agenix: migrate nuc

This commit is contained in:
Rouven Seifert 2023-11-16 14:40:40 +01:00
parent 517f03c86e
commit 3c5095f144
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
17 changed files with 60 additions and 144 deletions

View file

@ -1,28 +1,14 @@
keys: keys:
- &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6 - &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6
- &thinkpad age1ejusm7c5smk5r0lcu7yynudrqc6j63pcyk9m4uh23f8kqd84cfqs88hjl6
- &nuc age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00
- &falkenstein-1 age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3 - &falkenstein-1 age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3
creation_rules: creation_rules:
- path_regex: secrets/thinkpad\.yaml$
key_groups:
- pgp:
- *yubi
age:
- *thinkpad
- path_regex: secrets/rouven\.yaml$ - path_regex: secrets/rouven\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *yubi - *yubi
age: age:
- *rouven - *rouven
- path_regex: secrets/nuc\.yaml$
key_groups:
- pgp:
- *yubi
age:
- *nuc
- path_regex: secrets/falkenstein-1\.yaml$ - path_regex: secrets/falkenstein-1\.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -86,7 +86,6 @@
./users/rouven ./users/rouven
nixos-hardware.nixosModules.common-pc-laptop-ssd nixos-hardware.nixosModules.common-pc-laptop-ssd
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
agenix.nixosModules.default agenix.nixosModules.default
nix-index-database.nixosModules.nix-index nix-index-database.nixosModules.nix-index
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
@ -112,8 +111,7 @@
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
./hosts/nuc ./hosts/nuc
./shared ./shared
./shared/sops.nix agenix.nixosModules.default
sops-nix.nixosModules.sops
{ {
nixpkgs.overlays = [ self.overlays.default ]; nixpkgs.overlays = [ self.overlays.default ];
} }

View file

@ -25,11 +25,6 @@
systemd.package = pkgs.systemd.override { withHomed = false; }; systemd.package = pkgs.systemd.override { withHomed = false; };
services.btrfs.autoScrub.enable = true; services.btrfs.autoScrub.enable = true;
sops.secrets."store/secretkey" = { };
nix.extraOptions = ''
secret-key-files = ${config.sops.secrets."store/secretkey".path}
'';
environment.persistence."/nix/persist/system" = { environment.persistence."/nix/persist/system" = {
directories = [ directories = [
"/etc/ssh" "/etc/ssh"
@ -41,9 +36,7 @@
"/etc/machine-id" "/etc/machine-id"
]; ];
}; };
# impermanence fixes age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
sops.gnupg.sshKeyPaths = lib.mkForce [ ];
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";

View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
sops.secrets."borg/passphrase" = { }; age.secrets."borg/passphrase" = {
file = ../../../../secrets/nuc/borg/passphrase.age;
};
environment.systemPackages = [ pkgs.borgbackup ]; environment.systemPackages = [ pkgs.borgbackup ];
fileSystems."/mnt/backup" = fileSystems."/mnt/backup" =
{ {
@ -23,7 +25,7 @@
path = "/mnt/backup/nuc"; path = "/mnt/backup/nuc";
} }
]; ];
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}"; encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
compression = "lz4"; compression = "lz4";
keep_daily = 7; keep_daily = 7;
keep_weekly = 4; keep_weekly = 4;

