From 35011d7f89a94f1e8b250d580d5867da4148cc3c Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Sat, 16 Nov 2024 19:00:06 +0530 Subject: [PATCH] all: refactor wireguard config --- hosts/bifrost/network.nix | 87 +++++++++++++++++++++++++---- hosts/layne/network.nix | 86 ++++++++++++++++++++-------- hosts/rico0/network.nix | 81 +++++++++++++++++++++------ hosts/rico1/network.nix | 81 +++++++++++++++++++++------ hosts/rico2/network.nix | 81 +++++++++++++++++++++------ hosts/shared/network.nix | 15 ----- hosts/shared/networkd.nix | 40 ------------- hosts/shared/wireguard-peers.nix | 15 +++++ hosts/shared/wireguard.nix | 33 ----------- hosts/skipper/network/default.nix | 20 +++++-- hosts/skipper/network/wireguard.nix | 41 ++++++++------ hosts/wynne/network.nix | 78 +++++++++++++++++++++----- secrets.yaml | 14 +---- 13 files changed, 453 insertions(+), 219 deletions(-) delete mode 100644 hosts/shared/network.nix delete mode 100644 hosts/shared/networkd.nix create mode 100644 hosts/shared/wireguard-peers.nix delete mode 100644 hosts/shared/wireguard.nix diff --git a/hosts/bifrost/network.nix b/hosts/bifrost/network.nix index e3eb9cd..0ac1e66 100644 --- a/hosts/bifrost/network.nix +++ b/hosts/bifrost/network.nix @@ -1,12 +1,79 @@ -{ lib, ... }: { - imports = [ - ../shared/network.nix - ../shared/networkd.nix - ]; - networking = { - nameservers = lib.mkForce [ - "1.1.1.1" - "1.0.0.1" - ]; +{ lib, config, ... }: +let + wireguard-peers = import ../shared/wireguard-peers.nix; +in +{ + sops.secrets = { + "wireguard/bifrost/pk" = { + mode = "400"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; }; + systemd = { + network = { + enable = true; + wait-online.enable = false; + networks = { + "41-ether" = { + enable = true; + matchConfig = { + Type = "ether"; + Name = "e*"; + }; + networkConfig = { + DHCP = "yes"; + IPv4Forwarding = "yes"; + }; + dhcpV4Config = { + UseDomains = true; + }; + linkConfig = { + RequiredForOnline = "yes"; + }; + }; + }; + }; + }; + + services.resolved = { + enable = true; + domains = [ "~." ]; + fallbackDns = [ ]; + }; + + networking = { + nameservers = [ + "10.10.10.11" + "10.10.10.12" + ]; + useDHCP = lib.mkDefault false; + useNetworkd = true; + firewall = { + allowedUDPPorts = [ 51821 ]; + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51821; + privateKeyFile = config.sops.secrets."wireguard/bifrost/pk".path; + address = [ + "10.10.10.1/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (rico0 // { endpoint = null; }) + (rico1 // { endpoint = null; }) + (rico2 // { endpoint = null; }) + (wynne // { endpoint = null; }) + (layne // { endpoint = null; }) + skipper + kowalski + ]; + }; + }; + }; + }; + } diff --git a/hosts/layne/network.nix b/hosts/layne/network.nix index fa622c8..23da384 100644 --- a/hosts/layne/network.nix +++ b/hosts/layne/network.nix @@ -1,35 +1,77 @@ -{ config, ... }: { - imports = [ - ../shared/network.nix - ../shared/networkd.nix - ../shared/wireguard.nix - ]; - +{ lib, config, ... }: +let + wireguard-peers = import ../shared/wireguard-peers.nix; +in +{ sops.secrets = { "wireguard/layne/pk" = { mode = "400"; owner = config.users.users.root.name; group = config.users.users.root.group; }; - "wireguard/layne/psk" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; - }; - "proton/layne" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; + }; + + systemd = { + network = { + enable = true; + wait-online.enable = false; + networks = { + "41-ether" = { + enable = true; + matchConfig = { + Type = "ether"; + Name = "e*"; + }; + networkConfig = { + DHCP = "yes"; + IPv4Forwarding = "yes"; + }; + dhcpV4Config = { + UseDomains = true; + }; + linkConfig = { + RequiredForOnline = "yes"; + }; + }; + }; }; }; - nodeconfig.wireguard = { + services.resolved = { enable = true; - listen-port = 51834; - pk-file = config.sops.secrets."wireguard/layne/pk".path; - psk-file = config.sops.secrets."wireguard/layne/psk".path; - node-ips = [ - "10.10.10.14/24" + domains = [ "~." ]; + fallbackDns = [ ]; + }; + + networking = { + useDHCP = lib.mkDefault false; + nameservers = [ + "10.10.10.11" + "10.10.10.12" ]; + useNetworkd = true; + firewall = { + allowedUDPPorts = [ 51834 ]; + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51834; + privateKeyFile = config.sops.secrets."wireguard/layne/pk".path; + address = [ + "10.10.10.14/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (bifrost // { persistentKeepalive = 20; }) + rico0 + rico1 + rico2 + wynne + ]; + }; + }; + }; }; } diff --git a/hosts/rico0/network.nix b/hosts/rico0/network.nix index d9c2921..5576664 100644 --- a/hosts/rico0/network.nix +++ b/hosts/rico0/network.nix @@ -1,30 +1,77 @@ -{ config, ... }: { - imports = [ - ../shared/network.nix - ../shared/networkd.nix - ../shared/wireguard.nix - ]; - +{ lib, config, ... }: +let + wireguard-peers = import ../shared/wireguard-peers.nix; +in +{ sops.secrets = { "wireguard/rico0/pk" = { mode = "400"; owner = config.users.users.root.name; group = config.users.users.root.group; }; - "wireguard/rico0/psk" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; + }; + + systemd = { + network = { + enable = true; + wait-online.enable = false; + networks = { + "41-ether" = { + enable = true; + matchConfig = { + Type = "ether"; + Name = "e*"; + }; + networkConfig = { + DHCP = "yes"; + IPv4Forwarding = "yes"; + }; + dhcpV4Config = { + UseDomains = true; + }; + linkConfig = { + RequiredForOnline = "yes"; + }; + }; + }; }; }; - nodeconfig.wireguard = { + services.resolved = { enable = true; - listen-port = 51830; - pk-file = config.sops.secrets."wireguard/rico0/pk".path; - psk-file = config.sops.secrets."wireguard/rico0/psk".path; - node-ips = [ - "10.10.10.10/24" + domains = [ "~." ]; + fallbackDns = [ ]; + }; + + networking = { + useDHCP = lib.mkDefault false; + nameservers = [ + "10.10.10.11" + "10.10.10.12" ]; + useNetworkd = true; + firewall = { + allowedUDPPorts = [ 51830 ]; + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51830; + privateKeyFile = config.sops.secrets."wireguard/rico0/pk".path; + address = [ + "10.10.10.10/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (bifrost // { persistentKeepalive = 20; }) + rico1 + rico2 + wynne + layne + ]; + }; + }; + }; }; } diff --git a/hosts/rico1/network.nix b/hosts/rico1/network.nix index 80c2cfa..914a184 100644 --- a/hosts/rico1/network.nix +++ b/hosts/rico1/network.nix @@ -1,30 +1,77 @@ -{ config, ... }: { - imports = [ - ../shared/network.nix - ../shared/networkd.nix - ../shared/wireguard.nix - ]; - +{ lib, config, ... }: +let + wireguard-peers = import ../shared/wireguard-peers.nix; +in +{ sops.secrets = { "wireguard/rico1/pk" = { mode = "400"; owner = config.users.users.root.name; group = config.users.users.root.group; }; - "wireguard/rico1/psk" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; + }; + + systemd = { + network = { + enable = true; + wait-online.enable = false; + networks = { + "41-ether" = { + enable = true; + matchConfig = { + Type = "ether"; + Name = "e*"; + }; + networkConfig = { + DHCP = "yes"; + IPv4Forwarding = "yes"; + }; + dhcpV4Config = { + UseDomains = true; + }; + linkConfig = { + RequiredForOnline = "yes"; + }; + }; + }; }; }; - nodeconfig.wireguard = { + services.resolved = { enable = true; - listen-port = 51831; - pk-file = config.sops.secrets."wireguard/rico1/pk".path; - psk-file = config.sops.secrets."wireguard/rico1/psk".path; - node-ips = [ - "10.10.10.11/24" + domains = [ "~." ]; + fallbackDns = [ ]; + }; + + networking = { + useDHCP = lib.mkDefault false; + nameservers = [ + "10.10.10.11" + "10.10.10.12" ]; + useNetworkd = true; + firewall = { + allowedUDPPorts = [ 51831 ]; + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51831; + privateKeyFile = config.sops.secrets."wireguard/rico1/pk".path; + address = [ + "10.10.10.11/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (bifrost // { persistentKeepalive = 20; }) + rico0 + rico2 + wynne + layne + ]; + }; + }; + }; }; } diff --git a/hosts/rico2/network.nix b/hosts/rico2/network.nix index 2166551..54a4e69 100644 --- a/hosts/rico2/network.nix +++ b/hosts/rico2/network.nix @@ -1,30 +1,77 @@ -{ config, ... }: { - imports = [ - ../shared/network.nix - ../shared/networkd.nix - ../shared/wireguard.nix - ]; - +{ lib, config, ... }: +let + wireguard-peers = import ../shared/wireguard-peers.nix; +in +{ sops.secrets = { "wireguard/rico2/pk" = { mode = "400"; owner = config.users.users.root.name; group = config.users.users.root.group; }; - "wireguard/rico2/psk" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; + }; + + systemd = { + network = { + enable = true; + wait-online.enable = false; + networks = { + "41-ether" = { + enable = true; + matchConfig = { + Type = "ether"; + Name = "e*"; + }; + networkConfig = { + DHCP = "yes"; + IPv4Forwarding = "yes"; + }; + dhcpV4Config = { + UseDomains = true; + }; + linkConfig = { + RequiredForOnline = "yes"; + }; + }; + }; }; }; - nodeconfig.wireguard = { + services.resolved = { enable = true; - listen-port = 51832; - pk-file = config.sops.secrets."wireguard/rico2/pk".path; - psk-file = config.sops.secrets."wireguard/rico2/psk".path; - node-ips = [ - "10.10.10.12/24" + domains = [ "~." ]; + fallbackDns = [ ]; + }; + + networking = { + useDHCP = lib.mkDefault false; + nameservers = [ + "10.10.10.11" + "10.10.10.12" ]; + useNetworkd = true; + firewall = { + allowedUDPPorts = [ 51832 ]; + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51832; + privateKeyFile = config.sops.secrets."wireguard/rico2/pk".path; + address = [ + "10.10.10.12/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (bifrost // { persistentKeepalive = 20; }) + rico0 + rico1 + wynne + layne + ]; + }; + }; + }; }; } diff --git a/hosts/shared/network.nix b/hosts/shared/network.nix deleted file mode 100644 index d2de654..0000000 --- a/hosts/shared/network.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: { - networking = { - nameservers = [ - "10.10.10.11" - "10.10.10.12" - ]; - useDHCP = lib.mkDefault false; - }; - - services.resolved = { - enable = true; - domains = [ "~." ]; - fallbackDns = [ ]; - }; -} diff --git a/hosts/shared/networkd.nix b/hosts/shared/networkd.nix deleted file mode 100644 index 6d3c181..0000000 --- a/hosts/shared/networkd.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, config, ... }: { - networking = { - useNetworkd = true; - }; - systemd = { - network = { - enable = true; - wait-online.enable = false; - networks = { - "41-ether" = { - enable = true; - matchConfig = { - Type = "ether"; - Name = "e*"; - }; - networkConfig = { - DHCP = "yes"; - IPv4Forwarding = "yes"; - }; - dhcpV4Config = { - UseDomains = true; - }; - ipv6AcceptRAConfig = { - UseDomains = true; - }; - linkConfig = { - RequiredForOnline = "yes"; - }; - routes = lib.mkIf ((lib.strings.toLower config.networking.hostName) != "bifrost") [ - { - Destination = "165.232.180.97"; - Gateway = "_dhcp4"; - GatewayOnLink = "yes"; - } - ]; - }; - }; - }; - }; -} diff --git a/hosts/shared/wireguard-peers.nix b/hosts/shared/wireguard-peers.nix new file mode 100644 index 0000000..2a2d43f --- /dev/null +++ b/hosts/shared/wireguard-peers.nix @@ -0,0 +1,15 @@ +let + mkPeer = endpoint: publicKey: allowedIPs: { + inherit endpoint publicKey allowedIPs; + }; +in +{ + bifrost = mkPeer "165.232.180.97:51821" "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=" [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ]; + skipper = mkPeer null "ob8Ri5fYBCkksRnpbkq0kBlU0Ll3xjIPpMk8e9TKpl4=" [ "10.10.10.2" ]; + kowalski = mkPeer null "ZgtftftDNAnNsOKo34cgaP3lQim2HMmoCXayALIVsFU=" [ "10.10.10.3" ]; + rico0 = mkPeer "192.168.1.10:51830" "9mfgKUM6hXllEUunvI8szlni9OFpKSbaLVZRAhAh51Q=" [ "10.10.10.10" ]; + rico1 = mkPeer "192.168.1.11:51831" "lFtIm7CX3gcHMAu673ptRzNDQh5QEa7FbzlHSQerRg0=" [ "10.10.10.11" ]; + rico2 = mkPeer "192.168.1.12:51832" "FyFlOHfAprr474cJCXKRvgsU6o22xaQ8gzs1563AQnI=" [ "10.10.10.12" ]; + wynne = mkPeer "192.168.1.13:51833" "re9z2AAKGaJrEn5Q+xp7XnZn4x4+GoJPLZScaXrnMC0=" [ "10.10.10.13" ]; + layne = mkPeer "192.168.1.14:51834" "qhthtzB7vTGRfS1RGyP7RJ+BZLKd/BNxhaTJvAlYuyo=" [ "10.10.10.14" ]; +} diff --git a/hosts/shared/wireguard.nix b/hosts/shared/wireguard.nix deleted file mode 100644 index 05d1b68..0000000 --- a/hosts/shared/wireguard.