okarin: Init
This commit is contained in:
parent
89bc09dcce
commit
cc47b75704
|
@ -6,9 +6,9 @@ keys:
|
||||||
- &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E
|
- &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E
|
||||||
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
|
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
|
||||||
- &yuzuru F4B5F6971A1FAEA1216FCE1C6745A652A31186DB
|
- &yuzuru F4B5F6971A1FAEA1216FCE1C6745A652A31186DB
|
||||||
- &okarin 43B4E35299E0D3D0F85143108E1A6A3507CE6BD8
|
|
||||||
- &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2
|
- &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2
|
||||||
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
|
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
|
||||||
|
- &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: machines/nunotaba/secrets\.yaml$
|
- path_regex: machines/nunotaba/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -64,5 +64,4 @@ creation_rules:
|
||||||
- *vueko
|
- *vueko
|
||||||
- *fuuko
|
- *fuuko
|
||||||
- *mayushii
|
- *mayushii
|
||||||
- *okarin
|
|
||||||
- *renge
|
- *renge
|
||||||
|
|
|
@ -1,22 +1,28 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
xsDNBAAAAAABDADNCsoMbqEZfA/bTPgZp5W+AzMvWhHlEkgxbldZcTDetCfmU+oR
|
xsFNBAAAAAABEACgnoiAZQChPJOD9Bh4VxtX+/KWZXBrw9HhK1aufLH2Q4bS+mrg
|
||||||
tGxL7xg5eCjYFbYklpxxzzjoCRAPKS0MQKCw2Nnxst+NP8nuhVHld8Iwg+I7l1X3
|
Te5SgFrfsiiYOvo8O2rESmMIWAHRSGxcdcT09+ZZtZxlxW7dmoUXLaPY+Xft0oDT
|
||||||
07dquic4CP5uXXDByArk09nJjg1wFz+YEaPtLu6ox4JF45vtdg9aB6kWP2gz7Th2
|
ekLBs/g3N9qAXYq8XC/YNw0R1FzhComq/enQT2OTcaWES3b2OlFAkn8SVSTTdKgG
|
||||||
0aBn35CC5eXMGX66/8BVFzw+lmFKr9KYFL/N+do5uHdI7BfTHbo0Y5eLc8HaqGbr
|
jfmPPjDuTTYWPDPPmVRhaRkT/AcByyRcEcYxw4Zn+62iY9ZuV8FG0O0UcR2I/vEw
|
||||||
R03b+6BMYbeFNEwfGEZFoHmDPg2lxY/mdlDadleYsDopKqRMcoSdaJq/qpRzqwSO
|
KwYxHBC4IiqWvCmeJ3mEcf2NBbLwp2hB79dyo9RN8zxbu2mwrCNNO0hbkJGsxom1
|
||||||
Qg+2bJK9n5DziD8Ae9LQB5UHuuESuNgFuInZd42pHXy2fD4/t3/mOvri2zxN0wHY
|
NjKh7KZz0eaIpb/WAesimHCaAXcB9ovGiyyHjECmZkvKlAXMttrPkF5QJZW2Iao7
|
||||||
AeCLA/VW5YQK2ko+yLSjc5J8e9NEGurHFTD3e0Noy1zmZ3OCTnLup4gpMQxCBxqg
|
jcdcT0CNhC9fUwdBPIVRVjQQPyCWrqZEas+zG0tU8nbMy+uI/rT8ALC0zSgQMVyr
|
||||||
ZPNtjDmVHxaCcrLATgWjIkN9OrnqFO9czgluPuNTOzhhY/erh8mvhe/gbnFneJLY
|
YDIM7tYHbuBjgHja8gvwAa116L+uTXzkCTuH3OQHowtuvDjorXDKNs5akqJpAPHF
|
||||||
5NxCKQoTY6UcRF0AEQEAAc0pcm9vdCAoSW1wb3J0ZWQgZnJvbSBTU0gpIDxyb290
|
a/fhXzjtY6RfLVp0Hj1+fnwrzMs0D1YdlJEjsBxvpieMTGPXH0YA5ondK/OsHsQD
|
||||||
QGxvY2FsaG9zdD7CwOIEEwEIABYFAgAAAAAJEI4aajUHzmvYAhsPAhkBAABuWAwA
|
uzUgKzgGpq8Kp7hXhxi8gevHmNgVN1F4CNlTy0qOkFgD8U11Fk9O4svI+OtzslPr
|
||||||
oyNZsphWW+nFEktVR2mBc/28htSazlC7SO3KSSblIyywmXPkLkODfD6oQ+rJb3yI
|
/EXRC/faJeFdT20M0BIqhQVWZFiRRMMsHJgZ04mWG40Wysm8esZ3dwS53QARAQAB
|
||||||
F0f8g3bw9N56PpPn42APF1VouLjxJT0ZcgWHww/AawdOMf5MpB1pTpLkR5rPSZyH
|
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
|
||||||
/1/966o/4NcA1InqqNdYAwfLQ+IRdsLYGBYylJ3zMSkUbSN+Zrvj9LofmT2CppSY
|
AQgAFgUCAAAAAAkQ5fw8qjuBB6oCGw8CGQEAAOyUEAAHW0hbAjCKylnIaezMqNiG
|
||||||
4vWsYiBBMB/RrB53Z6eeGOqzZim5GamPtXYCb6LlumpKVOJK87TXV1eDE/RSVDRt
|
yDwfM+MpNXaqB4sG0UUiIdgSUTk06PN5dlQ0Jfvh1I7P9y8CxqamlqCUXiqqWEOR
|
||||||
R5K1dLkCm64sVzAxL2RxOxFa8VdLXjvhnmUYT5eU1bJTQjcslymw4W4ZpaMLNbfF
|
Am3Q7oxQKQdSDz//2ijWLdNFcT7bxZvNKQ/T78UYka/qmuLHx2jSuakAX2pAUrOf
|
||||||
7y2E9XbL4w1+MA0d7ZZ9MCuvVAODFs8BzPgqWxwGadYMcgmYEiBNHFKQtpjvP+Km
|
K7mbElSu8LD0y8hIDEyxuzB/aL13sHh1LkOUCSEgZ977EEfIEgPidPwEtGJvEbhN
|
||||||
4a+6+YyrlDPuhOZo4aoMUn8JYhJEYEVSQ9WGX/n4KoZFrvK6qdy1rV3qw8CF2KyH
|
DaP94cLNapv/lWux8+O5dzKi4R7ghXl6IvrP2LPXQSPF7C3mMZ1ZSX1nFxRjALXi
|
||||||
PHU83CnaiARbXociNiTheqZoCxLg1hqgoWOTpsTwlmTEDEAqKrPTNr8MJXh7YY/8
|
xiFbrJFkwEQQmVro/3wX9BZSmt6VnFRKkXnsCLlf9eT0aTmTirtqHgfet0PHqTNt
|
||||||
=sEUD
|
CxrlLKTZFN3ZFropGZ070ESs4i6WZUBpTdsYh/htyo5bWMcHO8J+K+Ttd1M8btM4
|
||||||
|
RtpAc/2UXa4+dVpLOGqdqkmUEJLVLyGnj9wZZgkx3tWGhjnSohCW3YqffQYlXUFn
|
||||||
|
xuiQQ8jKM6luuunMXLt6D9dzOch70z9bnjOm1Z6q/S3PIzn++awzA6N3VTKNuUBP
|
||||||
|
Phs6hlcAeqdQ6Q2EiS5iXKqPdK1nd9cPKzHOJf1fwlaRPSKeCtXUgkjAClu+heEn
|
||||||
|
rst1nggIhCBs+rHc518BVZvISLNVlj5LVwN0mKOk9YPuZItBCGX96WWJZdMHeZk0
|
||||||
|
MsxjN+we2woCXG5SJGYOyA==
|
||||||
|
=UTw1
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
|
@ -52,4 +52,9 @@ in
|
||||||
|
|
||||||
targetHost = "renge.sbruder.de";
|
targetHost = "renge.sbruder.de";
|
||||||
};
|
};
|
||||||
|
okarin = {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
|
||||||
|
targetHost = "okarin.sbruder.xyz";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
47
machines/okarin/README.md
Normal file
47
machines/okarin/README.md
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
# okarin
|
||||||
|
|
||||||
|
## Hardware
|
||||||
|
|
||||||
|
[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512 MB” = 443 MiB RAM, 10 GB SSD).
