commit faec0a9026cb104207fb7120b0b577a89c210998 Author: Aleksandr Date: Mon Aug 5 20:53:43 2024 +0300 Initial commit diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..5da449c --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &lil-maid age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *lil-maid diff --git a/README.md b/README.md new file mode 100644 index 0000000..a94658f --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +# NixOS + +My nixos configuration. Heavily refactored. + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..2b56c95 --- /dev/null +++ b/flake.lock @@ -0,0 +1,86 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722630065, + "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "afc892db74d65042031a093adb6010c4c3378422", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1722630782, + "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d04953086551086b44b6f3c6b7eeb26294f207da", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..4833299 --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "nixos"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs: + let + options = { + inherit inputs; + modules = ./modules; + }; + in + { + nixosConfigurations = { + lil-maid = import machines/lil-maid options; + maid = import machines/maid options; + }; + }; +} diff --git a/keys/lil-maid_nero.pub b/keys/lil-maid_nero.pub new file mode 100644 index 0000000..4b1142b --- /dev/null +++ b/keys/lil-maid_nero.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid diff --git a/machines/lil-maid/configuration.nix b/machines/lil-maid/configuration.nix new file mode 100644 index 0000000..eb31a1b --- /dev/null +++ b/machines/lil-maid/configuration.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + time.timeZone = "Europe/Moscow"; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen; + + system.stateVersion = "24.05"; +} diff --git a/machines/lil-maid/default.nix b/machines/lil-maid/default.nix new file mode 100644 index 0000000..ff5fa2d --- /dev/null +++ b/machines/lil-maid/default.nix @@ -0,0 +1,14 @@ +{ inputs +, modules +, ... }: +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + inputs.home-manager.nixosModules.home-manager + modules + + ./configuration.nix + ./hardware + ./modules + ]; +} diff --git a/machines/lil-maid/hardware/bluetooth.nix b/machines/lil-maid/hardware/bluetooth.nix new file mode 100644 index 0000000..976908c --- /dev/null +++ b/machines/lil-maid/hardware/bluetooth.nix @@ -0,0 +1,3 @@ +{ + # TODO +} diff --git a/machines/lil-maid/hardware/configuration.nix b/machines/lil-maid/hardware/configuration.nix new file mode 100644 index 0000000..69682fd --- /dev/null +++ b/machines/lil-maid/hardware/configuration.nix @@ -0,0 +1,33 @@ + +{ config, lib, modulesPath, ... }: +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-label/nixos"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; +} diff --git a/machines/lil-maid/hardware/default.nix b/machines/lil-maid/hardware/default.nix new file mode 100644 index 0000000..d341eb9 --- /dev/null +++ b/machines/lil-maid/hardware/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./configuration.nix + ./bluetooth.nix + ]; +} diff --git a/machines/lil-maid/modules/default.nix b/machines/lil-maid/modules/default.nix new file mode 100644 index 0000000..8b526bb --- /dev/null +++ b/machines/lil-maid/modules/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./network + ./graphics.nix + ./sops.nix + ]; +} diff --git a/machines/lil-maid/modules/graphics.nix b/machines/lil-maid/modules/graphics.nix new file mode 100644 index 0000000..2d569b6 --- /dev/null +++ b/machines/lil-maid/modules/graphics.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services.desktopManager.plasma6 = { + enable = true; + }; + services.displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + + services.xserver.xkb.layout = "us"; + + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + plasma-browser-integration + konsole + oxygen + ]; +} diff --git a/machines/lil-maid/modules/network/default.nix b/machines/lil-maid/modules/network/default.nix new file mode 100644 index 0000000..3f3463d --- /dev/null +++ b/machines/lil-maid/modules/network/default.nix @@ -0,0 +1,16 @@ +{ + imports = [ + ./firewall.nix + ./ssh.nix + + ./vpn + ]; + + networking.networkmanager.enable = true; + + networking.search = [ + "8.8.8.8" + "8.8.4.4" + ]; + networking.hostName = "lil-maid"; +} diff --git a/machines/lil-maid/modules/network/firewall.nix b/machines/lil-maid/modules/network/firewall.nix new file mode 100644 index 0000000..a4472d7 --- /dev/null +++ b/machines/lil-maid/modules/network/firewall.nix @@ -0,0 +1,5 @@ +{ + networking.firewall = { + enable = true; + }; +} diff --git a/machines/lil-maid/modules/network/ssh.nix b/machines/lil-maid/modules/network/ssh.nix new file mode 100644 index 0000000..68c8e30 --- /dev/null +++ b/machines/lil-maid/modules/network/ssh.nix @@ -0,0 +1,9 @@ +{ + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + Compression = "yes"; + }; + }; +} diff --git a/machines/lil-maid/modules/network/vpn/default.nix b/machines/lil-maid/modules/network/vpn/default.nix new file mode 100644 index 0000000..c22db59 --- /dev/null +++ b/machines/lil-maid/modules/network/vpn/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./hft.nix + ]; +} diff --git a/machines/lil-maid/modules/network/vpn/hft.nix b/machines/lil-maid/modules/network/vpn/hft.nix new file mode 100644 index 0000000..df5a879 --- /dev/null +++ b/machines/lil-maid/modules/network/vpn/hft.nix @@ -0,0 +1,4 @@ +{ config, ... }: +{ + systemd.services.openvpn-hft.wants = [ "shadowsocks-hft.service" ]; +} diff --git a/machines/lil-maid/modules/sops.nix b/machines/lil-maid/modules/sops.nix new file mode 100644 index 0000000..b0c53ba --- /dev/null +++ b/machines/lil-maid/modules/sops.