c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Compare commits

base: c3d2:1aa373b459b934387c141c76ef8949df0761ce05
Branches Tags
c3d2:master
c3d2:flake-update
c3d2:gitea-actions-runner
c3d2:nixos-23.11
c3d2:ds-future
c3d2:container/radius
...
compare: c3d2:e668614df9d82c5a2807e07ba10e2d4c4c3313cb
Branches Tags
c3d2:flake-update
c3d2:master
c3d2:gitea-actions-runner
c3d2:nixos-23.11
c3d2:ds-future
c3d2:container/radius

6 Commits
1aa373b459 ... e668614df9

Author SHA1 Message Date
Astrobot e668614df9 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos':
    'github:SuperSandro2000/nixpkgs/6dc9b08c04d2f8b34348e9ecbbf89c69328855ba' (2024-04-13)
  → 'github:SuperSandro2000/nixpkgs/dc2624f6efedf6b7c1433fe5577ad4040f7b8447' (2024-04-13)
• Updated input 'nixos-modules':
    'github:SuperSandro2000/nixos-modules/cbda462e44a5f269e38699ecc4d3ccb4f3fe9516' (2024-04-01)
  → 'github:SuperSandro2000/nixos-modules/f1d7450195c2612cb26fe25519c79eb87771e2ac' (2024-04-13)
• Updated input 'nixos-unstable':
    'github:SuperSandro2000/nixpkgs/14ee1c2e6f49f69abf7c6a192efb26787675ba28' (2024-04-12)
  → 'github:SuperSandro2000/nixpkgs/38da06f2445d30d810a4e8b329d39c5e538bbd89' (2024-04-13)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/9ef1eca23bee5fb8080863909af3802130b2ee57' (2024-04-10)
  → 'github:oxalica/rust-overlay/5990088d56f0b936fa2633c2a4d76b8d36a01105' (2024-04-14)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/538c114cfdf1f0458f507087b1dcf018ce1c0c4c' (2024-04-08)
  → 'github:Mic92/sops-nix/226062b47fe0e2130ba3ee9f4f1c880dc815cf87' (2024-04-14)
 2024-04-14 10:01:06 +02:00
Sandro - 3e5561f155
mail: add automx2 2024-04-13 23:26:40 +02:00
Astro ba4d7916bb modules/backup.yaml: encrypt for sdrweb 2024-04-13 23:10:48 +02:00
Sandro - 7d3abc7756
flake.lock: Update 
Flake lock file updates:

• Updated input 'buzzrelay':
    'github:astro/buzzrelay/c541d83620dc237648ce1d9204f938fc80b416d1' (2024-03-28)
  → 'github:astro/buzzrelay/8c314c7c202c88b1ec7cef0e970f9206ee233596' (2024-04-12)
• Updated input 'disko':
    'github:nix-community/disko/0a17298c0d96190ef3be729d594ba202b9c53beb' (2024-04-05)
  → 'github:nix-community/disko/8d4ae698eaac8bd717e23507da2ca8b345bec4b5' (2024-04-12)
• Updated input 'microvm':
    'github:astro/microvm.nix/1e746a8987eb893adc8dd317b84e73d72803b650' (2024-04-06)
  → 'github:astro/microvm.nix/ee0068ca87bdabbde3cc39b7af807c0302d0304c' (2024-04-09)
• Updated input 'nixos':
    'github:SuperSandro2000/nixpkgs/1bb6d38faeece5f7e0bf01519289a5f7fa0a56f9' (2024-04-07)
  → 'github:SuperSandro2000/nixpkgs/6dc9b08c04d2f8b34348e9ecbbf89c69328855ba' (2024-04-13)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/1e3b3a35b7083f4152f5a516798cf9b21e686465' (2024-04-08)
  → 'github:nixos/nixos-hardware/f58b25254be441cd2a9b4b444ed83f1e51244f1f' (2024-04-12)
• Updated input 'nixos-unstable':
    'github:SuperSandro2000/nixpkgs/de0499eb0849d85bf04f7b3cc3a48bf00941a867' (2024-04-07)
  → 'github:SuperSandro2000/nixpkgs/14ee1c2e6f49f69abf7c6a192efb26787675ba28' (2024-04-12)
• Updated input 'openwrt-imagebuilder':
    'github:astro/nix-openwrt-imagebuilder/fde22e2a669d3262a23753a2e4c7eec3cf7f566d' (2024-04-08)
  → 'github:astro/nix-openwrt-imagebuilder/62797556f4f68f74f8addedd31e1d73f446e94ce' (2024-04-13)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/42a168449605950935f15ea546f6f770e5f7f629' (2024-03-29)
  → 'github:oxalica/rust-overlay/9ef1eca23bee5fb8080863909af3802130b2ee57' (2024-04-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/39191e8e6265b106c9a2ba0cfd3a4dafe98a31c6' (2024-04-07)
  → 'github:Mic92/sops-nix/538c114cfdf1f0458f507087b1dcf018ce1c0c4c' (2024-04-08)
 2024-04-13 21:40:24 +02:00
Sandro - 318a6c630e
The big mail bang 2024-04-13 20:54:20 +02:00
Sandro - 6c3a02220d
Format 2024-04-13 15:17:51 +02:00
13 changed files with 762 additions and 695 deletions
Show Stats Expand all files Collapse all files

11
.sops.yaml
View File

@ -41,7 +41,7 @@ keys:
- &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
- &jabber age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
- &knot age1hfzpctkk5tz0ddc86ul9t0nf8c37jtngawepvgxk5rxlvv938vusx4kuc6
- &mailtngbert age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
- &mail age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
- &mastodon age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
- &matrix age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
@ -86,7 +86,7 @@ creation_rules:
- *home-assistant
- *hydra
- *jabber
- *mailtngbert
- *mail
- *mastodon
- *matemat
- *matrix
@ -94,6 +94,7 @@ creation_rules:
- *mobilizon
- *owncast
- *pretalx
- *sdrweb
- *ticker
- *vaultwarden
- *polygon-snowflake
@ -130,7 +131,7 @@ creation_rules:
- *hydra
- *jabber
- *knot
- *mailtngbert
- *mail
- *mastodon
- *matemat
- *matrix
@ -287,11 +288,11 @@ creation_rules:
- *jabber
- *polygon-snowflake
- path_regex: hosts/mailtngbert/secrets\.yaml$
- path_regex: hosts/mail/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mailtngbert
- *mail
- *polygon-snowflake
- path_regex: hosts/mastodon/secrets\.yaml$

26
config/default.nix
View File

@ -272,23 +272,15 @@
internalIp6 = hosts6.up4.auth;
ldapPreset = true;
# those can't be under hosts/*/default.nix because those are not imported for the auth microvm
seedSettings.groups = [
{
long_name = "Mobilizon Users";
name = "mobilizon-users";
permissions = {};
}
{
long_name = "Vaultwarden Users";
name = "vaultwarden-users";
permissions = {};
}
{
long_name = "Vaultwarden Social Media Accounts";
name = "vaultwarden-social-media-accounts";
permissions = {};
}
seedSettings.groups = map (n: {
long_name = n;
name = lib.toLower (lib.replaceStrings [" "] ["-"] n);
permissions = { };
}) [
"Mail Users"
"Mobilizon Users"
"Vaultwarden Users"
"Vaultwarden Social Media Accounts"
];
};

146
flake.lock
View File

@ -103,6 +103,22 @@
"url": "https://gitea.c3d2.de/astro/bevy-mandelbrot.git"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"buzzrelay": {
"inputs": {
"naersk": [
@ -116,11 +132,11 @@
]
},
"locked": {
"lastModified": 1711590216,
"narHash": "sha256-NFMtHyFG/moEZP/Vaa+Dyhd19ohOp7g8+r+J4UWLjAE=",
"lastModified": 1712958621,
"narHash": "sha256-lJ9pn7RWE9W4CAMv+8UKFJNzM6MmUqWmSKywRTbQN6I=",
"owner": "astro",
"repo": "buzzrelay",
"rev": "c541d83620dc237648ce1d9204f938fc80b416d1",
"rev": "8c314c7c202c88b1ec7cef0e970f9206ee233596",
"type": "github"
},
"original": {
@ -209,11 +225,11 @@
]
},
"locked": {
"lastModified": 1712356478,
"narHash": "sha256-kTcEtrQIRnexu5lAbLsmUcfR2CrmsACF1s3ZFw1NEVA=",
"lastModified": 1712947906,
"narHash": "sha256-T0eT2lMbcK7RLelkx0qx4SiFpOS/0dt0aSfLB+WsGV8=",
"owner": "nix-community",
"repo": "disko",
"rev": "0a17298c0d96190ef3be729d594ba202b9c53beb",
"rev": "8d4ae698eaac8bd717e23507da2ca8b345bec4b5",
"type": "github"
},
"original": {
@ -244,6 +260,22 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@ -302,11 +334,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1712366957,
"narHash": "sha256-7W3D1Gk6mGlwtV07n6YB/7s3tThcBYknlvDPcoJJSe4=",
"lastModified": 1712654305,
"narHash": "sha256-CNdpLnGOUZfIhBanAFVF7t1xstaQGL4w6sQPrVeLlus=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "1e746a8987eb893adc8dd317b84e73d72803b650",
"rev": "ee0068ca87bdabbde3cc39b7af807c0302d0304c",
"type": "github"
},
"original": {
@ -363,11 +395,11 @@
},
"nixos": {
"locked": {
"lastModified": 1712510303,
"narHash": "sha256-IZvFSWgMM+TiVGpi7Z9rUxcVSKG+NoyL5oP6WOUp1lk=",
"lastModified": 1713043852,
"narHash": "sha256-yMEcmaC8Linjpw0IHcOCi3qizZFvruGcJ4nru8FG24w=",
"owner": "SuperSandro2000",
"repo": "nixpkgs",
"rev": "1bb6d38faeece5f7e0bf01519289a5f7fa0a56f9",
"rev": "dc2624f6efedf6b7c1433fe5577ad4040f7b8447",
"type": "github"
},
"original": {
@ -379,11 +411,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1712566108,
"narHash": "sha256-c9nT2ZODGqobISP41kUwCQ84Srwg7a/1TmPFQuol2/8=",
"lastModified": 1712909959,
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "1e3b3a35b7083f4152f5a516798cf9b21e686465",
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
"type": "github"
},
"original": {
@ -402,11 +434,11 @@
]
},
"locked": {
"lastModified": 1711999953,
"narHash": "sha256-aZi9ndiV9SUDoxC0+eceWfpSDa8YzQzC9tngpyCKYZs=",
"lastModified": 1713042321,
"narHash": "sha256-JvvIRGDwyYII948kulS+AmQfnEGcCdfnC+JUNWbIhdo=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "cbda462e44a5f269e38699ecc4d3ccb4f3fe9516",
"rev": "f1d7450195c2612cb26fe25519c79eb87771e2ac",
"type": "github"
},
"original": {
@ -417,11 +449,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1712510252,
"narHash": "sha256-tD8hJALj3bKDeuiusiKh5kwMH+JdauErLro4hEePVZE=",
"lastModified": 1713044809,
"narHash": "sha256-H9xQ9jogw6hJlwxVZT0rwLa5139aHXCrhzM41JRDPfc=",
"owner": "SuperSandro2000",
"repo": "nixpkgs",
"rev": "de0499eb0849d85bf04f7b3cc3a48bf00941a867",
"rev": "38da06f2445d30d810a4e8b329d39c5e538bbd89",
"type": "github"
},
"original": {
@ -472,11 +504,11 @@
]
},
"locked": {
"lastModified": 1712571708,
"narHash": "sha256-IZ1EwUM0fPNGOlB3KGENTwE+q6YyZ+aRghXudE86Yco=",
"lastModified": 1713002654,
"narHash": "sha256-OXUhPJdMsJM6GfnGatWCvWBA9fI/y5s0M4d/o5/OuDM=",
"owner": "astro",
"repo": "nix-openwrt-imagebuilder",
"rev": "fde22e2a669d3262a23753a2e4c7eec3cf7f566d",
"rev": "62797556f4f68f74f8addedd31e1d73f446e94ce",
"type": "github"
},
"original": {
@ -512,6 +544,7 @@
"rust-overlay": "rust-overlay",
"scrapers": "scrapers",
"secrets": "secrets",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"skyflake": "skyflake",
"sops-nix": "sops-nix",
"spacemsg": "spacemsg",
@ -550,11 +583,11 @@
]
},
"locked": {
"lastModified": 1711678273,
"narHash": "sha256-7lIB0hMRnfzx/9oSIwTnwXmVnbvVGRoadOCW+1HI5zY=",
"lastModified": 1713062877,
"narHash": "sha256-msvDk9+qkD4jvMf63PieGRy+hHk0VIKruivHM1BmCM8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "42a168449605950935f15ea546f6f770e5f7f629",
"rev": "5990088d56f0b936fa2633c2a4d76b8d36a01105",
"type": "github"
},
"original": {
@ -595,6 +628,36 @@
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixos"
],
"nixpkgs-23_05": [
"nixos"
],
"nixpkgs-23_11": [
"nixos"
],
"utils": "utils"
},
"locked": {
"lastModified": 1713017338,
"narHash": "sha256-BGXZdqdEc8+nFiX08q/kd8rWHgyiO42tacBpt39diMI=",
"owner": "SuperSandro2000",
"repo": "nixos-mailserver",
"rev": "04490c0872d91da865b925a8b7f8ccd3ba982cbb",
"type": "gitlab"
},
"original": {
"owner": "SuperSandro2000",
"ref": "quote-ldap-password",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"skyflake": {
"inputs": {
"microvm": [
@ -631,11 +694,11 @@
]
},
"locked": {
"lastModified": 1712458908,
"narHash": "sha256-DMgBS+jNHDg8z3g9GkwqL8xTKXCRQ/0FGsAyrniVonc=",
"lastModified": 1713066950,
"narHash": "sha256-ZaefFyvt5369XdjzSw43NhfbPM9MN5b9YXhzx4lFIRc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "39191e8e6265b106c9a2ba0cfd3a4dafe98a31c6",
"rev": "226062b47fe0e2130ba3ee9f4f1c880dc815cf87",
"type": "github"
},
"original": {
@ -792,6 +855,21 @@
"url": "https://gitea.c3d2.de/astro/tracer"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"yammat": {
"inputs": {
"nixpkgs": [
@ -825,11 +903,11 @@
]
},
"locked": {
"lastModified": 1712576876,
"narHash": "sha256-kTkQffyPgnteBzj4xx2zYdegcamTyGLKHW7VhKeameQ=",
"lastModified": 1713014021,
"narHash": "sha256-WCv7j9PQQ9e5HgTr6w6HmD+wUX91zDkS4ZLtcxN4ifY=",
"ref": "refs/heads/master",
"rev": "cb616b8b8891d320058526982d47fbd903eeb79b",
"revCount": 1970,
"rev": "0cfb02df6cce3b59e149be268bdcf0eca52b8b75",
"revCount": 1979,
"type": "git",
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
},

16
flake.nix
View File

@ -167,6 +167,15 @@
};
# deprecated
secrets.url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
simple-nixos-mailserver = {
# url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
url = "gitlab:SuperSandro2000/nixos-mailserver/quote-ldap-password";
inputs = {
nixpkgs.follows = "nixos";
nixpkgs-23_05.follows = "nixos";
nixpkgs-23_11.follows = "nixos";
};
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs = {
@ -214,7 +223,7 @@
};
};
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, simple-nixos-mailserver, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
let
inherit (nixos) lib;
@ -444,10 +453,11 @@
];
};
mailtngbert = nixosSystem' {
mail = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/mailtngbert
simple-nixos-mailserver.nixosModules.mailserver
./hosts/mail
];
};

2
hosts/auth/README.md
View File

@ -12,6 +12,6 @@ See the grafana configuration to see an example on how to use OAuth.
To create a new application edit the dex configuration next to portunus.
The aplication credentials are saved in sops.
For an exmaple ldap configuration see the gitea, hydra or mailtngbert.
For an exmaple ldap configuration see the gitea, hydra or mail.
The ldap settings are documented in portunus in detail.
To connect to `auth.c3d2.de` the nixos-modules option `services.portunus.addToHosts` should be set to true.

