Feature/adding jeeves (#112)

* Feature/factorio (#109) * add factorio * add factorio server * add new user * fixed typo * jeeves base * allow jeeves to be built into an ISO Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * server-side fixes * Disable sops on jeeves temporarily Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix flake.nix inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add sops for jeeves * update jeeves age key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * efi variables fix? Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * updating sops * remove alice Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove richie Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * usbguard :( Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove iso from image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add alice zt * restore home-manager Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add jeeves key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * restore original config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * revert canTouchEfiVariables keeping it in line with other servers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed working-config.nix * Get rid of dummy user Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * update lock Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * added plex * initial format Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed lib.mkDefault from PermitRootLogin --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> Co-authored-by: Richie Cahill <richie@tmmworkshop.com>
2024-03-17 21:55:48 -04:00 · 2024-03-17 21:55:48 -04:00 · 9d82282556
commit 9d82282556
parent 438a931a5b
8 changed files with 305 additions and 71 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -4,8 +4,10 @@ keys:
  - &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
  # Generate AGE keys from SSH keys with:
-  #   nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+  #   ssh-keygen -A
  #   nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
  - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
  - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
  - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
 admins: &admins
@ -13,15 +15,21 @@ admins: &admins
  - *admin_richie
 servers: &servers
-  - *palatine-hill
+  - *jeeves
  - *photon
  - *jeeves-jr
  - *palatine-hill
 # add new users by executing: sops users/<user>/secrets.yaml
 # then have someone already in the repo run the below
 #
 # update keys by executing: sops updatekeys secrets.yaml
 creation_rules:
  - path_regex: systems/jeeves/secrets\.yaml$
    key_groups:
      - pgp: *admins
        age:
          - *jeeves
