From cd942d253bda8f511fdb921ea29f69f382a9368e Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Fri, 8 Mar 2024 10:50:28 +0530 Subject: repo: restructure source tree --- hosts/cez/configuration.nix | 47 ------- hosts/cez/hardware-configuration.nix | 38 ------ hosts/cez/modules/network.nix | 15 --- hosts/cez/modules/sshfs.nix | 27 ---- hosts/cez/modules/wayland.nix | 83 ------------- hosts/cez/modules/wireguard.nix | 27 ---- hosts/cez/secrets.yaml | 32 ----- hosts/dspace/configuration.nix | 18 --- hosts/dspace/hardware-configuration.nix | 34 ----- hosts/dspace/modules/network.nix | 18 --- hosts/dspace/modules/www.nix | 39 ------ hosts/dspace/secrets.yaml | 32 ----- hosts/fscusat/configuration.nix | 13 -- hosts/fscusat/hardware-configuration.nix | 32 ----- hosts/fscusat/modules/mirror/debian/default.nix | 22 ---- hosts/fscusat/modules/mirror/debian/ftpsync.nix | 65 ---------- hosts/fscusat/modules/mirror/default.nix | 11 -- hosts/fscusat/modules/mirror/www.nix | 11 -- hosts/fscusat/modules/network.nix | 18 --- hosts/fscusat/modules/www.nix | 36 ------ hosts/fscusat/pkgs/archvsync/Makefile.patch | 50 -------- hosts/fscusat/pkgs/archvsync/common.patch | 26 ---- hosts/fscusat/pkgs/archvsync/default.nix | 52 -------- hosts/fscusat/secrets.yaml | 32 ----- hosts/kay/configuration.nix | 17 --- hosts/kay/hardware-configuration.nix | 38 ------ hosts/kay/modules/acme.nix | 23 ---- hosts/kay/modules/cgit.nix | 33 ----- hosts/kay/modules/dendrite.nix | 108 ---------------- .../dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone | 14 --- hosts/kay/modules/dns/ddns.nix | 44 ------- hosts/kay/modules/dns/default.nix | 137 --------------------- hosts/kay/modules/dns/sinanmohd.com.zone | 46 ------- hosts/kay/modules/hurricane.nix | 115 ----------------- hosts/kay/modules/iperf3.nix | 10 -- hosts/kay/modules/mail.nix | 112 ----------------- hosts/kay/modules/matrix-sliding-sync.nix | 18 --- hosts/kay/modules/network.nix | 82 ------------ hosts/kay/modules/router.nix | 43 ------- hosts/kay/modules/sftp.nix | 44 ------- hosts/kay/modules/sshfwd.nix | 29 ----- hosts/kay/modules/wireguard.nix | 57 --------- hosts/kay/modules/www.nix | 134 -------------------- hosts/kay/secrets.yaml | 47 ------- hosts/lia/configuration.nix | 13 -- hosts/lia/hardware-configuration.nix | 29 ----- hosts/lia/modules/lxc.nix | 41 ------ hosts/lia/modules/network/default.nix | 19 --- hosts/lia/modules/network/router.nix | 47 ------- hosts/lia/modules/sshfwd.nix | 53 -------- hosts/lia/modules/users.nix | 10 -- hosts/lia/secrets.yaml | 32 ----- 52 files changed, 2173 deletions(-) delete mode 100644 hosts/cez/configuration.nix delete mode 100644 hosts/cez/hardware-configuration.nix delete mode 100644 hosts/cez/modules/network.nix delete mode 100644 hosts/cez/modules/sshfs.nix delete mode 100644 hosts/cez/modules/wayland.nix delete mode 100644 hosts/cez/modules/wireguard.nix delete mode 100644 hosts/cez/secrets.yaml delete mode 100644 hosts/dspace/configuration.nix delete mode 100644 hosts/dspace/hardware-configuration.nix delete mode 100644 hosts/dspace/modules/network.nix delete mode 100644 hosts/dspace/modules/www.nix delete mode 100644 hosts/dspace/secrets.yaml delete mode 100644 hosts/fscusat/configuration.nix delete mode 100644 hosts/fscusat/hardware-configuration.nix delete mode 100644 hosts/fscusat/modules/mirror/debian/default.nix delete mode 100644 hosts/fscusat/modules/mirror/debian/ftpsync.nix delete mode 100644 hosts/fscusat/modules/mirror/default.nix delete mode 100644 hosts/fscusat/modules/mirror/www.nix delete mode 100644 hosts/fscusat/modules/network.nix delete mode 100644 hosts/fscusat/modules/www.nix delete mode 100644 hosts/fscusat/pkgs/archvsync/Makefile.patch delete mode 100644 hosts/fscusat/pkgs/archvsync/common.patch delete mode 100644 hosts/fscusat/pkgs/archvsync/default.nix delete mode 100644 hosts/fscusat/secrets.yaml delete mode 100644 hosts/kay/configuration.nix delete mode 100644 hosts/kay/hardware-configuration.nix delete mode 100644 hosts/kay/modules/acme.nix delete mode 100644 hosts/kay/modules/cgit.nix delete mode 100644 hosts/kay/modules/dendrite.nix delete mode 100644 hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone delete mode 100644 hosts/kay/modules/dns/ddns.nix delete mode 100644 hosts/kay/modules/dns/default.nix delete mode 100644 hosts/kay/modules/dns/sinanmohd.com.zone delete mode 100644 hosts/kay/modules/hurricane.nix delete mode 100644 hosts/kay/modules/iperf3.nix delete mode 100644 hosts/kay/modules/mail.nix delete mode 100644 hosts/kay/modules/matrix-sliding-sync.nix delete mode 100644 hosts/kay/modules/network.nix delete mode 100644 hosts/kay/modules/router.nix delete mode 100644 hosts/kay/modules/sftp.nix delete mode 100644 hosts/kay/modules/sshfwd.nix delete mode 100644 hosts/kay/modules/wireguard.nix delete mode 100644 hosts/kay/modules/www.nix delete mode 100644 hosts/kay/secrets.yaml delete mode 100644 hosts/lia/configuration.nix delete mode 100644 hosts/lia/hardware-configuration.nix delete mode 100644 hosts/lia/modules/lxc.nix delete mode 100644 hosts/lia/modules/network/default.nix delete mode 100644 hosts/lia/modules/network/router.nix delete mode 100644 hosts/lia/modules/sshfwd.nix delete mode 100644 hosts/lia/modules/users.nix delete mode 100644 hosts/lia/secrets.yaml (limited to 'hosts') diff --git a/hosts/cez/configuration.nix b/hosts/cez/configuration.nix deleted file mode 100644 index 6a801b0..0000000 --- a/hosts/cez/configuration.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: - -let - user = config.userdata.user; -in -{ - imports = [ - ./hardware-configuration.nix - ./modules/wayland.nix - ./modules/sshfs.nix - ./modules/wireguard.nix - ./modules/network.nix - ../../common.nix - ]; - - boot = { - initrd.luks.reusePassphrases = true; - consoleLogLevel = 3; - kernelPackages = pkgs.linuxPackages_latest; - }; - - sound = { - enable = true; - extraConfig = '' - defaults.pcm.card 1 - defaults.ctl.card 1 - ''; - }; - - services = { - pipewire = { - enable = true; - pulse.enable = true; - }; - getty.autologinUser = user; - }; - - programs.adb.enable = true; - users.users.${user} = { - extraGroups = [ "adbusers" ]; - packages = with pkgs; [ - geoipWithDatabase - ffmpeg - (pass.withExtensions (exts: [ exts.pass-otp ])) - ]; - }; -} diff --git a/hosts/cez/hardware-configuration.nix b/hosts/cez/hardware-configuration.nix deleted file mode 100644 index 19313e5..0000000 --- a/hosts/cez/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - kernelModules = [ "kvm-amd" ]; - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - - luks.devices."crypt".device = - "/dev/disk/by-uuid/84acd784-caad-41a1-a2e4-39468d01fefd"; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/E37E-F611"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/disk/by-uuid/e063c9ad-b48f-4b6c-b94e-4c21d2238bce"; - fsType = "ext4"; - }; - }; -} diff --git a/hosts/cez/modules/network.nix b/hosts/cez/modules/network.nix deleted file mode 100644 index fb30056..0000000 --- a/hosts/cez/modules/network.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = false; - - wireless.iwd = { - enable = true; - settings = { - General.EnableNetworkConfiguration = true; - Network.NameResolvingService = "resolvconf"; - }; - }; - }; -} diff --git a/hosts/cez/modules/sshfs.nix b/hosts/cez/modules/sshfs.nix deleted file mode 100644 index a9ff183..0000000 --- a/hosts/cez/modules/sshfs.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, pkgs, ... }: - -let - domain = config.userdata.domain; - user = config.userdata.user; - uid = config.users.users.${user}.uid; - gid = config.users.groups.users.gid; -in -{ - sops.secrets."misc/sftp" = {}; - system.fsPackages = with pkgs; [ sshfs ]; - - fileSystems."/kay" = { - device = "sftp@${domain}:"; - fsType = "sshfs"; - options = [ - "allow_other" # for non-root access - "uid=${toString uid}" - "gid=${toString gid}" - "_netdev" # this is a network fs - "x-systemd.automount" # mount on demand - "reconnect" # handle connection drops - "ServerAliveInterval=15" # keep connections alive - "IdentityFile=${config.sops.secrets."misc/sftp".path}" - ]; - }; -} diff --git a/hosts/cez/modules/wayland.nix b/hosts/cez/modules/wayland.nix deleted file mode 100644 index c04d1bf..0000000 --- a/hosts/cez/modules/wayland.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - user = config.userdata.user; -in -{ - # pkgs - environment.systemPackages = with pkgs; [ - bemenu - sway - i3status - swaylock - swayidle - swaybg - foot - wl-clipboard - mako - xdg-utils - libnotify - ]; - - users.users.${user} = { - extraGroups = [ "seat" ]; - packages = with pkgs; [ - zathura - mpv - imv - wtype - qemu - OVMFFull - grim - slurp - tor-browser-bundle-bin - element-desktop-wayland - pinentry-bemenu - ]; - }; - - # font - fonts = { - packages = with pkgs; [ - terminus-nerdfont - dm-sans - ]; - enableDefaultPackages = true; - fontconfig = { - hinting.style = "full"; - subpixel.rgba = "rgb"; - defaultFonts = { - monospace = [ "Terminess Nerd Font" ]; - serif = [ "DeepMind Sans" ]; - sansSerif = [ "DeepMind Sans" ]; - }; - }; - }; - - # misc - services = { - seatd.enable = true; - dbus = { - implementation = "broker"; - enable = true; - }; - }; - - programs = { - gnupg.agent = { - enable = true; - settings.pinentry-program = lib.mkForce "${pkgs.pinentry-bemenu}/bin/pinentry-bemenu"; - }; - firefox = { - enable = true; - preferences = { - "media.ffmpeg.vaapi.enabled" = true; - "gfx.webrender.all" = true; - "identity.fxaccounts.enabled" = false; - }; - }; - }; - - security.pam.services.swaylock.text = "auth include login"; - hardware.opengl.enable = true; -} diff --git a/hosts/cez/modules/wireguard.nix b/hosts/cez/modules/wireguard.nix deleted file mode 100644 index d8e8dd0..0000000 --- a/hosts/cez/modules/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, ... }: - -let - domain = config.userdata.domain; -in -{ - sops.secrets."misc/wireguard" = {}; - - networking.wg-quick.interfaces."kay" = { - autostart = false; - address = [ "10.0.1.2/24" ]; - dns = [ "10.0.1.1" ]; - mtu = 1380; - privateKeyFile = config.sops.secrets."misc/wireguard".path; - - peers = [{ - publicKey = "wJMyQDXmZO4MjYRk6NK4+J6ZKWLTTZygAH+OwbPjOiw="; - allowedIPs = [ - "10.0.1.0/24" - "104.16.0.0/12" - "172.64.0.0/13" - ]; - endpoint = "${domain}:51820"; - persistentKeepalive = 25; - }]; - }; -} diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml deleted file mode 100644 index f72eba6..0000000 --- a/hosts/cez/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -misc: - sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str] - wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL - b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC - TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj - d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A - xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps - V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu - Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X - dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28 - fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-09T06:00:09Z" - mac: ENC[AES256_GCM,data:WkXFwF0bHvFvNTlLKrGk6iQpk5RqMIapluqyv3rcKATP4S1rQSCXwlUn88TNfKeOsJ6pSqoBmwPNjufr9SNrPZZNKYZ4sA4yft9jgCeBcyX6TaPPA123qL8xM3C2TcaE1oBrG9fwmMgEJMYJA7LxBAXz4sW17geb/y4TZgUDwBw=,iv:VJzYR0dbT761ezejxOwPO6x8cKPAzMZtwZHWvPhiDzI=,tag:Xu43SfKeGgCJivfgk+vp3Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/hosts/dspace/configuration.nix b/hosts/dspace/configuration.nix deleted file mode 100644 index a3a1ead..0000000 --- a/hosts/dspace/configuration.