View file

@ -4,12 +4,13 @@ let
in in
{ {
sops.secrets = { age.secrets = {
"matrix/shared_secret" = { "matrix/shared" = {
file = ../../../../secrets/nuc/matrix/shared.age;
owner = config.systemd.services.matrix-synapse.serviceConfig.User; owner = config.systemd.services.matrix-synapse.serviceConfig.User;
}; };
"matrix/sync/environment" = { "matrix/sync" = {
# owner = "matrix-sliding-sync"; file = ../../../../secrets/nuc/matrix/sync.age;
}; };
}; };
@ -25,7 +26,7 @@ in
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
configureRedisLocally = true; configureRedisLocally = true;
extraConfigFiles = [ config.sops.secrets."matrix/shared_secret".path ]; extraConfigFiles = [ config.age.secrets."matrix/shared".path ];
settings = { settings = {
server_name = config.networking.domain; server_name = config.networking.domain;
@ -47,7 +48,7 @@ in
settings = { settings = {
SYNCV3_SERVER = "https://${domain}"; SYNCV3_SERVER = "https://${domain}";
}; };
environmentFile = config.sops.secrets."matrix/sync/environment".path; environmentFile = config.age.secrets."matrix/sync".path;
}; };
}; };

View file

@ -3,8 +3,9 @@ let
domain = "nextcloud.${config.networking.domain}"; domain = "nextcloud.${config.networking.domain}";
in in
{ {
sops.secrets = { age.secrets = {
"nextcloud/adminpass" = { "nextcloud/adminpass" = {
file = ../../../../secrets/nuc/nextcloud/adminpass.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
}; };
@ -21,7 +22,7 @@ in
dbuser = "nextcloud"; dbuser = "nextcloud";
dbhost = "/run/postgresql"; dbhost = "/run/postgresql";
dbname = "nextcloud"; dbname = "nextcloud";
adminpassFile = config.sops.secrets."nextcloud/adminpass".path; adminpassFile = config.age.secrets."nextcloud/adminpass".path;
adminuser = "rouven"; adminuser = "rouven";
}; };
}; };

View file

@ -3,11 +3,14 @@ let
domain = "vault.${config.networking.domain}"; domain = "vault.${config.networking.domain}";
in in
{ {
sops.secrets."vaultwarden/env".owner = "vaultwarden"; age.secrets.vaultwarden = {
file = ../../../../secrets/nuc/vaultwarden.age;
owner = "vaultwarden";
};
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
dbBackend = "postgresql"; dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden/env".path; environmentFile = config.age.secrets.vaultwarden.path;
config = { config = {
domain = "https://${domain}"; domain = "https://${domain}";
signupsAllowed = false; signupsAllowed = false;

View file

@ -48,9 +48,6 @@
"/etc/machine-id" "/etc/machine-id"
]; ];
}; };
# impermanence fixes
# sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
# sops.gnupg.sshKeyPaths = lib.mkForce [ ];
age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";

View file

@ -5,10 +5,19 @@ let
rouven = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP"; rouven = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP";
in in
{ {
# thinkpad
"secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/borg/passphrase.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/borg/passphrase.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/borg/key.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/borg/key.age".publicKeys = [ rouven thinkpad ];
# nuc
"secrets/nuc/nextcloud/adminpass.age".publicKeys = [ rouven nuc ];
"secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ];
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
} }

