lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'beefcake-revival'
Some checks failed
/ check (push) Failing after 3m41s
Details

Browse source
This commit is contained in:
Daniel Flanagan 2024-09-06 17:01:05 -05:00
commit 0984c7aef0
13 changed files with 1355 additions and 1010 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.sops.yaml
View file

@ -1,6 +1,7 @@
keys:
# after updating this, you will need to `sops updatekeys secrets.file` for any files that need the new key(s)
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7 # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
creation_rules:
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
key_groups:

257
disko/default.nix
View file

@ -1,4 +1,6 @@
{
{lib, ...}: let
inherit (lib.attrsets) mapAttrs' filterAttrs;
in {
standardWithHibernateSwap = {
disks ? ["/dev/sda"],
swapSize,
@ -138,67 +140,7 @@
};
};
};
# TODO: figure out what I can't have an optiona/default 'name' attribute here so I can DRY with "standard"
thinker = {disks ? ["/dev/vda"], ...}: {
disko.devices = {
disk = {
vdb = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = ["--allow-discards"];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
keyFile = "/tmp/secret.key"; # Interactive
# settings.keyFile = "/tmp/password.key";
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
};
};
unencrypted = {disks ? ["/dev/vda"], ...}: {
disko.devices = {
disk = {
@ -249,6 +191,197 @@
};
};
};
beefcake = let
zpools = {
zroot = {
# TODO: at the time of writing, disko does not support draid6
# so I'm building/managing the array manually for the time being
# the root pool is just a single disk right now
name = "zroot";
config = {
type = "zpool";
# mode = "draid6";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
datasets = {
zfs_fs = {
type = "zfs_fs";
mountpoint = "/zfs_fs";
options."com.sun:auto-snapshot" = "true";
};
zfs_unmounted_fs = {
type = "zfs_fs";
options.mountpoint = "none";
};
zfs_legacy_fs = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/zfs_legacy_fs";
};
zfs_testvolume = {
type = "zfs_volume";
size = "10M";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/ext4onzfs";
};
};
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///tmp/secret.key";
};
# use this to read the key during boot
# postCreateHook = ''
# zfs set keylocation="prompt" "zroot/$name";
# '';
};
"encrypted/test" = {
type = "zfs_fs";
mountpoint = "/zfs_crypted";
};
};
};
};
zstorage = {
# PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c
# sudo zfs create -o mountpoint=legacy zstorage/nix
# sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage
name = "zstorage";
config = {};
};
};
diskClass = {
storage = {
type = "zfs";
pool = zpools.zroot.name;
};
boot = {
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = zpools.zroot.name;
};
};
};
};
};
};
bootDisks = {
"/dev/sdi" = {
name = "i";
enable = true;
};
"/dev/sdj" = {
name = "j";
enable = true;
}; # TODO: join current boot drive to new boot pool
};
storageDisks = {
"/dev/sda" = {
enable = true;
name = "a";
};
"/dev/sdb" = {
enable = true;
name = "b";
};
"/dev/sdc" = {
enable = true;
name = "c";
};
"/dev/sdd" = {
enable = true;
name = "d";
};
# TODO: start small
"/dev/sde" = {
enable = false;
name = "e";
};
"/dev/sdf" = {
enable = false;
name = "f";
};
"/dev/sdg" = {
enable = false;
name = "g";
};
"/dev/sdh" = {
enable = false;
name = "h";
};
# gap for two boot drives
"/dev/sdk" = {
enable = false;
name = "k";
};
"/dev/sdl" = {
enable = false;
name = "l";
};
"/dev/sdm" = {
enable = false;
name = "m";
};
"/dev/sdn" = {
# TODO: this is my holding cell for random stuff right now
enable = false;
name = "n";
};
};
diskoBoot = mapAttrs' (device: {name, ...}: {
name = "boot-${name}";
value = {
inherit device;
type = "disk";
content = diskClass.boot.content;
};
}) (filterAttrs (_: {enable, ...}: enable) bootDisks);
diskoStorage = mapAttrs' (device: {name, ...}: {
name = "storage-${name}";
value = {
inherit device;
type = "disk";
content = diskClass.storage.content;
};
}) (filterAttrs (_: {enable, ...}: enable) storageDisks);
in {
disko.devices = {
disk = diskoBoot // diskoStorage;
zpool = {
zroot = zpools.zroot.config;
};
};
};
legacy = {disks ? ["/dev/vda"], ...}: {
disko.devices = {
disk = {