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, lib, ... }: -let - hostName = lib.strings.toLower config.networking.hostName; - mkPeer = endpoint: publicKey: ip: { - inherit endpoint publicKey; - allowedIPs = [ ip ]; - }; - peer-rico0 = mkPeer "192.168.1.10:51830" "9mfgKUM6hXllEUunvI8szlni9OFpKSbaLVZRAhAh51Q=" "10.10.10.10"; - peer-rico1 = mkPeer "192.168.1.11:51831" "lFtIm7CX3gcHMAu673ptRzNDQh5QEa7FbzlHSQerRg0=" "10.10.10.11"; - peer-rico2 = mkPeer "192.168.1.12:51832" "FyFlOHfAprr474cJCXKRvgsU6o22xaQ8gzs1563AQnI=" "10.10.10.12"; - peer-wynne = mkPeer "192.168.1.13:51833" "re9z2AAKGaJrEn5Q+xp7XnZn4x4+GoJPLZScaXrnMC0=" "10.10.10.13"; - peer-layne = mkPeer "192.168.1.14:51834" "qhthtzB7vTGRfS1RGyP7RJ+BZLKd/BNxhaTJvAlYuyo=" "10.10.10.14"; - selectPeer = host: peer: if hostName == host then [ ] else [ peer ]; - interface-name = "Homelab"; -in -{ - nodeconfig.wireguard = { - inherit interface-name; - dns = [ "10.10.10.11" "10.10.10.12" ]; - endpoint = "165.232.180.97:51821"; - endpoint-publickey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - allowed-ips = if hostName == "skipper" then [ "10.10.10.0/24" ] else [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ]; - }; - networking = { - firewall.allowedUDPPorts = [ config.nodeconfig.wireguard.listen-port ]; - wg-quick.interfaces.${interface-name}.peers = if hostName == "skipper" then [ ] else - ((selectPeer "rico0" peer-rico0) - ++ (selectPeer "rico1" peer-rico1) - ++ (selectPeer "rico2" peer-rico2) - ++ (selectPeer "wynne" peer-wynne) - ++ (selectPeer "layne" peer-layne)); - }; -} diff --git a/hosts/skipper/network/default.nix b/hosts/skipper/network/default.nix index 65d9a75..234e440 100644 --- a/hosts/skipper/network/default.nix +++ b/hosts/skipper/network/default.nix @@ -1,12 +1,20 @@ -_: { - imports = [ - ../../shared/network.nix - ./wireguard.nix - ]; +{ lib, ... }: { + imports = [ ./wireguard.nix ]; + + services.resolved = { + enable = true; + domains = [ "~." ]; + fallbackDns = [ ]; + }; networking = { + nameservers = [ + "10.10.10.11" + "10.10.10.12" + ]; + useDHCP = lib.mkDefault false; extraHosts = '' - 10.10.10.1 Proxy + 10.10.10.1 Bifrost 10.10.10.2 Skipper 10.10.10.10 Rico0 10.10.10.11 Rico1 diff --git a/hosts/skipper/network/wireguard.nix b/hosts/skipper/network/wireguard.nix index c98a4bb..21b0bf4 100644 --- a/hosts/skipper/network/wireguard.nix +++ b/hosts/skipper/network/wireguard.nix @@ -1,26 +1,33 @@ -{ config, ... }: { - imports = [ ../../shared/wireguard.nix ]; - +{ config, ... }: +let + wireguard-peers = import ../../shared/wireguard-peers.nix; +in +{ sops.secrets = { "wireguard/skipper/pk" = { mode = "400"; owner = config.users.users.root.name; group = config.users.users.root.group; }; - "wireguard/skipper/psk" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; + }; + networking = { + firewall = { + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51822; + privateKeyFile = config.sops.secrets."wireguard/skipper/pk".path; + address = [ + "10.10.10.2/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (bifrost // { allowedIPs = [ "10.10.10.0/24" ]; }) + ]; + }; + }; }; }; - - nodeconfig.wireguard = { - enable = true; - listen-port = 51822; - pk-file = config.sops.secrets."wireguard/skipper/pk".path; - psk-file = config.sops.secrets."wireguard/skipper/psk".path; - node-ips = [ - "10.10.10.2/24" - ]; - }; } diff --git a/hosts/wynne/network.nix b/hosts/wynne/network.nix index c13e59f..9236b0c 100644 --- a/hosts/wynne/network.nix +++ b/hosts/wynne/network.nix @@ -1,10 +1,8 @@ -{ config, ... }: { - imports = [ - ../shared/network.nix - ../shared/networkd.nix - ../shared/wireguard.nix - ]; - +{ lib, config, ... }: +let + wireguard-peers = import ../shared/wireguard-peers.nix; +in +{ sops.secrets = { "wireguard/wynne/pk" = { mode = "400"; @@ -18,13 +16,67 @@ }; }; - nodeconfig.wireguard = { + systemd = { + network = { + enable = true; + wait-online.enable = false; + networks = { + "41-ether" = { + enable = true; + matchConfig = { + Type = "ether"; + Name = "e*"; + }; + networkConfig = { + DHCP = "yes"; + IPv4Forwarding = "yes"; + }; + dhcpV4Config = { + UseDomains = true; + }; + linkConfig = { + RequiredForOnline = "yes"; + }; + }; + }; + }; + }; + + services.resolved = { enable = true; - listen-port = 51833; - pk-file = config.sops.secrets."wireguard/wynne/pk".path; - psk-file = config.sops.secrets."wireguard/wynne/psk".path; - node-ips = [ - "10.10.10.13/24" + domains = [ "~." ]; + fallbackDns = [ ]; + }; + + networking = { + useDHCP = lib.mkDefault false; + nameservers = [ + "10.10.10.11" + "10.10.10.12" ]; + useNetworkd = true; + firewall = { + allowedUDPPorts = [ 51833 ]; + trustedInterfaces = [ "Homelab" ]; + }; + wg-quick = { + interfaces = { + Homelab = { + listenPort = 51833; + privateKeyFile = config.sops.secrets."wireguard/wynne/pk".path; + address = [ + "10.10.10.13/24" + ]; + dns = [ "10.10.10.11" "10.10.10.12" ]; + peers = with wireguard-peers; [ + (bifrost // { persistentKeepalive = 20; }) + rico0 + rico1 + rico2 + layne + ]; + }; + }; + }; }; } diff --git a/secrets.yaml b/secrets.yaml index 5a687bd..14b2e4a 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -4,30 +4,20 @@ passwd: wireguard: skipper: pk: ENC[AES256_GCM,data:by1Cqt1IYK1+MTGrj8Y6JQcKGuUun3b4XNDi6+eyR2bviRhfEQdxHEEA+ZI=,iv:V8dZy4iWe7t54aDgn22pGYaqf+tN1drt3nFo0ctoUlE=,tag:x4GfT9kY8+fGrM1ELOMbRA==,type:str] - psk: ENC[AES256_GCM,data:D6S3XPit4SkwsFzOFL7NXXzaxZg5R0oBvTsHVkUDHQxBzfBUA9u1iDRl2Jw=,iv:eqI5twDHGcJDDqPmBelU2XxIi84jV9k+bORgKEpz7EA=,tag:Ljj/7oA7RBEMSd6dXC7FKw==,type:str] rico0: pk: ENC[AES256_GCM,data:VGhOm7s/wU15h2nhDzrJdImTDv7SvmUNNQhsCJIzFmZh0mKS81au8uDJhVA=,iv:+8sTtCEXyw2fnNXS7kayOb5ldwUPnPzGaJ39UOpXKrQ=,tag:gyejp28gbMbRKaBMYYAoKA==,type:str] - psk: ENC[AES256_GCM,data:XlnEVm3nIGIB/e5dVnwtoAXyjYAc5iElP5mPXlqX8zttXUsEjD3ifL9/rwc=,iv:K/8EyZaNCAxSscfVrO84P86pEkdvnP9ibBDs2SWoXx8=,tag:HS8CxiSaHxyukdfk5zWIvg==,type:str] rico1: pk: ENC[AES256_GCM,data:pXAPjrmKYZ2HZtwEhASOIv24BAu1hmA+Gaave4IegqpJyQlpcoPnmUKWnZ8=,iv:FiFq8Uoo0pA7rJCiM5pHss2ElEzIBZ7K73wWfn9oLl8=,tag:PKzhRmqmKwMXQYeKo7nBVw==,type:str] - psk: ENC[AES256_GCM,data:yaSQc/NT1Res1LjU19GNFK9poeaY2M7BSSicmV237bQKxBo1hM4corPATM4=,iv:d4mOelgktH6wX6vmXhdjC6PQZ04bmCWkqHBP4IGyKog=,tag:B3xSy4avb8hNNzjq3K3uMg==,type:str] rico2: pk: ENC[AES256_GCM,data:XyiOlPelFLAhW7Dbko+zGnrxvDAcwxLhBPXye+tBEZ4rs/gcoczjqPhfUJo=,iv:DoMIXLUClnosQPg4VhXBdWV41MJ2sN3C3xgZ9jw2qkY=,tag:m0ZfLdWX8u1h1RgIMfVE9w==,type:str] - psk: ENC[AES256_GCM,data:vKHqJDkpyj05UnnSU0PTG3byrXs9gwJISRmwgG93jaOUCUKfsJuSDeQCfQw=,iv:/v7sEH03zsVfDxY6oCvnRfNQfNvqXi5Bt5ONM7zFxoI=,tag:WzDTlFU7frYwAGHkUHlxEQ==,type:str] wynne: pk: ENC[AES256_GCM,data:50L8Rru7pVWa+19qltLynzYwh37HK3IbnjfBtf6REb7KpSTWvmK48JVchxw=,iv:PQylNCEGiyBIk/NxFSAFqrzCu5st9dkshQ6jyRt7yKs=,tag:ddhaCFCBQVxrPaqaHIvg2Q==,type:str] - psk: ENC[AES256_GCM,data:cbO8D/kwhdsiYAqXAbdud0Bhm/tpmwcpdCmKcsvsnUFjy2fO9dYrd0/KbSA=,iv:oByAtlZTY7+taMoniU/dIecZG8XoHWwKVBHGri4xUv0=,tag:8vJm4n/8/jxHtS+E+iVvLw==,type:str] layne: pk: ENC[AES256_GCM,data:tmuYhe/7n65asRwmXXk7ZeYeS8SDovkLpaysXTmNvL+40IZw71Ju1lpJIrI=,iv:B4fhKqOkLwTWBpHD557Xrtn5GgTJJpWlFYCzNU1/Ipc=,tag:HBFGG35FB/UWkuVQWqo1EA==,type:str] - psk: ENC[AES256_GCM,data:5psT1pbRMDCBXHYg4z5zqsYTmgQgg0Df+xEtbEhf1YBzl6qEYyjLDhvpvaQ=,iv:wH9CqNBmLjlGlDPFZtTQ+tCVYBTkhLfwLc2nWNhlYCM=,tag:YWtFcx4YD6gh5qDnIYshfQ==,type:str] -matrix: - syncv3_secret: ENC[AES256_GCM,data:05lLSSolNO55VjJQL3nLNGo2jiZUZht2FKNvc2O2dCccSfglrwm6J5Guzns9ZlT8X9j74lvlWlbM6Q==,iv:1zARbgZ9GJV1UMJ+WjFPNYPqhRjGVj4iLYMpfsRjrko=,tag:fQ9Vg1xD1k2eYlEbtF6q8A==,type:str] caddy: env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str] forgejo: runner_registration_token_file: ENC[AES256_GCM,data:CM5hQEd1YHuCpzN6ZVGVzxRgQcUuq/KZ+o5JcB3kRAyVJVYjCyRfNPD2SA/ruw==,iv:L3tLN0C/d3lztvnBHyRzSFdkjtR8bnd5IrROGBSw/0E=,tag:R+o7E47DNvRr8S+hqR+v5w==,type:str] -proton: - layne: ENC[AES256_GCM,data:wAY2uoxjM1ubHzvwBfsgQzx+OLsno4Q/gP5XPiDPHwWy3IbmU14EhSH942mdjixRlHK2/T3l3NYqFSOm//8Ri9+GyfmJBcIKY/A8vgui0DbkGOb5+h7AKDoCwyUrredtCtFSWk5Hahl19BnJtoLEzmOjbF6su7P2PgAdpxlkWiiyR3ZVSC+PD/2KjdkgNSEXV8V7fxTSaiMqAYXiIqe33Kx5gKIVHPuHf8qrnKYQ92q2BUolpXpcg24FlbavjgmkTI3wCw9V/o/zo5lJnCzi8TSdVelJ5fOKDUA+8FemJcquYQ==,iv:dsbKPzNUAYnH1yaflxEAoKaTj+QtflkMdqAQqQQi418=,tag:jsSTKjmk6nTUfUAxcTsMtA==,type:str] sops: kms: [] gcp_kms: [] @@ -106,8 +96,8 @@ sops: UXJhWFFnQnFvOEF0M0JFb3E4UVB4UU0KSUq4d8eudY03p/fd8S8f1wk0OU4BlNYB tldkOx2DhSvcVr/FcIJIR2PFbU8o50kYj9R0HR2sHJ5C5fJ0cDXY4A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-31T05:28:50Z" - mac: ENC[AES256_GCM,data:PbyhjXr/IZw+5q0PqTjXowHaiB31NjZzYpKhVV5s43+XrdMpVhcaqr9Gs7yTsqNsSc36uZ1YRymwYr8i+bF1k81lvDgyEr38Pl3vcEoIy+jNPaVnxXBRW6CL69cKfC058GmuPRYIyevorw3G3DtpLsCT5lGiMS9XedmBMf3rsw0=,iv:lHO27bURe7apOq/2KQXttou/OJMRM4uBrpqH26hBIDE=,tag:1ulMCx3/UCWCplUv+NJqNA==,type:str] + lastmodified: "2024-11-16T13:28:44Z" + mac: ENC[AES256_GCM,data:HSpdXpDRlP7IamrmvQInn1coo+T59r5AowbH9uEr6cntWhOVjI6xJb91dd647uhnl9RQ4KN6QjNiBU3u4/9ie/hHAOzuX4vzYHjaWV0iO1pAHVOkT5jmker767je7rKVOu9BdtDgckGWQfC599bEL2PzS5megjo5Jbg/trZXHx0=,iv:EmnH2nwuBHdrtoJXSvOUdob0YKzl88jyJbXN+qFX0zQ=,tag:kUicG4NTK8DiY7OUvOgv3w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1