View file

@ -1,54 +0,0 @@
store:
secretkey: ENC[AES256_GCM,data:mfqSl4ZPML3eAQ0txmbjNcIlDSL/z4b6ot4tzzC4E929nTNTNa/K9e56UpSKpG+ybRM4gTdaAJYpXbkVia4OdoWkYaBoHeQqOzEHcWBPxHLFILkotbRQ8NZx7K1y/NyE,iv:bWRx/W7c4kXUj2XKSNkLYPkvd8S+/CYW3UoztTzQ/ZE=,tag:UYgFx6vVNCU2E+V5BzS2kA==,type:str]
publickey_unencrypted: nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc=
nextcloud:
adminpass: ENC[AES256_GCM,data:lfx7t/ewN23/O0qvSVHrX70W4NygAA0zTA==,iv:Px32DXH8BKQphldeW3CdJjRCXnmMgRx6g0YWZ6ON/pY=,tag:3Effg1hKNNlp+intUEmzxQ==,type:str]
matrix:
shared_secret: ENC[AES256_GCM,data:bX2RC82xNOYnN4cLewLw/t+sN7+1AjwoglmBZitkDyJThBdxM8UA3aa4KiAx4KQmR8d22VXAILank42CtM5Kl5S33mIwCri4wTBq7ZU7mKwjCQi2cMgLuZp3S6g=,iv:s2YKMHa3SZBwwAvFcYBfWnhP5mKlh7QADGabQPjtgTs=,tag:HnYZr8/snufw/RGKM9Bl5Q==,type:str]
sync:
environment: ENC[AES256_GCM,data:9KXJJmu7ruzndHs0QRZUH4SUBdensMad1BMJ4ztmR2IQkNDT8HxJaFSeGdaNJSo8rpj7NxyOD4MrxHJKe+Jjf2OvmZD0h/vyhURX0TZIRg==,iv:CdR+KzvqzdpcqBLNYSWmATFXrbgYw3Z8ZsC3L/E8+Ig=,tag:9iiL8BYPZ7sJeBbcUnkAqQ==,type:str]
vaultwarden:
env: ENC[AES256_GCM,data:LZ/geI1sqA6BgFqSYNpDlNm9tn0GVKyHcbsJJoWDs89MUjEgrk7QBK1VighKQkmW+4xJqqruLfDkrNMmsSQdyWXNISawuw==,iv:ukh3ggqJ1R8DqQQDad86QoKbpHBG5mTBx7oKWbgnrZg=,tag:PlYKW5jtYVCrjAWideG1Dg==,type:str]
borg:
passphrase: ENC[AES256_GCM,data:TGs4J64BmfpHi3PljOlfugoCzC21zg==,iv:Z3TyijL/0Ku7Ttx3+wLloUOS8ihA677nY/QTVC4eZwQ=,tag:yZrFkEKd9XtiT+BEX1Q6Yw==,type:str]
key: ENC[AES256_GCM,data:Lcm8DLgp00HZj8krqXkwaPhq/S0ppQOJADYa6ULESqjYGsu8gPU7rlQ22GSDTLZ7F2HW6eU5V/9lobaBesMSJ2U+1GgcKkDmsmlz89H3sctFzrCB6dPMABiOZX1V/dplFX2jp7AXagwYDqEYT1vZi8IEMcNxaGSTFyb0W5zwj3+8wL6eTQYHyYRIrGj19/XuYOh42v+t6jBBrcdzsnBb6F8BYeBKaqYA5iBQJZGxH0mrSCCelBXz5CcsH5GIh6GAbkYLC4Zg7HQuZl6w0IvjgqKMsXfWROMtLCYih86gLioZdDn5qdwMOPqmGWR4nxH9ABjfunR9fSjdtt/aeg9Iz3/sAGbjUfMoUCYqmUVox0FnuT0H/3OjChI/EFFGtOM5ZLSz1CSJ/VyyRmrvtDcTu2aXCvbRYuhXIWRLtOmVPUsNqNXyZnPx49/no3ilgttKJTQkv5A6NTwgmXSh5UMaz7Y6VFnXZlapfocJwihw5NwHHBm7VaxI6871eUwQefljMeaQK+iW3BMeP+eIA/SRX2U67xywsLzHy6esC4UIySXVHVMuNTkoImsJ8zxJYmkIue1vF5S+21M5ajFfCBXI6+Kof6iQxz8kiqDx4rchzy2cV9462BLKFCH//To3aQVrovtCx9dZNk55TYXmpqn0gV9IG6vpl8bt2zKzqfnyg5CSGoUnzvUZ8LongfVeyk6vu617Ye8jQCUU5vmhrfCWeH3nfCwXCRHwMHp+7Ie8ykjJUPUrUxZw1YuMo79X4WDPU2ctNz18Gq+Dni94FOL4eKXxlKcTpVUI1N5DFhb3eV6LoKyJ6GJB6Lf/Y1WbWwHS3QoVn3GIPBKdcy+zCBTqXrO1I+6E/cIEJ0OeMU50AuehLW7iuqlfjDn/MRRtLYcitE7jdwjLkifz1hteSvp/O3EdvlxyNmpAfVp6knidwCZDxVX3qMmIVTewi1Tq4C8XHbR9GTGv1FmPPwvfuRCL9M63T+lv5GB26WYfjQqrH8qPfH7DkUTgoX8pPfVTg5Fe4iBmTpDf3GrCNgVihyYC3loMAWRUvNEv7Jgyk1+P4fDE3MIFlv8uOUU6Ckiy,iv:ce7LXzs+YowBByyz4mQeBZHElLdRs4ifteheNYuYvRU=,tag:9g6J6gdQ0cmpAF9E/SPPeA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaHE4OTN3YXJvL0ZBb2lL
ZkFiTmN4bEtCaEpxZlJKVGs3Zlgyc2lnSGdzCmNScE9IeGMyVTVXOTZoblhWVGZO
cVE1emliN0N2L0JzMU1hVjVZL2FFS2sKLS0tIG9FNlZ6TTBHT2hMNjhRVWdCTFBw
V3l5WVZhL1dVMUxoV1NYdFhVaElYUU0KtYzj7r6+/j2Sqo7AiVdPPKBqsFBiefpj
4nOJD81tJYMqh7deydKFB1kEYOX4HJ9HfQURzcdbhgWbUv6xys2eyg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T07:53:01Z"
mac: ENC[AES256_GCM,data:GXCw/3DxrOXrxnORd/5d5eG8Gp9Ds0x9BKzgSpwARWpZosj0zXA2yXAax42MSM3Yom3DwC+sWp1Gi9Gbj6db+8dGUhs6bADtukVD3l09f0/U49CKtCuut/u6uFhz6QWTmY24sVbGWXFx/SF8TFopmDkgcelJHBA191exbCCAglo=,iv:Oztg9GbA0cnUMF5vHrk/+Ha1rRH6qKaB4nQNN0hlpJw=,tag:jlfFY+zMa4Gv/SvICq128A==,type:str]
pgp:
- created_at: "2023-06-12T13:53:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLAQ//S+sWiRzpTzfmCpM00k2bokPu9npV6ntJdQOXR3BDDfu3
fLN5bFdtbMdTuKur7Ft7a1fqIYlBdgbP4+L7u05Y+A6/LC+u4V+q20mGlD7JGcgm
/CwMW157dT4rHKZqa4oy7F1WFtFJHL4YOIr4of0eU4i7pipNmzcXLqm3Tt2Ls/0i
bshHFPYQK75EOWb6BoZG+s0H2+4JyAN05FKX7/q6QdY6Rm+UOMWje8COalfruEB2
OFy5Mf+zM4rWwialaQW6KVArDfV0gTZ6JVxRl1n0ADwOYMCqpYc6fxDGcmgFLQ5n
H2U93htxSVYwELYViNDwu8b0DTmVyuLSYIO4+6H9WC26/T7EBC7bTpH0JxPi7d65
DbZ796q0Ryb3Nxth/NXOcEHBwiUZLSkrCqGC0s5cfk+NX4udJW8sVHjpNN0UalqK
mM9dgKsCGNwNs6LV31o3ML7Z8SIRvk3J7ubwbS+HCYJOM8WgnTA+qCNIGLrFjgfM
kAcMmADr0UTuY+6n3v1ugkuJaMUgRGH0RXXISZhabOignxkBsHmruzrUQNl3MNps
PDmqxFlLsoansgSG8pUuRHCK8WNoFScmcPl5hN7uc709PHjrnzLUq4kKRIauocqJ
UCc63XJAUy6Sy3bwgM/7GazGQRn4NCdWPCds38B3w1FREde7RglnsFibsr19Y+3S
UQHJ1Fs0cum+WOy+kzl0jSm9Eumqg6x4eCQYZYhG+s6xW2CvKWGIPZTNeWkE1adF
0522Mb8J6VimqF6qwH9WGomL3P9IEJ8km483JlW0rm1frw==
=GU3+
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted
version: 3.8.0

