diff --git a/.sops.yaml b/.sops.yaml index 3f88fea..aaa2737 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,8 +4,10 @@ keys: - &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 # Generate AGE keys from SSH keys with: - # nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' + # ssh-keygen -A + # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh admins: &admins @@ -13,15 +15,21 @@ admins: &admins - *admin_richie servers: &servers - - *palatine-hill - - *photon + - *jeeves - *jeeves-jr + - *palatine-hill # add new users by executing: sops users//secrets.yaml # then have someone already in the repo run the below # # update keys by executing: sops updatekeys secrets.yaml creation_rules: + - path_regex: systems/jeeves/secrets\.yaml$ + key_groups: + - pgp: *admins + age: + - *jeeves + - path_regex: systems/jeeves-jr/secrets\.yaml$ key_groups: - pgp: *admins diff --git a/systems/jeeves/configuration.nix b/systems/jeeves/configuration.nix new file mode 100644 index 0000000..5dba4c1 --- /dev/null +++ b/systems/jeeves/configuration.nix @@ -0,0 +1,101 @@ +{ pkgs, lib, ... }: +{ + time.timeZone = "America/New_York"; + console.keyMap = "us"; + networking = { + hostId = "1beb3027"; + firewall.enable = false; + }; + + boot = { + zfs.extraPools = [ + "Media" + "Storage" + "Torenting" + ]; + filesystem = "zfs"; + useSystemdBoot = true; + }; + + virtualisation = { + docker = { + enable = true; + recommendedDefaults = true; + logDriver = "local"; + storageDriver = "overlay2"; + daemon."settings" = { + experimental = true; + data-root = "/var/lib/docker"; + exec-opts = [ "native.cgroupdriver=systemd" ]; + log-opts = { + max-size = "10m"; + max-file = "5"; + }; + }; + }; + + podman = { + enable = true; + recommendedDefaults = true; + }; + }; + + environment = { + systemPackages = with pkgs; [ docker-compose ]; + etc = { + # Creates /etc/lynis/custom.prf + "lynis/custom.prf" = { + text = '' + skip-test=BANN-7126 + skip-test=BANN-7130 + skip-test=DEB-0520 + skip-test=DEB-0810 + skip-test=FIRE-4513 + skip-test=HRDN-7222 + skip-test=KRNL-5820 + skip-test=LOGG-2190 + skip-test=LYNIS + skip-test=TOOL-5002 + ''; + mode = "0440"; + }; + }; + }; + + services = { + nfs.server.enable = true; + + openssh.ports = [ 629 ]; + + plex = { + enable = true; + dataDir = "/ZFS/Media/Plex/"; + }; + + smartd.enable = true; + + sysstat.enable = true; + + usbguard = { + enable = false; + rules = '' + allow id 1532:0241 + ''; + }; + + zfs = { + trim.enable = true; + autoScrub.enable = true; + }; + + zerotierone = { + enable = true; + joinNetworks = [ + "e4da7455b2ae64ca" + "52b337794f23c1d4" + ]; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/systems/jeeves/default.nix b/systems/jeeves/default.nix new file mode 100644 index 0000000..01f0304 --- /dev/null +++ b/systems/jeeves/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + users = [ + "alice" + "richie" + ]; +} diff --git a/systems/jeeves/hardware.nix b/systems/jeeves/hardware.nix new file mode 100644 index 0000000..5a125d0 --- /dev/null +++ b/systems/jeeves/hardware.nix @@ -0,0 +1,55 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "mpt3sas" + "nvme" + "xhci_pci" + "ahci" + "uas" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/0f78fa87-30be-4173-b0fa-eaa956cf83aa"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/BB77-2647"; + fsType = "vfat"; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/4c797a94-be32-43d3-89ac-7f02912c7cf5"; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp38s0f3u2u2c2.useDHCP = lib.mkDefault true; + # networking.interfaces.enp97s0f0np0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp97s0f1np1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp98s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp98s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/systems/jeeves/secrets.yaml b/systems/jeeves/secrets.yaml new file mode 100644 index 0000000..b6826ee --- /dev/null +++ b/systems/jeeves/secrets.yaml @@ -0,0 +1,61 @@ +hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTREhIRUd1K3JCM29mVHVv + d2Q4eFBLWnRUTGEzelZOMS9ScXNyV3ZGbHpNCjNCSEhmTDQ4VUtta0RXdXJUY0da + Vld5WDlJS3oyWkk5KzUzam9PYXZSa1kKLS0tIHJuaktpU3hnUWEwZzc4eHNjSitI + bVhXamJyMWMvODUvajk2aDZnQ1k1blEKoNIYxUA+k+DA+1WYq5BSa0iXuQ2Lctuy + 9W7OO2m+QGzjdLLM0uS7WWGXWP2cDDgUGcqozTqM0Oqi2/OY0Bo3Jg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-29T20:01:04Z" + mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str] + pgp: + - created_at: "2024-03-02T20:52:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA84hNUGIgI/nARAAxQSkqnR75Rd1htAv7esbpmXlrZH+frTL6V4jGoAiqTeF + TSA46E2nl7rVqPTws74OOb+O5bN3OkHSmmWzIbj6Pc8YnqY4t9N69zoCHtsbI1kn + FQ4WwUdzofIUMKwF+E31/knyKbf/IjSKTZKcDQmn6QErOdDmsN9/z6+ixLt+rdsz + lKwMX8axgmwgRsWI1Xhlb1qs4TZxheQQ4A4WYYNB1NhH0ZTIehI+FGe+wHh36UXf + cY/Z7KRLdozoLsuuAIAoXx/dr3KpwuyKHfp9MdZLzO/tvS9vA1i+tKRXmiDs2uuv + itCOTrt1H7LEpUfdBYD9ll2mdiRnVzR4DxNnGLPkxsyAglejTxR897DcYFC9xhie + X6UfKTOIeAGXVUqphp8HB0CEFBW982246kDSKdOI/R3+X4T5fvMpLTb5XvkOlCIi + JUwXxoq3SA06a8WCS6QH8jLnXrcCKzX1TJh0RzT7/RUvKDN6uxxccxOksMExvgBG + nqfOcLiCXBzluCseDgmjcW0/arm1d88Kd7ayMv25CX1Py5uRRQOkqqnCdNIk5Yy5 + 0R+KyOPeZPThVTE1DhJ3QyF499XMoFjerHyanwIlvkAQtet1k8EKih1KSD9N38ga + K1HRowhoPMkszsU6+LZYL3MD0aUkfz53b7JvzIxYsfJgztwg3ki0qteEXUNyLMTS + XgG9xHF63wa7IwBtKgQKX/CVCwpg5EuNfwbACbIQAC9QZ/F6z+Ud2UJkSs94UUF4 + aOGb2P1QFvLbP7m+7TNmvuLT5BDcS2XE0IWRDilkeiFU6ijGW8+iQ5oTzv+TmA0= + =JbRX + -----END PGP MESSAGE----- + fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 + - created_at: "2024-03-02T20:52:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA29thaGx06tOARAAm8GMWZxxY1UBYK7p60Hlw2qCOH7KZ5cby8vm9dWz3Tnt + +YKW2SsRniwY6KaSVvnUuRBY75BF6jahW6+h9Nvhsrsvq680UIaQtO6l6KmtnxHV + S6vEDmvoFZVWG1xOEGYHVQ+GF9elIwuYrzST1OU3vATMstMxrm0WQJ2lOq7YpuGi + hNoMK3nMxpmTlT49CYn2sGX3PlNA4qDOVo/fwL5m3lV5mKzJNs7q8IakbPZm6yqR + wGjfkHq3ZlKnTUC66sBX8yvSoZ2cM6vrYhxgb1Um8z9BKLpAb7Rr9AXB5IUWxSkz + jXyEi9aDySDxv2HkjP3fE4D5wtC1neS8YsYDBcSsqoXt5sKAs1DOvzLbIOkObH3Y + uSxozoGJu5CVnBrOpxXdNf1RMnww85uxSAupiLQ2fsC/0AaeGB8dPYIZr/WekWAR + RF3igqZX7KVRuomUOt9fwJoHnRr1GWCHqYTB3P7/e52JcmCggBRLcnhC/1MKgMtN + RJh8Uuu9aXCBfR148W+s76xIdVwypPWbk8l911TdL1eRKx+d+kxAa1ugIqihvkBQ + sGjZltEe0ogAsDpS0Cy/HRH8Yz1Qk2gTh1QZiv865aVVfWu0OTU27TlfCyMQQCkO + LtBfOWylV6pJG3aaO2QA+4f4ab8flxdg8DrmBlhudzYY2goHIcfe+CdPygrKB/nS + XgEx1HFw47B1YJxY7FiFgEwnI6/AJuf136u1i484nVYXAr5PtnyaXH7kqVozHouT + sPkE1v7+EpOIbhEdXQxbSG0AXKomUwu4SJgxSitdTajAQYfHHfTVjdnUqyl8QHw= + =wX5X + -----END PGP MESSAGE----- + fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/users/alice/default.nix b/users/alice/default.nix index 867d153..fa87e4f 100644 --- a/users/alice/default.nix +++ b/users/alice/default.nix @@ -21,5 +21,7 @@ import ../default.nix { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfcO9p5opG8Tym6tcLkat6YGCcE6vwg0+V4MTC5WKop alice@parthenon-7588" # palatine "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP59pDsx34k2ikrKa0eVacj0APSGivaij3lP9L0Zd9au alice@parthenon-7588" + # jeeves + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDgkUndkfns6f779T5ckHOVhyOKP8GttQ9RfaO9uJdx alice@parthenon-7588" ]; } diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 0aac289..ec84259 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -6,54 +6,54 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQjVEMCtsREdCUTBQa21D + dDFSVnkrbk5hNlo3RkFoTTg3MjBLbE1oaVVrCjltcEQyRlhtWWtCQzlseEtvRks5 + bmpTcUNZeDJ0VEFCa0FyZytIbTZhVGcKLS0tIE8zVld3cnEvR0VtN3d3d2lpWmg0 + enZHM1ZycDQwUS9Ea05QWHdJeGM0UDAKop5M4ubVN+5nfeCS37T4j3FPn+aheo+y + eIUPSSo8Tzl+b7eNyvj4nrG7zGr+kTJhc2m03FNacadVblQiHXlc+g== + -----END AGE ENCRYPTED FILE----- - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1di9UUkxaSVJLcmJyWlNw - LzE3R1RKQzd2QkwyV3JGYmF4M093WGpYRTBjCllKdk8rVmwxZEIzMjd1UkFNaFdO - aEJld3BxY25WWTU3R0VDZWlTdUtMb00KLS0tIDBUb2l6dUpOUE9wK1hTMzVFVzlX - NmxVTUkzdEtCMk12ZkN1Y0FwT2xad28K1mhtbCSVeLM6zHTSplvn5V7Jk01zRu0G - Mxsd+8RmdJx2mSyz+/XDQIwEL1626y5nlwoJFcNwx0mz+s0MPGJ6yA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b0FVMHdMWENPTXNZSEJG + SXBOdnhmUWt4QWZCOS9SRFJyNXY2Q1pDS2pJCk5sN25xSm5KVGNsWTlaOWRUaEFY + MXR4RHFaY1RRNEVVSHgweW1LUDlweFUKLS0tIFp1dG5RS05FdXlvTGMwUFdLK3o3 + Y0pCclZFVGZxNlBrdFBocnBoVVNmMm8K7R9LKDLZPQbSU4rRoIKbbI/QWDG2A9V1 + 3Gour+tJuf/UjYsP/vqmNPzNrCjOu2iJ/WKBvtMJ3CVsJsEEWMuvTA== -----END AGE ENCRYPTED FILE----- - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdWc1YVY3Mk5pSnNGL2Er - OWJWRWN4djN2NlhaRERRaEdqdlVpUkRvUkRnCms1dm80YVZjamZXTndMMFd0S3p6 - eGtWSlg4TGNzVk9GZFloNjFlbHF2QVkKLS0tIEdsUHJjNWtVQVpPT1M1SWt5ZVhY - SWcxei94Y1lReURjVjVDNWNSVEpRaHMK4TrinhjpUeeSfRYPiEyLRL7PsBcAevpU - bJorDQi64NeNxI8+yEVPQb+4Uewm5p8LqOFU9otWK6wTPwCRVSmueg== - -----END AGE ENCRYPTED FILE----- - - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VW1WUEw0eDlzTkpXdHd5 - R0tXUXJYRG1WeWIxQXUxVGU5NmcyTjd5dzNNCnoxdVpnbThtUFlpN1lSYjdYWHZQ - UitHd3ExTnZlUWgyZVNTUEdvSmczRzQKLS0tIEVZUml0ejJVOUlJb3RUVGx0V2hJ - THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI - UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHF2aXErVkJ3ZnhLNWYv + VEZJcTFzUHgvRHloeG1mWnZtdGt5UUNhWkcwCittNzRGQXJ1dkdJaVl0elNtVVFI + Y2dDcFdsK2k3eUhWUEFLYWdwUHRONUkKLS0tIHhrek1RTG1sM2NaakdVZHpDZlk3 + aVhmdXBkbDhrRG9ZaHFVR3FOZUJFejQK6q/JOuoST0zCZzg6C7Se7VzVs9DpSMD4 + 0uddoEsKadtI+II+ozmuc/RkdP4lfymBioW7ka4Wlyap5apzWHd0fg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-03T22:20:54Z" mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str] pgp: - - created_at: "2023-12-29T19:22:00Z" + - created_at: "2024-03-02T20:52:45Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA84hNUGIgI/nARAAkukuQibWzzEQYmvp9z3f7wUq2vDAhAfE247gNaNwJknx - sY39C48o6VelCC2aD0VJ3X39t9aUzgKKF5+QEmyM1FMi/ulU5OoLvsAz1SkxaA0Q - QDYbCzwzVPNIxjcrdeLnj3GRM47ji9mpsLDWPOuA6ugDE2pp9epOnK9xddPRQs9J - /sEaYprJypETj2Dt9kUsjbm1vWkxtrMb4Zuop1gJ6p6LazeM01GkmGGf1UzkLYAk - 69QK8QF7S93QBXZvZe1xlsabGbd06yZU1AsSVdsd1rp0RxW2gwhYF9OPTwbyCnGh - zisT7nB0iPja9ZR2KMAWCgUi4A3xafYpJQg5HOvqrpFT90lKeP9aLm0fGMnB4dwc - 5BbT7VK8qI8yHSqtfGexbY9Q0lBIKu5Gx18oFi15RPkqwGisaBtUsSH+OADF4xei - Khhhvzu3Ov+2F4rIIFXt3i+smhpYbpwhk3RLNf0rZ8P3SqsnOnY7mgX1KflIt1Mu - tVisPtW2mCHl/iZEdlG9N/0TIBQ0cmUyxqFoLO0aTWWmOAjcU6YC5Iwmc0zktTvC - MD+82NGWzc8CbhjtXEXGv5BTQTCFSTe+Ptr8gJscuIeD8SbRTZmdt9rh9s3asiOz - /xJveWDLeBOR9hkr/ArzmLOd/H1E+Wca9wVZ9ZyuTgp6MPapHrMug6aMO39i/MbS - XgFPlJy8Ouu9F2R3nDhHaz4GDrtSfQibZ4AcchIQPq3tEJSn6IeC46zkNnHY4msL - N0Py3gaPolxCEMMtWNyxL4PqfVBXVV8S47ztae6OPC/21Cc9RPxA81gIqwctDSU= - =Xf3o + hQIMA84hNUGIgI/nARAAr8UXHBCr6C3TrW1g+xLf7Q5XMP1cx2TAId7tCS/Z9R5e + +Zdzx+WYRuQwKLAYB7MwzVA22DpK8o5FY0kSXQCEziha5HCRMta2XHeprOU1GfK5 + jDOqdZK/DOpmqeuaBDhzczgXFR3h5nRQ9YJFcfEVB0JhUmsoLUTR/I9fTUNXPFa7 + d6urPxEcLyLqgWR5AxO9xjeia/WObidfYrYaXn+VY4lTx/kwV6Rsm5eThAagmtYP + kQqfNn9M68zgf8yQre9piNEktHf0tBhREZycd0xd0EMCM6TbIbisPI3ITqDQPV6c + eglcqcdOqNMjeVVbzQtTglzfKO4M2gquSLR4Kuvt08JH6bhtOGlT1njKfDKGykti + +ifHYD8iEk4opYJ1H9fS55E673gJXN1rUZGvAhG+FPz2bW/UAgq0OvdzAdZ+90B9 + fm8vb7F0UdwC8lO6SC2QLiTVzu3wNuh9s//2rwXLmzewkkH+J4wpg6+Kyer/IkrI + D9qak5tRFJcKlfWbn4skH2T7aloFXuJYHcVjAIg7XHjK4PUsHkq1n2lP9VkpQ14w + zt2Mn9gmtYX8GNwqQeys/BqkHdkVk2VTV6Ge9O0PmIGx2n/3F8iZwNedz324I8HE + NIbdNR3V94uDRuHAPH4hL+1t9MoEklFbvvMp1Aak/eaw6rvQV/Ore3852pX7xJ7S + XgH3rCh73zJEq9NuqKux2U4sW47e1J8tFPet5Sfvm7Ra/0fqtf6YbufKNvd9OuXc + m61xY+IxYwDfxvMLfFKX0GLFyLNmBoiPCLkVZ6Y+UmK3zD2BVbVtDLuVSi/ELV4= + =iuPC -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 unencrypted_suffix: _unencrypted diff --git