|
||||||
|
|
||||||
|
## Purpose
|
||||||
|
|
||||||
|
It will host services I want to have separated from the rest of my infrastructure.
|
||||||
|
|
||||||
|
## Name
|
||||||
|
|
||||||
|
Okabe Rintaro is a mad scientist from *Steins;Gate*
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
Much like the namesake,
|
||||||
|
this server requires a “mad scientist” approach to set up.
|
||||||
|
|
||||||
|
Ionos does not offer any NixOS installation media.
|
||||||
|
I could only choose between a Debian installation media, Knoppix and GParted.
|
||||||
|
Also, installing with a very low amount of memory is quite hard.
|
||||||
|
|
||||||
|
I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size.
|
||||||
|
On there, I installed NixOS.
|
||||||
|
Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some.
|
||||||
|
What I settled on was
|
||||||
|
`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`.
|
||||||
|
|
||||||
|
To make btrfs use its SSD optimizations,
|
||||||
|
I had to force the kernel to see the device as non-rotational:
|
||||||
|
`echo 0 > /sys/block/dm-0/queue/rotational`
|
||||||
|
|
||||||
|
Another problem was the usage of VMware by Ionos.
|
||||||
|
The VM I set this up with was obviously using KVM/QEMU,
|
||||||
|
so it needed different kernel modules at boot.
|
||||||
|
What worked was setting it up in the local VM with both libvirt and vmware modules,
|
||||||
|
and then removing the libvirt modules once it was installed on the target.
|
||||||
|
|
||||||
|
Getting the disk image onto the server was done
|
||||||
|
by first `rsync`ing the image to another server (to allow for incremental iterations),
|
||||||
|
which then provided it via HTTP.
|
||||||
|
Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui),
|
||||||
|
it was possible to just `curl http://server/okarin.img > /dev/sda`.
|
||||||
|
|
||||||
|
Because of all the pitfalls of this,
|
||||||
|
you probably need more than one try.
|
41
machines/okarin/configuration.nix
Normal file
41
machines/okarin/configuration.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../modules
|
||||||
|
|
||||||
|
./services/proxy.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
sbruder = {
|
||||||
|
nginx.hardening.enable = true;
|
||||||
|
full = false;
|
||||||
|
wireguard.home.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "okarin";
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
virtualHosts."okarin.sbruder.xyz" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
root = pkgs.sbruder.imprint;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
}
|
71
machines/okarin/hardware-configuration.nix
Normal file
71
machines/okarin/hardware-configuration.nix
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
boot = {
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
kernelParams = [ "ip=dhcp" ];
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "vmxnet3" "vmw_pvscsi" "vmw_vmci" ];
|
||||||
|
kernelModules = [ "dm-snapshot" "vmw_balloon" ];
|
||||||
|
network = {
|
||||||
|
enable = true; # remote unlocking
|
||||||
|
# for some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands
|
||||||
|
# this works around this, but is arguably quite hacky
|
||||||
|
postCommands = ''
|
||||||
|
ip route add 10.255.255.1 dev eth0
|
||||||
|
ip route add default via 10.255.255.1 dev eth0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
luks.devices."root".device = "/dev/disk/by-uuid/67f2990c-636a-4d80-9f6d-7096fec9e267";
|
||||||
|
};
|
||||||
|
loader.grub.device = "/dev/sda";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-uuid/8e3082d1-4af3-4d5d-9fde-d30dc7552d41";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "compress=zstd" "discard" "noatime" ];
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/883c77e8-53bf-4330-bd9e-89ef71ad9518";
|
||||||
|
fsType = "ext2";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-partuuid/d9cf5716-25c8-4f72-80e3-696e0dfe1079";
|
||||||
|
randomEncryption.enable = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
zramSwap = {
|
||||||
|
enable = true;
|
||||||
|
memoryPercent = 150;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
useDHCP = false;
|
||||||
|