  - path_regex: systems/jeeves-jr/secrets\.yaml$
    key_groups:
      - pgp: *admins
--- a/systems/jeeves/configuration.nix
+++ b/systems/jeeves/configuration.nix
@ -0,0 +1,101 @@
 { pkgs, lib, ... }:
 {
  time.timeZone = "America/New_York";
  console.keyMap = "us";
  networking = {
    hostId = "1beb3027";
    firewall.enable = false;
  };
  boot = {
    zfs.extraPools = [
      "Media"
      "Storage"
      "Torenting"
    ];
    filesystem = "zfs";
    useSystemdBoot = true;
  };
  virtualisation = {
    docker = {
      enable = true;
      recommendedDefaults = true;
      logDriver = "local";
      storageDriver = "overlay2";
      daemon."settings" = {
        experimental = true;
        data-root = "/var/lib/docker";
        exec-opts = [ "native.cgroupdriver=systemd" ];
        log-opts = {
          max-size = "10m";
          max-file = "5";
        };
      };
    };
    podman = {
      enable = true;
      recommendedDefaults = true;
    };
  };
  environment = {
    systemPackages = with pkgs; [ docker-compose ];
    etc = {
      # Creates /etc/lynis/custom.prf
      "lynis/custom.prf" = {
        text = ''
          skip-test=BANN-7126
          skip-test=BANN-7130
          skip-test=DEB-0520
          skip-test=DEB-0810
          skip-test=FIRE-4513
          skip-test=HRDN-7222
          skip-test=KRNL-5820
          skip-test=LOGG-2190
          skip-test=LYNIS
          skip-test=TOOL-5002
        '';
        mode = "0440";
      };
    };
  };
  services = {
    nfs.server.enable = true;
    openssh.ports = [ 629 ];
    plex = {
      enable = true;
      dataDir = "/ZFS/Media/Plex/";
    };
    smartd.enable = true;
    sysstat.enable = true;
    usbguard = {
      enable = false;
      rules = ''
        allow id 1532:0241
      '';
    };
    zfs = {
      trim.enable = true;
      autoScrub.enable = true;
    };
    zerotierone = {
      enable = true;
      joinNetworks = [
        "e4da7455b2ae64ca"
        "52b337794f23c1d4"
      ];
    };
  };
  system.stateVersion = "23.11";
 }
--- a/systems/jeeves/default.nix
+++ b/systems/jeeves/default.nix
@ -0,0 +1,7 @@
 { ... }:
 {
  users = [
    "alice"
    "richie"
  ];
 }
--- a/systems/jeeves/hardware.nix
+++ b/systems/jeeves/hardware.nix
@ -0,0 +1,55 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules = [
    "mpt3sas"
    "nvme"
    "xhci_pci"
    "ahci"
    "uas"
    "usb_storage"
    "usbhid"
    "sd_mod"
    "sr_mod"
  ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/0f78fa87-30be-4173-b0fa-eaa956cf83aa";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/BB77-2647";
    fsType = "vfat";
  };