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: - -let - user = config.userdata.user; -in -{ - imports = [ - ./hardware-configuration.nix - ./modules/network.nix - ./modules/www.nix - ../../common.nix - ]; - - - users.users.${user}.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvR5FliFLq1FJWotnBk9deWmbeGi2uq2XVmx0uAr1Lw sinan@fscusat" - ]; -} diff --git a/hosts/dspace/hardware-configuration.nix b/hosts/dspace/hardware-configuration.nix deleted file mode 100644 index aaad3b7..0000000 --- a/hosts/dspace/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/c5b1077e-52e8-4249-8bd7-d53eafa41f5a"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/9787-FFFE"; - fsType = "vfat"; - }; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/dspace/modules/network.nix b/hosts/dspace/modules/network.nix deleted file mode 100644 index 007cfba..0000000 --- a/hosts/dspace/modules/network.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: - -let - wan = "ens18"; -in -{ - networking = { - interfaces.${wan}.ipv4.addresses = [{ - address = "10.0.8.107"; - prefixLength = 16; - }]; - defaultGateway = { - address = "10.0.0.1"; - interface = wan; - }; - nameservers = [ "10.0.0.2" "10.0.0.3" ]; - }; -} diff --git a/hosts/dspace/modules/www.nix b/hosts/dspace/modules/www.nix deleted file mode 100644 index 90ab841..0000000 --- a/hosts/dspace/modules/www.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, ... }: - -let - domain = "dsp.fscusat.ac.in"; -in -{ - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - sops.secrets = let - opts = { - owner = config.services.nginx.user; - group = config.services.nginx.group; - }; - in{ - "cusat.ac.in/key" = opts; - "cusat.ac.in/crt" = opts; - }; - - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - recommendedBrotliSettings = true; - - virtualHosts.${domain} = { - forceSSL = true; - sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path; - sslCertificate = config.sops.secrets."cusat.ac.in/crt".path; - - locations."/" = { - return = "200 '

under construction

'"; - extraConfig = "add_header Content-Type text/html;"; - }; - }; - }; -} diff --git a/hosts/dspace/secrets.yaml b/hosts/dspace/secrets.yaml deleted file mode 100644 index 42143ac..0000000 --- a/hosts/dspace/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -cusat.ac.in: - key: ENC[AES256_GCM,data:xcij4wsjBCKW/yPfhdSCL8bHP6XvKLXSe3U+7fbSLGYOeI5r+1hCy3oA5EeXn9fXR536FqUlBRu5iS6Qo8pFzK0Buh+gK4h025p9QDLxj2k4lyC3yDpYMBQqAYjuAgcGPDcOkVsNH1t2b8RLQX87sBGOF8xQ7zRq/o7By2PgtyLyGrgHketvTM/4dXD1P9KqW30RyblZwYvQ4uZHrgAEFJuzNJdfS1W+wPXOjV3KC0AtDPyC3aF2MTPhgOkz8GfbRpxoaZTpLgtZTzhNXsaJsat9TSA+pkg5yVu3TgCC40uUoWFqwnWkoo/MSzqiOAoLCfqj40aMfwHtYKEj07itmEVMEjeUIjTjTKI6/04HVzyinsjmmlVnz4xmI8SWQob8WXg+Tv32NvxyWdpwabyVg/nVyj3C47DRtndgaHECgyTZklRL4vJpbhByYg0ylmUbLH2xkUQ9K7zNiIcMZ8wiAgCWNy2xXtUUUC2/R8c5hcdXm4uehcAGveHLVZ2td+Wg0rMkY1QiRYuG0fUj+dJ4esRCBzqcPbfusu4CfywhkpXKZhS+DN2pnNBvG7n0XrKQflBdAsB23n4rQU8GWHgk6uKvYQ4fp/rnIcKBNlYb7wLrNR8aVe2QuFguFPLCjjxDBLPKPViJOHcZZ2ZeaUnuHbORKGe8rrq4BEM/4eikhrWMLwu4bWsvnO7UIXguvayFbQJ7OB8pt1Gz3pq39OIwwYWCpDViIeJ0IDeikqsNXUncZAmjH6XeVSDvRAY62rh1V/eFGdUo5BJtGjvAT0x/0xsXvYul1g5JCyPoUvsAc/RWvk95j1fjHYPbb3TreET+vIs7kJdcuhwjkYGXFaD/IcE1kY4mElLBR0dhGt/J9DhtNPjid05lz3mdOeTPOiC7v8cK/oOoJZ32znf/wcMXjui5DH4JhYb3YrEyjROzQQ/cK57DhV1X4JtGBEoTwiixH0ZN3UyyAqhPh/0IvgtGNKhmcSSZBxlR1fgHgz3mpQVvnI1lofS9NdBcK60LNGJ1cZz/WbLfEsej8jej0q+YwKTqgD/losMbvD/61/DDVLZFPhTCb2OM7eDsI3isdRMVGdH5bM6BwslJxS8qH28hYMW2wysbQLu1m4BtZCePZHpvKNQ9mSf3POX5cWWIsI0gaQZQWZ/QvQ33iM8PKtWkiD1Aj+E2dww09EpQlHpoTMQSvvXYt0mK/CrppmkM2tP17x8oKFfSchDpLdX6gLyV1wHIT79cvtnjOjtHpw2kK5nMv5Dcb8OznSlwQEMjqkcTe51lKMabdgAdh+om2BRpwOzeauXWNmIMdDsX+GI47oWlsL7DFRaNjjC2H+vu5uexS6gaX9njiL7mdw+oCbGoc8TzwyuEIkOAQA9Y6Y0xZjXfiiAOBM6Ysdwm7dmBexfTaiKtdnAf8dMZAMCyuteK/Y2vNOwJkaiSsGAB1XmaZwbFf5Gb0iiSbyfbfdQ7WRnQRjoB3gb6cW25eY//xcQMSgbXW9sI/x76wB7uvhR4uQar2yntERO6V9K0TLkvYVVni4Mqapu2+J5GJr0qz+OAqeIWp6RrgNaVXOewea2v5Jjjzf/icw8mDH5myXw3kmXAHIPY0Yt+BOqkOdUqV5UiKW3eGSdw4uU0uQIk2Vhu12+iyb2bTxzWGrwntvXZnjQ8WXZOImHwGWG+pXzGGxJQDSTlF16UqWB/chAwi6GTGImXwlh7t2kKmAkqzWXrPLWND555S7ZY6+KIRboZnJy0yoN9SBmTWq+0CRNnmMO+wd//nLfmY/L2YVcQc+Cxzk9lukyurwjQGcUcSvqy0KAO2Izoi/3rpdNJ2rXs83SxzjBdnNhZCJ4aSmoyTLng74Xzs84xZXDWuLKB/uoheXAcjreQVtlf0fJtbdJRyN5N0DkfAtHtcVZFzsJK1Q8fC8/5yGwn9lw4PN7Lhmm2VMEn+HAj6iRLP3hyH2B0lOVBWtOCt8Y7snvDMy5Anc5w1pgmIg4zm/2oeshlm/+oCVgTy9KoG34Id3H0zX0J8lRh2+0zas83DIYhxGj++J7b+Zisv8fs1OBqP18+Z/3AOEn5PmmFyJFJGFkfno2hK7x5vSe1XT20entS2SeOhIZWWVARIgpwaWdP2hSaf+MpTpgJVbx5h1tc4EjZWVCCiL074oXV1Vuhh6gXNfk6pS3zT7X7FGA/1cJORWWGKMkWtlKe5z+8dAPv+fDx0eA50vTNdrdQQxSimCHPdajjfMAnPp7+Z8AVJZnocnhmyuuxCiZO7JJmpw6rkDk=,iv:dyo8mIJI2o8IerqV9QNziM6Bl8FOkbp31Y3Q/Lr+x/4=,tag:xalsdWTtaqXWLYn6LJJRRA==,type:str] - crt: ENC[AES256_GCM,data:ufgrvquUriugFmIv3EIEZD35ldqCq/i9oSo0jfkdLVs49mFM1ng1onSmDCpFXP/gdzI2W1q8HI38rS5AaGAIhXE1fQJO+ex2r+KHVO9X3pR9AXQwrAGoV55HJmzO9gcyMveNd0i8UIpu9qePjEe19UBEuAxIVSb8T133AjxyPbpNfcOLC4hMtvxbvRxeE7dS9VGGllN5ns0GlfTLGNM5eMLEd8M6teuwB8hx57EePdwDwfDJOR/HuxyrOGBPYpBAo7/MmWqrCDOI4zBcqWBV79X8nlbaCEyUEF6mAO1F63nrlhLbHbLWY0+CHyCjMWh9TyaVtcjQRtVZVcUibu+bZluJfcQpQ1uvfAUZfJEJvQllMTk++LB3naHBSN1m9NFvpsJhvIavQF97BQExAcM/ShE5oLHLwxP85XSaAWKZtkmlEzefPX6cshsTZxVdnY4hflydfSqZ52o/GyeLlxbcK3hgN2Sp0uhk5yvzCN27HGZZVSWV88+HaWUfk+2WOmpcEyBtHu9mVUnTpOvJEKFdvVnzUf40YkbKtyTz0k8Jwbn1hH6j3U+5zYtN7PlpW1bzUQIiCfuRw9Kezaqn1ndLMOD6b6+FcOaY0bNn2iAn7CmJA1GvouYzM0zdTjupcIvfjnBaqmUTbWckByNdNYGb4Xpg8j2Q+cnYPwvUq42J7Y2BVv76ke7qGASJZX2HJqlcQOwJQKjdmvyo31/Ts4AnyFIZSrjU0O65QYhJ2ZgkV5DTVJS51Za5Bn1RiEQ658Vg1k/4N/c9NjNyCdFeEXsNHYVyXcbyZJDvekirTuHzmRSHWuBkMl0H4OoUCVWpJtxqt/qRt2R54T5CjTvPvMXD9lWqauHDcDb/f5BeVQWIVaf1a4AfNi9YOimm8r0SiNiKDlblbTT2IZh1Tfbu2Jv9m9zWhWS7/8PnCPqnlDBjVdFXavWe2oflIQan7Pj6WMxka+5YscdQpMpIqVDxILw70U4H7Lr+e+nvdu/ByY7iWB8u4OWTahQFkarbSzOtOqTl/URzTWams96V8pRgcAGOo7z6/vfnqZARP3zdInAonsdmgfsC170BNvQ8be6LJCG2Rhr3s1Xahl3tfwYRu8OLSig45bGOBnIgLpysEw+FaahYX1KOaOq1f/NOzF4P5p7OfGAtrVomKtt/fWl/zZWP+vh6jiGrM0x07xVEsdBjlMi9S2OR++16D5nX6oRLH+lhxXj9uV2Dp5DUEJvf9tRB1ahlyEabLp1Q+Op1sbST1V+R/T/UzjSgGpP000Mqdi3qrHZL3vG3IQcIKD8ZcfVADowNIOGgaLIFdQB8BoYt2CTOF9kPXb907mYyB2tQq+SMDQm+hJtnC47LDw/FhdSLqBeBeQUWM5fqd1tm4hNBbp6HVWDdLU5ipOL/95hnby0hCStEvmqQ5uk7JK9Ch7tzXlh7Ufer5b/4JQnWzlgmAt1aqhieUpl6RtNLOtG3PLhV4SDSJeU7xUjv2JFx54/laz8amgKVI33AbYXQZrHcGsjLIPPtZbHJk9c6Q7RN5gX6CUNJrEaehJpa5+9jdFyBsuROAtLAnx1IPasVZmp6Bnt6fm/nfLu9jxNd9wIm9131IIIUbIE2xeEiFZtOo7792kfcBD0uMFgw1ZmZBboXpJC9NTmZswMuN4K7YtDRw/ZPRNWV+i345x9ggEtFoRC6DVCDqWoO0q/+cvQ9yBkZf+h800EAPK8L5SWXi6kLMRMdCMbp+ydHx35dKhsFD7e8xKcpRqI0sA067+sGNPlb01x0XEFzgsGu5tfnukslBIgBrvmFS/F6tGoyaKzbXztbNy7DD0/trLO0GgkMQFHd7cPGg89XeD9Xjc+ZO4ECJAGfhKyysU2xWaxRKfDq9UyElzjrM1jBku1xRJD8tSlF0/iVa4VBWUGVy3yYziEGvEya/B3R56P1cp1O2sXtWEQYbOHWMLFh10oKfyOzEBTQQjYuwDQicPobw/JRUDi63jThtQH9aMAIwXMsnM8wAeSnyvs5uvrNfHRjpxWXs3SesnVO+NP3uTUk7GSX48poRmzOUOr9bYhQrw0saM+JcFJbvjeb7ArhnPZbOKm5TPXNJ26iCnT3PZIYx1K2mGolF5hFBlFgc7xJuXa8DJG3EYExezE3WtcN7NLyZhqueFSmkJWdJGpu8Z4aQaV82YN+WhwnDUZFuKDOqY4iq3kexXn+x2i49cWmd3tQmMPET0V3oh+szAa+FF6fMurQNcfk9vZDXLY4iBc7zTdeVrhQXsTrVMN4nd+ItfwiGtw17iR+RLiJEJXA6A98xPuBd4E5wb5hH73X7ty9QQMHpVHAeCgo3vXBgevGZjjkwaw27UDZh6WLM68zcDHeS3C5UcXAr+GCQYFw0Z0/m83JaLaNtrusxwyLDxo8WWI266NRrtqecxDOvuuqIaqMFsSgV+YhzQB1gelJMEdvls8yZxt3zcrFLfXE5ODdTSocd98Hvx1TZqnHuSgqDa+Ex5f7FNm5fyHaBFRZ0S7AA+G39EplY43MNNrS68FSU0/fubFdQAeVMy7eN+IujkXOZtXCARuJfeXcduifONnUqoQf8sVNCTK2mFvw/6SJMrEcP0dniHHY7Jl5wn8ENQlyLNSbB1wTtksB093kE+6h7kcg2aj4lEMhcMngObpaXilNLnzRIravGacKWEQrYv1OIdQflFz9aXuKYRxGGfoXa/0qaiK/tOaYNdHbJro9st9e1Vxc8e7cGe3Xngw7lFc3H+GXvNHcy2ipvoP2gm7oDAcrQkkkZSc/m1ou42cWsYJZO5g3ax2vAUnhHGi+5B2uW9Z3+QfNn28eA+EEKrliSp0DeQ8afzoEsMdLlSk0Bl45/wK6xIzaGeaz+CT49BN/vE/C13RAHWb85zAdvWRiW9FcDMwPjxviyErCus65udhxE3P9RLcIOuc31sui2rhKivzmC1hPWc6slayUdz56RnBFx+NwNiibWRTFFa8s/5sYURf36YjPA2K+KWAdFlLvBn3v99a7Rb5P2YXIPe4/7bQOXRnzOAQjFLb6CHxAwHEkAJwVfl3uUiWD+edZ1WlvxNzYBpq4YFARaTWpQbUH3mkcRs5oskkzQWcgWHgAoIkhRz2CBTg0XuKt3Z3UfbvsvxXMM2zrnXwyyUfIlKm6kZ+DtE2LWle2W3xJexae0kpYtAGcM42XcafsxfT9EJFmGcgvSeomf7CVc5VhOrBHJ/neHMISyQptmLC8s4u5L9H+msDet5asti1kg3UEDZ4TCX03XctAUryxV2eFdKpNjZgeQuOweM+GSeigTPYp8GTlp+6xWARrUDcTXxtr5Em0tp4FGb4ZA5tHdImTUnITxVbudHN6ZDA25cFORGqDcMIaAatcTYurKl/KsBZ4aQrGXBlIjmNOMt5WEelUi9+7QbKk/TbhTXa+D9+o+wUxRSW4un0D4dXe+851/DGX/5O9tYsTKDP/CJUDrKkqxWTUe24nRK8qRxZ5MwpRd3c4zlz+WWksM8bc3aCgbBv97GRemTg5BoVtK/NSDQqW/0hLCTOcnUyRLhVx8FCrSlQXUclFVh5Aum2hjeefHiGLWgaVO8RnONtv7L5LjhZYsWlTareTz6JI6hW5i04rzZJoEFcgX1DI21pzUBVNGqA7OKP9xmjYHrqBaqyc2CEafR/3qjd5JHy1d9tYI90podaaY7mdAkK60EG6UZUmN7AGXQ+mYZf1E3lfDmdQVrw64tslePInidPjWtZVozHeWcHtMpGzQNWbOS6w56bB2+Nm4z3J/ll5AVsqZQ1qybx/VlXqABo8HG3O3L+EgJ/P5vr+GU/kYnpm/ocHbbj2MJpQC17M4VGnUDe7F3Ohj9zVhu1bI8yH9i1OKyAJYRh01UlSubTQDeAq6mB46QOJGqdfrnl4UK9ZVxTza2q/lzYJUNfJ41RPqTefYPPf2pi1a92oqydq6zV8p27vqVyrDfeli2pEdzNRvsHXYGbaZi8noBBqjrgcNiF9494NoFgABk0BsVSGS7dmjd6sy+rYG+R7nXE0XVMa/9Bj99dxMP5t0g/79eASUa0jdWyEu07pM7l9mnSaZiOUybZZe7roqTVlvZfPRX4Bj7TG6EeVfXQp40Q7zOGofOCbSCxACAbu2pUkWg7FOB1RzI7MgqmrHbUT6hGGGe/236QsRvEbp12vsHDDpURuYkGcR68E3Cq3RuftMTrfIclD14ZjCHphcZ7OD0uO1WBVP33V7TCIBXjHi19iGNVr3AbJhZMKOMvOYGcONj22186EUDtiZSPF4TvGuzYkIf1jYeTEP+5iCe3khQ8MI3W/blzYW0KuPwuAyX8igwWthWYmXCkSWWlE/OKvpsy0s9MYQ5M6mHjNs5IAelYoRBmhfIdZEmje2OiIJm1WfXMMExW6OYUVi5PcQf/zCYrHREv+nd1+GWyP5O/aSTz0RnX2PSmptiopWTedVDogXX53XnH0TEUDZ2UOtSmcr6ICok7jAarLn+HbNt1BaHAvgjKlC6cgFPAs5+oaXm9u5dOxp6PQtRbPSm9PSat1496izT+z+XRA+qZNi+a1357687bl6OV7dJdrMxv2/ZVJNLI1TkskZCiCdT+4q/p9pyk9InksMP3uALqfu8rNI3p+H2pXI7l0rX0qg2ajtgoTiMOcwpcNxEsmTKIzhUeeJYsWTf1C9EPW8anhfxIEiJ3onoLASW+aS/JBBKmB7ECYJ5EWDaCbgUEeobEWC6hLHHs4MUeNzTNIHwWzoKNipyS8UxdXThMxefhl+RXiRCSQKQbjc5u6WL6ZiKBosTTzuExTTb/w5ovx/jEUZJ+gjAkoLjZ33qn1mkPMzB1TYPIRtmQgp9vhxGTKNefi/sB773WEWgSJZWUWJV3XdOYc2ayBN8PbLVZsUeQPYO2d05ZkHRDfd/TmqTm0CSDgkH2zj2o9b0moDf/RVekIjLAT8nFWn17LF1hZ4upXCAfWvpcJ2D421eRvSaGpojta0lYEuhqoMGxOgCpTyQWggbHSmkXmPK/5pZwdtXEzLB0pK/i04nStMrw498sduvml01EmW268uuB14FXBJ6097aExC4CrWMK9o3ZP1Xhgx70OcVd2TZ6WDZ235fTBtatTH2PChQg1ePulnFYAN+lZwkPWYOLg7PRaUPc/jehym+gUxSxBdguxjnLzFUJZSkLf8orrO4l2AdmuHLFPuJumWbOoze3et6CBW2DU8tQmByyh38WgNBT7OoFQROZZzsz6ZmLTDMAtUlw8+vyQU05p4pHCw7sz0PH1yVYNpOANRderJXWdDdmsWvTexaHJQfe0OxS+Fdk6o9gB/F9B/MG0BZgqw8Hj50uXsXE6qdDsVRwB0qsXF68oEmzYWGlHtvR4TUd15S6DGd5g00PBRV4bQsaCdxBz7arAQJtfph2oe7n6nL5NLDFIA8rdUFJl4t6sUEh5iIA0ijnEmii5x+cq1aVReF+GHAUxcmC8PRgIfaQdGTkHsq2YO1eu6KZD/KbXX+XTyKUHIc3q0cmXCRrxGIC9n0YOlYfb4s4s5D+3LwqbKg3io7Pxa7F+gPjWBlQkGI6MzudLQvS79RUt7dwF0VK+A+ZduCqFILStISiY5thMBZb3q7do9ZIT2sZvm82M0btCsfcUB7jhexXZ5D4xHGIx2FLlniUElUIqkFRwEGuboXSf3VeCxoZ0XgWrUPYa2u5/+Oue3GXljNtC5xmrT339ajy4qaCxM8oHCSt1ofmDoguE0h+XAFMqsxLsPOMEdHTmN3byXIEitIglEVykP7cTt8FXIRSz5bDtM0XwYUGH3S09nGD3JUnXamDmLEzf6Vrt0hXQkerZh8/B7ACU23TxxG2r9QvRMs/BfwpAedcQvMyTWMaDwwB0XiU7uEGOMVSahxwP8Yj/RGOOKeu7vPxHOYYvqdx3be6qgPhVHz6WbIievp4kaFkSSKZ3k3RpXZZA48sSEtpuYaffad5Yjq1WqEe2oFkEtRnAB5mtyO8KRE/Vmkr0dyUwmHXBm+3fhPD