30
flake.nix
View file

@ -49,7 +49,7 @@
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0="
"h.lyte.dev-2:te9xK/GcWPA/5aXav8+e5RHImKYMug8hIIbhHsKPN0M="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
};
@ -107,7 +107,7 @@
# overlay I did this to work around some recursion problems
# TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
diskoConfigurations = import ./disko;
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
templates = import ./templates;
formatter = genPkgs (p: p.alejandra);
@ -221,6 +221,8 @@
final.helix = helix;
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
# source: https://github.com/wez/wezterm/issues/3771
# not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
# I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
wezterm = wezterm-input.outputs.packages.${prev.system}.default;
final.wezterm = wezterm;
};
@ -250,21 +252,27 @@
modules = with nixosModules; [
home-manager-defaults
# TODO: disko?
hardware.nixosModules.common-cpu-intel
outputs.nixosModules.deno-netlify-ddns-client
{
services.deno-netlify-ddns-client = {
enable = true;
username = "beefcake.h";
# TODO: router doesn't even do ipv6 yet...
ipv6 = false;
};
}
common
podman
troubleshooting-tools
linux
fonts
./nixos/beefcake.nix
{
time = {
timeZone = "America/Chicago";
};
services.smartd.enable = true;
services.fwupd.enable = true;
}
];
};
@ -338,6 +346,7 @@
hardware.nixosModules.common-pc-ssd
common
gaming
graphical-workstation
./nixos/htpc.nix
@ -535,6 +544,7 @@
home-manager-defaults
hardware.nixosModules.common-cpu-amd
common
linux
./nixos/rascal.nix
];
};

2
modules/home-manager/default.nix
View file

@ -1249,7 +1249,7 @@
# docs: https://wezfurlong.org/wezterm/config/appearance.html#defining-your-own-colors
programs.wezterm = with colors.withHashPrefix; {
enable = true;
package = pkgs.wezterm;
# package = pkgs.wezterm;
extraConfig = builtins.readFile ./wezterm/config.lua;
colorSchemes = {
catppuccin-mocha-sapphire = {

2
modules/home-manager/wezterm/config.lua
View file

@ -22,6 +22,8 @@ config.window_background_opacity = 1.0
config.enable_kitty_keyboard = true
config.show_new_tab_button_in_tab_bar = true
-- config.front_end = "WebGpu"
local function tab_title(tab_info)
local title = tab_info.tab_title
if title and #title > 0 then

2
modules/nixos/default.nix
View file

@ -11,6 +11,8 @@
pubkey,
overlays,
}: {
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
fallback-hostname = {lib, ...}: {
networking.hostName = lib.mkDefault "set-a-hostname-dingus";
};