181
hosts/mail/default.nix Normal file
View File

@ -0,0 +1,181 @@
{ config, lib, pkgs, ... }:
{
microvm.mem = 2048;
networking.hostName = "mail";
c3d2 = {
deployment.server = "server10";
};
mailserver = let
inherit (config.security) ldap;
ldapFilter = ldap.searchFilterWithGroupFilter "mail-users" "(uid=%n)";
in {
enable = true;
certificateScheme = "acme-nginx";
dmarcReporting = {
# enable = true;
# domain = "c3d2.de";
organizationName = "Netzbiotop Dresden e.V.";
};
debug = true;
domains = [ "netzbiotop.org" ];
dkimKeyBits = 2048;
dkimSelector = "default";
dkimSigning = true;
enableImap = true;
enableImapSsl = true;
enableManageSieve = true;
enablePop3 = true;
enablePop3Ssl = true;
enableSubmission = true;
enableSubmissionSsl = true;
extraVirtualAliases = {};
fqdn = "mail.flpk.zentralwerk.org";
ldap = {
enable = true;
bind = {
dn = ldap.bindDN;
passwordFile = config.sops.secrets."dovecot/ldapSearchUserPassword".path;
};
dovecot = {
passFilter = ldapFilter;
# userAttrs = "uidNumber=uid";
userFilter = ldapFilter;
};
postfix = {
filter = ldap.searchFilterWithGroupFilter "mail-users" "(isMemberOf=cn=%d-mail-users,ou=groups,dc=c3d2,dc=de)";
mailAttribute = "uid";
# uidAttribute = "uid";
};
searchBase = ldap.userBaseDN;
uris = [ "ldaps://${ldap.domainName}" ];
};
mailboxes = {
Drafts = {
auto = "subscribe";
specialUse = "Drafts";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
Spam = {
auto = "subscribe";
specialUse = "Junk";
};
Trash = {
auto = "subscribe";
specialUse = "Trash";
};
};
maxConnectionsPerUser = 10;
messageSizeLimit = 10240000; # 10 MiB
monitoring = {
# enable = true;
# alertAddress = "example@c3d2.de";
};
rejectRecipients = [ config.mailserver.dmarcReporting.localpart ];
virusScanning = false;
vmailGroupName = "vmail";
vmailUserName = "vmail";
};
services = {
backup = {
enable = true;
paths = [
"/var/lib/dovecot/"
"/var/lib/postfix/"
"/var/dkim/"
"/var/sieve/"
"/var/vmail/"
];
};
portunus.addToHosts = true;
postfix.mapFiles."valias" = lib.mkForce "/home/root/valias";
nginx = {
enable = true;
commonHttpConfig = /* nginx */ ''
proxy_headers_hash_bucket_size 96;
'';
virtualHosts."autoconfig.netzbiotop.org" = {
enableACME = true;
forceSSL = true;
serverAliases = [
"autoconfig.netzbiotop.org"
"autodiscover.netzbiotop.org"
];
locations = {
"/".proxyPass = "http://127.0.0.1:4243/";
"/initdb".extraConfig = ''
# Limit access to clients connecting from localhost
allow 127.0.0.1;
deny all;
'';
};
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets."dovecot/ldapSearchUserPassword" = {
owner = config.users.users.dovecot2.name;
};
};
systemd.services.automx2 = {
after = [ "network.target" ];
postStart = let
json = pkgs.writeText "data.json" (builtins.toJSON {
provider = config.mailserver.dmarcReporting.organizationName;
domains = config.mailserver.domains;
servers = [
{ name = config.mailserver.fqdn; type = "imap"; }
{ name = config.mailserver.fqdn; type = "pop3"; }
{ name = config.mailserver.fqdn; type = "smtp"; }
];
});
in ''
sleep 3 && ${lib.getExe pkgs.curl} -X POST --json @${json} http://127.0.0.1:4243/initdb/
'';
serviceConfig = {
Environment = [
"AUTOMX2_CONF=${pkgs.writeText "automx2-conf" /* toml */ ''
[automx2]
loglevel = WARNING
db_uri = sqlite:///:memory:
proxy_count = 1
''}"
"FLASK_APP=automx2.server:app"
"FLASK_CONFIG=production"
];
ExecStart = "${pkgs.python3.buildEnv.override { extraLibs = [ pkgs.python3Packages.automx2 ]; }}/bin/flask run --host=127.0.0.1 --port=4243";
Restart = "always";
StateDirectory = "automx2";
User = "automx2";
WorkingDirectory = "/var/lib/automx2";
};
unitConfig = {
Description = "MUA configuration service";
Documentation = "https://rseichter.github.io/automx2/";
};
wantedBy = [ "multi-user.target" ];
};
system.stateVersion = "23.11";
users = {
groups.automx2 = {};
users.automx2 = {
group = "automx2";
isSystemUser = true;
};
};
}

184
hosts/mail/secrets.yaml Normal file
View File

@ -0,0 +1,184 @@
dovecot:
ldapSearchUserPassword: ENC[AES256_GCM,data:NPbf6YO3JQjXOnx/1V+nkltTovO0/x9OlPp2d+kkZ/U=,iv:lKbrhoNw9zKXkVGtpw//w67xAXiTgEi2N9Z1SdWj4KA=,tag:DbekEccg9FZVpQcYcXiYLg==,type:str]
restic:
password: ENC[AES256_GCM,data:VMbQ/QX6naNqc7CxJ6ctd18sUyAoS4ssYYQdQtWQGxM=,iv:oB4x5p6CcMebk0wDcpqTkyZ7Mv7YN1Xhfxj4pR3u3Hw=,tag:G9eBnZHzq3YtLI1u12qhDg==,type:str]
repositories:
server9: ENC[AES256_GCM,data:Rvp0i87VAC30JQiJvcI0QSqXDeRXr7JqRGrLmxMI5GccSTjleK8Br0WgDTqpgKM8oqTX6PH5qcCeP58KhG6W7Ow7N6YKZhCc9w9fPQkQ+zIsqtQs7aXAINNtSH2P0A==,iv:wDRf3lv//WMyq1mL1UEVPJtb6Ye5Pr5KIGlBFSzV/x0=,tag:o0LLDwYUeB8GutG7ZOo4Sg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ0p1NFJNZ2UzRkRQaVoz
YnlXVzJLdS9pT0hhVi9OUzc0cjJlWFdGVG1rClczcGE2MGJYcEJBeU9aREJVVlRo
alZCaVhrWE1DMXMyYXdibm51OG95TjAKLS0tIHFnMUpPT0thS2xBeXB1MUZOOFVK
azBEdklKUTZwTVZBaGNGd1lwTlNva1kK6oiSn61SWRJhvzCQu4+AYfH+iCDta3lS
gfXfwU+uMK8z9wcE+XRgzyaSLmJ7Dt4M4zse/HKAntEPL3R9o7K4Aw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNUVlUFI0K1M1anRxT2p0
Y0pCdVVFWTJJbHpQalVlT1lnU2dIc0x2dVU0Cm4xQjVrZW9NQjZwTlFZVHJDeEJk
Q0lSaUJrSDBOenFuVkliaEJMV2hCeU0KLS0tIHEzVzhqVklkUThjdzZQdStVQjRj
ZUdaTUxGTWVOY2NwZEcvcmg5RThmbkEKXRRI+pIzT9dHD8OUfUxSY2pk/P8xgv5H
Y5iOTS7t4QnS8O3jy1qwd4WraqQZXsTPUxvcJuVz+jHdLVmdU6ihow==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-13T13:28:43Z"
mac: ENC[AES256_GCM,data:zp6O3C1BGvsXP/D26x1wQpTGabk/7cwVfeTpMS+je6co813xRku6yt4FTtd4HUocl2nORc94fIWJlnuSiLbYpXMkoZk6Mc0aupqwrOXJmLQ4rZMwxVWHaaFQUSFqRLABtTB8uTbJ3uHjhwZRdMxbtGR2K2elq5T6j0gzsBFQQ84=,iv:VtbpVlcS2rqHECltJ19g8NTSfnXCf2fqVxaolNKlqHc=,tag:8bLvwYML4ssb+uE4U+u0/w==,type:str]
pgp:
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7zUOKwzpAE7AQ/+Jutci6b5WzHhPUcG6qjx9ijRu5A7E5WrbpqSovGY14k2
EBZ8Bb+em54wnZeNZ+54d5pfLtl0Vh1W16rICoopRMEpfSIL0WQokz+TzhIAuOOw
wDZLDhVx/sxL0FE/+tJ4tNTTlRvhwKdsPeQeR8vhIA2waZDGEptuz3frIoltaLsl
0Kzv81KaDSKIJisodYFteKEKV4U85lV/MnfGYeZCb+KpCRlFtgJkQWyehHNEMZB/
paH47FHDrs5oF7mvW75X+yAJZQpwiyRrBTrJRMUHHzRy8HuYXyfKeQt0tkAsjNa9
tOWimEUC///TmoBAuxd7yKMvS/l4JAiFVdiBIsgRCByk9zljOT9x+cg/5cOTeS3H
+aKaSkET5Hiiz1oGFxi8cHI0EmSUb9PomcEJHno6u6FiIqlPWVhKAB2lY8rKCRWH
kQwJ67RlSNtc9d1/YSp0fpvx46GJw+TKX6sxJq3sy61NIjeAdbIhOotTISn7fgyK
2H8MujtM3ExXbIxgpFbSuGc7s/zoDzdwx79xm5gNmk3jvUjv9VM3Kwj2Hwx3RrXe
vaYPMxl1w9JAf59rwmjLDAMptXRd/qdk+idh7HVJI4IIrd1h0UqTsfDu9Dt/HfDC
aukb3l1QxiQ4crz9HCDQP2YGuLrX5tclgs5diielEK/Tl6PSe91BKcETKwogrEzS
XgGRyZY6PYX8WDj8nEaCjABzc5zH9Hjuu/LvXtiD7zUn2ogpPkjo6waiuVuE5lEn
jFBr10p9P8XIvwLEy4FaK4Hc8A1jkp1fcW98+6kABzEG6arVSgr1o3vcxmbIg1w=
=vFHQ
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6j84+xkv3y7AQ/9HH3vPEKR84vKlzQuYs5aY3F0ZRuqmxBrNwyZxo53xM0b
fq/wQ/b1BB9JjjI9i0u946QrIaYUjiC82v5ajWogAjpXuHt0IrQZqdORgNBZVSOg
4VBhExIPLVza6SvvN/1M9VZQEgycnC684Fq3YZBy2LJVcb8m+ZuwJoehRbuI/Bzf
4VPnjYK3wvmSN6lOk63c5jPG2gVzqBzvpC16DI3KLGbP/IR8tJjcMEnqpHbtdPwp
9ngn5DLZMji97M3PBOuuY/0W99ObV1aizIEGdKDcQkwuUJGXfv1EU/X+w1W2JAm/
dPUgX80+xPzT5z+ka1v7/BUs4jmW8EosNJDshqIMPKPONHK1zy/sCb5tyF0bULhg
hwp6Vzea5ogPpoX/jqZKiyrUBRapcuqMwRqSFOuN8b5btKxebEqBvhWEIdK0cs4Y
KWPfd23OHWiMBl1DIplS9lURTuMv+onUEKQYvVukznOmPrfxnhzJj5B1f+kFCB13
D4ZDE1HUhPUpnDCnNtSui0cCW3r66aqODsVdbQhnk6FZmWj1aRk3OxTl5jUQYGst
ynLRXR/Kwo4ReSchNAeOoTWuT4uhDeIF0PjtG4C+uNRLWXizG0XEzNQdS5Jut95E
fe0hrgQSzx+/Z1VBFJMuA3y11uP9Oq5T+isMquGKjpEEeLyd4M1q3Bh+T2iFjorS
XgEHwRbOxiQvC0TIc1Znjk3bh+sch8jVsZM+GPxculrXwLVydrEeBx8kXdPUgieG
p9RqP1wkeXO2Yr6lJfW6t9J+56DDDycn5EHqaPhcN22fvjrcUsQMGYMo8lg9/xM=
=zKJj
-----END PGP MESSAGE-----
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DqDJbhoEBo+ISAQdAslG8/2evMgjnjd79b0Y++mYS5CUAy3Z7DDVESSjjrAcw
fcVKtjacM+mmV0ngtVhYrqkeYv1PqOlfmiQRNVu/8pftEIOu5ehL0rDqLM6iEYef
1GgBCQIQTadoM7Nhu+2LDDbRDQsI4G3TNrX+lnfTL3XxYW4wA6Eq/94KppMoIfjF
uU6/jEs7V1iUERTUtwttag1abH0zwNrNngz2TSlIGtj36HCMilB+4ArJdysITLh3
CMbn1VZTBBq9/g==
=wRSW
-----END PGP MESSAGE-----
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwMCBBrc/JA6ARAAx9hrzJmgjV21zsuDAtF3It0H5dqsEBiTPxQLNvzXn4xd
PqO6gJ5nn1tTlgJW9vD+4jK7DmmbebwBPT3jHYblQRSjldwI9l7N0XDWR3zoyVNp
PDHcGy6dUPa5h7EP1eK408qWBXdZV/5dxrMSWCTsDJlsyJwpn8+4csf5YSD5Mc/y
EnzS3/5xOkQytNAioqA9KsNxgIv91kjJrtZErvoLZfeHsEyoRhUkmwIl0PY2Ff8s
PPwxUKGgeosjX7mwkg9B8KGn51CRemqeuPMGhdJB5g6+gViMa8qHOIzYYCCTun9W
089HgvqdkkrflJsdTSsGi+l+Rw006DXiZ61Kn18CQ+yESUjB/hZUJl7ZSrDfM+CV
3UM1/Szplne6xDK0tMRqdHqpJ2aFAXh8C7mSno2mDRc1WNXGfky6Hpc296aNY2rH
NalRQ7lnk241j6iFRMAajkOO7xhb8pyGSIC3ZWvwJ3C05kFpQlmeC9goUUzALNEY
XQBAZ4VYsi66CWQeMVkYHT775d2ybVW1RU7E96AygcMVPK9YsH0pmxOIG+AAud4K
dSKCi6UuF/ucfvLbUheIuxjc6EHArB+ZWclS7jn4sDlt8YO9KoG5bMXPh8+UMXrV
rI4FGsaqVK7Y3VMl1dpl1170RSxNK3CjGvxPXf9VWm1AX5DEzn0kvc33HkLJ1VDS
lAGfoxjeKYlpVE72QCQiEHvdrNmeaXo2lSdEp3sowH1Xv78Zi0ppZgxIdy+TPNA1
qZ8LqA2U26eUqDEA2jgdLzOcqZbTB3pRwzDpE8uJAuPfqHzvh+JuxB8QDD44i5Tb
Ulj5pM3f32wkzn45EIPmgtCiqBHeOv06l8VSRJbh7DUolfNKEMZXHTlG90TuWMJ2
67zxQeQ=
=vdi4
-----END PGP MESSAGE-----
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ//b9K4yJ/Kh+9QOYfWiwysUBoBR8H4veFe4K3dY0FWFdPk
dAua/g89MmA731qsNU4m93I4uYMUpR7ALL0rWBnjp0pmnXtPF321obM63JXRYX/a
SiVlgp+M99Z/G3ENBtJ4mTkA8uD4PYwbefIA4CucnE52d4dl/Lpu8E2gdMigceo4
Ev88sF9Tncqpl1xBxlPSAXSR4b2zjQYceF+1HZmGdRp41odrbU+ZrL9BHreVp0R9
+WDqXLrYQhP1t1n7Fg95wuQCsLvtdJDP1w8DQqYcynl4XbgG4vQ9Bcl0RguOT+CO
ndzJddivIoJpiT17kxHjl+o5L55blo7pdI/+mSjxo6HhvFcnCAYnJBSoWvFaDXm2
j2+hYTR/ff98vCT+c56KrTjtP7b5z9ceR4VTYtugtFz7pQHUyHv7sl0Z9ljPOYjX
4z5KVgJ2KzHsp2DR/EscZdcQKsrhAHImpIDoi6JDXDuXJS7emEjdzFaLOwqZqX5A
r2wUAZi2YUCks5etqE5wQNJxR3zQSt2YX8iIr0ru0oYYcOsD1VDzz5n/84/2DxO1
DtRpwVT6oh/ZxWVs6gAPqCGUZMDn8d5v6bmwWFrTVnaSGa4r3ek8J3s1eUMJql0h
+I1vhiYqQJd1z2qNh8G/J4Wp/ryzwvTiqpMJ6f6zZfwaXruDdQNSpFwfCx54v6jS
XgGcrxTlO6i6BrHiVlSJgATqQWq8YRljxHYKgDeh6X+PcmKk/yXLEyLZg0mBLqxF
0EtPVN35XDji4s4j1Q3EVETZJ9z9EElheA+MIdiRnr6KdrEAQtPGj4xj59y51LA=
=5yZb
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9qJIVK2WMV7ARAAga2P3hNj81tj/syTQpAxiohjNTiyyO8VKMErfMLByxcy
gQRDBUT7K5UhuxGyiQZ9qvQinih9P559zIGe8hH4kF6+PoQ++O2BmqtcT4TiAWe5
U1TWmhleDAv1b0M0MQ3r+cImLctnsjbIt29DiEOpiv/Qo3TGpen/cy6Rdng68jFp
UAJVRJmpy65RsHCr6PbkxS0U9CgmgccsZKt6eoijeOBA4mvHqhP5Nf/JXvmuF9dU
KSkkYdTs8IinQEeOthW8zT8Tm8UAcPTJPK185qbOEGStGS+8rXDgK5x1TTLOc0Sq
9YVhJgKwLMinCjFK4KFyV2GuUhqGAg4r6X21uyjiHrfnlZjn3Pv2l0rbCqjJ8KGp
FNrJTBUGAELHjd+PjAd0yBFp+xorexx3Y/X7Zawa5CqfXyLLGaV8BCjziqyL2MEl
olHwo7nf0kv7jr44NwSI8JNJ2TOe6la4xYhYbSidqOIKT1c4YymxMMqWtD12b/iz
pxbJa0DfnuX99oXsUgTQMrpC1AZxFfQgoac1CA6SFQh+HYEObuS6oaQogLVTo08s
aqNpZOI4ZeyCdwVh5nLFoFeIa9fb9iszhmrlYlKaTmfZXDs5zkaSzt9AXLitCp+0
0UwKTLvHYj2JmuICHOg/67ymb0P2NCOforkfwkEJDfP0njmLNBeEe/EBlytRel7S
XgHWaH2Qlb6BNMj9Snyp5m7bYHjwwmqblSZoXPXL/qvtdrAM3xBYNlt+6gBCBQnu
37hczx3Baj2RXaHDcIiQchCs8ohJRJfM0jB8y6lXL4v5ri6qMsPBVdt1BOdCiDY=
=Zuev
-----END PGP MESSAGE-----
fp: 53B26AEDC08246715E15504B236B6291555E8401
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9XEenRNYVGHARAAw3q74FPqPAo+kcRPfjTcb25AkuEuV5hH8zTidv4z6sp5
eeEk58eZj94VRmHDHHv6dVzXKFxfxgK1hWNNjt9EDdPxcS7WxRSTSG9YhV7OAcFt
lyTQQt9PhRsMXyIdS7hZu+mF27N5/7+kkHf66yaoruShvrIXjHhIMhjBHqNw/wa2
PCWSQgRsqg5lscfikuP2bHCmk20g4sdkU/oiF5Yux7Z9SYDobwCpOxqO3a0r18vJ
sY7aQVQ2XRstpVv1OzQVsydSb3hatFNPNFsU8/mvMuRsbcZh08151N/bmR5XnEDf
wuhRem1Yr8A0h0c31ar7LpoUZmbyRUacz3Ylq7V4IMFsFJxW4bHJ9AgPumAYRDN6
ZKWSQhZaug6+bsjM56WreG89eWItqRnD3RxKC28/sNJvMYdycjiUaEKdi0lz8Lrb
XWUI7yiJlsW6C2dbryiZrJHG99ErqZUyCxrOiSqgBWGZuFaErdpWAjvPmrHaevNT
yIJg9Ax4G7j6MdKwoQvCefjKmPj4mVLtXu5n9dnOT+LHl7lXGGISqEFN1pKno0uz
npXLVWex149EkZztj9X+MxN6r4Tr5Qwcc2R4UTtQj7eG0lZC9ZGBc0Er0d4CFCBi
Odc7/wPYRM9Jr3NJrtVCrwYFyXveE1dN+lO+Pj88UxeIhWNDTF7ysy0Rn9oFgbPS
XgEbvAeGJD6XEMG5p2FXnYj8vG9azr88/ecwb7B80xyaHJk4TEvcQqbBdr7cI/tl
98KTRuWMQI/ztpsR3bNDSdk8fXPoMWSAYpCiuzkxwaEwo4KMakt+kTjkAFLkhxQ=
=+38B
-----END PGP MESSAGE-----
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
- created_at: "2024-04-12T19:32:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA45bZkLXmBFpAQf9GGtPG2Q/RgsLBM0rNwLRd8PT68FkeWZXyiGwQCzBRiZ4
oVi6TMdezVPT5Gjo9HTbM5LOCvewup4VV0w1/4R8jdpP80hRJFpOrwIbjNyGYfYl
oQ3wiM12AdlT4/xBdJuN6eQqCo2CoI5CkqoCjaNw6PqT/8xWt22pA/rBHT9b0V3+
e/0Hf1eHCQscKrzALCw0zuVhXLfvJyuRMjm4mSB558FRz0teAHJd9we/7KfHbCuH
f3DKp0Dy4GE0HGrA3huOOY71Z3Ij+/azNTXSt6XohmiCUwqRbT/iKABM5k2mQU9R
AyLio3mfcVhM4FzacZpPEFbhojWGQtASnT3pP08MttJeAf8oGSuHTkt+6liTOjQr
TnNxTq14TnL/I9dBhS86pSMTYG33zHHvc3qNbBW0a3R3DFtcE1xmwH51YI0ieg5U
jyQszbYEmfLLjuhtEo8K+WSzwwbL+Qu7/qm/6BgHPw==
=c+XU
-----END PGP MESSAGE-----
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
unencrypted_suffix: _unencrypted
version: 3.8.1