  swapDevices = [ { device = "/dev/disk/by-uuid/4c797a94-be32-43d3-89ac-7f02912c7cf5"; } ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp38s0f3u2u2c2.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp97s0f0np0.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp97s0f1np1.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp98s0f0.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp98s0f1.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/systems/jeeves/secrets.yaml
+++ b/systems/jeeves/secrets.yaml
@ -0,0 +1,61 @@
 hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTREhIRUd1K3JCM29mVHVv
            d2Q4eFBLWnRUTGEzelZOMS9ScXNyV3ZGbHpNCjNCSEhmTDQ4VUtta0RXdXJUY0da
            Vld5WDlJS3oyWkk5KzUzam9PYXZSa1kKLS0tIHJuaktpU3hnUWEwZzc4eHNjSitI
            bVhXamJyMWMvODUvajk2aDZnQ1k1blEKoNIYxUA+k+DA+1WYq5BSa0iXuQ2Lctuy
            9W7OO2m+QGzjdLLM0uS7WWGXWP2cDDgUGcqozTqM0Oqi2/OY0Bo3Jg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-12-29T20:01:04Z"
    mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str]
    pgp:
        - created_at: "2024-03-02T20:52:17Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA84hNUGIgI/nARAAxQSkqnR75Rd1htAv7esbpmXlrZH+frTL6V4jGoAiqTeF
            TSA46E2nl7rVqPTws74OOb+O5bN3OkHSmmWzIbj6Pc8YnqY4t9N69zoCHtsbI1kn
            FQ4WwUdzofIUMKwF+E31/knyKbf/IjSKTZKcDQmn6QErOdDmsN9/z6+ixLt+rdsz
            lKwMX8axgmwgRsWI1Xhlb1qs4TZxheQQ4A4WYYNB1NhH0ZTIehI+FGe+wHh36UXf
            cY/Z7KRLdozoLsuuAIAoXx/dr3KpwuyKHfp9MdZLzO/tvS9vA1i+tKRXmiDs2uuv
            itCOTrt1H7LEpUfdBYD9ll2mdiRnVzR4DxNnGLPkxsyAglejTxR897DcYFC9xhie
            X6UfKTOIeAGXVUqphp8HB0CEFBW982246kDSKdOI/R3+X4T5fvMpLTb5XvkOlCIi
            JUwXxoq3SA06a8WCS6QH8jLnXrcCKzX1TJh0RzT7/RUvKDN6uxxccxOksMExvgBG
            nqfOcLiCXBzluCseDgmjcW0/arm1d88Kd7ayMv25CX1Py5uRRQOkqqnCdNIk5Yy5
            0R+KyOPeZPThVTE1DhJ3QyF499XMoFjerHyanwIlvkAQtet1k8EKih1KSD9N38ga
            K1HRowhoPMkszsU6+LZYL3MD0aUkfz53b7JvzIxYsfJgztwg3ki0qteEXUNyLMTS
            XgG9xHF63wa7IwBtKgQKX/CVCwpg5EuNfwbACbIQAC9QZ/F6z+Ud2UJkSs94UUF4
            aOGb2P1QFvLbP7m+7TNmvuLT5BDcS2XE0IWRDilkeiFU6ijGW8+iQ5oTzv+TmA0=
            =JbRX
            -----END PGP MESSAGE-----
          fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
        - created_at: "2024-03-02T20:52:17Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA29thaGx06tOARAAm8GMWZxxY1UBYK7p60Hlw2qCOH7KZ5cby8vm9dWz3Tnt
            +YKW2SsRniwY6KaSVvnUuRBY75BF6jahW6+h9Nvhsrsvq680UIaQtO6l6KmtnxHV
            S6vEDmvoFZVWG1xOEGYHVQ+GF9elIwuYrzST1OU3vATMstMxrm0WQJ2lOq7YpuGi
            hNoMK3nMxpmTlT49CYn2sGX3PlNA4qDOVo/fwL5m3lV5mKzJNs7q8IakbPZm6yqR
            wGjfkHq3ZlKnTUC66sBX8yvSoZ2cM6vrYhxgb1Um8z9BKLpAb7Rr9AXB5IUWxSkz
            jXyEi9aDySDxv2HkjP3fE4D5wtC1neS8YsYDBcSsqoXt5sKAs1DOvzLbIOkObH3Y