87
modules/nixos/deno-netlify-ddns-client.nix Normal file
View file

@ -0,0 +1,87 @@
{
lib,
config,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkOption types mkIf;
inherit (lib.strings) optionalString;
cfg = config.services.deno-netlify-ddns-client;
in {
options.services.deno-netlify-ddns-client = {
enable = mkEnableOption "Enable the deno-netlify-ddns client.";
username = mkOption {
type = types.str;
};
passwordFile = mkOption {
type = types.str;
};
endpoint = mkOption {
type = types.str;
default = "https://netlify-ddns.deno.dev";
};
ipv4 = mkOption {
type = types.bool;
default = true;
};
ipv6 = mkOption {
type = types.bool;
default = true;
};
requestTimeout = mkOption {
type = types.int;
description = "The maximum number of seconds before the HTTP request times out.";
default = 30;
};
afterBootTime = mkOption {
type = types.str;
description = "A systemd.timers timespan. This option corresponds to the OnBootSec field in the timerConfig.";
default = "5m";
};
every = mkOption {
type = types.str;
description = "A systemd.timers timespan. This option corresponds to the OnUnitActiveSec field in the timerConfig.";
default = "5m";
};
};
config = {
systemd.timers.deno-netlify-ddns-client = {
enable = mkIf cfg.enable true;
after = ["network.target"];
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = cfg.afterBootTime;
OnUnitActiveSec = cfg.every;
Unit = "deno-netlify-ddns-client.service";
};
};
systemd.services.deno-netlify-ddns-client = {
enable = mkIf cfg.enable true;
after = ["network.target"];
script = ''
set -eu
password="$(cat "${cfg.passwordFile}")"
${optionalString cfg.ipv4 ''
${pkgs.curl}/bin/curl -4 -s \
-X POST \
--max-time ${toString cfg.requestTimeout} \
-u "${cfg.username}:''${password}" \
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records"
''}
${optionalString cfg.ipv6 ''
${pkgs.curl}/bin/curl -6 -s \
-X POST \
--max-time ${toString cfg.requestTimeout} \
-u "${cfg.username}:''${password}" \
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records"
''}
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
};
}

1856
nixos/beefcake.nix
View file

File diff suppressed because it is too large Load diff

11
nixos/htpc.nix
View file

@ -27,6 +27,17 @@
swapDevices = [];
hardware.bluetooth = {
enable = true;
# package = pkgs.bluez;
settings = {
General = {
AutoConnect = true;
MultiProfile = "multiple";
};
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
nixos/rascal.nix
View file

@ -28,11 +28,13 @@
users.users = {
beefcake = {
# used for restic backups
# TODO: can this be a system user?
isNormalUser = true;
openssh.authorizedKeys.keys =
config.users.users.daniel.openssh.authorizedKeys.keys
++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
];
};
@ -60,5 +62,7 @@
};
};
services.tailscale.useRoutingFeatures = "server";
system.stateVersion = "24.05";
}

7
nixos/router.nix
View file

@ -337,7 +337,7 @@ in {
ConfigureWithoutCarrier = true;
# IPv6AcceptRA = false;
IPv6SendRA = true;
DHCPPrefixDelegation = true;
DHCPv6PrefixDelegation = true;
};
};
@ -406,7 +406,10 @@ in {
cache-size = "10000";
dhcp-range = with dhcp_lease_space; ["${interfaces.lan.name},${min},${max},${netmask},24h"];
dhcp-range = with dhcp_lease_space; [
"${interfaces.lan.name},${min},${max},${netmask},24h"
"::,constructor:${interfaces.lan.name},ra-stateless,ra-names,4h"
];
except-interface = interfaces.wan.name;
interface = interfaces.lan.name;
dhcp-host =

3
readme.md
View file

@ -1,6 +1,7 @@
# Nix
[![build status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-flake-check.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-flake-check.yaml)
[![flake check status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-flake-check.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-flake-check.yaml)
[![build status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-build.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-build.yaml)
My grand, declarative, and unified application, service, environment, and
machine configuration, secret, and package management in a single flake. ❤️ ❄️