BIN
secrets/nuc/borg/key.age Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo
T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8
-> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno
TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A
-> U1M[E6m-grease US!+ :Hx\j7A K
7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX
sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ
--- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ
\4À‹±¼µƒOÒ <0B>ˆM©•_è@… Œ¾aÅ€@ã6¦³½ï[×XCͦ챞|<7C>|"£–—¢ ÷z<C3B7>OÆ”!:>xMH( KBóy¼Z 1ù*“]‰d|ýÀ¦l?þ t·¹öE_:

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ 04CqSy3PpePLQ60Ky55Bxtytnj4t+Wz5X9qZxaSWyDs
QM8jHjiXvx70ZokFiuwSnkfI3De3t3cQwFf2zezYc74
-> ssh-ed25519 2TRdXg wUXwM0JL1YjeQvIUGzoZhhQ4WBu9HwmMbOfsTj918E0
XlNUno46LV1LD1ni3DAhDL+MwBUtZYUEjgMWjiCy03Y
-> _yK#P&-grease x|25 "[ Eg]|<,
3fuuF3W/4MbQthuHpYwMSdh0QEgIi9OILjM3oXyNzVjbPdN99NvEJ+nYYuh3FDGP
vp02QsTygDBMaZBDtSBYGdQ
--- CvrR1mOa9m1ovX66PoB/1qi+fqMCyt4/6jrdnsoZKuo
1*JùÒ[LÇøt˜i5å§fbŒ[B£Ä%èΠ1¡§35ÙÜÅÖijPÈ#ÿÉqšs&ˆ,<2C><07>”€

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ g7NPxuCparuO0tHg0kedeTgIYePFbrc6THp0sf+cbmY
YXTDC15Ljm+3o8e0s4IgQ9eNo0DNjN7epZ2v/3F+qeM
-> ssh-ed25519 2TRdXg W/rHOrVkQzPCNBCu6J2xsv4/yzsigwT/SM9FxHjaQAc
MI5WNlIzZPTLPetLfCcb76NDtJ+7mSN8UqXQklKv3hc
-> h`3/'SH-grease e|&qg 0Uy{ M5&
yZLdOHycHkENvjuF9S2UjE+dC8TpbZMrjor8qpwK3BhU3Wb+q9eDYeiXZKDMACRu
XeuCVT8NhzfzcFjMlM8A8sa6o5kAcqzkZ6ot2P2y2SXJc/1rYGxAtBc
--- 4bp3vaQZU2PFvto5mtSU68xh1nTR7FIUv3EF2VqrUYQ
½ÉºkQZÖoo˜µÊ\ó—õ…ôÜOÛÈá£eu=ʧCì 5¨‰Z'•%±Ë¨¹Å4CV°é"ƒ÷~>qÌ” ­Íþˆä,-ð—%›´º·zi?}vñæ÷t<C3B7>jÞÒA£k?