usePredictableInterfaceNames = false;
|
||||||
|
};
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
networks = {
|
||||||
|
eth0 = {
|
||||||
|
name = "eth0";
|
||||||
|
DHCP = "yes";
|
||||||
|
domains = [ "sbruder.xyz" ];
|
||||||
|
address = [ "2001:8d8:1800:8627::1/64" ];
|
||||||
|
gateway = [ "fe80::1" ];
|
||||||
|
networkConfig = {
|
||||||
|
IPv6AcceptRA = "no";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# no smart on virtual disk
|
||||||
|
services.smartd.enable = false;
|
||||||
|
}
|
52
machines/okarin/secrets.yaml
Normal file
52
machines/okarin/secrets.yaml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
wg-home-private-key: ENC[AES256_GCM,data:4L8aIvgFi+mBjnyVy5IkPaeJRadJ5NCKZprSkBPwMNiVaIscjAdp2yinBSk=,iv:6pBo+6M4EkEjz184XvisWXEoomqJXa4M8Qa4nJHI65U=,tag:3DEsmA2xxAlx/PSbD3HOIA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-06T08:49:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:B7e3sh96p2DlqM2SgHWoJ7RZ2q5tnZ6lohNc7UKmwG1HTkrPKW/6jobW2InQnbZn1bPmCERoJIF9QyUz+OxotTiKIXxSL7BJkkfpIkWy9IgjIeADjevHkplm2rXONiXaM2sD46bPKbuRzuhbCZtNwUH74gTVfKPVLVrzpnPRC74=,iv:TTXlBGhO7xLCC3Ad+xiQKmy4b0n0vuQRaCdoe7vpzSE=,tag:dZCharRGK//w48ePu7d2eQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-05-06T07:18:18Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAwDgSONkM+d4AQ/+Mg9Zf4S9cmANlMgjcq8aj2ynrW1roKJGHiVqHfuL84Ua
|
||||||
|
yv32BJegPbybVAcQLDU7V7lgtz+5cbkvkPYJSeFT97q0oNUCgoXxSRWu3sNtbXGc
|
||||||
|
Zph/Q5YDgRll96n1Rsz5eJr6exd6vtikuGGx7XXLt2PIuT0u9ROcCntmFQfkPKD2
|
||||||
|
Phs8dcsAI8R8JtVur+cQGBWAtPhmII1nY/oHbyOktD0eYbRQ/+0jy4ja/NosSOqG
|
||||||
|
KXPdUCvS6ZJeB6jwFeX4iA+s6xwDB824wSGOUyV5QqAwAuQvaEn/4J4OD/FD6vjy
|
||||||
|
lk7FoTb24ukQFFHrpl6vv04R/7Hc47EGBCI3K+zL4yw+X9hGw6CNTOH3J05J9Da6
|
||||||
|
iUxJE6adyBMajS16b8oGVmfLAv7Fuf0oIYDJYGehqWVEEVEEa+7/mvir6nQkyK6C
|
||||||
|
96vxfP9C+vaJslLm4mrsCS1oXOoX/nKs3uuURKIu0a0IWfP+zFA0tSzbugllndCN
|
||||||
|
wQgB+pOA7dHpyhQcbKgtLNONAudMsOTdApYE0Hj7n2GL7l2SBc6lJRRFx80JYago
|
||||||
|
TFj1mUi1Z3gh9JxDk55XO4YSD1lgRXareb6eamSNB9cmujzniRczT2Ktc/5J7k82
|
||||||
|
dc8X1YNn2sz7uO6tba2t6Gn7t4rkff8wr/7SP2oNdmduaj413wQnJwF+zOpzIAzS
|
||||||
|
UQFxypUHMwQf5PtUs7hSA1Evo9XTZg1dGKNr1rQJR0tV2advXaymOKmunVxVdovX
|
||||||
|
KrEkT9ON9BqHMJ08ZSwFdHmw5nFHhCVQUcziyYBzG9GtoA==
|
||||||
|
=2yjm
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
|
||||||
|
- created_at: "2023-05-06T07:18:18Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA+X8PKo7gQeqAQ/+LQlvZXjbIhj8ph2io9T5Si9ZkexxPBh3t8f6pOCyAZro
|
||||||
|
oI50vx50huckq1OV6zxuHYdnGD2rUpgEPXxxVTf3vKgAw2pIIPHQJn0G7xOO4/6a
|
||||||
|
dyIHxCU+iwZmAzh1Dkxxx9yr6z1CaDhdFCSEbwKEIuOZi/VAserPVJU7owRCIR1g
|
||||||
|
pphBTnOwL8hUo69JRUtZkG4lrLDRNcksn+uPNH6WvCiE6OTw1tI+qCqEFzHXKUMB
|
||||||
|
zmH/caMZFM2mf+wUODmH0y8adn0A9Q+vBWEjfwQ0p7LUmTscZ7ipytt3EjyJ3WxQ
|
||||||
|
t7vqXacm5Q8tlCVnByYUQEcYdJPJFvOLAhwDTcqQSwajq+Gee0uQyOTaNh9ZOl2I
|
||||||
|
5pL1yiLgBMg3MlUwkpZM3usRvSvdPmiv+cR8TrrWPq7EYpdrOCY3v3trGsYE+x/e
|
||||||
|
fw1oRUItvv1cPXMWEKpwEX+2ueN7BTRrxujkor7z9FAN4SAw6XbO4YTLw8/0r+/2
|
||||||
|
2SlQPO6UBGO4nj+f1kC2FzFxkLDz0AYtEXpNa9WgBVxMuMJ1c3jrJ11dhRwrlDyL
|
||||||
|
h5d6Aov+HMW+e4pdAVDI1z9lZ6SWVpCZG83PuAkOXdFWiBOoYt70BM1rLn2w1bBn
|
||||||
|
vfC8pOUaWNTyrfrW2GdY8QOoKPLkk8Lm1zaUWQ/J7/jErMTQRhp9cULLaQ+nKkrS
|
||||||
|
VgGImUPZROF6VMQPlKcm7ZMTpUP6XyuInbh/GlaRAaULGXEqQ7RqBDI4HXED5w6G
|
||||||
|
GPUmbAlFZmRTELDFekdI3N2i0JgEMaZVlzNbnSHXLcyJbEtjDWa7
|
||||||
|
=qBwQ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
22
machines/okarin/services/proxy.nix
Normal file
22
machines/okarin/services/proxy.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
let
|
||||||
|
proxyMap = {
|
||||||
|
"sbruder.xyz" = "renge";
|
||||||
|
"nitter.sbruder.xyz" = "renge";
|
||||||
|
"iv.sbruder.xyz" = "renge";
|
||||||
|
"libreddit.sbruder.xyz" = "renge";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts = lib.mapAttrs
|
||||||
|
(host: target: {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://${target}.vpn.sbruder.de/;
|
||||||
|
proxy_set_header Host ${host};
|
||||||
|
'';
|
||||||
|
})
|
||||||
|
proxyMap;
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
sops.secrets.invidious-extra-settings = {
|
sops.secrets.invidious-extra-settings = {