+C+DUHlLfYxEybnFxwdOhlJCX0pcciBorSwKLQ7ltPQjqwr2j9Lq3LspDpiwRHrCr3kJib1TPmdpbqVXoZyJxkSI/4WYJ/PPLL04mhECQ0c9LQSKauDopI3IjUFycZ98OYmI2+Pi4BzJNbi+lYSocLyDCQ7HP3xOSqIpAR2LjnOQqngiBRGZDYnnBMw/Xp+G1TTdqqf+Zlk4QFzw5hJ232vPUQ0vCtqJRhp+WqE1otO4Wsct6ULEDKKcC1rWlnq8NQmVwr2kboPWvAobyfPiaOmOwDlIHEaLQvVGEXy+XiWuFDMaeUgMLNBlmc7PJlOObUmvWPQDtbwnuY4KzVeZtf7jeX3ULeh8lhqdnXvRbFDNFsgDQIR1CqH1xwN4hmFxWK2HNSPBnnE8EZyocLwanWDxTXd0WJsPzsu0j8aSwasESv8c4UJM3He+n/OrZJ2eF4Mun+K5Yxqp/D01vBsPXPmT7K1ehxoFlPzT+cNoswUtd26SBp4+DrMMpXup+NTzPjL3GzkBvRDTFIpvxxODyBtVYD1mwOUmqRB6F+C73Ey2M3lbnCHb8K/u+af73ww6Ug4A+h972CSK5nBfmbE0Ar0to8GnB4sxrrHLS7GmfK3sS//BCgyjsAoghYQtlLYAaZBzSmnpbRSo6E9LPykn3n8Sa8x1VHTvGlRPsk/UBS5/WBnLYP9Uf74IkE7y9LulEa1L0aB/HDTpue5iMjWaJQkOKP55TXxyFZLYEjq5U9cLgqL8kk0IoVHIEtyM+KEbnvGdacpi5hDVqxI6utIWVjUF87WDVmkgUIVhwRDzPSsuQ/bNPVH+qVPnh1xwCazY8ZJIX4tSxnqyfgRtssy/yYGCp1/SJl/F092g7Di7MynKMbMqnKjwus4vq8NdZYWdvPkaRMwdK23XpojOguaGAK3hQl0XElOhuKjB1N9gLfCzGP7O8xl7meQ7mNuWn+TPptVxBeRPZNRY+hzVJb1+PCyQ5w1B2d3HJdqthnovcd5nmSpjln/uG/mKlkqQNPYpzMJvd3QWMXpSpN0BQQWDBYeK4fV++8RYarqOM87KvCSwJPSI1R5yfvIDXN/0MVpzMboZjeGDb+qn5PZN1lZM9HbXmrsT5P39Pr0tk5y6zzA+ovdGPXGfNqoMQ3XBKsfUv1ovM1NBhod35t7Kslmkf9tXAzvZQOIA4CjvJ21BRoPG0ghdHaAioBQham5XB7x8z2JkvTDtLrSvorXPoTGNcmhOhazqbeA7df+UgxHL0aXKAg/In98mM/8o6sCql4kmiv90Slqy05OARuEI1ILfyEzD5gV5YAJc20HF1lbmDpDPdWRa5SFGB0yZuvSDlp6hHZEDp4jtZx2sc35OnW6N0cj9zava1oIz6FX58yUC6wCGzvNcBlNFILeMGCK6zTB97X7+WnP1t9LJYlN1jI5Qv+OTG67z17hiAzv+c4whhpQfBlxg9ZFUqLJ4DSsQCFOhOSUguiZzdR79w8Wq1zvy7Ie3SZfHd/GVyYZ/uflyfzWw6nQPjOTDv9oIzwVOOIqzg2iOSKOgCf+CIcHogxwT7vmHsZqUzviZtrdV0OS/1OlUs42caccs9YBth9yQRQDecFQK4gnu7CdmSEuN4qggvxDVYUXLPnbI0sgtB6uph9Kl6SCg3YbL59L4/e/BC9MgiFPAp7o6Rb2xX0VXRe6hYH6Yf+bek+NNBeRGwucY5MhqalIoPnxAfgvv3wdWOlh2e21bG5il7oQeXKRrcAdiRQ8yQgeA24LyMoBkqvcbUq4vOjST50q3GCcwxUA17Bscbvq+389dsHeJhHoqg1vXdTwrzvkXQJifsVnd3uUrMQT8+qVRtaI/+SUvvWC7QRdlHULQWZnZplIL06DbU4PfEn6TrJPzdO2+7WqHBtgRV4CtBzNDgjrEmv8Co5ZQhszG+GsLeeq2mvXW7S5/Aohy78CRr716SUwcUi9W+pU5tdML0jeYgxphZd36QzOFk4QQoOseClIYH9OQqBFnL//BFznNxqxvtzCDcvhBSxiI4/Qz8FT107/fl4rctBuArpYNdbZbQaaYnPYl94oJOjlKf2Qxort8koyAjrkivxfLfviqyZ4CHcngIOyN/SUTfdGtv1029kfqIwE+5Y1jT71r4TwprTlZ/mqtW5OKux+oMSJVLgQoXYM6krPxZrxtVTRIliVn/uFh+wlcpp1UbFP9Bc+tm2wT5hC5Y7bJqTdl1RPIrBu94rnTQWz9rtGB4kgsAefP2GtKYjzt6Gggt86vp1Ia5sjmGk9rcRHB1oGzAi3Ud1LvDciKhr8tUsV2WgbiDZo8FqgVdixWpUKOoEvmmg7JL6CVLQq5kpYtn1ovATakRcnLji65COGe3+xo9hXutnlRj41triL5IyihVQnYc2pDocaZXdPEhVv21qmeFIGlIk+HsWGaw+/AuJ6ytL+Xhl3tIpuluRMAmpX93utfMv0WE,iv:KrNhOECVu9ZlIMEjxuseREMJe34ke88MbZsns+ug17E=,tag:zVKWzcDNxTujzN1wwNNjRg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWGxiUlZMN243Yjdtbnla - Sitpd0h4VjFuNVdaYldvM1JTT2QxR1dnTXdnCjJ3RmV4WFRPWGhZV1ZvWm00Y29E - ck1SMVFkMWQ1WVJqeEdYU3ErQWdJRVUKLS0tIDhTWFZLRnVVRllUa1JaZk0wb2Rj - Qk9VZE81YXVaajVISnVLYkNDTHpqaEEKTr5RkhOGSmWu+BHMwXlAcpn5zkqMwJQK - VU9mlVGhoXfc9BW8Ucty0a3/VK5Ze6y5V6573S+GKzhLURspmKXyaw== - -----END AGE ENCRYPTED FILE----- - - recipient: age15hsgvg3tz9lql0jpr5x8pm66r42kemd65fpz0wa6t8nhvwrxygcssjxd9c - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhY3FNdGw2bG9HOWlWR05C - MUkrVHozakRzTG1iQXd1RjMyeWlPdzRaekRZCk41WGdWZExTK3N3ejczWklaWlY1 - V2tUSjU3alp1SS9ockg2Mjh6c1BaSUkKLS0tIEYyQWJxek9SRG8zaDBMOE1KYjRZ - VzRWd1RNUndzRzR0WWFaL2k1S2dDMTQKPpj0zMSEs0AygU7naxTEy/Bf/XEEN01Y - eKmtK73BQWdZ2LIwm81vShh+9Haq2pBkvGaYwu1attCxYq9BZp9lJA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-09T12:21:41Z" - mac: ENC[AES256_GCM,data:+BZ5x2zZxCOa3vogr0ohbs/o8uCPxgIjf6SZmHgqBRTVY17NAdEjzRlxcDX7vzDGdX+bLcQdJW3zj2H7BfLdlulldoJfjINIhPVTdrqihVrGC9/JgOy+NrQqD3cr8YJgkqAoELMoDira2oecLlrE4Wan8snD3Ul2nyxFdDOoO0Y=,iv:mCmMWopzWtlTukPTQBZ6Z2CSLMFXe1IUL6Ud0cmU1N8=,tag:7/a1ptXCnDkmxFfIGuGm8A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/hosts/fscusat/configuration.nix b/hosts/fscusat/configuration.nix deleted file mode 100644 index 779f0ec..0000000 --- a/hosts/fscusat/configuration.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./modules/network.nix - ./modules/www.nix - ./modules/mirror - ../../common.nix - ]; - - services.openssh.ports = [ 22 465 ]; -} diff --git a/hosts/fscusat/hardware-configuration.nix b/hosts/fscusat/hardware-configuration.nix deleted file mode 100644 index 8bb54ed..0000000 --- a/hosts/fscusat/hardware-configuration.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ modulesPath, ... }: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/547074b4-4d61-4968-a94f-4f97e1fa2c3c"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/C634-FE6A"; - fsType = "vfat"; - }; - }; -} diff --git a/hosts/fscusat/modules/mirror/debian/default.nix b/hosts/fscusat/modules/mirror/debian/default.nix deleted file mode 100644 index da56ade..0000000 --- a/hosts/fscusat/modules/mirror/debian/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: let - name = config.userdata.user; - email = config.userdata.email; -in { - imports = [ ./ftpsync.nix ]; - - services.ftpsync = { - enable = true; - - settings = { - RSYNC_HOST = "ossmirror.mycloud.services"; - RSYNC_PATH = "debian"; - ARCH_INCLUDE = "amd64 riscv64"; - - INFO_MAINTAINER = "${name} <${email}>"; - INFO_COUNTRY = "IN"; - INFO_LOCATION = "Kochi, Kerala"; - INFO_THROUGHPUT = "1Gb"; - MAILTO = email; - }; - }; -} diff --git a/hosts/fscusat/modules/mirror/debian/ftpsync.nix b/hosts/fscusat/modules/mirror/debian/ftpsync.nix deleted file mode 100644 index 29fb55b..0000000 --- a/hosts/fscusat/modules/mirror/debian/ftpsync.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.services.ftpsync; - archvsync = pkgs.callPackage ../../../pkgs/archvsync {}; - - formatKeyValue = k: v: '' ${k}="${v}" ''; - configFormat = pkgs.formats.keyValue { mkKeyValue = formatKeyValue; }; - configFile = configFormat.generate "ftpsync.conf" cfg.settings; -in -{ - meta.maintainers = with lib.maintainers; [ sinanmohd ]; - - options.services.ftpsync = { - enable = lib.mkEnableOption (lib.mdDoc "ftpsync"); - - settings = lib.mkOption { - inherit (configFormat) type; - default = {}; - description = lib.mdDoc '' - Configuration options for ftpsync. - See ftpsync.conf(5) man page for available options. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - environment.etc."ftpsync/ftpsync.conf".source = configFile; - environment.systemPackages = [ archvsync ]; - - services.ftpsync.settings = { - TO = lib.mkDefault "$STATE_DIRECTORY"; - LOGDIR = lib.mkDefault "$LOGS_DIRECTORY"; - }; - - systemd = let - name = "ftpsync"; - meta = { - description = "Mirror Debian repositories of packages"; - documentation = [ "man:ftpsync(1)" ]; - }; - in { - timers.${name} = meta // { - wantedBy = [ "timers.target" ]; - - timerConfig = { - OnCalendar = "*-*-* 00,06,12,18:00:00"; - Unit="%i.service"; - Persistent = true; - FixedRandomDelay = true; - RandomizedDelaySec = "6h"; - }; - }; - - services.${name} = meta // { - serviceConfig = { - LogsDirectory = name; - StateDirectory = name; - - ExecStart = "${archvsync}/bin/ftpsync sync:all"; - }; - }; - }; - }; -} diff --git a/hosts/fscusat/modules/mirror/default.nix b/hosts/fscusat/modules/mirror/default.nix deleted file mode 100644 index c5fd462..0000000 --- a/hosts/fscusat/modules/mirror/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: { - imports = [ - ./debian - ./www.nix - ]; - - systemd.tmpfiles.rules = [ - "d /var/cache/mirror/ 0755 root root" - "L /var/cache/mirror/debian - - - - /var/lib/ftpsync/" - ]; -} diff --git a/hosts/fscusat/modules/mirror/www.nix b/hosts/fscusat/modules/mirror/www.nix deleted file mode 100644 index ebde425..0000000 --- a/hosts/fscusat/modules/mirror/www.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -let - domain = "foss.fscusat.ac.in"; -in -{ - services.nginx.virtualHosts.${domain}.locations."/mirror/" = { - alias = "/var/cache/mirror/"; - extraConfig = "autoindex on;"; - }; -} diff --git a/hosts/fscusat/modules/network.nix b/hosts/fscusat/modules/network.nix deleted file mode 100644 index 53367f8..0000000 --- a/hosts/fscusat/modules/network.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: - -let - wan = "ens18"; -in -{ - networking = { - interfaces.${wan}.ipv4.addresses = [{ - address = "10.0.8.101"; - prefixLength = 16; - }]; - defaultGateway = { - address = "10.0.0.1"; - interface = wan; - }; - nameservers = [ "10.0.0.2" "10.0.0.3" ]; - }; -} diff --git a/hosts/fscusat/modules/www.nix b/hosts/fscusat/modules/www.nix deleted file mode 100644 index 24398da..0000000 --- a/hosts/fscusat/modules/www.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, ... }: - -let - domain = "foss.fscusat.ac.in"; -in -{ - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - sops.secrets = let - opts = { - owner = config.services.nginx.user; - group = config.services.nginx.group; - }; - in{ - "cusat.ac.in/key" = opts; - "cusat.ac.in/crt" = opts; - }; - - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - recommendedBrotliSettings = true; - - virtualHosts.${domain} = { - forceSSL = true; - sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path; - sslCertificate = config.sops.secrets."cusat.ac.in/crt".path; - - locations."/".extraConfig = "return 307 $scheme://$host/mirror/;"; - }; - }; -} diff --git a/hosts/fscusat/pkgs/archvsync/Makefile.patch b/hosts/fscusat/pkgs/archvsync/Makefile.patch deleted file mode 100644 index e82ada4..0000000 --- a/hosts/fscusat/pkgs/archvsync/Makefile.patch +++ /dev/null @@ -1,50 +0,0 @@ -From f2ba21ba678907fac0d3d088ad09b0d140ba7740 Mon Sep 17 00:00:00 2001 -From: sinanmohd -Date: Sat, 17 Feb 2024 11:37:23 +0530 -Subject: [PATCH] Makefile: nix port - ---- - Makefile | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - -diff --git a/Makefile b/Makefile -index 7a774b4..1efa053 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,9 +1,8 @@ --include /usr/share/dpkg/pkg-info.mk -+bindir = ${OUT}/bin -+docdir = ${DOC}/share/doc/ftpsync -+mandir = ${MAN}/share/man - --bindir = /usr/bin --docdir = /usr/share/doc/ftpsync - examplesdir = ${docdir}/examples --mandir = /usr/share/man - man1dir = ${mandir}/man1 - man5dir = ${mandir}/man5 - -@@ -41,15 +40,15 @@ install -D bin/runmirrors.$(1) $(2)/runmirrors - endef - - install: -- $(call install_bin,install,${DESTDIR}/${bindir}) -- install -D -m644 -t ${DESTDIR}/${docdir} \ -+ $(call install_bin,install,${bindir}) -+ install -D -m644 -t ${docdir} \ - README.md -- install -D -m644 -t ${DESTDIR}/${examplesdir} \ -+ install -D -m644 -t ${examplesdir} \ - etc/ftpsync.conf.sample \ - etc/runmirrors.conf.sample \ - etc/runmirrors.mirror.sample -- install -D -m644 -t ${DESTDIR}/${man1dir} ${MAN1:%=doc/%.1} -- install -D -m644 -t ${DESTDIR}/${man5dir} ${MAN5:%=doc/%.5} -+ install -D -m644 -t ${man1dir} ${MAN1:%=doc/%.1} -+ install -D -m644 -t ${man5dir} ${MAN5:%=doc/%.5} - - install-tar: - $(call install_bin,install-tar,${DESTDIR}/bin/) --- -2.43.0 - diff --git a/hosts/fscusat/pkgs/archvsync/common.patch b/hosts/fscusat/pkgs/archvsync/common.patch deleted file mode 100644 index d101f40..0000000 --- a/hosts/fscusat/pkgs/archvsync/common.