View file

@ -1,50 +0,0 @@
wireless-env: ENC[AES256_GCM,data:IbvDlDV5Yg4rqqo5JIzX3eyR4c37BGsqzejBHvSWjk81hfxblhL2cBZcw1hlXW7Q5zjaD0eP9akdqG1RzhdH3iaIhaIVKO8LrXsbYI7fyG3OHCxZYZZ+5QA0LnASi9QD5Olxo0b0RIdomUehnWfTegBiVi8QshrfN+G1HOWL1YxuTv67DWMnA1/XCMOgYpznYS8wzRy7VM9PQWYYISqzoFbl1QIxTJEEVKEL529NzM7TBd4YU+NpcV/TQpy5qQ7F7hSVPxXx/m4RN+Km3EbM1q8Nr0Bckjc7GeDK/P0959ofSzwBzvQyZuQ3WrALqroI21wxQHO3HgDWJlPu7+aRTxPXE2SQka7gqDK4UnZU0GBxDRFi9GKWjhAsqQyKuRH6do9b,iv:t42Gu9j+Qe9TCnjbeH6o4pz1cc1IYHZoHbWOrfIpazA=,tag:68UhGtmx3gH0n9hTO1xalQ==,type:str]
uni:
zih: ENC[AES256_GCM,data:toYEAmGZPwwV7seHcC4oCvS3Q3FFxQ==,iv:iGvVTZstsebStrD40J6cULFg/I31ynHogYjl9irW0nI=,tag:zeoo2uFTcsL25mNwG2ZjHA==,type:str]
wireguard:
dorm:
private: ENC[AES256_GCM,data:qZ8HCTv14z3+2AL1dHLd60MVUsUV458QdQteZJYQLVC1KMlzGe7KbgM1U8c=,iv:HMGxB4l7D/PL5Xt8A6jKIejJRL0QZF3x3eb2BtttXWM=,tag:KDyQWfk2EO5AR997JKdW+Q==,type:str]
preshared: ENC[AES256_GCM,data:5nEsJczcv6yl/0vQQYruv/di+qzrPNX4iAqZ/khXBZTh+095QNv5iStG7e0=,iv:pJof85k/bXuD04VvpSyn75uzvibGJ5h4HZOMta24FBk=,tag:YZ5SsLgkqaHLVU8tgvvhTw==,type:str]
borg:
passphrase: ENC[AES256_GCM,data:jhn7XwzEai+MISQpMnUDre6nJg6Gtx7B,iv:B7CDuHICxcnQJCY5fECTyAeSqh2YEmVqiCrzklmCF8w=,tag:DdtVluSE9ot2BiYtq0eUNg==,type:str]
key: ENC[AES256_GCM,data:rce8JHkx8JU83MJKYkMG9ylv1FdIbwSbKzD4JXxU+BEsHMGIHmqy95OASYasKRFJ8VjXiMoJbz2BtS6A5xcBbAKqrHx+ejgQ1qA70x7HFBMebRkBHZYP8n5p4zb2a+wD4pBKCHP2U3qq7A6ywU/2eVwNUPIqrJpTZ4VDxXZGpiz1KhDc60ryqzBZHZHX5QBLLQX+YWkNKd2P25+bZ1ub16VVGVUKA2VNK9prkD4vEtCbVZl/HjjS08bBwUzCvDxGRyqFPB6wtdE+L5tn5hY3/9A2lq0fisjo9tf6+XC8uH2gjgNjE+kzBqBLBk+974OI9BGRrx5mjIhSrx9HVDN/p10vAF7nuQeInIdH5P6vTfu5mEmwF8h6VoJ9UwDeuz82m+XwfvCRVSZh+nV5c7hMYEF255gEOt146BMXkJf2tKE+dBb2J/zr7zI5zHm9PcaDN5/Y57XCdDww2DQzxSCpleXcJhJl4xw3SXRNyZsnhD62INPzlF/ZSroj6QhDFJhDhLWcK7dGlQWgR6YbEiY0iJPNjAB/MeCv6jodyj6xlLBCcwEp8RA+dVIJxDVElFRTSAdmW0b/co3BeyEnjF1k8lExkUpyoVC1qWxanytlVM2lPy9//6iocQcniAFSQBMi9U89BRONMuopFZMGRc3/uEqnvoBq2GHVgj2xtc7R9fLyAOXw8jG+mT06XBNtrVWbjkY3Wl1A6n/rZ2y4No2rISm1PwQidPpNaiUYZJyccB7PZKY4F/E49n3jV3fmg2l/D33PRl347MhRg4Ae6itWc4uzU8/D3xU1LWe9W4AUTHYflpzlQ+xbLNCC4f3NQMbkxNDsks1MePuBW15erUaahsdkcoeqL7D/ry7NtOb1vk5cS181/IVL1F2MFGa/7Jk3b9RpvIByF9qIbR+I2noaSymPfTGDXHkC5urfUSMojzOxzm5dayBGuvHMkoCjfyIv47ZqyYegW1fM/DPn/bo+ck84zYQuj3zJY5ph/A3g7KcwVYNWRs7XQtSYyKm9Ytf2TKBaZBdIlqq2RJIQ0iHiN5W1OCRgKPEk6u9HvxTte7tqTLiV+aJ8vy9235Q=,iv:vRfpAtZoOAfTFLHdLYSUzftX1OaEr5cdm6L4FOKuFUE=,tag:TRpS0iMdU8wIFIBSkLtyJA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ejusm7c5smk5r0lcu7yynudrqc6j63pcyk9m4uh23f8kqd84cfqs88hjl6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ3BTZ1ZiMGozVUhFUDYx
UFhUV1Q5YzVuR1N1V25WckpMV3Fod2hmejJVCmRnQjRUMmhVbll6b0N2TmJOSFVF
cHNiK3NVSkJyUjAzMkNXWTNYejBsbUkKLS0tIFRMWXRac1lzZ3dvb1BxTExucDNh
YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB
PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-10T22:08:45Z"
mac: ENC[AES256_GCM,data:77bQVALWGfVS9/KXc6B2kQAGiPgcoIepyaJfIckimhMPUe8qiwypn1n0S+RD46alXq7yPTiYACRdTZVvBoEO2eNxdYH8Lha4k2WWBlfucyosfrw/CdzegQ0hGo12JYukDChHRuf7RRjmrvTZ/o4EBFOJoElhtW3Kq0PQLFewPTI=,iv:6HEiVBwwATGmUomKmBkBmk5nRGkhSVJu89foTthw++o=,tag:Zkf6Ljqhn9Tle44BfF2QEA==,type:str]
pgp:
- created_at: "2023-08-02T14:13:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLAQ//VVEf2kjskLK9GCYh0d51LrosaUAutDYvG/QKUqO7o1HQ
vXYHjSo6A927Z3uWPCEgJBufMgAEen/VNOLC/3nZ94Qb18ORLpvWYr3xFL6uQuGF
/8l2r0MMCkulClJDkwEd/BR2wp/VEwVnlAk22EYuGqn1xbp7IO48YMpMG1qSNcZ0
4BaXgkVfe11fB4mv5FGN3D6EA1PvXNBt5Fx64AUv6AqJRlkpjOmrpm88gPOuKQ4a
vwcqZnP7ryWGTJ+IFeKYDxUFYMhq0Dm+xvkfER5py9qIy3D/5rcG4kl73I+5sN+2
hN9/pmGEzi5EkHmkyRBSZ1oqLDlW/lXa3FcuAyjMRzU1sGesJLiDW7P8pTdVb63a
o+rVaj78V0dk7TZ3bIteJ/sMzZBM5z3h4hXIvyyhA5aiuw48FcPRqChdlbI6rDRJ
ZRlh0uYJdtGN1nqln24Do+Dp40pvceZCJbzxJjI9MZyQY3G3ilTTKSVt8V4+XRYr
89jffQEYH1qA0HmPP8QvrW3dRHsPYRsZgLNco8yOqOj6wdL/QqTfQLI7uZKtNBOt
M7rVKpcmCBoMBlc95qALI+v6eh21AbTMYkblWAEf36ufjyOTwWqh1lfl9UI/MwMD
vLJ9Z+UxP1GLRwz2kh5vr3b+6FKIahUuWsNH+MhaTYqCo4rzzXpIFYeB9Gcut/XS
UQHQajWoKDl/Gd/VOZHZWZEuNKz+3TzJzhVIY/RoI7QvhZipAIH+/UflEUcSEHP2
p20IEABHoFu38njZquAMRQoEljIl8T9bc4DxTrnWjoz4JA==
=1/wz
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted
version: 3.8.1