228
hosts/mailtngbert/default.nix
View File

@ -1,228 +0,0 @@
{ config, pkgs, lib, ... }:
let
domain = "mailtngbert.c3d2.de";
ldap-auth-config = pkgs.writeText "ldap-auth-settings" ''
uris = ldaps://auth.c3d2.de
dn = uid=search,ou=users,dc=c3d2,dc=de
!include ${config.sops.secrets."ldap/search-user-pw".path}
auth_bind = yes
auth_bind_userdn = uid=%n,ou=users,dc=c3d2,dc=de
ldap_version = 3
base = ou=users,dc=c3d2,dc=de
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=person)(uid=%n))
pass_filter = (&(objectClass=person)(uid=%n))
'';
in
{
microvm.mem = 2048;
networking = {
hostName = "mailtngbert";
firewall.allowedTCPPorts = [
# postfix (smtp and submission)
25 587
# dovecot (imap)
143
# managesieve
4190
];
};
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
};
services = {
backup = {
enable = true;
paths = [ "/var/lib/dovecot/" "/var/lib/postfix/" ];
};
portunus.addToHosts = true;
postfix = {
enable = true;
enableSmtp = true;
enableSubmission = true;
enableHeaderChecks = true;
domain = "${domain}";
hostname = "${domain}";
sslCert = "/var/lib/acme/${domain}/fullchain.pem";
sslKey = "/var/lib/acme/${domain}/key.pem";
networks = [
"127.0.0.1"
"172.20.77.10" #TODO: take ip directly from server10 config
"[2a00:8180:2c00:284::]/64"
];
virtual = ''
postmaster root
abuse root
root root
garbage root
'';
#TODO: where does root get received?
config = {
myorigin = "${domain}";
mydestination = [
"127.0.0.1"
];
mail_owner = "postfix";
smtp_use_tls = true;
smtp_tls_security_level = "encrypt";
smtpd_use_tls = true;
smtpd_tls_security_level = lib.mkForce "encrypt";
smtpd_recipient_restrictions = [
"permit_mynetworks"
"permit_sasl_authenticated"
"reject_unauth_destination"
];
smtpd_relay_restrictions = [
"permit_mynetworks"
"permit_sasl_authenticated"
"reject_unauth_destination"
];
smtpd_sasl_auth_enable = true;
smtpd_tls_auth_only = true;
smtpd_tls_protocols = [
"!SSLv2"
"!SSLv3"
"!TLSv1"
"!TLSv1.1"
];
smtpd_tls_mandatory_ciphers = "high";
smtpd_sasl_path = "/var/lib/postfix/auth";
smtpd_sasl_type = "dovecot";
virtual_mailbox_domains = [
"${domain}"
];
virtual_gid_maps = "static:5000";
virtual_uid_maps = "static:5000";
virtual_minimum_uid = "1000";
virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
virtual_mailbox_base = "/var/spool/mail";
message_size_limit = "40960000";
};
};
dovecot2 = {
enable = true;
enableImap = true;
enableLmtp = true;
enablePop3 = false;
enablePAM = false;
enableQuota = true;
createMailUser = true;
mailLocation = "maildir:/var/mail/%u";
mailboxes = {
Spam = {
auto = "create";
specialUse = "Junk";
};
Sent = {
auto = "create";
specialUse = "Sent";
};
Drafts = {
auto = "create";
specialUse = "Drafts";
};
Trash = {
auto = "create";
specialUse = "Trash";
};
};
modules = [
pkgs.dovecot_pigeonhole
];
quotaGlobalPerUser = "1G";
sslServerCert = "/var/lib/acme/${domain}/fullchain.pem";
sslServerKey = "/var/lib/acme/${domain}/key.pem";
protocols = [ ];
mailPlugins = {
perProtocol = {
imap = {
enable = [ ];
};
lmtp = {
enable = [ ];
};
};
};
extraConfig = ''
passdb {
driver = ldap
args = ${ldap-auth-config}
}
userdb {
driver = ldap
args = ${ldap-auth-config}
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
user = dovecot2
}
protocol lmtp {
postmaster_address = root@c3d2.de
}
protocol imap {
mail_max_userip_connections = 100
}
mail_uid = ${config.users.users.dovecot2.name}
mail_gid = ${config.users.users.dovecot2.group}
first_valid_uid = ${toString config.users.users.dovecot2.uid}
'';
};
nginx = {
enable = true;
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
/*
locations."/rspamd/" = {
proxyPass = "http://127.0.0.1:11334/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
*/
};
};
};
security.acme.certs."${domain}" = {
reloadServices = [
"postfix.service"
"dovecot2.service"
];
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets."ldap/search-user-pw" = {
owner = config.users.users.dovecot2.name;
};
};
system.stateVersion = "22.11";
}