a/users/richie/secrets.yaml b/users/richie/secrets.yaml index ea03d2c..da48359 100644 --- a/users/richie/secrets.yaml +++ b/users/richie/secrets.yaml @@ -6,54 +6,54 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd3BFYmVUSStCQWYrRkNq + T3ZsdE5oWHg3S2pEVkhMSWxZaDI5TjlwNDFrCllXNUUwRDRDTmhXR28xRCtLNFpC + bkIxRHAzaGZ6S1phYVhzd29yM2ttYXMKLS0tIGpJT2VRWFpWZTdQYnc3ZEp4ODBC + UDYzeWFrQVVhVmJ0WlRVTThLNitWdlUKwq/H1oVv2WfI9/7ACQuC6f6PJIjKlYMs + dFF56FwrFIB0wNlCCI0yBqtdd4uEQLypzgEUfo4Aex/+en7E0FJQ5w== + -----END AGE ENCRYPTED FILE----- - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZ3lTRWRGb1FHSCtRR21u - ZldONWFsVUYyZGRmSHVkcXFNQzBEbW1IMFFvCnBVblJXdVZQdEhGSnhsbnRWZVVn - cyszaUszVlY1Y0c1NnlkZ20wSUtGNUkKLS0tIEhzRTV5alJHelI3c1NnbUVaOGZO - VEEyemgrVDhvQkhqQjdhYjlHaXd4MmsKW9XvJbDiJ4/eoPb4sGz6/fr7Hr7q3e+6 - UNoguO9UgbgXUMmjlBeRJwlMLu91eevct5pPyhrGsJYzar/3jnsnSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYkFYT2lDamZoME4zenpy + VTJISkxyYTlpaExPYUpLSm5DYlFtdzlXYmxvClY4SERRTU9JNFV1cUpITnJyOWJt + MEhFcTlVMjROQ0c5SXhEM3VXVVBIdkEKLS0tIC96NnlRUkVDeTRRR0dTdkZaYlAz + YWRvZnNtRkZFQXd4b0p6dWxNNG1Va2MKoqxCy+O92qiLWxAEIMZ7SCxneBaskPic + 8cBNBEErxhT7ZDrsmkafKIWqRcehnx/V81Dg6sjpBiyC0dlOsrrxBw== -----END AGE ENCRYPTED FILE----- - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TEZwYkJrNjdzVmZDM0xO - REV0NEYvWmNJblNiTmJoOXhYQXNESmFDTVdRCkJYRU9GSk9qZnBiYTF0MEhPQ3hQ - YWNHQ3hPSEVqRnIyTUgxajRBWlZjRXcKLS0tIHVodFJ0RnhsVUwya29IdFFrS2FK - dmJ1MDZURzlzaUR4d29SSTc1SE5hVFkK+KKi1PiXNMa98otrLO87k3JmHSc37Dvv - IAZDB6umTlyYulfh1TQuC5GXXKEVBm8Bu3plk3Wi9uNoiC+nnXflBg== - -----END AGE ENCRYPTED FILE----- - - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQem9YOTVhdzM0QzRVSWI2 - dERHMmR4Z1FMV0UyaE84S0RZdVhQOEhibVdBCmtCbnhkb3JPeUdrMDhVVXU1M01q - dTZpdmV5WjUyaENCNmxYUkMxVjdLWFEKLS0tIERHWFdSM2l0cUcrWHNGV1lTMkhj - Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD - 2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJd3R1V3p5TlgxK3hUUklo + aVUyUElobDZzTms1ZkYvck1WQVBtOXVsN0hZCklVSFpNNzA4Y2RWMi9zaWR5eXY5 + ZndOQkxsZUc2aWV6b2dQc2lGeXJyYzgKLS0tIFdod2hCcmFUUm9TUkFNMkNwcGlw + U3NhQXJFVGNjSUVRUTNHd0ZnbEhVNFUKGMV1GYP89MKoXScKONQK7oSftaUixB82 + c2PjqP79M1BNAE+wKqAVFaVk5jvC4BnCQQOr3yMPIx1zXSl/NiO5Tw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-03T22:08:10Z" mac: ENC[AES256_GCM,data:KUhn+0srLHqmHVPYuJV8L5CClgSABxvknaZ7DZQU8goQ9CpM6LIdys+VdsbOYPAcO/lVSzgtjX3/umuDDsJbAEwTXoJZWITCVNYXJDNvYSDke5ZSrl/xq9UugJHyvzX9HOnKXkLsxNU+VrA9EBUfrTWoYnaz+NPes9com1efvqY=,iv:GV5eIFNJuQPJliSOOb2ebkjX99WHbOtSjl1kHrAnTyc=,tag:iuFqrBbQk4ruk733pxDgoA==,type:str] pgp: - - created_at: "2023-12-29T19:12:08Z" + - created_at: "2024-03-02T20:56:31Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA29thaGx06tOAQ//bMYIEq2Iwerw6y06vvpC1GPCr+lqe96ascw8MRxzObYJ - DMW/ZK/BoTFDjIKcUfrKDUj/RU+qX2Q3YMYn5mzDWozLoquJLUDU9iMnD0hhjYmE - nayUvXH8r+mqqOA7hhhNoFim0QkVUNjdZaZ46k6iD6a3PYp1Hn/Lpc53kgnsYxxh - p/Qf5glo5IuShZAbgZHyLyj02YKTzPmItKX1Z5/nAx4oMjstv4eCABCauNM5QRoQ - f9HAUVJql3gce2CFbot28DG8zYwJKhcatfa2PjIYIb6xSpMg4VRCOM/UWRyqdes4 - C79QTovTE9+lbP3UBZXGPuHKwRrcbtLUIQYyujNrooXuymWAbzzrR8WmTHQRfuEt - ui6lwJzbxuRcnNF/fIZ2YUCRIlEzGkpJ3PvAqFBLT8Q3GuD8bVfcuulE4EwTTaYq - R/yRtOPRkXdYfLlc1WRzVSg/uRZyNSZXhMD+BUiXxDY1hdMnJ2Z9xBLB0fP+Edd7 - yGEbDO16EswZ4gJZviCPs4hWdB/kOKQAvREKomUBUN+d6uEgVGFM3y8xzLfqZUx9 - qHspGEpRxSJQruNt//hAFy8bQZCRaWS23Dn+YR95IiZKZIt4dipTaiZWRZXdN3TN - X18vR6fkbVLLlGzl5a/+PCV7N8tdPSD77IvgV3KzVG42XFG2CcJ1ut8l7zmmWTbS - XgHj8lYLbFh2cWBFb/F1dqnHeJ/tTSzTsqyn8jV8f7jKeieUBNMNHugTYDYzeY5j - bvrR4yhICJVYCVNaeRA04cFG0k3/krujqVJ2S5FDd3C25qdT5sJ2sBBcDman3hE= - =d8jh + hQIMA29thaGx06tOARAAgGlssc+0daeG/iX1ijzvqNRDAGYm9v3tY0h05ML1tPIb + XbhUanxAdNjtM5G9oFr+fULmqjg+nRkL+/OWj8gdTNGSgcsq4uFQhs4dB+O7PV3y + NsdFgVkKIqI21OIm73/6UOzNiNFofEPGNqXAx5JEw5CaHSjjJ8Dcn3JWgiuOLNKy + GlXsxJh9VZGqlOCwo7LJnrzRvsiQ5lOe4n8W5VvkzkwN+MYHujftmoSbhJFK1ctm + DIvRy3JCYdT7ZXGRHUIONuXKh18G4DiWiRuSGnsDhYfdR2qEWiRtIorNafASgQVd + P2FslPOiETKxg9awgREf2zviw+Uu6an+enrQ08rgKhxGriSZWQBluy9bw3Ms5okG + MF2VojCOFloXURP8qOYRH1msml3v6wI80EC2n3CzB+fw5k/9kocohCi7OyysFY97 + 3aZJVfAtmV/gijZPoQqQMo7ggczE65oNgCO6B1Ocr7syL/WRsFCMG1wA+OGwjegk + 5Wyui6w+SysJnroVldNMdeq2i5GR4h4vLMNAEXq1vUkZ/A//FLGmBZRxr/YClRTR + 2MPmAwhs2Z3nnKxKWu+wHJBNgxchg9hjQybT61QGk3h5Z6vUTcUnMNtmnIxG8E/0 + FxNEe94ZS1Z4Tg4cfaWkoyfVQ22L237ZXJ9aIBlxS1sa9Zu3x8jCRt+4PIKq4MHS + XgGIZLXnGYzS1BCqT+qCjCiYOJSDbUYd5B9X+XoJOr67Ma0e7QpK7QJgdc3dwJdS + EWcEa0ZEGwNgiokddk3WRZhKwplhqZ5H4QFAXAskCKGMKMAgnrm8iEzLKH3bsaQ= + =0c1K -----END PGP MESSAGE----- fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 unencrypted_suffix: _unencrypted