diff --git a/.sops.yaml b/.sops.yaml index 8237fc4..071dc46 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,9 +6,9 @@ keys: - &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E - &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3 - &yuzuru F4B5F6971A1FAEA1216FCE1C6745A652A31186DB - - &okarin 43B4E35299E0D3D0F85143108E1A6A3507CE6BD8 - &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2 - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b + - &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa creation_rules: - path_regex: machines/nunotaba/secrets\.yaml$ key_groups: @@ -64,5 +64,4 @@ creation_rules: - *vueko - *fuuko - *mayushii - - *okarin - *renge diff --git a/keys/machines/okarin.asc b/keys/machines/okarin.asc index dabe589..92c8d37 100644 --- a/keys/machines/okarin.asc +++ b/keys/machines/okarin.asc @@ -1,22 +1,28 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -xsDNBAAAAAABDADNCsoMbqEZfA/bTPgZp5W+AzMvWhHlEkgxbldZcTDetCfmU+oR -tGxL7xg5eCjYFbYklpxxzzjoCRAPKS0MQKCw2Nnxst+NP8nuhVHld8Iwg+I7l1X3 -07dquic4CP5uXXDByArk09nJjg1wFz+YEaPtLu6ox4JF45vtdg9aB6kWP2gz7Th2 -0aBn35CC5eXMGX66/8BVFzw+lmFKr9KYFL/N+do5uHdI7BfTHbo0Y5eLc8HaqGbr -R03b+6BMYbeFNEwfGEZFoHmDPg2lxY/mdlDadleYsDopKqRMcoSdaJq/qpRzqwSO -Qg+2bJK9n5DziD8Ae9LQB5UHuuESuNgFuInZd42pHXy2fD4/t3/mOvri2zxN0wHY -AeCLA/VW5YQK2ko+yLSjc5J8e9NEGurHFTD3e0Noy1zmZ3OCTnLup4gpMQxCBxqg -ZPNtjDmVHxaCcrLATgWjIkN9OrnqFO9czgluPuNTOzhhY/erh8mvhe/gbnFneJLY -5NxCKQoTY6UcRF0AEQEAAc0pcm9vdCAoSW1wb3J0ZWQgZnJvbSBTU0gpIDxyb290 -QGxvY2FsaG9zdD7CwOIEEwEIABYFAgAAAAAJEI4aajUHzmvYAhsPAhkBAABuWAwA -oyNZsphWW+nFEktVR2mBc/28htSazlC7SO3KSSblIyywmXPkLkODfD6oQ+rJb3yI -F0f8g3bw9N56PpPn42APF1VouLjxJT0ZcgWHww/AawdOMf5MpB1pTpLkR5rPSZyH -/1/966o/4NcA1InqqNdYAwfLQ+IRdsLYGBYylJ3zMSkUbSN+Zrvj9LofmT2CppSY -4vWsYiBBMB/RrB53Z6eeGOqzZim5GamPtXYCb6LlumpKVOJK87TXV1eDE/RSVDRt -R5K1dLkCm64sVzAxL2RxOxFa8VdLXjvhnmUYT5eU1bJTQjcslymw4W4ZpaMLNbfF -7y2E9XbL4w1+MA0d7ZZ9MCuvVAODFs8BzPgqWxwGadYMcgmYEiBNHFKQtpjvP+Km -4a+6+YyrlDPuhOZo4aoMUn8JYhJEYEVSQ9WGX/n4KoZFrvK6qdy1rV3qw8CF2KyH -PHU83CnaiARbXociNiTheqZoCxLg1hqgoWOTpsTwlmTEDEAqKrPTNr8MJXh7YY/8 -=sEUD +xsFNBAAAAAABEACgnoiAZQChPJOD9Bh4VxtX+/KWZXBrw9HhK1aufLH2Q4bS+mrg +Te5SgFrfsiiYOvo8O2rESmMIWAHRSGxcdcT09+ZZtZxlxW7dmoUXLaPY+Xft0oDT +ekLBs/g3N9qAXYq8XC/YNw0R1FzhComq/enQT2OTcaWES3b2OlFAkn8SVSTTdKgG +jfmPPjDuTTYWPDPPmVRhaRkT/AcByyRcEcYxw4Zn+62iY9ZuV8FG0O0UcR2I/vEw +KwYxHBC4IiqWvCmeJ3mEcf2NBbLwp2hB79dyo9RN8zxbu2mwrCNNO0hbkJGsxom1 +NjKh7KZz0eaIpb/WAesimHCaAXcB9ovGiyyHjECmZkvKlAXMttrPkF5QJZW2Iao7 +jcdcT0CNhC9fUwdBPIVRVjQQPyCWrqZEas+zG0tU8nbMy+uI/rT8ALC0zSgQMVyr +YDIM7tYHbuBjgHja8gvwAa116L+uTXzkCTuH3OQHowtuvDjorXDKNs5akqJpAPHF +a/fhXzjtY6RfLVp0Hj1+fnwrzMs0D1YdlJEjsBxvpieMTGPXH0YA5ondK/OsHsQD +uzUgKzgGpq8Kp7hXhxi8gevHmNgVN1F4CNlTy0qOkFgD8U11Fk9O4svI+OtzslPr +/EXRC/faJeFdT20M0BIqhQVWZFiRRMMsHJgZ04mWG40Wysm8esZ3dwS53QARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQ5fw8qjuBB6oCGw8CGQEAAOyUEAAHW0hbAjCKylnIaezMqNiG +yDwfM+MpNXaqB4sG0UUiIdgSUTk06PN5dlQ0Jfvh1I7P9y8CxqamlqCUXiqqWEOR +Am3Q7oxQKQdSDz//2ijWLdNFcT7bxZvNKQ/T78UYka/qmuLHx2jSuakAX2pAUrOf +K7mbElSu8LD0y8hIDEyxuzB/aL13sHh1LkOUCSEgZ977EEfIEgPidPwEtGJvEbhN +DaP94cLNapv/lWux8+O5dzKi4R7ghXl6IvrP2LPXQSPF7C3mMZ1ZSX1nFxRjALXi +xiFbrJFkwEQQmVro/3wX9BZSmt6VnFRKkXnsCLlf9eT0aTmTirtqHgfet0PHqTNt +CxrlLKTZFN3ZFropGZ070ESs4i6WZUBpTdsYh/htyo5bWMcHO8J+K+Ttd1M8btM4 +RtpAc/2UXa4+dVpLOGqdqkmUEJLVLyGnj9wZZgkx3tWGhjnSohCW3YqffQYlXUFn +xuiQQ8jKM6luuunMXLt6D9dzOch70z9bnjOm1Z6q/S3PIzn++awzA6N3VTKNuUBP +Phs6hlcAeqdQ6Q2EiS5iXKqPdK1nd9cPKzHOJf1fwlaRPSKeCtXUgkjAClu+heEn +rst1nggIhCBs+rHc518BVZvISLNVlj5LVwN0mKOk9YPuZItBCGX96WWJZdMHeZk0 +MsxjN+we2woCXG5SJGYOyA== +=UTw1 -----END PGP PUBLIC KEY BLOCK----- diff --git a/machines/default.nix b/machines/default.nix index 0c180a2..d1144ca 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -52,4 +52,9 @@ in targetHost = "renge.sbruder.de"; }; + okarin = { + system = "x86_64-linux"; + + targetHost = "okarin.sbruder.xyz"; + }; } diff --git a/machines/okarin/README.md b/machines/okarin/README.md new file mode 100644 index 0000000..d24d6c9 --- /dev/null +++ b/machines/okarin/README.md @@ -0,0 +1,47 @@ +# okarin + +## Hardware + +[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512 MB” = 443 MiB RAM, 10 GB SSD). + +## Purpose + +It will host services I want to have separated from the rest of my infrastructure. + +## Name + +Okabe Rintaro is a mad scientist from *Steins;Gate* + +## Setup + +Much like the namesake, +this server requires a “mad scientist” approach to set up. + +Ionos does not offer any NixOS installation media. +I could only choose between a Debian installation media, Knoppix and GParted. +Also, installing with a very low amount of memory is quite hard. + +I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size. +On there, I installed NixOS. +Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some. +What I settled on was +`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`. + +To make btrfs use its SSD optimizations, +I had to force the kernel to see the device as non-rotational: +`echo 0 > /sys/block/dm-0/queue/rotational` + +Another problem was the usage of VMware by Ionos. +The VM I set this up with was obviously using KVM/QEMU, +so it needed different kernel modules at boot. +What worked was setting it up in the local VM with both libvirt and vmware modules, +and then removing the libvirt modules once it was installed on the target. + +Getting the disk image onto the server was done +by first `rsync`ing the image to another server (to allow for incremental iterations), +which then provided it via HTTP. +Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui), +it was possible to just `curl http://server/okarin.img > /dev/sda`. + +Because of all the pitfalls of this, +you probably need more than one try. diff --git a/machines/okarin/configuration.nix b/machines/okarin/configuration.nix new file mode 100644 index 0000000..ff39e93 --- /dev/null +++ b/machines/okarin/configuration.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../modules + + ./services/proxy.nix + ]; + + sbruder = { + nginx.hardening.enable = true; + full = false; + wireguard.home.enable = true; + }; + + networking.hostName = "okarin"; + + system.stateVersion = "22.11"; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."okarin.sbruder.xyz" = { + enableACME = true; + forceSSL = true; + + root = pkgs.sbruder.imprint; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; +} diff --git a/machines/okarin/hardware-configuration.nix b/machines/okarin/hardware-configuration.nix new file mode 100644 index 0000000..316e0a3 --- /dev/null +++ b/machines/okarin/hardware-configuration.nix @@ -0,0 +1,71 @@ +{ lib, modulesPath, ... }: + +{ + boot = { + kernelModules = [ ]; + extraModulePackages = [ ]; + kernelParams = [ "ip=dhcp" ]; + initrd = { + availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "vmxnet3" "vmw_pvscsi" "vmw_vmci" ]; + kernelModules = [ "dm-snapshot" "vmw_balloon" ]; + network = { + enable = true; # remote unlocking + # for some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands + # this works around this, but is arguably quite hacky + postCommands = '' + ip route add 10.255.255.1 dev eth0 + ip route add default via 10.255.255.1 dev eth0 + ''; + }; + luks.devices."root".device = "/dev/disk/by-uuid/67f2990c-636a-4d80-9f6d-7096fec9e267"; + }; + loader.grub.device = "/dev/sda"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/8e3082d1-4af3-4d5d-9fde-d30dc7552d41"; + fsType = "btrfs"; + options = [ "compress=zstd" "discard" "noatime" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/883c77e8-53bf-4330-bd9e-89ef71ad9518"; + fsType = "ext2"; + }; + }; + + swapDevices = [ + { + device = "/dev/disk/by-partuuid/d9cf5716-25c8-4f72-80e3-696e0dfe1079"; + randomEncryption.enable = true; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 150; + }; + + networking = { + useDHCP = false; + usePredictableInterfaceNames = false; + }; + systemd.network = { + enable = true; + networks = { + eth0 = { + name = "eth0"; + DHCP = "yes"; + domains = [ "sbruder.xyz" ]; + address = [ "2001:8d8:1800:8627::1/64" ]; + gateway = [ "fe80::1" ]; + networkConfig = { + IPv6AcceptRA = "no"; + }; + }; + }; + }; + + # no smart on virtual disk + services.smartd.enable = false; +} diff --git a/machines/okarin/secrets.yaml b/machines/okarin/secrets.yaml new file mode 100644 index 0000000..5fb160c --- /dev/null +++ b/machines/okarin/secrets.yaml @@ -0,0 +1,52 @@ +wg-home-private-key: ENC[AES256_GCM,data:4L8aIvgFi+mBjnyVy5IkPaeJRadJ5NCKZprSkBPwMNiVaIscjAdp2yinBSk=,iv:6pBo+6M4EkEjz184XvisWXEoomqJXa4M8Qa4nJHI65U=,tag:3DEsmA2xxAlx/PSbD3HOIA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-05-06T08:49:32Z" + mac: ENC[AES256_GCM,data:B7e3sh96p2DlqM2SgHWoJ7RZ2q5tnZ6lohNc7UKmwG1HTkrPKW/6jobW2InQnbZn1bPmCERoJIF9QyUz+OxotTiKIXxSL7BJkkfpIkWy9IgjIeADjevHkplm2rXONiXaM2sD46bPKbuRzuhbCZtNwUH74gTVfKPVLVrzpnPRC74=,iv:TTXlBGhO7xLCC3Ad+xiQKmy4b0n0vuQRaCdoe7vpzSE=,tag:dZCharRGK//w48ePu7d2eQ==,type:str] + pgp: + - created_at: "2023-05-06T07:18:18Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAwDgSONkM+d4AQ/+Mg9Zf4S9cmANlMgjcq8aj2ynrW1roKJGHiVqHfuL84Ua + yv32BJegPbybVAcQLDU7V7lgtz+5cbkvkPYJSeFT97q0oNUCgoXxSRWu3sNtbXGc + Zph/Q5YDgRll96n1Rsz5eJr6exd6vtikuGGx7XXLt2PIuT0u9ROcCntmFQfkPKD2 + Phs8dcsAI8R8JtVur+cQGBWAtPhmII1nY/oHbyOktD0eYbRQ/+0jy4ja/NosSOqG + KXPdUCvS6ZJeB6jwFeX4iA+s6xwDB824wSGOUyV5QqAwAuQvaEn/4J4OD/FD6vjy + lk7FoTb24ukQFFHrpl6vv04R/7Hc47EGBCI3K+zL4yw+X9hGw6CNTOH3J05J9Da6 + iUxJE6adyBMajS16b8oGVmfLAv7Fuf0oIYDJYGehqWVEEVEEa+7/mvir6nQkyK6C + 96vxfP9C+vaJslLm4mrsCS1oXOoX/nKs3uuURKIu0a0IWfP+zFA0tSzbugllndCN + wQgB+pOA7dHpyhQcbKgtLNONAudMsOTdApYE0Hj7n2GL7l2SBc6lJRRFx80JYago + TFj1mUi1Z3gh9JxDk55XO4YSD1lgRXareb6eamSNB9cmujzniRczT2Ktc/5J7k82 + dc8X1YNn2sz7uO6tba2t6Gn7t4rkff8wr/7SP2oNdmduaj413wQnJwF+zOpzIAzS + UQFxypUHMwQf5PtUs7hSA1Evo9XTZg1dGKNr1rQJR0tV2advXaymOKmunVxVdovX + KrEkT9ON9BqHMJ08ZSwFdHmw5nFHhCVQUcziyYBzG9GtoA== + =2yjm + -----END PGP MESSAGE----- + fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC + - created_at: "2023-05-06T07:18:18Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+X8PKo7gQeqAQ/+LQlvZXjbIhj8ph2io9T5Si9ZkexxPBh3t8f6pOCyAZro + oI50vx50huckq1OV6zxuHYdnGD2rUpgEPXxxVTf3vKgAw2pIIPHQJn0G7xOO4/6a + dyIHxCU+iwZmAzh1Dkxxx9yr6z1CaDhdFCSEbwKEIuOZi/VAserPVJU7owRCIR1g + pphBTnOwL8hUo69JRUtZkG4lrLDRNcksn+uPNH6WvCiE6OTw1tI+qCqEFzHXKUMB + zmH/caMZFM2mf+wUODmH0y8adn0A9Q+vBWEjfwQ0p7LUmTscZ7ipytt3EjyJ3WxQ + t7vqXacm5Q8tlCVnByYUQEcYdJPJFvOLAhwDTcqQSwajq+Gee0uQyOTaNh9ZOl2I + 5pL1yiLgBMg3MlUwkpZM3usRvSvdPmiv+cR8TrrWPq7EYpdrOCY3v3trGsYE+x/e + fw1oRUItvv1cPXMWEKpwEX+2ueN7BTRrxujkor7z9FAN4SAw6XbO4YTLw8/0r+/2 + 2SlQPO6UBGO4nj+f1kC2FzFxkLDz0AYtEXpNa9WgBVxMuMJ1c3jrJ11dhRwrlDyL + h5d6Aov+HMW+e4pdAVDI1z9lZ6SWVpCZG83PuAkOXdFWiBOoYt70BM1rLn2w1bBn + vfC8pOUaWNTyrfrW2GdY8QOoKPLkk8Lm1zaUWQ/J7/jErMTQRhp9cULLaQ+nKkrS + VgGImUPZROF6VMQPlKcm7ZMTpUP6XyuInbh/GlaRAaULGXEqQ7RqBDI4HXED5w6G + GPUmbAlFZmRTELDFekdI3N2i0JgEMaZVlzNbnSHXLcyJbEtjDWa7 + =qBwQ + -----END PGP MESSAGE----- + fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/machines/okarin/services/proxy.nix b/machines/okarin/services/proxy.nix new file mode 100644 index 0000000..1c60311 --- /dev/null +++ b/machines/okarin/services/proxy.nix @@ -0,0 +1,22 @@ +{ lib, ... }: +let + proxyMap = { + "sbruder.xyz" = "renge"; + "nitter.sbruder.xyz" = "renge"; + "iv.sbruder.xyz" = "renge"; + "libreddit.sbruder.xyz" = "renge"; + }; +in +{ + services.nginx.virtualHosts = lib.mapAttrs + (host: target: { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + proxy_pass http://${target}.vpn.sbruder.de/; + proxy_set_header Host ${host}; + ''; + }) + proxyMap; +} diff --git a/machines/renge/services/invidious/default.nix b/machines/renge/services/invidious/default.nix index f18a195..d472715 100644 --- a/machines/renge/services/invidious/default.nix +++ b/machines/renge/services/invidious/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { sops.secrets.invidious-extra-settings = { @@ -36,6 +36,7 @@ local = true; # no external requests use_pubsub_feeds = true; modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches"; + https_only = lib.mkForce true; }; extraSettingsFile = config.sops.secrets.invidious-extra-settings.path; }; @@ -45,6 +46,12 @@ }; services.nginx.virtualHosts."iv.sbruder.xyz" = { + enableACME = false; + forceSSL = false; + extraConfig = '' + allow ${config.sbruder.wireguard.home.subnet}; + deny all; + ''; locations = { "/robots.txt".return = "200 'User-agent: *\\nDisallow: /'"; "/privacy".return = "301 'https://sbruder.xyz/#privacy'"; diff --git a/machines/renge/services/libreddit.nix b/machines/renge/services/libreddit.nix index 0813bf5..7758a66 100644 --- a/machines/renge/services/libreddit.nix +++ b/machines/renge/services/libreddit.nix @@ -9,8 +9,10 @@ in }; services.nginx.virtualHosts."libreddit.sbruder.xyz" = { - forceSSL = true; - enableACME = true; + extraConfig = '' + allow ${config.sbruder.wireguard.home.subnet}; + deny all; + ''; locations = { "/robots.txt".return = "200 'User-agent: *\\nDisallow: /'"; "/".proxyPass = "http://${cfg.address}:${toString cfg.port}"; diff --git a/machines/renge/services/nitter.nix b/machines/renge/services/nitter.nix index 63a0a91..1a3a9ea 100644 --- a/machines/renge/services/nitter.nix +++ b/machines/renge/services/nitter.nix @@ -18,11 +18,16 @@ in hlsPlayback = true; replaceYouTube = "${config.services.invidious.domain}"; }; + config = { + base64Media = true; + }; }; services.nginx.virtualHosts.${cfg.server.hostname} = { - forceSSL = true; - enableACME = true; + extraConfig = '' + allow ${config.sbruder.wireguard.home.subnet}; + deny all; + ''; locations = { "/robots.txt".return = "200 'User-agent: *\\nDisallow: /'"; "/" = { diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index 67b6c07..8fa0f1d 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -67,6 +67,7 @@ in "renge.vpn.sbruder.de:9100" "hitagi.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100" + "okarin.vpn.sbruder.de:9100" ]; } { diff --git a/machines/renge/services/sbruder.xyz/default.nix b/machines/renge/services/sbruder.xyz/default.nix index 6ce6598..a81069b 100644 --- a/machines/renge/services/sbruder.xyz/default.nix +++ b/machines/renge/services/sbruder.xyz/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { imports = [ @@ -6,9 +6,6 @@ ]; services.nginx.virtualHosts."sbruder.xyz" = { - forceSSL = true; - enableACME = true; - root = pkgs.stdenvNoCC.mkDerivation { name = "sbruder.xyz"; @@ -37,6 +34,11 @@ ''; }; + extraConfig = '' + allow ${config.sbruder.wireguard.home.subnet}; + deny all; + ''; + locations = { "/imprint/".alias = "${pkgs.sbruder.imprint}/"; "/transparency/" = { diff --git a/modules/ssh.nix b/modules/ssh.nix index 4928669..47c9f6e 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -60,5 +60,13 @@ hostNames = [ "nunotaba" "nunotaba.home.sbruder.de" "nunotaba.vpn.sbruder.de" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo"; }; + okarin = { + hostNames = [ "okarin" "okarin.sbruder.xyz" "okarin.vpn.sbruder.de" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaev8K5KhRovW75IdZ0HYlzvxxo0haeCM0xCVEOuDSa"; + }; + okarin-initrd = { + hostNames = [ "[okarin.sbruder.de]:2222" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT"; + }; }; } diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index 662b75d..965e285 