From 466f5f1e9095dbf21f94299bf697adf2f328c2a0 Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Thu, 28 Oct 2021 18:15:24 -0400 Subject: [PATCH] Basic configuration for nki-home nki-home tinc working Don't route tinc through vpn Don't do it lol Integrate home-manager Merge nki-home/flake into main flake Add MacOS clipboard compat Make VPN input a secret --- flake.lock | 105 ++++++++++-- flake.nix | 47 ++++-- home/X11/alacritty.nix | 5 +- home/X11/default.nix | 10 ++ home/X11/packages.nix | 3 +- home/fish/fish.nix | 5 +- home/osu.nix | 4 +- modules/my-tinc/default.nix | 7 + modules/my-tinc/hosts/default.nix | 6 + modules/my-tinc/hosts/nki-home.pub | 24 +++ nki-home/.gitignore | 1 + nki-home/configuration.nix | 246 ++++++++++++++++++++++++++++ nki-home/hardware-configuration.nix | 32 ++++ nki-home/secrets/default.nix | 6 + nki-home/secrets/secrets.yaml | 27 +++ 15 files changed, 496 insertions(+), 32 deletions(-) create mode 100644 modules/my-tinc/hosts/nki-home.pub create mode 100644 nki-home/.gitignore create mode 100644 nki-home/configuration.nix create mode 100644 nki-home/hardware-configuration.nix create mode 100644 nki-home/secrets/default.nix create mode 100644 nki-home/secrets/secrets.yaml diff --git a/flake.lock b/flake.lock index 2d02f58..a556391 100644 --- a/flake.lock +++ b/flake.lock @@ -21,16 +21,35 @@ "type": "github" } }, - "home-manager": { + "home-manager-21_05": { "inputs": { "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1635123562, - "narHash": "sha256-kYuwQqHXDYxy5ijpm8SvCoPNx0br1TpoWeTIOEwOYvA=", + "lastModified": 1634544068, + "narHash": "sha256-RlRQBaAHfdWqfRyHdWuDPMkplBTYwuyDQqDcNbP/Sog=", "owner": "nix-community", "repo": "home-manager", - "rev": "da8a78eec9f7adb57f9e961d1da64805efacff37", + "rev": "ff2bed9dac84fb202bbb3c49fdcfe30c29d0b12f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager-unstable": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1635473360, + "narHash": "sha256-sxb4xuP/9f6z29y4Sxzk0g6gzFKUX9r3vNzga/pCROw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "cf4866d2187399117d3aed47a58e6f8ef58e5afd", "type": "github" }, "original": { @@ -41,11 +60,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1635268020, - "narHash": "sha256-oaWU7ZvobClXLrQGj7Xvjs2vSlItPFkw/usKh/2c56Y=", + "lastModified": 1635471979, + "narHash": "sha256-qlpiKdJ5gF7hU1TuNoz4xTsroUSrdErwovu3rD5cy2c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89a27a2e6f54993224f804e50a29e48b8c83d1ca", + "rev": "3f33a306a55bd7ecedf586a627063a211ffdc6f0", "type": "github" }, "original": { @@ -70,6 +89,20 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1635471979, + "narHash": "sha256-qlpiKdJ5gF7hU1TuNoz4xTsroUSrdErwovu3rD5cy2c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3f33a306a55bd7ecedf586a627063a211ffdc6f0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1622516815, "narHash": "sha256-ZjBd81a6J3TwtlBr3rHsZspYUwT9OdhDk+a/SgSEf7I=", @@ -85,12 +118,64 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1625223284, + "narHash": "sha256-jjLcDSU1rRiJb+n3uez23XAa7kbnPcGZTa6jIKh1GMQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "357d2c8f6087685fe35cb1889a005a4dd4cce7b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "locked": { + "lastModified": 