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ../../../modules/sops.nix + ]; + maid.sops = { + work.enable = true; + viendesu.enable = true; + }; +} diff --git a/machines/maid/default.nix b/machines/maid/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..40c46d8 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./sops.nix + ./vpn + ./users + ]; +} diff --git a/modules/sops.nix b/modules/sops.nix new file mode 100644 index 0000000..72f87e5 --- /dev/null +++ b/modules/sops.nix @@ -0,0 +1,26 @@ +{ lib, config, ... }: +let + sops = config.maid.sops; +in +{ + options = { + maid = { + sops = { + work.enable = lib.mkEnableOption "work secrets"; + viendesu.enable = lib.mkEnableOption "VienDesu! secrets"; + }; + }; + }; + + config.sops.secrets = lib.mkMerge [ + (lib.mkIf sops.work.enable { + "work/vpn/ovpn" = {}; + "work/vpn/shadowsocks" = {}; + "work/vpn/password" = {}; + }) + (lib.mkIf sops.viendesu.enable { + "shadowsocks/gneg" = {}; + "shadowsocks/yor" = {}; + }) + ]; +} diff --git a/modules/users/default.nix b/modules/users/default.nix new file mode 100644 index 0000000..7e53ed6 --- /dev/null +++ b/modules/users/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./nero.nix + ]; +} diff --git a/modules/users/nero.nix b/modules/users/nero.nix new file mode 100644 index 0000000..fca8fd3 --- /dev/null +++ b/modules/users/nero.nix @@ -0,0 +1,39 @@ +{ lib, config, ... }: +let + types = lib.types; +in +{ + options.maid.masters.nero = { + enable = lib.mkEnableOption "Nero user"; + hashedPasswordFile = lib.mkOption { + type = types.str; + }; + groups = lib.mkOption { + type = types.listOf types.str; + default = [ "wheel" "docker" "networkmanager" ]; + }; + uid = lib.mkOption { + type = types.int; + default = 1337; + }; + authorizedKeys = lib.mkOption { + type = types.listOf lib.str; + default = []; + }; + }; + + config = lib.mkIf config.maid.masters.nero.enable ( + let + nero = config.maid.masters.nero; + in + { + users.users.nero = { + isNormalUser = true; + uid = nero.uid; + openssh.authorizedKeys.keys = nero.authorizedKeys; + + hashedPasswordFile = nero.hashedPasswordFile; + }; + } + ); +} diff --git a/modules/vpn/default.nix b/modules/vpn/default.nix new file mode 100644 index 0000000..c22db59 --- /dev/null +++ b/modules/vpn/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./hft.nix + ]; +} diff --git a/modules/vpn/hft.nix b/modules/vpn/hft.nix