all: refactor wireguard config

This commit is contained in:
Adithya 2024-11-16 19:00:06 +05:30
parent 05457d3712
commit 35011d7f89
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
13 changed files with 453 additions and 219 deletions

View file

@ -1,12 +1,79 @@
{ lib, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
];
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/bifrost/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
nameservers = lib.mkForce [
"1.1.1.1"
"1.0.0.1"
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useDHCP = lib.mkDefault false;
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51821 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51821;
privateKeyFile = config.sops.secrets."wireguard/bifrost/pk".path;
address = [
"10.10.10.1/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(rico0 // { endpoint = null; })
(rico1 // { endpoint = null; })
(rico2 // { endpoint = null; })
(wynne // { endpoint = null; })
(layne // { endpoint = null; })
skipper
kowalski
];
};
};
};
};
}

View file

@ -1,35 +1,77 @@
{ config, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
../shared/wireguard.nix
];
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/layne/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/layne/psk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"proton/layne" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
nodeconfig.wireguard = {
services.resolved = {
enable = true;
listen-port = 51834;
pk-file = config.sops.secrets."wireguard/layne/pk".path;
psk-file = config.sops.secrets."wireguard/layne/psk".path;
node-ips = [
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51834 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51834;
privateKeyFile = config.sops.secrets."wireguard/layne/pk".path;
address = [
"10.10.10.14/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
rico2
wynne
];
};
};
};
};
}

View file

@ -1,30 +1,77 @@
{ config, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
../shared/wireguard.nix
];
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico0/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/rico0/psk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
nodeconfig.wireguard = {
services.resolved = {
enable = true;
listen-port = 51830;
pk-file = config.sops.secrets."wireguard/rico0/pk".path;
psk-file = config.sops.secrets."wireguard/rico0/psk".path;
node-ips = [
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51830 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51830;
privateKeyFile = config.sops.secrets."wireguard/rico0/pk".path;
address = [
"10.10.10.10/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico1
rico2
wynne
layne
];
};
};
};
};
}

View file

@ -1,30 +1,77 @@
{ config, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
../shared/wireguard.nix
];
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico1/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/rico1/psk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
nodeconfig.wireguard = {
services.resolved = {
enable = true;
listen-port = 51831;
pk-file = config.sops.secrets."wireguard/rico1/pk".path;
psk-file = config.sops.secrets."wireguard/rico1/psk".path;
node-ips = [
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51831 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51831;
privateKeyFile = config.sops.secrets."wireguard/rico1/pk".path;
address = [
"10.10.10.11/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico2
wynne
layne
];
};
};
};
};
}

View file

@ -1,30 +1,77 @@
{ config, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
../shared/wireguard.nix
];
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico2/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/rico2/psk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
nodeconfig.wireguard = {
services.resolved = {
enable = true;
listen-port = 51832;
pk-file = config.sops.secrets."wireguard/rico2/pk".path;
psk-file = config.sops.secrets."wireguard/rico2/psk".path;
node-ips = [
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51832 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51832;
privateKeyFile = config.sops.secrets."wireguard/rico2/pk".path;
address = [
"10.10.10.12/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
wynne
layne
];
};
};
};
};
}

View file

@ -1,15 +0,0 @@
{ lib, ... }: {
networking = {
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useDHCP = lib.mkDefault false;
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
}

View file

@ -1,40 +0,0 @@
{ lib, config, ... }: {
networking = {
useNetworkd = true;
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
ipv6AcceptRAConfig = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
routes = lib.mkIf ((lib.strings.toLower config.networking.hostName) != "bifrost") [
{
Destination = "165.232.180.97";
Gateway = "_dhcp4";
GatewayOnLink = "yes";
}
];
};
};
};
};
}

