From 52d0f60f195c7bef6f17e358d3e04c71090eb432 Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Thu, 28 Oct 2021 16:07:49 -0400 Subject: [PATCH] Basic module set up --- modules/my-tinc/default.nix | 89 +++++++++++++++++++++++++++ modules/my-tinc/hosts.nix | 23 +++++++ modules/my-tinc/hosts/default.nix | 10 +++ modules/my-tinc/nki-cloud.pub | 25 ++++++++ nki-personal-do/flake.nix | 5 +- nki-personal-do/secrets/recipient.txt | 1 + nki-personal-do/secrets/secrets.yaml | 21 +++++++ 7 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 modules/my-tinc/default.nix create mode 100644 modules/my-tinc/hosts.nix create mode 100644 modules/my-tinc/hosts/default.nix create mode 100644 modules/my-tinc/nki-cloud.pub create mode 100644 nki-personal-do/secrets/recipient.txt create mode 100644 nki-personal-do/secrets/secrets.yaml diff --git a/modules/my-tinc/default.nix b/modules/my-tinc/default.nix new file mode 100644 index 0000000..1020ec8 --- /dev/null +++ b/modules/my-tinc/default.nix @@ -0,0 +1,89 @@ +{ config, pkgs, ... }: + +with lib; +let + hosts = import ./hosts; + + cfg = config.services.my-tinc; + + hostNames = builtins.attrNames hosts; +in +{ + imports = [ ./hosts.nix ]; + + options.services.my-tinc = { + enable = mkEnableOption "my private tinc cloud configuration"; + rsaPrivateKey = mkOption { + type = types.nullOr types.path; + default = null; + example = "./my-key.priv"; + description = "The key file to be used as the private key"; + }; + ed25519PrivateKey = mkOption { + type = types.nullOr types.path; + default = null; + example = "./my-key-ed25519.priv"; + description = "The key file to be used as the private key"; + }; + hostName = mkOption { + type = types.enum hostNames; + description = "The configured host name"; + }; + }; + + config = mkIf cfg.enable (builtins.seq + (mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (builtins.abort "one of the keys must be defined")) + let + networkName = "my-tinc"; + + myHost = builtins.getAttr cfg.hostName hosts; + myMeshIp = myHost.subnetAddr; + in + { + # Scripts that set up the tinc services + environment.etc = { + "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" '' + #!