            uSxozoGJu5CVnBrOpxXdNf1RMnww85uxSAupiLQ2fsC/0AaeGB8dPYIZr/WekWAR
            RF3igqZX7KVRuomUOt9fwJoHnRr1GWCHqYTB3P7/e52JcmCggBRLcnhC/1MKgMtN
            RJh8Uuu9aXCBfR148W+s76xIdVwypPWbk8l911TdL1eRKx+d+kxAa1ugIqihvkBQ
            sGjZltEe0ogAsDpS0Cy/HRH8Yz1Qk2gTh1QZiv865aVVfWu0OTU27TlfCyMQQCkO
            LtBfOWylV6pJG3aaO2QA+4f4ab8flxdg8DrmBlhudzYY2goHIcfe+CdPygrKB/nS
            XgEx1HFw47B1YJxY7FiFgEwnI6/AJuf136u1i484nVYXAr5PtnyaXH7kqVozHouT
            sPkE1v7+EpOIbhEdXQxbSG0AXKomUwu4SJgxSitdTajAQYfHHfTVjdnUqyl8QHw=
            =wX5X
            -----END PGP MESSAGE-----
          fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@ -21,5 +21,7 @@ import ../default.nix {
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfcO9p5opG8Tym6tcLkat6YGCcE6vwg0+V4MTC5WKop alice@parthenon-7588"
    # palatine
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP59pDsx34k2ikrKa0eVacj0APSGivaij3lP9L0Zd9au alice@parthenon-7588"
    # jeeves
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDgkUndkfns6f779T5ckHOVhyOKP8GttQ9RfaO9uJdx alice@parthenon-7588"
  ];
 }
--- a/users/alice/secrets.yaml
+++ b/users/alice/secrets.yaml
@ -6,54 +6,54 @@ sops:
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQjVEMCtsREdCUTBQa21D
            dDFSVnkrbk5hNlo3RkFoTTg3MjBLbE1oaVVrCjltcEQyRlhtWWtCQzlseEtvRks5
            bmpTcUNZeDJ0VEFCa0FyZytIbTZhVGcKLS0tIE8zVld3cnEvR0VtN3d3d2lpWmg0
            enZHM1ZycDQwUS9Ea05QWHdJeGM0UDAKop5M4ubVN+5nfeCS37T4j3FPn+aheo+y
            eIUPSSo8Tzl+b7eNyvj4nrG7zGr+kTJhc2m03FNacadVblQiHXlc+g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1di9UUkxaSVJLcmJyWlNw
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b0FVMHdMWENPTXNZSEJG
-            LzE3R1RKQzd2QkwyV3JGYmF4M093WGpYRTBjCllKdk8rVmwxZEIzMjd1UkFNaFdO
+            SXBOdnhmUWt4QWZCOS9SRFJyNXY2Q1pDS2pJCk5sN25xSm5KVGNsWTlaOWRUaEFY
-            aEJld3BxY25WWTU3R0VDZWlTdUtMb00KLS0tIDBUb2l6dUpOUE9wK1hTMzVFVzlX
+            MXR4RHFaY1RRNEVVSHgweW1LUDlweFUKLS0tIFp1dG5RS05FdXlvTGMwUFdLK3o3
-            NmxVTUkzdEtCMk12ZkN1Y0FwT2xad28K1mhtbCSVeLM6zHTSplvn5V7Jk01zRu0G
+            Y0pCclZFVGZxNlBrdFBocnBoVVNmMm8K7R9LKDLZPQbSU4rRoIKbbI/QWDG2A9V1
-            Mxsd+8RmdJx2mSyz+/XDQIwEL1626y5nlwoJFcNwx0mz+s0MPGJ6yA==
+            3Gour+tJuf/UjYsP/vqmNPzNrCjOu2iJ/WKBvtMJ3CVsJsEEWMuvTA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdWc1YVY3Mk5pSnNGL2Er
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHF2aXErVkJ3ZnhLNWYv
-            OWJWRWN4djN2NlhaRERRaEdqdlVpUkRvUkRnCms1dm80YVZjamZXTndMMFd0S3p6
+            VEZJcTFzUHgvRHloeG1mWnZtdGt5UUNhWkcwCittNzRGQXJ1dkdJaVl0elNtVVFI
-            eGtWSlg4TGNzVk9GZFloNjFlbHF2QVkKLS0tIEdsUHJjNWtVQVpPT1M1SWt5ZVhY