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0bb6e03dbbf0bd47f6f8cc42274b8f7fa9fc9262 Mon Sep 17 00:00:00 2001 -From: sinanmohd -Date: Sat, 17 Feb 2024 14:31:03 +0530 -Subject: [PATCH] common: fix config location when wrapped - ---- - bin/common | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/bin/common b/bin/common -index 7ac7977..941e77a 100644 ---- a/bin/common -+++ b/bin/common -@@ -332,6 +332,9 @@ search_config() { - # Read config file - read_config() { - local name=$(echo "$1" | sed -e 's/[^A-Za-z0-9._-]/_/g') -+ name="${1%-wrapped.conf}" -+ name="${name#.}.conf" -+ - local config=$(search_config "$name") - if [ "$config" ]; then - . "$config" --- -2.43.0 - diff --git a/hosts/fscusat/pkgs/archvsync/default.nix b/hosts/fscusat/pkgs/archvsync/default.nix deleted file mode 100644 index bd3560e..0000000 --- a/hosts/fscusat/pkgs/archvsync/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, - stdenvNoCC, - fetchFromGitLab, - makeWrapper, - - pandoc, - rsync, - bash, - hostname, -}: - -stdenvNoCC.mkDerivation { - pname = "archvsync"; - version = "unstable-2024-02-17"; - - src = fetchFromGitLab { - domain = "salsa.debian.org"; - owner = "mirror-team"; - repo = "archvsync"; - rev = "653357779c338863917aa069afbae1b24472d32d"; - hash = "sha256-vI32Cko5jXY/aZI9hKWm3GI26Oy89M5VLUFWBk1HNXQ="; - }; - - strictDeps = true; - nativeBuildInputs = [ makeWrapper pandoc ]; - outputs = [ "out" "man" "doc" ]; - - patches = [ ./Makefile.patch ./common.patch ]; - - postInstall = '' - for s in $out/bin/*; do - wrapProgram $s --prefix PATH : ${lib.makeBinPath - [ rsync bash hostname ] - } - done - ''; - - makeFlags = [ - "OUT=${placeholder "out"}" - "MAN=${placeholder "man"}" - "DOC=${placeholder "doc"}" - ]; - - meta = with lib; { - description = "Scripts for maintaining a Debian archive mirror"; - homepage = "https://salsa.debian.org/mirror-team/archvsync"; - license = licenses.gpl2; - platforms = platforms.all; - maintainers = with maintainers; [ sinanmohd ]; - mainProgram = "ftpsync"; - }; -} diff --git a/hosts/fscusat/secrets.yaml b/hosts/fscusat/secrets.yaml deleted file mode 100644 index bed58ce..0000000 --- a/hosts/fscusat/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -cusat.ac.in: - key: ENC[AES256_GCM,data:EKa6hnY8Yu+x/ElgtiATj0dKUR70daMUhdAvloiWS+FQWBLnC94lsI0R0ztFflqmFz0J2dHA0A/D/nKeZKIQPlktl7mcNBYFNIFnQ+5zxqwtRwbhGCaosCZAWEnu94lT/WLzgmx8KuZVWfUZPkGMaqFMBeALt3sGg9b/x/utJCAUKUtOlDgl8BSQQozqXnpGByGvabFZbJlx16SBt5QLxMq8ftup3ik33KFanlEISOfu1hNwIHCseFhP6NSCcM/yZRmtuIpHd4DN2U78PFmLbGSiiY9TCa3Uuj9sTOn3xapNgBI1KtNAsfB486PfTjkeO+HU00/GCjJHxoIL0nYt0+tMyXP6M2ZQvhNazpOmCzf0LnOWbGdNtdGLEKqKmmhs5OIfhBjV0qnsp9Samj3i2fZpOVRsPnI0o80UGfuQ2ag0MPNN93ws1Q7+knV3ldvFOCRPmpeV4C+FEmFvrKIpNq+qJlpxJaNmRetlFcY6IQakiaPL8OrhwZJE3/Zr9w5KBnml90AOE3jbu2ZGh7U9igd242sUnbLfvALkwabNnqyQr/VlqpIDqW3TiMk3hMjoJhFL3A9R0sSK2ritigFoJTM5Hl138HVTvsO2OtVRbrYw8172S5WESg8nwSwSpPuvf3xgRmAwOMTy8zXnVsmnpJGY83JrzFjvVOKHuffojlelKlLX/gTptbjYw+MVH23ZkCIW1eaql/GueALp1iqhtA2gpb6zkVmGwXsm/HqtG9BTnuOSBUsLcmUv3hkd3z0NeE1E/34pstZgN66aTJEc8f6ZjahOCkNGl5QBtEuG/0oWJvIpqidlpDltpYwlEqaIKre/4GdEkzIg/XL4gAEN+/8CmX9YoOmAxPCx47VQ8OUPc7/M1KNsToynkMImDKyiZXIFwctRVJmAIUHcFCVqlbWqjJBR3i4nhurjl6EjU2Ahw4g9EXz6z47wxCcZYiyTH+hjUuxVPmPKTLVhrkOy7AtlMKqyHMMAP303hjDRi8OdeApE8L05ORftWhCawndUh2Es6BH03fFDvHi/EAPovKyz4GkBgmY9/ysmAWPb+ygSRYq5vlsF1mn9N+TFcgacO3rvHSckEOwrNLOE81Ee1ocaYCTb0o2KV/R0I7qaofTxHjk+3QFoJ0UU8Lulfm5rJ2gpY7qZVElGZgxycYj3+KBAc9Ra6YKHX9psCi+kiEW3i5Y6QlT7Qgmn0T+Dyip9l//gKKHcU+KSVl5GJTCX0rgv6BpAtIBG6shExU5SSQ68GkXmfgUltlQbCdPZMSMxy61DQxHT5dNrZF91aJxNvA8ZtjDJOXB1DPeytiVZ9VI+smfcUf8hkWd5xpC5iMgpIO5EIIqFXN0fO3KDJCCZk+lb0RvL3bLHt08HUuk5IJN7jdDcb7+4IGAc3me4htdbdGi2cf8JY/NzUOo+E6uLZiCyHjSiczzHM6rRniGVkZ5EuwFFDN77AoxfbxdAx2XmXVgxt5+1e8uVIyiVeB/+azIU4vJ1Z23EEX3I+3ipqFOoXjpBVrkpkZmzotI8JCzEzSpGJrPI8Vnnh+bEflAttIH4D9DOS91B3FULIh67uHuKJhIdOWyhtXLp/1uVpApsddsI8xxA3f8Ipjed6B5D9sh5B/NjF6EseI62Ait6OqszevRW4+6EaZgO2Qic/f9fVjmtA1HEPuyIiujUSf1l8UszCoXqJ2CS0OBANnBE3960vn3qdo/kaKi/WuoYbB8CWbMX5X4hUE6sb2Vqmu18ieqSIyefKgFJVzLOaUaF6m8jQrM6/vvi2gRXwFVIXRO7pvPMtfcU+KEkTnzZySGy7bpC0Qcj3CBV/BJK3Q21eBEnP+e+ELlszdAKq/S6Jk88nvuNGkQxNSP6VIiWpGKteVygowFzcF2qZnhgoK4T6f+aBUkLkk7x1ovajYj0Qr9faYkCXz19khQNnBl6v7IVbwlEN3ZlDBpvcGBz8taMHw0nod6TjCny0mOyG3t2iM9B0LdFK8LYq+QeUdlUu0bJgwYlLk5/1sTDAkxXpuqhxrq6dnsgwhz776EahzTQ8e8da9QmWCuydmwKe252/eUAw3wwX1b5WCUzWg3m7MAK45Y8WKgu1w2UTougtPmLVsDDDIr0rN60R+rZxsulEod9+f0KAp9+YB4YvE0D84p1LC64B6WiiOz7j9G2l8Z4cwI64ewkmkwllmMiXcahmMjw4meDvSykeL8bUDn536KH3nX6nA3N56v+cgDK5z9TwFtprvY70o8XMUnwbYY/Ob7RK4/MiBcF5rM=,iv:CzxdD55Ct099dzWs97h+8y/fJmicQ47QLh5rKU7nRog=,tag:QtaZVWBS7qBQoADJApoErQ==,type:str] - crt: ENC[AES256_GCM,data:8pFnumBIlY0Hse4TTpzEyJUV82t5ZAY9yCXvZYT7ZAWY3ROChpkezCBMaMG43waocEPZTHgmOKkgIDQSZiq/gO9qprOMJA26I8WrV+ZMIoeUtQFCnPOkuyrnoyhtWayr1GIOItNRxNC3rxStI7vpwpeAUmZvb2BQgiDP51Xnhe/zcEsGEsdxR1S8JJWgaKV+KXQUIzK7pUa9hf9bs2uG2jMuxSH24ePkfaO8y3VIj1Wa2Lag+hXvnV5FfKoMMPSaqVgJeXak/5H7hy3hZdTBHGiUVdycLcaRytQIVM9L7jHj+Wtfj+vCMUVxqI+vo4vcmEw3CZwy8RH+SQgNsZmk8chgBqQ8XRWACDnzwukm9VXj/xZjX9chHBaDdiViHaoa7Mo88EKTDaGDctNtG3Kjfr0f8UnfZEUfEMBVYLF8PLfSCAuooVocStkXNGL5xtEx0NzYAA1xrIeRjQznOsHKhqoftGU6o4w5QKdrR6Eg1/hP0NAxca8gcTOjbF9D71edZX+J1HP77Bxlb/x/0WIqk2qc1+zY9AF3qwPHLMV9nrIp/gyEz9Kvff7WjEmeBOu8th4k+w4azWdiyGzIO+u5dw7+5qRgUE8JD/p44ReGJbSz6EhSe7lJrn8AtGUvfDniFQV7mA7gDJJeC0ux3aXMLH8hn1spZR0mjQY2nUqUJokJHzRl29beN/KIoq3Q4AnEVFARaogdkFr15YgNhbmr700vrCsEdu3NNWQUzXgVCNHuaTVGxQ5aqUtR6ynsfAggSglSKvMR4+YK7hHGsUsrB9Etnq3z06nVZN2m4hyJV8N1UX8dVLYzPzMOCEzifU93ULeZ8TNJW/riuFyPFLx8ZOn2uBllk5kiLhMIyi0R6Mcbi7N3R55BxjT58LJB4X6cqRFZHpk/s6GuPKkAChV4Kpbcp9mAr3WuSQhKVz2EilzWJ8XRaCwQ9nZCpLXVAzOWgadN+0GY7twYWhvxMSZKH+swYrlQFobNmZAIo/y+YJjWkHfgpMS5n4jQC47IzCS9cVBFU6KXx0aobUD4K5SmxqQOqWh3VdoZkHdVkLs+IeXS+uE1hCVoMPkJpngvXqyVhkv5seSf92XccwoNnAfwzSHVrUD/RDbjusH5VKXQkq6fCk5FtRCncy95v+XBpjfJ+5VeBQGoKv0Ot2BJ6Go7CS7JapnC1gFDNcqgnrCN+DwRxlXnMgs6bcSNt1d1s6n5GHLzLSkoq9WDjrZEk9EdLFcGWHWLz65uNaI0FRoHuNhCVftZjKwNUJ1Jc84BZUI6iKLVEfCfRmOpdAS+dclZovW9XANix2NPanl1DT+uxLYbJlCtnwrIsRjBrXISV4/TOrQuIL9BaQfZZVhHRDbSQbdyHmXbind8RkJCaA+VZxqXz/mpTcDie2+Dm4wC7c3gzOoACFq53TusjEY/gEwrPcfoVcbdYp58/bSslAAvpB+ZqVibT/iFFPYJ150gOzB3U4d2MIkwddTkmsGfbl+k3zaKMfRsvBm41y/Byvm/fn81l7J4wUYnSyhJuAf1UyBmupltV6xq56ANLxDNAmNylwProRESGXj9Lvka1I8MGkVcF/krZXZKozTJ0PQEgZtf29DVmvPIB0MON4zE0/4bv5k6VENTk4JHCYie4kcZvnuYtv1gfWDn2GQhtdnef7/Dp2FZNbnAU/Ppvdit8fSDqZP7qVkc045U91gzB+lQfEovzNV/vhSN2ekpIJNQVrlCpF+BsMnz7oD6CZfPUV1LgOmZ8eL/qgwjHefpeOJCBLcvhm5ctCmWCYfqM3ZR0DFmF30f9qK3WdiqybI3bI0UC7QaYcUDqOg3cj6NH//LgjYXZJtn9o9NVZD3w4F582S8XbwV2N6j6PxMaSE9TVhocBqKTCPOG9k5gFuK/qNGbUWRfsgi42HlZCjdL2GIODEE1aeCyowEzwu4d2GMuseSlSNp8tyIetV4Bls3nazCy4fM552yN6l0xlljasaOkdhqaSPF/UFQZ1qjTfL2aILcekxav8qnPK/kiNnWys8WPQNqjkx95DWm5sPtNmZip6dt4jLgFHFeg53FPbom/D4kNwB1pHlgDEhyxtofFoq3PYHi37y+IVOVUNGiiBq0mhmR9/eBEr/+nljD1SgDDipmAD3cCaztCHLepBya2LZtA8RQ8JGf+L18UMj+Ovj4EhAZWBkHKTISlXqpqi8+efuAa13zTwShRGv96mldrZpdDY+zP/brb7HTZLAbLZceTMzV/Rf9Z/JTpRvxak8hyEtpEnZ0isvF1eswnYlHx4T6rHdOkZZKpVrpOcHHbtJoo24O3dAkIeSdB0GkNYKNfBtPe3oC1BLMKbB9hOpIuUmnFfnZY18HQvi1cmE7RQnji/hpAmnR2VnlyEH+ju/bxZJTgtw8rYQmnp7tlQ+oocsbQ+UL2HlUbBNSncdeL2xffBFjq9bCrN1I/fi0hWkBeJyoUCPF0jUehx0nedro5/0B31EDg1OyvES8CGbc/uWsHqbQYHZTsBDp2qAfS6pzX3uPNu0wDpSzRxFgcB2QOCXz8WY7iFeE7qetpf7Gax8yWXwMSaN3pphOZl7Z7jY8gRBp05D2lLUqh+jSQi9P7IrZ5O8/y5HZ6tX3x5zIcNAXNXsK1rBLApKyuqE3NOZxmH6LDSQJ7en0Fkq1LaZgItPjDdDTUF4OEv03X3d0L32Sb9dRQXHU/8HG2gtICNURtvVHjF/L922MCSbtT7YWYCigG0c9Q9hycDO5eP+NADWB1e+SpspZeE/4OidI3F1XsOQUx02TyiVsfAJbDvkPwiynpnUzNOlXIiYyZ9DxEQtQQLXddcnkxBwobDJ579IsVIxc7chz4TbMvs74GtY/Ojraz4aw/i0XDXVwOnkSgjyE5HB1Roj8eA7dmO46R8PcXfv//qmTgaev2WiZbFWtv2KZ8XA5GFUQHyGXXqT7r5iTEqca+rFyJuOQdtdheJFnhXtt1YODOR/FWLvks+re7c4HMRTnKGJSgppSB652QbNSGKp6FrmmOChyZ1GmpdMUO6to37VMtk4QFoD0guOd5hQY4syzL9BPGqiZiKYrw83OvJC8F6rdK/xAjhFEgy81K3FWzBE0S0bNfsrPp6ggaTvhX7CDS/gHsScbgYyG2mus6tjm5TbT16hUwCtIz20euyJC/x+/fW/ODE3NAZDChqJRTGu9h424QBXFxjg/IvbYW5tj1Ybpa68k3ZxJRa/+nARLOUizxz7HQhFXbUpYGqy+hi4KdmzYfrhKlsktMk8pQu7j463rjXclmb/vZRKlfOzY8ov7xYQGoQqUHGFTPRMKBben2ezP/sEi5/seiIWTI0/LsPdeSUCTMoruZ0d/QXJwjt9017r+e387yDSWOGqhllLD/DB3q1onTNKm4gXHmQZPx2BonDAXXgcBM35p2FlQ3mjBfKe7aIzvYplEUTTJZsuTHZO7gMsfaohKaoMxiKnaYmT8vZlv7vPNA++jAcp88PfBi3KpH2o0DKyqHL3EbQTigSHcYpxRt16cqazohbEcpP9FOjV+ntkhG4qGwwJLd99G/IaWPMbxuHCJwTdhlgbDBSXyCL8W+Gu5vE9YqyoZDZIOZhjKSVj9XR41MJ+lILbwasjaeywJ49B7JNzXV0rntl/RAS/mlDbf8dAR6GCs1KNKZTpp+cgnMB69nQZvdXRrwMQfpd5MA8HeUvblVBeqGnFyKgklVaq+TZ8cKSpQaGzMQXh3xxa3cNZvoyuuBwXTygXBINCPTQ1ud6ngwb7cJEwSVK8gqkMI252+EnyY0LskzVGdSRjkmaw5G3fu8g9rZRlOrWNGu0VBW5QHzEZvZTDpr2+Bm7McAHtwgANfD652IzxfUa3wtO2gpzoLvdCJo7Agt298kCbd6Kw4XB6hXMLbKdLpayaIYke8vXiguaNZJ/Kimh8EOa3rbRtsWC72Ba12H+lcW3vfT+AQT8ePZxhTjNy7IlwlyR0E3CELRTIb31IopHvBZ/9oy8JrGyd9cRgH8qgXKjC4upNG6pz++ySdcjBWdY9Aea8QAsWXEwbRDbGewf5Zl2E6U5C0RddSg47Fvds11dBArJ0xU9Uj7tDOlr8jHPp9qIyeGgxA98S71nIFMoYVCQ9doq96BGeg5eyAoIbdhvALvRY6c5eYmO7sgu2qmIai9Zr2h70ECq819CKDMbSDZFXGujlsse8EBkqqSOJm34wbsUZcRMXbPzNa+u3mHHMkM4en16oGL69JlB/w5Lnn/MK/f7z4xefG7oHKmjewnGuGEhp1b52BVtmyre/fthn6RncJO7HyZiWP8NTpjmgo3g8Kha0/8khorq0McxxrcRWkudqO/2go1b94M38zB2VFbUBehHECZDGbIKPx/KWhbvqOjvwQ5dlBuIj9BKjHSO75gubM/akn6RWIAYgPMHrRcVjSdc0bI1PPjWEKhvYux0Y43GTZp/uAmRtQ52Xq4oYnhhIEx0wTDccApEhsScN3vSoxGn1tv6zuYfCpgJRucwboGtqRyfFgGDB+HRXH4emXy2wGuEsJo2trt1cvBkZfy37I8RuYiuery+C4tFoNKaXoQuNfe8GpQh99cQmds0s8WVbbLDrmJBu+3F2aiEVbVYyZuPGZJvTmxF8PtS7osyIaSVs4C6c/vRlURqUPe7/IK+LFFn6m8ZAdr2aMlm5MhCve1STux1lOEz8C+in3c1aWo2FCi4zqZh5y+vYbKprwWVRixGYoaD3y+tKyNYXSCXYBgK5RNgnBHR6Z/2FXw9H2mBFiC21jSyFDQ8XKxTat2yRB6+32sfwjaGjfEJvAayPSSfRc8bHxHsirUulbDOtkYKzVWJKFEbNLrOHxthjpyn1JpiPBk9Ix/PDAGNtnNpI8E70QDvLc/X3d3OPM1YrfZw3CGRjKoweFzNE7o1xa+qDPN/JYrFYkZ1oGgBcoggMJhMeEcHlh1dPi7j66Dq+hi5fAil84M4xnT/QYQMuhYRdSrxS/XVBy6FJWSPZ7xGXgJvlBR4jm3U3A1oUzkJoF98e35i2OPRecG9xxKeqV8/LP0OxM1e6XEmVNrU0aIE9zD8K20OkHA0rmlrURpjddIfj+kAFOawEu7bI6TCdX+K9rDryJx0vjY4nInN42y5oQNsUs31sd2ywWI6HLjuPDWTJ6c4yarB1RqUHhE3XqZKBk4DyHI6gFFOIRDoZl1DWbPSFX7P/6KeXv125sSa7SFb5QUNX5nXg325aZr/2ce/JyP76aDrXT1MlGcJOR7UX6W/dDcr7int2wXZPPSHOMs0y9Oicmg2cDkhHBNkWlRlNOtwh8YM+H7ZrdMl5HFlKei37oof6b9mxXMqWHDgypspCn7sPIH9x3YcojMRX42BBBM91KNJ26iJ6e+FC1fpdJ6HiJTgnJ3RjOslTW/URA2CR1gfPSjb6ytagCregIwYwV6607axT/LMfyCKRBOuVevRsrRRJMjTm0lj+7nBYAwaNO6R0Wub9eAk4IGRCXCNvMVf0LI/nloXr4oOkky3CETjrFvxYCQO3T/Heh7s42I0Xcdsp3BQQvGG1mCTHPW9jAZbRznoeKsTPqA+NuG6fCMoYOTpdSgsvKzMC1iPUtS2a8DqKSZLrNCj9KsTKmiBoSZQZZMYIYI38V526tEZkZyNwH3nq1S5Vm+utIyt99PkpjvRMgWtqIZCHMRewaDCqnYn3f7QBMR3nyONuCZrpOupwCRg9Ox03ByBT5TEEhlAKXVywHH7HdZA6BZkcYq7ka6iDGwdgJGBYLOyktLKQQ3fr7597ngXg8jXUULsIA2Cd20sBq7W/FNT+1qloD9nbrUbyyX1Aa/RhGfydy6mBWHenaqEJYyuXJWx9COlD9gH+QQF36KAkMCDdZL9V1u07CTnG1bgNia+HQ3JhfYH2OQVHrylBK15h698d8FUAhJyv+x6mxqQo1k+b8qiHyXN1Pq3SGkyTP5YnYmA4AHGc9Dm1IBJbGRYimdpqDV/bJMuyQKedlud7KVJjd0sbLK8q/u6qBPPFc+52G0WLPhd1CqAVxX31aBv/IczvRKbcDDYv3KRIh3HBU609H572axQgaeCBiEevgDm+2lHgw004cR5rk2ho47nk7w22DV6gRb69ndJrBFy6g6QrgEoHnxZvBwfI9TX2HRwaC9DIgM/kdA9vrBmPv6D2NBgi0c4R0vUt3YUuDaoxhrOyzT2+XvRaIkm3FVMilnH8rmJvM29AJed+nETmcQGfG7fxoF0lkGFdwE8m/ikOMLpC0hYig+g6pLDYIbdG7+GzvjfA7eSOAZ2k09D8pWw6jNeaHt61B2bfCMg50THuYscpO88ecMAUtOh1VC7gd2Kg9JS2rIq770Jq/m8lkWG+iuPv6PUDuoVGiW5G/VVycqDxcCDYQvU0Wkke7ccEsIJ8LQ+7AfdOrdMddFvscpU/49G47K8nbj1NAMoXoxgvDQFUA4YXBCqjCZrkv0TBLu/jSpyHJ+FQrSLbxFJLszBEQalaWolu1eHQ4RihQG2/WXq0RioSapF7SItsybXKytqlTkcS9BbgXmvc93ssgUXuxQszJLI8Ps1dV07aSxZTwSv4tcjdxc6RdFaUWjtNLl/pnRkGrBAfHTCv5iDHHIoDRte5z/Mj5/2yHWaSbrDxqKQSi3l3o3Z3IlTTyiNrqOB7qzDKalAcUzfbA9vKQMf3/vICHiN0Cjn8R01Gwx0XTrNmM7/CkE2Awe63xANVhifgMo+HuDnYOhF553sUAnhijwOoQkIw3XVdeSo5HzWVQz0+iWDBrxHSL/6JiODEAMAy3U/Qft1P6wvUOq/yHwjaMfJqnbiQNPfmj8YR5IE3mPGEs+YEJJqtXd+/DyDHT4txfq4coUjjh9jedl+IM+kM5z9EVK3qUIMNNixWhcFn6VAfkC4gVQCOCb1wF6cL+1xc4kRQhdYSWOqC1gXiXtVTM2VcDCni58u6bEgnr+DGrg33oh2k/mNWk9aWDPgjXKjV5lPhLzWa8IPswiXC3uOUMf8T0wUxqyTkeAceSUd9qC9c4gpV56EY24WEvei6GKsLMFdbL2TpfOU/1rH32iAFGWj3tdbVhhsDFATuFtoN9rqoxtY0sqrq4dEB4lkXOd6TShjXmDLeyn14mL3b0LA15/ju4ZYzRTbvyzrdUU95I/Y41jUW2yelLFFBLqu7+8eiP7fvSOB+5ElMlGlHOOqdqYDOGZKj1Efb+yEehDPWIT5sZnUOEorLYbNKHGAEWV3N/2jBt2kyzSG1HYJXdJHSyZc3qI8rtBp6naqfPBJBwtRsbtzxG+hgCBov6SZNV8spKu6bir/lPPhpwL6cX7rUuKj71bXa2i3WLsHsBRgldbRcCblyLoRU34ozwSgMu7sZTwCPc359RjXz41zHti6ZDBigi3EADA00dM/Zpb8KXthrnmI0YENaZzBKNIwyggc4QimXJeFFTPyTXq9VSgKBDE1YpxX2t91kMF6RI8+IA00HxiUohJ+T27yZfhuPKRLcuY5Kw+ohm4tI5Pz1PATxED5zmp5M8igxh99/E2Z99MHgo4r1B5BN7fjdE3cvYOixlB4DpZsSEZ9KSm2hjn2roq9/WhLdsy1Z4JdwuoyzCepgfFX26CpCiKgyyGQ+OkgAlBUr0xyjZh7nL/khRCB6qDKOsmnJEdMxKxmorZ5LNhQhp3ZCb7IlxMEzpNHfjjTaHvv1ZVvO3F1IQprhk26FEHG2MX5Q0pC8cLflDs4jMX4UGfGsDepBR0ntVq+/OHfbt8OvmKCbg5hzRkfvalHgjYP0QBXuBBY5FgwnttSKUJzd8f2+Tu37uWltQWfAF/DYIGK9QhqOjno/FWkAEhMwlfsGfc5fb1YKlnhH3+/qUDTFmk+W/tWHlWZfESSjaS34M3h7uFQ2nrJUudIxxureUoPFOzVSgE4v0QQH7SkPheJI9JbLmy93KSFbc6TAbv9aVhNd85kuEeC5iE4Qj4DGcFYO2PmhOQDg3+bl6Gm/zo2EFVHpGHK3UWLyWz/vPIqchL9UFER2d7bRU/zQ7HzTSTnkYSSZOU5KZYlcKzogaEXC/Wu4ZwleDLPNlufbFX5TdNGUjqLcwONkJlSN2Z/E4dug9R/af2UORgkjoualltwV1lfnZNqIeSBNsxACVaztoKCFl0VbBUIxPuaHHEOvdMnVE/QzAHr7i+dehOyStXQUG1B1OdSXyeyznV0Zi0Vw9+b2Etx9GVWjFmktXQympVmnK9uN0pmZEvQL5mB9cawi7ZA6c4bC8yp9qfQLToW5bsiNI8l12AQsWojnO4vusZvBzWJGrkCYxC1v2OWmlLrxfkKIiVxTU/8aYr4qIkri1Y/gHQNxq8cWkGesbfqHmLKhn4BKdmO7xDlN5R6lfUHIV6KwveIhWZw2P2MVOVW/09xTjxLBBs3BooSQK49vrKpVS8lMub1Fryb+V7OOutP3pby8G2KPVwv3OqBZirGyFmwZQc5fG72ZoZ+2oYr0i,iv:wBY6kIHIDynH4125koMcCGAuxHc/F63Yq3NcMfCqPBU=,tag:zfuizdFXXtdZ2HLJSgHUmw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5V29tMGtRTXlTZ1czZm4r - ZW9halUzbGNJSXJpejVUK1dwN2E2c3BoM253Ck5xWG9id0F6WTBxU3ZKSmREZDBW - V3lvUHN1TVhPczJ1WmttK1ArK3FzUGMKLS0tIGhCMVZobGp4TytRS2c2QlhJZTcx - NVp3eGpXdE5kTjhtb251UWhmS0dSUU0KB38yJCc7hvUxaY/jri4c3WhbkSW8blHc - KOKqYJiK/KE0qmpJ7jssmpSKd7JHGUs3nM4H6EC9kTmObbKBzsHDsg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yqma4xm4qss787cnwv2v7j2e0eswhm5k9f27n6zhp74euyydv9essxdrmn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTGYwSnpuZEp6NGNJUDNT - RWh1RzBoeGtDSlhKOXRoSU9MK05hcjhTK0NBCmltNlUySktURGo1blFYWUhsenR4 - VHlXR2R3VUZ3RTIxdms3dThCNUVRb0UKLS0tIDZzTm5TUDFybzVwaHJpRVZWRVZv - OHpqelBrU2k5Q0dBL1dzOVhYeXM0QkUKjMu+5qi000GvGgKO9l7UFSytjJHHYfEd - 8Mi4pXbgWzncWE6D3i5E7twGSDQVpeWHngX35z8SSiWRuBrbjJvVdA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-15T01:54:13Z" - mac: ENC[AES256_GCM,data:nxElGqw+YRErhjpJQcG6hHahAizdWIaD1cP/eCKpmsvr7fd8qCJSyQ6nukJ+jugMkdZUsWaoeAX1Vesf2KkcajulvzK0nD+Vq2jXhAZHpil9KIseLPYMxSnSWGNs7B0vsuLLwXN9GB87URYmeJlTS7a74PoH+IfqzAudUH75drw=,iv:qFOShkqvLiLw00R1K85gmhBXx/h7ZNpxM+x63dbNkDs=,tag:hT7btxu3Cc0vXtdZkCRqaw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix deleted file mode 100644 index 1e264e2..0000000 --- a/hosts/kay/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./modules/network.nix - ./modules/www.nix - ./modules/sftp.nix - ./modules/acme.nix - ./modules/mail.nix - ./modules/dns - ./modules/sshfwd.nix - ../../common.nix - ]; - - boot.consoleLogLevel = 3; -} diff --git a/hosts/kay/hardware-configuration.nix b/hosts/kay/hardware-configuration.nix deleted file mode 100644 index 306e9ba..0000000 --- a/hosts/kay/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - kernelModules = [ "kvm-intel" ]; - blacklistedKernelModules = [ "nouveau" ]; - initrd.availableKernelModules = [ - "xhci_pci" - "ehci_pci" - "ahci" - "usb_storage" - "usbhid" - "sd_mod" - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/2eeacf49-c51e-4229-bd4a-ae437014725f"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/A902-90BB"; - fsType = "vfat"; - }; - "/hdd" = { - device = "/dev/disk/by-uuid/c941edb4-e393-4254-bbef-d1b3728290e9"; - fsType = "ext4"; - }; - }; -} diff --git a/hosts/kay/modules/acme.nix b/hosts/kay/modules/acme.nix deleted file mode 100644 index f4ded0a..0000000 --- a/hosts/kay/modules/acme.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: let - email = config.userdata.email; - domain = config.userdata.domain; - - environmentFile = - pkgs.writeText "acme-dns" "RFC2136_NAMESERVER='[2001:470:ee65::1]:53'"; -in { - security.acme = { - acceptTerms = true; - defaults.email = email; - - certs.${domain} = { - inherit domain; - extraDomainNames = [ "*.${domain}" ]; - - dnsProvider = "rfc2136"; - dnsPropagationCheck = false; # local DNS server - - inherit environmentFile; - group = config.services.nginx.group; - }; - }; -} diff --git a/hosts/kay/modules/cgit.nix b/hosts/kay/modules/cgit.nix deleted file mode 100644 index 2ef95fb..0000000 --- a/hosts/kay/modules/cgit.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: - -let - domain = config.userdata.domain; - user = config.userdata.user; -in -{ - environment.systemPackages = with pkgs; [ - luajitPackages.luaossl - lua52Packages.luaossl - ]; - - services.cgit."git.${domain}" = { - enable = true; - nginx.virtualHost = "git.${domain}"; - scanPath = "/var/lib/git"; - settings = { - project-list = "/var/lib/git/project.list"; - remove-suffix = 1; - enable-commit-graph = 1; - root-title = "${user}'s git repository"; - root-desc = "how do i learn github anon"; - source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; - about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; - readme = ":README.md"; - footer = ""; - enable-blame = 1; - clone-url = "https://git.${domain}/$CGIT_REPO_URL"; - enable-log-filecount = 1; - enable-log-linecount = 1; - }; - }; -} diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix deleted file mode 100644 index 8277e21..0000000 --- a/hosts/kay/modules/dendrite.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - domain = config.userdata.domain; - database = { - connection_string = "postgres:///dendrite?host=/run/postgresql"; - max_open_conns = 90; - max_idle_conns = 5; - conn_max_lifetime = -1; - }; -in -{ - sops.secrets."matrix-${domain}/key" = {}; - - services = { - postgresql = { - enable = true; - package = with pkgs; postgresql_15; - settings = { - log_timezone = config.time.timeZone; - listen_addresses = lib.mkForce ""; - }; - ensureDatabases = [ "dendrite" ]; - ensureUsers = [{ - name = "dendrite"; - ensureDBOwnership = true; - }]; - authentication = lib.mkForce "local all all trust"; - }; - - dendrite = { - enable = true; - loadCredential = [ - "private_key:${config.sops.secrets."matrix-${domain}/key".path}" - ]; - - settings = { - sync_api.search = { - enable = true; - index_path = "/var/lib/dendrite/searchindex"; - }; - global = { - server_name = domain; - private_key = "$CREDENTIALS_DIRECTORY/private_key"; - trusted_third_party_id_servers = [ - "matrix.org" - "vector.im" - ]; - inherit database; - }; - logging = [{ - type = "std"; - level = "warn"; - }]; - mscs = { - inherit database; - mscs = [ "msc2836" ]; - }; - sync_api = { - inherit database; - real_ip_header = "X-Real-IP"; - }; - media_api = { - inherit database; - dynamic_thumbnails = true; - max_file_size_bytes = 12800000000; - }; - federation_api = { - inherit database; - send_max_retries = 8; - key_perspectives = [{ - server_name = "matrix.org"; - keys = [ - { - key_id = "ed25519:auto"; - public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; - } - { - key_id = "ed25519:a_RXGa"; - public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; - } - ]; - }]; - }; - - app_service_api = { - inherit database; - }; - room_server = { - inherit database; - }; - push_server = { - inherit database; - }; - relay_api = { - inherit database; - }; - key_server = { - inherit database; - }; - user_api = { - account_database = database; - device_database = database; - }; - }; - }; - }; -} diff --git a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone deleted file mode 100644 index 69b3524..0000000 --- a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone +++ /dev/null @@ -1,14 +0,0 @@ -$ORIGIN 5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa. -$TTL 2d - -@ IN SOA ns1.sinanmohd.com. sinan.sinanmohd.com. ( - 2024020400 ; serial - 2h ; refresh - 5m ; retry - 1d ; expire - 5m ) ; nx ttl - - IN NS ns1.sinanmohd.com. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns1.sinanmohd.com. -7.3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR mail.sinanmohd.com. diff --git a/hosts/kay/modules/dns/ddns.nix b/hosts/kay/modules/dns/ddns.nix deleted file mode 100644 index e6e417a..0000000 --- a/hosts/kay/modules/dns/ddns.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, ... }: { - services.pppd.script = { - "02-ddns-ipv4" = { - runtimeInputs = with pkgs; [ coreutils knot-dns ]; - type = "ip-up"; - - text = '' - cat <<- EOF | knsupdate - server 2001:470:ee65::1 - zone sinanmohd.com. - - update delete sinanmohd.com. A - update add sinanmohd.com. 180 A $4 - - update delete mail.sinanmohd.com. A - update add mail.sinanmohd.com. 180 A $4 - - send - EOF - ''; - }; - - "02-ddns-ipv6" = { - runtimeInputs = with pkgs; [ coreutils knot-dns iproute2 gnugrep ]; - type = "ipv6-up"; - - text = '' - while ! ipv6="$(ip -6 addr show dev "$1" scope global | grep -o '[0-9a-f:]*::1')"; do - sleep 0.2 - done - - cat <<- EOF | knsupdate - server 2001:470:ee65::1 - zone sinanmohd.com. - - update delete sinanmohd.com. AAAA - update add sinanmohd.com. 180 AAAA $ipv6 - - send - EOF - ''; - }; - }; -} diff --git a/hosts/kay/modules/dns/default.nix b/hosts/kay/modules/dns/default.nix deleted file mode 100644 index 1146cc3..0000000 --- a/hosts/kay/modules/dns/default.