172
hosts/mailtngbert/secrets.yaml
View File

@ -1,172 +0,0 @@
ldap:
search-user-pw: ENC[AES256_GCM,data:Mq7/jNiK98v5GiE3cIORRlqHCWEdQyPuKKrpfiUsc3cguZQU4gLtKl7CKEw=,iv:PI1+hYfIvswbFxwVhpJtK9wnVoi/4CBjy6JrG3YIR9w=,tag:yehHG79bH+FzpP6wJ8dPyw==,type:str]
restic:
password: ENC[AES256_GCM,data:VMbQ/QX6naNqc7CxJ6ctd18sUyAoS4ssYYQdQtWQGxM=,iv:oB4x5p6CcMebk0wDcpqTkyZ7Mv7YN1Xhfxj4pR3u3Hw=,tag:G9eBnZHzq3YtLI1u12qhDg==,type:str]
repositories:
server9: ENC[AES256_GCM,data:I5x8C/KHQGx+TeLLQ8C+FK1mS7H0mnUpMfZNNn1pzSIhwofMpb4gE/df59egBoAuYh3WPC7TkhcgQlmzXod63HQj/n4pbjzu25LlzXBdsP+9MnIRSSINieg0mb4mJvRYRpyXasA1UzT8hmr9,iv:maerDVaopXLRsjdGC7FKOPj4Qd1UTW0KCbMpjx0CSTo=,tag:OBzP99qYNMIXh02cqJ8Axg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWmdxZHFybE0wYWo1TU80
NjY2TjgrTzdWYm52dDlMVkVDMUlKYWNlMTBnClRxMk5UcGI5VXA3ZExDSGZqWWFC
Qk42a04yZWQwT2FSSUcrSldpQ3pLSncKLS0tIFhKWGs0NHVsQjNoNVdCOGQ1OVFX
NFNGbzlNVG1DdVpaWjlLRWxMdUtUQ0UKZIWRyo9dSedG5koms/KYvR7LNF6CtZ85
AJEG+a7RKgBV5vVRI/rDqjvWR7fv8r0hlKtLOtUsbysW5Ka74rAj7w==
-----END AGE ENCRYPTED FILE-----
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bE5NbVFXcFdrcDVZWVpz
SzlMcnd3M3FYM3NMUmR0RHo1NHBKdlphZzE4CkhLYkgwZEVxS3NnMTRneHN3KzVu
a2FkS1Q3ZVFiK2tnY3NsSVpDcVlQTnMKLS0tIGVjV1NmdEZubmZWR0srOUJZUjlN
TUszOVJBSVFJKzBPQ3N0eGtydEViKzQKaxLy4cTrbfaXAh8EygkUEozRzOjKjlfn
rBnDbsrjgWyab26LcTij2hNxIKUYjxQQso/Qnf2V4oKGtBpUhciwJA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-14T01:38:16Z"
mac: ENC[AES256_GCM,data:qcLIH2hfTpqH2+OdM04bw4Acz9UId1MZg6hiiXm0QMOl1tLfLD2snhGf1O7rVyra6kyBpw0XWbsrfChb5faoMfQrWvB730cA//lSCdnctbYqAx03uGEhF/ngmTqEYnExWmmafssxiqW55PbB88wqxHY0GUYc0UVgZs+9K7t84ts=,iv:CI8OXru8/j2/SlE5vhvq3FFc9WXmbTHyq4SgvU3xMSk=,tag:tQIa/wHFaO+Z6yvGLVS9fg==,type:str]
pgp:
- created_at: "2023-08-08T22:43:37Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA6j84+xkv3y7ARAAmFOc5++8Z7Qjhd+4Q4vStusJMwcfbvAMv8R+ZXVoRSE6
rSKSjVtKny1W8PD+8Uv/J5Os17VAQssLPvsLs+PkDYHLF9mTFH89oJaORQMgyHt4
BnEvsYvOOvdlNHFLeYbFY+YoF1hURdrVqDF65Yzi6XrSlBsOPqyvQZzznTdlUyCX
HUUk5KI6bIicxu2Ltz2fs1hT1K2yKlY92vSd+qrsqNsV2jFwS47cR1K6ffNcqLvP
CVoUk/KwJ2JNoTfzVoPr+yfL3mD4i4kc3qFmvUQxzneEAm1uXMo6oXrxgNZfT8By
YxFQ3uR38zBCiRHxA1FHSX8/MshkVyjGiUuhFrr/tGWKQZamnmsmUNFpAwTgbg8K
FQYTkpFpzm+C3ozOa1gzmcHiolvKCapUU5FbCcnPoq+MsTClOiy5JvSSUNWPbH/z
sH0fyNKFZxjJ2rBhuyp7LeuN7qM7OfcQi0EWoLYV63DrUXHvCo0IEha4LvhKFzCH
/ezqAIyRYw4lMyyXQJMoZJnZrKz0s6tQHJ1htRwtt0/Bf75Xz2gr60pXsi3ojqer
zNMJHFlMvMURjwcaBhQS6EkbLLG115pUIXT5n+U3coFe8kzS9m1PeuXGagtDhUIu
Y9RaWeusSYc6MowraM8oBsUVSoTBqeBYtz1KKpPM1vX6PeOM06BO9a5bncMkP6DS
XgEkLhC6DQZ7rOhn2jPRPO43AHujhfKmYd8YLy440GKlLWQtPomg42uv4a6vSdre
CCGkoedPfrZ7xDUxdIRgdxtahIVeNMPbaEt7fDFspSSGLiKOuFYHiqlsGx1O42Y=
=93DD
-----END PGP MESSAGE-----
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
- created_at: "2023-08-08T22:43:37Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA45bZkLXmBFpAQf+LdS4p0p3nSZCBszkGSKmJ4MXitvZGSViKmMBk7kz/Ux5
aJC9NYUExu6fVmSHF5xtbuBbF4zu+p/cgcfZE6vF1xgRMwd05yLqvMdEEP4PwqF/
F1J7dIJvjFKsOMdc+FnZBS9aKAdL5JW8LxblEbgGx7E7gU429dVPyxNTfTqFa5g7
ypS0nZtXgUpLNvnU0jEoL0+fkLJ977WXz5EtZkX4xgi7FooNuspnndTsmTiPifI9
PpLpdAcrzD0RcwBFt+dTgQnQHZltpgkaOHiDijepkK3zADtIrBpCjmIjBuPKUn8r
3eMN4Fh1nCmXM08XVgeyfCACOsvDDdReC4ShctJL2tJeAQPE9rhw0ByW1iFQ3rG9
D2JRF4rgnS1ADNdeOg7H29YXBpCnE/VBU9CSui5kX2O2bqaFtLfQqLSXwyQoJ+5V
gKhF7r7/dUQ53CzbxJRyRvG/HcsqpUMkcC5Cu45zgA==
=pbkF
-----END PGP MESSAGE-----
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
- created_at: "2023-08-08T22:43:37Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAwMCBBrc/JA6AQ/9FIPT7v8T6o4Paf9XQWQJuTbEJ5lC7ULeRF198553gSgR
IJwSvCsGHWxJ58H3x1cW7zpidp2eZE7bkAFCKK+v7ed3JQeEQ5/LnrSV1ePKHImy
lN8SWesmoHo2TjrYUeZRSZnhzrNllGP9kMXBzjOYC6R/3CCGB4ZBdiWxg55gMzoy
vks/Xnv5+WTyHXo0HiDnQHEz2Y4/wEfLAO1G8b/cRMtUzRbwaEgvHgEgoFWBa/21
pGv7LLaCMi55JJ5L8mUkYjasPCmJ92RTQkf6oCvxTbi+MLDt+4nF4Fw6Lx79ksQk
zyEW9Zz+9J4d7Zzxefk/m7mforL44J6IanXiY0SiC4Y+aSTg1DqEQedzIQZNqroR
cFFAolnCnLmqfGpNo8WUaxiUaVsP2qoYTY/zM6gW22Tq5V+TxPg7e9zUGTIX5Rt6
mEQf+9lx8TJX1JJe976Oerr6GAgateYOda0tj9MiXFx1vcwedRO0uUzNUb7GWRzc
ERvojvMDQQf3bITZQabnifYh/7SfT+Tobryd2fOpPuYtkKNQGYiX0QWO4+IqN7Gd
VH/UxSxbJlu/ETYzMUYjG2RU/9kypOBFK4nhdZroR6USBMPiz9flkjr1zEQKX5de
/JMFXNi/KHPJ/x0NqcNT+m8pj/Wz0+KV3A/gwYUOL4BX0Z9WwAKxle+O/kYmylnS
lgGnN/QfKQrE8fVQfA4fMEfY27i8dSissZEiaZqDy4dQ5AEF3mVzjCbiwb6dD4TF
L/gRVJveHEOTKaWvec2gkX2iyNpC0njOcIYZiXgE6d8hJja8twYy7AxjPMwlvMW5
8/P7TgHfXsbvIdkLp4iYv8abRHeOqaFrbPyyA38ju4tdjUfnEb3pZX8XWgIX5oUR
SQQkCPCxPw==
=8KfW
-----END PGP MESSAGE-----
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
- created_at: "2023-08-08T22:43:37Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA9XEenRNYVGHARAAgSvJTTwVvCIYED6Z1hpUNr7SG4KaqQ38LuRCJL5jbhHj
5vpFy2LQtjCJjLVSf6qgcmuaGEZiOgAO4GGbza7/ITwblP3kEH4LRp5lvXnLdZa1
P8A9F58UTpXgHgxNOl7XG7EiYs7OcY7fXSpEla2R7TDY+fn1PUShI2vkuUYM9Dum
4Npcg5hezqa10tRTu51LAqLHNdjSDfLjrKnS0JKBG3Wd34bIIu+m4t7NEkl2fQib
qT1axQ0NH2+KTx0I2XLqfjL76CPWP+O19jhIdzL1SESjTAtgfdaBo+EE2+MzAsRR
/ZMmutjdBa8eh2kmGtnP/YUBy1OXHnBjUhVSgInF1F/bnV9ojkQFfZVycOW/qXFZ
yoIWvt4ta9CZjnPbBc2LdbSIe+8VoAMiMltxwYq9X4SiX5fHe1VXU8FkMxJziVb0
jKCt1yI6shqBD0UV2aZEzu6KqNFtF62PFSo0elrA8zpQkKrYMWwu0mrOPkJigigz
9HGFJGgdJue3ciEhiktHN1PDSs/wM+6gN2DbAkSvfK+5JUY8cHyYrozhGROHmlxJ
1rtEzthUgoXXvAb5Vswc0i4wppMMIBvDiHhLpRO7xRZeMW+OPaWh8jXlUBLI8hbc
k44k5SD9KOYuq8OfsDxiNqOrOXHKq1LqefoRrQo0kn143mPFwrp5Iz6RXr87Mh7S
XgHozQ6/tcyzOr1+4CYMcLG/JF3j2MJZMDMd++4UczLEu64h5p2vwd6YvrH36VNG
WD2HCIhwnCPh7HS/Ix/H0X1Ru+zOdDUKF2UDxnzgel9tTjk/wX+Wspk/ScdqePg=
=nNAZ
-----END PGP MESSAGE-----
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
- created_at: "2023-08-08T22:43:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA9qJIVK2WMV7AQ//aoP1NdEm02LofcDbue9K+gYnSOa1/6PBaC36c02nfloi
alSFWOjKP3XPXPYiIifF+VFfosIvAepF8UjiHarieaHsKmuShn4gbdm75QAAu+9Q
sBMxaOREh2B0GoieVKtJBbpXINPKCUpGGobPP7j15L/Pl2tK9YKt2H1kmaTAdfMr
Rh4iFDGuwl9tN17X/oLdJE3X+kkb9K3do9IwgDPJs9DX+Pg/b77y4JB34z/RbRnv
AiPmyn6zV8EBu4ANgOfNcwrI+ql3IEneiBFCP+H3G7a9CzCztXd6bHpvF07ooqK1
v/kZ64iEHUqXfARs5zrvEZhvi6bq18oT7XKKXwIO9tVQ1Y+J8anIIDhsflAGMJuE
9auctVJfoJqAVDHLDF0SkGdQLpCkSPcCmXdD9QgK79crzCHbW5i1WFYza6pYVKAE
W9MKZBkRT/3T8yL9CgZW2BwUOyAcwWu7oeCcyXb7EaZ08er3gfDA7clbzLviBUNG
eJjk0u4Wxcz+6/xdPEwXIXZC0f8K5HVaR0b9vrRLenyf97+hgeMXk645QFtI7ZZa
wd41y4Np9sX+iydhPb2K/7sEFY1X2fCEKCRQ8jU2YtZwDxwtMT69218iPeIlAyff
CGVMH2Wo4l9kM0DUI1KrKs2ssjV/E0xDmo9+7iaGDVNIkaN2R3V3QeyI5oDZIcrS
UQGPTZkqXDPhfgmDL++oaYPd9hDNoWNVfJBdy1l8rkeRwQW0tuAD4T7K8G0ulkIw
QvtXjiLgPK2IZb1dbRbwPu3wK9+eMWKTABLCD3XgJsl07w==
=E1R+
-----END PGP MESSAGE-----
fp: 53B26AEDC08246715E15504B236B6291555E8401
- created_at: "2023-08-08T22:43:37Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ/+NPcayuOcJch5Xz7HIJMjZvAXonvQYM4h0/IQ7/3JMnKS
WBu55P/vCtQCI/w4EfDwrcTOrmesuai4Zs/fcGwEMNA0acz2kLzJ5zXjl14+AXyg
S00JfUD5h06wR000s2xYPbtlwOiilRQtuGp+9V8PbBstygcAX1LWNrBTh7HPf/I7
rjpaia8qMV9UciXvWIMlmOL1s3M56BUQDDGoHNKUYB0pHhXPhAjP5wVVHZx5cNBQ
KGHwud8UGu2hZDUDf0bn8mEHFetd2YJ1jBCFoITEk89nKGyJfWDDqrlZDAbaOM77
wl1rJBB27+FcmJNNefgkXKFmDDWCs8xA18Bf3ajTdTuw35VqNnrZuge76zSGk1x0
2S2ZVrO0/OJ+8GsWBAfLn+i4XLpwjEFmqLxwVDMLSMWMswc7gPMoPi0+Fbz9ACZG
sT3WDaHiThE9fdPzCUXVbiV9KNfYTNqeDwRsgq6RQamVj4ZpFpyY2iDgO4m7xa6G
SrnW/fMbtw95LqpS+lBblKMZZVg1TAOfDkyz9AxlkjirNmDfTR8t//ppBI9fDKpx
e0yiUuWoJOBJEnK+zAZ3Ux1OrkCHT1pQjKmFiUeYnHmsPKtcOGS35sBxowvZc385
RLgsmY+uKfduZxegWutVHAjxaoYaeGmcYflk4Rzb4rSL41CWT/3FzEK4oJDt/jbS
XgFwYdeXgSTC+YMiQ8FdvvKntGCWHNwa+i5ZZ7TQDoI609YWKui6RdpMMVGvZl1M
qTj8aGNLD/QYV5m/hajyv2DDvu/KX0Y09otPmaXFJ6OVQUXMAheWbYvoATrWF98=
=h44Y
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2023-08-08T22:43:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7zUOKwzpAE7AQ/7BBPyzS81qOcOm9ZN/UJ4NrmQ0B9iL/Vcn7Or6sbBvW+x
Nfz/VqXUIOLZrCPpD/8hf7wCYIrC+MdJtC+bEwnaXgYxpwaNqlr7NehTBRr1iJVa
fDUrpx6RGoClgSkgAs/yQ4QEq+4e+aF+ttEJAItipfc9+FYwlTY0Oh43FOxPWVyl
/muKktyJnJzOXNz/k8YQzi3nP8sgCOvJdQftqIv1afhgeOClQukYVqLViCyl/cnn
lmpjPFBVB3jsLeFGpStmlaFGOSWSNz4XZ4LqdwGM6oYEH5x4+mJCMHCbK+dZ613H
RejgWioG+mJv4rF+5JeHPgcfqBzIr9sci63Ds7xUb8eXugqcKoDniGvoX2SZZ+AB
bJo9mfqQ2ieEDlS3FOxxJXgtgtgjw0FCeqqwuUdfFr7H9YqRm5H7Ko9fbWqMCBsV
D7XOjXm/gorROYehdSt3usE3JZ9pqfB7EmRJTdM2x2zf5dKN1Zzr/wzj3udUIkbs
UbsIxu0+KXo9xjTNG9owGshAwH2LfrXllu1DsF1gVpkyS3JWSFOGxl/7ELwhUOmO
weA7HPd/xQNfjKWL0XF2IXhCAX/l4LDLxUuVr0y9ALaZUOoK7REMgXO4gSG6JCd+
WTUmytgLSJFq+Pw3F7KEqnB4ssE5uavi2GKsaDOOn5PIlhxyRAUUvjgxUYbbv+/S
UQHjN4ZkVrK1y39fRH9ZZJSvJjtfsJiCmCtggIsGUaJe1DKqz2/heZr0fwxejLna
h6gMWMvMA+4lf23vHc/vrS+LK1s07EBmv81tJhuinnL/ig==
=ckwS
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
unencrypted_suffix: _unencrypted
version: 3.8.1

7
hosts/mastodon/default.nix
View File

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }:
{
c3d2.hq.statistics.enable = true;
c3d2.deployment.server = "server10";
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
};
microvm = {
mem = 8 * 1024;
vcpu = 8;

