From 82d82d00a485f6e90c43610ca2c662edaca16b3f Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Wed, 28 May 2025 12:02:55 +0300 Subject: [PATCH] feat: add new host 'blueshift' --- .sops.yaml | 7 ++ flake.nix | 12 +++ hosts/blueshift/backups.nix | 78 +++++++++++++++ hosts/blueshift/default.nix | 165 ++++++++++++++++++++++++++++++++ hosts/blueshift/disk-config.nix | 112 ++++++++++++++++++++++ hosts/blueshift/services.nix | 83 ++++++++++++++++ secrets/blueshift/marzban.env | 14 +++ secrets/blueshift/nginx.yaml | 28 ++++++ secrets/rustic.yaml | 34 ++++--- 9 files changed, 518 insertions(+), 15 deletions(-) create mode 100644 hosts/blueshift/backups.nix create mode 100644 hosts/blueshift/default.nix create mode 100644 hosts/blueshift/disk-config.nix create mode 100644 hosts/blueshift/services.nix create mode 100644 secrets/blueshift/marzban.env create mode 100644 secrets/blueshift/nginx.yaml diff --git a/.sops.yaml b/.sops.yaml index 61c2063..3ce319b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,14 +1,21 @@ keys: - &ataraxia age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el - &redshift age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f + - &blueshift age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - *ataraxia - *redshift + - *blueshift - path_regex: secrets/redshift/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - *ataraxia - *redshift + - path_regex: secrets/blueshift/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *ataraxia + - *blueshift diff --git a/flake.nix b/flake.nix index 4daf44a..e82721f 100644 --- a/flake.nix +++ b/flake.nix @@ -99,6 +99,10 @@ useHomeManager = false; }; # VPS + blueshift = { + system = "x86_64-linux"; + useHomeManager = false; + }; redshift = { system = "x86_64-linux"; useHomeManager = false; @@ -211,6 +215,14 @@ "32323" ]; }; + blueshift = { + hostname = "45.134.48.174"; + fastConnection = false; + sshOpts = [ + "-p" + "32323" + ]; + }; } ); }; diff --git a/hosts/blueshift/backups.nix b/hosts/blueshift/backups.nix new file mode 100644 index 0000000..0d2589d --- /dev/null +++ b/hosts/blueshift/backups.nix @@ -0,0 +1,78 @@ +{ + config, + lib, + inputs, + secretsDir, + ... +}: +{ + imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ]; + + sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml; + sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml; + services.rustic.backups = + let + label = "vps-containers"; + in + rec { + vps-backup = { + backup = true; + prune = false; + initialize = false; + pruneOpts = [ "--repack-cacheable-only=false" ]; + environmentFile = config.sops.secrets.rustic-backups-s3-env.path; + timerConfig = { + OnCalendar = "01:00"; + Persistent = true; + }; + settings = { + repository = { + repository = "opendal:s3"; + password-file = config.sops.secrets.rustic-vps-pass.path; + options = { + root = label; + bucket = "ataraxia-rustic-backups"; + region = "eu-central-003"; + endpoint = "https://s3.eu-central-003.backblazeb2.com"; + }; + }; + repository.options = { + timeout = "5min"; + retry = "10"; + }; + backup = { + host = config.networking.hostName; + label = label; + ignore-devid = true; + group-by = "label"; + skip-identical-parent = true; + snapshots = [ + { + sources = [ + "/var/lib/tailscale" + "/srv/marzban" + ]; + } + ]; + }; + forget = { + filter-labels = [ label ]; + group-by = "label"; + prune = true; + keep-daily = 4; + keep-weekly = 2; + keep-monthly = 1; + }; + }; + }; + vps-prune = lib.recursiveUpdate vps-backup { + backup = false; + prune = true; + createWrapper = false; + timerConfig = { + OnCalendar = "Mon, 02:00"; + Persistent = true; + }; + }; + }; +} diff --git a/hosts/blueshift/default.nix b/hosts/blueshift/default.nix new file mode 100644 index 0000000..f1812c9 --- /dev/null +++ b/hosts/blueshift/default.nix @@ -0,0 +1,165 @@ +{ + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + + ./backups.nix + ./disk-config.nix + ./services.nix + ]; + + ataraxia.defaults.role = "server"; + # Impermanence + ataraxia.filesystems.btrfs.enable = true; + ataraxia.filesystems.btrfs.eraseOnBoot.enable = true; + ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/vda4"; + ataraxia.filesystems.btrfs.eraseOnBoot.waitForDevice = + "sys-devices-pci0000:00-0000:00:06.0-virtio2-block-vda.device"; + ataraxia.filesystems.btrfs.eraseOnBoot.eraseVolumes = [ + { + vol = "rootfs"; + blank = "rootfs-blank"; + } + { + vol = "homefs"; + blank = "homefs-blank"; + } + ]; + ataraxia.filesystems.btrfs.mountpoints = [ + "/home" + "/nix" + "/persist" + "/srv" + "/var/lib/containers" + "/var/lib/docker" + "/var/lib/libvirt" + "/var/lib/podman" + "/var/log" + ]; + + ataraxia.defaults.ssh.ports = [ 32323 ]; + ataraxia.network = { + enable = true; + enableIPv6 = false; + domain = "ro.ataraxiadev.com"; + ifname = "enp0s3"; + mac = "00:16:3e:e3:cd:40"; + bridge.enable = true; + ipv4 = { + address = "45.134.48.174/24"; + gateway = "45.134.48.1"; + dns = [ + "9.9.9.9" + "149.112.112.112" + ]; + }; + }; + + services.qemuGuest.enable = lib.mkForce true; + # I don't want to specify all required kernel modules + # manually. For now at least + security.lockKernelModules = lib.mkForce false; + # scudo memalloc often borks everything + environment.memoryAllocator.provider = lib.mkForce "libc"; + + boot = { + initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "vfat" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ "kvm-intel" ]; + kernelParams = [ + "scsi_mod.use_blk_mq=1" + "kvm.ignore_msrs=1" + "kvm.report_ignored_msrs=0" + # Allow access to rescue mode with locked root user + # "rd.systemd.unit=rescue.target" + "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" + ]; + kernel.sysctl = { + "vm.swappiness" = 50; + "vm.vfs_cache_pressure" = 200; + "vm.dirty_background_ratio" = 1; + "vm.dirty_ratio" = 40; + "vm.page-cluster" = 0; + # proxy tuning + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.ipv4.tcp_slow_start_after_idle" = 0; + "net.core.default_qdisc" = "cake"; + "net.core.rmem_max" = 67108864; + "net.core.wmem_max" = 67108864; + "net.core.netdev_max_backlog" = 10000; + "net.core.somaxconn" = 4096; + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_tw_reuse" = 1; + "net.ipv4.tcp_fin_timeout" = 30; + "net.ipv4.tcp_keepalive_time" = 1200; + "net.ipv4.tcp_keepalive_probes" = 5; + "net.ipv4.tcp_keepalive_intvl" = 30; + "net.ipv4.tcp_max_syn_backlog" = 8192; + "net.ipv4.tcp_max_tw_buckets" = 5000; + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_mem" = "25600 51200 102400"; + "net.ipv4.udp_mem" = "25600 51200 102400"; + "net.ipv4.tcp_rmem" = "4096 87380 67108864"; + "net.ipv4.tcp_wmem" = "4096 65536 67108864"; + "net.ipv4.tcp_mtu_probing" = 1; + }; + loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + }; + supportedFilesystems = [ + "vfat" + "btrfs" + ]; + }; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs.kitty) terminfo; + inherit (pkgs) + bat + bottom + comma + git + micro + nix-index + pwgen + rsync + ; + }; + services.fail2ban = { + enable = true; + maxretry = 3; + bantime = "2h"; + bantime-increment = { + enable = true; + maxtime = "72h"; + overalljails = true; + }; + ignoreIP = [ + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + ]; + jails = { + sshd.settings = { + backend = "systemd"; + mode = "aggressive"; + }; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/blueshift/disk-config.nix b/hosts/blueshift/disk-config.nix new file mode 100644 index 0000000..44398cc --- /dev/null +++ b/hosts/blueshift/disk-config.nix @@ -0,0 +1,112 @@ +{ inputs, ... }: +{ + imports = [ inputs.disko.nixosModules.disko ]; + + disko.devices.disk.disk1 = + let + device = "/dev/vda"; + defaultMountOpts = [ + "compress=zstd" + "noatime" + "autodefrag" + "ssd" + ]; + in + { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + swap = { + name = "swap"; + size = "1G"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + postCreateHook = '' + mount -t btrfs ${device}4 /mnt + btrfs subvolume snapshot -r /mnt/rootfs /mnt/snapshots/rootfs-blank + btrfs subvolume snapshot -r /mnt/homefs /mnt/snapshots/homefs-blank + btrfs subvolume snapshot -r /mnt/persist/docker /mnt/snapshots/docker-blank + btrfs subvolume snapshot -r /mnt/persist/podman /mnt/snapshots/podman-blank + btrfs subvolume snapshot -r /mnt/persist/containers /mnt/snapshots/containers-blank + btrfs subvolume snapshot -r /mnt/persist/libvirt /mnt/snapshots/libvirt-blank + btrfs subvolume snapshot -r /mnt/persist/log /mnt/snapshots/log-blank + btrfs subvolume snapshot -r /mnt/persist/impermanence /mnt/snapshots/impermanence-blank + btrfs subvolume snapshot -r /mnt/persist/srv /mnt/snapshots/srv-blank + umount /mnt + ''; + subvolumes = { + "/snapshots" = { }; + "/rootfs" = { + mountpoint = "/"; + mountOptions = defaultMountOpts; + }; + "/homefs" = { + mountpoint = "/home"; + mountOptions = defaultMountOpts; + }; + "/persist" = { }; + "/persist/nix" = { + mountpoint = "/nix"; + mountOptions = defaultMountOpts; + }; + "/persist/srv" = { + mountpoint = "/srv"; + mountOptions = defaultMountOpts; + }; + "/persist/docker" = { + mountpoint = "/var/lib/docker"; + mountOptions = defaultMountOpts; + }; + "/persist/podman" = { + mountpoint = "/var/lib/podman"; + mountOptions = defaultMountOpts; + }; + "/persist/containers" = { + mountpoint = "/var/lib/containers"; + mountOptions = defaultMountOpts; + }; + "/persist/libvirt" = { + mountpoint = "/var/lib/libvirt"; + mountOptions = defaultMountOpts; + }; + "/persist/log" = { + mountpoint = "/var/log"; + mountOptions = defaultMountOpts; + }; + "/persist/impermanence" = { + mountpoint = "/persist"; + mountOptions = defaultMountOpts; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/blueshift/services.nix b/hosts/blueshift/services.nix new file mode 100644 index 0000000..28ace6b --- /dev/null +++ b/hosts/blueshift/services.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + pkgs, + secretsDir, + ... +}: +let + cert-key = config.sops.secrets."cert.key".path; + cert-pem = config.sops.secrets."cert.pem".path; + nginx-conf = config.sops.secrets."nginx.conf".path; + marzban-env = config.sops.secrets.marzban.path; + cfgOcis = config.services.ocis; +in +{ + # Tailscale exit-node + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + + # Empty ocis in front + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + services.ocis.enable = true; + services.ocis.url = "https://ro.ataraxiadev.com"; + services.ocis.configDir = "/var/lib/ocis/config"; + systemd.services.ocis.serviceConfig.ReadOnlyPaths = lib.mkForce [ ]; + systemd.services.ocis.serviceConfig.ExecStartPre = pkgs.writeShellScript "ocis-init" '' + ${lib.getExe cfgOcis.package} init --force-overwrite --insecure true --config-path ${config.services.ocis.configDir} + ''; + + # Marzban + sops.secrets = + let + nginx = { + sopsFile = secretsDir + /blueshift/nginx.yaml; + restartUnits = [ "podman-nginx.service" ]; + }; + marzban = { + format = "dotenv"; + sopsFile = secretsDir + /blueshift/marzban.env; + restartUnits = [ "podman-marzban.service" ]; + }; + in + { + "cert.key" = nginx; + "cert.pem" = nginx; + "nginx.conf" = nginx; + inherit marzban; + }; + + virtualisation.oci-containers.containers = { + marzban = { + autoStart = true; + # Tags: v0.8.4 + image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d"; + environmentFiles = [ marzban-env ]; + extraOptions = [ "--network=host" ]; + volumes = [ + "/srv/marzban:/var/lib/marzban" + ]; + }; + nginx = { + autoStart = true; + # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21 + image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665"; + extraOptions = [ "--network=host" ]; + volumes = [ + "${cert-key}:/etc/ssl/certs/cf-cert.key:ro" + "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro" + "${nginx-conf}:/etc/nginx/nginx.conf:ro" + ]; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -" + "d /srv/marzban 0755 root root -" + ]; +} diff --git a/secrets/blueshift/marzban.env b/secrets/blueshift/marzban.env new file mode 100644 index 0000000..2c6bfa6 --- /dev/null +++ b/secrets/blueshift/marzban.env @@ -0,0 +1,14 @@ +SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str] +SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str] +#ENC[AES256_GCM,data:P0rsl7K5MZceskgE/JrUlB7vTlKh0kP5Al1lH1CBUZKeVVGdbfW/VOy6CkNo8QuOUQqkzWocH0TNKzSEBw8et6s=,iv:uxHc50I95zeI/jkC60HOfzgftDBxdQM1/wqb8emrTSc=,tag:JaeHm9KAbh/KS+TIRrfWlw==,type:comment] +#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment] +SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str] +XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcjN4RnZMSVdUS2Roa2lF\nZ3ZqR3lkaXM1akVNMEoxNFdkY0ZRWUFNZ0N3CnVKQzh0a3VoM0FPcUhvRnVReHBo\nTzlPTXlaQnUzV2g2Y0FPeTRvUUEwZTgKLS0tIE93ckcwd2wvMkVabk5jdmVLcjlS\nTmROQmh3Z2Z3SDdZSG9nUm9JU3E1c1EKENphb+Ngw6WZwQ+rsAJgPLneZmxcb8l8\nEzmaRXh2lwYkiGOruOaaEOhXzXzpMPclnugSb4q+lvM9b+GyhlU9Gg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTTVRTzlFenZDN0F5bjhw\ncS9MTGNsWk1OWTVubW5qSDc5aU1IMVg2M2pvCkt1dVMya2dzRWl6KzZIb2ZDaVBR\nMzQrVmlPdElTUXRMMXRQQmpmN09oZm8KLS0tIFdJSDQ2L01kdmFZOThYdzVYajND\nM0RjUDRLRzZUVEFkNjgvKzJiR2J2VkEKH9gMwOaPiHRYmitiS455/tEQpDQcmDbI\n1BHIBm5EL4VAzmrqXToZ2P2oU2kpQjjTzORlkboosrlK6cQ7xp94xg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x +sops_lastmodified=2024-02-27T16:26:33Z +sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/secrets/blueshift/nginx.yaml b/secrets/blueshift/nginx.yaml new file mode 100644 index 0000000..bfe175c --- /dev/null +++ b/secrets/blueshift/nginx.yaml @@ -0,0 +1,28 @@ +cert.key: ENC[AES256_GCM,data:taP6QrBQ/PjsDOgbPynp2YBZWe5eXq4PV6bWRvARzYwCzdSufoJB8V6v0lh9GHUtQxxeVWoU6kJsb55i5zMayZgXm+/BE73f0QHSsdhV4I6tKUaD3JhxSXHbveaHqD4ukqNV3H5qrdHy+FyWq0EcGMDU/bUQppSyU3XkwzbnbRGuwRqCfOWyhwZb9z+9IpFcFcgIJL+qkUqaytCidzorVRcE0y08It6CnbLEbcPwnBlRFJGQAMc87GX6+ZzOj656DO7Dy5I8fwgVz02IclGNKRY4w/GNpaexmNMxK9nESWgGUXGNwWqWsZb3zECo45xUvhI3Ea0Gd/Z4RkCp3ijfa/mXcVuMKc4I1w6E3qaidVXCI5sI0USwo1X2Flod+gOhekdXmiPXB+ZOYC9FR9lKJt5+NUxAc4XonioWttUOI/5FW8TicNMOxx+QrIXwSFTTVYIto6zCOWajptXiWUSi8JlxAV38HXhGG9R5SUob368ZsAeiC/y5VH4y0cWnRA8R80Xs+yQlm6pyTUESgpFFXgZckPZGf5aay9pNdjw5UTOn1raQlpRmKrNpKKkHbpBnHJE4zdhaE7gsSpETm3ofaS4Ds6pqB3FIXRBLVwdyxdgCnOJiGGfPuiHoaLVlgxCtGjXZbU0YPEb7GqR0MPHfapEXU3yKG2Y27T3lXas6wePrKXaLcJIIe2xghnp/Ej55uGVdDnVQRc0cXTgREUZF2J0aeVuTDNoeSOD4k6xYwtAOZ3aWvtGxsEd0YKAtkGnQM/xdSVT10GkXzH3vBeDa6UZ6dmA5TgS5OXbEK4KS9lFoqyLIB7XgTFTZdGhmi59oMyU+kLoXiZfBrTtLCUansT6PLDm9ZgPyhDbuFCc4hE6VBPIzmEkW2B472TClc57A6fppowbHnsGs6/GZL9gSZnsaMmUJB3lLj9cpeqJLqXGmluNy/I9sVEqMwcLL0PuSSqfcPXfhIhFJGrphYT9mVSys2xHLwg1nOe1nETZuedY2PTXnZnpB5x8QxeoedCBR7tbM8M2ma9ZzwJJoDY2ZxL4ix3WOCKPNS625NHxNDrPyG1SGMK7ZIYwNUNWhqMSKre5pmS31OAT30EsKP3xqXwwxZ1UbRQCHZHk1iusClDKL3q7DHgUslA53dbVq0hrvYlDe1BGdd1r8G/wASAk+K/IOjbzLCoo2vv3TmWDjzf2hikncG8R2bbMMtbUk22Q+yY6bhVljkmagCWXb5wvbBYkQfLh+zZy5lPBtW1IfhQPZySYdW6K89dxQF2Bc5xb89MvvinMcOWuO5CwdpiMZe7Dsg3l8ONqHWJsrCGRGCclCUq/mI0eej/euKR923eZ5wU4dx52OWeUVRUooMIGdIWwplgVlBCFReuJxVmR7dJq4LMqQJvbS3MyQ4zi1QYUB1QD7CsNCt5rr08Z+2wY0ggmJDgTRkWGwGr1OHdoiXi+Y6N2YJ0P/OAgyBoICI3Pg+pTWic1rbE59esWSFTr1/mM8NFCqhpa7XgGWcq37fzQ/mCv3Ii3XfxeIYhCTWmThjmnj7TZhu5I3NiUrb1q9gSVDpqfQI4Hu360KpoaOcGfUbs+SuQpzXDcp8QNnz7FVZBugQ+sCi9zgx7d+JFWLhSTb2GFyPkiuNri3+cDIOX9oZNudjQxViX/IszNgsNiXzbBCovzmLm4Fvdk4LV3Ml//Dp+MT5pR+Fkz6hITeWN2sffFuLydV1NTtSzpxWjct8OzbiKIJP6Ks3dM57G2KofxnjA6wIF9zzQUmpkg9FAl7owrQ6niuRhMnz+PZoPU3zaM1TV3fcb/wmoVrCv9+s9TdDwoJ6hurU3RnUMqNC9S93YtdXWPLpImCgDj6tUV6G+WuIaMfiFPOeqtlLR21qEqG7txgXb9pzFEoGe7WZ9vVjV3YnqHpxtD3JmINcD129ld+uDfbiql6fRny6xRIBpassJrnEF2kAkK6qtEXIoojAjeMz6zC7ORgbBWmAKSukfS74G7qDu/HxZdek+/v7WlLhc2m3z8xGEFjTlG/w1MP6iQ/eArDO8qs3pKU7pQe9TdCJ42Jo9yZzkhq7lqWwbi1JdrCrjxTMcECKj0uNKhKOASIZs+IjNm4ntKGjfwYwcbLARJ8nTRZe+V7ZUEx4vc7tWaQzW5WoIw1XswvAVJ4F3RSuqCZ5aky7qtAHqzPEyydWobWm70m4GaRQ8fIsE+GX73dHaOqdUNnuxjkwqdzKXNlyDtgLaePRcZh0M7gZT7T4W3JevO9QYNTBraipmkCckrDnUGD,iv:GlxhTgvvVSkQWDNJEzFeUpT+k1YU2IUXXQFBpI7cU8o=,tag:WO4eBX0P6DY5jfjAW6+QMA==,type:str] +cert.pem: ENC[AES256_GCM,data:WXeZAJtpEBudGBbbSvrsL6ACdltJHRtZ5iv/PuqvUyZED7Ri/g4Qz0HskBWtfXj0+bGM1AsOOb/TJJL/ExUZEjtJsTllCS8nw3m2BJZ8f4fc5THBHXA0n/Vthi8yI39uh3B4ndFVj2+3pbIjp2OiM/HFaTVr/cEtA3t/PUIYuihyTrEjF7D0RG1Ug/vaaJ7LAnylt0RF8D5rRVhv6W2ET8Tmd8XL0LLKXlr9AgDS0XQ0aARBPo3Sq7++qS95pK3jyHXGe4WvuJZ7fikoaPrvP0Jwl+y1XjceG06ACCqmdqFYJFCmijYvKDlgsxyiT6H8ZYottQ0BHJL3aUW5sxEOA/f7AMc7hHNRxC9RnnilQryqBbNzWxZq1ns14uIGcLEspNRxq1HgD51zJC6XdfMMrBdgrWmO9Z4FD0HQQC6MCEnKq01eVg+cOVa7/3AsRwgEyf40JgS+GfAB7wMTVgf0jdf0mI70RgS3dyk2ZycjHOcu9kOaOrMNuQrrZuHHYpyhHAbuueQWQRjdVssmY7xb8yU3nNF8ec+8DXDhlO/8tSfuNW2+C7DMXsOzdyT5yCKiyiIyPUChTUb4pMd9fd28o0LcxpvBO2K+jV/qSC+rrhXmD2h5HD7zMhubYQxYZrDxUK1FHoKI8EvuYZdTAhK+NSUoyy+9QhBlhprAF4t2UQwWb4ykkkdbpLD4BBgbBVzokMZOnnww5RypwCKWBu2ZRhcjXKB5xzGf+Hhjw5aD3M0vx3vZt2XGUpJkf7V7LiYK0SdjF+rlcTPGNomHNBjZPnfDh1gHQCiW6dPAOCUr+tlERmCzAnFq1TTZSD4xLmU3KNsGvVPsGnLdGYkY925o4MmM1hv9jzHI8nk/j+0PbILg7S+lEtq7BSzVogJQXqaqTWWb8FZyNQLVbgqb2mwXsJ2RjVaxmtgbq0iUFDWcJ0+KeBsmKhvzdOBsnP1eKcpJ6UplO9XW0d/xnanTPhlXrJPoJg44fTZOAwC/W1zOAr1XXEC4Vltd60VMGyBH0KnXyih5RS/QT/Inp8WzWdwqj3ezK8MvMD2n9egloho/ni+7xDFdicHR0hGCqCPOsFxdrgMg39Ms0ofwFwgxBwhNyci0zlqgI4+rI+XY4l1lTnt9J57shZEqWuAzZtKXbn/bQMybzy7zguxMA4Z/scJ/ucQk/jH41GjocnIV2HC0Ryo67XiWtiNuJa9Lqz5dnN/Wbc0CMehmchlTMNEs4GpPC6nSSdevbWCEbJ3Mm959pffrbUOw+BezveqYfYSrk14gJDBq3a6fp+45dRz+6EZyceRfAL92Z0AJn90b9zhxHXETsfB9cUtjPMkr9Kq9gLd3ovVmywjITUWXKpiiY5xbNzrWPURq8/STzgNEhHEKBpg93kX0nWM9qhkvVRIYyuHljCp4//G8LCapp0H24LVQAZOJcoD2TyY1oRYdQP0k/zDOjQ/N2nJgkfWrPoV05NbL52dDJG03jBMDrTusiS8t6PC6tEM7sayte61ZxvYx62/1gfnU4nW8VyS/cjtYRw0jLj4ZDAFaVvibQDb0QLCYOzPaJ6Q/qMCCShdxMuETTWpYS4GuOI6wwA03jplZK+o1IK8/nzoB2eUt7AutHh9hUL+KEVuQPfOMiNB4Kw0YQe1gcfwuG5BIHUMHujcY49KNo1YwuFuBwUMBOIP+CvlpRzN6xbhcf7EkNw4uIxmWUeZph2659q3XYuv8T0yxnTH+A4BXfLkvhFMko6Z39UGpTpxqJt4dBuKuz1OJ4sic25R6crb9Qp+xa/zIoxbl67GlTR6T4L9OjLkldHuKm+iqlyXY2hzM8fy52e0eBhQRzluNlXLCcFzOAl8kZzHzGpC9QjHbDzEqdk4Rggr/MuMvswVWhGOn9M2rHdOeOOpwjrTLbe0INGhcIvH910aOmW+OJ5FjOsY1YMZPGiVJ150JKaiVvmmuxloPSF3QeR2M5diV6Yi/WTabn43VKJN7dEPHth7FtliuzROiijP28lkymW1v7VRPGCy59hs6hCNKNCEu7Q5qRbaNaag8zxUL9RDsWgzxpnwBCZznu6Bk2G0ldwADmfqMoz8GMftjpkibfDMNT5XupzNvc1gheBXXZaRLuZ74+z7LWKi4kdIG/tdXQ9ja1OzmsF4j8+aUaApHGZZPWdupZKKBpGAjY/Bqpbfm+vhVCIifGDCYK+HDcHCtaOUpRlYMKtQS0v4PTB34piTh9mMHyHG9bvMYqKpU3x3b9Fsp8JSdCHrAoT9zbxvnAexs7GifFWxyZGyb3HxFltz0omlA+zqSP/HhCGYm4Wpp9Wy0r50WGD8qJSBsbx4iuSyHywL3SY0zgklSmJSqolIaT/efTi+X8p7FJb2usMxVvP5O2DwiuelmzJ4SfYXsCcALyc1+BPY5/lpOtU1w1rarWi1KiGaOTiRYzakjQgmfO47abR2Lrr3Vdz/1kmSqeDCmHXPOrl4GbH+UecLk//FqPstcZiq6eEKZblPEwmre0VeiLHkIV9CJS6u+SYKA/syVt0I+ENV3bIogy5Y9gx9cr/NatJZ0Vs1/3LWV8lbGkbUmO6q5ekBHOrQ1TTfpVFu8/aR9R64plgJ+oadjkNyp8rindgn0iJpQi/mQh4mLiJ9nx3wGX3ZHauUaOJklIPFPR6JlR35b5UvKRpxIgDILKYUqAzbhlQznqFmdnk21Ga0llNK/F//zy4J3/74XeTW2Bm0dfUlZ5ASHV97SZeeFooIL0EBy+JeK4UBg07LHOzYhpKbEX37vIBCwjHFbptf++x1MtFAfqTjDfsVr1gnSEWGM4BDjS4DW2n+A9qJm1sei+SrYGGN6vffdSQwPMmisqVUxSMAtQSTOi2Hg57ttIEqPbelhF1KP3qBnlyBqWcVjsoWb+JfF3D4zjnFwwB61bJqG054mjqzLNNcHsrgjxL97FJwznupq7/avgui+QO+o0Ot2buhe8T+tnVdmTELInLgJJKAUjVOpKn5OF4h4tM/uGLFzY+reYniwxcad6nFUlsKOMoK7//rHiXyUHMAM0jI5hOOa79JcLSIXK35SY89hbSnAsJosAhRkt2vi3pilsFirsTRXOHutYaDlNlyZl7XFhoPgpaKXnW+h55GoBMrqfCnyY2dZYH61zPJDi2OwKpszzU9gfrHCSzeZKv26gmBonRo5fvlTBVKP6sk1MsHxsdkl3tWjSw4lFgvCotIXiCcbYPDLYR2IRe50Tah2dPpL2GIbA0hUpwr9ApZmbgJuzVZY9wZTA