|
||||||
|
@ -36,6 +36,7 @@
|
||||||
local = true; # no external requests
|
local = true; # no external requests
|
||||||
use_pubsub_feeds = true;
|
use_pubsub_feeds = true;
|
||||||
modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches";
|
modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches";
|
||||||
|
https_only = lib.mkForce true;
|
||||||
};
|
};
|
||||||
extraSettingsFile = config.sops.secrets.invidious-extra-settings.path;
|
extraSettingsFile = config.sops.secrets.invidious-extra-settings.path;
|
||||||
};
|
};
|
||||||
|
@ -45,6 +46,12 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."iv.sbruder.xyz" = {
|
services.nginx.virtualHosts."iv.sbruder.xyz" = {
|
||||||
|
enableACME = false;
|
||||||
|
forceSSL = false;
|
||||||
|
extraConfig = ''
|
||||||
|
allow ${config.sbruder.wireguard.home.subnet};
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
locations = {
|
locations = {
|
||||||
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
||||||
"/privacy".return = "301 'https://sbruder.xyz/#privacy'";
|
"/privacy".return = "301 'https://sbruder.xyz/#privacy'";
|
||||||
|
|
|
@ -9,8 +9,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."libreddit.sbruder.xyz" = {
|
services.nginx.virtualHosts."libreddit.sbruder.xyz" = {
|
||||||
forceSSL = true;
|
extraConfig = ''
|
||||||
enableACME = true;
|
allow ${config.sbruder.wireguard.home.subnet};
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
locations = {
|
locations = {
|
||||||
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
||||||
"/".proxyPass = "http://${cfg.address}:${toString cfg.port}";
|
"/".proxyPass = "http://${cfg.address}:${toString cfg.port}";
|
||||||
|
|
|
@ -18,11 +18,16 @@ in
|
||||||
hlsPlayback = true;
|
hlsPlayback = true;
|
||||||
replaceYouTube = "${config.services.invidious.domain}";
|
replaceYouTube = "${config.services.invidious.domain}";
|
||||||
};
|
};
|
||||||
|
config = {
|
||||||
|
base64Media = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts.${cfg.server.hostname} = {
|
services.nginx.virtualHosts.${cfg.server.hostname} = {
|
||||||
forceSSL = true;
|
extraConfig = ''
|
||||||
enableACME = true;
|
allow ${config.sbruder.wireguard.home.subnet};
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
locations = {
|
locations = {
|
||||||
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
||||||
"/" = {
|
"/" = {
|
||||||
|
|
|
@ -67,6 +67,7 @@ in
|
||||||
"renge.vpn.sbruder.de:9100"
|
"renge.vpn.sbruder.de:9100"
|
||||||
"hitagi.vpn.sbruder.de:9100"
|
"hitagi.vpn.sbruder.de:9100"
|
||||||
"vueko.vpn.sbruder.de:9100"
|
"vueko.vpn.sbruder.de:9100"
|
||||||
|
"okarin.vpn.sbruder.de:9100"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -6,9 +6,6 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
services.nginx.virtualHosts."sbruder.xyz" = {
|
services.nginx.virtualHosts."sbruder.xyz" = {
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
|
|
||||||
root = pkgs.stdenvNoCC.mkDerivation {
|
root = pkgs.stdenvNoCC.mkDerivation {
|
||||||
name = "sbruder.xyz";
|
name = "sbruder.xyz";
|
||||||
|
|
||||||
|
@ -37,6 +34,11 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
allow ${config.sbruder.wireguard.home.subnet};
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
|
|
||||||
locations = {
|
locations = {
|
||||||
"/imprint/".alias = "${pkgs.sbruder.imprint}/";
|
"/imprint/".alias = "${pkgs.sbruder.imprint}/";
|
||||||
"/transparency/" = {
|
"/transparency/" = {
|
||||||
|
|
|
@ -60,5 +60,13 @@
|
||||||
hostNames = [ "nunotaba" "nunotaba.home.sbruder.de" "nunotaba.vpn.sbruder.de" ];
|
hostNames = [ "nunotaba" "nunotaba.home.sbruder.de" "nunotaba.vpn.sbruder.de" ];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo";
|
||||||
};
|
};
|
||||||
|
okarin = {
|
||||||
|
hostNames = [ "okarin" "okarin.sbruder.xyz" "okarin.vpn.sbruder.de" ];
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaev8K5KhRovW75IdZ0HYlzvxxo0haeCM0xCVEOuDSa";
|
||||||
|
};
|
||||||
|
okarin-initrd = {
|
||||||
|
hostNames = [ "[okarin.sbruder.de]:2222" ];
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,10 @@ let
|
||||||
address = "10.80.0.4";
|
address = "10.80.0.4";
|
||||||
publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8=";
|
publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8=";
|
||||||
};
|
};
|
||||||
|
okarin = {
|
||||||
|
address = "10.80.0.10";
|
||||||
|
publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk=";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
cfg = config.sbruder.wireguard.home;
|
cfg = config.sbruder.wireguard.home;
|
||||||
|
|
236
secrets.yaml
236
secrets.yaml
|
@ -13,160 +13,162 @@ sops:
|
||||||
lastmodified: "2022-08-25T14:27:39Z"
|
lastmodified: "2022-08-25T14:27:39Z"
|
||||||
mac: ENC[AES256_GCM,data:75hpB3gQ5WhqdSG4q1w08dQ1g9QGK2PA3hqXHnRz7cosjAERyldIG9TmOATrUGLULUy+E8fnOaACCatY5aMXVL/wmn77GkI4EA658D9j3Fhm1+k/Tv+rE8+4icb+9YNVZijLpHzSlMKZVOdYyg+CZlAC/xDz6ggdZOO6Ks29N+Q=,iv:0NKHdZxKmcUNiraoBW4WldO2hHkaTDVH0sUk/lh1Xg8=,tag:mRfDetmVh0Nv/4nHjCs/5g==,type:str]
|
mac: ENC[AES256_GCM,data:75hpB3gQ5WhqdSG4q1w08dQ1g9QGK2PA3hqXHnRz7cosjAERyldIG9TmOATrUGLULUy+E8fnOaACCatY5aMXVL/wmn77GkI4EA658D9j3Fhm1+k/Tv+rE8+4icb+9YNVZijLpHzSlMKZVOdYyg+CZlAC/xDz6ggdZOO6Ks29N+Q=,iv:0NKHdZxKmcUNiraoBW4WldO2hHkaTDVH0sUk/lh1Xg8=,tag:mRfDetmVh0Nv/4nHjCs/5g==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
wcFMAwDgSONkM+d4AQ/6AhiKG1v8a55doHg+Is4HR0C+bOmKCCFPa3w7yLePvALg
|
wcFMAwDgSONkM+d4AQ/+LrvmdnNeTuipzg/KqCefKChE4Bs1gdCJ6n6oud7hQ5YQ
|
||||||
d4NuLXteVLJuxprH7EhsaLh/nUo9ruwCujzE335VSismaRoC24vnuXiytXeSmVVV
|
Bn+lSTQtP21hXryf3eeVVLNLPjMuCVB/e60TZNKRjKFz3vKJsvK9Q5gEHgTk5bTL
|
||||||
6GC9AgHOaceuuamPyqayaqEoddVUSP4HPGf5+94ofH0ciwcan09mcFal4mzK/m6D
|
yQYbQOIxW0F6jusTR4jsOj7mVjkkaD6s0r1lHqQ4XdPSaHlen6zF9NSxnl25BY9M
|
||||||
XoAzTV37qYOgtcGivfNhh+23dEgZTOccFDdpMl0h/6GpcgGj9UKOlieZX1Ec4g5Z
|
Q5NJh1pjtgFH3opNflZ17kpK98AjtTpQJIfGpRuN7jU5Fpi0skQWXC61UeCOpGOR
|
||||||
zpnFI0uSgpUbMSm9rr56k3HX0BwljXwgJhS/X1DmFJOL586aGoI8i+TCrz7CDQZs
|
xuGrP+bIwZkwbKmPpfVXr5LaMl8wZILLKAqRwVcN/aw2YLAhtV0fDABE+QR7WsrM
|
||||||
LfkxLf+4ztU4jcqd3ymt3M5oVXOjcqpHvUUmLJpyBqR1T+HUYZ0PS26WJqhYc4Ez
|
JJhSdZQY2SBhF3pu6xUzmDWaQu/BanMC8+d2QkPRS+okgR/0RFiDtuShNV4ppWVn
|
||||||
lIZtRs5wp5KLU7T1ZIFP9sevPYMOOK6qOzvkk0/NoW1AQbDidxPxXDliZ6n7E8aQ
|
GNI14RiorGYY0l464WhCknmYsmw7dx0NUwclEdw5zff997rtRMq/8w4x3EA+7UWO
|
||||||
cBYWKFU7T1mkDmzDgtvInCWA0DOtrm962kvH1838D7YjcNjXBMKoc//Zne9Q8VY7
|
MV6llfPd5g72mX4+j1fKjET87D7NJUQ8BdZ0Zy+OJcDJSIKDKhrF6o5EbbCwMw0j
|
||||||
Goj/fPzOcsI9HnjNsjEpExOY/My2RFG4eXXJpC3F/nwAcUKhLKrOR7Z5pcWDVHHj
|
2XIOeeSIzfT9FaqJUk8PEaMwYmYPXOiO2Fmm8FBpj2cnqiZNmY4RFnfpKAri7jep
|
||||||
4uTq3nztLbzaH2Q8llpWhgTqjQjnSqqY7aLEboobu7oaWixTugWEn1adcko+53Cm
|
UUU8toTaR6PEEYFr/KuNSgZhqNB7u+9cHx4x6V8MAmR2eV+u7GIY9b0qAQ5dla9o
|
||||||
kUHSpxhpFxpzpswWeNAlHzoZfI8Z8FlFq0yLs0M3aG8jQZHyLeos6Bb1opCYYKXS
|
3b0r/KBhSM50HeRaJlHccnKw9JaUvx0qnBn9t2Gv1OKuqXIcs8xbHpegBu6bFNbS
|
||||||
UQFJimLuskzrEm0dCeEkcJ1ZIOLep9mbhXTbCRH/3/9aWwjvX0CTYihMfI/dnTqz
|
UQEmPy1p+TwkcoNk6LEQ7Wi1RdoTPC+i86PiH77ilUjVbi8CQpWHvcXCLUH/dbOB
|
||||||
7cqZAywCQ826+HH7mDLEVSnBYlGQBEXfqAKDlxM9l8n9iw==
|
GKchfzpiyV05YvU2ShgOMxKELnlI3U82+Lzc8Iv376Ksww==
|
||||||
=eA5R
|
=INAE
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
|
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA08nOrzNSYBrAQ//b+fugsD293++twd1vc7zLRhVNCV/kLqDx5ylqpvEdWJq
|
hQIMA08nOrzNSYBrARAAqjCHvg7YHAbcywSfNVrLRdY/BvOTPgtGXKNPbRf57Xbt
|
||||||
fvmt9i8zoT4j7Jkqipn5wcVDRJJ1DgI4KmNV8q34/YRxIai3+P9U09pNpIT2ovxi
|
dvjvawR24CjVp6XcNRVrBwUDx5V6goJIYTRBYhkIm0gup8QT1EHYgVpBLSMB94b9
|
||||||
HoCLZdSRCKO4SuqUV0tq//NPplIK7eBHEO2YVpPecXjgHuo0ODAVsl7NMiPJAmDv
|
43a3NQb47ykpeezT4q4PwS0JOjDKsWsmxtiV0M1ndF1JbtN8ySlVOmdXAxo40R4L
|
||||||
mRyRuDu/gk636ysa0NxDo9RoQrypfDHuvlUhBr0y15zHDqSH5I/AWcbRZJiJ8HFK
|
O/tb+qdP9e4jzhdSIVzsLgmqfWFAh2JVTPzVVqkitn8EVhc/6oMFwxWZLGg67ExW
|
||||||
H9ip0XoZHG7cxgm90zCYVYHIm8tmBRcefTglpq16JvnKMBUHXS1Q3VpwCjMU7AyF
|
+V2A9ahbDXpDb6qvJJZ/SxWPEt4VqqtV0A3Dgw9L1ULMaTnZYpq5Jnnr0pj+UxpP
|
||||||
WTPp6Ge2u3hzuav+3Fsbl3+jv7pthICHb8jLWp1sWUoPxoqUafpA4JuAvTbJXaSE
|
iiqpn/XVdKCS+uy1Vg6jejk6foXfWOWzlbCZ2f1LyExAS1iaK3NQFqEgptq0flSs
|
||||||
beZLtCXQVfKm6Oag/E4DO9QX49dR7TkFkYCtYJU5z9/uHaD81ZxrN47KIfTdjkGA
|
Lq3noOn9C8UszfB2zkBI83/+GvKqelUDacBzrnvyqXIKOG+oDxHti26oOBofro0b
|
||||||
zYUrguGCpns/G7/TRiJKsAljYFVUZY/KBu1rD4I4obeYPIyvDbqrq6n8PFuZUYWC
|
uRUtu9KyQEC7LAiZKb847iwSOsYC9IoBoOe2AOBRjuorLe4F+AAock+mmOzK8za+