+            Y2dDcFdsK2k3eUhWUEFLYWdwUHRONUkKLS0tIHhrek1RTG1sM2NaakdVZHpDZlk3
-            SWcxei94Y1lReURjVjVDNWNSVEpRaHMK4TrinhjpUeeSfRYPiEyLRL7PsBcAevpU
+            aVhmdXBkbDhrRG9ZaHFVR3FOZUJFejQK6q/JOuoST0zCZzg6C7Se7VzVs9DpSMD4
-            bJorDQi64NeNxI8+yEVPQb+4Uewm5p8LqOFU9otWK6wTPwCRVSmueg==
+            0uddoEsKadtI+II+ozmuc/RkdP4lfymBioW7ka4Wlyap5apzWHd0fg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VW1WUEw0eDlzTkpXdHd5
            R0tXUXJYRG1WeWIxQXUxVGU5NmcyTjd5dzNNCnoxdVpnbThtUFlpN1lSYjdYWHZQ
            UitHd3ExTnZlUWgyZVNTUEdvSmczRzQKLS0tIEVZUml0ejJVOUlJb3RUVGx0V2hJ
            THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI
            UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-02-03T22:20:54Z"
    mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
    pgp:
-        - created_at: "2023-12-29T19:22:00Z"
+        - created_at: "2024-03-02T20:52:45Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
-            hQIMA84hNUGIgI/nARAAkukuQibWzzEQYmvp9z3f7wUq2vDAhAfE247gNaNwJknx
+            hQIMA84hNUGIgI/nARAAr8UXHBCr6C3TrW1g+xLf7Q5XMP1cx2TAId7tCS/Z9R5e
-            sY39C48o6VelCC2aD0VJ3X39t9aUzgKKF5+QEmyM1FMi/ulU5OoLvsAz1SkxaA0Q
+            +Zdzx+WYRuQwKLAYB7MwzVA22DpK8o5FY0kSXQCEziha5HCRMta2XHeprOU1GfK5
-            QDYbCzwzVPNIxjcrdeLnj3GRM47ji9mpsLDWPOuA6ugDE2pp9epOnK9xddPRQs9J
+            jDOqdZK/DOpmqeuaBDhzczgXFR3h5nRQ9YJFcfEVB0JhUmsoLUTR/I9fTUNXPFa7
-            /sEaYprJypETj2Dt9kUsjbm1vWkxtrMb4Zuop1gJ6p6LazeM01GkmGGf1UzkLYAk
+            d6urPxEcLyLqgWR5AxO9xjeia/WObidfYrYaXn+VY4lTx/kwV6Rsm5eThAagmtYP
-            69QK8QF7S93QBXZvZe1xlsabGbd06yZU1AsSVdsd1rp0RxW2gwhYF9OPTwbyCnGh
+            kQqfNn9M68zgf8yQre9piNEktHf0tBhREZycd0xd0EMCM6TbIbisPI3ITqDQPV6c
-            zisT7nB0iPja9ZR2KMAWCgUi4A3xafYpJQg5HOvqrpFT90lKeP9aLm0fGMnB4dwc
+            eglcqcdOqNMjeVVbzQtTglzfKO4M2gquSLR4Kuvt08JH6bhtOGlT1njKfDKGykti
-            5BbT7VK8qI8yHSqtfGexbY9Q0lBIKu5Gx18oFi15RPkqwGisaBtUsSH+OADF4xei
+            +ifHYD8iEk4opYJ1H9fS55E673gJXN1rUZGvAhG+FPz2bW/UAgq0OvdzAdZ+90B9
-            Khhhvzu3Ov+2F4rIIFXt3i+smhpYbpwhk3RLNf0rZ8P3SqsnOnY7mgX1KflIt1Mu
+            fm8vb7F0UdwC8lO6SC2QLiTVzu3wNuh9s//2rwXLmzewkkH+J4wpg6+Kyer/IkrI
-            tVisPtW2mCHl/iZEdlG9N/0TIBQ0cmUyxqFoLO0aTWWmOAjcU6YC5Iwmc0zktTvC
+            D9qak5tRFJcKlfWbn4skH2T7aloFXuJYHcVjAIg7XHjK4PUsHkq1n2lP9VkpQ14w
-            MD+82NGWzc8CbhjtXEXGv5BTQTCFSTe+Ptr8gJscuIeD8SbRTZmdt9rh9s3asiOz
+            zt2Mn9gmtYX8GNwqQeys/BqkHdkVk2VTV6Ge9O0PmIGx2n/3F8iZwNedz324I8HE
-            /xJveWDLeBOR9hkr/ArzmLOd/H1E+Wca9wVZ9ZyuTgp6MPapHrMug6aMO39i/MbS
+            NIbdNR3V94uDRuHAPH4hL+1t9MoEklFbvvMp1Aak/eaw6rvQV/Ore3852pX7xJ7S
-            XgFPlJy8Ouu9F2R3nDhHaz4GDrtSfQibZ4AcchIQPq3tEJSn6IeC46zkNnHY4msL