4MMA3WV68IXnqCD7J1lJY9su90FbRcud7+50vf3hp9pqqjI4ZM2yVqBfvt156JS07cMlfpOIwIjKx//f3PR+sxkxeSXavs7PEpHxhCZxnfXO9z1kerw5VU2N+yyEHjcZk3SdZNRYZx4WYpWYy/BoAjQWCeOSESYqZZtgOyTrcell5jHDj+Utv3O0ZHuGaN44s34fCLw8FfPPhfGa9ZELNoMARUngEjhJlIBkRa3Xk9tP7ScnhAe3CZ2mDCjbMH7mf4XH0THYsKnq78Oe6wPS9Fdv563CjL9XnDWNBvaPQgVfVgrFyT8jiQR621MQfCFRTI0z3VZB+Qc4fk98Rysys+xv1TDskjcpcBogZmun5uvARALWznb9PeEP5yGARyAVqxbKyoHOkJSwuWdhuHERRWFtRgdiTdEPl9pB9it9FtyCuHa+DR7eHPnbzGg3SHOdEBuGl43pOg3VAlF5ciZ/7l1V+ZcGHFsoRRCByuOEToktNF42BfBoW9/rniuNScUCc6+fokaeBUOdexL1AQBWUf6/PobJkvnf8p6/Jo2vzQnLOrxBvckxvhKye+CSpRl7JFVpjnBB8NHRuHPkYlUUBaPSEaVwZJxXp5ED5WdlJtrIv3HjpGWSuHJWW5+vkXxF172NeUHrKFqqXFWM8tzm0PurhI1bZBlhdm3Zo1+Pw+qnEb1a6r4hmwwGY3MGKsHdQQTCW76CQNK5/+EDJSCpWB0sIV1wiSr45TdQV5/yz/IzBJImeGf3wWOYt5PImVsnXhb2lVu9iW1/HPSoqipnMDOAkx0kpsDY0ZpcQTDhc/BwMmqVaTTJ6p+YlTvco92kUodAYyhL5CIc/YYIxaxrR29W/7QmGQq4Ef+d3SE7kuMqT11xGUNTGhY7swNAXwAmfHcnc+Czzrl2Bt2TA==,iv:LX0eZEsqP8c5TsNXxd/1shJA1WRJY6kgKyt1MrY9aUc=,tag:7KIkQvcAuyurDJ9xE8lwyA==,type:str] +nginx.conf: ENC[AES256_GCM,data:rQQHYy9eS1LfMvjae9DfmVCi2jOdS8mjMdhE3DVmonYOw5tx83G4YDEF3TEerpA0hc7Fy2DA08sFxXoejt5TCk7iKk+4zmCuPDtLD3UuvpEx/ipU8nehzSYIdOEJ9zneKf0vblhXw5Vo0ofWCxW29F59SlCVChhwZ73GNHksPFCaxNScIsnBuM+e1jwrnBItr2m5YXw44pfsghf548mj31yuXAcxXN97T1xP0jjjp51f1/A5GxpPoaFjInElx8w5lcuzjPcuS3uvJBXgFmxg4W1yEDEx963VkfDTPJW/fOQZfSO7/GIpDHK0T4PpOBQ0Q/P3IxZyV4PPA5/k5VNSwSvJxbg+7+ayerFc0Yfi9PiiF2VzrmtU/cntP0j6o7JTVRi71B1wfH867GtIvFgygw2juGqK+pcFSDFMSjcgKQ5TqLKTtpdDitmUm6aBA4Cok/16GYBBGIYiE7NCdQj2bwgwWhha8FaKRCJzyqNtndsOcq3vFqc32kZrtGTp2MvPqNNyWy52XohFTRKM3VxzTpLq1OdXSunajXQdGK+X9rIKv5ZR705lR+gYmxe8xUI6KFC0OmbbI2ZfTmo8aM0G3/6L+fhFTbkAwlrawS9JgXWzc+PSZ+e2aZT87Pf88vppiRK/QdLL5u4ukgY1U1dm9ygIw8IqSKsgo405mvn0Rkpd8bwSuSGHV2pQrpWvO7+Bnf9wY4uvlkvKM7ANZXaeom5vBSQd0eySyOkY+cBK7XHm+fgafvG1/D/8P7N8K+tlXg8p40pYQU4xm2u0Ige/Z9XdoApZdFvc/+KCRE7r0iqwT0DRVclBVYcEJAI5hrybkuvFJoQm+mMgtoXO1z6GsHAyF13VrOyLf20QRRw0FY/BGN0w3muYn4g+qww3RKnBhbbZr1TYHAKqqGuzOBMLbNnW3TUzy8WtODSwi6dgnNccYBD84r7gTF0ENHSKLF4/HBtXs13RpE/aDF8sVDpyT1EEXry0hSArae5mZCGrdfOG6B9x+lSl08d7seRkzat2Fejmvu5VeJHpyCckXlkxpUdRAb0jhlzy1hCJh7fhmyVu0FjiOdYFoeNHjpNWyITKnoFRKQZ5gEYfn3Nxg3LArBGjuCgFclgEW+Xnksht7B9wi7oRpMbXIkqZQ0pqe7xD90VWcpjLpbIGanrOOs0T9gF0RobxrjOuxZTDgeQxllOUe6cDZq4YULHW/gEEsox5DeAoraeAebmll1Llg2UixM73ZnREUcuHC23Uw+5YyaIgaD5aLvtnqCLsix9gJeZIfB5ZixrAZqSwLv90p+2UzZtMexYoy6WB7+Lb2hKhMFHF4jYcj2cJq5oK2oUMjQHDOGJCQKFjxpj/kVnTVP1r9ittS7Ys1xbNDb9DdaLyIVxwT7z5nVf6vBYvun0xnYrsH4kEq0YLRqCAfWQWgwwA1QZMcWL5MtvPLHGmLlXmMb/re6wFpddRo8F+PeF7r3lRFHEnQwNk0+xXYn2fOWAxhijcJPilm6H8p+QeY5T0F129tNFE8mvq1oIkPIEVKvTfdg/sEoxYluyIF2YTScLSK1FRcnFwBTKKgvhzXXVInVEdBD0cB9PzQ5FQTilglWKhIl/XmXSFkLOGVcQ7ugKu6EQOs7oOekL7vlQ2wYviq5swPbD8H2ArbPgkqSZV/1MOL1z0TI5QOzQJnokiWkYCz/l+4qAPWfF/uLoR9kLhNiVqGOkIbLgHTjDERcrDItzjbDZ3m8nNiyr6h8Qyvpb2Y1gvR5bbwCYi+2Kav6BxhvCZq9T2aXOs6cVZTPYaR+7bHmkqfqZlFW3XTpaItZa2mzmmWnIHVItEE5upVVbdgs/LvSdiUuVU2L+yH1JYxQHGWAnz8TtkmkoVBslRvXPktIWBAKs582Xkog8N7/vVVjJ2xb3Ky/Tlm2eYUt6bk33GXes7c77RTX6As8vjTikhON+eDjc/NEyPbV1hblEzDHhHlRPpkTyab5PKdmyplYniwnXhkfBHFt5Lde/dp+GRfx1NR0kUVuZ3vxeeDweDHFwYU0ipIqy7vRi23WNgEunASw+UQsGWaf/ZTlUBSuoIdbeOFssD1CU0wYfNyqgpqk79/b11/q8/whtKDoUSTQCxCu5eacqMrdiIrdC21+0to4cpXCnIAGbbdnWzAbL8j6tus8o7oyDTX+tzkV3jrwRobw/bFBZNqQM1JAnQ2a4QlB3eISYj+TjKRQ2SQiQAZmpx65fmDdZuq/qb27apuU9nkCqzh0ylJShxFIypjtdTNHHjYeI6UM/q3MacQ107WEghtywNeIqTUZFV3C82LOVyoKSYztqeIOPx0elpMd8WqcOBmorYC3FcukrQOWmneMXHDwIfr2lwpX9dGTkoAR2kxXmUyEbSwScTrznqVfnMul/V3X6pwqK/zsjPUcrBgB4HXq7nMQnM5qcYHspn5Jr+5ZIG1s1TSJBOnSIY0wO/doReAzqMiktey6xR40srh53zQyEDDaXfNMch/LSoVSXs3U/UaEW9pqNPtbr7GWtXJ6G+N3viJdQeO5V/tGRmkjL/bBBFJ3RjnQmiRygh2tWbtWHu7dycSNYj+uj31N+ElfgOT72gOD+9fCrBRWCDOOvQ6u2JOxujr83l+88ALAezawuyHrvetVFSnJq16oC1Cvn2qAWfJXRgVOBCrUkd9lNruqi7Q9BvLhxvfRo+DgS5jq6i1JKY8f1vMR+HsS/9+/UZuxU8Yje+EV8g+o+9vSpKxLS6JxjMQPHRZjeS3XIsqAGp3dc5x0KpkzWAj0sXMwH/5cfGNvhpqy29mrEnLzMR3pLe/HQilbgxboHL+mepGAqMyZVsR/xroV6gWDCLgDwICf3fy5t4fqzcEAQ1shVtdN9xO2Y50pxu8lXvNeVKmuYmQKcPC5JOFxX2tE/A51WAO/BrCKyDvEm3FFZQBLAUDdTXmE5L2qxKavyL0qanQzQmX3I6Z709Fs363K7RqIBfITkMBYXN0Q3niBozHF2TmGgXOgL32enFd+CPFpAb6FoQm+v8z3VBx8r6iGq3+iKnpkdjJPl+iww0/iva0pi2v6AndXh1tlg44WVdynmiQt+3TnUKQvCaM9YOpwC9xwPk7g8vl8qghEYRaLEiAJz3btKKs7L1Rlxs0RUxEe/RcqhAuoYU28uX+HOOknEreS+Nzzrg20kZ8x0cFutfcEqZ7oNK6xdBGIx45F64fajHVEDBfnh785XB87xC8Br67Lowkh4TrDAKgQtw0tf+hpoxNi+ow+mh9nwGcvodd3gmyCrEoJutzxp091D7aeqZYVu+S/xznxad0lY1FYhAasEeCc/OySQZpV79eyD62XpJReLDHgJsCFKg7YWQNWQVCeiC7IWp9w9n6vEyGtbaZBAv5mPofO50mYLqEcZAef9NHI5A3Evss+mv6Xye+rDXE3goc1QkGhZgRZQ6GPtg1057+w6duoOv2ueSeHV+gSVriuDrdZ7byjC8x1+pi64t5LssWDkAJ7hcsHcGZy7o8duQiicvDyW4P7NnuISvxxQYHR2CovCWjQuFlX/8WHiHAc3Yui9I6nEiO96J0Pht+9uJYunxNFyS3mdMwI/a6RQGMKm7r+ka3nm+6dT2nIfaXWgJpvgJldpd3YB2I1PuOxhD+AL7yMmPHr1TQp2C+LwJ6ScazVflFvNeIDjhVfmZrTREl+rRDZJ5hRQebH3vxtHab5KF/EHO6JcuMK5D4GyyK+qYI1B+6zOZNL7W/kJ6Wc8bJlbY4rcogu47F4Sfgg9nmS04knwXBGpRD4+NrQabbN5fuepGdoUpImhucMKWEl7SFV4Euh+sTCaYKnZaZ6LatdpXroWOkNCOisE+J+AW0snf3m+t1ltRcyG6CVdGoIY0WSYMUXYl7cMiy4eaXesJKmx02Q7eceF11Y6KFjGMTMJXa/MB5LNX2zITrMWjJoNL5rl6y8xFuusymcMg6/zsPBi4/ByENB1uKs4vodG4lURsaBoswV+UvozEQk1ieHVtgM0AH9xRVJmlPmRwIIeVE/ByunyIt6uqC99KhwJZtqtYgAMOFMGKIzkEqarr9/B59wpDjzUpNzFOmCnzPs68yCTOc8lfigAOkc/1r0H+hUI88YjunNadY/PVpWjZw1lS93fo/gpifQ+VxeAKcu0LVmKEVRn9d98k5Tqo75GxL3u2Eixc9EXlwuodV5g7m0Ml/yzkZ1YIr79zEhFrJIQuH3fiCXwxjPop+Wman9fb/8h56kXGqfW7kPwMovgtE5o+R9ys4ioTDab8WdJFPKy8ddCns+7JwHk9L7JuaMpgYpiulY0jMlTie7sEMm9CZ1G/01KluLN15lOvmRNXd3n9HnVhQGWq4NA2GQgc34U0x2ObmtxiNYYqZj20cbjuWuos7lQIc9syqiwIWgYd/oFnIUbRwLyPfI5u7sAx6kVdlgUqmzb95UgLRZBUAm0GJ6ISMTzjAVI2zwXNzxGqGWd3VUKsewmDtNcY87p2d3mg8jjeHOfDzNn935f+xZMtwgbV3tuQG72w6X9l040ZC9hNFGLtWYe6/JlrOxNc6u5lkLuI6lwciJtsY+PGQwJXxlaTnUnOJJ6F/z8ADGBUDhN9mowaGGS4LN8y6EECjZD5Tb4WaD5Bde5hD31uWL3qeO1p5JFUO7gXhNpFmrzHA2tfqtTJv3m+m3J+YZIUKajr3l1WPaXlMCIktilqygPDK80RDfsI4PY35ety1+s43Wd75sZwL8ZeTT46vb2v9W3FAdshyrk3uUxlQmoaBG0539rpEVT+3DALqdsrrgJ7wUDDW5GrCTCwa1YfSr2bVgDBZnN750LY4J8MUHPpMWmzqJiDeX0Xeo9XMm3OyYpJpL0Wc/8VpRnHk38m2rsyz5BlfoMjYnUrMSOJDMxFItQz/ntqxoLLnvoamDlza2zqfFZ0n9w1CnjyAvuK1AKfdT63ENte6/PuS+Vx/SCrCYuatP5CnN+Fry+pB6rXVepWPwMTE9nqxf3L/N9uHcit6HN68hWGN5ADxZGIc9AUzBLdZ0WHpkC5Ys/7Kv13NnWYyDDlLGXYshzF41V3zoedeVidcHwH9uOTVeJMjokO1ZDlLPqsOw4MwgKz/ptZ9dG7gaekpAsTBKF1Za+fqvvpv0O8CulyQt4+8l/wnX/4yVKi/u/QvR8lpKa0L2M26TGAOpzMxGGi8mldOc7FptNf0CZ0iQrqhK92EQFrq7QP7ALmhF2iD9zTD3ipP0OBj1OHBMCwhMqPl0Cz7r+zYi/HgZ5LwPmcDIfAREeDMpIO5zFMB2wK1johPQ9cY7hslXgVXDI4un0HHnAaal/p740kWW+wydb5/rhaQ/ce6ddAR800FoNO6sNDTiRDUZU/zk7ogmYvSPhWJFPm+xfy5KWkZ8oXIr0Wu+GjpHSNmXPBGYOfqeJMfeamvn0gl3afwhM/s8sMeuWHHoeyXHr/u0SWJWaSugtQloa0B+S6t4nihEx64QQIOUf8+CqV7CIgDXm8xJ8B839FGCf4sjhgjQdMG0ymRKf4BZtOKvVUxN3rKmUBthtyVLLaSxAl5KUtY4F66+tp53P+iJy2AbQjDA1z83NG0qHDGR7jCZR49IAb5ANvIlwSdP2CxhWVTtGtvAXtSw+SI8fnMqSbUcLMRygGUSEfSULO7EKgWoTUsyeTcm78FnM1jZQvM+IBK4eovcE+tFQuuLz8Hvt4p/MvQXIpccOfjpO7Mk5hoF/NAFmTE0aTfW2uGtZUtVY7UvreiBVMFeiBlf54iGcCF08wVV3Nyao7VI5e3z6BL+rEj4TMMuCwKQ9LrFT0Bp27BgmR+16dPcr3BJurHJlSUkiNIc01bD35vPR7YAWJCZBuv9zKr477uczOHY0AmtjYA/EZoRi9mXsft6c1RxDaKscrXEd4Aay2h86dAGOEH62Ro1wJImrmFiASUWtWkc/3d2agVC5mkqU9QwUlodYE7ecqHW/qdAvcv9VpDGsrE1DQZG+2I+fIiOOeXBKBlqb80uhzQyndSTVdqoFqKgipH4kp8Ydx3s1aArpJXibUCqx0gInPSTp3A6S6alWvoEH+blIRBhDd4+BLktZr4rUWS8WGIc/3w55UZs19MAa8awDbb5lHkR0DwqIoB4KDnkd+AG6S4S6k5+gHweYG15/gtIhWGL66qDdo/3ARWaGZjYkhyyQUydYDfM4CfDdd3JgeqvkhkTPKjXUsKrOYB1wtjZFxEXYzyDNdTEzdJ0wl3YGtZkumBsSehcyu5yQZLcXOzE+SZPKZ3u8vKio5lQ8uagYXhbf560z8R8Bve2kWgvNZ4EeBD+Y/Eu8AdPSkoikh5bmP/AfIYGe83N/oJhtGeiOqHEM4FMgN9tDw3aqejKoQVaDo3GMKtjuRxU2qNY9GuKVXBGWpxnOMIIoZ3Kzes2U5+Rjs0UMiIOEdyjqLQWTRzi5qUO8Ye+RjI4jfoe1+loziDCQbAVay0AwngUDqFZnR0fsGx8v0puQ+dD/tKCV6KTWx5IKqcktEkzycScgMe3/AiNUiSZ8qktep8YeEbpfflfzROeIH9bbtBDSXnE7sH7JgMsx00HfsH+242p5Us4vClg1ZX5+vFnGUiThbbbQHwSAa2CDSeruYkO60Htk0GvLlCjM7I28vVCt9NGsDCCi9AFxY5W4K9HoMVJ2Dkywd/QPoY6ASnS1zzElfo0R9YxUKyUyPp2428M6YUMAJLl0zBztGssCjPfKM/PxSl2wb3irGJAEBsIroJeVkwA/+/Z7RONrKcL7k6/Wg6JSosn57LaMzcPrMGENkwjqI4ARc8W4cwj9Lrj5Xt3fuSM+xxFGTvYs1C2iAK8lyYiqOU78HKcbHeU8j5pS31SELQ9BL0ZkQmroOkqD/XEWfhUiVfNaTgrTR35J2nPBDJv0nEKefeBcN62OKP1KNSyDvZiSiuJB8VgpcAWbemyVkKQRkAUZIScnchV5ovyOmfN4uJe3JUPryoCb2Pg9PBO5ngIxVANYxz60edzserJ2Eg6TrJPQ=,iv:b2HPjsKJCH0DNGV+c3Y3MFBsz7qgH6Dljb5A47cD/wc=,tag:642aDvjLZG0VrqwwkHb3Lg==,type:str] +sops: + shamir_threshold: 1 + age: + - recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRjlic3E2ejI0YThoS1Nu + Q3BSN2JoWFBTc3lZU1pJR2NkL2hZeUFSYlFFCmt5Y2hucTlBOUxlWkNVK1QxMUkx + ZnpkNTJlTisrTlUxRGp0aDRReUNQa3cKLS0tIGovR241bkpDUkpvRW1FTTMrRFdx + ZGMvQWxINWJuQitPUUYrNk5rNGpBWW8K35bEdBYwzyB7C0VCCabcVM1shTEfx45r + GN4Ubxbm/CmglVDVQ5wYW0+eEJfEiKQEjzqggHd+5SFcTRy1XN/TvA== + -----END AGE ENCRYPTED FILE----- + - recipient: age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNWxhM3crLytLZUlTNWxI + dUhkYlM4ejQ1Vjh0K3pZZ0dWd3ZVZGVuMzBNCjVROURCQ3BBWXdGajNibGE2SFl0 + QWZwdFRsOHpqUnUzejlKMVJNK2hsVDgKLS0tIE1SVTZOa045RTFZZW9FNW9nY29S + VXFqNXJ2Q3pENWVFTGNxMVpuVzg0dFkK081HGF+mAcL0toWIP5CCzI1uJqZJ5nY+ + 4O4iJy2Ev83Kup0roNUwfrUb496yaUeso4rPJP0LsGE73PvFbCaI6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-07T14:38:34Z" + mac: ENC[AES256_GCM,data:E4uaqWeKzFVCzY/t2dVCY+1Ky2EpL4Iqc93tMoCrC8ABnlrzohO6/Sr5fE3Bz8s2lcUTxqlW/4AcF32RYL1zC2BNTBqXQRnB6hD/GHcgwII9Sm7u682OuBrrLKN0UJriqRXiPa9BIkzgAGGRKkn+cuNnOX3ocUUEUlPs5k0TN2Y=,iv:eNxGHE51H5+GenIxN2fZqUqEZJD/dKA5yImDzUrRx/0=,tag:mVwmrLbYoCrzbCEHJfeXpg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/rustic.yaml b/secrets/rustic.yaml index e08b28a..32cf5da 100644 --- a/secrets/rustic.yaml +++ b/secrets/rustic.yaml @@ -9,31 +9,35 @@ rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3R rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str] sops: shamir_threshold: 1 - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeWJOVEFXTXJrcGYyWWlp - TkxrTmpNanR5QmVaYUlKV1JXYnh0L0ViRmdvCmtTR3hUUExkejBkcVNuYUpqRjdZ - dlQ4SkRyL2txM2FSK201SU9adUQ2NUEKLS0tIDN0eDRLZGZWMnFUQWFjZnpjWk9J - VjBGTVZpYm1kOWw0aGlNaURvb2Q0aVUKPZ2BkHEWV1qsOcEIvF6iiLV0ZSJ7kGT3 - B7LZx44DUIFuwEXzmnzKf6BkdFNpCqSqWODxTYHm3UcHU2qshux+0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOUd6VmE1VE5sVEhiL01Q + M2FtbHN6OVRBWS9WN2NDSU9GY1Y4dFFvL0RRCjQrMmNzV1owNVFNYTBLZlZUWFg2 + WWx5WCtEc2RWYTRRYmhxUHZla2VZU1EKLS0tIDFvb1RrV3doWDdSTUkyUzRYc2xN + YmhaWGRxU3dOenJETktBKzYzQmZXeTAK4Ov2/vDAB+XHTYBZBottMso9PCvz4jw4 + q1EPk/xxm1dAYwX+TN0TbbWLMThuPetVzl9WfqmAxn0P6i3uxCDJRQ== -----END AGE ENCRYPTED FILE----- - recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMzFGQ3pzbTNoR25pOTRx - QUk3TzgzeUhCNzg2ODg2SENZbkJpTDREK2dzCnZQdkxMQ1RhaFdCZDlZellYd25K - RTBCNDJWUFoyZTJ3dWtqYlJFSU5uc0UKLS0tIENKYmlKUjB2ZjFmZzZpQ3V4dDQ0 - eklFdUdEOWlnWndpai94QnFUU1F3NmMKVOQtq31dODV1rK7hZMfw295OkQeXq81u - VBQVVcYaup6IynBuQYE9eNL5euMwsV/pCv9N+PC3J6WdhdK336ZCDQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNWZPSGlZWG9jQk5mT0s5 + dHRDeDhRWENCTDNrNThtMytrSEhqNHVIbkFvCnlXeEZ3NjZ3VW1HazB6SWR5ZCtL + MlRzMjIvU3hVU0xMcGNFVWQ4cDdZZzAKLS0tIG9lK2JGWEZIZUJQS2pnTzlPOE13 + SkZITmwyVkgrUnAzRkRGTVlseXFSUFEKvhtPjXu6ar5XUNDYpXFZjfee0DNLtnIg + 22E96SDJItVyDNh5Hn2JoHu8bWmzkCratBKz3YPrcqQ7v/MzQt6Yhg== + -----END AGE ENCRYPTED FILE----- + - recipient: age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSEpKUWlZMHlPOTlDcXlI + eWk4UTMvanhOOUlnZ3hTMDFVenZNbEFsK0I4Cmw5d2c2RzdVQ2RhVnBXWjc3UTVD + MEwyNEQ4azdxeWJ5UzQ4SElIQUZuQUkKLS0tIDhDc2Q4ME1PY2w0K3R4VTQwZzlW + NHUyZGsxRThzQzNicGluZXphYnlTMUEKCIO6j9cGZv71vF0RLfoj73mIpT9rwdd5 + ph/2QGMEX1/VXIhKY0G+JFb5xtyC2cju6S9RDOEYAhZ3ttvOYHAo+w== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-08T15:01:54Z" mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str] - pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1