37
secrets/beefcake/secrets.yml
View file

@ -1,5 +1,6 @@
hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str]
example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str]
more: ENC[AES256_GCM,data:wO/uSxU=,iv:eaLvLUWwyntTMkWrRMlOEpxGCffZy0VxPCizVD0Rmrk=,tag:xr9gwa2Jz1cF0XYUNzoA9g==,type:str]
#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment]
example_array:
- ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str]
@ -8,15 +9,21 @@ example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweT
example_booleans:
- ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool]
- ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool]
nix-cache-priv-key: ENC[AES256_GCM,data:ClVXffaK6MPQGAizjY7WcQ/PWmihkFgudLzVdWVnnp9R/GcgHjDB5RBBKqxa7pBlEM+Bvh6VrK/2AXxAC73JUhJxK44s7PaJBgBvdLk04c1abAgIT1idC0DL1izIbsGOqB+SweQ=,iv:KU2o20Vv0Ob3D+WIpJNRHCBd+FhuCKiGKaiTkGXJfKI=,tag:ZG+WF2YBeI+ZnCNIEWUXTQ==,type:str]
nix-cache-pub-key: ENC[AES256_GCM,data:E03CllQyoFO1/Ts6RCEuHZlHqLpd4OZ4nLDs+TlLEbY16mEBG3lFJnqAattmiJb41EjDUmiv1RqU,iv:SZbSMvRU2PC8/t4PS24EU9nVhYgrgKvJ0dfYTtW7YkM=,tag:5rmu6a0wPPkcB3JGnFF+7w==,type:str]
plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str]
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
netlify-ddns-password: ENC[AES256_GCM,data:mz9MS93ZPbtziwo56DP27q5ZgA1rgCptQpgTPrq2Ihc3KjSxSACJ6p6t8NjRPr4lSDLPzDa47OnRct/N4fcm5Q==,iv:upOh9S0wvTXBwfso3GhQzpl5befY0T0hTW/LGNcvv0k=,tag:/LNP0wIaxtExulV0blVkXA==,type:str]
#ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment]
forgejo-runner.env: ENC[AES256_GCM,data:10wKRImXKS7ezcWnkwz7ak194snQ4wG8GBePeHXN1I23JfOvuD00427fOJ4jbCY=,iv:8jrmcXa2yqFTSf4fFnZXCuyGft90RzUO3S4rZGXaTDI=,tag:EGDqTK8GKBGfogkqkCODxg==,type:str]
forgejo-runner.env: ENC[AES256_GCM,data:x4EaDzK4W34ZEZ/Inakore2YABZf8e7TBBjoC6xTPZ9GBrSZCE85FOcHAmMXPDo=,iv:bNGOsLnhxnlC/opCKT1DSsGoWdmgJ8NgEPY3ySlN108=,tag:Ijp3qHBSdv6EDaZdomJhAA==,type:str]
jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str]
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
restic-rascal-passphrase: ENC[AES256_GCM,data:yonKbBh4riGwxc/qcj8F/qrgAtA1sWhYejw9rdOTdCNW3a7zL/Ny1+XCI/P3bMOsY6UTmg/gxA2itp4cSbvqjg==,iv:5GwaEExn7b3dIkCVehLxaBXW+nUuSexY/bcqfCUwF5Q=,tag:dinyyw2XeVoSnw/IsYfK0w==,type:str]
restic-rascal-ssh-private-key: ENC[AES256_GCM,data:ddsOs0XsayyQI9qc6LzwQpdDnfwNpbj8PbBJ5fyuqtlVNYndeLxaYcbZI2ULSUhgR1tN0FS+ggGTHQhVvjwksNvpskUGHNKkSLKH3D/mn5N9tsoeAblN4gZsloZdqXBVzEehumcQMdhh6iy6NkNbuinKrVKDhLV25PrFKuSBEYw9VHU7HAMW5Tfop3RzBXjZWETCDAR2OQa7d1dXsJ0Kw6b9RFmRe5MGQ0J7YhjdTg26JGMMVSeHvr5UbiUJkGA5RvOLEDM2Dfai7Lf8yRPZVxUl+rdRsNvNYEoYGu5rGLUFcuqIbQ+s40dP2uXwWauwkIvHUjEahkbP0httj4Kg3qIJBRPg7OuS+MOwAnLEAs3hl5zeBV396yA9qjWW8nhnbml58/uFFbfXbJWTM3r8cMpFbHKD+Ojo/99fm5Vy3pAMzNzEsHOaT+iyDYyNkV5OH1GyKK9n7kIRLdqmWe7GmaKXlwVvNUPi3RvLX9VXq83a4BuupFyTmaNfPGMs/17830aleV674+QVgKh3VyFtuJy6KBpMXDv16wFo,iv:S2I3h6pmKLxEc29E0zn2b8lscqA//5/ZMTV9q+/tdvs=,tag:ALeCT+nrVPDfS21xC555sA==,type:str]