|
||||||
NHQ5+XYBAi0J1iC3GAjECkUzkmXoiIwszXU9KhQF0FforLugA8CoPMsgIwB2LvCi
|
tjsjOD8hsBiG2qcz1elGhMiBL6ECwTUiBaN1qnjkaecMp/V1+9/Ye1Ji2ZwfratQ
|
||||||
SlscTRzNpw4p0epRzifwArCSyf+FclV6uXPaDraC0aVibSV7w9M6RJPkCqXeGvn4
|
k50Tn/rZozY8prZOxjTJEJCjyAG5nuKwSVa9Zga54vbvRqvOJfgta6NrejqohN52
|
||||||
4eSuHBdNxTcwTa6X4mGpd9tTA1I/MBZYaYEnNGNb0POAPMVkHkFaUD2fRJCffGPS
|
wAzRKzqQ/+HdOy6fSPQ2+TedAYqqayzkSnx+y5U53PfUSa+SqcrFlipesvDVRujS
|
||||||
WAFyqmi/+nnXFFXXNPmwCnbW3K9doqkj4JNWX5TOWxRTGNbejQNhsLCzutvKcaP6
|
WAFINB6Yhu5o1pN8dA+Esa4TekbCwN7R68OQ44nK1/sDmLRQEXH2IAfB8AQs+9VU
|
||||||
pVXKIf/U0RcK9GRM+WCOeuaPvOqAXle+GyurwRHJ+pYBqMDgLTYuhQ4=
|
N/wBE1LBTeqhncAU/42+ffJkozn1q2GSRdTxMAOurTlZ3i/CX64gxOc=
|
||||||
=xRG+
|
=gDvv
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 3176be14f468c6d43ab2206b4f273abccd49806b
|
fp: 3176be14f468c6d43ab2206b4f273abccd49806b
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA2UzePEMpuAKAQ//WjhdDAUghQJLH4RH6n1LZ+GOK/128ea+uT3auzCoWe2m
|
hQIMA2UzePEMpuAKAQ//fRzjc6H/pHY0fWffvaQ3K/1Irb9CnRs84K7Acya5qT5X
|
||||||
I+0YaAgPJUOXU+nnaaK8gPZdNPPTtBt0t7Ao6nY5JqElQZeudus7IlV0W/+jA0ef
|
yzolGMrgd7zdkjaAOzqB+n7D01ikbN2hdMCFl/5nNiQtfnRM0GqlXhSns7b7J8TT
|
||||||
12eCv9sFWmhs964EUr7qusauNJHgBvS44HY4sNMsR7m3GmUwdigpnWetxPkmaz2L
|
kAkhDGhFIn7S0XG9gqS6F0W8d6SoYynTz/AfhFDiTfPQGoLQcyj8CNpe02xHoLVB
|
||||||
5snBShgdvHxJTIi7pxJ1OI0EAE5+1pMJJwrrCLud+bK0ThYYApG0YGViVA/v54/G
|
gSEnmMTWPlbilvf4z6VeuTpKwPqOG/B25uB8V6s4YfBywpe+DCZJQK0vz14vWIbc
|
||||||
yftCatyjF1AUMPOnJoyKH1havHmtc1Sm9npkyGWWI0Xz1ZJbmim+BI6Vaf+je6K6
|
jL2wG0bHpXrrPCK+affz00jIiDPVuF9Oz36wfHEgsCzJNPVjDIl26Jb5pBNRzOHR
|
||||||
icHAFbrpxTaI51qsOZUmKW+0KwET3TRFV76zXPmYaXlBU8WZmkjufEDDPJJHK5RW
|
yLWZVnPrfP10eGSi4iYxB9RFHIgd/rSbIjCxTQCPwirzm5nXDStf409ITDOjARyQ
|
||||||
opcAYRMGHzrw9ZydNS+rpofh3YMc83vSV3n1W8s4Fwa+R1a65isRUoH3u7qFOgZ2
|
G06kZ0lC0bwIRoUw+uuqd775UMyCr3CrA2t6pojjmcxFoXBrWAKwD188F4N8LIVt
|
||||||
8nl9JDf9BAGnLDL2qSQMD7TIFFzMtupVzkvn71OXHyRvclAn/5qdp5+PAESxITV4
|
CKOv+2/SVL0sifCvfSpgcHG+eqSlUtrCNaTyfWV2yMMhLMLb9eS2bKj4SP5TTodn
|
||||||
u0KZw1RenFsI7ULQOowcmjSry5nMqfXCPFIY8GTfOJKfgTyTbwinhgCDG6KC7Drn
|
Kcem6uwzrbUi4lMyJVB1u3wvrrDzmiG+q+oTVgfF8Wf5Tv19+wG3bO/4d1Owh2R0
|
||||||
GnAtSoWPnkRYfc28dVYMakZVeqnbmOwKVgC7tRWe/heNCcYAyOhVpI8dUC1j8RRS
|
deTTm/Ghn1BasIaaXAZlarifnP4+7bovY79khLwm6Rks0KpVbN5W1UHDTfzZA0Dr
|
||||||
7kyzuhKsVmfyk6d/u3WVrK5Pf8jRbN/ur46PmgKoKf/Ym7ur0+sRQRhoRFaJqivS
|
YBOtbIQHcO5XjbtwcwHwTShmLcPzXKUxSkJ7NIeI+Gkf83c3gGM7iyirHr7vVWLS
|
||||||
WAEQqCerpFprGLyT6xWNhYSHDQWrdzEqKNl6jozVurXIBDE4Y8AowBeI4p0W0CQG
|
WAELBihpL3s+Fq7OIjhb72nlMbhKO9ewxIE3bubHQQytqC3GYrK9azdmwjoa7epO
|
||||||
dhx5N7Dfd7uDJZaVCspA+NSurg/ERZD1z8zEFsnMq+ahYnfR0EpBCcA=
|
riTqhQxKqu0TUoIwBraHdGwaxAeB+GwBSiO7X8iu64t2qF2z/y4zfCk=
|
||||||
=TGzH
|
=+soa
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 17FEEBB45E4245330507C960653378F10CA6E00A
|
fp: 17FEEBB45E4245330507C960653378F10CA6E00A
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA5TfpJU9hyneAQ/+P6P9VBTtHt/WcHU7eK9l5K/SC3uFp/9H0IU5RR8WFGQq
|
hQIMA5TfpJU9hyneAQ/9E9d4K39rFCnnPXKTuk3RhOxhKXLVRtGvF3E8F0jXtUQ5
|
||||||
KGiyvgoHciE5GtlWQ5YqDX+jyKkNK08yyyo588J4FdQFXXEks1iGGLFMuzdKiIyJ
|
aalP2efv93dPHGHnp3koIV6OrtVmvCBHfeJjHbmVbGboZ3x0AXfxKCSsWjSGrGAa
|
||||||
vmjN7R/hPd8/69k+chO3qpR39bMbl+MSfo9z19lrMWyuxQV/10N10lnZopJLGQZ+
|
sNGUPAG11D60mUG8XKtk8xWY2jztEy/WUJ2mBJE2oh0Oa/RIkEb2rQfg3tReOhOA
|
||||||
9Kitqj42FFcGo5sb1ORC147axuN+p5b4AnWjKYwho3Nt36YNH28PlLDAS3ruKru+
|
PEWwqv1ZUkgJ0c1bWjKW3NrCbQcgjM5vK6jb44N5qVdZx+9fWYawy92ubSggrQNj
|
||||||
P1j7rh2G3A9zaoLiKN2wG9wxU5QXuyZ5wEXgwL2BY/YCw+eW2BtpT0JrQ2K0S5og
|
Aee38c5+hVIcqP6bhYAxLr9Mv4JAekLzI5o0Si+4gmmlBaQfS5g4AxtfcEWujUtL
|
||||||
gOucdMTrpIqcUBqdqxVhJiVTa/re0NxfKl1ZJgQ4guu38UYNp4b8vOvj2R/vaRyE
|
v0Z7WihM2Oaomd078q4z6sd4+B31nq5ErGGee5p4+79MKHbzAjy8WByQxmFNOgwA
|
||||||
6wkDa+PmGw8+awI54Nggijj1WcKVIolUNOD1z/AX0FuI06bv6iKN+tYPKukUqAzO
|
Eexml4A+hwarIf/OwWkd5gWpqHPfMuh5vRh5IKdwbkKMMJtttalRCyIggajLWO1a
|
||||||
A7BwCpHcovJoPltzG0LYAK4he3+rkN1ueuWt0jQ1YH6I8XepNmIv7vRoLMvmOT0R
|
IIE34imc++33naZ9nEtOUj3hOe6tjbfJIZja6JueY4UAbPMO0SaHB5JM2ypfuPxU
|
||||||
pfI/h1XdeaXUJBYBaPGH7znq6wqsR+/yqte1HwRDtygs9BXfdpd5uTN/81LeTFiB
|
msQDJqnd/mm3q7Xvfdk/u3Vb+AQo8DbhXKSZQrZ7YwEfkHWHqdwZo6LR/z+gFm1p