454
modules/backup.yaml
View File

@ -12,348 +12,366 @@ sops:
- recipient: age1a8k72egc2vg4jn445wwcr0a68y9xu5ft68s2xwehugs5sjawpv4q5nnrmy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NkRHTE1vU29Ud2lCcHlm
ME9BQjJ6NGhPSUcycnYrY1dxN1NSSGJXM2lzCkpJNXdndXFvZTFWMStBVzI3cXdB
ayt0enk5NGlxaFc5bFJnSW4vTE52MDAKLS0tIDdrY3JIaTdLbzFoQ1h4OEJ0a1lL
UTk5VjFid3FGS2lWdEFGaEc2dWxaK2sKKRd+8mmfVfpam0P7XkGPfLMlC+GxEzWU
koKeBWOqt0Qw3eul3Aps1pEveo5ActYZ0W/5T/8RtFu7Q7Gf4hGbGw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMjdmQmcraXU5d0REMEkv
bUcxdXlUY2dSTWRZbEloOXBnamcwd01WblhvCnVFa2cvNDBKSnpFQzhkMTAzVjZv
bWlLS0xvTktqWVo3UTBqd3BhUHoxWW8KLS0tIElRcU5rL0hkSFZ1Q0N6OElldE9r
N2dCelAveDVaWnl5VWRNOXFyZjVwK1UKHBKL7tyhxm1WFn8rHWI3ibiWd2ZtOK+o
5WhA5jE8Rq9olmKD8EVw2VvpLuOXrXqTAcSz71PkQnOKgMknPXbvlA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR2xRSW9YU21Ib1dGcGs0
d0FkNlNURVE4S3UwV2tXM1o5d3JleW1DbWxjCkU4VWN2clRFM2Q1RGJNMlJXZUpw
bHNDbm9odHBCTVU5YXZmaUFLRHQxRHMKLS0tIFR2YzVGU0hQWkJPSGt6TGlTZVdK
RzZESGQraFNIL1ovanRWakowUUZXVlkKZo/8k8j4epzPYbfLQIVjhliLqd2uLgy2
6uljjPKm423bptUtTXbD+r+QAh6KzYN3YvOur4RnKAfKhft2VrWOlQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSi80QjJua1BtRVJUMDJP
aHl2UTh3bmY5NXJvYWRrNGdFL0NDeVRsRFM0CjI0OGtXVklmekh3RTdVUnNaZE1W
Tnd3UC9PRjRVZjVIQlVhT2k1R0c2cTQKLS0tIFFaL2lwQjhRZy9XVjV0SjFFS21w
QjI0R3poaDFUU2YwQ29IWG0xV3FFSjQKwqGUYdlUBmXxq/DigFvDIKb3acOppMph
rxwZtVSHyGERasIwrHM0XM5iHUxLMrYdB7PWiOJ5retq45kLrFtN4A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNN2NVZXJMajQzbzdKbWRN
MXdtUkRVL1F5aFZBMG82QmRvRmlhbHNjeTM4Ciswa1VxS25nSHNyQXNtR0tnaXc5
QjZUejFBM0JWWkdDVDRya0dlVEZuZ3MKLS0tIG9qYVl6R2dLYTI2NXBadU05UUNl
ZkZGeE9USGZtNE96dFBtMHU4SmZnYTAK/+wNaNZsBiaI4JT28Rk12rTXdjPML+BM
5kyNEyj0LsJyfRuiQezIOGBX83zDqvAUH47ib6ApQGoh3UL5G+8nfA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaE04M2lDTUVvR1pnRTZH
ODZYNFJaZ3h4VHNMSW1sck9xUmtwcFY4LzA0Cm5HNk53Y3BaTkNuODNGV3JqVlNH
MDJQNWRpSU5VeGFDM25Ncm8zaE9UeTQKLS0tIGpva2JOR0VXZk9HdG5RK2FuMDRy
TUFRbUtHMjhldVRyU0FtRUN1azFCVVkKchvcml8FWgWxyj71iFIeC2qGzvKAUlnG
oJVGDCL9938prZ97nroLx4ec85W+JYjnzhsTK4kBI4SExc3TgmPJDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR3RSazU1VlpuSXdvbEtq
THZ1WnNBeGNpRWRxWVJ0c3VlbDF6eC9hRnlJCk15aEtGZkR2ejIxdHVSd0ZQbFFj
NU1JNk5aSmRzaXdiZzZvbjhUZnVDalEKLS0tIDRjclN2RW00L3p2Mk1wTFFqdWJK
YzBQampiSnhzVVlMVkFHNDBJS3lTRmMKVZlpyoukZjb1ttuXpPKGFJnX3V8XPCmh
trlX6sZ6pkFNCNDyN+ml0DxIz278YJX6SH9gBXZYZtTlGN5Yv5pBuA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWFEvUGhOT2VxRWFMNWV1
QlN3VzV6a0hUd3JHRC9LQU1LbTVlMUM2ajA0Citwemt5MGRZbEJmNXp2UnRvNWly
MmpPY1NNc2Nqc2REVTJQcm8yQjFOaDQKLS0tIDZVWU9YbEhYM0pKYUJsVTVVSFpE
L2xicjB4OXNRbzRLY01HZ3M4RlhuU3cKJW42aO3fUK6USE5V8t6nn76D2FIeN+Ob
aVysYubnrh6ISPoKT6+bP8eD99rhIHZ7DK6Crd9bSgU/tlypN9lVzQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age13dl5qjzddaazmquf7zfecru5tr4ld8l8xd7xpmhaqqzmchpua4usswqykd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZHp3M0hTS0RRRFpBZUtz
YlJXRnBKS1VEK2NxZUh1eFZNeTBzVzJQOUEwCmIwVWliQXdOYTQzcmI5VVI1c0Fu
eHo4NDA5VjBuTVN5NHY1cjUxSGhpdlUKLS0tIGh2NFhycTZrTnhNNjF4RCtnSnlW
UkVCNDU4UkgyUy8zUUNVTHBhcmNuU1UKJFk1fhLJlynxAuFX5yuJzQcB7UHOkiUW
h0PQzJDqGeUxBoFbz3vRJFc4yG1anghDEzJ9G+/OnVq7TXflSXROVw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmd1JSNEQ1MVliK01hVWJl
Q2wrbjFVcDBFTmJncGJkT2d1OHhuT3dYSzBJCkFlWmxLbWlmVEJUYmh4SzkyUEVO
TkNieTNuY3AwNUNBUXJPVjNmcmJ2TU0KLS0tIEJOek5leWNJcnFqWnBNWitncU5D
Z1U3L1JpdzFXL1hMWjRXaGd6cDJ5aVUK+47RF6CeOpalMdqvxLDloJNs15HqpMAH
Jz8PP1lyJxRtbvhAhvGAP0pi4oZBKIy9ax4395oWh7EQuwGMJUiA3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w6u8zjfya63q9rjfll98eegnfdsvyaspnwn802t2mxh47gt8p30q0kn898
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSE5iRUMzOVBQallSZS9T
aEdzT1dYSC9kLzYwQnFPTUg0TGN0clJVdndJClFwZzRBZDNWTDVKcWVWMWN0eDlR
V0dOL2p4SFgzMW1XakZyUG15TGYwZm8KLS0tIFpBQ0dHcHpvY3BBamZHRng5Zktl
RSs5SktyNFpDMW5SamMxN2FIRmhwc2MKygZxVaYNUd68gl2HKPj0bW2T8IAotH5O
F1MAc45st8xrXrgP8Q8TWaxOQEJW3Z+H5A3OQvKv/ABUyC0ED0gh3w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcHFIcDRidzFiYjNZVGVi
bzVSLzh3YmdkdHVEY05NT1VwWGNFSlFOdWprClJpeUFodTBHU0FHT216VUhBWkVz
NnpDWEdJYzRDd25JLzdjL1hWdS9ORW8KLS0tIDRyRlhyUzgxMk9GY2FoSlF2MW1V
QlRFc2hMZEh6OTFpWmt0czBHdnRmTGsKtuFvPrMDSIO4rKoV8XXAUdNrEtocW02r
NttYLrUzAewvVen08ANBs6d4H8g/5aswxLm0iXWBEj/hlunYy5i0lg==
-----END AGE ENCRYPTED FILE-----
- recipient: age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLenE3VWh2VE54NmJNT0Jr
ZWQxWnNoZlU4QkMxRWppWjJDc1E3Y3hDTndRClptNXBOaGwxUWhMWWhzWUwyYVpZ
UlNFejJVSlFLc01UYTFQVmFnT0Y5bFEKLS0tIHNtUmlldWFYV01tN0pEb3JYMmMv
WlZFWi85NFVvRkFNWE1NcW5BQ2pOUDQKEEypjsAUVoIj9QIWnp6+nmplLer4rnoN
lvX1pwc06dn/XAzdAO31ACgS+0CdKfvTTF5tWL0u8rR/fIJjj6a3PA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNks1OVlaQlZZR3JoN2tq
L0lXbU40dU1LZThLNnBxMTlCR1EwOFNwa21RCm9tZUFYNDdzekNwT3lqRVlCSFhx
MWpheFZHWWlka3lZUlk1eDV3eU9XSEUKLS0tIGExSVBnenc5eG9uSFpEZEswYVdH
YUdCR1A2cEhMb3k2NFI5cjRjSVBKeHcKqfuNijzpjuX7icgvfhXWKaz0xtFwiAsQ
XcVn6lYxtVPcIF6BWAsoSzyVk+cW1pTVQMWh0MiRO8XUE6bk6NUj8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yahhqn2620300n20k68az5lr2u42wdgtjwysgqyr99a4cj52ay0qjw02pl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkFjelVCY2pJOHRmMGhD
T0NDRFk1ckt6S2gzYnZZb0hWRXBNM2JIckNNCmUzTDRYL3lLS0dWWUM0amdrNFBs
aUViNGZJWk1oMTJnSWhweHFyaERDbjQKLS0tIGxGeU5HYU5WYVVScGFhYmkxQzly
cm9lMk1qWW10Lzk0ZlBBTWZjYTAwQ2MKe6/argiRznfEcepnXrd/+Pw+euNBknDF
9VR4Vc5xsjD/Z3CRnK0IyPfaWoGch36J97GhQAbx3I1nMkN2/DpXVw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeE1xR3ZwVFRlR3dTREVD
L1BYa3lyTVlxV0dIT2s1eXdoS3ZZWENCOUVnCi9TMVJrWENyZmFIeEdNZHpUMGFa
WnJDZGlYeVFHc01wOFpjOENIWkpyQ1UKLS0tIGJPVXNtYVRWSjVPdTlBek9Idk1i
cS81bHBjTDVhT3g0eWVqb0lxK3g0WFUKDVMVhIt6FtHzO/Bxp62mOCapvg2zwR4t
mW1YpzojZr3rt7/su+Ck5M7vVD99pPRB4sVRpGZ+W60YvzJ7iWJ1UQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVXdXVVA1MjdCaG5lbytR
aHZjVFZ0WThjeVZicnd5Ym1vRlM0clV5am5VCkNoQ0xUSUVMejl4SDhQNFFOaC9p
b2JPYzhOQUphaCt1aCtZTjlqSVR1MmsKLS0tIDI4a0EyS0xta2xMOVUrdjIwam94
WE1YQ2JGZnBna3lCT1FTbTZNRzBxdmsKgSHp7c8TJNZeAeVLS8LYHLswLgyKBIpN
vHBrQQ0N9Mt48fah+bNIqgXOBGlyRZJNzKX9KIctOX5p/U3u8ybMaA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRklqS2s2djFrbVh1Z3or
OGIwcnFQT2Rqd1AzNlArWWpyeWdmeFRjZ3pvCldhc0tWKzAwWUFWTnJ4ci91U0ph
dDNiNmx6Yk9EVXhBTkVlN1JmU2pORFUKLS0tIDVnK1dGektxQllEdWF3MllNSjkv
dmFLaUZrLzFLai9KaE5HcU1OZWxKT00Kji+tv+tXIe3wRWZoxA2Qh8VmyfsKZ9eV
LxL3/jmNy6F0aDX4kJYBO6F/wzQt5jsTcmuHrAI6US8nHYiQtjp54g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l2tld2cttpkj4vpuh9hm4xjwq94rmf8vukjgvdzcvwwtze6k6s6qjf0s5r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQnRWK3o5d25XSGJvbkNH
YnZ1TVNvRGJmdUdCQUg1cldpMHBnYUIreVNNCmF0NDlWZmxpbDVDY3hNK29yM0pj
dC9YdEpsODA3bSszeWFNUjZDNXM3UlkKLS0tIFhVeUYyZEFiVlQrZ01qNFAvSk9B
cmZZc2RYYmdId2piSGNuWDdIWUNKM2MKQMip6L3O8xNx9hEfIPuLD7ySeCsJntgB
5vy7NJT5uBechSQgPoAQ4ilbgyAbSghPmfN3StwWdag5XBKXE9G7jA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUnVMcHVlS0l6M1dxRFo5
WmVJRnUxT3Y1eHJHUFZSVVJUQk9wUXAxYkZBCjF2OGlyYW5RZ0dva2V3b2RMT0Ew
bmFTYmQzdzdEQ3d0QS9ZOHc0NW4rM0EKLS0tIE5SaC9pRjREUGpEM1VuT2ZCSUxH
cDMwWUwybkdNMTFsQmt0dW9GTmpCZWMK9DLVZzlCqyFBhL1sxO3pBe09ymcFvut+
JRgeRZvCW2qiftLLe+MRBeqDtkZ9Axw66B8PHOuZLypzBLBZotPZ3A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZM2IyQWNTZEsrOE03SjRa
WW03cTRGVTRwaStkcnpmTThST2g4T1p4ckY4CnByMllaTnB5S09qaDJMR1ErRXR3
SXhaTU9WNHIxemltVUNsNzlXUUlvQVUKLS0tIHpIclRsUlY2VmsyK2VDQklQRnNi
ekxKWm94NTZ2L0d5bTdxWE9oUXB0azgKuuR0UwUTfgW6+5Bf0NecrvWoTvZO8JEv
ZdOFatQF6TEnNRURH4p5QfnROoGCdukZZqGo5LQFGpZATEFxEZfqFg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWXBRU3dCWm4xSko4Ym9V
WDM3c1p0OEJ3bkIvR0wzMi9PUnJDOFhQeVVzCm0vaFJiaWJWbGNsRXl1SEphVXo5
RWlZeE1Ga0Rka1kvQ2k3SXFuYzJ5ck0KLS0tIFowWXNtaWh3Y2NpUWlHZGpsVTJ3
T3lDSnFCNUhwOFhQdjBvVDJlcnE2S1EKJUxaE7NW0UkduN4sEKwl2X0Q+DVyLkyV
zFtLsfepX6LMFT5AXxaaUCnmPPq3y94FSEZn3F21xnNLrAUcyv/TFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNGtsZVRNc3JHd000aGxG
dkdsSFM2QVV5RzEzdUZjazNLODlHS29sRFNnCjJsK08rVGZqMWJVVXNkc0RwL2k5
SUJ1bUVrM3l6R3o1b2hYVjRkN1FybkkKLS0tIEUyQld4a1pQeVB0MXNnMWFpZE5u
Q1ZZUkZ0aDV1eXkzSzBxOWRPRnBWRFUKyP6UO4zftPBAGAamn+n7ZWoF63/CUzHC
U0DfCRVUlDQ5z2OPm9m7gTBYjraFLbQ/Z7Eg+Ramg3l3pHxpFjiZmQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcEtQOU8zVVNvQzRuVDlu
TVlBRnBKdFlSSXJCVHlOOVd5YVhnaXlJcVU0CmFhbmROUmRCdlR6cDZyMTdQSC9N
Z01Vd09qSWpnRE5vZm1sZUFuRjhOem8KLS0tIDY2V0pFWUpwcHUyYWVubGZFVWNX
SWt3OURIWDhSWlgrSktzWE1zdFI0cTQKU/lahLOisqiKam+A4wf+n9/EhzF61cX0
0GKt8sn7MWZBEwgDEW0vRkybweKK0E6DTGnlHCFi4iRnoHCHKdxreQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
- recipient: age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRTVzNk5EaVRpOFBjNXNu
QWZlMk5mb1N6Wmk3dTJ4ZDh6WXJQNC9yVWtNClVSTVRjYWxVSW9LMVMxei9veCtv
Zlk4TUIvcnZONzM2WjlURmlFM0g5QVUKLS0tIHFRN21US2JBUHNxTWFJRThUNmxF
NktPdTczZCs3RndtQldpZG5sdWx4c3cKcrHo/tFSzhTYsyhsCO4jZYPHTWL9n7gg
U72bT7Jj+TBDO0co8POMcObTG0cwYDtoWhttwIzK6+Ng4WfldrqfYg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQ09SRmpzQXRLelByMmRK
eU5SOWdYNWs4K1JyaURHTTF5MzFaZ1k2SGxJClBQbjZjRWluekRheng2YVA1Umto
b0RBeFhlbktGMWFtRWk3cDMrVUFpNzQKLS0tIElvS3M5ekkweEcwV0p3TTA1Qnhn
YXRoWVU3cHpnUm5nUmlpNXNBbHFBWVkK3HjjYpL60fU7n3d2OJZ2W2YHHuyX47rN
g0jqQ3WZ+f5mH28oLnkx1FWMvTc+D5WsTivMIL6gatHLS1KKwHR2fA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TjYyN3R1MGt0Sytjcmps
bjRHNSs3SHVxRUpmeDNsR2d0YVpPdGVGd2g4CjhWNDZ3ZlBVWE04M1hSS25NMlRr
NHN3Um1YemNEL0h1aG9yd0RYUnpZdlEKLS0tIGdGc0lMQ2Q1M0pIVmwyRTZkYXla
ZjFxRWZSVzNKeXNycHIwZ0RJWXBQOWMK+yx5gcXW4m9ovD9o0/QR4CjApn32tu8x
yzBZlzuDMcgnWj4NrmF1PgoWs7Bw9Axq6y6PZR2TKm39x5yANVmVjQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjS3grTFVsdXNHaFhXd3ZX
L05uQjZBV24yZmxyTytWZGFtOHRlcFN6ZVg4CnRQalMxbFliSlJPanZva3FKWk80