View file

@ -0,0 +1,15 @@
let
mkPeer = endpoint: publicKey: allowedIPs: {
inherit endpoint publicKey allowedIPs;
};
in
{
bifrost = mkPeer "165.232.180.97:51821" "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=" [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ];
skipper = mkPeer null "ob8Ri5fYBCkksRnpbkq0kBlU0Ll3xjIPpMk8e9TKpl4=" [ "10.10.10.2" ];
kowalski = mkPeer null "ZgtftftDNAnNsOKo34cgaP3lQim2HMmoCXayALIVsFU=" [ "10.10.10.3" ];
rico0 = mkPeer "192.168.1.10:51830" "9mfgKUM6hXllEUunvI8szlni9OFpKSbaLVZRAhAh51Q=" [ "10.10.10.10" ];
rico1 = mkPeer "192.168.1.11:51831" "lFtIm7CX3gcHMAu673ptRzNDQh5QEa7FbzlHSQerRg0=" [ "10.10.10.11" ];
rico2 = mkPeer "192.168.1.12:51832" "FyFlOHfAprr474cJCXKRvgsU6o22xaQ8gzs1563AQnI=" [ "10.10.10.12" ];
wynne = mkPeer "192.168.1.13:51833" "re9z2AAKGaJrEn5Q+xp7XnZn4x4+GoJPLZScaXrnMC0=" [ "10.10.10.13" ];
layne = mkPeer "192.168.1.14:51834" "qhthtzB7vTGRfS1RGyP7RJ+BZLKd/BNxhaTJvAlYuyo=" [ "10.10.10.14" ];
}

View file

@ -1,33 +0,0 @@
{ config, lib, ... }:
let
hostName = lib.strings.toLower config.networking.hostName;
mkPeer = endpoint: publicKey: ip: {
inherit endpoint publicKey;
allowedIPs = [ ip ];
};
peer-rico0 = mkPeer "192.168.1.10:51830" "9mfgKUM6hXllEUunvI8szlni9OFpKSbaLVZRAhAh51Q=" "10.10.10.10";
peer-rico1 = mkPeer "192.168.1.11:51831" "lFtIm7CX3gcHMAu673ptRzNDQh5QEa7FbzlHSQerRg0=" "10.10.10.11";
peer-rico2 = mkPeer "192.168.1.12:51832" "FyFlOHfAprr474cJCXKRvgsU6o22xaQ8gzs1563AQnI=" "10.10.10.12";
peer-wynne = mkPeer "192.168.1.13:51833" "re9z2AAKGaJrEn5Q+xp7XnZn4x4+GoJPLZScaXrnMC0=" "10.10.10.13";
peer-layne = mkPeer "192.168.1.14:51834" "qhthtzB7vTGRfS1RGyP7RJ+BZLKd/BNxhaTJvAlYuyo=" "10.10.10.14";
selectPeer = host: peer: if hostName == host then [ ] else [ peer ];
interface-name = "Homelab";
in
{
nodeconfig.wireguard = {
inherit interface-name;
dns = [ "10.10.10.11" "10.10.10.12" ];
endpoint = "165.232.180.97:51821";
endpoint-publickey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=";
allowed-ips = if hostName == "skipper" then [ "10.10.10.0/24" ] else [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ];
};
networking = {
firewall.allowedUDPPorts = [ config.nodeconfig.wireguard.listen-port ];
wg-quick.interfaces.${interface-name}.peers = if hostName == "skipper" then [ ] else
((selectPeer "rico0" peer-rico0)
++ (selectPeer "rico1" peer-rico1)
++ (selectPeer "rico2" peer-rico2)
++ (selectPeer "wynne" peer-wynne)
++ (selectPeer "layne" peer-layne));
};
}

View file

@ -1,12 +1,20 @@
_: {
imports = [
../../shared/network.nix
./wireguard.nix
];
{ lib, ... }: {
imports = [ ./wireguard.nix ];
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useDHCP = lib.mkDefault false;
extraHosts = ''
10.10.10.1 Proxy
10.10.10.1 Bifrost
10.10.10.2 Skipper
10.10.10.10 Rico0
10.10.10.11 Rico1

View file

@ -1,26 +1,33 @@
{ config, ... }: {
imports = [ ../../shared/wireguard.nix ];
{ config, ... }:
let
wireguard-peers = import ../../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/skipper/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/skipper/psk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
networking = {
firewall = {
trustedInterfaces = [ "Homelab" ];
};
nodeconfig.wireguard = {
enable = true;
listen-port = 51822;
pk-file = config.sops.secrets."wireguard/skipper/pk".path;
psk-file = config.sops.secrets."wireguard/skipper/psk".path;
node-ips = [
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51822;
privateKeyFile = config.sops.secrets."wireguard/skipper/pk".path;
address = [
"10.10.10.2/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { allowedIPs = [ "10.10.10.0/24" ]; })
];
};
};
};
};
}