new file mode 100644 index 0000000..c585e7d --- /dev/null +++ b/modules/vpn/hft.nix @@ -0,0 +1,59 @@ +{ pkgs, lib, config, ... }: +let + types = lib.types; +in +{ + options.maid.vpn.hft = { + enable = lib.mkEnableOption "HFT-OpenVPN server"; + shadowsocksConfigPath = lib.mkOption { + type = types.str; + description = "Shadowsocks config path"; + }; + name = lib.mkOption { + type = types.str; + description = "Name of the service"; + default = "hft"; + }; + configPath = lib.mkOption { + type = types.str; + description = "OpenVPN configuration file"; + }; + passwordFile = lib.mkOption { + type = types.str; + description = "OpenVPN certificate password"; + }; + autoStart = lib.mkOption { + type = types.bool; + default = false; + description = "Whether to start VPN on system start or not"; + }; + }; + + config = + let + hft = config.vpn.hft; + in + lib.mkIf hft.enable { + services.openvpn.servers."${hft.name}" = { + autoStart = hft.autoStart; + updateResolvConf = true; + + config = '' + config ${hft.configPath} + askpass ${hft.passwordFile} + ''; + }; + + systemd.services."openvpn-${hft.name}-shadowsocks" = { + wantedBy = [ "openvpn-${hft.name}.service" ]; + partOf = [ "openvpn-${hft.name}.service" ]; + after = [ "network.target" ]; + + description = "Corporate shadowsocks"; + serviceConfig = { + Type = "Simple"; + ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${hft.shadowsocksConfigPath}''; + }; + }; + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..2e0a520 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,31 @@ +users: + nero: + password: ENC[AES256_GCM,data:jeCnQxWnVC7d7XCKysbeGR2NzMPNYYva+GCdVV0vr9CAeoACVAWFn2+YfOJyKIndd9bAWayKm+cH4H8oCyX01YB0RPZVQ5KPn7vfmx/ZRy0iyiH5Jf+nQzWsO1LTp8b1G+VqW1rkaHIBUw==,iv:eHSiATFjJaHMr1h1dwGNXZGbsMa9Jd7ZPCYH7Hgx9xE=,tag:vumuZVlyZkvgn04L4OjFjw==,type:str] +shadowsocks: + gneg: ENC[AES256_GCM,data:rkePyYk4YkkEBsw4KlgTroXrXM/8LLL/tydlOvQhuAp4yts4MXB4COwuKIU0zXnBAoNrfjD7AEOTcL4qqm7XpxIIC8OpAj8bXsTrXaaiFR7zi4WQoZCrKc6z9tQ/ayA9Ur/BdEFEDWMpatfnjwLSJmM6MVmBjXXIUieHyYeIEMS4835OB4oBhYtk3famp1qTY3imIGRVVx8ht8GOtLog5vqEGQqjCNRsmKyGrdF3T7vkWr4jD0HfnxloNgHSgF0W,iv:h5upsrpsKyP77ChnY/Tp2CSQ9VLJ3JwpebfTSaRfvfQ=,tag:nmnxZX0c4Nd4tSFp5PugSg==,type:str] + yor: ENC[AES256_GCM,data:vKJm5K6bH8XSr6LZNMBL+xm+7KQksxXjbYcu8rtX/8KUWT93mgvQPIJ3jt77aVokQGh2WLTwWjFSznUlKHrIazQbycWRUXyGNW9JhH2y9V5Z6eKd4uMUg4fSVIRRL1s3fYWHJ4uCTDtiuc5igCLkXbAQnsHPIIZCoLF+gP3vEFCodovg2SvgDx06dZ5mbngzvb3rKn6I65nmVzFd5mxmU11ESrtxTDIS9+2nLkfK1Z7gwpKRNL22xtsyQabQyYXZbDSD,iv:UVUtyuDa5xOdbW+F1PBn9+mbxk6fiin2P3isHlccDk8=,tag:B+ptYDjR3Ua7LnIhdUMItA==,type:str] +work: + vpn: + ovpn: ENC[AES256_GCM,data:x+hQWgVN80KXrDZEh8bG/4vPWbGcaFsQ6ikTgitjsYwjdiKMG4YeF6no9WsjhS6durDgzB8MohQgea1qBJZcU5cAxneDUTWrrUPOxYau+HrMt+9kcLk7aXnTjraHqhzQRjGWoAHVippgBVkBJXbz/1um9PvTwXoyOeEn5um7MR0GMw4xKRq2t1cC9NnRoaHhvbdIX22iaeLpuz0HjhL4UU4nbWBdHsrsRDLHXKZ7MdxXzUJdTIXgpBAX3+Y0BYmceibYacSjFyVZlwsM7NLJQlJs5rmwGLHXznih2E6UoVObegO7/wQF2d3Z2+wd18lumCM1FBh6eBw85BC4SoZFNXZ3whkcrtcp//n9cLR2/XvMt0oJatNQgjkiIu6sID8JSpfT1rlgS5YbdbYa6LrkhkhDftBMLXDxZ3YomZlVz/tVt5ODsY3lP6SFTB8HjY88o3SIz580tgD/coc4WpbC/eB9m3V9FnLxVqXEcemj98LmlXNK+bU9MGQbOxVasN+WNnhshTwhvE1UrgM6ACZNwcecI3SidUchVkzuYrzoRxT1+pBEQMfr1BZrDQNah/m7n1gycQT5bdbICc8JxBUO69Q7dKGMzPrJRaFvvQV+vcnOCWrKIxLWHzfnZn7Y77Yto9CSVLalRL/WF4bMs1Sc56eHCG/SHp/Vb3iHX0VyCmZctjEFERt41b+vPIYAIWsutrPbq9lkE0Z37UrzYRqDQTW6c6RxdIjDfMJFmcjLOUH1zkifZ/fGYsWNk7OVCvUG806jaWGcd+E5s/ViO68USLyAgpYWmIXnTdGDM1xkD3tBMErN10VsduP/nhsvB7piglaWXN/y4b/NJ9K0TqNBRJt1nKtz7u/JReNhA/89zV1d79wDEm53M5OscQ/1hPUxQKGwaGrOaW+PvwZDG7eCUItNWODYYgxGLqv1MLy9d+sZSsCpNEYKHiUrG/Tw4MOHQs6pqnGC/PVly1+Uc8HBMu5ArHpA+mjWOIWQmxxxpWLlojf0lM4Ch6qv34siVpUuGB5c5na6ziZJiWiQA7r0/fzPWKdpxtdzjnq2YP/QBlFltQ1R0yAZz0EctJXcBL+NqGRbBfjYMyF5IrBbrJoKagE5I8x7xIPZK20my++sdIiNxExB0BNAo1pOjtXFmtb7+z2o5c8KFd/BE3VqOXJIDxQbCqtNBJFAWwn0fI1g0yXFC2yZup2+h5DgIR3KuDvTHpkoJ80nvl3IZwALVIqGPad40FZ92f62IKSxq+CtMCYyKw8ANkFNbI0dZlR7lmgaXKnUO87m+ue1nCcWUV7gzyDQB8L1sl77kFT+Xho55GqL1+384FUYUaNxBrsTiw5qc5DLXDoJO2OQ9JyB8784xxdY3vWGzjoU0A97e3fAHASEzwRZ8zucfLJcNSLrOUcHF1R8kHsgOAcJbwkSn5JlapRTDBHaQnTQycpTW8zCL7969VUQL6MJWxHXVFSo6/yy4rNHWm/ienHqhb2CrZQUpu9xhlV+2u0imNhnBtCZkzTVBQxVNQyzWsV/hRnE2tXIM+8bXeUNpRCv4UaLwOUL00Bj61AMQ8lY4VD4yYD+fmetSAFsVYOedDvGseX5GWvPMMcwfMK8NZxbo/3TMpGILQDFkEV8V6n2B9NgpeST08OLsO86ai0oHAWKQ+qtkBHajmQsyEKOzVTbT6fGmHXamMvjwFnGK7e9LX6OILvxWUukO6ZsQ30gNuDUEoDN/MO5aJxYoKqeN/jCVmnHBRnfIfkklaC0fvvn7O55caa37NwuaQXueF2SsV8YTREWHzryzJ9UIYEOqpD0T2U9ChqcQNkAUlMC4C3RfmGstHUpiAQ/Ugsm5Zvc97miELd0bbc5/Wy16v87sJUyz7gWqIN1P0zQKBS3htLBvM3JCdteLHSJ1USPWfFAfBfHebqvgNCzfzUTEQVomoHnPTquDqHG7+LXnaZc56FtUE1/YqFP8ievTG7qXuLgTG9FEW8xGcSfkzdCSsp4QiUrjRhs6ckrXLvc0YOC6JHvRliStTeH0bmaCLf7KrR7V6k0r0XXawEmYGoIx1nVi0EBc/LiPCe53PEWvK7ZrzY1qpBIEaiqghjibnLcVGF2esYXiLsYsKyrQTgL+ra2xmGIIynx89i2zbalsXpD/BQed8ZWf+856w12kkkeM+CZDv+Dc2/ztYnfK/BrrjR/oYWmdbWI3BnhsDTiHCut206gg8N6yvfPDbAPx6iRAaIdMvMIEUYH9PG05lvANokOOKBWZj0AUvI1t+ZGKaK8oRE0IoNKMXasdNr00BDKs9nUjWLvF+JL6BcLugKRp+q7hLh/dyTGCPc9ytBXipM3BepMewEukPiQOTCebxlM5+3EOipRsCaXvTf1Xv2i/6J9j1UIwWw7Q/vlXTARib92tLtPf1R27uay25rYJJpb0KcWWb0iizXG1FzEDitUECPhCfM3RxLL18VnTas7zwv/34YRIOTQvRpfbGEoBbd8EKWlWv62ljecFP/dF53qhzRCRPxtkBif7HTU5KX9Jj4Qwc/rNxWFHf7AGn/bL8jwwtFHoH5ijjHm3d3++bfilyBo5+OiyLk4LbJGe7MP7ZE/xUKx3vENKG7XozHoMuBH2LEqcH8rPGrLMzIO13aHRZCxXIhZk2SsGA7xAvbf8MRJg+SM0lnxmg7hu95omervRZPj1kYi04PaS6/FalgazZ3UQPHK8idQgUcOQFonGLqRzvYl1Ap6Rh4twLmys+b68e6PljQ45h8Gi4fjExMl4pz66S0SJUzRQp7SAUpLNHBqsKvqVr87F0bfHHQT8IKDXCHRZVNcG8kND6v1/IHzfjDiJgFLSefAE3gDFustCIr1lXPezKiT4WZJY8ty7jd9Bnn+NHXo29ZZb4lkr1dn6cLNzvGWpJ5JF8KHAt54p5ZT8XMgwkliUJgO9THU+9Q/vE/8gs70u+fkJ8VEWMs8G9MHBeqoMON3U3Y2nDPtDqDZWuqnR9lRzuH0fr6cFboY8MpkExnax6ZPEdawBlaNsdBi6B73PipO3FybGr2lX6TvwJegmhy1r/iBvYHqtrfjwiFlYVcCmrDQBhZoXIDFPvAekStWITXMsTjbbSU2+z44Igbm9Y2nnzvVZv5r+waKq+Zr/bg1MBsP0VUahNdLjPLIas4qgO0r0fLDtf1Lr0NdFXSY8+OezFpTRF4XqxFUJm1SWeJhQN7XMq8j1KqpHCqUKt8LIyYpwAoHBtCJLWJGvXwzfDSn/mgywbAio+hfHtPkaxymuS8HEVqxXwKNgt33HuGzS/RHHnAc0gmx3AsPTQdbC5edAavwwH/m7y1nhVade27ZJSvfK0Ul65CseS5Of7g4SYw3E8SArm2hqm7AEBCpMahqSal2ggvPgMk9uXvaL/iKIeKOHEr+KL/IvKmsH0rqFTwD6Rh7ixm4vx2Jt/ztEpEwfZ5y1dfvgRewFooDKwUBoLIw7bbzj+fUpIxZUeCjbV7MXeAy9wkmEQZE9zeofULrK9lnsuCKp6Mlhn+kTfFTUPc28vn1CKc7qzilklqp71ifcRRjLeeNNSsxkTSY6JAOJ5Mcc6/9A+8ANiLyrwagfcjhpjjZYMrzZy5zY5HdDseVKo0Xi5VuHVzqi1rSzWU4Xaegyz0zwjJwyE++1tBPSCSObuZiCBKyumfgKh4Pm17U7SiOqMO43AxHuonCHmVvmBxrBRh1gdv63HiJXGPHfEslUYx6sttH8dRnG4+h8owD0UVFaDW0XTFE+JHtaAgkLKihJEO93x+wbUeUND+RYQSLqMySbghP6kUfEtr2mFzM81fGWmCbR0tutrAGtOs9/Ton2+DbCOSauXlNZQJy/Y2+NUYDlP1ai3dPww5S28gbB5TFCL8a4DGey+vHZqmTR72IwhB6vU9CJAsY4QJOTXE2pD7cTGR7uvZCjd/Ab8PQ+nbIUm+mmn3U12WhIaOm0iULPazB6paXG4eawjNkdi/xfz8gFPAtByYbF8xGZTDRIRvfEtKuA9pV1UkL+ys5o94T2LQ0Ce2mBN7DXyAU754abYhOMluaSAaKT99bmJltQxMfWonn1Wg3Cboak3jQlAE3PCKutLdIswoJUTH+CdTANmXv0b/5RSdsSAsr1Y7PrpR8GvX/mhISGFOONkkovCrkvQnuJmx3BOo30FIccyj2eozhkQPgswpOhdAOy3IGRshGeN2m,iv:AnttkUrXXNqEOwoZdGrxZAni5gJ8fbcRRIPD8HeV31I=,tag:lqvv2u4JiRR5A0jIwYGwvg==,type:str] + shadowsocks: ENC[AES256_GCM,data:+pmrbAj568RIyrRn73x6yd/jM4fOLFcucTrSwQ77A7GgZ7OqGOK4ARFqveSCslAvaEDrnYnvM7Fvu+dlH7sZ5xhGLYM4Us2ZmsUUl/laaujL3dKsgi0jbU7vfOx1udJo4Nl/gwqesqQmfc4kyg6i49VykaS9Q0wYibvGD48d7GisLSTC+uATa7toD5GwF7HGMs1KmkDNnjeU8hl5eWnvssPzSZdZVP38RwcoOklPqjfbd+s/AzF5sQbZwCz0TcLZephhasgZIctXWSKFmaWysDXvle2QLHeQgsxSAIH2kkIbM56+y1f93fM2rQBVhOLx7vNgYA==,iv:u+Fe3UQ9xselH4+bE0GqBZzIJJ5lbfedQURhL/CFlGg=,tag:wX3Uy7x0j6JOxfABbQCF/A==,type:str] + password: ENC[AES256_GCM,data:bZ3Lx72o4obDEV6oc+By,iv:n3ul/CA/+400v1yQRMCVJSk4FhvtmsXEW1UGqnDhzoA=,tag:z1cLYr3cLVX3EumVJmNyVw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGaW92Q0NWcjRGcFpIOUs2 + eUJrTEt6N1NyZS9zSUV4eEZmUkJTak93SVd3CkxpN0hGa0ZhKzBVZEZHdk5Cb0lh + M2lNc3BPM25wdXBTRHVKN0FoTXQ2eUEKLS0tIDNVeGs2OXdVTUVaUmE5OG10eUdO + Q2o4THkzODJJTzljM0wreS9BeUhvR28KPTe0SBbhzh5wgwGLChmojOhK/VD0twYY + g87MNWzHgRkWuQb92xRgIHcSPFuqVZ5YIQqjt9w4CXRKjlXovTDnhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-05T19:24:54Z" + mac: ENC[AES256_GCM,data:Nv2WsnKcfStP4P/Dkgp4RWkuuSt7C1EBrA+k0EnNi8ym8OE1xBkbvkQb9ma+17/fJxr3pLX+vkvbD8w1yMBG9kfGyiAf8PG4SjxZLuuuRg+XfI9g51dWSBr8wavdj17EvbDgED4fkGg/27bxLqYQpjM1wffclprSPlG7LQaefHQ=,iv:HekT1rl42knZlGkuFzEtUtqc5WhMLSXiCD8mpSE6hHs=,tag:pBZyTJ4DtUc7yqFWZ2DO3g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0