Z3VIY3pQTnBsZys0dWxYaEM0KysxYmsKLS0tIE9PMm9SVkVjenVsWDl2SWZMeUtq
SGpIN3g3cEJCVVpSSGVwMkFhTm9YV0kKi8vRWv5/vpsFI4cG4KSA2lEb8Dr7uk6b
7RXnNe7oFCYoKIydzeSrPmp7ZZZhU8oOzSP9uksypMbo0PK2gwgCwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOTA0VGlWNzVtYlhqcU5q
YkhEOVVCL0ZudVRJNDFKS2hucVJTSHpaOWwwCjRuWHJTUVR6V21rbVh6blNkbXQ5
eEdpK29BM1lxaytFZTBGKytVd0FaczQKLS0tIEhhTzVDQjVGWDZNK28rSHpIbkVr
RTlvU0crdkZqREg5RzJ6VGd3ZkhNYTQKwgos5WMuOfRs3z3dcy7ROx6n7Xj8HU6H
kq+d5A+RafCBOvjpJi3MfESwTuum+rzN7y8/uS1COCjcXr9TmJX3kQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNkQxa3lSRml0WHMzWHNh
NlhYQmtHaWZ4Qm50U2o4ZDQzY1hqK2lXOTNrCkJETCtnWEsyTmtndXU2Z28vR1Ux
Z1czR2lTa3lIS2xibUV4S1h3N0NYTEEKLS0tIEM3WVFDdHVUN2dmbjhBL1p0LzY1
TVFKVTNCSGl3aXluYzlXZUxRS3RYY1EK3oLbAGt0PRwAuqqFdvn/y9Gr2gThkAXg
jRB0zD6RF4UQm50w/U/3EocYAGQt0Qez2+oUCWehGAimyH34s9FgwA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNDc2Ulltd0xkQW9sa2FX
TGFDMEtQZTh2WTdZMVBmMG8rZkZlU3ZSVTBrCk5Mbk9KbXlaNlBxbGp0QWl6MFpu
OXV6L3N1bVEyd1Q3Y0RCTHphM0h5NncKLS0tIHp0S0FhRnpHbHg1M0RYRmtDMUpZ
Y3hHWUFFWjRZcG5QaW1BWElCNzlQd2cK8eDdLOgdTBW7XCp+8Mups15f+FX3Cqhu
bwrLVmjb3AucKo5p5hJP1HdmEFQ9IPI2XT3D0ZlYTd8vi21yK8u7MA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQ3RPTTJFTnhtekhSQlhs
QWtmTFNmaDh5dmZ6VGhnYlFqTXdLaXVWanhzCk8welNTeG1MZDF0SzJvelZxTElZ
ODJYLzJtMWc0ZmVCS2taVm9Ic0J3UFEKLS0tIHg0RzRtMU9jY3A0RDNSUHRMTUxV
SHU3LzNKVmg0Z1dsQlBlR3U5MjNpVmcKS0lHBTMy3iqyInpIamaz2gY+0dUWQkfU
212SUmDG6qhZQUhjxgutI/Vh96oJUPPyz7IhCNPqNkUb+x6uqmwzuA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJdzVydXJmMVBCdkRzbjFE
U3p0WXdueTJLek85aFdSTDNFZU1HdkhMYkMwCnZyeXMwMjZxenFFaTlVNzBCblo3
UHBQdG9GcllBdUdycU5jUVc3VTVsRkUKLS0tIElXSExyeHZENmltbTFOelZlRU1t
aEVhVUk0NHdmVDVxaVJrOWxId3dSN2sKTr12B8QO+7Xw4GVMGchCq3sAafwbLXhU
zWby495NwEPjyy7L/LPbQG3SVMcVRXw3H64jVfmWcXc2PZWBgXM93A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByazMwU0lhVzUvMXoyblF5
aTdISXQ3ZXFZMnhFTWdPNTJaRDdqdnpkdEVZClhicVhwNTR6eTV4bGJPcE5ucG5Z
SWpNQWd2RGtRcUx1T21Ec1FDdVJWekEKLS0tIEU1dDFHaUVaaWk5K0crdXVCNDZy
bE02THRmdHNUdDUzNHEwMUZ6c0w4cEkKyuN5cJI3z6tlQxKeZtsiqH8DC3E2Z6kR
f+xl6LWO4VzihjDMIUw6B9NTLZVGyOumZsLKiV1SiyIp0ZSwPONOCA==
-----END AGE ENCRYPTED FILE-----
- recipient: age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VVo5Z0N4b05GaERXcDAx
cjh4dElzNXlJQm1LQjlQU1Jza0ZsSVBwcEZrCjRmekE2ZlowejFxRjV2Z3Z1d2gx
QTdlamFuV3BHWERDR3NLNjNwZWl4aVEKLS0tIG5TaGpvZ2VndkY1RlpqU2xkK2Rw
WmxObGdJTnJQbURNVis2R3J2emFpNWMKKx4mt5CA98xRaDYNzq7kYVg6HAsUeodn
a5aFeszvjMvzkUFdkc5vPPRKehgcUDAAt5uIO33ifElucPRs73RWFA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsc0F6YkhCTkh4QVRMYkh5
MVNsbmZaM0czc2w1QXJvMXFLUGM1Y01ZUFEwCk5xZVR5b1JiOWtzL3dub2Nyd21H
SUFzVXBHU3Q4NjFZamc0YW5RR1J6aGMKLS0tIHkrY3dzOURFR3R3Nk5HaG45RVJs
UlBKL0VWZGRjWE1wV3FPbktkWE9YMFkKNj6rBosrnREzjGYSAJ+rbto+H/H8d4JN
frdT7xwicVWXbXdddwdnVShx5LyqBEZXCYEpjfZe92NnuHb93Wod3A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp9gsuyfu52exk0hr3fvj404v5njhahakzwlugwtneyrs4vgdyaq0sg92f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVODYwNFlpd1h4RSs1bExq
TFJFbTBuOWYzWGx0RTJ1andvbVRaUEUvdlFJCmt2U29oV2FsMzkvbi9aMjdNN1dD
Nmh2a3ZSdDZkTkh0cko2Zlp2M1ZvT3cKLS0tIGd0VHl3cmwyVnBXdnFEQXYwWk5i
N3h5YkZHWWI1UHVZODFzaU4vZzFQdG8K1i+EO7fqPg4nJk9fI2oKEQlD2IQlYP9W
cs1RL3UMR3LTIAk50pDb9fBPEYtmitw+klh1ToplF0ay1J2QJ+OmdQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYy9LL0owOVlVVVJ4NFZq
Um1GVUpZYmFUOU9VT2dnQkJSdkNKVEU2N1E0CnNXZFFrWDJEcW14WnBSblFrOENE
eG11eXdsQVoySm1Jc0Z6aFA3N3VFcjQKLS0tIGNOYk15czBiWldOK2ZMY09uTHUw
YmVaeEdkcDRlS0ZDMWUrZzVpTVhkeEUKpayxamzNQTp3TAVLb+IibPpqIizvTAkW
y9wzQRq1mB3B3TW4LCpE3Ld0WIEQv/5pXE5Qtz5HpLck226SFhDc6g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u6xeayzwfdj9l0mg3f4xvjd8e9nemz5psqavauvacjgp2nku95yqc4f29s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTG9jczhTZi9NbWZ3TXFS
Qm1hcWtKNThHMzIzWjQxSFhMdjFvYUtwNnpNCi9pQTdNc2FUc01uV2dtWW1UVlg1
T1VBbTdzT21vbzAxdlNaNW5wODBGd0UKLS0tIDNIOE5BZWlCam5Sd2JVNnpzZ2pY
Z3NOTDhsaFR4K0UyRHl6NExpUWRMd0kKvJ3mJqX7v7pnFVLfLorRKXRZRzrH5F9G
WaURzDzBdViUZ9GtBQyNWgfBIgqmzpQo1MYOI96AbhE4wICBHsng2g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUVV5aTFOdHIxT3U4a2l1
djIyb05Gc1VJQ0d6TGFvTXdDK29ITGRNSWx3CmVLeG5za21weDFMWm9WWUlzcVZ0
YmY2TDVTdk9yNFo4Q2pPU0t4TXVhTk0KLS0tIFN1bGtrWURIamUwWW9LUFdSQVVP
S2RaKzZ6TDFmbldoako2TzBaUFBFSlEKdIeae287NYngsVxv05EbznwfAYWTxSJU
8u0I7aMylnk7Sicu88bAWU4Xd3gF/F47U3UbFYnknh55eSd5LyWRNw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RUpMQ0s4UXMyOUJzclJ1
eGUzSVdvZzY3cFBPcHFDdlhTbTI2bDZPaGtZCkdMeXNBeXJDTmowY2l1eDErajdD
RFpYWmJFM1ZYajhIYWY1anFaNjhyWE0KLS0tIHQwY2dsSzE0elFRMG5qbEJLc2dy
M0xMWDFlV3lNRXNQeGJNNUZ6RThaZTAKCScgBGFndzjFJC5VhnmHQr9ZPlLJBnH1
JJDfHS6Y3AXcO6e+IiRLdtU1N6FvYf9kjN1tEoBPQitunm9Gks9Waw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQk5NbVdDT2JUYnhjK3VK
SmtuL1ZZNnlSblpHbFl5RUt0NjFNYmlPeDNZCmJJM3NROGVhY0NDcFNnMFVma3M5
cTlIZHhzSFlCM0pjRE0yLzY1dCtaMXMKLS0tIENySmhNVnAwNWRva0pvVkFhN3pw
N2swRzQxMElWUVZBQlRqUktNbkxEL0kKlKUqO0ieMlLU2GNrvuSrTusbehEjYJ0a
e9wxYEcoKVtr1W19kNVwoVjWUaueF7ecItHyiRaodrYfVIpDFJ5yGA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWGJUZHN5eTgydFRsUHpG
Z29mUFdwNzNhQXp5b3MyQkpqd2hRSmZuRFE4CmpXZnpCdnRKT2RXU3ZDMXozV2Iw
STJrVnM2WjFpWUR0dWJGNkFsWTg4cE0KLS0tIHJsR3h5S1R5UW56RFRNMUd3V2F5
YzFnbmo2QXZYaDNMY1plckt2WDl4U00KMo7wLgGtRI95LHBR2VlLvdKG5EZDq1L6
XgxdaQ6tB9+8RgAeFXA1Yj286clHW4wGa3iZ5kBOEUY/FVrwQPsf7Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UjZWdHBPeWlCMnMwOE4y
bFRXWU9MSFdPQjhyK2FCYm9DWWYzM0NpTENVCmxRS0dOakhhcDI3bmhTb2FNTWxD
cUJObmFib2kzMFdMazE4blJzSFhRTUUKLS0tIEx1WjF5THE0bEhaNEdzR3JsMzhQ
eVJOMFNIdk5KUVRwSE1xUVNHYVZWZDgKCJhl8dOgE6Pull6amCmJsa+fzNohZsqd
eDnDB7yIeTvsrUxPHBHdX3mVQZ7o7jyq/Mz2G0Z0mjFf/KC9WbWD5Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RExXbVJBeDBCYzdmUFpE
R1BXVit1YVNVTC9zcUZNY0NYVFFrNXZIN1JnCmVkNnJrazdaOEhvR1pUK1ZmVlVp
YzdRalhKcEJQY1ZMQVJYaEE4QTVYNUUKLS0tIDJEcjhGU3Z4djJ5YW9DVDJXbGcx
TEpRMTlkL1RvZXBsOHRlcWcrLzFWeG8KD80dS3HA+qgaqX9rdQ2mbLcglT5VHRFF
D6Rg2bLdQ33C0k/k6Jj2ZKmRC2DUts7AfrZCN9641yUtDoz8hQcTJw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMjZxU1MwQk1SYmszWEFh
dGsrdk5pMmY2R1doV2k3ZzBPTmtDT0ZkRGxBCm56RzBCZXhpYUErVkdwV0I2VjJF
Q3pVYUtzMmxESkxBOGNjazdGVFBwelkKLS0tIE91WEdYZlRYM2o3MHNvcC9waXcv
TTNsRFcvYnRqazczS3hGUnUvWWoxZVUK8oCPQbdrp93sYPB0PK1sA/e6Greuvk/B
38ogYGNE1bdNqCabsNsg4L6xygXd4aAbPf8D4ku6BgPPaDF/WFWjag==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTU50TDdyNXFYeEovbGJ5
UkpLaFdXOUJRcXJuMUdNRHc2VllHQkpYdmk0CjZXS3ZMYnRUa0xTY3JGMXFJaFk3
MnF5a0Jia0tWbWNZeG8ydlRMMUJQWU0KLS0tIFlzeGxNYVBFRXN6S3pla0FPQTAv
YWhlcnRXMENTaTRaY1pLRGtYTktETUkK0CiQKJaM+xs4mP2yZ8AzxPEyYzd0gNXD
UVX/GxFBdnwlMpA0J6QGPdrs4+LLXLM3A4qrDxZ87Een+wRU4zlTzA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-16T23:43:55Z"
mac: ENC[AES256_GCM,data:OAFdTBgFBtobgRR8WTQR+hfByJBeTM1t4gBxjBmcm9rClz2XgDuFQ/rDYRYEoAEKXoztCZhRqa82DSFsEZkaseaMOX6NeGlcsnXGKHzAmjRJrtEdYawpbH6i0o4r9kTBeMbjzCkP6NhxfjY6kvwMAgmUjzj7sQiSUgOLpeZt9tw=,iv:NTQuU4lN2LvvPKT/IpUQlycTaQayqgHEqFHUCWw4dME=,tag:VFfeht6E9xTL1+s7pt+hAQ==,type:str]
pgp:
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7zUOKwzpAE7ARAAjRLmlddqhMgDaJz6bZI28xRw4uhA+uO2k2y8Ov4twvEN
zuuqiO0G0c19nCUsoBgTJSiFCehR2quGkTvlxwD1+oWH7tLLoZ/tlSKGQkwB9zP0
bSL14tF1XGZd7RBprgpunNzkAVce/XXRxTRWLwJ2ClaW3dXOac0b5rH098bOxVpe
g1W1NmBnCKiraIK46k8YAJUIeOqULRhncbjYxa79D37TbDZ8d/ezfhdb6CxswVyr
Kffn5pM7xWPdNZsfStIXsjYs5gb+YOnnTMb3lH7AgV6vOyYMv80n5upaOh1hjadm
L43PAm7sNqIG6AD9m//VfIgLKPojbrvC+CXjB1Xv2dBHuhNDDvQty94a0GSdUoZU
1vSP3CiQcW1ACzoyo8NtFPOCy7NCk7lURTqegQZaBeyytB/jDXXSbnG83N1Q5yN+
D+JlTHrzPP3BkX5TdpclOGPjae7HpRpXQeyBGtkNAFv/kHhAgbb+a4st1K7oWOU+
58Yd/UNYPDF14wHLe144Mwm0hSv01HykKnELlcKAeFbqblszyxuNvnM6jHSZMnBh
0hT6hKgmQpvPawOeJKD5B4U1NOuKKKZU6ItSHvgClwQOX5g0Bxt4N67XXSu1v2vc
qr9argMaICXEO2DhbLccvzw5EXAX/SYamLT5vwPepaLHpiJ4MyA6T+QOCV+LLp7S
XgHJFH8vMILxVQpY1jJqsJpLoDPvfscLHiDobyt+bVV1CCU54s+8FrYlEZAmKl6N
a+HEE74MqoaWP9U6yd+KW90U6glXxHKtxnZTiq4icEJD40rJgG/qao+cvp7nnN4=
=CvPN
wcFMA7zUOKwzpAE7AQ//TJfvgrRgA3Dp/ijlDD7d29BeGimvV0FCel8YiWkUAyg0
PN4lW0cimNm0SoP5gIOrP3o5i6uC6/Cnd0L1/nbvLcwousC3gBI5RhyNFepzRHhx
8YsdXQ5JWUQMcNbA7gu/3JgPpRXOy2L6sRSRZYqX5pK9NSv3P62QP3vOftG391Ex
som2Ma6JxrV3SeJ5NhnXaQkOs6d7+c/kwJRNGfQjOaflmrAO5UHDPxlhQdH6jHQ4
SngIKvg5v3dpZeCLO1zjtbBdL8Qa1IksUr33nEYRm+1T1Jwb/Ds0jPGGJFk6rI7h
Ruum2QqJacnYjLXwEJ08tlZmumY2ru6bSras0ZtWej2GQ/mrrUrDwBVBuN9uqcGb
8vw+02D5/jifFKlxwzWkp48nTA2uf70cQiXDrXJgJW9rnmFcreQctPGV7mF/naBM
7D+0pKYudR83glYxGlPXvvABqPlkWZH753LFvzzrYgTa/FV5XdqCWvEDaoolNY0T
iqEfZ8aW/AKUzpRoRGbaVzPk5ktqZ3HzcDMuc/euPiL7wXZtHUhZO5Q7rtIG6Wip
B14Dpu3F43bk2VKqdCahLcPb3fUfLZdOxpE2KM5Lq5Dm/CBthnZUiBylgEkpjQp9
xnQPKjWcWUMq8n6ac1XtR2PkRXRNHsVSaVSQ1tMPtAff5FoE3BODXE58y5BsI0zS
UQFIS3N4GGPTq6C0XQ96uO2oBKKkqhdoSd6DGVq24pJPACc3c0fIfYNCneuqLbj3
Le/K0ph/7SEhKWItslYg3B8OBzGg3w/uVSikAcoNYNYbwA==
=97ou
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6j84+xkv3y7AQ/6AjsRIQAd23dh+WJZ95WU9085sDKCeXN3em1x5kJI2+0Y
6k0vfJdDOt54Ae8sO05w+jrQjflRyOuikpVp8vAVwIMFWyBSOxUBov3GFdX6qA1C
DvBv2UFsaRqzAAxAiaR+ahGVs6RooU5fXF8nWKII5QfIGDgMFD9hCgBCBBg7nNMD
oayUJ3NmEh1gxvLXFrEOrosvkdpEQZXS16yzeUoMMwKCOwtLOxnCOKltycb4J5Gm
PXs6/3+PUbEugy4WM3wgJMk7bd+XHfGlpRqrAdSDQwG9/iCXXwTHACctL2XmNAvM
djT8CLvENWgQqGDziCwcxHDQ3UEErKKiXflicHmELBbFinGBK86Cc5hQK7ZZPtDS
a+hcLvFvlSSlE4MQKYEMYC6Jflj08bvBztn/onQlwj0Bx2VXaC8dH0yH8HXFs2gC
rM/aC6+C8OKYnpk/v65qisA4XFrhbZaO2UZq4vFQQWXU/q7PZGtoumSodNg/xe7L
BVo2SoF1/oTcKYdZaqx0Nm3IFjHx1UvpNdKD72fA1iI6t/FVd/3MnJDNE9N3cPSw
KewL/dSVjbb3SEUH0H/yr9fLYTv93NrYsT6HeQg6sJLQP9fZg3In571rXITYbK+R
pEfhlqhe9P0Uaw6A4jEDbflg3iNdhVU/qCm7a3R01+nDk1jELmOkA8yCudE74V3S
XgGevF3sIBf9VI3X3Pwd9JunDzO/jtkGpp9JeEtkTqhuWrB6dstQm5kqp5o0wuqU
rfDXKA0QoVgFyLYyKYJ0nRozzl6A2tQ7mjGX9kx+hSFwxarUicPNX5dgn2npwu8=
=wBEc