|
||||||
7im5HkKhjx49lelDKqcfBFT4tM/ZvFcMzc1hS62Mcw2w9nBaZjl3npb0ktPiq8Xb
|
Nh5mjYbf0hwxgq3BNtfZ7C9mixDwbdu6kVyI7mB1gPfhHQonfhPxCQy+B50BMuTk
|
||||||
z6L08Or5En3Hv6X6Ej5aTpxHaIZbkfznD4q2iE5XeSBOu05kiq/0srPNEHO3vKXS
|
xHGGLCs64uXm8v+f+J33o0xVRgUWm8hfD1lSGQHhEDq5n8PfPkZ2PAcmTLHwdCHS
|
||||||
WAF78H5BBxSx4Xw8KlGeh6OhckP8M6Mk6YzXiEfeCVQBc/VttOsyxVDYxmSB5Zum
|
WAGTUyHtjdpT7jTdbZxaEJCD5rx17ry/zwzoKZzLJJ3P3kTbRlQ1O/SBthRuYEq/
|
||||||
7OdORZuLsYDZ3XxASSPErN1LBNMfbw/w5xaKWwwOZiVDKKQeK8Fgi6c=
|
+5lhZtmiqJBaJNRZJU9ZgcMeodNZ7z0JvEME+gvUrSpOjtjl1awkT2s=
|
||||||
=ig1e
|
=NYbp
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 4EA330328CD0D3076E90960194DFA4953D8729DE
|
fp: 4EA330328CD0D3076E90960194DFA4953D8729DE
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA2nIGHycQ3VOAQ/+KqlCMkgGZ8UIvmU2c/HrlJag9GwLA9B0g+rGducpS9Rz
|
hQIMA2nIGHycQ3VOAQ/9EeZntsT5tRcGWobXGfkVZ3lr6qVH+WzsKrjlx5noxnA9
|
||||||
aU2zRUColutNqy20NLWTg7S/67jBL2k5mKu9867ClhJuA5ZmjBwzrC1KUuz1v/al
|
TePgBE8ZwRwV1E1DreM6kPERWYPX+XDpJi8lVEpvbSgaz3ECENGj4u9yaGwnRmj0
|
||||||
oIbXTW+5o5949bvOvtPFfcZdQKk2EvdsGvaVC6jz303YNH2BK/g2506hPE2RGjiq
|
2uGFs6lUVfCFZx82bIo5JfUk5K8f3XnSk26z2maZXqEizDlqPzKqqcCEGYXv1ms2
|
||||||
77bYfE8WlFvR7bqrw6ad3uuYM/y0sdlNsyy3nBKtvg5K4Zt27Wk9+8NcpRbVWMuV
|
YdWDjPLbmvELinYngsBfwnvg2PFxGEVtbm4Bg6zP8J25VanL9LFIFRxsaIysA3NQ
|
||||||
blgz/aLpiHBHr5mzmBhTcUoLllJsYR/nx97teGV1xIkpgjl7brZIU79wxc8afGVd
|
oBmvNqXjlcRoY+wukd8vo/gNyD0AzFP+bC7mLP+YRhIe/UNxWoX+f6kTDWP8fwpC
|
||||||
k+VADmZB4CtKTSBTQ1jCg7y2X7kn6XbFozHehd1JEr/ug5stBjQiNTkcCVGxSrCZ
|
jdStUJtIvei7mLtsCtchWeZcdzt/CkCquiUIdYSZ7nQFfcUhBY/Yd4GiRq2VZ60A
|
||||||
o44/RAZV/KP+AvBq4kiNrABg6R2PAMLhGqIz00CWmKR2j31y5CUfJPKbbZs/YP+K
|
Dg/JFVQSWtio1328VplpiakpnqIyOncufv/2RvnybpiVBnEb0XSKQrmkFhVlHBvI
|
||||||
1QvkJVbAFPNVOeb1iCsnhWKgHH6ds6RqRij0FvIXr5bZtLB3fBltEMTyAeQUCDfF
|
sH6LQ+EFe4XVETyKxVlNFlcVaReNKjgPOEZfyC32yxE4dMHXyNGuzwPpYQrdLhRo
|
||||||
di4ERSJPIGN4ip2HfS5VDJ8LDVMuA6PVUsJaF55keTlKYRYvT9hEWSVjgcoVN2CQ
|
7tq0YBh+0M17vBL4J8uDRCuuRL+GZw4ljN7r8KifRh/VhV+XG2Dky3bSfp3/JZl7
|
||||||
elLNxDNsPzr+0Zg6Y6DXUH8Yp0zYD1kQ4bebSmCYhWKHbZer0cVYwNlStI846scc
|
uguthXSpcJX3lQmhazGYboLkyKs/GFeNjpbEVWXv/WLECPdCiAHSguVglucLr/Gk
|
||||||
HqdeJjRsiqKS32FMMkHBCAj6764RUfvje5FVDhQXyRzrkTuAhy9IWBJUhGX8yzrS
|
K+M4R1Y5rcSqs0dR+9NuIcjaPj9zld9iVqx+d2xYCBVkhEegsWPk806bv25p64jS
|
||||||
WAEQFrL/Kjjim9t24NB6m7yITYbcxj5mvM72EGZrBafPnLPWFhc2Kb8F3onl5I1q
|
WAGpdUIMa2nd1TDvPUUqjXXy5WTT1bxQ6Dkxjh4q1exkLJwejR3mUXqSjRPnDkGw
|
||||||
AxU+cQX8WotI1BXzU/BKzIx/BPbRYM9N9LYmkR4CEwjYWfLL4YdLU+I=
|
BYeBSIoxaZUA6MewGHnsh53QAa0KLvXKoRTezAdeZdQnTGtU7eMWyic=
|
||||||
=VtQZ
|
=U8Fc
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 2372651C56E22972C2D9F3F569C8187C9C43754E
|
fp: 2372651C56E22972C2D9F3F569C8187C9C43754E
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA0Sjf6jBUFOzAQ/9HlhYqT206UDQ01xipzJBTDnaWf6q2GZXwhnfm6SsLfip
|
hQILA0Sjf6jBUFOzAQ/2NWaI38EGek69B7his9JRt+7R6KLL9zc80D+1OzMfZZ2g
|
||||||
t0lfr47qyyksV+nYwOsu05d66+NJAJSEh1lebyZA0rkgYWXnto70Q0wWzf7P0YmT
|
LQ3bUOvXU9dufDGKki9Yv68fyGdHP5TEmPTfsvBPMVW8mnIXIBrR8uZZgjSPrPvn
|
||||||
5+S1axFqEH5miLtLJ+NIcTnyleyYmvGTq2Ee6q1+p/r4JyDY3P+PdkkRJtsTHzBb
|
4sGMl3CySiNy/ozQ/Ky2bNsytWsKN2kIawFCjg26dQPki5zrAHAK/pl4J32V1Tgw
|
||||||
wJKq4GQIb6nNekwZqwJE/jZWaw4aL4UJJnVWMajIOS4vT5qnlqn5iCL5VkBwHnK0
|
qLj8y/sjbul7mhieJGAjEmkRssV/iiVg3ClqXCYDKnh+qB35NuGWXHxvOMXEUBgK
|
||||||
Dol3C+l9E0Ba/2/uyWH/vKD2ha7X7vkvkcjsBC4wS0h3aQWPZMnw3flk6nQQnSL6
|
voeK0GRgDvtmrHDRYHD5Sl+Q/eRgU8cbDWpra2g1atwvZFEpVUppYzcxNAeGQUG1
|
||||||
9mm9Ue8GBGaNIuH/igcs8ql23JLQyYVEZAib3AnqTVhvycDs4GLQ3+o92WX+bIyu
|
U33/31SYSoWU4oWkVmACuymN/DPA5o6sqT+j+oflJvq4bjhpfxy+uLle9n20e7Xj
|
||||||
5sRIbbvrCxlsVFelllrZmtsaPZziWSctBrseABlrDm1vReqV4w8hS09kmNb55BSj
|
zJNUBsOugVS81jxarGVEqXXiATQ43x2fbnpDjifb3V6T9DgQfzaGx3/XC7WPZArL
|
||||||
Z4G7ZVj8SmKbLm7UvRWB9wF3PQtkzXH8ZdjQ1txmldHzM9ICpJEMre2UzgmYURPf
|
NmP/U4U44IeEQlKj5QxhTuo9WOkK5NEhdbwk5uBTU0hWGc1vd1PBVceEdeFzz4Ao
|
||||||
zt1L3lzdB039gZoAw7j9tbTb0jVoJWwhGUXLHuF96T7I1yyeBeZmfNcrqQzVb2C/
|
A66H2CFpS1coWgYq4X01KBQXXMD80vAfuqMr+Gik7MtaEY9qKExweQKhNS76dZ47
|
||||||
GsXqnTop4i51RPCHPzVoXJqJ1r+EJz8rddj0MgKn1IyHwiNMXjNPc7txcaBZPobn
|
7HtVDzzLhBM9vVaN2o55GkWA4Zz9C0/a8Mc362+zBOl7hTN7/zeduzHwylCq1CK0
