AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add new host 'blueshift'

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-05-28 12:02:55 +03:00
parent 1fa421ddb8
commit 82d82d00a4
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
9 changed files with 518 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -1,14 +1,21 @@
keys:
- &ataraxia age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
- &redshift age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
- &blueshift age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *redshift
- *blueshift
- path_regex: secrets/redshift/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *redshift
- path_regex: secrets/blueshift/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *blueshift

12
flake.nix
View File

@ -99,6 +99,10 @@
useHomeManager = false;
};
# VPS
blueshift = {
system = "x86_64-linux";
useHomeManager = false;
};
redshift = {
system = "x86_64-linux";
useHomeManager = false;
@ -211,6 +215,14 @@
"32323"
];
};
blueshift = {
hostname = "45.134.48.174";
fastConnection = false;
sshOpts = [
"-p"
"32323"
];
};
}
);
};

78
hosts/blueshift/backups.nix Normal file
View File

@ -0,0 +1,78 @@
{
config,
lib,
inputs,
secretsDir,
...
}:
{
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml;
sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
services.rustic.backups =
let
label = "vps-containers";
in
rec {
vps-backup = {
backup = true;
prune = false;
initialize = false;
pruneOpts = [ "--repack-cacheable-only=false" ];
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
timerConfig = {
OnCalendar = "01:00";
Persistent = true;
};
settings = {
repository = {
repository = "opendal:s3";
password-file = config.sops.secrets.rustic-vps-pass.path;
options = {
root = label;
bucket = "ataraxia-rustic-backups";
region = "eu-central-003";
endpoint = "https://s3.eu-central-003.backblazeb2.com";
};
};
repository.options = {
timeout = "5min";
retry = "10";
};
backup = {
host = config.networking.hostName;
label = label;
ignore-devid = true;
group-by = "label";
skip-identical-parent = true;
snapshots = [
{
sources = [
"/var/lib/tailscale"
"/srv/marzban"
];
}
];
};
forget = {
filter-labels = [ label ];
group-by = "label";
prune = true;
keep-daily = 4;
keep-weekly = 2;
keep-monthly = 1;
};
};
};
vps-prune = lib.recursiveUpdate vps-backup {
backup = false;
prune = true;
createWrapper = false;
timerConfig = {
OnCalendar = "Mon, 02:00";
Persistent = true;
};
};
};
}