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -28,6 +28,10 @@ let address = "10.80.0.4"; publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8="; }; + okarin = { + address = "10.80.0.10"; + publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk="; + }; }; cfg = config.sbruder.wireguard.home; diff --git a/secrets.yaml b/secrets.yaml index 44dcab4..18623f9 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -13,160 +13,162 @@ sops: lastmodified: "2022-08-25T14:27:39Z" mac: ENC[AES256_GCM,data:75hpB3gQ5WhqdSG4q1w08dQ1g9QGK2PA3hqXHnRz7cosjAERyldIG9TmOATrUGLULUy+E8fnOaACCatY5aMXVL/wmn77GkI4EA658D9j3Fhm1+k/Tv+rE8+4icb+9YNVZijLpHzSlMKZVOdYyg+CZlAC/xDz6ggdZOO6Ks29N+Q=,iv:0NKHdZxKmcUNiraoBW4WldO2hHkaTDVH0sUk/lh1Xg8=,tag:mRfDetmVh0Nv/4nHjCs/5g==,type:str] pgp: - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: |- -----BEGIN PGP MESSAGE----- - wcFMAwDgSONkM+d4AQ/6AhiKG1v8a55doHg+Is4HR0C+bOmKCCFPa3w7yLePvALg - d4NuLXteVLJuxprH7EhsaLh/nUo9ruwCujzE335VSismaRoC24vnuXiytXeSmVVV - 6GC9AgHOaceuuamPyqayaqEoddVUSP4HPGf5+94ofH0ciwcan09mcFal4mzK/m6D - XoAzTV37qYOgtcGivfNhh+23dEgZTOccFDdpMl0h/6GpcgGj9UKOlieZX1Ec4g5Z - zpnFI0uSgpUbMSm9rr56k3HX0BwljXwgJhS/X1DmFJOL586aGoI8i+TCrz7CDQZs - LfkxLf+4ztU4jcqd3ymt3M5oVXOjcqpHvUUmLJpyBqR1T+HUYZ0PS26WJqhYc4Ez - lIZtRs5wp5KLU7T1ZIFP9sevPYMOOK6qOzvkk0/NoW1AQbDidxPxXDliZ6n7E8aQ - cBYWKFU7T1mkDmzDgtvInCWA0DOtrm962kvH1838D7YjcNjXBMKoc//Zne9Q8VY7 - Goj/fPzOcsI9HnjNsjEpExOY/My2RFG4eXXJpC3F/nwAcUKhLKrOR7Z5pcWDVHHj - 4uTq3nztLbzaH2Q8llpWhgTqjQjnSqqY7aLEboobu7oaWixTugWEn1adcko+53Cm - kUHSpxhpFxpzpswWeNAlHzoZfI8Z8FlFq0yLs0M3aG8jQZHyLeos6Bb1opCYYKXS - UQFJimLuskzrEm0dCeEkcJ1ZIOLep9mbhXTbCRH/3/9aWwjvX0CTYihMfI/dnTqz - 7cqZAywCQ826+HH7mDLEVSnBYlGQBEXfqAKDlxM9l8n9iw== - =eA5R + wcFMAwDgSONkM+d4AQ/+LrvmdnNeTuipzg/KqCefKChE4Bs1gdCJ6n6oud7hQ5YQ + Bn+lSTQtP21hXryf3eeVVLNLPjMuCVB/e60TZNKRjKFz3vKJsvK9Q5gEHgTk5bTL + yQYbQOIxW0F6jusTR4jsOj7mVjkkaD6s0r1lHqQ4XdPSaHlen6zF9NSxnl25BY9M + Q5NJh1pjtgFH3opNflZ17kpK98AjtTpQJIfGpRuN7jU5Fpi0skQWXC61UeCOpGOR + xuGrP+bIwZkwbKmPpfVXr5LaMl8wZILLKAqRwVcN/aw2YLAhtV0fDABE+QR7WsrM + JJhSdZQY2SBhF3pu6xUzmDWaQu/BanMC8+d2QkPRS+okgR/0RFiDtuShNV4ppWVn + GNI14RiorGYY0l464WhCknmYsmw7dx0NUwclEdw5zff997rtRMq/8w4x3EA+7UWO + MV6llfPd5g72mX4+j1fKjET87D7NJUQ8BdZ0Zy+OJcDJSIKDKhrF6o5EbbCwMw0j + 2XIOeeSIzfT9FaqJUk8PEaMwYmYPXOiO2Fmm8FBpj2cnqiZNmY4RFnfpKAri7jep + UUU8toTaR6PEEYFr/KuNSgZhqNB7u+9cHx4x6V8MAmR2eV+u7GIY9b0qAQ5dla9o + 3b0r/KBhSM50HeRaJlHccnKw9JaUvx0qnBn9t2Gv1OKuqXIcs8xbHpegBu6bFNbS + UQEmPy1p+TwkcoNk6LEQ7Wi1RdoTPC+i86PiH77ilUjVbi8CQpWHvcXCLUH/dbOB + GKchfzpiyV05YvU2ShgOMxKELnlI3U82+Lzc8Iv376Ksww== + =INAE -----END PGP MESSAGE----- fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMA08nOrzNSYBrAQ//b+fugsD293++twd1vc7zLRhVNCV/kLqDx5ylqpvEdWJq - fvmt9i8zoT4j7Jkqipn5wcVDRJJ1DgI4KmNV8q34/YRxIai3+P9U09pNpIT2ovxi - HoCLZdSRCKO4SuqUV0tq//NPplIK7eBHEO2YVpPecXjgHuo0ODAVsl7NMiPJAmDv - mRyRuDu/gk636ysa0NxDo9RoQrypfDHuvlUhBr0y15zHDqSH5I/AWcbRZJiJ8HFK - H9ip0XoZHG7cxgm90zCYVYHIm8tmBRcefTglpq16JvnKMBUHXS1Q3VpwCjMU7AyF - WTPp6Ge2u3hzuav+3Fsbl3+jv7pthICHb8jLWp1sWUoPxoqUafpA4JuAvTbJXaSE - beZLtCXQVfKm6Oag/E4DO9QX49dR7TkFkYCtYJU5z9/uHaD81ZxrN47KIfTdjkGA - zYUrguGCpns/G7/TRiJKsAljYFVUZY/KBu1rD4I4obeYPIyvDbqrq6n8PFuZUYWC - NHQ5+XYBAi0J1iC3GAjECkUzkmXoiIwszXU9KhQF0FforLugA8CoPMsgIwB2LvCi - SlscTRzNpw4p0epRzifwArCSyf+FclV6uXPaDraC0aVibSV7w9M6RJPkCqXeGvn4 - 4eSuHBdNxTcwTa6X4mGpd9tTA1I/MBZYaYEnNGNb0POAPMVkHkFaUD2fRJCffGPS - WAFyqmi/+nnXFFXXNPmwCnbW3K9doqkj4JNWX5TOWxRTGNbejQNhsLCzutvKcaP6 - pVXKIf/U0RcK9GRM+WCOeuaPvOqAXle+GyurwRHJ+pYBqMDgLTYuhQ4= - =xRG+ + hQIMA08nOrzNSYBrARAAqjCHvg7YHAbcywSfNVrLRdY/BvOTPgtGXKNPbRf57Xbt + dvjvawR24CjVp6XcNRVrBwUDx5V6goJIYTRBYhkIm0gup8QT1EHYgVpBLSMB94b9 + 43a3NQb47ykpeezT4q4PwS0JOjDKsWsmxtiV0M1ndF1JbtN8ySlVOmdXAxo40R4L + O/tb+qdP9e4jzhdSIVzsLgmqfWFAh2JVTPzVVqkitn8EVhc/6oMFwxWZLGg67ExW + +V2A9ahbDXpDb6qvJJZ/SxWPEt4VqqtV0A3Dgw9L1ULMaTnZYpq5Jnnr0pj+UxpP + iiqpn/XVdKCS+uy1Vg6jejk6foXfWOWzlbCZ2f1LyExAS1iaK3NQFqEgptq0flSs + Lq3noOn9C8UszfB2zkBI83/+GvKqelUDacBzrnvyqXIKOG+oDxHti26oOBofro0b + uRUtu9KyQEC7LAiZKb847iwSOsYC9IoBoOe2AOBRjuorLe4F+AAock+mmOzK8za+ + tjsjOD8hsBiG2qcz1elGhMiBL6ECwTUiBaN1qnjkaecMp/V1+9/Ye1Ji2ZwfratQ + k50Tn/rZozY8prZOxjTJEJCjyAG5nuKwSVa9Zga54vbvRqvOJfgta6NrejqohN52 + wAzRKzqQ/+HdOy6fSPQ2+TedAYqqayzkSnx+y5U53PfUSa+SqcrFlipesvDVRujS + WAFINB6Yhu5o1pN8dA+Esa4TekbCwN7R68OQ44nK1/sDmLRQEXH2IAfB8AQs+9VU + N/wBE1LBTeqhncAU/42+ffJkozn1q2GSRdTxMAOurTlZ3i/CX64gxOc= + =gDvv -----END PGP MESSAGE----- fp: 3176be14f468c6d43ab2206b4f273abccd49806b - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMA2UzePEMpuAKAQ//WjhdDAUghQJLH4RH6n1LZ+GOK/128ea+uT3auzCoWe2m - I+0YaAgPJUOXU+nnaaK8gPZdNPPTtBt0t7Ao6nY5JqElQZeudus7IlV0W/+jA0ef - 12eCv9sFWmhs964EUr7qusauNJHgBvS44HY4sNMsR7m3GmUwdigpnWetxPkmaz2L - 5snBShgdvHxJTIi7pxJ1OI0EAE5+1pMJJwrrCLud+bK0ThYYApG0YGViVA/v54/G - yftCatyjF1AUMPOnJoyKH1havHmtc1Sm9npkyGWWI0Xz1ZJbmim+BI6Vaf+je6K6 - icHAFbrpxTaI51qsOZUmKW+0KwET3TRFV76zXPmYaXlBU8WZmkjufEDDPJJHK5RW - opcAYRMGHzrw9ZydNS+rpofh3YMc83vSV3n1W8s4Fwa+R1a65isRUoH3u7qFOgZ2 - 8nl9JDf9BAGnLDL2qSQMD7TIFFzMtupVzkvn71OXHyRvclAn/5qdp5+PAESxITV4 - u0KZw1RenFsI7ULQOowcmjSry5nMqfXCPFIY8GTfOJKfgTyTbwinhgCDG6KC7Drn - GnAtSoWPnkRYfc28dVYMakZVeqnbmOwKVgC7tRWe/heNCcYAyOhVpI8dUC1j8RRS - 7kyzuhKsVmfyk6d/u3WVrK5Pf8jRbN/ur46PmgKoKf/Ym7ur0+sRQRhoRFaJqivS - WAEQqCerpFprGLyT6xWNhYSHDQWrdzEqKNl6jozVurXIBDE4Y8AowBeI4p0W0CQG - dhx5N7Dfd7uDJZaVCspA+NSurg/ERZD1z8zEFsnMq+ahYnfR0EpBCcA= - =TGzH + hQIMA2UzePEMpuAKAQ//fRzjc6H/pHY0fWffvaQ3K/1Irb9CnRs84K7Acya5qT5X + yzolGMrgd7zdkjaAOzqB+n7D01ikbN2hdMCFl/5nNiQtfnRM0GqlXhSns7b7J8TT + kAkhDGhFIn7S0XG9gqS6F0W8d6SoYynTz/AfhFDiTfPQGoLQcyj8CNpe02xHoLVB + gSEnmMTWPlbilvf4z6VeuTpKwPqOG/B25uB8V6s4YfBywpe+DCZJQK0vz14vWIbc + jL2wG0bHpXrrPCK+affz00jIiDPVuF9Oz36wfHEgsCzJNPVjDIl26Jb5pBNRzOHR + yLWZVnPrfP10eGSi4iYxB9RFHIgd/rSbIjCxTQCPwirzm5nXDStf409ITDOjARyQ + G06kZ0lC0bwIRoUw+uuqd775UMyCr3CrA2t6pojjmcxFoXBrWAKwD188F4N8LIVt + CKOv+2/SVL0sifCvfSpgcHG+eqSlUtrCNaTyfWV2yMMhLMLb9eS2bKj4SP5TTodn + Kcem6uwzrbUi4lMyJVB1u3wvrrDzmiG+q+oTVgfF8Wf5Tv19+wG3bO/4d1Owh2R0 + deTTm/Ghn1BasIaaXAZlarifnP4+7bovY79khLwm6Rks0KpVbN5W1UHDTfzZA0Dr + YBOtbIQHcO5XjbtwcwHwTShmLcPzXKUxSkJ7NIeI+Gkf83c3gGM7iyirHr7vVWLS + WAELBihpL3s+Fq7OIjhb72nlMbhKO9ewxIE3bubHQQytqC3GYrK9azdmwjoa7epO + riTqhQxKqu0TUoIwBraHdGwaxAeB+GwBSiO7X8iu64t2qF2z/y4zfCk= + =+soa -----END PGP MESSAGE----- fp: 17FEEBB45E4245330507C960653378F10CA6E00A - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMA5TfpJU9hyneAQ/+P6P9VBTtHt/WcHU7eK9l5K/SC3uFp/9H0IU5RR8WFGQq - KGiyvgoHciE5GtlWQ5YqDX+jyKkNK08yyyo588J4FdQFXXEks1iGGLFMuzdKiIyJ - vmjN7R/hPd8/69k+chO3qpR39bMbl+MSfo9z19lrMWyuxQV/10N10lnZopJLGQZ+ - 9Kitqj42FFcGo5sb1ORC147axuN+p5b4AnWjKYwho3Nt36YNH28PlLDAS3ruKru+ - P1j7rh2G3A9zaoLiKN2wG9wxU5QXuyZ5wEXgwL2BY/YCw+eW2BtpT0JrQ2K0S5og - gOucdMTrpIqcUBqdqxVhJiVTa/re0NxfKl1ZJgQ4guu38UYNp4b8vOvj2R/vaRyE - 6wkDa+PmGw8+awI54Nggijj1WcKVIolUNOD1z/AX0FuI06bv6iKN+tYPKukUqAzO - A7BwCpHcovJoPltzG0LYAK4he3+rkN1ueuWt0jQ1YH6I8XepNmIv7vRoLMvmOT0R - pfI/h1XdeaXUJBYBaPGH7znq6wqsR+/yqte1HwRDtygs9BXfdpd5uTN/81LeTFiB - 7im5HkKhjx49lelDKqcfBFT4tM/ZvFcMzc1hS62Mcw2w9nBaZjl3npb0ktPiq8Xb - z6L08Or5En3Hv6X6Ej5aTpxHaIZbkfznD4q2iE5XeSBOu05kiq/0srPNEHO3vKXS - WAF78H5BBxSx4Xw8KlGeh6OhckP8M6Mk6YzXiEfeCVQBc/VttOsyxVDYxmSB5Zum - 7OdORZuLsYDZ3XxASSPErN1LBNMfbw/w5xaKWwwOZiVDKKQeK8Fgi6c= - =ig1e + hQIMA5TfpJU9hyneAQ/9E9d4K39rFCnnPXKTuk3RhOxhKXLVRtGvF3E8F0jXtUQ5 + aalP2efv93dPHGHnp3koIV6OrtVmvCBHfeJjHbmVbGboZ3x0AXfxKCSsWjSGrGAa + sNGUPAG11D60mUG8XKtk8xWY2jztEy/WUJ2mBJE2oh0Oa/RIkEb2rQfg3tReOhOA + PEWwqv1ZUkgJ0c1bWjKW3NrCbQcgjM5vK6jb44N5qVdZx+9fWYawy92ubSggrQNj + Aee38c5+hVIcqP6bhYAxLr9Mv4JAekLzI5o0Si+4gmmlBaQfS5g4AxtfcEWujUtL + v0Z7WihM2Oaomd078q4z6sd4+B31nq5ErGGee5p4+79MKHbzAjy8WByQxmFNOgwA + Eexml4A+hwarIf/OwWkd5gWpqHPfMuh5vRh5IKdwbkKMMJtttalRCyIggajLWO1a + IIE34imc++33naZ9nEtOUj3hOe6tjbfJIZja6JueY4UAbPMO0SaHB5JM2ypfuPxU + msQDJqnd/mm3q7Xvfdk/u3Vb+AQo8DbhXKSZQrZ7YwEfkHWHqdwZo6LR/z+gFm1p + Nh5mjYbf0hwxgq3BNtfZ7C9mixDwbdu6kVyI7mB1gPfhHQonfhPxCQy+B50BMuTk + xHGGLCs64uXm8v+f+J33o0xVRgUWm8hfD1lSGQHhEDq5n8PfPkZ2PAcmTLHwdCHS + WAGTUyHtjdpT7jTdbZxaEJCD5rx17ry/zwzoKZzLJJ3P3kTbRlQ1O/SBthRuYEq/ + +5lhZtmiqJBaJNRZJU9ZgcMeodNZ7z0JvEME+gvUrSpOjtjl1awkT2s= + =NYbp -----END PGP MESSAGE----- fp: 4EA330328CD0D3076E90960194DFA4953D8729DE - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMA2nIGHycQ3VOAQ/+KqlCMkgGZ8UIvmU2c/HrlJag9GwLA9B0g+rGducpS9Rz - aU2zRUColutNqy20NLWTg7S/67jBL2k5mKu9867ClhJuA5ZmjBwzrC1KUuz1v/al - oIbXTW+5o5949bvOvtPFfcZdQKk2EvdsGvaVC6jz303YNH2BK/g2506hPE2RGjiq - 77bYfE8WlFvR7bqrw6ad3uuYM/y0sdlNsyy3nBKtvg5K4Zt27Wk9+8NcpRbVWMuV - blgz/aLpiHBHr5mzmBhTcUoLllJsYR/nx97teGV1xIkpgjl7brZIU79wxc8afGVd - k+VADmZB4CtKTSBTQ1jCg7y2X7kn6XbFozHehd1JEr/ug5stBjQiNTkcCVGxSrCZ - o44/RAZV/KP+AvBq4kiNrABg6R2PAMLhGqIz00CWmKR2j31y5CUfJPKbbZs/YP+K - 1QvkJVbAFPNVOeb1iCsnhWKgHH6ds6RqRij0FvIXr5bZtLB3fBltEMTyAeQUCDfF - di4ERSJPIGN4ip2HfS5VDJ8LDVMuA6PVUsJaF55keTlKYRYvT9hEWSVjgcoVN2CQ - elLNxDNsPzr+0Zg6Y6DXUH8Yp0zYD1kQ4bebSmCYhWKHbZer0cVYwNlStI846scc - HqdeJjRsiqKS32FMMkHBCAj6764RUfvje5FVDhQXyRzrkTuAhy9IWBJUhGX8yzrS - WAEQFrL/Kjjim9t24NB6m7yITYbcxj5mvM72EGZrBafPnLPWFhc2Kb8F3onl5I1q - AxU+cQX8WotI1BXzU/BKzIx/BPbRYM9N9LYmkR4CEwjYWfLL4YdLU+I= - =VtQZ + hQIMA2nIGHycQ3VOAQ/9EeZntsT5tRcGWobXGfkVZ3lr6qVH+WzsKrjlx5noxnA9 + TePgBE8ZwRwV1E1DreM6kPERWYPX+XDpJi8lVEpvbSgaz3ECENGj4u9yaGwnRmj0 + 2uGFs6lUVfCFZx82bIo5JfUk5K8f3XnSk26z2maZXqEizDlqPzKqqcCEGYXv1ms2 + YdWDjPLbmvELinYngsBfwnvg2PFxGEVtbm4Bg6zP8J25VanL9LFIFRxsaIysA3NQ + oBmvNqXjlcRoY+wukd8vo/gNyD0AzFP+bC7mLP+YRhIe/UNxWoX+f6kTDWP8fwpC + jdStUJtIvei7mLtsCtchWeZcdzt/CkCquiUIdYSZ7nQFfcUhBY/Yd4GiRq2VZ60A + Dg/JFVQSWtio1328VplpiakpnqIyOncufv/2RvnybpiVBnEb0XSKQrmkFhVlHBvI + sH6LQ+EFe4XVETyKxVlNFlcVaReNKjgPOEZfyC32yxE4dMHXyNGuzwPpYQrdLhRo + 7tq0YBh+0M17vBL4J8uDRCuuRL+GZw4ljN7r8KifRh/VhV+XG2Dky3bSfp3/JZl7 + uguthXSpcJX3lQmhazGYboLkyKs/GFeNjpbEVWXv/WLECPdCiAHSguVglucLr/Gk + K+M4R1Y5rcSqs0dR+9NuIcjaPj9zld9iVqx+d2xYCBVkhEegsWPk806bv25p64jS + WAGpdUIMa2nd1TDvPUUqjXXy5WTT1bxQ6Dkxjh4q1exkLJwejR3mUXqSjRPnDkGw + BYeBSIoxaZUA6MewGHnsh53QAa0KLvXKoRTezAdeZdQnTGtU7eMWyic= + =U8Fc -----END PGP MESSAGE----- fp: 2372651C56E22972C2D9F3F569C8187C9C43754E - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMA0Sjf6jBUFOzAQ/9HlhYqT206UDQ01xipzJBTDnaWf6q2GZXwhnfm6SsLfip - t0lfr47qyyksV+nYwOsu05d66+NJAJSEh1lebyZA0rkgYWXnto70Q0wWzf7P0YmT - 5+S1axFqEH5miLtLJ+NIcTnyleyYmvGTq2Ee6q1+p/r4JyDY3P+PdkkRJtsTHzBb - wJKq4GQIb6nNekwZqwJE/jZWaw4aL4UJJnVWMajIOS4vT5qnlqn5iCL5VkBwHnK0 - Dol3C+l9E0Ba/2/uyWH/vKD2ha7X7vkvkcjsBC4wS0h3aQWPZMnw3flk6nQQnSL6 - 9mm9Ue8GBGaNIuH/igcs8ql23JLQyYVEZAib3AnqTVhvycDs4GLQ3+o92WX+bIyu - 5sRIbbvrCxlsVFelllrZmtsaPZziWSctBrseABlrDm1vReqV4w8hS09kmNb55BSj - Z4G7ZVj8SmKbLm7UvRWB9wF3PQtkzXH8ZdjQ1txmldHzM9ICpJEMre2UzgmYURPf - zt1L3lzdB039gZoAw7j9tbTb0jVoJWwhGUXLHuF96T7I1yyeBeZmfNcrqQzVb2C/ - GsXqnTop4i51RPCHPzVoXJqJ1r+EJz8rddj0MgKn1IyHwiNMXjNPc7txcaBZPobn - FzTakqvTtTOpVTiSZnWn2+4NwPmGX5qxyin2V7EOsvW89vv5Z0S4/Q9hpgTpp2rS - WAHQWl8ZS29y0xUeDgTOHlK/4NgcXVkWWBNSs8lMn+EBOko7IpavZeekjllJuXNQ - xLxiO3YkvvIsB+mIrVFPekU4x1qkuA9XU2LMsO1aFu1rzOujpsK5GeU= - =uKwE + hQILA0Sjf6jBUFOzAQ/2NWaI38EGek69B7his9JRt+7R6KLL9zc80D+1OzMfZZ2g + LQ3bUOvXU9dufDGKki9Yv68fyGdHP5TEmPTfsvBPMVW8mnIXIBrR8uZZgjSPrPvn + 4sGMl3CySiNy/ozQ/Ky2bNsytWsKN2kIawFCjg26dQPki5zrAHAK/pl4J32V1Tgw + qLj8y/sjbul7mhieJGAjEmkRssV/iiVg3ClqXCYDKnh+qB35NuGWXHxvOMXEUBgK + voeK0GRgDvtmrHDRYHD5Sl+Q/eRgU8cbDWpra2g1atwvZFEpVUppYzcxNAeGQUG1 + U33/31SYSoWU4oWkVmACuymN/DPA5o6sqT+j+oflJvq4bjhpfxy+uLle9n20e7Xj + zJNUBsOugVS81jxarGVEqXXiATQ43x2fbnpDjifb3V6T9DgQfzaGx3/XC7WPZArL + NmP/U4U44IeEQlKj5QxhTuo9WOkK5NEhdbwk5uBTU0hWGc1vd1PBVceEdeFzz4Ao + A66H2CFpS1coWgYq4X01KBQXXMD80vAfuqMr+Gik7MtaEY9qKExweQKhNS76dZ47 + 7HtVDzzLhBM9vVaN2o55GkWA4Zz9C0/a8Mc362+zBOl7hTN7/zeduzHwylCq1CK0 + cTaU9fpD3H5xQ18FMJDKUdDbxi5c8rl3kj1/FX/al79Sh6M4LEgdL+vYgWSpkdJY + ARIFAeuRwBS6nP53M7CRQ6hA74fh7wJLJ0N7Fqjworih4iprIdx7qwXtk7KuFdC0 + kkbKKl9lUekL0htbKvyZPgxYyeA0Mdv6cdWbLxScQJEKBM88EQj0TA== + =q/OW -----END PGP MESSAGE----- fp: 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3 - - created_at: "2023-04-29T10:38:52Z" + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQGMA44aajUHzmvYAQv+LDhlRusOz74841QjsK1AZh6aUQdPbQ79BlMuBwiIPZyL - 3lATykrGfddPKUyDoVa8vOXpvMKYrv7JnQ8xxwBYXIWx965py8Bfd+X+l8Id7NOz - GCAXVKc0XStlG6PqUx/cBJ4WYj7iVjJbsaIgVHcXs6ve2gs2JQNDyufoK82EBsOC - aT6wW3NMFq/KgSYWL14eEpo37RRC3tyegrIZLDWcnISOoBU39gHeAq3HHLRn8Hq5 - 7BcCGjpFrYDGWardf2mxt0zHzETCObzMpqgPC/rxLTNPZZ7ibdZ37wjjHTcFeuKz - tEeR8fzAX6xUyRqdgxdnsCedoLZnsykRfyRO09HCWG1bDOiJt3o9ulapYTrHdm1L - wL7B8g2ZHwvNpJvR7hhgq5os7T7DheRCfDpVEIMDu6uMQ9OBOFGuffBmqn48A0Vp - YXGK4oBm2SDYfnCjVxB7Rvm9IXxMbw/gfqpRDg96ZFjz1D+dQp42JervHRd54nAL - ThnHmtqTqSkgW1srwt+t0lgB6GhxBoyVktKRZKPBElqFGxxsul9Tf7NseeXE4TBS - kBoiIhaLWkZZ11Snis466fWuEBGymDSayX6AH1YTM3Lkp23XDf9LWOuKwyLumHIb - j80eAU8aEUmf - =UTjx + hQIMA+X8PKo7gQeqAQ//R0hJ2KFQM9e8lfyxXdx5VEYUtfNKvrheUUwKXKkDVM4/ + ORFbCie7SE5IAO98wIfxibjHd2cY/ztX1L0N5bRHS3cOjIvT/fJOsgM/i8phAcVP + +KOp0JivW+RY8VzVnr9TDeyO4sbAoG+s81I8ie0xOg7JUHRrESygUC0qU2m0GxxD + FVziUaal1azOo2Odm0NhWhpgsE/ZpKelU1vxXuLLSRqziS9se3OR0Y9/aekAZX4y + gJ7qxllbAfozP0EfKxrdRezThF69zFkTBT2MKOpgLGal+18fcMGUMKtt4BsLfMRU + PwWRD1ac599odLyGAIPwrUegssZRSxLVAPYuVCs2XnG45jaC22lCHmRPK1pZFA4l + 2HlkJX5R65913J0gJhkVCILAlkDw0ZuR5eSpy9mYihlkIEhcu8F2J7gs4ydhe4Kq + J+C9xXCkyHbpQgk6cZJojDSCFwNn4NVCPkSo5STgfl36NiplHACkajoCs0ZIeQih + Swm6zdztCeC/m0HsxhBEEZ4AVDud5TyRlpQ3j5wv50uZctMubl4yTzQClDGnIMwY + fRyAslIwAiCVtG2xQvDz6fR1jwtC9jRc5Xar4UVWAy3QKLtQ3wASwlTtFbXI2FQQ + 1b95sfafroVko3BMsR3+S/DXn4C+ZCEf+b/t93Kt4zWARvU/SfJkNMGikjRKFo/S + WAHSrnoLHz1GU5o1QthbLU2by5MGlDsiPXfbLcj2Jz0eyjMRO+hzFzaX44rqohex + sTT8Xik1f5TrEWrBCUtZFqjmii1giVt6h5Wgq9nwUoplH+QjOX1VezA= + =+oQj -----END PGP MESSAGE----- - fp: 43B4E35299E0D3D0F85143108E1A6A3507CE6BD8 - - created_at: "2023-04-29T10:38:52Z" + fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa + - created_at: "2023-05-06T07:18:02Z" enc: | -----BEGIN PGP MESSAGE----- - hQGMA4JsBMC+MZ+iAQv+K8nKc8DLxko81TKaI7Era1+HnVgkzcKnFoFjn7dg97s+ - dQRoxE/p/uiI9B7t/BL5kwOVOCSr5Td5px5blto3khWGPKyTOxi8miOc+PUDlths - Ag17m3ydDVjjZcB6Btkqsar3V1IQ5iUTCw568GRJytqIOdxJ/fPUOLkjIxkIreKz - QCv4Qmhazis1xsSwNUNml//1mJJ91QQw2veEC9VbNcdZ0Bj48t9kEkDVkUZSFupK - lvv2C+z9h1c6CUWPOZXFy0fMCJZhJIetjW3eNJJc5tQrWNt+p4gQWq02V5pdZvap - NjfItZPJWgyg6kK56rp+0ngci5oYQVRqU6rmhD51H8ZJw3ceVeWpf2YQFJogsio/ - 70m1PI/xQQCLHLp8wJa2rWwkQGTajJvcHeMxYNn3X6zXwnnC7pkZ/6uUseue7beb - 6G/nPnBW1OuRMz9wwQjYRuIZukUQjzbI14SFAyHRphF6BT90uvOXYguYWW9KNX91 - Blg5w412WDkRhvRWQQjd0lgBgeikRSw9+5I1JH8/nltgywcuyzD7Z7P8z9LEWxl1 - jNBfAemH0m3MiGz7okLH2IuxTcE51NVBWdWL6Gl/xvOJd4oKbvdz9EaRyTsMs1zO - wmHPgDx497bh - =GEAy + hQGMA4JsBMC+MZ+iAQwAoy+R+5Kw2zWSaV7T9yN+ikkuBGM+WaJ47SqpyllLuBV3 + 98o29BPoT1rSlNWPcwISdW5Cbk3lnNjYcHpH/qIpksQKGL9qD5NL13cZR/HbsmY+ + Lu+hWoOhgpHvR6Wh0USZ4wuMi9B+U+9HQsGV/GuC2hpaEWODOloRe8IXKJJNfW9b + Nzr2dvaiK8YYPzb6EIJyVBhlRMsh4HqLXR9PBcYH3BEPyeUY0F4gjJVt7tp/vMST + eVoDSxfRT1kiab1W0xdyCHAR+XXogQKj4z5Kd6mndyuJP7SfPRrYNNhRPw6/CMmu + A3kxShXzR9lFpvQ386uGQqhEtDVXtwTsAXgsTDxwC52wJ0Dt5/kZVuos7jmH46zN + D+E5ijAYL8tG7xt9f8Nij821AgHaxS17+efUTU0ScDs/y8cyDf2SqxkRVAxzomzg + zovLziVGgx/8k1+do0rujroveQkb//MVrDeBe77mAEQO4yHELETMrdqyosDohyly + rNFkmNIUFObVYYW9FOS+0lgBspXxfT2Qa+0njtcPd1PrI6t8ZQ2C0LKQYM9uUwuU + a+envImXyOiczk//UOkuk/z7sCZasW4lE3/kF7Lo08/iRDXfLopulGCxpMYz9IMI + nphGZTnmT7cF + =tJWJ -----END PGP MESSAGE----- fp: FD4E1FB15DD0F36A77790229826C04C0BE319FA2 unencrypted_suffix: _unencrypted