View file

@ -1,10 +1,8 @@
{ config, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
../shared/wireguard.nix
];
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/wynne/pk" = {
mode = "400";
@ -18,13 +16,67 @@
};
};
nodeconfig.wireguard = {
systemd = {
network = {
enable = true;
listen-port = 51833;
pk-file = config.sops.secrets."wireguard/wynne/pk".path;
psk-file = config.sops.secrets."wireguard/wynne/psk".path;
node-ips = [
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51833 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51833;
privateKeyFile = config.sops.secrets."wireguard/wynne/pk".path;
address = [
"10.10.10.13/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
rico2
layne
];
};
};
};
};
}

View file

@ -4,30 +4,20 @@ passwd:
wireguard:
skipper:
pk: ENC[AES256_GCM,data:by1Cqt1IYK1+MTGrj8Y6JQcKGuUun3b4XNDi6+eyR2bviRhfEQdxHEEA+ZI=,iv:V8dZy4iWe7t54aDgn22pGYaqf+tN1drt3nFo0ctoUlE=,tag:x4GfT9kY8+fGrM1ELOMbRA==,type:str]
psk: ENC[AES256_GCM,data:D6S3XPit4SkwsFzOFL7NXXzaxZg5R0oBvTsHVkUDHQxBzfBUA9u1iDRl2Jw=,iv:eqI5twDHGcJDDqPmBelU2XxIi84jV9k+bORgKEpz7EA=,tag:Ljj/7oA7RBEMSd6dXC7FKw==,type:str]
rico0:
pk: ENC[AES256_GCM,data:VGhOm7s/wU15h2nhDzrJdImTDv7SvmUNNQhsCJIzFmZh0mKS81au8uDJhVA=,iv:+8sTtCEXyw2fnNXS7kayOb5ldwUPnPzGaJ39UOpXKrQ=,tag:gyejp28gbMbRKaBMYYAoKA==,type:str]
psk: ENC[AES256_GCM,data:XlnEVm3nIGIB/e5dVnwtoAXyjYAc5iElP5mPXlqX8zttXUsEjD3ifL9/rwc=,iv:K/8EyZaNCAxSscfVrO84P86pEkdvnP9ibBDs2SWoXx8=,tag:HS8CxiSaHxyukdfk5zWIvg==,type:str]
rico1:
pk: ENC[AES256_GCM,data:pXAPjrmKYZ2HZtwEhASOIv24BAu1hmA+Gaave4IegqpJyQlpcoPnmUKWnZ8=,iv:FiFq8Uoo0pA7rJCiM5pHss2ElEzIBZ7K73wWfn9oLl8=,tag:PKzhRmqmKwMXQYeKo7nBVw==,type:str]
psk: ENC[AES256_GCM,data:yaSQc/NT1Res1LjU19GNFK9poeaY2M7BSSicmV237bQKxBo1hM4corPATM4=,iv:d4mOelgktH6wX6vmXhdjC6PQZ04bmCWkqHBP4IGyKog=,tag:B3xSy4avb8hNNzjq3K3uMg==,type:str]
rico2:
pk: ENC[AES256_GCM,data:XyiOlPelFLAhW7Dbko+zGnrxvDAcwxLhBPXye+tBEZ4rs/gcoczjqPhfUJo=,iv:DoMIXLUClnosQPg4VhXBdWV41MJ2sN3C3xgZ9jw2qkY=,tag:m0ZfLdWX8u1h1RgIMfVE9w==,type:str]
psk: ENC[AES256_GCM,data:vKHqJDkpyj05UnnSU0PTG3byrXs9gwJISRmwgG93jaOUCUKfsJuSDeQCfQw=,iv:/v7sEH03zsVfDxY6oCvnRfNQfNvqXi5Bt5ONM7zFxoI=,tag:WzDTlFU7frYwAGHkUHlxEQ==,type:str]
wynne:
pk: ENC[AES256_GCM,data:50L8Rru7pVWa+19qltLynzYwh37HK3IbnjfBtf6REb7KpSTWvmK48JVchxw=,iv:PQylNCEGiyBIk/NxFSAFqrzCu5st9dkshQ6jyRt7yKs=,tag:ddhaCFCBQVxrPaqaHIvg2Q==,type:str]