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ config, pkgs, ... }: let - listen_addr = "2001:470:ee65::1"; - - acmeSOA = pkgs.writeText "acmeSOA" '' - $TTL 2d - - @ IN SOA ns1.sinanmohd.com. sinan.sinanmohd.com. ( - 2024020505 ; serial - 2h ; refresh - 5m ; retry - 1d ; expire - 5m ) ; nx ttl - - IN NS ns1.sinanmohd.com. - ''; -in { - imports = [ ./ddns.nix ]; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - - sops.secrets.dns = { - owner = config.systemd.services.knot.serviceConfig.User; - group = config.systemd.services.knot.serviceConfig.Group; - }; - - services.knot = { - enable = true; - keyFiles = [ config.sops.secrets.dns.path ]; - - settings = { - server.listen = listen_addr; - - remote = [ - { - id = "ns1.he.net"; - address = [ "2001:470:100::2" "216.218.130.2" ]; - via = "2001:470:ee65::1"; - } - { - id = "m.gtld-servers.net"; - address = [ "2001:501:b1f9::30" "192.55.83.30" ]; - } - ]; - - submission = [{ - id = "gtld-servers.net"; - parent = "m.gtld-servers.net"; - }]; - - policy = [{ - id = "gtld-servers.net"; - algorithm = "ecdsap384sha384"; - ksk-lifetime = "365d"; - ksk-submission = "gtld-servers.net"; - }]; - - # generate TSIG key with keymgr -t name - acl = [ - { - id = "ns1.he.net"; - key = "ns1.he.net"; - address = [ "2001:470:600::2" "216.218.133.2" ]; - action = "transfer"; - } - { - id = "localhost"; - address = [ listen_addr ]; - update-type = [ "A" "AAAA" ]; - action = "update"; - } - { - id = "acme"; - address = [ listen_addr ]; - update-type = [ "TXT" ]; - action = "update"; - } - ]; - - mod-rrl = [{ - id = "default"; - rate-limit = 200; - slip = 2; - }]; - - template = [ - { - id = "default"; - semantic-checks = "on"; - global-module = "mod-rrl/default"; - } - { - id = "master"; - semantic-checks = "on"; - - dnssec-signing = "on"; - dnssec-policy = "gtld-servers.net"; - - notify = [ "ns1.he.net" ]; - acl = [ "ns1.he.net" "localhost" ]; - - zonefile-sync = "-1"; - zonefile-load = "difference"; - } - { - id = "acme"; - semantic-checks = "on"; - acl = [ "acme" ]; - - zonefile-sync = "-1"; - zonefile-load = "difference"; - journal-content = "changes"; - } - ]; - - zone = [ - { - domain = "sinanmohd.com"; - file = ./sinanmohd.com.zone; - template = "master"; - } - { - domain = "_acme-challenge.sinanmohd.com"; - file = acmeSOA; - template = "acme"; - } - { - domain = "5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa"; - file = ./5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone; - } - ]; - }; - }; - -} diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone deleted file mode 100644 index 0409efc..0000000 --- a/hosts/kay/modules/dns/sinanmohd.com.zone +++ /dev/null @@ -1,46 +0,0 @@ -$ORIGIN sinanmohd.com. -$TTL 2d - -@ IN SOA ns1 hostmaster ( - 2024022700 ; serial - 2h ; refresh - 5m ; retry - 1d ; expire - 5m ) ; nx ttl - - IN NS ns1 - IN NS ns2.he.net. - IN NS ns3.he.net. - IN NS ns4.he.net. - IN NS ns5.he.net. - - 30 IN A 127.0.0.1 - 30 IN AAAA ::1 - - IN MX 10 mail - - IN TXT "v=spf1 mx -all" -_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:reports@sinanmohd.com; ruf=mailto:reports@sinanmohd.com; adkim=s; aspf=s" - -ed25519._domainkey IN TXT "v=DKIM1; k=ed25519; p=EHk924AruF9Y0Xaf009rpRl+yGusjmjT1Zeho67BnDU=" -rsa._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HEqO63fSC0cUnJt9vAQBssTkPfT4QefmAK/1BtAIRIOdGakf7PI7p3A1ETgwfYxuHj7BUSzUtESsHMThbhB1Wko79+AR+5ZBDBmD8CE0dOnZfzeG8xIaGfYkaL4gana6YZWiBT2oi/CimJfc22wacF01SufOs4R8cDpy4BZIgDD/zfF4bFTORQ0vMSJQJkp1zdQelERDU5CEezgxgVYgoSmdEpgkhc23PJSyj4Z7hA69N0amsb3cVVrfVXcYvSqTK3S2vLLA89ws4CUjCCpUW40gVIP8QP6CqTL76936Oo7OVWgmV3Sn3wa8FMN6IATY+fbMlrdOMsPY5PauJyEoQIDAQAB" - -ns1 IN AAAA 2001:470:ee65::1 - -mail 30 IN A 127.0.0.1 -mail IN AAAA 2001:470:ee65::1337 -smtp IN CNAME @ -imap IN CNAME @ -mta-sts IN CNAME @ - -_mta-sts IN TXT "v=STSv1; id=2024022500" -_smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:reports@sinanmohd.com" - -www IN CNAME @ -git IN CNAME @ -bin IN CNAME @ -static IN CNAME @ - -lia IN A 65.0.3.127 - -_acme-challenge IN NS ns1 diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix deleted file mode 100644 index 9e22bf5..0000000 --- a/hosts/kay/modules/hurricane.nix +++ /dev/null @@ -1,115 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - iface = "hurricane"; - remote = "216.218.221.42"; - - clinet = "2001:470:35:72a::2"; - server = "2001:470:35:72a::1"; - - prefix64 = "2001:470:36:72a::/64"; - prefix48 = "2001:470:ee65::/48"; - - makeAddr = prefix: host: let - split = lib.strings.splitString "/" prefix; - in { - address = "${lib.head split}${host}"; - prefixLength = lib.toInt (lib.last split); - }; -in -{ - networking = { - sits.${iface} = { - inherit remote; - ttl = 225; - }; - interfaces.${iface} = { - mtu = 1440; # 1460(ppp0) - 20 - ipv6.addresses = [ - { - address = clinet; - prefixLength = 64; - } - - (makeAddr prefix64 "1") - (makeAddr prefix48 "1") - (makeAddr prefix48 "1337") - ]; - }; - - iproute2 = { - enable = true; - rttablesExtraConfig = "200 hurricane"; - }; - - firewall.extraCommands = - "iptables -A INPUT --proto 41 --source ${remote} --jump ACCEPT"; - }; - - sops.secrets = { - "hurricane/username" = {}; - "hurricane/update_key" = {}; - "hurricane/tunnel_id" = {}; - }; - - systemd.services."network-route-${iface}" = { - description = "Routing configuration of ${iface}"; - wantedBy = [ - "network-setup.service" - "network.target" - ]; - before = [ "network-setup.service" ]; - bindsTo = [ "network-addresses-hurricane.service" ]; - after = [ "network-pre.target" "network-addresses-hurricane.service" ]; - # restart rather than stop+start this unit to prevent the - # network from dying during switch-to-configuration. - stopIfChanged = false; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - path = [ pkgs.iproute2 ]; - script = '' - echo -n "adding route" - - ip -6 rule add from ${clinet}/64 table hurricane || exit 1 - ip -6 rule add from ${prefix64} table hurricane || exit 1 - ip -6 rule add from ${prefix48} table hurricane || exit 1 - - ip -6 route add default via ${server} dev hurricane table hurricane || exit 1 - ''; - preStop = '' - echo -n "deleting route" - - ip -6 route del default via ${server} dev hurricane table hurricane || exit 1 - - ip -6 rule del from ${prefix48} table hurricane || exit 1 - ip -6 rule del from ${prefix64} table hurricane || exit 1 - ip -6 rule del from ${clinet}/64 table hurricane || exit 1 - ''; - }; - - - services.pppd.script."01-${iface}" = { - runtimeInputs = with pkgs; [ curl coreutils iproute2 iputils ]; - text = '' - wan_ip="$4" - username="$(cat ${config.sops.secrets."hurricane/username".path})" - update_key="$(cat ${config.sops.secrets."hurricane/update_key".path})" - tunnel_id="$(cat ${config.sops.secrets."hurricane/tunnel_id".path})" - - auth_url="https://$username:$update_key@ipv4.tunnelbroker.net/nic/update?hostname=$tunnel_id" - until curl --silent "$auth_url"; do - sleep 1 - done - - while [ ! -e /sys/class/net/${iface} ]; do - sleep 1 # make sure ${iface} is up - done - - ip tunnel change ${iface} local "$wan_ip" mode sit - ''; - }; -} diff --git a/hosts/kay/modules/iperf3.nix b/hosts/kay/modules/iperf3.nix deleted file mode 100644 index 901a93d..0000000 --- a/hosts/kay/modules/iperf3.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - services.iperf3 = { - enable = true; - - bind = "10.0.0.1"; - openFirewall = true; - }; -} diff --git a/hosts/kay/modules/mail.nix b/hosts/kay/modules/mail.nix deleted file mode 100644 index 63959b8..0000000 --- a/hosts/kay/modules/mail.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ config, ... }: let - ipv6 = "2001:470:ee65::1337"; - domain = config.userdata.domain; - - username = config.userdata.user; - secret = "$argon2i$v=19$m=4096,t=3,p=1$SWV5aWU3YWUgZWFTNm9oc28gTGFvdDdlRG8ga2FTaWVjaDYgYWV0aDFHb28$O/sDv7oy9wUxFjvKoxB5o8ZnPvjYJo9DjX0C/AZQFF0"; - email = [ - "${username}@${domain}" - "sinanmohd@${domain}" - "me@${domain}" - - "postmaster@${domain}" - "hostmaster@${domain}" - "admin@${domain}" - ]; - - credentials_directory = "/run/credentials/stalwart-mail.service"; -in { - networking.firewall.allowedTCPPorts = [ - 25 # smto - 465 # submission - 587 # submissions - 993 # imap ssl - 4190 # managesieve - ]; - - security.acme.certs.${domain}.postRun = "systemctl restart stalwart-mail.service"; - sops.secrets = { - "mail.${domain}/dkim_rsa" = {}; - "mail.${domain}/dkim_ed25519" = {}; - }; - - services.stalwart-mail = { - enable = true; - loadCredential = [ - "dkim_rsa:${config.sops.secrets."mail.${domain}/dkim_rsa".path}" - "dkim_ed25519:${config.sops.secrets."mail.${domain}/dkim_ed25519".path}" - - "cert:${config.security.acme.certs.${domain}.directory}/fullchain.pem" - "key:${config.security.acme.certs.${domain}.directory}/key.pem" - ]; - - settings = { - macros = { - host = "mail.${domain}"; - default_domain = domain; - default_directory = "in-memory"; - default_store = "sqlite"; - }; - - queue.outbound = { - ip-strategy = "ipv6_then_ipv4"; - source-ip.v6 = "['${ipv6}']"; - tls.starttls = "optional"; - }; - server.listener = { - smtp.bind = [ "[${ipv6}]:25" "0.0.0.0:25" ]; - jmap.bind = [ "[::]:8034" ]; - }; - - signature = { - rsa = { - private-key = "file://${credentials_directory}/dkim_rsa"; - selector = "rsa"; - set-body-length = true; - }; - ed25519 = { - public-key = "EHk924AruF9Y0Xaf009rpRl+yGusjmjT1Zeho67BnDU="; - private-key = "file://${credentials_directory}/dkim_ed25519"; - domain = "%{DEFAULT_DOMAIN}%"; - selector = "ed25519"; - headers = [ "From" "To" "Date" "Subject" "Message-ID" ]; - algorithm = "ed25519-sha256"; - canonicalization = "relaxed/relaxed"; - set-body-length = true; - report = true; - }; - }; - - certificate."default" = { - cert = "file://${credentials_directory}/cert"; - private-key = "file://${credentials_directory}/key"; - }; - - storage.blob = "fs"; - store = { - fs.disable = false; - sqlite.disable = false; - }; - - directory."in-memory" = { - type = "memory"; - options.subaddressing = true; - - principals = [ - { - inherit email; - inherit secret; - name = username; - type = "admin"; - } - { # for mta-sts & dmarc reports - email = "reports${domain}"; - inherit secret; - name = "reports"; - type = "individual"; - } - ]; - }; - }; - }; -} diff --git a/hosts/kay/modules/matrix-sliding-sync.nix b/hosts/kay/modules/matrix-sliding-sync.nix deleted file mode 100644 index ebdc34d..0000000 --- a/hosts/kay/modules/matrix-sliding-sync.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: - -let - domain = config.userdata.domain; -in -{ - sops.secrets."matrix-${domain}/sliding_sync" = {}; - - services.matrix-sliding-sync = { - enable = true; - environmentFile = config.sops.secrets."matrix-${domain}/sliding_sync".path; - - settings = { - SYNCV3_LOG_LEVEL = "warn"; - SYNCV3_SERVER = "http://127.0.0.1:${toString config.services.dendrite.httpPort}"; - }; - }; -} diff --git a/hosts/kay/modules/network.nix b/hosts/kay/modules/network.nix deleted file mode 100644 index 929fb1b..0000000 --- a/hosts/kay/modules/network.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, ... }: - -let - inetVlan = 722; - voipVlan = 1849; - wanInterface = "enp4s0"; - nameServer = "1.0.0.1"; -in -{ - imports = [ - ./router.nix - ./hurricane.nix - ]; - - sops.secrets = { - "ppp/chap-secrets" = {}; - "ppp/pap-secrets" = {}; - "ppp/username" = {}; - }; - - networking = let - voipVlanIface = "voip"; - in { - vlans = { - wan = { - id = inetVlan; - interface = wanInterface; - }; - ${voipVlanIface} = { - id = voipVlan; - interface = wanInterface; - }; - }; - - interfaces.${voipVlanIface}.useDHCP = true; - dhcpcd.extraConfig = '' - interface ${voipVlanIface} - ipv4only - nogateway - ''; - }; - - services = { - dnsmasq = { - enable = true; - settings = { - server = [ nameServer ]; - bind-interfaces = true; - }; - }; - - pppd = { - enable = true; - - config = '' - plugin pppoe.so - debug - - nic-wan - defaultroute - ipv6 ::1, - noauth - - persist - lcp-echo-adaptive - lcp-echo-interval 1 - lcp-echo-failure 5 - ''; - - peers.bsnl = { - enable = true; - autostart = true; - configFile = config.sops.secrets."ppp/username".path; - }; - - secret = { - chap = config.sops.secrets."ppp/chap-secrets".path; - pap = config.sops.secrets."ppp/pap-secrets".path; - }; - }; - }; -} diff --git a/hosts/kay/modules/router.nix b/hosts/kay/modules/router.nix deleted file mode 100644 index d2785a5..0000000 --- a/hosts/kay/modules/router.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ ... }: - -let - lanInterface = "enp0s20u4"; - wanInterface = "ppp0"; - subnet = "10.0.0.0"; - prefix = 24; - host = "10.0.0.1"; - leaseRangeStart = "10.0.0.100"; - leaseRangeEnd = "10.0.0.254"; -in -{ - imports = [ - ./wireguard.nix - ./iperf3.nix - ]; - - networking = { - nat = { - enable = true; - externalInterface = wanInterface; - internalInterfaces = [ lanInterface ]; - }; - interfaces."