+            XgH3rCh73zJEq9NuqKux2U4sW47e1J8tFPet5Sfvm7Ra/0fqtf6YbufKNvd9OuXc
-            N0Py3gaPolxCEMMtWNyxL4PqfVBXVV8S47ztae6OPC/21Cc9RPxA81gIqwctDSU=
+            m61xY+IxYwDfxvMLfFKX0GLFyLNmBoiPCLkVZ6Y+UmK3zD2BVbVtDLuVSi/ELV4=
-            =Xf3o
+            =iuPC
            -----END PGP MESSAGE-----
          fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
    unencrypted_suffix: _unencrypted
--- a/users/richie/secrets.yaml
+++ b/users/richie/secrets.yaml
@ -6,54 +6,54 @@ sops:
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd3BFYmVUSStCQWYrRkNq
            T3ZsdE5oWHg3S2pEVkhMSWxZaDI5TjlwNDFrCllXNUUwRDRDTmhXR28xRCtLNFpC
            bkIxRHAzaGZ6S1phYVhzd29yM2ttYXMKLS0tIGpJT2VRWFpWZTdQYnc3ZEp4ODBC
            UDYzeWFrQVVhVmJ0WlRVTThLNitWdlUKwq/H1oVv2WfI9/7ACQuC6f6PJIjKlYMs
            dFF56FwrFIB0wNlCCI0yBqtdd4uEQLypzgEUfo4Aex/+en7E0FJQ5w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZ3lTRWRGb1FHSCtRR21u
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYkFYT2lDamZoME4zenpy
-            ZldONWFsVUYyZGRmSHVkcXFNQzBEbW1IMFFvCnBVblJXdVZQdEhGSnhsbnRWZVVn
+            VTJISkxyYTlpaExPYUpLSm5DYlFtdzlXYmxvClY4SERRTU9JNFV1cUpITnJyOWJt
-            cyszaUszVlY1Y0c1NnlkZ20wSUtGNUkKLS0tIEhzRTV5alJHelI3c1NnbUVaOGZO
+            MEhFcTlVMjROQ0c5SXhEM3VXVVBIdkEKLS0tIC96NnlRUkVDeTRRR0dTdkZaYlAz
-            VEEyemgrVDhvQkhqQjdhYjlHaXd4MmsKW9XvJbDiJ4/eoPb4sGz6/fr7Hr7q3e+6
+            YWRvZnNtRkZFQXd4b0p6dWxNNG1Va2MKoqxCy+O92qiLWxAEIMZ7SCxneBaskPic
-            UNoguO9UgbgXUMmjlBeRJwlMLu91eevct5pPyhrGsJYzar/3jnsnSA==
+            8cBNBEErxhT7ZDrsmkafKIWqRcehnx/V81Dg6sjpBiyC0dlOsrrxBw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TEZwYkJrNjdzVmZDM0xO
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJd3R1V3p5TlgxK3hUUklo
-            REV0NEYvWmNJblNiTmJoOXhYQXNESmFDTVdRCkJYRU9GSk9qZnBiYTF0MEhPQ3hQ
+            aVUyUElobDZzTms1ZkYvck1WQVBtOXVsN0hZCklVSFpNNzA4Y2RWMi9zaWR5eXY5
-            YWNHQ3hPSEVqRnIyTUgxajRBWlZjRXcKLS0tIHVodFJ0RnhsVUwya29IdFFrS2FK
+            ZndOQkxsZUc2aWV6b2dQc2lGeXJyYzgKLS0tIFdod2hCcmFUUm9TUkFNMkNwcGlw
-            dmJ1MDZURzlzaUR4d29SSTc1SE5hVFkK+KKi1PiXNMa98otrLO87k3JmHSc37Dvv
+            U3NhQXJFVGNjSUVRUTNHd0ZnbEhVNFUKGMV1GYP89MKoXScKONQK7oSftaUixB82
-            IAZDB6umTlyYulfh1TQuC5GXXKEVBm8Bu3plk3Wi9uNoiC+nnXflBg==
+            c2PjqP79M1BNAE+wKqAVFaVk5jvC4BnCQQOr3yMPIx1zXSl/NiO5Tw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQem9YOTVhdzM0QzRVSWI2
            dERHMmR4Z1FMV0UyaE84S0RZdVhQOEhibVdBCmtCbnhkb3JPeUdrMDhVVXU1M01q
            dTZpdmV5WjUyaENCNmxYUkMxVjdLWFEKLS0tIERHWFdSM2l0cUcrWHNGV1lTMkhj
            Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD
            2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-02-03T22:08:10Z"
    mac: ENC[AES256_GCM,data:KUhn+0srLHqmHVPYuJV8L5CClgSABxvknaZ7DZQU8goQ9CpM6LIdys+VdsbOYPAcO/lVSzgtjX3/umuDDsJbAEwTXoJZWITCVNYXJDNvYSDke5ZSrl/xq9UugJHyvzX9HOnKXkLsxNU+VrA9EBUfrTWoYnaz+NPes9com1efvqY=,iv:GV5eIFNJuQPJliSOOb2ebkjX99WHbOtSjl1kHrAnTyc=,tag:iuFqrBbQk4ruk733pxDgoA==,type:str]
    pgp:
-        - created_at: "2023-12-29T19:12:08Z"
+        - created_at: "2024-03-02T20:56:31Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
-            hQIMA29thaGx06tOAQ//bMYIEq2Iwerw6y06vvpC1GPCr+lqe96ascw8MRxzObYJ
+            hQIMA29thaGx06tOARAAgGlssc+0daeG/iX1ijzvqNRDAGYm9v3tY0h05ML1tPIb
-            DMW/ZK/BoTFDjIKcUfrKDUj/RU+qX2Q3YMYn5mzDWozLoquJLUDU9iMnD0hhjYmE
+            XbhUanxAdNjtM5G9oFr+fULmqjg+nRkL+/OWj8gdTNGSgcsq4uFQhs4dB+O7PV3y
-            nayUvXH8r+mqqOA7hhhNoFim0QkVUNjdZaZ46k6iD6a3PYp1Hn/Lpc53kgnsYxxh
+            NsdFgVkKIqI21OIm73/6UOzNiNFofEPGNqXAx5JEw5CaHSjjJ8Dcn3JWgiuOLNKy
-            p/Qf5glo5IuShZAbgZHyLyj02YKTzPmItKX1Z5/nAx4oMjstv4eCABCauNM5QRoQ
+            GlXsxJh9VZGqlOCwo7LJnrzRvsiQ5lOe4n8W5VvkzkwN+MYHujftmoSbhJFK1ctm
-            f9HAUVJql3gce2CFbot28DG8zYwJKhcatfa2PjIYIb6xSpMg4VRCOM/UWRyqdes4
+            DIvRy3JCYdT7ZXGRHUIONuXKh18G4DiWiRuSGnsDhYfdR2qEWiRtIorNafASgQVd
-            C79QTovTE9+lbP3UBZXGPuHKwRrcbtLUIQYyujNrooXuymWAbzzrR8WmTHQRfuEt
+            P2FslPOiETKxg9awgREf2zviw+Uu6an+enrQ08rgKhxGriSZWQBluy9bw3Ms5okG
-            ui6lwJzbxuRcnNF/fIZ2YUCRIlEzGkpJ3PvAqFBLT8Q3GuD8bVfcuulE4EwTTaYq
+            MF2VojCOFloXURP8qOYRH1msml3v6wI80EC2n3CzB+fw5k/9kocohCi7OyysFY97
-            R/yRtOPRkXdYfLlc1WRzVSg/uRZyNSZXhMD+BUiXxDY1hdMnJ2Z9xBLB0fP+Edd7
+            3aZJVfAtmV/gijZPoQqQMo7ggczE65oNgCO6B1Ocr7syL/WRsFCMG1wA+OGwjegk
-            yGEbDO16EswZ4gJZviCPs4hWdB/kOKQAvREKomUBUN+d6uEgVGFM3y8xzLfqZUx9
+            5Wyui6w+SysJnroVldNMdeq2i5GR4h4vLMNAEXq1vUkZ/A//FLGmBZRxr/YClRTR
-            qHspGEpRxSJQruNt//hAFy8bQZCRaWS23Dn+YR95IiZKZIt4dipTaiZWRZXdN3TN
+            2MPmAwhs2Z3nnKxKWu+wHJBNgxchg9hjQybT61QGk3h5Z6vUTcUnMNtmnIxG8E/0
-            X18vR6fkbVLLlGzl5a/+PCV7N8tdPSD77IvgV3KzVG42XFG2CcJ1ut8l7zmmWTbS
+            FxNEe94ZS1Z4Tg4cfaWkoyfVQ22L237ZXJ9aIBlxS1sa9Zu3x8jCRt+4PIKq4MHS
-            XgHj8lYLbFh2cWBFb/F1dqnHeJ/tTSzTsqyn8jV8f7jKeieUBNMNHugTYDYzeY5j
+            XgGIZLXnGYzS1BCqT+qCjCiYOJSDbUYd5B9X+XoJOr67Ma0e7QpK7QJgdc3dwJdS
-            bvrR4yhICJVYCVNaeRA04cFG0k3/krujqVJ2S5FDd3C25qdT5sJ2sBBcDman3hE=
+            EWcEa0ZEGwNgiokddk3WRZhKwplhqZ5H4QFAXAskCKGMKMAgnrm8iEzLKH3bsaQ=
-            =d8jh
+            =0c1K
            -----END PGP MESSAGE-----
          fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
    unencrypted_suffix: _unencrypted