psk: ENC[AES256_GCM,data:cbO8D/kwhdsiYAqXAbdud0Bhm/tpmwcpdCmKcsvsnUFjy2fO9dYrd0/KbSA=,iv:oByAtlZTY7+taMoniU/dIecZG8XoHWwKVBHGri4xUv0=,tag:8vJm4n/8/jxHtS+E+iVvLw==,type:str]
layne:
pk: ENC[AES256_GCM,data:tmuYhe/7n65asRwmXXk7ZeYeS8SDovkLpaysXTmNvL+40IZw71Ju1lpJIrI=,iv:B4fhKqOkLwTWBpHD557Xrtn5GgTJJpWlFYCzNU1/Ipc=,tag:HBFGG35FB/UWkuVQWqo1EA==,type:str]
psk: ENC[AES256_GCM,data:5psT1pbRMDCBXHYg4z5zqsYTmgQgg0Df+xEtbEhf1YBzl6qEYyjLDhvpvaQ=,iv:wH9CqNBmLjlGlDPFZtTQ+tCVYBTkhLfwLc2nWNhlYCM=,tag:YWtFcx4YD6gh5qDnIYshfQ==,type:str]
matrix:
syncv3_secret: ENC[AES256_GCM,data:05lLSSolNO55VjJQL3nLNGo2jiZUZht2FKNvc2O2dCccSfglrwm6J5Guzns9ZlT8X9j74lvlWlbM6Q==,iv:1zARbgZ9GJV1UMJ+WjFPNYPqhRjGVj4iLYMpfsRjrko=,tag:fQ9Vg1xD1k2eYlEbtF6q8A==,type:str]
caddy:
env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str]
forgejo:
runner_registration_token_file: ENC[AES256_GCM,data:CM5hQEd1YHuCpzN6ZVGVzxRgQcUuq/KZ+o5JcB3kRAyVJVYjCyRfNPD2SA/ruw==,iv:L3tLN0C/d3lztvnBHyRzSFdkjtR8bnd5IrROGBSw/0E=,tag:R+o7E47DNvRr8S+hqR+v5w==,type:str]
proton:
layne: ENC[AES256_GCM,data:wAY2uoxjM1ubHzvwBfsgQzx+OLsno4Q/gP5XPiDPHwWy3IbmU14EhSH942mdjixRlHK2/T3l3NYqFSOm//8Ri9+GyfmJBcIKY/A8vgui0DbkGOb5+h7AKDoCwyUrredtCtFSWk5Hahl19BnJtoLEzmOjbF6su7P2PgAdpxlkWiiyR3ZVSC+PD/2KjdkgNSEXV8V7fxTSaiMqAYXiIqe33Kx5gKIVHPuHf8qrnKYQ92q2BUolpXpcg24FlbavjgmkTI3wCw9V/o/zo5lJnCzi8TSdVelJ5fOKDUA+8FemJcquYQ==,iv:dsbKPzNUAYnH1yaflxEAoKaTj+QtflkMdqAQqQQi418=,tag:jsSTKjmk6nTUfUAxcTsMtA==,type:str]
sops:
kms: []
gcp_kms: []
@ -106,8 +96,8 @@ sops:
UXJhWFFnQnFvOEF0M0JFb3E4UVB4UU0KSUq4d8eudY03p/fd8S8f1wk0OU4BlNYB
tldkOx2DhSvcVr/FcIJIR2PFbU8o50kYj9R0HR2sHJ5C5fJ0cDXY4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-31T05:28:50Z"
mac: ENC[AES256_GCM,data:PbyhjXr/IZw+5q0PqTjXowHaiB31NjZzYpKhVV5s43+XrdMpVhcaqr9Gs7yTsqNsSc36uZ1YRymwYr8i+bF1k81lvDgyEr38Pl3vcEoIy+jNPaVnxXBRW6CL69cKfC058GmuPRYIyevorw3G3DtpLsCT5lGiMS9XedmBMf3rsw0=,iv:lHO27bURe7apOq/2KQXttou/OJMRM4uBrpqH26hBIDE=,tag:1ulMCx3/UCWCplUv+NJqNA==,type:str]
lastmodified: "2024-11-16T13:28:44Z"
mac: ENC[AES256_GCM,data:HSpdXpDRlP7IamrmvQInn1coo+T59r5AowbH9uEr6cntWhOVjI6xJb91dd647uhnl9RQ4KN6QjNiBU3u4/9ie/hHAOzuX4vzYHjaWV0iO1pAHVOkT5jmker767je7rKVOu9BdtDgckGWQfC599bEL2PzS5megjo5Jbg/trZXHx0=,iv:EmnH2nwuBHdrtoJXSvOUdob0YKzl88jyJbXN+qFX0zQ=,tag:kUicG4NTK8DiY7OUvOgv3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1