165
hosts/blueshift/default.nix Normal file
View File

@ -0,0 +1,165 @@
{
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./backups.nix
./disk-config.nix
./services.nix
];
ataraxia.defaults.role = "server";
# Impermanence
ataraxia.filesystems.btrfs.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/vda4";
ataraxia.filesystems.btrfs.eraseOnBoot.waitForDevice =
"sys-devices-pci0000:00-0000:00:06.0-virtio2-block-vda.device";
ataraxia.filesystems.btrfs.eraseOnBoot.eraseVolumes = [
{
vol = "rootfs";
blank = "rootfs-blank";
}
{
vol = "homefs";
blank = "homefs-blank";
}
];
ataraxia.filesystems.btrfs.mountpoints = [
"/home"
"/nix"
"/persist"
"/srv"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/podman"
"/var/log"
];
ataraxia.defaults.ssh.ports = [ 32323 ];
ataraxia.network = {
enable = true;
enableIPv6 = false;
domain = "ro.ataraxiadev.com";
ifname = "enp0s3";
mac = "00:16:3e:e3:cd:40";
bridge.enable = true;
ipv4 = {
address = "45.134.48.174/24";
gateway = "45.134.48.1";
dns = [
"9.9.9.9"
"149.112.112.112"
];
};
};
services.qemuGuest.enable = lib.mkForce true;
# I don't want to specify all required kernel modules
# manually. For now at least
security.lockKernelModules = lib.mkForce false;
# scudo memalloc often borks everything
environment.memoryAllocator.provider = lib.mkForce "libc";
boot = {
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"vfat"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ "kvm-intel" ];
kernelParams = [
"scsi_mod.use_blk_mq=1"
"kvm.ignore_msrs=1"
"kvm.report_ignored_msrs=0"
# Allow access to rescue mode with locked root user
# "rd.systemd.unit=rescue.target"
"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
];
kernel.sysctl = {
"vm.swappiness" = 50;
"vm.vfs_cache_pressure" = 200;
"vm.dirty_background_ratio" = 1;
"vm.dirty_ratio" = 40;
"vm.page-cluster" = 0;
# proxy tuning
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_slow_start_after_idle" = 0;
"net.core.default_qdisc" = "cake";
"net.core.rmem_max" = 67108864;
"net.core.wmem_max" = 67108864;
"net.core.netdev_max_backlog" = 10000;
"net.core.somaxconn" = 4096;
"net.ipv4.tcp_syncookies" = 1;
"net.ipv4.tcp_tw_reuse" = 1;
"net.ipv4.tcp_fin_timeout" = 30;
"net.ipv4.tcp_keepalive_time" = 1200;
"net.ipv4.tcp_keepalive_probes" = 5;
"net.ipv4.tcp_keepalive_intvl" = 30;
"net.ipv4.tcp_max_syn_backlog" = 8192;
"net.ipv4.tcp_max_tw_buckets" = 5000;
"net.ipv4.tcp_fastopen" = 3;
"net.ipv4.tcp_mem" = "25600 51200 102400";
"net.ipv4.udp_mem" = "25600 51200 102400";
"net.ipv4.tcp_rmem" = "4096 87380 67108864";
"net.ipv4.tcp_wmem" = "4096 65536 67108864";
"net.ipv4.tcp_mtu_probing" = 1;
};
loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
supportedFilesystems = [
"vfat"
"btrfs"
];
};
environment.systemPackages = builtins.attrValues {
inherit (pkgs.kitty) terminfo;
inherit (pkgs)
bat
bottom
comma
git
micro
nix-index
pwgen
rsync
;
};
services.fail2ban = {
enable = true;
maxretry = 3;
bantime = "2h";
bantime-increment = {
enable = true;
maxtime = "72h";
overalljails = true;
};
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
jails = {
sshd.settings = {
backend = "systemd";
mode = "aggressive";
};
};
};
system.stateVersion = "24.11";
}

112
hosts/blueshift/disk-config.nix Normal file
View File

@ -0,0 +1,112 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.disko ];
disko.devices.disk.disk1 =
let
device = "/dev/vda";
defaultMountOpts = [
"compress=zstd"
"noatime"
"autodefrag"
"ssd"
];
in
{
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
name = "swap";
size = "1G";
content = {
type = "swap";
randomEncryption = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
postCreateHook = ''
mount -t btrfs ${device}4 /mnt
btrfs subvolume snapshot -r /mnt/rootfs /mnt/snapshots/rootfs-blank
btrfs subvolume snapshot -r /mnt/homefs /mnt/snapshots/homefs-blank
btrfs subvolume snapshot -r /mnt/persist/docker /mnt/snapshots/docker-blank
btrfs subvolume snapshot -r /mnt/persist/podman /mnt/snapshots/podman-blank
btrfs subvolume snapshot -r /mnt/persist/containers /mnt/snapshots/containers-blank
btrfs subvolume snapshot -r /mnt/persist/libvirt /mnt/snapshots/libvirt-blank
btrfs subvolume snapshot -r /mnt/persist/log /mnt/snapshots/log-blank
btrfs subvolume snapshot -r /mnt/persist/impermanence /mnt/snapshots/impermanence-blank
btrfs subvolume snapshot -r /mnt/persist/srv /mnt/snapshots/srv-blank
umount /mnt
'';
subvolumes = {
"/snapshots" = { };
"/rootfs" = {
mountpoint = "/";
mountOptions = defaultMountOpts;
};
"/homefs" = {
mountpoint = "/home";
mountOptions = defaultMountOpts;
};
"/persist" = { };
"/persist/nix" = {
mountpoint = "/nix";
mountOptions = defaultMountOpts;
};
"/persist/srv" = {
mountpoint = "/srv";
mountOptions = defaultMountOpts;
};
"/persist/docker" = {
mountpoint = "/var/lib/docker";
mountOptions = defaultMountOpts;
};
"/persist/podman" = {
mountpoint = "/var/lib/podman";
mountOptions = defaultMountOpts;
};
"/persist/containers" = {
mountpoint = "/var/lib/containers";
mountOptions = defaultMountOpts;
};
"/persist/libvirt" = {
mountpoint = "/var/lib/libvirt";
mountOptions = defaultMountOpts;
};
"/persist/log" = {
mountpoint = "/var/log";
mountOptions = defaultMountOpts;
};
"/persist/impermanence" = {
mountpoint = "/persist";
mountOptions = defaultMountOpts;
};
};
};
};
};
};
};
}