wcFMA6j84+xkv3y7ARAAqOh5UZoVOb0ahU1QcC9HX2RITj/Vsgx5XZAulgyHdROw
6cu8TtMxg436MFm60DLU818MIZ28imEGmaEstr9Fkrd6UC4el0BtY+EhWrO4E2Lv
0AXuDx2SiSx8YR8aBd24TwtScU6d6NWMe/1a/Jfls2jnVN6Bp1cU0mmKyFbFAHbo
30dr9tuvEvvJaNzlHTZcrcEQ03nN0e70+4shQNRlpVNqJzTxZinPj1i43Lb9Myxl
JowBF0Tn6gQJ4Q0IE6E74cFPzkEPVTTZGI89ZoSDLcwfXDB7wbXZt6adPIQeY7m0
K8E7DbxAkTjmb4Geq2n3ljJ6pFzAEHsi1OflWRuJsokfrNvU8AP+rLSuLa2RIfRk
x5gA/OWELpC+Mg7wjxliexjvyAYucfzP6uTG95AxSvVYN6yVuJhHGZKnLG0Z2Aqi
f4bPzW+8LqHjRf2dZryJN1kHFkoLu89K6rIGpXSdsltkXLkp7bjMKxuS5Ui7aMzo
R6qiv6FLIZIudbjaeHetM+/3Es0N+vWiZDA+8LH7Mp/bO6cA9OLQ4Z/9Vy7NAKyM
QrXLoanIMvxFQMPpsxG7xTFPcGfMFY9EQCpNKRKBUpr0SmurSvDEcfK2Anv+Uyo0
y8REnMska6HI2t08ZvpTfB0uwtEiqxtHV6Bq63mjQAg391b3oG0v0YNeMIovRKnS
UQFPafkK6ADBOICosgr9u9vlSTk0IzWg0CnT3JvetUAvLcu0rSo0Qhsq2hRnLB+k
HNGyH6MX+CeJRLBHoE4eURVl3Tvf5b+Yox8F3x6j+PqYrw==
=gRFd
-----END PGP MESSAGE-----
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwMCBBrc/JA6ARAAvgyUH2LqXKOhsIopyJ5REIY8BvwoA6kZgLTIPesYKC3v
zAOfD5NxWyOX9ucokC/BVA/XZ3faNlQ/mLSmYysHrmZH/ONvF61r3iQjzJVy56oE
4gLqeU4J7hHJfFnzXamX5T4zxBRXMnQJpI6HF6lAHsmv2OCw3N8YxGU+x+VQjJWI
YDaaD3Gtuwu/jcPe93MtdFngY5TY6Leskq8J4uoN4EpoJ2igx9b12bsFf5DnlI0w
KiBk7U+RFkg2TyrN8djGGzb6Fh+LjccjFHpAkhzIlSAgsio+hercIzB/u8RmUhxn
gpif0AEC3qKsc+tHdLlP022aKabiNdSaj1yygHNMgBkq2dSBVCajv51PMcsawFpf
H2AHTZaOzs1/xr2FYgKikpJHcxj2766kDdAcnjm0YQAtmK4O0ELXbjDCArZ07XxE
PMIjm8+0GALyxhmIqGZsBWw0p1BPTxhQq7uulvh6bNLR/lFqdVf2bRMNIsAED7+P
C6/eBejqizNRnIbfHkTGG8Ny2eXai5llWxmaL0fqDJpYmg43VjWtRj4akiK3PyV+
IUvGL+B8neJjH25s/ZsVBYOUicfBdl6avt7/BWf8WpZilAHy1/WGAWz4w9qSRJHV
Ts0+Rq5VDW+lfBm7POrBvGufZ+hHpihAK/kzrhzsc/Zg3yeTzWR+hiLX20DQWTPS
lwEMipWujtdba4MNArDNmCbR3PO9UTGDoICHG6XFf4yevuGtpmJQ2rQguVxUwr/M
TqmC+46eubZMrATvuqfRfPo1tC6WoB8PhNOj1To9lffbdGX/QnwGy09G7yMTUmcs
UKaaUmNsmR56meIaOLhg1zMYcfZGj18oggrybjd9XAfQQF+LYv3E45QM2tFRkifx
fFC8NbI//7g=
=TmTc
wV4DqDJbhoEBo+ISAQdANKgSMX4+H+dTgQPQU/heGLLK/kFW4S4bjTWfDGaFwkow
L8K0GkjtgSMP3jhJ9q9ch7GhzriAPUqQsjqIiWiu5zCGndwcCraXaVrl5qzpk6cI
0lEBcMNP7fMNd+nC8BEOca2EVmlOI3BqsR50adoi7dqGqcZNkAmOHjShpPIO6eV6
CucESy2hoELxRY6yOsVEA56fcOQsLWwukzVSkxTrb9Zp13s=
=75Km
-----END PGP MESSAGE-----
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAwMCBBrc/JA6AQ/9FbEeBaPRH2KOr2PnVVBi+plAsXpxJ//11P46yMk5Nq5S
8FHi2HLyY305rcCy79TvnKAab4LXlrraAwQIQVmMLoYWqp+pzOT/L9wLtHzaR5Hb
xjSlpwpKwVpOg9bNJkKfyDmcNcUq51LMLUVffUFnNOOVFSeMXHYhV/17OfM4i4U7
lDCW8BOvJBJRNXsXvCmuSpQszlXU1cQGAKSFltjvMqQkoicfLPrHNvUdRmSD/qyV
p6q9gmtskp1KYqoXBoUjb9USFyrpnFDRnZUnMHsy5pB/DIHcWDhjduGhoGJnMloI
gOQIoEnN+8yHE0VgcrrtSUvi8pv8S0uXPlrG78EAifrBWfJGsn2cd39KwuX8neWH
vnze1wSxCMfGgwvmf7UHHL39ynIVnhMoSuz7s8AonPkmn7D0TuFkhLoFeks7sUzT
ulWXgR2PyU93vUUN+Kd2B2XMEFk+l/qXjDvOqojz7bBlZadHifGb2STYmONX6OEi
rvmBENcYIfkAKNs790+p1KwPEFbi5KsPmSl+BDJfyXgcoRoOeQuI3SVBKFntwfz2
R13m5NgcoJqkrBAM5UiLnym+LdPQlW8tNytx4Ysy5rz7ZvipFYLnZVx63DCANBYg
IFIEmwbtOjwMquvuBFraHPYfbOr5jvnCKuGVg6tTZHFJ0INT/hnr8JTfv6FlBRXS
UQGJS7R6GY5ih8rgAPu7lrAEQqpbAFwUS5iFaexP+6+py4XO7d/bQIRYfGDPo4Q4
IVuSStsWRluZ5EB3jXBJtcQ2DIb1TU6q8jtggcU3NeKOVQ==
=LMIi
-----END PGP MESSAGE-----
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ/8CkqnyJTj1gPqadRybPHA8A+5pgkZSyJKDJUcpcVv7ALX
PLbUkXvFa9eDoXsNbCvlORMpFiBZntcMp3e4L3uUu3iHUmLaAmsbMfYfNmi8ZabG
bdsD5MuCB9Oie1doQ6FpAmFT+F9+VMPUdvqNA2xHxRf6Jl1/uMNqZONtjA70NUdA
kd7T7yZB/t7Uv585qPLvDw7717Mc5uym0TRmf7EX4gtQeZTBjwoOufVCnCNzoOuf
D4dGISDRfCiz6iBr42kTa2uXu2fUAbIMJ295vt9VXSyP6rJZJny2niQ3gN+z23Sg
u915YLv894BwjuyoPeFY0QFpQ6dgxHJz5OYDsxaujmXDwfS0MkEg6+kJyx7X+VZ7
VsWjEf/GQm4agMlJPQ/DuwXwjgY0wpUw98DtwDqoeTw4zHhw3TBtbCXvPmhm+4AQ
sOLY/QKfh0p0yt7EC7/cpzN6OZLZhCx6QCgeOdf/OGp8OgU4vkLdSX6zY/05Pkph
maZKqmpZdWEcK7VE1v+ecZdTcKyqAbsULLn5MB6CGS48/5UzY7TN5haOgt9Ky10e
8J9k5O8iUpul+YxY9WpaqcWRPw0FkxwzAeFXg69DV9BLbXjIa9m6RqLhU6UB8GIp
29q/2KaVSZxmG2P4W+QmejvlY93ZPtch9o19Xj+5VwuzoE/eWkq6zC+Y4Pm+yJnS
XgEEqyBqT00BEsagN2Cvv5Sc/MINdiWeGWQ3pM6z1YS8DiXP99jrv+Vv4kBfHxM7
/hdB0YiINs58r9BNtCeR3n5LLmKBOiZGKYUFUmaKd7SP8vSRkvvlr/bmWXz9gLk=
=q8rV
wcFMA/YLzOYaRIJJARAAsJP1LaPktuk1nUNuXNhPydRxfCh/PQvOv9P37U148bRo
UlLJtxSCOHHsHXvRD0KIrnhyoLgWTjxzUctAmJgEH/g7uAUxZpwLVk6WGKB5/7jS
Tu9H9aBediJIipLJTj8DrC7A3OuNACUZeRZVe9XviR7Rl6jt+1t69o+57+cTSVxV
IcgNKanf2q9Zfxhnb/P6QsfrFHPnzbaSvtf8tUsGR7GLTLJ8C6GgJoSRQOIGJHp4
4PTPeu7rIMbWlU0E4YBa29l4thxDsgicq1jL9PmLi4xVACTozuBJ5TDeiIAxPsN0
K4d+dxHpYcX+5pBggJ3WWqpOmHIttcfJnmiY5cibNZdhRfQFovqstdtiDXxMLpIt
6hy/GJJNF7cGQ7/b/eVEcAnYbZEugV9fgaE+5x/9DFAwak3i+1PKkiBC58nyT7dD
qCXwWtog6ke6OPaJ5kYaDAe3HNJVJbcgjdhxyjrRy4YAXkqDU51GMZcFLI4/7qMK
fyRVT7YZ72obZhmJXnYKJOYxFB38BKL8/Pu+lAz0mtvFFy20xGLmuJbPEQr7Lid7
7IKxOzZHjftJ3DgvmE6fhjR2YQ0lb+Vjh8p3aXNgov+2/0lllcYFM9epfBV0+dDK
AnAWt5UfsxxANYUwVn8WQ7LC5NJMjq1yvD1zftG0ZiAGitQeTzYvuX0a2ySvU2PS
UQFVxqFMvUQ7m49j6UiRaT+YAAFFJYsTUgPNMVC3Mn4m+c5hI4fGSJrgx1v6l0Ry
Xu2JYNbR94eN2cyjVirmtEqY6okbVgDRSjI+08clSYa1XA==
=rBTq
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9qJIVK2WMV7AQ//S+VZAcT5oPuVI7xaTyvqKCJPQw5OQYH/ZIm7eGsRwcHM
WrPaYa/bNvgL36gByvMg6O/7vxdLKrP8V1Qwsz5SG8H61fioU3RWT6azzIbrw0sP
2Q97s3IoHumgV53dlsyOaE6ORQs9/1a2DwzOSbhTeQwbHjXwggpANqTDEeOT+XcN
hmYN6FcfWrKLzJzQrD6ZfUth27V++cSKmlJCzZwhg2ZR7UfiGnBiYw73O2NitV1X
J3RwRpYhiGf4BQ0ElERiXe7qcf04qRHjyi5oDP/w1fX7JZ6Po+Zha/9MBNynNGDH
a4SoN3hkNWioNNxnxdZHjT2pazadQnkMgPAShB6agazBrRf+/DoDQ2yDY+3UJK9F
Ejg1L3gQx/6EahpmWsI6RDU6eYant6MDQqQQ2m1Pto8Z1hPdEsUQVhlcghWMx0UP
x4yS2JageSOqDdLSzIlC0hY8UYneZKuTs1eeHTpZZlD9stS8U//0Qjjz7GOOMHuj
7ebUCqL/l806q5FxIEFU3f5IQXgL79UHvRUb044c7eiS2SH+UAiy6yt1lH3DxL/k
Hi5JSIKsKzdVBnrSHJ92AV8TzDOmcmBxnBXgIFTMCYTGHOZ4Au+r0WyMQIAiybY9
ltSUV0V1eIRpKIUxRYIrxwxrbwlX+uTXzar2umAeB0mSa3s91IieflF5GD4OuqLS
XgHvMEPPKDTMmJ/ZpWE7riM33n2aqh5jR8/9ItJL60Aq/R+HNukGYAYlvGsz+jTL
Bv6k5N0L32Hm2IY/OB3BBiXhXDZWkar6bOKOnQR7Ly7Xwj22QHPlHVTMGBT3aEU=
=n2LE
wcFMA9qJIVK2WMV7ARAAtRClrIzX3js9BDbrgrPQL7Xpkvj5GWd47vhw6zVscG21
Nss/i3xyN44Xz8IaK5swaPVyqFJtC79vFSSIxQDI4kIosNFxWcee0RdVF+tljqwl
WNAJIsxzYcTX2YyQbsilqlUzrtamMwc8chBYuZJZQmIcKAwQLqzra1TwWC9PHWT2
AiDankn7rAYFT2EFQjap+Va93ZckktCSWcuC5MdZ/HyG3Vgj+Vu+k0PyL4DxxSr7
oURRUyuNjQpycQrOTGIPN9O2MA10J3rYj1Gbfrqn4p6al3vKT5zWckrbAwRHBW/c
VnagBneF5bdAdwXCrq+pEhggghs5cXlOZlXrn59NqHPh1zOeAwCkWVgMLEBdn/j1
BnynOzh7Cf1T5ksJuf8bkL0cGxj5GfPcwpr32smM8WqlcIUk3gUBPh7uCTjRbhDz
6gxFv1gEO9MrFu7/yV5TV18JtJXXyXtN6qaBbfMEM6ZkYf5AqSP+QODoxaxcagWy
y9dqfBGNLjmi0JrwGIMmLdyOBF06rPmJOSB2M6XaZac5hPeanz6D9jCE6zkhBuVL
+vO41gXecbYPMDl6ok51L74zY8pnXRdIC6VLs2Y9GN1Yhavy0qkZy/3CrZ/IrcQv
fj2s3UABuQ8zEYOzteWk7ZLQ1WjDZHJibh/96IHaSSy4zHcVQqtPvRtKg+Rr+oTS
UQELH4mBQWoTcX5jr+XIoIvDXTNiSVnh1JU3aD6n5SyzHV8IESbg9+0KWgD+KyU5
cHhNISMyKNYkJ059lgUN1uzomXUQNng32b/AriYsqn7k9Q==
=KYMC
-----END PGP MESSAGE-----
fp: 53B26AEDC08246715E15504B236B6291555E8401
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9XEenRNYVGHARAAlPkTjQS0RP81hFeW4t64z8vW2Ie4h+RssfxoKLs0Ki6A
YhfYSuI4TJK5GZZnldCU0gXsdV2aeT/WAmnf+qh3s/p0SQ4MOi4/ArsBIJzpPxWB
fGFbZWMq9F2+GLj+IDG+yP2QsaVrJGoapMccqh+UtRX+xPra9Dt4YQw8KJ8+wTN9
X9i9fN4fzwK8miWTJrpm4abS1G6HPNjpAPgkNX3QRXuH920DnE9z3F8vavcMeOsN
ICZ03VA0gqH6zGJcULWXpSEmcDpmXTcQc2/noBnk4WbhacNmy306yGs+CUkm2Fl3
5JHOhrSqhkjzTVw/OBzGfKVVsn2nBvJVBhSqq/YDpAscxiqHARd0oFUVLzKxUFFo
fyFpo8JVl7PW6CiuLki9Imyw0ugqWBhSdJsvfR5YyhhTSAmL8Tl4aFUwD85ZOoKy
sH/2+6oZlmJi8eia2EMisF2NefQCzoRQCnu08+mho6wIAylFeshxB7KHneEb9lcj
mCuLKiDapzWcPxdeh5iKEN3GYMrZF0eCvi0MTZEIRAF8n8b0ntpC4vU4GC9rKfzB
sRFzRXn0EMfN4vER7cUUaCSGLiMt6ZHweZJdDvnqWokCuViv2tJCgTJmyXyRrkP1
bi696byd+R2vAMWeKvh5BCIaYCsP7V2jaMJxJNijogYoXUw9T+HkXJhoQPEM6hnS
XgHCCxHC1TuN8WH8azmsltl1ixXOHW5PTPLxibbNys2+0+SVLPmWBaHdo9t9XAqC
wOo0/X5oWv4pG72RUmwy9obiIX0Z38hIXUqxMHxRnkGcPqjKKdbEtwKFeV0ZRIg=
=n7V2
wcFMA9XEenRNYVGHAQ//aORJBdUUiYRVo0Vu6CxzCU36Xz6M8tqZW8jJ7cQ5fFc4
l8+sqKdoMprg7epXGcfhsRl/s4nUpZIEgbSL1sH2TiBRnTSO92ajLljTpN5J5lPP
HzqKR6K8r/CPAaP7ZNdGiF+kZIwJGYJrbsuI6xtphShTBGBomXsp72XOZmMaREYJ
fmMzLx2n5zXxHTd/DlCVt4qINbQyz0AtktyRWHUUUYiaYy3hGfkJlBm0E2nYu7/u
BnUR4Yp+L3780Ch9jQJWjp2/jatkHnTCiJB0IhlSyNfOYK2iWAeK4zktSJ7S60BF
f4Cqb/7f6hu4UUJR8G7UZZ4aTBxQAIFVPNvuEwxKBmcnl3PXDE/9SNTP7rcYN/jb
+L3QIrg9ww+eFEyPHuJnRixYdXyRMP20LaZH5gQ0ZRYEMAfPcUPJMEri5XPRdE1d
B4DWQAOpw7M+hbjWpUcuS76E3vEU+CsHxViQcbxAWulSgejzmzF2br5HokfFHAJB
QusZjqrZNpdo01b3JCI98qGdil+vTUjI+6oaClgx+IyA1Zjf4xcQqIK0zMSb25UM
aLpudR6+mVFnY/UpIZ+Diu9T/iofh8SBsqMxSEzTvMzOr7tCpS7XSPqVkTaqHJwe
hfUD5XFmW4mEKk1WawcOzxnVEpbHwbD3brubpgRGh5X4SRo7QgWfrkLgXMlV4V/S
UQFD/wzg/1gmF3iOuLm35QHcB6tg2I0Pr9tPgum4+mMz7CSeLDx+/owWKUxDGfRp
oXYIspMalqlb/J9a1pFZiPvSKHiDl3MHC51vEFnWpwkhMg==
=Vxi/
-----END PGP MESSAGE-----
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
- created_at: "2023-12-16T18:18:48Z"
- created_at: "2024-04-13T21:10:30Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA45bZkLXmBFpAQf+KmO4DoPw0h3lDnASi0/gwJQNqx5Vu1uPo4lrj9TdbdXB
94mNtbJYCgTnOrBMBDKpUWPR5NKHWdWTWKvyWTRi37BFgWWUUnkgqvFwSX8l/yMZ
BD7Oto6XVLQdjw6CjdwHV1aJLEVpKJwwy9UGnwT6Cbl9RSgJH6HDTbGeukh/PMnZ
48Sc31KVkBKwpr7yS4J6j28n2u5oFrHw0uzd42c26vIJCpANnqU0fXm3Aj9aOXj5
YC+mhYdyEiSUn8OaBRuk5I58E/3cMMNxCsuY2RPFgnMOW1Btijmd2yCproMqwxBy
8RrRJSfFSHuvYKRDjQA+EIfVfzv16P/FODCuxdZSIdJeASxBNpg4ALcCZs5NZp/X
67oPi0bMFgGIqWCk/ZFxMC/NTcXM2myj1IZ3jc6quLOYGtCZS6Cvo5RxKdsSRfo8
sip47UofEEoOZUP5xJDsEwv9IZKc7qa+UoJ+7lKb7Q==
=YZnJ
wcBMA45bZkLXmBFpAQf6Am+HdTbceo5UD+fomUqGwWGx62lfcC5OwRZfJaODr2C+
sLFTFAo+x7HupBOi5+WFcplJDqOgeGsfb9E8YELU3E31V7jJ9wjZrSlcfxfSScL6
5LOt6ognD4rJ8HUSUyUl4ZJhR3ZAJUHVQJwwBALW/apZZXCu0zSIuh/lFCFx+Rjy
8eJ92NXVpXw5gsOWT4PKW7BINhYOEquJ1hW8+sna3JYpQkAIwePCrBOZ2KKmG8wb
PboEM8fFSc6iUzTTypWq3gedJcZpCIXS12KFBIsU9Jw9ep799hg9lPPYM9JTqSXo
E/r28bkPXBI41ZmT3dsvONEMsrYMEq4pEcC5zoJL2dJRAWnJDJ0cB3tcpspFKHgV
FevuO8mi+HoP0uaCBQ3Tcq1fjurkbdcCQrIz/WGyV+x/poypBqqq+6N1jO3ytF7y
yJU1rmqjIv49MHTS3ygHdsst
=iRkw
-----END PGP MESSAGE-----
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
unencrypted_suffix: _unencrypted