${lanInterface}" = { - ipv4.addresses = [{ - address = host; - prefixLength = prefix; - }]; - }; - firewall = { - allowedUDPPorts = [ 53 67 ]; - allowedTCPPorts = [ 53 ]; - extraCommands = '' - iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE - ''; - }; - }; - - services.dnsmasq.settings = { - dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ]; - interface = [ lanInterface ]; - }; -} diff --git a/hosts/kay/modules/sftp.nix b/hosts/kay/modules/sftp.nix deleted file mode 100644 index 07b1449..0000000 --- a/hosts/kay/modules/sftp.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, ... }: - -let - storage = "/hdd/users"; - user = config.userdata.user; - pubKeys = config.users.users.${user}.openssh.authorizedKeys.keys; -in -{ - users = { - groups."sftp".members = []; - - users."sftp" = { - group = "sftp"; - shell = "/run/current-system/sw/bin/nologin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmA1dyV+o9gfoxlbVG0Y+dn3lVqdFs5fMqfxyNc5/Lr sftp@cez" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCbgjAfyDNtLNyOS+sfLirYtfEAkGqV54LOwabpWkvf sftp@veu" - ] ++ pubKeys; - }; - - users."nazer" = { - group = "sftp"; - shell = "/run/current-system/sw/bin/nologin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc" - ]; - }; - }; - - services.openssh.extraConfig = '' - Match Group sftp - # chroot dir should be owned by root - # and sub dirs by %u - ChrootDirectory ${storage}/%u - ForceCommand internal-sftp - - PermitTunnel no - AllowAgentForwarding no - AllowTcpForwarding no - X11Forwarding no - ''; -} diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix deleted file mode 100644 index d70b893..0000000 --- a/hosts/kay/modules/sshfwd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: let - group = "sshfwd"; -in { - networking.firewall.allowedTCPPorts = [ 2222 ]; - - users = { - groups.${group}.members = []; - - users."lia" = { - inherit group; - isSystemUser = true; - - openssh.authorizedKeys.keys - = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ]; - }; - }; - - services.openssh.extraConfig = '' - Match Group ${group} - ForceCommand echo 'this account is only usable for remote forwarding' - PermitTunnel no - AllowAgentForwarding no - X11Forwarding no - - AllowTcpForwarding remote - GatewayPorts clientspecified - PermitListen *:2222 - ''; -} diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix deleted file mode 100644 index f90b1ec..0000000 --- a/hosts/kay/modules/wireguard.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, ... }: - -let - wgInterface = "wg"; - wanInterface = "ppp0"; - subnet = "10.0.1.0"; - prefix = 24; - port = 51820; -in -{ - sops.secrets."misc/wireguard" = {}; - - networking = { - nat = { - enable = true; - externalInterface = wanInterface; - internalInterfaces = [ wgInterface ]; - }; - firewall = { - allowedUDPPorts = [ port ]; - extraCommands = '' - iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE - ''; - }; - - wireguard.interfaces.${wgInterface} = { - ips = [ "10.0.1.1/${toString prefix}" ]; - listenPort = port; - mtu = 1380; # 1460 (ppp0) - 80 - privateKeyFile = config.sops.secrets."misc/wireguard".path; - - peers = [ - { # cez - publicKey = "IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8="; - allowedIPs = [ "10.0.1.2/32" ]; - } - { # vex - publicKey = "bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8="; - allowedIPs = [ "10.0.1.3/32" ]; - } - { # dad - publicKey = "q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ="; - allowedIPs = [ "10.0.1.4/32" ]; - } - { # shambai - publicKey = "YYDlp/bNKkqFHAhdgaZ2SSEMnIjKTqPTK7Ju6O9/1gY="; - allowedIPs = [ "10.0.1.5/32" ]; - } - ]; - }; - }; - - services.dnsmasq.settings = { - no-dhcp-interface = wgInterface; - interface = [ wgInterface ]; - }; -} diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix deleted file mode 100644 index 3891bf6..0000000 --- a/hosts/kay/modules/www.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - domain = config.userdata.domain; - fscusat = "fscusat.org"; - mark = "themark.ing"; - storage = "/hdd/users/sftp/shr"; -in -{ - imports = [ - ./dendrite.nix - ./matrix-sliding-sync.nix - ./cgit.nix - ]; - - security.acme.certs.${domain}.postRun = "systemctl reload nginx.service"; - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 443 ]; - }; - - services.nginx = { - enable = true; - package = pkgs.nginxQuic; - enableQuicBPF = true; - - recommendedTlsSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - recommendedBrotliSettings = true; - eventsConfig = "worker_connections 1024;"; - - virtualHosts = let - defaultOpts = { - quic = true; - http3 = true; - forceSSL = true; - useACMEHost = domain; - }; - in { - "${domain}" = defaultOpts // { - default = true; - globalRedirect = "www.${domain}"; - - extraConfig = '' - client_max_body_size ${toString - config.services.dendrite.settings.media_api.max_file_size_bytes - }; - ''; - - locations = { - "/.well-known/matrix/server".return = '' - 200 '{ "m.server": "${domain}:443" }' - ''; - - "/.well-known/matrix/client".return = '' - 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://${domain}"; - "org.matrix.msc3575.proxy".url = "https://${domain}"; - }}' - ''; - - "/_matrix".proxyPass = "http://127.0.0.1:${toString - config.services.dendrite.httpPort - }"; - - "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = - "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; - }; - }; - - "www.${domain}" = defaultOpts // { - root = "/var/www/${domain}"; - }; - - "git.${domain}" = defaultOpts; - - "bin.${domain}" = defaultOpts // { - root = "${storage}/bin"; - locations."= /".return = "307 https://www.${domain}"; - }; - - "static.${domain}" = defaultOpts // { - root = "${storage}/static"; - locations."= /".return = "301 https://www.${domain}"; - }; - - "${fscusat}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - globalRedirect = "www.${fscusat}"; - }; - "www.${fscusat}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - locations."/" = { - return = "200 '

under construction

'"; - extraConfig = "add_header Content-Type text/html;"; - }; - }; - - "${mark}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - globalRedirect = "www.${mark}"; - }; - "www.${mark}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - locations."/" = { - return = "200 '

under construction, see you soon

'"; - extraConfig = "add_header Content-Type text/html;"; - }; - }; - - "mta-sts.${domain}" = defaultOpts // { - locations."= /.well-known/mta-sts.txt".return = ''200 "${ - lib.strings.concatStringsSep "\\n" [ - "version: STSv1" - "mode: enforce" - "mx: mail.${domain}" - "max_age: 86400" - ] - }"''; - }; - }; - }; -} diff --git a/hosts/kay/secrets.yaml b/hosts/kay/secrets.yaml deleted file mode 100644 index 47be11b..0000000 --- a/hosts/kay/secrets.yaml +++ /dev/null @@ -1,47 +0,0 @@ -ppp: - chap-secrets: ENC[AES256_GCM,data:oTwucN94iWIzrCCAQySpkG+uEBERmEjXfoPm6piook8bS/q3kCd/DQ==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:239vrwVzeTIVCIw8U30jtg==,type:str] - pap-secrets: ENC[AES256_GCM,data:S72mx8AP8MDWrYZ3TIOnwoKcVWiUzms1ZpckghHjjFcWhW5orOjPOA==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:rBtSZH8i7fE7fJhRRda7eA==,type:str] - username: ENC[AES256_GCM,data:GzRdyvnRKSS8iH+RuFU9g6zxXhxl0DeWWkAyF3sefZc0QQ==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:8h9cpYn2Zy/32+2HJ76dFw==,type:str] -hurricane: - username: ENC[AES256_GCM,data:pe3igN9AIbc1,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:pH5CJXOOp/is7dQmt6wlog==,type:str] - update_key: ENC[AES256_GCM,data:wwd+QWTgKEqstY5d2eWBnWJYq2EisTTaa/Ow4WwBNkyh5FYP+7PEyg==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:+W1t1M+Mm4LopVbcI1x+eg==,type:str] - tunnel_id: ENC[AES256_GCM,data:WUDOxjmA,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:2Q25MXzlptg/rc0HQ1k6rg==,type:str] -dns: ENC[AES256_GCM,data:Pa6Oo7UFDqo5ZN+eyz9MKy0p4KU1ePTpWQ+R8PuSFO9JjFt/I86ru/qSKyymIzhJcjj5hXMT2LPjk4MH8BWaO39ACsPDSD09xA6e1GO0rvsvtB9cffuz/GnfveyHmev+7xzdriD4IHqINPE=,iv:zuSfHnmxrjFCX3DJSRxLDs/3IVBRnkn3crar1pCW1EU=,tag:rZ0TlMMsOCF3Shunx8PnfA==,type:str] -matrix-sinanmohd.com: - key: ENC[AES256_GCM,data:xsSYua3g+ySUVBtfVZ2uZR4761MC5LeJGxmcgf+dWb5+tBSmgzAQL9FFcl7GLzhTmvlq13lARUr599wShS/C9IyMVGOOT9A8hxLFF9Kak64hmM7ERGrwbmzBY1mdTtvibJqzHaeybUVIMbDagczF54zpjDGLmdC5V84wduPFCndSA5FW+4Hhqw==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:E2jlbt5WbRA9wu16Lr69Bg==,type:str] - sliding_sync: ENC[AES256_GCM,data:ubFeb/OgYYHaIHVky6KS3icORbpqf7PO3p8bONA8mwG8vU1LB0TDqVm6vQTa8G9pe96JzJ8+IAgSZafG9PaEJc/Bpj53aWRFO3HEV0Pj,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:VksV/4IaKN0C2g/alw6r4Q==,type:str] -mail.sinanmohd.com: - dkim_rsa: ENC[AES256_GCM,data:lwdVm4BIUHTipsHAQuJ7rI2TJnWXv6OzBP6komprUCqVjYz7PKlwltqxNvYRnjmOoFg+G4TrHaBCwVtlqlprkr7o7xeQ1omd9xbaYdWmNHhRNvxejGYF9oldK+zVPj9za/PSk2eXkL9b3ByIxyWQKkO9+UXQjs+C33heY+6MIJRvg/+8FX8RnFgjIMIBwvakBAVQSzveJPDB0TL/CF4avijQD1C6ayjqqarhkDu2kQhGO+95DYR9VWL2k3c8YdsQnbah3u7qBHGJpGfbh+r6ZtK4tdvCxg9b/nJo2QfPovsZy8NRIbEe6xiGQL/1Wt+GD/+08b/yq2Q6ao5Dmlqq12Y2KHPJp/EneqOgPKq3qMQOay1mPTnTzV/HP5irOS/gMg3+7ewCX7EuGOCCf4xFmEctbiePvkBbo0J00raUPrbC/tPWZpWSeTo/11jstRmFW593FnaBBcwlvqAm83QNulpWktQZXwM6inabh9XdTcnFga9lRh9XFfkW93wtzsbUNAhrKpSpuhf6fHBm0wZQdUW8K1AGdTVluiSCdrUvSollf8RZQ60zedlq8H3rZnFUnlyaBaguSu4eTSLoA4sXst0xMD5PuWgtiNrKnOdAnbnyEznwxqaJQvOLZN35nfjUIosFqjAZAxSL8FvMPAMikbGvqvnKPI6uI/sC5JymulcpXdSYikco0xvxiszM8E9SHDjHOCEp5mnMv70dk3t/fwwJ8RvQpsef7h5KGFGNEFeWP47s30uJdEXUxNl9pmT5M3C8r8IpThEF2gzpg5IY6/IOnJvaLadsMBpkXp5qlrNBgPJNfwSGoM2tt8DG6wNlae9Yyr6ayt0OASP25XFMTwSbJ/30Gjqf90m/iKIOAsFYXTtqL9FJ9H/X2QKBGGAuA7gsZCJzpW5b8KQh4UO8AgISXaYxxFmnngDRqVLMhWTDJhfwtSXisVE3g3epJe0ZQbjpLGp+HOpUVKskIvuT/f6abNsVGbI+D2k1UPHZH8BhXImfy/lbrcsYUer/RX9D3ifP5RdYcIbzb77pXmPLEsnmMlKO/K9V0M9i/+wByRgHAnQkD6sCL3ZnpL3Q46cEAOwR4vM8yg1CnwGIGYSPTtSbjpUBk5xNVKMUt5nVdaY/nji9h6HS0loQVm/glBZGf/r0hBQ0VmpDXd6NsD0dropF/0nQfqToHQcZmjYsi1Q72vVo492H7b7QYbD5fMPN/iWQIhUyFylYcNxdhllB1OfSdgGAB1XHsXI3x3c/ePTID2q5gBVUWs2EyYU2sxL81xL3I91Xp/IB8hw7hlmJAftWZ3Ol418uQkv5A2+zPkL+T9AcOeZwyPAur/pN145Yv5SxlhFn26jzz2gJC/HxKxG12M2WH5vPwstHWZtefirXgclMRzDAarT8wGWEXBuYNWhPAXSapa5fKi90MJsvMbs38OVz/M9eyAuNgoOqKHF/ZGSiDs050LoTSQCeUGB7EZVlA+GVHeVG2nCAv/MRdu2m5joqxKTUZt6HPMCFMcoT8mmAbDQdWMAxKs1yJ7urogrEzfdneaLGVArlnAv5+XJUDXhZ7JftJitJ0sLkkRP9k46aAfGulmO5YEF9t2jHYkc1Hzi1nGZZ9IiUdRZup5fb5EI6i+I4gawLPZ+JKYHUtKEkkiPvxhAxfG2NIY4/pHJyH0d+Rb6B3DNT+QSoFUI9Ez7lXVFKG3q3QndY9DJsseCde+jFI3v/ENyI2+Ze8FmEvfJKcdPxY9wXJ1xd/E59NbDzdnU+Y3Uph3uojdOOP/N7x9AqhoYGo8xAZIhIFio4zXhHLvLCs7M6CF7N2sVwj31eE8Yo8QeyYPqd99wJPGdnOIOvL7XooLUAEHJ6NB9UjUbAtNpLguw5FpEqq3WyauB2Ex9G7Uqtli930MkjVWHiiheZkWw8UP5tLFHlsXvxR7NAiI6qNZSIDWr8dwudBZKHz91srlxYhD6DN0xC37TC09RbBUd6mzF5DaOJASD3YOXGA4KAx5Rb/CcCnxxLpna35lJmJjGAd0b8S+f1jzAtoqpYAk/FYlhlX4crKhrqiw9l+EsokYNxKuHFuIKwz4KrdzadT9sUOMJOzU+5SLPNplqmqJBfrp6L0lt/ylPANOO0TiT5IqavjFMPMObP04AQuK30RPrZ1crz06aGo2RK0hYEYYDjoygKFkU+iZYTUcgByKM5bpUlqnNSf3Jq1FEU/nEK6caOHiQ76F1thsm/e1FTvAYg+mOUPYz9/nl0vVFJrtr5cMXtqxh9E/f/ujczI+A=,iv:dPnpNUPSDiq5C14YzDM2K4mFHNRFgc6p+X3Zu33OH60=,tag:MhgfV3z1wcbAfpwZmVWczw==,type:str] - dkim_ed25519: ENC[AES256_GCM,data:bberg3vGG9M3iPH1aLA+wIU6KNnxHRZxpGU5zT5Gqo9lohQa1wBDXCwsP0JaSfg56dhh9ZxF5HFd4V0nUzL6QMIeiExGkZmtdluaqki3fwFCssILch9pWOuM71Q1d7vi1eIN5PrAuX+6m8bmQBd1JIR+Kbz8dQ==,iv:C7wEFU7/xCh8LzyKXHSzgTX/L9OkmGWTnl5A94GLogw=,tag:j+sYtzzGN9guWa6T+ZUzbw==,type:str] - sinan: ENC[AES256_GCM,data:F3lhwjf6dZpDSmU=,iv:TCIzQeUBqgjqc+/z3Hh1tYpm3OeLGLpVUDeo6ufP7/4=,tag:TXUI8noaK5jyLpo8D+94jQ==,type:str] -misc: - wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2T3NSZ09xUDg5Q2VKM3FB - RXNwNTJrVkxScHR2eksrVlZQMFduOGRFT1RFClhQK2xTWXBUMzdlektSWFhHNDBN - bEMxelVjK1owZHczMVV3MWI2WlU2TncKLS0tIEovSk1uMnlvWFBya1YxNjArQTdh - Unk0a0tvR3VZQmtIU3RZSWNnazZJZTgKe0mjQHEkagnftc2zEbza863dSlnPOM6Q - 0Me0paRmqzsYBizp12SHjaXYiXFpvEeGmOVOMoGvD8UzTa+V5klS0w== - -----END AGE ENCRYPTED FILE----- - - recipient: age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NDVlc2crekF2b1lVZnZM - YU95N3lRWFhUUzczV1h4eUU0dHdSbWdpWVhZCmREdmFDSzRzY3pZUHpERkhCK1FS - cmxRam1vZ2U0dHBYc3hJWG9CRW13bzgKLS0tIFBpMFFXYTZDT09mTTJkWDhoYWVr - OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz - bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-25T04:23:28Z" - mac: ENC[AES256_GCM,data:SUFBHKTM2tQHX1Xtta3spl/GaaNrIAcNrLFzKzqb2ki3FhXnLLYu0wD+IBxuj1nxICn9TDprHFdcDenfFPV1mYWtmXLmWMeDcIGKXedYex2nakdlIYngGiLkEseuehft46YtoEqLJVksBFoLKmywRi+/ZGux/heSIyD14Toxb3Q=,iv:dqYGObF1SV3VBxSZtrggRdD1ROqvlp7tn8xLdNuDxx4=,tag:N/4L6NgIqYKQ8IbpFGru2g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/hosts/lia/configuration.nix b/hosts/lia/configuration.nix deleted file mode 100644 index 4cc057e..0000000 --- a/hosts/lia/configuration.