${pkgs.stdenv.shell} + ${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0 + ''; + "tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" '' + #!${pkgs.stdenv.shell} + /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down + ''; + + # Allow the tinc service to call ifconfig without sudo password. + security.sudo.extraRules = [ + { + users = [ "tinc.${networkName}" ]; + commands = [ + { + command = "${pkgs.nettools}/bin/ifconfig"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + # simple interface setup + # ---------------------- + networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = myMeshIp; prefixLength = 24; } ]; + + # firewall + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 655 ]; + + # configure tinc service + # ---------------------- + services.tinc.networks."${networkName}"= { + + name = ${cfg.hostName}; # who are we in this network. + + debugLevel = 3; # the debug level for journal -u tinc.private + chroot = false; # otherwise addresses can't be a DNS + interfaceType = "tap"; # tun might also work. + + ed25519PrivateKeyFile = cfg.ed25519PrivateKey; + rsaPrivateKeyFile = cfg.rsaPrivateKey; + }; + ); +} diff --git a/modules/my-tinc/hosts.nix b/modules/my-tinc/hosts.nix new file mode 100644 index 0000000..1d65e29 --- /dev/null +++ b/modules/my-tinc/hosts.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +with lib; +let + hosts = import ./hosts; + + cfg = config.services.my-tinc; + + mapAttrs = f: attrs: builtins.listToAttrs ( + map (name: { inherit name; value = f name (builtins.getAttr name attrs); }) (builtins.attrNames attrs) + ); +in +{ + config = mkIf cfg.enable { + # All hosts we know of + services.tinc.networks.my-tinc.hostSettings = mapAttrs (name: host: { + addresses = [ { inherit (host) address; } ]; + subnets = [ { address = host.subnetAddr; } ]; + rsaPublicKey = mkIf (host ? "rsaPublicKey") (builtins.readFile host.rsaPublicKey); + ed25519PublicKey = mkIf (host ? "ed25519PublicKey") (builtins.readFile host.ed25519PublicKey); + }) hosts; + }; +} diff --git a/modules/my-tinc/hosts/default.nix b/modules/my-tinc/hosts/default.nix new file mode 100644 index 0000000..d919e7d --- /dev/null +++ b/modules/my-tinc/hosts/default.nix @@ -0,0 +1,10 @@ +{ + # TODO: Edit the list of hosts here. + hosts = { + nki-cloud = { + subnetAddr = "10.0.0.10"; + address = "nki.personal"; + rsaPublicKey = ./nki-cloud; + }; + }; +} diff --git a/modules/my-tinc/nki-cloud.pub b/modules/my-tinc/nki-cloud.pub new file mode 100644 index 0000000..4703ac8 --- /dev/null +++ b/modules/my-tinc/nki-cloud.pub @@ -0,0 +1,25 @@ + +-----BEGIN RSA PUBLIC KEY----- +MIIECgKCBAEAxwaMWpHG9ZK33q5Q+Ug7wRowK5CTgBlAyGCTmyDjRwMA10qQQB+U +THW2fm3HFgToeHpxXC5Ja76hSg9JPew0/zpdpmBn3Rmh9hF2JsqJ1JuEm0Ce/YyB +4OHLPgAZ1KKBtL2bgs2ZTB8ssG7ZIxNEF4t2StYQV/yEAQD4tIhro4v4MoFlLnw4 +2bxbm+vfxMOC3U9q5G0nryxZDChOcDbtC984W4lFxPShIpKEz09zvnkCDRm7TFxD +mk7lw3dvM392dbQtcU8JxzSE1TdnkRcJxE1N4A2BhvSD1CR0FomvLDzf7PkcICN1 +nmwQnptyjhBXU6Rs4uvBCHy6pp420ypSf8ryG+gJqbk6Eet7pNZKO7GSDzD9Quor +Gd+8X55cjB+7TZ42Gy8FL7fS72Gb7m1XMzXFH3YHBCy8wKDpDhWzjFT5peSiTZ7K +1fFECEyQffMG6o3ax48/8gTn5uezkjBaiOIeb9hcaoyU9pLtF8toL8ZYG9gOyKov +YPJthdpV4sglpORAOs61kUtLgR0ZX4iM5BibPVWLZ7fMIk1/xT4UC8CcYUSs7jib +8cx+bpuIehpIEf+biwmtv7IYgOKFXhsM7P1y49VOIXDa1xr/9IXumKQMRWmQ4V// +JzBoRwcB2vQPOG6yLQqpx14arlPfD0W61RUsnI/mmXPA7t1E0g0tpyPtPvDBXlqi +jPL1NQli0fyv3fD5qmn6KJag9pOEMvdsvL1gD9wyZbM66uoi3BE0xmUOKI9gAz1Q +sFdpjGq3NHaZmCv8uhywe1aD6gh5fcFXr/musU87HIRi6NJDMt3Njz54kjnSlayH +cr4hTkiQy4/N2aR5ymIp/OaNQGgogMv+SgEOwaP4kPdDGDwVYiXwr6ZqIoO/ZocC +0BhS7RQ0SC0xGzJWCF6HLyjEPRmhQ7UHnuv+cPUnx5R0nJogCvCBUyZlKszpa5cF +lO6FaWR9qhtmn6TcfqtfDIcuU4b8ojUAaqQVfV6STZxWKC3KS/bimJrOYCGhVl5c +z+vQMQN/CTP1RNoMfgBSbYdgfeC1PZAhoVEaVFOkEeYmmPvidXPVnWSO4UHs7Gor +wd7lKxVd63lZ5tGXsAO9j8h7cn4J9YoBuQx9jEDBsTepd+CeCkIVHrf27DU2QQuE +Xnrx5ek9d38P1Wvtze5d/KcdjFHmkBlv85HvT3A1p8B4cgA26NQz25Rcil2RTnGG +igrZ9FfT6COFaFkM/vXR2/3nPQiL8Y8QcKSqAC32OcHaETd0vf6jVcHDS3OEhO8/ +SWQT4wG2UNysNdVIcvkGSycIa4+fx6lQ+jIe/BDxNUAcGAmNqbF5aTAILFxxFbTN +qu6wIwypM4EpfUHrOslyx00+PZGjVR3azQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/nki-personal-do/flake.nix b/nki-personal-do/flake.nix index c229f9e..dfc92c8 100644 --- a/nki-personal-do/flake.nix +++ b/nki-personal-do/flake.nix @@ -8,7 +8,10 @@ # DigitalOcean node nixosConfigurations."nki-personal" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./configuration.nix ]; + modules = [ + ../modules/my-tinc + ./configuration.nix + ]; }; deploy.nodes."nki-personal" = { hostname = "nki-personal"; diff --git a/nki-personal-do/secrets/recipient.txt b/nki-personal-do/secrets/recipient.txt new file mode 100644 index 0000000..37d7a3a --- /dev/null +++ b/nki-personal-do/secrets/recipient.txt @@ -0,0 +1 @@ +age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36 diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml new file mode 100644 index 0000000..d42a22d --- /dev/null +++ b/nki-personal-do/secrets/secrets.yaml @@ -0,0 +1,21 @@ +tinc-private-key: ENC[AES256_GCM,data:0Q/NpEGHI3zBPh1TkJAatgxEoD7yDLZqA6s+8a93j8exNnGLBny1/rOGFaV//Jrbr7m0McRebEFhv25g/aRpl09U5RAW9wiBiN0L38WTWuO4lp+cQyAeYNE31G9v/COkk3lCqbP+uW4K/xpVgnAPoYjVGvwa+GE+FBxPWyYTbrHOF//jqDFML5SyIhCUKgmKSzkqxM5VDanXdTR1AUoczbSxu3/KHCHw5L+j/O+HJurjosMkxtxp0O9yWkwz59jXj9+ms9Zfy6D3Dl7KRZfruWAegsVwgiJqLnThQLPjAg8/Dx0RK8GNUnylORSbhg1aJcwP8Gf8HkM3rHbd7tR6xIfn4fB3pfJnuYdTMXwhyDDNyZAz1LaGfruOh1Lgf/egHf7Xw0pMRQlGtXF5qYOVDKF3Vpi22bl/1wD3rgXWMBIgPnZ3Y0WfSse5mx8oSzQ5W0Lo+0EO4FxGwH5TgAyW9V9wEJvLRGNM7WLb2pAA19h4T7LBAdr7I2iaTkEsf0q65lVeh3QZ8wHtbXGq8Xa8NvE64wgqZehcZasKU4+Cqy8e2eZT3BO0V1fYXRSirO9uo9dmVToh2RoEUdV844N+gt2AttXZBLnUrMCSph26PZ2WPaiiUgCdB/qT+/9ErLlpa4Bud9c5B5uZT7YpxLcUyJC06Yu7mzlXLL1bqBFHFJ37GThj6Eb2kzqyA2a8Oj9vKbYXpMSg0j64VXUAv8J3ydFQie4NB9GlcyZqKf91t59ARXuMCwNqh4DsrLgvy82GbeY26JWT2viIsn8aMZAkAP26RIa+bmYvGksEZPrP0fAUQe+Q+BUgzKhoBFvbrqAyoRg3+lcSfV/A6o4l8dcMYRxO7eQkjt7eEzmEZRl+Tbr+o6nfErQQaQE1AxNeqzaRoi5lcajl/DazQvWRGgv52iYqCsFKwPraEqFhtA4wRznQ9suezHV6/uyqb8Ii3n8cMfQ0gvLMnHST/rSL9nIY86udyF6eZhH58DWfHH79rUw1qwmYoU++62SyyTPSUb3wzMOaoGQs4nN8m6XzjpiqflqK76aod1jHmKHqZQMij