4
modules/gitea-actions-registrar.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, lib, ... }:
let
cfg = config.services.gitea-actions;
in {
@ -6,7 +6,7 @@ in {
config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
wantedBy = [ "multi-user.target" ];
after =lib.optional config.services.gitea.enable "gitea.service";
after = lib.optional config.services.gitea.enable "gitea.service";
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
script = ''
set -euo pipefail

26
modules/gitea-actions-runner.nix
View File

@ -3,7 +3,7 @@ let
cfg = config.services.gitea-actions;
storeDeps = pkgs.buildEnv {
name = "store-deps";
paths = ((with pkgs; [
paths = (with pkgs; [
bash
cacert
coreutils
@ -16,7 +16,7 @@ let
nix
nodejs
openssh
]) ++ cfg.storeDependencies);
]) ++ cfg.storeDependencies;
};
in {
options = {
@ -69,7 +69,7 @@ in {
script = ''
set -eu -o pipefail
mkdir -p etc/nix
# Create an unpriveleged user that we can use also without the run-as-user.sh script
touch etc/passwd etc/group
groupid=$(cut -d: -f3 < <(getent group gitea-actions))
@ -77,36 +77,36 @@ in {
groupadd --prefix $(pwd) --gid "$groupid" gitea-actions
emptypassword='$y$j9T$dLJlazrLCVKcOQ/zmu60E1$bAkbdgDaiz7niknOCasvKW3Tjxeca6WA/1fNe4UpeeC'
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G gitea-actions gitea-actions
cat <<NIX_CONFIG > etc/nix/nix.conf
experimental-features = nix-command flakes
${cfg.additionalFlakeConfig}
NIX_CONFIG
cat <<NSSWITCH > etc/nsswitch.conf
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
NSSWITCH
# list the content as it will be imported into the container
tar -cv . | tar -tvf -
tar -cv . | podman import - gitea-runner-nix
'';
path = [
path = with pkgs; [
config.virtualisation.podman.package
pkgs.getent
pkgs.gnutar
pkgs.shadow
getent
gnutar
shadow
];
serviceConfig = {
@ -116,7 +116,7 @@ in {
RemainAfterExit = true;
};
};
users = {
groups.gitea-actions = { };
users.gitea-actions = {