1635473664, + "narHash": "sha256-teOeaFqN6gpUaOaU698Ux5GV/mcFwefT/8WbwpdjRKI=", + "owner": "nix-community", + "repo": "NUR", + "rev": "7d89d7eba61c4fa1a482febe0714e43f3e022bec", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "root": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable" + "home-manager-21_05": "home-manager-21_05", + "home-manager-unstable": "home-manager-unstable", + "nixpkgs": "nixpkgs_3", + "nixpkgs-unstable": "nixpkgs-unstable", + "nur": "nur", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1633273832, + "narHash": "sha256-oOjpMVYpkIUpiML61PeqTk+sg4juRvF7P6jroI/YvTw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "2e86e1698d53e5bd71d9de5f8b7e8f2f5458633c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index e3c7bf5..f8fd8b7 100644 --- a/flake.nix +++ b/flake.nix @@ -1,32 +1,59 @@ { - description = "nki's darwin system"; + description = "nki's systems"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/21.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; darwin.url = "github:lnl7/nix-darwin/master"; darwin.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager.url = "github:nix-community/home-manager"; + home-manager-unstable.url = "github:nix-community/home-manager"; + home-manager-21_05.url = "github:nix-community/home-manager/release-21.05"; + sops-nix.url = "github:Mic92/sops-nix"; + nur.url = "github:nix-community/NUR"; }; - outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager }: { + outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager-unstable, home-manager-21_05, sops-nix, nur }: { # MacBook configuration: nix-darwin + home-manager - darwinConfigurations."nki-macbook" = darwin.lib.darwinSystem rec { + darwinConfigurations."nki-macbook" = darwin.lib.darwinSystem { system = "aarch64-darwin"; modules = [ ./darwin/configuration.nix - home-manager.darwinModules.home-manager + home-manager-unstable.darwinModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit nixpkgs-unstable; }; home-manager.users.nki = import ./home/macbook-home.nix; } ]; - inputs = { - inherit darwin nixpkgs-unstable; - nixpkgs = nixpkgs-unstable; - }; + }; + + # Home configuration + nixosConfigurations."nki-home" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./modules/my-tinc + sops-nix.nixosModules.sops + ./nki-home/configuration.nix + home-manager-21_05.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.nki = import ./home/kagami-pc-home.nix; + } + (let + overlay-unstable = final: prev: { + unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; }; + unfree = import nixpkgs { config.allowUnfree = true; system = prev.system; }; + }; + overlay-needs-unstable = final: prev: { + # override some packages that needs unstable that cannot be changed in the setup. + nix-direnv = prev.unstable.nix-direnv; + }; + in + { + nixpkgs.overlays = [ overlay-unstable overlay-needs-unstable nur.overlay ]; # we assign the overlay created before to the overlays of nixpkgs. + }) + ]; }; }; } diff --git a/home/X11/alacritty.nix b/home/X11/alacritty.nix index 2ca309e..0f4ec70 100644 --- a/home/X11/alacritty.nix +++ b/home/X11/alacritty.nix @@ -1,15 +1,12 @@ { pkgs, config, lib, ... } : -let - pkgsUnstable = import {}; -in { home.packages = [ ]; programs.alacritty = { enable = true; - package = pkgsUnstable.alacritty; + package = pkgs.unstable.alacritty; settings = { background_opacity = 0.95; diff --git a/home/X11/default.nix b/home/X11/default.nix index bf8b342..38385bd 100644 --- a/home/X11/default.nix +++ b/home/X11/default.nix @@ -34,4 +34,14 @@ "x-scheme-handler/ftps" = [ "firefox.desktop" ]; "x-scheme-handler/mailspring" = [ "Mailspring.desktop" ]; }; + + # Mimic the clipboard stuff