHhdp4W1O8883K9/0EZjh9fZiDrdL07Yu4EDnK - GgK/dKZOEHYPY4FTAqjzRGtNdwH7DG4/mSjeaadGprRx07JGzerXzP/clK9fIOUW - RnlGHU61THikP2Zcm8PeaDc/VZv2bBx7z4AB7ys0m3sf1VJ4Zf12aAtffkLf90ew - Cmoi7WDZOTUcZqdFK0SHjmLOEvQ3tQQF7KdMHTgrZOThArr1vmWids1LxJstp5eG - zV29EsMPzg+dhTt15MyM8Q6IuWhGG/7z+B9925eGac4NBM9KUvGfrUem0B4hBqzS - XAGp7gQIETUx/mzJ8kE423DEkmcInCrQTGL+Gfv90ltqareDogiDQqxpJDRMbbu/ - EHzkP/RzhZwzDVSzIl5+1TAaeWthY2Ru3YmSGQOso3UXb7pB0DeJMZUfPNtI - =Ir3g + hQIMA0av/duuklWYARAAqVALTRHINu3zPhPEkgwynBF5Haa32mKRSHr2Ws5T+esp + 37hXW2Xmc+oqHwxg4XHf0ICzKS9vijGsQHTC2dro2C18M/NGor8uBzdnw0WwpBYY + 4wmUywmol3oxWWqCYuJvuPg3TY68lbN9i9+dJiWpLJx2cw4+Q4UJKTZkURTTW7WB + UBw0HD427JqlZGrkDga2yLPl3Lf6v5rDXdSfSOas/CtTZ60z9L0PmQInujaJZTn8 + Qh35jy/dI5/wboyo+umQ/yQEVasWhlX4ltJ2euzpLATfpxi/OixJPnesyW8LG7tI + gP6IGR2J92sG0oS/PacHPuralfF06JMu50Bhc4Pn6JSUSnMZ6Hpscjes1IyDwwOm + fnobl3WTO6EJDJas9Yt/A6bZRNOtU2vLAH52MAHEWEpSMkrzAmO8VSe5OIY1u310 + ub23jKqwoyzLpfEUZpX3WZ3nmbha+7z/7awioeH6ZIhLVB+Vx8nAnnd3NJl1auzz + jOLAgmnRBif0373I8goGgkZkiQVCYgSPucl9YMF7ZTaLqYq8K8e5KPU2W/4nralU + hLCaocqwf3ojPsEeyzUWe/VDZL5WF/8GIBax38A1+oH8/6r45gKUTs1Igw9fmdAi + qiWZXt89nHkzkZx+L7FLFP88VgTMyE0IiZxspl3JcVuHMa6WX4+vOspCFYIgbZrS + XgHkHubjFCpS8J0QF2+bH3CpB2xvaPmuwAN1hqyLmEEC0T/j69s4bN4ZYWDLjdYw + p1XM0Niy/FxQ+vKAnEIqmBig+4vPlKSA/Zy2/Tf6HChMQpqoJ5JURj6TpOOFQVc= + =Vqcq -----END PGP MESSAGE----- fp: F7D37890228A907440E1FD4846B9228E814A2AAC unencrypted_suffix: _unencrypted diff --git a/secrets/tsuki.yaml b/secrets/tsuki.yaml index a5f0128..78cc7b4 100644 --- a/secrets/tsuki.yaml +++ b/secrets/tsuki.yaml @@ -44,41 +44,37 @@ osuchan: channel_id: ENC[AES256_GCM,data:qS4no9fC2EI+Bw==,iv:+2Q0ceJBZ7Il4bwtyx0+n69bLV1P7RtZxhWTaUrricM=,tag:+q9plSfQ9I6Xe+nvuG9yQg==,type:str] channel_secret: ENC[AES256_GCM,data:p6N7AOyNs/LsmSd5J4WfyWszg4sjv60ZL/3k1IdeGZg=,iv:pSp+3gR76u1GbgROSZXcflRWSO1wYV0M4d11nEIG/k0=,tag:RO+3kpZ1ZmYU5PKaC96CFQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - - recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst + - recipient: age1ue7uv559wf6tfjsutn9dsh07vpk53sgrfkdzqy4ltg6dnxcxeg7srx800u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNDhBUEZMMFN6OXlVRHVm - OGFqckZySjB6ZTlJK0YvWHlhcGlLNUkwdTFFCmw3bG0vdkpmOGpCcUJEUWFZZmN5 - Z0lOeG4xYUNVR21QQVhVZjdXZTMrazgKLS0tIDRlVGJHVzdVUXV6TW1nUnNBRmRs - MThmQ1Iza0F6Q0Y4N1JpT2V5a0FrTGMKIzpNe4dyCLuyKjjXjadZepRYvULr3j3i - 7SSwFgVvESj0aVwcGMW1swkhdb2evZgcghhrJpiK8kKIPrWEuFiCcw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VzFxUFNpUU5FZmMrYzZ6 + TnVCeG1zeVBqR0lXODRjcEhXdzBtMVlEd0VNCjQrZWo1aTNLMEJrR2hhNm5jWHdy + N3kremV0VWxac1ZBK0JQTWlNT1dvQU0KLS0tIENsUExNU3hIMHB2eUFOL1JubTln + N3ZHc2tWTEpsNFNTVTI5amtPR2RIT3MKUGszZcvd7k+62TPmQNDOFvtjGLegjyQ8 + NpCYsXRuIIJ9phzcyG0Iobf3uJBdNtXm2ujBGlY9TqwfIATygwJQjQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-11-28T23:33:37Z" mac: ENC[AES256_GCM,data:iw6m2XmdVgEvGeYQC9ORcaxu4p6kiYWJNWmkYPPOPLSn4xECgd8tmPlxUWHwiIEjDzD+Vi7atafW8eAtQg9T8s4mvV1Ovw7oBKzzGk3DqFKB9//myedBtIvntCYGDpBSXcVqK1iHKsG605fnY1CrzyRG5gi3xoub3AabcM8l8sQ=,iv:JdIKfELLUUG/2AzQx/uc+YaHhGNAb0sSiih3rDBkUjg=,tag:fqCMmnjIDACAzG+eiCCKrQ==,type:str] pgp: - - created_at: "2024-06-25T17:16:27Z" + - created_at: "2025-10-24T02:47:54Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA0av/duuklWYAQ/9HvPLB/e6HuyToEOpFyCdSdtuDAkX+3VwpBkxzknpk8h+ - bWF25vyVg13BcDtjrDuor7o/XSyk9tzpmsuoh58XWNDwfRNEoAJie4MWTt+ifVuA - teudWXazL/u2nKLgjP60sD5MD5g/wfeMEZDP8Mu14P33LbuZuf5rzXGi0OGEMQ7p - NsMDhSJevPTN6MZjegFevar44nErYtyBugDLjDQU/0EURPKE5FUmBedlZ6vvKNwV - w7gBa+5Ef6VS35QfB8lCVxyN86w736ELehmeGaKk9qvD5A8zFX2qUbml4OiuY+PZ - c8EQu1jVFZbAF3PXJPWf9KsO8XGnItYcQDaleW5AlF9ViB2k4w/1pTDJrh+7Chki - TL5u7XE9bQBcDKIA4TQNLQ7imQK1gldINvbpbky9eFltMR1w2fBAe1V69oUtdzpG - MQrnSEiuzL7np7i9Q6PFmASz47ZMTAdFVWsHtSyjdNbMmgkDSpz7ffPJfXvXvL6U - 5zqAWFxUpKz5tjfu9lYWElhBiui0gL9+lfqCDWd/GmAG2wRU8/EKdTyk5ZLD3/mP - QJ63Jo73QP55fpfXriAd6o1lcPzhrPQfU9h30rxyA1LZvOeK4Vrl/4CW7gI4h25p - j+8mby4I7aPLX2FB6mFUdU1IY+Q3l4K1h8VWjXwlwwInncXQ764AsnySxi52UuXS - XgG5Ko7TRHW0oZRPMyURxnfgjkpV0JTsJGa8R3vz+35fqCQlC8Dg5FEiZz9ouEjc - F8eikJFSfhQ5Go6PkdH/Hv7kE1yK/wTPrQr5dd0vit5CS0x4v0T123DwstG2BMQ= - =aJWz + hQIMA0av/duuklWYAQ/+I181WvaC0w3R6MyGCeykqxs4Hz8iOR1vPy7doxtl7LkJ + itVZf9mhZ3Q7emd0JtyuKeTf1jKOF5o6H2Pt3nLXyzPYvtcwggfYCqA+B5yCkcuT + 5PljAcqlyCHw1qFZss0SLAH9XSgmbGNulTDhKKPP/a3DGB/vEJYPuKSnDgYpTs+7 + a+kilBkbVDB8DMZyKpT6KWRYVSZINcp95fBa7saXCs8T+PiQ3jZWixayXpNPuukL + VzDTA6EZNvc2+8kZFzmYu2QQkY7DKC6S4qCOCrSZkpzR7h57GcRs8PfPkhG9tp13 + wQJvsY7/3WLm+FuFXgl2avkVa93UEuALkuO0C2CmDxO46LGfkxaxexHOZ4TBXN2Z + J1d/yA715nyyB00YzI4azjxY8XUN7/avbnvV1iYiO+oHSi56vCKX0fF/ehiyK3AT + BgEb//bgM3nQdnICH7qMI3GqFaIF9IUErs338QX5ADfV4AJ4SLwqN5OGlLX9E2dL + rxHAIbHRbPYpkRZKwM+n4jzT9EcTsjtM36f2NDhL2kpRivP5S6rSpDNYX94i4gLO + mumZs5hQpSNXykFrOWfEVgukZeiB211u/oaiyVFLiB9+FPuZJEi4qIgwx2/ru5NT + UQP4YeOT/zrvDHIdRBTs8LFnXcXXcU0LKjcZun35m9Xw+5eKdry6/tA7qBYcNmfS + XgHfTIfTZqZnm3Du6QIHPalKHuZup0R2dBeMoABcK87WTdfKl3oR411KVGi1vwTx + w3ISB8LkN8sfuZt20dR/4aLh9/ZA0SZxfuxQIBg9mAV7WUJx64MYw00vpd5IL5Q= + =iRoX -----END PGP MESSAGE----- fp: F7D37890228A907440E1FD4846B9228E814A2AAC unencrypted_suffix: _unencrypted