|
||||||
FzTakqvTtTOpVTiSZnWn2+4NwPmGX5qxyin2V7EOsvW89vv5Z0S4/Q9hpgTpp2rS
|
cTaU9fpD3H5xQ18FMJDKUdDbxi5c8rl3kj1/FX/al79Sh6M4LEgdL+vYgWSpkdJY
|
||||||
WAHQWl8ZS29y0xUeDgTOHlK/4NgcXVkWWBNSs8lMn+EBOko7IpavZeekjllJuXNQ
|
ARIFAeuRwBS6nP53M7CRQ6hA74fh7wJLJ0N7Fqjworih4iprIdx7qwXtk7KuFdC0
|
||||||
xLxiO3YkvvIsB+mIrVFPekU4x1qkuA9XU2LMsO1aFu1rzOujpsK5GeU=
|
kkbKKl9lUekL0htbKvyZPgxYyeA0Mdv6cdWbLxScQJEKBM88EQj0TA==
|
||||||
=uKwE
|
=q/OW
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
|
fp: 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQGMA44aajUHzmvYAQv+LDhlRusOz74841QjsK1AZh6aUQdPbQ79BlMuBwiIPZyL
|
hQIMA+X8PKo7gQeqAQ//R0hJ2KFQM9e8lfyxXdx5VEYUtfNKvrheUUwKXKkDVM4/
|
||||||
3lATykrGfddPKUyDoVa8vOXpvMKYrv7JnQ8xxwBYXIWx965py8Bfd+X+l8Id7NOz
|
ORFbCie7SE5IAO98wIfxibjHd2cY/ztX1L0N5bRHS3cOjIvT/fJOsgM/i8phAcVP
|
||||||
GCAXVKc0XStlG6PqUx/cBJ4WYj7iVjJbsaIgVHcXs6ve2gs2JQNDyufoK82EBsOC
|
+KOp0JivW+RY8VzVnr9TDeyO4sbAoG+s81I8ie0xOg7JUHRrESygUC0qU2m0GxxD
|
||||||
aT6wW3NMFq/KgSYWL14eEpo37RRC3tyegrIZLDWcnISOoBU39gHeAq3HHLRn8Hq5
|
FVziUaal1azOo2Odm0NhWhpgsE/ZpKelU1vxXuLLSRqziS9se3OR0Y9/aekAZX4y
|
||||||
7BcCGjpFrYDGWardf2mxt0zHzETCObzMpqgPC/rxLTNPZZ7ibdZ37wjjHTcFeuKz
|
gJ7qxllbAfozP0EfKxrdRezThF69zFkTBT2MKOpgLGal+18fcMGUMKtt4BsLfMRU
|
||||||
tEeR8fzAX6xUyRqdgxdnsCedoLZnsykRfyRO09HCWG1bDOiJt3o9ulapYTrHdm1L
|
PwWRD1ac599odLyGAIPwrUegssZRSxLVAPYuVCs2XnG45jaC22lCHmRPK1pZFA4l
|
||||||
wL7B8g2ZHwvNpJvR7hhgq5os7T7DheRCfDpVEIMDu6uMQ9OBOFGuffBmqn48A0Vp
|
2HlkJX5R65913J0gJhkVCILAlkDw0ZuR5eSpy9mYihlkIEhcu8F2J7gs4ydhe4Kq
|
||||||
YXGK4oBm2SDYfnCjVxB7Rvm9IXxMbw/gfqpRDg96ZFjz1D+dQp42JervHRd54nAL
|
J+C9xXCkyHbpQgk6cZJojDSCFwNn4NVCPkSo5STgfl36NiplHACkajoCs0ZIeQih
|
||||||
ThnHmtqTqSkgW1srwt+t0lgB6GhxBoyVktKRZKPBElqFGxxsul9Tf7NseeXE4TBS
|
Swm6zdztCeC/m0HsxhBEEZ4AVDud5TyRlpQ3j5wv50uZctMubl4yTzQClDGnIMwY
|
||||||
kBoiIhaLWkZZ11Snis466fWuEBGymDSayX6AH1YTM3Lkp23XDf9LWOuKwyLumHIb
|
fRyAslIwAiCVtG2xQvDz6fR1jwtC9jRc5Xar4UVWAy3QKLtQ3wASwlTtFbXI2FQQ
|
||||||
j80eAU8aEUmf
|
1b95sfafroVko3BMsR3+S/DXn4C+ZCEf+b/t93Kt4zWARvU/SfJkNMGikjRKFo/S
|
||||||
=UTjx
|
WAHSrnoLHz1GU5o1QthbLU2by5MGlDsiPXfbLcj2Jz0eyjMRO+hzFzaX44rqohex
|
||||||
|
sTT8Xik1f5TrEWrBCUtZFqjmii1giVt6h5Wgq9nwUoplH+QjOX1VezA=
|
||||||
|
=+oQj
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 43B4E35299E0D3D0F85143108E1A6A3507CE6BD8
|
fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa
|
||||||
- created_at: "2023-04-29T10:38:52Z"
|
- created_at: "2023-05-06T07:18:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQGMA4JsBMC+MZ+iAQv+K8nKc8DLxko81TKaI7Era1+HnVgkzcKnFoFjn7dg97s+
|
hQGMA4JsBMC+MZ+iAQwAoy+R+5Kw2zWSaV7T9yN+ikkuBGM+WaJ47SqpyllLuBV3
|
||||||
dQRoxE/p/uiI9B7t/BL5kwOVOCSr5Td5px5blto3khWGPKyTOxi8miOc+PUDlths
|
98o29BPoT1rSlNWPcwISdW5Cbk3lnNjYcHpH/qIpksQKGL9qD5NL13cZR/HbsmY+
|
||||||
Ag17m3ydDVjjZcB6Btkqsar3V1IQ5iUTCw568GRJytqIOdxJ/fPUOLkjIxkIreKz
|
Lu+hWoOhgpHvR6Wh0USZ4wuMi9B+U+9HQsGV/GuC2hpaEWODOloRe8IXKJJNfW9b
|
||||||
QCv4Qmhazis1xsSwNUNml//1mJJ91QQw2veEC9VbNcdZ0Bj48t9kEkDVkUZSFupK
|
Nzr2dvaiK8YYPzb6EIJyVBhlRMsh4HqLXR9PBcYH3BEPyeUY0F4gjJVt7tp/vMST
|
||||||
lvv2C+z9h1c6CUWPOZXFy0fMCJZhJIetjW3eNJJc5tQrWNt+p4gQWq02V5pdZvap
|
eVoDSxfRT1kiab1W0xdyCHAR+XXogQKj4z5Kd6mndyuJP7SfPRrYNNhRPw6/CMmu
|
||||||
NjfItZPJWgyg6kK56rp+0ngci5oYQVRqU6rmhD51H8ZJw3ceVeWpf2YQFJogsio/
|
A3kxShXzR9lFpvQ386uGQqhEtDVXtwTsAXgsTDxwC52wJ0Dt5/kZVuos7jmH46zN
|
||||||
70m1PI/xQQCLHLp8wJa2rWwkQGTajJvcHeMxYNn3X6zXwnnC7pkZ/6uUseue7beb
|
D+E5ijAYL8tG7xt9f8Nij821AgHaxS17+efUTU0ScDs/y8cyDf2SqxkRVAxzomzg
|
||||||
6G/nPnBW1OuRMz9wwQjYRuIZukUQjzbI14SFAyHRphF6BT90uvOXYguYWW9KNX91
|
zovLziVGgx/8k1+do0rujroveQkb//MVrDeBe77mAEQO4yHELETMrdqyosDohyly
|
||||||
Blg5w412WDkRhvRWQQjd0lgBgeikRSw9+5I1JH8/nltgywcuyzD7Z7P8z9LEWxl1
|
rNFkmNIUFObVYYW9FOS+0lgBspXxfT2Qa+0njtcPd1PrI6t8ZQ2C0LKQYM9uUwuU
|
||||||
jNBfAemH0m3MiGz7okLH2IuxTcE51NVBWdWL6Gl/xvOJd4oKbvdz9EaRyTsMs1zO
|
a+envImXyOiczk//UOkuk/z7sCZasW4lE3/kF7Lo08/iRDXfLopulGCxpMYz9IMI
|
||||||
wmHPgDx497bh
|
nphGZTnmT7cF
|
||||||
=GEAy
|
=tJWJ
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: FD4E1FB15DD0F36A77790229826C04C0BE319FA2
|
fp: FD4E1FB15DD0F36A77790229826C04C0BE319FA2
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|
Loading…
Reference in a new issue