in MacOS + home.packages = [ + (pkgs.writeShellScriptBin "pbcopy" '' + exec ${pkgs.xsel}/bin/xsel -ib + '') + (pkgs.writeShellScriptBin "pbpaste" '' + exec ${pkgs.xsel}/bin/xsel -ob + '') + ]; } diff --git a/home/X11/packages.nix b/home/X11/packages.nix index ac454af..88ff855 100644 --- a/home/X11/packages.nix +++ b/home/X11/packages.nix @@ -1,9 +1,8 @@ { pkgs, config, lib, ... }: let - pkgsUnstable = import {}; # Override nss to open links in Firefox (https://github.com/NixOS/nixpkgs/issues/78961) - discordPkg = pkgsUnstable.discord.override { nss = pkgs.nss_latest; }; + discordPkg = pkgs.unstable.discord.override { nss = pkgs.unstable.nss; }; in { imports = [ ./alacritty.nix ./i3.nix ]; diff --git a/home/fish/fish.nix b/home/fish/fish.nix index 675d156..c13160f 100644 --- a/home/fish/fish.nix +++ b/home/fish/fish.nix @@ -1,12 +1,9 @@ { config, pkgs, nixpkgs-unstable, ... }: -let - pkgsUnstable = import nixpkgs-unstable { system = pkgs.system; }; -in { programs.fish = { enable = true; - package = pkgsUnstable.fish; + package = pkgs.unstable.fish; functions = { }; diff --git a/home/osu.nix b/home/osu.nix index a91533b..e818d6a 100644 --- a/home/osu.nix +++ b/home/osu.nix @@ -1,7 +1,7 @@ { pkgs, config, lib, ... }: let - pkgsUnstableOsu = import "/home/nki/nixpkgs/osu-lazer" {}; + # pkgsUnstableOsu = import "/home/nki/nixpkgs/osu-lazer" {}; # osu = pkgs.osu-lazer.overrideAttrs (oldAttrs : rec { # version = "2021.1006.1"; # src = pkgs.fetchFromGitHub { @@ -13,5 +13,5 @@ let # }); in { - home.packages = [ pkgsUnstableOsu.osu-lazer ]; + home.packages = [ pkgs.unstable.osu-lazer ]; } diff --git a/modules/my-tinc/default.nix b/modules/my-tinc/default.nix index 7f727f1..dc3267b 100644 --- a/modules/my-tinc/default.nix +++ b/modules/my-tinc/default.nix @@ -29,6 +29,11 @@ in type = types.enum hostNames; description = "The configured host name"; }; + bindPort = mkOption { + type = types.port; + default = 655; + description = "The port to listen on"; + }; }; config = mkIf cfg.enable (builtins.seq @@ -83,6 +88,8 @@ in chroot = false; # otherwise addresses can't be a DNS interfaceType = "tap"; # tun might also work. + bindToAddress = "* ${toString cfg.bindPort}"; + ed25519PrivateKeyFile = cfg.ed25519PrivateKey; rsaPrivateKeyFile = cfg.rsaPrivateKey; }; diff --git a/modules/my-tinc/hosts/default.nix b/modules/my-tinc/hosts/default.nix index 4d6d85b..f4f61e4 100644 --- a/modules/my-tinc/hosts/default.nix +++ b/modules/my-tinc/hosts/default.nix @@ -6,6 +6,12 @@ rsaPublicKey = builtins.readFile ./nki-cloud.pub; }; + home = { + subnetAddr = "11.0.0.2"; + rsaPublicKey = builtins.readFile ./nki-home.pub; + ed25519PublicKey = "Ts5OdPtBNLIRfosoYRcb6Z2iwWyOz/VKTKB9J0p5LlH"; + }; + macbook = { subnetAddr = "11.0.0.3"; rsaPublicKey = builtins.readFile ./nki-macbook.pub; diff --git a/modules/my-tinc/hosts/nki-home.pub b/modules/my-tinc/hosts/nki-home.pub new file mode 100644 index 0000000..74c76ca --- /dev/null +++ b/modules/my-tinc/hosts/nki-home.pub @@ -0,0 +1,24 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIECgKCBAEAxL0DTIcnBOhBCMdimixjZmvPdlN4fO+W2bXfYnqQuqZ3eak+vUv5 +Q0fddRIZHLFKh+97gacdoyRxvhGWod5kI0jiLypcAvF2IW/0RpbYMrLZDF/zKzQS +COI5f+h3BjM/gjlkiuPscF2i53HjcytH4OkGbXMnNP0IYalB5ZYCiTveF+caECgO +KyERSPCNwD9L5OXkmIJwh9ij+V5uvUj0+Khweq6f50R23DBmnWb4qmV+1VLCvY+z +qvOkfXW0F06X00oPc9G/rTTLYq6A++/w7slO+fBiQfhw59QHnDcrqbbkaeL+3s/b +haLUNXf47AFLCCKcj9Pg28whMcKRhSW1+f6Z1B5Yn5Ohf2JZnfNTOWb6AVS65rN1 +WkO+Dtc8BBQKC33xcDEcIp6muV2LF2J561zV+Wz5kZaBGEsERo55ctvazRi69MTt +MsNKAIAMZNwv7QQ9+NdrV4ErlydidUXUXLg2VARPhEMi8Jlgd7u7Uf9nnk0sQyXo +ML3HerTfydM+9SE6JtpM71B9a7J8fw4i9uf25PMqTK6GhfJtJmyaB8rp4O6gsrKm +dUA8k4CGBWMi6jQxVksF0klew0vLVJWhA+izR6HwvXNEBTmjDqlEtRBdIVRXEBVf +BiRS0u63Bi/S811KmzPnalYzj9OBHzAdD8k5TfipkHXF50bIi5YLNlSKkUafMXcv +TsfXTVhDpptqwjMC8VddHPug9emavfoDuRpa+6zMjZUdVbGZp2V+RCAh3V9N8Xhc +tKS9tNKX//E5rGpj2LCd4yZe+NPSUEwRk55NGrVXY6DeCB4bdIp/HqMWcsnLCP8I +BQooOfRKwFd78QHkeoon7Ky4yfwyyoDoDRr+i0KhbVJIBSBBhjxrB2yH5s8bKz6u +GyBo9csYoPH0TrrNnhHI7fXOC0I/Yn/zPEhdSnKDIqja/xtqlY4opNR9Ezmi3nCt +EqNvfP8PRYjIGBpy6MfVdVomIPtJ3Y9wBEC29PXjElARGw6a8VR5KWy8n6CLbSq2 +b+iPVb9kP1/R0P9xGFyIbpvcgxAuSCsnwFmYIVUHAda3fd3hSHlV95Pu09QeVrTi +SPNrgbX+1uJ/q3bEFpltmHNX2/XpnKFtd9FqDKELJTyQ1zG15FI93YPO80CPdp/w +9ktj7BnR73Yc8l1c/rBaQ9/V71pnBwrUPqznXo1ilfI4oBcz4YKMqMNDWUCbCcES +MLCiIHqHpodrC09xtldrAd3HyRDNhFsS53BpSKFvjKSKrhwHFN1nSXr5JUTc3Xun +HcIAG0F38DgzvdUf+nvI79pSEzDGG+/jWI3nO9KzHHsxF0K2RBIuxTgmOj1Yo6ek +01jlKDZgPWOs4wPYsQwYo/nwlba/zIm1qwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/nki-home/.gitignore b/nki-home/.gitignore new file mode 100644 index 0000000..c4a847d --- /dev/null +++ b/nki-home/.gitignore @@ -0,0 +1 @@ +/result diff --git a/nki-home/configuration.nix b/nki-home/configuration.nix new file mode 100644 index 0000000..e302ac1 --- /dev/null +++ b/nki-home/configuration.nix @@ -0,0 +1,246 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ lib, config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # secret management + ./secrets + ]; + + # Use the systemd-boot EFI boot loader. + boot = { + plymouth.enable = true; + loader.timeout = 60; + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + ## Encryption + # Kernel modules needed for mounting USB VFAT devices in initrd stage + boot.initrd.kernelModules = [ "usb_storage" ]; + boot.initrd.luks.devices = { + root = { + keyFile = "/dev/disk/by-id/usb-090c___B1608112001295-0:0"; + keyFileSize = 4096; + fallbackToPassword = true; + device = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892"; + preLVM = true; + allowDiscards = true; + }; + }; + + networking.hostName = "kagamiPC"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Set your time zone. + time.timeZone = "America/Toronto"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.enp8s0.useDHCP = true; + networking.interfaces.wlp7s0.useDHCP = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + nix = { + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + # Select internationalisation properties. + i18n.defaultLocale = "ja_JP.UTF-8"; + i18n.inputMethod.enabled = "ibus"; + i18n.inputMethod.ibus.engines = (with pkgs.ibus-engines; [bamboo mozc libpinyin]); + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Configure keymap in X11 + services.xserver.layout = "jp"; + # services.xserver.xkbOptions = ""; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + package = pkgs.pulseaudioFull; + }; + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.nki = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + }; + + # Allow all packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + kakoune # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + fish + firefox + + ## System monitoring tools + busybox + + ## Security stuff + qtkeychain + + ## Enable nix-flakes + # (pkgs.writeShellScriptBin "nixFlakes" '' + # exec ${pkgs.nixUnstable}/bin/nix --experimental-features "nix-command flakes" "$@" + # '') + ]; + + # Nix config + nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; + nix.binaryCaches = [ "https://hydra.iohk.io" ]; + + + # Terminal + programs.gnome-terminal.enable = true; + + # Environment variables + environment.variables = { + # Input method overrides + GTK_IM_MODULE = "ibus"; + QT_IM_MODULE = "ibus"; + "XMODIFIERS=@im" = "ibus"; + + # Basic editor setup + EDITOR = "kak"; + VISUAL = "kak"; + }; + + # Fonts + fonts = { + enableDefaultFonts = false; + fonts = with pkgs; [ + noto-fonts-emoji-blob-bin + ibm-plex + (nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + noto-fonts + noto-fonts-cjk + ]; + fontconfig = { + defaultFonts = { + emoji = lib.mkBefore [ "Blobmoji" ]; + serif = lib.mkBefore [ "IBM Plex Serif" ]; + sansSerif = lib.mkBefore [ "IBM Plex Sans" ]; + monospace = lib.mkBefore [ "IBM Plex Mono" ]; + }; + }; + }; + + # Enable Desktop Environment. + services.xserver.displayManager = { + lightdm.enable = true; + }; + services.xserver.desktopManager.cinnamon.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # List services that you want to enable: + services.gnome.gnome-keyring.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + # + + ## Bluetooth + # + hardware.bluetooth.enable = true; + + # Peripherals + hardware.opentabletdriver.enable = true; + + # VPN + sops.secrets."windscribe/privateKey" = { mode = "0755"; }; + sops.secrets."windscribe/presharedKey" = { mode = "0755"; }; + networking.wg-quick.interfaces = { + windscribe = { + privateKeyFile = config.sops.secrets."windscribe/privateKey".path; + address = [ "100.70.42.56/32" ]; + dns = [ "10.255.255.2" ]; + peers = [ + { + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "yyz-197-wg.whiskergalaxy.com:443"; + presharedKeyFile = config.sops.secrets."windscribe/presharedKey".path; + publicKey = "U5s7Yy/2fCqlaFcI96dFKupqEVCn+BYF04LRLD1zOhg="; + } + ]; + }; + }; + + + + # PAM + security.pam.services.lightdm.enableKwallet = true; + security.pam.services.lightdm.enableGnomeKeyring = true; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + system.autoUpgrade.channel = "https://nixos.org/channels/nixos-21.05/"; + + # tinc network + sops.secrets."tinc/ed25519-private-key" = {}; + sops.secrets."tinc/rsa-private-key" = {}; + services.my-tinc = { + enable = true; + hostName = "home"; + rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path; + ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path; + bindPort = 6565; + }; + + # extra host for my personal server + sops.secrets.hosts = { + mode = "0755"; + }; + services.dnsmasq.enable = true; + services.dnsmasq.extraConfig = '' + addn-hosts=${config.sops.secrets.hosts.path} + ''; +} + diff --git a/nki-home/hardware-configuration.nix b/nki-home/hardware-configuration.nix new file mode 100644 index 0000000..e23c948 --- /dev/null +++ b/nki-home/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/32a74827-4624-43ef-b066-b52e1f11793d"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/549C-7877"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/e08ed857-e553-4af1-9239-40f13d8ea854"; } + ]; + + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/nki-home/secrets/default.nix b/nki-home/secrets/default.nix new file mode 100644 index 0000000..cb76173 --- /dev/null +++ b/nki-home/secrets/default.