6vQfhLRMyU4TyG5dsZE4fMb14RdJvX3kFifwiJjNkfZbTz9QNZGrwsg4cYCEEKxYavUiay7JyUqbf0F477Q9W80knp4DCpEPpuydezT6eaTm1Zf+1knfA823NUs+n4GmS8LsVLHkQLtBNLcMExXVtS1dtaKQiyTJuqgcJ14B7nDvwAzZ6MFYZZEu4eQafnO4tCkhOqwO+cD7XT9Fr9kTfmjMIm4ac1RHf3SmYQJAHo4MGsadi+TdHxhtaszxW2dmZs4eBb4/tK782i4vOAMvB5/wb+0wZMesLk5Bo8r4suDvFMK9MdWd30HmkMHpwO2v7FhuCy4x14PjKLuDZdzeRUQ0+v5TMohcoTnvhPuRZ6XGGW1HUB9IDkD0XnH6eK11ROQR5pCgsVPQeJyYphVT5xCybLPLejvp2cpJc7SZ0Tg2S99yJp+5hS0RPf7G4AKeA65qtbwfMbZi9VwlmQjahQz0HsCDikGYpav0njqLViZ9Q07F3KFkQmemzBsQgSCIgij4Db57RrwWv41vFnmUwKmAy2wh2I01EhfQ5pfQr0RKxxsjFqWoyLW3yj0Gaolyc+xj37DLjmpOnWQMKumKBDr/FPS8IXVTLN+YplvkzG9lMZ38iQOJOlhVQaGas3XDk4N5YbAYDLysnmK7GT7P3t75HlaR5XeDAH9a4Lxo+wHsWxm00c3gWKIG8LNL0AyCEpGcsm8NEVtjzf1A6flkryXALiQAizMSlNzHlm3QqUe+owhgYBG9sd+Lao6DqNWaT0gHx4Sj1zu+wvr6xGVWturTgQWj2Yp45mt4u+KXla2otv+JWW4RKpYpVMtrJqWk9CCuTLld1riW7clT4E+FOMwAQx8kOskcqquUzLAb5bg+0BmZjXQhHJqiD97aRMoyGL/JYYoZaOUTlyEByS0pAJjcKIZkElvvsCoXQLUe1eMoAstQyPwwf6y/ygusUZx9Eg1rVMD813aBUWVe2rtaKxkT3s5Bd+nJXGGycUURTtd9W8dYiSRMoF4WQJQqDRPAT7qjE7YRaFGYL5H7XxZexUE+AcN3UgHwqHJRQj3Cp24hMOuBnJ6u6TzjPoJsm/7nKd0TIwNqEcy2I5boap/eNef6y3Jb6PLYbh3ggRArihlYNkyJt+md5b0jCi84dV61cQsRAY3jqqWsOfoKN4cuMimO7tB8/vMufy3DrTYFotKtibGvxne5CyvStymbzPDLspzrsJgxFJjBPVogJ68ZCvDZnnI3VxvbsvXRaWP0AJqpAS5Vcr8Xfg0BsCJXYyGvBbxRr9mBuj2VAS440UeA7Rv2WU/E7QKfchmteJWs5QRtASLhRrf5RcUA5k64L4k/2YxNIpHCVkEBMUPBs9PGUxOpOnkLu4qRhwyfWiQaAH5H1BIxkGvcwSzBcEbRsWWrhBU0rnvpVQSCMnbo0rAJJqM3XhJvnSgtLHCgISt6fX5L3tV5nvATBSeCLhJDFZScsra/al6S17cnRI/9VO/8blAkN8LkK/mT0rIww62sIxmF673Ex0qL4XIaYJAR/AuBnYR9SmKmycOCnqDpQnZNfXanvqoPRiAZRaqDih34ZUpW+M7BWKLY+QubfoApfDE5UOB9G4fJyMaaFwKGgzRTgokSWH0MTDDBnSkRJVpVmoOnor0er05d+441bIdzvicWpKxGTYyoXGN6B+sjRSuqqSt2ZOx8YgQ24YnULKz4GbYydvUbiTVqUpiJDwELRvR+invsbHkI2l/5QUzlS6DpD8CNz8TL/lVYIa0EXSlYuC9tK9ZjqOvTaikAEJQbj3tADfpBfFr1yqMTwNCMk9Bh/etn8thUAUh9BudPbIjIcgNG7TIJYTNo0qa7v01/bCEkV00mNO+437/DdMNOo+yn9GNv4/5B+9bfK2LMCUJD6Q6BD0FlKMXF5H8bqMgcvUu9Elf3bf7dOXP/Kft3qsWKg4B3L8fXLTMkjTGfkBDnWAxkZNXMP2EqXZDNMqX+lFebDmBeKuvU8WJF+gdFzpsGFkolLttrMGbfhU9BwYzrgPU+SfoGRSu9TSNDgNRUioF0CySGs9MHwKRGvKfj6hMG77p4W3YEHpwPpj1qSF3RA/tv3XOL3wZ+PMukmoHNTHGnsWJcuiGaofd04QNDPVxC5binhb7c/dLJNtd4+BHH4Ej0Enjb1sdVR4kaOG/SY1m2+B9PPgb8HOtlbX1ybSwCIP3csHsKYXGpyZEMft9TiFdFBlmE5qqF1Nz+EOy+GzPTwIgLLjbPASH8b63nKM+GZisXzn2Kli9NUc3LJEzGndz0N+VVTcbE+FWvlSVk5+iRYkziKP4HxRhfTte01jYnObCrTG54+aFqtBFP+LozBa28VXvIHvoFsygOSiow4wu4KIRfHmaA31Z2RdKoH/D55+LyZ4VOxdvjT/j/DSjfj4bgQ1vKzsydldSW7iipF2wwCj4OaPQkZY2xQxP49WTta9txnCQirqDoYFH/sCzvoTYnnLZEP2jQ7N6ZJHDfmre5wd3ktX1jK0en4vXWsOFxRxzS05/ap+z3Ws1Dvqc2ZKhO8jTwHd+YASvlRsNfefXM/Y5+Ep6RHGs2ImsP8TG82wasANjabbwNgWi3RAZX6dH+k3j+3YPUsAQVbnzBk06kR/6bDZHX77jklRbrGXn425rLu9jCScgPwN5LurYqBnT1JCfzdD9hAz2XYLNDBeRabKiqj0WHgb1kTZ9Pg8m7vwobDVvJpQcG/KvYyXIAzJmSupxZkNzuZWd2N9CZ115FVFcik/96uv1vWYg60TnAjowzh9OAeqN8R4xrJQ2FZl1GWuS5BX+fxr8l2YY2x9MEsk5g7fF5LR2jR/fMtjVEntXsHJdZaeo1xAgm97YHFP0RwBZXSy0mXKnA9Lv4L7jfGLwrtAIHT/mQ0xB7uoNMRsOFh0Xe5AVw4nLL4D3OnPgISpE8CbEnZ+0uI7w6WTocOYk/MKO4dz8XfVLVPTWqlp20ti+z4zWahEfE88TNgySigajjXRs79LnKUIMVnrYQ4h6msI/9rPDKII8gWYupUU6pXun+Ha7OZiruX531BFHxHL3NbSeQ3ziGpBnUQVFDjmo7KDdE3frFb7m1ivg+UcBxcTiq6VsTkUX/Lmv8e8zaZiDDV8r33VzG8OF7y92fhS9kU5vXdetL9ItrQxL5GJM6euda+0sQwqfgd4+ZZqn8jikRD7MLuPZUFm0wPJlY/kWsXDj8nVvG8Ght9i5ijoBO1PRy7q71WOsUXWUK3Wo/3G1GmvOHvjGC2XKk4kXxLcHjraCEizp3W1lp5Gqa/iLICvfTwLY8PysY2AYaDWl2xHkcR40XGIBe2Dt95FokWBxil/MJwRi0t9MJsg5E4SEf8RNpd4Ytymt3kHTpXylNEnmRyy+lwyIBABWk32YI/xmGTkAt76/dV1VRUhXJPs3UOFjkJfpwkIXMxvYbRPqTj1IqO3AsPCosAyQrjZKP+xSNWKA2MKMETmiFQVcXLMVk94ausO+cmb6RTB95ZPUbn3mfNjVqjbOFra7q7dR77ZLK6srvaXw3GuqjE5ZSoWACdvQLO1lhUlMAzYoU4vi9guat8BLkub0ZhzX1irSyeXNlZMkiCmY6YLK2p1ZPEBp0w3k7wkELcWuItmtYNCHf0R4r9cQMNKmLk2qDkqb52k+VLAuqasgwq3vFlxuGpzOptObvQToVs3CCguPLsl6m7h2o7+CbLyMuhF6m3idbK8HheZYR4bZHnvuNRn53/Y/CHnNUa4e9eZOnawOJwzjfgWMd7o/rAYoEe6SWgev2cfaf0m7dPJ/VCzVJ8rWLjYWrWw3yHypQemIzVN5igZ0ywLyj6S7OzGCYXzAo1Smty0Q7DtOa6yRX4ezPLRqTQ/3TO3HQdEei+3pVz6cT/lGd0mSqtm2zpCOch2pkP14eAScl1sJH8B+a7s3Qk0uAE0I7uwy5lCgvrV8dfOtilnBd/u1TQRnUXiT/wn9UJsCB8sPziuZG5Uop2cfho9O6HnIT4h1J8FQGsY0y56No161KI0knhp2wkFBHGLUJlt2+y51rWrzD9qPFE5U7Eigu+RvuJd8cxELSntO3jdwWI5o1HEFrqCiGSQLqRBzhr0WwkIRZGVZOYZVWzOiDdsX7I2MUVQEen9+8rFJWpd6xdVHRkt1GXd+1xdiZg3/0W9001WGCv4BhZzlxTrYP0fO3xnS6xqXLB4GhE5RhMDh8Yc57FAQkeoSB/8fyrwQTGePlQ8qJZ/YY3ospVAUbWtz+pw3peokSYrtIbY4NFePj7mZihS+PWdKEPJEQ0c8EkRwLlVnOc9/iVXBml4Ya3R8zKbNzoUi81aBJV7h08daQFoDepmNu1ikC/w1atP/Kv8fj324PgaQLbLhAfTMQ1ET6mZG6Xj3BLQ6jvadnc7CEKZ7hb3BD5htbcQd/sTX9AH5I54RYh5h1rVD0/XL114R+Gu4Ng/PIgCRtcOB0G/9qKFxdj6B3KKgXdISayiNM/9UN9/jCBsKTWyz83JzX5o0uB7sTe+ewN+uoOul1jT9rCZtX2fOQTmKJ1h9Dtfo+CRv13EWgq/kd5CARaXzCltPl30VFoYtucPs/fGvE/wNNuXy5UR91TEvqQoYtcIGHloywvz10XnUqamBLP98ftYNA2gDUEEYG5yYxpaslOn6ph5hmWc2cU2OmTKxwkRd7TnJCX9vUSswr7aE8jURVAS6dq1CxX+5B5Pg8u4jG1w/7oYZ64hGdvqLVrtaoqtAdIT61ZLaejMjr6tOfCyDmB8E7xsYbiYE2vYlbaGny1yfGNu/AQwu9SEkBZOcN+S4SJHTZA6SnMBDn7Br8HKv7eajsYBH6kJJz4Rg4ZSrqCnzUuYbx2IzCra8jSUM1CYH9csSIlBo1fxBWXrIfl+dm1slqLa3FaYMml0z94haTOxCxRCt5YGZLM74rcuSW13TMf4hNvenf71SMNH86WB4c/Q56waUi+y/9Wcc6LcOZNPKh/20Zz1u10wBjsMo6w0diXDvuLQEpd2oAOyNUT+pm/iXjBMmhQX9Tzr85tk1/43wKMOwZ72BytR3mFGK0tyotNIHKjiUc1Vra3lOlKasn5qPGK3loDw3kcfBCLd2dR/jqNDnommrlJIR0NrSZ/MPTzUh67ffE3X478mof1s5cgYInTk73Z+C1Y0D4HxWPAntrwIf201m/RSZXKXsyk56b/Jqwu1kg06NftL+dDzhab/hfgrB7mITtOqTlOULP2Nf89DuMHwLwfOLItgRM3gKYdd5ZhnJjZpRVJKfFXmy8LSDYBXviVt3hFR35by/ZKMPSJgQguF1lAHuvbo89E6x7HiRf5j8wk8E7UJwZE+IA4uf+Q1qw1XtSYiJhhl8XUYDMecjSPhzvZVOTsTsayVTN0AtJ1H6rqtHGKNRQHzY1Nx+acmt5eSywh+nzcJuFPj/qeeYSUKExp0CkHSNoVKGtR02IH7gJhn9jroukedB1f9MX99zj530XwFzpXqKGknM7Wwd79wQxqKbl39SKflhr2v5ETM8+kmjMOhTePq6FWNaO7Wej3wDUIAQI9F5kPi8g9VGqlZRU7nHb+k9BBPr7EO+t55/b9KBeI5DJkjNMKWm3rj+dSo8R69EPU6pTAE5W2QUB6E7ljTgbPHWdeuadoV/2Fz1e/kxjRv5jQAYoKvK8HWN+6/eMBtYyBgXBc7cNO6hZ8eT7DxedfB6O5+SX4E9QMCkpRpVnOyCc/K+KxR8y0odZ6du9xCDuM1pmhCjkcBeJKqhkoQ5bvJ478B0rmkr3t+2MCIT8juNpK00UUEof7270dXEKI06i5xrjVgK1qRh9HGaRNTVsO0RHit9Hk58aiWsfCmrgpxEYvQsupmfprgGGypPe+bWdPxR7cFvYXlkUG9xg8tABDMkNPzyVkgj8DxKUKBVLJ8iVCoeeUbOJmaD3rtZuHwPaPybWUhmdCNJ1J4e0Im0MyqL2xeXG85BZEypE8oj8gYeEZhkTjUuYPizB2ET7jUU+2wh2DrKwK97NNqbHaIuiL1mgr2/j2+lDMC4xnLR4w7nti4rwO8p/CC/2MePCgdVh5zN/vL0UxF8h6PYTTZV68oNNEzHOuCLeo2XusP2EwNpqjxzaiL1fznBgwLPUpKdRLwdk2rOK+YRKjVBM8sYBHjjMV5QYngvz18Aw3l0l2dYRiMEvQuaMR5qpxJUHCsneUmE4eYyRZKW/B1BZ++J8iGzeGuzCUdM83PO9HuefikyuTcej1nEwue2m3iY+Ng6hCHKWFJSJuFVudgyXCiYS6JYSJVZI7LbjbqGD2Z97LjtzU6y942RyOGlmJBGQ5Q1mHIhfqGMSuDyYj4op0GTxrj2lbUwVbKMHsHg5wLq02vsporJRaqMbPmuO4pfTscMD6gACGJSzZCXC6EpHwabadZ8Ub6fLlZvcRpVojQOjkme0LiRZzct/F6TZjLMLlC0I4wCkKnL8YHGvKxrYxFarlz9T8zhrB+AC7InmExk6uJgZGeMzBz5hpmDmF2seqzJQCDjhURkdCYLqxGAqDtivz9t5Cxzs/h4FQbpO631bAPNZz92PYAcvaBV0TAJR+IJS2U1be09cLcumBI2BlZpdC/atQVqpmJCS9ymCIHfvFRrByIqfC8fITEwOvSX8QBjVuCfDzkKvtTX2O+i+wwLNhvb0FxJ+ZXmGuqfIeqBFAx0aqMp6RZelT1PM7dgOYCH069aw4cH4eqn82CnA8JS7tk1eU7tWKbv91avD5JqVm1tdomTkZk9Kz1HKEPr67E8Ox35MK7nyBKOBmv6Sc8c1CoeY8yGqOUCrgq60MYbGSKdkQPQJMZB9yGv+eSrQnIdPhFj5s1IttLei9jcgljB3oAEcHwIlVce3DvlmXqgExlZY5PYV7znFVM/iCRhzp2sCcp4CR4LPt/g3ENDr6Q0Lo6PVp47zmSi4NR13TeyUNZ90Akh8rhB9pXyGj6QJd8b1C29zo61fPavgG33MfXtkDQjT85HwPQz3fX9A8oUHfjcYmNfKH2X15w5MScg4Skp0nm0wtro1hI49gXCirVfOIo80IPkcZxV7DiKhSuV8tvSFSZKCWTqACTvUXZdeDiC1z2A1G+XAufMdnbPfsscGn0SDWaVviGm9orzRhaW9jNEPNV590VsPOq4lbi5mDNKK/z2WAsRDjg51jLKZfVZuwbTGVZ3huW8fFuughJO6sH7TTdLKhxwf53XQf6AJOVNXe9XqDLCx/tPmrdL1s57CAC8Y9KL+SEHOEsjeCJ3g/8a1o+yy0UP2ox7bRWjdzEF/857sNwipP2jls95nk4GghxllkhbLvxgRK7FHR062kT4BahMcQ3TcoEaAYKloIcuw0k6jA2PVWAnXE+rnDT16qcym89uo7ObvByumIUEElL7zdgABWqg9ipsbw2T61yE0mnnSWhAZinQ5HcqXoBADSjZnQD5,iv:Aa/5BI0ldoq68b3aQ5RhTwQEmUldUOBK7LK6Jbq/gdY=,tag:y8pGEOgeeDtiBSd7ZFROqg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUo1WjJtdDhzWjFrM3Rm + QkovcmoxdjNsMXdyaVZiNFhZZGlqOUMvcEJ3Ckk3TnJzNDVBWVFTNUd5RXhlcDU5 + Y2xmdmVjYUZRMXF1Y1RZZDZGMXM3NDgKLS0tIGdreURjTFVxSWQ5ODJPQlpySWxY + NUovcTZlOVpyTm5WWGkyUmdLRUVpcmMK1YIwNE/5avvplxqtUFs1JZn7f2AuTzyR + lRtXUm8InT5GwV50Ot6FLdai5aVxpicafduH/J5RSAXqL8LssQi7HA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-10-28T19:16:07Z" + mac: ENC[AES256_GCM,data:j0N0bQNeF4dG4SpwtfZyY9aUQkzGLc1YWaiV5WO8QN1DkpxrOAq4LWJZxCjL0phy/e0XNuRGaY2hbEEWTxmhp7BzRinUs7Uox1+GIiK9owMnT8xE4bHaLz7YVK0BKyO3jEkmPGFO/5NXBdI1WYFIgX2Yfp9jZcqBrLtjFFxA09g=,iv:OvxFIxt32xGFdIajuVW34KNJ+G5DcxF+YGVCtrel2YA=,tag:X5su8Z56vXxfS6pKBU4gNQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1