83
hosts/blueshift/services.nix Normal file
View File

@ -0,0 +1,83 @@
{
config,
lib,
pkgs,
secretsDir,
...
}:
let
cert-key = config.sops.secrets."cert.key".path;
cert-pem = config.sops.secrets."cert.pem".path;
nginx-conf = config.sops.secrets."nginx.conf".path;
marzban-env = config.sops.secrets.marzban.path;
cfgOcis = config.services.ocis;
in
{
# Tailscale exit-node
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
# Empty ocis in front
networking.firewall.allowedTCPPorts = [
80
443
];
services.ocis.enable = true;
services.ocis.url = "https://ro.ataraxiadev.com";
services.ocis.configDir = "/var/lib/ocis/config";
systemd.services.ocis.serviceConfig.ReadOnlyPaths = lib.mkForce [ ];
systemd.services.ocis.serviceConfig.ExecStartPre = pkgs.writeShellScript "ocis-init" ''
${lib.getExe cfgOcis.package} init --force-overwrite --insecure true --config-path ${config.services.ocis.configDir}
'';
# Marzban
sops.secrets =
let
nginx = {
sopsFile = secretsDir + /blueshift/nginx.yaml;
restartUnits = [ "podman-nginx.service" ];
};
marzban = {
format = "dotenv";
sopsFile = secretsDir + /blueshift/marzban.env;
restartUnits = [ "podman-marzban.service" ];
};
in
{
"cert.key" = nginx;
"cert.pem" = nginx;
"nginx.conf" = nginx;
inherit marzban;
};
virtualisation.oci-containers.containers = {
marzban = {
autoStart = true;
# Tags: v0.8.4
image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
environmentFiles = [ marzban-env ];
extraOptions = [ "--network=host" ];
volumes = [
"/srv/marzban:/var/lib/marzban"
];
};
nginx = {
autoStart = true;
# Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
extraOptions = [ "--network=host" ];
volumes = [
"${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
"${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
"${nginx-conf}:/etc/nginx/nginx.conf:ro"
];
};
};
systemd.tmpfiles.rules = [
"d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -"
"d /srv/marzban 0755 root root -"
];
}

14
secrets/blueshift/marzban.env Normal file
View File

@ -0,0 +1,14 @@
SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str]
SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str]
#ENC[AES256_GCM,data:P0rsl7K5MZceskgE/JrUlB7vTlKh0kP5Al1lH1CBUZKeVVGdbfW/VOy6CkNo8QuOUQqkzWocH0TNKzSEBw8et6s=,iv:uxHc50I95zeI/jkC60HOfzgftDBxdQM1/wqb8emrTSc=,tag:JaeHm9KAbh/KS+TIRrfWlw==,type:comment]
#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment]
SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcjN4RnZMSVdUS2Roa2lF\nZ3ZqR3lkaXM1akVNMEoxNFdkY0ZRWUFNZ0N3CnVKQzh0a3VoM0FPcUhvRnVReHBo\nTzlPTXlaQnUzV2g2Y0FPeTRvUUEwZTgKLS0tIE93ckcwd2wvMkVabk5jdmVLcjlS\nTmROQmh3Z2Z3SDdZSG9nUm9JU3E1c1EKENphb+Ngw6WZwQ+rsAJgPLneZmxcb8l8\nEzmaRXh2lwYkiGOruOaaEOhXzXzpMPclnugSb4q+lvM9b+GyhlU9Gg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTTVRTzlFenZDN0F5bjhw\ncS9MTGNsWk1OWTVubW5qSDc5aU1IMVg2M2pvCkt1dVMya2dzRWl6KzZIb2ZDaVBR\nMzQrVmlPdElTUXRMMXRQQmpmN09oZm8KLS0tIFdJSDQ2L01kdmFZOThYdzVYajND\nM0RjUDRLRzZUVEFkNjgvKzJiR2J2VkEKH9gMwOaPiHRYmitiS455/tEQpDQcmDbI\n1BHIBm5EL4VAzmrqXToZ2P2oU2kpQjjTzORlkboosrlK6cQ7xp94xg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
sops_lastmodified=2024-02-27T16:26:33Z
sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