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + sops.defaultSopsFile = ./secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; +} diff --git a/nki-home/secrets/secrets.yaml b/nki-home/secrets/secrets.yaml new file mode 100644 index 0000000..0c51e21 --- /dev/null +++ b/nki-home/secrets/secrets.yaml @@ -0,0 +1,27 @@ +tinc: + rsa-private-key: ENC[AES256_GCM,data:wBG+XvsW8339nywFsGr+0kGlIvZclz7IAPxjomyrOiQLkfT6+qmWuqLDQZnk+M0M80zRvGPMP2DzvQJ/GO9swVfPpbXw29bmLu1ztEXlAWvt8vwoLGPvKguKy4olskQ6a8zXuA+I7B2mgWMJNeQAh7ZucuELQE4kmIJrS9Pio0nIj7oK6xeKCiCN7pnDVZ71xxA1QVF/0G62WXXOzmsXu7PMIL2LrPqq/j0cV+neSuyo/3zgtr7gn/c0DjOmNByX2Ioc78EVlmAI1+Cbb1f3XgZ5hDDkZV8bBbaeog0mSzlFIyguBPsMe28d1XV0xSDS8pHuWbfEP1dkbGsH9s5MIpUej/fLAal7bhhqLwE9HjkzbCJnG8FWdtv+Ab82lNlByq8AZD4cmysIBCnkf01XHYpPkhnC2UQ25R9qezwuWhP9SECcB6bO0mfbsC9WQhKVraYmGUM4aK6Q/RRwn9VbFeS5OyE8mMFf6ItGhJsK7zx/Q9hPCcdk2iUMFNthEV4LyDaG1DTMBQENcmc4L7jXcrv4hYxMOILau0MDsqaXZYacu2VynyWWSNaHdfvQRlqPWbKElsxOOoWQjfzOtiYICfks+jjC8wy8DPqCWLxFcOWh6eFsN2vOF+Qlzb0EuON2nEgoQ36aMRFHIaQ/tGvzLWNl6RFV83RRHQ0yhne6kC82a7SVK9GkEwLkjSREdC1RrEzii2dAeTSP/8g+vseDbaURg6pimJ/+3fEnIqcSKoelnRubVJDsLAr07f5Y5Z4RU4YHgAPVUWzy2xJ7nZxI10uJONokMZC4RXQOeCVXbfIxi9d88U5m1iOfeOehTGOS3Hn3cblI6VRFcZLhj/Zh2FJoaUojKZJ2iGWbUvbpZzVsBoRR3wBhb/kT3B46B4OKvXRPMgYvmMZf6cnXyD539rOiZlyKYwsmiZUuEn7lo9dTOC5PZ4OXN0SfzMSH30Azo5lrjNTNubu/kuyN82kmLhgTeMWOzXwdzqDxcPR3ngYbtBHskeq9IfC4kiBh+YIf62cHEuSXDyngl5QCEl4x16DCfK+M0cFW7J/CDqO3q9k3S0dbD0CP2VWywOXIwK7ODp+2YJTjHH7dnn8dChwkzbP70E6T2aFN1ADNVvmqFcWxQVNjhFPBjpp0L8xz3IWkzGwKBdCD3FPNjIymOZ4OMwaUJr8DdDEbV1+GDz7cXb9uHsVvvzEiI3InTf3YMrg2CmbsrqKrtuo8s0sdsXQLYxITqAcs+0Cl7y5av19vXtrhdcLGnT+mOKJ0+xFGYxVtiLvamb1B4HB19xeIakclCCc/kMvwfyIM2xo+Rs1ttG6YdeIqCXqhR6pXt/YaaggYkd44iJT5Ryx20dSH4leEUVJyHewpjTKl76zDuX4ukqOUtxhGY0aFM9M7V6/eSBqlvX3zMxAEN/mwXcQFqlKyq4QHJhlwwDfd/rYsiCMXywWKY2p67T4Twtbl3EK8AFm7WNPEeapWsTbmzEhFY4JZjAqZzyeCW7TqEZde8MEYoYG5/34jSpZ6h8xF3FMqWMI/ROCtuw60wcCl9of93phuTxRnCDri8Sg4kuaquWQ8O2AmMYmOgAg1VZ/fvbIlGBlizkfSl3ENqPhNAPYlX7+FlrTdG5UIKfOXChM8pJrlIsuJ9gOYnuOqgeBLeSn44NywUV761PMn0U71fFavxOxz3W72MBQTaOtxccNP4/LSAB8AzXDRYG6Zxou20YLvhvpuxl5S+eD/7LEyI+YTzSKkLdvrww97aSHoEymmT2Y2b+qbwgFU3OgCqzVr7l4QJXlLs0D0LJFbb0jj9rBiIC2wKIFD6fl86Nj8IeUHVPDmPmFw8WV4UboFFHoAIgxFZKiQNv0T2vSTK2ZKO8uIShEBehu2F/z3s6XNG1Z/E1vHvHXJgkhhcqIhMOUu+IHI9KhacblkwStq4bRFIzaF/seSdEKDyw/8ex1UwsbX36aIk63HjxdxHxjQyRXnMkWM1gHAoUMgjRcTl7r43IiEJCkwvlL+mJrEKnAsasp69we4Pgpru8VYWwHx34tgbDRGFj1pkDO+QKRQMlCKhQqYEykqWInpQgZasU32oqgUGzIRRyhHOhJyxBCjgmVGKagxPZ4kkcImmiHRVustzjk0pFnKxLZPmZuf3/+0NYwIv3DgHfmaoBe4SfBjPg2XtK5LbPvnBWoKeMDXRbZJIOQ0CVWlOitf+QN3FehPsnsvxl1nEMMkdUQSLrc97SA3wmwBLlhtZrVQl7/8eZ4jaSOolxC4b+Sz415rD6YD9Rrx3Yj+FWqwRo4Zy9+wp+B36bPWgqZNMj8BBZfyNn8v6wVQ2UHe90hf1dcDXibv7smwHEF2d7D1/dYvHDXEReFejLop5k7NmhJJo+fH9uEJiEk9tsYqGs5xMSMg4mwZ0QI3B5v+DcrBF6Xnjrh8LIrpkMKYz5qoUDqQ5TuoAAAxmRUpXKGBUyGzQ9AzO19glL0Q4lDyIFCQPBB9orziVz38VOeMKCUByNTXemmZI82fMEnYLk0jUfHqcRfYTFpnE3crV1Q2IHMZES4nMAyzUMfv2q9kFM3p9dT0NnXK7Ouo3Glosfcq4fHupS9W6j0O6P5leb+DqYf2GuQ0geVA5EAuTFw91cIFSFguN/u2vukPdVLMCZX9FPLGD41VfCjNbqGtGPCoUB0QRElTUwh5BtMRyUgG+yCp+yIZ1Hiwm+w8P3+U+gKL+IsxVYZq++B/JLXoK/cxGBdBJEKiYCeHAkZYlI5ESFFqrCLEh5WAi50ZtxgkCCGCO+j52noA9aDss56RGVwfbtIKTkvw3b+dte3wfaSCOIGE9iXEL2muXS2QYb1t44h/pUX84t0on41soSa1EsYOMj6wSaCOxNGpJ9FWNb2Copy8WqQF1a5e1Chi6RXrsGBef29dkj5H1ZuOWXFhZSzTGBzNY2r7ovlJwt2Tu/r25+mtMVtffd5Zu1743jNKKJw9DyWC4okso5dIqVMC1TopreVJMPZ+z/iqyZl1ljUqC3lr0jqXJo1oRJkUHHn51ba8zAPi5TzURkK/bHqO9CtlhUU28wd8NoDXsA0RwrDgrCwn0XF4zg2PWtPKUeTuBjdxRixgOQcBKOyl1P2y9860hfh4H2T9V3CFhnd2Jl3PmL4dtGwvlM6iTm7Z/DCw2Z1BWFDe6YSXLkl7lB5iacNZzjH0yuR+8NPxlaAu2UTuUymI1hdxehZ+el3PXP++Gd36dT7GFBQYls2makr8gyhH53jFePZIF18gCwB0YdfQts9yg2KPq6f/OyN8cILD8mxisKnCf9mXVILfFDbpDGJNYukNBPJffzAeJ/OGTof66pD3gAXf3oPG3QePKADmSTph/sWzWzU0jHdq2xQsWAb/Y+Q7giO/ejg7ELeySBtIOkHDU/xdw69FMY8W7Jj/APuwYoHRicg2G9AOgUjRgBHQ0YIQuwTrnmi0AB0jrcWJkU9MOkli6Xy0XY+SpVgzWH8rJ5kDfWNG899i77BEn9JgzTdMhygLR7TgTWHzPlTjw7/Kvb/bxIGbKOnxchwAFkY363gpk6LBS2wpdK62UvGfmUEtoRKKoAY2okFaJQtQMzujWNcOGre6NHxD/3WO/iAo45ssHYP1lVkeRkMHHzw7U2SA4n7JmigxVuLJSNoHyWH2Tgt1OdY/OQHO+/uJJdof/K0ZAfxAABfsVsmUnxGsEQV/aG37TD1tmbwkRUNKgouu2M7mmkRVH8ItVifjsZ4XeaLNVsjjbmT9ir+Kh+6llV5EGrMS++BU8fmDQ4az793gq7m+EKGqUPtIAMJMLV3X3KiekBmJ52U1wDezxtQ58Tqe28Z9Ff23cRTvXKlsqL1fUmlJHQjjMT3ooHSznESHidveAefENBnZHq80I8C39kUJ0EywnVoGWMBfS923Qf6gdBE1Is3l2wXKmUckp1lHZlxZH15tjfpVedoruQ6rAqDmJU9nQh+qZCB/HVUnESnUrqPgAKXumLwSWrmv3lCDeq4hrkqNxpysK91zDDa9qVWMBFY8QchOk9rZWtqyhsT0L8BOwyBVp6oXsk233j3lRJaUvUjgctPjHD3pyZc77pwZK7IPFgLHCvXnrasRoxPOH4lp1vhT39OXZYqIx7aENB3Rjt2jrRXza450hgOu4nefslFQSqS+69Y0JmIB9im/yM0d5LMrefeZxRCFQEdil3c7weXdLL/cz5+yjVRUlTQgYcaQr7QwrdCNCLTAolZKq2JVWs17Fc6uzN3dMPZph/AFKee4/gH0i1jcMAouRq3eZBH6RTiryVpKwJUQwz9n2d6tPRZWaMGLJW0zPcrTElbKXhZ8B7aOn3cR/TujQSQTc6ZaHSYI5bwjBZ74YTfiXwGaWEJ5Px+4P6tgRGd4OuSUhuge3MrG6uV77C7Vvfrf0mFxAj2sx4VhJ5YkEQss+2Rodd1XX7ZsUh3PODY4bfe+XfAIwfQi38AvNU21OpwaI6yeJVCHpjoFQQyiy9gQCzZGHYeoH0HzU9lDq5bK00wFh79/0t0A2iJ1uAudxLsh7Spiicj/TjJNy/PPxb1VH1xvS2+l6hocyStQDKzsClx3jKPfFWeeS1gKIjbmOczYizMU1A+oECjzo/uruzqJS2R69YpBJItkdK6stMyWux6fnssBto2ZFdNePVJseGYq/PcucYxWRBIqObaL8HLW6GoQnRxr6jXwaMfQvSC962/fAbK9h366JMPJSx7rcuZpO5aV39AWsZo4sahsIEcUSu0BABzWeccagc6CfmSxA1bO4lmsjyeidJY/fqFQj+UkfyoqrqPoMMRfN3/vUvk14j4GXAIVE4cFUojKhfMM3y+GngT7IEWRaRqDyH39Ks1GXa6amfGYfVnMGeWdF3UhchrEoCdSgYUkSJ3817ADBtraymKi44bJLX1RtkOEWRZbnRD8Pu5aw348+l1m1iqwL8CjCSRr4LkYmspIx6C1RtorJIOzQmtSTYs0LPMHvFsdbU71+Hgl6N0AOvsjYcYlzy9wPGVM0w24Kj8MCGejgvj9nomtculdgnCME08oC8iWEk4Aygbdp2thM2z0+U6Hp2B0Yr+ZFpk+tFhTWkXwcXjYxUOUOKoour7ZZeIcCZdY7ElGMGVMNrtxOzQdYIZ8Z09Ss+wN5Qzm+Ooafd0pSgpLMAaIRMfm7kqrjg06g5yYIo//1yokQcCI5cfWJq/F9Jn+ZDrVR7Q/rF2jwxfWj2lvYE0wVBKE2u4WDPQuy0iKZvAa9TNuiM8GENUfvwVlCrkt2zE0U5DSbfS3v6/dFkakPuE16bBrpvxpUpKySHvZOUUbK5l6RXQfOcvZzJVJfW1zeY2/lx53XrNTLWFlgnwoE4901qabtqSPTWPQQHZjk1zlghMAGLgmPFRXT+pYEccmTvX7W85ya9eJQWcADpJoZKTQ2jFPWleZ22n/spWyOeM4/mVoMBHO+4fVB2qWC5bdYzz/fZ/t2njff7UFO6M/UVZGw3TPwl/5yFegoompCL5fHCVcZs84Caqexh9M5ao5kqNp4uJal+EX3Jy3nNJQhk0t9j69DumeY/oCWUjbyswopcsZUNjD0bW6d3ofmvTxQCgWrKXCecqthW+1jUPHE9kfihXEUzF3OBOPlF4k5RuCKCe1JHLbtxInJl6T4me5TG64+KtpUlHKNNkY+xeIG/ndPHM6PTXtgTV5/2LYQ2+MmLP0v/psryce3Su0/9aYFIQxw9GfDkoEai5ovM2CauabyTpq9o0fFQlJerzkxPIdxX04UmBYozEIFfKyY6sQcO04OQU65m4SdtMBkpVV3vDjKA19QlxzgbV4X9saiA2NmEGCaQ2QI10rXnhNOv0Eq6p0mIOuFlj4OFl9BXi8lpznkFWh6bphF2xVTF4k3c6V2kS6EXCwgM4pjn1+7e6dudraMV8+9yu5CayooS2IDt/9DKhKyrkm2zxGmyUGx88AWKNWEW3dw7ttWZ2A3CUIFM2RLd6sv62O/RS5e1Huxilovece+ZMNIPs0ZbAqf/nCnDxxHsirrupeNGmuTml0NUI0NZMuDJ9AfH3PSJfinQfNr4AVz4z5cN6/1D6wJXombDMOqj2Vis0Y12SnoOysmHSbnvqZlJ2V0zchkB1jBESRIfoU9rohi+EWd0ypK+jjv/T3Ub9AuhCsOHIhxcUMVIYGfuFHeFOaZIjkedeNn+/X5wg957UpnxjpAm1fhcfTNUwko1MV/6le+tMcNQsXQwIWgk+qcbBu1iudtsguteAn6NwWdIufDGlS6GYCowx9H6hNF83ccP2VQAKo+0vuLVhUfc6KRswt9vXOaQPMUDgi6s4R4H7Cqj+S6DXjuEnDup7sH6Cd1M/Pi300mv3aISmPJN+wua4zlZFMv33aLKBerTkz/DNiY2S1lIKwEel0FmDqB58Q4cezSX8HazCMRlCUpD+bJYogSwZw+l2bgg4Ikh6oOLDB5oipu5llNstNatYpydHpCy9C9c+MKQoVTa+ClkyT/jpFdmlJ1ymfS6vTAjTGixiAyFg5634aj4KQBCWiGMFqEv2/Cw/I4p5jeJaldcNLFUia8ObTl3mHhLDR7Hpd7mNeXzth1HktnLBVHpRjk4tQrSk+Rc3SSeI5I8MQbRAt5IMgmvq5tiUvuZE6h56uzPaJwd+8JUoO1vSVEM/farKfC/KnB8bdlqRRqvkDAs8Ec27XjX6ZWq71wOX4ihlt8xiTg2gasySeV8J/Ymw6Ryhv8dRlwP5ZCYIIC3yD8O+Ja6Brn7iT2oJkE1heXVd2y1v9SiqV3JNPdMoQGNPrTAVSNjUEb1BvJfVF0J64aLJ17KLYEFdspDq6pKJ/XioPFo3XDaq/N5oOkIGO6lmnd8Ag2Gez+zH5TqTlfQVAPBZsepePhxQHdGW1LoSXEXvru7TvCQ/c5rhUKiDv6RJwMHPbH8K+OgRcSg9wtusmxUN5BfDMecVb/slFbyV4Obh+QU3TKPKPS81tXahJ3dObmXDxAYPrqtWC5CNMp/O+QlwtNr172yRkcw6LFIffihEPiOqHJD7zS6fih2exrcYKKmMzS5oUmhMyDrVoI8rGRVQmaqUk0jAjqHAJqwNyOb03ncmI/riq+U07QBbtoGl3VAJn49RNVI+toWu1EielGNB+taJrVN/qwgn1CTSNMUzqSh0xJLeFSxNpXnZaA/mf5IdokobUnCp+mfTO7qgY3sfqKFrhCst7EjMKMgyscaAKBh+DnNIIhX/UhqjoG3RaIQFasgksgV4WujvQhlyaKIMYLfwKcrKyIekcU0PxTZLPiAiTv2lgN1Pb2SFlxnwpvqb3Z1l59xZIevV8dhpWcQBlOFcHez4sZnOWOVlAH1Nq4Ij7qFZU4Q0HfZKiSW8Kl8P6u6JanGYPRMODYU/vZPMwzO3bxA50S0oZ+1SxeuPFWidHPCUUM5pXfkcB4vFao2DhtmwJhh+9pJVCRpQazyyf/cYe2A/B6hQjZIMYwHmo1UVU1VVGp5HYztLJY2a2T8rlt3doWDOLHRDgf6/HjWvZTi47N9dd85f6mwM2NM5eYobrh+WWepXJNsKaAq1i6gOJ/twQIwUO7axkYhW+dRBOivE6vSvBQFEUaSuRGUdSpNpEjTtMuWOeziOH/nYPkMWQzNzsMjcP34yPkds5SKUHvLGOHMV/6TJdLLxZnYgcU5fGXFDBzXgRBAOs/BwaIz3dZEpvGhkMf4FNe4QNaAJ+c7qKVJoOVsj683r9VEipmJId+OSa3d6PYFPuNDxhQoulJq1rOU/rJox7ZgRXeF3mKcikg4P1Dh6Q53Ax1h8PQmTeY38AY/jfSdbME/EeyTNh5/SldDUn5rt4L49+SWe+TtFyE37YbU837+JCLQ+JLB9tQ+SiJjZLAOIHX9ORzZ5QTL5liSgZg+5OovgAnCT/HPM9EVbARBKHlyA2o10J7mmMBYaYkRCUsXNDys8wSRfVgWM/FIRiETL43pkeFyrB2h8B8xqRHpUR/oSFURJdzELQppqiXi/+3/QmdmfnmKiXxjGvhwcFUwgjsJpjChGu0lx/3QrotlJuczLHSVcRXfELal5MSH2NatK2bAf4RrPYG/rwvP8ToIXMwY3unkzrDPRzZ/Y4Aplt0jZLLy18u/2AqXbGIcBBz7Tv6is2ZfeuG2nXcuDRrB42P2+rwsiNojlAtuMwVbupoM5E7pKZbPJiAxRit4PVnO5yzPVgpmFsiSZFoGYRKBUfrcN9mPpbGA7p6juOukzKu6XLf/LAUcH2di2zBFTXeKkj+eJcaSt1HKPl3wz6pagJOBJ7VdcSEtykmnto/CcDaOh6SYmulqk07hFUM8YXOvSFtPREnZMzRxY+khW6z4McMtS0GfLLsoHZpwRlesn8RMd6B85dT/j+XntvvafbzIoXHZvkTUKmRJAFcBQ7LcrK7FApJXTVA85oF0xGeuG2tZgafFNC2SYbZfgAwGguidHGF6yrnVGDPjwCrH4LNbfezMtsFR5TmoHOfo+8LOGLaZ3K0rwngpoW21GPXg==,iv:QnG5cEMf8liLjbp8zv0QCfhOvBBIFx1ZD2YAyGeB2SI=,tag:/yJRGEaEIr1XCdfUhcfKIw==,type:str] + ed25519-private-key: ENC[AES256_GCM,data:5WGmVy8qcJ0PpB9bulJKTVbRA4HgvwC/nFNibd+a2zu6xF18MijXOQ7HRpkT8cbvHmMa959/cb710q5hkkyFIclpH8UGVjAwVXdoYg2WqNuAR407XZRuHLBzrOPeUoPZY21j4TKkPDyh/p/q7RH98SwRuiAiFnG5pgjkpb75Gz1JE6lWyPXmGVLGjsLKf3SQBa5fO5zv3r/wtTrYw0JbBhXpE+9zy8pk+RjpQ5kSFN4A1beHSLh+tB9t4WT+6nMaOvpsYgitMS8=,iv:yxJ52QVdPORtrYofJvCVRU13DmLI9O85m7hRAspl1gQ=,tag:MAJloJw32lyncNc31+mIiw==,type:str] +hosts: ENC[AES256_GCM,data:JIDOL+j8cGa4ymHnAx8FYQr+e5aa2a/iTOQY3w==,iv:GGjoNIFcC3r90gw5QIZ3Mrtu1KO6hqE3cShMk0hKSv8=,tag:fJUIIAcs4JjdgwclAmEhjw==,type:str] +windscribe: + privateKey: ENC[AES256_GCM,data:lELNIGkr6i9LbeOdHsWmRf0Qjb7O2oQUxngEGUDEmoK2fN+kb/ZnLVaarpY=,iv:7evXoxVI0MHB2NHCOK9WS2dAueXIQA6ymTMGkRwj5yw=,tag:PQ9hMZ74C0eIbj/nIGf5lg==,type:str] + presharedKey: ENC[AES256_GCM,data:eZraFKYGNeu0YkIFQ4EnlZU7MkjBkWU5YWmZfDT0x1IvkUwueV7algeC5eo=,iv:TAUzLVnLAI8op3+OKCA2g02Px5i5fySgUV5iuIUGka8=,tag:Bsntn4O6h7+TEvQVLgQc6w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQlVuZEFudzBBdTljY05H + ajJBRzNEWFdGNEcrWnZPUlBPT0VBYjBNaUFFCjlTR3dCUUhhSGRnK0RiS0VXUnFk + REJocU1uQmFrTmRYSVpHelRsaGdrWUkKLS0tIDRFd1RhR0RlMGMzTTY0d0Y2SHM3 + aGpXT1JkSTZ5dWZLMUZVNlR4NVUvMjQKRAM+Lsj5gH6WLYX5NPW8Mh6iLq6wIl7E + 0i1ql90F2EGFDii2g1rJLFrsarM3yYWfsaQGcF3BMiJzHwnh5zuEfA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-10-29T03:34:42Z" + mac: ENC[AES256_GCM,data:D1wOdPwPaSOXuzz1H/L+zt5tl5tELcq2N/Axr1OfHmp7MZcYc0bwiNURHYovO+19bxcdaqSdReFQ8aWwrRB7nvH9MJEDbryAzhcioeDN2ekTmcmcrBW4ehDjwAT4pr/jYzUQWvyoP1g94wuIcJZiGpDVNelONy6Iy924BJsbw5w=,iv:ISNUShAk8xt70uU1fPQx7cT2V0GQtpUmuvaQEgRJBUA=,tag:UL9o6MJ908bF8VGtvtaYPw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1