restic-ssh-priv-key-benland: ENC[AES256_GCM,data:G+uiYZTvqXhpJb66j6Q6S+otlXeRX0CdYeMHzSMjIbvbI0AVm0yCU7COO5/O8i47NpvrKKS1kVxVEK8ixLRUowkl3hgRXhxsBIPFnpkMD0ENmJttm4HOpi0qIWMwzPYTjkz/slY4HcTFnCfYy1ZpURQdWwZsr1EdAA05bUMTtM22R3uOMzjO8uf72PCWX7yffo8MxsLmWvNVAOhVlrb2H5KQNR/IquFK3TFoZitq5nVDG9tcEFkX+lgA3zsmCHU/2DvvodgeRoltaAFvgjVznNGf4e5p8owHUtSzX52HwGZRiUlMuhpre2gm1r73n8AyZe41II+LX/85fMfZDdyayIGv3AAMBib8H0/AoChexRcdLQEmzOgRrXsgucDJrWSWP6WMBVyamUm79m5ep0fvL1lJftuJqN0uuq9dBrispdso4x+6jk/pDf5pEM/FE6s1rY832BEb7q0PnjyvVogOez+cIihmMpDdnS0A/8TFzg29i3C+93x5vrt3k7atNzR/jN+/GqX2FKLzxWrrIw2d,iv:IP+N8JQu+XRvwTtBnxu54ujzU5UliltXG3mk9HfJaN8=,tag:4oinE9QMaSh8IfUd/ttM3Q==,type:str]
sops:
kms: []
gcp_kms: []
@ -26,23 +33,23 @@ sops:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY
WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY
UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1
N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8
06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybllGUkNqb3JBMFI2UHpL
R1BVNlRRSkFLYTJzUnRLZktNcVdJN1BPZVdFClNOQnRjOWh2Nk0xcHROQTlTQ1VF
RXJhdUpYS1hyZ2RHRnhrcU5IQ2VwakUKLS0tIFMyN3VNWkpmTTVkT05HK2hjbzBK
U1lZeUVmSHkxTjNsUVF4OGRYZklva2sKMKFZ0ohdeMGl3HamOjlccaFCrhtIpxGH
44wCRW1zIjOLrieTbUba/ejdQoMb7GgSXBzHZqxy/sE4CvgHLS/iBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
- recipient: age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY
NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V
c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQY3EyYUlMSmZYNlpZUU9u
QW5hL1RZajJ2MmJ6WTJ5YWVEZ0g4ZEMzcjFNCkNRSlRTT2FyTUlSMkVNNU1adjdL
dkpGS3ZwVDhlVkduVC82TlFiWHZ5RG8KLS0tIEgxcENVMS8rTFAzejE2bjJGOTIx
bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-24T16:34:28Z"
mac: ENC[AES256_GCM,data:/zOixu65MHMRj5hermm6mmkpS5q97yEwALP+LwC6j9NIXxL2nIFB+jqQtiyMwlErB1Vf5cZvH3PA1sOqHnPOsv5p58S5Ww7eIHb4ElPXufGLqhA6sTiz1RrlWwUqtDtR42V3kql6Hro57PXV+NZ6NEnvzHKct9S30OCOWWtGwTs=,iv:JTF5u4rva9PgLAG2ysTz+pA4wTRq5WJR7xJZNGbciUA=,tag:0X0NlvxBoaELANxp/vwnnw==,type:str]
lastmodified: "2024-09-06T21:22:57Z"
mac: ENC[AES256_GCM,data:suoBGuZnfZpo55g+sq6MXDvecwhhWRS9gtTlCvnWmSvWT+K8TFXHcz9cLZT5U2N4ueSYJovRoKPoAv9rKgtLHSSg+JKI0b0cErQge75970bTbeMKMl+SJmYF0T0ht5+8n5zjhnQjVo2mHmJJI1IekumsoNJ9+F6USPBidiK0uNU=,iv:7dMsEnXylvn0vVfmU9pQt1BgrqfKdSyoBbNTUZ782Uo=,tag:E3u9LVcdTKa7mjAxQ/m9rw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0