28
secrets/blueshift/nginx.yaml Normal file
View File

File diff suppressed because one or more lines are too long

34
secrets/rustic.yaml
View File

@ -9,31 +9,35 @@ rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3R
rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeWJOVEFXTXJrcGYyWWlp
TkxrTmpNanR5QmVaYUlKV1JXYnh0L0ViRmdvCmtTR3hUUExkejBkcVNuYUpqRjdZ
dlQ4SkRyL2txM2FSK201SU9adUQ2NUEKLS0tIDN0eDRLZGZWMnFUQWFjZnpjWk9J
VjBGTVZpYm1kOWw0aGlNaURvb2Q0aVUKPZ2BkHEWV1qsOcEIvF6iiLV0ZSJ7kGT3
B7LZx44DUIFuwEXzmnzKf6BkdFNpCqSqWODxTYHm3UcHU2qshux+0g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOUd6VmE1VE5sVEhiL01Q
M2FtbHN6OVRBWS9WN2NDSU9GY1Y4dFFvL0RRCjQrMmNzV1owNVFNYTBLZlZUWFg2
WWx5WCtEc2RWYTRRYmhxUHZla2VZU1EKLS0tIDFvb1RrV3doWDdSTUkyUzRYc2xN
YmhaWGRxU3dOenJETktBKzYzQmZXeTAK4Ov2/vDAB+XHTYBZBottMso9PCvz4jw4
q1EPk/xxm1dAYwX+TN0TbbWLMThuPetVzl9WfqmAxn0P6i3uxCDJRQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMzFGQ3pzbTNoR25pOTRx
QUk3TzgzeUhCNzg2ODg2SENZbkJpTDREK2dzCnZQdkxMQ1RhaFdCZDlZellYd25K
RTBCNDJWUFoyZTJ3dWtqYlJFSU5uc0UKLS0tIENKYmlKUjB2ZjFmZzZpQ3V4dDQ0
eklFdUdEOWlnWndpai94QnFUU1F3NmMKVOQtq31dODV1rK7hZMfw295OkQeXq81u
VBQVVcYaup6IynBuQYE9eNL5euMwsV/pCv9N+PC3J6WdhdK336ZCDQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNWZPSGlZWG9jQk5mT0s5
dHRDeDhRWENCTDNrNThtMytrSEhqNHVIbkFvCnlXeEZ3NjZ3VW1HazB6SWR5ZCtL
MlRzMjIvU3hVU0xMcGNFVWQ4cDdZZzAKLS0tIG9lK2JGWEZIZUJQS2pnTzlPOE13
SkZITmwyVkgrUnAzRkRGTVlseXFSUFEKvhtPjXu6ar5XUNDYpXFZjfee0DNLtnIg
22E96SDJItVyDNh5Hn2JoHu8bWmzkCratBKz3YPrcqQ7v/MzQt6Yhg==
-----END AGE ENCRYPTED FILE-----
- recipient: age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSEpKUWlZMHlPOTlDcXlI
eWk4UTMvanhOOUlnZ3hTMDFVenZNbEFsK0I4Cmw5d2c2RzdVQ2RhVnBXWjc3UTVD
MEwyNEQ4azdxeWJ5UzQ4SElIQUZuQUkKLS0tIDhDc2Q4ME1PY2w0K3R4VTQwZzlW
NHUyZGsxRThzQzNicGluZXphYnlTMUEKCIO6j9cGZv71vF0RLfoj73mIpT9rwdd5
ph/2QGMEX1/VXIhKY0G+JFb5xtyC2cju6S9RDOEYAhZ3ttvOYHAo+w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-08T15:01:54Z"
mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1