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ../../common.nix - ./modules/network - ./modules/users.nix - ./modules/lxc.nix - ./modules/sshfwd.nix - ]; -} - diff --git a/hosts/lia/hardware-configuration.nix b/hosts/lia/hardware-configuration.nix deleted file mode 100644 index 6f4c6a4..0000000 --- a/hosts/lia/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - kernelModules = [ "kvm-intel" ]; - initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ata_piix" - "hpsa" - "usb_storage" - "usbhid" - "sd_mod" - "sr_mod" - ]; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/99fc38a8-9003-4ae2-98f4-e08afd9b4114"; - fsType = "ext4"; - }; -} diff --git a/hosts/lia/modules/lxc.nix b/hosts/lia/modules/lxc.nix deleted file mode 100644 index 259c316..0000000 --- a/hosts/lia/modules/lxc.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, ... }: let - container = { - name = "ubu"; - distro = "ubuntu"; - release = "jammy"; - }; - - bridge = "lan"; -in { - virtualisation.lxc.enable = true; - - environment.systemPackages = with pkgs; [ wget ]; - systemd.services."lxc-${container.name}-provision" = { - description = "auto provision ${container.name} lxc container"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - stopIfChanged = false; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - path = with pkgs; [ wget lxc util-linux gnutar xz gawk ]; - script = '' - if ! lxc-ls | grep -q ${container.name}; then - lxc-create -n ${container.name} -t download -- \ - --arch amd64 \ - --release ${container.release} \ - --dist ${container.distro} - - sed 's/lxcbr0/${bridge}/g' -i /var/lib/lxc/${container.name}/config - fi - - lxc-start -n ${container.name} - ''; - - preStop = "lxc-stop --name ${container.name}"; - }; -} diff --git a/hosts/lia/modules/network/default.nix b/hosts/lia/modules/network/default.nix deleted file mode 100644 index 927b2b5..0000000 --- a/hosts/lia/modules/network/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: let - wan = "enp4s0f2"; -in -{ - imports = [ - ./router.nix - ]; - - networking = { - interfaces.${wan}.ipv4.addresses = [{ - address = "172.16.148.20"; - prefixLength = 22; - }]; - defaultGateway = { - address = "172.16.148.1"; - interface = wan; - }; - }; -} diff --git a/hosts/lia/modules/network/router.nix b/hosts/lia/modules/network/router.nix deleted file mode 100644 index a6aef80..0000000 --- a/hosts/lia/modules/network/router.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ ... }: let - wanInterface = "enp4s0f2"; - lanInterfaces = [ "enp4s0f1" "enp4s0f3" ]; - - prefix = 24; - subnet = "192.168.1.0"; - host = "192.168.1.1"; - - leaseRangeStart = "192.168.1.100"; - leaseRangeEnd = "192.168.1.254"; - nameServer = [ "10.0.0.2" "10.0.0.3" ]; -in -{ - networking = { - bridges."lan".interfaces = lanInterfaces; - - nat = { - enable = true; - externalInterface = wanInterface; - internalInterfaces = [ "lan" ]; - }; - - interfaces.lan = { - ipv4.addresses = [{ - address = host; - prefixLength = prefix; - }]; - }; - - firewall = { - allowedUDPPorts = [ 53 67 ]; - allowedTCPPorts = [ 53 ]; - extraCommands = - "iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE"; - }; - }; - - services.dnsmasq = { - enable = true; - - settings = { - server = nameServer; - dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ]; - interface = [ "lan" ]; - }; - }; -} diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix deleted file mode 100644 index 3c7c006..0000000 --- a/hosts/lia/modules/sshfwd.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ pkgs, config, ... }: let - mkFwdSrv = { - local_port, - remote_port, - remote_user, - remote ? "sinanmohd.com", - ssh_port ? 22, - key ? config.sops.secrets."sshfwd/${remote}".path, - }: { - "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = { - description = "Forwarding port ${toString local_port} to ${remote}"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - # restart rather than stop+start this unit to prevent - # the ssh from dying during switch-to-configuration. - stopIfChanged = false; - - serviceConfig = { - ExecStart = '' - ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \ - -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \ - -o ServerAliveInterval=15 \ - -o ExitOnForwardFailure=yes \ - -i ${key} - ''; - - RestartSec = 3; - Restart = "always"; - }; - - }; - }; -in { - sops.secrets."sshfwd/sinanmohd.com" = {}; - sops.secrets."sshfwd/lia.sinanmohd.com" = {}; - - environment.systemPackages = with pkgs; [ openssh ]; - systemd.services - = (mkFwdSrv { - local_port = 22; - remote_user = "lia"; - remote_port = 2222; - }) // - (mkFwdSrv { - local_port = 22; - remote_port = 22; - ssh_port = 23; - remote_user = "root"; - remote = "lia.sinanmohd.com"; - }); -} diff --git a/hosts/lia/modules/users.nix b/hosts/lia/modules/users.nix deleted file mode 100644 index 13617ff..0000000 --- a/hosts/lia/modules/users.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: { - users.users."rohit" = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - - packages = with pkgs; [ git htop ]; - openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZcWF1zVyxsCdZ/j+h+RlHZlyhgY2Bky03847bxFNSH rohit@victus" ]; - }; -} diff --git a/hosts/lia/secrets.yaml b/hosts/lia/secrets.yaml deleted file mode 100644 index b2b5218..0000000 --- a/hosts/lia/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -sshfwd: - sinanmohd.com: ENC[AES256_GCM,data:ZB2qbUA4+AcYlIY6IaPf9aUdMV0ltdKveqVSNS2Nhq8h6kWheqWiaXgIK6vuN7oDHKomgVXWaVdxTf6OFvFQHCHMMqtm0KfvSJW+cdORpfZkEZuji5Ob/yQiNllyS8oAw9iT5YdyifLi7XkfD+dHbt+XWLQCMFPirJ8Lz6ynTYxV+N7Pu7yOhfCzPDYfqexW7Ymrjk0PI32OVgo+sE0obnASGW645dP4ydKOZM5xx9NGr/Oao2W5C61qdr2gUCoYQKZXkfItGRfCuWuCeh0ZmbxumS6Q1WeWUW09SY5NN24025TBoZgE+UdJIXuczAQy5wzpXYsDWwBXNod4gAhe76YgLydlYBpBHe6xN6OBgCewHkjCGkirHawmbYxkmJ40L6/lMFPjRmMV7yhj94Vsyx7NAW1H8yKVE/9typXUrIyxbxAOGrwy0TjlGYogAcZ7YYZ+ipmkqNlQ1pliA2Kha+2ZzPG0hV8NKhydNr0cz5ylfL4cQaAXxxg6YHOUYL0DGbfMXMpZKTt47TJcY72RWDaUr2RsmhJ+k2vNBDY3I01n9syWnlk80h2bs1ILJ5Ad3PP8Em8yGaXJLM+3,iv:VoDyy+h3UHL0YJPJ7rbgLTZZzIPCJTD8yBPXNxWjHqo=,tag:zGQXrE066SDMCwgZpC9/Pg==,type:str] - lia.sinanmohd.com: ENC[AES256_GCM,data:d2lDCckpWwMtGu8Ra249NnUVt4OtP7JqtVZG8YD9oLtLmAbTi4kLZnYU+0EN7Fs/Z6dxNaSkYLnvJQO08Hr1AlVT12z2TXoWKHokzgMXYKPIBhioHLXg31BAwC9T/qPraxxzY+Jo6zSuv2RK1Xi6+74w6llE9t/eY1U2nJb9VnmtsB+ae9O5BgkxSkdGL/rhnXZNk9p8OhOcmtOnm6kPHVXG0DzszpvWmalsJE3nPmyxe5zB+7+UFj8rFgcktKRoY0bhN5SOMZfFSly7nRkr3WL2mbaVZgZD2g+kvzanYU64NKF0+rbVdKf9lCgVRMSS5z22QSuKOLuZjLlCRml9y254iIVxfV+BC2Y35QMk+Aa14jlHcRowFN5KxZ3dAeuH8TfVuSg/8gfSXwTMAHTBbEDeVvomD09vmuZoVCckrAZzSEiA8alcxKyaHGw4ZiAb1e+DWRSxDDeS9iibHsKrZgZ/RstRdT2qyqF0prbY+wFbajblGrUZhbIhfkPNe67iiTD7HI0Trg3PcC8Z1m+k/gWlhERpi+74TRzHrN1/dAokLBI/j+9I3YRTWR1qNScEr5RJNZP4UQh2TlH4G//3+0J3PM8Nv0DF7cfuOFpOLrob6SAaSRv3Ctn5ZmQM4Ib8uMluFB3MFkwqD/j67EINR+OD3VShdy6ydrIuaWREejhCR3SHnoZp1OhXTNdVzXwKYwFIkjHNGs3uj4jhW37xA+8zvuuqVZUGaXbbETsgIwPrwpFaPsxORkDREVhLxTtXsuHtzASzV7GfQvtArlM1bk5Ne3S75IeSc3ZnJUuAk5fPWjuHHuMDv7FxddNHctgE/V1gmzA/w3FtfYeaG8K2ZUeh1cCxGmou6aRv7aacAB9AdKeLtzr899VYC4bnPCpWBEMgN3Nqhdo/YR3bW+3pLbV3S1M4O2FxrZHjlgS4sffHMe+kNuzVV1GEpc8xybPIS5AAeWuOankmflf+CWg6fVSinHvlwILjRrK7cMCroypPv2p4dtn4IMaJ6MGQsNzDMF7CN6H3XOmOONsnJ8h/dUL6EwJCW87gp5lC8BXcuE93LgUHAVx9SttygpaAmTIWN48BsJosWbvK5Zw7nCaCce7WtxeUuAKtHdhLsLH7WhfQL5aj3aF8xgDDM3b2qOp6gkNI0q/8L0yEGRRg70c3jAu6ojZVD4iq9hS8ct06jVzLdi4U4jTk53NAGEiMbGiSaHTlmPvjwcV1+RYUut7G/a9YVvAgbtw2TKK00EaCUNHefuzd4oWc0jiMUK8OSH9l9gT5usWXOPeexyNNLWHniMympqVoudQXSj1PEvEixXYZYZ6Vp4LuHsdTtLCsTu17J0/7Ob/PdSGXU+BtJGS+EnLbxMgMHHiWk4hd2z5h64DgC9vrSVHqFvd68gGL91bsKw6rnmtEOcuTdY4DLzP2HSGtN6Erxb52XZrVS+fm4zJO0ZR45bN29NBB1rvhUe//ln+ny6tbgJ/mQ1wJIpXtLMOeBsKZqN2x5eaCw2bFqJE+yOwFFcbwTvuyDSsCeJh40LL0Dypfc5FvYmta8rChNw+MpwC2++T/t2xgGcHpvh0o5WcdbtlUm+7H8PAqsK18DhF9GSLxEpCTS14FT5M3GFNKOYGub+Vt+jCWSPrvnZXCITNdBXR6PD47iyqY1Ot00+f213ZEfVNZayfoxr4I3JzwNLJOvdHdxIza2qAyKW+tm+2N9tp0TtGoHUE2vUc9Cm0rxw84rllywqrehwi9039bS5mn72pRtN06ZnFKQrVrx355PsAyYlQ3VkZ2wpuxVOB2i8ko0ujebgO411XjgOQBeV8lNy02AcduavRNQ5z41rBnbhuj+sI5u8xli4kPrpfqeuLACaT+eWeYSZtCy7qY75BYaguhcqKAvRUfUTMxDUyGBkUySKydcNL3ErVU47jLB8uMm8RFjzkRAEKjraR+1PH8GQ+qhTA3e6ZtzNTZ0i9c2hFT+6vrLZ7gNrpC53s3wrkK43yU5MC8JaSe3mRx9v00EqUaUYOnrJZWs5H6LXj6T2OIhQgaTs6ikvGpY4rRE7lkn2jqQAXf/9aCDuMj9fiWanCXgJ7LFSwuAESLe7CmwdNqOl2cyEns8DuChrAq7zdykBv9VbLYfijlzrD6ezcmHGImNTTG+uX2PifuvK4JphOFbmK0YWGPK6//7gJfNtUMReKuINvPZg1X8U8ayQ8btYjmzIpxJeJ2/NvZ+WoKYewttAZhSHbo75I8K1cBEjUvrevwXmPeYvG+iWYyZkYENx7gGCNGyHpdSEEYBL4QdsgkbQWJDRQ=,iv:t825d9WWByfMZXwrtKs2JBFVoEAoAXfYOBmlhWN45hU=,tag:ZVPiwtKwhdYzh4IQyzeb9Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZzlrOEpXQmdLVyt1MFRS - Q2JUU0N1MVNzLzVLcWhMb25uL3VsLzJrdFRNCnI1OWZFTnpqc056M0RYd3gvS1Nr - N2VEU1kyU3JuYjhhaUtuajg2cjQ4LzQKLS0tIE5qZmlqVGN1WXhZWkw3dGwyNTdF - QTd0V2V3QVVHbnhRUUt6MkRzYm5zeEEKFkqGe6Eg1BEPLqMkxUg56hc+sn0p4KZV - kThyib3g0KsrHpQM05v4CK0h6qlf8HXwvwJVx9tis8Nck1IW3zS8Pw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QzhPYXcxQ0lRS2VwaXQ4 - V3JUVDJyenowSzhFenBKYlBEbGNXTFIxUjFNCjhmWm5aQ1lTcTJidzFiT2J4R2Ux - b2ZjTWQ5WWtOY1BpZHVJYzN4clNlU0kKLS0tIHpBWU5zQWNVTWZ0TTdSNFZodkVq - RG9hL2hlYjdaYTVJWVFlSE4xN1poUHcKe4BPaVEyc3W1hyu0jOQcEdZ1kl2aQLgZ - fHDs4kDeCcfJI/s5Cb/YD3cIp7HB6FBoe7LHiNiJbyJGR0wJecLqxg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-11T16:35:02Z" - mac: ENC[AES256_GCM,data:nsLGZ5wvmj25COI4G3BsS8dzwpa59zs85Ztm4eZaXITAdMjEgfmHR8eHItzchSijH+PRaJH+pZZNN3kpkDeujGYTiOzfc1t2dGA3Vx6XACCNaZs35vmvbB45VV07a5mjw/Wy3k0ZDOcRCHXQOQccaPshUMzU7FkXudm7PkvoyTM=,iv:Rgfaab+egy2/AwlM6ZMVA+7E5cqb/r9mI4ptMit/SKo=,tag:LVSYkTzTxBRAIFxDkB1asA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 -- cgit v1.2.3